1 /* $NetBSD: if_spppsubr.c,v 1.78 2004/09/18 16:04:41 yamt Exp $ */ 2 3 /* 4 * Synchronous PPP/Cisco link level subroutines. 5 * Keepalive protocol implemented in both Cisco and PPP modes. 6 * 7 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 8 * Author: Serge Vakulenko, <vak@cronyx.ru> 9 * 10 * Heavily revamped to conform to RFC 1661. 11 * Copyright (C) 1997, Joerg Wunsch. 12 * 13 * RFC2472 IPv6CP support. 14 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun@iijlab.net>. 15 * 16 * Redistribution and use in source and binary forms, with or without 17 * modification, are permitted provided that the following conditions are met: 18 * 1. Redistributions of source code must retain the above copyright notice, 19 * this list of conditions and the following disclaimer. 20 * 2. Redistributions in binary form must reproduce the above copyright notice, 21 * this list of conditions and the following disclaimer in the documentation 22 * and/or other materials provided with the distribution. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY 25 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE 28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 32 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 34 * POSSIBILITY OF SUCH DAMAGE. 35 * 36 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 37 * 38 * From: if_spppsubr.c,v 1.39 1998/04/04 13:26:03 phk Exp 39 * 40 * From: Id: if_spppsubr.c,v 1.23 1999/02/23 14:47:50 hm Exp 41 */ 42 43 #include <sys/cdefs.h> 44 __KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.78 2004/09/18 16:04:41 yamt Exp $"); 45 46 #include "opt_inet.h" 47 #include "opt_ipx.h" 48 #include "opt_iso.h" 49 #include "opt_ns.h" 50 #include "opt_pfil_hooks.h" 51 52 #include <sys/param.h> 53 #include <sys/proc.h> 54 #include <sys/systm.h> 55 #include <sys/kernel.h> 56 #include <sys/sockio.h> 57 #include <sys/socket.h> 58 #include <sys/syslog.h> 59 #include <sys/malloc.h> 60 #include <sys/mbuf.h> 61 #include <sys/callout.h> 62 #include <sys/md5.h> 63 #include <sys/inttypes.h> 64 65 #include <net/if.h> 66 #include <net/netisr.h> 67 #include <net/if_types.h> 68 #include <net/route.h> 69 #include <net/ppp_defs.h> 70 71 #include <machine/stdarg.h> 72 73 #include <netinet/in.h> 74 #include <netinet/in_systm.h> 75 #include <netinet/in_var.h> 76 #ifdef INET 77 #include <netinet/ip.h> 78 #include <netinet/tcp.h> 79 #endif 80 #include <net/ethertypes.h> 81 82 #ifdef IPX 83 #include <netipx/ipx.h> 84 #include <netipx/ipx_if.h> 85 #endif 86 87 #ifdef NS 88 #include <netns/ns.h> 89 #include <netns/ns_if.h> 90 #endif 91 92 #ifdef ISO 93 #include <netiso/argo_debug.h> 94 #include <netiso/iso.h> 95 #include <netiso/iso_var.h> 96 #include <netiso/iso_snpac.h> 97 #endif 98 99 #include <net/if_sppp.h> 100 #include <net/if_spppvar.h> 101 102 #define LCP_KEEPALIVE_INTERVAL 10 /* seconds between checks */ 103 #define LOOPALIVECNT 3 /* loopback detection tries */ 104 #define DEFAULT_MAXALIVECNT 3 /* max. missed alive packets */ 105 #define DEFAULT_NORECV_TIME 15 /* before we get worried */ 106 #define DEFAULT_MAX_AUTH_FAILURES 5 /* max. auth. failures */ 107 108 /* 109 * Interface flags that can be set in an ifconfig command. 110 * 111 * Setting link0 will make the link passive, i.e. it will be marked 112 * as being administrative openable, but won't be opened to begin 113 * with. Incoming calls will be answered, or subsequent calls with 114 * -link1 will cause the administrative open of the LCP layer. 115 * 116 * Setting link1 will cause the link to auto-dial only as packets 117 * arrive to be sent. 118 * 119 * Setting IFF_DEBUG will syslog the option negotiation and state 120 * transitions at level kern.debug. Note: all logs consistently look 121 * like 122 * 123 * <if-name><unit>: <proto-name> <additional info...> 124 * 125 * with <if-name><unit> being something like "bppp0", and <proto-name> 126 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 127 */ 128 129 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 130 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 131 132 #define CONF_REQ 1 /* PPP configure request */ 133 #define CONF_ACK 2 /* PPP configure acknowledge */ 134 #define CONF_NAK 3 /* PPP configure negative ack */ 135 #define CONF_REJ 4 /* PPP configure reject */ 136 #define TERM_REQ 5 /* PPP terminate request */ 137 #define TERM_ACK 6 /* PPP terminate acknowledge */ 138 #define CODE_REJ 7 /* PPP code reject */ 139 #define PROTO_REJ 8 /* PPP protocol reject */ 140 #define ECHO_REQ 9 /* PPP echo request */ 141 #define ECHO_REPLY 10 /* PPP echo reply */ 142 #define DISC_REQ 11 /* PPP discard request */ 143 144 #define LCP_OPT_MRU 1 /* maximum receive unit */ 145 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 146 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 147 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 148 #define LCP_OPT_MAGIC 5 /* magic number */ 149 #define LCP_OPT_RESERVED 6 /* reserved */ 150 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 151 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 152 153 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 154 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol */ 155 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 156 #define IPCP_OPT_PRIMDNS 129 /* primary remote dns address */ 157 #define IPCP_OPT_SECDNS 131 /* secondary remote dns address */ 158 159 #define IPV6CP_OPT_IFID 1 /* interface identifier */ 160 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 161 162 #define PAP_REQ 1 /* PAP name/password request */ 163 #define PAP_ACK 2 /* PAP acknowledge */ 164 #define PAP_NAK 3 /* PAP fail */ 165 166 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 167 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 168 #define CHAP_SUCCESS 3 /* CHAP response ok */ 169 #define CHAP_FAILURE 4 /* CHAP response failed */ 170 171 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 172 173 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 174 #define CISCO_UNICAST 0x0f /* Cisco unicast address */ 175 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 176 #define CISCO_ADDR_REQ 0 /* Cisco address request */ 177 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 178 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 179 180 /* states are named and numbered according to RFC 1661 */ 181 #define STATE_INITIAL 0 182 #define STATE_STARTING 1 183 #define STATE_CLOSED 2 184 #define STATE_STOPPED 3 185 #define STATE_CLOSING 4 186 #define STATE_STOPPING 5 187 #define STATE_REQ_SENT 6 188 #define STATE_ACK_RCVD 7 189 #define STATE_ACK_SENT 8 190 #define STATE_OPENED 9 191 192 struct ppp_header { 193 u_int8_t address; 194 u_int8_t control; 195 u_int16_t protocol; 196 } __attribute__((__packed__)); 197 #define PPP_HEADER_LEN sizeof (struct ppp_header) 198 199 struct lcp_header { 200 u_int8_t type; 201 u_int8_t ident; 202 u_int16_t len; 203 } __attribute__((__packed__)); 204 #define LCP_HEADER_LEN sizeof (struct lcp_header) 205 206 struct cisco_packet { 207 u_int32_t type; 208 u_int32_t par1; 209 u_int32_t par2; 210 u_int16_t rel; 211 u_int16_t time0; 212 u_int16_t time1; 213 } __attribute__((__packed__)); 214 #define CISCO_PACKET_LEN 18 215 216 /* 217 * We follow the spelling and capitalization of RFC 1661 here, to make 218 * it easier comparing with the standard. Please refer to this RFC in 219 * case you can't make sense out of these abbreviation; it will also 220 * explain the semantics related to the various events and actions. 221 */ 222 struct cp { 223 u_short proto; /* PPP control protocol number */ 224 u_char protoidx; /* index into state table in struct sppp */ 225 u_char flags; 226 #define CP_LCP 0x01 /* this is the LCP */ 227 #define CP_AUTH 0x02 /* this is an authentication protocol */ 228 #define CP_NCP 0x04 /* this is a NCP */ 229 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 230 const char *name; /* name of this control protocol */ 231 /* event handlers */ 232 void (*Up)(struct sppp *sp); 233 void (*Down)(struct sppp *sp); 234 void (*Open)(struct sppp *sp); 235 void (*Close)(struct sppp *sp); 236 void (*TO)(void *sp); 237 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 238 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 239 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 240 /* actions */ 241 void (*tlu)(struct sppp *sp); 242 void (*tld)(struct sppp *sp); 243 void (*tls)(struct sppp *sp); 244 void (*tlf)(struct sppp *sp); 245 void (*scr)(struct sppp *sp); 246 }; 247 248 static struct sppp *spppq; 249 static struct callout keepalive_ch; 250 251 #ifdef INET 252 /* 253 * The following disgusting hack gets around the problem that IP TOS 254 * can't be set yet. We want to put "interactive" traffic on a high 255 * priority queue. To decide if traffic is interactive, we check that 256 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 257 * 258 * XXX is this really still necessary? - joerg - 259 */ 260 static u_short interactive_ports[8] = { 261 0, 513, 0, 0, 262 0, 21, 0, 23, 263 }; 264 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 265 #endif 266 267 /* almost every function needs these */ 268 #define STDDCL \ 269 struct ifnet *ifp = &sp->pp_if; \ 270 int debug = ifp->if_flags & IFF_DEBUG 271 272 static int sppp_output(struct ifnet *ifp, struct mbuf *m, 273 struct sockaddr *dst, struct rtentry *rt); 274 275 static void sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2); 276 static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 277 278 static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 279 struct mbuf *m); 280 static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 281 u_char ident, u_short len, void *data); 282 /* static void sppp_cp_timeout(void *arg); */ 283 static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 284 int newstate); 285 static void sppp_auth_send(const struct cp *cp, 286 struct sppp *sp, unsigned int type, unsigned int id, 287 ...); 288 289 static void sppp_up_event(const struct cp *cp, struct sppp *sp); 290 static void sppp_down_event(const struct cp *cp, struct sppp *sp); 291 static void sppp_open_event(const struct cp *cp, struct sppp *sp); 292 static void sppp_close_event(const struct cp *cp, struct sppp *sp); 293 static void sppp_to_event(const struct cp *cp, struct sppp *sp); 294 295 static void sppp_null(struct sppp *sp); 296 297 static void sppp_lcp_init(struct sppp *sp); 298 static void sppp_lcp_up(struct sppp *sp); 299 static void sppp_lcp_down(struct sppp *sp); 300 static void sppp_lcp_open(struct sppp *sp); 301 static void sppp_lcp_close(struct sppp *sp); 302 static void sppp_lcp_TO(void *sp); 303 static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 304 static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 305 static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 306 static void sppp_lcp_tlu(struct sppp *sp); 307 static void sppp_lcp_tld(struct sppp *sp); 308 static void sppp_lcp_tls(struct sppp *sp); 309 static void sppp_lcp_tlf(struct sppp *sp); 310 static void sppp_lcp_scr(struct sppp *sp); 311 static void sppp_lcp_check_and_close(struct sppp *sp); 312 static int sppp_ncp_check(struct sppp *sp); 313 314 static void sppp_ipcp_init(struct sppp *sp); 315 static void sppp_ipcp_up(struct sppp *sp); 316 static void sppp_ipcp_down(struct sppp *sp); 317 static void sppp_ipcp_open(struct sppp *sp); 318 static void sppp_ipcp_close(struct sppp *sp); 319 static void sppp_ipcp_TO(void *sp); 320 static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 321 static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 322 static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 323 static void sppp_ipcp_tlu(struct sppp *sp); 324 static void sppp_ipcp_tld(struct sppp *sp); 325 static void sppp_ipcp_tls(struct sppp *sp); 326 static void sppp_ipcp_tlf(struct sppp *sp); 327 static void sppp_ipcp_scr(struct sppp *sp); 328 329 static void sppp_ipv6cp_init(struct sppp *sp); 330 static void sppp_ipv6cp_up(struct sppp *sp); 331 static void sppp_ipv6cp_down(struct sppp *sp); 332 static void sppp_ipv6cp_open(struct sppp *sp); 333 static void sppp_ipv6cp_close(struct sppp *sp); 334 static void sppp_ipv6cp_TO(void *sp); 335 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 336 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 337 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 338 static void sppp_ipv6cp_tlu(struct sppp *sp); 339 static void sppp_ipv6cp_tld(struct sppp *sp); 340 static void sppp_ipv6cp_tls(struct sppp *sp); 341 static void sppp_ipv6cp_tlf(struct sppp *sp); 342 static void sppp_ipv6cp_scr(struct sppp *sp); 343 344 static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 345 static void sppp_pap_init(struct sppp *sp); 346 static void sppp_pap_open(struct sppp *sp); 347 static void sppp_pap_close(struct sppp *sp); 348 static void sppp_pap_TO(void *sp); 349 static void sppp_pap_my_TO(void *sp); 350 static void sppp_pap_tlu(struct sppp *sp); 351 static void sppp_pap_tld(struct sppp *sp); 352 static void sppp_pap_scr(struct sppp *sp); 353 354 static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 355 static void sppp_chap_init(struct sppp *sp); 356 static void sppp_chap_open(struct sppp *sp); 357 static void sppp_chap_close(struct sppp *sp); 358 static void sppp_chap_TO(void *sp); 359 static void sppp_chap_tlu(struct sppp *sp); 360 static void sppp_chap_tld(struct sppp *sp); 361 static void sppp_chap_scr(struct sppp *sp); 362 363 static const char *sppp_auth_type_name(u_short proto, u_char type); 364 static const char *sppp_cp_type_name(u_char type); 365 static const char *sppp_dotted_quad(u_int32_t addr); 366 static const char *sppp_ipcp_opt_name(u_char opt); 367 #ifdef INET6 368 static const char *sppp_ipv6cp_opt_name(u_char opt); 369 #endif 370 static const char *sppp_lcp_opt_name(u_char opt); 371 static const char *sppp_phase_name(int phase); 372 static const char *sppp_proto_name(u_short proto); 373 static const char *sppp_state_name(int state); 374 static int sppp_params(struct sppp *sp, int cmd, void *data); 375 static void sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, 376 u_int32_t *srcmask); 377 static void sppp_keepalive(void *dummy); 378 static void sppp_phase_network(struct sppp *sp); 379 static void sppp_print_bytes(const u_char *p, u_short len); 380 static void sppp_print_string(const char *p, u_short len); 381 static void sppp_set_ip_addrs(struct sppp *sp, u_int32_t myaddr, u_int32_t hisaddr); 382 static void sppp_clear_ip_addrs(struct sppp *sp); 383 #ifdef INET6 384 static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 385 struct in6_addr *dst, struct in6_addr *srcmask); 386 #ifdef IPV6CP_MYIFID_DYN 387 static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 388 static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 389 #endif 390 static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 391 #endif 392 393 /* our control protocol descriptors */ 394 static const struct cp lcp = { 395 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 396 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 397 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 398 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 399 sppp_lcp_scr 400 }; 401 402 static const struct cp ipcp = { 403 PPP_IPCP, IDX_IPCP, 404 #ifdef INET 405 CP_NCP, /*don't run IPCP if there's no IPv4 support*/ 406 #else 407 0, 408 #endif 409 "ipcp", 410 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 411 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 412 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 413 sppp_ipcp_scr 414 }; 415 416 static const struct cp ipv6cp = { 417 PPP_IPV6CP, IDX_IPV6CP, 418 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 419 CP_NCP, 420 #else 421 0, 422 #endif 423 "ipv6cp", 424 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 425 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 426 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 427 sppp_ipv6cp_scr 428 }; 429 430 static const struct cp pap = { 431 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 432 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 433 sppp_pap_TO, 0, 0, 0, 434 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 435 sppp_pap_scr 436 }; 437 438 static const struct cp chap = { 439 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 440 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 441 sppp_chap_TO, 0, 0, 0, 442 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 443 sppp_chap_scr 444 }; 445 446 static const struct cp *cps[IDX_COUNT] = { 447 &lcp, /* IDX_LCP */ 448 &ipcp, /* IDX_IPCP */ 449 &ipv6cp, /* IDX_IPV6CP */ 450 &pap, /* IDX_PAP */ 451 &chap, /* IDX_CHAP */ 452 }; 453 454 455 /* 456 * Exported functions, comprising our interface to the lower layer. 457 */ 458 459 /* 460 * Process the received packet. 