1 /* $NetBSD: if_spppsubr.c,v 1.63 2003/01/28 15:36:38 tron Exp $ */ 2 3 /* 4 * Synchronous PPP/Cisco link level subroutines. 5 * Keepalive protocol implemented in both Cisco and PPP modes. 6 * 7 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 8 * Author: Serge Vakulenko, <vak@cronyx.ru> 9 * 10 * Heavily revamped to conform to RFC 1661. 11 * Copyright (C) 1997, Joerg Wunsch. 12 * 13 * RFC2472 IPv6CP support. 14 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun@iijlab.net>. 15 * 16 * Redistribution and use in source and binary forms, with or without 17 * modification, are permitted provided that the following conditions are met: 18 * 1. Redistributions of source code must retain the above copyright notice, 19 * this list of conditions and the following disclaimer. 20 * 2. Redistributions in binary form must reproduce the above copyright notice, 21 * this list of conditions and the following disclaimer in the documentation 22 * and/or other materials provided with the distribution. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY 25 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE 28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 32 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 34 * POSSIBILITY OF SUCH DAMAGE. 35 * 36 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 37 * 38 * From: if_spppsubr.c,v 1.39 1998/04/04 13:26:03 phk Exp 39 * 40 * From: Id: if_spppsubr.c,v 1.23 1999/02/23 14:47:50 hm Exp 41 */ 42 43 #include <sys/cdefs.h> 44 __KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.63 2003/01/28 15:36:38 tron Exp $"); 45 46 #include "opt_inet.h" 47 #include "opt_ipx.h" 48 #include "opt_iso.h" 49 #include "opt_ns.h" 50 51 #include <sys/param.h> 52 #include <sys/proc.h> 53 #include <sys/systm.h> 54 #include <sys/kernel.h> 55 #include <sys/sockio.h> 56 #include <sys/socket.h> 57 #include <sys/syslog.h> 58 #include <sys/malloc.h> 59 #include <sys/mbuf.h> 60 #include <sys/callout.h> 61 #include <sys/md5.h> 62 #include <sys/inttypes.h> 63 64 #include <net/if.h> 65 #include <net/netisr.h> 66 #include <net/if_types.h> 67 #include <net/route.h> 68 #include <net/ppp_defs.h> 69 70 #include <machine/stdarg.h> 71 72 #include <netinet/in.h> 73 #include <netinet/in_systm.h> 74 #include <netinet/in_var.h> 75 #ifdef INET 76 #include <netinet/ip.h> 77 #include <netinet/tcp.h> 78 #endif 79 #include <net/ethertypes.h> 80 81 #ifdef IPX 82 #include <netipx/ipx.h> 83 #include <netipx/ipx_if.h> 84 #endif 85 86 #ifdef NS 87 #include <netns/ns.h> 88 #include <netns/ns_if.h> 89 #endif 90 91 #ifdef ISO 92 #include <netiso/argo_debug.h> 93 #include <netiso/iso.h> 94 #include <netiso/iso_var.h> 95 #include <netiso/iso_snpac.h> 96 #endif 97 98 #include <net/if_sppp.h> 99 #include <net/if_spppvar.h> 100 101 #define LCP_KEEPALIVE_INTERVAL 10 /* seconds */ 102 #define MAXALIVECNT 3 /* max. missed alive packets */ 103 #define DEFAULT_MAX_AUTH_FAILURES 5 /* max. auth. failures */ 104 105 /* 106 * Interface flags that can be set in an ifconfig command. 107 * 108 * Setting link0 will make the link passive, i.e. it will be marked 109 * as being administrative openable, but won't be opened to begin 110 * with. Incoming calls will be answered, or subsequent calls with 111 * -link1 will cause the administrative open of the LCP layer. 112 * 113 * Setting link1 will cause the link to auto-dial only as packets 114 * arrive to be sent. 115 * 116 * Setting IFF_DEBUG will syslog the option negotiation and state 117 * transitions at level kern.debug. Note: all logs consistently look 118 * like 119 * 120 * <if-name><unit>: <proto-name> <additional info...> 121 * 122 * with <if-name><unit> being something like "bppp0", and <proto-name> 123 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 124 */ 125 126 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 127 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 128 129 #define CONF_REQ 1 /* PPP configure request */ 130 #define CONF_ACK 2 /* PPP configure acknowledge */ 131 #define CONF_NAK 3 /* PPP configure negative ack */ 132 #define CONF_REJ 4 /* PPP configure reject */ 133 #define TERM_REQ 5 /* PPP terminate request */ 134 #define TERM_ACK 6 /* PPP terminate acknowledge */ 135 #define CODE_REJ 7 /* PPP code reject */ 136 #define PROTO_REJ 8 /* PPP protocol reject */ 137 #define ECHO_REQ 9 /* PPP echo request */ 138 #define ECHO_REPLY 10 /* PPP echo reply */ 139 #define DISC_REQ 11 /* PPP discard request */ 140 141 #define LCP_OPT_MRU 1 /* maximum receive unit */ 142 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 143 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 144 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 145 #define LCP_OPT_MAGIC 5 /* magic number */ 146 #define LCP_OPT_RESERVED 6 /* reserved */ 147 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 148 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 149 150 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 151 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol */ 152 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 153 #define IPCP_OPT_PRIMDNS 129 /* primary remote dns address */ 154 #define IPCP_OPT_SECDNS 131 /* secondary remote dns address */ 155 156 #define IPV6CP_OPT_IFID 1 /* interface identifier */ 157 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 158 159 #define PAP_REQ 1 /* PAP name/password request */ 160 #define PAP_ACK 2 /* PAP acknowledge */ 161 #define PAP_NAK 3 /* PAP fail */ 162 163 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 164 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 165 #define CHAP_SUCCESS 3 /* CHAP response ok */ 166 #define CHAP_FAILURE 4 /* CHAP response failed */ 167 168 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 169 170 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 171 #define CISCO_UNICAST 0x0f /* Cisco unicast address */ 172 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 173 #define CISCO_ADDR_REQ 0 /* Cisco address request */ 174 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 175 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 176 177 /* states are named and numbered according to RFC 1661 */ 178 #define STATE_INITIAL 0 179 #define STATE_STARTING 1 180 #define STATE_CLOSED 2 181 #define STATE_STOPPED 3 182 #define STATE_CLOSING 4 183 #define STATE_STOPPING 5 184 #define STATE_REQ_SENT 6 185 #define STATE_ACK_RCVD 7 186 #define STATE_ACK_SENT 8 187 #define STATE_OPENED 9 188 189 struct ppp_header { 190 u_char address; 191 u_char control; 192 u_short protocol; 193 } __attribute__((__packed__)); 194 #define PPP_HEADER_LEN sizeof (struct ppp_header) 195 196 struct lcp_header { 197 u_char type; 198 u_char ident; 199 u_short len; 200 } __attribute__((__packed__)); 201 #define LCP_HEADER_LEN sizeof (struct lcp_header) 202 203 struct cisco_packet { 204 u_int32_t type; 205 u_int32_t par1; 206 u_int32_t par2; 207 u_short rel; 208 u_short time0; 209 u_short time1; 210 } __attribute__((__packed__)); 211 #define CISCO_PACKET_LEN 18 212 213 /* 214 * We follow the spelling and capitalization of RFC 1661 here, to make 215 * it easier comparing with the standard. Please refer to this RFC in 216 * case you can't make sense out of these abbreviation; it will also 217 * explain the semantics related to the various events and actions. 218 */ 219 struct cp { 220 u_short proto; /* PPP control protocol number */ 221 u_char protoidx; /* index into state table in struct sppp */ 222 u_char flags; 223 #define CP_LCP 0x01 /* this is the LCP */ 224 #define CP_AUTH 0x02 /* this is an authentication protocol */ 225 #define CP_NCP 0x04 /* this is a NCP */ 226 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 227 const char *name; /* name of this control protocol */ 228 /* event handlers */ 229 void (*Up)(struct sppp *sp); 230 void (*Down)(struct sppp *sp); 231 void (*Open)(struct sppp *sp); 232 void (*Close)(struct sppp *sp); 233 void (*TO)(void *sp); 234 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 235 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 236 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 237 /* actions */ 238 void (*tlu)(struct sppp *sp); 239 void (*tld)(struct sppp *sp); 240 void (*tls)(struct sppp *sp); 241 void (*tlf)(struct sppp *sp); 242 void (*scr)(struct sppp *sp); 243 }; 244 245 static struct sppp *spppq; 246 static struct callout keepalive_ch; 247 248 #ifdef __FreeBSD__ 249 #define SPP_FMT "%s%d: " 250 #define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 251 #else 252 #define SPP_FMT "%s: " 253 #define SPP_ARGS(ifp) (ifp)->if_xname 254 #endif 255 256 #ifdef INET 257 /* 258 * The following disgusting hack gets around the problem that IP TOS 259 * can't be set yet. We want to put "interactive" traffic on a high 260 * priority queue. To decide if traffic is interactive, we check that 261 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 262 * 263 * XXX is this really still necessary? - joerg - 264 */ 265 static u_short interactive_ports[8] = { 266 0, 513, 0, 0, 267 0, 21, 0, 23, 268 }; 269 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 270 #endif 271 272 /* almost every function needs these */ 273 #define STDDCL \ 274 struct ifnet *ifp = &sp->pp_if; \ 275 int debug = ifp->if_flags & IFF_DEBUG 276 277 static int sppp_output(struct ifnet *ifp, struct mbuf *m, 278 struct sockaddr *dst, struct rtentry *rt); 279 280 static void sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2); 281 static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 282 283 static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 284 struct mbuf *m); 285 static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 286 u_char ident, u_short len, void *data); 287 /* static void sppp_cp_timeout(void *arg); */ 288 static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 289 int newstate); 290 static void sppp_auth_send(const struct cp *cp, 291 struct sppp *sp, unsigned int type, unsigned int id, 292 ...); 293 294 static void sppp_up_event(const struct cp *cp, struct sppp *sp); 295 static void sppp_down_event(const struct cp *cp, struct sppp *sp); 296 static void sppp_open_event(const struct cp *cp, struct sppp *sp); 297 static void sppp_close_event(const struct cp *cp, struct sppp *sp); 298 static void sppp_to_event(const struct cp *cp, struct sppp *sp); 299 300 static void sppp_null(struct sppp *sp); 301 302 static void sppp_lcp_init(struct sppp *sp); 303 static void sppp_lcp_up(struct sppp *sp); 304 static void sppp_lcp_down(struct sppp *sp); 305 static void sppp_lcp_open(struct sppp *sp); 306 static void sppp_lcp_close(struct sppp *sp); 307 static void sppp_lcp_TO(void *sp); 308 static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 309 static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 310 static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 311 static void sppp_lcp_tlu(struct sppp *sp); 312 static void sppp_lcp_tld(struct sppp *sp); 313 static void sppp_lcp_tls(struct sppp *sp); 314 static void sppp_lcp_tlf(struct sppp *sp); 315 static void sppp_lcp_scr(struct sppp *sp); 316 static void sppp_lcp_check_and_close(struct sppp *sp); 317 static int sppp_ncp_check(struct sppp *sp); 318 319 static void sppp_ipcp_init(struct sppp *sp); 320 static void sppp_ipcp_up(struct sppp *sp); 321 static void sppp_ipcp_down(struct sppp *sp); 322 static void sppp_ipcp_open(struct sppp *sp); 323 static void sppp_ipcp_close(struct sppp *sp); 324 static void sppp_ipcp_TO(void *sp); 325 static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 326 static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 327 static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 328 static void sppp_ipcp_tlu(struct sppp *sp); 329 static void sppp_ipcp_tld(struct sppp *sp); 330 static void sppp_ipcp_tls(struct sppp *sp); 331 static void sppp_ipcp_tlf(struct sppp *sp); 332 static void sppp_ipcp_scr(struct sppp *sp); 333 334 static void sppp_ipv6cp_init(struct sppp *sp); 335 static void sppp_ipv6cp_up(struct sppp *sp); 336 static void sppp_ipv6cp_down(struct sppp *sp); 337 static void sppp_ipv6cp_open(struct sppp *sp); 338 static void sppp_ipv6cp_close(struct sppp *sp); 339 static void sppp_ipv6cp_TO(void *sp); 340 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 341 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 342 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 343 static void sppp_ipv6cp_tlu(struct sppp *sp); 344 static void sppp_ipv6cp_tld(struct sppp *sp); 345 static void sppp_ipv6cp_tls(struct sppp *sp); 346 static void sppp_ipv6cp_tlf(struct sppp *sp); 347 static void sppp_ipv6cp_scr(struct sppp *sp); 348 349 static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 350 static void sppp_pap_init(struct sppp *sp); 351 static void sppp_pap_open(struct sppp *sp); 352 static void sppp_pap_close(struct sppp *sp); 353 static void sppp_pap_TO(void *sp); 354 static void sppp_pap_my_TO(void *sp); 355 static void sppp_pap_tlu(struct sppp *sp); 356 static void sppp_pap_tld(struct sppp *sp); 357 static void sppp_pap_scr(struct sppp *sp); 358 359 static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 360 static void sppp_chap_init(struct sppp *sp); 361 static void sppp_chap_open(struct sppp *sp); 362 static void sppp_chap_close(struct sppp *sp); 363 static void sppp_chap_TO(void *sp); 364 static void sppp_chap_tlu(struct sppp *sp); 365 static void sppp_chap_tld(struct sppp *sp); 366 static void sppp_chap_scr(struct sppp *sp); 367 368 static const char *sppp_auth_type_name(u_short proto, u_char type); 369 static const char *sppp_cp_type_name(u_char type); 370 static const char *sppp_dotted_quad(u_int32_t addr); 371 static const char *sppp_ipcp_opt_name(u_char opt); 372 #ifdef INET6 373 static const char *sppp_ipv6cp_opt_name(u_char opt); 374 #endif 375 static const char *sppp_lcp_opt_name(u_char opt); 376 static const char *sppp_phase_name(int phase); 377 static const char *sppp_proto_name(u_short proto); 378 static const char *sppp_state_name(int state); 379 static int sppp_params(struct sppp *sp, int cmd, void *data); 380 static void sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, 381 u_int32_t *srcmask); 382 static void sppp_keepalive(void *dummy); 383 static void sppp_phase_network(struct sppp *sp); 384 static void sppp_print_bytes(const u_char *p, u_short len); 385 static void sppp_print_string(const char *p, u_short len); 386 static void sppp_set_ip_addrs(struct sppp *sp, u_int32_t myaddr, u_int32_t hisaddr); 387 static void sppp_clear_ip_addrs(struct sppp *sp); 388 #ifdef INET6 389 static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 390 struct in6_addr *dst, struct in6_addr *srcmask); 391 #ifdef IPV6CP_MYIFID_DYN 392 static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 393 static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 394 #endif 395 static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 396 #endif 397 398 /* our control protocol descriptors */ 399 static const struct cp lcp = { 400 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 401 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 402 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 403 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 404 sppp_lcp_scr 405 }; 406 407 static const struct cp ipcp = { 408 PPP_IPCP, IDX_IPCP, 409 #ifdef INET 410 CP_NCP, /*don't run IPCP if there's no IPv4 support*/ 411 #else 412 0, 413 #endif 414 "ipcp", 415 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 416 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 417 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 418 sppp_ipcp_scr 419 }; 420 421 static const struct cp ipv6cp = { 422 PPP_IPV6CP, IDX_IPV6CP, 423 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 424 CP_NCP, 425 #else 426 0, 427 #endif 428 "ipv6cp", 429 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 430 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 431 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 432 sppp_ipv6cp_scr 433 }; 434 435 static const struct cp pap = { 436 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 437 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 438 sppp_pap_TO, 0, 0, 0, 439 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 440 sppp_pap_scr 441 }; 442 443 static const struct cp chap = { 444 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 445 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 446 sppp_chap_TO, 0, 0, 0, 447 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 448 sppp_chap_scr 449 }; 450 451 static const struct cp *cps[IDX_COUNT] = { 452 &lcp, /* IDX_LCP */ 453 &ipcp, /* IDX_IPCP */ 454 &ipv6cp, /* IDX_IPV6CP */ 455 &pap, /* IDX_PAP */ 456 &chap, /* IDX_CHAP */ 457 }; 458 459 460 /* 461 * Exported functions, comprising our interface to the lower layer. 462 */ 463 464 /* 465 * Process the received packet. 