1 /* $OpenBSD: if_spppsubr.c,v 1.5 2000/04/26 18:39:38 chris Exp $ */
2 /*
3 * Synchronous PPP/Cisco link level subroutines.
4 * Keepalive protocol implemented in both Cisco and PPP modes.
5 *
6 * Copyright (C) 1994-1996 Cronyx Engineering Ltd.
7 * Author: Serge Vakulenko, <vak@cronyx.ru>
8 *
9 * Heavily revamped to conform to RFC 1661.
10 * Copyright (C) 1997, Joerg Wunsch.
11 *
12 * This software is distributed with NO WARRANTIES, not even the implied
13 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
14 *
15 * Authors grant any other persons or organisations permission to use
16 * or modify this software as long as this message is kept with the software,
17 * all derivative works or modified versions.
18 *
19 * Version 2.6, Tue May 12 17:10:39 MSD 1998
20 *
21 */
22
23 #include <sys/param.h>
24
25 #if defined (__FreeBSD__)
26 #include "opt_inet.h"
27 #include "opt_ipx.h"
28 #endif
29
30 #ifdef NetBSD1_3
31 # if NetBSD1_3 > 6
32 # include "opt_inet.h"
33 # include "opt_iso.h"
34 # endif
35 #endif
36
37 #ifdef __OpenBSD__
38 #define HIDE
39 #else
40 #define HIDE static
41 #endif
42
43 #include <sys/systm.h>
44 #include <sys/kernel.h>
45 #include <sys/sockio.h>
46 #include <sys/socket.h>
47 #include <sys/syslog.h>
48 #include <sys/malloc.h>
49 #include <sys/mbuf.h>
50
51 #if defined (__OpenBSD__)
52 #include <sys/md5k.h>
53 #else
54 #include <sys/md5.h>
55 #endif
56
57 #include <net/if.h>
58 #include <net/netisr.h>
59 #include <net/if_types.h>
60
61 #if defined (__FreeBSD__) || defined(__OpenBSD_) || defined(__NetBSD__)
62 #include <machine/random.h>
63 #endif
64 #if defined (__NetBSD__) || defined (__OpenBSD__)
65 #include <machine/cpu.h> /* XXX for softnet */
66 #endif
67 #include <machine/stdarg.h>
68
69 #ifdef INET
70 #include <netinet/in.h>
71 #include <netinet/in_systm.h>
72 #include <netinet/in_var.h>
73 #include <netinet/ip.h>
74 #include <netinet/tcp.h>
75 # if defined (__FreeBSD__) || defined (__OpenBSD__)
76 # include <netinet/if_ether.h>
77 # else
78 # include <net/ethertypes.h>
79 # endif
80 #else
81 # error Huh? sppp without INET?
82 #endif
83
84 #ifdef IPX
85 #include <netipx/ipx.h>
86 #include <netipx/ipx_if.h>
87 #endif
88
89 #ifdef NS
90 #include <netns/ns.h>
91 #include <netns/ns_if.h>
92 #endif
93
94 #ifdef ISO
95 #include <netiso/argo_debug.h>
96 #include <netiso/iso.h>
97 #include <netiso/iso_var.h>
98 #include <netiso/iso_snpac.h>
99 #endif
100
101 #include <net/if_sppp.h>
102
103 #if defined (__FreeBSD__)
104 # define UNTIMEOUT(fun, arg, handle) \
105 untimeout(fun, arg, handle)
106 #else
107 # define UNTIMEOUT(fun, arg, handle) \
108 untimeout(fun, arg)
109 #endif
110 #define MAXALIVECNT 3 /* max. alive packets */
111
112 /*
113 * Interface flags that can be set in an ifconfig command.
114 *
115 * Setting link0 will make the link passive, i.e. it will be marked
116 * as being administrative openable, but won't be opened to begin
117 * with. Incoming calls will be answered, or subsequent calls with
118 * -link1 will cause the administrative open of the LCP layer.
119 *
120 * Setting link1 will cause the link to auto-dial only as packets
121 * arrive to be sent.
122 *
123 * Setting IFF_DEBUG will syslog the option negotiation and state
124 * transitions at level kern.debug. Note: all logs consistently look
125 * like
126 *
127 * <if-name><unit>: <proto-name> <additional info...>
128 *
129 * with <if-name><unit> being something like "bppp0", and <proto-name>
130 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc.
131 */
132
133 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */
134 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */
135
136 #define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */
137 #define PPP_UI 0x03 /* Unnumbered Information */
138 #define PPP_IP 0x0021 /* Internet Protocol */
139 #define PPP_ISO 0x0023 /* ISO OSI Protocol */
140 #define PPP_XNS 0x0025 /* Xerox NS Protocol */
141 #define PPP_IPX 0x002b /* Novell IPX Protocol */
142 #define PPP_LCP 0xc021 /* Link Control Protocol */
143 #define PPP_PAP 0xc023 /* Password Authentication Protocol */
144 #define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */
145 #define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */
146
147 #define CONF_REQ 1 /* PPP configure request */
148 #define CONF_ACK 2 /* PPP configure acknowledge */
149 #define CONF_NAK 3 /* PPP configure negative ack */
150 #define CONF_REJ 4 /* PPP configure reject */
151 #define TERM_REQ 5 /* PPP terminate request */
152 #define TERM_ACK 6 /* PPP terminate acknowledge */
153 #define CODE_REJ 7 /* PPP code reject */
154 #define PROTO_REJ 8 /* PPP protocol reject */
155 #define ECHO_REQ 9 /* PPP echo request */
156 #define ECHO_REPLY 10 /* PPP echo reply */
157 #define DISC_REQ 11 /* PPP discard request */
158
159 #define LCP_OPT_MRU 1 /* maximum receive unit */
160 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */
161 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */
162 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */
163 #define LCP_OPT_MAGIC 5 /* magic number */
164 #define LCP_OPT_RESERVED 6 /* reserved */
165 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */
166 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */
167
168 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */
169 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */
170 #define IPCP_OPT_ADDRESS 3 /* local IP address */
171
172 #define PAP_REQ 1 /* PAP name/password request */
173 #define PAP_ACK 2 /* PAP acknowledge */
174 #define PAP_NAK 3 /* PAP fail */
175
176 #define CHAP_CHALLENGE 1 /* CHAP challenge request */
177 #define CHAP_RESPONSE 2 /* CHAP challenge response */
178 #define CHAP_SUCCESS 3 /* CHAP response ok */
179 #define CHAP_FAILURE 4 /* CHAP response failed */
180
181 #define CHAP_MD5 5 /* hash algorithm - MD5 */
182
183 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */
184 #define CISCO_UNICAST 0x0f /* Cisco unicast address */
185 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */
186 #define CISCO_ADDR_REQ 0 /* Cisco address request */
187 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */
188 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */
189
190 /* states are named and numbered according to RFC 1661 */
191 #define STATE_INITIAL 0
192 #define STATE_STARTING 1
193 #define STATE_CLOSED 2
194 #define STATE_STOPPED 3
195 #define STATE_CLOSING 4
196 #define STATE_STOPPING 5
197 #define STATE_REQ_SENT 6
198 #define STATE_ACK_RCVD 7
199 #define STATE_ACK_SENT 8
200 #define STATE_OPENED 9
201
202 struct ppp_header {
203 u_char address;
204 u_char control;
205 u_short protocol;
206 };
207 #define PPP_HEADER_LEN sizeof (struct ppp_header)
208
209 struct lcp_header {
210 u_char type;
211 u_char ident;
212 u_short len;
213 };
214 #define LCP_HEADER_LEN sizeof (struct lcp_header)
215
216 struct cisco_packet {
217 u_long type;
218 u_long par1;
219 u_long par2;
220 u_short rel;
221 u_short time0;
222 u_short time1;
223 };
224 #define CISCO_PACKET_LEN 18
225
226 /*
227 * We follow the spelling and capitalization of RFC 1661 here, to make
228 * it easier comparing with the standard. Please refer to this RFC in
229 * case you can't make sense out of these abbreviation; it will also
230 * explain the semantics related to the various events and actions.
231 */
232 struct cp {
233 u_short proto; /* PPP control protocol number */
234 u_char protoidx; /* index into state table in struct sppp */
235 u_char flags;
236 #define CP_LCP 0x01 /* this is the LCP */
237 #define CP_AUTH 0x02 /* this is an authentication protocol */
238 #define CP_NCP 0x04 /* this is a NCP */
239 #define CP_QUAL 0x08 /* this is a quality reporting protocol */
240 const char *name; /* name of this control protocol */
241 /* event handlers */
242 void (*Up)(struct sppp *sp);
243 void (*Down)(struct sppp *sp);
244 void (*Open)(struct sppp *sp);
245 void (*Close)(struct sppp *sp);
246 void (*TO)(void *sp);
247 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len);
248 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len);
249 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len);
250 /* actions */
251 void (*tlu)(struct sppp *sp);
252 void (*tld)(struct sppp *sp);
253 void (*tls)(struct sppp *sp);
254 void (*tlf)(struct sppp *sp);
255 void (*scr)(struct sppp *sp);
256 };
257
258 static struct sppp *spppq;
259 #if defined (__FreeBSD__)
260 static struct callout_handle keepalive_ch;
261 #endif
262
263 #if defined (__FreeBSD__)
264 #define SPP_FMT "%s%d: "
265 #define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit
266 #else
267 #define SPP_FMT "%s: "
268 #define SPP_ARGS(ifp) (ifp)->if_xname
269 #endif
270
271 /*
272 * The following disgusting hack gets around the problem that IP TOS
273 * can't be set yet. We want to put "interactive" traffic on a high
274 * priority queue. To decide if traffic is interactive, we check that
275 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control.
276 *
277 * XXX is this really still necessary? - joerg -
278 */
279 static u_short interactive_ports[8] = {
280 0, 513, 0, 0,
281 0, 21, 0, 23,
282 };
283 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p))
284
285 /* almost every function needs these */
286 #define STDDCL \
287 struct ifnet *ifp = &sp->pp_if; \
288 int debug = ifp->if_flags & IFF_DEBUG
289
290 HIDE int sppp_output(struct ifnet *ifp, struct mbuf *m,
291 struct sockaddr *dst, struct rtentry *rt);
292
293 HIDE void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2);
294 HIDE void sppp_cisco_input(struct sppp *sp, struct mbuf *m);
295
296 HIDE void sppp_cp_input(const struct cp *cp, struct sppp *sp,
297 struct mbuf *m);
298 HIDE void sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
299 u_char ident, u_short len, void *data);
300 #ifdef notyet
301 HIDE void sppp_cp_timeout(void *arg);
302 #endif
303 HIDE void sppp_cp_change_state(const struct cp *cp, struct sppp *sp,
304 int newstate);
305 HIDE void sppp_auth_send(const struct cp *cp,
306 struct sppp *sp, u_char type, u_char id,
307 ...);
308
309 HIDE void sppp_up_event(const struct cp *cp, struct sppp *sp);
310 HIDE void sppp_down_event(const struct cp *cp, struct sppp *sp);
311 HIDE void sppp_open_event(const struct cp *cp, struct sppp *sp);
312 HIDE void sppp_close_event(const struct cp *cp, struct sppp *sp);
313 HIDE void sppp_increasing_timeout(const struct cp *cp, struct sppp *sp);
314 HIDE void sppp_to_event(const struct cp *cp, struct sppp *sp);
315
316 HIDE void sppp_null(struct sppp *sp);
317
318 HIDE void sppp_lcp_init(struct sppp *sp);
319 HIDE void sppp_lcp_up(struct sppp *sp);
320 HIDE void sppp_lcp_down(struct sppp *sp);
321 HIDE void sppp_lcp_open(struct sppp *sp);
322 HIDE void sppp_lcp_close(struct sppp *sp);
323 HIDE void sppp_lcp_TO(void *sp);
324 HIDE int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
325 HIDE void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
326 HIDE void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
327 HIDE void sppp_lcp_tlu(struct sppp *sp);
328 HIDE void sppp_lcp_tld(struct sppp *sp);
329 HIDE void sppp_lcp_tls(struct sppp *sp);
330 HIDE void sppp_lcp_tlf(struct sppp *sp);
331 HIDE void sppp_lcp_scr(struct sppp *sp);
332 HIDE void sppp_lcp_check_and_close(struct sppp *sp);
333 HIDE int sppp_ncp_check(struct sppp *sp);
334
335 HIDE void sppp_ipcp_init(struct sppp *sp);
336 HIDE void sppp_ipcp_up(struct sppp *sp);
337 HIDE void sppp_ipcp_down(struct sppp *sp);
338 HIDE void sppp_ipcp_open(struct sppp *sp);
339 HIDE void sppp_ipcp_close(struct sppp *sp);
340 HIDE void sppp_ipcp_TO(void *sp);
341 HIDE int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
342 HIDE void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
343 HIDE void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
344 HIDE void sppp_ipcp_tlu(struct sppp *sp);
345 HIDE void sppp_ipcp_tld(struct sppp *sp);
346 HIDE void sppp_ipcp_tls(struct sppp *sp);
347 HIDE void sppp_ipcp_tlf(struct sppp *sp);
348 HIDE void sppp_ipcp_scr(struct sppp *sp);
349
350 HIDE void sppp_pap_input(struct sppp *sp, struct mbuf *m);
351 HIDE void sppp_pap_init(struct sppp *sp);
352 HIDE void sppp_pap_open(struct sppp *sp);
353 HIDE void sppp_pap_close(struct sppp *sp);
354 HIDE void sppp_pap_TO(void *sp);
355 HIDE void sppp_pap_my_TO(void *sp);
356 HIDE void sppp_pap_tlu(struct sppp *sp);
357 HIDE void sppp_pap_tld(struct sppp *sp);
358 HIDE void sppp_pap_scr(struct sppp *sp);
359
360 HIDE void sppp_chap_input(struct sppp *sp, struct mbuf *m);
361 HIDE void sppp_chap_init(struct sppp *sp);
362 HIDE void sppp_chap_open(struct sppp *sp);
363 HIDE void sppp_chap_close(struct sppp *sp);
364 HIDE void sppp_chap_TO(void *sp);
365 HIDE void sppp_chap_tlu(struct sppp *sp);
366 HIDE void sppp_chap_tld(struct sppp *sp);
367 HIDE void sppp_chap_scr(struct sppp *sp);
368
369 HIDE const char *sppp_auth_type_name(u_short proto, u_char type);
370 HIDE const char *sppp_cp_type_name(u_char type);
371 HIDE const char *sppp_dotted_quad(u_long addr);
372 HIDE const char *sppp_ipcp_opt_name(u_char opt);
373 HIDE const char *sppp_lcp_opt_name(u_char opt);
374 HIDE const char *sppp_phase_name(enum ppp_phase phase);
375 HIDE const char *sppp_proto_name(u_short proto);
376 HIDE const char *sppp_state_name(int state);
377 HIDE int sppp_params(struct sppp *sp, u_long cmd, void *data);
378 HIDE int sppp_strnlen(u_char *p, int max);
379 HIDE void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst,
380 u_long *srcmask);
381 HIDE void sppp_keepalive(void *dummy);
382 HIDE void sppp_phase_network(struct sppp *sp);
383 HIDE void sppp_print_bytes(const u_char *p, u_short len);
384 HIDE void sppp_print_string(const char *p, u_short len);
385 HIDE void sppp_qflush(struct ifqueue *ifq);
386 HIDE void sppp_set_ip_addr(struct sppp *sp, u_long src);
387
388 /* our control protocol descriptors */
389 static const struct cp lcp = {
390 PPP_LCP, IDX_LCP, CP_LCP, "lcp",
391 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close,
392 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak,
393 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf,
394 sppp_lcp_scr
395 };
396
397 static const struct cp ipcp = {
398 PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp",
399 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close,
400 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak,
401 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf,
402 sppp_ipcp_scr
403 };
404
405 static const struct cp pap = {
406 PPP_PAP, IDX_PAP, CP_AUTH, "pap",
407 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close,
408 sppp_pap_TO, 0, 0, 0,
409 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null,
410 sppp_pap_scr
411 };
412
413 static const struct cp chap = {
414 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap",
415 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close,
416 sppp_chap_TO, 0, 0, 0,
417 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null,
418 sppp_chap_scr
419 };
420
421 static const struct cp *cps[IDX_COUNT] = {
422 &lcp, /* IDX_LCP */
423 &ipcp, /* IDX_IPCP */
424 &pap, /* IDX_PAP */
425 &chap, /* IDX_CHAP */
426 };
427
428
429 �/*
430 * Exported functions, comprising our interface to the lower layer.
431 */
432
433 #if defined(__OpenBSD__)
434 /* Workaround */
435 void
436 spppattach(struct ifnet *ifp)
437 {
438 }
439 #endif
440
441 /*
442 * Process the received packet.
