1 /* $OpenBSD: if_spppsubr.c,v 1.193 2024/05/13 01:15:53 jsg Exp $ */ 2 /* 3 * Synchronous PPP link level subroutines. 4 * 5 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 6 * Author: Serge Vakulenko, <vak@cronyx.ru> 7 * 8 * Heavily revamped to conform to RFC 1661. 9 * Copyright (C) 1997, Joerg Wunsch. 10 * 11 * RFC2472 IPv6CP support. 12 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun@iijlab.net>. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions are met: 16 * 1. Redistributions of source code must retain the above copyright notice, 17 * this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright notice, 19 * this list of conditions and the following disclaimer in the documentation 20 * and/or other materials provided with the distribution. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY 23 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE 26 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 29 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 32 * POSSIBILITY OF SUCH DAMAGE. 33 * 34 * From: Version 2.6, Tue May 12 17:10:39 MSD 1998 35 */ 36 37 #include <sys/param.h> 38 39 #include <sys/systm.h> 40 #include <sys/kernel.h> 41 #include <sys/sockio.h> 42 #include <sys/socket.h> 43 #include <sys/syslog.h> 44 #include <sys/malloc.h> 45 #include <sys/mbuf.h> 46 47 #include <sys/timeout.h> 48 #include <crypto/md5.h> 49 50 #include <net/if.h> 51 #include <net/if_var.h> 52 #include <net/netisr.h> 53 #include <net/if_types.h> 54 #include <net/route.h> 55 56 #include <sys/stdarg.h> 57 58 #include <netinet/in.h> 59 #include <netinet/in_var.h> 60 #include <netinet/ip.h> 61 62 #ifdef INET6 63 #include <netinet6/in6_ifattach.h> 64 #endif 65 66 #include <net/if_sppp.h> 67 68 # define UNTIMEOUT(fun, arg, handle) \ 69 timeout_del(&(handle)) 70 71 #define MAXALIVECNT 3 /* max. missed alive packets */ 72 #define NORECV_TIME 15 /* before we get worried */ 73 74 /* 75 * Interface flags that can be set in an ifconfig command. 76 * 77 * Setting link0 will make the link passive, i.e. it will be marked 78 * as being administrative openable, but won't be opened to begin 79 * with. Incoming calls will be answered, or subsequent calls with 80 * -link1 will cause the administrative open of the LCP layer. 81 * 82 * Setting link1 will cause the link to auto-dial only as packets 83 * arrive to be sent. 84 * 85 * Setting IFF_DEBUG will syslog the option negotiation and state 86 * transitions at level kern.debug. Note: all logs consistently look 87 * like 88 * 89 * <if-name><unit>: <proto-name> <additional info...> 90 * 91 * with <if-name><unit> being something like "bppp0", and <proto-name> 92 * being one of "lcp", "ipcp", "chap", "pap", etc. 93 */ 94 95 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 96 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 97 98 #define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 99 #define PPP_UI 0x03 /* Unnumbered Information */ 100 #define PPP_IP 0x0021 /* Internet Protocol */ 101 #define PPP_ISO 0x0023 /* ISO OSI Protocol */ 102 #define PPP_XNS 0x0025 /* Xerox NS Protocol */ 103 #define PPP_IPX 0x002b /* Novell IPX Protocol */ 104 #define PPP_IPV6 0x0057 /* Internet Protocol v6 */ 105 #define PPP_LCP 0xc021 /* Link Control Protocol */ 106 #define PPP_PAP 0xc023 /* Password Authentication Protocol */ 107 #define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 108 #define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 109 #define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 110 111 #define CONF_REQ 1 /* PPP configure request */ 112 #define CONF_ACK 2 /* PPP configure acknowledge */ 113 #define CONF_NAK 3 /* PPP configure negative ack */ 114 #define CONF_REJ 4 /* PPP configure reject */ 115 #define TERM_REQ 5 /* PPP terminate request */ 116 #define TERM_ACK 6 /* PPP terminate acknowledge */ 117 #define CODE_REJ 7 /* PPP code reject */ 118 #define PROTO_REJ 8 /* PPP protocol reject */ 119 #define ECHO_REQ 9 /* PPP echo request */ 120 #define ECHO_REPLY 10 /* PPP echo reply */ 121 #define DISC_REQ 11 /* PPP discard request */ 122 123 #define LCP_OPT_MRU 1 /* maximum receive unit */ 124 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 125 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 126 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 127 #define LCP_OPT_MAGIC 5 /* magic number */ 128 #define LCP_OPT_RESERVED 6 /* reserved */ 129 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 130 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 131 132 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 133 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 134 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 135 #define IPCP_OPT_PRIMDNS 129 /* primary remote dns address */ 136 #define IPCP_OPT_SECDNS 131 /* secondary remote dns address */ 137 138 /* bitmask value to enable or disable individual IPCP options */ 139 #define SPPP_IPCP_OPT_ADDRESSES 1 140 #define SPPP_IPCP_OPT_COMPRESSION 2 141 #define SPPP_IPCP_OPT_ADDRESS 3 142 #define SPPP_IPCP_OPT_PRIMDNS 4 143 #define SPPP_IPCP_OPT_SECDNS 5 144 145 #define IPV6CP_OPT_IFID 1 /* interface identifier */ 146 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 147 148 #define PAP_REQ 1 /* PAP name/password request */ 149 #define PAP_ACK 2 /* PAP acknowledge */ 150 #define PAP_NAK 3 /* PAP fail */ 151 152 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 153 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 154 #define CHAP_SUCCESS 3 /* CHAP response ok */ 155 #define CHAP_FAILURE 4 /* CHAP response failed */ 156 157 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 158 159 /* states are named and numbered according to RFC 1661 */ 160 #define STATE_INITIAL 0 161 #define STATE_STARTING 1 162 #define STATE_CLOSED 2 163 #define STATE_STOPPED 3 164 #define STATE_CLOSING 4 165 #define STATE_STOPPING 5 166 #define STATE_REQ_SENT 6 167 #define STATE_ACK_RCVD 7 168 #define STATE_ACK_SENT 8 169 #define STATE_OPENED 9 170 171 #define PKTHDRLEN 2 172 173 struct ppp_header { 174 u_char address; 175 u_char control; 176 u_short protocol; 177 }; 178 #define PPP_HEADER_LEN sizeof (struct ppp_header) 179 180 struct lcp_header { 181 u_char type; 182 u_char ident; 183 u_short len; 184 }; 185 #define LCP_HEADER_LEN sizeof (struct lcp_header) 186 187 /* 188 * We follow the spelling and capitalization of RFC 1661 here, to make 189 * it easier comparing with the standard. Please refer to this RFC in 190 * case you can't make sense out of these abbreviation; it will also 191 * explain the semantics related to the various events and actions. 192 */ 193 struct cp { 194 u_short proto; /* PPP control protocol number */ 195 u_char protoidx; /* index into state table in struct sppp */ 196 u_char flags; 197 #define CP_LCP 0x01 /* this is the LCP */ 198 #define CP_AUTH 0x02 /* this is an authentication protocol */ 199 #define CP_NCP 0x04 /* this is a NCP */ 200 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 201 const char *name; /* name of this control protocol */ 202 /* event handlers */ 203 void (*Up)(struct sppp *sp); 204 void (*Down)(struct sppp *sp); 205 void (*Open)(struct sppp *sp); 206 void (*Close)(struct sppp *sp); 207 void (*TO)(void *sp); 208 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 209 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 210 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 211 /* actions */ 212 void (*tlu)(struct sppp *sp); 213 void (*tld)(struct sppp *sp); 214 void (*tls)(struct sppp *sp); 215 void (*tlf)(struct sppp *sp); 216 void (*scr)(struct sppp *sp); 217 }; 218 219 static struct sppp *spppq; 220 static struct timeout keepalive_ch; 221 222 #define SPP_FMT "%s: " 223 #define SPP_ARGS(ifp) (ifp)->if_xname 224 225 /* almost every function needs these */ 226 #define STDDCL \ 227 struct ifnet *ifp = &sp->pp_if; \ 228 int debug = ifp->if_flags & IFF_DEBUG 229 230 int sppp_output(struct ifnet *ifp, struct mbuf *m, 231 struct sockaddr *dst, struct rtentry *rt); 232 233 void sppp_cp_input(const struct cp *cp, struct sppp *sp, 234 struct mbuf *m); 235 void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 236 u_char ident, u_short len, void *data); 237 void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 238 int newstate); 239 void sppp_auth_send(const struct cp *cp, 240 struct sppp *sp, unsigned int type, u_int id, 241 ...); 242 243 void sppp_up_event(const struct cp *cp, struct sppp *sp); 244 void sppp_down_event(const struct cp *cp, struct sppp *sp); 245 void sppp_open_event(const struct cp *cp, struct sppp *sp); 246 void sppp_close_event(const struct cp *cp, struct sppp *sp); 247 void sppp_increasing_timeout(const struct cp *cp, struct sppp *sp); 248 void sppp_to_event(const struct cp *cp, struct sppp *sp); 249 250 void sppp_null(struct sppp *sp); 251 252 void sppp_lcp_init(struct sppp *sp); 253 void sppp_lcp_up(struct sppp *sp); 254 void sppp_lcp_down(struct sppp *sp); 255 void sppp_lcp_open(struct sppp *sp); 256 void sppp_lcp_close(struct sppp *sp); 257 void sppp_lcp_TO(void *sp); 258 int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 259 void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 260 void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 261 void sppp_lcp_tlu(struct sppp *sp); 262 void sppp_lcp_tld(struct sppp *sp); 263 void sppp_lcp_tls(struct sppp *sp); 264 void sppp_lcp_tlf(struct sppp *sp); 265 void sppp_lcp_scr(struct sppp *sp); 266 void sppp_lcp_check_and_close(struct sppp *sp); 267 int sppp_ncp_check(struct sppp *sp); 268 269 void sppp_ipcp_init(struct sppp *sp); 270 void sppp_ipcp_destroy(struct sppp *sp); 271 void sppp_ipcp_up(struct sppp *sp); 272 void sppp_ipcp_down(struct sppp *sp); 273 void sppp_ipcp_open(struct sppp *sp); 274 void sppp_ipcp_close(struct sppp *sp); 275 void sppp_ipcp_TO(void *sp); 276 int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 277 void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 278 void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 279 void sppp_ipcp_tlu(struct sppp *sp); 280 void sppp_ipcp_tld(struct sppp *sp); 281 void sppp_ipcp_tls(struct sppp *sp); 282 void sppp_ipcp_tlf(struct sppp *sp); 283 void sppp_ipcp_scr(struct sppp *sp); 284 285 void sppp_ipv6cp_init(struct sppp *sp); 286 void sppp_ipv6cp_destroy(struct sppp *sp); 287 void sppp_ipv6cp_up(struct sppp *sp); 288 void sppp_ipv6cp_down(struct sppp *sp); 289 void sppp_ipv6cp_open(struct sppp *sp); 290 void sppp_ipv6cp_close(struct sppp *sp); 291 void sppp_ipv6cp_TO(void *sp); 292 int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 293 void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 294 void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 295 void sppp_ipv6cp_tlu(struct sppp *sp); 296 void sppp_ipv6cp_tld(struct sppp *sp); 297 void sppp_ipv6cp_tls(struct sppp *sp); 298 void sppp_ipv6cp_tlf(struct sppp *sp); 299 void sppp_ipv6cp_scr(struct sppp *sp); 300 const char *sppp_ipv6cp_opt_name(u_char opt); 301 void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 302 struct in6_addr *dst, struct in6_addr *srcmask); 303 void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src, const struct in6_addr *dst); 304 void sppp_update_ip6_addr(void *sp); 305 void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest); 306 307 void sppp_pap_input(struct sppp *sp, struct mbuf *m); 308 void sppp_pap_init(struct sppp *sp); 309 void sppp_pap_open(struct sppp *sp); 310 void sppp_pap_close(struct sppp *sp); 311 void sppp_pap_TO(void *sp); 312 void sppp_pap_my_TO(void *sp); 313 void sppp_pap_tlu(struct sppp *sp); 314 void sppp_pap_tld(struct sppp *sp); 315 void sppp_pap_scr(struct sppp *sp); 316 317 void sppp_chap_input(struct sppp *sp, struct mbuf *m); 318 void sppp_chap_init(struct sppp *sp); 319 void sppp_chap_open(struct sppp *sp); 320 void sppp_chap_close(struct sppp *sp); 321 void sppp_chap_TO(void *sp); 322 void sppp_chap_tlu(struct sppp *sp); 323 void sppp_chap_tld(struct sppp *sp); 324 void sppp_chap_scr(struct sppp *sp); 325 326 const char *sppp_auth_type_name(u_short proto, u_char type); 327 const char *sppp_cp_type_name(u_char type); 328 const char *sppp_dotted_quad(u_int32_t addr); 329 const char *sppp_ipcp_opt_name(u_char opt); 330 const char *sppp_lcp_opt_name(u_char opt); 331 const char *sppp_phase_name(enum ppp_phase phase); 332 const char *sppp_proto_name(u_short proto); 333 const char *sppp_state_name(int state); 334 int sppp_get_params(struct sppp *sp, struct ifreq *data); 335 int sppp_set_params(struct sppp *sp, struct ifreq *data); 336 void sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, 337 u_int32_t *srcmask); 338 void sppp_keepalive(void *dummy); 339 void sppp_phase_network(struct sppp *sp); 340 void sppp_print_bytes(const u_char *p, u_short len); 341 void sppp_print_string(const char *p, u_short len); 342 int sppp_update_gw_walker(struct rtentry *rt, void *arg, unsigned int id); 343 void sppp_update_gw(struct ifnet *ifp); 344 void sppp_set_ip_addrs(void *); 345 void sppp_clear_ip_addrs(void *); 346 void sppp_set_phase(struct sppp *sp); 347 void sppp_update_dns(struct ifnet *ifp); 348 void sppp_rtrequest(struct ifnet *ifp, int req, struct rtentry *rt); 349 350 /* our control protocol descriptors */ 351 static const struct cp lcp = { 352 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 353 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 354 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 355 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 356 sppp_lcp_scr 357 }; 358 359 static const struct cp ipcp = { 360 PPP_IPCP, IDX_IPCP, 361 CP_NCP, 362 "ipcp", 363 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 364 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 365 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 366 sppp_ipcp_scr 367 }; 368 369 static const struct cp ipv6cp = { 370 PPP_IPV6CP, IDX_IPV6CP, 371 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 372 CP_NCP, 373 #else 374 0, 375 #endif 376 "ipv6cp", 377 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 378 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 379 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 380 sppp_ipv6cp_scr 381 }; 382 383 static const struct cp pap = { 384 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 385 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 386 sppp_pap_TO, 0, 0, 0, 387 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 388 sppp_pap_scr 389 }; 390 391 static const struct cp chap = { 392 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 393 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 394 sppp_chap_TO, 0, 0, 0, 395 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 396 sppp_chap_scr 397 }; 398 399 static const struct cp *cps[IDX_COUNT] = { 400 &lcp, /* IDX_LCP */ 401 &ipcp, /* IDX_IPCP */ 402 &ipv6cp, /* IDX_IPV6CP */ 403 &pap, /* IDX_PAP */ 404 &chap, /* IDX_CHAP */ 405 }; 406 407 408 /* 409 * Exported functions, comprising our interface to the lower layer. 410 */ 411 412 /* Workaround */ 413 void 414 spppattach(struct ifnet *ifp) 415 { 416 } 417 418 /* 419 * Process the received packet. 420 */ 421 void 422 sppp_input(struct ifnet *ifp, struct mbuf *m) 423 { 424 struct ppp_header ht; 425 struct sppp *sp = (struct sppp *)ifp; 426 struct timeval tv; 427 int debug = ifp->if_flags & IFF_DEBUG; 428 429 getmicrouptime(&tv); 430 431 if (ifp->if_flags & IFF_UP) { 432 /* Count received bytes, add hardware framing */ 433 ifp->if_ibytes += m->m_pkthdr.len + sp->pp_framebytes; 434 /* Note time of last receive */ 435 sp->pp_last_receive = tv.tv_sec; 436 } 437 438 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 439 /* Too small packet, drop it. */ 440 if (debug) 441 log(LOG_DEBUG, 442 SPP_FMT "input packet is too small, %d bytes\n", 443 SPP_ARGS(ifp), m->m_pkthdr.len); 444 drop: 445 m_freem (m); 446 ++ifp->if_ierrors; 447 ++ifp->if_iqdrops; 448 return; 449 } 450 451 /* mark incoming routing domain */ 452 m->m_pkthdr.ph_rtableid = ifp->if_rdomain; 453 454 m_copydata(m, 0, sizeof(ht.protocol), (caddr_t)&ht.protocol); 455 m_adj(m, 2); 456 ht.control = PPP_UI; 457 ht.address = PPP_ALLSTATIONS; 458 459 /* preserve the alignment */ 460 if (m->m_len < m->m_pkthdr.len) { 461 m = m_pullup(m, m->m_pkthdr.len); 462 if (m == NULL) { 463 if (debug) 464 log(LOG_DEBUG, 465 SPP_FMT "Failed to align packet!