1 /* 2 * Synchronous PPP/Cisco link level subroutines. 3 * Keepalive protocol implemented in both Cisco and PPP modes. 4 * 5 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 6 * Author: Serge Vakulenko, <vak@cronyx.ru> 7 * 8 * Heavily revamped to conform to RFC 1661. 9 * Copyright (C) 1997, 2001 Joerg Wunsch. 10 * 11 * This software is distributed with NO WARRANTIES, not even the implied 12 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 13 * 14 * Authors grant any other persons or organisations permission to use 15 * or modify this software as long as this message is kept with the software, 16 * all derivative works or modified versions. 17 * 18 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 19 * 20 * $FreeBSD: src/sys/net/if_spppsubr.c,v 1.59.2.13 2002/07/03 15:44:41 joerg Exp $ 21 * $DragonFly: src/sys/net/sppp/if_spppsubr.c,v 1.19 2005/02/11 22:25:57 joerg Exp $ 22 */ 23 24 #include <sys/param.h> 25 26 #if defined(__DragonFly__) 27 #include "opt_inet.h" 28 #include "opt_inet6.h" 29 #include "opt_ipx.h" 30 #endif 31 32 #ifdef NetBSD1_3 33 # if NetBSD1_3 > 6 34 # include "opt_inet.h" 35 # include "opt_inet6.h" 36 # include "opt_iso.h" 37 # endif 38 #endif 39 40 #include <sys/systm.h> 41 #include <sys/kernel.h> 42 #include <sys/module.h> 43 #include <sys/sockio.h> 44 #include <sys/socket.h> 45 #include <sys/syslog.h> 46 #if defined(__DragonFly__) 47 #include <sys/random.h> 48 #endif 49 #include <sys/malloc.h> 50 #include <sys/mbuf.h> 51 52 #if defined (__OpenBSD__) 53 #include <sys/md5k.h> 54 #else 55 #include <sys/md5.h> 56 #endif 57 58 #include <net/if.h> 59 #include <net/ifq_var.h> 60 #include <net/netisr.h> 61 #include <net/if_types.h> 62 #include <net/route.h> 63 #include <netinet/in.h> 64 #include <netinet/in_systm.h> 65 #include <netinet/ip.h> 66 #include <net/slcompress.h> 67 68 #if defined (__NetBSD__) || defined (__OpenBSD__) 69 #include <machine/cpu.h> /* XXX for softnet */ 70 #endif 71 72 #include <machine/stdarg.h> 73 74 #include <netinet/in.h> 75 #include <netinet/in_systm.h> 76 #include <netinet/in_var.h> 77 78 #ifdef INET 79 #include <netinet/ip.h> 80 #include <netinet/tcp.h> 81 #endif 82 83 #if defined (__DragonFly__) || defined (__OpenBSD__) 84 # include <netinet/if_ether.h> 85 #else 86 # include <net/ethertypes.h> 87 #endif 88 89 #ifdef IPX 90 #include <netproto/ipx/ipx.h> 91 #include <netproto/ipx/ipx_if.h> 92 #endif 93 94 #ifdef NS 95 #include <netns/ns.h> 96 #include <netns/ns_if.h> 97 #endif 98 99 #include "if_sppp.h" 100 101 #define IOCTL_CMD_T u_long 102 #define MAXALIVECNT 3 /* max. alive packets */ 103 104 /* 105 * Interface flags that can be set in an ifconfig command. 106 * 107 * Setting link0 will make the link passive, i.e. it will be marked 108 * as being administrative openable, but won't be opened to begin 109 * with. Incoming calls will be answered, or subsequent calls with 110 * -link1 will cause the administrative open of the LCP layer. 111 * 112 * Setting link1 will cause the link to auto-dial only as packets 113 * arrive to be sent. 114 * 115 * Setting IFF_DEBUG will syslog the option negotiation and state 116 * transitions at level kern.debug. Note: all logs consistently look 117 * like 118 * 119 * <if-name><unit>: <proto-name> <additional info...> 120 * 121 * with <if-name><unit> being something like "bppp0", and <proto-name> 122 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 123 */ 124 125 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 126 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 127 #define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 128 129 #define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 130 #define PPP_UI 0x03 /* Unnumbered Information */ 131 #define PPP_IP 0x0021 /* Internet Protocol */ 132 #define PPP_ISO 0x0023 /* ISO OSI Protocol */ 133 #define PPP_XNS 0x0025 /* Xerox NS Protocol */ 134 #define PPP_IPX 0x002b /* Novell IPX Protocol */ 135 #define PPP_VJ_COMP 0x002d /* VJ compressed TCP/IP */ 136 #define PPP_VJ_UCOMP 0x002f /* VJ uncompressed TCP/IP */ 137 #define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */ 138 #define PPP_LCP 0xc021 /* Link Control Protocol */ 139 #define PPP_PAP 0xc023 /* Password Authentication Protocol */ 140 #define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 141 #define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 142 #define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 143 144 #define CONF_REQ 1 /* PPP configure request */ 145 #define CONF_ACK 2 /* PPP configure acknowledge */ 146 #define CONF_NAK 3 /* PPP configure negative ack */ 147 #define CONF_REJ 4 /* PPP configure reject */ 148 #define TERM_REQ 5 /* PPP terminate request */ 149 #define TERM_ACK 6 /* PPP terminate acknowledge */ 150 #define CODE_REJ 7 /* PPP code reject */ 151 #define PROTO_REJ 8 /* PPP protocol reject */ 152 #define ECHO_REQ 9 /* PPP echo request */ 153 #define ECHO_REPLY 10 /* PPP echo reply */ 154 #define DISC_REQ 11 /* PPP discard request */ 155 156 #define LCP_OPT_MRU 1 /* maximum receive unit */ 157 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 158 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 159 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 160 #define LCP_OPT_MAGIC 5 /* magic number */ 161 #define LCP_OPT_RESERVED 6 /* reserved */ 162 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 163 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 164 165 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 166 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 167 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 168 169 #define IPV6CP_OPT_IFID 1 /* interface identifier */ 170 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 171 172 #define IPCP_COMP_VJ 0x2d /* Code for VJ compression */ 173 174 #define PAP_REQ 1 /* PAP name/password request */ 175 #define PAP_ACK 2 /* PAP acknowledge */ 176 #define PAP_NAK 3 /* PAP fail */ 177 178 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 179 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 180 #define CHAP_SUCCESS 3 /* CHAP response ok */ 181 #define CHAP_FAILURE 4 /* CHAP response failed */ 182 183 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 184 185 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 186 #define CISCO_UNICAST 0x0f /* Cisco unicast address */ 187 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 188 #define CISCO_ADDR_REQ 0 /* Cisco address request */ 189 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 190 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 191 192 /* states are named and numbered according to RFC 1661 */ 193 #define STATE_INITIAL 0 194 #define STATE_STARTING 1 195 #define STATE_CLOSED 2 196 #define STATE_STOPPED 3 197 #define STATE_CLOSING 4 198 #define STATE_STOPPING 5 199 #define STATE_REQ_SENT 6 200 #define STATE_ACK_RCVD 7 201 #define STATE_ACK_SENT 8 202 #define STATE_OPENED 9 203 204 struct ppp_header { 205 u_char address; 206 u_char control; 207 u_short protocol; 208 } __attribute__((__packed__)); 209 #define PPP_HEADER_LEN sizeof (struct ppp_header) 210 211 struct lcp_header { 212 u_char type; 213 u_char ident; 214 u_short len; 215 } __attribute__((__packed__)); 216 #define LCP_HEADER_LEN sizeof (struct lcp_header) 217 218 struct cisco_packet { 219 u_long type; 220 u_long par1; 221 u_long par2; 222 u_short rel; 223 u_short time0; 224 u_short time1; 225 } __attribute__((__packed__)); 226 #define CISCO_PACKET_LEN sizeof (struct cisco_packet) 227 228 /* 229 * We follow the spelling and capitalization of RFC 1661 here, to make 230 * it easier comparing with the standard. Please refer to this RFC in 231 * case you can't make sense out of these abbreviation; it will also 232 * explain the semantics related to the various events and actions. 233 */ 234 struct cp { 235 u_short proto; /* PPP control protocol number */ 236 u_char protoidx; /* index into state table in struct sppp */ 237 u_char flags; 238 #define CP_LCP 0x01 /* this is the LCP */ 239 #define CP_AUTH 0x02 /* this is an authentication protocol */ 240 #define CP_NCP 0x04 /* this is a NCP */ 241 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 242 const char *name; /* name of this control protocol */ 243 /* event handlers */ 244 void (*Up)(struct sppp *sp); 245 void (*Down)(struct sppp *sp); 246 void (*Open)(struct sppp *sp); 247 void (*Close)(struct sppp *sp); 248 void (*TO)(void *sp); 249 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 250 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 251 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 252 /* actions */ 253 void (*tlu)(struct sppp *sp); 254 void (*tld)(struct sppp *sp); 255 void (*tls)(struct sppp *sp); 256 void (*tlf)(struct sppp *sp); 257 void (*scr)(struct sppp *sp); 258 }; 259 260 static struct sppp *spppq; 261 #if defined(__DragonFly__) 262 static struct callout keepalive_timeout; 263 #endif 264 265 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 && !defined(__DragonFly__) 266 #define SPP_FMT "%s%d: " 267 #define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 268 #else 269 #define SPP_FMT "%s: " 270 #define SPP_ARGS(ifp) (ifp)->if_xname 271 #endif 272 273 #ifdef INET 274 /* 275 * The following disgusting hack gets around the problem that IP TOS 276 * can't be set yet. We want to put "interactive" traffic on a high 277 * priority queue. To decide if traffic is interactive, we check that 278 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 279 * 280 * XXX is this really still necessary? - joerg - 281 */ 282 static u_short interactive_ports[8] = { 283 0, 513, 0, 0, 284 0, 21, 0, 23, 285 }; 286 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 287 #endif 288 289 /* almost every function needs these */ 290 #define STDDCL \ 291 struct ifnet *ifp = &sp->pp_if; \ 292 int debug = ifp->if_flags & IFF_DEBUG 293 294 static int sppp_output(struct ifnet *ifp, struct mbuf *m, 295 struct sockaddr *dst, struct rtentry *rt); 296 297 static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 298 static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 299 300 static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 301 struct mbuf *m); 302 static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 303 u_char ident, u_short len, void *data); 304 /* static void sppp_cp_timeout(void *arg); */ 305 static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 306 int newstate); 307 static void sppp_auth_send(const struct cp *cp, 308 struct sppp *sp, unsigned int type, unsigned int id, 309 ...); 310 311 static void sppp_up_event(const struct cp *cp, struct sppp *sp); 312 static void sppp_down_event(const struct cp *cp, struct sppp *sp); 313 static void sppp_open_event(const struct cp *cp, struct sppp *sp); 314 static void sppp_close_event(const struct cp *cp, struct sppp *sp); 315 static void sppp_to_event(const struct cp *cp, struct sppp *sp); 316 317 static void sppp_null(struct sppp *sp); 318 319 static void sppp_lcp_init(struct sppp *sp); 320 static void sppp_lcp_up(struct sppp *sp); 321 static void sppp_lcp_down(struct sppp *sp); 322 static void sppp_lcp_open(struct sppp *sp); 323 static void sppp_lcp_close(struct sppp *sp); 324 static void sppp_lcp_TO(void *sp); 325 static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 326 static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 327 static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 328 static void sppp_lcp_tlu(struct sppp *sp); 329 static void sppp_lcp_tld(struct sppp *sp); 330 static void sppp_lcp_tls(struct sppp *sp); 331 static void sppp_lcp_tlf(struct sppp *sp); 332 static void sppp_lcp_scr(struct sppp *sp); 333 static void sppp_lcp_check_and_close(struct sppp *sp); 334 static int sppp_ncp_check(struct sppp *sp); 335 336 static void sppp_ipcp_init(struct sppp *sp); 337 static void sppp_ipcp_up(struct sppp *sp); 338 static void sppp_ipcp_down(struct sppp *sp); 339 static void sppp_ipcp_open(struct sppp *sp); 340 static void sppp_ipcp_close(struct sppp *sp); 341 static void sppp_ipcp_TO(void *sp); 342 static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 343 static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 344 static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 345 static void sppp_ipcp_tlu(struct sppp *sp); 346 static void sppp_ipcp_tld(struct sppp *sp); 347 static void sppp_ipcp_tls(struct sppp *sp); 348 static void sppp_ipcp_tlf(struct sppp *sp); 349 static void sppp_ipcp_scr(struct sppp *sp); 350 351 static void sppp_ipv6cp_init(struct sppp *sp); 352 static void sppp_ipv6cp_up(struct sppp *sp); 353 static void sppp_ipv6cp_down(struct sppp *sp); 354 static void sppp_ipv6cp_open(struct sppp *sp); 355 static void sppp_ipv6cp_close(struct sppp *sp); 356 static void sppp_ipv6cp_TO(void *sp); 357 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 358 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 359 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 360 static void sppp_ipv6cp_tlu(struct sppp *sp); 361 static void sppp_ipv6cp_tld(struct sppp *sp); 362 static void sppp_ipv6cp_tls(struct sppp *sp); 363 static void sppp_ipv6cp_tlf(struct sppp *sp); 364 static void sppp_ipv6cp_scr(struct sppp *sp); 365 366 static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 367 static void sppp_pap_init(struct sppp *sp); 368 static void sppp_pap_open(struct sppp *sp); 369 static void sppp_pap_close(struct sppp *sp); 370 static void sppp_pap_TO(void *sp); 371 static void sppp_pap_my_TO(void *sp); 372 static void sppp_pap_tlu(struct sppp *sp); 373 static void sppp_pap_tld(struct sppp *sp); 374 static void sppp_pap_scr(struct sppp *sp); 375 376 static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 377 static void sppp_chap_init(struct sppp *sp); 378 static void sppp_chap_open(struct sppp *sp); 379 static void sppp_chap_close(struct sppp *sp); 380 static void sppp_chap_TO(void *sp); 381 static void sppp_chap_tlu(struct sppp *sp); 382 static void sppp_chap_tld(struct sppp *sp); 383 static void sppp_chap_scr(struct sppp *sp); 384 385 static const char *sppp_auth_type_name(u_short proto, u_char type); 386 static const char *sppp_cp_type_name(u_char type); 387 static const char *sppp_dotted_quad(u_long addr); 388 static const char *sppp_ipcp_opt_name(u_char opt); 389 #ifdef INET6 390 static const char *sppp_ipv6cp_opt_name(u_char opt); 391 #endif 392 static const char *sppp_lcp_opt_name(u_char opt); 393 static const char *sppp_phase_name(enum ppp_phase phase); 394 static const char *sppp_proto_name(u_short proto); 395 static const char *sppp_state_name(int state); 396 static int sppp_params(struct sppp *sp, u_long cmd, void *data); 397 static int sppp_strnlen(u_char *p, int max); 398 static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 399 u_long *srcmask); 400 static void sppp_keepalive(void *dummy); 401 static void sppp_phase_network(struct sppp *sp); 402 static void sppp_print_bytes(const u_char *p, u_short len); 403 static void sppp_print_string(const char *p, u_short len); 404 static void sppp_set_ip_addr(struct sppp *sp, u_long src); 405 #ifdef INET6 406 static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 407 struct in6_addr *dst, struct in6_addr *srcmask); 408 #ifdef IPV6CP_MYIFID_DYN 409 static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 410 static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 411 #endif 412 static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 413 #endif 414 415 /* our control protocol descriptors */ 416 static const struct cp lcp = { 417 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 418 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 419 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 420 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 421 sppp_lcp_scr 422 }; 423 424 static const struct cp ipcp = { 425 PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp", 426 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 427 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 428 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 429 sppp_ipcp_scr 430 }; 431 432 static const struct cp ipv6cp = { 433 PPP_IPV6CP, IDX_IPV6CP, 434 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 435 CP_NCP, 436 #else 437 0, 438 #endif 439 "ipv6cp", 440 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 441 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 442 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 443 sppp_ipv6cp_scr 444 }; 445 446 static const struct cp pap = { 447 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 448 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 449 sppp_pap_TO, 0, 0, 0, 450 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 451 sppp_pap_scr 452 }; 453 454 static const struct cp chap = { 455 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 456 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 457 sppp_chap_TO, 0, 0, 0, 458 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 459 sppp_chap_scr 460 }; 461 462 static const struct cp *cps[IDX_COUNT] = { 463 &lcp, /* IDX_LCP */ 464 &ipcp, /* IDX_IPCP */ 465 &ipv6cp, /* IDX_IPV6CP */ 466 &pap, /* IDX_PAP */ 467 &chap, /* IDX_CHAP */ 468 }; 469 470 static int 471 sppp_modevent(module_t mod, int type, void *unused) 472 { 473 switch (type) { 474 case MOD_LOAD: 475 break; 476 case MOD_UNLOAD: 477 return EACCES; 478 break; 479 default: 480 break; 481 } 482 return 0; 483 } 484 static moduledata_t spppmod = { 485 "sppp", 486 sppp_modevent, 487 0 488 }; 489 MODULE_VERSION(sppp, 1); 490 DECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY); 491 492 /* 493 * Exported functions, comprising our interface to the lower layer. 494 */ 495 496 /* 497 * Process the received packet. 