1 /* $NetBSD: if_spppsubr.c,v 1.60 2002/09/27 06:20:30 itojun Exp $ */ 2 3 /* 4 * Synchronous PPP/Cisco link level subroutines. 5 * Keepalive protocol implemented in both Cisco and PPP modes. 6 * 7 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 8 * Author: Serge Vakulenko, <vak@cronyx.ru> 9 * 10 * Heavily revamped to conform to RFC 1661. 11 * Copyright (C) 1997, Joerg Wunsch. 12 * 13 * RFC2472 IPv6CP support. 14 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun@iijlab.net>. 15 * 16 * Redistribution and use in source and binary forms, with or without 17 * modification, are permitted provided that the following conditions are met: 18 * 1. Redistributions of source code must retain the above copyright notice, 19 * this list of conditions and the following disclaimer. 20 * 2. Redistributions in binary form must reproduce the above copyright notice, 21 * this list of conditions and the following disclaimer in the documentation 22 * and/or other materials provided with the distribution. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY 25 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE 28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 32 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 34 * POSSIBILITY OF SUCH DAMAGE. 35 * 36 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 37 * 38 * From: if_spppsubr.c,v 1.39 1998/04/04 13:26:03 phk Exp 39 * 40 * From: Id: if_spppsubr.c,v 1.23 1999/02/23 14:47:50 hm Exp 41 */ 42 43 #include <sys/cdefs.h> 44 __KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.60 2002/09/27 06:20:30 itojun Exp $"); 45 46 #include "opt_inet.h" 47 #include "opt_ipx.h" 48 #include "opt_iso.h" 49 #include "opt_ns.h" 50 51 #include <sys/param.h> 52 #include <sys/proc.h> 53 #include <sys/systm.h> 54 #include <sys/kernel.h> 55 #include <sys/sockio.h> 56 #include <sys/socket.h> 57 #include <sys/syslog.h> 58 #include <sys/malloc.h> 59 #include <sys/mbuf.h> 60 #include <sys/callout.h> 61 #include <sys/md5.h> 62 63 #include <net/if.h> 64 #include <net/netisr.h> 65 #include <net/if_types.h> 66 #include <net/route.h> 67 #include <net/ppp_defs.h> 68 69 #include <machine/stdarg.h> 70 71 #include <netinet/in.h> 72 #include <netinet/in_systm.h> 73 #include <netinet/in_var.h> 74 #ifdef INET 75 #include <netinet/ip.h> 76 #include <netinet/tcp.h> 77 #endif 78 #include <net/ethertypes.h> 79 80 #ifdef IPX 81 #include <netipx/ipx.h> 82 #include <netipx/ipx_if.h> 83 #endif 84 85 #ifdef NS 86 #include <netns/ns.h> 87 #include <netns/ns_if.h> 88 #endif 89 90 #ifdef ISO 91 #include <netiso/argo_debug.h> 92 #include <netiso/iso.h> 93 #include <netiso/iso_var.h> 94 #include <netiso/iso_snpac.h> 95 #endif 96 97 #include <net/if_sppp.h> 98 #include <net/if_spppvar.h> 99 100 #define LCP_KEEPALIVE_INTERVAL 10 /* seconds */ 101 #define MAXALIVECNT 3 /* max. missed alive packets */ 102 #define DEFAULT_MAX_AUTH_FAILURES 5 /* max. auth. failures */ 103 104 /* 105 * Interface flags that can be set in an ifconfig command. 106 * 107 * Setting link0 will make the link passive, i.e. it will be marked 108 * as being administrative openable, but won't be opened to begin 109 * with. Incoming calls will be answered, or subsequent calls with 110 * -link1 will cause the administrative open of the LCP layer. 111 * 112 * Setting link1 will cause the link to auto-dial only as packets 113 * arrive to be sent. 114 * 115 * Setting IFF_DEBUG will syslog the option negotiation and state 116 * transitions at level kern.debug. Note: all logs consistently look 117 * like 118 * 119 * <if-name><unit>: <proto-name> <additional info...> 120 * 121 * with <if-name><unit> being something like "bppp0", and <proto-name> 122 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 123 */ 124 125 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 126 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 127 128 #define CONF_REQ 1 /* PPP configure request */ 129 #define CONF_ACK 2 /* PPP configure acknowledge */ 130 #define CONF_NAK 3 /* PPP configure negative ack */ 131 #define CONF_REJ 4 /* PPP configure reject */ 132 #define TERM_REQ 5 /* PPP terminate request */ 133 #define TERM_ACK 6 /* PPP terminate acknowledge */ 134 #define CODE_REJ 7 /* PPP code reject */ 135 #define PROTO_REJ 8 /* PPP protocol reject */ 136 #define ECHO_REQ 9 /* PPP echo request */ 137 #define ECHO_REPLY 10 /* PPP echo reply */ 138 #define DISC_REQ 11 /* PPP discard request */ 139 140 #define LCP_OPT_MRU 1 /* maximum receive unit */ 141 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 142 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 143 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 144 #define LCP_OPT_MAGIC 5 /* magic number */ 145 #define LCP_OPT_RESERVED 6 /* reserved */ 146 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 147 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 148 149 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 150 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol */ 151 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 152 #define IPCP_OPT_PRIMDNS 129 /* primary remote dns address */ 153 #define IPCP_OPT_SECDNS 131 /* secondary remote dns address */ 154 155 #define IPV6CP_OPT_IFID 1 /* interface identifier */ 156 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 157 158 #define PAP_REQ 1 /* PAP name/password request */ 159 #define PAP_ACK 2 /* PAP acknowledge */ 160 #define PAP_NAK 3 /* PAP fail */ 161 162 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 163 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 164 #define CHAP_SUCCESS 3 /* CHAP response ok */ 165 #define CHAP_FAILURE 4 /* CHAP response failed */ 166 167 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 168 169 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 170 #define CISCO_UNICAST 0x0f /* Cisco unicast address */ 171 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 172 #define CISCO_ADDR_REQ 0 /* Cisco address request */ 173 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 174 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 175 176 /* states are named and numbered according to RFC 1661 */ 177 #define STATE_INITIAL 0 178 #define STATE_STARTING 1 179 #define STATE_CLOSED 2 180 #define STATE_STOPPED 3 181 #define STATE_CLOSING 4 182 #define STATE_STOPPING 5 183 #define STATE_REQ_SENT 6 184 #define STATE_ACK_RCVD 7 185 #define STATE_ACK_SENT 8 186 #define STATE_OPENED 9 187 188 struct ppp_header { 189 u_char address; 190 u_char control; 191 u_short protocol; 192 } __attribute__((__packed__)); 193 #define PPP_HEADER_LEN sizeof (struct ppp_header) 194 195 struct lcp_header { 196 u_char type; 197 u_char ident; 198 u_short len; 199 } __attribute__((__packed__)); 200 #define LCP_HEADER_LEN sizeof (struct lcp_header) 201 202 struct cisco_packet { 203 u_int32_t type; 204 u_int32_t par1; 205 u_int32_t par2; 206 u_short rel; 207 u_short time0; 208 u_short time1; 209 } __attribute__((__packed__)); 210 #define CISCO_PACKET_LEN 18 211 212 /* 213 * We follow the spelling and capitalization of RFC 1661 here, to make 214 * it easier comparing with the standard. Please refer to this RFC in 215 * case you can't make sense out of these abbreviation; it will also 216 * explain the semantics related to the various events and actions. 217 */ 218 struct cp { 219 u_short proto; /* PPP control protocol number */ 220 u_char protoidx; /* index into state table in struct sppp */ 221 u_char flags; 222 #define CP_LCP 0x01 /* this is the LCP */ 223 #define CP_AUTH 0x02 /* this is an authentication protocol */ 224 #define CP_NCP 0x04 /* this is a NCP */ 225 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 226 const char *name; /* name of this control protocol */ 227 /* event handlers */ 228 void (*Up)(struct sppp *sp); 229 void (*Down)(struct sppp *sp); 230 void (*Open)(struct sppp *sp); 231 void (*Close)(struct sppp *sp); 232 void (*TO)(void *sp); 233 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 234 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 235 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 236 /* actions */ 237 void (*tlu)(struct sppp *sp); 238 void (*tld)(struct sppp *sp); 239 void (*tls)(struct sppp *sp); 240 void (*tlf)(struct sppp *sp); 241 void (*scr)(struct sppp *sp); 242 }; 243 244 static struct sppp *spppq; 245 static struct callout keepalive_ch; 246 247 #ifdef __FreeBSD__ 248 #define SPP_FMT "%s%d: " 249 #define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 250 #else 251 #define SPP_FMT "%s: " 252 #define SPP_ARGS(ifp) (ifp)->if_xname 253 #endif 254 255 #ifdef INET 256 /* 257 * The following disgusting hack gets around the problem that IP TOS 258 * can't be set yet. We want to put "interactive" traffic on a high 259 * priority queue. To decide if traffic is interactive, we check that 260 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 261 * 262 * XXX is this really still necessary? - joerg - 263 */ 264 static u_short interactive_ports[8] = { 265 0, 513, 0, 0, 266 0, 21, 0, 23, 267 }; 268 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 269 #endif 270 271 /* almost every function needs these */ 272 #define STDDCL \ 273 struct ifnet *ifp = &sp->pp_if; \ 274 int debug = ifp->if_flags & IFF_DEBUG 275 276 static int sppp_output(struct ifnet *ifp, struct mbuf *m, 277 struct sockaddr *dst, struct rtentry *rt); 278 279 static void sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2); 280 static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 281 282 static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 283 struct mbuf *m); 284 static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 285 u_char ident, u_short len, void *data); 286 /* static void sppp_cp_timeout(void *arg); */ 287 static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 288 int newstate); 289 static void sppp_auth_send(const struct cp *cp, 290 struct sppp *sp, unsigned int type, unsigned int id, 291 ...); 292 293 static void sppp_up_event(const struct cp *cp, struct sppp *sp); 294 static void sppp_down_event(const struct cp *cp, struct sppp *sp); 295 static void sppp_open_event(const struct cp *cp, struct sppp *sp); 296 static void sppp_close_event(const struct cp *cp, struct sppp *sp); 297 static void sppp_to_event(const struct cp *cp, struct sppp *sp); 298 299 static void sppp_null(struct sppp *sp); 300 301 static void sppp_lcp_init(struct sppp *sp); 302 static void sppp_lcp_up(struct sppp *sp); 303 static void sppp_lcp_down(struct sppp *sp); 304 static void sppp_lcp_open(struct sppp *sp); 305 static void sppp_lcp_close(struct sppp *sp); 306 static void sppp_lcp_TO(void *sp); 307 static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 308 static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 309 static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 310 static void sppp_lcp_tlu(struct sppp *sp); 311 static void sppp_lcp_tld(struct sppp *sp); 312 static void sppp_lcp_tls(struct sppp *sp); 313 static void sppp_lcp_tlf(struct sppp *sp); 314 static void sppp_lcp_scr(struct sppp *sp); 315 static void sppp_lcp_check_and_close(struct sppp *sp); 316 static int sppp_ncp_check(struct sppp *sp); 317 318 static void sppp_ipcp_init(struct sppp *sp); 319 static void sppp_ipcp_up(struct sppp *sp); 320 static void sppp_ipcp_down(struct sppp *sp); 321 static void sppp_ipcp_open(struct sppp *sp); 322 static void sppp_ipcp_close(struct sppp *sp); 323 static void sppp_ipcp_TO(void *sp); 324 static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 325 static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 326 static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 327 static void sppp_ipcp_tlu(struct sppp *sp); 328 static void sppp_ipcp_tld(struct sppp *sp); 329 static void sppp_ipcp_tls(struct sppp *sp); 330 static void sppp_ipcp_tlf(struct sppp *sp); 331 static void sppp_ipcp_scr(struct sppp *sp); 332 333 static void sppp_ipv6cp_init(struct sppp *sp); 334 static void sppp_ipv6cp_up(struct sppp *sp); 335 static void sppp_ipv6cp_down(struct sppp *sp); 336 static void sppp_ipv6cp_open(struct sppp *sp); 337 static void sppp_ipv6cp_close(struct sppp *sp); 338 static void sppp_ipv6cp_TO(void *sp); 339 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 340 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 341 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 342 static void sppp_ipv6cp_tlu(struct sppp *sp); 343 static void sppp_ipv6cp_tld(struct sppp *sp); 344 static void sppp_ipv6cp_tls(struct sppp *sp); 345 static void sppp_ipv6cp_tlf(struct sppp *sp); 346 static void sppp_ipv6cp_scr(struct sppp *sp); 347 348 static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 349 static void sppp_pap_init(struct sppp *sp); 350 static void sppp_pap_open(struct sppp *sp); 351 static void sppp_pap_close(struct sppp *sp); 352 static void sppp_pap_TO(void *sp); 353 static void sppp_pap_my_TO(void *sp); 354 static void sppp_pap_tlu(struct sppp *sp); 355 static void sppp_pap_tld(struct sppp *sp); 356 static void sppp_pap_scr(struct sppp *sp); 357 358 static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 359 static void sppp_chap_init(struct sppp *sp); 360 static void sppp_chap_open(struct sppp *sp); 361 static void sppp_chap_close(struct sppp *sp); 362 static void sppp_chap_TO(void *sp); 363 static void sppp_chap_tlu(struct sppp *sp); 364 static void sppp_chap_tld(struct sppp *sp); 365 static void sppp_chap_scr(struct sppp *sp); 366 367 static const char *sppp_auth_type_name(u_short proto, u_char type); 368 static const char *sppp_cp_type_name(u_char type); 369 static const char *sppp_dotted_quad(u_int32_t addr); 370 static const char *sppp_ipcp_opt_name(u_char opt); 371 #ifdef INET6 372 static const char *sppp_ipv6cp_opt_name(u_char opt); 373 #endif 374 static const char *sppp_lcp_opt_name(u_char opt); 375 static const char *sppp_phase_name(int phase); 376 static const char *sppp_proto_name(u_short proto); 377 static const char *sppp_state_name(int state); 378 static int sppp_params(struct sppp *sp, int cmd, void *data); 379 static void sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, 380 u_int32_t *srcmask); 381 static void sppp_keepalive(void *dummy); 382 static void sppp_phase_network(struct sppp *sp); 383 static void sppp_print_bytes(const u_char *p, u_short len); 384 static void sppp_print_string(const char *p, u_short len); 385 static void sppp_set_ip_addrs(struct sppp *sp, u_int32_t myaddr, u_int32_t hisaddr); 386 static void sppp_clear_ip_addrs(struct sppp *sp); 387 #ifdef INET6 388 static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 389 struct in6_addr *dst, struct in6_addr *srcmask); 390 #ifdef IPV6CP_MYIFID_DYN 391 static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 392 static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 393 #endif 394 static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 395 #endif 396 397 /* our control protocol descriptors */ 398 static const struct cp lcp = { 399 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 400 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 401 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 402 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 403 sppp_lcp_scr 404 }; 405 406 static const struct cp ipcp = { 407 PPP_IPCP, IDX_IPCP, 408 #ifdef INET 409 CP_NCP, /*don't run IPCP if there's no IPv4 support*/ 410 #else 411 0, 412 #endif 413 "ipcp", 414 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 415 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 416 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 417 sppp_ipcp_scr 418 }; 419 420 static const struct cp ipv6cp = { 421 PPP_IPV6CP, IDX_IPV6CP, 422 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 423 CP_NCP, 424 #else 425 0, 426 #endif 427 "ipv6cp", 428 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 429 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 430 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 431 sppp_ipv6cp_scr 432 }; 433 434 static const struct cp pap = { 435 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 436 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 437 sppp_pap_TO, 0, 0, 0, 438 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 439 sppp_pap_scr 440 }; 441 442 static const struct cp chap = { 443 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 444 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 445 sppp_chap_TO, 0, 0, 0, 446 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 447 sppp_chap_scr 448 }; 449 450 static const struct cp *cps[IDX_COUNT] = { 451 &lcp, /* IDX_LCP */ 452 &ipcp, /* IDX_IPCP */ 453 &ipv6cp, /* IDX_IPV6CP */ 454 &pap, /* IDX_PAP */ 455 &chap, /* IDX_CHAP */ 456 }; 457 458 459 /* 460 * Exported functions, comprising our interface to the lower layer. 461 */ 462 463 /* 464 * Process the received packet. 