1 /* $OpenBSD: if_spppsubr.c,v 1.195 2025/01/15 06:15:44 dlg Exp $ */ 2 /* 3 * Synchronous PPP link level subroutines. 4 * 5 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 6 * Author: Serge Vakulenko, <vak@cronyx.ru> 7 * 8 * Heavily revamped to conform to RFC 1661. 9 * Copyright (C) 1997, Joerg Wunsch. 10 * 11 * RFC2472 IPv6CP support. 12 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun@iijlab.net>. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions are met: 16 * 1. Redistributions of source code must retain the above copyright notice, 17 * this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright notice, 19 * this list of conditions and the following disclaimer in the documentation 20 * and/or other materials provided with the distribution. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY 23 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE 26 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 29 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 32 * POSSIBILITY OF SUCH DAMAGE. 33 * 34 * From: Version 2.6, Tue May 12 17:10:39 MSD 1998 35 */ 36 37 #include <sys/param.h> 38 39 #include <sys/systm.h> 40 #include <sys/kernel.h> 41 #include <sys/sockio.h> 42 #include <sys/socket.h> 43 #include <sys/syslog.h> 44 #include <sys/malloc.h> 45 #include <sys/mbuf.h> 46 47 #include <sys/timeout.h> 48 #include <crypto/md5.h> 49 50 #include <net/if.h> 51 #include <net/if_var.h> 52 #include <net/netisr.h> 53 #include <net/if_types.h> 54 #include <net/route.h> 55 56 #include <sys/stdarg.h> 57 58 #include <netinet/in.h> 59 #include <netinet/in_var.h> 60 #include <netinet/ip.h> 61 62 #ifdef INET6 63 #include <netinet6/in6_ifattach.h> 64 #endif 65 66 #include <net/if_sppp.h> 67 68 # define UNTIMEOUT(fun, arg, handle) \ 69 timeout_del(&(handle)) 70 71 #define MAXALIVECNT 3 /* max. missed alive packets */ 72 #define NORECV_TIME 15 /* before we get worried */ 73 74 /* 75 * Interface flags that can be set in an ifconfig command. 76 * 77 * Setting link0 will make the link passive, i.e. it will be marked 78 * as being administrative openable, but won't be opened to begin 79 * with. Incoming calls will be answered, or subsequent calls with 80 * -link1 will cause the administrative open of the LCP layer. 81 * 82 * Setting link1 will cause the link to auto-dial only as packets 83 * arrive to be sent. 84 * 85 * Setting IFF_DEBUG will syslog the option negotiation and state 86 * transitions at level kern.debug. Note: all logs consistently look 87 * like 88 * 89 * <if-name><unit>: <proto-name> <additional info...> 90 * 91 * with <if-name><unit> being something like "bppp0", and <proto-name> 92 * being one of "lcp", "ipcp", "chap", "pap", etc. 93 */ 94 95 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 96 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 97 98 #define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 99 #define PPP_UI 0x03 /* Unnumbered Information */ 100 #define PPP_IP 0x0021 /* Internet Protocol */ 101 #define PPP_ISO 0x0023 /* ISO OSI Protocol */ 102 #define PPP_XNS 0x0025 /* Xerox NS Protocol */ 103 #define PPP_IPX 0x002b /* Novell IPX Protocol */ 104 #define PPP_IPV6 0x0057 /* Internet Protocol v6 */ 105 #define PPP_LCP 0xc021 /* Link Control Protocol */ 106 #define PPP_PAP 0xc023 /* Password Authentication Protocol */ 107 #define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 108 #define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 109 #define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 110 111 #define CONF_REQ 1 /* PPP configure request */ 112 #define CONF_ACK 2 /* PPP configure acknowledge */ 113 #define CONF_NAK 3 /* PPP configure negative ack */ 114 #define CONF_REJ 4 /* PPP configure reject */ 115 #define TERM_REQ 5 /* PPP terminate request */ 116 #define TERM_ACK 6 /* PPP terminate acknowledge */ 117 #define CODE_REJ 7 /* PPP code reject */ 118 #define PROTO_REJ 8 /* PPP protocol reject */ 119 #define ECHO_REQ 9 /* PPP echo request */ 120 #define ECHO_REPLY 10 /* PPP echo reply */ 121 #define DISC_REQ 11 /* PPP discard request */ 122 123 #define LCP_OPT_MRU 1 /* maximum receive unit */ 124 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 125 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 126 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 127 #define LCP_OPT_MAGIC 5 /* magic number */ 128 #define LCP_OPT_RESERVED 6 /* reserved */ 129 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 130 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 131 132 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 133 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 134 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 135 #define IPCP_OPT_PRIMDNS 129 /* primary remote dns address */ 136 #define IPCP_OPT_SECDNS 131 /* secondary remote dns address */ 137 138 /* bitmask value to enable or disable individual IPCP options */ 139 #define SPPP_IPCP_OPT_ADDRESSES 1 140 #define SPPP_IPCP_OPT_COMPRESSION 2 141 #define SPPP_IPCP_OPT_ADDRESS 3 142 #define SPPP_IPCP_OPT_PRIMDNS 4 143 #define SPPP_IPCP_OPT_SECDNS 5 144 145 #define IPV6CP_OPT_IFID 1 /* interface identifier */ 146 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 147 148 #define PAP_REQ 1 /* PAP name/password request */ 149 #define PAP_ACK 2 /* PAP acknowledge */ 150 #define PAP_NAK 3 /* PAP fail */ 151 152 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 153 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 154 #define CHAP_SUCCESS 3 /* CHAP response ok */ 155 #define CHAP_FAILURE 4 /* CHAP response failed */ 156 157 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 158 159 /* states are named and numbered according to RFC 1661 */ 160 #define STATE_INITIAL 0 161 #define STATE_STARTING 1 162 #define STATE_CLOSED 2 163 #define STATE_STOPPED 3 164 #define STATE_CLOSING 4 165 #define STATE_STOPPING 5 166 #define STATE_REQ_SENT 6 167 #define STATE_ACK_RCVD 7 168 #define STATE_ACK_SENT 8 169 #define STATE_OPENED 9 170 171 #define PKTHDRLEN 2 172 173 struct ppp_header { 174 u_char address; 175 u_char control; 176 u_short protocol; 177 }; 178 #define PPP_HEADER_LEN sizeof (struct ppp_header) 179 180 struct lcp_header { 181 u_char type; 182 u_char ident; 183 u_short len; 184 }; 185 #define LCP_HEADER_LEN sizeof (struct lcp_header) 186 187 /* 188 * We follow the spelling and capitalization of RFC 1661 here, to make 189 * it easier comparing with the standard. Please refer to this RFC in 190 * case you can't make sense out of these abbreviation; it will also 191 * explain the semantics related to the various events and actions. 192 */ 193 struct cp { 194 u_short proto; /* PPP control protocol number */ 195 u_char protoidx; /* index into state table in struct sppp */ 196 u_char flags; 197 #define CP_LCP 0x01 /* this is the LCP */ 198 #define CP_AUTH 0x02 /* this is an authentication protocol */ 199 #define CP_NCP 0x04 /* this is a NCP */ 200 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 201 const char *name; /* name of this control protocol */ 202 /* event handlers */ 203 void (*Up)(struct sppp *sp); 204 void (*Down)(struct sppp *sp); 205 void (*Open)(struct sppp *sp); 206 void (*Close)(struct sppp *sp); 207 void (*TO)(void *sp); 208 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 209 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 210 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 211 /* actions */ 212 void (*tlu)(struct sppp *sp); 213 void (*tld)(struct sppp *sp); 214 void (*tls)(struct sppp *sp); 215 void (*tlf)(struct sppp *sp); 216 void (*scr)(struct sppp *sp); 217 }; 218 219 static struct sppp *spppq; 220 static struct timeout keepalive_ch; 221 222 #define SPP_FMT "%s: " 223 #define SPP_ARGS(ifp) (ifp)->if_xname 224 225 /* almost every function needs these */ 226 #define STDDCL \ 227 struct ifnet *ifp = &sp->pp_if; \ 228 int debug = ifp->if_flags & IFF_DEBUG 229 230 int sppp_output(struct ifnet *ifp, struct mbuf *m, 231 struct sockaddr *dst, struct rtentry *rt); 232 233 void sppp_cp_input(const struct cp *cp, struct sppp *sp, 234 struct mbuf *m); 235 void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 236 u_char ident, u_short len, void *data); 237 void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 238 int newstate); 239 void sppp_auth_send(const struct cp *cp, 240 struct sppp *sp, unsigned int type, u_int id, 241 ...); 242 243 void sppp_up_event(const struct cp *cp, struct sppp *sp); 244 void sppp_down_event(const struct cp *cp, struct sppp *sp); 245 void sppp_open_event(const struct cp *cp, struct sppp *sp); 246 void sppp_close_event(const struct cp *cp, struct sppp *sp); 247 void sppp_increasing_timeout(const struct cp *cp, struct sppp *sp); 248 void sppp_to_event(const struct cp *cp, struct sppp *sp); 249 250 void sppp_null(struct sppp *sp); 251 252 void sppp_lcp_init(struct sppp *sp); 253 void sppp_lcp_up(struct sppp *sp); 254 void sppp_lcp_down(struct sppp *sp); 255 void sppp_lcp_open(struct sppp *sp); 256 void sppp_lcp_close(struct sppp *sp); 257 void sppp_lcp_TO(void *sp); 258 int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 259 void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 260 void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 261 void sppp_lcp_tlu(struct sppp *sp); 262 void sppp_lcp_tld(struct sppp *sp); 263 void sppp_lcp_tls(struct sppp *sp); 264 void sppp_lcp_tlf(struct sppp *sp); 265 void sppp_lcp_scr(struct sppp *sp); 266 void sppp_lcp_check_and_close(struct sppp *sp); 267 int sppp_ncp_check(struct sppp *sp); 268 269 void sppp_ipcp_init(struct sppp *sp); 270 void sppp_ipcp_destroy(struct sppp *sp); 271 void sppp_ipcp_up(struct sppp *sp); 272 void sppp_ipcp_down(struct sppp *sp); 273 void sppp_ipcp_open(struct sppp *sp); 274 void sppp_ipcp_close(struct sppp *sp); 275 void sppp_ipcp_TO(void *sp); 276 int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 277 void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 278 void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 279 void sppp_ipcp_tlu(struct sppp *sp); 280 void sppp_ipcp_tld(struct sppp *sp); 281 void sppp_ipcp_tls(struct sppp *sp); 282 void sppp_ipcp_tlf(struct sppp *sp); 283 void sppp_ipcp_scr(struct sppp *sp); 284 285 void sppp_ipv6cp_init(struct sppp *sp); 286 void sppp_ipv6cp_destroy(struct sppp *sp); 287 void sppp_ipv6cp_up(struct sppp *sp); 288 void sppp_ipv6cp_down(struct sppp *sp); 289 void sppp_ipv6cp_open(struct sppp *sp); 290 void sppp_ipv6cp_close(struct sppp *sp); 291 void sppp_ipv6cp_TO(void *sp); 292 int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 293 void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 294 void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 295 void sppp_ipv6cp_tlu(struct sppp *sp); 296 void sppp_ipv6cp_tld(struct sppp *sp); 297 void sppp_ipv6cp_tls(struct sppp *sp); 298 void sppp_ipv6cp_tlf(struct sppp *sp); 299 void sppp_ipv6cp_scr(struct sppp *sp); 300 const char *sppp_ipv6cp_opt_name(u_char opt); 301 void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 302 struct in6_addr *dst, struct in6_addr *srcmask); 303 void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src, const struct in6_addr *dst); 304 void sppp_update_ip6_addr(void *sp); 305 void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest); 306 307 void sppp_pap_input(struct sppp *sp, struct mbuf *m); 308 void sppp_pap_init(struct sppp *sp); 309 void sppp_pap_open(struct sppp *sp); 310 void sppp_pap_close(struct sppp *sp); 311 void sppp_pap_TO(void *sp); 312 void sppp_pap_my_TO(void *sp); 313 void sppp_pap_tlu(struct sppp *sp); 314 void sppp_pap_tld(struct sppp *sp); 315 void sppp_pap_scr(struct sppp *sp); 316 317 void sppp_chap_input(struct sppp *sp, struct mbuf *m); 318 void sppp_chap_init(struct sppp *sp); 319 void sppp_chap_open(struct sppp *sp); 320 void sppp_chap_close(struct sppp *sp); 321 void sppp_chap_TO(void *sp); 322 void sppp_chap_tlu(struct sppp *sp); 323 void sppp_chap_tld(struct sppp *sp); 324 void sppp_chap_scr(struct sppp *sp); 325 326 const char *sppp_auth_type_name(u_short proto, u_char type); 327 const char *sppp_cp_type_name(u_char type); 328 const char *sppp_dotted_quad(u_int32_t addr); 329 const char *sppp_ipcp_opt_name(u_char opt); 330 const char *sppp_lcp_opt_name(u_char opt); 331 const char *sppp_phase_name(enum ppp_phase phase); 332 const char *sppp_proto_name(u_short proto); 333 const char *sppp_state_name(int state); 334 int sppp_get_params(struct sppp *sp, struct ifreq *data); 335 int sppp_set_params(struct sppp *sp, struct ifreq *data); 336 void sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, 337 u_int32_t *srcmask); 338 void sppp_keepalive(void *dummy); 339 void sppp_phase_network(struct sppp *sp); 340 void sppp_print_bytes(const u_char *p, u_short len); 341 void sppp_print_string(const char *p, u_short len); 342 int sppp_update_gw_walker(struct rtentry *rt, void *arg, unsigned int id); 343 void sppp_update_gw(struct ifnet *ifp); 344 void sppp_set_ip_addrs(void *); 345 void sppp_clear_ip_addrs(void *); 346 void sppp_set_phase(struct sppp *sp); 347 void sppp_update_dns(struct ifnet *ifp); 348 void sppp_rtrequest(struct ifnet *ifp, int req, struct rtentry *rt); 349 350 /* our control protocol descriptors */ 351 static const struct cp lcp = { 352 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 353 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 354 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 355 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 356 sppp_lcp_scr 357 }; 358 359 static const struct cp ipcp = { 360 PPP_IPCP, IDX_IPCP, 361 CP_NCP, 362 "ipcp", 363 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 364 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 365 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 366 sppp_ipcp_scr 367 }; 368 369 static const struct cp ipv6cp = { 370 PPP_IPV6CP, IDX_IPV6CP, 371 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 372 CP_NCP, 373 #else 374 0, 375 #endif 376 "ipv6cp", 377 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 378 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 379 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 380 sppp_ipv6cp_scr 381 }; 382 383 static const struct cp pap = { 384 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 385 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 386 sppp_pap_TO, 0, 0, 0, 387 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 388 sppp_pap_scr 389 }; 390 391 static const struct cp chap = { 392 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 393 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 394 sppp_chap_TO, 0, 0, 0, 395 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 396 sppp_chap_scr 397 }; 398 399 static const struct cp *cps[IDX_COUNT] = { 400 &lcp, /* IDX_LCP */ 401 &ipcp, /* IDX_IPCP */ 402 &ipv6cp, /* IDX_IPV6CP */ 403 &pap, /* IDX_PAP */ 404 &chap, /* IDX_CHAP */ 405 }; 406 407 408 /* 409 * Exported functions, comprising our interface to the lower layer. 410 */ 411 412 /* Workaround */ 413 void 414 spppattach(struct ifnet *ifp) 415 { 416 } 417 418 int 419 sppp_proto_up(struct ifnet *ifp, uint16_t proto) 420 { 421 struct sppp *sp = (struct sppp *)ifp; 422 int af = AF_UNSPEC; 423 424 switch (ntohs(proto)) { 425 case PPP_IP: 426 if (sp->state[IDX_IPCP] == STATE_OPENED) 427 af = AF_INET; 428 break; 429 #ifdef INET6 430 case PPP_IPV6: 431 if (sp->state[IDX_IPV6CP] == STATE_OPENED) 432 af = AF_INET6; 433 break; 434 #endif 435 default: 436 break; 437 } 438 439 return (af); 440 } 441 442 /* 443 * Process the received packet. 444 */ 445 void 446 sppp_input(struct ifnet *ifp, struct mbuf *m) 447 { 448 struct ppp_header ht; 449 struct sppp *sp = (struct sppp *)ifp; 450 struct timeval tv; 451 int debug = ifp->if_flags & IFF_DEBUG; 452 453 getmicrouptime(&tv); 454 455 if (ifp->if_flags & IFF_UP) { 456 /* Count received bytes, add hardware framing */ 457 ifp->if_ibytes += m->m_pkthdr.len + sp->pp_framebytes; 458 /* Note time of last receive */ 459 sp->pp_last_receive = tv.tv_sec; 460 } 461 462 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 463 /* Too small packet, drop it. */ 464 if (debug) 465 log(LOG_DEBUG, 466 SPP_FMT "input packet is too small, %d bytes\n", 467 SPP_ARGS(ifp), m->m_pkthdr.len); 468 drop: 469 m_freem (m); 470 ++ifp->if_ierrors; 471 ++ifp->if_iqdrops; 472 return; 473 } 474 475 /* mark incoming routing domain */ 476 m->m_pkthdr.ph_rtableid = ifp->if_rdomain; 477 478 m_copydata(m, 0, sizeof(ht.protocol), (caddr_t)&ht.protocol); 479 m_adj(m, 2); 480 ht.control = PPP_UI; 481 ht.address = PPP_ALLSTATIONS; 482 483 /* preserve the alignment */ 484 if (m->m_len < m->m_pkthdr.len) { 485 m = m_pullup(m, m->m_pkthdr.len); 486 if (m == NULL) { 487 if (debug) 488 log(LOG_DEBUG, 489 SPP_FMT "Failed to align packet!