1 /* 2 * Synchronous PPP/Cisco link level subroutines. 3 * Keepalive protocol implemented in both Cisco and PPP modes. 4 * 5 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 6 * Author: Serge Vakulenko, <vak@cronyx.ru> 7 * 8 * Heavily revamped to conform to RFC 1661. 9 * Copyright (C) 1997, 2001 Joerg Wunsch. 10 * 11 * This software is distributed with NO WARRANTIES, not even the implied 12 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 13 * 14 * Authors grant any other persons or organisations permission to use 15 * or modify this software as long as this message is kept with the software, 16 * all derivative works or modified versions. 17 * 18 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 19 * 20 * $FreeBSD: src/sys/net/if_spppsubr.c,v 1.59.2.13 2002/07/03 15:44:41 joerg Exp $ 21 * $DragonFly: src/sys/net/sppp/if_spppsubr.c,v 1.18 2004/09/16 14:56:32 joerg Exp $ 22 */ 23 24 #include <sys/param.h> 25 26 #if defined(__DragonFly__) 27 #include "opt_inet.h" 28 #include "opt_inet6.h" 29 #include "opt_ipx.h" 30 #endif 31 32 #ifdef NetBSD1_3 33 # if NetBSD1_3 > 6 34 # include "opt_inet.h" 35 # include "opt_inet6.h" 36 # include "opt_iso.h" 37 # endif 38 #endif 39 40 #include <sys/systm.h> 41 #include <sys/kernel.h> 42 #include <sys/module.h> 43 #include <sys/sockio.h> 44 #include <sys/socket.h> 45 #include <sys/syslog.h> 46 #if defined(__DragonFly__) 47 #include <sys/random.h> 48 #endif 49 #include <sys/malloc.h> 50 #include <sys/mbuf.h> 51 52 #if defined (__OpenBSD__) 53 #include <sys/md5k.h> 54 #else 55 #include <sys/md5.h> 56 #endif 57 58 #include <net/if.h> 59 #include <net/netisr.h> 60 #include <net/if_types.h> 61 #include <net/route.h> 62 #include <netinet/in.h> 63 #include <netinet/in_systm.h> 64 #include <netinet/ip.h> 65 #include <net/slcompress.h> 66 67 #if defined (__NetBSD__) || defined (__OpenBSD__) 68 #include <machine/cpu.h> /* XXX for softnet */ 69 #endif 70 71 #include <machine/stdarg.h> 72 73 #include <netinet/in.h> 74 #include <netinet/in_systm.h> 75 #include <netinet/in_var.h> 76 77 #ifdef INET 78 #include <netinet/ip.h> 79 #include <netinet/tcp.h> 80 #endif 81 82 #if defined (__DragonFly__) || defined (__OpenBSD__) 83 # include <netinet/if_ether.h> 84 #else 85 # include <net/ethertypes.h> 86 #endif 87 88 #ifdef IPX 89 #include <netproto/ipx/ipx.h> 90 #include <netproto/ipx/ipx_if.h> 91 #endif 92 93 #ifdef NS 94 #include <netns/ns.h> 95 #include <netns/ns_if.h> 96 #endif 97 98 #include "if_sppp.h" 99 100 #define IOCTL_CMD_T u_long 101 #define MAXALIVECNT 3 /* max. alive packets */ 102 103 /* 104 * Interface flags that can be set in an ifconfig command. 105 * 106 * Setting link0 will make the link passive, i.e. it will be marked 107 * as being administrative openable, but won't be opened to begin 108 * with. Incoming calls will be answered, or subsequent calls with 109 * -link1 will cause the administrative open of the LCP layer. 110 * 111 * Setting link1 will cause the link to auto-dial only as packets 112 * arrive to be sent. 113 * 114 * Setting IFF_DEBUG will syslog the option negotiation and state 115 * transitions at level kern.debug. Note: all logs consistently look 116 * like 117 * 118 * <if-name><unit>: <proto-name> <additional info...> 119 * 120 * with <if-name><unit> being something like "bppp0", and <proto-name> 121 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 122 */ 123 124 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 125 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 126 #define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 127 128 #define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 129 #define PPP_UI 0x03 /* Unnumbered Information */ 130 #define PPP_IP 0x0021 /* Internet Protocol */ 131 #define PPP_ISO 0x0023 /* ISO OSI Protocol */ 132 #define PPP_XNS 0x0025 /* Xerox NS Protocol */ 133 #define PPP_IPX 0x002b /* Novell IPX Protocol */ 134 #define PPP_VJ_COMP 0x002d /* VJ compressed TCP/IP */ 135 #define PPP_VJ_UCOMP 0x002f /* VJ uncompressed TCP/IP */ 136 #define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */ 137 #define PPP_LCP 0xc021 /* Link Control Protocol */ 138 #define PPP_PAP 0xc023 /* Password Authentication Protocol */ 139 #define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 140 #define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 141 #define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 142 143 #define CONF_REQ 1 /* PPP configure request */ 144 #define CONF_ACK 2 /* PPP configure acknowledge */ 145 #define CONF_NAK 3 /* PPP configure negative ack */ 146 #define CONF_REJ 4 /* PPP configure reject */ 147 #define TERM_REQ 5 /* PPP terminate request */ 148 #define TERM_ACK 6 /* PPP terminate acknowledge */ 149 #define CODE_REJ 7 /* PPP code reject */ 150 #define PROTO_REJ 8 /* PPP protocol reject */ 151 #define ECHO_REQ 9 /* PPP echo request */ 152 #define ECHO_REPLY 10 /* PPP echo reply */ 153 #define DISC_REQ 11 /* PPP discard request */ 154 155 #define LCP_OPT_MRU 1 /* maximum receive unit */ 156 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 157 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 158 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 159 #define LCP_OPT_MAGIC 5 /* magic number */ 160 #define LCP_OPT_RESERVED 6 /* reserved */ 161 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 162 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 163 164 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 165 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 166 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 167 168 #define IPV6CP_OPT_IFID 1 /* interface identifier */ 169 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 170 171 #define IPCP_COMP_VJ 0x2d /* Code for VJ compression */ 172 173 #define PAP_REQ 1 /* PAP name/password request */ 174 #define PAP_ACK 2 /* PAP acknowledge */ 175 #define PAP_NAK 3 /* PAP fail */ 176 177 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 178 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 179 #define CHAP_SUCCESS 3 /* CHAP response ok */ 180 #define CHAP_FAILURE 4 /* CHAP response failed */ 181 182 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 183 184 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 185 #define CISCO_UNICAST 0x0f /* Cisco unicast address */ 186 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 187 #define CISCO_ADDR_REQ 0 /* Cisco address request */ 188 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 189 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 190 191 /* states are named and numbered according to RFC 1661 */ 192 #define STATE_INITIAL 0 193 #define STATE_STARTING 1 194 #define STATE_CLOSED 2 195 #define STATE_STOPPED 3 196 #define STATE_CLOSING 4 197 #define STATE_STOPPING 5 198 #define STATE_REQ_SENT 6 199 #define STATE_ACK_RCVD 7 200 #define STATE_ACK_SENT 8 201 #define STATE_OPENED 9 202 203 struct ppp_header { 204 u_char address; 205 u_char control; 206 u_short protocol; 207 } __attribute__((__packed__)); 208 #define PPP_HEADER_LEN sizeof (struct ppp_header) 209 210 struct lcp_header { 211 u_char type; 212 u_char ident; 213 u_short len; 214 } __attribute__((__packed__)); 215 #define LCP_HEADER_LEN sizeof (struct lcp_header) 216 217 struct cisco_packet { 218 u_long type; 219 u_long par1; 220 u_long par2; 221 u_short rel; 222 u_short time0; 223 u_short time1; 224 } __attribute__((__packed__)); 225 #define CISCO_PACKET_LEN sizeof (struct cisco_packet) 226 227 /* 228 * We follow the spelling and capitalization of RFC 1661 here, to make 229 * it easier comparing with the standard. Please refer to this RFC in 230 * case you can't make sense out of these abbreviation; it will also 231 * explain the semantics related to the various events and actions. 232 */ 233 struct cp { 234 u_short proto; /* PPP control protocol number */ 235 u_char protoidx; /* index into state table in struct sppp */ 236 u_char flags; 237 #define CP_LCP 0x01 /* this is the LCP */ 238 #define CP_AUTH 0x02 /* this is an authentication protocol */ 239 #define CP_NCP 0x04 /* this is a NCP */ 240 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 241 const char *name; /* name of this control protocol */ 242 /* event handlers */ 243 void (*Up)(struct sppp *sp); 244 void (*Down)(struct sppp *sp); 245 void (*Open)(struct sppp *sp); 246 void (*Close)(struct sppp *sp); 247 void (*TO)(void *sp); 248 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 249 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 250 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 251 /* actions */ 252 void (*tlu)(struct sppp *sp); 253 void (*tld)(struct sppp *sp); 254 void (*tls)(struct sppp *sp); 255 void (*tlf)(struct sppp *sp); 256 void (*scr)(struct sppp *sp); 257 }; 258 259 static struct sppp *spppq; 260 #if defined(__DragonFly__) 261 static struct callout keepalive_timeout; 262 #endif 263 264 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 && !defined(__DragonFly__) 265 #define SPP_FMT "%s%d: " 266 #define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 267 #else 268 #define SPP_FMT "%s: " 269 #define SPP_ARGS(ifp) (ifp)->if_xname 270 #endif 271 272 #ifdef INET 273 /* 274 * The following disgusting hack gets around the problem that IP TOS 275 * can't be set yet. We want to put "interactive" traffic on a high 276 * priority queue. To decide if traffic is interactive, we check that 277 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 278 * 279 * XXX is this really still necessary? - joerg - 280 */ 281 static u_short interactive_ports[8] = { 282 0, 513, 0, 0, 283 0, 21, 0, 23, 284 }; 285 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 286 #endif 287 288 /* almost every function needs these */ 289 #define STDDCL \ 290 struct ifnet *ifp = &sp->pp_if; \ 291 int debug = ifp->if_flags & IFF_DEBUG 292 293 static int sppp_output(struct ifnet *ifp, struct mbuf *m, 294 struct sockaddr *dst, struct rtentry *rt); 295 296 static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 297 static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 298 299 static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 300 struct mbuf *m); 301 static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 302 u_char ident, u_short len, void *data); 303 /* static void sppp_cp_timeout(void *arg); */ 304 static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 305 int newstate); 306 static void sppp_auth_send(const struct cp *cp, 307 struct sppp *sp, unsigned int type, unsigned int id, 308 ...); 309 310 static void sppp_up_event(const struct cp *cp, struct sppp *sp); 311 static void sppp_down_event(const struct cp *cp, struct sppp *sp); 312 static void sppp_open_event(const struct cp *cp, struct sppp *sp); 313 static void sppp_close_event(const struct cp *cp, struct sppp *sp); 314 static void sppp_to_event(const struct cp *cp, struct sppp *sp); 315 316 static void sppp_null(struct sppp *sp); 317 318 static void sppp_lcp_init(struct sppp *sp); 319 static void sppp_lcp_up(struct sppp *sp); 320 static void sppp_lcp_down(struct sppp *sp); 321 static void sppp_lcp_open(struct sppp *sp); 322 static void sppp_lcp_close(struct sppp *sp); 323 static void sppp_lcp_TO(void *sp); 324 static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 325 static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 326 static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 327 static void sppp_lcp_tlu(struct sppp *sp); 328 static void sppp_lcp_tld(struct sppp *sp); 329 static void sppp_lcp_tls(struct sppp *sp); 330 static void sppp_lcp_tlf(struct sppp *sp); 331 static void sppp_lcp_scr(struct sppp *sp); 332 static void sppp_lcp_check_and_close(struct sppp *sp); 333 static int sppp_ncp_check(struct sppp *sp); 334 335 static void sppp_ipcp_init(struct sppp *sp); 336 static void sppp_ipcp_up(struct sppp *sp); 337 static void sppp_ipcp_down(struct sppp *sp); 338 static void sppp_ipcp_open(struct sppp *sp); 339 static void sppp_ipcp_close(struct sppp *sp); 340 static void sppp_ipcp_TO(void *sp); 341 static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 342 static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 343 static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 344 static void sppp_ipcp_tlu(struct sppp *sp); 345 static void sppp_ipcp_tld(struct sppp *sp); 346 static void sppp_ipcp_tls(struct sppp *sp); 347 static void sppp_ipcp_tlf(struct sppp *sp); 348 static void sppp_ipcp_scr(struct sppp *sp); 349 350 static void sppp_ipv6cp_init(struct sppp *sp); 351 static void sppp_ipv6cp_up(struct sppp *sp); 352 static void sppp_ipv6cp_down(struct sppp *sp); 353 static void sppp_ipv6cp_open(struct sppp *sp); 354 static void sppp_ipv6cp_close(struct sppp *sp); 355 static void sppp_ipv6cp_TO(void *sp); 356 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 357 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 358 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 359 static void sppp_ipv6cp_tlu(struct sppp *sp); 360 static void sppp_ipv6cp_tld(struct sppp *sp); 361 static void sppp_ipv6cp_tls(struct sppp *sp); 362 static void sppp_ipv6cp_tlf(struct sppp *sp); 363 static void sppp_ipv6cp_scr(struct sppp *sp); 364 365 static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 366 static void sppp_pap_init(struct sppp *sp); 367 static void sppp_pap_open(struct sppp *sp); 368 static void sppp_pap_close(struct sppp *sp); 369 static void sppp_pap_TO(void *sp); 370 static void sppp_pap_my_TO(void *sp); 371 static void sppp_pap_tlu(struct sppp *sp); 372 static void sppp_pap_tld(struct sppp *sp); 373 static void sppp_pap_scr(struct sppp *sp); 374 375 static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 376 static void sppp_chap_init(struct sppp *sp); 377 static void sppp_chap_open(struct sppp *sp); 378 static void sppp_chap_close(struct sppp *sp); 379 static void sppp_chap_TO(void *sp); 380 static void sppp_chap_tlu(struct sppp *sp); 381 static void sppp_chap_tld(struct sppp *sp); 382 static void sppp_chap_scr(struct sppp *sp); 383 384 static const char *sppp_auth_type_name(u_short proto, u_char type); 385 static const char *sppp_cp_type_name(u_char type); 386 static const char *sppp_dotted_quad(u_long addr); 387 static const char *sppp_ipcp_opt_name(u_char opt); 388 #ifdef INET6 389 static const char *sppp_ipv6cp_opt_name(u_char opt); 390 #endif 391 static const char *sppp_lcp_opt_name(u_char opt); 392 static const char *sppp_phase_name(enum ppp_phase phase); 393 static const char *sppp_proto_name(u_short proto); 394 static const char *sppp_state_name(int state); 395 static int sppp_params(struct sppp *sp, u_long cmd, void *data); 396 static int sppp_strnlen(u_char *p, int max); 397 static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 398 u_long *srcmask); 399 static void sppp_keepalive(void *dummy); 400 static void sppp_phase_network(struct sppp *sp); 401 static void sppp_print_bytes(const u_char *p, u_short len); 402 static void sppp_print_string(const char *p, u_short len); 403 static void sppp_qflush(struct ifqueue *ifq); 404 static void sppp_set_ip_addr(struct sppp *sp, u_long src); 405 #ifdef INET6 406 static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 407 struct in6_addr *dst, struct in6_addr *srcmask); 408 #ifdef IPV6CP_MYIFID_DYN 409 static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 410 static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 411 #endif 412 static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 413 #endif 414 415 /* our control protocol descriptors */ 416 static const struct cp lcp = { 417 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 418 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 419 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 420 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 421 sppp_lcp_scr 422 }; 423 424 static const struct cp ipcp = { 425 PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp", 426 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 427 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 428 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 429 sppp_ipcp_scr 430 }; 431 432 static const struct cp ipv6cp = { 433 PPP_IPV6CP, IDX_IPV6CP, 434 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 435 CP_NCP, 436 #else 437 0, 438 #endif 439 "ipv6cp", 440 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 441 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 442 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 443 sppp_ipv6cp_scr 444 }; 445 446 static const struct cp pap = { 447 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 448 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 449 sppp_pap_TO, 0, 0, 0, 450 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 451 sppp_pap_scr 452 }; 453 454 static const struct cp chap = { 455 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 456 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 457 sppp_chap_TO, 0, 0, 0, 458 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 459 sppp_chap_scr 460 }; 461 462 static const struct cp *cps[IDX_COUNT] = { 463 &lcp, /* IDX_LCP */ 464 &ipcp, /* IDX_IPCP */ 465 &ipv6cp, /* IDX_IPV6CP */ 466 &pap, /* IDX_PAP */ 467 &chap, /* IDX_CHAP */ 468 }; 469 470 static int 471 sppp_modevent(module_t mod, int type, void *unused) 472 { 473 switch (type) { 474 case MOD_LOAD: 475 break; 476 case MOD_UNLOAD: 477 return EACCES; 478 break; 479 default: 480 break; 481 } 482 return 0; 483 } 484 static moduledata_t spppmod = { 485 "sppp", 486 sppp_modevent, 487 0 488 }; 489 MODULE_VERSION(sppp, 1); 490 DECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY); 491 492 /* 493 * Exported functions, comprising our interface to the lower layer. 494 */ 495 496 /* 497 * Process the received packet. 