1 /* $OpenBSD: if_spppsubr.c,v 1.5 2000/04/26 18:39:38 chris Exp $ */ 2 /* 3 * Synchronous PPP/Cisco link level subroutines. 4 * Keepalive protocol implemented in both Cisco and PPP modes. 5 * 6 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 7 * Author: Serge Vakulenko, <vak@cronyx.ru> 8 * 9 * Heavily revamped to conform to RFC 1661. 10 * Copyright (C) 1997, Joerg Wunsch. 11 * 12 * This software is distributed with NO WARRANTIES, not even the implied 13 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 14 * 15 * Authors grant any other persons or organisations permission to use 16 * or modify this software as long as this message is kept with the software, 17 * all derivative works or modified versions. 18 * 19 * Version 2.6, Tue May 12 17:10:39 MSD 1998 20 * 21 */ 22 23 #include <sys/param.h> 24 25 #if defined (__FreeBSD__) 26 #include "opt_inet.h" 27 #include "opt_ipx.h" 28 #endif 29 30 #ifdef NetBSD1_3 31 # if NetBSD1_3 > 6 32 # include "opt_inet.h" 33 # include "opt_iso.h" 34 # endif 35 #endif 36 37 #ifdef __OpenBSD__ 38 #define HIDE 39 #else 40 #define HIDE static 41 #endif 42 43 #include <sys/systm.h> 44 #include <sys/kernel.h> 45 #include <sys/sockio.h> 46 #include <sys/socket.h> 47 #include <sys/syslog.h> 48 #include <sys/malloc.h> 49 #include <sys/mbuf.h> 50 51 #if defined (__OpenBSD__) 52 #include <sys/md5k.h> 53 #else 54 #include <sys/md5.h> 55 #endif 56 57 #include <net/if.h> 58 #include <net/netisr.h> 59 #include <net/if_types.h> 60 61 #if defined (__FreeBSD__) || defined(__OpenBSD_) || defined(__NetBSD__) 62 #include <machine/random.h> 63 #endif 64 #if defined (__NetBSD__) || defined (__OpenBSD__) 65 #include <machine/cpu.h> /* XXX for softnet */ 66 #endif 67 #include <machine/stdarg.h> 68 69 #ifdef INET 70 #include <netinet/in.h> 71 #include <netinet/in_systm.h> 72 #include <netinet/in_var.h> 73 #include <netinet/ip.h> 74 #include <netinet/tcp.h> 75 # if defined (__FreeBSD__) || defined (__OpenBSD__) 76 # include <netinet/if_ether.h> 77 # else 78 # include <net/ethertypes.h> 79 # endif 80 #else 81 # error Huh? sppp without INET? 82 #endif 83 84 #ifdef IPX 85 #include <netipx/ipx.h> 86 #include <netipx/ipx_if.h> 87 #endif 88 89 #ifdef NS 90 #include <netns/ns.h> 91 #include <netns/ns_if.h> 92 #endif 93 94 #ifdef ISO 95 #include <netiso/argo_debug.h> 96 #include <netiso/iso.h> 97 #include <netiso/iso_var.h> 98 #include <netiso/iso_snpac.h> 99 #endif 100 101 #include <net/if_sppp.h> 102 103 #if defined (__FreeBSD__) 104 # define UNTIMEOUT(fun, arg, handle) \ 105 untimeout(fun, arg, handle) 106 #else 107 # define UNTIMEOUT(fun, arg, handle) \ 108 untimeout(fun, arg) 109 #endif 110 #define MAXALIVECNT 3 /* max. alive packets */ 111 112 /* 113 * Interface flags that can be set in an ifconfig command. 114 * 115 * Setting link0 will make the link passive, i.e. it will be marked 116 * as being administrative openable, but won't be opened to begin 117 * with. Incoming calls will be answered, or subsequent calls with 118 * -link1 will cause the administrative open of the LCP layer. 119 * 120 * Setting link1 will cause the link to auto-dial only as packets 121 * arrive to be sent. 122 * 123 * Setting IFF_DEBUG will syslog the option negotiation and state 124 * transitions at level kern.debug. Note: all logs consistently look 125 * like 126 * 127 * <if-name><unit>: <proto-name> <additional info...> 128 * 129 * with <if-name><unit> being something like "bppp0", and <proto-name> 130 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 131 */ 132 133 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 134 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 135 136 #define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 137 #define PPP_UI 0x03 /* Unnumbered Information */ 138 #define PPP_IP 0x0021 /* Internet Protocol */ 139 #define PPP_ISO 0x0023 /* ISO OSI Protocol */ 140 #define PPP_XNS 0x0025 /* Xerox NS Protocol */ 141 #define PPP_IPX 0x002b /* Novell IPX Protocol */ 142 #define PPP_LCP 0xc021 /* Link Control Protocol */ 143 #define PPP_PAP 0xc023 /* Password Authentication Protocol */ 144 #define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 145 #define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 146 147 #define CONF_REQ 1 /* PPP configure request */ 148 #define CONF_ACK 2 /* PPP configure acknowledge */ 149 #define CONF_NAK 3 /* PPP configure negative ack */ 150 #define CONF_REJ 4 /* PPP configure reject */ 151 #define TERM_REQ 5 /* PPP terminate request */ 152 #define TERM_ACK 6 /* PPP terminate acknowledge */ 153 #define CODE_REJ 7 /* PPP code reject */ 154 #define PROTO_REJ 8 /* PPP protocol reject */ 155 #define ECHO_REQ 9 /* PPP echo request */ 156 #define ECHO_REPLY 10 /* PPP echo reply */ 157 #define DISC_REQ 11 /* PPP discard request */ 158 159 #define LCP_OPT_MRU 1 /* maximum receive unit */ 160 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 161 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 162 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 163 #define LCP_OPT_MAGIC 5 /* magic number */ 164 #define LCP_OPT_RESERVED 6 /* reserved */ 165 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 166 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 167 168 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 169 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 170 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 171 172 #define PAP_REQ 1 /* PAP name/password request */ 173 #define PAP_ACK 2 /* PAP acknowledge */ 174 #define PAP_NAK 3 /* PAP fail */ 175 176 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 177 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 178 #define CHAP_SUCCESS 3 /* CHAP response ok */ 179 #define CHAP_FAILURE 4 /* CHAP response failed */ 180 181 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 182 183 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 184 #define CISCO_UNICAST 0x0f /* Cisco unicast address */ 185 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 186 #define CISCO_ADDR_REQ 0 /* Cisco address request */ 187 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 188 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 189 190 /* states are named and numbered according to RFC 1661 */ 191 #define STATE_INITIAL 0 192 #define STATE_STARTING 1 193 #define STATE_CLOSED 2 194 #define STATE_STOPPED 3 195 #define STATE_CLOSING 4 196 #define STATE_STOPPING 5 197 #define STATE_REQ_SENT 6 198 #define STATE_ACK_RCVD 7 199 #define STATE_ACK_SENT 8 200 #define STATE_OPENED 9 201 202 struct ppp_header { 203 u_char address; 204 u_char control; 205 u_short protocol; 206 }; 207 #define PPP_HEADER_LEN sizeof (struct ppp_header) 208 209 struct lcp_header { 210 u_char type; 211 u_char ident; 212 u_short len; 213 }; 214 #define LCP_HEADER_LEN sizeof (struct lcp_header) 215 216 struct cisco_packet { 217 u_long type; 218 u_long par1; 219 u_long par2; 220 u_short rel; 221 u_short time0; 222 u_short time1; 223 }; 224 #define CISCO_PACKET_LEN 18 225 226 /* 227 * We follow the spelling and capitalization of RFC 1661 here, to make 228 * it easier comparing with the standard. Please refer to this RFC in 229 * case you can't make sense out of these abbreviation; it will also 230 * explain the semantics related to the various events and actions. 231 */ 232 struct cp { 233 u_short proto; /* PPP control protocol number */ 234 u_char protoidx; /* index into state table in struct sppp */ 235 u_char flags; 236 #define CP_LCP 0x01 /* this is the LCP */ 237 #define CP_AUTH 0x02 /* this is an authentication protocol */ 238 #define CP_NCP 0x04 /* this is a NCP */ 239 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 240 const char *name; /* name of this control protocol */ 241 /* event handlers */ 242 void (*Up)(struct sppp *sp); 243 void (*Down)(struct sppp *sp); 244 void (*Open)(struct sppp *sp); 245 void (*Close)(struct sppp *sp); 246 void (*TO)(void *sp); 247 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 248 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 249 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 250 /* actions */ 251 void (*tlu)(struct sppp *sp); 252 void (*tld)(struct sppp *sp); 253 void (*tls)(struct sppp *sp); 254 void (*tlf)(struct sppp *sp); 255 void (*scr)(struct sppp *sp); 256 }; 257 258 static struct sppp *spppq; 259 #if defined (__FreeBSD__) 260 static struct callout_handle keepalive_ch; 261 #endif 262 263 #if defined (__FreeBSD__) 264 #define SPP_FMT "%s%d: " 265 #define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 266 #else 267 #define SPP_FMT "%s: " 268 #define SPP_ARGS(ifp) (ifp)->if_xname 269 #endif 270 271 /* 272 * The following disgusting hack gets around the problem that IP TOS 273 * can't be set yet. We want to put "interactive" traffic on a high 274 * priority queue. To decide if traffic is interactive, we check that 275 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 276 * 277 * XXX is this really still necessary? - joerg - 278 */ 279 static u_short interactive_ports[8] = { 280 0, 513, 0, 0, 281 0, 21, 0, 23, 282 }; 283 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 284 285 /* almost every function needs these */ 286 #define STDDCL \ 287 struct ifnet *ifp = &sp->pp_if; \ 288 int debug = ifp->if_flags & IFF_DEBUG 289 290 HIDE int sppp_output(struct ifnet *ifp, struct mbuf *m, 291 struct sockaddr *dst, struct rtentry *rt); 292 293 HIDE void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 294 HIDE void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 295 296 HIDE void sppp_cp_input(const struct cp *cp, struct sppp *sp, 297 struct mbuf *m); 298 HIDE void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 299 u_char ident, u_short len, void *data); 300 #ifdef notyet 301 HIDE void sppp_cp_timeout(void *arg); 302 #endif 303 HIDE void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 304 int newstate); 305 HIDE void sppp_auth_send(const struct cp *cp, 306 struct sppp *sp, u_char type, u_char id, 307 ...); 308 309 HIDE void sppp_up_event(const struct cp *cp, struct sppp *sp); 310 HIDE void sppp_down_event(const struct cp *cp, struct sppp *sp); 311 HIDE void sppp_open_event(const struct cp *cp, struct sppp *sp); 312 HIDE void sppp_close_event(const struct cp *cp, struct sppp *sp); 313 HIDE void sppp_increasing_timeout(const struct cp *cp, struct sppp *sp); 314 HIDE void sppp_to_event(const struct cp *cp, struct sppp *sp); 315 316 HIDE void sppp_null(struct sppp *sp); 317 318 HIDE void sppp_lcp_init(struct sppp *sp); 319 HIDE void sppp_lcp_up(struct sppp *sp); 320 HIDE void sppp_lcp_down(struct sppp *sp); 321 HIDE void sppp_lcp_open(struct sppp *sp); 322 HIDE void sppp_lcp_close(struct sppp *sp); 323 HIDE void sppp_lcp_TO(void *sp); 324 HIDE int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 325 HIDE void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 326 HIDE void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 327 HIDE void sppp_lcp_tlu(struct sppp *sp); 328 HIDE void sppp_lcp_tld(struct sppp *sp); 329 HIDE void sppp_lcp_tls(struct sppp *sp); 330 HIDE void sppp_lcp_tlf(struct sppp *sp); 331 HIDE void sppp_lcp_scr(struct sppp *sp); 332 HIDE void sppp_lcp_check_and_close(struct sppp *sp); 333 HIDE int sppp_ncp_check(struct sppp *sp); 334 335 HIDE void sppp_ipcp_init(struct sppp *sp); 336 HIDE void sppp_ipcp_up(struct sppp *sp); 337 HIDE void sppp_ipcp_down(struct sppp *sp); 338 HIDE void sppp_ipcp_open(struct sppp *sp); 339 HIDE void sppp_ipcp_close(struct sppp *sp); 340 HIDE void sppp_ipcp_TO(void *sp); 341 HIDE int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 342 HIDE void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 343 HIDE void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 344 HIDE void sppp_ipcp_tlu(struct sppp *sp); 345 HIDE void sppp_ipcp_tld(struct sppp *sp); 346 HIDE void sppp_ipcp_tls(struct sppp *sp); 347 HIDE void sppp_ipcp_tlf(struct sppp *sp); 348 HIDE void sppp_ipcp_scr(struct sppp *sp); 349 350 HIDE void sppp_pap_input(struct sppp *sp, struct mbuf *m); 351 HIDE void sppp_pap_init(struct sppp *sp); 352 HIDE void sppp_pap_open(struct sppp *sp); 353 HIDE void sppp_pap_close(struct sppp *sp); 354 HIDE void sppp_pap_TO(void *sp); 355 HIDE void sppp_pap_my_TO(void *sp); 356 HIDE void sppp_pap_tlu(struct sppp *sp); 357 HIDE void sppp_pap_tld(struct sppp *sp); 358 HIDE void sppp_pap_scr(struct sppp *sp); 359 360 HIDE void sppp_chap_input(struct sppp *sp, struct mbuf *m); 361 HIDE void sppp_chap_init(struct sppp *sp); 362 HIDE void sppp_chap_open(struct sppp *sp); 363 HIDE void sppp_chap_close(struct sppp *sp); 364 HIDE void sppp_chap_TO(void *sp); 365 HIDE void sppp_chap_tlu(struct sppp *sp); 366 HIDE void sppp_chap_tld(struct sppp *sp); 367 HIDE void sppp_chap_scr(struct sppp *sp); 368 369 HIDE const char *sppp_auth_type_name(u_short proto, u_char type); 370 HIDE const char *sppp_cp_type_name(u_char type); 371 HIDE const char *sppp_dotted_quad(u_long addr); 372 HIDE const char *sppp_ipcp_opt_name(u_char opt); 373 HIDE const char *sppp_lcp_opt_name(u_char opt); 374 HIDE const char *sppp_phase_name(enum ppp_phase phase); 375 HIDE const char *sppp_proto_name(u_short proto); 376 HIDE const char *sppp_state_name(int state); 377 HIDE int sppp_params(struct sppp *sp, u_long cmd, void *data); 378 HIDE int sppp_strnlen(u_char *p, int max); 379 HIDE void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 380 u_long *srcmask); 381 HIDE void sppp_keepalive(void *dummy); 382 HIDE void sppp_phase_network(struct sppp *sp); 383 HIDE void sppp_print_bytes(const u_char *p, u_short len); 384 HIDE void sppp_print_string(const char *p, u_short len); 385 HIDE void sppp_qflush(struct ifqueue *ifq); 386 HIDE void sppp_set_ip_addr(struct sppp *sp, u_long src); 387 388 /* our control protocol descriptors */ 389 static const struct cp lcp = { 390 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 391 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 392 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 393 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 394 sppp_lcp_scr 395 }; 396 397 static const struct cp ipcp = { 398 PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp", 399 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 400 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 401 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 402 sppp_ipcp_scr 403 }; 404 405 static const struct cp pap = { 406 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 407 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 408 sppp_pap_TO, 0, 0, 0, 409 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 410 sppp_pap_scr 411 }; 412 413 static const struct cp chap = { 414 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 415 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 416 sppp_chap_TO, 0, 0, 0, 417 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 418 sppp_chap_scr 419 }; 420 421 static const struct cp *cps[IDX_COUNT] = { 422 &lcp, /* IDX_LCP */ 423 &ipcp, /* IDX_IPCP */ 424 &pap, /* IDX_PAP */ 425 &chap, /* IDX_CHAP */ 426 }; 427 428 429 /* 430 * Exported functions, comprising our interface to the lower layer. 