461 */ 462 void 463 sppp_input(struct ifnet *ifp, struct mbuf *m) 464 { 465 struct ppp_header *h = NULL; 466 struct ifqueue *inq = 0; 467 u_int16_t protocol; 468 int s; 469 struct sppp *sp = (struct sppp *)ifp; 470 int debug = ifp->if_flags & IFF_DEBUG; 471 472 if (ifp->if_flags & IFF_UP) { 473 /* Count received bytes, add hardware framing */ 474 ifp->if_ibytes += m->m_pkthdr.len + sp->pp_framebytes; 475 /* Note time of last receive */ 476 sp->pp_last_receive = mono_time.tv_sec; 477 } 478 479 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 480 /* Too small packet, drop it. */ 481 if (debug) 482 log(LOG_DEBUG, 483 "%s: input packet is too small, %d bytes\n", 484 ifp->if_xname, m->m_pkthdr.len); 485 drop: 486 ++ifp->if_ierrors; 487 ++ifp->if_iqdrops; 488 m_freem(m); 489 return; 490 } 491 492 if (sp->pp_flags & PP_NOFRAMING) { 493 memcpy(&protocol, mtod(m, void *), 2); 494 protocol = ntohs(protocol); 495 m_adj(m, 2); 496 } else { 497 498 /* Get PPP header. */ 499 h = mtod(m, struct ppp_header *); 500 m_adj(m, PPP_HEADER_LEN); 501 502 switch (h->address) { 503 case PPP_ALLSTATIONS: 504 if (h->control != PPP_UI) 505 goto invalid; 506 if (sp->pp_flags & PP_CISCO) { 507 if (debug) 508 log(LOG_DEBUG, 509 "%s: PPP packet in Cisco mode " 510 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 511 ifp->if_xname, 512 h->address, h->control, ntohs(h->protocol)); 513 goto drop; 514 } 515 break; 516 case CISCO_MULTICAST: 517 case CISCO_UNICAST: 518 /* Don't check the control field here (RFC 1547). */ 519 if (! (sp->pp_flags & PP_CISCO)) { 520 if (debug) 521 log(LOG_DEBUG, 522 "%s: Cisco packet in PPP mode " 523 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 524 ifp->if_xname, 525 h->address, h->control, ntohs(h->protocol)); 526 goto drop; 527 } 528 switch (ntohs(h->protocol)) { 529 default: 530 ++ifp->if_noproto; 531 goto invalid; 532 case CISCO_KEEPALIVE: 533 sppp_cisco_input((struct sppp *) ifp, m); 534 m_freem(m); 535 return; 536 #ifdef INET 537 case ETHERTYPE_IP: 538 schednetisr(NETISR_IP); 539 inq = &ipintrq; 540 break; 541 #endif 542 #ifdef INET6 543 case ETHERTYPE_IPV6: 544 schednetisr(NETISR_IPV6); 545 inq = &ip6intrq; 546 break; 547 #endif 548 #ifdef IPX 549 case ETHERTYPE_IPX: 550 schednetisr(NETISR_IPX); 551 inq = &ipxintrq; 552 break; 553 #endif 554 #ifdef NS 555 case ETHERTYPE_NS: 556 schednetisr(NETISR_NS); 557 inq = &nsintrq; 558 break; 559 #endif 560 } 561 goto queue_pkt; 562 default: /* Invalid PPP packet. */ 563 invalid: 564 if (debug) 565 log(LOG_DEBUG, 566 "%s: invalid input packet " 567 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 568 ifp->if_xname, 569 h->address, h->control, ntohs(h->protocol)); 570 goto drop; 571 } 572 protocol = ntohs(h->protocol); 573 } 574 575 switch (protocol) { 576 default: 577 if (sp->state[IDX_LCP] == STATE_OPENED) { 578 u_int16_t prot = htons(protocol); 579 sppp_cp_send(sp, PPP_LCP, PROTO_REJ, 580 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 581 &prot); 582 } 583 if (debug) 584 log(LOG_DEBUG, 585 "%s: invalid input protocol " 586 "<proto=0x%x>\n", ifp->if_xname, ntohs(protocol)); 587 ++ifp->if_noproto; 588 goto drop; 589 case PPP_LCP: 590 sppp_cp_input(&lcp, sp, m); 591 m_freem(m); 592 return; 593 case PPP_PAP: 594 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) 595 sppp_pap_input(sp, m); 596 m_freem(m); 597 return; 598 case PPP_CHAP: 599 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) 600 sppp_chap_input(sp, m); 601 m_freem(m); 602 return; 603 #ifdef INET 604 case PPP_IPCP: 605 if (sp->pp_phase == SPPP_PHASE_NETWORK) 606 sppp_cp_input(&ipcp, sp, m); 607 m_freem(m); 608 return; 609 case PPP_IP: 610 if (sp->state[IDX_IPCP] == STATE_OPENED) { 611 schednetisr(NETISR_IP); 612 inq = &ipintrq; 613 sp->pp_last_activity = mono_time.tv_sec; 614 } 615 break; 616 #endif 617 #ifdef INET6 618 case PPP_IPV6CP: 619 if (sp->pp_phase == SPPP_PHASE_NETWORK) 620 sppp_cp_input(&ipv6cp, sp, m); 621 m_freem(m); 622 return; 623 624 case PPP_IPV6: 625 if (sp->state[IDX_IPV6CP] == STATE_OPENED) { 626 schednetisr(NETISR_IPV6); 627 inq = &ip6intrq; 628 sp->pp_last_activity = mono_time.tv_sec; 629 } 630 break; 631 #endif 632 #ifdef IPX 633 case PPP_IPX: 634 /* IPX IPXCP not implemented yet */ 635 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 636 schednetisr(NETISR_IPX); 637 inq = &ipxintrq; 638 } 639 break; 640 #endif 641 #ifdef NS 642 case PPP_XNS: 643 /* XNS IDPCP not implemented yet */ 644 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 645 schednetisr(NETISR_NS); 646 inq = &nsintrq; 647 } 648 break; 649 #endif 650 #ifdef ISO 651 case PPP_ISO: 652 /* OSI NLCP not implemented yet */ 653 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 654 schednetisr(NETISR_ISO); 655 inq = &clnlintrq; 656 } 657 break; 658 #endif 659 } 660 661 queue_pkt: 662 if (! (ifp->if_flags & IFF_UP) || ! inq) 663 goto drop; 664 665 /* Check queue. */ 666 s = splnet(); 667 if (IF_QFULL(inq)) { 668 /* Queue overflow. */ 669 IF_DROP(inq); 670 splx(s); 671 if (debug) 672 log(LOG_DEBUG, "%s: protocol queue overflow\n", 673 ifp->if_xname); 674 goto drop; 675 } 676 IF_ENQUEUE(inq, m); 677 splx(s); 678 } 679 680 /* 681 * Enqueue transmit packet. 682 */ 683 static int 684 sppp_output(struct ifnet *ifp, struct mbuf *m, 685 struct sockaddr *dst, struct rtentry *rt) 686 { 687 struct sppp *sp = (struct sppp *) ifp; 688 struct ppp_header *h = NULL; 689 struct ifqueue *ifq = NULL; /* XXX */ 690 int s, len, rv = 0; 691 u_int16_t protocol; 692 ALTQ_DECL(struct altq_pktattr pktattr;) 693 694 s = splnet(); 695 696 sp->pp_last_activity = mono_time.tv_sec; 697 698 if ((ifp->if_flags & IFF_UP) == 0 || 699 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 700 m_freem(m); 701 splx(s); 702 return (ENETDOWN); 703 } 704 705 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 706 /* 707 * Interface is not yet running, but auto-dial. Need 708 * to start LCP for it. 709 */ 710 ifp->if_flags |= IFF_RUNNING; 711 splx(s); 712 lcp.Open(sp); 713 s = splnet(); 714 } 715 716 /* 717 * If the queueing discipline needs packet classification, 718 * do it before prepending link headers. 719 */ 720 IFQ_CLASSIFY(&ifp->if_snd, m, dst->sa_family, &pktattr); 721 722 #ifdef INET 723 if (dst->sa_family == AF_INET) { 724 struct ip *ip = NULL; 725 struct tcphdr *th = NULL; 726 727 if (m->m_len >= sizeof(struct ip)) { 728 ip = mtod(m, struct ip *); 729 if (ip->ip_p == IPPROTO_TCP && 730 m->m_len >= sizeof(struct ip) + (ip->ip_hl << 2) + 731 sizeof(struct tcphdr)) { 732 th = (struct tcphdr *) 733 ((caddr_t)ip + (ip->ip_hl << 2)); 734 } 735 } else 736 ip = NULL; 737 738 /* 739 * When using dynamic local IP address assignment by using 740 * 0.0.0.0 as a local address, the first TCP session will 741 * not connect because the local TCP checksum is computed 742 * using 0.0.0.0 which will later become our real IP address 743 * so the TCP checksum computed at the remote end will 744 * become invalid. So we 745 * - don't let packets with src ip addr 0 thru 746 * - we flag TCP packets with src ip 0 as an error 747 */ 748 if (ip && ip->ip_src.s_addr == INADDR_ANY) { 749 u_int8_t proto = ip->ip_p; 750 751 m_freem(m); 752 splx(s); 753 if (proto == IPPROTO_TCP) 754 return (EADDRNOTAVAIL); 755 else 756 return (0); 757 } 758 759 /* 760 * Put low delay, telnet, rlogin and ftp control packets 761 * in front of the queue. 762 */ 763 764 if (!IF_QFULL(&sp->pp_fastq) && 765 ((ip && (ip->ip_tos & IPTOS_LOWDELAY)) || 766 (th && (INTERACTIVE(ntohs(th->th_sport)) || 767 INTERACTIVE(ntohs(th->th_dport)))))) 768 ifq = &sp->pp_fastq; 769 } 770 #endif 771 772 #ifdef INET6 773 if (dst->sa_family == AF_INET6) { 774 /* XXX do something tricky here? */ 775 } 776 #endif 777 778 if ((sp->pp_flags & PP_NOFRAMING) == 0) { 779 /* 780 * Prepend general data packet PPP header. For now, IP only. 781 */ 782 M_PREPEND(m, PPP_HEADER_LEN, M_DONTWAIT); 783 if (! m) { 784 if (ifp->if_flags & IFF_DEBUG) 785 log(LOG_DEBUG, "%s: no memory for transmit header\n", 786 ifp->if_xname); 787 ++ifp->if_oerrors; 788 splx(s); 789 return (ENOBUFS); 790 } 791 /* 792 * May want to check size of packet 793 * (albeit due to the implementation it's always enough) 794 */ 795 h = mtod(m, struct ppp_header *); 796 if (sp->pp_flags & PP_CISCO) { 797 h->address = CISCO_UNICAST; /* unicast address */ 798 h->control = 0; 799 } else { 800 h->address = PPP_ALLSTATIONS; /* broadcast address */ 801 h->control = PPP_UI; /* Unnumbered Info */ 802 } 803 } 804 805 switch (dst->sa_family) { 806 #ifdef INET 807 case AF_INET: /* Internet Protocol */ 808 if (sp->pp_flags & PP_CISCO) 809 protocol = htons(ETHERTYPE_IP); 810 else { 811 /* 812 * Don't choke with an ENETDOWN early. It's 813 * possible that we just started dialing out, 814 * so don't drop the packet immediately. If 815 * we notice that we run out of buffer space 816 * below, we will however remember that we are 817 * not ready to carry IP packets, and return 818 * ENETDOWN, as opposed to ENOBUFS. 819 */ 820 protocol = htons(PPP_IP); 821 if (sp->state[IDX_IPCP] != STATE_OPENED) 822 rv = ENETDOWN; 823 } 824 break; 825 #endif 826 #ifdef INET6 827 case AF_INET6: /* Internet Protocol version 6 */ 828 if (sp->pp_flags & PP_CISCO) 829 protocol = htons(ETHERTYPE_IPV6); 830 else { 831 /* 832 * Don't choke with an ENETDOWN early. It's 833 * possible that we just started dialing out, 834 * so don't drop the packet immediately. If 835 * we notice that we run out of buffer space 836 * below, we will however remember that we are 837 * not ready to carry IP packets, and return 838 * ENETDOWN, as opposed to ENOBUFS. 839 */ 840 protocol = htons(PPP_IPV6); 841 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 842 rv = ENETDOWN; 843 } 844 break; 845 #endif 846 #ifdef NS 847 case AF_NS: /* Xerox NS Protocol */ 848 protocol = htons((sp->pp_flags & PP_CISCO) ? 849 ETHERTYPE_NS : PPP_XNS); 850 break; 851 #endif 852 #ifdef IPX 853 case AF_IPX: /* Novell IPX Protocol */ 854 protocol = htons((sp->pp_flags & PP_CISCO) ? 855 ETHERTYPE_IPX : PPP_IPX); 856 break; 857 #endif 858 #ifdef ISO 859 case AF_ISO: /* ISO OSI Protocol */ 860 if (sp->pp_flags & PP_CISCO) 861 goto nosupport; 862 protocol = htons(PPP_ISO); 863 break; 864 nosupport: 865 #endif 866 default: 867 m_freem(m); 868 ++ifp->if_oerrors; 869 splx(s); 870 return (EAFNOSUPPORT); 871 } 872 873 if (sp->pp_flags & PP_NOFRAMING) { 874 M_PREPEND(m, 2, M_DONTWAIT); 875 if (m == NULL) { 876 if (ifp->if_flags & IFF_DEBUG) 877 log(LOG_DEBUG, "%s: no memory for transmit header\n", 878 ifp->if_xname); 879 ++ifp->if_oerrors; 880 splx(s); 881 return (ENOBUFS); 882 } 883 *mtod(m, u_int16_t *) = protocol; 884 } else { 885 h->protocol = protocol; 886 } 887 888 /* 889 * Queue message on interface, and start output if interface 890 * not yet active. 891 */ 892 len = m->m_pkthdr.len; 893 if (ifq != NULL 894 #ifdef ALTQ 895 && ALTQ_IS_ENABLED(&ifp->if_snd) == 0 896 #endif 897 ) { 898 if (IF_QFULL(ifq)) { 899 IF_DROP(&ifp->if_snd); 900 m_freem(m); 901 if (rv == 0) 902 rv = ENOBUFS; 903 } 904 else 905 IF_ENQUEUE(ifq, m); 906 } else 907 IFQ_ENQUEUE(&ifp->if_snd, m, &pktattr, rv); 908 if (rv != 0) { 909 ++ifp->if_oerrors; 910 splx(s); 911 return (rv); 912 } 913 914 if (! (ifp->if_flags & IFF_OACTIVE)) 915 (*ifp->if_start)(ifp); 916 917 /* 918 * Count output packets and bytes. 919 * The packet length includes header + additional hardware framing 920 * according to RFC 1333. 921 */ 922 ifp->if_obytes += len + sp->pp_framebytes; 923 splx(s); 924 return (0); 925 } 926 927 void 928 sppp_attach(struct ifnet *ifp) 929 { 930 struct sppp *sp = (struct sppp *) ifp; 931 932 /* Initialize keepalive handler. */ 933 if (! spppq) { 934 callout_init(&keepalive_ch); 935 callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 936 } 937 938 /* Insert new entry into the keepalive list. */ 939 sp->pp_next = spppq; 940 spppq = sp; 941 942 sp->pp_if.if_type = IFT_PPP; 943 sp->pp_if.if_output = sppp_output; 944 sp->pp_fastq.ifq_maxlen = 32; 945 sp->pp_cpq.ifq_maxlen = 20; 946 sp->pp_loopcnt = 0; 947 sp->pp_alivecnt = 0; 948 sp->pp_last_activity = 0; 949 sp->pp_last_receive = 0; 950 sp->pp_maxalive = DEFAULT_MAXALIVECNT; 951 sp->pp_max_noreceive = DEFAULT_NORECV_TIME; 952 sp->pp_idle_timeout = 0; 953 memset(&sp->pp_seq[0], 0, sizeof(sp->pp_seq)); 954 memset(&sp->pp_rseq[0], 0, sizeof(sp->pp_rseq)); 955 sp->pp_auth_failures = 0; 956 sp->pp_max_auth_fail = DEFAULT_MAX_AUTH_FAILURES; 957 sp->pp_phase = SPPP_PHASE_DEAD; 958 sp->pp_up = lcp.Up; 959 sp->pp_down = lcp.Down; 960 961 if_alloc_sadl(ifp); 962 963 memset(&sp->myauth, 0, sizeof sp->myauth); 964 memset(&sp->hisauth, 0, sizeof sp->hisauth); 965 sppp_lcp_init(sp); 966 sppp_ipcp_init(sp); 967 sppp_ipv6cp_init(sp); 968 sppp_pap_init(sp); 969 sppp_chap_init(sp); 970 } 971 972 void 973 sppp_detach(struct ifnet *ifp) 974 { 975 struct sppp **q, *p, *sp = (struct sppp *) ifp; 976 int i; 977 978 /* Remove the entry from the keepalive list. */ 979 for (q = &spppq; (p = *q); q = &p->pp_next) 980 if (p == sp) { 981 *q = p->pp_next; 982 break; 983 } 984 985 /* Stop keepalive handler. */ 986 if (! spppq) { 987 callout_stop(&keepalive_ch); 988 } 989 990 for (i = 0; i < IDX_COUNT; i++) { 991 callout_stop(&sp->ch[i]); 992 } 993 callout_stop(&sp->pap_my_to_ch); 994 995 /* free authentication info */ 996 if (sp->myauth.name) free(sp->myauth.name, M_DEVBUF); 997 if (sp->myauth.secret) free(sp->myauth.secret, M_DEVBUF); 998 if (sp->hisauth.name) free(sp->hisauth.name, M_DEVBUF); 999 if (sp->hisauth.secret) free(sp->hisauth.secret, M_DEVBUF); 1000 1001 #if 0 /* done in if_detach() */ 1002 if_free_sadl(ifp); 1003 #endif 1004 } 1005 1006 /* 1007 * Flush the interface output queue. 1008 */ 1009 void 1010 sppp_flush(struct ifnet *ifp) 1011 { 1012 struct sppp *sp = (struct sppp *) ifp; 1013 1014 IFQ_PURGE(&sp->pp_if.if_snd); 1015 IF_PURGE(&sp->pp_fastq); 1016 IF_PURGE(&sp->pp_cpq); 1017 } 1018 1019 /* 1020 * Check if the output queue is empty. 1021 */ 1022 int 1023 sppp_isempty(struct ifnet *ifp) 1024 { 1025 struct sppp *sp = (struct sppp *) ifp; 1026 int empty, s; 1027 1028 s = splnet(); 1029 empty = IF_IS_EMPTY(&sp->pp_fastq) && IF_IS_EMPTY(&sp->pp_cpq) && 1030 IFQ_IS_EMPTY(&sp->pp_if.if_snd); 1031 splx(s); 1032 return (empty); 1033 } 1034 1035 /* 1036 * Get next packet to send. 1037 */ 1038 struct mbuf * 1039 sppp_dequeue(struct ifnet *ifp) 1040 { 1041 struct sppp *sp = (struct sppp *) ifp; 1042 struct mbuf *m; 1043 int s; 1044 1045 s = splnet(); 1046 /* 1047 * Process only the control protocol queue until we have at 1048 * least one NCP open. 1049 * 1050 * Do always serve all three queues in Cisco mode. 1051 */ 1052 IF_DEQUEUE(&sp->pp_cpq, m); 1053 if (m == NULL && 1054 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) { 1055 IF_DEQUEUE(&sp->pp_fastq, m); 1056 if (m == NULL) 1057 IFQ_DEQUEUE(&sp->pp_if.if_snd, m); 1058 } 1059 splx(s); 1060 return m; 1061 } 1062 1063 /* 1064 * Process an ioctl request. Called on low priority level. 1065 */ 1066 int 1067 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) 1068 { 1069 struct ifreq *ifr = (struct ifreq *) data; 1070 struct sppp *sp = (struct sppp *) ifp; 1071 int s, error=0, going_up, going_down, newmode; 1072 1073 s = splnet(); 1074 switch (cmd) { 1075 case SIOCAIFADDR: 1076 case SIOCSIFDSTADDR: 1077 break; 1078 1079 case SIOCSIFADDR: 1080 if_up(ifp); 1081 /* fall through... */ 1082 1083 case SIOCSIFFLAGS: 1084 going_up = ifp->if_flags & IFF_UP && 1085 (ifp->if_flags & IFF_RUNNING) == 0; 1086 going_down = (ifp->if_flags & IFF_UP) == 0 && 1087 ifp->if_flags & IFF_RUNNING; 1088 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 1089 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 1090 /* sanity */ 1091 newmode = IFF_PASSIVE; 1092 ifp->if_flags &= ~IFF_AUTO; 1093 } 1094 1095 if (going_up || going_down) 1096 lcp.Close(sp); 1097 if (going_up && newmode == 0) { 1098 /* neither auto-dial nor passive */ 1099 ifp->if_flags |= IFF_RUNNING; 1100 if (!(sp->pp_flags & PP_CISCO)) 1101 lcp.Open(sp); 1102 } else if (going_down) { 1103 sppp_flush(ifp); 1104 ifp->if_flags &= ~IFF_RUNNING; 1105 } 1106 1107 break; 1108 1109 #ifdef SIOCSIFMTU 1110 #ifndef ifr_mtu 1111 #define ifr_mtu ifr_metric 1112 #endif 1113 case SIOCSIFMTU: 1114 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) { 1115 error = EINVAL; 1116 break; 1117 } 1118 1119 ifp->if_mtu = ifr->ifr_mtu; 1120 break; 1121 #endif 1122 #ifdef SLIOCSETMTU 1123 case SLIOCSETMTU: 1124 if (*(short *)data < 128 || *(short *)data > sp->lcp.their_mru) 1125 { 1126 error = EINVAL; 1127 break; 1128 } 1129 1130 ifp->if_mtu = *(short *)data; 1131 break; 1132 #endif 1133 #ifdef SIOCGIFMTU 1134 case SIOCGIFMTU: 1135 ifr->ifr_mtu = ifp->if_mtu; 1136 break; 1137 #endif 1138 #ifdef SLIOCGETMTU 1139 case SLIOCGETMTU: 1140 *(short *)data = ifp->if_mtu; 1141 break; 1142 #endif 1143 case SIOCADDMULTI: 1144 case SIOCDELMULTI: 1145 break; 1146 1147 case SPPPSETAUTHCFG: 1148 case SPPPGETAUTHCFG: 1149 case SPPPSETLCPCFG: 1150 case SPPPGETLCPCFG: 1151 case SPPPSETIDLETO: 1152 case SPPPSETAUTHFAILURE: 1153 case SPPPGETAUTHFAILURES: 1154 case SPPPSETDNSOPTS: 1155 case SPPPSETKEEPALIVE: 1156 { 1157 struct proc *p = curproc; /* XXX */ 1158 1159 if ((error = suser(p->p_ucred, &p->p_acflag)) != 0) 1160 break; 1161 } 1162 /* FALLTHROUGH */ 1163 case SPPPGETSTATUS: 1164 case SPPPGETSTATUSNCP: 1165 case SPPPGETIDLETO: 1166 case SPPPGETDNSOPTS: 1167 case SPPPGETDNSADDRS: 1168 case SPPPGETKEEPALIVE: 1169 error = sppp_params(sp, cmd, data); 1170 break; 1171 1172 default: 1173 error = ENOTTY; 1174 } 1175 splx(s); 1176 return (error); 1177 } 1178 1179 1180 /* 1181 * Cisco framing implementation. 1182 */ 1183 1184 /* 1185 * Handle incoming Cisco keepalive protocol packets. 1186 */ 1187 static void 1188 sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1189 { 1190 STDDCL; 1191 struct cisco_packet *h; 1192 u_int32_t me, mymask; 1193 1194 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1195 if (debug) 1196 log(LOG_DEBUG, 1197 "%s: cisco invalid packet length: %d bytes\n", 1198 ifp->if_xname, m->m_pkthdr.len); 1199 return; 1200 } 1201 h = mtod(m, struct cisco_packet *); 1202 if (debug) 1203 log(LOG_DEBUG, 1204 "%s: cisco input: %d bytes " 1205 "<0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", 1206 ifp->if_xname, m->m_pkthdr.len, 1207 ntohl (h->type), h->par1, h->par2, (u_int)h->rel, 1208 (u_int)h->time0, (u_int)h->time1); 1209 switch (ntohl (h->type)) { 1210 default: 1211 if (debug) 1212 addlog("%s: cisco unknown packet type: 0x%x\n", 1213 ifp->if_xname, ntohl (h->type)); 1214 break; 1215 case CISCO_ADDR_REPLY: 1216 /* Reply on address request, ignore */ 1217 break; 1218 case CISCO_KEEPALIVE_REQ: 1219 sp->pp_alivecnt = 0; 1220 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1221 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1222 /* Local and remote sequence numbers are equal. 1223 * Probably, the line is in loopback mode. */ 1224 if (sp->pp_loopcnt >= LOOPALIVECNT) { 1225 printf ("%s: loopback\n", 1226 ifp->if_xname); 1227 sp->pp_loopcnt = 0; 1228 if (ifp->if_flags & IFF_UP) { 1229 if_down(ifp); 1230 IF_PURGE(&sp->pp_cpq); 1231 } 1232 } 1233 ++sp->pp_loopcnt; 1234 1235 /* Generate new local sequence number */ 1236 sp->pp_seq[IDX_LCP] = arc4random(); 1237 break; 1238 } 1239 sp->pp_loopcnt = 0; 1240 if (! (ifp->if_flags & IFF_UP) && 1241 (ifp->if_flags & IFF_RUNNING)) { 1242 if_up(ifp); 1243 } 1244 break; 1245 case CISCO_ADDR_REQ: 1246 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1247 if (me != 0L) 1248 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1249 break; 1250 } 1251 } 1252 1253 /* 1254 * Send Cisco keepalive packet. 1255 */ 1256 static void 1257 sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2) 1258 { 1259 STDDCL; 1260 struct ppp_header *h; 1261 struct cisco_packet *ch; 1262 struct mbuf *m; 1263 u_int32_t t = (time.tv_sec - boottime.tv_sec) * 1000; 1264 1265 MGETHDR(m, M_DONTWAIT, MT_DATA); 1266 if (! m) 1267 return; 1268 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1269 m->m_pkthdr.rcvif = 0; 1270 1271 h = mtod(m, struct ppp_header *); 1272 h->address = CISCO_MULTICAST; 1273 h->control = 0; 1274 h->protocol = htons(CISCO_KEEPALIVE); 1275 1276 ch = (struct cisco_packet *)(h + 1); 1277 ch->type = htonl(type); 1278 ch->par1 = htonl(par1); 1279 ch->par2 = htonl(par2); 1280 ch->rel = -1; 1281 1282 ch->time0 = htons((u_short)(t >> 16)); 1283 ch->time1 = htons((u_short) t); 1284 1285 if (debug) 1286 log(LOG_DEBUG, 1287 "%s: cisco output: <0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", 1288 ifp->if_xname, ntohl (ch->type), ch->par1, 1289 ch->par2, (u_int)ch->rel, (u_int)ch->time0, 1290 (u_int)ch->time1); 1291 1292 if (IF_QFULL(&sp->pp_cpq)) { 1293 IF_DROP(&sp->pp_fastq); 1294 IF_DROP(&ifp->if_snd); 1295 m_freem(m); 1296 ++ifp->if_oerrors; 1297 return; 1298 } else 1299 IF_ENQUEUE(&sp->pp_cpq, m); 1300 if (! (ifp->if_flags & IFF_OACTIVE)) 1301 (*ifp->if_start)(ifp); 1302 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes; 1303 } 1304 1305 /* 1306 * PPP protocol implementation. 