if_spppsubr.c revision 54263
1/* 2 * Synchronous PPP/Cisco link level subroutines. 3 * Keepalive protocol implemented in both Cisco and PPP modes. 4 * 5 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 6 * Author: Serge Vakulenko, <vak@cronyx.ru> 7 * 8 * Heavily revamped to conform to RFC 1661. 9 * Copyright (C) 1997, Joerg Wunsch. 10 * 11 * This software is distributed with NO WARRANTIES, not even the implied 12 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 13 * 14 * Authors grant any other persons or organisations permission to use 15 * or modify this software as long as this message is kept with the software, 16 * all derivative works or modified versions. 17 * 18 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 19 * 20 * $FreeBSD: head/sys/net/if_spppsubr.c 54263 1999-12-07 17:39:16Z shin $ 21 */ 22 23#include <sys/param.h> 24 25#if defined(__FreeBSD__) && __FreeBSD__ >= 3 26#include "opt_inet.h" 27#include "opt_inet6.h" 28#include "opt_ipx.h" 29#endif 30 31#ifdef NetBSD1_3 32# if NetBSD1_3 > 6 33# include "opt_inet.h" 34# include "opt_inet6.h" 35# include "opt_iso.h" 36# endif 37#endif 38 39#include <sys/systm.h> 40#include <sys/kernel.h> 41#include <sys/sockio.h> 42#include <sys/socket.h> 43#include <sys/syslog.h> 44#if defined(__FreeBSD__) && __FreeBSD__ >= 3 45#include <machine/random.h> 46#endif 47#include <sys/malloc.h> 48#include <sys/mbuf.h> 49 50#if defined (__OpenBSD__) 51#include <sys/md5k.h> 52#else 53#include <sys/md5.h> 54#endif 55 56#include <net/if.h> 57#include <net/netisr.h> 58#include <net/if_types.h> 59#include <net/route.h> 60 61#if defined(__FreeBSD__) && __FreeBSD__ >= 3 62#include <machine/random.h> 63#endif 64#if defined (__NetBSD__) || defined (__OpenBSD__) 65#include <machine/cpu.h> /* XXX for softnet */ 66#endif 67 68#include <machine/stdarg.h> 69 70#ifdef INET 71#include <netinet/in.h> 72#include <netinet/in_systm.h> 73#include <netinet/in_var.h> 74#include <netinet/ip.h> 75#include <netinet/tcp.h> 76# if defined (__FreeBSD__) || defined (__OpenBSD__) 77# include <netinet/if_ether.h> 78# else 79# include <net/ethertypes.h> 80# endif 81#else 82# error Huh? sppp without INET? 83#endif 84 85#ifdef IPX 86#include <netipx/ipx.h> 87#include <netipx/ipx_if.h> 88#endif 89 90#ifdef NS 91#include <netns/ns.h> 92#include <netns/ns_if.h> 93#endif 94 95#ifdef ISO 96#include <netiso/argo_debug.h> 97#include <netiso/iso.h> 98#include <netiso/iso_var.h> 99#include <netiso/iso_snpac.h> 100#endif 101 102#include <net/if_sppp.h> 103 104#if defined(__FreeBSD__) && __FreeBSD__ >= 3 105# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg, handle) 106# define TIMEOUT(fun, arg1, arg2, handle) handle = timeout(fun, arg1, arg2) 107# define IOCTL_CMD_T u_long 108#else 109# define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg) 110# define TIMEOUT(fun, arg1, arg2, handle) timeout(fun, arg1, arg2) 111# define IOCTL_CMD_T int 112#endif 113 114#define MAXALIVECNT 3 /* max. alive packets */ 115 116/* 117 * Interface flags that can be set in an ifconfig command. 118 * 119 * Setting link0 will make the link passive, i.e. it will be marked 120 * as being administrative openable, but won't be opened to begin 121 * with. Incoming calls will be answered, or subsequent calls with 122 * -link1 will cause the administrative open of the LCP layer. 123 * 124 * Setting link1 will cause the link to auto-dial only as packets 125 * arrive to be sent. 126 * 127 * Setting IFF_DEBUG will syslog the option negotiation and state 128 * transitions at level kern.debug. Note: all logs consistently look 129 * like 130 * 131 * <if-name><unit>: <proto-name> <additional info...> 132 * 133 * with <if-name><unit> being something like "bppp0", and <proto-name> 134 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 135 */ 136 137#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 138#define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 139#define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 140 141#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 142#define PPP_UI 0x03 /* Unnumbered Information */ 143#define PPP_IP 0x0021 /* Internet Protocol */ 144#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 145#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 146#define PPP_IPX 0x002b /* Novell IPX Protocol */ 147#define PPP_LCP 0xc021 /* Link Control Protocol */ 148#define PPP_PAP 0xc023 /* Password Authentication Protocol */ 149#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 150#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 151 152#define CONF_REQ 1 /* PPP configure request */ 153#define CONF_ACK 2 /* PPP configure acknowledge */ 154#define CONF_NAK 3 /* PPP configure negative ack */ 155#define CONF_REJ 4 /* PPP configure reject */ 156#define TERM_REQ 5 /* PPP terminate request */ 157#define TERM_ACK 6 /* PPP terminate acknowledge */ 158#define CODE_REJ 7 /* PPP code reject */ 159#define PROTO_REJ 8 /* PPP protocol reject */ 160#define ECHO_REQ 9 /* PPP echo request */ 161#define ECHO_REPLY 10 /* PPP echo reply */ 162#define DISC_REQ 11 /* PPP discard request */ 163 164#define LCP_OPT_MRU 1 /* maximum receive unit */ 165#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 166#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 167#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 168#define LCP_OPT_MAGIC 5 /* magic number */ 169#define LCP_OPT_RESERVED 6 /* reserved */ 170#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 171#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 172 173#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 174#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 175#define IPCP_OPT_ADDRESS 3 /* local IP address */ 176 177#define PAP_REQ 1 /* PAP name/password request */ 178#define PAP_ACK 2 /* PAP acknowledge */ 179#define PAP_NAK 3 /* PAP fail */ 180 181#define CHAP_CHALLENGE 1 /* CHAP challenge request */ 182#define CHAP_RESPONSE 2 /* CHAP challenge response */ 183#define CHAP_SUCCESS 3 /* CHAP response ok */ 184#define CHAP_FAILURE 4 /* CHAP response failed */ 185 186#define CHAP_MD5 5 /* hash algorithm - MD5 */ 187 188#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 189#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 190#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 191#define CISCO_ADDR_REQ 0 /* Cisco address request */ 192#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 193#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 194 195/* states are named and numbered according to RFC 1661 */ 196#define STATE_INITIAL 0 197#define STATE_STARTING 1 198#define STATE_CLOSED 2 199#define STATE_STOPPED 3 200#define STATE_CLOSING 4 201#define STATE_STOPPING 5 202#define STATE_REQ_SENT 6 203#define STATE_ACK_RCVD 7 204#define STATE_ACK_SENT 8 205#define STATE_OPENED 9 206 207struct ppp_header { 208 u_char address; 209 u_char control; 210 u_short protocol; 211}; 212#define PPP_HEADER_LEN sizeof (struct ppp_header) 213 214struct lcp_header { 215 u_char type; 216 u_char ident; 217 u_short len; 218}; 219#define LCP_HEADER_LEN sizeof (struct lcp_header) 220 221struct cisco_packet { 222 u_long type; 223 u_long par1; 224 u_long par2; 225 u_short rel; 226 u_short time0; 227 u_short time1; 228}; 229#define CISCO_PACKET_LEN 18 230 231/* 232 * We follow the spelling and capitalization of RFC 1661 here, to make 233 * it easier comparing with the standard. Please refer to this RFC in 234 * case you can't make sense out of these abbreviation; it will also 235 * explain the semantics related to the various events and actions. 236 */ 237struct cp { 238 u_short proto; /* PPP control protocol number */ 239 u_char protoidx; /* index into state table in struct sppp */ 240 u_char flags; 241#define CP_LCP 0x01 /* this is the LCP */ 242#define CP_AUTH 0x02 /* this is an authentication protocol */ 243#define CP_NCP 0x04 /* this is a NCP */ 244#define CP_QUAL 0x08 /* this is a quality reporting protocol */ 245 const char *name; /* name of this control protocol */ 246 /* event handlers */ 247 void (*Up)(struct sppp *sp); 248 void (*Down)(struct sppp *sp); 249 void (*Open)(struct sppp *sp); 250 void (*Close)(struct sppp *sp); 251 void (*TO)(void *sp); 252 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 253 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 254 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 255 /* actions */ 256 void (*tlu)(struct sppp *sp); 257 void (*tld)(struct sppp *sp); 258 void (*tls)(struct sppp *sp); 259 void (*tlf)(struct sppp *sp); 260 void (*scr)(struct sppp *sp); 261}; 262 263static struct sppp *spppq; 264#if defined(__FreeBSD__) && __FreeBSD__ >= 3 265static struct callout_handle keepalive_ch; 266#endif 267 268#if defined(__FreeBSD__) && __FreeBSD__ >= 3 269#define SPP_FMT "%s%d: " 270#define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 271#else 272#define SPP_FMT "%s: " 273#define SPP_ARGS(ifp) (ifp)->if_xname 274#endif 275 276/* 277 * The following disgusting hack gets around the problem that IP TOS 278 * can't be set yet. We want to put "interactive" traffic on a high 279 * priority queue. To decide if traffic is interactive, we check that 280 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 281 * 282 * XXX is this really still necessary? - joerg - 283 */ 284static u_short interactive_ports[8] = { 285 0, 513, 0, 0, 286 0, 21, 0, 23, 287}; 288#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 289 290/* almost every function needs these */ 291#define STDDCL \ 292 struct ifnet *ifp = &sp->pp_if; \ 293 int debug = ifp->if_flags & IFF_DEBUG 294 295static int sppp_output(struct ifnet *ifp, struct mbuf *m, 296 struct sockaddr *dst, struct rtentry *rt); 297 298static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 299static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 300 301static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 302 struct mbuf *m); 303static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 304 u_char ident, u_short len, void *data); 305/* static void sppp_cp_timeout(void *arg); */ 306static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 307 int newstate); 308static void sppp_auth_send(const struct cp *cp, 309 struct sppp *sp, unsigned int type, unsigned int id, 310 ...); 311 312static void sppp_up_event(const struct cp *cp, struct sppp *sp); 313static void sppp_down_event(const struct cp *cp, struct sppp *sp); 314static void sppp_open_event(const struct cp *cp, struct sppp *sp); 315static void sppp_close_event(const struct cp *cp, struct sppp *sp); 316static void sppp_to_event(const struct cp *cp, struct sppp *sp); 317 318static void sppp_null(struct sppp *sp); 319 320static void sppp_lcp_init(struct sppp *sp); 321static void sppp_lcp_up(struct sppp *sp); 322static void sppp_lcp_down(struct sppp *sp); 323static void sppp_lcp_open(struct sppp *sp); 324static void sppp_lcp_close(struct sppp *sp); 325static void sppp_lcp_TO(void *sp); 326static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 327static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 328static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 329static void sppp_lcp_tlu(struct sppp *sp); 330static void sppp_lcp_tld(struct sppp *sp); 331static void sppp_lcp_tls(struct sppp *sp); 332static void sppp_lcp_tlf(struct sppp *sp); 333static void sppp_lcp_scr(struct sppp *sp); 334static void sppp_lcp_check_and_close(struct sppp *sp); 335static int sppp_ncp_check(struct sppp *sp); 336 337static void sppp_ipcp_init(struct sppp *sp); 338static void sppp_ipcp_up(struct sppp *sp); 339static void sppp_ipcp_down(struct sppp *sp); 340static void sppp_ipcp_open(struct sppp *sp); 341static void sppp_ipcp_close(struct sppp *sp); 342static void sppp_ipcp_TO(void *sp); 343static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 344static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 345static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 346static void sppp_ipcp_tlu(struct sppp *sp); 347static void sppp_ipcp_tld(struct sppp *sp); 348static void sppp_ipcp_tls(struct sppp *sp); 349static void sppp_ipcp_tlf(struct sppp *sp); 350static void sppp_ipcp_scr(struct sppp *sp); 351 352static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 353static void sppp_pap_init(struct sppp *sp); 354static void sppp_pap_open(struct sppp *sp); 355static void sppp_pap_close(struct sppp *sp); 356static void sppp_pap_TO(void *sp); 357static void sppp_pap_my_TO(void *sp); 358static void sppp_pap_tlu(struct sppp *sp); 359static void sppp_pap_tld(struct sppp *sp); 360static void sppp_pap_scr(struct sppp *sp); 361 362static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 363static void sppp_chap_init(struct sppp *sp); 364static void sppp_chap_open(struct sppp *sp); 365static void sppp_chap_close(struct sppp *sp); 366static void sppp_chap_TO(void *sp); 367static void sppp_chap_tlu(struct sppp *sp); 368static void sppp_chap_tld(struct sppp *sp); 369static void sppp_chap_scr(struct sppp *sp); 370 371static const char *sppp_auth_type_name(u_short proto, u_char type); 372static const char *sppp_cp_type_name(u_char type); 373static const char *sppp_dotted_quad(u_long addr); 374static const char *sppp_ipcp_opt_name(u_char opt); 375static const char *sppp_lcp_opt_name(u_char opt); 376static const char *sppp_phase_name(enum ppp_phase phase); 377static const char *sppp_proto_name(u_short proto); 378static const char *sppp_state_name(int state); 379static int sppp_params(struct sppp *sp, u_long cmd, void *data); 380static int sppp_strnlen(u_char *p, int max); 381static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 382 u_long *srcmask); 383static void sppp_keepalive(void *dummy); 384static void sppp_phase_network(struct sppp *sp); 385static void sppp_print_bytes(const u_char *p, u_short len); 386static void sppp_print_string(const char *p, u_short len); 387static void sppp_qflush(struct ifqueue *ifq); 388static void sppp_set_ip_addr(struct sppp *sp, u_long src); 389 390/* our control protocol descriptors */ 391static const struct cp lcp = { 392 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 393 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 394 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 395 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 396 sppp_lcp_scr 397}; 398 399static const struct cp ipcp = { 400 PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp", 401 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 402 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 403 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 404 sppp_ipcp_scr 405}; 406 407static const struct cp pap = { 408 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 409 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 410 sppp_pap_TO, 0, 0, 0, 411 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 412 sppp_pap_scr 413}; 414 415static const struct cp chap = { 416 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 417 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 418 sppp_chap_TO, 0, 0, 0, 419 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 420 sppp_chap_scr 421}; 422 423static const struct cp *cps[IDX_COUNT] = { 424 &lcp, /* IDX_LCP */ 425 &ipcp, /* IDX_IPCP */ 426 &pap, /* IDX_PAP */ 427 &chap, /* IDX_CHAP */ 428}; 429 430 431/* 432 * Exported functions, comprising our interface to the lower layer. 