1 /* $NetBSD: if_spppsubr.c,v 1.217 2021/04/16 02:12:00 yamaguchi Exp $ */ 2 3 /* 4 * Synchronous PPP/Cisco link level subroutines. 5 * Keepalive protocol implemented in both Cisco and PPP modes. 6 * 7 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 8 * Author: Serge Vakulenko, <vak@cronyx.ru> 9 * 10 * Heavily revamped to conform to RFC 1661. 11 * Copyright (C) 1997, Joerg Wunsch. 12 * 13 * RFC2472 IPv6CP support. 14 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun@iijlab.net>. 15 * 16 * Redistribution and use in source and binary forms, with or without 17 * modification, are permitted provided that the following conditions are met: 18 * 1. Redistributions of source code must retain the above copyright notice, 19 * this list of conditions and the following disclaimer. 20 * 2. Redistributions in binary form must reproduce the above copyright notice, 21 * this list of conditions and the following disclaimer in the documentation 22 * and/or other materials provided with the distribution. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY 25 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE 28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 32 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 34 * POSSIBILITY OF SUCH DAMAGE. 35 * 36 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 37 * 38 * From: if_spppsubr.c,v 1.39 1998/04/04 13:26:03 phk Exp 39 * 40 * From: Id: if_spppsubr.c,v 1.23 1999/02/23 14:47:50 hm Exp 41 */ 42 43 #include <sys/cdefs.h> 44 __KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.217 2021/04/16 02:12:00 yamaguchi Exp $"); 45 46 #if defined(_KERNEL_OPT) 47 #include "opt_inet.h" 48 #include "opt_modular.h" 49 #include "opt_compat_netbsd.h" 50 #include "opt_net_mpsafe.h" 51 #endif 52 53 #include <sys/param.h> 54 #include <sys/proc.h> 55 #include <sys/systm.h> 56 #include <sys/kernel.h> 57 #include <sys/sockio.h> 58 #include <sys/socket.h> 59 #include <sys/syslog.h> 60 #include <sys/malloc.h> 61 #include <sys/mbuf.h> 62 #include <sys/callout.h> 63 #include <sys/md5.h> 64 #include <sys/inttypes.h> 65 #include <sys/kauth.h> 66 #include <sys/cprng.h> 67 #include <sys/module.h> 68 #include <sys/workqueue.h> 69 #include <sys/atomic.h> 70 #include <sys/compat_stub.h> 71 #include <sys/cpu.h> 72 73 #include <net/if.h> 74 #include <net/netisr.h> 75 #include <net/if_types.h> 76 #include <net/route.h> 77 #include <net/ppp_defs.h> 78 79 #include <netinet/in.h> 80 #include <netinet/in_systm.h> 81 #include <netinet/in_var.h> 82 #ifdef INET 83 #include <netinet/ip.h> 84 #include <netinet/tcp.h> 85 #endif 86 #include <net/ethertypes.h> 87 88 #ifdef INET6 89 #include <netinet6/scope6_var.h> 90 #endif 91 92 #include <net/if_sppp.h> 93 #include <net/if_spppvar.h> 94 95 #ifdef NET_MPSAFE 96 #define SPPPSUBR_MPSAFE 1 97 #endif 98 99 #define LCP_KEEPALIVE_INTERVAL 10 /* seconds between checks */ 100 #define LOOPALIVECNT 3 /* loopback detection tries */ 101 #define DEFAULT_MAXALIVECNT 3 /* max. missed alive packets */ 102 #define DEFAULT_NORECV_TIME 15 /* before we get worried */ 103 #define DEFAULT_MAX_AUTH_FAILURES 5 /* max. auth. failures */ 104 105 /* 106 * Interface flags that can be set in an ifconfig command. 107 * 108 * Setting link0 will make the link passive, i.e. it will be marked 109 * as being administrative openable, but won't be opened to begin 110 * with. Incoming calls will be answered, or subsequent calls with 111 * -link1 will cause the administrative open of the LCP layer. 112 * 113 * Setting link1 will cause the link to auto-dial only as packets 114 * arrive to be sent. 115 * 116 * Setting IFF_DEBUG will syslog the option negotiation and state 117 * transitions at level kern.debug. Note: all logs consistently look 118 * like 119 * 120 * <if-name><unit>: <proto-name> <additional info...> 121 * 122 * with <if-name><unit> being something like "bppp0", and <proto-name> 123 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 124 */ 125 126 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 127 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 128 129 #define CONF_REQ 1 /* PPP configure request */ 130 #define CONF_ACK 2 /* PPP configure acknowledge */ 131 #define CONF_NAK 3 /* PPP configure negative ack */ 132 #define CONF_REJ 4 /* PPP configure reject */ 133 #define TERM_REQ 5 /* PPP terminate request */ 134 #define TERM_ACK 6 /* PPP terminate acknowledge */ 135 #define CODE_REJ 7 /* PPP code reject */ 136 #define PROTO_REJ 8 /* PPP protocol reject */ 137 #define ECHO_REQ 9 /* PPP echo request */ 138 #define ECHO_REPLY 10 /* PPP echo reply */ 139 #define DISC_REQ 11 /* PPP discard request */ 140 141 #define LCP_OPT_MRU 1 /* maximum receive unit */ 142 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 143 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 144 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 145 #define LCP_OPT_MAGIC 5 /* magic number */ 146 #define LCP_OPT_RESERVED 6 /* reserved */ 147 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 148 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 149 #define LCP_OPT_FCS_ALTS 9 /* FCS alternatives */ 150 #define LCP_OPT_SELF_DESC_PAD 10 /* self-describing padding */ 151 #define LCP_OPT_CALL_BACK 13 /* callback */ 152 #define LCP_OPT_COMPOUND_FRMS 15 /* compound frames */ 153 #define LCP_OPT_MP_MRRU 17 /* multilink MRRU */ 154 #define LCP_OPT_MP_SSNHF 18 /* multilink short seq. numbers */ 155 #define LCP_OPT_MP_EID 19 /* multilink endpoint discriminator */ 156 157 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 158 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol */ 159 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 160 #define IPCP_OPT_PRIMDNS 129 /* primary remote dns address */ 161 #define IPCP_OPT_SECDNS 131 /* secondary remote dns address */ 162 163 #define IPCP_UPDATE_LIMIT 8 /* limit of pending IP updating job */ 164 #define IPCP_SET_ADDRS 1 /* marker for IP address setting job */ 165 #define IPCP_CLEAR_ADDRS 2 /* marker for IP address clearing job */ 166 167 #define IPV6CP_OPT_IFID 1 /* interface identifier */ 168 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 169 170 #define PAP_REQ 1 /* PAP name/password request */ 171 #define PAP_ACK 2 /* PAP acknowledge */ 172 #define PAP_NAK 3 /* PAP fail */ 173 174 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 175 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 176 #define CHAP_SUCCESS 3 /* CHAP response ok */ 177 #define CHAP_FAILURE 4 /* CHAP response failed */ 178 179 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 180 181 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 182 #define CISCO_UNICAST 0x0f /* Cisco unicast address */ 183 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 184 #define CISCO_ADDR_REQ 0 /* Cisco address request */ 185 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 186 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 187 188 enum { 189 STATE_INITIAL = SPPP_STATE_INITIAL, 190 STATE_STARTING = SPPP_STATE_STARTING, 191 STATE_CLOSED = SPPP_STATE_CLOSED, 192 STATE_STOPPED = SPPP_STATE_STOPPED, 193 STATE_CLOSING = SPPP_STATE_CLOSING, 194 STATE_STOPPING = SPPP_STATE_STOPPING, 195 STATE_REQ_SENT = SPPP_STATE_REQ_SENT, 196 STATE_ACK_RCVD = SPPP_STATE_ACK_RCVD, 197 STATE_ACK_SENT = SPPP_STATE_ACK_SENT, 198 STATE_OPENED = SPPP_STATE_OPENED, 199 }; 200 201 enum cp_rcr_type { 202 CP_RCR_NONE = 0, /* initial value */ 203 CP_RCR_ACK, /* RCR+ */ 204 CP_RCR_NAK, /* RCR- */ 205 CP_RCR_REJ, /* RCR- */ 206 CP_RCR_DROP, /* DROP message */ 207 CP_RCR_ERR, /* internal error */ 208 }; 209 210 struct ppp_header { 211 uint8_t address; 212 uint8_t control; 213 uint16_t protocol; 214 } __packed; 215 #define PPP_HEADER_LEN sizeof (struct ppp_header) 216 217 struct lcp_header { 218 uint8_t type; 219 uint8_t ident; 220 uint16_t len; 221 } __packed; 222 #define LCP_HEADER_LEN sizeof (struct lcp_header) 223 224 struct cisco_packet { 225 uint32_t type; 226 uint32_t par1; 227 uint32_t par2; 228 uint16_t rel; 229 uint16_t time0; 230 uint16_t time1; 231 } __packed; 232 #define CISCO_PACKET_LEN 18 233 234 /* 235 * We follow the spelling and capitalization of RFC 1661 here, to make 236 * it easier comparing with the standard. Please refer to this RFC in 237 * case you can't make sense out of these abbreviation; it will also 238 * explain the semantics related to the various events and actions. 