465 */ 466 void 467 sppp_input(struct ifnet *ifp, struct mbuf *m) 468 { 469 struct ppp_header *h = NULL; 470 struct ifqueue *inq = 0; 471 u_int16_t protocol; 472 int s; 473 struct sppp *sp = (struct sppp *)ifp; 474 int debug = ifp->if_flags & IFF_DEBUG; 475 476 if (ifp->if_flags & IFF_UP) 477 /* Count received bytes, add hardware framing */ 478 ifp->if_ibytes += m->m_pkthdr.len + sp->pp_framebytes; 479 480 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 481 /* Too small packet, drop it. */ 482 if (debug) 483 log(LOG_DEBUG, 484 SPP_FMT "input packet is too small, %d bytes\n", 485 SPP_ARGS(ifp), m->m_pkthdr.len); 486 drop: 487 ++ifp->if_ierrors; 488 ++ifp->if_iqdrops; 489 m_freem(m); 490 return; 491 } 492 493 if (sp->pp_flags & PP_NOFRAMING) { 494 memcpy(&protocol, mtod(m, void *), 2); 495 protocol = ntohs(protocol); 496 m_adj(m, 2); 497 } else { 498 499 /* Get PPP header. */ 500 h = mtod(m, struct ppp_header *); 501 m_adj(m, PPP_HEADER_LEN); 502 503 switch (h->address) { 504 case PPP_ALLSTATIONS: 505 if (h->control != PPP_UI) 506 goto invalid; 507 if (sp->pp_flags & PP_CISCO) { 508 if (debug) 509 log(LOG_DEBUG, 510 SPP_FMT "PPP packet in Cisco mode " 511 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 512 SPP_ARGS(ifp), 513 h->address, h->control, ntohs(h->protocol)); 514 goto drop; 515 } 516 break; 517 case CISCO_MULTICAST: 518 case CISCO_UNICAST: 519 /* Don't check the control field here (RFC 1547). */ 520 if (! (sp->pp_flags & PP_CISCO)) { 521 if (debug) 522 log(LOG_DEBUG, 523 SPP_FMT "Cisco packet in PPP mode " 524 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 525 SPP_ARGS(ifp), 526 h->address, h->control, ntohs(h->protocol)); 527 goto drop; 528 } 529 switch (ntohs(h->protocol)) { 530 default: 531 ++ifp->if_noproto; 532 goto invalid; 533 case CISCO_KEEPALIVE: 534 sppp_cisco_input((struct sppp *) ifp, m); 535 m_freem(m); 536 return; 537 #ifdef INET 538 case ETHERTYPE_IP: 539 schednetisr(NETISR_IP); 540 inq = &ipintrq; 541 break; 542 #endif 543 #ifdef INET6 544 case ETHERTYPE_IPV6: 545 schednetisr(NETISR_IPV6); 546 inq = &ip6intrq; 547 break; 548 #endif 549 #ifdef IPX 550 case ETHERTYPE_IPX: 551 schednetisr(NETISR_IPX); 552 inq = &ipxintrq; 553 break; 554 #endif 555 #ifdef NS 556 case ETHERTYPE_NS: 557 schednetisr(NETISR_NS); 558 inq = &nsintrq; 559 break; 560 #endif 561 } 562 goto queue_pkt; 563 default: /* Invalid PPP packet. */ 564 invalid: 565 if (debug) 566 log(LOG_DEBUG, 567 SPP_FMT "invalid input packet " 568 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 569 SPP_ARGS(ifp), 570 h->address, h->control, ntohs(h->protocol)); 571 goto drop; 572 } 573 protocol = ntohs(h->protocol); 574 } 575 576 switch (protocol) { 577 default: 578 if (sp->state[IDX_LCP] == STATE_OPENED) { 579 u_int16_t prot = htons(protocol); 580 sppp_cp_send(sp, PPP_LCP, PROTO_REJ, 581 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 582 &prot); 583 } 584 if (debug) 585 log(LOG_DEBUG, 586 SPP_FMT "invalid input protocol " 587 "<proto=0x%x>\n", SPP_ARGS(ifp), ntohs(protocol)); 588 ++ifp->if_noproto; 589 goto drop; 590 case PPP_LCP: 591 sppp_cp_input(&lcp, sp, m); 592 m_freem(m); 593 return; 594 case PPP_PAP: 595 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) 596 sppp_pap_input(sp, m); 597 m_freem(m); 598 return; 599 case PPP_CHAP: 600 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) 601 sppp_chap_input(sp, m); 602 m_freem(m); 603 return; 604 #ifdef INET 605 case PPP_IPCP: 606 if (sp->pp_phase == SPPP_PHASE_NETWORK) 607 sppp_cp_input(&ipcp, sp, m); 608 m_freem(m); 609 return; 610 case PPP_IP: 611 if (sp->state[IDX_IPCP] == STATE_OPENED) { 612 schednetisr(NETISR_IP); 613 inq = &ipintrq; 614 sp->pp_last_activity = mono_time.tv_sec; 615 } 616 break; 617 #endif 618 #ifdef INET6 619 case PPP_IPV6CP: 620 if (sp->pp_phase == SPPP_PHASE_NETWORK) 621 sppp_cp_input(&ipv6cp, sp, m); 622 m_freem(m); 623 return; 624 625 case PPP_IPV6: 626 if (sp->state[IDX_IPV6CP] == STATE_OPENED) { 627 schednetisr(NETISR_IPV6); 628 inq = &ip6intrq; 629 sp->pp_last_activity = mono_time.tv_sec; 630 } 631 break; 632 #endif 633 #ifdef IPX 634 case PPP_IPX: 635 /* IPX IPXCP not implemented yet */ 636 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 637 schednetisr(NETISR_IPX); 638 inq = &ipxintrq; 639 } 640 break; 641 #endif 642 #ifdef NS 643 case PPP_XNS: 644 /* XNS IDPCP not implemented yet */ 645 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 646 schednetisr(NETISR_NS); 647 inq = &nsintrq; 648 } 649 break; 650 #endif 651 #ifdef ISO 652 case PPP_ISO: 653 /* OSI NLCP not implemented yet */ 654 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 655 schednetisr(NETISR_ISO); 656 inq = &clnlintrq; 657 } 658 break; 659 #endif 660 } 661 662 queue_pkt: 663 if (! (ifp->if_flags & IFF_UP) || ! inq) 664 goto drop; 665 666 /* Check queue. */ 667 s = splnet(); 668 if (IF_QFULL(inq)) { 669 /* Queue overflow. */ 670 IF_DROP(inq); 671 splx(s); 672 if (debug) 673 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 674 SPP_ARGS(ifp)); 675 goto drop; 676 } 677 IF_ENQUEUE(inq, m); 678 splx(s); 679 } 680 681 /* 682 * Enqueue transmit packet. 683 */ 684 static int 685 sppp_output(struct ifnet *ifp, struct mbuf *m, 686 struct sockaddr *dst, struct rtentry *rt) 687 { 688 struct sppp *sp = (struct sppp *) ifp; 689 struct ppp_header *h = NULL; 690 struct ifqueue *ifq = NULL; /* XXX */ 691 int s, len, rv = 0; 692 u_int16_t protocol; 693 ALTQ_DECL(struct altq_pktattr pktattr;) 694 695 s = splnet(); 696 697 sp->pp_last_activity = mono_time.tv_sec; 698 699 if ((ifp->if_flags & IFF_UP) == 0 || 700 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 701 m_freem(m); 702 splx(s); 703 return (ENETDOWN); 704 } 705 706 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 707 /* 708 * Interface is not yet running, but auto-dial. Need 709 * to start LCP for it. 710 */ 711 ifp->if_flags |= IFF_RUNNING; 712 splx(s); 713 lcp.Open(sp); 714 s = splnet(); 715 } 716 717 /* 718 * If the queueing discipline needs packet classification, 719 * do it before prepending link headers. 720 */ 721 IFQ_CLASSIFY(&ifp->if_snd, m, dst->sa_family, &pktattr); 722 723 #ifdef INET 724 if (dst->sa_family == AF_INET) { 725 struct ip *ip = NULL; 726 struct tcphdr *th = NULL; 727 728 if (m->m_len >= sizeof(struct ip)) { 729 ip = mtod(m, struct ip *); 730 if (ip->ip_p == IPPROTO_TCP && 731 m->m_len >= sizeof(struct ip) + (ip->ip_hl << 2) + 732 sizeof(struct tcphdr)) { 733 th = (struct tcphdr *) 734 ((caddr_t)ip + (ip->ip_hl << 2)); 735 } 736 } else 737 ip = NULL; 738 739 /* 740 * When using dynamic local IP address assignment by using 741 * 0.0.0.0 as a local address, the first TCP session will 742 * not connect because the local TCP checksum is computed 743 * using 0.0.0.0 which will later become our real IP address 744 * so the TCP checksum computed at the remote end will 745 * become invalid. So we 746 * - don't let packets with src ip addr 0 thru 747 * - we flag TCP packets with src ip 0 as an error 748 */ 749 if (ip && ip->ip_src.s_addr == INADDR_ANY) { 750 u_int8_t proto = ip->ip_p; 751 752 m_freem(m); 753 splx(s); 754 if (proto == IPPROTO_TCP) 755 return (EADDRNOTAVAIL); 756 else 757 return (0); 758 } 759 760 /* 761 * Put low delay, telnet, rlogin and ftp control packets 762 * in front of the queue. 763 */ 764 765 if (!IF_QFULL(&sp->pp_fastq) && 766 ((ip && (ip->ip_tos & IPTOS_LOWDELAY)) || 767 (th && (INTERACTIVE(ntohs(th->th_sport)) || 768 INTERACTIVE(ntohs(th->th_dport)))))) 769 ifq = &sp->pp_fastq; 770 } 771 #endif 772 773 #ifdef INET6 774 if (dst->sa_family == AF_INET6) { 775 /* XXX do something tricky here? */ 776 } 777 #endif 778 779 if ((sp->pp_flags & PP_NOFRAMING) == 0) { 780 /* 781 * Prepend general data packet PPP header. For now, IP only. 782 */ 783 M_PREPEND(m, PPP_HEADER_LEN, M_DONTWAIT); 784 if (! m) { 785 if (ifp->if_flags & IFF_DEBUG) 786 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 787 SPP_ARGS(ifp)); 788 ++ifp->if_oerrors; 789 splx(s); 790 return (ENOBUFS); 791 } 792 /* 793 * May want to check size of packet 794 * (albeit due to the implementation it's always enough) 795 */ 796 h = mtod(m, struct ppp_header *); 797 if (sp->pp_flags & PP_CISCO) { 798 h->address = CISCO_UNICAST; /* unicast address */ 799 h->control = 0; 800 } else { 801 h->address = PPP_ALLSTATIONS; /* broadcast address */ 802 h->control = PPP_UI; /* Unnumbered Info */ 803 } 804 } 805 806 switch (dst->sa_family) { 807 #ifdef INET 808 case AF_INET: /* Internet Protocol */ 809 if (sp->pp_flags & PP_CISCO) 810 protocol = htons(ETHERTYPE_IP); 811 else { 812 /* 813 * Don't choke with an ENETDOWN early. It's 814 * possible that we just started dialing out, 815 * so don't drop the packet immediately. If 816 * we notice that we run out of buffer space 817 * below, we will however remember that we are 818 * not ready to carry IP packets, and return 819 * ENETDOWN, as opposed to ENOBUFS. 820 */ 821 protocol = htons(PPP_IP); 822 if (sp->state[IDX_IPCP] != STATE_OPENED) 823 rv = ENETDOWN; 824 } 825 break; 826 #endif 827 #ifdef INET6 828 case AF_INET6: /* Internet Protocol version 6 */ 829 if (sp->pp_flags & PP_CISCO) 830 protocol = htons(ETHERTYPE_IPV6); 831 else { 832 /* 833 * Don't choke with an ENETDOWN early. It's 834 * possible that we just started dialing out, 835 * so don't drop the packet immediately. If 836 * we notice that we run out of buffer space 837 * below, we will however remember that we are 838 * not ready to carry IP packets, and return 839 * ENETDOWN, as opposed to ENOBUFS. 840 */ 841 protocol = htons(PPP_IPV6); 842 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 843 rv = ENETDOWN; 844 } 845 break; 846 #endif 847 #ifdef NS 848 case AF_NS: /* Xerox NS Protocol */ 849 protocol = htons((sp->pp_flags & PP_CISCO) ? 850 ETHERTYPE_NS : PPP_XNS); 851 break; 852 #endif 853 #ifdef IPX 854 case AF_IPX: /* Novell IPX Protocol */ 855 protocol = htons((sp->pp_flags & PP_CISCO) ? 856 ETHERTYPE_IPX : PPP_IPX); 857 break; 858 #endif 859 #ifdef ISO 860 case AF_ISO: /* ISO OSI Protocol */ 861 if (sp->pp_flags & PP_CISCO) 862 goto nosupport; 863 protocol = htons(PPP_ISO); 864 break; 865 nosupport: 866 #endif 867 default: 868 m_freem(m); 869 ++ifp->if_oerrors; 870 splx(s); 871 return (EAFNOSUPPORT); 872 } 873 874 if (sp->pp_flags & PP_NOFRAMING) { 875 M_PREPEND(m, 2, M_DONTWAIT); 876 if (m == NULL) { 877 if (ifp->if_flags & IFF_DEBUG) 878 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 879 SPP_ARGS(ifp)); 880 ++ifp->if_oerrors; 881 splx(s); 882 return (ENOBUFS); 883 } 884 *mtod(m, u_int16_t *) = protocol; 885 } else { 886 h->protocol = protocol; 887 } 888 889 /* 890 * Queue message on interface, and start output if interface 891 * not yet active. 892 */ 893 len = m->m_pkthdr.len; 894 if (ifq != NULL 895 #ifdef ALTQ 896 && ALTQ_IS_ENABLED(&ifp->if_snd) == 0 897 #endif 898 ) { 899 if (IF_QFULL(ifq)) { 900 IF_DROP(&ifp->if_snd); 901 m_freem(m); 902 if (rv == 0) 903 rv = ENOBUFS; 904 } 905 else 906 IF_ENQUEUE(ifq, m); 907 } else 908 IFQ_ENQUEUE(&ifp->if_snd, m, &pktattr, rv); 909 if (rv != 0) { 910 ++ifp->if_oerrors; 911 splx(s); 912 return (rv); 913 } 914 915 if (! (ifp->if_flags & IFF_OACTIVE)) 916 (*ifp->if_start)(ifp); 917 918 /* 919 * Count output packets and bytes. 920 * The packet length includes header + additional hardware framing 921 * according to RFC 1333. 922 */ 923 ifp->if_obytes += len + sp->pp_framebytes; 924 splx(s); 925 return (0); 926 } 927 928 void 929 sppp_attach(struct ifnet *ifp) 930 { 931 struct sppp *sp = (struct sppp *) ifp; 932 933 /* Initialize keepalive handler. */ 934 if (! spppq) { 935 callout_init(&keepalive_ch); 936 callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 937 } 938 939 /* Insert new entry into the keepalive list. */ 940 sp->pp_next = spppq; 941 spppq = sp; 942 943 sp->pp_if.if_type = IFT_PPP; 944 sp->pp_if.if_output = sppp_output; 945 sp->pp_fastq.ifq_maxlen = 32; 946 sp->pp_cpq.ifq_maxlen = 20; 947 sp->pp_loopcnt = 0; 948 sp->pp_alivecnt = 0; 949 sp->pp_last_activity = 0; 950 sp->pp_idle_timeout = 0; 951 memset(&sp->pp_seq[0], 0, sizeof(sp->pp_seq)); 952 memset(&sp->pp_rseq[0], 0, sizeof(sp->pp_rseq)); 953 sp->pp_auth_failures = 0; 954 sp->pp_max_auth_fail = DEFAULT_MAX_AUTH_FAILURES; 955 sp->pp_phase = SPPP_PHASE_DEAD; 956 sp->pp_up = lcp.Up; 957 sp->pp_down = lcp.Down; 958 959 if_alloc_sadl(ifp); 960 961 memset(&sp->myauth, 0, sizeof sp->myauth); 962 memset(&sp->hisauth, 0, sizeof sp->hisauth); 963 sppp_lcp_init(sp); 964 sppp_ipcp_init(sp); 965 sppp_ipv6cp_init(sp); 966 sppp_pap_init(sp); 967 sppp_chap_init(sp); 968 } 969 970 void 971 sppp_detach(struct ifnet *ifp) 972 { 973 struct sppp **q, *p, *sp = (struct sppp *) ifp; 974 int i; 975 976 /* Remove the entry from the keepalive list. */ 977 for (q = &spppq; (p = *q); q = &p->pp_next) 978 if (p == sp) { 979 *q = p->pp_next; 980 break; 981 } 982 983 /* Stop keepalive handler. */ 984 if (! spppq) { 985 callout_stop(&keepalive_ch); 986 } 987 988 for (i = 0; i < IDX_COUNT; i++) { 989 callout_stop(&sp->ch[i]); 990 } 991 callout_stop(&sp->pap_my_to_ch); 992 993 /* free authentication info */ 994 if (sp->myauth.name) free(sp->myauth.name, M_DEVBUF); 995 if (sp->myauth.secret) free(sp->myauth.secret, M_DEVBUF); 996 if (sp->hisauth.name) free(sp->hisauth.name, M_DEVBUF); 997 if (sp->hisauth.secret) free(sp->hisauth.secret, M_DEVBUF); 998 999 if_free_sadl(ifp); 1000 } 1001 1002 /* 1003 * Flush the interface output queue. 1004 */ 1005 void 1006 sppp_flush(struct ifnet *ifp) 1007 { 1008 struct sppp *sp = (struct sppp *) ifp; 1009 1010 IFQ_PURGE(&sp->pp_if.if_snd); 1011 IF_PURGE(&sp->pp_fastq); 1012 IF_PURGE(&sp->pp_cpq); 1013 } 1014 1015 /* 1016 * Check if the output queue is empty. 1017 */ 1018 int 1019 sppp_isempty(struct ifnet *ifp) 1020 { 1021 struct sppp *sp = (struct sppp *) ifp; 1022 int empty, s; 1023 1024 s = splnet(); 1025 empty = IF_IS_EMPTY(&sp->pp_fastq) && IF_IS_EMPTY(&sp->pp_cpq) && 1026 IFQ_IS_EMPTY(&sp->pp_if.if_snd); 1027 splx(s); 1028 return (empty); 1029 } 1030 1031 /* 1032 * Get next packet to send. 1033 */ 1034 struct mbuf * 1035 sppp_dequeue(struct ifnet *ifp) 1036 { 1037 struct sppp *sp = (struct sppp *) ifp; 1038 struct mbuf *m; 1039 int s; 1040 1041 s = splnet(); 1042 /* 1043 * Process only the control protocol queue until we have at 1044 * least one NCP open. 1045 * 1046 * Do always serve all three queues in Cisco mode. 1047 */ 1048 IF_DEQUEUE(&sp->pp_cpq, m); 1049 if (m == NULL && 1050 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) { 1051 IF_DEQUEUE(&sp->pp_fastq, m); 1052 if (m == NULL) 1053 IF_DEQUEUE(&sp->pp_if.if_snd, m); 1054 } 1055 splx(s); 1056 return m; 1057 } 1058 1059 /* 1060 * Pick the next packet, do not remove it from the queue. 1061 */ 1062 struct mbuf * 1063 sppp_pick(struct ifnet *ifp) 1064 { 1065 struct sppp *sp = (struct sppp *)ifp; 1066 struct mbuf *m; 1067 int s; 1068 1069 s= splnet(); 1070 1071 m = sp->pp_cpq.ifq_head; 1072 if (m == NULL && 1073 (sp->pp_phase == SPPP_PHASE_NETWORK || 1074 (sp->pp_flags & PP_CISCO) != 0)) 1075 if ((m = sp->pp_fastq.ifq_head) == NULL) 1076 m = sp->pp_if.if_snd.ifq_head; 1077 splx(s); 1078 return (m); 1079 } 1080 1081 /* 1082 * Process an ioctl request. Called on low priority level. 1083 */ 1084 int 1085 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) 1086 { 1087 struct ifreq *ifr = (struct ifreq *) data; 1088 struct sppp *sp = (struct sppp *) ifp; 1089 int s, error=0, going_up, going_down, newmode; 1090 1091 s = splnet(); 1092 switch (cmd) { 1093 case SIOCAIFADDR: 1094 case SIOCSIFDSTADDR: 1095 break; 1096 1097 case SIOCSIFADDR: 1098 if_up(ifp); 1099 /* fall through... */ 1100 1101 case SIOCSIFFLAGS: 1102 going_up = ifp->if_flags & IFF_UP && 1103 (ifp->if_flags & IFF_RUNNING) == 0; 1104 going_down = (ifp->if_flags & IFF_UP) == 0 && 1105 ifp->if_flags & IFF_RUNNING; 1106 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 1107 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 1108 /* sanity */ 1109 newmode = IFF_PASSIVE; 1110 ifp->if_flags &= ~IFF_AUTO; 1111 } 1112 1113 if (going_up || going_down) 1114 lcp.Close(sp); 1115 if (going_up && newmode == 0) { 1116 /* neither auto-dial nor passive */ 1117 ifp->if_flags |= IFF_RUNNING; 1118 if (!(sp->pp_flags & PP_CISCO)) 1119 lcp.Open(sp); 1120 } else if (going_down) { 1121 sppp_flush(ifp); 1122 ifp->if_flags &= ~IFF_RUNNING; 1123 } 1124 1125 break; 1126 1127 #ifdef SIOCSIFMTU 1128 #ifndef ifr_mtu 1129 #define ifr_mtu ifr_metric 1130 #endif 1131 case SIOCSIFMTU: 1132 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1133 return (EINVAL); 1134 ifp->if_mtu = ifr->ifr_mtu; 1135 break; 1136 #endif 1137 #ifdef SLIOCSETMTU 1138 case SLIOCSETMTU: 1139 if (*(short *)data < 128 || *(short *)data > sp->lcp.their_mru) 1140 return (EINVAL); 1141 ifp->if_mtu = *(short *)data; 1142 break; 1143 #endif 1144 #ifdef SIOCGIFMTU 1145 case SIOCGIFMTU: 1146 ifr->ifr_mtu = ifp->if_mtu; 1147 break; 1148 #endif 1149 #ifdef SLIOCGETMTU 1150 case SLIOCGETMTU: 1151 *(short *)data = ifp->if_mtu; 1152 break; 1153 #endif 1154 case SIOCADDMULTI: 1155 case SIOCDELMULTI: 1156 break; 1157 1158 case SPPPSETAUTHCFG: 1159 case SPPPSETLCPCFG: 1160 case SPPPSETIDLETO: 1161 case SPPPSETAUTHFAILURE: 1162 case SPPPSETDNSOPTS: 1163 { 1164 struct proc *p = curproc; /* XXX */ 1165 1166 if ((error = suser(p->p_ucred, &p->p_acflag)) != 0) 1167 break; 1168 } 1169 /* FALLTHROUGH */ 1170 case SPPPGETAUTHCFG: 1171 case SPPPGETLCPCFG: 1172 case SPPPGETSTATUS: 1173 case SPPPGETIDLETO: 1174 case SPPPGETAUTHFAILURES: 1175 case SPPPGETDNSOPTS: 1176 case SPPPGETDNSADDRS: 1177 error = sppp_params(sp, cmd, data); 1178 break; 1179 1180 default: 1181 error = ENOTTY; 1182 } 1183 splx(s); 1184 return (error); 1185 } 1186 1187 1188 /* 1189 * Cisco framing implementation. 1190 */ 1191 1192 /* 1193 * Handle incoming Cisco keepalive protocol packets. 1194 */ 1195 static void 1196 sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1197 { 1198 STDDCL; 1199 struct cisco_packet *h; 1200 u_int32_t me, mymask; 1201 1202 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1203 if (debug) 1204 log(LOG_DEBUG, 1205 SPP_FMT "cisco invalid packet length: %d bytes\n", 1206 SPP_ARGS(ifp), m->m_pkthdr.len); 1207 return; 1208 } 1209 h = mtod(m, struct cisco_packet *); 1210 if (debug) 1211 log(LOG_DEBUG, 1212 SPP_FMT "cisco input: %d bytes " 1213 "<0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", 1214 SPP_ARGS(ifp), m->m_pkthdr.len, 1215 ntohl (h->type), h->par1, h->par2, (u_int)h->rel, 1216 (u_int)h->time0, (u_int)h->time1); 1217 switch (ntohl (h->type)) { 1218 default: 1219 if (debug) 1220 addlog(SPP_FMT "cisco unknown packet type: 0x%x\n", 1221 SPP_ARGS(ifp), ntohl (h->type)); 1222 break; 1223 case CISCO_ADDR_REPLY: 1224 /* Reply on address request, ignore */ 1225 break; 1226 case CISCO_KEEPALIVE_REQ: 1227 sp->pp_alivecnt = 0; 1228 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1229 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1230 /* Local and remote sequence numbers are equal. 1231 * Probably, the line is in loopback mode. */ 1232 if (sp->pp_loopcnt >= MAXALIVECNT) { 1233 printf (SPP_FMT "loopback\n", 1234 SPP_ARGS(ifp)); 1235 sp->pp_loopcnt = 0; 1236 if (ifp->if_flags & IFF_UP) { 1237 if_down(ifp); 1238 IF_PURGE(&sp->pp_cpq); 1239 } 1240 } 1241 ++sp->pp_loopcnt; 1242 1243 /* Generate new local sequence number */ 1244 sp->pp_seq[IDX_LCP] = random(); 1245 break; 1246 } 1247 sp->pp_loopcnt = 0; 1248 if (! (ifp->if_flags & IFF_UP) && 1249 (ifp->if_flags & IFF_RUNNING)) { 1250 if_up(ifp); 1251 } 1252 break; 1253 case CISCO_ADDR_REQ: 1254 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1255 if (me != 0L) 1256 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1257 break; 1258 } 1259 } 1260 1261 /* 1262 * Send Cisco keepalive packet. 1263 */ 1264 static void 1265 sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2) 1266 { 1267 STDDCL; 1268 struct ppp_header *h; 1269 struct cisco_packet *ch; 1270 struct mbuf *m; 1271 u_int32_t t = (time.tv_sec - boottime.tv_sec) * 1000; 1272 1273 MGETHDR(m, M_DONTWAIT, MT_DATA); 1274 if (! m) 1275 return; 1276 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1277 m->m_pkthdr.rcvif = 0; 1278 1279 h = mtod(m, struct ppp_header *); 1280 h->address = CISCO_MULTICAST; 1281 h->control = 0; 1282 h->protocol = htons(CISCO_KEEPALIVE); 1283 1284 ch = (struct cisco_packet *)(h + 1); 1285 ch->type = htonl(type); 1286 ch->par1 = htonl(par1); 1287 ch->par2 = htonl(par2); 1288 ch->rel = -1; 1289 1290 ch->time0 = htons((u_short)(t >> 16)); 1291 ch->time1 = htons((u_short) t); 1292 1293 if (debug) 1294 log(LOG_DEBUG, 1295 SPP_FMT "cisco output: <0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", 1296 SPP_ARGS(ifp), ntohl (ch->type), ch->par1, 1297 ch->par2, (u_int)ch->rel, (u_int)ch->time0, 1298 (u_int)ch->time1); 1299 1300 if (IF_QFULL(&sp->pp_cpq)) { 1301 IF_DROP(&sp->pp_fastq); 1302 IF_DROP(&ifp->if_snd); 1303 m_freem(m); 1304 ++ifp->if_oerrors; 1305 return; 1306 } else 1307 IF_ENQUEUE(&sp->pp_cpq, m); 1308 if (! (ifp->if_flags & IFF_OACTIVE)) 1309 (*ifp->if_start)(ifp); 1310 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes; 1311 } 1312 1313 /* 1314 * PPP protocol implementation. 