\n", SPP_ARGS(ifp)); 466 ++ifp->if_ierrors; 467 ++ifp->if_iqdrops; 468 return; 469 } 470 } 471 472 switch (ht.address) { 473 case PPP_ALLSTATIONS: 474 if (ht.control != PPP_UI) 475 goto invalid; 476 switch (ntohs (ht.protocol)) { 477 default: 478 if (sp->state[IDX_LCP] == STATE_OPENED) 479 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 480 ++sp->pp_seq, 2, &ht.protocol); 481 if (debug) 482 log(LOG_DEBUG, 483 SPP_FMT "invalid input protocol " 484 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 485 SPP_ARGS(ifp), 486 ht.address, ht.control, ntohs(ht.protocol)); 487 ++ifp->if_noproto; 488 goto drop; 489 case PPP_LCP: 490 sppp_cp_input(&lcp, sp, m); 491 m_freem (m); 492 return; 493 case PPP_PAP: 494 if (sp->pp_phase >= PHASE_AUTHENTICATE) 495 sppp_pap_input(sp, m); 496 m_freem (m); 497 return; 498 case PPP_CHAP: 499 if (sp->pp_phase >= PHASE_AUTHENTICATE) 500 sppp_chap_input(sp, m); 501 m_freem (m); 502 return; 503 case PPP_IPCP: 504 if (sp->pp_phase == PHASE_NETWORK) 505 sppp_cp_input(&ipcp, sp, m); 506 m_freem (m); 507 return; 508 case PPP_IP: 509 if (sp->state[IDX_IPCP] == STATE_OPENED) { 510 sp->pp_last_activity = tv.tv_sec; 511 if (ifp->if_flags & IFF_UP) { 512 ipv4_input(ifp, m); 513 return; 514 } 515 } 516 break; 517 #ifdef INET6 518 case PPP_IPV6CP: 519 if (sp->pp_phase == PHASE_NETWORK) 520 sppp_cp_input(&ipv6cp, sp, m); 521 m_freem (m); 522 return; 523 case PPP_IPV6: 524 if (sp->state[IDX_IPV6CP] == STATE_OPENED) { 525 sp->pp_last_activity = tv.tv_sec; 526 if (ifp->if_flags & IFF_UP) { 527 ipv6_input(ifp, m); 528 return; 529 } 530 } 531 break; 532 #endif 533 } 534 break; 535 default: /* Invalid PPP packet. */ 536 invalid: 537 if (debug) 538 log(LOG_DEBUG, 539 SPP_FMT "invalid input packet " 540 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 541 SPP_ARGS(ifp), 542 ht.address, ht.control, ntohs(ht.protocol)); 543 goto drop; 544 } 545 546 goto drop; 547 } 548 549 /* 550 * Enqueue transmit packet. 551 */ 552 int 553 sppp_output(struct ifnet *ifp, struct mbuf *m, 554 struct sockaddr *dst, struct rtentry *rt) 555 { 556 struct sppp *sp = (struct sppp*) ifp; 557 struct timeval tv; 558 int s, rv = 0; 559 u_int16_t protocol; 560 561 #ifdef DIAGNOSTIC 562 if (ifp->if_rdomain != rtable_l2(m->m_pkthdr.ph_rtableid)) { 563 printf("%s: trying to send packet on wrong domain. " 564 "if %d vs. mbuf %d, AF %d\n", ifp->if_xname, 565 ifp->if_rdomain, rtable_l2(m->m_pkthdr.ph_rtableid), 566 dst->sa_family); 567 } 568 #endif 569 570 s = splnet(); 571 572 getmicrouptime(&tv); 573 sp->pp_last_activity = tv.tv_sec; 574 575 if ((ifp->if_flags & IFF_UP) == 0 || 576 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 577 m_freem (m); 578 splx (s); 579 return (ENETDOWN); 580 } 581 582 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 583 /* 584 * Interface is not yet running, but auto-dial. Need 585 * to start LCP for it. 586 */ 587 ifp->if_flags |= IFF_RUNNING; 588 splx(s); 589 lcp.Open(sp); 590 s = splnet(); 591 } 592 593 if (dst->sa_family == AF_INET) { 594 struct ip *ip = NULL; 595 596 if (m->m_len >= sizeof(struct ip)) 597 ip = mtod(m, struct ip *); 598 599 /* 600 * When using dynamic local IP address assignment by using 601 * 0.0.0.0 as a local address, the first TCP session will 602 * not connect because the local TCP checksum is computed 603 * using 0.0.0.0 which will later become our real IP address 604 * so the TCP checksum computed at the remote end will 605 * become invalid. So we 606 * - don't let packets with src ip addr 0 thru 607 * - we flag TCP packets with src ip 0 as an error 608 */ 609 610 if (ip && ip->ip_src.s_addr == INADDR_ANY) { 611 u_int8_t proto = ip->ip_p; 612 613 m_freem(m); 614 splx(s); 615 if (proto == IPPROTO_TCP) 616 return (EADDRNOTAVAIL); 617 else 618 return (0); 619 } 620 } 621 622 switch (dst->sa_family) { 623 case AF_INET: /* Internet Protocol */ 624 /* 625 * Don't choke with an ENETDOWN early. It's 626 * possible that we just started dialing out, 627 * so don't drop the packet immediately. If 628 * we notice that we run out of buffer space 629 * below, we will however remember that we are 630 * not ready to carry IP packets, and return 631 * ENETDOWN, as opposed to ENOBUFS. 632 */ 633 protocol = htons(PPP_IP); 634 if (sp->state[IDX_IPCP] != STATE_OPENED) 635 rv = ENETDOWN; 636 break; 637 #ifdef INET6 638 case AF_INET6: /* Internet Protocol v6 */ 639 /* 640 * Don't choke with an ENETDOWN early. It's 641 * possible that we just started dialing out, 642 * so don't drop the packet immediately. If 643 * we notice that we run out of buffer space 644 * below, we will however remember that we are 645 * not ready to carry IPv6 packets, and return 646 * ENETDOWN, as opposed to ENOBUFS. 647 */ 648 protocol = htons(PPP_IPV6); 649 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 650 rv = ENETDOWN; 651 break; 652 #endif 653 default: 654 m_freem(m); 655 ++ifp->if_oerrors; 656 splx(s); 657 return (EAFNOSUPPORT); 658 } 659 660 M_PREPEND(m, 2, M_DONTWAIT); 661 if (m == NULL) { 662 if (ifp->if_flags & IFF_DEBUG) 663 log(LOG_DEBUG, SPP_FMT 664 "no memory for transmit header\n", 665 SPP_ARGS(ifp)); 666 ++ifp->if_oerrors; 667 splx(s); 668 return (rv ? rv : ENOBUFS); 669 } 670 *mtod(m, u_int16_t *) = protocol; 671 672 /* 673 * Queue message on interface, and start output if interface 674 * not yet active. 675 */ 676 rv = if_enqueue(ifp, m); 677 if (rv != 0) { 678 ifp->if_oerrors++; 679 splx(s); 680 return (rv); 681 } 682 683 /* 684 * Count output packets and bytes. 685 * The packet length includes header, FCS and 1 flag, 686 * according to RFC 1333. 687 */ 688 ifp->if_obytes += sp->pp_framebytes; 689 splx(s); 690 691 return (0); 692 } 693 694 void 695 sppp_attach(struct ifnet *ifp) 696 { 697 struct sppp *sp = (struct sppp*) ifp; 698 int i; 699 700 /* Initialize keepalive handler. */ 701 if (! spppq) { 702 timeout_set_proc(&keepalive_ch, sppp_keepalive, NULL); 703 timeout_add_sec(&keepalive_ch, 10); 704 } 705 706 /* Insert new entry into the keepalive list. */ 707 sp->pp_next = spppq; 708 spppq = sp; 709 710 sp->pp_if.if_type = IFT_PPP; 711 sp->pp_if.if_output = sppp_output; 712 sp->pp_if.if_rtrequest = sppp_rtrequest; 713 ifq_init_maxlen(&sp->pp_if.if_snd, 50); 714 mq_init(&sp->pp_cpq, 50, IPL_NET); 715 sp->pp_loopcnt = 0; 716 sp->pp_alivecnt = 0; 717 sp->pp_last_activity = 0; 718 sp->pp_last_receive = 0; 719 sp->pp_seq = 0; 720 sp->pp_rseq = 0; 721 sp->pp_phase = PHASE_DEAD; 722 sp->pp_up = lcp.Up; 723 sp->pp_down = lcp.Down; 724 725 for (i = 0; i < IDX_COUNT; i++) 726 timeout_set(&sp->ch[i], (cps[i])->TO, (void *)sp); 727 timeout_set(&sp->pap_my_to_ch, sppp_pap_my_TO, (void *)sp); 728 729 sppp_lcp_init(sp); 730 sppp_ipcp_init(sp); 731 sppp_ipv6cp_init(sp); 732 sppp_pap_init(sp); 733 sppp_chap_init(sp); 734 } 735 736 void 737 sppp_detach(struct ifnet *ifp) 738 { 739 struct sppp **q, *p, *sp = (struct sppp*) ifp; 740 int i; 741 742 sppp_ipcp_destroy(sp); 743 sppp_ipv6cp_destroy(sp); 744 745 /* Remove the entry from the keepalive list. */ 746 for (q = &spppq; (p = *q); q = &p->pp_next) 747 if (p == sp) { 748 *q = p->pp_next; 749 break; 750 } 751 752 /* Stop keepalive handler. */ 753 if (! spppq) 754 UNTIMEOUT(sppp_keepalive, 0, keepalive_ch); 755 756 for (i = 0; i < IDX_COUNT; i++) 757 UNTIMEOUT((cps[i])->TO, (void *)sp, sp->ch[i]); 758 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 759 760 /* release authentication data */ 761 if (sp->myauth.name != NULL) 762 free(sp->myauth.name, M_DEVBUF, strlen(sp->myauth.name) + 1); 763 if (sp->myauth.secret != NULL) 764 free(sp->myauth.secret, M_DEVBUF, 765 strlen(sp->myauth.secret) + 1); 766 if (sp->hisauth.name != NULL) 767 free(sp->hisauth.name, M_DEVBUF, strlen(sp->hisauth.name) + 1); 768 if (sp->hisauth.secret != NULL) 769 free(sp->hisauth.secret, M_DEVBUF, 770 strlen(sp->hisauth.secret) + 1); 771 } 772 773 /* 774 * Flush the interface output queue. 775 */ 776 void 777 sppp_flush(struct ifnet *ifp) 778 { 779 struct sppp *sp = (struct sppp*) ifp; 780 781 ifq_purge(&sp->pp_if.if_snd); 782 mq_purge(&sp->pp_cpq); 783 } 784 785 /* 786 * Check if the output queue is empty. 787 */ 788 int 789 sppp_isempty(struct ifnet *ifp) 790 { 791 struct sppp *sp = (struct sppp*) ifp; 792 int empty, s; 793 794 s = splnet(); 795 empty = mq_empty(&sp->pp_cpq) && ifq_empty(&sp->pp_if.if_snd); 796 splx(s); 797 return (empty); 798 } 799 800 /* 801 * Get next packet to send. 802 */ 803 struct mbuf * 804 sppp_dequeue(struct ifnet *ifp) 805 { 806 struct sppp *sp = (struct sppp*) ifp; 807 struct mbuf *m; 808 int s; 809 810 s = splnet(); 811 /* 812 * Process only the control protocol queue until we have at 813 * least one NCP open. 814 */ 815 m = mq_dequeue(&sp->pp_cpq); 816 if (m == NULL && sppp_ncp_check(sp)) { 817 m = ifq_dequeue(&sp->pp_if.if_snd); 818 } 819 splx(s); 820 return m; 821 } 822 823 /* 824 * Process an ioctl request. Called on low priority level. 825 */ 826 int 827 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) 828 { 829 struct ifreq *ifr = data; 830 struct sppp *sp = (struct sppp*) ifp; 831 int s, rv, going_up, going_down, newmode; 832 833 s = splnet(); 834 rv = 0; 835 switch (cmd) { 836 case SIOCSIFDSTADDR: 837 break; 838 839 case SIOCSIFADDR: 840 if_up(ifp); 841 /* FALLTHROUGH */ 842 843 case SIOCSIFFLAGS: 844 going_up = (ifp->if_flags & IFF_UP) && 845 (ifp->if_flags & IFF_RUNNING) == 0; 846 going_down = (ifp->if_flags & IFF_UP) == 0 && 847 (ifp->if_flags & IFF_RUNNING); 848 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 849 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 850 /* sanity */ 851 newmode = IFF_PASSIVE; 852 ifp->if_flags &= ~IFF_AUTO; 853 } 854 855 if (going_up || going_down) 856 lcp.Close(sp); 857 858 if (going_up && newmode == 0) { 859 /* neither auto-dial nor passive */ 860 ifp->if_flags |= IFF_RUNNING; 861 lcp.Open(sp); 862 } else if (going_down) { 863 sppp_flush(ifp); 864 ifp->if_flags &= ~IFF_RUNNING; 865 } 866 break; 867 868 case SIOCSIFMTU: 869 if (ifr->ifr_mtu < 128 || 870 (sp->lcp.their_mru > 0 && 871 ifr->ifr_mtu > sp->lcp.their_mru)) { 872 splx(s); 873 return (EINVAL); 874 } 875 ifp->if_mtu = ifr->ifr_mtu; 876 break; 877 case SIOCADDMULTI: 878 case SIOCDELMULTI: 879 break; 880 881 case SIOCGSPPPPARAMS: 882 rv = sppp_get_params(sp, ifr); 883 break; 884 885 case SIOCSSPPPPARAMS: 886 if ((rv = suser(curproc)) != 0) 887 break; 888 rv = sppp_set_params(sp, ifr); 889 break; 890 891 default: 892 rv = ENOTTY; 893 } 894 splx(s); 895 return rv; 896 } 897 898 /* 899 * PPP protocol implementation. 900 */ 901 902 /* 903 * Send PPP control protocol packet. 904 */ 905 void 906 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 907 u_char ident, u_short len, void *data) 908 { 909 STDDCL; 910 int s; 911 struct lcp_header *lh; 912 struct mbuf *m; 913 914 if (len > MHLEN - PKTHDRLEN - LCP_HEADER_LEN) 915 len = MHLEN - PKTHDRLEN - LCP_HEADER_LEN; 916 MGETHDR (m, M_DONTWAIT, MT_DATA); 917 if (! m) 918 return; 919 m->m_pkthdr.len = m->m_len = PKTHDRLEN + LCP_HEADER_LEN + len; 920 m->m_pkthdr.ph_ifidx = 0; 921 m->m_pkthdr.pf.prio = sp->pp_if.if_llprio; 922 923 *mtod(m, u_int16_t *) = htons(proto); 924 lh = (struct lcp_header *)(mtod(m, u_int8_t *) + 2); 925 lh->type = type; 926 lh->ident = ident; 927 lh->len = htons (LCP_HEADER_LEN + len); 928 if (len) 929 bcopy (data, lh+1, len); 930 931 if (debug) { 932 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 933 SPP_ARGS(ifp), 934 sppp_proto_name(proto), 935 sppp_cp_type_name (lh->type), lh->ident, 936 ntohs (lh->len)); 937 if (len) 938 sppp_print_bytes ((u_char*) (lh+1), len); 939 addlog(">\n"); 940 } 941 942 len = m->m_pkthdr.len + sp->pp_framebytes; 943 if (mq_enqueue(&sp->pp_cpq, m) != 0) { 944 ifp->if_oerrors++; 945 return; 946 } 947 948 ifp->if_obytes += len; 949 s = splnet(); 950 if_start(ifp); 951 splx(s); 952 } 953 954 /* 955 * Handle incoming PPP control protocol packets. 956 */ 957 void 958 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 959 { 960 STDDCL; 961 struct lcp_header *h; 962 int len = m->m_pkthdr.len; 963 int rv; 964 u_char *p; 965 u_long nmagic; 966 967 if (len < 4) { 968 if (debug) 969 log(LOG_DEBUG, 970 SPP_FMT "%s invalid packet length: %d bytes\n", 971 SPP_ARGS(ifp), cp->name, len); 972 return; 973 } 974 h = mtod (m, struct lcp_header*); 975 if (debug) { 976 log(LOG_DEBUG, 977 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 978 SPP_ARGS(ifp), cp->name, 979 sppp_state_name(sp->state[cp->protoidx]), 980 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 981 if (len > 4) 982 sppp_print_bytes ((u_char*) (h+1), len-4); 983 addlog(">\n"); 984 } 985 if (len > ntohs (h->len)) 986 len = ntohs (h->len); 987 p = (u_char *)(h + 1); 988 switch (h->type) { 989 case CONF_REQ: 990 if (len < 4) { 991 if (debug) 992 addlog(SPP_FMT "%s invalid conf-req length %d\n", 993 SPP_ARGS(ifp), cp->name, 994 len); 995 ++ifp->if_ierrors; 996 break; 997 } 998 /* handle states where RCR doesn't get a SCA/SCN */ 999 switch (sp->state[cp->protoidx]) { 1000 case STATE_CLOSING: 1001 case STATE_STOPPING: 1002 return; 1003 case STATE_CLOSED: 1004 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1005 0, 0); 1006 return; 1007 } 1008 rv = (cp->RCR)(sp, h, len); 1009 /* silently drop illegal packets */ 1010 if (rv == -1) 1011 return; 1012 switch (sp->state[cp->protoidx]) { 1013 case STATE_OPENED: 1014 sppp_cp_change_state(cp, sp, rv? 1015 STATE_ACK_SENT: STATE_REQ_SENT); 1016 (cp->tld)(sp); 1017 (cp->scr)(sp); 1018 break; 1019 case STATE_ACK_SENT: 1020 case STATE_REQ_SENT: 1021 sppp_cp_change_state(cp, sp, rv? 1022 STATE_ACK_SENT: STATE_REQ_SENT); 1023 break; 1024 case STATE_STOPPED: 1025 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1026 sppp_cp_change_state(cp, sp, rv? 1027 STATE_ACK_SENT: STATE_REQ_SENT); 1028 (cp->scr)(sp); 1029 break; 1030 case STATE_ACK_RCVD: 1031 if (rv) { 1032 sppp_cp_change_state(cp, sp, STATE_OPENED); 1033 if (debug) 1034 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1035 SPP_ARGS(ifp), 1036 cp->name); 1037 (cp->tlu)(sp); 1038 } else 1039 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1040 break; 1041 default: 1042 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1043 SPP_ARGS(ifp), cp->name, 1044 sppp_cp_type_name(h->type), 1045 sppp_state_name(sp->state[cp->protoidx])); */ 1046 ++ifp->if_ierrors; 1047 } 1048 break; 1049 case CONF_ACK: 1050 if (h->ident != sp->confid[cp->protoidx]) { 1051 if (debug) 1052 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1053 SPP_ARGS(ifp), cp->name, 1054 h->ident, sp->confid[cp->protoidx]); 1055 ++ifp->if_ierrors; 1056 break; 1057 } 1058 switch (sp->state[cp->protoidx]) { 1059 case STATE_CLOSED: 1060 case STATE_STOPPED: 1061 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1062 break; 1063 case STATE_CLOSING: 1064 case STATE_STOPPING: 1065 break; 1066 case STATE_REQ_SENT: 1067 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1068 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1069 break; 1070 case STATE_OPENED: 1071 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1072 (cp->tld)(sp); 1073 (cp->scr)(sp); 1074 break; 1075 case STATE_ACK_RCVD: 1076 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1077 (cp->scr)(sp); 1078 break; 1079 case STATE_ACK_SENT: 1080 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1081 sppp_cp_change_state(cp, sp, STATE_OPENED); 1082 if (debug) 1083 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1084 SPP_ARGS(ifp), cp->name); 1085 (cp->tlu)(sp); 1086 break; 1087 default: 1088 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1089 SPP_ARGS(ifp), cp->name, 1090 sppp_cp_type_name(h->type), 1091 sppp_state_name(sp->state[cp->protoidx])); */ 1092 ++ifp->if_ierrors; 1093 } 1094 break; 1095 case CONF_NAK: 1096 case CONF_REJ: 1097 if (h->ident != sp->confid[cp->protoidx]) { 1098 if (debug) 1099 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1100 SPP_ARGS(ifp), cp->name, 1101 h->ident, sp->confid[cp->protoidx]); 1102 ++ifp->if_ierrors; 1103 break; 1104 } 1105 if (h->type == CONF_NAK) 1106 (cp->RCN_nak)(sp, h, len); 1107 else /* CONF_REJ */ 1108 (cp->RCN_rej)(sp, h, len); 1109 1110 switch (sp->state[cp->protoidx]) { 1111 case STATE_CLOSED: 1112 case STATE_STOPPED: 1113 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1114 break; 1115 case STATE_REQ_SENT: 1116 case STATE_ACK_SENT: 1117 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1118 (cp->scr)(sp); 1119 break; 1120 case STATE_OPENED: 1121 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1122 (cp->tld)(sp); 1123 (cp->scr)(sp); 1124 break; 1125 case STATE_ACK_RCVD: 1126 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1127 (cp->scr)(sp); 1128 break; 1129 case STATE_CLOSING: 1130 case STATE_STOPPING: 1131 break; 1132 default: 1133 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1134 SPP_ARGS(ifp), cp->name, 1135 sppp_cp_type_name(h->type), 1136 sppp_state_name(sp->state[cp->protoidx])); */ 1137 ++ifp->if_ierrors; 1138 } 1139 break; 1140 1141 case TERM_REQ: 1142 switch (sp->state[cp->protoidx]) { 1143 case STATE_ACK_RCVD: 1144 case STATE_ACK_SENT: 1145 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1146 /* FALLTHROUGH */ 1147 case STATE_CLOSED: 1148 case STATE_STOPPED: 1149 case STATE_CLOSING: 1150 case STATE_STOPPING: 1151 case STATE_REQ_SENT: 1152 sta: 1153 /* Send Terminate-Ack packet. */ 1154 if (debug) 1155 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1156 SPP_ARGS(ifp), cp->name); 1157 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1158 break; 1159 case STATE_OPENED: 1160 sp->rst_counter[cp->protoidx] = 0; 1161 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1162 (cp->tld)(sp); 1163 goto sta; 1164 break; 1165 default: 1166 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1167 SPP_ARGS(ifp), cp->name, 1168 sppp_cp_type_name(h->type), 1169 sppp_state_name(sp->state[cp->protoidx])); */ 1170 ++ifp->if_ierrors; 1171 } 1172 break; 1173 case TERM_ACK: 1174 switch (sp->state[cp->protoidx]) { 1175 case STATE_CLOSED: 1176 case STATE_STOPPED: 1177 case STATE_REQ_SENT: 1178 case STATE_ACK_SENT: 1179 break; 1180 case STATE_CLOSING: 1181 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1182 (cp->tlf)(sp); 1183 break; 1184 case STATE_STOPPING: 1185 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1186 (cp->tlf)(sp); 1187 break; 1188 case STATE_ACK_RCVD: 1189 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1190 break; 1191 case STATE_OPENED: 1192 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1193 (cp->tld)(sp); 1194 (cp->scr)(sp); 1195 break; 1196 default: 1197 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1198 SPP_ARGS(ifp), cp->name, 1199 sppp_cp_type_name(h->type), 1200 sppp_state_name(sp->state[cp->protoidx])); */ 1201 ++ifp->if_ierrors; 1202 } 1203 break; 1204 case CODE_REJ: 1205 case PROTO_REJ: 1206 { 1207 int catastrophic = 0; 1208 const struct cp *upper = NULL; 1209 int i; 1210 u_int16_t proto; 1211 1212 if (len < 2) { 1213 if (debug) 1214 log(LOG_DEBUG, SPP_FMT "invalid proto-rej length\n", 1215 SPP_ARGS(ifp)); 1216 ++ifp->if_ierrors; 1217 break; 1218 } 1219 1220 proto = ntohs(*((u_int16_t *)p)); 1221 for (i = 0; i < IDX_COUNT; i++) { 1222 if (cps[i]->proto == proto) { 1223 upper = cps[i]; 1224 break; 1225 } 1226 } 1227 if (upper == NULL) 1228 catastrophic++; 1229 1230 if (catastrophic || debug) 1231 log(catastrophic? LOG_INFO: LOG_DEBUG, 1232 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1233 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1234 sppp_cp_type_name(h->type), proto, 1235 upper ? upper->name : "unknown", 1236 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1237 1238 /* 1239 * if we got RXJ+ against conf-req, the peer does not implement 1240 * this particular protocol type. terminate the protocol. 