\n", SPP_ARGS(ifp)); 490 ++ifp->if_ierrors; 491 ++ifp->if_iqdrops; 492 return; 493 } 494 } 495 496 switch (ht.address) { 497 case PPP_ALLSTATIONS: 498 if (ht.control != PPP_UI) 499 goto invalid; 500 switch (ntohs (ht.protocol)) { 501 default: 502 if (sp->state[IDX_LCP] == STATE_OPENED) 503 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 504 ++sp->pp_seq, 2, &ht.protocol); 505 if (debug) 506 log(LOG_DEBUG, 507 SPP_FMT "invalid input protocol " 508 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 509 SPP_ARGS(ifp), 510 ht.address, ht.control, ntohs(ht.protocol)); 511 ++ifp->if_noproto; 512 goto drop; 513 case PPP_LCP: 514 sppp_cp_input(&lcp, sp, m); 515 m_freem (m); 516 return; 517 case PPP_PAP: 518 if (sp->pp_phase >= PHASE_AUTHENTICATE) 519 sppp_pap_input(sp, m); 520 m_freem (m); 521 return; 522 case PPP_CHAP: 523 if (sp->pp_phase >= PHASE_AUTHENTICATE) 524 sppp_chap_input(sp, m); 525 m_freem (m); 526 return; 527 case PPP_IPCP: 528 if (sp->pp_phase == PHASE_NETWORK) 529 sppp_cp_input(&ipcp, sp, m); 530 m_freem (m); 531 return; 532 case PPP_IP: 533 if (sp->state[IDX_IPCP] == STATE_OPENED) { 534 sp->pp_last_activity = tv.tv_sec; 535 if (ifp->if_flags & IFF_UP) { 536 ipv4_input(ifp, m); 537 return; 538 } 539 } 540 break; 541 #ifdef INET6 542 case PPP_IPV6CP: 543 if (sp->pp_phase == PHASE_NETWORK) 544 sppp_cp_input(&ipv6cp, sp, m); 545 m_freem (m); 546 return; 547 case PPP_IPV6: 548 if (sp->state[IDX_IPV6CP] == STATE_OPENED) { 549 sp->pp_last_activity = tv.tv_sec; 550 if (ifp->if_flags & IFF_UP) { 551 ipv6_input(ifp, m); 552 return; 553 } 554 } 555 break; 556 #endif 557 } 558 break; 559 default: /* Invalid PPP packet. */ 560 invalid: 561 if (debug) 562 log(LOG_DEBUG, 563 SPP_FMT "invalid input packet " 564 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 565 SPP_ARGS(ifp), 566 ht.address, ht.control, ntohs(ht.protocol)); 567 goto drop; 568 } 569 570 goto drop; 571 } 572 573 /* 574 * Enqueue transmit packet. 575 */ 576 int 577 sppp_output(struct ifnet *ifp, struct mbuf *m, 578 struct sockaddr *dst, struct rtentry *rt) 579 { 580 struct sppp *sp = (struct sppp*) ifp; 581 struct timeval tv; 582 int s, rv = 0; 583 u_int16_t protocol; 584 585 #ifdef DIAGNOSTIC 586 if (ifp->if_rdomain != rtable_l2(m->m_pkthdr.ph_rtableid)) { 587 printf("%s: trying to send packet on wrong domain. " 588 "if %d vs. mbuf %d, AF %d\n", ifp->if_xname, 589 ifp->if_rdomain, rtable_l2(m->m_pkthdr.ph_rtableid), 590 dst->sa_family); 591 } 592 #endif 593 594 s = splnet(); 595 596 getmicrouptime(&tv); 597 sp->pp_last_activity = tv.tv_sec; 598 599 if ((ifp->if_flags & IFF_UP) == 0 || 600 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 601 m_freem (m); 602 splx (s); 603 return (ENETDOWN); 604 } 605 606 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 607 /* 608 * Interface is not yet running, but auto-dial. Need 609 * to start LCP for it. 610 */ 611 ifp->if_flags |= IFF_RUNNING; 612 splx(s); 613 lcp.Open(sp); 614 s = splnet(); 615 } 616 617 if (dst->sa_family == AF_INET) { 618 struct ip *ip = NULL; 619 620 if (m->m_len >= sizeof(struct ip)) 621 ip = mtod(m, struct ip *); 622 623 /* 624 * When using dynamic local IP address assignment by using 625 * 0.0.0.0 as a local address, the first TCP session will 626 * not connect because the local TCP checksum is computed 627 * using 0.0.0.0 which will later become our real IP address 628 * so the TCP checksum computed at the remote end will 629 * become invalid. So we 630 * - don't let packets with src ip addr 0 thru 631 * - we flag TCP packets with src ip 0 as an error 632 */ 633 634 if (ip && ip->ip_src.s_addr == INADDR_ANY) { 635 u_int8_t proto = ip->ip_p; 636 637 m_freem(m); 638 splx(s); 639 if (proto == IPPROTO_TCP) 640 return (EADDRNOTAVAIL); 641 else 642 return (0); 643 } 644 } 645 646 switch (dst->sa_family) { 647 case AF_INET: /* Internet Protocol */ 648 /* 649 * Don't choke with an ENETDOWN early. It's 650 * possible that we just started dialing out, 651 * so don't drop the packet immediately. If 652 * we notice that we run out of buffer space 653 * below, we will however remember that we are 654 * not ready to carry IP packets, and return 655 * ENETDOWN, as opposed to ENOBUFS. 656 */ 657 protocol = htons(PPP_IP); 658 if (sp->state[IDX_IPCP] != STATE_OPENED) 659 rv = ENETDOWN; 660 break; 661 #ifdef INET6 662 case AF_INET6: /* Internet Protocol v6 */ 663 /* 664 * Don't choke with an ENETDOWN early. It's 665 * possible that we just started dialing out, 666 * so don't drop the packet immediately. If 667 * we notice that we run out of buffer space 668 * below, we will however remember that we are 669 * not ready to carry IPv6 packets, and return 670 * ENETDOWN, as opposed to ENOBUFS. 671 */ 672 protocol = htons(PPP_IPV6); 673 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 674 rv = ENETDOWN; 675 break; 676 #endif 677 default: 678 m_freem(m); 679 ++ifp->if_oerrors; 680 splx(s); 681 return (EAFNOSUPPORT); 682 } 683 684 M_PREPEND(m, 2, M_DONTWAIT); 685 if (m == NULL) { 686 if (ifp->if_flags & IFF_DEBUG) 687 log(LOG_DEBUG, SPP_FMT 688 "no memory for transmit header\n", 689 SPP_ARGS(ifp)); 690 ++ifp->if_oerrors; 691 splx(s); 692 return (rv ? rv : ENOBUFS); 693 } 694 *mtod(m, u_int16_t *) = protocol; 695 696 /* 697 * Queue message on interface, and start output if interface 698 * not yet active. 699 */ 700 rv = if_enqueue(ifp, m); 701 if (rv != 0) { 702 ifp->if_oerrors++; 703 splx(s); 704 return (rv); 705 } 706 707 /* 708 * Count output packets and bytes. 709 * The packet length includes header, FCS and 1 flag, 710 * according to RFC 1333. 711 */ 712 ifp->if_obytes += sp->pp_framebytes; 713 splx(s); 714 715 return (0); 716 } 717 718 void 719 sppp_attach(struct ifnet *ifp) 720 { 721 struct sppp *sp = (struct sppp*) ifp; 722 int i; 723 724 /* Initialize keepalive handler. */ 725 if (! spppq) { 726 timeout_set_proc(&keepalive_ch, sppp_keepalive, NULL); 727 timeout_add_sec(&keepalive_ch, 10); 728 } 729 730 /* Insert new entry into the keepalive list. */ 731 sp->pp_next = spppq; 732 spppq = sp; 733 734 sp->pp_if.if_type = IFT_PPP; 735 sp->pp_if.if_output = sppp_output; 736 sp->pp_if.if_rtrequest = sppp_rtrequest; 737 ifq_init_maxlen(&sp->pp_if.if_snd, 50); 738 mq_init(&sp->pp_cpq, 50, IPL_NET); 739 sp->pp_loopcnt = 0; 740 sp->pp_alivecnt = 0; 741 sp->pp_last_activity = 0; 742 sp->pp_last_receive = 0; 743 sp->pp_seq = 0; 744 sp->pp_rseq = 0; 745 sp->pp_phase = PHASE_DEAD; 746 sp->pp_up = lcp.Up; 747 sp->pp_down = lcp.Down; 748 749 for (i = 0; i < IDX_COUNT; i++) 750 timeout_set(&sp->ch[i], (cps[i])->TO, (void *)sp); 751 timeout_set(&sp->pap_my_to_ch, sppp_pap_my_TO, (void *)sp); 752 753 sppp_lcp_init(sp); 754 sppp_ipcp_init(sp); 755 sppp_ipv6cp_init(sp); 756 sppp_pap_init(sp); 757 sppp_chap_init(sp); 758 } 759 760 void 761 sppp_detach(struct ifnet *ifp) 762 { 763 struct sppp **q, *p, *sp = (struct sppp*) ifp; 764 int i; 765 766 sppp_ipcp_destroy(sp); 767 sppp_ipv6cp_destroy(sp); 768 769 /* Remove the entry from the keepalive list. */ 770 for (q = &spppq; (p = *q); q = &p->pp_next) 771 if (p == sp) { 772 *q = p->pp_next; 773 break; 774 } 775 776 /* Stop keepalive handler. */ 777 if (! spppq) 778 UNTIMEOUT(sppp_keepalive, 0, keepalive_ch); 779 780 for (i = 0; i < IDX_COUNT; i++) 781 UNTIMEOUT((cps[i])->TO, (void *)sp, sp->ch[i]); 782 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 783 784 /* release authentication data */ 785 if (sp->myauth.name != NULL) 786 free(sp->myauth.name, M_DEVBUF, strlen(sp->myauth.name) + 1); 787 if (sp->myauth.secret != NULL) 788 free(sp->myauth.secret, M_DEVBUF, 789 strlen(sp->myauth.secret) + 1); 790 if (sp->hisauth.name != NULL) 791 free(sp->hisauth.name, M_DEVBUF, strlen(sp->hisauth.name) + 1); 792 if (sp->hisauth.secret != NULL) 793 free(sp->hisauth.secret, M_DEVBUF, 794 strlen(sp->hisauth.secret) + 1); 795 } 796 797 /* 798 * Flush the interface output queue. 799 */ 800 void 801 sppp_flush(struct ifnet *ifp) 802 { 803 struct sppp *sp = (struct sppp*) ifp; 804 805 ifq_purge(&sp->pp_if.if_snd); 806 mq_purge(&sp->pp_cpq); 807 } 808 809 /* 810 * Check if the output queue is empty. 811 */ 812 int 813 sppp_isempty(struct ifnet *ifp) 814 { 815 struct sppp *sp = (struct sppp*) ifp; 816 int empty, s; 817 818 s = splnet(); 819 empty = mq_empty(&sp->pp_cpq) && ifq_empty(&sp->pp_if.if_snd); 820 splx(s); 821 return (empty); 822 } 823 824 /* 825 * Get next packet to send. 826 */ 827 struct mbuf * 828 sppp_dequeue(struct ifnet *ifp) 829 { 830 struct sppp *sp = (struct sppp*) ifp; 831 struct mbuf *m; 832 int s; 833 834 s = splnet(); 835 /* 836 * Process only the control protocol queue until we have at 837 * least one NCP open. 838 */ 839 m = mq_dequeue(&sp->pp_cpq); 840 if (m == NULL && sppp_ncp_check(sp)) { 841 m = ifq_dequeue(&sp->pp_if.if_snd); 842 } 843 splx(s); 844 return m; 845 } 846 847 /* 848 * Process an ioctl request. Called on low priority level. 849 */ 850 int 851 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) 852 { 853 struct ifreq *ifr = data; 854 struct sppp *sp = (struct sppp*) ifp; 855 int s, rv, going_up, going_down, newmode; 856 857 s = splnet(); 858 rv = 0; 859 switch (cmd) { 860 case SIOCSIFDSTADDR: 861 break; 862 863 case SIOCSIFADDR: 864 if_up(ifp); 865 /* FALLTHROUGH */ 866 867 case SIOCSIFFLAGS: 868 going_up = (ifp->if_flags & IFF_UP) && 869 (ifp->if_flags & IFF_RUNNING) == 0; 870 going_down = (ifp->if_flags & IFF_UP) == 0 && 871 (ifp->if_flags & IFF_RUNNING); 872 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 873 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 874 /* sanity */ 875 newmode = IFF_PASSIVE; 876 ifp->if_flags &= ~IFF_AUTO; 877 } 878 879 if (going_up || going_down) 880 lcp.Close(sp); 881 882 if (going_up && newmode == 0) { 883 /* neither auto-dial nor passive */ 884 ifp->if_flags |= IFF_RUNNING; 885 lcp.Open(sp); 886 } else if (going_down) { 887 sppp_flush(ifp); 888 ifp->if_flags &= ~IFF_RUNNING; 889 } 890 break; 891 892 case SIOCSIFMTU: 893 if (ifr->ifr_mtu < 128 || 894 (sp->lcp.their_mru > 0 && 895 ifr->ifr_mtu > sp->lcp.their_mru)) { 896 splx(s); 897 return (EINVAL); 898 } 899 ifp->if_mtu = ifr->ifr_mtu; 900 break; 901 case SIOCADDMULTI: 902 case SIOCDELMULTI: 903 break; 904 905 case SIOCGSPPPPARAMS: 906 rv = sppp_get_params(sp, ifr); 907 break; 908 909 case SIOCSSPPPPARAMS: 910 if ((rv = suser(curproc)) != 0) 911 break; 912 rv = sppp_set_params(sp, ifr); 913 break; 914 915 default: 916 rv = ENOTTY; 917 } 918 splx(s); 919 return rv; 920 } 921 922 /* 923 * PPP protocol implementation. 924 */ 925 926 /* 927 * Send PPP control protocol packet. 928 */ 929 void 930 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 931 u_char ident, u_short len, void *data) 932 { 933 STDDCL; 934 int s; 935 struct lcp_header *lh; 936 struct mbuf *m; 937 938 if (len > MHLEN - PKTHDRLEN - LCP_HEADER_LEN) 939 len = MHLEN - PKTHDRLEN - LCP_HEADER_LEN; 940 MGETHDR (m, M_DONTWAIT, MT_DATA); 941 if (! m) 942 return; 943 m->m_pkthdr.len = m->m_len = PKTHDRLEN + LCP_HEADER_LEN + len; 944 m->m_pkthdr.ph_ifidx = 0; 945 m->m_pkthdr.pf.prio = sp->pp_if.if_llprio; 946 947 *mtod(m, u_int16_t *) = htons(proto); 948 lh = (struct lcp_header *)(mtod(m, u_int8_t *) + 2); 949 lh->type = type; 950 lh->ident = ident; 951 lh->len = htons (LCP_HEADER_LEN + len); 952 if (len) 953 bcopy (data, lh+1, len); 954 955 if (debug) { 956 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 957 SPP_ARGS(ifp), 958 sppp_proto_name(proto), 959 sppp_cp_type_name (lh->type), lh->ident, 960 ntohs (lh->len)); 961 if (len) 962 sppp_print_bytes ((u_char*) (lh+1), len); 963 addlog(">\n"); 964 } 965 966 len = m->m_pkthdr.len + sp->pp_framebytes; 967 if (mq_enqueue(&sp->pp_cpq, m) != 0) { 968 ifp->if_oerrors++; 969 return; 970 } 971 972 ifp->if_obytes += len; 973 s = splnet(); 974 if_start(ifp); 975 splx(s); 976 } 977 978 /* 979 * Handle incoming PPP control protocol packets. 980 */ 981 void 982 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 983 { 984 STDDCL; 985 struct lcp_header *h; 986 int len = m->m_pkthdr.len; 987 int rv; 988 u_char *p; 989 u_long nmagic; 990 991 if (len < 4) { 992 if (debug) 993 log(LOG_DEBUG, 994 SPP_FMT "%s invalid packet length: %d bytes\n", 995 SPP_ARGS(ifp), cp->name, len); 996 return; 997 } 998 h = mtod (m, struct lcp_header*); 999 if (debug) { 1000 log(LOG_DEBUG, 1001 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1002 SPP_ARGS(ifp), cp->name, 1003 sppp_state_name(sp->state[cp->protoidx]), 1004 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1005 if (len > 4) 1006 sppp_print_bytes ((u_char*) (h+1), len-4); 1007 addlog(">\n"); 1008 } 1009 if (len > ntohs (h->len)) 1010 len = ntohs (h->len); 1011 p = (u_char *)(h + 1); 1012 switch (h->type) { 1013 case CONF_REQ: 1014 if (len < 4) { 1015 if (debug) 1016 addlog(SPP_FMT "%s invalid conf-req length %d\n", 1017 SPP_ARGS(ifp), cp->name, 1018 len); 1019 ++ifp->if_ierrors; 1020 break; 1021 } 1022 /* handle states where RCR doesn't get a SCA/SCN */ 1023 switch (sp->state[cp->protoidx]) { 1024 case STATE_CLOSING: 1025 case STATE_STOPPING: 1026 return; 1027 case STATE_CLOSED: 1028 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1029 0, 0); 1030 return; 1031 } 1032 rv = (cp->RCR)(sp, h, len); 1033 /* silently drop illegal packets */ 1034 if (rv == -1) 1035 return; 1036 switch (sp->state[cp->protoidx]) { 1037 case STATE_OPENED: 1038 sppp_cp_change_state(cp, sp, rv? 1039 STATE_ACK_SENT: STATE_REQ_SENT); 1040 (cp->tld)(sp); 1041 (cp->scr)(sp); 1042 break; 1043 case STATE_ACK_SENT: 1044 case STATE_REQ_SENT: 1045 sppp_cp_change_state(cp, sp, rv? 1046 STATE_ACK_SENT: STATE_REQ_SENT); 1047 break; 1048 case STATE_STOPPED: 1049 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1050 sppp_cp_change_state(cp, sp, rv? 1051 STATE_ACK_SENT: STATE_REQ_SENT); 1052 (cp->scr)(sp); 1053 break; 1054 case STATE_ACK_RCVD: 1055 if (rv) { 1056 sppp_cp_change_state(cp, sp, STATE_OPENED); 1057 if (debug) 1058 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1059 SPP_ARGS(ifp), 1060 cp->name); 1061 (cp->tlu)(sp); 1062 } else 1063 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1064 break; 1065 default: 1066 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1067 SPP_ARGS(ifp), cp->name, 1068 sppp_cp_type_name(h->type), 1069 sppp_state_name(sp->state[cp->protoidx])); */ 1070 ++ifp->if_ierrors; 1071 } 1072 break; 1073 case CONF_ACK: 1074 if (h->ident != sp->confid[cp->protoidx]) { 1075 if (debug) 1076 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1077 SPP_ARGS(ifp), cp->name, 1078 h->ident, sp->confid[cp->protoidx]); 1079 ++ifp->if_ierrors; 1080 break; 1081 } 1082 switch (sp->state[cp->protoidx]) { 1083 case STATE_CLOSED: 1084 case STATE_STOPPED: 1085 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1086 break; 1087 case STATE_CLOSING: 1088 case STATE_STOPPING: 1089 break; 1090 case STATE_REQ_SENT: 1091 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1092 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1093 break; 1094 case STATE_OPENED: 1095 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1096 (cp->tld)(sp); 1097 (cp->scr)(sp); 1098 break; 1099 case STATE_ACK_RCVD: 1100 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1101 (cp->scr)(sp); 1102 break; 1103 case STATE_ACK_SENT: 1104 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1105 sppp_cp_change_state(cp, sp, STATE_OPENED); 1106 if (debug) 1107 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1108 SPP_ARGS(ifp), cp->name); 1109 (cp->tlu)(sp); 1110 break; 1111 default: 1112 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1113 SPP_ARGS(ifp), cp->name, 1114 sppp_cp_type_name(h->type), 1115 sppp_state_name(sp->state[cp->protoidx])); */ 1116 ++ifp->if_ierrors; 1117 } 1118 break; 1119 case CONF_NAK: 1120 case CONF_REJ: 1121 if (h->ident != sp->confid[cp->protoidx]) { 1122 if (debug) 1123 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1124 SPP_ARGS(ifp), cp->name, 1125 h->ident, sp->confid[cp->protoidx]); 1126 ++ifp->if_ierrors; 1127 break; 1128 } 1129 if (h->type == CONF_NAK) 1130 (cp->RCN_nak)(sp, h, len); 1131 else /* CONF_REJ */ 1132 (cp->RCN_rej)(sp, h, len); 1133 1134 switch (sp->state[cp->protoidx]) { 1135 case STATE_CLOSED: 1136 case STATE_STOPPED: 1137 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1138 break; 1139 case STATE_REQ_SENT: 1140 case STATE_ACK_SENT: 1141 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1142 (cp->scr)(sp); 1143 break; 1144 case STATE_OPENED: 1145 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1146 (cp->tld)(sp); 1147 (cp->scr)(sp); 1148 break; 1149 case STATE_ACK_RCVD: 1150 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1151 (cp->scr)(sp); 1152 break; 1153 case STATE_CLOSING: 1154 case STATE_STOPPING: 1155 break; 1156 default: 1157 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1158 SPP_ARGS(ifp), cp->name, 1159 sppp_cp_type_name(h->type), 1160 sppp_state_name(sp->state[cp->protoidx])); */ 1161 ++ifp->if_ierrors; 1162 } 1163 break; 1164 1165 case TERM_REQ: 1166 switch (sp->state[cp->protoidx]) { 1167 case STATE_ACK_RCVD: 1168 