1 /* 2 * Synchronous PPP/Cisco link level subroutines. 3 * Keepalive protocol implemented in both Cisco and PPP modes. 4 * 5 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 6 * Author: Serge Vakulenko, <vak@cronyx.ru> 7 * 8 * Heavily revamped to conform to RFC 1661. 9 * Copyright (C) 1997, 2001 Joerg Wunsch. 10 * 11 * This software is distributed with NO WARRANTIES, not even the implied 12 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 13 * 14 * Authors grant any other persons or organisations permission to use 15 * or modify this software as long as this message is kept with the software, 16 * all derivative works or modified versions. 17 * 18 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 19 * 20 * $FreeBSD: src/sys/net/if_spppsubr.c,v 1.59.2.13 2002/07/03 15:44:41 joerg Exp $ 21 * $DragonFly: src/sys/net/sppp/if_spppsubr.c,v 1.23 2006/01/14 11:05:18 swildner Exp $ 22 */ 23 24 #include <sys/param.h> 25 26 #if defined(__DragonFly__) 27 #include "opt_inet.h" 28 #include "opt_inet6.h" 29 #include "opt_ipx.h" 30 #endif 31 32 #ifdef NetBSD1_3 33 # if NetBSD1_3 > 6 34 # include "opt_inet.h" 35 # include "opt_inet6.h" 36 # include "opt_iso.h" 37 # endif 38 #endif 39 40 #include <sys/systm.h> 41 #include <sys/kernel.h> 42 #include <sys/module.h> 43 #include <sys/sockio.h> 44 #include <sys/socket.h> 45 #include <sys/syslog.h> 46 #if defined(__DragonFly__) 47 #include <sys/random.h> 48 #include <sys/thread2.h> 49 #endif 50 #include <sys/malloc.h> 51 #include <sys/mbuf.h> 52 53 #if defined (__OpenBSD__) 54 #include <sys/md5k.h> 55 #else 56 #include <sys/md5.h> 57 #endif 58 59 #include <net/if.h> 60 #include <net/ifq_var.h> 61 #include <net/netisr.h> 62 #include <net/if_types.h> 63 #include <net/route.h> 64 #include <netinet/in.h> 65 #include <netinet/in_systm.h> 66 #include <netinet/ip.h> 67 #include <net/slcompress.h> 68 69 #if defined (__NetBSD__) || defined (__OpenBSD__) 70 #include <machine/cpu.h> /* XXX for softnet */ 71 #endif 72 73 #include <machine/stdarg.h> 74 75 #include <netinet/in.h> 76 #include <netinet/in_systm.h> 77 #include <netinet/in_var.h> 78 79 #ifdef INET 80 #include <netinet/ip.h> 81 #include <netinet/tcp.h> 82 #endif 83 84 #if defined (__DragonFly__) || defined (__OpenBSD__) 85 # include <netinet/if_ether.h> 86 #else 87 # include <net/ethertypes.h> 88 #endif 89 90 #ifdef IPX 91 #include <netproto/ipx/ipx.h> 92 #include <netproto/ipx/ipx_if.h> 93 #endif 94 95 #ifdef NS 96 #include <netns/ns.h> 97 #include <netns/ns_if.h> 98 #endif 99 100 #include "if_sppp.h" 101 102 #define IOCTL_CMD_T u_long 103 #define MAXALIVECNT 3 /* max. alive packets */ 104 105 /* 106 * Interface flags that can be set in an ifconfig command. 107 * 108 * Setting link0 will make the link passive, i.e. it will be marked 109 * as being administrative openable, but won't be opened to begin 110 * with. Incoming calls will be answered, or subsequent calls with 111 * -link1 will cause the administrative open of the LCP layer. 112 * 113 * Setting link1 will cause the link to auto-dial only as packets 114 * arrive to be sent. 115 * 116 * Setting IFF_DEBUG will syslog the option negotiation and state 117 * transitions at level kern.debug. Note: all logs consistently look 118 * like 119 * 120 * <if-name><unit>: <proto-name> <additional info...> 121 * 122 * with <if-name><unit> being something like "bppp0", and <proto-name> 123 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 124 */ 125 126 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 127 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 128 #define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 129 130 #define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 131 #define PPP_UI 0x03 /* Unnumbered Information */ 132 #define PPP_IP 0x0021 /* Internet Protocol */ 133 #define PPP_ISO 0x0023 /* ISO OSI Protocol */ 134 #define PPP_XNS 0x0025 /* Xerox NS Protocol */ 135 #define PPP_IPX 0x002b /* Novell IPX Protocol */ 136 #define PPP_VJ_COMP 0x002d /* VJ compressed TCP/IP */ 137 #define PPP_VJ_UCOMP 0x002f /* VJ uncompressed TCP/IP */ 138 #define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */ 139 #define PPP_LCP 0xc021 /* Link Control Protocol */ 140 #define PPP_PAP 0xc023 /* Password Authentication Protocol */ 141 #define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 142 #define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 143 #define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 144 145 #define CONF_REQ 1 /* PPP configure request */ 146 #define CONF_ACK 2 /* PPP configure acknowledge */ 147 #define CONF_NAK 3 /* PPP configure negative ack */ 148 #define CONF_REJ 4 /* PPP configure reject */ 149 #define TERM_REQ 5 /* PPP terminate request */ 150 #define TERM_ACK 6 /* PPP terminate acknowledge */ 151 #define CODE_REJ 7 /* PPP code reject */ 152 #define PROTO_REJ 8 /* PPP protocol reject */ 153 #define ECHO_REQ 9 /* PPP echo request */ 154 #define ECHO_REPLY 10 /* PPP echo reply */ 155 #define DISC_REQ 11 /* PPP discard request */ 156 157 #define LCP_OPT_MRU 1 /* maximum receive unit */ 158 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 159 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 160 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 161 #define LCP_OPT_MAGIC 5 /* magic number */ 162 #define LCP_OPT_RESERVED 6 /* reserved */ 163 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 164 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 165 166 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 167 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 168 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 169 170 #define IPV6CP_OPT_IFID 1 /* interface identifier */ 171 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 172 173 #define IPCP_COMP_VJ 0x2d /* Code for VJ compression */ 174 175 #define PAP_REQ 1 /* PAP name/password request */ 176 #define PAP_ACK 2 /* PAP acknowledge */ 177 #define PAP_NAK 3 /* PAP fail */ 178 179 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 180 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 181 #define CHAP_SUCCESS 3 /* CHAP response ok */ 182 #define CHAP_FAILURE 4 /* CHAP response failed */ 183 184 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 185 186 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 187 #define CISCO_UNICAST 0x0f /* Cisco unicast address */ 188 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 189 #define CISCO_ADDR_REQ 0 /* Cisco address request */ 190 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 191 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 192 193 /* states are named and numbered according to RFC 1661 */ 194 #define STATE_INITIAL 0 195 #define STATE_STARTING 1 196 #define STATE_CLOSED 2 197 #define STATE_STOPPED 3 198 #define STATE_CLOSING 4 199 #define STATE_STOPPING 5 200 #define STATE_REQ_SENT 6 201 #define STATE_ACK_RCVD 7 202 #define STATE_ACK_SENT 8 203 #define STATE_OPENED 9 204 205 struct ppp_header { 206 u_char address; 207 u_char control; 208 u_short protocol; 209 } __attribute__((__packed__)); 210 #define PPP_HEADER_LEN sizeof (struct ppp_header) 211 212 struct lcp_header { 213 u_char type; 214 u_char ident; 215 u_short len; 216 } __attribute__((__packed__)); 217 #define LCP_HEADER_LEN sizeof (struct lcp_header) 218 219 struct cisco_packet { 220 u_long type; 221 u_long par1; 222 u_long par2; 223 u_short rel; 224 u_short time0; 225 u_short time1; 226 } __attribute__((__packed__)); 227 #define CISCO_PACKET_LEN sizeof (struct cisco_packet) 228 229 /* 230 * We follow the spelling and capitalization of RFC 1661 here, to make 231 * it easier comparing with the standard. Please refer to this RFC in 232 * case you can't make sense out of these abbreviation; it will also 233 * explain the semantics related to the various events and actions. 234 */ 235 struct cp { 236 u_short proto; /* PPP control protocol number */ 237 u_char protoidx; /* index into state table in struct sppp */ 238 u_char flags; 239 #define CP_LCP 0x01 /* this is the LCP */ 240 #define CP_AUTH 0x02 /* this is an authentication protocol */ 241 #define CP_NCP 0x04 /* this is a NCP */ 242 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 243 const char *name; /* name of this control protocol */ 244 /* event handlers */ 245 void (*Up)(struct sppp *sp); 246 void (*Down)(struct sppp *sp); 247 void (*Open)(struct sppp *sp); 248 void (*Close)(struct sppp *sp); 249 void (*TO)(void *sp); 250 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 251 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 252 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 253 /* actions */ 254 void (*tlu)(struct sppp *sp); 255 void (*tld)(struct sppp *sp); 256 void (*tls)(struct sppp *sp); 257 void (*tlf)(struct sppp *sp); 258 void (*scr)(struct sppp *sp); 259 }; 260 261 static struct sppp *spppq; 262 #if defined(__DragonFly__) 263 static struct callout keepalive_timeout; 264 #endif 265 266 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 && !defined(__DragonFly__) 267 #define SPP_FMT "%s%d: " 268 #define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 269 #else 270 #define SPP_FMT "%s: " 271 #define SPP_ARGS(ifp) (ifp)->if_xname 272 #endif 273 274 #ifdef INET 275 /* 276 * The following disgusting hack gets around the problem that IP TOS 277 * can't be set yet. We want to put "interactive" traffic on a high 278 * priority queue. To decide if traffic is interactive, we check that 279 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 280 * 281 * XXX is this really still necessary? - joerg - 282 */ 283 static u_short interactive_ports[8] = { 284 0, 513, 0, 0, 285 0, 21, 0, 23, 286 }; 287 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 288 #endif 289 290 /* almost every function needs these */ 291 #define STDDCL \ 292 struct ifnet *ifp = &sp->pp_if; \ 293 int debug = ifp->if_flags & IFF_DEBUG 294 295 static int sppp_output(struct ifnet *ifp, struct mbuf *m, 296 struct sockaddr *dst, struct rtentry *rt); 297 298 static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 299 static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 300 301 static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 302 struct mbuf *m); 303 static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 304 u_char ident, u_short len, void *data); 305 /* static void sppp_cp_timeout(void *arg); */ 306 static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 307 int newstate); 308 static void sppp_auth_send(const struct cp *cp, 309 struct sppp *sp, unsigned int type, unsigned int id, 310 ...); 311 312 static void sppp_up_event(const struct cp *cp, struct sppp *sp); 313 static void sppp_down_event(const struct cp *cp, struct sppp *sp); 314 static void sppp_open_event(const struct cp *cp, struct sppp *sp); 315 static void sppp_close_event(const struct cp *cp, struct sppp *sp); 316 static void sppp_to_event(const struct cp *cp, struct sppp *sp); 317 318 static void sppp_null(struct sppp *sp); 319 320 static void sppp_lcp_init(struct sppp *sp); 321 static void sppp_lcp_up(struct sppp *sp); 322 static void sppp_lcp_down(struct sppp *sp); 323 static void sppp_lcp_open(struct sppp *sp); 324 static void sppp_lcp_close(struct sppp *sp); 325 static void sppp_lcp_TO(void *sp); 326 static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 327 static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 328 static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 329 static void sppp_lcp_tlu(struct sppp *sp); 330 static void sppp_lcp_tld(struct sppp *sp); 331 static void sppp_lcp_tls(struct sppp *sp); 332 static void sppp_lcp_tlf(struct sppp *sp); 333 static void sppp_lcp_scr(struct sppp *sp); 334 static void sppp_lcp_check_and_close(struct sppp *sp); 335 static int sppp_ncp_check(struct sppp *sp); 336 337 static void sppp_ipcp_init(struct sppp *sp); 338 static void sppp_ipcp_up(struct sppp *sp); 339 static void sppp_ipcp_down(struct sppp *sp); 340 static void sppp_ipcp_open(struct sppp *sp); 341 static void sppp_ipcp_close(struct sppp *sp); 342 static void sppp_ipcp_TO(void *sp); 343 static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 344 static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 345 static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 346 static void sppp_ipcp_tlu(struct sppp *sp); 347 static void sppp_ipcp_tld(struct sppp *sp); 348 static void sppp_ipcp_tls(struct sppp *sp); 349 static void sppp_ipcp_tlf(struct sppp *sp); 350 static void sppp_ipcp_scr(struct sppp *sp); 351 352 static void sppp_ipv6cp_init(struct sppp *sp); 353 static void sppp_ipv6cp_up(struct sppp *sp); 354 static void sppp_ipv6cp_down(struct sppp *sp); 355 static void sppp_ipv6cp_open(struct sppp *sp); 356 static void sppp_ipv6cp_close(struct sppp *sp); 357 static void sppp_ipv6cp_TO(void *sp); 358 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 359 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 360 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 361 static void sppp_ipv6cp_tlu(struct sppp *sp); 362 static void sppp_ipv6cp_tld(struct sppp *sp); 363 static void sppp_ipv6cp_tls(struct sppp *sp); 364 static void sppp_ipv6cp_tlf(struct sppp *sp); 365 static void sppp_ipv6cp_scr(struct sppp *sp); 366 367 static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 368 static void sppp_pap_init(struct sppp *sp); 369 static void sppp_pap_open(struct sppp *sp); 370 static void sppp_pap_close(struct sppp *sp); 371 static void sppp_pap_TO(void *sp); 372 static void sppp_pap_my_TO(void *sp); 373 static void sppp_pap_tlu(struct sppp *sp); 374 static void sppp_pap_tld(struct sppp *sp); 375 static void sppp_pap_scr(struct sppp *sp); 376 377 static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 378 static void sppp_chap_init(struct sppp *sp); 379 static void sppp_chap_open(struct sppp *sp); 380 static void sppp_chap_close(struct sppp *sp); 381 static void sppp_chap_TO(void *sp); 382 static void sppp_chap_tlu(struct sppp *sp); 383 static void sppp_chap_tld(struct sppp *sp); 384 static void sppp_chap_scr(struct sppp *sp); 385 386 static const char *sppp_auth_type_name(u_short proto, u_char type); 387 static const char *sppp_cp_type_name(u_char type); 388 static const char *sppp_dotted_quad(u_long addr); 389 static const char *sppp_ipcp_opt_name(u_char opt); 390 #ifdef INET6 391 static const char *sppp_ipv6cp_opt_name(u_char opt); 392 #endif 393 static const char *sppp_lcp_opt_name(u_char opt); 394 static const char *sppp_phase_name(enum ppp_phase phase); 395 static const char *sppp_proto_name(u_short proto); 396 static const char *sppp_state_name(int state); 397 static int sppp_params(struct sppp *sp, u_long cmd, void *data); 398 static int sppp_strnlen(u_char *p, int max); 399 static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 400 u_long *srcmask); 401 static void sppp_keepalive(void *dummy); 402 static void sppp_phase_network(struct sppp *sp); 403 static void sppp_print_bytes(const u_char *p, u_short len); 404 static void sppp_print_string(const char *p, u_short len); 405 static void sppp_set_ip_addr(struct sppp *sp, u_long src); 406 #ifdef INET6 407 static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 408 struct in6_addr *dst, struct in6_addr *srcmask); 409 #ifdef IPV6CP_MYIFID_DYN 410 static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 411 static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 412 #endif 413 static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 414 #endif 415 416 /* our control protocol descriptors */ 417 static const struct cp lcp = { 418 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 419 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 420 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 421 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 422 sppp_lcp_scr 423 }; 424 425 static const struct cp ipcp = { 426 PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp", 427 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 428 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 429 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 430 sppp_ipcp_scr 431 }; 432 433 static const struct cp ipv6cp = { 434 PPP_IPV6CP, IDX_IPV6CP, 435 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 436 CP_NCP, 437 #else 438 0, 439 #endif 440 "ipv6cp", 441 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 442 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 443 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 444 sppp_ipv6cp_scr 445 }; 446 447 static const struct cp pap = { 448 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 449 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 450 sppp_pap_TO, 0, 0, 0, 451 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 452 sppp_pap_scr 453 }; 454 455 static const struct cp chap = { 456 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 457 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 458 sppp_chap_TO, 0, 0, 0, 459 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 460 sppp_chap_scr 461 }; 462 463 static const struct cp *cps[IDX_COUNT] = { 464 &lcp, /* IDX_LCP */ 465 &ipcp, /* IDX_IPCP */ 466 &ipv6cp, /* IDX_IPV6CP */ 467 &pap, /* IDX_PAP */ 468 &chap, /* IDX_CHAP */ 469 }; 470 471 static int 472 sppp_modevent(module_t mod, int type, void *unused) 473 { 474 switch (type) { 475 case MOD_LOAD: 476 break; 477 case MOD_UNLOAD: 478 return EACCES; 479 break; 480 default: 481 break; 482 } 483 return 0; 484 } 485 static moduledata_t spppmod = { 486 "sppp", 487 sppp_modevent, 488 0 489 }; 490 MODULE_VERSION(sppp, 1); 491 DECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY); 492 493 /* 494 * Exported functions, comprising our interface to the lower layer. 495 */ 496 497 /* 498 * Process the received packet. 