466 */ 467 void 468 sppp_input(struct ifnet *ifp, struct mbuf *m) 469 { 470 struct ppp_header *h = NULL; 471 struct ifqueue *inq = 0; 472 u_int16_t protocol; 473 int s; 474 struct sppp *sp = (struct sppp *)ifp; 475 int debug = ifp->if_flags & IFF_DEBUG; 476 477 if (ifp->if_flags & IFF_UP) 478 /* Count received bytes, add hardware framing */ 479 ifp->if_ibytes += m->m_pkthdr.len + sp->pp_framebytes; 480 481 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 482 /* Too small packet, drop it. */ 483 if (debug) 484 log(LOG_DEBUG, 485 SPP_FMT "input packet is too small, %d bytes\n", 486 SPP_ARGS(ifp), m->m_pkthdr.len); 487 drop: 488 ++ifp->if_ierrors; 489 ++ifp->if_iqdrops; 490 m_freem(m); 491 return; 492 } 493 494 if (sp->pp_flags & PP_NOFRAMING) { 495 memcpy(&protocol, mtod(m, void *), 2); 496 protocol = ntohs(protocol); 497 m_adj(m, 2); 498 } else { 499 500 /* Get PPP header. */ 501 h = mtod(m, struct ppp_header *); 502 m_adj(m, PPP_HEADER_LEN); 503 504 switch (h->address) { 505 case PPP_ALLSTATIONS: 506 if (h->control != PPP_UI) 507 goto invalid; 508 if (sp->pp_flags & PP_CISCO) { 509 if (debug) 510 log(LOG_DEBUG, 511 SPP_FMT "PPP packet in Cisco mode " 512 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 513 SPP_ARGS(ifp), 514 h->address, h->control, ntohs(h->protocol)); 515 goto drop; 516 } 517 break; 518 case CISCO_MULTICAST: 519 case CISCO_UNICAST: 520 /* Don't check the control field here (RFC 1547). */ 521 if (! (sp->pp_flags & PP_CISCO)) { 522 if (debug) 523 log(LOG_DEBUG, 524 SPP_FMT "Cisco packet in PPP mode " 525 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 526 SPP_ARGS(ifp), 527 h->address, h->control, ntohs(h->protocol)); 528 goto drop; 529 } 530 switch (ntohs(h->protocol)) { 531 default: 532 ++ifp->if_noproto; 533 goto invalid; 534 case CISCO_KEEPALIVE: 535 sppp_cisco_input((struct sppp *) ifp, m); 536 m_freem(m); 537 return; 538 #ifdef INET 539 case ETHERTYPE_IP: 540 schednetisr(NETISR_IP); 541 inq = &ipintrq; 542 break; 543 #endif 544 #ifdef INET6 545 case ETHERTYPE_IPV6: 546 schednetisr(NETISR_IPV6); 547 inq = &ip6intrq; 548 break; 549 #endif 550 #ifdef IPX 551 case ETHERTYPE_IPX: 552 schednetisr(NETISR_IPX); 553 inq = &ipxintrq; 554 break; 555 #endif 556 #ifdef NS 557 case ETHERTYPE_NS: 558 schednetisr(NETISR_NS); 559 inq = &nsintrq; 560 break; 561 #endif 562 } 563 goto queue_pkt; 564 default: /* Invalid PPP packet. */ 565 invalid: 566 if (debug) 567 log(LOG_DEBUG, 568 SPP_FMT "invalid input packet " 569 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 570 SPP_ARGS(ifp), 571 h->address, h->control, ntohs(h->protocol)); 572 goto drop; 573 } 574 protocol = ntohs(h->protocol); 575 } 576 577 switch (protocol) { 578 default: 579 if (sp->state[IDX_LCP] == STATE_OPENED) { 580 u_int16_t prot = htons(protocol); 581 sppp_cp_send(sp, PPP_LCP, PROTO_REJ, 582 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 583 &prot); 584 } 585 if (debug) 586 log(LOG_DEBUG, 587 SPP_FMT "invalid input protocol " 588 "<proto=0x%x>\n", SPP_ARGS(ifp), ntohs(protocol)); 589 ++ifp->if_noproto; 590 goto drop; 591 case PPP_LCP: 592 sppp_cp_input(&lcp, sp, m); 593 m_freem(m); 594 return; 595 case PPP_PAP: 596 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) 597 sppp_pap_input(sp, m); 598 m_freem(m); 599 return; 600 case PPP_CHAP: 601 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) 602 sppp_chap_input(sp, m); 603 m_freem(m); 604 return; 605 #ifdef INET 606 case PPP_IPCP: 607 if (sp->pp_phase == SPPP_PHASE_NETWORK) 608 sppp_cp_input(&ipcp, sp, m); 609 m_freem(m); 610 return; 611 case PPP_IP: 612 if (sp->state[IDX_IPCP] == STATE_OPENED) { 613 schednetisr(NETISR_IP); 614 inq = &ipintrq; 615 sp->pp_last_activity = mono_time.tv_sec; 616 } 617 break; 618 #endif 619 #ifdef INET6 620 case PPP_IPV6CP: 621 if (sp->pp_phase == SPPP_PHASE_NETWORK) 622 sppp_cp_input(&ipv6cp, sp, m); 623 m_freem(m); 624 return; 625 626 case PPP_IPV6: 627 if (sp->state[IDX_IPV6CP] == STATE_OPENED) { 628 schednetisr(NETISR_IPV6); 629 inq = &ip6intrq; 630 sp->pp_last_activity = mono_time.tv_sec; 631 } 632 break; 633 #endif 634 #ifdef IPX 635 case PPP_IPX: 636 /* IPX IPXCP not implemented yet */ 637 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 638 schednetisr(NETISR_IPX); 639 inq = &ipxintrq; 640 } 641 break; 642 #endif 643 #ifdef NS 644 case PPP_XNS: 645 /* XNS IDPCP not implemented yet */ 646 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 647 schednetisr(NETISR_NS); 648 inq = &nsintrq; 649 } 650 break; 651 #endif 652 #ifdef ISO 653 case PPP_ISO: 654 /* OSI NLCP not implemented yet */ 655 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 656 schednetisr(NETISR_ISO); 657 inq = &clnlintrq; 658 } 659 break; 660 #endif 661 } 662 663 queue_pkt: 664 if (! (ifp->if_flags & IFF_UP) || ! inq) 665 goto drop; 666 667 /* Check queue. */ 668 s = splnet(); 669 if (IF_QFULL(inq)) { 670 /* Queue overflow. */ 671 IF_DROP(inq); 672 splx(s); 673 if (debug) 674 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 675 SPP_ARGS(ifp)); 676 goto drop; 677 } 678 IF_ENQUEUE(inq, m); 679 splx(s); 680 } 681 682 /* 683 * Enqueue transmit packet. 684 */ 685 static int 686 sppp_output(struct ifnet *ifp, struct mbuf *m, 687 struct sockaddr *dst, struct rtentry *rt) 688 { 689 struct sppp *sp = (struct sppp *) ifp; 690 struct ppp_header *h = NULL; 691 struct ifqueue *ifq = NULL; /* XXX */ 692 int s, len, rv = 0; 693 u_int16_t protocol; 694 ALTQ_DECL(struct altq_pktattr pktattr;) 695 696 s = splnet(); 697 698 sp->pp_last_activity = mono_time.tv_sec; 699 700 if ((ifp->if_flags & IFF_UP) == 0 || 701 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 702 m_freem(m); 703 splx(s); 704 return (ENETDOWN); 705 } 706 707 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 708 /* 709 * Interface is not yet running, but auto-dial. Need 710 * to start LCP for it. 711 */ 712 ifp->if_flags |= IFF_RUNNING; 713 splx(s); 714 lcp.Open(sp); 715 s = splnet(); 716 } 717 718 /* 719 * If the queueing discipline needs packet classification, 720 * do it before prepending link headers. 721 */ 722 IFQ_CLASSIFY(&ifp->if_snd, m, dst->sa_family, &pktattr); 723 724 #ifdef INET 725 if (dst->sa_family == AF_INET) { 726 struct ip *ip = NULL; 727 struct tcphdr *th = NULL; 728 729 if (m->m_len >= sizeof(struct ip)) { 730 ip = mtod(m, struct ip *); 731 if (ip->ip_p == IPPROTO_TCP && 732 m->m_len >= sizeof(struct ip) + (ip->ip_hl << 2) + 733 sizeof(struct tcphdr)) { 734 th = (struct tcphdr *) 735 ((caddr_t)ip + (ip->ip_hl << 2)); 736 } 737 } else 738 ip = NULL; 739 740 /* 741 * When using dynamic local IP address assignment by using 742 * 0.0.0.0 as a local address, the first TCP session will 743 * not connect because the local TCP checksum is computed 744 * using 0.0.0.0 which will later become our real IP address 745 * so the TCP checksum computed at the remote end will 746 * become invalid. So we 747 * - don't let packets with src ip addr 0 thru 748 * - we flag TCP packets with src ip 0 as an error 749 */ 750 if (ip && ip->ip_src.s_addr == INADDR_ANY) { 751 u_int8_t proto = ip->ip_p; 752 753 m_freem(m); 754 splx(s); 755 if (proto == IPPROTO_TCP) 756 return (EADDRNOTAVAIL); 757 else 758 return (0); 759 } 760 761 /* 762 * Put low delay, telnet, rlogin and ftp control packets 763 * in front of the queue. 764 */ 765 766 if (!IF_QFULL(&sp->pp_fastq) && 767 ((ip && (ip->ip_tos & IPTOS_LOWDELAY)) || 768 (th && (INTERACTIVE(ntohs(th->th_sport)) || 769 INTERACTIVE(ntohs(th->th_dport)))))) 770 ifq = &sp->pp_fastq; 771 } 772 #endif 773 774 #ifdef INET6 775 if (dst->sa_family == AF_INET6) { 776 /* XXX do something tricky here? */ 777 } 778 #endif 779 780 if ((sp->pp_flags & PP_NOFRAMING) == 0) { 781 /* 782 * Prepend general data packet PPP header. For now, IP only. 783 */ 784 M_PREPEND(m, PPP_HEADER_LEN, M_DONTWAIT); 785 if (! m) { 786 if (ifp->if_flags & IFF_DEBUG) 787 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 788 SPP_ARGS(ifp)); 789 ++ifp->if_oerrors; 790 splx(s); 791 return (ENOBUFS); 792 } 793 /* 794 * May want to check size of packet 795 * (albeit due to the implementation it's always enough) 796 */ 797 h = mtod(m, struct ppp_header *); 798 if (sp->pp_flags & PP_CISCO) { 799 h->address = CISCO_UNICAST; /* unicast address */ 800 h->control = 0; 801 } else { 802 h->address = PPP_ALLSTATIONS; /* broadcast address */ 803 h->control = PPP_UI; /* Unnumbered Info */ 804 } 805 } 806 807 switch (dst->sa_family) { 808 #ifdef INET 809 case AF_INET: /* Internet Protocol */ 810 if (sp->pp_flags & PP_CISCO) 811 protocol = htons(ETHERTYPE_IP); 812 else { 813 /* 814 * Don't choke with an ENETDOWN early. It's 815 * possible that we just started dialing out, 816 * so don't drop the packet immediately. If 817 * we notice that we run out of buffer space 818 * below, we will however remember that we are 819 * not ready to carry IP packets, and return 820 * ENETDOWN, as opposed to ENOBUFS. 821 */ 822 protocol = htons(PPP_IP); 823 if (sp->state[IDX_IPCP] != STATE_OPENED) 824 rv = ENETDOWN; 825 } 826 break; 827 #endif 828 #ifdef INET6 829 case AF_INET6: /* Internet Protocol version 6 */ 830 if (sp->pp_flags & PP_CISCO) 831 protocol = htons(ETHERTYPE_IPV6); 832 else { 833 /* 834 * Don't choke with an ENETDOWN early. It's 835 * possible that we just started dialing out, 836 * so don't drop the packet immediately. If 837 * we notice that we run out of buffer space 838 * below, we will however remember that we are 839 * not ready to carry IP packets, and return 840 * ENETDOWN, as opposed to ENOBUFS. 841 */ 842 protocol = htons(PPP_IPV6); 843 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 844 rv = ENETDOWN; 845 } 846 break; 847 #endif 848 #ifdef NS 849 case AF_NS: /* Xerox NS Protocol */ 850 protocol = htons((sp->pp_flags & PP_CISCO) ? 851 ETHERTYPE_NS : PPP_XNS); 852 break; 853 #endif 854 #ifdef IPX 855 case AF_IPX: /* Novell IPX Protocol */ 856 protocol = htons((sp->pp_flags & PP_CISCO) ? 857 ETHERTYPE_IPX : PPP_IPX); 858 break; 859 #endif 860 #ifdef ISO 861 case AF_ISO: /* ISO OSI Protocol */ 862 if (sp->pp_flags & PP_CISCO) 863 goto nosupport; 864 protocol = htons(PPP_ISO); 865 break; 866 nosupport: 867 #endif 868 default: 869 m_freem(m); 870 ++ifp->if_oerrors; 871 splx(s); 872 return (EAFNOSUPPORT); 873 } 874 875 if (sp->pp_flags & PP_NOFRAMING) { 876 M_PREPEND(m, 2, M_DONTWAIT); 877 if (m == NULL) { 878 if (ifp->if_flags & IFF_DEBUG) 879 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 880 SPP_ARGS(ifp)); 881 ++ifp->if_oerrors; 882 splx(s); 883 return (ENOBUFS); 884 } 885 *mtod(m, u_int16_t *) = protocol; 886 } else { 887 h->protocol = protocol; 888 } 889 890 /* 891 * Queue message on interface, and start output if interface 892 * not yet active. 893 */ 894 len = m->m_pkthdr.len; 895 if (ifq != NULL 896 #ifdef ALTQ 897 && ALTQ_IS_ENABLED(&ifp->if_snd) == 0 898 #endif 899 ) { 900 if (IF_QFULL(ifq)) { 901 IF_DROP(&ifp->if_snd); 902 m_freem(m); 903 if (rv == 0) 904 rv = ENOBUFS; 905 } 906 else 907 IF_ENQUEUE(ifq, m); 908 } else 909 IFQ_ENQUEUE(&ifp->if_snd, m, &pktattr, rv); 910 if (rv != 0) { 911 ++ifp->if_oerrors; 912 splx(s); 913 return (rv); 914 } 915 916 if (! (ifp->if_flags & IFF_OACTIVE)) 917 (*ifp->if_start)(ifp); 918 919 /* 920 * Count output packets and bytes. 921 * The packet length includes header + additional hardware framing 922 * according to RFC 1333. 923 */ 924 ifp->if_obytes += len + sp->pp_framebytes; 925 splx(s); 926 return (0); 927 } 928 929 void 930 sppp_attach(struct ifnet *ifp) 931 { 932 struct sppp *sp = (struct sppp *) ifp; 933 934 /* Initialize keepalive handler. */ 935 if (! spppq) { 936 callout_init(&keepalive_ch); 937 callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 938 } 939 940 /* Insert new entry into the keepalive list. */ 941 sp->pp_next = spppq; 942 spppq = sp; 943 944 sp->pp_if.if_type = IFT_PPP; 945 sp->pp_if.if_output = sppp_output; 946 sp->pp_fastq.ifq_maxlen = 32; 947 sp->pp_cpq.ifq_maxlen = 20; 948 sp->pp_loopcnt = 0; 949 sp->pp_alivecnt = 0; 950 sp->pp_last_activity = 0; 951 sp->pp_idle_timeout = 0; 952 memset(&sp->pp_seq[0], 0, sizeof(sp->pp_seq)); 953 memset(&sp->pp_rseq[0], 0, sizeof(sp->pp_rseq)); 954 sp->pp_auth_failures = 0; 955 sp->pp_max_auth_fail = DEFAULT_MAX_AUTH_FAILURES; 956 sp->pp_phase = SPPP_PHASE_DEAD; 957 sp->pp_up = lcp.Up; 958 sp->pp_down = lcp.Down; 959 960 if_alloc_sadl(ifp); 961 962 memset(&sp->myauth, 0, sizeof sp->myauth); 963 memset(&sp->hisauth, 0, sizeof sp->hisauth); 964 sppp_lcp_init(sp); 965 sppp_ipcp_init(sp); 966 sppp_ipv6cp_init(sp); 967 sppp_pap_init(sp); 968 sppp_chap_init(sp); 969 } 970 971 void 972 sppp_detach(struct ifnet *ifp) 973 { 974 struct sppp **q, *p, *sp = (struct sppp *) ifp; 975 int i; 976 977 /* Remove the entry from the keepalive list. */ 978 for (q = &spppq; (p = *q); q = &p->pp_next) 979 if (p == sp) { 980 *q = p->pp_next; 981 break; 982 } 983 984 /* Stop keepalive handler. */ 985 if (! spppq) { 986 callout_stop(&keepalive_ch); 987 } 988 989 for (i = 0; i < IDX_COUNT; i++) { 990 callout_stop(&sp->ch[i]); 991 } 992 callout_stop(&sp->pap_my_to_ch); 993 994 /* free authentication info */ 995 if (sp->myauth.name) free(sp->myauth.name, M_DEVBUF); 996 if (sp->myauth.secret) free(sp->myauth.secret, M_DEVBUF); 997 if (sp->hisauth.name) free(sp->hisauth.name, M_DEVBUF); 998 if (sp->hisauth.secret) free(sp->hisauth.secret, M_DEVBUF); 999 1000 if_free_sadl(ifp); 1001 } 1002 1003 /* 1004 * Flush the interface output queue. 1005 */ 1006 void 1007 sppp_flush(struct ifnet *ifp) 1008 { 1009 struct sppp *sp = (struct sppp *) ifp; 1010 1011 IFQ_PURGE(&sp->pp_if.if_snd); 1012 IF_PURGE(&sp->pp_fastq); 1013 IF_PURGE(&sp->pp_cpq); 1014 } 1015 1016 /* 1017 * Check if the output queue is empty. 1018 */ 1019 int 1020 sppp_isempty(struct ifnet *ifp) 1021 { 1022 struct sppp *sp = (struct sppp *) ifp; 1023 int empty, s; 1024 1025 s = splnet(); 1026 empty = IF_IS_EMPTY(&sp->pp_fastq) && IF_IS_EMPTY(&sp->pp_cpq) && 1027 IFQ_IS_EMPTY(&sp->pp_if.if_snd); 1028 splx(s); 1029 return (empty); 1030 } 1031 1032 /* 1033 * Get next packet to send. 1034 */ 1035 struct mbuf * 1036 sppp_dequeue(struct ifnet *ifp) 1037 { 1038 struct sppp *sp = (struct sppp *) ifp; 1039 struct mbuf *m; 1040 int s; 1041 1042 s = splnet(); 1043 /* 1044 * Process only the control protocol queue until we have at 1045 * least one NCP open. 1046 * 1047 * Do always serve all three queues in Cisco mode. 1048 */ 1049 IF_DEQUEUE(&sp->pp_cpq, m); 1050 if (m == NULL && 1051 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) { 1052 IF_DEQUEUE(&sp->pp_fastq, m); 1053 if (m == NULL) 1054 IF_DEQUEUE(&sp->pp_if.if_snd, m); 1055 } 1056 splx(s); 1057 return m; 1058 } 1059 1060 /* 1061 * Pick the next packet, do not remove it from the queue. 1062 */ 1063 struct mbuf * 1064 sppp_pick(struct ifnet *ifp) 1065 { 1066 struct sppp *sp = (struct sppp *)ifp; 1067 struct mbuf *m; 1068 int s; 1069 1070 s= splnet(); 1071 1072 m = sp->pp_cpq.ifq_head; 1073 if (m == NULL && 1074 (sp->pp_phase == SPPP_PHASE_NETWORK || 1075 (sp->pp_flags & PP_CISCO) != 0)) 1076 if ((m = sp->pp_fastq.ifq_head) == NULL) 1077 m = sp->pp_if.if_snd.ifq_head; 1078 splx(s); 1079 return (m); 1080 } 1081 1082 /* 1083 * Process an ioctl request. Called on low priority level. 1084 */ 1085 int 1086 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) 1087 { 1088 struct ifreq *ifr = (struct ifreq *) data; 1089 struct sppp *sp = (struct sppp *) ifp; 1090 int s, error=0, going_up, going_down, newmode; 1091 1092 s = splnet(); 1093 switch (cmd) { 1094 case SIOCAIFADDR: 1095 case SIOCSIFDSTADDR: 1096 break; 1097 1098 case SIOCSIFADDR: 1099 if_up(ifp); 1100 /* fall through... */ 1101 1102 case SIOCSIFFLAGS: 1103 going_up = ifp->if_flags & IFF_UP && 1104 (ifp->if_flags & IFF_RUNNING) == 0; 1105 going_down = (ifp->if_flags & IFF_UP) == 0 && 1106 ifp->if_flags & IFF_RUNNING; 1107 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 1108 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 1109 /* sanity */ 1110 newmode = IFF_PASSIVE; 1111 ifp->if_flags &= ~IFF_AUTO; 1112 } 1113 1114 if (going_up || going_down) 1115 lcp.Close(sp); 1116 if (going_up && newmode == 0) { 1117 /* neither auto-dial nor passive */ 1118 ifp->if_flags |= IFF_RUNNING; 1119 if (!(sp->pp_flags & PP_CISCO)) 1120 lcp.Open(sp); 1121 } else if (going_down) { 1122 sppp_flush(ifp); 1123 ifp->if_flags &= ~IFF_RUNNING; 1124 } 1125 1126 break; 1127 1128 #ifdef SIOCSIFMTU 1129 #ifndef ifr_mtu 1130 #define ifr_mtu ifr_metric 1131 #endif 1132 case SIOCSIFMTU: 1133 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) { 1134 error = EINVAL; 1135 break; 1136 } 1137 1138 ifp->if_mtu = ifr->ifr_mtu; 1139 break; 1140 #endif 1141 #ifdef SLIOCSETMTU 1142 case SLIOCSETMTU: 1143 if (*(short *)data < 128 || *(short *)data > sp->lcp.their_mru) 1144 { 1145 error = EINVAL; 1146 break; 1147 } 1148 1149 ifp->if_mtu = *(short *)data; 1150 break; 1151 #endif 1152 #ifdef SIOCGIFMTU 1153 case SIOCGIFMTU: 1154 ifr->ifr_mtu = ifp->if_mtu; 1155 break; 1156 #endif 1157 #ifdef SLIOCGETMTU 1158 case SLIOCGETMTU: 1159 *(short *)data = ifp->if_mtu; 1160 break; 1161 #endif 1162 case SIOCADDMULTI: 1163 case SIOCDELMULTI: 1164 break; 1165 1166 case SPPPSETAUTHCFG: 1167 case SPPPSETLCPCFG: 1168 case SPPPSETIDLETO: 1169 case SPPPSETAUTHFAILURE: 1170 case SPPPSETDNSOPTS: 1171 { 1172 struct proc *p = curproc; /* XXX */ 1173 1174 if ((error = suser(p->p_ucred, &p->p_acflag)) != 0) 1175 break; 1176 } 1177 /* FALLTHROUGH */ 1178 case SPPPGETAUTHCFG: 1179 case SPPPGETLCPCFG: 1180 case SPPPGETSTATUS: 1181 case SPPPGETIDLETO: 1182 case SPPPGETAUTHFAILURES: 1183 case SPPPGETDNSOPTS: 1184 case SPPPGETDNSADDRS: 1185 error = sppp_params(sp, cmd, data); 1186 break; 1187 1188 default: 1189 error = ENOTTY; 1190 } 1191 splx(s); 1192 return (error); 1193 } 1194 1195 1196 /* 1197 * Cisco framing implementation. 1198 */ 1199 1200 /* 1201 * Handle incoming Cisco keepalive protocol packets. 1202 */ 1203 static void 1204 sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1205 { 1206 STDDCL; 1207 struct cisco_packet *h; 1208 u_int32_t me, mymask; 1209 1210 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1211 if (debug) 1212 log(LOG_DEBUG, 1213 SPP_FMT "cisco invalid packet length: %d bytes\n", 1214 SPP_ARGS(ifp), m->m_pkthdr.len); 1215 return; 1216 } 1217 h = mtod(m, struct cisco_packet *); 1218 if (debug) 1219 log(LOG_DEBUG, 1220 SPP_FMT "cisco input: %d bytes " 1221 "<0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", 1222 SPP_ARGS(ifp), m->m_pkthdr.len, 1223 ntohl (h->type), h->par1, h->par2, (u_int)h->rel, 1224 (u_int)h->time0, (u_int)h->time1); 1225 switch (ntohl (h->type)) { 1226 default: 1227 if (debug) 1228 addlog(SPP_FMT "cisco unknown packet type: 0x%x\n", 1229 SPP_ARGS(ifp), ntohl (h->type)); 1230 break; 1231 case CISCO_ADDR_REPLY: 1232 /* Reply on address request, ignore */ 1233 break; 1234 case CISCO_KEEPALIVE_REQ: 1235 sp->pp_alivecnt = 0; 1236 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1237 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1238 /* Local and remote sequence numbers are equal. 1239 * Probably, the line is in loopback mode. */ 1240 if (sp->pp_loopcnt >= MAXALIVECNT) { 1241 printf (SPP_FMT "loopback\n", 1242 SPP_ARGS(ifp)); 1243 sp->pp_loopcnt = 0; 1244 if (ifp->if_flags & IFF_UP) { 1245 if_down(ifp); 1246 IF_PURGE(&sp->pp_cpq); 1247 } 1248 } 1249 ++sp->pp_loopcnt; 1250 1251 /* Generate new local sequence number */ 1252 sp->pp_seq[IDX_LCP] = random(); 1253 break; 1254 } 1255 sp->pp_loopcnt = 0; 1256 if (! (ifp->if_flags & IFF_UP) && 1257 (ifp->if_flags & IFF_RUNNING)) { 1258 if_up(ifp); 1259 } 1260 break; 1261 case CISCO_ADDR_REQ: 1262 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1263 if (me != 0L) 1264 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1265 break; 1266 } 1267 } 1268 1269 /* 1270 * Send Cisco keepalive packet. 1271 */ 1272 static void 1273 sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2) 1274 { 1275 STDDCL; 1276 struct ppp_header *h; 1277 struct cisco_packet *ch; 1278 struct mbuf *m; 1279 u_int32_t t = (time.tv_sec - boottime.tv_sec) * 1000; 1280 1281 MGETHDR(m, M_DONTWAIT, MT_DATA); 1282 if (! m) 1283 return; 1284 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1285 m->m_pkthdr.rcvif = 0; 1286 1287 h = mtod(m, struct ppp_header *); 1288 h->address = CISCO_MULTICAST; 1289 h->control = 0; 1290 h->protocol = htons(CISCO_KEEPALIVE); 1291 1292 ch = (struct cisco_packet *)(h + 1); 1293 ch->type = htonl(type); 1294 ch->par1 = htonl(par1); 1295 ch->par2 = htonl(par2); 1296 ch->rel = -1; 1297 1298 ch->time0 = htons((u_short)(t >> 16)); 1299 ch->time1 = htons((u_short) t); 1300 1301 if (debug) 1302 log(LOG_DEBUG, 1303 SPP_FMT "cisco output: <0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", 1304 SPP_ARGS(ifp), ntohl (ch->type), ch->par1, 1305 ch->par2, (u_int)ch->rel, (u_int)ch->time0, 1306 (u_int)ch->time1); 1307 1308 if (IF_QFULL(&sp->pp_cpq)) { 1309 IF_DROP(&sp->pp_fastq); 1310 IF_DROP(&ifp->if_snd); 1311 m_freem(m); 1312 ++ifp->if_oerrors; 1313 return; 1314 } else 1315 IF_ENQUEUE(&sp->pp_cpq, m); 1316 if (! (ifp->if_flags & IFF_OACTIVE)) 1317 (*ifp->if_start)(ifp); 1318 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes; 1319 } 1320 1321 /* 1322 * PPP protocol implementation. 