if_spppsubr.c revision 42104
1/* 2 * Synchronous PPP/Cisco link level subroutines. 3 * Keepalive protocol implemented in both Cisco and PPP modes. 4 * 5 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 6 * Author: Serge Vakulenko, <vak@cronyx.ru> 7 * 8 * Heavily revamped to conform to RFC 1661. 9 * Copyright (C) 1997, Joerg Wunsch. 10 * 11 * This software is distributed with NO WARRANTIES, not even the implied 12 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 13 * 14 * Authors grant any other persons or organisations permission to use 15 * or modify this software as long as this message is kept with the software, 16 * all derivative works or modified versions. 17 * 18 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 19 * 20 * $Id: if_spppsubr.c,v 1.51 1998/12/26 13:14:45 phk Exp $ 21 */ 22 23#include <sys/param.h> 24 25#if defined(__FreeBSD__) && __FreeBSD__ >= 3 26#include "opt_inet.h" 27#include "opt_ipx.h" 28#endif 29 30#ifdef NetBSD1_3 31# if NetBSD1_3 > 6 32# include "opt_inet.h" 33# include "opt_iso.h" 34# endif 35#endif 36 37#include <sys/systm.h> 38#include <sys/kernel.h> 39#include <sys/sockio.h> 40#include <sys/socket.h> 41#include <sys/syslog.h> 42#if defined(__FreeBSD__) && __FreeBSD__ >= 3 43#include <machine/random.h> 44#endif 45#include <sys/malloc.h> 46#include <sys/mbuf.h> 47 48#if defined (__OpenBSD__) 49#include <sys/md5k.h> 50#else 51#include <sys/md5.h> 52#endif 53 54#include <net/if.h> 55#include <net/netisr.h> 56#include <net/if_types.h> 57#include <net/route.h> 58 59#if defined(__FreeBSD__) && __FreeBSD__ >= 3 60#include <machine/random.h> 61#endif 62#if defined (__NetBSD__) || defined (__OpenBSD__) 63#include <machine/cpu.h> /* XXX for softnet */ 64#endif 65 66#include <machine/stdarg.h> 67 68#ifdef INET 69#include <netinet/in.h> 70#include <netinet/in_systm.h> 71#include <netinet/in_var.h> 72#include <netinet/ip.h> 73#include <netinet/tcp.h> 74# if defined (__FreeBSD__) || defined (__OpenBSD__) 75# include <netinet/if_ether.h> 76# else 77# include <net/ethertypes.h> 78# endif 79#else 80# error Huh? sppp without INET? 81#endif 82 83#ifdef IPX 84#include <netipx/ipx.h> 85#include <netipx/ipx_if.h> 86#endif 87 88#ifdef NS 89#include <netns/ns.h> 90#include <netns/ns_if.h> 91#endif 92 93#ifdef ISO 94#include <netiso/argo_debug.h> 95#include <netiso/iso.h> 96#include <netiso/iso_var.h> 97#include <netiso/iso_snpac.h> 98#endif 99 100#include <net/if_sppp.h> 101 102#if defined(__FreeBSD__) && __FreeBSD__ >= 3 103# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg, handle) 104# define TIMEOUT(fun, arg1, arg2, handle) handle = timeout(fun, arg1, arg2) 105# define IOCTL_CMD_T u_long 106#else 107# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg) 108# define TIMEOUT(fun, arg1, arg2, handle) timeout(fun, arg1, arg2) 109# define IOCTL_CMD_T int 110#endif 111 112#define MAXALIVECNT 3 /* max. alive packets */ 113 114/* 115 * Interface flags that can be set in an ifconfig command. 116 * 117 * Setting link0 will make the link passive, i.e. it will be marked 118 * as being administrative openable, but won't be opened to begin 119 * with. Incoming calls will be answered, or subsequent calls with 120 * -link1 will cause the administrative open of the LCP layer. 121 * 122 * Setting link1 will cause the link to auto-dial only as packets 123 * arrive to be sent. 124 * 125 * Setting IFF_DEBUG will syslog the option negotiation and state 126 * transitions at level kern.debug. Note: all logs consistently look 127 * like 128 * 129 * <if-name><unit>: <proto-name> <additional info...> 130 * 131 * with <if-name><unit> being something like "bppp0", and <proto-name> 132 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 133 */ 134 135#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 136#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 137 138#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 139#define PPP_UI 0x03 /* Unnumbered Information */ 140#define PPP_IP 0x0021 /* Internet Protocol */ 141#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 142#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 143#define PPP_IPX 0x002b /* Novell IPX Protocol */ 144#define PPP_LCP 0xc021 /* Link Control Protocol */ 145#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 146#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 147#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 148 149#define CONF_REQ 1 /* PPP configure request */ 150#define CONF_ACK 2 /* PPP configure acknowledge */ 151#define CONF_NAK 3 /* PPP configure negative ack */ 152#define CONF_REJ 4 /* PPP configure reject */ 153#define TERM_REQ 5 /* PPP terminate request */ 154#define TERM_ACK 6 /* PPP terminate acknowledge */ 155#define CODE_REJ 7 /* PPP code reject */ 156#define PROTO_REJ 8 /* PPP protocol reject */ 157#define ECHO_REQ 9 /* PPP echo request */ 158#define ECHO_REPLY 10 /* PPP echo reply */ 159#define DISC_REQ 11 /* PPP discard request */ 160 161#define LCP_OPT_MRU 1 /* maximum receive unit */ 162#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 163#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 164#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 165#define LCP_OPT_MAGIC 5 /* magic number */ 166#define LCP_OPT_RESERVED 6 /* reserved */ 167#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 168#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 169 170#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 171#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 172#define IPCP_OPT_ADDRESS 3 /* local IP address */ 173 174#define PAP_REQ 1 /* PAP name/password request */ 175#define PAP_ACK 2 /* PAP acknowledge */ 176#define PAP_NAK 3 /* PAP fail */ 177 178#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 179#define CHAP_RESPONSE 2 /* CHAP challenge response */ 180#define CHAP_SUCCESS 3 /* CHAP response ok */ 181#define CHAP_FAILURE 4 /* CHAP response failed */ 182 183#define CHAP_MD5 5 /* hash algorithm - MD5 */ 184 185#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 186#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 187#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 188#define CISCO_ADDR_REQ 0 /* Cisco address request */ 189#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 190#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 191 192/* states are named and numbered according to RFC 1661 */ 193#define STATE_INITIAL 0 194#define STATE_STARTING 1 195#define STATE_CLOSED 2 196#define STATE_STOPPED 3 197#define STATE_CLOSING 4 198#define STATE_STOPPING 5 199#define STATE_REQ_SENT 6 200#define STATE_ACK_RCVD 7 201#define STATE_ACK_SENT 8 202#define STATE_OPENED 9 203 204struct ppp_header { 205 u_char address; 206 u_char control; 207 u_short protocol; 208}; 209#define PPP_HEADER_LEN sizeof (struct ppp_header) 210 211struct lcp_header { 212 u_char type; 213 u_char ident; 214 u_short len; 215}; 216#define LCP_HEADER_LEN sizeof (struct lcp_header) 217 218struct cisco_packet { 219 u_long type; 220 u_long par1; 221 u_long par2; 222 u_short rel; 223 u_short time0; 224 u_short time1; 225}; 226#define CISCO_PACKET_LEN 18 227 228/* 229 * We follow the spelling and capitalization of RFC 1661 here, to make 230 * it easier comparing with the standard. Please refer to this RFC in 231 * case you can't make sense out of these abbreviation; it will also 232 * explain the semantics related to the various events and actions. 233 */ 234struct cp { 235 u_short proto; /* PPP control protocol number */ 236 u_char protoidx; /* index into state table in struct sppp */ 237 u_char flags; 238#define CP_LCP 0x01 /* this is the LCP */ 239#define CP_AUTH 0x02 /* this is an authentication protocol */ 240#define CP_NCP 0x04 /* this is a NCP */ 241#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 242 const char *name; /* name of this control protocol */ 243 /* event handlers */ 244 void (*Up)(struct sppp *sp); 245 void (*Down)(struct sppp *sp); 246 void (*Open)(struct sppp *sp); 247 void (*Close)(struct sppp *sp); 248 void (*TO)(void *sp); 249 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 250 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 251 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 252 /* actions */ 253 void (*tlu)(struct sppp *sp); 254 void (*tld)(struct sppp *sp); 255 void (*tls)(struct sppp *sp); 256 void (*tlf)(struct sppp *sp); 257 void (*scr)(struct sppp *sp); 258}; 259 260static struct sppp *spppq; 261#if defined(__FreeBSD__) && __FreeBSD__ >= 3 262static struct callout_handle keepalive_ch; 263#endif 264 265#if defined(__FreeBSD__) && __FreeBSD__ >= 3 266#define SPP_FMT "%s%d: " 267#define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 268#else 269#define SPP_FMT "%s: " 270#define SPP_ARGS(ifp) (ifp)->if_xname 271#endif 272 273/* 274 * The following disgusting hack gets around the problem that IP TOS 275 * can't be set yet. We want to put "interactive" traffic on a high 276 * priority queue. To decide if traffic is interactive, we check that 277 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 278 * 279 * XXX is this really still necessary? - joerg - 280 */ 281static u_short interactive_ports[8] = { 282 0, 513, 0, 0, 283 0, 21, 0, 23, 284}; 285#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 286 287/* almost every function needs these */ 288#define STDDCL \ 289 struct ifnet *ifp = &sp->pp_if; \ 290 int debug = ifp->if_flags & IFF_DEBUG 291 292static int sppp_output(struct ifnet *ifp, struct mbuf *m, 293 struct sockaddr *dst, struct rtentry *rt); 294 295static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 296static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 297 298static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 299 struct mbuf *m); 300static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 301 u_char ident, u_short len, void *data); 302/* static void sppp_cp_timeout(void *arg); */ 303static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 304 int newstate); 305static void sppp_auth_send(const struct cp *cp, 306 struct sppp *sp, unsigned int type, unsigned int id, 307 ...); 308 309static void sppp_up_event(const struct cp *cp, struct sppp *sp); 310static void sppp_down_event(const struct cp *cp, struct sppp *sp); 311static void sppp_open_event(const struct cp *cp, struct sppp *sp); 312static void sppp_close_event(const struct cp *cp, struct sppp *sp); 313static void sppp_to_event(const struct cp *cp, struct sppp *sp); 314 315static void sppp_null(struct sppp *sp); 316 317static void sppp_lcp_init(struct sppp *sp); 318static void sppp_lcp_up(struct sppp *sp); 319static void sppp_lcp_down(struct sppp *sp); 320static void sppp_lcp_open(struct sppp *sp); 321static void sppp_lcp_close(struct sppp *sp); 322static void sppp_lcp_TO(void *sp); 323static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 324static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 325static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 326static void sppp_lcp_tlu(struct sppp *sp); 327static void sppp_lcp_tld(struct sppp *sp); 328static void sppp_lcp_tls(struct sppp *sp); 329static void sppp_lcp_tlf(struct sppp *sp); 330static void sppp_lcp_scr(struct sppp *sp); 331static void sppp_lcp_check_and_close(struct sppp *sp); 332static int sppp_ncp_check(struct sppp *sp); 333 334static void sppp_ipcp_init(struct sppp *sp); 335static void sppp_ipcp_up(struct sppp *sp); 336static void sppp_ipcp_down(struct sppp *sp); 337static void sppp_ipcp_open(struct sppp *sp); 338static void sppp_ipcp_close(struct sppp *sp); 339static void sppp_ipcp_TO(void *sp); 340static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 341static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 342static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 343static void sppp_ipcp_tlu(struct sppp *sp); 344static void sppp_ipcp_tld(struct sppp *sp); 345static void sppp_ipcp_tls(struct sppp *sp); 346static void sppp_ipcp_tlf(struct sppp *sp); 347static void sppp_ipcp_scr(struct sppp *sp); 348 349static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 350static void sppp_pap_init(struct sppp *sp); 351static void sppp_pap_open(struct sppp *sp); 352static void sppp_pap_close(struct sppp *sp); 353static void sppp_pap_TO(void *sp); 354static void sppp_pap_my_TO(void *sp); 355static void sppp_pap_tlu(struct sppp *sp); 356static void sppp_pap_tld(struct sppp *sp); 357static void sppp_pap_scr(struct sppp *sp); 358 359static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 360static void sppp_chap_init(struct sppp *sp); 361static void sppp_chap_open(struct sppp *sp); 362static void sppp_chap_close(struct sppp *sp); 363static void sppp_chap_TO(void *sp); 364static void sppp_chap_tlu(struct sppp *sp); 365static void sppp_chap_tld(struct sppp *sp); 366static void sppp_chap_scr(struct sppp *sp); 367 368static const char *sppp_auth_type_name(u_short proto, u_char type); 369static const char *sppp_cp_type_name(u_char type); 370static const char *sppp_dotted_quad(u_long addr); 371static const char *sppp_ipcp_opt_name(u_char opt); 372static const char *sppp_lcp_opt_name(u_char opt); 373static const char *sppp_phase_name(enum ppp_phase phase); 374static const char *sppp_proto_name(u_short proto); 375static const char *sppp_state_name(int state); 376static int sppp_params(struct sppp *sp, u_long cmd, void *data); 377static int sppp_strnlen(u_char *p, int max); 378static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 379 u_long *srcmask); 380static void sppp_keepalive(void *dummy); 381static void sppp_phase_network(struct sppp *sp); 382static void sppp_print_bytes(const u_char *p, u_short len); 383static void sppp_print_string(const char *p, u_short len); 384static void sppp_qflush(struct ifqueue *ifq); 385static void sppp_set_ip_addr(struct sppp *sp, u_long src); 386 387/* our control protocol descriptors */ 388static const struct cp lcp = { 389 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 390 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 391 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 392 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 393 sppp_lcp_scr 394}; 395 396static const struct cp ipcp = { 397 PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp", 398 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 399 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 400 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 401 sppp_ipcp_scr 402}; 403 404static const struct cp pap = { 405 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 406 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 407 sppp_pap_TO, 0, 0, 0, 408 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 409 sppp_pap_scr 410}; 411 412static const struct cp chap = { 413 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 414 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 415 sppp_chap_TO, 0, 0, 0, 416 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 417 sppp_chap_scr 418}; 419 420static const struct cp *cps[IDX_COUNT] = { 421 &lcp, /* IDX_LCP */ 422 &ipcp, /* IDX_IPCP */ 423 &pap, /* IDX_PAP */ 424 &chap, /* IDX_CHAP */ 425}; 426 427 428/* 429 * Exported functions, comprising our interface to the lower layer. 