1 /* $NetBSD: if_spppsubr.c,v 1.32 2001/12/10 00:22:21 martin Exp $ */
2
3 /*
4 * Synchronous PPP/Cisco link level subroutines.
5 * Keepalive protocol implemented in both Cisco and PPP modes.
6 *
7 * Copyright (C) 1994-1996 Cronyx Engineering Ltd.
8 * Author: Serge Vakulenko, <vak@cronyx.ru>
9 *
10 * Heavily revamped to conform to RFC 1661.
11 * Copyright (C) 1997, Joerg Wunsch.
12 *
13 * RFC2472 IPv6CP support.
14 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun@iijlab.net>.
15 *
16 * This software is distributed with NO WARRANTIES, not even the implied
17 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
18 *
19 * Authors grant any other persons or organisations permission to use
20 * or modify this software as long as this message is kept with the software,
21 * all derivative works or modified versions.
22 *
23 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997
24 *
25 * From: if_spppsubr.c,v 1.39 1998/04/04 13:26:03 phk Exp
26 *
27 * From: Id: if_spppsubr.c,v 1.23 1999/02/23 14:47:50 hm Exp
28 */
29
30 #include <sys/cdefs.h>
31 __KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.32 2001/12/10 00:22:21 martin Exp $");
32
33 #include "opt_inet.h"
34 #include "opt_ipx.h"
35 #include "opt_iso.h"
36 #include "opt_ns.h"
37
38 #include <sys/param.h>
39
40 #include <sys/systm.h>
41 #include <sys/kernel.h>
42 #include <sys/sockio.h>
43 #include <sys/socket.h>
44 #include <sys/syslog.h>
45 #include <sys/malloc.h>
46 #include <sys/mbuf.h>
47
48 #include <sys/md5.h>
49
50 #include <net/if.h>
51 #include <net/netisr.h>
52 #include <net/if_types.h>
53 #include <net/route.h>
54 #include <net/ppp_defs.h>
55
56 #include <machine/stdarg.h>
57
58 #include <netinet/in.h>
59 #include <netinet/in_systm.h>
60 #include <netinet/in_var.h>
61 #ifdef INET
62 #include <netinet/ip.h>
63 #include <netinet/tcp.h>
64 #endif
65 #include <net/ethertypes.h>
66
67 #ifdef IPX
68 #include <netipx/ipx.h>
69 #include <netipx/ipx_if.h>
70 #endif
71
72 #ifdef NS
73 #include <netns/ns.h>
74 #include <netns/ns_if.h>
75 #endif
76
77 #ifdef ISO
78 #include <netiso/argo_debug.h>
79 #include <netiso/iso.h>
80 #include <netiso/iso_var.h>
81 #include <netiso/iso_snpac.h>
82 #endif
83
84 #include <net/if_sppp.h>
85
86 #define MAXALIVECNT 3 /* max. alive packets */
87
88 /*
89 * Interface flags that can be set in an ifconfig command.
90 *
91 * Setting link0 will make the link passive, i.e. it will be marked
92 * as being administrative openable, but won't be opened to begin
93 * with. Incoming calls will be answered, or subsequent calls with
94 * -link1 will cause the administrative open of the LCP layer.
95 *
96 * Setting link1 will cause the link to auto-dial only as packets
97 * arrive to be sent.
98 *
99 * Setting IFF_DEBUG will syslog the option negotiation and state
100 * transitions at level kern.debug. Note: all logs consistently look
101 * like
102 *
103 * <if-name><unit>: <proto-name> <additional info...>
104 *
105 * with <if-name><unit> being something like "bppp0", and <proto-name>
106 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc.
107 */
108
109 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */
110 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */
111
112 #define CONF_REQ 1 /* PPP configure request */
113 #define CONF_ACK 2 /* PPP configure acknowledge */
114 #define CONF_NAK 3 /* PPP configure negative ack */
115 #define CONF_REJ 4 /* PPP configure reject */
116 #define TERM_REQ 5 /* PPP terminate request */
117 #define TERM_ACK 6 /* PPP terminate acknowledge */
118 #define CODE_REJ 7 /* PPP code reject */
119 #define PROTO_REJ 8 /* PPP protocol reject */
120 #define ECHO_REQ 9 /* PPP echo request */
121 #define ECHO_REPLY 10 /* PPP echo reply */
122 #define DISC_REQ 11 /* PPP discard request */
123
124 #define LCP_OPT_MRU 1 /* maximum receive unit */
125 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */
126 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */
127 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */
128 #define LCP_OPT_MAGIC 5 /* magic number */
129 #define LCP_OPT_RESERVED 6 /* reserved */
130 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */
131 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */
132
133 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */
134 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol */
135 #define IPCP_OPT_ADDRESS 3 /* local IP address */
136 #define IPCP_OPT_PRIMDNS 129 /* primary remote dns address */
137 #define IPCP_OPT_SECDNS 131 /* secondary remote dns address */
138
139 #define IPV6CP_OPT_IFID 1 /* interface identifier */
140 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */
141
142 #define PAP_REQ 1 /* PAP name/password request */
143 #define PAP_ACK 2 /* PAP acknowledge */
144 #define PAP_NAK 3 /* PAP fail */
145
146 #define CHAP_CHALLENGE 1 /* CHAP challenge request */
147 #define CHAP_RESPONSE 2 /* CHAP challenge response */
148 #define CHAP_SUCCESS 3 /* CHAP response ok */
149 #define CHAP_FAILURE 4 /* CHAP response failed */
150
151 #define CHAP_MD5 5 /* hash algorithm - MD5 */
152
153 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */
154 #define CISCO_UNICAST 0x0f /* Cisco unicast address */
155 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */
156 #define CISCO_ADDR_REQ 0 /* Cisco address request */
157 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */
158 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */
159
160 /* states are named and numbered according to RFC 1661 */
161 #define STATE_INITIAL 0
162 #define STATE_STARTING 1
163 #define STATE_CLOSED 2
164 #define STATE_STOPPED 3
165 #define STATE_CLOSING 4
166 #define STATE_STOPPING 5
167 #define STATE_REQ_SENT 6
168 #define STATE_ACK_RCVD 7
169 #define STATE_ACK_SENT 8
170 #define STATE_OPENED 9
171
172 struct ppp_header {
173 u_char address;
174 u_char control;
175 u_short protocol;
176 } __attribute__((__packed__));
177 #define PPP_HEADER_LEN sizeof (struct ppp_header)
178
179 struct lcp_header {
180 u_char type;
181 u_char ident;
182 u_short len;
183 } __attribute__((__packed__));
184 #define LCP_HEADER_LEN sizeof (struct lcp_header)
185
186 struct cisco_packet {
187 u_int32_t type;
188 u_int32_t par1;
189 u_int32_t par2;
190 u_short rel;
191 u_short time0;
192 u_short time1;
193 } __attribute__((__packed__));
194 #define CISCO_PACKET_LEN 18
195
196 /*
197 * We follow the spelling and capitalization of RFC 1661 here, to make
198 * it easier comparing with the standard. Please refer to this RFC in
199 * case you can't make sense out of these abbreviation; it will also
200 * explain the semantics related to the various events and actions.
201 */
202 struct cp {
203 u_short proto; /* PPP control protocol number */
204 u_char protoidx; /* index into state table in struct sppp */
205 u_char flags;
206 #define CP_LCP 0x01 /* this is the LCP */
207 #define CP_AUTH 0x02 /* this is an authentication protocol */
208 #define CP_NCP 0x04 /* this is a NCP */
209 #define CP_QUAL 0x08 /* this is a quality reporting protocol */
210 const char *name; /* name of this control protocol */
211 /* event handlers */
212 void (*Up)(struct sppp *sp);
213 void (*Down)(struct sppp *sp);
214 void (*Open)(struct sppp *sp);
215 void (*Close)(struct sppp *sp);
216 void (*TO)(void *sp);
217 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len);
218 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len);
219 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len);
220 /* actions */
221 void (*tlu)(struct sppp *sp);
222 void (*tld)(struct sppp *sp);
223 void (*tls)(struct sppp *sp);
224 void (*tlf)(struct sppp *sp);
225 void (*scr)(struct sppp *sp);
226 };
227
228 static struct sppp *spppq;
229 static struct callout keepalive_ch;
230
231 #ifdef __FreeBSD__
232 #define SPP_FMT "%s%d: "
233 #define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit
234 #else
235 #define SPP_FMT "%s: "
236 #define SPP_ARGS(ifp) (ifp)->if_xname
237 #endif
238
239 #ifdef INET
240 /*
241 * The following disgusting hack gets around the problem that IP TOS
242 * can't be set yet. We want to put "interactive" traffic on a high
243 * priority queue. To decide if traffic is interactive, we check that
244 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control.
245 *
246 * XXX is this really still necessary? - joerg -
247 */
248 static u_short interactive_ports[8] = {
249 0, 513, 0, 0,
250 0, 21, 0, 23,
251 };
252 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p))
253 #endif
254
255 /* almost every function needs these */
256 #define STDDCL \
257 struct ifnet *ifp = &sp->pp_if; \
258 int debug = ifp->if_flags & IFF_DEBUG
259
260 static int sppp_output(struct ifnet *ifp, struct mbuf *m,
261 struct sockaddr *dst, struct rtentry *rt);
262
263 static void sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2);
264 static void sppp_cisco_input(struct sppp *sp, struct mbuf *m);
265
266 static void sppp_cp_input(const struct cp *cp, struct sppp *sp,
267 struct mbuf *m);
268 static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
269 u_char ident, u_short len, void *data);
270 /* static void sppp_cp_timeout(void *arg); */
271 static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp,
272 int newstate);
273 static void sppp_auth_send(const struct cp *cp,
274 struct sppp *sp, unsigned int type, unsigned int id,
275 ...);
276
277 static void sppp_up_event(const struct cp *cp, struct sppp *sp);
278 static void sppp_down_event(const struct cp *cp, struct sppp *sp);
279 static void sppp_open_event(const struct cp *cp, struct sppp *sp);
280 static void sppp_close_event(const struct cp *cp, struct sppp *sp);
281 static void sppp_to_event(const struct cp *cp, struct sppp *sp);
282
283 static void sppp_null(struct sppp *sp);
284
285 static void sppp_lcp_init(struct sppp *sp);
286 static void sppp_lcp_up(struct sppp *sp);
287 static void sppp_lcp_down(struct sppp *sp);
288 static void sppp_lcp_open(struct sppp *sp);
289 static void sppp_lcp_close(struct sppp *sp);
290 static void sppp_lcp_TO(void *sp);
291 static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
292 static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
293 static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
294 static void sppp_lcp_tlu(struct sppp *sp);
295 static void sppp_lcp_tld(struct sppp *sp);
296 static void sppp_lcp_tls(struct sppp *sp);
297 static void sppp_lcp_tlf(struct sppp *sp);
298 static void sppp_lcp_scr(struct sppp *sp);
299 static void sppp_lcp_check_and_close(struct sppp *sp);
300 static int sppp_ncp_check(struct sppp *sp);
301
302 static void sppp_ipcp_init(struct sppp *sp);
303 static void sppp_ipcp_up(struct sppp *sp);
304 static void sppp_ipcp_down(struct sppp *sp);
305 static void sppp_ipcp_open(struct sppp *sp);
306 static void sppp_ipcp_close(struct sppp *sp);
307 static void sppp_ipcp_TO(void *sp);
308 static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
309 static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
310 static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
311 static void sppp_ipcp_tlu(struct sppp *sp);
312 static void sppp_ipcp_tld(struct sppp *sp);
313 static void sppp_ipcp_tls(struct sppp *sp);
314 static void sppp_ipcp_tlf(struct sppp *sp);
315 static void sppp_ipcp_scr(struct sppp *sp);
316
317 static void sppp_ipv6cp_init(struct sppp *sp);
318 static void sppp_ipv6cp_up(struct sppp *sp);
319 static void sppp_ipv6cp_down(struct sppp *sp);
320 static void sppp_ipv6cp_open(struct sppp *sp);
321 static void sppp_ipv6cp_close(struct sppp *sp);
322 static void sppp_ipv6cp_TO(void *sp);
323 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len);
324 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
325 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
326 static void sppp_ipv6cp_tlu(struct sppp *sp);
327 static void sppp_ipv6cp_tld(struct sppp *sp);
328 static void sppp_ipv6cp_tls(struct sppp *sp);
329 static void sppp_ipv6cp_tlf(struct sppp *sp);
330 static void sppp_ipv6cp_scr(struct sppp *sp);
331
332 static void sppp_pap_input(struct sppp *sp, struct mbuf *m);
333 static void sppp_pap_init(struct sppp *sp);
334 static void sppp_pap_open(struct sppp *sp);
335 static void sppp_pap_close(struct sppp *sp);
336 static void sppp_pap_TO(void *sp);
337 static void sppp_pap_my_TO(void *sp);
338 static void sppp_pap_tlu(struct sppp *sp);
339 static void sppp_pap_tld(struct sppp *sp);
340 static void sppp_pap_scr(struct sppp *sp);
341
342 static void sppp_chap_input(struct sppp *sp, struct mbuf *m);
343 static void sppp_chap_init(struct sppp *sp);
344 static void sppp_chap_open(struct sppp *sp);
345 static void sppp_chap_close(struct sppp *sp);
346 static void sppp_chap_TO(void *sp);
347 static void sppp_chap_tlu(struct sppp *sp);
348 static void sppp_chap_tld(struct sppp *sp);
349 static void sppp_chap_scr(struct sppp *sp);
350
351 static const char *sppp_auth_type_name(u_short proto, u_char type);
352 static const char *sppp_cp_type_name(u_char type);
353 static const char *sppp_dotted_quad(u_int32_t addr);
354 static const char *sppp_ipcp_opt_name(u_char opt);
355 #ifdef INET6
356 static const char *sppp_ipv6cp_opt_name(u_char opt);
357 #endif
358 static const char *sppp_lcp_opt_name(u_char opt);
359 static const char *sppp_phase_name(enum ppp_phase phase);
360 static const char *sppp_proto_name(u_short proto);
361 static const char *sppp_state_name(int state);
362 static int sppp_params(struct sppp *sp, int cmd, void *data);
363 static int sppp_strnlen(u_char *p, int max);
364 static void sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst,
365 u_int32_t *srcmask);
366 static void sppp_keepalive(void *dummy);
367 static void sppp_phase_network(struct sppp *sp);
368 static void sppp_print_bytes(const u_char *p, u_short len);
369 static void sppp_print_string(const char *p, u_short len);
370 static void sppp_set_ip_addrs(struct sppp *sp, u_int32_t myaddr, u_int32_t hisaddr);
371 static void sppp_clear_ip_addrs(struct sppp *sp);
372 #ifdef INET6
373 static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src,
374 struct in6_addr *dst, struct in6_addr *srcmask);
375 #ifdef IPV6CP_MYIFID_DYN
376 static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src);
377 static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src);
378 #endif
379 static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src);
380 #endif
381
382 /* our control protocol descriptors */
383 static const struct cp lcp = {
384 PPP_LCP, IDX_LCP, CP_LCP, "lcp",
385 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close,
386 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak,
387 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf,
388 sppp_lcp_scr
389 };
390
391 static const struct cp ipcp = {
392 PPP_IPCP, IDX_IPCP,
393 #ifdef INET
394 CP_NCP, /*don't run IPCP if there's no IPv4 support*/
395 #else
396 0,
397 #endif
398 "ipcp",
399 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close,
400 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak,
401 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf,
402 sppp_ipcp_scr
403 };
404
405 static const struct cp ipv6cp = {
406 PPP_IPV6CP, IDX_IPV6CP,
407 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/
408 CP_NCP,
409 #else
410 0,
411 #endif
412 "ipv6cp",
413 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close,
414 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak,
415 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf,
416 sppp_ipv6cp_scr
417 };
418
419 static const struct cp pap = {
420 PPP_PAP, IDX_PAP, CP_AUTH, "pap",
421 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close,
422 sppp_pap_TO, 0, 0, 0,
423 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null,
424 sppp_pap_scr
425 };
426
427 static const struct cp chap = {
428 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap",
429 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close,
430 sppp_chap_TO, 0, 0, 0,
431 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null,
432 sppp_chap_scr
433 };
434
435 static const struct cp *cps[IDX_COUNT] = {
436 &lcp, /* IDX_LCP */
437 &ipcp, /* IDX_IPCP */
438 &ipv6cp, /* IDX_IPV6CP */
439 &pap, /* IDX_PAP */
440 &chap, /* IDX_CHAP */
441 };
442
443
444 �/*
445 * Exported functions, comprising our interface to the lower layer.
446 */
447
448 /*
449 * Process the received packet.
450 */
451 void
452 sppp_input(struct ifnet *ifp, struct mbuf *m)
453 {
454 struct ppp_header *h = NULL;
455 struct ifqueue *inq = 0;
456 u_int16_t protocol;
457 int s;
458 struct sppp *sp = (struct sppp *)ifp;
459 int debug = ifp->if_flags & IFF_DEBUG;
460
461 if (ifp->if_flags & IFF_UP)
462 /* Count received bytes, add hardware framing */
463 ifp->if_ibytes += m->m_pkthdr.len + sp->pp_framebytes;
464
465 if (m->m_pkthdr.len <= PPP_HEADER_LEN) {
466 /* Too small packet, drop it. */
467 if (debug)
468 log(LOG_DEBUG,
469 SPP_FMT "input packet is too small, %d bytes\n",
470 SPP_ARGS(ifp), m->m_pkthdr.len);
471 drop:
472 ++ifp->if_ierrors;
473 ++ifp->if_iqdrops;
474 m_freem (m);
475 return;
476 }
477
478 if (sp->pp_flags & PP_NOFRAMING) {
479 memcpy(&protocol, mtod(m, void *), 2);
480 protocol = ntohs(protocol);
481 m_adj(m, 2);
482 } else {
483
484 /* Get PPP header. */
485 h = mtod (m, struct ppp_header*);
486 m_adj (m, PPP_HEADER_LEN);
487
488 switch (h->address) {
489 case PPP_ALLSTATIONS:
490 if (h->control != PPP_UI)
491 goto invalid;
492 if (sp->pp_flags & PP_CISCO) {
493 if (debug)
494 log(LOG_DEBUG,
495 SPP_FMT "PPP packet in Cisco mode "
496 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
497 SPP_ARGS(ifp),
498 h->address, h->control, ntohs(h->protocol));
499 goto drop;
500 }
501 break;
502 case CISCO_MULTICAST:
503 case CISCO_UNICAST:
504 /* Don't check the control field here (RFC 1547). */
505 if (! (sp->pp_flags & PP_CISCO)) {
506 if (debug)
507 log(LOG_DEBUG,
508 SPP_FMT "Cisco packet in PPP mode "
509 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
510 SPP_ARGS(ifp),
511 h->address, h->control, ntohs(h->protocol));
512 goto drop;
513 }
514 switch (ntohs (h->protocol)) {
515 default:
516 ++ifp->if_noproto;
517 goto invalid;
518 case CISCO_KEEPALIVE:
519 sppp_cisco_input ((struct sppp*) ifp, m);
520 m_freem (m);
521 return;
522 #ifdef INET
523 case ETHERTYPE_IP:
524 schednetisr (NETISR_IP);
525 inq = &ipintrq;
526 break;
527 #endif
528 #ifdef INET6
529 case ETHERTYPE_IPV6:
530 schednetisr (NETISR_IPV6);
531 inq = &ip6intrq;
532 break;
533 #endif
534 #ifdef IPX
535 case ETHERTYPE_IPX:
536 schednetisr (NETISR_IPX);
537 inq = &ipxintrq;
538 break;
539 #endif
540 #ifdef NS
541 case ETHERTYPE_NS:
542 schednetisr (NETISR_NS);
543 inq = &nsintrq;
544 break;
545 #endif
546 }
547 goto queue_pkt;
548 default: /* Invalid PPP packet. */
549 invalid:
550 if (debug)
551 log(LOG_DEBUG,
552 SPP_FMT "invalid input packet "
553 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
554 SPP_ARGS(ifp),
555 h->address, h->control, ntohs(h->protocol));
556 goto drop;
557 }
558 protocol = ntohs (h->protocol);
559 }
560
561 switch (protocol) {
562 default:
563 if (sp->state[IDX_LCP] == STATE_OPENED) {
564 u_int16_t prot = htons(protocol);
565 sppp_cp_send (sp, PPP_LCP, PROTO_REJ,
566 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2,
567 &prot);
568 }
569 if (debug)
570 log(LOG_DEBUG,
571 SPP_FMT "invalid input protocol "
572 "<proto=0x%x>\n", SPP_ARGS(ifp), ntohs(protocol));
573 ++ifp->if_noproto;
574 goto drop;
575 case PPP_LCP:
576 sppp_cp_input(&lcp, sp, m);
577 m_freem (m);
578 return;
579 case PPP_PAP:
580 if (sp->pp_phase >= PHASE_AUTHENTICATE)
581 sppp_pap_input(sp, m);
582 m_freem (m);
583 return;
584 case PPP_CHAP:
585 if (sp->pp_phase >= PHASE_AUTHENTICATE)
586 sppp_chap_input(sp, m);
587 m_freem (m);
588 return;
589 #ifdef INET
590 case PPP_IPCP:
591 if (sp->pp_phase == PHASE_NETWORK)
592 sppp_cp_input(&ipcp, sp, m);
593 m_freem (m);
594 return;
595 case PPP_IP:
596 if (sp->state[IDX_IPCP] == STATE_OPENED) {
597 schednetisr (NETISR_IP);
598 inq = &ipintrq;
599 }
600 break;
601 #endif
602 #ifdef INET6
603 case PPP_IPV6CP:
604 if (sp->pp_phase == PHASE_NETWORK)
605 sppp_cp_input(&ipv6cp, sp, m);
606 m_freem (m);
607 return;
608
609 case PPP_IPV6:
610 if (sp->state[IDX_IPV6CP] == STATE_OPENED) {
611 schednetisr (NETISR_IPV6);
612 inq = &ip6intrq;
613 }
614 break;
615 #endif
616 #ifdef IPX
617 case PPP_IPX:
618 /* IPX IPXCP not implemented yet */
619 if (sp->pp_phase == PHASE_NETWORK) {
620 schednetisr (NETISR_IPX);
621 inq = &ipxintrq;
622 }
623 break;
624 #endif
625 #ifdef NS
626 case PPP_XNS:
627 /* XNS IDPCP not implemented yet */
628 if (sp->pp_phase == PHASE_NETWORK) {
629 schednetisr (NETISR_NS);
630 inq = &nsintrq;
631 }
632 break;
633 #endif
634 #ifdef ISO
635 case PPP_ISO:
636 /* OSI NLCP not implemented yet */
637 if (sp->pp_phase == PHASE_NETWORK) {
638 schednetisr (NETISR_ISO);
639 inq = &clnlintrq;
640 }
641 break;
642 #endif
643 }
644
645 queue_pkt:
646 if (! (ifp->if_flags & IFF_UP) || ! inq)
647 goto drop;
648
649 /* Check queue. */
650 s = splnet();
651 if (IF_QFULL (inq)) {
652 /* Queue overflow. */
653 IF_DROP(inq);
654 splx(s);
655 if (debug)
656 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n",
657 SPP_ARGS(ifp));
658 goto drop;
659 }
660 IF_ENQUEUE(inq, m);
661 splx(s);
662 }
663
664 /*
665 * Enqueue transmit packet.