498 */ 499 void 500 sppp_input(struct ifnet *ifp, struct mbuf *m) 501 { 502 struct ppp_header *h; 503 int isr = -1; 504 struct sppp *sp = (struct sppp *)ifp; 505 u_char *iphdr; 506 int hlen, vjlen, do_account = 0; 507 int debug = ifp->if_flags & IFF_DEBUG; 508 509 if (ifp->if_flags & IFF_UP) 510 /* Count received bytes, add FCS and one flag */ 511 ifp->if_ibytes += m->m_pkthdr.len + 3; 512 513 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 514 /* Too small packet, drop it. */ 515 if (debug) 516 log(LOG_DEBUG, 517 SPP_FMT "input packet is too small, %d bytes\n", 518 SPP_ARGS(ifp), m->m_pkthdr.len); 519 drop: 520 m_freem (m); 521 drop2: 522 ++ifp->if_ierrors; 523 ++ifp->if_iqdrops; 524 return; 525 } 526 527 /* Get PPP header. */ 528 h = mtod (m, struct ppp_header*); 529 m_adj (m, PPP_HEADER_LEN); 530 531 switch (h->address) { 532 case PPP_ALLSTATIONS: 533 if (h->control != PPP_UI) 534 goto invalid; 535 if (sp->pp_mode == IFF_CISCO) { 536 if (debug) 537 log(LOG_DEBUG, 538 SPP_FMT "PPP packet in Cisco mode " 539 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 540 SPP_ARGS(ifp), 541 h->address, h->control, ntohs(h->protocol)); 542 goto drop; 543 } 544 switch (ntohs (h->protocol)) { 545 default: 546 if (debug) 547 log(LOG_DEBUG, 548 SPP_FMT "rejecting protocol " 549 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 550 SPP_ARGS(ifp), 551 h->address, h->control, ntohs(h->protocol)); 552 if (sp->state[IDX_LCP] == STATE_OPENED) 553 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 554 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 555 &h->protocol); 556 ++ifp->if_noproto; 557 goto drop; 558 case PPP_LCP: 559 sppp_cp_input(&lcp, sp, m); 560 m_freem (m); 561 return; 562 case PPP_PAP: 563 if (sp->pp_phase >= PHASE_AUTHENTICATE) 564 sppp_pap_input(sp, m); 565 m_freem (m); 566 return; 567 case PPP_CHAP: 568 if (sp->pp_phase >= PHASE_AUTHENTICATE) 569 sppp_chap_input(sp, m); 570 m_freem (m); 571 return; 572 #ifdef INET 573 case PPP_IPCP: 574 if (sp->pp_phase == PHASE_NETWORK) 575 sppp_cp_input(&ipcp, sp, m); 576 m_freem (m); 577 return; 578 case PPP_IP: 579 if (sp->state[IDX_IPCP] == STATE_OPENED) { 580 isr = NETISR_IP; 581 } 582 do_account++; 583 break; 584 case PPP_VJ_COMP: 585 if (sp->state[IDX_IPCP] == STATE_OPENED) { 586 if ((vjlen = 587 sl_uncompress_tcp_core(mtod(m, u_char *), 588 m->m_len, m->m_len, 589 TYPE_COMPRESSED_TCP, 590 sp->pp_comp, 591 &iphdr, &hlen)) <= 0) { 592 if (debug) 593 log(LOG_INFO, 594 SPP_FMT "VJ uncompress failed on compressed packet\n", 595 SPP_ARGS(ifp)); 596 goto drop; 597 } 598 599 /* 600 * Trim the VJ header off the packet, and prepend 601 * the uncompressed IP header (which will usually 602 * end up in two chained mbufs since there's not 603 * enough leading space in the existing mbuf). 604 */ 605 m_adj(m, vjlen); 606 M_PREPEND(m, hlen, MB_DONTWAIT); 607 if (m == NULL) 608 goto drop2; 609 bcopy(iphdr, mtod(m, u_char *), hlen); 610 611 isr = NETISR_IP; 612 } 613 do_account++; 614 break; 615 case PPP_VJ_UCOMP: 616 if (sp->state[IDX_IPCP] == STATE_OPENED) { 617 if (sl_uncompress_tcp_core(mtod(m, u_char *), 618 m->m_len, m->m_len, 619 TYPE_UNCOMPRESSED_TCP, 620 sp->pp_comp, 621 &iphdr, &hlen) != 0) { 622 if (debug) 623 log(LOG_INFO, 624 SPP_FMT "VJ uncompress failed on uncompressed packet\n", 625 SPP_ARGS(ifp)); 626 goto drop; 627 } 628 isr = NETISR_IP; 629 } 630 do_account++; 631 break; 632 #endif 633 #ifdef INET6 634 case PPP_IPV6CP: 635 if (sp->pp_phase == PHASE_NETWORK) 636 sppp_cp_input(&ipv6cp, sp, m); 637 m_freem (m); 638 return; 639 640 case PPP_IPV6: 641 if (sp->state[IDX_IPV6CP] == STATE_OPENED) { 642 isr = NETISR_IPV6; 643 } 644 do_account++; 645 break; 646 #endif 647 #ifdef IPX 648 case PPP_IPX: 649 /* IPX IPXCP not implemented yet */ 650 if (sp->pp_phase == PHASE_NETWORK) { 651 isr = NETISR_IPX; 652 } 653 do_account++; 654 break; 655 #endif 656 #ifdef NS 657 case PPP_XNS: 658 /* XNS IDPCP not implemented yet */ 659 if (sp->pp_phase == PHASE_NETWORK) { 660 isr = NETISR_NS; 661 } 662 do_account++; 663 break; 664 #endif 665 } 666 break; 667 case CISCO_MULTICAST: 668 case CISCO_UNICAST: 669 /* Don't check the control field here (RFC 1547). */ 670 if (sp->pp_mode != IFF_CISCO) { 671 if (debug) 672 log(LOG_DEBUG, 673 SPP_FMT "Cisco packet in PPP mode " 674 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 675 SPP_ARGS(ifp), 676 h->address, h->control, ntohs(h->protocol)); 677 goto drop; 678 } 679 switch (ntohs (h->protocol)) { 680 default: 681 ++ifp->if_noproto; 682 goto invalid; 683 case CISCO_KEEPALIVE: 684 sppp_cisco_input ((struct sppp*) ifp, m); 685 m_freem (m); 686 return; 687 #ifdef INET 688 case ETHERTYPE_IP: 689 isr = NETISR_IP; 690 do_account++; 691 break; 692 #endif 693 #ifdef INET6 694 case ETHERTYPE_IPV6: 695 isr = NETISR_IPV6; 696 do_account++; 697 break; 698 #endif 699 #ifdef IPX 700 case ETHERTYPE_IPX: 701 isr = NETISR_IPX; 702 do_account++; 703 break; 704 #endif 705 #ifdef NS 706 case ETHERTYPE_NS: 707 isr = NETISR_NS 708 do_account++; 709 break; 710 #endif 711 } 712 break; 713 default: /* Invalid PPP packet. */ 714 invalid: 715 if (debug) 716 log(LOG_DEBUG, 717 SPP_FMT "invalid input packet " 718 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 719 SPP_ARGS(ifp), 720 h->address, h->control, ntohs(h->protocol)); 721 goto drop; 722 } 723 724 if (! (ifp->if_flags & IFF_UP) || isr < 0) 725 goto drop; 726 727 /* Check queue. */ 728 729 netisr_dispatch(isr, m); 730 if (do_account) 731 /* 732 * Do only account for network packets, not for control 733 * packets. This is used by some subsystems to detect 734 * idle lines. 735 */ 736 sp->pp_last_recv = time_second; 737 } 738 739 /* 740 * Enqueue transmit packet. 741 */ 742 static int 743 sppp_output(struct ifnet *ifp, struct mbuf *m, 744 struct sockaddr *dst, struct rtentry *rt) 745 { 746 struct sppp *sp = (struct sppp*) ifp; 747 struct ppp_header *h; 748 struct ifqueue *ifq = NULL; 749 int s, rv = 0; 750 int ipproto = PPP_IP; 751 int debug = ifp->if_flags & IFF_DEBUG; 752 753 s = splimp(); 754 755 if ((ifp->if_flags & IFF_UP) == 0 || 756 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 757 #ifdef INET6 758 drop: 759 #endif 760 m_freem (m); 761 splx (s); 762 return (ENETDOWN); 763 } 764 765 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 766 #ifdef INET6 767 /* 768 * XXX 769 * 770 * Hack to prevent the initialization-time generated 771 * IPv6 multicast packet to erroneously cause a 772 * dialout event in case IPv6 has been 773 * administratively disabled on that interface. 774 */ 775 if (dst->sa_family == AF_INET6 && 776 !(sp->confflags & CONF_ENABLE_IPV6)) 777 goto drop; 778 #endif 779 /* 780 * Interface is not yet running, but auto-dial. Need 781 * to start LCP for it. 782 */ 783 ifp->if_flags |= IFF_RUNNING; 784 splx(s); 785 lcp.Open(sp); 786 s = splimp(); 787 } 788 789 ifq = &ifp->if_snd; 790 #ifdef INET 791 if (dst->sa_family == AF_INET) { 792 /* XXX Check mbuf length here? */ 793 struct ip *ip = mtod (m, struct ip*); 794 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 795 796 /* 797 * When using dynamic local IP address assignment by using 798 * 0.0.0.0 as a local address, the first TCP session will 799 * not connect because the local TCP checksum is computed 800 * using 0.0.0.0 which will later become our real IP address 801 * so the TCP checksum computed at the remote end will 802 * become invalid. So we 803 * - don't let packets with src ip addr 0 thru 804 * - we flag TCP packets with src ip 0 as an error 805 */ 806 807 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 808 { 809 m_freem(m); 810 splx(s); 811 if(ip->ip_p == IPPROTO_TCP) 812 return(EADDRNOTAVAIL); 813 else 814 return(0); 815 } 816 817 /* 818 * Put low delay, telnet, rlogin and ftp control packets 819 * in front of the queue. 820 */ 821 if (IF_QFULL (&sp->pp_fastq)) 822 ; 823 else if (ip->ip_tos & IPTOS_LOWDELAY) 824 ifq = &sp->pp_fastq; 825 else if (m->m_len < sizeof *ip + sizeof *tcp) 826 ; 827 else if (ip->ip_p != IPPROTO_TCP) 828 ; 829 else if (INTERACTIVE (ntohs (tcp->th_sport))) 830 ifq = &sp->pp_fastq; 831 else if (INTERACTIVE (ntohs (tcp->th_dport))) 832 ifq = &sp->pp_fastq; 833 834 /* 835 * Do IP Header compression 836 */ 837 if (sp->pp_mode != IFF_CISCO && (sp->ipcp.flags & IPCP_VJ) && 838 ip->ip_p == IPPROTO_TCP) 839 switch (sl_compress_tcp(m, ip, sp->pp_comp, 840 sp->ipcp.compress_cid)) { 841 case TYPE_COMPRESSED_TCP: 842 ipproto = PPP_VJ_COMP; 843 break; 844 case TYPE_UNCOMPRESSED_TCP: 845 ipproto = PPP_VJ_UCOMP; 846 break; 847 case TYPE_IP: 848 ipproto = PPP_IP; 849 break; 850 default: 851 m_freem(m); 852 splx(s); 853 return (EINVAL); 854 } 855 } 856 #endif 857 858 #ifdef INET6 859 if (dst->sa_family == AF_INET6) { 860 /* XXX do something tricky here? */ 861 } 862 #endif 863 864 /* 865 * Prepend general data packet PPP header. For now, IP only. 866 */ 867 M_PREPEND (m, PPP_HEADER_LEN, MB_DONTWAIT); 868 if (! m) { 869 if (debug) 870 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 871 SPP_ARGS(ifp)); 872 ++ifp->if_oerrors; 873 splx (s); 874 return (ENOBUFS); 875 } 876 /* 877 * May want to check size of packet 878 * (albeit due to the implementation it's always enough) 879 */ 880 h = mtod (m, struct ppp_header*); 881 if (sp->pp_mode == IFF_CISCO) { 882 h->address = CISCO_UNICAST; /* unicast address */ 883 h->control = 0; 884 } else { 885 h->address = PPP_ALLSTATIONS; /* broadcast address */ 886 h->control = PPP_UI; /* Unnumbered Info */ 887 } 888 889 switch (dst->sa_family) { 890 #ifdef INET 891 case AF_INET: /* Internet Protocol */ 892 if (sp->pp_mode == IFF_CISCO) 893 h->protocol = htons (ETHERTYPE_IP); 894 else { 895 /* 896 * Don't choke with an ENETDOWN early. It's 897 * possible that we just started dialing out, 898 * so don't drop the packet immediately. If 899 * we notice that we run out of buffer space 900 * below, we will however remember that we are 901 * not ready to carry IP packets, and return 902 * ENETDOWN, as opposed to ENOBUFS. 903 */ 904 h->protocol = htons(ipproto); 905 if (sp->state[IDX_IPCP] != STATE_OPENED) 906 rv = ENETDOWN; 907 } 908 break; 909 #endif 910 #ifdef INET6 911 case AF_INET6: /* Internet Protocol */ 912 if (sp->pp_mode == IFF_CISCO) 913 h->protocol = htons (ETHERTYPE_IPV6); 914 else { 915 /* 916 * Don't choke with an ENETDOWN early. It's 917 * possible that we just started dialing out, 918 * so don't drop the packet immediately. If 919 * we notice that we run out of buffer space 920 * below, we will however remember that we are 921 * not ready to carry IP packets, and return 922 * ENETDOWN, as opposed to ENOBUFS. 923 */ 924 h->protocol = htons(PPP_IPV6); 925 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 926 rv = ENETDOWN; 927 } 928 break; 929 #endif 930 #ifdef NS 931 case AF_NS: /* Xerox NS Protocol */ 932 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 933 ETHERTYPE_NS : PPP_XNS); 934 break; 935 #endif 936 #ifdef IPX 937 case AF_IPX: /* Novell IPX Protocol */ 938 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 939 ETHERTYPE_IPX : PPP_IPX); 940 break; 941 #endif 942 default: 943 m_freem (m); 944 ++ifp->if_oerrors; 945 splx (s); 946 return (EAFNOSUPPORT); 947 } 948 949 /* 950 * Queue message on interface, and start output if interface 951 * not yet active. 952 */ 953 if (IF_QFULL (ifq)) { 954 IF_DROP (&ifp->if_snd); 955 m_freem (m); 956 ++ifp->if_oerrors; 957 splx (s); 958 return (rv? rv: ENOBUFS); 959 } 960 IF_ENQUEUE (ifq, m); 961 if (! (ifp->if_flags & IFF_OACTIVE)) 962 (*ifp->if_start) (ifp); 963 964 /* 965 * Count output packets and bytes. 966 * The packet length includes header, FCS and 1 flag, 967 * according to RFC 1333. 968 */ 969 ifp->if_obytes += m->m_pkthdr.len + 3; 970 splx (s); 971 /* 972 * Unlike in sppp_input(), we can always bump the timestamp 973 * here since sppp_output() is only called on behalf of 974 * network-layer traffic; control-layer traffic is handled 975 * by sppp_cp_send(). 976 */ 977 sp->pp_last_sent = time_second; 978 return (0); 979 } 980 981 void 982 sppp_attach(struct ifnet *ifp) 983 { 984 struct sppp *sp = (struct sppp*) ifp; 985 986 /* Initialize keepalive handler. */ 987 if (!spppq) { 988 callout_reset(&keepalive_timeout, hz * 10, 989 sppp_keepalive, NULL); 990 } 991 /* Insert new entry into the keepalive list. */ 992 sp->pp_next = spppq; 993 spppq = sp; 994 995 sp->pp_if.if_mtu = PP_MTU; 996 sp->pp_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 997 sp->pp_if.if_type = IFT_PPP; 998 sp->pp_if.if_output = sppp_output; 999 #if 0 1000 sp->pp_flags = PP_KEEPALIVE; 1001 #endif 1002 sp->pp_if.if_snd.ifq_maxlen = 32; 1003 sp->pp_fastq.ifq_maxlen = 32; 1004 sp->pp_cpq.ifq_maxlen = 20; 1005 sp->pp_loopcnt = 0; 1006 sp->pp_alivecnt = 0; 1007 bzero(&sp->pp_seq[0], sizeof(sp->pp_seq)); 1008 bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq)); 1009 sp->pp_phase = PHASE_DEAD; 1010 sp->pp_up = lcp.Up; 1011 sp->pp_down = lcp.Down; 1012 sp->pp_last_recv = sp->pp_last_sent = time_second; 1013 sp->confflags = 0; 1014 #ifdef INET 1015 sp->confflags |= CONF_ENABLE_VJ; 1016 #endif 1017 #ifdef INET6 1018 sp->confflags |= CONF_ENABLE_IPV6; 1019 #endif 1020 sp->pp_comp = malloc(sizeof(struct slcompress), M_TEMP, M_WAITOK); 1021 sl_compress_init(sp->pp_comp, -1); 1022 sppp_lcp_init(sp); 1023 sppp_ipcp_init(sp); 1024 sppp_ipv6cp_init(sp); 1025 sppp_pap_init(sp); 1026 sppp_chap_init(sp); 1027 } 1028 1029 void 1030 sppp_detach(struct ifnet *ifp) 1031 { 1032 struct sppp **q, *p, *sp = (struct sppp*) ifp; 1033 int i; 1034 1035 /* Remove the entry from the keepalive list. */ 1036 for (q = &spppq; (p = *q); q = &p->pp_next) 1037 if (p == sp) { 1038 *q = p->pp_next; 1039 break; 1040 } 1041 1042 /* Stop keepalive handler. */ 1043 if (!spppq) 1044 callout_stop(&keepalive_timeout); 1045 1046 for (i = 0; i < IDX_COUNT; i++) 1047 callout_stop(&sp->timeout[i]); 1048 callout_stop(&sp->pap_my_to); 1049 } 1050 1051 /* 1052 * Flush the interface output queue. 1053 */ 1054 void 1055 sppp_flush(struct ifnet *ifp) 1056 { 1057 struct sppp *sp = (struct sppp*) ifp; 1058 1059 sppp_qflush (&sp->pp_if.if_snd); 1060 sppp_qflush (&sp->pp_fastq); 1061 sppp_qflush (&sp->pp_cpq); 1062 } 1063 1064 /* 1065 * Check if the output queue is empty. 1066 */ 1067 int 1068 sppp_isempty(struct ifnet *ifp) 1069 { 1070 struct sppp *sp = (struct sppp*) ifp; 1071 int empty, s; 1072 1073 s = splimp(); 1074 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 1075 !sp->pp_if.if_snd.ifq_head; 1076 splx(s); 1077 return (empty); 1078 } 1079 1080 /* 1081 * Get next packet to send. 1082 */ 1083 struct mbuf * 1084 sppp_dequeue(struct ifnet *ifp) 1085 { 1086 struct sppp *sp = (struct sppp*) ifp; 1087 struct mbuf *m; 1088 int s; 1089 1090 s = splimp(); 1091 /* 1092 * Process only the control protocol queue until we have at 1093 * least one NCP open. 1094 * 1095 * Do always serve all three queues in Cisco mode. 1096 */ 1097 IF_DEQUEUE(&sp->pp_cpq, m); 1098 if (m == NULL && 1099 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO)) { 1100 IF_DEQUEUE(&sp->pp_fastq, m); 1101 if (m == NULL) 1102 IF_DEQUEUE (&sp->pp_if.if_snd, m); 1103 } 1104 splx(s); 1105 return m; 1106 } 1107 1108 /* 1109 * Pick the next packet, do not remove it from the queue. 1110 */ 1111 struct mbuf * 1112 sppp_pick(struct ifnet *ifp) 1113 { 1114 struct sppp *sp = (struct sppp*)ifp; 1115 struct mbuf *m; 1116 int s; 1117 1118 s= splimp (); 1119 1120 m = sp->pp_cpq.ifq_head; 1121 if (m == NULL && 1122 (sp->pp_phase == PHASE_NETWORK || sp->pp_mode == IFF_CISCO)) 1123 if ((m = sp->pp_fastq.ifq_head) == NULL) 1124 m = sp->pp_if.if_snd.ifq_head; 1125 splx (s); 1126 return (m); 1127 } 1128 1129 /* 1130 * Process an ioctl request. Called on low priority level. 1131 */ 1132 int 1133 sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 1134 { 1135 struct ifreq *ifr = (struct ifreq*) data; 1136 struct sppp *sp = (struct sppp*) ifp; 1137 int s, rv, going_up, going_down, newmode; 1138 1139 s = splimp(); 1140 rv = 0; 1141 switch (cmd) { 1142 case SIOCAIFADDR: 1143 case SIOCSIFDSTADDR: 1144 break; 1145 1146 case SIOCSIFADDR: 1147 /* set the interface "up" when assigning an IP address */ 1148 ifp->if_flags |= IFF_UP; 1149 /* fall through... */ 1150 1151 case SIOCSIFFLAGS: 1152 going_up = ifp->if_flags & IFF_UP && 1153 (ifp->if_flags & IFF_RUNNING) == 0; 1154 going_down = (ifp->if_flags & IFF_UP) == 0 && 1155 ifp->if_flags & IFF_RUNNING; 1156 1157 newmode = ifp->if_flags & IFF_PASSIVE; 1158 if (!newmode) 1159 newmode = ifp->if_flags & IFF_AUTO; 1160 if (!newmode) 1161 newmode = ifp->if_flags & IFF_CISCO; 1162 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 1163 ifp->if_flags |= newmode; 1164 1165 if (newmode != sp->pp_mode) { 1166 going_down = 1; 1167 if (!going_up) 1168 going_up = ifp->if_flags & IFF_RUNNING; 1169 } 1170 1171 if (going_down) { 1172 if (sp->pp_mode != IFF_CISCO) 1173 lcp.Close(sp); 1174 else if (sp->pp_tlf) 1175 (sp->pp_tlf)(sp); 1176 sppp_flush(ifp); 1177 ifp->if_flags &= ~IFF_RUNNING; 1178 sp->pp_mode = newmode; 1179 } 1180 1181 if (going_up) { 1182 if (sp->pp_mode != IFF_CISCO) 1183 lcp.Close(sp); 1184 sp->pp_mode = newmode; 1185 if (sp->pp_mode == 0) { 1186 ifp->if_flags |= IFF_RUNNING; 1187 lcp.Open(sp); 1188 } 1189 if (sp->pp_mode == IFF_CISCO) { 1190 if (sp->pp_tls) 1191 (sp->pp_tls)(sp); 1192 ifp->if_flags |= IFF_RUNNING; 1193 } 1194 } 1195 1196 break; 1197 1198 #ifdef SIOCSIFMTU 1199 #ifndef ifr_mtu 1200 #define ifr_mtu ifr_metric 1201 #endif 1202 case SIOCSIFMTU: 1203 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1204 return (EINVAL); 1205 ifp->if_mtu = ifr->ifr_mtu; 1206 break; 1207 #endif 1208 #ifdef SLIOCSETMTU 1209 case SLIOCSETMTU: 1210 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1211 return (EINVAL); 1212 ifp->if_mtu = *(short*)data; 1213 break; 1214 #endif 1215 #ifdef SIOCGIFMTU 1216 case SIOCGIFMTU: 1217 ifr->ifr_mtu = ifp->if_mtu; 1218 break; 1219 #endif 1220 #ifdef SLIOCGETMTU 1221 case SLIOCGETMTU: 1222 *(short*)data = ifp->if_mtu; 1223 break; 1224 #endif 1225 case SIOCADDMULTI: 1226 case SIOCDELMULTI: 1227 break; 1228 1229 case SIOCGIFGENERIC: 1230 case SIOCSIFGENERIC: 1231 rv = sppp_params(sp, cmd, data); 1232 break; 1233 1234 default: 1235 rv = ENOTTY; 1236 } 1237 splx(s); 1238 return rv; 1239 } 1240 1241 /* 1242 * Cisco framing implementation. 1243 */ 1244 1245 /* 1246 * Handle incoming Cisco keepalive protocol packets. 1247 */ 1248 static void 1249 sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1250 { 1251 STDDCL; 1252 struct cisco_packet *h; 1253 u_long me, mymask; 1254 1255 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1256 if (debug) 1257 log(LOG_DEBUG, 1258 SPP_FMT "cisco invalid packet length: %d bytes\n", 1259 SPP_ARGS(ifp), m->m_pkthdr.len); 1260 return; 1261 } 1262 h = mtod (m, struct cisco_packet*); 1263 if (debug) 1264 log(LOG_DEBUG, 1265 SPP_FMT "cisco input: %d bytes " 1266 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1267 SPP_ARGS(ifp), m->m_pkthdr.len, 1268 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1269 (u_int)h->time0, (u_int)h->time1); 1270 switch (ntohl (h->type)) { 1271 default: 1272 if (debug) 1273 addlog(SPP_FMT "cisco unknown packet type: 0x%lx\n", 1274 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1275 break; 1276 case CISCO_ADDR_REPLY: 1277 /* Reply on address request, ignore */ 1278 break; 1279 case CISCO_KEEPALIVE_REQ: 1280 sp->pp_alivecnt = 0; 1281 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1282 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1283 /* Local and remote sequence numbers are equal. 