433 */ 434 435/* 436 * Process the received packet. 437 */ 438void 439sppp_input(struct ifnet *ifp, struct mbuf *m) 440{ 441 struct ppp_header *h; 442 struct ifqueue *inq = 0; 443 int s; 444 struct sppp *sp = (struct sppp *)ifp; 445 int debug = ifp->if_flags & IFF_DEBUG; 446 447 if (ifp->if_flags & IFF_UP) 448 /* Count received bytes, add FCS and one flag */ 449 ifp->if_ibytes += m->m_pkthdr.len + 3; 450 451 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 452 /* Too small packet, drop it. */ 453 if (debug) 454 log(LOG_DEBUG, 455 SPP_FMT "input packet is too small, %d bytes\n", 456 SPP_ARGS(ifp), m->m_pkthdr.len); 457 drop: 458 ++ifp->if_ierrors; 459 ++ifp->if_iqdrops; 460 m_freem (m); 461 return; 462 } 463 464 /* Get PPP header. */ 465 h = mtod (m, struct ppp_header*); 466 m_adj (m, PPP_HEADER_LEN); 467 468 switch (h->address) { 469 case PPP_ALLSTATIONS: 470 if (h->control != PPP_UI) 471 goto invalid; 472 if (sp->pp_mode == IFF_CISCO) { 473 if (debug) 474 log(LOG_DEBUG, 475 SPP_FMT "PPP packet in Cisco mode " 476 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 477 SPP_ARGS(ifp), 478 h->address, h->control, ntohs(h->protocol)); 479 goto drop; 480 } 481 switch (ntohs (h->protocol)) { 482 default: 483 if (debug) 484 log(LOG_DEBUG, 485 SPP_FMT "rejecting protocol " 486 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 487 SPP_ARGS(ifp), 488 h->address, h->control, ntohs(h->protocol)); 489 if (sp->state[IDX_LCP] == STATE_OPENED) 490 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 491 ++sp->pp_seq, m->m_pkthdr.len + 2, 492 &h->protocol); 493 ++ifp->if_noproto; 494 goto drop; 495 case PPP_LCP: 496 sppp_cp_input(&lcp, sp, m); 497 m_freem (m); 498 return; 499 case PPP_PAP: 500 if (sp->pp_phase >= PHASE_AUTHENTICATE) 501 sppp_pap_input(sp, m); 502 m_freem (m); 503 return; 504 case PPP_CHAP: 505 if (sp->pp_phase >= PHASE_AUTHENTICATE) 506 sppp_chap_input(sp, m); 507 m_freem (m); 508 return; 509#ifdef INET 510 case PPP_IPCP: 511 if (sp->pp_phase == PHASE_NETWORK) 512 sppp_cp_input(&ipcp, sp, m); 513 m_freem (m); 514 return; 515 case PPP_IP: 516 if (sp->state[IDX_IPCP] == STATE_OPENED) { 517 schednetisr (NETISR_IP); 518 inq = &ipintrq; 519 } 520 break; 521#endif 522#ifdef IPX 523 case PPP_IPX: 524 /* IPX IPXCP not implemented yet */ 525 if (sp->pp_phase == PHASE_NETWORK) { 526 schednetisr (NETISR_IPX); 527 inq = &ipxintrq; 528 } 529 break; 530#endif 531#ifdef NS 532 case PPP_XNS: 533 /* XNS IDPCP not implemented yet */ 534 if (sp->pp_phase == PHASE_NETWORK) { 535 schednetisr (NETISR_NS); 536 inq = &nsintrq; 537 } 538 break; 539#endif 540#ifdef ISO 541 case PPP_ISO: 542 /* OSI NLCP not implemented yet */ 543 if (sp->pp_phase == PHASE_NETWORK) { 544 schednetisr (NETISR_ISO); 545 inq = &clnlintrq; 546 } 547 break; 548#endif 549 } 550 break; 551 case CISCO_MULTICAST: 552 case CISCO_UNICAST: 553 /* Don't check the control field here (RFC 1547). */ 554 if (sp->pp_mode != IFF_CISCO) { 555 if (debug) 556 log(LOG_DEBUG, 557 SPP_FMT "Cisco packet in PPP mode " 558 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 559 SPP_ARGS(ifp), 560 h->address, h->control, ntohs(h->protocol)); 561 goto drop; 562 } 563 switch (ntohs (h->protocol)) { 564 default: 565 ++ifp->if_noproto; 566 goto invalid; 567 case CISCO_KEEPALIVE: 568 sppp_cisco_input ((struct sppp*) ifp, m); 569 m_freem (m); 570 return; 571#ifdef INET 572 case ETHERTYPE_IP: 573 schednetisr (NETISR_IP); 574 inq = &ipintrq; 575 break; 576#endif 577#ifdef INET6 578 case ETHERTYPE_IPV6: 579 schednetisr (NETISR_IPV6); 580 inq = &ip6intrq; 581 break; 582#endif 583#ifdef IPX 584 case ETHERTYPE_IPX: 585 schednetisr (NETISR_IPX); 586 inq = &ipxintrq; 587 break; 588#endif 589#ifdef NS 590 case ETHERTYPE_NS: 591 schednetisr (NETISR_NS); 592 inq = &nsintrq; 593 break; 594#endif 595 } 596 break; 597 default: /* Invalid PPP packet. */ 598 invalid: 599 if (debug) 600 log(LOG_DEBUG, 601 SPP_FMT "invalid input packet " 602 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 603 SPP_ARGS(ifp), 604 h->address, h->control, ntohs(h->protocol)); 605 goto drop; 606 } 607 608 if (! (ifp->if_flags & IFF_UP) || ! inq) 609 goto drop; 610 611 /* Check queue. */ 612 s = splimp(); 613 if (IF_QFULL (inq)) { 614 /* Queue overflow. */ 615 IF_DROP(inq); 616 splx(s); 617 if (debug) 618 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 619 SPP_ARGS(ifp)); 620 goto drop; 621 } 622 IF_ENQUEUE(inq, m); 623 splx(s); 624} 625 626/* 627 * Enqueue transmit packet. 628 */ 629static int 630sppp_output(struct ifnet *ifp, struct mbuf *m, 631 struct sockaddr *dst, struct rtentry *rt) 632{ 633 struct sppp *sp = (struct sppp*) ifp; 634 struct ppp_header *h; 635 struct ifqueue *ifq; 636 int s, rv = 0; 637 int debug = ifp->if_flags & IFF_DEBUG; 638 639 s = splimp(); 640 641 if ((ifp->if_flags & IFF_UP) == 0 || 642 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 643 m_freem (m); 644 splx (s); 645 return (ENETDOWN); 646 } 647 648 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 649 /* 650 * Interface is not yet running, but auto-dial. Need 651 * to start LCP for it. 652 */ 653 ifp->if_flags |= IFF_RUNNING; 654 splx(s); 655 lcp.Open(sp); 656 s = splimp(); 657 } 658 659 ifq = &ifp->if_snd; 660#ifdef INET 661 if (dst->sa_family == AF_INET) { 662 /* XXX Check mbuf length here? */ 663 struct ip *ip = mtod (m, struct ip*); 664 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 665 666 /* 667 * When using dynamic local IP address assignment by using 668 * 0.0.0.0 as a local address, the first TCP session will 669 * not connect because the local TCP checksum is computed 670 * using 0.0.0.0 which will later become our real IP address 671 * so the TCP checksum computed at the remote end will 672 * become invalid. So we 673 * - don't let packets with src ip addr 0 thru 674 * - we flag TCP packets with src ip 0 as an error 675 */ 676 677 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 678 { 679 m_freem(m); 680 splx(s); 681 if(ip->ip_p == IPPROTO_TCP) 682 return(EADDRNOTAVAIL); 683 else 684 return(0); 685 } 686 687 /* 688 * Put low delay, telnet, rlogin and ftp control packets 689 * in front of the queue. 690 */ 691 if (IF_QFULL (&sp->pp_fastq)) 692 ; 693 else if (ip->ip_tos & IPTOS_LOWDELAY) 694 ifq = &sp->pp_fastq; 695 else if (m->m_len < sizeof *ip + sizeof *tcp) 696 ; 697 else if (ip->ip_p != IPPROTO_TCP) 698 ; 699 else if (INTERACTIVE (ntohs (tcp->th_sport))) 700 ifq = &sp->pp_fastq; 701 else if (INTERACTIVE (ntohs (tcp->th_dport))) 702 ifq = &sp->pp_fastq; 703 } 704#endif 705 706 /* 707 * Prepend general data packet PPP header. For now, IP only. 708 */ 709 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 710 if (! m) { 711 if (debug) 712 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 713 SPP_ARGS(ifp)); 714 ++ifp->if_oerrors; 715 splx (s); 716 return (ENOBUFS); 717 } 718 /* 719 * May want to check size of packet 720 * (albeit due to the implementation it's always enough) 721 */ 722 h = mtod (m, struct ppp_header*); 723 if (sp->pp_mode == IFF_CISCO) { 724 h->address = CISCO_UNICAST; /* unicast address */ 725 h->control = 0; 726 } else { 727 h->address = PPP_ALLSTATIONS; /* broadcast address */ 728 h->control = PPP_UI; /* Unnumbered Info */ 729 } 730 731 switch (dst->sa_family) { 732#ifdef INET 733 case AF_INET: /* Internet Protocol */ 734 if (sp->pp_mode == IFF_CISCO) 735 h->protocol = htons (ETHERTYPE_IP); 736 else { 737 /* 738 * Don't choke with an ENETDOWN early. It's 739 * possible that we just started dialing out, 740 * so don't drop the packet immediately. If 741 * we notice that we run out of buffer space 742 * below, we will however remember that we are 743 * not ready to carry IP packets, and return 744 * ENETDOWN, as opposed to ENOBUFS. 745 */ 746 h->protocol = htons(PPP_IP); 747 if (sp->state[IDX_IPCP] != STATE_OPENED) 748 rv = ENETDOWN; 749 } 750 break; 751#endif 752#ifdef INET6 753 case AF_INET6: /* Internet Protocol */ 754 if (sp->pp_mode == IFF_CISCO) 755 h->protocol = htons (ETHERTYPE_IPV6); 756 else { 757 goto nosupport; 758 } 759 break; 760#endif 761#ifdef NS 762 case AF_NS: /* Xerox NS Protocol */ 763 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 764 ETHERTYPE_NS : PPP_XNS); 765 break; 766#endif 767#ifdef IPX 768 case AF_IPX: /* Novell IPX Protocol */ 769 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 770 ETHERTYPE_IPX : PPP_IPX); 771 break; 772#endif 773#ifdef ISO 774 case AF_ISO: /* ISO OSI Protocol */ 775 if (sp->pp_mode == IFF_CISCO) 776 goto nosupport; 777 h->protocol = htons (PPP_ISO); 778 break; 779#endif 780nosupport: 781 default: 782 m_freem (m); 783 ++ifp->if_oerrors; 784 splx (s); 785 return (EAFNOSUPPORT); 786 } 787 788 /* 789 * Queue message on interface, and start output if interface 790 * not yet active. 791 */ 792 if (IF_QFULL (ifq)) { 793 IF_DROP (&ifp->if_snd); 794 m_freem (m); 795 ++ifp->if_oerrors; 796 splx (s); 797 return (rv? rv: ENOBUFS); 798 } 799 IF_ENQUEUE (ifq, m); 800 if (! (ifp->if_flags & IFF_OACTIVE)) 801 (*ifp->if_start) (ifp); 802 803 /* 804 * Count output packets and bytes. 805 * The packet length includes header, FCS and 1 flag, 806 * according to RFC 1333. 807 */ 808 ifp->if_obytes += m->m_pkthdr.len + 3; 809 splx (s); 810 return (0); 811} 812 813void 814sppp_attach(struct ifnet *ifp) 815{ 816 struct sppp *sp = (struct sppp*) ifp; 817 818 /* Initialize keepalive handler. */ 819 if (! spppq) 820 TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 821 822 /* Insert new entry into the keepalive list. */ 823 sp->pp_next = spppq; 824 spppq = sp; 825 826 sp->pp_if.if_mtu = PP_MTU; 827 sp->pp_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 828 sp->pp_if.if_type = IFT_PPP; 829 sp->pp_if.if_output = sppp_output; 830#if 0 831 sp->pp_flags = PP_KEEPALIVE; 832#endif 833 sp->pp_fastq.ifq_maxlen = 32; 834 sp->pp_cpq.ifq_maxlen = 20; 835 sp->pp_loopcnt = 0; 836 sp->pp_alivecnt = 0; 837 sp->pp_seq = 0; 838 sp->pp_rseq = 0; 839 sp->pp_phase = PHASE_DEAD; 840 sp->pp_up = lcp.Up; 841 sp->pp_down = lcp.Down; 842 843 sppp_lcp_init(sp); 844 sppp_ipcp_init(sp); 845 sppp_pap_init(sp); 846 sppp_chap_init(sp); 847} 848 849void 850sppp_detach(struct ifnet *ifp) 851{ 852 struct sppp **q, *p, *sp = (struct sppp*) ifp; 853 int i; 854 855 /* Remove the entry from the keepalive list. */ 856 for (q = &spppq; (p = *q); q = &p->pp_next) 857 if (p == sp) { 858 *q = p->pp_next; 859 break; 860 } 861 862 /* Stop keepalive handler. */ 863 if (! spppq) 864 UNTIMEOUT(sppp_keepalive, 0, keepalive_ch); 865 866 for (i = 0; i < IDX_COUNT; i++) 867 UNTIMEOUT((cps[i])->TO, (void *)sp, sp->ch[i]); 868 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 869} 870 871/* 872 * Flush the interface output queue. 873 */ 874void 875sppp_flush(struct ifnet *ifp) 876{ 877 struct sppp *sp = (struct sppp*) ifp; 878 879 sppp_qflush (&sp->pp_if.if_snd); 880 sppp_qflush (&sp->pp_fastq); 881 sppp_qflush (&sp->pp_cpq); 882} 883 884/* 885 * Check if the output queue is empty. 886 */ 887int 888sppp_isempty(struct ifnet *ifp) 889{ 890 struct sppp *sp = (struct sppp*) ifp; 891 int empty, s; 892 893 s = splimp(); 894 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 895 !sp->pp_if.if_snd.ifq_head; 896 splx(s); 897 return (empty); 898} 899 900/* 901 * Get next packet to send. 902 */ 903struct mbuf * 904sppp_dequeue(struct ifnet *ifp) 905{ 906 struct sppp *sp = (struct sppp*) ifp; 907 struct mbuf *m; 908 int s; 909 910 s = splimp(); 911 /* 912 * Process only the control protocol queue until we have at 913 * least one NCP open. 914 * 915 * Do always serve all three queues in Cisco mode. 916 */ 917 IF_DEQUEUE(&sp->pp_cpq, m); 918 if (m == NULL && 919 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO)) { 920 IF_DEQUEUE(&sp->pp_fastq, m); 921 if (m == NULL) 922 IF_DEQUEUE (&sp->pp_if.if_snd, m); 923 } 924 splx(s); 925 return m; 926} 927 928/* 929 * Pick the next packet, do not remove it from the queue. 930 */ 931struct mbuf * 932sppp_pick(struct ifnet *ifp) 933{ 934 struct sppp *sp = (struct sppp*)ifp; 935 struct mbuf *m; 936 int s; 937 938 s= splimp (); 939 940 m = sp->pp_cpq.ifq_head; 941 if (m == NULL && 942 (sp->pp_phase == PHASE_NETWORK || sp->pp_mode == IFF_CISCO)) 943 if ((m = sp->pp_fastq.ifq_head) == NULL) 944 m = sp->pp_if.if_snd.ifq_head; 945 splx (s); 946 return (m); 947} 948 949/* 950 * Process an ioctl request. Called on low priority level. 951 */ 952int 953sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 954{ 955 struct ifreq *ifr = (struct ifreq*) data; 956 struct sppp *sp = (struct sppp*) ifp; 957 int s, rv, going_up, going_down, newmode; 958 959 s = splimp(); 960 rv = 0; 961 switch (cmd) { 962 case SIOCAIFADDR: 963 case SIOCSIFDSTADDR: 964 break; 965 966 case SIOCSIFADDR: 967 if_up(ifp); 968 /* fall through... */ 969 970 case SIOCSIFFLAGS: 971 going_up = ifp->if_flags & IFF_UP && 972 (ifp->if_flags & IFF_RUNNING) == 0; 973 going_down = (ifp->if_flags & IFF_UP) == 0 && 974 ifp->if_flags & IFF_RUNNING; 975 976 newmode = ifp->if_flags & IFF_PASSIVE; 977 if (!newmode) 978 newmode = ifp->if_flags & IFF_AUTO; 979 if (!newmode) 980 newmode = ifp->if_flags & IFF_CISCO; 981 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 982 ifp->if_flags |= newmode; 983 984 if (newmode != sp->pp_mode) { 985 going_down = 1; 986 if (!going_up) 987 going_up = ifp->if_flags & IFF_RUNNING; 988 } 989 990 if (going_down) { 991 if (sp->pp_mode != IFF_CISCO) 992 lcp.Close(sp); 993 else if (sp->pp_tlf) 994 (sp->pp_tlf)(sp); 995 sppp_flush(ifp); 996 ifp->if_flags &= ~IFF_RUNNING; 997 sp->pp_mode = newmode; 998 } 999 1000 if (going_up) { 1001 if (sp->pp_mode != IFF_CISCO) 1002 lcp.Close(sp); 1003 sp->pp_mode = newmode; 1004 if (sp->pp_mode == 0) { 1005 ifp->if_flags |= IFF_RUNNING; 1006 lcp.Open(sp); 1007 } 1008 if (sp->pp_mode == IFF_CISCO) { 1009 if (sp->pp_tls) 1010 (sp->pp_tls)(sp); 1011 ifp->if_flags |= IFF_RUNNING; 1012 } 1013 } 1014 1015 break; 1016 1017#ifdef SIOCSIFMTU 1018#ifndef ifr_mtu 1019#define ifr_mtu ifr_metric 1020#endif 1021 case SIOCSIFMTU: 1022 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1023 return (EINVAL); 1024 ifp->if_mtu = ifr->ifr_mtu; 1025 break; 1026#endif 1027#ifdef SLIOCSETMTU 1028 case SLIOCSETMTU: 1029 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1030 return (EINVAL); 1031 ifp->if_mtu = *(short*)data; 1032 break; 1033#endif 1034#ifdef SIOCGIFMTU 1035 case SIOCGIFMTU: 1036 ifr->ifr_mtu = ifp->if_mtu; 1037 break; 1038#endif 1039#ifdef SLIOCGETMTU 1040 case SLIOCGETMTU: 1041 *(short*)data = ifp->if_mtu; 1042 break; 1043#endif 1044 case SIOCADDMULTI: 1045 case SIOCDELMULTI: 1046 break; 1047 1048 case SIOCGIFGENERIC: 1049 case SIOCSIFGENERIC: 1050 rv = sppp_params(sp, cmd, data); 1051 break; 1052 1053 default: 1054 rv = ENOTTY; 1055 } 1056 splx(s); 1057 return rv; 1058} 1059 1060 1061/* 1062 * Cisco framing implementation. 