443 */
444 void
445 sppp_input(struct ifnet *ifp, struct mbuf *m)
446 {
447 struct ppp_header *h;
448 struct ifqueue *inq = 0;
449 int s;
450 struct sppp *sp = (struct sppp *)ifp;
451 int debug = ifp->if_flags & IFF_DEBUG;
452
453 if (ifp->if_flags & IFF_UP)
454 /* Count received bytes, add FCS and one flag */
455 ifp->if_ibytes += m->m_pkthdr.len + 3;
456
457 if (m->m_pkthdr.len <= PPP_HEADER_LEN) {
458 /* Too small packet, drop it. */
459 if (debug)
460 log(LOG_DEBUG,
461 SPP_FMT "input packet is too small, %d bytes\n",
462 SPP_ARGS(ifp), m->m_pkthdr.len);
463 drop:
464 ++ifp->if_ierrors;
465 ++ifp->if_iqdrops;
466 m_freem (m);
467 return;
468 }
469
470 /* Get PPP header. */
471 h = mtod (m, struct ppp_header*);
472 m_adj (m, PPP_HEADER_LEN);
473
474 switch (h->address) {
475 case PPP_ALLSTATIONS:
476 if (h->control != PPP_UI)
477 goto invalid;
478 if (sp->pp_flags & PP_CISCO) {
479 if (debug)
480 log(LOG_DEBUG,
481 SPP_FMT "PPP packet in Cisco mode "
482 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
483 SPP_ARGS(ifp),
484 h->address, h->control, ntohs(h->protocol));
485 goto drop;
486 }
487 switch (ntohs (h->protocol)) {
488 default:
489 if (sp->state[IDX_LCP] == STATE_OPENED)
490 sppp_cp_send (sp, PPP_LCP, PROTO_REJ,
491 ++sp->pp_seq, m->m_pkthdr.len + 2,
492 &h->protocol);
493 if (debug)
494 log(LOG_DEBUG,
495 SPP_FMT "invalid input protocol "
496 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
497 SPP_ARGS(ifp),
498 h->address, h->control, ntohs(h->protocol));
499 ++ifp->if_noproto;
500 goto drop;
501 case PPP_LCP:
502 sppp_cp_input(&lcp, sp, m);
503 m_freem (m);
504 return;
505 case PPP_PAP:
506 if (sp->pp_phase >= PHASE_AUTHENTICATE)
507 sppp_pap_input(sp, m);
508 m_freem (m);
509 return;
510 case PPP_CHAP:
511 if (sp->pp_phase >= PHASE_AUTHENTICATE)
512 sppp_chap_input(sp, m);
513 m_freem (m);
514 return;
515 #ifdef INET
516 case PPP_IPCP:
517 if (sp->pp_phase == PHASE_NETWORK)
518 sppp_cp_input(&ipcp, sp, m);
519 m_freem (m);
520 return;
521 case PPP_IP:
522 if (sp->state[IDX_IPCP] == STATE_OPENED) {
523 schednetisr (NETISR_IP);
524 inq = &ipintrq;
525 }
526 break;
527 #endif
528 #ifdef IPX
529 case PPP_IPX:
530 /* IPX IPXCP not implemented yet */
531 if (sp->pp_phase == PHASE_NETWORK) {
532 schednetisr (NETISR_IPX);
533 inq = &ipxintrq;
534 }
535 break;
536 #endif
537 #ifdef NS
538 case PPP_XNS:
539 /* XNS IDPCP not implemented yet */
540 if (sp->pp_phase == PHASE_NETWORK) {
541 schednetisr (NETISR_NS);
542 inq = &nsintrq;
543 }
544 break;
545 #endif
546 #ifdef ISO
547 case PPP_ISO:
548 /* OSI NLCP not implemented yet */
549 if (sp->pp_phase == PHASE_NETWORK) {
550 schednetisr (NETISR_ISO);
551 inq = &clnlintrq;
552 }
553 break;
554 #endif
555 }
556 break;
557 case CISCO_MULTICAST:
558 case CISCO_UNICAST:
559 /* Don't check the control field here (RFC 1547). */
560 if (! (sp->pp_flags & PP_CISCO)) {
561 if (debug)
562 log(LOG_DEBUG,
563 SPP_FMT "Cisco packet in PPP mode "
564 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
565 SPP_ARGS(ifp),
566 h->address, h->control, ntohs(h->protocol));
567 goto drop;
568 }
569 switch (ntohs (h->protocol)) {
570 default:
571 ++ifp->if_noproto;
572 goto invalid;
573 case CISCO_KEEPALIVE:
574 sppp_cisco_input ((struct sppp*) ifp, m);
575 m_freem (m);
576 return;
577 #ifdef INET
578 case ETHERTYPE_IP:
579 schednetisr (NETISR_IP);
580 inq = &ipintrq;
581 break;
582 #endif
583 #ifdef IPX
584 case ETHERTYPE_IPX:
585 schednetisr (NETISR_IPX);
586 inq = &ipxintrq;
587 break;
588 #endif
589 #ifdef NS
590 case ETHERTYPE_NS:
591 schednetisr (NETISR_NS);
592 inq = &nsintrq;
593 break;
594 #endif
595 }
596 break;
597 default: /* Invalid PPP packet. */
598 invalid:
599 if (debug)
600 log(LOG_DEBUG,
601 SPP_FMT "invalid input packet "
602 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
603 SPP_ARGS(ifp),
604 h->address, h->control, ntohs(h->protocol));
605 goto drop;
606 }
607
608 if (! (ifp->if_flags & IFF_UP) || ! inq)
609 goto drop;
610
611 /* Check queue. */
612 s = splimp();
613 if (IF_QFULL (inq)) {
614 /* Queue overflow. */
615 IF_DROP(inq);
616 splx(s);
617 if (debug)
618 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n",
619 SPP_ARGS(ifp));
620 goto drop;
621 }
622 IF_ENQUEUE(inq, m);
623 splx(s);
624 }
625
626 /*
627 * Enqueue transmit packet.
628 */
629 HIDE int
630 sppp_output(struct ifnet *ifp, struct mbuf *m,
631 struct sockaddr *dst, struct rtentry *rt)
632 {
633 struct sppp *sp = (struct sppp*) ifp;
634 struct ppp_header *h;
635 struct ifqueue *ifq;
636 int s, rv = 0;
637
638 s = splimp();
639
640 if ((ifp->if_flags & IFF_UP) == 0 ||
641 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) {
642 m_freem (m);
643 splx (s);
644 return (ENETDOWN);
645 }
646
647 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) {
648 /*
649 * Interface is not yet running, but auto-dial. Need
650 * to start LCP for it.
651 */
652 ifp->if_flags |= IFF_RUNNING;
653 splx(s);
654 lcp.Open(sp);
655 s = splimp();
656 }
657
658 ifq = &ifp->if_snd;
659 #ifdef INET
660 /*
661 * Put low delay, telnet, rlogin and ftp control packets
662 * in front of the queue.
663 */
664 if (dst->sa_family == AF_INET) {
665 /* XXX Check mbuf length here? */
666 struct ip *ip = mtod (m, struct ip*);
667 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl);
668
669 /*
670 * When using dynamic local IP address assignment by using
671 * 0.0.0.0 as a local address, the first TCP session will
672 * not connect because the local TCP checksum is computed
673 * using 0.0.0.0 which will later become our real IP address
674 * so the TCP checksum computed at the remote end will
675 * become invalid. So we
676 * - don't let packets with src ip addr 0 thru
677 * - we flag TCP packets with src ip 0 as an error
678 */
679
680 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */
681 {
682 m_freem(m);
683 splx(s);
684 if(ip->ip_p == IPPROTO_TCP)
685 return(EADDRNOTAVAIL);
686 else
687 return(0);
688 }
689
690
691 if (! IF_QFULL (&sp->pp_fastq) &&
692 ((ip->ip_tos & IPTOS_LOWDELAY) ||
693 ((ip->ip_p == IPPROTO_TCP &&
694 m->m_len >= sizeof (struct ip) + sizeof (struct tcphdr) &&
695 (INTERACTIVE (ntohs (tcp->th_sport)))) ||
696 INTERACTIVE (ntohs (tcp->th_dport)))))
697 ifq = &sp->pp_fastq;
698 }
699 #endif
700
701 /*
702 * Prepend general data packet PPP header. For now, IP only.
703 */
704 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT);
705 if (! m) {
706 if (ifp->if_flags & IFF_DEBUG)
707 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n",
708 SPP_ARGS(ifp));
709 ++ifp->if_oerrors;
710 splx (s);
711 return (ENOBUFS);
712 }
713 /*
714 * May want to check size of packet
715 * (albeit due to the implementation it's always enough)
716 */
717 h = mtod (m, struct ppp_header*);
718 if (sp->pp_flags & PP_CISCO) {
719 h->address = CISCO_UNICAST; /* unicast address */
720 h->control = 0;
721 } else {
722 h->address = PPP_ALLSTATIONS; /* broadcast address */
723 h->control = PPP_UI; /* Unnumbered Info */
724 }
725
726 switch (dst->sa_family) {
727 #ifdef INET
728 case AF_INET: /* Internet Protocol */
729 if (sp->pp_flags & PP_CISCO)
730 h->protocol = htons (ETHERTYPE_IP);
731 else {
732 /*
733 * Don't choke with an ENETDOWN early. It's
734 * possible that we just started dialing out,
735 * so don't drop the packet immediately. If
736 * we notice that we run out of buffer space
737 * below, we will however remember that we are
738 * not ready to carry IP packets, and return
739 * ENETDOWN, as opposed to ENOBUFS.
740 */
741 h->protocol = htons(PPP_IP);
742 if (sp->state[IDX_IPCP] != STATE_OPENED)
743 rv = ENETDOWN;
744 }
745 break;
746 #endif
747 #ifdef NS
748 case AF_NS: /* Xerox NS Protocol */
749 h->protocol = htons ((sp->pp_flags & PP_CISCO) ?
750 ETHERTYPE_NS : PPP_XNS);
751 break;
752 #endif
753 #ifdef IPX
754 case AF_IPX: /* Novell IPX Protocol */
755 h->protocol = htons ((sp->pp_flags & PP_CISCO) ?
756 ETHERTYPE_IPX : PPP_IPX);
757 break;
758 #endif
759 #ifdef ISO
760 case AF_ISO: /* ISO OSI Protocol */
761 if (sp->pp_flags & PP_CISCO)
762 goto nosupport;
763 h->protocol = htons (PPP_ISO);
764 break;
765 nosupport:
766 #endif
767 default:
768 m_freem (m);
769 ++ifp->if_oerrors;
770 splx (s);
771 return (EAFNOSUPPORT);
772 }
773
774 /*
775 * Queue message on interface, and start output if interface
776 * not yet active.
777 */
778 if (IF_QFULL (ifq)) {
779 IF_DROP (&ifp->if_snd);
780 m_freem (m);
781 ++ifp->if_oerrors;
782 splx (s);
783 return (rv? rv: ENOBUFS);
784 }
785 IF_ENQUEUE (ifq, m);
786 if (! (ifp->if_flags & IFF_OACTIVE))
787 (*ifp->if_start) (ifp);
788
789 /*
790 * Count output packets and bytes.
791 * The packet length includes header, FCS and 1 flag,
792 * according to RFC 1333.
793 */
794 ifp->if_obytes += m->m_pkthdr.len + 3;
795 splx (s);
796 return (0);
797 }
798
799 void
800 sppp_attach(struct ifnet *ifp)
801 {
802 struct sppp *sp = (struct sppp*) ifp;
803
804 /* Initialize keepalive handler. */
805 if (! spppq)
806 #if defined (__FreeBSD__)
807 keepalive_ch =
808 #endif
809 timeout(sppp_keepalive, 0, hz * 10);
810
811 /* Insert new entry into the keepalive list. */
812 sp->pp_next = spppq;
813 spppq = sp;
814
815 sp->pp_if.if_type = IFT_PPP;
816 sp->pp_if.if_output = sppp_output;
817 sp->pp_if.if_snd.ifq_maxlen = 50;
818 sp->pp_fastq.ifq_maxlen = 50;
819 sp->pp_cpq.ifq_maxlen = 50;
820 sp->pp_loopcnt = 0;
821 sp->pp_alivecnt = 0;
822 sp->pp_seq = 0;
823 sp->pp_rseq = 0;
824 sp->pp_phase = PHASE_DEAD;
825 sp->pp_up = lcp.Up;
826 sp->pp_down = lcp.Down;
827
828 sppp_lcp_init(sp);
829 sppp_ipcp_init(sp);
830 sppp_pap_init(sp);
831 sppp_chap_init(sp);
832 }
833
834 void
835 sppp_detach(struct ifnet *ifp)
836 {
837 struct sppp **q, *p, *sp = (struct sppp*) ifp;
838 int i;
839
840 /* Remove the entry from the keepalive list. */
841 for (q = &spppq; (p = *q); q = &p->pp_next)
842 if (p == sp) {
843 *q = p->pp_next;
844 break;
845 }
846
847 /* Stop keepalive handler. */
848 if (! spppq)
849 UNTIMEOUT(sppp_keepalive, 0, keepalive_ch);
850
851 for (i = 0; i < IDX_COUNT; i++)
852 UNTIMEOUT((cps[i])->TO, (void *)sp, sp->ch[i]);
853 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
854 }
855
856 /*
857 * Flush the interface output queue.
858 */
859 void
860 sppp_flush(struct ifnet *ifp)
861 {
862 struct sppp *sp = (struct sppp*) ifp;
863
864 sppp_qflush (&sp->pp_if.if_snd);
865 sppp_qflush (&sp->pp_fastq);
866 sppp_qflush (&sp->pp_cpq);
867 }
868
869 /*
870 * Check if the output queue is empty.
871 */
872 int
873 sppp_isempty(struct ifnet *ifp)
874 {
875 struct sppp *sp = (struct sppp*) ifp;
876 int empty, s;
877
878 s = splimp();
879 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head &&
880 !sp->pp_if.if_snd.ifq_head;
881 splx(s);
882 return (empty);
883 }
884
885 /*
886 * Get next packet to send.
887 */
888 struct mbuf *
889 sppp_dequeue(struct ifnet *ifp)
890 {
891 struct sppp *sp = (struct sppp*) ifp;
892 struct mbuf *m;
893 int s;
894
895 s = splimp();
896 /*
897 * Process only the control protocol queue until we have at
898 * least one NCP open.
899 *
900 * Do always serve all three queues in Cisco mode.
901 */
902 IF_DEQUEUE(&sp->pp_cpq, m);
903 if (m == NULL &&
904 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) {
905 IF_DEQUEUE(&sp->pp_fastq, m);
906 if (m == NULL)
907 IF_DEQUEUE (&sp->pp_if.if_snd, m);
908 }
909 splx(s);
910 return m;
911 }
912
913 /*
914 * Pick the next packet, do not remove it from the queue.
915 */
916 struct mbuf *
917 sppp_pick(struct ifnet *ifp)
918 {
919 struct sppp *sp = (struct sppp*)ifp;
920 struct mbuf *m;
921 int s;
922
923 s= splimp ();
924
925 m = sp->pp_cpq.ifq_head;
926 if (m == NULL &&
927 (sp->pp_phase == PHASE_NETWORK ||
928 (sp->pp_flags & PP_CISCO) != 0))
929 if ((m = sp->pp_fastq.ifq_head) == NULL)
930 m = sp->pp_if.if_snd.ifq_head;
931 splx (s);
932 return (m);
933 }
934
935 /*
936 * Process an ioctl request. Called on low priority level.
937 */
938 int
939 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data)
940 {
941 struct ifreq *ifr = (struct ifreq*) data;
942 struct sppp *sp = (struct sppp*) ifp;
943 int s, rv, going_up, going_down;
944
945 s = splimp();
946 rv = 0;
947 switch (cmd) {
948 case SIOCAIFADDR:
949 case SIOCSIFDSTADDR:
950 break;
951
952 case SIOCSIFADDR:
953 if_up(ifp);
954 /* fall through... */
955
956 case SIOCSIFFLAGS:
957 /* sanity */
958 if (ifp->if_flags & IFF_PASSIVE)
959 ifp->if_flags &= ~IFF_AUTO;
960
961 going_up = (ifp->if_flags & IFF_UP) && ! (ifp->if_flags &
962 (IFF_RUNNING | IFF_AUTO | IFF_PASSIVE));
963 going_down = ! (ifp->if_flags & IFF_UP) &&
964 (ifp->if_flags & IFF_RUNNING);
965
966 if (going_up || going_down) {
967 if (! (sp->pp_flags & PP_CISCO))
968 lcp.Close(sp);
969 else {
970 sppp_flush(ifp);
971 ifp->if_flags &= ~IFF_RUNNING;
972 }
973 }
974 if (going_up) {
975 /* neither auto-dial nor passive */
976 ifp->if_flags |= IFF_RUNNING;
977 if (!(sp->pp_flags & PP_CISCO))
978 lcp.Open(sp);
979 }
980 break;
981
982 #ifdef SIOCSIFMTU
983 case SIOCSIFMTU:
984 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru)
985 return (EINVAL);
986 ifp->if_mtu = ifr->ifr_mtu;
987 break;
988 #endif
989 #ifdef SLIOCSETMTU
990 case SLIOCSETMTU:
991 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru)
992 return (EINVAL);
993 ifp->if_mtu = *(short*)data;
994 break;
995 #endif
996 #ifdef SIOCGIFMTU
997 case SIOCGIFMTU:
998 ifr->ifr_mtu = ifp->if_mtu;
999 break;
1000 #endif
1001 #ifdef SLIOCGETMTU
1002 case SLIOCGETMTU:
1003 *(short*)data = ifp->if_mtu;
1004 break;
1005 #endif
1006 case SIOCADDMULTI:
1007 case SIOCDELMULTI:
1008 break;
1009
1010 case SIOCGIFGENERIC:
1011 case SIOCSIFGENERIC:
1012 rv = sppp_params(sp, cmd, data);
1013 break;
1014
1015 default:
1016 rv = ENOTTY;
1017 }
1018 splx(s);
1019 return rv;
1020 }
1021
1022
1023 �/*
1024 * Cisco framing implementation.
1025 */
1026
1027 /*
1028 * Handle incoming Cisco keepalive protocol packets.