1315 */ 1316 1317 /* 1318 * Send PPP control protocol packet. 1319 */ 1320 static void 1321 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1322 u_char ident, u_short len, void *data) 1323 { 1324 STDDCL; 1325 struct lcp_header *lh; 1326 struct mbuf *m; 1327 size_t pkthdrlen; 1328 1329 pkthdrlen = (sp->pp_flags & PP_NOFRAMING) ? 2 : PPP_HEADER_LEN; 1330 1331 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) 1332 len = MHLEN - pkthdrlen - LCP_HEADER_LEN; 1333 MGETHDR(m, M_DONTWAIT, MT_DATA); 1334 if (! m) 1335 return; 1336 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 1337 m->m_pkthdr.rcvif = 0; 1338 1339 if (sp->pp_flags & PP_NOFRAMING) { 1340 *mtod(m, u_int16_t *) = htons(proto); 1341 lh = (struct lcp_header *)(mtod(m, u_int8_t *) + 2); 1342 } else { 1343 struct ppp_header *h; 1344 h = mtod(m, struct ppp_header *); 1345 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1346 h->control = PPP_UI; /* Unnumbered Info */ 1347 h->protocol = htons(proto); /* Link Control Protocol */ 1348 lh = (struct lcp_header *)(h + 1); 1349 } 1350 lh->type = type; 1351 lh->ident = ident; 1352 lh->len = htons(LCP_HEADER_LEN + len); 1353 if (len) 1354 bcopy (data, lh + 1, len); 1355 1356 if (debug) { 1357 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1358 SPP_ARGS(ifp), 1359 sppp_proto_name(proto), 1360 sppp_cp_type_name(lh->type), lh->ident, ntohs(lh->len)); 1361 if (len) 1362 sppp_print_bytes((u_char *)(lh + 1), len); 1363 addlog(">\n"); 1364 } 1365 if (IF_QFULL(&sp->pp_cpq)) { 1366 IF_DROP(&sp->pp_fastq); 1367 IF_DROP(&ifp->if_snd); 1368 m_freem(m); 1369 ++ifp->if_oerrors; 1370 return; 1371 } else 1372 IF_ENQUEUE(&sp->pp_cpq, m); 1373 if (! (ifp->if_flags & IFF_OACTIVE)) 1374 (*ifp->if_start)(ifp); 1375 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes; 1376 } 1377 1378 /* 1379 * Handle incoming PPP control protocol packets. 1380 */ 1381 static void 1382 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1383 { 1384 STDDCL; 1385 struct lcp_header *h; 1386 int len = m->m_pkthdr.len; 1387 int rv; 1388 u_char *p; 1389 u_int32_t u32; 1390 1391 if (len < 4) { 1392 if (debug) 1393 log(LOG_DEBUG, 1394 SPP_FMT "%s invalid packet length: %d bytes\n", 1395 SPP_ARGS(ifp), cp->name, len); 1396 return; 1397 } 1398 h = mtod(m, struct lcp_header *); 1399 if (debug) { 1400 log(LOG_DEBUG, 1401 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1402 SPP_ARGS(ifp), cp->name, 1403 sppp_state_name(sp->state[cp->protoidx]), 1404 sppp_cp_type_name(h->type), h->ident, ntohs(h->len)); 1405 if (len > 4) 1406 sppp_print_bytes((u_char *)(h + 1), len - 4); 1407 addlog(">\n"); 1408 } 1409 if (len > ntohs(h->len)) 1410 len = ntohs(h->len); 1411 p = (u_char *)(h + 1); 1412 switch (h->type) { 1413 case CONF_REQ: 1414 if (len < 4) { 1415 if (debug) 1416 addlog(SPP_FMT "%s invalid conf-req length %d\n", 1417 SPP_ARGS(ifp), cp->name, 1418 len); 1419 ++ifp->if_ierrors; 1420 break; 1421 } 1422 /* handle states where RCR doesn't get a SCA/SCN */ 1423 switch (sp->state[cp->protoidx]) { 1424 case STATE_CLOSING: 1425 case STATE_STOPPING: 1426 return; 1427 case STATE_CLOSED: 1428 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1429 0, 0); 1430 return; 1431 } 1432 rv = (cp->RCR)(sp, h, len); 1433 switch (sp->state[cp->protoidx]) { 1434 case STATE_OPENED: 1435 (cp->tld)(sp); 1436 (cp->scr)(sp); 1437 /* fall through... */ 1438 case STATE_ACK_SENT: 1439 case STATE_REQ_SENT: 1440 sppp_cp_change_state(cp, sp, rv? 1441 STATE_ACK_SENT: STATE_REQ_SENT); 1442 break; 1443 case STATE_STOPPED: 1444 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1445 (cp->scr)(sp); 1446 sppp_cp_change_state(cp, sp, rv? 1447 STATE_ACK_SENT: STATE_REQ_SENT); 1448 break; 1449 case STATE_ACK_RCVD: 1450 if (rv) { 1451 sppp_cp_change_state(cp, sp, STATE_OPENED); 1452 if (debug) 1453 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1454 SPP_ARGS(ifp), 1455 cp->name); 1456 (cp->tlu)(sp); 1457 } else 1458 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1459 break; 1460 default: 1461 printf(SPP_FMT "%s illegal %s in state %s\n", 1462 SPP_ARGS(ifp), cp->name, 1463 sppp_cp_type_name(h->type), 1464 sppp_state_name(sp->state[cp->protoidx])); 1465 ++ifp->if_ierrors; 1466 } 1467 break; 1468 case CONF_ACK: 1469 if (h->ident != sp->confid[cp->protoidx]) { 1470 if (debug) 1471 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1472 SPP_ARGS(ifp), cp->name, 1473 h->ident, sp->confid[cp->protoidx]); 1474 ++ifp->if_ierrors; 1475 break; 1476 } 1477 switch (sp->state[cp->protoidx]) { 1478 case STATE_CLOSED: 1479 case STATE_STOPPED: 1480 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1481 break; 1482 case STATE_CLOSING: 1483 case STATE_STOPPING: 1484 break; 1485 case STATE_REQ_SENT: 1486 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1487 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1488 break; 1489 case STATE_OPENED: 1490 (cp->tld)(sp); 1491 /* fall through */ 1492 case STATE_ACK_RCVD: 1493 (cp->scr)(sp); 1494 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1495 break; 1496 case STATE_ACK_SENT: 1497 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1498 sppp_cp_change_state(cp, sp, STATE_OPENED); 1499 if (debug) 1500 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1501 SPP_ARGS(ifp), cp->name); 1502 (cp->tlu)(sp); 1503 break; 1504 default: 1505 printf(SPP_FMT "%s illegal %s in state %s\n", 1506 SPP_ARGS(ifp), cp->name, 1507 sppp_cp_type_name(h->type), 1508 sppp_state_name(sp->state[cp->protoidx])); 1509 ++ifp->if_ierrors; 1510 } 1511 break; 1512 case CONF_NAK: 1513 case CONF_REJ: 1514 if (h->ident != sp->confid[cp->protoidx]) { 1515 if (debug) 1516 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1517 SPP_ARGS(ifp), cp->name, 1518 h->ident, sp->confid[cp->protoidx]); 1519 ++ifp->if_ierrors; 1520 break; 1521 } 1522 if (h->type == CONF_NAK) 1523 (cp->RCN_nak)(sp, h, len); 1524 else /* CONF_REJ */ 1525 (cp->RCN_rej)(sp, h, len); 1526 1527 switch (sp->state[cp->protoidx]) { 1528 case STATE_CLOSED: 1529 case STATE_STOPPED: 1530 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1531 break; 1532 case STATE_REQ_SENT: 1533 case STATE_ACK_SENT: 1534 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1535 (cp->scr)(sp); 1536 break; 1537 case STATE_OPENED: 1538 (cp->tld)(sp); 1539 /* fall through */ 1540 case STATE_ACK_RCVD: 1541 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1542 (cp->scr)(sp); 1543 break; 1544 case STATE_CLOSING: 1545 case STATE_STOPPING: 1546 break; 1547 default: 1548 printf(SPP_FMT "%s illegal %s in state %s\n", 1549 SPP_ARGS(ifp), cp->name, 1550 sppp_cp_type_name(h->type), 1551 sppp_state_name(sp->state[cp->protoidx])); 1552 ++ifp->if_ierrors; 1553 } 1554 break; 1555 1556 case TERM_REQ: 1557 switch (sp->state[cp->protoidx]) { 1558 case STATE_ACK_RCVD: 1559 case STATE_ACK_SENT: 1560 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1561 /* fall through */ 1562 case STATE_CLOSED: 1563 case STATE_STOPPED: 1564 case STATE_CLOSING: 1565 case STATE_STOPPING: 1566 case STATE_REQ_SENT: 1567 sta: 1568 /* Send Terminate-Ack packet. */ 1569 if (debug) 1570 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1571 SPP_ARGS(ifp), cp->name); 1572 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1573 break; 1574 case STATE_OPENED: 1575 (cp->tld)(sp); 1576 sp->rst_counter[cp->protoidx] = 0; 1577 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1578 goto sta; 1579 break; 1580 default: 1581 printf(SPP_FMT "%s illegal %s in state %s\n", 1582 SPP_ARGS(ifp), cp->name, 1583 sppp_cp_type_name(h->type), 1584 sppp_state_name(sp->state[cp->protoidx])); 1585 ++ifp->if_ierrors; 1586 } 1587 break; 1588 case TERM_ACK: 1589 switch (sp->state[cp->protoidx]) { 1590 case STATE_CLOSED: 1591 case STATE_STOPPED: 1592 case STATE_REQ_SENT: 1593 case STATE_ACK_SENT: 1594 break; 1595 case STATE_CLOSING: 1596 (cp->tlf)(sp); 1597 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1598 sppp_lcp_check_and_close(sp); 1599 break; 1600 case STATE_STOPPING: 1601 (cp->tlf)(sp); 1602 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1603 sppp_lcp_check_and_close(sp); 1604 break; 1605 case STATE_ACK_RCVD: 1606 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1607 break; 1608 case STATE_OPENED: 1609 (cp->tld)(sp); 1610 (cp->scr)(sp); 1611 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1612 break; 1613 default: 1614 printf(SPP_FMT "%s illegal %s in state %s\n", 1615 SPP_ARGS(ifp), cp->name, 1616 sppp_cp_type_name(h->type), 1617 sppp_state_name(sp->state[cp->protoidx])); 1618 ++ifp->if_ierrors; 1619 } 1620 break; 1621 case CODE_REJ: 1622 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1623 log(LOG_INFO, 1624 SPP_FMT "%s: ignoring RXJ (%s) for code ?, " 1625 "danger will robinson\n", 1626 SPP_ARGS(ifp), cp->name, 1627 sppp_cp_type_name(h->type)); 1628 switch (sp->state[cp->protoidx]) { 1629 case STATE_CLOSED: 1630 case STATE_STOPPED: 1631 case STATE_REQ_SENT: 1632 case STATE_ACK_SENT: 1633 case STATE_CLOSING: 1634 case STATE_STOPPING: 1635 case STATE_OPENED: 1636 break; 1637 case STATE_ACK_RCVD: 1638 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1639 break; 1640 default: 1641 printf(SPP_FMT "%s illegal %s in state %s\n", 1642 SPP_ARGS(ifp), cp->name, 1643 sppp_cp_type_name(h->type), 1644 sppp_state_name(sp->state[cp->protoidx])); 1645 ++ifp->if_ierrors; 1646 } 1647 break; 1648 case PROTO_REJ: 1649 { 1650 int catastrophic; 1651 const struct cp *upper; 1652 int i; 1653 u_int16_t proto; 1654 1655 catastrophic = 0; 1656 upper = NULL; 1657 proto = p[0] << 8 | p[1]; 1658 for (i = 0; i < IDX_COUNT; i++) { 1659 if (cps[i]->proto == proto) { 1660 upper = cps[i]; 1661 break; 1662 } 1663 } 1664 if (upper == NULL) 1665 catastrophic++; 1666 1667 if (debug) 1668 log(LOG_INFO, 1669 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1670 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1671 sppp_cp_type_name(h->type), proto, 1672 upper ? upper->name : "unknown", 1673 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1674 1675 /* 1676 * if we got RXJ+ against conf-req, the peer does not implement 1677 * this particular protocol type. terminate the protocol. 1678 */ 1679 if (upper && !catastrophic) { 1680 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1681 upper->Close(sp); 1682 break; 1683 } 1684 } 1685 1686 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1687 switch (sp->state[cp->protoidx]) { 1688 case STATE_CLOSED: 1689 case STATE_STOPPED: 1690 case STATE_REQ_SENT: 1691 case STATE_ACK_SENT: 1692 case STATE_CLOSING: 1693 case STATE_STOPPING: 1694 case STATE_OPENED: 1695 break; 1696 case STATE_ACK_RCVD: 1697 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1698 break; 1699 default: 1700 printf(SPP_FMT "%s illegal %s in state %s\n", 1701 SPP_ARGS(ifp), cp->name, 1702 sppp_cp_type_name(h->type), 1703 sppp_state_name(sp->state[cp->protoidx])); 1704 ++ifp->if_ierrors; 1705 } 1706 break; 1707 } 1708 case DISC_REQ: 1709 if (cp->proto != PPP_LCP) 1710 goto illegal; 1711 /* Discard the packet. */ 1712 break; 1713 case ECHO_REQ: 1714 if (cp->proto != PPP_LCP) 1715 goto illegal; 1716 if (sp->state[cp->protoidx] != STATE_OPENED) { 1717 if (debug) 1718 addlog(SPP_FMT "lcp echo req but lcp closed\n", 1719 SPP_ARGS(ifp)); 1720 ++ifp->if_ierrors; 1721 break; 1722 } 1723 if (len < 8) { 1724 if (debug) 1725 addlog(SPP_FMT "invalid lcp echo request " 1726 "packet length: %d bytes\n", 1727 SPP_ARGS(ifp), len); 1728 break; 1729 } 1730 memcpy(&u32, h + 1, sizeof u32); 1731 if (ntohl(u32) == sp->lcp.magic) { 1732 /* Line loopback mode detected. */ 1733 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1734 if_down(ifp); 1735 IF_PURGE(&sp->pp_cpq); 1736 1737 /* Shut down the PPP link. */ 1738 /* XXX */ 1739 lcp.Down(sp); 1740 lcp.Up(sp); 1741 break; 1742 } 1743 u32 = htonl(sp->lcp.magic); 1744 memcpy(h + 1, &u32, sizeof u32); 1745 if (debug) 1746 addlog(SPP_FMT "got lcp echo req, sending echo rep\n", 1747 SPP_ARGS(ifp)); 1748 sppp_cp_send(sp, PPP_LCP, ECHO_REPLY, h->ident, len - 4, 1749 h + 1); 1750 break; 1751 case ECHO_REPLY: 1752 if (cp->proto != PPP_LCP) 1753 goto illegal; 1754 if (h->ident != sp->lcp.echoid) { 1755 ++ifp->if_ierrors; 1756 break; 1757 } 1758 if (len < 8) { 1759 if (debug) 1760 addlog(SPP_FMT "lcp invalid echo reply " 1761 "packet length: %d bytes\n", 1762 SPP_ARGS(ifp), len); 1763 break; 1764 } 1765 if (debug) 1766 addlog(SPP_FMT "lcp got echo rep\n", 1767 SPP_ARGS(ifp)); 1768 memcpy(&u32, h + 1, sizeof u32); 1769 if (ntohl(u32) != sp->lcp.magic) 1770 sp->pp_alivecnt = 0; 1771 break; 1772 default: 1773 /* Unknown packet type -- send Code-Reject packet. */ 1774 illegal: 1775 if (debug) 1776 addlog(SPP_FMT "%s send code-rej for 0x%x\n", 1777 SPP_ARGS(ifp), cp->name, h->type); 1778 sppp_cp_send(sp, cp->proto, CODE_REJ, 1779 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1780 ++ifp->if_ierrors; 1781 } 1782 } 1783 1784 1785 /* 1786 * The generic part of all Up/Down/Open/Close/TO event handlers. 1787 * Basically, the state transition handling in the automaton. 1788 */ 1789 static void 1790 sppp_up_event(const struct cp *cp, struct sppp *sp) 1791 { 1792 STDDCL; 1793 1794 if (debug) 1795 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1796 SPP_ARGS(ifp), cp->name, 1797 sppp_state_name(sp->state[cp->protoidx])); 1798 1799 switch (sp->state[cp->protoidx]) { 1800 case STATE_INITIAL: 1801 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1802 break; 1803 case STATE_STARTING: 1804 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1805 (cp->scr)(sp); 1806 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1807 break; 1808 default: 1809 printf(SPP_FMT "%s illegal up in state %s\n", 1810 SPP_ARGS(ifp), cp->name, 1811 sppp_state_name(sp->state[cp->protoidx])); 1812 } 1813 } 1814 1815 static void 1816 sppp_down_event(const struct cp *cp, struct sppp *sp) 1817 { 1818 STDDCL; 1819 1820 if (debug) 1821 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1822 SPP_ARGS(ifp), cp->name, 1823 sppp_state_name(sp->state[cp->protoidx])); 1824 1825 switch (sp->state[cp->protoidx]) { 1826 case STATE_CLOSED: 1827 case STATE_CLOSING: 1828 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1829 break; 1830 case STATE_STOPPED: 1831 (cp->tls)(sp); 1832 /* fall through */ 1833 case STATE_STOPPING: 1834 case STATE_REQ_SENT: 1835 case STATE_ACK_RCVD: 1836 case STATE_ACK_SENT: 1837 sppp_cp_change_state(cp, sp, STATE_STARTING); 1838 break; 1839 case STATE_OPENED: 1840 (cp->tld)(sp); 1841 sppp_cp_change_state(cp, sp, STATE_STARTING); 1842 break; 1843 default: 1844 printf(SPP_FMT "%s illegal down in state %s\n", 1845 SPP_ARGS(ifp), cp->name, 1846 sppp_state_name(sp->state[cp->protoidx])); 1847 } 1848 } 1849 1850 1851 static void 1852 sppp_open_event(const struct cp *cp, struct sppp *sp) 1853 { 1854 STDDCL; 1855 1856 if (debug) 1857 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1858 SPP_ARGS(ifp), cp->name, 1859 sppp_state_name(sp->state[cp->protoidx])); 1860 1861 switch (sp->state[cp->protoidx]) { 1862 case STATE_INITIAL: 1863 (cp->tls)(sp); 1864 sppp_cp_change_state(cp, sp, STATE_STARTING); 1865 break; 1866 case STATE_STARTING: 1867 break; 1868 case STATE_CLOSED: 1869 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1870 (cp->scr)(sp); 1871 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1872 break; 1873 case STATE_STOPPED: 1874 case STATE_STOPPING: 1875 case STATE_REQ_SENT: 1876 case STATE_ACK_RCVD: 1877 case STATE_ACK_SENT: 1878 case STATE_OPENED: 1879 break; 1880 case STATE_CLOSING: 1881 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1882 break; 1883 } 1884 } 1885 1886 1887 static void 1888 sppp_close_event(const struct cp *cp, struct sppp *sp) 1889 { 1890 STDDCL; 1891 1892 if (debug) 1893 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1894 SPP_ARGS(ifp), cp->name, 1895 sppp_state_name(sp->state[cp->protoidx])); 1896 1897 switch (sp->state[cp->protoidx]) { 1898 case STATE_INITIAL: 1899 case STATE_CLOSED: 1900 case STATE_CLOSING: 1901 break; 1902 case STATE_STARTING: 1903 (cp->tlf)(sp); 1904 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1905 break; 1906 case STATE_STOPPED: 1907 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1908 break; 1909 case STATE_STOPPING: 1910 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1911 break; 1912 case STATE_OPENED: 1913 (cp->tld)(sp); 1914 /* fall through */ 1915 case STATE_REQ_SENT: 1916 case STATE_ACK_RCVD: 1917 case STATE_ACK_SENT: 1918 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1919 sppp_cp_send(sp, cp->proto, TERM_REQ, 1920 ++sp->pp_seq[cp->protoidx], 0, 0); 1921 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1922 break; 1923 } 1924 } 1925 1926 static void 1927 sppp_to_event(const struct cp *cp, struct sppp *sp) 1928 { 1929 STDDCL; 1930 int s; 1931 1932 s = splnet(); 1933 if (debug) 1934 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 1935 SPP_ARGS(ifp), cp->name, 1936 sppp_state_name(sp->state[cp->protoidx]), 1937 sp->rst_counter[cp->protoidx]); 1938 1939 if (--sp->rst_counter[cp->protoidx] < 0) 1940 /* TO- event */ 1941 switch (sp->state[cp->protoidx]) { 1942 case STATE_CLOSING: 1943 (cp->tlf)(sp); 1944 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1945 sppp_lcp_check_and_close(sp); 1946 break; 1947 case STATE_STOPPING: 1948 (cp->tlf)(sp); 1949 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1950 sppp_lcp_check_and_close(sp); 1951 break; 1952 case STATE_REQ_SENT: 1953 case STATE_ACK_RCVD: 1954 case STATE_ACK_SENT: 1955 (cp->tlf)(sp); 1956 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1957 sppp_lcp_check_and_close(sp); 1958 break; 1959 } 1960 else 1961 /* TO+ event */ 1962 switch (sp->state[cp->protoidx]) { 1963 case STATE_CLOSING: 1964 case STATE_STOPPING: 1965 sppp_cp_send(sp, cp->proto, TERM_REQ, 1966 ++sp->pp_seq[cp->protoidx], 0, 0); 1967 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1968 cp->TO, sp); 1969 break; 1970 case STATE_REQ_SENT: 1971 case STATE_ACK_RCVD: 1972 (cp->scr)(sp); 1973 /* sppp_cp_change_state() will restart the timer */ 1974 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1975 break; 1976 case STATE_ACK_SENT: 1977 (cp->scr)(sp); 1978 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1979 cp->TO, sp); 1980 break; 1981 } 1982 1983 splx(s); 1984 } 1985 1986 /* 1987 * Change the state of a control protocol in the state automaton. 