498 */ 499 void 500 sppp_input(struct ifnet *ifp, struct mbuf *m) 501 { 502 struct ppp_header *h; 503 int isr = -1; 504 struct sppp *sp = (struct sppp *)ifp; 505 u_char *iphdr; 506 int hlen, vjlen, do_account = 0; 507 int debug = ifp->if_flags & IFF_DEBUG; 508 509 if (ifp->if_flags & IFF_UP) 510 /* Count received bytes, add FCS and one flag */ 511 ifp->if_ibytes += m->m_pkthdr.len + 3; 512 513 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 514 /* Too small packet, drop it. */ 515 if (debug) 516 log(LOG_DEBUG, 517 SPP_FMT "input packet is too small, %d bytes\n", 518 SPP_ARGS(ifp), m->m_pkthdr.len); 519 drop: 520 m_freem (m); 521 drop2: 522 ++ifp->if_ierrors; 523 ++ifp->if_iqdrops; 524 return; 525 } 526 527 /* Get PPP header. */ 528 h = mtod (m, struct ppp_header*); 529 m_adj (m, PPP_HEADER_LEN); 530 531 switch (h->address) { 532 case PPP_ALLSTATIONS: 533 if (h->control != PPP_UI) 534 goto invalid; 535 if (sp->pp_mode == IFF_CISCO) { 536 if (debug) 537 log(LOG_DEBUG, 538 SPP_FMT "PPP packet in Cisco mode " 539 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 540 SPP_ARGS(ifp), 541 h->address, h->control, ntohs(h->protocol)); 542 goto drop; 543 } 544 switch (ntohs (h->protocol)) { 545 default: 546 if (debug) 547 log(LOG_DEBUG, 548 SPP_FMT "rejecting protocol " 549 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 550 SPP_ARGS(ifp), 551 h->address, h->control, ntohs(h->protocol)); 552 if (sp->state[IDX_LCP] == STATE_OPENED) 553 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 554 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 555 &h->protocol); 556 ++ifp->if_noproto; 557 goto drop; 558 case PPP_LCP: 559 sppp_cp_input(&lcp, sp, m); 560 m_freem (m); 561 return; 562 case PPP_PAP: 563 if (sp->pp_phase >= PHASE_AUTHENTICATE) 564 sppp_pap_input(sp, m); 565 m_freem (m); 566 return; 567 case PPP_CHAP: 568 if (sp->pp_phase >= PHASE_AUTHENTICATE) 569 sppp_chap_input(sp, m); 570 m_freem (m); 571 return; 572 #ifdef INET 573 case PPP_IPCP: 574 if (sp->pp_phase == PHASE_NETWORK) 575 sppp_cp_input(&ipcp, sp, m); 576 m_freem (m); 577 return; 578 case PPP_IP: 579 if (sp->state[IDX_IPCP] == STATE_OPENED) { 580 isr = NETISR_IP; 581 } 582 do_account++; 583 break; 584 case PPP_VJ_COMP: 585 if (sp->state[IDX_IPCP] == STATE_OPENED) { 586 if ((vjlen = 587 sl_uncompress_tcp_core(mtod(m, u_char *), 588 m->m_len, m->m_len, 589 TYPE_COMPRESSED_TCP, 590 sp->pp_comp, 591 &iphdr, &hlen)) <= 0) { 592 if (debug) 593 log(LOG_INFO, 594 SPP_FMT "VJ uncompress failed on compressed packet\n", 595 SPP_ARGS(ifp)); 596 goto drop; 597 } 598 599 /* 600 * Trim the VJ header off the packet, and prepend 601 * the uncompressed IP header (which will usually 602 * end up in two chained mbufs since there's not 603 * enough leading space in the existing mbuf). 604 */ 605 m_adj(m, vjlen); 606 M_PREPEND(m, hlen, MB_DONTWAIT); 607 if (m == NULL) 608 goto drop2; 609 bcopy(iphdr, mtod(m, u_char *), hlen); 610 611 isr = NETISR_IP; 612 } 613 do_account++; 614 break; 615 case PPP_VJ_UCOMP: 616 if (sp->state[IDX_IPCP] == STATE_OPENED) { 617 if (sl_uncompress_tcp_core(mtod(m, u_char *), 618 m->m_len, m->m_len, 619 TYPE_UNCOMPRESSED_TCP, 620 sp->pp_comp, 621 &iphdr, &hlen) != 0) { 622 if (debug) 623 log(LOG_INFO, 624 SPP_FMT "VJ uncompress failed on uncompressed packet\n", 625 SPP_ARGS(ifp)); 626 goto drop; 627 } 628 isr = NETISR_IP; 629 } 630 do_account++; 631 break; 632 #endif 633 #ifdef INET6 634 case PPP_IPV6CP: 635 if (sp->pp_phase == PHASE_NETWORK) 636 sppp_cp_input(&ipv6cp, sp, m); 637 m_freem (m); 638 return; 639 640 case PPP_IPV6: 641 if (sp->state[IDX_IPV6CP] == STATE_OPENED) { 642 isr = NETISR_IPV6; 643 } 644 do_account++; 645 break; 646 #endif 647 #ifdef IPX 648 case PPP_IPX: 649 /* IPX IPXCP not implemented yet */ 650 if (sp->pp_phase == PHASE_NETWORK) { 651 isr = NETISR_IPX; 652 } 653 do_account++; 654 break; 655 #endif 656 #ifdef NS 657 case PPP_XNS: 658 /* XNS IDPCP not implemented yet */ 659 if (sp->pp_phase == PHASE_NETWORK) { 660 isr = NETISR_NS; 661 } 662 do_account++; 663 break; 664 #endif 665 } 666 break; 667 case CISCO_MULTICAST: 668 case CISCO_UNICAST: 669 /* Don't check the control field here (RFC 1547). */ 670 if (sp->pp_mode != IFF_CISCO) { 671 if (debug) 672 log(LOG_DEBUG, 673 SPP_FMT "Cisco packet in PPP mode " 674 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 675 SPP_ARGS(ifp), 676 h->address, h->control, ntohs(h->protocol)); 677 goto drop; 678 } 679 switch (ntohs (h->protocol)) { 680 default: 681 ++ifp->if_noproto; 682 goto invalid; 683 case CISCO_KEEPALIVE: 684 sppp_cisco_input ((struct sppp*) ifp, m); 685 m_freem (m); 686 return; 687 #ifdef INET 688 case ETHERTYPE_IP: 689 isr = NETISR_IP; 690 do_account++; 691 break; 692 #endif 693 #ifdef INET6 694 case ETHERTYPE_IPV6: 695 isr = NETISR_IPV6; 696 do_account++; 697 break; 698 #endif 699 #ifdef IPX 700 case ETHERTYPE_IPX: 701 isr = NETISR_IPX; 702 do_account++; 703 break; 704 #endif 705 #ifdef NS 706 case ETHERTYPE_NS: 707 isr = NETISR_NS 708 do_account++; 709 break; 710 #endif 711 } 712 break; 713 default: /* Invalid PPP packet. */ 714 invalid: 715 if (debug) 716 log(LOG_DEBUG, 717 SPP_FMT "invalid input packet " 718 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 719 SPP_ARGS(ifp), 720 h->address, h->control, ntohs(h->protocol)); 721 goto drop; 722 } 723 724 if (! (ifp->if_flags & IFF_UP) || isr < 0) 725 goto drop; 726 727 /* Check queue. */ 728 729 netisr_dispatch(isr, m); 730 if (do_account) 731 /* 732 * Do only account for network packets, not for control 733 * packets. This is used by some subsystems to detect 734 * idle lines. 735 */ 736 sp->pp_last_recv = time_second; 737 } 738 739 /* 740 * Enqueue transmit packet. 741 */ 742 static int 743 sppp_output(struct ifnet *ifp, struct mbuf *m, 744 struct sockaddr *dst, struct rtentry *rt) 745 { 746 struct sppp *sp = (struct sppp*) ifp; 747 struct ppp_header *h; 748 struct ifqueue *ifq = NULL; 749 int s, rv = 0; 750 int ipproto = PPP_IP; 751 int debug = ifp->if_flags & IFF_DEBUG; 752 struct altq_pktattr pktattr; 753 754 s = splimp(); 755 756 if ((ifp->if_flags & IFF_UP) == 0 || 757 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 758 #ifdef INET6 759 drop: 760 #endif 761 m_freem (m); 762 splx (s); 763 return (ENETDOWN); 764 } 765 766 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 767 #ifdef INET6 768 /* 769 * XXX 770 * 771 * Hack to prevent the initialization-time generated 772 * IPv6 multicast packet to erroneously cause a 773 * dialout event in case IPv6 has been 774 * administratively disabled on that interface. 775 */ 776 if (dst->sa_family == AF_INET6 && 777 !(sp->confflags & CONF_ENABLE_IPV6)) 778 goto drop; 779 #endif 780 /* 781 * Interface is not yet running, but auto-dial. Need 782 * to start LCP for it. 783 */ 784 ifp->if_flags |= IFF_RUNNING; 785 splx(s); 786 lcp.Open(sp); 787 s = splimp(); 788 } 789 790 /* 791 * if the queueing discipline needs packet classification, 792 * do it before prepending link headers. 793 */ 794 ifq_classify(&ifp->if_snd, m, dst->sa_family, &pktattr); 795 796 #ifdef INET 797 if (dst->sa_family == AF_INET) { 798 /* XXX Check mbuf length here? */ 799 struct ip *ip = mtod (m, struct ip*); 800 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 801 802 /* 803 * When using dynamic local IP address assignment by using 804 * 0.0.0.0 as a local address, the first TCP session will 805 * not connect because the local TCP checksum is computed 806 * using 0.0.0.0 which will later become our real IP address 807 * so the TCP checksum computed at the remote end will 808 * become invalid. So we 809 * - don't let packets with src ip addr 0 thru 810 * - we flag TCP packets with src ip 0 as an error 811 */ 812 813 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 814 { 815 m_freem(m); 816 splx(s); 817 if(ip->ip_p == IPPROTO_TCP) 818 return(EADDRNOTAVAIL); 819 else 820 return(0); 821 } 822 823 /* 824 * Put low delay, telnet, rlogin and ftp control packets 825 * in front of the queue. 826 */ 827 if (IF_QFULL (&sp->pp_fastq)) 828 ; 829 else if (ip->ip_tos & IPTOS_LOWDELAY) 830 ifq = &sp->pp_fastq; 831 else if (m->m_len < sizeof *ip + sizeof *tcp) 832 ; 833 else if (ip->ip_p != IPPROTO_TCP) 834 ; 835 else if (INTERACTIVE (ntohs (tcp->th_sport))) 836 ifq = &sp->pp_fastq; 837 else if (INTERACTIVE (ntohs (tcp->th_dport))) 838 ifq = &sp->pp_fastq; 839 840 /* 841 * Do IP Header compression 842 */ 843 if (sp->pp_mode != IFF_CISCO && (sp->ipcp.flags & IPCP_VJ) && 844 ip->ip_p == IPPROTO_TCP) 845 switch (sl_compress_tcp(m, ip, sp->pp_comp, 846 sp->ipcp.compress_cid)) { 847 case TYPE_COMPRESSED_TCP: 848 ipproto = PPP_VJ_COMP; 849 break; 850 case TYPE_UNCOMPRESSED_TCP: 851 ipproto = PPP_VJ_UCOMP; 852 break; 853 case TYPE_IP: 854 ipproto = PPP_IP; 855 break; 856 default: 857 m_freem(m); 858 splx(s); 859 return (EINVAL); 860 } 861 } 862 #endif 863 864 #ifdef INET6 865 if (dst->sa_family == AF_INET6) { 866 /* XXX do something tricky here? */ 867 } 868 #endif 869 870 /* 871 * Prepend general data packet PPP header. For now, IP only. 872 */ 873 M_PREPEND (m, PPP_HEADER_LEN, MB_DONTWAIT); 874 if (! m) { 875 if (debug) 876 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 877 SPP_ARGS(ifp)); 878 ++ifp->if_oerrors; 879 splx (s); 880 return (ENOBUFS); 881 } 882 /* 883 * May want to check size of packet 884 * (albeit due to the implementation it's always enough) 885 */ 886 h = mtod (m, struct ppp_header*); 887 if (sp->pp_mode == IFF_CISCO) { 888 h->address = CISCO_UNICAST; /* unicast address */ 889 h->control = 0; 890 } else { 891 h->address = PPP_ALLSTATIONS; /* broadcast address */ 892 h->control = PPP_UI; /* Unnumbered Info */ 893 } 894 895 switch (dst->sa_family) { 896 #ifdef INET 897 case AF_INET: /* Internet Protocol */ 898 if (sp->pp_mode == IFF_CISCO) 899 h->protocol = htons (ETHERTYPE_IP); 900 else { 901 /* 902 * Don't choke with an ENETDOWN early. It's 903 * possible that we just started dialing out, 904 * so don't drop the packet immediately. If 905 * we notice that we run out of buffer space 906 * below, we will however remember that we are 907 * not ready to carry IP packets, and return 908 * ENETDOWN, as opposed to ENOBUFS. 909 */ 910 h->protocol = htons(ipproto); 911 if (sp->state[IDX_IPCP] != STATE_OPENED) 912 rv = ENETDOWN; 913 } 914 break; 915 #endif 916 #ifdef INET6 917 case AF_INET6: /* Internet Protocol */ 918 if (sp->pp_mode == IFF_CISCO) 919 h->protocol = htons (ETHERTYPE_IPV6); 920 else { 921 /* 922 * Don't choke with an ENETDOWN early. It's 923 * possible that we just started dialing out, 924 * so don't drop the packet immediately. If 925 * we notice that we run out of buffer space 926 * below, we will however remember that we are 927 * not ready to carry IP packets, and return 928 * ENETDOWN, as opposed to ENOBUFS. 929 */ 930 h->protocol = htons(PPP_IPV6); 931 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 932 rv = ENETDOWN; 933 } 934 break; 935 #endif 936 #ifdef NS 937 case AF_NS: /* Xerox NS Protocol */ 938 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 939 ETHERTYPE_NS : PPP_XNS); 940 break; 941 #endif 942 #ifdef IPX 943 case AF_IPX: /* Novell IPX Protocol */ 944 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 945 ETHERTYPE_IPX : PPP_IPX); 946 break; 947 #endif 948 default: 949 m_freem (m); 950 ++ifp->if_oerrors; 951 splx (s); 952 return (EAFNOSUPPORT); 953 } 954 955 /* 956 * Queue message on interface, and start output if interface 957 * not yet active. 958 */ 959 if (ifq != NULL) { 960 if (IF_QFULL(ifq)) { 961 IF_DROP(ifq); 962 m_freem(m); 963 rv = ENOBUFS; 964 ifq->ifq_drops++; 965 } else { 966 IF_ENQUEUE(ifq, m); 967 rv = 0; 968 } 969 } else { 970 rv = ifq_enqueue(&ifp->if_snd, m, &pktattr); 971 } 972 if (rv) { 973 ++ifp->if_oerrors; 974 splx(s); 975 return(rv); 976 } 977 if (! (ifp->if_flags & IFF_OACTIVE)) 978 (*ifp->if_start) (ifp); 979 980 /* 981 * Count output packets and bytes. 982 * The packet length includes header, FCS and 1 flag, 983 * according to RFC 1333. 984 */ 985 ifp->if_obytes += m->m_pkthdr.len + 3; 986 splx (s); 987 /* 988 * Unlike in sppp_input(), we can always bump the timestamp 989 * here since sppp_output() is only called on behalf of 990 * network-layer traffic; control-layer traffic is handled 991 * by sppp_cp_send(). 992 */ 993 sp->pp_last_sent = time_second; 994 return (0); 995 } 996 997 void 998 sppp_attach(struct ifnet *ifp) 999 { 1000 struct sppp *sp = (struct sppp*) ifp; 1001 1002 /* Initialize keepalive handler. */ 1003 if (!spppq) { 1004 callout_reset(&keepalive_timeout, hz * 10, 1005 sppp_keepalive, NULL); 1006 } 1007 /* Insert new entry into the keepalive list. */ 1008 sp->pp_next = spppq; 1009 spppq = sp; 1010 1011 sp->pp_if.if_mtu = PP_MTU; 1012 sp->pp_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 1013 sp->pp_if.if_type = IFT_PPP; 1014 sp->pp_if.if_output = sppp_output; 1015 #if 0 1016 sp->pp_flags = PP_KEEPALIVE; 1017 #endif 1018 sp->pp_if.if_snd.ifq_maxlen = 32; 1019 sp->pp_fastq.ifq_maxlen = 32; 1020 sp->pp_cpq.ifq_maxlen = 20; 1021 sp->pp_loopcnt = 0; 1022 sp->pp_alivecnt = 0; 1023 bzero(&sp->pp_seq[0], sizeof(sp->pp_seq)); 1024 bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq)); 1025 sp->pp_phase = PHASE_DEAD; 1026 sp->pp_up = lcp.Up; 1027 sp->pp_down = lcp.Down; 1028 sp->pp_last_recv = sp->pp_last_sent = time_second; 1029 sp->confflags = 0; 1030 #ifdef INET 1031 sp->confflags |= CONF_ENABLE_VJ; 1032 #endif 1033 #ifdef INET6 1034 sp->confflags |= CONF_ENABLE_IPV6; 1035 #endif 1036 sp->pp_comp = malloc(sizeof(struct slcompress), M_TEMP, M_WAITOK); 1037 sl_compress_init(sp->pp_comp, -1); 1038 sppp_lcp_init(sp); 1039 sppp_ipcp_init(sp); 1040 sppp_ipv6cp_init(sp); 1041 sppp_pap_init(sp); 1042 sppp_chap_init(sp); 1043 } 1044 1045 void 1046 sppp_detach(struct ifnet *ifp) 1047 { 1048 struct sppp **q, *p, *sp = (struct sppp*) ifp; 1049 int i; 1050 1051 /* Remove the entry from the keepalive list. */ 1052 for (q = &spppq; (p = *q); q = &p->pp_next) 1053 if (p == sp) { 1054 *q = p->pp_next; 1055 break; 1056 } 1057 1058 /* Stop keepalive handler. */ 1059 if (!spppq) 1060 callout_stop(&keepalive_timeout); 1061 1062 for (i = 0; i < IDX_COUNT; i++) 1063 callout_stop(&sp->timeout[i]); 1064 callout_stop(&sp->pap_my_to); 1065 } 1066 1067 /* 1068 * Flush the interface output queue. 1069 */ 1070 void 1071 sppp_flush(struct ifnet *ifp) 1072 { 1073 struct sppp *sp = (struct sppp*) ifp; 1074 1075 ifq_purge(&sp->pp_if.if_snd); 1076 IF_DRAIN(&sp->pp_fastq); 1077 IF_DRAIN(&sp->pp_cpq); 1078 } 1079 1080 /* 1081 * Check if the output queue is empty. 1082 */ 1083 int 1084 sppp_isempty(struct ifnet *ifp) 1085 { 1086 struct sppp *sp = (struct sppp*) ifp; 1087 int empty, s; 1088 1089 s = splimp(); 1090 empty = IF_QEMPTY(&sp->pp_fastq) && IF_QEMPTY(&sp->pp_cpq) && 1091 ifq_is_empty(&sp->pp_if.if_snd); 1092 splx(s); 1093 return (empty); 1094 } 1095 1096 /* 1097 * Get next packet to send. 1098 */ 1099 struct mbuf * 1100 sppp_dequeue(struct ifnet *ifp) 1101 { 1102 struct sppp *sp = (struct sppp*) ifp; 1103 struct mbuf *m; 1104 int s; 1105 1106 s = splimp(); 1107 /* 1108 * Process only the control protocol queue until we have at 1109 * least one NCP open. 1110 * 1111 * Do always serve all three queues in Cisco mode. 1112 */ 1113 IF_DEQUEUE(&sp->pp_cpq, m); 1114 if (m == NULL && 1115 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO)) { 1116 IF_DEQUEUE(&sp->pp_fastq, m); 1117 if (m == NULL) 1118 m = ifq_dequeue(&sp->pp_if.if_snd); 1119 } 1120 splx(s); 1121 return m; 1122 } 1123 1124 /* 1125 * Pick the next packet, do not remove it from the queue. 1126 */ 1127 struct mbuf * 1128 sppp_pick(struct ifnet *ifp) 1129 { 1130 struct sppp *sp = (struct sppp*)ifp; 1131 struct mbuf *m; 1132 int s; 1133 1134 s= splimp (); 1135 1136 m = sp->pp_cpq.ifq_head; 1137 if (m == NULL && 1138 (sp->pp_phase == PHASE_NETWORK || sp->pp_mode == IFF_CISCO)) { 1139 if ((m = sp->pp_fastq.ifq_head) == NULL) 1140 m = ifq_poll(&sp->pp_if.if_snd); 1141 } 1142 splx (s); 1143 return (m); 1144 } 1145 1146 /* 1147 * Process an ioctl request. Called on low priority level. 1148 */ 1149 int 1150 sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 1151 { 1152 struct ifreq *ifr = (struct ifreq*) data; 1153 struct sppp *sp = (struct sppp*) ifp; 1154 int s, rv, going_up, going_down, newmode; 1155 1156 s = splimp(); 1157 rv = 0; 1158 switch (cmd) { 1159 case SIOCAIFADDR: 1160 case SIOCSIFDSTADDR: 1161 break; 1162 1163 case SIOCSIFADDR: 1164 /* set the interface "up" when assigning an IP address */ 1165 ifp->if_flags |= IFF_UP; 1166 /* fall through... */ 1167 1168 case SIOCSIFFLAGS: 1169 going_up = ifp->if_flags & IFF_UP && 1170 (ifp->if_flags & IFF_RUNNING) == 0; 1171 going_down = (ifp->if_flags & IFF_UP) == 0 && 1172 ifp->if_flags & IFF_RUNNING; 1173 1174 newmode = ifp->if_flags & IFF_PASSIVE; 1175 if (!newmode) 1176 newmode = ifp->if_flags & IFF_AUTO; 1177 if (!newmode) 1178 newmode = ifp->if_flags & IFF_CISCO; 1179 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 1180 ifp->if_flags |= newmode; 1181 1182 if (newmode != sp->pp_mode) { 1183 going_down = 1; 1184 if (!going_up) 1185 going_up = ifp->if_flags & IFF_RUNNING; 1186 } 1187 1188 if (going_down) { 1189 if (sp->pp_mode != IFF_CISCO) 1190 lcp.Close(sp); 1191 else if (sp->pp_tlf) 1192 (sp->pp_tlf)(sp); 1193 sppp_flush(ifp); 1194 ifp->if_flags &= ~IFF_RUNNING; 1195 sp->pp_mode = newmode; 1196 } 1197 1198 if (going_up) { 1199 if (sp->pp_mode != IFF_CISCO) 1200 lcp.Close(sp); 1201 sp->pp_mode = newmode; 1202 if (sp->pp_mode == 0) { 1203 ifp->if_flags |= IFF_RUNNING; 1204 lcp.Open(sp); 1205 } 1206 if (sp->pp_mode == IFF_CISCO) { 1207 if (sp->pp_tls) 1208 (sp->pp_tls)(sp); 1209 ifp->if_flags |= IFF_RUNNING; 1210 } 1211 } 1212 1213 break; 1214 1215 #ifdef SIOCSIFMTU 1216 #ifndef ifr_mtu 1217 #define ifr_mtu ifr_metric 1218 #endif 1219 case SIOCSIFMTU: 1220 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1221 return (EINVAL); 1222 ifp->if_mtu = ifr->ifr_mtu; 1223 break; 1224 #endif 1225 #ifdef SLIOCSETMTU 1226 case SLIOCSETMTU: 1227 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1228 return (EINVAL); 1229 ifp->if_mtu = *(short*)data; 1230 break; 1231 #endif 1232 #ifdef SIOCGIFMTU 1233 case SIOCGIFMTU: 1234 ifr->ifr_mtu = ifp->if_mtu; 1235 break; 1236 #endif 1237 #ifdef SLIOCGETMTU 1238 case SLIOCGETMTU: 1239 *(short*)data = ifp->if_mtu; 1240 break; 1241 #endif 1242 case SIOCADDMULTI: 1243 case SIOCDELMULTI: 1244 break; 1245 1246 case SIOCGIFGENERIC: 1247 case SIOCSIFGENERIC: 1248 rv = sppp_params(sp, cmd, data); 1249 break; 1250 1251 default: 1252 rv = ENOTTY; 1253 } 1254 splx(s); 1255 return rv; 1256 } 1257 1258 /* 1259 * Cisco framing implementation. 1260 */ 1261 1262 /* 1263 * Handle incoming Cisco keepalive protocol packets. 1264 */ 1265 static void 1266 sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1267 { 1268 STDDCL; 1269 struct cisco_packet *h; 1270 u_long me, mymask; 1271 1272 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1273 if (debug) 1274 log(LOG_DEBUG, 1275 SPP_FMT "cisco invalid packet length: %d bytes\n", 1276 SPP_ARGS(ifp), m->m_pkthdr.len); 1277 return; 1278 } 1279 h = mtod (m, struct cisco_packet*); 1280 if (debug) 1281 log(LOG_DEBUG, 1282 SPP_FMT "cisco input: %d bytes " 1283 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1284 SPP_ARGS(ifp), m->m_pkthdr.len, 1285 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1286 (u_int)h->time0, (u_int)h->time1); 1287 switch (ntohl (h->type)) { 1288 default: 1289 if (debug) 1290 addlog(SPP_FMT "cisco unknown packet type: 0x%lx\n", 1291 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1292 break; 1293 case CISCO_ADDR_REPLY: 1294 /* Reply on address request, ignore */ 1295 break; 1296 case CISCO_KEEPALIVE_REQ: 1297 sp->pp_alivecnt = 0; 1298 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1299 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1300 /* Local and remote sequence numbers are equal. 