case STATE_ACK_SENT: 1169 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1170 /* FALLTHROUGH */ 1171 case STATE_CLOSED: 1172 case STATE_STOPPED: 1173 case STATE_CLOSING: 1174 case STATE_STOPPING: 1175 case STATE_REQ_SENT: 1176 sta: 1177 /* Send Terminate-Ack packet. */ 1178 if (debug) 1179 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1180 SPP_ARGS(ifp), cp->name); 1181 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1182 break; 1183 case STATE_OPENED: 1184 sp->rst_counter[cp->protoidx] = 0; 1185 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1186 (cp->tld)(sp); 1187 goto sta; 1188 break; 1189 default: 1190 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1191 SPP_ARGS(ifp), cp->name, 1192 sppp_cp_type_name(h->type), 1193 sppp_state_name(sp->state[cp->protoidx])); */ 1194 ++ifp->if_ierrors; 1195 } 1196 break; 1197 case TERM_ACK: 1198 switch (sp->state[cp->protoidx]) { 1199 case STATE_CLOSED: 1200 case STATE_STOPPED: 1201 case STATE_REQ_SENT: 1202 case STATE_ACK_SENT: 1203 break; 1204 case STATE_CLOSING: 1205 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1206 (cp->tlf)(sp); 1207 break; 1208 case STATE_STOPPING: 1209 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1210 (cp->tlf)(sp); 1211 break; 1212 case STATE_ACK_RCVD: 1213 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1214 break; 1215 case STATE_OPENED: 1216 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1217 (cp->tld)(sp); 1218 (cp->scr)(sp); 1219 break; 1220 default: 1221 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1222 SPP_ARGS(ifp), cp->name, 1223 sppp_cp_type_name(h->type), 1224 sppp_state_name(sp->state[cp->protoidx])); */ 1225 ++ifp->if_ierrors; 1226 } 1227 break; 1228 case CODE_REJ: 1229 case PROTO_REJ: 1230 { 1231 int catastrophic = 0; 1232 const struct cp *upper = NULL; 1233 int i; 1234 u_int16_t proto; 1235 1236 if (len < 2) { 1237 if (debug) 1238 log(LOG_DEBUG, SPP_FMT "invalid proto-rej length\n", 1239 SPP_ARGS(ifp)); 1240 ++ifp->if_ierrors; 1241 break; 1242 } 1243 1244 proto = ntohs(*((u_int16_t *)p)); 1245 for (i = 0; i < IDX_COUNT; i++) { 1246 if (cps[i]->proto == proto) { 1247 upper = cps[i]; 1248 break; 1249 } 1250 } 1251 if (upper == NULL) 1252 catastrophic++; 1253 1254 if (catastrophic || debug) 1255 log(catastrophic? LOG_INFO: LOG_DEBUG, 1256 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1257 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1258 sppp_cp_type_name(h->type), proto, 1259 upper ? upper->name : "unknown", 1260 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1261 1262 /* 1263 * if we got RXJ+ against conf-req, the peer does not implement 1264 * this particular protocol type. terminate the protocol. 1265 */ 1266 if (upper) { 1267 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1268 upper->Close(sp); 1269 break; 1270 } 1271 } 1272 1273 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1274 switch (sp->state[cp->protoidx]) { 1275 case STATE_CLOSED: 1276 case STATE_STOPPED: 1277 case STATE_REQ_SENT: 1278 case STATE_ACK_SENT: 1279 case STATE_CLOSING: 1280 case STATE_STOPPING: 1281 case STATE_OPENED: 1282 break; 1283 case STATE_ACK_RCVD: 1284 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1285 break; 1286 default: 1287 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1288 SPP_ARGS(ifp), cp->name, 1289 sppp_cp_type_name(h->type), 1290 sppp_state_name(sp->state[cp->protoidx])); */ 1291 ++ifp->if_ierrors; 1292 } 1293 break; 1294 } 1295 case DISC_REQ: 1296 if (cp->proto != PPP_LCP) 1297 goto illegal; 1298 /* Discard the packet. */ 1299 break; 1300 case ECHO_REQ: 1301 if (cp->proto != PPP_LCP) 1302 goto illegal; 1303 if (sp->state[cp->protoidx] != STATE_OPENED) { 1304 if (debug) 1305 addlog(SPP_FMT "lcp echo req but lcp closed\n", 1306 SPP_ARGS(ifp)); 1307 ++ifp->if_ierrors; 1308 break; 1309 } 1310 if (len < 8) { 1311 if (debug) 1312 addlog(SPP_FMT "invalid lcp echo request " 1313 "packet length: %d bytes\n", 1314 SPP_ARGS(ifp), len); 1315 break; 1316 } 1317 1318 nmagic = (u_long)p[0] << 24 | 1319 (u_long)p[1] << 16 | p[2] << 8 | p[3]; 1320 1321 if (nmagic == sp->lcp.magic) { 1322 /* Line loopback mode detected. */ 1323 log(LOG_INFO, SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1324 /* Shut down the PPP link. */ 1325 lcp.Close(sp); 1326 break; 1327 } 1328 1329 p[0] = sp->lcp.magic >> 24; 1330 p[1] = sp->lcp.magic >> 16; 1331 p[2] = sp->lcp.magic >> 8; 1332 p[3] = sp->lcp.magic; 1333 1334 if (debug) 1335 addlog(SPP_FMT "got lcp echo req, sending echo rep\n", 1336 SPP_ARGS(ifp)); 1337 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1338 break; 1339 case ECHO_REPLY: 1340 if (cp->proto != PPP_LCP) 1341 goto illegal; 1342 if (h->ident != sp->lcp.echoid) { 1343 ++ifp->if_ierrors; 1344 break; 1345 } 1346 if (len < 8) { 1347 if (debug) 1348 addlog(SPP_FMT "lcp invalid echo reply " 1349 "packet length: %d bytes\n", 1350 SPP_ARGS(ifp), len); 1351 break; 1352 } 1353 if (debug) 1354 addlog(SPP_FMT "lcp got echo rep\n", 1355 SPP_ARGS(ifp)); 1356 1357 nmagic = (u_long)p[0] << 24 | 1358 (u_long)p[1] << 16 | p[2] << 8 | p[3]; 1359 1360 if (nmagic != sp->lcp.magic) 1361 sp->pp_alivecnt = 0; 1362 break; 1363 default: 1364 /* Unknown packet type -- send Code-Reject packet. */ 1365 illegal: 1366 if (debug) 1367 addlog(SPP_FMT "%s send code-rej for 0x%x\n", 1368 SPP_ARGS(ifp), cp->name, h->type); 1369 sppp_cp_send(sp, cp->proto, CODE_REJ, ++sp->pp_seq, 1370 m->m_pkthdr.len, h); 1371 ++ifp->if_ierrors; 1372 } 1373 } 1374 1375 1376 /* 1377 * The generic part of all Up/Down/Open/Close/TO event handlers. 1378 * Basically, the state transition handling in the automaton. 1379 */ 1380 void 1381 sppp_up_event(const struct cp *cp, struct sppp *sp) 1382 { 1383 STDDCL; 1384 1385 if (debug) 1386 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1387 SPP_ARGS(ifp), cp->name, 1388 sppp_state_name(sp->state[cp->protoidx])); 1389 1390 switch (sp->state[cp->protoidx]) { 1391 case STATE_INITIAL: 1392 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1393 break; 1394 case STATE_STARTING: 1395 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1396 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1397 (cp->scr)(sp); 1398 break; 1399 default: 1400 /* printf(SPP_FMT "%s illegal up in state %s\n", 1401 SPP_ARGS(ifp), cp->name, 1402 sppp_state_name(sp->state[cp->protoidx])); */ 1403 break; 1404 } 1405 } 1406 1407 void 1408 sppp_down_event(const struct cp *cp, struct sppp *sp) 1409 { 1410 STDDCL; 1411 1412 if (debug) 1413 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1414 SPP_ARGS(ifp), cp->name, 1415 sppp_state_name(sp->state[cp->protoidx])); 1416 1417 switch (sp->state[cp->protoidx]) { 1418 case STATE_CLOSED: 1419 case STATE_CLOSING: 1420 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1421 break; 1422 case STATE_STOPPED: 1423 sppp_cp_change_state(cp, sp, STATE_STARTING); 1424 (cp->tls)(sp); 1425 break; 1426 case STATE_STOPPING: 1427 case STATE_REQ_SENT: 1428 case STATE_ACK_RCVD: 1429 case STATE_ACK_SENT: 1430 sppp_cp_change_state(cp, sp, STATE_STARTING); 1431 break; 1432 case STATE_OPENED: 1433 sppp_cp_change_state(cp, sp, STATE_STARTING); 1434 (cp->tld)(sp); 1435 break; 1436 default: 1437 /* printf(SPP_FMT "%s illegal down in state %s\n", 1438 SPP_ARGS(ifp), cp->name, 1439 sppp_state_name(sp->state[cp->protoidx])); */ 1440 break; 1441 } 1442 } 1443 1444 1445 void 1446 sppp_open_event(const struct cp *cp, struct sppp *sp) 1447 { 1448 STDDCL; 1449 1450 if (debug) 1451 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1452 SPP_ARGS(ifp), cp->name, 1453 sppp_state_name(sp->state[cp->protoidx])); 1454 1455 switch (sp->state[cp->protoidx]) { 1456 case STATE_INITIAL: 1457 sppp_cp_change_state(cp, sp, STATE_STARTING); 1458 (cp->tls)(sp); 1459 break; 1460 case STATE_STARTING: 1461 break; 1462 case STATE_CLOSED: 1463 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1464 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1465 (cp->scr)(sp); 1466 break; 1467 case STATE_STOPPED: 1468 case STATE_STOPPING: 1469 case STATE_REQ_SENT: 1470 case STATE_ACK_RCVD: 1471 case STATE_ACK_SENT: 1472 case STATE_OPENED: 1473 break; 1474 case STATE_CLOSING: 1475 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1476 break; 1477 } 1478 } 1479 1480 1481 void 1482 sppp_close_event(const struct cp *cp, struct sppp *sp) 1483 { 1484 STDDCL; 1485 1486 if (debug) 1487 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1488 SPP_ARGS(ifp), cp->name, 1489 sppp_state_name(sp->state[cp->protoidx])); 1490 1491 switch (sp->state[cp->protoidx]) { 1492 case STATE_INITIAL: 1493 case STATE_CLOSED: 1494 case STATE_CLOSING: 1495 break; 1496 case STATE_STARTING: 1497 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1498 (cp->tlf)(sp); 1499 break; 1500 case STATE_STOPPED: 1501 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1502 break; 1503 case STATE_STOPPING: 1504 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1505 break; 1506 case STATE_OPENED: 1507 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1508 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1509 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0); 1510 (cp->tld)(sp); 1511 break; 1512 case STATE_REQ_SENT: 1513 case STATE_ACK_RCVD: 1514 case STATE_ACK_SENT: 1515 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1516 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0); 1517 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1518 break; 1519 } 1520 } 1521 1522 void 1523 sppp_increasing_timeout(const struct cp *cp, struct sppp *sp) 1524 { 1525 int timo; 1526 1527 timo = sp->lcp.max_configure - sp->rst_counter[cp->protoidx]; 1528 if (timo < 1) 1529 timo = 1; 1530 timeout_add_sec(&sp->ch[cp->protoidx], timo * sp->lcp.timeout); 1531 } 1532 1533 void 1534 sppp_to_event(const struct cp *cp, struct sppp *sp) 1535 { 1536 STDDCL; 1537 int s; 1538 1539 s = splnet(); 1540 if (debug) 1541 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 1542 SPP_ARGS(ifp), cp->name, 1543 sppp_state_name(sp->state[cp->protoidx]), 1544 sp->rst_counter[cp->protoidx]); 1545 1546 if (--sp->rst_counter[cp->protoidx] < 0) 1547 /* TO- event */ 1548 switch (sp->state[cp->protoidx]) { 1549 case STATE_CLOSING: 1550 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1551 (cp->tlf)(sp); 1552 break; 1553 case STATE_STOPPING: 1554 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1555 (cp->tlf)(sp); 1556 break; 1557 case STATE_REQ_SENT: 1558 case STATE_ACK_RCVD: 1559 case STATE_ACK_SENT: 1560 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1561 (cp->tlf)(sp); 1562 break; 1563 } 1564 else 1565 /* TO+ event */ 1566 switch (sp->state[cp->protoidx]) { 1567 case STATE_CLOSING: 1568 case STATE_STOPPING: 1569 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 1570 0, 0); 1571 sppp_increasing_timeout (cp, sp); 1572 break; 1573 case STATE_REQ_SENT: 1574 case STATE_ACK_RCVD: 1575 /* sppp_cp_change_state() will restart the timer */ 1576 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1577 (cp->scr)(sp); 1578 break; 1579 case STATE_ACK_SENT: 1580 sppp_increasing_timeout (cp, sp); 1581 (cp->scr)(sp); 1582 break; 1583 } 1584 1585 splx(s); 1586 } 1587 1588 /* 1589 * Change the state of a control protocol in the state automaton. 1590 * Takes care of starting/stopping the restart timer. 1591 */ 1592 void 1593 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1594 { 1595 STDDCL; 1596 1597 if (debug && sp->state[cp->protoidx] != newstate) 1598 log(LOG_DEBUG, SPP_FMT "%s %s->%s\n", 1599 SPP_ARGS(ifp), cp->name, 1600 sppp_state_name(sp->state[cp->protoidx]), 1601 sppp_state_name(newstate)); 1602 sp->state[cp->protoidx] = newstate; 1603 1604 switch (newstate) { 1605 case STATE_INITIAL: 1606 case STATE_STARTING: 1607 case STATE_CLOSED: 1608 case STATE_STOPPED: 1609 case STATE_OPENED: 1610 UNTIMEOUT(cp->TO, (void *)sp, sp->ch[cp->protoidx]); 1611 break; 1612 case STATE_CLOSING: 1613 case STATE_STOPPING: 1614 case STATE_REQ_SENT: 1615 case STATE_ACK_RCVD: 1616 case STATE_ACK_SENT: 1617 if (!timeout_pending(&sp->ch[cp->protoidx])) 1618 sppp_increasing_timeout (cp, sp); 1619 break; 1620 } 1621 } 1622 /* 1623 *--------------------------------------------------------------------------* 1624 * * 1625 * The LCP implementation. * 1626 * * 1627 *--------------------------------------------------------------------------* 1628 */ 1629 void 1630 sppp_lcp_init(struct sppp *sp) 1631 { 1632 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1633 sp->lcp.magic = 0; 1634 sp->state[IDX_LCP] = STATE_INITIAL; 1635 sp->fail_counter[IDX_LCP] = 0; 1636 sp->lcp.protos = 0; 1637 sp->lcp.mru = sp->pp_if.if_mtu; 1638 sp->lcp.their_mru = 0; 1639 1640 /* 1641 * Initialize counters and timeout values. Note that we don't 1642 * use the 3 seconds suggested in RFC 1661 since we are likely 1643 * running on a fast link. XXX We should probably implement 1644 * the exponential backoff option. Note that these values are 1645 * relevant for all control protocols, not just LCP only. 1646 */ 1647 sp->lcp.timeout = 1; /* seconds */ 1648 sp->lcp.max_terminate = 2; 1649 sp->lcp.max_configure = 10; 1650 sp->lcp.max_failure = 10; 1651 } 1652 1653 void 1654 sppp_lcp_up(struct sppp *sp) 1655 { 1656 STDDCL; 1657 struct timeval tv; 1658 1659 sp->pp_alivecnt = 0; 1660 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1661 sp->lcp.magic = 0; 1662 sp->lcp.protos = 0; 1663 if (sp->pp_if.if_mtu != PP_MTU) { 1664 sp->lcp.mru = sp->pp_if.if_mtu; 1665 sp->lcp.opts |= (1 << LCP_OPT_MRU); 1666 } else 1667 sp->lcp.mru = PP_MTU; 1668 sp->lcp.their_mru = PP_MTU; 1669 1670 getmicrouptime(&tv); 1671 sp->pp_last_receive = sp->pp_last_activity = tv.tv_sec; 1672 1673 /* 1674 * If this interface is passive or dial-on-demand, and we are 1675 * still in Initial state, it means we've got an incoming 1676 * call. Activate the interface. 1677 */ 1678 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 1679 if (debug) 1680 log(LOG_DEBUG, 1681 SPP_FMT "Up event", SPP_ARGS(ifp)); 1682 ifp->if_flags |= IFF_RUNNING; 1683 if (sp->state[IDX_LCP] == STATE_INITIAL) { 1684 if (debug) 1685 addlog("(incoming call)\n"); 1686 sp->pp_flags |= PP_CALLIN; 1687 lcp.Open(sp); 1688 } else if (debug) 1689 addlog("\n"); 1690 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 1691 (sp->state[IDX_LCP] == STATE_INITIAL)) { 1692 ifp->if_flags |= IFF_RUNNING; 1693 lcp.Open(sp); 1694 } 1695 1696 sppp_up_event(&lcp, sp); 1697 } 1698 1699 void 1700 sppp_lcp_down(struct sppp *sp) 1701 { 1702 STDDCL; 1703 1704 sppp_down_event(&lcp, sp); 1705 1706 /* 1707 * If this is neither a dial-on-demand nor a passive 1708 * interface, simulate an ``ifconfig down'' action, so the 1709 * administrator can force a redial by another ``ifconfig 1710 * up''. XXX For leased line operation, should we immediately 1711 * try to reopen the connection here? 1712 */ 1713 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 1714 if (debug) 1715 log(LOG_DEBUG, SPP_FMT "Down event (carrier loss), " 1716 "taking interface down.", SPP_ARGS(ifp)); 1717 if_down(ifp); 1718 } else { 1719 if (debug) 1720 log(LOG_DEBUG, SPP_FMT "Down event (carrier loss)\n", 1721 SPP_ARGS(ifp)); 1722 } 1723 1724 if (sp->state[IDX_LCP] != STATE_INITIAL) 1725 lcp.Close(sp); 1726 sp->lcp.their_mru = 0; 1727 sp->pp_flags &= ~PP_CALLIN; 1728 ifp->if_flags &= ~IFF_RUNNING; 1729 sppp_flush(ifp); 1730 } 1731 1732 void 1733 sppp_lcp_open(struct sppp *sp) 1734 { 1735 /* 1736 * If we are authenticator, negotiate LCP_AUTH 1737 */ 1738 if (sp->hisauth.proto != 0) 1739 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 1740 else 1741 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 1742 sp->pp_flags &= ~PP_NEEDAUTH; 1743 sppp_open_event(&lcp, sp); 1744 } 1745 1746 void 1747 sppp_lcp_close(struct sppp *sp) 1748 { 1749 sppp_close_event(&lcp, sp); 1750 } 1751 1752 void 1753 sppp_lcp_TO(void *cookie) 1754 { 1755 sppp_to_event(&lcp, (struct sppp *)cookie); 1756 } 1757 1758 /* 1759 * Analyze a configure request. Return true if it was agreeable, and 1760 * caused action sca, false if it has been rejected or nak'ed, and 1761 * caused action scn. (The return value is used to make the state 1762 * transition decision in the state automaton.) 