1063 */ 1064 1065/* 1066 * Handle incoming Cisco keepalive protocol packets. 1067 */ 1068static void 1069sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1070{ 1071 STDDCL; 1072 struct cisco_packet *h; 1073 u_long me, mymask; 1074 1075 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1076 if (debug) 1077 log(LOG_DEBUG, 1078 SPP_FMT "cisco invalid packet length: %d bytes\n", 1079 SPP_ARGS(ifp), m->m_pkthdr.len); 1080 return; 1081 } 1082 h = mtod (m, struct cisco_packet*); 1083 if (debug) 1084 log(LOG_DEBUG, 1085 SPP_FMT "cisco input: %d bytes " 1086 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1087 SPP_ARGS(ifp), m->m_pkthdr.len, 1088 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1089 (u_int)h->time0, (u_int)h->time1); 1090 switch (ntohl (h->type)) { 1091 default: 1092 if (debug) 1093 addlog(SPP_FMT "cisco unknown packet type: 0x%lx\n", 1094 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1095 break; 1096 case CISCO_ADDR_REPLY: 1097 /* Reply on address request, ignore */ 1098 break; 1099 case CISCO_KEEPALIVE_REQ: 1100 sp->pp_alivecnt = 0; 1101 sp->pp_rseq = ntohl (h->par1); 1102 if (sp->pp_seq == sp->pp_rseq) { 1103 /* Local and remote sequence numbers are equal. 1104 * Probably, the line is in loopback mode. */ 1105 if (sp->pp_loopcnt >= MAXALIVECNT) { 1106 printf (SPP_FMT "loopback\n", 1107 SPP_ARGS(ifp)); 1108 sp->pp_loopcnt = 0; 1109 if (ifp->if_flags & IFF_UP) { 1110 if_down (ifp); 1111 sppp_qflush (&sp->pp_cpq); 1112 } 1113 } 1114 ++sp->pp_loopcnt; 1115 1116 /* Generate new local sequence number */ 1117#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1118 sp->pp_seq = random(); 1119#else 1120 sp->pp_seq ^= time.tv_sec ^ time.tv_usec; 1121#endif 1122 break; 1123 } 1124 sp->pp_loopcnt = 0; 1125 if (! (ifp->if_flags & IFF_UP) && 1126 (ifp->if_flags & IFF_RUNNING)) { 1127 if_up(ifp); 1128 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1129 } 1130 break; 1131 case CISCO_ADDR_REQ: 1132 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1133 if (me != 0L) 1134 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1135 break; 1136 } 1137} 1138 1139/* 1140 * Send Cisco keepalive packet. 1141 */ 1142static void 1143sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1144{ 1145 STDDCL; 1146 struct ppp_header *h; 1147 struct cisco_packet *ch; 1148 struct mbuf *m; 1149#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1150 struct timeval tv; 1151#else 1152 u_long t = (time.tv_sec - boottime.tv_sec) * 1000; 1153#endif 1154 1155#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1156 getmicrouptime(&tv); 1157#endif 1158 1159 MGETHDR (m, M_DONTWAIT, MT_DATA); 1160 if (! m) 1161 return; 1162 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1163 m->m_pkthdr.rcvif = 0; 1164 1165 h = mtod (m, struct ppp_header*); 1166 h->address = CISCO_MULTICAST; 1167 h->control = 0; 1168 h->protocol = htons (CISCO_KEEPALIVE); 1169 1170 ch = (struct cisco_packet*) (h + 1); 1171 ch->type = htonl (type); 1172 ch->par1 = htonl (par1); 1173 ch->par2 = htonl (par2); 1174 ch->rel = -1; 1175 1176#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1177 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1178 ch->time1 = htons ((u_short) tv.tv_sec); 1179#else 1180 ch->time0 = htons ((u_short) (t >> 16)); 1181 ch->time1 = htons ((u_short) t); 1182#endif 1183 1184 if (debug) 1185 log(LOG_DEBUG, 1186 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1187 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1188 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1189 1190 if (IF_QFULL (&sp->pp_cpq)) { 1191 IF_DROP (&sp->pp_fastq); 1192 IF_DROP (&ifp->if_snd); 1193 m_freem (m); 1194 } else 1195 IF_ENQUEUE (&sp->pp_cpq, m); 1196 if (! (ifp->if_flags & IFF_OACTIVE)) 1197 (*ifp->if_start) (ifp); 1198 ifp->if_obytes += m->m_pkthdr.len + 3; 1199} 1200 1201/* 1202 * PPP protocol implementation. 1203 */ 1204 1205/* 1206 * Send PPP control protocol packet. 1207 */ 1208static void 1209sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1210 u_char ident, u_short len, void *data) 1211{ 1212 STDDCL; 1213 struct ppp_header *h; 1214 struct lcp_header *lh; 1215 struct mbuf *m; 1216 1217 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1218 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1219 MGETHDR (m, M_DONTWAIT, MT_DATA); 1220 if (! m) 1221 return; 1222 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1223 m->m_pkthdr.rcvif = 0; 1224 1225 h = mtod (m, struct ppp_header*); 1226 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1227 h->control = PPP_UI; /* Unnumbered Info */ 1228 h->protocol = htons (proto); /* Link Control Protocol */ 1229 1230 lh = (struct lcp_header*) (h + 1); 1231 lh->type = type; 1232 lh->ident = ident; 1233 lh->len = htons (LCP_HEADER_LEN + len); 1234 if (len) 1235 bcopy (data, lh+1, len); 1236 1237 if (debug) { 1238 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1239 SPP_ARGS(ifp), 1240 sppp_proto_name(proto), 1241 sppp_cp_type_name (lh->type), lh->ident, 1242 ntohs (lh->len)); 1243 sppp_print_bytes ((u_char*) (lh+1), len); 1244 addlog(">\n"); 1245 } 1246 if (IF_QFULL (&sp->pp_cpq)) { 1247 IF_DROP (&sp->pp_fastq); 1248 IF_DROP (&ifp->if_snd); 1249 m_freem (m); 1250 ++ifp->if_oerrors; 1251 } else 1252 IF_ENQUEUE (&sp->pp_cpq, m); 1253 if (! (ifp->if_flags & IFF_OACTIVE)) 1254 (*ifp->if_start) (ifp); 1255 ifp->if_obytes += m->m_pkthdr.len + 3; 1256} 1257 1258/* 1259 * Handle incoming PPP control protocol packets. 1260 */ 1261static void 1262sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1263{ 1264 STDDCL; 1265 struct lcp_header *h; 1266 int len = m->m_pkthdr.len; 1267 int rv; 1268 u_char *p; 1269 1270 if (len < 4) { 1271 if (debug) 1272 log(LOG_DEBUG, 1273 SPP_FMT "%s invalid packet length: %d bytes\n", 1274 SPP_ARGS(ifp), cp->name, len); 1275 return; 1276 } 1277 h = mtod (m, struct lcp_header*); 1278 if (debug) { 1279 log(LOG_DEBUG, 1280 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1281 SPP_ARGS(ifp), cp->name, 1282 sppp_state_name(sp->state[cp->protoidx]), 1283 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1284 sppp_print_bytes ((u_char*) (h+1), len-4); 1285 addlog(">\n"); 1286 } 1287 if (len > ntohs (h->len)) 1288 len = ntohs (h->len); 1289 p = (u_char *)(h + 1); 1290 switch (h->type) { 1291 case CONF_REQ: 1292 if (len < 4) { 1293 if (debug) 1294 addlog(SPP_FMT "%s invalid conf-req length %d\n", 1295 SPP_ARGS(ifp), cp->name, 1296 len); 1297 ++ifp->if_ierrors; 1298 break; 1299 } 1300 /* handle states where RCR doesn't get a SCA/SCN */ 1301 switch (sp->state[cp->protoidx]) { 1302 case STATE_CLOSING: 1303 case STATE_STOPPING: 1304 return; 1305 case STATE_CLOSED: 1306 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1307 0, 0); 1308 return; 1309 } 1310 rv = (cp->RCR)(sp, h, len); 1311 switch (sp->state[cp->protoidx]) { 1312 case STATE_OPENED: 1313 (cp->tld)(sp); 1314 (cp->scr)(sp); 1315 /* fall through... */ 1316 case STATE_ACK_SENT: 1317 case STATE_REQ_SENT: 1318 sppp_cp_change_state(cp, sp, rv? 1319 STATE_ACK_SENT: STATE_REQ_SENT); 1320 break; 1321 case STATE_STOPPED: 1322 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1323 (cp->scr)(sp); 1324 sppp_cp_change_state(cp, sp, rv? 1325 STATE_ACK_SENT: STATE_REQ_SENT); 1326 break; 1327 case STATE_ACK_RCVD: 1328 if (rv) { 1329 sppp_cp_change_state(cp, sp, STATE_OPENED); 1330 if (debug) 1331 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1332 SPP_ARGS(ifp), 1333 cp->name); 1334 (cp->tlu)(sp); 1335 } else 1336 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1337 break; 1338 default: 1339 printf(SPP_FMT "%s illegal %s in state %s\n", 1340 SPP_ARGS(ifp), cp->name, 1341 sppp_cp_type_name(h->type), 1342 sppp_state_name(sp->state[cp->protoidx])); 1343 ++ifp->if_ierrors; 1344 } 1345 break; 1346 case CONF_ACK: 1347 if (h->ident != sp->confid[cp->protoidx]) { 1348 if (debug) 1349 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1350 SPP_ARGS(ifp), cp->name, 1351 h->ident, sp->confid[cp->protoidx]); 1352 ++ifp->if_ierrors; 1353 break; 1354 } 1355 switch (sp->state[cp->protoidx]) { 1356 case STATE_CLOSED: 1357 case STATE_STOPPED: 1358 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1359 break; 1360 case STATE_CLOSING: 1361 case STATE_STOPPING: 1362 break; 1363 case STATE_REQ_SENT: 1364 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1365 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1366 break; 1367 case STATE_OPENED: 1368 (cp->tld)(sp); 1369 /* fall through */ 1370 case STATE_ACK_RCVD: 1371 (cp->scr)(sp); 1372 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1373 break; 1374 case STATE_ACK_SENT: 1375 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1376 sppp_cp_change_state(cp, sp, STATE_OPENED); 1377 if (debug) 1378 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1379 SPP_ARGS(ifp), cp->name); 1380 (cp->tlu)(sp); 1381 break; 1382 default: 1383 printf(SPP_FMT "%s illegal %s in state %s\n", 1384 SPP_ARGS(ifp), cp->name, 1385 sppp_cp_type_name(h->type), 1386 sppp_state_name(sp->state[cp->protoidx])); 1387 ++ifp->if_ierrors; 1388 } 1389 break; 1390 case CONF_NAK: 1391 case CONF_REJ: 1392 if (h->ident != sp->confid[cp->protoidx]) { 1393 if (debug) 1394 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1395 SPP_ARGS(ifp), cp->name, 1396 h->ident, sp->confid[cp->protoidx]); 1397 ++ifp->if_ierrors; 1398 break; 1399 } 1400 if (h->type == CONF_NAK) 1401 (cp->RCN_nak)(sp, h, len); 1402 else /* CONF_REJ */ 1403 (cp->RCN_rej)(sp, h, len); 1404 1405 switch (sp->state[cp->protoidx]) { 1406 case STATE_CLOSED: 1407 case STATE_STOPPED: 1408 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1409 break; 1410 case STATE_REQ_SENT: 1411 case STATE_ACK_SENT: 1412 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1413 (cp->scr)(sp); 1414 break; 1415 case STATE_OPENED: 1416 (cp->tld)(sp); 1417 /* fall through */ 1418 case STATE_ACK_RCVD: 1419 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1420 (cp->scr)(sp); 1421 break; 1422 case STATE_CLOSING: 1423 case STATE_STOPPING: 1424 break; 1425 default: 1426 printf(SPP_FMT "%s illegal %s in state %s\n", 1427 SPP_ARGS(ifp), cp->name, 1428 sppp_cp_type_name(h->type), 1429 sppp_state_name(sp->state[cp->protoidx])); 1430 ++ifp->if_ierrors; 1431 } 1432 break; 1433 1434 case TERM_REQ: 1435 switch (sp->state[cp->protoidx]) { 1436 case STATE_ACK_RCVD: 1437 case STATE_ACK_SENT: 1438 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1439 /* fall through */ 1440 case STATE_CLOSED: 1441 case STATE_STOPPED: 1442 case STATE_CLOSING: 1443 case STATE_STOPPING: 1444 case STATE_REQ_SENT: 1445 sta: 1446 /* Send Terminate-Ack packet. */ 1447 if (debug) 1448 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1449 SPP_ARGS(ifp), cp->name); 1450 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1451 break; 1452 case STATE_OPENED: 1453 (cp->tld)(sp); 1454 sp->rst_counter[cp->protoidx] = 0; 1455 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1456 goto sta; 1457 break; 1458 default: 1459 printf(SPP_FMT "%s illegal %s in state %s\n", 1460 SPP_ARGS(ifp), cp->name, 1461 sppp_cp_type_name(h->type), 1462 sppp_state_name(sp->state[cp->protoidx])); 1463 ++ifp->if_ierrors; 1464 } 1465 break; 1466 case TERM_ACK: 1467 switch (sp->state[cp->protoidx]) { 1468 case STATE_CLOSED: 1469 case STATE_STOPPED: 1470 case STATE_REQ_SENT: 1471 case STATE_ACK_SENT: 1472 break; 1473 case STATE_CLOSING: 1474 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1475 (cp->tlf)(sp); 1476 break; 1477 case STATE_STOPPING: 1478 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1479 (cp->tlf)(sp); 1480 break; 1481 case STATE_ACK_RCVD: 1482 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1483 break; 1484 case STATE_OPENED: 1485 (cp->tld)(sp); 1486 (cp->scr)(sp); 1487 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1488 break; 1489 default: 1490 printf(SPP_FMT "%s illegal %s in state %s\n", 1491 SPP_ARGS(ifp), cp->name, 1492 sppp_cp_type_name(h->type), 1493 sppp_state_name(sp->state[cp->protoidx])); 1494 ++ifp->if_ierrors; 1495 } 1496 break; 1497 case CODE_REJ: 1498 case PROTO_REJ: 1499 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1500 log(LOG_INFO, 1501 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1502 "danger will robinson\n", 1503 SPP_ARGS(ifp), cp->name, 1504 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1505 switch (sp->state[cp->protoidx]) { 1506 case STATE_CLOSED: 1507 case STATE_STOPPED: 1508 case STATE_REQ_SENT: 1509 case STATE_ACK_SENT: 1510 case STATE_CLOSING: 1511 case STATE_STOPPING: 1512 case STATE_OPENED: 1513 break; 1514 case STATE_ACK_RCVD: 1515 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1516 break; 1517 default: 1518 printf(SPP_FMT "%s illegal %s in state %s\n", 1519 SPP_ARGS(ifp), cp->name, 1520 sppp_cp_type_name(h->type), 1521 sppp_state_name(sp->state[cp->protoidx])); 1522 ++ifp->if_ierrors; 1523 } 1524 break; 1525 case DISC_REQ: 1526 if (cp->proto != PPP_LCP) 1527 goto illegal; 1528 /* Discard the packet. */ 1529 break; 1530 case ECHO_REQ: 1531 if (cp->proto != PPP_LCP) 1532 goto illegal; 1533 if (sp->state[cp->protoidx] != STATE_OPENED) { 1534 if (debug) 1535 addlog(SPP_FMT "lcp echo req but lcp closed\n", 1536 SPP_ARGS(ifp)); 1537 ++ifp->if_ierrors; 1538 break; 1539 } 1540 if (len < 8) { 1541 if (debug) 1542 addlog(SPP_FMT "invalid lcp echo request " 1543 "packet length: %d bytes\n", 1544 SPP_ARGS(ifp), len); 1545 break; 1546 } 1547 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1548 ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1549 /* Line loopback mode detected. */ 1550 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1551 if_down (ifp); 1552 sppp_qflush (&sp->pp_cpq); 1553 1554 /* Shut down the PPP link. */ 1555 /* XXX */ 1556 lcp.Down(sp); 1557 lcp.Up(sp); 1558 break; 1559 } 1560 *(long*)(h+1) = htonl (sp->lcp.magic); 1561 if (debug) 1562 addlog(SPP_FMT "got lcp echo req, sending echo rep\n", 1563 SPP_ARGS(ifp)); 1564 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1565 break; 1566 case ECHO_REPLY: 1567 if (cp->proto != PPP_LCP) 1568 goto illegal; 1569 if (h->ident != sp->lcp.echoid) { 1570 ++ifp->if_ierrors; 1571 break; 1572 } 1573 if (len < 8) { 1574 if (debug) 1575 addlog(SPP_FMT "lcp invalid echo reply " 1576 "packet length: %d bytes\n", 1577 SPP_ARGS(ifp), len); 1578 break; 1579 } 1580 if (debug) 1581 addlog(SPP_FMT "lcp got echo rep\n", 1582 SPP_ARGS(ifp)); 1583 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1584 ntohl (*(long*)(h+1)) != sp->lcp.magic) 1585 sp->pp_alivecnt = 0; 1586 break; 1587 default: 1588 /* Unknown packet type -- send Code-Reject packet. */ 1589 illegal: 1590 if (debug) 1591 addlog(SPP_FMT "%s send code-rej for 0x%x\n", 1592 SPP_ARGS(ifp), cp->name, h->type); 1593 sppp_cp_send(sp, cp->proto, CODE_REJ, ++sp->pp_seq, 1594 m->m_pkthdr.len, h); 1595 ++ifp->if_ierrors; 1596 } 1597} 1598 1599 1600/* 1601 * The generic part of all Up/Down/Open/Close/TO event handlers. 