1301 * Probably, the line is in loopback mode. */ 1302 if (sp->pp_loopcnt >= MAXALIVECNT) { 1303 printf (SPP_FMT "loopback\n", 1304 SPP_ARGS(ifp)); 1305 sp->pp_loopcnt = 0; 1306 if (ifp->if_flags & IFF_UP) { 1307 if_down (ifp); 1308 IF_DRAIN(&sp->pp_cpq); 1309 } 1310 } 1311 ++sp->pp_loopcnt; 1312 1313 /* Generate new local sequence number */ 1314 #if defined(__DragonFly__) 1315 sp->pp_seq[IDX_LCP] = random(); 1316 #else 1317 sp->pp_seq[IDX_LCP] ^= time.tv_sec ^ time.tv_usec; 1318 #endif 1319 break; 1320 } 1321 sp->pp_loopcnt = 0; 1322 if (! (ifp->if_flags & IFF_UP) && 1323 (ifp->if_flags & IFF_RUNNING)) { 1324 if_up(ifp); 1325 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1326 } 1327 break; 1328 case CISCO_ADDR_REQ: 1329 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1330 if (me != 0L) 1331 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1332 break; 1333 } 1334 } 1335 1336 /* 1337 * Send Cisco keepalive packet. 1338 */ 1339 static void 1340 sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1341 { 1342 STDDCL; 1343 struct ppp_header *h; 1344 struct cisco_packet *ch; 1345 struct mbuf *m; 1346 #if defined(__DragonFly__) 1347 struct timeval tv; 1348 #else 1349 u_long t = (time.tv_sec - boottime.tv_sec) * 1000; 1350 #endif 1351 1352 #if defined(__DragonFly__) 1353 getmicrouptime(&tv); 1354 #endif 1355 1356 MGETHDR (m, MB_DONTWAIT, MT_DATA); 1357 if (! m) 1358 return; 1359 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1360 m->m_pkthdr.rcvif = 0; 1361 1362 h = mtod (m, struct ppp_header*); 1363 h->address = CISCO_MULTICAST; 1364 h->control = 0; 1365 h->protocol = htons (CISCO_KEEPALIVE); 1366 1367 ch = (struct cisco_packet*) (h + 1); 1368 ch->type = htonl (type); 1369 ch->par1 = htonl (par1); 1370 ch->par2 = htonl (par2); 1371 ch->rel = -1; 1372 1373 #if defined(__DragonFly__) 1374 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1375 ch->time1 = htons ((u_short) tv.tv_sec); 1376 #else 1377 ch->time0 = htons ((u_short) (t >> 16)); 1378 ch->time1 = htons ((u_short) t); 1379 #endif 1380 1381 if (debug) 1382 log(LOG_DEBUG, 1383 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1384 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1385 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1386 1387 if (IF_QFULL (&sp->pp_cpq)) { 1388 IF_DROP (&sp->pp_fastq); 1389 IF_DROP (&ifp->if_snd); 1390 m_freem (m); 1391 } else 1392 IF_ENQUEUE (&sp->pp_cpq, m); 1393 if (! (ifp->if_flags & IFF_OACTIVE)) 1394 (*ifp->if_start) (ifp); 1395 ifp->if_obytes += m->m_pkthdr.len + 3; 1396 } 1397 1398 /* 1399 * PPP protocol implementation. 1400 */ 1401 1402 /* 1403 * Send PPP control protocol packet. 1404 */ 1405 static void 1406 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1407 u_char ident, u_short len, void *data) 1408 { 1409 STDDCL; 1410 struct ppp_header *h; 1411 struct lcp_header *lh; 1412 struct mbuf *m; 1413 1414 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1415 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1416 MGETHDR (m, MB_DONTWAIT, MT_DATA); 1417 if (! m) 1418 return; 1419 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1420 m->m_pkthdr.rcvif = 0; 1421 1422 h = mtod (m, struct ppp_header*); 1423 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1424 h->control = PPP_UI; /* Unnumbered Info */ 1425 h->protocol = htons (proto); /* Link Control Protocol */ 1426 1427 lh = (struct lcp_header*) (h + 1); 1428 lh->type = type; 1429 lh->ident = ident; 1430 lh->len = htons (LCP_HEADER_LEN + len); 1431 if (len) 1432 bcopy (data, lh+1, len); 1433 1434 if (debug) { 1435 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1436 SPP_ARGS(ifp), 1437 sppp_proto_name(proto), 1438 sppp_cp_type_name (lh->type), lh->ident, 1439 ntohs (lh->len)); 1440 sppp_print_bytes ((u_char*) (lh+1), len); 1441 addlog(">\n"); 1442 } 1443 if (IF_QFULL (&sp->pp_cpq)) { 1444 IF_DROP (&sp->pp_fastq); 1445 IF_DROP (&ifp->if_snd); 1446 m_freem (m); 1447 ++ifp->if_oerrors; 1448 } else 1449 IF_ENQUEUE (&sp->pp_cpq, m); 1450 if (! (ifp->if_flags & IFF_OACTIVE)) 1451 (*ifp->if_start) (ifp); 1452 ifp->if_obytes += m->m_pkthdr.len + 3; 1453 } 1454 1455 /* 1456 * Handle incoming PPP control protocol packets. 1457 */ 1458 static void 1459 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1460 { 1461 STDDCL; 1462 struct lcp_header *h; 1463 int len = m->m_pkthdr.len; 1464 int rv; 1465 u_char *p; 1466 1467 if (len < 4) { 1468 if (debug) 1469 log(LOG_DEBUG, 1470 SPP_FMT "%s invalid packet length: %d bytes\n", 1471 SPP_ARGS(ifp), cp->name, len); 1472 return; 1473 } 1474 h = mtod (m, struct lcp_header*); 1475 if (debug) { 1476 log(LOG_DEBUG, 1477 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1478 SPP_ARGS(ifp), cp->name, 1479 sppp_state_name(sp->state[cp->protoidx]), 1480 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1481 sppp_print_bytes ((u_char*) (h+1), len-4); 1482 addlog(">\n"); 1483 } 1484 if (len > ntohs (h->len)) 1485 len = ntohs (h->len); 1486 p = (u_char *)(h + 1); 1487 switch (h->type) { 1488 case CONF_REQ: 1489 if (len < 4) { 1490 if (debug) 1491 addlog(SPP_FMT "%s invalid conf-req length %d\n", 1492 SPP_ARGS(ifp), cp->name, 1493 len); 1494 ++ifp->if_ierrors; 1495 break; 1496 } 1497 /* handle states where RCR doesn't get a SCA/SCN */ 1498 switch (sp->state[cp->protoidx]) { 1499 case STATE_CLOSING: 1500 case STATE_STOPPING: 1501 return; 1502 case STATE_CLOSED: 1503 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1504 0, 0); 1505 return; 1506 } 1507 rv = (cp->RCR)(sp, h, len); 1508 switch (sp->state[cp->protoidx]) { 1509 case STATE_OPENED: 1510 (cp->tld)(sp); 1511 (cp->scr)(sp); 1512 /* fall through... */ 1513 case STATE_ACK_SENT: 1514 case STATE_REQ_SENT: 1515 /* 1516 * sppp_cp_change_state() have the side effect of 1517 * restarting the timeouts. We want to avoid that 1518 * if the state don't change, otherwise we won't 1519 * ever timeout and resend a configuration request 1520 * that got lost. 1521 */ 1522 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT: 1523 STATE_REQ_SENT)) 1524 break; 1525 sppp_cp_change_state(cp, sp, rv? 1526 STATE_ACK_SENT: STATE_REQ_SENT); 1527 break; 1528 case STATE_STOPPED: 1529 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1530 (cp->scr)(sp); 1531 sppp_cp_change_state(cp, sp, rv? 1532 STATE_ACK_SENT: STATE_REQ_SENT); 1533 break; 1534 case STATE_ACK_RCVD: 1535 if (rv) { 1536 sppp_cp_change_state(cp, sp, STATE_OPENED); 1537 if (debug) 1538 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1539 SPP_ARGS(ifp), 1540 cp->name); 1541 (cp->tlu)(sp); 1542 } else 1543 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1544 break; 1545 default: 1546 printf(SPP_FMT "%s illegal %s in state %s\n", 1547 SPP_ARGS(ifp), cp->name, 1548 sppp_cp_type_name(h->type), 1549 sppp_state_name(sp->state[cp->protoidx])); 1550 ++ifp->if_ierrors; 1551 } 1552 break; 1553 case CONF_ACK: 1554 if (h->ident != sp->confid[cp->protoidx]) { 1555 if (debug) 1556 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1557 SPP_ARGS(ifp), cp->name, 1558 h->ident, sp->confid[cp->protoidx]); 1559 ++ifp->if_ierrors; 1560 break; 1561 } 1562 switch (sp->state[cp->protoidx]) { 1563 case STATE_CLOSED: 1564 case STATE_STOPPED: 1565 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1566 break; 1567 case STATE_CLOSING: 1568 case STATE_STOPPING: 1569 break; 1570 case STATE_REQ_SENT: 1571 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1572 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1573 break; 1574 case STATE_OPENED: 1575 (cp->tld)(sp); 1576 /* fall through */ 1577 case STATE_ACK_RCVD: 1578 (cp->scr)(sp); 1579 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1580 break; 1581 case STATE_ACK_SENT: 1582 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1583 sppp_cp_change_state(cp, sp, STATE_OPENED); 1584 if (debug) 1585 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1586 SPP_ARGS(ifp), cp->name); 1587 (cp->tlu)(sp); 1588 break; 1589 default: 1590 printf(SPP_FMT "%s illegal %s in state %s\n", 1591 SPP_ARGS(ifp), cp->name, 1592 sppp_cp_type_name(h->type), 1593 sppp_state_name(sp->state[cp->protoidx])); 1594 ++ifp->if_ierrors; 1595 } 1596 break; 1597 case CONF_NAK: 1598 case CONF_REJ: 1599 if (h->ident != sp->confid[cp->protoidx]) { 1600 if (debug) 1601 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1602 SPP_ARGS(ifp), cp->name, 1603 h->ident, sp->confid[cp->protoidx]); 1604 ++ifp->if_ierrors; 1605 break; 1606 } 1607 if (h->type == CONF_NAK) 1608 (cp->RCN_nak)(sp, h, len); 1609 else /* CONF_REJ */ 1610 (cp->RCN_rej)(sp, h, len); 1611 1612 switch (sp->state[cp->protoidx]) { 1613 case STATE_CLOSED: 1614 case STATE_STOPPED: 1615 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1616 break; 1617 case STATE_REQ_SENT: 1618 case STATE_ACK_SENT: 1619 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1620 /* 1621 * Slow things down a bit if we think we might be 1622 * in loopback. Depend on the timeout to send the 1623 * next configuration request. 1624 */ 1625 if (sp->pp_loopcnt) 1626 break; 1627 (cp->scr)(sp); 1628 break; 1629 case STATE_OPENED: 1630 (cp->tld)(sp); 1631 /* fall through */ 1632 case STATE_ACK_RCVD: 1633 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1634 (cp->scr)(sp); 1635 break; 1636 case STATE_CLOSING: 1637 case STATE_STOPPING: 1638 break; 1639 default: 1640 printf(SPP_FMT "%s illegal %s in state %s\n", 1641 SPP_ARGS(ifp), cp->name, 1642 sppp_cp_type_name(h->type), 1643 sppp_state_name(sp->state[cp->protoidx])); 1644 ++ifp->if_ierrors; 1645 } 1646 break; 1647 1648 case TERM_REQ: 1649 switch (sp->state[cp->protoidx]) { 1650 case STATE_ACK_RCVD: 1651 case STATE_ACK_SENT: 1652 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1653 /* fall through */ 1654 case STATE_CLOSED: 1655 case STATE_STOPPED: 1656 case STATE_CLOSING: 1657 case STATE_STOPPING: 1658 case STATE_REQ_SENT: 1659 sta: 1660 /* Send Terminate-Ack packet. */ 1661 if (debug) 1662 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1663 SPP_ARGS(ifp), cp->name); 1664 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1665 break; 1666 case STATE_OPENED: 1667 (cp->tld)(sp); 1668 sp->rst_counter[cp->protoidx] = 0; 1669 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1670 goto sta; 1671 break; 1672 default: 1673 printf(SPP_FMT "%s illegal %s in state %s\n", 1674 SPP_ARGS(ifp), cp->name, 1675 sppp_cp_type_name(h->type), 1676 sppp_state_name(sp->state[cp->protoidx])); 1677 ++ifp->if_ierrors; 1678 } 1679 break; 1680 case TERM_ACK: 1681 switch (sp->state[cp->protoidx]) { 1682 case STATE_CLOSED: 1683 case STATE_STOPPED: 1684 case STATE_REQ_SENT: 1685 case STATE_ACK_SENT: 1686 break; 1687 case STATE_CLOSING: 1688 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1689 (cp->tlf)(sp); 1690 break; 1691 case STATE_STOPPING: 1692 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1693 (cp->tlf)(sp); 1694 break; 1695 case STATE_ACK_RCVD: 1696 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1697 break; 1698 case STATE_OPENED: 1699 (cp->tld)(sp); 1700 (cp->scr)(sp); 1701 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1702 break; 1703 default: 1704 printf(SPP_FMT "%s illegal %s in state %s\n", 1705 SPP_ARGS(ifp), cp->name, 1706 sppp_cp_type_name(h->type), 1707 sppp_state_name(sp->state[cp->protoidx])); 1708 ++ifp->if_ierrors; 1709 } 1710 break; 1711 case CODE_REJ: 1712 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1713 log(LOG_INFO, 1714 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1715 "danger will robinson\n", 1716 SPP_ARGS(ifp), cp->name, 1717 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1718 switch (sp->state[cp->protoidx]) { 1719 case STATE_CLOSED: 1720 case STATE_STOPPED: 1721 case STATE_REQ_SENT: 1722 case STATE_ACK_SENT: 1723 case STATE_CLOSING: 1724 case STATE_STOPPING: 1725 case STATE_OPENED: 1726 break; 1727 case STATE_ACK_RCVD: 1728 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1729 break; 1730 default: 1731 printf(SPP_FMT "%s illegal %s in state %s\n", 1732 SPP_ARGS(ifp), cp->name, 1733 sppp_cp_type_name(h->type), 1734 sppp_state_name(sp->state[cp->protoidx])); 1735 ++ifp->if_ierrors; 1736 } 1737 break; 1738 case PROTO_REJ: 1739 { 1740 int catastrophic; 1741 const struct cp *upper; 1742 int i; 1743 u_int16_t proto; 1744 1745 catastrophic = 0; 1746 upper = NULL; 1747 proto = ntohs(*((u_int16_t *)p)); 1748 for (i = 0; i < IDX_COUNT; i++) { 1749 if (cps[i]->proto == proto) { 1750 upper = cps[i]; 1751 break; 1752 } 1753 } 1754 if (upper == NULL) 1755 catastrophic++; 1756 1757 if (catastrophic || debug) 1758 log(catastrophic? LOG_INFO: LOG_DEBUG, 1759 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1760 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1761 sppp_cp_type_name(h->type), proto, 1762 upper ? upper->name : "unknown", 1763 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1764 1765 /* 1766 * if we got RXJ+ against conf-req, the peer does not implement 1767 * this particular protocol type. terminate the protocol. 1768 */ 1769 if (upper && !catastrophic) { 1770 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1771 upper->Close(sp); 1772 break; 1773 } 1774 } 1775 1776 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1777 switch (sp->state[cp->protoidx]) { 1778 case STATE_CLOSED: 1779 case STATE_STOPPED: 1780 case STATE_REQ_SENT: 1781 case STATE_ACK_SENT: 1782 case STATE_CLOSING: 1783 case STATE_STOPPING: 1784 case STATE_OPENED: 1785 break; 1786 case STATE_ACK_RCVD: 1787 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1788 break; 1789 default: 1790 printf(SPP_FMT "%s illegal %s in state %s\n", 1791 SPP_ARGS(ifp), cp->name, 1792 sppp_cp_type_name(h->type), 1793 sppp_state_name(sp->state[cp->protoidx])); 1794 ++ifp->if_ierrors; 1795 } 1796 break; 1797 } 1798 case DISC_REQ: 1799 if (cp->proto != PPP_LCP) 1800 goto illegal; 1801 /* Discard the packet. */ 1802 break; 1803 case ECHO_REQ: 1804 if (cp->proto != PPP_LCP) 1805 goto illegal; 1806 if (sp->state[cp->protoidx] != STATE_OPENED) { 1807 if (debug) 1808 addlog(SPP_FMT "lcp echo req but lcp closed\n", 1809 SPP_ARGS(ifp)); 1810 ++ifp->if_ierrors; 1811 break; 1812 } 1813 if (len < 8) { 1814 if (debug) 1815 addlog(SPP_FMT "invalid lcp echo request " 1816 "packet length: %d bytes\n", 1817 SPP_ARGS(ifp), len); 1818 break; 1819 } 1820 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1821 ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1822 /* Line loopback mode detected. */ 1823 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1824 sp->pp_loopcnt = MAXALIVECNT * 5; 1825 if_down (ifp); 1826 IF_DRAIN(&sp->pp_cpq); 1827 1828 /* Shut down the PPP link. */ 1829 /* XXX */ 1830 lcp.Down(sp); 1831 lcp.Up(sp); 1832 break; 1833 } 1834 *(long*)(h+1) = htonl (sp->lcp.magic); 1835 if (debug) 1836 addlog(SPP_FMT "got lcp echo req, sending echo rep\n", 1837 SPP_ARGS(ifp)); 1838 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1839 break; 1840 case ECHO_REPLY: 1841 if (cp->proto != PPP_LCP) 1842 goto illegal; 1843 if (h->ident != sp->lcp.echoid) { 1844 ++ifp->if_ierrors; 1845 break; 1846 } 1847 if (len < 8) { 1848 if (debug) 1849 addlog(SPP_FMT "lcp invalid echo reply " 1850 "packet length: %d bytes\n", 1851 SPP_ARGS(ifp), len); 1852 break; 1853 } 1854 if (debug) 1855 addlog(SPP_FMT "lcp got echo rep\n", 1856 SPP_ARGS(ifp)); 1857 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1858 ntohl (*(long*)(h+1)) != sp->lcp.magic) 1859 sp->pp_alivecnt = 0; 1860 break; 1861 default: 1862 /* Unknown packet type -- send Code-Reject packet. */ 1863 illegal: 1864 if (debug) 1865 addlog(SPP_FMT "%s send code-rej for 0x%x\n", 1866 SPP_ARGS(ifp), cp->name, h->type); 1867 sppp_cp_send(sp, cp->proto, CODE_REJ, 1868 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1869 ++ifp->if_ierrors; 1870 } 1871 } 1872 1873 1874 /* 1875 * The generic part of all Up/Down/Open/Close/TO event handlers. 1876 * Basically, the state transition handling in the automaton. 1877 */ 1878 static void 1879 sppp_up_event(const struct cp *cp, struct sppp *sp) 1880 { 1881 STDDCL; 1882 1883 if (debug) 1884 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1885 SPP_ARGS(ifp), cp->name, 1886 sppp_state_name(sp->state[cp->protoidx])); 1887 1888 switch (sp->state[cp->protoidx]) { 1889 case STATE_INITIAL: 1890 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1891 break; 1892 case STATE_STARTING: 1893 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1894 (cp->scr)(sp); 1895 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1896 break; 1897 default: 1898 printf(SPP_FMT "%s illegal up in state %s\n", 1899 SPP_ARGS(ifp), cp->name, 1900 sppp_state_name(sp->state[cp->protoidx])); 1901 } 1902 } 1903 1904 static void 1905 sppp_down_event(const struct cp *cp, struct sppp *sp) 1906 { 1907 STDDCL; 1908 1909 if (debug) 1910 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1911 SPP_ARGS(ifp), cp->name, 1912 sppp_state_name(sp->state[cp->protoidx])); 1913 1914 switch (sp->state[cp->protoidx]) { 1915 case STATE_CLOSED: 1916 case STATE_CLOSING: 1917 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1918 break; 1919 case STATE_STOPPED: 1920 sppp_cp_change_state(cp, sp, STATE_STARTING); 1921 (cp->tls)(sp); 1922 break; 1923 case STATE_STOPPING: 1924 case STATE_REQ_SENT: 1925 case STATE_ACK_RCVD: 1926 case STATE_ACK_SENT: 1927 sppp_cp_change_state(cp, sp, STATE_STARTING); 1928 break; 1929 case STATE_OPENED: 1930 (cp->tld)(sp); 1931 sppp_cp_change_state(cp, sp, STATE_STARTING); 1932 break; 1933 default: 1934 printf(SPP_FMT "%s illegal down in state %s\n", 1935 SPP_ARGS(ifp), cp->name, 1936 sppp_state_name(sp->state[cp->protoidx])); 1937 } 1938 } 1939 1940 1941 static void 1942 sppp_open_event(const struct cp *cp, struct sppp *sp) 1943 { 1944 STDDCL; 1945 1946 if (debug) 1947 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1948 SPP_ARGS(ifp), cp->name, 1949 sppp_state_name(sp->state[cp->protoidx])); 1950 1951 switch (sp->state[cp->protoidx]) { 1952 case STATE_INITIAL: 1953 sppp_cp_change_state(cp, sp, STATE_STARTING); 1954 (cp->tls)(sp); 1955 break; 1956 case STATE_STARTING: 1957 break; 1958 case STATE_CLOSED: 1959 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1960 (cp->scr)(sp); 1961 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1962 break; 1963 case STATE_STOPPED: 1964 /* 1965 * Try escaping stopped state. This seems to bite 1966 * people occasionally, in particular for IPCP, 1967 * presumably following previous IPCP negotiation 1968 * aborts. Somehow, we must have missed a Down event 1969 * which would have caused a transition into starting 1970 * state, so as a bandaid we force the Down event now. 1971 * This effectively implements (something like the) 1972 * `restart' option mentioned in the state transition 1973 * table of RFC 1661. 