1 /* $OpenBSD: if_spppsubr.c,v 1.187 2020/09/12 13:44:38 kn Exp $ */ 2 /* 3 * Synchronous PPP link level subroutines. 4 * 5 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 6 * Author: Serge Vakulenko, <vak@cronyx.ru> 7 * 8 * Heavily revamped to conform to RFC 1661. 9 * Copyright (C) 1997, Joerg Wunsch. 10 * 11 * RFC2472 IPv6CP support. 12 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun@iijlab.net>. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions are met: 16 * 1. Redistributions of source code must retain the above copyright notice, 17 * this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright notice, 19 * this list of conditions and the following disclaimer in the documentation 20 * and/or other materials provided with the distribution. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY 23 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE 26 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 29 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 32 * POSSIBILITY OF SUCH DAMAGE. 33 * 34 * From: Version 2.6, Tue May 12 17:10:39 MSD 1998 35 */ 36 37 #include <sys/param.h> 38 39 #include <sys/systm.h> 40 #include <sys/kernel.h> 41 #include <sys/sockio.h> 42 #include <sys/socket.h> 43 #include <sys/syslog.h> 44 #include <sys/malloc.h> 45 #include <sys/mbuf.h> 46 47 #include <sys/timeout.h> 48 #include <crypto/md5.h> 49 50 #include <net/if.h> 51 #include <net/if_var.h> 52 #include <net/netisr.h> 53 #include <net/if_types.h> 54 #include <net/route.h> 55 56 #include <sys/stdarg.h> 57 58 #include <netinet/in.h> 59 #include <netinet/in_var.h> 60 #include <netinet/ip.h> 61 62 #ifdef INET6 63 #include <netinet6/in6_ifattach.h> 64 #endif 65 66 #include <net/if_sppp.h> 67 68 # define UNTIMEOUT(fun, arg, handle) \ 69 timeout_del(&(handle)) 70 71 #define MAXALIVECNT 3 /* max. missed alive packets */ 72 #define NORECV_TIME 15 /* before we get worried */ 73 74 /* 75 * Interface flags that can be set in an ifconfig command. 76 * 77 * Setting link0 will make the link passive, i.e. it will be marked 78 * as being administrative openable, but won't be opened to begin 79 * with. Incoming calls will be answered, or subsequent calls with 80 * -link1 will cause the administrative open of the LCP layer. 81 * 82 * Setting link1 will cause the link to auto-dial only as packets 83 * arrive to be sent. 84 * 85 * Setting IFF_DEBUG will syslog the option negotiation and state 86 * transitions at level kern.debug. Note: all logs consistently look 87 * like 88 * 89 * <if-name><unit>: <proto-name> <additional info...> 90 * 91 * with <if-name><unit> being something like "bppp0", and <proto-name> 92 * being one of "lcp", "ipcp", "chap", "pap", etc. 93 */ 94 95 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 96 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 97 98 #define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 99 #define PPP_UI 0x03 /* Unnumbered Information */ 100 #define PPP_IP 0x0021 /* Internet Protocol */ 101 #define PPP_ISO 0x0023 /* ISO OSI Protocol */ 102 #define PPP_XNS 0x0025 /* Xerox NS Protocol */ 103 #define PPP_IPX 0x002b /* Novell IPX Protocol */ 104 #define PPP_IPV6 0x0057 /* Internet Protocol v6 */ 105 #define PPP_LCP 0xc021 /* Link Control Protocol */ 106 #define PPP_PAP 0xc023 /* Password Authentication Protocol */ 107 #define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 108 #define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 109 #define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 110 111 #define CONF_REQ 1 /* PPP configure request */ 112 #define CONF_ACK 2 /* PPP configure acknowledge */ 113 #define CONF_NAK 3 /* PPP configure negative ack */ 114 #define CONF_REJ 4 /* PPP configure reject */ 115 #define TERM_REQ 5 /* PPP terminate request */ 116 #define TERM_ACK 6 /* PPP terminate acknowledge */ 117 #define CODE_REJ 7 /* PPP code reject */ 118 #define PROTO_REJ 8 /* PPP protocol reject */ 119 #define ECHO_REQ 9 /* PPP echo request */ 120 #define ECHO_REPLY 10 /* PPP echo reply */ 121 #define DISC_REQ 11 /* PPP discard request */ 122 123 #define LCP_OPT_MRU 1 /* maximum receive unit */ 124 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 125 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 126 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 127 #define LCP_OPT_MAGIC 5 /* magic number */ 128 #define LCP_OPT_RESERVED 6 /* reserved */ 129 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 130 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 131 132 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 133 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 134 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 135 136 #define IPV6CP_OPT_IFID 1 /* interface identifier */ 137 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 138 139 #define PAP_REQ 1 /* PAP name/password request */ 140 #define PAP_ACK 2 /* PAP acknowledge */ 141 #define PAP_NAK 3 /* PAP fail */ 142 143 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 144 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 145 #define CHAP_SUCCESS 3 /* CHAP response ok */ 146 #define CHAP_FAILURE 4 /* CHAP response failed */ 147 148 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 149 150 /* states are named and numbered according to RFC 1661 */ 151 #define STATE_INITIAL 0 152 #define STATE_STARTING 1 153 #define STATE_CLOSED 2 154 #define STATE_STOPPED 3 155 #define STATE_CLOSING 4 156 #define STATE_STOPPING 5 157 #define STATE_REQ_SENT 6 158 #define STATE_ACK_RCVD 7 159 #define STATE_ACK_SENT 8 160 #define STATE_OPENED 9 161 162 #define PKTHDRLEN 2 163 164 struct ppp_header { 165 u_char address; 166 u_char control; 167 u_short protocol; 168 }; 169 #define PPP_HEADER_LEN sizeof (struct ppp_header) 170 171 struct lcp_header { 172 u_char type; 173 u_char ident; 174 u_short len; 175 }; 176 #define LCP_HEADER_LEN sizeof (struct lcp_header) 177 178 /* 179 * We follow the spelling and capitalization of RFC 1661 here, to make 180 * it easier comparing with the standard. Please refer to this RFC in 181 * case you can't make sense out of these abbreviation; it will also 182 * explain the semantics related to the various events and actions. 183 */ 184 struct cp { 185 u_short proto; /* PPP control protocol number */ 186 u_char protoidx; /* index into state table in struct sppp */ 187 u_char flags; 188 #define CP_LCP 0x01 /* this is the LCP */ 189 #define CP_AUTH 0x02 /* this is an authentication protocol */ 190 #define CP_NCP 0x04 /* this is a NCP */ 191 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 192 const char *name; /* name of this control protocol */ 193 /* event handlers */ 194 void (*Up)(struct sppp *sp); 195 void (*Down)(struct sppp *sp); 196 void (*Open)(struct sppp *sp); 197 void (*Close)(struct sppp *sp); 198 void (*TO)(void *sp); 199 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 200 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 201 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 202 /* actions */ 203 void (*tlu)(struct sppp *sp); 204 void (*tld)(struct sppp *sp); 205 void (*tls)(struct sppp *sp); 206 void (*tlf)(struct sppp *sp); 207 void (*scr)(struct sppp *sp); 208 }; 209 210 static struct sppp *spppq; 211 static struct timeout keepalive_ch; 212 213 #define SPP_FMT "%s: " 214 #define SPP_ARGS(ifp) (ifp)->if_xname 215 216 /* almost every function needs these */ 217 #define STDDCL \ 218 struct ifnet *ifp = &sp->pp_if; \ 219 int debug = ifp->if_flags & IFF_DEBUG 220 221 int sppp_output(struct ifnet *ifp, struct mbuf *m, 222 struct sockaddr *dst, struct rtentry *rt); 223 224 void sppp_cp_input(const struct cp *cp, struct sppp *sp, 225 struct mbuf *m); 226 void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 227 u_char ident, u_short len, void *data); 228 #ifdef notyet 229 void sppp_cp_timeout(void *arg); 230 #endif 231 void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 232 int newstate); 233 void sppp_auth_send(const struct cp *cp, 234 struct sppp *sp, unsigned int type, u_int id, 235 ...); 236 237 void sppp_up_event(const struct cp *cp, struct sppp *sp); 238 void sppp_down_event(const struct cp *cp, struct sppp *sp); 239 void sppp_open_event(const struct cp *cp, struct sppp *sp); 240 void sppp_close_event(const struct cp *cp, struct sppp *sp); 241 void sppp_increasing_timeout(const struct cp *cp, struct sppp *sp); 242 void sppp_to_event(const struct cp *cp, struct sppp *sp); 243 244 void sppp_null(struct sppp *sp); 245 246 void sppp_lcp_init(struct sppp *sp); 247 void sppp_lcp_up(struct sppp *sp); 248 void sppp_lcp_down(struct sppp *sp); 249 void sppp_lcp_open(struct sppp *sp); 250 void sppp_lcp_close(struct sppp *sp); 251 void sppp_lcp_TO(void *sp); 252 int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 253 void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 254 void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 255 void sppp_lcp_tlu(struct sppp *sp); 256 void sppp_lcp_tld(struct sppp *sp); 257 void sppp_lcp_tls(struct sppp *sp); 258 void sppp_lcp_tlf(struct sppp *sp); 259 void sppp_lcp_scr(struct sppp *sp); 260 void sppp_lcp_check_and_close(struct sppp *sp); 261 int sppp_ncp_check(struct sppp *sp); 262 263 void sppp_ipcp_init(struct sppp *sp); 264 void sppp_ipcp_destroy(struct sppp *sp); 265 void sppp_ipcp_up(struct sppp *sp); 266 void sppp_ipcp_down(struct sppp *sp); 267 void sppp_ipcp_open(struct sppp *sp); 268 void sppp_ipcp_close(struct sppp *sp); 269 void sppp_ipcp_TO(void *sp); 270 int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 271 void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 272 void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 273 void sppp_ipcp_tlu(struct sppp *sp); 274 void sppp_ipcp_tld(struct sppp *sp); 275 void sppp_ipcp_tls(struct sppp *sp); 276 void sppp_ipcp_tlf(struct sppp *sp); 277 void sppp_ipcp_scr(struct sppp *sp); 278 279 void sppp_ipv6cp_init(struct sppp *sp); 280 void sppp_ipv6cp_destroy(struct sppp *sp); 281 void sppp_ipv6cp_up(struct sppp *sp); 282 void sppp_ipv6cp_down(struct sppp *sp); 283 void sppp_ipv6cp_open(struct sppp *sp); 284 void sppp_ipv6cp_close(struct sppp *sp); 285 void sppp_ipv6cp_TO(void *sp); 286 int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 287 void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 288 void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 289 void sppp_ipv6cp_tlu(struct sppp *sp); 290 void sppp_ipv6cp_tld(struct sppp *sp); 291 void sppp_ipv6cp_tls(struct sppp *sp); 292 void sppp_ipv6cp_tlf(struct sppp *sp); 293 void sppp_ipv6cp_scr(struct sppp *sp); 294 const char *sppp_ipv6cp_opt_name(u_char opt); 295 void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 296 struct in6_addr *dst, struct in6_addr *srcmask); 297 void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src, const struct in6_addr *dst); 298 void sppp_update_ip6_addr(void *sp); 299 void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest); 300 301 void sppp_pap_input(struct sppp *sp, struct mbuf *m); 302 void sppp_pap_init(struct sppp *sp); 303 void sppp_pap_open(struct sppp *sp); 304 void sppp_pap_close(struct sppp *sp); 305 void sppp_pap_TO(void *sp); 306 void sppp_pap_my_TO(void *sp); 307 void sppp_pap_tlu(struct sppp *sp); 308 void sppp_pap_tld(struct sppp *sp); 309 void sppp_pap_scr(struct sppp *sp); 310 311 void sppp_chap_input(struct sppp *sp, struct mbuf *m); 312 void sppp_chap_init(struct sppp *sp); 313 void sppp_chap_open(struct sppp *sp); 314 void sppp_chap_close(struct sppp *sp); 315 void sppp_chap_TO(void *sp); 316 void sppp_chap_tlu(struct sppp *sp); 317 void sppp_chap_tld(struct sppp *sp); 318 void sppp_chap_scr(struct sppp *sp); 319 320 const char *sppp_auth_type_name(u_short proto, u_char type); 321 const char *sppp_cp_type_name(u_char type); 322 const char *sppp_dotted_quad(u_int32_t addr); 323 const char *sppp_ipcp_opt_name(u_char opt); 324 const char *sppp_lcp_opt_name(u_char opt); 325 const char *sppp_phase_name(enum ppp_phase phase); 326 const char *sppp_proto_name(u_short proto); 327 const char *sppp_state_name(int state); 328 int sppp_get_params(struct sppp *sp, struct ifreq *data); 329 int sppp_set_params(struct sppp *sp, struct ifreq *data); 330 void sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, 331 u_int32_t *srcmask); 332 void sppp_keepalive(void *dummy); 333 void sppp_phase_network(struct sppp *sp); 334 void sppp_print_bytes(const u_char *p, u_short len); 335 void sppp_print_string(const char *p, u_short len); 336 int sppp_update_gw_walker(struct rtentry *rt, void *arg, unsigned int id); 337 void sppp_update_gw(struct ifnet *ifp); 338 void sppp_set_ip_addrs(void *); 339 void sppp_clear_ip_addrs(void *); 340 void sppp_set_phase(struct sppp *sp); 341 342 /* our control protocol descriptors */ 343 static const struct cp lcp = { 344 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 345 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 346 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 347 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 348 sppp_lcp_scr 349 }; 350 351 static const struct cp ipcp = { 352 PPP_IPCP, IDX_IPCP, 353 CP_NCP, 354 "ipcp", 355 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 356 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 357 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 358 sppp_ipcp_scr 359 }; 360 361 static const struct cp ipv6cp = { 362 PPP_IPV6CP, IDX_IPV6CP, 363 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 364 CP_NCP, 365 #else 366 0, 367 #endif 368 "ipv6cp", 369 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 370 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 371 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 372 sppp_ipv6cp_scr 373 }; 374 375 static const struct cp pap = { 376 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 377 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 378 sppp_pap_TO, 0, 0, 0, 379 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 380 sppp_pap_scr 381 }; 382 383 static const struct cp chap = { 384 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 385 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 386 sppp_chap_TO, 0, 0, 0, 387 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 388 sppp_chap_scr 389 }; 390 391 static const struct cp *cps[IDX_COUNT] = { 392 &lcp, /* IDX_LCP */ 393 &ipcp, /* IDX_IPCP */ 394 &ipv6cp, /* IDX_IPV6CP */ 395 &pap, /* IDX_PAP */ 396 &chap, /* IDX_CHAP */ 397 }; 398 399 400 /* 401 * Exported functions, comprising our interface to the lower layer. 402 */ 403 404 /* Workaround */ 405 void 406 spppattach(struct ifnet *ifp) 407 { 408 } 409 410 /* 411 * Process the received packet. 412 */ 413 void 414 sppp_input(struct ifnet *ifp, struct mbuf *m) 415 { 416 struct ppp_header ht; 417 struct sppp *sp = (struct sppp *)ifp; 418 struct timeval tv; 419 int debug = ifp->if_flags & IFF_DEBUG; 420 421 getmicrouptime(&tv); 422 423 if (ifp->if_flags & IFF_UP) { 424 /* Count received bytes, add hardware framing */ 425 ifp->if_ibytes += m->m_pkthdr.len + sp->pp_framebytes; 426 /* Note time of last receive */ 427 sp->pp_last_receive = tv.tv_sec; 428 } 429 430 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 431 /* Too small packet, drop it. */ 432 if (debug) 433 log(LOG_DEBUG, 434 SPP_FMT "input packet is too small, %d bytes\n", 435 SPP_ARGS(ifp), m->m_pkthdr.len); 436 drop: 437 m_freem (m); 438 ++ifp->if_ierrors; 439 ++ifp->if_iqdrops; 440 return; 441 } 442 443 /* mark incoming routing domain */ 444 m->m_pkthdr.ph_rtableid = ifp->if_rdomain; 445 446 m_copydata(m, 0, sizeof(ht.protocol), (caddr_t)&ht.protocol); 447 m_adj(m, 2); 448 ht.control = PPP_UI; 449 ht.address = PPP_ALLSTATIONS; 450 451 /* preserve the alignment */ 452 if (m->m_len < m->m_pkthdr.len) { 453 m = m_pullup(m, m->m_pkthdr.len); 454 if (m == NULL) { 455 if (debug) 456 log(LOG_DEBUG, 457 SPP_FMT "Failed to align packet!