499 */ 500 void 501 sppp_input(struct ifnet *ifp, struct mbuf *m) 502 { 503 struct ppp_header *h; 504 int isr = -1; 505 struct sppp *sp = (struct sppp *)ifp; 506 u_char *iphdr; 507 int hlen, vjlen, do_account = 0; 508 int debug = ifp->if_flags & IFF_DEBUG; 509 510 if (ifp->if_flags & IFF_UP) 511 /* Count received bytes, add FCS and one flag */ 512 ifp->if_ibytes += m->m_pkthdr.len + 3; 513 514 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 515 /* Too small packet, drop it. */ 516 if (debug) 517 log(LOG_DEBUG, 518 SPP_FMT "input packet is too small, %d bytes\n", 519 SPP_ARGS(ifp), m->m_pkthdr.len); 520 drop: 521 m_freem (m); 522 drop2: 523 ++ifp->if_ierrors; 524 ++ifp->if_iqdrops; 525 return; 526 } 527 528 /* Get PPP header. */ 529 h = mtod (m, struct ppp_header*); 530 m_adj (m, PPP_HEADER_LEN); 531 532 switch (h->address) { 533 case PPP_ALLSTATIONS: 534 if (h->control != PPP_UI) 535 goto invalid; 536 if (sp->pp_mode == IFF_CISCO) { 537 if (debug) 538 log(LOG_DEBUG, 539 SPP_FMT "PPP packet in Cisco mode " 540 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 541 SPP_ARGS(ifp), 542 h->address, h->control, ntohs(h->protocol)); 543 goto drop; 544 } 545 switch (ntohs (h->protocol)) { 546 default: 547 if (debug) 548 log(LOG_DEBUG, 549 SPP_FMT "rejecting protocol " 550 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 551 SPP_ARGS(ifp), 552 h->address, h->control, ntohs(h->protocol)); 553 if (sp->state[IDX_LCP] == STATE_OPENED) 554 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 555 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 556 &h->protocol); 557 ++ifp->if_noproto; 558 goto drop; 559 case PPP_LCP: 560 sppp_cp_input(&lcp, sp, m); 561 m_freem (m); 562 return; 563 case PPP_PAP: 564 if (sp->pp_phase >= PHASE_AUTHENTICATE) 565 sppp_pap_input(sp, m); 566 m_freem (m); 567 return; 568 case PPP_CHAP: 569 if (sp->pp_phase >= PHASE_AUTHENTICATE) 570 sppp_chap_input(sp, m); 571 m_freem (m); 572 return; 573 #ifdef INET 574 case PPP_IPCP: 575 if (sp->pp_phase == PHASE_NETWORK) 576 sppp_cp_input(&ipcp, sp, m); 577 m_freem (m); 578 return; 579 case PPP_IP: 580 if (sp->state[IDX_IPCP] == STATE_OPENED) { 581 isr = NETISR_IP; 582 } 583 do_account++; 584 break; 585 case PPP_VJ_COMP: 586 if (sp->state[IDX_IPCP] == STATE_OPENED) { 587 if ((vjlen = 588 sl_uncompress_tcp_core(mtod(m, u_char *), 589 m->m_len, m->m_len, 590 TYPE_COMPRESSED_TCP, 591 sp->pp_comp, 592 &iphdr, &hlen)) <= 0) { 593 if (debug) 594 log(LOG_INFO, 595 SPP_FMT "VJ uncompress failed on compressed packet\n", 596 SPP_ARGS(ifp)); 597 goto drop; 598 } 599 600 /* 601 * Trim the VJ header off the packet, and prepend 602 * the uncompressed IP header (which will usually 603 * end up in two chained mbufs since there's not 604 * enough leading space in the existing mbuf). 605 */ 606 m_adj(m, vjlen); 607 M_PREPEND(m, hlen, MB_DONTWAIT); 608 if (m == NULL) 609 goto drop2; 610 bcopy(iphdr, mtod(m, u_char *), hlen); 611 612 isr = NETISR_IP; 613 } 614 do_account++; 615 break; 616 case PPP_VJ_UCOMP: 617 if (sp->state[IDX_IPCP] == STATE_OPENED) { 618 if (sl_uncompress_tcp_core(mtod(m, u_char *), 619 m->m_len, m->m_len, 620 TYPE_UNCOMPRESSED_TCP, 621 sp->pp_comp, 622 &iphdr, &hlen) != 0) { 623 if (debug) 624 log(LOG_INFO, 625 SPP_FMT "VJ uncompress failed on uncompressed packet\n", 626 SPP_ARGS(ifp)); 627 goto drop; 628 } 629 isr = NETISR_IP; 630 } 631 do_account++; 632 break; 633 #endif 634 #ifdef INET6 635 case PPP_IPV6CP: 636 if (sp->pp_phase == PHASE_NETWORK) 637 sppp_cp_input(&ipv6cp, sp, m); 638 m_freem (m); 639 return; 640 641 case PPP_IPV6: 642 if (sp->state[IDX_IPV6CP] == STATE_OPENED) { 643 isr = NETISR_IPV6; 644 } 645 do_account++; 646 break; 647 #endif 648 #ifdef IPX 649 case PPP_IPX: 650 /* IPX IPXCP not implemented yet */ 651 if (sp->pp_phase == PHASE_NETWORK) { 652 isr = NETISR_IPX; 653 } 654 do_account++; 655 break; 656 #endif 657 #ifdef NS 658 case PPP_XNS: 659 /* XNS IDPCP not implemented yet */ 660 if (sp->pp_phase == PHASE_NETWORK) { 661 isr = NETISR_NS; 662 } 663 do_account++; 664 break; 665 #endif 666 } 667 break; 668 case CISCO_MULTICAST: 669 case CISCO_UNICAST: 670 /* Don't check the control field here (RFC 1547). */ 671 if (sp->pp_mode != IFF_CISCO) { 672 if (debug) 673 log(LOG_DEBUG, 674 SPP_FMT "Cisco packet in PPP mode " 675 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 676 SPP_ARGS(ifp), 677 h->address, h->control, ntohs(h->protocol)); 678 goto drop; 679 } 680 switch (ntohs (h->protocol)) { 681 default: 682 ++ifp->if_noproto; 683 goto invalid; 684 case CISCO_KEEPALIVE: 685 sppp_cisco_input ((struct sppp*) ifp, m); 686 m_freem (m); 687 return; 688 #ifdef INET 689 case ETHERTYPE_IP: 690 isr = NETISR_IP; 691 do_account++; 692 break; 693 #endif 694 #ifdef INET6 695 case ETHERTYPE_IPV6: 696 isr = NETISR_IPV6; 697 do_account++; 698 break; 699 #endif 700 #ifdef IPX 701 case ETHERTYPE_IPX: 702 isr = NETISR_IPX; 703 do_account++; 704 break; 705 #endif 706 #ifdef NS 707 case ETHERTYPE_NS: 708 isr = NETISR_NS 709 do_account++; 710 break; 711 #endif 712 } 713 break; 714 default: /* Invalid PPP packet. */ 715 invalid: 716 if (debug) 717 log(LOG_DEBUG, 718 SPP_FMT "invalid input packet " 719 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 720 SPP_ARGS(ifp), 721 h->address, h->control, ntohs(h->protocol)); 722 goto drop; 723 } 724 725 if (! (ifp->if_flags & IFF_UP) || isr < 0) 726 goto drop; 727 728 /* Check queue. */ 729 730 netisr_dispatch(isr, m); 731 if (do_account) 732 /* 733 * Do only account for network packets, not for control 734 * packets. This is used by some subsystems to detect 735 * idle lines. 736 */ 737 sp->pp_last_recv = time_second; 738 } 739 740 /* 741 * Enqueue transmit packet. 742 */ 743 static int 744 sppp_output(struct ifnet *ifp, struct mbuf *m, 745 struct sockaddr *dst, struct rtentry *rt) 746 { 747 struct sppp *sp = (struct sppp*) ifp; 748 struct ppp_header *h; 749 struct ifqueue *ifq = NULL; 750 int rv = 0; 751 int ipproto = PPP_IP; 752 int debug = ifp->if_flags & IFF_DEBUG; 753 struct altq_pktattr pktattr; 754 755 crit_enter(); 756 757 if ((ifp->if_flags & IFF_UP) == 0 || 758 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 759 #ifdef INET6 760 drop: 761 #endif 762 m_freem (m); 763 crit_exit(); 764 return (ENETDOWN); 765 } 766 767 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 768 #ifdef INET6 769 /* 770 * XXX 771 * 772 * Hack to prevent the initialization-time generated 773 * IPv6 multicast packet to erroneously cause a 774 * dialout event in case IPv6 has been 775 * administratively disabled on that interface. 776 */ 777 if (dst->sa_family == AF_INET6 && 778 !(sp->confflags & CONF_ENABLE_IPV6)) 779 goto drop; 780 #endif 781 /* 782 * Interface is not yet running, but auto-dial. Need 783 * to start LCP for it. 784 */ 785 ifp->if_flags |= IFF_RUNNING; 786 crit_exit(); 787 lcp.Open(sp); 788 crit_enter(); 789 } 790 791 /* 792 * if the queueing discipline needs packet classification, 793 * do it before prepending link headers. 794 */ 795 ifq_classify(&ifp->if_snd, m, dst->sa_family, &pktattr); 796 797 #ifdef INET 798 if (dst->sa_family == AF_INET) { 799 /* XXX Check mbuf length here? */ 800 struct ip *ip = mtod (m, struct ip*); 801 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 802 803 /* 804 * When using dynamic local IP address assignment by using 805 * 0.0.0.0 as a local address, the first TCP session will 806 * not connect because the local TCP checksum is computed 807 * using 0.0.0.0 which will later become our real IP address 808 * so the TCP checksum computed at the remote end will 809 * become invalid. So we 810 * - don't let packets with src ip addr 0 thru 811 * - we flag TCP packets with src ip 0 as an error 812 */ 813 814 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 815 { 816 m_freem(m); 817 crit_exit(); 818 if(ip->ip_p == IPPROTO_TCP) 819 return(EADDRNOTAVAIL); 820 else 821 return(0); 822 } 823 824 /* 825 * Put low delay, telnet, rlogin and ftp control packets 826 * in front of the queue. 827 */ 828 if (IF_QFULL (&sp->pp_fastq)) 829 ; 830 else if (ip->ip_tos & IPTOS_LOWDELAY) 831 ifq = &sp->pp_fastq; 832 else if (m->m_len < sizeof *ip + sizeof *tcp) 833 ; 834 else if (ip->ip_p != IPPROTO_TCP) 835 ; 836 else if (INTERACTIVE (ntohs (tcp->th_sport))) 837 ifq = &sp->pp_fastq; 838 else if (INTERACTIVE (ntohs (tcp->th_dport))) 839 ifq = &sp->pp_fastq; 840 841 /* 842 * Do IP Header compression 843 */ 844 if (sp->pp_mode != IFF_CISCO && (sp->ipcp.flags & IPCP_VJ) && 845 ip->ip_p == IPPROTO_TCP) 846 switch (sl_compress_tcp(m, ip, sp->pp_comp, 847 sp->ipcp.compress_cid)) { 848 case TYPE_COMPRESSED_TCP: 849 ipproto = PPP_VJ_COMP; 850 break; 851 case TYPE_UNCOMPRESSED_TCP: 852 ipproto = PPP_VJ_UCOMP; 853 break; 854 case TYPE_IP: 855 ipproto = PPP_IP; 856 break; 857 default: 858 m_freem(m); 859 crit_exit(); 860 return (EINVAL); 861 } 862 } 863 #endif 864 865 #ifdef INET6 866 if (dst->sa_family == AF_INET6) { 867 /* XXX do something tricky here? */ 868 } 869 #endif 870 871 /* 872 * Prepend general data packet PPP header. For now, IP only. 873 */ 874 M_PREPEND (m, PPP_HEADER_LEN, MB_DONTWAIT); 875 if (! m) { 876 if (debug) 877 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 878 SPP_ARGS(ifp)); 879 ++ifp->if_oerrors; 880 crit_exit(); 881 return (ENOBUFS); 882 } 883 /* 884 * May want to check size of packet 885 * (albeit due to the implementation it's always enough) 886 */ 887 h = mtod (m, struct ppp_header*); 888 if (sp->pp_mode == IFF_CISCO) { 889 h->address = CISCO_UNICAST; /* unicast address */ 890 h->control = 0; 891 } else { 892 h->address = PPP_ALLSTATIONS; /* broadcast address */ 893 h->control = PPP_UI; /* Unnumbered Info */ 894 } 895 896 switch (dst->sa_family) { 897 #ifdef INET 898 case AF_INET: /* Internet Protocol */ 899 if (sp->pp_mode == IFF_CISCO) 900 h->protocol = htons (ETHERTYPE_IP); 901 else { 902 /* 903 * Don't choke with an ENETDOWN early. It's 904 * possible that we just started dialing out, 905 * so don't drop the packet immediately. If 906 * we notice that we run out of buffer space 907 * below, we will however remember that we are 908 * not ready to carry IP packets, and return 909 * ENETDOWN, as opposed to ENOBUFS. 910 */ 911 h->protocol = htons(ipproto); 912 if (sp->state[IDX_IPCP] != STATE_OPENED) 913 rv = ENETDOWN; 914 } 915 break; 916 #endif 917 #ifdef INET6 918 case AF_INET6: /* Internet Protocol */ 919 if (sp->pp_mode == IFF_CISCO) 920 h->protocol = htons (ETHERTYPE_IPV6); 921 else { 922 /* 923 * Don't choke with an ENETDOWN early. It's 924 * possible that we just started dialing out, 925 * so don't drop the packet immediately. If 926 * we notice that we run out of buffer space 927 * below, we will however remember that we are 928 * not ready to carry IP packets, and return 929 * ENETDOWN, as opposed to ENOBUFS. 930 */ 931 h->protocol = htons(PPP_IPV6); 932 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 933 rv = ENETDOWN; 934 } 935 break; 936 #endif 937 #ifdef NS 938 case AF_NS: /* Xerox NS Protocol */ 939 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 940 ETHERTYPE_NS : PPP_XNS); 941 break; 942 #endif 943 #ifdef IPX 944 case AF_IPX: /* Novell IPX Protocol */ 945 h->protocol = htons (sp->pp_mode == IFF_CISCO ? 946 ETHERTYPE_IPX : PPP_IPX); 947 break; 948 #endif 949 default: 950 m_freem (m); 951 ++ifp->if_oerrors; 952 crit_exit(); 953 return (EAFNOSUPPORT); 954 } 955 956 /* 957 * Queue message on interface, and start output if interface 958 * not yet active. 959 */ 960 if (ifq != NULL) { 961 if (IF_QFULL(ifq)) { 962 IF_DROP(ifq); 963 m_freem(m); 964 rv = ENOBUFS; 965 ifq->ifq_drops++; 966 } else { 967 IF_ENQUEUE(ifq, m); 968 rv = 0; 969 } 970 } else { 971 lwkt_serialize_enter(ifp->if_serializer); 972 rv = ifq_enqueue(&ifp->if_snd, m, &pktattr); 973 lwkt_serialize_exit(ifp->if_serializer); 974 } 975 if (rv) { 976 ++ifp->if_oerrors; 977 crit_exit(); 978 return(rv); 979 } 980 if (! (ifp->if_flags & IFF_OACTIVE)) 981 (*ifp->if_start) (ifp); 982 983 /* 984 * Count output packets and bytes. 985 * The packet length includes header, FCS and 1 flag, 986 * according to RFC 1333. 987 */ 988 ifp->if_obytes += m->m_pkthdr.len + 3; 989 990 /* 991 * Unlike in sppp_input(), we can always bump the timestamp 992 * here since sppp_output() is only called on behalf of 993 * network-layer traffic; control-layer traffic is handled 994 * by sppp_cp_send(). 995 */ 996 sp->pp_last_sent = time_second; 997 998 crit_exit(); 999 return (0); 1000 } 1001 1002 void 1003 sppp_attach(struct ifnet *ifp) 1004 { 1005 struct sppp *sp = (struct sppp*) ifp; 1006 1007 /* Initialize keepalive handler. */ 1008 if (!spppq) { 1009 callout_reset(&keepalive_timeout, hz * 10, 1010 sppp_keepalive, NULL); 1011 } 1012 /* Insert new entry into the keepalive list. */ 1013 sp->pp_next = spppq; 1014 spppq = sp; 1015 1016 sp->pp_if.if_mtu = PP_MTU; 1017 sp->pp_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 1018 sp->pp_if.if_type = IFT_PPP; 1019 sp->pp_if.if_output = sppp_output; 1020 #if 0 1021 sp->pp_flags = PP_KEEPALIVE; 1022 #endif 1023 sp->pp_if.if_snd.ifq_maxlen = 32; 1024 sp->pp_fastq.ifq_maxlen = 32; 1025 sp->pp_cpq.ifq_maxlen = 20; 1026 sp->pp_loopcnt = 0; 1027 sp->pp_alivecnt = 0; 1028 bzero(&sp->pp_seq[0], sizeof(sp->pp_seq)); 1029 bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq)); 1030 sp->pp_phase = PHASE_DEAD; 1031 sp->pp_up = lcp.Up; 1032 sp->pp_down = lcp.Down; 1033 sp->pp_last_recv = sp->pp_last_sent = time_second; 1034 sp->confflags = 0; 1035 #ifdef INET 1036 sp->confflags |= CONF_ENABLE_VJ; 1037 #endif 1038 #ifdef INET6 1039 sp->confflags |= CONF_ENABLE_IPV6; 1040 #endif 1041 sp->pp_comp = malloc(sizeof(struct slcompress), M_TEMP, M_WAITOK); 1042 sl_compress_init(sp->pp_comp, -1); 1043 sppp_lcp_init(sp); 1044 sppp_ipcp_init(sp); 1045 sppp_ipv6cp_init(sp); 1046 sppp_pap_init(sp); 1047 sppp_chap_init(sp); 1048 } 1049 1050 void 1051 sppp_detach(struct ifnet *ifp) 1052 { 1053 struct sppp **q, *p, *sp = (struct sppp*) ifp; 1054 int i; 1055 1056 /* Remove the entry from the keepalive list. */ 1057 for (q = &spppq; (p = *q); q = &p->pp_next) 1058 if (p == sp) { 1059 *q = p->pp_next; 1060 break; 1061 } 1062 1063 /* Stop keepalive handler. */ 1064 if (!spppq) 1065 callout_stop(&keepalive_timeout); 1066 1067 for (i = 0; i < IDX_COUNT; i++) 1068 callout_stop(&sp->timeout[i]); 1069 callout_stop(&sp->pap_my_to); 1070 } 1071 1072 /* 1073 * Flush the interface output queue. 1074 */ 1075 void 1076 sppp_flush(struct ifnet *ifp) 1077 { 1078 struct sppp *sp = (struct sppp*) ifp; 1079 1080 ifq_purge(&sp->pp_if.if_snd); 1081 IF_DRAIN(&sp->pp_fastq); 1082 IF_DRAIN(&sp->pp_cpq); 1083 } 1084 1085 /* 1086 * Check if the output queue is empty. 1087 */ 1088 int 1089 sppp_isempty(struct ifnet *ifp) 1090 { 1091 struct sppp *sp = (struct sppp*) ifp; 1092 int empty; 1093 1094 crit_enter(); 1095 empty = IF_QEMPTY(&sp->pp_fastq) && IF_QEMPTY(&sp->pp_cpq) && 1096 ifq_is_empty(&sp->pp_if.if_snd); 1097 crit_exit(); 1098 return (empty); 1099 } 1100 1101 /* 1102 * Get next packet to send. 1103 */ 1104 struct mbuf * 1105 sppp_dequeue(struct ifnet *ifp) 1106 { 1107 struct sppp *sp = (struct sppp*) ifp; 1108 struct mbuf *m; 1109 1110 crit_enter(); 1111 1112 /* 1113 * Process only the control protocol queue until we have at 1114 * least one NCP open. 1115 * 1116 * Do always serve all three queues in Cisco mode. 1117 */ 1118 IF_DEQUEUE(&sp->pp_cpq, m); 1119 if (m == NULL && 1120 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO)) { 1121 IF_DEQUEUE(&sp->pp_fastq, m); 1122 if (m == NULL) 1123 m = ifq_dequeue(&sp->pp_if.if_snd, NULL); 1124 } 1125 1126 crit_exit(); 1127 return m; 1128 } 1129 1130 /* 1131 * Pick the next packet, do not remove it from the queue. 1132 */ 1133 struct mbuf * 1134 sppp_pick(struct ifnet *ifp) 1135 { 1136 struct sppp *sp = (struct sppp*)ifp; 1137 struct mbuf *m; 1138 1139 crit_enter(); 1140 1141 m = sp->pp_cpq.ifq_head; 1142 if (m == NULL && 1143 (sp->pp_phase == PHASE_NETWORK || sp->pp_mode == IFF_CISCO)) { 1144 if ((m = sp->pp_fastq.ifq_head) == NULL) 1145 m = ifq_poll(&sp->pp_if.if_snd); 1146 } 1147 1148 crit_exit(); 1149 return (m); 1150 } 1151 1152 /* 1153 * Process an ioctl request. Called on low priority level. 1154 */ 1155 int 1156 sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 1157 { 1158 struct ifreq *ifr = (struct ifreq*) data; 1159 struct sppp *sp = (struct sppp*) ifp; 1160 int rv, going_up, going_down, newmode; 1161 1162 crit_enter(); 1163 1164 rv = 0; 1165 switch (cmd) { 1166 case SIOCAIFADDR: 1167 case SIOCSIFDSTADDR: 1168 break; 1169 1170 case SIOCSIFADDR: 1171 /* set the interface "up" when assigning an IP address */ 1172 ifp->if_flags |= IFF_UP; 1173 /* fall through... */ 1174 1175 case SIOCSIFFLAGS: 1176 going_up = ifp->if_flags & IFF_UP && 1177 (ifp->if_flags & IFF_RUNNING) == 0; 1178 going_down = (ifp->if_flags & IFF_UP) == 0 && 1179 ifp->if_flags & IFF_RUNNING; 1180 1181 newmode = ifp->if_flags & IFF_PASSIVE; 1182 if (!newmode) 1183 newmode = ifp->if_flags & IFF_AUTO; 1184 if (!newmode) 1185 newmode = ifp->if_flags & IFF_CISCO; 1186 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 1187 ifp->if_flags |= newmode; 1188 1189 if (newmode != sp->pp_mode) { 1190 going_down = 1; 1191 if (!going_up) 1192 going_up = ifp->if_flags & IFF_RUNNING; 1193 } 1194 1195 if (going_down) { 1196 if (sp->pp_mode != IFF_CISCO) 1197 lcp.Close(sp); 1198 else if (sp->pp_tlf) 1199 (sp->pp_tlf)(sp); 1200 sppp_flush(ifp); 1201 ifp->if_flags &= ~IFF_RUNNING; 1202 sp->pp_mode = newmode; 1203 } 1204 1205 if (going_up) { 1206 if (sp->pp_mode != IFF_CISCO) 1207 lcp.Close(sp); 1208 sp->pp_mode = newmode; 1209 if (sp->pp_mode == 0) { 1210 ifp->if_flags |= IFF_RUNNING; 1211 lcp.Open(sp); 1212 } 1213 if (sp->pp_mode == IFF_CISCO) { 1214 if (sp->pp_tls) 1215 (sp->pp_tls)(sp); 1216 ifp->if_flags |= IFF_RUNNING; 1217 } 1218 } 1219 1220 break; 1221 1222 #ifdef SIOCSIFMTU 1223 #ifndef ifr_mtu 1224 #define ifr_mtu ifr_metric 1225 #endif 1226 case SIOCSIFMTU: 1227 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1228 return (EINVAL); 1229 ifp->if_mtu = ifr->ifr_mtu; 1230 break; 1231 #endif 1232 #ifdef SLIOCSETMTU 1233 case SLIOCSETMTU: 1234 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1235 return (EINVAL); 1236 ifp->if_mtu = *(short*)data; 1237 break; 1238 #endif 1239 #ifdef SIOCGIFMTU 1240 case SIOCGIFMTU: 1241 ifr->ifr_mtu = ifp->if_mtu; 1242 break; 1243 #endif 1244 #ifdef SLIOCGETMTU 1245 case SLIOCGETMTU: 1246 *(short*)data = ifp->if_mtu; 1247 break; 1248 #endif 1249 case SIOCADDMULTI: 1250 case SIOCDELMULTI: 1251 break; 1252 1253 case SIOCGIFGENERIC: 1254 case SIOCSIFGENERIC: 1255 rv = sppp_params(sp, cmd, data); 1256 break; 1257 1258 default: 1259 rv = ENOTTY; 1260 } 1261 1262 crit_exit(); 1263 return rv; 1264 } 1265 1266 /* 1267 * Cisco framing implementation. 1268 */ 1269 1270 /* 1271 * Handle incoming Cisco keepalive protocol packets. 1272 */ 1273 static void 1274 sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1275 { 1276 STDDCL; 1277 struct cisco_packet *h; 1278 u_long me, mymask; 1279 1280 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1281 if (debug) 1282 log(LOG_DEBUG, 1283 SPP_FMT "cisco invalid packet length: %d bytes\n", 1284 SPP_ARGS(ifp), m->m_pkthdr.len); 1285 return; 1286 } 1287 h = mtod (m, struct cisco_packet*); 1288 if (debug) 1289 log(LOG_DEBUG, 1290 SPP_FMT "cisco input: %d bytes " 1291 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1292 SPP_ARGS(ifp), m->m_pkthdr.len, 1293 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1294 (u_int)h->time0, (u_int)h->time1); 1295 switch (ntohl (h->type)) { 1296 default: 1297 if (debug) 1298 addlog(SPP_FMT "cisco unknown packet type: 0x%lx\n", 1299 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1300 break; 1301 case CISCO_ADDR_REPLY: 1302 /* Reply on address request, ignore */ 1303 break; 1304 case CISCO_KEEPALIVE_REQ: 1305 sp->pp_alivecnt = 0; 1306 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1307 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1308 /* Local and remote sequence numbers are equal. 