1284 * Probably, the line is in loopback mode. */ 1285 if (sp->pp_loopcnt >= MAXALIVECNT) { 1286 printf (SPP_FMT "loopback\n", 1287 SPP_ARGS(ifp)); 1288 sp->pp_loopcnt = 0; 1289 if (ifp->if_flags & IFF_UP) { 1290 if_down (ifp); 1291 sppp_qflush (&sp->pp_cpq); 1292 } 1293 } 1294 ++sp->pp_loopcnt; 1295 1296 /* Generate new local sequence number */ 1297 #if defined(__DragonFly__) 1298 sp->pp_seq[IDX_LCP] = random(); 1299 #else 1300 sp->pp_seq[IDX_LCP] ^= time.tv_sec ^ time.tv_usec; 1301 #endif 1302 break; 1303 } 1304 sp->pp_loopcnt = 0; 1305 if (! (ifp->if_flags & IFF_UP) && 1306 (ifp->if_flags & IFF_RUNNING)) { 1307 if_up(ifp); 1308 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1309 } 1310 break; 1311 case CISCO_ADDR_REQ: 1312 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1313 if (me != 0L) 1314 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1315 break; 1316 } 1317 } 1318 1319 /* 1320 * Send Cisco keepalive packet. 1321 */ 1322 static void 1323 sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1324 { 1325 STDDCL; 1326 struct ppp_header *h; 1327 struct cisco_packet *ch; 1328 struct mbuf *m; 1329 #if defined(__DragonFly__) 1330 struct timeval tv; 1331 #else 1332 u_long t = (time.tv_sec - boottime.tv_sec) * 1000; 1333 #endif 1334 1335 #if defined(__DragonFly__) 1336 getmicrouptime(&tv); 1337 #endif 1338 1339 MGETHDR (m, MB_DONTWAIT, MT_DATA); 1340 if (! m) 1341 return; 1342 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1343 m->m_pkthdr.rcvif = 0; 1344 1345 h = mtod (m, struct ppp_header*); 1346 h->address = CISCO_MULTICAST; 1347 h->control = 0; 1348 h->protocol = htons (CISCO_KEEPALIVE); 1349 1350 ch = (struct cisco_packet*) (h + 1); 1351 ch->type = htonl (type); 1352 ch->par1 = htonl (par1); 1353 ch->par2 = htonl (par2); 1354 ch->rel = -1; 1355 1356 #if defined(__DragonFly__) 1357 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1358 ch->time1 = htons ((u_short) tv.tv_sec); 1359 #else 1360 ch->time0 = htons ((u_short) (t >> 16)); 1361 ch->time1 = htons ((u_short) t); 1362 #endif 1363 1364 if (debug) 1365 log(LOG_DEBUG, 1366 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1367 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1368 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1369 1370 if (IF_QFULL (&sp->pp_cpq)) { 1371 IF_DROP (&sp->pp_fastq); 1372 IF_DROP (&ifp->if_snd); 1373 m_freem (m); 1374 } else 1375 IF_ENQUEUE (&sp->pp_cpq, m); 1376 if (! (ifp->if_flags & IFF_OACTIVE)) 1377 (*ifp->if_start) (ifp); 1378 ifp->if_obytes += m->m_pkthdr.len + 3; 1379 } 1380 1381 /* 1382 * PPP protocol implementation. 1383 */ 1384 1385 /* 1386 * Send PPP control protocol packet. 1387 */ 1388 static void 1389 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1390 u_char ident, u_short len, void *data) 1391 { 1392 STDDCL; 1393 struct ppp_header *h; 1394 struct lcp_header *lh; 1395 struct mbuf *m; 1396 1397 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1398 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1399 MGETHDR (m, MB_DONTWAIT, MT_DATA); 1400 if (! m) 1401 return; 1402 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1403 m->m_pkthdr.rcvif = 0; 1404 1405 h = mtod (m, struct ppp_header*); 1406 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1407 h->control = PPP_UI; /* Unnumbered Info */ 1408 h->protocol = htons (proto); /* Link Control Protocol */ 1409 1410 lh = (struct lcp_header*) (h + 1); 1411 lh->type = type; 1412 lh->ident = ident; 1413 lh->len = htons (LCP_HEADER_LEN + len); 1414 if (len) 1415 bcopy (data, lh+1, len); 1416 1417 if (debug) { 1418 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1419 SPP_ARGS(ifp), 1420 sppp_proto_name(proto), 1421 sppp_cp_type_name (lh->type), lh->ident, 1422 ntohs (lh->len)); 1423 sppp_print_bytes ((u_char*) (lh+1), len); 1424 addlog(">\n"); 1425 } 1426 if (IF_QFULL (&sp->pp_cpq)) { 1427 IF_DROP (&sp->pp_fastq); 1428 IF_DROP (&ifp->if_snd); 1429 m_freem (m); 1430 ++ifp->if_oerrors; 1431 } else 1432 IF_ENQUEUE (&sp->pp_cpq, m); 1433 if (! (ifp->if_flags & IFF_OACTIVE)) 1434 (*ifp->if_start) (ifp); 1435 ifp->if_obytes += m->m_pkthdr.len + 3; 1436 } 1437 1438 /* 1439 * Handle incoming PPP control protocol packets. 1440 */ 1441 static void 1442 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1443 { 1444 STDDCL; 1445 struct lcp_header *h; 1446 int len = m->m_pkthdr.len; 1447 int rv; 1448 u_char *p; 1449 1450 if (len < 4) { 1451 if (debug) 1452 log(LOG_DEBUG, 1453 SPP_FMT "%s invalid packet length: %d bytes\n", 1454 SPP_ARGS(ifp), cp->name, len); 1455 return; 1456 } 1457 h = mtod (m, struct lcp_header*); 1458 if (debug) { 1459 log(LOG_DEBUG, 1460 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1461 SPP_ARGS(ifp), cp->name, 1462 sppp_state_name(sp->state[cp->protoidx]), 1463 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1464 sppp_print_bytes ((u_char*) (h+1), len-4); 1465 addlog(">\n"); 1466 } 1467 if (len > ntohs (h->len)) 1468 len = ntohs (h->len); 1469 p = (u_char *)(h + 1); 1470 switch (h->type) { 1471 case CONF_REQ: 1472 if (len < 4) { 1473 if (debug) 1474 addlog(SPP_FMT "%s invalid conf-req length %d\n", 1475 SPP_ARGS(ifp), cp->name, 1476 len); 1477 ++ifp->if_ierrors; 1478 break; 1479 } 1480 /* handle states where RCR doesn't get a SCA/SCN */ 1481 switch (sp->state[cp->protoidx]) { 1482 case STATE_CLOSING: 1483 case STATE_STOPPING: 1484 return; 1485 case STATE_CLOSED: 1486 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1487 0, 0); 1488 return; 1489 } 1490 rv = (cp->RCR)(sp, h, len); 1491 switch (sp->state[cp->protoidx]) { 1492 case STATE_OPENED: 1493 (cp->tld)(sp); 1494 (cp->scr)(sp); 1495 /* fall through... */ 1496 case STATE_ACK_SENT: 1497 case STATE_REQ_SENT: 1498 /* 1499 * sppp_cp_change_state() have the side effect of 1500 * restarting the timeouts. We want to avoid that 1501 * if the state don't change, otherwise we won't 1502 * ever timeout and resend a configuration request 1503 * that got lost. 1504 */ 1505 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT: 1506 STATE_REQ_SENT)) 1507 break; 1508 sppp_cp_change_state(cp, sp, rv? 1509 STATE_ACK_SENT: STATE_REQ_SENT); 1510 break; 1511 case STATE_STOPPED: 1512 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1513 (cp->scr)(sp); 1514 sppp_cp_change_state(cp, sp, rv? 1515 STATE_ACK_SENT: STATE_REQ_SENT); 1516 break; 1517 case STATE_ACK_RCVD: 1518 if (rv) { 1519 sppp_cp_change_state(cp, sp, STATE_OPENED); 1520 if (debug) 1521 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1522 SPP_ARGS(ifp), 1523 cp->name); 1524 (cp->tlu)(sp); 1525 } else 1526 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1527 break; 1528 default: 1529 printf(SPP_FMT "%s illegal %s in state %s\n", 1530 SPP_ARGS(ifp), cp->name, 1531 sppp_cp_type_name(h->type), 1532 sppp_state_name(sp->state[cp->protoidx])); 1533 ++ifp->if_ierrors; 1534 } 1535 break; 1536 case CONF_ACK: 1537 if (h->ident != sp->confid[cp->protoidx]) { 1538 if (debug) 1539 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1540 SPP_ARGS(ifp), cp->name, 1541 h->ident, sp->confid[cp->protoidx]); 1542 ++ifp->if_ierrors; 1543 break; 1544 } 1545 switch (sp->state[cp->protoidx]) { 1546 case STATE_CLOSED: 1547 case STATE_STOPPED: 1548 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1549 break; 1550 case STATE_CLOSING: 1551 case STATE_STOPPING: 1552 break; 1553 case STATE_REQ_SENT: 1554 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1555 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1556 break; 1557 case STATE_OPENED: 1558 (cp->tld)(sp); 1559 /* fall through */ 1560 case STATE_ACK_RCVD: 1561 (cp->scr)(sp); 1562 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1563 break; 1564 case STATE_ACK_SENT: 1565 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1566 sppp_cp_change_state(cp, sp, STATE_OPENED); 1567 if (debug) 1568 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1569 SPP_ARGS(ifp), cp->name); 1570 (cp->tlu)(sp); 1571 break; 1572 default: 1573 printf(SPP_FMT "%s illegal %s in state %s\n", 1574 SPP_ARGS(ifp), cp->name, 1575 sppp_cp_type_name(h->type), 1576 sppp_state_name(sp->state[cp->protoidx])); 1577 ++ifp->if_ierrors; 1578 } 1579 break; 1580 case CONF_NAK: 1581 case CONF_REJ: 1582 if (h->ident != sp->confid[cp->protoidx]) { 1583 if (debug) 1584 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1585 SPP_ARGS(ifp), cp->name, 1586 h->ident, sp->confid[cp->protoidx]); 1587 ++ifp->if_ierrors; 1588 break; 1589 } 1590 if (h->type == CONF_NAK) 1591 (cp->RCN_nak)(sp, h, len); 1592 else /* CONF_REJ */ 1593 (cp->RCN_rej)(sp, h, len); 1594 1595 switch (sp->state[cp->protoidx]) { 1596 case STATE_CLOSED: 1597 case STATE_STOPPED: 1598 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1599 break; 1600 case STATE_REQ_SENT: 1601 case STATE_ACK_SENT: 1602 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1603 /* 1604 * Slow things down a bit if we think we might be 1605 * in loopback. Depend on the timeout to send the 1606 * next configuration request. 1607 */ 1608 if (sp->pp_loopcnt) 1609 break; 1610 (cp->scr)(sp); 1611 break; 1612 case STATE_OPENED: 1613 (cp->tld)(sp); 1614 /* fall through */ 1615 case STATE_ACK_RCVD: 1616 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1617 (cp->scr)(sp); 1618 break; 1619 case STATE_CLOSING: 1620 case STATE_STOPPING: 1621 break; 1622 default: 1623 printf(SPP_FMT "%s illegal %s in state %s\n", 1624 SPP_ARGS(ifp), cp->name, 1625 sppp_cp_type_name(h->type), 1626 sppp_state_name(sp->state[cp->protoidx])); 1627 ++ifp->if_ierrors; 1628 } 1629 break; 1630 1631 case TERM_REQ: 1632 switch (sp->state[cp->protoidx]) { 1633 case STATE_ACK_RCVD: 1634 case STATE_ACK_SENT: 1635 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1636 /* fall through */ 1637 case STATE_CLOSED: 1638 case STATE_STOPPED: 1639 case STATE_CLOSING: 1640 case STATE_STOPPING: 1641 case STATE_REQ_SENT: 1642 sta: 1643 /* Send Terminate-Ack packet. */ 1644 if (debug) 1645 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1646 SPP_ARGS(ifp), cp->name); 1647 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1648 break; 1649 case STATE_OPENED: 1650 (cp->tld)(sp); 1651 sp->rst_counter[cp->protoidx] = 0; 1652 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1653 goto sta; 1654 break; 1655 default: 1656 printf(SPP_FMT "%s illegal %s in state %s\n", 1657 SPP_ARGS(ifp), cp->name, 1658 sppp_cp_type_name(h->type), 1659 sppp_state_name(sp->state[cp->protoidx])); 1660 ++ifp->if_ierrors; 1661 } 1662 break; 1663 case TERM_ACK: 1664 switch (sp->state[cp->protoidx]) { 1665 case STATE_CLOSED: 1666 case STATE_STOPPED: 1667 case STATE_REQ_SENT: 1668 case STATE_ACK_SENT: 1669 break; 1670 case STATE_CLOSING: 1671 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1672 (cp->tlf)(sp); 1673 break; 1674 case STATE_STOPPING: 1675 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1676 (cp->tlf)(sp); 1677 break; 1678 case STATE_ACK_RCVD: 1679 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1680 break; 1681 case STATE_OPENED: 1682 (cp->tld)(sp); 1683 (cp->scr)(sp); 1684 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1685 break; 1686 default: 1687 printf(SPP_FMT "%s illegal %s in state %s\n", 1688 SPP_ARGS(ifp), cp->name, 1689 sppp_cp_type_name(h->type), 1690 sppp_state_name(sp->state[cp->protoidx])); 1691 ++ifp->if_ierrors; 1692 } 1693 break; 1694 case CODE_REJ: 1695 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1696 log(LOG_INFO, 1697 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1698 "danger will robinson\n", 1699 SPP_ARGS(ifp), cp->name, 1700 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1701 switch (sp->state[cp->protoidx]) { 1702 case STATE_CLOSED: 1703 case STATE_STOPPED: 1704 case STATE_REQ_SENT: 1705 case STATE_ACK_SENT: 1706 case STATE_CLOSING: 1707 case STATE_STOPPING: 1708 case STATE_OPENED: 1709 break; 1710 case STATE_ACK_RCVD: 1711 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1712 break; 1713 default: 1714 printf(SPP_FMT "%s illegal %s in state %s\n", 1715 SPP_ARGS(ifp), cp->name, 1716 sppp_cp_type_name(h->type), 1717 sppp_state_name(sp->state[cp->protoidx])); 1718 ++ifp->if_ierrors; 1719 } 1720 break; 1721 case PROTO_REJ: 1722 { 1723 int catastrophic; 1724 const struct cp *upper; 1725 int i; 1726 u_int16_t proto; 1727 1728 catastrophic = 0; 1729 upper = NULL; 1730 proto = ntohs(*((u_int16_t *)p)); 1731 for (i = 0; i < IDX_COUNT; i++) { 1732 if (cps[i]->proto == proto) { 1733 upper = cps[i]; 1734 break; 1735 } 1736 } 1737 if (upper == NULL) 1738 catastrophic++; 1739 1740 if (catastrophic || debug) 1741 log(catastrophic? LOG_INFO: LOG_DEBUG, 1742 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1743 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1744 sppp_cp_type_name(h->type), proto, 1745 upper ? upper->name : "unknown", 1746 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1747 1748 /* 1749 * if we got RXJ+ against conf-req, the peer does not implement 1750 * this particular protocol type. terminate the protocol. 1751 */ 1752 if (upper && !catastrophic) { 1753 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1754 upper->Close(sp); 1755 break; 1756 } 1757 } 1758 1759 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1760 switch (sp->state[cp->protoidx]) { 1761 case STATE_CLOSED: 1762 case STATE_STOPPED: 1763 case STATE_REQ_SENT: 1764 case STATE_ACK_SENT: 1765 case STATE_CLOSING: 1766 case STATE_STOPPING: 1767 case STATE_OPENED: 1768 break; 1769 case STATE_ACK_RCVD: 1770 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1771 break; 1772 default: 1773 printf(SPP_FMT "%s illegal %s in state %s\n", 1774 SPP_ARGS(ifp), cp->name, 1775 sppp_cp_type_name(h->type), 1776 sppp_state_name(sp->state[cp->protoidx])); 1777 ++ifp->if_ierrors; 1778 } 1779 break; 1780 } 1781 case DISC_REQ: 1782 if (cp->proto != PPP_LCP) 1783 goto illegal; 1784 /* Discard the packet. */ 1785 break; 1786 case ECHO_REQ: 1787 if (cp->proto != PPP_LCP) 1788 goto illegal; 1789 if (sp->state[cp->protoidx] != STATE_OPENED) { 1790 if (debug) 1791 addlog(SPP_FMT "lcp echo req but lcp closed\n", 1792 SPP_ARGS(ifp)); 1793 ++ifp->if_ierrors; 1794 break; 1795 } 1796 if (len < 8) { 1797 if (debug) 1798 addlog(SPP_FMT "invalid lcp echo request " 1799 "packet length: %d bytes\n", 1800 SPP_ARGS(ifp), len); 1801 break; 1802 } 1803 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1804 ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1805 /* Line loopback mode detected. */ 1806 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1807 sp->pp_loopcnt = MAXALIVECNT * 5; 1808 if_down (ifp); 1809 sppp_qflush (&sp->pp_cpq); 1810 1811 /* Shut down the PPP link. */ 1812 /* XXX */ 1813 lcp.Down(sp); 1814 lcp.Up(sp); 1815 break; 1816 } 1817 *(long*)(h+1) = htonl (sp->lcp.magic); 1818 if (debug) 1819 addlog(SPP_FMT "got lcp echo req, sending echo rep\n", 1820 SPP_ARGS(ifp)); 1821 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1822 break; 1823 case ECHO_REPLY: 1824 if (cp->proto != PPP_LCP) 1825 goto illegal; 1826 if (h->ident != sp->lcp.echoid) { 1827 ++ifp->if_ierrors; 1828 break; 1829 } 1830 if (len < 8) { 1831 if (debug) 1832 addlog(SPP_FMT "lcp invalid echo reply " 1833 "packet length: %d bytes\n", 1834 SPP_ARGS(ifp), len); 1835 break; 1836 } 1837 if (debug) 1838 addlog(SPP_FMT "lcp got echo rep\n", 1839 SPP_ARGS(ifp)); 1840 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1841 ntohl (*(long*)(h+1)) != sp->lcp.magic) 1842 sp->pp_alivecnt = 0; 1843 break; 1844 default: 1845 /* Unknown packet type -- send Code-Reject packet. */ 1846 illegal: 1847 if (debug) 1848 addlog(SPP_FMT "%s send code-rej for 0x%x\n", 1849 SPP_ARGS(ifp), cp->name, h->type); 1850 sppp_cp_send(sp, cp->proto, CODE_REJ, 1851 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1852 ++ifp->if_ierrors; 1853 } 1854 } 1855 1856 1857 /* 1858 * The generic part of all Up/Down/Open/Close/TO event handlers. 1859 * Basically, the state transition handling in the automaton. 1860 */ 1861 static void 1862 sppp_up_event(const struct cp *cp, struct sppp *sp) 1863 { 1864 STDDCL; 1865 1866 if (debug) 1867 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1868 SPP_ARGS(ifp), cp->name, 1869 sppp_state_name(sp->state[cp->protoidx])); 1870 1871 switch (sp->state[cp->protoidx]) { 1872 case STATE_INITIAL: 1873 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1874 break; 1875 case STATE_STARTING: 1876 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1877 (cp->scr)(sp); 1878 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1879 break; 1880 default: 1881 printf(SPP_FMT "%s illegal up in state %s\n", 1882 SPP_ARGS(ifp), cp->name, 1883 sppp_state_name(sp->state[cp->protoidx])); 1884 } 1885 } 1886 1887 static void 1888 sppp_down_event(const struct cp *cp, struct sppp *sp) 1889 { 1890 STDDCL; 1891 1892 if (debug) 1893 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1894 SPP_ARGS(ifp), cp->name, 1895 sppp_state_name(sp->state[cp->protoidx])); 1896 1897 switch (sp->state[cp->protoidx]) { 1898 case STATE_CLOSED: 1899 case STATE_CLOSING: 1900 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1901 break; 1902 case STATE_STOPPED: 1903 sppp_cp_change_state(cp, sp, STATE_STARTING); 1904 (cp->tls)(sp); 1905 break; 1906 case STATE_STOPPING: 1907 case STATE_REQ_SENT: 1908 case STATE_ACK_RCVD: 1909 case STATE_ACK_SENT: 1910 sppp_cp_change_state(cp, sp, STATE_STARTING); 1911 break; 1912 case STATE_OPENED: 1913 (cp->tld)(sp); 1914 sppp_cp_change_state(cp, sp, STATE_STARTING); 1915 break; 1916 default: 1917 printf(SPP_FMT "%s illegal down in state %s\n", 1918 SPP_ARGS(ifp), cp->name, 1919 sppp_state_name(sp->state[cp->protoidx])); 1920 } 1921 } 1922 1923 1924 static void 1925 sppp_open_event(const struct cp *cp, struct sppp *sp) 1926 { 1927 STDDCL; 1928 1929 if (debug) 1930 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1931 SPP_ARGS(ifp), cp->name, 1932 sppp_state_name(sp->state[cp->protoidx])); 1933 1934 switch (sp->state[cp->protoidx]) { 1935 case STATE_INITIAL: 1936 sppp_cp_change_state(cp, sp, STATE_STARTING); 1937 (cp->tls)(sp); 1938 break; 1939 case STATE_STARTING: 1940 break; 1941 case STATE_CLOSED: 1942 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1943 (cp->scr)(sp); 1944 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1945 break; 1946 case STATE_STOPPED: 1947 /* 1948 * Try escaping stopped state. This seems to bite 1949 * people occasionally, in particular for IPCP, 1950 * presumably following previous IPCP negotiation 1951 * aborts. Somehow, we must have missed a Down event 1952 * which would have caused a transition into starting 1953 * state, so as a bandaid we force the Down event now. 1954 * This effectively implements (something like the) 1955 * `restart' option mentioned in the state transition 1956 * table of RFC 1661. 