\n", SPP_ARGS(ifp)); 458 ++ifp->if_ierrors; 459 ++ifp->if_iqdrops; 460 return; 461 } 462 } 463 464 switch (ht.address) { 465 case PPP_ALLSTATIONS: 466 if (ht.control != PPP_UI) 467 goto invalid; 468 switch (ntohs (ht.protocol)) { 469 default: 470 if (sp->state[IDX_LCP] == STATE_OPENED) 471 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 472 ++sp->pp_seq, 2, &ht.protocol); 473 if (debug) 474 log(LOG_DEBUG, 475 SPP_FMT "invalid input protocol " 476 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 477 SPP_ARGS(ifp), 478 ht.address, ht.control, ntohs(ht.protocol)); 479 ++ifp->if_noproto; 480 goto drop; 481 case PPP_LCP: 482 sppp_cp_input(&lcp, sp, m); 483 m_freem (m); 484 return; 485 case PPP_PAP: 486 if (sp->pp_phase >= PHASE_AUTHENTICATE) 487 sppp_pap_input(sp, m); 488 m_freem (m); 489 return; 490 case PPP_CHAP: 491 if (sp->pp_phase >= PHASE_AUTHENTICATE) 492 sppp_chap_input(sp, m); 493 m_freem (m); 494 return; 495 case PPP_IPCP: 496 if (sp->pp_phase == PHASE_NETWORK) 497 sppp_cp_input(&ipcp, sp, m); 498 m_freem (m); 499 return; 500 case PPP_IP: 501 if (sp->state[IDX_IPCP] == STATE_OPENED) { 502 sp->pp_last_activity = tv.tv_sec; 503 if (ifp->if_flags & IFF_UP) { 504 ipv4_input(ifp, m); 505 return; 506 } 507 } 508 break; 509 #ifdef INET6 510 case PPP_IPV6CP: 511 if (sp->pp_phase == PHASE_NETWORK) 512 sppp_cp_input(&ipv6cp, sp, m); 513 m_freem (m); 514 return; 515 case PPP_IPV6: 516 if (sp->state[IDX_IPV6CP] == STATE_OPENED) { 517 sp->pp_last_activity = tv.tv_sec; 518 if (ifp->if_flags & IFF_UP) { 519 ipv6_input(ifp, m); 520 return; 521 } 522 } 523 break; 524 #endif 525 } 526 break; 527 default: /* Invalid PPP packet. */ 528 invalid: 529 if (debug) 530 log(LOG_DEBUG, 531 SPP_FMT "invalid input packet " 532 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 533 SPP_ARGS(ifp), 534 ht.address, ht.control, ntohs(ht.protocol)); 535 goto drop; 536 } 537 538 goto drop; 539 } 540 541 /* 542 * Enqueue transmit packet. 543 */ 544 int 545 sppp_output(struct ifnet *ifp, struct mbuf *m, 546 struct sockaddr *dst, struct rtentry *rt) 547 { 548 struct sppp *sp = (struct sppp*) ifp; 549 struct timeval tv; 550 int s, rv = 0; 551 u_int16_t protocol; 552 553 #ifdef DIAGNOSTIC 554 if (ifp->if_rdomain != rtable_l2(m->m_pkthdr.ph_rtableid)) { 555 printf("%s: trying to send packet on wrong domain. " 556 "if %d vs. mbuf %d, AF %d\n", ifp->if_xname, 557 ifp->if_rdomain, rtable_l2(m->m_pkthdr.ph_rtableid), 558 dst->sa_family); 559 } 560 #endif 561 562 s = splnet(); 563 564 getmicrouptime(&tv); 565 sp->pp_last_activity = tv.tv_sec; 566 567 if ((ifp->if_flags & IFF_UP) == 0 || 568 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 569 m_freem (m); 570 splx (s); 571 return (ENETDOWN); 572 } 573 574 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 575 /* 576 * Interface is not yet running, but auto-dial. Need 577 * to start LCP for it. 578 */ 579 ifp->if_flags |= IFF_RUNNING; 580 splx(s); 581 lcp.Open(sp); 582 s = splnet(); 583 } 584 585 if (dst->sa_family == AF_INET) { 586 struct ip *ip = NULL; 587 588 if (m->m_len >= sizeof(struct ip)) 589 ip = mtod(m, struct ip *); 590 591 /* 592 * When using dynamic local IP address assignment by using 593 * 0.0.0.0 as a local address, the first TCP session will 594 * not connect because the local TCP checksum is computed 595 * using 0.0.0.0 which will later become our real IP address 596 * so the TCP checksum computed at the remote end will 597 * become invalid. So we 598 * - don't let packets with src ip addr 0 thru 599 * - we flag TCP packets with src ip 0 as an error 600 */ 601 602 if (ip && ip->ip_src.s_addr == INADDR_ANY) { 603 u_int8_t proto = ip->ip_p; 604 605 m_freem(m); 606 splx(s); 607 if (proto == IPPROTO_TCP) 608 return (EADDRNOTAVAIL); 609 else 610 return (0); 611 } 612 } 613 614 switch (dst->sa_family) { 615 case AF_INET: /* Internet Protocol */ 616 /* 617 * Don't choke with an ENETDOWN early. It's 618 * possible that we just started dialing out, 619 * so don't drop the packet immediately. If 620 * we notice that we run out of buffer space 621 * below, we will however remember that we are 622 * not ready to carry IP packets, and return 623 * ENETDOWN, as opposed to ENOBUFS. 624 */ 625 protocol = htons(PPP_IP); 626 if (sp->state[IDX_IPCP] != STATE_OPENED) 627 rv = ENETDOWN; 628 break; 629 #ifdef INET6 630 case AF_INET6: /* Internet Protocol v6 */ 631 /* 632 * Don't choke with an ENETDOWN early. It's 633 * possible that we just started dialing out, 634 * so don't drop the packet immediately. If 635 * we notice that we run out of buffer space 636 * below, we will however remember that we are 637 * not ready to carry IPv6 packets, and return 638 * ENETDOWN, as opposed to ENOBUFS. 639 */ 640 protocol = htons(PPP_IPV6); 641 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 642 rv = ENETDOWN; 643 break; 644 #endif 645 default: 646 m_freem(m); 647 ++ifp->if_oerrors; 648 splx(s); 649 return (EAFNOSUPPORT); 650 } 651 652 M_PREPEND(m, 2, M_DONTWAIT); 653 if (m == NULL) { 654 if (ifp->if_flags & IFF_DEBUG) 655 log(LOG_DEBUG, SPP_FMT 656 "no memory for transmit header\n", 657 SPP_ARGS(ifp)); 658 ++ifp->if_oerrors; 659 splx(s); 660 return (rv ? rv : ENOBUFS); 661 } 662 *mtod(m, u_int16_t *) = protocol; 663 664 /* 665 * Queue message on interface, and start output if interface 666 * not yet active. 667 */ 668 rv = if_enqueue(ifp, m); 669 if (rv != 0) { 670 ifp->if_oerrors++; 671 splx(s); 672 return (rv); 673 } 674 675 /* 676 * Count output packets and bytes. 677 * The packet length includes header, FCS and 1 flag, 678 * according to RFC 1333. 679 */ 680 ifp->if_obytes += sp->pp_framebytes; 681 splx(s); 682 683 return (0); 684 } 685 686 void 687 sppp_attach(struct ifnet *ifp) 688 { 689 struct sppp *sp = (struct sppp*) ifp; 690 int i; 691 692 /* Initialize keepalive handler. */ 693 if (! spppq) { 694 timeout_set_proc(&keepalive_ch, sppp_keepalive, NULL); 695 timeout_add_sec(&keepalive_ch, 10); 696 } 697 698 /* Insert new entry into the keepalive list. */ 699 sp->pp_next = spppq; 700 spppq = sp; 701 702 sp->pp_if.if_type = IFT_PPP; 703 sp->pp_if.if_output = sppp_output; 704 ifq_set_maxlen(&sp->pp_if.if_snd, 50); 705 mq_init(&sp->pp_cpq, 50, IPL_NET); 706 sp->pp_loopcnt = 0; 707 sp->pp_alivecnt = 0; 708 sp->pp_last_activity = 0; 709 sp->pp_last_receive = 0; 710 sp->pp_seq = 0; 711 sp->pp_rseq = 0; 712 sp->pp_phase = PHASE_DEAD; 713 sp->pp_up = lcp.Up; 714 sp->pp_down = lcp.Down; 715 716 for (i = 0; i < IDX_COUNT; i++) 717 timeout_set(&sp->ch[i], (cps[i])->TO, (void *)sp); 718 timeout_set(&sp->pap_my_to_ch, sppp_pap_my_TO, (void *)sp); 719 720 sppp_lcp_init(sp); 721 sppp_ipcp_init(sp); 722 sppp_ipv6cp_init(sp); 723 sppp_pap_init(sp); 724 sppp_chap_init(sp); 725 } 726 727 void 728 sppp_detach(struct ifnet *ifp) 729 { 730 struct sppp **q, *p, *sp = (struct sppp*) ifp; 731 int i; 732 733 sppp_ipcp_destroy(sp); 734 sppp_ipv6cp_destroy(sp); 735 736 /* Remove the entry from the keepalive list. */ 737 for (q = &spppq; (p = *q); q = &p->pp_next) 738 if (p == sp) { 739 *q = p->pp_next; 740 break; 741 } 742 743 /* Stop keepalive handler. */ 744 if (! spppq) 745 UNTIMEOUT(sppp_keepalive, 0, keepalive_ch); 746 747 for (i = 0; i < IDX_COUNT; i++) 748 UNTIMEOUT((cps[i])->TO, (void *)sp, sp->ch[i]); 749 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 750 751 /* release authentication data */ 752 if (sp->myauth.name != NULL) 753 free(sp->myauth.name, M_DEVBUF, strlen(sp->myauth.name) + 1); 754 if (sp->myauth.secret != NULL) 755 free(sp->myauth.secret, M_DEVBUF, 756 strlen(sp->myauth.secret) + 1); 757 if (sp->hisauth.name != NULL) 758 free(sp->hisauth.name, M_DEVBUF, strlen(sp->hisauth.name) + 1); 759 if (sp->hisauth.secret != NULL) 760 free(sp->hisauth.secret, M_DEVBUF, 761 strlen(sp->hisauth.secret) + 1); 762 } 763 764 /* 765 * Flush the interface output queue. 766 */ 767 void 768 sppp_flush(struct ifnet *ifp) 769 { 770 struct sppp *sp = (struct sppp*) ifp; 771 772 ifq_purge(&sp->pp_if.if_snd); 773 mq_purge(&sp->pp_cpq); 774 } 775 776 /* 777 * Check if the output queue is empty. 778 */ 779 int 780 sppp_isempty(struct ifnet *ifp) 781 { 782 struct sppp *sp = (struct sppp*) ifp; 783 int empty, s; 784 785 s = splnet(); 786 empty = mq_empty(&sp->pp_cpq) && ifq_empty(&sp->pp_if.if_snd); 787 splx(s); 788 return (empty); 789 } 790 791 /* 792 * Get next packet to send. 793 */ 794 struct mbuf * 795 sppp_dequeue(struct ifnet *ifp) 796 { 797 struct sppp *sp = (struct sppp*) ifp; 798 struct mbuf *m; 799 int s; 800 801 s = splnet(); 802 /* 803 * Process only the control protocol queue until we have at 804 * least one NCP open. 805 */ 806 m = mq_dequeue(&sp->pp_cpq); 807 if (m == NULL && sppp_ncp_check(sp)) { 808 m = ifq_dequeue(&sp->pp_if.if_snd); 809 } 810 splx(s); 811 return m; 812 } 813 814 /* 815 * Process an ioctl request. Called on low priority level. 816 */ 817 int 818 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) 819 { 820 struct ifreq *ifr = data; 821 struct sppp *sp = (struct sppp*) ifp; 822 int s, rv, going_up, going_down, newmode; 823 824 s = splnet(); 825 rv = 0; 826 switch (cmd) { 827 case SIOCSIFDSTADDR: 828 break; 829 830 case SIOCSIFADDR: 831 if_up(ifp); 832 /* FALLTHROUGH */ 833 834 case SIOCSIFFLAGS: 835 going_up = (ifp->if_flags & IFF_UP) && 836 (ifp->if_flags & IFF_RUNNING) == 0; 837 going_down = (ifp->if_flags & IFF_UP) == 0 && 838 (ifp->if_flags & IFF_RUNNING); 839 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 840 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 841 /* sanity */ 842 newmode = IFF_PASSIVE; 843 ifp->if_flags &= ~IFF_AUTO; 844 } 845 846 if (going_up || going_down) 847 lcp.Close(sp); 848 849 if (going_up && newmode == 0) { 850 /* neither auto-dial nor passive */ 851 ifp->if_flags |= IFF_RUNNING; 852 lcp.Open(sp); 853 } else if (going_down) { 854 sppp_flush(ifp); 855 ifp->if_flags &= ~IFF_RUNNING; 856 } 857 break; 858 859 case SIOCSIFMTU: 860 if (ifr->ifr_mtu < 128 || 861 (sp->lcp.their_mru > 0 && 862 ifr->ifr_mtu > sp->lcp.their_mru)) { 863 splx(s); 864 return (EINVAL); 865 } 866 ifp->if_mtu = ifr->ifr_mtu; 867 break; 868 case SIOCADDMULTI: 869 case SIOCDELMULTI: 870 break; 871 872 case SIOCGSPPPPARAMS: 873 rv = sppp_get_params(sp, ifr); 874 break; 875 876 case SIOCSSPPPPARAMS: 877 if ((rv = suser(curproc)) != 0) 878 break; 879 rv = sppp_set_params(sp, ifr); 880 break; 881 882 default: 883 rv = ENOTTY; 884 } 885 splx(s); 886 return rv; 887 } 888 889 /* 890 * PPP protocol implementation. 891 */ 892 893 /* 894 * Send PPP control protocol packet. 895 */ 896 void 897 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 898 u_char ident, u_short len, void *data) 899 { 900 STDDCL; 901 int s; 902 struct lcp_header *lh; 903 struct mbuf *m; 904 905 if (len > MHLEN - PKTHDRLEN - LCP_HEADER_LEN) 906 len = MHLEN - PKTHDRLEN - LCP_HEADER_LEN; 907 MGETHDR (m, M_DONTWAIT, MT_DATA); 908 if (! m) 909 return; 910 m->m_pkthdr.len = m->m_len = PKTHDRLEN + LCP_HEADER_LEN + len; 911 m->m_pkthdr.ph_ifidx = 0; 912 m->m_pkthdr.pf.prio = sp->pp_if.if_llprio; 913 914 *mtod(m, u_int16_t *) = htons(proto); 915 lh = (struct lcp_header *)(mtod(m, u_int8_t *) + 2); 916 lh->type = type; 917 lh->ident = ident; 918 lh->len = htons (LCP_HEADER_LEN + len); 919 if (len) 920 bcopy (data, lh+1, len); 921 922 if (debug) { 923 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 924 SPP_ARGS(ifp), 925 sppp_proto_name(proto), 926 sppp_cp_type_name (lh->type), lh->ident, 927 ntohs (lh->len)); 928 if (len) 929 sppp_print_bytes ((u_char*) (lh+1), len); 930 addlog(">\n"); 931 } 932 933 len = m->m_pkthdr.len + sp->pp_framebytes; 934 if (mq_enqueue(&sp->pp_cpq, m) != 0) { 935 ifp->if_oerrors++; 936 return; 937 } 938 939 ifp->if_obytes += len; 940 s = splnet(); 941 if_start(ifp); 942 splx(s); 943 } 944 945 /* 946 * Handle incoming PPP control protocol packets. 947 */ 948 void 949 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 950 { 951 STDDCL; 952 struct lcp_header *h; 953 int len = m->m_pkthdr.len; 954 int rv; 955 u_char *p; 956 u_long nmagic; 957 958 if (len < 4) { 959 if (debug) 960 log(LOG_DEBUG, 961 SPP_FMT "%s invalid packet length: %d bytes\n", 962 SPP_ARGS(ifp), cp->name, len); 963 return; 964 } 965 h = mtod (m, struct lcp_header*); 966 if (debug) { 967 log(LOG_DEBUG, 968 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 969 SPP_ARGS(ifp), cp->name, 970 sppp_state_name(sp->state[cp->protoidx]), 971 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 972 if (len > 4) 973 sppp_print_bytes ((u_char*) (h+1), len-4); 974 addlog(">\n"); 975 } 976 if (len > ntohs (h->len)) 977 len = ntohs (h->len); 978 p = (u_char *)(h + 1); 979 switch (h->type) { 980 case CONF_REQ: 981 if (len < 4) { 982 if (debug) 983 addlog(SPP_FMT "%s invalid conf-req length %d\n", 984 SPP_ARGS(ifp), cp->name, 985 len); 986 ++ifp->if_ierrors; 987 break; 988 } 989 /* handle states where RCR doesn't get a SCA/SCN */ 990 switch (sp->state[cp->protoidx]) { 991 case STATE_CLOSING: 992 case STATE_STOPPING: 993 return; 994 case STATE_CLOSED: 995 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 996 0, 0); 997 return; 998 } 999 rv = (cp->RCR)(sp, h, len); 1000 /* silently drop illegal packets */ 1001 if (rv == -1) 1002 return; 1003 switch (sp->state[cp->protoidx]) { 1004 case STATE_OPENED: 1005 sppp_cp_change_state(cp, sp, rv? 1006 STATE_ACK_SENT: STATE_REQ_SENT); 1007 (cp->tld)(sp); 1008 (cp->scr)(sp); 1009 break; 1010 case STATE_ACK_SENT: 1011 case STATE_REQ_SENT: 1012 sppp_cp_change_state(cp, sp, rv? 1013 STATE_ACK_SENT: STATE_REQ_SENT); 1014 break; 1015 case STATE_STOPPED: 1016 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1017 sppp_cp_change_state(cp, sp, rv? 1018 STATE_ACK_SENT: STATE_REQ_SENT); 1019 (cp->scr)(sp); 1020 break; 1021 case STATE_ACK_RCVD: 1022 if (rv) { 1023 sppp_cp_change_state(cp, sp, STATE_OPENED); 1024 if (debug) 1025 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1026 SPP_ARGS(ifp), 1027 cp->name); 1028 (cp->tlu)(sp); 1029 } else 1030 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1031 break; 1032 default: 1033 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1034 SPP_ARGS(ifp), cp->name, 1035 sppp_cp_type_name(h->type), 1036 sppp_state_name(sp->state[cp->protoidx])); */ 1037 ++ifp->if_ierrors; 1038 } 1039 break; 1040 case CONF_ACK: 1041 if (h->ident != sp->confid[cp->protoidx]) { 1042 if (debug) 1043 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1044 SPP_ARGS(ifp), cp->name, 1045 h->ident, sp->confid[cp->protoidx]); 1046 ++ifp->if_ierrors; 1047 break; 1048 } 1049 switch (sp->state[cp->protoidx]) { 1050 case STATE_CLOSED: 1051 case STATE_STOPPED: 1052 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1053 break; 1054 case STATE_CLOSING: 1055 case STATE_STOPPING: 1056 break; 1057 case STATE_REQ_SENT: 1058 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1059 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1060 break; 1061 case STATE_OPENED: 1062 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1063 (cp->tld)(sp); 1064 (cp->scr)(sp); 1065 break; 1066 case STATE_ACK_RCVD: 1067 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1068 (cp->scr)(sp); 1069 break; 1070 case STATE_ACK_SENT: 1071 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1072 sppp_cp_change_state(cp, sp, STATE_OPENED); 1073 if (debug) 1074 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1075 SPP_ARGS(ifp), cp->name); 1076 (cp->tlu)(sp); 1077 break; 1078 default: 1079 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1080 SPP_ARGS(ifp), cp->name, 1081 sppp_cp_type_name(h->type), 1082 sppp_state_name(sp->state[cp->protoidx])); */ 1083 ++ifp->if_ierrors; 1084 } 1085 break; 1086 case CONF_NAK: 1087 case CONF_REJ: 1088 if (h->ident != sp->confid[cp->protoidx]) { 1089 if (debug) 1090 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1091 SPP_ARGS(ifp), cp->name, 1092 h->ident, sp->confid[cp->protoidx]); 1093 ++ifp->if_ierrors; 1094 break; 1095 } 1096 if (h->type == CONF_NAK) 1097 (cp->RCN_nak)(sp, h, len); 1098 else /* CONF_REJ */ 1099 (cp->RCN_rej)(sp, h, len); 1100 1101 switch (sp->state[cp->protoidx]) { 1102 case STATE_CLOSED: 1103 case STATE_STOPPED: 1104 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1105 break; 1106 case STATE_REQ_SENT: 1107 case STATE_ACK_SENT: 1108 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1109 (cp->scr)(sp); 1110 break; 1111 case STATE_OPENED: 1112 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1113 (cp->tld)(sp); 1114 (cp->scr)(sp); 1115 break; 1116 case STATE_ACK_RCVD: 1117 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1118 (cp->scr)(sp); 1119 break; 1120 case STATE_CLOSING: 1121 case STATE_STOPPING: 1122 break; 1123 default: 1124 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1125 SPP_ARGS(ifp), cp->name, 1126 sppp_cp_type_name(h->type), 1127 sppp_state_name(sp->state[cp->protoidx])); */ 1128 ++ifp->if_ierrors; 1129 } 1130 break; 1131 1132 case TERM_REQ: 1133 switch (sp->state[cp->protoidx]) { 1134 case STATE_ACK_RCVD: 1135 case STATE_ACK_SENT: 1136 