1602 * Basically, the state transition handling in the automaton. 1603 */ 1604static void 1605sppp_up_event(const struct cp *cp, struct sppp *sp) 1606{ 1607 STDDCL; 1608 1609 if (debug) 1610 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1611 SPP_ARGS(ifp), cp->name, 1612 sppp_state_name(sp->state[cp->protoidx])); 1613 1614 switch (sp->state[cp->protoidx]) { 1615 case STATE_INITIAL: 1616 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1617 break; 1618 case STATE_STARTING: 1619 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1620 (cp->scr)(sp); 1621 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1622 break; 1623 default: 1624 printf(SPP_FMT "%s illegal up in state %s\n", 1625 SPP_ARGS(ifp), cp->name, 1626 sppp_state_name(sp->state[cp->protoidx])); 1627 } 1628} 1629 1630static void 1631sppp_down_event(const struct cp *cp, struct sppp *sp) 1632{ 1633 STDDCL; 1634 1635 if (debug) 1636 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1637 SPP_ARGS(ifp), cp->name, 1638 sppp_state_name(sp->state[cp->protoidx])); 1639 1640 switch (sp->state[cp->protoidx]) { 1641 case STATE_CLOSED: 1642 case STATE_CLOSING: 1643 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1644 break; 1645 case STATE_STOPPED: 1646 sppp_cp_change_state(cp, sp, STATE_STARTING); 1647 (cp->tls)(sp); 1648 break; 1649 case STATE_STOPPING: 1650 case STATE_REQ_SENT: 1651 case STATE_ACK_RCVD: 1652 case STATE_ACK_SENT: 1653 sppp_cp_change_state(cp, sp, STATE_STARTING); 1654 break; 1655 case STATE_OPENED: 1656 (cp->tld)(sp); 1657 sppp_cp_change_state(cp, sp, STATE_STARTING); 1658 break; 1659 default: 1660 printf(SPP_FMT "%s illegal down in state %s\n", 1661 SPP_ARGS(ifp), cp->name, 1662 sppp_state_name(sp->state[cp->protoidx])); 1663 } 1664} 1665 1666 1667static void 1668sppp_open_event(const struct cp *cp, struct sppp *sp) 1669{ 1670 STDDCL; 1671 1672 if (debug) 1673 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1674 SPP_ARGS(ifp), cp->name, 1675 sppp_state_name(sp->state[cp->protoidx])); 1676 1677 switch (sp->state[cp->protoidx]) { 1678 case STATE_INITIAL: 1679 sppp_cp_change_state(cp, sp, STATE_STARTING); 1680 (cp->tls)(sp); 1681 break; 1682 case STATE_STARTING: 1683 break; 1684 case STATE_CLOSED: 1685 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1686 (cp->scr)(sp); 1687 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1688 break; 1689 case STATE_STOPPED: 1690 case STATE_STOPPING: 1691 case STATE_REQ_SENT: 1692 case STATE_ACK_RCVD: 1693 case STATE_ACK_SENT: 1694 case STATE_OPENED: 1695 break; 1696 case STATE_CLOSING: 1697 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1698 break; 1699 } 1700} 1701 1702 1703static void 1704sppp_close_event(const struct cp *cp, struct sppp *sp) 1705{ 1706 STDDCL; 1707 1708 if (debug) 1709 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1710 SPP_ARGS(ifp), cp->name, 1711 sppp_state_name(sp->state[cp->protoidx])); 1712 1713 switch (sp->state[cp->protoidx]) { 1714 case STATE_INITIAL: 1715 case STATE_CLOSED: 1716 case STATE_CLOSING: 1717 break; 1718 case STATE_STARTING: 1719 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1720 (cp->tlf)(sp); 1721 break; 1722 case STATE_STOPPED: 1723 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1724 break; 1725 case STATE_STOPPING: 1726 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1727 break; 1728 case STATE_OPENED: 1729 (cp->tld)(sp); 1730 /* fall through */ 1731 case STATE_REQ_SENT: 1732 case STATE_ACK_RCVD: 1733 case STATE_ACK_SENT: 1734 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1735 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0); 1736 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1737 break; 1738 } 1739} 1740 1741static void 1742sppp_to_event(const struct cp *cp, struct sppp *sp) 1743{ 1744 STDDCL; 1745 int s; 1746 1747 s = splimp(); 1748 if (debug) 1749 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 1750 SPP_ARGS(ifp), cp->name, 1751 sppp_state_name(sp->state[cp->protoidx]), 1752 sp->rst_counter[cp->protoidx]); 1753 1754 if (--sp->rst_counter[cp->protoidx] < 0) 1755 /* TO- event */ 1756 switch (sp->state[cp->protoidx]) { 1757 case STATE_CLOSING: 1758 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1759 (cp->tlf)(sp); 1760 break; 1761 case STATE_STOPPING: 1762 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1763 (cp->tlf)(sp); 1764 break; 1765 case STATE_REQ_SENT: 1766 case STATE_ACK_RCVD: 1767 case STATE_ACK_SENT: 1768 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1769 (cp->tlf)(sp); 1770 break; 1771 } 1772 else 1773 /* TO+ event */ 1774 switch (sp->state[cp->protoidx]) { 1775 case STATE_CLOSING: 1776 case STATE_STOPPING: 1777 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 1778 0, 0); 1779 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 1780 sp->ch[cp->protoidx]); 1781 break; 1782 case STATE_REQ_SENT: 1783 case STATE_ACK_RCVD: 1784 (cp->scr)(sp); 1785 /* sppp_cp_change_state() will restart the timer */ 1786 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1787 break; 1788 case STATE_ACK_SENT: 1789 (cp->scr)(sp); 1790 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 1791 sp->ch[cp->protoidx]); 1792 break; 1793 } 1794 1795 splx(s); 1796} 1797 1798/* 1799 * Change the state of a control protocol in the state automaton. 1800 * Takes care of starting/stopping the restart timer. 1801 */ 1802void 1803sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1804{ 1805 sp->state[cp->protoidx] = newstate; 1806 1807 UNTIMEOUT(cp->TO, (void *)sp, sp->ch[cp->protoidx]); 1808 switch (newstate) { 1809 case STATE_INITIAL: 1810 case STATE_STARTING: 1811 case STATE_CLOSED: 1812 case STATE_STOPPED: 1813 case STATE_OPENED: 1814 break; 1815 case STATE_CLOSING: 1816 case STATE_STOPPING: 1817 case STATE_REQ_SENT: 1818 case STATE_ACK_RCVD: 1819 case STATE_ACK_SENT: 1820 TIMEOUT(cp->TO, (void *)sp, sp->lcp.timeout, 1821 sp->ch[cp->protoidx]); 1822 break; 1823 } 1824} 1825/* 1826 *--------------------------------------------------------------------------* 1827 * * 1828 * The LCP implementation. * 1829 * * 1830 *--------------------------------------------------------------------------* 1831 */ 1832static void 1833sppp_lcp_init(struct sppp *sp) 1834{ 1835 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1836 sp->lcp.magic = 0; 1837 sp->state[IDX_LCP] = STATE_INITIAL; 1838 sp->fail_counter[IDX_LCP] = 0; 1839 sp->lcp.protos = 0; 1840 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 1841 1842 /* Note that these values are relevant for all control protocols */ 1843 sp->lcp.timeout = 3 * hz; 1844 sp->lcp.max_terminate = 2; 1845 sp->lcp.max_configure = 10; 1846 sp->lcp.max_failure = 10; 1847#if defined(__FreeBSD__) && __FreeBSD__ >= 3 1848 callout_handle_init(&sp->ch[IDX_LCP]); 1849#endif 1850} 1851 1852static void 1853sppp_lcp_up(struct sppp *sp) 1854{ 1855 STDDCL; 1856 1857 /* 1858 * If this interface is passive or dial-on-demand, and we are 1859 * still in Initial state, it means we've got an incoming 1860 * call. Activate the interface. 1861 */ 1862 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 1863 if (debug) 1864 log(LOG_DEBUG, 1865 SPP_FMT "Up event", SPP_ARGS(ifp)); 1866 ifp->if_flags |= IFF_RUNNING; 1867 if (sp->state[IDX_LCP] == STATE_INITIAL) { 1868 if (debug) 1869 addlog("(incoming call)\n"); 1870 sp->pp_flags |= PP_CALLIN; 1871 lcp.Open(sp); 1872 } else if (debug) 1873 addlog("\n"); 1874 } 1875 1876 sppp_up_event(&lcp, sp); 1877} 1878 1879static void 1880sppp_lcp_down(struct sppp *sp) 1881{ 1882 STDDCL; 1883 1884 sppp_down_event(&lcp, sp); 1885 1886 /* 1887 * If this is neither a dial-on-demand nor a passive 1888 * interface, simulate an ``ifconfig down'' action, so the 1889 * administrator can force a redial by another ``ifconfig 1890 * up''. XXX For leased line operation, should we immediately 1891 * try to reopen the connection here? 1892 */ 1893 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 1894 log(LOG_INFO, 1895 SPP_FMT "Down event, taking interface down.\n", 1896 SPP_ARGS(ifp)); 1897 if_down(ifp); 1898 } else { 1899 if (debug) 1900 log(LOG_DEBUG, 1901 SPP_FMT "Down event (carrier loss)\n", 1902 SPP_ARGS(ifp)); 1903 } 1904 sp->pp_flags &= ~PP_CALLIN; 1905 if (sp->state[IDX_LCP] != STATE_INITIAL) 1906 lcp.Close(sp); 1907 ifp->if_flags &= ~IFF_RUNNING; 1908} 1909 1910static void 1911sppp_lcp_open(struct sppp *sp) 1912{ 1913 /* 1914 * If we are authenticator, negotiate LCP_AUTH 1915 */ 1916 if (sp->hisauth.proto != 0) 1917 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 1918 else 1919 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 1920 sp->pp_flags &= ~PP_NEEDAUTH; 1921 sppp_open_event(&lcp, sp); 1922} 1923 1924static void 1925sppp_lcp_close(struct sppp *sp) 1926{ 1927 sppp_close_event(&lcp, sp); 1928} 1929 1930static void 1931sppp_lcp_TO(void *cookie) 1932{ 1933 sppp_to_event(&lcp, (struct sppp *)cookie); 1934} 1935 1936/* 1937 * Analyze a configure request. Return true if it was agreeable, and 1938 * caused action sca, false if it has been rejected or nak'ed, and 1939 * caused action scn. (The return value is used to make the state 1940 * transition decision in the state automaton.) 1941 */ 1942static int 1943sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 1944{ 1945 STDDCL; 1946 u_char *buf, *r, *p; 1947 int origlen, rlen; 1948 u_long nmagic; 1949 u_short authproto; 1950 1951 len -= 4; 1952 origlen = len; 1953 buf = r = malloc (len, M_TEMP, M_NOWAIT); 1954 if (! buf) 1955 return (0); 1956 1957 if (debug) 1958 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 1959 SPP_ARGS(ifp)); 1960 1961 /* pass 1: check for things that need to be rejected */ 1962 p = (void*) (h+1); 1963 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 1964 if (debug) 1965 addlog(" %s ", sppp_lcp_opt_name(*p)); 1966 switch (*p) { 1967 case LCP_OPT_MAGIC: 1968 /* Magic number. */ 1969 /* fall through, both are same length */ 1970 case LCP_OPT_ASYNC_MAP: 1971 /* Async control character map. */ 1972 if (len >= 6 || p[1] == 6) 1973 continue; 1974 if (debug) 1975 addlog("[invalid] "); 1976 break; 1977 case LCP_OPT_MRU: 1978 /* Maximum receive unit. */ 1979 if (len >= 4 && p[1] == 4) 1980 continue; 1981 if (debug) 1982 addlog("[invalid] "); 1983 break; 1984 case LCP_OPT_AUTH_PROTO: 1985 if (len < 4) { 1986 if (debug) 1987 addlog("[invalid] "); 1988 break; 1989 } 1990 authproto = (p[2] << 8) + p[3]; 1991 if (authproto == PPP_CHAP && p[1] != 5) { 1992 if (debug) 1993 addlog("[invalid chap len] "); 1994 break; 1995 } 1996 if (sp->myauth.proto == 0) { 1997 /* we are not configured to do auth */ 1998 if (debug) 1999 addlog("[not configured] "); 2000 break; 2001 } 2002 /* 2003 * Remote want us to authenticate, remember this, 2004 * so we stay in PHASE_AUTHENTICATE after LCP got 2005 * up. 2006 */ 2007 sp->pp_flags |= PP_NEEDAUTH; 2008 continue; 2009 default: 2010 /* Others not supported. */ 2011 if (debug) 2012 addlog("[rej] "); 2013 break; 2014 } 2015 /* Add the option to rejected list. */ 2016 bcopy (p, r, p[1]); 2017 r += p[1]; 2018 rlen += p[1]; 2019 } 2020 if (rlen) { 2021 if (debug) 2022 addlog(" send conf-rej\n"); 2023 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2024 return 0; 2025 } else if (debug) 2026 addlog("\n"); 2027 2028 /* 2029 * pass 2: check for option values that are unacceptable and 2030 * thus require to be nak'ed. 2031 */ 2032 if (debug) 2033 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2034 SPP_ARGS(ifp)); 2035 2036 p = (void*) (h+1); 2037 len = origlen; 2038 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2039 if (debug) 2040 addlog(" %s ", sppp_lcp_opt_name(*p)); 2041 switch (*p) { 2042 case LCP_OPT_MAGIC: 2043 /* Magic number -- extract. */ 2044 nmagic = (u_long)p[2] << 24 | 2045 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2046 if (nmagic != sp->lcp.magic) { 2047 if (debug) 2048 addlog("0x%lx ", nmagic); 2049 continue; 2050 } 2051 /* 2052 * Local and remote magics equal -- loopback? 2053 */ 2054 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2055 printf (SPP_FMT "loopback\n", 2056 SPP_ARGS(ifp)); 2057 sp->pp_loopcnt = 0; 2058 if (ifp->if_flags & IFF_UP) { 2059 if_down(ifp); 2060 sppp_qflush(&sp->pp_cpq); 2061 /* XXX ? */ 2062 lcp.Down(sp); 2063 lcp.Up(sp); 2064 } 2065 } else if (debug) 2066 addlog("[glitch] "); 2067 ++sp->pp_loopcnt; 2068 /* 2069 * We negate our magic here, and NAK it. If 2070 * we see it later in an NAK packet, we 2071 * suggest a new one. 2072 */ 2073 nmagic = ~sp->lcp.magic; 2074 /* Gonna NAK it. */ 2075 p[2] = nmagic >> 24; 2076 p[3] = nmagic >> 16; 2077 p[4] = nmagic >> 8; 2078 p[5] = nmagic; 2079 break; 2080 2081 case LCP_OPT_ASYNC_MAP: 2082 /* Async control character map -- check to be zero. */ 2083 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) { 2084 if (debug) 2085 addlog("[empty] "); 2086 continue; 2087 } 2088 if (debug) 2089 addlog("[non-empty] "); 2090 /* suggest a zero one */ 2091 p[2] = p[3] = p[4] = p[5] = 0; 2092 break; 2093 2094 case LCP_OPT_MRU: 2095 /* 2096 * Maximum receive unit. Always agreeable, 2097 * but ignored by now. 2098 */ 2099 sp->lcp.their_mru = p[2] * 256 + p[3]; 2100 if (debug) 2101 addlog("%lu ", sp->lcp.their_mru); 2102 continue; 2103 2104 case LCP_OPT_AUTH_PROTO: 2105 authproto = (p[2] << 8) + p[3]; 2106 if (sp->myauth.proto != authproto) { 2107 /* not agreed, nak */ 2108 if (debug) 2109 addlog("[mine %s != his %s] ", 2110 sppp_proto_name(sp->hisauth.proto), 2111 sppp_proto_name(authproto)); 2112 p[2] = sp->myauth.proto >> 8; 2113 p[3] = sp->myauth.proto; 2114 break; 2115 } 2116 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2117 if (debug) 2118 addlog("[chap not MD5] "); 2119 p[4] = CHAP_MD5; 2120 break; 2121 } 2122 continue; 2123 } 2124 /* Add the option to nak'ed list. */ 2125 bcopy (p, r, p[1]); 2126 r += p[1]; 2127 rlen += p[1]; 2128 } 2129 if (rlen) { 2130 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2131 if (debug) 2132 addlog(" max_failure (%d) exceeded, " 2133 "send conf-rej\n", 2134 sp->lcp.max_failure); 2135 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2136 } else { 2137 if (debug) 2138 addlog(" send conf-nak\n"); 2139 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2140 } 2141 return 0; 2142 } else { 2143 if (debug) 2144 addlog(" send conf-ack\n"); 2145 sp->fail_counter[IDX_LCP] = 0; 2146 sp->pp_loopcnt = 0; 2147 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2148 h->ident, origlen, h+1); 2149 } 2150 2151 free (buf, M_TEMP); 2152 return (rlen == 0); 2153} 2154 2155/* 2156 * Analyze the LCP Configure-Reject option list, and adjust our 2157 * negotiation. 