1309 * Probably, the line is in loopback mode. */ 1310 if (sp->pp_loopcnt >= MAXALIVECNT) { 1311 printf (SPP_FMT "loopback\n", 1312 SPP_ARGS(ifp)); 1313 sp->pp_loopcnt = 0; 1314 if (ifp->if_flags & IFF_UP) { 1315 if_down (ifp); 1316 IF_DRAIN(&sp->pp_cpq); 1317 } 1318 } 1319 ++sp->pp_loopcnt; 1320 1321 /* Generate new local sequence number */ 1322 #if defined(__DragonFly__) 1323 sp->pp_seq[IDX_LCP] = random(); 1324 #else 1325 sp->pp_seq[IDX_LCP] ^= time.tv_sec ^ time.tv_usec; 1326 #endif 1327 break; 1328 } 1329 sp->pp_loopcnt = 0; 1330 if (! (ifp->if_flags & IFF_UP) && 1331 (ifp->if_flags & IFF_RUNNING)) { 1332 if_up(ifp); 1333 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1334 } 1335 break; 1336 case CISCO_ADDR_REQ: 1337 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1338 if (me != 0L) 1339 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1340 break; 1341 } 1342 } 1343 1344 /* 1345 * Send Cisco keepalive packet. 1346 */ 1347 static void 1348 sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1349 { 1350 STDDCL; 1351 struct ppp_header *h; 1352 struct cisco_packet *ch; 1353 struct mbuf *m; 1354 #if defined(__DragonFly__) 1355 struct timeval tv; 1356 #else 1357 u_long t = (time.tv_sec - boottime.tv_sec) * 1000; 1358 #endif 1359 1360 #if defined(__DragonFly__) 1361 getmicrouptime(&tv); 1362 #endif 1363 1364 MGETHDR (m, MB_DONTWAIT, MT_DATA); 1365 if (! m) 1366 return; 1367 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1368 m->m_pkthdr.rcvif = 0; 1369 1370 h = mtod (m, struct ppp_header*); 1371 h->address = CISCO_MULTICAST; 1372 h->control = 0; 1373 h->protocol = htons (CISCO_KEEPALIVE); 1374 1375 ch = (struct cisco_packet*) (h + 1); 1376 ch->type = htonl (type); 1377 ch->par1 = htonl (par1); 1378 ch->par2 = htonl (par2); 1379 ch->rel = -1; 1380 1381 #if defined(__DragonFly__) 1382 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1383 ch->time1 = htons ((u_short) tv.tv_sec); 1384 #else 1385 ch->time0 = htons ((u_short) (t >> 16)); 1386 ch->time1 = htons ((u_short) t); 1387 #endif 1388 1389 if (debug) 1390 log(LOG_DEBUG, 1391 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1392 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1393 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1394 1395 if (IF_QFULL (&sp->pp_cpq)) { 1396 IF_DROP (&sp->pp_fastq); 1397 IF_DROP (&ifp->if_snd); 1398 m_freem (m); 1399 } else 1400 IF_ENQUEUE (&sp->pp_cpq, m); 1401 if (! (ifp->if_flags & IFF_OACTIVE)) 1402 (*ifp->if_start) (ifp); 1403 ifp->if_obytes += m->m_pkthdr.len + 3; 1404 } 1405 1406 /* 1407 * PPP protocol implementation. 1408 */ 1409 1410 /* 1411 * Send PPP control protocol packet. 1412 */ 1413 static void 1414 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1415 u_char ident, u_short len, void *data) 1416 { 1417 STDDCL; 1418 struct ppp_header *h; 1419 struct lcp_header *lh; 1420 struct mbuf *m; 1421 1422 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1423 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1424 MGETHDR (m, MB_DONTWAIT, MT_DATA); 1425 if (! m) 1426 return; 1427 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1428 m->m_pkthdr.rcvif = 0; 1429 1430 h = mtod (m, struct ppp_header*); 1431 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1432 h->control = PPP_UI; /* Unnumbered Info */ 1433 h->protocol = htons (proto); /* Link Control Protocol */ 1434 1435 lh = (struct lcp_header*) (h + 1); 1436 lh->type = type; 1437 lh->ident = ident; 1438 lh->len = htons (LCP_HEADER_LEN + len); 1439 if (len) 1440 bcopy (data, lh+1, len); 1441 1442 if (debug) { 1443 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1444 SPP_ARGS(ifp), 1445 sppp_proto_name(proto), 1446 sppp_cp_type_name (lh->type), lh->ident, 1447 ntohs (lh->len)); 1448 sppp_print_bytes ((u_char*) (lh+1), len); 1449 addlog(">\n"); 1450 } 1451 if (IF_QFULL (&sp->pp_cpq)) { 1452 IF_DROP (&sp->pp_fastq); 1453 IF_DROP (&ifp->if_snd); 1454 m_freem (m); 1455 ++ifp->if_oerrors; 1456 } else 1457 IF_ENQUEUE (&sp->pp_cpq, m); 1458 if (! (ifp->if_flags & IFF_OACTIVE)) 1459 (*ifp->if_start) (ifp); 1460 ifp->if_obytes += m->m_pkthdr.len + 3; 1461 } 1462 1463 /* 1464 * Handle incoming PPP control protocol packets. 1465 */ 1466 static void 1467 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1468 { 1469 STDDCL; 1470 struct lcp_header *h; 1471 int len = m->m_pkthdr.len; 1472 int rv; 1473 u_char *p; 1474 1475 if (len < 4) { 1476 if (debug) 1477 log(LOG_DEBUG, 1478 SPP_FMT "%s invalid packet length: %d bytes\n", 1479 SPP_ARGS(ifp), cp->name, len); 1480 return; 1481 } 1482 h = mtod (m, struct lcp_header*); 1483 if (debug) { 1484 log(LOG_DEBUG, 1485 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1486 SPP_ARGS(ifp), cp->name, 1487 sppp_state_name(sp->state[cp->protoidx]), 1488 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1489 sppp_print_bytes ((u_char*) (h+1), len-4); 1490 addlog(">\n"); 1491 } 1492 if (len > ntohs (h->len)) 1493 len = ntohs (h->len); 1494 p = (u_char *)(h + 1); 1495 switch (h->type) { 1496 case CONF_REQ: 1497 if (len < 4) { 1498 if (debug) 1499 addlog(SPP_FMT "%s invalid conf-req length %d\n", 1500 SPP_ARGS(ifp), cp->name, 1501 len); 1502 ++ifp->if_ierrors; 1503 break; 1504 } 1505 /* handle states where RCR doesn't get a SCA/SCN */ 1506 switch (sp->state[cp->protoidx]) { 1507 case STATE_CLOSING: 1508 case STATE_STOPPING: 1509 return; 1510 case STATE_CLOSED: 1511 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1512 0, 0); 1513 return; 1514 } 1515 rv = (cp->RCR)(sp, h, len); 1516 switch (sp->state[cp->protoidx]) { 1517 case STATE_OPENED: 1518 (cp->tld)(sp); 1519 (cp->scr)(sp); 1520 /* fall through... */ 1521 case STATE_ACK_SENT: 1522 case STATE_REQ_SENT: 1523 /* 1524 * sppp_cp_change_state() have the side effect of 1525 * restarting the timeouts. We want to avoid that 1526 * if the state don't change, otherwise we won't 1527 * ever timeout and resend a configuration request 1528 * that got lost. 1529 */ 1530 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT: 1531 STATE_REQ_SENT)) 1532 break; 1533 sppp_cp_change_state(cp, sp, rv? 1534 STATE_ACK_SENT: STATE_REQ_SENT); 1535 break; 1536 case STATE_STOPPED: 1537 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1538 (cp->scr)(sp); 1539 sppp_cp_change_state(cp, sp, rv? 1540 STATE_ACK_SENT: STATE_REQ_SENT); 1541 break; 1542 case STATE_ACK_RCVD: 1543 if (rv) { 1544 sppp_cp_change_state(cp, sp, STATE_OPENED); 1545 if (debug) 1546 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1547 SPP_ARGS(ifp), 1548 cp->name); 1549 (cp->tlu)(sp); 1550 } else 1551 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1552 break; 1553 default: 1554 printf(SPP_FMT "%s illegal %s in state %s\n", 1555 SPP_ARGS(ifp), cp->name, 1556 sppp_cp_type_name(h->type), 1557 sppp_state_name(sp->state[cp->protoidx])); 1558 ++ifp->if_ierrors; 1559 } 1560 break; 1561 case CONF_ACK: 1562 if (h->ident != sp->confid[cp->protoidx]) { 1563 if (debug) 1564 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1565 SPP_ARGS(ifp), cp->name, 1566 h->ident, sp->confid[cp->protoidx]); 1567 ++ifp->if_ierrors; 1568 break; 1569 } 1570 switch (sp->state[cp->protoidx]) { 1571 case STATE_CLOSED: 1572 case STATE_STOPPED: 1573 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1574 break; 1575 case STATE_CLOSING: 1576 case STATE_STOPPING: 1577 break; 1578 case STATE_REQ_SENT: 1579 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1580 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1581 break; 1582 case STATE_OPENED: 1583 (cp->tld)(sp); 1584 /* fall through */ 1585 case STATE_ACK_RCVD: 1586 (cp->scr)(sp); 1587 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1588 break; 1589 case STATE_ACK_SENT: 1590 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1591 sppp_cp_change_state(cp, sp, STATE_OPENED); 1592 if (debug) 1593 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1594 SPP_ARGS(ifp), cp->name); 1595 (cp->tlu)(sp); 1596 break; 1597 default: 1598 printf(SPP_FMT "%s illegal %s in state %s\n", 1599 SPP_ARGS(ifp), cp->name, 1600 sppp_cp_type_name(h->type), 1601 sppp_state_name(sp->state[cp->protoidx])); 1602 ++ifp->if_ierrors; 1603 } 1604 break; 1605 case CONF_NAK: 1606 case CONF_REJ: 1607 if (h->ident != sp->confid[cp->protoidx]) { 1608 if (debug) 1609 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1610 SPP_ARGS(ifp), cp->name, 1611 h->ident, sp->confid[cp->protoidx]); 1612 ++ifp->if_ierrors; 1613 break; 1614 } 1615 if (h->type == CONF_NAK) 1616 (cp->RCN_nak)(sp, h, len); 1617 else /* CONF_REJ */ 1618 (cp->RCN_rej)(sp, h, len); 1619 1620 switch (sp->state[cp->protoidx]) { 1621 case STATE_CLOSED: 1622 case STATE_STOPPED: 1623 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1624 break; 1625 case STATE_REQ_SENT: 1626 case STATE_ACK_SENT: 1627 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1628 /* 1629 * Slow things down a bit if we think we might be 1630 * in loopback. Depend on the timeout to send the 1631 * next configuration request. 1632 */ 1633 if (sp->pp_loopcnt) 1634 break; 1635 (cp->scr)(sp); 1636 break; 1637 case STATE_OPENED: 1638 (cp->tld)(sp); 1639 /* fall through */ 1640 case STATE_ACK_RCVD: 1641 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1642 (cp->scr)(sp); 1643 break; 1644 case STATE_CLOSING: 1645 case STATE_STOPPING: 1646 break; 1647 default: 1648 printf(SPP_FMT "%s illegal %s in state %s\n", 1649 SPP_ARGS(ifp), cp->name, 1650 sppp_cp_type_name(h->type), 1651 sppp_state_name(sp->state[cp->protoidx])); 1652 ++ifp->if_ierrors; 1653 } 1654 break; 1655 1656 case TERM_REQ: 1657 switch (sp->state[cp->protoidx]) { 1658 case STATE_ACK_RCVD: 1659 case STATE_ACK_SENT: 1660 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1661 /* fall through */ 1662 case STATE_CLOSED: 1663 case STATE_STOPPED: 1664 case STATE_CLOSING: 1665 case STATE_STOPPING: 1666 case STATE_REQ_SENT: 1667 sta: 1668 /* Send Terminate-Ack packet. */ 1669 if (debug) 1670 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1671 SPP_ARGS(ifp), cp->name); 1672 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1673 break; 1674 case STATE_OPENED: 1675 (cp->tld)(sp); 1676 sp->rst_counter[cp->protoidx] = 0; 1677 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1678 goto sta; 1679 break; 1680 default: 1681 printf(SPP_FMT "%s illegal %s in state %s\n", 1682 SPP_ARGS(ifp), cp->name, 1683 sppp_cp_type_name(h->type), 1684 sppp_state_name(sp->state[cp->protoidx])); 1685 ++ifp->if_ierrors; 1686 } 1687 break; 1688 case TERM_ACK: 1689 switch (sp->state[cp->protoidx]) { 1690 case STATE_CLOSED: 1691 case STATE_STOPPED: 1692 case STATE_REQ_SENT: 1693 case STATE_ACK_SENT: 1694 break; 1695 case STATE_CLOSING: 1696 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1697 (cp->tlf)(sp); 1698 break; 1699 case STATE_STOPPING: 1700 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1701 (cp->tlf)(sp); 1702 break; 1703 case STATE_ACK_RCVD: 1704 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1705 break; 1706 case STATE_OPENED: 1707 (cp->tld)(sp); 1708 (cp->scr)(sp); 1709 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1710 break; 1711 default: 1712 printf(SPP_FMT "%s illegal %s in state %s\n", 1713 SPP_ARGS(ifp), cp->name, 1714 sppp_cp_type_name(h->type), 1715 sppp_state_name(sp->state[cp->protoidx])); 1716 ++ifp->if_ierrors; 1717 } 1718 break; 1719 case CODE_REJ: 1720 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1721 log(LOG_INFO, 1722 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1723 "danger will robinson\n", 1724 SPP_ARGS(ifp), cp->name, 1725 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1726 switch (sp->state[cp->protoidx]) { 1727 case STATE_CLOSED: 1728 case STATE_STOPPED: 1729 case STATE_REQ_SENT: 1730 case STATE_ACK_SENT: 1731 case STATE_CLOSING: 1732 case STATE_STOPPING: 1733 case STATE_OPENED: 1734 break; 1735 case STATE_ACK_RCVD: 1736 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1737 break; 1738 default: 1739 printf(SPP_FMT "%s illegal %s in state %s\n", 1740 SPP_ARGS(ifp), cp->name, 1741 sppp_cp_type_name(h->type), 1742 sppp_state_name(sp->state[cp->protoidx])); 1743 ++ifp->if_ierrors; 1744 } 1745 break; 1746 case PROTO_REJ: 1747 { 1748 int catastrophic; 1749 const struct cp *upper; 1750 int i; 1751 u_int16_t proto; 1752 1753 catastrophic = 0; 1754 upper = NULL; 1755 proto = ntohs(*((u_int16_t *)p)); 1756 for (i = 0; i < IDX_COUNT; i++) { 1757 if (cps[i]->proto == proto) { 1758 upper = cps[i]; 1759 break; 1760 } 1761 } 1762 if (upper == NULL) 1763 catastrophic++; 1764 1765 if (catastrophic || debug) 1766 log(catastrophic? LOG_INFO: LOG_DEBUG, 1767 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1768 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1769 sppp_cp_type_name(h->type), proto, 1770 upper ? upper->name : "unknown", 1771 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1772 1773 /* 1774 * if we got RXJ+ against conf-req, the peer does not implement 1775 * this particular protocol type. terminate the protocol. 1776 */ 1777 if (upper && !catastrophic) { 1778 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1779 upper->Close(sp); 1780 break; 1781 } 1782 } 1783 1784 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1785 switch (sp->state[cp->protoidx]) { 1786 case STATE_CLOSED: 1787 case STATE_STOPPED: 1788 case STATE_REQ_SENT: 1789 case STATE_ACK_SENT: 1790 case STATE_CLOSING: 1791 case STATE_STOPPING: 1792 case STATE_OPENED: 1793 break; 1794 case STATE_ACK_RCVD: 1795 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1796 break; 1797 default: 1798 printf(SPP_FMT "%s illegal %s in state %s\n", 1799 SPP_ARGS(ifp), cp->name, 1800 sppp_cp_type_name(h->type), 1801 sppp_state_name(sp->state[cp->protoidx])); 1802 ++ifp->if_ierrors; 1803 } 1804 break; 1805 } 1806 case DISC_REQ: 1807 if (cp->proto != PPP_LCP) 1808 goto illegal; 1809 /* Discard the packet. */ 1810 break; 1811 case ECHO_REQ: 1812 if (cp->proto != PPP_LCP) 1813 goto illegal; 1814 if (sp->state[cp->protoidx] != STATE_OPENED) { 1815 if (debug) 1816 addlog(SPP_FMT "lcp echo req but lcp closed\n", 1817 SPP_ARGS(ifp)); 1818 ++ifp->if_ierrors; 1819 break; 1820 } 1821 if (len < 8) { 1822 if (debug) 1823 addlog(SPP_FMT "invalid lcp echo request " 1824 "packet length: %d bytes\n", 1825 SPP_ARGS(ifp), len); 1826 break; 1827 } 1828 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1829 ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1830 /* Line loopback mode detected. */ 1831 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1832 sp->pp_loopcnt = MAXALIVECNT * 5; 1833 if_down (ifp); 1834 IF_DRAIN(&sp->pp_cpq); 1835 1836 /* Shut down the PPP link. */ 1837 /* XXX */ 1838 lcp.Down(sp); 1839 lcp.Up(sp); 1840 break; 1841 } 1842 *(long*)(h+1) = htonl (sp->lcp.magic); 1843 if (debug) 1844 addlog(SPP_FMT "got lcp echo req, sending echo rep\n", 1845 SPP_ARGS(ifp)); 1846 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1847 break; 1848 case ECHO_REPLY: 1849 if (cp->proto != PPP_LCP) 1850 goto illegal; 1851 if (h->ident != sp->lcp.echoid) { 1852 ++ifp->if_ierrors; 1853 break; 1854 } 1855 if (len < 8) { 1856 if (debug) 1857 addlog(SPP_FMT "lcp invalid echo reply " 1858 "packet length: %d bytes\n", 1859 SPP_ARGS(ifp), len); 1860 break; 1861 } 1862 if (debug) 1863 addlog(SPP_FMT "lcp got echo rep\n", 1864 SPP_ARGS(ifp)); 1865 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1866 ntohl (*(long*)(h+1)) != sp->lcp.magic) 1867 sp->pp_alivecnt = 0; 1868 break; 1869 default: 1870 /* Unknown packet type -- send Code-Reject packet. */ 1871 illegal: 1872 if (debug) 1873 addlog(SPP_FMT "%s send code-rej for 0x%x\n", 1874 SPP_ARGS(ifp), cp->name, h->type); 1875 sppp_cp_send(sp, cp->proto, CODE_REJ, 1876 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1877 ++ifp->if_ierrors; 1878 } 1879 } 1880 1881 1882 /* 1883 * The generic part of all Up/Down/Open/Close/TO event handlers. 1884 * Basically, the state transition handling in the automaton. 1885 */ 1886 static void 1887 sppp_up_event(const struct cp *cp, struct sppp *sp) 1888 { 1889 STDDCL; 1890 1891 if (debug) 1892 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1893 SPP_ARGS(ifp), cp->name, 1894 sppp_state_name(sp->state[cp->protoidx])); 1895 1896 switch (sp->state[cp->protoidx]) { 1897 case STATE_INITIAL: 1898 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1899 break; 1900 case STATE_STARTING: 1901 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1902 (cp->scr)(sp); 1903 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1904 break; 1905 default: 1906 printf(SPP_FMT "%s illegal up in state %s\n", 1907 SPP_ARGS(ifp), cp->name, 1908 sppp_state_name(sp->state[cp->protoidx])); 1909 } 1910 } 1911 1912 static void 1913 sppp_down_event(const struct cp *cp, struct sppp *sp) 1914 { 1915 STDDCL; 1916 1917 if (debug) 1918 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1919 SPP_ARGS(ifp), cp->name, 1920 sppp_state_name(sp->state[cp->protoidx])); 1921 1922 switch (sp->state[cp->protoidx]) { 1923 case STATE_CLOSED: 1924 case STATE_CLOSING: 1925 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1926 break; 1927 case STATE_STOPPED: 1928 sppp_cp_change_state(cp, sp, STATE_STARTING); 1929 (cp->tls)(sp); 1930 break; 1931 case STATE_STOPPING: 1932 case STATE_REQ_SENT: 1933 case STATE_ACK_RCVD: 1934 case STATE_ACK_SENT: 1935 sppp_cp_change_state(cp, sp, STATE_STARTING); 1936 break; 1937 case STATE_OPENED: 1938 (cp->tld)(sp); 1939 sppp_cp_change_state(cp, sp, STATE_STARTING); 1940 break; 1941 default: 1942 printf(SPP_FMT "%s illegal down in state %s\n", 1943 SPP_ARGS(ifp), cp->name, 1944 sppp_state_name(sp->state[cp->protoidx])); 1945 } 1946 } 1947 1948 1949 static void 1950 sppp_open_event(const struct cp *cp, struct sppp *sp) 1951 { 1952 STDDCL; 1953 1954 if (debug) 1955 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1956 SPP_ARGS(ifp), cp->name, 1957 sppp_state_name(sp->state[cp->protoidx])); 1958 1959 switch (sp->state[cp->protoidx]) { 1960 case STATE_INITIAL: 1961 sppp_cp_change_state(cp, sp, STATE_STARTING); 1962 (cp->tls)(sp); 1963 break; 1964 case STATE_STARTING: 1965 break; 1966 case STATE_CLOSED: 1967 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1968 (cp->scr)(sp); 1969 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1970 break; 1971 case STATE_STOPPED: 1972 /* 1973 * Try escaping stopped state. This seems to bite 1974 * people occasionally, in particular for IPCP, 1975 * presumably following previous IPCP negotiation 1976 * aborts. Somehow, we must have missed a Down event 1977 * which would have caused a transition into starting 1978 * state, so as a bandaid we force the Down event now. 1979 * This effectively implements (something like the) 1980 * `restart' option mentioned in the state transition 1981 * table of RFC 1661. 