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1137 /* FALLTHROUGH */ 1138 case STATE_CLOSED: 1139 case STATE_STOPPED: 1140 case STATE_CLOSING: 1141 case STATE_STOPPING: 1142 case STATE_REQ_SENT: 1143 sta: 1144 /* Send Terminate-Ack packet. */ 1145 if (debug) 1146 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1147 SPP_ARGS(ifp), cp->name); 1148 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1149 break; 1150 case STATE_OPENED: 1151 sp->rst_counter[cp->protoidx] = 0; 1152 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1153 (cp->tld)(sp); 1154 goto sta; 1155 break; 1156 default: 1157 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1158 SPP_ARGS(ifp), cp->name, 1159 sppp_cp_type_name(h->type), 1160 sppp_state_name(sp->state[cp->protoidx])); */ 1161 ++ifp->if_ierrors; 1162 } 1163 break; 1164 case TERM_ACK: 1165 switch (sp->state[cp->protoidx]) { 1166 case STATE_CLOSED: 1167 case STATE_STOPPED: 1168 case STATE_REQ_SENT: 1169 case STATE_ACK_SENT: 1170 break; 1171 case STATE_CLOSING: 1172 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1173 (cp->tlf)(sp); 1174 break; 1175 case STATE_STOPPING: 1176 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1177 (cp->tlf)(sp); 1178 break; 1179 case STATE_ACK_RCVD: 1180 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1181 break; 1182 case STATE_OPENED: 1183 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1184 (cp->tld)(sp); 1185 (cp->scr)(sp); 1186 break; 1187 default: 1188 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1189 SPP_ARGS(ifp), cp->name, 1190 sppp_cp_type_name(h->type), 1191 sppp_state_name(sp->state[cp->protoidx])); */ 1192 ++ifp->if_ierrors; 1193 } 1194 break; 1195 case CODE_REJ: 1196 case PROTO_REJ: 1197 { 1198 int catastrophic = 0; 1199 const struct cp *upper = NULL; 1200 int i; 1201 u_int16_t proto; 1202 1203 if (len < 2) { 1204 if (debug) 1205 log(LOG_DEBUG, SPP_FMT "invalid proto-rej length\n", 1206 SPP_ARGS(ifp)); 1207 ++ifp->if_ierrors; 1208 break; 1209 } 1210 1211 proto = ntohs(*((u_int16_t *)p)); 1212 for (i = 0; i < IDX_COUNT; i++) { 1213 if (cps[i]->proto == proto) { 1214 upper = cps[i]; 1215 break; 1216 } 1217 } 1218 if (upper == NULL) 1219 catastrophic++; 1220 1221 if (catastrophic || debug) 1222 log(catastrophic? LOG_INFO: LOG_DEBUG, 1223 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1224 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1225 sppp_cp_type_name(h->type), proto, 1226 upper ? upper->name : "unknown", 1227 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1228 1229 /* 1230 * if we got RXJ+ against conf-req, the peer does not implement 1231 * this particular protocol type. terminate the protocol. 1232 */ 1233 if (upper) { 1234 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1235 upper->Close(sp); 1236 break; 1237 } 1238 } 1239 1240 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1241 switch (sp->state[cp->protoidx]) { 1242 case STATE_CLOSED: 1243 case STATE_STOPPED: 1244 case STATE_REQ_SENT: 1245 case STATE_ACK_SENT: 1246 case STATE_CLOSING: 1247 case STATE_STOPPING: 1248 case STATE_OPENED: 1249 break; 1250 case STATE_ACK_RCVD: 1251 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1252 break; 1253 default: 1254 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1255 SPP_ARGS(ifp), cp->name, 1256 sppp_cp_type_name(h->type), 1257 sppp_state_name(sp->state[cp->protoidx])); */ 1258 ++ifp->if_ierrors; 1259 } 1260 break; 1261 } 1262 case DISC_REQ: 1263 if (cp->proto != PPP_LCP) 1264 goto illegal; 1265 /* Discard the packet. */ 1266 break; 1267 case ECHO_REQ: 1268 if (cp->proto != PPP_LCP) 1269 goto illegal; 1270 if (sp->state[cp->protoidx] != STATE_OPENED) { 1271 if (debug) 1272 addlog(SPP_FMT "lcp echo req but lcp closed\n", 1273 SPP_ARGS(ifp)); 1274 ++ifp->if_ierrors; 1275 break; 1276 } 1277 if (len < 8) { 1278 if (debug) 1279 addlog(SPP_FMT "invalid lcp echo request " 1280 "packet length: %d bytes\n", 1281 SPP_ARGS(ifp), len); 1282 break; 1283 } 1284 1285 nmagic = (u_long)p[0] << 24 | 1286 (u_long)p[1] << 16 | p[2] << 8 | p[3]; 1287 1288 if (nmagic == sp->lcp.magic) { 1289 /* Line loopback mode detected. */ 1290 log(LOG_INFO, SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1291 /* Shut down the PPP link. */ 1292 lcp.Close(sp); 1293 break; 1294 } 1295 1296 p[0] = sp->lcp.magic >> 24; 1297 p[1] = sp->lcp.magic >> 16; 1298 p[2] = sp->lcp.magic >> 8; 1299 p[3] = sp->lcp.magic; 1300 1301 if (debug) 1302 addlog(SPP_FMT "got lcp echo req, sending echo rep\n", 1303 SPP_ARGS(ifp)); 1304 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1305 break; 1306 case ECHO_REPLY: 1307 if (cp->proto != PPP_LCP) 1308 goto illegal; 1309 if (h->ident != sp->lcp.echoid) { 1310 ++ifp->if_ierrors; 1311 break; 1312 } 1313 if (len < 8) { 1314 if (debug) 1315 addlog(SPP_FMT "lcp invalid echo reply " 1316 "packet length: %d bytes\n", 1317 SPP_ARGS(ifp), len); 1318 break; 1319 } 1320 if (debug) 1321 addlog(SPP_FMT "lcp got echo rep\n", 1322 SPP_ARGS(ifp)); 1323 1324 nmagic = (u_long)p[0] << 24 | 1325 (u_long)p[1] << 16 | p[2] << 8 | p[3]; 1326 1327 if (nmagic != sp->lcp.magic) 1328 sp->pp_alivecnt = 0; 1329 break; 1330 default: 1331 /* Unknown packet type -- send Code-Reject packet. */ 1332 illegal: 1333 if (debug) 1334 addlog(SPP_FMT "%s send code-rej for 0x%x\n", 1335 SPP_ARGS(ifp), cp->name, h->type); 1336 sppp_cp_send(sp, cp->proto, CODE_REJ, ++sp->pp_seq, 1337 m->m_pkthdr.len, h); 1338 ++ifp->if_ierrors; 1339 } 1340 } 1341 1342 1343 /* 1344 * The generic part of all Up/Down/Open/Close/TO event handlers. 1345 * Basically, the state transition handling in the automaton. 1346 */ 1347 void 1348 sppp_up_event(const struct cp *cp, struct sppp *sp) 1349 { 1350 STDDCL; 1351 1352 if (debug) 1353 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1354 SPP_ARGS(ifp), cp->name, 1355 sppp_state_name(sp->state[cp->protoidx])); 1356 1357 switch (sp->state[cp->protoidx]) { 1358 case STATE_INITIAL: 1359 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1360 break; 1361 case STATE_STARTING: 1362 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1363 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1364 (cp->scr)(sp); 1365 break; 1366 default: 1367 /* printf(SPP_FMT "%s illegal up in state %s\n", 1368 SPP_ARGS(ifp), cp->name, 1369 sppp_state_name(sp->state[cp->protoidx])); */ 1370 break; 1371 } 1372 } 1373 1374 void 1375 sppp_down_event(const struct cp *cp, struct sppp *sp) 1376 { 1377 STDDCL; 1378 1379 if (debug) 1380 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1381 SPP_ARGS(ifp), cp->name, 1382 sppp_state_name(sp->state[cp->protoidx])); 1383 1384 switch (sp->state[cp->protoidx]) { 1385 case STATE_CLOSED: 1386 case STATE_CLOSING: 1387 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1388 break; 1389 case STATE_STOPPED: 1390 sppp_cp_change_state(cp, sp, STATE_STARTING); 1391 (cp->tls)(sp); 1392 break; 1393 case STATE_STOPPING: 1394 case STATE_REQ_SENT: 1395 case STATE_ACK_RCVD: 1396 case STATE_ACK_SENT: 1397 sppp_cp_change_state(cp, sp, STATE_STARTING); 1398 break; 1399 case STATE_OPENED: 1400 sppp_cp_change_state(cp, sp, STATE_STARTING); 1401 (cp->tld)(sp); 1402 break; 1403 default: 1404 /* printf(SPP_FMT "%s illegal down in state %s\n", 1405 SPP_ARGS(ifp), cp->name, 1406 sppp_state_name(sp->state[cp->protoidx])); */ 1407 break; 1408 } 1409 } 1410 1411 1412 void 1413 sppp_open_event(const struct cp *cp, struct sppp *sp) 1414 { 1415 STDDCL; 1416 1417 if (debug) 1418 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1419 SPP_ARGS(ifp), cp->name, 1420 sppp_state_name(sp->state[cp->protoidx])); 1421 1422 switch (sp->state[cp->protoidx]) { 1423 case STATE_INITIAL: 1424 sppp_cp_change_state(cp, sp, STATE_STARTING); 1425 (cp->tls)(sp); 1426 break; 1427 case STATE_STARTING: 1428 break; 1429 case STATE_CLOSED: 1430 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1431 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1432 (cp->scr)(sp); 1433 break; 1434 case STATE_STOPPED: 1435 case STATE_STOPPING: 1436 case STATE_REQ_SENT: 1437 case STATE_ACK_RCVD: 1438 case STATE_ACK_SENT: 1439 case STATE_OPENED: 1440 break; 1441 case STATE_CLOSING: 1442 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1443 break; 1444 } 1445 } 1446 1447 1448 void 1449 sppp_close_event(const struct cp *cp, struct sppp *sp) 1450 { 1451 STDDCL; 1452 1453 if (debug) 1454 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1455 SPP_ARGS(ifp), cp->name, 1456 sppp_state_name(sp->state[cp->protoidx])); 1457 1458 switch (sp->state[cp->protoidx]) { 1459 case STATE_INITIAL: 1460 case STATE_CLOSED: 1461 case STATE_CLOSING: 1462 break; 1463 case STATE_STARTING: 1464 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1465 (cp->tlf)(sp); 1466 break; 1467 case STATE_STOPPED: 1468 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1469 break; 1470 case STATE_STOPPING: 1471 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1472 break; 1473 case STATE_OPENED: 1474 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1475 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1476 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0); 1477 (cp->tld)(sp); 1478 break; 1479 case STATE_REQ_SENT: 1480 case STATE_ACK_RCVD: 1481 case STATE_ACK_SENT: 1482 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1483 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0); 1484 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1485 break; 1486 } 1487 } 1488 1489 void 1490 sppp_increasing_timeout (const struct cp *cp, struct sppp *sp) 1491 { 1492 int timo; 1493 1494 timo = sp->lcp.max_configure - sp->rst_counter[cp->protoidx]; 1495 if (timo < 1) 1496 timo = 1; 1497 timeout_add_sec(&sp->ch[cp->protoidx], timo * sp->lcp.timeout); 1498 } 1499 1500 void 1501 sppp_to_event(const struct cp *cp, struct sppp *sp) 1502 { 1503 STDDCL; 1504 int s; 1505 1506 s = splnet(); 1507 if (debug) 1508 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 1509 SPP_ARGS(ifp), cp->name, 1510 sppp_state_name(sp->state[cp->protoidx]), 1511 sp->rst_counter[cp->protoidx]); 1512 1513 if (--sp->rst_counter[cp->protoidx] < 0) 1514 /* TO- event */ 1515 switch (sp->state[cp->protoidx]) { 1516 case STATE_CLOSING: 1517 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1518 (cp->tlf)(sp); 1519 break; 1520 case STATE_STOPPING: 1521 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1522 (cp->tlf)(sp); 1523 break; 1524 case STATE_REQ_SENT: 1525 case STATE_ACK_RCVD: 1526 case STATE_ACK_SENT: 1527 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1528 (cp->tlf)(sp); 1529 break; 1530 } 1531 else 1532 /* TO+ event */ 1533 switch (sp->state[cp->protoidx]) { 1534 case STATE_CLOSING: 1535 case STATE_STOPPING: 1536 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 1537 0, 0); 1538 sppp_increasing_timeout (cp, sp); 1539 break; 1540 case STATE_REQ_SENT: 1541 case STATE_ACK_RCVD: 1542 /* sppp_cp_change_state() will restart the timer */ 1543 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1544 (cp->scr)(sp); 1545 break; 1546 case STATE_ACK_SENT: 1547 sppp_increasing_timeout (cp, sp); 1548 (cp->scr)(sp); 1549 break; 1550 } 1551 1552 splx(s); 1553 } 1554 1555 /* 1556 * Change the state of a control protocol in the state automaton. 1557 * Takes care of starting/stopping the restart timer. 1558 */ 1559 void 1560 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1561 { 1562 STDDCL; 1563 1564 if (debug && sp->state[cp->protoidx] != newstate) 1565 log(LOG_DEBUG, SPP_FMT "%s %s->%s\n", 1566 SPP_ARGS(ifp), cp->name, 1567 sppp_state_name(sp->state[cp->protoidx]), 1568 sppp_state_name(newstate)); 1569 sp->state[cp->protoidx] = newstate; 1570 1571 switch (newstate) { 1572 case STATE_INITIAL: 1573 case STATE_STARTING: 1574 case STATE_CLOSED: 1575 case STATE_STOPPED: 1576 case STATE_OPENED: 1577 UNTIMEOUT(cp->TO, (void *)sp, sp->ch[cp->protoidx]); 1578 break; 1579 case STATE_CLOSING: 1580 case STATE_STOPPING: 1581 case STATE_REQ_SENT: 1582 case STATE_ACK_RCVD: 1583 case STATE_ACK_SENT: 1584 if (!timeout_pending(&sp->ch[cp->protoidx])) 1585 sppp_increasing_timeout (cp, sp); 1586 break; 1587 } 1588 } 1589 /* 1590 *--------------------------------------------------------------------------* 1591 * * 1592 * The LCP implementation. * 1593 * * 1594 *--------------------------------------------------------------------------* 1595 */ 1596 void 1597 sppp_lcp_init(struct sppp *sp) 1598 { 1599 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1600 sp->lcp.magic = 0; 1601 sp->state[IDX_LCP] = STATE_INITIAL; 1602 sp->fail_counter[IDX_LCP] = 0; 1603 sp->lcp.protos = 0; 1604 sp->lcp.mru = sp->pp_if.if_mtu; 1605 sp->lcp.their_mru = 0; 1606 1607 /* 1608 * Initialize counters and timeout values. Note that we don't 1609 * use the 3 seconds suggested in RFC 1661 since we are likely 1610 * running on a fast link. XXX We should probably implement 1611 * the exponential backoff option. Note that these values are 1612 * relevant for all control protocols, not just LCP only. 1613 */ 1614 sp->lcp.timeout = 1; /* seconds */ 1615 sp->lcp.max_terminate = 2; 1616 sp->lcp.max_configure = 10; 1617 sp->lcp.max_failure = 10; 1618 } 1619 1620 void 1621 sppp_lcp_up(struct sppp *sp) 1622 { 1623 STDDCL; 1624 struct timeval tv; 1625 1626 sp->pp_alivecnt = 0; 1627 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1628 sp->lcp.magic = 0; 1629 sp->lcp.protos = 0; 1630 if (sp->pp_if.if_mtu != PP_MTU) { 1631 sp->lcp.mru = sp->pp_if.if_mtu; 1632 sp->lcp.opts |= (1 << LCP_OPT_MRU); 1633 } else 1634 sp->lcp.mru = PP_MTU; 1635 sp->lcp.their_mru = PP_MTU; 1636 1637 getmicrouptime(&tv); 1638 sp->pp_last_receive = sp->pp_last_activity = tv.tv_sec; 1639 1640 /* 1641 * If this interface is passive or dial-on-demand, and we are 1642 * still in Initial state, it means we've got an incoming 1643 * call. Activate the interface. 1644 */ 1645 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 1646 if (debug) 1647 log(LOG_DEBUG, 1648 SPP_FMT "Up event", SPP_ARGS(ifp)); 1649 ifp->if_flags |= IFF_RUNNING; 1650 if (sp->state[IDX_LCP] == STATE_INITIAL) { 1651 if (debug) 1652 addlog("(incoming call)\n"); 1653 sp->pp_flags |= PP_CALLIN; 1654 lcp.Open(sp); 1655 } else if (debug) 1656 addlog("\n"); 1657 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 1658 (sp->state[IDX_LCP] == STATE_INITIAL)) { 1659 ifp->if_flags |= IFF_RUNNING; 1660 lcp.Open(sp); 1661 } 1662 1663 sppp_up_event(&lcp, sp); 1664 } 1665 1666 void 1667 sppp_lcp_down(struct sppp *sp) 1668 { 1669 STDDCL; 1670 1671 sppp_down_event(&lcp, sp); 1672 1673 /* 1674 * If this is neither a dial-on-demand nor a passive 1675 * interface, simulate an ``ifconfig down'' action, so the 1676 * administrator can force a redial by another ``ifconfig 1677 * up''. XXX For leased line operation, should we immediately 1678 * try to reopen the connection here? 1679 */ 1680 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 1681 if (debug) 1682 log(LOG_DEBUG, SPP_FMT "Down event (carrier loss), " 1683 "taking interface down.", SPP_ARGS(ifp)); 1684 if_down(ifp); 1685 } else { 1686 if (debug) 1687 log(LOG_DEBUG, SPP_FMT "Down event (carrier loss)\n", 1688 SPP_ARGS(ifp)); 1689 } 1690 1691 if (sp->state[IDX_LCP] != STATE_INITIAL) 1692 lcp.Close(sp); 1693 sp->lcp.their_mru = 0; 1694 sp->pp_flags &= ~PP_CALLIN; 1695 ifp->if_flags &= ~IFF_RUNNING; 1696 sppp_flush(ifp); 1697 } 1698 1699 void 1700 sppp_lcp_open(struct sppp *sp) 1701 { 1702 /* 1703 * If we are authenticator, negotiate LCP_AUTH 1704 */ 1705 if (sp->hisauth.proto != 0) 1706 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 1707 else 1708 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 1709 sp->pp_flags &= ~PP_NEEDAUTH; 1710 sppp_open_event(&lcp, sp); 1711 } 1712 1713 void 1714 sppp_lcp_close(struct sppp *sp) 1715 { 1716 sppp_close_event(&lcp, sp); 1717 } 1718 1719 void 1720 sppp_lcp_TO(void *cookie) 1721 { 1722 sppp_to_event(&lcp, (struct sppp *)cookie); 1723 } 1724 1725 /* 1726 * Analyze a configure request. Return true if it was agreeable, and 1727 * caused action sca, false if it has been rejected or nak'ed, and 1728 * caused action scn. (The return value is used to make the state 1729 * transition decision in the state automaton.) 