431 */ 432 433 #if defined(__OpenBSD__) 434 /* Workaround */ 435 void 436 spppattach(struct ifnet *ifp) 437 { 438 } 439 #endif 440 441 /* 442 * Process the received packet. 443 */ 444 void 445 sppp_input(struct ifnet *ifp, struct mbuf *m) 446 { 447 struct ppp_header *h; 448 struct ifqueue *inq = 0; 449 int s; 450 struct sppp *sp = (struct sppp *)ifp; 451 int debug = ifp->if_flags & IFF_DEBUG; 452 453 if (ifp->if_flags & IFF_UP) 454 /* Count received bytes, add FCS and one flag */ 455 ifp->if_ibytes += m->m_pkthdr.len + 3; 456 457 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 458 /* Too small packet, drop it. */ 459 if (debug) 460 log(LOG_DEBUG, 461 SPP_FMT "input packet is too small, %d bytes\n", 462 SPP_ARGS(ifp), m->m_pkthdr.len); 463 drop: 464 ++ifp->if_ierrors; 465 ++ifp->if_iqdrops; 466 m_freem (m); 467 return; 468 } 469 470 /* Get PPP header. */ 471 h = mtod (m, struct ppp_header*); 472 m_adj (m, PPP_HEADER_LEN); 473 474 switch (h->address) { 475 case PPP_ALLSTATIONS: 476 if (h->control != PPP_UI) 477 goto invalid; 478 if (sp->pp_flags & PP_CISCO) { 479 if (debug) 480 log(LOG_DEBUG, 481 SPP_FMT "PPP packet in Cisco mode " 482 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 483 SPP_ARGS(ifp), 484 h->address, h->control, ntohs(h->protocol)); 485 goto drop; 486 } 487 switch (ntohs (h->protocol)) { 488 default: 489 if (sp->state[IDX_LCP] == STATE_OPENED) 490 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 491 ++sp->pp_seq, m->m_pkthdr.len + 2, 492 &h->protocol); 493 if (debug) 494 log(LOG_DEBUG, 495 SPP_FMT "invalid input protocol " 496 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 497 SPP_ARGS(ifp), 498 h->address, h->control, ntohs(h->protocol)); 499 ++ifp->if_noproto; 500 goto drop; 501 case PPP_LCP: 502 sppp_cp_input(&lcp, sp, m); 503 m_freem (m); 504 return; 505 case PPP_PAP: 506 if (sp->pp_phase >= PHASE_AUTHENTICATE) 507 sppp_pap_input(sp, m); 508 m_freem (m); 509 return; 510 case PPP_CHAP: 511 if (sp->pp_phase >= PHASE_AUTHENTICATE) 512 sppp_chap_input(sp, m); 513 m_freem (m); 514 return; 515 #ifdef INET 516 case PPP_IPCP: 517 if (sp->pp_phase == PHASE_NETWORK) 518 sppp_cp_input(&ipcp, sp, m); 519 m_freem (m); 520 return; 521 case PPP_IP: 522 if (sp->state[IDX_IPCP] == STATE_OPENED) { 523 schednetisr (NETISR_IP); 524 inq = &ipintrq; 525 } 526 break; 527 #endif 528 #ifdef IPX 529 case PPP_IPX: 530 /* IPX IPXCP not implemented yet */ 531 if (sp->pp_phase == PHASE_NETWORK) { 532 schednetisr (NETISR_IPX); 533 inq = &ipxintrq; 534 } 535 break; 536 #endif 537 #ifdef NS 538 case PPP_XNS: 539 /* XNS IDPCP not implemented yet */ 540 if (sp->pp_phase == PHASE_NETWORK) { 541 schednetisr (NETISR_NS); 542 inq = &nsintrq; 543 } 544 break; 545 #endif 546 #ifdef ISO 547 case PPP_ISO: 548 /* OSI NLCP not implemented yet */ 549 if (sp->pp_phase == PHASE_NETWORK) { 550 schednetisr (NETISR_ISO); 551 inq = &clnlintrq; 552 } 553 break; 554 #endif 555 } 556 break; 557 case CISCO_MULTICAST: 558 case CISCO_UNICAST: 559 /* Don't check the control field here (RFC 1547). */ 560 if (! (sp->pp_flags & PP_CISCO)) { 561 if (debug) 562 log(LOG_DEBUG, 563 SPP_FMT "Cisco packet in PPP mode " 564 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 565 SPP_ARGS(ifp), 566 h->address, h->control, ntohs(h->protocol)); 567 goto drop; 568 } 569 switch (ntohs (h->protocol)) { 570 default: 571 ++ifp->if_noproto; 572 goto invalid; 573 case CISCO_KEEPALIVE: 574 sppp_cisco_input ((struct sppp*) ifp, m); 575 m_freem (m); 576 return; 577 #ifdef INET 578 case ETHERTYPE_IP: 579 schednetisr (NETISR_IP); 580 inq = &ipintrq; 581 break; 582 #endif 583 #ifdef IPX 584 case ETHERTYPE_IPX: 585 schednetisr (NETISR_IPX); 586 inq = &ipxintrq; 587 break; 588 #endif 589 #ifdef NS 590 case ETHERTYPE_NS: 591 schednetisr (NETISR_NS); 592 inq = &nsintrq; 593 break; 594 #endif 595 } 596 break; 597 default: /* Invalid PPP packet. */ 598 invalid: 599 if (debug) 600 log(LOG_DEBUG, 601 SPP_FMT "invalid input packet " 602 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 603 SPP_ARGS(ifp), 604 h->address, h->control, ntohs(h->protocol)); 605 goto drop; 606 } 607 608 if (! (ifp->if_flags & IFF_UP) || ! inq) 609 goto drop; 610 611 /* Check queue. */ 612 s = splimp(); 613 if (IF_QFULL (inq)) { 614 /* Queue overflow. */ 615 IF_DROP(inq); 616 splx(s); 617 if (debug) 618 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 619 SPP_ARGS(ifp)); 620 goto drop; 621 } 622 IF_ENQUEUE(inq, m); 623 splx(s); 624 } 625 626 /* 627 * Enqueue transmit packet. 628 */ 629 HIDE int 630 sppp_output(struct ifnet *ifp, struct mbuf *m, 631 struct sockaddr *dst, struct rtentry *rt) 632 { 633 struct sppp *sp = (struct sppp*) ifp; 634 struct ppp_header *h; 635 struct ifqueue *ifq; 636 int s, rv = 0; 637 638 s = splimp(); 639 640 if ((ifp->if_flags & IFF_UP) == 0 || 641 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 642 m_freem (m); 643 splx (s); 644 return (ENETDOWN); 645 } 646 647 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 648 /* 649 * Interface is not yet running, but auto-dial. Need 650 * to start LCP for it. 651 */ 652 ifp->if_flags |= IFF_RUNNING; 653 splx(s); 654 lcp.Open(sp); 655 s = splimp(); 656 } 657 658 ifq = &ifp->if_snd; 659 #ifdef INET 660 /* 661 * Put low delay, telnet, rlogin and ftp control packets 662 * in front of the queue. 663 */ 664 if (dst->sa_family == AF_INET) { 665 /* XXX Check mbuf length here? */ 666 struct ip *ip = mtod (m, struct ip*); 667 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 668 669 /* 670 * When using dynamic local IP address assignment by using 671 * 0.0.0.0 as a local address, the first TCP session will 672 * not connect because the local TCP checksum is computed 673 * using 0.0.0.0 which will later become our real IP address 674 * so the TCP checksum computed at the remote end will 675 * become invalid. So we 676 * - don't let packets with src ip addr 0 thru 677 * - we flag TCP packets with src ip 0 as an error 678 */ 679 680 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 681 { 682 m_freem(m); 683 splx(s); 684 if(ip->ip_p == IPPROTO_TCP) 685 return(EADDRNOTAVAIL); 686 else 687 return(0); 688 } 689 690 691 if (! IF_QFULL (&sp->pp_fastq) && 692 ((ip->ip_tos & IPTOS_LOWDELAY) || 693 ((ip->ip_p == IPPROTO_TCP && 694 m->m_len >= sizeof (struct ip) + sizeof (struct tcphdr) && 695 (INTERACTIVE (ntohs (tcp->th_sport)))) || 696 INTERACTIVE (ntohs (tcp->th_dport))))) 697 ifq = &sp->pp_fastq; 698 } 699 #endif 700 701 /* 702 * Prepend general data packet PPP header. For now, IP only. 703 */ 704 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 705 if (! m) { 706 if (ifp->if_flags & IFF_DEBUG) 707 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 708 SPP_ARGS(ifp)); 709 ++ifp->if_oerrors; 710 splx (s); 711 return (ENOBUFS); 712 } 713 /* 714 * May want to check size of packet 715 * (albeit due to the implementation it's always enough) 716 */ 717 h = mtod (m, struct ppp_header*); 718 if (sp->pp_flags & PP_CISCO) { 719 h->address = CISCO_UNICAST; /* unicast address */ 720 h->control = 0; 721 } else { 722 h->address = PPP_ALLSTATIONS; /* broadcast address */ 723 h->control = PPP_UI; /* Unnumbered Info */ 724 } 725 726 switch (dst->sa_family) { 727 #ifdef INET 728 case AF_INET: /* Internet Protocol */ 729 if (sp->pp_flags & PP_CISCO) 730 h->protocol = htons (ETHERTYPE_IP); 731 else { 732 /* 733 * Don't choke with an ENETDOWN early. It's 734 * possible that we just started dialing out, 735 * so don't drop the packet immediately. If 736 * we notice that we run out of buffer space 737 * below, we will however remember that we are 738 * not ready to carry IP packets, and return 739 * ENETDOWN, as opposed to ENOBUFS. 740 */ 741 h->protocol = htons(PPP_IP); 742 if (sp->state[IDX_IPCP] != STATE_OPENED) 743 rv = ENETDOWN; 744 } 745 break; 746 #endif 747 #ifdef NS 748 case AF_NS: /* Xerox NS Protocol */ 749 h->protocol = htons ((sp->pp_flags & PP_CISCO) ? 750 ETHERTYPE_NS : PPP_XNS); 751 break; 752 #endif 753 #ifdef IPX 754 case AF_IPX: /* Novell IPX Protocol */ 755 h->protocol = htons ((sp->pp_flags & PP_CISCO) ? 756 ETHERTYPE_IPX : PPP_IPX); 757 break; 758 #endif 759 #ifdef ISO 760 case AF_ISO: /* ISO OSI Protocol */ 761 if (sp->pp_flags & PP_CISCO) 762 goto nosupport; 763 h->protocol = htons (PPP_ISO); 764 break; 765 nosupport: 766 #endif 767 default: 768 m_freem (m); 769 ++ifp->if_oerrors; 770 splx (s); 771 return (EAFNOSUPPORT); 772 } 773 774 /* 775 * Queue message on interface, and start output if interface 776 * not yet active. 777 */ 778 if (IF_QFULL (ifq)) { 779 IF_DROP (&ifp->if_snd); 780 m_freem (m); 781 ++ifp->if_oerrors; 782 splx (s); 783 return (rv? rv: ENOBUFS); 784 } 785 IF_ENQUEUE (ifq, m); 786 if (! (ifp->if_flags & IFF_OACTIVE)) 787 (*ifp->if_start) (ifp); 788 789 /* 790 * Count output packets and bytes. 791 * The packet length includes header, FCS and 1 flag, 792 * according to RFC 1333. 793 */ 794 ifp->if_obytes += m->m_pkthdr.len + 3; 795 splx (s); 796 return (0); 797 } 798 799 void 800 sppp_attach(struct ifnet *ifp) 801 { 802 struct sppp *sp = (struct sppp*) ifp; 803 804 /* Initialize keepalive handler. */ 805 if (! spppq) 806 #if defined (__FreeBSD__) 807 keepalive_ch = 808 #endif 809 timeout(sppp_keepalive, 0, hz * 10); 810 811 /* Insert new entry into the keepalive list. */ 812 sp->pp_next = spppq; 813 spppq = sp; 814 815 sp->pp_if.if_type = IFT_PPP; 816 sp->pp_if.if_output = sppp_output; 817 sp->pp_if.if_snd.ifq_maxlen = 50; 818 sp->pp_fastq.ifq_maxlen = 50; 819 sp->pp_cpq.ifq_maxlen = 50; 820 sp->pp_loopcnt = 0; 821 sp->pp_alivecnt = 0; 822 sp->pp_seq = 0; 823 sp->pp_rseq = 0; 824 sp->pp_phase = PHASE_DEAD; 825 sp->pp_up = lcp.Up; 826 sp->pp_down = lcp.Down; 827 828 sppp_lcp_init(sp); 829 sppp_ipcp_init(sp); 830 sppp_pap_init(sp); 831 sppp_chap_init(sp); 832 } 833 834 void 835 sppp_detach(struct ifnet *ifp) 836 { 837 struct sppp **q, *p, *sp = (struct sppp*) ifp; 838 int i; 839 840 /* Remove the entry from the keepalive list. */ 841 for (q = &spppq; (p = *q); q = &p->pp_next) 842 if (p == sp) { 843 *q = p->pp_next; 844 break; 845 } 846 847 /* Stop keepalive handler. */ 848 if (! spppq) 849 UNTIMEOUT(sppp_keepalive, 0, keepalive_ch); 850 851 for (i = 0; i < IDX_COUNT; i++) 852 UNTIMEOUT((cps[i])->TO, (void *)sp, sp->ch[i]); 853 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 854 } 855 856 /* 857 * Flush the interface output queue. 858 */ 859 void 860 sppp_flush(struct ifnet *ifp) 861 { 862 struct sppp *sp = (struct sppp*) ifp; 863 864 sppp_qflush (&sp->pp_if.if_snd); 865 sppp_qflush (&sp->pp_fastq); 866 sppp_qflush (&sp->pp_cpq); 867 } 868 869 /* 870 * Check if the output queue is empty. 871 */ 872 int 873 sppp_isempty(struct ifnet *ifp) 874 { 875 struct sppp *sp = (struct sppp*) ifp; 876 int empty, s; 877 878 s = splimp(); 879 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 880 !sp->pp_if.if_snd.ifq_head; 881 splx(s); 882 return (empty); 883 } 884 885 /* 886 * Get next packet to send. 887 */ 888 struct mbuf * 889 sppp_dequeue(struct ifnet *ifp) 890 { 891 struct sppp *sp = (struct sppp*) ifp; 892 struct mbuf *m; 893 int s; 894 895 s = splimp(); 896 /* 897 * Process only the control protocol queue until we have at 898 * least one NCP open. 899 * 900 * Do always serve all three queues in Cisco mode. 901 */ 902 IF_DEQUEUE(&sp->pp_cpq, m); 903 if (m == NULL && 904 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) { 905 IF_DEQUEUE(&sp->pp_fastq, m); 906 if (m == NULL) 907 IF_DEQUEUE (&sp->pp_if.if_snd, m); 908 } 909 splx(s); 910 return m; 911 } 912 913 /* 914 * Pick the next packet, do not remove it from the queue. 915 */ 916 struct mbuf * 917 sppp_pick(struct ifnet *ifp) 918 { 919 struct sppp *sp = (struct sppp*)ifp; 920 struct mbuf *m; 921 int s; 922 923 s= splimp (); 924 925 m = sp->pp_cpq.ifq_head; 926 if (m == NULL && 927 (sp->pp_phase == PHASE_NETWORK || 928 (sp->pp_flags & PP_CISCO) != 0)) 929 if ((m = sp->pp_fastq.ifq_head) == NULL) 930 m = sp->pp_if.if_snd.ifq_head; 931 splx (s); 932 return (m); 933 } 934 935 /* 936 * Process an ioctl request. Called on low priority level. 937 */ 938 int 939 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) 940 { 941 struct ifreq *ifr = (struct ifreq*) data; 942 struct sppp *sp = (struct sppp*) ifp; 943 int s, rv, going_up, going_down; 944 945 s = splimp(); 946 rv = 0; 947 switch (cmd) { 948 case SIOCAIFADDR: 949 case SIOCSIFDSTADDR: 950 break; 951 952 case SIOCSIFADDR: 953 if_up(ifp); 954 /* fall through... */ 955 956 case SIOCSIFFLAGS: 957 /* sanity */ 958 if (ifp->if_flags & IFF_PASSIVE) 959 ifp->if_flags &= ~IFF_AUTO; 960 961 going_up = (ifp->if_flags & IFF_UP) && ! (ifp->if_flags & 962 (IFF_RUNNING | IFF_AUTO | IFF_PASSIVE)); 963 going_down = ! (ifp->if_flags & IFF_UP) && 964 (ifp->if_flags & IFF_RUNNING); 965 966 if (going_up || going_down) { 967 if (! (sp->pp_flags & PP_CISCO)) 968 lcp.Close(sp); 969 else { 970 sppp_flush(ifp); 971 ifp->if_flags &= ~IFF_RUNNING; 972 } 973 } 974 if (going_up) { 975 /* neither auto-dial nor passive */ 976 ifp->if_flags |= IFF_RUNNING; 977 if (!(sp->pp_flags & PP_CISCO)) 978 lcp.Open(sp); 979 } 980 break; 981 982 #ifdef SIOCSIFMTU 983 case SIOCSIFMTU: 984 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 985 return (EINVAL); 986 ifp->if_mtu = ifr->ifr_mtu; 987 break; 988 #endif 989 #ifdef SLIOCSETMTU 990 case SLIOCSETMTU: 991 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 992 return (EINVAL); 993 ifp->if_mtu = *(short*)data; 994 break; 995 #endif 996 #ifdef SIOCGIFMTU 997 case SIOCGIFMTU: 998 ifr->ifr_mtu = ifp->if_mtu; 999 break; 1000 #endif 1001 #ifdef SLIOCGETMTU 1002 case SLIOCGETMTU: 1003 *(short*)data = ifp->if_mtu; 1004 break; 1005 #endif 1006 case SIOCADDMULTI: 1007 case SIOCDELMULTI: 1008 break; 1009 1010 case SIOCGIFGENERIC: 1011 case SIOCSIFGENERIC: 1012 rv = sppp_params(sp, cmd, data); 1013 break; 1014 1015 default: 1016 rv = ENOTTY; 1017 } 1018 splx(s); 1019 return rv; 1020 } 1021 1022 1023 /* 1024 * Cisco framing implementation. 