1323 */ 1324 1325 /* 1326 * Send PPP control protocol packet. 1327 */ 1328 static void 1329 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1330 u_char ident, u_short len, void *data) 1331 { 1332 STDDCL; 1333 struct lcp_header *lh; 1334 struct mbuf *m; 1335 size_t pkthdrlen; 1336 1337 pkthdrlen = (sp->pp_flags & PP_NOFRAMING) ? 2 : PPP_HEADER_LEN; 1338 1339 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) 1340 len = MHLEN - pkthdrlen - LCP_HEADER_LEN; 1341 MGETHDR(m, M_DONTWAIT, MT_DATA); 1342 if (! m) 1343 return; 1344 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 1345 m->m_pkthdr.rcvif = 0; 1346 1347 if (sp->pp_flags & PP_NOFRAMING) { 1348 *mtod(m, u_int16_t *) = htons(proto); 1349 lh = (struct lcp_header *)(mtod(m, u_int8_t *) + 2); 1350 } else { 1351 struct ppp_header *h; 1352 h = mtod(m, struct ppp_header *); 1353 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1354 h->control = PPP_UI; /* Unnumbered Info */ 1355 h->protocol = htons(proto); /* Link Control Protocol */ 1356 lh = (struct lcp_header *)(h + 1); 1357 } 1358 lh->type = type; 1359 lh->ident = ident; 1360 lh->len = htons(LCP_HEADER_LEN + len); 1361 if (len) 1362 bcopy (data, lh + 1, len); 1363 1364 if (debug) { 1365 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1366 SPP_ARGS(ifp), 1367 sppp_proto_name(proto), 1368 sppp_cp_type_name(lh->type), lh->ident, ntohs(lh->len)); 1369 if (len) 1370 sppp_print_bytes((u_char *)(lh + 1), len); 1371 addlog(">\n"); 1372 } 1373 if (IF_QFULL(&sp->pp_cpq)) { 1374 IF_DROP(&sp->pp_fastq); 1375 IF_DROP(&ifp->if_snd); 1376 m_freem(m); 1377 ++ifp->if_oerrors; 1378 return; 1379 } else 1380 IF_ENQUEUE(&sp->pp_cpq, m); 1381 if (! (ifp->if_flags & IFF_OACTIVE)) 1382 (*ifp->if_start)(ifp); 1383 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes; 1384 } 1385 1386 /* 1387 * Handle incoming PPP control protocol packets. 1388 */ 1389 static void 1390 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1391 { 1392 STDDCL; 1393 struct lcp_header *h; 1394 int len = m->m_pkthdr.len; 1395 int rv; 1396 u_char *p; 1397 u_int32_t u32; 1398 1399 if (len < 4) { 1400 if (debug) 1401 log(LOG_DEBUG, 1402 SPP_FMT "%s invalid packet length: %d bytes\n", 1403 SPP_ARGS(ifp), cp->name, len); 1404 return; 1405 } 1406 h = mtod(m, struct lcp_header *); 1407 if (debug) { 1408 log(LOG_DEBUG, 1409 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1410 SPP_ARGS(ifp), cp->name, 1411 sppp_state_name(sp->state[cp->protoidx]), 1412 sppp_cp_type_name(h->type), h->ident, ntohs(h->len)); 1413 if (len > 4) 1414 sppp_print_bytes((u_char *)(h + 1), len - 4); 1415 addlog(">\n"); 1416 } 1417 if (len > ntohs(h->len)) 1418 len = ntohs(h->len); 1419 p = (u_char *)(h + 1); 1420 switch (h->type) { 1421 case CONF_REQ: 1422 if (len < 4) { 1423 if (debug) 1424 addlog(SPP_FMT "%s invalid conf-req length %d\n", 1425 SPP_ARGS(ifp), cp->name, 1426 len); 1427 ++ifp->if_ierrors; 1428 break; 1429 } 1430 /* handle states where RCR doesn't get a SCA/SCN */ 1431 switch (sp->state[cp->protoidx]) { 1432 case STATE_CLOSING: 1433 case STATE_STOPPING: 1434 return; 1435 case STATE_CLOSED: 1436 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1437 0, 0); 1438 return; 1439 } 1440 rv = (cp->RCR)(sp, h, len); 1441 switch (sp->state[cp->protoidx]) { 1442 case STATE_OPENED: 1443 (cp->tld)(sp); 1444 (cp->scr)(sp); 1445 /* fall through... */ 1446 case STATE_ACK_SENT: 1447 case STATE_REQ_SENT: 1448 sppp_cp_change_state(cp, sp, rv? 1449 STATE_ACK_SENT: STATE_REQ_SENT); 1450 break; 1451 case STATE_STOPPED: 1452 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1453 (cp->scr)(sp); 1454 sppp_cp_change_state(cp, sp, rv? 1455 STATE_ACK_SENT: STATE_REQ_SENT); 1456 break; 1457 case STATE_ACK_RCVD: 1458 if (rv) { 1459 sppp_cp_change_state(cp, sp, STATE_OPENED); 1460 if (debug) 1461 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1462 SPP_ARGS(ifp), 1463 cp->name); 1464 (cp->tlu)(sp); 1465 } else 1466 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1467 break; 1468 default: 1469 printf(SPP_FMT "%s illegal %s in state %s\n", 1470 SPP_ARGS(ifp), cp->name, 1471 sppp_cp_type_name(h->type), 1472 sppp_state_name(sp->state[cp->protoidx])); 1473 ++ifp->if_ierrors; 1474 } 1475 break; 1476 case CONF_ACK: 1477 if (h->ident != sp->confid[cp->protoidx]) { 1478 if (debug) 1479 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1480 SPP_ARGS(ifp), cp->name, 1481 h->ident, sp->confid[cp->protoidx]); 1482 ++ifp->if_ierrors; 1483 break; 1484 } 1485 switch (sp->state[cp->protoidx]) { 1486 case STATE_CLOSED: 1487 case STATE_STOPPED: 1488 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1489 break; 1490 case STATE_CLOSING: 1491 case STATE_STOPPING: 1492 break; 1493 case STATE_REQ_SENT: 1494 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1495 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1496 break; 1497 case STATE_OPENED: 1498 (cp->tld)(sp); 1499 /* fall through */ 1500 case STATE_ACK_RCVD: 1501 (cp->scr)(sp); 1502 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1503 break; 1504 case STATE_ACK_SENT: 1505 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1506 sppp_cp_change_state(cp, sp, STATE_OPENED); 1507 if (debug) 1508 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1509 SPP_ARGS(ifp), cp->name); 1510 (cp->tlu)(sp); 1511 break; 1512 default: 1513 printf(SPP_FMT "%s illegal %s in state %s\n", 1514 SPP_ARGS(ifp), cp->name, 1515 sppp_cp_type_name(h->type), 1516 sppp_state_name(sp->state[cp->protoidx])); 1517 ++ifp->if_ierrors; 1518 } 1519 break; 1520 case CONF_NAK: 1521 case CONF_REJ: 1522 if (h->ident != sp->confid[cp->protoidx]) { 1523 if (debug) 1524 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1525 SPP_ARGS(ifp), cp->name, 1526 h->ident, sp->confid[cp->protoidx]); 1527 ++ifp->if_ierrors; 1528 break; 1529 } 1530 if (h->type == CONF_NAK) 1531 (cp->RCN_nak)(sp, h, len); 1532 else /* CONF_REJ */ 1533 (cp->RCN_rej)(sp, h, len); 1534 1535 switch (sp->state[cp->protoidx]) { 1536 case STATE_CLOSED: 1537 case STATE_STOPPED: 1538 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1539 break; 1540 case STATE_REQ_SENT: 1541 case STATE_ACK_SENT: 1542 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1543 (cp->scr)(sp); 1544 break; 1545 case STATE_OPENED: 1546 (cp->tld)(sp); 1547 /* fall through */ 1548 case STATE_ACK_RCVD: 1549 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1550 (cp->scr)(sp); 1551 break; 1552 case STATE_CLOSING: 1553 case STATE_STOPPING: 1554 break; 1555 default: 1556 printf(SPP_FMT "%s illegal %s in state %s\n", 1557 SPP_ARGS(ifp), cp->name, 1558 sppp_cp_type_name(h->type), 1559 sppp_state_name(sp->state[cp->protoidx])); 1560 ++ifp->if_ierrors; 1561 } 1562 break; 1563 1564 case TERM_REQ: 1565 switch (sp->state[cp->protoidx]) { 1566 case STATE_ACK_RCVD: 1567 case STATE_ACK_SENT: 1568 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1569 /* fall through */ 1570 case STATE_CLOSED: 1571 case STATE_STOPPED: 1572 case STATE_CLOSING: 1573 case STATE_STOPPING: 1574 case STATE_REQ_SENT: 1575 sta: 1576 /* Send Terminate-Ack packet. */ 1577 if (debug) 1578 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1579 SPP_ARGS(ifp), cp->name); 1580 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1581 break; 1582 case STATE_OPENED: 1583 (cp->tld)(sp); 1584 sp->rst_counter[cp->protoidx] = 0; 1585 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1586 goto sta; 1587 default: 1588 printf(SPP_FMT "%s illegal %s in state %s\n", 1589 SPP_ARGS(ifp), cp->name, 1590 sppp_cp_type_name(h->type), 1591 sppp_state_name(sp->state[cp->protoidx])); 1592 ++ifp->if_ierrors; 1593 } 1594 break; 1595 case TERM_ACK: 1596 switch (sp->state[cp->protoidx]) { 1597 case STATE_CLOSED: 1598 case STATE_STOPPED: 1599 case STATE_REQ_SENT: 1600 case STATE_ACK_SENT: 1601 break; 1602 case STATE_CLOSING: 1603 (cp->tlf)(sp); 1604 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1605 sppp_lcp_check_and_close(sp); 1606 break; 1607 case STATE_STOPPING: 1608 (cp->tlf)(sp); 1609 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1610 sppp_lcp_check_and_close(sp); 1611 break; 1612 case STATE_ACK_RCVD: 1613 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1614 break; 1615 case STATE_OPENED: 1616 (cp->tld)(sp); 1617 (cp->scr)(sp); 1618 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1619 break; 1620 default: 1621 printf(SPP_FMT "%s illegal %s in state %s\n", 1622 SPP_ARGS(ifp), cp->name, 1623 sppp_cp_type_name(h->type), 1624 sppp_state_name(sp->state[cp->protoidx])); 1625 ++ifp->if_ierrors; 1626 } 1627 break; 1628 case CODE_REJ: 1629 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1630 log(LOG_INFO, 1631 SPP_FMT "%s: ignoring RXJ (%s) for code ?, " 1632 "danger will robinson\n", 1633 SPP_ARGS(ifp), cp->name, 1634 sppp_cp_type_name(h->type)); 1635 switch (sp->state[cp->protoidx]) { 1636 case STATE_CLOSED: 1637 case STATE_STOPPED: 1638 case STATE_REQ_SENT: 1639 case STATE_ACK_SENT: 1640 case STATE_CLOSING: 1641 case STATE_STOPPING: 1642 case STATE_OPENED: 1643 break; 1644 case STATE_ACK_RCVD: 1645 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1646 break; 1647 default: 1648 printf(SPP_FMT "%s illegal %s in state %s\n", 1649 SPP_ARGS(ifp), cp->name, 1650 sppp_cp_type_name(h->type), 1651 sppp_state_name(sp->state[cp->protoidx])); 1652 ++ifp->if_ierrors; 1653 } 1654 break; 1655 case PROTO_REJ: 1656 { 1657 int catastrophic; 1658 const struct cp *upper; 1659 int i; 1660 u_int16_t proto; 1661 1662 catastrophic = 0; 1663 upper = NULL; 1664 proto = p[0] << 8 | p[1]; 1665 for (i = 0; i < IDX_COUNT; i++) { 1666 if (cps[i]->proto == proto) { 1667 upper = cps[i]; 1668 break; 1669 } 1670 } 1671 if (upper == NULL) 1672 catastrophic++; 1673 1674 if (debug) 1675 log(LOG_INFO, 1676 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1677 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1678 sppp_cp_type_name(h->type), proto, 1679 upper ? upper->name : "unknown", 1680 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1681 1682 /* 1683 * if we got RXJ+ against conf-req, the peer does not implement 1684 * this particular protocol type. terminate the protocol. 1685 */ 1686 if (upper && !catastrophic) { 1687 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1688 upper->Close(sp); 1689 break; 1690 } 1691 } 1692 1693 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1694 switch (sp->state[cp->protoidx]) { 1695 case STATE_CLOSED: 1696 case STATE_STOPPED: 1697 case STATE_REQ_SENT: 1698 case STATE_ACK_SENT: 1699 case STATE_CLOSING: 1700 case STATE_STOPPING: 1701 case STATE_OPENED: 1702 break; 1703 case STATE_ACK_RCVD: 1704 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1705 break; 1706 default: 1707 printf(SPP_FMT "%s illegal %s in state %s\n", 1708 SPP_ARGS(ifp), cp->name, 1709 sppp_cp_type_name(h->type), 1710 sppp_state_name(sp->state[cp->protoidx])); 1711 ++ifp->if_ierrors; 1712 } 1713 break; 1714 } 1715 case DISC_REQ: 1716 if (cp->proto != PPP_LCP) 1717 goto illegal; 1718 /* Discard the packet. */ 1719 break; 1720 case ECHO_REQ: 1721 if (cp->proto != PPP_LCP) 1722 goto illegal; 1723 if (sp->state[cp->protoidx] != STATE_OPENED) { 1724 if (debug) 1725 addlog(SPP_FMT "lcp echo req but lcp closed\n", 1726 SPP_ARGS(ifp)); 1727 ++ifp->if_ierrors; 1728 break; 1729 } 1730 if (len < 8) { 1731 if (debug) 1732 addlog(SPP_FMT "invalid lcp echo request " 1733 "packet length: %d bytes\n", 1734 SPP_ARGS(ifp), len); 1735 break; 1736 } 1737 memcpy(&u32, h + 1, sizeof u32); 1738 if (ntohl(u32) == sp->lcp.magic) { 1739 /* Line loopback mode detected. */ 1740 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1741 if_down(ifp); 1742 IF_PURGE(&sp->pp_cpq); 1743 1744 /* Shut down the PPP link. */ 1745 /* XXX */ 1746 lcp.Down(sp); 1747 lcp.Up(sp); 1748 break; 1749 } 1750 u32 = htonl(sp->lcp.magic); 1751 memcpy(h + 1, &u32, sizeof u32); 1752 if (debug) 1753 addlog(SPP_FMT "got lcp echo req, sending echo rep\n", 1754 SPP_ARGS(ifp)); 1755 sppp_cp_send(sp, PPP_LCP, ECHO_REPLY, h->ident, len - 4, 1756 h + 1); 1757 break; 1758 case ECHO_REPLY: 1759 if (cp->proto != PPP_LCP) 1760 goto illegal; 1761 if (h->ident != sp->lcp.echoid) { 1762 ++ifp->if_ierrors; 1763 break; 1764 } 1765 if (len < 8) { 1766 if (debug) 1767 addlog(SPP_FMT "lcp invalid echo reply " 1768 "packet length: %d bytes\n", 1769 SPP_ARGS(ifp), len); 1770 break; 1771 } 1772 if (debug) 1773 addlog(SPP_FMT "lcp got echo rep\n", 1774 SPP_ARGS(ifp)); 1775 memcpy(&u32, h + 1, sizeof u32); 1776 if (ntohl(u32) != sp->lcp.magic) 1777 sp->pp_alivecnt = 0; 1778 break; 1779 default: 1780 /* Unknown packet type -- send Code-Reject packet. */ 1781 illegal: 1782 if (debug) 1783 addlog(SPP_FMT "%s send code-rej for 0x%x\n", 1784 SPP_ARGS(ifp), cp->name, h->type); 1785 sppp_cp_send(sp, cp->proto, CODE_REJ, 1786 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1787 ++ifp->if_ierrors; 1788 } 1789 } 1790 1791 1792 /* 1793 * The generic part of all Up/Down/Open/Close/TO event handlers. 1794 * Basically, the state transition handling in the automaton. 1795 */ 1796 static void 1797 sppp_up_event(const struct cp *cp, struct sppp *sp) 1798 { 1799 STDDCL; 1800 1801 if (debug) 1802 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1803 SPP_ARGS(ifp), cp->name, 1804 sppp_state_name(sp->state[cp->protoidx])); 1805 1806 switch (sp->state[cp->protoidx]) { 1807 case STATE_INITIAL: 1808 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1809 break; 1810 case STATE_STARTING: 1811 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1812 (cp->scr)(sp); 1813 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1814 break; 1815 default: 1816 printf(SPP_FMT "%s illegal up in state %s\n", 1817 SPP_ARGS(ifp), cp->name, 1818 sppp_state_name(sp->state[cp->protoidx])); 1819 } 1820 } 1821 1822 static void 1823 sppp_down_event(const struct cp *cp, struct sppp *sp) 1824 { 1825 STDDCL; 1826 1827 if (debug) 1828 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1829 SPP_ARGS(ifp), cp->name, 1830 sppp_state_name(sp->state[cp->protoidx])); 1831 1832 switch (sp->state[cp->protoidx]) { 1833 case STATE_CLOSED: 1834 case STATE_CLOSING: 1835 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1836 break; 1837 case STATE_STOPPED: 1838 (cp->tls)(sp); 1839 /* fall through */ 1840 case STATE_STOPPING: 1841 case STATE_REQ_SENT: 1842 case STATE_ACK_RCVD: 1843 case STATE_ACK_SENT: 1844 sppp_cp_change_state(cp, sp, STATE_STARTING); 1845 break; 1846 case STATE_OPENED: 1847 (cp->tld)(sp); 1848 sppp_cp_change_state(cp, sp, STATE_STARTING); 1849 break; 1850 default: 1851 printf(SPP_FMT "%s illegal down in state %s\n", 1852 SPP_ARGS(ifp), cp->name, 1853 sppp_state_name(sp->state[cp->protoidx])); 1854 } 1855 } 1856 1857 1858 static void 1859 sppp_open_event(const struct cp *cp, struct sppp *sp) 1860 { 1861 STDDCL; 1862 1863 if (debug) 1864 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1865 SPP_ARGS(ifp), cp->name, 1866 sppp_state_name(sp->state[cp->protoidx])); 1867 1868 switch (sp->state[cp->protoidx]) { 1869 case STATE_INITIAL: 1870 (cp->tls)(sp); 1871 sppp_cp_change_state(cp, sp, STATE_STARTING); 1872 break; 1873 case STATE_STARTING: 1874 break; 1875 case STATE_CLOSED: 1876 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1877 (cp->scr)(sp); 1878 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1879 break; 1880 case STATE_STOPPED: 1881 case STATE_STOPPING: 1882 case STATE_REQ_SENT: 1883 case STATE_ACK_RCVD: 1884 case STATE_ACK_SENT: 1885 case STATE_OPENED: 1886 break; 1887 case STATE_CLOSING: 1888 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1889 break; 1890 } 1891 } 1892 1893 1894 static void 1895 sppp_close_event(const struct cp *cp, struct sppp *sp) 1896 { 1897 STDDCL; 1898 1899 if (debug) 1900 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1901 SPP_ARGS(ifp), cp->name, 1902 sppp_state_name(sp->state[cp->protoidx])); 1903 1904 switch (sp->state[cp->protoidx]) { 1905 case STATE_INITIAL: 1906 case STATE_CLOSED: 1907 case STATE_CLOSING: 1908 break; 1909 case STATE_STARTING: 1910 (cp->tlf)(sp); 1911 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1912 break; 1913 case STATE_STOPPED: 1914 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1915 break; 1916 case STATE_STOPPING: 1917 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1918 break; 1919 case STATE_OPENED: 1920 (cp->tld)(sp); 1921 /* fall through */ 1922 case STATE_REQ_SENT: 1923 case STATE_ACK_RCVD: 1924 case STATE_ACK_SENT: 1925 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1926 sppp_cp_send(sp, cp->proto, TERM_REQ, 1927 ++sp->pp_seq[cp->protoidx], 0, 0); 1928 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1929 break; 1930 } 1931 } 1932 1933 static void 1934 sppp_to_event(const struct cp *cp, struct sppp *sp) 1935 { 1936 STDDCL; 1937 int s; 1938 1939 s = splnet(); 1940 if (debug) 1941 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 1942 SPP_ARGS(ifp), cp->name, 1943 sppp_state_name(sp->state[cp->protoidx]), 1944 sp->rst_counter[cp->protoidx]); 1945 1946 if (--sp->rst_counter[cp->protoidx] < 0) 1947 /* TO- event */ 1948 switch (sp->state[cp->protoidx]) { 1949 case STATE_CLOSING: 1950 (cp->tlf)(sp); 1951 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1952 sppp_lcp_check_and_close(sp); 1953 break; 1954 case STATE_STOPPING: 1955 (cp->tlf)(sp); 1956 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1957 sppp_lcp_check_and_close(sp); 1958 break; 1959 case STATE_REQ_SENT: 1960 case STATE_ACK_RCVD: 1961 case STATE_ACK_SENT: 1962 (cp->tlf)(sp); 1963 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1964 sppp_lcp_check_and_close(sp); 1965 break; 1966 } 1967 else 1968 /* TO+ event */ 1969 switch (sp->state[cp->protoidx]) { 1970 case STATE_CLOSING: 1971 case STATE_STOPPING: 1972 sppp_cp_send(sp, cp->proto, TERM_REQ, 1973 ++sp->pp_seq[cp->protoidx], 0, 0); 1974 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1975 cp->TO, sp); 1976 break; 1977 case STATE_REQ_SENT: 1978 case STATE_ACK_RCVD: 1979 (cp->scr)(sp); 1980 /* sppp_cp_change_state() will restart the timer */ 1981 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1982 break; 1983 case STATE_ACK_SENT: 1984 (cp->scr)(sp); 1985 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1986 cp->TO, sp); 1987 break; 1988 } 1989 1990 splx(s); 1991 } 1992 1993 /* 1994 * Change the state of a control protocol in the state automaton. 