1730 */ 1731 int 1732 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 1733 { 1734 STDDCL; 1735 u_char *buf, *r, *p; 1736 int origlen, rlen; 1737 u_long nmagic; 1738 u_short authproto; 1739 1740 len -= 4; 1741 origlen = len; 1742 buf = r = malloc (origlen, M_TEMP, M_NOWAIT); 1743 if (! buf) 1744 return (0); 1745 1746 if (debug) 1747 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 1748 SPP_ARGS(ifp)); 1749 1750 /* pass 1: check for things that need to be rejected */ 1751 p = (void*) (h+1); 1752 for (rlen = 0; len > 1; len -= p[1], p += p[1]) { 1753 if (p[1] < 2 || p[1] > len) { 1754 free(buf, M_TEMP, origlen); 1755 return (-1); 1756 } 1757 if (debug) 1758 addlog("%s ", sppp_lcp_opt_name(*p)); 1759 switch (*p) { 1760 case LCP_OPT_MAGIC: 1761 /* Magic number. */ 1762 /* FALLTHROUGH, both are same length */ 1763 case LCP_OPT_ASYNC_MAP: 1764 /* Async control character map. */ 1765 if (len >= 6 && p[1] == 6) 1766 continue; 1767 if (debug) 1768 addlog("[invalid] "); 1769 break; 1770 case LCP_OPT_MRU: 1771 /* Maximum receive unit. */ 1772 if (len >= 4 && p[1] == 4) 1773 continue; 1774 if (debug) 1775 addlog("[invalid] "); 1776 break; 1777 case LCP_OPT_AUTH_PROTO: 1778 if (len < 4) { 1779 if (debug) 1780 addlog("[invalid] "); 1781 break; 1782 } 1783 authproto = (p[2] << 8) + p[3]; 1784 if (authproto == PPP_CHAP && p[1] != 5) { 1785 if (debug) 1786 addlog("[invalid chap len] "); 1787 break; 1788 } 1789 if (sp->myauth.proto == 0) { 1790 /* we are not configured to do auth */ 1791 if (debug) 1792 addlog("[not configured] "); 1793 break; 1794 } 1795 /* 1796 * Remote want us to authenticate, remember this, 1797 * so we stay in PHASE_AUTHENTICATE after LCP got 1798 * up. 1799 */ 1800 sp->pp_flags |= PP_NEEDAUTH; 1801 continue; 1802 default: 1803 /* Others not supported. */ 1804 if (debug) 1805 addlog("[rej] "); 1806 break; 1807 } 1808 /* Add the option to rejected list. */ 1809 bcopy (p, r, p[1]); 1810 r += p[1]; 1811 rlen += p[1]; 1812 } 1813 if (rlen) { 1814 if (debug) 1815 addlog(" send conf-rej\n"); 1816 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 1817 goto end; 1818 } else if (debug) 1819 addlog("\n"); 1820 1821 /* 1822 * pass 2: check for option values that are unacceptable and 1823 * thus require to be nak'ed. 1824 */ 1825 if (debug) 1826 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 1827 SPP_ARGS(ifp)); 1828 1829 p = (void*) (h+1); 1830 len = origlen; 1831 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 1832 if (debug) 1833 addlog("%s ", sppp_lcp_opt_name(*p)); 1834 switch (*p) { 1835 case LCP_OPT_MAGIC: 1836 /* Magic number -- extract. */ 1837 nmagic = (u_long)p[2] << 24 | 1838 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 1839 if (nmagic != sp->lcp.magic) { 1840 if (debug) 1841 addlog("0x%lx ", nmagic); 1842 continue; 1843 } 1844 if (debug) 1845 addlog("[glitch] "); 1846 ++sp->pp_loopcnt; 1847 /* 1848 * We negate our magic here, and NAK it. If 1849 * we see it later in an NAK packet, we 1850 * suggest a new one. 1851 */ 1852 nmagic = ~sp->lcp.magic; 1853 /* Gonna NAK it. */ 1854 p[2] = nmagic >> 24; 1855 p[3] = nmagic >> 16; 1856 p[4] = nmagic >> 8; 1857 p[5] = nmagic; 1858 break; 1859 1860 case LCP_OPT_ASYNC_MAP: 1861 /* Async control character map -- check to be zero. */ 1862 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) { 1863 if (debug) 1864 addlog("[empty] "); 1865 continue; 1866 } 1867 if (debug) 1868 addlog("[non-empty] "); 1869 /* suggest a zero one */ 1870 p[2] = p[3] = p[4] = p[5] = 0; 1871 break; 1872 1873 case LCP_OPT_MRU: 1874 /* 1875 * Maximum receive unit. Always agreeable, 1876 * but ignored by now. 1877 */ 1878 sp->lcp.their_mru = p[2] * 256 + p[3]; 1879 if (debug) 1880 addlog("%lu ", sp->lcp.their_mru); 1881 continue; 1882 1883 case LCP_OPT_AUTH_PROTO: 1884 authproto = (p[2] << 8) + p[3]; 1885 if (sp->myauth.proto != authproto) { 1886 /* not agreed, nak */ 1887 if (debug) 1888 addlog("[mine %s != his %s] ", 1889 sppp_proto_name(sp->hisauth.proto), 1890 sppp_proto_name(authproto)); 1891 p[2] = sp->myauth.proto >> 8; 1892 p[3] = sp->myauth.proto; 1893 break; 1894 } 1895 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 1896 if (debug) 1897 addlog("[chap not MD5] "); 1898 p[4] = CHAP_MD5; 1899 break; 1900 } 1901 continue; 1902 } 1903 /* Add the option to nak'ed list. */ 1904 bcopy (p, r, p[1]); 1905 r += p[1]; 1906 rlen += p[1]; 1907 } 1908 if (rlen) { 1909 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 1910 if (debug) 1911 addlog(" max_failure (%d) exceeded, " 1912 "send conf-rej\n", 1913 sp->lcp.max_failure); 1914 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 1915 } else { 1916 if (debug) 1917 addlog(" send conf-nak\n"); 1918 sppp_cp_send(sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 1919 } 1920 goto end; 1921 } else { 1922 if (debug) 1923 addlog("send conf-ack\n"); 1924 sp->fail_counter[IDX_LCP] = 0; 1925 sp->pp_loopcnt = 0; 1926 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 1927 h->ident, origlen, h+1); 1928 } 1929 1930 end: 1931 free(buf, M_TEMP, origlen); 1932 return (rlen == 0); 1933 } 1934 1935 /* 1936 * Analyze the LCP Configure-Reject option list, and adjust our 1937 * negotiation. 1938 */ 1939 void 1940 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 1941 { 1942 STDDCL; 1943 u_char *p; 1944 1945 len -= 4; 1946 1947 if (debug) 1948 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 1949 SPP_ARGS(ifp)); 1950 1951 p = (void*) (h+1); 1952 for (; len > 1; len -= p[1], p += p[1]) { 1953 if (p[1] < 2 || p[1] > len) 1954 return; 1955 if (debug) 1956 addlog("%s ", sppp_lcp_opt_name(*p)); 1957 switch (*p) { 1958 case LCP_OPT_MAGIC: 1959 /* Magic number -- can't use it, use 0 */ 1960 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 1961 sp->lcp.magic = 0; 1962 break; 1963 case LCP_OPT_MRU: 1964 /* 1965 * Should not be rejected anyway, since we only 1966 * negotiate a MRU if explicitly requested by 1967 * peer. 1968 */ 1969 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 1970 break; 1971 case LCP_OPT_AUTH_PROTO: 1972 /* 1973 * Peer doesn't want to authenticate himself, 1974 * deny unless this is a dialout call, and 1975 * AUTHFLAG_NOCALLOUT is set. 1976 */ 1977 if ((sp->pp_flags & PP_CALLIN) == 0 && 1978 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 1979 if (debug) 1980 addlog("[don't insist on auth " 1981 "for callout]"); 1982 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 1983 break; 1984 } 1985 if (debug) 1986 addlog("[access denied]\n"); 1987 lcp.Close(sp); 1988 break; 1989 } 1990 } 1991 if (debug) 1992 addlog("\n"); 1993 } 1994 1995 /* 1996 * Analyze the LCP Configure-NAK option list, and adjust our 1997 * negotiation. 1998 */ 1999 void 2000 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2001 { 2002 STDDCL; 2003 u_char *p; 2004 u_long magic; 2005 2006 len -= 4; 2007 2008 if (debug) 2009 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2010 SPP_ARGS(ifp)); 2011 2012 p = (void*) (h+1); 2013 for (; len > 1; len -= p[1], p += p[1]) { 2014 if (p[1] < 2 || p[1] > len) 2015 return; 2016 if (debug) 2017 addlog("%s ", sppp_lcp_opt_name(*p)); 2018 switch (*p) { 2019 case LCP_OPT_MAGIC: 2020 /* Magic number -- renegotiate */ 2021 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2022 len >= 6 && p[1] == 6) { 2023 magic = (u_long)p[2] << 24 | 2024 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2025 /* 2026 * If the remote magic is our negated one, 2027 * this looks like a loopback problem. 2028 * Suggest a new magic to make sure. 2029 */ 2030 if (magic == ~sp->lcp.magic) { 2031 if (debug) 2032 addlog("magic glitch "); 2033 sp->lcp.magic = arc4random(); 2034 } else { 2035 sp->lcp.magic = magic; 2036 if (debug) 2037 addlog("%lu ", magic); 2038 } 2039 } 2040 break; 2041 case LCP_OPT_MRU: 2042 /* 2043 * Peer wants to advise us to negotiate an MRU. 2044 * Agree on it if it's reasonable, or use 2045 * default otherwise. 2046 */ 2047 if (len >= 4 && p[1] == 4) { 2048 u_int mru = p[2] * 256 + p[3]; 2049 if (debug) 2050 addlog("%d ", mru); 2051 if (mru < PP_MIN_MRU) 2052 mru = PP_MIN_MRU; 2053 if (mru > PP_MAX_MRU) 2054 mru = PP_MAX_MRU; 2055 sp->lcp.mru = mru; 2056 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2057 } 2058 break; 2059 case LCP_OPT_AUTH_PROTO: 2060 /* 2061 * Peer doesn't like our authentication method, 2062 * deny. 2063 */ 2064 if (debug) 2065 addlog("[access denied]\n"); 2066 lcp.Close(sp); 2067 break; 2068 } 2069 } 2070 if (debug) 2071 addlog("\n"); 2072 } 2073 2074 void 2075 sppp_lcp_tlu(struct sppp *sp) 2076 { 2077 struct ifnet *ifp = &sp->pp_if; 2078 int i; 2079 u_long mask; 2080 2081 /* XXX ? */ 2082 if (! (ifp->if_flags & IFF_UP) && 2083 (ifp->if_flags & IFF_RUNNING)) { 2084 /* Coming out of loopback mode. */ 2085 if_up(ifp); 2086 if (ifp->if_flags & IFF_DEBUG) 2087 log(LOG_INFO, SPP_FMT "up\n", SPP_ARGS(ifp)); 2088 } 2089 2090 for (i = 0; i < IDX_COUNT; i++) 2091 if ((cps[i])->flags & CP_QUAL) 2092 (cps[i])->Open(sp); 2093 2094 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2095 (sp->pp_flags & PP_NEEDAUTH) != 0) 2096 sp->pp_phase = PHASE_AUTHENTICATE; 2097 else 2098 sp->pp_phase = PHASE_NETWORK; 2099 2100 sppp_set_phase(sp); 2101 2102 /* 2103 * Open all authentication protocols. This is even required 2104 * if we already proceeded to network phase, since it might be 2105 * that remote wants us to authenticate, so we might have to 2106 * send a PAP request. Undesired authentication protocols 2107 * don't do anything when they get an Open event. 2108 */ 2109 for (i = 0; i < IDX_COUNT; i++) 2110 if ((cps[i])->flags & CP_AUTH) 2111 (cps[i])->Open(sp); 2112 2113 if (sp->pp_phase == PHASE_NETWORK) { 2114 /* Notify all NCPs. */ 2115 for (i = 0; i < IDX_COUNT; i++) 2116 if ((cps[i])->flags & CP_NCP) 2117 (cps[i])->Open(sp); 2118 } 2119 2120 /* Send Up events to all started protos. */ 2121 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2122 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) 2123 (cps[i])->Up(sp); 2124 2125 /* notify low-level driver of state change */ 2126 if (sp->pp_chg) 2127 sp->pp_chg(sp, (int)sp->pp_phase); 2128 2129 if (sp->pp_phase == PHASE_NETWORK) 2130 /* if no NCP is starting, close down */ 2131 sppp_lcp_check_and_close(sp); 2132 } 2133 2134 void 2135 sppp_lcp_tld(struct sppp *sp) 2136 { 2137 int i; 2138 u_long mask; 2139 2140 sp->pp_phase = PHASE_TERMINATE; 2141 2142 sppp_set_phase(sp); 2143 2144 /* 2145 * Take upper layers down. We send the Down event first and 2146 * the Close second to prevent the upper layers from sending 2147 * ``a flurry of terminate-request packets'', as the RFC 2148 * describes it. 2149 */ 2150 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2151 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) { 2152 (cps[i])->Down(sp); 2153 (cps[i])->Close(sp); 2154 } 2155 } 2156 2157 void 2158 sppp_lcp_tls(struct sppp *sp) 2159 { 2160 sp->pp_phase = PHASE_ESTABLISH; 2161 2162 sppp_set_phase(sp); 2163 2164 /* Notify lower layer if desired. */ 2165 if (sp->pp_tls) 2166 (sp->pp_tls)(sp); 2167 } 2168 2169 void 2170 sppp_lcp_tlf(struct sppp *sp) 2171 { 2172 sp->pp_phase = PHASE_DEAD; 2173 sppp_set_phase(sp); 2174 2175 /* Notify lower layer if desired. */ 2176 if (sp->pp_tlf) 2177 (sp->pp_tlf)(sp); 2178 } 2179 2180 void 2181 sppp_lcp_scr(struct sppp *sp) 2182 { 2183 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2184 int i = 0; 2185 u_short authproto; 2186 2187 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2188 if (! sp->lcp.magic) 2189 sp->lcp.magic = arc4random(); 2190 opt[i++] = LCP_OPT_MAGIC; 2191 opt[i++] = 6; 2192 opt[i++] = sp->lcp.magic >> 24; 2193 opt[i++] = sp->lcp.magic >> 16; 2194 opt[i++] = sp->lcp.magic >> 8; 2195 opt[i++] = sp->lcp.magic; 2196 } 2197 2198 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2199 opt[i++] = LCP_OPT_MRU; 2200 opt[i++] = 4; 2201 opt[i++] = sp->lcp.mru >> 8; 2202 opt[i++] = sp->lcp.mru; 2203 } 2204 2205 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2206 authproto = sp->hisauth.proto; 2207 opt[i++] = LCP_OPT_AUTH_PROTO; 2208 opt[i++] = authproto == PPP_CHAP? 5: 4; 2209 opt[i++] = authproto >> 8; 2210 opt[i++] = authproto; 2211 if (authproto == PPP_CHAP) 2212 opt[i++] = CHAP_MD5; 2213 } 2214 2215 sp->confid[IDX_LCP] = ++sp->pp_seq; 2216 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, opt); 2217 } 2218 2219 /* 2220 * Check the open NCPs, return true if at least one NCP is open. 2221 */ 2222 int 2223 sppp_ncp_check(struct sppp *sp) 2224 { 2225 int i, mask; 2226 2227 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2228 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP) 2229 return 1; 2230 return 0; 2231 } 2232 2233 /* 2234 * Re-check the open NCPs and see if we should terminate the link. 2235 * Called by the NCPs during their tlf action handling. 2236 */ 2237 void 2238 sppp_lcp_check_and_close(struct sppp *sp) 2239 { 2240 2241 if (sp->pp_phase < PHASE_NETWORK) 2242 /* don't bother, we are already going down */ 2243 return; 2244 2245 if (sppp_ncp_check(sp)) 2246 return; 2247 2248 lcp.Close(sp); 2249 } 2250 /* 2251 *--------------------------------------------------------------------------* 2252 * * 2253 * The IPCP implementation. * 2254 * * 2255 *--------------------------------------------------------------------------* 2256 */ 2257 2258 void 2259 sppp_ipcp_init(struct sppp *sp) 2260 { 2261 sp->ipcp.opts = 0; 2262 sp->ipcp.flags = 0; 2263 sp->state[IDX_IPCP] = STATE_INITIAL; 2264 sp->fail_counter[IDX_IPCP] = 0; 2265 task_set(&sp->ipcp.set_addr_task, sppp_set_ip_addrs, sp); 2266 task_set(&sp->ipcp.clear_addr_task, sppp_clear_ip_addrs, sp); 2267 } 2268 2269 void 2270 sppp_ipcp_destroy(struct sppp *sp) 2271 { 2272 task_del(systq, &sp->ipcp.set_addr_task); 2273 task_del(systq, &sp->ipcp.clear_addr_task); 2274 } 2275 2276 void 2277 sppp_ipcp_up(struct sppp *sp) 2278 { 2279 sppp_up_event(&ipcp, sp); 2280 } 2281 2282 void 2283 sppp_ipcp_down(struct sppp *sp) 2284 { 2285 sppp_down_event(&ipcp, sp); 2286 } 2287 2288 void 2289 sppp_ipcp_open(struct sppp *sp) 2290 { 2291 sppp_open_event(&ipcp, sp); 2292 } 2293 2294 void 2295 sppp_ipcp_close(struct sppp *sp) 2296 { 2297 sppp_close_event(&ipcp, sp); 2298 } 2299 2300 void 2301 sppp_ipcp_TO(void *cookie) 2302 { 2303 sppp_to_event(&ipcp, (struct sppp *)cookie); 2304 } 2305 2306 /* 2307 * Analyze a configure request. Return true if it was agreeable, and 2308 * caused action sca, false if it has been rejected or nak'ed, and 2309 * caused action scn. (The return value is used to make the state 2310 * transition decision in the state automaton.) 2311 */ 2312 int 2313 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2314 { 2315 u_char *buf, *r, *p; 2316 struct ifnet *ifp = &sp->pp_if; 2317 int rlen, origlen, buflen, debug = ifp->if_flags & IFF_DEBUG; 2318 u_int32_t hisaddr, desiredaddr; 2319 2320 len -= 4; 2321 origlen = len; 2322 /* 2323 * Make sure to allocate a buf that can at least hold a 2324 * conf-nak with an `address' option. We might need it below. 2325 */ 2326 buflen = len < 6? 6: len; 2327 buf = r = malloc (buflen, M_TEMP, M_NOWAIT); 2328 if (! buf) 2329 return (0); 2330 2331 /* pass 1: see if we can recognize them */ 2332 if (debug) 2333 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2334 SPP_ARGS(ifp)); 2335 p = (void*) (h+1); 2336 for (rlen = 0; len > 1; len -= p[1], p += p[1]) { 2337 if (p[1] < 2 || p[1] > len) { 2338 free(buf, M_TEMP, buflen); 2339 return (-1); 2340 } 2341 if (debug) 2342 addlog("%s ", sppp_ipcp_opt_name(*p)); 2343 switch (*p) { 2344 #ifdef notyet 2345 case IPCP_OPT_COMPRESSION: 2346 if (len >= 6 && p[1] >= 6) { 2347 /* correctly formed compress option */ 2348 continue; 2349 } 2350 if (debug) 2351 addlog("[invalid] "); 2352 break; 2353 #endif 2354 case IPCP_OPT_ADDRESS: 2355 if (len >= 6 && p[1] == 6) { 2356 /* correctly formed address option */ 2357 continue; 2358 } 2359 if (debug) 2360 addlog("[invalid] "); 2361 break; 2362 default: 2363 /* Others not supported. */ 2364 if (debug) 2365 addlog("[rej] "); 2366 break; 2367 } 2368 /* Add the option to rejected list. */ 2369 bcopy (p, r, p[1]); 2370 r += p[1]; 2371 rlen += p[1]; 2372 } 2373 if (rlen) { 2374 if (debug) 2375 addlog(" send conf-rej\n"); 2376 sppp_cp_send(sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2377 goto end; 2378 } else if (debug) 2379 addlog("\n"); 2380 2381 /* pass 2: parse option values */ 2382 if (sp->ipcp.flags & IPCP_HISADDR_SEEN) 2383 hisaddr = sp->ipcp.req_hisaddr; /* we already agreed on that */ 2384 else 2385 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */ 2386 if (debug) 2387 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2388 SPP_ARGS(ifp)); 2389 p = (void*) (h+1); 2390 len = origlen; 2391 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2392 if (debug) 2393 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2394 switch (*p) { 2395 #ifdef notyet 2396 case IPCP_OPT_COMPRESSION: 2397 continue; 2398 #endif 2399 case IPCP_OPT_ADDRESS: 2400 desiredaddr = p[2] << 24 | p[3] << 16 | 2401 p[4] << 8 | p[5]; 2402 if (desiredaddr == hisaddr || 2403 ((sp->ipcp.flags & IPCP_HISADDR_DYN) && 2404 desiredaddr != 0)) { 2405 /* 2406 * Peer's address is same as our value, 2407 * or we have set it to 0.0.0.1 to 2408 * indicate that we do not really care, 2409 * this is agreeable. Gonna conf-ack 2410 * it. 2411 */ 2412 if (debug) 2413 addlog("%s [ack] ", 2414 sppp_dotted_quad(desiredaddr)); 2415 /* record that we've seen it already */ 2416 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2417 sp->ipcp.req_hisaddr = desiredaddr; 2418 hisaddr = desiredaddr; 2419 continue; 2420 } 2421 /* 2422 * The address wasn't agreeable. This is either 2423 * he sent us 0.0.0.0, asking to assign him an 2424 * address, or he send us another address not 2425 * matching our value. Either case, we gonna 2426 * conf-nak it with our value. 