1025 */ 1026 1027 /* 1028 * Handle incoming Cisco keepalive protocol packets. 1029 */ 1030 HIDE void 1031 sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1032 { 1033 STDDCL; 1034 struct cisco_packet *h; 1035 u_long me, mymask; 1036 1037 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1038 if (debug) 1039 log(LOG_DEBUG, 1040 SPP_FMT "cisco invalid packet length: %d bytes\n", 1041 SPP_ARGS(ifp), m->m_pkthdr.len); 1042 return; 1043 } 1044 h = mtod (m, struct cisco_packet*); 1045 if (debug) 1046 log(LOG_DEBUG, 1047 SPP_FMT "cisco input: %d bytes " 1048 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1049 SPP_ARGS(ifp), m->m_pkthdr.len, 1050 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1051 (u_int)h->time0, (u_int)h->time1); 1052 switch (ntohl (h->type)) { 1053 default: 1054 if (debug) 1055 addlog(SPP_FMT "cisco unknown packet type: 0x%lx\n", 1056 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1057 break; 1058 case CISCO_ADDR_REPLY: 1059 /* Reply on address request, ignore */ 1060 break; 1061 case CISCO_KEEPALIVE_REQ: 1062 sp->pp_alivecnt = 0; 1063 sp->pp_rseq = ntohl (h->par1); 1064 if (sp->pp_seq == sp->pp_rseq) { 1065 /* Local and remote sequence numbers are equal. 1066 * Probably, the line is in loopback mode. */ 1067 if (sp->pp_loopcnt >= MAXALIVECNT) { 1068 printf (SPP_FMT "loopback\n", 1069 SPP_ARGS(ifp)); 1070 sp->pp_loopcnt = 0; 1071 if (ifp->if_flags & IFF_UP) { 1072 if_down (ifp); 1073 sppp_qflush (&sp->pp_cpq); 1074 } 1075 } 1076 ++sp->pp_loopcnt; 1077 1078 /* Generate new local sequence number */ 1079 #if defined (__FreeBSD__) || defined (__NetBSD__) || defined(__OpenBSD__) 1080 sp->pp_seq = random(); 1081 #else 1082 sp->pp_seq ^= time.tv_sec ^ time.tv_usec; 1083 #endif 1084 break; 1085 } 1086 sp->pp_loopcnt = 0; 1087 if (! (ifp->if_flags & IFF_UP) && 1088 (ifp->if_flags & IFF_RUNNING)) { 1089 if_up(ifp); 1090 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1091 } 1092 break; 1093 case CISCO_ADDR_REQ: 1094 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1095 if (me != 0L) 1096 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1097 break; 1098 } 1099 } 1100 1101 /* 1102 * Send Cisco keepalive packet. 1103 */ 1104 HIDE void 1105 sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1106 { 1107 STDDCL; 1108 struct ppp_header *h; 1109 struct cisco_packet *ch; 1110 struct mbuf *m; 1111 #if defined (__FreeBSD__) 1112 struct timeval tv; 1113 #else 1114 u_long t = (time.tv_sec - boottime.tv_sec) * 1000; 1115 #endif 1116 1117 #if defined (__FreeBSD__) 1118 getmicrouptime(&tv); 1119 #endif 1120 1121 MGETHDR (m, M_DONTWAIT, MT_DATA); 1122 if (! m) 1123 return; 1124 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1125 m->m_pkthdr.rcvif = 0; 1126 1127 h = mtod (m, struct ppp_header*); 1128 h->address = CISCO_MULTICAST; 1129 h->control = 0; 1130 h->protocol = htons (CISCO_KEEPALIVE); 1131 1132 ch = (struct cisco_packet*) (h + 1); 1133 ch->type = htonl (type); 1134 ch->par1 = htonl (par1); 1135 ch->par2 = htonl (par2); 1136 ch->rel = -1; 1137 1138 #if defined (__FreeBSD__) 1139 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1140 ch->time1 = htons ((u_short) tv.tv_sec); 1141 #else 1142 ch->time0 = htons ((u_short) (t >> 16)); 1143 ch->time1 = htons ((u_short) t); 1144 #endif 1145 1146 if (debug) 1147 log(LOG_DEBUG, 1148 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1149 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1150 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1151 1152 if (IF_QFULL (&sp->pp_cpq)) { 1153 IF_DROP (&sp->pp_fastq); 1154 IF_DROP (&ifp->if_snd); 1155 m_freem (m); 1156 } else 1157 IF_ENQUEUE (&sp->pp_cpq, m); 1158 if (! (ifp->if_flags & IFF_OACTIVE)) 1159 (*ifp->if_start) (ifp); 1160 ifp->if_obytes += m->m_pkthdr.len + 3; 1161 } 1162 1163 /* 1164 * PPP protocol implementation. 1165 */ 1166 1167 /* 1168 * Send PPP control protocol packet. 1169 */ 1170 HIDE void 1171 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1172 u_char ident, u_short len, void *data) 1173 { 1174 STDDCL; 1175 struct ppp_header *h; 1176 struct lcp_header *lh; 1177 struct mbuf *m; 1178 1179 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1180 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1181 MGETHDR (m, M_DONTWAIT, MT_DATA); 1182 if (! m) 1183 return; 1184 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1185 m->m_pkthdr.rcvif = 0; 1186 1187 h = mtod (m, struct ppp_header*); 1188 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1189 h->control = PPP_UI; /* Unnumbered Info */ 1190 h->protocol = htons (proto); /* Link Control Protocol */ 1191 1192 lh = (struct lcp_header*) (h + 1); 1193 lh->type = type; 1194 lh->ident = ident; 1195 lh->len = htons (LCP_HEADER_LEN + len); 1196 if (len) 1197 bcopy (data, lh+1, len); 1198 1199 if (debug) { 1200 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1201 SPP_ARGS(ifp), 1202 sppp_proto_name(proto), 1203 sppp_cp_type_name (lh->type), lh->ident, 1204 ntohs (lh->len)); 1205 if (len) 1206 sppp_print_bytes ((u_char*) (lh+1), len); 1207 addlog(">\n"); 1208 } 1209 if (IF_QFULL (&sp->pp_cpq)) { 1210 IF_DROP (&sp->pp_fastq); 1211 IF_DROP (&ifp->if_snd); 1212 m_freem (m); 1213 ++ifp->if_oerrors; 1214 } else 1215 IF_ENQUEUE (&sp->pp_cpq, m); 1216 if (! (ifp->if_flags & IFF_OACTIVE)) 1217 (*ifp->if_start) (ifp); 1218 ifp->if_obytes += m->m_pkthdr.len + 3; 1219 } 1220 1221 /* 1222 * Handle incoming PPP control protocol packets. 1223 */ 1224 HIDE void 1225 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1226 { 1227 STDDCL; 1228 struct lcp_header *h; 1229 int len = m->m_pkthdr.len; 1230 int rv; 1231 u_char *p; 1232 1233 if (len < 4) { 1234 if (debug) 1235 log(LOG_DEBUG, 1236 SPP_FMT "%s invalid packet length: %d bytes\n", 1237 SPP_ARGS(ifp), cp->name, len); 1238 return; 1239 } 1240 h = mtod (m, struct lcp_header*); 1241 if (debug) { 1242 log(LOG_DEBUG, 1243 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1244 SPP_ARGS(ifp), cp->name, 1245 sppp_state_name(sp->state[cp->protoidx]), 1246 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1247 if (len > 4) 1248 sppp_print_bytes ((u_char*) (h+1), len-4); 1249 addlog(">\n"); 1250 } 1251 if (len > ntohs (h->len)) 1252 len = ntohs (h->len); 1253 p = (u_char *)(h + 1); 1254 switch (h->type) { 1255 case CONF_REQ: 1256 if (len < 4) { 1257 if (debug) 1258 addlog(SPP_FMT "%s invalid conf-req length %d\n", 1259 SPP_ARGS(ifp), cp->name, 1260 len); 1261 ++ifp->if_ierrors; 1262 break; 1263 } 1264 /* handle states where RCR doesn't get a SCA/SCN */ 1265 switch (sp->state[cp->protoidx]) { 1266 case STATE_CLOSING: 1267 case STATE_STOPPING: 1268 return; 1269 case STATE_CLOSED: 1270 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1271 0, 0); 1272 return; 1273 } 1274 rv = (cp->RCR)(sp, h, len); 1275 switch (sp->state[cp->protoidx]) { 1276 case STATE_OPENED: 1277 sppp_cp_change_state(cp, sp, rv? 1278 STATE_ACK_SENT: STATE_REQ_SENT); 1279 (cp->tld)(sp); 1280 (cp->scr)(sp); 1281 break; 1282 case STATE_ACK_SENT: 1283 case STATE_REQ_SENT: 1284 sppp_cp_change_state(cp, sp, rv? 1285 STATE_ACK_SENT: STATE_REQ_SENT); 1286 break; 1287 case STATE_STOPPED: 1288 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1289 sppp_cp_change_state(cp, sp, rv? 1290 STATE_ACK_SENT: STATE_REQ_SENT); 1291 (cp->scr)(sp); 1292 break; 1293 case STATE_ACK_RCVD: 1294 if (rv) { 1295 sppp_cp_change_state(cp, sp, STATE_OPENED); 1296 if (debug) 1297 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1298 SPP_ARGS(ifp), 1299 cp->name); 1300 (cp->tlu)(sp); 1301 } else 1302 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1303 break; 1304 default: 1305 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1306 SPP_ARGS(ifp), cp->name, 1307 sppp_cp_type_name(h->type), 1308 sppp_state_name(sp->state[cp->protoidx])); */ 1309 ++ifp->if_ierrors; 1310 } 1311 break; 1312 case CONF_ACK: 1313 if (h->ident != sp->confid[cp->protoidx]) { 1314 if (debug) 1315 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1316 SPP_ARGS(ifp), cp->name, 1317 h->ident, sp->confid[cp->protoidx]); 1318 ++ifp->if_ierrors; 1319 break; 1320 } 1321 switch (sp->state[cp->protoidx]) { 1322 case STATE_CLOSED: 1323 case STATE_STOPPED: 1324 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1325 break; 1326 case STATE_CLOSING: 1327 case STATE_STOPPING: 1328 break; 1329 case STATE_REQ_SENT: 1330 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1331 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1332 break; 1333 case STATE_OPENED: 1334 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1335 (cp->tld)(sp); 1336 (cp->scr)(sp); 1337 break; 1338 case STATE_ACK_RCVD: 1339 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1340 (cp->scr)(sp); 1341 break; 1342 case STATE_ACK_SENT: 1343 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1344 sppp_cp_change_state(cp, sp, STATE_OPENED); 1345 if (debug) 1346 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1347 SPP_ARGS(ifp), cp->name); 1348 (cp->tlu)(sp); 1349 break; 1350 default: 1351 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1352 SPP_ARGS(ifp), cp->name, 1353 sppp_cp_type_name(h->type), 1354 sppp_state_name(sp->state[cp->protoidx])); */ 1355 ++ifp->if_ierrors; 1356 } 1357 break; 1358 case CONF_NAK: 1359 case CONF_REJ: 1360 if (h->ident != sp->confid[cp->protoidx]) { 1361 if (debug) 1362 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1363 SPP_ARGS(ifp), cp->name, 1364 h->ident, sp->confid[cp->protoidx]); 1365 ++ifp->if_ierrors; 1366 break; 1367 } 1368 if (h->type == CONF_NAK) 1369 (cp->RCN_nak)(sp, h, len); 1370 else /* CONF_REJ */ 1371 (cp->RCN_rej)(sp, h, len); 1372 1373 switch (sp->state[cp->protoidx]) { 1374 case STATE_CLOSED: 1375 case STATE_STOPPED: 1376 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1377 break; 1378 case STATE_REQ_SENT: 1379 case STATE_ACK_SENT: 1380 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1381 (cp->scr)(sp); 1382 break; 1383 case STATE_OPENED: 1384 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1385 (cp->tld)(sp); 1386 (cp->scr)(sp); 1387 break; 1388 case STATE_ACK_RCVD: 1389 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1390 (cp->scr)(sp); 1391 break; 1392 case STATE_CLOSING: 1393 case STATE_STOPPING: 1394 break; 1395 default: 1396 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1397 SPP_ARGS(ifp), cp->name, 1398 sppp_cp_type_name(h->type), 1399 sppp_state_name(sp->state[cp->protoidx])); */ 1400 ++ifp->if_ierrors; 1401 } 1402 break; 1403 1404 case TERM_REQ: 1405 switch (sp->state[cp->protoidx]) { 1406 case STATE_ACK_RCVD: 1407 case STATE_ACK_SENT: 1408 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1409 /* fall through */ 1410 case STATE_CLOSED: 1411 case STATE_STOPPED: 1412 case STATE_CLOSING: 1413 case STATE_STOPPING: 1414 case STATE_REQ_SENT: 1415 sta: 1416 /* Send Terminate-Ack packet. */ 1417 if (debug) 1418 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1419 SPP_ARGS(ifp), cp->name); 1420 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1421 break; 1422 case STATE_OPENED: 1423 sp->rst_counter[cp->protoidx] = 0; 1424 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1425 (cp->tld)(sp); 1426 goto sta; 1427 break; 1428 default: 1429 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1430 SPP_ARGS(ifp), cp->name, 1431 sppp_cp_type_name(h->type), 1432 sppp_state_name(sp->state[cp->protoidx])); */ 1433 ++ifp->if_ierrors; 1434 } 1435 break; 1436 case TERM_ACK: 1437 switch (sp->state[cp->protoidx]) { 1438 case STATE_CLOSED: 1439 case STATE_STOPPED: 1440 case STATE_REQ_SENT: 1441 case STATE_ACK_SENT: 1442 break; 1443 case STATE_CLOSING: 1444 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1445 (cp->tlf)(sp); 1446 break; 1447 case STATE_STOPPING: 1448 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1449 (cp->tlf)(sp); 1450 break; 1451 case STATE_ACK_RCVD: 1452 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1453 break; 1454 case STATE_OPENED: 1455 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1456 (cp->tld)(sp); 1457 (cp->scr)(sp); 1458 break; 1459 default: 1460 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1461 SPP_ARGS(ifp), cp->name, 1462 sppp_cp_type_name(h->type), 1463 sppp_state_name(sp->state[cp->protoidx])); */ 1464 ++ifp->if_ierrors; 1465 } 1466 break; 1467 case CODE_REJ: 1468 case PROTO_REJ: 1469 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1470 log(LOG_INFO, 1471 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1472 "danger will robinson\n", 1473 SPP_ARGS(ifp), cp->name, 1474 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1475 switch (sp->state[cp->protoidx]) { 1476 case STATE_CLOSED: 1477 case STATE_STOPPED: 1478 case STATE_REQ_SENT: 1479 case STATE_ACK_SENT: 1480 case STATE_CLOSING: 1481 case STATE_STOPPING: 1482 case STATE_OPENED: 1483 break; 1484 case STATE_ACK_RCVD: 1485 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1486 break; 1487 default: 1488 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1489 SPP_ARGS(ifp), cp->name, 1490 sppp_cp_type_name(h->type), 1491 sppp_state_name(sp->state[cp->protoidx])); */ 1492 ++ifp->if_ierrors; 1493 } 1494 break; 1495 case DISC_REQ: 1496 if (cp->proto != PPP_LCP) 1497 goto illegal; 1498 /* Discard the packet. */ 1499 break; 1500 case ECHO_REQ: 1501 if (cp->proto != PPP_LCP) 1502 goto illegal; 1503 if (sp->state[cp->protoidx] != STATE_OPENED) { 1504 if (debug) 1505 addlog(SPP_FMT "lcp echo req but lcp closed\n", 1506 SPP_ARGS(ifp)); 1507 ++ifp->if_ierrors; 1508 break; 1509 } 1510 if (len < 8) { 1511 if (debug) 1512 addlog(SPP_FMT "invalid lcp echo request " 1513 "packet length: %d bytes\n", 1514 SPP_ARGS(ifp), len); 1515 break; 1516 } 1517 if (ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1518 /* Line loopback mode detected. */ 1519 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1520 /* Shut down the PPP link. */ 1521 lcp.Close(sp); 1522 break; 1523 } 1524 *(long*)(h+1) = htonl (sp->lcp.magic); 1525 if (debug) 1526 addlog(SPP_FMT "got lcp echo req, sending echo rep\n", 1527 SPP_ARGS(ifp)); 1528 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1529 break; 1530 case ECHO_REPLY: 1531 if (cp->proto != PPP_LCP) 1532 goto illegal; 1533 if (h->ident != sp->lcp.echoid) { 1534 ++ifp->if_ierrors; 1535 break; 1536 } 1537 if (len < 8) { 1538 if (debug) 1539 addlog(SPP_FMT "lcp invalid echo reply " 1540 "packet length: %d bytes\n", 1541 SPP_ARGS(ifp), len); 1542 break; 1543 } 1544 if (debug) 1545 addlog(SPP_FMT "lcp got echo rep\n", 1546 SPP_ARGS(ifp)); 1547 if (ntohl (*(long*)(h+1)) != sp->lcp.magic) 1548 sp->pp_alivecnt = 0; 1549 break; 1550 default: 1551 /* Unknown packet type -- send Code-Reject packet. */ 1552 illegal: 1553 if (debug) 1554 addlog(SPP_FMT "%s send code-rej for 0x%x\n", 1555 SPP_ARGS(ifp), cp->name, h->type); 1556 sppp_cp_send(sp, cp->proto, CODE_REJ, ++sp->pp_seq, 1557 m->m_pkthdr.len, h); 1558 ++ifp->if_ierrors; 1559 } 1560 } 1561 1562 1563 /* 1564 * The generic part of all Up/Down/Open/Close/TO event handlers. 