1982 */ 1983 sppp_cp_change_state(cp, sp, STATE_STARTING); 1984 (cp->tls)(sp); 1985 break; 1986 case STATE_STOPPING: 1987 case STATE_REQ_SENT: 1988 case STATE_ACK_RCVD: 1989 case STATE_ACK_SENT: 1990 case STATE_OPENED: 1991 break; 1992 case STATE_CLOSING: 1993 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1994 break; 1995 } 1996 } 1997 1998 1999 static void 2000 sppp_close_event(const struct cp *cp, struct sppp *sp) 2001 { 2002 STDDCL; 2003 2004 if (debug) 2005 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 2006 SPP_ARGS(ifp), cp->name, 2007 sppp_state_name(sp->state[cp->protoidx])); 2008 2009 switch (sp->state[cp->protoidx]) { 2010 case STATE_INITIAL: 2011 case STATE_CLOSED: 2012 case STATE_CLOSING: 2013 break; 2014 case STATE_STARTING: 2015 sppp_cp_change_state(cp, sp, STATE_INITIAL); 2016 (cp->tlf)(sp); 2017 break; 2018 case STATE_STOPPED: 2019 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2020 break; 2021 case STATE_STOPPING: 2022 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2023 break; 2024 case STATE_OPENED: 2025 (cp->tld)(sp); 2026 /* fall through */ 2027 case STATE_REQ_SENT: 2028 case STATE_ACK_RCVD: 2029 case STATE_ACK_SENT: 2030 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 2031 sppp_cp_send(sp, cp->proto, TERM_REQ, 2032 ++sp->pp_seq[cp->protoidx], 0, 0); 2033 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2034 break; 2035 } 2036 } 2037 2038 static void 2039 sppp_to_event(const struct cp *cp, struct sppp *sp) 2040 { 2041 STDDCL; 2042 2043 crit_enter(); 2044 2045 if (debug) 2046 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 2047 SPP_ARGS(ifp), cp->name, 2048 sppp_state_name(sp->state[cp->protoidx]), 2049 sp->rst_counter[cp->protoidx]); 2050 2051 if (--sp->rst_counter[cp->protoidx] < 0) 2052 /* TO- event */ 2053 switch (sp->state[cp->protoidx]) { 2054 case STATE_CLOSING: 2055 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2056 (cp->tlf)(sp); 2057 break; 2058 case STATE_STOPPING: 2059 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2060 (cp->tlf)(sp); 2061 break; 2062 case STATE_REQ_SENT: 2063 case STATE_ACK_RCVD: 2064 case STATE_ACK_SENT: 2065 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2066 (cp->tlf)(sp); 2067 break; 2068 } 2069 else 2070 /* TO+ event */ 2071 switch (sp->state[cp->protoidx]) { 2072 case STATE_CLOSING: 2073 case STATE_STOPPING: 2074 sppp_cp_send(sp, cp->proto, TERM_REQ, 2075 ++sp->pp_seq[cp->protoidx], 0, 0); 2076 callout_reset(&sp->timeout[cp->protoidx], 2077 sp->lcp.timeout, cp->TO, sp); 2078 break; 2079 case STATE_REQ_SENT: 2080 case STATE_ACK_RCVD: 2081 (cp->scr)(sp); 2082 /* sppp_cp_change_state() will restart the timer */ 2083 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2084 break; 2085 case STATE_ACK_SENT: 2086 (cp->scr)(sp); 2087 callout_reset(&sp->timeout[cp->protoidx], 2088 sp->lcp.timeout, cp->TO, sp); 2089 break; 2090 } 2091 2092 crit_exit(); 2093 } 2094 2095 /* 2096 * Change the state of a control protocol in the state automaton. 2097 * Takes care of starting/stopping the restart timer. 2098 */ 2099 void 2100 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2101 { 2102 sp->state[cp->protoidx] = newstate; 2103 callout_stop(&sp->timeout[cp->protoidx]); 2104 2105 switch (newstate) { 2106 case STATE_INITIAL: 2107 case STATE_STARTING: 2108 case STATE_CLOSED: 2109 case STATE_STOPPED: 2110 case STATE_OPENED: 2111 break; 2112 case STATE_CLOSING: 2113 case STATE_STOPPING: 2114 case STATE_REQ_SENT: 2115 case STATE_ACK_RCVD: 2116 case STATE_ACK_SENT: 2117 callout_reset(&sp->timeout[cp->protoidx], 2118 sp->lcp.timeout, cp->TO, sp); 2119 break; 2120 } 2121 } 2122 2123 /* 2124 *--------------------------------------------------------------------------* 2125 * * 2126 * The LCP implementation. * 2127 * * 2128 *--------------------------------------------------------------------------* 2129 */ 2130 static void 2131 sppp_lcp_init(struct sppp *sp) 2132 { 2133 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2134 sp->lcp.magic = 0; 2135 sp->state[IDX_LCP] = STATE_INITIAL; 2136 sp->fail_counter[IDX_LCP] = 0; 2137 sp->pp_seq[IDX_LCP] = 0; 2138 sp->pp_rseq[IDX_LCP] = 0; 2139 sp->lcp.protos = 0; 2140 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2141 2142 /* Note that these values are relevant for all control protocols */ 2143 sp->lcp.timeout = 3 * hz; 2144 sp->lcp.max_terminate = 2; 2145 sp->lcp.max_configure = 10; 2146 sp->lcp.max_failure = 10; 2147 #if defined(__DragonFly__) 2148 callout_init(&sp->timeout[IDX_LCP]); 2149 #endif 2150 } 2151 2152 static void 2153 sppp_lcp_up(struct sppp *sp) 2154 { 2155 STDDCL; 2156 2157 sp->pp_alivecnt = 0; 2158 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2159 sp->lcp.magic = 0; 2160 sp->lcp.protos = 0; 2161 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2162 /* 2163 * If this interface is passive or dial-on-demand, and we are 2164 * still in Initial state, it means we've got an incoming 2165 * call. Activate the interface. 2166 */ 2167 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2168 if (debug) 2169 log(LOG_DEBUG, 2170 SPP_FMT "Up event", SPP_ARGS(ifp)); 2171 ifp->if_flags |= IFF_RUNNING; 2172 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2173 if (debug) 2174 addlog("(incoming call)\n"); 2175 sp->pp_flags |= PP_CALLIN; 2176 lcp.Open(sp); 2177 } else if (debug) 2178 addlog("\n"); 2179 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2180 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2181 ifp->if_flags |= IFF_RUNNING; 2182 lcp.Open(sp); 2183 } 2184 2185 sppp_up_event(&lcp, sp); 2186 } 2187 2188 static void 2189 sppp_lcp_down(struct sppp *sp) 2190 { 2191 STDDCL; 2192 2193 sppp_down_event(&lcp, sp); 2194 2195 /* 2196 * If this is neither a dial-on-demand nor a passive 2197 * interface, simulate an ``ifconfig down'' action, so the 2198 * administrator can force a redial by another ``ifconfig 2199 * up''. XXX For leased line operation, should we immediately 2200 * try to reopen the connection here? 2201 */ 2202 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2203 log(LOG_INFO, 2204 SPP_FMT "Down event, taking interface down.\n", 2205 SPP_ARGS(ifp)); 2206 if_down(ifp); 2207 } else { 2208 if (debug) 2209 log(LOG_DEBUG, 2210 SPP_FMT "Down event (carrier loss)\n", 2211 SPP_ARGS(ifp)); 2212 sp->pp_flags &= ~PP_CALLIN; 2213 if (sp->state[IDX_LCP] != STATE_INITIAL) 2214 lcp.Close(sp); 2215 ifp->if_flags &= ~IFF_RUNNING; 2216 } 2217 } 2218 2219 static void 2220 sppp_lcp_open(struct sppp *sp) 2221 { 2222 /* 2223 * If we are authenticator, negotiate LCP_AUTH 2224 */ 2225 if (sp->hisauth.proto != 0) 2226 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2227 else 2228 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2229 sp->pp_flags &= ~PP_NEEDAUTH; 2230 sppp_open_event(&lcp, sp); 2231 } 2232 2233 static void 2234 sppp_lcp_close(struct sppp *sp) 2235 { 2236 sppp_close_event(&lcp, sp); 2237 } 2238 2239 static void 2240 sppp_lcp_TO(void *cookie) 2241 { 2242 sppp_to_event(&lcp, (struct sppp *)cookie); 2243 } 2244 2245 /* 2246 * Analyze a configure request. Return true if it was agreeable, and 2247 * caused action sca, false if it has been rejected or nak'ed, and 2248 * caused action scn. (The return value is used to make the state 2249 * transition decision in the state automaton.) 2250 */ 2251 static int 2252 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2253 { 2254 STDDCL; 2255 u_char *buf, *r, *p; 2256 int origlen, rlen; 2257 u_long nmagic; 2258 u_short authproto; 2259 2260 len -= 4; 2261 origlen = len; 2262 buf = r = malloc (len, M_TEMP, M_INTWAIT); 2263 2264 if (debug) 2265 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 2266 SPP_ARGS(ifp)); 2267 2268 /* pass 1: check for things that need to be rejected */ 2269 p = (void*) (h+1); 2270 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2271 if (debug) 2272 addlog(" %s ", sppp_lcp_opt_name(*p)); 2273 switch (*p) { 2274 case LCP_OPT_MAGIC: 2275 /* Magic number. */ 2276 if (len >= 6 && p[1] == 6) 2277 continue; 2278 if (debug) 2279 addlog("[invalid] "); 2280 break; 2281 case LCP_OPT_ASYNC_MAP: 2282 /* Async control character map. */ 2283 if (len >= 6 && p[1] == 6) 2284 continue; 2285 if (debug) 2286 addlog("[invalid] "); 2287 break; 2288 case LCP_OPT_MRU: 2289 /* Maximum receive unit. */ 2290 if (len >= 4 && p[1] == 4) 2291 continue; 2292 if (debug) 2293 addlog("[invalid] "); 2294 break; 2295 case LCP_OPT_AUTH_PROTO: 2296 if (len < 4) { 2297 if (debug) 2298 addlog("[invalid] "); 2299 break; 2300 } 2301 authproto = (p[2] << 8) + p[3]; 2302 if (authproto == PPP_CHAP && p[1] != 5) { 2303 if (debug) 2304 addlog("[invalid chap len] "); 2305 break; 2306 } 2307 if (sp->myauth.proto == 0) { 2308 /* we are not configured to do auth */ 2309 if (debug) 2310 addlog("[not configured] "); 2311 break; 2312 } 2313 /* 2314 * Remote want us to authenticate, remember this, 2315 * so we stay in PHASE_AUTHENTICATE after LCP got 2316 * up. 2317 */ 2318 sp->pp_flags |= PP_NEEDAUTH; 2319 continue; 2320 default: 2321 /* Others not supported. */ 2322 if (debug) 2323 addlog("[rej] "); 2324 break; 2325 } 2326 /* Add the option to rejected list. */ 2327 bcopy (p, r, p[1]); 2328 r += p[1]; 2329 rlen += p[1]; 2330 } 2331 if (rlen) { 2332 if (debug) 2333 addlog(" send conf-rej\n"); 2334 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2335 return 0; 2336 } else if (debug) 2337 addlog("\n"); 2338 2339 /* 2340 * pass 2: check for option values that are unacceptable and 2341 * thus require to be nak'ed. 2342 */ 2343 if (debug) 2344 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2345 SPP_ARGS(ifp)); 2346 2347 p = (void*) (h+1); 2348 len = origlen; 2349 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2350 if (debug) 2351 addlog(" %s ", sppp_lcp_opt_name(*p)); 2352 switch (*p) { 2353 case LCP_OPT_MAGIC: 2354 /* Magic number -- extract. */ 2355 nmagic = (u_long)p[2] << 24 | 2356 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2357 if (nmagic != sp->lcp.magic) { 2358 sp->pp_loopcnt = 0; 2359 if (debug) 2360 addlog("0x%lx ", nmagic); 2361 continue; 2362 } 2363 if (debug && sp->pp_loopcnt < MAXALIVECNT*5) 2364 addlog("[glitch] "); 2365 ++sp->pp_loopcnt; 2366 /* 2367 * We negate our magic here, and NAK it. If 2368 * we see it later in an NAK packet, we 2369 * suggest a new one. 2370 */ 2371 nmagic = ~sp->lcp.magic; 2372 /* Gonna NAK it. */ 2373 p[2] = nmagic >> 24; 2374 p[3] = nmagic >> 16; 2375 p[4] = nmagic >> 8; 2376 p[5] = nmagic; 2377 break; 2378 2379 case LCP_OPT_ASYNC_MAP: 2380 /* 2381 * Async control character map -- just ignore it. 2382 * 2383 * Quote from RFC 1662, chapter 6: 2384 * To enable this functionality, synchronous PPP 2385 * implementations MUST always respond to the 2386 * Async-Control-Character-Map Configuration 2387 * Option with the LCP Configure-Ack. However, 2388 * acceptance of the Configuration Option does 2389 * not imply that the synchronous implementation 2390 * will do any ACCM mapping. Instead, all such 2391 * octet mapping will be performed by the 2392 * asynchronous-to-synchronous converter. 2393 */ 2394 continue; 2395 2396 case LCP_OPT_MRU: 2397 /* 2398 * Maximum receive unit. Always agreeable, 2399 * but ignored by now. 2400 */ 2401 sp->lcp.their_mru = p[2] * 256 + p[3]; 2402 if (debug) 2403 addlog("%lu ", sp->lcp.their_mru); 2404 continue; 2405 2406 case LCP_OPT_AUTH_PROTO: 2407 authproto = (p[2] << 8) + p[3]; 2408 if (sp->myauth.proto != authproto) { 2409 /* not agreed, nak */ 2410 if (debug) 2411 addlog("[mine %s != his %s] ", 2412 sppp_proto_name(sp->hisauth.proto), 2413 sppp_proto_name(authproto)); 2414 p[2] = sp->myauth.proto >> 8; 2415 p[3] = sp->myauth.proto; 2416 break; 2417 } 2418 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2419 if (debug) 2420 addlog("[chap not MD5] "); 2421 p[4] = CHAP_MD5; 2422 break; 2423 } 2424 continue; 2425 } 2426 /* Add the option to nak'ed list. */ 2427 bcopy (p, r, p[1]); 2428 r += p[1]; 2429 rlen += p[1]; 2430 } 2431 if (rlen) { 2432 /* 2433 * Local and remote magics equal -- loopback? 2434 */ 2435 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2436 if (sp->pp_loopcnt == MAXALIVECNT*5) 2437 printf (SPP_FMT "loopback\n", 2438 SPP_ARGS(ifp)); 2439 if (ifp->if_flags & IFF_UP) { 2440 if_down(ifp); 2441 IF_DRAIN(&sp->pp_cpq); 2442 /* XXX ? */ 2443 lcp.Down(sp); 2444 lcp.Up(sp); 2445 } 2446 } else if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2447 if (debug) 2448 addlog(" max_failure (%d) exceeded, " 2449 "send conf-rej\n", 2450 sp->lcp.max_failure); 2451 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2452 } else { 2453 if (debug) 2454 addlog(" send conf-nak\n"); 2455 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2456 } 2457 } else { 2458 if (debug) 2459 addlog(" send conf-ack\n"); 2460 sp->fail_counter[IDX_LCP] = 0; 2461 sp->pp_loopcnt = 0; 2462 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2463 h->ident, origlen, h+1); 2464 } 2465 2466 free (buf, M_TEMP); 2467 return (rlen == 0); 2468 } 2469 2470 /* 2471 * Analyze the LCP Configure-Reject option list, and adjust our 2472 * negotiation. 2473 */ 2474 static void 2475 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2476 { 2477 STDDCL; 2478 u_char *buf, *p; 2479 2480 len -= 4; 2481 buf = malloc (len, M_TEMP, M_INTWAIT); 2482 2483 if (debug) 2484 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2485 SPP_ARGS(ifp)); 2486 2487 p = (void*) (h+1); 2488 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2489 if (debug) 2490 addlog(" %s ", sppp_lcp_opt_name(*p)); 2491 switch (*p) { 2492 case LCP_OPT_MAGIC: 2493 /* Magic number -- can't use it, use 0 */ 2494 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2495 sp->lcp.magic = 0; 2496 break; 2497 case LCP_OPT_MRU: 2498 /* 2499 * Should not be rejected anyway, since we only 2500 * negotiate a MRU if explicitly requested by 2501 * peer. 2502 */ 2503 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2504 break; 2505 case LCP_OPT_AUTH_PROTO: 2506 /* 2507 * Peer doesn't want to authenticate himself, 2508 * deny unless this is a dialout call, and 2509 * AUTHFLAG_NOCALLOUT is set. 2510 */ 2511 if ((sp->pp_flags & PP_CALLIN) == 0 && 2512 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2513 if (debug) 2514 addlog("[don't insist on auth " 2515 "for callout]"); 2516 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2517 break; 2518 } 2519 if (debug) 2520 addlog("[access denied]\n"); 2521 lcp.Close(sp); 2522 break; 2523 } 2524 } 2525 if (debug) 2526 addlog("\n"); 2527 free (buf, M_TEMP); 2528 return; 2529 } 2530 2531 /* 2532 * Analyze the LCP Configure-NAK option list, and adjust our 2533 * negotiation. 2534 */ 2535 static void 2536 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2537 { 2538 STDDCL; 2539 u_char *buf, *p; 2540 u_long magic; 2541 2542 len -= 4; 2543 buf = malloc (len, M_TEMP, M_INTWAIT); 2544 2545 if (debug) 2546 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2547 SPP_ARGS(ifp)); 2548 2549 p = (void*) (h+1); 2550 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2551 if (debug) 2552 addlog(" %s ", sppp_lcp_opt_name(*p)); 2553 switch (*p) { 2554 case LCP_OPT_MAGIC: 2555 /* Magic number -- renegotiate */ 2556 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2557 len >= 6 && p[1] == 6) { 2558 magic = (u_long)p[2] << 24 | 2559 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2560 /* 2561 * If the remote magic is our negated one, 2562 * this looks like a loopback problem. 2563 * Suggest a new magic to make sure. 2564 */ 2565 if (magic == ~sp->lcp.magic) { 2566 if (debug) 2567 addlog("magic glitch "); 2568 #if defined(__DragonFly__) 2569 sp->lcp.magic = random(); 2570 #else 2571 sp->lcp.magic = time.tv_sec + time.tv_usec; 2572 #endif 2573 } else { 2574 sp->lcp.magic = magic; 2575 if (debug) 2576 addlog("%lu ", magic); 2577 } 2578 } 2579 break; 2580 case LCP_OPT_MRU: 2581 /* 2582 * Peer wants to advise us to negotiate an MRU. 2583 * Agree on it if it's reasonable, or use 2584 * default otherwise. 2585 */ 2586 if (len >= 4 && p[1] == 4) { 2587 u_int mru = p[2] * 256 + p[3]; 2588 if (debug) 2589 addlog("%d ", mru); 2590 if (mru < PP_MTU || mru > PP_MAX_MRU) 2591 mru = PP_MTU; 2592 sp->lcp.mru = mru; 2593 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2594 } 2595 break; 2596 case LCP_OPT_AUTH_PROTO: 2597 /* 2598 * Peer doesn't like our authentication method, 2599 * deny. 2600 */ 2601 if (debug) 2602 addlog("[access denied]\n"); 2603 lcp.Close(sp); 2604 break; 2605 } 2606 } 2607 if (debug) 2608 addlog("\n"); 2609 free (buf, M_TEMP); 2610 return; 2611 } 2612 2613 static void 2614 sppp_lcp_tlu(struct sppp *sp) 2615 { 2616 STDDCL; 2617 int i; 2618 u_long mask; 2619 2620 /* XXX ? */ 2621 if (! (ifp->if_flags & IFF_UP) && 2622 (ifp->if_flags & IFF_RUNNING)) { 2623 /* Coming out of loopback mode. */ 2624 if_up(ifp); 2625 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2626 } 2627 2628 for (i = 0; i < IDX_COUNT; i++) 2629 if ((cps[i])->flags & CP_QUAL) 2630 (cps[i])->Open(sp); 2631 2632 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2633 (sp->pp_flags & PP_NEEDAUTH) != 0) 2634 sp->pp_phase = PHASE_AUTHENTICATE; 2635 else 2636 sp->pp_phase = PHASE_NETWORK; 2637 2638 if (debug) 2639 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2640 sppp_phase_name(sp->pp_phase)); 2641 2642 /* 2643 * Open all authentication protocols. This is even required 2644 * if we already proceeded to network phase, since it might be 2645 * that remote wants us to authenticate, so we might have to 2646 * send a PAP request. Undesired authentication protocols 2647 * don't do anything when they get an Open event. 