1307 */ 1308 1309 /* 1310 * Send PPP control protocol packet. 1311 */ 1312 static void 1313 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1314 u_char ident, u_short len, void *data) 1315 { 1316 STDDCL; 1317 struct lcp_header *lh; 1318 struct mbuf *m; 1319 size_t pkthdrlen; 1320 1321 pkthdrlen = (sp->pp_flags & PP_NOFRAMING) ? 2 : PPP_HEADER_LEN; 1322 1323 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) 1324 len = MHLEN - pkthdrlen - LCP_HEADER_LEN; 1325 MGETHDR(m, M_DONTWAIT, MT_DATA); 1326 if (! m) 1327 return; 1328 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 1329 m->m_pkthdr.rcvif = 0; 1330 1331 if (sp->pp_flags & PP_NOFRAMING) { 1332 *mtod(m, u_int16_t *) = htons(proto); 1333 lh = (struct lcp_header *)(mtod(m, u_int8_t *) + 2); 1334 } else { 1335 struct ppp_header *h; 1336 h = mtod(m, struct ppp_header *); 1337 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1338 h->control = PPP_UI; /* Unnumbered Info */ 1339 h->protocol = htons(proto); /* Link Control Protocol */ 1340 lh = (struct lcp_header *)(h + 1); 1341 } 1342 lh->type = type; 1343 lh->ident = ident; 1344 lh->len = htons(LCP_HEADER_LEN + len); 1345 if (len) 1346 bcopy (data, lh + 1, len); 1347 1348 if (debug) { 1349 log(LOG_DEBUG, "%s: %s output <%s id=0x%x len=%d", 1350 ifp->if_xname, 1351 sppp_proto_name(proto), 1352 sppp_cp_type_name(lh->type), lh->ident, ntohs(lh->len)); 1353 if (len) 1354 sppp_print_bytes((u_char *)(lh + 1), len); 1355 addlog(">\n"); 1356 } 1357 if (IF_QFULL(&sp->pp_cpq)) { 1358 IF_DROP(&sp->pp_fastq); 1359 IF_DROP(&ifp->if_snd); 1360 m_freem(m); 1361 ++ifp->if_oerrors; 1362 return; 1363 } else 1364 IF_ENQUEUE(&sp->pp_cpq, m); 1365 if (! (ifp->if_flags & IFF_OACTIVE)) 1366 (*ifp->if_start)(ifp); 1367 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes; 1368 } 1369 1370 /* 1371 * Handle incoming PPP control protocol packets. 1372 */ 1373 static void 1374 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1375 { 1376 STDDCL; 1377 struct lcp_header *h; 1378 int len = m->m_pkthdr.len; 1379 int rv; 1380 u_char *p; 1381 u_int32_t u32; 1382 1383 if (len < 4) { 1384 if (debug) 1385 log(LOG_DEBUG, 1386 "%s: %s invalid packet length: %d bytes\n", 1387 ifp->if_xname, cp->name, len); 1388 return; 1389 } 1390 h = mtod(m, struct lcp_header *); 1391 if (debug) { 1392 log(LOG_DEBUG, 1393 "%s: %s input(%s): <%s id=0x%x len=%d", 1394 ifp->if_xname, cp->name, 1395 sppp_state_name(sp->state[cp->protoidx]), 1396 sppp_cp_type_name(h->type), h->ident, ntohs(h->len)); 1397 if (len > 4) 1398 sppp_print_bytes((u_char *)(h + 1), len - 4); 1399 addlog(">\n"); 1400 } 1401 if (len > ntohs(h->len)) 1402 len = ntohs(h->len); 1403 p = (u_char *)(h + 1); 1404 switch (h->type) { 1405 case CONF_REQ: 1406 if (len < 4) { 1407 if (debug) 1408 addlog("%s: %s invalid conf-req length %d\n", 1409 ifp->if_xname, cp->name, 1410 len); 1411 ++ifp->if_ierrors; 1412 break; 1413 } 1414 /* handle states where RCR doesn't get a SCA/SCN */ 1415 switch (sp->state[cp->protoidx]) { 1416 case STATE_CLOSING: 1417 case STATE_STOPPING: 1418 return; 1419 case STATE_CLOSED: 1420 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1421 0, 0); 1422 return; 1423 } 1424 rv = (cp->RCR)(sp, h, len); 1425 switch (sp->state[cp->protoidx]) { 1426 case STATE_OPENED: 1427 (cp->tld)(sp); 1428 (cp->scr)(sp); 1429 /* fall through... */ 1430 case STATE_ACK_SENT: 1431 case STATE_REQ_SENT: 1432 sppp_cp_change_state(cp, sp, rv? 1433 STATE_ACK_SENT: STATE_REQ_SENT); 1434 break; 1435 case STATE_STOPPED: 1436 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1437 (cp->scr)(sp); 1438 sppp_cp_change_state(cp, sp, rv? 1439 STATE_ACK_SENT: STATE_REQ_SENT); 1440 break; 1441 case STATE_ACK_RCVD: 1442 if (rv) { 1443 sppp_cp_change_state(cp, sp, STATE_OPENED); 1444 if (debug) 1445 log(LOG_DEBUG, "%s: %s tlu\n", 1446 ifp->if_xname, 1447 cp->name); 1448 (cp->tlu)(sp); 1449 } else 1450 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1451 break; 1452 default: 1453 printf("%s: %s illegal %s in state %s\n", 1454 ifp->if_xname, cp->name, 1455 sppp_cp_type_name(h->type), 1456 sppp_state_name(sp->state[cp->protoidx])); 1457 ++ifp->if_ierrors; 1458 } 1459 break; 1460 case CONF_ACK: 1461 if (h->ident != sp->confid[cp->protoidx]) { 1462 if (debug) 1463 addlog("%s: %s id mismatch 0x%x != 0x%x\n", 1464 ifp->if_xname, cp->name, 1465 h->ident, sp->confid[cp->protoidx]); 1466 ++ifp->if_ierrors; 1467 break; 1468 } 1469 switch (sp->state[cp->protoidx]) { 1470 case STATE_CLOSED: 1471 case STATE_STOPPED: 1472 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1473 break; 1474 case STATE_CLOSING: 1475 case STATE_STOPPING: 1476 break; 1477 case STATE_REQ_SENT: 1478 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1479 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1480 break; 1481 case STATE_OPENED: 1482 (cp->tld)(sp); 1483 /* fall through */ 1484 case STATE_ACK_RCVD: 1485 (cp->scr)(sp); 1486 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1487 break; 1488 case STATE_ACK_SENT: 1489 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1490 sppp_cp_change_state(cp, sp, STATE_OPENED); 1491 if (debug) 1492 log(LOG_DEBUG, "%s: %s tlu\n", 1493 ifp->if_xname, cp->name); 1494 (cp->tlu)(sp); 1495 break; 1496 default: 1497 printf("%s: %s illegal %s in state %s\n", 1498 ifp->if_xname, cp->name, 1499 sppp_cp_type_name(h->type), 1500 sppp_state_name(sp->state[cp->protoidx])); 1501 ++ifp->if_ierrors; 1502 } 1503 break; 1504 case CONF_NAK: 1505 case CONF_REJ: 1506 if (h->ident != sp->confid[cp->protoidx]) { 1507 if (debug) 1508 addlog("%s: %s id mismatch 0x%x != 0x%x\n", 1509 ifp->if_xname, cp->name, 1510 h->ident, sp->confid[cp->protoidx]); 1511 ++ifp->if_ierrors; 1512 break; 1513 } 1514 if (h->type == CONF_NAK) 1515 (cp->RCN_nak)(sp, h, len); 1516 else /* CONF_REJ */ 1517 (cp->RCN_rej)(sp, h, len); 1518 1519 switch (sp->state[cp->protoidx]) { 1520 case STATE_CLOSED: 1521 case STATE_STOPPED: 1522 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1523 break; 1524 case STATE_REQ_SENT: 1525 case STATE_ACK_SENT: 1526 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1527 (cp->scr)(sp); 1528 break; 1529 case STATE_OPENED: 1530 (cp->tld)(sp); 1531 /* fall through */ 1532 case STATE_ACK_RCVD: 1533 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1534 (cp->scr)(sp); 1535 break; 1536 case STATE_CLOSING: 1537 case STATE_STOPPING: 1538 break; 1539 default: 1540 printf("%s: %s illegal %s in state %s\n", 1541 ifp->if_xname, cp->name, 1542 sppp_cp_type_name(h->type), 1543 sppp_state_name(sp->state[cp->protoidx])); 1544 ++ifp->if_ierrors; 1545 } 1546 break; 1547 1548 case TERM_REQ: 1549 switch (sp->state[cp->protoidx]) { 1550 case STATE_ACK_RCVD: 1551 case STATE_ACK_SENT: 1552 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1553 /* fall through */ 1554 case STATE_CLOSED: 1555 case STATE_STOPPED: 1556 case STATE_CLOSING: 1557 case STATE_STOPPING: 1558 case STATE_REQ_SENT: 1559 sta: 1560 /* Send Terminate-Ack packet. */ 1561 if (debug) 1562 log(LOG_DEBUG, "%s: %s send terminate-ack\n", 1563 ifp->if_xname, cp->name); 1564 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1565 break; 1566 case STATE_OPENED: 1567 (cp->tld)(sp); 1568 sp->rst_counter[cp->protoidx] = 0; 1569 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1570 goto sta; 1571 default: 1572 printf("%s: %s illegal %s in state %s\n", 1573 ifp->if_xname, cp->name, 1574 sppp_cp_type_name(h->type), 1575 sppp_state_name(sp->state[cp->protoidx])); 1576 ++ifp->if_ierrors; 1577 } 1578 break; 1579 case TERM_ACK: 1580 switch (sp->state[cp->protoidx]) { 1581 case STATE_CLOSED: 1582 case STATE_STOPPED: 1583 case STATE_REQ_SENT: 1584 case STATE_ACK_SENT: 1585 break; 1586 case STATE_CLOSING: 1587 (cp->tlf)(sp); 1588 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1589 sppp_lcp_check_and_close(sp); 1590 break; 1591 case STATE_STOPPING: 1592 (cp->tlf)(sp); 1593 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1594 sppp_lcp_check_and_close(sp); 1595 break; 1596 case STATE_ACK_RCVD: 1597 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1598 break; 1599 case STATE_OPENED: 1600 (cp->tld)(sp); 1601 (cp->scr)(sp); 1602 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1603 break; 1604 default: 1605 printf("%s: %s illegal %s in state %s\n", 1606 ifp->if_xname, cp->name, 1607 sppp_cp_type_name(h->type), 1608 sppp_state_name(sp->state[cp->protoidx])); 1609 ++ifp->if_ierrors; 1610 } 1611 break; 1612 case CODE_REJ: 1613 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1614 log(LOG_INFO, 1615 "%s: %s: ignoring RXJ (%s) for code ?, " 1616 "danger will robinson\n", 1617 ifp->if_xname, cp->name, 1618 sppp_cp_type_name(h->type)); 1619 switch (sp->state[cp->protoidx]) { 1620 case STATE_CLOSED: 1621 case STATE_STOPPED: 1622 case STATE_REQ_SENT: 1623 case STATE_ACK_SENT: 1624 case STATE_CLOSING: 1625 case STATE_STOPPING: 1626 case STATE_OPENED: 1627 break; 1628 case STATE_ACK_RCVD: 1629 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1630 break; 1631 default: 1632 printf("%s: %s illegal %s in state %s\n", 1633 ifp->if_xname, cp->name, 1634 sppp_cp_type_name(h->type), 1635 sppp_state_name(sp->state[cp->protoidx])); 1636 ++ifp->if_ierrors; 1637 } 1638 break; 1639 case PROTO_REJ: 1640 { 1641 int catastrophic; 1642 const struct cp *upper; 1643 int i; 1644 u_int16_t proto; 1645 1646 catastrophic = 0; 1647 upper = NULL; 1648 proto = p[0] << 8 | p[1]; 1649 for (i = 0; i < IDX_COUNT; i++) { 1650 if (cps[i]->proto == proto) { 1651 upper = cps[i]; 1652 break; 1653 } 1654 } 1655 if (upper == NULL) 1656 catastrophic++; 1657 1658 if (debug) 1659 log(LOG_INFO, 1660 "%s: %s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1661 ifp->if_xname, cp->name, catastrophic ? '-' : '+', 1662 sppp_cp_type_name(h->type), proto, 1663 upper ? upper->name : "unknown", 1664 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1665 1666 /* 1667 * if we got RXJ+ against conf-req, the peer does not implement 1668 * this particular protocol type. terminate the protocol. 1669 */ 1670 if (upper && !catastrophic) { 1671 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1672 upper->Close(sp); 1673 break; 1674 } 1675 } 1676 1677 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1678 switch (sp->state[cp->protoidx]) { 1679 case STATE_CLOSED: 1680 case STATE_STOPPED: 1681 case STATE_REQ_SENT: 1682 case STATE_ACK_SENT: 1683 case STATE_CLOSING: 1684 case STATE_STOPPING: 1685 case STATE_OPENED: 1686 break; 1687 case STATE_ACK_RCVD: 1688 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1689 break; 1690 default: 1691 printf("%s: %s illegal %s in state %s\n", 1692 ifp->if_xname, cp->name, 1693 sppp_cp_type_name(h->type), 1694 sppp_state_name(sp->state[cp->protoidx])); 1695 ++ifp->if_ierrors; 1696 } 1697 break; 1698 } 1699 case DISC_REQ: 1700 if (cp->proto != PPP_LCP) 1701 goto illegal; 1702 /* Discard the packet. */ 1703 break; 1704 case ECHO_REQ: 1705 if (cp->proto != PPP_LCP) 1706 goto illegal; 1707 if (sp->state[cp->protoidx] != STATE_OPENED) { 1708 if (debug) 1709 addlog("%s: lcp echo req but lcp closed\n", 1710 ifp->if_xname); 1711 ++ifp->if_ierrors; 1712 break; 1713 } 1714 if (len < 8) { 1715 if (debug) 1716 addlog("%s: invalid lcp echo request " 1717 "packet length: %d bytes\n", 1718 ifp->if_xname, len); 1719 break; 1720 } 1721 memcpy(&u32, h + 1, sizeof u32); 1722 if (ntohl(u32) == sp->lcp.magic) { 1723 /* Line loopback mode detected. */ 1724 printf("%s: loopback\n", ifp->if_xname); 1725 if_down(ifp); 1726 IF_PURGE(&sp->pp_cpq); 1727 1728 /* Shut down the PPP link. */ 1729 /* XXX */ 1730 lcp.Down(sp); 1731 lcp.Up(sp); 1732 break; 1733 } 1734 u32 = htonl(sp->lcp.magic); 1735 memcpy(h + 1, &u32, sizeof u32); 1736 if (debug) 1737 addlog("%s: got lcp echo req, sending echo rep\n", 1738 ifp->if_xname); 1739 sppp_cp_send(sp, PPP_LCP, ECHO_REPLY, h->ident, len - 4, 1740 h + 1); 1741 break; 1742 case ECHO_REPLY: 1743 if (cp->proto != PPP_LCP) 1744 goto illegal; 1745 if (h->ident != sp->lcp.echoid) { 1746 ++ifp->if_ierrors; 1747 break; 1748 } 1749 if (len < 8) { 1750 if (debug) 1751 addlog("%s: lcp invalid echo reply " 1752 "packet length: %d bytes\n", 1753 ifp->if_xname, len); 1754 break; 1755 } 1756 if (debug) 1757 addlog("%s: lcp got echo rep\n", 1758 ifp->if_xname); 1759 memcpy(&u32, h + 1, sizeof u32); 1760 if (ntohl(u32) != sp->lcp.magic) 1761 sp->pp_alivecnt = 0; 1762 break; 1763 default: 1764 /* Unknown packet type -- send Code-Reject packet. */ 1765 illegal: 1766 if (debug) 1767 addlog("%s: %s send code-rej for 0x%x\n", 1768 ifp->if_xname, cp->name, h->type); 1769 sppp_cp_send(sp, cp->proto, CODE_REJ, 1770 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1771 ++ifp->if_ierrors; 1772 } 1773 } 1774 1775 1776 /* 1777 * The generic part of all Up/Down/Open/Close/TO event handlers. 1778 * Basically, the state transition handling in the automaton. 1779 */ 1780 static void 1781 sppp_up_event(const struct cp *cp, struct sppp *sp) 1782 { 1783 STDDCL; 1784 1785 if (debug) 1786 log(LOG_DEBUG, "%s: %s up(%s)\n", 1787 ifp->if_xname, cp->name, 1788 sppp_state_name(sp->state[cp->protoidx])); 1789 1790 switch (sp->state[cp->protoidx]) { 1791 case STATE_INITIAL: 1792 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1793 break; 1794 case STATE_STARTING: 1795 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1796 (cp->scr)(sp); 1797 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1798 break; 1799 default: 1800 printf("%s: %s illegal up in state %s\n", 1801 ifp->if_xname, cp->name, 1802 sppp_state_name(sp->state[cp->protoidx])); 1803 } 1804 } 1805 1806 static void 1807 sppp_down_event(const struct cp *cp, struct sppp *sp) 1808 { 1809 STDDCL; 1810 1811 if (debug) 1812 log(LOG_DEBUG, "%s: %s down(%s)\n", 1813 ifp->if_xname, cp->name, 1814 sppp_state_name(sp->state[cp->protoidx])); 1815 1816 switch (sp->state[cp->protoidx]) { 1817 case STATE_CLOSED: 1818 case STATE_CLOSING: 1819 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1820 break; 1821 case STATE_STOPPED: 1822 (cp->tls)(sp); 1823 /* fall through */ 1824 case STATE_STOPPING: 1825 case STATE_REQ_SENT: 1826 case STATE_ACK_RCVD: 1827 case STATE_ACK_SENT: 1828 sppp_cp_change_state(cp, sp, STATE_STARTING); 1829 break; 1830 case STATE_OPENED: 1831 (cp->tld)(sp); 1832 sppp_cp_change_state(cp, sp, STATE_STARTING); 1833 break; 1834 default: 1835 printf("%s: %s illegal down in state %s\n", 1836 ifp->if_xname, cp->name, 1837 sppp_state_name(sp->state[cp->protoidx])); 1838 } 1839 } 1840 1841 1842 static void 1843 sppp_open_event(const struct cp *cp, struct sppp *sp) 1844 { 1845 STDDCL; 1846 1847 if (debug) 1848 log(LOG_DEBUG, "%s: %s open(%s)\n", 1849 ifp->if_xname, cp->name, 1850 sppp_state_name(sp->state[cp->protoidx])); 1851 1852 switch (sp->state[cp->protoidx]) { 1853 case STATE_INITIAL: 1854 (cp->tls)(sp); 1855 sppp_cp_change_state(cp, sp, STATE_STARTING); 1856 break; 1857 case STATE_STARTING: 1858 break; 1859 case STATE_CLOSED: 1860 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1861 (cp->scr)(sp); 1862 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1863 break; 1864 case STATE_STOPPED: 1865 case STATE_STOPPING: 1866 case STATE_REQ_SENT: 1867 case STATE_ACK_RCVD: 1868 case STATE_ACK_SENT: 1869 case STATE_OPENED: 1870 break; 1871 case STATE_CLOSING: 1872 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1873 break; 1874 } 1875 } 1876 1877 1878 static void 1879 sppp_close_event(const struct cp *cp, struct sppp *sp) 1880 { 1881 STDDCL; 1882 1883 if (debug) 1884 log(LOG_DEBUG, "%s: %s close(%s)\n", 1885 ifp->if_xname, cp->name, 1886 sppp_state_name(sp->state[cp->protoidx])); 1887 1888 switch (sp->state[cp->protoidx]) { 1889 case STATE_INITIAL: 1890 case STATE_CLOSED: 1891 case STATE_CLOSING: 1892 break; 1893 case STATE_STARTING: 1894 (cp->tlf)(sp); 1895 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1896 break; 1897 case STATE_STOPPED: 1898 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1899 break; 1900 case STATE_STOPPING: 1901 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1902 break; 1903 case STATE_OPENED: 1904 (cp->tld)(sp); 1905 /* fall through */ 1906 case STATE_REQ_SENT: 1907 case STATE_ACK_RCVD: 1908 case STATE_ACK_SENT: 1909 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1910 sppp_cp_send(sp, cp->proto, TERM_REQ, 1911 ++sp->pp_seq[cp->protoidx], 0, 0); 1912 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1913 break; 1914 } 1915 } 1916 1917 static void 1918 sppp_to_event(const struct cp *cp, struct sppp *sp) 1919 { 1920 STDDCL; 1921 int s; 1922 1923 s = splnet(); 1924 if (debug) 1925 log(LOG_DEBUG, "%s: %s TO(%s) rst_counter = %d\n", 1926 ifp->if_xname, cp->name, 1927 sppp_state_name(sp->state[cp->protoidx]), 1928 sp->rst_counter[cp->protoidx]); 1929 1930 if (--sp->rst_counter[cp->protoidx] < 0) 1931 /* TO- event */ 1932 switch (sp->state[cp->protoidx]) { 1933 case STATE_CLOSING: 1934 (cp->tlf)(sp); 1935 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1936 sppp_lcp_check_and_close(sp); 1937 break; 1938 case STATE_STOPPING: 1939 (cp->tlf)(sp); 1940 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1941 sppp_lcp_check_and_close(sp); 1942 break; 1943 case STATE_REQ_SENT: 1944 case STATE_ACK_RCVD: 1945 case STATE_ACK_SENT: 1946 (cp->tlf)(sp); 1947 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1948 sppp_lcp_check_and_close(sp); 1949 break; 1950 } 1951 else 1952 /* TO+ event */ 1953 switch (sp->state[cp->protoidx]) { 1954 case STATE_CLOSING: 1955 case STATE_STOPPING: 1956 sppp_cp_send(sp, cp->proto, TERM_REQ, 1957 ++sp->pp_seq[cp->protoidx], 0, 0); 1958 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1959 cp->TO, sp); 1960 break; 1961 case STATE_REQ_SENT: 1962 case STATE_ACK_RCVD: 1963 (cp->scr)(sp); 1964 /* sppp_cp_change_state() will restart the timer */ 1965 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1966 break; 1967 case STATE_ACK_SENT: 1968 (cp->scr)(sp); 1969 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1970 cp->TO, sp); 1971 break; 1972 } 1973 1974 splx(s); 1975 } 1976 1977 /* 1978 * Change the state of a control protocol in the state automaton. 1979 * Takes care of starting/stopping the restart timer. 