1565 * Basically, the state transition handling in the automaton. 1566 */ 1567 HIDE void 1568 sppp_up_event(const struct cp *cp, struct sppp *sp) 1569 { 1570 STDDCL; 1571 1572 if (debug) 1573 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1574 SPP_ARGS(ifp), cp->name, 1575 sppp_state_name(sp->state[cp->protoidx])); 1576 1577 switch (sp->state[cp->protoidx]) { 1578 case STATE_INITIAL: 1579 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1580 break; 1581 case STATE_STARTING: 1582 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1583 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1584 (cp->scr)(sp); 1585 break; 1586 default: 1587 /* printf(SPP_FMT "%s illegal up in state %s\n", 1588 SPP_ARGS(ifp), cp->name, 1589 sppp_state_name(sp->state[cp->protoidx])); */ 1590 } 1591 } 1592 1593 HIDE void 1594 sppp_down_event(const struct cp *cp, struct sppp *sp) 1595 { 1596 STDDCL; 1597 1598 if (debug) 1599 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1600 SPP_ARGS(ifp), cp->name, 1601 sppp_state_name(sp->state[cp->protoidx])); 1602 1603 switch (sp->state[cp->protoidx]) { 1604 case STATE_CLOSED: 1605 case STATE_CLOSING: 1606 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1607 break; 1608 case STATE_STOPPED: 1609 sppp_cp_change_state(cp, sp, STATE_STARTING); 1610 (cp->tls)(sp); 1611 break; 1612 case STATE_STOPPING: 1613 case STATE_REQ_SENT: 1614 case STATE_ACK_RCVD: 1615 case STATE_ACK_SENT: 1616 sppp_cp_change_state(cp, sp, STATE_STARTING); 1617 break; 1618 case STATE_OPENED: 1619 sppp_cp_change_state(cp, sp, STATE_STARTING); 1620 (cp->tld)(sp); 1621 break; 1622 default: 1623 /* printf(SPP_FMT "%s illegal down in state %s\n", 1624 SPP_ARGS(ifp), cp->name, 1625 sppp_state_name(sp->state[cp->protoidx])); */ 1626 } 1627 } 1628 1629 1630 HIDE void 1631 sppp_open_event(const struct cp *cp, struct sppp *sp) 1632 { 1633 STDDCL; 1634 1635 if (debug) 1636 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1637 SPP_ARGS(ifp), cp->name, 1638 sppp_state_name(sp->state[cp->protoidx])); 1639 1640 switch (sp->state[cp->protoidx]) { 1641 case STATE_INITIAL: 1642 sppp_cp_change_state(cp, sp, STATE_STARTING); 1643 (cp->tls)(sp); 1644 break; 1645 case STATE_STARTING: 1646 break; 1647 case STATE_CLOSED: 1648 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1649 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1650 (cp->scr)(sp); 1651 break; 1652 case STATE_STOPPED: 1653 case STATE_STOPPING: 1654 case STATE_REQ_SENT: 1655 case STATE_ACK_RCVD: 1656 case STATE_ACK_SENT: 1657 case STATE_OPENED: 1658 break; 1659 case STATE_CLOSING: 1660 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1661 break; 1662 } 1663 } 1664 1665 1666 HIDE void 1667 sppp_close_event(const struct cp *cp, struct sppp *sp) 1668 { 1669 STDDCL; 1670 1671 if (debug) 1672 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1673 SPP_ARGS(ifp), cp->name, 1674 sppp_state_name(sp->state[cp->protoidx])); 1675 1676 switch (sp->state[cp->protoidx]) { 1677 case STATE_INITIAL: 1678 case STATE_CLOSED: 1679 case STATE_CLOSING: 1680 break; 1681 case STATE_STARTING: 1682 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1683 (cp->tlf)(sp); 1684 break; 1685 case STATE_STOPPED: 1686 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1687 break; 1688 case STATE_STOPPING: 1689 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1690 break; 1691 case STATE_OPENED: 1692 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1693 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1694 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0); 1695 (cp->tld)(sp); 1696 break; 1697 case STATE_REQ_SENT: 1698 case STATE_ACK_RCVD: 1699 case STATE_ACK_SENT: 1700 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1701 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0); 1702 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1703 break; 1704 } 1705 } 1706 1707 HIDE void 1708 sppp_increasing_timeout (const struct cp *cp, struct sppp *sp) 1709 { 1710 int timo; 1711 1712 timo = sp->lcp.max_configure - sp->rst_counter[cp->protoidx]; 1713 if (timo < 1) 1714 timo = 1; 1715 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1716 sp->ch[cp->protoidx] = 1717 #endif 1718 timeout(cp->TO, (void *)sp, timo * sp->lcp.timeout); 1719 } 1720 1721 HIDE void 1722 sppp_to_event(const struct cp *cp, struct sppp *sp) 1723 { 1724 STDDCL; 1725 int s; 1726 1727 s = splimp(); 1728 if (debug) 1729 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 1730 SPP_ARGS(ifp), cp->name, 1731 sppp_state_name(sp->state[cp->protoidx]), 1732 sp->rst_counter[cp->protoidx]); 1733 1734 if (--sp->rst_counter[cp->protoidx] < 0) 1735 /* TO- event */ 1736 switch (sp->state[cp->protoidx]) { 1737 case STATE_CLOSING: 1738 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1739 (cp->tlf)(sp); 1740 break; 1741 case STATE_STOPPING: 1742 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1743 (cp->tlf)(sp); 1744 break; 1745 case STATE_REQ_SENT: 1746 case STATE_ACK_RCVD: 1747 case STATE_ACK_SENT: 1748 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1749 (cp->tlf)(sp); 1750 break; 1751 } 1752 else 1753 /* TO+ event */ 1754 switch (sp->state[cp->protoidx]) { 1755 case STATE_CLOSING: 1756 case STATE_STOPPING: 1757 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 1758 0, 0); 1759 sppp_increasing_timeout (cp, sp); 1760 break; 1761 case STATE_REQ_SENT: 1762 case STATE_ACK_RCVD: 1763 /* sppp_cp_change_state() will restart the timer */ 1764 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1765 (cp->scr)(sp); 1766 break; 1767 case STATE_ACK_SENT: 1768 sppp_increasing_timeout (cp, sp); 1769 (cp->scr)(sp); 1770 break; 1771 } 1772 1773 splx(s); 1774 } 1775 1776 /* 1777 * Change the state of a control protocol in the state automaton. 1778 * Takes care of starting/stopping the restart timer. 1779 */ 1780 void 1781 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1782 { 1783 STDDCL; 1784 1785 if (debug && sp->state[cp->protoidx] != newstate) 1786 log(LOG_DEBUG, SPP_FMT "%s %s->%s\n", 1787 SPP_ARGS(ifp), cp->name, 1788 sppp_state_name(sp->state[cp->protoidx]), 1789 sppp_state_name(newstate)); 1790 sp->state[cp->protoidx] = newstate; 1791 1792 UNTIMEOUT(cp->TO, (void *)sp, sp->ch[cp->protoidx]); 1793 switch (newstate) { 1794 case STATE_INITIAL: 1795 case STATE_STARTING: 1796 case STATE_CLOSED: 1797 case STATE_STOPPED: 1798 case STATE_OPENED: 1799 break; 1800 case STATE_CLOSING: 1801 case STATE_STOPPING: 1802 case STATE_REQ_SENT: 1803 case STATE_ACK_RCVD: 1804 case STATE_ACK_SENT: 1805 sppp_increasing_timeout (cp, sp); 1806 break; 1807 } 1808 } 1809 /* 1810 *--------------------------------------------------------------------------* 1811 * * 1812 * The LCP implementation. * 1813 * * 1814 *--------------------------------------------------------------------------* 1815 */ 1816 HIDE void 1817 sppp_lcp_init(struct sppp *sp) 1818 { 1819 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1820 sp->lcp.magic = 0; 1821 sp->state[IDX_LCP] = STATE_INITIAL; 1822 sp->fail_counter[IDX_LCP] = 0; 1823 sp->lcp.protos = 0; 1824 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 1825 1826 /* 1827 * Initialize counters and timeout values. Note that we don't 1828 * use the 3 seconds suggested in RFC 1661 since we are likely 1829 * running on a fast link. XXX We should probably implement 1830 * the exponential backoff option. Note that these values are 1831 * relevant for all control protocols, not just LCP only. 1832 */ 1833 sp->lcp.timeout = 1 * hz; 1834 sp->lcp.max_terminate = 2; 1835 sp->lcp.max_configure = 10; 1836 sp->lcp.max_failure = 10; 1837 #if defined (__FreeBSD__) 1838 callout_handle_init(&sp->ch[IDX_LCP]); 1839 #endif 1840 } 1841 1842 HIDE void 1843 sppp_lcp_up(struct sppp *sp) 1844 { 1845 STDDCL; 1846 1847 sp->pp_alivecnt = 0; 1848 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1849 sp->lcp.magic = 0; 1850 sp->lcp.protos = 0; 1851 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 1852 /* 1853 * If this interface is passive or dial-on-demand, and we are 1854 * still in Initial state, it means we've got an incoming 1855 * call. Activate the interface. 1856 */ 1857 ifp->if_flags |= IFF_RUNNING; 1858 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 1859 if (debug) 1860 log(LOG_DEBUG, 1861 SPP_FMT "Up event", SPP_ARGS(ifp)); 1862 if (sp->state[IDX_LCP] == STATE_INITIAL) { 1863 if (debug) 1864 addlog("(incoming call)\n"); 1865 sp->pp_flags |= PP_CALLIN; 1866 lcp.Open(sp); 1867 } else if (debug) 1868 addlog("\n"); 1869 } 1870 1871 sppp_up_event(&lcp, sp); 1872 } 1873 1874 HIDE void 1875 sppp_lcp_down(struct sppp *sp) 1876 { 1877 STDDCL; 1878 1879 if (debug) 1880 log(LOG_DEBUG, SPP_FMT "Down event (carrier loss)\n", 1881 SPP_ARGS(ifp)); 1882 sppp_down_event(&lcp, sp); 1883 1884 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) 1885 lcp.Close(sp); 1886 sp->pp_flags &= ~PP_CALLIN; 1887 ifp->if_flags &= ~IFF_RUNNING; 1888 sppp_flush(ifp); 1889 } 1890 1891 HIDE void 1892 sppp_lcp_open(struct sppp *sp) 1893 { 1894 /* 1895 * If we are authenticator, negotiate LCP_AUTH 1896 */ 1897 if (sp->hisauth.proto != 0) 1898 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 1899 else 1900 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 1901 sp->pp_flags &= ~PP_NEEDAUTH; 1902 sppp_open_event(&lcp, sp); 1903 } 1904 1905 HIDE void 1906 sppp_lcp_close(struct sppp *sp) 1907 { 1908 sppp_close_event(&lcp, sp); 1909 } 1910 1911 HIDE void 1912 sppp_lcp_TO(void *cookie) 1913 { 1914 sppp_to_event(&lcp, (struct sppp *)cookie); 1915 } 1916 1917 /* 1918 * Analyze a configure request. Return true if it was agreeable, and 1919 * caused action sca, false if it has been rejected or nak'ed, and 1920 * caused action scn. (The return value is used to make the state 1921 * transition decision in the state automaton.) 1922 */ 1923 HIDE int 1924 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 1925 { 1926 STDDCL; 1927 u_char *buf, *r, *p; 1928 int origlen, rlen; 1929 u_long nmagic; 1930 u_short authproto; 1931 1932 len -= 4; 1933 origlen = len; 1934 buf = r = malloc (len, M_TEMP, M_NOWAIT); 1935 if (! buf) 1936 return (0); 1937 1938 if (debug) 1939 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 1940 SPP_ARGS(ifp)); 1941 1942 /* pass 1: check for things that need to be rejected */ 1943 p = (void*) (h+1); 1944 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 1945 if (debug) 1946 addlog("%s ", sppp_lcp_opt_name(*p)); 1947 switch (*p) { 1948 case LCP_OPT_MAGIC: 1949 /* Magic number. */ 1950 if (len >= 6 && p[1] == 6) 1951 continue; 1952 if (debug) 1953 addlog("[invalid] "); 1954 break; 1955 case LCP_OPT_ASYNC_MAP: 1956 /* Async control character map. */ 1957 if (len >= 6 && p[1] == 6) 1958 continue; 1959 if (debug) 1960 addlog("[invalid] "); 1961 break; 1962 case LCP_OPT_MRU: 1963 /* Maximum receive unit. */ 1964 if (len >= 4 && p[1] == 4) 1965 continue; 1966 if (debug) 1967 addlog("[invalid] "); 1968 break; 1969 case LCP_OPT_AUTH_PROTO: 1970 if (len < 4) { 1971 if (debug) 1972 addlog("[invalid] "); 1973 break; 1974 } 1975 authproto = (p[2] << 8) + p[3]; 1976 if (authproto == PPP_CHAP && p[1] != 5) { 1977 if (debug) 1978 addlog("[invalid chap len] "); 1979 break; 1980 } 1981 if (sp->myauth.proto == 0) { 1982 /* we are not configured to do auth */ 1983 if (debug) 1984 addlog("[not configured] "); 1985 break; 1986 } 1987 /* 1988 * Remote want us to authenticate, remember this, 1989 * so we stay in PHASE_AUTHENTICATE after LCP got 1990 * up. 1991 */ 1992 sp->pp_flags |= PP_NEEDAUTH; 1993 continue; 1994 default: 1995 /* Others not supported. */ 1996 if (debug) 1997 addlog("[rej] "); 1998 break; 1999 } 2000 /* Add the option to rejected list. */ 2001 bcopy (p, r, p[1]); 2002 r += p[1]; 2003 rlen += p[1]; 2004 } 2005 if (rlen) { 2006 if (debug) 2007 addlog(" send conf-rej\n"); 2008 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2009 return 0; 2010 } else if (debug) 2011 addlog("\n"); 2012 2013 /* 2014 * pass 2: check for option values that are unacceptable and 2015 * thus require to be nak'ed. 2016 */ 2017 if (debug) 2018 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2019 SPP_ARGS(ifp)); 2020 2021 p = (void*) (h+1); 2022 len = origlen; 2023 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2024 if (debug) 2025 addlog("%s ", sppp_lcp_opt_name(*p)); 2026 switch (*p) { 2027 case LCP_OPT_MAGIC: 2028 /* Magic number -- extract. */ 2029 nmagic = (u_long)p[2] << 24 | 2030 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2031 if (nmagic != sp->lcp.magic) { 2032 if (debug) 2033 addlog("0x%lx ", nmagic); 2034 continue; 2035 } 2036 if (debug) 2037 addlog("[glitch] "); 2038 ++sp->pp_loopcnt; 2039 /* 2040 * We negate our magic here, and NAK it. If 2041 * we see it later in an NAK packet, we 2042 * suggest a new one. 2043 */ 2044 nmagic = ~sp->lcp.magic; 2045 /* Gonna NAK it. */ 2046 p[2] = nmagic >> 24; 2047 p[3] = nmagic >> 16; 2048 p[4] = nmagic >> 8; 2049 p[5] = nmagic; 2050 break; 2051 2052 case LCP_OPT_ASYNC_MAP: 2053 /* Async control character map -- check to be zero. */ 2054 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) { 2055 if (debug) 2056 addlog("[empty] "); 2057 continue; 2058 } 2059 if (debug) 2060 addlog("[non-empty] "); 2061 /* suggest a zero one */ 2062 p[2] = p[3] = p[4] = p[5] = 0; 2063 break; 2064 2065 case LCP_OPT_MRU: 2066 /* 2067 * Maximum receive unit. Always agreeable, 2068 * but ignored by now. 2069 */ 2070 sp->lcp.their_mru = p[2] * 256 + p[3]; 2071 if (debug) 2072 addlog("%lu ", sp->lcp.their_mru); 2073 continue; 2074 2075 case LCP_OPT_AUTH_PROTO: 2076 authproto = (p[2] << 8) + p[3]; 2077 if (sp->myauth.proto != authproto) { 2078 /* not agreed, nak */ 2079 if (debug) 2080 addlog("[mine %s != his %s] ", 2081 sppp_proto_name(sp->hisauth.proto), 2082 sppp_proto_name(authproto)); 2083 p[2] = sp->myauth.proto >> 8; 2084 p[3] = sp->myauth.proto; 2085 break; 2086 } 2087 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2088 if (debug) 2089 addlog("[chap not MD5] "); 2090 p[4] = CHAP_MD5; 2091 break; 2092 } 2093 continue; 2094 } 2095 /* Add the option to nak'ed list. */ 2096 bcopy (p, r, p[1]); 2097 r += p[1]; 2098 rlen += p[1]; 2099 } 2100 if (rlen) { 2101 if (++sp->fail_counter[IDX_LCP] < sp->lcp.max_failure) { 2102 if (debug) 2103 addlog("send conf-nak\n"); 2104 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2105 return 0; 2106 } 2107 if (debug) 2108 addlog("max_failure (%d) exceeded, closing\n", 2109 sp->lcp.max_failure); 2110 if (sp->pp_loopcnt >= MAXALIVECNT) 2111 printf (SPP_FMT "loopback\n", SPP_ARGS(ifp)); 2112 lcp.Close(sp); 2113 sp->fail_counter[IDX_LCP] = 0; 2114 sp->pp_loopcnt = 0; 2115 return 0; 2116 } else { 2117 if (debug) 2118 addlog("send conf-ack\n"); 2119 sp->fail_counter[IDX_LCP] = 0; 2120 sp->pp_loopcnt = 0; 2121 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2122 h->ident, origlen, h+1); 2123 } 2124 2125 free (buf, M_TEMP); 2126 return (rlen == 0); 2127 } 2128 2129 /* 2130 * Analyze the LCP Configure-Reject option list, and adjust our 2131 * negotiation. 