1241 */ 1242 if (upper) { 1243 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1244 upper->Close(sp); 1245 break; 1246 } 1247 } 1248 1249 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1250 switch (sp->state[cp->protoidx]) { 1251 case STATE_CLOSED: 1252 case STATE_STOPPED: 1253 case STATE_REQ_SENT: 1254 case STATE_ACK_SENT: 1255 case STATE_CLOSING: 1256 case STATE_STOPPING: 1257 case STATE_OPENED: 1258 break; 1259 case STATE_ACK_RCVD: 1260 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1261 break; 1262 default: 1263 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1264 SPP_ARGS(ifp), cp->name, 1265 sppp_cp_type_name(h->type), 1266 sppp_state_name(sp->state[cp->protoidx])); */ 1267 ++ifp->if_ierrors; 1268 } 1269 break; 1270 } 1271 case DISC_REQ: 1272 if (cp->proto != PPP_LCP) 1273 goto illegal; 1274 /* Discard the packet. */ 1275 break; 1276 case ECHO_REQ: 1277 if (cp->proto != PPP_LCP) 1278 goto illegal; 1279 if (sp->state[cp->protoidx] != STATE_OPENED) { 1280 if (debug) 1281 addlog(SPP_FMT "lcp echo req but lcp closed\n", 1282 SPP_ARGS(ifp)); 1283 ++ifp->if_ierrors; 1284 break; 1285 } 1286 if (len < 8) { 1287 if (debug) 1288 addlog(SPP_FMT "invalid lcp echo request " 1289 "packet length: %d bytes\n", 1290 SPP_ARGS(ifp), len); 1291 break; 1292 } 1293 1294 nmagic = (u_long)p[0] << 24 | 1295 (u_long)p[1] << 16 | p[2] << 8 | p[3]; 1296 1297 if (nmagic == sp->lcp.magic) { 1298 /* Line loopback mode detected. */ 1299 log(LOG_INFO, SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1300 /* Shut down the PPP link. */ 1301 lcp.Close(sp); 1302 break; 1303 } 1304 1305 p[0] = sp->lcp.magic >> 24; 1306 p[1] = sp->lcp.magic >> 16; 1307 p[2] = sp->lcp.magic >> 8; 1308 p[3] = sp->lcp.magic; 1309 1310 if (debug) 1311 addlog(SPP_FMT "got lcp echo req, sending echo rep\n", 1312 SPP_ARGS(ifp)); 1313 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1314 break; 1315 case ECHO_REPLY: 1316 if (cp->proto != PPP_LCP) 1317 goto illegal; 1318 if (h->ident != sp->lcp.echoid) { 1319 ++ifp->if_ierrors; 1320 break; 1321 } 1322 if (len < 8) { 1323 if (debug) 1324 addlog(SPP_FMT "lcp invalid echo reply " 1325 "packet length: %d bytes\n", 1326 SPP_ARGS(ifp), len); 1327 break; 1328 } 1329 if (debug) 1330 addlog(SPP_FMT "lcp got echo rep\n", 1331 SPP_ARGS(ifp)); 1332 1333 nmagic = (u_long)p[0] << 24 | 1334 (u_long)p[1] << 16 | p[2] << 8 | p[3]; 1335 1336 if (nmagic != sp->lcp.magic) 1337 sp->pp_alivecnt = 0; 1338 break; 1339 default: 1340 /* Unknown packet type -- send Code-Reject packet. */ 1341 illegal: 1342 if (debug) 1343 addlog(SPP_FMT "%s send code-rej for 0x%x\n", 1344 SPP_ARGS(ifp), cp->name, h->type); 1345 sppp_cp_send(sp, cp->proto, CODE_REJ, ++sp->pp_seq, 1346 m->m_pkthdr.len, h); 1347 ++ifp->if_ierrors; 1348 } 1349 } 1350 1351 1352 /* 1353 * The generic part of all Up/Down/Open/Close/TO event handlers. 1354 * Basically, the state transition handling in the automaton. 1355 */ 1356 void 1357 sppp_up_event(const struct cp *cp, struct sppp *sp) 1358 { 1359 STDDCL; 1360 1361 if (debug) 1362 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1363 SPP_ARGS(ifp), cp->name, 1364 sppp_state_name(sp->state[cp->protoidx])); 1365 1366 switch (sp->state[cp->protoidx]) { 1367 case STATE_INITIAL: 1368 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1369 break; 1370 case STATE_STARTING: 1371 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1372 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1373 (cp->scr)(sp); 1374 break; 1375 default: 1376 /* printf(SPP_FMT "%s illegal up in state %s\n", 1377 SPP_ARGS(ifp), cp->name, 1378 sppp_state_name(sp->state[cp->protoidx])); */ 1379 break; 1380 } 1381 } 1382 1383 void 1384 sppp_down_event(const struct cp *cp, struct sppp *sp) 1385 { 1386 STDDCL; 1387 1388 if (debug) 1389 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1390 SPP_ARGS(ifp), cp->name, 1391 sppp_state_name(sp->state[cp->protoidx])); 1392 1393 switch (sp->state[cp->protoidx]) { 1394 case STATE_CLOSED: 1395 case STATE_CLOSING: 1396 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1397 break; 1398 case STATE_STOPPED: 1399 sppp_cp_change_state(cp, sp, STATE_STARTING); 1400 (cp->tls)(sp); 1401 break; 1402 case STATE_STOPPING: 1403 case STATE_REQ_SENT: 1404 case STATE_ACK_RCVD: 1405 case STATE_ACK_SENT: 1406 sppp_cp_change_state(cp, sp, STATE_STARTING); 1407 break; 1408 case STATE_OPENED: 1409 sppp_cp_change_state(cp, sp, STATE_STARTING); 1410 (cp->tld)(sp); 1411 break; 1412 default: 1413 /* printf(SPP_FMT "%s illegal down in state %s\n", 1414 SPP_ARGS(ifp), cp->name, 1415 sppp_state_name(sp->state[cp->protoidx])); */ 1416 break; 1417 } 1418 } 1419 1420 1421 void 1422 sppp_open_event(const struct cp *cp, struct sppp *sp) 1423 { 1424 STDDCL; 1425 1426 if (debug) 1427 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1428 SPP_ARGS(ifp), cp->name, 1429 sppp_state_name(sp->state[cp->protoidx])); 1430 1431 switch (sp->state[cp->protoidx]) { 1432 case STATE_INITIAL: 1433 sppp_cp_change_state(cp, sp, STATE_STARTING); 1434 (cp->tls)(sp); 1435 break; 1436 case STATE_STARTING: 1437 break; 1438 case STATE_CLOSED: 1439 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1440 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1441 (cp->scr)(sp); 1442 break; 1443 case STATE_STOPPED: 1444 case STATE_STOPPING: 1445 case STATE_REQ_SENT: 1446 case STATE_ACK_RCVD: 1447 case STATE_ACK_SENT: 1448 case STATE_OPENED: 1449 break; 1450 case STATE_CLOSING: 1451 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1452 break; 1453 } 1454 } 1455 1456 1457 void 1458 sppp_close_event(const struct cp *cp, struct sppp *sp) 1459 { 1460 STDDCL; 1461 1462 if (debug) 1463 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1464 SPP_ARGS(ifp), cp->name, 1465 sppp_state_name(sp->state[cp->protoidx])); 1466 1467 switch (sp->state[cp->protoidx]) { 1468 case STATE_INITIAL: 1469 case STATE_CLOSED: 1470 case STATE_CLOSING: 1471 break; 1472 case STATE_STARTING: 1473 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1474 (cp->tlf)(sp); 1475 break; 1476 case STATE_STOPPED: 1477 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1478 break; 1479 case STATE_STOPPING: 1480 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1481 break; 1482 case STATE_OPENED: 1483 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1484 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1485 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0); 1486 (cp->tld)(sp); 1487 break; 1488 case STATE_REQ_SENT: 1489 case STATE_ACK_RCVD: 1490 case STATE_ACK_SENT: 1491 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1492 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0); 1493 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1494 break; 1495 } 1496 } 1497 1498 void 1499 sppp_increasing_timeout (const struct cp *cp, struct sppp *sp) 1500 { 1501 int timo; 1502 1503 timo = sp->lcp.max_configure - sp->rst_counter[cp->protoidx]; 1504 if (timo < 1) 1505 timo = 1; 1506 timeout_add_sec(&sp->ch[cp->protoidx], timo * sp->lcp.timeout); 1507 } 1508 1509 void 1510 sppp_to_event(const struct cp *cp, struct sppp *sp) 1511 { 1512 STDDCL; 1513 int s; 1514 1515 s = splnet(); 1516 if (debug) 1517 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 1518 SPP_ARGS(ifp), cp->name, 1519 sppp_state_name(sp->state[cp->protoidx]), 1520 sp->rst_counter[cp->protoidx]); 1521 1522 if (--sp->rst_counter[cp->protoidx] < 0) 1523 /* TO- event */ 1524 switch (sp->state[cp->protoidx]) { 1525 case STATE_CLOSING: 1526 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1527 (cp->tlf)(sp); 1528 break; 1529 case STATE_STOPPING: 1530 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1531 (cp->tlf)(sp); 1532 break; 1533 case STATE_REQ_SENT: 1534 case STATE_ACK_RCVD: 1535 case STATE_ACK_SENT: 1536 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1537 (cp->tlf)(sp); 1538 break; 1539 } 1540 else 1541 /* TO+ event */ 1542 switch (sp->state[cp->protoidx]) { 1543 case STATE_CLOSING: 1544 case STATE_STOPPING: 1545 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 1546 0, 0); 1547 sppp_increasing_timeout (cp, sp); 1548 break; 1549 case STATE_REQ_SENT: 1550 case STATE_ACK_RCVD: 1551 /* sppp_cp_change_state() will restart the timer */ 1552 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1553 (cp->scr)(sp); 1554 break; 1555 case STATE_ACK_SENT: 1556 sppp_increasing_timeout (cp, sp); 1557 (cp->scr)(sp); 1558 break; 1559 } 1560 1561 splx(s); 1562 } 1563 1564 /* 1565 * Change the state of a control protocol in the state automaton. 1566 * Takes care of starting/stopping the restart timer. 1567 */ 1568 void 1569 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1570 { 1571 STDDCL; 1572 1573 if (debug && sp->state[cp->protoidx] != newstate) 1574 log(LOG_DEBUG, SPP_FMT "%s %s->%s\n", 1575 SPP_ARGS(ifp), cp->name, 1576 sppp_state_name(sp->state[cp->protoidx]), 1577 sppp_state_name(newstate)); 1578 sp->state[cp->protoidx] = newstate; 1579 1580 switch (newstate) { 1581 case STATE_INITIAL: 1582 case STATE_STARTING: 1583 case STATE_CLOSED: 1584 case STATE_STOPPED: 1585 case STATE_OPENED: 1586 UNTIMEOUT(cp->TO, (void *)sp, sp->ch[cp->protoidx]); 1587 break; 1588 case STATE_CLOSING: 1589 case STATE_STOPPING: 1590 case STATE_REQ_SENT: 1591 case STATE_ACK_RCVD: 1592 case STATE_ACK_SENT: 1593 if (!timeout_pending(&sp->ch[cp->protoidx])) 1594 sppp_increasing_timeout (cp, sp); 1595 break; 1596 } 1597 } 1598 /* 1599 *--------------------------------------------------------------------------* 1600 * * 1601 * The LCP implementation. * 1602 * * 1603 *--------------------------------------------------------------------------* 1604 */ 1605 void 1606 sppp_lcp_init(struct sppp *sp) 1607 { 1608 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1609 sp->lcp.magic = 0; 1610 sp->state[IDX_LCP] = STATE_INITIAL; 1611 sp->fail_counter[IDX_LCP] = 0; 1612 sp->lcp.protos = 0; 1613 sp->lcp.mru = sp->pp_if.if_mtu; 1614 sp->lcp.their_mru = 0; 1615 1616 /* 1617 * Initialize counters and timeout values. Note that we don't 1618 * use the 3 seconds suggested in RFC 1661 since we are likely 1619 * running on a fast link. XXX We should probably implement 1620 * the exponential backoff option. Note that these values are 1621 * relevant for all control protocols, not just LCP only. 1622 */ 1623 sp->lcp.timeout = 1; /* seconds */ 1624 sp->lcp.max_terminate = 2; 1625 sp->lcp.max_configure = 10; 1626 sp->lcp.max_failure = 10; 1627 } 1628 1629 void 1630 sppp_lcp_up(struct sppp *sp) 1631 { 1632 STDDCL; 1633 struct timeval tv; 1634 1635 sp->pp_alivecnt = 0; 1636 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1637 sp->lcp.magic = 0; 1638 sp->lcp.protos = 0; 1639 if (sp->pp_if.if_mtu != PP_MTU) { 1640 sp->lcp.mru = sp->pp_if.if_mtu; 1641 sp->lcp.opts |= (1 << LCP_OPT_MRU); 1642 } else 1643 sp->lcp.mru = PP_MTU; 1644 sp->lcp.their_mru = PP_MTU; 1645 1646 getmicrouptime(&tv); 1647 sp->pp_last_receive = sp->pp_last_activity = tv.tv_sec; 1648 1649 /* 1650 * If this interface is passive or dial-on-demand, and we are 1651 * still in Initial state, it means we've got an incoming 1652 * call. Activate the interface. 1653 */ 1654 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 1655 if (debug) 1656 log(LOG_DEBUG, 1657 SPP_FMT "Up event", SPP_ARGS(ifp)); 1658 ifp->if_flags |= IFF_RUNNING; 1659 if (sp->state[IDX_LCP] == STATE_INITIAL) { 1660 if (debug) 1661 addlog("(incoming call)\n"); 1662 sp->pp_flags |= PP_CALLIN; 1663 lcp.Open(sp); 1664 } else if (debug) 1665 addlog("\n"); 1666 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 1667 (sp->state[IDX_LCP] == STATE_INITIAL)) { 1668 ifp->if_flags |= IFF_RUNNING; 1669 lcp.Open(sp); 1670 } 1671 1672 sppp_up_event(&lcp, sp); 1673 } 1674 1675 void 1676 sppp_lcp_down(struct sppp *sp) 1677 { 1678 STDDCL; 1679 1680 sppp_down_event(&lcp, sp); 1681 1682 /* 1683 * If this is neither a dial-on-demand nor a passive 1684 * interface, simulate an ``ifconfig down'' action, so the 1685 * administrator can force a redial by another ``ifconfig 1686 * up''. XXX For leased line operation, should we immediately 1687 * try to reopen the connection here? 1688 */ 1689 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 1690 if (debug) 1691 log(LOG_DEBUG, SPP_FMT "Down event (carrier loss), " 1692 "taking interface down.", SPP_ARGS(ifp)); 1693 if_down(ifp); 1694 } else { 1695 if (debug) 1696 log(LOG_DEBUG, SPP_FMT "Down event (carrier loss)\n", 1697 SPP_ARGS(ifp)); 1698 } 1699 1700 if (sp->state[IDX_LCP] != STATE_INITIAL) 1701 lcp.Close(sp); 1702 sp->lcp.their_mru = 0; 1703 sp->pp_flags &= ~PP_CALLIN; 1704 ifp->if_flags &= ~IFF_RUNNING; 1705 sppp_flush(ifp); 1706 } 1707 1708 void 1709 sppp_lcp_open(struct sppp *sp) 1710 { 1711 /* 1712 * If we are authenticator, negotiate LCP_AUTH 1713 */ 1714 if (sp->hisauth.proto != 0) 1715 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 1716 else 1717 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 1718 sp->pp_flags &= ~PP_NEEDAUTH; 1719 sppp_open_event(&lcp, sp); 1720 } 1721 1722 void 1723 sppp_lcp_close(struct sppp *sp) 1724 { 1725 sppp_close_event(&lcp, sp); 1726 } 1727 1728 void 1729 sppp_lcp_TO(void *cookie) 1730 { 1731 sppp_to_event(&lcp, (struct sppp *)cookie); 1732 } 1733 1734 /* 1735 * Analyze a configure request. Return true if it was agreeable, and 1736 * caused action sca, false if it has been rejected or nak'ed, and 1737 * caused action scn. (The return value is used to make the state 1738 * transition decision in the state automaton.) 