2158 */ 2159static void 2160sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2161{ 2162 STDDCL; 2163 u_char *buf, *p; 2164 2165 len -= 4; 2166 buf = malloc (len, M_TEMP, M_NOWAIT); 2167 if (!buf) 2168 return; 2169 2170 if (debug) 2171 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2172 SPP_ARGS(ifp)); 2173 2174 p = (void*) (h+1); 2175 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2176 if (debug) 2177 addlog(" %s ", sppp_lcp_opt_name(*p)); 2178 switch (*p) { 2179 case LCP_OPT_MAGIC: 2180 /* Magic number -- can't use it, use 0 */ 2181 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2182 sp->lcp.magic = 0; 2183 break; 2184 case LCP_OPT_MRU: 2185 /* 2186 * Should not be rejected anyway, since we only 2187 * negotiate a MRU if explicitly requested by 2188 * peer. 2189 */ 2190 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2191 break; 2192 case LCP_OPT_AUTH_PROTO: 2193 /* 2194 * Peer doesn't want to authenticate himself, 2195 * deny unless this is a dialout call, and 2196 * AUTHFLAG_NOCALLOUT is set. 2197 */ 2198 if ((sp->pp_flags & PP_CALLIN) == 0 && 2199 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2200 if (debug) 2201 addlog("[don't insist on auth " 2202 "for callout]"); 2203 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2204 break; 2205 } 2206 if (debug) 2207 addlog("[access denied]\n"); 2208 lcp.Close(sp); 2209 break; 2210 } 2211 } 2212 if (debug) 2213 addlog("\n"); 2214 free (buf, M_TEMP); 2215 return; 2216} 2217 2218/* 2219 * Analyze the LCP Configure-NAK option list, and adjust our 2220 * negotiation. 2221 */ 2222static void 2223sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2224{ 2225 STDDCL; 2226 u_char *buf, *p; 2227 u_long magic; 2228 2229 len -= 4; 2230 buf = malloc (len, M_TEMP, M_NOWAIT); 2231 if (!buf) 2232 return; 2233 2234 if (debug) 2235 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2236 SPP_ARGS(ifp)); 2237 2238 p = (void*) (h+1); 2239 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2240 if (debug) 2241 addlog(" %s ", sppp_lcp_opt_name(*p)); 2242 switch (*p) { 2243 case LCP_OPT_MAGIC: 2244 /* Magic number -- renegotiate */ 2245 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2246 len >= 6 && p[1] == 6) { 2247 magic = (u_long)p[2] << 24 | 2248 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2249 /* 2250 * If the remote magic is our negated one, 2251 * this looks like a loopback problem. 2252 * Suggest a new magic to make sure. 2253 */ 2254 if (magic == ~sp->lcp.magic) { 2255 if (debug) 2256 addlog("magic glitch "); 2257#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2258 sp->lcp.magic = random(); 2259#else 2260 sp->lcp.magic = time.tv_sec + time.tv_usec; 2261#endif 2262 } else { 2263 sp->lcp.magic = magic; 2264 if (debug) 2265 addlog("%lu ", magic); 2266 } 2267 } 2268 break; 2269 case LCP_OPT_MRU: 2270 /* 2271 * Peer wants to advise us to negotiate an MRU. 2272 * Agree on it if it's reasonable, or use 2273 * default otherwise. 2274 */ 2275 if (len >= 4 && p[1] == 4) { 2276 u_int mru = p[2] * 256 + p[3]; 2277 if (debug) 2278 addlog("%d ", mru); 2279 if (mru < PP_MTU || mru > PP_MAX_MRU) 2280 mru = PP_MTU; 2281 sp->lcp.mru = mru; 2282 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2283 } 2284 break; 2285 case LCP_OPT_AUTH_PROTO: 2286 /* 2287 * Peer doesn't like our authentication method, 2288 * deny. 2289 */ 2290 if (debug) 2291 addlog("[access denied]\n"); 2292 lcp.Close(sp); 2293 break; 2294 } 2295 } 2296 if (debug) 2297 addlog("\n"); 2298 free (buf, M_TEMP); 2299 return; 2300} 2301 2302static void 2303sppp_lcp_tlu(struct sppp *sp) 2304{ 2305 STDDCL; 2306 int i; 2307 u_long mask; 2308 2309 /* XXX ? */ 2310 if (! (ifp->if_flags & IFF_UP) && 2311 (ifp->if_flags & IFF_RUNNING)) { 2312 /* Coming out of loopback mode. */ 2313 if_up(ifp); 2314 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2315 } 2316 2317 for (i = 0; i < IDX_COUNT; i++) 2318 if ((cps[i])->flags & CP_QUAL) 2319 (cps[i])->Open(sp); 2320 2321 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2322 (sp->pp_flags & PP_NEEDAUTH) != 0) 2323 sp->pp_phase = PHASE_AUTHENTICATE; 2324 else 2325 sp->pp_phase = PHASE_NETWORK; 2326 2327 if (debug) 2328 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2329 sppp_phase_name(sp->pp_phase)); 2330 2331 /* 2332 * Open all authentication protocols. This is even required 2333 * if we already proceeded to network phase, since it might be 2334 * that remote wants us to authenticate, so we might have to 2335 * send a PAP request. Undesired authentication protocols 2336 * don't do anything when they get an Open event. 2337 */ 2338 for (i = 0; i < IDX_COUNT; i++) 2339 if ((cps[i])->flags & CP_AUTH) 2340 (cps[i])->Open(sp); 2341 2342 if (sp->pp_phase == PHASE_NETWORK) { 2343 /* Notify all NCPs. */ 2344 for (i = 0; i < IDX_COUNT; i++) 2345 if ((cps[i])->flags & CP_NCP) 2346 (cps[i])->Open(sp); 2347 } 2348 2349 /* Send Up events to all started protos. */ 2350 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2351 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) 2352 (cps[i])->Up(sp); 2353 2354 /* notify low-level driver of state change */ 2355 if (sp->pp_chg) 2356 sp->pp_chg(sp, (int)sp->pp_phase); 2357 2358 if (sp->pp_phase == PHASE_NETWORK) 2359 /* if no NCP is starting, close down */ 2360 sppp_lcp_check_and_close(sp); 2361} 2362 2363static void 2364sppp_lcp_tld(struct sppp *sp) 2365{ 2366 STDDCL; 2367 int i; 2368 u_long mask; 2369 2370 sp->pp_phase = PHASE_TERMINATE; 2371 2372 if (debug) 2373 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2374 sppp_phase_name(sp->pp_phase)); 2375 2376 /* 2377 * Take upper layers down. We send the Down event first and 2378 * the Close second to prevent the upper layers from sending 2379 * ``a flurry of terminate-request packets'', as the RFC 2380 * describes it. 2381 */ 2382 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2383 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) { 2384 (cps[i])->Down(sp); 2385 (cps[i])->Close(sp); 2386 } 2387} 2388 2389static void 2390sppp_lcp_tls(struct sppp *sp) 2391{ 2392 STDDCL; 2393 2394 sp->pp_phase = PHASE_ESTABLISH; 2395 2396 if (debug) 2397 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2398 sppp_phase_name(sp->pp_phase)); 2399 2400 /* Notify lower layer if desired. */ 2401 if (sp->pp_tls) 2402 (sp->pp_tls)(sp); 2403 else 2404 (sp->pp_up)(sp); 2405} 2406 2407static void 2408sppp_lcp_tlf(struct sppp *sp) 2409{ 2410 STDDCL; 2411 2412 sp->pp_phase = PHASE_DEAD; 2413 if (debug) 2414 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2415 sppp_phase_name(sp->pp_phase)); 2416 2417 /* Notify lower layer if desired. */ 2418 if (sp->pp_tlf) 2419 (sp->pp_tlf)(sp); 2420 else 2421 (sp->pp_down)(sp); 2422} 2423 2424static void 2425sppp_lcp_scr(struct sppp *sp) 2426{ 2427 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2428 int i = 0; 2429 u_short authproto; 2430 2431 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2432 if (! sp->lcp.magic) 2433#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2434 sp->lcp.magic = random(); 2435#else 2436 sp->lcp.magic = time.tv_sec + time.tv_usec; 2437#endif 2438 opt[i++] = LCP_OPT_MAGIC; 2439 opt[i++] = 6; 2440 opt[i++] = sp->lcp.magic >> 24; 2441 opt[i++] = sp->lcp.magic >> 16; 2442 opt[i++] = sp->lcp.magic >> 8; 2443 opt[i++] = sp->lcp.magic; 2444 } 2445 2446 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2447 opt[i++] = LCP_OPT_MRU; 2448 opt[i++] = 4; 2449 opt[i++] = sp->lcp.mru >> 8; 2450 opt[i++] = sp->lcp.mru; 2451 } 2452 2453 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2454 authproto = sp->hisauth.proto; 2455 opt[i++] = LCP_OPT_AUTH_PROTO; 2456 opt[i++] = authproto == PPP_CHAP? 5: 4; 2457 opt[i++] = authproto >> 8; 2458 opt[i++] = authproto; 2459 if (authproto == PPP_CHAP) 2460 opt[i++] = CHAP_MD5; 2461 } 2462 2463 sp->confid[IDX_LCP] = ++sp->pp_seq; 2464 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2465} 2466 2467/* 2468 * Check the open NCPs, return true if at least one NCP is open. 2469 */ 2470static int 2471sppp_ncp_check(struct sppp *sp) 2472{ 2473 int i, mask; 2474 2475 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2476 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP) 2477 return 1; 2478 return 0; 2479} 2480 2481/* 2482 * Re-check the open NCPs and see if we should terminate the link. 2483 * Called by the NCPs during their tlf action handling. 2484 */ 2485static void 2486sppp_lcp_check_and_close(struct sppp *sp) 2487{ 2488 2489 if (sp->pp_phase < PHASE_NETWORK) 2490 /* don't bother, we are already going down */ 2491 return; 2492 2493 if (sppp_ncp_check(sp)) 2494 return; 2495 2496 lcp.Close(sp); 2497} 2498/* 2499 *--------------------------------------------------------------------------* 2500 * * 2501 * The IPCP implementation. * 2502 * * 2503 *--------------------------------------------------------------------------* 2504 */ 2505 2506static void 2507sppp_ipcp_init(struct sppp *sp) 2508{ 2509 sp->ipcp.opts = 0; 2510 sp->ipcp.flags = 0; 2511 sp->state[IDX_IPCP] = STATE_INITIAL; 2512 sp->fail_counter[IDX_IPCP] = 0; 2513#if defined(__FreeBSD__) && __FreeBSD__ >= 3 2514 callout_handle_init(&sp->ch[IDX_IPCP]); 2515#endif 2516} 2517 2518static void 2519sppp_ipcp_up(struct sppp *sp) 2520{ 2521 sppp_up_event(&ipcp, sp); 2522} 2523 2524static void 2525sppp_ipcp_down(struct sppp *sp) 2526{ 2527 sppp_down_event(&ipcp, sp); 2528} 2529 2530static void 2531sppp_ipcp_open(struct sppp *sp) 2532{ 2533 STDDCL; 2534 u_long myaddr, hisaddr; 2535 2536 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN); 2537 2538 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2539 /* 2540 * If we don't have his address, this probably means our 2541 * interface doesn't want to talk IP at all. (This could 2542 * be the case if somebody wants to speak only IPX, for 2543 * example.) Don't open IPCP in this case. 2544 */ 2545 if (hisaddr == 0L) { 2546 /* XXX this message should go away */ 2547 if (debug) 2548 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2549 SPP_ARGS(ifp)); 2550 return; 2551 } 2552 2553 if (myaddr == 0L) { 2554 /* 2555 * I don't have an assigned address, so i need to 2556 * negotiate my address. 2557 */ 2558 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2559 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2560 } else 2561 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2562 sppp_open_event(&ipcp, sp); 2563} 2564 2565static void 2566sppp_ipcp_close(struct sppp *sp) 2567{ 2568 sppp_close_event(&ipcp, sp); 2569 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2570 /* 2571 * My address was dynamic, clear it again. 2572 */ 2573 sppp_set_ip_addr(sp, 0L); 2574} 2575 2576static void 2577sppp_ipcp_TO(void *cookie) 2578{ 2579 sppp_to_event(&ipcp, (struct sppp *)cookie); 2580} 2581 2582/* 2583 * Analyze a configure request. Return true if it was agreeable, and 2584 * caused action sca, false if it has been rejected or nak'ed, and 2585 * caused action scn. (The return value is used to make the state 2586 * transition decision in the state automaton.) 2587 */ 2588static int 2589sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2590{ 2591 u_char *buf, *r, *p; 2592 struct ifnet *ifp = &sp->pp_if; 2593 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2594 u_long hisaddr, desiredaddr; 2595 int gotmyaddr = 0; 2596 2597 len -= 4; 2598 origlen = len; 2599 /* 2600 * Make sure to allocate a buf that can at least hold a 2601 * conf-nak with an `address' option. We might need it below. 2602 */ 2603 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2604 if (! buf) 2605 return (0); 2606 2607 /* pass 1: see if we can recognize them */ 2608 if (debug) 2609 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2610 SPP_ARGS(ifp)); 2611 p = (void*) (h+1); 2612 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2613 if (debug) 2614 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2615 switch (*p) { 2616 case IPCP_OPT_ADDRESS: 2617 if (len >= 6 && p[1] == 6) { 2618 /* correctly formed address option */ 2619 continue; 2620 } 2621 if (debug) 2622 addlog("[invalid] "); 2623 break; 2624 default: 2625 /* Others not supported. */ 2626 if (debug) 2627 addlog("[rej] "); 2628 break; 2629 } 2630 /* Add the option to rejected list. */ 2631 bcopy (p, r, p[1]); 2632 r += p[1]; 2633 rlen += p[1]; 2634 } 2635 if (rlen) { 2636 if (debug) 2637 addlog(" send conf-rej\n"); 2638 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2639 return 0; 2640 } else if (debug) 2641 addlog("\n"); 2642 2643 /* pass 2: parse option values */ 2644 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 2645 if (debug) 2646 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2647 SPP_ARGS(ifp)); 2648 p = (void*) (h+1); 2649 len = origlen; 2650 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2651 if (debug) 2652 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2653 switch (*p) { 2654 case IPCP_OPT_ADDRESS: 2655 /* This is the address he wants in his end */ 2656 desiredaddr = p[2] << 24 | p[3] << 16 | 2657 p[4] << 8 | p[5]; 2658 if (desiredaddr == hisaddr || 2659 (hisaddr == 1 && desiredaddr != 0)) { 2660 /* 2661 * Peer's address is same as our value, 2662 * or we have set it to 0.0.0.1 to 2663 * indicate that we do not really care, 2664 * this is agreeable. Gonna conf-ack 2665 * it. 2666 */ 2667 if (debug) 2668 addlog("%s [ack] ", 2669 sppp_dotted_quad(hisaddr)); 2670 /* record that we've seen it already */ 2671 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2672 continue; 2673 } 2674 /* 2675 * The address wasn't agreeable. This is either 2676 * he sent us 0.0.0.0, asking to assign him an 2677 * address, or he send us another address not 2678 * matching our value. Either case, we gonna 2679 * conf-nak it with our value. 