2132 */ 2133 HIDE void 2134 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2135 { 2136 STDDCL; 2137 u_char *buf, *p; 2138 2139 len -= 4; 2140 buf = malloc (len, M_TEMP, M_NOWAIT); 2141 if (!buf) 2142 return; 2143 2144 if (debug) 2145 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2146 SPP_ARGS(ifp)); 2147 2148 p = (void*) (h+1); 2149 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2150 if (debug) 2151 addlog("%s ", sppp_lcp_opt_name(*p)); 2152 switch (*p) { 2153 case LCP_OPT_MAGIC: 2154 /* Magic number -- can't use it, use 0 */ 2155 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2156 sp->lcp.magic = 0; 2157 break; 2158 case LCP_OPT_MRU: 2159 /* 2160 * Should not be rejected anyway, since we only 2161 * negotiate a MRU if explicitly requested by 2162 * peer. 2163 */ 2164 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2165 break; 2166 case LCP_OPT_AUTH_PROTO: 2167 /* 2168 * Peer doesn't want to authenticate himself, 2169 * deny unless this is a dialout call, and 2170 * AUTHFLAG_NOCALLOUT is set. 2171 */ 2172 if ((sp->pp_flags & PP_CALLIN) == 0 && 2173 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2174 if (debug) 2175 addlog("[don't insist on auth " 2176 "for callout]"); 2177 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2178 break; 2179 } 2180 if (debug) 2181 addlog("[access denied]\n"); 2182 lcp.Close(sp); 2183 break; 2184 } 2185 } 2186 if (debug) 2187 addlog("\n"); 2188 free (buf, M_TEMP); 2189 return; 2190 } 2191 2192 /* 2193 * Analyze the LCP Configure-NAK option list, and adjust our 2194 * negotiation. 2195 */ 2196 HIDE void 2197 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2198 { 2199 STDDCL; 2200 u_char *buf, *p; 2201 u_long magic; 2202 2203 len -= 4; 2204 buf = malloc (len, M_TEMP, M_NOWAIT); 2205 if (!buf) 2206 return; 2207 2208 if (debug) 2209 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2210 SPP_ARGS(ifp)); 2211 2212 p = (void*) (h+1); 2213 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2214 if (debug) 2215 addlog("%s ", sppp_lcp_opt_name(*p)); 2216 switch (*p) { 2217 case LCP_OPT_MAGIC: 2218 /* Magic number -- renegotiate */ 2219 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2220 len >= 6 && p[1] == 6) { 2221 magic = (u_long)p[2] << 24 | 2222 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2223 /* 2224 * If the remote magic is our negated one, 2225 * this looks like a loopback problem. 2226 * Suggest a new magic to make sure. 2227 */ 2228 if (magic == ~sp->lcp.magic) { 2229 if (debug) 2230 addlog("magic glitch "); 2231 #if defined (__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) 2232 sp->lcp.magic = random(); 2233 #else 2234 sp->lcp.magic = time.tv_sec + time.tv_usec; 2235 #endif 2236 } else { 2237 sp->lcp.magic = magic; 2238 if (debug) 2239 addlog("%lu ", magic); 2240 } 2241 } 2242 break; 2243 case LCP_OPT_MRU: 2244 /* 2245 * Peer wants to advise us to negotiate an MRU. 2246 * Agree on it if it's reasonable, or use 2247 * default otherwise. 2248 */ 2249 if (len >= 4 && p[1] == 4) { 2250 u_int mru = p[2] * 256 + p[3]; 2251 if (debug) 2252 addlog("%d ", mru); 2253 if (mru < PP_MTU || mru > PP_MAX_MRU) 2254 mru = PP_MTU; 2255 sp->lcp.mru = mru; 2256 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2257 } 2258 break; 2259 case LCP_OPT_AUTH_PROTO: 2260 /* 2261 * Peer doesn't like our authentication method, 2262 * deny. 2263 */ 2264 if (debug) 2265 addlog("[access denied]\n"); 2266 lcp.Close(sp); 2267 break; 2268 } 2269 } 2270 if (debug) 2271 addlog("\n"); 2272 free (buf, M_TEMP); 2273 return; 2274 } 2275 2276 HIDE void 2277 sppp_lcp_tlu(struct sppp *sp) 2278 { 2279 struct ifnet *ifp = &sp->pp_if; 2280 int i; 2281 u_long mask; 2282 2283 /* XXX ? */ 2284 if (! (ifp->if_flags & IFF_UP) && 2285 (ifp->if_flags & IFF_RUNNING)) { 2286 /* Coming out of loopback mode. */ 2287 if_up(ifp); 2288 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2289 } 2290 2291 for (i = 0; i < IDX_COUNT; i++) 2292 if ((cps[i])->flags & CP_QUAL) 2293 (cps[i])->Open(sp); 2294 2295 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2296 (sp->pp_flags & PP_NEEDAUTH) != 0) 2297 sp->pp_phase = PHASE_AUTHENTICATE; 2298 else 2299 sp->pp_phase = PHASE_NETWORK; 2300 2301 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2302 sppp_phase_name(sp->pp_phase)); 2303 2304 /* 2305 * Open all authentication protocols. This is even required 2306 * if we already proceeded to network phase, since it might be 2307 * that remote wants us to authenticate, so we might have to 2308 * send a PAP request. Undesired authentication protocols 2309 * don't do anything when they get an Open event. 2310 */ 2311 for (i = 0; i < IDX_COUNT; i++) 2312 if ((cps[i])->flags & CP_AUTH) 2313 (cps[i])->Open(sp); 2314 2315 if (sp->pp_phase == PHASE_NETWORK) { 2316 /* Notify all NCPs. */ 2317 for (i = 0; i < IDX_COUNT; i++) 2318 if ((cps[i])->flags & CP_NCP) 2319 (cps[i])->Open(sp); 2320 } 2321 2322 /* Send Up events to all started protos. */ 2323 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2324 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) 2325 (cps[i])->Up(sp); 2326 2327 if (sp->pp_phase == PHASE_NETWORK) 2328 /* if no NCP is starting, close down */ 2329 sppp_lcp_check_and_close(sp); 2330 } 2331 2332 HIDE void 2333 sppp_lcp_tld(struct sppp *sp) 2334 { 2335 struct ifnet *ifp = &sp->pp_if; 2336 int i; 2337 u_long mask; 2338 2339 sp->pp_phase = PHASE_TERMINATE; 2340 2341 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2342 sppp_phase_name(sp->pp_phase)); 2343 2344 /* 2345 * Take upper layers down. We send the Down event first and 2346 * the Close second to prevent the upper layers from sending 2347 * ``a flurry of terminate-request packets'', as the RFC 2348 * describes it. 2349 */ 2350 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2351 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) { 2352 (cps[i])->Down(sp); 2353 (cps[i])->Close(sp); 2354 } 2355 } 2356 2357 HIDE void 2358 sppp_lcp_tls(struct sppp *sp) 2359 { 2360 struct ifnet *ifp = &sp->pp_if; 2361 2362 sp->pp_phase = PHASE_ESTABLISH; 2363 2364 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2365 sppp_phase_name(sp->pp_phase)); 2366 2367 /* Notify lower layer if desired. */ 2368 if (sp->pp_tls) 2369 (sp->pp_tls)(sp); 2370 } 2371 2372 HIDE void 2373 sppp_lcp_tlf(struct sppp *sp) 2374 { 2375 struct ifnet *ifp = &sp->pp_if; 2376 2377 sp->pp_phase = PHASE_DEAD; 2378 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2379 sppp_phase_name(sp->pp_phase)); 2380 2381 /* Notify lower layer if desired. */ 2382 if (sp->pp_tlf) 2383 (sp->pp_tlf)(sp); 2384 } 2385 2386 HIDE void 2387 sppp_lcp_scr(struct sppp *sp) 2388 { 2389 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2390 int i = 0; 2391 u_short authproto; 2392 2393 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2394 if (! sp->lcp.magic) 2395 #if defined (__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) 2396 sp->lcp.magic = random(); 2397 #else 2398 sp->lcp.magic = time.tv_sec + time.tv_usec; 2399 #endif 2400 opt[i++] = LCP_OPT_MAGIC; 2401 opt[i++] = 6; 2402 opt[i++] = sp->lcp.magic >> 24; 2403 opt[i++] = sp->lcp.magic >> 16; 2404 opt[i++] = sp->lcp.magic >> 8; 2405 opt[i++] = sp->lcp.magic; 2406 } 2407 2408 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2409 opt[i++] = LCP_OPT_MRU; 2410 opt[i++] = 4; 2411 opt[i++] = sp->lcp.mru >> 8; 2412 opt[i++] = sp->lcp.mru; 2413 } 2414 2415 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2416 authproto = sp->hisauth.proto; 2417 opt[i++] = LCP_OPT_AUTH_PROTO; 2418 opt[i++] = authproto == PPP_CHAP? 5: 4; 2419 opt[i++] = authproto >> 8; 2420 opt[i++] = authproto; 2421 if (authproto == PPP_CHAP) 2422 opt[i++] = CHAP_MD5; 2423 } 2424 2425 sp->confid[IDX_LCP] = ++sp->pp_seq; 2426 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2427 } 2428 2429 /* 2430 * Check the open NCPs, return true if at least one NCP is open. 2431 */ 2432 HIDE int 2433 sppp_ncp_check(struct sppp *sp) 2434 { 2435 int i, mask; 2436 2437 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2438 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP) 2439 return 1; 2440 return 0; 2441 } 2442 2443 /* 2444 * Re-check the open NCPs and see if we should terminate the link. 2445 * Called by the NCPs during their tlf action handling. 2446 */ 2447 HIDE void 2448 sppp_lcp_check_and_close(struct sppp *sp) 2449 { 2450 2451 if (sp->pp_phase < PHASE_NETWORK) 2452 /* don't bother, we are already going down */ 2453 return; 2454 2455 if (sppp_ncp_check(sp)) 2456 return; 2457 2458 lcp.Close(sp); 2459 } 2460 /* 2461 *--------------------------------------------------------------------------* 2462 * * 2463 * The IPCP implementation. * 2464 * * 2465 *--------------------------------------------------------------------------* 2466 */ 2467 2468 HIDE void 2469 sppp_ipcp_init(struct sppp *sp) 2470 { 2471 sp->ipcp.opts = 0; 2472 sp->ipcp.flags = 0; 2473 sp->state[IDX_IPCP] = STATE_INITIAL; 2474 sp->fail_counter[IDX_IPCP] = 0; 2475 #if defined (__FreeBSD__) 2476 callout_handle_init(&sp->ch[IDX_IPCP]); 2477 #endif 2478 } 2479 2480 HIDE void 2481 sppp_ipcp_up(struct sppp *sp) 2482 { 2483 sppp_up_event(&ipcp, sp); 2484 } 2485 2486 HIDE void 2487 sppp_ipcp_down(struct sppp *sp) 2488 { 2489 sppp_down_event(&ipcp, sp); 2490 } 2491 2492 HIDE void 2493 sppp_ipcp_open(struct sppp *sp) 2494 { 2495 STDDCL; 2496 u_long myaddr, hisaddr; 2497 2498 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2499 /* 2500 * If we don't have his address, this probably means our 2501 * interface doesn't want to talk IP at all. (This could 2502 * be the case if somebody wants to speak only IPX, for 2503 * example.) Don't open IPCP in this case. 2504 */ 2505 if (hisaddr == 0L) { 2506 /* XXX this message should go away */ 2507 if (debug) 2508 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2509 SPP_ARGS(ifp)); 2510 return; 2511 } 2512 2513 if (myaddr == 0L) { 2514 /* 2515 * I don't have an assigned address, so i need to 2516 * negotiate my address. 2517 */ 2518 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2519 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2520 } 2521 sppp_open_event(&ipcp, sp); 2522 } 2523 2524 HIDE void 2525 sppp_ipcp_close(struct sppp *sp) 2526 { 2527 sppp_close_event(&ipcp, sp); 2528 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2529 /* 2530 * My address was dynamic, clear it again. 2531 */ 2532 sppp_set_ip_addr(sp, 0L); 2533 } 2534 2535 HIDE void 2536 sppp_ipcp_TO(void *cookie) 2537 { 2538 sppp_to_event(&ipcp, (struct sppp *)cookie); 2539 } 2540 2541 /* 2542 * Analyze a configure request. Return true if it was agreeable, and 2543 * caused action sca, false if it has been rejected or nak'ed, and 2544 * caused action scn. (The return value is used to make the state 2545 * transition decision in the state automaton.) 2546 */ 2547 HIDE int 2548 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2549 { 2550 u_char *buf, *r, *p; 2551 struct ifnet *ifp = &sp->pp_if; 2552 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2553 u_long hisaddr, desiredaddr; 2554 2555 len -= 4; 2556 origlen = len; 2557 /* 2558 * Make sure to allocate a buf that can at least hold a 2559 * conf-nak with an `address' option. We might need it below. 2560 */ 2561 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2562 if (! buf) 2563 return (0); 2564 2565 /* pass 1: see if we can recognize them */ 2566 if (debug) 2567 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2568 SPP_ARGS(ifp)); 2569 p = (void*) (h+1); 2570 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2571 if (debug) 2572 addlog("%s ", sppp_ipcp_opt_name(*p)); 2573 switch (*p) { 2574 #ifdef notyet 2575 case IPCP_OPT_COMPRESSION: 2576 if (len >= 6 && p[1] >= 6) { 2577 /* correctly formed compress option */ 2578 continue; 2579 } 2580 if (debug) 2581 addlog("[invalid] "); 2582 break; 2583 #endif 2584 case IPCP_OPT_ADDRESS: 2585 if (len >= 6 && p[1] == 6) { 2586 /* correctly formed address option */ 2587 continue; 2588 } 2589 if (debug) 2590 addlog("[invalid] "); 2591 break; 2592 default: 2593 /* Others not supported. */ 2594 if (debug) 2595 addlog("[rej] "); 2596 break; 2597 } 2598 /* Add the option to rejected list. */ 2599 bcopy (p, r, p[1]); 2600 r += p[1]; 2601 rlen += p[1]; 2602 } 2603 if (rlen) { 2604 if (debug) 2605 addlog(" send conf-rej\n"); 2606 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2607 return 0; 2608 } else if (debug) 2609 addlog("\n"); 2610 2611 /* pass 2: parse option values */ 2612 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 2613 if (debug) 2614 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2615 SPP_ARGS(ifp)); 2616 p = (void*) (h+1); 2617 len = origlen; 2618 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2619 if (debug) 2620 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2621 switch (*p) { 2622 #ifdef notyet 2623 case IPCP_OPT_COMPRESSION: 2624 continue; 2625 #endif 2626 case IPCP_OPT_ADDRESS: 2627 desiredaddr = p[2] << 24 | p[3] << 16 | 2628 p[4] << 8 | p[5]; 2629 if (desiredaddr == hisaddr || 2630 (hisaddr == 1 && desiredaddr != 0)) { 2631 /* 2632 * Peer's address is same as our value, 2633 * or we have set it to 0.0.0.1 to 2634 * indicate that we do not really care, 2635 * this is agreeable. Gonna conf-ack 2636 * it. 2637 */ 2638 if (debug) 2639 addlog("%s [ack] ", 2640 sppp_dotted_quad(desiredaddr)); 2641 /* record that we've seen it already */ 2642 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2643 continue; 2644 } 2645 /* 2646 * The address wasn't agreeable. This is either 2647 * he sent us 0.0.0.0, asking to assign him an 2648 * address, or he send us another address not 2649 * matching our value. Either case, we gonna 2650 * conf-nak it with our value. 