1995 * Takes care of starting/stopping the restart timer. 1996 */ 1997 void 1998 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1999 { 2000 sp->state[cp->protoidx] = newstate; 2001 callout_stop(&sp->ch[cp->protoidx]); 2002 switch (newstate) { 2003 case STATE_INITIAL: 2004 case STATE_STARTING: 2005 case STATE_CLOSED: 2006 case STATE_STOPPED: 2007 case STATE_OPENED: 2008 break; 2009 case STATE_CLOSING: 2010 case STATE_STOPPING: 2011 case STATE_REQ_SENT: 2012 case STATE_ACK_RCVD: 2013 case STATE_ACK_SENT: 2014 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2015 cp->TO, sp); 2016 break; 2017 } 2018 } 2019 2020 /* 2021 *--------------------------------------------------------------------------* 2022 * * 2023 * The LCP implementation. * 2024 * * 2025 *--------------------------------------------------------------------------* 2026 */ 2027 static void 2028 sppp_lcp_init(struct sppp *sp) 2029 { 2030 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2031 sp->lcp.magic = 0; 2032 sp->state[IDX_LCP] = STATE_INITIAL; 2033 sp->fail_counter[IDX_LCP] = 0; 2034 sp->pp_seq[IDX_LCP] = 0; 2035 sp->pp_rseq[IDX_LCP] = 0; 2036 sp->lcp.protos = 0; 2037 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2038 2039 /* 2040 * Initialize counters and timeout values. Note that we don't 2041 * use the 3 seconds suggested in RFC 1661 since we are likely 2042 * running on a fast link. XXX We should probably implement 2043 * the exponential backoff option. Note that these values are 2044 * relevant for all control protocols, not just LCP only. 2045 */ 2046 sp->lcp.timeout = 1 * hz; 2047 sp->lcp.max_terminate = 2; 2048 sp->lcp.max_configure = 10; 2049 sp->lcp.max_failure = 10; 2050 callout_init(&sp->ch[IDX_LCP]); 2051 } 2052 2053 static void 2054 sppp_lcp_up(struct sppp *sp) 2055 { 2056 STDDCL; 2057 2058 /* Initialize activity timestamp: opening a connection is an activity */ 2059 sp->pp_last_activity = mono_time.tv_sec; 2060 2061 /* 2062 * If this interface is passive or dial-on-demand, and we are 2063 * still in Initial state, it means we've got an incoming 2064 * call. Activate the interface. 2065 */ 2066 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2067 if (debug) 2068 log(LOG_DEBUG, 2069 SPP_FMT "Up event", SPP_ARGS(ifp)); 2070 ifp->if_flags |= IFF_RUNNING; 2071 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2072 if (debug) 2073 addlog("(incoming call)\n"); 2074 sp->pp_flags |= PP_CALLIN; 2075 lcp.Open(sp); 2076 } else if (debug) 2077 addlog("\n"); 2078 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2079 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2080 ifp->if_flags |= IFF_RUNNING; 2081 lcp.Open(sp); 2082 } 2083 2084 sppp_up_event(&lcp, sp); 2085 } 2086 2087 static void 2088 sppp_lcp_down(struct sppp *sp) 2089 { 2090 STDDCL; 2091 2092 sppp_down_event(&lcp, sp); 2093 2094 /* 2095 * If this is neither a dial-on-demand nor a passive 2096 * interface, simulate an ``ifconfig down'' action, so the 2097 * administrator can force a redial by another ``ifconfig 2098 * up''. XXX For leased line operation, should we immediately 2099 * try to reopen the connection here? 2100 */ 2101 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2102 if (debug) 2103 log(LOG_INFO, 2104 SPP_FMT "Down event (carrier loss), taking interface down.\n", 2105 SPP_ARGS(ifp)); 2106 if_down(ifp); 2107 } else { 2108 if (debug) 2109 log(LOG_DEBUG, 2110 SPP_FMT "Down event (carrier loss)\n", 2111 SPP_ARGS(ifp)); 2112 } 2113 sp->pp_flags &= ~PP_CALLIN; 2114 if (sp->state[IDX_LCP] != STATE_INITIAL) 2115 lcp.Close(sp); 2116 ifp->if_flags &= ~IFF_RUNNING; 2117 } 2118 2119 static void 2120 sppp_lcp_open(struct sppp *sp) 2121 { 2122 /* 2123 * If we are authenticator, negotiate LCP_AUTH 2124 */ 2125 if (sp->hisauth.proto != 0) 2126 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2127 else 2128 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2129 sp->pp_flags &= ~PP_NEEDAUTH; 2130 sppp_open_event(&lcp, sp); 2131 } 2132 2133 static void 2134 sppp_lcp_close(struct sppp *sp) 2135 { 2136 sppp_close_event(&lcp, sp); 2137 } 2138 2139 static void 2140 sppp_lcp_TO(void *cookie) 2141 { 2142 sppp_to_event(&lcp, (struct sppp *)cookie); 2143 } 2144 2145 /* 2146 * Analyze a configure request. Return true if it was agreeable, and 2147 * caused action sca, false if it has been rejected or nak'ed, and 2148 * caused action scn. (The return value is used to make the state 2149 * transition decision in the state automaton.) 2150 */ 2151 static int 2152 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2153 { 2154 STDDCL; 2155 u_char *buf, *r, *p; 2156 int origlen, rlen; 2157 u_int32_t nmagic; 2158 u_short authproto; 2159 2160 len -= 4; 2161 origlen = len; 2162 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2163 if (! buf) 2164 return (0); 2165 2166 if (debug) 2167 log(LOG_DEBUG, SPP_FMT "lcp parse opts:", 2168 SPP_ARGS(ifp)); 2169 2170 /* pass 1: check for things that need to be rejected */ 2171 p = (void *)(h + 1); 2172 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2173 if (debug) 2174 addlog(" %s", sppp_lcp_opt_name(*p)); 2175 switch (*p) { 2176 case LCP_OPT_MAGIC: 2177 /* Magic number. */ 2178 /* fall through, both are same length */ 2179 case LCP_OPT_ASYNC_MAP: 2180 /* Async control character map. */ 2181 if (len >= 6 || p[1] == 6) 2182 continue; 2183 if (debug) 2184 addlog(" [invalid]"); 2185 break; 2186 case LCP_OPT_MRU: 2187 /* Maximum receive unit. */ 2188 if (len >= 4 && p[1] == 4) 2189 continue; 2190 if (debug) 2191 addlog(" [invalid]"); 2192 break; 2193 case LCP_OPT_AUTH_PROTO: 2194 if (len < 4) { 2195 if (debug) 2196 addlog(" [invalid]"); 2197 break; 2198 } 2199 authproto = (p[2] << 8) + p[3]; 2200 if (authproto == PPP_CHAP && p[1] != 5) { 2201 if (debug) 2202 addlog(" [invalid chap len]"); 2203 break; 2204 } 2205 if (sp->myauth.proto == 0) { 2206 /* we are not configured to do auth */ 2207 if (debug) 2208 addlog(" [not configured]"); 2209 break; 2210 } 2211 /* 2212 * Remote want us to authenticate, remember this, 2213 * so we stay in SPPP_PHASE_AUTHENTICATE after LCP got 2214 * up. 2215 */ 2216 sp->pp_flags |= PP_NEEDAUTH; 2217 continue; 2218 default: 2219 /* Others not supported. */ 2220 if (debug) 2221 addlog(" [rej]"); 2222 break; 2223 } 2224 /* Add the option to rejected list. */ 2225 bcopy (p, r, p[1]); 2226 r += p[1]; 2227 rlen += p[1]; 2228 } 2229 if (rlen) { 2230 if (debug) 2231 addlog(" send conf-rej\n"); 2232 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2233 goto end; 2234 } else if (debug) 2235 addlog("\n"); 2236 2237 /* 2238 * pass 2: check for option values that are unacceptable and 2239 * thus require to be nak'ed. 2240 */ 2241 if (debug) 2242 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2243 SPP_ARGS(ifp)); 2244 2245 p = (void *)(h + 1); 2246 len = origlen; 2247 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2248 if (debug) 2249 addlog(" %s", sppp_lcp_opt_name(*p)); 2250 switch (*p) { 2251 case LCP_OPT_MAGIC: 2252 /* Magic number -- extract. */ 2253 nmagic = (u_int32_t)p[2] << 24 | 2254 (u_int32_t)p[3] << 16 | p[4] << 8 | p[5]; 2255 if (nmagic != sp->lcp.magic) { 2256 if (debug) 2257 addlog(" 0x%x", nmagic); 2258 continue; 2259 } 2260 /* 2261 * Local and remote magics equal -- loopback? 2262 */ 2263 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2264 printf (SPP_FMT "loopback\n", 2265 SPP_ARGS(ifp)); 2266 sp->pp_loopcnt = 0; 2267 if (ifp->if_flags & IFF_UP) { 2268 if_down(ifp); 2269 IF_PURGE(&sp->pp_cpq); 2270 /* XXX ? */ 2271 lcp.Down(sp); 2272 lcp.Up(sp); 2273 } 2274 } else if (debug) 2275 addlog(" [glitch]"); 2276 ++sp->pp_loopcnt; 2277 /* 2278 * We negate our magic here, and NAK it. If 2279 * we see it later in an NAK packet, we 2280 * suggest a new one. 2281 */ 2282 nmagic = ~sp->lcp.magic; 2283 /* Gonna NAK it. */ 2284 p[2] = nmagic >> 24; 2285 p[3] = nmagic >> 16; 2286 p[4] = nmagic >> 8; 2287 p[5] = nmagic; 2288 break; 2289 2290 case LCP_OPT_ASYNC_MAP: 2291 /* 2292 * Async control character map -- just ignore it. 2293 * 2294 * Quote from RFC 1662, chapter 6: 2295 * To enable this functionality, synchronous PPP 2296 * implementations MUST always respond to the 2297 * Async-Control-Character-Map Configuration 2298 * Option with the LCP Configure-Ack. However, 2299 * acceptance of the Configuration Option does 2300 * not imply that the synchronous implementation 2301 * will do any ACCM mapping. Instead, all such 2302 * octet mapping will be performed by the 2303 * asynchronous-to-synchronous converter. 2304 */ 2305 continue; 2306 2307 case LCP_OPT_MRU: 2308 /* 2309 * Maximum receive unit. Always agreeable, 2310 * but ignored by now. 2311 */ 2312 sp->lcp.their_mru = p[2] * 256 + p[3]; 2313 if (debug) 2314 addlog(" %ld", sp->lcp.their_mru); 2315 continue; 2316 2317 case LCP_OPT_AUTH_PROTO: 2318 authproto = (p[2] << 8) + p[3]; 2319 if (sp->myauth.proto != authproto) { 2320 /* not agreed, nak */ 2321 if (debug) 2322 addlog(" [mine %s != his %s]", 2323 sppp_proto_name(sp->hisauth.proto), 2324 sppp_proto_name(authproto)); 2325 p[2] = sp->myauth.proto >> 8; 2326 p[3] = sp->myauth.proto; 2327 break; 2328 } 2329 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2330 if (debug) 2331 addlog(" [chap not MD5]"); 2332 p[4] = CHAP_MD5; 2333 break; 2334 } 2335 continue; 2336 } 2337 /* Add the option to nak'ed list. */ 2338 bcopy (p, r, p[1]); 2339 r += p[1]; 2340 rlen += p[1]; 2341 } 2342 if (rlen) { 2343 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2344 if (debug) 2345 addlog(" max_failure (%d) exceeded, " 2346 "send conf-rej\n", 2347 sp->lcp.max_failure); 2348 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2349 } else { 2350 if (debug) 2351 addlog(" send conf-nak\n"); 2352 sppp_cp_send(sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2353 } 2354 goto end; 2355 } else { 2356 if (debug) 2357 addlog(" send conf-ack\n"); 2358 sp->fail_counter[IDX_LCP] = 0; 2359 sp->pp_loopcnt = 0; 2360 sppp_cp_send(sp, PPP_LCP, CONF_ACK, h->ident, origlen, h + 1); 2361 } 2362 2363 end: 2364 free(buf, M_TEMP); 2365 return (rlen == 0); 2366 } 2367 2368 /* 2369 * Analyze the LCP Configure-Reject option list, and adjust our 2370 * negotiation. 2371 */ 2372 static void 2373 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2374 { 2375 STDDCL; 2376 u_char *buf, *p; 2377 2378 len -= 4; 2379 buf = malloc (len, M_TEMP, M_NOWAIT); 2380 if (!buf) 2381 return; 2382 2383 if (debug) 2384 log(LOG_DEBUG, SPP_FMT "lcp rej opts:", 2385 SPP_ARGS(ifp)); 2386 2387 p = (void *)(h + 1); 2388 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2389 if (debug) 2390 addlog(" %s", sppp_lcp_opt_name(*p)); 2391 switch (*p) { 2392 case LCP_OPT_MAGIC: 2393 /* Magic number -- can't use it, use 0 */ 2394 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2395 sp->lcp.magic = 0; 2396 break; 2397 case LCP_OPT_MRU: 2398 /* 2399 * Should not be rejected anyway, since we only 2400 * negotiate a MRU if explicitly requested by 2401 * peer. 2402 */ 2403 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2404 break; 2405 case LCP_OPT_AUTH_PROTO: 2406 /* 2407 * Peer doesn't want to authenticate himself, 2408 * deny unless this is a dialout call, and 2409 * SPPP_AUTHFLAG_NOCALLOUT is set. 2410 */ 2411 if ((sp->pp_flags & PP_CALLIN) == 0 && 2412 (sp->hisauth.flags & SPPP_AUTHFLAG_NOCALLOUT) != 0) { 2413 if (debug) 2414 addlog(" [don't insist on auth " 2415 "for callout]"); 2416 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2417 break; 2418 } 2419 if (debug) 2420 addlog("[access denied]\n"); 2421 lcp.Close(sp); 2422 break; 2423 } 2424 } 2425 if (debug) 2426 addlog("\n"); 2427 free(buf, M_TEMP); 2428 return; 2429 } 2430 2431 /* 2432 * Analyze the LCP Configure-NAK option list, and adjust our 2433 * negotiation. 2434 */ 2435 static void 2436 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2437 { 2438 STDDCL; 2439 u_char *buf, *p; 2440 u_int32_t magic; 2441 2442 len -= 4; 2443 buf = malloc (len, M_TEMP, M_NOWAIT); 2444 if (!buf) 2445 return; 2446 2447 if (debug) 2448 log(LOG_DEBUG, SPP_FMT "lcp nak opts:", 2449 SPP_ARGS(ifp)); 2450 2451 p = (void *)(h + 1); 2452 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2453 if (debug) 2454 addlog(" %s", sppp_lcp_opt_name(*p)); 2455 switch (*p) { 2456 case LCP_OPT_MAGIC: 2457 /* Magic number -- renegotiate */ 2458 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2459 len >= 6 && p[1] == 6) { 2460 magic = (u_int32_t)p[2] << 24 | 2461 (u_int32_t)p[3] << 16 | p[4] << 8 | p[5]; 2462 /* 2463 * If the remote magic is our negated one, 2464 * this looks like a loopback problem. 2465 * Suggest a new magic to make sure. 2466 */ 2467 if (magic == ~sp->lcp.magic) { 2468 if (debug) 2469 addlog(" magic glitch"); 2470 sp->lcp.magic = random(); 2471 } else { 2472 sp->lcp.magic = magic; 2473 if (debug) 2474 addlog(" %d", magic); 2475 } 2476 } 2477 break; 2478 case LCP_OPT_MRU: 2479 /* 2480 * Peer wants to advise us to negotiate an MRU. 2481 * Agree on it if it's reasonable, or use 2482 * default otherwise. 2483 */ 2484 if (len >= 4 && p[1] == 4) { 2485 u_int mru = p[2] * 256 + p[3]; 2486 if (debug) 2487 addlog(" %d", mru); 2488 if (mru < PP_MTU || mru > PP_MAX_MRU) 2489 mru = PP_MTU; 2490 sp->lcp.mru = mru; 2491 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2492 } 2493 break; 2494 case LCP_OPT_AUTH_PROTO: 2495 /* 2496 * Peer doesn't like our authentication method, 2497 * deny. 2498 */ 2499 if (debug) 2500 addlog("[access denied]\n"); 2501 lcp.Close(sp); 2502 break; 2503 } 2504 } 2505 if (debug) 2506 addlog("\n"); 2507 free(buf, M_TEMP); 2508 return; 2509 } 2510 2511 static void 2512 sppp_lcp_tlu(struct sppp *sp) 2513 { 2514 STDDCL; 2515 int i; 2516 u_int32_t mask; 2517 2518 /* XXX ? */ 2519 if (! (ifp->if_flags & IFF_UP) && 2520 (ifp->if_flags & IFF_RUNNING)) { 2521 /* Coming out of loopback mode. */ 2522 if_up(ifp); 2523 } 2524 2525 for (i = 0; i < IDX_COUNT; i++) 2526 if ((cps[i])->flags & CP_QUAL) 2527 (cps[i])->Open(sp); 2528 2529 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2530 (sp->pp_flags & PP_NEEDAUTH) != 0) 2531 sp->pp_phase = SPPP_PHASE_AUTHENTICATE; 2532 else 2533 sp->pp_phase = SPPP_PHASE_NETWORK; 2534 2535 if(debug) 2536 { 2537 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2538 sppp_phase_name(sp->pp_phase)); 2539 } 2540 2541 /* 2542 * Open all authentication protocols. This is even required 2543 * if we already proceeded to network phase, since it might be 2544 * that remote wants us to authenticate, so we might have to 2545 * send a PAP request. Undesired authentication protocols 2546 * don't do anything when they get an Open event. 2547 */ 2548 for (i = 0; i < IDX_COUNT; i++) 2549 if ((cps[i])->flags & CP_AUTH) 2550 (cps[i])->Open(sp); 2551 2552 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 2553 /* Notify all NCPs. */ 2554 for (i = 0; i < IDX_COUNT; i++) 2555 if ((cps[i])->flags & CP_NCP) 2556 (cps[i])->Open(sp); 2557 } 2558 2559 /* Send Up events to all started protos. */ 2560 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2561 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2562 (cps[i])->Up(sp); 2563 2564 /* notify low-level driver of state change */ 2565 if (sp->pp_chg) 2566 sp->pp_chg(sp, (int)sp->pp_phase); 2567 2568 if (sp->pp_phase == SPPP_PHASE_NETWORK) 2569 /* if no NCP is starting, close down */ 2570 sppp_lcp_check_and_close(sp); 2571 } 2572 2573 static void 2574 sppp_lcp_tld(struct sppp *sp) 2575 { 2576 STDDCL; 2577 int i; 2578 u_int32_t mask; 2579 2580 sp->pp_phase = SPPP_PHASE_TERMINATE; 2581 2582 if(debug) 2583 { 2584 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2585 sppp_phase_name(sp->pp_phase)); 2586 } 2587 2588 /* 2589 * Take upper layers down. We send the Down event first and 2590 * the Close second to prevent the upper layers from sending 2591 * ``a flurry of terminate-request packets'', as the RFC 2592 * describes it. 2593 */ 2594 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2595 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2596 (cps[i])->Down(sp); 2597 (cps[i])->Close(sp); 2598 } 2599 } 2600 2601 static void 2602 sppp_lcp_tls(struct sppp *sp) 2603 { 2604 STDDCL; 2605 2606 if (sp->pp_max_auth_fail != 0 && sp->pp_auth_failures >= sp->pp_max_auth_fail) { 2607 printf("%s: authentication failed %d times, not retrying again\n", 2608 sp->pp_if.if_xname, sp->pp_auth_failures); 2609 if_down(&sp->pp_if); 2610 return; 2611 } 2612 2613 sp->pp_phase = SPPP_PHASE_ESTABLISH; 2614 2615 if(debug) 2616 { 2617 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2618 sppp_phase_name(sp->pp_phase)); 2619 } 2620 2621 /* Notify lower layer if desired. */ 2622 if (sp->pp_tls) 2623 (sp->pp_tls)(sp); 2624 } 2625 2626 static void 2627 sppp_lcp_tlf(struct sppp *sp) 2628 { 2629 STDDCL; 2630 2631 sp->pp_phase = SPPP_PHASE_DEAD; 2632 2633 if(debug) 2634 { 2635 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2636 sppp_phase_name(sp->pp_phase)); 2637 } 2638 2639 /* Notify lower layer if desired. */ 2640 if (sp->pp_tlf) 2641 (sp->pp_tlf)(sp); 2642 } 2643 2644 static void 2645 sppp_lcp_scr(struct sppp *sp) 2646 { 2647 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2648 int i = 0; 2649 u_short authproto; 2650 2651 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2652 if (! sp->lcp.magic) 2653 sp->lcp.magic = random(); 2654 opt[i++] = LCP_OPT_MAGIC; 2655 opt[i++] = 6; 2656 opt[i++] = sp->lcp.magic >> 24; 2657 opt[i++] = sp->lcp.magic >> 16; 2658 opt[i++] = sp->lcp.magic >> 8; 2659 opt[i++] = sp->lcp.magic; 2660 } 2661 2662 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2663 opt[i++] = LCP_OPT_MRU; 2664 opt[i++] = 4; 2665 opt[i++] = sp->lcp.mru >> 8; 2666 opt[i++] = sp->lcp.mru; 2667 } 2668 2669 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2670 authproto = sp->hisauth.proto; 2671 opt[i++] = LCP_OPT_AUTH_PROTO; 2672 opt[i++] = authproto == PPP_CHAP? 5: 4; 2673 opt[i++] = authproto >> 8; 2674 opt[i++] = authproto; 2675 if (authproto == PPP_CHAP) 2676 opt[i++] = CHAP_MD5; 2677 } 2678 2679 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2680 sppp_cp_send(sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2681 } 2682 2683 /* 2684 * Check the open NCPs, return true if at least one NCP is open. 2685 */ 2686 static int 2687 sppp_ncp_check(struct sppp *sp) 2688 { 2689 int i, mask; 2690 2691 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2692 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2693 return 1; 2694 return 0; 2695 } 2696 2697 /* 2698 * Re-check the open NCPs and see if we should terminate the link. 2699 * Called by the NCPs during their tlf action handling. 