2648 */ 2649 for (i = 0; i < IDX_COUNT; i++) 2650 if ((cps[i])->flags & CP_AUTH) 2651 (cps[i])->Open(sp); 2652 2653 if (sp->pp_phase == PHASE_NETWORK) { 2654 /* Notify all NCPs. */ 2655 for (i = 0; i < IDX_COUNT; i++) 2656 if (((cps[i])->flags & CP_NCP) && 2657 /* 2658 * XXX 2659 * Hack to administratively disable IPv6 if 2660 * not desired. Perhaps we should have another 2661 * flag for this, but right now, we can make 2662 * all struct cp's read/only. 2663 */ 2664 (cps[i] != &ipv6cp || 2665 (sp->confflags & CONF_ENABLE_IPV6))) 2666 (cps[i])->Open(sp); 2667 } 2668 2669 /* Send Up events to all started protos. */ 2670 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2671 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2672 (cps[i])->Up(sp); 2673 2674 /* notify low-level driver of state change */ 2675 if (sp->pp_chg) 2676 sp->pp_chg(sp, (int)sp->pp_phase); 2677 2678 if (sp->pp_phase == PHASE_NETWORK) 2679 /* if no NCP is starting, close down */ 2680 sppp_lcp_check_and_close(sp); 2681 } 2682 2683 static void 2684 sppp_lcp_tld(struct sppp *sp) 2685 { 2686 STDDCL; 2687 int i; 2688 u_long mask; 2689 2690 sp->pp_phase = PHASE_TERMINATE; 2691 2692 if (debug) 2693 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2694 sppp_phase_name(sp->pp_phase)); 2695 2696 /* 2697 * Take upper layers down. We send the Down event first and 2698 * the Close second to prevent the upper layers from sending 2699 * ``a flurry of terminate-request packets'', as the RFC 2700 * describes it. 2701 */ 2702 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2703 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2704 (cps[i])->Down(sp); 2705 (cps[i])->Close(sp); 2706 } 2707 } 2708 2709 static void 2710 sppp_lcp_tls(struct sppp *sp) 2711 { 2712 STDDCL; 2713 2714 sp->pp_phase = PHASE_ESTABLISH; 2715 2716 if (debug) 2717 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2718 sppp_phase_name(sp->pp_phase)); 2719 2720 /* Notify lower layer if desired. */ 2721 if (sp->pp_tls) 2722 (sp->pp_tls)(sp); 2723 else 2724 (sp->pp_up)(sp); 2725 } 2726 2727 static void 2728 sppp_lcp_tlf(struct sppp *sp) 2729 { 2730 STDDCL; 2731 2732 sp->pp_phase = PHASE_DEAD; 2733 if (debug) 2734 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2735 sppp_phase_name(sp->pp_phase)); 2736 2737 /* Notify lower layer if desired. */ 2738 if (sp->pp_tlf) 2739 (sp->pp_tlf)(sp); 2740 else 2741 (sp->pp_down)(sp); 2742 } 2743 2744 static void 2745 sppp_lcp_scr(struct sppp *sp) 2746 { 2747 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2748 int i = 0; 2749 u_short authproto; 2750 2751 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2752 if (! sp->lcp.magic) 2753 #if defined(__DragonFly__) 2754 sp->lcp.magic = random(); 2755 #else 2756 sp->lcp.magic = time.tv_sec + time.tv_usec; 2757 #endif 2758 opt[i++] = LCP_OPT_MAGIC; 2759 opt[i++] = 6; 2760 opt[i++] = sp->lcp.magic >> 24; 2761 opt[i++] = sp->lcp.magic >> 16; 2762 opt[i++] = sp->lcp.magic >> 8; 2763 opt[i++] = sp->lcp.magic; 2764 } 2765 2766 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2767 opt[i++] = LCP_OPT_MRU; 2768 opt[i++] = 4; 2769 opt[i++] = sp->lcp.mru >> 8; 2770 opt[i++] = sp->lcp.mru; 2771 } 2772 2773 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2774 authproto = sp->hisauth.proto; 2775 opt[i++] = LCP_OPT_AUTH_PROTO; 2776 opt[i++] = authproto == PPP_CHAP? 5: 4; 2777 opt[i++] = authproto >> 8; 2778 opt[i++] = authproto; 2779 if (authproto == PPP_CHAP) 2780 opt[i++] = CHAP_MD5; 2781 } 2782 2783 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2784 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2785 } 2786 2787 /* 2788 * Check the open NCPs, return true if at least one NCP is open. 2789 */ 2790 static int 2791 sppp_ncp_check(struct sppp *sp) 2792 { 2793 int i, mask; 2794 2795 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2796 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2797 return 1; 2798 return 0; 2799 } 2800 2801 /* 2802 * Re-check the open NCPs and see if we should terminate the link. 2803 * Called by the NCPs during their tlf action handling. 2804 */ 2805 static void 2806 sppp_lcp_check_and_close(struct sppp *sp) 2807 { 2808 2809 if (sp->pp_phase < PHASE_NETWORK) 2810 /* don't bother, we are already going down */ 2811 return; 2812 2813 if (sppp_ncp_check(sp)) 2814 return; 2815 2816 lcp.Close(sp); 2817 } 2818 2819 /* 2820 *--------------------------------------------------------------------------* 2821 * * 2822 * The IPCP implementation. * 2823 * * 2824 *--------------------------------------------------------------------------* 2825 */ 2826 2827 static void 2828 sppp_ipcp_init(struct sppp *sp) 2829 { 2830 sp->ipcp.opts = 0; 2831 sp->ipcp.flags = 0; 2832 sp->state[IDX_IPCP] = STATE_INITIAL; 2833 sp->fail_counter[IDX_IPCP] = 0; 2834 sp->pp_seq[IDX_IPCP] = 0; 2835 sp->pp_rseq[IDX_IPCP] = 0; 2836 #if defined(__DragonFly__) 2837 callout_init(&sp->timeout[IDX_IPCP]); 2838 #endif 2839 } 2840 2841 static void 2842 sppp_ipcp_up(struct sppp *sp) 2843 { 2844 sppp_up_event(&ipcp, sp); 2845 } 2846 2847 static void 2848 sppp_ipcp_down(struct sppp *sp) 2849 { 2850 sppp_down_event(&ipcp, sp); 2851 } 2852 2853 static void 2854 sppp_ipcp_open(struct sppp *sp) 2855 { 2856 STDDCL; 2857 u_long myaddr, hisaddr; 2858 2859 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN | IPCP_MYADDR_SEEN | 2860 IPCP_MYADDR_DYN | IPCP_VJ); 2861 sp->ipcp.opts = 0; 2862 2863 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2864 /* 2865 * If we don't have his address, this probably means our 2866 * interface doesn't want to talk IP at all. (This could 2867 * be the case if somebody wants to speak only IPX, for 2868 * example.) Don't open IPCP in this case. 2869 */ 2870 if (hisaddr == 0L) { 2871 /* XXX this message should go away */ 2872 if (debug) 2873 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2874 SPP_ARGS(ifp)); 2875 return; 2876 } 2877 if (myaddr == 0L) { 2878 /* 2879 * I don't have an assigned address, so i need to 2880 * negotiate my address. 2881 */ 2882 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2883 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2884 } else 2885 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2886 if (sp->confflags & CONF_ENABLE_VJ) { 2887 sp->ipcp.opts |= (1 << IPCP_OPT_COMPRESSION); 2888 sp->ipcp.max_state = MAX_STATES - 1; 2889 sp->ipcp.compress_cid = 1; 2890 } 2891 sppp_open_event(&ipcp, sp); 2892 } 2893 2894 static void 2895 sppp_ipcp_close(struct sppp *sp) 2896 { 2897 sppp_close_event(&ipcp, sp); 2898 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2899 /* 2900 * My address was dynamic, clear it again. 2901 */ 2902 sppp_set_ip_addr(sp, 0L); 2903 } 2904 2905 static void 2906 sppp_ipcp_TO(void *cookie) 2907 { 2908 sppp_to_event(&ipcp, (struct sppp *)cookie); 2909 } 2910 2911 /* 2912 * Analyze a configure request. Return true if it was agreeable, and 2913 * caused action sca, false if it has been rejected or nak'ed, and 2914 * caused action scn. (The return value is used to make the state 2915 * transition decision in the state automaton.) 2916 */ 2917 static int 2918 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2919 { 2920 u_char *buf, *r, *p; 2921 struct ifnet *ifp = &sp->pp_if; 2922 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2923 u_long hisaddr, desiredaddr; 2924 int gotmyaddr = 0; 2925 int desiredcomp; 2926 2927 len -= 4; 2928 origlen = len; 2929 /* 2930 * Make sure to allocate a buf that can at least hold a 2931 * conf-nak with an `address' option. We might need it below. 2932 */ 2933 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_INTWAIT); 2934 2935 /* pass 1: see if we can recognize them */ 2936 if (debug) 2937 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2938 SPP_ARGS(ifp)); 2939 p = (void*) (h+1); 2940 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2941 if (debug) 2942 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2943 switch (*p) { 2944 case IPCP_OPT_COMPRESSION: 2945 if (!(sp->confflags & CONF_ENABLE_VJ)) { 2946 /* VJ compression administratively disabled */ 2947 if (debug) 2948 addlog("[locally disabled] "); 2949 break; 2950 } 2951 /* 2952 * In theory, we should only conf-rej an 2953 * option that is shorter than RFC 1618 2954 * requires (i.e. < 4), and should conf-nak 2955 * anything else that is not VJ. However, 2956 * since our algorithm always uses the 2957 * original option to NAK it with new values, 2958 * things would become more complicated. In 2959 * pratice, the only commonly implemented IP 2960 * compression option is VJ anyway, so the 2961 * difference is negligible. 2962 */ 2963 if (len >= 6 && p[1] == 6) { 2964 /* 2965 * correctly formed compression option 2966 * that could be VJ compression 2967 */ 2968 continue; 2969 } 2970 if (debug) 2971 addlog("optlen %d [invalid/unsupported] ", 2972 p[1]); 2973 break; 2974 case IPCP_OPT_ADDRESS: 2975 if (len >= 6 && p[1] == 6) { 2976 /* correctly formed address option */ 2977 continue; 2978 } 2979 if (debug) 2980 addlog("[invalid] "); 2981 break; 2982 default: 2983 /* Others not supported. */ 2984 if (debug) 2985 addlog("[rej] "); 2986 break; 2987 } 2988 /* Add the option to rejected list. */ 2989 bcopy (p, r, p[1]); 2990 r += p[1]; 2991 rlen += p[1]; 2992 } 2993 if (rlen) { 2994 if (debug) 2995 addlog(" send conf-rej\n"); 2996 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2997 return 0; 2998 } else if (debug) 2999 addlog("\n"); 3000 3001 /* pass 2: parse option values */ 3002 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 3003 if (debug) 3004 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 3005 SPP_ARGS(ifp)); 3006 p = (void*) (h+1); 3007 len = origlen; 3008 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3009 if (debug) 3010 addlog(" %s ", sppp_ipcp_opt_name(*p)); 3011 switch (*p) { 3012 case IPCP_OPT_COMPRESSION: 3013 desiredcomp = p[2] << 8 | p[3]; 3014 /* We only support VJ */ 3015 if (desiredcomp == IPCP_COMP_VJ) { 3016 if (debug) 3017 addlog("VJ [ack] "); 3018 sp->ipcp.flags |= IPCP_VJ; 3019 sl_compress_init(sp->pp_comp, p[4]); 3020 sp->ipcp.max_state = p[4]; 3021 sp->ipcp.compress_cid = p[5]; 3022 continue; 3023 } 3024 if (debug) 3025 addlog("compproto %#04x [not supported] ", 3026 desiredcomp); 3027 p[2] = IPCP_COMP_VJ >> 8; 3028 p[3] = IPCP_COMP_VJ; 3029 p[4] = sp->ipcp.max_state; 3030 p[5] = sp->ipcp.compress_cid; 3031 break; 3032 case IPCP_OPT_ADDRESS: 3033 /* This is the address he wants in his end */ 3034 desiredaddr = p[2] << 24 | p[3] << 16 | 3035 p[4] << 8 | p[5]; 3036 if (desiredaddr == hisaddr || 3037 (hisaddr >= 1 && hisaddr <= 254 && desiredaddr != 0)) { 3038 /* 3039 * Peer's address is same as our value, 3040 * or we have set it to 0.0.0.* to 3041 * indicate that we do not really care, 3042 * this is agreeable. Gonna conf-ack 3043 * it. 3044 */ 3045 if (debug) 3046 addlog("%s [ack] ", 3047 sppp_dotted_quad(hisaddr)); 3048 /* record that we've seen it already */ 3049 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 3050 continue; 3051 } 3052 /* 3053 * The address wasn't agreeable. This is either 3054 * he sent us 0.0.0.0, asking to assign him an 3055 * address, or he send us another address not 3056 * matching our value. Either case, we gonna 3057 * conf-nak it with our value. 3058 * XXX: we should "rej" if hisaddr == 0 3059 */ 3060 if (debug) { 3061 if (desiredaddr == 0) 3062 addlog("[addr requested] "); 3063 else 3064 addlog("%s [not agreed] ", 3065 sppp_dotted_quad(desiredaddr)); 3066 3067 } 3068 p[2] = hisaddr >> 24; 3069 p[3] = hisaddr >> 16; 3070 p[4] = hisaddr >> 8; 3071 p[5] = hisaddr; 3072 break; 3073 } 3074 /* Add the option to nak'ed list. */ 3075 bcopy (p, r, p[1]); 3076 r += p[1]; 3077 rlen += p[1]; 3078 } 3079 3080 /* 3081 * If we are about to conf-ack the request, but haven't seen 3082 * his address so far, gonna conf-nak it instead, with the 3083 * `address' option present and our idea of his address being 3084 * filled in there, to request negotiation of both addresses. 3085 * 3086 * XXX This can result in an endless req - nak loop if peer 3087 * doesn't want to send us his address. Q: What should we do 3088 * about it? XXX A: implement the max-failure counter. 3089 */ 3090 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 3091 buf[0] = IPCP_OPT_ADDRESS; 3092 buf[1] = 6; 3093 buf[2] = hisaddr >> 24; 3094 buf[3] = hisaddr >> 16; 3095 buf[4] = hisaddr >> 8; 3096 buf[5] = hisaddr; 3097 rlen = 6; 3098 if (debug) 3099 addlog("still need hisaddr "); 3100 } 3101 3102 if (rlen) { 3103 if (debug) 3104 addlog(" send conf-nak\n"); 3105 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 3106 } else { 3107 if (debug) 3108 addlog(" send conf-ack\n"); 3109 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 3110 h->ident, origlen, h+1); 3111 } 3112 3113 free (buf, M_TEMP); 3114 return (rlen == 0); 3115 } 3116 3117 /* 3118 * Analyze the IPCP Configure-Reject option list, and adjust our 3119 * negotiation. 3120 */ 3121 static void 3122 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3123 { 3124 u_char *buf, *p; 3125 struct ifnet *ifp = &sp->pp_if; 3126 int debug = ifp->if_flags & IFF_DEBUG; 3127 3128 len -= 4; 3129 buf = malloc (len, M_TEMP, M_INTWAIT); 3130 3131 if (debug) 3132 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 3133 SPP_ARGS(ifp)); 3134 3135 p = (void*) (h+1); 3136 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3137 if (debug) 3138 addlog(" %s ", sppp_ipcp_opt_name(*p)); 3139 switch (*p) { 3140 case IPCP_OPT_COMPRESSION: 3141 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESSION); 3142 break; 3143 case IPCP_OPT_ADDRESS: 3144 /* 3145 * Peer doesn't grok address option. This is 3146 * bad. XXX Should we better give up here? 3147 * XXX We could try old "addresses" option... 3148 */ 3149 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3150 break; 3151 } 3152 } 3153 if (debug) 3154 addlog("\n"); 3155 free (buf, M_TEMP); 3156 return; 3157 } 3158 3159 /* 3160 * Analyze the IPCP Configure-NAK option list, and adjust our 3161 * negotiation. 3162 */ 3163 static void 3164 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3165 { 3166 u_char *buf, *p; 3167 struct ifnet *ifp = &sp->pp_if; 3168 int debug = ifp->if_flags & IFF_DEBUG; 3169 int desiredcomp; 3170 u_long wantaddr; 3171 3172 len -= 4; 3173 buf = malloc (len, M_TEMP, M_INTWAIT); 3174 3175 if (debug) 3176 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 3177 SPP_ARGS(ifp)); 3178 3179 p = (void*) (h+1); 3180 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3181 if (debug) 3182 addlog(" %s ", sppp_ipcp_opt_name(*p)); 3183 switch (*p) { 3184 case IPCP_OPT_COMPRESSION: 3185 if (len >= 6 && p[1] == 6) { 3186 desiredcomp = p[2] << 8 | p[3]; 3187 if (debug) 3188 addlog("[wantcomp %#04x] ", 3189 desiredcomp); 3190 if (desiredcomp == IPCP_COMP_VJ) { 3191 sl_compress_init(sp->pp_comp, p[4]); 3192 sp->ipcp.max_state = p[4]; 3193 sp->ipcp.compress_cid = p[5]; 3194 if (debug) 3195 addlog("[agree] "); 3196 } else 3197 sp->ipcp.opts &= 3198 ~(1 << IPCP_OPT_COMPRESSION); 3199 } 3200 break; 3201 case IPCP_OPT_ADDRESS: 3202 /* 3203 * Peer doesn't like our local IP address. See 3204 * if we can do something for him. We'll drop 3205 * him our address then. 3206 */ 3207 if (len >= 6 && p[1] == 6) { 3208 wantaddr = p[2] << 24 | p[3] << 16 | 3209 p[4] << 8 | p[5]; 3210 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3211 if (debug) 3212 addlog("[wantaddr %s] ", 3213 sppp_dotted_quad(wantaddr)); 3214 /* 3215 * When doing dynamic address assignment, 3216 * we accept his offer. Otherwise, we 3217 * ignore it and thus continue to negotiate 3218 * our already existing value. 3219 * XXX: Bogus, if he said no once, he'll 3220 * just say no again, might as well die. 3221 */ 3222 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3223 sppp_set_ip_addr(sp, wantaddr); 3224 if (debug) 3225 addlog("[agree] "); 3226 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3227 } 3228 } 3229 break; 3230 } 3231 } 3232 if (debug) 3233 addlog("\n"); 3234 free (buf, M_TEMP); 3235 return; 3236 } 3237 3238 static void 3239 sppp_ipcp_tlu(struct sppp *sp) 3240 { 3241 /* we are up - notify isdn daemon */ 3242 if (sp->pp_con) 3243 sp->pp_con(sp); 3244 } 3245 3246 static void 3247 sppp_ipcp_tld(struct sppp *sp) 3248 { 3249 } 3250 3251 static void 3252 sppp_ipcp_tls(struct sppp *sp) 3253 { 3254 /* indicate to LCP that it must stay alive */ 3255 sp->lcp.protos |= (1 << IDX_IPCP); 3256 } 3257 3258 static void 3259 sppp_ipcp_tlf(struct sppp *sp) 3260 { 3261 /* we no longer need LCP */ 3262 sp->lcp.protos &= ~(1 << IDX_IPCP); 3263 sppp_lcp_check_and_close(sp); 3264 } 3265 3266 static void 3267 sppp_ipcp_scr(struct sppp *sp) 3268 { 3269 char opt[6 /* compression */ + 6 /* address */]; 3270 u_long ouraddr; 3271 int i = 0; 3272 3273 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3274 opt[i++] = IPCP_OPT_COMPRESSION; 3275 opt[i++] = 6; 3276 opt[i++] = IPCP_COMP_VJ >> 8; 3277 opt[i++] = IPCP_COMP_VJ; 3278 opt[i++] = sp->ipcp.max_state; 3279 opt[i++] = sp->ipcp.compress_cid; 3280 } 3281 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3282 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3283 opt[i++] = IPCP_OPT_ADDRESS; 3284 opt[i++] = 6; 3285 opt[i++] = ouraddr >> 24; 3286 opt[i++] = ouraddr >> 16; 3287 opt[i++] = ouraddr >> 8; 3288 opt[i++] = ouraddr; 3289 } 3290 3291 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3292 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3293 } 3294 3295 /* 3296 *--------------------------------------------------------------------------* 3297 * * 3298 * The IPv6CP implementation. * 3299 * * 3300 *--------------------------------------------------------------------------* 3301 */ 3302 3303 #ifdef INET6 3304 static void 3305 sppp_ipv6cp_init(struct sppp *sp) 3306 { 3307 sp->ipv6cp.opts = 0; 3308 sp->ipv6cp.flags = 0; 3309 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3310 sp->fail_counter[IDX_IPV6CP] = 0; 3311 sp->pp_seq[IDX_IPV6CP] = 0; 3312 sp->pp_rseq[IDX_IPV6CP] = 0; 3313 #if defined(__NetBSD__) 3314 callout_init(&sp->ch[IDX_IPV6CP]); 3315 #endif 3316 #if defined(__DragonFly__) 3317 callout_init(&sp->timeout[IDX_IPV6CP]); 3318 #endif 3319 } 3320 3321 static void 3322 sppp_ipv6cp_up(struct sppp *sp) 3323 { 3324 sppp_up_event(&ipv6cp, sp); 3325 } 3326 3327 static void 3328 sppp_ipv6cp_down(struct sppp *sp) 3329 { 3330 sppp_down_event(&ipv6cp, sp); 3331 } 3332 3333 static void 3334 sppp_ipv6cp_open(struct sppp *sp) 3335 { 3336 STDDCL; 3337 struct in6_addr myaddr, hisaddr; 3338 3339 #ifdef IPV6CP_MYIFID_DYN 3340 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3341 #else 3342 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3343 #endif 3344 3345 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3346 /* 3347 * If we don't have our address, this probably means our 3348 * interface doesn't want to talk IPv6 at all. (This could 3349 * be the case if somebody wants to speak only IPX, for 3350 * example.) Don't open IPv6CP in this case. 3351 */ 3352 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3353 /* XXX this message should go away */ 3354 if (debug) 3355 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3356 SPP_ARGS(ifp)); 3357 return; 3358 } 3359 3360 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3361 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3362 sppp_open_event(&ipv6cp, sp); 3363 } 3364 3365 static void 3366 sppp_ipv6cp_close(struct sppp *sp) 3367 { 3368 sppp_close_event(&ipv6cp, sp); 3369 } 3370 3371 static void 3372 sppp_ipv6cp_TO(void *cookie) 3373 { 3374 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3375 } 3376 3377 /* 3378 * Analyze a configure request. Return true if it was agreeable, and 3379 * caused action sca, false if it has been rejected or nak'ed, and 3380 * caused action scn. (The return value is used to make the state 3381 * transition decision in the state automaton.) 