1974 */ 1975 sppp_cp_change_state(cp, sp, STATE_STARTING); 1976 (cp->tls)(sp); 1977 break; 1978 case STATE_STOPPING: 1979 case STATE_REQ_SENT: 1980 case STATE_ACK_RCVD: 1981 case STATE_ACK_SENT: 1982 case STATE_OPENED: 1983 break; 1984 case STATE_CLOSING: 1985 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1986 break; 1987 } 1988 } 1989 1990 1991 static void 1992 sppp_close_event(const struct cp *cp, struct sppp *sp) 1993 { 1994 STDDCL; 1995 1996 if (debug) 1997 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1998 SPP_ARGS(ifp), cp->name, 1999 sppp_state_name(sp->state[cp->protoidx])); 2000 2001 switch (sp->state[cp->protoidx]) { 2002 case STATE_INITIAL: 2003 case STATE_CLOSED: 2004 case STATE_CLOSING: 2005 break; 2006 case STATE_STARTING: 2007 sppp_cp_change_state(cp, sp, STATE_INITIAL); 2008 (cp->tlf)(sp); 2009 break; 2010 case STATE_STOPPED: 2011 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2012 break; 2013 case STATE_STOPPING: 2014 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2015 break; 2016 case STATE_OPENED: 2017 (cp->tld)(sp); 2018 /* fall through */ 2019 case STATE_REQ_SENT: 2020 case STATE_ACK_RCVD: 2021 case STATE_ACK_SENT: 2022 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 2023 sppp_cp_send(sp, cp->proto, TERM_REQ, 2024 ++sp->pp_seq[cp->protoidx], 0, 0); 2025 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2026 break; 2027 } 2028 } 2029 2030 static void 2031 sppp_to_event(const struct cp *cp, struct sppp *sp) 2032 { 2033 STDDCL; 2034 int s; 2035 2036 s = splimp(); 2037 if (debug) 2038 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 2039 SPP_ARGS(ifp), cp->name, 2040 sppp_state_name(sp->state[cp->protoidx]), 2041 sp->rst_counter[cp->protoidx]); 2042 2043 if (--sp->rst_counter[cp->protoidx] < 0) 2044 /* TO- event */ 2045 switch (sp->state[cp->protoidx]) { 2046 case STATE_CLOSING: 2047 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2048 (cp->tlf)(sp); 2049 break; 2050 case STATE_STOPPING: 2051 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2052 (cp->tlf)(sp); 2053 break; 2054 case STATE_REQ_SENT: 2055 case STATE_ACK_RCVD: 2056 case STATE_ACK_SENT: 2057 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2058 (cp->tlf)(sp); 2059 break; 2060 } 2061 else 2062 /* TO+ event */ 2063 switch (sp->state[cp->protoidx]) { 2064 case STATE_CLOSING: 2065 case STATE_STOPPING: 2066 sppp_cp_send(sp, cp->proto, TERM_REQ, 2067 ++sp->pp_seq[cp->protoidx], 0, 0); 2068 callout_reset(&sp->timeout[cp->protoidx], 2069 sp->lcp.timeout, cp->TO, sp); 2070 break; 2071 case STATE_REQ_SENT: 2072 case STATE_ACK_RCVD: 2073 (cp->scr)(sp); 2074 /* sppp_cp_change_state() will restart the timer */ 2075 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2076 break; 2077 case STATE_ACK_SENT: 2078 (cp->scr)(sp); 2079 callout_reset(&sp->timeout[cp->protoidx], 2080 sp->lcp.timeout, cp->TO, sp); 2081 break; 2082 } 2083 2084 splx(s); 2085 } 2086 2087 /* 2088 * Change the state of a control protocol in the state automaton. 2089 * Takes care of starting/stopping the restart timer. 2090 */ 2091 void 2092 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2093 { 2094 sp->state[cp->protoidx] = newstate; 2095 callout_stop(&sp->timeout[cp->protoidx]); 2096 2097 switch (newstate) { 2098 case STATE_INITIAL: 2099 case STATE_STARTING: 2100 case STATE_CLOSED: 2101 case STATE_STOPPED: 2102 case STATE_OPENED: 2103 break; 2104 case STATE_CLOSING: 2105 case STATE_STOPPING: 2106 case STATE_REQ_SENT: 2107 case STATE_ACK_RCVD: 2108 case STATE_ACK_SENT: 2109 callout_reset(&sp->timeout[cp->protoidx], 2110 sp->lcp.timeout, cp->TO, sp); 2111 break; 2112 } 2113 } 2114 2115 /* 2116 *--------------------------------------------------------------------------* 2117 * * 2118 * The LCP implementation. * 2119 * * 2120 *--------------------------------------------------------------------------* 2121 */ 2122 static void 2123 sppp_lcp_init(struct sppp *sp) 2124 { 2125 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2126 sp->lcp.magic = 0; 2127 sp->state[IDX_LCP] = STATE_INITIAL; 2128 sp->fail_counter[IDX_LCP] = 0; 2129 sp->pp_seq[IDX_LCP] = 0; 2130 sp->pp_rseq[IDX_LCP] = 0; 2131 sp->lcp.protos = 0; 2132 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2133 2134 /* Note that these values are relevant for all control protocols */ 2135 sp->lcp.timeout = 3 * hz; 2136 sp->lcp.max_terminate = 2; 2137 sp->lcp.max_configure = 10; 2138 sp->lcp.max_failure = 10; 2139 #if defined(__DragonFly__) 2140 callout_init(&sp->timeout[IDX_LCP]); 2141 #endif 2142 } 2143 2144 static void 2145 sppp_lcp_up(struct sppp *sp) 2146 { 2147 STDDCL; 2148 2149 sp->pp_alivecnt = 0; 2150 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2151 sp->lcp.magic = 0; 2152 sp->lcp.protos = 0; 2153 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2154 /* 2155 * If this interface is passive or dial-on-demand, and we are 2156 * still in Initial state, it means we've got an incoming 2157 * call. Activate the interface. 2158 */ 2159 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2160 if (debug) 2161 log(LOG_DEBUG, 2162 SPP_FMT "Up event", SPP_ARGS(ifp)); 2163 ifp->if_flags |= IFF_RUNNING; 2164 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2165 if (debug) 2166 addlog("(incoming call)\n"); 2167 sp->pp_flags |= PP_CALLIN; 2168 lcp.Open(sp); 2169 } else if (debug) 2170 addlog("\n"); 2171 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2172 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2173 ifp->if_flags |= IFF_RUNNING; 2174 lcp.Open(sp); 2175 } 2176 2177 sppp_up_event(&lcp, sp); 2178 } 2179 2180 static void 2181 sppp_lcp_down(struct sppp *sp) 2182 { 2183 STDDCL; 2184 2185 sppp_down_event(&lcp, sp); 2186 2187 /* 2188 * If this is neither a dial-on-demand nor a passive 2189 * interface, simulate an ``ifconfig down'' action, so the 2190 * administrator can force a redial by another ``ifconfig 2191 * up''. XXX For leased line operation, should we immediately 2192 * try to reopen the connection here? 2193 */ 2194 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2195 log(LOG_INFO, 2196 SPP_FMT "Down event, taking interface down.\n", 2197 SPP_ARGS(ifp)); 2198 if_down(ifp); 2199 } else { 2200 if (debug) 2201 log(LOG_DEBUG, 2202 SPP_FMT "Down event (carrier loss)\n", 2203 SPP_ARGS(ifp)); 2204 sp->pp_flags &= ~PP_CALLIN; 2205 if (sp->state[IDX_LCP] != STATE_INITIAL) 2206 lcp.Close(sp); 2207 ifp->if_flags &= ~IFF_RUNNING; 2208 } 2209 } 2210 2211 static void 2212 sppp_lcp_open(struct sppp *sp) 2213 { 2214 /* 2215 * If we are authenticator, negotiate LCP_AUTH 2216 */ 2217 if (sp->hisauth.proto != 0) 2218 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2219 else 2220 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2221 sp->pp_flags &= ~PP_NEEDAUTH; 2222 sppp_open_event(&lcp, sp); 2223 } 2224 2225 static void 2226 sppp_lcp_close(struct sppp *sp) 2227 { 2228 sppp_close_event(&lcp, sp); 2229 } 2230 2231 static void 2232 sppp_lcp_TO(void *cookie) 2233 { 2234 sppp_to_event(&lcp, (struct sppp *)cookie); 2235 } 2236 2237 /* 2238 * Analyze a configure request. Return true if it was agreeable, and 2239 * caused action sca, false if it has been rejected or nak'ed, and 2240 * caused action scn. (The return value is used to make the state 2241 * transition decision in the state automaton.) 2242 */ 2243 static int 2244 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2245 { 2246 STDDCL; 2247 u_char *buf, *r, *p; 2248 int origlen, rlen; 2249 u_long nmagic; 2250 u_short authproto; 2251 2252 len -= 4; 2253 origlen = len; 2254 buf = r = malloc (len, M_TEMP, M_INTWAIT); 2255 2256 if (debug) 2257 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 2258 SPP_ARGS(ifp)); 2259 2260 /* pass 1: check for things that need to be rejected */ 2261 p = (void*) (h+1); 2262 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2263 if (debug) 2264 addlog(" %s ", sppp_lcp_opt_name(*p)); 2265 switch (*p) { 2266 case LCP_OPT_MAGIC: 2267 /* Magic number. */ 2268 if (len >= 6 && p[1] == 6) 2269 continue; 2270 if (debug) 2271 addlog("[invalid] "); 2272 break; 2273 case LCP_OPT_ASYNC_MAP: 2274 /* Async control character map. */ 2275 if (len >= 6 && p[1] == 6) 2276 continue; 2277 if (debug) 2278 addlog("[invalid] "); 2279 break; 2280 case LCP_OPT_MRU: 2281 /* Maximum receive unit. */ 2282 if (len >= 4 && p[1] == 4) 2283 continue; 2284 if (debug) 2285 addlog("[invalid] "); 2286 break; 2287 case LCP_OPT_AUTH_PROTO: 2288 if (len < 4) { 2289 if (debug) 2290 addlog("[invalid] "); 2291 break; 2292 } 2293 authproto = (p[2] << 8) + p[3]; 2294 if (authproto == PPP_CHAP && p[1] != 5) { 2295 if (debug) 2296 addlog("[invalid chap len] "); 2297 break; 2298 } 2299 if (sp->myauth.proto == 0) { 2300 /* we are not configured to do auth */ 2301 if (debug) 2302 addlog("[not configured] "); 2303 break; 2304 } 2305 /* 2306 * Remote want us to authenticate, remember this, 2307 * so we stay in PHASE_AUTHENTICATE after LCP got 2308 * up. 2309 */ 2310 sp->pp_flags |= PP_NEEDAUTH; 2311 continue; 2312 default: 2313 /* Others not supported. */ 2314 if (debug) 2315 addlog("[rej] "); 2316 break; 2317 } 2318 /* Add the option to rejected list. */ 2319 bcopy (p, r, p[1]); 2320 r += p[1]; 2321 rlen += p[1]; 2322 } 2323 if (rlen) { 2324 if (debug) 2325 addlog(" send conf-rej\n"); 2326 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2327 return 0; 2328 } else if (debug) 2329 addlog("\n"); 2330 2331 /* 2332 * pass 2: check for option values that are unacceptable and 2333 * thus require to be nak'ed. 2334 */ 2335 if (debug) 2336 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2337 SPP_ARGS(ifp)); 2338 2339 p = (void*) (h+1); 2340 len = origlen; 2341 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2342 if (debug) 2343 addlog(" %s ", sppp_lcp_opt_name(*p)); 2344 switch (*p) { 2345 case LCP_OPT_MAGIC: 2346 /* Magic number -- extract. */ 2347 nmagic = (u_long)p[2] << 24 | 2348 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2349 if (nmagic != sp->lcp.magic) { 2350 sp->pp_loopcnt = 0; 2351 if (debug) 2352 addlog("0x%lx ", nmagic); 2353 continue; 2354 } 2355 if (debug && sp->pp_loopcnt < MAXALIVECNT*5) 2356 addlog("[glitch] "); 2357 ++sp->pp_loopcnt; 2358 /* 2359 * We negate our magic here, and NAK it. If 2360 * we see it later in an NAK packet, we 2361 * suggest a new one. 2362 */ 2363 nmagic = ~sp->lcp.magic; 2364 /* Gonna NAK it. */ 2365 p[2] = nmagic >> 24; 2366 p[3] = nmagic >> 16; 2367 p[4] = nmagic >> 8; 2368 p[5] = nmagic; 2369 break; 2370 2371 case LCP_OPT_ASYNC_MAP: 2372 /* 2373 * Async control character map -- just ignore it. 2374 * 2375 * Quote from RFC 1662, chapter 6: 2376 * To enable this functionality, synchronous PPP 2377 * implementations MUST always respond to the 2378 * Async-Control-Character-Map Configuration 2379 * Option with the LCP Configure-Ack. However, 2380 * acceptance of the Configuration Option does 2381 * not imply that the synchronous implementation 2382 * will do any ACCM mapping. Instead, all such 2383 * octet mapping will be performed by the 2384 * asynchronous-to-synchronous converter. 2385 */ 2386 continue; 2387 2388 case LCP_OPT_MRU: 2389 /* 2390 * Maximum receive unit. Always agreeable, 2391 * but ignored by now. 2392 */ 2393 sp->lcp.their_mru = p[2] * 256 + p[3]; 2394 if (debug) 2395 addlog("%lu ", sp->lcp.their_mru); 2396 continue; 2397 2398 case LCP_OPT_AUTH_PROTO: 2399 authproto = (p[2] << 8) + p[3]; 2400 if (sp->myauth.proto != authproto) { 2401 /* not agreed, nak */ 2402 if (debug) 2403 addlog("[mine %s != his %s] ", 2404 sppp_proto_name(sp->hisauth.proto), 2405 sppp_proto_name(authproto)); 2406 p[2] = sp->myauth.proto >> 8; 2407 p[3] = sp->myauth.proto; 2408 break; 2409 } 2410 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2411 if (debug) 2412 addlog("[chap not MD5] "); 2413 p[4] = CHAP_MD5; 2414 break; 2415 } 2416 continue; 2417 } 2418 /* Add the option to nak'ed list. */ 2419 bcopy (p, r, p[1]); 2420 r += p[1]; 2421 rlen += p[1]; 2422 } 2423 if (rlen) { 2424 /* 2425 * Local and remote magics equal -- loopback? 2426 */ 2427 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2428 if (sp->pp_loopcnt == MAXALIVECNT*5) 2429 printf (SPP_FMT "loopback\n", 2430 SPP_ARGS(ifp)); 2431 if (ifp->if_flags & IFF_UP) { 2432 if_down(ifp); 2433 IF_DRAIN(&sp->pp_cpq); 2434 /* XXX ? */ 2435 lcp.Down(sp); 2436 lcp.Up(sp); 2437 } 2438 } else if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2439 if (debug) 2440 addlog(" max_failure (%d) exceeded, " 2441 "send conf-rej\n", 2442 sp->lcp.max_failure); 2443 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2444 } else { 2445 if (debug) 2446 addlog(" send conf-nak\n"); 2447 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2448 } 2449 } else { 2450 if (debug) 2451 addlog(" send conf-ack\n"); 2452 sp->fail_counter[IDX_LCP] = 0; 2453 sp->pp_loopcnt = 0; 2454 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2455 h->ident, origlen, h+1); 2456 } 2457 2458 free (buf, M_TEMP); 2459 return (rlen == 0); 2460 } 2461 2462 /* 2463 * Analyze the LCP Configure-Reject option list, and adjust our 2464 * negotiation. 2465 */ 2466 static void 2467 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2468 { 2469 STDDCL; 2470 u_char *buf, *p; 2471 2472 len -= 4; 2473 buf = malloc (len, M_TEMP, M_INTWAIT); 2474 2475 if (debug) 2476 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2477 SPP_ARGS(ifp)); 2478 2479 p = (void*) (h+1); 2480 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2481 if (debug) 2482 addlog(" %s ", sppp_lcp_opt_name(*p)); 2483 switch (*p) { 2484 case LCP_OPT_MAGIC: 2485 /* Magic number -- can't use it, use 0 */ 2486 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2487 sp->lcp.magic = 0; 2488 break; 2489 case LCP_OPT_MRU: 2490 /* 2491 * Should not be rejected anyway, since we only 2492 * negotiate a MRU if explicitly requested by 2493 * peer. 2494 */ 2495 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2496 break; 2497 case LCP_OPT_AUTH_PROTO: 2498 /* 2499 * Peer doesn't want to authenticate himself, 2500 * deny unless this is a dialout call, and 2501 * AUTHFLAG_NOCALLOUT is set. 2502 */ 2503 if ((sp->pp_flags & PP_CALLIN) == 0 && 2504 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2505 if (debug) 2506 addlog("[don't insist on auth " 2507 "for callout]"); 2508 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2509 break; 2510 } 2511 if (debug) 2512 addlog("[access denied]\n"); 2513 lcp.Close(sp); 2514 break; 2515 } 2516 } 2517 if (debug) 2518 addlog("\n"); 2519 free (buf, M_TEMP); 2520 return; 2521 } 2522 2523 /* 2524 * Analyze the LCP Configure-NAK option list, and adjust our 2525 * negotiation. 2526 */ 2527 static void 2528 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2529 { 2530 STDDCL; 2531 u_char *buf, *p; 2532 u_long magic; 2533 2534 len -= 4; 2535 buf = malloc (len, M_TEMP, M_INTWAIT); 2536 2537 if (debug) 2538 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2539 SPP_ARGS(ifp)); 2540 2541 p = (void*) (h+1); 2542 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2543 if (debug) 2544 addlog(" %s ", sppp_lcp_opt_name(*p)); 2545 switch (*p) { 2546 case LCP_OPT_MAGIC: 2547 /* Magic number -- renegotiate */ 2548 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2549 len >= 6 && p[1] == 6) { 2550 magic = (u_long)p[2] << 24 | 2551 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2552 /* 2553 * If the remote magic is our negated one, 2554 * this looks like a loopback problem. 2555 * Suggest a new magic to make sure. 2556 */ 2557 if (magic == ~sp->lcp.magic) { 2558 if (debug) 2559 addlog("magic glitch "); 2560 #if defined(__DragonFly__) 2561 sp->lcp.magic = random(); 2562 #else 2563 sp->lcp.magic = time.tv_sec + time.tv_usec; 2564 #endif 2565 } else { 2566 sp->lcp.magic = magic; 2567 if (debug) 2568 addlog("%lu ", magic); 2569 } 2570 } 2571 break; 2572 case LCP_OPT_MRU: 2573 /* 2574 * Peer wants to advise us to negotiate an MRU. 2575 * Agree on it if it's reasonable, or use 2576 * default otherwise. 2577 */ 2578 if (len >= 4 && p[1] == 4) { 2579 u_int mru = p[2] * 256 + p[3]; 2580 if (debug) 2581 addlog("%d ", mru); 2582 if (mru < PP_MTU || mru > PP_MAX_MRU) 2583 mru = PP_MTU; 2584 sp->lcp.mru = mru; 2585 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2586 } 2587 break; 2588 case LCP_OPT_AUTH_PROTO: 2589 /* 2590 * Peer doesn't like our authentication method, 2591 * deny. 2592 */ 2593 if (debug) 2594 addlog("[access denied]\n"); 2595 lcp.Close(sp); 2596 break; 2597 } 2598 } 2599 if (debug) 2600 addlog("\n"); 2601 free (buf, M_TEMP); 2602 return; 2603 } 2604 2605 static void 2606 sppp_lcp_tlu(struct sppp *sp) 2607 { 2608 STDDCL; 2609 int i; 2610 u_long mask; 2611 2612 /* XXX ? */ 2613 if (! (ifp->if_flags & IFF_UP) && 2614 (ifp->if_flags & IFF_RUNNING)) { 2615 /* Coming out of loopback mode. */ 2616 if_up(ifp); 2617 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2618 } 2619 2620 for (i = 0; i < IDX_COUNT; i++) 2621 if ((cps[i])->flags & CP_QUAL) 2622 (cps[i])->Open(sp); 2623 2624 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2625 (sp->pp_flags & PP_NEEDAUTH) != 0) 2626 sp->pp_phase = PHASE_AUTHENTICATE; 2627 else 2628 sp->pp_phase = PHASE_NETWORK; 2629 2630 if (debug) 2631 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2632 sppp_phase_name(sp->pp_phase)); 2633 2634 /* 2635 * Open all authentication protocols. This is even required 2636 * if we already proceeded to network phase, since it might be 2637 * that remote wants us to authenticate, so we might have to 2638 * send a PAP request. Undesired authentication protocols 2639 * don't do anything when they get an Open event. 