239 */ 240 struct cp { 241 u_short proto; /* PPP control protocol number */ 242 u_char protoidx; /* index into state table in struct sppp */ 243 u_char flags; 244 #define CP_LCP 0x01 /* this is the LCP */ 245 #define CP_AUTH 0x02 /* this is an authentication protocol */ 246 #define CP_NCP 0x04 /* this is a NCP */ 247 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 248 const char *name; /* name of this control protocol */ 249 /* event handlers */ 250 void (*Up)(struct sppp *, void *); 251 void (*Down)(struct sppp *, void *); 252 void (*Open)(struct sppp *, void *); 253 void (*Close)(struct sppp *, void *); 254 void (*TO)(struct sppp *, void *); 255 /* actions */ 256 void (*tlu)(struct sppp *); 257 void (*tld)(struct sppp *); 258 void (*tls)(const struct cp *, struct sppp *); 259 void (*tlf)(const struct cp *, struct sppp *); 260 void (*scr)(struct sppp *); 261 void (*scan)(const struct cp *, struct sppp *); 262 263 /* message parser */ 264 enum cp_rcr_type 265 (*parse_confreq)(struct sppp *, struct lcp_header *, int, 266 uint8_t **, size_t *, size_t *); 267 void (*parse_confrej)(struct sppp *, struct lcp_header *, int); 268 void (*parse_confnak)(struct sppp *, struct lcp_header *, int); 269 }; 270 271 enum auth_role { 272 SPPP_AUTH_NOROLE = 0, 273 SPPP_AUTH_SERV = __BIT(0), 274 SPPP_AUTH_PEER = __BIT(1), 275 }; 276 277 static struct sppp *spppq; 278 static kmutex_t *spppq_lock = NULL; 279 static callout_t keepalive_ch; 280 281 #define SPPPQ_LOCK() if (spppq_lock) \ 282 mutex_enter(spppq_lock); 283 #define SPPPQ_UNLOCK() if (spppq_lock) \ 284 mutex_exit(spppq_lock); 285 286 #define SPPP_LOCK(_sp, _op) rw_enter(&(_sp)->pp_lock, (_op)) 287 #define SPPP_UNLOCK(_sp) rw_exit(&(_sp)->pp_lock) 288 #define SPPP_WLOCKED(_sp) rw_write_held(&(_sp)->pp_lock) 289 #define SPPP_UPGRADE(_sp) do{ \ 290 SPPP_UNLOCK(_sp); \ 291 SPPP_LOCK(_sp, RW_WRITER); \ 292 }while (0) 293 #define SPPP_DOWNGRADE(_sp) rw_downgrade(&(_sp)->pp_lock) 294 #define SPPP_WQ_SET(_wk, _func, _arg) \ 295 sppp_wq_set((_wk), (_func), __UNCONST((_arg))) 296 297 #ifdef INET 298 #ifndef SPPPSUBR_MPSAFE 299 /* 300 * The following disgusting hack gets around the problem that IP TOS 301 * can't be set yet. We want to put "interactive" traffic on a high 302 * priority queue. To decide if traffic is interactive, we check that 303 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 304 * 305 * XXX is this really still necessary? - joerg - 306 */ 307 static u_short interactive_ports[8] = { 308 0, 513, 0, 0, 309 0, 21, 0, 23, 310 }; 311 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 312 #endif /* SPPPSUBR_MPSAFE */ 313 #endif 314 315 /* almost every function needs these */ 316 #define STDDCL \ 317 struct ifnet *ifp = &sp->pp_if; \ 318 int debug = ifp->if_flags & IFF_DEBUG 319 320 static int sppp_output(struct ifnet *, struct mbuf *, 321 const struct sockaddr *, const struct rtentry *); 322 323 static void sppp_cisco_send(struct sppp *, int, int32_t, int32_t); 324 static void sppp_cisco_input(struct sppp *, struct mbuf *); 325 326 static void sppp_cp_init(const struct cp *, struct sppp *); 327 static void sppp_cp_fini(const struct cp *, struct sppp *); 328 static void sppp_cp_input(const struct cp *, struct sppp *, 329 struct mbuf *); 330 static void sppp_cp_input(const struct cp *, struct sppp *, 331 struct mbuf *); 332 static void sppp_cp_send(struct sppp *, u_short, u_char, 333 u_char, u_short, void *); 334 /* static void sppp_cp_timeout(void *arg); */ 335 static void sppp_cp_change_state(const struct cp *, struct sppp *, int); 336 static struct workqueue * 337 sppp_wq_create(struct sppp *, const char *, pri_t, int, int); 338 static void sppp_wq_destroy(struct sppp *, struct workqueue *); 339 static void sppp_wq_set(struct sppp_work *, 340 void (*)(struct sppp *, void *), void *); 341 static void sppp_wq_add(struct workqueue *, struct sppp_work *); 342 static void sppp_wq_wait(struct workqueue *, struct sppp_work *); 343 static void sppp_cp_to_lcp(void *); 344 static void sppp_cp_to_ipcp(void *); 345 static void sppp_cp_to_ipv6cp(void *); 346 static void sppp_auth_send(const struct cp *, struct sppp *, 347 unsigned int, unsigned int, ...); 348 static int sppp_auth_role(const struct cp *, struct sppp *); 349 static void sppp_auth_to_event(struct sppp *, void *); 350 static void sppp_auth_sca_scn(const struct cp *, struct sppp *); 351 352 static void sppp_up_event(struct sppp *, void *); 353 static void sppp_down_event(struct sppp *, void *); 354 static void sppp_open_event(struct sppp *, void *); 355 static void sppp_close_event(struct sppp *, void *); 356 static void sppp_to_event(struct sppp *, void *); 357 static void sppp_rcr_event(struct sppp *, void *); 358 static void sppp_rca_event(struct sppp *, void *); 359 static void sppp_rcn_event(struct sppp *, void *); 360 static void sppp_rtr_event(struct sppp *, void *); 361 static void sppp_rta_event(struct sppp *, void *); 362 static void sppp_rxj_event(struct sppp *, void *); 363 364 static void sppp_null(struct sppp *); 365 static void sppp_tls(const struct cp *, struct sppp *); 366 static void sppp_tlf(const struct cp *, struct sppp *); 367 static void sppp_sca_scn(const struct cp *, struct sppp *); 368 static void sppp_ifdown(struct sppp *, void *); 369 370 static void sppp_lcp_init(struct sppp *); 371 static void sppp_lcp_up(struct sppp *, void *); 372 static void sppp_lcp_down(struct sppp *, void *); 373 static void sppp_lcp_open(struct sppp *, void *); 374 static enum cp_rcr_type 375 sppp_lcp_confreq(struct sppp *, struct lcp_header *, int, 376 uint8_t **, size_t *, size_t *); 377 static void sppp_lcp_confrej(struct sppp *, struct lcp_header *, int); 378 static void sppp_lcp_confnak(struct sppp *, struct lcp_header *, int); 379 static void sppp_lcp_tlu(struct sppp *); 380 static void sppp_lcp_tld(struct sppp *); 381 static void sppp_lcp_tls(const struct cp *, struct sppp *); 382 static void sppp_lcp_tlf(const struct cp *, struct sppp *); 383 static void sppp_lcp_scr(struct sppp *); 384 static void sppp_lcp_check_and_close(struct sppp *); 385 static int sppp_cp_check(struct sppp *, u_char); 386 387 static void sppp_ipcp_init(struct sppp *); 388 static void sppp_ipcp_open(struct sppp *, void *); 389 static void sppp_ipcp_close(struct sppp *, void *); 390 static enum cp_rcr_type 391 sppp_ipcp_confreq(struct sppp *, struct lcp_header *, int, 392 uint8_t **, size_t *, size_t *); 393 static void sppp_ipcp_confrej(struct sppp *, struct lcp_header *, int); 394 static void sppp_ipcp_confnak(struct sppp *, struct lcp_header *, int); 395 static void sppp_ipcp_tlu(struct sppp *); 396 static void sppp_ipcp_scr(struct sppp *); 397 398 static void sppp_ipv6cp_init(struct sppp *); 399 static void sppp_ipv6cp_open(struct sppp *, void *); 400 static enum cp_rcr_type 401 sppp_ipv6cp_confreq(struct sppp *, struct lcp_header *, int, 402 uint8_t **, size_t *, size_t *); 403 static void sppp_ipv6cp_confrej(struct sppp *, struct lcp_header *, int); 404 static void sppp_ipv6cp_confnak(struct sppp *, struct lcp_header *, int); 405 static void sppp_ipv6cp_tlu(struct sppp *); 406 static void sppp_ipv6cp_scr(struct sppp *); 407 408 static void sppp_pap_input(struct sppp *, struct mbuf *); 409 static void sppp_pap_init(struct sppp *); 410 static void sppp_pap_tlu(struct sppp *); 411 static void sppp_pap_scr(struct sppp *); 412 static void sppp_pap_scr(struct sppp *); 413 414 static void sppp_chap_input(struct sppp *, struct mbuf *); 415 static void sppp_chap_init(struct sppp *); 416 static void sppp_chap_open(struct sppp *, void *); 417 static void sppp_chap_tlu(struct sppp *); 418 static void sppp_chap_scr(struct sppp *); 419 static void sppp_chap_rcv_challenge_event(struct sppp *, void *); 420 421 static const char *sppp_auth_type_name(u_short, u_char); 