2680 * XXX: we should "rej" if hisaddr == 0 2681 */ 2682 if (debug) { 2683 if (desiredaddr == 0) 2684 addlog("[addr requested] "); 2685 else 2686 addlog("%s [not agreed] ", 2687 sppp_dotted_quad(desiredaddr)); 2688 2689 } 2690 p[2] = hisaddr >> 24; 2691 p[3] = hisaddr >> 16; 2692 p[4] = hisaddr >> 8; 2693 p[5] = hisaddr; 2694 break; 2695 } 2696 /* Add the option to nak'ed list. */ 2697 bcopy (p, r, p[1]); 2698 r += p[1]; 2699 rlen += p[1]; 2700 } 2701 2702 /* 2703 * If we are about to conf-ack the request, but haven't seen 2704 * his address so far, gonna conf-nak it instead, with the 2705 * `address' option present and our idea of his address being 2706 * filled in there, to request negotiation of both addresses. 2707 * 2708 * XXX This can result in an endless req - nak loop if peer 2709 * doesn't want to send us his address. Q: What should we do 2710 * about it? XXX A: implement the max-failure counter. 2711 */ 2712 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 2713 buf[0] = IPCP_OPT_ADDRESS; 2714 buf[1] = 6; 2715 buf[2] = hisaddr >> 24; 2716 buf[3] = hisaddr >> 16; 2717 buf[4] = hisaddr >> 8; 2718 buf[5] = hisaddr; 2719 rlen = 6; 2720 if (debug) 2721 addlog("still need hisaddr "); 2722 } 2723 2724 if (rlen) { 2725 if (debug) 2726 addlog(" send conf-nak\n"); 2727 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2728 } else { 2729 if (debug) 2730 addlog(" send conf-ack\n"); 2731 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 2732 h->ident, origlen, h+1); 2733 } 2734 2735 free (buf, M_TEMP); 2736 return (rlen == 0); 2737} 2738 2739/* 2740 * Analyze the IPCP Configure-Reject option list, and adjust our 2741 * negotiation. 2742 */ 2743static void 2744sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2745{ 2746 u_char *buf, *p; 2747 struct ifnet *ifp = &sp->pp_if; 2748 int debug = ifp->if_flags & IFF_DEBUG; 2749 2750 len -= 4; 2751 buf = malloc (len, M_TEMP, M_NOWAIT); 2752 if (!buf) 2753 return; 2754 2755 if (debug) 2756 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 2757 SPP_ARGS(ifp)); 2758 2759 p = (void*) (h+1); 2760 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2761 if (debug) 2762 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2763 switch (*p) { 2764 case IPCP_OPT_ADDRESS: 2765 /* 2766 * Peer doesn't grok address option. This is 2767 * bad. XXX Should we better give up here? 2768 * XXX We could try old "addresses" option... 2769 */ 2770 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 2771 break; 2772 } 2773 } 2774 if (debug) 2775 addlog("\n"); 2776 free (buf, M_TEMP); 2777 return; 2778} 2779 2780/* 2781 * Analyze the IPCP Configure-NAK option list, and adjust our 2782 * negotiation. 2783 */ 2784static void 2785sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2786{ 2787 u_char *buf, *p; 2788 struct ifnet *ifp = &sp->pp_if; 2789 int debug = ifp->if_flags & IFF_DEBUG; 2790 u_long wantaddr; 2791 2792 len -= 4; 2793 buf = malloc (len, M_TEMP, M_NOWAIT); 2794 if (!buf) 2795 return; 2796 2797 if (debug) 2798 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 2799 SPP_ARGS(ifp)); 2800 2801 p = (void*) (h+1); 2802 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2803 if (debug) 2804 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2805 switch (*p) { 2806 case IPCP_OPT_ADDRESS: 2807 /* 2808 * Peer doesn't like our local IP address. See 2809 * if we can do something for him. We'll drop 2810 * him our address then. 2811 */ 2812 if (len >= 6 && p[1] == 6) { 2813 wantaddr = p[2] << 24 | p[3] << 16 | 2814 p[4] << 8 | p[5]; 2815 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2816 if (debug) 2817 addlog("[wantaddr %s] ", 2818 sppp_dotted_quad(wantaddr)); 2819 /* 2820 * When doing dynamic address assignment, 2821 * we accept his offer. Otherwise, we 2822 * ignore it and thus continue to negotiate 2823 * our already existing value. 2824 * XXX: Bogus, if he said no once, he'll 2825 * just say no again, might as well die. 2826 */ 2827 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 2828 sppp_set_ip_addr(sp, wantaddr); 2829 if (debug) 2830 addlog("[agree] "); 2831 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2832 } 2833 } 2834 break; 2835 } 2836 } 2837 if (debug) 2838 addlog("\n"); 2839 free (buf, M_TEMP); 2840 return; 2841} 2842 2843static void 2844sppp_ipcp_tlu(struct sppp *sp) 2845{ 2846 /* we are up - notify isdn daemon */ 2847 if (sp->pp_con) 2848 sp->pp_con(sp); 2849} 2850 2851static void 2852sppp_ipcp_tld(struct sppp *sp) 2853{ 2854} 2855 2856static void 2857sppp_ipcp_tls(struct sppp *sp) 2858{ 2859 /* indicate to LCP that it must stay alive */ 2860 sp->lcp.protos |= (1 << IDX_IPCP); 2861} 2862 2863static void 2864sppp_ipcp_tlf(struct sppp *sp) 2865{ 2866 /* we no longer need LCP */ 2867 sp->lcp.protos &= ~(1 << IDX_IPCP); 2868 sppp_lcp_check_and_close(sp); 2869} 2870 2871static void 2872sppp_ipcp_scr(struct sppp *sp) 2873{ 2874 char opt[6 /* compression */ + 6 /* address */]; 2875 u_long ouraddr; 2876 int i = 0; 2877 2878 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 2879 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 2880 opt[i++] = IPCP_OPT_ADDRESS; 2881 opt[i++] = 6; 2882 opt[i++] = ouraddr >> 24; 2883 opt[i++] = ouraddr >> 16; 2884 opt[i++] = ouraddr >> 8; 2885 opt[i++] = ouraddr; 2886 } 2887 2888 sp->confid[IDX_IPCP] = ++sp->pp_seq; 2889 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 2890} 2891 2892 2893/* 2894 *--------------------------------------------------------------------------* 2895 * * 2896 * The CHAP implementation. * 2897 * * 2898 *--------------------------------------------------------------------------* 2899 */ 2900 2901/* 2902 * The authentication protocols don't employ a full-fledged state machine as 2903 * the control protocols do, since they do have Open and Close events, but 2904 * not Up and Down, nor are they explicitly terminated. Also, use of the 2905 * authentication protocols may be different in both directions (this makes 2906 * sense, think of a machine that never accepts incoming calls but only 2907 * calls out, it doesn't require the called party to authenticate itself). 2908 * 2909 * Our state machine for the local authentication protocol (we are requesting 2910 * the peer to authenticate) looks like: 2911 * 2912 * RCA- 2913 * +--------------------------------------------+ 2914 * V scn,tld| 2915 * +--------+ Close +---------+ RCA+ 2916 * | |<----------------------------------| |------+ 2917 * +--->| Closed | TO* | Opened | sca | 2918 * | | |-----+ +-------| |<-----+ 2919 * | +--------+ irc | | +---------+ 2920 * | ^ | | ^ 2921 * | | | | | 2922 * | | | | | 2923 * | TO-| | | | 2924 * | |tld TO+ V | | 2925 * | | +------->+ | | 2926 * | | | | | | 2927 * | +--------+ V | | 2928 * | | |<----+<--------------------+ | 2929 * | | Req- | scr | 2930 * | | Sent | | 2931 * | | | | 2932 * | +--------+ | 2933 * | RCA- | | RCA+ | 2934 * +------+ +------------------------------------------+ 2935 * scn,tld sca,irc,ict,tlu 2936 * 2937 * 2938 * with: 2939 * 2940 * Open: LCP reached authentication phase 2941 * Close: LCP reached terminate phase 2942 * 2943 * RCA+: received reply (pap-req, chap-response), acceptable 2944 * RCN: received reply (pap-req, chap-response), not acceptable 2945 * TO+: timeout with restart counter >= 0 2946 * TO-: timeout with restart counter < 0 2947 * TO*: reschedule timeout for CHAP 2948 * 2949 * scr: send request packet (none for PAP, chap-challenge) 2950 * sca: send ack packet (pap-ack, chap-success) 2951 * scn: send nak packet (pap-nak, chap-failure) 2952 * ict: initialize re-challenge timer (CHAP only) 2953 * 2954 * tlu: this-layer-up, LCP reaches network phase 2955 * tld: this-layer-down, LCP enters terminate phase 2956 * 2957 * Note that in CHAP mode, after sending a new challenge, while the state 2958 * automaton falls back into Req-Sent state, it doesn't signal a tld 2959 * event to LCP, so LCP remains in network phase. Only after not getting 2960 * any response (or after getting an unacceptable response), CHAP closes, 2961 * causing LCP to enter terminate phase. 2962 * 2963 * With PAP, there is no initial request that can be sent. The peer is 2964 * expected to send one based on the successful negotiation of PAP as 2965 * the authentication protocol during the LCP option negotiation. 2966 * 2967 * Incoming authentication protocol requests (remote requests 2968 * authentication, we are peer) don't employ a state machine at all, 2969 * they are simply answered. Some peers [Ascend P50 firmware rev 2970 * 4.50] react allergically when sending IPCP requests while they are 2971 * still in authentication phase (thereby violating the standard that 2972 * demands that these NCP packets are to be discarded), so we keep 2973 * track of the peer demanding us to authenticate, and only proceed to 2974 * phase network once we've seen a positive acknowledge for the 2975 * authentication. 2976 */ 2977 2978/* 2979 * Handle incoming CHAP packets. 2980 */ 2981void 2982sppp_chap_input(struct sppp *sp, struct mbuf *m) 2983{ 2984 STDDCL; 2985 struct lcp_header *h; 2986 int len, x; 2987 u_char *value, *name, digest[AUTHKEYLEN], dsize; 2988 int value_len, name_len; 2989 MD5_CTX ctx; 2990 2991 len = m->m_pkthdr.len; 2992 if (len < 4) { 2993 if (debug) 2994 log(LOG_DEBUG, 2995 SPP_FMT "chap invalid packet length: %d bytes\n", 2996 SPP_ARGS(ifp), len); 2997 return; 2998 } 2999 h = mtod (m, struct lcp_header*); 3000 if (len > ntohs (h->len)) 3001 len = ntohs (h->len); 3002 3003 switch (h->type) { 3004 /* challenge, failure and success are his authproto */ 3005 case CHAP_CHALLENGE: 3006 value = 1 + (u_char*)(h+1); 3007 value_len = value[-1]; 3008 name = value + value_len; 3009 name_len = len - value_len - 5; 3010 if (name_len < 0) { 3011 if (debug) { 3012 log(LOG_DEBUG, 3013 SPP_FMT "chap corrupted challenge " 3014 "<%s id=0x%x len=%d", 3015 SPP_ARGS(ifp), 3016 sppp_auth_type_name(PPP_CHAP, h->type), 3017 h->ident, ntohs(h->len)); 3018 sppp_print_bytes((u_char*) (h+1), len-4); 3019 addlog(">\n"); 3020 } 3021 break; 3022 } 3023 3024 if (debug) { 3025 log(LOG_DEBUG, 3026 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3027 SPP_ARGS(ifp), 3028 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3029 ntohs(h->len)); 3030 sppp_print_string((char*) name, name_len); 3031 addlog(" value-size=%d value=", value_len); 3032 sppp_print_bytes(value, value_len); 3033 addlog(">\n"); 3034 } 3035 3036 /* Compute reply value. */ 3037 MD5Init(&ctx); 3038 MD5Update(&ctx, &h->ident, 1); 3039 MD5Update(&ctx, sp->myauth.secret, 3040 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 3041 MD5Update(&ctx, value, value_len); 3042 MD5Final(digest, &ctx); 3043 dsize = sizeof digest; 3044 3045 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3046 sizeof dsize, (const char *)&dsize, 3047 sizeof digest, digest, 3048 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3049 sp->myauth.name, 3050 0); 3051 break; 3052 3053 case CHAP_SUCCESS: 3054 if (debug) { 3055 log(LOG_DEBUG, SPP_FMT "chap success", 3056 SPP_ARGS(ifp)); 3057 if (len > 4) { 3058 addlog(": "); 3059 sppp_print_string((char*)(h + 1), len - 4); 3060 } 3061 addlog("\n"); 3062 } 3063 x = splimp(); 3064 sp->pp_flags &= ~PP_NEEDAUTH; 3065 if (sp->myauth.proto == PPP_CHAP && 3066 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3067 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3068 /* 3069 * We are authenticator for CHAP but didn't 3070 * complete yet. Leave it to tlu to proceed 3071 * to network phase. 3072 */ 3073 splx(x); 3074 break; 3075 } 3076 splx(x); 3077 sppp_phase_network(sp); 3078 break; 3079 3080 case CHAP_FAILURE: 3081 if (debug) { 3082 log(LOG_INFO, SPP_FMT "chap failure", 3083 SPP_ARGS(ifp)); 3084 if (len > 4) { 3085 addlog(": "); 3086 sppp_print_string((char*)(h + 1), len - 4); 3087 } 3088 addlog("\n"); 3089 } else 3090 log(LOG_INFO, SPP_FMT "chap failure\n", 3091 SPP_ARGS(ifp)); 3092 /* await LCP shutdown by authenticator */ 3093 break; 3094 3095 /* response is my authproto */ 3096 case CHAP_RESPONSE: 3097 value = 1 + (u_char*)(h+1); 3098 value_len = value[-1]; 3099 name = value + value_len; 3100 name_len = len - value_len - 5; 3101 if (name_len < 0) { 3102 if (debug) { 3103 log(LOG_DEBUG, 3104 SPP_FMT "chap corrupted response " 3105 "<%s id=0x%x len=%d", 3106 SPP_ARGS(ifp), 3107 sppp_auth_type_name(PPP_CHAP, h->type), 3108 h->ident, ntohs(h->len)); 3109 sppp_print_bytes((u_char*)(h+1), len-4); 3110 addlog(">\n"); 3111 } 3112 break; 3113 } 3114 if (h->ident != sp->confid[IDX_CHAP]) { 3115 if (debug) 3116 log(LOG_DEBUG, 3117 SPP_FMT "chap dropping response for old ID " 3118 "(got %d, expected %d)\n", 3119 SPP_ARGS(ifp), 3120 h->ident, sp->confid[IDX_CHAP]); 3121 break; 3122 } 3123 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 3124 || bcmp(name, sp->hisauth.name, name_len) != 0) { 3125 log(LOG_INFO, SPP_FMT "chap response, his name ", 3126 SPP_ARGS(ifp)); 3127 sppp_print_string(name, name_len); 3128 addlog(" != expected "); 3129 sppp_print_string(sp->hisauth.name, 3130 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 3131 addlog("\n"); 3132 } 3133 if (debug) { 3134 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 3135 "<%s id=0x%x len=%d name=", 3136 SPP_ARGS(ifp), 3137 sppp_state_name(sp->state[IDX_CHAP]), 3138 sppp_auth_type_name(PPP_CHAP, h->type), 3139 h->ident, ntohs (h->len)); 3140 sppp_print_string((char*)name, name_len); 3141 addlog(" value-size=%d value=", value_len); 3142 sppp_print_bytes(value, value_len); 3143 addlog(">\n"); 3144 } 3145 if (value_len != AUTHKEYLEN) { 3146 if (debug) 3147 log(LOG_DEBUG, 3148 SPP_FMT "chap bad hash value length: " 3149 "%d bytes, should be %d\n", 3150 SPP_ARGS(ifp), value_len, 3151 AUTHKEYLEN); 3152 break; 3153 } 3154 3155 MD5Init(&ctx); 3156 MD5Update(&ctx, &h->ident, 1); 3157 MD5Update(&ctx, sp->hisauth.secret, 3158 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 3159 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 3160 MD5Final(digest, &ctx); 3161 3162#define FAILMSG "Failed..." 3163#define SUCCMSG "Welcome!" 