2651 */ 2652 if (debug) { 2653 if (desiredaddr == 0) 2654 addlog("[addr requested] "); 2655 else 2656 addlog("%s [not agreed] ", 2657 sppp_dotted_quad(desiredaddr)); 2658 2659 p[2] = hisaddr >> 24; 2660 p[3] = hisaddr >> 16; 2661 p[4] = hisaddr >> 8; 2662 p[5] = hisaddr; 2663 } 2664 break; 2665 } 2666 /* Add the option to nak'ed list. */ 2667 bcopy (p, r, p[1]); 2668 r += p[1]; 2669 rlen += p[1]; 2670 } 2671 2672 /* 2673 * If we are about to conf-ack the request, but haven't seen 2674 * his address so far, gonna conf-nak it instead, with the 2675 * `address' option present and our idea of his address being 2676 * filled in there, to request negotiation of both addresses. 2677 * 2678 * XXX This can result in an endless req - nak loop if peer 2679 * doesn't want to send us his address. Q: What should we do 2680 * about it? XXX A: implement the max-failure counter. 2681 */ 2682 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) { 2683 buf[0] = IPCP_OPT_ADDRESS; 2684 buf[1] = 6; 2685 buf[2] = hisaddr >> 24; 2686 buf[3] = hisaddr >> 16; 2687 buf[4] = hisaddr >> 8; 2688 buf[5] = hisaddr; 2689 rlen = 6; 2690 if (debug) 2691 addlog("still need hisaddr "); 2692 } 2693 2694 if (rlen) { 2695 if (debug) 2696 addlog(" send conf-nak\n"); 2697 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2698 } else { 2699 if (debug) 2700 addlog(" send conf-ack\n"); 2701 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 2702 h->ident, origlen, h+1); 2703 } 2704 2705 free (buf, M_TEMP); 2706 return (rlen == 0); 2707 } 2708 2709 /* 2710 * Analyze the IPCP Configure-Reject option list, and adjust our 2711 * negotiation. 2712 */ 2713 HIDE void 2714 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2715 { 2716 u_char *buf, *p; 2717 struct ifnet *ifp = &sp->pp_if; 2718 int debug = ifp->if_flags & IFF_DEBUG; 2719 2720 len -= 4; 2721 buf = malloc (len, M_TEMP, M_NOWAIT); 2722 if (!buf) 2723 return; 2724 2725 if (debug) 2726 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 2727 SPP_ARGS(ifp)); 2728 2729 p = (void*) (h+1); 2730 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2731 if (debug) 2732 addlog("%s ", sppp_ipcp_opt_name(*p)); 2733 switch (*p) { 2734 case IPCP_OPT_ADDRESS: 2735 /* 2736 * Peer doesn't grok address option. This is 2737 * bad. XXX Should we better give up here? 2738 */ 2739 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 2740 break; 2741 #ifdef notyet 2742 case IPCP_OPT_COMPRESS: 2743 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS); 2744 break; 2745 #endif 2746 } 2747 } 2748 if (debug) 2749 addlog("\n"); 2750 free (buf, M_TEMP); 2751 return; 2752 } 2753 2754 /* 2755 * Analyze the IPCP Configure-NAK option list, and adjust our 2756 * negotiation. 2757 */ 2758 HIDE void 2759 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2760 { 2761 u_char *buf, *p; 2762 struct ifnet *ifp = &sp->pp_if; 2763 int debug = ifp->if_flags & IFF_DEBUG; 2764 u_long wantaddr; 2765 2766 len -= 4; 2767 buf = malloc (len, M_TEMP, M_NOWAIT); 2768 if (!buf) 2769 return; 2770 2771 if (debug) 2772 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 2773 SPP_ARGS(ifp)); 2774 2775 p = (void*) (h+1); 2776 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2777 if (debug) 2778 addlog("%s ", sppp_ipcp_opt_name(*p)); 2779 switch (*p) { 2780 case IPCP_OPT_ADDRESS: 2781 /* 2782 * Peer doesn't like our local IP address. See 2783 * if we can do something for him. We'll drop 2784 * him our address then. 2785 */ 2786 if (len >= 6 && p[1] == 6) { 2787 wantaddr = p[2] << 24 | p[3] << 16 | 2788 p[4] << 8 | p[5]; 2789 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2790 if (debug) 2791 addlog("[wantaddr %s] ", 2792 sppp_dotted_quad(wantaddr)); 2793 /* 2794 * When doing dynamic address assignment, 2795 * we accept his offer. Otherwise, we 2796 * ignore it and thus continue to negotiate 2797 * our already existing value. 2798 */ 2799 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 2800 sppp_set_ip_addr(sp, wantaddr); 2801 if (debug) 2802 addlog("[agree] "); 2803 } 2804 } 2805 break; 2806 #ifdef notyet 2807 case IPCP_OPT_COMPRESS: 2808 /* 2809 * Peer wants different compression parameters. 2810 */ 2811 break; 2812 #endif 2813 } 2814 } 2815 if (debug) 2816 addlog("\n"); 2817 free (buf, M_TEMP); 2818 return; 2819 } 2820 2821 HIDE void 2822 sppp_ipcp_tlu(struct sppp *sp) 2823 { 2824 } 2825 2826 HIDE void 2827 sppp_ipcp_tld(struct sppp *sp) 2828 { 2829 } 2830 2831 HIDE void 2832 sppp_ipcp_tls(struct sppp *sp) 2833 { 2834 /* indicate to LCP that it must stay alive */ 2835 sp->lcp.protos |= (1 << IDX_IPCP); 2836 } 2837 2838 HIDE void 2839 sppp_ipcp_tlf(struct sppp *sp) 2840 { 2841 /* we no longer need LCP */ 2842 sp->lcp.protos &= ~(1 << IDX_IPCP); 2843 sppp_lcp_check_and_close(sp); 2844 } 2845 2846 HIDE void 2847 sppp_ipcp_scr(struct sppp *sp) 2848 { 2849 char opt[6 /* compression */ + 6 /* address */]; 2850 u_long ouraddr; 2851 int i = 0; 2852 2853 #ifdef notyet 2854 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 2855 opt[i++] = IPCP_OPT_COMPRESSION; 2856 opt[i++] = 6; 2857 opt[i++] = 0; /* VJ header compression */ 2858 opt[i++] = 0x2d; /* VJ header compression */ 2859 opt[i++] = max_slot_id; 2860 opt[i++] = comp_slot_id; 2861 } 2862 #endif 2863 2864 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 2865 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 2866 opt[i++] = IPCP_OPT_ADDRESS; 2867 opt[i++] = 6; 2868 opt[i++] = ouraddr >> 24; 2869 opt[i++] = ouraddr >> 16; 2870 opt[i++] = ouraddr >> 8; 2871 opt[i++] = ouraddr; 2872 } 2873 2874 sp->confid[IDX_IPCP] = ++sp->pp_seq; 2875 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 2876 } 2877 2878 2879 /* 2880 *--------------------------------------------------------------------------* 2881 * * 2882 * The CHAP implementation. * 2883 * * 2884 *--------------------------------------------------------------------------* 2885 */ 2886 2887 /* 2888 * The authentication protocols don't employ a full-fledged state machine as 2889 * the control protocols do, since they do have Open and Close events, but 2890 * not Up and Down, nor are they explicitly terminated. Also, use of the 2891 * authentication protocols may be different in both directions (this makes 2892 * sense, think of a machine that never accepts incoming calls but only 2893 * calls out, it doesn't require the called party to authenticate itself). 2894 * 2895 * Our state machine for the local authentication protocol (we are requesting 2896 * the peer to authenticate) looks like: 2897 * 2898 * RCA- 2899 * +--------------------------------------------+ 2900 * V scn,tld| 2901 * +--------+ Close +---------+ RCA+ 2902 * | |<----------------------------------| |------+ 2903 * +--->| Closed | TO* | Opened | sca | 2904 * | | |-----+ +-------| |<-----+ 2905 * | +--------+ irc | | +---------+ 2906 * | ^ | | ^ 2907 * | | | | | 2908 * | | | | | 2909 * | TO-| | | | 2910 * | |tld TO+ V | | 2911 * | | +------->+ | | 2912 * | | | | | | 2913 * | +--------+ V | | 2914 * | | |<----+<--------------------+ | 2915 * | | Req- | scr | 2916 * | | Sent | | 2917 * | | | | 2918 * | +--------+ | 2919 * | RCA- | | RCA+ | 2920 * +------+ +------------------------------------------+ 2921 * scn,tld sca,irc,ict,tlu 2922 * 2923 * 2924 * with: 2925 * 2926 * Open: LCP reached authentication phase 2927 * Close: LCP reached terminate phase 2928 * 2929 * RCA+: received reply (pap-req, chap-response), acceptable 2930 * RCN: received reply (pap-req, chap-response), not acceptable 2931 * TO+: timeout with restart counter >= 0 2932 * TO-: timeout with restart counter < 0 2933 * TO*: reschedule timeout for CHAP 2934 * 2935 * scr: send request packet (none for PAP, chap-challenge) 2936 * sca: send ack packet (pap-ack, chap-success) 2937 * scn: send nak packet (pap-nak, chap-failure) 2938 * ict: initialize re-challenge timer (CHAP only) 2939 * 2940 * tlu: this-layer-up, LCP reaches network phase 2941 * tld: this-layer-down, LCP enters terminate phase 2942 * 2943 * Note that in CHAP mode, after sending a new challenge, while the state 2944 * automaton falls back into Req-Sent state, it doesn't signal a tld 2945 * event to LCP, so LCP remains in network phase. Only after not getting 2946 * any response (or after getting an unacceptable response), CHAP closes, 2947 * causing LCP to enter terminate phase. 2948 * 2949 * With PAP, there is no initial request that can be sent. The peer is 2950 * expected to send one based on the successful negotiation of PAP as 2951 * the authentication protocol during the LCP option negotiation. 2952 * 2953 * Incoming authentication protocol requests (remote requests 2954 * authentication, we are peer) don't employ a state machine at all, 2955 * they are simply answered. Some peers [Ascend P50 firmware rev 2956 * 4.50] react allergically when sending IPCP requests while they are 2957 * still in authentication phase (thereby violating the standard that 2958 * demands that these NCP packets are to be discarded), so we keep 2959 * track of the peer demanding us to authenticate, and only proceed to 2960 * phase network once we've seen a positive acknowledge for the 2961 * authentication. 2962 */ 2963 2964 /* 2965 * Handle incoming CHAP packets. 2966 */ 2967 void 2968 sppp_chap_input(struct sppp *sp, struct mbuf *m) 2969 { 2970 STDDCL; 2971 struct lcp_header *h; 2972 int len, x; 2973 u_char *value, *name, digest[AUTHKEYLEN], dsize; 2974 int value_len, name_len; 2975 MD5_CTX ctx; 2976 2977 len = m->m_pkthdr.len; 2978 if (len < 4) { 2979 if (debug) 2980 log(LOG_DEBUG, 2981 SPP_FMT "chap invalid packet length: %d bytes\n", 2982 SPP_ARGS(ifp), len); 2983 return; 2984 } 2985 h = mtod (m, struct lcp_header*); 2986 if (len > ntohs (h->len)) 2987 len = ntohs (h->len); 2988 2989 switch (h->type) { 2990 /* challenge, failure and success are his authproto */ 2991 case CHAP_CHALLENGE: 2992 value = 1 + (u_char*)(h+1); 2993 value_len = value[-1]; 2994 name = value + value_len; 2995 name_len = len - value_len - 5; 2996 if (name_len < 0) { 2997 if (debug) { 2998 log(LOG_DEBUG, 2999 SPP_FMT "chap corrupted challenge " 3000 "<%s id=0x%x len=%d", 3001 SPP_ARGS(ifp), 3002 sppp_auth_type_name(PPP_CHAP, h->type), 3003 h->ident, ntohs(h->len)); 3004 if (len > 4) 3005 sppp_print_bytes((u_char*) (h+1), len-4); 3006 addlog(">\n"); 3007 } 3008 break; 3009 } 3010 3011 if (debug) { 3012 log(LOG_DEBUG, 3013 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3014 SPP_ARGS(ifp), 3015 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3016 ntohs(h->len)); 3017 sppp_print_string((char*) name, name_len); 3018 addlog(" value-size=%d value=", value_len); 3019 sppp_print_bytes(value, value_len); 3020 addlog(">\n"); 3021 } 3022 3023 /* Compute reply value. */ 3024 MD5Init(&ctx); 3025 MD5Update(&ctx, &h->ident, 1); 3026 MD5Update(&ctx, sp->myauth.secret, 3027 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 3028 MD5Update(&ctx, value, value_len); 3029 MD5Final(digest, &ctx); 3030 dsize = sizeof digest; 3031 3032 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3033 sizeof dsize, (const char *)&dsize, 3034 sizeof digest, digest, 3035 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3036 sp->myauth.name, 3037 0); 3038 break; 3039 3040 case CHAP_SUCCESS: 3041 if (debug) { 3042 log(LOG_DEBUG, SPP_FMT "chap success", 3043 SPP_ARGS(ifp)); 3044 if (len > 4) { 3045 addlog(": "); 3046 sppp_print_string((char*)(h + 1), len - 4); 3047 } 3048 addlog("\n"); 3049 } 3050 x = splimp(); 3051 sp->pp_flags &= ~PP_NEEDAUTH; 3052 if (sp->myauth.proto == PPP_CHAP && 3053 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3054 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3055 /* 3056 * We are authenticator for CHAP but didn't 3057 * complete yet. Leave it to tlu to proceed 3058 * to network phase. 3059 */ 3060 splx(x); 3061 break; 3062 } 3063 splx(x); 3064 sppp_phase_network(sp); 3065 break; 3066 3067 case CHAP_FAILURE: 3068 if (debug) { 3069 log(LOG_INFO, SPP_FMT "chap failure", 3070 SPP_ARGS(ifp)); 3071 if (len > 4) { 3072 addlog(": "); 3073 sppp_print_string((char*)(h + 1), len - 4); 3074 } 3075 addlog("\n"); 3076 } else 3077 log(LOG_INFO, SPP_FMT "chap failure\n", 3078 SPP_ARGS(ifp)); 3079 /* await LCP shutdown by authenticator */ 3080 break; 3081 3082 /* response is my authproto */ 3083 case CHAP_RESPONSE: 3084 value = 1 + (u_char*)(h+1); 3085 value_len = value[-1]; 3086 name = value + value_len; 3087 name_len = len - value_len - 5; 3088 if (name_len < 0) { 3089 if (debug) { 3090 log(LOG_DEBUG, 3091 SPP_FMT "chap corrupted response " 3092 "<%s id=0x%x len=%d", 3093 SPP_ARGS(ifp), 3094 sppp_auth_type_name(PPP_CHAP, h->type), 3095 h->ident, ntohs(h->len)); 3096 if (len > 4) 3097 sppp_print_bytes((u_char*)(h+1), len-4); 3098 addlog(">\n"); 3099 } 3100 break; 3101 } 3102 if (h->ident != sp->confid[IDX_CHAP]) { 3103 if (debug) 3104 log(LOG_DEBUG, 3105 SPP_FMT "chap dropping response for old ID " 3106 "(got %d, expected %d)\n", 3107 SPP_ARGS(ifp), 3108 h->ident, sp->confid[IDX_CHAP]); 3109 break; 3110 } 3111 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 3112 || bcmp(name, sp->hisauth.name, name_len) != 0) { 3113 log(LOG_INFO, SPP_FMT "chap response, his name ", 3114 SPP_ARGS(ifp)); 3115 sppp_print_string(name, name_len); 3116 addlog(" != expected "); 3117 sppp_print_string(sp->hisauth.name, 3118 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 3119 addlog("\n"); 3120 } 3121 if (debug) { 3122 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 3123 "<%s id=0x%x len=%d name=", 3124 SPP_ARGS(ifp), 3125 sppp_state_name(sp->state[IDX_CHAP]), 3126 sppp_auth_type_name(PPP_CHAP, h->type), 3127 h->ident, ntohs (h->len)); 3128 sppp_print_string((char*)name, name_len); 3129 addlog(" value-size=%d value=", value_len); 3130 sppp_print_bytes(value, value_len); 3131 addlog(">\n"); 3132 } 3133 if (value_len != AUTHKEYLEN) { 3134 if (debug) 3135 log(LOG_DEBUG, 3136 SPP_FMT "chap bad hash value length: " 3137 "%d bytes, should be %d\n", 3138 SPP_ARGS(ifp), value_len, 3139 AUTHKEYLEN); 3140 break; 3141 } 3142 3143 MD5Init(&ctx); 3144 MD5Update(&ctx, &h->ident, 1); 3145 MD5Update(&ctx, sp->hisauth.secret, 3146 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 3147 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 3148 MD5Final(digest, &ctx); 3149 3150 #define FAILMSG "Failed..." 