422 static const char *sppp_cp_type_name(u_char); 423 static const char *sppp_dotted_quad(uint32_t); 424 static const char *sppp_ipcp_opt_name(u_char); 425 #ifdef INET6 426 static const char *sppp_ipv6cp_opt_name(u_char); 427 #endif 428 static const char *sppp_lcp_opt_name(u_char); 429 static const char *sppp_phase_name(int); 430 static const char *sppp_proto_name(u_short); 431 static const char *sppp_state_name(int); 432 static int sppp_params(struct sppp *, u_long, void *); 433 #ifdef INET 434 static void sppp_get_ip_addrs(struct sppp *, uint32_t *, uint32_t *, uint32_t *); 435 static void sppp_set_ip_addrs(struct sppp *); 436 static void sppp_clear_ip_addrs(struct sppp *); 437 #endif 438 static void sppp_keepalive(void *); 439 static void sppp_phase_network(struct sppp *); 440 static void sppp_print_bytes(const u_char *, u_short); 441 static void sppp_print_string(const char *, u_short); 442 #ifdef INET6 443 static void sppp_get_ip6_addrs(struct sppp *, struct in6_addr *, 444 struct in6_addr *, struct in6_addr *); 445 #ifdef IPV6CP_MYIFID_DYN 446 static void sppp_set_ip6_addr(struct sppp *, const struct in6_addr *); 447 static void sppp_gen_ip6_addr(struct sppp *, const struct in6_addr *); 448 #endif 449 static void sppp_suggest_ip6_addr(struct sppp *, struct in6_addr *); 450 #endif 451 452 static void sppp_notify_up(struct sppp *); 453 static void sppp_notify_down(struct sppp *); 454 static void sppp_notify_tls_wlocked(struct sppp *); 455 static void sppp_notify_tlf_wlocked(struct sppp *); 456 #ifdef INET6 457 static void sppp_notify_con_wlocked(struct sppp *); 458 #endif 459 static void sppp_notify_con(struct sppp *); 460 461 static void sppp_notify_chg_wlocked(struct sppp *); 462 463 /* our control protocol descriptors */ 464 static const struct cp lcp = { 465 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 466 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, 467 sppp_close_event, sppp_to_event, 468 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, 469 sppp_lcp_tlf, sppp_lcp_scr, sppp_sca_scn, 470 sppp_lcp_confreq, sppp_lcp_confrej, sppp_lcp_confnak 471 }; 472 473 static const struct cp ipcp = { 474 PPP_IPCP, IDX_IPCP, 475 #ifdef INET 476 CP_NCP, /*don't run IPCP if there's no IPv4 support*/ 477 #else 478 0, 479 #endif 480 "ipcp", 481 sppp_up_event, sppp_down_event, sppp_ipcp_open, 482 sppp_ipcp_close, sppp_to_event, 483 sppp_ipcp_tlu, sppp_null, sppp_tls, 484 sppp_tlf, sppp_ipcp_scr, sppp_sca_scn, 485 sppp_ipcp_confreq, sppp_ipcp_confrej, sppp_ipcp_confnak, 486 }; 487 488 static const struct cp ipv6cp = { 489 PPP_IPV6CP, IDX_IPV6CP, 490 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 491 CP_NCP, 492 #else 493 0, 494 #endif 495 "ipv6cp", 496 sppp_up_event, sppp_down_event, sppp_ipv6cp_open, 497 sppp_close_event, sppp_to_event, 498 sppp_ipv6cp_tlu, sppp_null, sppp_tls, 499 sppp_tlf, sppp_ipv6cp_scr, sppp_sca_scn, 500 sppp_ipv6cp_confreq, sppp_ipv6cp_confrej, sppp_ipv6cp_confnak, 501 }; 502 503 static const struct cp pap = { 504 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 505 sppp_up_event, sppp_down_event, sppp_open_event, 506 sppp_close_event, sppp_to_event, 507 sppp_pap_tlu, sppp_null, sppp_tls, sppp_tlf, 508 sppp_pap_scr, sppp_auth_sca_scn, 509 NULL, NULL, NULL 510 }; 511 512 static const struct cp chap = { 513 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 514 sppp_up_event, sppp_down_event, sppp_chap_open, 515 sppp_close_event, sppp_auth_to_event, 516 sppp_chap_tlu, sppp_null, sppp_tls, sppp_tlf, 517 sppp_chap_scr, sppp_auth_sca_scn, 518 NULL, NULL, NULL 519 }; 520 521 static const struct cp *cps[IDX_COUNT] = { 522 &lcp, /* IDX_LCP */ 523 &ipcp, /* IDX_IPCP */ 524 &ipv6cp, /* IDX_IPV6CP */ 525 &pap, /* IDX_PAP */ 526 &chap, /* IDX_CHAP */ 527 }; 528 529 static void 530 sppp_change_phase(struct sppp *sp, int phase) 531 { 532 STDDCL; 533 534 KASSERT(SPPP_WLOCKED(sp)); 535 536 if (sp->pp_phase == phase) 537 return; 538 539 sp->pp_phase = phase; 540 541 if (phase == SPPP_PHASE_NETWORK) 542 if_link_state_change(ifp, LINK_STATE_UP); 543 else 544 if_link_state_change(ifp, LINK_STATE_DOWN); 545 546 if (debug) 547 { 548 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 549 sppp_phase_name(sp->pp_phase)); 550 } 551 } 552 553 /* 554 * Exported functions, comprising our interface to the lower layer. 555 */ 556 557 /* 558 * Process the received packet. 559 */ 560 void 561 sppp_input(struct ifnet *ifp, struct mbuf *m) 562 { 563 struct ppp_header *h = NULL; 564 pktqueue_t *pktq = NULL; 565 struct ifqueue *inq = NULL; 566 uint16_t protocol; 567 struct sppp *sp = (struct sppp *)ifp; 568 int debug = ifp->if_flags & IFF_DEBUG; 569 int isr = 0; 570 571 SPPP_LOCK(sp, RW_READER); 572 573 if (ifp->if_flags & IFF_UP) { 574 /* Count received bytes, add hardware framing */ 575 if_statadd(ifp, if_ibytes, m->m_pkthdr.len + sp->pp_framebytes); 576 /* Note time of last receive */ 577 sp->pp_last_receive = time_uptime; 578 } 579 580 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 581 /* Too small packet, drop it. */ 582 if (debug) 583 log(LOG_DEBUG, 584 "%s: input packet is too small, %d bytes\n", 585 ifp->if_xname, m->m_pkthdr.len); 586 drop: 587 if_statadd2(ifp, if_ierrors, 1, if_iqdrops, 1); 588 m_freem(m); 589 SPPP_UNLOCK(sp); 590 return; 591 } 592 593 if (sp->pp_flags & PP_NOFRAMING) { 594 memcpy(&protocol, mtod(m, void *), 2); 595 protocol = ntohs(protocol); 596 m_adj(m, 2); 597 } else { 598 599 /* Get PPP header. */ 600 h = mtod(m, struct ppp_header *); 601 m_adj(m, PPP_HEADER_LEN); 602 603 switch (h->address) { 604 case PPP_ALLSTATIONS: 605 if (h->control != PPP_UI) 606 goto invalid; 607 if (sp->pp_flags & PP_CISCO) { 608 if (debug) 609 log(LOG_DEBUG, 610 "%s: PPP packet in Cisco mode " 611 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 612 ifp->if_xname, 613 h->address, h->control, ntohs(h->protocol)); 614 goto drop; 615 } 616 break; 617 case CISCO_MULTICAST: 618 case CISCO_UNICAST: 619 /* Don't check the control field here (RFC 1547). */ 620 if (! (sp->pp_flags & PP_CISCO)) { 621 if (debug) 622 log(LOG_DEBUG, 623 "%s: Cisco packet in PPP mode " 624 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 625 ifp->if_xname, 626 h->address, h->control, ntohs(h->protocol)); 627 goto drop; 628 } 629 switch (ntohs(h->protocol)) { 630 default: 631 if_statinc(ifp, if_noproto); 632 goto invalid; 633 case CISCO_KEEPALIVE: 634 SPPP_UNLOCK(sp); 635 sppp_cisco_input((struct sppp *) ifp, m); 636 m_freem(m); 637 return; 638 #ifdef INET 639 case ETHERTYPE_IP: 640 pktq = ip_pktq; 641 break; 642 #endif 643 #ifdef INET6 644 case ETHERTYPE_IPV6: 645 pktq = ip6_pktq; 646 break; 647 #endif 648 } 649 goto queue_pkt; 650 default: /* Invalid PPP packet. */ 651 invalid: 652 if (debug) 653 log(LOG_DEBUG, 654 "%s: invalid input packet " 655 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 656 ifp->if_xname, 657 h->address, h->control, ntohs(h->protocol)); 658 goto drop; 659 } 660 protocol = ntohs(h->protocol); 661 } 662 663 switch (protocol) { 664 default: 665 if (sp->scp[IDX_LCP].state == STATE_OPENED) { 666 uint16_t prot = htons(protocol); 667 668 SPPP_UPGRADE(sp); 669 sppp_cp_send(sp, PPP_LCP, PROTO_REJ, 670 ++sp->scp[IDX_LCP].seq, m->m_pkthdr.len + 2, 671 &prot); 672 SPPP_DOWNGRADE(sp); 673 } 674 if (debug) 675 log(LOG_DEBUG, 676 "%s: invalid input protocol " 677 "<proto=0x%x>\n", ifp->if_xname, ntohs(protocol)); 678 if_statinc(ifp, if_noproto); 679 goto drop; 680 case PPP_LCP: 681 SPPP_UNLOCK(sp); 682 sppp_cp_input(&lcp, sp, m); 683 m_freem(m); 684 return; 685 case PPP_PAP: 686 SPPP_UNLOCK(sp); 687 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 688 sppp_pap_input(sp, m); 689 } 690 m_freem(m); 691 return; 692 case PPP_CHAP: 693 SPPP_UNLOCK(sp); 694 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 695 sppp_chap_input(sp, m); 696 } 697 m_freem(m); 698 return; 699 #ifdef INET 700 case PPP_IPCP: 701 SPPP_UNLOCK(sp); 702 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 703 sppp_cp_input(&ipcp, sp, m); 704 } 705 m_freem(m); 706 return; 707 case PPP_IP: 708 if (sp->scp[IDX_IPCP].state == STATE_OPENED) { 709 sp->pp_last_activity = time_uptime; 710 pktq = ip_pktq; 711 } 712 break; 713 #endif 714 #ifdef INET6 715 case PPP_IPV6CP: 716 SPPP_UNLOCK(sp); 717 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 718 sppp_cp_input(&ipv6cp, sp, m); 719 } 720 m_freem(m); 721 return; 722 723 case PPP_IPV6: 724 if (sp->scp[IDX_IPV6CP].state == STATE_OPENED) { 725 sp->pp_last_activity = time_uptime; 726 pktq = ip6_pktq; 727 } 728 break; 729 #endif 730 } 731 732 queue_pkt: 733 if ((ifp->if_flags & IFF_UP) == 0 || (!inq && !pktq)) { 734 goto drop; 735 } 736 737 /* Check queue. */ 738 if (__predict_true(pktq)) { 739 if (__predict_false(!pktq_enqueue(pktq, m, 0))) { 740 goto drop; 741 } 742 SPPP_UNLOCK(sp); 743 return; 744 } 745 746 SPPP_UNLOCK(sp); 747 748 IFQ_LOCK(inq); 749 if (IF_QFULL(inq)) { 750 /* Queue overflow. */ 751 IF_DROP(inq); 752 IFQ_UNLOCK(inq); 753 if (debug) 754 log(LOG_DEBUG, "%s: protocol queue overflow\n", 755 ifp->if_xname); 756 757 SPPP_LOCK(sp, RW_READER); 758 goto drop; 759 } 760 IF_ENQUEUE(inq, m); 761 IFQ_UNLOCK(inq); 762 schednetisr(isr); 763 } 764 765 /* 766 * Enqueue transmit packet. 