1029 */
1030 HIDE void
1031 sppp_cisco_input(struct sppp *sp, struct mbuf *m)
1032 {
1033 STDDCL;
1034 struct cisco_packet *h;
1035 u_long me, mymask;
1036
1037 if (m->m_pkthdr.len < CISCO_PACKET_LEN) {
1038 if (debug)
1039 log(LOG_DEBUG,
1040 SPP_FMT "cisco invalid packet length: %d bytes\n",
1041 SPP_ARGS(ifp), m->m_pkthdr.len);
1042 return;
1043 }
1044 h = mtod (m, struct cisco_packet*);
1045 if (debug)
1046 log(LOG_DEBUG,
1047 SPP_FMT "cisco input: %d bytes "
1048 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n",
1049 SPP_ARGS(ifp), m->m_pkthdr.len,
1050 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel,
1051 (u_int)h->time0, (u_int)h->time1);
1052 switch (ntohl (h->type)) {
1053 default:
1054 if (debug)
1055 addlog(SPP_FMT "cisco unknown packet type: 0x%lx\n",
1056 SPP_ARGS(ifp), (u_long)ntohl (h->type));
1057 break;
1058 case CISCO_ADDR_REPLY:
1059 /* Reply on address request, ignore */
1060 break;
1061 case CISCO_KEEPALIVE_REQ:
1062 sp->pp_alivecnt = 0;
1063 sp->pp_rseq = ntohl (h->par1);
1064 if (sp->pp_seq == sp->pp_rseq) {
1065 /* Local and remote sequence numbers are equal.
1066 * Probably, the line is in loopback mode. */
1067 if (sp->pp_loopcnt >= MAXALIVECNT) {
1068 printf (SPP_FMT "loopback\n",
1069 SPP_ARGS(ifp));
1070 sp->pp_loopcnt = 0;
1071 if (ifp->if_flags & IFF_UP) {
1072 if_down (ifp);
1073 sppp_qflush (&sp->pp_cpq);
1074 }
1075 }
1076 ++sp->pp_loopcnt;
1077
1078 /* Generate new local sequence number */
1079 #if defined (__FreeBSD__) || defined (__NetBSD__) || defined(__OpenBSD__)
1080 sp->pp_seq = random();
1081 #else
1082 sp->pp_seq ^= time.tv_sec ^ time.tv_usec;
1083 #endif
1084 break;
1085 }
1086 sp->pp_loopcnt = 0;
1087 if (! (ifp->if_flags & IFF_UP) &&
1088 (ifp->if_flags & IFF_RUNNING)) {
1089 if_up(ifp);
1090 printf (SPP_FMT "up\n", SPP_ARGS(ifp));
1091 }
1092 break;
1093 case CISCO_ADDR_REQ:
1094 sppp_get_ip_addrs(sp, &me, 0, &mymask);
1095 if (me != 0L)
1096 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask);
1097 break;
1098 }
1099 }
1100
1101 /*
1102 * Send Cisco keepalive packet.
1103 */
1104 HIDE void
1105 sppp_cisco_send(struct sppp *sp, int type, long par1, long par2)
1106 {
1107 STDDCL;
1108 struct ppp_header *h;
1109 struct cisco_packet *ch;
1110 struct mbuf *m;
1111 #if defined (__FreeBSD__)
1112 struct timeval tv;
1113 #else
1114 u_long t = (time.tv_sec - boottime.tv_sec) * 1000;
1115 #endif
1116
1117 #if defined (__FreeBSD__)
1118 getmicrouptime(&tv);
1119 #endif
1120
1121 MGETHDR (m, M_DONTWAIT, MT_DATA);
1122 if (! m)
1123 return;
1124 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN;
1125 m->m_pkthdr.rcvif = 0;
1126
1127 h = mtod (m, struct ppp_header*);
1128 h->address = CISCO_MULTICAST;
1129 h->control = 0;
1130 h->protocol = htons (CISCO_KEEPALIVE);
1131
1132 ch = (struct cisco_packet*) (h + 1);
1133 ch->type = htonl (type);
1134 ch->par1 = htonl (par1);
1135 ch->par2 = htonl (par2);
1136 ch->rel = -1;
1137
1138 #if defined (__FreeBSD__)
1139 ch->time0 = htons ((u_short) (tv.tv_sec >> 16));
1140 ch->time1 = htons ((u_short) tv.tv_sec);
1141 #else
1142 ch->time0 = htons ((u_short) (t >> 16));
1143 ch->time1 = htons ((u_short) t);
1144 #endif
1145
1146 if (debug)
1147 log(LOG_DEBUG,
1148 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n",
1149 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1,
1150 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1);
1151
1152 if (IF_QFULL (&sp->pp_cpq)) {
1153 IF_DROP (&sp->pp_fastq);
1154 IF_DROP (&ifp->if_snd);
1155 m_freem (m);
1156 } else
1157 IF_ENQUEUE (&sp->pp_cpq, m);
1158 if (! (ifp->if_flags & IFF_OACTIVE))
1159 (*ifp->if_start) (ifp);
1160 ifp->if_obytes += m->m_pkthdr.len + 3;
1161 }
1162
1163 �/*
1164 * PPP protocol implementation.
1165 */
1166
1167 /*
1168 * Send PPP control protocol packet.
1169 */
1170 HIDE void
1171 sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
1172 u_char ident, u_short len, void *data)
1173 {
1174 STDDCL;
1175 struct ppp_header *h;
1176 struct lcp_header *lh;
1177 struct mbuf *m;
1178
1179 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN)
1180 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN;
1181 MGETHDR (m, M_DONTWAIT, MT_DATA);
1182 if (! m)
1183 return;
1184 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len;
1185 m->m_pkthdr.rcvif = 0;
1186
1187 h = mtod (m, struct ppp_header*);
1188 h->address = PPP_ALLSTATIONS; /* broadcast address */
1189 h->control = PPP_UI; /* Unnumbered Info */
1190 h->protocol = htons (proto); /* Link Control Protocol */
1191
1192 lh = (struct lcp_header*) (h + 1);
1193 lh->type = type;
1194 lh->ident = ident;
1195 lh->len = htons (LCP_HEADER_LEN + len);
1196 if (len)
1197 bcopy (data, lh+1, len);
1198
1199 if (debug) {
1200 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d",
1201 SPP_ARGS(ifp),
1202 sppp_proto_name(proto),
1203 sppp_cp_type_name (lh->type), lh->ident,
1204 ntohs (lh->len));
1205 if (len)
1206 sppp_print_bytes ((u_char*) (lh+1), len);
1207 addlog(">\n");
1208 }
1209 if (IF_QFULL (&sp->pp_cpq)) {
1210 IF_DROP (&sp->pp_fastq);
1211 IF_DROP (&ifp->if_snd);
1212 m_freem (m);
1213 ++ifp->if_oerrors;
1214 } else
1215 IF_ENQUEUE (&sp->pp_cpq, m);
1216 if (! (ifp->if_flags & IFF_OACTIVE))
1217 (*ifp->if_start) (ifp);
1218 ifp->if_obytes += m->m_pkthdr.len + 3;
1219 }
1220
1221 /*
1222 * Handle incoming PPP control protocol packets.
1223 */
1224 HIDE void
1225 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m)
1226 {
1227 STDDCL;
1228 struct lcp_header *h;
1229 int len = m->m_pkthdr.len;
1230 int rv;
1231 u_char *p;
1232
1233 if (len < 4) {
1234 if (debug)
1235 log(LOG_DEBUG,
1236 SPP_FMT "%s invalid packet length: %d bytes\n",
1237 SPP_ARGS(ifp), cp->name, len);
1238 return;
1239 }
1240 h = mtod (m, struct lcp_header*);
1241 if (debug) {
1242 log(LOG_DEBUG,
1243 SPP_FMT "%s input(%s): <%s id=0x%x len=%d",
1244 SPP_ARGS(ifp), cp->name,
1245 sppp_state_name(sp->state[cp->protoidx]),
1246 sppp_cp_type_name (h->type), h->ident, ntohs (h->len));
1247 if (len > 4)
1248 sppp_print_bytes ((u_char*) (h+1), len-4);
1249 addlog(">\n");
1250 }
1251 if (len > ntohs (h->len))
1252 len = ntohs (h->len);
1253 p = (u_char *)(h + 1);
1254 switch (h->type) {
1255 case CONF_REQ:
1256 if (len < 4) {
1257 if (debug)
1258 addlog(SPP_FMT "%s invalid conf-req length %d\n",
1259 SPP_ARGS(ifp), cp->name,
1260 len);
1261 ++ifp->if_ierrors;
1262 break;
1263 }
1264 /* handle states where RCR doesn't get a SCA/SCN */
1265 switch (sp->state[cp->protoidx]) {
1266 case STATE_CLOSING:
1267 case STATE_STOPPING:
1268 return;
1269 case STATE_CLOSED:
1270 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident,
1271 0, 0);
1272 return;
1273 }
1274 rv = (cp->RCR)(sp, h, len);
1275 switch (sp->state[cp->protoidx]) {
1276 case STATE_OPENED:
1277 sppp_cp_change_state(cp, sp, rv?
1278 STATE_ACK_SENT: STATE_REQ_SENT);
1279 (cp->tld)(sp);
1280 (cp->scr)(sp);
1281 break;
1282 case STATE_ACK_SENT:
1283 case STATE_REQ_SENT:
1284 sppp_cp_change_state(cp, sp, rv?
1285 STATE_ACK_SENT: STATE_REQ_SENT);
1286 break;
1287 case STATE_STOPPED:
1288 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1289 sppp_cp_change_state(cp, sp, rv?
1290 STATE_ACK_SENT: STATE_REQ_SENT);
1291 (cp->scr)(sp);
1292 break;
1293 case STATE_ACK_RCVD:
1294 if (rv) {
1295 sppp_cp_change_state(cp, sp, STATE_OPENED);
1296 if (debug)
1297 log(LOG_DEBUG, SPP_FMT "%s tlu\n",
1298 SPP_ARGS(ifp),
1299 cp->name);
1300 (cp->tlu)(sp);
1301 } else
1302 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1303 break;
1304 default:
1305 /* printf(SPP_FMT "%s illegal %s in state %s\n",
1306 SPP_ARGS(ifp), cp->name,
1307 sppp_cp_type_name(h->type),
1308 sppp_state_name(sp->state[cp->protoidx])); */
1309 ++ifp->if_ierrors;
1310 }
1311 break;
1312 case CONF_ACK:
1313 if (h->ident != sp->confid[cp->protoidx]) {
1314 if (debug)
1315 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n",
1316 SPP_ARGS(ifp), cp->name,
1317 h->ident, sp->confid[cp->protoidx]);
1318 ++ifp->if_ierrors;
1319 break;
1320 }
1321 switch (sp->state[cp->protoidx]) {
1322 case STATE_CLOSED:
1323 case STATE_STOPPED:
1324 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1325 break;
1326 case STATE_CLOSING:
1327 case STATE_STOPPING:
1328 break;
1329 case STATE_REQ_SENT:
1330 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1331 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1332 break;
1333 case STATE_OPENED:
1334 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1335 (cp->tld)(sp);
1336 (cp->scr)(sp);
1337 break;
1338 case STATE_ACK_RCVD:
1339 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1340 (cp->scr)(sp);
1341 break;
1342 case STATE_ACK_SENT:
1343 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1344 sppp_cp_change_state(cp, sp, STATE_OPENED);
1345 if (debug)
1346 log(LOG_DEBUG, SPP_FMT "%s tlu\n",
1347 SPP_ARGS(ifp), cp->name);
1348 (cp->tlu)(sp);
1349 break;
1350 default:
1351 /* printf(SPP_FMT "%s illegal %s in state %s\n",
1352 SPP_ARGS(ifp), cp->name,
1353 sppp_cp_type_name(h->type),
1354 sppp_state_name(sp->state[cp->protoidx])); */
1355 ++ifp->if_ierrors;
1356 }
1357 break;
1358 case CONF_NAK:
1359 case CONF_REJ:
1360 if (h->ident != sp->confid[cp->protoidx]) {
1361 if (debug)
1362 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n",
1363 SPP_ARGS(ifp), cp->name,
1364 h->ident, sp->confid[cp->protoidx]);
1365 ++ifp->if_ierrors;
1366 break;
1367 }
1368 if (h->type == CONF_NAK)
1369 (cp->RCN_nak)(sp, h, len);
1370 else /* CONF_REJ */
1371 (cp->RCN_rej)(sp, h, len);
1372
1373 switch (sp->state[cp->protoidx]) {
1374 case STATE_CLOSED:
1375 case STATE_STOPPED:
1376 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1377 break;
1378 case STATE_REQ_SENT:
1379 case STATE_ACK_SENT:
1380 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1381 (cp->scr)(sp);
1382 break;
1383 case STATE_OPENED:
1384 sppp_cp_change_state(cp, sp, STATE_ACK_SENT);
1385 (cp->tld)(sp);
1386 (cp->scr)(sp);
1387 break;
1388 case STATE_ACK_RCVD:
1389 sppp_cp_change_state(cp, sp, STATE_ACK_SENT);
1390 (cp->scr)(sp);
1391 break;
1392 case STATE_CLOSING:
1393 case STATE_STOPPING:
1394 break;
1395 default:
1396 /* printf(SPP_FMT "%s illegal %s in state %s\n",
1397 SPP_ARGS(ifp), cp->name,
1398 sppp_cp_type_name(h->type),
1399 sppp_state_name(sp->state[cp->protoidx])); */
1400 ++ifp->if_ierrors;
1401 }
1402 break;
1403
1404 case TERM_REQ:
1405 switch (sp->state[cp->protoidx]) {
1406 case STATE_ACK_RCVD:
1407 case STATE_ACK_SENT:
1408 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1409 /* fall through */
1410 case STATE_CLOSED:
1411 case STATE_STOPPED:
1412 case STATE_CLOSING:
1413 case STATE_STOPPING:
1414 case STATE_REQ_SENT:
1415 sta:
1416 /* Send Terminate-Ack packet. */
1417 if (debug)
1418 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n",
1419 SPP_ARGS(ifp), cp->name);
1420 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1421 break;
1422 case STATE_OPENED:
1423 sp->rst_counter[cp->protoidx] = 0;
1424 sppp_cp_change_state(cp, sp, STATE_STOPPING);
1425 (cp->tld)(sp);
1426 goto sta;
1427 break;
1428 default:
1429 /* printf(SPP_FMT "%s illegal %s in state %s\n",
1430 SPP_ARGS(ifp), cp->name,
1431 sppp_cp_type_name(h->type),
1432 sppp_state_name(sp->state[cp->protoidx])); */
1433 ++ifp->if_ierrors;
1434 }
1435 break;
1436 case TERM_ACK:
1437 switch (sp->state[cp->protoidx]) {
1438 case STATE_CLOSED:
1439 case STATE_STOPPED:
1440 case STATE_REQ_SENT:
1441 case STATE_ACK_SENT:
1442 break;
1443 case STATE_CLOSING:
1444 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1445 (cp->tlf)(sp);
1446 break;
1447 case STATE_STOPPING:
1448 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1449 (cp->tlf)(sp);
1450 break;
1451 case STATE_ACK_RCVD:
1452 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1453 break;
1454 case STATE_OPENED:
1455 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1456 (cp->tld)(sp);
1457 (cp->scr)(sp);
1458 break;
1459 default:
1460 /* printf(SPP_FMT "%s illegal %s in state %s\n",
1461 SPP_ARGS(ifp), cp->name,
1462 sppp_cp_type_name(h->type),
1463 sppp_state_name(sp->state[cp->protoidx])); */
1464 ++ifp->if_ierrors;
1465 }
1466 break;
1467 case CODE_REJ:
1468 case PROTO_REJ:
1469 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */
1470 log(LOG_INFO,
1471 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, "
1472 "danger will robinson\n",
1473 SPP_ARGS(ifp), cp->name,
1474 sppp_cp_type_name(h->type), ntohs(*((u_short *)p)));
1475 switch (sp->state[cp->protoidx]) {
1476 case STATE_CLOSED:
1477 case STATE_STOPPED:
1478 case STATE_REQ_SENT:
1479 case STATE_ACK_SENT:
1480 case STATE_CLOSING:
1481 case STATE_STOPPING:
1482 case STATE_OPENED:
1483 break;
1484 case STATE_ACK_RCVD:
1485 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1486 break;
1487 default:
1488 /* printf(SPP_FMT "%s illegal %s in state %s\n",
1489 SPP_ARGS(ifp), cp->name,
1490 sppp_cp_type_name(h->type),
1491 sppp_state_name(sp->state[cp->protoidx])); */
1492 ++ifp->if_ierrors;
1493 }
1494 break;
1495 case DISC_REQ:
1496 if (cp->proto != PPP_LCP)
1497 goto illegal;
1498 /* Discard the packet. */
1499 break;
1500 case ECHO_REQ:
1501 if (cp->proto != PPP_LCP)
1502 goto illegal;
1503 if (sp->state[cp->protoidx] != STATE_OPENED) {
1504 if (debug)
1505 addlog(SPP_FMT "lcp echo req but lcp closed\n",
1506 SPP_ARGS(ifp));
1507 ++ifp->if_ierrors;
1508 break;
1509 }
1510 if (len < 8) {
1511 if (debug)
1512 addlog(SPP_FMT "invalid lcp echo request "
1513 "packet length: %d bytes\n",
1514 SPP_ARGS(ifp), len);
1515 break;
1516 }
1517 if (ntohl (*(long*)(h+1)) == sp->lcp.magic) {
1518 /* Line loopback mode detected. */
1519 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp));
1520 /* Shut down the PPP link. */
1521 lcp.Close(sp);
1522 break;
1523 }
1524 *(long*)(h+1) = htonl (sp->lcp.magic);
1525 if (debug)
1526 addlog(SPP_FMT "got lcp echo req, sending echo rep\n",
1527 SPP_ARGS(ifp));
1528 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1);
1529 break;
1530 case ECHO_REPLY:
1531 if (cp->proto != PPP_LCP)
1532 goto illegal;
1533 if (h->ident != sp->lcp.echoid) {
1534 ++ifp->if_ierrors;
1535 break;
1536 }
1537 if (len < 8) {
1538 if (debug)
1539 addlog(SPP_FMT "lcp invalid echo reply "
1540 "packet length: %d bytes\n",
1541 SPP_ARGS(ifp), len);
1542 break;
1543 }
1544 if (debug)
1545 addlog(SPP_FMT "lcp got echo rep\n",
1546 SPP_ARGS(ifp));
1547 if (ntohl (*(long*)(h+1)) != sp->lcp.magic)
1548 sp->pp_alivecnt = 0;
1549 break;
1550 default:
1551 /* Unknown packet type -- send Code-Reject packet. */
1552 illegal:
1553 if (debug)
1554 addlog(SPP_FMT "%s send code-rej for 0x%x\n",
1555 SPP_ARGS(ifp), cp->name, h->type);
1556 sppp_cp_send(sp, cp->proto, CODE_REJ, ++sp->pp_seq,
1557 m->m_pkthdr.len, h);
1558 ++ifp->if_ierrors;
1559 }
1560 }
1561
1562
1563 /*
1564 * The generic part of all Up/Down/Open/Close/TO event handlers.