2427 */ 2428 if (debug) { 2429 if (desiredaddr == 0) 2430 addlog("[addr requested] "); 2431 else 2432 addlog("%s [not agreed] ", 2433 sppp_dotted_quad(desiredaddr)); 2434 } 2435 2436 p[2] = hisaddr >> 24; 2437 p[3] = hisaddr >> 16; 2438 p[4] = hisaddr >> 8; 2439 p[5] = hisaddr; 2440 break; 2441 } 2442 /* Add the option to nak'ed list. */ 2443 bcopy (p, r, p[1]); 2444 r += p[1]; 2445 rlen += p[1]; 2446 } 2447 2448 /* 2449 * If we are about to conf-ack the request, but haven't seen 2450 * his address so far, gonna conf-nak it instead, with the 2451 * `address' option present and our idea of his address being 2452 * filled in there, to request negotiation of both addresses. 2453 * 2454 * XXX This can result in an endless req - nak loop if peer 2455 * doesn't want to send us his address. Q: What should we do 2456 * about it? XXX A: implement the max-failure counter. 2457 */ 2458 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) { 2459 buf[0] = IPCP_OPT_ADDRESS; 2460 buf[1] = 6; 2461 buf[2] = hisaddr >> 24; 2462 buf[3] = hisaddr >> 16; 2463 buf[4] = hisaddr >> 8; 2464 buf[5] = hisaddr; 2465 rlen = 6; 2466 if (debug) 2467 addlog("still need hisaddr "); 2468 } 2469 2470 if (rlen) { 2471 if (debug) 2472 addlog(" send conf-nak\n"); 2473 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2474 } else { 2475 if (debug) 2476 addlog(" send conf-ack\n"); 2477 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 2478 h->ident, origlen, h+1); 2479 } 2480 2481 end: 2482 free(buf, M_TEMP, buflen); 2483 return (rlen == 0); 2484 } 2485 2486 /* 2487 * Analyze the IPCP Configure-Reject option list, and adjust our 2488 * negotiation. 2489 */ 2490 void 2491 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2492 { 2493 u_char *p; 2494 struct ifnet *ifp = &sp->pp_if; 2495 int debug = ifp->if_flags & IFF_DEBUG; 2496 2497 len -= 4; 2498 2499 if (debug) 2500 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 2501 SPP_ARGS(ifp)); 2502 2503 p = (void*) (h+1); 2504 for (; len > 1; len -= p[1], p += p[1]) { 2505 if (p[1] < 2 || p[1] > len) 2506 return; 2507 if (debug) 2508 addlog("%s ", sppp_ipcp_opt_name(*p)); 2509 switch (*p) { 2510 case IPCP_OPT_ADDRESS: 2511 /* 2512 * Peer doesn't grok address option. This is 2513 * bad. XXX Should we better give up here? 2514 */ 2515 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 2516 break; 2517 #ifdef notyet 2518 case IPCP_OPT_COMPRESS: 2519 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS); 2520 break; 2521 #endif 2522 } 2523 } 2524 if (debug) 2525 addlog("\n"); 2526 } 2527 2528 /* 2529 * Analyze the IPCP Configure-NAK option list, and adjust our 2530 * negotiation. 2531 */ 2532 void 2533 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2534 { 2535 u_char *p; 2536 struct ifnet *ifp = &sp->pp_if; 2537 int debug = ifp->if_flags & IFF_DEBUG; 2538 u_int32_t wantaddr; 2539 2540 len -= 4; 2541 2542 if (debug) 2543 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 2544 SPP_ARGS(ifp)); 2545 2546 p = (void*) (h+1); 2547 for (; len > 1; len -= p[1], p += p[1]) { 2548 if (p[1] < 2 || p[1] > len) 2549 return; 2550 if (debug) 2551 addlog("%s ", sppp_ipcp_opt_name(*p)); 2552 switch (*p) { 2553 case IPCP_OPT_ADDRESS: 2554 /* 2555 * Peer doesn't like our local IP address. See 2556 * if we can do something for him. We'll drop 2557 * him our address then. 2558 */ 2559 if (len >= 6 && p[1] == 6) { 2560 wantaddr = p[2] << 24 | p[3] << 16 | 2561 p[4] << 8 | p[5]; 2562 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2563 if (debug) 2564 addlog("[wantaddr %s] ", 2565 sppp_dotted_quad(wantaddr)); 2566 /* 2567 * When doing dynamic address assignment, 2568 * we accept his offer. Otherwise, we 2569 * ignore it and thus continue to negotiate 2570 * our already existing value. 2571 */ 2572 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 2573 if (debug) 2574 addlog("[agree] "); 2575 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2576 sp->ipcp.req_myaddr = wantaddr; 2577 } 2578 } 2579 break; 2580 #ifdef notyet 2581 case IPCP_OPT_COMPRESS: 2582 /* 2583 * Peer wants different compression parameters. 2584 */ 2585 break; 2586 #endif 2587 } 2588 } 2589 if (debug) 2590 addlog("\n"); 2591 } 2592 2593 void 2594 sppp_ipcp_tlu(struct sppp *sp) 2595 { 2596 if (sp->ipcp.req_myaddr != 0 || sp->ipcp.req_hisaddr != 0) 2597 task_add(systq, &sp->ipcp.set_addr_task); 2598 } 2599 2600 void 2601 sppp_ipcp_tld(struct sppp *sp) 2602 { 2603 } 2604 2605 void 2606 sppp_ipcp_tls(struct sppp *sp) 2607 { 2608 STDDCL; 2609 u_int32_t myaddr, hisaddr; 2610 2611 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN| 2612 IPCP_MYADDR_DYN|IPCP_HISADDR_DYN); 2613 sp->ipcp.req_myaddr = 0; 2614 sp->ipcp.req_hisaddr = 0; 2615 2616 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2617 /* 2618 * If we don't have his address, this probably means our 2619 * interface doesn't want to talk IP at all. (This could 2620 * be the case if somebody wants to speak only IPX, for 2621 * example.) Don't open IPCP in this case. 2622 */ 2623 if (hisaddr == 0) { 2624 /* XXX this message should go away */ 2625 if (debug) 2626 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2627 SPP_ARGS(ifp)); 2628 return; 2629 } 2630 2631 if (myaddr == 0) { 2632 /* 2633 * I don't have an assigned address, so i need to 2634 * negotiate my address. 2635 */ 2636 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2637 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2638 } 2639 if (hisaddr >= 1 && hisaddr <= 255) { 2640 /* 2641 * XXX - remove this hack! 2642 * remote has no valid address, we need to get one assigned. 2643 */ 2644 sp->ipcp.flags |= IPCP_HISADDR_DYN; 2645 } 2646 2647 /* indicate to LCP that it must stay alive */ 2648 sp->lcp.protos |= (1 << IDX_IPCP); 2649 } 2650 2651 void 2652 sppp_ipcp_tlf(struct sppp *sp) 2653 { 2654 if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN)) 2655 /* Some address was dynamic, clear it again. */ 2656 task_add(systq, &sp->ipcp.clear_addr_task); 2657 2658 /* we no longer need LCP */ 2659 sp->lcp.protos &= ~(1 << IDX_IPCP); 2660 sppp_lcp_check_and_close(sp); 2661 } 2662 2663 void 2664 sppp_ipcp_scr(struct sppp *sp) 2665 { 2666 char opt[6 /* compression */ + 6 /* address */]; 2667 u_int32_t ouraddr; 2668 int i = 0; 2669 2670 #ifdef notyet 2671 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 2672 opt[i++] = IPCP_OPT_COMPRESSION; 2673 opt[i++] = 6; 2674 opt[i++] = 0; /* VJ header compression */ 2675 opt[i++] = 0x2d; /* VJ header compression */ 2676 opt[i++] = max_slot_id; 2677 opt[i++] = comp_slot_id; 2678 } 2679 #endif 2680 2681 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 2682 if (sp->ipcp.flags & IPCP_MYADDR_SEEN) 2683 /* not sure if this can ever happen */ 2684 ouraddr = sp->ipcp.req_myaddr; 2685 else 2686 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 2687 opt[i++] = IPCP_OPT_ADDRESS; 2688 opt[i++] = 6; 2689 opt[i++] = ouraddr >> 24; 2690 opt[i++] = ouraddr >> 16; 2691 opt[i++] = ouraddr >> 8; 2692 opt[i++] = ouraddr; 2693 } 2694 2695 sp->confid[IDX_IPCP] = ++sp->pp_seq; 2696 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, opt); 2697 } 2698 2699 /* 2700 *--------------------------------------------------------------------------* 2701 * * 2702 * The IPv6CP implementation. * 2703 * * 2704 *--------------------------------------------------------------------------* 2705 */ 2706 2707 #ifdef INET6 2708 void 2709 sppp_ipv6cp_init(struct sppp *sp) 2710 { 2711 sp->ipv6cp.opts = 0; 2712 sp->ipv6cp.flags = 0; 2713 sp->state[IDX_IPV6CP] = STATE_INITIAL; 2714 sp->fail_counter[IDX_IPV6CP] = 0; 2715 task_set(&sp->ipv6cp.set_addr_task, sppp_update_ip6_addr, sp); 2716 } 2717 2718 void 2719 sppp_ipv6cp_destroy(struct sppp *sp) 2720 { 2721 task_del(systq, &sp->ipv6cp.set_addr_task); 2722 } 2723 2724 void 2725 sppp_ipv6cp_up(struct sppp *sp) 2726 { 2727 sppp_up_event(&ipv6cp, sp); 2728 } 2729 2730 void 2731 sppp_ipv6cp_down(struct sppp *sp) 2732 { 2733 sppp_down_event(&ipv6cp, sp); 2734 } 2735 2736 void 2737 sppp_ipv6cp_open(struct sppp *sp) 2738 { 2739 STDDCL; 2740 struct in6_addr myaddr, hisaddr; 2741 2742 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 2743 2744 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, NULL); 2745 /* 2746 * If we don't have our address, this probably means our 2747 * interface doesn't want to talk IPv6 at all. (This could 2748 * be the case if the IFXF_NOINET6 flag is set, for 2749 * example.) Don't open IPv6CP in this case. 2750 */ 2751 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 2752 /* XXX this message should go away */ 2753 if (debug) 2754 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 2755 SPP_ARGS(ifp)); 2756 return; 2757 } 2758 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 2759 sppp_open_event(&ipv6cp, sp); 2760 } 2761 2762 void 2763 sppp_ipv6cp_close(struct sppp *sp) 2764 { 2765 sppp_close_event(&ipv6cp, sp); 2766 } 2767 2768 void 2769 sppp_ipv6cp_TO(void *cookie) 2770 { 2771 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 2772 } 2773 2774 int 2775 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2776 { 2777 u_char *buf, *r, *p; 2778 struct ifnet *ifp = &sp->pp_if; 2779 int rlen, origlen, buflen, debug = ifp->if_flags & IFF_DEBUG; 2780 struct in6_addr myaddr, desiredaddr, suggestaddr; 2781 int ifidcount; 2782 int type; 2783 int collision, nohisaddr; 2784 char addr[INET6_ADDRSTRLEN]; 2785 2786 len -= 4; 2787 origlen = len; 2788 /* 2789 * Make sure to allocate a buf that can at least hold a 2790 * conf-nak with an `address' option. We might need it below. 2791 */ 2792 buflen = len < 6? 6: len; 2793 buf = r = malloc (buflen, M_TEMP, M_NOWAIT); 2794 if (! buf) 2795 return (0); 2796 2797 /* pass 1: see if we can recognize them */ 2798 if (debug) 2799 log(LOG_DEBUG, "%s: ipv6cp parse opts:", 2800 SPP_ARGS(ifp)); 2801 p = (void *)(h + 1); 2802 ifidcount = 0; 2803 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2804 /* Sanity check option length */ 2805 if (p[1] < 2 || p[1] > len) { 2806 free(buf, M_TEMP, buflen); 2807 return (-1); 2808 } 2809 if (debug) 2810 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 2811 switch (*p) { 2812 case IPV6CP_OPT_IFID: 2813 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 2814 /* correctly formed address option */ 2815 ifidcount++; 2816 continue; 2817 } 2818 if (debug) 2819 addlog(" [invalid]"); 2820 break; 2821 #ifdef notyet 2822 case IPV6CP_OPT_COMPRESSION: 2823 if (len >= 4 && p[1] >= 4) { 2824 /* correctly formed compress option */ 2825 continue; 2826 } 2827 if (debug) 2828 addlog(" [invalid]"); 2829 break; 2830 #endif 2831 default: 2832 /* Others not supported. */ 2833 if (debug) 2834 addlog(" [rej]"); 2835 break; 2836 } 2837 /* Add the option to rejected list. */ 2838 bcopy (p, r, p[1]); 2839 r += p[1]; 2840 rlen += p[1]; 2841 } 2842 if (rlen) { 2843 if (debug) 2844 addlog(" send conf-rej\n"); 2845 sppp_cp_send(sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 2846 goto end; 2847 } else if (debug) 2848 addlog("\n"); 2849 2850 /* pass 2: parse option values */ 2851 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) 2852 myaddr = sp->ipv6cp.req_ifid.ifra_addr.sin6_addr; 2853 else 2854 sppp_get_ip6_addrs(sp, &myaddr, NULL, NULL); 2855 if (debug) 2856 log(LOG_DEBUG, "%s: ipv6cp parse opt values: ", 2857 SPP_ARGS(ifp)); 2858 p = (void *)(h + 1); 2859 len = origlen; 2860 type = CONF_ACK; 2861 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2862 if (debug) 2863 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 2864 switch (*p) { 2865 #ifdef notyet 2866 case IPV6CP_OPT_COMPRESSION: 2867 continue; 2868 #endif 2869 case IPV6CP_OPT_IFID: 2870 memset(&desiredaddr, 0, sizeof(desiredaddr)); 2871 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 2872 collision = (memcmp(&desiredaddr.s6_addr[8], 2873 &myaddr.s6_addr[8], 8) == 0); 2874 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 2875 2876 desiredaddr.s6_addr16[0] = htons(0xfe80); 2877 2878 if (!collision && !nohisaddr) { 2879 /* no collision, hisaddr known - Conf-Ack */ 2880 type = CONF_ACK; 2881 2882 if (debug) { 2883 addlog(" %s [%s]", 2884 inet_ntop(AF_INET6, &desiredaddr, 2885 addr, sizeof(addr)), 2886 sppp_cp_type_name(type)); 2887 } 2888 sppp_set_ip6_addr(sp, &myaddr, &desiredaddr); 2889 continue; 2890 } 2891 2892 memset(&suggestaddr, 0, sizeof(suggestaddr)); 2893 if (collision && nohisaddr) { 2894 /* collision, hisaddr unknown - Conf-Rej */ 2895 type = CONF_REJ; 2896 memset(&p[2], 0, 8); 2897 } else { 2898 /* 2899 * - no collision, hisaddr unknown, or 2900 * - collision, hisaddr known 2901 * Conf-Nak, suggest hisaddr 2902 */ 2903 type = CONF_NAK; 2904 sppp_suggest_ip6_addr(sp, &suggestaddr); 2905 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 2906 } 2907 if (debug) 2908 addlog(" %s [%s]", 2909 inet_ntop(AF_INET6, &desiredaddr, addr, 2910 sizeof(addr)), 2911 sppp_cp_type_name(type)); 2912 break; 2913 } 2914 /* Add the option to nak'ed list. */ 2915 bcopy (p, r, p[1]); 2916 r += p[1]; 2917 rlen += p[1]; 2918 } 2919 2920 if (rlen == 0 && type == CONF_ACK) { 2921 if (debug) 2922 addlog(" send %s\n", sppp_cp_type_name(type)); 2923 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, origlen, h + 1); 2924 } else { 2925 #ifdef notdef 2926 if (type == CONF_ACK) 2927 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 2928 #endif 2929 2930 if (debug) { 2931 addlog(" send %s suggest %s\n", 2932 sppp_cp_type_name(type), 2933 inet_ntop(AF_INET6, &suggestaddr, addr, 2934 sizeof(addr))); 2935 } 2936 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, rlen, buf); 2937 } 2938 2939 end: 2940 free(buf, M_TEMP, buflen); 2941 return (rlen == 0); 2942 } 2943 2944 void 2945 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2946 { 2947 u_char *p; 2948 struct ifnet *ifp = &sp->pp_if; 2949 int debug = ifp->if_flags & IFF_DEBUG; 2950 2951 len -= 4; 2952 2953 if (debug) 2954 log(LOG_DEBUG, "%s: ipv6cp rej opts:", 2955 SPP_ARGS(ifp)); 2956 2957 p = (void *)(h + 1); 2958 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2959 if (p[1] < 2 || p[1] > len) 2960 return; 2961 if (debug) 2962 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 2963 switch (*p) { 2964 case IPV6CP_OPT_IFID: 2965 /* 2966 * Peer doesn't grok address option. This is 2967 * bad. XXX Should we better give up here? 2968 */ 2969 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 2970 break; 2971 #ifdef notyet 2972 case IPV6CP_OPT_COMPRESS: 2973 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 2974 break; 2975 #endif 2976 } 2977 } 2978 if (debug) 2979 addlog("\n"); 2980 return; 2981 } 2982 2983 void 2984 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2985 { 2986 u_char *p; 2987 struct ifnet *ifp = &sp->pp_if; 2988 int debug = ifp->if_flags & IFF_DEBUG; 2989 struct in6_addr suggestaddr; 2990 char addr[INET6_ADDRSTRLEN]; 2991 2992 len -= 4; 2993 2994 if (debug) 2995 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts: ", 2996 SPP_ARGS(ifp)); 2997 2998 p = (void*) (h+1); 2999 for (; len > 1; len -= p[1], p += p[1]) { 3000 if (p[1] < 2 || p[1] > len) 3001 return; 3002 if (debug) 3003 addlog("%s ", sppp_ipv6cp_opt_name(*p)); 3004 switch (*p) { 3005 case IPV6CP_OPT_IFID: 3006 /* 3007 * Peer doesn't like our local ifid. See 3008 * if we can do something for him. We'll drop 3009 * him our address then. 3010 */ 3011 if (len < 10 || p[1] != 10) 3012 break; 3013 sp->ipv6cp.flags |= IPV6CP_MYIFID_DYN; 3014 memset(&suggestaddr, 0, sizeof(suggestaddr)); 3015 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3016 if (IN6_IS_ADDR_UNSPECIFIED(&suggestaddr) || 3017 (sp->ipv6cp.flags & IPV6CP_MYIFID_SEEN)) { 3018 /* 3019 * The peer didn't suggest anything, 3020 * or wants us to change a previously 3021 * suggested address. 