767 */ 768 static int 769 sppp_output(struct ifnet *ifp, struct mbuf *m, 770 const struct sockaddr *dst, const struct rtentry *rt) 771 { 772 struct sppp *sp = (struct sppp *) ifp; 773 struct ppp_header *h = NULL; 774 #ifndef SPPPSUBR_MPSAFE 775 struct ifqueue *ifq = NULL; /* XXX */ 776 #endif 777 int s, error = 0; 778 uint16_t protocol; 779 size_t pktlen; 780 781 s = splnet(); 782 SPPP_LOCK(sp, RW_READER); 783 784 sp->pp_last_activity = time_uptime; 785 786 if ((ifp->if_flags & IFF_UP) == 0 || 787 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 788 SPPP_UNLOCK(sp); 789 splx(s); 790 791 m_freem(m); 792 793 return (ENETDOWN); 794 } 795 796 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 797 /* 798 * Interface is not yet running, but auto-dial. Need 799 * to start LCP for it. 800 */ 801 ifp->if_flags |= IFF_RUNNING; 802 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); 803 } 804 805 /* 806 * If the queueing discipline needs packet classification, 807 * do it before prepending link headers. 808 */ 809 IFQ_CLASSIFY(&ifp->if_snd, m, dst->sa_family); 810 811 #ifdef INET 812 if (dst->sa_family == AF_INET) { 813 struct ip *ip = NULL; 814 #ifndef SPPPSUBR_MPSAFE 815 struct tcphdr *th = NULL; 816 #endif 817 818 if (m->m_len >= sizeof(struct ip)) { 819 ip = mtod(m, struct ip *); 820 #ifndef SPPPSUBR_MPSAFE 821 if (ip->ip_p == IPPROTO_TCP && 822 m->m_len >= sizeof(struct ip) + (ip->ip_hl << 2) + 823 sizeof(struct tcphdr)) { 824 th = (struct tcphdr *) 825 ((char *)ip + (ip->ip_hl << 2)); 826 } 827 #endif 828 } else 829 ip = NULL; 830 831 /* 832 * When using dynamic local IP address assignment by using 833 * 0.0.0.0 as a local address, the first TCP session will 834 * not connect because the local TCP checksum is computed 835 * using 0.0.0.0 which will later become our real IP address 836 * so the TCP checksum computed at the remote end will 837 * become invalid. So we 838 * - don't let packets with src ip addr 0 thru 839 * - we flag TCP packets with src ip 0 as an error 840 */ 841 if (ip && ip->ip_src.s_addr == INADDR_ANY) { 842 uint8_t proto = ip->ip_p; 843 844 SPPP_UNLOCK(sp); 845 splx(s); 846 847 m_freem(m); 848 if (proto == IPPROTO_TCP) 849 return (EADDRNOTAVAIL); 850 else 851 return (0); 852 } 853 854 #ifndef SPPPSUBR_MPSAFE 855 /* 856 * Put low delay, telnet, rlogin and ftp control packets 857 * in front of the queue. 858 */ 859 if (!IF_QFULL(&sp->pp_fastq) && 860 ((ip && (ip->ip_tos & IPTOS_LOWDELAY)) || 861 (th && (INTERACTIVE(ntohs(th->th_sport)) || 862 INTERACTIVE(ntohs(th->th_dport)))))) 863 ifq = &sp->pp_fastq; 864 #endif /* !SPPPSUBR_MPSAFE */ 865 } 866 #endif 867 868 #ifdef INET6 869 if (dst->sa_family == AF_INET6) { 870 /* XXX do something tricky here? */ 871 } 872 #endif 873 874 if ((sp->pp_flags & PP_NOFRAMING) == 0) { 875 /* 876 * Prepend general data packet PPP header. For now, IP only. 877 */ 878 M_PREPEND(m, PPP_HEADER_LEN, M_DONTWAIT); 879 if (! m) { 880 if (ifp->if_flags & IFF_DEBUG) 881 log(LOG_DEBUG, "%s: no memory for transmit header\n", 882 ifp->if_xname); 883 if_statinc(ifp, if_oerrors); 884 SPPP_UNLOCK(sp); 885 splx(s); 886 return (ENOBUFS); 887 } 888 /* 889 * May want to check size of packet 890 * (albeit due to the implementation it's always enough) 891 */ 892 h = mtod(m, struct ppp_header *); 893 if (sp->pp_flags & PP_CISCO) { 894 h->address = CISCO_UNICAST; /* unicast address */ 895 h->control = 0; 896 } else { 897 h->address = PPP_ALLSTATIONS; /* broadcast address */ 898 h->control = PPP_UI; /* Unnumbered Info */ 899 } 900 } 901 902 switch (dst->sa_family) { 903 #ifdef INET 904 case AF_INET: /* Internet Protocol */ 905 if (sp->pp_flags & PP_CISCO) 906 protocol = htons(ETHERTYPE_IP); 907 else { 908 /* 909 * Don't choke with an ENETDOWN early. It's 910 * possible that we just started dialing out, 911 * so don't drop the packet immediately. If 912 * we notice that we run out of buffer space 913 * below, we will however remember that we are 914 * not ready to carry IP packets, and return 915 * ENETDOWN, as opposed to ENOBUFS. 916 */ 917 protocol = htons(PPP_IP); 918 if (sp->scp[IDX_IPCP].state != STATE_OPENED) 919 error = ENETDOWN; 920 } 921 break; 922 #endif 923 #ifdef INET6 924 case AF_INET6: /* Internet Protocol version 6 */ 925 if (sp->pp_flags & PP_CISCO) 926 protocol = htons(ETHERTYPE_IPV6); 927 else { 928 /* 929 * Don't choke with an ENETDOWN early. It's 930 * possible that we just started dialing out, 931 * so don't drop the packet immediately. If 932 * we notice that we run out of buffer space 933 * below, we will however remember that we are 934 * not ready to carry IP packets, and return 935 * ENETDOWN, as opposed to ENOBUFS. 936 */ 937 protocol = htons(PPP_IPV6); 938 if (sp->scp[IDX_IPV6CP].state != STATE_OPENED) 939 error = ENETDOWN; 940 } 941 break; 942 #endif 943 default: 944 m_freem(m); 945 if_statinc(ifp, if_oerrors); 946 SPPP_UNLOCK(sp); 947 splx(s); 948 return (EAFNOSUPPORT); 949 } 950 951 if (sp->pp_flags & PP_NOFRAMING) { 952 M_PREPEND(m, 2, M_DONTWAIT); 953 if (m == NULL) { 954 if (ifp->if_flags & IFF_DEBUG) 955 log(LOG_DEBUG, "%s: no memory for transmit header\n", 956 ifp->if_xname); 957 if_statinc(ifp, if_oerrors); 958 SPPP_UNLOCK(sp); 959 splx(s); 960 return (ENOBUFS); 961 } 962 *mtod(m, uint16_t *) = protocol; 963 } else { 964 h->protocol = protocol; 965 } 966 967 pktlen = m->m_pkthdr.len; 968 #ifdef SPPPSUBR_MPSAFE 969 SPPP_UNLOCK(sp); 970 error = if_transmit_lock(ifp, m); 971 SPPP_LOCK(sp, RW_READER); 972 if (error == 0) 973 if_statadd(ifp, if_obytes, pktlen + sp->pp_framebytes); 974 #else /* !SPPPSUBR_MPSAFE */ 975 error = ifq_enqueue2(ifp, ifq, m); 976 977 if (error == 0) { 978 /* 979 * Count output packets and bytes. 980 * The packet length includes header + additional hardware 981 * framing according to RFC 1333. 982 */ 983 if (!