1988 * Takes care of starting/stopping the restart timer. 1989 */ 1990 void 1991 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1992 { 1993 sp->state[cp->protoidx] = newstate; 1994 callout_stop(&sp->ch[cp->protoidx]); 1995 switch (newstate) { 1996 case STATE_INITIAL: 1997 case STATE_STARTING: 1998 case STATE_CLOSED: 1999 case STATE_STOPPED: 2000 case STATE_OPENED: 2001 break; 2002 case STATE_CLOSING: 2003 case STATE_STOPPING: 2004 case STATE_REQ_SENT: 2005 case STATE_ACK_RCVD: 2006 case STATE_ACK_SENT: 2007 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2008 cp->TO, sp); 2009 break; 2010 } 2011 } 2012 2013 /* 2014 *--------------------------------------------------------------------------* 2015 * * 2016 * The LCP implementation. * 2017 * * 2018 *--------------------------------------------------------------------------* 2019 */ 2020 static void 2021 sppp_lcp_init(struct sppp *sp) 2022 { 2023 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2024 sp->lcp.magic = 0; 2025 sp->state[IDX_LCP] = STATE_INITIAL; 2026 sp->fail_counter[IDX_LCP] = 0; 2027 sp->pp_seq[IDX_LCP] = 0; 2028 sp->pp_rseq[IDX_LCP] = 0; 2029 sp->lcp.protos = 0; 2030 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2031 2032 /* 2033 * Initialize counters and timeout values. Note that we don't 2034 * use the 3 seconds suggested in RFC 1661 since we are likely 2035 * running on a fast link. XXX We should probably implement 2036 * the exponential backoff option. Note that these values are 2037 * relevant for all control protocols, not just LCP only. 2038 */ 2039 sp->lcp.timeout = 1 * hz; 2040 sp->lcp.max_terminate = 2; 2041 sp->lcp.max_configure = 10; 2042 sp->lcp.max_failure = 10; 2043 callout_init(&sp->ch[IDX_LCP]); 2044 } 2045 2046 static void 2047 sppp_lcp_up(struct sppp *sp) 2048 { 2049 STDDCL; 2050 2051 /* Initialize activity timestamp: opening a connection is an activity */ 2052 sp->pp_last_activity = mono_time.tv_sec; 2053 2054 /* 2055 * If this interface is passive or dial-on-demand, and we are 2056 * still in Initial state, it means we've got an incoming 2057 * call. Activate the interface. 2058 */ 2059 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2060 if (debug) 2061 log(LOG_DEBUG, 2062 SPP_FMT "Up event", SPP_ARGS(ifp)); 2063 ifp->if_flags |= IFF_RUNNING; 2064 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2065 if (debug) 2066 addlog("(incoming call)\n"); 2067 sp->pp_flags |= PP_CALLIN; 2068 lcp.Open(sp); 2069 } else if (debug) 2070 addlog("\n"); 2071 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2072 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2073 ifp->if_flags |= IFF_RUNNING; 2074 lcp.Open(sp); 2075 } 2076 2077 sppp_up_event(&lcp, sp); 2078 } 2079 2080 static void 2081 sppp_lcp_down(struct sppp *sp) 2082 { 2083 STDDCL; 2084 2085 sppp_down_event(&lcp, sp); 2086 2087 /* 2088 * If this is neither a dial-on-demand nor a passive 2089 * interface, simulate an ``ifconfig down'' action, so the 2090 * administrator can force a redial by another ``ifconfig 2091 * up''. XXX For leased line operation, should we immediately 2092 * try to reopen the connection here? 2093 */ 2094 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2095 if (debug) 2096 log(LOG_INFO, 2097 SPP_FMT "Down event (carrier loss), taking interface down.\n", 2098 SPP_ARGS(ifp)); 2099 if_down(ifp); 2100 } else { 2101 if (debug) 2102 log(LOG_DEBUG, 2103 SPP_FMT "Down event (carrier loss)\n", 2104 SPP_ARGS(ifp)); 2105 } 2106 sp->pp_flags &= ~PP_CALLIN; 2107 if (sp->state[IDX_LCP] != STATE_INITIAL) 2108 lcp.Close(sp); 2109 ifp->if_flags &= ~IFF_RUNNING; 2110 } 2111 2112 static void 2113 sppp_lcp_open(struct sppp *sp) 2114 { 2115 /* 2116 * If we are authenticator, negotiate LCP_AUTH 2117 */ 2118 if (sp->hisauth.proto != 0) 2119 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2120 else 2121 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2122 sp->pp_flags &= ~PP_NEEDAUTH; 2123 sppp_open_event(&lcp, sp); 2124 } 2125 2126 static void 2127 sppp_lcp_close(struct sppp *sp) 2128 { 2129 sppp_close_event(&lcp, sp); 2130 } 2131 2132 static void 2133 sppp_lcp_TO(void *cookie) 2134 { 2135 sppp_to_event(&lcp, (struct sppp *)cookie); 2136 } 2137 2138 /* 2139 * Analyze a configure request. Return true if it was agreeable, and 2140 * caused action sca, false if it has been rejected or nak'ed, and 2141 * caused action scn. (The return value is used to make the state 2142 * transition decision in the state automaton.) 2143 */ 2144 static int 2145 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2146 { 2147 STDDCL; 2148 u_char *buf, *r, *p; 2149 int origlen, rlen; 2150 u_int32_t nmagic; 2151 u_short authproto; 2152 2153 len -= 4; 2154 origlen = len; 2155 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2156 if (! buf) 2157 return (0); 2158 2159 if (debug) 2160 log(LOG_DEBUG, SPP_FMT "lcp parse opts:", 2161 SPP_ARGS(ifp)); 2162 2163 /* pass 1: check for things that need to be rejected */ 2164 p = (void *)(h + 1); 2165 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2166 if (debug) 2167 addlog(" %s", sppp_lcp_opt_name(*p)); 2168 switch (*p) { 2169 case LCP_OPT_MAGIC: 2170 /* Magic number. */ 2171 /* fall through, both are same length */ 2172 case LCP_OPT_ASYNC_MAP: 2173 /* Async control character map. */ 2174 if (len >= 6 || p[1] == 6) 2175 continue; 2176 if (debug) 2177 addlog(" [invalid]"); 2178 break; 2179 case LCP_OPT_MRU: 2180 /* Maximum receive unit. */ 2181 if (len >= 4 && p[1] == 4) 2182 continue; 2183 if (debug) 2184 addlog(" [invalid]"); 2185 break; 2186 case LCP_OPT_AUTH_PROTO: 2187 if (len < 4) { 2188 if (debug) 2189 addlog(" [invalid]"); 2190 break; 2191 } 2192 authproto = (p[2] << 8) + p[3]; 2193 if (authproto == PPP_CHAP && p[1] != 5) { 2194 if (debug) 2195 addlog(" [invalid chap len]"); 2196 break; 2197 } 2198 if (sp->myauth.proto == 0) { 2199 /* we are not configured to do auth */ 2200 if (debug) 2201 addlog(" [not configured]"); 2202 break; 2203 } 2204 /* 2205 * Remote want us to authenticate, remember this, 2206 * so we stay in SPPP_PHASE_AUTHENTICATE after LCP got 2207 * up. 2208 */ 2209 sp->pp_flags |= PP_NEEDAUTH; 2210 continue; 2211 default: 2212 /* Others not supported. */ 2213 if (debug) 2214 addlog(" [rej]"); 2215 break; 2216 } 2217 /* Add the option to rejected list. */ 2218 bcopy (p, r, p[1]); 2219 r += p[1]; 2220 rlen += p[1]; 2221 } 2222 if (rlen) { 2223 if (debug) 2224 addlog(" send conf-rej\n"); 2225 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2226 goto end; 2227 } else if (debug) 2228 addlog("\n"); 2229 2230 /* 2231 * pass 2: check for option values that are unacceptable and 2232 * thus require to be nak'ed. 2233 */ 2234 if (debug) 2235 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2236 SPP_ARGS(ifp)); 2237 2238 p = (void *)(h + 1); 2239 len = origlen; 2240 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2241 if (debug) 2242 addlog(" %s", sppp_lcp_opt_name(*p)); 2243 switch (*p) { 2244 case LCP_OPT_MAGIC: 2245 /* Magic number -- extract. */ 2246 nmagic = (u_int32_t)p[2] << 24 | 2247 (u_int32_t)p[3] << 16 | p[4] << 8 | p[5]; 2248 if (nmagic != sp->lcp.magic) { 2249 if (debug) 2250 addlog(" 0x%x", nmagic); 2251 continue; 2252 } 2253 /* 2254 * Local and remote magics equal -- loopback? 2255 */ 2256 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2257 printf (SPP_FMT "loopback\n", 2258 SPP_ARGS(ifp)); 2259 sp->pp_loopcnt = 0; 2260 if (ifp->if_flags & IFF_UP) { 2261 if_down(ifp); 2262 IF_PURGE(&sp->pp_cpq); 2263 /* XXX ? */ 2264 lcp.Down(sp); 2265 lcp.Up(sp); 2266 } 2267 } else if (debug) 2268 addlog(" [glitch]"); 2269 ++sp->pp_loopcnt; 2270 /* 2271 * We negate our magic here, and NAK it. If 2272 * we see it later in an NAK packet, we 2273 * suggest a new one. 2274 */ 2275 nmagic = ~sp->lcp.magic; 2276 /* Gonna NAK it. */ 2277 p[2] = nmagic >> 24; 2278 p[3] = nmagic >> 16; 2279 p[4] = nmagic >> 8; 2280 p[5] = nmagic; 2281 break; 2282 2283 case LCP_OPT_ASYNC_MAP: 2284 /* 2285 * Async control character map -- just ignore it. 2286 * 2287 * Quote from RFC 1662, chapter 6: 2288 * To enable this functionality, synchronous PPP 2289 * implementations MUST always respond to the 2290 * Async-Control-Character-Map Configuration 2291 * Option with the LCP Configure-Ack. However, 2292 * acceptance of the Configuration Option does 2293 * not imply that the synchronous implementation 2294 * will do any ACCM mapping. Instead, all such 2295 * octet mapping will be performed by the 2296 * asynchronous-to-synchronous converter. 2297 */ 2298 continue; 2299 2300 case LCP_OPT_MRU: 2301 /* 2302 * Maximum receive unit. Always agreeable, 2303 * but ignored by now. 2304 */ 2305 sp->lcp.their_mru = p[2] * 256 + p[3]; 2306 if (debug) 2307 addlog(" %ld", sp->lcp.their_mru); 2308 continue; 2309 2310 case LCP_OPT_AUTH_PROTO: 2311 authproto = (p[2] << 8) + p[3]; 2312 if (sp->myauth.proto != authproto) { 2313 /* not agreed, nak */ 2314 if (debug) 2315 addlog(" [mine %s != his %s]", 2316 sppp_proto_name(sp->hisauth.proto), 2317 sppp_proto_name(authproto)); 2318 p[2] = sp->myauth.proto >> 8; 2319 p[3] = sp->myauth.proto; 2320 break; 2321 } 2322 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2323 if (debug) 2324 addlog(" [chap not MD5]"); 2325 p[4] = CHAP_MD5; 2326 break; 2327 } 2328 continue; 2329 } 2330 /* Add the option to nak'ed list. */ 2331 bcopy (p, r, p[1]); 2332 r += p[1]; 2333 rlen += p[1]; 2334 } 2335 if (rlen) { 2336 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2337 if (debug) 2338 addlog(" max_failure (%d) exceeded, " 2339 "send conf-rej\n", 2340 sp->lcp.max_failure); 2341 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2342 } else { 2343 if (debug) 2344 addlog(" send conf-nak\n"); 2345 sppp_cp_send(sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2346 } 2347 goto end; 2348 } else { 2349 if (debug) 2350 addlog(" send conf-ack\n"); 2351 sp->fail_counter[IDX_LCP] = 0; 2352 sp->pp_loopcnt = 0; 2353 sppp_cp_send(sp, PPP_LCP, CONF_ACK, h->ident, origlen, h + 1); 2354 } 2355 2356 end: 2357 free(buf, M_TEMP); 2358 return (rlen == 0); 2359 } 2360 2361 /* 2362 * Analyze the LCP Configure-Reject option list, and adjust our 2363 * negotiation. 2364 */ 2365 static void 2366 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2367 { 2368 STDDCL; 2369 u_char *buf, *p; 2370 2371 len -= 4; 2372 buf = malloc (len, M_TEMP, M_NOWAIT); 2373 if (!buf) 2374 return; 2375 2376 if (debug) 2377 log(LOG_DEBUG, SPP_FMT "lcp rej opts:", 2378 SPP_ARGS(ifp)); 2379 2380 p = (void *)(h + 1); 2381 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2382 if (debug) 2383 addlog(" %s", sppp_lcp_opt_name(*p)); 2384 switch (*p) { 2385 case LCP_OPT_MAGIC: 2386 /* Magic number -- can't use it, use 0 */ 2387 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2388 sp->lcp.magic = 0; 2389 break; 2390 case LCP_OPT_MRU: 2391 /* 2392 * Should not be rejected anyway, since we only 2393 * negotiate a MRU if explicitly requested by 2394 * peer. 2395 */ 2396 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2397 break; 2398 case LCP_OPT_AUTH_PROTO: 2399 /* 2400 * Peer doesn't want to authenticate himself, 2401 * deny unless this is a dialout call, and 2402 * SPPP_AUTHFLAG_NOCALLOUT is set. 2403 */ 2404 if ((sp->pp_flags & PP_CALLIN) == 0 && 2405 (sp->hisauth.flags & SPPP_AUTHFLAG_NOCALLOUT) != 0) { 2406 if (debug) 2407 addlog(" [don't insist on auth " 2408 "for callout]"); 2409 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2410 break; 2411 } 2412 if (debug) 2413 addlog("[access denied]\n"); 2414 lcp.Close(sp); 2415 break; 2416 } 2417 } 2418 if (debug) 2419 addlog("\n"); 2420 free(buf, M_TEMP); 2421 return; 2422 } 2423 2424 /* 2425 * Analyze the LCP Configure-NAK option list, and adjust our 2426 * negotiation. 2427 */ 2428 static void 2429 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2430 { 2431 STDDCL; 2432 u_char *buf, *p; 2433 u_int32_t magic; 2434 2435 len -= 4; 2436 buf = malloc (len, M_TEMP, M_NOWAIT); 2437 if (!buf) 2438 return; 2439 2440 if (debug) 2441 log(LOG_DEBUG, SPP_FMT "lcp nak opts:", 2442 SPP_ARGS(ifp)); 2443 2444 p = (void *)(h + 1); 2445 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2446 if (debug) 2447 addlog(" %s", sppp_lcp_opt_name(*p)); 2448 switch (*p) { 2449 case LCP_OPT_MAGIC: 2450 /* Magic number -- renegotiate */ 2451 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2452 len >= 6 && p[1] == 6) { 2453 magic = (u_int32_t)p[2] << 24 | 2454 (u_int32_t)p[3] << 16 | p[4] << 8 | p[5]; 2455 /* 2456 * If the remote magic is our negated one, 2457 * this looks like a loopback problem. 2458 * Suggest a new magic to make sure. 2459 */ 2460 if (magic == ~sp->lcp.magic) { 2461 if (debug) 2462 addlog(" magic glitch"); 2463 sp->lcp.magic = random(); 2464 } else { 2465 sp->lcp.magic = magic; 2466 if (debug) 2467 addlog(" %d", magic); 2468 } 2469 } 2470 break; 2471 case LCP_OPT_MRU: 2472 /* 2473 * Peer wants to advise us to negotiate an MRU. 2474 * Agree on it if it's reasonable, or use 2475 * default otherwise. 2476 */ 2477 if (len >= 4 && p[1] == 4) { 2478 u_int mru = p[2] * 256 + p[3]; 2479 if (debug) 2480 addlog(" %d", mru); 2481 if (mru < PP_MTU || mru > PP_MAX_MRU) 2482 mru = PP_MTU; 2483 sp->lcp.mru = mru; 2484 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2485 } 2486 break; 2487 case LCP_OPT_AUTH_PROTO: 2488 /* 2489 * Peer doesn't like our authentication method, 2490 * deny. 2491 */ 2492 if (debug) 2493 addlog("[access denied]\n"); 2494 lcp.Close(sp); 2495 break; 2496 } 2497 } 2498 if (debug) 2499 addlog("\n"); 2500 free(buf, M_TEMP); 2501 return; 2502 } 2503 2504 static void 2505 sppp_lcp_tlu(struct sppp *sp) 2506 { 2507 STDDCL; 2508 int i; 2509 u_int32_t mask; 2510 2511 /* XXX ? */ 2512 if (! (ifp->if_flags & IFF_UP) && 2513 (ifp->if_flags & IFF_RUNNING)) { 2514 /* Coming out of loopback mode. */ 2515 if_up(ifp); 2516 } 2517 2518 for (i = 0; i < IDX_COUNT; i++) 2519 if ((cps[i])->flags & CP_QUAL) 2520 (cps[i])->Open(sp); 2521 2522 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2523 (sp->pp_flags & PP_NEEDAUTH) != 0) 2524 sp->pp_phase = SPPP_PHASE_AUTHENTICATE; 2525 else 2526 sp->pp_phase = SPPP_PHASE_NETWORK; 2527 2528 if(debug) 2529 { 2530 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2531 sppp_phase_name(sp->pp_phase)); 2532 } 2533 2534 /* 2535 * Open all authentication protocols. This is even required 2536 * if we already proceeded to network phase, since it might be 2537 * that remote wants us to authenticate, so we might have to 2538 * send a PAP request. Undesired authentication protocols 2539 * don't do anything when they get an Open event. 2540 */ 2541 for (i = 0; i < IDX_COUNT; i++) 2542 if ((cps[i])->flags & CP_AUTH) 2543 (cps[i])->Open(sp); 2544 2545 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 2546 /* Notify all NCPs. */ 2547 for (i = 0; i < IDX_COUNT; i++) 2548 if ((cps[i])->flags & CP_NCP) 2549 (cps[i])->Open(sp); 2550 } 2551 2552 /* Send Up events to all started protos. */ 2553 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2554 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2555 (cps[i])->Up(sp); 2556 2557 /* notify low-level driver of state change */ 2558 if (sp->pp_chg) 2559 sp->pp_chg(sp, (int)sp->pp_phase); 2560 2561 if (sp->pp_phase == SPPP_PHASE_NETWORK) 2562 /* if no NCP is starting, close down */ 2563 sppp_lcp_check_and_close(sp); 2564 } 2565 2566 static void 2567 sppp_lcp_tld(struct sppp *sp) 2568 { 2569 STDDCL; 2570 int i; 2571 u_int32_t mask; 2572 2573 sp->pp_phase = SPPP_PHASE_TERMINATE; 2574 2575 if(debug) 2576 { 2577 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2578 sppp_phase_name(sp->pp_phase)); 2579 } 2580 2581 /* 2582 * Take upper layers down. We send the Down event first and 2583 * the Close second to prevent the upper layers from sending 2584 * ``a flurry of terminate-request packets'', as the RFC 2585 * describes it. 2586 */ 2587 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2588 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2589 (cps[i])->Down(sp); 2590 (cps[i])->Close(sp); 2591 } 2592 } 2593 2594 static void 2595 sppp_lcp_tls(struct sppp *sp) 2596 { 2597 STDDCL; 2598 2599 if (sp->pp_max_auth_fail != 0 && sp->pp_auth_failures >= sp->pp_max_auth_fail) { 2600 printf("%s: authentication failed %d times, not retrying again\n", 2601 sp->pp_if.if_xname, sp->pp_auth_failures); 2602 if_down(&sp->pp_if); 2603 return; 2604 } 2605 2606 sp->pp_phase = SPPP_PHASE_ESTABLISH; 2607 2608 if(debug) 2609 { 2610 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2611 sppp_phase_name(sp->pp_phase)); 2612 } 2613 2614 /* Notify lower layer if desired. */ 2615 if (sp->pp_tls) 2616 (sp->pp_tls)(sp); 2617 } 2618 2619 static void 2620 sppp_lcp_tlf(struct sppp *sp) 2621 { 2622 STDDCL; 2623 2624 sp->pp_phase = SPPP_PHASE_DEAD; 2625 2626 if(debug) 2627 { 2628 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2629 sppp_phase_name(sp->pp_phase)); 2630 } 2631 2632 /* Notify lower layer if desired. */ 2633 if (sp->pp_tlf) 2634 (sp->pp_tlf)(sp); 2635 } 2636 2637 static void 2638 sppp_lcp_scr(struct sppp *sp) 2639 { 2640 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2641 int i = 0; 2642 u_short authproto; 2643 2644 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2645 if (! sp->lcp.magic) 2646 sp->lcp.magic = random(); 2647 opt[i++] = LCP_OPT_MAGIC; 2648 opt[i++] = 6; 2649 opt[i++] = sp->lcp.magic >> 24; 2650 opt[i++] = sp->lcp.magic >> 16; 2651 opt[i++] = sp->lcp.magic >> 8; 2652 opt[i++] = sp->lcp.magic; 2653 } 2654 2655 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2656 opt[i++] = LCP_OPT_MRU; 2657 opt[i++] = 4; 2658 opt[i++] = sp->lcp.mru >> 8; 2659 opt[i++] = sp->lcp.mru; 2660 } 2661 2662 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2663 authproto = sp->hisauth.proto; 2664 opt[i++] = LCP_OPT_AUTH_PROTO; 2665 opt[i++] = authproto == PPP_CHAP? 5: 4; 2666 opt[i++] = authproto >> 8; 2667 opt[i++] = authproto; 2668 if (authproto == PPP_CHAP) 2669 opt[i++] = CHAP_MD5; 2670 } 2671 2672 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2673 sppp_cp_send(sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2674 } 2675 2676 /* 2677 * Check the open NCPs, return true if at least one NCP is open. 2678 */ 2679 static int 2680 sppp_ncp_check(struct sppp *sp) 2681 { 2682 int i, mask; 2683 2684 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2685 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2686 return 1; 2687 return 0; 2688 } 2689 2690 /* 2691 * Re-check the open NCPs and see if we should terminate the link. 2692 * Called by the NCPs during their tlf action handling. 