2700 */ 2701 static void 2702 sppp_lcp_check_and_close(struct sppp *sp) 2703 { 2704 2705 if (sp->pp_phase < SPPP_PHASE_NETWORK) 2706 /* don't bother, we are already going down */ 2707 return; 2708 2709 if (sppp_ncp_check(sp)) 2710 return; 2711 2712 lcp.Close(sp); 2713 } 2714 2715 2716 /* 2717 *--------------------------------------------------------------------------* 2718 * * 2719 * The IPCP implementation. * 2720 * * 2721 *--------------------------------------------------------------------------* 2722 */ 2723 2724 static void 2725 sppp_ipcp_init(struct sppp *sp) 2726 { 2727 sp->ipcp.opts = 0; 2728 sp->ipcp.flags = 0; 2729 sp->state[IDX_IPCP] = STATE_INITIAL; 2730 sp->fail_counter[IDX_IPCP] = 0; 2731 sp->pp_seq[IDX_IPCP] = 0; 2732 sp->pp_rseq[IDX_IPCP] = 0; 2733 callout_init(&sp->ch[IDX_IPCP]); 2734 } 2735 2736 static void 2737 sppp_ipcp_up(struct sppp *sp) 2738 { 2739 sppp_up_event(&ipcp, sp); 2740 } 2741 2742 static void 2743 sppp_ipcp_down(struct sppp *sp) 2744 { 2745 sppp_down_event(&ipcp, sp); 2746 } 2747 2748 static void 2749 sppp_ipcp_open(struct sppp *sp) 2750 { 2751 STDDCL; 2752 u_int32_t myaddr, hisaddr; 2753 2754 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN|IPCP_HISADDR_DYN); 2755 sp->ipcp.req_myaddr = 0; 2756 sp->ipcp.req_hisaddr = 0; 2757 memset(&sp->dns_addrs, 0, sizeof sp->dns_addrs); 2758 2759 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2760 /* 2761 * If we don't have his address, this probably means our 2762 * interface doesn't want to talk IP at all. (This could 2763 * be the case if somebody wants to speak only IPX, for 2764 * example.) Don't open IPCP in this case. 2765 */ 2766 if (hisaddr == 0L) { 2767 /* XXX this message should go away */ 2768 if (debug) 2769 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2770 SPP_ARGS(ifp)); 2771 return; 2772 } 2773 2774 if (myaddr == 0) { 2775 /* 2776 * I don't have an assigned address, so i need to 2777 * negotiate my address. 2778 */ 2779 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2780 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2781 } 2782 if (hisaddr == 1) { 2783 /* 2784 * XXX - remove this hack! 2785 * remote has no valid adress, we need to get one assigned. 2786 */ 2787 sp->ipcp.flags |= IPCP_HISADDR_DYN; 2788 } 2789 sppp_open_event(&ipcp, sp); 2790 } 2791 2792 static void 2793 sppp_ipcp_close(struct sppp *sp) 2794 { 2795 STDDCL; 2796 2797 sppp_close_event(&ipcp, sp); 2798 if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN)) 2799 /* 2800 * Some address was dynamic, clear it again. 2801 */ 2802 sppp_clear_ip_addrs(sp); 2803 2804 if (sp->pp_saved_mtu > 0) { 2805 ifp->if_mtu = sp->pp_saved_mtu; 2806 sp->pp_saved_mtu = 0; 2807 if (debug) 2808 log(LOG_DEBUG, 2809 SPP_FMT "resetting MTU to %" PRIu64 " bytes\n", 2810 SPP_ARGS(ifp), ifp->if_mtu); 2811 } 2812 } 2813 2814 static void 2815 sppp_ipcp_TO(void *cookie) 2816 { 2817 sppp_to_event(&ipcp, (struct sppp *)cookie); 2818 } 2819 2820 /* 2821 * Analyze a configure request. Return true if it was agreeable, and 2822 * caused action sca, false if it has been rejected or nak'ed, and 2823 * caused action scn. (The return value is used to make the state 2824 * transition decision in the state automaton.) 2825 */ 2826 static int 2827 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2828 { 2829 u_char *buf, *r, *p; 2830 struct ifnet *ifp = &sp->pp_if; 2831 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2832 u_int32_t hisaddr, desiredaddr; 2833 2834 len -= 4; 2835 origlen = len; 2836 /* 2837 * Make sure to allocate a buf that can at least hold a 2838 * conf-nak with an `address' option. We might need it below. 2839 */ 2840 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2841 if (! buf) 2842 return (0); 2843 2844 /* pass 1: see if we can recognize them */ 2845 if (debug) 2846 log(LOG_DEBUG, SPP_FMT "ipcp parse opts:", 2847 SPP_ARGS(ifp)); 2848 p = (void *)(h + 1); 2849 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2850 if (debug) 2851 addlog(" %s", sppp_ipcp_opt_name(*p)); 2852 switch (*p) { 2853 #ifdef notyet 2854 case IPCP_OPT_COMPRESSION: 2855 if (len >= 6 && p[1] >= 6) { 2856 /* correctly formed compress option */ 2857 continue; 2858 } 2859 if (debug) 2860 addlog(" [invalid]"); 2861 break; 2862 #endif 2863 case IPCP_OPT_ADDRESS: 2864 if (len >= 6 && p[1] == 6) { 2865 /* correctly formed address option */ 2866 continue; 2867 } 2868 if (debug) 2869 addlog(" [invalid]"); 2870 break; 2871 default: 2872 /* Others not supported. */ 2873 if (debug) 2874 addlog(" [rej]"); 2875 break; 2876 } 2877 /* Add the option to rejected list. */ 2878 bcopy (p, r, p[1]); 2879 r += p[1]; 2880 rlen += p[1]; 2881 } 2882 if (rlen) { 2883 if (debug) 2884 addlog(" send conf-rej\n"); 2885 sppp_cp_send(sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2886 goto end; 2887 } else if (debug) 2888 addlog("\n"); 2889 2890 /* pass 2: parse option values */ 2891 if (sp->ipcp.flags & IPCP_HISADDR_SEEN) 2892 hisaddr = sp->ipcp.req_hisaddr; /* we already aggreed on that */ 2893 else 2894 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */ 2895 if (debug) 2896 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2897 SPP_ARGS(ifp)); 2898 p = (void *)(h + 1); 2899 len = origlen; 2900 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2901 if (debug) 2902 addlog(" %s", sppp_ipcp_opt_name(*p)); 2903 switch (*p) { 2904 #ifdef notyet 2905 case IPCP_OPT_COMPRESSION: 2906 continue; 2907 #endif 2908 case IPCP_OPT_ADDRESS: 2909 desiredaddr = p[2] << 24 | p[3] << 16 | 2910 p[4] << 8 | p[5]; 2911 if (desiredaddr == hisaddr || 2912 ((sp->ipcp.flags & IPCP_HISADDR_DYN) && desiredaddr != 0)) { 2913 /* 2914 * Peer's address is same as our value, 2915 * this is agreeable. Gonna conf-ack 2916 * it. 2917 */ 2918 if (debug) 2919 addlog(" %s [ack]", 2920 sppp_dotted_quad(hisaddr)); 2921 /* record that we've seen it already */ 2922 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2923 sp->ipcp.req_hisaddr = desiredaddr; 2924 hisaddr = desiredaddr; 2925 continue; 2926 } 2927 /* 2928 * The address wasn't agreeable. This is either 2929 * he sent us 0.0.0.0, asking to assign him an 2930 * address, or he send us another address not 2931 * matching our value. Either case, we gonna 2932 * conf-nak it with our value. 2933 */ 2934 if (debug) { 2935 if (desiredaddr == 0) 2936 addlog(" [addr requested]"); 2937 else 2938 addlog(" %s [not agreed]", 2939 sppp_dotted_quad(desiredaddr)); 2940 } 2941 2942 p[2] = hisaddr >> 24; 2943 p[3] = hisaddr >> 16; 2944 p[4] = hisaddr >> 8; 2945 p[5] = hisaddr; 2946 break; 2947 } 2948 /* Add the option to nak'ed list. */ 2949 bcopy (p, r, p[1]); 2950 r += p[1]; 2951 rlen += p[1]; 2952 } 2953 2954 /* 2955 * If we are about to conf-ack the request, but haven't seen 2956 * his address so far, gonna conf-nak it instead, with the 2957 * `address' option present and our idea of his address being 2958 * filled in there, to request negotiation of both addresses. 2959 * 2960 * XXX This can result in an endless req - nak loop if peer 2961 * doesn't want to send us his address. Q: What should we do 2962 * about it? XXX A: implement the max-failure counter. 2963 */ 2964 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) { 2965 buf[0] = IPCP_OPT_ADDRESS; 2966 buf[1] = 6; 2967 buf[2] = hisaddr >> 24; 2968 buf[3] = hisaddr >> 16; 2969 buf[4] = hisaddr >> 8; 2970 buf[5] = hisaddr; 2971 rlen = 6; 2972 if (debug) 2973 addlog(" still need hisaddr"); 2974 } 2975 2976 if (rlen) { 2977 if (debug) 2978 addlog(" send conf-nak\n"); 2979 sppp_cp_send(sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2980 } else { 2981 if (debug) 2982 addlog(" send conf-ack\n"); 2983 sppp_cp_send(sp, PPP_IPCP, CONF_ACK, h->ident, origlen, h + 1); 2984 } 2985 2986 end: 2987 free(buf, M_TEMP); 2988 return (rlen == 0); 2989 } 2990 2991 /* 2992 * Analyze the IPCP Configure-Reject option list, and adjust our 2993 * negotiation. 2994 */ 2995 static void 2996 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2997 { 2998 u_char *buf, *p; 2999 struct ifnet *ifp = &sp->pp_if; 3000 int debug = ifp->if_flags & IFF_DEBUG; 3001 3002 len -= 4; 3003 buf = malloc (len, M_TEMP, M_NOWAIT); 3004 if (!buf) 3005 return; 3006 3007 if (debug) 3008 log(LOG_DEBUG, SPP_FMT "ipcp rej opts:", 3009 SPP_ARGS(ifp)); 3010 3011 p = (void *)(h + 1); 3012 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3013 if (debug) 3014 addlog(" %s", sppp_ipcp_opt_name(*p)); 3015 switch (*p) { 3016 case IPCP_OPT_ADDRESS: 3017 /* 3018 * Peer doesn't grok address option. This is 3019 * bad. XXX Should we better give up here? 3020 */ 3021 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3022 break; 3023 #ifdef notyet 3024 case IPCP_OPT_COMPRESS: 3025 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS); 3026 break; 3027 #endif 3028 } 3029 } 3030 if (debug) 3031 addlog("\n"); 3032 free(buf, M_TEMP); 3033 return; 3034 } 3035 3036 /* 3037 * Analyze the IPCP Configure-NAK option list, and adjust our 3038 * negotiation. 3039 */ 3040 static void 3041 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3042 { 3043 u_char *p; 3044 struct ifnet *ifp = &sp->pp_if; 3045 int debug = ifp->if_flags & IFF_DEBUG; 3046 u_int32_t wantaddr; 3047 3048 len -= 4; 3049 3050 if (debug) 3051 log(LOG_DEBUG, SPP_FMT "ipcp nak opts:", 3052 SPP_ARGS(ifp)); 3053 3054 p = (void *)(h + 1); 3055 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3056 if (debug) 3057 addlog(" %s", sppp_ipcp_opt_name(*p)); 3058 switch (*p) { 3059 case IPCP_OPT_ADDRESS: 3060 /* 3061 * Peer doesn't like our local IP address. See 3062 * if we can do something for him. We'll drop 3063 * him our address then. 3064 */ 3065 if (len >= 6 && p[1] == 6) { 3066 wantaddr = p[2] << 24 | p[3] << 16 | 3067 p[4] << 8 | p[5]; 3068 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3069 if (debug) 3070 addlog(" [wantaddr %s]", 3071 sppp_dotted_quad(wantaddr)); 3072 /* 3073 * When doing dynamic address assignment, 3074 * we accept his offer. Otherwise, we 3075 * ignore it and thus continue to negotiate 3076 * our already existing value. 3077 */ 3078 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3079 if (debug) 3080 addlog(" [agree]"); 3081 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3082 sp->ipcp.req_myaddr = wantaddr; 3083 } 3084 } 3085 break; 3086 3087 case IPCP_OPT_PRIMDNS: 3088 if (len >= 6 && p[1] == 6) { 3089 sp->dns_addrs[0] = p[2] << 24 | p[3] << 16 | 3090 p[4] << 8 | p[5]; 3091 } 3092 break; 3093 3094 case IPCP_OPT_SECDNS: 3095 if (len >= 6 && p[1] == 6) { 3096 sp->dns_addrs[1] = p[2] << 24 | p[3] << 16 | 3097 p[4] << 8 | p[5]; 3098 } 3099 break; 3100 #ifdef notyet 3101 case IPCP_OPT_COMPRESS: 3102 /* 3103 * Peer wants different compression parameters. 3104 */ 3105 break; 3106 #endif 3107 } 3108 } 3109 if (debug) 3110 addlog("\n"); 3111 return; 3112 } 3113 3114 static void 3115 sppp_ipcp_tlu(struct sppp *sp) 3116 { 3117 /* we are up. Set addresses and notify anyone interested */ 3118 STDDCL; 3119 u_int32_t myaddr, hisaddr; 3120 3121 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 3122 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && (sp->ipcp.flags & IPCP_MYADDR_SEEN)) 3123 myaddr = sp->ipcp.req_myaddr; 3124 if ((sp->ipcp.flags & IPCP_HISADDR_DYN) && (sp->ipcp.flags & IPCP_HISADDR_SEEN)) 3125 hisaddr = sp->ipcp.req_hisaddr; 3126 sppp_set_ip_addrs(sp, myaddr, hisaddr); 3127 3128 if (ifp->if_mtu > sp->lcp.their_mru) { 3129 sp->pp_saved_mtu = ifp->if_mtu; 3130 ifp->if_mtu = sp->lcp.their_mru; 3131 if (debug) 3132 log(LOG_DEBUG, 3133 SPP_FMT "setting MTU to %" PRIu64 " bytes\n", 3134 SPP_ARGS(ifp), ifp->if_mtu); 3135 } 3136 3137 if (sp->pp_con) 3138 sp->pp_con(sp); 3139 } 3140 3141 static void 3142 sppp_ipcp_tld(struct sppp *sp) 3143 { 3144 } 3145 3146 static void 3147 sppp_ipcp_tls(struct sppp *sp) 3148 { 3149 /* indicate to LCP that it must stay alive */ 3150 sp->lcp.protos |= (1 << IDX_IPCP); 3151 } 3152 3153 static void 3154 sppp_ipcp_tlf(struct sppp *sp) 3155 { 3156 /* we no longer need LCP */ 3157 sp->lcp.protos &= ~(1 << IDX_IPCP); 3158 } 3159 3160 static void 3161 sppp_ipcp_scr(struct sppp *sp) 3162 { 3163 char opt[6 /* compression */ + 6 /* address */ + 12 /* dns addresses */]; 3164 u_int32_t ouraddr; 3165 int i = 0; 3166 3167 #ifdef notyet 3168 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3169 opt[i++] = IPCP_OPT_COMPRESSION; 3170 opt[i++] = 6; 3171 opt[i++] = 0; /* VJ header compression */ 3172 opt[i++] = 0x2d; /* VJ header compression */ 3173 opt[i++] = max_slot_id; 3174 opt[i++] = comp_slot_id; 3175 } 3176 #endif 3177 3178 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3179 if (sp->ipcp.flags & IPCP_MYADDR_SEEN) 3180 ouraddr = sp->ipcp.req_myaddr; /* not sure if this can ever happen */ 3181 else 3182 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3183 opt[i++] = IPCP_OPT_ADDRESS; 3184 opt[i++] = 6; 3185 opt[i++] = ouraddr >> 24; 3186 opt[i++] = ouraddr >> 16; 3187 opt[i++] = ouraddr >> 8; 3188 opt[i++] = ouraddr; 3189 } 3190 3191 if (sp->query_dns & 1) { 3192 opt[i++] = IPCP_OPT_PRIMDNS; 3193 opt[i++] = 6; 3194 opt[i++] = sp->dns_addrs[0] >> 24; 3195 opt[i++] = sp->dns_addrs[0] >> 16; 3196 opt[i++] = sp->dns_addrs[0] >> 8; 3197 opt[i++] = sp->dns_addrs[0]; 3198 } 3199 if (sp->query_dns & 2) { 3200 opt[i++] = IPCP_OPT_SECDNS; 3201 opt[i++] = 6; 3202 opt[i++] = sp->dns_addrs[1] >> 24; 3203 opt[i++] = sp->dns_addrs[1] >> 16; 3204 opt[i++] = sp->dns_addrs[1] >> 8; 3205 opt[i++] = sp->dns_addrs[1]; 3206 } 3207 3208 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3209 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3210 } 3211 3212 3213 /* 3214 *--------------------------------------------------------------------------* 3215 * * 3216 * The IPv6CP implementation. * 3217 * * 3218 *--------------------------------------------------------------------------* 3219 */ 3220 3221 #ifdef INET6 3222 static void 3223 sppp_ipv6cp_init(struct sppp *sp) 3224 { 3225 sp->ipv6cp.opts = 0; 3226 sp->ipv6cp.flags = 0; 3227 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3228 sp->fail_counter[IDX_IPV6CP] = 0; 3229 sp->pp_seq[IDX_IPV6CP] = 0; 3230 sp->pp_rseq[IDX_IPV6CP] = 0; 3231 callout_init(&sp->ch[IDX_IPV6CP]); 3232 } 3233 3234 static void 3235 sppp_ipv6cp_up(struct sppp *sp) 3236 { 3237 sppp_up_event(&ipv6cp, sp); 3238 } 3239 3240 static void 3241 sppp_ipv6cp_down(struct sppp *sp) 3242 { 3243 sppp_down_event(&ipv6cp, sp); 3244 } 3245 3246 static void 3247 sppp_ipv6cp_open(struct sppp *sp) 3248 { 3249 STDDCL; 3250 struct in6_addr myaddr, hisaddr; 3251 3252 #ifdef IPV6CP_MYIFID_DYN 3253 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3254 #else 3255 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3256 #endif 3257 3258 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3259 /* 3260 * If we don't have our address, this probably means our 3261 * interface doesn't want to talk IPv6 at all. (This could 3262 * be the case if somebody wants to speak only IPX, for 3263 * example.) Don't open IPv6CP in this case. 3264 */ 3265 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3266 /* XXX this message should go away */ 3267 if (debug) 3268 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3269 SPP_ARGS(ifp)); 3270 return; 3271 } 3272 3273 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3274 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3275 sppp_open_event(&ipv6cp, sp); 3276 } 3277 3278 static void 3279 sppp_ipv6cp_close(struct sppp *sp) 3280 { 3281 sppp_close_event(&ipv6cp, sp); 3282 } 3283 3284 static void 3285 sppp_ipv6cp_TO(void *cookie) 3286 { 3287 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3288 } 3289 3290 /* 3291 * Analyze a configure request. Return true if it was agreeable, and 3292 * caused action sca, false if it has been rejected or nak'ed, and 3293 * caused action scn. (The return value is used to make the state 3294 * transition decision in the state automaton.) 3295 */ 3296 static int 3297 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3298 { 3299 u_char *buf, *r, *p; 3300 struct ifnet *ifp = &sp->pp_if; 3301 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3302 struct in6_addr myaddr, desiredaddr, suggestaddr; 3303 int ifidcount; 3304 int type; 3305 int collision, nohisaddr; 3306 3307 len -= 4; 3308 origlen = len; 3309 /* 3310 * Make sure to allocate a buf that can at least hold a 3311 * conf-nak with an `address' option. We might need it below. 3312 */ 3313 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3314 if (! buf) 3315 return (0); 3316 3317 /* pass 1: see if we can recognize them */ 3318 if (debug) 3319 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3320 SPP_ARGS(ifp)); 3321 p = (void *)(h + 1); 3322 ifidcount = 0; 3323 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3324 if (debug) 3325 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3326 switch (*p) { 3327 case IPV6CP_OPT_IFID: 3328 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3329 /* correctly formed address option */ 3330 ifidcount++; 3331 continue; 3332 } 3333 if (debug) 3334 addlog(" [invalid]"); 3335 break; 3336 #ifdef notyet 3337 case IPV6CP_OPT_COMPRESSION: 3338 if (len >= 4 && p[1] >= 4) { 3339 /* correctly formed compress option */ 3340 continue; 3341 } 3342 if (debug) 3343 addlog(" [invalid]"); 3344 break; 3345 #endif 3346 default: 3347 /* Others not supported. */ 3348 if (debug) 3349 addlog(" [rej]"); 3350 break; 3351 } 3352 /* Add the option to rejected list. */ 3353 bcopy (p, r, p[1]); 3354 r += p[1]; 3355 rlen += p[1]; 3356 } 3357 if (rlen) { 3358 if (debug) 3359 addlog(" send conf-rej\n"); 3360 sppp_cp_send(sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3361 goto end; 3362 } else if (debug) 3363 addlog("\n"); 3364 3365 /* pass 2: parse option values */ 3366 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3367 if (debug) 3368 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3369 SPP_ARGS(ifp)); 3370 p = (void *)(h + 1); 3371 len = origlen; 3372 type = CONF_ACK; 3373 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3374 if (debug) 3375 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3376 switch (*p) { 3377 #ifdef notyet 3378 case IPV6CP_OPT_COMPRESSION: 3379 continue; 3380 #endif 3381 case IPV6CP_OPT_IFID: 3382 memset(&desiredaddr, 0, sizeof(desiredaddr)); 3383 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3384 collision = (memcmp(&desiredaddr.s6_addr[8], 3385 &myaddr.s6_addr[8], 8) == 0); 3386 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3387 3388 desiredaddr.s6_addr16[0] = htons(0xfe80); 3389 desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3390 3391 if (!collision && !nohisaddr) { 3392 /* no collision, hisaddr known - Conf-Ack */ 3393 type = CONF_ACK; 3394 3395 if (debug) { 3396 addlog(" %s [%s]", 3397 ip6_sprintf(&desiredaddr), 3398 sppp_cp_type_name(type)); 3399 } 3400 continue; 3401 } 3402 3403 memset(&suggestaddr, 0, sizeof(&suggestaddr)); 3404 if (collision && nohisaddr) { 3405 /* collision, hisaddr unknown - Conf-Rej */ 3406 type = CONF_REJ; 3407 memset(&p[2], 0, 8); 3408 } else { 3409 /* 3410 * - no collision, hisaddr unknown, or 3411 * - collision, hisaddr known 3412 * Conf-Nak, suggest hisaddr 3413 */ 3414 type = CONF_NAK; 3415 sppp_suggest_ip6_addr(sp, &suggestaddr); 3416 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3417 } 3418 if (debug) 3419 addlog(" %s [%s]", ip6_sprintf(&desiredaddr), 3420 sppp_cp_type_name(type)); 3421 break; 3422 } 3423 /* Add the option to nak'ed list. */ 3424 bcopy (p, r, p[1]); 3425 r += p[1]; 3426 rlen += p[1]; 3427 } 3428 3429 if (rlen == 0 && type == CONF_ACK) { 3430 if (debug) 3431 addlog(" send %s\n", sppp_cp_type_name(type)); 3432 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, origlen, h + 1); 3433 } else { 3434 #ifdef notdef 3435 if (type == CONF_ACK) 3436 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3437 #endif 3438 3439 if (debug) { 3440 addlog(" send %s suggest %s\n", 3441 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr)); 3442 } 3443 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3444 } 3445 3446 end: 3447 free(buf, M_TEMP); 3448 return (rlen == 0); 3449 } 3450 3451 /* 3452 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3453 * negotiation. 