(ifp->if_flags & IFF_OACTIVE)) { 984 SPPP_UNLOCK(sp); 985 if_start_lock(ifp); 986 SPPP_LOCK(sp, RW_READER); 987 } 988 if_statadd(ifp, if_obytes, pktlen + sp->pp_framebytes); 989 } 990 #endif /* !SPPPSUBR_MPSAFE */ 991 SPPP_UNLOCK(sp); 992 splx(s); 993 return error; 994 } 995 996 void 997 sppp_attach(struct ifnet *ifp) 998 { 999 struct sppp *sp = (struct sppp *) ifp; 1000 char xnamebuf[MAXCOMLEN]; 1001 1002 /* Initialize keepalive handler. */ 1003 if (! spppq) { 1004 callout_init(&keepalive_ch, CALLOUT_MPSAFE); 1005 callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 1006 } 1007 1008 if (! spppq_lock) 1009 spppq_lock = mutex_obj_alloc(MUTEX_DEFAULT, IPL_SOFTNET); 1010 1011 sp->pp_if.if_type = IFT_PPP; 1012 sp->pp_if.if_output = sppp_output; 1013 sp->pp_fastq.ifq_maxlen = 32; 1014 sp->pp_cpq.ifq_maxlen = 20; 1015 sp->pp_loopcnt = 0; 1016 sp->pp_alivecnt = 0; 1017 sp->pp_last_activity = 0; 1018 sp->pp_last_receive = 0; 1019 sp->pp_maxalive = DEFAULT_MAXALIVECNT; 1020 sp->pp_max_noreceive = DEFAULT_NORECV_TIME; 1021 sp->pp_idle_timeout = 0; 1022 sp->pp_max_auth_fail = DEFAULT_MAX_AUTH_FAILURES; 1023 sp->pp_phase = SPPP_PHASE_DEAD; 1024 sp->pp_up = sppp_notify_up; 1025 sp->pp_down = sppp_notify_down; 1026 sppp_wq_set(&sp->work_ifdown, sppp_ifdown, NULL); 1027 memset(sp->scp, 0, sizeof(sp->scp)); 1028 rw_init(&sp->pp_lock); 1029 1030 if_alloc_sadl(ifp); 1031 1032 /* Lets not beat about the bush, we know we're down. */ 1033 ifp->if_link_state = LINK_STATE_DOWN; 1034 1035 snprintf(xnamebuf, sizeof(xnamebuf), "%s.wq_cp", ifp->if_xname); 1036 sp->wq_cp = sppp_wq_create(sp, xnamebuf, 1037 PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE); 1038 1039 memset(&sp->myauth, 0, sizeof sp->myauth); 1040 memset(&sp->hisauth, 0, sizeof sp->hisauth); 1041 SPPP_LOCK(sp, RW_WRITER); 1042 sppp_lcp_init(sp); 1043 sppp_ipcp_init(sp); 1044 sppp_ipv6cp_init(sp); 1045 sppp_pap_init(sp); 1046 sppp_chap_init(sp); 1047 SPPP_UNLOCK(sp); 1048 1049 SPPPQ_LOCK(); 1050 /* Insert new entry into the keepalive list. */ 1051 sp->pp_next = spppq; 1052 spppq = sp; 1053 SPPPQ_UNLOCK(); 1054 } 1055 1056 void 1057 sppp_detach(struct ifnet *ifp) 1058 { 1059 struct sppp **q, *p, *sp = (struct sppp *) ifp; 1060 1061 /* Remove the entry from the keepalive list. */ 1062 SPPPQ_LOCK(); 1063 for (q = &spppq; (p = *q); q = &p->pp_next) 1064 if (p == sp) { 1065 *q = p->pp_next; 1066 break; 1067 } 1068 SPPPQ_UNLOCK(); 1069 1070 if (! spppq) { 1071 /* Stop keepalive handler. */ 1072 callout_stop(&keepalive_ch); 1073 mutex_obj_free(spppq_lock); 1074 spppq_lock = NULL; 1075 } 1076 1077 sppp_cp_fini(&lcp, sp); 1078 sppp_cp_fini(&ipcp, sp); 1079 sppp_cp_fini(&pap, sp); 1080 sppp_cp_fini(&chap, sp); 1081 #ifdef INET6 1082 sppp_cp_fini(&ipv6cp, sp); 1083 #endif 1084 sppp_wq_destroy(sp, sp->wq_cp); 1085 1086 /* free authentication info */ 1087 if (sp->myauth.name) free(sp->myauth.name, M_DEVBUF); 1088 if (sp->myauth.secret) free(sp->myauth.secret, M_DEVBUF); 1089 if (sp->hisauth.name) free(sp->hisauth.name, M_DEVBUF); 1090 if (sp->hisauth.secret) free(sp->hisauth.secret, M_DEVBUF); 1091 rw_destroy(&sp->pp_lock); 1092 } 1093 1094 /* 1095 * Flush the interface output queue. 1096 */ 1097 void 1098 sppp_flush(struct ifnet *ifp) 1099 { 1100 struct sppp *sp = (struct sppp *) ifp; 1101 1102 SPPP_LOCK(sp, RW_WRITER); 1103 IFQ_PURGE(&sp->pp_if.if_snd); 1104 IF_PURGE(&sp->pp_fastq); 1105 IF_PURGE(&sp->pp_cpq); 1106 SPPP_UNLOCK(sp); 1107 } 1108 1109 /* 1110 * Check if the output queue is empty. 1111 */ 1112 int 1113 sppp_isempty(struct ifnet *ifp) 1114 { 1115 struct sppp *sp = (struct sppp *) ifp; 1116 int empty, s; 1117 1118 s = splnet(); 1119 SPPP_LOCK(sp, RW_READER); 1120 empty = IF_IS_EMPTY(&sp->pp_fastq) && IF_IS_EMPTY(&sp->pp_cpq) && 1121 IFQ_IS_EMPTY(&sp->pp_if.if_snd); 1122 SPPP_UNLOCK(sp); 1123 splx(s); 1124 return (empty); 1125 } 1126 1127 /* 1128 * Get next packet to send. 1129 */ 1130 struct mbuf * 1131 sppp_dequeue(struct ifnet *ifp) 1132 { 1133 struct sppp *sp = (struct sppp *) ifp; 1134 struct mbuf *m; 1135 int s; 1136 1137 s = splnet(); 1138 SPPP_LOCK(sp, RW_WRITER); 1139 /* 1140 * Process only the control protocol queue until we have at 1141 * least one NCP open. 1142 * 1143 * Do always serve all three queues in Cisco mode. 1144 */ 1145 IF_DEQUEUE(&sp->pp_cpq, m); 1146 if (m == NULL && 1147 (sppp_cp_check(sp, CP_NCP) || (sp->pp_flags & PP_CISCO) != 0)) { 1148 IF_DEQUEUE(&sp->pp_fastq, m); 1149 if (m == NULL) 1150 IFQ_DEQUEUE(&sp->pp_if.if_snd, m); 1151 } 1152 SPPP_UNLOCK(sp); 1153 splx(s); 1154 return m; 1155 } 1156 1157 /* 1158 * Process an ioctl request. Called on low priority level. 1159 */ 1160 int 1161 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) 1162 { 1163 struct lwp *l = curlwp; /* XXX */ 1164 struct ifreq *ifr = (struct ifreq *) data; 1165 struct ifaddr *ifa = (struct ifaddr *) data; 1166 struct sppp *sp = (struct sppp *) ifp; 1167 int s, error=0, going_up, going_down; 1168 u_short newmode; 1169 1170 s = splnet(); 1171 switch (cmd) { 1172 case SIOCINITIFADDR: 1173 ifa->ifa_rtrequest = p2p_rtrequest; 1174 break; 1175 1176 case SIOCSIFFLAGS: 1177 if ((error = ifioctl_common(ifp, cmd, data)) != 0) 1178 break; 1179 1180 SPPP_LOCK(sp, RW_WRITER); 1181 going_up = ifp->if_flags & IFF_UP && 1182 (ifp->if_flags & IFF_RUNNING) == 0; 1183 going_down = (ifp->if_flags & IFF_UP) == 0 && 1184 ifp->if_flags & IFF_RUNNING; 1185 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 1186 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 1187 /* sanity */ 1188 newmode = IFF_PASSIVE; 1189 ifp->if_flags &= ~IFF_AUTO; 1190 } 1191 1192 if (going_up || going_down) { 1193 sp->lcp.reestablish = false; 1194 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 1195 } 1196 if (going_up && newmode == 0) { 1197 /* neither auto-dial nor passive */ 1198 ifp->if_flags |= IFF_RUNNING; 1199 if (!(sp->pp_flags & PP_CISCO)) { 1200 sppp_wq_add(sp->wq_cp, 1201 &sp->scp[IDX_LCP].work_open); 1202 } 1203 } else if (going_down) { 1204 SPPP_UNLOCK(sp); 1205 sppp_flush(ifp); 1206 SPPP_LOCK(sp, RW_WRITER); 1207 1208 ifp->if_flags &= ~IFF_RUNNING; 1209 } 1210 SPPP_UNLOCK(sp); 1211 break; 1212 1213 case SIOCSIFMTU: 1214 if (ifr->ifr_mtu < PPP_MINMRU || 1215 ifr->ifr_mtu > sp->lcp.their_mru) { 1216 error = EINVAL; 1217 break; 1218 } 1219 /*FALLTHROUGH*/ 1220 case SIOCGIFMTU: 1221 if ((error = ifioctl_common(ifp, cmd, data)) == ENETRESET) 1222 error = 0; 1223 break; 1224 case SIOCADDMULTI: 1225 case SIOCDELMULTI: 1226 break; 1227 1228 case SPPPSETAUTHCFG: 1229 case SPPPSETLCPCFG: 1230 case SPPPSETIDLETO: 1231 case SPPPSETAUTHFAILURE: 1232 case SPPPSETDNSOPTS: 1233 case SPPPSETKEEPALIVE: 1234 #if defined(COMPAT_50) || defined(MODULAR) 1235 case __SPPPSETIDLETO50: 1236 case __SPPPSETKEEPALIVE50: 1237 #endif /* COMPAT_50 || MODULAR */ 1238 error = kauth_authorize_network(l->l_cred, 1239 KAUTH_NETWORK_INTERFACE, 1240 KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd, 1241 NULL); 1242 if (error) 1243 break; 1244 error = sppp_params(sp, cmd, data); 1245 break; 1246 1247 case SPPPGETAUTHCFG: 1248 case SPPPGETLCPCFG: 1249 case SPPPGETAUTHFAILURES: 1250 error = kauth_authorize_network(l->l_cred, 1251 KAUTH_NETWORK_INTERFACE, 1252 KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, ifp, (void *)cmd, 1253 NULL); 1254 if (error) 1255 break; 1256 error = sppp_params(sp, cmd, data); 1257 break; 1258 1259 case SPPPGETSTATUS: 1260 case SPPPGETSTATUSNCP: 1261 case SPPPGETIDLETO: 1262 case SPPPGETDNSOPTS: 1263 case SPPPGETDNSADDRS: 1264 case SPPPGETKEEPALIVE: 1265 #if defined(COMPAT_50) || defined(MODULAR) 1266 case __SPPPGETIDLETO50: 1267 case __SPPPGETKEEPALIVE50: 1268 #endif /* COMPAT_50 || MODULAR */ 1269 case SPPPGETLCPSTATUS: 1270 case SPPPGETIPCPSTATUS: 1271 case SPPPGETIPV6CPSTATUS: 1272 error = sppp_params(sp, cmd, data); 1273 break; 1274 1275 default: 1276 error = ifioctl_common(ifp, cmd, data); 1277 break; 1278 } 1279 splx(s); 1280 return (error); 1281 } 1282 1283 /* 1284 * Cisco framing implementation. 1285 */ 1286 1287 /* 1288 * Handle incoming Cisco keepalive protocol packets. 1289 */ 1290 static void 1291 sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1292 { 1293 STDDCL; 1294 struct cisco_packet *h; 1295 #ifdef INET 1296 uint32_t me, mymask = 0; /* XXX: GCC */ 1297 #endif 1298 1299 SPPP_LOCK(sp, RW_WRITER); 1300 1301 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1302 if (debug) 1303 log(LOG_DEBUG, 1304 "%s: cisco invalid packet length: %d bytes\n", 1305 ifp->if_xname, m->m_pkthdr.len); 1306 SPPP_UNLOCK(sp); 1307 return; 1308 } 1309 h = mtod(m, struct cisco_packet *); 1310 if (debug) 1311 log(LOG_DEBUG, 1312 "%s: cisco input: %d bytes " 1313 "<0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", 1314 ifp->if_xname, m->m_pkthdr.len, 1315 ntohl(h->type), h->par1, h->par2, (u_int)h->rel, 1316 (u_int)h->time0, (u_int)h->time1); 1317 switch (ntohl(h->type)) { 1318 default: 1319 if (debug) 1320 addlog("%s: cisco unknown packet type: 0x%x\n", 1321 ifp->if_xname, ntohl(h->type)); 1322 break; 1323 case CISCO_ADDR_REPLY: 1324 /* Reply on address request, ignore */ 1325 break; 1326 case CISCO_KEEPALIVE_REQ: 1327 sp->pp_alivecnt = 0; 1328 sp->scp[IDX_LCP].rseq = ntohl(h->par1); 1329 if (sp->scp[IDX_LCP].seq == sp->scp[IDX_LCP].rseq) { 1330 /* Local and remote sequence numbers are equal. 