2640 */ 2641 for (i = 0; i < IDX_COUNT; i++) 2642 if ((cps[i])->flags & CP_AUTH) 2643 (cps[i])->Open(sp); 2644 2645 if (sp->pp_phase == PHASE_NETWORK) { 2646 /* Notify all NCPs. */ 2647 for (i = 0; i < IDX_COUNT; i++) 2648 if (((cps[i])->flags & CP_NCP) && 2649 /* 2650 * XXX 2651 * Hack to administratively disable IPv6 if 2652 * not desired. Perhaps we should have another 2653 * flag for this, but right now, we can make 2654 * all struct cp's read/only. 2655 */ 2656 (cps[i] != &ipv6cp || 2657 (sp->confflags & CONF_ENABLE_IPV6))) 2658 (cps[i])->Open(sp); 2659 } 2660 2661 /* Send Up events to all started protos. */ 2662 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2663 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2664 (cps[i])->Up(sp); 2665 2666 /* notify low-level driver of state change */ 2667 if (sp->pp_chg) 2668 sp->pp_chg(sp, (int)sp->pp_phase); 2669 2670 if (sp->pp_phase == PHASE_NETWORK) 2671 /* if no NCP is starting, close down */ 2672 sppp_lcp_check_and_close(sp); 2673 } 2674 2675 static void 2676 sppp_lcp_tld(struct sppp *sp) 2677 { 2678 STDDCL; 2679 int i; 2680 u_long mask; 2681 2682 sp->pp_phase = PHASE_TERMINATE; 2683 2684 if (debug) 2685 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2686 sppp_phase_name(sp->pp_phase)); 2687 2688 /* 2689 * Take upper layers down. We send the Down event first and 2690 * the Close second to prevent the upper layers from sending 2691 * ``a flurry of terminate-request packets'', as the RFC 2692 * describes it. 2693 */ 2694 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2695 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2696 (cps[i])->Down(sp); 2697 (cps[i])->Close(sp); 2698 } 2699 } 2700 2701 static void 2702 sppp_lcp_tls(struct sppp *sp) 2703 { 2704 STDDCL; 2705 2706 sp->pp_phase = PHASE_ESTABLISH; 2707 2708 if (debug) 2709 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2710 sppp_phase_name(sp->pp_phase)); 2711 2712 /* Notify lower layer if desired. */ 2713 if (sp->pp_tls) 2714 (sp->pp_tls)(sp); 2715 else 2716 (sp->pp_up)(sp); 2717 } 2718 2719 static void 2720 sppp_lcp_tlf(struct sppp *sp) 2721 { 2722 STDDCL; 2723 2724 sp->pp_phase = PHASE_DEAD; 2725 if (debug) 2726 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2727 sppp_phase_name(sp->pp_phase)); 2728 2729 /* Notify lower layer if desired. */ 2730 if (sp->pp_tlf) 2731 (sp->pp_tlf)(sp); 2732 else 2733 (sp->pp_down)(sp); 2734 } 2735 2736 static void 2737 sppp_lcp_scr(struct sppp *sp) 2738 { 2739 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2740 int i = 0; 2741 u_short authproto; 2742 2743 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2744 if (! sp->lcp.magic) 2745 #if defined(__DragonFly__) 2746 sp->lcp.magic = random(); 2747 #else 2748 sp->lcp.magic = time.tv_sec + time.tv_usec; 2749 #endif 2750 opt[i++] = LCP_OPT_MAGIC; 2751 opt[i++] = 6; 2752 opt[i++] = sp->lcp.magic >> 24; 2753 opt[i++] = sp->lcp.magic >> 16; 2754 opt[i++] = sp->lcp.magic >> 8; 2755 opt[i++] = sp->lcp.magic; 2756 } 2757 2758 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2759 opt[i++] = LCP_OPT_MRU; 2760 opt[i++] = 4; 2761 opt[i++] = sp->lcp.mru >> 8; 2762 opt[i++] = sp->lcp.mru; 2763 } 2764 2765 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2766 authproto = sp->hisauth.proto; 2767 opt[i++] = LCP_OPT_AUTH_PROTO; 2768 opt[i++] = authproto == PPP_CHAP? 5: 4; 2769 opt[i++] = authproto >> 8; 2770 opt[i++] = authproto; 2771 if (authproto == PPP_CHAP) 2772 opt[i++] = CHAP_MD5; 2773 } 2774 2775 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2776 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2777 } 2778 2779 /* 2780 * Check the open NCPs, return true if at least one NCP is open. 2781 */ 2782 static int 2783 sppp_ncp_check(struct sppp *sp) 2784 { 2785 int i, mask; 2786 2787 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2788 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2789 return 1; 2790 return 0; 2791 } 2792 2793 /* 2794 * Re-check the open NCPs and see if we should terminate the link. 2795 * Called by the NCPs during their tlf action handling. 2796 */ 2797 static void 2798 sppp_lcp_check_and_close(struct sppp *sp) 2799 { 2800 2801 if (sp->pp_phase < PHASE_NETWORK) 2802 /* don't bother, we are already going down */ 2803 return; 2804 2805 if (sppp_ncp_check(sp)) 2806 return; 2807 2808 lcp.Close(sp); 2809 } 2810 2811 /* 2812 *--------------------------------------------------------------------------* 2813 * * 2814 * The IPCP implementation. * 2815 * * 2816 *--------------------------------------------------------------------------* 2817 */ 2818 2819 static void 2820 sppp_ipcp_init(struct sppp *sp) 2821 { 2822 sp->ipcp.opts = 0; 2823 sp->ipcp.flags = 0; 2824 sp->state[IDX_IPCP] = STATE_INITIAL; 2825 sp->fail_counter[IDX_IPCP] = 0; 2826 sp->pp_seq[IDX_IPCP] = 0; 2827 sp->pp_rseq[IDX_IPCP] = 0; 2828 #if defined(__DragonFly__) 2829 callout_init(&sp->timeout[IDX_IPCP]); 2830 #endif 2831 } 2832 2833 static void 2834 sppp_ipcp_up(struct sppp *sp) 2835 { 2836 sppp_up_event(&ipcp, sp); 2837 } 2838 2839 static void 2840 sppp_ipcp_down(struct sppp *sp) 2841 { 2842 sppp_down_event(&ipcp, sp); 2843 } 2844 2845 static void 2846 sppp_ipcp_open(struct sppp *sp) 2847 { 2848 STDDCL; 2849 u_long myaddr, hisaddr; 2850 2851 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN | IPCP_MYADDR_SEEN | 2852 IPCP_MYADDR_DYN | IPCP_VJ); 2853 sp->ipcp.opts = 0; 2854 2855 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2856 /* 2857 * If we don't have his address, this probably means our 2858 * interface doesn't want to talk IP at all. (This could 2859 * be the case if somebody wants to speak only IPX, for 2860 * example.) Don't open IPCP in this case. 2861 */ 2862 if (hisaddr == 0L) { 2863 /* XXX this message should go away */ 2864 if (debug) 2865 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2866 SPP_ARGS(ifp)); 2867 return; 2868 } 2869 if (myaddr == 0L) { 2870 /* 2871 * I don't have an assigned address, so i need to 2872 * negotiate my address. 2873 */ 2874 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2875 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2876 } else 2877 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2878 if (sp->confflags & CONF_ENABLE_VJ) { 2879 sp->ipcp.opts |= (1 << IPCP_OPT_COMPRESSION); 2880 sp->ipcp.max_state = MAX_STATES - 1; 2881 sp->ipcp.compress_cid = 1; 2882 } 2883 sppp_open_event(&ipcp, sp); 2884 } 2885 2886 static void 2887 sppp_ipcp_close(struct sppp *sp) 2888 { 2889 sppp_close_event(&ipcp, sp); 2890 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2891 /* 2892 * My address was dynamic, clear it again. 2893 */ 2894 sppp_set_ip_addr(sp, 0L); 2895 } 2896 2897 static void 2898 sppp_ipcp_TO(void *cookie) 2899 { 2900 sppp_to_event(&ipcp, (struct sppp *)cookie); 2901 } 2902 2903 /* 2904 * Analyze a configure request. Return true if it was agreeable, and 2905 * caused action sca, false if it has been rejected or nak'ed, and 2906 * caused action scn. (The return value is used to make the state 2907 * transition decision in the state automaton.) 2908 */ 2909 static int 2910 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2911 { 2912 u_char *buf, *r, *p; 2913 struct ifnet *ifp = &sp->pp_if; 2914 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2915 u_long hisaddr, desiredaddr; 2916 int gotmyaddr = 0; 2917 int desiredcomp; 2918 2919 len -= 4; 2920 origlen = len; 2921 /* 2922 * Make sure to allocate a buf that can at least hold a 2923 * conf-nak with an `address' option. We might need it below. 2924 */ 2925 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_INTWAIT); 2926 2927 /* pass 1: see if we can recognize them */ 2928 if (debug) 2929 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2930 SPP_ARGS(ifp)); 2931 p = (void*) (h+1); 2932 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2933 if (debug) 2934 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2935 switch (*p) { 2936 case IPCP_OPT_COMPRESSION: 2937 if (!(sp->confflags & CONF_ENABLE_VJ)) { 2938 /* VJ compression administratively disabled */ 2939 if (debug) 2940 addlog("[locally disabled] "); 2941 break; 2942 } 2943 /* 2944 * In theory, we should only conf-rej an 2945 * option that is shorter than RFC 1618 2946 * requires (i.e. < 4), and should conf-nak 2947 * anything else that is not VJ. However, 2948 * since our algorithm always uses the 2949 * original option to NAK it with new values, 2950 * things would become more complicated. In 2951 * pratice, the only commonly implemented IP 2952 * compression option is VJ anyway, so the 2953 * difference is negligible. 2954 */ 2955 if (len >= 6 && p[1] == 6) { 2956 /* 2957 * correctly formed compression option 2958 * that could be VJ compression 2959 */ 2960 continue; 2961 } 2962 if (debug) 2963 addlog("optlen %d [invalid/unsupported] ", 2964 p[1]); 2965 break; 2966 case IPCP_OPT_ADDRESS: 2967 if (len >= 6 && p[1] == 6) { 2968 /* correctly formed address option */ 2969 continue; 2970 } 2971 if (debug) 2972 addlog("[invalid] "); 2973 break; 2974 default: 2975 /* Others not supported. */ 2976 if (debug) 2977 addlog("[rej] "); 2978 break; 2979 } 2980 /* Add the option to rejected list. */ 2981 bcopy (p, r, p[1]); 2982 r += p[1]; 2983 rlen += p[1]; 2984 } 2985 if (rlen) { 2986 if (debug) 2987 addlog(" send conf-rej\n"); 2988 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2989 return 0; 2990 } else if (debug) 2991 addlog("\n"); 2992 2993 /* pass 2: parse option values */ 2994 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 2995 if (debug) 2996 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2997 SPP_ARGS(ifp)); 2998 p = (void*) (h+1); 2999 len = origlen; 3000 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3001 if (debug) 3002 addlog(" %s ", sppp_ipcp_opt_name(*p)); 3003 switch (*p) { 3004 case IPCP_OPT_COMPRESSION: 3005 desiredcomp = p[2] << 8 | p[3]; 3006 /* We only support VJ */ 3007 if (desiredcomp == IPCP_COMP_VJ) { 3008 if (debug) 3009 addlog("VJ [ack] "); 3010 sp->ipcp.flags |= IPCP_VJ; 3011 sl_compress_init(sp->pp_comp, p[4]); 3012 sp->ipcp.max_state = p[4]; 3013 sp->ipcp.compress_cid = p[5]; 3014 continue; 3015 } 3016 if (debug) 3017 addlog("compproto %#04x [not supported] ", 3018 desiredcomp); 3019 p[2] = IPCP_COMP_VJ >> 8; 3020 p[3] = IPCP_COMP_VJ; 3021 p[4] = sp->ipcp.max_state; 3022 p[5] = sp->ipcp.compress_cid; 3023 break; 3024 case IPCP_OPT_ADDRESS: 3025 /* This is the address he wants in his end */ 3026 desiredaddr = p[2] << 24 | p[3] << 16 | 3027 p[4] << 8 | p[5]; 3028 if (desiredaddr == hisaddr || 3029 (hisaddr >= 1 && hisaddr <= 254 && desiredaddr != 0)) { 3030 /* 3031 * Peer's address is same as our value, 3032 * or we have set it to 0.0.0.* to 3033 * indicate that we do not really care, 3034 * this is agreeable. Gonna conf-ack 3035 * it. 3036 */ 3037 if (debug) 3038 addlog("%s [ack] ", 3039 sppp_dotted_quad(hisaddr)); 3040 /* record that we've seen it already */ 3041 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 3042 continue; 3043 } 3044 /* 3045 * The address wasn't agreeable. This is either 3046 * he sent us 0.0.0.0, asking to assign him an 3047 * address, or he send us another address not 3048 * matching our value. Either case, we gonna 3049 * conf-nak it with our value. 3050 * XXX: we should "rej" if hisaddr == 0 3051 */ 3052 if (debug) { 3053 if (desiredaddr == 0) 3054 addlog("[addr requested] "); 3055 else 3056 addlog("%s [not agreed] ", 3057 sppp_dotted_quad(desiredaddr)); 3058 3059 } 3060 p[2] = hisaddr >> 24; 3061 p[3] = hisaddr >> 16; 3062 p[4] = hisaddr >> 8; 3063 p[5] = hisaddr; 3064 break; 3065 } 3066 /* Add the option to nak'ed list. */ 3067 bcopy (p, r, p[1]); 3068 r += p[1]; 3069 rlen += p[1]; 3070 } 3071 3072 /* 3073 * If we are about to conf-ack the request, but haven't seen 3074 * his address so far, gonna conf-nak it instead, with the 3075 * `address' option present and our idea of his address being 3076 * filled in there, to request negotiation of both addresses. 3077 * 3078 * XXX This can result in an endless req - nak loop if peer 3079 * doesn't want to send us his address. Q: What should we do 3080 * about it? XXX A: implement the max-failure counter. 3081 */ 3082 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 3083 buf[0] = IPCP_OPT_ADDRESS; 3084 buf[1] = 6; 3085 buf[2] = hisaddr >> 24; 3086 buf[3] = hisaddr >> 16; 3087 buf[4] = hisaddr >> 8; 3088 buf[5] = hisaddr; 3089 rlen = 6; 3090 if (debug) 3091 addlog("still need hisaddr "); 3092 } 3093 3094 if (rlen) { 3095 if (debug) 3096 addlog(" send conf-nak\n"); 3097 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 3098 } else { 3099 if (debug) 3100 addlog(" send conf-ack\n"); 3101 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 3102 h->ident, origlen, h+1); 3103 } 3104 3105 free (buf, M_TEMP); 3106 return (rlen == 0); 3107 } 3108 3109 /* 3110 * Analyze the IPCP Configure-Reject option list, and adjust our 3111 * negotiation. 3112 */ 3113 static void 3114 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3115 { 3116 u_char *buf, *p; 3117 struct ifnet *ifp = &sp->pp_if; 3118 int debug = ifp->if_flags & IFF_DEBUG; 3119 3120 len -= 4; 3121 buf = malloc (len, M_TEMP, M_INTWAIT); 3122 3123 if (debug) 3124 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 3125 SPP_ARGS(ifp)); 3126 3127 p = (void*) (h+1); 3128 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3129 if (debug) 3130 addlog(" %s ", sppp_ipcp_opt_name(*p)); 3131 switch (*p) { 3132 case IPCP_OPT_COMPRESSION: 3133 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESSION); 3134 break; 3135 case IPCP_OPT_ADDRESS: 3136 /* 3137 * Peer doesn't grok address option. This is 3138 * bad. XXX Should we better give up here? 3139 * XXX We could try old "addresses" option... 3140 */ 3141 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3142 break; 3143 } 3144 } 3145 if (debug) 3146 addlog("\n"); 3147 free (buf, M_TEMP); 3148 return; 3149 } 3150 3151 /* 3152 * Analyze the IPCP Configure-NAK option list, and adjust our 3153 * negotiation. 3154 */ 3155 static void 3156 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3157 { 3158 u_char *buf, *p; 3159 struct ifnet *ifp = &sp->pp_if; 3160 int debug = ifp->if_flags & IFF_DEBUG; 3161 int desiredcomp; 3162 u_long wantaddr; 3163 3164 len -= 4; 3165 buf = malloc (len, M_TEMP, M_INTWAIT); 3166 3167 if (debug) 3168 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 3169 SPP_ARGS(ifp)); 3170 3171 p = (void*) (h+1); 3172 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3173 if (debug) 3174 addlog(" %s ", sppp_ipcp_opt_name(*p)); 3175 switch (*p) { 3176 case IPCP_OPT_COMPRESSION: 3177 if (len >= 6 && p[1] == 6) { 3178 desiredcomp = p[2] << 8 | p[3]; 3179 if (debug) 3180 addlog("[wantcomp %#04x] ", 3181 desiredcomp); 3182 if (desiredcomp == IPCP_COMP_VJ) { 3183 sl_compress_init(sp->pp_comp, p[4]); 3184 sp->ipcp.max_state = p[4]; 3185 sp->ipcp.compress_cid = p[5]; 3186 if (debug) 3187 addlog("[agree] "); 3188 } else 3189 sp->ipcp.opts &= 3190 ~(1 << IPCP_OPT_COMPRESSION); 3191 } 3192 break; 3193 case IPCP_OPT_ADDRESS: 3194 /* 3195 * Peer doesn't like our local IP address. See 3196 * if we can do something for him. We'll drop 3197 * him our address then. 3198 */ 3199 if (len >= 6 && p[1] == 6) { 3200 wantaddr = p[2] << 24 | p[3] << 16 | 3201 p[4] << 8 | p[5]; 3202 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3203 if (debug) 3204 addlog("[wantaddr %s] ", 3205 sppp_dotted_quad(wantaddr)); 3206 /* 3207 * When doing dynamic address assignment, 3208 * we accept his offer. Otherwise, we 3209 * ignore it and thus continue to negotiate 3210 * our already existing value. 3211 * XXX: Bogus, if he said no once, he'll 3212 * just say no again, might as well die. 3213 */ 3214 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3215 sppp_set_ip_addr(sp, wantaddr); 3216 if (debug) 3217 addlog("[agree] "); 3218 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3219 } 3220 } 3221 break; 3222 } 3223 } 3224 if (debug) 3225 addlog("\n"); 3226 free (buf, M_TEMP); 3227 return; 3228 } 3229 3230 static void 3231 sppp_ipcp_tlu(struct sppp *sp) 3232 { 3233 /* we are up - notify isdn daemon */ 3234 if (sp->pp_con) 3235 sp->pp_con(sp); 3236 } 3237 3238 static void 3239 sppp_ipcp_tld(struct sppp *sp) 3240 { 3241 } 3242 3243 static void 3244 sppp_ipcp_tls(struct sppp *sp) 3245 { 3246 /* indicate to LCP that it must stay alive */ 3247 sp->lcp.protos |= (1 << IDX_IPCP); 3248 } 3249 3250 static void 3251 sppp_ipcp_tlf(struct sppp *sp) 3252 { 3253 /* we no longer need LCP */ 3254 sp->lcp.protos &= ~(1 << IDX_IPCP); 3255 sppp_lcp_check_and_close(sp); 3256 } 3257 3258 static void 3259 sppp_ipcp_scr(struct sppp *sp) 3260 { 3261 char opt[6 /* compression */ + 6 /* address */]; 3262 u_long ouraddr; 3263 int i = 0; 3264 3265 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3266 opt[i++] = IPCP_OPT_COMPRESSION; 3267 opt[i++] = 6; 3268 opt[i++] = IPCP_COMP_VJ >> 8; 3269 opt[i++] = IPCP_COMP_VJ; 3270 opt[i++] = sp->ipcp.max_state; 3271 opt[i++] = sp->ipcp.compress_cid; 3272 } 3273 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3274 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3275 opt[i++] = IPCP_OPT_ADDRESS; 3276 opt[i++] = 6; 3277 opt[i++] = ouraddr >> 24; 3278 opt[i++] = ouraddr >> 16; 3279 opt[i++] = ouraddr >> 8; 3280 opt[i++] = ouraddr; 3281 } 3282 3283 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3284 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3285 } 3286 3287 /* 3288 *--------------------------------------------------------------------------* 3289 * * 3290 * The IPv6CP implementation. * 3291 * * 3292 *--------------------------------------------------------------------------* 3293 */ 3294 3295 #ifdef INET6 3296 static void 3297 sppp_ipv6cp_init(struct sppp *sp) 3298 { 3299 sp->ipv6cp.opts = 0; 3300 sp->ipv6cp.flags = 0; 3301 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3302 sp->fail_counter[IDX_IPV6CP] = 0; 3303 sp->pp_seq[IDX_IPV6CP] = 0; 3304 sp->pp_rseq[IDX_IPV6CP] = 0; 3305 #if defined(__NetBSD__) 3306 callout_init(&sp->ch[IDX_IPV6CP]); 3307 #endif 3308 #if defined(__DragonFly__) 3309 callout_init(&sp->timeout[IDX_IPV6CP]); 3310 #endif 3311 } 3312 3313 static void 3314 sppp_ipv6cp_up(struct sppp *sp) 3315 { 3316 sppp_up_event(&ipv6cp, sp); 3317 } 3318 3319 static void 3320 sppp_ipv6cp_down(struct sppp *sp) 3321 { 3322 sppp_down_event(&ipv6cp, sp); 3323 } 3324 3325 static void 3326 sppp_ipv6cp_open(struct sppp *sp) 3327 { 3328 STDDCL; 3329 struct in6_addr myaddr, hisaddr; 3330 3331 #ifdef IPV6CP_MYIFID_DYN 3332 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3333 #else 3334 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3335 #endif 3336 3337 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3338 /* 3339 * If we don't have our address, this probably means our 3340 * interface doesn't want to talk IPv6 at all. (This could 3341 * be the case if somebody wants to speak only IPX, for 3342 * example.) Don't open IPv6CP in this case. 3343 */ 3344 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3345 /* XXX this message should go away */ 3346 if (debug) 3347 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3348 SPP_ARGS(ifp)); 3349 return; 3350 } 3351 3352 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3353 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3354 sppp_open_event(&ipv6cp, sp); 3355 } 3356 3357 static void 3358 sppp_ipv6cp_close(struct sppp *sp) 3359 { 3360 sppp_close_event(&ipv6cp, sp); 3361 } 3362 3363 static void 3364 sppp_ipv6cp_TO(void *cookie) 3365 { 3366 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3367 } 3368 3369 /* 3370 * Analyze a configure request. Return true if it was agreeable, and 3371 * caused action sca, false if it has been rejected or nak'ed, and 3372 * caused action scn. (The return value is used to make the state 3373 * transition decision in the state automaton.) 