3164 3165 if (value_len != sizeof digest || 3166 bcmp(digest, value, value_len) != 0) { 3167 /* action scn, tld */ 3168 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3169 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3170 0); 3171 chap.tld(sp); 3172 break; 3173 } 3174 /* action sca, perhaps tlu */ 3175 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 3176 sp->state[IDX_CHAP] == STATE_OPENED) 3177 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 3178 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3179 0); 3180 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 3181 sppp_cp_change_state(&chap, sp, STATE_OPENED); 3182 chap.tlu(sp); 3183 } 3184 break; 3185 3186 default: 3187 /* Unknown CHAP packet type -- ignore. */ 3188 if (debug) { 3189 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 3190 "<0x%x id=0x%xh len=%d", 3191 SPP_ARGS(ifp), 3192 sppp_state_name(sp->state[IDX_CHAP]), 3193 h->type, h->ident, ntohs(h->len)); 3194 sppp_print_bytes((u_char*)(h+1), len-4); 3195 addlog(">\n"); 3196 } 3197 break; 3198 3199 } 3200} 3201 3202static void 3203sppp_chap_init(struct sppp *sp) 3204{ 3205 /* Chap doesn't have STATE_INITIAL at all. */ 3206 sp->state[IDX_CHAP] = STATE_CLOSED; 3207 sp->fail_counter[IDX_CHAP] = 0; 3208#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3209 callout_handle_init(&sp->ch[IDX_CHAP]); 3210#endif 3211} 3212 3213static void 3214sppp_chap_open(struct sppp *sp) 3215{ 3216 if (sp->myauth.proto == PPP_CHAP && 3217 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3218 /* we are authenticator for CHAP, start it */ 3219 chap.scr(sp); 3220 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3221 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3222 } 3223 /* nothing to be done if we are peer, await a challenge */ 3224} 3225 3226static void 3227sppp_chap_close(struct sppp *sp) 3228{ 3229 if (sp->state[IDX_CHAP] != STATE_CLOSED) 3230 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3231} 3232 3233static void 3234sppp_chap_TO(void *cookie) 3235{ 3236 struct sppp *sp = (struct sppp *)cookie; 3237 STDDCL; 3238 int s; 3239 3240 s = splimp(); 3241 if (debug) 3242 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 3243 SPP_ARGS(ifp), 3244 sppp_state_name(sp->state[IDX_CHAP]), 3245 sp->rst_counter[IDX_CHAP]); 3246 3247 if (--sp->rst_counter[IDX_CHAP] < 0) 3248 /* TO- event */ 3249 switch (sp->state[IDX_CHAP]) { 3250 case STATE_REQ_SENT: 3251 chap.tld(sp); 3252 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3253 break; 3254 } 3255 else 3256 /* TO+ (or TO*) event */ 3257 switch (sp->state[IDX_CHAP]) { 3258 case STATE_OPENED: 3259 /* TO* event */ 3260 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3261 /* fall through */ 3262 case STATE_REQ_SENT: 3263 chap.scr(sp); 3264 /* sppp_cp_change_state() will restart the timer */ 3265 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3266 break; 3267 } 3268 3269 splx(s); 3270} 3271 3272static void 3273sppp_chap_tlu(struct sppp *sp) 3274{ 3275 STDDCL; 3276 int i, x; 3277 3278 i = 0; 3279 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3280 3281 /* 3282 * Some broken CHAP implementations (Conware CoNet, firmware 3283 * 4.0.?) don't want to re-authenticate their CHAP once the 3284 * initial challenge-response exchange has taken place. 3285 * Provide for an option to avoid rechallenges. 3286 */ 3287 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 3288 /* 3289 * Compute the re-challenge timeout. This will yield 3290 * a number between 300 and 810 seconds. 3291 */ 3292 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 3293 TIMEOUT(chap.TO, (void *)sp, i * hz, sp->ch[IDX_CHAP]); 3294 } 3295 3296 if (debug) { 3297 log(LOG_DEBUG, 3298 SPP_FMT "chap %s, ", 3299 SPP_ARGS(ifp), 3300 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 3301 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 3302 addlog("next re-challenge in %d seconds\n", i); 3303 else 3304 addlog("re-challenging supressed\n"); 3305 } 3306 3307 x = splimp(); 3308 /* indicate to LCP that we need to be closed down */ 3309 sp->lcp.protos |= (1 << IDX_CHAP); 3310 3311 if (sp->pp_flags & PP_NEEDAUTH) { 3312 /* 3313 * Remote is authenticator, but his auth proto didn't 3314 * complete yet. Defer the transition to network 3315 * phase. 3316 */ 3317 splx(x); 3318 return; 3319 } 3320 splx(x); 3321 3322 /* 3323 * If we are already in phase network, we are done here. This 3324 * is the case if this is a dummy tlu event after a re-challenge. 3325 */ 3326 if (sp->pp_phase != PHASE_NETWORK) 3327 sppp_phase_network(sp); 3328} 3329 3330static void 3331sppp_chap_tld(struct sppp *sp) 3332{ 3333 STDDCL; 3334 3335 if (debug) 3336 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 3337 UNTIMEOUT(chap.TO, (void *)sp, sp->ch[IDX_CHAP]); 3338 sp->lcp.protos &= ~(1 << IDX_CHAP); 3339 3340 lcp.Close(sp); 3341} 3342 3343static void 3344sppp_chap_scr(struct sppp *sp) 3345{ 3346 u_long *ch, seed; 3347 u_char clen; 3348 3349 /* Compute random challenge. */ 3350 ch = (u_long *)sp->myauth.challenge; 3351#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3352 read_random(&seed, sizeof seed); 3353#else 3354 { 3355 struct timeval tv; 3356 microtime(&tv); 3357 seed = tv.tv_sec ^ tv.tv_usec; 3358 } 3359#endif 3360 ch[0] = seed ^ random(); 3361 ch[1] = seed ^ random(); 3362 ch[2] = seed ^ random(); 3363 ch[3] = seed ^ random(); 3364 clen = AUTHKEYLEN; 3365 3366 sp->confid[IDX_CHAP] = ++sp->pp_seq; 3367 3368 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 3369 sizeof clen, (const char *)&clen, 3370 (size_t)AUTHKEYLEN, sp->myauth.challenge, 3371 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3372 sp->myauth.name, 3373 0); 3374} 3375/* 3376 *--------------------------------------------------------------------------* 3377 * * 3378 * The PAP implementation. * 3379 * * 3380 *--------------------------------------------------------------------------* 3381 */ 3382/* 3383 * For PAP, we need to keep a little state also if we are the peer, not the 3384 * authenticator. This is since we don't get a request to authenticate, but 3385 * have to repeatedly authenticate ourself until we got a response (or the 3386 * retry counter is expired). 3387 */ 3388 3389/* 3390 * Handle incoming PAP packets. */ 3391static void 3392sppp_pap_input(struct sppp *sp, struct mbuf *m) 3393{ 3394 STDDCL; 3395 struct lcp_header *h; 3396 int len, x; 3397 u_char *name, *passwd, mlen; 3398 int name_len, passwd_len; 3399 3400 len = m->m_pkthdr.len; 3401 if (len < 5) { 3402 if (debug) 3403 log(LOG_DEBUG, 3404 SPP_FMT "pap invalid packet length: %d bytes\n", 3405 SPP_ARGS(ifp), len); 3406 return; 3407 } 3408 h = mtod (m, struct lcp_header*); 3409 if (len > ntohs (h->len)) 3410 len = ntohs (h->len); 3411 switch (h->type) { 3412 /* PAP request is my authproto */ 3413 case PAP_REQ: 3414 name = 1 + (u_char*)(h+1); 3415 name_len = name[-1]; 3416 passwd = name + name_len + 1; 3417 if (name_len > len - 6 || 3418 (passwd_len = passwd[-1]) > len - 6 - name_len) { 3419 if (debug) { 3420 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3421 "<%s id=0x%x len=%d", 3422 SPP_ARGS(ifp), 3423 sppp_auth_type_name(PPP_PAP, h->type), 3424 h->ident, ntohs(h->len)); 3425 sppp_print_bytes((u_char*)(h+1), len-4); 3426 addlog(">\n"); 3427 } 3428 break; 3429 } 3430 if (debug) { 3431 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 3432 "<%s id=0x%x len=%d name=", 3433 SPP_ARGS(ifp), 3434 sppp_state_name(sp->state[IDX_PAP]), 3435 sppp_auth_type_name(PPP_PAP, h->type), 3436 h->ident, ntohs(h->len)); 3437 sppp_print_string((char*)name, name_len); 3438 addlog(" passwd="); 3439 sppp_print_string((char*)passwd, passwd_len); 3440 addlog(">\n"); 3441 } 3442 if (name_len > AUTHNAMELEN || 3443 passwd_len > AUTHKEYLEN || 3444 bcmp(name, sp->hisauth.name, name_len) != 0 || 3445 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 3446 /* action scn, tld */ 3447 mlen = sizeof(FAILMSG) - 1; 3448 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 3449 sizeof mlen, (const char *)&mlen, 3450 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3451 0); 3452 pap.tld(sp); 3453 break; 3454 } 3455 /* action sca, perhaps tlu */ 3456 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 3457 sp->state[IDX_PAP] == STATE_OPENED) { 3458 mlen = sizeof(SUCCMSG) - 1; 3459 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 3460 sizeof mlen, (const char *)&mlen, 3461 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3462 0); 3463 } 3464 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 3465 sppp_cp_change_state(&pap, sp, STATE_OPENED); 3466 pap.tlu(sp); 3467 } 3468 break; 3469 3470 /* ack and nak are his authproto */ 3471 case PAP_ACK: 3472 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3473 if (debug) { 3474 log(LOG_DEBUG, SPP_FMT "pap success", 3475 SPP_ARGS(ifp)); 3476 name_len = *((char *)h); 3477 if (len > 5 && name_len) { 3478 addlog(": "); 3479 sppp_print_string((char*)(h+1), name_len); 3480 } 3481 addlog("\n"); 3482 } 3483 x = splimp(); 3484 sp->pp_flags &= ~PP_NEEDAUTH; 3485 if (sp->myauth.proto == PPP_PAP && 3486 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3487 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 3488 /* 3489 * We are authenticator for PAP but didn't 3490 * complete yet. Leave it to tlu to proceed 3491 * to network phase. 3492 */ 3493 splx(x); 3494 break; 3495 } 3496 splx(x); 3497 sppp_phase_network(sp); 3498 break; 3499 3500 case PAP_NAK: 3501 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3502 if (debug) { 3503 log(LOG_INFO, SPP_FMT "pap failure", 3504 SPP_ARGS(ifp)); 3505 name_len = *((char *)h); 3506 if (len > 5 && name_len) { 3507 addlog(": "); 3508 sppp_print_string((char*)(h+1), name_len); 3509 } 3510 addlog("\n"); 3511 } else 3512 log(LOG_INFO, SPP_FMT "pap failure\n", 3513 SPP_ARGS(ifp)); 3514 /* await LCP shutdown by authenticator */ 3515 break; 3516 3517 default: 3518 /* Unknown PAP packet type -- ignore. */ 3519 if (debug) { 3520 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3521 "<0x%x id=0x%x len=%d", 3522 SPP_ARGS(ifp), 3523 h->type, h->ident, ntohs(h->len)); 3524 sppp_print_bytes((u_char*)(h+1), len-4); 3525 addlog(">\n"); 3526 } 3527 break; 3528 3529 } 3530} 3531 3532static void 3533sppp_pap_init(struct sppp *sp) 3534{ 3535 /* PAP doesn't have STATE_INITIAL at all. */ 3536 sp->state[IDX_PAP] = STATE_CLOSED; 3537 sp->fail_counter[IDX_PAP] = 0; 3538#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3539 callout_handle_init(&sp->ch[IDX_PAP]); 3540 callout_handle_init(&sp->pap_my_to_ch); 3541#endif 3542} 3543 3544static void 3545sppp_pap_open(struct sppp *sp) 3546{ 3547 if (sp->hisauth.proto == PPP_PAP && 3548 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3549 /* we are authenticator for PAP, start our timer */ 3550 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3551 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3552 } 3553 if (sp->myauth.proto == PPP_PAP) { 3554 /* we are peer, send a request, and start a timer */ 3555 pap.scr(sp); 3556 TIMEOUT(sppp_pap_my_TO, (void *)sp, sp->lcp.timeout, 3557 sp->pap_my_to_ch); 3558 } 3559} 3560 3561static void 3562sppp_pap_close(struct sppp *sp) 3563{ 3564 if (sp->state[IDX_PAP] != STATE_CLOSED) 3565 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3566} 3567 3568/* 3569 * That's the timeout routine if we are authenticator. Since the 3570 * authenticator is basically passive in PAP, we can't do much here. 3571 */ 3572static void 3573sppp_pap_TO(void *cookie) 3574{ 3575 struct sppp *sp = (struct sppp *)cookie; 3576 STDDCL; 3577 int s; 3578 3579 s = splimp(); 3580 if (debug) 3581 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 3582 SPP_ARGS(ifp), 3583 sppp_state_name(sp->state[IDX_PAP]), 3584 sp->rst_counter[IDX_PAP]); 3585 3586 if (--sp->rst_counter[IDX_PAP] < 0) 3587 /* TO- event */ 3588 switch (sp->state[IDX_PAP]) { 3589 case STATE_REQ_SENT: 3590 pap.tld(sp); 3591 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3592 break; 3593 } 3594 else 3595 /* TO+ event, not very much we could do */ 3596 switch (sp->state[IDX_PAP]) { 3597 case STATE_REQ_SENT: 3598 /* sppp_cp_change_state() will restart the timer */ 3599 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3600 break; 3601 } 3602 3603 splx(s); 3604} 3605 3606/* 3607 * That's the timeout handler if we are peer. Since the peer is active, 3608 * we need to retransmit our PAP request since it is apparently lost. 3609 * XXX We should impose a max counter. 3610 */ 3611static void 3612sppp_pap_my_TO(void *cookie) 3613{ 3614 struct sppp *sp = (struct sppp *)cookie; 3615 STDDCL; 3616 3617 if (debug) 3618 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 3619 SPP_ARGS(ifp)); 3620 3621 pap.scr(sp); 3622} 3623 3624static void 3625sppp_pap_tlu(struct sppp *sp) 3626{ 3627 STDDCL; 3628 int x; 3629 3630 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3631 3632 if (debug) 3633 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 3634 SPP_ARGS(ifp), pap.name); 3635 3636 x = splimp(); 3637 /* indicate to LCP that we need to be closed down */ 3638 sp->lcp.protos |= (1 << IDX_PAP); 3639 3640 if (sp->pp_flags & PP_NEEDAUTH) { 3641 /* 3642 * Remote is authenticator, but his auth proto didn't 3643 * complete yet. Defer the transition to network 3644 * phase. 3645 */ 3646 splx(x); 3647 return; 3648 } 3649 splx(x); 3650 sppp_phase_network(sp); 3651} 3652 3653static void 3654sppp_pap_tld(struct sppp *sp) 3655{ 3656 STDDCL; 3657 3658 if (debug) 3659 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 3660 UNTIMEOUT(pap.TO, (void *)sp, sp->ch[IDX_PAP]); 3661 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3662 sp->lcp.protos &= ~(1 << IDX_PAP); 3663 3664 lcp.Close(sp); 3665} 3666 3667static void 3668sppp_pap_scr(struct sppp *sp) 3669{ 3670 u_char idlen, pwdlen; 3671 3672 sp->confid[IDX_PAP] = ++sp->pp_seq; 3673 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 3674 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 3675 3676 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 3677 sizeof idlen, (const char *)&idlen, 3678 (size_t)idlen, sp->myauth.name, 3679 sizeof pwdlen, (const char *)&pwdlen, 3680 (size_t)pwdlen, sp->myauth.secret, 3681 0); 3682} 3683/* 3684 * Random miscellaneous functions. 3685 */ 3686 3687/* 3688 * Send a PAP or CHAP proto packet. 3689 * 3690 * Varadic function, each of the elements for the ellipsis is of type 3691 * ``size_t mlen, const u_char *msg''. Processing will stop iff 3692 * mlen == 0. 3693 * NOTE: never declare variadic functions with types subject to type 3694 * promotion (i.e. u_char). This is asking for big trouble depending 3695 * on the architecture you are on... 3696 */ 3697 3698static void 3699sppp_auth_send(const struct cp *cp, struct sppp *sp, 3700 unsigned int type, unsigned int id, 3701 ...) 