1980 */ 1981 void 1982 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1983 { 1984 sp->state[cp->protoidx] = newstate; 1985 callout_stop(&sp->ch[cp->protoidx]); 1986 switch (newstate) { 1987 case STATE_INITIAL: 1988 case STATE_STARTING: 1989 case STATE_CLOSED: 1990 case STATE_STOPPED: 1991 case STATE_OPENED: 1992 break; 1993 case STATE_CLOSING: 1994 case STATE_STOPPING: 1995 case STATE_REQ_SENT: 1996 case STATE_ACK_RCVD: 1997 case STATE_ACK_SENT: 1998 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1999 cp->TO, sp); 2000 break; 2001 } 2002 } 2003 2004 /* 2005 *--------------------------------------------------------------------------* 2006 * * 2007 * The LCP implementation. * 2008 * * 2009 *--------------------------------------------------------------------------* 2010 */ 2011 static void 2012 sppp_lcp_init(struct sppp *sp) 2013 { 2014 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2015 sp->lcp.magic = 0; 2016 sp->state[IDX_LCP] = STATE_INITIAL; 2017 sp->fail_counter[IDX_LCP] = 0; 2018 sp->pp_seq[IDX_LCP] = 0; 2019 sp->pp_rseq[IDX_LCP] = 0; 2020 sp->lcp.protos = 0; 2021 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2022 2023 /* 2024 * Initialize counters and timeout values. Note that we don't 2025 * use the 3 seconds suggested in RFC 1661 since we are likely 2026 * running on a fast link. XXX We should probably implement 2027 * the exponential backoff option. Note that these values are 2028 * relevant for all control protocols, not just LCP only. 2029 */ 2030 sp->lcp.timeout = 1 * hz; 2031 sp->lcp.max_terminate = 2; 2032 sp->lcp.max_configure = 10; 2033 sp->lcp.max_failure = 10; 2034 callout_init(&sp->ch[IDX_LCP]); 2035 } 2036 2037 static void 2038 sppp_lcp_up(struct sppp *sp) 2039 { 2040 STDDCL; 2041 2042 /* Initialize activity timestamp: opening a connection is an activity */ 2043 sp->pp_last_receive = sp->pp_last_activity = mono_time.tv_sec; 2044 2045 /* 2046 * If this interface is passive or dial-on-demand, and we are 2047 * still in Initial state, it means we've got an incoming 2048 * call. Activate the interface. 2049 */ 2050 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2051 if (debug) 2052 log(LOG_DEBUG, 2053 "%s: Up event", ifp->if_xname); 2054 ifp->if_flags |= IFF_RUNNING; 2055 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2056 if (debug) 2057 addlog("(incoming call)\n"); 2058 sp->pp_flags |= PP_CALLIN; 2059 lcp.Open(sp); 2060 } else if (debug) 2061 addlog("\n"); 2062 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2063 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2064 ifp->if_flags |= IFF_RUNNING; 2065 lcp.Open(sp); 2066 } 2067 2068 sppp_up_event(&lcp, sp); 2069 } 2070 2071 static void 2072 sppp_lcp_down(struct sppp *sp) 2073 { 2074 STDDCL; 2075 2076 sppp_down_event(&lcp, sp); 2077 2078 /* 2079 * If this is neither a dial-on-demand nor a passive 2080 * interface, simulate an ``ifconfig down'' action, so the 2081 * administrator can force a redial by another ``ifconfig 2082 * up''. XXX For leased line operation, should we immediately 2083 * try to reopen the connection here? 2084 */ 2085 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2086 if (debug) 2087 log(LOG_INFO, 2088 "%s: Down event (carrier loss), taking interface down.\n", 2089 ifp->if_xname); 2090 if_down(ifp); 2091 } else { 2092 if (debug) 2093 log(LOG_DEBUG, 2094 "%s: Down event (carrier loss)\n", 2095 ifp->if_xname); 2096 } 2097 sp->pp_flags &= ~PP_CALLIN; 2098 if (sp->state[IDX_LCP] != STATE_INITIAL) 2099 lcp.Close(sp); 2100 ifp->if_flags &= ~IFF_RUNNING; 2101 } 2102 2103 static void 2104 sppp_lcp_open(struct sppp *sp) 2105 { 2106 /* 2107 * If we are authenticator, negotiate LCP_AUTH 2108 */ 2109 if (sp->hisauth.proto != 0) 2110 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2111 else 2112 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2113 sp->pp_flags &= ~PP_NEEDAUTH; 2114 sppp_open_event(&lcp, sp); 2115 } 2116 2117 static void 2118 sppp_lcp_close(struct sppp *sp) 2119 { 2120 sppp_close_event(&lcp, sp); 2121 } 2122 2123 static void 2124 sppp_lcp_TO(void *cookie) 2125 { 2126 sppp_to_event(&lcp, (struct sppp *)cookie); 2127 } 2128 2129 /* 2130 * Analyze a configure request. Return true if it was agreeable, and 2131 * caused action sca, false if it has been rejected or nak'ed, and 2132 * caused action scn. (The return value is used to make the state 2133 * transition decision in the state automaton.) 2134 */ 2135 static int 2136 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2137 { 2138 STDDCL; 2139 u_char *buf, *r, *p; 2140 int origlen, rlen; 2141 u_int32_t nmagic; 2142 u_short authproto; 2143 2144 len -= 4; 2145 origlen = len; 2146 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2147 if (! buf) 2148 return (0); 2149 2150 if (debug) 2151 log(LOG_DEBUG, "%s: lcp parse opts:", 2152 ifp->if_xname); 2153 2154 /* pass 1: check for things that need to be rejected */ 2155 p = (void *)(h + 1); 2156 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2157 if (debug) 2158 addlog(" %s", sppp_lcp_opt_name(*p)); 2159 switch (*p) { 2160 case LCP_OPT_MAGIC: 2161 /* Magic number. */ 2162 /* fall through, both are same length */ 2163 case LCP_OPT_ASYNC_MAP: 2164 /* Async control character map. */ 2165 if (len >= 6 || p[1] == 6) 2166 continue; 2167 if (debug) 2168 addlog(" [invalid]"); 2169 break; 2170 case LCP_OPT_MRU: 2171 /* Maximum receive unit. */ 2172 if (len >= 4 && p[1] == 4) 2173 continue; 2174 if (debug) 2175 addlog(" [invalid]"); 2176 break; 2177 case LCP_OPT_AUTH_PROTO: 2178 if (len < 4) { 2179 if (debug) 2180 addlog(" [invalid]"); 2181 break; 2182 } 2183 authproto = (p[2] << 8) + p[3]; 2184 if (authproto == PPP_CHAP && p[1] != 5) { 2185 if (debug) 2186 addlog(" [invalid chap len]"); 2187 break; 2188 } 2189 if (sp->myauth.proto == 0) { 2190 /* we are not configured to do auth */ 2191 if (debug) 2192 addlog(" [not configured]"); 2193 break; 2194 } 2195 /* 2196 * Remote want us to authenticate, remember this, 2197 * so we stay in SPPP_PHASE_AUTHENTICATE after LCP got 2198 * up. 2199 */ 2200 sp->pp_flags |= PP_NEEDAUTH; 2201 continue; 2202 default: 2203 /* Others not supported. */ 2204 if (debug) 2205 addlog(" [rej]"); 2206 break; 2207 } 2208 /* Add the option to rejected list. */ 2209 bcopy (p, r, p[1]); 2210 r += p[1]; 2211 rlen += p[1]; 2212 } 2213 if (rlen) { 2214 if (debug) 2215 addlog(" send conf-rej\n"); 2216 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2217 goto end; 2218 } else if (debug) 2219 addlog("\n"); 2220 2221 /* 2222 * pass 2: check for option values that are unacceptable and 2223 * thus require to be nak'ed. 2224 */ 2225 if (debug) 2226 log(LOG_DEBUG, "%s: lcp parse opt values: ", 2227 ifp->if_xname); 2228 2229 p = (void *)(h + 1); 2230 len = origlen; 2231 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2232 if (debug) 2233 addlog(" %s", sppp_lcp_opt_name(*p)); 2234 switch (*p) { 2235 case LCP_OPT_MAGIC: 2236 /* Magic number -- extract. */ 2237 nmagic = (u_int32_t)p[2] << 24 | 2238 (u_int32_t)p[3] << 16 | p[4] << 8 | p[5]; 2239 if (nmagic != sp->lcp.magic) { 2240 if (debug) 2241 addlog(" 0x%x", nmagic); 2242 continue; 2243 } 2244 /* 2245 * Local and remote magics equal -- loopback? 2246 */ 2247 if (sp->pp_loopcnt >= LOOPALIVECNT*5) { 2248 printf ("%s: loopback\n", 2249 ifp->if_xname); 2250 sp->pp_loopcnt = 0; 2251 if (ifp->if_flags & IFF_UP) { 2252 if_down(ifp); 2253 IF_PURGE(&sp->pp_cpq); 2254 /* XXX ? */ 2255 lcp.Down(sp); 2256 lcp.Up(sp); 2257 } 2258 } else if (debug) 2259 addlog(" [glitch]"); 2260 ++sp->pp_loopcnt; 2261 /* 2262 * We negate our magic here, and NAK it. If 2263 * we see it later in an NAK packet, we 2264 * suggest a new one. 2265 */ 2266 nmagic = ~sp->lcp.magic; 2267 /* Gonna NAK it. */ 2268 p[2] = nmagic >> 24; 2269 p[3] = nmagic >> 16; 2270 p[4] = nmagic >> 8; 2271 p[5] = nmagic; 2272 break; 2273 2274 case LCP_OPT_ASYNC_MAP: 2275 /* 2276 * Async control character map -- just ignore it. 2277 * 2278 * Quote from RFC 1662, chapter 6: 2279 * To enable this functionality, synchronous PPP 2280 * implementations MUST always respond to the 2281 * Async-Control-Character-Map Configuration 2282 * Option with the LCP Configure-Ack. However, 2283 * acceptance of the Configuration Option does 2284 * not imply that the synchronous implementation 2285 * will do any ACCM mapping. Instead, all such 2286 * octet mapping will be performed by the 2287 * asynchronous-to-synchronous converter. 2288 */ 2289 continue; 2290 2291 case LCP_OPT_MRU: 2292 /* 2293 * Maximum receive unit. Always agreeable, 2294 * but ignored by now. 2295 */ 2296 sp->lcp.their_mru = p[2] * 256 + p[3]; 2297 if (debug) 2298 addlog(" %ld", sp->lcp.their_mru); 2299 continue; 2300 2301 case LCP_OPT_AUTH_PROTO: 2302 authproto = (p[2] << 8) + p[3]; 2303 if (sp->myauth.proto != authproto) { 2304 /* not agreed, nak */ 2305 if (debug) 2306 addlog(" [mine %s != his %s]", 2307 sppp_proto_name(sp->myauth.proto), 2308 sppp_proto_name(authproto)); 2309 p[2] = sp->myauth.proto >> 8; 2310 p[3] = sp->myauth.proto; 2311 break; 2312 } 2313 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2314 if (debug) 2315 addlog(" [chap not MD5]"); 2316 p[4] = CHAP_MD5; 2317 break; 2318 } 2319 continue; 2320 } 2321 /* Add the option to nak'ed list. */ 2322 bcopy (p, r, p[1]); 2323 r += p[1]; 2324 rlen += p[1]; 2325 } 2326 if (rlen) { 2327 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2328 if (debug) 2329 addlog(" max_failure (%d) exceeded, " 2330 "send conf-rej\n", 2331 sp->lcp.max_failure); 2332 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2333 } else { 2334 if (debug) 2335 addlog(" send conf-nak\n"); 2336 sppp_cp_send(sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2337 } 2338 goto end; 2339 } else { 2340 if (debug) 2341 addlog(" send conf-ack\n"); 2342 sp->fail_counter[IDX_LCP] = 0; 2343 sp->pp_loopcnt = 0; 2344 sppp_cp_send(sp, PPP_LCP, CONF_ACK, h->ident, origlen, h + 1); 2345 } 2346 2347 end: 2348 free(buf, M_TEMP); 2349 return (rlen == 0); 2350 } 2351 2352 /* 2353 * Analyze the LCP Configure-Reject option list, and adjust our 2354 * negotiation. 2355 */ 2356 static void 2357 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2358 { 2359 STDDCL; 2360 u_char *buf, *p; 2361 2362 len -= 4; 2363 buf = malloc (len, M_TEMP, M_NOWAIT); 2364 if (!buf) 2365 return; 2366 2367 if (debug) 2368 log(LOG_DEBUG, "%s: lcp rej opts:", 2369 ifp->if_xname); 2370 2371 p = (void *)(h + 1); 2372 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2373 if (debug) 2374 addlog(" %s", sppp_lcp_opt_name(*p)); 2375 switch (*p) { 2376 case LCP_OPT_MAGIC: 2377 /* Magic number -- can't use it, use 0 */ 2378 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2379 sp->lcp.magic = 0; 2380 break; 2381 case LCP_OPT_MRU: 2382 /* 2383 * Should not be rejected anyway, since we only 2384 * negotiate a MRU if explicitly requested by 2385 * peer. 2386 */ 2387 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2388 break; 2389 case LCP_OPT_AUTH_PROTO: 2390 /* 2391 * Peer doesn't want to authenticate himself, 2392 * deny unless this is a dialout call, and 2393 * SPPP_AUTHFLAG_NOCALLOUT is set. 2394 */ 2395 if ((sp->pp_flags & PP_CALLIN) == 0 && 2396 (sp->hisauth.flags & SPPP_AUTHFLAG_NOCALLOUT) != 0) { 2397 if (debug) 2398 addlog(" [don't insist on auth " 2399 "for callout]"); 2400 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2401 break; 2402 } 2403 if (debug) 2404 addlog("[access denied]\n"); 2405 lcp.Close(sp); 2406 break; 2407 } 2408 } 2409 if (debug) 2410 addlog("\n"); 2411 free(buf, M_TEMP); 2412 return; 2413 } 2414 2415 /* 2416 * Analyze the LCP Configure-NAK option list, and adjust our 2417 * negotiation. 2418 */ 2419 static void 2420 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2421 { 2422 STDDCL; 2423 u_char *buf, *p; 2424 u_int32_t magic; 2425 2426 len -= 4; 2427 buf = malloc (len, M_TEMP, M_NOWAIT); 2428 if (!buf) 2429 return; 2430 2431 if (debug) 2432 log(LOG_DEBUG, "%s: lcp nak opts:", 2433 ifp->if_xname); 2434 2435 p = (void *)(h + 1); 2436 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2437 if (debug) 2438 addlog(" %s", sppp_lcp_opt_name(*p)); 2439 switch (*p) { 2440 case LCP_OPT_MAGIC: 2441 /* Magic number -- renegotiate */ 2442 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2443 len >= 6 && p[1] == 6) { 2444 magic = (u_int32_t)p[2] << 24 | 2445 (u_int32_t)p[3] << 16 | p[4] << 8 | p[5]; 2446 /* 2447 * If the remote magic is our negated one, 2448 * this looks like a loopback problem. 2449 * Suggest a new magic to make sure. 2450 */ 2451 if (magic == ~sp->lcp.magic) { 2452 if (debug) 2453 addlog(" magic glitch"); 2454 sp->lcp.magic = arc4random(); 2455 } else { 2456 sp->lcp.magic = magic; 2457 if (debug) 2458 addlog(" %d", magic); 2459 } 2460 } 2461 break; 2462 case LCP_OPT_MRU: 2463 /* 2464 * Peer wants to advise us to negotiate an MRU. 2465 * Agree on it if it's reasonable, or use 2466 * default otherwise. 2467 */ 2468 if (len >= 4 && p[1] == 4) { 2469 u_int mru = p[2] * 256 + p[3]; 2470 if (debug) 2471 addlog(" %d", mru); 2472 if (mru < PP_MTU || mru > PP_MAX_MRU) 2473 mru = PP_MTU; 2474 sp->lcp.mru = mru; 2475 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2476 } 2477 break; 2478 case LCP_OPT_AUTH_PROTO: 2479 /* 2480 * Peer doesn't like our authentication method, 2481 * deny. 2482 */ 2483 if (debug) 2484 addlog("[access denied]\n"); 2485 lcp.Close(sp); 2486 break; 2487 } 2488 } 2489 if (debug) 2490 addlog("\n"); 2491 free(buf, M_TEMP); 2492 return; 2493 } 2494 2495 static void 2496 sppp_lcp_tlu(struct sppp *sp) 2497 { 2498 STDDCL; 2499 int i; 2500 u_int32_t mask; 2501 2502 /* XXX ? */ 2503 if (! (ifp->if_flags & IFF_UP) && 2504 (ifp->if_flags & IFF_RUNNING)) { 2505 /* Coming out of loopback mode. */ 2506 if_up(ifp); 2507 } 2508 2509 for (i = 0; i < IDX_COUNT; i++) 2510 if ((cps[i])->flags & CP_QUAL) 2511 (cps[i])->Open(sp); 2512 2513 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2514 (sp->pp_flags & PP_NEEDAUTH) != 0) 2515 sp->pp_phase = SPPP_PHASE_AUTHENTICATE; 2516 else 2517 sp->pp_phase = SPPP_PHASE_NETWORK; 2518 2519 if (debug) 2520 { 2521 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 2522 sppp_phase_name(sp->pp_phase)); 2523 } 2524 2525 /* 2526 * Open all authentication protocols. This is even required 2527 * if we already proceeded to network phase, since it might be 2528 * that remote wants us to authenticate, so we might have to 2529 * send a PAP request. Undesired authentication protocols 2530 * don't do anything when they get an Open event. 2531 */ 2532 for (i = 0; i < IDX_COUNT; i++) 2533 if ((cps[i])->flags & CP_AUTH) 2534 (cps[i])->Open(sp); 2535 2536 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 2537 /* Notify all NCPs. */ 2538 for (i = 0; i < IDX_COUNT; i++) 2539 if ((cps[i])->flags & CP_NCP) 2540 (cps[i])->Open(sp); 2541 } 2542 2543 /* Send Up events to all started protos. */ 2544 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2545 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2546 (cps[i])->Up(sp); 2547 2548 /* notify low-level driver of state change */ 2549 if (sp->pp_chg) 2550 sp->pp_chg(sp, (int)sp->pp_phase); 2551 2552 if (sp->pp_phase == SPPP_PHASE_NETWORK) 2553 /* if no NCP is starting, close down */ 2554 sppp_lcp_check_and_close(sp); 2555 } 2556 2557 static void 2558 sppp_lcp_tld(struct sppp *sp) 2559 { 2560 STDDCL; 2561 int i; 2562 u_int32_t mask; 2563 2564 sp->pp_phase = SPPP_PHASE_TERMINATE; 2565 2566 if (debug) 2567 { 2568 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 2569 sppp_phase_name(sp->pp_phase)); 2570 } 2571 2572 /* 2573 * Take upper layers down. We send the Down event first and 2574 * the Close second to prevent the upper layers from sending 2575 * ``a flurry of terminate-request packets'', as the RFC 2576 * describes it. 2577 */ 2578 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2579 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2580 (cps[i])->Down(sp); 2581 (cps[i])->Close(sp); 2582 } 2583 } 2584 2585 static void 2586 sppp_lcp_tls(struct sppp *sp) 2587 { 2588 STDDCL; 2589 2590 if (sp->pp_max_auth_fail != 0 && sp->pp_auth_failures >= sp->pp_max_auth_fail) { 2591 printf("%s: authentication failed %d times, not retrying again\n", 2592 sp->pp_if.if_xname, sp->pp_auth_failures); 2593 if_down(&sp->pp_if); 2594 return; 2595 } 2596 2597 sp->pp_phase = SPPP_PHASE_ESTABLISH; 2598 2599 if (debug) 2600 { 2601 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 2602 sppp_phase_name(sp->pp_phase)); 2603 } 2604 2605 /* Notify lower layer if desired. */ 2606 if (sp->pp_tls) 2607 (sp->pp_tls)(sp); 2608 } 2609 2610 static void 2611 sppp_lcp_tlf(struct sppp *sp) 2612 { 2613 STDDCL; 2614 2615 sp->pp_phase = SPPP_PHASE_DEAD; 2616 2617 if (debug) 2618 { 2619 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 2620 sppp_phase_name(sp->pp_phase)); 2621 } 2622 2623 /* Notify lower layer if desired. */ 2624 if (sp->pp_tlf) 2625 (sp->pp_tlf)(sp); 2626 } 2627 2628 static void 2629 sppp_lcp_scr(struct sppp *sp) 2630 { 2631 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2632 int i = 0; 2633 u_short authproto; 2634 2635 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2636 if (! sp->lcp.magic) 2637 sp->lcp.magic = arc4random(); 2638 opt[i++] = LCP_OPT_MAGIC; 2639 opt[i++] = 6; 2640 opt[i++] = sp->lcp.magic >> 24; 2641 opt[i++] = sp->lcp.magic >> 16; 2642 opt[i++] = sp->lcp.magic >> 8; 2643 opt[i++] = sp->lcp.magic; 2644 } 2645 2646 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2647 opt[i++] = LCP_OPT_MRU; 2648 opt[i++] = 4; 2649 opt[i++] = sp->lcp.mru >> 8; 2650 opt[i++] = sp->lcp.mru; 2651 } 2652 2653 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2654 authproto = sp->hisauth.proto; 2655 opt[i++] = LCP_OPT_AUTH_PROTO; 2656 opt[i++] = authproto == PPP_CHAP? 5: 4; 2657 opt[i++] = authproto >> 8; 2658 opt[i++] = authproto; 2659 if (authproto == PPP_CHAP) 2660 opt[i++] = CHAP_MD5; 2661 } 2662 2663 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2664 sppp_cp_send(sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2665 } 2666 2667 /* 2668 * Check the open NCPs, return true if at least one NCP is open. 2669 */ 2670 static int 2671 sppp_ncp_check(struct sppp *sp) 2672 { 2673 int i, mask; 2674 2675 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2676 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2677 return 1; 2678 return 0; 2679 } 2680 2681 /* 2682 * Re-check the open NCPs and see if we should terminate the link. 2683 * Called by the NCPs during their tlf action handling. 