666 */
667 static int
668 sppp_output(struct ifnet *ifp, struct mbuf *m,
669 struct sockaddr *dst, struct rtentry *rt)
670 {
671 struct sppp *sp = (struct sppp*) ifp;
672 struct ppp_header *h = NULL;
673 struct ifqueue *ifq = NULL; /* XXX */
674 int s, len, rv = 0;
675 u_int16_t protocol;
676 ALTQ_DECL(struct altq_pktattr pktattr;)
677
678 s = splnet();
679
680 if ((ifp->if_flags & IFF_UP) == 0 ||
681 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) {
682 m_freem (m);
683 splx (s);
684 return (ENETDOWN);
685 }
686
687 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) {
688 /*
689 * Interface is not yet running, but auto-dial. Need
690 * to start LCP for it.
691 */
692 ifp->if_flags |= IFF_RUNNING;
693 splx(s);
694 lcp.Open(sp);
695 s = splnet();
696 }
697
698 /*
699 * If the queueing discipline needs packet classification,
700 * do it before prepending link headers.
701 */
702 IFQ_CLASSIFY(&ifp->if_snd, m, dst->sa_family, &pktattr);
703
704 #ifdef INET
705 if (dst->sa_family == AF_INET)
706 {
707 /* Check mbuf length here??? */
708 struct ip *ip = mtod (m, struct ip*);
709 struct tcphdr *tcp = (struct tcphdr*) ((int32_t*)ip + ip->ip_hl);
710
711 /*
712 * When using dynamic local IP address assignment by using
713 * 0.0.0.0 as a local address, the first TCP session will
714 * not connect because the local TCP checksum is computed
715 * using 0.0.0.0 which will later become our real IP address
716 * so the TCP checksum computed at the remote end will
717 * become invalid. So we
718 * - don't let packets with src ip addr 0 thru
719 * - we flag TCP packets with src ip 0 as an error
720 */
721
722 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */
723 {
724 m_freem(m);
725 splx(s);
726 if(ip->ip_p == IPPROTO_TCP)
727 return(EADDRNOTAVAIL);
728 else
729 return(0);
730 }
731
732 /*
733 * Put low delay, telnet, rlogin and ftp control packets
734 * in front of the queue.
735 */
736
737 if (! IF_QFULL (&sp->pp_fastq) &&
738 ((ip->ip_tos & IPTOS_LOWDELAY) ||
739 ((ip->ip_p == IPPROTO_TCP &&
740 m->m_len >= sizeof (struct ip) + sizeof (struct tcphdr) &&
741 (INTERACTIVE (ntohs (tcp->th_sport)))) ||
742 INTERACTIVE (ntohs (tcp->th_dport)))))
743 ifq = &sp->pp_fastq;
744 }
745 #endif
746
747 #ifdef INET6
748 if (dst->sa_family == AF_INET6) {
749 /* XXX do something tricky here? */
750 }
751 #endif
752
753 if ((sp->pp_flags & PP_NOFRAMING) == 0) {
754 /*
755 * Prepend general data packet PPP header. For now, IP only.
756 */
757 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT);
758 if (! m) {
759 if (ifp->if_flags & IFF_DEBUG)
760 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n",
761 SPP_ARGS(ifp));
762 ++ifp->if_oerrors;
763 splx (s);
764 return (ENOBUFS);
765 }
766 /*
767 * May want to check size of packet
768 * (albeit due to the implementation it's always enough)
769 */
770 h = mtod (m, struct ppp_header*);
771 if (sp->pp_flags & PP_CISCO) {
772 h->address = CISCO_UNICAST; /* unicast address */
773 h->control = 0;
774 } else {
775 h->address = PPP_ALLSTATIONS; /* broadcast address */
776 h->control = PPP_UI; /* Unnumbered Info */
777 }
778 }
779
780 switch (dst->sa_family) {
781 #ifdef INET
782 case AF_INET: /* Internet Protocol */
783 if (sp->pp_flags & PP_CISCO)
784 protocol = htons (ETHERTYPE_IP);
785 else {
786 /*
787 * Don't choke with an ENETDOWN early. It's
788 * possible that we just started dialing out,
789 * so don't drop the packet immediately. If
790 * we notice that we run out of buffer space
791 * below, we will however remember that we are
792 * not ready to carry IP packets, and return
793 * ENETDOWN, as opposed to ENOBUFS.
794 */
795 protocol = htons(PPP_IP);
796 if (sp->state[IDX_IPCP] != STATE_OPENED)
797 rv = ENETDOWN;
798 }
799 break;
800 #endif
801 #ifdef INET6
802 case AF_INET6: /* Internet Protocol version 6 */
803 if (sp->pp_flags & PP_CISCO)
804 protocol = htons (ETHERTYPE_IPV6);
805 else {
806 /*
807 * Don't choke with an ENETDOWN early. It's
808 * possible that we just started dialing out,
809 * so don't drop the packet immediately. If
810 * we notice that we run out of buffer space
811 * below, we will however remember that we are
812 * not ready to carry IP packets, and return
813 * ENETDOWN, as opposed to ENOBUFS.
814 */
815 protocol = htons(PPP_IPV6);
816 if (sp->state[IDX_IPV6CP] != STATE_OPENED)
817 rv = ENETDOWN;
818 }
819 break;
820 #endif
821 #ifdef NS
822 case AF_NS: /* Xerox NS Protocol */
823 protocol = htons ((sp->pp_flags & PP_CISCO) ?
824 ETHERTYPE_NS : PPP_XNS);
825 break;
826 #endif
827 #ifdef IPX
828 case AF_IPX: /* Novell IPX Protocol */
829 protocol = htons ((sp->pp_flags & PP_CISCO) ?
830 ETHERTYPE_IPX : PPP_IPX);
831 break;
832 #endif
833 #ifdef ISO
834 case AF_ISO: /* ISO OSI Protocol */
835 if (sp->pp_flags & PP_CISCO)
836 goto nosupport;
837 protocol = htons (PPP_ISO);
838 break;
839 nosupport:
840 #endif
841 default:
842 m_freem (m);
843 ++ifp->if_oerrors;
844 splx (s);
845 return (EAFNOSUPPORT);
846 }
847
848 if (sp->pp_flags & PP_NOFRAMING) {
849 M_PREPEND (m, 2, M_DONTWAIT);
850 if (m == NULL) {
851 if (ifp->if_flags & IFF_DEBUG)
852 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n",
853 SPP_ARGS(ifp));
854 ++ifp->if_oerrors;
855 splx (s);
856 return (ENOBUFS);
857 }
858 *mtod(m, u_int16_t*) = protocol;
859 } else {
860 h->protocol = protocol;
861 }
862
863 /*
864 * Queue message on interface, and start output if interface
865 * not yet active.
866 */
867 len = m->m_pkthdr.len;
868 if (ifq != NULL
869 #ifdef ALTQ
870 && ALTQ_IS_ENABLED(&ifp->if_snd) == 0
871 #endif
872 ) {
873 if (IF_QFULL (ifq)) {
874 IF_DROP (&ifp->if_snd);
875 m_freem (m);
876 if (rv == 0)
877 rv = ENOBUFS;
878 }
879 IF_ENQUEUE(ifq, m);
880 } else
881 IFQ_ENQUEUE(&ifp->if_snd, m, &pktattr, rv);
882 if (rv != 0) {
883 ++ifp->if_oerrors;
884 splx(s);
885 return (rv);
886 }
887
888 if (! (ifp->if_flags & IFF_OACTIVE))
889 (*ifp->if_start) (ifp);
890
891 /*
892 * Count output packets and bytes.
893 * The packet length includes header + additional hardware framing
894 * according to RFC 1333.
895 */
896 ifp->if_obytes += len + sp->pp_framebytes;
897 splx (s);
898 return (0);
899 }
900
901 void
902 sppp_attach(struct ifnet *ifp)
903 {
904 struct sppp *sp = (struct sppp*) ifp;
905
906 /* Initialize keepalive handler. */
907 if (! spppq) {
908 callout_init(&keepalive_ch);
909 callout_reset(&keepalive_ch, hz * 10, sppp_keepalive, NULL);
910 }
911
912 /* Insert new entry into the keepalive list. */
913 sp->pp_next = spppq;
914 spppq = sp;
915
916 sp->pp_if.if_type = IFT_PPP;
917 sp->pp_if.if_output = sppp_output;
918 sp->pp_fastq.ifq_maxlen = 32;
919 sp->pp_cpq.ifq_maxlen = 20;
920 sp->pp_loopcnt = 0;
921 sp->pp_alivecnt = 0;
922 memset(&sp->pp_seq[0], 0, sizeof(sp->pp_seq));
923 memset(&sp->pp_rseq[0], 0, sizeof(sp->pp_rseq));
924 sp->pp_phase = PHASE_DEAD;
925 sp->pp_up = lcp.Up;
926 sp->pp_down = lcp.Down;
927
928 if_alloc_sadl(ifp);
929
930 sppp_lcp_init(sp);
931 sppp_ipcp_init(sp);
932 sppp_ipv6cp_init(sp);
933 sppp_pap_init(sp);
934 sppp_chap_init(sp);
935 }
936
937 void
938 sppp_detach(struct ifnet *ifp)
939 {
940 struct sppp **q, *p, *sp = (struct sppp*) ifp;
941 int i;
942
943 /* Remove the entry from the keepalive list. */
944 for (q = &spppq; (p = *q); q = &p->pp_next)
945 if (p == sp) {
946 *q = p->pp_next;
947 break;
948 }
949
950 /* Stop keepalive handler. */
951 if (! spppq) {
952 callout_stop(&keepalive_ch);
953 }
954
955 for (i = 0; i < IDX_COUNT; i++) {
956 callout_stop(&sp->ch[i]);
957 }
958 callout_stop(&sp->pap_my_to_ch);
959
960 if_free_sadl(ifp);
961 }
962
963 /*
964 * Flush the interface output queue.
965 */
966 void
967 sppp_flush(struct ifnet *ifp)
968 {
969 struct sppp *sp = (struct sppp*) ifp;
970
971 IFQ_PURGE (&sp->pp_if.if_snd);
972 IF_PURGE (&sp->pp_fastq);
973 IF_PURGE (&sp->pp_cpq);
974 }
975
976 /*
977 * Check if the output queue is empty.
978 */
979 int
980 sppp_isempty(struct ifnet *ifp)
981 {
982 struct sppp *sp = (struct sppp*) ifp;
983 int empty, s;
984
985 s = splnet();
986 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head &&
987 !sp->pp_if.if_snd.ifq_head;
988 splx(s);
989 return (empty);
990 }
991
992 /*
993 * Get next packet to send.
994 */
995 struct mbuf *
996 sppp_dequeue(struct ifnet *ifp)
997 {
998 struct sppp *sp = (struct sppp*) ifp;
999 struct mbuf *m;
1000 int s;
1001
1002 s = splnet();
1003 /*
1004 * Process only the control protocol queue until we have at
1005 * least one NCP open.
1006 *
1007 * Do always serve all three queues in Cisco mode.
1008 */
1009 IF_DEQUEUE(&sp->pp_cpq, m);
1010 if (m == NULL &&
1011 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) {
1012 IF_DEQUEUE(&sp->pp_fastq, m);
1013 if (m == NULL)
1014 IF_DEQUEUE (&sp->pp_if.if_snd, m);
1015 }
1016 splx(s);
1017 return m;
1018 }
1019
1020 /*
1021 * Pick the next packet, do not remove it from the queue.
1022 */
1023 struct mbuf *
1024 sppp_pick(struct ifnet *ifp)
1025 {
1026 struct sppp *sp = (struct sppp*)ifp;
1027 struct mbuf *m;
1028 int s;
1029
1030 s= splnet ();
1031
1032 m = sp->pp_cpq.ifq_head;
1033 if (m == NULL &&
1034 (sp->pp_phase == PHASE_NETWORK ||
1035 (sp->pp_flags & PP_CISCO) != 0))
1036 if ((m = sp->pp_fastq.ifq_head) == NULL)
1037 m = sp->pp_if.if_snd.ifq_head;
1038 splx (s);
1039 return (m);
1040 }
1041
1042 /*
1043 * Process an ioctl request. Called on low priority level.
1044 */
1045 int
1046 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data)
1047 {
1048 struct ifreq *ifr = (struct ifreq*) data;
1049 struct sppp *sp = (struct sppp*) ifp;
1050 int s, rv, going_up, going_down, newmode;
1051
1052 s = splnet();
1053 rv = 0;
1054 switch (cmd) {
1055 case SIOCAIFADDR:
1056 case SIOCSIFDSTADDR:
1057 break;
1058
1059 case SIOCSIFADDR:
1060 if_up(ifp);
1061 /* fall through... */
1062
1063 case SIOCSIFFLAGS:
1064 going_up = ifp->if_flags & IFF_UP &&
1065 (ifp->if_flags & IFF_RUNNING) == 0;
1066 going_down = (ifp->if_flags & IFF_UP) == 0 &&
1067 ifp->if_flags & IFF_RUNNING;
1068 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE);
1069 if (newmode == (IFF_AUTO | IFF_PASSIVE)) {
1070 /* sanity */
1071 newmode = IFF_PASSIVE;
1072 ifp->if_flags &= ~IFF_AUTO;
1073 }
1074
1075 if (going_up || going_down)
1076 lcp.Close(sp);
1077 if (going_up && newmode == 0) {
1078 /* neither auto-dial nor passive */
1079 ifp->if_flags |= IFF_RUNNING;
1080 if (!(sp->pp_flags & PP_CISCO))
1081 lcp.Open(sp);
1082 } else if (going_down) {
1083 sppp_flush(ifp);
1084 ifp->if_flags &= ~IFF_RUNNING;
1085 }
1086
1087 break;
1088
1089 #ifdef SIOCSIFMTU
1090 #ifndef ifr_mtu
1091 #define ifr_mtu ifr_metric
1092 #endif
1093 case SIOCSIFMTU:
1094 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru)
1095 return (EINVAL);
1096 ifp->if_mtu = ifr->ifr_mtu;
1097 break;
1098 #endif
1099 #ifdef SLIOCSETMTU
1100 case SLIOCSETMTU:
1101 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru)
1102 return (EINVAL);
1103 ifp->if_mtu = *(short*)data;
1104 break;
1105 #endif
1106 #ifdef SIOCGIFMTU
1107 case SIOCGIFMTU:
1108 ifr->ifr_mtu = ifp->if_mtu;
1109 break;
1110 #endif
1111 #ifdef SLIOCGETMTU
1112 case SLIOCGETMTU:
1113 *(short*)data = ifp->if_mtu;
1114 break;
1115 #endif
1116 case SIOCADDMULTI:
1117 case SIOCDELMULTI:
1118 break;
1119
1120 case SIOCGIFGENERIC:
1121 case SIOCSIFGENERIC:
1122 rv = sppp_params(sp, cmd, data);
1123 break;
1124
1125 default:
1126 rv = ENOTTY;
1127 }
1128 splx(s);
1129 return rv;
1130 }
1131
1132
1133 �/*
1134 * Cisco framing implementation.
1135 */
1136
1137 /*
1138 * Handle incoming Cisco keepalive protocol packets.
1139 */
1140 static void
1141 sppp_cisco_input(struct sppp *sp, struct mbuf *m)
1142 {
1143 STDDCL;
1144 struct cisco_packet *h;
1145 u_int32_t me, mymask;
1146
1147 if (m->m_pkthdr.len < CISCO_PACKET_LEN) {
1148 if (debug)
1149 log(LOG_DEBUG,
1150 SPP_FMT "cisco invalid packet length: %d bytes\n",
1151 SPP_ARGS(ifp), m->m_pkthdr.len);
1152 return;
1153 }
1154 h = mtod (m, struct cisco_packet*);
1155 if (debug)
1156 log(LOG_DEBUG,
1157 SPP_FMT "cisco input: %d bytes "
1158 "<0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n",
1159 SPP_ARGS(ifp), m->m_pkthdr.len,
1160 ntohl (h->type), h->par1, h->par2, (u_int)h->rel,
1161 (u_int)h->time0, (u_int)h->time1);
1162 switch (ntohl (h->type)) {
1163 default:
1164 if (debug)
1165 addlog(SPP_FMT "cisco unknown packet type: 0x%x\n",
1166 SPP_ARGS(ifp), ntohl (h->type));
1167 break;
1168 case CISCO_ADDR_REPLY:
1169 /* Reply on address request, ignore */
1170 break;
1171 case CISCO_KEEPALIVE_REQ:
1172 sp->pp_alivecnt = 0;
1173 sp->pp_rseq[IDX_LCP] = ntohl (h->par1);
1174 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) {
1175 /* Local and remote sequence numbers are equal.
1176 * Probably, the line is in loopback mode. */
1177 if (sp->pp_loopcnt >= MAXALIVECNT) {
1178 printf (SPP_FMT "loopback\n",
1179 SPP_ARGS(ifp));
1180 sp->pp_loopcnt = 0;
1181 if (ifp->if_flags & IFF_UP) {
1182 if_down (ifp);
1183 IF_PURGE (&sp->pp_cpq);
1184 }
1185 }
1186 ++sp->pp_loopcnt;
1187
1188 /* Generate new local sequence number */
1189 sp->pp_seq[IDX_LCP] = random();
1190 break;
1191 }
1192 sp->pp_loopcnt = 0;
1193 if (! (ifp->if_flags & IFF_UP) &&
1194 (ifp->if_flags & IFF_RUNNING)) {
1195 if_up(ifp);
1196 printf (SPP_FMT "up\n", SPP_ARGS(ifp));
1197 }
1198 break;
1199 case CISCO_ADDR_REQ:
1200 sppp_get_ip_addrs(sp, &me, 0, &mymask);
1201 if (me != 0L)
1202 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask);
1203 break;
1204 }
1205 }
1206
1207 /*
1208 * Send Cisco keepalive packet.
1209 */
1210 static void
1211 sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2)
1212 {
1213 STDDCL;
1214 struct ppp_header *h;
1215 struct cisco_packet *ch;
1216 struct mbuf *m;
1217 u_int32_t t = (time.tv_sec - boottime.tv_sec) * 1000;
1218
1219 MGETHDR (m, M_DONTWAIT, MT_DATA);
1220 if (! m)
1221 return;
1222 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN;
1223 m->m_pkthdr.rcvif = 0;
1224
1225 h = mtod (m, struct ppp_header*);
1226 h->address = CISCO_MULTICAST;
1227 h->control = 0;
1228 h->protocol = htons (CISCO_KEEPALIVE);
1229
1230 ch = (struct cisco_packet*) (h + 1);
1231 ch->type = htonl (type);
1232 ch->par1 = htonl (par1);
1233 ch->par2 = htonl (par2);
1234 ch->rel = -1;
1235
1236 ch->time0 = htons ((u_short) (t >> 16));
1237 ch->time1 = htons ((u_short) t);
1238
1239 if (debug)
1240 log(LOG_DEBUG,
1241 SPP_FMT "cisco output: <0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n",
1242 SPP_ARGS(ifp), ntohl (ch->type), ch->par1,
1243 ch->par2, (u_int)ch->rel, (u_int)ch->time0,
1244 (u_int)ch->time1);
1245
1246 if (IF_QFULL (&sp->pp_cpq)) {
1247 IF_DROP (&sp->pp_fastq);
1248 IF_DROP (&ifp->if_snd);
1249 m_freem (m);
1250 } else
1251 IF_ENQUEUE (&sp->pp_cpq, m);
1252 if (! (ifp->if_flags & IFF_OACTIVE))
1253 (*ifp->if_start) (ifp);
1254 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes;
1255 }
1256
1257 �/*
1258 * PPP protocol implementation.