3374 */ 3375 static int 3376 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3377 { 3378 u_char *buf, *r, *p; 3379 struct ifnet *ifp = &sp->pp_if; 3380 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3381 struct in6_addr myaddr, desiredaddr, suggestaddr; 3382 int ifidcount; 3383 int type; 3384 int collision, nohisaddr; 3385 3386 len -= 4; 3387 origlen = len; 3388 /* 3389 * Make sure to allocate a buf that can at least hold a 3390 * conf-nak with an `address' option. We might need it below. 3391 */ 3392 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_INTWAIT); 3393 3394 /* pass 1: see if we can recognize them */ 3395 if (debug) 3396 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3397 SPP_ARGS(ifp)); 3398 p = (void*) (h+1); 3399 ifidcount = 0; 3400 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3401 if (debug) 3402 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3403 switch (*p) { 3404 case IPV6CP_OPT_IFID: 3405 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3406 /* correctly formed address option */ 3407 ifidcount++; 3408 continue; 3409 } 3410 if (debug) 3411 addlog(" [invalid]"); 3412 break; 3413 #ifdef notyet 3414 case IPV6CP_OPT_COMPRESSION: 3415 if (len >= 4 && p[1] >= 4) { 3416 /* correctly formed compress option */ 3417 continue; 3418 } 3419 if (debug) 3420 addlog(" [invalid]"); 3421 break; 3422 #endif 3423 default: 3424 /* Others not supported. */ 3425 if (debug) 3426 addlog(" [rej]"); 3427 break; 3428 } 3429 /* Add the option to rejected list. */ 3430 bcopy (p, r, p[1]); 3431 r += p[1]; 3432 rlen += p[1]; 3433 } 3434 if (rlen) { 3435 if (debug) 3436 addlog(" send conf-rej\n"); 3437 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3438 goto end; 3439 } else if (debug) 3440 addlog("\n"); 3441 3442 /* pass 2: parse option values */ 3443 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3444 if (debug) 3445 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3446 SPP_ARGS(ifp)); 3447 p = (void*) (h+1); 3448 len = origlen; 3449 type = CONF_ACK; 3450 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3451 if (debug) 3452 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3453 switch (*p) { 3454 #ifdef notyet 3455 case IPV6CP_OPT_COMPRESSION: 3456 continue; 3457 #endif 3458 case IPV6CP_OPT_IFID: 3459 bzero(&desiredaddr, sizeof(desiredaddr)); 3460 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3461 collision = (bcmp(&desiredaddr.s6_addr[8], 3462 &myaddr.s6_addr[8], 8) == 0); 3463 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3464 3465 desiredaddr.s6_addr16[0] = htons(0xfe80); 3466 desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3467 3468 if (!collision && !nohisaddr) { 3469 /* no collision, hisaddr known - Conf-Ack */ 3470 type = CONF_ACK; 3471 3472 if (debug) { 3473 addlog(" %s [%s]", 3474 ip6_sprintf(&desiredaddr), 3475 sppp_cp_type_name(type)); 3476 } 3477 continue; 3478 } 3479 3480 bzero(&suggestaddr, sizeof(&suggestaddr)); 3481 if (collision && nohisaddr) { 3482 /* collision, hisaddr unknown - Conf-Rej */ 3483 type = CONF_REJ; 3484 bzero(&p[2], 8); 3485 } else { 3486 /* 3487 * - no collision, hisaddr unknown, or 3488 * - collision, hisaddr known 3489 * Conf-Nak, suggest hisaddr 3490 */ 3491 type = CONF_NAK; 3492 sppp_suggest_ip6_addr(sp, &suggestaddr); 3493 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3494 } 3495 if (debug) 3496 addlog(" %s [%s]", ip6_sprintf(&desiredaddr), 3497 sppp_cp_type_name(type)); 3498 break; 3499 } 3500 /* Add the option to nak'ed list. */ 3501 bcopy (p, r, p[1]); 3502 r += p[1]; 3503 rlen += p[1]; 3504 } 3505 3506 if (rlen == 0 && type == CONF_ACK) { 3507 if (debug) 3508 addlog(" send %s\n", sppp_cp_type_name(type)); 3509 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3510 } else { 3511 #ifdef DIAGNOSTIC 3512 if (type == CONF_ACK) 3513 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3514 #endif 3515 3516 if (debug) { 3517 addlog(" send %s suggest %s\n", 3518 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr)); 3519 } 3520 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3521 } 3522 3523 end: 3524 free (buf, M_TEMP); 3525 return (rlen == 0); 3526 } 3527 3528 /* 3529 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3530 * negotiation. 3531 */ 3532 static void 3533 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3534 { 3535 u_char *buf, *p; 3536 struct ifnet *ifp = &sp->pp_if; 3537 int debug = ifp->if_flags & IFF_DEBUG; 3538 3539 len -= 4; 3540 buf = malloc (len, M_TEMP, M_INTWAIT); 3541 3542 if (debug) 3543 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3544 SPP_ARGS(ifp)); 3545 3546 p = (void*) (h+1); 3547 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3548 if (debug) 3549 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3550 switch (*p) { 3551 case IPV6CP_OPT_IFID: 3552 /* 3553 * Peer doesn't grok address option. This is 3554 * bad. XXX Should we better give up here? 3555 */ 3556 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3557 break; 3558 #ifdef notyet 3559 case IPV6CP_OPT_COMPRESS: 3560 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3561 break; 3562 #endif 3563 } 3564 } 3565 if (debug) 3566 addlog("\n"); 3567 free (buf, M_TEMP); 3568 return; 3569 } 3570 3571 /* 3572 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3573 * negotiation. 3574 */ 3575 static void 3576 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3577 { 3578 u_char *buf, *p; 3579 struct ifnet *ifp = &sp->pp_if; 3580 int debug = ifp->if_flags & IFF_DEBUG; 3581 struct in6_addr suggestaddr; 3582 3583 len -= 4; 3584 buf = malloc (len, M_TEMP, M_INTWAIT); 3585 3586 if (debug) 3587 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3588 SPP_ARGS(ifp)); 3589 3590 p = (void*) (h+1); 3591 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3592 if (debug) 3593 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3594 switch (*p) { 3595 case IPV6CP_OPT_IFID: 3596 /* 3597 * Peer doesn't like our local ifid. See 3598 * if we can do something for him. We'll drop 3599 * him our address then. 3600 */ 3601 if (len < 10 || p[1] != 10) 3602 break; 3603 bzero(&suggestaddr, sizeof(suggestaddr)); 3604 suggestaddr.s6_addr16[0] = htons(0xfe80); 3605 suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3606 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3607 3608 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3609 if (debug) 3610 addlog(" [suggestaddr %s]", 3611 ip6_sprintf(&suggestaddr)); 3612 #ifdef IPV6CP_MYIFID_DYN 3613 /* 3614 * When doing dynamic address assignment, 3615 * we accept his offer. 3616 */ 3617 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3618 struct in6_addr lastsuggest; 3619 /* 3620 * If <suggested myaddr from peer> equals to 3621 * <hisaddr we have suggested last time>, 3622 * we have a collision. generate new random 3623 * ifid. 3624 */ 3625 sppp_suggest_ip6_addr(&lastsuggest); 3626 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3627 lastsuggest)) { 3628 if (debug) 3629 addlog(" [random]"); 3630 sppp_gen_ip6_addr(sp, &suggestaddr); 3631 } 3632 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3633 if (debug) 3634 addlog(" [agree]"); 3635 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3636 } 3637 #else 3638 /* 3639 * Since we do not do dynamic address assignment, 3640 * we ignore it and thus continue to negotiate 3641 * our already existing value. This can possibly 3642 * go into infinite request-reject loop. 3643 * 3644 * This is not likely because we normally use 3645 * ifid based on MAC-address. 3646 * If you have no ethernet card on the node, too bad. 3647 * XXX should we use fail_counter? 3648 */ 3649 #endif 3650 break; 3651 #ifdef notyet 3652 case IPV6CP_OPT_COMPRESS: 3653 /* 3654 * Peer wants different compression parameters. 3655 */ 3656 break; 3657 #endif 3658 } 3659 } 3660 if (debug) 3661 addlog("\n"); 3662 free (buf, M_TEMP); 3663 return; 3664 } 3665 static void 3666 sppp_ipv6cp_tlu(struct sppp *sp) 3667 { 3668 /* we are up - notify isdn daemon */ 3669 if (sp->pp_con) 3670 sp->pp_con(sp); 3671 } 3672 3673 static void 3674 sppp_ipv6cp_tld(struct sppp *sp) 3675 { 3676 } 3677 3678 static void 3679 sppp_ipv6cp_tls(struct sppp *sp) 3680 { 3681 /* indicate to LCP that it must stay alive */ 3682 sp->lcp.protos |= (1 << IDX_IPV6CP); 3683 } 3684 3685 static void 3686 sppp_ipv6cp_tlf(struct sppp *sp) 3687 { 3688 3689 #if 0 /* need #if 0 to close IPv6CP properly */ 3690 /* we no longer need LCP */ 3691 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3692 sppp_lcp_check_and_close(sp); 3693 #endif 3694 } 3695 3696 static void 3697 sppp_ipv6cp_scr(struct sppp *sp) 3698 { 3699 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3700 struct in6_addr ouraddr; 3701 int i = 0; 3702 3703 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3704 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3705 opt[i++] = IPV6CP_OPT_IFID; 3706 opt[i++] = 10; 3707 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3708 i += 8; 3709 } 3710 3711 #ifdef notyet 3712 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3713 opt[i++] = IPV6CP_OPT_COMPRESSION; 3714 opt[i++] = 4; 3715 opt[i++] = 0; /* TBD */ 3716 opt[i++] = 0; /* TBD */ 3717 /* variable length data may follow */ 3718 } 3719 #endif 3720 3721 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3722 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3723 } 3724 #else /*INET6*/ 3725 static void sppp_ipv6cp_init(struct sppp *sp) 3726 { 3727 } 3728 3729 static void sppp_ipv6cp_up(struct sppp *sp) 3730 { 3731 } 3732 3733 static void sppp_ipv6cp_down(struct sppp *sp) 3734 { 3735 } 3736 3737 3738 static void sppp_ipv6cp_open(struct sppp *sp) 3739 { 3740 } 3741 3742 static void sppp_ipv6cp_close(struct sppp *sp) 3743 { 3744 } 3745 3746 static void sppp_ipv6cp_TO(void *sp) 3747 { 3748 } 3749 3750 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3751 { 3752 return 0; 3753 } 3754 3755 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3756 { 3757 } 3758 3759 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3760 { 3761 } 3762 3763 static void sppp_ipv6cp_tlu(struct sppp *sp) 3764 { 3765 } 3766 3767 static void sppp_ipv6cp_tld(struct sppp *sp) 3768 { 3769 } 3770 3771 static void sppp_ipv6cp_tls(struct sppp *sp) 3772 { 3773 } 3774 3775 static void sppp_ipv6cp_tlf(struct sppp *sp) 3776 { 3777 } 3778 3779 static void sppp_ipv6cp_scr(struct sppp *sp) 3780 { 3781 } 3782 #endif /*INET6*/ 3783 3784 /* 3785 *--------------------------------------------------------------------------* 3786 * * 3787 * The CHAP implementation. * 3788 * * 3789 *--------------------------------------------------------------------------* 3790 */ 3791 3792 /* 3793 * The authentication protocols don't employ a full-fledged state machine as 3794 * the control protocols do, since they do have Open and Close events, but 3795 * not Up and Down, nor are they explicitly terminated. Also, use of the 3796 * authentication protocols may be different in both directions (this makes 3797 * sense, think of a machine that never accepts incoming calls but only 3798 * calls out, it doesn't require the called party to authenticate itself). 3799 * 3800 * Our state machine for the local authentication protocol (we are requesting 3801 * the peer to authenticate) looks like: 3802 * 3803 * RCA- 3804 * +--------------------------------------------+ 3805 * V scn,tld| 3806 * +--------+ Close +---------+ RCA+ 3807 * | |<----------------------------------| |------+ 3808 * +--->| Closed | TO* | Opened | sca | 3809 * | | |-----+ +-------| |<-----+ 3810 * | +--------+ irc | | +---------+ 3811 * | ^ | | ^ 3812 * | | | | | 3813 * | | | | | 3814 * | TO-| | | | 3815 * | |tld TO+ V | | 3816 * | | +------->+ | | 3817 * | | | | | | 3818 * | +--------+ V | | 3819 * | | |<----+<--------------------+ | 3820 * | | Req- | scr | 3821 * | | Sent | | 3822 * | | | | 3823 * | +--------+ | 3824 * | RCA- | | RCA+ | 3825 * +------+ +------------------------------------------+ 3826 * scn,tld sca,irc,ict,tlu 3827 * 3828 * 3829 * with: 3830 * 3831 * Open: LCP reached authentication phase 3832 * Close: LCP reached terminate phase 3833 * 3834 * RCA+: received reply (pap-req, chap-response), acceptable 3835 * RCN: received reply (pap-req, chap-response), not acceptable 3836 * TO+: timeout with restart counter >= 0 3837 * TO-: timeout with restart counter < 0 3838 * TO*: reschedule timeout for CHAP 3839 * 3840 * scr: send request packet (none for PAP, chap-challenge) 3841 * sca: send ack packet (pap-ack, chap-success) 3842 * scn: send nak packet (pap-nak, chap-failure) 3843 * ict: initialize re-challenge timer (CHAP only) 3844 * 3845 * tlu: this-layer-up, LCP reaches network phase 3846 * tld: this-layer-down, LCP enters terminate phase 3847 * 3848 * Note that in CHAP mode, after sending a new challenge, while the state 3849 * automaton falls back into Req-Sent state, it doesn't signal a tld 3850 * event to LCP, so LCP remains in network phase. Only after not getting 3851 * any response (or after getting an unacceptable response), CHAP closes, 3852 * causing LCP to enter terminate phase. 3853 * 3854 * With PAP, there is no initial request that can be sent. The peer is 3855 * expected to send one based on the successful negotiation of PAP as 3856 * the authentication protocol during the LCP option negotiation. 3857 * 3858 * Incoming authentication protocol requests (remote requests 3859 * authentication, we are peer) don't employ a state machine at all, 3860 * they are simply answered. Some peers [Ascend P50 firmware rev 3861 * 4.50] react allergically when sending IPCP requests while they are 3862 * still in authentication phase (thereby violating the standard that 3863 * demands that these NCP packets are to be discarded), so we keep 3864 * track of the peer demanding us to authenticate, and only proceed to 3865 * phase network once we've seen a positive acknowledge for the 3866 * authentication. 3867 */ 3868 3869 /* 3870 * Handle incoming CHAP packets. 3871 */ 3872 void 3873 sppp_chap_input(struct sppp *sp, struct mbuf *m) 3874 { 3875 STDDCL; 3876 struct lcp_header *h; 3877 int len, x; 3878 u_char *value, *name, digest[AUTHKEYLEN], dsize; 3879 int value_len, name_len; 3880 MD5_CTX ctx; 3881 3882 len = m->m_pkthdr.len; 3883 if (len < 4) { 3884 if (debug) 3885 log(LOG_DEBUG, 3886 SPP_FMT "chap invalid packet length: %d bytes\n", 3887 SPP_ARGS(ifp), len); 3888 return; 3889 } 3890 h = mtod (m, struct lcp_header*); 3891 if (len > ntohs (h->len)) 3892 len = ntohs (h->len); 3893 3894 switch (h->type) { 3895 /* challenge, failure and success are his authproto */ 3896 case CHAP_CHALLENGE: 3897 value = 1 + (u_char*)(h+1); 3898 value_len = value[-1]; 3899 name = value + value_len; 3900 name_len = len - value_len - 5; 3901 if (name_len < 0) { 3902 if (debug) { 3903 log(LOG_DEBUG, 3904 SPP_FMT "chap corrupted challenge " 3905 "<%s id=0x%x len=%d", 3906 SPP_ARGS(ifp), 3907 sppp_auth_type_name(PPP_CHAP, h->type), 3908 h->ident, ntohs(h->len)); 3909 sppp_print_bytes((u_char*) (h+1), len-4); 3910 addlog(">\n"); 3911 } 3912 break; 3913 } 3914 3915 if (debug) { 3916 log(LOG_DEBUG, 3917 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3918 SPP_ARGS(ifp), 3919 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3920 ntohs(h->len)); 3921 sppp_print_string((char*) name, name_len); 3922 addlog(" value-size=%d value=", value_len); 3923 sppp_print_bytes(value, value_len); 3924 addlog(">\n"); 3925 } 3926 3927 /* Compute reply value. */ 3928 MD5Init(&ctx); 3929 MD5Update(&ctx, &h->ident, 1); 3930 MD5Update(&ctx, sp->myauth.secret, 3931 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 3932 MD5Update(&ctx, value, value_len); 3933 MD5Final(digest, &ctx); 3934 dsize = sizeof digest; 3935 3936 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3937 sizeof dsize, (const char *)&dsize, 3938 sizeof digest, digest, 3939 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3940 sp->myauth.name, 3941 0); 3942 break; 3943 3944 case CHAP_SUCCESS: 3945 if (debug) { 3946 log(LOG_DEBUG, SPP_FMT "chap success", 3947 SPP_ARGS(ifp)); 3948 if (len > 4) { 3949 addlog(": "); 3950 sppp_print_string((char*)(h + 1), len - 4); 3951 } 3952 addlog("\n"); 3953 } 3954 x = splimp(); 3955 sp->pp_flags &= ~PP_NEEDAUTH; 3956 if (sp->myauth.proto == PPP_CHAP && 3957 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3958 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3959 /* 3960 * We are authenticator for CHAP but didn't 3961 * complete yet. Leave it to tlu to proceed 3962 * to network phase. 