3022 * Configure a new address for us. 3023 */ 3024 sppp_suggest_ip6_addr(sp, &suggestaddr); 3025 sppp_set_ip6_addr(sp, &suggestaddr, NULL); 3026 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3027 } else { 3028 /* Configure address suggested by peer. */ 3029 suggestaddr.s6_addr16[0] = htons(0xfe80); 3030 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3031 if (debug) 3032 addlog(" [suggestaddr %s]", 3033 inet_ntop(AF_INET6, &suggestaddr, 3034 addr, sizeof(addr))); 3035 sppp_set_ip6_addr(sp, &suggestaddr, NULL); 3036 if (debug) 3037 addlog(" [agree]"); 3038 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3039 } 3040 break; 3041 #ifdef notyet 3042 case IPV6CP_OPT_COMPRESS: 3043 /* 3044 * Peer wants different compression parameters. 3045 */ 3046 break; 3047 #endif 3048 } 3049 } 3050 if (debug) 3051 addlog("\n"); 3052 } 3053 3054 void 3055 sppp_ipv6cp_tlu(struct sppp *sp) 3056 { 3057 } 3058 3059 void 3060 sppp_ipv6cp_tld(struct sppp *sp) 3061 { 3062 } 3063 3064 void 3065 sppp_ipv6cp_tls(struct sppp *sp) 3066 { 3067 /* indicate to LCP that it must stay alive */ 3068 sp->lcp.protos |= (1 << IDX_IPV6CP); 3069 } 3070 3071 void 3072 sppp_ipv6cp_tlf(struct sppp *sp) 3073 { 3074 /* we no longer need LCP */ 3075 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3076 sppp_lcp_check_and_close(sp); 3077 } 3078 3079 void 3080 sppp_ipv6cp_scr(struct sppp *sp) 3081 { 3082 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3083 struct in6_addr ouraddr; 3084 int i = 0; 3085 3086 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3087 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) 3088 ouraddr = sp->ipv6cp.req_ifid.ifra_addr.sin6_addr; 3089 else 3090 sppp_get_ip6_addrs(sp, &ouraddr, NULL, NULL); 3091 opt[i++] = IPV6CP_OPT_IFID; 3092 opt[i++] = 10; 3093 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3094 i += 8; 3095 } 3096 3097 #ifdef notyet 3098 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3099 opt[i++] = IPV6CP_OPT_COMPRESSION; 3100 opt[i++] = 4; 3101 opt[i++] = 0; /* TBD */ 3102 opt[i++] = 0; /* TBD */ 3103 /* variable length data may follow */ 3104 } 3105 #endif 3106 3107 sp->confid[IDX_IPV6CP] = ++sp->pp_seq; 3108 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, opt); 3109 } 3110 #else /*INET6*/ 3111 void 3112 sppp_ipv6cp_init(struct sppp *sp) 3113 { 3114 } 3115 3116 void 3117 sppp_ipv6cp_destroy(struct sppp *sp) 3118 { 3119 } 3120 3121 void 3122 sppp_ipv6cp_up(struct sppp *sp) 3123 { 3124 } 3125 3126 void 3127 sppp_ipv6cp_down(struct sppp *sp) 3128 { 3129 } 3130 3131 void 3132 sppp_ipv6cp_open(struct sppp *sp) 3133 { 3134 } 3135 3136 void 3137 sppp_ipv6cp_close(struct sppp *sp) 3138 { 3139 } 3140 3141 void 3142 sppp_ipv6cp_TO(void *sp) 3143 { 3144 } 3145 3146 int 3147 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, 3148 int len) 3149 { 3150 return 0; 3151 } 3152 3153 void 3154 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, 3155 int len) 3156 { 3157 } 3158 3159 void 3160 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, 3161 int len) 3162 { 3163 } 3164 3165 void 3166 sppp_ipv6cp_tlu(struct sppp *sp) 3167 { 3168 } 3169 3170 void 3171 sppp_ipv6cp_tld(struct sppp *sp) 3172 { 3173 } 3174 3175 void 3176 sppp_ipv6cp_tls(struct sppp *sp) 3177 { 3178 } 3179 3180 void 3181 sppp_ipv6cp_tlf(struct sppp *sp) 3182 { 3183 } 3184 3185 void 3186 sppp_ipv6cp_scr(struct sppp *sp) 3187 { 3188 } 3189 #endif /*INET6*/ 3190 3191 /* 3192 *--------------------------------------------------------------------------* 3193 * * 3194 * The CHAP implementation. * 3195 * * 3196 *--------------------------------------------------------------------------* 3197 */ 3198 3199 /* 3200 * The authentication protocols don't employ a full-fledged state machine as 3201 * the control protocols do, since they do have Open and Close events, but 3202 * not Up and Down, nor are they explicitly terminated. Also, use of the 3203 * authentication protocols may be different in both directions (this makes 3204 * sense, think of a machine that never accepts incoming calls but only 3205 * calls out, it doesn't require the called party to authenticate itself). 3206 * 3207 * Our state machine for the local authentication protocol (we are requesting 3208 * the peer to authenticate) looks like: 3209 * 3210 * RCA- 3211 * +--------------------------------------------+ 3212 * V scn,tld| 3213 * +--------+ Close +---------+ RCA+ 3214 * | |<----------------------------------| |------+ 3215 * +--->| Closed | TO* | Opened | sca | 3216 * | | |-----+ +-------| |<-----+ 3217 * | +--------+ irc | | +---------+ 3218 * | ^ | | ^ 3219 * | | | | | 3220 * | | | | | 3221 * | TO-| | | | 3222 * | |tld TO+ V | | 3223 * | | +------->+ | | 3224 * | | | | | | 3225 * | +--------+ V | | 3226 * | | |<----+<--------------------+ | 3227 * | | Req- | scr | 3228 * | | Sent | | 3229 * | | | | 3230 * | +--------+ | 3231 * | RCA- | | RCA+ | 3232 * +------+ +------------------------------------------+ 3233 * scn,tld sca,irc,ict,tlu 3234 * 3235 * 3236 * with: 3237 * 3238 * Open: LCP reached authentication phase 3239 * Close: LCP reached terminate phase 3240 * 3241 * RCA+: received reply (pap-req, chap-response), acceptable 3242 * RCN: received reply (pap-req, chap-response), not acceptable 3243 * TO+: timeout with restart counter >= 0 3244 * TO-: timeout with restart counter < 0 3245 * TO*: reschedule timeout for CHAP 3246 * 3247 * scr: send request packet (none for PAP, chap-challenge) 3248 * sca: send ack packet (pap-ack, chap-success) 3249 * scn: send nak packet (pap-nak, chap-failure) 3250 * ict: initialize re-challenge timer (CHAP only) 3251 * 3252 * tlu: this-layer-up, LCP reaches network phase 3253 * tld: this-layer-down, LCP enters terminate phase 3254 * 3255 * Note that in CHAP mode, after sending a new challenge, while the state 3256 * automaton falls back into Req-Sent state, it doesn't signal a tld 3257 * event to LCP, so LCP remains in network phase. Only after not getting 3258 * any response (or after getting an unacceptable response), CHAP closes, 3259 * causing LCP to enter terminate phase. 3260 * 3261 * With PAP, there is no initial request that can be sent. The peer is 3262 * expected to send one based on the successful negotiation of PAP as 3263 * the authentication protocol during the LCP option negotiation. 3264 * 3265 * Incoming authentication protocol requests (remote requests 3266 * authentication, we are peer) don't employ a state machine at all, 3267 * they are simply answered. Some peers [Ascend P50 firmware rev 3268 * 4.50] react allergically when sending IPCP requests while they are 3269 * still in authentication phase (thereby violating the standard that 3270 * demands that these NCP packets are to be discarded), so we keep 3271 * track of the peer demanding us to authenticate, and only proceed to 3272 * phase network once we've seen a positive acknowledge for the 3273 * authentication. 3274 */ 3275 3276 /* 3277 * Handle incoming CHAP packets. 3278 */ 3279 void 3280 sppp_chap_input(struct sppp *sp, struct mbuf *m) 3281 { 3282 STDDCL; 3283 struct lcp_header *h; 3284 int len, x; 3285 u_char *value, *name, digest[AUTHCHALEN], dsize; 3286 int value_len, name_len; 3287 MD5_CTX ctx; 3288 3289 len = m->m_pkthdr.len; 3290 if (len < 4) { 3291 if (debug) 3292 log(LOG_DEBUG, 3293 SPP_FMT "chap invalid packet length: %d bytes\n", 3294 SPP_ARGS(ifp), len); 3295 return; 3296 } 3297 h = mtod (m, struct lcp_header*); 3298 if (len > ntohs (h->len)) 3299 len = ntohs (h->len); 3300 3301 switch (h->type) { 3302 /* challenge, failure and success are his authproto */ 3303 case CHAP_CHALLENGE: 3304 value = 1 + (u_char*)(h+1); 3305 value_len = value[-1]; 3306 name = value + value_len; 3307 name_len = len - value_len - 5; 3308 if (name_len < 0) { 3309 if (debug) { 3310 log(LOG_DEBUG, 3311 SPP_FMT "chap corrupted challenge " 3312 "<%s id=0x%x len=%d", 3313 SPP_ARGS(ifp), 3314 sppp_auth_type_name(PPP_CHAP, h->type), 3315 h->ident, ntohs(h->len)); 3316 if (len > 4) 3317 sppp_print_bytes((u_char*) (h+1), len-4); 3318 addlog(">\n"); 3319 } 3320 break; 3321 } 3322 3323 if (debug) { 3324 log(LOG_DEBUG, 3325 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3326 SPP_ARGS(ifp), 3327 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3328 ntohs(h->len)); 3329 sppp_print_string((char*) name, name_len); 3330 addlog(" value-size=%d value=", value_len); 3331 sppp_print_bytes(value, value_len); 3332 addlog(">\n"); 3333 } 3334 3335 /* Compute reply value. */ 3336 MD5Init(&ctx); 3337 MD5Update(&ctx, &h->ident, 1); 3338 MD5Update(&ctx, sp->myauth.secret, strlen(sp->myauth.secret)); 3339 MD5Update(&ctx, value, value_len); 3340 MD5Final(digest, &ctx); 3341 dsize = sizeof digest; 3342 3343 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3344 sizeof dsize, (const char *)&dsize, 3345 sizeof digest, digest, 3346 strlen(sp->myauth.name), 3347 sp->myauth.name, 3348 0); 3349 break; 3350 3351 case CHAP_SUCCESS: 3352 if (debug) { 3353 log(LOG_DEBUG, SPP_FMT "chap success", 3354 SPP_ARGS(ifp)); 3355 if (len > 4) { 3356 addlog(": "); 3357 sppp_print_string((char*)(h + 1), len - 4); 3358 } 3359 addlog("\n"); 3360 } 3361 x = splnet(); 3362 sp->pp_flags &= ~PP_NEEDAUTH; 3363 if (sp->myauth.proto == PPP_CHAP && 3364 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3365 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3366 /* 3367 * We are authenticator for CHAP but didn't 3368 * complete yet. Leave it to tlu to proceed 3369 * to network phase. 3370 */ 3371 splx(x); 3372 break; 3373 } 3374 splx(x); 3375 sppp_phase_network(sp); 3376 break; 3377 3378 case CHAP_FAILURE: 3379 if (debug) { 3380 log(LOG_INFO, SPP_FMT "chap failure", 3381 SPP_ARGS(ifp)); 3382 if (len > 4) { 3383 addlog(": "); 3384 sppp_print_string((char*)(h + 1), len - 4); 3385 } 3386 addlog("\n"); 3387 } else 3388 log(LOG_INFO, SPP_FMT "chap failure\n", 3389 SPP_ARGS(ifp)); 3390 /* await LCP shutdown by authenticator */ 3391 break; 3392 3393 /* response is my authproto */ 3394 case CHAP_RESPONSE: 3395 value = 1 + (u_char*)(h+1); 3396 value_len = value[-1]; 3397 name = value + value_len; 3398 name_len = len - value_len - 5; 3399 if (name_len < 0) { 3400 if (debug) { 3401 log(LOG_DEBUG, 3402 SPP_FMT "chap corrupted response " 3403 "<%s id=0x%x len=%d", 3404 SPP_ARGS(ifp), 3405 sppp_auth_type_name(PPP_CHAP, h->type), 3406 h->ident, ntohs(h->len)); 3407 if (len > 4) 3408 sppp_print_bytes((u_char*)(h+1), len-4); 3409 addlog(">\n"); 3410 } 3411 break; 3412 } 3413 if (h->ident != sp->confid[IDX_CHAP]) { 3414 if (debug) 3415 log(LOG_DEBUG, 3416 SPP_FMT "chap dropping response for old ID " 3417 "(got %d, expected %d)\n", 3418 SPP_ARGS(ifp), 3419 h->ident, sp->confid[IDX_CHAP]); 3420 break; 3421 } 3422 if (name_len != strlen(sp->hisauth.name) 3423 || bcmp(name, sp->hisauth.name, name_len) != 0) { 3424 log(LOG_INFO, SPP_FMT "chap response, his name ", 3425 SPP_ARGS(ifp)); 3426 sppp_print_string(name, name_len); 3427 addlog(" != expected "); 3428 sppp_print_string(sp->hisauth.name, 3429 strlen(sp->hisauth.name)); 3430 addlog("\n"); 3431 } 3432 if (debug) { 3433 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 3434 "<%s id=0x%x len=%d name=", 3435 SPP_ARGS(ifp), 3436 sppp_state_name(sp->state[IDX_CHAP]), 3437 sppp_auth_type_name(PPP_CHAP, h->type), 3438 h->ident, ntohs (h->len)); 3439 sppp_print_string((char*)name, name_len); 3440 addlog(" value-size=%d value=", value_len); 3441 sppp_print_bytes(value, value_len); 3442 addlog(">\n"); 3443 } 3444 if (value_len != AUTHCHALEN) { 3445 if (debug) 3446 log(LOG_DEBUG, 3447 SPP_FMT "chap bad hash value length: " 3448 "%d bytes, should be %d\n", 3449 SPP_ARGS(ifp), value_len, 3450 AUTHCHALEN); 3451 break; 3452 } 3453 3454 MD5Init(&ctx); 3455 MD5Update(&ctx, &h->ident, 1); 3456 MD5Update(&ctx, sp->hisauth.secret, strlen(sp->hisauth.secret)); 3457 MD5Update(&ctx, sp->chap_challenge, AUTHCHALEN); 3458 MD5Final(digest, &ctx); 3459 3460 #define FAILMSG "Failed..." 3461 #define SUCCMSG "Welcome!" 3462 3463 if (value_len != sizeof digest || 3464 timingsafe_bcmp(digest, value, value_len) != 0) { 3465 /* action scn, tld */ 3466 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3467 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3468 0); 3469 chap.tld(sp); 3470 break; 3471 } 3472 /* action sca, perhaps tlu */ 3473 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 3474 sp->state[IDX_CHAP] == STATE_OPENED) 3475 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 3476 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3477 0); 3478 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 3479 sppp_cp_change_state(&chap, sp, STATE_OPENED); 3480 chap.tlu(sp); 3481 } 3482 break; 3483 3484 default: 3485 /* Unknown CHAP packet type -- ignore. */ 3486 if (debug) { 3487 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 3488 "<0x%x id=0x%xh len=%d", 3489 SPP_ARGS(ifp), 3490 sppp_state_name(sp->state[IDX_CHAP]), 3491 h->type, h->ident, ntohs(h->len)); 3492 if (len > 4) 3493 sppp_print_bytes((u_char*)(h+1), len-4); 3494 addlog(">\n"); 3495 } 3496 break; 3497 3498 } 3499 } 3500 3501 void 3502 sppp_chap_init(struct sppp *sp) 3503 { 3504 /* Chap doesn't have STATE_INITIAL at all. */ 3505 sp->state[IDX_CHAP] = STATE_CLOSED; 3506 sp->fail_counter[IDX_CHAP] = 0; 3507 } 3508 3509 void 3510 sppp_chap_open(struct sppp *sp) 3511 { 3512 if (sp->myauth.proto == PPP_CHAP && 3513 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3514 /* we are authenticator for CHAP, start it */ 3515 chap.scr(sp); 3516 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3517 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3518 } 3519 /* nothing to be done if we are peer, await a challenge */ 3520 } 3521 3522 void 3523 sppp_chap_close(struct sppp *sp) 3524 { 3525 if (sp->state[IDX_CHAP] != STATE_CLOSED) 3526 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3527 } 3528 3529 void 3530 sppp_chap_TO(void *cookie) 3531 { 3532 struct sppp *sp = (struct sppp *)cookie; 3533 STDDCL; 3534 int s; 3535 3536 s = splnet(); 3537 if (debug) 3538 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 3539 SPP_ARGS(ifp), 3540 sppp_state_name(sp->state[IDX_CHAP]), 3541 sp->rst_counter[IDX_CHAP]); 3542 3543 if (--sp->rst_counter[IDX_CHAP] < 0) 3544 /* TO- event */ 3545 switch (sp->state[IDX_CHAP]) { 3546 case STATE_REQ_SENT: 3547 chap.tld(sp); 3548 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3549 break; 3550 } 3551 else 3552 /* TO+ (or TO*) event */ 3553 switch (sp->state[IDX_CHAP]) { 3554 case STATE_OPENED: 3555 /* TO* event */ 3556 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3557 /* FALLTHROUGH */ 3558 case STATE_REQ_SENT: 3559 chap.scr(sp); 3560 /* sppp_cp_change_state() will restart the timer */ 3561 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3562 break; 3563 } 3564 3565 splx(s); 3566 } 3567 3568 void 3569 sppp_chap_tlu(struct sppp *sp) 3570 { 3571 STDDCL; 3572 int i = 0, x; 3573 3574 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3575 3576 /* 3577 * Some broken CHAP implementations (Conware CoNet, firmware 3578 * 4.0.?) don't want to re-authenticate their CHAP once the 3579 * initial challenge-response exchange has taken place. 3580 * Provide for an option to avoid rechallenges. 3581 */ 3582 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 3583 /* 3584 * Compute the re-challenge timeout. This will yield 3585 * a number between 300 and 810 seconds. 3586 */ 3587 i = 300 + arc4random_uniform(1 + 810 - 300); 3588 3589 timeout_add_sec(&sp->ch[IDX_CHAP], i); 3590 } 3591 3592 if (debug) { 3593 log(LOG_DEBUG, 3594 SPP_FMT "chap %s, ", 3595 SPP_ARGS(ifp), 3596 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 3597 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 3598 addlog("next re-challenge in %d seconds\n", i); 3599 else 3600 addlog("re-challenging suppressed\n"); 3601 } 3602 3603 x = splnet(); 3604 /* indicate to LCP that we need to be closed down */ 3605 sp->lcp.protos |= (1 << IDX_CHAP); 3606 3607 if (sp->pp_flags & PP_NEEDAUTH) { 3608 /* 3609 * Remote is authenticator, but his auth proto didn't 3610 * complete yet. Defer the transition to network 3611 * phase. 