1957 */ 1958 sppp_cp_change_state(cp, sp, STATE_STARTING); 1959 (cp->tls)(sp); 1960 break; 1961 case STATE_STOPPING: 1962 case STATE_REQ_SENT: 1963 case STATE_ACK_RCVD: 1964 case STATE_ACK_SENT: 1965 case STATE_OPENED: 1966 break; 1967 case STATE_CLOSING: 1968 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1969 break; 1970 } 1971 } 1972 1973 1974 static void 1975 sppp_close_event(const struct cp *cp, struct sppp *sp) 1976 { 1977 STDDCL; 1978 1979 if (debug) 1980 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1981 SPP_ARGS(ifp), cp->name, 1982 sppp_state_name(sp->state[cp->protoidx])); 1983 1984 switch (sp->state[cp->protoidx]) { 1985 case STATE_INITIAL: 1986 case STATE_CLOSED: 1987 case STATE_CLOSING: 1988 break; 1989 case STATE_STARTING: 1990 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1991 (cp->tlf)(sp); 1992 break; 1993 case STATE_STOPPED: 1994 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1995 break; 1996 case STATE_STOPPING: 1997 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1998 break; 1999 case STATE_OPENED: 2000 (cp->tld)(sp); 2001 /* fall through */ 2002 case STATE_REQ_SENT: 2003 case STATE_ACK_RCVD: 2004 case STATE_ACK_SENT: 2005 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 2006 sppp_cp_send(sp, cp->proto, TERM_REQ, 2007 ++sp->pp_seq[cp->protoidx], 0, 0); 2008 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2009 break; 2010 } 2011 } 2012 2013 static void 2014 sppp_to_event(const struct cp *cp, struct sppp *sp) 2015 { 2016 STDDCL; 2017 int s; 2018 2019 s = splimp(); 2020 if (debug) 2021 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 2022 SPP_ARGS(ifp), cp->name, 2023 sppp_state_name(sp->state[cp->protoidx]), 2024 sp->rst_counter[cp->protoidx]); 2025 2026 if (--sp->rst_counter[cp->protoidx] < 0) 2027 /* TO- event */ 2028 switch (sp->state[cp->protoidx]) { 2029 case STATE_CLOSING: 2030 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2031 (cp->tlf)(sp); 2032 break; 2033 case STATE_STOPPING: 2034 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2035 (cp->tlf)(sp); 2036 break; 2037 case STATE_REQ_SENT: 2038 case STATE_ACK_RCVD: 2039 case STATE_ACK_SENT: 2040 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2041 (cp->tlf)(sp); 2042 break; 2043 } 2044 else 2045 /* TO+ event */ 2046 switch (sp->state[cp->protoidx]) { 2047 case STATE_CLOSING: 2048 case STATE_STOPPING: 2049 sppp_cp_send(sp, cp->proto, TERM_REQ, 2050 ++sp->pp_seq[cp->protoidx], 0, 0); 2051 callout_reset(&sp->timeout[cp->protoidx], 2052 sp->lcp.timeout, cp->TO, sp); 2053 break; 2054 case STATE_REQ_SENT: 2055 case STATE_ACK_RCVD: 2056 (cp->scr)(sp); 2057 /* sppp_cp_change_state() will restart the timer */ 2058 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2059 break; 2060 case STATE_ACK_SENT: 2061 (cp->scr)(sp); 2062 callout_reset(&sp->timeout[cp->protoidx], 2063 sp->lcp.timeout, cp->TO, sp); 2064 break; 2065 } 2066 2067 splx(s); 2068 } 2069 2070 /* 2071 * Change the state of a control protocol in the state automaton. 2072 * Takes care of starting/stopping the restart timer. 2073 */ 2074 void 2075 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2076 { 2077 sp->state[cp->protoidx] = newstate; 2078 callout_stop(&sp->timeout[cp->protoidx]); 2079 2080 switch (newstate) { 2081 case STATE_INITIAL: 2082 case STATE_STARTING: 2083 case STATE_CLOSED: 2084 case STATE_STOPPED: 2085 case STATE_OPENED: 2086 break; 2087 case STATE_CLOSING: 2088 case STATE_STOPPING: 2089 case STATE_REQ_SENT: 2090 case STATE_ACK_RCVD: 2091 case STATE_ACK_SENT: 2092 callout_reset(&sp->timeout[cp->protoidx], 2093 sp->lcp.timeout, cp->TO, sp); 2094 break; 2095 } 2096 } 2097 2098 /* 2099 *--------------------------------------------------------------------------* 2100 * * 2101 * The LCP implementation. * 2102 * * 2103 *--------------------------------------------------------------------------* 2104 */ 2105 static void 2106 sppp_lcp_init(struct sppp *sp) 2107 { 2108 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2109 sp->lcp.magic = 0; 2110 sp->state[IDX_LCP] = STATE_INITIAL; 2111 sp->fail_counter[IDX_LCP] = 0; 2112 sp->pp_seq[IDX_LCP] = 0; 2113 sp->pp_rseq[IDX_LCP] = 0; 2114 sp->lcp.protos = 0; 2115 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2116 2117 /* Note that these values are relevant for all control protocols */ 2118 sp->lcp.timeout = 3 * hz; 2119 sp->lcp.max_terminate = 2; 2120 sp->lcp.max_configure = 10; 2121 sp->lcp.max_failure = 10; 2122 #if defined(__DragonFly__) 2123 callout_init(&sp->timeout[IDX_LCP]); 2124 #endif 2125 } 2126 2127 static void 2128 sppp_lcp_up(struct sppp *sp) 2129 { 2130 STDDCL; 2131 2132 sp->pp_alivecnt = 0; 2133 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2134 sp->lcp.magic = 0; 2135 sp->lcp.protos = 0; 2136 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2137 /* 2138 * If this interface is passive or dial-on-demand, and we are 2139 * still in Initial state, it means we've got an incoming 2140 * call. Activate the interface. 2141 */ 2142 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2143 if (debug) 2144 log(LOG_DEBUG, 2145 SPP_FMT "Up event", SPP_ARGS(ifp)); 2146 ifp->if_flags |= IFF_RUNNING; 2147 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2148 if (debug) 2149 addlog("(incoming call)\n"); 2150 sp->pp_flags |= PP_CALLIN; 2151 lcp.Open(sp); 2152 } else if (debug) 2153 addlog("\n"); 2154 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2155 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2156 ifp->if_flags |= IFF_RUNNING; 2157 lcp.Open(sp); 2158 } 2159 2160 sppp_up_event(&lcp, sp); 2161 } 2162 2163 static void 2164 sppp_lcp_down(struct sppp *sp) 2165 { 2166 STDDCL; 2167 2168 sppp_down_event(&lcp, sp); 2169 2170 /* 2171 * If this is neither a dial-on-demand nor a passive 2172 * interface, simulate an ``ifconfig down'' action, so the 2173 * administrator can force a redial by another ``ifconfig 2174 * up''. XXX For leased line operation, should we immediately 2175 * try to reopen the connection here? 2176 */ 2177 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2178 log(LOG_INFO, 2179 SPP_FMT "Down event, taking interface down.\n", 2180 SPP_ARGS(ifp)); 2181 if_down(ifp); 2182 } else { 2183 if (debug) 2184 log(LOG_DEBUG, 2185 SPP_FMT "Down event (carrier loss)\n", 2186 SPP_ARGS(ifp)); 2187 sp->pp_flags &= ~PP_CALLIN; 2188 if (sp->state[IDX_LCP] != STATE_INITIAL) 2189 lcp.Close(sp); 2190 ifp->if_flags &= ~IFF_RUNNING; 2191 } 2192 } 2193 2194 static void 2195 sppp_lcp_open(struct sppp *sp) 2196 { 2197 /* 2198 * If we are authenticator, negotiate LCP_AUTH 2199 */ 2200 if (sp->hisauth.proto != 0) 2201 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2202 else 2203 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2204 sp->pp_flags &= ~PP_NEEDAUTH; 2205 sppp_open_event(&lcp, sp); 2206 } 2207 2208 static void 2209 sppp_lcp_close(struct sppp *sp) 2210 { 2211 sppp_close_event(&lcp, sp); 2212 } 2213 2214 static void 2215 sppp_lcp_TO(void *cookie) 2216 { 2217 sppp_to_event(&lcp, (struct sppp *)cookie); 2218 } 2219 2220 /* 2221 * Analyze a configure request. Return true if it was agreeable, and 2222 * caused action sca, false if it has been rejected or nak'ed, and 2223 * caused action scn. (The return value is used to make the state 2224 * transition decision in the state automaton.) 2225 */ 2226 static int 2227 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2228 { 2229 STDDCL; 2230 u_char *buf, *r, *p; 2231 int origlen, rlen; 2232 u_long nmagic; 2233 u_short authproto; 2234 2235 len -= 4; 2236 origlen = len; 2237 buf = r = malloc (len, M_TEMP, M_INTWAIT); 2238 2239 if (debug) 2240 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 2241 SPP_ARGS(ifp)); 2242 2243 /* pass 1: check for things that need to be rejected */ 2244 p = (void*) (h+1); 2245 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2246 if (debug) 2247 addlog(" %s ", sppp_lcp_opt_name(*p)); 2248 switch (*p) { 2249 case LCP_OPT_MAGIC: 2250 /* Magic number. */ 2251 if (len >= 6 && p[1] == 6) 2252 continue; 2253 if (debug) 2254 addlog("[invalid] "); 2255 break; 2256 case LCP_OPT_ASYNC_MAP: 2257 /* Async control character map. */ 2258 if (len >= 6 && p[1] == 6) 2259 continue; 2260 if (debug) 2261 addlog("[invalid] "); 2262 break; 2263 case LCP_OPT_MRU: 2264 /* Maximum receive unit. */ 2265 if (len >= 4 && p[1] == 4) 2266 continue; 2267 if (debug) 2268 addlog("[invalid] "); 2269 break; 2270 case LCP_OPT_AUTH_PROTO: 2271 if (len < 4) { 2272 if (debug) 2273 addlog("[invalid] "); 2274 break; 2275 } 2276 authproto = (p[2] << 8) + p[3]; 2277 if (authproto == PPP_CHAP && p[1] != 5) { 2278 if (debug) 2279 addlog("[invalid chap len] "); 2280 break; 2281 } 2282 if (sp->myauth.proto == 0) { 2283 /* we are not configured to do auth */ 2284 if (debug) 2285 addlog("[not configured] "); 2286 break; 2287 } 2288 /* 2289 * Remote want us to authenticate, remember this, 2290 * so we stay in PHASE_AUTHENTICATE after LCP got 2291 * up. 2292 */ 2293 sp->pp_flags |= PP_NEEDAUTH; 2294 continue; 2295 default: 2296 /* Others not supported. */ 2297 if (debug) 2298 addlog("[rej] "); 2299 break; 2300 } 2301 /* Add the option to rejected list. */ 2302 bcopy (p, r, p[1]); 2303 r += p[1]; 2304 rlen += p[1]; 2305 } 2306 if (rlen) { 2307 if (debug) 2308 addlog(" send conf-rej\n"); 2309 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2310 return 0; 2311 } else if (debug) 2312 addlog("\n"); 2313 2314 /* 2315 * pass 2: check for option values that are unacceptable and 2316 * thus require to be nak'ed. 2317 */ 2318 if (debug) 2319 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2320 SPP_ARGS(ifp)); 2321 2322 p = (void*) (h+1); 2323 len = origlen; 2324 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2325 if (debug) 2326 addlog(" %s ", sppp_lcp_opt_name(*p)); 2327 switch (*p) { 2328 case LCP_OPT_MAGIC: 2329 /* Magic number -- extract. */ 2330 nmagic = (u_long)p[2] << 24 | 2331 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2332 if (nmagic != sp->lcp.magic) { 2333 sp->pp_loopcnt = 0; 2334 if (debug) 2335 addlog("0x%lx ", nmagic); 2336 continue; 2337 } 2338 if (debug && sp->pp_loopcnt < MAXALIVECNT*5) 2339 addlog("[glitch] "); 2340 ++sp->pp_loopcnt; 2341 /* 2342 * We negate our magic here, and NAK it. If 2343 * we see it later in an NAK packet, we 2344 * suggest a new one. 2345 */ 2346 nmagic = ~sp->lcp.magic; 2347 /* Gonna NAK it. */ 2348 p[2] = nmagic >> 24; 2349 p[3] = nmagic >> 16; 2350 p[4] = nmagic >> 8; 2351 p[5] = nmagic; 2352 break; 2353 2354 case LCP_OPT_ASYNC_MAP: 2355 /* 2356 * Async control character map -- just ignore it. 2357 * 2358 * Quote from RFC 1662, chapter 6: 2359 * To enable this functionality, synchronous PPP 2360 * implementations MUST always respond to the 2361 * Async-Control-Character-Map Configuration 2362 * Option with the LCP Configure-Ack. However, 2363 * acceptance of the Configuration Option does 2364 * not imply that the synchronous implementation 2365 * will do any ACCM mapping. Instead, all such 2366 * octet mapping will be performed by the 2367 * asynchronous-to-synchronous converter. 2368 */ 2369 continue; 2370 2371 case LCP_OPT_MRU: 2372 /* 2373 * Maximum receive unit. Always agreeable, 2374 * but ignored by now. 2375 */ 2376 sp->lcp.their_mru = p[2] * 256 + p[3]; 2377 if (debug) 2378 addlog("%lu ", sp->lcp.their_mru); 2379 continue; 2380 2381 case LCP_OPT_AUTH_PROTO: 2382 authproto = (p[2] << 8) + p[3]; 2383 if (sp->myauth.proto != authproto) { 2384 /* not agreed, nak */ 2385 if (debug) 2386 addlog("[mine %s != his %s] ", 2387 sppp_proto_name(sp->hisauth.proto), 2388 sppp_proto_name(authproto)); 2389 p[2] = sp->myauth.proto >> 8; 2390 p[3] = sp->myauth.proto; 2391 break; 2392 } 2393 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2394 if (debug) 2395 addlog("[chap not MD5] "); 2396 p[4] = CHAP_MD5; 2397 break; 2398 } 2399 continue; 2400 } 2401 /* Add the option to nak'ed list. */ 2402 bcopy (p, r, p[1]); 2403 r += p[1]; 2404 rlen += p[1]; 2405 } 2406 if (rlen) { 2407 /* 2408 * Local and remote magics equal -- loopback? 2409 */ 2410 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2411 if (sp->pp_loopcnt == MAXALIVECNT*5) 2412 printf (SPP_FMT "loopback\n", 2413 SPP_ARGS(ifp)); 2414 if (ifp->if_flags & IFF_UP) { 2415 if_down(ifp); 2416 sppp_qflush(&sp->pp_cpq); 2417 /* XXX ? */ 2418 lcp.Down(sp); 2419 lcp.Up(sp); 2420 } 2421 } else if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2422 if (debug) 2423 addlog(" max_failure (%d) exceeded, " 2424 "send conf-rej\n", 2425 sp->lcp.max_failure); 2426 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2427 } else { 2428 if (debug) 2429 addlog(" send conf-nak\n"); 2430 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2431 } 2432 } else { 2433 if (debug) 2434 addlog(" send conf-ack\n"); 2435 sp->fail_counter[IDX_LCP] = 0; 2436 sp->pp_loopcnt = 0; 2437 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2438 h->ident, origlen, h+1); 2439 } 2440 2441 free (buf, M_TEMP); 2442 return (rlen == 0); 2443 } 2444 2445 /* 2446 * Analyze the LCP Configure-Reject option list, and adjust our 2447 * negotiation. 2448 */ 2449 static void 2450 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2451 { 2452 STDDCL; 2453 u_char *buf, *p; 2454 2455 len -= 4; 2456 buf = malloc (len, M_TEMP, M_INTWAIT); 2457 2458 if (debug) 2459 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2460 SPP_ARGS(ifp)); 2461 2462 p = (void*) (h+1); 2463 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2464 if (debug) 2465 addlog(" %s ", sppp_lcp_opt_name(*p)); 2466 switch (*p) { 2467 case LCP_OPT_MAGIC: 2468 /* Magic number -- can't use it, use 0 */ 2469 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2470 sp->lcp.magic = 0; 2471 break; 2472 case LCP_OPT_MRU: 2473 /* 2474 * Should not be rejected anyway, since we only 2475 * negotiate a MRU if explicitly requested by 2476 * peer. 2477 */ 2478 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2479 break; 2480 case LCP_OPT_AUTH_PROTO: 2481 /* 2482 * Peer doesn't want to authenticate himself, 2483 * deny unless this is a dialout call, and 2484 * AUTHFLAG_NOCALLOUT is set. 2485 */ 2486 if ((sp->pp_flags & PP_CALLIN) == 0 && 2487 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2488 if (debug) 2489 addlog("[don't insist on auth " 2490 "for callout]"); 2491 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2492 break; 2493 } 2494 if (debug) 2495 addlog("[access denied]\n"); 2496 lcp.Close(sp); 2497 break; 2498 } 2499 } 2500 if (debug) 2501 addlog("\n"); 2502 free (buf, M_TEMP); 2503 return; 2504 } 2505 2506 /* 2507 * Analyze the LCP Configure-NAK option list, and adjust our 2508 * negotiation. 2509 */ 2510 static void 2511 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2512 { 2513 STDDCL; 2514 u_char *buf, *p; 2515 u_long magic; 2516 2517 len -= 4; 2518 buf = malloc (len, M_TEMP, M_INTWAIT); 2519 2520 if (debug) 2521 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2522 SPP_ARGS(ifp)); 2523 2524 p = (void*) (h+1); 2525 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2526 if (debug) 2527 addlog(" %s ", sppp_lcp_opt_name(*p)); 2528 switch (*p) { 2529 case LCP_OPT_MAGIC: 2530 /* Magic number -- renegotiate */ 2531 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2532 len >= 6 && p[1] == 6) { 2533 magic = (u_long)p[2] << 24 | 2534 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2535 /* 2536 * If the remote magic is our negated one, 2537 * this looks like a loopback problem. 2538 * Suggest a new magic to make sure. 2539 */ 2540 if (magic == ~sp->lcp.magic) { 2541 if (debug) 2542 addlog("magic glitch "); 2543 #if defined(__DragonFly__) 2544 sp->lcp.magic = random(); 2545 #else 2546 sp->lcp.magic = time.tv_sec + time.tv_usec; 2547 #endif 2548 } else { 2549 sp->lcp.magic = magic; 2550 if (debug) 2551 addlog("%lu ", magic); 2552 } 2553 } 2554 break; 2555 case LCP_OPT_MRU: 2556 /* 2557 * Peer wants to advise us to negotiate an MRU. 2558 * Agree on it if it's reasonable, or use 2559 * default otherwise. 2560 */ 2561 if (len >= 4 && p[1] == 4) { 2562 u_int mru = p[2] * 256 + p[3]; 2563 if (debug) 2564 addlog("%d ", mru); 2565 if (mru < PP_MTU || mru > PP_MAX_MRU) 2566 mru = PP_MTU; 2567 sp->lcp.mru = mru; 2568 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2569 } 2570 break; 2571 case LCP_OPT_AUTH_PROTO: 2572 /* 2573 * Peer doesn't like our authentication method, 2574 * deny. 2575 */ 2576 if (debug) 2577 addlog("[access denied]\n"); 2578 lcp.Close(sp); 2579 break; 2580 } 2581 } 2582 if (debug) 2583 addlog("\n"); 2584 free (buf, M_TEMP); 2585 return; 2586 } 2587 2588 static void 2589 sppp_lcp_tlu(struct sppp *sp) 2590 { 2591 STDDCL; 2592 int i; 2593 u_long mask; 2594 2595 /* XXX ? */ 2596 if (! (ifp->if_flags & IFF_UP) && 2597 (ifp->if_flags & IFF_RUNNING)) { 2598 /* Coming out of loopback mode. */ 2599 if_up(ifp); 2600 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2601 } 2602 2603 for (i = 0; i < IDX_COUNT; i++) 2604 if ((cps[i])->flags & CP_QUAL) 2605 (cps[i])->Open(sp); 2606 2607 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2608 (sp->pp_flags & PP_NEEDAUTH) != 0) 2609 sp->pp_phase = PHASE_AUTHENTICATE; 2610 else 2611 sp->pp_phase = PHASE_NETWORK; 2612 2613 if (debug) 2614 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2615 sppp_phase_name(sp->pp_phase)); 2616 2617 /* 2618 * Open all authentication protocols. This is even required 2619 * if we already proceeded to network phase, since it might be 2620 * that remote wants us to authenticate, so we might have to 2621 * send a PAP request. Undesired authentication protocols 2622 * don't do anything when they get an Open event. 