3702{ 3703 STDDCL; 3704 struct ppp_header *h; 3705 struct lcp_header *lh; 3706 struct mbuf *m; 3707 u_char *p; 3708 int len; 3709 unsigned int mlen; 3710 const char *msg; 3711 va_list ap; 3712 3713 MGETHDR (m, M_DONTWAIT, MT_DATA); 3714 if (! m) 3715 return; 3716 m->m_pkthdr.rcvif = 0; 3717 3718 h = mtod (m, struct ppp_header*); 3719 h->address = PPP_ALLSTATIONS; /* broadcast address */ 3720 h->control = PPP_UI; /* Unnumbered Info */ 3721 h->protocol = htons(cp->proto); 3722 3723 lh = (struct lcp_header*)(h + 1); 3724 lh->type = type; 3725 lh->ident = id; 3726 p = (u_char*) (lh+1); 3727 3728 va_start(ap, id); 3729 len = 0; 3730 3731 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 3732 msg = va_arg(ap, const char *); 3733 len += mlen; 3734 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 3735 va_end(ap); 3736 m_freem(m); 3737 return; 3738 } 3739 3740 bcopy(msg, p, mlen); 3741 p += mlen; 3742 } 3743 va_end(ap); 3744 3745 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 3746 lh->len = htons (LCP_HEADER_LEN + len); 3747 3748 if (debug) { 3749 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 3750 SPP_ARGS(ifp), cp->name, 3751 sppp_auth_type_name(cp->proto, lh->type), 3752 lh->ident, ntohs(lh->len)); 3753 sppp_print_bytes((u_char*) (lh+1), len); 3754 addlog(">\n"); 3755 } 3756 if (IF_QFULL (&sp->pp_cpq)) { 3757 IF_DROP (&sp->pp_fastq); 3758 IF_DROP (&ifp->if_snd); 3759 m_freem (m); 3760 ++ifp->if_oerrors; 3761 } else 3762 IF_ENQUEUE (&sp->pp_cpq, m); 3763 if (! (ifp->if_flags & IFF_OACTIVE)) 3764 (*ifp->if_start) (ifp); 3765 ifp->if_obytes += m->m_pkthdr.len + 3; 3766} 3767 3768/* 3769 * Flush interface queue. 3770 */ 3771static void 3772sppp_qflush(struct ifqueue *ifq) 3773{ 3774 struct mbuf *m, *n; 3775 3776 n = ifq->ifq_head; 3777 while ((m = n)) { 3778 n = m->m_act; 3779 m_freem (m); 3780 } 3781 ifq->ifq_head = 0; 3782 ifq->ifq_tail = 0; 3783 ifq->ifq_len = 0; 3784} 3785 3786/* 3787 * Send keepalive packets, every 10 seconds. 3788 */ 3789static void 3790sppp_keepalive(void *dummy) 3791{ 3792 struct sppp *sp; 3793 int s; 3794 3795 s = splimp(); 3796 for (sp=spppq; sp; sp=sp->pp_next) { 3797 struct ifnet *ifp = &sp->pp_if; 3798 3799 /* Keepalive mode disabled or channel down? */ 3800 if (! (sp->pp_flags & PP_KEEPALIVE) || 3801 ! (ifp->if_flags & IFF_RUNNING)) 3802 continue; 3803 3804 /* No keepalive in PPP mode if LCP not opened yet. */ 3805 if (sp->pp_mode != IFF_CISCO && 3806 sp->pp_phase < PHASE_AUTHENTICATE) 3807 continue; 3808 3809 if (sp->pp_alivecnt == MAXALIVECNT) { 3810 /* No keepalive packets got. Stop the interface. */ 3811 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 3812 if_down (ifp); 3813 sppp_qflush (&sp->pp_cpq); 3814 if (sp->pp_mode != IFF_CISCO) { 3815 /* XXX */ 3816 /* Shut down the PPP link. */ 3817 lcp.Down(sp); 3818 /* Initiate negotiation. XXX */ 3819 lcp.Up(sp); 3820 } 3821 } 3822 if (sp->pp_alivecnt <= MAXALIVECNT) 3823 ++sp->pp_alivecnt; 3824 if (sp->pp_mode == IFF_CISCO) 3825 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, ++sp->pp_seq, 3826 sp->pp_rseq); 3827 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 3828 long nmagic = htonl (sp->lcp.magic); 3829 sp->lcp.echoid = ++sp->pp_seq; 3830 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 3831 sp->lcp.echoid, 4, &nmagic); 3832 } 3833 } 3834 splx(s); 3835 TIMEOUT(sppp_keepalive, 0, hz * 10, keepalive_ch); 3836} 3837 3838/* 3839 * Get both IP addresses. 3840 */ 3841static void 3842sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 3843{ 3844 struct ifnet *ifp = &sp->pp_if; 3845 struct ifaddr *ifa; 3846 struct sockaddr_in *si, *sm; 3847 u_long ssrc, ddst; 3848 3849 sm = NULL; 3850 ssrc = ddst = 0L; 3851 /* 3852 * Pick the first AF_INET address from the list, 3853 * aliases don't make any sense on a p2p link anyway. 3854 */ 3855 si = 0; 3856#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3857 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 3858#elif defined(__NetBSD__) || defined (__OpenBSD__) 3859 for (ifa = ifp->if_addrlist.tqh_first; 3860 ifa; 3861 ifa = ifa->ifa_list.tqe_next) 3862#else 3863 for (ifa = ifp->if_addrlist; 3864 ifa; 3865 ifa = ifa->ifa_next) 3866#endif 3867 if (ifa->ifa_addr->sa_family == AF_INET) { 3868 si = (struct sockaddr_in *)ifa->ifa_addr; 3869 sm = (struct sockaddr_in *)ifa->ifa_netmask; 3870 if (si) 3871 break; 3872 } 3873 if (ifa) { 3874 if (si && si->sin_addr.s_addr) { 3875 ssrc = si->sin_addr.s_addr; 3876 if (srcmask) 3877 *srcmask = ntohl(sm->sin_addr.s_addr); 3878 } 3879 3880 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 3881 if (si && si->sin_addr.s_addr) 3882 ddst = si->sin_addr.s_addr; 3883 } 3884 3885 if (dst) *dst = ntohl(ddst); 3886 if (src) *src = ntohl(ssrc); 3887} 3888 3889/* 3890 * Set my IP address. Must be called at splimp. 3891 */ 3892static void 3893sppp_set_ip_addr(struct sppp *sp, u_long src) 3894{ 3895 STDDCL; 3896 struct ifaddr *ifa; 3897 struct sockaddr_in *si; 3898 3899 /* 3900 * Pick the first AF_INET address from the list, 3901 * aliases don't make any sense on a p2p link anyway. 3902 */ 3903 si = 0; 3904#if defined(__FreeBSD__) && __FreeBSD__ >= 3 3905 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 3906#elif defined(__NetBSD__) || defined (__OpenBSD__) 3907 for (ifa = ifp->if_addrlist.tqh_first; 3908 ifa; 3909 ifa = ifa->ifa_list.tqe_next) 3910#else 3911 for (ifa = ifp->if_addrlist; 3912 ifa; 3913 ifa = ifa->ifa_next) 3914#endif 3915 { 3916 if (ifa->ifa_addr->sa_family == AF_INET) 3917 { 3918 si = (struct sockaddr_in *)ifa->ifa_addr; 3919 if (si) 3920 break; 3921 } 3922 } 3923 3924 if (ifa && si) 3925 { 3926 int error; 3927#if __NetBSD_Version__ >= 103080000 3928 struct sockaddr_in new_sin = *si; 3929 3930 new_sin.sin_addr.s_addr = htonl(src); 3931 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 3932 if(debug && error) 3933 { 3934 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 3935 " failed, error=%d\n", SPP_ARGS(ifp), error); 3936 } 3937#else 3938 /* delete old route */ 3939 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 3940 if(debug && error) 3941 { 3942 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 3943 SPP_ARGS(ifp), error); 3944 } 3945 3946 /* set new address */ 3947 si->sin_addr.s_addr = htonl(src); 3948 3949 /* add new route */ 3950 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 3951 if (debug && error) 3952 { 3953 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 3954 SPP_ARGS(ifp), error); 3955 } 3956#endif 3957 } 3958} 3959 3960static int 3961sppp_params(struct sppp *sp, u_long cmd, void *data) 3962{ 3963 u_long subcmd; 3964 struct ifreq *ifr = (struct ifreq *)data; 3965 struct spppreq spr; 3966 3967 /* 3968 * ifr->ifr_data is supposed to point to a struct spppreq. 3969 * Check the cmd word first before attempting to fetch all the 3970 * data. 3971 */ 3972 if ((subcmd = fuword(ifr->ifr_data)) == -1) 3973 return EFAULT; 3974 3975 if (copyin((caddr_t)ifr->ifr_data, &spr, sizeof spr) != 0) 3976 return EFAULT; 3977 3978 switch (subcmd) { 3979 case SPPPIOGDEFS: 3980 if (cmd != SIOCGIFGENERIC) 3981 return EINVAL; 3982 /* 3983 * We copy over the entire current state, but clean 3984 * out some of the stuff we don't wanna pass up. 3985 * Remember, SIOCGIFGENERIC is unprotected, and can be 3986 * called by any user. No need to ever get PAP or 3987 * CHAP secrets back to userland anyway. 3988 */ 3989 bcopy(sp, &spr.defs, sizeof(struct sppp)); 3990 bzero(spr.defs.myauth.secret, AUTHKEYLEN); 3991 bzero(spr.defs.myauth.challenge, AUTHKEYLEN); 3992 bzero(spr.defs.hisauth.secret, AUTHKEYLEN); 3993 bzero(spr.defs.hisauth.challenge, AUTHKEYLEN); 3994 return copyout(&spr, (caddr_t)ifr->ifr_data, sizeof spr); 3995 3996 case SPPPIOSDEFS: 3997 if (cmd != SIOCSIFGENERIC) 3998 return EINVAL; 3999 /* 4000 * We have a very specific idea of which fields we allow 4001 * being passed back from userland, so to not clobber our 4002 * current state. For one, we only allow setting 4003 * anything if LCP is in dead phase. Once the LCP 4004 * negotiations started, the authentication settings must 4005 * not be changed again. (The administrator can force an 4006 * ifconfig down in order to get LCP back into dead 4007 * phase.) 4008 * 4009 * Also, we only allow for authentication parameters to be 4010 * specified. 4011 * 4012 * XXX Should allow to set or clear pp_flags. 4013 * 4014 * Finally, if the respective authentication protocol to 4015 * be used is set differently than 0, but the secret is 4016 * passed as all zeros, we don't trash the existing secret. 4017 * This allows an administrator to change the system name 4018 * only without clobbering the secret (which he didn't get 4019 * back in a previous SPPPIOGDEFS call). However, the 4020 * secrets are cleared if the authentication protocol is 4021 * reset to 0. 4022 */ 4023 if (sp->pp_phase != PHASE_DEAD) 4024 return EBUSY; 4025 4026 if ((spr.defs.myauth.proto != 0 && spr.defs.myauth.proto != PPP_PAP && 4027 spr.defs.myauth.proto != PPP_CHAP) || 4028 (spr.defs.hisauth.proto != 0 && spr.defs.hisauth.proto != PPP_PAP && 4029 spr.defs.hisauth.proto != PPP_CHAP)) 4030 return EINVAL; 4031 4032 if (spr.defs.myauth.proto == 0) 4033 /* resetting myauth */ 4034 bzero(&sp->myauth, sizeof sp->myauth); 4035 else { 4036 /* setting/changing myauth */ 4037 sp->myauth.proto = spr.defs.myauth.proto; 4038 bcopy(spr.defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 4039 if (spr.defs.myauth.secret[0] != '\0') 4040 bcopy(spr.defs.myauth.secret, sp->myauth.secret, 4041 AUTHKEYLEN); 4042 } 4043 if (spr.defs.hisauth.proto == 0) 4044 /* resetting hisauth */ 4045 bzero(&sp->hisauth, sizeof sp->hisauth); 4046 else { 4047 /* setting/changing hisauth */ 4048 sp->hisauth.proto = spr.defs.hisauth.proto; 4049 sp->hisauth.flags = spr.defs.hisauth.flags; 4050 bcopy(spr.defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 4051 if (spr.defs.hisauth.secret[0] != '\0') 4052 bcopy(spr.defs.hisauth.secret, sp->hisauth.secret, 4053 AUTHKEYLEN); 4054 } 4055 break; 4056 4057 default: 4058 return EINVAL; 4059 } 4060 4061 return 0; 4062} 4063 4064static void 4065sppp_phase_network(struct sppp *sp) 4066{ 4067 STDDCL; 4068 int i; 4069 u_long mask; 4070 4071 sp->pp_phase = PHASE_NETWORK; 4072 4073 if (debug) 4074 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 4075 sppp_phase_name(sp->pp_phase)); 4076 4077 /* Notify NCPs now. */ 4078 for (i = 0; i < IDX_COUNT; i++) 4079 if ((cps[i])->flags & CP_NCP) 4080 (cps[i])->Open(sp); 4081 4082 /* Send Up events to all NCPs. */ 4083 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 4084 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP)) 4085 (cps[i])->Up(sp); 4086 4087 /* if no NCP is starting, all this was in vain, close down */ 4088 sppp_lcp_check_and_close(sp); 4089} 4090 4091 4092static const char * 4093sppp_cp_type_name(u_char type) 4094{ 4095 static char buf[12]; 4096 switch (type) { 4097 case CONF_REQ: return "conf-req"; 4098 case CONF_ACK: return "conf-ack"; 4099 case CONF_NAK: return "conf-nak"; 4100 case CONF_REJ: return "conf-rej"; 4101 case TERM_REQ: return "term-req"; 4102 case TERM_ACK: return "term-ack"; 4103 case CODE_REJ: return "code-rej"; 4104 case PROTO_REJ: return "proto-rej"; 4105 case ECHO_REQ: return "echo-req"; 4106 case ECHO_REPLY: return "echo-reply"; 4107 case DISC_REQ: return "discard-req"; 4108 } 4109 snprintf (buf, sizeof(buf), "cp/0x%x", type); 4110 return buf; 4111} 4112 4113static const char * 4114sppp_auth_type_name(u_short proto, u_char type) 4115{ 4116 static char buf[12]; 4117 switch (proto) { 4118 case PPP_CHAP: 4119 switch (type) { 4120 case CHAP_CHALLENGE: return "challenge"; 4121 case CHAP_RESPONSE: return "response"; 4122 case CHAP_SUCCESS: return "success"; 4123 case CHAP_FAILURE: return "failure"; 4124 } 4125 case PPP_PAP: 4126 switch (type) { 4127 case PAP_REQ: return "req"; 4128 case PAP_ACK: return "ack"; 4129 case PAP_NAK: return "nak"; 4130 } 4131 } 4132 snprintf (buf, sizeof(buf), "auth/0x%x", type); 4133 return buf; 4134} 4135 4136static const char * 4137sppp_lcp_opt_name(u_char opt) 4138{ 4139 static char buf[12]; 4140 switch (opt) { 4141 case LCP_OPT_MRU: return "mru"; 4142 case LCP_OPT_ASYNC_MAP: return "async-map"; 4143 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 4144 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 4145 case LCP_OPT_MAGIC: return "magic"; 4146 case LCP_OPT_PROTO_COMP: return "proto-comp"; 4147 case LCP_OPT_ADDR_COMP: return "addr-comp"; 4148 } 4149 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 4150 return buf; 4151} 4152 4153static const char * 4154sppp_ipcp_opt_name(u_char opt) 4155{ 4156 static char buf[12]; 4157 switch (opt) { 4158 case IPCP_OPT_ADDRESSES: return "addresses"; 4159 case IPCP_OPT_COMPRESSION: return "compression"; 4160 case IPCP_OPT_ADDRESS: return "address"; 4161 } 4162 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 4163 return buf; 4164} 4165 4166static const char * 4167sppp_state_name(int state) 4168{ 4169 switch (state) { 4170 case STATE_INITIAL: return "initial"; 4171 case STATE_STARTING: return "starting"; 4172 case STATE_CLOSED: return "closed"; 4173 case STATE_STOPPED: return "stopped"; 4174 case STATE_CLOSING: return "closing"; 4175 case STATE_STOPPING: return "stopping"; 4176 case STATE_REQ_SENT: return "req-sent"; 4177 case STATE_ACK_RCVD: return "ack-rcvd"; 4178 case STATE_ACK_SENT: return "ack-sent"; 4179 case STATE_OPENED: return "opened"; 4180 } 4181 return "illegal"; 4182} 4183 4184static const char * 4185sppp_phase_name(enum ppp_phase phase) 4186{ 4187 switch (phase) { 4188 case PHASE_DEAD: return "dead"; 4189 case PHASE_ESTABLISH: return "establish"; 4190 case PHASE_TERMINATE: return "terminate"; 4191 case PHASE_AUTHENTICATE: return "authenticate"; 4192 case PHASE_NETWORK: return "network"; 4193 } 4194 return "illegal"; 4195} 4196 4197static const char * 4198sppp_proto_name(u_short proto) 4199{ 4200 static char buf[12]; 4201 switch (proto) { 4202 case PPP_LCP: return "lcp"; 4203 case PPP_IPCP: return "ipcp"; 4204 case PPP_PAP: return "pap"; 4205 case PPP_CHAP: return "chap"; 4206 } 4207 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 4208 return buf; 4209} 4210 4211static void 4212sppp_print_bytes(const u_char *p, u_short len) 4213{ 4214 if (len) 4215 addlog(" %*D", len, p, "-"); 4216} 4217 4218static void 4219sppp_print_string(const char *p, u_short len) 4220{ 4221 u_char c; 4222 4223 while (len-- > 0) { 4224 c = *p++; 4225 /* 4226 * Print only ASCII chars directly. RFC 1994 recommends 4227 * using only them, but we don't rely on it. */ 4228 if (c < ' ' || c > '~') 4229 addlog("\\x%x", c); 4230 else 4231 addlog("%c", c); 4232 } 4233} 4234 4235static const char * 4236sppp_dotted_quad(u_long addr) 4237{ 4238 static char s[16]; 4239 sprintf(s, "%d.%d.%d.%d", 4240 (int)((addr >> 24) & 0xff), 4241 (int)((addr >> 16) & 0xff), 4242 (int)((addr >> 8) & 0xff), 4243 (int)(addr & 0xff)); 4244 return s; 4245} 4246 4247static int 4248sppp_strnlen(u_char *p, int max) 4249{ 4250 int len; 4251 4252 for (len = 0; len < max && *p; ++p) 4253 ++len; 4254 return len; 4255} 4256 4257/* a dummy, used to drop uninteresting events */ 4258static void 4259sppp_null(struct sppp *unused) 4260{ 4261 /* do just nothing */ 4262} 4263