3151 #define SUCCMSG "Welcome!" 3152 3153 if (value_len != sizeof digest || 3154 bcmp(digest, value, value_len) != 0) { 3155 /* action scn, tld */ 3156 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3157 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3158 0); 3159 chap.tld(sp); 3160 break; 3161 } 3162 /* action sca, perhaps tlu */ 3163 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 3164 sp->state[IDX_CHAP] == STATE_OPENED) 3165 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 3166 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3167 0); 3168 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 3169 sppp_cp_change_state(&chap, sp, STATE_OPENED); 3170 chap.tlu(sp); 3171 } 3172 break; 3173 3174 default: 3175 /* Unknown CHAP packet type -- ignore. */ 3176 if (debug) { 3177 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 3178 "<0x%x id=0x%xh len=%d", 3179 SPP_ARGS(ifp), 3180 sppp_state_name(sp->state[IDX_CHAP]), 3181 h->type, h->ident, ntohs(h->len)); 3182 if (len > 4) 3183 sppp_print_bytes((u_char*)(h+1), len-4); 3184 addlog(">\n"); 3185 } 3186 break; 3187 3188 } 3189 } 3190 3191 HIDE void 3192 sppp_chap_init(struct sppp *sp) 3193 { 3194 /* Chap doesn't have STATE_INITIAL at all. */ 3195 sp->state[IDX_CHAP] = STATE_CLOSED; 3196 sp->fail_counter[IDX_CHAP] = 0; 3197 #if defined (__FreeBSD__) 3198 callout_handle_init(&sp->ch[IDX_CHAP]); 3199 #endif 3200 } 3201 3202 HIDE void 3203 sppp_chap_open(struct sppp *sp) 3204 { 3205 if (sp->myauth.proto == PPP_CHAP && 3206 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3207 /* we are authenticator for CHAP, start it */ 3208 chap.scr(sp); 3209 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3210 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3211 } 3212 /* nothing to be done if we are peer, await a challenge */ 3213 } 3214 3215 HIDE void 3216 sppp_chap_close(struct sppp *sp) 3217 { 3218 if (sp->state[IDX_CHAP] != STATE_CLOSED) 3219 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3220 } 3221 3222 HIDE void 3223 sppp_chap_TO(void *cookie) 3224 { 3225 struct sppp *sp = (struct sppp *)cookie; 3226 STDDCL; 3227 int s; 3228 3229 s = splimp(); 3230 if (debug) 3231 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 3232 SPP_ARGS(ifp), 3233 sppp_state_name(sp->state[IDX_CHAP]), 3234 sp->rst_counter[IDX_CHAP]); 3235 3236 if (--sp->rst_counter[IDX_CHAP] < 0) 3237 /* TO- event */ 3238 switch (sp->state[IDX_CHAP]) { 3239 case STATE_REQ_SENT: 3240 chap.tld(sp); 3241 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3242 break; 3243 } 3244 else 3245 /* TO+ (or TO*) event */ 3246 switch (sp->state[IDX_CHAP]) { 3247 case STATE_OPENED: 3248 /* TO* event */ 3249 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3250 /* fall through */ 3251 case STATE_REQ_SENT: 3252 chap.scr(sp); 3253 /* sppp_cp_change_state() will restart the timer */ 3254 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3255 break; 3256 } 3257 3258 splx(s); 3259 } 3260 3261 HIDE void 3262 sppp_chap_tlu(struct sppp *sp) 3263 { 3264 STDDCL; 3265 int i = 0, x; 3266 3267 i = 0; 3268 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3269 3270 /* 3271 * Some broken CHAP implementations (Conware CoNet, firmware 3272 * 4.0.?) don't want to re-authenticate their CHAP once the 3273 * initial challenge-response exchange has taken place. 3274 * Provide for an option to avoid rechallenges. 3275 */ 3276 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 3277 /* 3278 * Compute the re-challenge timeout. This will yield 3279 * a number between 300 and 810 seconds. 3280 */ 3281 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 3282 3283 #if defined (__FreeBSD__) 3284 sp->ch[IDX_CHAP] = 3285 #endif 3286 timeout(chap.TO, (void *)sp, i * hz); 3287 } 3288 3289 if (debug) { 3290 log(LOG_DEBUG, 3291 SPP_FMT "chap %s, ", 3292 SPP_ARGS(ifp), 3293 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 3294 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 3295 addlog("next re-challenge in %d seconds\n", i); 3296 else 3297 addlog("re-challenging supressed\n"); 3298 } 3299 3300 x = splimp(); 3301 /* indicate to LCP that we need to be closed down */ 3302 sp->lcp.protos |= (1 << IDX_CHAP); 3303 3304 if (sp->pp_flags & PP_NEEDAUTH) { 3305 /* 3306 * Remote is authenticator, but his auth proto didn't 3307 * complete yet. Defer the transition to network 3308 * phase. 3309 */ 3310 splx(x); 3311 return; 3312 } 3313 splx(x); 3314 3315 /* 3316 * If we are already in phase network, we are done here. This 3317 * is the case if this is a dummy tlu event after a re-challenge. 3318 */ 3319 if (sp->pp_phase != PHASE_NETWORK) 3320 sppp_phase_network(sp); 3321 } 3322 3323 HIDE void 3324 sppp_chap_tld(struct sppp *sp) 3325 { 3326 STDDCL; 3327 3328 if (debug) 3329 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 3330 UNTIMEOUT(chap.TO, (void *)sp, sp->ch[IDX_CHAP]); 3331 sp->lcp.protos &= ~(1 << IDX_CHAP); 3332 3333 lcp.Close(sp); 3334 } 3335 3336 HIDE void 3337 sppp_chap_scr(struct sppp *sp) 3338 { 3339 u_long *ch, seed; 3340 u_char clen; 3341 #if defined (__NetBSD__) || defined (__OpenBSD__) 3342 struct timeval tv; 3343 #endif 3344 3345 /* Compute random challenge. */ 3346 ch = (u_long *)sp->myauth.challenge; 3347 #if defined (__FreeBSD__) 3348 read_random(&seed, sizeof seed); 3349 #else 3350 microtime(&tv); 3351 seed = tv.tv_sec ^ tv.tv_usec; 3352 #endif 3353 ch[0] = seed ^ random(); 3354 ch[1] = seed ^ random(); 3355 ch[2] = seed ^ random(); 3356 ch[3] = seed ^ random(); 3357 clen = AUTHKEYLEN; 3358 3359 sp->confid[IDX_CHAP] = ++sp->pp_seq; 3360 3361 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 3362 sizeof clen, (const char *)&clen, 3363 (size_t)AUTHKEYLEN, sp->myauth.challenge, 3364 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3365 sp->myauth.name, 3366 0); 3367 } 3368 /* 3369 *--------------------------------------------------------------------------* 3370 * * 3371 * The PAP implementation. * 3372 * * 3373 *--------------------------------------------------------------------------* 3374 */ 3375 /* 3376 * For PAP, we need to keep a little state also if we are the peer, not the 3377 * authenticator. This is since we don't get a request to authenticate, but 3378 * have to repeatedly authenticate ourself until we got a response (or the 3379 * retry counter is expired). 3380 */ 3381 3382 /* 3383 * Handle incoming PAP packets. */ 3384 HIDE void 3385 sppp_pap_input(struct sppp *sp, struct mbuf *m) 3386 { 3387 STDDCL; 3388 struct lcp_header *h; 3389 int len, x; 3390 u_char *name, *passwd, mlen; 3391 int name_len, passwd_len; 3392 3393 len = m->m_pkthdr.len; 3394 if (len < 5) { 3395 if (debug) 3396 log(LOG_DEBUG, 3397 SPP_FMT "pap invalid packet length: %d bytes\n", 3398 SPP_ARGS(ifp), len); 3399 return; 3400 } 3401 h = mtod (m, struct lcp_header*); 3402 if (len > ntohs (h->len)) 3403 len = ntohs (h->len); 3404 switch (h->type) { 3405 /* PAP request is my authproto */ 3406 case PAP_REQ: 3407 name = 1 + (u_char*)(h+1); 3408 name_len = name[-1]; 3409 passwd = name + name_len + 1; 3410 if (name_len > len - 6 || 3411 (passwd_len = passwd[-1]) > len - 6 - name_len) { 3412 if (debug) { 3413 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3414 "<%s id=0x%x len=%d", 3415 SPP_ARGS(ifp), 3416 sppp_auth_type_name(PPP_PAP, h->type), 3417 h->ident, ntohs(h->len)); 3418 if (len > 4) 3419 sppp_print_bytes((u_char*)(h+1), len-4); 3420 addlog(">\n"); 3421 } 3422 break; 3423 } 3424 if (debug) { 3425 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 3426 "<%s id=0x%x len=%d name=", 3427 SPP_ARGS(ifp), 3428 sppp_state_name(sp->state[IDX_PAP]), 3429 sppp_auth_type_name(PPP_PAP, h->type), 3430 h->ident, ntohs(h->len)); 3431 sppp_print_string((char*)name, name_len); 3432 addlog(" passwd="); 3433 sppp_print_string((char*)passwd, passwd_len); 3434 addlog(">\n"); 3435 } 3436 if (name_len > AUTHNAMELEN || 3437 passwd_len > AUTHKEYLEN || 3438 bcmp(name, sp->hisauth.name, name_len) != 0 || 3439 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 3440 /* action scn, tld */ 3441 mlen = sizeof(FAILMSG) - 1; 3442 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 3443 sizeof mlen, (const char *)&mlen, 3444 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3445 0); 3446 pap.tld(sp); 3447 break; 3448 } 3449 /* action sca, perhaps tlu */ 3450 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 3451 sp->state[IDX_PAP] == STATE_OPENED) { 3452 mlen = sizeof(SUCCMSG) - 1; 3453 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 3454 sizeof mlen, (const char *)&mlen, 3455 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3456 0); 3457 } 3458 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 3459 sppp_cp_change_state(&pap, sp, STATE_OPENED); 3460 pap.tlu(sp); 3461 } 3462 break; 3463 3464 /* ack and nak are his authproto */ 3465 case PAP_ACK: 3466 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3467 if (debug) { 3468 log(LOG_DEBUG, SPP_FMT "pap success", 3469 SPP_ARGS(ifp)); 3470 name_len = *((char *)h); 3471 if (len > 5 && name_len) { 3472 addlog(": "); 3473 sppp_print_string((char*)(h+1), name_len); 3474 } 3475 addlog("\n"); 3476 } 3477 x = splimp(); 3478 sp->pp_flags &= ~PP_NEEDAUTH; 3479 if (sp->myauth.proto == PPP_PAP && 3480 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3481 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 3482 /* 3483 * We are authenticator for PAP but didn't 3484 * complete yet. Leave it to tlu to proceed 3485 * to network phase. 3486 */ 3487 splx(x); 3488 break; 3489 } 3490 splx(x); 3491 sppp_phase_network(sp); 3492 break; 3493 3494 case PAP_NAK: 3495 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3496 if (debug) { 3497 log(LOG_INFO, SPP_FMT "pap failure", 3498 SPP_ARGS(ifp)); 3499 name_len = *((char *)h); 3500 if (len > 5 && name_len) { 3501 addlog(": "); 3502 sppp_print_string((char*)(h+1), name_len); 3503 } 3504 addlog("\n"); 3505 } else 3506 log(LOG_INFO, SPP_FMT "pap failure\n", 3507 SPP_ARGS(ifp)); 3508 /* await LCP shutdown by authenticator */ 3509 break; 3510 3511 default: 3512 /* Unknown PAP packet type -- ignore. */ 3513 if (debug) { 3514 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3515 "<0x%x id=0x%x len=%d", 3516 SPP_ARGS(ifp), 3517 h->type, h->ident, ntohs(h->len)); 3518 if (len > 4) 3519 sppp_print_bytes((u_char*)(h+1), len-4); 3520 addlog(">\n"); 3521 } 3522 break; 3523 3524 } 3525 } 3526 3527 HIDE void 3528 sppp_pap_init(struct sppp *sp) 3529 { 3530 /* PAP doesn't have STATE_INITIAL at all. */ 3531 sp->state[IDX_PAP] = STATE_CLOSED; 3532 sp->fail_counter[IDX_PAP] = 0; 3533 #if defined (__FreeBSD__) 3534 callout_handle_init(&sp->ch[IDX_PAP]); 3535 callout_handle_init(&sp->pap_my_to_ch); 3536 #endif 3537 } 3538 3539 HIDE void 3540 sppp_pap_open(struct sppp *sp) 3541 { 3542 if (sp->hisauth.proto == PPP_PAP && 3543 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3544 /* we are authenticator for PAP, start our timer */ 3545 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3546 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3547 } 3548 if (sp->myauth.proto == PPP_PAP) { 3549 /* we are peer, send a request, and start a timer */ 3550 pap.scr(sp); 3551 #if defined (__FreeBSD__) 3552 sp->pap_my_to_ch = 3553 #endif 3554 timeout(sppp_pap_my_TO, (void *)sp, sp->lcp.timeout); 3555 } 3556 } 3557 3558 HIDE void 3559 sppp_pap_close(struct sppp *sp) 3560 { 3561 if (sp->state[IDX_PAP] != STATE_CLOSED) 3562 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3563 } 3564 3565 /* 3566 * That's the timeout routine if we are authenticator. Since the 3567 * authenticator is basically passive in PAP, we can't do much here. 3568 */ 3569 HIDE void 3570 sppp_pap_TO(void *cookie) 3571 { 3572 struct sppp *sp = (struct sppp *)cookie; 3573 STDDCL; 3574 int s; 3575 3576 s = splimp(); 3577 if (debug) 3578 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 3579 SPP_ARGS(ifp), 3580 sppp_state_name(sp->state[IDX_PAP]), 3581 sp->rst_counter[IDX_PAP]); 3582 3583 if (--sp->rst_counter[IDX_PAP] < 0) 3584 /* TO- event */ 3585 switch (sp->state[IDX_PAP]) { 3586 case STATE_REQ_SENT: 3587 pap.tld(sp); 3588 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3589 break; 3590 } 3591 else 3592 /* TO+ event, not very much we could do */ 3593 switch (sp->state[IDX_PAP]) { 3594 case STATE_REQ_SENT: 3595 /* sppp_cp_change_state() will restart the timer */ 3596 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3597 break; 3598 } 3599 3600 splx(s); 3601 } 3602 3603 /* 3604 * That's the timeout handler if we are peer. Since the peer is active, 3605 * we need to retransmit our PAP request since it is apparently lost. 3606 * XXX We should impose a max counter. 3607 */ 3608 HIDE void 3609 sppp_pap_my_TO(void *cookie) 3610 { 3611 struct sppp *sp = (struct sppp *)cookie; 3612 STDDCL; 3613 3614 if (debug) 3615 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 3616 SPP_ARGS(ifp)); 3617 3618 pap.scr(sp); 3619 } 3620 3621 HIDE void 3622 sppp_pap_tlu(struct sppp *sp) 3623 { 3624 STDDCL; 3625 int x; 3626 3627 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3628 3629 if (debug) 3630 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 3631 SPP_ARGS(ifp), pap.name); 3632 3633 x = splimp(); 3634 /* indicate to LCP that we need to be closed down */ 3635 sp->lcp.protos |= (1 << IDX_PAP); 3636 3637 if (sp->pp_flags & PP_NEEDAUTH) { 3638 /* 3639 * Remote is authenticator, but his auth proto didn't 3640 * complete yet. Defer the transition to network 3641 * phase. 3642 */ 3643 splx(x); 3644 return; 3645 } 3646 splx(x); 3647 sppp_phase_network(sp); 3648 } 3649 3650 HIDE void 3651 sppp_pap_tld(struct sppp *sp) 3652 { 3653 STDDCL; 3654 3655 if (debug) 3656 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 3657 UNTIMEOUT(pap.TO, (void *)sp, sp->ch[IDX_PAP]); 3658 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3659 sp->lcp.protos &= ~(1 << IDX_PAP); 3660 3661 lcp.Close(sp); 3662 } 3663 3664 HIDE void 3665 sppp_pap_scr(struct sppp *sp) 3666 { 3667 u_char idlen, pwdlen; 3668 3669 sp->confid[IDX_PAP] = ++sp->pp_seq; 3670 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 3671 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 3672 3673 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 3674 sizeof idlen, (const char *)&idlen, 3675 (size_t)idlen, sp->myauth.name, 3676 sizeof pwdlen, (const char *)&pwdlen, 3677 (size_t)pwdlen, sp->myauth.secret, 3678 0); 3679 } 3680 /* 3681 * Random miscellaneous functions. 