2623 */ 2624 for (i = 0; i < IDX_COUNT; i++) 2625 if ((cps[i])->flags & CP_AUTH) 2626 (cps[i])->Open(sp); 2627 2628 if (sp->pp_phase == PHASE_NETWORK) { 2629 /* Notify all NCPs. */ 2630 for (i = 0; i < IDX_COUNT; i++) 2631 if (((cps[i])->flags & CP_NCP) && 2632 /* 2633 * XXX 2634 * Hack to administratively disable IPv6 if 2635 * not desired. Perhaps we should have another 2636 * flag for this, but right now, we can make 2637 * all struct cp's read/only. 2638 */ 2639 (cps[i] != &ipv6cp || 2640 (sp->confflags & CONF_ENABLE_IPV6))) 2641 (cps[i])->Open(sp); 2642 } 2643 2644 /* Send Up events to all started protos. */ 2645 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2646 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2647 (cps[i])->Up(sp); 2648 2649 /* notify low-level driver of state change */ 2650 if (sp->pp_chg) 2651 sp->pp_chg(sp, (int)sp->pp_phase); 2652 2653 if (sp->pp_phase == PHASE_NETWORK) 2654 /* if no NCP is starting, close down */ 2655 sppp_lcp_check_and_close(sp); 2656 } 2657 2658 static void 2659 sppp_lcp_tld(struct sppp *sp) 2660 { 2661 STDDCL; 2662 int i; 2663 u_long mask; 2664 2665 sp->pp_phase = PHASE_TERMINATE; 2666 2667 if (debug) 2668 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2669 sppp_phase_name(sp->pp_phase)); 2670 2671 /* 2672 * Take upper layers down. We send the Down event first and 2673 * the Close second to prevent the upper layers from sending 2674 * ``a flurry of terminate-request packets'', as the RFC 2675 * describes it. 2676 */ 2677 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2678 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2679 (cps[i])->Down(sp); 2680 (cps[i])->Close(sp); 2681 } 2682 } 2683 2684 static void 2685 sppp_lcp_tls(struct sppp *sp) 2686 { 2687 STDDCL; 2688 2689 sp->pp_phase = PHASE_ESTABLISH; 2690 2691 if (debug) 2692 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2693 sppp_phase_name(sp->pp_phase)); 2694 2695 /* Notify lower layer if desired. */ 2696 if (sp->pp_tls) 2697 (sp->pp_tls)(sp); 2698 else 2699 (sp->pp_up)(sp); 2700 } 2701 2702 static void 2703 sppp_lcp_tlf(struct sppp *sp) 2704 { 2705 STDDCL; 2706 2707 sp->pp_phase = PHASE_DEAD; 2708 if (debug) 2709 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2710 sppp_phase_name(sp->pp_phase)); 2711 2712 /* Notify lower layer if desired. */ 2713 if (sp->pp_tlf) 2714 (sp->pp_tlf)(sp); 2715 else 2716 (sp->pp_down)(sp); 2717 } 2718 2719 static void 2720 sppp_lcp_scr(struct sppp *sp) 2721 { 2722 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2723 int i = 0; 2724 u_short authproto; 2725 2726 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2727 if (! sp->lcp.magic) 2728 #if defined(__DragonFly__) 2729 sp->lcp.magic = random(); 2730 #else 2731 sp->lcp.magic = time.tv_sec + time.tv_usec; 2732 #endif 2733 opt[i++] = LCP_OPT_MAGIC; 2734 opt[i++] = 6; 2735 opt[i++] = sp->lcp.magic >> 24; 2736 opt[i++] = sp->lcp.magic >> 16; 2737 opt[i++] = sp->lcp.magic >> 8; 2738 opt[i++] = sp->lcp.magic; 2739 } 2740 2741 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2742 opt[i++] = LCP_OPT_MRU; 2743 opt[i++] = 4; 2744 opt[i++] = sp->lcp.mru >> 8; 2745 opt[i++] = sp->lcp.mru; 2746 } 2747 2748 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2749 authproto = sp->hisauth.proto; 2750 opt[i++] = LCP_OPT_AUTH_PROTO; 2751 opt[i++] = authproto == PPP_CHAP? 5: 4; 2752 opt[i++] = authproto >> 8; 2753 opt[i++] = authproto; 2754 if (authproto == PPP_CHAP) 2755 opt[i++] = CHAP_MD5; 2756 } 2757 2758 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2759 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2760 } 2761 2762 /* 2763 * Check the open NCPs, return true if at least one NCP is open. 2764 */ 2765 static int 2766 sppp_ncp_check(struct sppp *sp) 2767 { 2768 int i, mask; 2769 2770 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2771 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2772 return 1; 2773 return 0; 2774 } 2775 2776 /* 2777 * Re-check the open NCPs and see if we should terminate the link. 2778 * Called by the NCPs during their tlf action handling. 2779 */ 2780 static void 2781 sppp_lcp_check_and_close(struct sppp *sp) 2782 { 2783 2784 if (sp->pp_phase < PHASE_NETWORK) 2785 /* don't bother, we are already going down */ 2786 return; 2787 2788 if (sppp_ncp_check(sp)) 2789 return; 2790 2791 lcp.Close(sp); 2792 } 2793 2794 /* 2795 *--------------------------------------------------------------------------* 2796 * * 2797 * The IPCP implementation. * 2798 * * 2799 *--------------------------------------------------------------------------* 2800 */ 2801 2802 static void 2803 sppp_ipcp_init(struct sppp *sp) 2804 { 2805 sp->ipcp.opts = 0; 2806 sp->ipcp.flags = 0; 2807 sp->state[IDX_IPCP] = STATE_INITIAL; 2808 sp->fail_counter[IDX_IPCP] = 0; 2809 sp->pp_seq[IDX_IPCP] = 0; 2810 sp->pp_rseq[IDX_IPCP] = 0; 2811 #if defined(__DragonFly__) 2812 callout_init(&sp->timeout[IDX_IPCP]); 2813 #endif 2814 } 2815 2816 static void 2817 sppp_ipcp_up(struct sppp *sp) 2818 { 2819 sppp_up_event(&ipcp, sp); 2820 } 2821 2822 static void 2823 sppp_ipcp_down(struct sppp *sp) 2824 { 2825 sppp_down_event(&ipcp, sp); 2826 } 2827 2828 static void 2829 sppp_ipcp_open(struct sppp *sp) 2830 { 2831 STDDCL; 2832 u_long myaddr, hisaddr; 2833 2834 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN | IPCP_MYADDR_SEEN | 2835 IPCP_MYADDR_DYN | IPCP_VJ); 2836 sp->ipcp.opts = 0; 2837 2838 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2839 /* 2840 * If we don't have his address, this probably means our 2841 * interface doesn't want to talk IP at all. (This could 2842 * be the case if somebody wants to speak only IPX, for 2843 * example.) Don't open IPCP in this case. 2844 */ 2845 if (hisaddr == 0L) { 2846 /* XXX this message should go away */ 2847 if (debug) 2848 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2849 SPP_ARGS(ifp)); 2850 return; 2851 } 2852 if (myaddr == 0L) { 2853 /* 2854 * I don't have an assigned address, so i need to 2855 * negotiate my address. 2856 */ 2857 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2858 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2859 } else 2860 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2861 if (sp->confflags & CONF_ENABLE_VJ) { 2862 sp->ipcp.opts |= (1 << IPCP_OPT_COMPRESSION); 2863 sp->ipcp.max_state = MAX_STATES - 1; 2864 sp->ipcp.compress_cid = 1; 2865 } 2866 sppp_open_event(&ipcp, sp); 2867 } 2868 2869 static void 2870 sppp_ipcp_close(struct sppp *sp) 2871 { 2872 sppp_close_event(&ipcp, sp); 2873 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2874 /* 2875 * My address was dynamic, clear it again. 2876 */ 2877 sppp_set_ip_addr(sp, 0L); 2878 } 2879 2880 static void 2881 sppp_ipcp_TO(void *cookie) 2882 { 2883 sppp_to_event(&ipcp, (struct sppp *)cookie); 2884 } 2885 2886 /* 2887 * Analyze a configure request. Return true if it was agreeable, and 2888 * caused action sca, false if it has been rejected or nak'ed, and 2889 * caused action scn. (The return value is used to make the state 2890 * transition decision in the state automaton.) 2891 */ 2892 static int 2893 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2894 { 2895 u_char *buf, *r, *p; 2896 struct ifnet *ifp = &sp->pp_if; 2897 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2898 u_long hisaddr, desiredaddr; 2899 int gotmyaddr = 0; 2900 int desiredcomp; 2901 2902 len -= 4; 2903 origlen = len; 2904 /* 2905 * Make sure to allocate a buf that can at least hold a 2906 * conf-nak with an `address' option. We might need it below. 2907 */ 2908 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_INTWAIT); 2909 2910 /* pass 1: see if we can recognize them */ 2911 if (debug) 2912 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2913 SPP_ARGS(ifp)); 2914 p = (void*) (h+1); 2915 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2916 if (debug) 2917 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2918 switch (*p) { 2919 case IPCP_OPT_COMPRESSION: 2920 if (!(sp->confflags & CONF_ENABLE_VJ)) { 2921 /* VJ compression administratively disabled */ 2922 if (debug) 2923 addlog("[locally disabled] "); 2924 break; 2925 } 2926 /* 2927 * In theory, we should only conf-rej an 2928 * option that is shorter than RFC 1618 2929 * requires (i.e. < 4), and should conf-nak 2930 * anything else that is not VJ. However, 2931 * since our algorithm always uses the 2932 * original option to NAK it with new values, 2933 * things would become more complicated. In 2934 * pratice, the only commonly implemented IP 2935 * compression option is VJ anyway, so the 2936 * difference is negligible. 2937 */ 2938 if (len >= 6 && p[1] == 6) { 2939 /* 2940 * correctly formed compression option 2941 * that could be VJ compression 2942 */ 2943 continue; 2944 } 2945 if (debug) 2946 addlog("optlen %d [invalid/unsupported] ", 2947 p[1]); 2948 break; 2949 case IPCP_OPT_ADDRESS: 2950 if (len >= 6 && p[1] == 6) { 2951 /* correctly formed address option */ 2952 continue; 2953 } 2954 if (debug) 2955 addlog("[invalid] "); 2956 break; 2957 default: 2958 /* Others not supported. */ 2959 if (debug) 2960 addlog("[rej] "); 2961 break; 2962 } 2963 /* Add the option to rejected list. */ 2964 bcopy (p, r, p[1]); 2965 r += p[1]; 2966 rlen += p[1]; 2967 } 2968 if (rlen) { 2969 if (debug) 2970 addlog(" send conf-rej\n"); 2971 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2972 return 0; 2973 } else if (debug) 2974 addlog("\n"); 2975 2976 /* pass 2: parse option values */ 2977 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 2978 if (debug) 2979 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2980 SPP_ARGS(ifp)); 2981 p = (void*) (h+1); 2982 len = origlen; 2983 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2984 if (debug) 2985 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2986 switch (*p) { 2987 case IPCP_OPT_COMPRESSION: 2988 desiredcomp = p[2] << 8 | p[3]; 2989 /* We only support VJ */ 2990 if (desiredcomp == IPCP_COMP_VJ) { 2991 if (debug) 2992 addlog("VJ [ack] "); 2993 sp->ipcp.flags |= IPCP_VJ; 2994 sl_compress_init(sp->pp_comp, p[4]); 2995 sp->ipcp.max_state = p[4]; 2996 sp->ipcp.compress_cid = p[5]; 2997 continue; 2998 } 2999 if (debug) 3000 addlog("compproto %#04x [not supported] ", 3001 desiredcomp); 3002 p[2] = IPCP_COMP_VJ >> 8; 3003 p[3] = IPCP_COMP_VJ; 3004 p[4] = sp->ipcp.max_state; 3005 p[5] = sp->ipcp.compress_cid; 3006 break; 3007 case IPCP_OPT_ADDRESS: 3008 /* This is the address he wants in his end */ 3009 desiredaddr = p[2] << 24 | p[3] << 16 | 3010 p[4] << 8 | p[5]; 3011 if (desiredaddr == hisaddr || 3012 (hisaddr >= 1 && hisaddr <= 254 && desiredaddr != 0)) { 3013 /* 3014 * Peer's address is same as our value, 3015 * or we have set it to 0.0.0.* to 3016 * indicate that we do not really care, 3017 * this is agreeable. Gonna conf-ack 3018 * it. 3019 */ 3020 if (debug) 3021 addlog("%s [ack] ", 3022 sppp_dotted_quad(hisaddr)); 3023 /* record that we've seen it already */ 3024 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 3025 continue; 3026 } 3027 /* 3028 * The address wasn't agreeable. This is either 3029 * he sent us 0.0.0.0, asking to assign him an 3030 * address, or he send us another address not 3031 * matching our value. Either case, we gonna 3032 * conf-nak it with our value. 3033 * XXX: we should "rej" if hisaddr == 0 3034 */ 3035 if (debug) { 3036 if (desiredaddr == 0) 3037 addlog("[addr requested] "); 3038 else 3039 addlog("%s [not agreed] ", 3040 sppp_dotted_quad(desiredaddr)); 3041 3042 } 3043 p[2] = hisaddr >> 24; 3044 p[3] = hisaddr >> 16; 3045 p[4] = hisaddr >> 8; 3046 p[5] = hisaddr; 3047 break; 3048 } 3049 /* Add the option to nak'ed list. */ 3050 bcopy (p, r, p[1]); 3051 r += p[1]; 3052 rlen += p[1]; 3053 } 3054 3055 /* 3056 * If we are about to conf-ack the request, but haven't seen 3057 * his address so far, gonna conf-nak it instead, with the 3058 * `address' option present and our idea of his address being 3059 * filled in there, to request negotiation of both addresses. 3060 * 3061 * XXX This can result in an endless req - nak loop if peer 3062 * doesn't want to send us his address. Q: What should we do 3063 * about it? XXX A: implement the max-failure counter. 3064 */ 3065 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 3066 buf[0] = IPCP_OPT_ADDRESS; 3067 buf[1] = 6; 3068 buf[2] = hisaddr >> 24; 3069 buf[3] = hisaddr >> 16; 3070 buf[4] = hisaddr >> 8; 3071 buf[5] = hisaddr; 3072 rlen = 6; 3073 if (debug) 3074 addlog("still need hisaddr "); 3075 } 3076 3077 if (rlen) { 3078 if (debug) 3079 addlog(" send conf-nak\n"); 3080 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 3081 } else { 3082 if (debug) 3083 addlog(" send conf-ack\n"); 3084 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 3085 h->ident, origlen, h+1); 3086 } 3087 3088 free (buf, M_TEMP); 3089 return (rlen == 0); 3090 } 3091 3092 /* 3093 * Analyze the IPCP Configure-Reject option list, and adjust our 3094 * negotiation. 3095 */ 3096 static void 3097 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3098 { 3099 u_char *buf, *p; 3100 struct ifnet *ifp = &sp->pp_if; 3101 int debug = ifp->if_flags & IFF_DEBUG; 3102 3103 len -= 4; 3104 buf = malloc (len, M_TEMP, M_INTWAIT); 3105 3106 if (debug) 3107 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 3108 SPP_ARGS(ifp)); 3109 3110 p = (void*) (h+1); 3111 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3112 if (debug) 3113 addlog(" %s ", sppp_ipcp_opt_name(*p)); 3114 switch (*p) { 3115 case IPCP_OPT_COMPRESSION: 3116 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESSION); 3117 break; 3118 case IPCP_OPT_ADDRESS: 3119 /* 3120 * Peer doesn't grok address option. This is 3121 * bad. XXX Should we better give up here? 3122 * XXX We could try old "addresses" option... 3123 */ 3124 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3125 break; 3126 } 3127 } 3128 if (debug) 3129 addlog("\n"); 3130 free (buf, M_TEMP); 3131 return; 3132 } 3133 3134 /* 3135 * Analyze the IPCP Configure-NAK option list, and adjust our 3136 * negotiation. 3137 */ 3138 static void 3139 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3140 { 3141 u_char *buf, *p; 3142 struct ifnet *ifp = &sp->pp_if; 3143 int debug = ifp->if_flags & IFF_DEBUG; 3144 int desiredcomp; 3145 u_long wantaddr; 3146 3147 len -= 4; 3148 buf = malloc (len, M_TEMP, M_INTWAIT); 3149 3150 if (debug) 3151 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 3152 SPP_ARGS(ifp)); 3153 3154 p = (void*) (h+1); 3155 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3156 if (debug) 3157 addlog(" %s ", sppp_ipcp_opt_name(*p)); 3158 switch (*p) { 3159 case IPCP_OPT_COMPRESSION: 3160 if (len >= 6 && p[1] == 6) { 3161 desiredcomp = p[2] << 8 | p[3]; 3162 if (debug) 3163 addlog("[wantcomp %#04x] ", 3164 desiredcomp); 3165 if (desiredcomp == IPCP_COMP_VJ) { 3166 sl_compress_init(sp->pp_comp, p[4]); 3167 sp->ipcp.max_state = p[4]; 3168 sp->ipcp.compress_cid = p[5]; 3169 if (debug) 3170 addlog("[agree] "); 3171 } else 3172 sp->ipcp.opts &= 3173 ~(1 << IPCP_OPT_COMPRESSION); 3174 } 3175 break; 3176 case IPCP_OPT_ADDRESS: 3177 /* 3178 * Peer doesn't like our local IP address. See 3179 * if we can do something for him. We'll drop 3180 * him our address then. 3181 */ 3182 if (len >= 6 && p[1] == 6) { 3183 wantaddr = p[2] << 24 | p[3] << 16 | 3184 p[4] << 8 | p[5]; 3185 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3186 if (debug) 3187 addlog("[wantaddr %s] ", 3188 sppp_dotted_quad(wantaddr)); 3189 /* 3190 * When doing dynamic address assignment, 3191 * we accept his offer. Otherwise, we 3192 * ignore it and thus continue to negotiate 3193 * our already existing value. 3194 * XXX: Bogus, if he said no once, he'll 3195 * just say no again, might as well die. 3196 */ 3197 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3198 sppp_set_ip_addr(sp, wantaddr); 3199 if (debug) 3200 addlog("[agree] "); 3201 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3202 } 3203 } 3204 break; 3205 } 3206 } 3207 if (debug) 3208 addlog("\n"); 3209 free (buf, M_TEMP); 3210 return; 3211 } 3212 3213 static void 3214 sppp_ipcp_tlu(struct sppp *sp) 3215 { 3216 /* we are up - notify isdn daemon */ 3217 if (sp->pp_con) 3218 sp->pp_con(sp); 3219 } 3220 3221 static void 3222 sppp_ipcp_tld(struct sppp *sp) 3223 { 3224 } 3225 3226 static void 3227 sppp_ipcp_tls(struct sppp *sp) 3228 { 3229 /* indicate to LCP that it must stay alive */ 3230 sp->lcp.protos |= (1 << IDX_IPCP); 3231 } 3232 3233 static void 3234 sppp_ipcp_tlf(struct sppp *sp) 3235 { 3236 /* we no longer need LCP */ 3237 sp->lcp.protos &= ~(1 << IDX_IPCP); 3238 sppp_lcp_check_and_close(sp); 3239 } 3240 3241 static void 3242 sppp_ipcp_scr(struct sppp *sp) 3243 { 3244 char opt[6 /* compression */ + 6 /* address */]; 3245 u_long ouraddr; 3246 int i = 0; 3247 3248 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3249 opt[i++] = IPCP_OPT_COMPRESSION; 3250 opt[i++] = 6; 3251 opt[i++] = IPCP_COMP_VJ >> 8; 3252 opt[i++] = IPCP_COMP_VJ; 3253 opt[i++] = sp->ipcp.max_state; 3254 opt[i++] = sp->ipcp.compress_cid; 3255 } 3256 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3257 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3258 opt[i++] = IPCP_OPT_ADDRESS; 3259 opt[i++] = 6; 3260 opt[i++] = ouraddr >> 24; 3261 opt[i++] = ouraddr >> 16; 3262 opt[i++] = ouraddr >> 8; 3263 opt[i++] = ouraddr; 3264 } 3265 3266 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3267 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3268 } 3269 3270 /* 3271 *--------------------------------------------------------------------------* 3272 * * 3273 * The IPv6CP implementation. * 3274 * * 3275 *--------------------------------------------------------------------------* 3276 */ 3277 3278 #ifdef INET6 3279 static void 3280 sppp_ipv6cp_init(struct sppp *sp) 3281 { 3282 sp->ipv6cp.opts = 0; 3283 sp->ipv6cp.flags = 0; 3284 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3285 sp->fail_counter[IDX_IPV6CP] = 0; 3286 sp->pp_seq[IDX_IPV6CP] = 0; 3287 sp->pp_rseq[IDX_IPV6CP] = 0; 3288 #if defined(__NetBSD__) 3289 callout_init(&sp->ch[IDX_IPV6CP]); 3290 #endif 3291 #if defined(__DragonFly__) 3292 callout_init(&sp->timeout[IDX_IPV6CP]); 3293 #endif 3294 } 3295 3296 static void 3297 sppp_ipv6cp_up(struct sppp *sp) 3298 { 3299 sppp_up_event(&ipv6cp, sp); 3300 } 3301 3302 static void 3303 sppp_ipv6cp_down(struct sppp *sp) 3304 { 3305 sppp_down_event(&ipv6cp, sp); 3306 } 3307 3308 static void 3309 sppp_ipv6cp_open(struct sppp *sp) 3310 { 3311 STDDCL; 3312 struct in6_addr myaddr, hisaddr; 3313 3314 #ifdef IPV6CP_MYIFID_DYN 3315 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3316 #else 3317 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3318 #endif 3319 3320 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3321 /* 3322 * If we don't have our address, this probably means our 3323 * interface doesn't want to talk IPv6 at all. (This could 3324 * be the case if somebody wants to speak only IPX, for 3325 * example.) Don't open IPv6CP in this case. 3326 */ 3327 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3328 /* XXX this message should go away */ 3329 if (debug) 3330 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3331 SPP_ARGS(ifp)); 3332 return; 3333 } 3334 3335 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3336 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3337 sppp_open_event(&ipv6cp, sp); 3338 } 3339 3340 static void 3341 sppp_ipv6cp_close(struct sppp *sp) 3342 { 3343 sppp_close_event(&ipv6cp, sp); 3344 } 3345 3346 static void 3347 sppp_ipv6cp_TO(void *cookie) 3348 { 3349 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3350 } 3351 3352 /* 3353 * Analyze a configure request. Return true if it was agreeable, and 3354 * caused action sca, false if it has been rejected or nak'ed, and 3355 * caused action scn. (The return value is used to make the state 3356 * transition decision in the state automaton.) 