3382 */ 3383 static int 3384 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3385 { 3386 u_char *buf, *r, *p; 3387 struct ifnet *ifp = &sp->pp_if; 3388 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3389 struct in6_addr myaddr, desiredaddr, suggestaddr; 3390 int ifidcount; 3391 int type; 3392 int collision, nohisaddr; 3393 3394 len -= 4; 3395 origlen = len; 3396 /* 3397 * Make sure to allocate a buf that can at least hold a 3398 * conf-nak with an `address' option. We might need it below. 3399 */ 3400 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_INTWAIT); 3401 3402 /* pass 1: see if we can recognize them */ 3403 if (debug) 3404 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3405 SPP_ARGS(ifp)); 3406 p = (void*) (h+1); 3407 ifidcount = 0; 3408 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3409 if (debug) 3410 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3411 switch (*p) { 3412 case IPV6CP_OPT_IFID: 3413 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3414 /* correctly formed address option */ 3415 ifidcount++; 3416 continue; 3417 } 3418 if (debug) 3419 addlog(" [invalid]"); 3420 break; 3421 #ifdef notyet 3422 case IPV6CP_OPT_COMPRESSION: 3423 if (len >= 4 && p[1] >= 4) { 3424 /* correctly formed compress option */ 3425 continue; 3426 } 3427 if (debug) 3428 addlog(" [invalid]"); 3429 break; 3430 #endif 3431 default: 3432 /* Others not supported. */ 3433 if (debug) 3434 addlog(" [rej]"); 3435 break; 3436 } 3437 /* Add the option to rejected list. */ 3438 bcopy (p, r, p[1]); 3439 r += p[1]; 3440 rlen += p[1]; 3441 } 3442 if (rlen) { 3443 if (debug) 3444 addlog(" send conf-rej\n"); 3445 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3446 goto end; 3447 } else if (debug) 3448 addlog("\n"); 3449 3450 /* pass 2: parse option values */ 3451 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3452 if (debug) 3453 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3454 SPP_ARGS(ifp)); 3455 p = (void*) (h+1); 3456 len = origlen; 3457 type = CONF_ACK; 3458 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3459 if (debug) 3460 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3461 switch (*p) { 3462 #ifdef notyet 3463 case IPV6CP_OPT_COMPRESSION: 3464 continue; 3465 #endif 3466 case IPV6CP_OPT_IFID: 3467 bzero(&desiredaddr, sizeof(desiredaddr)); 3468 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3469 collision = (bcmp(&desiredaddr.s6_addr[8], 3470 &myaddr.s6_addr[8], 8) == 0); 3471 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3472 3473 desiredaddr.s6_addr16[0] = htons(0xfe80); 3474 desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3475 3476 if (!collision && !nohisaddr) { 3477 /* no collision, hisaddr known - Conf-Ack */ 3478 type = CONF_ACK; 3479 3480 if (debug) { 3481 addlog(" %s [%s]", 3482 ip6_sprintf(&desiredaddr), 3483 sppp_cp_type_name(type)); 3484 } 3485 continue; 3486 } 3487 3488 bzero(&suggestaddr, sizeof(&suggestaddr)); 3489 if (collision && nohisaddr) { 3490 /* collision, hisaddr unknown - Conf-Rej */ 3491 type = CONF_REJ; 3492 bzero(&p[2], 8); 3493 } else { 3494 /* 3495 * - no collision, hisaddr unknown, or 3496 * - collision, hisaddr known 3497 * Conf-Nak, suggest hisaddr 3498 */ 3499 type = CONF_NAK; 3500 sppp_suggest_ip6_addr(sp, &suggestaddr); 3501 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3502 } 3503 if (debug) 3504 addlog(" %s [%s]", ip6_sprintf(&desiredaddr), 3505 sppp_cp_type_name(type)); 3506 break; 3507 } 3508 /* Add the option to nak'ed list. */ 3509 bcopy (p, r, p[1]); 3510 r += p[1]; 3511 rlen += p[1]; 3512 } 3513 3514 if (rlen == 0 && type == CONF_ACK) { 3515 if (debug) 3516 addlog(" send %s\n", sppp_cp_type_name(type)); 3517 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3518 } else { 3519 #ifdef DIAGNOSTIC 3520 if (type == CONF_ACK) 3521 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3522 #endif 3523 3524 if (debug) { 3525 addlog(" send %s suggest %s\n", 3526 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr)); 3527 } 3528 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3529 } 3530 3531 end: 3532 free (buf, M_TEMP); 3533 return (rlen == 0); 3534 } 3535 3536 /* 3537 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3538 * negotiation. 3539 */ 3540 static void 3541 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3542 { 3543 u_char *buf, *p; 3544 struct ifnet *ifp = &sp->pp_if; 3545 int debug = ifp->if_flags & IFF_DEBUG; 3546 3547 len -= 4; 3548 buf = malloc (len, M_TEMP, M_INTWAIT); 3549 3550 if (debug) 3551 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3552 SPP_ARGS(ifp)); 3553 3554 p = (void*) (h+1); 3555 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3556 if (debug) 3557 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3558 switch (*p) { 3559 case IPV6CP_OPT_IFID: 3560 /* 3561 * Peer doesn't grok address option. This is 3562 * bad. XXX Should we better give up here? 3563 */ 3564 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3565 break; 3566 #ifdef notyet 3567 case IPV6CP_OPT_COMPRESS: 3568 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3569 break; 3570 #endif 3571 } 3572 } 3573 if (debug) 3574 addlog("\n"); 3575 free (buf, M_TEMP); 3576 return; 3577 } 3578 3579 /* 3580 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3581 * negotiation. 3582 */ 3583 static void 3584 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3585 { 3586 u_char *buf, *p; 3587 struct ifnet *ifp = &sp->pp_if; 3588 int debug = ifp->if_flags & IFF_DEBUG; 3589 struct in6_addr suggestaddr; 3590 3591 len -= 4; 3592 buf = malloc (len, M_TEMP, M_INTWAIT); 3593 3594 if (debug) 3595 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3596 SPP_ARGS(ifp)); 3597 3598 p = (void*) (h+1); 3599 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3600 if (debug) 3601 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3602 switch (*p) { 3603 case IPV6CP_OPT_IFID: 3604 /* 3605 * Peer doesn't like our local ifid. See 3606 * if we can do something for him. We'll drop 3607 * him our address then. 3608 */ 3609 if (len < 10 || p[1] != 10) 3610 break; 3611 bzero(&suggestaddr, sizeof(suggestaddr)); 3612 suggestaddr.s6_addr16[0] = htons(0xfe80); 3613 suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3614 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3615 3616 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3617 if (debug) 3618 addlog(" [suggestaddr %s]", 3619 ip6_sprintf(&suggestaddr)); 3620 #ifdef IPV6CP_MYIFID_DYN 3621 /* 3622 * When doing dynamic address assignment, 3623 * we accept his offer. 3624 */ 3625 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3626 struct in6_addr lastsuggest; 3627 /* 3628 * If <suggested myaddr from peer> equals to 3629 * <hisaddr we have suggested last time>, 3630 * we have a collision. generate new random 3631 * ifid. 3632 */ 3633 sppp_suggest_ip6_addr(&lastsuggest); 3634 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3635 lastsuggest)) { 3636 if (debug) 3637 addlog(" [random]"); 3638 sppp_gen_ip6_addr(sp, &suggestaddr); 3639 } 3640 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3641 if (debug) 3642 addlog(" [agree]"); 3643 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3644 } 3645 #else 3646 /* 3647 * Since we do not do dynamic address assignment, 3648 * we ignore it and thus continue to negotiate 3649 * our already existing value. This can possibly 3650 * go into infinite request-reject loop. 3651 * 3652 * This is not likely because we normally use 3653 * ifid based on MAC-address. 3654 * If you have no ethernet card on the node, too bad. 3655 * XXX should we use fail_counter? 3656 */ 3657 #endif 3658 break; 3659 #ifdef notyet 3660 case IPV6CP_OPT_COMPRESS: 3661 /* 3662 * Peer wants different compression parameters. 3663 */ 3664 break; 3665 #endif 3666 } 3667 } 3668 if (debug) 3669 addlog("\n"); 3670 free (buf, M_TEMP); 3671 return; 3672 } 3673 static void 3674 sppp_ipv6cp_tlu(struct sppp *sp) 3675 { 3676 /* we are up - notify isdn daemon */ 3677 if (sp->pp_con) 3678 sp->pp_con(sp); 3679 } 3680 3681 static void 3682 sppp_ipv6cp_tld(struct sppp *sp) 3683 { 3684 } 3685 3686 static void 3687 sppp_ipv6cp_tls(struct sppp *sp) 3688 { 3689 /* indicate to LCP that it must stay alive */ 3690 sp->lcp.protos |= (1 << IDX_IPV6CP); 3691 } 3692 3693 static void 3694 sppp_ipv6cp_tlf(struct sppp *sp) 3695 { 3696 3697 #if 0 /* need #if 0 to close IPv6CP properly */ 3698 /* we no longer need LCP */ 3699 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3700 sppp_lcp_check_and_close(sp); 3701 #endif 3702 } 3703 3704 static void 3705 sppp_ipv6cp_scr(struct sppp *sp) 3706 { 3707 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3708 struct in6_addr ouraddr; 3709 int i = 0; 3710 3711 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3712 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3713 opt[i++] = IPV6CP_OPT_IFID; 3714 opt[i++] = 10; 3715 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3716 i += 8; 3717 } 3718 3719 #ifdef notyet 3720 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3721 opt[i++] = IPV6CP_OPT_COMPRESSION; 3722 opt[i++] = 4; 3723 opt[i++] = 0; /* TBD */ 3724 opt[i++] = 0; /* TBD */ 3725 /* variable length data may follow */ 3726 } 3727 #endif 3728 3729 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3730 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3731 } 3732 #else /*INET6*/ 3733 static void 3734 sppp_ipv6cp_init(struct sppp *sp) 3735 { 3736 } 3737 3738 static void 3739 sppp_ipv6cp_up(struct sppp *sp) 3740 { 3741 } 3742 3743 static void 3744 sppp_ipv6cp_down(struct sppp *sp) 3745 { 3746 } 3747 3748 3749 static void 3750 sppp_ipv6cp_open(struct sppp *sp) 3751 { 3752 } 3753 3754 static void 3755 sppp_ipv6cp_close(struct sppp *sp) 3756 { 3757 } 3758 3759 static void 3760 sppp_ipv6cp_TO(void *sp) 3761 { 3762 } 3763 3764 static int 3765 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3766 { 3767 return 0; 3768 } 3769 3770 static void 3771 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3772 { 3773 } 3774 3775 static void 3776 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3777 { 3778 } 3779 3780 static void 3781 sppp_ipv6cp_tlu(struct sppp *sp) 3782 { 3783 } 3784 3785 static void 3786 sppp_ipv6cp_tld(struct sppp *sp) 3787 { 3788 } 3789 3790 static void 3791 sppp_ipv6cp_tls(struct sppp *sp) 3792 { 3793 } 3794 3795 static void 3796 sppp_ipv6cp_tlf(struct sppp *sp) 3797 { 3798 } 3799 3800 static void 3801 sppp_ipv6cp_scr(struct sppp *sp) 3802 { 3803 } 3804 #endif /*INET6*/ 3805 3806 /* 3807 *--------------------------------------------------------------------------* 3808 * * 3809 * The CHAP implementation. * 3810 * * 3811 *--------------------------------------------------------------------------* 3812 */ 3813 3814 /* 3815 * The authentication protocols don't employ a full-fledged state machine as 3816 * the control protocols do, since they do have Open and Close events, but 3817 * not Up and Down, nor are they explicitly terminated. Also, use of the 3818 * authentication protocols may be different in both directions (this makes 3819 * sense, think of a machine that never accepts incoming calls but only 3820 * calls out, it doesn't require the called party to authenticate itself). 3821 * 3822 * Our state machine for the local authentication protocol (we are requesting 3823 * the peer to authenticate) looks like: 3824 * 3825 * RCA- 3826 * +--------------------------------------------+ 3827 * V scn,tld| 3828 * +--------+ Close +---------+ RCA+ 3829 * | |<----------------------------------| |------+ 3830 * +--->| Closed | TO* | Opened | sca | 3831 * | | |-----+ +-------| |<-----+ 3832 * | +--------+ irc | | +---------+ 3833 * | ^ | | ^ 3834 * | | | | | 3835 * | | | | | 3836 * | TO-| | | | 3837 * | |tld TO+ V | | 3838 * | | +------->+ | | 3839 * | | | | | | 3840 * | +--------+ V | | 3841 * | | |<----+<--------------------+ | 3842 * | | Req- | scr | 3843 * | | Sent | | 3844 * | | | | 3845 * | +--------+ | 3846 * | RCA- | | RCA+ | 3847 * +------+ +------------------------------------------+ 3848 * scn,tld sca,irc,ict,tlu 3849 * 3850 * 3851 * with: 3852 * 3853 * Open: LCP reached authentication phase 3854 * Close: LCP reached terminate phase 3855 * 3856 * RCA+: received reply (pap-req, chap-response), acceptable 3857 * RCN: received reply (pap-req, chap-response), not acceptable 3858 * TO+: timeout with restart counter >= 0 3859 * TO-: timeout with restart counter < 0 3860 * TO*: reschedule timeout for CHAP 3861 * 3862 * scr: send request packet (none for PAP, chap-challenge) 3863 * sca: send ack packet (pap-ack, chap-success) 3864 * scn: send nak packet (pap-nak, chap-failure) 3865 * ict: initialize re-challenge timer (CHAP only) 3866 * 3867 * tlu: this-layer-up, LCP reaches network phase 3868 * tld: this-layer-down, LCP enters terminate phase 3869 * 3870 * Note that in CHAP mode, after sending a new challenge, while the state 3871 * automaton falls back into Req-Sent state, it doesn't signal a tld 3872 * event to LCP, so LCP remains in network phase. Only after not getting 3873 * any response (or after getting an unacceptable response), CHAP closes, 3874 * causing LCP to enter terminate phase. 3875 * 3876 * With PAP, there is no initial request that can be sent. The peer is 3877 * expected to send one based on the successful negotiation of PAP as 3878 * the authentication protocol during the LCP option negotiation. 3879 * 3880 * Incoming authentication protocol requests (remote requests 3881 * authentication, we are peer) don't employ a state machine at all, 3882 * they are simply answered. Some peers [Ascend P50 firmware rev 3883 * 4.50] react allergically when sending IPCP requests while they are 3884 * still in authentication phase (thereby violating the standard that 3885 * demands that these NCP packets are to be discarded), so we keep 3886 * track of the peer demanding us to authenticate, and only proceed to 3887 * phase network once we've seen a positive acknowledge for the 3888 * authentication. 3889 */ 3890 3891 /* 3892 * Handle incoming CHAP packets. 3893 */ 3894 void 3895 sppp_chap_input(struct sppp *sp, struct mbuf *m) 3896 { 3897 STDDCL; 3898 struct lcp_header *h; 3899 int len; 3900 u_char *value, *name, digest[AUTHKEYLEN], dsize; 3901 int value_len, name_len; 3902 MD5_CTX ctx; 3903 3904 len = m->m_pkthdr.len; 3905 if (len < 4) { 3906 if (debug) 3907 log(LOG_DEBUG, 3908 SPP_FMT "chap invalid packet length: %d bytes\n", 3909 SPP_ARGS(ifp), len); 3910 return; 3911 } 3912 h = mtod (m, struct lcp_header*); 3913 if (len > ntohs (h->len)) 3914 len = ntohs (h->len); 3915 3916 switch (h->type) { 3917 /* challenge, failure and success are his authproto */ 3918 case CHAP_CHALLENGE: 3919 value = 1 + (u_char*)(h+1); 3920 value_len = value[-1]; 3921 name = value + value_len; 3922 name_len = len - value_len - 5; 3923 if (name_len < 0) { 3924 if (debug) { 3925 log(LOG_DEBUG, 3926 SPP_FMT "chap corrupted challenge " 3927 "<%s id=0x%x len=%d", 3928 SPP_ARGS(ifp), 3929 sppp_auth_type_name(PPP_CHAP, h->type), 3930 h->ident, ntohs(h->len)); 3931 sppp_print_bytes((u_char*) (h+1), len-4); 3932 addlog(">\n"); 3933 } 3934 break; 3935 } 3936 3937 if (debug) { 3938 log(LOG_DEBUG, 3939 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3940 SPP_ARGS(ifp), 3941 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3942 ntohs(h->len)); 3943 sppp_print_string((char*) name, name_len); 3944 addlog(" value-size=%d value=", value_len); 3945 sppp_print_bytes(value, value_len); 3946 addlog(">\n"); 3947 } 3948 3949 /* Compute reply value. */ 3950 MD5Init(&ctx); 3951 MD5Update(&ctx, &h->ident, 1); 3952 MD5Update(&ctx, sp->myauth.secret, 3953 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 3954 MD5Update(&ctx, value, value_len); 3955 MD5Final(digest, &ctx); 3956 dsize = sizeof digest; 3957 3958 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3959 sizeof dsize, (const char *)&dsize, 3960 sizeof digest, digest, 3961 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3962 sp->myauth.name, 3963 0); 3964 break; 3965 3966 case CHAP_SUCCESS: 3967 if (debug) { 3968 log(LOG_DEBUG, SPP_FMT "chap success", 3969 SPP_ARGS(ifp)); 3970 if (len > 4) { 3971 addlog(": "); 3972 sppp_print_string((char*)(h + 1), len - 4); 3973 } 3974 addlog("\n"); 3975 } 3976 3977 crit_enter(); 3978 3979 sp->pp_flags &= ~PP_NEEDAUTH; 3980 if (sp->myauth.proto == PPP_CHAP && 3981 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3982 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3983 /* 3984 * We are authenticator for CHAP but didn't 3985 * complete yet. Leave it to tlu to proceed 3986 * to network phase. 