1739 */ 1740 int 1741 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 1742 { 1743 STDDCL; 1744 u_char *buf, *r, *p; 1745 int origlen, rlen; 1746 u_long nmagic; 1747 u_short authproto; 1748 1749 len -= 4; 1750 origlen = len; 1751 buf = r = malloc (origlen, M_TEMP, M_NOWAIT); 1752 if (! buf) 1753 return (0); 1754 1755 if (debug) 1756 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 1757 SPP_ARGS(ifp)); 1758 1759 /* pass 1: check for things that need to be rejected */ 1760 p = (void*) (h+1); 1761 for (rlen = 0; len > 1; len -= p[1], p += p[1]) { 1762 if (p[1] < 2 || p[1] > len) { 1763 free(buf, M_TEMP, origlen); 1764 return (-1); 1765 } 1766 if (debug) 1767 addlog("%s ", sppp_lcp_opt_name(*p)); 1768 switch (*p) { 1769 case LCP_OPT_MAGIC: 1770 /* Magic number. */ 1771 /* FALLTHROUGH, both are same length */ 1772 case LCP_OPT_ASYNC_MAP: 1773 /* Async control character map. */ 1774 if (len >= 6 && p[1] == 6) 1775 continue; 1776 if (debug) 1777 addlog("[invalid] "); 1778 break; 1779 case LCP_OPT_MRU: 1780 /* Maximum receive unit. */ 1781 if (len >= 4 && p[1] == 4) 1782 continue; 1783 if (debug) 1784 addlog("[invalid] "); 1785 break; 1786 case LCP_OPT_AUTH_PROTO: 1787 if (len < 4) { 1788 if (debug) 1789 addlog("[invalid] "); 1790 break; 1791 } 1792 authproto = (p[2] << 8) + p[3]; 1793 if (authproto == PPP_CHAP && p[1] != 5) { 1794 if (debug) 1795 addlog("[invalid chap len] "); 1796 break; 1797 } 1798 if (sp->myauth.proto == 0) { 1799 /* we are not configured to do auth */ 1800 if (debug) 1801 addlog("[not configured] "); 1802 break; 1803 } 1804 /* 1805 * Remote want us to authenticate, remember this, 1806 * so we stay in PHASE_AUTHENTICATE after LCP got 1807 * up. 1808 */ 1809 sp->pp_flags |= PP_NEEDAUTH; 1810 continue; 1811 default: 1812 /* Others not supported. */ 1813 if (debug) 1814 addlog("[rej] "); 1815 break; 1816 } 1817 /* Add the option to rejected list. */ 1818 bcopy (p, r, p[1]); 1819 r += p[1]; 1820 rlen += p[1]; 1821 } 1822 if (rlen) { 1823 if (debug) 1824 addlog(" send conf-rej\n"); 1825 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 1826 goto end; 1827 } else if (debug) 1828 addlog("\n"); 1829 1830 /* 1831 * pass 2: check for option values that are unacceptable and 1832 * thus require to be nak'ed. 1833 */ 1834 if (debug) 1835 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 1836 SPP_ARGS(ifp)); 1837 1838 p = (void*) (h+1); 1839 len = origlen; 1840 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 1841 if (debug) 1842 addlog("%s ", sppp_lcp_opt_name(*p)); 1843 switch (*p) { 1844 case LCP_OPT_MAGIC: 1845 /* Magic number -- extract. */ 1846 nmagic = (u_long)p[2] << 24 | 1847 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 1848 if (nmagic != sp->lcp.magic) { 1849 if (debug) 1850 addlog("0x%lx ", nmagic); 1851 continue; 1852 } 1853 if (debug) 1854 addlog("[glitch] "); 1855 ++sp->pp_loopcnt; 1856 /* 1857 * We negate our magic here, and NAK it. If 1858 * we see it later in an NAK packet, we 1859 * suggest a new one. 1860 */ 1861 nmagic = ~sp->lcp.magic; 1862 /* Gonna NAK it. */ 1863 p[2] = nmagic >> 24; 1864 p[3] = nmagic >> 16; 1865 p[4] = nmagic >> 8; 1866 p[5] = nmagic; 1867 break; 1868 1869 case LCP_OPT_ASYNC_MAP: 1870 /* Async control character map -- check to be zero. */ 1871 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) { 1872 if (debug) 1873 addlog("[empty] "); 1874 continue; 1875 } 1876 if (debug) 1877 addlog("[non-empty] "); 1878 /* suggest a zero one */ 1879 p[2] = p[3] = p[4] = p[5] = 0; 1880 break; 1881 1882 case LCP_OPT_MRU: 1883 /* 1884 * Maximum receive unit. Always agreeable, 1885 * but ignored by now. 1886 */ 1887 sp->lcp.their_mru = p[2] * 256 + p[3]; 1888 if (debug) 1889 addlog("%lu ", sp->lcp.their_mru); 1890 continue; 1891 1892 case LCP_OPT_AUTH_PROTO: 1893 authproto = (p[2] << 8) + p[3]; 1894 if (sp->myauth.proto != authproto) { 1895 /* not agreed, nak */ 1896 if (debug) 1897 addlog("[mine %s != his %s] ", 1898 sppp_proto_name(sp->hisauth.proto), 1899 sppp_proto_name(authproto)); 1900 p[2] = sp->myauth.proto >> 8; 1901 p[3] = sp->myauth.proto; 1902 break; 1903 } 1904 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 1905 if (debug) 1906 addlog("[chap not MD5] "); 1907 p[4] = CHAP_MD5; 1908 break; 1909 } 1910 continue; 1911 } 1912 /* Add the option to nak'ed list. */ 1913 bcopy (p, r, p[1]); 1914 r += p[1]; 1915 rlen += p[1]; 1916 } 1917 if (rlen) { 1918 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 1919 if (debug) 1920 addlog(" max_failure (%d) exceeded, " 1921 "send conf-rej\n", 1922 sp->lcp.max_failure); 1923 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 1924 } else { 1925 if (debug) 1926 addlog(" send conf-nak\n"); 1927 sppp_cp_send(sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 1928 } 1929 goto end; 1930 } else { 1931 if (debug) 1932 addlog("send conf-ack\n"); 1933 sp->fail_counter[IDX_LCP] = 0; 1934 sp->pp_loopcnt = 0; 1935 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 1936 h->ident, origlen, h+1); 1937 } 1938 1939 end: 1940 free(buf, M_TEMP, origlen); 1941 return (rlen == 0); 1942 } 1943 1944 /* 1945 * Analyze the LCP Configure-Reject option list, and adjust our 1946 * negotiation. 1947 */ 1948 void 1949 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 1950 { 1951 STDDCL; 1952 u_char *p; 1953 1954 len -= 4; 1955 1956 if (debug) 1957 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 1958 SPP_ARGS(ifp)); 1959 1960 p = (void*) (h+1); 1961 for (; len > 1; len -= p[1], p += p[1]) { 1962 if (p[1] < 2 || p[1] > len) 1963 return; 1964 if (debug) 1965 addlog("%s ", sppp_lcp_opt_name(*p)); 1966 switch (*p) { 1967 case LCP_OPT_MAGIC: 1968 /* Magic number -- can't use it, use 0 */ 1969 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 1970 sp->lcp.magic = 0; 1971 break; 1972 case LCP_OPT_MRU: 1973 /* 1974 * Should not be rejected anyway, since we only 1975 * negotiate a MRU if explicitly requested by 1976 * peer. 1977 */ 1978 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 1979 break; 1980 case LCP_OPT_AUTH_PROTO: 1981 /* 1982 * Peer doesn't want to authenticate himself, 1983 * deny unless this is a dialout call, and 1984 * AUTHFLAG_NOCALLOUT is set. 1985 */ 1986 if ((sp->pp_flags & PP_CALLIN) == 0 && 1987 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 1988 if (debug) 1989 addlog("[don't insist on auth " 1990 "for callout]"); 1991 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 1992 break; 1993 } 1994 if (debug) 1995 addlog("[access denied]\n"); 1996 lcp.Close(sp); 1997 break; 1998 } 1999 } 2000 if (debug) 2001 addlog("\n"); 2002 } 2003 2004 /* 2005 * Analyze the LCP Configure-NAK option list, and adjust our 2006 * negotiation. 2007 */ 2008 void 2009 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2010 { 2011 STDDCL; 2012 u_char *p; 2013 u_long magic; 2014 2015 len -= 4; 2016 2017 if (debug) 2018 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2019 SPP_ARGS(ifp)); 2020 2021 p = (void*) (h+1); 2022 for (; len > 1; len -= p[1], p += p[1]) { 2023 if (p[1] < 2 || p[1] > len) 2024 return; 2025 if (debug) 2026 addlog("%s ", sppp_lcp_opt_name(*p)); 2027 switch (*p) { 2028 case LCP_OPT_MAGIC: 2029 /* Magic number -- renegotiate */ 2030 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2031 len >= 6 && p[1] == 6) { 2032 magic = (u_long)p[2] << 24 | 2033 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2034 /* 2035 * If the remote magic is our negated one, 2036 * this looks like a loopback problem. 2037 * Suggest a new magic to make sure. 2038 */ 2039 if (magic == ~sp->lcp.magic) { 2040 if (debug) 2041 addlog("magic glitch "); 2042 sp->lcp.magic = arc4random(); 2043 } else { 2044 sp->lcp.magic = magic; 2045 if (debug) 2046 addlog("%lu ", magic); 2047 } 2048 } 2049 break; 2050 case LCP_OPT_MRU: 2051 /* 2052 * Peer wants to advise us to negotiate an MRU. 2053 * Agree on it if it's reasonable, or use 2054 * default otherwise. 2055 */ 2056 if (len >= 4 && p[1] == 4) { 2057 u_int mru = p[2] * 256 + p[3]; 2058 if (debug) 2059 addlog("%d ", mru); 2060 if (mru < PP_MIN_MRU) 2061 mru = PP_MIN_MRU; 2062 if (mru > PP_MAX_MRU) 2063 mru = PP_MAX_MRU; 2064 sp->lcp.mru = mru; 2065 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2066 } 2067 break; 2068 case LCP_OPT_AUTH_PROTO: 2069 /* 2070 * Peer doesn't like our authentication method, 2071 * deny. 2072 */ 2073 if (debug) 2074 addlog("[access denied]\n"); 2075 lcp.Close(sp); 2076 break; 2077 } 2078 } 2079 if (debug) 2080 addlog("\n"); 2081 } 2082 2083 void 2084 sppp_lcp_tlu(struct sppp *sp) 2085 { 2086 struct ifnet *ifp = &sp->pp_if; 2087 int i; 2088 u_long mask; 2089 2090 /* XXX ? */ 2091 if (! (ifp->if_flags & IFF_UP) && 2092 (ifp->if_flags & IFF_RUNNING)) { 2093 /* Coming out of loopback mode. */ 2094 if_up(ifp); 2095 if (ifp->if_flags & IFF_DEBUG) 2096 log(LOG_INFO, SPP_FMT "up\n", SPP_ARGS(ifp)); 2097 } 2098 2099 for (i = 0; i < IDX_COUNT; i++) 2100 if ((cps[i])->flags & CP_QUAL) 2101 (cps[i])->Open(sp); 2102 2103 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2104 (sp->pp_flags & PP_NEEDAUTH) != 0) 2105 sp->pp_phase = PHASE_AUTHENTICATE; 2106 else 2107 sp->pp_phase = PHASE_NETWORK; 2108 2109 sppp_set_phase(sp); 2110 2111 /* 2112 * Open all authentication protocols. This is even required 2113 * if we already proceeded to network phase, since it might be 2114 * that remote wants us to authenticate, so we might have to 2115 * send a PAP request. Undesired authentication protocols 2116 * don't do anything when they get an Open event. 2117 */ 2118 for (i = 0; i < IDX_COUNT; i++) 2119 if ((cps[i])->flags & CP_AUTH) 2120 (cps[i])->Open(sp); 2121 2122 if (sp->pp_phase == PHASE_NETWORK) { 2123 /* Notify all NCPs. */ 2124 for (i = 0; i < IDX_COUNT; i++) 2125 if ((cps[i])->flags & CP_NCP) 2126 (cps[i])->Open(sp); 2127 } 2128 2129 /* Send Up events to all started protos. */ 2130 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2131 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) 2132 (cps[i])->Up(sp); 2133 2134 /* notify low-level driver of state change */ 2135 if (sp->pp_chg) 2136 sp->pp_chg(sp, (int)sp->pp_phase); 2137 2138 if (sp->pp_phase == PHASE_NETWORK) 2139 /* if no NCP is starting, close down */ 2140 sppp_lcp_check_and_close(sp); 2141 } 2142 2143 void 2144 sppp_lcp_tld(struct sppp *sp) 2145 { 2146 int i; 2147 u_long mask; 2148 2149 sp->pp_phase = PHASE_TERMINATE; 2150 2151 sppp_set_phase(sp); 2152 2153 /* 2154 * Take upper layers down. We send the Down event first and 2155 * the Close second to prevent the upper layers from sending 2156 * ``a flurry of terminate-request packets'', as the RFC 2157 * describes it. 2158 */ 2159 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2160 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) { 2161 (cps[i])->Down(sp); 2162 (cps[i])->Close(sp); 2163 } 2164 } 2165 2166 void 2167 sppp_lcp_tls(struct sppp *sp) 2168 { 2169 sp->pp_phase = PHASE_ESTABLISH; 2170 2171 sppp_set_phase(sp); 2172 2173 /* Notify lower layer if desired. */ 2174 if (sp->pp_tls) 2175 (sp->pp_tls)(sp); 2176 } 2177 2178 void 2179 sppp_lcp_tlf(struct sppp *sp) 2180 { 2181 sp->pp_phase = PHASE_DEAD; 2182 sppp_set_phase(sp); 2183 2184 /* Notify lower layer if desired. */ 2185 if (sp->pp_tlf) 2186 (sp->pp_tlf)(sp); 2187 } 2188 2189 void 2190 sppp_lcp_scr(struct sppp *sp) 2191 { 2192 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2193 int i = 0; 2194 u_short authproto; 2195 2196 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2197 if (! sp->lcp.magic) 2198 sp->lcp.magic = arc4random(); 2199 opt[i++] = LCP_OPT_MAGIC; 2200 opt[i++] = 6; 2201 opt[i++] = sp->lcp.magic >> 24; 2202 opt[i++] = sp->lcp.magic >> 16; 2203 opt[i++] = sp->lcp.magic >> 8; 2204 opt[i++] = sp->lcp.magic; 2205 } 2206 2207 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2208 opt[i++] = LCP_OPT_MRU; 2209 opt[i++] = 4; 2210 opt[i++] = sp->lcp.mru >> 8; 2211 opt[i++] = sp->lcp.mru; 2212 } 2213 2214 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2215 authproto = sp->hisauth.proto; 2216 opt[i++] = LCP_OPT_AUTH_PROTO; 2217 opt[i++] = authproto == PPP_CHAP? 5: 4; 2218 opt[i++] = authproto >> 8; 2219 opt[i++] = authproto; 2220 if (authproto == PPP_CHAP) 2221 opt[i++] = CHAP_MD5; 2222 } 2223 2224 sp->confid[IDX_LCP] = ++sp->pp_seq; 2225 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, opt); 2226 } 2227 2228 /* 2229 * Check the open NCPs, return true if at least one NCP is open. 2230 */ 2231 int 2232 sppp_ncp_check(struct sppp *sp) 2233 { 2234 int i, mask; 2235 2236 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2237 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP) 2238 return 1; 2239 return 0; 2240 } 2241 2242 /* 2243 * Re-check the open NCPs and see if we should terminate the link. 2244 * Called by the NCPs during their tlf action handling. 2245 */ 2246 void 2247 sppp_lcp_check_and_close(struct sppp *sp) 2248 { 2249 2250 if (sp->pp_phase < PHASE_NETWORK) 2251 /* don't bother, we are already going down */ 2252 return; 2253 2254 if (sppp_ncp_check(sp)) 2255 return; 2256 2257 lcp.Close(sp); 2258 } 2259 /* 2260 *--------------------------------------------------------------------------* 2261 * * 2262 * The IPCP implementation. * 2263 * * 2264 *--------------------------------------------------------------------------* 2265 */ 2266 2267 void 2268 sppp_ipcp_init(struct sppp *sp) 2269 { 2270 sp->ipcp.opts = 0; 2271 sp->ipcp.flags = 0; 2272 sp->state[IDX_IPCP] = STATE_INITIAL; 2273 sp->fail_counter[IDX_IPCP] = 0; 2274 task_set(&sp->ipcp.set_addr_task, sppp_set_ip_addrs, sp); 2275 task_set(&sp->ipcp.clear_addr_task, sppp_clear_ip_addrs, sp); 2276 } 2277 2278 void 2279 sppp_ipcp_destroy(struct sppp *sp) 2280 { 2281 task_del(systq, &sp->ipcp.set_addr_task); 2282 task_del(systq, &sp->ipcp.clear_addr_task); 2283 } 2284 2285 void 2286 sppp_ipcp_up(struct sppp *sp) 2287 { 2288 sppp_up_event(&ipcp, sp); 2289 } 2290 2291 void 2292 sppp_ipcp_down(struct sppp *sp) 2293 { 2294 sppp_down_event(&ipcp, sp); 2295 } 2296 2297 void 2298 sppp_ipcp_open(struct sppp *sp) 2299 { 2300 sppp_open_event(&ipcp, sp); 2301 } 2302 2303 void 2304 sppp_ipcp_close(struct sppp *sp) 2305 { 2306 sppp_close_event(&ipcp, sp); 2307 } 2308 2309 void 2310 sppp_ipcp_TO(void *cookie) 2311 { 2312 sppp_to_event(&ipcp, (struct sppp *)cookie); 2313 } 2314 2315 /* 2316 * Analyze a configure request. Return true if it was agreeable, and 2317 * caused action sca, false if it has been rejected or nak'ed, and 2318 * caused action scn. (The return value is used to make the state 2319 * transition decision in the state automaton.) 2320 */ 2321 int 2322 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2323 { 2324 u_char *buf, *r, *p; 2325 struct ifnet *ifp = &sp->pp_if; 2326 int rlen, origlen, buflen, debug = ifp->if_flags & IFF_DEBUG; 2327 u_int32_t hisaddr, desiredaddr; 2328 2329 len -= 4; 2330 origlen = len; 2331 /* 2332 * Make sure to allocate a buf that can at least hold a 2333 * conf-nak with an `address' option. We might need it below. 2334 */ 2335 buflen = len < 6? 6: len; 2336 buf = r = malloc (buflen, M_TEMP, M_NOWAIT); 2337 if (! buf) 2338 return (0); 2339 2340 /* pass 1: see if we can recognize them */ 2341 if (debug) 2342 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2343 SPP_ARGS(ifp)); 2344 p = (void*) (h+1); 2345 for (rlen = 0; len > 1; len -= p[1], p += p[1]) { 2346 if (p[1] < 2 || p[1] > len) { 2347 free(buf, M_TEMP, buflen); 2348 return (-1); 2349 } 2350 if (debug) 2351 addlog("%s ", sppp_ipcp_opt_name(*p)); 2352 switch (*p) { 2353 #ifdef notyet 2354 case IPCP_OPT_COMPRESSION: 2355 if (len >= 6 && p[1] >= 6) { 2356 /* correctly formed compress option */ 2357 continue; 2358 } 2359 if (debug) 2360 addlog("[invalid] "); 2361 break; 2362 #endif 2363 case IPCP_OPT_ADDRESS: 2364 if (len >= 6 && p[1] == 6) { 2365 /* correctly formed address option */ 2366 continue; 2367 } 2368 if (debug) 2369 addlog("[invalid] "); 2370 break; 2371 default: 2372 /* Others not supported. */ 2373 if (debug) 2374 addlog("[rej] "); 2375 break; 2376 } 2377 /* Add the option to rejected list. */ 2378 bcopy (p, r, p[1]); 2379 r += p[1]; 2380 rlen += p[1]; 2381 } 2382 if (rlen) { 2383 if (debug) 2384 addlog(" send conf-rej\n"); 2385 sppp_cp_send(sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2386 goto end; 2387 } else if (debug) 2388 addlog("\n"); 2389 2390 /* pass 2: parse option values */ 2391 if (sp->ipcp.flags & IPCP_HISADDR_SEEN) 2392 hisaddr = sp->ipcp.req_hisaddr; /* we already agreed on that */ 2393 else 2394 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */ 2395 if (debug) 2396 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2397 SPP_ARGS(ifp)); 2398 p = (void*) (h+1); 2399 len = origlen; 2400 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2401 if (debug) 2402 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2403 switch (*p) { 2404 #ifdef notyet 2405 case IPCP_OPT_COMPRESSION: 2406 continue; 2407 #endif 2408 case IPCP_OPT_ADDRESS: 2409 desiredaddr = p[2] << 24 | p[3] << 16 | 2410 p[4] << 8 | p[5]; 2411 if (desiredaddr == hisaddr || 2412 ((sp->ipcp.flags & IPCP_HISADDR_DYN) && 2413 desiredaddr != 0)) { 2414 /* 2415 * Peer's address is same as our value, 2416 * or we have set it to 0.0.0.1 to 2417 * indicate that we do not really care, 2418 * this is agreeable. Gonna conf-ack 2419 * it. 2420 */ 2421 if (debug) 2422 addlog("%s [ack] ", 2423 sppp_dotted_quad(desiredaddr)); 2424 /* record that we've seen it already */ 2425 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2426 sp->ipcp.req_hisaddr = desiredaddr; 2427 hisaddr = desiredaddr; 2428 continue; 2429 } 2430 /* 2431 * The address wasn't agreeable. This is either 2432 * he sent us 0.0.0.0, asking to assign him an 2433 * address, or he send us another address not 2434 * matching our value. Either case, we gonna 2435 * conf-nak it with our value. 