1565 * Basically, the state transition handling in the automaton.
1566 */
1567 HIDE void
1568 sppp_up_event(const struct cp *cp, struct sppp *sp)
1569 {
1570 STDDCL;
1571
1572 if (debug)
1573 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n",
1574 SPP_ARGS(ifp), cp->name,
1575 sppp_state_name(sp->state[cp->protoidx]));
1576
1577 switch (sp->state[cp->protoidx]) {
1578 case STATE_INITIAL:
1579 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1580 break;
1581 case STATE_STARTING:
1582 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1583 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1584 (cp->scr)(sp);
1585 break;
1586 default:
1587 /* printf(SPP_FMT "%s illegal up in state %s\n",
1588 SPP_ARGS(ifp), cp->name,
1589 sppp_state_name(sp->state[cp->protoidx])); */
1590 }
1591 }
1592
1593 HIDE void
1594 sppp_down_event(const struct cp *cp, struct sppp *sp)
1595 {
1596 STDDCL;
1597
1598 if (debug)
1599 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n",
1600 SPP_ARGS(ifp), cp->name,
1601 sppp_state_name(sp->state[cp->protoidx]));
1602
1603 switch (sp->state[cp->protoidx]) {
1604 case STATE_CLOSED:
1605 case STATE_CLOSING:
1606 sppp_cp_change_state(cp, sp, STATE_INITIAL);
1607 break;
1608 case STATE_STOPPED:
1609 sppp_cp_change_state(cp, sp, STATE_STARTING);
1610 (cp->tls)(sp);
1611 break;
1612 case STATE_STOPPING:
1613 case STATE_REQ_SENT:
1614 case STATE_ACK_RCVD:
1615 case STATE_ACK_SENT:
1616 sppp_cp_change_state(cp, sp, STATE_STARTING);
1617 break;
1618 case STATE_OPENED:
1619 sppp_cp_change_state(cp, sp, STATE_STARTING);
1620 (cp->tld)(sp);
1621 break;
1622 default:
1623 /* printf(SPP_FMT "%s illegal down in state %s\n",
1624 SPP_ARGS(ifp), cp->name,
1625 sppp_state_name(sp->state[cp->protoidx])); */
1626 }
1627 }
1628
1629
1630 HIDE void
1631 sppp_open_event(const struct cp *cp, struct sppp *sp)
1632 {
1633 STDDCL;
1634
1635 if (debug)
1636 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n",
1637 SPP_ARGS(ifp), cp->name,
1638 sppp_state_name(sp->state[cp->protoidx]));
1639
1640 switch (sp->state[cp->protoidx]) {
1641 case STATE_INITIAL:
1642 sppp_cp_change_state(cp, sp, STATE_STARTING);
1643 (cp->tls)(sp);
1644 break;
1645 case STATE_STARTING:
1646 break;
1647 case STATE_CLOSED:
1648 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1649 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1650 (cp->scr)(sp);
1651 break;
1652 case STATE_STOPPED:
1653 case STATE_STOPPING:
1654 case STATE_REQ_SENT:
1655 case STATE_ACK_RCVD:
1656 case STATE_ACK_SENT:
1657 case STATE_OPENED:
1658 break;
1659 case STATE_CLOSING:
1660 sppp_cp_change_state(cp, sp, STATE_STOPPING);
1661 break;
1662 }
1663 }
1664
1665
1666 HIDE void
1667 sppp_close_event(const struct cp *cp, struct sppp *sp)
1668 {
1669 STDDCL;
1670
1671 if (debug)
1672 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n",
1673 SPP_ARGS(ifp), cp->name,
1674 sppp_state_name(sp->state[cp->protoidx]));
1675
1676 switch (sp->state[cp->protoidx]) {
1677 case STATE_INITIAL:
1678 case STATE_CLOSED:
1679 case STATE_CLOSING:
1680 break;
1681 case STATE_STARTING:
1682 sppp_cp_change_state(cp, sp, STATE_INITIAL);
1683 (cp->tlf)(sp);
1684 break;
1685 case STATE_STOPPED:
1686 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1687 break;
1688 case STATE_STOPPING:
1689 sppp_cp_change_state(cp, sp, STATE_CLOSING);
1690 break;
1691 case STATE_OPENED:
1692 sppp_cp_change_state(cp, sp, STATE_CLOSING);
1693 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate;
1694 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0);
1695 (cp->tld)(sp);
1696 break;
1697 case STATE_REQ_SENT:
1698 case STATE_ACK_RCVD:
1699 case STATE_ACK_SENT:
1700 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate;
1701 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0);
1702 sppp_cp_change_state(cp, sp, STATE_CLOSING);
1703 break;
1704 }
1705 }
1706
1707 HIDE void
1708 sppp_increasing_timeout (const struct cp *cp, struct sppp *sp)
1709 {
1710 int timo;
1711
1712 timo = sp->lcp.max_configure - sp->rst_counter[cp->protoidx];
1713 if (timo < 1)
1714 timo = 1;
1715 #if defined(__FreeBSD__) && __FreeBSD__ >= 3
1716 sp->ch[cp->protoidx] =
1717 #endif
1718 timeout(cp->TO, (void *)sp, timo * sp->lcp.timeout);
1719 }
1720
1721 HIDE void
1722 sppp_to_event(const struct cp *cp, struct sppp *sp)
1723 {
1724 STDDCL;
1725 int s;
1726
1727 s = splimp();
1728 if (debug)
1729 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n",
1730 SPP_ARGS(ifp), cp->name,
1731 sppp_state_name(sp->state[cp->protoidx]),
1732 sp->rst_counter[cp->protoidx]);
1733
1734 if (--sp->rst_counter[cp->protoidx] < 0)
1735 /* TO- event */
1736 switch (sp->state[cp->protoidx]) {
1737 case STATE_CLOSING:
1738 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1739 (cp->tlf)(sp);
1740 break;
1741 case STATE_STOPPING:
1742 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1743 (cp->tlf)(sp);
1744 break;
1745 case STATE_REQ_SENT:
1746 case STATE_ACK_RCVD:
1747 case STATE_ACK_SENT:
1748 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1749 (cp->tlf)(sp);
1750 break;
1751 }
1752 else
1753 /* TO+ event */
1754 switch (sp->state[cp->protoidx]) {
1755 case STATE_CLOSING:
1756 case STATE_STOPPING:
1757 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq,
1758 0, 0);
1759 sppp_increasing_timeout (cp, sp);
1760 break;
1761 case STATE_REQ_SENT:
1762 case STATE_ACK_RCVD:
1763 /* sppp_cp_change_state() will restart the timer */
1764 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1765 (cp->scr)(sp);
1766 break;
1767 case STATE_ACK_SENT:
1768 sppp_increasing_timeout (cp, sp);
1769 (cp->scr)(sp);
1770 break;
1771 }
1772
1773 splx(s);
1774 }
1775
1776 /*
1777 * Change the state of a control protocol in the state automaton.
1778 * Takes care of starting/stopping the restart timer.
1779 */
1780 void
1781 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate)
1782 {
1783 STDDCL;
1784
1785 if (debug && sp->state[cp->protoidx] != newstate)
1786 log(LOG_DEBUG, SPP_FMT "%s %s->%s\n",
1787 SPP_ARGS(ifp), cp->name,
1788 sppp_state_name(sp->state[cp->protoidx]),
1789 sppp_state_name(newstate));
1790 sp->state[cp->protoidx] = newstate;
1791
1792 UNTIMEOUT(cp->TO, (void *)sp, sp->ch[cp->protoidx]);
1793 switch (newstate) {
1794 case STATE_INITIAL:
1795 case STATE_STARTING:
1796 case STATE_CLOSED:
1797 case STATE_STOPPED:
1798 case STATE_OPENED:
1799 break;
1800 case STATE_CLOSING:
1801 case STATE_STOPPING:
1802 case STATE_REQ_SENT:
1803 case STATE_ACK_RCVD:
1804 case STATE_ACK_SENT:
1805 sppp_increasing_timeout (cp, sp);
1806 break;
1807 }
1808 }
1809 �/*
1810 *--------------------------------------------------------------------------*
1811 * *
1812 * The LCP implementation. *
1813 * *
1814 *--------------------------------------------------------------------------*
1815 */
1816 HIDE void
1817 sppp_lcp_init(struct sppp *sp)
1818 {
1819 sp->lcp.opts = (1 << LCP_OPT_MAGIC);
1820 sp->lcp.magic = 0;
1821 sp->state[IDX_LCP] = STATE_INITIAL;
1822 sp->fail_counter[IDX_LCP] = 0;
1823 sp->lcp.protos = 0;
1824 sp->lcp.mru = sp->lcp.their_mru = PP_MTU;
1825
1826 /*
1827 * Initialize counters and timeout values. Note that we don't
1828 * use the 3 seconds suggested in RFC 1661 since we are likely
1829 * running on a fast link. XXX We should probably implement
1830 * the exponential backoff option. Note that these values are
1831 * relevant for all control protocols, not just LCP only.
1832 */
1833 sp->lcp.timeout = 1 * hz;
1834 sp->lcp.max_terminate = 2;
1835 sp->lcp.max_configure = 10;
1836 sp->lcp.max_failure = 10;
1837 #if defined (__FreeBSD__)
1838 callout_handle_init(&sp->ch[IDX_LCP]);
1839 #endif
1840 }
1841
1842 HIDE void
1843 sppp_lcp_up(struct sppp *sp)
1844 {
1845 STDDCL;
1846
1847 sp->pp_alivecnt = 0;
1848 sp->lcp.opts = (1 << LCP_OPT_MAGIC);
1849 sp->lcp.magic = 0;
1850 sp->lcp.protos = 0;
1851 sp->lcp.mru = sp->lcp.their_mru = PP_MTU;
1852 /*
1853 * If this interface is passive or dial-on-demand, and we are
1854 * still in Initial state, it means we've got an incoming
1855 * call. Activate the interface.
1856 */
1857 ifp->if_flags |= IFF_RUNNING;
1858 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) {
1859 if (debug)
1860 log(LOG_DEBUG,
1861 SPP_FMT "Up event", SPP_ARGS(ifp));
1862 if (sp->state[IDX_LCP] == STATE_INITIAL) {
1863 if (debug)
1864 addlog("(incoming call)\n");
1865 sp->pp_flags |= PP_CALLIN;
1866 lcp.Open(sp);
1867 } else if (debug)
1868 addlog("\n");
1869 }
1870
1871 sppp_up_event(&lcp, sp);
1872 }
1873
1874 HIDE void
1875 sppp_lcp_down(struct sppp *sp)
1876 {
1877 STDDCL;
1878
1879 if (debug)
1880 log(LOG_DEBUG, SPP_FMT "Down event (carrier loss)\n",
1881 SPP_ARGS(ifp));
1882 sppp_down_event(&lcp, sp);
1883
1884 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0)
1885 lcp.Close(sp);
1886 sp->pp_flags &= ~PP_CALLIN;
1887 ifp->if_flags &= ~IFF_RUNNING;
1888 sppp_flush(ifp);
1889 }
1890
1891 HIDE void
1892 sppp_lcp_open(struct sppp *sp)
1893 {
1894 /*
1895 * If we are authenticator, negotiate LCP_AUTH
1896 */
1897 if (sp->hisauth.proto != 0)
1898 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO);
1899 else
1900 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
1901 sp->pp_flags &= ~PP_NEEDAUTH;
1902 sppp_open_event(&lcp, sp);
1903 }
1904
1905 HIDE void
1906 sppp_lcp_close(struct sppp *sp)
1907 {
1908 sppp_close_event(&lcp, sp);
1909 }
1910
1911 HIDE void
1912 sppp_lcp_TO(void *cookie)
1913 {
1914 sppp_to_event(&lcp, (struct sppp *)cookie);
1915 }
1916
1917 /*
1918 * Analyze a configure request. Return true if it was agreeable, and
1919 * caused action sca, false if it has been rejected or nak'ed, and
1920 * caused action scn. (The return value is used to make the state
1921 * transition decision in the state automaton.)
1922 */
1923 HIDE int
1924 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
1925 {
1926 STDDCL;
1927 u_char *buf, *r, *p;
1928 int origlen, rlen;
1929 u_long nmagic;
1930 u_short authproto;
1931
1932 len -= 4;
1933 origlen = len;
1934 buf = r = malloc (len, M_TEMP, M_NOWAIT);
1935 if (! buf)
1936 return (0);
1937
1938 if (debug)
1939 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ",
1940 SPP_ARGS(ifp));
1941
1942 /* pass 1: check for things that need to be rejected */
1943 p = (void*) (h+1);
1944 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
1945 if (debug)
1946 addlog("%s ", sppp_lcp_opt_name(*p));
1947 switch (*p) {
1948 case LCP_OPT_MAGIC:
1949 /* Magic number. */
1950 if (len >= 6 && p[1] == 6)
1951 continue;
1952 if (debug)
1953 addlog("[invalid] ");
1954 break;
1955 case LCP_OPT_ASYNC_MAP:
1956 /* Async control character map. */
1957 if (len >= 6 && p[1] == 6)
1958 continue;
1959 if (debug)
1960 addlog("[invalid] ");
1961 break;
1962 case LCP_OPT_MRU:
1963 /* Maximum receive unit. */
1964 if (len >= 4 && p[1] == 4)
1965 continue;
1966 if (debug)
1967 addlog("[invalid] ");
1968 break;
1969 case LCP_OPT_AUTH_PROTO:
1970 if (len < 4) {
1971 if (debug)
1972 addlog("[invalid] ");
1973 break;
1974 }
1975 authproto = (p[2] << 8) + p[3];
1976 if (authproto == PPP_CHAP && p[1] != 5) {
1977 if (debug)
1978 addlog("[invalid chap len] ");
1979 break;
1980 }
1981 if (sp->myauth.proto == 0) {
1982 /* we are not configured to do auth */
1983 if (debug)
1984 addlog("[not configured] ");
1985 break;
1986 }
1987 /*
1988 * Remote want us to authenticate, remember this,
1989 * so we stay in PHASE_AUTHENTICATE after LCP got
1990 * up.
1991 */
1992 sp->pp_flags |= PP_NEEDAUTH;
1993 continue;
1994 default:
1995 /* Others not supported. */
1996 if (debug)
1997 addlog("[rej] ");
1998 break;
1999 }
2000 /* Add the option to rejected list. */
2001 bcopy (p, r, p[1]);
2002 r += p[1];
2003 rlen += p[1];
2004 }
2005 if (rlen) {
2006 if (debug)
2007 addlog(" send conf-rej\n");
2008 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
2009 return 0;
2010 } else if (debug)
2011 addlog("\n");
2012
2013 /*
2014 * pass 2: check for option values that are unacceptable and
2015 * thus require to be nak'ed.
2016 */
2017 if (debug)
2018 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ",
2019 SPP_ARGS(ifp));
2020
2021 p = (void*) (h+1);
2022 len = origlen;
2023 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2024 if (debug)
2025 addlog("%s ", sppp_lcp_opt_name(*p));
2026 switch (*p) {
2027 case LCP_OPT_MAGIC:
2028 /* Magic number -- extract. */
2029 nmagic = (u_long)p[2] << 24 |
2030 (u_long)p[3] << 16 | p[4] << 8 | p[5];
2031 if (nmagic != sp->lcp.magic) {
2032 if (debug)
2033 addlog("0x%lx ", nmagic);
2034 continue;
2035 }
2036 if (debug)
2037 addlog("[glitch] ");
2038 ++sp->pp_loopcnt;
2039 /*
2040 * We negate our magic here, and NAK it. If
2041 * we see it later in an NAK packet, we
2042 * suggest a new one.
2043 */
2044 nmagic = ~sp->lcp.magic;
2045 /* Gonna NAK it. */
2046 p[2] = nmagic >> 24;
2047 p[3] = nmagic >> 16;
2048 p[4] = nmagic >> 8;
2049 p[5] = nmagic;
2050 break;
2051
2052 case LCP_OPT_ASYNC_MAP:
2053 /* Async control character map -- check to be zero. */
2054 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) {
2055 if (debug)
2056 addlog("[empty] ");
2057 continue;
2058 }
2059 if (debug)
2060 addlog("[non-empty] ");
2061 /* suggest a zero one */
2062 p[2] = p[3] = p[4] = p[5] = 0;
2063 break;
2064
2065 case LCP_OPT_MRU:
2066 /*
2067 * Maximum receive unit. Always agreeable,
2068 * but ignored by now.