2693 */ 2694 static void 2695 sppp_lcp_check_and_close(struct sppp *sp) 2696 { 2697 2698 if (sp->pp_phase < SPPP_PHASE_NETWORK) 2699 /* don't bother, we are already going down */ 2700 return; 2701 2702 if (sppp_ncp_check(sp)) 2703 return; 2704 2705 lcp.Close(sp); 2706 } 2707 2708 2709 /* 2710 *--------------------------------------------------------------------------* 2711 * * 2712 * The IPCP implementation. * 2713 * * 2714 *--------------------------------------------------------------------------* 2715 */ 2716 2717 static void 2718 sppp_ipcp_init(struct sppp *sp) 2719 { 2720 sp->ipcp.opts = 0; 2721 sp->ipcp.flags = 0; 2722 sp->state[IDX_IPCP] = STATE_INITIAL; 2723 sp->fail_counter[IDX_IPCP] = 0; 2724 sp->pp_seq[IDX_IPCP] = 0; 2725 sp->pp_rseq[IDX_IPCP] = 0; 2726 callout_init(&sp->ch[IDX_IPCP]); 2727 } 2728 2729 static void 2730 sppp_ipcp_up(struct sppp *sp) 2731 { 2732 sppp_up_event(&ipcp, sp); 2733 } 2734 2735 static void 2736 sppp_ipcp_down(struct sppp *sp) 2737 { 2738 sppp_down_event(&ipcp, sp); 2739 } 2740 2741 static void 2742 sppp_ipcp_open(struct sppp *sp) 2743 { 2744 STDDCL; 2745 u_int32_t myaddr, hisaddr; 2746 2747 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN|IPCP_HISADDR_DYN); 2748 sp->ipcp.req_myaddr = 0; 2749 sp->ipcp.req_hisaddr = 0; 2750 memset(&sp->dns_addrs, 0, sizeof sp->dns_addrs); 2751 2752 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2753 /* 2754 * If we don't have his address, this probably means our 2755 * interface doesn't want to talk IP at all. (This could 2756 * be the case if somebody wants to speak only IPX, for 2757 * example.) Don't open IPCP in this case. 2758 */ 2759 if (hisaddr == 0L) { 2760 /* XXX this message should go away */ 2761 if (debug) 2762 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2763 SPP_ARGS(ifp)); 2764 return; 2765 } 2766 2767 if (myaddr == 0) { 2768 /* 2769 * I don't have an assigned address, so i need to 2770 * negotiate my address. 2771 */ 2772 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2773 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2774 } 2775 if (hisaddr == 1) { 2776 /* 2777 * XXX - remove this hack! 2778 * remote has no valid adress, we need to get one assigned. 2779 */ 2780 sp->ipcp.flags |= IPCP_HISADDR_DYN; 2781 } 2782 sppp_open_event(&ipcp, sp); 2783 } 2784 2785 static void 2786 sppp_ipcp_close(struct sppp *sp) 2787 { 2788 sppp_close_event(&ipcp, sp); 2789 if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN)) 2790 /* 2791 * Some address was dynamic, clear it again. 2792 */ 2793 sppp_clear_ip_addrs(sp); 2794 } 2795 2796 static void 2797 sppp_ipcp_TO(void *cookie) 2798 { 2799 sppp_to_event(&ipcp, (struct sppp *)cookie); 2800 } 2801 2802 /* 2803 * Analyze a configure request. Return true if it was agreeable, and 2804 * caused action sca, false if it has been rejected or nak'ed, and 2805 * caused action scn. (The return value is used to make the state 2806 * transition decision in the state automaton.) 2807 */ 2808 static int 2809 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2810 { 2811 u_char *buf, *r, *p; 2812 struct ifnet *ifp = &sp->pp_if; 2813 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2814 u_int32_t hisaddr, desiredaddr; 2815 2816 len -= 4; 2817 origlen = len; 2818 /* 2819 * Make sure to allocate a buf that can at least hold a 2820 * conf-nak with an `address' option. We might need it below. 2821 */ 2822 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2823 if (! buf) 2824 return (0); 2825 2826 /* pass 1: see if we can recognize them */ 2827 if (debug) 2828 log(LOG_DEBUG, SPP_FMT "ipcp parse opts:", 2829 SPP_ARGS(ifp)); 2830 p = (void *)(h + 1); 2831 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2832 if (debug) 2833 addlog(" %s", sppp_ipcp_opt_name(*p)); 2834 switch (*p) { 2835 #ifdef notyet 2836 case IPCP_OPT_COMPRESSION: 2837 if (len >= 6 && p[1] >= 6) { 2838 /* correctly formed compress option */ 2839 continue; 2840 } 2841 if (debug) 2842 addlog(" [invalid]"); 2843 break; 2844 #endif 2845 case IPCP_OPT_ADDRESS: 2846 if (len >= 6 && p[1] == 6) { 2847 /* correctly formed address option */ 2848 continue; 2849 } 2850 if (debug) 2851 addlog(" [invalid]"); 2852 break; 2853 default: 2854 /* Others not supported. */ 2855 if (debug) 2856 addlog(" [rej]"); 2857 break; 2858 } 2859 /* Add the option to rejected list. */ 2860 bcopy (p, r, p[1]); 2861 r += p[1]; 2862 rlen += p[1]; 2863 } 2864 if (rlen) { 2865 if (debug) 2866 addlog(" send conf-rej\n"); 2867 sppp_cp_send(sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2868 goto end; 2869 } else if (debug) 2870 addlog("\n"); 2871 2872 /* pass 2: parse option values */ 2873 if (sp->ipcp.flags & IPCP_HISADDR_SEEN) 2874 hisaddr = sp->ipcp.req_hisaddr; /* we already aggreed on that */ 2875 else 2876 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */ 2877 if (debug) 2878 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2879 SPP_ARGS(ifp)); 2880 p = (void *)(h + 1); 2881 len = origlen; 2882 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2883 if (debug) 2884 addlog(" %s", sppp_ipcp_opt_name(*p)); 2885 switch (*p) { 2886 #ifdef notyet 2887 case IPCP_OPT_COMPRESSION: 2888 continue; 2889 #endif 2890 case IPCP_OPT_ADDRESS: 2891 desiredaddr = p[2] << 24 | p[3] << 16 | 2892 p[4] << 8 | p[5]; 2893 if (desiredaddr == hisaddr || 2894 ((sp->ipcp.flags & IPCP_HISADDR_DYN) && desiredaddr != 0)) { 2895 /* 2896 * Peer's address is same as our value, 2897 * this is agreeable. Gonna conf-ack 2898 * it. 2899 */ 2900 if (debug) 2901 addlog(" %s [ack]", 2902 sppp_dotted_quad(hisaddr)); 2903 /* record that we've seen it already */ 2904 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2905 sp->ipcp.req_hisaddr = desiredaddr; 2906 hisaddr = desiredaddr; 2907 continue; 2908 } 2909 /* 2910 * The address wasn't agreeable. This is either 2911 * he sent us 0.0.0.0, asking to assign him an 2912 * address, or he send us another address not 2913 * matching our value. Either case, we gonna 2914 * conf-nak it with our value. 2915 */ 2916 if (debug) { 2917 if (desiredaddr == 0) 2918 addlog(" [addr requested]"); 2919 else 2920 addlog(" %s [not agreed]", 2921 sppp_dotted_quad(desiredaddr)); 2922 } 2923 2924 p[2] = hisaddr >> 24; 2925 p[3] = hisaddr >> 16; 2926 p[4] = hisaddr >> 8; 2927 p[5] = hisaddr; 2928 break; 2929 } 2930 /* Add the option to nak'ed list. */ 2931 bcopy (p, r, p[1]); 2932 r += p[1]; 2933 rlen += p[1]; 2934 } 2935 2936 /* 2937 * If we are about to conf-ack the request, but haven't seen 2938 * his address so far, gonna conf-nak it instead, with the 2939 * `address' option present and our idea of his address being 2940 * filled in there, to request negotiation of both addresses. 2941 * 2942 * XXX This can result in an endless req - nak loop if peer 2943 * doesn't want to send us his address. Q: What should we do 2944 * about it? XXX A: implement the max-failure counter. 2945 */ 2946 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) { 2947 buf[0] = IPCP_OPT_ADDRESS; 2948 buf[1] = 6; 2949 buf[2] = hisaddr >> 24; 2950 buf[3] = hisaddr >> 16; 2951 buf[4] = hisaddr >> 8; 2952 buf[5] = hisaddr; 2953 rlen = 6; 2954 if (debug) 2955 addlog(" still need hisaddr"); 2956 } 2957 2958 if (rlen) { 2959 if (debug) 2960 addlog(" send conf-nak\n"); 2961 sppp_cp_send(sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2962 } else { 2963 if (debug) 2964 addlog(" send conf-ack\n"); 2965 sppp_cp_send(sp, PPP_IPCP, CONF_ACK, h->ident, origlen, h + 1); 2966 } 2967 2968 end: 2969 free(buf, M_TEMP); 2970 return (rlen == 0); 2971 } 2972 2973 /* 2974 * Analyze the IPCP Configure-Reject option list, and adjust our 2975 * negotiation. 2976 */ 2977 static void 2978 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2979 { 2980 u_char *buf, *p; 2981 struct ifnet *ifp = &sp->pp_if; 2982 int debug = ifp->if_flags & IFF_DEBUG; 2983 2984 len -= 4; 2985 buf = malloc (len, M_TEMP, M_NOWAIT); 2986 if (!buf) 2987 return; 2988 2989 if (debug) 2990 log(LOG_DEBUG, SPP_FMT "ipcp rej opts:", 2991 SPP_ARGS(ifp)); 2992 2993 p = (void *)(h + 1); 2994 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2995 if (debug) 2996 addlog(" %s", sppp_ipcp_opt_name(*p)); 2997 switch (*p) { 2998 case IPCP_OPT_ADDRESS: 2999 /* 3000 * Peer doesn't grok address option. This is 3001 * bad. XXX Should we better give up here? 3002 */ 3003 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3004 break; 3005 #ifdef notyet 3006 case IPCP_OPT_COMPRESS: 3007 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS); 3008 break; 3009 #endif 3010 } 3011 } 3012 if (debug) 3013 addlog("\n"); 3014 free(buf, M_TEMP); 3015 return; 3016 } 3017 3018 /* 3019 * Analyze the IPCP Configure-NAK option list, and adjust our 3020 * negotiation. 3021 */ 3022 static void 3023 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3024 { 3025 u_char *p; 3026 struct ifnet *ifp = &sp->pp_if; 3027 int debug = ifp->if_flags & IFF_DEBUG; 3028 u_int32_t wantaddr; 3029 3030 len -= 4; 3031 3032 if (debug) 3033 log(LOG_DEBUG, SPP_FMT "ipcp nak opts:", 3034 SPP_ARGS(ifp)); 3035 3036 p = (void *)(h + 1); 3037 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3038 if (debug) 3039 addlog(" %s", sppp_ipcp_opt_name(*p)); 3040 switch (*p) { 3041 case IPCP_OPT_ADDRESS: 3042 /* 3043 * Peer doesn't like our local IP address. See 3044 * if we can do something for him. We'll drop 3045 * him our address then. 3046 */ 3047 if (len >= 6 && p[1] == 6) { 3048 wantaddr = p[2] << 24 | p[3] << 16 | 3049 p[4] << 8 | p[5]; 3050 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3051 if (debug) 3052 addlog(" [wantaddr %s]", 3053 sppp_dotted_quad(wantaddr)); 3054 /* 3055 * When doing dynamic address assignment, 3056 * we accept his offer. Otherwise, we 3057 * ignore it and thus continue to negotiate 3058 * our already existing value. 3059 */ 3060 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3061 if (debug) 3062 addlog(" [agree]"); 3063 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3064 sp->ipcp.req_myaddr = wantaddr; 3065 } 3066 } 3067 break; 3068 3069 case IPCP_OPT_PRIMDNS: 3070 if (len >= 6 && p[1] == 6) { 3071 sp->dns_addrs[0] = p[2] << 24 | p[3] << 16 | 3072 p[4] << 8 | p[5]; 3073 } 3074 break; 3075 3076 case IPCP_OPT_SECDNS: 3077 if (len >= 6 && p[1] == 6) { 3078 sp->dns_addrs[1] = p[2] << 24 | p[3] << 16 | 3079 p[4] << 8 | p[5]; 3080 } 3081 break; 3082 #ifdef notyet 3083 case IPCP_OPT_COMPRESS: 3084 /* 3085 * Peer wants different compression parameters. 3086 */ 3087 break; 3088 #endif 3089 } 3090 } 3091 if (debug) 3092 addlog("\n"); 3093 return; 3094 } 3095 3096 static void 3097 sppp_ipcp_tlu(struct sppp *sp) 3098 { 3099 /* we are up. Set addresses and notify anyone interested */ 3100 u_int32_t myaddr, hisaddr; 3101 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 3102 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && (sp->ipcp.flags & IPCP_MYADDR_SEEN)) 3103 myaddr = sp->ipcp.req_myaddr; 3104 if ((sp->ipcp.flags & IPCP_HISADDR_DYN) && (sp->ipcp.flags & IPCP_HISADDR_SEEN)) 3105 hisaddr = sp->ipcp.req_hisaddr; 3106 sppp_set_ip_addrs(sp, myaddr, hisaddr); 3107 if (sp->pp_con) 3108 sp->pp_con(sp); 3109 } 3110 3111 static void 3112 sppp_ipcp_tld(struct sppp *sp) 3113 { 3114 } 3115 3116 static void 3117 sppp_ipcp_tls(struct sppp *sp) 3118 { 3119 /* indicate to LCP that it must stay alive */ 3120 sp->lcp.protos |= (1 << IDX_IPCP); 3121 } 3122 3123 static void 3124 sppp_ipcp_tlf(struct sppp *sp) 3125 { 3126 /* we no longer need LCP */ 3127 sp->lcp.protos &= ~(1 << IDX_IPCP); 3128 } 3129 3130 static void 3131 sppp_ipcp_scr(struct sppp *sp) 3132 { 3133 char opt[6 /* compression */ + 6 /* address */ + 12 /* dns addresses */]; 3134 u_int32_t ouraddr; 3135 int i = 0; 3136 3137 #ifdef notyet 3138 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3139 opt[i++] = IPCP_OPT_COMPRESSION; 3140 opt[i++] = 6; 3141 opt[i++] = 0; /* VJ header compression */ 3142 opt[i++] = 0x2d; /* VJ header compression */ 3143 opt[i++] = max_slot_id; 3144 opt[i++] = comp_slot_id; 3145 } 3146 #endif 3147 3148 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3149 if (sp->ipcp.flags & IPCP_MYADDR_SEEN) 3150 ouraddr = sp->ipcp.req_myaddr; /* not sure if this can ever happen */ 3151 else 3152 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3153 opt[i++] = IPCP_OPT_ADDRESS; 3154 opt[i++] = 6; 3155 opt[i++] = ouraddr >> 24; 3156 opt[i++] = ouraddr >> 16; 3157 opt[i++] = ouraddr >> 8; 3158 opt[i++] = ouraddr; 3159 } 3160 3161 if (sp->query_dns & 1) { 3162 opt[i++] = IPCP_OPT_PRIMDNS; 3163 opt[i++] = 6; 3164 opt[i++] = sp->dns_addrs[0] >> 24; 3165 opt[i++] = sp->dns_addrs[0] >> 16; 3166 opt[i++] = sp->dns_addrs[0] >> 8; 3167 opt[i++] = sp->dns_addrs[0]; 3168 } 3169 if (sp->query_dns & 2) { 3170 opt[i++] = IPCP_OPT_SECDNS; 3171 opt[i++] = 6; 3172 opt[i++] = sp->dns_addrs[1] >> 24; 3173 opt[i++] = sp->dns_addrs[1] >> 16; 3174 opt[i++] = sp->dns_addrs[1] >> 8; 3175 opt[i++] = sp->dns_addrs[1]; 3176 } 3177 3178 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3179 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3180 } 3181 3182 3183 /* 3184 *--------------------------------------------------------------------------* 3185 * * 3186 * The IPv6CP implementation. * 3187 * * 3188 *--------------------------------------------------------------------------* 3189 */ 3190 3191 #ifdef INET6 3192 static void 3193 sppp_ipv6cp_init(struct sppp *sp) 3194 { 3195 sp->ipv6cp.opts = 0; 3196 sp->ipv6cp.flags = 0; 3197 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3198 sp->fail_counter[IDX_IPV6CP] = 0; 3199 sp->pp_seq[IDX_IPV6CP] = 0; 3200 sp->pp_rseq[IDX_IPV6CP] = 0; 3201 callout_init(&sp->ch[IDX_IPV6CP]); 3202 } 3203 3204 static void 3205 sppp_ipv6cp_up(struct sppp *sp) 3206 { 3207 sppp_up_event(&ipv6cp, sp); 3208 } 3209 3210 static void 3211 sppp_ipv6cp_down(struct sppp *sp) 3212 { 3213 sppp_down_event(&ipv6cp, sp); 3214 } 3215 3216 static void 3217 sppp_ipv6cp_open(struct sppp *sp) 3218 { 3219 STDDCL; 3220 struct in6_addr myaddr, hisaddr; 3221 3222 #ifdef IPV6CP_MYIFID_DYN 3223 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3224 #else 3225 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3226 #endif 3227 3228 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3229 /* 3230 * If we don't have our address, this probably means our 3231 * interface doesn't want to talk IPv6 at all. (This could 3232 * be the case if somebody wants to speak only IPX, for 3233 * example.) Don't open IPv6CP in this case. 3234 */ 3235 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3236 /* XXX this message should go away */ 3237 if (debug) 3238 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3239 SPP_ARGS(ifp)); 3240 return; 3241 } 3242 3243 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3244 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3245 sppp_open_event(&ipv6cp, sp); 3246 } 3247 3248 static void 3249 sppp_ipv6cp_close(struct sppp *sp) 3250 { 3251 sppp_close_event(&ipv6cp, sp); 3252 } 3253 3254 static void 3255 sppp_ipv6cp_TO(void *cookie) 3256 { 3257 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3258 } 3259 3260 /* 3261 * Analyze a configure request. Return true if it was agreeable, and 3262 * caused action sca, false if it has been rejected or nak'ed, and 3263 * caused action scn. (The return value is used to make the state 3264 * transition decision in the state automaton.) 3265 */ 3266 static int 3267 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3268 { 3269 u_char *buf, *r, *p; 3270 struct ifnet *ifp = &sp->pp_if; 3271 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3272 struct in6_addr myaddr, desiredaddr, suggestaddr; 3273 int ifidcount; 3274 int type; 3275 int collision, nohisaddr; 3276 3277 len -= 4; 3278 origlen = len; 3279 /* 3280 * Make sure to allocate a buf that can at least hold a 3281 * conf-nak with an `address' option. We might need it below. 3282 */ 3283 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3284 if (! buf) 3285 return (0); 3286 3287 /* pass 1: see if we can recognize them */ 3288 if (debug) 3289 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3290 SPP_ARGS(ifp)); 3291 p = (void *)(h + 1); 3292 ifidcount = 0; 3293 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3294 if (debug) 3295 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3296 switch (*p) { 3297 case IPV6CP_OPT_IFID: 3298 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3299 /* correctly formed address option */ 3300 ifidcount++; 3301 continue; 3302 } 3303 if (debug) 3304 addlog(" [invalid]"); 3305 break; 3306 #ifdef notyet 3307 case IPV6CP_OPT_COMPRESSION: 3308 if (len >= 4 && p[1] >= 4) { 3309 /* correctly formed compress option */ 3310 continue; 3311 } 3312 if (debug) 3313 addlog(" [invalid]"); 3314 break; 3315 #endif 3316 default: 3317 /* Others not supported. */ 3318 if (debug) 3319 addlog(" [rej]"); 3320 break; 3321 } 3322 /* Add the option to rejected list. */ 3323 bcopy (p, r, p[1]); 3324 r += p[1]; 3325 rlen += p[1]; 3326 } 3327 if (rlen) { 3328 if (debug) 3329 addlog(" send conf-rej\n"); 3330 sppp_cp_send(sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3331 goto end; 3332 } else if (debug) 3333 addlog("\n"); 3334 3335 /* pass 2: parse option values */ 3336 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3337 if (debug) 3338 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3339 SPP_ARGS(ifp)); 3340 p = (void *)(h + 1); 3341 len = origlen; 3342 type = CONF_ACK; 3343 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3344 if (debug) 3345 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3346 switch (*p) { 3347 #ifdef notyet 3348 case IPV6CP_OPT_COMPRESSION: 3349 continue; 3350 #endif 3351 case IPV6CP_OPT_IFID: 3352 memset(&desiredaddr, 0, sizeof(desiredaddr)); 3353 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3354 collision = (memcmp(&desiredaddr.s6_addr[8], 3355 &myaddr.s6_addr[8], 8) == 0); 3356 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3357 3358 desiredaddr.s6_addr16[0] = htons(0xfe80); 3359 desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3360 3361 if (!collision && !nohisaddr) { 3362 /* no collision, hisaddr known - Conf-Ack */ 3363 type = CONF_ACK; 3364 3365 if (debug) { 3366 addlog(" %s [%s]", 3367 ip6_sprintf(&desiredaddr), 3368 sppp_cp_type_name(type)); 3369 } 3370 continue; 3371 } 3372 3373 memset(&suggestaddr, 0, sizeof(&suggestaddr)); 3374 if (collision && nohisaddr) { 3375 /* collision, hisaddr unknown - Conf-Rej */ 3376 type = CONF_REJ; 3377 memset(&p[2], 0, 8); 3378 } else { 3379 /* 3380 * - no collision, hisaddr unknown, or 3381 * - collision, hisaddr known 3382 * Conf-Nak, suggest hisaddr 3383 */ 3384 type = CONF_NAK; 3385 sppp_suggest_ip6_addr(sp, &suggestaddr); 3386 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3387 } 3388 if (debug) 3389 addlog(" %s [%s]", ip6_sprintf(&desiredaddr), 3390 sppp_cp_type_name(type)); 3391 break; 3392 } 3393 /* Add the option to nak'ed list. */ 3394 bcopy (p, r, p[1]); 3395 r += p[1]; 3396 rlen += p[1]; 3397 } 3398 3399 if (rlen == 0 && type == CONF_ACK) { 3400 if (debug) 3401 addlog(" send %s\n", sppp_cp_type_name(type)); 3402 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, origlen, h + 1); 3403 } else { 3404 #ifdef notdef 3405 if (type == CONF_ACK) 3406 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3407 #endif 3408 3409 if (debug) { 3410 addlog(" send %s suggest %s\n", 3411 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr)); 3412 } 3413 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3414 } 3415 3416 end: 3417 free(buf, M_TEMP); 3418 return (rlen == 0); 3419 } 3420 3421 /* 3422 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3423 * negotiation. 