3357 */ 3358 static int 3359 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3360 { 3361 u_char *buf, *r, *p; 3362 struct ifnet *ifp = &sp->pp_if; 3363 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3364 struct in6_addr myaddr, desiredaddr, suggestaddr; 3365 int ifidcount; 3366 int type; 3367 int collision, nohisaddr; 3368 3369 len -= 4; 3370 origlen = len; 3371 /* 3372 * Make sure to allocate a buf that can at least hold a 3373 * conf-nak with an `address' option. We might need it below. 3374 */ 3375 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_INTWAIT); 3376 3377 /* pass 1: see if we can recognize them */ 3378 if (debug) 3379 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3380 SPP_ARGS(ifp)); 3381 p = (void*) (h+1); 3382 ifidcount = 0; 3383 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3384 if (debug) 3385 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3386 switch (*p) { 3387 case IPV6CP_OPT_IFID: 3388 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3389 /* correctly formed address option */ 3390 ifidcount++; 3391 continue; 3392 } 3393 if (debug) 3394 addlog(" [invalid]"); 3395 break; 3396 #ifdef notyet 3397 case IPV6CP_OPT_COMPRESSION: 3398 if (len >= 4 && p[1] >= 4) { 3399 /* correctly formed compress option */ 3400 continue; 3401 } 3402 if (debug) 3403 addlog(" [invalid]"); 3404 break; 3405 #endif 3406 default: 3407 /* Others not supported. */ 3408 if (debug) 3409 addlog(" [rej]"); 3410 break; 3411 } 3412 /* Add the option to rejected list. */ 3413 bcopy (p, r, p[1]); 3414 r += p[1]; 3415 rlen += p[1]; 3416 } 3417 if (rlen) { 3418 if (debug) 3419 addlog(" send conf-rej\n"); 3420 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3421 goto end; 3422 } else if (debug) 3423 addlog("\n"); 3424 3425 /* pass 2: parse option values */ 3426 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3427 if (debug) 3428 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3429 SPP_ARGS(ifp)); 3430 p = (void*) (h+1); 3431 len = origlen; 3432 type = CONF_ACK; 3433 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3434 if (debug) 3435 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3436 switch (*p) { 3437 #ifdef notyet 3438 case IPV6CP_OPT_COMPRESSION: 3439 continue; 3440 #endif 3441 case IPV6CP_OPT_IFID: 3442 bzero(&desiredaddr, sizeof(desiredaddr)); 3443 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3444 collision = (bcmp(&desiredaddr.s6_addr[8], 3445 &myaddr.s6_addr[8], 8) == 0); 3446 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3447 3448 desiredaddr.s6_addr16[0] = htons(0xfe80); 3449 desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3450 3451 if (!collision && !nohisaddr) { 3452 /* no collision, hisaddr known - Conf-Ack */ 3453 type = CONF_ACK; 3454 3455 if (debug) { 3456 addlog(" %s [%s]", 3457 ip6_sprintf(&desiredaddr), 3458 sppp_cp_type_name(type)); 3459 } 3460 continue; 3461 } 3462 3463 bzero(&suggestaddr, sizeof(&suggestaddr)); 3464 if (collision && nohisaddr) { 3465 /* collision, hisaddr unknown - Conf-Rej */ 3466 type = CONF_REJ; 3467 bzero(&p[2], 8); 3468 } else { 3469 /* 3470 * - no collision, hisaddr unknown, or 3471 * - collision, hisaddr known 3472 * Conf-Nak, suggest hisaddr 3473 */ 3474 type = CONF_NAK; 3475 sppp_suggest_ip6_addr(sp, &suggestaddr); 3476 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3477 } 3478 if (debug) 3479 addlog(" %s [%s]", ip6_sprintf(&desiredaddr), 3480 sppp_cp_type_name(type)); 3481 break; 3482 } 3483 /* Add the option to nak'ed list. */ 3484 bcopy (p, r, p[1]); 3485 r += p[1]; 3486 rlen += p[1]; 3487 } 3488 3489 if (rlen == 0 && type == CONF_ACK) { 3490 if (debug) 3491 addlog(" send %s\n", sppp_cp_type_name(type)); 3492 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3493 } else { 3494 #ifdef DIAGNOSTIC 3495 if (type == CONF_ACK) 3496 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3497 #endif 3498 3499 if (debug) { 3500 addlog(" send %s suggest %s\n", 3501 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr)); 3502 } 3503 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3504 } 3505 3506 end: 3507 free (buf, M_TEMP); 3508 return (rlen == 0); 3509 } 3510 3511 /* 3512 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3513 * negotiation. 3514 */ 3515 static void 3516 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3517 { 3518 u_char *buf, *p; 3519 struct ifnet *ifp = &sp->pp_if; 3520 int debug = ifp->if_flags & IFF_DEBUG; 3521 3522 len -= 4; 3523 buf = malloc (len, M_TEMP, M_INTWAIT); 3524 3525 if (debug) 3526 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3527 SPP_ARGS(ifp)); 3528 3529 p = (void*) (h+1); 3530 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3531 if (debug) 3532 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3533 switch (*p) { 3534 case IPV6CP_OPT_IFID: 3535 /* 3536 * Peer doesn't grok address option. This is 3537 * bad. XXX Should we better give up here? 3538 */ 3539 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3540 break; 3541 #ifdef notyet 3542 case IPV6CP_OPT_COMPRESS: 3543 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3544 break; 3545 #endif 3546 } 3547 } 3548 if (debug) 3549 addlog("\n"); 3550 free (buf, M_TEMP); 3551 return; 3552 } 3553 3554 /* 3555 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3556 * negotiation. 3557 */ 3558 static void 3559 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3560 { 3561 u_char *buf, *p; 3562 struct ifnet *ifp = &sp->pp_if; 3563 int debug = ifp->if_flags & IFF_DEBUG; 3564 struct in6_addr suggestaddr; 3565 3566 len -= 4; 3567 buf = malloc (len, M_TEMP, M_INTWAIT); 3568 3569 if (debug) 3570 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3571 SPP_ARGS(ifp)); 3572 3573 p = (void*) (h+1); 3574 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3575 if (debug) 3576 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3577 switch (*p) { 3578 case IPV6CP_OPT_IFID: 3579 /* 3580 * Peer doesn't like our local ifid. See 3581 * if we can do something for him. We'll drop 3582 * him our address then. 3583 */ 3584 if (len < 10 || p[1] != 10) 3585 break; 3586 bzero(&suggestaddr, sizeof(suggestaddr)); 3587 suggestaddr.s6_addr16[0] = htons(0xfe80); 3588 suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3589 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3590 3591 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3592 if (debug) 3593 addlog(" [suggestaddr %s]", 3594 ip6_sprintf(&suggestaddr)); 3595 #ifdef IPV6CP_MYIFID_DYN 3596 /* 3597 * When doing dynamic address assignment, 3598 * we accept his offer. 3599 */ 3600 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3601 struct in6_addr lastsuggest; 3602 /* 3603 * If <suggested myaddr from peer> equals to 3604 * <hisaddr we have suggested last time>, 3605 * we have a collision. generate new random 3606 * ifid. 3607 */ 3608 sppp_suggest_ip6_addr(&lastsuggest); 3609 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3610 lastsuggest)) { 3611 if (debug) 3612 addlog(" [random]"); 3613 sppp_gen_ip6_addr(sp, &suggestaddr); 3614 } 3615 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3616 if (debug) 3617 addlog(" [agree]"); 3618 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3619 } 3620 #else 3621 /* 3622 * Since we do not do dynamic address assignment, 3623 * we ignore it and thus continue to negotiate 3624 * our already existing value. This can possibly 3625 * go into infinite request-reject loop. 3626 * 3627 * This is not likely because we normally use 3628 * ifid based on MAC-address. 3629 * If you have no ethernet card on the node, too bad. 3630 * XXX should we use fail_counter? 3631 */ 3632 #endif 3633 break; 3634 #ifdef notyet 3635 case IPV6CP_OPT_COMPRESS: 3636 /* 3637 * Peer wants different compression parameters. 3638 */ 3639 break; 3640 #endif 3641 } 3642 } 3643 if (debug) 3644 addlog("\n"); 3645 free (buf, M_TEMP); 3646 return; 3647 } 3648 static void 3649 sppp_ipv6cp_tlu(struct sppp *sp) 3650 { 3651 /* we are up - notify isdn daemon */ 3652 if (sp->pp_con) 3653 sp->pp_con(sp); 3654 } 3655 3656 static void 3657 sppp_ipv6cp_tld(struct sppp *sp) 3658 { 3659 } 3660 3661 static void 3662 sppp_ipv6cp_tls(struct sppp *sp) 3663 { 3664 /* indicate to LCP that it must stay alive */ 3665 sp->lcp.protos |= (1 << IDX_IPV6CP); 3666 } 3667 3668 static void 3669 sppp_ipv6cp_tlf(struct sppp *sp) 3670 { 3671 3672 #if 0 /* need #if 0 to close IPv6CP properly */ 3673 /* we no longer need LCP */ 3674 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3675 sppp_lcp_check_and_close(sp); 3676 #endif 3677 } 3678 3679 static void 3680 sppp_ipv6cp_scr(struct sppp *sp) 3681 { 3682 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3683 struct in6_addr ouraddr; 3684 int i = 0; 3685 3686 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3687 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3688 opt[i++] = IPV6CP_OPT_IFID; 3689 opt[i++] = 10; 3690 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3691 i += 8; 3692 } 3693 3694 #ifdef notyet 3695 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3696 opt[i++] = IPV6CP_OPT_COMPRESSION; 3697 opt[i++] = 4; 3698 opt[i++] = 0; /* TBD */ 3699 opt[i++] = 0; /* TBD */ 3700 /* variable length data may follow */ 3701 } 3702 #endif 3703 3704 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3705 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3706 } 3707 #else /*INET6*/ 3708 static void sppp_ipv6cp_init(struct sppp *sp) 3709 { 3710 } 3711 3712 static void sppp_ipv6cp_up(struct sppp *sp) 3713 { 3714 } 3715 3716 static void sppp_ipv6cp_down(struct sppp *sp) 3717 { 3718 } 3719 3720 3721 static void sppp_ipv6cp_open(struct sppp *sp) 3722 { 3723 } 3724 3725 static void sppp_ipv6cp_close(struct sppp *sp) 3726 { 3727 } 3728 3729 static void sppp_ipv6cp_TO(void *sp) 3730 { 3731 } 3732 3733 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3734 { 3735 return 0; 3736 } 3737 3738 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3739 { 3740 } 3741 3742 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3743 { 3744 } 3745 3746 static void sppp_ipv6cp_tlu(struct sppp *sp) 3747 { 3748 } 3749 3750 static void sppp_ipv6cp_tld(struct sppp *sp) 3751 { 3752 } 3753 3754 static void sppp_ipv6cp_tls(struct sppp *sp) 3755 { 3756 } 3757 3758 static void sppp_ipv6cp_tlf(struct sppp *sp) 3759 { 3760 } 3761 3762 static void sppp_ipv6cp_scr(struct sppp *sp) 3763 { 3764 } 3765 #endif /*INET6*/ 3766 3767 /* 3768 *--------------------------------------------------------------------------* 3769 * * 3770 * The CHAP implementation. * 3771 * * 3772 *--------------------------------------------------------------------------* 3773 */ 3774 3775 /* 3776 * The authentication protocols don't employ a full-fledged state machine as 3777 * the control protocols do, since they do have Open and Close events, but 3778 * not Up and Down, nor are they explicitly terminated. Also, use of the 3779 * authentication protocols may be different in both directions (this makes 3780 * sense, think of a machine that never accepts incoming calls but only 3781 * calls out, it doesn't require the called party to authenticate itself). 3782 * 3783 * Our state machine for the local authentication protocol (we are requesting 3784 * the peer to authenticate) looks like: 3785 * 3786 * RCA- 3787 * +--------------------------------------------+ 3788 * V scn,tld| 3789 * +--------+ Close +---------+ RCA+ 3790 * | |<----------------------------------| |------+ 3791 * +--->| Closed | TO* | Opened | sca | 3792 * | | |-----+ +-------| |<-----+ 3793 * | +--------+ irc | | +---------+ 3794 * | ^ | | ^ 3795 * | | | | | 3796 * | | | | | 3797 * | TO-| | | | 3798 * | |tld TO+ V | | 3799 * | | +------->+ | | 3800 * | | | | | | 3801 * | +--------+ V | | 3802 * | | |<----+<--------------------+ | 3803 * | | Req- | scr | 3804 * | | Sent | | 3805 * | | | | 3806 * | +--------+ | 3807 * | RCA- | | RCA+ | 3808 * +------+ +------------------------------------------+ 3809 * scn,tld sca,irc,ict,tlu 3810 * 3811 * 3812 * with: 3813 * 3814 * Open: LCP reached authentication phase 3815 * Close: LCP reached terminate phase 3816 * 3817 * RCA+: received reply (pap-req, chap-response), acceptable 3818 * RCN: received reply (pap-req, chap-response), not acceptable 3819 * TO+: timeout with restart counter >= 0 3820 * TO-: timeout with restart counter < 0 3821 * TO*: reschedule timeout for CHAP 3822 * 3823 * scr: send request packet (none for PAP, chap-challenge) 3824 * sca: send ack packet (pap-ack, chap-success) 3825 * scn: send nak packet (pap-nak, chap-failure) 3826 * ict: initialize re-challenge timer (CHAP only) 3827 * 3828 * tlu: this-layer-up, LCP reaches network phase 3829 * tld: this-layer-down, LCP enters terminate phase 3830 * 3831 * Note that in CHAP mode, after sending a new challenge, while the state 3832 * automaton falls back into Req-Sent state, it doesn't signal a tld 3833 * event to LCP, so LCP remains in network phase. Only after not getting 3834 * any response (or after getting an unacceptable response), CHAP closes, 3835 * causing LCP to enter terminate phase. 3836 * 3837 * With PAP, there is no initial request that can be sent. The peer is 3838 * expected to send one based on the successful negotiation of PAP as 3839 * the authentication protocol during the LCP option negotiation. 3840 * 3841 * Incoming authentication protocol requests (remote requests 3842 * authentication, we are peer) don't employ a state machine at all, 3843 * they are simply answered. Some peers [Ascend P50 firmware rev 3844 * 4.50] react allergically when sending IPCP requests while they are 3845 * still in authentication phase (thereby violating the standard that 3846 * demands that these NCP packets are to be discarded), so we keep 3847 * track of the peer demanding us to authenticate, and only proceed to 3848 * phase network once we've seen a positive acknowledge for the 3849 * authentication. 3850 */ 3851 3852 /* 3853 * Handle incoming CHAP packets. 3854 */ 3855 void 3856 sppp_chap_input(struct sppp *sp, struct mbuf *m) 3857 { 3858 STDDCL; 3859 struct lcp_header *h; 3860 int len, x; 3861 u_char *value, *name, digest[AUTHKEYLEN], dsize; 3862 int value_len, name_len; 3863 MD5_CTX ctx; 3864 3865 len = m->m_pkthdr.len; 3866 if (len < 4) { 3867 if (debug) 3868 log(LOG_DEBUG, 3869 SPP_FMT "chap invalid packet length: %d bytes\n", 3870 SPP_ARGS(ifp), len); 3871 return; 3872 } 3873 h = mtod (m, struct lcp_header*); 3874 if (len > ntohs (h->len)) 3875 len = ntohs (h->len); 3876 3877 switch (h->type) { 3878 /* challenge, failure and success are his authproto */ 3879 case CHAP_CHALLENGE: 3880 value = 1 + (u_char*)(h+1); 3881 value_len = value[-1]; 3882 name = value + value_len; 3883 name_len = len - value_len - 5; 3884 if (name_len < 0) { 3885 if (debug) { 3886 log(LOG_DEBUG, 3887 SPP_FMT "chap corrupted challenge " 3888 "<%s id=0x%x len=%d", 3889 SPP_ARGS(ifp), 3890 sppp_auth_type_name(PPP_CHAP, h->type), 3891 h->ident, ntohs(h->len)); 3892 sppp_print_bytes((u_char*) (h+1), len-4); 3893 addlog(">\n"); 3894 } 3895 break; 3896 } 3897 3898 if (debug) { 3899 log(LOG_DEBUG, 3900 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3901 SPP_ARGS(ifp), 3902 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3903 ntohs(h->len)); 3904 sppp_print_string((char*) name, name_len); 3905 addlog(" value-size=%d value=", value_len); 3906 sppp_print_bytes(value, value_len); 3907 addlog(">\n"); 3908 } 3909 3910 /* Compute reply value. */ 3911 MD5Init(&ctx); 3912 MD5Update(&ctx, &h->ident, 1); 3913 MD5Update(&ctx, sp->myauth.secret, 3914 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 3915 MD5Update(&ctx, value, value_len); 3916 MD5Final(digest, &ctx); 3917 dsize = sizeof digest; 3918 3919 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3920 sizeof dsize, (const char *)&dsize, 3921 sizeof digest, digest, 3922 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3923 sp->myauth.name, 3924 0); 3925 break; 3926 3927 case CHAP_SUCCESS: 3928 if (debug) { 3929 log(LOG_DEBUG, SPP_FMT "chap success", 3930 SPP_ARGS(ifp)); 3931 if (len > 4) { 3932 addlog(": "); 3933 sppp_print_string((char*)(h + 1), len - 4); 3934 } 3935 addlog("\n"); 3936 } 3937 x = splimp(); 3938 sp->pp_flags &= ~PP_NEEDAUTH; 3939 if (sp->myauth.proto == PPP_CHAP && 3940 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3941 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3942 /* 3943 * We are authenticator for CHAP but didn't 3944 * complete yet. Leave it to tlu to proceed 3945 * to network phase. 3946 */ 3947 splx(x); 3948 break; 3949 } 3950 splx(x); 3951 sppp_phase_network(sp); 3952 break; 3953 3954 case CHAP_FAILURE: 3955 if (debug) { 3956 log(LOG_INFO, SPP_FMT "chap failure", 3957 SPP_ARGS(ifp)); 3958 if (len > 4) { 3959 addlog(": "); 3960 sppp_print_string((char*)(h + 1), len - 4); 3961 } 3962 addlog("\n"); 3963 } else 3964 log(LOG_INFO, SPP_FMT "chap failure\n", 3965 SPP_ARGS(ifp)); 3966 /* await LCP shutdown by authenticator */ 3967 break; 3968 3969 /* response is my authproto */ 3970 case CHAP_RESPONSE: 3971 value = 1 + (u_char*)(h+1); 3972 value_len = value[-1]; 3973 name = value + value_len; 3974 name_len = len - value_len - 5; 3975 if (name_len < 0) { 3976 if (debug) { 3977 log(LOG_DEBUG, 3978 SPP_FMT "chap corrupted response " 3979 "<%s id=0x%x len=%d", 3980 SPP_ARGS(ifp), 3981 sppp_auth_type_name(PPP_CHAP, h->type), 3982 h->ident, ntohs(h->len)); 3983 sppp_print_bytes((u_char*)(h+1), len-4); 3984 addlog(">\n"); 3985 } 3986 break; 3987 } 3988 if (h->ident != sp->confid[IDX_CHAP]) { 3989 if (debug) 3990 log(LOG_DEBUG, 3991 SPP_FMT "chap dropping response for old ID " 3992 "(got %d, expected %d)\n", 3993 SPP_ARGS(ifp), 3994 h->ident, sp->confid[IDX_CHAP]); 3995 break; 3996 } 3997 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 3998 || bcmp(name, sp->hisauth.name, name_len) != 0) { 3999 log(LOG_INFO, SPP_FMT "chap response, his name ", 4000 SPP_ARGS(ifp)); 4001 sppp_print_string(name, name_len); 4002 addlog(" != expected "); 4003 sppp_print_string(sp->hisauth.name, 4004 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 4005 addlog("\n"); 4006 } 4007 if (debug) { 4008 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 4009 "<%s id=0x%x len=%d name=", 4010 SPP_ARGS(ifp), 4011 sppp_state_name(sp->state[IDX_CHAP]), 4012 sppp_auth_type_name(PPP_CHAP, h->type), 4013 h->ident, ntohs (h->len)); 4014 sppp_print_string((char*)name, name_len); 4015 addlog(" value-size=%d value=", value_len); 4016 sppp_print_bytes(value, value_len); 4017 addlog(">\n"); 4018 } 4019 if (value_len != AUTHKEYLEN) { 4020 if (debug) 4021 log(LOG_DEBUG, 4022 SPP_FMT "chap bad hash value length: " 4023 "%d bytes, should be %d\n", 4024 SPP_ARGS(ifp), value_len, 4025 AUTHKEYLEN); 4026 break; 4027 } 4028 4029 MD5Init(&ctx); 4030 MD5Update(&ctx, &h->ident, 1); 4031 MD5Update(&ctx, sp->hisauth.secret, 4032 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 4033 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 4034 MD5Final(digest, &ctx); 4035 4036 #define FAILMSG "Failed..." 