430 */ 431 432/* 433 * Process the received packet. 434 */ 435void 436sppp_input(struct ifnet *ifp, struct mbuf *m) 437{ 438 struct ppp_header *h; 439 struct ifqueue *inq = 0; 440 int s; 441 struct sppp *sp = (struct sppp *)ifp; 442 int debug = ifp->if_flags & IFF_DEBUG; 443 444 if (ifp->if_flags & IFF_UP) 445 /* Count received bytes, add FCS and one flag */ 446 ifp->if_ibytes += m->m_pkthdr.len + 3; 447 448 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 449 /* Too small packet, drop it. */ 450 if (debug) 451 log(LOG_DEBUG, 452 SPP_FMT "input packet is too small, %d bytes\n", 453 SPP_ARGS(ifp), m->m_pkthdr.len); 454 drop: 455 ++ifp->if_ierrors; 456 ++ifp->if_iqdrops; 457 m_freem (m); 458 return; 459 } 460 461 /* Get PPP header. */ 462 h = mtod (m, struct ppp_header*); 463 m_adj (m, PPP_HEADER_LEN); 464 465 switch (h->address) { 466 case PPP_ALLSTATIONS: 467 if (h->control != PPP_UI) 468 goto invalid; 469 if (sp->pp_flags & PP_CISCO) { 470 if (debug) 471 log(LOG_DEBUG, 472 SPP_FMT "PPP packet in Cisco mode " 473 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 474 SPP_ARGS(ifp), 475 h->address, h->control, ntohs(h->protocol)); 476 goto drop; 477 } 478 switch (ntohs (h->protocol)) { 479 default: 480 if (sp->state[IDX_LCP] == STATE_OPENED) 481 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 482 ++sp->pp_seq, m->m_pkthdr.len + 2, 483 &h->protocol); 484 if (debug) 485 log(LOG_DEBUG, 486 SPP_FMT "invalid input protocol " 487 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 488 SPP_ARGS(ifp), 489 h->address, h->control, ntohs(h->protocol)); 490 ++ifp->if_noproto; 491 goto drop; 492 case PPP_LCP: 493 sppp_cp_input(&lcp, sp, m); 494 m_freem (m); 495 return; 496 case PPP_PAP: 497 if (sp->pp_phase >= PHASE_AUTHENTICATE) 498 sppp_pap_input(sp, m); 499 m_freem (m); 500 return; 501 case PPP_CHAP: 502 if (sp->pp_phase >= PHASE_AUTHENTICATE) 503 sppp_chap_input(sp, m); 504 m_freem (m); 505 return; 506#ifdef INET 507 case PPP_IPCP: 508 if (sp->pp_phase == PHASE_NETWORK) 509 sppp_cp_input(&ipcp, sp, m); 510 m_freem (m); 511 return; 512 case PPP_IP: 513 if (sp->state[IDX_IPCP] == STATE_OPENED) { 514 schednetisr (NETISR_IP); 515 inq = &ipintrq; 516 } 517 break; 518#endif 519#ifdef IPX 520 case PPP_IPX: 521 /* IPX IPXCP not implemented yet */ 522 if (sp->pp_phase == PHASE_NETWORK) { 523 schednetisr (NETISR_IPX); 524 inq = &ipxintrq; 525 } 526 break; 527#endif 528#ifdef NS 529 case PPP_XNS: 530 /* XNS IDPCP not implemented yet */ 531 if (sp->pp_phase == PHASE_NETWORK) { 532 schednetisr (NETISR_NS); 533 inq = &nsintrq; 534 } 535 break; 536#endif 537#ifdef ISO 538 case PPP_ISO: 539 /* OSI NLCP not implemented yet */ 540 if (sp->pp_phase == PHASE_NETWORK) { 541 schednetisr (NETISR_ISO); 542 inq = &clnlintrq; 543 } 544 break; 545#endif 546 } 547 break; 548 case CISCO_MULTICAST: 549 case CISCO_UNICAST: 550 /* Don't check the control field here (RFC 1547). */ 551 if (! (sp->pp_flags & PP_CISCO)) { 552 if (debug) 553 log(LOG_DEBUG, 554 SPP_FMT "Cisco packet in PPP mode " 555 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 556 SPP_ARGS(ifp), 557 h->address, h->control, ntohs(h->protocol)); 558 goto drop; 559 } 560 switch (ntohs (h->protocol)) { 561 default: 562 ++ifp->if_noproto; 563 goto invalid; 564 case CISCO_KEEPALIVE: 565 sppp_cisco_input ((struct sppp*) ifp, m); 566 m_freem (m); 567 return; 568#ifdef INET 569 case ETHERTYPE_IP: 570 schednetisr (NETISR_IP); 571 inq = &ipintrq; 572 break; 573#endif 574#ifdef IPX 575 case ETHERTYPE_IPX: 576 schednetisr (NETISR_IPX); 577 inq = &ipxintrq; 578 break; 579#endif 580#ifdef NS 581 case ETHERTYPE_NS: 582 schednetisr (NETISR_NS); 583 inq = &nsintrq; 584 break; 585#endif 586 } 587 break; 588 default: /* Invalid PPP packet. */ 589 invalid: 590 if (debug) 591 log(LOG_DEBUG, 592 SPP_FMT "invalid input packet " 593 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 594 SPP_ARGS(ifp), 595 h->address, h->control, ntohs(h->protocol)); 596 goto drop; 597 } 598 599 if (! (ifp->if_flags & IFF_UP) || ! inq) 600 goto drop; 601 602 /* Check queue. */ 603 s = splimp(); 604 if (IF_QFULL (inq)) { 605 /* Queue overflow. */ 606 IF_DROP(inq); 607 splx(s); 608 if (debug) 609 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 610 SPP_ARGS(ifp)); 611 goto drop; 612 } 613 IF_ENQUEUE(inq, m); 614 splx(s); 615} 616 617/* 618 * Enqueue transmit packet. 619 */ 620static int 621sppp_output(struct ifnet *ifp, struct mbuf *m, 622 struct sockaddr *dst, struct rtentry *rt) 623{ 624 struct sppp *sp = (struct sppp*) ifp; 625 struct ppp_header *h; 626 struct ifqueue *ifq; 627 int s, rv = 0; 628 int debug = ifp->if_flags & IFF_DEBUG; 629 630 s = splimp(); 631 632 if ((ifp->if_flags & IFF_UP) == 0 || 633 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 634 m_freem (m); 635 splx (s); 636 return (ENETDOWN); 637 } 638 639 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 640 /* 641 * Interface is not yet running, but auto-dial. Need 642 * to start LCP for it. 643 */ 644 ifp->if_flags |= IFF_RUNNING; 645 splx(s); 646 lcp.Open(sp); 647 s = splimp(); 648 } 649 650 ifq = &ifp->if_snd; 651#ifdef INET 652 if (dst->sa_family == AF_INET) { 653 /* XXX Check mbuf length here? */ 654 struct ip *ip = mtod (m, struct ip*); 655 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 656 657 /* 658 * When using dynamic local IP address assignment by using 659 * 0.0.0.0 as a local address, the first TCP session will 660 * not connect because the local TCP checksum is computed 661 * using 0.0.0.0 which will later become our real IP address 662 * so the TCP checksum computed at the remote end will 663 * become invalid. So we 664 * - don't let packets with src ip addr 0 thru 665 * - we flag TCP packets with src ip 0 as an error 666 */ 667 668 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 669 { 670 m_freem(m); 671 splx(s); 672 if(ip->ip_p == IPPROTO_TCP) 673 return(EADDRNOTAVAIL); 674 else 675 return(0); 676 } 677 678 /* 679 * Put low delay, telnet, rlogin and ftp control packets 680 * in front of the queue. 681 */ 682 if (IF_QFULL (&sp->pp_fastq)) 683 ; 684 else if (ip->ip_tos & IPTOS_LOWDELAY) 685 ifq = &sp->pp_fastq; 686 else if (m->m_len < sizeof *ip + sizeof *tcp) 687 ; 688 else if (ip->ip_p != IPPROTO_TCP) 689 ; 690 else if (INTERACTIVE (ntohs (tcp->th_sport))) 691 ifq = &sp->pp_fastq; 692 else if (INTERACTIVE (ntohs (tcp->th_dport))) 693 ifq = &sp->pp_fastq; 694 } 695#endif 696 697 /* 698 * Prepend general data packet PPP header. For now, IP only. 699 */ 700 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 701 if (! m) { 702 if (debug) 703 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 704 SPP_ARGS(ifp)); 705 ++ifp->if_oerrors; 706 splx (s); 707 return (ENOBUFS); 708 } 709 /* 710 * May want to check size of packet 711 * (albeit due to the implementation it's always enough) 712 */ 713 h = mtod (m, struct ppp_header*); 714 if (sp->pp_flags & PP_CISCO) { 715 h->address = CISCO_UNICAST; /* unicast address */ 716 h->control = 0; 717 } else { 718 h->address = PPP_ALLSTATIONS; /* broadcast address */ 719 h->control = PPP_UI; /* Unnumbered Info */ 720 } 721 722 switch (dst->sa_family) { 723#ifdef INET 724 case AF_INET: /* Internet Protocol */ 725 if (sp->pp_flags & PP_CISCO) 726 h->protocol = htons (ETHERTYPE_IP); 727 else { 728 /* 729 * Don't choke with an ENETDOWN early. It's 730 * possible that we just started dialing out, 731 * so don't drop the packet immediately. If 732 * we notice that we run out of buffer space 733 * below, we will however remember that we are 734 * not ready to carry IP packets, and return 735 * ENETDOWN, as opposed to ENOBUFS. 736 */ 737 h->protocol = htons(PPP_IP); 738 if (sp->state[IDX_IPCP] != STATE_OPENED) 739 rv = ENETDOWN; 740 } 741 break; 742#endif 743#ifdef NS 744 case AF_NS: /* Xerox NS Protocol */ 745 h->protocol = htons ((sp->pp_flags & PP_CISCO) ? 746 ETHERTYPE_NS : PPP_XNS); 747 break; 748#endif 749#ifdef IPX 750 case AF_IPX: /* Novell IPX Protocol */ 751 h->protocol = htons ((sp->pp_flags & PP_CISCO) ? 752 ETHERTYPE_IPX : PPP_IPX); 753 break; 754#endif 755#ifdef ISO 756 case AF_ISO: /* ISO OSI Protocol */ 757 if (sp->pp_flags & PP_CISCO) 758 goto nosupport; 759 h->protocol = htons (PPP_ISO); 760 break; 761nosupport: 762#endif 763 default: 764 m_freem (m); 765 ++ifp->if_oerrors; 766 splx (s); 767 return (EAFNOSUPPORT); 768 } 769 770 /* 771 * Queue message on interface, and start output if interface 772 * not yet active. 773 */ 774 if (IF_QFULL (ifq)) { 775 IF_DROP (&ifp->if_snd); 776 m_freem (m); 777 ++ifp->if_oerrors; 778 splx (s); 779 return (rv? rv: ENOBUFS); 780 } 781 IF_ENQUEUE (ifq, m); 782 if (! (ifp->if_flags & IFF_OACTIVE)) 783 (*ifp->if_start) (ifp); 784 785 /* 786 * Count output packets and bytes. 787 * The packet length includes header, FCS and 1 flag, 788 * according to RFC 1333. 789 */ 790 ifp->if_obytes += m->m_pkthdr.len + 3; 791 splx (s); 792 return (0); 793} 794 795void 796sppp_attach(struct ifnet *ifp) 797{ 798 struct sppp *sp = (struct sppp*) ifp; 799 800 /* Initialize keepalive handler. */ 801 if (! spppq) 802 TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 803 804 /* Insert new entry into the keepalive list. */ 805 sp->pp_next = spppq; 806 spppq = sp; 807 808 sp->pp_if.if_mtu = PP_MTU; 809 sp->pp_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 810 sp->pp_if.if_type = IFT_PPP; 811 sp->pp_if.if_output = sppp_output; 812#if 0 813 sp->pp_flags = PP_KEEPALIVE; 814#endif 815 sp->pp_fastq.ifq_maxlen = 32; 816 sp->pp_cpq.ifq_maxlen = 20; 817 sp->pp_loopcnt = 0; 818 sp->pp_alivecnt = 0; 819 sp->pp_seq = 0; 820 sp->pp_rseq = 0; 821 sp->pp_phase = PHASE_DEAD; 822 sp->pp_up = lcp.Up; 823 sp->pp_down = lcp.Down; 824 825 sppp_lcp_init(sp); 826 sppp_ipcp_init(sp); 827 sppp_pap_init(sp); 828 sppp_chap_init(sp); 829} 830 831void 832sppp_detach(struct ifnet *ifp) 833{ 834 struct sppp **q, *p, *sp = (struct sppp*) ifp; 835 int i; 836 837 /* Remove the entry from the keepalive list. */ 838 for (q = &spppq; (p = *q); q = &p->pp_next) 839 if (p == sp) { 840 *q = p->pp_next; 841 break; 842 } 843 844 /* Stop keepalive handler. */ 845 if (! spppq) 846 UNTIMEOUT(sppp_keepalive, 0, keepalive_ch); 847 848 for (i = 0; i < IDX_COUNT; i++) 849 UNTIMEOUT((cps[i])->TO, (void *)sp, sp->ch[i]); 850 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 851} 852 853/* 854 * Flush the interface output queue. 855 */ 856void 857sppp_flush(struct ifnet *ifp) 858{ 859 struct sppp *sp = (struct sppp*) ifp; 860 861 sppp_qflush (&sp->pp_if.if_snd); 862 sppp_qflush (&sp->pp_fastq); 863 sppp_qflush (&sp->pp_cpq); 864} 865 866/* 867 * Check if the output queue is empty. 868 */ 869int 870sppp_isempty(struct ifnet *ifp) 871{ 872 struct sppp *sp = (struct sppp*) ifp; 873 int empty, s; 874 875 s = splimp(); 876 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 877 !sp->pp_if.if_snd.ifq_head; 878 splx(s); 879 return (empty); 880} 881 882/* 883 * Get next packet to send. 884 */ 885struct mbuf * 886sppp_dequeue(struct ifnet *ifp) 887{ 888 struct sppp *sp = (struct sppp*) ifp; 889 struct mbuf *m; 890 int s; 891 892 s = splimp(); 893 /* 894 * Process only the control protocol queue until we have at 895 * least one NCP open. 896 * 897 * Do always serve all three queues in Cisco mode. 898 */ 899 IF_DEQUEUE(&sp->pp_cpq, m); 900 if (m == NULL && 901 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) { 902 IF_DEQUEUE(&sp->pp_fastq, m); 903 if (m == NULL) 904 IF_DEQUEUE (&sp->pp_if.if_snd, m); 905 } 906 splx(s); 907 return m; 908} 909 910/* 911 * Pick the next packet, do not remove it from the queue. 912 */ 913struct mbuf * 914sppp_pick(struct ifnet *ifp) 915{ 916 struct sppp *sp = (struct sppp*)ifp; 917 struct mbuf *m; 918 int s; 919 920 s= splimp (); 921 922 m = sp->pp_cpq.ifq_head; 923 if (m == NULL && 924 (sp->pp_phase == PHASE_NETWORK || 925 (sp->pp_flags & PP_CISCO) != 0)) 926 if ((m = sp->pp_fastq.ifq_head) == NULL) 927 m = sp->pp_if.if_snd.ifq_head; 928 splx (s); 929 return (m); 930} 931 932/* 933 * Process an ioctl request. Called on low priority level. 934 */ 935int 936sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 937{ 938 struct ifreq *ifr = (struct ifreq*) data; 939 struct sppp *sp = (struct sppp*) ifp; 940 int s, rv, going_up, going_down, newmode; 941 942 s = splimp(); 943 rv = 0; 944 switch (cmd) { 945 case SIOCAIFADDR: 946 case SIOCSIFDSTADDR: 947 break; 948 949 case SIOCSIFADDR: 950 if_up(ifp); 951 /* fall through... */ 952 953 case SIOCSIFFLAGS: 954 going_up = ifp->if_flags & IFF_UP && 955 (ifp->if_flags & IFF_RUNNING) == 0; 956 going_down = (ifp->if_flags & IFF_UP) == 0 && 957 ifp->if_flags & IFF_RUNNING; 958 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 959 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 960 /* sanity */ 961 newmode = IFF_PASSIVE; 962 ifp->if_flags &= ~IFF_AUTO; 963 } 964 965 if (going_up || going_down) 966 lcp.Close(sp); 967 if (going_up && newmode == 0) { 968 /* neither auto-dial nor passive */ 969 ifp->if_flags |= IFF_RUNNING; 970 if (!(sp->pp_flags & PP_CISCO)) 971 lcp.Open(sp); 972 } else if (going_down) { 973 sppp_flush(ifp); 974 ifp->if_flags &= ~IFF_RUNNING; 975 } 976 977 break; 978 979#ifdef SIOCSIFMTU 980#ifndef ifr_mtu 981#define ifr_mtu ifr_metric 982#endif 983 case SIOCSIFMTU: 984 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 985 return (EINVAL); 986 ifp->if_mtu = ifr->ifr_mtu; 987 break; 988#endif 989#ifdef SLIOCSETMTU 990 case SLIOCSETMTU: 991 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 992 return (EINVAL); 993 ifp->if_mtu = *(short*)data; 994 break; 995#endif 996#ifdef SIOCGIFMTU 997 case SIOCGIFMTU: 998 ifr->ifr_mtu = ifp->if_mtu; 999 break; 1000#endif 1001#ifdef SLIOCGETMTU 1002 case SLIOCGETMTU: 1003 *(short*)data = ifp->if_mtu; 1004 break; 1005#endif 1006 case SIOCADDMULTI: 1007 case SIOCDELMULTI: 1008 break; 1009 1010 case SIOCGIFGENERIC: 1011 case SIOCSIFGENERIC: 1012 rv = sppp_params(sp, cmd, data); 1013 break; 1014 1015 default: 1016 rv = ENOTTY; 1017 } 1018 splx(s); 1019 return rv; 1020} 1021 1022 1023/* 1024 * Cisco framing implementation. 1025 */ 1026 1027/* 1028 * Handle incoming Cisco keepalive protocol packets. 