3454 */ 3455 static void 3456 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3457 { 3458 u_char *buf, *p; 3459 struct ifnet *ifp = &sp->pp_if; 3460 int debug = ifp->if_flags & IFF_DEBUG; 3461 3462 len -= 4; 3463 buf = malloc (len, M_TEMP, M_NOWAIT); 3464 if (!buf) 3465 return; 3466 3467 if (debug) 3468 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3469 SPP_ARGS(ifp)); 3470 3471 p = (void *)(h + 1); 3472 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3473 if (debug) 3474 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3475 switch (*p) { 3476 case IPV6CP_OPT_IFID: 3477 /* 3478 * Peer doesn't grok address option. This is 3479 * bad. XXX Should we better give up here? 3480 */ 3481 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3482 break; 3483 #ifdef notyet 3484 case IPV6CP_OPT_COMPRESS: 3485 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3486 break; 3487 #endif 3488 } 3489 } 3490 if (debug) 3491 addlog("\n"); 3492 free(buf, M_TEMP); 3493 return; 3494 } 3495 3496 /* 3497 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3498 * negotiation. 3499 */ 3500 static void 3501 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3502 { 3503 u_char *buf, *p; 3504 struct ifnet *ifp = &sp->pp_if; 3505 int debug = ifp->if_flags & IFF_DEBUG; 3506 struct in6_addr suggestaddr; 3507 3508 len -= 4; 3509 buf = malloc (len, M_TEMP, M_NOWAIT); 3510 if (!buf) 3511 return; 3512 3513 if (debug) 3514 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3515 SPP_ARGS(ifp)); 3516 3517 p = (void *)(h + 1); 3518 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3519 if (debug) 3520 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3521 switch (*p) { 3522 case IPV6CP_OPT_IFID: 3523 /* 3524 * Peer doesn't like our local ifid. See 3525 * if we can do something for him. We'll drop 3526 * him our address then. 3527 */ 3528 if (len < 10 || p[1] != 10) 3529 break; 3530 memset(&suggestaddr, 0, sizeof(suggestaddr)); 3531 suggestaddr.s6_addr16[0] = htons(0xfe80); 3532 suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3533 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3534 3535 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3536 if (debug) 3537 addlog(" [suggestaddr %s]", 3538 ip6_sprintf(&suggestaddr)); 3539 #ifdef IPV6CP_MYIFID_DYN 3540 /* 3541 * When doing dynamic address assignment, 3542 * we accept his offer. 3543 */ 3544 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3545 struct in6_addr lastsuggest; 3546 /* 3547 * If <suggested myaddr from peer> equals to 3548 * <hisaddr we have suggested last time>, 3549 * we have a collision. generate new random 3550 * ifid. 3551 */ 3552 sppp_suggest_ip6_addr(&lastsuggest); 3553 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3554 lastsuggest)) { 3555 if (debug) 3556 addlog(" [random]"); 3557 sppp_gen_ip6_addr(sp, &suggestaddr); 3558 } 3559 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3560 if (debug) 3561 addlog(" [agree]"); 3562 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3563 } 3564 #else 3565 /* 3566 * Since we do not do dynamic address assignment, 3567 * we ignore it and thus continue to negotiate 3568 * our already existing value. This can possibly 3569 * go into infinite request-reject loop. 3570 * 3571 * This is not likely because we normally use 3572 * ifid based on MAC-address. 3573 * If you have no ethernet card on the node, too bad. 3574 * XXX should we use fail_counter? 3575 */ 3576 #endif 3577 break; 3578 #ifdef notyet 3579 case IPV6CP_OPT_COMPRESS: 3580 /* 3581 * Peer wants different compression parameters. 3582 */ 3583 break; 3584 #endif 3585 } 3586 } 3587 if (debug) 3588 addlog("\n"); 3589 free(buf, M_TEMP); 3590 return; 3591 } 3592 3593 static void 3594 sppp_ipv6cp_tlu(struct sppp *sp) 3595 { 3596 /* we are up - notify isdn daemon */ 3597 if (sp->pp_con) 3598 sp->pp_con(sp); 3599 } 3600 3601 static void 3602 sppp_ipv6cp_tld(struct sppp *sp) 3603 { 3604 } 3605 3606 static void 3607 sppp_ipv6cp_tls(struct sppp *sp) 3608 { 3609 /* indicate to LCP that it must stay alive */ 3610 sp->lcp.protos |= (1 << IDX_IPV6CP); 3611 } 3612 3613 static void 3614 sppp_ipv6cp_tlf(struct sppp *sp) 3615 { 3616 /* we no longer need LCP */ 3617 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3618 } 3619 3620 static void 3621 sppp_ipv6cp_scr(struct sppp *sp) 3622 { 3623 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3624 struct in6_addr ouraddr; 3625 int i = 0; 3626 3627 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3628 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3629 opt[i++] = IPV6CP_OPT_IFID; 3630 opt[i++] = 10; 3631 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3632 i += 8; 3633 } 3634 3635 #ifdef notyet 3636 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3637 opt[i++] = IPV6CP_OPT_COMPRESSION; 3638 opt[i++] = 4; 3639 opt[i++] = 0; /* TBD */ 3640 opt[i++] = 0; /* TBD */ 3641 /* variable length data may follow */ 3642 } 3643 #endif 3644 3645 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3646 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3647 } 3648 #else /*INET6*/ 3649 static void sppp_ipv6cp_init(struct sppp *sp) 3650 { 3651 } 3652 3653 static void sppp_ipv6cp_up(struct sppp *sp) 3654 { 3655 } 3656 3657 static void sppp_ipv6cp_down(struct sppp *sp) 3658 { 3659 } 3660 3661 3662 static void sppp_ipv6cp_open(struct sppp *sp) 3663 { 3664 } 3665 3666 static void sppp_ipv6cp_close(struct sppp *sp) 3667 { 3668 } 3669 3670 static void sppp_ipv6cp_TO(void *sp) 3671 { 3672 } 3673 3674 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3675 { 3676 return 0; 3677 } 3678 3679 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3680 { 3681 } 3682 3683 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3684 { 3685 } 3686 3687 static void sppp_ipv6cp_tlu(struct sppp *sp) 3688 { 3689 } 3690 3691 static void sppp_ipv6cp_tld(struct sppp *sp) 3692 { 3693 } 3694 3695 static void sppp_ipv6cp_tls(struct sppp *sp) 3696 { 3697 } 3698 3699 static void sppp_ipv6cp_tlf(struct sppp *sp) 3700 { 3701 } 3702 3703 static void sppp_ipv6cp_scr(struct sppp *sp) 3704 { 3705 } 3706 #endif /*INET6*/ 3707 3708 3709 /* 3710 *--------------------------------------------------------------------------* 3711 * * 3712 * The CHAP implementation. * 3713 * * 3714 *--------------------------------------------------------------------------* 3715 */ 3716 3717 /* 3718 * The authentication protocols don't employ a full-fledged state machine as 3719 * the control protocols do, since they do have Open and Close events, but 3720 * not Up and Down, nor are they explicitly terminated. Also, use of the 3721 * authentication protocols may be different in both directions (this makes 3722 * sense, think of a machine that never accepts incoming calls but only 3723 * calls out, it doesn't require the called party to authenticate itself). 3724 * 3725 * Our state machine for the local authentication protocol (we are requesting 3726 * the peer to authenticate) looks like: 3727 * 3728 * RCA- 3729 * +--------------------------------------------+ 3730 * V scn,tld| 3731 * +--------+ Close +---------+ RCA+ 3732 * | |<----------------------------------| |------+ 3733 * +--->| Closed | TO* | Opened | sca | 3734 * | | |-----+ +-------| |<-----+ 3735 * | +--------+ irc | | +---------+ 3736 * | ^ | | ^ 3737 * | | | | | 3738 * | | | | | 3739 * | TO-| | | | 3740 * | |tld TO+ V | | 3741 * | | +------->+ | | 3742 * | | | | | | 3743 * | +--------+ V | | 3744 * | | |<----+<--------------------+ | 3745 * | | Req- | scr | 3746 * | | Sent | | 3747 * | | | | 3748 * | +--------+ | 3749 * | RCA- | | RCA+ | 3750 * +------+ +------------------------------------------+ 3751 * scn,tld sca,irc,ict,tlu 3752 * 3753 * 3754 * with: 3755 * 3756 * Open: LCP reached authentication phase 3757 * Close: LCP reached terminate phase 3758 * 3759 * RCA+: received reply (pap-req, chap-response), acceptable 3760 * RCN: received reply (pap-req, chap-response), not acceptable 3761 * TO+: timeout with restart counter >= 0 3762 * TO-: timeout with restart counter < 0 3763 * TO*: reschedule timeout for CHAP 3764 * 3765 * scr: send request packet (none for PAP, chap-challenge) 3766 * sca: send ack packet (pap-ack, chap-success) 3767 * scn: send nak packet (pap-nak, chap-failure) 3768 * ict: initialize re-challenge timer (CHAP only) 3769 * 3770 * tlu: this-layer-up, LCP reaches network phase 3771 * tld: this-layer-down, LCP enters terminate phase 3772 * 3773 * Note that in CHAP mode, after sending a new challenge, while the state 3774 * automaton falls back into Req-Sent state, it doesn't signal a tld 3775 * event to LCP, so LCP remains in network phase. Only after not getting 3776 * any response (or after getting an unacceptable response), CHAP closes, 3777 * causing LCP to enter terminate phase. 3778 * 3779 * With PAP, there is no initial request that can be sent. The peer is 3780 * expected to send one based on the successful negotiation of PAP as 3781 * the authentication protocol during the LCP option negotiation. 3782 * 3783 * Incoming authentication protocol requests (remote requests 3784 * authentication, we are peer) don't employ a state machine at all, 3785 * they are simply answered. Some peers [Ascend P50 firmware rev 3786 * 4.50] react allergically when sending IPCP/IPv6CP requests while they are 3787 * still in authentication phase (thereby violating the standard that 3788 * demands that these NCP packets are to be discarded), so we keep 3789 * track of the peer demanding us to authenticate, and only proceed to 3790 * phase network once we've seen a positive acknowledge for the 3791 * authentication. 3792 */ 3793 3794 /* 3795 * Handle incoming CHAP packets. 3796 */ 3797 void 3798 sppp_chap_input(struct sppp *sp, struct mbuf *m) 3799 { 3800 STDDCL; 3801 struct lcp_header *h; 3802 int len, x; 3803 u_char *value, *name, digest[sizeof(sp->myauth.challenge)], dsize; 3804 int value_len, name_len; 3805 MD5_CTX ctx; 3806 3807 len = m->m_pkthdr.len; 3808 if (len < 4) { 3809 if (debug) 3810 log(LOG_DEBUG, 3811 SPP_FMT "chap invalid packet length: %d bytes\n", 3812 SPP_ARGS(ifp), len); 3813 return; 3814 } 3815 h = mtod(m, struct lcp_header *); 3816 if (len > ntohs(h->len)) 3817 len = ntohs(h->len); 3818 3819 switch (h->type) { 3820 /* challenge, failure and success are his authproto */ 3821 case CHAP_CHALLENGE: 3822 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 3823 /* can't do anything usefull */ 3824 sp->pp_auth_failures++; 3825 printf(SPP_FMT "chap input without my name and my secret being set\n", 3826 SPP_ARGS(ifp)); 3827 break; 3828 } 3829 value = 1 + (u_char *)(h + 1); 3830 value_len = value[-1]; 3831 name = value + value_len; 3832 name_len = len - value_len - 5; 3833 if (name_len < 0) { 3834 if (debug) { 3835 log(LOG_DEBUG, 3836 SPP_FMT "chap corrupted challenge " 3837 "<%s id=0x%x len=%d", 3838 SPP_ARGS(ifp), 3839 sppp_auth_type_name(PPP_CHAP, h->type), 3840 h->ident, ntohs(h->len)); 3841 if (len > 4) 3842 sppp_print_bytes((u_char *)(h + 1), 3843 len - 4); 3844 addlog(">\n"); 3845 } 3846 break; 3847 } 3848 3849 if (debug) { 3850 log(LOG_DEBUG, 3851 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3852 SPP_ARGS(ifp), 3853 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3854 ntohs(h->len)); 3855 sppp_print_string((char *) name, name_len); 3856 addlog(" value-size=%d value=", value_len); 3857 sppp_print_bytes(value, value_len); 3858 addlog(">\n"); 3859 } 3860 3861 /* Compute reply value. */ 3862 MD5Init(&ctx); 3863 MD5Update(&ctx, &h->ident, 1); 3864 MD5Update(&ctx, sp->myauth.secret, sp->myauth.secret_len); 3865 MD5Update(&ctx, value, value_len); 3866 MD5Final(digest, &ctx); 3867 dsize = sizeof digest; 3868 3869 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3870 sizeof dsize, (const char *)&dsize, 3871 sizeof digest, digest, 3872 sp->myauth.name_len, 3873 sp->myauth.name, 3874 0); 3875 break; 3876 3877 case CHAP_SUCCESS: 3878 if (debug) { 3879 log(LOG_DEBUG, SPP_FMT "chap success", 3880 SPP_ARGS(ifp)); 3881 if (len > 4) { 3882 addlog(": "); 3883 sppp_print_string((char *)(h + 1), len - 4); 3884 } 3885 addlog("\n"); 3886 } 3887 x = splnet(); 3888 sp->pp_auth_failures = 0; 3889 sp->pp_flags &= ~PP_NEEDAUTH; 3890 if (sp->myauth.proto == PPP_CHAP && 3891 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3892 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3893 /* 3894 * We are authenticator for CHAP but didn't 3895 * complete yet. Leave it to tlu to proceed 3896 * to network phase. 3897 */ 3898 splx(x); 3899 break; 3900 } 3901 splx(x); 3902 sppp_phase_network(sp); 3903 break; 3904 3905 case CHAP_FAILURE: 3906 x = splnet(); 3907 sp->pp_auth_failures++; 3908 splx(x); 3909 if (debug) { 3910 log(LOG_INFO, SPP_FMT "chap failure", 3911 SPP_ARGS(ifp)); 3912 if (len > 4) { 3913 addlog(": "); 3914 sppp_print_string((char *)(h + 1), len - 4); 3915 } 3916 addlog("\n"); 3917 } else 3918 log(LOG_INFO, SPP_FMT "chap failure\n", 3919 SPP_ARGS(ifp)); 3920 /* await LCP shutdown by authenticator */ 3921 break; 3922 3923 /* response is my authproto */ 3924 case CHAP_RESPONSE: 3925 if (sp->hisauth.secret == NULL) { 3926 /* can't do anything usefull */ 3927 printf(SPP_FMT "chap input without his secret being set\n", 3928 SPP_ARGS(ifp)); 3929 break; 3930 } 3931 value = 1 + (u_char *)(h + 1); 3932 value_len = value[-1]; 3933 name = value + value_len; 3934 name_len = len - value_len - 5; 3935 if (name_len < 0) { 3936 if (debug) { 3937 log(LOG_DEBUG, 3938 SPP_FMT "chap corrupted response " 3939 "<%s id=0x%x len=%d", 3940 SPP_ARGS(ifp), 3941 sppp_auth_type_name(PPP_CHAP, h->type), 3942 h->ident, ntohs(h->len)); 3943 if (len > 4) 3944 sppp_print_bytes((u_char *)(h + 1), 3945 len - 4); 3946 addlog(">\n"); 3947 } 3948 break; 3949 } 3950 if (h->ident != sp->confid[IDX_CHAP]) { 3951 if (debug) 3952 log(LOG_DEBUG, 3953 SPP_FMT "chap dropping response for old ID " 3954 "(got %d, expected %d)\n", 3955 SPP_ARGS(ifp), 3956 h->ident, sp->confid[IDX_CHAP]); 3957 break; 3958 } 3959 if (sp->hisauth.name != NULL && 3960 (name_len != sp->hisauth.name_len 3961 || memcmp(name, sp->hisauth.name, name_len) != 0)) { 3962 log(LOG_INFO, SPP_FMT "chap response, his name ", 3963 SPP_ARGS(ifp)); 3964 sppp_print_string(name, name_len); 3965 addlog(" != expected "); 3966 sppp_print_string(sp->hisauth.name, 3967 sp->hisauth.name_len); 3968 addlog("\n"); 3969 goto chap_failure; 3970 } 3971 if (debug) { 3972 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 3973 "<%s id=0x%x len=%d name=", 3974 SPP_ARGS(ifp), 3975 sppp_state_name(sp->state[IDX_CHAP]), 3976 sppp_auth_type_name(PPP_CHAP, h->type), 3977 h->ident, ntohs(h->len)); 3978 sppp_print_string((char *)name, name_len); 3979 addlog(" value-size=%d value=", value_len); 3980 sppp_print_bytes(value, value_len); 3981 addlog(">\n"); 3982 } 3983 if (value_len != sizeof(sp->myauth.challenge)) { 3984 if (debug) 3985 log(LOG_DEBUG, 3986 SPP_FMT "chap bad hash value length: " 3987 "%d bytes, should be %ld\n", 3988 SPP_ARGS(ifp), value_len, 3989 (long) sizeof(sp->myauth.challenge)); 3990 goto chap_failure; 3991 } 3992 3993 MD5Init(&ctx); 3994 MD5Update(&ctx, &h->ident, 1); 3995 MD5Update(&ctx, sp->hisauth.secret, sp->hisauth.secret_len); 3996 MD5Update(&ctx, sp->myauth.challenge, sizeof(sp->myauth.challenge)); 3997 MD5Final(digest, &ctx); 3998 3999 #define FAILMSG "Failed..." 4000 #define SUCCMSG "Welcome!" 4001 4002 if (value_len != sizeof digest || 4003 memcmp(digest, value, value_len) != 0) { 4004 chap_failure: 4005 /* action scn, tld */ 4006 x = splnet(); 4007 sp->pp_auth_failures++; 4008 splx(x); 4009 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 4010 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4011 0); 4012 chap.tld(sp); 4013 break; 4014 } 4015 sp->pp_auth_failures = 0; 4016 /* action sca, perhaps tlu */ 4017 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 4018 sp->state[IDX_CHAP] == STATE_OPENED) 4019 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4020 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4021 0); 4022 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 4023 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4024 chap.tlu(sp); 4025 } 4026 break; 4027 4028 default: 4029 /* Unknown CHAP packet type -- ignore. */ 4030 if (debug) { 4031 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 4032 "<0x%x id=0x%xh len=%d", 4033 SPP_ARGS(ifp), 4034 sppp_state_name(sp->state[IDX_CHAP]), 4035 h->type, h->ident, ntohs(h->len)); 4036 if (len > 4) 4037 sppp_print_bytes((u_char *)(h + 1), len - 4); 4038 addlog(">\n"); 4039 } 4040 break; 4041 4042 } 4043 } 4044 4045 static void 4046 sppp_chap_init(struct sppp *sp) 4047 { 4048 /* Chap doesn't have STATE_INITIAL at all. */ 4049 sp->state[IDX_CHAP] = STATE_CLOSED; 4050 sp->fail_counter[IDX_CHAP] = 0; 4051 sp->pp_seq[IDX_CHAP] = 0; 4052 sp->pp_rseq[IDX_CHAP] = 0; 4053 callout_init(&sp->ch[IDX_CHAP]); 4054 } 4055 4056 static void 4057 sppp_chap_open(struct sppp *sp) 4058 { 4059 if (sp->myauth.proto == PPP_CHAP && 4060 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4061 /* we are authenticator for CHAP, start it */ 4062 chap.scr(sp); 4063 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4064 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4065 } 4066 /* nothing to be done if we are peer, await a challenge */ 4067 } 4068 4069 static void 4070 sppp_chap_close(struct sppp *sp) 4071 { 4072 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4073 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4074 } 4075 4076 static void 4077 sppp_chap_TO(void *cookie) 4078 { 4079 struct sppp *sp = (struct sppp *)cookie; 4080 STDDCL; 4081 int s; 4082 4083 s = splnet(); 4084 if (debug) 4085 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 4086 SPP_ARGS(ifp), 4087 sppp_state_name(sp->state[IDX_CHAP]), 4088 sp->rst_counter[IDX_CHAP]); 4089 4090 if (--sp->rst_counter[IDX_CHAP] < 0) 4091 /* TO- event */ 4092 switch (sp->state[IDX_CHAP]) { 4093 case STATE_REQ_SENT: 4094 chap.tld(sp); 4095 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4096 break; 4097 } 4098 else 4099 /* TO+ (or TO*) event */ 4100 switch (sp->state[IDX_CHAP]) { 4101 case STATE_OPENED: 4102 /* TO* event */ 4103 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4104 /* fall through */ 4105 case STATE_REQ_SENT: 4106 chap.scr(sp); 4107 /* sppp_cp_change_state() will restart the timer */ 4108 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4109 break; 4110 } 4111 4112 splx(s); 4113 } 4114 4115 static void 4116 sppp_chap_tlu(struct sppp *sp) 4117 { 4118 STDDCL; 4119 int i, x; 4120 4121 i = 0; 4122 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4123 4124 /* 4125 * Some broken CHAP implementations (Conware CoNet, firmware 4126 * 4.0.?) don't want to re-authenticate their CHAP once the 4127 * initial challenge-response exchange has taken place. 