3424 */ 3425 static void 3426 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3427 { 3428 u_char *buf, *p; 3429 struct ifnet *ifp = &sp->pp_if; 3430 int debug = ifp->if_flags & IFF_DEBUG; 3431 3432 len -= 4; 3433 buf = malloc (len, M_TEMP, M_NOWAIT); 3434 if (!buf) 3435 return; 3436 3437 if (debug) 3438 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3439 SPP_ARGS(ifp)); 3440 3441 p = (void *)(h + 1); 3442 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3443 if (debug) 3444 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3445 switch (*p) { 3446 case IPV6CP_OPT_IFID: 3447 /* 3448 * Peer doesn't grok address option. This is 3449 * bad. XXX Should we better give up here? 3450 */ 3451 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3452 break; 3453 #ifdef notyet 3454 case IPV6CP_OPT_COMPRESS: 3455 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3456 break; 3457 #endif 3458 } 3459 } 3460 if (debug) 3461 addlog("\n"); 3462 free(buf, M_TEMP); 3463 return; 3464 } 3465 3466 /* 3467 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3468 * negotiation. 3469 */ 3470 static void 3471 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3472 { 3473 u_char *buf, *p; 3474 struct ifnet *ifp = &sp->pp_if; 3475 int debug = ifp->if_flags & IFF_DEBUG; 3476 struct in6_addr suggestaddr; 3477 3478 len -= 4; 3479 buf = malloc (len, M_TEMP, M_NOWAIT); 3480 if (!buf) 3481 return; 3482 3483 if (debug) 3484 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3485 SPP_ARGS(ifp)); 3486 3487 p = (void *)(h + 1); 3488 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3489 if (debug) 3490 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3491 switch (*p) { 3492 case IPV6CP_OPT_IFID: 3493 /* 3494 * Peer doesn't like our local ifid. See 3495 * if we can do something for him. We'll drop 3496 * him our address then. 3497 */ 3498 if (len < 10 || p[1] != 10) 3499 break; 3500 memset(&suggestaddr, 0, sizeof(suggestaddr)); 3501 suggestaddr.s6_addr16[0] = htons(0xfe80); 3502 suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3503 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3504 3505 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3506 if (debug) 3507 addlog(" [suggestaddr %s]", 3508 ip6_sprintf(&suggestaddr)); 3509 #ifdef IPV6CP_MYIFID_DYN 3510 /* 3511 * When doing dynamic address assignment, 3512 * we accept his offer. 3513 */ 3514 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3515 struct in6_addr lastsuggest; 3516 /* 3517 * If <suggested myaddr from peer> equals to 3518 * <hisaddr we have suggested last time>, 3519 * we have a collision. generate new random 3520 * ifid. 3521 */ 3522 sppp_suggest_ip6_addr(&lastsuggest); 3523 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3524 lastsuggest)) { 3525 if (debug) 3526 addlog(" [random]"); 3527 sppp_gen_ip6_addr(sp, &suggestaddr); 3528 } 3529 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3530 if (debug) 3531 addlog(" [agree]"); 3532 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3533 } 3534 #else 3535 /* 3536 * Since we do not do dynamic address assignment, 3537 * we ignore it and thus continue to negotiate 3538 * our already existing value. This can possibly 3539 * go into infinite request-reject loop. 3540 * 3541 * This is not likely because we normally use 3542 * ifid based on MAC-address. 3543 * If you have no ethernet card on the node, too bad. 3544 * XXX should we use fail_counter? 3545 */ 3546 #endif 3547 break; 3548 #ifdef notyet 3549 case IPV6CP_OPT_COMPRESS: 3550 /* 3551 * Peer wants different compression parameters. 3552 */ 3553 break; 3554 #endif 3555 } 3556 } 3557 if (debug) 3558 addlog("\n"); 3559 free(buf, M_TEMP); 3560 return; 3561 } 3562 3563 static void 3564 sppp_ipv6cp_tlu(struct sppp *sp) 3565 { 3566 /* we are up - notify isdn daemon */ 3567 if (sp->pp_con) 3568 sp->pp_con(sp); 3569 } 3570 3571 static void 3572 sppp_ipv6cp_tld(struct sppp *sp) 3573 { 3574 } 3575 3576 static void 3577 sppp_ipv6cp_tls(struct sppp *sp) 3578 { 3579 /* indicate to LCP that it must stay alive */ 3580 sp->lcp.protos |= (1 << IDX_IPV6CP); 3581 } 3582 3583 static void 3584 sppp_ipv6cp_tlf(struct sppp *sp) 3585 { 3586 /* we no longer need LCP */ 3587 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3588 } 3589 3590 static void 3591 sppp_ipv6cp_scr(struct sppp *sp) 3592 { 3593 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3594 struct in6_addr ouraddr; 3595 int i = 0; 3596 3597 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3598 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3599 opt[i++] = IPV6CP_OPT_IFID; 3600 opt[i++] = 10; 3601 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3602 i += 8; 3603 } 3604 3605 #ifdef notyet 3606 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3607 opt[i++] = IPV6CP_OPT_COMPRESSION; 3608 opt[i++] = 4; 3609 opt[i++] = 0; /* TBD */ 3610 opt[i++] = 0; /* TBD */ 3611 /* variable length data may follow */ 3612 } 3613 #endif 3614 3615 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3616 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3617 } 3618 #else /*INET6*/ 3619 static void sppp_ipv6cp_init(struct sppp *sp) 3620 { 3621 } 3622 3623 static void sppp_ipv6cp_up(struct sppp *sp) 3624 { 3625 } 3626 3627 static void sppp_ipv6cp_down(struct sppp *sp) 3628 { 3629 } 3630 3631 3632 static void sppp_ipv6cp_open(struct sppp *sp) 3633 { 3634 } 3635 3636 static void sppp_ipv6cp_close(struct sppp *sp) 3637 { 3638 } 3639 3640 static void sppp_ipv6cp_TO(void *sp) 3641 { 3642 } 3643 3644 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3645 { 3646 return 0; 3647 } 3648 3649 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3650 { 3651 } 3652 3653 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3654 { 3655 } 3656 3657 static void sppp_ipv6cp_tlu(struct sppp *sp) 3658 { 3659 } 3660 3661 static void sppp_ipv6cp_tld(struct sppp *sp) 3662 { 3663 } 3664 3665 static void sppp_ipv6cp_tls(struct sppp *sp) 3666 { 3667 } 3668 3669 static void sppp_ipv6cp_tlf(struct sppp *sp) 3670 { 3671 } 3672 3673 static void sppp_ipv6cp_scr(struct sppp *sp) 3674 { 3675 } 3676 #endif /*INET6*/ 3677 3678 3679 /* 3680 *--------------------------------------------------------------------------* 3681 * * 3682 * The CHAP implementation. * 3683 * * 3684 *--------------------------------------------------------------------------* 3685 */ 3686 3687 /* 3688 * The authentication protocols don't employ a full-fledged state machine as 3689 * the control protocols do, since they do have Open and Close events, but 3690 * not Up and Down, nor are they explicitly terminated. Also, use of the 3691 * authentication protocols may be different in both directions (this makes 3692 * sense, think of a machine that never accepts incoming calls but only 3693 * calls out, it doesn't require the called party to authenticate itself). 3694 * 3695 * Our state machine for the local authentication protocol (we are requesting 3696 * the peer to authenticate) looks like: 3697 * 3698 * RCA- 3699 * +--------------------------------------------+ 3700 * V scn,tld| 3701 * +--------+ Close +---------+ RCA+ 3702 * | |<----------------------------------| |------+ 3703 * +--->| Closed | TO* | Opened | sca | 3704 * | | |-----+ +-------| |<-----+ 3705 * | +--------+ irc | | +---------+ 3706 * | ^ | | ^ 3707 * | | | | | 3708 * | | | | | 3709 * | TO-| | | | 3710 * | |tld TO+ V | | 3711 * | | +------->+ | | 3712 * | | | | | | 3713 * | +--------+ V | | 3714 * | | |<----+<--------------------+ | 3715 * | | Req- | scr | 3716 * | | Sent | | 3717 * | | | | 3718 * | +--------+ | 3719 * | RCA- | | RCA+ | 3720 * +------+ +------------------------------------------+ 3721 * scn,tld sca,irc,ict,tlu 3722 * 3723 * 3724 * with: 3725 * 3726 * Open: LCP reached authentication phase 3727 * Close: LCP reached terminate phase 3728 * 3729 * RCA+: received reply (pap-req, chap-response), acceptable 3730 * RCN: received reply (pap-req, chap-response), not acceptable 3731 * TO+: timeout with restart counter >= 0 3732 * TO-: timeout with restart counter < 0 3733 * TO*: reschedule timeout for CHAP 3734 * 3735 * scr: send request packet (none for PAP, chap-challenge) 3736 * sca: send ack packet (pap-ack, chap-success) 3737 * scn: send nak packet (pap-nak, chap-failure) 3738 * ict: initialize re-challenge timer (CHAP only) 3739 * 3740 * tlu: this-layer-up, LCP reaches network phase 3741 * tld: this-layer-down, LCP enters terminate phase 3742 * 3743 * Note that in CHAP mode, after sending a new challenge, while the state 3744 * automaton falls back into Req-Sent state, it doesn't signal a tld 3745 * event to LCP, so LCP remains in network phase. Only after not getting 3746 * any response (or after getting an unacceptable response), CHAP closes, 3747 * causing LCP to enter terminate phase. 3748 * 3749 * With PAP, there is no initial request that can be sent. The peer is 3750 * expected to send one based on the successful negotiation of PAP as 3751 * the authentication protocol during the LCP option negotiation. 3752 * 3753 * Incoming authentication protocol requests (remote requests 3754 * authentication, we are peer) don't employ a state machine at all, 3755 * they are simply answered. Some peers [Ascend P50 firmware rev 3756 * 4.50] react allergically when sending IPCP/IPv6CP requests while they are 3757 * still in authentication phase (thereby violating the standard that 3758 * demands that these NCP packets are to be discarded), so we keep 3759 * track of the peer demanding us to authenticate, and only proceed to 3760 * phase network once we've seen a positive acknowledge for the 3761 * authentication. 3762 */ 3763 3764 /* 3765 * Handle incoming CHAP packets. 3766 */ 3767 void 3768 sppp_chap_input(struct sppp *sp, struct mbuf *m) 3769 { 3770 STDDCL; 3771 struct lcp_header *h; 3772 int len, x; 3773 u_char *value, *name, digest[sizeof(sp->myauth.challenge)], dsize; 3774 int value_len, name_len; 3775 MD5_CTX ctx; 3776 3777 len = m->m_pkthdr.len; 3778 if (len < 4) { 3779 if (debug) 3780 log(LOG_DEBUG, 3781 SPP_FMT "chap invalid packet length: %d bytes\n", 3782 SPP_ARGS(ifp), len); 3783 return; 3784 } 3785 h = mtod(m, struct lcp_header *); 3786 if (len > ntohs(h->len)) 3787 len = ntohs(h->len); 3788 3789 switch (h->type) { 3790 /* challenge, failure and success are his authproto */ 3791 case CHAP_CHALLENGE: 3792 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 3793 /* can't do anything usefull */ 3794 sp->pp_auth_failures++; 3795 printf(SPP_FMT "chap input without my name and my secret being set\n", 3796 SPP_ARGS(ifp)); 3797 break; 3798 } 3799 value = 1 + (u_char *)(h + 1); 3800 value_len = value[-1]; 3801 name = value + value_len; 3802 name_len = len - value_len - 5; 3803 if (name_len < 0) { 3804 if (debug) { 3805 log(LOG_DEBUG, 3806 SPP_FMT "chap corrupted challenge " 3807 "<%s id=0x%x len=%d", 3808 SPP_ARGS(ifp), 3809 sppp_auth_type_name(PPP_CHAP, h->type), 3810 h->ident, ntohs(h->len)); 3811 if (len > 4) 3812 sppp_print_bytes((u_char *)(h + 1), 3813 len - 4); 3814 addlog(">\n"); 3815 } 3816 break; 3817 } 3818 3819 if (debug) { 3820 log(LOG_DEBUG, 3821 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3822 SPP_ARGS(ifp), 3823 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3824 ntohs(h->len)); 3825 sppp_print_string((char *) name, name_len); 3826 addlog(" value-size=%d value=", value_len); 3827 sppp_print_bytes(value, value_len); 3828 addlog(">\n"); 3829 } 3830 3831 /* Compute reply value. */ 3832 MD5Init(&ctx); 3833 MD5Update(&ctx, &h->ident, 1); 3834 MD5Update(&ctx, sp->myauth.secret, sp->myauth.secret_len); 3835 MD5Update(&ctx, value, value_len); 3836 MD5Final(digest, &ctx); 3837 dsize = sizeof digest; 3838 3839 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3840 sizeof dsize, (const char *)&dsize, 3841 sizeof digest, digest, 3842 sp->myauth.name_len, 3843 sp->myauth.name, 3844 0); 3845 break; 3846 3847 case CHAP_SUCCESS: 3848 if (debug) { 3849 log(LOG_DEBUG, SPP_FMT "chap success", 3850 SPP_ARGS(ifp)); 3851 if (len > 4) { 3852 addlog(": "); 3853 sppp_print_string((char *)(h + 1), len - 4); 3854 } 3855 addlog("\n"); 3856 } 3857 x = splnet(); 3858 sp->pp_auth_failures = 0; 3859 sp->pp_flags &= ~PP_NEEDAUTH; 3860 if (sp->myauth.proto == PPP_CHAP && 3861 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3862 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3863 /* 3864 * We are authenticator for CHAP but didn't 3865 * complete yet. Leave it to tlu to proceed 3866 * to network phase. 3867 */ 3868 splx(x); 3869 break; 3870 } 3871 splx(x); 3872 sppp_phase_network(sp); 3873 break; 3874 3875 case CHAP_FAILURE: 3876 x = splnet(); 3877 sp->pp_auth_failures++; 3878 splx(x); 3879 if (debug) { 3880 log(LOG_INFO, SPP_FMT "chap failure", 3881 SPP_ARGS(ifp)); 3882 if (len > 4) { 3883 addlog(": "); 3884 sppp_print_string((char *)(h + 1), len - 4); 3885 } 3886 addlog("\n"); 3887 } else 3888 log(LOG_INFO, SPP_FMT "chap failure\n", 3889 SPP_ARGS(ifp)); 3890 /* await LCP shutdown by authenticator */ 3891 break; 3892 3893 /* response is my authproto */ 3894 case CHAP_RESPONSE: 3895 if (sp->hisauth.secret == NULL) { 3896 /* can't do anything usefull */ 3897 printf(SPP_FMT "chap input without his secret being set\n", 3898 SPP_ARGS(ifp)); 3899 break; 3900 } 3901 value = 1 + (u_char *)(h + 1); 3902 value_len = value[-1]; 3903 name = value + value_len; 3904 name_len = len - value_len - 5; 3905 if (name_len < 0) { 3906 if (debug) { 3907 log(LOG_DEBUG, 3908 SPP_FMT "chap corrupted response " 3909 "<%s id=0x%x len=%d", 3910 SPP_ARGS(ifp), 3911 sppp_auth_type_name(PPP_CHAP, h->type), 3912 h->ident, ntohs(h->len)); 3913 if (len > 4) 3914 sppp_print_bytes((u_char *)(h + 1), 3915 len - 4); 3916 addlog(">\n"); 3917 } 3918 break; 3919 } 3920 if (h->ident != sp->confid[IDX_CHAP]) { 3921 if (debug) 3922 log(LOG_DEBUG, 3923 SPP_FMT "chap dropping response for old ID " 3924 "(got %d, expected %d)\n", 3925 SPP_ARGS(ifp), 3926 h->ident, sp->confid[IDX_CHAP]); 3927 break; 3928 } 3929 if (sp->hisauth.name != NULL && 3930 (name_len != sp->hisauth.name_len 3931 || memcmp(name, sp->hisauth.name, name_len) != 0)) { 3932 log(LOG_INFO, SPP_FMT "chap response, his name ", 3933 SPP_ARGS(ifp)); 3934 sppp_print_string(name, name_len); 3935 addlog(" != expected "); 3936 sppp_print_string(sp->hisauth.name, 3937 sp->hisauth.name_len); 3938 addlog("\n"); 3939 goto chap_failure; 3940 } 3941 if (debug) { 3942 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 3943 "<%s id=0x%x len=%d name=", 3944 SPP_ARGS(ifp), 3945 sppp_state_name(sp->state[IDX_CHAP]), 3946 sppp_auth_type_name(PPP_CHAP, h->type), 3947 h->ident, ntohs(h->len)); 3948 sppp_print_string((char *)name, name_len); 3949 addlog(" value-size=%d value=", value_len); 3950 sppp_print_bytes(value, value_len); 3951 addlog(">\n"); 3952 } 3953 if (value_len != sizeof(sp->myauth.challenge)) { 3954 if (debug) 3955 log(LOG_DEBUG, 3956 SPP_FMT "chap bad hash value length: " 3957 "%d bytes, should be %ld\n", 3958 SPP_ARGS(ifp), value_len, 3959 (long) sizeof(sp->myauth.challenge)); 3960 goto chap_failure; 3961 } 3962 3963 MD5Init(&ctx); 3964 MD5Update(&ctx, &h->ident, 1); 3965 MD5Update(&ctx, sp->hisauth.secret, sp->hisauth.secret_len); 3966 MD5Update(&ctx, sp->myauth.challenge, sizeof(sp->myauth.challenge)); 3967 MD5Final(digest, &ctx); 3968 3969 #define FAILMSG "Failed..." 3970 #define SUCCMSG "Welcome!" 3971 3972 if (value_len != sizeof digest || 3973 memcmp(digest, value, value_len) != 0) { 3974 chap_failure: 3975 /* action scn, tld */ 3976 x = splnet(); 3977 sp->pp_auth_failures++; 3978 splx(x); 3979 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3980 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3981 0); 3982 chap.tld(sp); 3983 break; 3984 } 3985 sp->pp_auth_failures = 0; 3986 /* action sca, perhaps tlu */ 3987 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 3988 sp->state[IDX_CHAP] == STATE_OPENED) 3989 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 3990 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3991 0); 3992 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 3993 sppp_cp_change_state(&chap, sp, STATE_OPENED); 3994 chap.tlu(sp); 3995 } 3996 break; 3997 3998 default: 3999 /* Unknown CHAP packet type -- ignore. */ 4000 if (debug) { 4001 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 4002 "<0x%x id=0x%xh len=%d", 4003 SPP_ARGS(ifp), 4004 sppp_state_name(sp->state[IDX_CHAP]), 4005 h->type, h->ident, ntohs(h->len)); 4006 if (len > 4) 4007 sppp_print_bytes((u_char *)(h + 1), len - 4); 4008 addlog(">\n"); 4009 } 4010 break; 4011 4012 } 4013 } 4014 4015 static void 4016 sppp_chap_init(struct sppp *sp) 4017 { 4018 /* Chap doesn't have STATE_INITIAL at all. */ 4019 sp->state[IDX_CHAP] = STATE_CLOSED; 4020 sp->fail_counter[IDX_CHAP] = 0; 4021 sp->pp_seq[IDX_CHAP] = 0; 4022 sp->pp_rseq[IDX_CHAP] = 0; 4023 callout_init(&sp->ch[IDX_CHAP]); 4024 } 4025 4026 static void 4027 sppp_chap_open(struct sppp *sp) 4028 { 4029 if (sp->myauth.proto == PPP_CHAP && 4030 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4031 /* we are authenticator for CHAP, start it */ 4032 chap.scr(sp); 4033 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4034 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4035 } 4036 /* nothing to be done if we are peer, await a challenge */ 4037 } 4038 4039 static void 4040 sppp_chap_close(struct sppp *sp) 4041 { 4042 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4043 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4044 } 4045 4046 static void 4047 sppp_chap_TO(void *cookie) 4048 { 4049 struct sppp *sp = (struct sppp *)cookie; 4050 STDDCL; 4051 int s; 4052 4053 s = splnet(); 4054 if (debug) 4055 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 4056 SPP_ARGS(ifp), 4057 sppp_state_name(sp->state[IDX_CHAP]), 4058 sp->rst_counter[IDX_CHAP]); 4059 4060 if (--sp->rst_counter[IDX_CHAP] < 0) 4061 /* TO- event */ 4062 switch (sp->state[IDX_CHAP]) { 4063 case STATE_REQ_SENT: 4064 chap.tld(sp); 4065 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4066 break; 4067 } 4068 else 4069 /* TO+ (or TO*) event */ 4070 switch (sp->state[IDX_CHAP]) { 4071 case STATE_OPENED: 4072 /* TO* event */ 4073 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4074 /* fall through */ 4075 case STATE_REQ_SENT: 4076 chap.scr(sp); 4077 /* sppp_cp_change_state() will restart the timer */ 4078 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4079 break; 4080 } 4081 4082 splx(s); 4083 } 4084 4085 static void 4086 sppp_chap_tlu(struct sppp *sp) 4087 { 4088 STDDCL; 4089 int i, x; 4090 4091 i = 0; 4092 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4093 4094 /* 4095 * Some broken CHAP implementations (Conware CoNet, firmware 4096 * 4.0.?) don't want to re-authenticate their CHAP once the 4097 * initial challenge-response exchange has taken place. 