2684 */ 2685 static void 2686 sppp_lcp_check_and_close(struct sppp *sp) 2687 { 2688 2689 if (sp->pp_phase < SPPP_PHASE_NETWORK) 2690 /* don't bother, we are already going down */ 2691 return; 2692 2693 if (sppp_ncp_check(sp)) 2694 return; 2695 2696 lcp.Close(sp); 2697 } 2698 2699 2700 /* 2701 *--------------------------------------------------------------------------* 2702 * * 2703 * The IPCP implementation. * 2704 * * 2705 *--------------------------------------------------------------------------* 2706 */ 2707 2708 static void 2709 sppp_ipcp_init(struct sppp *sp) 2710 { 2711 sp->ipcp.opts = 0; 2712 sp->ipcp.flags = 0; 2713 sp->state[IDX_IPCP] = STATE_INITIAL; 2714 sp->fail_counter[IDX_IPCP] = 0; 2715 sp->pp_seq[IDX_IPCP] = 0; 2716 sp->pp_rseq[IDX_IPCP] = 0; 2717 callout_init(&sp->ch[IDX_IPCP]); 2718 } 2719 2720 static void 2721 sppp_ipcp_up(struct sppp *sp) 2722 { 2723 sppp_up_event(&ipcp, sp); 2724 } 2725 2726 static void 2727 sppp_ipcp_down(struct sppp *sp) 2728 { 2729 sppp_down_event(&ipcp, sp); 2730 } 2731 2732 static void 2733 sppp_ipcp_open(struct sppp *sp) 2734 { 2735 STDDCL; 2736 u_int32_t myaddr, hisaddr; 2737 2738 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN|IPCP_HISADDR_DYN); 2739 sp->ipcp.req_myaddr = 0; 2740 sp->ipcp.req_hisaddr = 0; 2741 memset(&sp->dns_addrs, 0, sizeof sp->dns_addrs); 2742 2743 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2744 /* 2745 * If we don't have his address, this probably means our 2746 * interface doesn't want to talk IP at all. (This could 2747 * be the case if somebody wants to speak only IPX, for 2748 * example.) Don't open IPCP in this case. 2749 */ 2750 if (hisaddr == 0L) { 2751 /* XXX this message should go away */ 2752 if (debug) 2753 log(LOG_DEBUG, "%s: ipcp_open(): no IP interface\n", 2754 ifp->if_xname); 2755 return; 2756 } 2757 2758 if (myaddr == 0) { 2759 /* 2760 * I don't have an assigned address, so i need to 2761 * negotiate my address. 2762 */ 2763 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2764 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2765 } 2766 if (hisaddr == 1) { 2767 /* 2768 * XXX - remove this hack! 2769 * remote has no valid address, we need to get one assigned. 2770 */ 2771 sp->ipcp.flags |= IPCP_HISADDR_DYN; 2772 } 2773 sppp_open_event(&ipcp, sp); 2774 } 2775 2776 static void 2777 sppp_ipcp_close(struct sppp *sp) 2778 { 2779 STDDCL; 2780 2781 sppp_close_event(&ipcp, sp); 2782 if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN)) 2783 /* 2784 * Some address was dynamic, clear it again. 2785 */ 2786 sppp_clear_ip_addrs(sp); 2787 2788 if (sp->pp_saved_mtu > 0) { 2789 ifp->if_mtu = sp->pp_saved_mtu; 2790 sp->pp_saved_mtu = 0; 2791 if (debug) 2792 log(LOG_DEBUG, 2793 "%s: resetting MTU to %" PRIu64 " bytes\n", 2794 ifp->if_xname, ifp->if_mtu); 2795 } 2796 } 2797 2798 static void 2799 sppp_ipcp_TO(void *cookie) 2800 { 2801 sppp_to_event(&ipcp, (struct sppp *)cookie); 2802 } 2803 2804 /* 2805 * Analyze a configure request. Return true if it was agreeable, and 2806 * caused action sca, false if it has been rejected or nak'ed, and 2807 * caused action scn. (The return value is used to make the state 2808 * transition decision in the state automaton.) 2809 */ 2810 static int 2811 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2812 { 2813 u_char *buf, *r, *p; 2814 struct ifnet *ifp = &sp->pp_if; 2815 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2816 u_int32_t hisaddr, desiredaddr; 2817 2818 len -= 4; 2819 origlen = len; 2820 /* 2821 * Make sure to allocate a buf that can at least hold a 2822 * conf-nak with an `address' option. We might need it below. 2823 */ 2824 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2825 if (! buf) 2826 return (0); 2827 2828 /* pass 1: see if we can recognize them */ 2829 if (debug) 2830 log(LOG_DEBUG, "%s: ipcp parse opts:", 2831 ifp->if_xname); 2832 p = (void *)(h + 1); 2833 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2834 if (debug) 2835 addlog(" %s", sppp_ipcp_opt_name(*p)); 2836 switch (*p) { 2837 #ifdef notyet 2838 case IPCP_OPT_COMPRESSION: 2839 if (len >= 6 && p[1] >= 6) { 2840 /* correctly formed compress option */ 2841 continue; 2842 } 2843 if (debug) 2844 addlog(" [invalid]"); 2845 break; 2846 #endif 2847 case IPCP_OPT_ADDRESS: 2848 if (len >= 6 && p[1] == 6) { 2849 /* correctly formed address option */ 2850 continue; 2851 } 2852 if (debug) 2853 addlog(" [invalid]"); 2854 break; 2855 default: 2856 /* Others not supported. */ 2857 if (debug) 2858 addlog(" [rej]"); 2859 break; 2860 } 2861 /* Add the option to rejected list. */ 2862 bcopy (p, r, p[1]); 2863 r += p[1]; 2864 rlen += p[1]; 2865 } 2866 if (rlen) { 2867 if (debug) 2868 addlog(" send conf-rej\n"); 2869 sppp_cp_send(sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2870 goto end; 2871 } else if (debug) 2872 addlog("\n"); 2873 2874 /* pass 2: parse option values */ 2875 if (sp->ipcp.flags & IPCP_HISADDR_SEEN) 2876 hisaddr = sp->ipcp.req_hisaddr; /* we already aggreed on that */ 2877 else 2878 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */ 2879 if (debug) 2880 log(LOG_DEBUG, "%s: ipcp parse opt values: ", 2881 ifp->if_xname); 2882 p = (void *)(h + 1); 2883 len = origlen; 2884 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2885 if (debug) 2886 addlog(" %s", sppp_ipcp_opt_name(*p)); 2887 switch (*p) { 2888 #ifdef notyet 2889 case IPCP_OPT_COMPRESSION: 2890 continue; 2891 #endif 2892 case IPCP_OPT_ADDRESS: 2893 desiredaddr = p[2] << 24 | p[3] << 16 | 2894 p[4] << 8 | p[5]; 2895 if (desiredaddr == hisaddr || 2896 ((sp->ipcp.flags & IPCP_HISADDR_DYN) && desiredaddr != 0)) { 2897 /* 2898 * Peer's address is same as our value, 2899 * this is agreeable. Gonna conf-ack 2900 * it. 2901 */ 2902 if (debug) 2903 addlog(" %s [ack]", 2904 sppp_dotted_quad(hisaddr)); 2905 /* record that we've seen it already */ 2906 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2907 sp->ipcp.req_hisaddr = desiredaddr; 2908 hisaddr = desiredaddr; 2909 continue; 2910 } 2911 /* 2912 * The address wasn't agreeable. This is either 2913 * he sent us 0.0.0.0, asking to assign him an 2914 * address, or he send us another address not 2915 * matching our value. Either case, we gonna 2916 * conf-nak it with our value. 2917 */ 2918 if (debug) { 2919 if (desiredaddr == 0) 2920 addlog(" [addr requested]"); 2921 else 2922 addlog(" %s [not agreed]", 2923 sppp_dotted_quad(desiredaddr)); 2924 } 2925 2926 p[2] = hisaddr >> 24; 2927 p[3] = hisaddr >> 16; 2928 p[4] = hisaddr >> 8; 2929 p[5] = hisaddr; 2930 break; 2931 } 2932 /* Add the option to nak'ed list. */ 2933 bcopy (p, r, p[1]); 2934 r += p[1]; 2935 rlen += p[1]; 2936 } 2937 2938 /* 2939 * If we are about to conf-ack the request, but haven't seen 2940 * his address so far, gonna conf-nak it instead, with the 2941 * `address' option present and our idea of his address being 2942 * filled in there, to request negotiation of both addresses. 2943 * 2944 * XXX This can result in an endless req - nak loop if peer 2945 * doesn't want to send us his address. Q: What should we do 2946 * about it? XXX A: implement the max-failure counter. 2947 */ 2948 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) { 2949 buf[0] = IPCP_OPT_ADDRESS; 2950 buf[1] = 6; 2951 buf[2] = hisaddr >> 24; 2952 buf[3] = hisaddr >> 16; 2953 buf[4] = hisaddr >> 8; 2954 buf[5] = hisaddr; 2955 rlen = 6; 2956 if (debug) 2957 addlog(" still need hisaddr"); 2958 } 2959 2960 if (rlen) { 2961 if (debug) 2962 addlog(" send conf-nak\n"); 2963 sppp_cp_send(sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2964 } else { 2965 if (debug) 2966 addlog(" send conf-ack\n"); 2967 sppp_cp_send(sp, PPP_IPCP, CONF_ACK, h->ident, origlen, h + 1); 2968 } 2969 2970 end: 2971 free(buf, M_TEMP); 2972 return (rlen == 0); 2973 } 2974 2975 /* 2976 * Analyze the IPCP Configure-Reject option list, and adjust our 2977 * negotiation. 2978 */ 2979 static void 2980 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2981 { 2982 u_char *buf, *p; 2983 struct ifnet *ifp = &sp->pp_if; 2984 int debug = ifp->if_flags & IFF_DEBUG; 2985 2986 len -= 4; 2987 buf = malloc (len, M_TEMP, M_NOWAIT); 2988 if (!buf) 2989 return; 2990 2991 if (debug) 2992 log(LOG_DEBUG, "%s: ipcp rej opts:", 2993 ifp->if_xname); 2994 2995 p = (void *)(h + 1); 2996 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2997 if (debug) 2998 addlog(" %s", sppp_ipcp_opt_name(*p)); 2999 switch (*p) { 3000 case IPCP_OPT_ADDRESS: 3001 /* 3002 * Peer doesn't grok address option. This is 3003 * bad. XXX Should we better give up here? 3004 */ 3005 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3006 break; 3007 #ifdef notyet 3008 case IPCP_OPT_COMPRESS: 3009 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS); 3010 break; 3011 #endif 3012 } 3013 } 3014 if (debug) 3015 addlog("\n"); 3016 free(buf, M_TEMP); 3017 return; 3018 } 3019 3020 /* 3021 * Analyze the IPCP Configure-NAK option list, and adjust our 3022 * negotiation. 3023 */ 3024 static void 3025 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3026 { 3027 u_char *p; 3028 struct ifnet *ifp = &sp->pp_if; 3029 int debug = ifp->if_flags & IFF_DEBUG; 3030 u_int32_t wantaddr; 3031 3032 len -= 4; 3033 3034 if (debug) 3035 log(LOG_DEBUG, "%s: ipcp nak opts:", 3036 ifp->if_xname); 3037 3038 p = (void *)(h + 1); 3039 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3040 if (debug) 3041 addlog(" %s", sppp_ipcp_opt_name(*p)); 3042 switch (*p) { 3043 case IPCP_OPT_ADDRESS: 3044 /* 3045 * Peer doesn't like our local IP address. See 3046 * if we can do something for him. We'll drop 3047 * him our address then. 3048 */ 3049 if (len >= 6 && p[1] == 6) { 3050 wantaddr = p[2] << 24 | p[3] << 16 | 3051 p[4] << 8 | p[5]; 3052 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3053 if (debug) 3054 addlog(" [wantaddr %s]", 3055 sppp_dotted_quad(wantaddr)); 3056 /* 3057 * When doing dynamic address assignment, 3058 * we accept his offer. Otherwise, we 3059 * ignore it and thus continue to negotiate 3060 * our already existing value. 3061 */ 3062 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3063 if (debug) 3064 addlog(" [agree]"); 3065 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3066 sp->ipcp.req_myaddr = wantaddr; 3067 } 3068 } 3069 break; 3070 3071 case IPCP_OPT_PRIMDNS: 3072 if (len >= 6 && p[1] == 6) { 3073 sp->dns_addrs[0] = p[2] << 24 | p[3] << 16 | 3074 p[4] << 8 | p[5]; 3075 } 3076 break; 3077 3078 case IPCP_OPT_SECDNS: 3079 if (len >= 6 && p[1] == 6) { 3080 sp->dns_addrs[1] = p[2] << 24 | p[3] << 16 | 3081 p[4] << 8 | p[5]; 3082 } 3083 break; 3084 #ifdef notyet 3085 case IPCP_OPT_COMPRESS: 3086 /* 3087 * Peer wants different compression parameters. 3088 */ 3089 break; 3090 #endif 3091 } 3092 } 3093 if (debug) 3094 addlog("\n"); 3095 return; 3096 } 3097 3098 static void 3099 sppp_ipcp_tlu(struct sppp *sp) 3100 { 3101 /* we are up. Set addresses and notify anyone interested */ 3102 STDDCL; 3103 u_int32_t myaddr, hisaddr; 3104 3105 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 3106 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && (sp->ipcp.flags & IPCP_MYADDR_SEEN)) 3107 myaddr = sp->ipcp.req_myaddr; 3108 if ((sp->ipcp.flags & IPCP_HISADDR_DYN) && (sp->ipcp.flags & IPCP_HISADDR_SEEN)) 3109 hisaddr = sp->ipcp.req_hisaddr; 3110 sppp_set_ip_addrs(sp, myaddr, hisaddr); 3111 3112 if (ifp->if_mtu > sp->lcp.their_mru) { 3113 sp->pp_saved_mtu = ifp->if_mtu; 3114 ifp->if_mtu = sp->lcp.their_mru; 3115 if (debug) 3116 log(LOG_DEBUG, 3117 "%s: setting MTU to %" PRIu64 " bytes\n", 3118 ifp->if_xname, ifp->if_mtu); 3119 } 3120 3121 if (sp->pp_con) 3122 sp->pp_con(sp); 3123 } 3124 3125 static void 3126 sppp_ipcp_tld(struct sppp *sp) 3127 { 3128 } 3129 3130 static void 3131 sppp_ipcp_tls(struct sppp *sp) 3132 { 3133 /* indicate to LCP that it must stay alive */ 3134 sp->lcp.protos |= (1 << IDX_IPCP); 3135 } 3136 3137 static void 3138 sppp_ipcp_tlf(struct sppp *sp) 3139 { 3140 /* we no longer need LCP */ 3141 sp->lcp.protos &= ~(1 << IDX_IPCP); 3142 } 3143 3144 static void 3145 sppp_ipcp_scr(struct sppp *sp) 3146 { 3147 char opt[6 /* compression */ + 6 /* address */ + 12 /* dns addresses */]; 3148 u_int32_t ouraddr; 3149 int i = 0; 3150 3151 #ifdef notyet 3152 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3153 opt[i++] = IPCP_OPT_COMPRESSION; 3154 opt[i++] = 6; 3155 opt[i++] = 0; /* VJ header compression */ 3156 opt[i++] = 0x2d; /* VJ header compression */ 3157 opt[i++] = max_slot_id; 3158 opt[i++] = comp_slot_id; 3159 } 3160 #endif 3161 3162 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3163 if (sp->ipcp.flags & IPCP_MYADDR_SEEN) 3164 ouraddr = sp->ipcp.req_myaddr; /* not sure if this can ever happen */ 3165 else 3166 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3167 opt[i++] = IPCP_OPT_ADDRESS; 3168 opt[i++] = 6; 3169 opt[i++] = ouraddr >> 24; 3170 opt[i++] = ouraddr >> 16; 3171 opt[i++] = ouraddr >> 8; 3172 opt[i++] = ouraddr; 3173 } 3174 3175 if (sp->query_dns & 1) { 3176 opt[i++] = IPCP_OPT_PRIMDNS; 3177 opt[i++] = 6; 3178 opt[i++] = sp->dns_addrs[0] >> 24; 3179 opt[i++] = sp->dns_addrs[0] >> 16; 3180 opt[i++] = sp->dns_addrs[0] >> 8; 3181 opt[i++] = sp->dns_addrs[0]; 3182 } 3183 if (sp->query_dns & 2) { 3184 opt[i++] = IPCP_OPT_SECDNS; 3185 opt[i++] = 6; 3186 opt[i++] = sp->dns_addrs[1] >> 24; 3187 opt[i++] = sp->dns_addrs[1] >> 16; 3188 opt[i++] = sp->dns_addrs[1] >> 8; 3189 opt[i++] = sp->dns_addrs[1]; 3190 } 3191 3192 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3193 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3194 } 3195 3196 3197 /* 3198 *--------------------------------------------------------------------------* 3199 * * 3200 * The IPv6CP implementation. * 3201 * * 3202 *--------------------------------------------------------------------------* 3203 */ 3204 3205 #ifdef INET6 3206 static void 3207 sppp_ipv6cp_init(struct sppp *sp) 3208 { 3209 sp->ipv6cp.opts = 0; 3210 sp->ipv6cp.flags = 0; 3211 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3212 sp->fail_counter[IDX_IPV6CP] = 0; 3213 sp->pp_seq[IDX_IPV6CP] = 0; 3214 sp->pp_rseq[IDX_IPV6CP] = 0; 3215 callout_init(&sp->ch[IDX_IPV6CP]); 3216 } 3217 3218 static void 3219 sppp_ipv6cp_up(struct sppp *sp) 3220 { 3221 sppp_up_event(&ipv6cp, sp); 3222 } 3223 3224 static void 3225 sppp_ipv6cp_down(struct sppp *sp) 3226 { 3227 sppp_down_event(&ipv6cp, sp); 3228 } 3229 3230 static void 3231 sppp_ipv6cp_open(struct sppp *sp) 3232 { 3233 STDDCL; 3234 struct in6_addr myaddr, hisaddr; 3235 3236 #ifdef IPV6CP_MYIFID_DYN 3237 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3238 #else 3239 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3240 #endif 3241 3242 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3243 /* 3244 * If we don't have our address, this probably means our 3245 * interface doesn't want to talk IPv6 at all. (This could 3246 * be the case if somebody wants to speak only IPX, for 3247 * example.) Don't open IPv6CP in this case. 3248 */ 3249 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3250 /* XXX this message should go away */ 3251 if (debug) 3252 log(LOG_DEBUG, "%s: ipv6cp_open(): no IPv6 interface\n", 3253 ifp->if_xname); 3254 return; 3255 } 3256 3257 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3258 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3259 sppp_open_event(&ipv6cp, sp); 3260 } 3261 3262 static void 3263 sppp_ipv6cp_close(struct sppp *sp) 3264 { 3265 sppp_close_event(&ipv6cp, sp); 3266 } 3267 3268 static void 3269 sppp_ipv6cp_TO(void *cookie) 3270 { 3271 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3272 } 3273 3274 /* 3275 * Analyze a configure request. Return true if it was agreeable, and 3276 * caused action sca, false if it has been rejected or nak'ed, and 3277 * caused action scn. (The return value is used to make the state 3278 * transition decision in the state automaton.) 3279 */ 3280 static int 3281 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3282 { 3283 u_char *buf, *r, *p; 3284 struct ifnet *ifp = &sp->pp_if; 3285 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3286 struct in6_addr myaddr, desiredaddr, suggestaddr; 3287 int ifidcount; 3288 int type; 3289 int collision, nohisaddr; 3290 3291 len -= 4; 3292 origlen = len; 3293 /* 3294 * Make sure to allocate a buf that can at least hold a 3295 * conf-nak with an `address' option. We might need it below. 3296 */ 3297 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3298 if (! buf) 3299 return (0); 3300 3301 /* pass 1: see if we can recognize them */ 3302 if (debug) 3303 log(LOG_DEBUG, "%s: ipv6cp parse opts:", 3304 ifp->if_xname); 3305 p = (void *)(h + 1); 3306 ifidcount = 0; 3307 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3308 if (debug) 3309 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3310 switch (*p) { 3311 case IPV6CP_OPT_IFID: 3312 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3313 /* correctly formed address option */ 3314 ifidcount++; 3315 continue; 3316 } 3317 if (debug) 3318 addlog(" [invalid]"); 3319 break; 3320 #ifdef notyet 3321 case IPV6CP_OPT_COMPRESSION: 3322 if (len >= 4 && p[1] >= 4) { 3323 /* correctly formed compress option */ 3324 continue; 3325 } 3326 if (debug) 3327 addlog(" [invalid]"); 3328 break; 3329 #endif 3330 default: 3331 /* Others not supported. */ 3332 if (debug) 3333 addlog(" [rej]"); 3334 break; 3335 } 3336 /* Add the option to rejected list. */ 3337 bcopy (p, r, p[1]); 3338 r += p[1]; 3339 rlen += p[1]; 3340 } 3341 if (rlen) { 3342 if (debug) 3343 addlog(" send conf-rej\n"); 3344 sppp_cp_send(sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3345 goto end; 3346 } else if (debug) 3347 addlog("\n"); 3348 3349 /* pass 2: parse option values */ 3350 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3351 if (debug) 3352 log(LOG_DEBUG, "%s: ipv6cp parse opt values: ", 3353 ifp->if_xname); 3354 p = (void *)(h + 1); 3355 len = origlen; 3356 type = CONF_ACK; 3357 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3358 if (debug) 3359 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3360 switch (*p) { 3361 #ifdef notyet 3362 case IPV6CP_OPT_COMPRESSION: 3363 continue; 3364 #endif 3365 case IPV6CP_OPT_IFID: 3366 memset(&desiredaddr, 0, sizeof(desiredaddr)); 3367 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3368 collision = (memcmp(&desiredaddr.s6_addr[8], 3369 &myaddr.s6_addr[8], 8) == 0); 3370 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3371 3372 desiredaddr.s6_addr16[0] = htons(0xfe80); 3373 desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3374 3375 if (!collision && !nohisaddr) { 3376 /* no collision, hisaddr known - Conf-Ack */ 3377 type = CONF_ACK; 3378 3379 if (debug) { 3380 addlog(" %s [%s]", 3381 ip6_sprintf(&desiredaddr), 3382 sppp_cp_type_name(type)); 3383 } 3384 continue; 3385 } 3386 3387 memset(&suggestaddr, 0, sizeof(&suggestaddr)); 3388 if (collision && nohisaddr) { 3389 /* collision, hisaddr unknown - Conf-Rej */ 3390 type = CONF_REJ; 3391 memset(&p[2], 0, 8); 3392 } else { 3393 /* 3394 * - no collision, hisaddr unknown, or 3395 * - collision, hisaddr known 3396 * Conf-Nak, suggest hisaddr 3397 */ 3398 type = CONF_NAK; 3399 sppp_suggest_ip6_addr(sp, &suggestaddr); 3400 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3401 } 3402 if (debug) 3403 addlog(" %s [%s]", ip6_sprintf(&desiredaddr), 3404 sppp_cp_type_name(type)); 3405 break; 3406 } 3407 /* Add the option to nak'ed list. */ 3408 bcopy (p, r, p[1]); 3409 r += p[1]; 3410 rlen += p[1]; 3411 } 3412 3413 if (rlen == 0 && type == CONF_ACK) { 3414 if (debug) 3415 addlog(" send %s\n", sppp_cp_type_name(type)); 3416 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, origlen, h + 1); 3417 } else { 3418 #ifdef notdef 3419 if (type == CONF_ACK) 3420 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3421 #endif 3422 3423 if (debug) { 3424 addlog(" send %s suggest %s\n", 3425 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr)); 3426 } 3427 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3428 } 3429 3430 end: 3431 free(buf, M_TEMP); 3432 return (rlen == 0); 3433 } 3434 3435 /* 3436 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3437 * negotiation. 