2069 */
2070 sp->lcp.their_mru = p[2] * 256 + p[3];
2071 if (debug)
2072 addlog("%lu ", sp->lcp.their_mru);
2073 continue;
2074
2075 case LCP_OPT_AUTH_PROTO:
2076 authproto = (p[2] << 8) + p[3];
2077 if (sp->myauth.proto != authproto) {
2078 /* not agreed, nak */
2079 if (debug)
2080 addlog("[mine %s != his %s] ",
2081 sppp_proto_name(sp->hisauth.proto),
2082 sppp_proto_name(authproto));
2083 p[2] = sp->myauth.proto >> 8;
2084 p[3] = sp->myauth.proto;
2085 break;
2086 }
2087 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) {
2088 if (debug)
2089 addlog("[chap not MD5] ");
2090 p[4] = CHAP_MD5;
2091 break;
2092 }
2093 continue;
2094 }
2095 /* Add the option to nak'ed list. */
2096 bcopy (p, r, p[1]);
2097 r += p[1];
2098 rlen += p[1];
2099 }
2100 if (rlen) {
2101 if (++sp->fail_counter[IDX_LCP] < sp->lcp.max_failure) {
2102 if (debug)
2103 addlog("send conf-nak\n");
2104 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf);
2105 return 0;
2106 }
2107 if (debug)
2108 addlog("max_failure (%d) exceeded, closing\n",
2109 sp->lcp.max_failure);
2110 if (sp->pp_loopcnt >= MAXALIVECNT)
2111 printf (SPP_FMT "loopback\n", SPP_ARGS(ifp));
2112 lcp.Close(sp);
2113 sp->fail_counter[IDX_LCP] = 0;
2114 sp->pp_loopcnt = 0;
2115 return 0;
2116 } else {
2117 if (debug)
2118 addlog("send conf-ack\n");
2119 sp->fail_counter[IDX_LCP] = 0;
2120 sp->pp_loopcnt = 0;
2121 sppp_cp_send (sp, PPP_LCP, CONF_ACK,
2122 h->ident, origlen, h+1);
2123 }
2124
2125 free (buf, M_TEMP);
2126 return (rlen == 0);
2127 }
2128
2129 /*
2130 * Analyze the LCP Configure-Reject option list, and adjust our
2131 * negotiation.
2132 */
2133 HIDE void
2134 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
2135 {
2136 STDDCL;
2137 u_char *buf, *p;
2138
2139 len -= 4;
2140 buf = malloc (len, M_TEMP, M_NOWAIT);
2141 if (!buf)
2142 return;
2143
2144 if (debug)
2145 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ",
2146 SPP_ARGS(ifp));
2147
2148 p = (void*) (h+1);
2149 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
2150 if (debug)
2151 addlog("%s ", sppp_lcp_opt_name(*p));
2152 switch (*p) {
2153 case LCP_OPT_MAGIC:
2154 /* Magic number -- can't use it, use 0 */
2155 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC);
2156 sp->lcp.magic = 0;
2157 break;
2158 case LCP_OPT_MRU:
2159 /*
2160 * Should not be rejected anyway, since we only
2161 * negotiate a MRU if explicitly requested by
2162 * peer.
2163 */
2164 sp->lcp.opts &= ~(1 << LCP_OPT_MRU);
2165 break;
2166 case LCP_OPT_AUTH_PROTO:
2167 /*
2168 * Peer doesn't want to authenticate himself,
2169 * deny unless this is a dialout call, and
2170 * AUTHFLAG_NOCALLOUT is set.
2171 */
2172 if ((sp->pp_flags & PP_CALLIN) == 0 &&
2173 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) {
2174 if (debug)
2175 addlog("[don't insist on auth "
2176 "for callout]");
2177 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
2178 break;
2179 }
2180 if (debug)
2181 addlog("[access denied]\n");
2182 lcp.Close(sp);
2183 break;
2184 }
2185 }
2186 if (debug)
2187 addlog("\n");
2188 free (buf, M_TEMP);
2189 return;
2190 }
2191
2192 /*
2193 * Analyze the LCP Configure-NAK option list, and adjust our
2194 * negotiation.
2195 */
2196 HIDE void
2197 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
2198 {
2199 STDDCL;
2200 u_char *buf, *p;
2201 u_long magic;
2202
2203 len -= 4;
2204 buf = malloc (len, M_TEMP, M_NOWAIT);
2205 if (!buf)
2206 return;
2207
2208 if (debug)
2209 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ",
2210 SPP_ARGS(ifp));
2211
2212 p = (void*) (h+1);
2213 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
2214 if (debug)
2215 addlog("%s ", sppp_lcp_opt_name(*p));
2216 switch (*p) {
2217 case LCP_OPT_MAGIC:
2218 /* Magic number -- renegotiate */
2219 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) &&
2220 len >= 6 && p[1] == 6) {
2221 magic = (u_long)p[2] << 24 |
2222 (u_long)p[3] << 16 | p[4] << 8 | p[5];
2223 /*
2224 * If the remote magic is our negated one,
2225 * this looks like a loopback problem.
2226 * Suggest a new magic to make sure.
2227 */
2228 if (magic == ~sp->lcp.magic) {
2229 if (debug)
2230 addlog("magic glitch ");
2231 #if defined (__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
2232 sp->lcp.magic = random();
2233 #else
2234 sp->lcp.magic = time.tv_sec + time.tv_usec;
2235 #endif
2236 } else {
2237 sp->lcp.magic = magic;
2238 if (debug)
2239 addlog("%lu ", magic);
2240 }
2241 }
2242 break;
2243 case LCP_OPT_MRU:
2244 /*
2245 * Peer wants to advise us to negotiate an MRU.
2246 * Agree on it if it's reasonable, or use
2247 * default otherwise.
2248 */
2249 if (len >= 4 && p[1] == 4) {
2250 u_int mru = p[2] * 256 + p[3];
2251 if (debug)
2252 addlog("%d ", mru);
2253 if (mru < PP_MTU || mru > PP_MAX_MRU)
2254 mru = PP_MTU;
2255 sp->lcp.mru = mru;
2256 sp->lcp.opts |= (1 << LCP_OPT_MRU);
2257 }
2258 break;
2259 case LCP_OPT_AUTH_PROTO:
2260 /*
2261 * Peer doesn't like our authentication method,
2262 * deny.
2263 */
2264 if (debug)
2265 addlog("[access denied]\n");
2266 lcp.Close(sp);
2267 break;
2268 }
2269 }
2270 if (debug)
2271 addlog("\n");
2272 free (buf, M_TEMP);
2273 return;
2274 }
2275
2276 HIDE void
2277 sppp_lcp_tlu(struct sppp *sp)
2278 {
2279 struct ifnet *ifp = &sp->pp_if;
2280 int i;
2281 u_long mask;
2282
2283 /* XXX ? */
2284 if (! (ifp->if_flags & IFF_UP) &&
2285 (ifp->if_flags & IFF_RUNNING)) {
2286 /* Coming out of loopback mode. */
2287 if_up(ifp);
2288 printf (SPP_FMT "up\n", SPP_ARGS(ifp));
2289 }
2290
2291 for (i = 0; i < IDX_COUNT; i++)
2292 if ((cps[i])->flags & CP_QUAL)
2293 (cps[i])->Open(sp);
2294
2295 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 ||
2296 (sp->pp_flags & PP_NEEDAUTH) != 0)
2297 sp->pp_phase = PHASE_AUTHENTICATE;
2298 else
2299 sp->pp_phase = PHASE_NETWORK;
2300
2301 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
2302 sppp_phase_name(sp->pp_phase));
2303
2304 /*
2305 * Open all authentication protocols. This is even required
2306 * if we already proceeded to network phase, since it might be
2307 * that remote wants us to authenticate, so we might have to
2308 * send a PAP request. Undesired authentication protocols
2309 * don't do anything when they get an Open event.
2310 */
2311 for (i = 0; i < IDX_COUNT; i++)
2312 if ((cps[i])->flags & CP_AUTH)
2313 (cps[i])->Open(sp);
2314
2315 if (sp->pp_phase == PHASE_NETWORK) {
2316 /* Notify all NCPs. */
2317 for (i = 0; i < IDX_COUNT; i++)
2318 if ((cps[i])->flags & CP_NCP)
2319 (cps[i])->Open(sp);
2320 }
2321
2322 /* Send Up events to all started protos. */
2323 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2324 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0)
2325 (cps[i])->Up(sp);
2326
2327 if (sp->pp_phase == PHASE_NETWORK)
2328 /* if no NCP is starting, close down */
2329 sppp_lcp_check_and_close(sp);
2330 }
2331
2332 HIDE void
2333 sppp_lcp_tld(struct sppp *sp)
2334 {
2335 struct ifnet *ifp = &sp->pp_if;
2336 int i;
2337 u_long mask;
2338
2339 sp->pp_phase = PHASE_TERMINATE;
2340
2341 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
2342 sppp_phase_name(sp->pp_phase));
2343
2344 /*
2345 * Take upper layers down. We send the Down event first and
2346 * the Close second to prevent the upper layers from sending
2347 * ``a flurry of terminate-request packets'', as the RFC
2348 * describes it.
2349 */
2350 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2351 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) {
2352 (cps[i])->Down(sp);
2353 (cps[i])->Close(sp);
2354 }
2355 }
2356
2357 HIDE void
2358 sppp_lcp_tls(struct sppp *sp)
2359 {
2360 struct ifnet *ifp = &sp->pp_if;
2361
2362 sp->pp_phase = PHASE_ESTABLISH;
2363
2364 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
2365 sppp_phase_name(sp->pp_phase));
2366
2367 /* Notify lower layer if desired. */
2368 if (sp->pp_tls)
2369 (sp->pp_tls)(sp);
2370 }
2371
2372 HIDE void
2373 sppp_lcp_tlf(struct sppp *sp)
2374 {
2375 struct ifnet *ifp = &sp->pp_if;
2376
2377 sp->pp_phase = PHASE_DEAD;
2378 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
2379 sppp_phase_name(sp->pp_phase));
2380
2381 /* Notify lower layer if desired. */
2382 if (sp->pp_tlf)
2383 (sp->pp_tlf)(sp);
2384 }
2385
2386 HIDE void
2387 sppp_lcp_scr(struct sppp *sp)
2388 {
2389 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */];
2390 int i = 0;
2391 u_short authproto;
2392
2393 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) {
2394 if (! sp->lcp.magic)
2395 #if defined (__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
2396 sp->lcp.magic = random();
2397 #else
2398 sp->lcp.magic = time.tv_sec + time.tv_usec;
2399 #endif
2400 opt[i++] = LCP_OPT_MAGIC;
2401 opt[i++] = 6;
2402 opt[i++] = sp->lcp.magic >> 24;
2403 opt[i++] = sp->lcp.magic >> 16;
2404 opt[i++] = sp->lcp.magic >> 8;
2405 opt[i++] = sp->lcp.magic;
2406 }
2407
2408 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) {
2409 opt[i++] = LCP_OPT_MRU;
2410 opt[i++] = 4;
2411 opt[i++] = sp->lcp.mru >> 8;
2412 opt[i++] = sp->lcp.mru;
2413 }
2414
2415 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) {
2416 authproto = sp->hisauth.proto;
2417 opt[i++] = LCP_OPT_AUTH_PROTO;
2418 opt[i++] = authproto == PPP_CHAP? 5: 4;
2419 opt[i++] = authproto >> 8;
2420 opt[i++] = authproto;
2421 if (authproto == PPP_CHAP)
2422 opt[i++] = CHAP_MD5;
2423 }
2424
2425 sp->confid[IDX_LCP] = ++sp->pp_seq;
2426 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt);
2427 }
2428
2429 /*
2430 * Check the open NCPs, return true if at least one NCP is open.
2431 */
2432 HIDE int
2433 sppp_ncp_check(struct sppp *sp)
2434 {
2435 int i, mask;
2436
2437 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2438 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP)
2439 return 1;
2440 return 0;
2441 }
2442
2443 /*
2444 * Re-check the open NCPs and see if we should terminate the link.
2445 * Called by the NCPs during their tlf action handling.
2446 */
2447 HIDE void
2448 sppp_lcp_check_and_close(struct sppp *sp)
2449 {
2450
2451 if (sp->pp_phase < PHASE_NETWORK)
2452 /* don't bother, we are already going down */
2453 return;
2454
2455 if (sppp_ncp_check(sp))
2456 return;
2457
2458 lcp.Close(sp);
2459 }
2460 �/*
2461 *--------------------------------------------------------------------------*
2462 * *
2463 * The IPCP implementation. *
2464 * *
2465 *--------------------------------------------------------------------------*
2466 */
2467
2468 HIDE void
2469 sppp_ipcp_init(struct sppp *sp)
2470 {
2471 sp->ipcp.opts = 0;
2472 sp->ipcp.flags = 0;
2473 sp->state[IDX_IPCP] = STATE_INITIAL;
2474 sp->fail_counter[IDX_IPCP] = 0;
2475 #if defined (__FreeBSD__)
2476 callout_handle_init(&sp->ch[IDX_IPCP]);
2477 #endif
2478 }
2479
2480 HIDE void
2481 sppp_ipcp_up(struct sppp *sp)
2482 {
2483 sppp_up_event(&ipcp, sp);
2484 }
2485
2486 HIDE void
2487 sppp_ipcp_down(struct sppp *sp)
2488 {
2489 sppp_down_event(&ipcp, sp);
2490 }
2491
2492 HIDE void
2493 sppp_ipcp_open(struct sppp *sp)
2494 {
2495 STDDCL;
2496 u_long myaddr, hisaddr;
2497
2498 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0);
2499 /*
2500 * If we don't have his address, this probably means our
2501 * interface doesn't want to talk IP at all. (This could
2502 * be the case if somebody wants to speak only IPX, for
2503 * example.) Don't open IPCP in this case.
2504 */
2505 if (hisaddr == 0L) {
2506 /* XXX this message should go away */
2507 if (debug)
2508 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n",
2509 SPP_ARGS(ifp));
2510 return;
2511 }
2512
2513 if (myaddr == 0L) {
2514 /*
2515 * I don't have an assigned address, so i need to
2516 * negotiate my address.
2517 */
2518 sp->ipcp.flags |= IPCP_MYADDR_DYN;
2519 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
2520 }
2521 sppp_open_event(&ipcp, sp);
2522 }
2523
2524 HIDE void
2525 sppp_ipcp_close(struct sppp *sp)
2526 {
2527 sppp_close_event(&ipcp, sp);
2528 if (sp->ipcp.flags & IPCP_MYADDR_DYN)
2529 /*
2530 * My address was dynamic, clear it again.
2531 */
2532 sppp_set_ip_addr(sp, 0L);
2533 }
2534
2535 HIDE void
2536 sppp_ipcp_TO(void *cookie)
2537 {
2538 sppp_to_event(&ipcp, (struct sppp *)cookie);
2539 }
2540
2541 /*
2542 * Analyze a configure request. Return true if it was agreeable, and
2543 * caused action sca, false if it has been rejected or nak'ed, and
2544 * caused action scn. (The return value is used to make the state
2545 * transition decision in the state automaton.)
2546 */
2547 HIDE int
2548 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
2549 {
2550 u_char *buf, *r, *p;
2551 struct ifnet *ifp = &sp->pp_if;
2552 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG;
2553 u_long hisaddr, desiredaddr;
2554
2555 len -= 4;
2556 origlen = len;
2557 /*
2558 * Make sure to allocate a buf that can at least hold a
2559 * conf-nak with an `address' option. We might need it below.
2560 */
2561 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT);
2562 if (! buf)
2563 return (0);
2564
2565 /* pass 1: see if we can recognize them */
2566 if (debug)
2567 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ",
2568 SPP_ARGS(ifp));
2569 p = (void*) (h+1);
2570 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2571 if (debug)
2572 addlog("%s ", sppp_ipcp_opt_name(*p));
2573 switch (*p) {
2574 #ifdef notyet
2575 case IPCP_OPT_COMPRESSION:
2576 if (len >= 6 && p[1] >= 6) {
2577 /* correctly formed compress option */
2578 continue;
2579 }
2580 if (debug)
2581 addlog("[invalid] ");
2582 break;
2583 #endif
2584 case IPCP_OPT_ADDRESS:
2585 if (len >= 6 && p[1] == 6) {
2586 /* correctly formed address option */
2587 continue;
2588 }
2589 if (debug)
2590 addlog("[invalid] ");
2591 break;
2592 default:
2593 /* Others not supported. */
2594 if (debug)
2595 addlog("[rej] ");
2596 break;
2597 }
2598 /* Add the option to rejected list. */
2599 bcopy (p, r, p[1]);
2600 r += p[1];
2601 rlen += p[1];
2602 }
2603 if (rlen) {
2604 if (debug)
2605 addlog(" send conf-rej\n");
2606 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf);
2607 return 0;
2608 } else if (debug)
2609 addlog("\n");
2610
2611 /* pass 2: parse option values */
2612 sppp_get_ip_addrs(sp, 0, &hisaddr, 0);
2613 if (debug)
2614 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ",
2615 SPP_ARGS(ifp));
2616 p = (void*) (h+1);
2617 len = origlen;
2618 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2619 if (debug)
2620 addlog(" %s ", sppp_ipcp_opt_name(*p));
2621 switch (*p) {
2622 #ifdef notyet
2623 case IPCP_OPT_COMPRESSION:
2624 continue;
2625 #endif
2626 case IPCP_OPT_ADDRESS:
2627 desiredaddr = p[2] << 24 | p[3] << 16 |
2628 p[4] << 8 | p[5];
2629 if (desiredaddr == hisaddr ||
2630 (hisaddr == 1 && desiredaddr != 0)) {
2631 /*
2632 * Peer's address is same as our value,
2633 * or we have set it to 0.0.0.1 to
2634 * indicate that we do not really care,
2635 * this is agreeable. Gonna conf-ack
2636 * it.
2637 */
2638 if (debug)
2639 addlog("%s [ack] ",
2640 sppp_dotted_quad(desiredaddr));
2641 /* record that we've seen it already */
2642 sp->ipcp.flags |= IPCP_HISADDR_SEEN;
2643 continue;
2644 }
2645 /*
2646 * The address wasn't agreeable. This is either
2647 * he sent us 0.0.0.0, asking to assign him an
2648 * address, or he send us another address not
2649 * matching our value. Either case, we gonna
2650 * conf-nak it with our value.