1763 */ 1764 int 1765 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 1766 { 1767 STDDCL; 1768 u_char *buf, *r, *p; 1769 int origlen, rlen; 1770 u_long nmagic; 1771 u_short authproto; 1772 1773 len -= 4; 1774 origlen = len; 1775 buf = r = malloc (origlen, M_TEMP, M_NOWAIT); 1776 if (! buf) 1777 return (0); 1778 1779 if (debug) 1780 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 1781 SPP_ARGS(ifp)); 1782 1783 /* pass 1: check for things that need to be rejected */ 1784 p = (void*) (h+1); 1785 for (rlen = 0; len > 1; len -= p[1], p += p[1]) { 1786 if (p[1] < 2 || p[1] > len) { 1787 free(buf, M_TEMP, origlen); 1788 return (-1); 1789 } 1790 if (debug) 1791 addlog("%s ", sppp_lcp_opt_name(*p)); 1792 switch (*p) { 1793 case LCP_OPT_MAGIC: 1794 /* Magic number. */ 1795 /* FALLTHROUGH, both are same length */ 1796 case LCP_OPT_ASYNC_MAP: 1797 /* Async control character map. */ 1798 if (len >= 6 && p[1] == 6) 1799 continue; 1800 if (debug) 1801 addlog("[invalid] "); 1802 break; 1803 case LCP_OPT_MRU: 1804 /* Maximum receive unit. */ 1805 if (len >= 4 && p[1] == 4) 1806 continue; 1807 if (debug) 1808 addlog("[invalid] "); 1809 break; 1810 case LCP_OPT_AUTH_PROTO: 1811 if (len < 4) { 1812 if (debug) 1813 addlog("[invalid] "); 1814 break; 1815 } 1816 authproto = (p[2] << 8) + p[3]; 1817 if (authproto == PPP_CHAP && p[1] != 5) { 1818 if (debug) 1819 addlog("[invalid chap len] "); 1820 break; 1821 } 1822 if (sp->myauth.proto == 0) { 1823 /* we are not configured to do auth */ 1824 if (debug) 1825 addlog("[not configured] "); 1826 break; 1827 } 1828 /* 1829 * Remote want us to authenticate, remember this, 1830 * so we stay in PHASE_AUTHENTICATE after LCP got 1831 * up. 1832 */ 1833 sp->pp_flags |= PP_NEEDAUTH; 1834 continue; 1835 default: 1836 /* Others not supported. */ 1837 if (debug) 1838 addlog("[rej] "); 1839 break; 1840 } 1841 /* Add the option to rejected list. */ 1842 bcopy (p, r, p[1]); 1843 r += p[1]; 1844 rlen += p[1]; 1845 } 1846 if (rlen) { 1847 if (debug) 1848 addlog(" send conf-rej\n"); 1849 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 1850 goto end; 1851 } else if (debug) 1852 addlog("\n"); 1853 1854 /* 1855 * pass 2: check for option values that are unacceptable and 1856 * thus require to be nak'ed. 1857 */ 1858 if (debug) 1859 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 1860 SPP_ARGS(ifp)); 1861 1862 p = (void*) (h+1); 1863 len = origlen; 1864 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 1865 if (debug) 1866 addlog("%s ", sppp_lcp_opt_name(*p)); 1867 switch (*p) { 1868 case LCP_OPT_MAGIC: 1869 /* Magic number -- extract. */ 1870 nmagic = (u_long)p[2] << 24 | 1871 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 1872 if (nmagic != sp->lcp.magic) { 1873 if (debug) 1874 addlog("0x%lx ", nmagic); 1875 continue; 1876 } 1877 if (debug) 1878 addlog("[glitch] "); 1879 ++sp->pp_loopcnt; 1880 /* 1881 * We negate our magic here, and NAK it. If 1882 * we see it later in an NAK packet, we 1883 * suggest a new one. 1884 */ 1885 nmagic = ~sp->lcp.magic; 1886 /* Gonna NAK it. */ 1887 p[2] = nmagic >> 24; 1888 p[3] = nmagic >> 16; 1889 p[4] = nmagic >> 8; 1890 p[5] = nmagic; 1891 break; 1892 1893 case LCP_OPT_ASYNC_MAP: 1894 /* Async control character map -- check to be zero. */ 1895 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) { 1896 if (debug) 1897 addlog("[empty] "); 1898 continue; 1899 } 1900 if (debug) 1901 addlog("[non-empty] "); 1902 /* suggest a zero one */ 1903 p[2] = p[3] = p[4] = p[5] = 0; 1904 break; 1905 1906 case LCP_OPT_MRU: 1907 /* 1908 * Maximum receive unit. Always agreeable, 1909 * but ignored by now. 1910 */ 1911 sp->lcp.their_mru = p[2] * 256 + p[3]; 1912 if (debug) 1913 addlog("%lu ", sp->lcp.their_mru); 1914 continue; 1915 1916 case LCP_OPT_AUTH_PROTO: 1917 authproto = (p[2] << 8) + p[3]; 1918 if (sp->myauth.proto != authproto) { 1919 /* not agreed, nak */ 1920 if (debug) 1921 addlog("[mine %s != his %s] ", 1922 sppp_proto_name(sp->hisauth.proto), 1923 sppp_proto_name(authproto)); 1924 p[2] = sp->myauth.proto >> 8; 1925 p[3] = sp->myauth.proto; 1926 break; 1927 } 1928 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 1929 if (debug) 1930 addlog("[chap not MD5] "); 1931 p[4] = CHAP_MD5; 1932 break; 1933 } 1934 continue; 1935 } 1936 /* Add the option to nak'ed list. */ 1937 bcopy (p, r, p[1]); 1938 r += p[1]; 1939 rlen += p[1]; 1940 } 1941 if (rlen) { 1942 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 1943 if (debug) 1944 addlog(" max_failure (%d) exceeded, " 1945 "send conf-rej\n", 1946 sp->lcp.max_failure); 1947 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 1948 } else { 1949 if (debug) 1950 addlog(" send conf-nak\n"); 1951 sppp_cp_send(sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 1952 } 1953 goto end; 1954 } else { 1955 if (debug) 1956 addlog("send conf-ack\n"); 1957 sp->fail_counter[IDX_LCP] = 0; 1958 sp->pp_loopcnt = 0; 1959 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 1960 h->ident, origlen, h+1); 1961 } 1962 1963 end: 1964 free(buf, M_TEMP, origlen); 1965 return (rlen == 0); 1966 } 1967 1968 /* 1969 * Analyze the LCP Configure-Reject option list, and adjust our 1970 * negotiation. 1971 */ 1972 void 1973 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 1974 { 1975 STDDCL; 1976 u_char *p; 1977 1978 len -= 4; 1979 1980 if (debug) 1981 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 1982 SPP_ARGS(ifp)); 1983 1984 p = (void*) (h+1); 1985 for (; len > 1; len -= p[1], p += p[1]) { 1986 if (p[1] < 2 || p[1] > len) 1987 return; 1988 if (debug) 1989 addlog("%s ", sppp_lcp_opt_name(*p)); 1990 switch (*p) { 1991 case LCP_OPT_MAGIC: 1992 /* Magic number -- can't use it, use 0 */ 1993 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 1994 sp->lcp.magic = 0; 1995 break; 1996 case LCP_OPT_MRU: 1997 /* 1998 * Should not be rejected anyway, since we only 1999 * negotiate a MRU if explicitly requested by 2000 * peer. 2001 */ 2002 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2003 break; 2004 case LCP_OPT_AUTH_PROTO: 2005 /* 2006 * Peer doesn't want to authenticate himself, 2007 * deny unless this is a dialout call, and 2008 * AUTHFLAG_NOCALLOUT is set. 2009 */ 2010 if ((sp->pp_flags & PP_CALLIN) == 0 && 2011 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2012 if (debug) 2013 addlog("[don't insist on auth " 2014 "for callout]"); 2015 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2016 break; 2017 } 2018 if (debug) 2019 addlog("[access denied]\n"); 2020 lcp.Close(sp); 2021 break; 2022 } 2023 } 2024 if (debug) 2025 addlog("\n"); 2026 } 2027 2028 /* 2029 * Analyze the LCP Configure-NAK option list, and adjust our 2030 * negotiation. 2031 */ 2032 void 2033 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2034 { 2035 STDDCL; 2036 u_char *p; 2037 u_long magic; 2038 2039 len -= 4; 2040 2041 if (debug) 2042 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2043 SPP_ARGS(ifp)); 2044 2045 p = (void*) (h+1); 2046 for (; len > 1; len -= p[1], p += p[1]) { 2047 if (p[1] < 2 || p[1] > len) 2048 return; 2049 if (debug) 2050 addlog("%s ", sppp_lcp_opt_name(*p)); 2051 switch (*p) { 2052 case LCP_OPT_MAGIC: 2053 /* Magic number -- renegotiate */ 2054 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2055 len >= 6 && p[1] == 6) { 2056 magic = (u_long)p[2] << 24 | 2057 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2058 /* 2059 * If the remote magic is our negated one, 2060 * this looks like a loopback problem. 2061 * Suggest a new magic to make sure. 2062 */ 2063 if (magic == ~sp->lcp.magic) { 2064 if (debug) 2065 addlog("magic glitch "); 2066 sp->lcp.magic = arc4random(); 2067 } else { 2068 sp->lcp.magic = magic; 2069 if (debug) 2070 addlog("%lu ", magic); 2071 } 2072 } 2073 break; 2074 case LCP_OPT_MRU: 2075 /* 2076 * Peer wants to advise us to negotiate an MRU. 2077 * Agree on it if it's reasonable, or use 2078 * default otherwise. 2079 */ 2080 if (len >= 4 && p[1] == 4) { 2081 u_int mru = p[2] * 256 + p[3]; 2082 if (debug) 2083 addlog("%d ", mru); 2084 if (mru < PP_MIN_MRU) 2085 mru = PP_MIN_MRU; 2086 if (mru > PP_MAX_MRU) 2087 mru = PP_MAX_MRU; 2088 sp->lcp.mru = mru; 2089 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2090 } 2091 break; 2092 case LCP_OPT_AUTH_PROTO: 2093 /* 2094 * Peer doesn't like our authentication method, 2095 * deny. 2096 */ 2097 if (debug) 2098 addlog("[access denied]\n"); 2099 lcp.Close(sp); 2100 break; 2101 } 2102 } 2103 if (debug) 2104 addlog("\n"); 2105 } 2106 2107 void 2108 sppp_lcp_tlu(struct sppp *sp) 2109 { 2110 struct ifnet *ifp = &sp->pp_if; 2111 int i; 2112 u_long mask; 2113 2114 /* XXX ? */ 2115 if (! (ifp->if_flags & IFF_UP) && 2116 (ifp->if_flags & IFF_RUNNING)) { 2117 /* Coming out of loopback mode. */ 2118 if_up(ifp); 2119 if (ifp->if_flags & IFF_DEBUG) 2120 log(LOG_INFO, SPP_FMT "up\n", SPP_ARGS(ifp)); 2121 } 2122 2123 for (i = 0; i < IDX_COUNT; i++) 2124 if ((cps[i])->flags & CP_QUAL) 2125 (cps[i])->Open(sp); 2126 2127 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2128 (sp->pp_flags & PP_NEEDAUTH) != 0) 2129 sp->pp_phase = PHASE_AUTHENTICATE; 2130 else 2131 sp->pp_phase = PHASE_NETWORK; 2132 2133 sppp_set_phase(sp); 2134 2135 /* 2136 * Open all authentication protocols. This is even required 2137 * if we already proceeded to network phase, since it might be 2138 * that remote wants us to authenticate, so we might have to 2139 * send a PAP request. Undesired authentication protocols 2140 * don't do anything when they get an Open event. 2141 */ 2142 for (i = 0; i < IDX_COUNT; i++) 2143 if ((cps[i])->flags & CP_AUTH) 2144 (cps[i])->Open(sp); 2145 2146 if (sp->pp_phase == PHASE_NETWORK) { 2147 /* Notify all NCPs. */ 2148 for (i = 0; i < IDX_COUNT; i++) 2149 if ((cps[i])->flags & CP_NCP) 2150 (cps[i])->Open(sp); 2151 } 2152 2153 /* Send Up events to all started protos. */ 2154 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2155 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) 2156 (cps[i])->Up(sp); 2157 2158 /* notify low-level driver of state change */ 2159 if (sp->pp_chg) 2160 sp->pp_chg(sp, (int)sp->pp_phase); 2161 2162 if (sp->pp_phase == PHASE_NETWORK) 2163 /* if no NCP is starting, close down */ 2164 sppp_lcp_check_and_close(sp); 2165 } 2166 2167 void 2168 sppp_lcp_tld(struct sppp *sp) 2169 { 2170 int i; 2171 u_long mask; 2172 2173 sp->pp_phase = PHASE_TERMINATE; 2174 2175 sppp_set_phase(sp); 2176 2177 /* 2178 * Take upper layers down. We send the Down event first and 2179 * the Close second to prevent the upper layers from sending 2180 * ``a flurry of terminate-request packets'', as the RFC 2181 * describes it. 2182 */ 2183 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2184 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) { 2185 (cps[i])->Down(sp); 2186 (cps[i])->Close(sp); 2187 } 2188 } 2189 2190 void 2191 sppp_lcp_tls(struct sppp *sp) 2192 { 2193 sp->pp_phase = PHASE_ESTABLISH; 2194 2195 sppp_set_phase(sp); 2196 2197 /* Notify lower layer if desired. */ 2198 if (sp->pp_tls) 2199 (sp->pp_tls)(sp); 2200 } 2201 2202 void 2203 sppp_lcp_tlf(struct sppp *sp) 2204 { 2205 sp->pp_phase = PHASE_DEAD; 2206 sppp_set_phase(sp); 2207 2208 /* Notify lower layer if desired. */ 2209 if (sp->pp_tlf) 2210 (sp->pp_tlf)(sp); 2211 } 2212 2213 void 2214 sppp_lcp_scr(struct sppp *sp) 2215 { 2216 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2217 int i = 0; 2218 u_short authproto; 2219 2220 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2221 if (! sp->lcp.magic) 2222 sp->lcp.magic = arc4random(); 2223 opt[i++] = LCP_OPT_MAGIC; 2224 opt[i++] = 6; 2225 opt[i++] = sp->lcp.magic >> 24; 2226 opt[i++] = sp->lcp.magic >> 16; 2227 opt[i++] = sp->lcp.magic >> 8; 2228 opt[i++] = sp->lcp.magic; 2229 } 2230 2231 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2232 opt[i++] = LCP_OPT_MRU; 2233 opt[i++] = 4; 2234 opt[i++] = sp->lcp.mru >> 8; 2235 opt[i++] = sp->lcp.mru; 2236 } 2237 2238 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2239 authproto = sp->hisauth.proto; 2240 opt[i++] = LCP_OPT_AUTH_PROTO; 2241 opt[i++] = authproto == PPP_CHAP? 5: 4; 2242 opt[i++] = authproto >> 8; 2243 opt[i++] = authproto; 2244 if (authproto == PPP_CHAP) 2245 opt[i++] = CHAP_MD5; 2246 } 2247 2248 sp->confid[IDX_LCP] = ++sp->pp_seq; 2249 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, opt); 2250 } 2251 2252 /* 2253 * Check the open NCPs, return true if at least one NCP is open. 2254 */ 2255 int 2256 sppp_ncp_check(struct sppp *sp) 2257 { 2258 int i, mask; 2259 2260 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2261 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP) 2262 return 1; 2263 return 0; 2264 } 2265 2266 /* 2267 * Re-check the open NCPs and see if we should terminate the link. 2268 * Called by the NCPs during their tlf action handling. 2269 */ 2270 void 2271 sppp_lcp_check_and_close(struct sppp *sp) 2272 { 2273 2274 if (sp->pp_phase < PHASE_NETWORK) 2275 /* don't bother, we are already going down */ 2276 return; 2277 2278 if (sppp_ncp_check(sp)) 2279 return; 2280 2281 lcp.Close(sp); 2282 } 2283 /* 2284 *--------------------------------------------------------------------------* 2285 * * 2286 * The IPCP implementation. * 2287 * * 2288 *--------------------------------------------------------------------------* 2289 */ 2290 2291 void 2292 sppp_ipcp_init(struct sppp *sp) 2293 { 2294 sp->ipcp.opts = 0; 2295 sp->ipcp.flags = 0; 2296 sp->state[IDX_IPCP] = STATE_INITIAL; 2297 sp->fail_counter[IDX_IPCP] = 0; 2298 task_set(&sp->ipcp.set_addr_task, sppp_set_ip_addrs, sp); 2299 task_set(&sp->ipcp.clear_addr_task, sppp_clear_ip_addrs, sp); 2300 } 2301 2302 void 2303 sppp_ipcp_destroy(struct sppp *sp) 2304 { 2305 task_del(systq, &sp->ipcp.set_addr_task); 2306 task_del(systq, &sp->ipcp.clear_addr_task); 2307 } 2308 2309 void 2310 sppp_ipcp_up(struct sppp *sp) 2311 { 2312 sppp_up_event(&ipcp, sp); 2313 } 2314 2315 void 2316 sppp_ipcp_down(struct sppp *sp) 2317 { 2318 sppp_down_event(&ipcp, sp); 2319 } 2320 2321 void 2322 sppp_ipcp_open(struct sppp *sp) 2323 { 2324 sppp_open_event(&ipcp, sp); 2325 } 2326 2327 void 2328 sppp_ipcp_close(struct sppp *sp) 2329 { 2330 sppp_close_event(&ipcp, sp); 2331 } 2332 2333 void 2334 sppp_ipcp_TO(void *cookie) 2335 { 2336 sppp_to_event(&ipcp, (struct sppp *)cookie); 2337 } 2338 2339 /* 2340 * Analyze a configure request. Return true if it was agreeable, and 2341 * caused action sca, false if it has been rejected or nak'ed, and 2342 * caused action scn. (The return value is used to make the state 2343 * transition decision in the state automaton.) 2344 */ 2345 int 2346 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2347 { 2348 u_char *buf, *r, *p; 2349 struct ifnet *ifp = &sp->pp_if; 2350 int rlen, origlen, buflen, debug = ifp->if_flags & IFF_DEBUG; 2351 u_int32_t hisaddr, desiredaddr; 2352 2353 len -= 4; 2354 origlen = len; 2355 /* 2356 * Make sure to allocate a buf that can at least hold a 2357 * conf-nak with an `address' option. We might need it below. 2358 */ 2359 buflen = len < 6? 6: len; 2360 buf = r = malloc (buflen, M_TEMP, M_NOWAIT); 2361 if (! buf) 2362 return (0); 2363 2364 /* pass 1: see if we can recognize them */ 2365 if (debug) 2366 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2367 SPP_ARGS(ifp)); 2368 p = (void*) (h+1); 2369 for (rlen = 0; len > 1; len -= p[1], p += p[1]) { 2370 if (p[1] < 2 || p[1] > len) { 2371 free(buf, M_TEMP, buflen); 2372 return (-1); 2373 } 2374 if (debug) 2375 addlog("%s ", sppp_ipcp_opt_name(*p)); 2376 switch (*p) { 2377 #ifdef notyet 2378 case IPCP_OPT_COMPRESSION: 2379 if (len >= 6 && p[1] >= 6) { 2380 /* correctly formed compress option */ 2381 continue; 2382 } 2383 if (debug) 2384 addlog("[invalid] "); 2385 break; 2386 #endif 2387 case IPCP_OPT_ADDRESS: 2388 if (len >= 6 && p[1] == 6) { 2389 /* correctly formed address option */ 2390 continue; 2391 } 2392 if (debug) 2393 addlog("[invalid] "); 2394 break; 2395 default: 2396 /* Others not supported. */ 2397 if (debug) 2398 addlog("[rej] "); 2399 break; 2400 } 2401 /* Add the option to rejected list. */ 2402 bcopy (p, r, p[1]); 2403 r += p[1]; 2404 rlen += p[1]; 2405 } 2406 if (rlen) { 2407 if (debug) 2408 addlog(" send conf-rej\n"); 2409 sppp_cp_send(sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2410 goto end; 2411 } else if (debug) 2412 addlog("\n"); 2413 2414 /* pass 2: parse option values */ 2415 if (sp->ipcp.flags & IPCP_HISADDR_SEEN) 2416 hisaddr = sp->ipcp.req_hisaddr; /* we already agreed on that */ 2417 else 2418 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */ 2419 if (debug) 2420 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2421 SPP_ARGS(ifp)); 2422 p = (void*) (h+1); 2423 len = origlen; 2424 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2425 if (debug) 2426 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2427 switch (*p) { 2428 #ifdef notyet 2429 case IPCP_OPT_COMPRESSION: 2430 continue; 2431 #endif 2432 case IPCP_OPT_ADDRESS: 2433 desiredaddr = p[2] << 24 | p[3] << 16 | 2434 p[4] << 8 | p[5]; 2435 if (desiredaddr == hisaddr || 2436 ((sp->ipcp.flags & IPCP_HISADDR_DYN) && 2437 desiredaddr != 0)) { 2438 /* 2439 * Peer's address is same as our value, 2440 * or we have set it to 0.0.0.1 to 2441 * indicate that we do not really care, 2442 * this is agreeable. Gonna conf-ack 2443 * it. 2444 */ 2445 if (debug) 2446 addlog("%s [ack] ", 2447 sppp_dotted_quad(desiredaddr)); 2448 /* record that we've seen it already */ 2449 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2450 sp->ipcp.req_hisaddr = desiredaddr; 2451 hisaddr = desiredaddr; 2452 continue; 2453 } 2454 /* 2455 * The address wasn't agreeable. This is either 2456 * he sent us 0.0.0.0, asking to assign him an 2457 * address, or he send us another address not 2458 * matching our value. Either case, we gonna 2459 * conf-nak it with our value. 