1029 */ 1030static void 1031sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1032{ 1033 STDDCL; 1034 struct cisco_packet *h; 1035 u_long me, mymask; 1036 1037 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1038 if (debug) 1039 log(LOG_DEBUG, 1040 SPP_FMT "cisco invalid packet length: %d bytes\n", 1041 SPP_ARGS(ifp), m->m_pkthdr.len); 1042 return; 1043 } 1044 h = mtod (m, struct cisco_packet*); 1045 if (debug) 1046 log(LOG_DEBUG, 1047 SPP_FMT "cisco input: %d bytes " 1048 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1049 SPP_ARGS(ifp), m->m_pkthdr.len, 1050 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1051 (u_int)h->time0, (u_int)h->time1); 1052 switch (ntohl (h->type)) { 1053 default: 1054 if (debug) 1055 addlog(SPP_FMT "cisco unknown packet type: 0x%lx\n", 1056 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1057 break; 1058 case CISCO_ADDR_REPLY: 1059 /* Reply on address request, ignore */ 1060 break; 1061 case CISCO_KEEPALIVE_REQ: 1062 sp->pp_alivecnt = 0; 1063 sp->pp_rseq = ntohl (h->par1); 1064 if (sp->pp_seq == sp->pp_rseq) { 1065 /* Local and remote sequence numbers are equal. 1066 * Probably, the line is in loopback mode. */ 1067 if (sp->pp_loopcnt >= MAXALIVECNT) { 1068 printf (SPP_FMT "loopback\n", 1069 SPP_ARGS(ifp)); 1070 sp->pp_loopcnt = 0; 1071 if (ifp->if_flags & IFF_UP) { 1072 if_down (ifp); 1073 sppp_qflush (&sp->pp_cpq); 1074 } 1075 } 1076 ++sp->pp_loopcnt; 1077 1078 /* Generate new local sequence number */ 1079#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1080 sp->pp_seq = random(); 1081#else 1082 sp->pp_seq ^= time.tv_sec ^ time.tv_usec; 1083#endif 1084 break; 1085 } 1086 sp->pp_loopcnt = 0; 1087 if (! (ifp->if_flags & IFF_UP) && 1088 (ifp->if_flags & IFF_RUNNING)) { 1089 if_up(ifp); 1090 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1091 } 1092 break; 1093 case CISCO_ADDR_REQ: 1094 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1095 if (me != 0L) 1096 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1097 break; 1098 } 1099} 1100 1101/* 1102 * Send Cisco keepalive packet. 1103 */ 1104static void 1105sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1106{ 1107 STDDCL; 1108 struct ppp_header *h; 1109 struct cisco_packet *ch; 1110 struct mbuf *m; 1111#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1112 struct timeval tv; 1113#else 1114 u_long t = (time.tv_sec - boottime.tv_sec) * 1000; 1115#endif 1116 1117#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1118 getmicrouptime(&tv); 1119#endif 1120 1121 MGETHDR (m, M_DONTWAIT, MT_DATA); 1122 if (! m) 1123 return; 1124 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1125 m->m_pkthdr.rcvif = 0; 1126 1127 h = mtod (m, struct ppp_header*); 1128 h->address = CISCO_MULTICAST; 1129 h->control = 0; 1130 h->protocol = htons (CISCO_KEEPALIVE); 1131 1132 ch = (struct cisco_packet*) (h + 1); 1133 ch->type = htonl (type); 1134 ch->par1 = htonl (par1); 1135 ch->par2 = htonl (par2); 1136 ch->rel = -1; 1137 1138#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1139 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1140 ch->time1 = htons ((u_short) tv.tv_sec); 1141#else 1142 ch->time0 = htons ((u_short) (t >> 16)); 1143 ch->time1 = htons ((u_short) t); 1144#endif 1145 1146 if (debug) 1147 log(LOG_DEBUG, 1148 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1149 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1150 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1151 1152 if (IF_QFULL (&sp->pp_cpq)) { 1153 IF_DROP (&sp->pp_fastq); 1154 IF_DROP (&ifp->if_snd); 1155 m_freem (m); 1156 } else 1157 IF_ENQUEUE (&sp->pp_cpq, m); 1158 if (! (ifp->if_flags & IFF_OACTIVE)) 1159 (*ifp->if_start) (ifp); 1160 ifp->if_obytes += m->m_pkthdr.len + 3; 1161} 1162 1163/* 1164 * PPP protocol implementation. 1165 */ 1166 1167/* 1168 * Send PPP control protocol packet. 1169 */ 1170static void 1171sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1172 u_char ident, u_short len, void *data) 1173{ 1174 STDDCL; 1175 struct ppp_header *h; 1176 struct lcp_header *lh; 1177 struct mbuf *m; 1178 1179 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1180 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1181 MGETHDR (m, M_DONTWAIT, MT_DATA); 1182 if (! m) 1183 return; 1184 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1185 m->m_pkthdr.rcvif = 0; 1186 1187 h = mtod (m, struct ppp_header*); 1188 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1189 h->control = PPP_UI; /* Unnumbered Info */ 1190 h->protocol = htons (proto); /* Link Control Protocol */ 1191 1192 lh = (struct lcp_header*) (h + 1); 1193 lh->type = type; 1194 lh->ident = ident; 1195 lh->len = htons (LCP_HEADER_LEN + len); 1196 if (len) 1197 bcopy (data, lh+1, len); 1198 1199 if (debug) { 1200 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1201 SPP_ARGS(ifp), 1202 sppp_proto_name(proto), 1203 sppp_cp_type_name (lh->type), lh->ident, 1204 ntohs (lh->len)); 1205 if (len) 1206 sppp_print_bytes ((u_char*) (lh+1), len); 1207 addlog(">\n"); 1208 } 1209 if (IF_QFULL (&sp->pp_cpq)) { 1210 IF_DROP (&sp->pp_fastq); 1211 IF_DROP (&ifp->if_snd); 1212 m_freem (m); 1213 ++ifp->if_oerrors; 1214 } else 1215 IF_ENQUEUE (&sp->pp_cpq, m); 1216 if (! (ifp->if_flags & IFF_OACTIVE)) 1217 (*ifp->if_start) (ifp); 1218 ifp->if_obytes += m->m_pkthdr.len + 3; 1219} 1220 1221/* 1222 * Handle incoming PPP control protocol packets. 1223 */ 1224static void 1225sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1226{ 1227 STDDCL; 1228 struct lcp_header *h; 1229 int len = m->m_pkthdr.len; 1230 int rv; 1231 u_char *p; 1232 1233 if (len < 4) { 1234 if (debug) 1235 log(LOG_DEBUG, 1236 SPP_FMT "%s invalid packet length: %d bytes\n", 1237 SPP_ARGS(ifp), cp->name, len); 1238 return; 1239 } 1240 h = mtod (m, struct lcp_header*); 1241 if (debug) { 1242 log(LOG_DEBUG, 1243 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1244 SPP_ARGS(ifp), cp->name, 1245 sppp_state_name(sp->state[cp->protoidx]), 1246 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1247 if (len > 4) 1248 sppp_print_bytes ((u_char*) (h+1), len-4); 1249 addlog(">\n"); 1250 } 1251 if (len > ntohs (h->len)) 1252 len = ntohs (h->len); 1253 p = (u_char *)(h + 1); 1254 switch (h->type) { 1255 case CONF_REQ: 1256 if (len < 4) { 1257 if (debug) 1258 addlog(SPP_FMT "%s invalid conf-req length %d\n", 1259 SPP_ARGS(ifp), cp->name, 1260 len); 1261 ++ifp->if_ierrors; 1262 break; 1263 } 1264 /* handle states where RCR doesn't get a SCA/SCN */ 1265 switch (sp->state[cp->protoidx]) { 1266 case STATE_CLOSING: 1267 case STATE_STOPPING: 1268 return; 1269 case STATE_CLOSED: 1270 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1271 0, 0); 1272 return; 1273 } 1274 rv = (cp->RCR)(sp, h, len); 1275 switch (sp->state[cp->protoidx]) { 1276 case STATE_OPENED: 1277 (cp->tld)(sp); 1278 (cp->scr)(sp); 1279 /* fall through... */ 1280 case STATE_ACK_SENT: 1281 case STATE_REQ_SENT: 1282 sppp_cp_change_state(cp, sp, rv? 1283 STATE_ACK_SENT: STATE_REQ_SENT); 1284 break; 1285 case STATE_STOPPED: 1286 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1287 (cp->scr)(sp); 1288 sppp_cp_change_state(cp, sp, rv? 1289 STATE_ACK_SENT: STATE_REQ_SENT); 1290 break; 1291 case STATE_ACK_RCVD: 1292 if (rv) { 1293 sppp_cp_change_state(cp, sp, STATE_OPENED); 1294 if (debug) 1295 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1296 SPP_ARGS(ifp), 1297 cp->name); 1298 (cp->tlu)(sp); 1299 } else 1300 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1301 break; 1302 default: 1303 printf(SPP_FMT "%s illegal %s in state %s\n", 1304 SPP_ARGS(ifp), cp->name, 1305 sppp_cp_type_name(h->type), 1306 sppp_state_name(sp->state[cp->protoidx])); 1307 ++ifp->if_ierrors; 1308 } 1309 break; 1310 case CONF_ACK: 1311 if (h->ident != sp->confid[cp->protoidx]) { 1312 if (debug) 1313 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1314 SPP_ARGS(ifp), cp->name, 1315 h->ident, sp->confid[cp->protoidx]); 1316 ++ifp->if_ierrors; 1317 break; 1318 } 1319 switch (sp->state[cp->protoidx]) { 1320 case STATE_CLOSED: 1321 case STATE_STOPPED: 1322 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1323 break; 1324 case STATE_CLOSING: 1325 case STATE_STOPPING: 1326 break; 1327 case STATE_REQ_SENT: 1328 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1329 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1330 break; 1331 case STATE_OPENED: 1332 (cp->tld)(sp); 1333 /* fall through */ 1334 case STATE_ACK_RCVD: 1335 (cp->scr)(sp); 1336 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1337 break; 1338 case STATE_ACK_SENT: 1339 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1340 sppp_cp_change_state(cp, sp, STATE_OPENED); 1341 if (debug) 1342 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1343 SPP_ARGS(ifp), cp->name); 1344 (cp->tlu)(sp); 1345 break; 1346 default: 1347 printf(SPP_FMT "%s illegal %s in state %s\n", 1348 SPP_ARGS(ifp), cp->name, 1349 sppp_cp_type_name(h->type), 1350 sppp_state_name(sp->state[cp->protoidx])); 1351 ++ifp->if_ierrors; 1352 } 1353 break; 1354 case CONF_NAK: 1355 case CONF_REJ: 1356 if (h->ident != sp->confid[cp->protoidx]) { 1357 if (debug) 1358 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1359 SPP_ARGS(ifp), cp->name, 1360 h->ident, sp->confid[cp->protoidx]); 1361 ++ifp->if_ierrors; 1362 break; 1363 } 1364 if (h->type == CONF_NAK) 1365 (cp->RCN_nak)(sp, h, len); 1366 else /* CONF_REJ */ 1367 (cp->RCN_rej)(sp, h, len); 1368 1369 switch (sp->state[cp->protoidx]) { 1370 case STATE_CLOSED: 1371 case STATE_STOPPED: 1372 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1373 break; 1374 case STATE_REQ_SENT: 1375 case STATE_ACK_SENT: 1376 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1377 (cp->scr)(sp); 1378 break; 1379 case STATE_OPENED: 1380 (cp->tld)(sp); 1381 /* fall through */ 1382 case STATE_ACK_RCVD: 1383 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1384 (cp->scr)(sp); 1385 break; 1386 case STATE_CLOSING: 1387 case STATE_STOPPING: 1388 break; 1389 default: 1390 printf(SPP_FMT "%s illegal %s in state %s\n", 1391 SPP_ARGS(ifp), cp->name, 1392 sppp_cp_type_name(h->type), 1393 sppp_state_name(sp->state[cp->protoidx])); 1394 ++ifp->if_ierrors; 1395 } 1396 break; 1397 1398 case TERM_REQ: 1399 switch (sp->state[cp->protoidx]) { 1400 case STATE_ACK_RCVD: 1401 case STATE_ACK_SENT: 1402 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1403 /* fall through */ 1404 case STATE_CLOSED: 1405 case STATE_STOPPED: 1406 case STATE_CLOSING: 1407 case STATE_STOPPING: 1408 case STATE_REQ_SENT: 1409 sta: 1410 /* Send Terminate-Ack packet. */ 1411 if (debug) 1412 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1413 SPP_ARGS(ifp), cp->name); 1414 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1415 break; 1416 case STATE_OPENED: 1417 (cp->tld)(sp); 1418 sp->rst_counter[cp->protoidx] = 0; 1419 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1420 goto sta; 1421 break; 1422 default: 1423 printf(SPP_FMT "%s illegal %s in state %s\n", 1424 SPP_ARGS(ifp), cp->name, 1425 sppp_cp_type_name(h->type), 1426 sppp_state_name(sp->state[cp->protoidx])); 1427 ++ifp->if_ierrors; 1428 } 1429 break; 1430 case TERM_ACK: 1431 switch (sp->state[cp->protoidx]) { 1432 case STATE_CLOSED: 1433 case STATE_STOPPED: 1434 case STATE_REQ_SENT: 1435 case STATE_ACK_SENT: 1436 break; 1437 case STATE_CLOSING: 1438 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1439 (cp->tlf)(sp); 1440 break; 1441 case STATE_STOPPING: 1442 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1443 (cp->tlf)(sp); 1444 break; 1445 case STATE_ACK_RCVD: 1446 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1447 break; 1448 case STATE_OPENED: 1449 (cp->tld)(sp); 1450 (cp->scr)(sp); 1451 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1452 break; 1453 default: 1454 printf(SPP_FMT "%s illegal %s in state %s\n", 1455 SPP_ARGS(ifp), cp->name, 1456 sppp_cp_type_name(h->type), 1457 sppp_state_name(sp->state[cp->protoidx])); 1458 ++ifp->if_ierrors; 1459 } 1460 break; 1461 case CODE_REJ: 1462 case PROTO_REJ: 1463 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1464 log(LOG_INFO, 1465 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1466 "danger will robinson\n", 1467 SPP_ARGS(ifp), cp->name, 1468 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1469 switch (sp->state[cp->protoidx]) { 1470 case STATE_CLOSED: 1471 case STATE_STOPPED: 1472 case STATE_REQ_SENT: 1473 case STATE_ACK_SENT: 1474 case STATE_CLOSING: 1475 case STATE_STOPPING: 1476 case STATE_OPENED: 1477 break; 1478 case STATE_ACK_RCVD: 1479 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1480 break; 1481 default: 1482 printf(SPP_FMT "%s illegal %s in state %s\n", 1483 SPP_ARGS(ifp), cp->name, 1484 sppp_cp_type_name(h->type), 1485 sppp_state_name(sp->state[cp->protoidx])); 1486 ++ifp->if_ierrors; 1487 } 1488 break; 1489 case DISC_REQ: 1490 if (cp->proto != PPP_LCP) 1491 goto illegal; 1492 /* Discard the packet. */ 1493 break; 1494 case ECHO_REQ: 1495 if (cp->proto != PPP_LCP) 1496 goto illegal; 1497 if (sp->state[cp->protoidx] != STATE_OPENED) { 1498 if (debug) 1499 addlog(SPP_FMT "lcp echo req but lcp closed\n", 1500 SPP_ARGS(ifp)); 1501 ++ifp->if_ierrors; 1502 break; 1503 } 1504 if (len < 8) { 1505 if (debug) 1506 addlog(SPP_FMT "invalid lcp echo request " 1507 "packet length: %d bytes\n", 1508 SPP_ARGS(ifp), len); 1509 break; 1510 } 1511 if (ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1512 /* Line loopback mode detected. */ 1513 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1514 if_down (ifp); 1515 sppp_qflush (&sp->pp_cpq); 1516 1517 /* Shut down the PPP link. */ 1518 /* XXX */ 1519 lcp.Down(sp); 1520 lcp.Up(sp); 1521 break; 1522 } 1523 *(long*)(h+1) = htonl (sp->lcp.magic); 1524 if (debug) 1525 addlog(SPP_FMT "got lcp echo req, sending echo rep\n", 1526 SPP_ARGS(ifp)); 1527 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1528 break; 1529 case ECHO_REPLY: 1530 if (cp->proto != PPP_LCP) 1531 goto illegal; 1532 if (h->ident != sp->lcp.echoid) { 1533 ++ifp->if_ierrors; 1534 break; 1535 } 1536 if (len < 8) { 1537 if (debug) 1538 addlog(SPP_FMT "lcp invalid echo reply " 1539 "packet length: %d bytes\n", 1540 SPP_ARGS(ifp), len); 1541 break; 1542 } 1543 if (debug) 1544 addlog(SPP_FMT "lcp got echo rep\n", 1545 SPP_ARGS(ifp)); 1546 if (ntohl (*(long*)(h+1)) != sp->lcp.magic) 1547 sp->pp_alivecnt = 0; 1548 break; 1549 default: 1550 /* Unknown packet type -- send Code-Reject packet. */ 1551 illegal: 1552 if (debug) 1553 addlog(SPP_FMT "%s send code-rej for 0x%x\n", 1554 SPP_ARGS(ifp), cp->name, h->type); 1555 sppp_cp_send(sp, cp->proto, CODE_REJ, ++sp->pp_seq, 1556 m->m_pkthdr.len, h); 1557 ++ifp->if_ierrors; 1558 } 1559} 1560 1561 1562/* 1563 * The generic part of all Up/Down/Open/Close/TO event handlers. 1564 * Basically, the state transition handling in the automaton. 