3963 */ 3964 splx(x); 3965 break; 3966 } 3967 splx(x); 3968 sppp_phase_network(sp); 3969 break; 3970 3971 case CHAP_FAILURE: 3972 if (debug) { 3973 log(LOG_INFO, SPP_FMT "chap failure", 3974 SPP_ARGS(ifp)); 3975 if (len > 4) { 3976 addlog(": "); 3977 sppp_print_string((char*)(h + 1), len - 4); 3978 } 3979 addlog("\n"); 3980 } else 3981 log(LOG_INFO, SPP_FMT "chap failure\n", 3982 SPP_ARGS(ifp)); 3983 /* await LCP shutdown by authenticator */ 3984 break; 3985 3986 /* response is my authproto */ 3987 case CHAP_RESPONSE: 3988 value = 1 + (u_char*)(h+1); 3989 value_len = value[-1]; 3990 name = value + value_len; 3991 name_len = len - value_len - 5; 3992 if (name_len < 0) { 3993 if (debug) { 3994 log(LOG_DEBUG, 3995 SPP_FMT "chap corrupted response " 3996 "<%s id=0x%x len=%d", 3997 SPP_ARGS(ifp), 3998 sppp_auth_type_name(PPP_CHAP, h->type), 3999 h->ident, ntohs(h->len)); 4000 sppp_print_bytes((u_char*)(h+1), len-4); 4001 addlog(">\n"); 4002 } 4003 break; 4004 } 4005 if (h->ident != sp->confid[IDX_CHAP]) { 4006 if (debug) 4007 log(LOG_DEBUG, 4008 SPP_FMT "chap dropping response for old ID " 4009 "(got %d, expected %d)\n", 4010 SPP_ARGS(ifp), 4011 h->ident, sp->confid[IDX_CHAP]); 4012 break; 4013 } 4014 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 4015 || bcmp(name, sp->hisauth.name, name_len) != 0) { 4016 log(LOG_INFO, SPP_FMT "chap response, his name ", 4017 SPP_ARGS(ifp)); 4018 sppp_print_string(name, name_len); 4019 addlog(" != expected "); 4020 sppp_print_string(sp->hisauth.name, 4021 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 4022 addlog("\n"); 4023 } 4024 if (debug) { 4025 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 4026 "<%s id=0x%x len=%d name=", 4027 SPP_ARGS(ifp), 4028 sppp_state_name(sp->state[IDX_CHAP]), 4029 sppp_auth_type_name(PPP_CHAP, h->type), 4030 h->ident, ntohs (h->len)); 4031 sppp_print_string((char*)name, name_len); 4032 addlog(" value-size=%d value=", value_len); 4033 sppp_print_bytes(value, value_len); 4034 addlog(">\n"); 4035 } 4036 if (value_len != AUTHKEYLEN) { 4037 if (debug) 4038 log(LOG_DEBUG, 4039 SPP_FMT "chap bad hash value length: " 4040 "%d bytes, should be %d\n", 4041 SPP_ARGS(ifp), value_len, 4042 AUTHKEYLEN); 4043 break; 4044 } 4045 4046 MD5Init(&ctx); 4047 MD5Update(&ctx, &h->ident, 1); 4048 MD5Update(&ctx, sp->hisauth.secret, 4049 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 4050 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 4051 MD5Final(digest, &ctx); 4052 4053 #define FAILMSG "Failed..." 4054 #define SUCCMSG "Welcome!" 4055 4056 if (value_len != sizeof digest || 4057 bcmp(digest, value, value_len) != 0) { 4058 /* action scn, tld */ 4059 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 4060 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4061 0); 4062 chap.tld(sp); 4063 break; 4064 } 4065 /* action sca, perhaps tlu */ 4066 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 4067 sp->state[IDX_CHAP] == STATE_OPENED) 4068 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4069 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4070 0); 4071 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 4072 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4073 chap.tlu(sp); 4074 } 4075 break; 4076 4077 default: 4078 /* Unknown CHAP packet type -- ignore. */ 4079 if (debug) { 4080 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 4081 "<0x%x id=0x%xh len=%d", 4082 SPP_ARGS(ifp), 4083 sppp_state_name(sp->state[IDX_CHAP]), 4084 h->type, h->ident, ntohs(h->len)); 4085 sppp_print_bytes((u_char*)(h+1), len-4); 4086 addlog(">\n"); 4087 } 4088 break; 4089 4090 } 4091 } 4092 4093 static void 4094 sppp_chap_init(struct sppp *sp) 4095 { 4096 /* Chap doesn't have STATE_INITIAL at all. */ 4097 sp->state[IDX_CHAP] = STATE_CLOSED; 4098 sp->fail_counter[IDX_CHAP] = 0; 4099 sp->pp_seq[IDX_CHAP] = 0; 4100 sp->pp_rseq[IDX_CHAP] = 0; 4101 #if defined(__DragonFly__) 4102 callout_init(&sp->timeout[IDX_CHAP]); 4103 #endif 4104 } 4105 4106 static void 4107 sppp_chap_open(struct sppp *sp) 4108 { 4109 if (sp->myauth.proto == PPP_CHAP && 4110 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4111 /* we are authenticator for CHAP, start it */ 4112 chap.scr(sp); 4113 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4114 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4115 } 4116 /* nothing to be done if we are peer, await a challenge */ 4117 } 4118 4119 static void 4120 sppp_chap_close(struct sppp *sp) 4121 { 4122 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4123 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4124 } 4125 4126 static void 4127 sppp_chap_TO(void *cookie) 4128 { 4129 struct sppp *sp = (struct sppp *)cookie; 4130 STDDCL; 4131 int s; 4132 4133 s = splimp(); 4134 if (debug) 4135 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 4136 SPP_ARGS(ifp), 4137 sppp_state_name(sp->state[IDX_CHAP]), 4138 sp->rst_counter[IDX_CHAP]); 4139 4140 if (--sp->rst_counter[IDX_CHAP] < 0) 4141 /* TO- event */ 4142 switch (sp->state[IDX_CHAP]) { 4143 case STATE_REQ_SENT: 4144 chap.tld(sp); 4145 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4146 break; 4147 } 4148 else 4149 /* TO+ (or TO*) event */ 4150 switch (sp->state[IDX_CHAP]) { 4151 case STATE_OPENED: 4152 /* TO* event */ 4153 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4154 /* fall through */ 4155 case STATE_REQ_SENT: 4156 chap.scr(sp); 4157 /* sppp_cp_change_state() will restart the timer */ 4158 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4159 break; 4160 } 4161 4162 splx(s); 4163 } 4164 4165 static void 4166 sppp_chap_tlu(struct sppp *sp) 4167 { 4168 STDDCL; 4169 int i, x; 4170 4171 i = 0; 4172 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4173 4174 /* 4175 * Some broken CHAP implementations (Conware CoNet, firmware 4176 * 4.0.?) don't want to re-authenticate their CHAP once the 4177 * initial challenge-response exchange has taken place. 4178 * Provide for an option to avoid rechallenges. 4179 */ 4180 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 4181 /* 4182 * Compute the re-challenge timeout. This will yield 4183 * a number between 300 and 810 seconds. 4184 */ 4185 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 4186 callout_reset(&sp->timeout[IDX_CHAP], i * hz, chap.TO, sp); 4187 } 4188 4189 if (debug) { 4190 log(LOG_DEBUG, 4191 SPP_FMT "chap %s, ", 4192 SPP_ARGS(ifp), 4193 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 4194 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 4195 addlog("next re-challenge in %d seconds\n", i); 4196 else 4197 addlog("re-challenging supressed\n"); 4198 } 4199 4200 x = splimp(); 4201 /* indicate to LCP that we need to be closed down */ 4202 sp->lcp.protos |= (1 << IDX_CHAP); 4203 4204 if (sp->pp_flags & PP_NEEDAUTH) { 4205 /* 4206 * Remote is authenticator, but his auth proto didn't 4207 * complete yet. Defer the transition to network 4208 * phase. 4209 */ 4210 splx(x); 4211 return; 4212 } 4213 splx(x); 4214 4215 /* 4216 * If we are already in phase network, we are done here. This 4217 * is the case if this is a dummy tlu event after a re-challenge. 4218 */ 4219 if (sp->pp_phase != PHASE_NETWORK) 4220 sppp_phase_network(sp); 4221 } 4222 4223 static void 4224 sppp_chap_tld(struct sppp *sp) 4225 { 4226 STDDCL; 4227 4228 if (debug) 4229 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 4230 callout_stop(&sp->timeout[IDX_CHAP]); 4231 sp->lcp.protos &= ~(1 << IDX_CHAP); 4232 4233 lcp.Close(sp); 4234 } 4235 4236 static void 4237 sppp_chap_scr(struct sppp *sp) 4238 { 4239 u_long *ch, seed; 4240 u_char clen; 4241 4242 /* Compute random challenge. */ 4243 ch = (u_long *)sp->myauth.challenge; 4244 #if defined(__DragonFly__) 4245 read_random(&seed, sizeof seed); 4246 #else 4247 { 4248 struct timeval tv; 4249 microtime(&tv); 4250 seed = tv.tv_sec ^ tv.tv_usec; 4251 } 4252 #endif 4253 ch[0] = seed ^ random(); 4254 ch[1] = seed ^ random(); 4255 ch[2] = seed ^ random(); 4256 ch[3] = seed ^ random(); 4257 clen = AUTHKEYLEN; 4258 4259 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4260 4261 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4262 sizeof clen, (const char *)&clen, 4263 (size_t)AUTHKEYLEN, sp->myauth.challenge, 4264 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4265 sp->myauth.name, 4266 0); 4267 } 4268 4269 /* 4270 *--------------------------------------------------------------------------* 4271 * * 4272 * The PAP implementation. * 4273 * * 4274 *--------------------------------------------------------------------------* 4275 */ 4276 /* 4277 * For PAP, we need to keep a little state also if we are the peer, not the 4278 * authenticator. This is since we don't get a request to authenticate, but 4279 * have to repeatedly authenticate ourself until we got a response (or the 4280 * retry counter is expired). 4281 */ 4282 4283 /* 4284 * Handle incoming PAP packets. */ 4285 static void 4286 sppp_pap_input(struct sppp *sp, struct mbuf *m) 4287 { 4288 STDDCL; 4289 struct lcp_header *h; 4290 int len, x; 4291 u_char *name, *passwd, mlen; 4292 int name_len, passwd_len; 4293 4294 len = m->m_pkthdr.len; 4295 if (len < 5) { 4296 if (debug) 4297 log(LOG_DEBUG, 4298 SPP_FMT "pap invalid packet length: %d bytes\n", 4299 SPP_ARGS(ifp), len); 4300 return; 4301 } 4302 h = mtod (m, struct lcp_header*); 4303 if (len > ntohs (h->len)) 4304 len = ntohs (h->len); 4305 switch (h->type) { 4306 /* PAP request is my authproto */ 4307 case PAP_REQ: 4308 name = 1 + (u_char*)(h+1); 4309 name_len = name[-1]; 4310 passwd = name + name_len + 1; 4311 if (name_len > len - 6 || 4312 (passwd_len = passwd[-1]) > len - 6 - name_len) { 4313 if (debug) { 4314 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4315 "<%s id=0x%x len=%d", 4316 SPP_ARGS(ifp), 4317 sppp_auth_type_name(PPP_PAP, h->type), 4318 h->ident, ntohs(h->len)); 4319 sppp_print_bytes((u_char*)(h+1), len-4); 4320 addlog(">\n"); 4321 } 4322 break; 4323 } 4324 if (debug) { 4325 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4326 "<%s id=0x%x len=%d name=", 4327 SPP_ARGS(ifp), 4328 sppp_state_name(sp->state[IDX_PAP]), 4329 sppp_auth_type_name(PPP_PAP, h->type), 4330 h->ident, ntohs(h->len)); 4331 sppp_print_string((char*)name, name_len); 4332 addlog(" passwd="); 4333 sppp_print_string((char*)passwd, passwd_len); 4334 addlog(">\n"); 4335 } 4336 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) || 4337 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) || 4338 bcmp(name, sp->hisauth.name, name_len) != 0 || 4339 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 4340 /* action scn, tld */ 4341 mlen = sizeof(FAILMSG) - 1; 4342 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4343 sizeof mlen, (const char *)&mlen, 4344 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4345 0); 4346 pap.tld(sp); 4347 break; 4348 } 4349 /* action sca, perhaps tlu */ 4350 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4351 sp->state[IDX_PAP] == STATE_OPENED) { 4352 mlen = sizeof(SUCCMSG) - 1; 4353 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4354 sizeof mlen, (const char *)&mlen, 4355 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4356 0); 4357 } 4358 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4359 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4360 pap.tlu(sp); 4361 } 4362 break; 4363 4364 /* ack and nak are his authproto */ 4365 case PAP_ACK: 4366 callout_stop(&sp->pap_my_to); 4367 if (debug) { 4368 log(LOG_DEBUG, SPP_FMT "pap success", 4369 SPP_ARGS(ifp)); 4370 name_len = *((char *)h); 4371 if (len > 5 && name_len) { 4372 addlog(": "); 4373 sppp_print_string((char*)(h+1), name_len); 4374 } 4375 addlog("\n"); 4376 } 4377 x = splimp(); 4378 sp->pp_flags &= ~PP_NEEDAUTH; 4379 if (sp->myauth.proto == PPP_PAP && 4380 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4381 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4382 /* 4383 * We are authenticator for PAP but didn't 4384 * complete yet. Leave it to tlu to proceed 4385 * to network phase. 4386 */ 4387 splx(x); 4388 break; 4389 } 4390 splx(x); 4391 sppp_phase_network(sp); 4392 break; 4393 4394 case PAP_NAK: 4395 callout_stop(&sp->pap_my_to); 4396 if (debug) { 4397 log(LOG_INFO, SPP_FMT "pap failure", 4398 SPP_ARGS(ifp)); 4399 name_len = *((char *)h); 4400 if (len > 5 && name_len) { 4401 addlog(": "); 4402 sppp_print_string((char*)(h+1), name_len); 4403 } 4404 addlog("\n"); 4405 } else 4406 log(LOG_INFO, SPP_FMT "pap failure\n", 4407 SPP_ARGS(ifp)); 4408 /* await LCP shutdown by authenticator */ 4409 break; 4410 4411 default: 4412 /* Unknown PAP packet type -- ignore. */ 4413 if (debug) { 4414 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4415 "<0x%x id=0x%x len=%d", 4416 SPP_ARGS(ifp), 4417 h->type, h->ident, ntohs(h->len)); 4418 sppp_print_bytes((u_char*)(h+1), len-4); 4419 addlog(">\n"); 4420 } 4421 break; 4422 4423 } 4424 } 4425 4426 static void 4427 sppp_pap_init(struct sppp *sp) 4428 { 4429 /* PAP doesn't have STATE_INITIAL at all. */ 4430 sp->state[IDX_PAP] = STATE_CLOSED; 4431 sp->fail_counter[IDX_PAP] = 0; 4432 sp->pp_seq[IDX_PAP] = 0; 4433 sp->pp_rseq[IDX_PAP] = 0; 4434 #if defined(__DragonFly__) 4435 callout_init(&sp->timeout[IDX_PAP]); 4436 callout_init(&sp->pap_my_to); 4437 #endif 4438 } 4439 4440 static void 4441 sppp_pap_open(struct sppp *sp) 4442 { 4443 if (sp->hisauth.proto == PPP_PAP && 4444 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4445 /* we are authenticator for PAP, start our timer */ 4446 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4447 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4448 } 4449 if (sp->myauth.proto == PPP_PAP) { 4450 /* we are peer, send a request, and start a timer */ 4451 pap.scr(sp); 4452 callout_reset(&sp->pap_my_to, sp->lcp.timeout, 4453 sppp_pap_my_TO, sp); 4454 } 4455 } 4456 4457 static void 4458 sppp_pap_close(struct sppp *sp) 4459 { 4460 if (sp->state[IDX_PAP] != STATE_CLOSED) 4461 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4462 } 4463 4464 /* 4465 * That's the timeout routine if we are authenticator. Since the 4466 * authenticator is basically passive in PAP, we can't do much here. 4467 */ 4468 static void 4469 sppp_pap_TO(void *cookie) 4470 { 4471 struct sppp *sp = (struct sppp *)cookie; 4472 STDDCL; 4473 int s; 4474 4475 s = splimp(); 4476 if (debug) 4477 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4478 SPP_ARGS(ifp), 4479 sppp_state_name(sp->state[IDX_PAP]), 4480 sp->rst_counter[IDX_PAP]); 4481 4482 if (--sp->rst_counter[IDX_PAP] < 0) 4483 /* TO- event */ 4484 switch (sp->state[IDX_PAP]) { 4485 case STATE_REQ_SENT: 4486 pap.tld(sp); 4487 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4488 break; 4489 } 4490 else 4491 /* TO+ event, not very much we could do */ 4492 switch (sp->state[IDX_PAP]) { 4493 case STATE_REQ_SENT: 4494 /* sppp_cp_change_state() will restart the timer */ 4495 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4496 break; 4497 } 4498 4499 splx(s); 4500 } 4501 4502 /* 4503 * That's the timeout handler if we are peer. Since the peer is active, 4504 * we need to retransmit our PAP request since it is apparently lost. 4505 * XXX We should impose a max counter. 4506 */ 4507 static void 4508 sppp_pap_my_TO(void *cookie) 4509 { 4510 struct sppp *sp = (struct sppp *)cookie; 4511 STDDCL; 4512 4513 if (debug) 4514 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4515 SPP_ARGS(ifp)); 4516 4517 pap.scr(sp); 4518 } 4519 4520 static void 4521 sppp_pap_tlu(struct sppp *sp) 4522 { 4523 STDDCL; 4524 int x; 4525 4526 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4527 4528 if (debug) 4529 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4530 SPP_ARGS(ifp), pap.name); 4531 4532 x = splimp(); 4533 /* indicate to LCP that we need to be closed down */ 4534 sp->lcp.protos |= (1 << IDX_PAP); 4535 4536 if (sp->pp_flags & PP_NEEDAUTH) { 4537 /* 4538 * Remote is authenticator, but his auth proto didn't 4539 * complete yet. Defer the transition to network 4540 * phase. 4541 */ 4542 splx(x); 4543 return; 4544 } 4545 splx(x); 4546 sppp_phase_network(sp); 4547 } 4548 4549 static void 4550 sppp_pap_tld(struct sppp *sp) 4551 { 4552 STDDCL; 4553 4554 if (debug) 4555 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4556 callout_stop(&sp->timeout[IDX_PAP]); 4557 callout_stop(&sp->pap_my_to); 4558 sp->lcp.protos &= ~(1 << IDX_PAP); 4559 4560 lcp.Close(sp); 4561 } 4562 4563 static void 4564 sppp_pap_scr(struct sppp *sp) 4565 { 4566 u_char idlen, pwdlen; 4567 4568 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4569 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 4570 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 4571 4572 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4573 sizeof idlen, (const char *)&idlen, 4574 (size_t)idlen, sp->myauth.name, 4575 sizeof pwdlen, (const char *)&pwdlen, 4576 (size_t)pwdlen, sp->myauth.secret, 4577 0); 4578 } 4579 4580 /* 4581 * Random miscellaneous functions. 4582 */ 4583 4584 /* 4585 * Send a PAP or CHAP proto packet. 4586 * 4587 * Varadic function, each of the elements for the ellipsis is of type 4588 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4589 * mlen == 0. 4590 * NOTE: never declare variadic functions with types subject to type 4591 * promotion (i.e. u_char). This is asking for big trouble depending 4592 * on the architecture you are on... 4593 */ 4594 4595 static void 4596 sppp_auth_send(const struct cp *cp, struct sppp *sp, 4597 unsigned int type, unsigned int id, 4598 ...) 4599 { 4600 STDDCL; 4601 struct ppp_header *h; 4602 struct lcp_header *lh; 4603 struct mbuf *m; 4604 u_char *p; 4605 int len; 4606 unsigned int mlen; 4607 const char *msg; 4608 __va_list ap; 4609 4610 MGETHDR (m, MB_DONTWAIT, MT_DATA); 4611 if (! m) 4612 return; 4613 m->m_pkthdr.rcvif = 0; 4614 4615 h = mtod (m, struct ppp_header*); 4616 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4617 h->control = PPP_UI; /* Unnumbered Info */ 4618 h->protocol = htons(cp->proto); 4619 4620 lh = (struct lcp_header*)(h + 1); 4621 lh->type = type; 4622 lh->ident = id; 4623 p = (u_char*) (lh+1); 4624 4625 __va_start(ap, id); 4626 len = 0; 4627 4628 while ((mlen = (unsigned int)__va_arg(ap, size_t)) != 0) { 4629 msg = __va_arg(ap, const char *); 4630 len += mlen; 4631 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 4632 __va_end(ap); 4633 m_freem(m); 4634 return; 4635 } 4636 4637 bcopy(msg, p, mlen); 4638 p += mlen; 4639 } 4640 __va_end(ap); 4641 4642 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 4643 lh->len = htons (LCP_HEADER_LEN + len); 4644 4645 if (debug) { 4646 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4647 SPP_ARGS(ifp), cp->name, 4648 sppp_auth_type_name(cp->proto, lh->type), 4649 lh->ident, ntohs(lh->len)); 4650 sppp_print_bytes((u_char*) (lh+1), len); 4651 addlog(">\n"); 4652 } 4653 if (IF_QFULL (&sp->pp_cpq)) { 4654 IF_DROP (&sp->pp_fastq); 4655 IF_DROP (&ifp->if_snd); 4656 m_freem (m); 4657 ++ifp->if_oerrors; 4658 } else 4659 IF_ENQUEUE (&sp->pp_cpq, m); 4660 if (! (ifp->if_flags & IFF_OACTIVE)) 4661 (*ifp->if_start) (ifp); 4662 ifp->if_obytes += m->m_pkthdr.len + 3; 4663 } 4664 4665 /* 4666 * Send keepalive packets, every 10 seconds. 