2460 */ 2461 if (debug) { 2462 if (desiredaddr == 0) 2463 addlog("[addr requested] "); 2464 else 2465 addlog("%s [not agreed] ", 2466 sppp_dotted_quad(desiredaddr)); 2467 } 2468 2469 p[2] = hisaddr >> 24; 2470 p[3] = hisaddr >> 16; 2471 p[4] = hisaddr >> 8; 2472 p[5] = hisaddr; 2473 break; 2474 } 2475 /* Add the option to nak'ed list. */ 2476 bcopy (p, r, p[1]); 2477 r += p[1]; 2478 rlen += p[1]; 2479 } 2480 2481 /* 2482 * If we are about to conf-ack the request, but haven't seen 2483 * his address so far, gonna conf-nak it instead, with the 2484 * `address' option present and our idea of his address being 2485 * filled in there, to request negotiation of both addresses. 2486 * 2487 * XXX This can result in an endless req - nak loop if peer 2488 * doesn't want to send us his address. Q: What should we do 2489 * about it? XXX A: implement the max-failure counter. 2490 */ 2491 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) { 2492 buf[0] = IPCP_OPT_ADDRESS; 2493 buf[1] = 6; 2494 buf[2] = hisaddr >> 24; 2495 buf[3] = hisaddr >> 16; 2496 buf[4] = hisaddr >> 8; 2497 buf[5] = hisaddr; 2498 rlen = 6; 2499 if (debug) 2500 addlog("still need hisaddr "); 2501 } 2502 2503 if (rlen) { 2504 if (debug) 2505 addlog(" send conf-nak\n"); 2506 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2507 } else { 2508 if (debug) 2509 addlog(" send conf-ack\n"); 2510 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 2511 h->ident, origlen, h+1); 2512 } 2513 2514 end: 2515 free(buf, M_TEMP, buflen); 2516 return (rlen == 0); 2517 } 2518 2519 /* 2520 * Analyze the IPCP Configure-Reject option list, and adjust our 2521 * negotiation. 2522 */ 2523 void 2524 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2525 { 2526 u_char *p; 2527 struct ifnet *ifp = &sp->pp_if; 2528 int debug = ifp->if_flags & IFF_DEBUG; 2529 2530 len -= 4; 2531 2532 if (debug) 2533 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 2534 SPP_ARGS(ifp)); 2535 2536 p = (void*) (h+1); 2537 for (; len > 1; len -= p[1], p += p[1]) { 2538 if (p[1] < 2 || p[1] > len) 2539 return; 2540 if (debug) 2541 addlog("%s ", sppp_ipcp_opt_name(*p)); 2542 switch (*p) { 2543 case IPCP_OPT_ADDRESS: 2544 /* 2545 * Peer doesn't grok address option. This is 2546 * bad. XXX Should we better give up here? 2547 */ 2548 sp->ipcp.opts &= ~(1 << SPPP_IPCP_OPT_ADDRESS); 2549 break; 2550 #ifdef notyet 2551 case IPCP_OPT_COMPRESS: 2552 sp->ipcp.opts &= ~(1 << SPPP_IPCP_OPT_COMPRESS); 2553 break; 2554 #endif 2555 case IPCP_OPT_PRIMDNS: 2556 sp->ipcp.opts &= ~(1 << SPPP_IPCP_OPT_PRIMDNS); 2557 break; 2558 case IPCP_OPT_SECDNS: 2559 sp->ipcp.opts &= ~(1 << SPPP_IPCP_OPT_SECDNS); 2560 break; 2561 } 2562 } 2563 if (debug) 2564 addlog("\n"); 2565 } 2566 2567 /* 2568 * Analyze the IPCP Configure-NAK option list, and adjust our 2569 * negotiation. 2570 */ 2571 void 2572 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2573 { 2574 u_char *p; 2575 struct ifnet *ifp = &sp->pp_if; 2576 int debug = ifp->if_flags & IFF_DEBUG; 2577 u_int32_t wantaddr; 2578 2579 len -= 4; 2580 2581 if (debug) 2582 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 2583 SPP_ARGS(ifp)); 2584 2585 p = (void*) (h+1); 2586 for (; len > 1; len -= p[1], p += p[1]) { 2587 if (p[1] < 2 || p[1] > len) 2588 return; 2589 if (debug) 2590 addlog("%s ", sppp_ipcp_opt_name(*p)); 2591 switch (*p) { 2592 case IPCP_OPT_ADDRESS: 2593 /* 2594 * Peer doesn't like our local IP address. See 2595 * if we can do something for him. We'll drop 2596 * him our address then. 2597 */ 2598 if (len >= 6 && p[1] == 6) { 2599 wantaddr = p[2] << 24 | p[3] << 16 | 2600 p[4] << 8 | p[5]; 2601 sp->ipcp.opts |= (1 << SPPP_IPCP_OPT_ADDRESS); 2602 if (debug) 2603 addlog("[wantaddr %s] ", 2604 sppp_dotted_quad(wantaddr)); 2605 /* 2606 * When doing dynamic address assignment, 2607 * we accept his offer. Otherwise, we 2608 * ignore it and thus continue to negotiate 2609 * our already existing value. 2610 */ 2611 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 2612 if (debug) 2613 addlog("[agree] "); 2614 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2615 sp->ipcp.req_myaddr = wantaddr; 2616 } 2617 } 2618 break; 2619 #ifdef notyet 2620 case IPCP_OPT_COMPRESS: 2621 /* 2622 * Peer wants different compression parameters. 2623 */ 2624 break; 2625 #endif 2626 case IPCP_OPT_PRIMDNS: 2627 if (len >= 6 && p[1] == 6) 2628 memcpy(&sp->ipcp.dns[0].s_addr, p + 2, 2629 sizeof(sp->ipcp.dns[0])); 2630 break; 2631 case IPCP_OPT_SECDNS: 2632 if (len >= 6 && p[1] == 6) 2633 memcpy(&sp->ipcp.dns[1].s_addr, p + 2, 2634 sizeof(sp->ipcp.dns[1])); 2635 break; 2636 } 2637 } 2638 if (debug) 2639 addlog("\n"); 2640 } 2641 2642 void 2643 sppp_ipcp_tlu(struct sppp *sp) 2644 { 2645 if (sp->ipcp.req_myaddr != 0 || sp->ipcp.req_hisaddr != 0) 2646 task_add(systq, &sp->ipcp.set_addr_task); 2647 } 2648 2649 void 2650 sppp_ipcp_tld(struct sppp *sp) 2651 { 2652 } 2653 2654 void 2655 sppp_ipcp_tls(struct sppp *sp) 2656 { 2657 STDDCL; 2658 u_int32_t myaddr, hisaddr; 2659 2660 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN| 2661 IPCP_MYADDR_DYN|IPCP_HISADDR_DYN); 2662 sp->ipcp.req_myaddr = 0; 2663 sp->ipcp.req_hisaddr = 0; 2664 memset(&sp->ipcp.dns, 0, sizeof(sp->ipcp.dns)); 2665 2666 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2667 /* 2668 * If we don't have his address, this probably means our 2669 * interface doesn't want to talk IP at all. (This could 2670 * be the case if somebody wants to speak only IPX, for 2671 * example.) Don't open IPCP in this case. 2672 */ 2673 if (hisaddr == 0) { 2674 /* XXX this message should go away */ 2675 if (debug) 2676 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2677 SPP_ARGS(ifp)); 2678 return; 2679 } 2680 2681 if (myaddr == 0) { 2682 /* 2683 * I don't have an assigned address, so i need to 2684 * negotiate my address. 2685 */ 2686 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2687 sp->ipcp.opts |= (1 << SPPP_IPCP_OPT_ADDRESS); 2688 } 2689 if (hisaddr >= 1 && hisaddr <= 255) { 2690 /* 2691 * XXX - remove this hack! 2692 * remote has no valid address, we need to get one assigned. 2693 */ 2694 sp->ipcp.flags |= IPCP_HISADDR_DYN; 2695 } 2696 2697 /* negotiate name server addresses */ 2698 sp->ipcp.opts |= (1 << SPPP_IPCP_OPT_PRIMDNS); 2699 sp->ipcp.opts |= (1 << SPPP_IPCP_OPT_SECDNS); 2700 2701 /* indicate to LCP that it must stay alive */ 2702 sp->lcp.protos |= (1 << IDX_IPCP); 2703 } 2704 2705 void 2706 sppp_ipcp_tlf(struct sppp *sp) 2707 { 2708 if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN)) 2709 /* Some address was dynamic, clear it again. */ 2710 task_add(systq, &sp->ipcp.clear_addr_task); 2711 2712 /* we no longer need LCP */ 2713 sp->lcp.protos &= ~(1 << IDX_IPCP); 2714 sppp_lcp_check_and_close(sp); 2715 } 2716 2717 void 2718 sppp_ipcp_scr(struct sppp *sp) 2719 { 2720 char opt[6 /* compression */ + 6 /* address */ + 12 /* dns addrs */]; 2721 u_int32_t ouraddr; 2722 int i = 0; 2723 2724 #ifdef notyet 2725 if (sp->ipcp.opts & (1 << SPPP_IPCP_OPT_COMPRESSION)) { 2726 opt[i++] = IPCP_OPT_COMPRESSION; 2727 opt[i++] = 6; 2728 opt[i++] = 0; /* VJ header compression */ 2729 opt[i++] = 0x2d; /* VJ header compression */ 2730 opt[i++] = max_slot_id; 2731 opt[i++] = comp_slot_id; 2732 } 2733 #endif 2734 2735 if (sp->ipcp.opts & (1 << SPPP_IPCP_OPT_ADDRESS)) { 2736 if (sp->ipcp.flags & IPCP_MYADDR_SEEN) 2737 /* not sure if this can ever happen */ 2738 ouraddr = sp->ipcp.req_myaddr; 2739 else 2740 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 2741 opt[i++] = IPCP_OPT_ADDRESS; 2742 opt[i++] = 6; 2743 opt[i++] = ouraddr >> 24; 2744 opt[i++] = ouraddr >> 16; 2745 opt[i++] = ouraddr >> 8; 2746 opt[i++] = ouraddr; 2747 } 2748 2749 if (sp->ipcp.opts & (1 << SPPP_IPCP_OPT_PRIMDNS)) { 2750 opt[i++] = IPCP_OPT_PRIMDNS; 2751 opt[i++] = 6; 2752 memcpy(&opt[i], &sp->ipcp.dns[0].s_addr, 2753 sizeof(sp->ipcp.dns[0])); 2754 i += sizeof(sp->ipcp.dns[0]); 2755 } 2756 2757 if (sp->ipcp.opts & (1 << SPPP_IPCP_OPT_SECDNS)) { 2758 opt[i++] = IPCP_OPT_SECDNS; 2759 opt[i++] = 6; 2760 memcpy(&opt[i], &sp->ipcp.dns[1].s_addr, 2761 sizeof(sp->ipcp.dns[1])); 2762 i += sizeof(sp->ipcp.dns[1]); 2763 } 2764 2765 sp->confid[IDX_IPCP] = ++sp->pp_seq; 2766 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, opt); 2767 } 2768 2769 /* 2770 *--------------------------------------------------------------------------* 2771 * * 2772 * The IPv6CP implementation. * 2773 * * 2774 *--------------------------------------------------------------------------* 2775 */ 2776 2777 #ifdef INET6 2778 void 2779 sppp_ipv6cp_init(struct sppp *sp) 2780 { 2781 sp->ipv6cp.opts = 0; 2782 sp->ipv6cp.flags = 0; 2783 sp->state[IDX_IPV6CP] = STATE_INITIAL; 2784 sp->fail_counter[IDX_IPV6CP] = 0; 2785 task_set(&sp->ipv6cp.set_addr_task, sppp_update_ip6_addr, sp); 2786 } 2787 2788 void 2789 sppp_ipv6cp_destroy(struct sppp *sp) 2790 { 2791 task_del(systq, &sp->ipv6cp.set_addr_task); 2792 } 2793 2794 void 2795 sppp_ipv6cp_up(struct sppp *sp) 2796 { 2797 sppp_up_event(&ipv6cp, sp); 2798 } 2799 2800 void 2801 sppp_ipv6cp_down(struct sppp *sp) 2802 { 2803 sppp_down_event(&ipv6cp, sp); 2804 } 2805 2806 void 2807 sppp_ipv6cp_open(struct sppp *sp) 2808 { 2809 STDDCL; 2810 struct in6_addr myaddr, hisaddr; 2811 2812 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 2813 2814 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, NULL); 2815 /* 2816 * If we don't have our address, this probably means our 2817 * interface doesn't want to talk IPv6 at all. (This could 2818 * be the case if the IFXF_NOINET6 flag is set, for 2819 * example.) Don't open IPv6CP in this case. 2820 */ 2821 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 2822 /* XXX this message should go away */ 2823 if (debug) 2824 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 2825 SPP_ARGS(ifp)); 2826 return; 2827 } 2828 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 2829 sppp_open_event(&ipv6cp, sp); 2830 } 2831 2832 void 2833 sppp_ipv6cp_close(struct sppp *sp) 2834 { 2835 sppp_close_event(&ipv6cp, sp); 2836 } 2837 2838 void 2839 sppp_ipv6cp_TO(void *cookie) 2840 { 2841 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 2842 } 2843 2844 int 2845 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2846 { 2847 u_char *buf, *r, *p; 2848 struct ifnet *ifp = &sp->pp_if; 2849 int rlen, origlen, buflen, debug = ifp->if_flags & IFF_DEBUG; 2850 struct in6_addr myaddr, desiredaddr, suggestaddr; 2851 int ifidcount; 2852 int type; 2853 int collision, nohisaddr; 2854 char addr[INET6_ADDRSTRLEN]; 2855 2856 len -= 4; 2857 origlen = len; 2858 /* 2859 * Make sure to allocate a buf that can at least hold a 2860 * conf-nak with an `address' option. We might need it below. 2861 */ 2862 buflen = len < 6? 6: len; 2863 buf = r = malloc (buflen, M_TEMP, M_NOWAIT); 2864 if (! buf) 2865 return (0); 2866 2867 /* pass 1: see if we can recognize them */ 2868 if (debug) 2869 log(LOG_DEBUG, "%s: ipv6cp parse opts:", 2870 SPP_ARGS(ifp)); 2871 p = (void *)(h + 1); 2872 ifidcount = 0; 2873 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2874 /* Sanity check option length */ 2875 if (p[1] < 2 || p[1] > len) { 2876 free(buf, M_TEMP, buflen); 2877 return (-1); 2878 } 2879 if (debug) 2880 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 2881 switch (*p) { 2882 case IPV6CP_OPT_IFID: 2883 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 2884 /* correctly formed address option */ 2885 ifidcount++; 2886 continue; 2887 } 2888 if (debug) 2889 addlog(" [invalid]"); 2890 break; 2891 #ifdef notyet 2892 case IPV6CP_OPT_COMPRESSION: 2893 if (len >= 4 && p[1] >= 4) { 2894 /* correctly formed compress option */ 2895 continue; 2896 } 2897 if (debug) 2898 addlog(" [invalid]"); 2899 break; 2900 #endif 2901 default: 2902 /* Others not supported. */ 2903 if (debug) 2904 addlog(" [rej]"); 2905 break; 2906 } 2907 /* Add the option to rejected list. */ 2908 bcopy (p, r, p[1]); 2909 r += p[1]; 2910 rlen += p[1]; 2911 } 2912 if (rlen) { 2913 if (debug) 2914 addlog(" send conf-rej\n"); 2915 sppp_cp_send(sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 2916 goto end; 2917 } else if (debug) 2918 addlog("\n"); 2919 2920 /* pass 2: parse option values */ 2921 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) 2922 myaddr = sp->ipv6cp.req_ifid.ifra_addr.sin6_addr; 2923 else 2924 sppp_get_ip6_addrs(sp, &myaddr, NULL, NULL); 2925 if (debug) 2926 log(LOG_DEBUG, "%s: ipv6cp parse opt values: ", 2927 SPP_ARGS(ifp)); 2928 p = (void *)(h + 1); 2929 len = origlen; 2930 type = CONF_ACK; 2931 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2932 if (debug) 2933 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 2934 switch (*p) { 2935 #ifdef notyet 2936 case IPV6CP_OPT_COMPRESSION: 2937 continue; 2938 #endif 2939 case IPV6CP_OPT_IFID: 2940 memset(&desiredaddr, 0, sizeof(desiredaddr)); 2941 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 2942 collision = (memcmp(&desiredaddr.s6_addr[8], 2943 &myaddr.s6_addr[8], 8) == 0); 2944 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 2945 2946 desiredaddr.s6_addr16[0] = htons(0xfe80); 2947 2948 if (!collision && !nohisaddr) { 2949 /* no collision, hisaddr known - Conf-Ack */ 2950 type = CONF_ACK; 2951 2952 if (debug) { 2953 addlog(" %s [%s]", 2954 inet_ntop(AF_INET6, &desiredaddr, 2955 addr, sizeof(addr)), 2956 sppp_cp_type_name(type)); 2957 } 2958 sppp_set_ip6_addr(sp, &myaddr, &desiredaddr); 2959 continue; 2960 } 2961 2962 memset(&suggestaddr, 0, sizeof(suggestaddr)); 2963 if (collision && nohisaddr) { 2964 /* collision, hisaddr unknown - Conf-Rej */ 2965 type = CONF_REJ; 2966 memset(&p[2], 0, 8); 2967 } else { 2968 /* 2969 * - no collision, hisaddr unknown, or 2970 * - collision, hisaddr known 2971 * Conf-Nak, suggest hisaddr 2972 */ 2973 type = CONF_NAK; 2974 sppp_suggest_ip6_addr(sp, &suggestaddr); 2975 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 2976 } 2977 if (debug) 2978 addlog(" %s [%s]", 2979 inet_ntop(AF_INET6, &desiredaddr, addr, 2980 sizeof(addr)), 2981 sppp_cp_type_name(type)); 2982 break; 2983 } 2984 /* Add the option to nak'ed list. */ 2985 bcopy (p, r, p[1]); 2986 r += p[1]; 2987 rlen += p[1]; 2988 } 2989 2990 if (rlen == 0 && type == CONF_ACK) { 2991 if (debug) 2992 addlog(" send %s\n", sppp_cp_type_name(type)); 2993 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, origlen, h + 1); 2994 } else { 2995 #ifdef notdef 2996 if (type == CONF_ACK) 2997 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 2998 #endif 2999 3000 if (debug) { 3001 addlog(" send %s suggest %s\n", 3002 sppp_cp_type_name(type), 3003 inet_ntop(AF_INET6, &suggestaddr, addr, 3004 sizeof(addr))); 3005 } 3006 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3007 } 3008 3009 end: 3010 free(buf, M_TEMP, buflen); 3011 return (rlen == 0); 3012 } 3013 3014 void 3015 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3016 { 3017 u_char *p; 3018 struct ifnet *ifp = &sp->pp_if; 3019 int debug = ifp->if_flags & IFF_DEBUG; 3020 3021 len -= 4; 3022 3023 if (debug) 3024 log(LOG_DEBUG, "%s: ipv6cp rej opts:", 3025 SPP_ARGS(ifp)); 3026 3027 p = (void *)(h + 1); 3028 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3029 if (p[1] < 2 || p[1] > len) 3030 return; 3031 if (debug) 3032 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3033 switch (*p) { 3034 case IPV6CP_OPT_IFID: 3035 /* 3036 * Peer doesn't grok address option. This is 3037 * bad. XXX Should we better give up here? 3038 */ 3039 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3040 break; 3041 #ifdef notyet 3042 case IPV6CP_OPT_COMPRESS: 3043 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3044 break; 3045 #endif 3046 } 3047 } 3048 if (debug) 3049 addlog("\n"); 3050 return; 3051 } 3052 3053 void 3054 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3055 { 3056 u_char *p; 3057 struct ifnet *ifp = &sp->pp_if; 3058 int debug = ifp->if_flags & IFF_DEBUG; 3059 struct in6_addr suggestaddr; 3060 char addr[INET6_ADDRSTRLEN]; 3061 3062 len -= 4; 3063 3064 if (debug) 3065 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts: ", 3066 SPP_ARGS(ifp)); 3067 3068 p = (void*) (h+1); 3069 for (; len > 1; len -= p[1], p += p[1]) { 3070 if (p[1] < 2 || p[1] > len) 3071 return; 3072 if (debug) 3073 addlog("%s ", sppp_ipv6cp_opt_name(*p)); 3074 switch (*p) { 3075 case IPV6CP_OPT_IFID: 3076 /* 3077 * Peer doesn't like our local ifid. See 3078 * if we can do something for him. We'll drop 3079 * him our address then. 3080 */ 3081 if (len < 10 || p[1] != 10) 3082 break; 3083 sp->ipv6cp.flags |= IPV6CP_MYIFID_DYN; 3084 memset(&suggestaddr, 0, sizeof(suggestaddr)); 3085 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3086 if (IN6_IS_ADDR_UNSPECIFIED(&suggestaddr) || 3087 (sp->ipv6cp.flags & IPV6CP_MYIFID_SEEN)) { 3088 /* 3089 * The peer didn't suggest anything, 3090 * or wants us to change a previously 3091 * suggested address. 