4037 #define SUCCMSG "Welcome!" 4038 4039 if (value_len != sizeof digest || 4040 bcmp(digest, value, value_len) != 0) { 4041 /* action scn, tld */ 4042 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 4043 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4044 0); 4045 chap.tld(sp); 4046 break; 4047 } 4048 /* action sca, perhaps tlu */ 4049 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 4050 sp->state[IDX_CHAP] == STATE_OPENED) 4051 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4052 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4053 0); 4054 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 4055 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4056 chap.tlu(sp); 4057 } 4058 break; 4059 4060 default: 4061 /* Unknown CHAP packet type -- ignore. */ 4062 if (debug) { 4063 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 4064 "<0x%x id=0x%xh len=%d", 4065 SPP_ARGS(ifp), 4066 sppp_state_name(sp->state[IDX_CHAP]), 4067 h->type, h->ident, ntohs(h->len)); 4068 sppp_print_bytes((u_char*)(h+1), len-4); 4069 addlog(">\n"); 4070 } 4071 break; 4072 4073 } 4074 } 4075 4076 static void 4077 sppp_chap_init(struct sppp *sp) 4078 { 4079 /* Chap doesn't have STATE_INITIAL at all. */ 4080 sp->state[IDX_CHAP] = STATE_CLOSED; 4081 sp->fail_counter[IDX_CHAP] = 0; 4082 sp->pp_seq[IDX_CHAP] = 0; 4083 sp->pp_rseq[IDX_CHAP] = 0; 4084 #if defined(__DragonFly__) 4085 callout_init(&sp->timeout[IDX_CHAP]); 4086 #endif 4087 } 4088 4089 static void 4090 sppp_chap_open(struct sppp *sp) 4091 { 4092 if (sp->myauth.proto == PPP_CHAP && 4093 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4094 /* we are authenticator for CHAP, start it */ 4095 chap.scr(sp); 4096 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4097 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4098 } 4099 /* nothing to be done if we are peer, await a challenge */ 4100 } 4101 4102 static void 4103 sppp_chap_close(struct sppp *sp) 4104 { 4105 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4106 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4107 } 4108 4109 static void 4110 sppp_chap_TO(void *cookie) 4111 { 4112 struct sppp *sp = (struct sppp *)cookie; 4113 STDDCL; 4114 int s; 4115 4116 s = splimp(); 4117 if (debug) 4118 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 4119 SPP_ARGS(ifp), 4120 sppp_state_name(sp->state[IDX_CHAP]), 4121 sp->rst_counter[IDX_CHAP]); 4122 4123 if (--sp->rst_counter[IDX_CHAP] < 0) 4124 /* TO- event */ 4125 switch (sp->state[IDX_CHAP]) { 4126 case STATE_REQ_SENT: 4127 chap.tld(sp); 4128 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4129 break; 4130 } 4131 else 4132 /* TO+ (or TO*) event */ 4133 switch (sp->state[IDX_CHAP]) { 4134 case STATE_OPENED: 4135 /* TO* event */ 4136 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4137 /* fall through */ 4138 case STATE_REQ_SENT: 4139 chap.scr(sp); 4140 /* sppp_cp_change_state() will restart the timer */ 4141 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4142 break; 4143 } 4144 4145 splx(s); 4146 } 4147 4148 static void 4149 sppp_chap_tlu(struct sppp *sp) 4150 { 4151 STDDCL; 4152 int i, x; 4153 4154 i = 0; 4155 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4156 4157 /* 4158 * Some broken CHAP implementations (Conware CoNet, firmware 4159 * 4.0.?) don't want to re-authenticate their CHAP once the 4160 * initial challenge-response exchange has taken place. 4161 * Provide for an option to avoid rechallenges. 4162 */ 4163 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 4164 /* 4165 * Compute the re-challenge timeout. This will yield 4166 * a number between 300 and 810 seconds. 4167 */ 4168 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 4169 callout_reset(&sp->timeout[IDX_CHAP], i * hz, chap.TO, sp); 4170 } 4171 4172 if (debug) { 4173 log(LOG_DEBUG, 4174 SPP_FMT "chap %s, ", 4175 SPP_ARGS(ifp), 4176 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 4177 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 4178 addlog("next re-challenge in %d seconds\n", i); 4179 else 4180 addlog("re-challenging supressed\n"); 4181 } 4182 4183 x = splimp(); 4184 /* indicate to LCP that we need to be closed down */ 4185 sp->lcp.protos |= (1 << IDX_CHAP); 4186 4187 if (sp->pp_flags & PP_NEEDAUTH) { 4188 /* 4189 * Remote is authenticator, but his auth proto didn't 4190 * complete yet. Defer the transition to network 4191 * phase. 4192 */ 4193 splx(x); 4194 return; 4195 } 4196 splx(x); 4197 4198 /* 4199 * If we are already in phase network, we are done here. This 4200 * is the case if this is a dummy tlu event after a re-challenge. 4201 */ 4202 if (sp->pp_phase != PHASE_NETWORK) 4203 sppp_phase_network(sp); 4204 } 4205 4206 static void 4207 sppp_chap_tld(struct sppp *sp) 4208 { 4209 STDDCL; 4210 4211 if (debug) 4212 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 4213 callout_stop(&sp->timeout[IDX_CHAP]); 4214 sp->lcp.protos &= ~(1 << IDX_CHAP); 4215 4216 lcp.Close(sp); 4217 } 4218 4219 static void 4220 sppp_chap_scr(struct sppp *sp) 4221 { 4222 u_long *ch, seed; 4223 u_char clen; 4224 4225 /* Compute random challenge. */ 4226 ch = (u_long *)sp->myauth.challenge; 4227 #if defined(__DragonFly__) 4228 read_random(&seed, sizeof seed); 4229 #else 4230 { 4231 struct timeval tv; 4232 microtime(&tv); 4233 seed = tv.tv_sec ^ tv.tv_usec; 4234 } 4235 #endif 4236 ch[0] = seed ^ random(); 4237 ch[1] = seed ^ random(); 4238 ch[2] = seed ^ random(); 4239 ch[3] = seed ^ random(); 4240 clen = AUTHKEYLEN; 4241 4242 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4243 4244 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4245 sizeof clen, (const char *)&clen, 4246 (size_t)AUTHKEYLEN, sp->myauth.challenge, 4247 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4248 sp->myauth.name, 4249 0); 4250 } 4251 4252 /* 4253 *--------------------------------------------------------------------------* 4254 * * 4255 * The PAP implementation. * 4256 * * 4257 *--------------------------------------------------------------------------* 4258 */ 4259 /* 4260 * For PAP, we need to keep a little state also if we are the peer, not the 4261 * authenticator. This is since we don't get a request to authenticate, but 4262 * have to repeatedly authenticate ourself until we got a response (or the 4263 * retry counter is expired). 4264 */ 4265 4266 /* 4267 * Handle incoming PAP packets. */ 4268 static void 4269 sppp_pap_input(struct sppp *sp, struct mbuf *m) 4270 { 4271 STDDCL; 4272 struct lcp_header *h; 4273 int len, x; 4274 u_char *name, *passwd, mlen; 4275 int name_len, passwd_len; 4276 4277 len = m->m_pkthdr.len; 4278 if (len < 5) { 4279 if (debug) 4280 log(LOG_DEBUG, 4281 SPP_FMT "pap invalid packet length: %d bytes\n", 4282 SPP_ARGS(ifp), len); 4283 return; 4284 } 4285 h = mtod (m, struct lcp_header*); 4286 if (len > ntohs (h->len)) 4287 len = ntohs (h->len); 4288 switch (h->type) { 4289 /* PAP request is my authproto */ 4290 case PAP_REQ: 4291 name = 1 + (u_char*)(h+1); 4292 name_len = name[-1]; 4293 passwd = name + name_len + 1; 4294 if (name_len > len - 6 || 4295 (passwd_len = passwd[-1]) > len - 6 - name_len) { 4296 if (debug) { 4297 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4298 "<%s id=0x%x len=%d", 4299 SPP_ARGS(ifp), 4300 sppp_auth_type_name(PPP_PAP, h->type), 4301 h->ident, ntohs(h->len)); 4302 sppp_print_bytes((u_char*)(h+1), len-4); 4303 addlog(">\n"); 4304 } 4305 break; 4306 } 4307 if (debug) { 4308 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4309 "<%s id=0x%x len=%d name=", 4310 SPP_ARGS(ifp), 4311 sppp_state_name(sp->state[IDX_PAP]), 4312 sppp_auth_type_name(PPP_PAP, h->type), 4313 h->ident, ntohs(h->len)); 4314 sppp_print_string((char*)name, name_len); 4315 addlog(" passwd="); 4316 sppp_print_string((char*)passwd, passwd_len); 4317 addlog(">\n"); 4318 } 4319 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) || 4320 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) || 4321 bcmp(name, sp->hisauth.name, name_len) != 0 || 4322 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 4323 /* action scn, tld */ 4324 mlen = sizeof(FAILMSG) - 1; 4325 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4326 sizeof mlen, (const char *)&mlen, 4327 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4328 0); 4329 pap.tld(sp); 4330 break; 4331 } 4332 /* action sca, perhaps tlu */ 4333 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4334 sp->state[IDX_PAP] == STATE_OPENED) { 4335 mlen = sizeof(SUCCMSG) - 1; 4336 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4337 sizeof mlen, (const char *)&mlen, 4338 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4339 0); 4340 } 4341 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4342 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4343 pap.tlu(sp); 4344 } 4345 break; 4346 4347 /* ack and nak are his authproto */ 4348 case PAP_ACK: 4349 callout_stop(&sp->pap_my_to); 4350 if (debug) { 4351 log(LOG_DEBUG, SPP_FMT "pap success", 4352 SPP_ARGS(ifp)); 4353 name_len = *((char *)h); 4354 if (len > 5 && name_len) { 4355 addlog(": "); 4356 sppp_print_string((char*)(h+1), name_len); 4357 } 4358 addlog("\n"); 4359 } 4360 x = splimp(); 4361 sp->pp_flags &= ~PP_NEEDAUTH; 4362 if (sp->myauth.proto == PPP_PAP && 4363 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4364 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4365 /* 4366 * We are authenticator for PAP but didn't 4367 * complete yet. Leave it to tlu to proceed 4368 * to network phase. 4369 */ 4370 splx(x); 4371 break; 4372 } 4373 splx(x); 4374 sppp_phase_network(sp); 4375 break; 4376 4377 case PAP_NAK: 4378 callout_stop(&sp->pap_my_to); 4379 if (debug) { 4380 log(LOG_INFO, SPP_FMT "pap failure", 4381 SPP_ARGS(ifp)); 4382 name_len = *((char *)h); 4383 if (len > 5 && name_len) { 4384 addlog(": "); 4385 sppp_print_string((char*)(h+1), name_len); 4386 } 4387 addlog("\n"); 4388 } else 4389 log(LOG_INFO, SPP_FMT "pap failure\n", 4390 SPP_ARGS(ifp)); 4391 /* await LCP shutdown by authenticator */ 4392 break; 4393 4394 default: 4395 /* Unknown PAP packet type -- ignore. */ 4396 if (debug) { 4397 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4398 "<0x%x id=0x%x len=%d", 4399 SPP_ARGS(ifp), 4400 h->type, h->ident, ntohs(h->len)); 4401 sppp_print_bytes((u_char*)(h+1), len-4); 4402 addlog(">\n"); 4403 } 4404 break; 4405 4406 } 4407 } 4408 4409 static void 4410 sppp_pap_init(struct sppp *sp) 4411 { 4412 /* PAP doesn't have STATE_INITIAL at all. */ 4413 sp->state[IDX_PAP] = STATE_CLOSED; 4414 sp->fail_counter[IDX_PAP] = 0; 4415 sp->pp_seq[IDX_PAP] = 0; 4416 sp->pp_rseq[IDX_PAP] = 0; 4417 #if defined(__DragonFly__) 4418 callout_init(&sp->timeout[IDX_PAP]); 4419 callout_init(&sp->pap_my_to); 4420 #endif 4421 } 4422 4423 static void 4424 sppp_pap_open(struct sppp *sp) 4425 { 4426 if (sp->hisauth.proto == PPP_PAP && 4427 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4428 /* we are authenticator for PAP, start our timer */ 4429 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4430 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4431 } 4432 if (sp->myauth.proto == PPP_PAP) { 4433 /* we are peer, send a request, and start a timer */ 4434 pap.scr(sp); 4435 callout_reset(&sp->pap_my_to, sp->lcp.timeout, 4436 sppp_pap_my_TO, sp); 4437 } 4438 } 4439 4440 static void 4441 sppp_pap_close(struct sppp *sp) 4442 { 4443 if (sp->state[IDX_PAP] != STATE_CLOSED) 4444 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4445 } 4446 4447 /* 4448 * That's the timeout routine if we are authenticator. Since the 4449 * authenticator is basically passive in PAP, we can't do much here. 4450 */ 4451 static void 4452 sppp_pap_TO(void *cookie) 4453 { 4454 struct sppp *sp = (struct sppp *)cookie; 4455 STDDCL; 4456 int s; 4457 4458 s = splimp(); 4459 if (debug) 4460 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4461 SPP_ARGS(ifp), 4462 sppp_state_name(sp->state[IDX_PAP]), 4463 sp->rst_counter[IDX_PAP]); 4464 4465 if (--sp->rst_counter[IDX_PAP] < 0) 4466 /* TO- event */ 4467 switch (sp->state[IDX_PAP]) { 4468 case STATE_REQ_SENT: 4469 pap.tld(sp); 4470 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4471 break; 4472 } 4473 else 4474 /* TO+ event, not very much we could do */ 4475 switch (sp->state[IDX_PAP]) { 4476 case STATE_REQ_SENT: 4477 /* sppp_cp_change_state() will restart the timer */ 4478 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4479 break; 4480 } 4481 4482 splx(s); 4483 } 4484 4485 /* 4486 * That's the timeout handler if we are peer. Since the peer is active, 4487 * we need to retransmit our PAP request since it is apparently lost. 4488 * XXX We should impose a max counter. 4489 */ 4490 static void 4491 sppp_pap_my_TO(void *cookie) 4492 { 4493 struct sppp *sp = (struct sppp *)cookie; 4494 STDDCL; 4495 4496 if (debug) 4497 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4498 SPP_ARGS(ifp)); 4499 4500 pap.scr(sp); 4501 } 4502 4503 static void 4504 sppp_pap_tlu(struct sppp *sp) 4505 { 4506 STDDCL; 4507 int x; 4508 4509 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4510 4511 if (debug) 4512 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4513 SPP_ARGS(ifp), pap.name); 4514 4515 x = splimp(); 4516 /* indicate to LCP that we need to be closed down */ 4517 sp->lcp.protos |= (1 << IDX_PAP); 4518 4519 if (sp->pp_flags & PP_NEEDAUTH) { 4520 /* 4521 * Remote is authenticator, but his auth proto didn't 4522 * complete yet. Defer the transition to network 4523 * phase. 4524 */ 4525 splx(x); 4526 return; 4527 } 4528 splx(x); 4529 sppp_phase_network(sp); 4530 } 4531 4532 static void 4533 sppp_pap_tld(struct sppp *sp) 4534 { 4535 STDDCL; 4536 4537 if (debug) 4538 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4539 callout_stop(&sp->timeout[IDX_PAP]); 4540 callout_stop(&sp->pap_my_to); 4541 sp->lcp.protos &= ~(1 << IDX_PAP); 4542 4543 lcp.Close(sp); 4544 } 4545 4546 static void 4547 sppp_pap_scr(struct sppp *sp) 4548 { 4549 u_char idlen, pwdlen; 4550 4551 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4552 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 4553 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 4554 4555 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4556 sizeof idlen, (const char *)&idlen, 4557 (size_t)idlen, sp->myauth.name, 4558 sizeof pwdlen, (const char *)&pwdlen, 4559 (size_t)pwdlen, sp->myauth.secret, 4560 0); 4561 } 4562 4563 /* 4564 * Random miscellaneous functions. 4565 */ 4566 4567 /* 4568 * Send a PAP or CHAP proto packet. 4569 * 4570 * Varadic function, each of the elements for the ellipsis is of type 4571 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4572 * mlen == 0. 4573 * NOTE: never declare variadic functions with types subject to type 4574 * promotion (i.e. u_char). This is asking for big trouble depending 4575 * on the architecture you are on... 4576 */ 4577 4578 static void 4579 sppp_auth_send(const struct cp *cp, struct sppp *sp, 4580 unsigned int type, unsigned int id, 4581 ...) 4582 { 4583 STDDCL; 4584 struct ppp_header *h; 4585 struct lcp_header *lh; 4586 struct mbuf *m; 4587 u_char *p; 4588 int len; 4589 unsigned int mlen; 4590 const char *msg; 4591 __va_list ap; 4592 4593 MGETHDR (m, MB_DONTWAIT, MT_DATA); 4594 if (! m) 4595 return; 4596 m->m_pkthdr.rcvif = 0; 4597 4598 h = mtod (m, struct ppp_header*); 4599 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4600 h->control = PPP_UI; /* Unnumbered Info */ 4601 h->protocol = htons(cp->proto); 4602 4603 lh = (struct lcp_header*)(h + 1); 4604 lh->type = type; 4605 lh->ident = id; 4606 p = (u_char*) (lh+1); 4607 4608 __va_start(ap, id); 4609 len = 0; 4610 4611 while ((mlen = (unsigned int)__va_arg(ap, size_t)) != 0) { 4612 msg = __va_arg(ap, const char *); 4613 len += mlen; 4614 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 4615 __va_end(ap); 4616 m_freem(m); 4617 return; 4618 } 4619 4620 bcopy(msg, p, mlen); 4621 p += mlen; 4622 } 4623 __va_end(ap); 4624 4625 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 4626 lh->len = htons (LCP_HEADER_LEN + len); 4627 4628 if (debug) { 4629 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4630 SPP_ARGS(ifp), cp->name, 4631 sppp_auth_type_name(cp->proto, lh->type), 4632 lh->ident, ntohs(lh->len)); 4633 sppp_print_bytes((u_char*) (lh+1), len); 4634 addlog(">\n"); 4635 } 4636 if (IF_QFULL (&sp->pp_cpq)) { 4637 IF_DROP (&sp->pp_fastq); 4638 IF_DROP (&ifp->if_snd); 4639 m_freem (m); 4640 ++ifp->if_oerrors; 4641 } else 4642 IF_ENQUEUE (&sp->pp_cpq, m); 4643 if (! (ifp->if_flags & IFF_OACTIVE)) 4644 (*ifp->if_start) (ifp); 4645 ifp->if_obytes += m->m_pkthdr.len + 3; 4646 } 4647 4648 /* 4649 * Flush interface queue. 4650 */ 4651 static void 4652 sppp_qflush(struct ifqueue *ifq) 4653 { 4654 struct mbuf *m, *n; 4655 4656 n = ifq->ifq_head; 4657 while ((m = n)) { 4658 n = m->m_nextpkt; 4659 m_freem (m); 4660 } 4661 ifq->ifq_head = 0; 4662 ifq->ifq_tail = 0; 4663 ifq->ifq_len = 0; 4664 } 4665 4666 /* 4667 * Send keepalive packets, every 10 seconds. 