1565 */ 1566static void 1567sppp_up_event(const struct cp *cp, struct sppp *sp) 1568{ 1569 STDDCL; 1570 1571 if (debug) 1572 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1573 SPP_ARGS(ifp), cp->name, 1574 sppp_state_name(sp->state[cp->protoidx])); 1575 1576 switch (sp->state[cp->protoidx]) { 1577 case STATE_INITIAL: 1578 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1579 break; 1580 case STATE_STARTING: 1581 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1582 (cp->scr)(sp); 1583 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1584 break; 1585 default: 1586 printf(SPP_FMT "%s illegal up in state %s\n", 1587 SPP_ARGS(ifp), cp->name, 1588 sppp_state_name(sp->state[cp->protoidx])); 1589 } 1590} 1591 1592static void 1593sppp_down_event(const struct cp *cp, struct sppp *sp) 1594{ 1595 STDDCL; 1596 1597 if (debug) 1598 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1599 SPP_ARGS(ifp), cp->name, 1600 sppp_state_name(sp->state[cp->protoidx])); 1601 1602 switch (sp->state[cp->protoidx]) { 1603 case STATE_CLOSED: 1604 case STATE_CLOSING: 1605 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1606 break; 1607 case STATE_STOPPED: 1608 sppp_cp_change_state(cp, sp, STATE_STARTING); 1609 (cp->tls)(sp); 1610 break; 1611 case STATE_STOPPING: 1612 case STATE_REQ_SENT: 1613 case STATE_ACK_RCVD: 1614 case STATE_ACK_SENT: 1615 sppp_cp_change_state(cp, sp, STATE_STARTING); 1616 break; 1617 case STATE_OPENED: 1618 (cp->tld)(sp); 1619 sppp_cp_change_state(cp, sp, STATE_STARTING); 1620 break; 1621 default: 1622 printf(SPP_FMT "%s illegal down in state %s\n", 1623 SPP_ARGS(ifp), cp->name, 1624 sppp_state_name(sp->state[cp->protoidx])); 1625 } 1626} 1627 1628 1629static void 1630sppp_open_event(const struct cp *cp, struct sppp *sp) 1631{ 1632 STDDCL; 1633 1634 if (debug) 1635 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1636 SPP_ARGS(ifp), cp->name, 1637 sppp_state_name(sp->state[cp->protoidx])); 1638 1639 switch (sp->state[cp->protoidx]) { 1640 case STATE_INITIAL: 1641 sppp_cp_change_state(cp, sp, STATE_STARTING); 1642 (cp->tls)(sp); 1643 break; 1644 case STATE_STARTING: 1645 break; 1646 case STATE_CLOSED: 1647 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1648 (cp->scr)(sp); 1649 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1650 break; 1651 case STATE_STOPPED: 1652 case STATE_STOPPING: 1653 case STATE_REQ_SENT: 1654 case STATE_ACK_RCVD: 1655 case STATE_ACK_SENT: 1656 case STATE_OPENED: 1657 break; 1658 case STATE_CLOSING: 1659 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1660 break; 1661 } 1662} 1663 1664 1665static void 1666sppp_close_event(const struct cp *cp, struct sppp *sp) 1667{ 1668 STDDCL; 1669 1670 if (debug) 1671 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1672 SPP_ARGS(ifp), cp->name, 1673 sppp_state_name(sp->state[cp->protoidx])); 1674 1675 switch (sp->state[cp->protoidx]) { 1676 case STATE_INITIAL: 1677 case STATE_CLOSED: 1678 case STATE_CLOSING: 1679 break; 1680 case STATE_STARTING: 1681 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1682 (cp->tlf)(sp); 1683 break; 1684 case STATE_STOPPED: 1685 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1686 break; 1687 case STATE_STOPPING: 1688 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1689 break; 1690 case STATE_OPENED: 1691 (cp->tld)(sp); 1692 /* fall through */ 1693 case STATE_REQ_SENT: 1694 case STATE_ACK_RCVD: 1695 case STATE_ACK_SENT: 1696 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1697 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0); 1698 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1699 break; 1700 } 1701} 1702 1703static void 1704sppp_to_event(const struct cp *cp, struct sppp *sp) 1705{ 1706 STDDCL; 1707 int s; 1708 1709 s = splimp(); 1710 if (debug) 1711 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 1712 SPP_ARGS(ifp), cp->name, 1713 sppp_state_name(sp->state[cp->protoidx]), 1714 sp->rst_counter[cp->protoidx]); 1715 1716 if (--sp->rst_counter[cp->protoidx] < 0) 1717 /* TO- event */ 1718 switch (sp->state[cp->protoidx]) { 1719 case STATE_CLOSING: 1720 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1721 (cp->tlf)(sp); 1722 break; 1723 case STATE_STOPPING: 1724 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1725 (cp->tlf)(sp); 1726 break; 1727 case STATE_REQ_SENT: 1728 case STATE_ACK_RCVD: 1729 case STATE_ACK_SENT: 1730 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1731 (cp->tlf)(sp); 1732 break; 1733 } 1734 else 1735 /* TO+ event */ 1736 switch (sp->state[cp->protoidx]) { 1737 case STATE_CLOSING: 1738 case STATE_STOPPING: 1739 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 1740 0, 0); 1741 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 1742 sp->ch[cp->protoidx]); 1743 break; 1744 case STATE_REQ_SENT: 1745 case STATE_ACK_RCVD: 1746 (cp->scr)(sp); 1747 /* sppp_cp_change_state() will restart the timer */ 1748 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1749 break; 1750 case STATE_ACK_SENT: 1751 (cp->scr)(sp); 1752 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 1753 sp->ch[cp->protoidx]); 1754 break; 1755 } 1756 1757 splx(s); 1758} 1759 1760/* 1761 * Change the state of a control protocol in the state automaton. 1762 * Takes care of starting/stopping the restart timer. 1763 */ 1764void 1765sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1766{ 1767 sp->state[cp->protoidx] = newstate; 1768 1769 UNTIMEOUT(cp->TO, (void *)sp, sp->ch[cp->protoidx]); 1770 switch (newstate) { 1771 case STATE_INITIAL: 1772 case STATE_STARTING: 1773 case STATE_CLOSED: 1774 case STATE_STOPPED: 1775 case STATE_OPENED: 1776 break; 1777 case STATE_CLOSING: 1778 case STATE_STOPPING: 1779 case STATE_REQ_SENT: 1780 case STATE_ACK_RCVD: 1781 case STATE_ACK_SENT: 1782 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 1783 sp->ch[cp->protoidx]); 1784 break; 1785 } 1786} 1787/* 1788 *--------------------------------------------------------------------------* 1789 * * 1790 * The LCP implementation. * 1791 * * 1792 *--------------------------------------------------------------------------* 1793 */ 1794static void 1795sppp_lcp_init(struct sppp *sp) 1796{ 1797 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1798 sp->lcp.magic = 0; 1799 sp->state[IDX_LCP] = STATE_INITIAL; 1800 sp->fail_counter[IDX_LCP] = 0; 1801 sp->lcp.protos = 0; 1802 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 1803 1804 /* 1805 * Initialize counters and timeout values. Note that we don't 1806 * use the 3 seconds suggested in RFC 1661 since we are likely 1807 * running on a fast link. XXX We should probably implement 1808 * the exponential backoff option. Note that these values are 1809 * relevant for all control protocols, not just LCP only. 1810 */ 1811 sp->lcp.timeout = 1 * hz; 1812 sp->lcp.max_terminate = 2; 1813 sp->lcp.max_configure = 10; 1814 sp->lcp.max_failure = 10; 1815#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1816 callout_handle_init(&sp->ch[IDX_LCP]); 1817#endif 1818} 1819 1820static void 1821sppp_lcp_up(struct sppp *sp) 1822{ 1823 STDDCL; 1824 1825 /* 1826 * If this interface is passive or dial-on-demand, and we are 1827 * still in Initial state, it means we've got an incoming 1828 * call. Activate the interface. 1829 */ 1830 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 1831 if (debug) 1832 log(LOG_DEBUG, 1833 SPP_FMT "Up event", SPP_ARGS(ifp)); 1834 ifp->if_flags |= IFF_RUNNING; 1835 if (sp->state[IDX_LCP] == STATE_INITIAL) { 1836 if (debug) 1837 addlog("(incoming call)\n"); 1838 sp->pp_flags |= PP_CALLIN; 1839 lcp.Open(sp); 1840 } else if (debug) 1841 addlog("\n"); 1842 } 1843 1844 sppp_up_event(&lcp, sp); 1845} 1846 1847static void 1848sppp_lcp_down(struct sppp *sp) 1849{ 1850 STDDCL; 1851 1852 sppp_down_event(&lcp, sp); 1853 1854 /* 1855 * If this is neither a dial-on-demand nor a passive 1856 * interface, simulate an ``ifconfig down'' action, so the 1857 * administrator can force a redial by another ``ifconfig 1858 * up''. XXX For leased line operation, should we immediately 1859 * try to reopen the connection here? 1860 */ 1861 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 1862 log(LOG_INFO, 1863 SPP_FMT "Down event, taking interface down.\n", 1864 SPP_ARGS(ifp)); 1865 if_down(ifp); 1866 } else { 1867 if (debug) 1868 log(LOG_DEBUG, 1869 SPP_FMT "Down event (carrier loss)\n", 1870 SPP_ARGS(ifp)); 1871 } 1872 sp->pp_flags &= ~PP_CALLIN; 1873 if (sp->state[IDX_LCP] != STATE_INITIAL) 1874 lcp.Close(sp); 1875 ifp->if_flags &= ~IFF_RUNNING; 1876} 1877 1878static void 1879sppp_lcp_open(struct sppp *sp) 1880{ 1881 /* 1882 * If we are authenticator, negotiate LCP_AUTH 1883 */ 1884 if (sp->hisauth.proto != 0) 1885 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 1886 else 1887 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 1888 sp->pp_flags &= ~PP_NEEDAUTH; 1889 sppp_open_event(&lcp, sp); 1890} 1891 1892static void 1893sppp_lcp_close(struct sppp *sp) 1894{ 1895 sppp_close_event(&lcp, sp); 1896} 1897 1898static void 1899sppp_lcp_TO(void *cookie) 1900{ 1901 sppp_to_event(&lcp, (struct sppp *)cookie); 1902} 1903 1904/* 1905 * Analyze a configure request. Return true if it was agreeable, and 1906 * caused action sca, false if it has been rejected or nak'ed, and 1907 * caused action scn. (The return value is used to make the state 1908 * transition decision in the state automaton.) 1909 */ 1910static int 1911sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 1912{ 1913 STDDCL; 1914 u_char *buf, *r, *p; 1915 int origlen, rlen; 1916 u_long nmagic; 1917 u_short authproto; 1918 1919 len -= 4; 1920 origlen = len; 1921 buf = r = malloc (len, M_TEMP, M_NOWAIT); 1922 if (! buf) 1923 return (0); 1924 1925 if (debug) 1926 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 1927 SPP_ARGS(ifp)); 1928 1929 /* pass 1: check for things that need to be rejected */ 1930 p = (void*) (h+1); 1931 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 1932 if (debug) 1933 addlog(" %s ", sppp_lcp_opt_name(*p)); 1934 switch (*p) { 1935 case LCP_OPT_MAGIC: 1936 /* Magic number. */ 1937 /* fall through, both are same length */ 1938 case LCP_OPT_ASYNC_MAP: 1939 /* Async control character map. */ 1940 if (len >= 6 || p[1] == 6) 1941 continue; 1942 if (debug) 1943 addlog("[invalid] "); 1944 break; 1945 case LCP_OPT_MRU: 1946 /* Maximum receive unit. */ 1947 if (len >= 4 && p[1] == 4) 1948 continue; 1949 if (debug) 1950 addlog("[invalid] "); 1951 break; 1952 case LCP_OPT_AUTH_PROTO: 1953 if (len < 4) { 1954 if (debug) 1955 addlog("[invalid] "); 1956 break; 1957 } 1958 authproto = (p[2] << 8) + p[3]; 1959 if (authproto == PPP_CHAP && p[1] != 5) { 1960 if (debug) 1961 addlog("[invalid chap len] "); 1962 break; 1963 } 1964 if (sp->myauth.proto == 0) { 1965 /* we are not configured to do auth */ 1966 if (debug) 1967 addlog("[not configured] "); 1968 break; 1969 } 1970 /* 1971 * Remote want us to authenticate, remember this, 1972 * so we stay in PHASE_AUTHENTICATE after LCP got 1973 * up. 1974 */ 1975 sp->pp_flags |= PP_NEEDAUTH; 1976 continue; 1977 default: 1978 /* Others not supported. */ 1979 if (debug) 1980 addlog("[rej] "); 1981 break; 1982 } 1983 /* Add the option to rejected list. */ 1984 bcopy (p, r, p[1]); 1985 r += p[1]; 1986 rlen += p[1]; 1987 } 1988 if (rlen) { 1989 if (debug) 1990 addlog(" send conf-rej\n"); 1991 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 1992 return 0; 1993 } else if (debug) 1994 addlog("\n"); 1995 1996 /* 1997 * pass 2: check for option values that are unacceptable and 1998 * thus require to be nak'ed. 1999 */ 2000 if (debug) 2001 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2002 SPP_ARGS(ifp)); 2003 2004 p = (void*) (h+1); 2005 len = origlen; 2006 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2007 if (debug) 2008 addlog(" %s ", sppp_lcp_opt_name(*p)); 2009 switch (*p) { 2010 case LCP_OPT_MAGIC: 2011 /* Magic number -- extract. */ 2012 nmagic = (u_long)p[2] << 24 | 2013 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2014 if (nmagic != sp->lcp.magic) { 2015 if (debug) 2016 addlog("0x%lx ", nmagic); 2017 continue; 2018 } 2019 /* 2020 * Local and remote magics equal -- loopback? 2021 */ 2022 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2023 printf (SPP_FMT "loopback\n", 2024 SPP_ARGS(ifp)); 2025 sp->pp_loopcnt = 0; 2026 if (ifp->if_flags & IFF_UP) { 2027 if_down(ifp); 2028 sppp_qflush(&sp->pp_cpq); 2029 /* XXX ? */ 2030 lcp.Down(sp); 2031 lcp.Up(sp); 2032 } 2033 } else if (debug) 2034 addlog("[glitch] "); 2035 ++sp->pp_loopcnt; 2036 /* 2037 * We negate our magic here, and NAK it. If 2038 * we see it later in an NAK packet, we 2039 * suggest a new one. 2040 */ 2041 nmagic = ~sp->lcp.magic; 2042 /* Gonna NAK it. */ 2043 p[2] = nmagic >> 24; 2044 p[3] = nmagic >> 16; 2045 p[4] = nmagic >> 8; 2046 p[5] = nmagic; 2047 break; 2048 2049 case LCP_OPT_ASYNC_MAP: 2050 /* Async control character map -- check to be zero. */ 2051 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) { 2052 if (debug) 2053 addlog("[empty] "); 2054 continue; 2055 } 2056 if (debug) 2057 addlog("[non-empty] "); 2058 /* suggest a zero one */ 2059 p[2] = p[3] = p[4] = p[5] = 0; 2060 break; 2061 2062 case LCP_OPT_MRU: 2063 /* 2064 * Maximum receive unit. Always agreeable, 2065 * but ignored by now. 2066 */ 2067 sp->lcp.their_mru = p[2] * 256 + p[3]; 2068 if (debug) 2069 addlog("%lu ", sp->lcp.their_mru); 2070 continue; 2071 2072 case LCP_OPT_AUTH_PROTO: 2073 authproto = (p[2] << 8) + p[3]; 2074 if (sp->myauth.proto != authproto) { 2075 /* not agreed, nak */ 2076 if (debug) 2077 addlog("[mine %s != his %s] ", 2078 sppp_proto_name(sp->hisauth.proto), 2079 sppp_proto_name(authproto)); 2080 p[2] = sp->myauth.proto >> 8; 2081 p[3] = sp->myauth.proto; 2082 break; 2083 } 2084 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2085 if (debug) 2086 addlog("[chap not MD5] "); 2087 p[4] = CHAP_MD5; 2088 break; 2089 } 2090 continue; 2091 } 2092 /* Add the option to nak'ed list. */ 2093 bcopy (p, r, p[1]); 2094 r += p[1]; 2095 rlen += p[1]; 2096 } 2097 if (rlen) { 2098 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2099 if (debug) 2100 addlog(" max_failure (%d) exceeded, " 2101 "send conf-rej\n", 2102 sp->lcp.max_failure); 2103 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2104 } else { 2105 if (debug) 2106 addlog(" send conf-nak\n"); 2107 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2108 } 2109 return 0; 2110 } else { 2111 if (debug) 2112 addlog(" send conf-ack\n"); 2113 sp->fail_counter[IDX_LCP] = 0; 2114 sp->pp_loopcnt = 0; 2115 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2116 h->ident, origlen, h+1); 2117 } 2118 2119 free (buf, M_TEMP); 2120 return (rlen == 0); 2121} 2122 2123/* 2124 * Analyze the LCP Configure-Reject option list, and adjust our 2125 * negotiation. 