3092 * Configure a new address for us. 3093 */ 3094 sppp_suggest_ip6_addr(sp, &suggestaddr); 3095 sppp_set_ip6_addr(sp, &suggestaddr, NULL); 3096 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3097 } else { 3098 /* Configure address suggested by peer. */ 3099 suggestaddr.s6_addr16[0] = htons(0xfe80); 3100 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3101 if (debug) 3102 addlog(" [suggestaddr %s]", 3103 inet_ntop(AF_INET6, &suggestaddr, 3104 addr, sizeof(addr))); 3105 sppp_set_ip6_addr(sp, &suggestaddr, NULL); 3106 if (debug) 3107 addlog(" [agree]"); 3108 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3109 } 3110 break; 3111 #ifdef notyet 3112 case IPV6CP_OPT_COMPRESS: 3113 /* 3114 * Peer wants different compression parameters. 3115 */ 3116 break; 3117 #endif 3118 } 3119 } 3120 if (debug) 3121 addlog("\n"); 3122 } 3123 3124 void 3125 sppp_ipv6cp_tlu(struct sppp *sp) 3126 { 3127 } 3128 3129 void 3130 sppp_ipv6cp_tld(struct sppp *sp) 3131 { 3132 } 3133 3134 void 3135 sppp_ipv6cp_tls(struct sppp *sp) 3136 { 3137 /* indicate to LCP that it must stay alive */ 3138 sp->lcp.protos |= (1 << IDX_IPV6CP); 3139 } 3140 3141 void 3142 sppp_ipv6cp_tlf(struct sppp *sp) 3143 { 3144 /* we no longer need LCP */ 3145 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3146 sppp_lcp_check_and_close(sp); 3147 } 3148 3149 void 3150 sppp_ipv6cp_scr(struct sppp *sp) 3151 { 3152 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3153 struct in6_addr ouraddr; 3154 int i = 0; 3155 3156 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3157 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) 3158 ouraddr = sp->ipv6cp.req_ifid.ifra_addr.sin6_addr; 3159 else 3160 sppp_get_ip6_addrs(sp, &ouraddr, NULL, NULL); 3161 opt[i++] = IPV6CP_OPT_IFID; 3162 opt[i++] = 10; 3163 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3164 i += 8; 3165 } 3166 3167 #ifdef notyet 3168 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3169 opt[i++] = IPV6CP_OPT_COMPRESSION; 3170 opt[i++] = 4; 3171 opt[i++] = 0; /* TBD */ 3172 opt[i++] = 0; /* TBD */ 3173 /* variable length data may follow */ 3174 } 3175 #endif 3176 3177 sp->confid[IDX_IPV6CP] = ++sp->pp_seq; 3178 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, opt); 3179 } 3180 #else /*INET6*/ 3181 void 3182 sppp_ipv6cp_init(struct sppp *sp) 3183 { 3184 } 3185 3186 void 3187 sppp_ipv6cp_destroy(struct sppp *sp) 3188 { 3189 } 3190 3191 void 3192 sppp_ipv6cp_up(struct sppp *sp) 3193 { 3194 } 3195 3196 void 3197 sppp_ipv6cp_down(struct sppp *sp) 3198 { 3199 } 3200 3201 void 3202 sppp_ipv6cp_open(struct sppp *sp) 3203 { 3204 } 3205 3206 void 3207 sppp_ipv6cp_close(struct sppp *sp) 3208 { 3209 } 3210 3211 void 3212 sppp_ipv6cp_TO(void *sp) 3213 { 3214 } 3215 3216 int 3217 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, 3218 int len) 3219 { 3220 return 0; 3221 } 3222 3223 void 3224 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, 3225 int len) 3226 { 3227 } 3228 3229 void 3230 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, 3231 int len) 3232 { 3233 } 3234 3235 void 3236 sppp_ipv6cp_tlu(struct sppp *sp) 3237 { 3238 } 3239 3240 void 3241 sppp_ipv6cp_tld(struct sppp *sp) 3242 { 3243 } 3244 3245 void 3246 sppp_ipv6cp_tls(struct sppp *sp) 3247 { 3248 } 3249 3250 void 3251 sppp_ipv6cp_tlf(struct sppp *sp) 3252 { 3253 } 3254 3255 void 3256 sppp_ipv6cp_scr(struct sppp *sp) 3257 { 3258 } 3259 #endif /*INET6*/ 3260 3261 /* 3262 *--------------------------------------------------------------------------* 3263 * * 3264 * The CHAP implementation. * 3265 * * 3266 *--------------------------------------------------------------------------* 3267 */ 3268 3269 /* 3270 * The authentication protocols don't employ a full-fledged state machine as 3271 * the control protocols do, since they do have Open and Close events, but 3272 * not Up and Down, nor are they explicitly terminated. Also, use of the 3273 * authentication protocols may be different in both directions (this makes 3274 * sense, think of a machine that never accepts incoming calls but only 3275 * calls out, it doesn't require the called party to authenticate itself). 3276 * 3277 * Our state machine for the local authentication protocol (we are requesting 3278 * the peer to authenticate) looks like: 3279 * 3280 * RCA- 3281 * +--------------------------------------------+ 3282 * V scn,tld| 3283 * +--------+ Close +---------+ RCA+ 3284 * | |<----------------------------------| |------+ 3285 * +--->| Closed | TO* | Opened | sca | 3286 * | | |-----+ +-------| |<-----+ 3287 * | +--------+ irc | | +---------+ 3288 * | ^ | | ^ 3289 * | | | | | 3290 * | | | | | 3291 * | TO-| | | | 3292 * | |tld TO+ V | | 3293 * | | +------->+ | | 3294 * | | | | | | 3295 * | +--------+ V | | 3296 * | | |<----+<--------------------+ | 3297 * | | Req- | scr | 3298 * | | Sent | | 3299 * | | | | 3300 * | +--------+ | 3301 * | RCA- | | RCA+ | 3302 * +------+ +------------------------------------------+ 3303 * scn,tld sca,irc,ict,tlu 3304 * 3305 * 3306 * with: 3307 * 3308 * Open: LCP reached authentication phase 3309 * Close: LCP reached terminate phase 3310 * 3311 * RCA+: received reply (pap-req, chap-response), acceptable 3312 * RCN: received reply (pap-req, chap-response), not acceptable 3313 * TO+: timeout with restart counter >= 0 3314 * TO-: timeout with restart counter < 0 3315 * TO*: reschedule timeout for CHAP 3316 * 3317 * scr: send request packet (none for PAP, chap-challenge) 3318 * sca: send ack packet (pap-ack, chap-success) 3319 * scn: send nak packet (pap-nak, chap-failure) 3320 * ict: initialize re-challenge timer (CHAP only) 3321 * 3322 * tlu: this-layer-up, LCP reaches network phase 3323 * tld: this-layer-down, LCP enters terminate phase 3324 * 3325 * Note that in CHAP mode, after sending a new challenge, while the state 3326 * automaton falls back into Req-Sent state, it doesn't signal a tld 3327 * event to LCP, so LCP remains in network phase. Only after not getting 3328 * any response (or after getting an unacceptable response), CHAP closes, 3329 * causing LCP to enter terminate phase. 3330 * 3331 * With PAP, there is no initial request that can be sent. The peer is 3332 * expected to send one based on the successful negotiation of PAP as 3333 * the authentication protocol during the LCP option negotiation. 3334 * 3335 * Incoming authentication protocol requests (remote requests 3336 * authentication, we are peer) don't employ a state machine at all, 3337 * they are simply answered. Some peers [Ascend P50 firmware rev 3338 * 4.50] react allergically when sending IPCP requests while they are 3339 * still in authentication phase (thereby violating the standard that 3340 * demands that these NCP packets are to be discarded), so we keep 3341 * track of the peer demanding us to authenticate, and only proceed to 3342 * phase network once we've seen a positive acknowledge for the 3343 * authentication. 3344 */ 3345 3346 /* 3347 * Handle incoming CHAP packets. 3348 */ 3349 void 3350 sppp_chap_input(struct sppp *sp, struct mbuf *m) 3351 { 3352 STDDCL; 3353 struct lcp_header *h; 3354 int len, x; 3355 u_char *value, *name, digest[AUTHCHALEN], dsize; 3356 int value_len, name_len; 3357 MD5_CTX ctx; 3358 3359 len = m->m_pkthdr.len; 3360 if (len < 4) { 3361 if (debug) 3362 log(LOG_DEBUG, 3363 SPP_FMT "chap invalid packet length: %d bytes\n", 3364 SPP_ARGS(ifp), len); 3365 return; 3366 } 3367 h = mtod (m, struct lcp_header*); 3368 if (len > ntohs (h->len)) 3369 len = ntohs (h->len); 3370 3371 switch (h->type) { 3372 /* challenge, failure and success are his authproto */ 3373 case CHAP_CHALLENGE: 3374 value = 1 + (u_char*)(h+1); 3375 value_len = value[-1]; 3376 name = value + value_len; 3377 name_len = len - value_len - 5; 3378 if (name_len < 0) { 3379 if (debug) { 3380 log(LOG_DEBUG, 3381 SPP_FMT "chap corrupted challenge " 3382 "<%s id=0x%x len=%d", 3383 SPP_ARGS(ifp), 3384 sppp_auth_type_name(PPP_CHAP, h->type), 3385 h->ident, ntohs(h->len)); 3386 if (len > 4) 3387 sppp_print_bytes((u_char*) (h+1), len-4); 3388 addlog(">\n"); 3389 } 3390 break; 3391 } 3392 3393 if (debug) { 3394 log(LOG_DEBUG, 3395 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3396 SPP_ARGS(ifp), 3397 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3398 ntohs(h->len)); 3399 sppp_print_string((char*) name, name_len); 3400 addlog(" value-size=%d value=", value_len); 3401 sppp_print_bytes(value, value_len); 3402 addlog(">\n"); 3403 } 3404 3405 /* Compute reply value. */ 3406 MD5Init(&ctx); 3407 MD5Update(&ctx, &h->ident, 1); 3408 MD5Update(&ctx, sp->myauth.secret, strlen(sp->myauth.secret)); 3409 MD5Update(&ctx, value, value_len); 3410 MD5Final(digest, &ctx); 3411 dsize = sizeof digest; 3412 3413 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3414 sizeof dsize, (const char *)&dsize, 3415 sizeof digest, digest, 3416 strlen(sp->myauth.name), 3417 sp->myauth.name, 3418 0); 3419 break; 3420 3421 case CHAP_SUCCESS: 3422 if (debug) { 3423 log(LOG_DEBUG, SPP_FMT "chap success", 3424 SPP_ARGS(ifp)); 3425 if (len > 4) { 3426 addlog(": "); 3427 sppp_print_string((char*)(h + 1), len - 4); 3428 } 3429 addlog("\n"); 3430 } 3431 x = splnet(); 3432 sp->pp_flags &= ~PP_NEEDAUTH; 3433 if (sp->myauth.proto == PPP_CHAP && 3434 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3435 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3436 /* 3437 * We are authenticator for CHAP but didn't 3438 * complete yet. Leave it to tlu to proceed 3439 * to network phase. 3440 */ 3441 splx(x); 3442 break; 3443 } 3444 splx(x); 3445 sppp_phase_network(sp); 3446 break; 3447 3448 case CHAP_FAILURE: 3449 if (debug) { 3450 log(LOG_INFO, SPP_FMT "chap failure", 3451 SPP_ARGS(ifp)); 3452 if (len > 4) { 3453 addlog(": "); 3454 sppp_print_string((char*)(h + 1), len - 4); 3455 } 3456 addlog("\n"); 3457 } else 3458 log(LOG_INFO, SPP_FMT "chap failure\n", 3459 SPP_ARGS(ifp)); 3460 /* await LCP shutdown by authenticator */ 3461 break; 3462 3463 /* response is my authproto */ 3464 case CHAP_RESPONSE: 3465 value = 1 + (u_char*)(h+1); 3466 value_len = value[-1]; 3467 name = value + value_len; 3468 name_len = len - value_len - 5; 3469 if (name_len < 0) { 3470 if (debug) { 3471 log(LOG_DEBUG, 3472 SPP_FMT "chap corrupted response " 3473 "<%s id=0x%x len=%d", 3474 SPP_ARGS(ifp), 3475 sppp_auth_type_name(PPP_CHAP, h->type), 3476 h->ident, ntohs(h->len)); 3477 if (len > 4) 3478 sppp_print_bytes((u_char*)(h+1), len-4); 3479 addlog(">\n"); 3480 } 3481 break; 3482 } 3483 if (h->ident != sp->confid[IDX_CHAP]) { 3484 if (debug) 3485 log(LOG_DEBUG, 3486 SPP_FMT "chap dropping response for old ID " 3487 "(got %d, expected %d)\n", 3488 SPP_ARGS(ifp), 3489 h->ident, sp->confid[IDX_CHAP]); 3490 break; 3491 } 3492 if (name_len != strlen(sp->hisauth.name) 3493 || bcmp(name, sp->hisauth.name, name_len) != 0) { 3494 log(LOG_INFO, SPP_FMT "chap response, his name ", 3495 SPP_ARGS(ifp)); 3496 sppp_print_string(name, name_len); 3497 addlog(" != expected "); 3498 sppp_print_string(sp->hisauth.name, 3499 strlen(sp->hisauth.name)); 3500 addlog("\n"); 3501 } 3502 if (debug) { 3503 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 3504 "<%s id=0x%x len=%d name=", 3505 SPP_ARGS(ifp), 3506 sppp_state_name(sp->state[IDX_CHAP]), 3507 sppp_auth_type_name(PPP_CHAP, h->type), 3508 h->ident, ntohs (h->len)); 3509 sppp_print_string((char*)name, name_len); 3510 addlog(" value-size=%d value=", value_len); 3511 sppp_print_bytes(value, value_len); 3512 addlog(">\n"); 3513 } 3514 if (value_len != AUTHCHALEN) { 3515 if (debug) 3516 log(LOG_DEBUG, 3517 SPP_FMT "chap bad hash value length: " 3518 "%d bytes, should be %d\n", 3519 SPP_ARGS(ifp), value_len, 3520 AUTHCHALEN); 3521 break; 3522 } 3523 3524 MD5Init(&ctx); 3525 MD5Update(&ctx, &h->ident, 1); 3526 MD5Update(&ctx, sp->hisauth.secret, strlen(sp->hisauth.secret)); 3527 MD5Update(&ctx, sp->chap_challenge, AUTHCHALEN); 3528 MD5Final(digest, &ctx); 3529 3530 #define FAILMSG "Failed..." 3531 #define SUCCMSG "Welcome!" 3532 3533 if (value_len != sizeof digest || 3534 timingsafe_bcmp(digest, value, value_len) != 0) { 3535 /* action scn, tld */ 3536 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3537 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3538 0); 3539 chap.tld(sp); 3540 break; 3541 } 3542 /* action sca, perhaps tlu */ 3543 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 3544 sp->state[IDX_CHAP] == STATE_OPENED) 3545 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 3546 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3547 0); 3548 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 3549 sppp_cp_change_state(&chap, sp, STATE_OPENED); 3550 chap.tlu(sp); 3551 } 3552 break; 3553 3554 default: 3555 /* Unknown CHAP packet type -- ignore. */ 3556 if (debug) { 3557 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 3558 "<0x%x id=0x%xh len=%d", 3559 SPP_ARGS(ifp), 3560 sppp_state_name(sp->state[IDX_CHAP]), 3561 h->type, h->ident, ntohs(h->len)); 3562 if (len > 4) 3563 sppp_print_bytes((u_char*)(h+1), len-4); 3564 addlog(">\n"); 3565 } 3566 break; 3567 3568 } 3569 } 3570 3571 void 3572 sppp_chap_init(struct sppp *sp) 3573 { 3574 /* Chap doesn't have STATE_INITIAL at all. */ 3575 sp->state[IDX_CHAP] = STATE_CLOSED; 3576 sp->fail_counter[IDX_CHAP] = 0; 3577 } 3578 3579 void 3580 sppp_chap_open(struct sppp *sp) 3581 { 3582 if (sp->myauth.proto == PPP_CHAP && 3583 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3584 /* we are authenticator for CHAP, start it */ 3585 chap.scr(sp); 3586 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3587 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3588 } 3589 /* nothing to be done if we are peer, await a challenge */ 3590 } 3591 3592 void 3593 sppp_chap_close(struct sppp *sp) 3594 { 3595 if (sp->state[IDX_CHAP] != STATE_CLOSED) 3596 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3597 } 3598 3599 void 3600 sppp_chap_TO(void *cookie) 3601 { 3602 struct sppp *sp = (struct sppp *)cookie; 3603 STDDCL; 3604 int s; 3605 3606 s = splnet(); 3607 if (debug) 3608 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 3609 SPP_ARGS(ifp), 3610 sppp_state_name(sp->state[IDX_CHAP]), 3611 sp->rst_counter[IDX_CHAP]); 3612 3613 if (--sp->rst_counter[IDX_CHAP] < 0) 3614 /* TO- event */ 3615 switch (sp->state[IDX_CHAP]) { 3616 case STATE_REQ_SENT: 3617 chap.tld(sp); 3618 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3619 break; 3620 } 3621 else 3622 /* TO+ (or TO*) event */ 3623 switch (sp->state[IDX_CHAP]) { 3624 case STATE_OPENED: 3625 /* TO* event */ 3626 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3627 /* FALLTHROUGH */ 3628 case STATE_REQ_SENT: 3629 chap.scr(sp); 3630 /* sppp_cp_change_state() will restart the timer */ 3631 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3632 break; 3633 } 3634 3635 splx(s); 3636 } 3637 3638 void 3639 sppp_chap_tlu(struct sppp *sp) 3640 { 3641 STDDCL; 3642 int i = 0, x; 3643 3644 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3645 3646 /* 3647 * Some broken CHAP implementations (Conware CoNet, firmware 3648 * 4.0.?) don't want to re-authenticate their CHAP once the 3649 * initial challenge-response exchange has taken place. 3650 * Provide for an option to avoid rechallenges. 3651 */ 3652 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 3653 /* 3654 * Compute the re-challenge timeout. This will yield 3655 * a number between 300 and 810 seconds. 3656 */ 3657 i = 300 + arc4random_uniform(1 + 810 - 300); 3658 3659 timeout_add_sec(&sp->ch[IDX_CHAP], i); 3660 } 3661 3662 if (debug) { 3663 log(LOG_DEBUG, 3664 SPP_FMT "chap %s, ", 3665 SPP_ARGS(ifp), 3666 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 3667 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 3668 addlog("next re-challenge in %d seconds\n", i); 3669 else 3670 addlog("re-challenging suppressed\n"); 3671 } 3672 3673 x = splnet(); 3674 /* indicate to LCP that we need to be closed down */ 3675 sp->lcp.protos |= (1 << IDX_CHAP); 3676 3677 if (sp->pp_flags & PP_NEEDAUTH) { 3678 /* 3679 * Remote is authenticator, but his auth proto didn't 3680 * complete yet. Defer the transition to network 3681 * phase. 3682 */ 3683 splx(x); 3684 return; 3685 } 3686 splx(x); 3687 3688 /* 3689 * If we are already in phase network, we are done here. This 3690 * is the case if this is a dummy tlu event after a re-challenge. 