3682 */ 3683 3684 /* 3685 * Send a PAP or CHAP proto packet. 3686 * 3687 * Varadic function, each of the elements for the ellipsis is of type 3688 * ``size_t mlen, const u_char *msg''. Processing will stop iff 3689 * mlen == 0. 3690 */ 3691 3692 HIDE void 3693 sppp_auth_send(const struct cp *cp, struct sppp *sp, u_char type, u_char id, 3694 ...) 3695 { 3696 STDDCL; 3697 struct ppp_header *h; 3698 struct lcp_header *lh; 3699 struct mbuf *m; 3700 u_char *p; 3701 int len; 3702 size_t mlen; 3703 const char *msg; 3704 va_list ap; 3705 3706 MGETHDR (m, M_DONTWAIT, MT_DATA); 3707 if (! m) 3708 return; 3709 m->m_pkthdr.rcvif = 0; 3710 3711 h = mtod (m, struct ppp_header*); 3712 h->address = PPP_ALLSTATIONS; /* broadcast address */ 3713 h->control = PPP_UI; /* Unnumbered Info */ 3714 h->protocol = htons(cp->proto); 3715 3716 lh = (struct lcp_header*)(h + 1); 3717 lh->type = type; 3718 lh->ident = id; 3719 p = (u_char*) (lh+1); 3720 3721 va_start(ap, id); 3722 len = 0; 3723 3724 while ((mlen = va_arg(ap, size_t)) != 0) { 3725 msg = va_arg(ap, const char *); 3726 len += mlen; 3727 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 3728 va_end(ap); 3729 m_freem(m); 3730 return; 3731 } 3732 3733 bcopy(msg, p, mlen); 3734 p += mlen; 3735 } 3736 va_end(ap); 3737 3738 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 3739 lh->len = htons (LCP_HEADER_LEN + len); 3740 3741 if (debug) { 3742 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 3743 SPP_ARGS(ifp), cp->name, 3744 sppp_auth_type_name(cp->proto, lh->type), 3745 lh->ident, ntohs(lh->len)); 3746 if (len) 3747 sppp_print_bytes((u_char*) (lh+1), len); 3748 addlog(">\n"); 3749 } 3750 if (IF_QFULL (&sp->pp_cpq)) { 3751 IF_DROP (&sp->pp_fastq); 3752 IF_DROP (&ifp->if_snd); 3753 m_freem (m); 3754 ++ifp->if_oerrors; 3755 } else 3756 IF_ENQUEUE (&sp->pp_cpq, m); 3757 if (! (ifp->if_flags & IFF_OACTIVE)) 3758 (*ifp->if_start) (ifp); 3759 ifp->if_obytes += m->m_pkthdr.len + 3; 3760 } 3761 3762 /* 3763 * Flush interface queue. 3764 */ 3765 HIDE void 3766 sppp_qflush(struct ifqueue *ifq) 3767 { 3768 struct mbuf *m, *n; 3769 3770 n = ifq->ifq_head; 3771 while ((m = n)) { 3772 n = m->m_act; 3773 m_freem (m); 3774 } 3775 ifq->ifq_head = 0; 3776 ifq->ifq_tail = 0; 3777 ifq->ifq_len = 0; 3778 } 3779 3780 /* 3781 * Send keepalive packets, every 10 seconds. 3782 */ 3783 HIDE void 3784 sppp_keepalive(void *dummy) 3785 { 3786 struct sppp *sp; 3787 int s; 3788 3789 s = splimp(); 3790 for (sp=spppq; sp; sp=sp->pp_next) { 3791 struct ifnet *ifp = &sp->pp_if; 3792 3793 /* Keepalive mode disabled or channel down? */ 3794 if (! (sp->pp_flags & PP_KEEPALIVE) || 3795 ! (ifp->if_flags & IFF_RUNNING)) 3796 continue; 3797 3798 /* No keepalive in PPP mode if LCP not opened yet. */ 3799 if (! (sp->pp_flags & PP_CISCO) && 3800 sp->pp_phase < PHASE_AUTHENTICATE) 3801 continue; 3802 3803 if (sp->pp_alivecnt == MAXALIVECNT) { 3804 /* No keepalive packets got. Stop the interface. */ 3805 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 3806 if (sp->pp_flags & PP_CISCO) { 3807 if_down (ifp); 3808 sppp_qflush (&sp->pp_cpq); 3809 } else { 3810 /* Shut down the PPP link. */ 3811 lcp.Close(sp); 3812 } 3813 } 3814 if (sp->pp_alivecnt <= MAXALIVECNT) 3815 ++sp->pp_alivecnt; 3816 if (sp->pp_flags & PP_CISCO) 3817 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, ++sp->pp_seq, 3818 sp->pp_rseq); 3819 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 3820 long nmagic = htonl (sp->lcp.magic); 3821 sp->lcp.echoid = ++sp->pp_seq; 3822 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 3823 sp->lcp.echoid, 4, &nmagic); 3824 } 3825 } 3826 splx(s); 3827 #if defined (__FreeBSD__) 3828 keepalive_ch = 3829 #endif 3830 timeout(sppp_keepalive, 0, hz * 10); 3831 } 3832 3833 /* 3834 * Get both IP addresses. 3835 */ 3836 HIDE void 3837 sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 3838 { 3839 struct ifnet *ifp = &sp->pp_if; 3840 struct ifaddr *ifa; 3841 struct sockaddr_in *si, *sm = 0; 3842 u_long ssrc, ddst; 3843 3844 sm = NULL; 3845 ssrc = ddst = 0L; 3846 /* 3847 * Pick the first AF_INET address from the list, 3848 * aliases don't make any sense on a p2p link anyway. 3849 */ 3850 #if defined (__FreeBSD__) 3851 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 3852 ifa; 3853 ifa = ifa->ifa_link.tqe_next) 3854 #else 3855 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 3856 ifa; 3857 ifa = ifa->ifa_list.tqe_next) 3858 #endif 3859 if (ifa->ifa_addr->sa_family == AF_INET) { 3860 si = (struct sockaddr_in *)ifa->ifa_addr; 3861 sm = (struct sockaddr_in *)ifa->ifa_netmask; 3862 if (si) 3863 break; 3864 } 3865 if (ifa) { 3866 if (si && si->sin_addr.s_addr) { 3867 ssrc = si->sin_addr.s_addr; 3868 if (srcmask) 3869 *srcmask = ntohl(sm->sin_addr.s_addr); 3870 } 3871 3872 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 3873 if (si && si->sin_addr.s_addr) 3874 ddst = si->sin_addr.s_addr; 3875 } 3876 3877 if (dst) *dst = ntohl(ddst); 3878 if (src) *src = ntohl(ssrc); 3879 } 3880 3881 /* 3882 * Set my IP address. Must be called at splimp. 3883 */ 3884 HIDE void 3885 sppp_set_ip_addr(struct sppp *sp, u_long src) 3886 { 3887 struct ifnet *ifp = &sp->pp_if; 3888 struct ifaddr *ifa; 3889 struct sockaddr_in *si; 3890 3891 /* 3892 * Pick the first AF_INET address from the list, 3893 * aliases don't make any sense on a p2p link anyway. 3894 */ 3895 3896 #if defined (__FreeBSD__) 3897 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 3898 ifa; 3899 ifa = ifa->ifa_link.tqe_next) 3900 #else 3901 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 3902 ifa; 3903 ifa = ifa->ifa_list.tqe_next) 3904 #endif 3905 { 3906 if (ifa->ifa_addr->sa_family == AF_INET) 3907 { 3908 si = (struct sockaddr_in *)ifa->ifa_addr; 3909 if (si) 3910 break; 3911 } 3912 } 3913 3914 if (ifa && si) 3915 si->sin_addr.s_addr = htonl(src); 3916 } 3917 3918 HIDE int 3919 sppp_params(struct sppp *sp, u_long cmd, void *data) 3920 { 3921 struct ifreq *ifr = (struct ifreq *)data; 3922 struct spppreq spr; 3923 3924 if (copyin((caddr_t)ifr->ifr_data, &spr, sizeof spr) != 0) 3925 return EFAULT; 3926 3927 switch (spr.cmd) { 3928 case SPPPIOGDEFS: 3929 if (cmd != SIOCGIFGENERIC) 3930 return EINVAL; 3931 /* 3932 * We copy over the entire current state, but clean 3933 * out some of the stuff we don't wanna pass up. 3934 * Remember, SIOCGIFGENERIC is unprotected, and can be 3935 * called by any user. No need to ever get PAP or 3936 * CHAP secrets back to userland anyway. 3937 */ 3938 bcopy(sp, &spr.defs, sizeof(struct sppp)); 3939 bzero(spr.defs.myauth.secret, AUTHKEYLEN); 3940 bzero(spr.defs.myauth.challenge, AUTHKEYLEN); 3941 bzero(spr.defs.hisauth.secret, AUTHKEYLEN); 3942 bzero(spr.defs.hisauth.challenge, AUTHKEYLEN); 3943 return copyout(&spr, (caddr_t)ifr->ifr_data, sizeof spr); 3944 3945 case SPPPIOSDEFS: 3946 if (cmd != SIOCSIFGENERIC) 3947 return EINVAL; 3948 /* 3949 * We have a very specific idea of which fields we allow 3950 * being passed back from userland, so to not clobber our 3951 * current state. For one, we only allow setting 3952 * anything if LCP is in dead phase. Once the LCP 3953 * negotiations started, the authentication settings must 3954 * not be changed again. (The administrator can force an 3955 * ifconfig down in order to get LCP back into dead 3956 * phase.) 3957 * 3958 * Also, we only allow for authentication parameters to be 3959 * specified. 3960 * 3961 * XXX Should allow to set or clear pp_flags. 3962 * 3963 * Finally, if the respective authentication protocol to 3964 * be used is set differently than 0, but the secret is 3965 * passed as all zeros, we don't trash the existing secret. 3966 * This allows an administrator to change the system name 3967 * only without clobbering the secret (which he didn't get 3968 * back in a previous SPPPIOGDEFS call). However, the 3969 * secrets are cleared if the authentication protocol is 3970 * reset to 0. 3971 */ 3972 if (sp->pp_phase != PHASE_DEAD) 3973 return EBUSY; 3974 3975 if ((spr.defs.myauth.proto != 0 && spr.defs.myauth.proto != PPP_PAP && 3976 spr.defs.myauth.proto != PPP_CHAP) || 3977 (spr.defs.hisauth.proto != 0 && spr.defs.hisauth.proto != PPP_PAP && 3978 spr.defs.hisauth.proto != PPP_CHAP)) 3979 return EINVAL; 3980 3981 if (spr.defs.myauth.proto == 0) 3982 /* resetting myauth */ 3983 bzero(&sp->myauth, sizeof sp->myauth); 3984 else { 3985 /* setting/changing myauth */ 3986 sp->myauth.proto = spr.defs.myauth.proto; 3987 bcopy(spr.defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 3988 if (spr.defs.myauth.secret[0] != '\0') 3989 bcopy(spr.defs.myauth.secret, sp->myauth.secret, 3990 AUTHKEYLEN); 3991 } 3992 if (spr.defs.hisauth.proto == 0) 3993 /* resetting hisauth */ 3994 bzero(&sp->hisauth, sizeof sp->hisauth); 3995 else { 3996 /* setting/changing hisauth */ 3997 sp->hisauth.proto = spr.defs.hisauth.proto; 3998 sp->hisauth.flags = spr.defs.hisauth.flags; 3999 bcopy(spr.defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 4000 if (spr.defs.hisauth.secret[0] != '\0') 4001 bcopy(spr.defs.hisauth.secret, sp->hisauth.secret, 4002 AUTHKEYLEN); 4003 } 4004 break; 4005 4006 default: 4007 return EINVAL; 4008 } 4009 4010 return 0; 4011 } 4012 4013 HIDE void 4014 sppp_phase_network(struct sppp *sp) 4015 { 4016 struct ifnet *ifp = &sp->pp_if; 4017 int i; 4018 u_long mask; 4019 4020 sp->pp_phase = PHASE_NETWORK; 4021 4022 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 4023 sppp_phase_name(sp->pp_phase)); 4024 4025 /* Notify NCPs now. */ 4026 for (i = 0; i < IDX_COUNT; i++) 4027 if ((cps[i])->flags & CP_NCP) 4028 (cps[i])->Open(sp); 4029 4030 /* Send Up events to all NCPs. */ 4031 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 4032 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP)) 4033 (cps[i])->Up(sp); 4034 4035 /* if no NCP is starting, all this was in vain, close down */ 4036 sppp_lcp_check_and_close(sp); 4037 } 4038 4039 4040 HIDE const char * 4041 sppp_cp_type_name(u_char type) 4042 { 4043 static char buf[12]; 4044 switch (type) { 4045 case CONF_REQ: return "conf-req"; 4046 case CONF_ACK: return "conf-ack"; 4047 case CONF_NAK: return "conf-nak"; 4048 case CONF_REJ: return "conf-rej"; 4049 case TERM_REQ: return "term-req"; 4050 case TERM_ACK: return "term-ack"; 4051 case CODE_REJ: return "code-rej"; 4052 case PROTO_REJ: return "proto-rej"; 4053 case ECHO_REQ: return "echo-req"; 4054 case ECHO_REPLY: return "echo-reply"; 4055 case DISC_REQ: return "discard-req"; 4056 } 4057 sprintf (buf, "0x%x", type); 4058 return buf; 4059 } 4060 4061 HIDE const char * 4062 sppp_auth_type_name(u_short proto, u_char type) 4063 { 4064 static char buf[12]; 4065 switch (proto) { 4066 case PPP_CHAP: 4067 switch (type) { 4068 case CHAP_CHALLENGE: return "challenge"; 4069 case CHAP_RESPONSE: return "response"; 4070 case CHAP_SUCCESS: return "success"; 4071 case CHAP_FAILURE: return "failure"; 4072 } 4073 case PPP_PAP: 4074 switch (type) { 4075 case PAP_REQ: return "req"; 4076 case PAP_ACK: return "ack"; 4077 case PAP_NAK: return "nak"; 4078 } 4079 } 4080 sprintf (buf, "0x%x", type); 4081 return buf; 4082 } 4083 4084 HIDE const char * 4085 sppp_lcp_opt_name(u_char opt) 4086 { 4087 static char buf[12]; 4088 switch (opt) { 4089 case LCP_OPT_MRU: return "mru"; 4090 case LCP_OPT_ASYNC_MAP: return "async-map"; 4091 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 4092 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 4093 case LCP_OPT_MAGIC: return "magic"; 4094 case LCP_OPT_PROTO_COMP: return "proto-comp"; 4095 case LCP_OPT_ADDR_COMP: return "addr-comp"; 4096 } 4097 sprintf (buf, "0x%x", opt); 4098 return buf; 4099 } 4100 4101 HIDE const char * 4102 sppp_ipcp_opt_name(u_char opt) 4103 { 4104 static char buf[12]; 4105 switch (opt) { 4106 case IPCP_OPT_ADDRESSES: return "addresses"; 4107 case IPCP_OPT_COMPRESSION: return "compression"; 4108 case IPCP_OPT_ADDRESS: return "address"; 4109 } 4110 sprintf (buf, "0x%x", opt); 4111 return buf; 4112 } 4113 4114 HIDE const char * 4115 sppp_state_name(int state) 4116 { 4117 switch (state) { 4118 case STATE_INITIAL: return "initial"; 4119 case STATE_STARTING: return "starting"; 4120 case STATE_CLOSED: return "closed"; 4121 case STATE_STOPPED: return "stopped"; 4122 case STATE_CLOSING: return "closing"; 4123 case STATE_STOPPING: return "stopping"; 4124 case STATE_REQ_SENT: return "req-sent"; 4125 case STATE_ACK_RCVD: return "ack-rcvd"; 4126 case STATE_ACK_SENT: return "ack-sent"; 4127 case STATE_OPENED: return "opened"; 4128 } 4129 return "illegal"; 4130 } 4131 4132 HIDE const char * 4133 sppp_phase_name(enum ppp_phase phase) 4134 { 4135 switch (phase) { 4136 case PHASE_DEAD: return "dead"; 4137 case PHASE_ESTABLISH: return "establish"; 4138 case PHASE_TERMINATE: return "terminate"; 4139 case PHASE_AUTHENTICATE: return "authenticate"; 4140 case PHASE_NETWORK: return "network"; 4141 } 4142 return "illegal"; 4143 } 4144 4145 HIDE const char * 4146 sppp_proto_name(u_short proto) 4147 { 4148 static char buf[12]; 4149 switch (proto) { 4150 case PPP_LCP: return "lcp"; 4151 case PPP_IPCP: return "ipcp"; 4152 case PPP_PAP: return "pap"; 4153 case PPP_CHAP: return "chap"; 4154 } 4155 sprintf(buf, "0x%x", (unsigned)proto); 4156 return buf; 4157 } 4158 4159 HIDE void 4160 sppp_print_bytes(const u_char *p, u_short len) 4161 { 4162 addlog(" %02x", *p++); 4163 while (--len > 0) 4164 addlog("-%02x", *p++); 4165 } 4166 4167 HIDE void 4168 sppp_print_string(const char *p, u_short len) 4169 { 4170 u_char c; 4171 4172 while (len-- > 0) { 4173 c = *p++; 4174 /* 4175 * Print only ASCII chars directly. RFC 1994 recommends 4176 * using only them, but we don't rely on it. */ 4177 if (c < ' ' || c > '~') 4178 addlog("\\x%x", c); 4179 else 4180 addlog("%c", c); 4181 } 4182 } 4183 4184 HIDE const char * 4185 sppp_dotted_quad(u_long addr) 4186 { 4187 static char s[16]; 4188 sprintf(s, "%d.%d.%d.%d", 4189 (int)((addr >> 24) & 0xff), 4190 (int)((addr >> 16) & 0xff), 4191 (int)((addr >> 8) & 0xff), 4192 (int)(addr & 0xff)); 4193 return s; 4194 } 4195 4196 HIDE int 4197 sppp_strnlen(u_char *p, int max) 4198 { 4199 int len; 4200 4201 for (len = 0; len < max && *p; ++p) 4202 ++len; 4203 return len; 4204 } 4205 4206 /* a dummy, used to drop uninteresting events */ 4207 HIDE void 4208 sppp_null(struct sppp *unused) 4209 { 4210 /* do just nothing */ 4211 } 4212 /* 4213 * This file is large. Tell emacs to highlight it nevertheless. 4214 * 4215 * Local Variables: 4216 * hilit-auto-highlight-maxout: 120000 4217 * End: 4218 */ 4219