1331 * Probably, the line is in loopback mode. */ 1332 if (sp->pp_loopcnt >= LOOPALIVECNT) { 1333 printf ("%s: loopback\n", 1334 ifp->if_xname); 1335 sp->pp_loopcnt = 0; 1336 if (ifp->if_flags & IFF_UP) { 1337 SPPP_UNLOCK(sp); 1338 if_down(ifp); 1339 SPPP_LOCK(sp, RW_WRITER); 1340 1341 IF_PURGE(&sp->pp_cpq); 1342 } 1343 } 1344 ++sp->pp_loopcnt; 1345 1346 /* Generate new local sequence number */ 1347 sp->scp[IDX_LCP].seq = cprng_fast32(); 1348 break; 1349 } 1350 sp->pp_loopcnt = 0; 1351 if (! (ifp->if_flags & IFF_UP) && 1352 (ifp->if_flags & IFF_RUNNING)) { 1353 SPPP_UNLOCK(sp); 1354 if_up(ifp); 1355 SPPP_LOCK(sp, RW_WRITER); 1356 } 1357 break; 1358 case CISCO_ADDR_REQ: 1359 #ifdef INET 1360 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1361 if (me != 0L) 1362 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1363 #endif 1364 break; 1365 } 1366 SPPP_UNLOCK(sp); 1367 } 1368 1369 /* 1370 * Send Cisco keepalive packet. 1371 */ 1372 static void 1373 sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2) 1374 { 1375 STDDCL; 1376 struct ppp_header *h; 1377 struct cisco_packet *ch; 1378 struct mbuf *m; 1379 uint32_t t; 1380 1381 KASSERT(SPPP_WLOCKED(sp)); 1382 1383 t = time_uptime * 1000; 1384 MGETHDR(m, M_DONTWAIT, MT_DATA); 1385 if (! m) 1386 return; 1387 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1388 m_reset_rcvif(m); 1389 1390 h = mtod(m, struct ppp_header *); 1391 h->address = CISCO_MULTICAST; 1392 h->control = 0; 1393 h->protocol = htons(CISCO_KEEPALIVE); 1394 1395 ch = (struct cisco_packet *)(h + 1); 1396 ch->type = htonl(type); 1397 ch->par1 = htonl(par1); 1398 ch->par2 = htonl(par2); 1399 ch->rel = -1; 1400 1401 ch->time0 = htons((u_short)(t >> 16)); 1402 ch->time1 = htons((u_short) t); 1403 1404 if (debug) 1405 log(LOG_DEBUG, 1406 "%s: cisco output: <0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", 1407 ifp->if_xname, ntohl(ch->type), ch->par1, 1408 ch->par2, (u_int)ch->rel, (u_int)ch->time0, 1409 (u_int)ch->time1); 1410 1411 if (IF_QFULL(&sp->pp_cpq)) { 1412 IF_DROP(&sp->pp_fastq); 1413 IF_DROP(&ifp->if_snd); 1414 m_freem(m); 1415 if_statinc(ifp, if_oerrors); 1416 return; 1417 } 1418 1419 if_statadd(ifp, if_obytes, m->m_pkthdr.len + sp->pp_framebytes); 1420 IF_ENQUEUE(&sp->pp_cpq, m); 1421 1422 if (! (ifp->if_flags & IFF_OACTIVE)) { 1423 SPPP_UNLOCK(sp); 1424 if_start_lock(ifp); 1425 SPPP_LOCK(sp, RW_WRITER); 1426 } 1427 } 1428 1429 /* 1430 * PPP protocol implementation. 1431 */ 1432 1433 /* 1434 * Send PPP control protocol packet. 1435 */ 1436 static void 1437 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1438 u_char ident, u_short len, void *data) 1439 { 1440 STDDCL; 1441 struct lcp_header *lh; 1442 struct mbuf *m; 1443 size_t pkthdrlen; 1444 1445 KASSERT(SPPP_WLOCKED(sp)); 1446 1447 pkthdrlen = (sp->pp_flags & PP_NOFRAMING) ? 2 : PPP_HEADER_LEN; 1448 1449 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) 1450 len = MHLEN - pkthdrlen - LCP_HEADER_LEN; 1451 MGETHDR(m, M_DONTWAIT, MT_DATA); 1452 if (! m) { 1453 return; 1454 } 1455 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 1456 m_reset_rcvif(m); 1457 1458 if (sp->pp_flags & PP_NOFRAMING) { 1459 *mtod(m, uint16_t *) = htons(proto); 1460 lh = (struct lcp_header *)(mtod(m, uint8_t *) + 2); 1461 } else { 1462 struct ppp_header *h; 1463 h = mtod(m, struct ppp_header *); 1464 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1465 h->control = PPP_UI; /* Unnumbered Info */ 1466 h->protocol = htons(proto); /* Link Control Protocol */ 1467 lh = (struct lcp_header *)(h + 1); 1468 } 1469 lh->type = type; 1470 lh->ident = ident; 1471 lh->len = htons(LCP_HEADER_LEN + len); 1472 if (len) 1473 memcpy(lh + 1, data, len); 1474 1475 if (debug) { 1476 log(LOG_DEBUG, "%s: %s output <%s id=0x%x len=%d", 1477 ifp->if_xname, 1478 sppp_proto_name(proto), 1479 sppp_cp_type_name(lh->type), lh->ident, ntohs(lh->len)); 1480 if (len) 1481 sppp_print_bytes((u_char *)(lh + 1), len); 1482 addlog(">\n"); 1483 } 1484 if (IF_QFULL(&sp->pp_cpq)) { 1485 IF_DROP(&sp->pp_fastq); 1486 IF_DROP(&ifp->if_snd); 1487 m_freem(m); 1488 if_statinc(ifp, if_oerrors); 1489 return; 1490 } 1491 1492 if_statadd(ifp, if_obytes, m->m_pkthdr.len + sp->pp_framebytes); 1493 IF_ENQUEUE(&sp->pp_cpq, m); 1494 1495 if (! (ifp->if_flags & IFF_OACTIVE)) { 1496 SPPP_UNLOCK(sp); 1497 if_start_lock(ifp); 1498 SPPP_LOCK(sp, RW_WRITER); 1499 } 1500 } 1501 1502 static void 1503 sppp_cp_to_lcp(void *xsp) 1504 { 1505 struct sppp *sp = xsp; 1506 1507 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_to); 1508 } 1509 1510 static void 1511 sppp_cp_to_ipcp(void *xsp) 1512 { 1513 struct sppp *sp = xsp; 1514 1515 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_IPCP].work_to); 1516 } 1517 1518 static void 1519 sppp_cp_to_ipv6cp(void *xsp) 1520 { 1521 struct sppp *sp = xsp; 1522 1523 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_IPV6CP].work_to); 1524 } 1525 1526 static void 1527 sppp_cp_to_pap(void *xsp) 1528 { 1529 struct sppp *sp = xsp; 1530 1531 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_to); 1532 } 1533 1534 static void 1535 sppp_cp_to_chap(void *xsp) 1536 { 1537 struct sppp *sp = xsp; 1538 1539 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_to); 1540 } 1541 1542 static void 1543 sppp_cp_init(const struct cp *cp, struct sppp *sp) 1544 { 1545 struct sppp_cp *scp; 1546 typedef void (*sppp_co_cb_t)(void *); 1547 static const sppp_co_cb_t to_cb[IDX_COUNT] = { 1548 [IDX_LCP] = sppp_cp_to_lcp, 1549 [IDX_IPCP] = sppp_cp_to_ipcp, 1550 [IDX_IPV6CP] = sppp_cp_to_ipv6cp, 1551 [IDX_PAP] = sppp_cp_to_pap, 1552 [IDX_CHAP] = sppp_cp_to_chap, 1553 }; 1554 1555 scp = &sp->scp[cp->protoidx]; 1556 scp->state = STATE_INITIAL; 1557 scp->fail_counter = 0; 1558 scp->seq = 0; 1559 scp->rseq = 0; 1560 1561 SPPP_WQ_SET(&scp->work_up, cp->Up, cp); 1562 SPPP_WQ_SET(&scp->work_down, cp->Down, cp); 1563 SPPP_WQ_SET(&scp->work_open, cp->Open, cp); 1564 SPPP_WQ_SET(&scp->work_close, cp->Close, cp); 1565 SPPP_WQ_SET(&scp->work_to, cp->TO, cp); 1566 SPPP_WQ_SET(&scp->work_rcr, sppp_rcr_event, cp); 1567 SPPP_WQ_SET(&scp->work_rca, sppp_rca_event, cp); 1568 SPPP_WQ_SET(&scp->work_rcn, sppp_rcn_event, cp); 1569 SPPP_WQ_SET(&scp->work_rtr, sppp_rtr_event, cp); 1570 SPPP_WQ_SET(&scp->work_rta, sppp_rta_event, cp); 1571 SPPP_WQ_SET(&scp->work_rxj, sppp_rxj_event, cp); 1572 1573 callout_init(&scp->ch, CALLOUT_MPSAFE); 1574 callout_setfunc(&scp->ch, to_cb[cp->protoidx], sp); 1575 } 1576 1577 static void 1578 sppp_cp_fini(const struct cp *cp, struct sppp *sp) 1579 { 1580 struct sppp_cp *scp; 1581 scp = &sp->scp[cp->protoidx]; 1582 1583 sppp_wq_wait(sp->wq_cp, &scp->work_up); 1584 sppp_wq_wait(sp->wq_cp, &scp->work_down); 1585 sppp_wq_wait(sp->wq_cp, &scp->work_open); 1586 sppp_wq_wait(sp->wq_cp, &scp->work_close); 1587 sppp_wq_wait(sp->wq_cp, &scp->work_to); 1588 sppp_wq_wait(sp->wq_cp, &scp->work_rcr); 1589 sppp_wq_wait(sp->wq_cp, &scp->work_rca); 1590 sppp_wq_wait(sp->wq_cp, &scp->work_rcn); 1591 sppp_wq_wait(sp->wq_cp, &scp->work_rtr); 1592 sppp_wq_wait(sp->wq_cp, &scp->work_rta); 1593 sppp_wq_wait(sp->wq_cp, &scp->work_rxj); 1594 1595 callout_halt(&scp->ch, NULL); 1596 callout_destroy(&scp->ch); 1597 } 1598 1599 /* 1600 * Handle incoming PPP control protocol packets. 