3691 */ 3692 if (sp->pp_phase != PHASE_NETWORK) 3693 sppp_phase_network(sp); 3694 } 3695 3696 void 3697 sppp_chap_tld(struct sppp *sp) 3698 { 3699 STDDCL; 3700 3701 if (debug) 3702 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 3703 UNTIMEOUT(chap.TO, (void *)sp, sp->ch[IDX_CHAP]); 3704 sp->lcp.protos &= ~(1 << IDX_CHAP); 3705 3706 lcp.Close(sp); 3707 } 3708 3709 void 3710 sppp_chap_scr(struct sppp *sp) 3711 { 3712 u_char clen; 3713 3714 /* Compute random challenge. */ 3715 arc4random_buf(sp->chap_challenge, sizeof(sp->chap_challenge)); 3716 clen = AUTHCHALEN; 3717 3718 sp->confid[IDX_CHAP] = ++sp->pp_seq; 3719 3720 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 3721 sizeof clen, (const char *)&clen, 3722 (size_t)AUTHCHALEN, sp->chap_challenge, 3723 strlen(sp->myauth.name), 3724 sp->myauth.name, 3725 0); 3726 } 3727 /* 3728 *--------------------------------------------------------------------------* 3729 * * 3730 * The PAP implementation. * 3731 * * 3732 *--------------------------------------------------------------------------* 3733 */ 3734 /* 3735 * For PAP, we need to keep a little state also if we are the peer, not the 3736 * authenticator. This is since we don't get a request to authenticate, but 3737 * have to repeatedly authenticate ourself until we got a response (or the 3738 * retry counter is expired). 3739 */ 3740 3741 /* 3742 * Handle incoming PAP packets. */ 3743 void 3744 sppp_pap_input(struct sppp *sp, struct mbuf *m) 3745 { 3746 STDDCL; 3747 struct lcp_header *h; 3748 int len, x; 3749 u_char *name, *passwd, mlen; 3750 int name_len, passwd_len; 3751 3752 len = m->m_pkthdr.len; 3753 if (len < 5) { 3754 if (debug) 3755 log(LOG_DEBUG, 3756 SPP_FMT "pap invalid packet length: %d bytes\n", 3757 SPP_ARGS(ifp), len); 3758 return; 3759 } 3760 h = mtod (m, struct lcp_header*); 3761 if (len > ntohs (h->len)) 3762 len = ntohs (h->len); 3763 switch (h->type) { 3764 /* PAP request is my authproto */ 3765 case PAP_REQ: 3766 name = 1 + (u_char*)(h+1); 3767 name_len = name[-1]; 3768 passwd = name + name_len + 1; 3769 if (name_len > len - 6 || 3770 (passwd_len = passwd[-1]) > len - 6 - name_len) { 3771 if (debug) { 3772 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3773 "<%s id=0x%x len=%d", 3774 SPP_ARGS(ifp), 3775 sppp_auth_type_name(PPP_PAP, h->type), 3776 h->ident, ntohs(h->len)); 3777 if (len > 4) 3778 sppp_print_bytes((u_char*)(h+1), len-4); 3779 addlog(">\n"); 3780 } 3781 break; 3782 } 3783 if (debug) { 3784 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 3785 "<%s id=0x%x len=%d name=", 3786 SPP_ARGS(ifp), 3787 sppp_state_name(sp->state[IDX_PAP]), 3788 sppp_auth_type_name(PPP_PAP, h->type), 3789 h->ident, ntohs(h->len)); 3790 sppp_print_string((char*)name, name_len); 3791 addlog(" passwd="); 3792 sppp_print_string((char*)passwd, passwd_len); 3793 addlog(">\n"); 3794 } 3795 if (name_len > AUTHMAXLEN || 3796 passwd_len > AUTHMAXLEN || 3797 bcmp(name, sp->hisauth.name, name_len) != 0 || 3798 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 3799 /* action scn, tld */ 3800 mlen = sizeof(FAILMSG) - 1; 3801 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 3802 sizeof mlen, (const char *)&mlen, 3803 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3804 0); 3805 pap.tld(sp); 3806 break; 3807 } 3808 /* action sca, perhaps tlu */ 3809 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 3810 sp->state[IDX_PAP] == STATE_OPENED) { 3811 mlen = sizeof(SUCCMSG) - 1; 3812 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 3813 sizeof mlen, (const char *)&mlen, 3814 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3815 0); 3816 } 3817 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 3818 sppp_cp_change_state(&pap, sp, STATE_OPENED); 3819 pap.tlu(sp); 3820 } 3821 break; 3822 3823 /* ack and nak are his authproto */ 3824 case PAP_ACK: 3825 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3826 if (debug) { 3827 log(LOG_DEBUG, SPP_FMT "pap success", 3828 SPP_ARGS(ifp)); 3829 name_len = *((char *)h); 3830 if (len > 5 && name_len) { 3831 addlog(": "); 3832 sppp_print_string((char*)(h+1), name_len); 3833 } 3834 addlog("\n"); 3835 } 3836 x = splnet(); 3837 sp->pp_flags &= ~PP_NEEDAUTH; 3838 if (sp->myauth.proto == PPP_PAP && 3839 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3840 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 3841 /* 3842 * We are authenticator for PAP but didn't 3843 * complete yet. Leave it to tlu to proceed 3844 * to network phase. 3845 */ 3846 splx(x); 3847 break; 3848 } 3849 splx(x); 3850 sppp_phase_network(sp); 3851 break; 3852 3853 case PAP_NAK: 3854 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3855 if (debug) { 3856 log(LOG_INFO, SPP_FMT "pap failure", 3857 SPP_ARGS(ifp)); 3858 name_len = *((char *)h); 3859 if (len > 5 && name_len) { 3860 addlog(": "); 3861 sppp_print_string((char*)(h+1), name_len); 3862 } 3863 addlog("\n"); 3864 } else 3865 log(LOG_INFO, SPP_FMT "pap failure\n", 3866 SPP_ARGS(ifp)); 3867 /* await LCP shutdown by authenticator */ 3868 break; 3869 3870 default: 3871 /* Unknown PAP packet type -- ignore. */ 3872 if (debug) { 3873 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3874 "<0x%x id=0x%x len=%d", 3875 SPP_ARGS(ifp), 3876 h->type, h->ident, ntohs(h->len)); 3877 if (len > 4) 3878 sppp_print_bytes((u_char*)(h+1), len-4); 3879 addlog(">\n"); 3880 } 3881 break; 3882 3883 } 3884 } 3885 3886 void 3887 sppp_pap_init(struct sppp *sp) 3888 { 3889 /* PAP doesn't have STATE_INITIAL at all. */ 3890 sp->state[IDX_PAP] = STATE_CLOSED; 3891 sp->fail_counter[IDX_PAP] = 0; 3892 } 3893 3894 void 3895 sppp_pap_open(struct sppp *sp) 3896 { 3897 if (sp->hisauth.proto == PPP_PAP && 3898 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3899 /* we are authenticator for PAP, start our timer */ 3900 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3901 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3902 } 3903 if (sp->myauth.proto == PPP_PAP) { 3904 /* we are peer, send a request, and start a timer */ 3905 pap.scr(sp); 3906 timeout_add_sec(&sp->pap_my_to_ch, sp->lcp.timeout); 3907 } 3908 } 3909 3910 void 3911 sppp_pap_close(struct sppp *sp) 3912 { 3913 if (sp->state[IDX_PAP] != STATE_CLOSED) 3914 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3915 } 3916 3917 /* 3918 * That's the timeout routine if we are authenticator. Since the 3919 * authenticator is basically passive in PAP, we can't do much here. 3920 */ 3921 void 3922 sppp_pap_TO(void *cookie) 3923 { 3924 struct sppp *sp = (struct sppp *)cookie; 3925 STDDCL; 3926 int s; 3927 3928 s = splnet(); 3929 if (debug) 3930 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 3931 SPP_ARGS(ifp), 3932 sppp_state_name(sp->state[IDX_PAP]), 3933 sp->rst_counter[IDX_PAP]); 3934 3935 if (--sp->rst_counter[IDX_PAP] < 0) 3936 /* TO- event */ 3937 switch (sp->state[IDX_PAP]) { 3938 case STATE_REQ_SENT: 3939 pap.tld(sp); 3940 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3941 break; 3942 } 3943 else 3944 /* TO+ event, not very much we could do */ 3945 switch (sp->state[IDX_PAP]) { 3946 case STATE_REQ_SENT: 3947 /* sppp_cp_change_state() will restart the timer */ 3948 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3949 break; 3950 } 3951 3952 splx(s); 3953 } 3954 3955 /* 3956 * That's the timeout handler if we are peer. Since the peer is active, 3957 * we need to retransmit our PAP request since it is apparently lost. 3958 * XXX We should impose a max counter. 3959 */ 3960 void 3961 sppp_pap_my_TO(void *cookie) 3962 { 3963 struct sppp *sp = (struct sppp *)cookie; 3964 STDDCL; 3965 3966 if (debug) 3967 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 3968 SPP_ARGS(ifp)); 3969 3970 pap.scr(sp); 3971 } 3972 3973 void 3974 sppp_pap_tlu(struct sppp *sp) 3975 { 3976 STDDCL; 3977 int x; 3978 3979 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3980 3981 if (debug) 3982 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 3983 SPP_ARGS(ifp), pap.name); 3984 3985 x = splnet(); 3986 /* indicate to LCP that we need to be closed down */ 3987 sp->lcp.protos |= (1 << IDX_PAP); 3988 3989 if (sp->pp_flags & PP_NEEDAUTH) { 3990 /* 3991 * Remote is authenticator, but his auth proto didn't 3992 * complete yet. Defer the transition to network 3993 * phase. 3994 */ 3995 splx(x); 3996 return; 3997 } 3998 splx(x); 3999 sppp_phase_network(sp); 4000 } 4001 4002 void 4003 sppp_pap_tld(struct sppp *sp) 4004 { 4005 STDDCL; 4006 4007 if (debug) 4008 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4009 UNTIMEOUT(pap.TO, (void *)sp, sp->ch[IDX_PAP]); 4010 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 4011 sp->lcp.protos &= ~(1 << IDX_PAP); 4012 4013 lcp.Close(sp); 4014 } 4015 4016 void 4017 sppp_pap_scr(struct sppp *sp) 4018 { 4019 u_char idlen, pwdlen; 4020 4021 sp->confid[IDX_PAP] = ++sp->pp_seq; 4022 pwdlen = strlen(sp->myauth.secret); 4023 idlen = strlen(sp->myauth.name); 4024 4025 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4026 sizeof idlen, (const char *)&idlen, 4027 (size_t)idlen, sp->myauth.name, 4028 sizeof pwdlen, (const char *)&pwdlen, 4029 (size_t)pwdlen, sp->myauth.secret, 4030 0); 4031 } 4032 /* 4033 * Random miscellaneous functions. 4034 */ 4035 4036 /* 4037 * Send a PAP or CHAP proto packet. 4038 * 4039 * Variadic function, each of the elements for the ellipsis is of type 4040 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4041 * mlen == 0. 4042 */ 4043 4044 void 4045 sppp_auth_send(const struct cp *cp, struct sppp *sp, 4046 unsigned int type, u_int id, ...) 4047 { 4048 STDDCL; 4049 struct lcp_header *lh; 4050 struct mbuf *m; 4051 u_char *p; 4052 int len, s; 4053 unsigned int mlen; 4054 const char *msg; 4055 va_list ap; 4056 4057 MGETHDR (m, M_DONTWAIT, MT_DATA); 4058 if (! m) 4059 return; 4060 m->m_pkthdr.ph_ifidx = 0; 4061 m->m_pkthdr.pf.prio = sp->pp_if.if_llprio; 4062 4063 *mtod(m, u_int16_t *) = htons(cp->proto); 4064 lh = (struct lcp_header *)(mtod(m, u_int8_t *) + 2); 4065 4066 lh->type = type; 4067 lh->ident = id; 4068 p = (u_char*) (lh+1); 4069 4070 va_start(ap, id); 4071 len = 0; 4072 4073 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4074 msg = va_arg(ap, const char *); 4075 len += mlen; 4076 if (len > MHLEN - PKTHDRLEN - LCP_HEADER_LEN) { 4077 va_end(ap); 4078 m_freem(m); 4079 return; 4080 } 4081 4082 bcopy(msg, p, mlen); 4083 p += mlen; 4084 } 4085 va_end(ap); 4086 4087 m->m_pkthdr.len = m->m_len = PKTHDRLEN + LCP_HEADER_LEN + len; 4088 lh->len = htons (LCP_HEADER_LEN + len); 4089 4090 if (debug) { 4091 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4092 SPP_ARGS(ifp), cp->name, 4093 sppp_auth_type_name(cp->proto, lh->type), 4094 lh->ident, ntohs(lh->len)); 4095 if (len) 4096 sppp_print_bytes((u_char*) (lh+1), len); 4097 addlog(">\n"); 4098 } 4099 4100 len = m->m_pkthdr.len + sp->pp_framebytes; 4101 if (mq_enqueue(&sp->pp_cpq, m) != 0) { 4102 ifp->if_oerrors++; 4103 return; 4104 } 4105 4106 ifp->if_obytes += len; 4107 s = splnet(); 4108 if_start(ifp); 4109 splx(s); 4110 } 4111 4112 /* 4113 * Send keepalive packets, every 10 seconds. 4114 */ 4115 void 4116 sppp_keepalive(void *dummy) 4117 { 4118 struct sppp *sp; 4119 int s; 4120 struct timeval tv; 4121 4122 NET_LOCK(); 4123 s = splnet(); 4124 getmicrouptime(&tv); 4125 for (sp=spppq; sp; sp=sp->pp_next) { 4126 struct ifnet *ifp = &sp->pp_if; 4127 4128 /* Keepalive mode disabled or channel down? */ 4129 if (! (sp->pp_flags & PP_KEEPALIVE) || 4130 ! (ifp->if_flags & IFF_RUNNING)) 4131 continue; 4132 4133 /* No keepalive if LCP not opened yet. */ 4134 if (sp->pp_phase < PHASE_AUTHENTICATE) 4135 continue; 4136 4137 /* No echo reply, but maybe user data passed through? */ 4138 if ((tv.tv_sec - sp->pp_last_receive) < NORECV_TIME) { 4139 sp->pp_alivecnt = 0; 4140 continue; 4141 } 4142 4143 if (sp->pp_alivecnt >= MAXALIVECNT) { 4144 /* No keepalive packets got. Stop the interface. */ 4145 if_down (ifp); 4146 mq_purge(&sp->pp_cpq); 4147 log(LOG_INFO, SPP_FMT "LCP keepalive timeout\n", 4148 SPP_ARGS(ifp)); 4149 sp->pp_alivecnt = 0; 4150 4151 /* we are down, close all open protocols */ 4152 lcp.Close(sp); 4153 4154 /* And now prepare LCP to reestablish the link, 4155 * if configured to do so. */ 4156 sppp_cp_change_state(&lcp, sp, STATE_STOPPED); 4157 4158 /* Close connection immediately, completion of this 4159 * will summon the magic needed to reestablish it. */ 4160 if (sp->pp_tlf) 4161 sp->pp_tlf(sp); 4162 continue; 4163 } 4164 if (sp->pp_alivecnt < MAXALIVECNT) 4165 ++sp->pp_alivecnt; 4166 if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4167 u_int32_t nmagic = htonl(sp->lcp.magic); 4168 sp->lcp.echoid = ++sp->pp_seq; 4169 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4170 sp->lcp.echoid, 4, &nmagic); 4171 } 4172 } 4173 splx(s); 4174 NET_UNLOCK(); 4175 timeout_add_sec(&keepalive_ch, 10); 4176 } 4177 4178 /* 4179 * Get both IP addresses. 4180 */ 4181 void 4182 sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, 4183 u_int32_t *srcmask) 4184 { 4185 struct ifnet *ifp = &sp->pp_if; 4186 struct ifaddr *ifa; 4187 struct sockaddr_in *si, *sm = 0; 4188 u_int32_t ssrc, ddst; 4189 4190 sm = NULL; 4191 ssrc = ddst = 0; 4192 /* 4193 * Pick the first AF_INET address from the list, 4194 * aliases don't make any sense on a p2p link anyway. 4195 */ 4196 si = 0; 4197 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4198 { 4199 if (ifa->ifa_addr->sa_family == AF_INET) { 4200 si = (struct sockaddr_in *)ifa->ifa_addr; 4201 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4202 if (si) 4203 break; 4204 } 4205 } 4206 if (ifa) { 4207 if (si && si->sin_addr.s_addr) { 4208 ssrc = si->sin_addr.s_addr; 4209 if (srcmask) 4210 *srcmask = ntohl(sm->sin_addr.s_addr); 4211 } 4212 4213 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4214 if (si && si->sin_addr.s_addr) 4215 ddst = si->sin_addr.s_addr; 4216 } 4217 4218 if (dst) *dst = ntohl(ddst); 4219 if (src) *src = ntohl(ssrc); 4220 } 4221 4222 int 4223 sppp_update_gw_walker(struct rtentry *rt, void *arg, unsigned int id) 4224 { 4225 struct ifnet *ifp = arg; 4226 4227 if (rt->rt_ifidx == ifp->if_index) { 4228 if (rt->rt_ifa->ifa_dstaddr->sa_family != 4229 rt->rt_gateway->sa_family || 4230 !ISSET(rt->rt_flags, RTF_GATEWAY)) 4231 return (0); /* do not modify non-gateway routes */ 4232 rt_setgate(rt, rt->rt_ifa->ifa_dstaddr, ifp->if_rdomain); 4233 } 4234 return (0); 4235 } 4236 4237 void 4238 sppp_update_gw(struct ifnet *ifp) 4239 { 4240 u_int tid; 4241 4242 /* update routing table */ 4243 for (tid = 0; tid <= RT_TABLEID_MAX; tid++) { 4244 rtable_walk(tid, AF_INET, NULL, sppp_update_gw_walker, ifp); 4245 } 4246 } 4247 4248 /* 4249 * Task adding addresses from process context. 4250 * If an address is 0, leave it the way it is. 4251 */ 4252 void 4253 sppp_set_ip_addrs(void *arg1) 4254 { 4255 struct sppp *sp = arg1; 4256 u_int32_t myaddr; 4257 u_int32_t hisaddr; 4258 struct ifnet *ifp = &sp->pp_if; 4259 int debug = ifp->if_flags & IFF_DEBUG; 4260 struct ifaddr *ifa; 4261 struct sockaddr_in *si; 4262 struct sockaddr_in *dest; 4263 4264 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, NULL); 4265 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && 4266 (sp->ipcp.flags & IPCP_MYADDR_SEEN)) 4267 myaddr = sp->ipcp.req_myaddr; 4268 if ((sp->ipcp.flags & IPCP_HISADDR_DYN) && 4269 (sp->ipcp.flags & IPCP_HISADDR_SEEN)) 4270 hisaddr = sp->ipcp.req_hisaddr; 4271 4272 4273 NET_LOCK(); 4274 /* 4275 * Pick the first AF_INET address from the list, 4276 * aliases don't make any sense on a p2p link anyway. 4277 */ 4278 4279 si = 0; 4280 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4281 { 4282 if (ifa->ifa_addr->sa_family == AF_INET) 4283 { 4284 si = (struct sockaddr_in *)ifa->ifa_addr; 4285 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 4286 if (si) 4287 break; 4288 } 4289 } 4290 4291 if (ifa && si) { 4292 int error; 4293 struct sockaddr_in new_sin = *si; 4294 struct sockaddr_in new_dst = *dest; 4295 4296 in_ifscrub(ifp, ifatoia(ifa)); 4297 4298 if (myaddr != 0) 4299 new_sin.sin_addr.s_addr = htonl(myaddr); 4300 if (hisaddr != 0) { 4301 new_dst.sin_addr.s_addr = htonl(hisaddr); 4302 if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) { 4303 sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr; 4304 *dest = new_dst; /* fix dstaddr in place */ 4305 } 4306 } 4307 if (!(error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 0))) 4308 if_addrhooks_run(ifp); 4309 if (debug && error) { 4310 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addrs: in_ifinit " 4311 " failed, error=%d\n", SPP_ARGS(ifp), error); 4312 goto out; 4313 } 4314 sppp_update_gw(ifp); 4315 sppp_update_dns(ifp); 4316 } 4317 out: 4318 NET_UNLOCK(); 4319 } 4320 4321 /* 4322 * Task clearing addresses from process context. 4323 * Clear IP addresses. 4324 */ 4325 void 4326 sppp_clear_ip_addrs(void *arg1) 4327 { 4328 struct sppp *sp = (struct sppp *)arg1; 4329 struct ifnet *ifp = &sp->pp_if; 4330 int debug = ifp->if_flags & IFF_DEBUG; 4331 struct ifaddr *ifa; 4332 struct sockaddr_in *si; 4333 struct sockaddr_in *dest; 4334 u_int32_t remote; 4335 4336 NET_LOCK(); 4337 4338 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 4339 remote = sp->ipcp.saved_hisaddr; 4340 else 4341 sppp_get_ip_addrs(sp, 0, &remote, 0); 4342 4343 /* 4344 * Pick the first AF_INET address from the list, 4345 * aliases don't make any sense on a p2p link anyway. 