4668 */ 4669 static void 4670 sppp_keepalive(void *dummy) 4671 { 4672 struct sppp *sp; 4673 int s; 4674 4675 s = splimp(); 4676 for (sp=spppq; sp; sp=sp->pp_next) { 4677 struct ifnet *ifp = &sp->pp_if; 4678 4679 /* Keepalive mode disabled or channel down? */ 4680 if (! (sp->pp_flags & PP_KEEPALIVE) || 4681 ! (ifp->if_flags & IFF_RUNNING)) 4682 continue; 4683 4684 /* No keepalive in PPP mode if LCP not opened yet. */ 4685 if (sp->pp_mode != IFF_CISCO && 4686 sp->pp_phase < PHASE_AUTHENTICATE) 4687 continue; 4688 4689 if (sp->pp_alivecnt == MAXALIVECNT) { 4690 /* No keepalive packets got. Stop the interface. */ 4691 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 4692 if_down (ifp); 4693 sppp_qflush (&sp->pp_cpq); 4694 if (sp->pp_mode != IFF_CISCO) { 4695 /* XXX */ 4696 /* Shut down the PPP link. */ 4697 lcp.Down(sp); 4698 /* Initiate negotiation. XXX */ 4699 lcp.Up(sp); 4700 } 4701 } 4702 if (sp->pp_alivecnt <= MAXALIVECNT) 4703 ++sp->pp_alivecnt; 4704 if (sp->pp_mode == IFF_CISCO) 4705 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4706 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4707 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4708 long nmagic = htonl (sp->lcp.magic); 4709 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4710 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4711 sp->lcp.echoid, 4, &nmagic); 4712 } 4713 } 4714 splx(s); 4715 callout_reset(&keepalive_timeout, hz * 10, sppp_keepalive, NULL); 4716 } 4717 4718 /* 4719 * Get both IP addresses. 4720 */ 4721 static void 4722 sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 4723 { 4724 struct ifnet *ifp = &sp->pp_if; 4725 struct ifaddr *ifa; 4726 struct sockaddr_in *si, *sm; 4727 u_long ssrc, ddst; 4728 4729 sm = NULL; 4730 ssrc = ddst = 0L; 4731 /* 4732 * Pick the first AF_INET address from the list, 4733 * aliases don't make any sense on a p2p link anyway. 4734 */ 4735 si = 0; 4736 #if defined(__DragonFly__) 4737 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4738 #elif defined(__NetBSD__) || defined (__OpenBSD__) 4739 for (ifa = ifp->if_addrlist.tqh_first; 4740 ifa; 4741 ifa = ifa->ifa_list.tqe_next) 4742 #else 4743 for (ifa = ifp->if_addrlist; 4744 ifa; 4745 ifa = ifa->ifa_next) 4746 #endif 4747 if (ifa->ifa_addr->sa_family == AF_INET) { 4748 si = (struct sockaddr_in *)ifa->ifa_addr; 4749 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4750 if (si) 4751 break; 4752 } 4753 if (ifa) { 4754 if (si && si->sin_addr.s_addr) { 4755 ssrc = si->sin_addr.s_addr; 4756 if (srcmask) 4757 *srcmask = ntohl(sm->sin_addr.s_addr); 4758 } 4759 4760 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4761 if (si && si->sin_addr.s_addr) 4762 ddst = si->sin_addr.s_addr; 4763 } 4764 4765 if (dst) *dst = ntohl(ddst); 4766 if (src) *src = ntohl(ssrc); 4767 } 4768 4769 /* 4770 * Set my IP address. Must be called at splimp. 4771 */ 4772 static void 4773 sppp_set_ip_addr(struct sppp *sp, u_long src) 4774 { 4775 STDDCL; 4776 struct ifaddr *ifa; 4777 struct sockaddr_in *si; 4778 struct in_ifaddr *ia; 4779 4780 /* 4781 * Pick the first AF_INET address from the list, 4782 * aliases don't make any sense on a p2p link anyway. 4783 */ 4784 si = 0; 4785 #if defined(__DragonFly__) 4786 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4787 #elif defined(__NetBSD__) || defined (__OpenBSD__) 4788 for (ifa = ifp->if_addrlist.tqh_first; 4789 ifa; 4790 ifa = ifa->ifa_list.tqe_next) 4791 #else 4792 for (ifa = ifp->if_addrlist; 4793 ifa; 4794 ifa = ifa->ifa_next) 4795 #endif 4796 { 4797 if (ifa->ifa_addr->sa_family == AF_INET) 4798 { 4799 si = (struct sockaddr_in *)ifa->ifa_addr; 4800 if (si) 4801 break; 4802 } 4803 } 4804 4805 if (ifa && si) 4806 { 4807 int error; 4808 #if __NetBSD_Version__ >= 103080000 4809 struct sockaddr_in new_sin = *si; 4810 4811 new_sin.sin_addr.s_addr = htonl(src); 4812 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 4813 if(debug && error) 4814 { 4815 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 4816 " failed, error=%d\n", SPP_ARGS(ifp), error); 4817 } 4818 #else 4819 /* delete old route */ 4820 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4821 if(debug && error) 4822 { 4823 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4824 SPP_ARGS(ifp), error); 4825 } 4826 4827 /* set new address */ 4828 si->sin_addr.s_addr = htonl(src); 4829 ia = ifatoia(ifa); 4830 LIST_REMOVE(ia, ia_hash); 4831 LIST_INSERT_HEAD(INADDR_HASH(si->sin_addr.s_addr), ia, ia_hash); 4832 4833 /* add new route */ 4834 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4835 if (debug && error) 4836 { 4837 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4838 SPP_ARGS(ifp), error); 4839 } 4840 #endif 4841 } 4842 } 4843 4844 #ifdef INET6 4845 /* 4846 * Get both IPv6 addresses. 4847 */ 4848 static void 4849 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4850 struct in6_addr *srcmask) 4851 { 4852 struct ifnet *ifp = &sp->pp_if; 4853 struct ifaddr *ifa; 4854 struct sockaddr_in6 *si, *sm; 4855 struct in6_addr ssrc, ddst; 4856 4857 sm = NULL; 4858 bzero(&ssrc, sizeof(ssrc)); 4859 bzero(&ddst, sizeof(ddst)); 4860 /* 4861 * Pick the first link-local AF_INET6 address from the list, 4862 * aliases don't make any sense on a p2p link anyway. 4863 */ 4864 #if defined(__DragonFly__) 4865 si = 0; 4866 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4867 #elif defined(__NetBSD__) || defined (__OpenBSD__) 4868 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 4869 ifa; 4870 ifa = ifa->ifa_list.tqe_next) 4871 #else 4872 for (ifa = ifp->if_addrlist, si = 0; 4873 ifa; 4874 ifa = ifa->ifa_next) 4875 #endif 4876 if (ifa->ifa_addr->sa_family == AF_INET6) { 4877 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4878 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4879 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4880 break; 4881 } 4882 if (ifa) { 4883 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 4884 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 4885 if (srcmask) { 4886 bcopy(&sm->sin6_addr, srcmask, 4887 sizeof(*srcmask)); 4888 } 4889 } 4890 4891 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 4892 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 4893 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 4894 } 4895 4896 if (dst) 4897 bcopy(&ddst, dst, sizeof(*dst)); 4898 if (src) 4899 bcopy(&ssrc, src, sizeof(*src)); 4900 } 4901 4902 #ifdef IPV6CP_MYIFID_DYN 4903 /* 4904 * Generate random ifid. 4905 */ 4906 static void 4907 sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 4908 { 4909 /* TBD */ 4910 } 4911 4912 /* 4913 * Set my IPv6 address. Must be called at splimp. 4914 */ 4915 static void 4916 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 4917 { 4918 STDDCL; 4919 struct ifaddr *ifa; 4920 struct sockaddr_in6 *sin6; 4921 4922 /* 4923 * Pick the first link-local AF_INET6 address from the list, 4924 * aliases don't make any sense on a p2p link anyway. 4925 */ 4926 4927 sin6 = NULL; 4928 #if defined(__DragonFly__) 4929 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4930 #elif defined(__NetBSD__) || defined (__OpenBSD__) 4931 for (ifa = ifp->if_addrlist.tqh_first; 4932 ifa; 4933 ifa = ifa->ifa_list.tqe_next) 4934 #else 4935 for (ifa = ifp->if_addrlist; ifa; ifa = ifa->ifa_next) 4936 #endif 4937 { 4938 if (ifa->ifa_addr->sa_family == AF_INET6) 4939 { 4940 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 4941 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 4942 break; 4943 } 4944 } 4945 4946 if (ifa && sin6) 4947 { 4948 int error; 4949 struct sockaddr_in6 new_sin6 = *sin6; 4950 4951 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 4952 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 4953 if (debug && error) 4954 { 4955 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 4956 " failed, error=%d\n", SPP_ARGS(ifp), error); 4957 } 4958 } 4959 } 4960 #endif 4961 4962 /* 4963 * Suggest a candidate address to be used by peer. 4964 */ 4965 static void 4966 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 4967 { 4968 struct in6_addr myaddr; 4969 struct timeval tv; 4970 4971 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 4972 4973 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 4974 microtime(&tv); 4975 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 4976 myaddr.s6_addr[14] ^= 0xff; 4977 myaddr.s6_addr[15] ^= 0xff; 4978 } else { 4979 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 4980 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 4981 } 4982 if (suggest) 4983 bcopy(&myaddr, suggest, sizeof(myaddr)); 4984 } 4985 #endif /*INET6*/ 4986 4987 static int 4988 sppp_params(struct sppp *sp, u_long cmd, void *data) 4989 { 4990 u_long subcmd; 4991 struct ifreq *ifr = (struct ifreq *)data; 4992 struct spppreq *spr; 4993 int rv = 0; 4994 4995 spr = malloc(sizeof(struct spppreq), M_TEMP, M_INTWAIT); 4996 4997 /* 4998 * ifr->ifr_data is supposed to point to a struct spppreq. 4999 * Check the cmd word first before attempting to fetch all the 5000 * data. 5001 */ 5002 if ((subcmd = fuword(ifr->ifr_data)) == -1) { 5003 rv = EFAULT; 5004 goto quit; 5005 } 5006 5007 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(struct spppreq)) != 0) { 5008 rv = EFAULT; 5009 goto quit; 5010 } 5011 5012 switch (subcmd) { 5013 case (int)SPPPIOGDEFS: 5014 if (cmd != SIOCGIFGENERIC) { 5015 rv = EINVAL; 5016 break; 5017 } 5018 /* 5019 * We copy over the entire current state, but clean 5020 * out some of the stuff we don't wanna pass up. 5021 * Remember, SIOCGIFGENERIC is unprotected, and can be 5022 * called by any user. No need to ever get PAP or 5023 * CHAP secrets back to userland anyway. 5024 */ 5025 spr->defs.pp_phase = sp->pp_phase; 5026 spr->defs.enable_vj = (sp->confflags & CONF_ENABLE_VJ) != 0; 5027 spr->defs.enable_ipv6 = (sp->confflags & CONF_ENABLE_IPV6) != 0; 5028 spr->defs.lcp = sp->lcp; 5029 spr->defs.ipcp = sp->ipcp; 5030 spr->defs.ipv6cp = sp->ipv6cp; 5031 spr->defs.myauth = sp->myauth; 5032 spr->defs.hisauth = sp->hisauth; 5033 bzero(spr->defs.myauth.secret, AUTHKEYLEN); 5034 bzero(spr->defs.myauth.challenge, AUTHKEYLEN); 5035 bzero(spr->defs.hisauth.secret, AUTHKEYLEN); 5036 bzero(spr->defs.hisauth.challenge, AUTHKEYLEN); 5037 /* 5038 * Fixup the LCP timeout value to milliseconds so 5039 * spppcontrol doesn't need to bother about the value 5040 * of "hz". We do the reverse calculation below when 5041 * setting it. 5042 */ 5043 spr->defs.lcp.timeout = sp->lcp.timeout * 1000 / hz; 5044 rv = copyout(spr, (caddr_t)ifr->ifr_data, 5045 sizeof(struct spppreq)); 5046 break; 5047 5048 case (int)SPPPIOSDEFS: 5049 if (cmd != SIOCSIFGENERIC) { 5050 rv = EINVAL; 5051 break; 5052 } 5053 /* 5054 * We have a very specific idea of which fields we 5055 * allow being passed back from userland, so to not 5056 * clobber our current state. For one, we only allow 5057 * setting anything if LCP is in dead or establish 5058 * phase. Once the authentication negotiations 5059 * started, the authentication settings must not be 5060 * changed again. (The administrator can force an 5061 * ifconfig down in order to get LCP back into dead 5062 * phase.) 5063 * 5064 * Also, we only allow for authentication parameters to be 5065 * specified. 5066 * 5067 * XXX Should allow to set or clear pp_flags. 5068 * 5069 * Finally, if the respective authentication protocol to 5070 * be used is set differently than 0, but the secret is 5071 * passed as all zeros, we don't trash the existing secret. 5072 * This allows an administrator to change the system name 5073 * only without clobbering the secret (which he didn't get 5074 * back in a previous SPPPIOGDEFS call). However, the 5075 * secrets are cleared if the authentication protocol is 5076 * reset to 0. */ 5077 if (sp->pp_phase != PHASE_DEAD && 5078 sp->pp_phase != PHASE_ESTABLISH) { 5079 rv = EBUSY; 5080 break; 5081 } 5082 5083 if ((spr->defs.myauth.proto != 0 && spr->defs.myauth.proto != PPP_PAP && 5084 spr->defs.myauth.proto != PPP_CHAP) || 5085 (spr->defs.hisauth.proto != 0 && spr->defs.hisauth.proto != PPP_PAP && 5086 spr->defs.hisauth.proto != PPP_CHAP)) { 5087 rv = EINVAL; 5088 break; 5089 } 5090 5091 if (spr->defs.myauth.proto == 0) 5092 /* resetting myauth */ 5093 bzero(&sp->myauth, sizeof sp->myauth); 5094 else { 5095 /* setting/changing myauth */ 5096 sp->myauth.proto = spr->defs.myauth.proto; 5097 bcopy(spr->defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 5098 if (spr->defs.myauth.secret[0] != '\0') 5099 bcopy(spr->defs.myauth.secret, sp->myauth.secret, 5100 AUTHKEYLEN); 5101 } 5102 if (spr->defs.hisauth.proto == 0) 5103 /* resetting hisauth */ 5104 bzero(&sp->hisauth, sizeof sp->hisauth); 5105 else { 5106 /* setting/changing hisauth */ 5107 sp->hisauth.proto = spr->defs.hisauth.proto; 5108 sp->hisauth.flags = spr->defs.hisauth.flags; 5109 bcopy(spr->defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 5110 if (spr->defs.hisauth.secret[0] != '\0') 5111 bcopy(spr->defs.hisauth.secret, sp->hisauth.secret, 5112 AUTHKEYLEN); 5113 } 5114 /* set LCP restart timer timeout */ 5115 if (spr->defs.lcp.timeout != 0) 5116 sp->lcp.timeout = spr->defs.lcp.timeout * hz / 1000; 5117 /* set VJ enable and IPv6 disable flags */ 5118 #ifdef INET 5119 if (spr->defs.enable_vj) 5120 sp->confflags |= CONF_ENABLE_VJ; 5121 else 5122 sp->confflags &= ~CONF_ENABLE_VJ; 5123 #endif 5124 #ifdef INET6 5125 if (spr->defs.enable_ipv6) 5126 sp->confflags |= CONF_ENABLE_IPV6; 5127 else 5128 sp->confflags &= ~CONF_ENABLE_IPV6; 5129 #endif 5130 break; 5131 5132 default: 5133 rv = EINVAL; 5134 } 5135 5136 quit: 5137 free(spr, M_TEMP); 5138 5139 return (rv); 5140 } 5141 5142 static void 5143 sppp_phase_network(struct sppp *sp) 5144 { 5145 STDDCL; 5146 int i; 5147 u_long mask; 5148 5149 sp->pp_phase = PHASE_NETWORK; 5150 5151 if (debug) 5152 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 5153 sppp_phase_name(sp->pp_phase)); 5154 5155 /* Notify NCPs now. */ 5156 for (i = 0; i < IDX_COUNT; i++) 5157 if ((cps[i])->flags & CP_NCP) 5158 (cps[i])->Open(sp); 5159 5160 /* Send Up events to all NCPs. */ 5161 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5162 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5163 (cps[i])->Up(sp); 5164 5165 /* if no NCP is starting, all this was in vain, close down */ 5166 sppp_lcp_check_and_close(sp); 5167 } 5168 5169 5170 static const char * 5171 sppp_cp_type_name(u_char type) 5172 { 5173 static char buf[12]; 5174 switch (type) { 5175 case CONF_REQ: return "conf-req"; 5176 case CONF_ACK: return "conf-ack"; 5177 case CONF_NAK: return "conf-nak"; 5178 case CONF_REJ: return "conf-rej"; 5179 case TERM_REQ: return "term-req"; 5180 case TERM_ACK: return "term-ack"; 5181 case CODE_REJ: return "code-rej"; 5182 case PROTO_REJ: return "proto-rej"; 5183 case ECHO_REQ: return "echo-req"; 5184 case ECHO_REPLY: return "echo-reply"; 5185 case DISC_REQ: return "discard-req"; 5186 } 5187 snprintf (buf, sizeof(buf), "cp/0x%x", type); 5188 return buf; 5189 } 5190 5191 static const char * 5192 sppp_auth_type_name(u_short proto, u_char type) 5193 { 5194 static char buf[12]; 5195 switch (proto) { 5196 case PPP_CHAP: 5197 switch (type) { 5198 case CHAP_CHALLENGE: return "challenge"; 5199 case CHAP_RESPONSE: return "response"; 5200 case CHAP_SUCCESS: return "success"; 5201 case CHAP_FAILURE: return "failure"; 5202 } 5203 case PPP_PAP: 5204 switch (type) { 5205 case PAP_REQ: return "req"; 5206 case PAP_ACK: return "ack"; 5207 case PAP_NAK: return "nak"; 5208 } 5209 } 5210 snprintf (buf, sizeof(buf), "auth/0x%x", type); 5211 return buf; 5212 } 5213 5214 static const char * 5215 sppp_lcp_opt_name(u_char opt) 5216 { 5217 static char buf[12]; 5218 switch (opt) { 5219 case LCP_OPT_MRU: return "mru"; 5220 case LCP_OPT_ASYNC_MAP: return "async-map"; 5221 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5222 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5223 case LCP_OPT_MAGIC: return "magic"; 5224 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5225 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5226 } 5227 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 5228 return buf; 5229 } 5230 5231 static const char * 5232 sppp_ipcp_opt_name(u_char opt) 5233 { 5234 static char buf[12]; 5235 switch (opt) { 5236 case IPCP_OPT_ADDRESSES: return "addresses"; 5237 case IPCP_OPT_COMPRESSION: return "compression"; 5238 case IPCP_OPT_ADDRESS: return "address"; 5239 } 5240 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 5241 return buf; 5242 } 5243 5244 #ifdef INET6 5245 static const char * 5246 sppp_ipv6cp_opt_name(u_char opt) 5247 { 5248 static char buf[12]; 5249 switch (opt) { 5250 case IPV6CP_OPT_IFID: return "ifid"; 5251 case IPV6CP_OPT_COMPRESSION: return "compression"; 5252 } 5253 sprintf (buf, "0x%x", opt); 5254 return buf; 5255 } 5256 #endif 5257 5258 static const char * 5259 sppp_state_name(int state) 5260 { 5261 switch (state) { 5262 case STATE_INITIAL: return "initial"; 5263 case STATE_STARTING: return "starting"; 5264 case STATE_CLOSED: return "closed"; 5265 case STATE_STOPPED: return "stopped"; 5266 case STATE_CLOSING: return "closing"; 5267 case STATE_STOPPING: return "stopping"; 5268 case STATE_REQ_SENT: return "req-sent"; 5269 case STATE_ACK_RCVD: return "ack-rcvd"; 5270 case STATE_ACK_SENT: return "ack-sent"; 5271 case STATE_OPENED: return "opened"; 5272 } 5273 return "illegal"; 5274 } 5275 5276 static const char * 5277 sppp_phase_name(enum ppp_phase phase) 5278 { 5279 switch (phase) { 5280 case PHASE_DEAD: return "dead"; 5281 case PHASE_ESTABLISH: return "establish"; 5282 case PHASE_TERMINATE: return "terminate"; 5283 case PHASE_AUTHENTICATE: return "authenticate"; 5284 case PHASE_NETWORK: return "network"; 5285 } 5286 return "illegal"; 5287 } 5288 5289 static const char * 5290 sppp_proto_name(u_short proto) 5291 { 5292 static char buf[12]; 5293 switch (proto) { 5294 case PPP_LCP: return "lcp"; 5295 case PPP_IPCP: return "ipcp"; 5296 case PPP_PAP: return "pap"; 5297 case PPP_CHAP: return "chap"; 5298 case PPP_IPV6CP: return "ipv6cp"; 5299 } 5300 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 5301 return buf; 5302 } 5303 5304 static void 5305 sppp_print_bytes(const u_char *p, u_short len) 5306 { 5307 if (len) 5308 addlog(" %*D", len, p, "-"); 5309 } 5310 5311 static void 5312 sppp_print_string(const char *p, u_short len) 5313 { 5314 u_char c; 5315 5316 while (len-- > 0) { 5317 c = *p++; 5318 /* 5319 * Print only ASCII chars directly. RFC 1994 recommends 5320 * using only them, but we don't rely on it. */ 5321 if (c < ' ' || c > '~') 5322 addlog("\\x%x", c); 5323 else 5324 addlog("%c", c); 5325 } 5326 } 5327 5328 static const char * 5329 sppp_dotted_quad(u_long addr) 5330 { 5331 static char s[16]; 5332 sprintf(s, "%d.%d.%d.%d", 5333 (int)((addr >> 24) & 0xff), 5334 (int)((addr >> 16) & 0xff), 5335 (int)((addr >> 8) & 0xff), 5336 (int)(addr & 0xff)); 5337 return s; 5338 } 5339 5340 static int 5341 sppp_strnlen(u_char *p, int max) 5342 { 5343 int len; 5344 5345 for (len = 0; len < max && *p; ++p) 5346 ++len; 5347 return len; 5348 } 5349 5350 /* a dummy, used to drop uninteresting events */ 5351 static void 5352 sppp_null(struct sppp *unused) 5353 { 5354 /* do just nothing */ 5355 } 5356