4128 * Provide for an option to avoid rechallenges. 4129 */ 4130 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) { 4131 /* 4132 * Compute the re-challenge timeout. This will yield 4133 * a number between 300 and 810 seconds. 4134 */ 4135 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 4136 4137 callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, sp); 4138 } 4139 4140 if (debug) { 4141 log(LOG_DEBUG, 4142 SPP_FMT "chap %s, ", 4143 SPP_ARGS(ifp), 4144 sp->pp_phase == SPPP_PHASE_NETWORK? "reconfirmed": "tlu"); 4145 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) 4146 addlog("next re-challenge in %d seconds\n", i); 4147 else 4148 addlog("re-challenging supressed\n"); 4149 } 4150 4151 x = splnet(); 4152 sp->pp_auth_failures = 0; 4153 /* indicate to LCP that we need to be closed down */ 4154 sp->lcp.protos |= (1 << IDX_CHAP); 4155 4156 if (sp->pp_flags & PP_NEEDAUTH) { 4157 /* 4158 * Remote is authenticator, but his auth proto didn't 4159 * complete yet. Defer the transition to network 4160 * phase. 4161 */ 4162 splx(x); 4163 return; 4164 } 4165 splx(x); 4166 4167 /* 4168 * If we are already in phase network, we are done here. This 4169 * is the case if this is a dummy tlu event after a re-challenge. 4170 */ 4171 if (sp->pp_phase != SPPP_PHASE_NETWORK) 4172 sppp_phase_network(sp); 4173 } 4174 4175 static void 4176 sppp_chap_tld(struct sppp *sp) 4177 { 4178 STDDCL; 4179 4180 if (debug) 4181 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 4182 callout_stop(&sp->ch[IDX_CHAP]); 4183 sp->lcp.protos &= ~(1 << IDX_CHAP); 4184 4185 lcp.Close(sp); 4186 } 4187 4188 static void 4189 sppp_chap_scr(struct sppp *sp) 4190 { 4191 struct timeval tv; 4192 u_int32_t *ch, seed; 4193 u_char clen; 4194 4195 if (sp->myauth.name == NULL) { 4196 /* can't do anything usefull */ 4197 printf(SPP_FMT "chap starting without my name being set\n", 4198 SPP_ARGS(&sp->pp_if)); 4199 return; 4200 } 4201 4202 /* Compute random challenge. */ 4203 ch = (u_int32_t *)sp->myauth.challenge; 4204 microtime(&tv); 4205 seed = tv.tv_sec ^ tv.tv_usec; 4206 ch[0] = seed ^ random(); 4207 ch[1] = seed ^ random(); 4208 ch[2] = seed ^ random(); 4209 ch[3] = seed ^ random(); 4210 clen = 16; /* 4 * sizeof(u_int32_t) */ 4211 4212 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4213 4214 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4215 sizeof clen, (const char *)&clen, 4216 sizeof(sp->myauth.challenge), sp->myauth.challenge, 4217 sp->myauth.name_len, 4218 sp->myauth.name, 4219 0); 4220 } 4221 4222 /* 4223 *--------------------------------------------------------------------------* 4224 * * 4225 * The PAP implementation. * 4226 * * 4227 *--------------------------------------------------------------------------* 4228 */ 4229 /* 4230 * For PAP, we need to keep a little state also if we are the peer, not the 4231 * authenticator. This is since we don't get a request to authenticate, but 4232 * have to repeatedly authenticate ourself until we got a response (or the 4233 * retry counter is expired). 4234 */ 4235 4236 /* 4237 * Handle incoming PAP packets. */ 4238 static void 4239 sppp_pap_input(struct sppp *sp, struct mbuf *m) 4240 { 4241 STDDCL; 4242 struct lcp_header *h; 4243 int len, x; 4244 u_char mlen; 4245 char *name, *secret; 4246 int name_len, secret_len; 4247 4248 len = m->m_pkthdr.len; 4249 if (len < 5) { 4250 if (debug) 4251 log(LOG_DEBUG, 4252 SPP_FMT "pap invalid packet length: %d bytes\n", 4253 SPP_ARGS(ifp), len); 4254 return; 4255 } 4256 h = mtod(m, struct lcp_header *); 4257 if (len > ntohs(h->len)) 4258 len = ntohs(h->len); 4259 switch (h->type) { 4260 /* PAP request is my authproto */ 4261 case PAP_REQ: 4262 if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) { 4263 /* can't do anything usefull */ 4264 printf(SPP_FMT "pap request without his name and his secret being set\n", 4265 SPP_ARGS(ifp)); 4266 break; 4267 } 4268 name = 1 + (u_char *)(h + 1); 4269 name_len = name[-1]; 4270 secret = name + name_len + 1; 4271 if (name_len > len - 6 || 4272 (secret_len = secret[-1]) > len - 6 - name_len) { 4273 if (debug) { 4274 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4275 "<%s id=0x%x len=%d", 4276 SPP_ARGS(ifp), 4277 sppp_auth_type_name(PPP_PAP, h->type), 4278 h->ident, ntohs(h->len)); 4279 if (len > 4) 4280 sppp_print_bytes((u_char *)(h + 1), 4281 len - 4); 4282 addlog(">\n"); 4283 } 4284 break; 4285 } 4286 if (debug) { 4287 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4288 "<%s id=0x%x len=%d name=", 4289 SPP_ARGS(ifp), 4290 sppp_state_name(sp->state[IDX_PAP]), 4291 sppp_auth_type_name(PPP_PAP, h->type), 4292 h->ident, ntohs(h->len)); 4293 sppp_print_string((char *)name, name_len); 4294 addlog(" secret="); 4295 sppp_print_string((char *)secret, secret_len); 4296 addlog(">\n"); 4297 } 4298 if (name_len != sp->hisauth.name_len || 4299 secret_len != sp->hisauth.secret_len || 4300 memcmp(name, sp->hisauth.name, name_len) != 0 || 4301 memcmp(secret, sp->hisauth.secret, secret_len) != 0) { 4302 /* action scn, tld */ 4303 sp->pp_auth_failures++; 4304 mlen = sizeof(FAILMSG) - 1; 4305 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4306 sizeof mlen, (const char *)&mlen, 4307 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4308 0); 4309 pap.tld(sp); 4310 break; 4311 } 4312 /* action sca, perhaps tlu */ 4313 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4314 sp->state[IDX_PAP] == STATE_OPENED) { 4315 mlen = sizeof(SUCCMSG) - 1; 4316 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4317 sizeof mlen, (const char *)&mlen, 4318 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4319 0); 4320 } 4321 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4322 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4323 pap.tlu(sp); 4324 } 4325 break; 4326 4327 /* ack and nak are his authproto */ 4328 case PAP_ACK: 4329 callout_stop(&sp->pap_my_to_ch); 4330 if (debug) { 4331 log(LOG_DEBUG, SPP_FMT "pap success", 4332 SPP_ARGS(ifp)); 4333 name_len = *(char *)h; 4334 if (len > 5 && name_len) { 4335 addlog(": "); 4336 sppp_print_string((char *)(h + 1), name_len); 4337 } 4338 addlog("\n"); 4339 } 4340 x = splnet(); 4341 sp->pp_auth_failures = 0; 4342 sp->pp_flags &= ~PP_NEEDAUTH; 4343 if (sp->myauth.proto == PPP_PAP && 4344 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4345 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4346 /* 4347 * We are authenticator for PAP but didn't 4348 * complete yet. Leave it to tlu to proceed 4349 * to network phase. 4350 */ 4351 splx(x); 4352 break; 4353 } 4354 splx(x); 4355 sppp_phase_network(sp); 4356 break; 4357 4358 case PAP_NAK: 4359 callout_stop(&sp->pap_my_to_ch); 4360 sp->pp_auth_failures++; 4361 if (debug) { 4362 log(LOG_INFO, SPP_FMT "pap failure", 4363 SPP_ARGS(ifp)); 4364 name_len = *(char *)h; 4365 if (len > 5 && name_len) { 4366 addlog(": "); 4367 sppp_print_string((char *)(h + 1), name_len); 4368 } 4369 addlog("\n"); 4370 } else 4371 log(LOG_INFO, SPP_FMT "pap failure\n", 4372 SPP_ARGS(ifp)); 4373 /* await LCP shutdown by authenticator */ 4374 break; 4375 4376 default: 4377 /* Unknown PAP packet type -- ignore. */ 4378 if (debug) { 4379 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4380 "<0x%x id=0x%x len=%d", 4381 SPP_ARGS(ifp), 4382 h->type, h->ident, ntohs(h->len)); 4383 if (len > 4) 4384 sppp_print_bytes((u_char *)(h + 1), len - 4); 4385 addlog(">\n"); 4386 } 4387 break; 4388 4389 } 4390 } 4391 4392 static void 4393 sppp_pap_init(struct sppp *sp) 4394 { 4395 /* PAP doesn't have STATE_INITIAL at all. */ 4396 sp->state[IDX_PAP] = STATE_CLOSED; 4397 sp->fail_counter[IDX_PAP] = 0; 4398 sp->pp_seq[IDX_PAP] = 0; 4399 sp->pp_rseq[IDX_PAP] = 0; 4400 callout_init(&sp->ch[IDX_PAP]); 4401 callout_init(&sp->pap_my_to_ch); 4402 } 4403 4404 static void 4405 sppp_pap_open(struct sppp *sp) 4406 { 4407 if (sp->hisauth.proto == PPP_PAP && 4408 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4409 /* we are authenticator for PAP, start our timer */ 4410 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4411 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4412 } 4413 if (sp->myauth.proto == PPP_PAP) { 4414 /* we are peer, send a request, and start a timer */ 4415 pap.scr(sp); 4416 callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout, 4417 sppp_pap_my_TO, sp); 4418 } 4419 } 4420 4421 static void 4422 sppp_pap_close(struct sppp *sp) 4423 { 4424 if (sp->state[IDX_PAP] != STATE_CLOSED) 4425 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4426 } 4427 4428 /* 4429 * That's the timeout routine if we are authenticator. Since the 4430 * authenticator is basically passive in PAP, we can't do much here. 4431 */ 4432 static void 4433 sppp_pap_TO(void *cookie) 4434 { 4435 struct sppp *sp = (struct sppp *)cookie; 4436 STDDCL; 4437 int s; 4438 4439 s = splnet(); 4440 if (debug) 4441 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4442 SPP_ARGS(ifp), 4443 sppp_state_name(sp->state[IDX_PAP]), 4444 sp->rst_counter[IDX_PAP]); 4445 4446 if (--sp->rst_counter[IDX_PAP] < 0) 4447 /* TO- event */ 4448 switch (sp->state[IDX_PAP]) { 4449 case STATE_REQ_SENT: 4450 pap.tld(sp); 4451 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4452 break; 4453 } 4454 else 4455 /* TO+ event, not very much we could do */ 4456 switch (sp->state[IDX_PAP]) { 4457 case STATE_REQ_SENT: 4458 /* sppp_cp_change_state() will restart the timer */ 4459 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4460 break; 4461 } 4462 4463 splx(s); 4464 } 4465 4466 /* 4467 * That's the timeout handler if we are peer. Since the peer is active, 4468 * we need to retransmit our PAP request since it is apparently lost. 4469 * XXX We should impose a max counter. 4470 */ 4471 static void 4472 sppp_pap_my_TO(void *cookie) 4473 { 4474 struct sppp *sp = (struct sppp *)cookie; 4475 STDDCL; 4476 4477 if (debug) 4478 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4479 SPP_ARGS(ifp)); 4480 4481 pap.scr(sp); 4482 } 4483 4484 static void 4485 sppp_pap_tlu(struct sppp *sp) 4486 { 4487 STDDCL; 4488 int x; 4489 4490 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4491 4492 if (debug) 4493 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4494 SPP_ARGS(ifp), pap.name); 4495 4496 x = splnet(); 4497 sp->pp_auth_failures = 0; 4498 /* indicate to LCP that we need to be closed down */ 4499 sp->lcp.protos |= (1 << IDX_PAP); 4500 4501 if (sp->pp_flags & PP_NEEDAUTH) { 4502 /* 4503 * Remote is authenticator, but his auth proto didn't 4504 * complete yet. Defer the transition to network 4505 * phase. 4506 */ 4507 splx(x); 4508 return; 4509 } 4510 splx(x); 4511 sppp_phase_network(sp); 4512 } 4513 4514 static void 4515 sppp_pap_tld(struct sppp *sp) 4516 { 4517 STDDCL; 4518 4519 if (debug) 4520 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4521 callout_stop(&sp->ch[IDX_PAP]); 4522 callout_stop(&sp->pap_my_to_ch); 4523 sp->lcp.protos &= ~(1 << IDX_PAP); 4524 4525 lcp.Close(sp); 4526 } 4527 4528 static void 4529 sppp_pap_scr(struct sppp *sp) 4530 { 4531 u_char idlen, pwdlen; 4532 4533 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 4534 /* can't do anything usefull */ 4535 printf(SPP_FMT "pap starting without my name and secret being set\n", 4536 SPP_ARGS(&sp->pp_if)); 4537 return; 4538 } 4539 4540 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4541 pwdlen = sp->myauth.secret_len; 4542 idlen = sp->myauth.name_len; 4543 4544 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4545 sizeof idlen, (const char *)&idlen, 4546 idlen, sp->myauth.name, 4547 sizeof pwdlen, (const char *)&pwdlen, 4548 pwdlen, sp->myauth.secret, 4549 0); 4550 } 4551 4552 /* 4553 * Random miscellaneous functions. 4554 */ 4555 4556 /* 4557 * Send a PAP or CHAP proto packet. 4558 * 4559 * Varadic function, each of the elements for the ellipsis is of type 4560 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4561 * mlen == 0. 4562 * NOTE: never declare variadic functions with types subject to type 4563 * promotion (i.e. u_char). This is asking for big trouble depending 4564 * on the architecture you are on... 4565 */ 4566 4567 static void 4568 sppp_auth_send(const struct cp *cp, struct sppp *sp, 4569 unsigned int type, unsigned int id, 4570 ...) 4571 { 4572 STDDCL; 4573 struct lcp_header *lh; 4574 struct mbuf *m; 4575 u_char *p; 4576 int len; 4577 size_t pkthdrlen; 4578 unsigned int mlen; 4579 const char *msg; 4580 va_list ap; 4581 4582 MGETHDR(m, M_DONTWAIT, MT_DATA); 4583 if (! m) 4584 return; 4585 m->m_pkthdr.rcvif = 0; 4586 4587 if (sp->pp_flags & PP_NOFRAMING) { 4588 *mtod(m, u_int16_t *) = htons(cp->proto); 4589 pkthdrlen = 2; 4590 lh = (struct lcp_header *)(mtod(m, u_int8_t *)+2); 4591 } else { 4592 struct ppp_header *h; 4593 h = mtod(m, struct ppp_header *); 4594 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4595 h->control = PPP_UI; /* Unnumbered Info */ 4596 h->protocol = htons(cp->proto); 4597 pkthdrlen = PPP_HEADER_LEN; 4598 4599 lh = (struct lcp_header *)(h + 1); 4600 } 4601 4602 lh->type = type; 4603 lh->ident = id; 4604 p = (u_char *)(lh + 1); 4605 4606 va_start(ap, id); 4607 len = 0; 4608 4609 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4610 msg = va_arg(ap, const char *); 4611 len += mlen; 4612 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) { 4613 va_end(ap); 4614 m_freem(m); 4615 return; 4616 } 4617 4618 bcopy(msg, p, mlen); 4619 p += mlen; 4620 } 4621 va_end(ap); 4622 4623 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 4624 lh->len = htons(LCP_HEADER_LEN + len); 4625 4626 if (debug) { 4627 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4628 SPP_ARGS(ifp), cp->name, 4629 sppp_auth_type_name(cp->proto, lh->type), 4630 lh->ident, ntohs(lh->len)); 4631 if (len) 4632 sppp_print_bytes((u_char *)(lh + 1), len); 4633 addlog(">\n"); 4634 } 4635 if (IF_QFULL(&sp->pp_cpq)) { 4636 IF_DROP(&sp->pp_fastq); 4637 IF_DROP(&ifp->if_snd); 4638 m_freem(m); 4639 ++ifp->if_oerrors; 4640 return; 4641 } else 4642 IF_ENQUEUE(&sp->pp_cpq, m); 4643 if (! (ifp->if_flags & IFF_OACTIVE)) 4644 (*ifp->if_start)(ifp); 4645 ifp->if_obytes += m->m_pkthdr.len + 3; 4646 } 4647 4648 /* 4649 * Send keepalive packets, every 10 seconds. 4650 */ 4651 static void 4652 sppp_keepalive(void *dummy) 4653 { 4654 struct sppp *sp; 4655 int s; 4656 time_t now; 4657 4658 s = splnet(); 4659 now = mono_time.tv_sec; 4660 for (sp=spppq; sp; sp=sp->pp_next) { 4661 struct ifnet *ifp = &sp->pp_if; 4662 4663 /* check idle timeout */ 4664 if ((sp->pp_idle_timeout != 0) && (ifp->if_flags & IFF_RUNNING) 4665 && (sp->pp_phase == SPPP_PHASE_NETWORK)) { 4666 /* idle timeout is enabled for this interface */ 4667 if ((now-sp->pp_last_activity) >= sp->pp_idle_timeout) { 4668 if (ifp->if_flags & IFF_DEBUG) 4669 printf("%s: no activitiy for %lu seconds\n", 4670 sp->pp_if.if_xname, 4671 (unsigned long)(now-sp->pp_last_activity)); 4672 lcp.Close(sp); 4673 continue; 4674 } 4675 } 4676 4677 /* Keepalive mode disabled or channel down? */ 4678 if (! (sp->pp_flags & PP_KEEPALIVE) || 4679 ! (ifp->if_flags & IFF_RUNNING)) 4680 continue; 4681 4682 /* No keepalive in PPP mode if LCP not opened yet. */ 4683 if (! (sp->pp_flags & PP_CISCO) && 4684 sp->pp_phase < SPPP_PHASE_AUTHENTICATE) 4685 continue; 4686 4687 /* No echo reply, but maybe user data passed through? */ 4688 if ((now - sp->pp_last_activity) < LCP_KEEPALIVE_INTERVAL) { 4689 sp->pp_alivecnt = 0; 4690 continue; 4691 } 4692 4693 if (sp->pp_alivecnt == MAXALIVECNT) { 4694 /* No keepalive packets got. Stop the interface. */ 4695 if_down (ifp); 4696 IF_PURGE(&sp->pp_cpq); 4697 if (! (sp->pp_flags & PP_CISCO)) { 4698 printf("%s: LCP keepalive timed out, going to restart the connection\n", 4699 ifp->if_xname); 4700 sp->pp_alivecnt = 0; 4701 4702 /* we are down, close all open protocols */ 4703 lcp.Close(sp); 4704 4705 /* And now prepare LCP to reestablish the link, if configured to do so. */ 4706 sppp_cp_change_state(&lcp, sp, STATE_STOPPED); 4707 4708 /* Close connection imediatly, completition of this 4709 * will summon the magic needed to reestablish it. */ 4710 sp->pp_tlf(sp); 4711 continue; 4712 } 4713 } 4714 if (sp->pp_alivecnt <= MAXALIVECNT) 4715 ++sp->pp_alivecnt; 4716 if (sp->pp_flags & PP_CISCO) 4717 sppp_cisco_send(sp, CISCO_KEEPALIVE_REQ, 4718 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4719 else if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 4720 int32_t nmagic = htonl(sp->lcp.magic); 4721 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4722 sppp_cp_send(sp, PPP_LCP, ECHO_REQ, 4723 sp->lcp.echoid, 4, &nmagic); 4724 } 4725 } 4726 splx(s); 4727 callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 4728 } 4729 4730 /* 4731 * Get both IP addresses. 4732 */ 4733 static void 4734 sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, u_int32_t *srcmask) 4735 { 4736 struct ifnet *ifp = &sp->pp_if; 4737 struct ifaddr *ifa; 4738 struct sockaddr_in *si, *sm; 4739 u_int32_t ssrc, ddst; 4740 4741 sm = NULL; 4742 ssrc = ddst = 0; 4743 /* 4744 * Pick the first AF_INET address from the list, 4745 * aliases don't make any sense on a p2p link anyway. 