2651 */
2652 if (debug) {
2653 if (desiredaddr == 0)
2654 addlog("[addr requested] ");
2655 else
2656 addlog("%s [not agreed] ",
2657 sppp_dotted_quad(desiredaddr));
2658
2659 p[2] = hisaddr >> 24;
2660 p[3] = hisaddr >> 16;
2661 p[4] = hisaddr >> 8;
2662 p[5] = hisaddr;
2663 }
2664 break;
2665 }
2666 /* Add the option to nak'ed list. */
2667 bcopy (p, r, p[1]);
2668 r += p[1];
2669 rlen += p[1];
2670 }
2671
2672 /*
2673 * If we are about to conf-ack the request, but haven't seen
2674 * his address so far, gonna conf-nak it instead, with the
2675 * `address' option present and our idea of his address being
2676 * filled in there, to request negotiation of both addresses.
2677 *
2678 * XXX This can result in an endless req - nak loop if peer
2679 * doesn't want to send us his address. Q: What should we do
2680 * about it? XXX A: implement the max-failure counter.
2681 */
2682 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) {
2683 buf[0] = IPCP_OPT_ADDRESS;
2684 buf[1] = 6;
2685 buf[2] = hisaddr >> 24;
2686 buf[3] = hisaddr >> 16;
2687 buf[4] = hisaddr >> 8;
2688 buf[5] = hisaddr;
2689 rlen = 6;
2690 if (debug)
2691 addlog("still need hisaddr ");
2692 }
2693
2694 if (rlen) {
2695 if (debug)
2696 addlog(" send conf-nak\n");
2697 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf);
2698 } else {
2699 if (debug)
2700 addlog(" send conf-ack\n");
2701 sppp_cp_send (sp, PPP_IPCP, CONF_ACK,
2702 h->ident, origlen, h+1);
2703 }
2704
2705 free (buf, M_TEMP);
2706 return (rlen == 0);
2707 }
2708
2709 /*
2710 * Analyze the IPCP Configure-Reject option list, and adjust our
2711 * negotiation.
2712 */
2713 HIDE void
2714 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
2715 {
2716 u_char *buf, *p;
2717 struct ifnet *ifp = &sp->pp_if;
2718 int debug = ifp->if_flags & IFF_DEBUG;
2719
2720 len -= 4;
2721 buf = malloc (len, M_TEMP, M_NOWAIT);
2722 if (!buf)
2723 return;
2724
2725 if (debug)
2726 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ",
2727 SPP_ARGS(ifp));
2728
2729 p = (void*) (h+1);
2730 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
2731 if (debug)
2732 addlog("%s ", sppp_ipcp_opt_name(*p));
2733 switch (*p) {
2734 case IPCP_OPT_ADDRESS:
2735 /*
2736 * Peer doesn't grok address option. This is
2737 * bad. XXX Should we better give up here?
2738 */
2739 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS);
2740 break;
2741 #ifdef notyet
2742 case IPCP_OPT_COMPRESS:
2743 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS);
2744 break;
2745 #endif
2746 }
2747 }
2748 if (debug)
2749 addlog("\n");
2750 free (buf, M_TEMP);
2751 return;
2752 }
2753
2754 /*
2755 * Analyze the IPCP Configure-NAK option list, and adjust our
2756 * negotiation.
2757 */
2758 HIDE void
2759 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
2760 {
2761 u_char *buf, *p;
2762 struct ifnet *ifp = &sp->pp_if;
2763 int debug = ifp->if_flags & IFF_DEBUG;
2764 u_long wantaddr;
2765
2766 len -= 4;
2767 buf = malloc (len, M_TEMP, M_NOWAIT);
2768 if (!buf)
2769 return;
2770
2771 if (debug)
2772 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ",
2773 SPP_ARGS(ifp));
2774
2775 p = (void*) (h+1);
2776 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
2777 if (debug)
2778 addlog("%s ", sppp_ipcp_opt_name(*p));
2779 switch (*p) {
2780 case IPCP_OPT_ADDRESS:
2781 /*
2782 * Peer doesn't like our local IP address. See
2783 * if we can do something for him. We'll drop
2784 * him our address then.
2785 */
2786 if (len >= 6 && p[1] == 6) {
2787 wantaddr = p[2] << 24 | p[3] << 16 |
2788 p[4] << 8 | p[5];
2789 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
2790 if (debug)
2791 addlog("[wantaddr %s] ",
2792 sppp_dotted_quad(wantaddr));
2793 /*
2794 * When doing dynamic address assignment,
2795 * we accept his offer. Otherwise, we
2796 * ignore it and thus continue to negotiate
2797 * our already existing value.
2798 */
2799 if (sp->ipcp.flags & IPCP_MYADDR_DYN) {
2800 sppp_set_ip_addr(sp, wantaddr);
2801 if (debug)
2802 addlog("[agree] ");
2803 }
2804 }
2805 break;
2806 #ifdef notyet
2807 case IPCP_OPT_COMPRESS:
2808 /*
2809 * Peer wants different compression parameters.
2810 */
2811 break;
2812 #endif
2813 }
2814 }
2815 if (debug)
2816 addlog("\n");
2817 free (buf, M_TEMP);
2818 return;
2819 }
2820
2821 HIDE void
2822 sppp_ipcp_tlu(struct sppp *sp)
2823 {
2824 }
2825
2826 HIDE void
2827 sppp_ipcp_tld(struct sppp *sp)
2828 {
2829 }
2830
2831 HIDE void
2832 sppp_ipcp_tls(struct sppp *sp)
2833 {
2834 /* indicate to LCP that it must stay alive */
2835 sp->lcp.protos |= (1 << IDX_IPCP);
2836 }
2837
2838 HIDE void
2839 sppp_ipcp_tlf(struct sppp *sp)
2840 {
2841 /* we no longer need LCP */
2842 sp->lcp.protos &= ~(1 << IDX_IPCP);
2843 sppp_lcp_check_and_close(sp);
2844 }
2845
2846 HIDE void
2847 sppp_ipcp_scr(struct sppp *sp)
2848 {
2849 char opt[6 /* compression */ + 6 /* address */];
2850 u_long ouraddr;
2851 int i = 0;
2852
2853 #ifdef notyet
2854 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) {
2855 opt[i++] = IPCP_OPT_COMPRESSION;
2856 opt[i++] = 6;
2857 opt[i++] = 0; /* VJ header compression */
2858 opt[i++] = 0x2d; /* VJ header compression */
2859 opt[i++] = max_slot_id;
2860 opt[i++] = comp_slot_id;
2861 }
2862 #endif
2863
2864 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) {
2865 sppp_get_ip_addrs(sp, &ouraddr, 0, 0);
2866 opt[i++] = IPCP_OPT_ADDRESS;
2867 opt[i++] = 6;
2868 opt[i++] = ouraddr >> 24;
2869 opt[i++] = ouraddr >> 16;
2870 opt[i++] = ouraddr >> 8;
2871 opt[i++] = ouraddr;
2872 }
2873
2874 sp->confid[IDX_IPCP] = ++sp->pp_seq;
2875 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt);
2876 }
2877
2878
2879 �/*
2880 *--------------------------------------------------------------------------*
2881 * *
2882 * The CHAP implementation. *
2883 * *
2884 *--------------------------------------------------------------------------*
2885 */
2886
2887 /*
2888 * The authentication protocols don't employ a full-fledged state machine as
2889 * the control protocols do, since they do have Open and Close events, but
2890 * not Up and Down, nor are they explicitly terminated. Also, use of the
2891 * authentication protocols may be different in both directions (this makes
2892 * sense, think of a machine that never accepts incoming calls but only
2893 * calls out, it doesn't require the called party to authenticate itself).
2894 *
2895 * Our state machine for the local authentication protocol (we are requesting
2896 * the peer to authenticate) looks like:
2897 *
2898 * RCA-
2899 * +--------------------------------------------+
2900 * V scn,tld|
2901 * +--------+ Close +---------+ RCA+
2902 * | |<----------------------------------| |------+
2903 * +--->| Closed | TO* | Opened | sca |
2904 * | | |-----+ +-------| |<-----+
2905 * | +--------+ irc | | +---------+
2906 * | ^ | | ^
2907 * | | | | |
2908 * | | | | |
2909 * | TO-| | | |
2910 * | |tld TO+ V | |
2911 * | | +------->+ | |
2912 * | | | | | |
2913 * | +--------+ V | |
2914 * | | |<----+<--------------------+ |
2915 * | | Req- | scr |
2916 * | | Sent | |
2917 * | | | |
2918 * | +--------+ |
2919 * | RCA- | | RCA+ |
2920 * +------+ +------------------------------------------+
2921 * scn,tld sca,irc,ict,tlu
2922 *
2923 *
2924 * with:
2925 *
2926 * Open: LCP reached authentication phase
2927 * Close: LCP reached terminate phase
2928 *
2929 * RCA+: received reply (pap-req, chap-response), acceptable
2930 * RCN: received reply (pap-req, chap-response), not acceptable
2931 * TO+: timeout with restart counter >= 0
2932 * TO-: timeout with restart counter < 0
2933 * TO*: reschedule timeout for CHAP
2934 *
2935 * scr: send request packet (none for PAP, chap-challenge)
2936 * sca: send ack packet (pap-ack, chap-success)
2937 * scn: send nak packet (pap-nak, chap-failure)
2938 * ict: initialize re-challenge timer (CHAP only)
2939 *
2940 * tlu: this-layer-up, LCP reaches network phase
2941 * tld: this-layer-down, LCP enters terminate phase
2942 *
2943 * Note that in CHAP mode, after sending a new challenge, while the state
2944 * automaton falls back into Req-Sent state, it doesn't signal a tld
2945 * event to LCP, so LCP remains in network phase. Only after not getting
2946 * any response (or after getting an unacceptable response), CHAP closes,
2947 * causing LCP to enter terminate phase.
2948 *
2949 * With PAP, there is no initial request that can be sent. The peer is
2950 * expected to send one based on the successful negotiation of PAP as
2951 * the authentication protocol during the LCP option negotiation.
2952 *
2953 * Incoming authentication protocol requests (remote requests
2954 * authentication, we are peer) don't employ a state machine at all,
2955 * they are simply answered. Some peers [Ascend P50 firmware rev
2956 * 4.50] react allergically when sending IPCP requests while they are
2957 * still in authentication phase (thereby violating the standard that
2958 * demands that these NCP packets are to be discarded), so we keep
2959 * track of the peer demanding us to authenticate, and only proceed to
2960 * phase network once we've seen a positive acknowledge for the
2961 * authentication.
2962 */
2963
2964 /*
2965 * Handle incoming CHAP packets.
2966 */
2967 void
2968 sppp_chap_input(struct sppp *sp, struct mbuf *m)
2969 {
2970 STDDCL;
2971 struct lcp_header *h;
2972 int len, x;
2973 u_char *value, *name, digest[AUTHKEYLEN], dsize;
2974 int value_len, name_len;
2975 MD5_CTX ctx;
2976
2977 len = m->m_pkthdr.len;
2978 if (len < 4) {
2979 if (debug)
2980 log(LOG_DEBUG,
2981 SPP_FMT "chap invalid packet length: %d bytes\n",
2982 SPP_ARGS(ifp), len);
2983 return;
2984 }
2985 h = mtod (m, struct lcp_header*);
2986 if (len > ntohs (h->len))
2987 len = ntohs (h->len);
2988
2989 switch (h->type) {
2990 /* challenge, failure and success are his authproto */
2991 case CHAP_CHALLENGE:
2992 value = 1 + (u_char*)(h+1);
2993 value_len = value[-1];
2994 name = value + value_len;
2995 name_len = len - value_len - 5;
2996 if (name_len < 0) {
2997 if (debug) {
2998 log(LOG_DEBUG,
2999 SPP_FMT "chap corrupted challenge "
3000 "<%s id=0x%x len=%d",
3001 SPP_ARGS(ifp),
3002 sppp_auth_type_name(PPP_CHAP, h->type),
3003 h->ident, ntohs(h->len));
3004 if (len > 4)
3005 sppp_print_bytes((u_char*) (h+1), len-4);
3006 addlog(">\n");
3007 }
3008 break;
3009 }
3010
3011 if (debug) {
3012 log(LOG_DEBUG,
3013 SPP_FMT "chap input <%s id=0x%x len=%d name=",
3014 SPP_ARGS(ifp),
3015 sppp_auth_type_name(PPP_CHAP, h->type), h->ident,
3016 ntohs(h->len));
3017 sppp_print_string((char*) name, name_len);
3018 addlog(" value-size=%d value=", value_len);
3019 sppp_print_bytes(value, value_len);
3020 addlog(">\n");
3021 }
3022
3023 /* Compute reply value. */
3024 MD5Init(&ctx);
3025 MD5Update(&ctx, &h->ident, 1);
3026 MD5Update(&ctx, sp->myauth.secret,
3027 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN));
3028 MD5Update(&ctx, value, value_len);
3029 MD5Final(digest, &ctx);
3030 dsize = sizeof digest;
3031
3032 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident,
3033 sizeof dsize, (const char *)&dsize,
3034 sizeof digest, digest,
3035 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN),
3036 sp->myauth.name,
3037 0);
3038 break;
3039
3040 case CHAP_SUCCESS:
3041 if (debug) {
3042 log(LOG_DEBUG, SPP_FMT "chap success",
3043 SPP_ARGS(ifp));
3044 if (len > 4) {
3045 addlog(": ");
3046 sppp_print_string((char*)(h + 1), len - 4);
3047 }
3048 addlog("\n");
3049 }
3050 x = splimp();
3051 sp->pp_flags &= ~PP_NEEDAUTH;
3052 if (sp->myauth.proto == PPP_CHAP &&
3053 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) &&
3054 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) {
3055 /*
3056 * We are authenticator for CHAP but didn't
3057 * complete yet. Leave it to tlu to proceed
3058 * to network phase.
3059 */
3060 splx(x);
3061 break;
3062 }
3063 splx(x);
3064 sppp_phase_network(sp);
3065 break;
3066
3067 case CHAP_FAILURE:
3068 if (debug) {
3069 log(LOG_INFO, SPP_FMT "chap failure",
3070 SPP_ARGS(ifp));
3071 if (len > 4) {
3072 addlog(": ");
3073 sppp_print_string((char*)(h + 1), len - 4);
3074 }
3075 addlog("\n");
3076 } else
3077 log(LOG_INFO, SPP_FMT "chap failure\n",
3078 SPP_ARGS(ifp));
3079 /* await LCP shutdown by authenticator */
3080 break;
3081
3082 /* response is my authproto */
3083 case CHAP_RESPONSE:
3084 value = 1 + (u_char*)(h+1);
3085 value_len = value[-1];
3086 name = value + value_len;
3087 name_len = len - value_len - 5;
3088 if (name_len < 0) {
3089 if (debug) {
3090 log(LOG_DEBUG,
3091 SPP_FMT "chap corrupted response "
3092 "<%s id=0x%x len=%d",
3093 SPP_ARGS(ifp),
3094 sppp_auth_type_name(PPP_CHAP, h->type),
3095 h->ident, ntohs(h->len));
3096 if (len > 4)
3097 sppp_print_bytes((u_char*)(h+1), len-4);
3098 addlog(">\n");
3099 }
3100 break;
3101 }
3102 if (h->ident != sp->confid[IDX_CHAP]) {
3103 if (debug)
3104 log(LOG_DEBUG,
3105 SPP_FMT "chap dropping response for old ID "
3106 "(got %d, expected %d)\n",
3107 SPP_ARGS(ifp),
3108 h->ident, sp->confid[IDX_CHAP]);
3109 break;
3110 }
3111 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)
3112 || bcmp(name, sp->hisauth.name, name_len) != 0) {
3113 log(LOG_INFO, SPP_FMT "chap response, his name ",
3114 SPP_ARGS(ifp));
3115 sppp_print_string(name, name_len);
3116 addlog(" != expected ");
3117 sppp_print_string(sp->hisauth.name,
3118 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN));
3119 addlog("\n");
3120 }
3121 if (debug) {
3122 log(LOG_DEBUG, SPP_FMT "chap input(%s) "
3123 "<%s id=0x%x len=%d name=",
3124 SPP_ARGS(ifp),
3125 sppp_state_name(sp->state[IDX_CHAP]),
3126 sppp_auth_type_name(PPP_CHAP, h->type),
3127 h->ident, ntohs (h->len));
3128 sppp_print_string((char*)name, name_len);
3129 addlog(" value-size=%d value=", value_len);
3130 sppp_print_bytes(value, value_len);
3131 addlog(">\n");
3132 }
3133 if (value_len != AUTHKEYLEN) {
3134 if (debug)
3135 log(LOG_DEBUG,
3136 SPP_FMT "chap bad hash value length: "
3137 "%d bytes, should be %d\n",
3138 SPP_ARGS(ifp), value_len,
3139 AUTHKEYLEN);
3140 break;
3141 }
3142
3143 MD5Init(&ctx);
3144 MD5Update(&ctx, &h->ident, 1);
3145 MD5Update(&ctx, sp->hisauth.secret,
3146 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN));
3147 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN);
3148 MD5Final(digest, &ctx);
3149
3150 #define FAILMSG "Failed..."
3151 #define SUCCMSG "Welcome!"