2126 */ 2127static void 2128sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2129{ 2130 STDDCL; 2131 u_char *buf, *p; 2132 2133 len -= 4; 2134 buf = malloc (len, M_TEMP, M_NOWAIT); 2135 if (!buf) 2136 return; 2137 2138 if (debug) 2139 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2140 SPP_ARGS(ifp)); 2141 2142 p = (void*) (h+1); 2143 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2144 if (debug) 2145 addlog(" %s ", sppp_lcp_opt_name(*p)); 2146 switch (*p) { 2147 case LCP_OPT_MAGIC: 2148 /* Magic number -- can't use it, use 0 */ 2149 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2150 sp->lcp.magic = 0; 2151 break; 2152 case LCP_OPT_MRU: 2153 /* 2154 * Should not be rejected anyway, since we only 2155 * negotiate a MRU if explicitly requested by 2156 * peer. 2157 */ 2158 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2159 break; 2160 case LCP_OPT_AUTH_PROTO: 2161 /* 2162 * Peer doesn't want to authenticate himself, 2163 * deny unless this is a dialout call, and 2164 * AUTHFLAG_NOCALLOUT is set. 2165 */ 2166 if ((sp->pp_flags & PP_CALLIN) == 0 && 2167 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2168 if (debug) 2169 addlog("[don't insist on auth " 2170 "for callout]"); 2171 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2172 break; 2173 } 2174 if (debug) 2175 addlog("[access denied]\n"); 2176 lcp.Close(sp); 2177 break; 2178 } 2179 } 2180 if (debug) 2181 addlog("\n"); 2182 free (buf, M_TEMP); 2183 return; 2184} 2185 2186/* 2187 * Analyze the LCP Configure-NAK option list, and adjust our 2188 * negotiation. 2189 */ 2190static void 2191sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2192{ 2193 STDDCL; 2194 u_char *buf, *p; 2195 u_long magic; 2196 2197 len -= 4; 2198 buf = malloc (len, M_TEMP, M_NOWAIT); 2199 if (!buf) 2200 return; 2201 2202 if (debug) 2203 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2204 SPP_ARGS(ifp)); 2205 2206 p = (void*) (h+1); 2207 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2208 if (debug) 2209 addlog(" %s ", sppp_lcp_opt_name(*p)); 2210 switch (*p) { 2211 case LCP_OPT_MAGIC: 2212 /* Magic number -- renegotiate */ 2213 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2214 len >= 6 && p[1] == 6) { 2215 magic = (u_long)p[2] << 24 | 2216 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2217 /* 2218 * If the remote magic is our negated one, 2219 * this looks like a loopback problem. 2220 * Suggest a new magic to make sure. 2221 */ 2222 if (magic == ~sp->lcp.magic) { 2223 if (debug) 2224 addlog("magic glitch "); 2225#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2226 sp->lcp.magic = random(); 2227#else 2228 sp->lcp.magic = time.tv_sec + time.tv_usec; 2229#endif 2230 } else { 2231 sp->lcp.magic = magic; 2232 if (debug) 2233 addlog("%lu ", magic); 2234 } 2235 } 2236 break; 2237 case LCP_OPT_MRU: 2238 /* 2239 * Peer wants to advise us to negotiate an MRU. 2240 * Agree on it if it's reasonable, or use 2241 * default otherwise. 2242 */ 2243 if (len >= 4 && p[1] == 4) { 2244 u_int mru = p[2] * 256 + p[3]; 2245 if (debug) 2246 addlog("%d ", mru); 2247 if (mru < PP_MTU || mru > PP_MAX_MRU) 2248 mru = PP_MTU; 2249 sp->lcp.mru = mru; 2250 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2251 } 2252 break; 2253 case LCP_OPT_AUTH_PROTO: 2254 /* 2255 * Peer doesn't like our authentication method, 2256 * deny. 2257 */ 2258 if (debug) 2259 addlog("[access denied]\n"); 2260 lcp.Close(sp); 2261 break; 2262 } 2263 } 2264 if (debug) 2265 addlog("\n"); 2266 free (buf, M_TEMP); 2267 return; 2268} 2269 2270static void 2271sppp_lcp_tlu(struct sppp *sp) 2272{ 2273 STDDCL; 2274 int i; 2275 u_long mask; 2276 2277 /* XXX ? */ 2278 if (! (ifp->if_flags & IFF_UP) && 2279 (ifp->if_flags & IFF_RUNNING)) { 2280 /* Coming out of loopback mode. */ 2281 if_up(ifp); 2282 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2283 } 2284 2285 for (i = 0; i < IDX_COUNT; i++) 2286 if ((cps[i])->flags & CP_QUAL) 2287 (cps[i])->Open(sp); 2288 2289 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2290 (sp->pp_flags & PP_NEEDAUTH) != 0) 2291 sp->pp_phase = PHASE_AUTHENTICATE; 2292 else 2293 sp->pp_phase = PHASE_NETWORK; 2294 2295 if (debug) 2296 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2297 sppp_phase_name(sp->pp_phase)); 2298 2299 /* 2300 * Open all authentication protocols. This is even required 2301 * if we already proceeded to network phase, since it might be 2302 * that remote wants us to authenticate, so we might have to 2303 * send a PAP request. Undesired authentication protocols 2304 * don't do anything when they get an Open event. 2305 */ 2306 for (i = 0; i < IDX_COUNT; i++) 2307 if ((cps[i])->flags & CP_AUTH) 2308 (cps[i])->Open(sp); 2309 2310 if (sp->pp_phase == PHASE_NETWORK) { 2311 /* Notify all NCPs. */ 2312 for (i = 0; i < IDX_COUNT; i++) 2313 if ((cps[i])->flags & CP_NCP) 2314 (cps[i])->Open(sp); 2315 } 2316 2317 /* Send Up events to all started protos. */ 2318 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2319 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) 2320 (cps[i])->Up(sp); 2321 2322 /* notify low-level driver of state change */ 2323 if (sp->pp_chg) 2324 sp->pp_chg(sp, (int)sp->pp_phase); 2325 2326 if (sp->pp_phase == PHASE_NETWORK) 2327 /* if no NCP is starting, close down */ 2328 sppp_lcp_check_and_close(sp); 2329} 2330 2331static void 2332sppp_lcp_tld(struct sppp *sp) 2333{ 2334 STDDCL; 2335 int i; 2336 u_long mask; 2337 2338 sp->pp_phase = PHASE_TERMINATE; 2339 2340 if (debug) 2341 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2342 sppp_phase_name(sp->pp_phase)); 2343 2344 /* 2345 * Take upper layers down. We send the Down event first and 2346 * the Close second to prevent the upper layers from sending 2347 * ``a flurry of terminate-request packets'', as the RFC 2348 * describes it. 2349 */ 2350 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2351 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) { 2352 (cps[i])->Down(sp); 2353 (cps[i])->Close(sp); 2354 } 2355} 2356 2357static void 2358sppp_lcp_tls(struct sppp *sp) 2359{ 2360 STDDCL; 2361 2362 sp->pp_phase = PHASE_ESTABLISH; 2363 2364 if (debug) 2365 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2366 sppp_phase_name(sp->pp_phase)); 2367 2368 /* Notify lower layer if desired. */ 2369 if (sp->pp_tls) 2370 (sp->pp_tls)(sp); 2371 else 2372 (sp->pp_up)(sp); 2373} 2374 2375static void 2376sppp_lcp_tlf(struct sppp *sp) 2377{ 2378 STDDCL; 2379 2380 sp->pp_phase = PHASE_DEAD; 2381 if (debug) 2382 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2383 sppp_phase_name(sp->pp_phase)); 2384 2385 /* Notify lower layer if desired. */ 2386 if (sp->pp_tlf) 2387 (sp->pp_tlf)(sp); 2388 else 2389 (sp->pp_down)(sp); 2390} 2391 2392static void 2393sppp_lcp_scr(struct sppp *sp) 2394{ 2395 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2396 int i = 0; 2397 u_short authproto; 2398 2399 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2400 if (! sp->lcp.magic) 2401#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2402 sp->lcp.magic = random(); 2403#else 2404 sp->lcp.magic = time.tv_sec + time.tv_usec; 2405#endif 2406 opt[i++] = LCP_OPT_MAGIC; 2407 opt[i++] = 6; 2408 opt[i++] = sp->lcp.magic >> 24; 2409 opt[i++] = sp->lcp.magic >> 16; 2410 opt[i++] = sp->lcp.magic >> 8; 2411 opt[i++] = sp->lcp.magic; 2412 } 2413 2414 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2415 opt[i++] = LCP_OPT_MRU; 2416 opt[i++] = 4; 2417 opt[i++] = sp->lcp.mru >> 8; 2418 opt[i++] = sp->lcp.mru; 2419 } 2420 2421 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2422 authproto = sp->hisauth.proto; 2423 opt[i++] = LCP_OPT_AUTH_PROTO; 2424 opt[i++] = authproto == PPP_CHAP? 5: 4; 2425 opt[i++] = authproto >> 8; 2426 opt[i++] = authproto; 2427 if (authproto == PPP_CHAP) 2428 opt[i++] = CHAP_MD5; 2429 } 2430 2431 sp->confid[IDX_LCP] = ++sp->pp_seq; 2432 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2433} 2434 2435/* 2436 * Check the open NCPs, return true if at least one NCP is open. 2437 */ 2438static int 2439sppp_ncp_check(struct sppp *sp) 2440{ 2441 int i, mask; 2442 2443 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2444 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP) 2445 return 1; 2446 return 0; 2447} 2448 2449/* 2450 * Re-check the open NCPs and see if we should terminate the link. 2451 * Called by the NCPs during their tlf action handling. 2452 */ 2453static void 2454sppp_lcp_check_and_close(struct sppp *sp) 2455{ 2456 2457 if (sp->pp_phase < PHASE_NETWORK) 2458 /* don't bother, we are already going down */ 2459 return; 2460 2461 if (sppp_ncp_check(sp)) 2462 return; 2463 2464 lcp.Close(sp); 2465} 2466/* 2467 *--------------------------------------------------------------------------* 2468 * * 2469 * The IPCP implementation. * 2470 * * 2471 *--------------------------------------------------------------------------* 2472 */ 2473 2474static void 2475sppp_ipcp_init(struct sppp *sp) 2476{ 2477 sp->ipcp.opts = 0; 2478 sp->ipcp.flags = 0; 2479 sp->state[IDX_IPCP] = STATE_INITIAL; 2480 sp->fail_counter[IDX_IPCP] = 0; 2481#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2482 callout_handle_init(&sp->ch[IDX_IPCP]); 2483#endif 2484} 2485 2486static void 2487sppp_ipcp_up(struct sppp *sp) 2488{ 2489 sppp_up_event(&ipcp, sp); 2490} 2491 2492static void 2493sppp_ipcp_down(struct sppp *sp) 2494{ 2495 sppp_down_event(&ipcp, sp); 2496} 2497 2498static void 2499sppp_ipcp_open(struct sppp *sp) 2500{ 2501 STDDCL; 2502 u_long myaddr, hisaddr; 2503 2504 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN); 2505 2506 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2507 /* 2508 * If we don't have his address, this probably means our 2509 * interface doesn't want to talk IP at all. (This could 2510 * be the case if somebody wants to speak only IPX, for 2511 * example.) Don't open IPCP in this case. 2512 */ 2513 if (hisaddr == 0L) { 2514 /* XXX this message should go away */ 2515 if (debug) 2516 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2517 SPP_ARGS(ifp)); 2518 return; 2519 } 2520 2521 if (myaddr == 0L) { 2522 /* 2523 * I don't have an assigned address, so i need to 2524 * negotiate my address. 2525 */ 2526 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2527 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2528 } else 2529 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2530 sppp_open_event(&ipcp, sp); 2531} 2532 2533static void 2534sppp_ipcp_close(struct sppp *sp) 2535{ 2536 sppp_close_event(&ipcp, sp); 2537 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2538 /* 2539 * My address was dynamic, clear it again. 2540 */ 2541 sppp_set_ip_addr(sp, 0L); 2542} 2543 2544static void 2545sppp_ipcp_TO(void *cookie) 2546{ 2547 sppp_to_event(&ipcp, (struct sppp *)cookie); 2548} 2549 2550/* 2551 * Analyze a configure request. Return true if it was agreeable, and 2552 * caused action sca, false if it has been rejected or nak'ed, and 2553 * caused action scn. (The return value is used to make the state 2554 * transition decision in the state automaton.) 2555 */ 2556static int 2557sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2558{ 2559 u_char *buf, *r, *p; 2560 struct ifnet *ifp = &sp->pp_if; 2561 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2562 u_long hisaddr, desiredaddr; 2563 int gotmyaddr = 0; 2564 2565 len -= 4; 2566 origlen = len; 2567 /* 2568 * Make sure to allocate a buf that can at least hold a 2569 * conf-nak with an `address' option. We might need it below. 2570 */ 2571 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2572 if (! buf) 2573 return (0); 2574 2575 /* pass 1: see if we can recognize them */ 2576 if (debug) 2577 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2578 SPP_ARGS(ifp)); 2579 p = (void*) (h+1); 2580 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2581 if (debug) 2582 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2583 switch (*p) { 2584#ifdef notyet 2585 case IPCP_OPT_COMPRESSION: 2586 if (len >= 6 && p[1] >= 6) { 2587 /* correctly formed compress option */ 2588 continue; 2589 } 2590 if (debug) 2591 addlog("[invalid] "); 2592 break; 2593#endif 2594 case IPCP_OPT_ADDRESS: 2595 if (len >= 6 && p[1] == 6) { 2596 /* correctly formed address option */ 2597 continue; 2598 } 2599 if (debug) 2600 addlog("[invalid] "); 2601 break; 2602 default: 2603 /* Others not supported. */ 2604 if (debug) 2605 addlog("[rej] "); 2606 break; 2607 } 2608 /* Add the option to rejected list. */ 2609 bcopy (p, r, p[1]); 2610 r += p[1]; 2611 rlen += p[1]; 2612 } 2613 if (rlen) { 2614 if (debug) 2615 addlog(" send conf-rej\n"); 2616 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2617 return 0; 2618 } else if (debug) 2619 addlog("\n"); 2620 2621 /* pass 2: parse option values */ 2622 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 2623 if (debug) 2624 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2625 SPP_ARGS(ifp)); 2626 p = (void*) (h+1); 2627 len = origlen; 2628 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2629 if (debug) 2630 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2631 switch (*p) { 2632#ifdef notyet 2633 case IPCP_OPT_COMPRESSION: 2634 continue; 2635#endif 2636 case IPCP_OPT_ADDRESS: 2637 /* This is the address he wants in his end */ 2638 desiredaddr = p[2] << 24 | p[3] << 16 | 2639 p[4] << 8 | p[5]; 2640 if (desiredaddr == hisaddr || 2641 (hisaddr == 1 && desiredaddr != 0)) { 2642 /* 2643 * Peer's address is same as our value, 2644 * or we have set it to 0.0.0.1 to 2645 * indicate that we do not really care, 2646 * this is agreeable. Gonna conf-ack 2647 * it. 2648 */ 2649 if (debug) 2650 addlog("%s [ack] ", 2651 sppp_dotted_quad(hisaddr)); 2652 /* record that we've seen it already */ 2653 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2654 continue; 2655 } 2656 /* 2657 * The address wasn't agreeable. This is either 2658 * he sent us 0.0.0.0, asking to assign him an 2659 * address, or he send us another address not 2660 * matching our value. Either case, we gonna 2661 * conf-nak it with our value. 2662 * XXX: we should "rej" if hisaddr == 0 2663 */ 2664 if (debug) { 2665 if (desiredaddr == 0) 2666 addlog("[addr requested] "); 2667 else 2668 addlog("%s [not agreed] ", 2669 sppp_dotted_quad(desiredaddr)); 2670 2671 p[2] = hisaddr >> 24; 2672 p[3] = hisaddr >> 16; 2673 p[4] = hisaddr >> 8; 2674 p[5] = hisaddr; 2675 } 2676 break; 2677 } 2678 /* Add the option to nak'ed list. */ 2679 bcopy (p, r, p[1]); 2680 r += p[1]; 2681 rlen += p[1]; 2682 } 2683 2684 /* 2685 * If we are about to conf-ack the request, but haven't seen 2686 * his address so far, gonna conf-nak it instead, with the 2687 * `address' option present and our idea of his address being 2688 * filled in there, to request negotiation of both addresses. 