1259 */
1260
1261 /*
1262 * Send PPP control protocol packet.
1263 */
1264 static void
1265 sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
1266 u_char ident, u_short len, void *data)
1267 {
1268 STDDCL;
1269 struct lcp_header *lh;
1270 struct mbuf *m;
1271 size_t pkthdrlen;
1272
1273 pkthdrlen = (sp->pp_flags & PP_NOFRAMING) ? 2 : PPP_HEADER_LEN;
1274
1275 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN)
1276 len = MHLEN - pkthdrlen - LCP_HEADER_LEN;
1277 MGETHDR (m, M_DONTWAIT, MT_DATA);
1278 if (! m)
1279 return;
1280 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len;
1281 m->m_pkthdr.rcvif = 0;
1282
1283 if (sp->pp_flags & PP_NOFRAMING) {
1284 *mtod(m, u_int16_t*) = htons(proto);
1285 lh = (struct lcp_header*)(mtod(m, u_int8_t*) + 2);
1286 } else {
1287 struct ppp_header *h;
1288 h = mtod (m, struct ppp_header*);
1289 h->address = PPP_ALLSTATIONS; /* broadcast address */
1290 h->control = PPP_UI; /* Unnumbered Info */
1291 h->protocol = htons (proto); /* Link Control Protocol */
1292 lh = (struct lcp_header*) (h + 1);
1293 }
1294 lh->type = type;
1295 lh->ident = ident;
1296 lh->len = htons (LCP_HEADER_LEN + len);
1297 if (len)
1298 bcopy (data, lh+1, len);
1299
1300 if (debug) {
1301 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d",
1302 SPP_ARGS(ifp),
1303 sppp_proto_name(proto),
1304 sppp_cp_type_name (lh->type), lh->ident,
1305 ntohs (lh->len));
1306 if (len)
1307 sppp_print_bytes ((u_char*) (lh+1), len);
1308 addlog(">\n");
1309 }
1310 if (IF_QFULL (&sp->pp_cpq)) {
1311 IF_DROP (&sp->pp_fastq);
1312 IF_DROP (&ifp->if_snd);
1313 m_freem (m);
1314 ++ifp->if_oerrors;
1315 } else
1316 IF_ENQUEUE (&sp->pp_cpq, m);
1317 if (! (ifp->if_flags & IFF_OACTIVE))
1318 (*ifp->if_start) (ifp);
1319 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes;
1320 }
1321
1322 /*
1323 * Handle incoming PPP control protocol packets.
1324 */
1325 static void
1326 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m)
1327 {
1328 STDDCL;
1329 struct lcp_header *h;
1330 int len = m->m_pkthdr.len;
1331 int rv;
1332 u_char *p;
1333 u_int32_t u32;
1334
1335 if (len < 4) {
1336 if (debug)
1337 log(LOG_DEBUG,
1338 SPP_FMT "%s invalid packet length: %d bytes\n",
1339 SPP_ARGS(ifp), cp->name, len);
1340 return;
1341 }
1342 h = mtod (m, struct lcp_header*);
1343 if (debug) {
1344 log(LOG_DEBUG,
1345 SPP_FMT "%s input(%s): <%s id=0x%x len=%d",
1346 SPP_ARGS(ifp), cp->name,
1347 sppp_state_name(sp->state[cp->protoidx]),
1348 sppp_cp_type_name (h->type), h->ident, ntohs (h->len));
1349 if (len > 4)
1350 sppp_print_bytes ((u_char*) (h+1), len-4);
1351 addlog(">\n");
1352 }
1353 if (len > ntohs (h->len))
1354 len = ntohs (h->len);
1355 p = (u_char *)(h + 1);
1356 switch (h->type) {
1357 case CONF_REQ:
1358 if (len < 4) {
1359 if (debug)
1360 addlog(SPP_FMT "%s invalid conf-req length %d\n",
1361 SPP_ARGS(ifp), cp->name,
1362 len);
1363 ++ifp->if_ierrors;
1364 break;
1365 }
1366 /* handle states where RCR doesn't get a SCA/SCN */
1367 switch (sp->state[cp->protoidx]) {
1368 case STATE_CLOSING:
1369 case STATE_STOPPING:
1370 return;
1371 case STATE_CLOSED:
1372 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident,
1373 0, 0);
1374 return;
1375 }
1376 rv = (cp->RCR)(sp, h, len);
1377 switch (sp->state[cp->protoidx]) {
1378 case STATE_OPENED:
1379 (cp->tld)(sp);
1380 (cp->scr)(sp);
1381 /* fall through... */
1382 case STATE_ACK_SENT:
1383 case STATE_REQ_SENT:
1384 sppp_cp_change_state(cp, sp, rv?
1385 STATE_ACK_SENT: STATE_REQ_SENT);
1386 break;
1387 case STATE_STOPPED:
1388 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1389 (cp->scr)(sp);
1390 sppp_cp_change_state(cp, sp, rv?
1391 STATE_ACK_SENT: STATE_REQ_SENT);
1392 break;
1393 case STATE_ACK_RCVD:
1394 if (rv) {
1395 sppp_cp_change_state(cp, sp, STATE_OPENED);
1396 if (debug)
1397 log(LOG_DEBUG, SPP_FMT "%s tlu\n",
1398 SPP_ARGS(ifp),
1399 cp->name);
1400 (cp->tlu)(sp);
1401 } else
1402 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1403 break;
1404 default:
1405 printf(SPP_FMT "%s illegal %s in state %s\n",
1406 SPP_ARGS(ifp), cp->name,
1407 sppp_cp_type_name(h->type),
1408 sppp_state_name(sp->state[cp->protoidx]));
1409 ++ifp->if_ierrors;
1410 }
1411 break;
1412 case CONF_ACK:
1413 if (h->ident != sp->confid[cp->protoidx]) {
1414 if (debug)
1415 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n",
1416 SPP_ARGS(ifp), cp->name,
1417 h->ident, sp->confid[cp->protoidx]);
1418 ++ifp->if_ierrors;
1419 break;
1420 }
1421 switch (sp->state[cp->protoidx]) {
1422 case STATE_CLOSED:
1423 case STATE_STOPPED:
1424 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1425 break;
1426 case STATE_CLOSING:
1427 case STATE_STOPPING:
1428 break;
1429 case STATE_REQ_SENT:
1430 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1431 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1432 break;
1433 case STATE_OPENED:
1434 (cp->tld)(sp);
1435 /* fall through */
1436 case STATE_ACK_RCVD:
1437 (cp->scr)(sp);
1438 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1439 break;
1440 case STATE_ACK_SENT:
1441 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1442 sppp_cp_change_state(cp, sp, STATE_OPENED);
1443 if (debug)
1444 log(LOG_DEBUG, SPP_FMT "%s tlu\n",
1445 SPP_ARGS(ifp), cp->name);
1446 (cp->tlu)(sp);
1447 break;
1448 default:
1449 printf(SPP_FMT "%s illegal %s in state %s\n",
1450 SPP_ARGS(ifp), cp->name,
1451 sppp_cp_type_name(h->type),
1452 sppp_state_name(sp->state[cp->protoidx]));
1453 ++ifp->if_ierrors;
1454 }
1455 break;
1456 case CONF_NAK:
1457 case CONF_REJ:
1458 if (h->ident != sp->confid[cp->protoidx]) {
1459 if (debug)
1460 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n",
1461 SPP_ARGS(ifp), cp->name,
1462 h->ident, sp->confid[cp->protoidx]);
1463 ++ifp->if_ierrors;
1464 break;
1465 }
1466 if (h->type == CONF_NAK)
1467 (cp->RCN_nak)(sp, h, len);
1468 else /* CONF_REJ */
1469 (cp->RCN_rej)(sp, h, len);
1470
1471 switch (sp->state[cp->protoidx]) {
1472 case STATE_CLOSED:
1473 case STATE_STOPPED:
1474 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1475 break;
1476 case STATE_REQ_SENT:
1477 case STATE_ACK_SENT:
1478 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1479 (cp->scr)(sp);
1480 break;
1481 case STATE_OPENED:
1482 (cp->tld)(sp);
1483 /* fall through */
1484 case STATE_ACK_RCVD:
1485 sppp_cp_change_state(cp, sp, STATE_ACK_SENT);
1486 (cp->scr)(sp);
1487 break;
1488 case STATE_CLOSING:
1489 case STATE_STOPPING:
1490 break;
1491 default:
1492 printf(SPP_FMT "%s illegal %s in state %s\n",
1493 SPP_ARGS(ifp), cp->name,
1494 sppp_cp_type_name(h->type),
1495 sppp_state_name(sp->state[cp->protoidx]));
1496 ++ifp->if_ierrors;
1497 }
1498 break;
1499
1500 case TERM_REQ:
1501 switch (sp->state[cp->protoidx]) {
1502 case STATE_ACK_RCVD:
1503 case STATE_ACK_SENT:
1504 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1505 /* fall through */
1506 case STATE_CLOSED:
1507 case STATE_STOPPED:
1508 case STATE_CLOSING:
1509 case STATE_STOPPING:
1510 case STATE_REQ_SENT:
1511 sta:
1512 /* Send Terminate-Ack packet. */
1513 if (debug)
1514 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n",
1515 SPP_ARGS(ifp), cp->name);
1516 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1517 break;
1518 case STATE_OPENED:
1519 (cp->tld)(sp);
1520 sp->rst_counter[cp->protoidx] = 0;
1521 sppp_cp_change_state(cp, sp, STATE_STOPPING);
1522 goto sta;
1523 break;
1524 default:
1525 printf(SPP_FMT "%s illegal %s in state %s\n",
1526 SPP_ARGS(ifp), cp->name,
1527 sppp_cp_type_name(h->type),
1528 sppp_state_name(sp->state[cp->protoidx]));
1529 ++ifp->if_ierrors;
1530 }
1531 break;
1532 case TERM_ACK:
1533 switch (sp->state[cp->protoidx]) {
1534 case STATE_CLOSED:
1535 case STATE_STOPPED:
1536 case STATE_REQ_SENT:
1537 case STATE_ACK_SENT:
1538 break;
1539 case STATE_CLOSING:
1540 (cp->tlf)(sp);
1541 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1542 sppp_lcp_check_and_close(sp);
1543 break;
1544 case STATE_STOPPING:
1545 (cp->tlf)(sp);
1546 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1547 sppp_lcp_check_and_close(sp);
1548 break;
1549 case STATE_ACK_RCVD:
1550 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1551 break;
1552 case STATE_OPENED:
1553 (cp->tld)(sp);
1554 (cp->scr)(sp);
1555 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1556 break;
1557 default:
1558 printf(SPP_FMT "%s illegal %s in state %s\n",
1559 SPP_ARGS(ifp), cp->name,
1560 sppp_cp_type_name(h->type),
1561 sppp_state_name(sp->state[cp->protoidx]));
1562 ++ifp->if_ierrors;
1563 }
1564 break;
1565 case CODE_REJ:
1566 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */
1567 log(LOG_INFO,
1568 SPP_FMT "%s: ignoring RXJ (%s) for code ?, "
1569 "danger will robinson\n",
1570 SPP_ARGS(ifp), cp->name,
1571 sppp_cp_type_name(h->type));
1572 switch (sp->state[cp->protoidx]) {
1573 case STATE_CLOSED:
1574 case STATE_STOPPED:
1575 case STATE_REQ_SENT:
1576 case STATE_ACK_SENT:
1577 case STATE_CLOSING:
1578 case STATE_STOPPING:
1579 case STATE_OPENED:
1580 break;
1581 case STATE_ACK_RCVD:
1582 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1583 break;
1584 default:
1585 printf(SPP_FMT "%s illegal %s in state %s\n",
1586 SPP_ARGS(ifp), cp->name,
1587 sppp_cp_type_name(h->type),
1588 sppp_state_name(sp->state[cp->protoidx]));
1589 ++ifp->if_ierrors;
1590 }
1591 break;
1592 case PROTO_REJ:
1593 {
1594 int catastrophic;
1595 const struct cp *upper;
1596 int i;
1597 u_int16_t proto;
1598
1599 catastrophic = 0;
1600 upper = NULL;
1601 proto = p[0] << 8 | p[1];
1602 for (i = 0; i < IDX_COUNT; i++) {
1603 if (cps[i]->proto == proto) {
1604 upper = cps[i];
1605 break;
1606 }
1607 }
1608 if (upper == NULL)
1609 catastrophic++;
1610
1611 log(LOG_INFO,
1612 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n",
1613 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+',
1614 sppp_cp_type_name(h->type), proto,
1615 upper ? upper->name : "unknown",
1616 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?");
1617
1618 /*
1619 * if we got RXJ+ against conf-req, the peer does not implement
1620 * this particular protocol type. terminate the protocol.
1621 */
1622 if (upper && !catastrophic) {
1623 if (sp->state[upper->protoidx] == STATE_REQ_SENT) {
1624 upper->Close(sp);
1625 break;
1626 }
1627 }
1628
1629 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */
1630 switch (sp->state[cp->protoidx]) {
1631 case STATE_CLOSED:
1632 case STATE_STOPPED:
1633 case STATE_REQ_SENT:
1634 case STATE_ACK_SENT:
1635 case STATE_CLOSING:
1636 case STATE_STOPPING:
1637 case STATE_OPENED:
1638 break;
1639 case STATE_ACK_RCVD:
1640 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1641 break;
1642 default:
1643 printf(SPP_FMT "%s illegal %s in state %s\n",
1644 SPP_ARGS(ifp), cp->name,
1645 sppp_cp_type_name(h->type),
1646 sppp_state_name(sp->state[cp->protoidx]));
1647 ++ifp->if_ierrors;
1648 }
1649 break;
1650 }
1651 case DISC_REQ:
1652 if (cp->proto != PPP_LCP)
1653 goto illegal;
1654 /* Discard the packet. */
1655 break;
1656 case ECHO_REQ:
1657 if (cp->proto != PPP_LCP)
1658 goto illegal;
1659 if (sp->state[cp->protoidx] != STATE_OPENED) {
1660 if (debug)
1661 addlog(SPP_FMT "lcp echo req but lcp closed\n",
1662 SPP_ARGS(ifp));
1663 ++ifp->if_ierrors;
1664 break;
1665 }
1666 if (len < 8) {
1667 if (debug)
1668 addlog(SPP_FMT "invalid lcp echo request "
1669 "packet length: %d bytes\n",
1670 SPP_ARGS(ifp), len);
1671 break;
1672 }
1673 memcpy(&u32, h + 1, sizeof u32);
1674 if (ntohl(u32) == sp->lcp.magic) {
1675 /* Line loopback mode detected. */
1676 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp));
1677 if_down (ifp);
1678 IF_PURGE (&sp->pp_cpq);
1679
1680 /* Shut down the PPP link. */
1681 /* XXX */
1682 lcp.Down(sp);
1683 lcp.Up(sp);
1684 break;
1685 }
1686 u32 = htonl(sp->lcp.magic);
1687 memcpy(h + 1, &u32, sizeof u32);
1688 if (debug)
1689 addlog(SPP_FMT "got lcp echo req, sending echo rep\n",
1690 SPP_ARGS(ifp));
1691 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1);
1692 break;
1693 case ECHO_REPLY:
1694 if (cp->proto != PPP_LCP)
1695 goto illegal;
1696 if (h->ident != sp->lcp.echoid) {
1697 ++ifp->if_ierrors;
1698 break;
1699 }
1700 if (len < 8) {
1701 if (debug)
1702 addlog(SPP_FMT "lcp invalid echo reply "
1703 "packet length: %d bytes\n",
1704 SPP_ARGS(ifp), len);
1705 break;
1706 }
1707 if (debug)
1708 addlog(SPP_FMT "lcp got echo rep\n",
1709 SPP_ARGS(ifp));
1710 memcpy(&u32, h + 1, sizeof u32);
1711 if (ntohl(u32) != sp->lcp.magic)
1712 sp->pp_alivecnt = 0;
1713 break;
1714 default:
1715 /* Unknown packet type -- send Code-Reject packet. */
1716 illegal:
1717 if (debug)
1718 addlog(SPP_FMT "%s send code-rej for 0x%x\n",
1719 SPP_ARGS(ifp), cp->name, h->type);
1720 sppp_cp_send(sp, cp->proto, CODE_REJ,
1721 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h);
1722 ++ifp->if_ierrors;
1723 }
1724 }
1725
1726
1727 /*
1728 * The generic part of all Up/Down/Open/Close/TO event handlers.
1729 * Basically, the state transition handling in the automaton.
1730 */
1731 static void
1732 sppp_up_event(const struct cp *cp, struct sppp *sp)
1733 {
1734 STDDCL;
1735
1736 if (debug)
1737 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n",
1738 SPP_ARGS(ifp), cp->name,
1739 sppp_state_name(sp->state[cp->protoidx]));
1740
1741 switch (sp->state[cp->protoidx]) {
1742 case STATE_INITIAL:
1743 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1744 break;
1745 case STATE_STARTING:
1746 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1747 (cp->scr)(sp);
1748 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1749 break;
1750 default:
1751 printf(SPP_FMT "%s illegal up in state %s\n",
1752 SPP_ARGS(ifp), cp->name,
1753 sppp_state_name(sp->state[cp->protoidx]));
1754 }
1755 }
1756
1757 static void
1758 sppp_down_event(const struct cp *cp, struct sppp *sp)
1759 {
1760 STDDCL;
1761
1762 if (debug)
1763 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n",
1764 SPP_ARGS(ifp), cp->name,
1765 sppp_state_name(sp->state[cp->protoidx]));
1766
1767 switch (sp->state[cp->protoidx]) {
1768 case STATE_CLOSED:
1769 case STATE_CLOSING:
1770 sppp_cp_change_state(cp, sp, STATE_INITIAL);
1771 break;
1772 case STATE_STOPPED:
1773 (cp->tls)(sp);
1774 /* fall through */
1775 case STATE_STOPPING:
1776 case STATE_REQ_SENT:
1777 case STATE_ACK_RCVD:
1778 case STATE_ACK_SENT:
1779 sppp_cp_change_state(cp, sp, STATE_STARTING);
1780 break;
1781 case STATE_OPENED:
1782 (cp->tld)(sp);
1783 sppp_cp_change_state(cp, sp, STATE_STARTING);
1784 break;
1785 default:
1786 printf(SPP_FMT "%s illegal down in state %s\n",
1787 SPP_ARGS(ifp), cp->name,
1788 sppp_state_name(sp->state[cp->protoidx]));
1789 }
1790 }
1791
1792
1793 static void
1794 sppp_open_event(const struct cp *cp, struct sppp *sp)
1795 {
1796 STDDCL;
1797
1798 if (debug)
1799 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n",
1800 SPP_ARGS(ifp), cp->name,
1801 sppp_state_name(sp->state[cp->protoidx]));
1802
1803 switch (sp->state[cp->protoidx]) {
1804 case STATE_INITIAL:
1805 (cp->tls)(sp);
1806 sppp_cp_change_state(cp, sp, STATE_STARTING);
1807 break;
1808 case STATE_STARTING:
1809 break;
1810 case STATE_CLOSED:
1811 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1812 (cp->scr)(sp);
1813 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1814 break;
1815 case STATE_STOPPED:
1816 case STATE_STOPPING:
1817 case STATE_REQ_SENT:
1818 case STATE_ACK_RCVD:
1819 case STATE_ACK_SENT:
1820 case STATE_OPENED:
1821 break;
1822 case STATE_CLOSING:
1823 sppp_cp_change_state(cp, sp, STATE_STOPPING);
1824 break;
1825 }
1826 }
1827
1828
1829 static void
1830 sppp_close_event(const struct cp *cp, struct sppp *sp)
1831 {
1832 STDDCL;
1833
1834 if (debug)
1835 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n",
1836 SPP_ARGS(ifp), cp->name,
1837 sppp_state_name(sp->state[cp->protoidx]));
1838
1839 switch (sp->state[cp->protoidx]) {
1840 case STATE_INITIAL:
1841 case STATE_CLOSED:
1842 case STATE_CLOSING:
1843 break;
1844 case STATE_STARTING:
1845 (cp->tlf)(sp);
1846 sppp_cp_change_state(cp, sp, STATE_INITIAL);
1847 break;
1848 case STATE_STOPPED:
1849 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1850 break;
1851 case STATE_STOPPING:
1852 sppp_cp_change_state(cp, sp, STATE_CLOSING);
1853 break;
1854 case STATE_OPENED:
1855 (cp->tld)(sp);
1856 /* fall through */
1857 case STATE_REQ_SENT:
1858 case STATE_ACK_RCVD:
1859 case STATE_ACK_SENT:
1860 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate;
1861 sppp_cp_send(sp, cp->proto, TERM_REQ,
1862 ++sp->pp_seq[cp->protoidx], 0, 0);
1863 sppp_cp_change_state(cp, sp, STATE_CLOSING);
1864 break;
1865 }
1866 }
1867
1868 static void
1869 sppp_to_event(const struct cp *cp, struct sppp *sp)
1870 {
1871 STDDCL;
1872 int s;
1873
1874 s = splnet();
1875 if (debug)
1876 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n",
1877 SPP_ARGS(ifp), cp->name,
1878 sppp_state_name(sp->state[cp->protoidx]),
1879 sp->rst_counter[cp->protoidx]);
1880
1881 if (--sp->rst_counter[cp->protoidx] < 0)
1882 /* TO- event */
1883 switch (sp->state[cp->protoidx]) {
1884 case STATE_CLOSING:
1885 (cp->tlf)(sp);
1886 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1887 sppp_lcp_check_and_close(sp);
1888 break;
1889 case STATE_STOPPING:
1890 (cp->tlf)(sp);
1891 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1892 sppp_lcp_check_and_close(sp);
1893 break;
1894 case STATE_REQ_SENT:
1895 case STATE_ACK_RCVD:
1896 case STATE_ACK_SENT:
1897 (cp->tlf)(sp);
1898 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1899 sppp_lcp_check_and_close(sp);
1900 break;
1901 }
1902 else
1903 /* TO+ event */
1904 switch (sp->state[cp->protoidx]) {
1905 case STATE_CLOSING:
1906 case STATE_STOPPING:
1907 sppp_cp_send(sp, cp->proto, TERM_REQ,
1908 ++sp->pp_seq[cp->protoidx], 0, 0);
1909 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout,
1910 cp->TO, sp);
1911 break;
1912 case STATE_REQ_SENT:
1913 case STATE_ACK_RCVD:
1914 (cp->scr)(sp);
1915 /* sppp_cp_change_state() will restart the timer */
1916 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1917 break;
1918 case STATE_ACK_SENT:
1919 (cp->scr)(sp);
1920 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout,
1921 cp->TO, sp);
1922 break;
1923 }
1924
1925 splx(s);
1926 }
1927
1928 /*
1929 * Change the state of a control protocol in the state automaton.