3438 */ 3439 static void 3440 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3441 { 3442 u_char *buf, *p; 3443 struct ifnet *ifp = &sp->pp_if; 3444 int debug = ifp->if_flags & IFF_DEBUG; 3445 3446 len -= 4; 3447 buf = malloc (len, M_TEMP, M_NOWAIT); 3448 if (!buf) 3449 return; 3450 3451 if (debug) 3452 log(LOG_DEBUG, "%s: ipv6cp rej opts:", 3453 ifp->if_xname); 3454 3455 p = (void *)(h + 1); 3456 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3457 if (debug) 3458 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3459 switch (*p) { 3460 case IPV6CP_OPT_IFID: 3461 /* 3462 * Peer doesn't grok address option. This is 3463 * bad. XXX Should we better give up here? 3464 */ 3465 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3466 break; 3467 #ifdef notyet 3468 case IPV6CP_OPT_COMPRESS: 3469 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3470 break; 3471 #endif 3472 } 3473 } 3474 if (debug) 3475 addlog("\n"); 3476 free(buf, M_TEMP); 3477 return; 3478 } 3479 3480 /* 3481 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3482 * negotiation. 3483 */ 3484 static void 3485 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3486 { 3487 u_char *buf, *p; 3488 struct ifnet *ifp = &sp->pp_if; 3489 int debug = ifp->if_flags & IFF_DEBUG; 3490 struct in6_addr suggestaddr; 3491 3492 len -= 4; 3493 buf = malloc (len, M_TEMP, M_NOWAIT); 3494 if (!buf) 3495 return; 3496 3497 if (debug) 3498 log(LOG_DEBUG, "%s: ipv6cp nak opts:", 3499 ifp->if_xname); 3500 3501 p = (void *)(h + 1); 3502 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3503 if (debug) 3504 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3505 switch (*p) { 3506 case IPV6CP_OPT_IFID: 3507 /* 3508 * Peer doesn't like our local ifid. See 3509 * if we can do something for him. We'll drop 3510 * him our address then. 3511 */ 3512 if (len < 10 || p[1] != 10) 3513 break; 3514 memset(&suggestaddr, 0, sizeof(suggestaddr)); 3515 suggestaddr.s6_addr16[0] = htons(0xfe80); 3516 suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3517 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3518 3519 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3520 if (debug) 3521 addlog(" [suggestaddr %s]", 3522 ip6_sprintf(&suggestaddr)); 3523 #ifdef IPV6CP_MYIFID_DYN 3524 /* 3525 * When doing dynamic address assignment, 3526 * we accept his offer. 3527 */ 3528 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3529 struct in6_addr lastsuggest; 3530 /* 3531 * If <suggested myaddr from peer> equals to 3532 * <hisaddr we have suggested last time>, 3533 * we have a collision. generate new random 3534 * ifid. 3535 */ 3536 sppp_suggest_ip6_addr(&lastsuggest); 3537 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3538 lastsuggest)) { 3539 if (debug) 3540 addlog(" [random]"); 3541 sppp_gen_ip6_addr(sp, &suggestaddr); 3542 } 3543 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3544 if (debug) 3545 addlog(" [agree]"); 3546 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3547 } 3548 #else 3549 /* 3550 * Since we do not do dynamic address assignment, 3551 * we ignore it and thus continue to negotiate 3552 * our already existing value. This can possibly 3553 * go into infinite request-reject loop. 3554 * 3555 * This is not likely because we normally use 3556 * ifid based on MAC-address. 3557 * If you have no ethernet card on the node, too bad. 3558 * XXX should we use fail_counter? 3559 */ 3560 #endif 3561 break; 3562 #ifdef notyet 3563 case IPV6CP_OPT_COMPRESS: 3564 /* 3565 * Peer wants different compression parameters. 3566 */ 3567 break; 3568 #endif 3569 } 3570 } 3571 if (debug) 3572 addlog("\n"); 3573 free(buf, M_TEMP); 3574 return; 3575 } 3576 3577 static void 3578 sppp_ipv6cp_tlu(struct sppp *sp) 3579 { 3580 /* we are up - notify isdn daemon */ 3581 if (sp->pp_con) 3582 sp->pp_con(sp); 3583 } 3584 3585 static void 3586 sppp_ipv6cp_tld(struct sppp *sp) 3587 { 3588 } 3589 3590 static void 3591 sppp_ipv6cp_tls(struct sppp *sp) 3592 { 3593 /* indicate to LCP that it must stay alive */ 3594 sp->lcp.protos |= (1 << IDX_IPV6CP); 3595 } 3596 3597 static void 3598 sppp_ipv6cp_tlf(struct sppp *sp) 3599 { 3600 /* we no longer need LCP */ 3601 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3602 } 3603 3604 static void 3605 sppp_ipv6cp_scr(struct sppp *sp) 3606 { 3607 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3608 struct in6_addr ouraddr; 3609 int i = 0; 3610 3611 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3612 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3613 opt[i++] = IPV6CP_OPT_IFID; 3614 opt[i++] = 10; 3615 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3616 i += 8; 3617 } 3618 3619 #ifdef notyet 3620 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3621 opt[i++] = IPV6CP_OPT_COMPRESSION; 3622 opt[i++] = 4; 3623 opt[i++] = 0; /* TBD */ 3624 opt[i++] = 0; /* TBD */ 3625 /* variable length data may follow */ 3626 } 3627 #endif 3628 3629 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3630 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3631 } 3632 #else /*INET6*/ 3633 static void sppp_ipv6cp_init(struct sppp *sp) 3634 { 3635 } 3636 3637 static void sppp_ipv6cp_up(struct sppp *sp) 3638 { 3639 } 3640 3641 static void sppp_ipv6cp_down(struct sppp *sp) 3642 { 3643 } 3644 3645 3646 static void sppp_ipv6cp_open(struct sppp *sp) 3647 { 3648 } 3649 3650 static void sppp_ipv6cp_close(struct sppp *sp) 3651 { 3652 } 3653 3654 static void sppp_ipv6cp_TO(void *sp) 3655 { 3656 } 3657 3658 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3659 { 3660 return 0; 3661 } 3662 3663 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3664 { 3665 } 3666 3667 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3668 { 3669 } 3670 3671 static void sppp_ipv6cp_tlu(struct sppp *sp) 3672 { 3673 } 3674 3675 static void sppp_ipv6cp_tld(struct sppp *sp) 3676 { 3677 } 3678 3679 static void sppp_ipv6cp_tls(struct sppp *sp) 3680 { 3681 } 3682 3683 static void sppp_ipv6cp_tlf(struct sppp *sp) 3684 { 3685 } 3686 3687 static void sppp_ipv6cp_scr(struct sppp *sp) 3688 { 3689 } 3690 #endif /*INET6*/ 3691 3692 3693 /* 3694 *--------------------------------------------------------------------------* 3695 * * 3696 * The CHAP implementation. * 3697 * * 3698 *--------------------------------------------------------------------------* 3699 */ 3700 3701 /* 3702 * The authentication protocols don't employ a full-fledged state machine as 3703 * the control protocols do, since they do have Open and Close events, but 3704 * not Up and Down, nor are they explicitly terminated. Also, use of the 3705 * authentication protocols may be different in both directions (this makes 3706 * sense, think of a machine that never accepts incoming calls but only 3707 * calls out, it doesn't require the called party to authenticate itself). 3708 * 3709 * Our state machine for the local authentication protocol (we are requesting 3710 * the peer to authenticate) looks like: 3711 * 3712 * RCA- 3713 * +--------------------------------------------+ 3714 * V scn,tld| 3715 * +--------+ Close +---------+ RCA+ 3716 * | |<----------------------------------| |------+ 3717 * +--->| Closed | TO* | Opened | sca | 3718 * | | |-----+ +-------| |<-----+ 3719 * | +--------+ irc | | +---------+ 3720 * | ^ | | ^ 3721 * | | | | | 3722 * | | | | | 3723 * | TO-| | | | 3724 * | |tld TO+ V | | 3725 * | | +------->+ | | 3726 * | | | | | | 3727 * | +--------+ V | | 3728 * | | |<----+<--------------------+ | 3729 * | | Req- | scr | 3730 * | | Sent | | 3731 * | | | | 3732 * | +--------+ | 3733 * | RCA- | | RCA+ | 3734 * +------+ +------------------------------------------+ 3735 * scn,tld sca,irc,ict,tlu 3736 * 3737 * 3738 * with: 3739 * 3740 * Open: LCP reached authentication phase 3741 * Close: LCP reached terminate phase 3742 * 3743 * RCA+: received reply (pap-req, chap-response), acceptable 3744 * RCN: received reply (pap-req, chap-response), not acceptable 3745 * TO+: timeout with restart counter >= 0 3746 * TO-: timeout with restart counter < 0 3747 * TO*: reschedule timeout for CHAP 3748 * 3749 * scr: send request packet (none for PAP, chap-challenge) 3750 * sca: send ack packet (pap-ack, chap-success) 3751 * scn: send nak packet (pap-nak, chap-failure) 3752 * ict: initialize re-challenge timer (CHAP only) 3753 * 3754 * tlu: this-layer-up, LCP reaches network phase 3755 * tld: this-layer-down, LCP enters terminate phase 3756 * 3757 * Note that in CHAP mode, after sending a new challenge, while the state 3758 * automaton falls back into Req-Sent state, it doesn't signal a tld 3759 * event to LCP, so LCP remains in network phase. Only after not getting 3760 * any response (or after getting an unacceptable response), CHAP closes, 3761 * causing LCP to enter terminate phase. 3762 * 3763 * With PAP, there is no initial request that can be sent. The peer is 3764 * expected to send one based on the successful negotiation of PAP as 3765 * the authentication protocol during the LCP option negotiation. 3766 * 3767 * Incoming authentication protocol requests (remote requests 3768 * authentication, we are peer) don't employ a state machine at all, 3769 * they are simply answered. Some peers [Ascend P50 firmware rev 3770 * 4.50] react allergically when sending IPCP/IPv6CP requests while they are 3771 * still in authentication phase (thereby violating the standard that 3772 * demands that these NCP packets are to be discarded), so we keep 3773 * track of the peer demanding us to authenticate, and only proceed to 3774 * phase network once we've seen a positive acknowledge for the 3775 * authentication. 3776 */ 3777 3778 /* 3779 * Handle incoming CHAP packets. 3780 */ 3781 void 3782 sppp_chap_input(struct sppp *sp, struct mbuf *m) 3783 { 3784 STDDCL; 3785 struct lcp_header *h; 3786 int len, x; 3787 u_char *value, *name, digest[sizeof(sp->myauth.challenge)], dsize; 3788 int value_len, name_len; 3789 MD5_CTX ctx; 3790 3791 len = m->m_pkthdr.len; 3792 if (len < 4) { 3793 if (debug) 3794 log(LOG_DEBUG, 3795 "%s: chap invalid packet length: %d bytes\n", 3796 ifp->if_xname, len); 3797 return; 3798 } 3799 h = mtod(m, struct lcp_header *); 3800 if (len > ntohs(h->len)) 3801 len = ntohs(h->len); 3802 3803 switch (h->type) { 3804 /* challenge, failure and success are his authproto */ 3805 case CHAP_CHALLENGE: 3806 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 3807 /* can't do anything usefull */ 3808 sp->pp_auth_failures++; 3809 printf("%s: chap input without my name and my secret being set\n", 3810 ifp->if_xname); 3811 break; 3812 } 3813 value = 1 + (u_char *)(h + 1); 3814 value_len = value[-1]; 3815 name = value + value_len; 3816 name_len = len - value_len - 5; 3817 if (name_len < 0) { 3818 if (debug) { 3819 log(LOG_DEBUG, 3820 "%s: chap corrupted challenge " 3821 "<%s id=0x%x len=%d", 3822 ifp->if_xname, 3823 sppp_auth_type_name(PPP_CHAP, h->type), 3824 h->ident, ntohs(h->len)); 3825 if (len > 4) 3826 sppp_print_bytes((u_char *)(h + 1), 3827 len - 4); 3828 addlog(">\n"); 3829 } 3830 break; 3831 } 3832 3833 if (debug) { 3834 log(LOG_DEBUG, 3835 "%s: chap input <%s id=0x%x len=%d name=", 3836 ifp->if_xname, 3837 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3838 ntohs(h->len)); 3839 sppp_print_string((char *) name, name_len); 3840 addlog(" value-size=%d value=", value_len); 3841 sppp_print_bytes(value, value_len); 3842 addlog(">\n"); 3843 } 3844 3845 /* Compute reply value. */ 3846 MD5Init(&ctx); 3847 MD5Update(&ctx, &h->ident, 1); 3848 MD5Update(&ctx, sp->myauth.secret, sp->myauth.secret_len); 3849 MD5Update(&ctx, value, value_len); 3850 MD5Final(digest, &ctx); 3851 dsize = sizeof digest; 3852 3853 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3854 sizeof dsize, (const char *)&dsize, 3855 sizeof digest, digest, 3856 sp->myauth.name_len, 3857 sp->myauth.name, 3858 0); 3859 break; 3860 3861 case CHAP_SUCCESS: 3862 if (debug) { 3863 log(LOG_DEBUG, "%s: chap success", 3864 ifp->if_xname); 3865 if (len > 4) { 3866 addlog(": "); 3867 sppp_print_string((char *)(h + 1), len - 4); 3868 } 3869 addlog("\n"); 3870 } 3871 x = splnet(); 3872 sp->pp_auth_failures = 0; 3873 sp->pp_flags &= ~PP_NEEDAUTH; 3874 if (sp->myauth.proto == PPP_CHAP && 3875 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3876 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3877 /* 3878 * We are authenticator for CHAP but didn't 3879 * complete yet. Leave it to tlu to proceed 3880 * to network phase. 3881 */ 3882 splx(x); 3883 break; 3884 } 3885 splx(x); 3886 sppp_phase_network(sp); 3887 break; 3888 3889 case CHAP_FAILURE: 3890 x = splnet(); 3891 sp->pp_auth_failures++; 3892 splx(x); 3893 if (debug) { 3894 log(LOG_INFO, "%s: chap failure", 3895 ifp->if_xname); 3896 if (len > 4) { 3897 addlog(": "); 3898 sppp_print_string((char *)(h + 1), len - 4); 3899 } 3900 addlog("\n"); 3901 } else 3902 log(LOG_INFO, "%s: chap failure\n", 3903 ifp->if_xname); 3904 /* await LCP shutdown by authenticator */ 3905 break; 3906 3907 /* response is my authproto */ 3908 case CHAP_RESPONSE: 3909 if (sp->hisauth.secret == NULL) { 3910 /* can't do anything usefull */ 3911 printf("%s: chap input without his secret being set\n", 3912 ifp->if_xname); 3913 break; 3914 } 3915 value = 1 + (u_char *)(h + 1); 3916 value_len = value[-1]; 3917 name = value + value_len; 3918 name_len = len - value_len - 5; 3919 if (name_len < 0) { 3920 if (debug) { 3921 log(LOG_DEBUG, 3922 "%s: chap corrupted response " 3923 "<%s id=0x%x len=%d", 3924 ifp->if_xname, 3925 sppp_auth_type_name(PPP_CHAP, h->type), 3926 h->ident, ntohs(h->len)); 3927 if (len > 4) 3928 sppp_print_bytes((u_char *)(h + 1), 3929 len - 4); 3930 addlog(">\n"); 3931 } 3932 break; 3933 } 3934 if (h->ident != sp->confid[IDX_CHAP]) { 3935 if (debug) 3936 log(LOG_DEBUG, 3937 "%s: chap dropping response for old ID " 3938 "(got %d, expected %d)\n", 3939 ifp->if_xname, 3940 h->ident, sp->confid[IDX_CHAP]); 3941 break; 3942 } 3943 if (sp->hisauth.name != NULL && 3944 (name_len != sp->hisauth.name_len 3945 || memcmp(name, sp->hisauth.name, name_len) != 0)) { 3946 log(LOG_INFO, "%s: chap response, his name ", 3947 ifp->if_xname); 3948 sppp_print_string(name, name_len); 3949 addlog(" != expected "); 3950 sppp_print_string(sp->hisauth.name, 3951 sp->hisauth.name_len); 3952 addlog("\n"); 3953 goto chap_failure; 3954 } 3955 if (debug) { 3956 log(LOG_DEBUG, "%s: chap input(%s) " 3957 "<%s id=0x%x len=%d name=", 3958 ifp->if_xname, 3959 sppp_state_name(sp->state[IDX_CHAP]), 3960 sppp_auth_type_name(PPP_CHAP, h->type), 3961 h->ident, ntohs(h->len)); 3962 sppp_print_string((char *)name, name_len); 3963 addlog(" value-size=%d value=", value_len); 3964 sppp_print_bytes(value, value_len); 3965 addlog(">\n"); 3966 } 3967 if (value_len != sizeof(sp->myauth.challenge)) { 3968 if (debug) 3969 log(LOG_DEBUG, 3970 "%s: chap bad hash value length: " 3971 "%d bytes, should be %ld\n", 3972 ifp->if_xname, value_len, 3973 (long) sizeof(sp->myauth.challenge)); 3974 goto chap_failure; 3975 } 3976 3977 MD5Init(&ctx); 3978 MD5Update(&ctx, &h->ident, 1); 3979 MD5Update(&ctx, sp->hisauth.secret, sp->hisauth.secret_len); 3980 MD5Update(&ctx, sp->myauth.challenge, sizeof(sp->myauth.challenge)); 3981 MD5Final(digest, &ctx); 3982 3983 #define FAILMSG "Failed..." 3984 #define SUCCMSG "Welcome!" 3985 3986 if (value_len != sizeof digest || 3987 memcmp(digest, value, value_len) != 0) { 3988 chap_failure: 3989 /* action scn, tld */ 3990 x = splnet(); 3991 sp->pp_auth_failures++; 3992 splx(x); 3993 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3994 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3995 0); 3996 chap.tld(sp); 3997 break; 3998 } 3999 sp->pp_auth_failures = 0; 4000 /* action sca, perhaps tlu */ 4001 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 4002 sp->state[IDX_CHAP] == STATE_OPENED) 4003 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4004 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4005 0); 4006 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 4007 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4008 chap.tlu(sp); 4009 } 4010 break; 4011 4012 default: 4013 /* Unknown CHAP packet type -- ignore. */ 4014 if (debug) { 4015 log(LOG_DEBUG, "%s: chap unknown input(%s) " 4016 "<0x%x id=0x%xh len=%d", 4017 ifp->if_xname, 4018 sppp_state_name(sp->state[IDX_CHAP]), 4019 h->type, h->ident, ntohs(h->len)); 4020 if (len > 4) 4021 sppp_print_bytes((u_char *)(h + 1), len - 4); 4022 addlog(">\n"); 4023 } 4024 break; 4025 4026 } 4027 } 4028 4029 static void 4030 sppp_chap_init(struct sppp *sp) 4031 { 4032 /* Chap doesn't have STATE_INITIAL at all. */ 4033 sp->state[IDX_CHAP] = STATE_CLOSED; 4034 sp->fail_counter[IDX_CHAP] = 0; 4035 sp->pp_seq[IDX_CHAP] = 0; 4036 sp->pp_rseq[IDX_CHAP] = 0; 4037 callout_init(&sp->ch[IDX_CHAP]); 4038 } 4039 4040 static void 4041 sppp_chap_open(struct sppp *sp) 4042 { 4043 if (sp->myauth.proto == PPP_CHAP && 4044 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4045 /* we are authenticator for CHAP, start it */ 4046 chap.scr(sp); 4047 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4048 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4049 } 4050 /* nothing to be done if we are peer, await a challenge */ 4051 } 4052 4053 static void 4054 sppp_chap_close(struct sppp *sp) 4055 { 4056 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4057 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4058 } 4059 4060 static void 4061 sppp_chap_TO(void *cookie) 4062 { 4063 struct sppp *sp = (struct sppp *)cookie; 4064 STDDCL; 4065 int s; 4066 4067 s = splnet(); 4068 if (debug) 4069 log(LOG_DEBUG, "%s: chap TO(%s) rst_counter = %d\n", 4070 ifp->if_xname, 4071 sppp_state_name(sp->state[IDX_CHAP]), 4072 sp->rst_counter[IDX_CHAP]); 4073 4074 if (--sp->rst_counter[IDX_CHAP] < 0) 4075 /* TO- event */ 4076 switch (sp->state[IDX_CHAP]) { 4077 case STATE_REQ_SENT: 4078 chap.tld(sp); 4079 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4080 break; 4081 } 4082 else 4083 /* TO+ (or TO*) event */ 4084 switch (sp->state[IDX_CHAP]) { 4085 case STATE_OPENED: 4086 /* TO* event */ 4087 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4088 /* fall through */ 4089 case STATE_REQ_SENT: 4090 chap.scr(sp); 4091 /* sppp_cp_change_state() will restart the timer */ 4092 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4093 break; 4094 } 4095 4096 splx(s); 4097 } 4098 4099 static void 4100 sppp_chap_tlu(struct sppp *sp) 4101 { 4102 STDDCL; 4103 int i, x; 4104 4105 i = 0; 4106 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4107 4108 /* 4109 * Some broken CHAP implementations (Conware CoNet, firmware 4110 * 4.0.?) don't want to re-authenticate their CHAP once the 4111 * initial challenge-response exchange has taken place. 