4346 */ 4347 4348 si = 0; 4349 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 4350 if (ifa->ifa_addr->sa_family == AF_INET) { 4351 si = (struct sockaddr_in *)ifa->ifa_addr; 4352 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 4353 if (si) 4354 break; 4355 } 4356 } 4357 4358 if (ifa && si) { 4359 int error; 4360 struct sockaddr_in new_sin = *si; 4361 4362 in_ifscrub(ifp, ifatoia(ifa)); 4363 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 4364 new_sin.sin_addr.s_addr = 0; 4365 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 4366 /* replace peer addr in place */ 4367 dest->sin_addr.s_addr = sp->ipcp.saved_hisaddr; 4368 if (!(error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 0))) 4369 if_addrhooks_run(ifp); 4370 if (debug && error) { 4371 log(LOG_DEBUG, SPP_FMT "sppp_clear_ip_addrs: in_ifinit " 4372 " failed, error=%d\n", SPP_ARGS(ifp), error); 4373 goto out; 4374 } 4375 sppp_update_gw(ifp); 4376 4377 memset(sp->ipcp.dns, 0, sizeof(sp->ipcp.dns)); 4378 sppp_update_dns(ifp); 4379 } 4380 out: 4381 NET_UNLOCK(); 4382 } 4383 4384 4385 #ifdef INET6 4386 /* 4387 * Get both IPv6 addresses. 4388 */ 4389 void 4390 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4391 struct in6_addr *srcmask) 4392 { 4393 struct ifnet *ifp = &sp->pp_if; 4394 struct in6_ifaddr *ia6; 4395 struct in6_addr ssrc, ddst; 4396 4397 bzero(&ssrc, sizeof(ssrc)); 4398 bzero(&ddst, sizeof(ddst)); 4399 /* 4400 * Pick the first link-local AF_INET6 address from the list, 4401 * aliases don't make any sense on a p2p link anyway. 4402 */ 4403 ia6 = in6ifa_ifpforlinklocal(ifp, 0); 4404 if (ia6) { 4405 if (!IN6_IS_ADDR_UNSPECIFIED(&ia6->ia_addr.sin6_addr)) { 4406 bcopy(&ia6->ia_addr.sin6_addr, &ssrc, sizeof(ssrc)); 4407 if (srcmask) { 4408 bcopy(&ia6->ia_prefixmask.sin6_addr, srcmask, 4409 sizeof(*srcmask)); 4410 } 4411 } 4412 4413 if (!IN6_IS_ADDR_UNSPECIFIED(&ia6->ia_dstaddr.sin6_addr)) 4414 bcopy(&ia6->ia_dstaddr.sin6_addr, &ddst, sizeof(ddst)); 4415 } 4416 4417 if (dst) 4418 bcopy(&ddst, dst, sizeof(*dst)); 4419 if (src) 4420 bcopy(&ssrc, src, sizeof(*src)); 4421 } 4422 4423 /* Task to update my IPv6 address from process context. */ 4424 void 4425 sppp_update_ip6_addr(void *arg) 4426 { 4427 struct sppp *sp = arg; 4428 struct ifnet *ifp = &sp->pp_if; 4429 struct in6_aliasreq *ifra = &sp->ipv6cp.req_ifid; 4430 struct in6_ifaddr *ia6; 4431 int error; 4432 4433 NET_LOCK(); 4434 4435 ia6 = in6ifa_ifpforlinklocal(ifp, 0); 4436 if (ia6 == NULL) { 4437 /* IPv6 disabled? */ 4438 goto out; 4439 } 4440 4441 /* 4442 * Changing the link-local address requires purging all 4443 * existing addresses and routes for the interface first. 4444 */ 4445 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 4446 in6_ifdetach(ifp); 4447 error = in6_ifattach_linklocal(ifp, &ifra->ifra_addr.sin6_addr); 4448 if (error) 4449 log(LOG_ERR, SPP_FMT 4450 "could not update IPv6 address (error %d)\n", 4451 SPP_ARGS(ifp), error); 4452 goto out; 4453 } 4454 4455 /* 4456 * Code below changes address parameters only, not the address itself. 4457 */ 4458 4459 /* Destination address can only be set for /128. */ 4460 if (memcmp(&ia6->ia_prefixmask.sin6_addr, &in6mask128, 4461 sizeof(in6mask128)) != 0) { 4462 ifra->ifra_dstaddr.sin6_len = 0; 4463 ifra->ifra_dstaddr.sin6_family = AF_UNSPEC; 4464 } 4465 4466 ifra->ifra_lifetime = ia6->ia6_lifetime; 4467 4468 error = in6_update_ifa(ifp, ifra, ia6); 4469 if (error) { 4470 log(LOG_ERR, SPP_FMT 4471 "could not update IPv6 address (error %d)\n", 4472 SPP_ARGS(ifp), error); 4473 } 4474 out: 4475 NET_UNLOCK(); 4476 } 4477 4478 /* 4479 * Configure my link-local address. 4480 */ 4481 void 4482 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src, 4483 const struct in6_addr *dst) 4484 { 4485 struct ifnet *ifp = &sp->pp_if; 4486 struct in6_aliasreq *ifra = &sp->ipv6cp.req_ifid; 4487 4488 bzero(ifra, sizeof(*ifra)); 4489 bcopy(ifp->if_xname, ifra->ifra_name, sizeof(ifra->ifra_name)); 4490 4491 ifra->ifra_addr.sin6_len = sizeof(struct sockaddr_in6); 4492 ifra->ifra_addr.sin6_family = AF_INET6; 4493 ifra->ifra_addr.sin6_addr = *src; 4494 if (dst) { 4495 ifra->ifra_dstaddr.sin6_len = sizeof(struct sockaddr_in6); 4496 ifra->ifra_dstaddr.sin6_family = AF_INET6; 4497 ifra->ifra_dstaddr.sin6_addr = *dst; 4498 } else 4499 ifra->ifra_dstaddr.sin6_family = AF_UNSPEC; 4500 4501 /* 4502 * Don't change the existing prefixlen. 4503 * It is common to use a /64 for IPv6 over point-to-point links 4504 * to allow e.g. neighbour discovery and autoconf to work. 4505 * But it is legal to use other values. 4506 */ 4507 ifra->ifra_prefixmask.sin6_family = AF_UNSPEC; 4508 4509 task_add(systq, &sp->ipv6cp.set_addr_task); 4510 } 4511 4512 /* 4513 * Generate an address that differs from our existing address. 4514 */ 4515 void 4516 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 4517 { 4518 struct in6_addr myaddr; 4519 u_int32_t random; 4520 4521 sppp_get_ip6_addrs(sp, &myaddr, NULL, NULL); 4522 4523 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 4524 4525 random = arc4random(); 4526 if ((random & 0xff) == 0 && (random & 0xff00) == 0) { 4527 myaddr.s6_addr[14] ^= 0xff; 4528 myaddr.s6_addr[15] ^= 0xff; 4529 } else { 4530 myaddr.s6_addr[14] ^= (random & 0xff); 4531 myaddr.s6_addr[15] ^= ((random & 0xff00) >> 8); 4532 } 4533 myaddr.s6_addr16[1] = 0; /* KAME hack: clear ifindex */ 4534 bcopy(&myaddr, suggest, sizeof(myaddr)); 4535 } 4536 #endif /*INET6*/ 4537 4538 int 4539 sppp_get_params(struct sppp *sp, struct ifreq *ifr) 4540 { 4541 int cmd; 4542 4543 if (copyin((caddr_t)ifr->ifr_data, &cmd, sizeof cmd) != 0) 4544 return EFAULT; 4545 4546 switch (cmd) { 4547 case SPPPIOGDEFS: 4548 { 4549 struct spppreq *spr; 4550 4551 spr = malloc(sizeof(*spr), M_DEVBUF, M_WAITOK); 4552 spr->cmd = cmd; 4553 spr->phase = sp->pp_phase; 4554 4555 if (copyout(spr, (caddr_t)ifr->ifr_data, sizeof(*spr)) != 0) { 4556 free(spr, M_DEVBUF, sizeof(*spr)); 4557 return EFAULT; 4558 } 4559 free(spr, M_DEVBUF, sizeof(*spr)); 4560 break; 4561 } 4562 case SPPPIOGMAUTH: 4563 case SPPPIOGHAUTH: 4564 { 4565 struct sauthreq *spa; 4566 struct sauth *auth; 4567 4568 spa = malloc(sizeof(*spa), M_DEVBUF, M_WAITOK); 4569 auth = (cmd == SPPPIOGMAUTH) ? &sp->myauth : &sp->hisauth; 4570 bzero(spa, sizeof(*spa)); 4571 spa->proto = auth->proto; 4572 spa->flags = auth->flags; 4573 4574 /* do not copy the secret, and only let root know the name */ 4575 if (auth->name != NULL && suser(curproc) == 0) 4576 strlcpy(spa->name, auth->name, sizeof(spa->name)); 4577 4578 if (copyout(spa, (caddr_t)ifr->ifr_data, sizeof(*spa)) != 0) { 4579 free(spa, M_DEVBUF, sizeof(*spa)); 4580 return EFAULT; 4581 } 4582 free(spa, M_DEVBUF, sizeof(*spa)); 4583 break; 4584 } 4585 case SPPPIOGDNS: 4586 { 4587 struct sdnsreq *spd; 4588 4589 spd = malloc(sizeof(*spd), M_DEVBUF, M_WAITOK); 4590 4591 spd->cmd = cmd; 4592 memcpy(spd->dns, sp->ipcp.dns, sizeof(spd->dns)); 4593 4594 if (copyout(spd, (caddr_t)ifr->ifr_data, sizeof(*spd)) != 0) { 4595 free(spd, M_DEVBUF, 0); 4596 return EFAULT; 4597 } 4598 4599 free(spd, M_DEVBUF, sizeof(*spd)); 4600 break; 4601 } 4602 default: 4603 return EINVAL; 4604 } 4605 4606 return 0; 4607 } 4608 4609 4610 int 4611 sppp_set_params(struct sppp *sp, struct ifreq *ifr) 4612 { 4613 int cmd; 4614 4615 if (copyin((caddr_t)ifr->ifr_data, &cmd, sizeof cmd) != 0) 4616 return EFAULT; 4617 4618 switch (cmd) { 4619 case SPPPIOSDEFS: 4620 { 4621 struct spppreq *spr; 4622 4623 spr = malloc(sizeof(*spr), M_DEVBUF, M_WAITOK); 4624 4625 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(*spr)) != 0) { 4626 free(spr, M_DEVBUF, sizeof(*spr)); 4627 return EFAULT; 4628 } 4629 /* 4630 * Also, we only allow for authentication parameters to be 4631 * specified. 4632 * 4633 * XXX Should allow to set or clear pp_flags. 4634 */ 4635 free(spr, M_DEVBUF, sizeof(*spr)); 4636 break; 4637 } 4638 case SPPPIOSMAUTH: 4639 case SPPPIOSHAUTH: 4640 { 4641 /* 4642 * Finally, if the respective authentication protocol to 4643 * be used is set differently than 0, but the secret is 4644 * passed as all zeros, we don't trash the existing secret. 4645 * This allows an administrator to change the system name 4646 * only without clobbering the secret (which he didn't get 4647 * back in a previous SPPPIOGXAUTH call). However, the 4648 * secrets are cleared if the authentication protocol is 4649 * reset to 0. 4650 */ 4651 4652 struct sauthreq *spa; 4653 struct sauth *auth; 4654 char *p; 4655 int len; 4656 4657 spa = malloc(sizeof(*spa), M_DEVBUF, M_WAITOK); 4658 4659 auth = (cmd == SPPPIOSMAUTH) ? &sp->myauth : &sp->hisauth; 4660 4661 if (copyin((caddr_t)ifr->ifr_data, spa, sizeof(*spa)) != 0) { 4662 free(spa, M_DEVBUF, sizeof(*spa)); 4663 return EFAULT; 4664 } 4665 4666 if (spa->proto != 0 && spa->proto != PPP_PAP && 4667 spa->proto != PPP_CHAP) { 4668 free(spa, M_DEVBUF, sizeof(*spa)); 4669 return EINVAL; 4670 } 4671 4672 if (spa->proto == 0) { 4673 /* resetting auth */ 4674 if (auth->name != NULL) 4675 free(auth->name, M_DEVBUF, 4676 strlen(auth->name) + 1); 4677 if (auth->secret != NULL) 4678 free(auth->secret, M_DEVBUF, 4679 strlen(auth->secret) + 1); 4680 bzero(auth, sizeof *auth); 4681 explicit_bzero(sp->chap_challenge, sizeof sp->chap_challenge); 4682 } else { 4683 /* setting/changing auth */ 4684 auth->proto = spa->proto; 4685 auth->flags = spa->flags; 4686 4687 spa->name[AUTHMAXLEN - 1] = '\0'; 4688 len = strlen(spa->name) + 1; 4689 p = malloc(len, M_DEVBUF, M_WAITOK); 4690 strlcpy(p, spa->name, len); 4691 if (auth->name != NULL) 4692 free(auth->name, M_DEVBUF, 4693 strlen(auth->name) + 1); 4694 auth->name = p; 4695 4696 if (spa->secret[0] != '\0') { 4697 spa->secret[AUTHMAXLEN - 1] = '\0'; 4698 len = strlen(spa->secret) + 1; 4699 p = malloc(len, M_DEVBUF, M_WAITOK); 4700 strlcpy(p, spa->secret, len); 4701 if (auth->secret != NULL) 4702 free(auth->secret, M_DEVBUF, 4703 strlen(auth->secret) + 1); 4704 auth->secret = p; 4705 } else if (!auth->secret) { 4706 p = malloc(1, M_DEVBUF, M_WAITOK); 4707 p[0] = '\0'; 4708 auth->secret = p; 4709 } 4710 } 4711 free(spa, M_DEVBUF, sizeof(*spa)); 4712 break; 4713 } 4714 default: 4715 return EINVAL; 4716 } 4717 4718 return (ENETRESET); 4719 } 4720 4721 void 4722 sppp_phase_network(struct sppp *sp) 4723 { 4724 int i; 4725 u_long mask; 4726 4727 sp->pp_phase = PHASE_NETWORK; 4728 4729 sppp_set_phase(sp); 4730 4731 /* Notify NCPs now. */ 4732 for (i = 0; i < IDX_COUNT; i++) 4733 if ((cps[i])->flags & CP_NCP) 4734 (cps[i])->Open(sp); 4735 4736 /* Send Up events to all NCPs. */ 4737 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 4738 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP)) 4739 (cps[i])->Up(sp); 4740 4741 /* if no NCP is starting, all this was in vain, close down */ 4742 sppp_lcp_check_and_close(sp); 4743 } 4744 4745 4746 const char * 4747 sppp_cp_type_name(u_char type) 4748 { 4749 static char buf[12]; 4750 switch (type) { 4751 case CONF_REQ: return "conf-req"; 4752 case CONF_ACK: return "conf-ack"; 4753 case CONF_NAK: return "conf-nak"; 4754 case CONF_REJ: return "conf-rej"; 4755 case TERM_REQ: return "term-req"; 4756 case TERM_ACK: return "term-ack"; 4757 case CODE_REJ: return "code-rej"; 4758 case PROTO_REJ: return "proto-rej"; 4759 case ECHO_REQ: return "echo-req"; 4760 case ECHO_REPLY: return "echo-reply"; 4761 case DISC_REQ: return "discard-req"; 4762 } 4763 snprintf (buf, sizeof buf, "0x%x", type); 4764 return buf; 4765 } 4766 4767 const char * 4768 sppp_auth_type_name(u_short proto, u_char type) 4769 { 4770 static char buf[12]; 4771 switch (proto) { 4772 case PPP_CHAP: 4773 switch (type) { 4774 case CHAP_CHALLENGE: return "challenge"; 4775 case CHAP_RESPONSE: return "response"; 4776 case CHAP_SUCCESS: return "success"; 4777 case CHAP_FAILURE: return "failure"; 4778 } 4779 case PPP_PAP: 4780 switch (type) { 4781 case PAP_REQ: return "req"; 4782 case PAP_ACK: return "ack"; 4783 case PAP_NAK: return "nak"; 4784 } 4785 } 4786 snprintf (buf, sizeof buf, "0x%x", type); 4787 return buf; 4788 } 4789 4790 const char * 4791 sppp_lcp_opt_name(u_char opt) 4792 { 4793 static char buf[12]; 4794 switch (opt) { 4795 case LCP_OPT_MRU: return "mru"; 4796 case LCP_OPT_ASYNC_MAP: return "async-map"; 4797 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 4798 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 4799 case LCP_OPT_MAGIC: return "magic"; 4800 case LCP_OPT_PROTO_COMP: return "proto-comp"; 4801 case LCP_OPT_ADDR_COMP: return "addr-comp"; 4802 } 4803 snprintf (buf, sizeof buf, "0x%x", opt); 4804 return buf; 4805 } 4806 4807 const char * 4808 sppp_ipcp_opt_name(u_char opt) 4809 { 4810 static char buf[12]; 4811 switch (opt) { 4812 case IPCP_OPT_ADDRESSES: return "addresses"; 4813 case IPCP_OPT_COMPRESSION: return "compression"; 4814 case IPCP_OPT_ADDRESS: return "address"; 4815 case IPCP_OPT_PRIMDNS: return "primdns"; 4816 case IPCP_OPT_SECDNS: return "secdns"; 4817 } 4818 snprintf (buf, sizeof buf, "0x%x", opt); 4819 return buf; 4820 } 4821 4822 #ifdef INET6 4823 const char * 4824 sppp_ipv6cp_opt_name(u_char opt) 4825 { 4826 static char buf[12]; 4827 switch (opt) { 4828 case IPV6CP_OPT_IFID: return "ifid"; 4829 case IPV6CP_OPT_COMPRESSION: return "compression"; 4830 } 4831 snprintf (buf, sizeof buf, "0x%x", opt); 4832 return buf; 4833 } 4834 #endif 4835 4836 const char * 4837 sppp_state_name(int state) 4838 { 4839 switch (state) { 4840 case STATE_INITIAL: return "initial"; 4841 case STATE_STARTING: return "starting"; 4842 case STATE_CLOSED: return "closed"; 4843 case STATE_STOPPED: return "stopped"; 4844 case STATE_CLOSING: return "closing"; 4845 case STATE_STOPPING: return "stopping"; 4846 case STATE_REQ_SENT: return "req-sent"; 4847 case STATE_ACK_RCVD: return "ack-rcvd"; 4848 case STATE_ACK_SENT: return "ack-sent"; 4849 case STATE_OPENED: return "opened"; 4850 } 4851 return "illegal"; 4852 } 4853 4854 const char * 4855 sppp_phase_name(enum ppp_phase phase) 4856 { 4857 switch (phase) { 4858 case PHASE_DEAD: return "dead"; 4859 case PHASE_ESTABLISH: return "establish"; 4860 case PHASE_TERMINATE: return "terminate"; 4861 case PHASE_AUTHENTICATE: return "authenticate"; 4862 case PHASE_NETWORK: return "network"; 4863 } 4864 return "illegal"; 4865 } 4866 4867 const char * 4868 sppp_proto_name(u_short proto) 4869 { 4870 static char buf[12]; 4871 switch (proto) { 4872 case PPP_LCP: return "lcp"; 4873 case PPP_IPCP: return "ipcp"; 4874 case PPP_IPV6CP: return "ipv6cp"; 4875 case PPP_PAP: return "pap"; 4876 case PPP_CHAP: return "chap"; 4877 } 4878 snprintf(buf, sizeof buf, "0x%x", (unsigned)proto); 4879 return buf; 4880 } 4881 4882 void 4883 sppp_print_bytes(const u_char *p, u_short len) 4884 { 4885 addlog(" %02x", *p++); 4886 while (--len > 0) 4887 addlog("-%02x", *p++); 4888 } 4889 4890 void 4891 sppp_print_string(const char *p, u_short len) 4892 { 4893 u_char c; 4894 4895 while (len-- > 0) { 4896 c = *p++; 4897 /* 4898 * Print only ASCII chars directly. RFC 1994 recommends 4899 * using only them, but we don't rely on it. */ 4900 if (c < ' ' || c > '~') 4901 addlog("\\x%x", c); 4902 else 4903 addlog("%c", c); 4904 } 4905 } 4906 4907 const char * 4908 sppp_dotted_quad(u_int32_t addr) 4909 { 4910 static char s[16]; 4911 snprintf(s, sizeof s, "%d.%d.%d.%d", 4912 (int)((addr >> 24) & 0xff), 4913 (int)((addr >> 16) & 0xff), 4914 (int)((addr >> 8) & 0xff), 4915 (int)(addr & 0xff)); 4916 return s; 4917 } 4918 4919 /* a dummy, used to drop uninteresting events */ 4920 void 4921 sppp_null(struct sppp *unused) 4922 { 4923 /* do just nothing */ 4924 } 4925 4926 void 4927 sppp_set_phase(struct sppp *sp) 4928 { 4929 STDDCL; 4930 int lstate; 4931 4932 if (debug) 4933 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 4934 sppp_phase_name(sp->pp_phase)); 4935 4936 /* set link state */ 4937 if (sp->pp_phase == PHASE_NETWORK) 4938 lstate = LINK_STATE_UP; 4939 else 4940 lstate = LINK_STATE_DOWN; 4941 4942 if (ifp->if_link_state != lstate) { 4943 ifp->if_link_state = lstate; 4944 if_link_state_change(ifp); 4945 } 4946 } 4947 4948 void 4949 sppp_update_dns(struct ifnet *ifp) 4950 { 4951 struct rt_addrinfo info; 4952 struct sockaddr_rtdns rtdns; 4953 struct sppp *sp = ifp->if_softc; 4954 size_t sz = 0; 4955 int i, flag = 0; 4956 4957 memset(&rtdns, 0, sizeof(rtdns)); 4958 memset(&info, 0, sizeof(info)); 4959 4960 for (i = 0; i < IPCP_MAX_DNSSRV; i++) { 4961 if (sp->ipcp.dns[i].s_addr == INADDR_ANY) 4962 break; 4963 sz = sizeof(sp->ipcp.dns[i]); 4964 memcpy(rtdns.sr_dns + i * sz, &sp->ipcp.dns[i].s_addr, sz); 4965 flag = RTF_UP; 4966 } 4967 4968 rtdns.sr_family = AF_INET; 4969 rtdns.sr_len = 2 + i * sz; 4970 info.rti_info[RTAX_DNS] = srtdnstosa(&rtdns); 4971 4972 rtm_proposal(ifp, &info, flag, RTP_PROPOSAL_PPP); 4973 } 4974 4975 void 4976 sppp_rtrequest(struct ifnet *ifp, int req, struct rtentry *rt) 4977 { 4978 if (req == RTM_PROPOSAL) { 4979 KERNEL_LOCK(); 4980 sppp_update_dns(ifp); 4981 KERNEL_UNLOCK(); 4982 return; 4983 } 4984 4985 p2p_rtrequest(ifp, req, rt); 4986 } 4987