1930 * Takes care of starting/stopping the restart timer.
1931 */
1932 void
1933 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate)
1934 {
1935 sp->state[cp->protoidx] = newstate;
1936 callout_stop(&sp->ch[cp->protoidx]);
1937 switch (newstate) {
1938 case STATE_INITIAL:
1939 case STATE_STARTING:
1940 case STATE_CLOSED:
1941 case STATE_STOPPED:
1942 case STATE_OPENED:
1943 break;
1944 case STATE_CLOSING:
1945 case STATE_STOPPING:
1946 case STATE_REQ_SENT:
1947 case STATE_ACK_RCVD:
1948 case STATE_ACK_SENT:
1949 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout,
1950 cp->TO, sp);
1951 break;
1952 }
1953 }
1954 �/*
1955 *--------------------------------------------------------------------------*
1956 * *
1957 * The LCP implementation. *
1958 * *
1959 *--------------------------------------------------------------------------*
1960 */
1961 static void
1962 sppp_lcp_init(struct sppp *sp)
1963 {
1964 sp->lcp.opts = (1 << LCP_OPT_MAGIC);
1965 sp->lcp.magic = 0;
1966 sp->state[IDX_LCP] = STATE_INITIAL;
1967 sp->fail_counter[IDX_LCP] = 0;
1968 sp->pp_seq[IDX_LCP] = 0;
1969 sp->pp_rseq[IDX_LCP] = 0;
1970 sp->lcp.protos = 0;
1971 sp->lcp.mru = sp->lcp.their_mru = PP_MTU;
1972
1973 /*
1974 * Initialize counters and timeout values. Note that we don't
1975 * use the 3 seconds suggested in RFC 1661 since we are likely
1976 * running on a fast link. XXX We should probably implement
1977 * the exponential backoff option. Note that these values are
1978 * relevant for all control protocols, not just LCP only.
1979 */
1980 sp->lcp.timeout = 1 * hz;
1981 sp->lcp.max_terminate = 2;
1982 sp->lcp.max_configure = 10;
1983 sp->lcp.max_failure = 10;
1984 callout_init(&sp->ch[IDX_LCP]);
1985 }
1986
1987 static void
1988 sppp_lcp_up(struct sppp *sp)
1989 {
1990 STDDCL;
1991
1992 /*
1993 * If this interface is passive or dial-on-demand, and we are
1994 * still in Initial state, it means we've got an incoming
1995 * call. Activate the interface.
1996 */
1997 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) {
1998 if (debug)
1999 log(LOG_DEBUG,
2000 SPP_FMT "Up event", SPP_ARGS(ifp));
2001 ifp->if_flags |= IFF_RUNNING;
2002 if (sp->state[IDX_LCP] == STATE_INITIAL) {
2003 if (debug)
2004 addlog("(incoming call)\n");
2005 sp->pp_flags |= PP_CALLIN;
2006 lcp.Open(sp);
2007 } else if (debug)
2008 addlog("\n");
2009 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 &&
2010 (sp->state[IDX_LCP] == STATE_INITIAL)) {
2011 ifp->if_flags |= IFF_RUNNING;
2012 lcp.Open(sp);
2013 }
2014
2015 sppp_up_event(&lcp, sp);
2016 }
2017
2018 static void
2019 sppp_lcp_down(struct sppp *sp)
2020 {
2021 STDDCL;
2022
2023 sppp_down_event(&lcp, sp);
2024
2025 /*
2026 * If this is neither a dial-on-demand nor a passive
2027 * interface, simulate an ``ifconfig down'' action, so the
2028 * administrator can force a redial by another ``ifconfig
2029 * up''. XXX For leased line operation, should we immediately
2030 * try to reopen the connection here?
2031 */
2032 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) {
2033 log(LOG_INFO,
2034 SPP_FMT "Down event (carrier loss), taking interface down.\n",
2035 SPP_ARGS(ifp));
2036 if_down(ifp);
2037 } else {
2038 if (debug)
2039 log(LOG_DEBUG,
2040 SPP_FMT "Down event (carrier loss)\n",
2041 SPP_ARGS(ifp));
2042 }
2043 sp->pp_flags &= ~PP_CALLIN;
2044 if (sp->state[IDX_LCP] != STATE_INITIAL)
2045 lcp.Close(sp);
2046 ifp->if_flags &= ~IFF_RUNNING;
2047 }
2048
2049 static void
2050 sppp_lcp_open(struct sppp *sp)
2051 {
2052 /*
2053 * If we are authenticator, negotiate LCP_AUTH
2054 */
2055 if (sp->hisauth.proto != 0)
2056 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO);
2057 else
2058 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
2059 sp->pp_flags &= ~PP_NEEDAUTH;
2060 sppp_open_event(&lcp, sp);
2061 }
2062
2063 static void
2064 sppp_lcp_close(struct sppp *sp)
2065 {
2066 sppp_close_event(&lcp, sp);
2067 }
2068
2069 static void
2070 sppp_lcp_TO(void *cookie)
2071 {
2072 sppp_to_event(&lcp, (struct sppp *)cookie);
2073 }
2074
2075 /*
2076 * Analyze a configure request. Return true if it was agreeable, and
2077 * caused action sca, false if it has been rejected or nak'ed, and
2078 * caused action scn. (The return value is used to make the state
2079 * transition decision in the state automaton.)
2080 */
2081 static int
2082 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
2083 {
2084 STDDCL;
2085 u_char *buf, *r, *p;
2086 int origlen, rlen;
2087 u_int32_t nmagic;
2088 u_short authproto;
2089
2090 len -= 4;
2091 origlen = len;
2092 buf = r = malloc (len, M_TEMP, M_NOWAIT);
2093 if (! buf)
2094 return (0);
2095
2096 if (debug)
2097 log(LOG_DEBUG, SPP_FMT "lcp parse opts:",
2098 SPP_ARGS(ifp));
2099
2100 /* pass 1: check for things that need to be rejected */
2101 p = (void*) (h+1);
2102 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2103 if (debug)
2104 addlog(" %s", sppp_lcp_opt_name(*p));
2105 switch (*p) {
2106 case LCP_OPT_MAGIC:
2107 /* Magic number. */
2108 /* fall through, both are same length */
2109 case LCP_OPT_ASYNC_MAP:
2110 /* Async control character map. */
2111 if (len >= 6 || p[1] == 6)
2112 continue;
2113 if (debug)
2114 addlog(" [invalid]");
2115 break;
2116 case LCP_OPT_MRU:
2117 /* Maximum receive unit. */
2118 if (len >= 4 && p[1] == 4)
2119 continue;
2120 if (debug)
2121 addlog(" [invalid]");
2122 break;
2123 case LCP_OPT_AUTH_PROTO:
2124 if (len < 4) {
2125 if (debug)
2126 addlog(" [invalid]");
2127 break;
2128 }
2129 authproto = (p[2] << 8) + p[3];
2130 if (authproto == PPP_CHAP && p[1] != 5) {
2131 if (debug)
2132 addlog(" [invalid chap len]");
2133 break;
2134 }
2135 if (sp->myauth.proto == 0) {
2136 /* we are not configured to do auth */
2137 if (debug)
2138 addlog(" [not configured]");
2139 break;
2140 }
2141 /*
2142 * Remote want us to authenticate, remember this,
2143 * so we stay in PHASE_AUTHENTICATE after LCP got
2144 * up.
2145 */
2146 sp->pp_flags |= PP_NEEDAUTH;
2147 continue;
2148 default:
2149 /* Others not supported. */
2150 if (debug)
2151 addlog(" [rej]");
2152 break;
2153 }
2154 /* Add the option to rejected list. */
2155 bcopy (p, r, p[1]);
2156 r += p[1];
2157 rlen += p[1];
2158 }
2159 if (rlen) {
2160 if (debug)
2161 addlog(" send conf-rej\n");
2162 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
2163 goto end;
2164 } else if (debug)
2165 addlog("\n");
2166
2167 /*
2168 * pass 2: check for option values that are unacceptable and
2169 * thus require to be nak'ed.
2170 */
2171 if (debug)
2172 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ",
2173 SPP_ARGS(ifp));
2174
2175 p = (void*) (h+1);
2176 len = origlen;
2177 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2178 if (debug)
2179 addlog(" %s", sppp_lcp_opt_name(*p));
2180 switch (*p) {
2181 case LCP_OPT_MAGIC:
2182 /* Magic number -- extract. */
2183 nmagic = (u_int32_t)p[2] << 24 |
2184 (u_int32_t)p[3] << 16 | p[4] << 8 | p[5];
2185 if (nmagic != sp->lcp.magic) {
2186 if (debug)
2187 addlog(" 0x%x", nmagic);
2188 continue;
2189 }
2190 /*
2191 * Local and remote magics equal -- loopback?
2192 */
2193 if (sp->pp_loopcnt >= MAXALIVECNT*5) {
2194 printf (SPP_FMT "loopback\n",
2195 SPP_ARGS(ifp));
2196 sp->pp_loopcnt = 0;
2197 if (ifp->if_flags & IFF_UP) {
2198 if_down(ifp);
2199 IF_PURGE(&sp->pp_cpq);
2200 /* XXX ? */
2201 lcp.Down(sp);
2202 lcp.Up(sp);
2203 }
2204 } else if (debug)
2205 addlog(" [glitch]");
2206 ++sp->pp_loopcnt;
2207 /*
2208 * We negate our magic here, and NAK it. If
2209 * we see it later in an NAK packet, we
2210 * suggest a new one.
2211 */
2212 nmagic = ~sp->lcp.magic;
2213 /* Gonna NAK it. */
2214 p[2] = nmagic >> 24;
2215 p[3] = nmagic >> 16;
2216 p[4] = nmagic >> 8;
2217 p[5] = nmagic;
2218 break;
2219
2220 case LCP_OPT_ASYNC_MAP:
2221 /* Async control character map -- check to be zero. */
2222 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) {
2223 if (debug)
2224 addlog(" [empty]");
2225 continue;
2226 }
2227 if (debug)
2228 addlog(" [non-empty]");
2229 /* suggest a zero one */
2230 p[2] = p[3] = p[4] = p[5] = 0;
2231 break;
2232
2233 case LCP_OPT_MRU:
2234 /*
2235 * Maximum receive unit. Always agreeable,
2236 * but ignored by now.
2237 */
2238 sp->lcp.their_mru = p[2] * 256 + p[3];
2239 if (debug)
2240 addlog(" %ld", sp->lcp.their_mru);
2241 continue;
2242
2243 case LCP_OPT_AUTH_PROTO:
2244 authproto = (p[2] << 8) + p[3];
2245 if (sp->myauth.proto != authproto) {
2246 /* not agreed, nak */
2247 if (debug)
2248 addlog(" [mine %s != his %s]",
2249 sppp_proto_name(sp->hisauth.proto),
2250 sppp_proto_name(authproto));
2251 p[2] = sp->myauth.proto >> 8;
2252 p[3] = sp->myauth.proto;
2253 break;
2254 }
2255 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) {
2256 if (debug)
2257 addlog(" [chap not MD5]");
2258 p[4] = CHAP_MD5;
2259 break;
2260 }
2261 continue;
2262 }
2263 /* Add the option to nak'ed list. */
2264 bcopy (p, r, p[1]);
2265 r += p[1];
2266 rlen += p[1];
2267 }
2268 if (rlen) {
2269 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) {
2270 if (debug)
2271 addlog(" max_failure (%d) exceeded, "
2272 "send conf-rej\n",
2273 sp->lcp.max_failure);
2274 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
2275 } else {
2276 if (debug)
2277 addlog(" send conf-nak\n");
2278 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf);
2279 }
2280 goto end;
2281 } else {
2282 if (debug)
2283 addlog(" send conf-ack\n");
2284 sp->fail_counter[IDX_LCP] = 0;
2285 sp->pp_loopcnt = 0;
2286 sppp_cp_send (sp, PPP_LCP, CONF_ACK,
2287 h->ident, origlen, h+1);
2288 }
2289
2290 end:
2291 free (buf, M_TEMP);
2292 return (rlen == 0);
2293 }
2294
2295 /*
2296 * Analyze the LCP Configure-Reject option list, and adjust our
2297 * negotiation.
2298 */
2299 static void
2300 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
2301 {
2302 STDDCL;
2303 u_char *buf, *p;
2304
2305 len -= 4;
2306 buf = malloc (len, M_TEMP, M_NOWAIT);
2307 if (!buf)
2308 return;
2309
2310 if (debug)
2311 log(LOG_DEBUG, SPP_FMT "lcp rej opts:",
2312 SPP_ARGS(ifp));
2313
2314 p = (void*) (h+1);
2315 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
2316 if (debug)
2317 addlog(" %s", sppp_lcp_opt_name(*p));
2318 switch (*p) {
2319 case LCP_OPT_MAGIC:
2320 /* Magic number -- can't use it, use 0 */
2321 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC);
2322 sp->lcp.magic = 0;
2323 break;
2324 case LCP_OPT_MRU:
2325 /*
2326 * Should not be rejected anyway, since we only
2327 * negotiate a MRU if explicitly requested by
2328 * peer.
2329 */
2330 sp->lcp.opts &= ~(1 << LCP_OPT_MRU);
2331 break;
2332 case LCP_OPT_AUTH_PROTO:
2333 /*
2334 * Peer doesn't want to authenticate himself,
2335 * deny unless this is a dialout call, and
2336 * AUTHFLAG_NOCALLOUT is set.
2337 */
2338 if ((sp->pp_flags & PP_CALLIN) == 0 &&
2339 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) {
2340 if (debug)
2341 addlog(" [don't insist on auth "
2342 "for callout]");
2343 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
2344 break;
2345 }
2346 if (debug)
2347 addlog("[access denied]\n");
2348 lcp.Close(sp);
2349 break;
2350 }
2351 }
2352 if (debug)
2353 addlog("\n");
2354 free (buf, M_TEMP);
2355 return;
2356 }
2357
2358 /*
2359 * Analyze the LCP Configure-NAK option list, and adjust our
2360 * negotiation.
2361 */
2362 static void
2363 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
2364 {
2365 STDDCL;
2366 u_char *buf, *p;
2367 u_int32_t magic;
2368
2369 len -= 4;
2370 buf = malloc (len, M_TEMP, M_NOWAIT);
2371 if (!buf)
2372 return;
2373
2374 if (debug)
2375 log(LOG_DEBUG, SPP_FMT "lcp nak opts:",
2376 SPP_ARGS(ifp));
2377
2378 p = (void*) (h+1);
2379 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
2380 if (debug)
2381 addlog(" %s", sppp_lcp_opt_name(*p));
2382 switch (*p) {
2383 case LCP_OPT_MAGIC:
2384 /* Magic number -- renegotiate */
2385 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) &&
2386 len >= 6 && p[1] == 6) {
2387 magic = (u_int32_t)p[2] << 24 |
2388 (u_int32_t)p[3] << 16 | p[4] << 8 | p[5];
2389 /*
2390 * If the remote magic is our negated one,
2391 * this looks like a loopback problem.
2392 * Suggest a new magic to make sure.
2393 */
2394 if (magic == ~sp->lcp.magic) {
2395 if (debug)
2396 addlog(" magic glitch");
2397 sp->lcp.magic = random();
2398 } else {
2399 sp->lcp.magic = magic;
2400 if (debug)
2401 addlog(" %d", magic);
2402 }
2403 }
2404 break;
2405 case LCP_OPT_MRU:
2406 /*
2407 * Peer wants to advise us to negotiate an MRU.
2408 * Agree on it if it's reasonable, or use
2409 * default otherwise.
2410 */
2411 if (len >= 4 && p[1] == 4) {
2412 u_int mru = p[2] * 256 + p[3];
2413 if (debug)
2414 addlog(" %d", mru);
2415 if (mru < PP_MTU || mru > PP_MAX_MRU)
2416 mru = PP_MTU;
2417 sp->lcp.mru = mru;
2418 sp->lcp.opts |= (1 << LCP_OPT_MRU);
2419 }
2420 break;
2421 case LCP_OPT_AUTH_PROTO:
2422 /*
2423 * Peer doesn't like our authentication method,
2424 * deny.
2425 */
2426 if (debug)
2427 addlog("[access denied]\n");
2428 lcp.Close(sp);
2429 break;
2430 }
2431 }
2432 if (debug)
2433 addlog("\n");
2434 free (buf, M_TEMP);
2435 return;
2436 }
2437
2438 static void
2439 sppp_lcp_tlu(struct sppp *sp)
2440 {
2441 STDDCL;
2442 int i;
2443 u_int32_t mask;
2444
2445 /* XXX ? */
2446 if (! (ifp->if_flags & IFF_UP) &&
2447 (ifp->if_flags & IFF_RUNNING)) {
2448 /* Coming out of loopback mode. */
2449 if_up(ifp);
2450 printf (SPP_FMT "up\n", SPP_ARGS(ifp));
2451 }
2452
2453 for (i = 0; i < IDX_COUNT; i++)
2454 if ((cps[i])->flags & CP_QUAL)
2455 (cps[i])->Open(sp);
2456
2457 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 ||
2458 (sp->pp_flags & PP_NEEDAUTH) != 0)
2459 sp->pp_phase = PHASE_AUTHENTICATE;
2460 else
2461 sp->pp_phase = PHASE_NETWORK;
2462
2463 if(debug)
2464 {
2465 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
2466 sppp_phase_name(sp->pp_phase));
2467 }
2468
2469 /*
2470 * Open all authentication protocols. This is even required
2471 * if we already proceeded to network phase, since it might be
2472 * that remote wants us to authenticate, so we might have to
2473 * send a PAP request. Undesired authentication protocols
2474 * don't do anything when they get an Open event.
2475 */
2476 for (i = 0; i < IDX_COUNT; i++)
2477 if ((cps[i])->flags & CP_AUTH)
2478 (cps[i])->Open(sp);
2479
2480 if (sp->pp_phase == PHASE_NETWORK) {
2481 /* Notify all NCPs. */
2482 for (i = 0; i < IDX_COUNT; i++)
2483 if ((cps[i])->flags & CP_NCP)
2484 (cps[i])->Open(sp);
2485 }
2486
2487 /* Send Up events to all started protos. */
2488 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2489 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0)
2490 (cps[i])->Up(sp);
2491
2492 /* notify low-level driver of state change */
2493 if (sp->pp_chg)
2494 sp->pp_chg(sp, (int)sp->pp_phase);
2495
2496 if (sp->pp_phase == PHASE_NETWORK)
2497 /* if no NCP is starting, close down */
2498 sppp_lcp_check_and_close(sp);
2499 }
2500
2501 static void
2502 sppp_lcp_tld(struct sppp *sp)
2503 {
2504 STDDCL;
2505 int i;
2506 u_int32_t mask;
2507
2508 sp->pp_phase = PHASE_TERMINATE;
2509
2510 if(debug)
2511 {
2512 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
2513 sppp_phase_name(sp->pp_phase));
2514 }
2515
2516 /*
2517 * Take upper layers down. We send the Down event first and
2518 * the Close second to prevent the upper layers from sending
2519 * ``a flurry of terminate-request packets'', as the RFC
2520 * describes it.