4112 * Provide for an option to avoid rechallenges. 4113 */ 4114 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) { 4115 /* 4116 * Compute the re-challenge timeout. This will yield 4117 * a number between 300 and 810 seconds. 4118 */ 4119 i = 300 + ((unsigned)(arc4random() & 0xff00) >> 7); 4120 4121 callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, sp); 4122 } 4123 4124 if (debug) { 4125 log(LOG_DEBUG, 4126 "%s: chap %s, ", 4127 ifp->if_xname, 4128 sp->pp_phase == SPPP_PHASE_NETWORK? "reconfirmed": "tlu"); 4129 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) 4130 addlog("next re-challenge in %d seconds\n", i); 4131 else 4132 addlog("re-challenging supressed\n"); 4133 } 4134 4135 x = splnet(); 4136 sp->pp_auth_failures = 0; 4137 /* indicate to LCP that we need to be closed down */ 4138 sp->lcp.protos |= (1 << IDX_CHAP); 4139 4140 if (sp->pp_flags & PP_NEEDAUTH) { 4141 /* 4142 * Remote is authenticator, but his auth proto didn't 4143 * complete yet. Defer the transition to network 4144 * phase. 4145 */ 4146 splx(x); 4147 return; 4148 } 4149 splx(x); 4150 4151 /* 4152 * If we are already in phase network, we are done here. This 4153 * is the case if this is a dummy tlu event after a re-challenge. 4154 */ 4155 if (sp->pp_phase != SPPP_PHASE_NETWORK) 4156 sppp_phase_network(sp); 4157 } 4158 4159 static void 4160 sppp_chap_tld(struct sppp *sp) 4161 { 4162 STDDCL; 4163 4164 if (debug) 4165 log(LOG_DEBUG, "%s: chap tld\n", ifp->if_xname); 4166 callout_stop(&sp->ch[IDX_CHAP]); 4167 sp->lcp.protos &= ~(1 << IDX_CHAP); 4168 4169 lcp.Close(sp); 4170 } 4171 4172 static void 4173 sppp_chap_scr(struct sppp *sp) 4174 { 4175 u_int32_t *ch; 4176 u_char clen; 4177 4178 if (sp->myauth.name == NULL) { 4179 /* can't do anything usefull */ 4180 printf("%s: chap starting without my name being set\n", 4181 sp->pp_if.if_xname); 4182 return; 4183 } 4184 4185 /* Compute random challenge. */ 4186 ch = (u_int32_t *)sp->myauth.challenge; 4187 ch[0] = arc4random(); 4188 ch[1] = arc4random(); 4189 ch[2] = arc4random(); 4190 ch[3] = arc4random(); 4191 clen = 16; /* 4 * sizeof(u_int32_t) */ 4192 4193 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4194 4195 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4196 sizeof clen, (const char *)&clen, 4197 sizeof(sp->myauth.challenge), sp->myauth.challenge, 4198 sp->myauth.name_len, 4199 sp->myauth.name, 4200 0); 4201 } 4202 4203 /* 4204 *--------------------------------------------------------------------------* 4205 * * 4206 * The PAP implementation. * 4207 * * 4208 *--------------------------------------------------------------------------* 4209 */ 4210 /* 4211 * For PAP, we need to keep a little state also if we are the peer, not the 4212 * authenticator. This is since we don't get a request to authenticate, but 4213 * have to repeatedly authenticate ourself until we got a response (or the 4214 * retry counter is expired). 4215 */ 4216 4217 /* 4218 * Handle incoming PAP packets. */ 4219 static void 4220 sppp_pap_input(struct sppp *sp, struct mbuf *m) 4221 { 4222 STDDCL; 4223 struct lcp_header *h; 4224 int len, x; 4225 u_char mlen; 4226 char *name, *secret; 4227 int name_len, secret_len; 4228 4229 len = m->m_pkthdr.len; 4230 if (len < 5) { 4231 if (debug) 4232 log(LOG_DEBUG, 4233 "%s: pap invalid packet length: %d bytes\n", 4234 ifp->if_xname, len); 4235 return; 4236 } 4237 h = mtod(m, struct lcp_header *); 4238 if (len > ntohs(h->len)) 4239 len = ntohs(h->len); 4240 switch (h->type) { 4241 /* PAP request is my authproto */ 4242 case PAP_REQ: 4243 if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) { 4244 /* can't do anything usefull */ 4245 printf("%s: pap request without his name and his secret being set\n", 4246 ifp->if_xname); 4247 break; 4248 } 4249 name = 1 + (u_char *)(h + 1); 4250 name_len = name[-1]; 4251 secret = name + name_len + 1; 4252 if (name_len > len - 6 || 4253 (secret_len = secret[-1]) > len - 6 - name_len) { 4254 if (debug) { 4255 log(LOG_DEBUG, "%s: pap corrupted input " 4256 "<%s id=0x%x len=%d", 4257 ifp->if_xname, 4258 sppp_auth_type_name(PPP_PAP, h->type), 4259 h->ident, ntohs(h->len)); 4260 if (len > 4) 4261 sppp_print_bytes((u_char *)(h + 1), 4262 len - 4); 4263 addlog(">\n"); 4264 } 4265 break; 4266 } 4267 if (debug) { 4268 log(LOG_DEBUG, "%s: pap input(%s) " 4269 "<%s id=0x%x len=%d name=", 4270 ifp->if_xname, 4271 sppp_state_name(sp->state[IDX_PAP]), 4272 sppp_auth_type_name(PPP_PAP, h->type), 4273 h->ident, ntohs(h->len)); 4274 sppp_print_string((char *)name, name_len); 4275 addlog(" secret="); 4276 sppp_print_string((char *)secret, secret_len); 4277 addlog(">\n"); 4278 } 4279 if (name_len != sp->hisauth.name_len || 4280 secret_len != sp->hisauth.secret_len || 4281 memcmp(name, sp->hisauth.name, name_len) != 0 || 4282 memcmp(secret, sp->hisauth.secret, secret_len) != 0) { 4283 /* action scn, tld */ 4284 sp->pp_auth_failures++; 4285 mlen = sizeof(FAILMSG) - 1; 4286 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4287 sizeof mlen, (const char *)&mlen, 4288 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4289 0); 4290 pap.tld(sp); 4291 break; 4292 } 4293 /* action sca, perhaps tlu */ 4294 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4295 sp->state[IDX_PAP] == STATE_OPENED) { 4296 mlen = sizeof(SUCCMSG) - 1; 4297 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4298 sizeof mlen, (const char *)&mlen, 4299 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4300 0); 4301 } 4302 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4303 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4304 pap.tlu(sp); 4305 } 4306 break; 4307 4308 /* ack and nak are his authproto */ 4309 case PAP_ACK: 4310 callout_stop(&sp->pap_my_to_ch); 4311 if (debug) { 4312 log(LOG_DEBUG, "%s: pap success", 4313 ifp->if_xname); 4314 name_len = *(char *)h; 4315 if (len > 5 && name_len) { 4316 addlog(": "); 4317 sppp_print_string((char *)(h + 1), name_len); 4318 } 4319 addlog("\n"); 4320 } 4321 x = splnet(); 4322 sp->pp_auth_failures = 0; 4323 sp->pp_flags &= ~PP_NEEDAUTH; 4324 if (sp->myauth.proto == PPP_PAP && 4325 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4326 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4327 /* 4328 * We are authenticator for PAP but didn't 4329 * complete yet. Leave it to tlu to proceed 4330 * to network phase. 4331 */ 4332 splx(x); 4333 break; 4334 } 4335 splx(x); 4336 sppp_phase_network(sp); 4337 break; 4338 4339 case PAP_NAK: 4340 callout_stop(&sp->pap_my_to_ch); 4341 sp->pp_auth_failures++; 4342 if (debug) { 4343 log(LOG_INFO, "%s: pap failure", 4344 ifp->if_xname); 4345 name_len = *(char *)h; 4346 if (len > 5 && name_len) { 4347 addlog(": "); 4348 sppp_print_string((char *)(h + 1), name_len); 4349 } 4350 addlog("\n"); 4351 } else 4352 log(LOG_INFO, "%s: pap failure\n", 4353 ifp->if_xname); 4354 /* await LCP shutdown by authenticator */ 4355 break; 4356 4357 default: 4358 /* Unknown PAP packet type -- ignore. */ 4359 if (debug) { 4360 log(LOG_DEBUG, "%s: pap corrupted input " 4361 "<0x%x id=0x%x len=%d", 4362 ifp->if_xname, 4363 h->type, h->ident, ntohs(h->len)); 4364 if (len > 4) 4365 sppp_print_bytes((u_char *)(h + 1), len - 4); 4366 addlog(">\n"); 4367 } 4368 break; 4369 4370 } 4371 } 4372 4373 static void 4374 sppp_pap_init(struct sppp *sp) 4375 { 4376 /* PAP doesn't have STATE_INITIAL at all. */ 4377 sp->state[IDX_PAP] = STATE_CLOSED; 4378 sp->fail_counter[IDX_PAP] = 0; 4379 sp->pp_seq[IDX_PAP] = 0; 4380 sp->pp_rseq[IDX_PAP] = 0; 4381 callout_init(&sp->ch[IDX_PAP]); 4382 callout_init(&sp->pap_my_to_ch); 4383 } 4384 4385 static void 4386 sppp_pap_open(struct sppp *sp) 4387 { 4388 if (sp->hisauth.proto == PPP_PAP && 4389 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4390 /* we are authenticator for PAP, start our timer */ 4391 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4392 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4393 } 4394 if (sp->myauth.proto == PPP_PAP) { 4395 /* we are peer, send a request, and start a timer */ 4396 pap.scr(sp); 4397 callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout, 4398 sppp_pap_my_TO, sp); 4399 } 4400 } 4401 4402 static void 4403 sppp_pap_close(struct sppp *sp) 4404 { 4405 if (sp->state[IDX_PAP] != STATE_CLOSED) 4406 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4407 } 4408 4409 /* 4410 * That's the timeout routine if we are authenticator. Since the 4411 * authenticator is basically passive in PAP, we can't do much here. 4412 */ 4413 static void 4414 sppp_pap_TO(void *cookie) 4415 { 4416 struct sppp *sp = (struct sppp *)cookie; 4417 STDDCL; 4418 int s; 4419 4420 s = splnet(); 4421 if (debug) 4422 log(LOG_DEBUG, "%s: pap TO(%s) rst_counter = %d\n", 4423 ifp->if_xname, 4424 sppp_state_name(sp->state[IDX_PAP]), 4425 sp->rst_counter[IDX_PAP]); 4426 4427 if (--sp->rst_counter[IDX_PAP] < 0) 4428 /* TO- event */ 4429 switch (sp->state[IDX_PAP]) { 4430 case STATE_REQ_SENT: 4431 pap.tld(sp); 4432 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4433 break; 4434 } 4435 else 4436 /* TO+ event, not very much we could do */ 4437 switch (sp->state[IDX_PAP]) { 4438 case STATE_REQ_SENT: 4439 /* sppp_cp_change_state() will restart the timer */ 4440 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4441 break; 4442 } 4443 4444 splx(s); 4445 } 4446 4447 /* 4448 * That's the timeout handler if we are peer. Since the peer is active, 4449 * we need to retransmit our PAP request since it is apparently lost. 4450 * XXX We should impose a max counter. 4451 */ 4452 static void 4453 sppp_pap_my_TO(void *cookie) 4454 { 4455 struct sppp *sp = (struct sppp *)cookie; 4456 STDDCL; 4457 4458 if (debug) 4459 log(LOG_DEBUG, "%s: pap peer TO\n", 4460 ifp->if_xname); 4461 4462 pap.scr(sp); 4463 } 4464 4465 static void 4466 sppp_pap_tlu(struct sppp *sp) 4467 { 4468 STDDCL; 4469 int x; 4470 4471 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4472 4473 if (debug) 4474 log(LOG_DEBUG, "%s: %s tlu\n", 4475 ifp->if_xname, pap.name); 4476 4477 x = splnet(); 4478 sp->pp_auth_failures = 0; 4479 /* indicate to LCP that we need to be closed down */ 4480 sp->lcp.protos |= (1 << IDX_PAP); 4481 4482 if (sp->pp_flags & PP_NEEDAUTH) { 4483 /* 4484 * Remote is authenticator, but his auth proto didn't 4485 * complete yet. Defer the transition to network 4486 * phase. 4487 */ 4488 splx(x); 4489 return; 4490 } 4491 splx(x); 4492 sppp_phase_network(sp); 4493 } 4494 4495 static void 4496 sppp_pap_tld(struct sppp *sp) 4497 { 4498 STDDCL; 4499 4500 if (debug) 4501 log(LOG_DEBUG, "%s: pap tld\n", ifp->if_xname); 4502 callout_stop(&sp->ch[IDX_PAP]); 4503 callout_stop(&sp->pap_my_to_ch); 4504 sp->lcp.protos &= ~(1 << IDX_PAP); 4505 4506 lcp.Close(sp); 4507 } 4508 4509 static void 4510 sppp_pap_scr(struct sppp *sp) 4511 { 4512 u_char idlen, pwdlen; 4513 4514 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 4515 /* can't do anything usefull */ 4516 printf("%s: pap starting without my name and secret being set\n", 4517 sp->pp_if.if_xname); 4518 return; 4519 } 4520 4521 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4522 pwdlen = sp->myauth.secret_len; 4523 idlen = sp->myauth.name_len; 4524 4525 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4526 sizeof idlen, (const char *)&idlen, 4527 idlen, sp->myauth.name, 4528 sizeof pwdlen, (const char *)&pwdlen, 4529 pwdlen, sp->myauth.secret, 4530 0); 4531 } 4532 4533 /* 4534 * Random miscellaneous functions. 4535 */ 4536 4537 /* 4538 * Send a PAP or CHAP proto packet. 4539 * 4540 * Varadic function, each of the elements for the ellipsis is of type 4541 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4542 * mlen == 0. 4543 * NOTE: never declare variadic functions with types subject to type 4544 * promotion (i.e. u_char). This is asking for big trouble depending 4545 * on the architecture you are on... 4546 */ 4547 4548 static void 4549 sppp_auth_send(const struct cp *cp, struct sppp *sp, 4550 unsigned int type, unsigned int id, 4551 ...) 4552 { 4553 STDDCL; 4554 struct lcp_header *lh; 4555 struct mbuf *m; 4556 u_char *p; 4557 int len; 4558 size_t pkthdrlen; 4559 unsigned int mlen; 4560 const char *msg; 4561 va_list ap; 4562 4563 MGETHDR(m, M_DONTWAIT, MT_DATA); 4564 if (! m) 4565 return; 4566 m->m_pkthdr.rcvif = 0; 4567 4568 if (sp->pp_flags & PP_NOFRAMING) { 4569 *mtod(m, u_int16_t *) = htons(cp->proto); 4570 pkthdrlen = 2; 4571 lh = (struct lcp_header *)(mtod(m, u_int8_t *)+2); 4572 } else { 4573 struct ppp_header *h; 4574 h = mtod(m, struct ppp_header *); 4575 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4576 h->control = PPP_UI; /* Unnumbered Info */ 4577 h->protocol = htons(cp->proto); 4578 pkthdrlen = PPP_HEADER_LEN; 4579 4580 lh = (struct lcp_header *)(h + 1); 4581 } 4582 4583 lh->type = type; 4584 lh->ident = id; 4585 p = (u_char *)(lh + 1); 4586 4587 va_start(ap, id); 4588 len = 0; 4589 4590 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4591 msg = va_arg(ap, const char *); 4592 len += mlen; 4593 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) { 4594 va_end(ap); 4595 m_freem(m); 4596 return; 4597 } 4598 4599 bcopy(msg, p, mlen); 4600 p += mlen; 4601 } 4602 va_end(ap); 4603 4604 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 4605 lh->len = htons(LCP_HEADER_LEN + len); 4606 4607 if (debug) { 4608 log(LOG_DEBUG, "%s: %s output <%s id=0x%x len=%d", 4609 ifp->if_xname, cp->name, 4610 sppp_auth_type_name(cp->proto, lh->type), 4611 lh->ident, ntohs(lh->len)); 4612 if (len) 4613 sppp_print_bytes((u_char *)(lh + 1), len); 4614 addlog(">\n"); 4615 } 4616 if (IF_QFULL(&sp->pp_cpq)) { 4617 IF_DROP(&sp->pp_fastq); 4618 IF_DROP(&ifp->if_snd); 4619 m_freem(m); 4620 ++ifp->if_oerrors; 4621 return; 4622 } else 4623 IF_ENQUEUE(&sp->pp_cpq, m); 4624 if (! (ifp->if_flags & IFF_OACTIVE)) 4625 (*ifp->if_start)(ifp); 4626 ifp->if_obytes += m->m_pkthdr.len + 3; 4627 } 4628 4629 /* 4630 * Send keepalive packets, every 10 seconds. 4631 */ 4632 static void 4633 sppp_keepalive(void *dummy) 4634 { 4635 struct sppp *sp; 4636 int s; 4637 time_t now; 4638 4639 s = splnet(); 4640 now = mono_time.tv_sec; 4641 for (sp=spppq; sp; sp=sp->pp_next) { 4642 struct ifnet *ifp = &sp->pp_if; 4643 4644 /* check idle timeout */ 4645 if ((sp->pp_idle_timeout != 0) && (ifp->if_flags & IFF_RUNNING) 4646 && (sp->pp_phase == SPPP_PHASE_NETWORK)) { 4647 /* idle timeout is enabled for this interface */ 4648 if ((now-sp->pp_last_activity) >= sp->pp_idle_timeout) { 4649 if (ifp->if_flags & IFF_DEBUG) 4650 printf("%s: no activitiy for %lu seconds\n", 4651 sp->pp_if.if_xname, 4652 (unsigned long)(now-sp->pp_last_activity)); 4653 lcp.Close(sp); 4654 continue; 4655 } 4656 } 4657 4658 /* Keepalive mode disabled or channel down? */ 4659 if (! (sp->pp_flags & PP_KEEPALIVE) || 4660 ! (ifp->if_flags & IFF_RUNNING)) 4661 continue; 4662 4663 /* No keepalive in PPP mode if LCP not opened yet. */ 4664 if (! (sp->pp_flags & PP_CISCO) && 4665 sp->pp_phase < SPPP_PHASE_AUTHENTICATE) 4666 continue; 4667 4668 /* No echo reply, but maybe user data passed through? */ 4669 if ((now - sp->pp_last_receive) < sp->pp_max_noreceive) { 4670 sp->pp_alivecnt = 0; 4671 continue; 4672 } 4673 4674 if (sp->pp_alivecnt >= sp->pp_maxalive) { 4675 /* No keepalive packets got. Stop the interface. */ 4676 if_down (ifp); 4677 IF_PURGE(&sp->pp_cpq); 4678 if (! (sp->pp_flags & PP_CISCO)) { 4679 printf("%s: LCP keepalive timed out, going to restart the connection\n", 4680 ifp->if_xname); 4681 sp->pp_alivecnt = 0; 4682 4683 /* we are down, close all open protocols */ 4684 lcp.Close(sp); 4685 4686 /* And now prepare LCP to reestablish the link, if configured to do so. */ 4687 sppp_cp_change_state(&lcp, sp, STATE_STOPPED); 4688 4689 /* Close connection imediatly, completition of this 4690 * will summon the magic needed to reestablish it. */ 4691 sp->pp_tlf(sp); 4692 continue; 4693 } 4694 } 4695 if (sp->pp_alivecnt < sp->pp_maxalive) 4696 ++sp->pp_alivecnt; 4697 if (sp->pp_flags & PP_CISCO) 4698 sppp_cisco_send(sp, CISCO_KEEPALIVE_REQ, 4699 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4700 else if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 4701 int32_t nmagic = htonl(sp->lcp.magic); 4702 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4703 sppp_cp_send(sp, PPP_LCP, ECHO_REQ, 4704 sp->lcp.echoid, 4, &nmagic); 4705 } 4706 } 4707 splx(s); 4708 callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 4709 } 4710 4711 /* 4712 * Get both IP addresses. 4713 */ 4714 static void 4715 sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, u_int32_t *srcmask) 4716 { 4717 struct ifnet *ifp = &sp->pp_if; 4718 struct ifaddr *ifa; 4719 struct sockaddr_in *si, *sm; 4720 u_int32_t ssrc, ddst; 4721 4722 sm = NULL; 4723 ssrc = ddst = 0; 4724 /* 4725 * Pick the first AF_INET address from the list, 4726 * aliases don't make any sense on a p2p link anyway. 4727 */ 4728 si = 0; 4729 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 4730 if (ifa->ifa_addr->sa_family == AF_INET) { 4731 si = (struct sockaddr_in *)ifa->ifa_addr; 4732 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4733 if (si) 4734 break; 4735 } 4736 } 4737 if (ifa) { 4738 if (si && si->sin_addr.s_addr) { 4739 ssrc = si->sin_addr.s_addr; 4740 if (srcmask) 4741 *srcmask = ntohl(sm->sin_addr.s_addr); 4742 } 4743 4744 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4745 if (si && si->sin_addr.s_addr) 4746 ddst = si->sin_addr.s_addr; 4747 } 4748 4749 if (dst) *dst = ntohl(ddst); 4750 if (src) *src = ntohl(ssrc); 4751 } 4752 4753 /* 4754 * Set IP addresses. Must be called at splnet. 4755 * If an address is 0, leave it the way it is. 4756 */ 4757 static void 4758 sppp_set_ip_addrs(struct sppp *sp, u_int32_t myaddr, u_int32_t hisaddr) 4759 { 4760 STDDCL; 4761 struct ifaddr *ifa; 4762 struct sockaddr_in *si, *dest; 4763 4764 /* 4765 * Pick the first AF_INET address from the list, 4766 * aliases don't make any sense on a p2p link anyway. 