3612 */ 3613 splx(x); 3614 return; 3615 } 3616 splx(x); 3617 3618 /* 3619 * If we are already in phase network, we are done here. This 3620 * is the case if this is a dummy tlu event after a re-challenge. 3621 */ 3622 if (sp->pp_phase != PHASE_NETWORK) 3623 sppp_phase_network(sp); 3624 } 3625 3626 void 3627 sppp_chap_tld(struct sppp *sp) 3628 { 3629 STDDCL; 3630 3631 if (debug) 3632 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 3633 UNTIMEOUT(chap.TO, (void *)sp, sp->ch[IDX_CHAP]); 3634 sp->lcp.protos &= ~(1 << IDX_CHAP); 3635 3636 lcp.Close(sp); 3637 } 3638 3639 void 3640 sppp_chap_scr(struct sppp *sp) 3641 { 3642 u_char clen; 3643 3644 /* Compute random challenge. */ 3645 arc4random_buf(sp->chap_challenge, sizeof(sp->chap_challenge)); 3646 clen = AUTHCHALEN; 3647 3648 sp->confid[IDX_CHAP] = ++sp->pp_seq; 3649 3650 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 3651 sizeof clen, (const char *)&clen, 3652 (size_t)AUTHCHALEN, sp->chap_challenge, 3653 strlen(sp->myauth.name), 3654 sp->myauth.name, 3655 0); 3656 } 3657 /* 3658 *--------------------------------------------------------------------------* 3659 * * 3660 * The PAP implementation. * 3661 * * 3662 *--------------------------------------------------------------------------* 3663 */ 3664 /* 3665 * For PAP, we need to keep a little state also if we are the peer, not the 3666 * authenticator. This is since we don't get a request to authenticate, but 3667 * have to repeatedly authenticate ourself until we got a response (or the 3668 * retry counter is expired). 3669 */ 3670 3671 /* 3672 * Handle incoming PAP packets. */ 3673 void 3674 sppp_pap_input(struct sppp *sp, struct mbuf *m) 3675 { 3676 STDDCL; 3677 struct lcp_header *h; 3678 int len, x; 3679 u_char *name, *passwd, mlen; 3680 int name_len, passwd_len; 3681 3682 len = m->m_pkthdr.len; 3683 if (len < 5) { 3684 if (debug) 3685 log(LOG_DEBUG, 3686 SPP_FMT "pap invalid packet length: %d bytes\n", 3687 SPP_ARGS(ifp), len); 3688 return; 3689 } 3690 h = mtod (m, struct lcp_header*); 3691 if (len > ntohs (h->len)) 3692 len = ntohs (h->len); 3693 switch (h->type) { 3694 /* PAP request is my authproto */ 3695 case PAP_REQ: 3696 name = 1 + (u_char*)(h+1); 3697 name_len = name[-1]; 3698 passwd = name + name_len + 1; 3699 if (name_len > len - 6 || 3700 (passwd_len = passwd[-1]) > len - 6 - name_len) { 3701 if (debug) { 3702 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3703 "<%s id=0x%x len=%d", 3704 SPP_ARGS(ifp), 3705 sppp_auth_type_name(PPP_PAP, h->type), 3706 h->ident, ntohs(h->len)); 3707 if (len > 4) 3708 sppp_print_bytes((u_char*)(h+1), len-4); 3709 addlog(">\n"); 3710 } 3711 break; 3712 } 3713 if (debug) { 3714 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 3715 "<%s id=0x%x len=%d name=", 3716 SPP_ARGS(ifp), 3717 sppp_state_name(sp->state[IDX_PAP]), 3718 sppp_auth_type_name(PPP_PAP, h->type), 3719 h->ident, ntohs(h->len)); 3720 sppp_print_string((char*)name, name_len); 3721 addlog(" passwd="); 3722 sppp_print_string((char*)passwd, passwd_len); 3723 addlog(">\n"); 3724 } 3725 if (name_len > AUTHMAXLEN || 3726 passwd_len > AUTHMAXLEN || 3727 bcmp(name, sp->hisauth.name, name_len) != 0 || 3728 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 3729 /* action scn, tld */ 3730 mlen = sizeof(FAILMSG) - 1; 3731 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 3732 sizeof mlen, (const char *)&mlen, 3733 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3734 0); 3735 pap.tld(sp); 3736 break; 3737 } 3738 /* action sca, perhaps tlu */ 3739 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 3740 sp->state[IDX_PAP] == STATE_OPENED) { 3741 mlen = sizeof(SUCCMSG) - 1; 3742 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 3743 sizeof mlen, (const char *)&mlen, 3744 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3745 0); 3746 } 3747 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 3748 sppp_cp_change_state(&pap, sp, STATE_OPENED); 3749 pap.tlu(sp); 3750 } 3751 break; 3752 3753 /* ack and nak are his authproto */ 3754 case PAP_ACK: 3755 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3756 if (debug) { 3757 log(LOG_DEBUG, SPP_FMT "pap success", 3758 SPP_ARGS(ifp)); 3759 name_len = *((char *)h); 3760 if (len > 5 && name_len) { 3761 addlog(": "); 3762 sppp_print_string((char*)(h+1), name_len); 3763 } 3764 addlog("\n"); 3765 } 3766 x = splnet(); 3767 sp->pp_flags &= ~PP_NEEDAUTH; 3768 if (sp->myauth.proto == PPP_PAP && 3769 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3770 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 3771 /* 3772 * We are authenticator for PAP but didn't 3773 * complete yet. Leave it to tlu to proceed 3774 * to network phase. 3775 */ 3776 splx(x); 3777 break; 3778 } 3779 splx(x); 3780 sppp_phase_network(sp); 3781 break; 3782 3783 case PAP_NAK: 3784 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3785 if (debug) { 3786 log(LOG_INFO, SPP_FMT "pap failure", 3787 SPP_ARGS(ifp)); 3788 name_len = *((char *)h); 3789 if (len > 5 && name_len) { 3790 addlog(": "); 3791 sppp_print_string((char*)(h+1), name_len); 3792 } 3793 addlog("\n"); 3794 } else 3795 log(LOG_INFO, SPP_FMT "pap failure\n", 3796 SPP_ARGS(ifp)); 3797 /* await LCP shutdown by authenticator */ 3798 break; 3799 3800 default: 3801 /* Unknown PAP packet type -- ignore. */ 3802 if (debug) { 3803 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3804 "<0x%x id=0x%x len=%d", 3805 SPP_ARGS(ifp), 3806 h->type, h->ident, ntohs(h->len)); 3807 if (len > 4) 3808 sppp_print_bytes((u_char*)(h+1), len-4); 3809 addlog(">\n"); 3810 } 3811 break; 3812 3813 } 3814 } 3815 3816 void 3817 sppp_pap_init(struct sppp *sp) 3818 { 3819 /* PAP doesn't have STATE_INITIAL at all. */ 3820 sp->state[IDX_PAP] = STATE_CLOSED; 3821 sp->fail_counter[IDX_PAP] = 0; 3822 } 3823 3824 void 3825 sppp_pap_open(struct sppp *sp) 3826 { 3827 if (sp->hisauth.proto == PPP_PAP && 3828 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3829 /* we are authenticator for PAP, start our timer */ 3830 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3831 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3832 } 3833 if (sp->myauth.proto == PPP_PAP) { 3834 /* we are peer, send a request, and start a timer */ 3835 pap.scr(sp); 3836 timeout_add_sec(&sp->pap_my_to_ch, sp->lcp.timeout); 3837 } 3838 } 3839 3840 void 3841 sppp_pap_close(struct sppp *sp) 3842 { 3843 if (sp->state[IDX_PAP] != STATE_CLOSED) 3844 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3845 } 3846 3847 /* 3848 * That's the timeout routine if we are authenticator. Since the 3849 * authenticator is basically passive in PAP, we can't do much here. 3850 */ 3851 void 3852 sppp_pap_TO(void *cookie) 3853 { 3854 struct sppp *sp = (struct sppp *)cookie; 3855 STDDCL; 3856 int s; 3857 3858 s = splnet(); 3859 if (debug) 3860 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 3861 SPP_ARGS(ifp), 3862 sppp_state_name(sp->state[IDX_PAP]), 3863 sp->rst_counter[IDX_PAP]); 3864 3865 if (--sp->rst_counter[IDX_PAP] < 0) 3866 /* TO- event */ 3867 switch (sp->state[IDX_PAP]) { 3868 case STATE_REQ_SENT: 3869 pap.tld(sp); 3870 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3871 break; 3872 } 3873 else 3874 /* TO+ event, not very much we could do */ 3875 switch (sp->state[IDX_PAP]) { 3876 case STATE_REQ_SENT: 3877 /* sppp_cp_change_state() will restart the timer */ 3878 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3879 break; 3880 } 3881 3882 splx(s); 3883 } 3884 3885 /* 3886 * That's the timeout handler if we are peer. Since the peer is active, 3887 * we need to retransmit our PAP request since it is apparently lost. 3888 * XXX We should impose a max counter. 3889 */ 3890 void 3891 sppp_pap_my_TO(void *cookie) 3892 { 3893 struct sppp *sp = (struct sppp *)cookie; 3894 STDDCL; 3895 3896 if (debug) 3897 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 3898 SPP_ARGS(ifp)); 3899 3900 pap.scr(sp); 3901 } 3902 3903 void 3904 sppp_pap_tlu(struct sppp *sp) 3905 { 3906 STDDCL; 3907 int x; 3908 3909 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3910 3911 if (debug) 3912 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 3913 SPP_ARGS(ifp), pap.name); 3914 3915 x = splnet(); 3916 /* indicate to LCP that we need to be closed down */ 3917 sp->lcp.protos |= (1 << IDX_PAP); 3918 3919 if (sp->pp_flags & PP_NEEDAUTH) { 3920 /* 3921 * Remote is authenticator, but his auth proto didn't 3922 * complete yet. Defer the transition to network 3923 * phase. 3924 */ 3925 splx(x); 3926 return; 3927 } 3928 splx(x); 3929 sppp_phase_network(sp); 3930 } 3931 3932 void 3933 sppp_pap_tld(struct sppp *sp) 3934 { 3935 STDDCL; 3936 3937 if (debug) 3938 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 3939 UNTIMEOUT(pap.TO, (void *)sp, sp->ch[IDX_PAP]); 3940 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3941 sp->lcp.protos &= ~(1 << IDX_PAP); 3942 3943 lcp.Close(sp); 3944 } 3945 3946 void 3947 sppp_pap_scr(struct sppp *sp) 3948 { 3949 u_char idlen, pwdlen; 3950 3951 sp->confid[IDX_PAP] = ++sp->pp_seq; 3952 pwdlen = strlen(sp->myauth.secret); 3953 idlen = strlen(sp->myauth.name); 3954 3955 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 3956 sizeof idlen, (const char *)&idlen, 3957 (size_t)idlen, sp->myauth.name, 3958 sizeof pwdlen, (const char *)&pwdlen, 3959 (size_t)pwdlen, sp->myauth.secret, 3960 0); 3961 } 3962 /* 3963 * Random miscellaneous functions. 3964 */ 3965 3966 /* 3967 * Send a PAP or CHAP proto packet. 3968 * 3969 * Varadic function, each of the elements for the ellipsis is of type 3970 * ``size_t mlen, const u_char *msg''. Processing will stop iff 3971 * mlen == 0. 3972 */ 3973 3974 void 3975 sppp_auth_send(const struct cp *cp, struct sppp *sp, 3976 unsigned int type, u_int id, ...) 3977 { 3978 STDDCL; 3979 struct lcp_header *lh; 3980 struct mbuf *m; 3981 u_char *p; 3982 int len, s; 3983 unsigned int mlen; 3984 const char *msg; 3985 va_list ap; 3986 3987 MGETHDR (m, M_DONTWAIT, MT_DATA); 3988 if (! m) 3989 return; 3990 m->m_pkthdr.ph_ifidx = 0; 3991 m->m_pkthdr.pf.prio = sp->pp_if.if_llprio; 3992 3993 *mtod(m, u_int16_t *) = htons(cp->proto); 3994 lh = (struct lcp_header *)(mtod(m, u_int8_t *) + 2); 3995 3996 lh->type = type; 3997 lh->ident = id; 3998 p = (u_char*) (lh+1); 3999 4000 va_start(ap, id); 4001 len = 0; 4002 4003 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4004 msg = va_arg(ap, const char *); 4005 len += mlen; 4006 if (len > MHLEN - PKTHDRLEN - LCP_HEADER_LEN) { 4007 va_end(ap); 4008 m_freem(m); 4009 return; 4010 } 4011 4012 bcopy(msg, p, mlen); 4013 p += mlen; 4014 } 4015 va_end(ap); 4016 4017 m->m_pkthdr.len = m->m_len = PKTHDRLEN + LCP_HEADER_LEN + len; 4018 lh->len = htons (LCP_HEADER_LEN + len); 4019 4020 if (debug) { 4021 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4022 SPP_ARGS(ifp), cp->name, 4023 sppp_auth_type_name(cp->proto, lh->type), 4024 lh->ident, ntohs(lh->len)); 4025 if (len) 4026 sppp_print_bytes((u_char*) (lh+1), len); 4027 addlog(">\n"); 4028 } 4029 4030 len = m->m_pkthdr.len + sp->pp_framebytes; 4031 if (mq_enqueue(&sp->pp_cpq, m) != 0) { 4032 ifp->if_oerrors++; 4033 return; 4034 } 4035 4036 ifp->if_obytes += len; 4037 s = splnet(); 4038 if_start(ifp); 4039 splx(s); 4040 } 4041 4042 /* 4043 * Send keepalive packets, every 10 seconds. 4044 */ 4045 void 4046 sppp_keepalive(void *dummy) 4047 { 4048 struct sppp *sp; 4049 int s; 4050 struct timeval tv; 4051 4052 NET_LOCK(); 4053 s = splnet(); 4054 getmicrouptime(&tv); 4055 for (sp=spppq; sp; sp=sp->pp_next) { 4056 struct ifnet *ifp = &sp->pp_if; 4057 4058 /* Keepalive mode disabled or channel down? */ 4059 if (! (sp->pp_flags & PP_KEEPALIVE) || 4060 ! (ifp->if_flags & IFF_RUNNING)) 4061 continue; 4062 4063 /* No keepalive if LCP not opened yet. */ 4064 if (sp->pp_phase < PHASE_AUTHENTICATE) 4065 continue; 4066 4067 /* No echo reply, but maybe user data passed through? */ 4068 if ((tv.tv_sec - sp->pp_last_receive) < NORECV_TIME) { 4069 sp->pp_alivecnt = 0; 4070 continue; 4071 } 4072 4073 if (sp->pp_alivecnt >= MAXALIVECNT) { 4074 /* No keepalive packets got. Stop the interface. */ 4075 if_down (ifp); 4076 mq_purge(&sp->pp_cpq); 4077 log(LOG_INFO, SPP_FMT "LCP keepalive timeout\n", 4078 SPP_ARGS(ifp)); 4079 sp->pp_alivecnt = 0; 4080 4081 /* we are down, close all open protocols */ 4082 lcp.Close(sp); 4083 4084 /* And now prepare LCP to reestablish the link, 4085 * if configured to do so. */ 4086 sppp_cp_change_state(&lcp, sp, STATE_STOPPED); 4087 4088 /* Close connection immediately, completion of this 4089 * will summon the magic needed to reestablish it. */ 4090 if (sp->pp_tlf) 4091 sp->pp_tlf(sp); 4092 continue; 4093 } 4094 if (sp->pp_alivecnt < MAXALIVECNT) 4095 ++sp->pp_alivecnt; 4096 if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4097 u_int32_t nmagic = htonl(sp->lcp.magic); 4098 sp->lcp.echoid = ++sp->pp_seq; 4099 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4100 sp->lcp.echoid, 4, &nmagic); 4101 } 4102 } 4103 splx(s); 4104 NET_UNLOCK(); 4105 timeout_add_sec(&keepalive_ch, 10); 4106 } 4107 4108 /* 4109 * Get both IP addresses. 4110 */ 4111 void 4112 sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, 4113 u_int32_t *srcmask) 4114 { 4115 struct ifnet *ifp = &sp->pp_if; 4116 struct ifaddr *ifa; 4117 struct sockaddr_in *si, *sm = 0; 4118 u_int32_t ssrc, ddst; 4119 4120 sm = NULL; 4121 ssrc = ddst = 0; 4122 /* 4123 * Pick the first AF_INET address from the list, 4124 * aliases don't make any sense on a p2p link anyway. 4125 */ 4126 si = 0; 4127 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4128 { 4129 if (ifa->ifa_addr->sa_family == AF_INET) { 4130 si = (struct sockaddr_in *)ifa->ifa_addr; 4131 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4132 if (si) 4133 break; 4134 } 4135 } 4136 if (ifa) { 4137 if (si && si->sin_addr.s_addr) { 4138 ssrc = si->sin_addr.s_addr; 4139 if (srcmask) 4140 *srcmask = ntohl(sm->sin_addr.s_addr); 4141 } 4142 4143 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4144 if (si && si->sin_addr.s_addr) 4145 ddst = si->sin_addr.s_addr; 4146 } 4147 4148 if (dst) *dst = ntohl(ddst); 4149 if (src) *src = ntohl(ssrc); 4150 } 4151 4152 int 4153 sppp_update_gw_walker(struct rtentry *rt, void *arg, unsigned int id) 4154 { 4155 struct ifnet *ifp = arg; 4156 4157 if (rt->rt_ifidx == ifp->if_index) { 4158 if (rt->rt_ifa->ifa_dstaddr->sa_family != 4159 rt->rt_gateway->sa_family || 4160 !ISSET(rt->rt_flags, RTF_GATEWAY)) 4161 return (0); /* do not modify non-gateway routes */ 4162 rt_setgate(rt, rt->rt_ifa->ifa_dstaddr, ifp->if_rdomain); 4163 } 4164 return (0); 4165 } 4166 4167 void 4168 sppp_update_gw(struct ifnet *ifp) 4169 { 4170 u_int tid; 4171 4172 /* update routing table */ 4173 for (tid = 0; tid <= RT_TABLEID_MAX; tid++) { 4174 rtable_walk(tid, AF_INET, NULL, sppp_update_gw_walker, ifp); 4175 } 4176 } 4177 4178 /* 4179 * Task adding addresses from process context. 4180 * If an address is 0, leave it the way it is. 4181 */ 4182 void 4183 sppp_set_ip_addrs(void *arg1) 4184 { 4185 struct sppp *sp = arg1; 4186 u_int32_t myaddr; 4187 u_int32_t hisaddr; 4188 struct ifnet *ifp = &sp->pp_if; 4189 int debug = ifp->if_flags & IFF_DEBUG; 4190 struct ifaddr *ifa; 4191 struct sockaddr_in *si; 4192 struct sockaddr_in *dest; 4193 4194 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, NULL); 4195 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && 4196 (sp->ipcp.flags & IPCP_MYADDR_SEEN)) 4197 myaddr = sp->ipcp.req_myaddr; 4198 if ((sp->ipcp.flags & IPCP_HISADDR_DYN) && 4199 (sp->ipcp.flags & IPCP_HISADDR_SEEN)) 4200 hisaddr = sp->ipcp.req_hisaddr; 4201 4202 4203 NET_LOCK(); 4204 /* 4205 * Pick the first AF_INET address from the list, 4206 * aliases don't make any sense on a p2p link anyway. 4207 */ 4208 4209 si = 0; 4210 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4211 { 4212 if (ifa->ifa_addr->sa_family == AF_INET) 4213 { 4214 si = (struct sockaddr_in *)ifa->ifa_addr; 4215 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 4216 if (si) 4217 break; 4218 } 4219 } 4220 4221 if (ifa && si) { 4222 int error; 4223 struct sockaddr_in new_sin = *si; 4224 struct sockaddr_in new_dst = *dest; 4225 4226 in_ifscrub(ifp, ifatoia(ifa)); 4227 4228 if (myaddr != 0) 4229 new_sin.sin_addr.s_addr = htonl(myaddr); 4230 if (hisaddr != 0) { 4231 new_dst.sin_addr.s_addr = htonl(hisaddr); 4232 if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) { 4233 sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr; 4234 *dest = new_dst; /* fix dstaddr in place */ 4235 } 4236 } 4237 if (!