2689 * 2690 * XXX This can result in an endless req - nak loop if peer 2691 * doesn't want to send us his address. Q: What should we do 2692 * about it? XXX A: implement the max-failure counter. 2693 */ 2694 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 2695 buf[0] = IPCP_OPT_ADDRESS; 2696 buf[1] = 6; 2697 buf[2] = hisaddr >> 24; 2698 buf[3] = hisaddr >> 16; 2699 buf[4] = hisaddr >> 8; 2700 buf[5] = hisaddr; 2701 rlen = 6; 2702 if (debug) 2703 addlog("still need hisaddr "); 2704 } 2705 2706 if (rlen) { 2707 if (debug) 2708 addlog(" send conf-nak\n"); 2709 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2710 } else { 2711 if (debug) 2712 addlog(" send conf-ack\n"); 2713 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 2714 h->ident, origlen, h+1); 2715 } 2716 2717 free (buf, M_TEMP); 2718 return (rlen == 0); 2719} 2720 2721/* 2722 * Analyze the IPCP Configure-Reject option list, and adjust our 2723 * negotiation. 2724 */ 2725static void 2726sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2727{ 2728 u_char *buf, *p; 2729 struct ifnet *ifp = &sp->pp_if; 2730 int debug = ifp->if_flags & IFF_DEBUG; 2731 2732 len -= 4; 2733 buf = malloc (len, M_TEMP, M_NOWAIT); 2734 if (!buf) 2735 return; 2736 2737 if (debug) 2738 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 2739 SPP_ARGS(ifp)); 2740 2741 p = (void*) (h+1); 2742 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2743 if (debug) 2744 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2745 switch (*p) { 2746 case IPCP_OPT_ADDRESS: 2747 /* 2748 * Peer doesn't grok address option. This is 2749 * bad. XXX Should we better give up here? 2750 * XXX We could try old "addresses" option... 2751 */ 2752 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 2753 break; 2754#ifdef notyet 2755 case IPCP_OPT_COMPRESS: 2756 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS); 2757 break; 2758#endif 2759 } 2760 } 2761 if (debug) 2762 addlog("\n"); 2763 free (buf, M_TEMP); 2764 return; 2765} 2766 2767/* 2768 * Analyze the IPCP Configure-NAK option list, and adjust our 2769 * negotiation. 2770 */ 2771static void 2772sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2773{ 2774 u_char *buf, *p; 2775 struct ifnet *ifp = &sp->pp_if; 2776 int debug = ifp->if_flags & IFF_DEBUG; 2777 u_long wantaddr; 2778 2779 len -= 4; 2780 buf = malloc (len, M_TEMP, M_NOWAIT); 2781 if (!buf) 2782 return; 2783 2784 if (debug) 2785 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 2786 SPP_ARGS(ifp)); 2787 2788 p = (void*) (h+1); 2789 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2790 if (debug) 2791 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2792 switch (*p) { 2793 case IPCP_OPT_ADDRESS: 2794 /* 2795 * Peer doesn't like our local IP address. See 2796 * if we can do something for him. We'll drop 2797 * him our address then. 2798 */ 2799 if (len >= 6 && p[1] == 6) { 2800 wantaddr = p[2] << 24 | p[3] << 16 | 2801 p[4] << 8 | p[5]; 2802 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2803 if (debug) 2804 addlog("[wantaddr %s] ", 2805 sppp_dotted_quad(wantaddr)); 2806 /* 2807 * When doing dynamic address assignment, 2808 * we accept his offer. Otherwise, we 2809 * ignore it and thus continue to negotiate 2810 * our already existing value. 2811 * XXX: Bogus, if he said no once, he'll 2812 * just say no again, might as well die. 2813 */ 2814 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 2815 sppp_set_ip_addr(sp, wantaddr); 2816 if (debug) 2817 addlog("[agree] "); 2818 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2819 } 2820 } 2821 break; 2822#ifdef notyet 2823 case IPCP_OPT_COMPRESS: 2824 /* 2825 * Peer wants different compression parameters. 2826 */ 2827 break; 2828#endif 2829 } 2830 } 2831 if (debug) 2832 addlog("\n"); 2833 free (buf, M_TEMP); 2834 return; 2835} 2836 2837static void 2838sppp_ipcp_tlu(struct sppp *sp) 2839{ 2840 /* we are up - notify isdn daemon */ 2841 if (sp->pp_con) 2842 sp->pp_con(sp); 2843} 2844 2845static void 2846sppp_ipcp_tld(struct sppp *sp) 2847{ 2848} 2849 2850static void 2851sppp_ipcp_tls(struct sppp *sp) 2852{ 2853 /* indicate to LCP that it must stay alive */ 2854 sp->lcp.protos |= (1 << IDX_IPCP); 2855} 2856 2857static void 2858sppp_ipcp_tlf(struct sppp *sp) 2859{ 2860 /* we no longer need LCP */ 2861 sp->lcp.protos &= ~(1 << IDX_IPCP); 2862 sppp_lcp_check_and_close(sp); 2863} 2864 2865static void 2866sppp_ipcp_scr(struct sppp *sp) 2867{ 2868 char opt[6 /* compression */ + 6 /* address */]; 2869 u_long ouraddr; 2870 int i = 0; 2871 2872#ifdef notyet 2873 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 2874 opt[i++] = IPCP_OPT_COMPRESSION; 2875 opt[i++] = 6; 2876 opt[i++] = 0; /* VJ header compression */ 2877 opt[i++] = 0x2d; /* VJ header compression */ 2878 opt[i++] = max_slot_id; 2879 opt[i++] = comp_slot_id; 2880 } 2881#endif 2882 2883 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 2884 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 2885 opt[i++] = IPCP_OPT_ADDRESS; 2886 opt[i++] = 6; 2887 opt[i++] = ouraddr >> 24; 2888 opt[i++] = ouraddr >> 16; 2889 opt[i++] = ouraddr >> 8; 2890 opt[i++] = ouraddr; 2891 } 2892 2893 sp->confid[IDX_IPCP] = ++sp->pp_seq; 2894 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 2895} 2896 2897 2898/* 2899 *--------------------------------------------------------------------------* 2900 * * 2901 * The CHAP implementation. * 2902 * * 2903 *--------------------------------------------------------------------------* 2904 */ 2905 2906/* 2907 * The authentication protocols don't employ a full-fledged state machine as 2908 * the control protocols do, since they do have Open and Close events, but 2909 * not Up and Down, nor are they explicitly terminated. Also, use of the 2910 * authentication protocols may be different in both directions (this makes 2911 * sense, think of a machine that never accepts incoming calls but only 2912 * calls out, it doesn't require the called party to authenticate itself). 2913 * 2914 * Our state machine for the local authentication protocol (we are requesting 2915 * the peer to authenticate) looks like: 2916 * 2917 * RCA- 2918 * +--------------------------------------------+ 2919 * V scn,tld| 2920 * +--------+ Close +---------+ RCA+ 2921 * | |<----------------------------------| |------+ 2922 * +--->| Closed | TO* | Opened | sca | 2923 * | | |-----+ +-------| |<-----+ 2924 * | +--------+ irc | | +---------+ 2925 * | ^ | | ^ 2926 * | | | | | 2927 * | | | | | 2928 * | TO-| | | | 2929 * | |tld TO+ V | | 2930 * | | +------->+ | | 2931 * | | | | | | 2932 * | +--------+ V | | 2933 * | | |<----+<--------------------+ | 2934 * | | Req- | scr | 2935 * | | Sent | | 2936 * | | | | 2937 * | +--------+ | 2938 * | RCA- | | RCA+ | 2939 * +------+ +------------------------------------------+ 2940 * scn,tld sca,irc,ict,tlu 2941 * 2942 * 2943 * with: 2944 * 2945 * Open: LCP reached authentication phase 2946 * Close: LCP reached terminate phase 2947 * 2948 * RCA+: received reply (pap-req, chap-response), acceptable 2949 * RCN: received reply (pap-req, chap-response), not acceptable 2950 * TO+: timeout with restart counter >= 0 2951 * TO-: timeout with restart counter < 0 2952 * TO*: reschedule timeout for CHAP 2953 * 2954 * scr: send request packet (none for PAP, chap-challenge) 2955 * sca: send ack packet (pap-ack, chap-success) 2956 * scn: send nak packet (pap-nak, chap-failure) 2957 * ict: initialize re-challenge timer (CHAP only) 2958 * 2959 * tlu: this-layer-up, LCP reaches network phase 2960 * tld: this-layer-down, LCP enters terminate phase 2961 * 2962 * Note that in CHAP mode, after sending a new challenge, while the state 2963 * automaton falls back into Req-Sent state, it doesn't signal a tld 2964 * event to LCP, so LCP remains in network phase. Only after not getting 2965 * any response (or after getting an unacceptable response), CHAP closes, 2966 * causing LCP to enter terminate phase. 2967 * 2968 * With PAP, there is no initial request that can be sent. The peer is 2969 * expected to send one based on the successful negotiation of PAP as 2970 * the authentication protocol during the LCP option negotiation. 2971 * 2972 * Incoming authentication protocol requests (remote requests 2973 * authentication, we are peer) don't employ a state machine at all, 2974 * they are simply answered. Some peers [Ascend P50 firmware rev 2975 * 4.50] react allergically when sending IPCP requests while they are 2976 * still in authentication phase (thereby violating the standard that 2977 * demands that these NCP packets are to be discarded), so we keep 2978 * track of the peer demanding us to authenticate, and only proceed to 2979 * phase network once we've seen a positive acknowledge for the 2980 * authentication. 2981 */ 2982 2983/* 2984 * Handle incoming CHAP packets. 2985 */ 2986void 2987sppp_chap_input(struct sppp *sp, struct mbuf *m) 2988{ 2989 STDDCL; 2990 struct lcp_header *h; 2991 int len, x; 2992 u_char *value, *name, digest[AUTHKEYLEN], dsize; 2993 int value_len, name_len; 2994 MD5_CTX ctx; 2995 2996 len = m->m_pkthdr.len; 2997 if (len < 4) { 2998 if (debug) 2999 log(LOG_DEBUG, 3000 SPP_FMT "chap invalid packet length: %d bytes\n", 3001 SPP_ARGS(ifp), len); 3002 return; 3003 } 3004 h = mtod (m, struct lcp_header*); 3005 if (len > ntohs (h->len)) 3006 len = ntohs (h->len); 3007 3008 switch (h->type) { 3009 /* challenge, failure and success are his authproto */ 3010 case CHAP_CHALLENGE: 3011 value = 1 + (u_char*)(h+1); 3012 value_len = value[-1]; 3013 name = value + value_len; 3014 name_len = len - value_len - 5; 3015 if (name_len < 0) { 3016 if (debug) { 3017 log(LOG_DEBUG, 3018 SPP_FMT "chap corrupted challenge " 3019 "<%s id=0x%x len=%d", 3020 SPP_ARGS(ifp), 3021 sppp_auth_type_name(PPP_CHAP, h->type), 3022 h->ident, ntohs(h->len)); 3023 if (len > 4) 3024 sppp_print_bytes((u_char*) (h+1), len-4); 3025 addlog(">\n"); 3026 } 3027 break; 3028 } 3029 3030 if (debug) { 3031 log(LOG_DEBUG, 3032 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3033 SPP_ARGS(ifp), 3034 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3035 ntohs(h->len)); 3036 sppp_print_string((char*) name, name_len); 3037 addlog(" value-size=%d value=", value_len); 3038 sppp_print_bytes(value, value_len); 3039 addlog(">\n"); 3040 } 3041 3042 /* Compute reply value. */ 3043 MD5Init(&ctx); 3044 MD5Update(&ctx, &h->ident, 1); 3045 MD5Update(&ctx, sp->myauth.secret, 3046 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 3047 MD5Update(&ctx, value, value_len); 3048 MD5Final(digest, &ctx); 3049 dsize = sizeof digest; 3050 3051 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3052 sizeof dsize, (const char *)&dsize, 3053 sizeof digest, digest, 3054 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3055 sp->myauth.name, 3056 0); 3057 break; 3058 3059 case CHAP_SUCCESS: 3060 if (debug) { 3061 log(LOG_DEBUG, SPP_FMT "chap success", 3062 SPP_ARGS(ifp)); 3063 if (len > 4) { 3064 addlog(": "); 3065 sppp_print_string((char*)(h + 1), len - 4); 3066 } 3067 addlog("\n"); 3068 } 3069 x = splimp(); 3070 sp->pp_flags &= ~PP_NEEDAUTH; 3071 if (sp->myauth.proto == PPP_CHAP && 3072 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3073 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3074 /* 3075 * We are authenticator for CHAP but didn't 3076 * complete yet. Leave it to tlu to proceed 3077 * to network phase. 3078 */ 3079 splx(x); 3080 break; 3081 } 3082 splx(x); 3083 sppp_phase_network(sp); 3084 break; 3085 3086 case CHAP_FAILURE: 3087 if (debug) { 3088 log(LOG_INFO, SPP_FMT "chap failure", 3089 SPP_ARGS(ifp)); 3090 if (len > 4) { 3091 addlog(": "); 3092 sppp_print_string((char*)(h + 1), len - 4); 3093 } 3094 addlog("\n"); 3095 } else 3096 log(LOG_INFO, SPP_FMT "chap failure\n", 3097 SPP_ARGS(ifp)); 3098 /* await LCP shutdown by authenticator */ 3099 break; 3100 3101 /* response is my authproto */ 3102 case CHAP_RESPONSE: 3103 value = 1 + (u_char*)(h+1); 3104 value_len = value[-1]; 3105 name = value + value_len; 3106 name_len = len - value_len - 5; 3107 if (name_len < 0) { 3108 if (debug) { 3109 log(LOG_DEBUG, 3110 SPP_FMT "chap corrupted response " 3111 "<%s id=0x%x len=%d", 3112 SPP_ARGS(ifp), 3113 sppp_auth_type_name(PPP_CHAP, h->type), 3114 h->ident, ntohs(h->len)); 3115 if (len > 4) 3116 sppp_print_bytes((u_char*)(h+1), len-4); 3117 addlog(">\n"); 3118 } 3119 break; 3120 } 3121 if (h->ident != sp->confid[IDX_CHAP]) { 3122 if (debug) 3123 log(LOG_DEBUG, 3124 SPP_FMT "chap dropping response for old ID " 3125 "(got %d, expected %d)\n", 3126 SPP_ARGS(ifp), 3127 h->ident, sp->confid[IDX_CHAP]); 3128 break; 3129 } 3130 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 3131 || bcmp(name, sp->hisauth.name, name_len) != 0) { 3132 log(LOG_INFO, SPP_FMT "chap response, his name ", 3133 SPP_ARGS(ifp)); 3134 sppp_print_string(name, name_len); 3135 addlog(" != expected "); 3136 sppp_print_string(sp->hisauth.name, 3137 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 3138 addlog("\n"); 3139 } 3140 if (debug) { 3141 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 3142 "<%s id=0x%x len=%d name=", 3143 SPP_ARGS(ifp), 3144 sppp_state_name(sp->state[IDX_CHAP]), 3145 sppp_auth_type_name(PPP_CHAP, h->type), 3146 h->ident, ntohs (h->len)); 3147 sppp_print_string((char*)name, name_len); 3148 addlog(" value-size=%d value=", value_len); 3149 sppp_print_bytes(value, value_len); 3150 addlog(">\n"); 3151 } 3152 if (value_len != AUTHKEYLEN) { 3153 if (debug) 3154 log(LOG_DEBUG, 3155 SPP_FMT "chap bad hash value length: " 3156 "%d bytes, should be %d\n", 3157 SPP_ARGS(ifp), value_len, 3158 AUTHKEYLEN); 3159 break; 3160 } 3161 3162 MD5Init(&ctx); 3163 MD5Update(&ctx, &h->ident, 1); 3164 MD5Update(&ctx, sp->hisauth.secret, 3165 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 3166 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 3167 MD5Final(digest, &ctx); 3168 3169#define FAILMSG "Failed..." 3170#define SUCCMSG "Welcome!" 