3987 */ 3988 crit_exit(); 3989 break; 3990 } 3991 crit_exit(); 3992 sppp_phase_network(sp); 3993 break; 3994 3995 case CHAP_FAILURE: 3996 if (debug) { 3997 log(LOG_INFO, SPP_FMT "chap failure", 3998 SPP_ARGS(ifp)); 3999 if (len > 4) { 4000 addlog(": "); 4001 sppp_print_string((char*)(h + 1), len - 4); 4002 } 4003 addlog("\n"); 4004 } else 4005 log(LOG_INFO, SPP_FMT "chap failure\n", 4006 SPP_ARGS(ifp)); 4007 /* await LCP shutdown by authenticator */ 4008 break; 4009 4010 /* response is my authproto */ 4011 case CHAP_RESPONSE: 4012 value = 1 + (u_char*)(h+1); 4013 value_len = value[-1]; 4014 name = value + value_len; 4015 name_len = len - value_len - 5; 4016 if (name_len < 0) { 4017 if (debug) { 4018 log(LOG_DEBUG, 4019 SPP_FMT "chap corrupted response " 4020 "<%s id=0x%x len=%d", 4021 SPP_ARGS(ifp), 4022 sppp_auth_type_name(PPP_CHAP, h->type), 4023 h->ident, ntohs(h->len)); 4024 sppp_print_bytes((u_char*)(h+1), len-4); 4025 addlog(">\n"); 4026 } 4027 break; 4028 } 4029 if (h->ident != sp->confid[IDX_CHAP]) { 4030 if (debug) 4031 log(LOG_DEBUG, 4032 SPP_FMT "chap dropping response for old ID " 4033 "(got %d, expected %d)\n", 4034 SPP_ARGS(ifp), 4035 h->ident, sp->confid[IDX_CHAP]); 4036 break; 4037 } 4038 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 4039 || bcmp(name, sp->hisauth.name, name_len) != 0) { 4040 log(LOG_INFO, SPP_FMT "chap response, his name ", 4041 SPP_ARGS(ifp)); 4042 sppp_print_string(name, name_len); 4043 addlog(" != expected "); 4044 sppp_print_string(sp->hisauth.name, 4045 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 4046 addlog("\n"); 4047 } 4048 if (debug) { 4049 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 4050 "<%s id=0x%x len=%d name=", 4051 SPP_ARGS(ifp), 4052 sppp_state_name(sp->state[IDX_CHAP]), 4053 sppp_auth_type_name(PPP_CHAP, h->type), 4054 h->ident, ntohs (h->len)); 4055 sppp_print_string((char*)name, name_len); 4056 addlog(" value-size=%d value=", value_len); 4057 sppp_print_bytes(value, value_len); 4058 addlog(">\n"); 4059 } 4060 if (value_len != AUTHKEYLEN) { 4061 if (debug) 4062 log(LOG_DEBUG, 4063 SPP_FMT "chap bad hash value length: " 4064 "%d bytes, should be %d\n", 4065 SPP_ARGS(ifp), value_len, 4066 AUTHKEYLEN); 4067 break; 4068 } 4069 4070 MD5Init(&ctx); 4071 MD5Update(&ctx, &h->ident, 1); 4072 MD5Update(&ctx, sp->hisauth.secret, 4073 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 4074 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 4075 MD5Final(digest, &ctx); 4076 4077 #define FAILMSG "Failed..." 4078 #define SUCCMSG "Welcome!" 4079 4080 if (value_len != sizeof digest || 4081 bcmp(digest, value, value_len) != 0) { 4082 /* action scn, tld */ 4083 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 4084 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4085 0); 4086 chap.tld(sp); 4087 break; 4088 } 4089 /* action sca, perhaps tlu */ 4090 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 4091 sp->state[IDX_CHAP] == STATE_OPENED) 4092 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4093 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4094 0); 4095 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 4096 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4097 chap.tlu(sp); 4098 } 4099 break; 4100 4101 default: 4102 /* Unknown CHAP packet type -- ignore. */ 4103 if (debug) { 4104 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 4105 "<0x%x id=0x%xh len=%d", 4106 SPP_ARGS(ifp), 4107 sppp_state_name(sp->state[IDX_CHAP]), 4108 h->type, h->ident, ntohs(h->len)); 4109 sppp_print_bytes((u_char*)(h+1), len-4); 4110 addlog(">\n"); 4111 } 4112 break; 4113 4114 } 4115 } 4116 4117 static void 4118 sppp_chap_init(struct sppp *sp) 4119 { 4120 /* Chap doesn't have STATE_INITIAL at all. */ 4121 sp->state[IDX_CHAP] = STATE_CLOSED; 4122 sp->fail_counter[IDX_CHAP] = 0; 4123 sp->pp_seq[IDX_CHAP] = 0; 4124 sp->pp_rseq[IDX_CHAP] = 0; 4125 #if defined(__DragonFly__) 4126 callout_init(&sp->timeout[IDX_CHAP]); 4127 #endif 4128 } 4129 4130 static void 4131 sppp_chap_open(struct sppp *sp) 4132 { 4133 if (sp->myauth.proto == PPP_CHAP && 4134 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4135 /* we are authenticator for CHAP, start it */ 4136 chap.scr(sp); 4137 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4138 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4139 } 4140 /* nothing to be done if we are peer, await a challenge */ 4141 } 4142 4143 static void 4144 sppp_chap_close(struct sppp *sp) 4145 { 4146 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4147 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4148 } 4149 4150 static void 4151 sppp_chap_TO(void *cookie) 4152 { 4153 struct sppp *sp = (struct sppp *)cookie; 4154 STDDCL; 4155 4156 crit_enter(); 4157 4158 if (debug) 4159 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 4160 SPP_ARGS(ifp), 4161 sppp_state_name(sp->state[IDX_CHAP]), 4162 sp->rst_counter[IDX_CHAP]); 4163 4164 if (--sp->rst_counter[IDX_CHAP] < 0) 4165 /* TO- event */ 4166 switch (sp->state[IDX_CHAP]) { 4167 case STATE_REQ_SENT: 4168 chap.tld(sp); 4169 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4170 break; 4171 } 4172 else 4173 /* TO+ (or TO*) event */ 4174 switch (sp->state[IDX_CHAP]) { 4175 case STATE_OPENED: 4176 /* TO* event */ 4177 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4178 /* fall through */ 4179 case STATE_REQ_SENT: 4180 chap.scr(sp); 4181 /* sppp_cp_change_state() will restart the timer */ 4182 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4183 break; 4184 } 4185 4186 crit_exit(); 4187 } 4188 4189 static void 4190 sppp_chap_tlu(struct sppp *sp) 4191 { 4192 STDDCL; 4193 int i; 4194 4195 i = 0; 4196 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4197 4198 /* 4199 * Some broken CHAP implementations (Conware CoNet, firmware 4200 * 4.0.?) don't want to re-authenticate their CHAP once the 4201 * initial challenge-response exchange has taken place. 4202 * Provide for an option to avoid rechallenges. 4203 */ 4204 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 4205 /* 4206 * Compute the re-challenge timeout. This will yield 4207 * a number between 300 and 810 seconds. 4208 */ 4209 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 4210 callout_reset(&sp->timeout[IDX_CHAP], i * hz, chap.TO, sp); 4211 } 4212 4213 if (debug) { 4214 log(LOG_DEBUG, 4215 SPP_FMT "chap %s, ", 4216 SPP_ARGS(ifp), 4217 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 4218 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 4219 addlog("next re-challenge in %d seconds\n", i); 4220 else 4221 addlog("re-challenging supressed\n"); 4222 } 4223 4224 crit_enter(); 4225 4226 /* indicate to LCP that we need to be closed down */ 4227 sp->lcp.protos |= (1 << IDX_CHAP); 4228 4229 if (sp->pp_flags & PP_NEEDAUTH) { 4230 /* 4231 * Remote is authenticator, but his auth proto didn't 4232 * complete yet. Defer the transition to network 4233 * phase. 4234 */ 4235 crit_exit(); 4236 return; 4237 } 4238 4239 crit_exit(); 4240 4241 /* 4242 * If we are already in phase network, we are done here. This 4243 * is the case if this is a dummy tlu event after a re-challenge. 4244 */ 4245 if (sp->pp_phase != PHASE_NETWORK) 4246 sppp_phase_network(sp); 4247 } 4248 4249 static void 4250 sppp_chap_tld(struct sppp *sp) 4251 { 4252 STDDCL; 4253 4254 if (debug) 4255 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 4256 callout_stop(&sp->timeout[IDX_CHAP]); 4257 sp->lcp.protos &= ~(1 << IDX_CHAP); 4258 4259 lcp.Close(sp); 4260 } 4261 4262 static void 4263 sppp_chap_scr(struct sppp *sp) 4264 { 4265 u_long *ch, seed; 4266 u_char clen; 4267 4268 /* Compute random challenge. */ 4269 ch = (u_long *)sp->myauth.challenge; 4270 #if defined(__DragonFly__) 4271 read_random(&seed, sizeof seed); 4272 #else 4273 { 4274 struct timeval tv; 4275 microtime(&tv); 4276 seed = tv.tv_sec ^ tv.tv_usec; 4277 } 4278 #endif 4279 ch[0] = seed ^ random(); 4280 ch[1] = seed ^ random(); 4281 ch[2] = seed ^ random(); 4282 ch[3] = seed ^ random(); 4283 clen = AUTHKEYLEN; 4284 4285 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4286 4287 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4288 sizeof clen, (const char *)&clen, 4289 (size_t)AUTHKEYLEN, sp->myauth.challenge, 4290 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4291 sp->myauth.name, 4292 0); 4293 } 4294 4295 /* 4296 *--------------------------------------------------------------------------* 4297 * * 4298 * The PAP implementation. * 4299 * * 4300 *--------------------------------------------------------------------------* 4301 */ 4302 /* 4303 * For PAP, we need to keep a little state also if we are the peer, not the 4304 * authenticator. This is since we don't get a request to authenticate, but 4305 * have to repeatedly authenticate ourself until we got a response (or the 4306 * retry counter is expired). 4307 */ 4308 4309 /* 4310 * Handle incoming PAP packets. */ 4311 static void 4312 sppp_pap_input(struct sppp *sp, struct mbuf *m) 4313 { 4314 STDDCL; 4315 struct lcp_header *h; 4316 int len; 4317 u_char *name, *passwd, mlen; 4318 int name_len, passwd_len; 4319 4320 len = m->m_pkthdr.len; 4321 if (len < 5) { 4322 if (debug) 4323 log(LOG_DEBUG, 4324 SPP_FMT "pap invalid packet length: %d bytes\n", 4325 SPP_ARGS(ifp), len); 4326 return; 4327 } 4328 h = mtod (m, struct lcp_header*); 4329 if (len > ntohs (h->len)) 4330 len = ntohs (h->len); 4331 switch (h->type) { 4332 /* PAP request is my authproto */ 4333 case PAP_REQ: 4334 name = 1 + (u_char*)(h+1); 4335 name_len = name[-1]; 4336 passwd = name + name_len + 1; 4337 if (name_len > len - 6 || 4338 (passwd_len = passwd[-1]) > len - 6 - name_len) { 4339 if (debug) { 4340 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4341 "<%s id=0x%x len=%d", 4342 SPP_ARGS(ifp), 4343 sppp_auth_type_name(PPP_PAP, h->type), 4344 h->ident, ntohs(h->len)); 4345 sppp_print_bytes((u_char*)(h+1), len-4); 4346 addlog(">\n"); 4347 } 4348 break; 4349 } 4350 if (debug) { 4351 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4352 "<%s id=0x%x len=%d name=", 4353 SPP_ARGS(ifp), 4354 sppp_state_name(sp->state[IDX_PAP]), 4355 sppp_auth_type_name(PPP_PAP, h->type), 4356 h->ident, ntohs(h->len)); 4357 sppp_print_string((char*)name, name_len); 4358 addlog(" passwd="); 4359 sppp_print_string((char*)passwd, passwd_len); 4360 addlog(">\n"); 4361 } 4362 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) || 4363 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) || 4364 bcmp(name, sp->hisauth.name, name_len) != 0 || 4365 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 4366 /* action scn, tld */ 4367 mlen = sizeof(FAILMSG) - 1; 4368 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4369 sizeof mlen, (const char *)&mlen, 4370 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4371 0); 4372 pap.tld(sp); 4373 break; 4374 } 4375 /* action sca, perhaps tlu */ 4376 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4377 sp->state[IDX_PAP] == STATE_OPENED) { 4378 mlen = sizeof(SUCCMSG) - 1; 4379 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4380 sizeof mlen, (const char *)&mlen, 4381 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4382 0); 4383 } 4384 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4385 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4386 pap.tlu(sp); 4387 } 4388 break; 4389 4390 /* ack and nak are his authproto */ 4391 case PAP_ACK: 4392 callout_stop(&sp->pap_my_to); 4393 if (debug) { 4394 log(LOG_DEBUG, SPP_FMT "pap success", 4395 SPP_ARGS(ifp)); 4396 name_len = *((char *)h); 4397 if (len > 5 && name_len) { 4398 addlog(": "); 4399 sppp_print_string((char*)(h+1), name_len); 4400 } 4401 addlog("\n"); 4402 } 4403 4404 crit_enter(); 4405 4406 sp->pp_flags &= ~PP_NEEDAUTH; 4407 if (sp->myauth.proto == PPP_PAP && 4408 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4409 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4410 /* 4411 * We are authenticator for PAP but didn't 4412 * complete yet. Leave it to tlu to proceed 4413 * to network phase. 4414 */ 4415 4416 crit_exit(); 4417 4418 break; 4419 } 4420 4421 crit_exit(); 4422 4423 sppp_phase_network(sp); 4424 break; 4425 4426 case PAP_NAK: 4427 callout_stop(&sp->pap_my_to); 4428 if (debug) { 4429 log(LOG_INFO, SPP_FMT "pap failure", 4430 SPP_ARGS(ifp)); 4431 name_len = *((char *)h); 4432 if (len > 5 && name_len) { 4433 addlog(": "); 4434 sppp_print_string((char*)(h+1), name_len); 4435 } 4436 addlog("\n"); 4437 } else 4438 log(LOG_INFO, SPP_FMT "pap failure\n", 4439 SPP_ARGS(ifp)); 4440 /* await LCP shutdown by authenticator */ 4441 break; 4442 4443 default: 4444 /* Unknown PAP packet type -- ignore. */ 4445 if (debug) { 4446 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4447 "<0x%x id=0x%x len=%d", 4448 SPP_ARGS(ifp), 4449 h->type, h->ident, ntohs(h->len)); 4450 sppp_print_bytes((u_char*)(h+1), len-4); 4451 addlog(">\n"); 4452 } 4453 break; 4454 4455 } 4456 } 4457 4458 static void 4459 sppp_pap_init(struct sppp *sp) 4460 { 4461 /* PAP doesn't have STATE_INITIAL at all. */ 4462 sp->state[IDX_PAP] = STATE_CLOSED; 4463 sp->fail_counter[IDX_PAP] = 0; 4464 sp->pp_seq[IDX_PAP] = 0; 4465 sp->pp_rseq[IDX_PAP] = 0; 4466 #if defined(__DragonFly__) 4467 callout_init(&sp->timeout[IDX_PAP]); 4468 callout_init(&sp->pap_my_to); 4469 #endif 4470 } 4471 4472 static void 4473 sppp_pap_open(struct sppp *sp) 4474 { 4475 if (sp->hisauth.proto == PPP_PAP && 4476 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4477 /* we are authenticator for PAP, start our timer */ 4478 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4479 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4480 } 4481 if (sp->myauth.proto == PPP_PAP) { 4482 /* we are peer, send a request, and start a timer */ 4483 pap.scr(sp); 4484 callout_reset(&sp->pap_my_to, sp->lcp.timeout, 4485 sppp_pap_my_TO, sp); 4486 } 4487 } 4488 4489 static void 4490 sppp_pap_close(struct sppp *sp) 4491 { 4492 if (sp->state[IDX_PAP] != STATE_CLOSED) 4493 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4494 } 4495 4496 /* 4497 * That's the timeout routine if we are authenticator. Since the 4498 * authenticator is basically passive in PAP, we can't do much here. 4499 */ 4500 static void 4501 sppp_pap_TO(void *cookie) 4502 { 4503 struct sppp *sp = (struct sppp *)cookie; 4504 STDDCL; 4505 4506 crit_enter(); 4507 4508 if (debug) 4509 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4510 SPP_ARGS(ifp), 4511 sppp_state_name(sp->state[IDX_PAP]), 4512 sp->rst_counter[IDX_PAP]); 4513 4514 if (--sp->rst_counter[IDX_PAP] < 0) 4515 /* TO- event */ 4516 switch (sp->state[IDX_PAP]) { 4517 case STATE_REQ_SENT: 4518 pap.tld(sp); 4519 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4520 break; 4521 } 4522 else 4523 /* TO+ event, not very much we could do */ 4524 switch (sp->state[IDX_PAP]) { 4525 case STATE_REQ_SENT: 4526 /* sppp_cp_change_state() will restart the timer */ 4527 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4528 break; 4529 } 4530 4531 crit_exit(); 4532 } 4533 4534 /* 4535 * That's the timeout handler if we are peer. Since the peer is active, 4536 * we need to retransmit our PAP request since it is apparently lost. 4537 * XXX We should impose a max counter. 4538 */ 4539 static void 4540 sppp_pap_my_TO(void *cookie) 4541 { 4542 struct sppp *sp = (struct sppp *)cookie; 4543 STDDCL; 4544 4545 if (debug) 4546 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4547 SPP_ARGS(ifp)); 4548 4549 pap.scr(sp); 4550 } 4551 4552 static void 4553 sppp_pap_tlu(struct sppp *sp) 4554 { 4555 STDDCL; 4556 4557 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4558 4559 if (debug) 4560 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4561 SPP_ARGS(ifp), pap.name); 4562 4563 crit_enter(); 4564 4565 /* indicate to LCP that we need to be closed down */ 4566 sp->lcp.protos |= (1 << IDX_PAP); 4567 4568 if (sp->pp_flags & PP_NEEDAUTH) { 4569 /* 4570 * Remote is authenticator, but his auth proto didn't 4571 * complete yet. Defer the transition to network 4572 * phase. 4573 */ 4574 crit_exit(); 4575 return; 4576 } 4577 crit_exit(); 4578 sppp_phase_network(sp); 4579 } 4580 4581 static void 4582 sppp_pap_tld(struct sppp *sp) 4583 { 4584 STDDCL; 4585 4586 if (debug) 4587 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4588 callout_stop(&sp->timeout[IDX_PAP]); 4589 callout_stop(&sp->pap_my_to); 4590 sp->lcp.protos &= ~(1 << IDX_PAP); 4591 4592 lcp.Close(sp); 4593 } 4594 4595 static void 4596 sppp_pap_scr(struct sppp *sp) 4597 { 4598 u_char idlen, pwdlen; 4599 4600 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4601 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 4602 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 4603 4604 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4605 sizeof idlen, (const char *)&idlen, 4606 (size_t)idlen, sp->myauth.name, 4607 sizeof pwdlen, (const char *)&pwdlen, 4608 (size_t)pwdlen, sp->myauth.secret, 4609 0); 4610 } 4611 4612 /* 4613 * Random miscellaneous functions. 4614 */ 4615 4616 /* 4617 * Send a PAP or CHAP proto packet. 4618 * 4619 * Varadic function, each of the elements for the ellipsis is of type 4620 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4621 * mlen == 0. 4622 * NOTE: never declare variadic functions with types subject to type 4623 * promotion (i.e. u_char). This is asking for big trouble depending 4624 * on the architecture you are on... 4625 */ 4626 4627 static void 4628 sppp_auth_send(const struct cp *cp, struct sppp *sp, 4629 unsigned int type, unsigned int id, 4630 ...) 4631 { 4632 STDDCL; 4633 struct ppp_header *h; 4634 struct lcp_header *lh; 4635 struct mbuf *m; 4636 u_char *p; 4637 int len; 4638 unsigned int mlen; 4639 const char *msg; 4640 __va_list ap; 4641 4642 MGETHDR (m, MB_DONTWAIT, MT_DATA); 4643 if (! m) 4644 return; 4645 m->m_pkthdr.rcvif = 0; 4646 4647 h = mtod (m, struct ppp_header*); 4648 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4649 h->control = PPP_UI; /* Unnumbered Info */ 4650 h->protocol = htons(cp->proto); 4651 4652 lh = (struct lcp_header*)(h + 1); 4653 lh->type = type; 4654 lh->ident = id; 4655 p = (u_char*) (lh+1); 4656 4657 __va_start(ap, id); 4658 len = 0; 4659 4660 while ((mlen = (unsigned int)__va_arg(ap, size_t)) != 0) { 4661 msg = __va_arg(ap, const char *); 4662 len += mlen; 4663 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 4664 __va_end(ap); 4665 m_freem(m); 4666 return; 4667 } 4668 4669 bcopy(msg, p, mlen); 4670 p += mlen; 4671 } 4672 __va_end(ap); 4673 4674 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 4675 lh->len = htons (LCP_HEADER_LEN + len); 4676 4677 if (debug) { 4678 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4679 SPP_ARGS(ifp), cp->name, 4680 sppp_auth_type_name(cp->proto, lh->type), 4681 lh->ident, ntohs(lh->len)); 4682 sppp_print_bytes((u_char*) (lh+1), len); 4683 addlog(">\n"); 4684 } 4685 if (IF_QFULL (&sp->pp_cpq)) { 4686 IF_DROP (&sp->pp_fastq); 4687 IF_DROP (&ifp->if_snd); 4688 m_freem (m); 4689 ++ifp->if_oerrors; 4690 } else 4691 IF_ENQUEUE (&sp->pp_cpq, m); 4692 if (! (ifp->if_flags & IFF_OACTIVE)) 4693 (*ifp->if_start) (ifp); 4694 ifp->if_obytes += m->m_pkthdr.len + 3; 4695 } 4696 4697 /* 4698 * Send keepalive packets, every 10 seconds. 