(error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 0))) 4238 if_addrhooks_run(ifp); 4239 if (debug && error) { 4240 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addrs: in_ifinit " 4241 " failed, error=%d\n", SPP_ARGS(ifp), error); 4242 goto out; 4243 } 4244 sppp_update_gw(ifp); 4245 } 4246 out: 4247 NET_UNLOCK(); 4248 } 4249 4250 /* 4251 * Task clearing addresses from process context. 4252 * Clear IP addresses. 4253 */ 4254 void 4255 sppp_clear_ip_addrs(void *arg1) 4256 { 4257 struct sppp *sp = (struct sppp *)arg1; 4258 struct ifnet *ifp = &sp->pp_if; 4259 int debug = ifp->if_flags & IFF_DEBUG; 4260 struct ifaddr *ifa; 4261 struct sockaddr_in *si; 4262 struct sockaddr_in *dest; 4263 u_int32_t remote; 4264 4265 NET_LOCK(); 4266 4267 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 4268 remote = sp->ipcp.saved_hisaddr; 4269 else 4270 sppp_get_ip_addrs(sp, 0, &remote, 0); 4271 4272 /* 4273 * Pick the first AF_INET address from the list, 4274 * aliases don't make any sense on a p2p link anyway. 4275 */ 4276 4277 si = 0; 4278 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 4279 if (ifa->ifa_addr->sa_family == AF_INET) { 4280 si = (struct sockaddr_in *)ifa->ifa_addr; 4281 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 4282 if (si) 4283 break; 4284 } 4285 } 4286 4287 if (ifa && si) { 4288 int error; 4289 struct sockaddr_in new_sin = *si; 4290 4291 in_ifscrub(ifp, ifatoia(ifa)); 4292 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 4293 new_sin.sin_addr.s_addr = 0; 4294 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 4295 /* replace peer addr in place */ 4296 dest->sin_addr.s_addr = sp->ipcp.saved_hisaddr; 4297 if (!(error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 0))) 4298 if_addrhooks_run(ifp); 4299 if (debug && error) { 4300 log(LOG_DEBUG, SPP_FMT "sppp_clear_ip_addrs: in_ifinit " 4301 " failed, error=%d\n", SPP_ARGS(ifp), error); 4302 goto out; 4303 } 4304 sppp_update_gw(ifp); 4305 } 4306 out: 4307 NET_UNLOCK(); 4308 } 4309 4310 4311 #ifdef INET6 4312 /* 4313 * Get both IPv6 addresses. 4314 */ 4315 void 4316 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4317 struct in6_addr *srcmask) 4318 { 4319 struct ifnet *ifp = &sp->pp_if; 4320 struct in6_ifaddr *ia6; 4321 struct in6_addr ssrc, ddst; 4322 4323 bzero(&ssrc, sizeof(ssrc)); 4324 bzero(&ddst, sizeof(ddst)); 4325 /* 4326 * Pick the first link-local AF_INET6 address from the list, 4327 * aliases don't make any sense on a p2p link anyway. 4328 */ 4329 ia6 = in6ifa_ifpforlinklocal(ifp, 0); 4330 if (ia6) { 4331 if (!IN6_IS_ADDR_UNSPECIFIED(&ia6->ia_addr.sin6_addr)) { 4332 bcopy(&ia6->ia_addr.sin6_addr, &ssrc, sizeof(ssrc)); 4333 if (srcmask) { 4334 bcopy(&ia6->ia_prefixmask.sin6_addr, srcmask, 4335 sizeof(*srcmask)); 4336 } 4337 } 4338 4339 if (!IN6_IS_ADDR_UNSPECIFIED(&ia6->ia_dstaddr.sin6_addr)) 4340 bcopy(&ia6->ia_dstaddr.sin6_addr, &ddst, sizeof(ddst)); 4341 } 4342 4343 if (dst) 4344 bcopy(&ddst, dst, sizeof(*dst)); 4345 if (src) 4346 bcopy(&ssrc, src, sizeof(*src)); 4347 } 4348 4349 /* Task to update my IPv6 address from process context. */ 4350 void 4351 sppp_update_ip6_addr(void *arg) 4352 { 4353 struct sppp *sp = arg; 4354 struct ifnet *ifp = &sp->pp_if; 4355 struct in6_aliasreq *ifra = &sp->ipv6cp.req_ifid; 4356 struct in6_ifaddr *ia6; 4357 int error; 4358 4359 NET_LOCK(); 4360 4361 ia6 = in6ifa_ifpforlinklocal(ifp, 0); 4362 if (ia6 == NULL) { 4363 /* IPv6 disabled? */ 4364 goto out; 4365 } 4366 4367 /* 4368 * Changing the link-local address requires purging all 4369 * existing addresses and routes for the interface first. 4370 */ 4371 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 4372 in6_ifdetach(ifp); 4373 error = in6_ifattach_linklocal(ifp, &ifra->ifra_addr.sin6_addr); 4374 if (error) 4375 log(LOG_ERR, SPP_FMT 4376 "could not update IPv6 address (error %d)\n", 4377 SPP_ARGS(ifp), error); 4378 goto out; 4379 } 4380 4381 /* 4382 * Code below changes address parameters only, not the address itself. 4383 */ 4384 4385 /* Destination address can only be set for /128. */ 4386 if (memcmp(&ia6->ia_prefixmask.sin6_addr, &in6mask128, 4387 sizeof(in6mask128)) != 0) { 4388 ifra->ifra_dstaddr.sin6_len = 0; 4389 ifra->ifra_dstaddr.sin6_family = AF_UNSPEC; 4390 } 4391 4392 ifra->ifra_lifetime = ia6->ia6_lifetime; 4393 4394 error = in6_update_ifa(ifp, ifra, ia6); 4395 if (error) { 4396 log(LOG_ERR, SPP_FMT 4397 "could not update IPv6 address (error %d)\n", 4398 SPP_ARGS(ifp), error); 4399 } 4400 out: 4401 NET_UNLOCK(); 4402 } 4403 4404 /* 4405 * Configure my link-local address. 4406 */ 4407 void 4408 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src, 4409 const struct in6_addr *dst) 4410 { 4411 struct ifnet *ifp = &sp->pp_if; 4412 struct in6_aliasreq *ifra = &sp->ipv6cp.req_ifid; 4413 4414 bzero(ifra, sizeof(*ifra)); 4415 bcopy(ifp->if_xname, ifra->ifra_name, sizeof(ifra->ifra_name)); 4416 4417 ifra->ifra_addr.sin6_len = sizeof(struct sockaddr_in6); 4418 ifra->ifra_addr.sin6_family = AF_INET6; 4419 ifra->ifra_addr.sin6_addr = *src; 4420 if (dst) { 4421 ifra->ifra_dstaddr.sin6_len = sizeof(struct sockaddr_in6); 4422 ifra->ifra_dstaddr.sin6_family = AF_INET6; 4423 ifra->ifra_dstaddr.sin6_addr = *dst; 4424 } else 4425 ifra->ifra_dstaddr.sin6_family = AF_UNSPEC; 4426 4427 /* 4428 * Don't change the existing prefixlen. 4429 * It is common to use a /64 for IPv6 over point-to-point links 4430 * to allow e.g. neighbour discovery and autoconf to work. 4431 * But it is legal to use other values. 4432 */ 4433 ifra->ifra_prefixmask.sin6_family = AF_UNSPEC; 4434 4435 task_add(systq, &sp->ipv6cp.set_addr_task); 4436 } 4437 4438 /* 4439 * Generate an address that differs from our existing address. 4440 */ 4441 void 4442 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 4443 { 4444 struct in6_addr myaddr; 4445 u_int32_t random; 4446 4447 sppp_get_ip6_addrs(sp, &myaddr, NULL, NULL); 4448 4449 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 4450 4451 random = arc4random(); 4452 if ((random & 0xff) == 0 && (random & 0xff00) == 0) { 4453 myaddr.s6_addr[14] ^= 0xff; 4454 myaddr.s6_addr[15] ^= 0xff; 4455 } else { 4456 myaddr.s6_addr[14] ^= (random & 0xff); 4457 myaddr.s6_addr[15] ^= ((random & 0xff00) >> 8); 4458 } 4459 myaddr.s6_addr16[1] = 0; /* KAME hack: clear ifindex */ 4460 bcopy(&myaddr, suggest, sizeof(myaddr)); 4461 } 4462 #endif /*INET6*/ 4463 4464 int 4465 sppp_get_params(struct sppp *sp, struct ifreq *ifr) 4466 { 4467 int cmd; 4468 4469 if (copyin((caddr_t)ifr->ifr_data, &cmd, sizeof cmd) != 0) 4470 return EFAULT; 4471 4472 switch (cmd) { 4473 case SPPPIOGDEFS: 4474 { 4475 struct spppreq *spr; 4476 4477 spr = malloc(sizeof(*spr), M_DEVBUF, M_WAITOK); 4478 spr->cmd = cmd; 4479 spr->phase = sp->pp_phase; 4480 4481 if (copyout(spr, (caddr_t)ifr->ifr_data, sizeof(*spr)) != 0) { 4482 free(spr, M_DEVBUF, sizeof(*spr)); 4483 return EFAULT; 4484 } 4485 free(spr, M_DEVBUF, sizeof(*spr)); 4486 break; 4487 } 4488 case SPPPIOGMAUTH: 4489 case SPPPIOGHAUTH: 4490 { 4491 struct sauthreq *spa; 4492 struct sauth *auth; 4493 4494 spa = malloc(sizeof(*spa), M_DEVBUF, M_WAITOK); 4495 auth = (cmd == SPPPIOGMAUTH) ? &sp->myauth : &sp->hisauth; 4496 bzero(spa, sizeof(*spa)); 4497 spa->proto = auth->proto; 4498 spa->flags = auth->flags; 4499 4500 /* do not copy the secret, and only let root know the name */ 4501 if (auth->name != NULL && suser(curproc) == 0) 4502 strlcpy(spa->name, auth->name, sizeof(spa->name)); 4503 4504 if (copyout(spa, (caddr_t)ifr->ifr_data, sizeof(*spa)) != 0) { 4505 free(spa, M_DEVBUF, sizeof(*spa)); 4506 return EFAULT; 4507 } 4508 free(spa, M_DEVBUF, sizeof(*spa)); 4509 break; 4510 } 4511 default: 4512 return EINVAL; 4513 } 4514 4515 return 0; 4516 } 4517 4518 4519 int 4520 sppp_set_params(struct sppp *sp, struct ifreq *ifr) 4521 { 4522 int cmd; 4523 4524 if (copyin((caddr_t)ifr->ifr_data, &cmd, sizeof cmd) != 0) 4525 return EFAULT; 4526 4527 switch (cmd) { 4528 case SPPPIOSDEFS: 4529 { 4530 struct spppreq *spr; 4531 4532 spr = malloc(sizeof(*spr), M_DEVBUF, M_WAITOK); 4533 4534 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(*spr)) != 0) { 4535 free(spr, M_DEVBUF, sizeof(*spr)); 4536 return EFAULT; 4537 } 4538 /* 4539 * Also, we only allow for authentication parameters to be 4540 * specified. 4541 * 4542 * XXX Should allow to set or clear pp_flags. 4543 */ 4544 free(spr, M_DEVBUF, sizeof(*spr)); 4545 break; 4546 } 4547 case SPPPIOSMAUTH: 4548 case SPPPIOSHAUTH: 4549 { 4550 /* 4551 * Finally, if the respective authentication protocol to 4552 * be used is set differently than 0, but the secret is 4553 * passed as all zeros, we don't trash the existing secret. 4554 * This allows an administrator to change the system name 4555 * only without clobbering the secret (which he didn't get 4556 * back in a previous SPPPIOGXAUTH call). However, the 4557 * secrets are cleared if the authentication protocol is 4558 * reset to 0. 4559 */ 4560 4561 struct sauthreq *spa; 4562 struct sauth *auth; 4563 char *p; 4564 int len; 4565 4566 spa = malloc(sizeof(*spa), M_DEVBUF, M_WAITOK); 4567 4568 auth = (cmd == SPPPIOSMAUTH) ? &sp->myauth : &sp->hisauth; 4569 4570 if (copyin((caddr_t)ifr->ifr_data, spa, sizeof(*spa)) != 0) { 4571 free(spa, M_DEVBUF, sizeof(*spa)); 4572 return EFAULT; 4573 } 4574 4575 if (spa->proto != 0 && spa->proto != PPP_PAP && 4576 spa->proto != PPP_CHAP) { 4577 free(spa, M_DEVBUF, sizeof(*spa)); 4578 return EINVAL; 4579 } 4580 4581 if (spa->proto == 0) { 4582 /* resetting auth */ 4583 if (auth->name != NULL) 4584 free(auth->name, M_DEVBUF, 4585 strlen(auth->name) + 1); 4586 if (auth->secret != NULL) 4587 free(auth->secret, M_DEVBUF, 4588 strlen(auth->secret) + 1); 4589 bzero(auth, sizeof *auth); 4590 explicit_bzero(sp->chap_challenge, sizeof sp->chap_challenge); 4591 } else { 4592 /* setting/changing auth */ 4593 auth->proto = spa->proto; 4594 auth->flags = spa->flags; 4595 4596 spa->name[AUTHMAXLEN - 1] = '\0'; 4597 len = strlen(spa->name) + 1; 4598 p = malloc(len, M_DEVBUF, M_WAITOK); 4599 strlcpy(p, spa->name, len); 4600 if (auth->name != NULL) 4601 free(auth->name, M_DEVBUF, 4602 strlen(auth->name) + 1); 4603 auth->name = p; 4604 4605 if (spa->secret[0] != '\0') { 4606 spa->secret[AUTHMAXLEN - 1] = '\0'; 4607 len = strlen(spa->secret) + 1; 4608 p = malloc(len, M_DEVBUF, M_WAITOK); 4609 strlcpy(p, spa->secret, len); 4610 if (auth->secret != NULL) 4611 free(auth->secret, M_DEVBUF, 4612 strlen(auth->secret) + 1); 4613 auth->secret = p; 4614 } else if (!auth->secret) { 4615 p = malloc(1, M_DEVBUF, M_WAITOK); 4616 p[0] = '\0'; 4617 auth->secret = p; 4618 } 4619 } 4620 free(spa, M_DEVBUF, sizeof(*spa)); 4621 break; 4622 } 4623 default: 4624 return EINVAL; 4625 } 4626 4627 return (ENETRESET); 4628 } 4629 4630 void 4631 sppp_phase_network(struct sppp *sp) 4632 { 4633 int i; 4634 u_long mask; 4635 4636 sp->pp_phase = PHASE_NETWORK; 4637 4638 sppp_set_phase(sp); 4639 4640 /* Notify NCPs now. */ 4641 for (i = 0; i < IDX_COUNT; i++) 4642 if ((cps[i])->flags & CP_NCP) 4643 (cps[i])->Open(sp); 4644 4645 /* Send Up events to all NCPs. */ 4646 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 4647 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP)) 4648 (cps[i])->Up(sp); 4649 4650 /* if no NCP is starting, all this was in vain, close down */ 4651 sppp_lcp_check_and_close(sp); 4652 } 4653 4654 4655 const char * 4656 sppp_cp_type_name(u_char type) 4657 { 4658 static char buf[12]; 4659 switch (type) { 4660 case CONF_REQ: return "conf-req"; 4661 case CONF_ACK: return "conf-ack"; 4662 case CONF_NAK: return "conf-nak"; 4663 case CONF_REJ: return "conf-rej"; 4664 case TERM_REQ: return "term-req"; 4665 case TERM_ACK: return "term-ack"; 4666 case CODE_REJ: return "code-rej"; 4667 case PROTO_REJ: return "proto-rej"; 4668 case ECHO_REQ: return "echo-req"; 4669 case ECHO_REPLY: return "echo-reply"; 4670 case DISC_REQ: return "discard-req"; 4671 } 4672 snprintf (buf, sizeof buf, "0x%x", type); 4673 return buf; 4674 } 4675 4676 const char * 4677 sppp_auth_type_name(u_short proto, u_char type) 4678 { 4679 static char buf[12]; 4680 switch (proto) { 4681 case PPP_CHAP: 4682 switch (type) { 4683 case CHAP_CHALLENGE: return "challenge"; 4684 case CHAP_RESPONSE: return "response"; 4685 case CHAP_SUCCESS: return "success"; 4686 case CHAP_FAILURE: return "failure"; 4687 } 4688 case PPP_PAP: 4689 switch (type) { 4690 case PAP_REQ: return "req"; 4691 case PAP_ACK: return "ack"; 4692 case PAP_NAK: return "nak"; 4693 } 4694 } 4695 snprintf (buf, sizeof buf, "0x%x", type); 4696 return buf; 4697 } 4698 4699 const char * 4700 sppp_lcp_opt_name(u_char opt) 4701 { 4702 static char buf[12]; 4703 switch (opt) { 4704 case LCP_OPT_MRU: return "mru"; 4705 case LCP_OPT_ASYNC_MAP: return "async-map"; 4706 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 4707 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 4708 case LCP_OPT_MAGIC: return "magic"; 4709 case LCP_OPT_PROTO_COMP: return "proto-comp"; 4710 case LCP_OPT_ADDR_COMP: return "addr-comp"; 4711 } 4712 snprintf (buf, sizeof buf, "0x%x", opt); 4713 return buf; 4714 } 4715 4716 const char * 4717 sppp_ipcp_opt_name(u_char opt) 4718 { 4719 static char buf[12]; 4720 switch (opt) { 4721 case IPCP_OPT_ADDRESSES: return "addresses"; 4722 case IPCP_OPT_COMPRESSION: return "compression"; 4723 case IPCP_OPT_ADDRESS: return "address"; 4724 } 4725 snprintf (buf, sizeof buf, "0x%x", opt); 4726 return buf; 4727 } 4728 4729 #ifdef INET6 4730 const char * 4731 sppp_ipv6cp_opt_name(u_char opt) 4732 { 4733 static char buf[12]; 4734 switch (opt) { 4735 case IPV6CP_OPT_IFID: return "ifid"; 4736 case IPV6CP_OPT_COMPRESSION: return "compression"; 4737 } 4738 snprintf (buf, sizeof buf, "0x%x", opt); 4739 return buf; 4740 } 4741 #endif 4742 4743 const char * 4744 sppp_state_name(int state) 4745 { 4746 switch (state) { 4747 case STATE_INITIAL: return "initial"; 4748 case STATE_STARTING: return "starting"; 4749 case STATE_CLOSED: return "closed"; 4750 case STATE_STOPPED: return "stopped"; 4751 case STATE_CLOSING: return "closing"; 4752 case STATE_STOPPING: return "stopping"; 4753 case STATE_REQ_SENT: return "req-sent"; 4754 case STATE_ACK_RCVD: return "ack-rcvd"; 4755 case STATE_ACK_SENT: return "ack-sent"; 4756 case STATE_OPENED: return "opened"; 4757 } 4758 return "illegal"; 4759 } 4760 4761 const char * 4762 sppp_phase_name(enum ppp_phase phase) 4763 { 4764 switch (phase) { 4765 case PHASE_DEAD: return "dead"; 4766 case PHASE_ESTABLISH: return "establish"; 4767 case PHASE_TERMINATE: return "terminate"; 4768 case PHASE_AUTHENTICATE: return "authenticate"; 4769 case PHASE_NETWORK: return "network"; 4770 } 4771 return "illegal"; 4772 } 4773 4774 const char * 4775 sppp_proto_name(u_short proto) 4776 { 4777 static char buf[12]; 4778 switch (proto) { 4779 case PPP_LCP: return "lcp"; 4780 case PPP_IPCP: return "ipcp"; 4781 case PPP_IPV6CP: return "ipv6cp"; 4782 case PPP_PAP: return "pap"; 4783 case PPP_CHAP: return "chap"; 4784 } 4785 snprintf(buf, sizeof buf, "0x%x", (unsigned)proto); 4786 return buf; 4787 } 4788 4789 void 4790 sppp_print_bytes(const u_char *p, u_short len) 4791 { 4792 addlog(" %02x", *p++); 4793 while (--len > 0) 4794 addlog("-%02x", *p++); 4795 } 4796 4797 void 4798 sppp_print_string(const char *p, u_short len) 4799 { 4800 u_char c; 4801 4802 while (len-- > 0) { 4803 c = *p++; 4804 /* 4805 * Print only ASCII chars directly. RFC 1994 recommends 4806 * using only them, but we don't rely on it. */ 4807 if (c < ' ' || c > '~') 4808 addlog("\\x%x", c); 4809 else 4810 addlog("%c", c); 4811 } 4812 } 4813 4814 const char * 4815 sppp_dotted_quad(u_int32_t addr) 4816 { 4817 static char s[16]; 4818 snprintf(s, sizeof s, "%d.%d.%d.%d", 4819 (int)((addr >> 24) & 0xff), 4820 (int)((addr >> 16) & 0xff), 4821 (int)((addr >> 8) & 0xff), 4822 (int)(addr & 0xff)); 4823 return s; 4824 } 4825 4826 /* a dummy, used to drop uninteresting events */ 4827 void 4828 sppp_null(struct sppp *unused) 4829 { 4830 /* do just nothing */ 4831 } 4832 4833 void 4834 sppp_set_phase(struct sppp *sp) 4835 { 4836 STDDCL; 4837 int lstate; 4838 4839 if (debug) 4840 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 4841 sppp_phase_name(sp->pp_phase)); 4842 4843 /* set link state */ 4844 if (sp->pp_phase == PHASE_NETWORK) 4845 lstate = LINK_STATE_UP; 4846 else 4847 lstate = LINK_STATE_DOWN; 4848 4849 if (ifp->if_link_state != lstate) { 4850 ifp->if_link_state = lstate; 4851 if_link_state_change(ifp); 4852 } 4853 } 4854