2436 */ 2437 if (debug) { 2438 if (desiredaddr == 0) 2439 addlog("[addr requested] "); 2440 else 2441 addlog("%s [not agreed] ", 2442 sppp_dotted_quad(desiredaddr)); 2443 } 2444 2445 p[2] = hisaddr >> 24; 2446 p[3] = hisaddr >> 16; 2447 p[4] = hisaddr >> 8; 2448 p[5] = hisaddr; 2449 break; 2450 } 2451 /* Add the option to nak'ed list. */ 2452 bcopy (p, r, p[1]); 2453 r += p[1]; 2454 rlen += p[1]; 2455 } 2456 2457 /* 2458 * If we are about to conf-ack the request, but haven't seen 2459 * his address so far, gonna conf-nak it instead, with the 2460 * `address' option present and our idea of his address being 2461 * filled in there, to request negotiation of both addresses. 2462 * 2463 * XXX This can result in an endless req - nak loop if peer 2464 * doesn't want to send us his address. Q: What should we do 2465 * about it? XXX A: implement the max-failure counter. 2466 */ 2467 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) { 2468 buf[0] = IPCP_OPT_ADDRESS; 2469 buf[1] = 6; 2470 buf[2] = hisaddr >> 24; 2471 buf[3] = hisaddr >> 16; 2472 buf[4] = hisaddr >> 8; 2473 buf[5] = hisaddr; 2474 rlen = 6; 2475 if (debug) 2476 addlog("still need hisaddr "); 2477 } 2478 2479 if (rlen) { 2480 if (debug) 2481 addlog(" send conf-nak\n"); 2482 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2483 } else { 2484 if (debug) 2485 addlog(" send conf-ack\n"); 2486 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 2487 h->ident, origlen, h+1); 2488 } 2489 2490 end: 2491 free(buf, M_TEMP, buflen); 2492 return (rlen == 0); 2493 } 2494 2495 /* 2496 * Analyze the IPCP Configure-Reject option list, and adjust our 2497 * negotiation. 2498 */ 2499 void 2500 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2501 { 2502 u_char *p; 2503 struct ifnet *ifp = &sp->pp_if; 2504 int debug = ifp->if_flags & IFF_DEBUG; 2505 2506 len -= 4; 2507 2508 if (debug) 2509 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 2510 SPP_ARGS(ifp)); 2511 2512 p = (void*) (h+1); 2513 for (; len > 1; len -= p[1], p += p[1]) { 2514 if (p[1] < 2 || p[1] > len) 2515 return; 2516 if (debug) 2517 addlog("%s ", sppp_ipcp_opt_name(*p)); 2518 switch (*p) { 2519 case IPCP_OPT_ADDRESS: 2520 /* 2521 * Peer doesn't grok address option. This is 2522 * bad. XXX Should we better give up here? 2523 */ 2524 sp->ipcp.opts &= ~(1 << SPPP_IPCP_OPT_ADDRESS); 2525 break; 2526 #ifdef notyet 2527 case IPCP_OPT_COMPRESS: 2528 sp->ipcp.opts &= ~(1 << SPPP_IPCP_OPT_COMPRESS); 2529 break; 2530 #endif 2531 case IPCP_OPT_PRIMDNS: 2532 sp->ipcp.opts &= ~(1 << SPPP_IPCP_OPT_PRIMDNS); 2533 break; 2534 case IPCP_OPT_SECDNS: 2535 sp->ipcp.opts &= ~(1 << SPPP_IPCP_OPT_SECDNS); 2536 break; 2537 } 2538 } 2539 if (debug) 2540 addlog("\n"); 2541 } 2542 2543 /* 2544 * Analyze the IPCP Configure-NAK option list, and adjust our 2545 * negotiation. 2546 */ 2547 void 2548 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2549 { 2550 u_char *p; 2551 struct ifnet *ifp = &sp->pp_if; 2552 int debug = ifp->if_flags & IFF_DEBUG; 2553 u_int32_t wantaddr; 2554 2555 len -= 4; 2556 2557 if (debug) 2558 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 2559 SPP_ARGS(ifp)); 2560 2561 p = (void*) (h+1); 2562 for (; len > 1; len -= p[1], p += p[1]) { 2563 if (p[1] < 2 || p[1] > len) 2564 return; 2565 if (debug) 2566 addlog("%s ", sppp_ipcp_opt_name(*p)); 2567 switch (*p) { 2568 case IPCP_OPT_ADDRESS: 2569 /* 2570 * Peer doesn't like our local IP address. See 2571 * if we can do something for him. We'll drop 2572 * him our address then. 2573 */ 2574 if (len >= 6 && p[1] == 6) { 2575 wantaddr = p[2] << 24 | p[3] << 16 | 2576 p[4] << 8 | p[5]; 2577 sp->ipcp.opts |= (1 << SPPP_IPCP_OPT_ADDRESS); 2578 if (debug) 2579 addlog("[wantaddr %s] ", 2580 sppp_dotted_quad(wantaddr)); 2581 /* 2582 * When doing dynamic address assignment, 2583 * we accept his offer. Otherwise, we 2584 * ignore it and thus continue to negotiate 2585 * our already existing value. 2586 */ 2587 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 2588 if (debug) 2589 addlog("[agree] "); 2590 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2591 sp->ipcp.req_myaddr = wantaddr; 2592 } 2593 } 2594 break; 2595 #ifdef notyet 2596 case IPCP_OPT_COMPRESS: 2597 /* 2598 * Peer wants different compression parameters. 2599 */ 2600 break; 2601 #endif 2602 case IPCP_OPT_PRIMDNS: 2603 if (len >= 6 && p[1] == 6) 2604 memcpy(&sp->ipcp.dns[0].s_addr, p + 2, 2605 sizeof(sp->ipcp.dns[0])); 2606 break; 2607 case IPCP_OPT_SECDNS: 2608 if (len >= 6 && p[1] == 6) 2609 memcpy(&sp->ipcp.dns[1].s_addr, p + 2, 2610 sizeof(sp->ipcp.dns[1])); 2611 break; 2612 } 2613 } 2614 if (debug) 2615 addlog("\n"); 2616 } 2617 2618 void 2619 sppp_ipcp_tlu(struct sppp *sp) 2620 { 2621 if (sp->ipcp.req_myaddr != 0 || sp->ipcp.req_hisaddr != 0) 2622 task_add(systq, &sp->ipcp.set_addr_task); 2623 } 2624 2625 void 2626 sppp_ipcp_tld(struct sppp *sp) 2627 { 2628 } 2629 2630 void 2631 sppp_ipcp_tls(struct sppp *sp) 2632 { 2633 STDDCL; 2634 u_int32_t myaddr, hisaddr; 2635 2636 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN| 2637 IPCP_MYADDR_DYN|IPCP_HISADDR_DYN); 2638 sp->ipcp.req_myaddr = 0; 2639 sp->ipcp.req_hisaddr = 0; 2640 memset(&sp->ipcp.dns, 0, sizeof(sp->ipcp.dns)); 2641 2642 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2643 /* 2644 * If we don't have his address, this probably means our 2645 * interface doesn't want to talk IP at all. (This could 2646 * be the case if somebody wants to speak only IPX, for 2647 * example.) Don't open IPCP in this case. 2648 */ 2649 if (hisaddr == 0) { 2650 /* XXX this message should go away */ 2651 if (debug) 2652 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2653 SPP_ARGS(ifp)); 2654 return; 2655 } 2656 2657 if (myaddr == 0) { 2658 /* 2659 * I don't have an assigned address, so i need to 2660 * negotiate my address. 2661 */ 2662 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2663 sp->ipcp.opts |= (1 << SPPP_IPCP_OPT_ADDRESS); 2664 } 2665 if (hisaddr >= 1 && hisaddr <= 255) { 2666 /* 2667 * XXX - remove this hack! 2668 * remote has no valid address, we need to get one assigned. 2669 */ 2670 sp->ipcp.flags |= IPCP_HISADDR_DYN; 2671 } 2672 2673 /* negotiate name server addresses */ 2674 sp->ipcp.opts |= (1 << SPPP_IPCP_OPT_PRIMDNS); 2675 sp->ipcp.opts |= (1 << SPPP_IPCP_OPT_SECDNS); 2676 2677 /* indicate to LCP that it must stay alive */ 2678 sp->lcp.protos |= (1 << IDX_IPCP); 2679 } 2680 2681 void 2682 sppp_ipcp_tlf(struct sppp *sp) 2683 { 2684 if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN)) 2685 /* Some address was dynamic, clear it again. */ 2686 task_add(systq, &sp->ipcp.clear_addr_task); 2687 2688 /* we no longer need LCP */ 2689 sp->lcp.protos &= ~(1 << IDX_IPCP); 2690 sppp_lcp_check_and_close(sp); 2691 } 2692 2693 void 2694 sppp_ipcp_scr(struct sppp *sp) 2695 { 2696 char opt[6 /* compression */ + 6 /* address */ + 12 /* dns addrs */]; 2697 u_int32_t ouraddr; 2698 int i = 0; 2699 2700 #ifdef notyet 2701 if (sp->ipcp.opts & (1 << SPPP_IPCP_OPT_COMPRESSION)) { 2702 opt[i++] = IPCP_OPT_COMPRESSION; 2703 opt[i++] = 6; 2704 opt[i++] = 0; /* VJ header compression */ 2705 opt[i++] = 0x2d; /* VJ header compression */ 2706 opt[i++] = max_slot_id; 2707 opt[i++] = comp_slot_id; 2708 } 2709 #endif 2710 2711 if (sp->ipcp.opts & (1 << SPPP_IPCP_OPT_ADDRESS)) { 2712 if (sp->ipcp.flags & IPCP_MYADDR_SEEN) 2713 /* not sure if this can ever happen */ 2714 ouraddr = sp->ipcp.req_myaddr; 2715 else 2716 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 2717 opt[i++] = IPCP_OPT_ADDRESS; 2718 opt[i++] = 6; 2719 opt[i++] = ouraddr >> 24; 2720 opt[i++] = ouraddr >> 16; 2721 opt[i++] = ouraddr >> 8; 2722 opt[i++] = ouraddr; 2723 } 2724 2725 if (sp->ipcp.opts & (1 << SPPP_IPCP_OPT_PRIMDNS)) { 2726 opt[i++] = IPCP_OPT_PRIMDNS; 2727 opt[i++] = 6; 2728 memcpy(&opt[i], &sp->ipcp.dns[0].s_addr, 2729 sizeof(sp->ipcp.dns[0])); 2730 i += sizeof(sp->ipcp.dns[0]); 2731 } 2732 2733 if (sp->ipcp.opts & (1 << SPPP_IPCP_OPT_SECDNS)) { 2734 opt[i++] = IPCP_OPT_SECDNS; 2735 opt[i++] = 6; 2736 memcpy(&opt[i], &sp->ipcp.dns[1].s_addr, 2737 sizeof(sp->ipcp.dns[1])); 2738 i += sizeof(sp->ipcp.dns[1]); 2739 } 2740 2741 sp->confid[IDX_IPCP] = ++sp->pp_seq; 2742 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, opt); 2743 } 2744 2745 /* 2746 *--------------------------------------------------------------------------* 2747 * * 2748 * The IPv6CP implementation. * 2749 * * 2750 *--------------------------------------------------------------------------* 2751 */ 2752 2753 #ifdef INET6 2754 void 2755 sppp_ipv6cp_init(struct sppp *sp) 2756 { 2757 sp->ipv6cp.opts = 0; 2758 sp->ipv6cp.flags = 0; 2759 sp->state[IDX_IPV6CP] = STATE_INITIAL; 2760 sp->fail_counter[IDX_IPV6CP] = 0; 2761 task_set(&sp->ipv6cp.set_addr_task, sppp_update_ip6_addr, sp); 2762 } 2763 2764 void 2765 sppp_ipv6cp_destroy(struct sppp *sp) 2766 { 2767 task_del(systq, &sp->ipv6cp.set_addr_task); 2768 } 2769 2770 void 2771 sppp_ipv6cp_up(struct sppp *sp) 2772 { 2773 sppp_up_event(&ipv6cp, sp); 2774 } 2775 2776 void 2777 sppp_ipv6cp_down(struct sppp *sp) 2778 { 2779 sppp_down_event(&ipv6cp, sp); 2780 } 2781 2782 void 2783 sppp_ipv6cp_open(struct sppp *sp) 2784 { 2785 STDDCL; 2786 struct in6_addr myaddr, hisaddr; 2787 2788 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 2789 2790 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, NULL); 2791 /* 2792 * If we don't have our address, this probably means our 2793 * interface doesn't want to talk IPv6 at all. (This could 2794 * be the case if the IFXF_NOINET6 flag is set, for 2795 * example.) Don't open IPv6CP in this case. 2796 */ 2797 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 2798 /* XXX this message should go away */ 2799 if (debug) 2800 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 2801 SPP_ARGS(ifp)); 2802 return; 2803 } 2804 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 2805 sppp_open_event(&ipv6cp, sp); 2806 } 2807 2808 void 2809 sppp_ipv6cp_close(struct sppp *sp) 2810 { 2811 sppp_close_event(&ipv6cp, sp); 2812 } 2813 2814 void 2815 sppp_ipv6cp_TO(void *cookie) 2816 { 2817 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 2818 } 2819 2820 int 2821 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2822 { 2823 u_char *buf, *r, *p; 2824 struct ifnet *ifp = &sp->pp_if; 2825 int rlen, origlen, buflen, debug = ifp->if_flags & IFF_DEBUG; 2826 struct in6_addr myaddr, desiredaddr, suggestaddr; 2827 int ifidcount; 2828 int type; 2829 int collision, nohisaddr; 2830 char addr[INET6_ADDRSTRLEN]; 2831 2832 len -= 4; 2833 origlen = len; 2834 /* 2835 * Make sure to allocate a buf that can at least hold a 2836 * conf-nak with an `address' option. We might need it below. 2837 */ 2838 buflen = len < 6? 6: len; 2839 buf = r = malloc (buflen, M_TEMP, M_NOWAIT); 2840 if (! buf) 2841 return (0); 2842 2843 /* pass 1: see if we can recognize them */ 2844 if (debug) 2845 log(LOG_DEBUG, "%s: ipv6cp parse opts:", 2846 SPP_ARGS(ifp)); 2847 p = (void *)(h + 1); 2848 ifidcount = 0; 2849 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2850 /* Sanity check option length */ 2851 if (p[1] < 2 || p[1] > len) { 2852 free(buf, M_TEMP, buflen); 2853 return (-1); 2854 } 2855 if (debug) 2856 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 2857 switch (*p) { 2858 case IPV6CP_OPT_IFID: 2859 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 2860 /* correctly formed address option */ 2861 ifidcount++; 2862 continue; 2863 } 2864 if (debug) 2865 addlog(" [invalid]"); 2866 break; 2867 #ifdef notyet 2868 case IPV6CP_OPT_COMPRESSION: 2869 if (len >= 4 && p[1] >= 4) { 2870 /* correctly formed compress option */ 2871 continue; 2872 } 2873 if (debug) 2874 addlog(" [invalid]"); 2875 break; 2876 #endif 2877 default: 2878 /* Others not supported. */ 2879 if (debug) 2880 addlog(" [rej]"); 2881 break; 2882 } 2883 /* Add the option to rejected list. */ 2884 bcopy (p, r, p[1]); 2885 r += p[1]; 2886 rlen += p[1]; 2887 } 2888 if (rlen) { 2889 if (debug) 2890 addlog(" send conf-rej\n"); 2891 sppp_cp_send(sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 2892 goto end; 2893 } else if (debug) 2894 addlog("\n"); 2895 2896 /* pass 2: parse option values */ 2897 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) 2898 myaddr = sp->ipv6cp.req_ifid.ifra_addr.sin6_addr; 2899 else 2900 sppp_get_ip6_addrs(sp, &myaddr, NULL, NULL); 2901 if (debug) 2902 log(LOG_DEBUG, "%s: ipv6cp parse opt values: ", 2903 SPP_ARGS(ifp)); 2904 p = (void *)(h + 1); 2905 len = origlen; 2906 type = CONF_ACK; 2907 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2908 if (debug) 2909 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 2910 switch (*p) { 2911 #ifdef notyet 2912 case IPV6CP_OPT_COMPRESSION: 2913 continue; 2914 #endif 2915 case IPV6CP_OPT_IFID: 2916 memset(&desiredaddr, 0, sizeof(desiredaddr)); 2917 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 2918 collision = (memcmp(&desiredaddr.s6_addr[8], 2919 &myaddr.s6_addr[8], 8) == 0); 2920 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 2921 2922 desiredaddr.s6_addr16[0] = htons(0xfe80); 2923 2924 if (!collision && !nohisaddr) { 2925 /* no collision, hisaddr known - Conf-Ack */ 2926 type = CONF_ACK; 2927 2928 if (debug) { 2929 addlog(" %s [%s]", 2930 inet_ntop(AF_INET6, &desiredaddr, 2931 addr, sizeof(addr)), 2932 sppp_cp_type_name(type)); 2933 } 2934 sppp_set_ip6_addr(sp, &myaddr, &desiredaddr); 2935 continue; 2936 } 2937 2938 memset(&suggestaddr, 0, sizeof(suggestaddr)); 2939 if (collision && nohisaddr) { 2940 /* collision, hisaddr unknown - Conf-Rej */ 2941 type = CONF_REJ; 2942 memset(&p[2], 0, 8); 2943 } else { 2944 /* 2945 * - no collision, hisaddr unknown, or 2946 * - collision, hisaddr known 2947 * Conf-Nak, suggest hisaddr 2948 */ 2949 type = CONF_NAK; 2950 sppp_suggest_ip6_addr(sp, &suggestaddr); 2951 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 2952 } 2953 if (debug) 2954 addlog(" %s [%s]", 2955 inet_ntop(AF_INET6, &desiredaddr, addr, 2956 sizeof(addr)), 2957 sppp_cp_type_name(type)); 2958 break; 2959 } 2960 /* Add the option to nak'ed list. */ 2961 bcopy (p, r, p[1]); 2962 r += p[1]; 2963 rlen += p[1]; 2964 } 2965 2966 if (rlen == 0 && type == CONF_ACK) { 2967 if (debug) 2968 addlog(" send %s\n", sppp_cp_type_name(type)); 2969 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, origlen, h + 1); 2970 } else { 2971 #ifdef notdef 2972 if (type == CONF_ACK) 2973 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 2974 #endif 2975 2976 if (debug) { 2977 addlog(" send %s suggest %s\n", 2978 sppp_cp_type_name(type), 2979 inet_ntop(AF_INET6, &suggestaddr, addr, 2980 sizeof(addr))); 2981 } 2982 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, rlen, buf); 2983 } 2984 2985 end: 2986 free(buf, M_TEMP, buflen); 2987 return (rlen == 0); 2988 } 2989 2990 void 2991 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2992 { 2993 u_char *p; 2994 struct ifnet *ifp = &sp->pp_if; 2995 int debug = ifp->if_flags & IFF_DEBUG; 2996 2997 len -= 4; 2998 2999 if (debug) 3000 log(LOG_DEBUG, "%s: ipv6cp rej opts:", 3001 SPP_ARGS(ifp)); 3002 3003 p = (void *)(h + 1); 3004 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3005 if (p[1] < 2 || p[1] > len) 3006 return; 3007 if (debug) 3008 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3009 switch (*p) { 3010 case IPV6CP_OPT_IFID: 3011 /* 3012 * Peer doesn't grok address option. This is 3013 * bad. XXX Should we better give up here? 3014 */ 3015 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3016 break; 3017 #ifdef notyet 3018 case IPV6CP_OPT_COMPRESS: 3019 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3020 break; 3021 #endif 3022 } 3023 } 3024 if (debug) 3025 addlog("\n"); 3026 return; 3027 } 3028 3029 void 3030 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3031 { 3032 u_char *p; 3033 struct ifnet *ifp = &sp->pp_if; 3034 int debug = ifp->if_flags & IFF_DEBUG; 3035 struct in6_addr suggestaddr; 3036 char addr[INET6_ADDRSTRLEN]; 3037 3038 len -= 4; 3039 3040 if (debug) 3041 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts: ", 3042 SPP_ARGS(ifp)); 3043 3044 p = (void*) (h+1); 3045 for (; len > 1; len -= p[1], p += p[1]) { 3046 if (p[1] < 2 || p[1] > len) 3047 return; 3048 if (debug) 3049 addlog("%s ", sppp_ipv6cp_opt_name(*p)); 3050 switch (*p) { 3051 case IPV6CP_OPT_IFID: 3052 /* 3053 * Peer doesn't like our local ifid. See 3054 * if we can do something for him. We'll drop 3055 * him our address then. 3056 */ 3057 if (len < 10 || p[1] != 10) 3058 break; 3059 sp->ipv6cp.flags |= IPV6CP_MYIFID_DYN; 3060 memset(&suggestaddr, 0, sizeof(suggestaddr)); 3061 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3062 if (IN6_IS_ADDR_UNSPECIFIED(&suggestaddr) || 3063 (sp->ipv6cp.flags & IPV6CP_MYIFID_SEEN)) { 3064 /* 3065 * The peer didn't suggest anything, 3066 * or wants us to change a previously 3067 * suggested address. 