2521 */
2522 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2523 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) {
2524 (cps[i])->Down(sp);
2525 (cps[i])->Close(sp);
2526 }
2527 }
2528
2529 static void
2530 sppp_lcp_tls(struct sppp *sp)
2531 {
2532 STDDCL;
2533
2534 sp->pp_phase = PHASE_ESTABLISH;
2535
2536 if(debug)
2537 {
2538 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
2539 sppp_phase_name(sp->pp_phase));
2540 }
2541
2542 /* Notify lower layer if desired. */
2543 if (sp->pp_tls)
2544 (sp->pp_tls)(sp);
2545 }
2546
2547 static void
2548 sppp_lcp_tlf(struct sppp *sp)
2549 {
2550 STDDCL;
2551
2552 sp->pp_phase = PHASE_DEAD;
2553
2554 if(debug)
2555 {
2556 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
2557 sppp_phase_name(sp->pp_phase));
2558 }
2559
2560 /* Notify lower layer if desired. */
2561 if (sp->pp_tlf)
2562 (sp->pp_tlf)(sp);
2563 }
2564
2565 static void
2566 sppp_lcp_scr(struct sppp *sp)
2567 {
2568 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */];
2569 int i = 0;
2570 u_short authproto;
2571
2572 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) {
2573 if (! sp->lcp.magic)
2574 sp->lcp.magic = random();
2575 opt[i++] = LCP_OPT_MAGIC;
2576 opt[i++] = 6;
2577 opt[i++] = sp->lcp.magic >> 24;
2578 opt[i++] = sp->lcp.magic >> 16;
2579 opt[i++] = sp->lcp.magic >> 8;
2580 opt[i++] = sp->lcp.magic;
2581 }
2582
2583 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) {
2584 opt[i++] = LCP_OPT_MRU;
2585 opt[i++] = 4;
2586 opt[i++] = sp->lcp.mru >> 8;
2587 opt[i++] = sp->lcp.mru;
2588 }
2589
2590 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) {
2591 authproto = sp->hisauth.proto;
2592 opt[i++] = LCP_OPT_AUTH_PROTO;
2593 opt[i++] = authproto == PPP_CHAP? 5: 4;
2594 opt[i++] = authproto >> 8;
2595 opt[i++] = authproto;
2596 if (authproto == PPP_CHAP)
2597 opt[i++] = CHAP_MD5;
2598 }
2599
2600 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP];
2601 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt);
2602 }
2603
2604 /*
2605 * Check the open NCPs, return true if at least one NCP is open.
2606 */
2607 static int
2608 sppp_ncp_check(struct sppp *sp)
2609 {
2610 int i, mask;
2611
2612 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2613 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP)
2614 return 1;
2615 return 0;
2616 }
2617
2618 /*
2619 * Re-check the open NCPs and see if we should terminate the link.
2620 * Called by the NCPs during their tlf action handling.
2621 */
2622 static void
2623 sppp_lcp_check_and_close(struct sppp *sp)
2624 {
2625
2626 if (sp->pp_phase < PHASE_NETWORK)
2627 /* don't bother, we are already going down */
2628 return;
2629
2630 if (sppp_ncp_check(sp))
2631 return;
2632
2633 lcp.Close(sp);
2634 }
2635
2636
2637 �/*
2638 *--------------------------------------------------------------------------*
2639 * *
2640 * The IPCP implementation. *
2641 * *
2642 *--------------------------------------------------------------------------*
2643 */
2644
2645 static void
2646 sppp_ipcp_init(struct sppp *sp)
2647 {
2648 sp->ipcp.opts = 0;
2649 sp->ipcp.flags = 0;
2650 sp->state[IDX_IPCP] = STATE_INITIAL;
2651 sp->fail_counter[IDX_IPCP] = 0;
2652 sp->pp_seq[IDX_IPCP] = 0;
2653 sp->pp_rseq[IDX_IPCP] = 0;
2654 callout_init(&sp->ch[IDX_IPCP]);
2655 }
2656
2657 static void
2658 sppp_ipcp_up(struct sppp *sp)
2659 {
2660 sppp_up_event(&ipcp, sp);
2661 }
2662
2663 static void
2664 sppp_ipcp_down(struct sppp *sp)
2665 {
2666 sppp_down_event(&ipcp, sp);
2667 }
2668
2669 static void
2670 sppp_ipcp_open(struct sppp *sp)
2671 {
2672 STDDCL;
2673 u_int32_t myaddr, hisaddr;
2674
2675 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN|IPCP_HISADDR_DYN);
2676 sp->ipcp.req_myaddr = 0;
2677 sp->ipcp.req_hisaddr = 0;
2678
2679 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0);
2680 /*
2681 * If we don't have his address, this probably means our
2682 * interface doesn't want to talk IP at all. (This could
2683 * be the case if somebody wants to speak only IPX, for
2684 * example.) Don't open IPCP in this case.
2685 */
2686 if (hisaddr == 0L) {
2687 /* XXX this message should go away */
2688 if (debug)
2689 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n",
2690 SPP_ARGS(ifp));
2691 return;
2692 }
2693
2694 if (myaddr == 0) {
2695 /*
2696 * I don't have an assigned address, so i need to
2697 * negotiate my address.
2698 */
2699 sp->ipcp.flags |= IPCP_MYADDR_DYN;
2700 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
2701 }
2702 if (hisaddr == 1) {
2703 /*
2704 * XXX - remove this hack!
2705 * remote has no valid adress, we need to get one assigned.
2706 */
2707 sp->ipcp.flags |= IPCP_HISADDR_DYN;
2708 }
2709 sppp_open_event(&ipcp, sp);
2710 }
2711
2712 static void
2713 sppp_ipcp_close(struct sppp *sp)
2714 {
2715 sppp_close_event(&ipcp, sp);
2716 if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN))
2717 /*
2718 * Some address was dynamic, clear it again.
2719 */
2720 sppp_clear_ip_addrs(sp);
2721 }
2722
2723 static void
2724 sppp_ipcp_TO(void *cookie)
2725 {
2726 sppp_to_event(&ipcp, (struct sppp *)cookie);
2727 }
2728
2729 /*
2730 * Analyze a configure request. Return true if it was agreeable, and
2731 * caused action sca, false if it has been rejected or nak'ed, and
2732 * caused action scn. (The return value is used to make the state
2733 * transition decision in the state automaton.)
2734 */
2735 static int
2736 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
2737 {
2738 u_char *buf, *r, *p;
2739 struct ifnet *ifp = &sp->pp_if;
2740 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG;
2741 u_int32_t hisaddr, desiredaddr;
2742
2743 len -= 4;
2744 origlen = len;
2745 /*
2746 * Make sure to allocate a buf that can at least hold a
2747 * conf-nak with an `address' option. We might need it below.
2748 */
2749 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT);
2750 if (! buf)
2751 return (0);
2752
2753 /* pass 1: see if we can recognize them */
2754 if (debug)
2755 log(LOG_DEBUG, SPP_FMT "ipcp parse opts:",
2756 SPP_ARGS(ifp));
2757 p = (void*) (h+1);
2758 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2759 if (debug)
2760 addlog(" %s", sppp_ipcp_opt_name(*p));
2761 switch (*p) {
2762 #ifdef notyet
2763 case IPCP_OPT_COMPRESSION:
2764 if (len >= 6 && p[1] >= 6) {
2765 /* correctly formed compress option */
2766 continue;
2767 }
2768 if (debug)
2769 addlog(" [invalid]");
2770 break;
2771 #endif
2772 case IPCP_OPT_ADDRESS:
2773 if (len >= 6 && p[1] == 6) {
2774 /* correctly formed address option */
2775 continue;
2776 }
2777 if (debug)
2778 addlog(" [invalid]");
2779 break;
2780 default:
2781 /* Others not supported. */
2782 if (debug)
2783 addlog(" [rej]");
2784 break;
2785 }
2786 /* Add the option to rejected list. */
2787 bcopy (p, r, p[1]);
2788 r += p[1];
2789 rlen += p[1];
2790 }
2791 if (rlen) {
2792 if (debug)
2793 addlog(" send conf-rej\n");
2794 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf);
2795 goto end;
2796 } else if (debug)
2797 addlog("\n");
2798
2799 /* pass 2: parse option values */
2800 if (sp->ipcp.flags & IPCP_HISADDR_SEEN)
2801 hisaddr = sp->ipcp.req_hisaddr; /* we already aggreed on that */
2802 else
2803 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */
2804 if (debug)
2805 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ",
2806 SPP_ARGS(ifp));
2807 p = (void*) (h+1);
2808 len = origlen;
2809 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2810 if (debug)
2811 addlog(" %s", sppp_ipcp_opt_name(*p));
2812 switch (*p) {
2813 #ifdef notyet
2814 case IPCP_OPT_COMPRESSION:
2815 continue;
2816 #endif
2817 case IPCP_OPT_ADDRESS:
2818 desiredaddr = p[2] << 24 | p[3] << 16 |
2819 p[4] << 8 | p[5];
2820 if (desiredaddr == hisaddr ||
2821 ((sp->ipcp.flags & IPCP_HISADDR_DYN) && desiredaddr != 0)) {
2822 /*
2823 * Peer's address is same as our value,
2824 * this is agreeable. Gonna conf-ack
2825 * it.
2826 */
2827 if (debug)
2828 addlog(" %s [ack]",
2829 sppp_dotted_quad(hisaddr));
2830 /* record that we've seen it already */
2831 sp->ipcp.flags |= IPCP_HISADDR_SEEN;
2832 sp->ipcp.req_hisaddr = desiredaddr;
2833 hisaddr = desiredaddr;
2834 continue;
2835 }
2836 /*
2837 * The address wasn't agreeable. This is either
2838 * he sent us 0.0.0.0, asking to assign him an
2839 * address, or he send us another address not
2840 * matching our value. Either case, we gonna
2841 * conf-nak it with our value.
2842 */
2843 if (debug) {
2844 if (desiredaddr == 0)
2845 addlog(" [addr requested]");
2846 else
2847 addlog(" %s [not agreed]",
2848 sppp_dotted_quad(desiredaddr));
2849 }
2850
2851 p[2] = hisaddr >> 24;
2852 p[3] = hisaddr >> 16;
2853 p[4] = hisaddr >> 8;
2854 p[5] = hisaddr;
2855 break;
2856 }
2857 /* Add the option to nak'ed list. */
2858 bcopy (p, r, p[1]);
2859 r += p[1];
2860 rlen += p[1];
2861 }
2862
2863 /*
2864 * If we are about to conf-ack the request, but haven't seen
2865 * his address so far, gonna conf-nak it instead, with the
2866 * `address' option present and our idea of his address being
2867 * filled in there, to request negotiation of both addresses.
2868 *
2869 * XXX This can result in an endless req - nak loop if peer
2870 * doesn't want to send us his address. Q: What should we do
2871 * about it? XXX A: implement the max-failure counter.
2872 */
2873 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) {
2874 buf[0] = IPCP_OPT_ADDRESS;
2875 buf[1] = 6;
2876 buf[2] = hisaddr >> 24;
2877 buf[3] = hisaddr >> 16;
2878 buf[4] = hisaddr >> 8;
2879 buf[5] = hisaddr;
2880 rlen = 6;
2881 if (debug)
2882 addlog(" still need hisaddr");
2883 }
2884
2885 if (rlen) {
2886 if (debug)
2887 addlog(" send conf-nak\n");
2888 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf);
2889 } else {
2890 if (debug)
2891 addlog(" send conf-ack\n");
2892 sppp_cp_send (sp, PPP_IPCP, CONF_ACK,
2893 h->ident, origlen, h+1);
2894 }
2895
2896 end:
2897 free (buf, M_TEMP);
2898 return (rlen == 0);
2899 }
2900
2901 /*
2902 * Analyze the IPCP Configure-Reject option list, and adjust our
2903 * negotiation.
2904 */
2905 static void
2906 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
2907 {
2908 u_char *buf, *p;
2909 struct ifnet *ifp = &sp->pp_if;
2910 int debug = ifp->if_flags & IFF_DEBUG;
2911
2912 len -= 4;
2913 buf = malloc (len, M_TEMP, M_NOWAIT);
2914 if (!buf)
2915 return;
2916
2917 if (debug)
2918 log(LOG_DEBUG, SPP_FMT "ipcp rej opts:",
2919 SPP_ARGS(ifp));
2920
2921 p = (void*) (h+1);
2922 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
2923 if (debug)
2924 addlog(" %s", sppp_ipcp_opt_name(*p));
2925 switch (*p) {
2926 case IPCP_OPT_ADDRESS:
2927 /*
2928 * Peer doesn't grok address option. This is
2929 * bad. XXX Should we better give up here?
2930 */
2931 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS);
2932 break;
2933 #ifdef notyet
2934 case IPCP_OPT_COMPRESS:
2935 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS);
2936 break;
2937 #endif
2938 }
2939 }
2940 if (debug)
2941 addlog("\n");
2942 free (buf, M_TEMP);
2943 return;
2944 }
2945
2946 /*
2947 * Analyze the IPCP Configure-NAK option list, and adjust our
2948 * negotiation.
2949 */
2950 static void
2951 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
2952 {
2953 u_char *buf, *p;
2954 struct ifnet *ifp = &sp->pp_if;
2955 int debug = ifp->if_flags & IFF_DEBUG;
2956 u_int32_t wantaddr;
2957
2958 len -= 4;
2959 buf = malloc (len, M_TEMP, M_NOWAIT);
2960 if (!buf)
2961 return;
2962
2963 if (debug)
2964 log(LOG_DEBUG, SPP_FMT "ipcp nak opts:",
2965 SPP_ARGS(ifp));
2966
2967 p = (void*) (h+1);
2968 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
2969 if (debug)
2970 addlog(" %s", sppp_ipcp_opt_name(*p));
2971 switch (*p) {
2972 case IPCP_OPT_ADDRESS:
2973 /*
2974 * Peer doesn't like our local IP address. See
2975 * if we can do something for him. We'll drop
2976 * him our address then.
2977 */
2978 if (len >= 6 && p[1] == 6) {
2979 wantaddr = p[2] << 24 | p[3] << 16 |
2980 p[4] << 8 | p[5];
2981 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
2982 if (debug)
2983 addlog(" [wantaddr %s]",
2984 sppp_dotted_quad(wantaddr));
2985 /*
2986 * When doing dynamic address assignment,
2987 * we accept his offer. Otherwise, we
2988 * ignore it and thus continue to negotiate
2989 * our already existing value.
2990 */
2991 if (sp->ipcp.flags & IPCP_MYADDR_DYN) {
2992 if (debug)
2993 addlog(" [agree]");
2994 sp->ipcp.flags |= IPCP_MYADDR_SEEN;
2995 sp->ipcp.req_myaddr = wantaddr;
2996 }
2997 }
2998 break;
2999 #ifdef notyet
3000 case IPCP_OPT_COMPRESS:
3001 /*
3002 * Peer wants different compression parameters.
3003 */
3004 break;
3005 #endif
3006 }
3007 }
3008 if (debug)
3009 addlog("\n");
3010 free (buf, M_TEMP);
3011 return;
3012 }
3013
3014 static void
3015 sppp_ipcp_tlu(struct sppp *sp)
3016 {
3017 /* we are up. Set addresses and notify anyone interested */
3018 u_int32_t myaddr, hisaddr;
3019 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0);
3020 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && (sp->ipcp.flags & IPCP_MYADDR_SEEN))
3021 myaddr = sp->ipcp.req_myaddr;
3022 if ((sp->ipcp.flags & IPCP_HISADDR_DYN) && (sp->ipcp.flags & IPCP_HISADDR_SEEN))
3023 hisaddr = sp->ipcp.req_hisaddr;
3024 sppp_set_ip_addrs(sp, myaddr, hisaddr);
3025 if (sp->pp_con)
3026 sp->pp_con(sp);
3027 }
3028
3029 static void
3030 sppp_ipcp_tld(struct sppp *sp)
3031 {
3032 }
3033
3034 static void
3035 sppp_ipcp_tls(struct sppp *sp)
3036 {
3037 /* indicate to LCP that it must stay alive */
3038 sp->lcp.protos |= (1 << IDX_IPCP);
3039 }
3040
3041 static void
3042 sppp_ipcp_tlf(struct sppp *sp)
3043 {
3044 /* we no longer need LCP */
3045 sp->lcp.protos &= ~(1 << IDX_IPCP);
3046 }
3047
3048 static void
3049 sppp_ipcp_scr(struct sppp *sp)
3050 {
3051 char opt[6 /* compression */ + 6 /* address */];
3052 u_int32_t ouraddr;
3053 int i = 0;
3054
3055 #ifdef notyet
3056 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) {
3057 opt[i++] = IPCP_OPT_COMPRESSION;
3058 opt[i++] = 6;
3059 opt[i++] = 0; /* VJ header compression */
3060 opt[i++] = 0x2d; /* VJ header compression */
3061 opt[i++] = max_slot_id;
3062 opt[i++] = comp_slot_id;
3063 }
3064 #endif
3065
3066 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) {
3067 if (sp->ipcp.flags & IPCP_MYADDR_SEEN)
3068 ouraddr = sp->ipcp.req_myaddr; /* not sure if this can ever happen */
3069 else
3070 sppp_get_ip_addrs(sp, &ouraddr, 0, 0);
3071 opt[i++] = IPCP_OPT_ADDRESS;
3072 opt[i++] = 6;
3073 opt[i++] = ouraddr >> 24;
3074 opt[i++] = ouraddr >> 16;
3075 opt[i++] = ouraddr >> 8;
3076 opt[i++] = ouraddr;
3077 }
3078
3079 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP];
3080 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt);
3081 }
3082
3083
3084 �/*
3085 *--------------------------------------------------------------------------*
3086 * *
3087 * The IPv6CP implementation. *
3088 * *
3089 *--------------------------------------------------------------------------*
3090 */
3091
3092 #ifdef INET6
3093 static void
3094 sppp_ipv6cp_init(struct sppp *sp)
3095 {
3096 sp->ipv6cp.opts = 0;
3097 sp->ipv6cp.flags = 0;
3098 sp->state[IDX_IPV6CP] = STATE_INITIAL;
3099 sp->fail_counter[IDX_IPV6CP] = 0;
3100 sp->pp_seq[IDX_IPV6CP] = 0;
3101 sp->pp_rseq[IDX_IPV6CP] = 0;
3102 callout_init(&sp->ch[IDX_IPV6CP]);
3103 }
3104
3105 static void
3106 sppp_ipv6cp_up(struct sppp *sp)
3107 {
3108 sppp_up_event(&ipv6cp, sp);
3109 }
3110
3111 static void
3112 sppp_ipv6cp_down(struct sppp *sp)
3113 {
3114 sppp_down_event(&ipv6cp, sp);
3115 }
3116
3117 static void
3118 sppp_ipv6cp_open(struct sppp *sp)
3119 {
3120 STDDCL;
3121 struct in6_addr myaddr, hisaddr;
3122
3123 #ifdef IPV6CP_MYIFID_DYN
3124 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN);
3125 #else
3126 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN;
3127 #endif
3128
3129 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0);
3130 /*
3131 * If we don't have our address, this probably means our
3132 * interface doesn't want to talk IPv6 at all. (This could
3133 * be the case if somebody wants to speak only IPX, for
3134 * example.) Don't open IPv6CP in this case.
3135 */
3136 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) {
3137 /* XXX this message should go away */
3138 if (debug)
3139 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n",
3140 SPP_ARGS(ifp));
3141 return;
3142 }
3143
3144 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN;
3145 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID);
3146 sppp_open_event(&ipv6cp, sp);
3147 }
3148
3149 static void
3150 sppp_ipv6cp_close(struct sppp *sp)
3151 {
3152 sppp_close_event(&ipv6cp, sp);
3153 }
3154
3155 static void
3156 sppp_ipv6cp_TO(void *cookie)
3157 {
3158 sppp_to_event(&ipv6cp, (struct sppp *)cookie);
3159 }
3160
3161 /*
3162 * Analyze a configure request. Return true if it was agreeable, and
3163 * caused action sca, false if it has been rejected or nak'ed, and
3164 * caused action scn. (The return value is used to make the state
3165 * transition decision in the state automaton.)
3166 */
3167 static int
3168 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len)
3169 {
3170 u_char *buf, *r, *p;
3171 struct ifnet *ifp = &sp->pp_if;
3172 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG;
3173 struct in6_addr myaddr, desiredaddr, suggestaddr;
3174 int ifidcount;
3175 int type;
3176 int collision, nohisaddr;
3177
3178 len -= 4;
3179 origlen = len;
3180 /*
3181 * Make sure to allocate a buf that can at least hold a
3182 * conf-nak with an `address' option. We might need it below.