4746 */ 4747 si = 0; 4748 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 4749 if (ifa->ifa_addr->sa_family == AF_INET) { 4750 si = (struct sockaddr_in *)ifa->ifa_addr; 4751 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4752 if (si) 4753 break; 4754 } 4755 } 4756 if (ifa) { 4757 if (si && si->sin_addr.s_addr) { 4758 ssrc = si->sin_addr.s_addr; 4759 if (srcmask) 4760 *srcmask = ntohl(sm->sin_addr.s_addr); 4761 } 4762 4763 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4764 if (si && si->sin_addr.s_addr) 4765 ddst = si->sin_addr.s_addr; 4766 } 4767 4768 if (dst) *dst = ntohl(ddst); 4769 if (src) *src = ntohl(ssrc); 4770 } 4771 4772 /* 4773 * Set IP addresses. Must be called at splnet. 4774 * If an address is 0, leave it the way it is. 4775 */ 4776 static void 4777 sppp_set_ip_addrs(struct sppp *sp, u_int32_t myaddr, u_int32_t hisaddr) 4778 { 4779 STDDCL; 4780 struct ifaddr *ifa; 4781 struct sockaddr_in *si; 4782 struct sockaddr_in *dest; 4783 4784 /* 4785 * Pick the first AF_INET address from the list, 4786 * aliases don't make any sense on a p2p link anyway. 4787 */ 4788 4789 si = 0; 4790 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4791 { 4792 if (ifa->ifa_addr->sa_family == AF_INET) 4793 { 4794 si = (struct sockaddr_in *)ifa->ifa_addr; 4795 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 4796 if (si) 4797 break; 4798 } 4799 } 4800 4801 if (ifa && si) 4802 { 4803 int error; 4804 struct sockaddr_in new_sin = *si; 4805 struct sockaddr_in new_dst = *dest; 4806 4807 /* 4808 * Scrub old routes now instead of calling in_ifinit with 4809 * scrub=1, because we may change the dstaddr 4810 * before the call to in_ifinit. 4811 */ 4812 in_ifscrub(ifp, ifatoia(ifa)); 4813 4814 if (myaddr != 0) 4815 new_sin.sin_addr.s_addr = htonl(myaddr); 4816 if (hisaddr != 0) { 4817 new_dst.sin_addr.s_addr = htonl(hisaddr); 4818 if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) { 4819 sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr; 4820 *dest = new_dst; /* fix dstaddr in place */ 4821 } 4822 } 4823 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 0); 4824 if(debug && error) 4825 { 4826 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addrs: in_ifinit " 4827 " failed, error=%d\n", SPP_ARGS(ifp), error); 4828 } 4829 } 4830 } 4831 4832 /* 4833 * Clear IP addresses. Must be called at splnet. 4834 */ 4835 static void 4836 sppp_clear_ip_addrs(struct sppp *sp) 4837 { 4838 struct ifnet *ifp = &sp->pp_if; 4839 struct ifaddr *ifa; 4840 struct sockaddr_in *si; 4841 struct sockaddr_in *dest; 4842 4843 u_int32_t remote; 4844 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 4845 remote = sp->ipcp.saved_hisaddr; 4846 else 4847 sppp_get_ip_addrs(sp, 0, &remote, 0); 4848 4849 /* 4850 * Pick the first AF_INET address from the list, 4851 * aliases don't make any sense on a p2p link anyway. 4852 */ 4853 4854 si = 0; 4855 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4856 { 4857 if (ifa->ifa_addr->sa_family == AF_INET) 4858 { 4859 si = (struct sockaddr_in *)ifa->ifa_addr; 4860 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 4861 if (si) 4862 break; 4863 } 4864 } 4865 4866 if (ifa && si) 4867 { 4868 struct sockaddr_in new_sin = *si; 4869 4870 in_ifscrub(ifp, ifatoia(ifa)); 4871 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 4872 new_sin.sin_addr.s_addr = 0; 4873 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 4874 /* replace peer addr in place */ 4875 dest->sin_addr.s_addr = sp->ipcp.saved_hisaddr; 4876 in_ifinit(ifp, ifatoia(ifa), &new_sin, 0); 4877 } 4878 } 4879 4880 #ifdef INET6 4881 /* 4882 * Get both IPv6 addresses. 4883 */ 4884 static void 4885 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4886 struct in6_addr *srcmask) 4887 { 4888 struct ifnet *ifp = &sp->pp_if; 4889 struct ifaddr *ifa; 4890 struct sockaddr_in6 *si, *sm; 4891 struct in6_addr ssrc, ddst; 4892 4893 sm = NULL; 4894 memset(&ssrc, 0, sizeof(ssrc)); 4895 memset(&ddst, 0, sizeof(ddst)); 4896 /* 4897 * Pick the first link-local AF_INET6 address from the list, 4898 * aliases don't make any sense on a p2p link anyway. 4899 */ 4900 si = 0; 4901 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4902 if (ifa->ifa_addr->sa_family == AF_INET6) { 4903 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4904 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4905 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4906 break; 4907 } 4908 if (ifa) { 4909 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 4910 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 4911 if (srcmask) { 4912 bcopy(&sm->sin6_addr, srcmask, 4913 sizeof(*srcmask)); 4914 } 4915 } 4916 4917 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 4918 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 4919 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 4920 } 4921 4922 if (dst) 4923 bcopy(&ddst, dst, sizeof(*dst)); 4924 if (src) 4925 bcopy(&ssrc, src, sizeof(*src)); 4926 } 4927 4928 #ifdef IPV6CP_MYIFID_DYN 4929 /* 4930 * Generate random ifid. 4931 */ 4932 static void 4933 sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 4934 { 4935 /* TBD */ 4936 } 4937 4938 /* 4939 * Set my IPv6 address. Must be called at splnet. 4940 */ 4941 static void 4942 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 4943 { 4944 STDDCL; 4945 struct ifaddr *ifa; 4946 struct sockaddr_in6 *sin6; 4947 4948 /* 4949 * Pick the first link-local AF_INET6 address from the list, 4950 * aliases don't make any sense on a p2p link anyway. 4951 */ 4952 4953 sin6 = NULL; 4954 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4955 { 4956 if (ifa->ifa_addr->sa_family == AF_INET6) 4957 { 4958 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 4959 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 4960 break; 4961 } 4962 } 4963 4964 if (ifa && sin6) 4965 { 4966 int error; 4967 struct sockaddr_in6 new_sin6 = *sin6; 4968 4969 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 4970 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 4971 if (debug && error) 4972 { 4973 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 4974 " failed, error=%d\n", SPP_ARGS(ifp), error); 4975 } 4976 } 4977 } 4978 #endif 4979 4980 /* 4981 * Suggest a candidate address to be used by peer. 4982 */ 4983 static void 4984 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 4985 { 4986 struct in6_addr myaddr; 4987 struct timeval tv; 4988 4989 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 4990 4991 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 4992 microtime(&tv); 4993 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 4994 myaddr.s6_addr[14] ^= 0xff; 4995 myaddr.s6_addr[15] ^= 0xff; 4996 } else { 4997 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 4998 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 4999 } 5000 if (suggest) 5001 bcopy(&myaddr, suggest, sizeof(myaddr)); 5002 } 5003 #endif /*INET6*/ 5004 5005 /* 5006 * Process ioctl requests specific to the PPP interface. 5007 * Permissions have already been checked. 5008 */ 5009 static int 5010 sppp_params(struct sppp *sp, int cmd, void *data) 5011 { 5012 switch (cmd) { 5013 case SPPPGETAUTHCFG: 5014 { 5015 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 5016 int error; 5017 size_t len; 5018 5019 cfg->myauthflags = sp->myauth.flags; 5020 cfg->hisauthflags = sp->hisauth.flags; 5021 strncpy(cfg->ifname, sp->pp_if.if_xname, IFNAMSIZ); 5022 cfg->hisauth = 0; 5023 if (sp->hisauth.proto) 5024 cfg->hisauth = (sp->hisauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP; 5025 cfg->myauth = 0; 5026 if (sp->myauth.proto) 5027 cfg->myauth = (sp->myauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP; 5028 if (cfg->myname_length == 0) { 5029 if (sp->myauth.name != NULL) 5030 cfg->myname_length = sp->myauth.name_len + 1; 5031 } else { 5032 if (sp->myauth.name == NULL) { 5033 cfg->myname_length = 0; 5034 } else { 5035 len = sp->myauth.name_len + 1; 5036 if (cfg->myname_length < len) 5037 return (ENAMETOOLONG); 5038 error = copyout(sp->myauth.name, cfg->myname, len); 5039 if (error) return error; 5040 } 5041 } 5042 if (cfg->hisname_length == 0) { 5043 if(sp->hisauth.name != NULL) 5044 cfg->hisname_length = sp->hisauth.name_len + 1; 5045 } else { 5046 if (sp->hisauth.name == NULL) { 5047 cfg->hisname_length = 0; 5048 } else { 5049 len = sp->hisauth.name_len + 1; 5050 if (cfg->hisname_length < len) 5051 return (ENAMETOOLONG); 5052 error = copyout(sp->hisauth.name, cfg->hisname, len); 5053 if (error) return error; 5054 } 5055 } 5056 } 5057 break; 5058 case SPPPSETAUTHCFG: 5059 { 5060 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 5061 int error; 5062 5063 if (sp->myauth.name) { 5064 free(sp->myauth.name, M_DEVBUF); 5065 sp->myauth.name = NULL; 5066 } 5067 if (sp->myauth.secret) { 5068 free(sp->myauth.secret, M_DEVBUF); 5069 sp->myauth.secret = NULL; 5070 } 5071 if (sp->hisauth.name) { 5072 free(sp->hisauth.name, M_DEVBUF); 5073 sp->hisauth.name = NULL; 5074 } 5075 if (sp->hisauth.secret) { 5076 free(sp->hisauth.secret, M_DEVBUF); 5077 sp->hisauth.secret = NULL; 5078 } 5079 5080 if (cfg->hisname != NULL && cfg->hisname_length > 0) { 5081 if (cfg->hisname_length >= MCLBYTES) 5082 return (ENAMETOOLONG); 5083 sp->hisauth.name = malloc(cfg->hisname_length, M_DEVBUF, M_WAITOK); 5084 error = copyin(cfg->hisname, sp->hisauth.name, cfg->hisname_length); 5085 if (error) { 5086 free(sp->hisauth.name, M_DEVBUF); 5087 sp->hisauth.name = NULL; 5088 return error; 5089 } 5090 sp->hisauth.name_len = cfg->hisname_length - 1; 5091 sp->hisauth.name[sp->hisauth.name_len] = 0; 5092 } 5093 if (cfg->hissecret != NULL && cfg->hissecret_length > 0) { 5094 if (cfg->hissecret_length >= MCLBYTES) 5095 return (ENAMETOOLONG); 5096 sp->hisauth.secret = malloc(cfg->hissecret_length, M_DEVBUF, M_WAITOK); 5097 error = copyin(cfg->hissecret, sp->hisauth.secret, cfg->hissecret_length); 5098 if (error) { 5099 free(sp->hisauth.secret, M_DEVBUF); 5100 sp->hisauth.secret = NULL; 5101 return error; 5102 } 5103 sp->hisauth.secret_len = cfg->hissecret_length - 1; 5104 sp->hisauth.secret[sp->hisauth.secret_len] = 0; 5105 } 5106 if (cfg->myname != NULL && cfg->myname_length > 0) { 5107 if (cfg->myname_length >= MCLBYTES) 5108 return (ENAMETOOLONG); 5109 sp->myauth.name = malloc(cfg->myname_length, M_DEVBUF, M_WAITOK); 5110 error = copyin(cfg->myname, sp->myauth.name, cfg->myname_length); 5111 if (error) { 5112 free(sp->myauth.name, M_DEVBUF); 5113 sp->myauth.name = NULL; 5114 return error; 5115 } 5116 sp->myauth.name_len = cfg->myname_length - 1; 5117 sp->myauth.name[sp->myauth.name_len] = 0; 5118 } 5119 if (cfg->mysecret != NULL && cfg->mysecret_length > 0) { 5120 if (cfg->mysecret_length >= MCLBYTES) 5121 return (ENAMETOOLONG); 5122 sp->myauth.secret = malloc(cfg->mysecret_length, M_DEVBUF, M_WAITOK); 5123 error = copyin(cfg->mysecret, sp->myauth.secret, cfg->mysecret_length); 5124 if (error) { 5125 free(sp->myauth.secret, M_DEVBUF); 5126 sp->myauth.secret = NULL; 5127 return error; 5128 } 5129 sp->myauth.secret_len = cfg->mysecret_length - 1; 5130 sp->myauth.secret[sp->myauth.secret_len] = 0; 5131 } 5132 sp->myauth.flags = cfg->myauthflags; 5133 if (cfg->myauth) 5134 sp->myauth.proto = (cfg->myauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP; 5135 sp->hisauth.flags = cfg->hisauthflags; 5136 if (cfg->hisauth) 5137 sp->hisauth.proto = (cfg->hisauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP; 5138 sp->pp_auth_failures = 0; 5139 if (sp->hisauth.proto != 0) 5140 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 5141 else 5142 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 5143 } 5144 break; 5145 case SPPPGETLCPCFG: 5146 { 5147 struct sppplcpcfg *lcp = (struct sppplcpcfg *)data; 5148 lcp->lcp_timeout = sp->lcp.timeout; 5149 } 5150 break; 5151 case SPPPSETLCPCFG: 5152 { 5153 struct sppplcpcfg *lcp = (struct sppplcpcfg *)data; 5154 sp->lcp.timeout = lcp->lcp_timeout; 5155 } 5156 break; 5157 case SPPPGETSTATUS: 5158 { 5159 struct spppstatus *status = (struct spppstatus *)data; 5160 status->phase = sp->pp_phase; 5161 } 5162 break; 5163 case SPPPGETIDLETO: 5164 { 5165 struct spppidletimeout *to = (struct spppidletimeout *)data; 5166 to->idle_seconds = sp->pp_idle_timeout; 5167 } 5168 break; 5169 case SPPPSETIDLETO: 5170 { 5171 struct spppidletimeout *to = (struct spppidletimeout *)data; 5172 sp->pp_idle_timeout = to->idle_seconds; 5173 } 5174 break; 5175 case SPPPSETAUTHFAILURE: 5176 { 5177 struct spppauthfailuresettings *afsettings = (struct spppauthfailuresettings *)data; 5178 sp->pp_max_auth_fail = afsettings->max_failures; 5179 sp->pp_auth_failures = 0; 5180 } 5181 break; 5182 case SPPPGETAUTHFAILURES: 5183 { 5184 struct spppauthfailurestats *stats = (struct spppauthfailurestats *)data; 5185 stats->auth_failures = sp->pp_auth_failures; 5186 stats->max_failures = sp->pp_max_auth_fail; 5187 } 5188 break; 5189 case SPPPSETDNSOPTS: 5190 { 5191 struct spppdnssettings *req = (struct spppdnssettings *)data; 5192 sp->query_dns = req->query_dns & 3; 5193 } 5194 break; 5195 case SPPPGETDNSOPTS: 5196 { 5197 struct spppdnssettings *req = (struct spppdnssettings *)data; 5198 req->query_dns = sp->query_dns; 5199 } 5200 break; 5201 case SPPPGETDNSADDRS: 5202 { 5203 struct spppdnsaddrs *addrs = (struct spppdnsaddrs *)data; 5204 memcpy(&addrs->dns, &sp->dns_addrs, sizeof addrs->dns); 5205 } 5206 break; 5207 default: 5208 return (EINVAL); 5209 } 5210 5211 return (0); 5212 } 5213 5214 static void 5215 sppp_phase_network(struct sppp *sp) 5216 { 5217 STDDCL; 5218 int i; 5219 u_int32_t mask; 5220 5221 sp->pp_phase = SPPP_PHASE_NETWORK; 5222 5223 if(debug) 5224 { 5225 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 5226 sppp_phase_name(sp->pp_phase)); 5227 } 5228 5229 /* Notify NCPs now. */ 5230 for (i = 0; i < IDX_COUNT; i++) 5231 if ((cps[i])->flags & CP_NCP) 5232 (cps[i])->Open(sp); 5233 5234 /* Send Up events to all NCPs. */ 5235 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5236 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5237 (cps[i])->Up(sp); 5238 5239 /* if no NCP is starting, all this was in vain, close down */ 5240 sppp_lcp_check_and_close(sp); 5241 } 5242 5243 5244 static const char * 5245 sppp_cp_type_name(u_char type) 5246 { 5247 static char buf[12]; 5248 switch (type) { 5249 case CONF_REQ: return "conf-req"; 5250 case CONF_ACK: return "conf-ack"; 5251 case CONF_NAK: return "conf-nak"; 5252 case CONF_REJ: return "conf-rej"; 5253 case TERM_REQ: return "term-req"; 5254 case TERM_ACK: return "term-ack"; 5255 case CODE_REJ: return "code-rej"; 5256 case PROTO_REJ: return "proto-rej"; 5257 case ECHO_REQ: return "echo-req"; 5258 case ECHO_REPLY: return "echo-reply"; 5259 case DISC_REQ: return "discard-req"; 5260 } 5261 sprintf (buf, "0x%x", type); 5262 return buf; 5263 } 5264 5265 static const char * 5266 sppp_auth_type_name(u_short proto, u_char type) 5267 { 5268 static char buf[12]; 5269 switch (proto) { 5270 case PPP_CHAP: 5271 switch (type) { 5272 case CHAP_CHALLENGE: return "challenge"; 5273 case CHAP_RESPONSE: return "response"; 5274 case CHAP_SUCCESS: return "success"; 5275 case CHAP_FAILURE: return "failure"; 5276 } 5277 case PPP_PAP: 5278 switch (type) { 5279 case PAP_REQ: return "req"; 5280 case PAP_ACK: return "ack"; 5281 case PAP_NAK: return "nak"; 5282 } 5283 } 5284 sprintf (buf, "0x%x", type); 5285 return buf; 5286 } 5287 5288 static const char * 5289 sppp_lcp_opt_name(u_char opt) 5290 { 5291 static char buf[12]; 5292 switch (opt) { 5293 case LCP_OPT_MRU: return "mru"; 5294 case LCP_OPT_ASYNC_MAP: return "async-map"; 5295 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5296 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5297 case LCP_OPT_MAGIC: return "magic"; 5298 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5299 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5300 } 5301 sprintf (buf, "0x%x", opt); 5302 return buf; 5303 } 5304 5305 static const char * 5306 sppp_ipcp_opt_name(u_char opt) 5307 { 5308 static char buf[12]; 5309 switch (opt) { 5310 case IPCP_OPT_ADDRESSES: return "addresses"; 5311 case IPCP_OPT_COMPRESSION: return "compression"; 5312 case IPCP_OPT_ADDRESS: return "address"; 5313 } 5314 sprintf (buf, "0x%x", opt); 5315 return buf; 5316 } 5317 5318 #ifdef INET6 5319 static const char * 5320 sppp_ipv6cp_opt_name(u_char opt) 5321 { 5322 static char buf[12]; 5323 switch (opt) { 5324 case IPV6CP_OPT_IFID: return "ifid"; 5325 case IPV6CP_OPT_COMPRESSION: return "compression"; 5326 } 5327 sprintf (buf, "0x%x", opt); 5328 return buf; 5329 } 5330 #endif 5331 5332 static const char * 5333 sppp_state_name(int state) 5334 { 5335 switch (state) { 5336 case STATE_INITIAL: return "initial"; 5337 case STATE_STARTING: return "starting"; 5338 case STATE_CLOSED: return "closed"; 5339 case STATE_STOPPED: return "stopped"; 5340 case STATE_CLOSING: return "closing"; 5341 case STATE_STOPPING: return "stopping"; 5342 case STATE_REQ_SENT: return "req-sent"; 5343 case STATE_ACK_RCVD: return "ack-rcvd"; 5344 case STATE_ACK_SENT: return "ack-sent"; 5345 case STATE_OPENED: return "opened"; 5346 } 5347 return "illegal"; 5348 } 5349 5350 static const char * 5351 sppp_phase_name(int phase) 5352 { 5353 switch (phase) { 5354 case SPPP_PHASE_DEAD: return "dead"; 5355 case SPPP_PHASE_ESTABLISH: return "establish"; 5356 case SPPP_PHASE_TERMINATE: return "terminate"; 5357 case SPPP_PHASE_AUTHENTICATE: return "authenticate"; 5358 case SPPP_PHASE_NETWORK: return "network"; 5359 } 5360 return "illegal"; 5361 } 5362 5363 static const char * 5364 sppp_proto_name(u_short proto) 5365 { 5366 static char buf[12]; 5367 switch (proto) { 5368 case PPP_LCP: return "lcp"; 5369 case PPP_IPCP: return "ipcp"; 5370 case PPP_PAP: return "pap"; 5371 case PPP_CHAP: return "chap"; 5372 case PPP_IPV6CP: return "ipv6cp"; 5373 } 5374 sprintf(buf, "0x%x", (unsigned)proto); 5375 return buf; 5376 } 5377 5378 static void 5379 sppp_print_bytes(const u_char *p, u_short len) 5380 { 5381 addlog(" %02x", *p++); 5382 while (--len > 0) 5383 addlog("-%02x", *p++); 5384 } 5385 5386 static void 5387 sppp_print_string(const char *p, u_short len) 5388 { 5389 u_char c; 5390 5391 while (len-- > 0) { 5392 c = *p++; 5393 /* 5394 * Print only ASCII chars directly. RFC 1994 recommends 5395 * using only them, but we don't rely on it. */ 5396 if (c < ' ' || c > '~') 5397 addlog("\\x%x", c); 5398 else 5399 addlog("%c", c); 5400 } 5401 } 5402 5403 static const char * 5404 sppp_dotted_quad(u_int32_t addr) 5405 { 5406 static char s[16]; 5407 sprintf(s, "%d.%d.%d.%d", 5408 (int)((addr >> 24) & 0xff), 5409 (int)((addr >> 16) & 0xff), 5410 (int)((addr >> 8) & 0xff), 5411 (int)(addr & 0xff)); 5412 return s; 5413 } 5414 5415 /* a dummy, used to drop uninteresting events */ 5416 static void 5417 sppp_null(struct sppp *unused) 5418 { 5419 /* do just nothing */ 5420 } 5421 /* 5422 * This file is large. Tell emacs to highlight it nevertheless. 5423 * 5424 * Local Variables: 5425 * hilit-auto-highlight-maxout: 120000 5426 * End: 5427 */ 5428