3068 * Configure a new address for us. 3069 */ 3070 sppp_suggest_ip6_addr(sp, &suggestaddr); 3071 sppp_set_ip6_addr(sp, &suggestaddr, NULL); 3072 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3073 } else { 3074 /* Configure address suggested by peer. */ 3075 suggestaddr.s6_addr16[0] = htons(0xfe80); 3076 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3077 if (debug) 3078 addlog(" [suggestaddr %s]", 3079 inet_ntop(AF_INET6, &suggestaddr, 3080 addr, sizeof(addr))); 3081 sppp_set_ip6_addr(sp, &suggestaddr, NULL); 3082 if (debug) 3083 addlog(" [agree]"); 3084 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3085 } 3086 break; 3087 #ifdef notyet 3088 case IPV6CP_OPT_COMPRESS: 3089 /* 3090 * Peer wants different compression parameters. 3091 */ 3092 break; 3093 #endif 3094 } 3095 } 3096 if (debug) 3097 addlog("\n"); 3098 } 3099 3100 void 3101 sppp_ipv6cp_tlu(struct sppp *sp) 3102 { 3103 } 3104 3105 void 3106 sppp_ipv6cp_tld(struct sppp *sp) 3107 { 3108 } 3109 3110 void 3111 sppp_ipv6cp_tls(struct sppp *sp) 3112 { 3113 /* indicate to LCP that it must stay alive */ 3114 sp->lcp.protos |= (1 << IDX_IPV6CP); 3115 } 3116 3117 void 3118 sppp_ipv6cp_tlf(struct sppp *sp) 3119 { 3120 /* we no longer need LCP */ 3121 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3122 sppp_lcp_check_and_close(sp); 3123 } 3124 3125 void 3126 sppp_ipv6cp_scr(struct sppp *sp) 3127 { 3128 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3129 struct in6_addr ouraddr; 3130 int i = 0; 3131 3132 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3133 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) 3134 ouraddr = sp->ipv6cp.req_ifid.ifra_addr.sin6_addr; 3135 else 3136 sppp_get_ip6_addrs(sp, &ouraddr, NULL, NULL); 3137 opt[i++] = IPV6CP_OPT_IFID; 3138 opt[i++] = 10; 3139 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3140 i += 8; 3141 } 3142 3143 #ifdef notyet 3144 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3145 opt[i++] = IPV6CP_OPT_COMPRESSION; 3146 opt[i++] = 4; 3147 opt[i++] = 0; /* TBD */ 3148 opt[i++] = 0; /* TBD */ 3149 /* variable length data may follow */ 3150 } 3151 #endif 3152 3153 sp->confid[IDX_IPV6CP] = ++sp->pp_seq; 3154 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, opt); 3155 } 3156 #else /*INET6*/ 3157 void 3158 sppp_ipv6cp_init(struct sppp *sp) 3159 { 3160 } 3161 3162 void 3163 sppp_ipv6cp_destroy(struct sppp *sp) 3164 { 3165 } 3166 3167 void 3168 sppp_ipv6cp_up(struct sppp *sp) 3169 { 3170 } 3171 3172 void 3173 sppp_ipv6cp_down(struct sppp *sp) 3174 { 3175 } 3176 3177 void 3178 sppp_ipv6cp_open(struct sppp *sp) 3179 { 3180 } 3181 3182 void 3183 sppp_ipv6cp_close(struct sppp *sp) 3184 { 3185 } 3186 3187 void 3188 sppp_ipv6cp_TO(void *sp) 3189 { 3190 } 3191 3192 int 3193 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, 3194 int len) 3195 { 3196 return 0; 3197 } 3198 3199 void 3200 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, 3201 int len) 3202 { 3203 } 3204 3205 void 3206 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, 3207 int len) 3208 { 3209 } 3210 3211 void 3212 sppp_ipv6cp_tlu(struct sppp *sp) 3213 { 3214 } 3215 3216 void 3217 sppp_ipv6cp_tld(struct sppp *sp) 3218 { 3219 } 3220 3221 void 3222 sppp_ipv6cp_tls(struct sppp *sp) 3223 { 3224 } 3225 3226 void 3227 sppp_ipv6cp_tlf(struct sppp *sp) 3228 { 3229 } 3230 3231 void 3232 sppp_ipv6cp_scr(struct sppp *sp) 3233 { 3234 } 3235 #endif /*INET6*/ 3236 3237 /* 3238 *--------------------------------------------------------------------------* 3239 * * 3240 * The CHAP implementation. * 3241 * * 3242 *--------------------------------------------------------------------------* 3243 */ 3244 3245 /* 3246 * The authentication protocols don't employ a full-fledged state machine as 3247 * the control protocols do, since they do have Open and Close events, but 3248 * not Up and Down, nor are they explicitly terminated. Also, use of the 3249 * authentication protocols may be different in both directions (this makes 3250 * sense, think of a machine that never accepts incoming calls but only 3251 * calls out, it doesn't require the called party to authenticate itself). 3252 * 3253 * Our state machine for the local authentication protocol (we are requesting 3254 * the peer to authenticate) looks like: 3255 * 3256 * RCA- 3257 * +--------------------------------------------+ 3258 * V scn,tld| 3259 * +--------+ Close +---------+ RCA+ 3260 * | |<----------------------------------| |------+ 3261 * +--->| Closed | TO* | Opened | sca | 3262 * | | |-----+ +-------| |<-----+ 3263 * | +--------+ irc | | +---------+ 3264 * | ^ | | ^ 3265 * | | | | | 3266 * | | | | | 3267 * | TO-| | | | 3268 * | |tld TO+ V | | 3269 * | | +------->+ | | 3270 * | | | | | | 3271 * | +--------+ V | | 3272 * | | |<----+<--------------------+ | 3273 * | | Req- | scr | 3274 * | | Sent | | 3275 * | | | | 3276 * | +--------+ | 3277 * | RCA- | | RCA+ | 3278 * +------+ +------------------------------------------+ 3279 * scn,tld sca,irc,ict,tlu 3280 * 3281 * 3282 * with: 3283 * 3284 * Open: LCP reached authentication phase 3285 * Close: LCP reached terminate phase 3286 * 3287 * RCA+: received reply (pap-req, chap-response), acceptable 3288 * RCN: received reply (pap-req, chap-response), not acceptable 3289 * TO+: timeout with restart counter >= 0 3290 * TO-: timeout with restart counter < 0 3291 * TO*: reschedule timeout for CHAP 3292 * 3293 * scr: send request packet (none for PAP, chap-challenge) 3294 * sca: send ack packet (pap-ack, chap-success) 3295 * scn: send nak packet (pap-nak, chap-failure) 3296 * ict: initialize re-challenge timer (CHAP only) 3297 * 3298 * tlu: this-layer-up, LCP reaches network phase 3299 * tld: this-layer-down, LCP enters terminate phase 3300 * 3301 * Note that in CHAP mode, after sending a new challenge, while the state 3302 * automaton falls back into Req-Sent state, it doesn't signal a tld 3303 * event to LCP, so LCP remains in network phase. Only after not getting 3304 * any response (or after getting an unacceptable response), CHAP closes, 3305 * causing LCP to enter terminate phase. 3306 * 3307 * With PAP, there is no initial request that can be sent. The peer is 3308 * expected to send one based on the successful negotiation of PAP as 3309 * the authentication protocol during the LCP option negotiation. 3310 * 3311 * Incoming authentication protocol requests (remote requests 3312 * authentication, we are peer) don't employ a state machine at all, 3313 * they are simply answered. Some peers [Ascend P50 firmware rev 3314 * 4.50] react allergically when sending IPCP requests while they are 3315 * still in authentication phase (thereby violating the standard that 3316 * demands that these NCP packets are to be discarded), so we keep 3317 * track of the peer demanding us to authenticate, and only proceed to 3318 * phase network once we've seen a positive acknowledge for the 3319 * authentication. 3320 */ 3321 3322 /* 3323 * Handle incoming CHAP packets. 3324 */ 3325 void 3326 sppp_chap_input(struct sppp *sp, struct mbuf *m) 3327 { 3328 STDDCL; 3329 struct lcp_header *h; 3330 int len, x; 3331 u_char *value, *name, digest[AUTHCHALEN], dsize; 3332 int value_len, name_len; 3333 MD5_CTX ctx; 3334 3335 len = m->m_pkthdr.len; 3336 if (len < 4) { 3337 if (debug) 3338 log(LOG_DEBUG, 3339 SPP_FMT "chap invalid packet length: %d bytes\n", 3340 SPP_ARGS(ifp), len); 3341 return; 3342 } 3343 h = mtod (m, struct lcp_header*); 3344 if (len > ntohs (h->len)) 3345 len = ntohs (h->len); 3346 3347 switch (h->type) { 3348 /* challenge, failure and success are his authproto */ 3349 case CHAP_CHALLENGE: 3350 value = 1 + (u_char*)(h+1); 3351 value_len = value[-1]; 3352 name = value + value_len; 3353 name_len = len - value_len - 5; 3354 if (name_len < 0) { 3355 if (debug) { 3356 log(LOG_DEBUG, 3357 SPP_FMT "chap corrupted challenge " 3358 "<%s id=0x%x len=%d", 3359 SPP_ARGS(ifp), 3360 sppp_auth_type_name(PPP_CHAP, h->type), 3361 h->ident, ntohs(h->len)); 3362 if (len > 4) 3363 sppp_print_bytes((u_char*) (h+1), len-4); 3364 addlog(">\n"); 3365 } 3366 break; 3367 } 3368 3369 if (debug) { 3370 log(LOG_DEBUG, 3371 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3372 SPP_ARGS(ifp), 3373 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3374 ntohs(h->len)); 3375 sppp_print_string((char*) name, name_len); 3376 addlog(" value-size=%d value=", value_len); 3377 sppp_print_bytes(value, value_len); 3378 addlog(">\n"); 3379 } 3380 3381 /* Compute reply value. */ 3382 MD5Init(&ctx); 3383 MD5Update(&ctx, &h->ident, 1); 3384 MD5Update(&ctx, sp->myauth.secret, strlen(sp->myauth.secret)); 3385 MD5Update(&ctx, value, value_len); 3386 MD5Final(digest, &ctx); 3387 dsize = sizeof digest; 3388 3389 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3390 sizeof dsize, (const char *)&dsize, 3391 sizeof digest, digest, 3392 strlen(sp->myauth.name), 3393 sp->myauth.name, 3394 0); 3395 break; 3396 3397 case CHAP_SUCCESS: 3398 if (debug) { 3399 log(LOG_DEBUG, SPP_FMT "chap success", 3400 SPP_ARGS(ifp)); 3401 if (len > 4) { 3402 addlog(": "); 3403 sppp_print_string((char*)(h + 1), len - 4); 3404 } 3405 addlog("\n"); 3406 } 3407 x = splnet(); 3408 sp->pp_flags &= ~PP_NEEDAUTH; 3409 if (sp->myauth.proto == PPP_CHAP && 3410 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3411 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3412 /* 3413 * We are authenticator for CHAP but didn't 3414 * complete yet. Leave it to tlu to proceed 3415 * to network phase. 3416 */ 3417 splx(x); 3418 break; 3419 } 3420 splx(x); 3421 sppp_phase_network(sp); 3422 break; 3423 3424 case CHAP_FAILURE: 3425 if (debug) { 3426 log(LOG_INFO, SPP_FMT "chap failure", 3427 SPP_ARGS(ifp)); 3428 if (len > 4) { 3429 addlog(": "); 3430 sppp_print_string((char*)(h + 1), len - 4); 3431 } 3432 addlog("\n"); 3433 } else 3434 log(LOG_INFO, SPP_FMT "chap failure\n", 3435 SPP_ARGS(ifp)); 3436 /* await LCP shutdown by authenticator */ 3437 break; 3438 3439 /* response is my authproto */ 3440 case CHAP_RESPONSE: 3441 value = 1 + (u_char*)(h+1); 3442 value_len = value[-1]; 3443 name = value + value_len; 3444 name_len = len - value_len - 5; 3445 if (name_len < 0) { 3446 if (debug) { 3447 log(LOG_DEBUG, 3448 SPP_FMT "chap corrupted response " 3449 "<%s id=0x%x len=%d", 3450 SPP_ARGS(ifp), 3451 sppp_auth_type_name(PPP_CHAP, h->type), 3452 h->ident, ntohs(h->len)); 3453 if (len > 4) 3454 sppp_print_bytes((u_char*)(h+1), len-4); 3455 addlog(">\n"); 3456 } 3457 break; 3458 } 3459 if (h->ident != sp->confid[IDX_CHAP]) { 3460 if (debug) 3461 log(LOG_DEBUG, 3462 SPP_FMT "chap dropping response for old ID " 3463 "(got %d, expected %d)\n", 3464 SPP_ARGS(ifp), 3465 h->ident, sp->confid[IDX_CHAP]); 3466 break; 3467 } 3468 if (name_len != strlen(sp->hisauth.name) 3469 || bcmp(name, sp->hisauth.name, name_len) != 0) { 3470 log(LOG_INFO, SPP_FMT "chap response, his name ", 3471 SPP_ARGS(ifp)); 3472 sppp_print_string(name, name_len); 3473 addlog(" != expected "); 3474 sppp_print_string(sp->hisauth.name, 3475 strlen(sp->hisauth.name)); 3476 addlog("\n"); 3477 } 3478 if (debug) { 3479 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 3480 "<%s id=0x%x len=%d name=", 3481 SPP_ARGS(ifp), 3482 sppp_state_name(sp->state[IDX_CHAP]), 3483 sppp_auth_type_name(PPP_CHAP, h->type), 3484 h->ident, ntohs (h->len)); 3485 sppp_print_string((char*)name, name_len); 3486 addlog(" value-size=%d value=", value_len); 3487 sppp_print_bytes(value, value_len); 3488 addlog(">\n"); 3489 } 3490 if (value_len != AUTHCHALEN) { 3491 if (debug) 3492 log(LOG_DEBUG, 3493 SPP_FMT "chap bad hash value length: " 3494 "%d bytes, should be %d\n", 3495 SPP_ARGS(ifp), value_len, 3496 AUTHCHALEN); 3497 break; 3498 } 3499 3500 MD5Init(&ctx); 3501 MD5Update(&ctx, &h->ident, 1); 3502 MD5Update(&ctx, sp->hisauth.secret, strlen(sp->hisauth.secret)); 3503 MD5Update(&ctx, sp->chap_challenge, AUTHCHALEN); 3504 MD5Final(digest, &ctx); 3505 3506 #define FAILMSG "Failed..." 3507 #define SUCCMSG "Welcome!" 3508 3509 if (value_len != sizeof digest || 3510 timingsafe_bcmp(digest, value, value_len) != 0) { 3511 /* action scn, tld */ 3512 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3513 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3514 0); 3515 chap.tld(sp); 3516 break; 3517 } 3518 /* action sca, perhaps tlu */ 3519 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 3520 sp->state[IDX_CHAP] == STATE_OPENED) 3521 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 3522 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3523 0); 3524 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 3525 sppp_cp_change_state(&chap, sp, STATE_OPENED); 3526 chap.tlu(sp); 3527 } 3528 break; 3529 3530 default: 3531 /* Unknown CHAP packet type -- ignore. */ 3532 if (debug) { 3533 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 3534 "<0x%x id=0x%xh len=%d", 3535 SPP_ARGS(ifp), 3536 sppp_state_name(sp->state[IDX_CHAP]), 3537 h->type, h->ident, ntohs(h->len)); 3538 if (len > 4) 3539 sppp_print_bytes((u_char*)(h+1), len-4); 3540 addlog(">\n"); 3541 } 3542 break; 3543 3544 } 3545 } 3546 3547 void 3548 sppp_chap_init(struct sppp *sp) 3549 { 3550 /* Chap doesn't have STATE_INITIAL at all. */ 3551 sp->state[IDX_CHAP] = STATE_CLOSED; 3552 sp->fail_counter[IDX_CHAP] = 0; 3553 } 3554 3555 void 3556 sppp_chap_open(struct sppp *sp) 3557 { 3558 if (sp->myauth.proto == PPP_CHAP && 3559 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3560 /* we are authenticator for CHAP, start it */ 3561 chap.scr(sp); 3562 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3563 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3564 } 3565 /* nothing to be done if we are peer, await a challenge */ 3566 } 3567 3568 void 3569 sppp_chap_close(struct sppp *sp) 3570 { 3571 if (sp->state[IDX_CHAP] != STATE_CLOSED) 3572 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3573 } 3574 3575 void 3576 sppp_chap_TO(void *cookie) 3577 { 3578 struct sppp *sp = (struct sppp *)cookie; 3579 STDDCL; 3580 int s; 3581 3582 s = splnet(); 3583 if (debug) 3584 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 3585 SPP_ARGS(ifp), 3586 sppp_state_name(sp->state[IDX_CHAP]), 3587 sp->rst_counter[IDX_CHAP]); 3588 3589 if (--sp->rst_counter[IDX_CHAP] < 0) 3590 /* TO- event */ 3591 switch (sp->state[IDX_CHAP]) { 3592 case STATE_REQ_SENT: 3593 chap.tld(sp); 3594 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3595 break; 3596 } 3597 else 3598 /* TO+ (or TO*) event */ 3599 switch (sp->state[IDX_CHAP]) { 3600 case STATE_OPENED: 3601 /* TO* event */ 3602 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3603 /* FALLTHROUGH */ 3604 case STATE_REQ_SENT: 3605 chap.scr(sp); 3606 /* sppp_cp_change_state() will restart the timer */ 3607 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3608 break; 3609 } 3610 3611 splx(s); 3612 } 3613 3614 void 3615 sppp_chap_tlu(struct sppp *sp) 3616 { 3617 STDDCL; 3618 int i = 0, x; 3619 3620 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3621 3622 /* 3623 * Some broken CHAP implementations (Conware CoNet, firmware 3624 * 4.0.?) don't want to re-authenticate their CHAP once the 3625 * initial challenge-response exchange has taken place. 3626 * Provide for an option to avoid rechallenges. 3627 */ 3628 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 3629 /* 3630 * Compute the re-challenge timeout. This will yield 3631 * a number between 300 and 810 seconds. 3632 */ 3633 i = 300 + arc4random_uniform(1 + 810 - 300); 3634 3635 timeout_add_sec(&sp->ch[IDX_CHAP], i); 3636 } 3637 3638 if (debug) { 3639 log(LOG_DEBUG, 3640 SPP_FMT "chap %s, ", 3641 SPP_ARGS(ifp), 3642 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 3643 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 3644 addlog("next re-challenge in %d seconds\n", i); 3645 else 3646 addlog("re-challenging suppressed\n"); 3647 } 3648 3649 x = splnet(); 3650 /* indicate to LCP that we need to be closed down */ 3651 sp->lcp.protos |= (1 << IDX_CHAP); 3652 3653 if (sp->pp_flags & PP_NEEDAUTH) { 3654 /* 3655 * Remote is authenticator, but his auth proto didn't 3656 * complete yet. Defer the transition to network 3657 * phase. 3658 */ 3659 splx(x); 3660 return; 3661 } 3662 splx(x); 3663 3664 /* 3665 * If we are already in phase network, we are done here. This 3666 * is the case if this is a dummy tlu event after a re-challenge. 