3152
3153 if (value_len != sizeof digest ||
3154 bcmp(digest, value, value_len) != 0) {
3155 /* action scn, tld */
3156 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident,
3157 sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
3158 0);
3159 chap.tld(sp);
3160 break;
3161 }
3162 /* action sca, perhaps tlu */
3163 if (sp->state[IDX_CHAP] == STATE_REQ_SENT ||
3164 sp->state[IDX_CHAP] == STATE_OPENED)
3165 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident,
3166 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
3167 0);
3168 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) {
3169 sppp_cp_change_state(&chap, sp, STATE_OPENED);
3170 chap.tlu(sp);
3171 }
3172 break;
3173
3174 default:
3175 /* Unknown CHAP packet type -- ignore. */
3176 if (debug) {
3177 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) "
3178 "<0x%x id=0x%xh len=%d",
3179 SPP_ARGS(ifp),
3180 sppp_state_name(sp->state[IDX_CHAP]),
3181 h->type, h->ident, ntohs(h->len));
3182 if (len > 4)
3183 sppp_print_bytes((u_char*)(h+1), len-4);
3184 addlog(">\n");
3185 }
3186 break;
3187
3188 }
3189 }
3190
3191 HIDE void
3192 sppp_chap_init(struct sppp *sp)
3193 {
3194 /* Chap doesn't have STATE_INITIAL at all. */
3195 sp->state[IDX_CHAP] = STATE_CLOSED;
3196 sp->fail_counter[IDX_CHAP] = 0;
3197 #if defined (__FreeBSD__)
3198 callout_handle_init(&sp->ch[IDX_CHAP]);
3199 #endif
3200 }
3201
3202 HIDE void
3203 sppp_chap_open(struct sppp *sp)
3204 {
3205 if (sp->myauth.proto == PPP_CHAP &&
3206 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
3207 /* we are authenticator for CHAP, start it */
3208 chap.scr(sp);
3209 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
3210 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
3211 }
3212 /* nothing to be done if we are peer, await a challenge */
3213 }
3214
3215 HIDE void
3216 sppp_chap_close(struct sppp *sp)
3217 {
3218 if (sp->state[IDX_CHAP] != STATE_CLOSED)
3219 sppp_cp_change_state(&chap, sp, STATE_CLOSED);
3220 }
3221
3222 HIDE void
3223 sppp_chap_TO(void *cookie)
3224 {
3225 struct sppp *sp = (struct sppp *)cookie;
3226 STDDCL;
3227 int s;
3228
3229 s = splimp();
3230 if (debug)
3231 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n",
3232 SPP_ARGS(ifp),
3233 sppp_state_name(sp->state[IDX_CHAP]),
3234 sp->rst_counter[IDX_CHAP]);
3235
3236 if (--sp->rst_counter[IDX_CHAP] < 0)
3237 /* TO- event */
3238 switch (sp->state[IDX_CHAP]) {
3239 case STATE_REQ_SENT:
3240 chap.tld(sp);
3241 sppp_cp_change_state(&chap, sp, STATE_CLOSED);
3242 break;
3243 }
3244 else
3245 /* TO+ (or TO*) event */
3246 switch (sp->state[IDX_CHAP]) {
3247 case STATE_OPENED:
3248 /* TO* event */
3249 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
3250 /* fall through */
3251 case STATE_REQ_SENT:
3252 chap.scr(sp);
3253 /* sppp_cp_change_state() will restart the timer */
3254 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
3255 break;
3256 }
3257
3258 splx(s);
3259 }
3260
3261 HIDE void
3262 sppp_chap_tlu(struct sppp *sp)
3263 {
3264 STDDCL;
3265 int i = 0, x;
3266
3267 i = 0;
3268 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
3269
3270 /*
3271 * Some broken CHAP implementations (Conware CoNet, firmware
3272 * 4.0.?) don't want to re-authenticate their CHAP once the
3273 * initial challenge-response exchange has taken place.
3274 * Provide for an option to avoid rechallenges.
3275 */
3276 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) {
3277 /*
3278 * Compute the re-challenge timeout. This will yield
3279 * a number between 300 and 810 seconds.
3280 */
3281 i = 300 + ((unsigned)(random() & 0xff00) >> 7);
3282
3283 #if defined (__FreeBSD__)
3284 sp->ch[IDX_CHAP] =
3285 #endif
3286 timeout(chap.TO, (void *)sp, i * hz);
3287 }
3288
3289 if (debug) {
3290 log(LOG_DEBUG,
3291 SPP_FMT "chap %s, ",
3292 SPP_ARGS(ifp),
3293 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu");
3294 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0)
3295 addlog("next re-challenge in %d seconds\n", i);
3296 else
3297 addlog("re-challenging supressed\n");
3298 }
3299
3300 x = splimp();
3301 /* indicate to LCP that we need to be closed down */
3302 sp->lcp.protos |= (1 << IDX_CHAP);
3303
3304 if (sp->pp_flags & PP_NEEDAUTH) {
3305 /*
3306 * Remote is authenticator, but his auth proto didn't
3307 * complete yet. Defer the transition to network
3308 * phase.
3309 */
3310 splx(x);
3311 return;
3312 }
3313 splx(x);
3314
3315 /*
3316 * If we are already in phase network, we are done here. This
3317 * is the case if this is a dummy tlu event after a re-challenge.
3318 */
3319 if (sp->pp_phase != PHASE_NETWORK)
3320 sppp_phase_network(sp);
3321 }
3322
3323 HIDE void
3324 sppp_chap_tld(struct sppp *sp)
3325 {
3326 STDDCL;
3327
3328 if (debug)
3329 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp));
3330 UNTIMEOUT(chap.TO, (void *)sp, sp->ch[IDX_CHAP]);
3331 sp->lcp.protos &= ~(1 << IDX_CHAP);
3332
3333 lcp.Close(sp);
3334 }
3335
3336 HIDE void
3337 sppp_chap_scr(struct sppp *sp)
3338 {
3339 u_long *ch, seed;
3340 u_char clen;
3341 #if defined (__NetBSD__) || defined (__OpenBSD__)
3342 struct timeval tv;
3343 #endif
3344
3345 /* Compute random challenge. */
3346 ch = (u_long *)sp->myauth.challenge;
3347 #if defined (__FreeBSD__)
3348 read_random(&seed, sizeof seed);
3349 #else
3350 microtime(&tv);
3351 seed = tv.tv_sec ^ tv.tv_usec;
3352 #endif
3353 ch[0] = seed ^ random();
3354 ch[1] = seed ^ random();
3355 ch[2] = seed ^ random();
3356 ch[3] = seed ^ random();
3357 clen = AUTHKEYLEN;
3358
3359 sp->confid[IDX_CHAP] = ++sp->pp_seq;
3360
3361 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP],
3362 sizeof clen, (const char *)&clen,
3363 (size_t)AUTHKEYLEN, sp->myauth.challenge,
3364 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN),
3365 sp->myauth.name,
3366 0);
3367 }
3368 �/*
3369 *--------------------------------------------------------------------------*
3370 * *
3371 * The PAP implementation. *
3372 * *
3373 *--------------------------------------------------------------------------*
3374 */
3375 /*
3376 * For PAP, we need to keep a little state also if we are the peer, not the
3377 * authenticator. This is since we don't get a request to authenticate, but
3378 * have to repeatedly authenticate ourself until we got a response (or the
3379 * retry counter is expired).
3380 */
3381
3382 /*
3383 * Handle incoming PAP packets. */
3384 HIDE void
3385 sppp_pap_input(struct sppp *sp, struct mbuf *m)
3386 {
3387 STDDCL;
3388 struct lcp_header *h;
3389 int len, x;
3390 u_char *name, *passwd, mlen;
3391 int name_len, passwd_len;
3392
3393 len = m->m_pkthdr.len;
3394 if (len < 5) {
3395 if (debug)
3396 log(LOG_DEBUG,
3397 SPP_FMT "pap invalid packet length: %d bytes\n",
3398 SPP_ARGS(ifp), len);
3399 return;
3400 }
3401 h = mtod (m, struct lcp_header*);
3402 if (len > ntohs (h->len))
3403 len = ntohs (h->len);
3404 switch (h->type) {
3405 /* PAP request is my authproto */
3406 case PAP_REQ:
3407 name = 1 + (u_char*)(h+1);
3408 name_len = name[-1];
3409 passwd = name + name_len + 1;
3410 if (name_len > len - 6 ||
3411 (passwd_len = passwd[-1]) > len - 6 - name_len) {
3412 if (debug) {
3413 log(LOG_DEBUG, SPP_FMT "pap corrupted input "
3414 "<%s id=0x%x len=%d",
3415 SPP_ARGS(ifp),
3416 sppp_auth_type_name(PPP_PAP, h->type),
3417 h->ident, ntohs(h->len));
3418 if (len > 4)
3419 sppp_print_bytes((u_char*)(h+1), len-4);
3420 addlog(">\n");
3421 }
3422 break;
3423 }
3424 if (debug) {
3425 log(LOG_DEBUG, SPP_FMT "pap input(%s) "
3426 "<%s id=0x%x len=%d name=",
3427 SPP_ARGS(ifp),
3428 sppp_state_name(sp->state[IDX_PAP]),
3429 sppp_auth_type_name(PPP_PAP, h->type),
3430 h->ident, ntohs(h->len));
3431 sppp_print_string((char*)name, name_len);
3432 addlog(" passwd=");
3433 sppp_print_string((char*)passwd, passwd_len);
3434 addlog(">\n");
3435 }
3436 if (name_len > AUTHNAMELEN ||
3437 passwd_len > AUTHKEYLEN ||
3438 bcmp(name, sp->hisauth.name, name_len) != 0 ||
3439 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) {
3440 /* action scn, tld */
3441 mlen = sizeof(FAILMSG) - 1;
3442 sppp_auth_send(&pap, sp, PAP_NAK, h->ident,
3443 sizeof mlen, (const char *)&mlen,
3444 sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
3445 0);
3446 pap.tld(sp);
3447 break;
3448 }
3449 /* action sca, perhaps tlu */
3450 if (sp->state[IDX_PAP] == STATE_REQ_SENT ||
3451 sp->state[IDX_PAP] == STATE_OPENED) {
3452 mlen = sizeof(SUCCMSG) - 1;
3453 sppp_auth_send(&pap, sp, PAP_ACK, h->ident,
3454 sizeof mlen, (const char *)&mlen,
3455 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
3456 0);
3457 }
3458 if (sp->state[IDX_PAP] == STATE_REQ_SENT) {
3459 sppp_cp_change_state(&pap, sp, STATE_OPENED);
3460 pap.tlu(sp);
3461 }
3462 break;
3463
3464 /* ack and nak are his authproto */
3465 case PAP_ACK:
3466 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
3467 if (debug) {
3468 log(LOG_DEBUG, SPP_FMT "pap success",
3469 SPP_ARGS(ifp));
3470 name_len = *((char *)h);
3471 if (len > 5 && name_len) {
3472 addlog(": ");
3473 sppp_print_string((char*)(h+1), name_len);
3474 }
3475 addlog("\n");
3476 }
3477 x = splimp();
3478 sp->pp_flags &= ~PP_NEEDAUTH;
3479 if (sp->myauth.proto == PPP_PAP &&
3480 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) &&
3481 (sp->lcp.protos & (1 << IDX_PAP)) == 0) {
3482 /*
3483 * We are authenticator for PAP but didn't
3484 * complete yet. Leave it to tlu to proceed
3485 * to network phase.
3486 */
3487 splx(x);
3488 break;
3489 }
3490 splx(x);
3491 sppp_phase_network(sp);
3492 break;
3493
3494 case PAP_NAK:
3495 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
3496 if (debug) {
3497 log(LOG_INFO, SPP_FMT "pap failure",
3498 SPP_ARGS(ifp));
3499 name_len = *((char *)h);
3500 if (len > 5 && name_len) {
3501 addlog(": ");
3502 sppp_print_string((char*)(h+1), name_len);
3503 }
3504 addlog("\n");
3505 } else
3506 log(LOG_INFO, SPP_FMT "pap failure\n",
3507 SPP_ARGS(ifp));
3508 /* await LCP shutdown by authenticator */
3509 break;
3510
3511 default:
3512 /* Unknown PAP packet type -- ignore. */
3513 if (debug) {
3514 log(LOG_DEBUG, SPP_FMT "pap corrupted input "
3515 "<0x%x id=0x%x len=%d",
3516 SPP_ARGS(ifp),
3517 h->type, h->ident, ntohs(h->len));
3518 if (len > 4)
3519 sppp_print_bytes((u_char*)(h+1), len-4);
3520 addlog(">\n");
3521 }
3522 break;
3523
3524 }
3525 }
3526
3527 HIDE void
3528 sppp_pap_init(struct sppp *sp)
3529 {
3530 /* PAP doesn't have STATE_INITIAL at all. */
3531 sp->state[IDX_PAP] = STATE_CLOSED;
3532 sp->fail_counter[IDX_PAP] = 0;
3533 #if defined (__FreeBSD__)
3534 callout_handle_init(&sp->ch[IDX_PAP]);
3535 callout_handle_init(&sp->pap_my_to_ch);
3536 #endif
3537 }
3538
3539 HIDE void
3540 sppp_pap_open(struct sppp *sp)
3541 {
3542 if (sp->hisauth.proto == PPP_PAP &&
3543 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
3544 /* we are authenticator for PAP, start our timer */
3545 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
3546 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
3547 }
3548 if (sp->myauth.proto == PPP_PAP) {
3549 /* we are peer, send a request, and start a timer */
3550 pap.scr(sp);
3551 #if defined (__FreeBSD__)
3552 sp->pap_my_to_ch =
3553 #endif
3554 timeout(sppp_pap_my_TO, (void *)sp, sp->lcp.timeout);
3555 }
3556 }
3557
3558 HIDE void
3559 sppp_pap_close(struct sppp *sp)
3560 {
3561 if (sp->state[IDX_PAP] != STATE_CLOSED)
3562 sppp_cp_change_state(&pap, sp, STATE_CLOSED);
3563 }
3564
3565 /*
3566 * That's the timeout routine if we are authenticator. Since the
3567 * authenticator is basically passive in PAP, we can't do much here.
3568 */
3569 HIDE void
3570 sppp_pap_TO(void *cookie)
3571 {
3572 struct sppp *sp = (struct sppp *)cookie;
3573 STDDCL;
3574 int s;
3575
3576 s = splimp();
3577 if (debug)
3578 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n",
3579 SPP_ARGS(ifp),
3580 sppp_state_name(sp->state[IDX_PAP]),
3581 sp->rst_counter[IDX_PAP]);
3582
3583 if (--sp->rst_counter[IDX_PAP] < 0)
3584 /* TO- event */
3585 switch (sp->state[IDX_PAP]) {
3586 case STATE_REQ_SENT:
3587 pap.tld(sp);
3588 sppp_cp_change_state(&pap, sp, STATE_CLOSED);
3589 break;
3590 }
3591 else
3592 /* TO+ event, not very much we could do */
3593 switch (sp->state[IDX_PAP]) {
3594 case STATE_REQ_SENT:
3595 /* sppp_cp_change_state() will restart the timer */
3596 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
3597 break;
3598 }
3599
3600 splx(s);
3601 }
3602
3603 /*
3604 * That's the timeout handler if we are peer. Since the peer is active,
3605 * we need to retransmit our PAP request since it is apparently lost.
3606 * XXX We should impose a max counter.
3607 */
3608 HIDE void
3609 sppp_pap_my_TO(void *cookie)
3610 {
3611 struct sppp *sp = (struct sppp *)cookie;
3612 STDDCL;
3613
3614 if (debug)
3615 log(LOG_DEBUG, SPP_FMT "pap peer TO\n",
3616 SPP_ARGS(ifp));
3617
3618 pap.scr(sp);
3619 }
3620
3621 HIDE void
3622 sppp_pap_tlu(struct sppp *sp)
3623 {
3624 STDDCL;
3625 int x;
3626
3627 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
3628
3629 if (debug)
3630 log(LOG_DEBUG, SPP_FMT "%s tlu\n",
3631 SPP_ARGS(ifp), pap.name);
3632
3633 x = splimp();
3634 /* indicate to LCP that we need to be closed down */
3635 sp->lcp.protos |= (1 << IDX_PAP);
3636
3637 if (sp->pp_flags & PP_NEEDAUTH) {
3638 /*
3639 * Remote is authenticator, but his auth proto didn't
3640 * complete yet. Defer the transition to network
3641 * phase.
3642 */
3643 splx(x);
3644 return;
3645 }
3646 splx(x);
3647 sppp_phase_network(sp);
3648 }
3649
3650 HIDE void
3651 sppp_pap_tld(struct sppp *sp)
3652 {
3653 STDDCL;
3654
3655 if (debug)
3656 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp));
3657 UNTIMEOUT(pap.TO, (void *)sp, sp->ch[IDX_PAP]);
3658 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
3659 sp->lcp.protos &= ~(1 << IDX_PAP);
3660
3661 lcp.Close(sp);
3662 }
3663
3664 HIDE void
3665 sppp_pap_scr(struct sppp *sp)
3666 {
3667 u_char idlen, pwdlen;
3668
3669 sp->confid[IDX_PAP] = ++sp->pp_seq;
3670 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN);
3671 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN);
3672
3673 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP],
3674 sizeof idlen, (const char *)&idlen,
3675 (size_t)idlen, sp->myauth.name,
3676 sizeof pwdlen, (const char *)&pwdlen,
3677 (size_t)pwdlen, sp->myauth.secret,
3678 0);
3679 }
3680 �/*
3681 * Random miscellaneous functions.
3682 */
3683
3684 /*
3685 * Send a PAP or CHAP proto packet.
3686 *
3687 * Varadic function, each of the elements for the ellipsis is of type
3688 * ``size_t mlen, const u_char *msg''. Processing will stop iff
3689 * mlen == 0.
3690 */
3691
3692 HIDE void
3693 sppp_auth_send(const struct cp *cp, struct sppp *sp, u_char type, u_char id,
3694 ...)