4098 * Provide for an option to avoid rechallenges. 4099 */ 4100 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) { 4101 /* 4102 * Compute the re-challenge timeout. This will yield 4103 * a number between 300 and 810 seconds. 4104 */ 4105 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 4106 4107 callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, sp); 4108 } 4109 4110 if (debug) { 4111 log(LOG_DEBUG, 4112 SPP_FMT "chap %s, ", 4113 SPP_ARGS(ifp), 4114 sp->pp_phase == SPPP_PHASE_NETWORK? "reconfirmed": "tlu"); 4115 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) 4116 addlog("next re-challenge in %d seconds\n", i); 4117 else 4118 addlog("re-challenging supressed\n"); 4119 } 4120 4121 x = splnet(); 4122 sp->pp_auth_failures = 0; 4123 /* indicate to LCP that we need to be closed down */ 4124 sp->lcp.protos |= (1 << IDX_CHAP); 4125 4126 if (sp->pp_flags & PP_NEEDAUTH) { 4127 /* 4128 * Remote is authenticator, but his auth proto didn't 4129 * complete yet. Defer the transition to network 4130 * phase. 4131 */ 4132 splx(x); 4133 return; 4134 } 4135 splx(x); 4136 4137 /* 4138 * If we are already in phase network, we are done here. This 4139 * is the case if this is a dummy tlu event after a re-challenge. 4140 */ 4141 if (sp->pp_phase != SPPP_PHASE_NETWORK) 4142 sppp_phase_network(sp); 4143 } 4144 4145 static void 4146 sppp_chap_tld(struct sppp *sp) 4147 { 4148 STDDCL; 4149 4150 if (debug) 4151 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 4152 callout_stop(&sp->ch[IDX_CHAP]); 4153 sp->lcp.protos &= ~(1 << IDX_CHAP); 4154 4155 lcp.Close(sp); 4156 } 4157 4158 static void 4159 sppp_chap_scr(struct sppp *sp) 4160 { 4161 struct timeval tv; 4162 u_int32_t *ch, seed; 4163 u_char clen; 4164 4165 if (sp->myauth.name == NULL) { 4166 /* can't do anything usefull */ 4167 printf(SPP_FMT "chap starting without my name being set\n", 4168 SPP_ARGS(&sp->pp_if)); 4169 return; 4170 } 4171 4172 /* Compute random challenge. */ 4173 ch = (u_int32_t *)sp->myauth.challenge; 4174 microtime(&tv); 4175 seed = tv.tv_sec ^ tv.tv_usec; 4176 ch[0] = seed ^ random(); 4177 ch[1] = seed ^ random(); 4178 ch[2] = seed ^ random(); 4179 ch[3] = seed ^ random(); 4180 clen = 16; /* 4 * sizeof(u_int32_t) */ 4181 4182 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4183 4184 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4185 sizeof clen, (const char *)&clen, 4186 sizeof(sp->myauth.challenge), sp->myauth.challenge, 4187 sp->myauth.name_len, 4188 sp->myauth.name, 4189 0); 4190 } 4191 4192 /* 4193 *--------------------------------------------------------------------------* 4194 * * 4195 * The PAP implementation. * 4196 * * 4197 *--------------------------------------------------------------------------* 4198 */ 4199 /* 4200 * For PAP, we need to keep a little state also if we are the peer, not the 4201 * authenticator. This is since we don't get a request to authenticate, but 4202 * have to repeatedly authenticate ourself until we got a response (or the 4203 * retry counter is expired). 4204 */ 4205 4206 /* 4207 * Handle incoming PAP packets. */ 4208 static void 4209 sppp_pap_input(struct sppp *sp, struct mbuf *m) 4210 { 4211 STDDCL; 4212 struct lcp_header *h; 4213 int len, x; 4214 u_char mlen; 4215 char *name, *secret; 4216 int name_len, secret_len; 4217 4218 len = m->m_pkthdr.len; 4219 if (len < 5) { 4220 if (debug) 4221 log(LOG_DEBUG, 4222 SPP_FMT "pap invalid packet length: %d bytes\n", 4223 SPP_ARGS(ifp), len); 4224 return; 4225 } 4226 h = mtod(m, struct lcp_header *); 4227 if (len > ntohs(h->len)) 4228 len = ntohs(h->len); 4229 switch (h->type) { 4230 /* PAP request is my authproto */ 4231 case PAP_REQ: 4232 if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) { 4233 /* can't do anything usefull */ 4234 printf(SPP_FMT "pap request without his name and his secret being set\n", 4235 SPP_ARGS(ifp)); 4236 break; 4237 } 4238 name = 1 + (u_char *)(h + 1); 4239 name_len = name[-1]; 4240 secret = name + name_len + 1; 4241 if (name_len > len - 6 || 4242 (secret_len = secret[-1]) > len - 6 - name_len) { 4243 if (debug) { 4244 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4245 "<%s id=0x%x len=%d", 4246 SPP_ARGS(ifp), 4247 sppp_auth_type_name(PPP_PAP, h->type), 4248 h->ident, ntohs(h->len)); 4249 if (len > 4) 4250 sppp_print_bytes((u_char *)(h + 1), 4251 len - 4); 4252 addlog(">\n"); 4253 } 4254 break; 4255 } 4256 if (debug) { 4257 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4258 "<%s id=0x%x len=%d name=", 4259 SPP_ARGS(ifp), 4260 sppp_state_name(sp->state[IDX_PAP]), 4261 sppp_auth_type_name(PPP_PAP, h->type), 4262 h->ident, ntohs(h->len)); 4263 sppp_print_string((char *)name, name_len); 4264 addlog(" secret="); 4265 sppp_print_string((char *)secret, secret_len); 4266 addlog(">\n"); 4267 } 4268 if (name_len != sp->hisauth.name_len || 4269 secret_len != sp->hisauth.secret_len || 4270 memcmp(name, sp->hisauth.name, name_len) != 0 || 4271 memcmp(secret, sp->hisauth.secret, secret_len) != 0) { 4272 /* action scn, tld */ 4273 sp->pp_auth_failures++; 4274 mlen = sizeof(FAILMSG) - 1; 4275 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4276 sizeof mlen, (const char *)&mlen, 4277 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4278 0); 4279 pap.tld(sp); 4280 break; 4281 } 4282 /* action sca, perhaps tlu */ 4283 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4284 sp->state[IDX_PAP] == STATE_OPENED) { 4285 mlen = sizeof(SUCCMSG) - 1; 4286 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4287 sizeof mlen, (const char *)&mlen, 4288 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4289 0); 4290 } 4291 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4292 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4293 pap.tlu(sp); 4294 } 4295 break; 4296 4297 /* ack and nak are his authproto */ 4298 case PAP_ACK: 4299 callout_stop(&sp->pap_my_to_ch); 4300 if (debug) { 4301 log(LOG_DEBUG, SPP_FMT "pap success", 4302 SPP_ARGS(ifp)); 4303 name_len = *(char *)h; 4304 if (len > 5 && name_len) { 4305 addlog(": "); 4306 sppp_print_string((char *)(h + 1), name_len); 4307 } 4308 addlog("\n"); 4309 } 4310 x = splnet(); 4311 sp->pp_auth_failures = 0; 4312 sp->pp_flags &= ~PP_NEEDAUTH; 4313 if (sp->myauth.proto == PPP_PAP && 4314 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4315 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4316 /* 4317 * We are authenticator for PAP but didn't 4318 * complete yet. Leave it to tlu to proceed 4319 * to network phase. 4320 */ 4321 splx(x); 4322 break; 4323 } 4324 splx(x); 4325 sppp_phase_network(sp); 4326 break; 4327 4328 case PAP_NAK: 4329 callout_stop(&sp->pap_my_to_ch); 4330 sp->pp_auth_failures++; 4331 if (debug) { 4332 log(LOG_INFO, SPP_FMT "pap failure", 4333 SPP_ARGS(ifp)); 4334 name_len = *(char *)h; 4335 if (len > 5 && name_len) { 4336 addlog(": "); 4337 sppp_print_string((char *)(h + 1), name_len); 4338 } 4339 addlog("\n"); 4340 } else 4341 log(LOG_INFO, SPP_FMT "pap failure\n", 4342 SPP_ARGS(ifp)); 4343 /* await LCP shutdown by authenticator */ 4344 break; 4345 4346 default: 4347 /* Unknown PAP packet type -- ignore. */ 4348 if (debug) { 4349 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4350 "<0x%x id=0x%x len=%d", 4351 SPP_ARGS(ifp), 4352 h->type, h->ident, ntohs(h->len)); 4353 if (len > 4) 4354 sppp_print_bytes((u_char *)(h + 1), len - 4); 4355 addlog(">\n"); 4356 } 4357 break; 4358 4359 } 4360 } 4361 4362 static void 4363 sppp_pap_init(struct sppp *sp) 4364 { 4365 /* PAP doesn't have STATE_INITIAL at all. */ 4366 sp->state[IDX_PAP] = STATE_CLOSED; 4367 sp->fail_counter[IDX_PAP] = 0; 4368 sp->pp_seq[IDX_PAP] = 0; 4369 sp->pp_rseq[IDX_PAP] = 0; 4370 callout_init(&sp->ch[IDX_PAP]); 4371 callout_init(&sp->pap_my_to_ch); 4372 } 4373 4374 static void 4375 sppp_pap_open(struct sppp *sp) 4376 { 4377 if (sp->hisauth.proto == PPP_PAP && 4378 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4379 /* we are authenticator for PAP, start our timer */ 4380 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4381 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4382 } 4383 if (sp->myauth.proto == PPP_PAP) { 4384 /* we are peer, send a request, and start a timer */ 4385 pap.scr(sp); 4386 callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout, 4387 sppp_pap_my_TO, sp); 4388 } 4389 } 4390 4391 static void 4392 sppp_pap_close(struct sppp *sp) 4393 { 4394 if (sp->state[IDX_PAP] != STATE_CLOSED) 4395 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4396 } 4397 4398 /* 4399 * That's the timeout routine if we are authenticator. Since the 4400 * authenticator is basically passive in PAP, we can't do much here. 4401 */ 4402 static void 4403 sppp_pap_TO(void *cookie) 4404 { 4405 struct sppp *sp = (struct sppp *)cookie; 4406 STDDCL; 4407 int s; 4408 4409 s = splnet(); 4410 if (debug) 4411 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4412 SPP_ARGS(ifp), 4413 sppp_state_name(sp->state[IDX_PAP]), 4414 sp->rst_counter[IDX_PAP]); 4415 4416 if (--sp->rst_counter[IDX_PAP] < 0) 4417 /* TO- event */ 4418 switch (sp->state[IDX_PAP]) { 4419 case STATE_REQ_SENT: 4420 pap.tld(sp); 4421 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4422 break; 4423 } 4424 else 4425 /* TO+ event, not very much we could do */ 4426 switch (sp->state[IDX_PAP]) { 4427 case STATE_REQ_SENT: 4428 /* sppp_cp_change_state() will restart the timer */ 4429 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4430 break; 4431 } 4432 4433 splx(s); 4434 } 4435 4436 /* 4437 * That's the timeout handler if we are peer. Since the peer is active, 4438 * we need to retransmit our PAP request since it is apparently lost. 4439 * XXX We should impose a max counter. 4440 */ 4441 static void 4442 sppp_pap_my_TO(void *cookie) 4443 { 4444 struct sppp *sp = (struct sppp *)cookie; 4445 STDDCL; 4446 4447 if (debug) 4448 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4449 SPP_ARGS(ifp)); 4450 4451 pap.scr(sp); 4452 } 4453 4454 static void 4455 sppp_pap_tlu(struct sppp *sp) 4456 { 4457 STDDCL; 4458 int x; 4459 4460 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4461 4462 if (debug) 4463 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4464 SPP_ARGS(ifp), pap.name); 4465 4466 x = splnet(); 4467 sp->pp_auth_failures = 0; 4468 /* indicate to LCP that we need to be closed down */ 4469 sp->lcp.protos |= (1 << IDX_PAP); 4470 4471 if (sp->pp_flags & PP_NEEDAUTH) { 4472 /* 4473 * Remote is authenticator, but his auth proto didn't 4474 * complete yet. Defer the transition to network 4475 * phase. 4476 */ 4477 splx(x); 4478 return; 4479 } 4480 splx(x); 4481 sppp_phase_network(sp); 4482 } 4483 4484 static void 4485 sppp_pap_tld(struct sppp *sp) 4486 { 4487 STDDCL; 4488 4489 if (debug) 4490 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4491 callout_stop(&sp->ch[IDX_PAP]); 4492 callout_stop(&sp->pap_my_to_ch); 4493 sp->lcp.protos &= ~(1 << IDX_PAP); 4494 4495 lcp.Close(sp); 4496 } 4497 4498 static void 4499 sppp_pap_scr(struct sppp *sp) 4500 { 4501 u_char idlen, pwdlen; 4502 4503 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 4504 /* can't do anything usefull */ 4505 printf(SPP_FMT "pap starting without my name and secret being set\n", 4506 SPP_ARGS(&sp->pp_if)); 4507 return; 4508 } 4509 4510 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4511 pwdlen = sp->myauth.secret_len; 4512 idlen = sp->myauth.name_len; 4513 4514 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4515 sizeof idlen, (const char *)&idlen, 4516 idlen, sp->myauth.name, 4517 sizeof pwdlen, (const char *)&pwdlen, 4518 pwdlen, sp->myauth.secret, 4519 0); 4520 } 4521 4522 /* 4523 * Random miscellaneous functions. 4524 */ 4525 4526 /* 4527 * Send a PAP or CHAP proto packet. 4528 * 4529 * Varadic function, each of the elements for the ellipsis is of type 4530 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4531 * mlen == 0. 4532 * NOTE: never declare variadic functions with types subject to type 4533 * promotion (i.e. u_char). This is asking for big trouble depending 4534 * on the architecture you are on... 4535 */ 4536 4537 static void 4538 sppp_auth_send(const struct cp *cp, struct sppp *sp, 4539 unsigned int type, unsigned int id, 4540 ...) 4541 { 4542 STDDCL; 4543 struct lcp_header *lh; 4544 struct mbuf *m; 4545 u_char *p; 4546 int len; 4547 size_t pkthdrlen; 4548 unsigned int mlen; 4549 const char *msg; 4550 va_list ap; 4551 4552 MGETHDR(m, M_DONTWAIT, MT_DATA); 4553 if (! m) 4554 return; 4555 m->m_pkthdr.rcvif = 0; 4556 4557 if (sp->pp_flags & PP_NOFRAMING) { 4558 *mtod(m, u_int16_t *) = htons(cp->proto); 4559 pkthdrlen = 2; 4560 lh = (struct lcp_header *)(mtod(m, u_int8_t *)+2); 4561 } else { 4562 struct ppp_header *h; 4563 h = mtod(m, struct ppp_header *); 4564 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4565 h->control = PPP_UI; /* Unnumbered Info */ 4566 h->protocol = htons(cp->proto); 4567 pkthdrlen = PPP_HEADER_LEN; 4568 4569 lh = (struct lcp_header *)(h + 1); 4570 } 4571 4572 lh->type = type; 4573 lh->ident = id; 4574 p = (u_char *)(lh + 1); 4575 4576 va_start(ap, id); 4577 len = 0; 4578 4579 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4580 msg = va_arg(ap, const char *); 4581 len += mlen; 4582 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) { 4583 va_end(ap); 4584 m_freem(m); 4585 return; 4586 } 4587 4588 bcopy(msg, p, mlen); 4589 p += mlen; 4590 } 4591 va_end(ap); 4592 4593 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 4594 lh->len = htons(LCP_HEADER_LEN + len); 4595 4596 if (debug) { 4597 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4598 SPP_ARGS(ifp), cp->name, 4599 sppp_auth_type_name(cp->proto, lh->type), 4600 lh->ident, ntohs(lh->len)); 4601 if (len) 4602 sppp_print_bytes((u_char *)(lh + 1), len); 4603 addlog(">\n"); 4604 } 4605 if (IF_QFULL(&sp->pp_cpq)) { 4606 IF_DROP(&sp->pp_fastq); 4607 IF_DROP(&ifp->if_snd); 4608 m_freem(m); 4609 ++ifp->if_oerrors; 4610 return; 4611 } else 4612 IF_ENQUEUE(&sp->pp_cpq, m); 4613 if (! (ifp->if_flags & IFF_OACTIVE)) 4614 (*ifp->if_start)(ifp); 4615 ifp->if_obytes += m->m_pkthdr.len + 3; 4616 } 4617 4618 /* 4619 * Send keepalive packets, every 10 seconds. 4620 */ 4621 static void 4622 sppp_keepalive(void *dummy) 4623 { 4624 struct sppp *sp; 4625 int s; 4626 time_t now; 4627 4628 s = splnet(); 4629 now = mono_time.tv_sec; 4630 for (sp=spppq; sp; sp=sp->pp_next) { 4631 struct ifnet *ifp = &sp->pp_if; 4632 4633 /* check idle timeout */ 4634 if ((sp->pp_idle_timeout != 0) && (ifp->if_flags & IFF_RUNNING) 4635 && (sp->pp_phase == SPPP_PHASE_NETWORK)) { 4636 /* idle timeout is enabled for this interface */ 4637 if ((now-sp->pp_last_activity) >= sp->pp_idle_timeout) { 4638 if (ifp->if_flags & IFF_DEBUG) 4639 printf("%s: no activitiy for %lu seconds\n", 4640 sp->pp_if.if_xname, 4641 (unsigned long)(now-sp->pp_last_activity)); 4642 lcp.Close(sp); 4643 continue; 4644 } 4645 } 4646 4647 /* Keepalive mode disabled or channel down? */ 4648 if (! (sp->pp_flags & PP_KEEPALIVE) || 4649 ! (ifp->if_flags & IFF_RUNNING)) 4650 continue; 4651 4652 /* No keepalive in PPP mode if LCP not opened yet. */ 4653 if (! (sp->pp_flags & PP_CISCO) && 4654 sp->pp_phase < SPPP_PHASE_AUTHENTICATE) 4655 continue; 4656 4657 /* No echo reply, but maybe user data passed through? */ 4658 if ((now - sp->pp_last_activity) < LCP_KEEPALIVE_INTERVAL) { 4659 sp->pp_alivecnt = 0; 4660 continue; 4661 } 4662 4663 if (sp->pp_alivecnt == MAXALIVECNT) { 4664 /* No keepalive packets got. Stop the interface. */ 4665 if_down (ifp); 4666 IF_PURGE(&sp->pp_cpq); 4667 if (! (sp->pp_flags & PP_CISCO)) { 4668 printf("%s: LCP keepalive timed out, going to restart the connection\n", 4669 ifp->if_xname); 4670 sp->pp_alivecnt = 0; 4671 4672 /* we are down, close all open protocols */ 4673 lcp.Close(sp); 4674 4675 /* And now prepare LCP to reestablish the link, if configured to do so. */ 4676 sppp_cp_change_state(&lcp, sp, STATE_STOPPED); 4677 4678 /* Close connection imediatly, completition of this 4679 * will summon the magic needed to reestablish it. */ 4680 sp->pp_tlf(sp); 4681 continue; 4682 } 4683 } 4684 if (sp->pp_alivecnt <= MAXALIVECNT) 4685 ++sp->pp_alivecnt; 4686 if (sp->pp_flags & PP_CISCO) 4687 sppp_cisco_send(sp, CISCO_KEEPALIVE_REQ, 4688 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4689 else if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 4690 int32_t nmagic = htonl(sp->lcp.magic); 4691 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4692 sppp_cp_send(sp, PPP_LCP, ECHO_REQ, 4693 sp->lcp.echoid, 4, &nmagic); 4694 } 4695 } 4696 splx(s); 4697 callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 4698 } 4699 4700 /* 4701 * Get both IP addresses. 4702 */ 4703 static void 4704 sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, u_int32_t *srcmask) 4705 { 4706 struct ifnet *ifp = &sp->pp_if; 4707 struct ifaddr *ifa; 4708 struct sockaddr_in *si, *sm; 4709 u_int32_t ssrc, ddst; 4710 4711 sm = NULL; 4712 ssrc = ddst = 0; 4713 /* 4714 * Pick the first AF_INET address from the list, 4715 * aliases don't make any sense on a p2p link anyway. 