3171 3172 if (value_len != sizeof digest || 3173 bcmp(digest, value, value_len) != 0) { 3174 /* action scn, tld */ 3175 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3176 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3177 0); 3178 chap.tld(sp); 3179 break; 3180 } 3181 /* action sca, perhaps tlu */ 3182 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 3183 sp->state[IDX_CHAP] == STATE_OPENED) 3184 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 3185 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3186 0); 3187 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 3188 sppp_cp_change_state(&chap, sp, STATE_OPENED); 3189 chap.tlu(sp); 3190 } 3191 break; 3192 3193 default: 3194 /* Unknown CHAP packet type -- ignore. */ 3195 if (debug) { 3196 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 3197 "<0x%x id=0x%xh len=%d", 3198 SPP_ARGS(ifp), 3199 sppp_state_name(sp->state[IDX_CHAP]), 3200 h->type, h->ident, ntohs(h->len)); 3201 if (len > 4) 3202 sppp_print_bytes((u_char*)(h+1), len-4); 3203 addlog(">\n"); 3204 } 3205 break; 3206 3207 } 3208} 3209 3210static void 3211sppp_chap_init(struct sppp *sp) 3212{ 3213 /* Chap doesn't have STATE_INITIAL at all. */ 3214 sp->state[IDX_CHAP] = STATE_CLOSED; 3215 sp->fail_counter[IDX_CHAP] = 0; 3216#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3217 callout_handle_init(&sp->ch[IDX_CHAP]); 3218#endif 3219} 3220 3221static void 3222sppp_chap_open(struct sppp *sp) 3223{ 3224 if (sp->myauth.proto == PPP_CHAP && 3225 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3226 /* we are authenticator for CHAP, start it */ 3227 chap.scr(sp); 3228 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3229 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3230 } 3231 /* nothing to be done if we are peer, await a challenge */ 3232} 3233 3234static void 3235sppp_chap_close(struct sppp *sp) 3236{ 3237 if (sp->state[IDX_CHAP] != STATE_CLOSED) 3238 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3239} 3240 3241static void 3242sppp_chap_TO(void *cookie) 3243{ 3244 struct sppp *sp = (struct sppp *)cookie; 3245 STDDCL; 3246 int s; 3247 3248 s = splimp(); 3249 if (debug) 3250 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 3251 SPP_ARGS(ifp), 3252 sppp_state_name(sp->state[IDX_CHAP]), 3253 sp->rst_counter[IDX_CHAP]); 3254 3255 if (--sp->rst_counter[IDX_CHAP] < 0) 3256 /* TO- event */ 3257 switch (sp->state[IDX_CHAP]) { 3258 case STATE_REQ_SENT: 3259 chap.tld(sp); 3260 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3261 break; 3262 } 3263 else 3264 /* TO+ (or TO*) event */ 3265 switch (sp->state[IDX_CHAP]) { 3266 case STATE_OPENED: 3267 /* TO* event */ 3268 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3269 /* fall through */ 3270 case STATE_REQ_SENT: 3271 chap.scr(sp); 3272 /* sppp_cp_change_state() will restart the timer */ 3273 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3274 break; 3275 } 3276 3277 splx(s); 3278} 3279 3280static void 3281sppp_chap_tlu(struct sppp *sp) 3282{ 3283 STDDCL; 3284 int i, x; 3285 3286 i = 0; 3287 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3288 3289 /* 3290 * Some broken CHAP implementations (Conware CoNet, firmware 3291 * 4.0.?) don't want to re-authenticate their CHAP once the 3292 * initial challenge-response exchange has taken place. 3293 * Provide for an option to avoid rechallenges. 3294 */ 3295 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 3296 /* 3297 * Compute the re-challenge timeout. This will yield 3298 * a number between 300 and 810 seconds. 3299 */ 3300 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 3301 TIMEOUT(chap.TO, (void *)sp, i * hz, sp->ch[IDX_CHAP]); 3302 } 3303 3304 if (debug) { 3305 log(LOG_DEBUG, 3306 SPP_FMT "chap %s, ", 3307 SPP_ARGS(ifp), 3308 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 3309 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 3310 addlog("next re-challenge in %d seconds\n", i); 3311 else 3312 addlog("re-challenging supressed\n"); 3313 } 3314 3315 x = splimp(); 3316 /* indicate to LCP that we need to be closed down */ 3317 sp->lcp.protos |= (1 << IDX_CHAP); 3318 3319 if (sp->pp_flags & PP_NEEDAUTH) { 3320 /* 3321 * Remote is authenticator, but his auth proto didn't 3322 * complete yet. Defer the transition to network 3323 * phase. 3324 */ 3325 splx(x); 3326 return; 3327 } 3328 splx(x); 3329 3330 /* 3331 * If we are already in phase network, we are done here. This 3332 * is the case if this is a dummy tlu event after a re-challenge. 3333 */ 3334 if (sp->pp_phase != PHASE_NETWORK) 3335 sppp_phase_network(sp); 3336} 3337 3338static void 3339sppp_chap_tld(struct sppp *sp) 3340{ 3341 STDDCL; 3342 3343 if (debug) 3344 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 3345 UNTIMEOUT(chap.TO, (void *)sp, sp->ch[IDX_CHAP]); 3346 sp->lcp.protos &= ~(1 << IDX_CHAP); 3347 3348 lcp.Close(sp); 3349} 3350 3351static void 3352sppp_chap_scr(struct sppp *sp) 3353{ 3354 u_long *ch, seed; 3355 u_char clen; 3356 3357 /* Compute random challenge. */ 3358 ch = (u_long *)sp->myauth.challenge; 3359#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3360 read_random(&seed, sizeof seed); 3361#else 3362 { 3363 struct timeval tv; 3364 microtime(&tv); 3365 seed = tv.tv_sec ^ tv.tv_usec; 3366 } 3367#endif 3368 ch[0] = seed ^ random(); 3369 ch[1] = seed ^ random(); 3370 ch[2] = seed ^ random(); 3371 ch[3] = seed ^ random(); 3372 clen = AUTHKEYLEN; 3373 3374 sp->confid[IDX_CHAP] = ++sp->pp_seq; 3375 3376 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 3377 sizeof clen, (const char *)&clen, 3378 (size_t)AUTHKEYLEN, sp->myauth.challenge, 3379 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3380 sp->myauth.name, 3381 0); 3382} 3383/* 3384 *--------------------------------------------------------------------------* 3385 * * 3386 * The PAP implementation. * 3387 * * 3388 *--------------------------------------------------------------------------* 3389 */ 3390/* 3391 * For PAP, we need to keep a little state also if we are the peer, not the 3392 * authenticator. This is since we don't get a request to authenticate, but 3393 * have to repeatedly authenticate ourself until we got a response (or the 3394 * retry counter is expired). 3395 */ 3396 3397/* 3398 * Handle incoming PAP packets. */ 3399static void 3400sppp_pap_input(struct sppp *sp, struct mbuf *m) 3401{ 3402 STDDCL; 3403 struct lcp_header *h; 3404 int len, x; 3405 u_char *name, *passwd, mlen; 3406 int name_len, passwd_len; 3407 3408 len = m->m_pkthdr.len; 3409 if (len < 5) { 3410 if (debug) 3411 log(LOG_DEBUG, 3412 SPP_FMT "pap invalid packet length: %d bytes\n", 3413 SPP_ARGS(ifp), len); 3414 return; 3415 } 3416 h = mtod (m, struct lcp_header*); 3417 if (len > ntohs (h->len)) 3418 len = ntohs (h->len); 3419 switch (h->type) { 3420 /* PAP request is my authproto */ 3421 case PAP_REQ: 3422 name = 1 + (u_char*)(h+1); 3423 name_len = name[-1]; 3424 passwd = name + name_len + 1; 3425 if (name_len > len - 6 || 3426 (passwd_len = passwd[-1]) > len - 6 - name_len) { 3427 if (debug) { 3428 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3429 "<%s id=0x%x len=%d", 3430 SPP_ARGS(ifp), 3431 sppp_auth_type_name(PPP_PAP, h->type), 3432 h->ident, ntohs(h->len)); 3433 if (len > 4) 3434 sppp_print_bytes((u_char*)(h+1), len-4); 3435 addlog(">\n"); 3436 } 3437 break; 3438 } 3439 if (debug) { 3440 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 3441 "<%s id=0x%x len=%d name=", 3442 SPP_ARGS(ifp), 3443 sppp_state_name(sp->state[IDX_PAP]), 3444 sppp_auth_type_name(PPP_PAP, h->type), 3445 h->ident, ntohs(h->len)); 3446 sppp_print_string((char*)name, name_len); 3447 addlog(" passwd="); 3448 sppp_print_string((char*)passwd, passwd_len); 3449 addlog(">\n"); 3450 } 3451 if (name_len > AUTHNAMELEN || 3452 passwd_len > AUTHKEYLEN || 3453 bcmp(name, sp->hisauth.name, name_len) != 0 || 3454 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 3455 /* action scn, tld */ 3456 mlen = sizeof(FAILMSG) - 1; 3457 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 3458 sizeof mlen, (const char *)&mlen, 3459 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3460 0); 3461 pap.tld(sp); 3462 break; 3463 } 3464 /* action sca, perhaps tlu */ 3465 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 3466 sp->state[IDX_PAP] == STATE_OPENED) { 3467 mlen = sizeof(SUCCMSG) - 1; 3468 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 3469 sizeof mlen, (const char *)&mlen, 3470 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3471 0); 3472 } 3473 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 3474 sppp_cp_change_state(&pap, sp, STATE_OPENED); 3475 pap.tlu(sp); 3476 } 3477 break; 3478 3479 /* ack and nak are his authproto */ 3480 case PAP_ACK: 3481 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3482 if (debug) { 3483 log(LOG_DEBUG, SPP_FMT "pap success", 3484 SPP_ARGS(ifp)); 3485 name_len = *((char *)h); 3486 if (len > 5 && name_len) { 3487 addlog(": "); 3488 sppp_print_string((char*)(h+1), name_len); 3489 } 3490 addlog("\n"); 3491 } 3492 x = splimp(); 3493 sp->pp_flags &= ~PP_NEEDAUTH; 3494 if (sp->myauth.proto == PPP_PAP && 3495 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3496 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 3497 /* 3498 * We are authenticator for PAP but didn't 3499 * complete yet. Leave it to tlu to proceed 3500 * to network phase. 3501 */ 3502 splx(x); 3503 break; 3504 } 3505 splx(x); 3506 sppp_phase_network(sp); 3507 break; 3508 3509 case PAP_NAK: 3510 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3511 if (debug) { 3512 log(LOG_INFO, SPP_FMT "pap failure", 3513 SPP_ARGS(ifp)); 3514 name_len = *((char *)h); 3515 if (len > 5 && name_len) { 3516 addlog(": "); 3517 sppp_print_string((char*)(h+1), name_len); 3518 } 3519 addlog("\n"); 3520 } else 3521 log(LOG_INFO, SPP_FMT "pap failure\n", 3522 SPP_ARGS(ifp)); 3523 /* await LCP shutdown by authenticator */ 3524 break; 3525 3526 default: 3527 /* Unknown PAP packet type -- ignore. */ 3528 if (debug) { 3529 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3530 "<0x%x id=0x%x len=%d", 3531 SPP_ARGS(ifp), 3532 h->type, h->ident, ntohs(h->len)); 3533 if (len > 4) 3534 sppp_print_bytes((u_char*)(h+1), len-4); 3535 addlog(">\n"); 3536 } 3537 break; 3538 3539 } 3540} 3541 3542static void 3543sppp_pap_init(struct sppp *sp) 3544{ 3545 /* PAP doesn't have STATE_INITIAL at all. */ 3546 sp->state[IDX_PAP] = STATE_CLOSED; 3547 sp->fail_counter[IDX_PAP] = 0; 3548#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3549 callout_handle_init(&sp->ch[IDX_PAP]); 3550 callout_handle_init(&sp->pap_my_to_ch); 3551#endif 3552} 3553 3554static void 3555sppp_pap_open(struct sppp *sp) 3556{ 3557 if (sp->hisauth.proto == PPP_PAP && 3558 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3559 /* we are authenticator for PAP, start our timer */ 3560 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3561 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3562 } 3563 if (sp->myauth.proto == PPP_PAP) { 3564 /* we are peer, send a request, and start a timer */ 3565 pap.scr(sp); 3566 TIMEOUT(sppp_pap_my_TO, (void *)sp, sp->lcp.timeout, 3567 sp->pap_my_to_ch); 3568 } 3569} 3570 3571static void 3572sppp_pap_close(struct sppp *sp) 3573{ 3574 if (sp->state[IDX_PAP] != STATE_CLOSED) 3575 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3576} 3577 3578/* 3579 * That's the timeout routine if we are authenticator. Since the 3580 * authenticator is basically passive in PAP, we can't do much here. 3581 */ 3582static void 3583sppp_pap_TO(void *cookie) 3584{ 3585 struct sppp *sp = (struct sppp *)cookie; 3586 STDDCL; 3587 int s; 3588 3589 s = splimp(); 3590 if (debug) 3591 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 3592 SPP_ARGS(ifp), 3593 sppp_state_name(sp->state[IDX_PAP]), 3594 sp->rst_counter[IDX_PAP]); 3595 3596 if (--sp->rst_counter[IDX_PAP] < 0) 3597 /* TO- event */ 3598 switch (sp->state[IDX_PAP]) { 3599 case STATE_REQ_SENT: 3600 pap.tld(sp); 3601 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3602 break; 3603 } 3604 else 3605 /* TO+ event, not very much we could do */ 3606 switch (sp->state[IDX_PAP]) { 3607 case STATE_REQ_SENT: 3608 /* sppp_cp_change_state() will restart the timer */ 3609 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3610 break; 3611 } 3612 3613 splx(s); 3614} 3615 3616/* 3617 * That's the timeout handler if we are peer. Since the peer is active, 3618 * we need to retransmit our PAP request since it is apparently lost. 3619 * XXX We should impose a max counter. 3620 */ 3621static void 3622sppp_pap_my_TO(void *cookie) 3623{ 3624 struct sppp *sp = (struct sppp *)cookie; 3625 STDDCL; 3626 3627 if (debug) 3628 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 3629 SPP_ARGS(ifp)); 3630 3631 pap.scr(sp); 3632} 3633 3634static void 3635sppp_pap_tlu(struct sppp *sp) 3636{ 3637 STDDCL; 3638 int x; 3639 3640 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3641 3642 if (debug) 3643 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 3644 SPP_ARGS(ifp), pap.name); 3645 3646 x = splimp(); 3647 /* indicate to LCP that we need to be closed down */ 3648 sp->lcp.protos |= (1 << IDX_PAP); 3649 3650 if (sp->pp_flags & PP_NEEDAUTH) { 3651 /* 3652 * Remote is authenticator, but his auth proto didn't 3653 * complete yet. Defer the transition to network 3654 * phase. 3655 */ 3656 splx(x); 3657 return; 3658 } 3659 splx(x); 3660 sppp_phase_network(sp); 3661} 3662 3663static void 3664sppp_pap_tld(struct sppp *sp) 3665{ 3666 STDDCL; 3667 3668 if (debug) 3669 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 3670 UNTIMEOUT(pap.TO, (void *)sp, sp->ch[IDX_PAP]); 3671 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3672 sp->lcp.protos &= ~(1 << IDX_PAP); 3673 3674 lcp.Close(sp); 3675} 3676 3677static void 3678sppp_pap_scr(struct sppp *sp) 3679{ 3680 u_char idlen, pwdlen; 3681 3682 sp->confid[IDX_PAP] = ++sp->pp_seq; 3683 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 3684 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 3685 3686 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 3687 sizeof idlen, (const char *)&idlen, 3688 (size_t)idlen, sp->myauth.name, 3689 sizeof pwdlen, (const char *)&pwdlen, 3690 (size_t)pwdlen, sp->myauth.secret, 3691 0); 3692} 3693/* 3694 * Random miscellaneous functions. 3695 */ 3696 3697/* 3698 * Send a PAP or CHAP proto packet. 3699 * 3700 * Varadic function, each of the elements for the ellipsis is of type 3701 * ``size_t mlen, const u_char *msg''. Processing will stop iff 3702 * mlen == 0. 3703 * NOTE: never declare variadic functions with types subject to type 3704 * promotion (i.e. u_char). This is asking for big trouble depending 3705 * on the architecture you are on... 3706 */ 3707 3708static void 3709sppp_auth_send(const struct cp *cp, struct sppp *sp, 3710 unsigned int type, unsigned int id, 3711 ...) 