3695 {
3696 STDDCL;
3697 struct ppp_header *h;
3698 struct lcp_header *lh;
3699 struct mbuf *m;
3700 u_char *p;
3701 int len;
3702 size_t mlen;
3703 const char *msg;
3704 va_list ap;
3705
3706 MGETHDR (m, M_DONTWAIT, MT_DATA);
3707 if (! m)
3708 return;
3709 m->m_pkthdr.rcvif = 0;
3710
3711 h = mtod (m, struct ppp_header*);
3712 h->address = PPP_ALLSTATIONS; /* broadcast address */
3713 h->control = PPP_UI; /* Unnumbered Info */
3714 h->protocol = htons(cp->proto);
3715
3716 lh = (struct lcp_header*)(h + 1);
3717 lh->type = type;
3718 lh->ident = id;
3719 p = (u_char*) (lh+1);
3720
3721 va_start(ap, id);
3722 len = 0;
3723
3724 while ((mlen = va_arg(ap, size_t)) != 0) {
3725 msg = va_arg(ap, const char *);
3726 len += mlen;
3727 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) {
3728 va_end(ap);
3729 m_freem(m);
3730 return;
3731 }
3732
3733 bcopy(msg, p, mlen);
3734 p += mlen;
3735 }
3736 va_end(ap);
3737
3738 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len;
3739 lh->len = htons (LCP_HEADER_LEN + len);
3740
3741 if (debug) {
3742 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d",
3743 SPP_ARGS(ifp), cp->name,
3744 sppp_auth_type_name(cp->proto, lh->type),
3745 lh->ident, ntohs(lh->len));
3746 if (len)
3747 sppp_print_bytes((u_char*) (lh+1), len);
3748 addlog(">\n");
3749 }
3750 if (IF_QFULL (&sp->pp_cpq)) {
3751 IF_DROP (&sp->pp_fastq);
3752 IF_DROP (&ifp->if_snd);
3753 m_freem (m);
3754 ++ifp->if_oerrors;
3755 } else
3756 IF_ENQUEUE (&sp->pp_cpq, m);
3757 if (! (ifp->if_flags & IFF_OACTIVE))
3758 (*ifp->if_start) (ifp);
3759 ifp->if_obytes += m->m_pkthdr.len + 3;
3760 }
3761
3762 /*
3763 * Flush interface queue.
3764 */
3765 HIDE void
3766 sppp_qflush(struct ifqueue *ifq)
3767 {
3768 struct mbuf *m, *n;
3769
3770 n = ifq->ifq_head;
3771 while ((m = n)) {
3772 n = m->m_act;
3773 m_freem (m);
3774 }
3775 ifq->ifq_head = 0;
3776 ifq->ifq_tail = 0;
3777 ifq->ifq_len = 0;
3778 }
3779
3780 /*
3781 * Send keepalive packets, every 10 seconds.
3782 */
3783 HIDE void
3784 sppp_keepalive(void *dummy)
3785 {
3786 struct sppp *sp;
3787 int s;
3788
3789 s = splimp();
3790 for (sp=spppq; sp; sp=sp->pp_next) {
3791 struct ifnet *ifp = &sp->pp_if;
3792
3793 /* Keepalive mode disabled or channel down? */
3794 if (! (sp->pp_flags & PP_KEEPALIVE) ||
3795 ! (ifp->if_flags & IFF_RUNNING))
3796 continue;
3797
3798 /* No keepalive in PPP mode if LCP not opened yet. */
3799 if (! (sp->pp_flags & PP_CISCO) &&
3800 sp->pp_phase < PHASE_AUTHENTICATE)
3801 continue;
3802
3803 if (sp->pp_alivecnt == MAXALIVECNT) {
3804 /* No keepalive packets got. Stop the interface. */
3805 printf (SPP_FMT "down\n", SPP_ARGS(ifp));
3806 if (sp->pp_flags & PP_CISCO) {
3807 if_down (ifp);
3808 sppp_qflush (&sp->pp_cpq);
3809 } else {
3810 /* Shut down the PPP link. */
3811 lcp.Close(sp);
3812 }
3813 }
3814 if (sp->pp_alivecnt <= MAXALIVECNT)
3815 ++sp->pp_alivecnt;
3816 if (sp->pp_flags & PP_CISCO)
3817 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, ++sp->pp_seq,
3818 sp->pp_rseq);
3819 else if (sp->pp_phase >= PHASE_AUTHENTICATE) {
3820 long nmagic = htonl (sp->lcp.magic);
3821 sp->lcp.echoid = ++sp->pp_seq;
3822 sppp_cp_send (sp, PPP_LCP, ECHO_REQ,
3823 sp->lcp.echoid, 4, &nmagic);
3824 }
3825 }
3826 splx(s);
3827 #if defined (__FreeBSD__)
3828 keepalive_ch =
3829 #endif
3830 timeout(sppp_keepalive, 0, hz * 10);
3831 }
3832
3833 /*
3834 * Get both IP addresses.
3835 */
3836 HIDE void
3837 sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask)
3838 {
3839 struct ifnet *ifp = &sp->pp_if;
3840 struct ifaddr *ifa;
3841 struct sockaddr_in *si, *sm = 0;
3842 u_long ssrc, ddst;
3843
3844 sm = NULL;
3845 ssrc = ddst = 0L;
3846 /*
3847 * Pick the first AF_INET address from the list,
3848 * aliases don't make any sense on a p2p link anyway.
3849 */
3850 #if defined (__FreeBSD__)
3851 for (ifa = ifp->if_addrhead.tqh_first, si = 0;
3852 ifa;
3853 ifa = ifa->ifa_link.tqe_next)
3854 #else
3855 for (ifa = ifp->if_addrlist.tqh_first, si = 0;
3856 ifa;
3857 ifa = ifa->ifa_list.tqe_next)
3858 #endif
3859 if (ifa->ifa_addr->sa_family == AF_INET) {
3860 si = (struct sockaddr_in *)ifa->ifa_addr;
3861 sm = (struct sockaddr_in *)ifa->ifa_netmask;
3862 if (si)
3863 break;
3864 }
3865 if (ifa) {
3866 if (si && si->sin_addr.s_addr) {
3867 ssrc = si->sin_addr.s_addr;
3868 if (srcmask)
3869 *srcmask = ntohl(sm->sin_addr.s_addr);
3870 }
3871
3872 si = (struct sockaddr_in *)ifa->ifa_dstaddr;
3873 if (si && si->sin_addr.s_addr)
3874 ddst = si->sin_addr.s_addr;
3875 }
3876
3877 if (dst) *dst = ntohl(ddst);
3878 if (src) *src = ntohl(ssrc);
3879 }
3880
3881 /*
3882 * Set my IP address. Must be called at splimp.
3883 */
3884 HIDE void
3885 sppp_set_ip_addr(struct sppp *sp, u_long src)
3886 {
3887 struct ifnet *ifp = &sp->pp_if;
3888 struct ifaddr *ifa;
3889 struct sockaddr_in *si;
3890
3891 /*
3892 * Pick the first AF_INET address from the list,
3893 * aliases don't make any sense on a p2p link anyway.
3894 */
3895
3896 #if defined (__FreeBSD__)
3897 for (ifa = ifp->if_addrhead.tqh_first, si = 0;
3898 ifa;
3899 ifa = ifa->ifa_link.tqe_next)
3900 #else
3901 for (ifa = ifp->if_addrlist.tqh_first, si = 0;
3902 ifa;
3903 ifa = ifa->ifa_list.tqe_next)
3904 #endif
3905 {
3906 if (ifa->ifa_addr->sa_family == AF_INET)
3907 {
3908 si = (struct sockaddr_in *)ifa->ifa_addr;
3909 if (si)
3910 break;
3911 }
3912 }
3913
3914 if (ifa && si)
3915 si->sin_addr.s_addr = htonl(src);
3916 }
3917
3918 HIDE int
3919 sppp_params(struct sppp *sp, u_long cmd, void *data)
3920 {
3921 struct ifreq *ifr = (struct ifreq *)data;
3922 struct spppreq spr;
3923
3924 if (copyin((caddr_t)ifr->ifr_data, &spr, sizeof spr) != 0)
3925 return EFAULT;
3926
3927 switch (spr.cmd) {
3928 case SPPPIOGDEFS:
3929 if (cmd != SIOCGIFGENERIC)
3930 return EINVAL;
3931 /*
3932 * We copy over the entire current state, but clean
3933 * out some of the stuff we don't wanna pass up.
3934 * Remember, SIOCGIFGENERIC is unprotected, and can be
3935 * called by any user. No need to ever get PAP or
3936 * CHAP secrets back to userland anyway.
3937 */
3938 bcopy(sp, &spr.defs, sizeof(struct sppp));
3939 bzero(spr.defs.myauth.secret, AUTHKEYLEN);
3940 bzero(spr.defs.myauth.challenge, AUTHKEYLEN);
3941 bzero(spr.defs.hisauth.secret, AUTHKEYLEN);
3942 bzero(spr.defs.hisauth.challenge, AUTHKEYLEN);
3943 return copyout(&spr, (caddr_t)ifr->ifr_data, sizeof spr);
3944
3945 case SPPPIOSDEFS:
3946 if (cmd != SIOCSIFGENERIC)
3947 return EINVAL;
3948 /*
3949 * We have a very specific idea of which fields we allow
3950 * being passed back from userland, so to not clobber our
3951 * current state. For one, we only allow setting
3952 * anything if LCP is in dead phase. Once the LCP
3953 * negotiations started, the authentication settings must
3954 * not be changed again. (The administrator can force an
3955 * ifconfig down in order to get LCP back into dead
3956 * phase.)
3957 *
3958 * Also, we only allow for authentication parameters to be
3959 * specified.
3960 *
3961 * XXX Should allow to set or clear pp_flags.
3962 *
3963 * Finally, if the respective authentication protocol to
3964 * be used is set differently than 0, but the secret is
3965 * passed as all zeros, we don't trash the existing secret.
3966 * This allows an administrator to change the system name
3967 * only without clobbering the secret (which he didn't get
3968 * back in a previous SPPPIOGDEFS call). However, the
3969 * secrets are cleared if the authentication protocol is
3970 * reset to 0.
3971 */
3972 if (sp->pp_phase != PHASE_DEAD)
3973 return EBUSY;
3974
3975 if ((spr.defs.myauth.proto != 0 && spr.defs.myauth.proto != PPP_PAP &&
3976 spr.defs.myauth.proto != PPP_CHAP) ||
3977 (spr.defs.hisauth.proto != 0 && spr.defs.hisauth.proto != PPP_PAP &&
3978 spr.defs.hisauth.proto != PPP_CHAP))
3979 return EINVAL;
3980
3981 if (spr.defs.myauth.proto == 0)
3982 /* resetting myauth */
3983 bzero(&sp->myauth, sizeof sp->myauth);
3984 else {
3985 /* setting/changing myauth */
3986 sp->myauth.proto = spr.defs.myauth.proto;
3987 bcopy(spr.defs.myauth.name, sp->myauth.name, AUTHNAMELEN);
3988 if (spr.defs.myauth.secret[0] != '\0')
3989 bcopy(spr.defs.myauth.secret, sp->myauth.secret,
3990 AUTHKEYLEN);
3991 }
3992 if (spr.defs.hisauth.proto == 0)
3993 /* resetting hisauth */
3994 bzero(&sp->hisauth, sizeof sp->hisauth);
3995 else {
3996 /* setting/changing hisauth */
3997 sp->hisauth.proto = spr.defs.hisauth.proto;
3998 sp->hisauth.flags = spr.defs.hisauth.flags;
3999 bcopy(spr.defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN);
4000 if (spr.defs.hisauth.secret[0] != '\0')
4001 bcopy(spr.defs.hisauth.secret, sp->hisauth.secret,
4002 AUTHKEYLEN);
4003 }
4004 break;
4005
4006 default:
4007 return EINVAL;
4008 }
4009
4010 return 0;
4011 }
4012
4013 HIDE void
4014 sppp_phase_network(struct sppp *sp)
4015 {
4016 struct ifnet *ifp = &sp->pp_if;
4017 int i;
4018 u_long mask;
4019
4020 sp->pp_phase = PHASE_NETWORK;
4021
4022 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
4023 sppp_phase_name(sp->pp_phase));
4024
4025 /* Notify NCPs now. */
4026 for (i = 0; i < IDX_COUNT; i++)
4027 if ((cps[i])->flags & CP_NCP)
4028 (cps[i])->Open(sp);
4029
4030 /* Send Up events to all NCPs. */
4031 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
4032 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP))
4033 (cps[i])->Up(sp);
4034
4035 /* if no NCP is starting, all this was in vain, close down */
4036 sppp_lcp_check_and_close(sp);
4037 }
4038
4039
4040 HIDE const char *
4041 sppp_cp_type_name(u_char type)
4042 {
4043 static char buf[12];
4044 switch (type) {
4045 case CONF_REQ: return "conf-req";
4046 case CONF_ACK: return "conf-ack";
4047 case CONF_NAK: return "conf-nak";
4048 case CONF_REJ: return "conf-rej";
4049 case TERM_REQ: return "term-req";
4050 case TERM_ACK: return "term-ack";
4051 case CODE_REJ: return "code-rej";
4052 case PROTO_REJ: return "proto-rej";
4053 case ECHO_REQ: return "echo-req";
4054 case ECHO_REPLY: return "echo-reply";
4055 case DISC_REQ: return "discard-req";
4056 }
4057 sprintf (buf, "0x%x", type);
4058 return buf;
4059 }
4060
4061 HIDE const char *
4062 sppp_auth_type_name(u_short proto, u_char type)
4063 {
4064 static char buf[12];
4065 switch (proto) {
4066 case PPP_CHAP:
4067 switch (type) {
4068 case CHAP_CHALLENGE: return "challenge";
4069 case CHAP_RESPONSE: return "response";
4070 case CHAP_SUCCESS: return "success";
4071 case CHAP_FAILURE: return "failure";
4072 }
4073 case PPP_PAP:
4074 switch (type) {
4075 case PAP_REQ: return "req";
4076 case PAP_ACK: return "ack";
4077 case PAP_NAK: return "nak";
4078 }
4079 }
4080 sprintf (buf, "0x%x", type);
4081 return buf;
4082 }
4083
4084 HIDE const char *
4085 sppp_lcp_opt_name(u_char opt)
4086 {
4087 static char buf[12];
4088 switch (opt) {
4089 case LCP_OPT_MRU: return "mru";
4090 case LCP_OPT_ASYNC_MAP: return "async-map";
4091 case LCP_OPT_AUTH_PROTO: return "auth-proto";
4092 case LCP_OPT_QUAL_PROTO: return "qual-proto";
4093 case LCP_OPT_MAGIC: return "magic";
4094 case LCP_OPT_PROTO_COMP: return "proto-comp";
4095 case LCP_OPT_ADDR_COMP: return "addr-comp";
4096 }
4097 sprintf (buf, "0x%x", opt);
4098 return buf;
4099 }
4100
4101 HIDE const char *
4102 sppp_ipcp_opt_name(u_char opt)
4103 {
4104 static char buf[12];
4105 switch (opt) {
4106 case IPCP_OPT_ADDRESSES: return "addresses";
4107 case IPCP_OPT_COMPRESSION: return "compression";
4108 case IPCP_OPT_ADDRESS: return "address";
4109 }
4110 sprintf (buf, "0x%x", opt);
4111 return buf;
4112 }
4113
4114 HIDE const char *
4115 sppp_state_name(int state)
4116 {
4117 switch (state) {
4118 case STATE_INITIAL: return "initial";
4119 case STATE_STARTING: return "starting";
4120 case STATE_CLOSED: return "closed";
4121 case STATE_STOPPED: return "stopped";
4122 case STATE_CLOSING: return "closing";
4123 case STATE_STOPPING: return "stopping";
4124 case STATE_REQ_SENT: return "req-sent";
4125 case STATE_ACK_RCVD: return "ack-rcvd";
4126 case STATE_ACK_SENT: return "ack-sent";
4127 case STATE_OPENED: return "opened";
4128 }
4129 return "illegal";
4130 }
4131
4132 HIDE const char *
4133 sppp_phase_name(enum ppp_phase phase)
4134 {
4135 switch (phase) {
4136 case PHASE_DEAD: return "dead";
4137 case PHASE_ESTABLISH: return "establish";
4138 case PHASE_TERMINATE: return "terminate";
4139 case PHASE_AUTHENTICATE: return "authenticate";
4140 case PHASE_NETWORK: return "network";
4141 }
4142 return "illegal";
4143 }
4144
4145 HIDE const char *
4146 sppp_proto_name(u_short proto)
4147 {
4148 static char buf[12];
4149 switch (proto) {
4150 case PPP_LCP: return "lcp";
4151 case PPP_IPCP: return "ipcp";
4152 case PPP_PAP: return "pap";
4153 case PPP_CHAP: return "chap";
4154 }
4155 sprintf(buf, "0x%x", (unsigned)proto);
4156 return buf;
4157 }
4158
4159 HIDE void
4160 sppp_print_bytes(const u_char *p, u_short len)
4161 {
4162 addlog(" %02x", *p++);
4163 while (--len > 0)
4164 addlog("-%02x", *p++);
4165 }
4166
4167 HIDE void
4168 sppp_print_string(const char *p, u_short len)
4169 {
4170 u_char c;
4171
4172 while (len-- > 0) {
4173 c = *p++;
4174 /*
4175 * Print only ASCII chars directly. RFC 1994 recommends
4176 * using only them, but we don't rely on it. */
4177 if (c < ' ' || c > '~')
4178 addlog("\\x%x", c);
4179 else
4180 addlog("%c", c);
4181 }
4182 }
4183
4184 HIDE const char *
4185 sppp_dotted_quad(u_long addr)
4186 {
4187 static char s[16];
4188 sprintf(s, "%d.%d.%d.%d",
4189 (int)((addr >> 24) & 0xff),
4190 (int)((addr >> 16) & 0xff),
4191 (int)((addr >> 8) & 0xff),
4192 (int)(addr & 0xff));
4193 return s;
4194 }
4195
4196 HIDE int
4197 sppp_strnlen(u_char *p, int max)
4198 {
4199 int len;
4200
4201 for (len = 0; len < max && *p; ++p)
4202 ++len;
4203 return len;
4204 }
4205
4206 /* a dummy, used to drop uninteresting events */
4207 HIDE void
4208 sppp_null(struct sppp *unused)
4209 {
4210 /* do just nothing */
4211 }
4212 /*
4213 * This file is large. Tell emacs to highlight it nevertheless.
4214 *
4215 * Local Variables:
4216 * hilit-auto-highlight-maxout: 120000
4217 * End:
4218 */
4219