4699 */ 4700 static void 4701 sppp_keepalive(void *dummy) 4702 { 4703 struct sppp *sp; 4704 4705 crit_enter(); 4706 4707 for (sp=spppq; sp; sp=sp->pp_next) { 4708 struct ifnet *ifp = &sp->pp_if; 4709 4710 /* Keepalive mode disabled or channel down? */ 4711 if (! (sp->pp_flags & PP_KEEPALIVE) || 4712 ! (ifp->if_flags & IFF_RUNNING)) 4713 continue; 4714 4715 /* No keepalive in PPP mode if LCP not opened yet. */ 4716 if (sp->pp_mode != IFF_CISCO && 4717 sp->pp_phase < PHASE_AUTHENTICATE) 4718 continue; 4719 4720 if (sp->pp_alivecnt == MAXALIVECNT) { 4721 /* No keepalive packets got. Stop the interface. */ 4722 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 4723 if_down (ifp); 4724 IF_DRAIN(&sp->pp_cpq); 4725 if (sp->pp_mode != IFF_CISCO) { 4726 /* XXX */ 4727 /* Shut down the PPP link. */ 4728 lcp.Down(sp); 4729 /* Initiate negotiation. XXX */ 4730 lcp.Up(sp); 4731 } 4732 } 4733 lwkt_serialize_enter(ifp->if_serializer); 4734 if (sp->pp_alivecnt <= MAXALIVECNT) 4735 ++sp->pp_alivecnt; 4736 if (sp->pp_mode == IFF_CISCO) 4737 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4738 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4739 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4740 long nmagic = htonl (sp->lcp.magic); 4741 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4742 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4743 sp->lcp.echoid, 4, &nmagic); 4744 } 4745 lwkt_serialize_exit(ifp->if_serializer); 4746 } 4747 callout_reset(&keepalive_timeout, hz * 10, sppp_keepalive, NULL); 4748 crit_exit(); 4749 } 4750 4751 /* 4752 * Get both IP addresses. 4753 */ 4754 static void 4755 sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 4756 { 4757 struct ifnet *ifp = &sp->pp_if; 4758 struct ifaddr *ifa; 4759 struct sockaddr_in *si, *sm; 4760 u_long ssrc, ddst; 4761 4762 sm = NULL; 4763 ssrc = ddst = 0L; 4764 /* 4765 * Pick the first AF_INET address from the list, 4766 * aliases don't make any sense on a p2p link anyway. 4767 */ 4768 si = 0; 4769 #if defined(__DragonFly__) 4770 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4771 #elif defined(__NetBSD__) || defined (__OpenBSD__) 4772 for (ifa = ifp->if_addrlist.tqh_first; 4773 ifa; 4774 ifa = ifa->ifa_list.tqe_next) 4775 #else 4776 for (ifa = ifp->if_addrlist; 4777 ifa; 4778 ifa = ifa->ifa_next) 4779 #endif 4780 if (ifa->ifa_addr->sa_family == AF_INET) { 4781 si = (struct sockaddr_in *)ifa->ifa_addr; 4782 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4783 if (si) 4784 break; 4785 } 4786 if (ifa) { 4787 if (si && si->sin_addr.s_addr) { 4788 ssrc = si->sin_addr.s_addr; 4789 if (srcmask) 4790 *srcmask = ntohl(sm->sin_addr.s_addr); 4791 } 4792 4793 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4794 if (si && si->sin_addr.s_addr) 4795 ddst = si->sin_addr.s_addr; 4796 } 4797 4798 if (dst) *dst = ntohl(ddst); 4799 if (src) *src = ntohl(ssrc); 4800 } 4801 4802 /* 4803 * Set my IP address. Must be called at splimp. 4804 */ 4805 static void 4806 sppp_set_ip_addr(struct sppp *sp, u_long src) 4807 { 4808 STDDCL; 4809 struct ifaddr *ifa; 4810 struct sockaddr_in *si; 4811 struct in_ifaddr *ia; 4812 4813 /* 4814 * Pick the first AF_INET address from the list, 4815 * aliases don't make any sense on a p2p link anyway. 4816 */ 4817 si = 0; 4818 #if defined(__DragonFly__) 4819 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4820 #elif defined(__NetBSD__) || defined (__OpenBSD__) 4821 for (ifa = ifp->if_addrlist.tqh_first; 4822 ifa; 4823 ifa = ifa->ifa_list.tqe_next) 4824 #else 4825 for (ifa = ifp->if_addrlist; 4826 ifa; 4827 ifa = ifa->ifa_next) 4828 #endif 4829 { 4830 if (ifa->ifa_addr->sa_family == AF_INET) 4831 { 4832 si = (struct sockaddr_in *)ifa->ifa_addr; 4833 if (si) 4834 break; 4835 } 4836 } 4837 4838 if (ifa && si) 4839 { 4840 int error; 4841 #if __NetBSD_Version__ >= 103080000 4842 struct sockaddr_in new_sin = *si; 4843 4844 new_sin.sin_addr.s_addr = htonl(src); 4845 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 4846 if(debug && error) 4847 { 4848 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 4849 " failed, error=%d\n", SPP_ARGS(ifp), error); 4850 } 4851 #else 4852 /* delete old route */ 4853 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4854 if(debug && error) 4855 { 4856 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4857 SPP_ARGS(ifp), error); 4858 } 4859 4860 /* set new address */ 4861 si->sin_addr.s_addr = htonl(src); 4862 ia = ifatoia(ifa); 4863 LIST_REMOVE(ia, ia_hash); 4864 LIST_INSERT_HEAD(INADDR_HASH(si->sin_addr.s_addr), ia, ia_hash); 4865 4866 /* add new route */ 4867 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4868 if (debug && error) 4869 { 4870 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4871 SPP_ARGS(ifp), error); 4872 } 4873 #endif 4874 } 4875 } 4876 4877 #ifdef INET6 4878 /* 4879 * Get both IPv6 addresses. 4880 */ 4881 static void 4882 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4883 struct in6_addr *srcmask) 4884 { 4885 struct ifnet *ifp = &sp->pp_if; 4886 struct ifaddr *ifa; 4887 struct sockaddr_in6 *si, *sm; 4888 struct in6_addr ssrc, ddst; 4889 4890 sm = NULL; 4891 bzero(&ssrc, sizeof(ssrc)); 4892 bzero(&ddst, sizeof(ddst)); 4893 /* 4894 * Pick the first link-local AF_INET6 address from the list, 4895 * aliases don't make any sense on a p2p link anyway. 4896 */ 4897 #if defined(__DragonFly__) 4898 si = 0; 4899 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4900 #elif defined(__NetBSD__) || defined (__OpenBSD__) 4901 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 4902 ifa; 4903 ifa = ifa->ifa_list.tqe_next) 4904 #else 4905 for (ifa = ifp->if_addrlist, si = 0; 4906 ifa; 4907 ifa = ifa->ifa_next) 4908 #endif 4909 if (ifa->ifa_addr->sa_family == AF_INET6) { 4910 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4911 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4912 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4913 break; 4914 } 4915 if (ifa) { 4916 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 4917 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 4918 if (srcmask) { 4919 bcopy(&sm->sin6_addr, srcmask, 4920 sizeof(*srcmask)); 4921 } 4922 } 4923 4924 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 4925 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 4926 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 4927 } 4928 4929 if (dst) 4930 bcopy(&ddst, dst, sizeof(*dst)); 4931 if (src) 4932 bcopy(&ssrc, src, sizeof(*src)); 4933 } 4934 4935 #ifdef IPV6CP_MYIFID_DYN 4936 /* 4937 * Generate random ifid. 4938 */ 4939 static void 4940 sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 4941 { 4942 /* TBD */ 4943 } 4944 4945 /* 4946 * Set my IPv6 address. Must be called at splimp. 4947 */ 4948 static void 4949 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 4950 { 4951 STDDCL; 4952 struct ifaddr *ifa; 4953 struct sockaddr_in6 *sin6; 4954 4955 /* 4956 * Pick the first link-local AF_INET6 address from the list, 4957 * aliases don't make any sense on a p2p link anyway. 4958 */ 4959 4960 sin6 = NULL; 4961 #if defined(__DragonFly__) 4962 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4963 #elif defined(__NetBSD__) || defined (__OpenBSD__) 4964 for (ifa = ifp->if_addrlist.tqh_first; 4965 ifa; 4966 ifa = ifa->ifa_list.tqe_next) 4967 #else 4968 for (ifa = ifp->if_addrlist; ifa; ifa = ifa->ifa_next) 4969 #endif 4970 { 4971 if (ifa->ifa_addr->sa_family == AF_INET6) 4972 { 4973 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 4974 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 4975 break; 4976 } 4977 } 4978 4979 if (ifa && sin6) 4980 { 4981 int error; 4982 struct sockaddr_in6 new_sin6 = *sin6; 4983 4984 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 4985 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 4986 if (debug && error) 4987 { 4988 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 4989 " failed, error=%d\n", SPP_ARGS(ifp), error); 4990 } 4991 } 4992 } 4993 #endif 4994 4995 /* 4996 * Suggest a candidate address to be used by peer. 4997 */ 4998 static void 4999 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 5000 { 5001 struct in6_addr myaddr; 5002 struct timeval tv; 5003 5004 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 5005 5006 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 5007 microtime(&tv); 5008 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 5009 myaddr.s6_addr[14] ^= 0xff; 5010 myaddr.s6_addr[15] ^= 0xff; 5011 } else { 5012 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 5013 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 5014 } 5015 if (suggest) 5016 bcopy(&myaddr, suggest, sizeof(myaddr)); 5017 } 5018 #endif /*INET6*/ 5019 5020 static int 5021 sppp_params(struct sppp *sp, u_long cmd, void *data) 5022 { 5023 u_long subcmd; 5024 struct ifreq *ifr = (struct ifreq *)data; 5025 struct spppreq *spr; 5026 int rv = 0; 5027 5028 spr = malloc(sizeof(struct spppreq), M_TEMP, M_INTWAIT); 5029 5030 /* 5031 * ifr->ifr_data is supposed to point to a struct spppreq. 5032 * Check the cmd word first before attempting to fetch all the 5033 * data. 5034 */ 5035 if ((subcmd = fuword(ifr->ifr_data)) == -1) { 5036 rv = EFAULT; 5037 goto quit; 5038 } 5039 5040 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(struct spppreq)) != 0) { 5041 rv = EFAULT; 5042 goto quit; 5043 } 5044 5045 switch (subcmd) { 5046 case (int)SPPPIOGDEFS: 5047 if (cmd != SIOCGIFGENERIC) { 5048 rv = EINVAL; 5049 break; 5050 } 5051 /* 5052 * We copy over the entire current state, but clean 5053 * out some of the stuff we don't wanna pass up. 5054 * Remember, SIOCGIFGENERIC is unprotected, and can be 5055 * called by any user. No need to ever get PAP or 5056 * CHAP secrets back to userland anyway. 5057 */ 5058 spr->defs.pp_phase = sp->pp_phase; 5059 spr->defs.enable_vj = (sp->confflags & CONF_ENABLE_VJ) != 0; 5060 spr->defs.enable_ipv6 = (sp->confflags & CONF_ENABLE_IPV6) != 0; 5061 spr->defs.lcp = sp->lcp; 5062 spr->defs.ipcp = sp->ipcp; 5063 spr->defs.ipv6cp = sp->ipv6cp; 5064 spr->defs.myauth = sp->myauth; 5065 spr->defs.hisauth = sp->hisauth; 5066 bzero(spr->defs.myauth.secret, AUTHKEYLEN); 5067 bzero(spr->defs.myauth.challenge, AUTHKEYLEN); 5068 bzero(spr->defs.hisauth.secret, AUTHKEYLEN); 5069 bzero(spr->defs.hisauth.challenge, AUTHKEYLEN); 5070 /* 5071 * Fixup the LCP timeout value to milliseconds so 5072 * spppcontrol doesn't need to bother about the value 5073 * of "hz". We do the reverse calculation below when 5074 * setting it. 5075 */ 5076 spr->defs.lcp.timeout = sp->lcp.timeout * 1000 / hz; 5077 rv = copyout(spr, (caddr_t)ifr->ifr_data, 5078 sizeof(struct spppreq)); 5079 break; 5080 5081 case (int)SPPPIOSDEFS: 5082 if (cmd != SIOCSIFGENERIC) { 5083 rv = EINVAL; 5084 break; 5085 } 5086 /* 5087 * We have a very specific idea of which fields we 5088 * allow being passed back from userland, so to not 5089 * clobber our current state. For one, we only allow 5090 * setting anything if LCP is in dead or establish 5091 * phase. Once the authentication negotiations 5092 * started, the authentication settings must not be 5093 * changed again. (The administrator can force an 5094 * ifconfig down in order to get LCP back into dead 5095 * phase.) 5096 * 5097 * Also, we only allow for authentication parameters to be 5098 * specified. 5099 * 5100 * XXX Should allow to set or clear pp_flags. 5101 * 5102 * Finally, if the respective authentication protocol to 5103 * be used is set differently than 0, but the secret is 5104 * passed as all zeros, we don't trash the existing secret. 5105 * This allows an administrator to change the system name 5106 * only without clobbering the secret (which he didn't get 5107 * back in a previous SPPPIOGDEFS call). However, the 5108 * secrets are cleared if the authentication protocol is 5109 * reset to 0. */ 5110 if (sp->pp_phase != PHASE_DEAD && 5111 sp->pp_phase != PHASE_ESTABLISH) { 5112 rv = EBUSY; 5113 break; 5114 } 5115 5116 if ((spr->defs.myauth.proto != 0 && spr->defs.myauth.proto != PPP_PAP && 5117 spr->defs.myauth.proto != PPP_CHAP) || 5118 (spr->defs.hisauth.proto != 0 && spr->defs.hisauth.proto != PPP_PAP && 5119 spr->defs.hisauth.proto != PPP_CHAP)) { 5120 rv = EINVAL; 5121 break; 5122 } 5123 5124 if (spr->defs.myauth.proto == 0) 5125 /* resetting myauth */ 5126 bzero(&sp->myauth, sizeof sp->myauth); 5127 else { 5128 /* setting/changing myauth */ 5129 sp->myauth.proto = spr->defs.myauth.proto; 5130 bcopy(spr->defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 5131 if (spr->defs.myauth.secret[0] != '\0') 5132 bcopy(spr->defs.myauth.secret, sp->myauth.secret, 5133 AUTHKEYLEN); 5134 } 5135 if (spr->defs.hisauth.proto == 0) 5136 /* resetting hisauth */ 5137 bzero(&sp->hisauth, sizeof sp->hisauth); 5138 else { 5139 /* setting/changing hisauth */ 5140 sp->hisauth.proto = spr->defs.hisauth.proto; 5141 sp->hisauth.flags = spr->defs.hisauth.flags; 5142 bcopy(spr->defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 5143 if (spr->defs.hisauth.secret[0] != '\0') 5144 bcopy(spr->defs.hisauth.secret, sp->hisauth.secret, 5145 AUTHKEYLEN); 5146 } 5147 /* set LCP restart timer timeout */ 5148 if (spr->defs.lcp.timeout != 0) 5149 sp->lcp.timeout = spr->defs.lcp.timeout * hz / 1000; 5150 /* set VJ enable and IPv6 disable flags */ 5151 #ifdef INET 5152 if (spr->defs.enable_vj) 5153 sp->confflags |= CONF_ENABLE_VJ; 5154 else 5155 sp->confflags &= ~CONF_ENABLE_VJ; 5156 #endif 5157 #ifdef INET6 5158 if (spr->defs.enable_ipv6) 5159 sp->confflags |= CONF_ENABLE_IPV6; 5160 else 5161 sp->confflags &= ~CONF_ENABLE_IPV6; 5162 #endif 5163 break; 5164 5165 default: 5166 rv = EINVAL; 5167 } 5168 5169 quit: 5170 free(spr, M_TEMP); 5171 5172 return (rv); 5173 } 5174 5175 static void 5176 sppp_phase_network(struct sppp *sp) 5177 { 5178 STDDCL; 5179 int i; 5180 u_long mask; 5181 5182 sp->pp_phase = PHASE_NETWORK; 5183 5184 if (debug) 5185 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 5186 sppp_phase_name(sp->pp_phase)); 5187 5188 /* Notify NCPs now. */ 5189 for (i = 0; i < IDX_COUNT; i++) 5190 if ((cps[i])->flags & CP_NCP) 5191 (cps[i])->Open(sp); 5192 5193 /* Send Up events to all NCPs. */ 5194 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5195 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5196 (cps[i])->Up(sp); 5197 5198 /* if no NCP is starting, all this was in vain, close down */ 5199 sppp_lcp_check_and_close(sp); 5200 } 5201 5202 5203 static const char * 5204 sppp_cp_type_name(u_char type) 5205 { 5206 static char buf[12]; 5207 switch (type) { 5208 case CONF_REQ: return "conf-req"; 5209 case CONF_ACK: return "conf-ack"; 5210 case CONF_NAK: return "conf-nak"; 5211 case CONF_REJ: return "conf-rej"; 5212 case TERM_REQ: return "term-req"; 5213 case TERM_ACK: return "term-ack"; 5214 case CODE_REJ: return "code-rej"; 5215 case PROTO_REJ: return "proto-rej"; 5216 case ECHO_REQ: return "echo-req"; 5217 case ECHO_REPLY: return "echo-reply"; 5218 case DISC_REQ: return "discard-req"; 5219 } 5220 snprintf (buf, sizeof(buf), "cp/0x%x", type); 5221 return buf; 5222 } 5223 5224 static const char * 5225 sppp_auth_type_name(u_short proto, u_char type) 5226 { 5227 static char buf[12]; 5228 switch (proto) { 5229 case PPP_CHAP: 5230 switch (type) { 5231 case CHAP_CHALLENGE: return "challenge"; 5232 case CHAP_RESPONSE: return "response"; 5233 case CHAP_SUCCESS: return "success"; 5234 case CHAP_FAILURE: return "failure"; 5235 } 5236 case PPP_PAP: 5237 switch (type) { 5238 case PAP_REQ: return "req"; 5239 case PAP_ACK: return "ack"; 5240 case PAP_NAK: return "nak"; 5241 } 5242 } 5243 snprintf (buf, sizeof(buf), "auth/0x%x", type); 5244 return buf; 5245 } 5246 5247 static const char * 5248 sppp_lcp_opt_name(u_char opt) 5249 { 5250 static char buf[12]; 5251 switch (opt) { 5252 case LCP_OPT_MRU: return "mru"; 5253 case LCP_OPT_ASYNC_MAP: return "async-map"; 5254 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5255 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5256 case LCP_OPT_MAGIC: return "magic"; 5257 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5258 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5259 } 5260 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 5261 return buf; 5262 } 5263 5264 static const char * 5265 sppp_ipcp_opt_name(u_char opt) 5266 { 5267 static char buf[12]; 5268 switch (opt) { 5269 case IPCP_OPT_ADDRESSES: return "addresses"; 5270 case IPCP_OPT_COMPRESSION: return "compression"; 5271 case IPCP_OPT_ADDRESS: return "address"; 5272 } 5273 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 5274 return buf; 5275 } 5276 5277 #ifdef INET6 5278 static const char * 5279 sppp_ipv6cp_opt_name(u_char opt) 5280 { 5281 static char buf[12]; 5282 switch (opt) { 5283 case IPV6CP_OPT_IFID: return "ifid"; 5284 case IPV6CP_OPT_COMPRESSION: return "compression"; 5285 } 5286 sprintf (buf, "0x%x", opt); 5287 return buf; 5288 } 5289 #endif 5290 5291 static const char * 5292 sppp_state_name(int state) 5293 { 5294 switch (state) { 5295 case STATE_INITIAL: return "initial"; 5296 case STATE_STARTING: return "starting"; 5297 case STATE_CLOSED: return "closed"; 5298 case STATE_STOPPED: return "stopped"; 5299 case STATE_CLOSING: return "closing"; 5300 case STATE_STOPPING: return "stopping"; 5301 case STATE_REQ_SENT: return "req-sent"; 5302 case STATE_ACK_RCVD: return "ack-rcvd"; 5303 case STATE_ACK_SENT: return "ack-sent"; 5304 case STATE_OPENED: return "opened"; 5305 } 5306 return "illegal"; 5307 } 5308 5309 static const char * 5310 sppp_phase_name(enum ppp_phase phase) 5311 { 5312 switch (phase) { 5313 case PHASE_DEAD: return "dead"; 5314 case PHASE_ESTABLISH: return "establish"; 5315 case PHASE_TERMINATE: return "terminate"; 5316 case PHASE_AUTHENTICATE: return "authenticate"; 5317 case PHASE_NETWORK: return "network"; 5318 } 5319 return "illegal"; 5320 } 5321 5322 static const char * 5323 sppp_proto_name(u_short proto) 5324 { 5325 static char buf[12]; 5326 switch (proto) { 5327 case PPP_LCP: return "lcp"; 5328 case PPP_IPCP: return "ipcp"; 5329 case PPP_PAP: return "pap"; 5330 case PPP_CHAP: return "chap"; 5331 case PPP_IPV6CP: return "ipv6cp"; 5332 } 5333 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 5334 return buf; 5335 } 5336 5337 static void 5338 sppp_print_bytes(const u_char *p, u_short len) 5339 { 5340 if (len) 5341 addlog(" %*D", len, p, "-"); 5342 } 5343 5344 static void 5345 sppp_print_string(const char *p, u_short len) 5346 { 5347 u_char c; 5348 5349 while (len-- > 0) { 5350 c = *p++; 5351 /* 5352 * Print only ASCII chars directly. RFC 1994 recommends 5353 * using only them, but we don't rely on it. */ 5354 if (c < ' ' || c > '~') 5355 addlog("\\x%x", c); 5356 else 5357 addlog("%c", c); 5358 } 5359 } 5360 5361 static const char * 5362 sppp_dotted_quad(u_long addr) 5363 { 5364 static char s[16]; 5365 sprintf(s, "%d.%d.%d.%d", 5366 (int)((addr >> 24) & 0xff), 5367 (int)((addr >> 16) & 0xff), 5368 (int)((addr >> 8) & 0xff), 5369 (int)(addr & 0xff)); 5370 return s; 5371 } 5372 5373 static int 5374 sppp_strnlen(u_char *p, int max) 5375 { 5376 int len; 5377 5378 for (len = 0; len < max && *p; ++p) 5379 ++len; 5380 return len; 5381 } 5382 5383 /* a dummy, used to drop uninteresting events */ 5384 static void 5385 sppp_null(struct sppp *unused) 5386 { 5387 /* do just nothing */ 5388 } 5389