3183 */
3184 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT);
3185 if (! buf)
3186 return (0);
3187
3188 /* pass 1: see if we can recognize them */
3189 if (debug)
3190 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:",
3191 SPP_ARGS(ifp));
3192 p = (void*) (h+1);
3193 ifidcount = 0;
3194 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
3195 if (debug)
3196 addlog(" %s", sppp_ipv6cp_opt_name(*p));
3197 switch (*p) {
3198 case IPV6CP_OPT_IFID:
3199 if (len >= 10 && p[1] == 10 && ifidcount == 0) {
3200 /* correctly formed address option */
3201 ifidcount++;
3202 continue;
3203 }
3204 if (debug)
3205 addlog(" [invalid]");
3206 break;
3207 #ifdef notyet
3208 case IPV6CP_OPT_COMPRESSION:
3209 if (len >= 4 && p[1] >= 4) {
3210 /* correctly formed compress option */
3211 continue;
3212 }
3213 if (debug)
3214 addlog(" [invalid]");
3215 break;
3216 #endif
3217 default:
3218 /* Others not supported. */
3219 if (debug)
3220 addlog(" [rej]");
3221 break;
3222 }
3223 /* Add the option to rejected list. */
3224 bcopy (p, r, p[1]);
3225 r += p[1];
3226 rlen += p[1];
3227 }
3228 if (rlen) {
3229 if (debug)
3230 addlog(" send conf-rej\n");
3231 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf);
3232 goto end;
3233 } else if (debug)
3234 addlog("\n");
3235
3236 /* pass 2: parse option values */
3237 sppp_get_ip6_addrs(sp, &myaddr, 0, 0);
3238 if (debug)
3239 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ",
3240 SPP_ARGS(ifp));
3241 p = (void*) (h+1);
3242 len = origlen;
3243 type = CONF_ACK;
3244 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
3245 if (debug)
3246 addlog(" %s", sppp_ipv6cp_opt_name(*p));
3247 switch (*p) {
3248 #ifdef notyet
3249 case IPV6CP_OPT_COMPRESSION:
3250 continue;
3251 #endif
3252 case IPV6CP_OPT_IFID:
3253 memset(&desiredaddr, 0, sizeof(desiredaddr));
3254 bcopy(&p[2], &desiredaddr.s6_addr[8], 8);
3255 collision = (bcmp(&desiredaddr.s6_addr[8],
3256 &myaddr.s6_addr[8], 8) == 0);
3257 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr);
3258
3259 desiredaddr.s6_addr16[0] = htons(0xfe80);
3260 desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index);
3261
3262 if (!collision && !nohisaddr) {
3263 /* no collision, hisaddr known - Conf-Ack */
3264 type = CONF_ACK;
3265
3266 if (debug) {
3267 addlog(" %s [%s]",
3268 ip6_sprintf(&desiredaddr),
3269 sppp_cp_type_name(type));
3270 }
3271 continue;
3272 }
3273
3274 memset(&suggestaddr, 0, sizeof(&suggestaddr));
3275 if (collision && nohisaddr) {
3276 /* collision, hisaddr unknown - Conf-Rej */
3277 type = CONF_REJ;
3278 memset(&p[2], 0, 8);
3279 } else {
3280 /*
3281 * - no collision, hisaddr unknown, or
3282 * - collision, hisaddr known
3283 * Conf-Nak, suggest hisaddr
3284 */
3285 type = CONF_NAK;
3286 sppp_suggest_ip6_addr(sp, &suggestaddr);
3287 bcopy(&suggestaddr.s6_addr[8], &p[2], 8);
3288 }
3289 if (debug)
3290 addlog(" %s [%s]", ip6_sprintf(&desiredaddr),
3291 sppp_cp_type_name(type));
3292 break;
3293 }
3294 /* Add the option to nak'ed list. */
3295 bcopy (p, r, p[1]);
3296 r += p[1];
3297 rlen += p[1];
3298 }
3299
3300 if (rlen == 0 && type == CONF_ACK) {
3301 if (debug)
3302 addlog(" send %s\n", sppp_cp_type_name(type));
3303 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1);
3304 } else {
3305 #ifdef DIAGNOSTIC
3306 if (type == CONF_ACK)
3307 panic("IPv6CP RCR: CONF_ACK with non-zero rlen");
3308 #endif
3309
3310 if (debug) {
3311 addlog(" send %s suggest %s\n",
3312 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr));
3313 }
3314 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf);
3315 }
3316
3317 end:
3318 free (buf, M_TEMP);
3319 return (rlen == 0);
3320 }
3321
3322 /*
3323 * Analyze the IPv6CP Configure-Reject option list, and adjust our
3324 * negotiation.
3325 */
3326 static void
3327 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
3328 {
3329 u_char *buf, *p;
3330 struct ifnet *ifp = &sp->pp_if;
3331 int debug = ifp->if_flags & IFF_DEBUG;
3332
3333 len -= 4;
3334 buf = malloc (len, M_TEMP, M_NOWAIT);
3335 if (!buf)
3336 return;
3337
3338 if (debug)
3339 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:",
3340 SPP_ARGS(ifp));
3341
3342 p = (void*) (h+1);
3343 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
3344 if (debug)
3345 addlog(" %s", sppp_ipv6cp_opt_name(*p));
3346 switch (*p) {
3347 case IPV6CP_OPT_IFID:
3348 /*
3349 * Peer doesn't grok address option. This is
3350 * bad. XXX Should we better give up here?
3351 */
3352 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID);
3353 break;
3354 #ifdef notyet
3355 case IPV6CP_OPT_COMPRESS:
3356 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS);
3357 break;
3358 #endif
3359 }
3360 }
3361 if (debug)
3362 addlog("\n");
3363 free (buf, M_TEMP);
3364 return;
3365 }
3366
3367 /*
3368 * Analyze the IPv6CP Configure-NAK option list, and adjust our
3369 * negotiation.
3370 */
3371 static void
3372 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
3373 {
3374 u_char *buf, *p;
3375 struct ifnet *ifp = &sp->pp_if;
3376 int debug = ifp->if_flags & IFF_DEBUG;
3377 struct in6_addr suggestaddr;
3378
3379 len -= 4;
3380 buf = malloc (len, M_TEMP, M_NOWAIT);
3381 if (!buf)
3382 return;
3383
3384 if (debug)
3385 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:",
3386 SPP_ARGS(ifp));
3387
3388 p = (void*) (h+1);
3389 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
3390 if (debug)
3391 addlog(" %s", sppp_ipv6cp_opt_name(*p));
3392 switch (*p) {
3393 case IPV6CP_OPT_IFID:
3394 /*
3395 * Peer doesn't like our local ifid. See
3396 * if we can do something for him. We'll drop
3397 * him our address then.
3398 */
3399 if (len < 10 || p[1] != 10)
3400 break;
3401 memset(&suggestaddr, 0, sizeof(suggestaddr));
3402 suggestaddr.s6_addr16[0] = htons(0xfe80);
3403 suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index);
3404 bcopy(&p[2], &suggestaddr.s6_addr[8], 8);
3405
3406 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID);
3407 if (debug)
3408 addlog(" [suggestaddr %s]",
3409 ip6_sprintf(&suggestaddr));
3410 #ifdef IPV6CP_MYIFID_DYN
3411 /*
3412 * When doing dynamic address assignment,
3413 * we accept his offer.
3414 */
3415 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) {
3416 struct in6_addr lastsuggest;
3417 /*
3418 * If <suggested myaddr from peer> equals to
3419 * <hisaddr we have suggested last time>,
3420 * we have a collision. generate new random
3421 * ifid.
3422 */
3423 sppp_suggest_ip6_addr(&lastsuggest);
3424 if (IN6_ARE_ADDR_EQUAL(&suggestaddr,
3425 lastsuggest)) {
3426 if (debug)
3427 addlog(" [random]");
3428 sppp_gen_ip6_addr(sp, &suggestaddr);
3429 }
3430 sppp_set_ip6_addr(sp, &suggestaddr, 0);
3431 if (debug)
3432 addlog(" [agree]");
3433 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN;
3434 }
3435 #else
3436 /*
3437 * Since we do not do dynamic address assignment,
3438 * we ignore it and thus continue to negotiate
3439 * our already existing value. This can possibly
3440 * go into infinite request-reject loop.
3441 *
3442 * This is not likely because we normally use
3443 * ifid based on MAC-address.
3444 * If you have no ethernet card on the node, too bad.
3445 * XXX should we use fail_counter?
3446 */
3447 #endif
3448 break;
3449 #ifdef notyet
3450 case IPV6CP_OPT_COMPRESS:
3451 /*
3452 * Peer wants different compression parameters.
3453 */
3454 break;
3455 #endif
3456 }
3457 }
3458 if (debug)
3459 addlog("\n");
3460 free (buf, M_TEMP);
3461 return;
3462 }
3463
3464 static void
3465 sppp_ipv6cp_tlu(struct sppp *sp)
3466 {
3467 /* we are up - notify isdn daemon */
3468 if (sp->pp_con)
3469 sp->pp_con(sp);
3470 }
3471
3472 static void
3473 sppp_ipv6cp_tld(struct sppp *sp)
3474 {
3475 }
3476
3477 static void
3478 sppp_ipv6cp_tls(struct sppp *sp)
3479 {
3480 /* indicate to LCP that it must stay alive */
3481 sp->lcp.protos |= (1 << IDX_IPV6CP);
3482 }
3483
3484 static void
3485 sppp_ipv6cp_tlf(struct sppp *sp)
3486 {
3487 /* we no longer need LCP */
3488 sp->lcp.protos &= ~(1 << IDX_IPV6CP);
3489 }
3490
3491 static void
3492 sppp_ipv6cp_scr(struct sppp *sp)
3493 {
3494 char opt[10 /* ifid */ + 4 /* compression, minimum */];
3495 struct in6_addr ouraddr;
3496 int i = 0;
3497
3498 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) {
3499 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0);
3500 opt[i++] = IPV6CP_OPT_IFID;
3501 opt[i++] = 10;
3502 bcopy(&ouraddr.s6_addr[8], &opt[i], 8);
3503 i += 8;
3504 }
3505
3506 #ifdef notyet
3507 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) {
3508 opt[i++] = IPV6CP_OPT_COMPRESSION;
3509 opt[i++] = 4;
3510 opt[i++] = 0; /* TBD */
3511 opt[i++] = 0; /* TBD */
3512 /* variable length data may follow */
3513 }
3514 #endif
3515
3516 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP];
3517 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt);
3518 }
3519 #else /*INET6*/
3520 static void sppp_ipv6cp_init(struct sppp *sp)
3521 {
3522 }
3523
3524 static void sppp_ipv6cp_up(struct sppp *sp)
3525 {
3526 }
3527
3528 static void sppp_ipv6cp_down(struct sppp *sp)
3529 {
3530 }
3531
3532
3533 static void sppp_ipv6cp_open(struct sppp *sp)
3534 {
3535 }
3536
3537 static void sppp_ipv6cp_close(struct sppp *sp)
3538 {
3539 }
3540
3541 static void sppp_ipv6cp_TO(void *sp)
3542 {
3543 }
3544
3545 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len)
3546 {
3547 return 0;
3548 }
3549
3550 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
3551 {
3552 }
3553
3554 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
3555 {
3556 }
3557
3558 static void sppp_ipv6cp_tlu(struct sppp *sp)
3559 {
3560 }
3561
3562 static void sppp_ipv6cp_tld(struct sppp *sp)
3563 {
3564 }
3565
3566 static void sppp_ipv6cp_tls(struct sppp *sp)
3567 {
3568 }
3569
3570 static void sppp_ipv6cp_tlf(struct sppp *sp)
3571 {
3572 }
3573
3574 static void sppp_ipv6cp_scr(struct sppp *sp)
3575 {
3576 }
3577 #endif /*INET6*/
3578
3579
3580 �/*
3581 *--------------------------------------------------------------------------*
3582 * *
3583 * The CHAP implementation. *
3584 * *
3585 *--------------------------------------------------------------------------*
3586 */
3587
3588 /*
3589 * The authentication protocols don't employ a full-fledged state machine as
3590 * the control protocols do, since they do have Open and Close events, but
3591 * not Up and Down, nor are they explicitly terminated. Also, use of the
3592 * authentication protocols may be different in both directions (this makes
3593 * sense, think of a machine that never accepts incoming calls but only
3594 * calls out, it doesn't require the called party to authenticate itself).
3595 *
3596 * Our state machine for the local authentication protocol (we are requesting
3597 * the peer to authenticate) looks like:
3598 *
3599 * RCA-
3600 * +--------------------------------------------+
3601 * V scn,tld|
3602 * +--------+ Close +---------+ RCA+
3603 * | |<----------------------------------| |------+
3604 * +--->| Closed | TO* | Opened | sca |
3605 * | | |-----+ +-------| |<-----+
3606 * | +--------+ irc | | +---------+
3607 * | ^ | | ^
3608 * | | | | |
3609 * | | | | |
3610 * | TO-| | | |
3611 * | |tld TO+ V | |
3612 * | | +------->+ | |
3613 * | | | | | |
3614 * | +--------+ V | |
3615 * | | |<----+<--------------------+ |
3616 * | | Req- | scr |
3617 * | | Sent | |
3618 * | | | |
3619 * | +--------+ |
3620 * | RCA- | | RCA+ |
3621 * +------+ +------------------------------------------+
3622 * scn,tld sca,irc,ict,tlu
3623 *
3624 *
3625 * with:
3626 *
3627 * Open: LCP reached authentication phase
3628 * Close: LCP reached terminate phase
3629 *
3630 * RCA+: received reply (pap-req, chap-response), acceptable
3631 * RCN: received reply (pap-req, chap-response), not acceptable
3632 * TO+: timeout with restart counter >= 0
3633 * TO-: timeout with restart counter < 0
3634 * TO*: reschedule timeout for CHAP
3635 *
3636 * scr: send request packet (none for PAP, chap-challenge)
3637 * sca: send ack packet (pap-ack, chap-success)
3638 * scn: send nak packet (pap-nak, chap-failure)
3639 * ict: initialize re-challenge timer (CHAP only)
3640 *
3641 * tlu: this-layer-up, LCP reaches network phase
3642 * tld: this-layer-down, LCP enters terminate phase
3643 *
3644 * Note that in CHAP mode, after sending a new challenge, while the state
3645 * automaton falls back into Req-Sent state, it doesn't signal a tld
3646 * event to LCP, so LCP remains in network phase. Only after not getting
3647 * any response (or after getting an unacceptable response), CHAP closes,
3648 * causing LCP to enter terminate phase.
3649 *
3650 * With PAP, there is no initial request that can be sent. The peer is
3651 * expected to send one based on the successful negotiation of PAP as
3652 * the authentication protocol during the LCP option negotiation.
3653 *
3654 * Incoming authentication protocol requests (remote requests
3655 * authentication, we are peer) don't employ a state machine at all,
3656 * they are simply answered. Some peers [Ascend P50 firmware rev
3657 * 4.50] react allergically when sending IPCP/IPv6CP requests while they are
3658 * still in authentication phase (thereby violating the standard that
3659 * demands that these NCP packets are to be discarded), so we keep
3660 * track of the peer demanding us to authenticate, and only proceed to
3661 * phase network once we've seen a positive acknowledge for the
3662 * authentication.
3663 */
3664
3665 /*
3666 * Handle incoming CHAP packets.
3667 */
3668 void
3669 sppp_chap_input(struct sppp *sp, struct mbuf *m)
3670 {
3671 STDDCL;
3672 struct lcp_header *h;
3673 int len, x;
3674 u_char *value, *name, digest[AUTHKEYLEN], dsize;
3675 int value_len, name_len;
3676 MD5_CTX ctx;
3677
3678 len = m->m_pkthdr.len;
3679 if (len < 4) {
3680 if (debug)
3681 log(LOG_DEBUG,
3682 SPP_FMT "chap invalid packet length: %d bytes\n",
3683 SPP_ARGS(ifp), len);
3684 return;
3685 }
3686 h = mtod (m, struct lcp_header*);
3687 if (len > ntohs (h->len))
3688 len = ntohs (h->len);
3689
3690 switch (h->type) {
3691 /* challenge, failure and success are his authproto */
3692 case CHAP_CHALLENGE:
3693 value = 1 + (u_char*)(h+1);
3694 value_len = value[-1];
3695 name = value + value_len;
3696 name_len = len - value_len - 5;
3697 if (name_len < 0) {
3698 if (debug) {
3699 log(LOG_DEBUG,
3700 SPP_FMT "chap corrupted challenge "
3701 "<%s id=0x%x len=%d",
3702 SPP_ARGS(ifp),
3703 sppp_auth_type_name(PPP_CHAP, h->type),
3704 h->ident, ntohs(h->len));
3705 if (len > 4)
3706 sppp_print_bytes((u_char*) (h+1), len-4);
3707 addlog(">\n");
3708 }
3709 break;
3710 }
3711
3712 if (debug) {
3713 log(LOG_DEBUG,
3714 SPP_FMT "chap input <%s id=0x%x len=%d name=",
3715 SPP_ARGS(ifp),
3716 sppp_auth_type_name(PPP_CHAP, h->type), h->ident,
3717 ntohs(h->len));
3718 sppp_print_string((char*) name, name_len);
3719 addlog(" value-size=%d value=", value_len);
3720 sppp_print_bytes(value, value_len);
3721 addlog(">\n");
3722 }
3723
3724 /* Compute reply value. */
3725 MD5Init(&ctx);
3726 MD5Update(&ctx, &h->ident, 1);
3727 MD5Update(&ctx, sp->myauth.secret,
3728 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN));
3729 MD5Update(&ctx, value, value_len);
3730 MD5Final(digest, &ctx);
3731 dsize = sizeof digest;
3732
3733 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident,
3734 sizeof dsize, (const char *)&dsize,
3735 sizeof digest, digest,
3736 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN),
3737 sp->myauth.name,
3738 0);
3739 break;
3740
3741 case CHAP_SUCCESS:
3742 if (debug) {
3743 log(LOG_DEBUG, SPP_FMT "chap success",
3744 SPP_ARGS(ifp));
3745 if (len > 4) {
3746 addlog(": ");
3747 sppp_print_string((char*)(h + 1), len - 4);
3748 }
3749 addlog("\n");
3750 }
3751 x = splnet();
3752 sp->pp_flags &= ~PP_NEEDAUTH;
3753 if (sp->myauth.proto == PPP_CHAP &&
3754 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) &&
3755 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) {
3756 /*
3757 * We are authenticator for CHAP but didn't
3758 * complete yet. Leave it to tlu to proceed
3759 * to network phase.
3760 */
3761 splx(x);
3762 break;
3763 }
3764 splx(x);
3765 sppp_phase_network(sp);
3766 break;
3767
3768 case CHAP_FAILURE:
3769 if (debug) {
3770 log(LOG_INFO, SPP_FMT "chap failure",
3771 SPP_ARGS(ifp));
3772 if (len > 4) {
3773 addlog(": ");
3774 sppp_print_string((char*)(h + 1), len - 4);
3775 }
3776 addlog("\n");
3777 } else
3778 log(LOG_INFO, SPP_FMT "chap failure\n",
3779 SPP_ARGS(ifp));
3780 /* await LCP shutdown by authenticator */
3781 break;
3782
3783 /* response is my authproto */
3784 case CHAP_RESPONSE:
3785 value = 1 + (u_char*)(h+1);
3786 value_len = value[-1];
3787 name = value + value_len;
3788 name_len = len - value_len - 5;
3789 if (name_len < 0) {
3790 if (debug) {
3791 log(LOG_DEBUG,
3792 SPP_FMT "chap corrupted response "
3793 "<%s id=0x%x len=%d",
3794 SPP_ARGS(ifp),
3795 sppp_auth_type_name(PPP_CHAP, h->type),
3796 h->ident, ntohs(h->len));
3797 if (len > 4)
3798 sppp_print_bytes((u_char*)(h+1), len-4);
3799 addlog(">\n");
3800 }
3801 break;
3802 }
3803 if (h->ident != sp->confid[IDX_CHAP]) {
3804 if (debug)
3805 log(LOG_DEBUG,
3806 SPP_FMT "chap dropping response for old ID "
3807 "(got %d, expected %d)\n",
3808 SPP_ARGS(ifp),
3809 h->ident, sp->confid[IDX_CHAP]);
3810 break;
3811 }
3812 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)
3813 || bcmp(name, sp->hisauth.name, name_len) != 0) {
3814 log(LOG_INFO, SPP_FMT "chap response, his name ",
3815 SPP_ARGS(ifp));
3816 sppp_print_string(name, name_len);
3817 addlog(" != expected ");
3818 sppp_print_string(sp->hisauth.name,
3819 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN));
3820 addlog("\n");
3821 }
3822 if (debug) {
3823 log(LOG_DEBUG, SPP_FMT "chap input(%s) "
3824 "<%s id=0x%x len=%d name=",
3825 SPP_ARGS(ifp),
3826 sppp_state_name(sp->state[IDX_CHAP]),
3827 sppp_auth_type_name(PPP_CHAP, h->type),
3828 h->ident, ntohs (h->len));
3829 sppp_print_string((char*)name, name_len);
3830 addlog(" value-size=%d value=", value_len);
3831 sppp_print_bytes(value, value_len);
3832 addlog(">\n");
3833 }
3834 if (value_len != AUTHKEYLEN) {
3835 if (debug)
3836 log(LOG_DEBUG,
3837 SPP_FMT "chap bad hash value length: "
3838 "%d bytes, should be %d\n",
3839 SPP_ARGS(ifp), value_len,
3840 AUTHKEYLEN);
3841 break;
3842 }
3843
3844 MD5Init(&ctx);
3845 MD5Update(&ctx, &h->ident, 1);
3846 MD5Update(&ctx, sp->hisauth.secret,
3847 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN));
3848 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN);
3849 MD5Final(digest, &ctx);
3850
3851 #define FAILMSG "Failed..."