3712{ 3713 STDDCL; 3714 struct ppp_header *h; 3715 struct lcp_header *lh; 3716 struct mbuf *m; 3717 u_char *p; 3718 int len; 3719 unsigned int mlen; 3720 const char *msg; 3721 va_list ap; 3722 3723 MGETHDR (m, M_DONTWAIT, MT_DATA); 3724 if (! m) 3725 return; 3726 m->m_pkthdr.rcvif = 0; 3727 3728 h = mtod (m, struct ppp_header*); 3729 h->address = PPP_ALLSTATIONS; /* broadcast address */ 3730 h->control = PPP_UI; /* Unnumbered Info */ 3731 h->protocol = htons(cp->proto); 3732 3733 lh = (struct lcp_header*)(h + 1); 3734 lh->type = type; 3735 lh->ident = id; 3736 p = (u_char*) (lh+1); 3737 3738 va_start(ap, id); 3739 len = 0; 3740 3741 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 3742 msg = va_arg(ap, const char *); 3743 len += mlen; 3744 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 3745 va_end(ap); 3746 m_freem(m); 3747 return; 3748 } 3749 3750 bcopy(msg, p, mlen); 3751 p += mlen; 3752 } 3753 va_end(ap); 3754 3755 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 3756 lh->len = htons (LCP_HEADER_LEN + len); 3757 3758 if (debug) { 3759 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 3760 SPP_ARGS(ifp), cp->name, 3761 sppp_auth_type_name(cp->proto, lh->type), 3762 lh->ident, ntohs(lh->len)); 3763 if (len) 3764 sppp_print_bytes((u_char*) (lh+1), len); 3765 addlog(">\n"); 3766 } 3767 if (IF_QFULL (&sp->pp_cpq)) { 3768 IF_DROP (&sp->pp_fastq); 3769 IF_DROP (&ifp->if_snd); 3770 m_freem (m); 3771 ++ifp->if_oerrors; 3772 } else 3773 IF_ENQUEUE (&sp->pp_cpq, m); 3774 if (! (ifp->if_flags & IFF_OACTIVE)) 3775 (*ifp->if_start) (ifp); 3776 ifp->if_obytes += m->m_pkthdr.len + 3; 3777} 3778 3779/* 3780 * Flush interface queue. 3781 */ 3782static void 3783sppp_qflush(struct ifqueue *ifq) 3784{ 3785 struct mbuf *m, *n; 3786 3787 n = ifq->ifq_head; 3788 while ((m = n)) { 3789 n = m->m_act; 3790 m_freem (m); 3791 } 3792 ifq->ifq_head = 0; 3793 ifq->ifq_tail = 0; 3794 ifq->ifq_len = 0; 3795} 3796 3797/* 3798 * Send keepalive packets, every 10 seconds. 3799 */ 3800static void 3801sppp_keepalive(void *dummy) 3802{ 3803 struct sppp *sp; 3804 int s; 3805 3806 s = splimp(); 3807 for (sp=spppq; sp; sp=sp->pp_next) { 3808 struct ifnet *ifp = &sp->pp_if; 3809 3810 /* Keepalive mode disabled or channel down? */ 3811 if (! (sp->pp_flags & PP_KEEPALIVE) || 3812 ! (ifp->if_flags & IFF_RUNNING)) 3813 continue; 3814 3815 /* No keepalive in PPP mode if LCP not opened yet. */ 3816 if (! (sp->pp_flags & PP_CISCO) && 3817 sp->pp_phase < PHASE_AUTHENTICATE) 3818 continue; 3819 3820 if (sp->pp_alivecnt == MAXALIVECNT) { 3821 /* No keepalive packets got. Stop the interface. */ 3822 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 3823 if_down (ifp); 3824 sppp_qflush (&sp->pp_cpq); 3825 if (! (sp->pp_flags & PP_CISCO)) { 3826 /* XXX */ 3827 /* Shut down the PPP link. */ 3828 lcp.Down(sp); 3829 /* Initiate negotiation. XXX */ 3830 lcp.Up(sp); 3831 } 3832 } 3833 if (sp->pp_alivecnt <= MAXALIVECNT) 3834 ++sp->pp_alivecnt; 3835 if (sp->pp_flags & PP_CISCO) 3836 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, ++sp->pp_seq, 3837 sp->pp_rseq); 3838 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 3839 long nmagic = htonl (sp->lcp.magic); 3840 sp->lcp.echoid = ++sp->pp_seq; 3841 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 3842 sp->lcp.echoid, 4, &nmagic); 3843 } 3844 } 3845 splx(s); 3846 TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 3847} 3848 3849/* 3850 * Get both IP addresses. 3851 */ 3852static void 3853sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 3854{ 3855 struct ifnet *ifp = &sp->pp_if; 3856 struct ifaddr *ifa; 3857 struct sockaddr_in *si, *sm; 3858 u_long ssrc, ddst; 3859 3860 sm = NULL; 3861 ssrc = ddst = 0L; 3862 /* 3863 * Pick the first AF_INET address from the list, 3864 * aliases don't make any sense on a p2p link anyway. 3865 */ 3866 si = 0; 3867#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3868 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 3869#elif defined(__NetBSD__) || defined (__OpenBSD__) 3870 for (ifa = ifp->if_addrlist.tqh_first; 3871 ifa; 3872 ifa = ifa->ifa_list.tqe_next) 3873#else 3874 for (ifa = ifp->if_addrlist; 3875 ifa; 3876 ifa = ifa->ifa_next) 3877#endif 3878 if (ifa->ifa_addr->sa_family == AF_INET) { 3879 si = (struct sockaddr_in *)ifa->ifa_addr; 3880 sm = (struct sockaddr_in *)ifa->ifa_netmask; 3881 if (si) 3882 break; 3883 } 3884 if (ifa) { 3885 if (si && si->sin_addr.s_addr) { 3886 ssrc = si->sin_addr.s_addr; 3887 if (srcmask) 3888 *srcmask = ntohl(sm->sin_addr.s_addr); 3889 } 3890 3891 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 3892 if (si && si->sin_addr.s_addr) 3893 ddst = si->sin_addr.s_addr; 3894 } 3895 3896 if (dst) *dst = ntohl(ddst); 3897 if (src) *src = ntohl(ssrc); 3898} 3899 3900/* 3901 * Set my IP address. Must be called at splimp. 3902 */ 3903static void 3904sppp_set_ip_addr(struct sppp *sp, u_long src) 3905{ 3906 STDDCL; 3907 struct ifaddr *ifa; 3908 struct sockaddr_in *si; 3909 3910 /* 3911 * Pick the first AF_INET address from the list, 3912 * aliases don't make any sense on a p2p link anyway. 3913 */ 3914 si = 0; 3915#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3916 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 3917#elif defined(__NetBSD__) || defined (__OpenBSD__) 3918 for (ifa = ifp->if_addrlist.tqh_first; 3919 ifa; 3920 ifa = ifa->ifa_list.tqe_next) 3921#else 3922 for (ifa = ifp->if_addrlist; 3923 ifa; 3924 ifa = ifa->ifa_next) 3925#endif 3926 { 3927 if (ifa->ifa_addr->sa_family == AF_INET) 3928 { 3929 si = (struct sockaddr_in *)ifa->ifa_addr; 3930 if (si) 3931 break; 3932 } 3933 } 3934 3935 if (ifa && si) 3936 { 3937 int error; 3938#if __NetBSD_Version__ >= 103080000 3939 struct sockaddr_in new_sin = *si; 3940 3941 new_sin.sin_addr.s_addr = htonl(src); 3942 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 3943 if(debug && error) 3944 { 3945 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 3946 " failed, error=%d\n", SPP_ARGS(ifp), error); 3947 } 3948#else 3949 /* delete old route */ 3950 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 3951 if(debug && error) 3952 { 3953 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 3954 SPP_ARGS(ifp), error); 3955 } 3956 3957 /* set new address */ 3958 si->sin_addr.s_addr = htonl(src); 3959 3960 /* add new route */ 3961 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 3962 if (debug && error) 3963 { 3964 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 3965 SPP_ARGS(ifp), error); 3966 } 3967#endif 3968 } 3969} 3970 3971static int 3972sppp_params(struct sppp *sp, u_long cmd, void *data) 3973{ 3974 u_long subcmd; 3975 struct ifreq *ifr = (struct ifreq *)data; 3976 struct spppreq spr; 3977 3978 /* 3979 * ifr->ifr_data is supposed to point to a struct spppreq. 3980 * Check the cmd word first before attempting to fetch all the 3981 * data. 3982 */ 3983 if ((subcmd = fuword(ifr->ifr_data)) == -1) 3984 return EFAULT; 3985 3986 if (copyin((caddr_t)ifr->ifr_data, &spr, sizeof spr) != 0) 3987 return EFAULT; 3988 3989 switch (subcmd) { 3990 case SPPPIOGDEFS: 3991 if (cmd != SIOCGIFGENERIC) 3992 return EINVAL; 3993 /* 3994 * We copy over the entire current state, but clean 3995 * out some of the stuff we don't wanna pass up. 3996 * Remember, SIOCGIFGENERIC is unprotected, and can be 3997 * called by any user. No need to ever get PAP or 3998 * CHAP secrets back to userland anyway. 3999 */ 4000 bcopy(sp, &spr.defs, sizeof(struct sppp)); 4001 bzero(spr.defs.myauth.secret, AUTHKEYLEN); 4002 bzero(spr.defs.myauth.challenge, AUTHKEYLEN); 4003 bzero(spr.defs.hisauth.secret, AUTHKEYLEN); 4004 bzero(spr.defs.hisauth.challenge, AUTHKEYLEN); 4005 return copyout(&spr, (caddr_t)ifr->ifr_data, sizeof spr); 4006 4007 case SPPPIOSDEFS: 4008 if (cmd != SIOCSIFGENERIC) 4009 return EINVAL; 4010 /* 4011 * We have a very specific idea of which fields we allow 4012 * being passed back from userland, so to not clobber our 4013 * current state. For one, we only allow setting 4014 * anything if LCP is in dead phase. Once the LCP 4015 * negotiations started, the authentication settings must 4016 * not be changed again. (The administrator can force an 4017 * ifconfig down in order to get LCP back into dead 4018 * phase.) 4019 * 4020 * Also, we only allow for authentication parameters to be 4021 * specified. 4022 * 4023 * XXX Should allow to set or clear pp_flags. 4024 * 4025 * Finally, if the respective authentication protocol to 4026 * be used is set differently than 0, but the secret is 4027 * passed as all zeros, we don't trash the existing secret. 4028 * This allows an administrator to change the system name 4029 * only without clobbering the secret (which he didn't get 4030 * back in a previous SPPPIOGDEFS call). However, the 4031 * secrets are cleared if the authentication protocol is 4032 * reset to 0. 4033 */ 4034 if (sp->pp_phase != PHASE_DEAD) 4035 return EBUSY; 4036 4037 if ((spr.defs.myauth.proto != 0 && spr.defs.myauth.proto != PPP_PAP && 4038 spr.defs.myauth.proto != PPP_CHAP) || 4039 (spr.defs.hisauth.proto != 0 && spr.defs.hisauth.proto != PPP_PAP && 4040 spr.defs.hisauth.proto != PPP_CHAP)) 4041 return EINVAL; 4042 4043 if (spr.defs.myauth.proto == 0) 4044 /* resetting myauth */ 4045 bzero(&sp->myauth, sizeof sp->myauth); 4046 else { 4047 /* setting/changing myauth */ 4048 sp->myauth.proto = spr.defs.myauth.proto; 4049 bcopy(spr.defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 4050 if (spr.defs.myauth.secret[0] != '\0') 4051 bcopy(spr.defs.myauth.secret, sp->myauth.secret, 4052 AUTHKEYLEN); 4053 } 4054 if (spr.defs.hisauth.proto == 0) 4055 /* resetting hisauth */ 4056 bzero(&sp->hisauth, sizeof sp->hisauth); 4057 else { 4058 /* setting/changing hisauth */ 4059 sp->hisauth.proto = spr.defs.hisauth.proto; 4060 sp->hisauth.flags = spr.defs.hisauth.flags; 4061 bcopy(spr.defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 4062 if (spr.defs.hisauth.secret[0] != '\0') 4063 bcopy(spr.defs.hisauth.secret, sp->hisauth.secret, 4064 AUTHKEYLEN); 4065 } 4066 break; 4067 4068 default: 4069 return EINVAL; 4070 } 4071 4072 return 0; 4073} 4074 4075static void 4076sppp_phase_network(struct sppp *sp) 4077{ 4078 STDDCL; 4079 int i; 4080 u_long mask; 4081 4082 sp->pp_phase = PHASE_NETWORK; 4083 4084 if (debug) 4085 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 4086 sppp_phase_name(sp->pp_phase)); 4087 4088 /* Notify NCPs now. */ 4089 for (i = 0; i < IDX_COUNT; i++) 4090 if ((cps[i])->flags & CP_NCP) 4091 (cps[i])->Open(sp); 4092 4093 /* Send Up events to all NCPs. */ 4094 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 4095 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP)) 4096 (cps[i])->Up(sp); 4097 4098 /* if no NCP is starting, all this was in vain, close down */ 4099 sppp_lcp_check_and_close(sp); 4100} 4101 4102 4103static const char * 4104sppp_cp_type_name(u_char type) 4105{ 4106 static char buf[12]; 4107 switch (type) { 4108 case CONF_REQ: return "conf-req"; 4109 case CONF_ACK: return "conf-ack"; 4110 case CONF_NAK: return "conf-nak"; 4111 case CONF_REJ: return "conf-rej"; 4112 case TERM_REQ: return "term-req"; 4113 case TERM_ACK: return "term-ack"; 4114 case CODE_REJ: return "code-rej"; 4115 case PROTO_REJ: return "proto-rej"; 4116 case ECHO_REQ: return "echo-req"; 4117 case ECHO_REPLY: return "echo-reply"; 4118 case DISC_REQ: return "discard-req"; 4119 } 4120 snprintf (buf, sizeof(buf), "0x%x", type); 4121 return buf; 4122} 4123 4124static const char * 4125sppp_auth_type_name(u_short proto, u_char type) 4126{ 4127 static char buf[12]; 4128 switch (proto) { 4129 case PPP_CHAP: 4130 switch (type) { 4131 case CHAP_CHALLENGE: return "challenge"; 4132 case CHAP_RESPONSE: return "response"; 4133 case CHAP_SUCCESS: return "success"; 4134 case CHAP_FAILURE: return "failure"; 4135 } 4136 case PPP_PAP: 4137 switch (type) { 4138 case PAP_REQ: return "req"; 4139 case PAP_ACK: return "ack"; 4140 case PAP_NAK: return "nak"; 4141 } 4142 } 4143 snprintf (buf, sizeof(buf), "0x%x", type); 4144 return buf; 4145} 4146 4147static const char * 4148sppp_lcp_opt_name(u_char opt) 4149{ 4150 static char buf[12]; 4151 switch (opt) { 4152 case LCP_OPT_MRU: return "mru"; 4153 case LCP_OPT_ASYNC_MAP: return "async-map"; 4154 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 4155 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 4156 case LCP_OPT_MAGIC: return "magic"; 4157 case LCP_OPT_PROTO_COMP: return "proto-comp"; 4158 case LCP_OPT_ADDR_COMP: return "addr-comp"; 4159 } 4160 snprintf (buf, sizeof(buf), "0x%x", opt); 4161 return buf; 4162} 4163 4164static const char * 4165sppp_ipcp_opt_name(u_char opt) 4166{ 4167 static char buf[12]; 4168 switch (opt) { 4169 case IPCP_OPT_ADDRESSES: return "addresses"; 4170 case IPCP_OPT_COMPRESSION: return "compression"; 4171 case IPCP_OPT_ADDRESS: return "address"; 4172 } 4173 snprintf (buf, sizeof(buf), "0x%x", opt); 4174 return buf; 4175} 4176 4177static const char * 4178sppp_state_name(int state) 4179{ 4180 switch (state) { 4181 case STATE_INITIAL: return "initial"; 4182 case STATE_STARTING: return "starting"; 4183 case STATE_CLOSED: return "closed"; 4184 case STATE_STOPPED: return "stopped"; 4185 case STATE_CLOSING: return "closing"; 4186 case STATE_STOPPING: return "stopping"; 4187 case STATE_REQ_SENT: return "req-sent"; 4188 case STATE_ACK_RCVD: return "ack-rcvd"; 4189 case STATE_ACK_SENT: return "ack-sent"; 4190 case STATE_OPENED: return "opened"; 4191 } 4192 return "illegal"; 4193} 4194 4195static const char * 4196sppp_phase_name(enum ppp_phase phase) 4197{ 4198 switch (phase) { 4199 case PHASE_DEAD: return "dead"; 4200 case PHASE_ESTABLISH: return "establish"; 4201 case PHASE_TERMINATE: return "terminate"; 4202 case PHASE_AUTHENTICATE: return "authenticate"; 4203 case PHASE_NETWORK: return "network"; 4204 } 4205 return "illegal"; 4206} 4207 4208static const char * 4209sppp_proto_name(u_short proto) 4210{ 4211 static char buf[12]; 4212 switch (proto) { 4213 case PPP_LCP: return "lcp"; 4214 case PPP_IPCP: return "ipcp"; 4215 case PPP_PAP: return "pap"; 4216 case PPP_CHAP: return "chap"; 4217 } 4218 snprintf(buf, sizeof(buf), "0x%x", (unsigned)proto); 4219 return buf; 4220} 4221 4222static void 4223sppp_print_bytes(const u_char *p, u_short len) 4224{ 4225 addlog(" %02x", *p++); 4226 while (--len > 0) 4227 addlog("-%02x", *p++); 4228} 4229 4230static void 4231sppp_print_string(const char *p, u_short len) 4232{ 4233 u_char c; 4234 4235 while (len-- > 0) { 4236 c = *p++; 4237 /* 4238 * Print only ASCII chars directly. RFC 1994 recommends 4239 * using only them, but we don't rely on it. */ 4240 if (c < ' ' || c > '~') 4241 addlog("\\x%x", c); 4242 else 4243 addlog("%c", c); 4244 } 4245} 4246 4247static const char * 4248sppp_dotted_quad(u_long addr) 4249{ 4250 static char s[16]; 4251 sprintf(s, "%d.%d.%d.%d", 4252 (int)((addr >> 24) & 0xff), 4253 (int)((addr >> 16) & 0xff), 4254 (int)((addr >> 8) & 0xff), 4255 (int)(addr & 0xff)); 4256 return s; 4257} 4258 4259static int 4260sppp_strnlen(u_char *p, int max) 4261{ 4262 int len; 4263 4264 for (len = 0; len < max && *p; ++p) 4265 ++len; 4266 return len; 4267} 4268 4269/* a dummy, used to drop uninteresting events */ 4270static void 4271sppp_null(struct sppp *unused) 4272{ 4273 /* do just nothing */ 4274} 4275