3667 */ 3668 if (sp->pp_phase != PHASE_NETWORK) 3669 sppp_phase_network(sp); 3670 } 3671 3672 void 3673 sppp_chap_tld(struct sppp *sp) 3674 { 3675 STDDCL; 3676 3677 if (debug) 3678 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 3679 UNTIMEOUT(chap.TO, (void *)sp, sp->ch[IDX_CHAP]); 3680 sp->lcp.protos &= ~(1 << IDX_CHAP); 3681 3682 lcp.Close(sp); 3683 } 3684 3685 void 3686 sppp_chap_scr(struct sppp *sp) 3687 { 3688 u_char clen; 3689 3690 /* Compute random challenge. */ 3691 arc4random_buf(sp->chap_challenge, sizeof(sp->chap_challenge)); 3692 clen = AUTHCHALEN; 3693 3694 sp->confid[IDX_CHAP] = ++sp->pp_seq; 3695 3696 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 3697 sizeof clen, (const char *)&clen, 3698 (size_t)AUTHCHALEN, sp->chap_challenge, 3699 strlen(sp->myauth.name), 3700 sp->myauth.name, 3701 0); 3702 } 3703 /* 3704 *--------------------------------------------------------------------------* 3705 * * 3706 * The PAP implementation. * 3707 * * 3708 *--------------------------------------------------------------------------* 3709 */ 3710 /* 3711 * For PAP, we need to keep a little state also if we are the peer, not the 3712 * authenticator. This is since we don't get a request to authenticate, but 3713 * have to repeatedly authenticate ourself until we got a response (or the 3714 * retry counter is expired). 3715 */ 3716 3717 /* 3718 * Handle incoming PAP packets. */ 3719 void 3720 sppp_pap_input(struct sppp *sp, struct mbuf *m) 3721 { 3722 STDDCL; 3723 struct lcp_header *h; 3724 int len, x; 3725 u_char *name, *passwd, mlen; 3726 int name_len, passwd_len; 3727 3728 len = m->m_pkthdr.len; 3729 if (len < 5) { 3730 if (debug) 3731 log(LOG_DEBUG, 3732 SPP_FMT "pap invalid packet length: %d bytes\n", 3733 SPP_ARGS(ifp), len); 3734 return; 3735 } 3736 h = mtod (m, struct lcp_header*); 3737 if (len > ntohs (h->len)) 3738 len = ntohs (h->len); 3739 switch (h->type) { 3740 /* PAP request is my authproto */ 3741 case PAP_REQ: 3742 name = 1 + (u_char*)(h+1); 3743 name_len = name[-1]; 3744 passwd = name + name_len + 1; 3745 if (name_len > len - 6 || 3746 (passwd_len = passwd[-1]) > len - 6 - name_len) { 3747 if (debug) { 3748 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3749 "<%s id=0x%x len=%d", 3750 SPP_ARGS(ifp), 3751 sppp_auth_type_name(PPP_PAP, h->type), 3752 h->ident, ntohs(h->len)); 3753 if (len > 4) 3754 sppp_print_bytes((u_char*)(h+1), len-4); 3755 addlog(">\n"); 3756 } 3757 break; 3758 } 3759 if (debug) { 3760 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 3761 "<%s id=0x%x len=%d name=", 3762 SPP_ARGS(ifp), 3763 sppp_state_name(sp->state[IDX_PAP]), 3764 sppp_auth_type_name(PPP_PAP, h->type), 3765 h->ident, ntohs(h->len)); 3766 sppp_print_string((char*)name, name_len); 3767 addlog(" passwd="); 3768 sppp_print_string((char*)passwd, passwd_len); 3769 addlog(">\n"); 3770 } 3771 if (name_len > AUTHMAXLEN || 3772 passwd_len > AUTHMAXLEN || 3773 bcmp(name, sp->hisauth.name, name_len) != 0 || 3774 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 3775 /* action scn, tld */ 3776 mlen = sizeof(FAILMSG) - 1; 3777 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 3778 sizeof mlen, (const char *)&mlen, 3779 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3780 0); 3781 pap.tld(sp); 3782 break; 3783 } 3784 /* action sca, perhaps tlu */ 3785 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 3786 sp->state[IDX_PAP] == STATE_OPENED) { 3787 mlen = sizeof(SUCCMSG) - 1; 3788 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 3789 sizeof mlen, (const char *)&mlen, 3790 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3791 0); 3792 } 3793 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 3794 sppp_cp_change_state(&pap, sp, STATE_OPENED); 3795 pap.tlu(sp); 3796 } 3797 break; 3798 3799 /* ack and nak are his authproto */ 3800 case PAP_ACK: 3801 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3802 if (debug) { 3803 log(LOG_DEBUG, SPP_FMT "pap success", 3804 SPP_ARGS(ifp)); 3805 name_len = *((char *)h); 3806 if (len > 5 && name_len) { 3807 addlog(": "); 3808 sppp_print_string((char*)(h+1), name_len); 3809 } 3810 addlog("\n"); 3811 } 3812 x = splnet(); 3813 sp->pp_flags &= ~PP_NEEDAUTH; 3814 if (sp->myauth.proto == PPP_PAP && 3815 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3816 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 3817 /* 3818 * We are authenticator for PAP but didn't 3819 * complete yet. Leave it to tlu to proceed 3820 * to network phase. 3821 */ 3822 splx(x); 3823 break; 3824 } 3825 splx(x); 3826 sppp_phase_network(sp); 3827 break; 3828 3829 case PAP_NAK: 3830 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3831 if (debug) { 3832 log(LOG_INFO, SPP_FMT "pap failure", 3833 SPP_ARGS(ifp)); 3834 name_len = *((char *)h); 3835 if (len > 5 && name_len) { 3836 addlog(": "); 3837 sppp_print_string((char*)(h+1), name_len); 3838 } 3839 addlog("\n"); 3840 } else 3841 log(LOG_INFO, SPP_FMT "pap failure\n", 3842 SPP_ARGS(ifp)); 3843 /* await LCP shutdown by authenticator */ 3844 break; 3845 3846 default: 3847 /* Unknown PAP packet type -- ignore. */ 3848 if (debug) { 3849 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3850 "<0x%x id=0x%x len=%d", 3851 SPP_ARGS(ifp), 3852 h->type, h->ident, ntohs(h->len)); 3853 if (len > 4) 3854 sppp_print_bytes((u_char*)(h+1), len-4); 3855 addlog(">\n"); 3856 } 3857 break; 3858 3859 } 3860 } 3861 3862 void 3863 sppp_pap_init(struct sppp *sp) 3864 { 3865 /* PAP doesn't have STATE_INITIAL at all. */ 3866 sp->state[IDX_PAP] = STATE_CLOSED; 3867 sp->fail_counter[IDX_PAP] = 0; 3868 } 3869 3870 void 3871 sppp_pap_open(struct sppp *sp) 3872 { 3873 if (sp->hisauth.proto == PPP_PAP && 3874 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3875 /* we are authenticator for PAP, start our timer */ 3876 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3877 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3878 } 3879 if (sp->myauth.proto == PPP_PAP) { 3880 /* we are peer, send a request, and start a timer */ 3881 pap.scr(sp); 3882 timeout_add_sec(&sp->pap_my_to_ch, sp->lcp.timeout); 3883 } 3884 } 3885 3886 void 3887 sppp_pap_close(struct sppp *sp) 3888 { 3889 if (sp->state[IDX_PAP] != STATE_CLOSED) 3890 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3891 } 3892 3893 /* 3894 * That's the timeout routine if we are authenticator. Since the 3895 * authenticator is basically passive in PAP, we can't do much here. 3896 */ 3897 void 3898 sppp_pap_TO(void *cookie) 3899 { 3900 struct sppp *sp = (struct sppp *)cookie; 3901 STDDCL; 3902 int s; 3903 3904 s = splnet(); 3905 if (debug) 3906 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 3907 SPP_ARGS(ifp), 3908 sppp_state_name(sp->state[IDX_PAP]), 3909 sp->rst_counter[IDX_PAP]); 3910 3911 if (--sp->rst_counter[IDX_PAP] < 0) 3912 /* TO- event */ 3913 switch (sp->state[IDX_PAP]) { 3914 case STATE_REQ_SENT: 3915 pap.tld(sp); 3916 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3917 break; 3918 } 3919 else 3920 /* TO+ event, not very much we could do */ 3921 switch (sp->state[IDX_PAP]) { 3922 case STATE_REQ_SENT: 3923 /* sppp_cp_change_state() will restart the timer */ 3924 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3925 break; 3926 } 3927 3928 splx(s); 3929 } 3930 3931 /* 3932 * That's the timeout handler if we are peer. Since the peer is active, 3933 * we need to retransmit our PAP request since it is apparently lost. 3934 * XXX We should impose a max counter. 3935 */ 3936 void 3937 sppp_pap_my_TO(void *cookie) 3938 { 3939 struct sppp *sp = (struct sppp *)cookie; 3940 STDDCL; 3941 3942 if (debug) 3943 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 3944 SPP_ARGS(ifp)); 3945 3946 pap.scr(sp); 3947 } 3948 3949 void 3950 sppp_pap_tlu(struct sppp *sp) 3951 { 3952 STDDCL; 3953 int x; 3954 3955 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3956 3957 if (debug) 3958 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 3959 SPP_ARGS(ifp), pap.name); 3960 3961 x = splnet(); 3962 /* indicate to LCP that we need to be closed down */ 3963 sp->lcp.protos |= (1 << IDX_PAP); 3964 3965 if (sp->pp_flags & PP_NEEDAUTH) { 3966 /* 3967 * Remote is authenticator, but his auth proto didn't 3968 * complete yet. Defer the transition to network 3969 * phase. 3970 */ 3971 splx(x); 3972 return; 3973 } 3974 splx(x); 3975 sppp_phase_network(sp); 3976 } 3977 3978 void 3979 sppp_pap_tld(struct sppp *sp) 3980 { 3981 STDDCL; 3982 3983 if (debug) 3984 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 3985 UNTIMEOUT(pap.TO, (void *)sp, sp->ch[IDX_PAP]); 3986 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3987 sp->lcp.protos &= ~(1 << IDX_PAP); 3988 3989 lcp.Close(sp); 3990 } 3991 3992 void 3993 sppp_pap_scr(struct sppp *sp) 3994 { 3995 u_char idlen, pwdlen; 3996 3997 sp->confid[IDX_PAP] = ++sp->pp_seq; 3998 pwdlen = strlen(sp->myauth.secret); 3999 idlen = strlen(sp->myauth.name); 4000 4001 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4002 sizeof idlen, (const char *)&idlen, 4003 (size_t)idlen, sp->myauth.name, 4004 sizeof pwdlen, (const char *)&pwdlen, 4005 (size_t)pwdlen, sp->myauth.secret, 4006 0); 4007 } 4008 /* 4009 * Random miscellaneous functions. 4010 */ 4011 4012 /* 4013 * Send a PAP or CHAP proto packet. 4014 * 4015 * Variadic function, each of the elements for the ellipsis is of type 4016 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4017 * mlen == 0. 4018 */ 4019 4020 void 4021 sppp_auth_send(const struct cp *cp, struct sppp *sp, 4022 unsigned int type, u_int id, ...) 4023 { 4024 STDDCL; 4025 struct lcp_header *lh; 4026 struct mbuf *m; 4027 u_char *p; 4028 int len, s; 4029 unsigned int mlen; 4030 const char *msg; 4031 va_list ap; 4032 4033 MGETHDR (m, M_DONTWAIT, MT_DATA); 4034 if (! m) 4035 return; 4036 m->m_pkthdr.ph_ifidx = 0; 4037 m->m_pkthdr.pf.prio = sp->pp_if.if_llprio; 4038 4039 *mtod(m, u_int16_t *) = htons(cp->proto); 4040 lh = (struct lcp_header *)(mtod(m, u_int8_t *) + 2); 4041 4042 lh->type = type; 4043 lh->ident = id; 4044 p = (u_char*) (lh+1); 4045 4046 va_start(ap, id); 4047 len = 0; 4048 4049 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4050 msg = va_arg(ap, const char *); 4051 len += mlen; 4052 if (len > MHLEN - PKTHDRLEN - LCP_HEADER_LEN) { 4053 va_end(ap); 4054 m_freem(m); 4055 return; 4056 } 4057 4058 bcopy(msg, p, mlen); 4059 p += mlen; 4060 } 4061 va_end(ap); 4062 4063 m->m_pkthdr.len = m->m_len = PKTHDRLEN + LCP_HEADER_LEN + len; 4064 lh->len = htons (LCP_HEADER_LEN + len); 4065 4066 if (debug) { 4067 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4068 SPP_ARGS(ifp), cp->name, 4069 sppp_auth_type_name(cp->proto, lh->type), 4070 lh->ident, ntohs(lh->len)); 4071 if (len) 4072 sppp_print_bytes((u_char*) (lh+1), len); 4073 addlog(">\n"); 4074 } 4075 4076 len = m->m_pkthdr.len + sp->pp_framebytes; 4077 if (mq_enqueue(&sp->pp_cpq, m) != 0) { 4078 ifp->if_oerrors++; 4079 return; 4080 } 4081 4082 ifp->if_obytes += len; 4083 s = splnet(); 4084 if_start(ifp); 4085 splx(s); 4086 } 4087 4088 /* 4089 * Send keepalive packets, every 10 seconds. 4090 */ 4091 void 4092 sppp_keepalive(void *dummy) 4093 { 4094 struct sppp *sp; 4095 int s; 4096 struct timeval tv; 4097 4098 NET_LOCK(); 4099 s = splnet(); 4100 getmicrouptime(&tv); 4101 for (sp=spppq; sp; sp=sp->pp_next) { 4102 struct ifnet *ifp = &sp->pp_if; 4103 4104 /* Keepalive mode disabled or channel down? */ 4105 if (! (sp->pp_flags & PP_KEEPALIVE) || 4106 ! (ifp->if_flags & IFF_RUNNING)) 4107 continue; 4108 4109 /* No keepalive if LCP not opened yet. */ 4110 if (sp->pp_phase < PHASE_AUTHENTICATE) 4111 continue; 4112 4113 /* No echo reply, but maybe user data passed through? */ 4114 if ((tv.tv_sec - sp->pp_last_receive) < NORECV_TIME) { 4115 sp->pp_alivecnt = 0; 4116 continue; 4117 } 4118 4119 if (sp->pp_alivecnt >= MAXALIVECNT) { 4120 /* No keepalive packets got. Stop the interface. */ 4121 if_down (ifp); 4122 mq_purge(&sp->pp_cpq); 4123 log(LOG_INFO, SPP_FMT "LCP keepalive timeout\n", 4124 SPP_ARGS(ifp)); 4125 sp->pp_alivecnt = 0; 4126 4127 /* we are down, close all open protocols */ 4128 lcp.Close(sp); 4129 4130 /* And now prepare LCP to reestablish the link, 4131 * if configured to do so. */ 4132 sppp_cp_change_state(&lcp, sp, STATE_STOPPED); 4133 4134 /* Close connection immediately, completion of this 4135 * will summon the magic needed to reestablish it. */ 4136 if (sp->pp_tlf) 4137 sp->pp_tlf(sp); 4138 continue; 4139 } 4140 if (sp->pp_alivecnt < MAXALIVECNT) 4141 ++sp->pp_alivecnt; 4142 if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4143 u_int32_t nmagic = htonl(sp->lcp.magic); 4144 sp->lcp.echoid = ++sp->pp_seq; 4145 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4146 sp->lcp.echoid, 4, &nmagic); 4147 } 4148 } 4149 splx(s); 4150 NET_UNLOCK(); 4151 timeout_add_sec(&keepalive_ch, 10); 4152 } 4153 4154 /* 4155 * Get both IP addresses. 4156 */ 4157 void 4158 sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, 4159 u_int32_t *srcmask) 4160 { 4161 struct ifnet *ifp = &sp->pp_if; 4162 struct ifaddr *ifa; 4163 struct sockaddr_in *si, *sm = 0; 4164 u_int32_t ssrc, ddst; 4165 4166 sm = NULL; 4167 ssrc = ddst = 0; 4168 /* 4169 * Pick the first AF_INET address from the list, 4170 * aliases don't make any sense on a p2p link anyway. 4171 */ 4172 si = 0; 4173 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4174 { 4175 if (ifa->ifa_addr->sa_family == AF_INET) { 4176 si = (struct sockaddr_in *)ifa->ifa_addr; 4177 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4178 if (si) 4179 break; 4180 } 4181 } 4182 if (ifa) { 4183 if (si && si->sin_addr.s_addr) { 4184 ssrc = si->sin_addr.s_addr; 4185 if (srcmask) 4186 *srcmask = ntohl(sm->sin_addr.s_addr); 4187 } 4188 4189 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4190 if (si && si->sin_addr.s_addr) 4191 ddst = si->sin_addr.s_addr; 4192 } 4193 4194 if (dst) *dst = ntohl(ddst); 4195 if (src) *src = ntohl(ssrc); 4196 } 4197 4198 int 4199 sppp_update_gw_walker(struct rtentry *rt, void *arg, unsigned int id) 4200 { 4201 struct ifnet *ifp = arg; 4202 4203 if (rt->rt_ifidx == ifp->if_index) { 4204 if (rt->rt_ifa->ifa_dstaddr->sa_family != 4205 rt->rt_gateway->sa_family || 4206 !ISSET(rt->rt_flags, RTF_GATEWAY)) 4207 return (0); /* do not modify non-gateway routes */ 4208 rt_setgate(rt, rt->rt_ifa->ifa_dstaddr, ifp->if_rdomain); 4209 } 4210 return (0); 4211 } 4212 4213 void 4214 sppp_update_gw(struct ifnet *ifp) 4215 { 4216 u_int tid; 4217 4218 /* update routing table */ 4219 for (tid = 0; tid <= RT_TABLEID_MAX; tid++) { 4220 rtable_walk(tid, AF_INET, NULL, sppp_update_gw_walker, ifp); 4221 } 4222 } 4223 4224 /* 4225 * Task adding addresses from process context. 4226 * If an address is 0, leave it the way it is. 4227 */ 4228 void 4229 sppp_set_ip_addrs(void *arg1) 4230 { 4231 struct sppp *sp = arg1; 4232 u_int32_t myaddr; 4233 u_int32_t hisaddr; 4234 struct ifnet *ifp = &sp->pp_if; 4235 int debug = ifp->if_flags & IFF_DEBUG; 4236 struct ifaddr *ifa; 4237 struct sockaddr_in *si; 4238 struct sockaddr_in *dest; 4239 4240 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, NULL); 4241 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && 4242 (sp->ipcp.flags & IPCP_MYADDR_SEEN)) 4243 myaddr = sp->ipcp.req_myaddr; 4244 if ((sp->ipcp.flags & IPCP_HISADDR_DYN) && 4245 (sp->ipcp.flags & IPCP_HISADDR_SEEN)) 4246 hisaddr = sp->ipcp.req_hisaddr; 4247 4248 4249 NET_LOCK(); 4250 /* 4251 * Pick the first AF_INET address from the list, 4252 * aliases don't make any sense on a p2p link anyway. 4253 */ 4254 4255 si = 0; 4256 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4257 { 4258 if (ifa->ifa_addr->sa_family == AF_INET) 4259 { 4260 si = (struct sockaddr_in *)ifa->ifa_addr; 4261 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 4262 if (si) 4263 break; 4264 } 4265 } 4266 4267 if (ifa && si) { 4268 int error; 4269 struct sockaddr_in new_sin = *si; 4270 struct sockaddr_in new_dst = *dest; 4271 4272 in_ifscrub(ifp, ifatoia(ifa)); 4273 4274 if (myaddr != 0) 4275 new_sin.sin_addr.s_addr = htonl(myaddr); 4276 if (hisaddr != 0) { 4277 new_dst.sin_addr.s_addr = htonl(hisaddr); 4278 if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) { 4279 sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr; 4280 *dest = new_dst; /* fix dstaddr in place */ 4281 } 4282 } 4283 if (!(error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 0))) 4284 if_addrhooks_run(ifp); 4285 if (debug && error) { 4286 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addrs: in_ifinit " 4287 " failed, error=%d\n", SPP_ARGS(ifp), error); 4288 goto out; 4289 } 4290 sppp_update_gw(ifp); 4291 sppp_update_dns(ifp); 4292 } 4293 out: 4294 NET_UNLOCK(); 4295 } 4296 4297 /* 4298 * Task clearing addresses from process context. 4299 * Clear IP addresses. 4300 */ 4301 void 4302 sppp_clear_ip_addrs(void *arg1) 4303 { 4304 struct sppp *sp = (struct sppp *)arg1; 4305 struct ifnet *ifp = &sp->pp_if; 4306 int debug = ifp->if_flags & IFF_DEBUG; 4307 struct ifaddr *ifa; 4308 struct sockaddr_in *si; 4309 struct sockaddr_in *dest; 4310 u_int32_t remote; 4311 4312 NET_LOCK(); 4313 4314 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 4315 remote = sp->ipcp.saved_hisaddr; 4316 else 4317 sppp_get_ip_addrs(sp, 0, &remote, 0); 4318 4319 /* 4320 * Pick the first AF_INET address from the list, 4321 * aliases don't make any sense on a p2p link anyway. 