3852 #define SUCCMSG "Welcome!"
3853
3854 if (value_len != sizeof digest ||
3855 bcmp(digest, value, value_len) != 0) {
3856 /* action scn, tld */
3857 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident,
3858 sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
3859 0);
3860 chap.tld(sp);
3861 break;
3862 }
3863 /* action sca, perhaps tlu */
3864 if (sp->state[IDX_CHAP] == STATE_REQ_SENT ||
3865 sp->state[IDX_CHAP] == STATE_OPENED)
3866 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident,
3867 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
3868 0);
3869 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) {
3870 sppp_cp_change_state(&chap, sp, STATE_OPENED);
3871 chap.tlu(sp);
3872 }
3873 break;
3874
3875 default:
3876 /* Unknown CHAP packet type -- ignore. */
3877 if (debug) {
3878 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) "
3879 "<0x%x id=0x%xh len=%d",
3880 SPP_ARGS(ifp),
3881 sppp_state_name(sp->state[IDX_CHAP]),
3882 h->type, h->ident, ntohs(h->len));
3883 if (len > 4)
3884 sppp_print_bytes((u_char*)(h+1), len-4);
3885 addlog(">\n");
3886 }
3887 break;
3888
3889 }
3890 }
3891
3892 static void
3893 sppp_chap_init(struct sppp *sp)
3894 {
3895 /* Chap doesn't have STATE_INITIAL at all. */
3896 sp->state[IDX_CHAP] = STATE_CLOSED;
3897 sp->fail_counter[IDX_CHAP] = 0;
3898 sp->pp_seq[IDX_CHAP] = 0;
3899 sp->pp_rseq[IDX_CHAP] = 0;
3900 callout_init(&sp->ch[IDX_CHAP]);
3901 }
3902
3903 static void
3904 sppp_chap_open(struct sppp *sp)
3905 {
3906 if (sp->myauth.proto == PPP_CHAP &&
3907 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
3908 /* we are authenticator for CHAP, start it */
3909 chap.scr(sp);
3910 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
3911 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
3912 }
3913 /* nothing to be done if we are peer, await a challenge */
3914 }
3915
3916 static void
3917 sppp_chap_close(struct sppp *sp)
3918 {
3919 if (sp->state[IDX_CHAP] != STATE_CLOSED)
3920 sppp_cp_change_state(&chap, sp, STATE_CLOSED);
3921 }
3922
3923 static void
3924 sppp_chap_TO(void *cookie)
3925 {
3926 struct sppp *sp = (struct sppp *)cookie;
3927 STDDCL;
3928 int s;
3929
3930 s = splnet();
3931 if (debug)
3932 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n",
3933 SPP_ARGS(ifp),
3934 sppp_state_name(sp->state[IDX_CHAP]),
3935 sp->rst_counter[IDX_CHAP]);
3936
3937 if (--sp->rst_counter[IDX_CHAP] < 0)
3938 /* TO- event */
3939 switch (sp->state[IDX_CHAP]) {
3940 case STATE_REQ_SENT:
3941 chap.tld(sp);
3942 sppp_cp_change_state(&chap, sp, STATE_CLOSED);
3943 break;
3944 }
3945 else
3946 /* TO+ (or TO*) event */
3947 switch (sp->state[IDX_CHAP]) {
3948 case STATE_OPENED:
3949 /* TO* event */
3950 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
3951 /* fall through */
3952 case STATE_REQ_SENT:
3953 chap.scr(sp);
3954 /* sppp_cp_change_state() will restart the timer */
3955 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
3956 break;
3957 }
3958
3959 splx(s);
3960 }
3961
3962 static void
3963 sppp_chap_tlu(struct sppp *sp)
3964 {
3965 STDDCL;
3966 int i, x;
3967
3968 i = 0;
3969 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
3970
3971 /*
3972 * Some broken CHAP implementations (Conware CoNet, firmware
3973 * 4.0.?) don't want to re-authenticate their CHAP once the
3974 * initial challenge-response exchange has taken place.
3975 * Provide for an option to avoid rechallenges.
3976 */
3977 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) {
3978 /*
3979 * Compute the re-challenge timeout. This will yield
3980 * a number between 300 and 810 seconds.
3981 */
3982 i = 300 + ((unsigned)(random() & 0xff00) >> 7);
3983
3984 callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, sp);
3985 }
3986
3987 if (debug) {
3988 log(LOG_DEBUG,
3989 SPP_FMT "chap %s, ",
3990 SPP_ARGS(ifp),
3991 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu");
3992 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0)
3993 addlog("next re-challenge in %d seconds\n", i);
3994 else
3995 addlog("re-challenging supressed\n");
3996 }
3997
3998 x = splnet();
3999 /* indicate to LCP that we need to be closed down */
4000 sp->lcp.protos |= (1 << IDX_CHAP);
4001
4002 if (sp->pp_flags & PP_NEEDAUTH) {
4003 /*
4004 * Remote is authenticator, but his auth proto didn't
4005 * complete yet. Defer the transition to network
4006 * phase.
4007 */
4008 splx(x);
4009 return;
4010 }
4011 splx(x);
4012
4013 /*
4014 * If we are already in phase network, we are done here. This
4015 * is the case if this is a dummy tlu event after a re-challenge.
4016 */
4017 if (sp->pp_phase != PHASE_NETWORK)
4018 sppp_phase_network(sp);
4019 }
4020
4021 static void
4022 sppp_chap_tld(struct sppp *sp)
4023 {
4024 STDDCL;
4025
4026 if (debug)
4027 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp));
4028 callout_stop(&sp->ch[IDX_CHAP]);
4029 sp->lcp.protos &= ~(1 << IDX_CHAP);
4030
4031 lcp.Close(sp);
4032 }
4033
4034 static void
4035 sppp_chap_scr(struct sppp *sp)
4036 {
4037 struct timeval tv;
4038 u_int32_t *ch, seed;
4039 u_char clen;
4040
4041 /* Compute random challenge. */
4042 ch = (u_int32_t *)sp->myauth.challenge;
4043 microtime(&tv);
4044 seed = tv.tv_sec ^ tv.tv_usec;
4045 ch[0] = seed ^ random();
4046 ch[1] = seed ^ random();
4047 ch[2] = seed ^ random();
4048 ch[3] = seed ^ random();
4049 clen = AUTHKEYLEN;
4050
4051 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP];
4052
4053 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP],
4054 sizeof clen, (const char *)&clen,
4055 (size_t)AUTHKEYLEN, sp->myauth.challenge,
4056 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN),
4057 sp->myauth.name,
4058 0);
4059 }
4060 �/*
4061 *--------------------------------------------------------------------------*
4062 * *
4063 * The PAP implementation. *
4064 * *
4065 *--------------------------------------------------------------------------*
4066 */
4067 /*
4068 * For PAP, we need to keep a little state also if we are the peer, not the
4069 * authenticator. This is since we don't get a request to authenticate, but
4070 * have to repeatedly authenticate ourself until we got a response (or the
4071 * retry counter is expired).
4072 */
4073
4074 /*
4075 * Handle incoming PAP packets. */
4076 static void
4077 sppp_pap_input(struct sppp *sp, struct mbuf *m)
4078 {
4079 STDDCL;
4080 struct lcp_header *h;
4081 int len, x;
4082 u_char *name, *passwd, mlen;
4083 int name_len, passwd_len;
4084
4085 len = m->m_pkthdr.len;
4086 if (len < 5) {
4087 if (debug)
4088 log(LOG_DEBUG,
4089 SPP_FMT "pap invalid packet length: %d bytes\n",
4090 SPP_ARGS(ifp), len);
4091 return;
4092 }
4093 h = mtod (m, struct lcp_header*);
4094 if (len > ntohs (h->len))
4095 len = ntohs (h->len);
4096 switch (h->type) {
4097 /* PAP request is my authproto */
4098 case PAP_REQ:
4099 name = 1 + (u_char*)(h+1);
4100 name_len = name[-1];
4101 passwd = name + name_len + 1;
4102 if (name_len > len - 6 ||
4103 (passwd_len = passwd[-1]) > len - 6 - name_len) {
4104 if (debug) {
4105 log(LOG_DEBUG, SPP_FMT "pap corrupted input "
4106 "<%s id=0x%x len=%d",
4107 SPP_ARGS(ifp),
4108 sppp_auth_type_name(PPP_PAP, h->type),
4109 h->ident, ntohs(h->len));
4110 if (len > 4)
4111 sppp_print_bytes((u_char*)(h+1), len-4);
4112 addlog(">\n");
4113 }
4114 break;
4115 }
4116 if (debug) {
4117 log(LOG_DEBUG, SPP_FMT "pap input(%s) "
4118 "<%s id=0x%x len=%d name=",
4119 SPP_ARGS(ifp),
4120 sppp_state_name(sp->state[IDX_PAP]),
4121 sppp_auth_type_name(PPP_PAP, h->type),
4122 h->ident, ntohs(h->len));
4123 sppp_print_string((char*)name, name_len);
4124 addlog(" passwd=");
4125 sppp_print_string((char*)passwd, passwd_len);
4126 addlog(">\n");
4127 }
4128 if (name_len > AUTHNAMELEN ||
4129 passwd_len > AUTHKEYLEN ||
4130 bcmp(name, sp->hisauth.name, name_len) != 0 ||
4131 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) {
4132 /* action scn, tld */
4133 mlen = sizeof(FAILMSG) - 1;
4134 sppp_auth_send(&pap, sp, PAP_NAK, h->ident,
4135 sizeof mlen, (const char *)&mlen,
4136 sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
4137 0);
4138 pap.tld(sp);
4139 break;
4140 }
4141 /* action sca, perhaps tlu */
4142 if (sp->state[IDX_PAP] == STATE_REQ_SENT ||
4143 sp->state[IDX_PAP] == STATE_OPENED) {
4144 mlen = sizeof(SUCCMSG) - 1;
4145 sppp_auth_send(&pap, sp, PAP_ACK, h->ident,
4146 sizeof mlen, (const char *)&mlen,
4147 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
4148 0);
4149 }
4150 if (sp->state[IDX_PAP] == STATE_REQ_SENT) {
4151 sppp_cp_change_state(&pap, sp, STATE_OPENED);
4152 pap.tlu(sp);
4153 }
4154 break;
4155
4156 /* ack and nak are his authproto */
4157 case PAP_ACK:
4158 callout_stop(&sp->pap_my_to_ch);
4159 if (debug) {
4160 log(LOG_DEBUG, SPP_FMT "pap success",
4161 SPP_ARGS(ifp));
4162 name_len = *(char *)h;
4163 if (len > 5 && name_len) {
4164 addlog(": ");
4165 sppp_print_string((char*)(h+1), name_len);
4166 }
4167 addlog("\n");
4168 }
4169 x = splnet();
4170 sp->pp_flags &= ~PP_NEEDAUTH;
4171 if (sp->myauth.proto == PPP_PAP &&
4172 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) &&
4173 (sp->lcp.protos & (1 << IDX_PAP)) == 0) {
4174 /*
4175 * We are authenticator for PAP but didn't
4176 * complete yet. Leave it to tlu to proceed
4177 * to network phase.
4178 */
4179 splx(x);
4180 break;
4181 }
4182 splx(x);
4183 sppp_phase_network(sp);
4184 break;
4185
4186 case PAP_NAK:
4187 callout_stop(&sp->pap_my_to_ch);
4188 if (debug) {
4189 log(LOG_INFO, SPP_FMT "pap failure",
4190 SPP_ARGS(ifp));
4191 name_len = *(char *)h;
4192 if (len > 5 && name_len) {
4193 addlog(": ");
4194 sppp_print_string((char*)(h+1), name_len);
4195 }
4196 addlog("\n");
4197 } else
4198 log(LOG_INFO, SPP_FMT "pap failure\n",
4199 SPP_ARGS(ifp));
4200 /* await LCP shutdown by authenticator */
4201 break;
4202
4203 default:
4204 /* Unknown PAP packet type -- ignore. */
4205 if (debug) {
4206 log(LOG_DEBUG, SPP_FMT "pap corrupted input "
4207 "<0x%x id=0x%x len=%d",
4208 SPP_ARGS(ifp),
4209 h->type, h->ident, ntohs(h->len));
4210 if (len > 4)
4211 sppp_print_bytes((u_char*)(h+1), len-4);
4212 addlog(">\n");
4213 }
4214 break;
4215
4216 }
4217 }
4218
4219 static void
4220 sppp_pap_init(struct sppp *sp)
4221 {
4222 /* PAP doesn't have STATE_INITIAL at all. */
4223 sp->state[IDX_PAP] = STATE_CLOSED;
4224 sp->fail_counter[IDX_PAP] = 0;
4225 sp->pp_seq[IDX_PAP] = 0;
4226 sp->pp_rseq[IDX_PAP] = 0;
4227 callout_init(&sp->ch[IDX_PAP]);
4228 callout_init(&sp->pap_my_to_ch);
4229 }
4230
4231 static void
4232 sppp_pap_open(struct sppp *sp)
4233 {
4234 if (sp->hisauth.proto == PPP_PAP &&
4235 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
4236 /* we are authenticator for PAP, start our timer */
4237 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
4238 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
4239 }
4240 if (sp->myauth.proto == PPP_PAP) {
4241 /* we are peer, send a request, and start a timer */
4242 pap.scr(sp);
4243 callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout,
4244 sppp_pap_my_TO, sp);
4245 }
4246 }
4247
4248 static void
4249 sppp_pap_close(struct sppp *sp)
4250 {
4251 if (sp->state[IDX_PAP] != STATE_CLOSED)
4252 sppp_cp_change_state(&pap, sp, STATE_CLOSED);
4253 }
4254
4255 /*
4256 * That's the timeout routine if we are authenticator. Since the
4257 * authenticator is basically passive in PAP, we can't do much here.
4258 */
4259 static void
4260 sppp_pap_TO(void *cookie)
4261 {
4262 struct sppp *sp = (struct sppp *)cookie;
4263 STDDCL;
4264 int s;
4265
4266 s = splnet();
4267 if (debug)
4268 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n",
4269 SPP_ARGS(ifp),
4270 sppp_state_name(sp->state[IDX_PAP]),
4271 sp->rst_counter[IDX_PAP]);
4272
4273 if (--sp->rst_counter[IDX_PAP] < 0)
4274 /* TO- event */
4275 switch (sp->state[IDX_PAP]) {
4276 case STATE_REQ_SENT:
4277 pap.tld(sp);
4278 sppp_cp_change_state(&pap, sp, STATE_CLOSED);
4279 break;
4280 }
4281 else
4282 /* TO+ event, not very much we could do */
4283 switch (sp->state[IDX_PAP]) {
4284 case STATE_REQ_SENT:
4285 /* sppp_cp_change_state() will restart the timer */
4286 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
4287 break;
4288 }
4289
4290 splx(s);
4291 }
4292
4293 /*
4294 * That's the timeout handler if we are peer. Since the peer is active,
4295 * we need to retransmit our PAP request since it is apparently lost.
4296 * XXX We should impose a max counter.
4297 */
4298 static void
4299 sppp_pap_my_TO(void *cookie)
4300 {
4301 struct sppp *sp = (struct sppp *)cookie;
4302 STDDCL;
4303
4304 if (debug)
4305 log(LOG_DEBUG, SPP_FMT "pap peer TO\n",
4306 SPP_ARGS(ifp));
4307
4308 pap.scr(sp);
4309 }
4310
4311 static void
4312 sppp_pap_tlu(struct sppp *sp)
4313 {
4314 STDDCL;
4315 int x;
4316
4317 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
4318
4319 if (debug)
4320 log(LOG_DEBUG, SPP_FMT "%s tlu\n",
4321 SPP_ARGS(ifp), pap.name);
4322
4323 x = splnet();
4324 /* indicate to LCP that we need to be closed down */
4325 sp->lcp.protos |= (1 << IDX_PAP);
4326
4327 if (sp->pp_flags & PP_NEEDAUTH) {
4328 /*
4329 * Remote is authenticator, but his auth proto didn't
4330 * complete yet. Defer the transition to network
4331 * phase.
4332 */
4333 splx(x);
4334 return;
4335 }
4336 splx(x);
4337 sppp_phase_network(sp);
4338 }
4339
4340 static void
4341 sppp_pap_tld(struct sppp *sp)
4342 {
4343 STDDCL;
4344
4345 if (debug)
4346 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp));
4347 callout_stop(&sp->ch[IDX_PAP]);
4348 callout_stop(&sp->pap_my_to_ch);
4349 sp->lcp.protos &= ~(1 << IDX_PAP);
4350
4351 lcp.Close(sp);
4352 }
4353
4354 static void
4355 sppp_pap_scr(struct sppp *sp)
4356 {
4357 u_char idlen, pwdlen;
4358
4359 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP];
4360 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN);
4361 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN);
4362
4363 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP],
4364 sizeof idlen, (const char *)&idlen,
4365 (size_t)idlen, sp->myauth.name,
4366 sizeof pwdlen, (const char *)&pwdlen,
4367 (size_t)pwdlen, sp->myauth.secret,
4368 0);
4369 }
4370 �/*
4371 * Random miscellaneous functions.
4372 */
4373
4374 /*
4375 * Send a PAP or CHAP proto packet.
4376 *
4377 * Varadic function, each of the elements for the ellipsis is of type
4378 * ``size_t mlen, const u_char *msg''. Processing will stop iff
4379 * mlen == 0.
4380 * NOTE: never declare variadic functions with types subject to type
4381 * promotion (i.e. u_char). This is asking for big trouble depending
4382 * on the architecture you are on...
4383 */
4384
4385 static void
4386 sppp_auth_send(const struct cp *cp, struct sppp *sp,
4387 unsigned int type, unsigned int id,
4388 ...)
4389 {
4390 STDDCL;
4391 struct lcp_header *lh;
4392 struct mbuf *m;
4393 u_char *p;
4394 int len;
4395 size_t pkthdrlen;
4396 unsigned int mlen;
4397 const char *msg;
4398 va_list ap;
4399
4400 MGETHDR (m, M_DONTWAIT, MT_DATA);
4401 if (! m)
4402 return;
4403 m->m_pkthdr.rcvif = 0;
4404
4405 if (sp->pp_flags & PP_NOFRAMING) {
4406 *mtod(m, u_int16_t*) = htons(cp->proto);
4407 pkthdrlen = 2;
4408 lh = (struct lcp_header*)(mtod(m, u_int8_t*)+2);
4409 } else {
4410 struct ppp_header *h;
4411 h = mtod (m, struct ppp_header*);
4412 h->address = PPP_ALLSTATIONS; /* broadcast address */
4413 h->control = PPP_UI; /* Unnumbered Info */
4414 h->protocol = htons(cp->proto);
4415 pkthdrlen = PPP_HEADER_LEN;
4416
4417 lh = (struct lcp_header*)(h + 1);
4418 }
4419
4420 lh->type = type;
4421 lh->ident = id;
4422 p = (u_char*) (lh+1);
4423
4424 va_start(ap, id);
4425 len = 0;
4426
4427 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) {
4428 msg = va_arg(ap, const char *);
4429 len += mlen;
4430 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) {
4431 va_end(ap);
4432 m_freem(m);
4433 return;
4434 }
4435
4436 bcopy(msg, p, mlen);
4437 p += mlen;
4438 }
4439 va_end(ap);
4440
4441 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len;
4442 lh->len = htons (LCP_HEADER_LEN + len);
4443
4444 if (debug) {
4445 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d",
4446 SPP_ARGS(ifp), cp->name,
4447 sppp_auth_type_name(cp->proto, lh->type),
4448 lh->ident, ntohs(lh->len));
4449 if (len)
4450 sppp_print_bytes((u_char*) (lh+1), len);
4451 addlog(">\n");
4452 }
4453 if (IF_QFULL (&sp->pp_cpq)) {
4454 IF_DROP (&sp->pp_fastq);
4455 IF_DROP (&ifp->if_snd);
4456 m_freem (m);
4457 ++ifp->if_oerrors;
4458 } else
4459 IF_ENQUEUE (&sp->pp_cpq, m);
4460 if (! (ifp->if_flags & IFF_OACTIVE))
4461 (*ifp->if_start) (ifp);
4462 ifp->if_obytes += m->m_pkthdr.len + 3;
4463 }
4464
4465 /*
4466 * Send keepalive packets, every 10 seconds.