4667 */ 4668 static void 4669 sppp_keepalive(void *dummy) 4670 { 4671 struct sppp *sp; 4672 int s; 4673 4674 s = splimp(); 4675 for (sp=spppq; sp; sp=sp->pp_next) { 4676 struct ifnet *ifp = &sp->pp_if; 4677 4678 /* Keepalive mode disabled or channel down? */ 4679 if (! (sp->pp_flags & PP_KEEPALIVE) || 4680 ! (ifp->if_flags & IFF_RUNNING)) 4681 continue; 4682 4683 /* No keepalive in PPP mode if LCP not opened yet. */ 4684 if (sp->pp_mode != IFF_CISCO && 4685 sp->pp_phase < PHASE_AUTHENTICATE) 4686 continue; 4687 4688 if (sp->pp_alivecnt == MAXALIVECNT) { 4689 /* No keepalive packets got. Stop the interface. */ 4690 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 4691 if_down (ifp); 4692 IF_DRAIN(&sp->pp_cpq); 4693 if (sp->pp_mode != IFF_CISCO) { 4694 /* XXX */ 4695 /* Shut down the PPP link. */ 4696 lcp.Down(sp); 4697 /* Initiate negotiation. XXX */ 4698 lcp.Up(sp); 4699 } 4700 } 4701 if (sp->pp_alivecnt <= MAXALIVECNT) 4702 ++sp->pp_alivecnt; 4703 if (sp->pp_mode == IFF_CISCO) 4704 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4705 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4706 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4707 long nmagic = htonl (sp->lcp.magic); 4708 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4709 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4710 sp->lcp.echoid, 4, &nmagic); 4711 } 4712 } 4713 splx(s); 4714 callout_reset(&keepalive_timeout, hz * 10, sppp_keepalive, NULL); 4715 } 4716 4717 /* 4718 * Get both IP addresses. 4719 */ 4720 static void 4721 sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 4722 { 4723 struct ifnet *ifp = &sp->pp_if; 4724 struct ifaddr *ifa; 4725 struct sockaddr_in *si, *sm; 4726 u_long ssrc, ddst; 4727 4728 sm = NULL; 4729 ssrc = ddst = 0L; 4730 /* 4731 * Pick the first AF_INET address from the list, 4732 * aliases don't make any sense on a p2p link anyway. 4733 */ 4734 si = 0; 4735 #if defined(__DragonFly__) 4736 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4737 #elif defined(__NetBSD__) || defined (__OpenBSD__) 4738 for (ifa = ifp->if_addrlist.tqh_first; 4739 ifa; 4740 ifa = ifa->ifa_list.tqe_next) 4741 #else 4742 for (ifa = ifp->if_addrlist; 4743 ifa; 4744 ifa = ifa->ifa_next) 4745 #endif 4746 if (ifa->ifa_addr->sa_family == AF_INET) { 4747 si = (struct sockaddr_in *)ifa->ifa_addr; 4748 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4749 if (si) 4750 break; 4751 } 4752 if (ifa) { 4753 if (si && si->sin_addr.s_addr) { 4754 ssrc = si->sin_addr.s_addr; 4755 if (srcmask) 4756 *srcmask = ntohl(sm->sin_addr.s_addr); 4757 } 4758 4759 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4760 if (si && si->sin_addr.s_addr) 4761 ddst = si->sin_addr.s_addr; 4762 } 4763 4764 if (dst) *dst = ntohl(ddst); 4765 if (src) *src = ntohl(ssrc); 4766 } 4767 4768 /* 4769 * Set my IP address. Must be called at splimp. 4770 */ 4771 static void 4772 sppp_set_ip_addr(struct sppp *sp, u_long src) 4773 { 4774 STDDCL; 4775 struct ifaddr *ifa; 4776 struct sockaddr_in *si; 4777 struct in_ifaddr *ia; 4778 4779 /* 4780 * Pick the first AF_INET address from the list, 4781 * aliases don't make any sense on a p2p link anyway. 4782 */ 4783 si = 0; 4784 #if defined(__DragonFly__) 4785 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4786 #elif defined(__NetBSD__) || defined (__OpenBSD__) 4787 for (ifa = ifp->if_addrlist.tqh_first; 4788 ifa; 4789 ifa = ifa->ifa_list.tqe_next) 4790 #else 4791 for (ifa = ifp->if_addrlist; 4792 ifa; 4793 ifa = ifa->ifa_next) 4794 #endif 4795 { 4796 if (ifa->ifa_addr->sa_family == AF_INET) 4797 { 4798 si = (struct sockaddr_in *)ifa->ifa_addr; 4799 if (si) 4800 break; 4801 } 4802 } 4803 4804 if (ifa && si) 4805 { 4806 int error; 4807 #if __NetBSD_Version__ >= 103080000 4808 struct sockaddr_in new_sin = *si; 4809 4810 new_sin.sin_addr.s_addr = htonl(src); 4811 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 4812 if(debug && error) 4813 { 4814 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 4815 " failed, error=%d\n", SPP_ARGS(ifp), error); 4816 } 4817 #else 4818 /* delete old route */ 4819 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4820 if(debug && error) 4821 { 4822 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4823 SPP_ARGS(ifp), error); 4824 } 4825 4826 /* set new address */ 4827 si->sin_addr.s_addr = htonl(src); 4828 ia = ifatoia(ifa); 4829 LIST_REMOVE(ia, ia_hash); 4830 LIST_INSERT_HEAD(INADDR_HASH(si->sin_addr.s_addr), ia, ia_hash); 4831 4832 /* add new route */ 4833 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4834 if (debug && error) 4835 { 4836 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4837 SPP_ARGS(ifp), error); 4838 } 4839 #endif 4840 } 4841 } 4842 4843 #ifdef INET6 4844 /* 4845 * Get both IPv6 addresses. 4846 */ 4847 static void 4848 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4849 struct in6_addr *srcmask) 4850 { 4851 struct ifnet *ifp = &sp->pp_if; 4852 struct ifaddr *ifa; 4853 struct sockaddr_in6 *si, *sm; 4854 struct in6_addr ssrc, ddst; 4855 4856 sm = NULL; 4857 bzero(&ssrc, sizeof(ssrc)); 4858 bzero(&ddst, sizeof(ddst)); 4859 /* 4860 * Pick the first link-local AF_INET6 address from the list, 4861 * aliases don't make any sense on a p2p link anyway. 4862 */ 4863 #if defined(__DragonFly__) 4864 si = 0; 4865 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4866 #elif defined(__NetBSD__) || defined (__OpenBSD__) 4867 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 4868 ifa; 4869 ifa = ifa->ifa_list.tqe_next) 4870 #else 4871 for (ifa = ifp->if_addrlist, si = 0; 4872 ifa; 4873 ifa = ifa->ifa_next) 4874 #endif 4875 if (ifa->ifa_addr->sa_family == AF_INET6) { 4876 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4877 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4878 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4879 break; 4880 } 4881 if (ifa) { 4882 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 4883 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 4884 if (srcmask) { 4885 bcopy(&sm->sin6_addr, srcmask, 4886 sizeof(*srcmask)); 4887 } 4888 } 4889 4890 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 4891 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 4892 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 4893 } 4894 4895 if (dst) 4896 bcopy(&ddst, dst, sizeof(*dst)); 4897 if (src) 4898 bcopy(&ssrc, src, sizeof(*src)); 4899 } 4900 4901 #ifdef IPV6CP_MYIFID_DYN 4902 /* 4903 * Generate random ifid. 4904 */ 4905 static void 4906 sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 4907 { 4908 /* TBD */ 4909 } 4910 4911 /* 4912 * Set my IPv6 address. Must be called at splimp. 4913 */ 4914 static void 4915 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 4916 { 4917 STDDCL; 4918 struct ifaddr *ifa; 4919 struct sockaddr_in6 *sin6; 4920 4921 /* 4922 * Pick the first link-local AF_INET6 address from the list, 4923 * aliases don't make any sense on a p2p link anyway. 4924 */ 4925 4926 sin6 = NULL; 4927 #if defined(__DragonFly__) 4928 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4929 #elif defined(__NetBSD__) || defined (__OpenBSD__) 4930 for (ifa = ifp->if_addrlist.tqh_first; 4931 ifa; 4932 ifa = ifa->ifa_list.tqe_next) 4933 #else 4934 for (ifa = ifp->if_addrlist; ifa; ifa = ifa->ifa_next) 4935 #endif 4936 { 4937 if (ifa->ifa_addr->sa_family == AF_INET6) 4938 { 4939 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 4940 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 4941 break; 4942 } 4943 } 4944 4945 if (ifa && sin6) 4946 { 4947 int error; 4948 struct sockaddr_in6 new_sin6 = *sin6; 4949 4950 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 4951 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 4952 if (debug && error) 4953 { 4954 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 4955 " failed, error=%d\n", SPP_ARGS(ifp), error); 4956 } 4957 } 4958 } 4959 #endif 4960 4961 /* 4962 * Suggest a candidate address to be used by peer. 4963 */ 4964 static void 4965 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 4966 { 4967 struct in6_addr myaddr; 4968 struct timeval tv; 4969 4970 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 4971 4972 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 4973 microtime(&tv); 4974 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 4975 myaddr.s6_addr[14] ^= 0xff; 4976 myaddr.s6_addr[15] ^= 0xff; 4977 } else { 4978 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 4979 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 4980 } 4981 if (suggest) 4982 bcopy(&myaddr, suggest, sizeof(myaddr)); 4983 } 4984 #endif /*INET6*/ 4985 4986 static int 4987 sppp_params(struct sppp *sp, u_long cmd, void *data) 4988 { 4989 u_long subcmd; 4990 struct ifreq *ifr = (struct ifreq *)data; 4991 struct spppreq *spr; 4992 int rv = 0; 4993 4994 spr = malloc(sizeof(struct spppreq), M_TEMP, M_INTWAIT); 4995 4996 /* 4997 * ifr->ifr_data is supposed to point to a struct spppreq. 4998 * Check the cmd word first before attempting to fetch all the 4999 * data. 5000 */ 5001 if ((subcmd = fuword(ifr->ifr_data)) == -1) { 5002 rv = EFAULT; 5003 goto quit; 5004 } 5005 5006 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(struct spppreq)) != 0) { 5007 rv = EFAULT; 5008 goto quit; 5009 } 5010 5011 switch (subcmd) { 5012 case (int)SPPPIOGDEFS: 5013 if (cmd != SIOCGIFGENERIC) { 5014 rv = EINVAL; 5015 break; 5016 } 5017 /* 5018 * We copy over the entire current state, but clean 5019 * out some of the stuff we don't wanna pass up. 5020 * Remember, SIOCGIFGENERIC is unprotected, and can be 5021 * called by any user. No need to ever get PAP or 5022 * CHAP secrets back to userland anyway. 5023 */ 5024 spr->defs.pp_phase = sp->pp_phase; 5025 spr->defs.enable_vj = (sp->confflags & CONF_ENABLE_VJ) != 0; 5026 spr->defs.enable_ipv6 = (sp->confflags & CONF_ENABLE_IPV6) != 0; 5027 spr->defs.lcp = sp->lcp; 5028 spr->defs.ipcp = sp->ipcp; 5029 spr->defs.ipv6cp = sp->ipv6cp; 5030 spr->defs.myauth = sp->myauth; 5031 spr->defs.hisauth = sp->hisauth; 5032 bzero(spr->defs.myauth.secret, AUTHKEYLEN); 5033 bzero(spr->defs.myauth.challenge, AUTHKEYLEN); 5034 bzero(spr->defs.hisauth.secret, AUTHKEYLEN); 5035 bzero(spr->defs.hisauth.challenge, AUTHKEYLEN); 5036 /* 5037 * Fixup the LCP timeout value to milliseconds so 5038 * spppcontrol doesn't need to bother about the value 5039 * of "hz". We do the reverse calculation below when 5040 * setting it. 5041 */ 5042 spr->defs.lcp.timeout = sp->lcp.timeout * 1000 / hz; 5043 rv = copyout(spr, (caddr_t)ifr->ifr_data, 5044 sizeof(struct spppreq)); 5045 break; 5046 5047 case (int)SPPPIOSDEFS: 5048 if (cmd != SIOCSIFGENERIC) { 5049 rv = EINVAL; 5050 break; 5051 } 5052 /* 5053 * We have a very specific idea of which fields we 5054 * allow being passed back from userland, so to not 5055 * clobber our current state. For one, we only allow 5056 * setting anything if LCP is in dead or establish 5057 * phase. Once the authentication negotiations 5058 * started, the authentication settings must not be 5059 * changed again. (The administrator can force an 5060 * ifconfig down in order to get LCP back into dead 5061 * phase.) 5062 * 5063 * Also, we only allow for authentication parameters to be 5064 * specified. 5065 * 5066 * XXX Should allow to set or clear pp_flags. 5067 * 5068 * Finally, if the respective authentication protocol to 5069 * be used is set differently than 0, but the secret is 5070 * passed as all zeros, we don't trash the existing secret. 5071 * This allows an administrator to change the system name 5072 * only without clobbering the secret (which he didn't get 5073 * back in a previous SPPPIOGDEFS call). However, the 5074 * secrets are cleared if the authentication protocol is 5075 * reset to 0. */ 5076 if (sp->pp_phase != PHASE_DEAD && 5077 sp->pp_phase != PHASE_ESTABLISH) { 5078 rv = EBUSY; 5079 break; 5080 } 5081 5082 if ((spr->defs.myauth.proto != 0 && spr->defs.myauth.proto != PPP_PAP && 5083 spr->defs.myauth.proto != PPP_CHAP) || 5084 (spr->defs.hisauth.proto != 0 && spr->defs.hisauth.proto != PPP_PAP && 5085 spr->defs.hisauth.proto != PPP_CHAP)) { 5086 rv = EINVAL; 5087 break; 5088 } 5089 5090 if (spr->defs.myauth.proto == 0) 5091 /* resetting myauth */ 5092 bzero(&sp->myauth, sizeof sp->myauth); 5093 else { 5094 /* setting/changing myauth */ 5095 sp->myauth.proto = spr->defs.myauth.proto; 5096 bcopy(spr->defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 5097 if (spr->defs.myauth.secret[0] != '\0') 5098 bcopy(spr->defs.myauth.secret, sp->myauth.secret, 5099 AUTHKEYLEN); 5100 } 5101 if (spr->defs.hisauth.proto == 0) 5102 /* resetting hisauth */ 5103 bzero(&sp->hisauth, sizeof sp->hisauth); 5104 else { 5105 /* setting/changing hisauth */ 5106 sp->hisauth.proto = spr->defs.hisauth.proto; 5107 sp->hisauth.flags = spr->defs.hisauth.flags; 5108 bcopy(spr->defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 5109 if (spr->defs.hisauth.secret[0] != '\0') 5110 bcopy(spr->defs.hisauth.secret, sp->hisauth.secret, 5111 AUTHKEYLEN); 5112 } 5113 /* set LCP restart timer timeout */ 5114 if (spr->defs.lcp.timeout != 0) 5115 sp->lcp.timeout = spr->defs.lcp.timeout * hz / 1000; 5116 /* set VJ enable and IPv6 disable flags */ 5117 #ifdef INET 5118 if (spr->defs.enable_vj) 5119 sp->confflags |= CONF_ENABLE_VJ; 5120 else 5121 sp->confflags &= ~CONF_ENABLE_VJ; 5122 #endif 5123 #ifdef INET6 5124 if (spr->defs.enable_ipv6) 5125 sp->confflags |= CONF_ENABLE_IPV6; 5126 else 5127 sp->confflags &= ~CONF_ENABLE_IPV6; 5128 #endif 5129 break; 5130 5131 default: 5132 rv = EINVAL; 5133 } 5134 5135 quit: 5136 free(spr, M_TEMP); 5137 5138 return (rv); 5139 } 5140 5141 static void 5142 sppp_phase_network(struct sppp *sp) 5143 { 5144 STDDCL; 5145 int i; 5146 u_long mask; 5147 5148 sp->pp_phase = PHASE_NETWORK; 5149 5150 if (debug) 5151 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 5152 sppp_phase_name(sp->pp_phase)); 5153 5154 /* Notify NCPs now. */ 5155 for (i = 0; i < IDX_COUNT; i++) 5156 if ((cps[i])->flags & CP_NCP) 5157 (cps[i])->Open(sp); 5158 5159 /* Send Up events to all NCPs. */ 5160 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5161 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5162 (cps[i])->Up(sp); 5163 5164 /* if no NCP is starting, all this was in vain, close down */ 5165 sppp_lcp_check_and_close(sp); 5166 } 5167 5168 5169 static const char * 5170 sppp_cp_type_name(u_char type) 5171 { 5172 static char buf[12]; 5173 switch (type) { 5174 case CONF_REQ: return "conf-req"; 5175 case CONF_ACK: return "conf-ack"; 5176 case CONF_NAK: return "conf-nak"; 5177 case CONF_REJ: return "conf-rej"; 5178 case TERM_REQ: return "term-req"; 5179 case TERM_ACK: return "term-ack"; 5180 case CODE_REJ: return "code-rej"; 5181 case PROTO_REJ: return "proto-rej"; 5182 case ECHO_REQ: return "echo-req"; 5183 case ECHO_REPLY: return "echo-reply"; 5184 case DISC_REQ: return "discard-req"; 5185 } 5186 snprintf (buf, sizeof(buf), "cp/0x%x", type); 5187 return buf; 5188 } 5189 5190 static const char * 5191 sppp_auth_type_name(u_short proto, u_char type) 5192 { 5193 static char buf[12]; 5194 switch (proto) { 5195 case PPP_CHAP: 5196 switch (type) { 5197 case CHAP_CHALLENGE: return "challenge"; 5198 case CHAP_RESPONSE: return "response"; 5199 case CHAP_SUCCESS: return "success"; 5200 case CHAP_FAILURE: return "failure"; 5201 } 5202 case PPP_PAP: 5203 switch (type) { 5204 case PAP_REQ: return "req"; 5205 case PAP_ACK: return "ack"; 5206 case PAP_NAK: return "nak"; 5207 } 5208 } 5209 snprintf (buf, sizeof(buf), "auth/0x%x", type); 5210 return buf; 5211 } 5212 5213 static const char * 5214 sppp_lcp_opt_name(u_char opt) 5215 { 5216 static char buf[12]; 5217 switch (opt) { 5218 case LCP_OPT_MRU: return "mru"; 5219 case LCP_OPT_ASYNC_MAP: return "async-map"; 5220 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5221 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5222 case LCP_OPT_MAGIC: return "magic"; 5223 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5224 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5225 } 5226 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 5227 return buf; 5228 } 5229 5230 static const char * 5231 sppp_ipcp_opt_name(u_char opt) 5232 { 5233 static char buf[12]; 5234 switch (opt) { 5235 case IPCP_OPT_ADDRESSES: return "addresses"; 5236 case IPCP_OPT_COMPRESSION: return "compression"; 5237 case IPCP_OPT_ADDRESS: return "address"; 5238 } 5239 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 5240 return buf; 5241 } 5242 5243 #ifdef INET6 5244 static const char * 5245 sppp_ipv6cp_opt_name(u_char opt) 5246 { 5247 static char buf[12]; 5248 switch (opt) { 5249 case IPV6CP_OPT_IFID: return "ifid"; 5250 case IPV6CP_OPT_COMPRESSION: return "compression"; 5251 } 5252 sprintf (buf, "0x%x", opt); 5253 return buf; 5254 } 5255 #endif 5256 5257 static const char * 5258 sppp_state_name(int state) 5259 { 5260 switch (state) { 5261 case STATE_INITIAL: return "initial"; 5262 case STATE_STARTING: return "starting"; 5263 case STATE_CLOSED: return "closed"; 5264 case STATE_STOPPED: return "stopped"; 5265 case STATE_CLOSING: return "closing"; 5266 case STATE_STOPPING: return "stopping"; 5267 case STATE_REQ_SENT: return "req-sent"; 5268 case STATE_ACK_RCVD: return "ack-rcvd"; 5269 case STATE_ACK_SENT: return "ack-sent"; 5270 case STATE_OPENED: return "opened"; 5271 } 5272 return "illegal"; 5273 } 5274 5275 static const char * 5276 sppp_phase_name(enum ppp_phase phase) 5277 { 5278 switch (phase) { 5279 case PHASE_DEAD: return "dead"; 5280 case PHASE_ESTABLISH: return "establish"; 5281 case PHASE_TERMINATE: return "terminate"; 5282 case PHASE_AUTHENTICATE: return "authenticate"; 5283 case PHASE_NETWORK: return "network"; 5284 } 5285 return "illegal"; 5286 } 5287 5288 static const char * 5289 sppp_proto_name(u_short proto) 5290 { 5291 static char buf[12]; 5292 switch (proto) { 5293 case PPP_LCP: return "lcp"; 5294 case PPP_IPCP: return "ipcp"; 5295 case PPP_PAP: return "pap"; 5296 case PPP_CHAP: return "chap"; 5297 case PPP_IPV6CP: return "ipv6cp"; 5298 } 5299 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 5300 return buf; 5301 } 5302 5303 static void 5304 sppp_print_bytes(const u_char *p, u_short len) 5305 { 5306 if (len) 5307 addlog(" %*D", len, p, "-"); 5308 } 5309 5310 static void 5311 sppp_print_string(const char *p, u_short len) 5312 { 5313 u_char c; 5314 5315 while (len-- > 0) { 5316 c = *p++; 5317 /* 5318 * Print only ASCII chars directly. RFC 1994 recommends 5319 * using only them, but we don't rely on it. */ 5320 if (c < ' ' || c > '~') 5321 addlog("\\x%x", c); 5322 else 5323 addlog("%c", c); 5324 } 5325 } 5326 5327 static const char * 5328 sppp_dotted_quad(u_long addr) 5329 { 5330 static char s[16]; 5331 sprintf(s, "%d.%d.%d.%d", 5332 (int)((addr >> 24) & 0xff), 5333 (int)((addr >> 16) & 0xff), 5334 (int)((addr >> 8) & 0xff), 5335 (int)(addr & 0xff)); 5336 return s; 5337 } 5338 5339 static int 5340 sppp_strnlen(u_char *p, int max) 5341 { 5342 int len; 5343 5344 for (len = 0; len < max && *p; ++p) 5345 ++len; 5346 return len; 5347 } 5348 5349 /* a dummy, used to drop uninteresting events */ 5350 static void 5351 sppp_null(struct sppp *unused) 5352 { 5353 /* do just nothing */ 5354 } 5355