4767 */ 4768 4769 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 4770 if (ifa->ifa_addr->sa_family == AF_INET) { 4771 si = (struct sockaddr_in *)ifa->ifa_addr; 4772 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 4773 goto found; 4774 } 4775 } 4776 return; 4777 4778 found: 4779 { 4780 int error; 4781 struct sockaddr_in new_sin = *si; 4782 struct sockaddr_in new_dst = *dest; 4783 4784 /* 4785 * Scrub old routes now instead of calling in_ifinit with 4786 * scrub=1, because we may change the dstaddr 4787 * before the call to in_ifinit. 4788 */ 4789 in_ifscrub(ifp, ifatoia(ifa)); 4790 4791 if (myaddr != 0) 4792 new_sin.sin_addr.s_addr = htonl(myaddr); 4793 if (hisaddr != 0) { 4794 new_dst.sin_addr.s_addr = htonl(hisaddr); 4795 if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) { 4796 sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr; 4797 *dest = new_dst; /* fix dstaddr in place */ 4798 } 4799 } 4800 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 0); 4801 if (debug && error) 4802 { 4803 log(LOG_DEBUG, "%s: sppp_set_ip_addrs: in_ifinit " 4804 " failed, error=%d\n", ifp->if_xname, error); 4805 } 4806 #ifdef PFIL_HOOKS 4807 if (!error) 4808 (void)pfil_run_hooks(&if_pfil, 4809 (struct mbuf **)SIOCAIFADDR, ifp, PFIL_IFADDR); 4810 #endif 4811 } 4812 } 4813 4814 /* 4815 * Clear IP addresses. Must be called at splnet. 4816 */ 4817 static void 4818 sppp_clear_ip_addrs(struct sppp *sp) 4819 { 4820 struct ifnet *ifp = &sp->pp_if; 4821 struct ifaddr *ifa; 4822 struct sockaddr_in *si, *dest; 4823 4824 u_int32_t remote; 4825 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 4826 remote = sp->ipcp.saved_hisaddr; 4827 else 4828 sppp_get_ip_addrs(sp, 0, &remote, 0); 4829 4830 /* 4831 * Pick the first AF_INET address from the list, 4832 * aliases don't make any sense on a p2p link anyway. 4833 */ 4834 4835 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 4836 if (ifa->ifa_addr->sa_family == AF_INET) { 4837 si = (struct sockaddr_in *)ifa->ifa_addr; 4838 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 4839 goto found; 4840 } 4841 } 4842 return; 4843 4844 found: 4845 { 4846 struct sockaddr_in new_sin = *si; 4847 4848 in_ifscrub(ifp, ifatoia(ifa)); 4849 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 4850 new_sin.sin_addr.s_addr = 0; 4851 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 4852 /* replace peer addr in place */ 4853 dest->sin_addr.s_addr = sp->ipcp.saved_hisaddr; 4854 in_ifinit(ifp, ifatoia(ifa), &new_sin, 0); 4855 #ifdef PFIL_HOOKS 4856 (void)pfil_run_hooks(&if_pfil, 4857 (struct mbuf **)SIOCDIFADDR, ifp, PFIL_IFADDR); 4858 #endif 4859 } 4860 } 4861 4862 #ifdef INET6 4863 /* 4864 * Get both IPv6 addresses. 4865 */ 4866 static void 4867 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4868 struct in6_addr *srcmask) 4869 { 4870 struct ifnet *ifp = &sp->pp_if; 4871 struct ifaddr *ifa; 4872 struct sockaddr_in6 *si, *sm; 4873 struct in6_addr ssrc, ddst; 4874 4875 sm = NULL; 4876 memset(&ssrc, 0, sizeof(ssrc)); 4877 memset(&ddst, 0, sizeof(ddst)); 4878 /* 4879 * Pick the first link-local AF_INET6 address from the list, 4880 * aliases don't make any sense on a p2p link anyway. 4881 */ 4882 si = 0; 4883 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4884 if (ifa->ifa_addr->sa_family == AF_INET6) { 4885 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4886 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4887 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4888 break; 4889 } 4890 if (ifa) { 4891 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 4892 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 4893 if (srcmask) { 4894 bcopy(&sm->sin6_addr, srcmask, 4895 sizeof(*srcmask)); 4896 } 4897 } 4898 4899 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 4900 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 4901 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 4902 } 4903 4904 if (dst) 4905 bcopy(&ddst, dst, sizeof(*dst)); 4906 if (src) 4907 bcopy(&ssrc, src, sizeof(*src)); 4908 } 4909 4910 #ifdef IPV6CP_MYIFID_DYN 4911 /* 4912 * Generate random ifid. 4913 */ 4914 static void 4915 sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 4916 { 4917 /* TBD */ 4918 } 4919 4920 /* 4921 * Set my IPv6 address. Must be called at splnet. 4922 */ 4923 static void 4924 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 4925 { 4926 STDDCL; 4927 struct ifaddr *ifa; 4928 struct sockaddr_in6 *sin6; 4929 4930 /* 4931 * Pick the first link-local AF_INET6 address from the list, 4932 * aliases don't make any sense on a p2p link anyway. 4933 */ 4934 4935 sin6 = NULL; 4936 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4937 { 4938 if (ifa->ifa_addr->sa_family == AF_INET6) 4939 { 4940 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 4941 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 4942 break; 4943 } 4944 } 4945 4946 if (ifa && sin6) 4947 { 4948 int error; 4949 struct sockaddr_in6 new_sin6 = *sin6; 4950 4951 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 4952 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 4953 if (debug && error) 4954 { 4955 log(LOG_DEBUG, "%s: sppp_set_ip6_addr: in6_ifinit " 4956 " failed, error=%d\n", ifp->if_xname, error); 4957 } 4958 #ifdef PFIL_HOOKS 4959 if (!error) 4960 (void)pfil_run_hooks(&if_pfil, 4961 (struct mbuf **)SIOCAIFADDR_IN6, ifp, PFIL_IFADDR); 4962 #endif 4963 } 4964 } 4965 #endif 4966 4967 /* 4968 * Suggest a candidate address to be used by peer. 4969 */ 4970 static void 4971 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 4972 { 4973 struct in6_addr myaddr; 4974 struct timeval tv; 4975 4976 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 4977 4978 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 4979 microtime(&tv); 4980 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 4981 myaddr.s6_addr[14] ^= 0xff; 4982 myaddr.s6_addr[15] ^= 0xff; 4983 } else { 4984 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 4985 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 4986 } 4987 if (suggest) 4988 bcopy(&myaddr, suggest, sizeof(myaddr)); 4989 } 4990 #endif /*INET6*/ 4991 4992 /* 4993 * Process ioctl requests specific to the PPP interface. 4994 * Permissions have already been checked. 4995 */ 4996 static int 4997 sppp_params(struct sppp *sp, int cmd, void *data) 4998 { 4999 switch (cmd) { 5000 case SPPPGETAUTHCFG: 5001 { 5002 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 5003 int error; 5004 size_t len; 5005 5006 cfg->myauthflags = sp->myauth.flags; 5007 cfg->hisauthflags = sp->hisauth.flags; 5008 strncpy(cfg->ifname, sp->pp_if.if_xname, IFNAMSIZ); 5009 cfg->hisauth = 0; 5010 if (sp->hisauth.proto) 5011 cfg->hisauth = (sp->hisauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP; 5012 cfg->myauth = 0; 5013 if (sp->myauth.proto) 5014 cfg->myauth = (sp->myauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP; 5015 if (cfg->myname_length == 0) { 5016 if (sp->myauth.name != NULL) 5017 cfg->myname_length = sp->myauth.name_len + 1; 5018 } else { 5019 if (sp->myauth.name == NULL) { 5020 cfg->myname_length = 0; 5021 } else { 5022 len = sp->myauth.name_len + 1; 5023 if (cfg->myname_length < len) 5024 return (ENAMETOOLONG); 5025 error = copyout(sp->myauth.name, cfg->myname, len); 5026 if (error) return error; 5027 } 5028 } 5029 if (cfg->hisname_length == 0) { 5030 if (sp->hisauth.name != NULL) 5031 cfg->hisname_length = sp->hisauth.name_len + 1; 5032 } else { 5033 if (sp->hisauth.name == NULL) { 5034 cfg->hisname_length = 0; 5035 } else { 5036 len = sp->hisauth.name_len + 1; 5037 if (cfg->hisname_length < len) 5038 return (ENAMETOOLONG); 5039 error = copyout(sp->hisauth.name, cfg->hisname, len); 5040 if (error) return error; 5041 } 5042 } 5043 } 5044 break; 5045 case SPPPSETAUTHCFG: 5046 { 5047 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 5048 int error; 5049 5050 if (sp->myauth.name) { 5051 free(sp->myauth.name, M_DEVBUF); 5052 sp->myauth.name = NULL; 5053 } 5054 if (sp->myauth.secret) { 5055 free(sp->myauth.secret, M_DEVBUF); 5056 sp->myauth.secret = NULL; 5057 } 5058 if (sp->hisauth.name) { 5059 free(sp->hisauth.name, M_DEVBUF); 5060 sp->hisauth.name = NULL; 5061 } 5062 if (sp->hisauth.secret) { 5063 free(sp->hisauth.secret, M_DEVBUF); 5064 sp->hisauth.secret = NULL; 5065 } 5066 5067 if (cfg->hisname != NULL && cfg->hisname_length > 0) { 5068 if (cfg->hisname_length >= MCLBYTES) 5069 return (ENAMETOOLONG); 5070 sp->hisauth.name = malloc(cfg->hisname_length, M_DEVBUF, M_WAITOK); 5071 error = copyin(cfg->hisname, sp->hisauth.name, cfg->hisname_length); 5072 if (error) { 5073 free(sp->hisauth.name, M_DEVBUF); 5074 sp->hisauth.name = NULL; 5075 return error; 5076 } 5077 sp->hisauth.name_len = cfg->hisname_length - 1; 5078 sp->hisauth.name[sp->hisauth.name_len] = 0; 5079 } 5080 if (cfg->hissecret != NULL && cfg->hissecret_length > 0) { 5081 if (cfg->hissecret_length >= MCLBYTES) 5082 return (ENAMETOOLONG); 5083 sp->hisauth.secret = malloc(cfg->hissecret_length, M_DEVBUF, M_WAITOK); 5084 error = copyin(cfg->hissecret, sp->hisauth.secret, cfg->hissecret_length); 5085 if (error) { 5086 free(sp->hisauth.secret, M_DEVBUF); 5087 sp->hisauth.secret = NULL; 5088 return error; 5089 } 5090 sp->hisauth.secret_len = cfg->hissecret_length - 1; 5091 sp->hisauth.secret[sp->hisauth.secret_len] = 0; 5092 } 5093 if (cfg->myname != NULL && cfg->myname_length > 0) { 5094 if (cfg->myname_length >= MCLBYTES) 5095 return (ENAMETOOLONG); 5096 sp->myauth.name = malloc(cfg->myname_length, M_DEVBUF, M_WAITOK); 5097 error = copyin(cfg->myname, sp->myauth.name, cfg->myname_length); 5098 if (error) { 5099 free(sp->myauth.name, M_DEVBUF); 5100 sp->myauth.name = NULL; 5101 return error; 5102 } 5103 sp->myauth.name_len = cfg->myname_length - 1; 5104 sp->myauth.name[sp->myauth.name_len] = 0; 5105 } 5106 if (cfg->mysecret != NULL && cfg->mysecret_length > 0) { 5107 if (cfg->mysecret_length >= MCLBYTES) 5108 return (ENAMETOOLONG); 5109 sp->myauth.secret = malloc(cfg->mysecret_length, M_DEVBUF, M_WAITOK); 5110 error = copyin(cfg->mysecret, sp->myauth.secret, cfg->mysecret_length); 5111 if (error) { 5112 free(sp->myauth.secret, M_DEVBUF); 5113 sp->myauth.secret = NULL; 5114 return error; 5115 } 5116 sp->myauth.secret_len = cfg->mysecret_length - 1; 5117 sp->myauth.secret[sp->myauth.secret_len] = 0; 5118 } 5119 sp->myauth.flags = cfg->myauthflags; 5120 if (cfg->myauth) 5121 sp->myauth.proto = (cfg->myauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP; 5122 sp->hisauth.flags = cfg->hisauthflags; 5123 if (cfg->hisauth) 5124 sp->hisauth.proto = (cfg->hisauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP; 5125 sp->pp_auth_failures = 0; 5126 if (sp->hisauth.proto != 0) 5127 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 5128 else 5129 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 5130 } 5131 break; 5132 case SPPPGETLCPCFG: 5133 { 5134 struct sppplcpcfg *lcp = (struct sppplcpcfg *)data; 5135 lcp->lcp_timeout = sp->lcp.timeout; 5136 } 5137 break; 5138 case SPPPSETLCPCFG: 5139 { 5140 struct sppplcpcfg *lcp = (struct sppplcpcfg *)data; 5141 sp->lcp.timeout = lcp->lcp_timeout; 5142 } 5143 break; 5144 case SPPPGETSTATUS: 5145 { 5146 struct spppstatus *status = (struct spppstatus *)data; 5147 status->phase = sp->pp_phase; 5148 } 5149 break; 5150 case SPPPGETSTATUSNCP: 5151 { 5152 struct spppstatusncp *status = (struct spppstatusncp *)data; 5153 status->phase = sp->pp_phase; 5154 status->ncpup = sppp_ncp_check(sp); 5155 } 5156 break; 5157 case SPPPGETIDLETO: 5158 { 5159 struct spppidletimeout *to = (struct spppidletimeout *)data; 5160 to->idle_seconds = sp->pp_idle_timeout; 5161 } 5162 break; 5163 case SPPPSETIDLETO: 5164 { 5165 struct spppidletimeout *to = (struct spppidletimeout *)data; 5166 sp->pp_idle_timeout = to->idle_seconds; 5167 } 5168 break; 5169 case SPPPSETAUTHFAILURE: 5170 { 5171 struct spppauthfailuresettings *afsettings = (struct spppauthfailuresettings *)data; 5172 sp->pp_max_auth_fail = afsettings->max_failures; 5173 sp->pp_auth_failures = 0; 5174 } 5175 break; 5176 case SPPPGETAUTHFAILURES: 5177 { 5178 struct spppauthfailurestats *stats = (struct spppauthfailurestats *)data; 5179 stats->auth_failures = sp->pp_auth_failures; 5180 stats->max_failures = sp->pp_max_auth_fail; 5181 } 5182 break; 5183 case SPPPSETDNSOPTS: 5184 { 5185 struct spppdnssettings *req = (struct spppdnssettings *)data; 5186 sp->query_dns = req->query_dns & 3; 5187 } 5188 break; 5189 case SPPPGETDNSOPTS: 5190 { 5191 struct spppdnssettings *req = (struct spppdnssettings *)data; 5192 req->query_dns = sp->query_dns; 5193 } 5194 break; 5195 case SPPPGETDNSADDRS: 5196 { 5197 struct spppdnsaddrs *addrs = (struct spppdnsaddrs *)data; 5198 memcpy(&addrs->dns, &sp->dns_addrs, sizeof addrs->dns); 5199 } 5200 break; 5201 case SPPPGETKEEPALIVE: 5202 { 5203 struct spppkeepalivesettings *settings = 5204 (struct spppkeepalivesettings*)data; 5205 settings->maxalive = sp->pp_maxalive; 5206 settings->max_noreceive = sp->pp_max_noreceive; 5207 } 5208 break; 5209 case SPPPSETKEEPALIVE: 5210 { 5211 struct spppkeepalivesettings *settings = 5212 (struct spppkeepalivesettings*)data; 5213 sp->pp_maxalive = settings->maxalive; 5214 sp->pp_max_noreceive = settings->max_noreceive; 5215 } 5216 break; 5217 default: 5218 return (EINVAL); 5219 } 5220 5221 return (0); 5222 } 5223 5224 static void 5225 sppp_phase_network(struct sppp *sp) 5226 { 5227 STDDCL; 5228 int i; 5229 u_int32_t mask; 5230 5231 sp->pp_phase = SPPP_PHASE_NETWORK; 5232 5233 if (debug) 5234 { 5235 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 5236 sppp_phase_name(sp->pp_phase)); 5237 } 5238 5239 /* Notify NCPs now. */ 5240 for (i = 0; i < IDX_COUNT; i++) 5241 if ((cps[i])->flags & CP_NCP) 5242 (cps[i])->Open(sp); 5243 5244 /* Send Up events to all NCPs. */ 5245 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5246 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5247 (cps[i])->Up(sp); 5248 5249 /* if no NCP is starting, all this was in vain, close down */ 5250 sppp_lcp_check_and_close(sp); 5251 } 5252 5253 5254 static const char * 5255 sppp_cp_type_name(u_char type) 5256 { 5257 static char buf[12]; 5258 switch (type) { 5259 case CONF_REQ: return "conf-req"; 5260 case CONF_ACK: return "conf-ack"; 5261 case CONF_NAK: return "conf-nak"; 5262 case CONF_REJ: return "conf-rej"; 5263 case TERM_REQ: return "term-req"; 5264 case TERM_ACK: return "term-ack"; 5265 case CODE_REJ: return "code-rej"; 5266 case PROTO_REJ: return "proto-rej"; 5267 case ECHO_REQ: return "echo-req"; 5268 case ECHO_REPLY: return "echo-reply"; 5269 case DISC_REQ: return "discard-req"; 5270 } 5271 snprintf(buf, sizeof(buf), "0x%x", type); 5272 return buf; 5273 } 5274 5275 static const char * 5276 sppp_auth_type_name(u_short proto, u_char type) 5277 { 5278 static char buf[12]; 5279 switch (proto) { 5280 case PPP_CHAP: 5281 switch (type) { 5282 case CHAP_CHALLENGE: return "challenge"; 5283 case CHAP_RESPONSE: return "response"; 5284 case CHAP_SUCCESS: return "success"; 5285 case CHAP_FAILURE: return "failure"; 5286 } 5287 case PPP_PAP: 5288 switch (type) { 5289 case PAP_REQ: return "req"; 5290 case PAP_ACK: return "ack"; 5291 case PAP_NAK: return "nak"; 5292 } 5293 } 5294 snprintf(buf, sizeof(buf), "0x%x", type); 5295 return buf; 5296 } 5297 5298 static const char * 5299 sppp_lcp_opt_name(u_char opt) 5300 { 5301 static char buf[12]; 5302 switch (opt) { 5303 case LCP_OPT_MRU: return "mru"; 5304 case LCP_OPT_ASYNC_MAP: return "async-map"; 5305 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5306 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5307 case LCP_OPT_MAGIC: return "magic"; 5308 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5309 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5310 } 5311 snprintf(buf, sizeof(buf), "0x%x", opt); 5312 return buf; 5313 } 5314 5315 static const char * 5316 sppp_ipcp_opt_name(u_char opt) 5317 { 5318 static char buf[12]; 5319 switch (opt) { 5320 case IPCP_OPT_ADDRESSES: return "addresses"; 5321 case IPCP_OPT_COMPRESSION: return "compression"; 5322 case IPCP_OPT_ADDRESS: return "address"; 5323 } 5324 snprintf(buf, sizeof(buf), "0x%x", opt); 5325 return buf; 5326 } 5327 5328 #ifdef INET6 5329 static const char * 5330 sppp_ipv6cp_opt_name(u_char opt) 5331 { 5332 static char buf[12]; 5333 switch (opt) { 5334 case IPV6CP_OPT_IFID: return "ifid"; 5335 case IPV6CP_OPT_COMPRESSION: return "compression"; 5336 } 5337 snprintf(buf, sizeof(buf), "0x%x", opt); 5338 return buf; 5339 } 5340 #endif 5341 5342 static const char * 5343 sppp_state_name(int state) 5344 { 5345 switch (state) { 5346 case STATE_INITIAL: return "initial"; 5347 case STATE_STARTING: return "starting"; 5348 case STATE_CLOSED: return "closed"; 5349 case STATE_STOPPED: return "stopped"; 5350 case STATE_CLOSING: return "closing"; 5351 case STATE_STOPPING: return "stopping"; 5352 case STATE_REQ_SENT: return "req-sent"; 5353 case STATE_ACK_RCVD: return "ack-rcvd"; 5354 case STATE_ACK_SENT: return "ack-sent"; 5355 case STATE_OPENED: return "opened"; 5356 } 5357 return "illegal"; 5358 } 5359 5360 static const char * 5361 sppp_phase_name(int phase) 5362 { 5363 switch (phase) { 5364 case SPPP_PHASE_DEAD: return "dead"; 5365 case SPPP_PHASE_ESTABLISH: return "establish"; 5366 case SPPP_PHASE_TERMINATE: return "terminate"; 5367 case SPPP_PHASE_AUTHENTICATE: return "authenticate"; 5368 case SPPP_PHASE_NETWORK: return "network"; 5369 } 5370 return "illegal"; 5371 } 5372 5373 static const char * 5374 sppp_proto_name(u_short proto) 5375 { 5376 static char buf[12]; 5377 switch (proto) { 5378 case PPP_LCP: return "lcp"; 5379 case PPP_IPCP: return "ipcp"; 5380 case PPP_PAP: return "pap"; 5381 case PPP_CHAP: return "chap"; 5382 case PPP_IPV6CP: return "ipv6cp"; 5383 } 5384 snprintf(buf, sizeof(buf), "0x%x", (unsigned)proto); 5385 return buf; 5386 } 5387 5388 static void 5389 sppp_print_bytes(const u_char *p, u_short len) 5390 { 5391 addlog(" %02x", *p++); 5392 while (--len > 0) 5393 addlog("-%02x", *p++); 5394 } 5395 5396 static void 5397 sppp_print_string(const char *p, u_short len) 5398 { 5399 u_char c; 5400 5401 while (len-- > 0) { 5402 c = *p++; 5403 /* 5404 * Print only ASCII chars directly. RFC 1994 recommends 5405 * using only them, but we don't rely on it. */ 5406 if (c < ' ' || c > '~') 5407 addlog("\\x%x", c); 5408 else 5409 addlog("%c", c); 5410 } 5411 } 5412 5413 static const char * 5414 sppp_dotted_quad(u_int32_t addr) 5415 { 5416 static char s[16]; 5417 snprintf(s, sizeof(s), "%d.%d.%d.%d", 5418 (int)((addr >> 24) & 0xff), 5419 (int)((addr >> 16) & 0xff), 5420 (int)((addr >> 8) & 0xff), 5421 (int)(addr & 0xff)); 5422 return s; 5423 } 5424 5425 /* a dummy, used to drop uninteresting events */ 5426 static void 5427 sppp_null(struct sppp *unused) 5428 { 5429 /* do just nothing */ 5430 } 5431 /* 5432 * This file is large. Tell emacs to highlight it nevertheless. 5433 * 5434 * Local Variables: 5435 * hilit-auto-highlight-maxout: 120000 5436 * End: 5437 */ 5438