4467 */
4468 static void
4469 sppp_keepalive(void *dummy)
4470 {
4471 struct sppp *sp;
4472 int s;
4473
4474 s = splnet();
4475 for (sp=spppq; sp; sp=sp->pp_next) {
4476 struct ifnet *ifp = &sp->pp_if;
4477
4478 /* Keepalive mode disabled or channel down? */
4479 if (! (sp->pp_flags & PP_KEEPALIVE) ||
4480 ! (ifp->if_flags & IFF_RUNNING))
4481 continue;
4482
4483 /* No keepalive in PPP mode if LCP not opened yet. */
4484 if (! (sp->pp_flags & PP_CISCO) &&
4485 sp->pp_phase < PHASE_AUTHENTICATE)
4486 continue;
4487
4488 if (sp->pp_alivecnt == MAXALIVECNT) {
4489 /* No keepalive packets got. Stop the interface. */
4490 printf (SPP_FMT "down\n", SPP_ARGS(ifp));
4491 if_down (ifp);
4492 IF_PURGE (&sp->pp_cpq);
4493 if (! (sp->pp_flags & PP_CISCO)) {
4494 /* XXX */
4495 /* Shut down the PPP link. */
4496 lcp.Down(sp);
4497 /* Initiate negotiation. XXX */
4498 lcp.Up(sp);
4499 }
4500 }
4501 if (sp->pp_alivecnt <= MAXALIVECNT)
4502 ++sp->pp_alivecnt;
4503 if (sp->pp_flags & PP_CISCO)
4504 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ,
4505 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]);
4506 else if (sp->pp_phase >= PHASE_AUTHENTICATE) {
4507 int32_t nmagic = htonl (sp->lcp.magic);
4508 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP];
4509 sppp_cp_send (sp, PPP_LCP, ECHO_REQ,
4510 sp->lcp.echoid, 4, &nmagic);
4511 }
4512 }
4513 splx(s);
4514 callout_reset(&keepalive_ch, hz * 10, sppp_keepalive, NULL);
4515 }
4516
4517 /*
4518 * Get both IP addresses.
4519 */
4520 static void
4521 sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, u_int32_t *srcmask)
4522 {
4523 struct ifnet *ifp = &sp->pp_if;
4524 struct ifaddr *ifa;
4525 struct sockaddr_in *si, *sm;
4526 u_int32_t ssrc, ddst;
4527
4528 sm = NULL;
4529 ssrc = ddst = 0;
4530 /*
4531 * Pick the first AF_INET address from the list,
4532 * aliases don't make any sense on a p2p link anyway.
4533 */
4534 si = 0;
4535 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
4536 if (ifa->ifa_addr->sa_family == AF_INET) {
4537 si = (struct sockaddr_in *)ifa->ifa_addr;
4538 sm = (struct sockaddr_in *)ifa->ifa_netmask;
4539 if (si)
4540 break;
4541 }
4542 }
4543 if (ifa) {
4544 if (si && si->sin_addr.s_addr) {
4545 ssrc = si->sin_addr.s_addr;
4546 if (srcmask)
4547 *srcmask = ntohl(sm->sin_addr.s_addr);
4548 }
4549
4550 si = (struct sockaddr_in *)ifa->ifa_dstaddr;
4551 if (si && si->sin_addr.s_addr)
4552 ddst = si->sin_addr.s_addr;
4553 }
4554
4555 if (dst) *dst = ntohl(ddst);
4556 if (src) *src = ntohl(ssrc);
4557 }
4558
4559 /*
4560 * Set IP addresses. Must be called at splnet.
4561 * If an address is 0, leave it the way it is.
4562 */
4563 static void
4564 sppp_set_ip_addrs(struct sppp *sp, u_int32_t myaddr, u_int32_t hisaddr)
4565 {
4566 STDDCL;
4567 struct ifaddr *ifa;
4568 struct sockaddr_in *si;
4569 struct sockaddr_in *dest;
4570
4571 /*
4572 * Pick the first AF_INET address from the list,
4573 * aliases don't make any sense on a p2p link anyway.
4574 */
4575
4576 si = 0;
4577 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
4578 {
4579 if (ifa->ifa_addr->sa_family == AF_INET)
4580 {
4581 si = (struct sockaddr_in *)ifa->ifa_addr;
4582 dest = (struct sockaddr_in *)ifa->ifa_dstaddr;
4583 if (si)
4584 break;
4585 }
4586 }
4587
4588 if (ifa && si)
4589 {
4590 int error;
4591 struct sockaddr_in new_sin = *si;
4592 struct sockaddr_in new_dst = *dest;
4593
4594 /*
4595 * Scrub old routes now instead of calling in_ifinit with
4596 * scrub=1, because we may change the dstaddr
4597 * before the call to in_ifinit.
4598 */
4599 in_ifscrub(ifp, ifatoia(ifa));
4600
4601 if (myaddr != 0)
4602 new_sin.sin_addr.s_addr = htonl(myaddr);
4603 if (hisaddr != 0) {
4604 new_dst.sin_addr.s_addr = htonl(hisaddr);
4605 if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) {
4606 sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr;
4607 *dest = new_dst; /* fix dstaddr in place */
4608 }
4609 }
4610 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 0);
4611 if(debug && error)
4612 {
4613 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addrs: in_ifinit "
4614 " failed, error=%d\n", SPP_ARGS(ifp), error);
4615 }
4616 }
4617 }
4618
4619 /*
4620 * Clear IP addresses. Must be called at splnet.
4621 */
4622 static void
4623 sppp_clear_ip_addrs(struct sppp *sp)
4624 {
4625 struct ifnet *ifp = &sp->pp_if;
4626 struct ifaddr *ifa;
4627 struct sockaddr_in *si;
4628 struct sockaddr_in *dest;
4629
4630 u_int32_t remote;
4631 if (sp->ipcp.flags & IPCP_HISADDR_DYN)
4632 remote = sp->ipcp.saved_hisaddr;
4633 else
4634 sppp_get_ip_addrs(sp, 0, &remote, 0);
4635
4636 /*
4637 * Pick the first AF_INET address from the list,
4638 * aliases don't make any sense on a p2p link anyway.
4639 */
4640
4641 si = 0;
4642 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
4643 {
4644 if (ifa->ifa_addr->sa_family == AF_INET)
4645 {
4646 si = (struct sockaddr_in *)ifa->ifa_addr;
4647 dest = (struct sockaddr_in *)ifa->ifa_dstaddr;
4648 if (si)
4649 break;
4650 }
4651 }
4652
4653 if (ifa && si)
4654 {
4655 struct sockaddr_in new_sin = *si;
4656
4657 in_ifscrub(ifp, ifatoia(ifa));
4658 if (sp->ipcp.flags & IPCP_MYADDR_DYN)
4659 new_sin.sin_addr.s_addr = 0;
4660 if (sp->ipcp.flags & IPCP_HISADDR_DYN)
4661 /* replace peer addr in place */
4662 dest->sin_addr.s_addr = sp->ipcp.saved_hisaddr;
4663 in_ifinit(ifp, ifatoia(ifa), &new_sin, 0);
4664 }
4665 }
4666
4667 #ifdef INET6
4668 /*
4669 * Get both IPv6 addresses.
4670 */
4671 static void
4672 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst,
4673 struct in6_addr *srcmask)
4674 {
4675 struct ifnet *ifp = &sp->pp_if;
4676 struct ifaddr *ifa;
4677 struct sockaddr_in6 *si, *sm;
4678 struct in6_addr ssrc, ddst;
4679
4680 sm = NULL;
4681 memset(&ssrc, 0, sizeof(ssrc));
4682 memset(&ddst, 0, sizeof(ddst));
4683 /*
4684 * Pick the first link-local AF_INET6 address from the list,
4685 * aliases don't make any sense on a p2p link anyway.
4686 */
4687 si = 0;
4688 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
4689 if (ifa->ifa_addr->sa_family == AF_INET6) {
4690 si = (struct sockaddr_in6 *)ifa->ifa_addr;
4691 sm = (struct sockaddr_in6 *)ifa->ifa_netmask;
4692 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr))
4693 break;
4694 }
4695 if (ifa) {
4696 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) {
4697 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc));
4698 if (srcmask) {
4699 bcopy(&sm->sin6_addr, srcmask,
4700 sizeof(*srcmask));
4701 }
4702 }
4703
4704 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr;
4705 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr))
4706 bcopy(&si->sin6_addr, &ddst, sizeof(ddst));
4707 }
4708
4709 if (dst)
4710 bcopy(&ddst, dst, sizeof(*dst));
4711 if (src)
4712 bcopy(&ssrc, src, sizeof(*src));
4713 }
4714
4715 #ifdef IPV6CP_MYIFID_DYN
4716 /*
4717 * Generate random ifid.
4718 */
4719 static void
4720 sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr)
4721 {
4722 /* TBD */
4723 }
4724
4725 /*
4726 * Set my IPv6 address. Must be called at splnet.
4727 */
4728 static void
4729 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src)
4730 {
4731 STDDCL;
4732 struct ifaddr *ifa;
4733 struct sockaddr_in6 *sin6;
4734
4735 /*
4736 * Pick the first link-local AF_INET6 address from the list,
4737 * aliases don't make any sense on a p2p link anyway.
4738 */
4739
4740 sin6 = NULL;
4741 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
4742 {
4743 if (ifa->ifa_addr->sa_family == AF_INET6)
4744 {
4745 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr;
4746 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))
4747 break;
4748 }
4749 }
4750
4751 if (ifa && sin6)
4752 {
4753 int error;
4754 struct sockaddr_in6 new_sin6 = *sin6;
4755
4756 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr));
4757 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1);
4758 if (debug && error)
4759 {
4760 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit "
4761 " failed, error=%d\n", SPP_ARGS(ifp), error);
4762 }
4763 }
4764 }
4765 #endif
4766
4767 /*
4768 * Suggest a candidate address to be used by peer.
4769 */
4770 static void
4771 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest)
4772 {
4773 struct in6_addr myaddr;
4774 struct timeval tv;
4775
4776 sppp_get_ip6_addrs(sp, &myaddr, 0, 0);
4777
4778 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */
4779 microtime(&tv);
4780 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) {
4781 myaddr.s6_addr[14] ^= 0xff;
4782 myaddr.s6_addr[15] ^= 0xff;
4783 } else {
4784 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff);
4785 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff);
4786 }
4787 if (suggest)
4788 bcopy(&myaddr, suggest, sizeof(myaddr));
4789 }
4790 #endif /*INET6*/
4791
4792 static int
4793 sppp_params(struct sppp *sp, int cmd, void *data)
4794 {
4795 struct ifreq *ifr = (struct ifreq *)data;
4796 struct spppreq spr;
4797
4798 #if 0
4799 /*
4800 * ifr->ifr_data is supposed to point to a struct spppreq.
4801 * Check the cmd word first before attempting to fetch all the
4802 * data.
4803 */
4804 if ((subcmd = fuword(ifr->ifr_data)) == -1)
4805 return EFAULT;
4806 #endif
4807
4808 if (copyin((caddr_t)ifr->ifr_data, &spr, sizeof spr) != 0)
4809 return EFAULT;
4810
4811 switch (spr.cmd) {
4812 case SPPPIOGDEFS:
4813 if (cmd != (int)SIOCGIFGENERIC)
4814 return EINVAL;
4815 /*
4816 * We copy over the entire current state, but clean
4817 * out some of the stuff we don't wanna pass up.
4818 * Remember, SIOCGIFGENERIC is unprotected, and can be
4819 * called by any user. No need to ever get PAP or
4820 * CHAP secrets back to userland anyway.
4821 */
4822 bcopy(sp, &spr.defs, sizeof(struct sppp));
4823 memset(spr.defs.myauth.secret, 0, AUTHKEYLEN);
4824 memset(spr.defs.myauth.challenge, 0, AUTHKEYLEN);
4825 memset(spr.defs.hisauth.secret, 0, AUTHKEYLEN);
4826 memset(spr.defs.hisauth.challenge, 0, AUTHKEYLEN);
4827 return copyout(&spr, (caddr_t)ifr->ifr_data, sizeof spr);
4828
4829 case SPPPIOSDEFS:
4830 if (cmd != (int)SIOCSIFGENERIC)
4831 return EINVAL;
4832 /*
4833 * We have a very specific idea of which fields we allow
4834 * being passed back from userland, so to not clobber our
4835 * current state. For one, we only allow setting
4836 * anything if LCP is in dead phase. Once the LCP
4837 * negotiations started, the authentication settings must
4838 * not be changed again. (The administrator can force an
4839 * ifconfig down in order to get LCP back into dead
4840 * phase.)
4841 *
4842 * Also, we only allow for authentication parameters to be
4843 * specified.
4844 *
4845 * XXX Should allow to set or clear pp_flags.
4846 *
4847 * Finally, if the respective authentication protocol to
4848 * be used is set differently than 0, but the secret is
4849 * passed as all zeros, we don't trash the existing secret.
4850 * This allows an administrator to change the system name
4851 * only without clobbering the secret (which he didn't get
4852 * back in a previous SPPPIOGDEFS call). However, the
4853 * secrets are cleared if the authentication protocol is
4854 * reset to 0.
4855 */
4856 if (sp->pp_phase != PHASE_DEAD)
4857 return EBUSY;
4858
4859 if ((spr.defs.myauth.proto != 0 && spr.defs.myauth.proto != PPP_PAP &&
4860 spr.defs.myauth.proto != PPP_CHAP) ||
4861 (spr.defs.hisauth.proto != 0 && spr.defs.hisauth.proto != PPP_PAP &&
4862 spr.defs.hisauth.proto != PPP_CHAP))
4863 return EINVAL;
4864
4865 if (spr.defs.myauth.proto == 0)
4866 /* resetting myauth */
4867 memset(&sp->myauth, 0, sizeof sp->myauth);
4868 else {
4869 /* setting/changing myauth */
4870 sp->myauth.proto = spr.defs.myauth.proto;
4871 bcopy(spr.defs.myauth.name, sp->myauth.name, AUTHNAMELEN);
4872 if (spr.defs.myauth.secret[0] != '\0')
4873 bcopy(spr.defs.myauth.secret, sp->myauth.secret,
4874 AUTHKEYLEN);
4875 }
4876 if (spr.defs.hisauth.proto == 0)
4877 /* resetting hisauth */
4878 memset(&sp->hisauth, 0, sizeof sp->hisauth);
4879 else {
4880 /* setting/changing hisauth */
4881 sp->hisauth.proto = spr.defs.hisauth.proto;
4882 sp->hisauth.flags = spr.defs.hisauth.flags;
4883 bcopy(spr.defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN);
4884 if (spr.defs.hisauth.secret[0] != '\0')
4885 bcopy(spr.defs.hisauth.secret, sp->hisauth.secret,
4886 AUTHKEYLEN);
4887 }
4888 break;
4889
4890 default:
4891 return EINVAL;
4892 }
4893
4894 return 0;
4895 }
4896
4897 static void
4898 sppp_phase_network(struct sppp *sp)
4899 {
4900 STDDCL;
4901 int i;
4902 u_int32_t mask;
4903
4904 sp->pp_phase = PHASE_NETWORK;
4905
4906 if(debug)
4907 {
4908 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
4909 sppp_phase_name(sp->pp_phase));
4910 }
4911
4912 /* Notify NCPs now. */
4913 for (i = 0; i < IDX_COUNT; i++)
4914 if ((cps[i])->flags & CP_NCP)
4915 (cps[i])->Open(sp);
4916
4917 /* Send Up events to all NCPs. */
4918 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
4919 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP))
4920 (cps[i])->Up(sp);
4921
4922 /* if no NCP is starting, all this was in vain, close down */
4923 sppp_lcp_check_and_close(sp);
4924 }
4925
4926
4927 static const char *
4928 sppp_cp_type_name(u_char type)
4929 {
4930 static char buf[12];
4931 switch (type) {
4932 case CONF_REQ: return "conf-req";
4933 case CONF_ACK: return "conf-ack";
4934 case CONF_NAK: return "conf-nak";
4935 case CONF_REJ: return "conf-rej";
4936 case TERM_REQ: return "term-req";
4937 case TERM_ACK: return "term-ack";
4938 case CODE_REJ: return "code-rej";
4939 case PROTO_REJ: return "proto-rej";
4940 case ECHO_REQ: return "echo-req";
4941 case ECHO_REPLY: return "echo-reply";
4942 case DISC_REQ: return "discard-req";
4943 }
4944 sprintf (buf, "0x%x", type);
4945 return buf;
4946 }
4947
4948 static const char *
4949 sppp_auth_type_name(u_short proto, u_char type)
4950 {
4951 static char buf[12];
4952 switch (proto) {
4953 case PPP_CHAP:
4954 switch (type) {
4955 case CHAP_CHALLENGE: return "challenge";
4956 case CHAP_RESPONSE: return "response";
4957 case CHAP_SUCCESS: return "success";
4958 case CHAP_FAILURE: return "failure";
4959 }
4960 case PPP_PAP:
4961 switch (type) {
4962 case PAP_REQ: return "req";
4963 case PAP_ACK: return "ack";
4964 case PAP_NAK: return "nak";
4965 }
4966 }
4967 sprintf (buf, "0x%x", type);
4968 return buf;
4969 }
4970
4971 static const char *
4972 sppp_lcp_opt_name(u_char opt)
4973 {
4974 static char buf[12];
4975 switch (opt) {
4976 case LCP_OPT_MRU: return "mru";
4977 case LCP_OPT_ASYNC_MAP: return "async-map";
4978 case LCP_OPT_AUTH_PROTO: return "auth-proto";
4979 case LCP_OPT_QUAL_PROTO: return "qual-proto";
4980 case LCP_OPT_MAGIC: return "magic";
4981 case LCP_OPT_PROTO_COMP: return "proto-comp";
4982 case LCP_OPT_ADDR_COMP: return "addr-comp";
4983 }
4984 sprintf (buf, "0x%x", opt);
4985 return buf;
4986 }
4987
4988 static const char *
4989 sppp_ipcp_opt_name(u_char opt)
4990 {
4991 static char buf[12];
4992 switch (opt) {
4993 case IPCP_OPT_ADDRESSES: return "addresses";
4994 case IPCP_OPT_COMPRESSION: return "compression";
4995 case IPCP_OPT_ADDRESS: return "address";
4996 }
4997 sprintf (buf, "0x%x", opt);
4998 return buf;
4999 }
5000
5001 #ifdef INET6
5002 static const char *
5003 sppp_ipv6cp_opt_name(u_char opt)
5004 {
5005 static char buf[12];
5006 switch (opt) {
5007 case IPV6CP_OPT_IFID: return "ifid";
5008 case IPV6CP_OPT_COMPRESSION: return "compression";
5009 }
5010 sprintf (buf, "0x%x", opt);
5011 return buf;
5012 }
5013 #endif
5014
5015 static const char *
5016 sppp_state_name(int state)
5017 {
5018 switch (state) {
5019 case STATE_INITIAL: return "initial";
5020 case STATE_STARTING: return "starting";
5021 case STATE_CLOSED: return "closed";
5022 case STATE_STOPPED: return "stopped";
5023 case STATE_CLOSING: return "closing";
5024 case STATE_STOPPING: return "stopping";
5025 case STATE_REQ_SENT: return "req-sent";
5026 case STATE_ACK_RCVD: return "ack-rcvd";
5027 case STATE_ACK_SENT: return "ack-sent";
5028 case STATE_OPENED: return "opened";
5029 }
5030 return "illegal";
5031 }
5032
5033 static const char *
5034 sppp_phase_name(enum ppp_phase phase)
5035 {
5036 switch (phase) {
5037 case PHASE_DEAD: return "dead";
5038 case PHASE_ESTABLISH: return "establish";
5039 case PHASE_TERMINATE: return "terminate";
5040 case PHASE_AUTHENTICATE: return "authenticate";
5041 case PHASE_NETWORK: return "network";
5042 }
5043 return "illegal";
5044 }
5045
5046 static const char *
5047 sppp_proto_name(u_short proto)
5048 {
5049 static char buf[12];
5050 switch (proto) {
5051 case PPP_LCP: return "lcp";
5052 case PPP_IPCP: return "ipcp";
5053 case PPP_PAP: return "pap";
5054 case PPP_CHAP: return "chap";
5055 case PPP_IPV6CP: return "ipv6cp";
5056 }
5057 sprintf(buf, "0x%x", (unsigned)proto);
5058 return buf;
5059 }
5060
5061 static void
5062 sppp_print_bytes(const u_char *p, u_short len)
5063 {
5064 addlog(" %02x", *p++);
5065 while (--len > 0)
5066 addlog("-%02x", *p++);
5067 }
5068
5069 static void
5070 sppp_print_string(const char *p, u_short len)
5071 {
5072 u_char c;
5073
5074 while (len-- > 0) {
5075 c = *p++;
5076 /*
5077 * Print only ASCII chars directly. RFC 1994 recommends
5078 * using only them, but we don't rely on it. */
5079 if (c < ' ' || c > '~')
5080 addlog("\\x%x", c);
5081 else
5082 addlog("%c", c);
5083 }
5084 }
5085
5086 static const char *
5087 sppp_dotted_quad(u_int32_t addr)
5088 {
5089 static char s[16];
5090 sprintf(s, "%d.%d.%d.%d",
5091 (int)((addr >> 24) & 0xff),
5092 (int)((addr >> 16) & 0xff),
5093 (int)((addr >> 8) & 0xff),
5094 (int)(addr & 0xff));
5095 return s;
5096 }
5097
5098 static int
5099 sppp_strnlen(u_char *p, int max)
5100 {
5101 int len;
5102
5103 for (len = 0; len < max && *p; ++p)
5104 ++len;
5105 return len;
5106 }
5107
5108 /* a dummy, used to drop uninteresting events */
5109 static void
5110 sppp_null(struct sppp *unused)
5111 {
5112 /* do just nothing */
5113 }
5114 /*
5115 * This file is large. Tell emacs to highlight it nevertheless.
5116 *
5117 * Local Variables:
5118 * hilit-auto-highlight-maxout: 120000
5119 * End:
5120 */
5121