4322 */ 4323 4324 si = 0; 4325 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 4326 if (ifa->ifa_addr->sa_family == AF_INET) { 4327 si = (struct sockaddr_in *)ifa->ifa_addr; 4328 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 4329 if (si) 4330 break; 4331 } 4332 } 4333 4334 if (ifa && si) { 4335 int error; 4336 struct sockaddr_in new_sin = *si; 4337 4338 in_ifscrub(ifp, ifatoia(ifa)); 4339 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 4340 new_sin.sin_addr.s_addr = 0; 4341 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 4342 /* replace peer addr in place */ 4343 dest->sin_addr.s_addr = sp->ipcp.saved_hisaddr; 4344 if (!(error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 0))) 4345 if_addrhooks_run(ifp); 4346 if (debug && error) { 4347 log(LOG_DEBUG, SPP_FMT "sppp_clear_ip_addrs: in_ifinit " 4348 " failed, error=%d\n", SPP_ARGS(ifp), error); 4349 goto out; 4350 } 4351 sppp_update_gw(ifp); 4352 4353 memset(sp->ipcp.dns, 0, sizeof(sp->ipcp.dns)); 4354 sppp_update_dns(ifp); 4355 } 4356 out: 4357 NET_UNLOCK(); 4358 } 4359 4360 4361 #ifdef INET6 4362 /* 4363 * Get both IPv6 addresses. 4364 */ 4365 void 4366 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4367 struct in6_addr *srcmask) 4368 { 4369 struct ifnet *ifp = &sp->pp_if; 4370 struct in6_ifaddr *ia6; 4371 struct in6_addr ssrc, ddst; 4372 4373 bzero(&ssrc, sizeof(ssrc)); 4374 bzero(&ddst, sizeof(ddst)); 4375 /* 4376 * Pick the first link-local AF_INET6 address from the list, 4377 * aliases don't make any sense on a p2p link anyway. 4378 */ 4379 ia6 = in6ifa_ifpforlinklocal(ifp, 0); 4380 if (ia6) { 4381 if (!IN6_IS_ADDR_UNSPECIFIED(&ia6->ia_addr.sin6_addr)) { 4382 bcopy(&ia6->ia_addr.sin6_addr, &ssrc, sizeof(ssrc)); 4383 if (srcmask) { 4384 bcopy(&ia6->ia_prefixmask.sin6_addr, srcmask, 4385 sizeof(*srcmask)); 4386 } 4387 } 4388 4389 if (!IN6_IS_ADDR_UNSPECIFIED(&ia6->ia_dstaddr.sin6_addr)) 4390 bcopy(&ia6->ia_dstaddr.sin6_addr, &ddst, sizeof(ddst)); 4391 } 4392 4393 if (dst) 4394 bcopy(&ddst, dst, sizeof(*dst)); 4395 if (src) 4396 bcopy(&ssrc, src, sizeof(*src)); 4397 } 4398 4399 /* Task to update my IPv6 address from process context. */ 4400 void 4401 sppp_update_ip6_addr(void *arg) 4402 { 4403 struct sppp *sp = arg; 4404 struct ifnet *ifp = &sp->pp_if; 4405 struct in6_aliasreq *ifra = &sp->ipv6cp.req_ifid; 4406 struct in6_ifaddr *ia6; 4407 int error; 4408 4409 NET_LOCK(); 4410 4411 ia6 = in6ifa_ifpforlinklocal(ifp, 0); 4412 if (ia6 == NULL) { 4413 /* IPv6 disabled? */ 4414 goto out; 4415 } 4416 4417 /* 4418 * Changing the link-local address requires purging all 4419 * existing addresses and routes for the interface first. 4420 */ 4421 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 4422 in6_ifdetach(ifp); 4423 error = in6_ifattach_linklocal(ifp, &ifra->ifra_addr.sin6_addr); 4424 if (error) 4425 log(LOG_ERR, SPP_FMT 4426 "could not update IPv6 address (error %d)\n", 4427 SPP_ARGS(ifp), error); 4428 goto out; 4429 } 4430 4431 /* 4432 * Code below changes address parameters only, not the address itself. 4433 */ 4434 4435 /* Destination address can only be set for /128. */ 4436 if (memcmp(&ia6->ia_prefixmask.sin6_addr, &in6mask128, 4437 sizeof(in6mask128)) != 0) { 4438 ifra->ifra_dstaddr.sin6_len = 0; 4439 ifra->ifra_dstaddr.sin6_family = AF_UNSPEC; 4440 } 4441 4442 ifra->ifra_lifetime = ia6->ia6_lifetime; 4443 4444 error = in6_update_ifa(ifp, ifra, ia6); 4445 if (error) { 4446 log(LOG_ERR, SPP_FMT 4447 "could not update IPv6 address (error %d)\n", 4448 SPP_ARGS(ifp), error); 4449 } 4450 out: 4451 NET_UNLOCK(); 4452 } 4453 4454 /* 4455 * Configure my link-local address. 4456 */ 4457 void 4458 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src, 4459 const struct in6_addr *dst) 4460 { 4461 struct ifnet *ifp = &sp->pp_if; 4462 struct in6_aliasreq *ifra = &sp->ipv6cp.req_ifid; 4463 4464 bzero(ifra, sizeof(*ifra)); 4465 bcopy(ifp->if_xname, ifra->ifra_name, sizeof(ifra->ifra_name)); 4466 4467 ifra->ifra_addr.sin6_len = sizeof(struct sockaddr_in6); 4468 ifra->ifra_addr.sin6_family = AF_INET6; 4469 ifra->ifra_addr.sin6_addr = *src; 4470 if (dst) { 4471 ifra->ifra_dstaddr.sin6_len = sizeof(struct sockaddr_in6); 4472 ifra->ifra_dstaddr.sin6_family = AF_INET6; 4473 ifra->ifra_dstaddr.sin6_addr = *dst; 4474 } else 4475 ifra->ifra_dstaddr.sin6_family = AF_UNSPEC; 4476 4477 /* 4478 * Don't change the existing prefixlen. 4479 * It is common to use a /64 for IPv6 over point-to-point links 4480 * to allow e.g. neighbour discovery and autoconf to work. 4481 * But it is legal to use other values. 4482 */ 4483 ifra->ifra_prefixmask.sin6_family = AF_UNSPEC; 4484 4485 task_add(systq, &sp->ipv6cp.set_addr_task); 4486 } 4487 4488 /* 4489 * Generate an address that differs from our existing address. 4490 */ 4491 void 4492 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 4493 { 4494 struct in6_addr myaddr; 4495 u_int32_t random; 4496 4497 sppp_get_ip6_addrs(sp, &myaddr, NULL, NULL); 4498 4499 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 4500 4501 random = arc4random(); 4502 if ((random & 0xff) == 0 && (random & 0xff00) == 0) { 4503 myaddr.s6_addr[14] ^= 0xff; 4504 myaddr.s6_addr[15] ^= 0xff; 4505 } else { 4506 myaddr.s6_addr[14] ^= (random & 0xff); 4507 myaddr.s6_addr[15] ^= ((random & 0xff00) >> 8); 4508 } 4509 myaddr.s6_addr16[1] = 0; /* KAME hack: clear ifindex */ 4510 bcopy(&myaddr, suggest, sizeof(myaddr)); 4511 } 4512 #endif /*INET6*/ 4513 4514 int 4515 sppp_get_params(struct sppp *sp, struct ifreq *ifr) 4516 { 4517 int cmd; 4518 4519 if (copyin((caddr_t)ifr->ifr_data, &cmd, sizeof cmd) != 0) 4520 return EFAULT; 4521 4522 switch (cmd) { 4523 case SPPPIOGDEFS: 4524 { 4525 struct spppreq *spr; 4526 4527 spr = malloc(sizeof(*spr), M_DEVBUF, M_WAITOK); 4528 spr->cmd = cmd; 4529 spr->phase = sp->pp_phase; 4530 4531 if (copyout(spr, (caddr_t)ifr->ifr_data, sizeof(*spr)) != 0) { 4532 free(spr, M_DEVBUF, sizeof(*spr)); 4533 return EFAULT; 4534 } 4535 free(spr, M_DEVBUF, sizeof(*spr)); 4536 break; 4537 } 4538 case SPPPIOGMAUTH: 4539 case SPPPIOGHAUTH: 4540 { 4541 struct sauthreq *spa; 4542 struct sauth *auth; 4543 4544 spa = malloc(sizeof(*spa), M_DEVBUF, M_WAITOK); 4545 auth = (cmd == SPPPIOGMAUTH) ? &sp->myauth : &sp->hisauth; 4546 bzero(spa, sizeof(*spa)); 4547 spa->proto = auth->proto; 4548 spa->flags = auth->flags; 4549 4550 /* do not copy the secret, and only let root know the name */ 4551 if (auth->name != NULL && suser(curproc) == 0) 4552 strlcpy(spa->name, auth->name, sizeof(spa->name)); 4553 4554 if (copyout(spa, (caddr_t)ifr->ifr_data, sizeof(*spa)) != 0) { 4555 free(spa, M_DEVBUF, sizeof(*spa)); 4556 return EFAULT; 4557 } 4558 free(spa, M_DEVBUF, sizeof(*spa)); 4559 break; 4560 } 4561 case SPPPIOGDNS: 4562 { 4563 struct sdnsreq *spd; 4564 4565 spd = malloc(sizeof(*spd), M_DEVBUF, M_WAITOK); 4566 4567 spd->cmd = cmd; 4568 memcpy(spd->dns, sp->ipcp.dns, sizeof(spd->dns)); 4569 4570 if (copyout(spd, (caddr_t)ifr->ifr_data, sizeof(*spd)) != 0) { 4571 free(spd, M_DEVBUF, 0); 4572 return EFAULT; 4573 } 4574 4575 free(spd, M_DEVBUF, sizeof(*spd)); 4576 break; 4577 } 4578 default: 4579 return EINVAL; 4580 } 4581 4582 return 0; 4583 } 4584 4585 4586 int 4587 sppp_set_params(struct sppp *sp, struct ifreq *ifr) 4588 { 4589 int cmd; 4590 4591 if (copyin((caddr_t)ifr->ifr_data, &cmd, sizeof cmd) != 0) 4592 return EFAULT; 4593 4594 switch (cmd) { 4595 case SPPPIOSDEFS: 4596 { 4597 struct spppreq *spr; 4598 4599 spr = malloc(sizeof(*spr), M_DEVBUF, M_WAITOK); 4600 4601 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(*spr)) != 0) { 4602 free(spr, M_DEVBUF, sizeof(*spr)); 4603 return EFAULT; 4604 } 4605 /* 4606 * Also, we only allow for authentication parameters to be 4607 * specified. 4608 * 4609 * XXX Should allow to set or clear pp_flags. 4610 */ 4611 free(spr, M_DEVBUF, sizeof(*spr)); 4612 break; 4613 } 4614 case SPPPIOSMAUTH: 4615 case SPPPIOSHAUTH: 4616 { 4617 /* 4618 * Finally, if the respective authentication protocol to 4619 * be used is set differently than 0, but the secret is 4620 * passed as all zeros, we don't trash the existing secret. 4621 * This allows an administrator to change the system name 4622 * only without clobbering the secret (which he didn't get 4623 * back in a previous SPPPIOGXAUTH call). However, the 4624 * secrets are cleared if the authentication protocol is 4625 * reset to 0. 4626 */ 4627 4628 struct sauthreq *spa; 4629 struct sauth *auth; 4630 char *p; 4631 int len; 4632 4633 spa = malloc(sizeof(*spa), M_DEVBUF, M_WAITOK); 4634 4635 auth = (cmd == SPPPIOSMAUTH) ? &sp->myauth : &sp->hisauth; 4636 4637 if (copyin((caddr_t)ifr->ifr_data, spa, sizeof(*spa)) != 0) { 4638 free(spa, M_DEVBUF, sizeof(*spa)); 4639 return EFAULT; 4640 } 4641 4642 if (spa->proto != 0 && spa->proto != PPP_PAP && 4643 spa->proto != PPP_CHAP) { 4644 free(spa, M_DEVBUF, sizeof(*spa)); 4645 return EINVAL; 4646 } 4647 4648 if (spa->proto == 0) { 4649 /* resetting auth */ 4650 if (auth->name != NULL) 4651 free(auth->name, M_DEVBUF, 4652 strlen(auth->name) + 1); 4653 if (auth->secret != NULL) 4654 free(auth->secret, M_DEVBUF, 4655 strlen(auth->secret) + 1); 4656 bzero(auth, sizeof *auth); 4657 explicit_bzero(sp->chap_challenge, sizeof sp->chap_challenge); 4658 } else { 4659 /* setting/changing auth */ 4660 auth->proto = spa->proto; 4661 auth->flags = spa->flags; 4662 4663 spa->name[AUTHMAXLEN - 1] = '\0'; 4664 len = strlen(spa->name) + 1; 4665 p = malloc(len, M_DEVBUF, M_WAITOK); 4666 strlcpy(p, spa->name, len); 4667 if (auth->name != NULL) 4668 free(auth->name, M_DEVBUF, 4669 strlen(auth->name) + 1); 4670 auth->name = p; 4671 4672 if (spa->secret[0] != '\0') { 4673 spa->secret[AUTHMAXLEN - 1] = '\0'; 4674 len = strlen(spa->secret) + 1; 4675 p = malloc(len, M_DEVBUF, M_WAITOK); 4676 strlcpy(p, spa->secret, len); 4677 if (auth->secret != NULL) 4678 free(auth->secret, M_DEVBUF, 4679 strlen(auth->secret) + 1); 4680 auth->secret = p; 4681 } else if (!auth->secret) { 4682 p = malloc(1, M_DEVBUF, M_WAITOK); 4683 p[0] = '\0'; 4684 auth->secret = p; 4685 } 4686 } 4687 free(spa, M_DEVBUF, sizeof(*spa)); 4688 break; 4689 } 4690 default: 4691 return EINVAL; 4692 } 4693 4694 return (ENETRESET); 4695 } 4696 4697 void 4698 sppp_phase_network(struct sppp *sp) 4699 { 4700 int i; 4701 u_long mask; 4702 4703 sp->pp_phase = PHASE_NETWORK; 4704 4705 sppp_set_phase(sp); 4706 4707 /* Notify NCPs now. */ 4708 for (i = 0; i < IDX_COUNT; i++) 4709 if ((cps[i])->flags & CP_NCP) 4710 (cps[i])->Open(sp); 4711 4712 /* Send Up events to all NCPs. */ 4713 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 4714 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP)) 4715 (cps[i])->Up(sp); 4716 4717 /* if no NCP is starting, all this was in vain, close down */ 4718 sppp_lcp_check_and_close(sp); 4719 } 4720 4721 4722 const char * 4723 sppp_cp_type_name(u_char type) 4724 { 4725 static char buf[12]; 4726 switch (type) { 4727 case CONF_REQ: return "conf-req"; 4728 case CONF_ACK: return "conf-ack"; 4729 case CONF_NAK: return "conf-nak"; 4730 case CONF_REJ: return "conf-rej"; 4731 case TERM_REQ: return "term-req"; 4732 case TERM_ACK: return "term-ack"; 4733 case CODE_REJ: return "code-rej"; 4734 case PROTO_REJ: return "proto-rej"; 4735 case ECHO_REQ: return "echo-req"; 4736 case ECHO_REPLY: return "echo-reply"; 4737 case DISC_REQ: return "discard-req"; 4738 } 4739 snprintf (buf, sizeof buf, "0x%x", type); 4740 return buf; 4741 } 4742 4743 const char * 4744 sppp_auth_type_name(u_short proto, u_char type) 4745 { 4746 static char buf[12]; 4747 switch (proto) { 4748 case PPP_CHAP: 4749 switch (type) { 4750 case CHAP_CHALLENGE: return "challenge"; 4751 case CHAP_RESPONSE: return "response"; 4752 case CHAP_SUCCESS: return "success"; 4753 case CHAP_FAILURE: return "failure"; 4754 } 4755 case PPP_PAP: 4756 switch (type) { 4757 case PAP_REQ: return "req"; 4758 case PAP_ACK: return "ack"; 4759 case PAP_NAK: return "nak"; 4760 } 4761 } 4762 snprintf (buf, sizeof buf, "0x%x", type); 4763 return buf; 4764 } 4765 4766 const char * 4767 sppp_lcp_opt_name(u_char opt) 4768 { 4769 static char buf[12]; 4770 switch (opt) { 4771 case LCP_OPT_MRU: return "mru"; 4772 case LCP_OPT_ASYNC_MAP: return "async-map"; 4773 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 4774 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 4775 case LCP_OPT_MAGIC: return "magic"; 4776 case LCP_OPT_PROTO_COMP: return "proto-comp"; 4777 case LCP_OPT_ADDR_COMP: return "addr-comp"; 4778 } 4779 snprintf (buf, sizeof buf, "0x%x", opt); 4780 return buf; 4781 } 4782 4783 const char * 4784 sppp_ipcp_opt_name(u_char opt) 4785 { 4786 static char buf[12]; 4787 switch (opt) { 4788 case IPCP_OPT_ADDRESSES: return "addresses"; 4789 case IPCP_OPT_COMPRESSION: return "compression"; 4790 case IPCP_OPT_ADDRESS: return "address"; 4791 case IPCP_OPT_PRIMDNS: return "primdns"; 4792 case IPCP_OPT_SECDNS: return "secdns"; 4793 } 4794 snprintf (buf, sizeof buf, "0x%x", opt); 4795 return buf; 4796 } 4797 4798 #ifdef INET6 4799 const char * 4800 sppp_ipv6cp_opt_name(u_char opt) 4801 { 4802 static char buf[12]; 4803 switch (opt) { 4804 case IPV6CP_OPT_IFID: return "ifid"; 4805 case IPV6CP_OPT_COMPRESSION: return "compression"; 4806 } 4807 snprintf (buf, sizeof buf, "0x%x", opt); 4808 return buf; 4809 } 4810 #endif 4811 4812 const char * 4813 sppp_state_name(int state) 4814 { 4815 switch (state) { 4816 case STATE_INITIAL: return "initial"; 4817 case STATE_STARTING: return "starting"; 4818 case STATE_CLOSED: return "closed"; 4819 case STATE_STOPPED: return "stopped"; 4820 case STATE_CLOSING: return "closing"; 4821 case STATE_STOPPING: return "stopping"; 4822 case STATE_REQ_SENT: return "req-sent"; 4823 case STATE_ACK_RCVD: return "ack-rcvd"; 4824 case STATE_ACK_SENT: return "ack-sent"; 4825 case STATE_OPENED: return "opened"; 4826 } 4827 return "illegal"; 4828 } 4829 4830 const char * 4831 sppp_phase_name(enum ppp_phase phase) 4832 { 4833 switch (phase) { 4834 case PHASE_DEAD: return "dead"; 4835 case PHASE_ESTABLISH: return "establish"; 4836 case PHASE_TERMINATE: return "terminate"; 4837 case PHASE_AUTHENTICATE: return "authenticate"; 4838 case PHASE_NETWORK: return "network"; 4839 } 4840 return "illegal"; 4841 } 4842 4843 const char * 4844 sppp_proto_name(u_short proto) 4845 { 4846 static char buf[12]; 4847 switch (proto) { 4848 case PPP_LCP: return "lcp"; 4849 case PPP_IPCP: return "ipcp"; 4850 case PPP_IPV6CP: return "ipv6cp"; 4851 case PPP_PAP: return "pap"; 4852 case PPP_CHAP: return "chap"; 4853 } 4854 snprintf(buf, sizeof buf, "0x%x", (unsigned)proto); 4855 return buf; 4856 } 4857 4858 void 4859 sppp_print_bytes(const u_char *p, u_short len) 4860 { 4861 addlog(" %02x", *p++); 4862 while (--len > 0) 4863 addlog("-%02x", *p++); 4864 } 4865 4866 void 4867 sppp_print_string(const char *p, u_short len) 4868 { 4869 u_char c; 4870 4871 while (len-- > 0) { 4872 c = *p++; 4873 /* 4874 * Print only ASCII chars directly. RFC 1994 recommends 4875 * using only them, but we don't rely on it. */ 4876 if (c < ' ' || c > '~') 4877 addlog("\\x%x", c); 4878 else 4879 addlog("%c", c); 4880 } 4881 } 4882 4883 const char * 4884 sppp_dotted_quad(u_int32_t addr) 4885 { 4886 static char s[16]; 4887 snprintf(s, sizeof s, "%d.%d.%d.%d", 4888 (int)((addr >> 24) & 0xff), 4889 (int)((addr >> 16) & 0xff), 4890 (int)((addr >> 8) & 0xff), 4891 (int)(addr & 0xff)); 4892 return s; 4893 } 4894 4895 /* a dummy, used to drop uninteresting events */ 4896 void 4897 sppp_null(struct sppp *unused) 4898 { 4899 /* do just nothing */ 4900 } 4901 4902 void 4903 sppp_set_phase(struct sppp *sp) 4904 { 4905 STDDCL; 4906 int lstate; 4907 4908 if (debug) 4909 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 4910 sppp_phase_name(sp->pp_phase)); 4911 4912 /* set link state */ 4913 if (sp->pp_phase == PHASE_NETWORK) 4914 lstate = LINK_STATE_UP; 4915 else 4916 lstate = LINK_STATE_DOWN; 4917 4918 if (ifp->if_link_state != lstate) { 4919 ifp->if_link_state = lstate; 4920 if_link_state_change(ifp); 4921 } 4922 } 4923 4924 void 4925 sppp_update_dns(struct ifnet *ifp) 4926 { 4927 struct rt_addrinfo info; 4928 struct sockaddr_rtdns rtdns; 4929 struct sppp *sp = ifp->if_softc; 4930 size_t sz = 0; 4931 int i, flag = 0; 4932 4933 memset(&rtdns, 0, sizeof(rtdns)); 4934 memset(&info, 0, sizeof(info)); 4935 4936 for (i = 0; i < IPCP_MAX_DNSSRV; i++) { 4937 if (sp->ipcp.dns[i].s_addr == INADDR_ANY) 4938 break; 4939 sz = sizeof(sp->ipcp.dns[i]); 4940 memcpy(rtdns.sr_dns + i * sz, &sp->ipcp.dns[i].s_addr, sz); 4941 flag = RTF_UP; 4942 } 4943 4944 rtdns.sr_family = AF_INET; 4945 rtdns.sr_len = 2 + i * sz; 4946 info.rti_info[RTAX_DNS] = srtdnstosa(&rtdns); 4947 4948 rtm_proposal(ifp, &info, flag, RTP_PROPOSAL_PPP); 4949 } 4950 4951 void 4952 sppp_rtrequest(struct ifnet *ifp, int req, struct rtentry *rt) 4953 { 4954 if (req == RTM_PROPOSAL) { 4955 KERNEL_LOCK(); 4956 sppp_update_dns(ifp); 4957 KERNEL_UNLOCK(); 4958 return; 4959 } 4960 4961 p2p_rtrequest(ifp, req, rt); 4962 } 4963