4716 */ 4717 si = 0; 4718 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 4719 if (ifa->ifa_addr->sa_family == AF_INET) { 4720 si = (struct sockaddr_in *)ifa->ifa_addr; 4721 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4722 if (si) 4723 break; 4724 } 4725 } 4726 if (ifa) { 4727 if (si && si->sin_addr.s_addr) { 4728 ssrc = si->sin_addr.s_addr; 4729 if (srcmask) 4730 *srcmask = ntohl(sm->sin_addr.s_addr); 4731 } 4732 4733 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4734 if (si && si->sin_addr.s_addr) 4735 ddst = si->sin_addr.s_addr; 4736 } 4737 4738 if (dst) *dst = ntohl(ddst); 4739 if (src) *src = ntohl(ssrc); 4740 } 4741 4742 /* 4743 * Set IP addresses. Must be called at splnet. 4744 * If an address is 0, leave it the way it is. 4745 */ 4746 static void 4747 sppp_set_ip_addrs(struct sppp *sp, u_int32_t myaddr, u_int32_t hisaddr) 4748 { 4749 STDDCL; 4750 struct ifaddr *ifa; 4751 struct sockaddr_in *si; 4752 struct sockaddr_in *dest; 4753 4754 /* 4755 * Pick the first AF_INET address from the list, 4756 * aliases don't make any sense on a p2p link anyway. 4757 */ 4758 4759 si = 0; 4760 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4761 { 4762 if (ifa->ifa_addr->sa_family == AF_INET) 4763 { 4764 si = (struct sockaddr_in *)ifa->ifa_addr; 4765 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 4766 if (si) 4767 break; 4768 } 4769 } 4770 4771 if (ifa && si) 4772 { 4773 int error; 4774 struct sockaddr_in new_sin = *si; 4775 struct sockaddr_in new_dst = *dest; 4776 4777 /* 4778 * Scrub old routes now instead of calling in_ifinit with 4779 * scrub=1, because we may change the dstaddr 4780 * before the call to in_ifinit. 4781 */ 4782 in_ifscrub(ifp, ifatoia(ifa)); 4783 4784 if (myaddr != 0) 4785 new_sin.sin_addr.s_addr = htonl(myaddr); 4786 if (hisaddr != 0) { 4787 new_dst.sin_addr.s_addr = htonl(hisaddr); 4788 if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) { 4789 sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr; 4790 *dest = new_dst; /* fix dstaddr in place */ 4791 } 4792 } 4793 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 0); 4794 if(debug && error) 4795 { 4796 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addrs: in_ifinit " 4797 " failed, error=%d\n", SPP_ARGS(ifp), error); 4798 } 4799 } 4800 } 4801 4802 /* 4803 * Clear IP addresses. Must be called at splnet. 4804 */ 4805 static void 4806 sppp_clear_ip_addrs(struct sppp *sp) 4807 { 4808 struct ifnet *ifp = &sp->pp_if; 4809 struct ifaddr *ifa; 4810 struct sockaddr_in *si; 4811 struct sockaddr_in *dest; 4812 4813 u_int32_t remote; 4814 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 4815 remote = sp->ipcp.saved_hisaddr; 4816 else 4817 sppp_get_ip_addrs(sp, 0, &remote, 0); 4818 4819 /* 4820 * Pick the first AF_INET address from the list, 4821 * aliases don't make any sense on a p2p link anyway. 4822 */ 4823 4824 si = 0; 4825 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4826 { 4827 if (ifa->ifa_addr->sa_family == AF_INET) 4828 { 4829 si = (struct sockaddr_in *)ifa->ifa_addr; 4830 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 4831 if (si) 4832 break; 4833 } 4834 } 4835 4836 if (ifa && si) 4837 { 4838 struct sockaddr_in new_sin = *si; 4839 4840 in_ifscrub(ifp, ifatoia(ifa)); 4841 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 4842 new_sin.sin_addr.s_addr = 0; 4843 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 4844 /* replace peer addr in place */ 4845 dest->sin_addr.s_addr = sp->ipcp.saved_hisaddr; 4846 in_ifinit(ifp, ifatoia(ifa), &new_sin, 0); 4847 } 4848 } 4849 4850 #ifdef INET6 4851 /* 4852 * Get both IPv6 addresses. 4853 */ 4854 static void 4855 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4856 struct in6_addr *srcmask) 4857 { 4858 struct ifnet *ifp = &sp->pp_if; 4859 struct ifaddr *ifa; 4860 struct sockaddr_in6 *si, *sm; 4861 struct in6_addr ssrc, ddst; 4862 4863 sm = NULL; 4864 memset(&ssrc, 0, sizeof(ssrc)); 4865 memset(&ddst, 0, sizeof(ddst)); 4866 /* 4867 * Pick the first link-local AF_INET6 address from the list, 4868 * aliases don't make any sense on a p2p link anyway. 4869 */ 4870 si = 0; 4871 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4872 if (ifa->ifa_addr->sa_family == AF_INET6) { 4873 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4874 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4875 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4876 break; 4877 } 4878 if (ifa) { 4879 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 4880 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 4881 if (srcmask) { 4882 bcopy(&sm->sin6_addr, srcmask, 4883 sizeof(*srcmask)); 4884 } 4885 } 4886 4887 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 4888 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 4889 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 4890 } 4891 4892 if (dst) 4893 bcopy(&ddst, dst, sizeof(*dst)); 4894 if (src) 4895 bcopy(&ssrc, src, sizeof(*src)); 4896 } 4897 4898 #ifdef IPV6CP_MYIFID_DYN 4899 /* 4900 * Generate random ifid. 4901 */ 4902 static void 4903 sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 4904 { 4905 /* TBD */ 4906 } 4907 4908 /* 4909 * Set my IPv6 address. Must be called at splnet. 4910 */ 4911 static void 4912 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 4913 { 4914 STDDCL; 4915 struct ifaddr *ifa; 4916 struct sockaddr_in6 *sin6; 4917 4918 /* 4919 * Pick the first link-local AF_INET6 address from the list, 4920 * aliases don't make any sense on a p2p link anyway. 4921 */ 4922 4923 sin6 = NULL; 4924 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4925 { 4926 if (ifa->ifa_addr->sa_family == AF_INET6) 4927 { 4928 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 4929 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 4930 break; 4931 } 4932 } 4933 4934 if (ifa && sin6) 4935 { 4936 int error; 4937 struct sockaddr_in6 new_sin6 = *sin6; 4938 4939 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 4940 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 4941 if (debug && error) 4942 { 4943 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 4944 " failed, error=%d\n", SPP_ARGS(ifp), error); 4945 } 4946 } 4947 } 4948 #endif 4949 4950 /* 4951 * Suggest a candidate address to be used by peer. 4952 */ 4953 static void 4954 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 4955 { 4956 struct in6_addr myaddr; 4957 struct timeval tv; 4958 4959 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 4960 4961 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 4962 microtime(&tv); 4963 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 4964 myaddr.s6_addr[14] ^= 0xff; 4965 myaddr.s6_addr[15] ^= 0xff; 4966 } else { 4967 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 4968 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 4969 } 4970 if (suggest) 4971 bcopy(&myaddr, suggest, sizeof(myaddr)); 4972 } 4973 #endif /*INET6*/ 4974 4975 /* 4976 * Process ioctl requests specific to the PPP interface. 4977 * Permissions have already been checked. 4978 */ 4979 static int 4980 sppp_params(struct sppp *sp, int cmd, void *data) 4981 { 4982 switch (cmd) { 4983 case SPPPGETAUTHCFG: 4984 { 4985 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 4986 int error; 4987 size_t len; 4988 4989 cfg->myauthflags = sp->myauth.flags; 4990 cfg->hisauthflags = sp->hisauth.flags; 4991 strncpy(cfg->ifname, sp->pp_if.if_xname, IFNAMSIZ); 4992 cfg->hisauth = 0; 4993 if (sp->hisauth.proto) 4994 cfg->hisauth = (sp->hisauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP; 4995 cfg->myauth = 0; 4996 if (sp->myauth.proto) 4997 cfg->myauth = (sp->myauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP; 4998 if (cfg->myname_length == 0) { 4999 if (sp->myauth.name != NULL) 5000 cfg->myname_length = sp->myauth.name_len + 1; 5001 } else { 5002 if (sp->myauth.name == NULL) { 5003 cfg->myname_length = 0; 5004 } else { 5005 len = sp->myauth.name_len + 1; 5006 if (cfg->myname_length < len) 5007 return (ENAMETOOLONG); 5008 error = copyout(sp->myauth.name, cfg->myname, len); 5009 if (error) return error; 5010 } 5011 } 5012 if (cfg->hisname_length == 0) { 5013 if(sp->hisauth.name != NULL) 5014 cfg->hisname_length = sp->hisauth.name_len + 1; 5015 } else { 5016 if (sp->hisauth.name == NULL) { 5017 cfg->hisname_length = 0; 5018 } else { 5019 len = sp->hisauth.name_len + 1; 5020 if (cfg->hisname_length < len) 5021 return (ENAMETOOLONG); 5022 error = copyout(sp->hisauth.name, cfg->hisname, len); 5023 if (error) return error; 5024 } 5025 } 5026 } 5027 break; 5028 case SPPPSETAUTHCFG: 5029 { 5030 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 5031 int error; 5032 5033 if (sp->myauth.name) { 5034 free(sp->myauth.name, M_DEVBUF); 5035 sp->myauth.name = NULL; 5036 } 5037 if (sp->myauth.secret) { 5038 free(sp->myauth.secret, M_DEVBUF); 5039 sp->myauth.secret = NULL; 5040 } 5041 if (sp->hisauth.name) { 5042 free(sp->hisauth.name, M_DEVBUF); 5043 sp->hisauth.name = NULL; 5044 } 5045 if (sp->hisauth.secret) { 5046 free(sp->hisauth.secret, M_DEVBUF); 5047 sp->hisauth.secret = NULL; 5048 } 5049 5050 if (cfg->hisname != NULL && cfg->hisname_length > 0) { 5051 if (cfg->hisname_length >= MCLBYTES) 5052 return (ENAMETOOLONG); 5053 sp->hisauth.name = malloc(cfg->hisname_length, M_DEVBUF, M_WAITOK); 5054 error = copyin(cfg->hisname, sp->hisauth.name, cfg->hisname_length); 5055 if (error) { 5056 free(sp->hisauth.name, M_DEVBUF); 5057 sp->hisauth.name = NULL; 5058 return error; 5059 } 5060 sp->hisauth.name_len = cfg->hisname_length - 1; 5061 sp->hisauth.name[sp->hisauth.name_len] = 0; 5062 } 5063 if (cfg->hissecret != NULL && cfg->hissecret_length > 0) { 5064 if (cfg->hissecret_length >= MCLBYTES) 5065 return (ENAMETOOLONG); 5066 sp->hisauth.secret = malloc(cfg->hissecret_length, M_DEVBUF, M_WAITOK); 5067 error = copyin(cfg->hissecret, sp->hisauth.secret, cfg->hissecret_length); 5068 if (error) { 5069 free(sp->hisauth.secret, M_DEVBUF); 5070 sp->hisauth.secret = NULL; 5071 return error; 5072 } 5073 sp->hisauth.secret_len = cfg->hissecret_length - 1; 5074 sp->hisauth.secret[sp->hisauth.secret_len] = 0; 5075 } 5076 if (cfg->myname != NULL && cfg->myname_length > 0) { 5077 if (cfg->myname_length >= MCLBYTES) 5078 return (ENAMETOOLONG); 5079 sp->myauth.name = malloc(cfg->myname_length, M_DEVBUF, M_WAITOK); 5080 error = copyin(cfg->myname, sp->myauth.name, cfg->myname_length); 5081 if (error) { 5082 free(sp->myauth.name, M_DEVBUF); 5083 sp->myauth.name = NULL; 5084 return error; 5085 } 5086 sp->myauth.name_len = cfg->myname_length - 1; 5087 sp->myauth.name[sp->myauth.name_len] = 0; 5088 } 5089 if (cfg->mysecret != NULL && cfg->mysecret_length > 0) { 5090 if (cfg->mysecret_length >= MCLBYTES) 5091 return (ENAMETOOLONG); 5092 sp->myauth.secret = malloc(cfg->mysecret_length, M_DEVBUF, M_WAITOK); 5093 error = copyin(cfg->mysecret, sp->myauth.secret, cfg->mysecret_length); 5094 if (error) { 5095 free(sp->myauth.secret, M_DEVBUF); 5096 sp->myauth.secret = NULL; 5097 return error; 5098 } 5099 sp->myauth.secret_len = cfg->mysecret_length - 1; 5100 sp->myauth.secret[sp->myauth.secret_len] = 0; 5101 } 5102 sp->myauth.flags = cfg->myauthflags; 5103 if (cfg->myauth) 5104 sp->myauth.proto = (cfg->myauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP; 5105 sp->hisauth.flags = cfg->hisauthflags; 5106 if (cfg->hisauth) 5107 sp->hisauth.proto = (cfg->hisauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP; 5108 sp->pp_auth_failures = 0; 5109 if (sp->hisauth.proto != 0) 5110 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 5111 else 5112 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 5113 } 5114 break; 5115 case SPPPGETLCPCFG: 5116 { 5117 struct sppplcpcfg *lcp = (struct sppplcpcfg *)data; 5118 lcp->lcp_timeout = sp->lcp.timeout; 5119 } 5120 break; 5121 case SPPPSETLCPCFG: 5122 { 5123 struct sppplcpcfg *lcp = (struct sppplcpcfg *)data; 5124 sp->lcp.timeout = lcp->lcp_timeout; 5125 } 5126 break; 5127 case SPPPGETSTATUS: 5128 { 5129 struct spppstatus *status = (struct spppstatus *)data; 5130 status->phase = sp->pp_phase; 5131 } 5132 break; 5133 case SPPPGETIDLETO: 5134 { 5135 struct spppidletimeout *to = (struct spppidletimeout *)data; 5136 to->idle_seconds = sp->pp_idle_timeout; 5137 } 5138 break; 5139 case SPPPSETIDLETO: 5140 { 5141 struct spppidletimeout *to = (struct spppidletimeout *)data; 5142 sp->pp_idle_timeout = to->idle_seconds; 5143 } 5144 break; 5145 case SPPPSETAUTHFAILURE: 5146 { 5147 struct spppauthfailuresettings *afsettings = (struct spppauthfailuresettings *)data; 5148 sp->pp_max_auth_fail = afsettings->max_failures; 5149 sp->pp_auth_failures = 0; 5150 } 5151 break; 5152 case SPPPGETAUTHFAILURES: 5153 { 5154 struct spppauthfailurestats *stats = (struct spppauthfailurestats *)data; 5155 stats->auth_failures = sp->pp_auth_failures; 5156 stats->max_failures = sp->pp_max_auth_fail; 5157 } 5158 break; 5159 case SPPPSETDNSOPTS: 5160 { 5161 struct spppdnssettings *req = (struct spppdnssettings *)data; 5162 sp->query_dns = req->query_dns & 3; 5163 } 5164 break; 5165 case SPPPGETDNSOPTS: 5166 { 5167 struct spppdnssettings *req = (struct spppdnssettings *)data; 5168 req->query_dns = sp->query_dns; 5169 } 5170 break; 5171 case SPPPGETDNSADDRS: 5172 { 5173 struct spppdnsaddrs *addrs = (struct spppdnsaddrs *)data; 5174 memcpy(&addrs->dns, &sp->dns_addrs, sizeof addrs->dns); 5175 } 5176 break; 5177 default: 5178 return (EINVAL); 5179 } 5180 5181 return (0); 5182 } 5183 5184 static void 5185 sppp_phase_network(struct sppp *sp) 5186 { 5187 STDDCL; 5188 int i; 5189 u_int32_t mask; 5190 5191 sp->pp_phase = SPPP_PHASE_NETWORK; 5192 5193 if(debug) 5194 { 5195 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 5196 sppp_phase_name(sp->pp_phase)); 5197 } 5198 5199 /* Notify NCPs now. */ 5200 for (i = 0; i < IDX_COUNT; i++) 5201 if ((cps[i])->flags & CP_NCP) 5202 (cps[i])->Open(sp); 5203 5204 /* Send Up events to all NCPs. */ 5205 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5206 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5207 (cps[i])->Up(sp); 5208 5209 /* if no NCP is starting, all this was in vain, close down */ 5210 sppp_lcp_check_and_close(sp); 5211 } 5212 5213 5214 static const char * 5215 sppp_cp_type_name(u_char type) 5216 { 5217 static char buf[12]; 5218 switch (type) { 5219 case CONF_REQ: return "conf-req"; 5220 case CONF_ACK: return "conf-ack"; 5221 case CONF_NAK: return "conf-nak"; 5222 case CONF_REJ: return "conf-rej"; 5223 case TERM_REQ: return "term-req"; 5224 case TERM_ACK: return "term-ack"; 5225 case CODE_REJ: return "code-rej"; 5226 case PROTO_REJ: return "proto-rej"; 5227 case ECHO_REQ: return "echo-req"; 5228 case ECHO_REPLY: return "echo-reply"; 5229 case DISC_REQ: return "discard-req"; 5230 } 5231 sprintf (buf, "0x%x", type); 5232 return buf; 5233 } 5234 5235 static const char * 5236 sppp_auth_type_name(u_short proto, u_char type) 5237 { 5238 static char buf[12]; 5239 switch (proto) { 5240 case PPP_CHAP: 5241 switch (type) { 5242 case CHAP_CHALLENGE: return "challenge"; 5243 case CHAP_RESPONSE: return "response"; 5244 case CHAP_SUCCESS: return "success"; 5245 case CHAP_FAILURE: return "failure"; 5246 } 5247 case PPP_PAP: 5248 switch (type) { 5249 case PAP_REQ: return "req"; 5250 case PAP_ACK: return "ack"; 5251 case PAP_NAK: return "nak"; 5252 } 5253 } 5254 sprintf (buf, "0x%x", type); 5255 return buf; 5256 } 5257 5258 static const char * 5259 sppp_lcp_opt_name(u_char opt) 5260 { 5261 static char buf[12]; 5262 switch (opt) { 5263 case LCP_OPT_MRU: return "mru"; 5264 case LCP_OPT_ASYNC_MAP: return "async-map"; 5265 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5266 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5267 case LCP_OPT_MAGIC: return "magic"; 5268 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5269 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5270 } 5271 sprintf (buf, "0x%x", opt); 5272 return buf; 5273 } 5274 5275 static const char * 5276 sppp_ipcp_opt_name(u_char opt) 5277 { 5278 static char buf[12]; 5279 switch (opt) { 5280 case IPCP_OPT_ADDRESSES: return "addresses"; 5281 case IPCP_OPT_COMPRESSION: return "compression"; 5282 case IPCP_OPT_ADDRESS: return "address"; 5283 } 5284 sprintf (buf, "0x%x", opt); 5285 return buf; 5286 } 5287 5288 #ifdef INET6 5289 static const char * 5290 sppp_ipv6cp_opt_name(u_char opt) 5291 { 5292 static char buf[12]; 5293 switch (opt) { 5294 case IPV6CP_OPT_IFID: return "ifid"; 5295 case IPV6CP_OPT_COMPRESSION: return "compression"; 5296 } 5297 sprintf (buf, "0x%x", opt); 5298 return buf; 5299 } 5300 #endif 5301 5302 static const char * 5303 sppp_state_name(int state) 5304 { 5305 switch (state) { 5306 case STATE_INITIAL: return "initial"; 5307 case STATE_STARTING: return "starting"; 5308 case STATE_CLOSED: return "closed"; 5309 case STATE_STOPPED: return "stopped"; 5310 case STATE_CLOSING: return "closing"; 5311 case STATE_STOPPING: return "stopping"; 5312 case STATE_REQ_SENT: return "req-sent"; 5313 case STATE_ACK_RCVD: return "ack-rcvd"; 5314 case STATE_ACK_SENT: return "ack-sent"; 5315 case STATE_OPENED: return "opened"; 5316 } 5317 return "illegal"; 5318 } 5319 5320 static const char * 5321 sppp_phase_name(int phase) 5322 { 5323 switch (phase) { 5324 case SPPP_PHASE_DEAD: return "dead"; 5325 case SPPP_PHASE_ESTABLISH: return "establish"; 5326 case SPPP_PHASE_TERMINATE: return "terminate"; 5327 case SPPP_PHASE_AUTHENTICATE: return "authenticate"; 5328 case SPPP_PHASE_NETWORK: return "network"; 5329 } 5330 return "illegal"; 5331 } 5332 5333 static const char * 5334 sppp_proto_name(u_short proto) 5335 { 5336 static char buf[12]; 5337 switch (proto) { 5338 case PPP_LCP: return "lcp"; 5339 case PPP_IPCP: return "ipcp"; 5340 case PPP_PAP: return "pap"; 5341 case PPP_CHAP: return "chap"; 5342 case PPP_IPV6CP: return "ipv6cp"; 5343 } 5344 sprintf(buf, "0x%x", (unsigned)proto); 5345 return buf; 5346 } 5347 5348 static void 5349 sppp_print_bytes(const u_char *p, u_short len) 5350 { 5351 addlog(" %02x", *p++); 5352 while (--len > 0) 5353 addlog("-%02x", *p++); 5354 } 5355 5356 static void 5357 sppp_print_string(const char *p, u_short len) 5358 { 5359 u_char c; 5360 5361 while (len-- > 0) { 5362 c = *p++; 5363 /* 5364 * Print only ASCII chars directly. RFC 1994 recommends 5365 * using only them, but we don't rely on it. */ 5366 if (c < ' ' || c > '~') 5367 addlog("\\x%x", c); 5368 else 5369 addlog("%c", c); 5370 } 5371 } 5372 5373 static const char * 5374 sppp_dotted_quad(u_int32_t addr) 5375 { 5376 static char s[16]; 5377 sprintf(s, "%d.%d.%d.%d", 5378 (int)((addr >> 24) & 0xff), 5379 (int)((addr >> 16) & 0xff), 5380 (int)((addr >> 8) & 0xff), 5381 (int)(addr & 0xff)); 5382 return s; 5383 } 5384 5385 /* a dummy, used to drop uninteresting events */ 5386 static void 5387 sppp_null(struct sppp *unused) 5388 { 5389 /* do just nothing */ 5390 } 5391 /* 5392 * This file is large. Tell emacs to highlight it nevertheless. 5393 * 5394 * Local Variables: 5395 * hilit-auto-highlight-maxout: 120000 5396 * End: 5397 */ 5398