1601 */ 1602 static void 1603 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1604 { 1605 STDDCL; 1606 struct lcp_header *h; 1607 int printlen, len = m->m_pkthdr.len; 1608 enum cp_rcr_type type; 1609 size_t blen, rlen; 1610 u_char *p; 1611 uint32_t u32; 1612 uint8_t *buf; 1613 1614 SPPP_LOCK(sp, RW_WRITER); 1615 1616 if (len < 4) { 1617 if (debug) 1618 log(LOG_DEBUG, 1619 "%s: %s invalid packet length: %d bytes\n", 1620 ifp->if_xname, cp->name, len); 1621 SPPP_UNLOCK(sp); 1622 return; 1623 } 1624 h = mtod(m, struct lcp_header *); 1625 if (debug) { 1626 printlen = ntohs(h->len); 1627 log(LOG_DEBUG, 1628 "%s: %s input(%s): <%s id=0x%x len=%d", 1629 ifp->if_xname, cp->name, 1630 sppp_state_name(sp->scp[cp->protoidx].state), 1631 sppp_cp_type_name(h->type), h->ident, printlen); 1632 if (len < printlen) 1633 printlen = len; 1634 if (printlen > 4) 1635 sppp_print_bytes((u_char *)(h + 1), printlen - 4); 1636 addlog(">\n"); 1637 } 1638 if (len > ntohs(h->len)) 1639 len = ntohs(h->len); 1640 p = (u_char *)(h + 1); 1641 switch (h->type) { 1642 case CONF_REQ: 1643 if (len < 4) { 1644 if (debug) 1645 addlog("%s: %s invalid conf-req length %d\n", 1646 ifp->if_xname, cp->name, 1647 len); 1648 if_statinc(ifp, if_ierrors); 1649 break; 1650 } 1651 1652 buf = NULL; 1653 blen = 0; 1654 rlen = 0; 1655 1656 type = (cp->parse_confreq)(sp, h, len, 1657 &buf, &blen, &rlen); 1658 1659 if (type == CP_RCR_ERR) { 1660 /* fatal error, shut down */ 1661 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 1662 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); 1663 } else if (buf != NULL) { 1664 if (sp->scp[cp->protoidx].rcr_buf != NULL) { 1665 kmem_intr_free(sp->scp[cp->protoidx].rcr_buf, 1666 sp->scp[cp->protoidx].rcr_blen); 1667 } 1668 1669 sp->scp[cp->protoidx].rcr_buf = (void *)buf; 1670 buf = NULL; 1671 1672 sp->scp[cp->protoidx].rcr_blen = blen; 1673 sp->scp[cp->protoidx].rcr_rlen = rlen; 1674 sp->scp[cp->protoidx].rcr_type = type; 1675 sp->scp[cp->protoidx].rconfid = h->ident; 1676 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rcr); 1677 } 1678 break; 1679 case CONF_ACK: 1680 if (h->ident != sp->scp[cp->protoidx].confid) { 1681 if (debug) 1682 addlog("%s: %s id mismatch 0x%x != 0x%x\n", 1683 ifp->if_xname, cp->name, 1684 h->ident, sp->scp[cp->protoidx].confid); 1685 if_statinc(ifp, if_ierrors); 1686 break; 1687 } 1688 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rca); 1689 break; 1690 case CONF_NAK: 1691 case CONF_REJ: 1692 if (h->ident != sp->scp[cp->protoidx].confid) { 1693 if (debug) 1694 addlog("%s: %s id mismatch 0x%x != 0x%x\n", 1695 ifp->if_xname, cp->name, 1696 h->ident, sp->scp[cp->protoidx].confid); 1697 if_statinc(ifp, if_ierrors); 1698 break; 1699 } 1700 if (h->type == CONF_NAK) 1701 (cp->parse_confnak)(sp, h, len); 1702 else /* CONF_REJ */ 1703 (cp->parse_confrej)(sp, h, len); 1704 1705 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rcn); 1706 break; 1707 1708 case TERM_REQ: 1709 sp->scp[cp->protoidx].rseq = h->ident; 1710 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rtr); 1711 break; 1712 case TERM_ACK: 1713 if (h->ident != sp->scp[cp->protoidx].confid && 1714 h->ident != sp->scp[cp->protoidx].seq) { 1715 if (debug) 1716 addlog("%s: %s id mismatch " 1717 "0x%x != 0x%x and 0x%x != %0lx\n", 1718 ifp->if_xname, cp->name, 1719 h->ident, sp->scp[cp->protoidx].confid, 1720 h->ident, sp->scp[cp->protoidx].seq); 1721 if_statinc(ifp, if_ierrors); 1722 break; 1723 } 1724 1725 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rta); 1726 break; 1727 case CODE_REJ: 1728 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1729 log(LOG_INFO, 1730 "%s: %s: ignoring RXJ (%s) for code ?, " 1731 "danger will robinson\n", 1732 ifp->if_xname, cp->name, 1733 sppp_cp_type_name(h->type)); 1734 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rxj); 1735 break; 1736 case PROTO_REJ: 1737 { 1738 int catastrophic; 1739 const struct cp *upper; 1740 int i; 1741 uint16_t proto; 1742 1743 catastrophic = 0; 1744 upper = NULL; 1745 proto = p[0] << 8 | p[1]; 1746 for (i = 0; i < IDX_COUNT; i++) { 1747 if (cps[i]->proto == proto) { 1748 upper = cps[i]; 1749 break; 1750 } 1751 } 1752 if (upper == NULL) 1753 catastrophic++; 1754 1755 if (debug) 1756 log(LOG_INFO, 1757 "%s: %s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1758 ifp->if_xname, cp->name, catastrophic ? '-' : '+', 1759 sppp_cp_type_name(h->type), proto, 1760 upper ? upper->name : "unknown", 1761 upper ? sppp_state_name(sp->scp[upper->protoidx].state) : "?"); 1762 1763 /* 1764 * if we got RXJ+ against conf-req, the peer does not implement 1765 * this particular protocol type. terminate the protocol. 1766 */ 1767 if (upper && !catastrophic) { 1768 if (sp->scp[upper->protoidx].state == STATE_REQ_SENT) { 1769 sppp_wq_add(sp->wq_cp, 1770 &sp->scp[upper->protoidx].work_close); 1771 break; 1772 } 1773 } 1774 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rxj); 1775 break; 1776 } 1777 case DISC_REQ: 1778 if (cp->proto != PPP_LCP) 1779 goto illegal; 1780 /* Discard the packet. */ 1781 break; 1782 case ECHO_REQ: 1783 if (cp->proto != PPP_LCP) 1784 goto illegal; 1785 if (sp->scp[cp->protoidx].state != STATE_OPENED) { 1786 if (debug) 1787 addlog("%s: lcp echo req but lcp closed\n", 1788 ifp->if_xname); 1789 if_statinc(ifp, if_ierrors); 1790 break; 1791 } 1792 if (len < 8) { 1793 if (debug) 1794 addlog("%s: invalid lcp echo request " 1795 "packet length: %d bytes\n", 1796 ifp->if_xname, len); 1797 break; 1798 } 1799 memcpy(&u32, h + 1, sizeof u32); 1800 if (ntohl(u32) == sp->lcp.magic) { 1801 /* Line loopback mode detected. */ 1802 printf("%s: loopback\n", ifp->if_xname); 1803 SPPP_UNLOCK(sp); 1804 if_down(ifp); 1805 SPPP_LOCK(sp, RW_WRITER); 1806 1807 IF_PURGE(&sp->pp_cpq); 1808 1809 /* Shut down the PPP link. */ 1810 /* XXX */ 1811 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_down); 1812 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_up); 1813 break; 1814 } 1815 u32 = htonl(sp->lcp.magic); 1816 memcpy(h + 1, &u32, sizeof u32); 1817 if (debug) 1818 addlog("%s: got lcp echo req, sending echo rep\n", 1819 ifp->if_xname); 1820 sppp_cp_send(sp, PPP_LCP, ECHO_REPLY, h->ident, len - 4, 1821 h + 1); 1822 break; 1823 case ECHO_REPLY: 1824 if (cp->proto != PPP_LCP) 1825 goto illegal; 1826 if (h->ident != sp->lcp.echoid) { 1827 if_statinc(ifp, if_ierrors); 1828 break; 1829 } 1830 if (len < 8) { 1831 if (debug) 1832 addlog("%s: lcp invalid echo reply " 1833 "packet length: %d bytes\n", 1834 ifp->if_xname, len); 1835 break; 1836 } 1837 if (debug) 1838 addlog("%s: lcp got echo rep\n", 1839 ifp->if_xname); 1840 memcpy(&u32, h + 1, sizeof u32); 1841 if (ntohl(u32) != sp->lcp.magic) 1842 sp->pp_alivecnt = 0; 1843 break; 1844 default: 1845 /* Unknown packet type -- send Code-Reject packet. */ 1846 illegal: 1847 if (debug) 1848 addlog("%s: %s send code-rej for 0x%x\n", 1849 ifp->if_xname, cp->name, h->type); 1850 sppp_cp_send(sp, cp->proto, CODE_REJ, 1851 ++sp->scp[cp->protoidx].seq, m->m_pkthdr.len, h); 1852 if_statinc(ifp, if_ierrors); 1853 } 1854 1855 SPPP_UNLOCK(sp); 1856 } 1857 1858 /* 1859 * The generic part of all Up/Down/Open/Close/TO event handlers. 1860 * Basically, the state transition handling in the automaton. 1861 */ 1862 static void 1863 sppp_up_event(struct sppp *sp, void *xcp) 1864 { 1865 const struct cp *cp = xcp; 1866 STDDCL; 1867 1868 KASSERT(SPPP_WLOCKED(sp)); 1869 KASSERT(!cpu_softintr_p()); 1870 1871 if ((cp->flags & CP_AUTH) != 0 && 1872 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) 1873 return; 1874 1875 if (debug) 1876 log(LOG_DEBUG, "%s: %s up(%s)\n", 1877 ifp->if_xname, cp->name, 1878 sppp_state_name(sp->scp[cp->protoidx].state)); 1879 1880 switch (sp->scp[cp->protoidx].state) { 1881 case STATE_INITIAL: 1882 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1883 break; 1884 case STATE_STARTING: 1885 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 1886 (cp->scr)(sp); 1887 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1888 break; 1889 default: 1890 printf("%s: %s illegal up in state %s\n", 1891 ifp->if_xname, cp->name, 1892 sppp_state_name(sp->scp[cp->protoidx].state)); 1893 } 1894 } 1895 1896 static void 1897 sppp_down_event(struct sppp *sp, void *xcp) 1898 { 1899 const struct cp *cp = xcp; 1900 STDDCL; 1901 1902 KASSERT(SPPP_WLOCKED(sp)); 1903 KASSERT(!cpu_softintr_p()); 1904 1905 if ((cp->flags & CP_AUTH) != 0 && 1906 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) 1907 return; 1908 1909 if (debug) 1910 log(LOG_DEBUG, "%s: %s down(%s)\n", 1911 ifp->if_xname, cp->name, 1912 sppp_state_name(sp->scp[cp->protoidx].state)); 1913 1914 switch (sp->scp[cp->protoidx].state) { 1915 case STATE_CLOSED: 1916 case STATE_CLOSING: 1917 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1918 break; 1919 case STATE_STOPPED: 1920 (cp->tls)(cp, sp); 1921 /* fall through */ 1922 case STATE_STOPPING: 1923 case STATE_REQ_SENT: 1924 case STATE_ACK_RCVD: 1925 case STATE_ACK_SENT: 1926 sppp_cp_change_state(cp, sp, STATE_STARTING); 1927 break; 1928 case STATE_OPENED: 1929 (cp->tld)(sp); 1930 sppp_cp_change_state(cp, sp, STATE_STARTING); 1931 break; 1932 default: 1933 /* 1934 * a down event may be caused regardless 1935 * of state just in LCP case. 1936 */ 1937 if (cp->proto == PPP_LCP) 1938 break; 1939 1940 printf("%s: %s illegal down in state %s\n", 1941 ifp->if_xname, cp->name, 1942 sppp_state_name(sp->scp[cp->protoidx].state)); 1943 } 1944 } 1945 1946 static void 1947 sppp_open_event(struct sppp *sp, void *xcp) 1948 { 1949 const struct cp *cp = xcp; 1950 STDDCL; 1951 1952 KASSERT(SPPP_WLOCKED(sp)); 1953 KASSERT(!cpu_softintr_p()); 1954 1955 if ((cp->flags & CP_AUTH) != 0 && 1956 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) 1957 return; 1958 1959 if (debug) 1960 log(LOG_DEBUG, "%s: %s open(%s)\n", 1961 ifp->if_xname, cp->name, 1962 sppp_state_name(sp->scp[cp->protoidx].state)); 1963 1964 switch (sp->scp[cp->protoidx].state) { 1965 case STATE_INITIAL: 1966 sppp_cp_change_state(cp, sp, STATE_STARTING); 1967 (cp->tls)(cp, sp); 1968 break; 1969 case STATE_STARTING: 1970 break; 1971 case STATE_CLOSED: 1972 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 1973 (cp->scr)(sp); 1974 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1975 break; 1976 case STATE_STOPPED: 1977 case STATE_STOPPING: 1978 case STATE_REQ_SENT: 1979 case STATE_ACK_RCVD: 1980 case STATE_ACK_SENT: 1981 case STATE_OPENED: 1982 break; 1983 case STATE_CLOSING: 1984 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1985 break; 1986 } 1987 } 1988 1989 static void 1990 sppp_close_event(struct sppp *sp, void *xcp) 1991 { 1992 const struct cp *cp = xcp; 1993 STDDCL; 1994 1995 KASSERT(SPPP_WLOCKED(sp)); 1996 KASSERT(!cpu_softintr_p()); 1997 1998 if ((cp->flags & CP_AUTH) != 0 && 1999 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) 2000 return; 2001 2002 if (debug) 2003 log(LOG_DEBUG, "%s: %s close(%s)\n", 2004 ifp->if_xname, cp->name, 2005 sppp_state_name(sp->scp[cp->protoidx].state)); 2006 2007 switch (sp->scp[cp->protoidx].state) { 2008 case STATE_INITIAL: 2009 case STATE_CLOSED: 2010 case STATE_CLOSING: 2011 break; 2012 case STATE_STARTING: 2013 sppp_cp_change_state(cp, sp, STATE_INITIAL); 2014 (cp->tlf)(cp, sp); 2015 break; 2016 case STATE_STOPPED: 2017 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2018 break; 2019 case STATE_STOPPING: 2020 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2021 break; 2022 case STATE_OPENED: 2023 (cp->tld)(sp); 2024 /* fall through */ 2025 case STATE_REQ_SENT: 2026 case STATE_ACK_RCVD: 2027 case STATE_ACK_SENT: 2028 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_terminate; 2029 if ((cp->flags & CP_AUTH) == 0) { 2030 sppp_cp_send(sp, cp->proto, TERM_REQ, 2031 ++sp->scp[cp->protoidx].seq, 0, 0); 2032 } 2033 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2034 break; 2035 } 2036 } 2037 2038 static void 2039 sppp_to_event(struct sppp *sp, void *xcp) 2040 { 2041 const struct cp *cp = xcp; 2042 int s; 2043 STDDCL; 2044 2045 KASSERT(SPPP_WLOCKED(sp)); 2046 KASSERT(!cpu_softintr_p()); 2047 2048 s = splnet(); 2049 2050 if (debug) 2051 log(LOG_DEBUG, "%s: %s TO(%s) rst_counter = %d\n", 2052 ifp->if_xname, cp->name, 2053 sppp_state_name(sp->scp[cp->protoidx].state), 2054 sp->scp[cp->protoidx].rst_counter); 2055 2056 if (--sp->scp[cp->protoidx].rst_counter < 0) 2057 /* TO- event */ 2058 switch (sp->scp[cp->protoidx].state) { 2059 case STATE_CLOSING: 2060 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2061 (cp->tlf)(cp, sp); 2062 break; 2063 case STATE_STOPPING: 2064 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2065 (cp->tlf)(cp, sp); 2066 break; 2067 case STATE_REQ_SENT: 2068 case STATE_ACK_RCVD: 2069 case STATE_ACK_SENT: 2070 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2071 (cp->tlf)(cp, sp); 2072 break; 2073 } 2074 else 2075 /* TO+ event */ 2076 switch (sp->scp[cp->protoidx].state) { 2077 case STATE_CLOSING: 2078 case STATE_STOPPING: 2079 if ((cp->flags & CP_AUTH) == 0) { 2080 sppp_cp_send(sp, cp->proto, TERM_REQ, 2081 ++sp->scp[cp->protoidx].seq, 0, 0); 2082 } 2083 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 2084 break; 2085 case STATE_REQ_SENT: 2086 case STATE_ACK_RCVD: 2087 (cp->scr)(sp); 2088 /* sppp_cp_change_state() will restart the timer */ 2089 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2090 break; 2091 case STATE_ACK_SENT: 2092 (cp->scr)(sp); 2093 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 2094 break; 2095 } 2096 2097 splx(s); 2098 } 2099 2100 static void 2101 sppp_rcr_event(struct sppp *sp, void *xcp) 2102 { 2103 const struct cp *cp = xcp; 2104 enum cp_rcr_type type; 2105 void *buf; 2106 size_t blen; 2107 STDDCL; 2108 2109 KASSERT(!cpu_softintr_p()); 2110 2111 type = sp->scp[cp->protoidx].rcr_type; 2112 buf = sp->scp[cp->protoidx].rcr_buf; 2113 blen = sp->scp[cp->protoidx].rcr_blen; 2114 2115 if (type == CP_RCR_ACK) { 2116 /* RCR+ event */ 2117 switch (sp->scp[cp->protoidx].state) { 2118 case STATE_OPENED: 2119 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2120 cp->tld(sp); 2121 cp->scr(sp); 2122 cp->scan(cp, sp); 2123 break; 2124 case STATE_ACK_SENT: 2125 case STATE_REQ_SENT: 2126 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2127 cp->scan(cp, sp); 2128 break; 2129 case STATE_STOPPED: 2130 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2131 cp->scr(sp); 2132 cp->scan(cp, sp); 2133 break; 2134 case STATE_ACK_RCVD: 2135 sppp_cp_change_state(cp, sp, STATE_OPENED); 2136 if (debug) 2137 log(LOG_DEBUG, "%s: %s tlu\n", 2138 ifp->if_xname, 2139 cp->name); 2140 cp->tlu(sp); 2141 cp->scan(cp, sp); 2142 break; 2143 case STATE_CLOSING: 2144 case STATE_STOPPING: 2145 if (buf != NULL) { 2146 sp->scp[cp->protoidx].rcr_buf = NULL; 2147 sp->scp[cp->protoidx].rcr_blen = 0; 2148 kmem_free(buf, blen); 2149 } 2150 break; 2151 case STATE_CLOSED: 2152 if ((cp->flags & CP_AUTH) == 0) { 2153 sppp_cp_send(sp, cp->proto, TERM_ACK, 2154 sp->scp[cp->protoidx].rconfid, 0, 0); 2155 } 2156 break; 2157 default: 2158 printf("%s: %s illegal RCR+ in state %s\n", 2159 ifp->if_xname, cp->name, 2160 sppp_state_name(sp->scp[cp->protoidx].state)); 2161 if_statinc(ifp, if_ierrors); 2162 } 2163 } else { 2164 /* RCR- event */ 2165 switch (sp->scp[cp->protoidx].state) { 2166 case STATE_OPENED: 2167 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2168 cp->tld(sp); 2169 cp->scr(sp); 2170 cp->scan(cp, sp); 2171 break; 2172 case STATE_ACK_SENT: 2173 case STATE_REQ_SENT: 2174 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2175 cp->scan(cp, sp); 2176 break; 2177 case STATE_STOPPED: 2178 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2179 cp->scr(sp); 2180 cp->scan(cp, sp); 2181 break; 2182 case STATE_ACK_RCVD: 2183 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 2184 cp->scan(cp, sp); 2185 break; 2186 case STATE_CLOSING: 2187 case STATE_STOPPING: 2188 if (buf != NULL) { 2189 sp->scp[cp->protoidx].rcr_buf = NULL; 2190 sp->scp[cp->protoidx].rcr_blen = 0; 2191 kmem_free(buf, blen); 2192 } 2193 break; 2194 case STATE_CLOSED: 2195 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2196 if ((cp->flags & CP_AUTH) == 0) { 2197 sppp_cp_send(sp, cp->proto, TERM_ACK, 2198 sp->scp[cp->protoidx].rconfid, 0, 0); 2199 } 2200 break; 2201 default: 2202 printf("%s: %s illegal RCR- in state %s\n", 2203 ifp->if_xname, cp->name, 2204 sppp_state_name(sp->scp[cp->protoidx].state)); 2205 if_statinc(ifp, if_ierrors); 2206 } 2207 } 2208 } 2209 2210 static void 2211 sppp_rca_event(struct sppp *sp, void *xcp) 2212 { 2213 const struct cp *cp = xcp; 2214 STDDCL; 2215 2216 KASSERT(!cpu_softintr_p()); 2217 2218 switch (sp->scp[cp->protoidx].state) { 2219 case STATE_CLOSED: 2220 case STATE_STOPPED: 2221 if ((cp->flags & CP_AUTH) == 0) { 2222 sppp_cp_send(sp, cp->proto, TERM_ACK, 2223 sp->scp[cp->protoidx].rconfid, 0, 0); 2224 } 2225 break; 2226 case STATE_CLOSING: 2227 case STATE_STOPPING: 2228 break; 2229 case STATE_REQ_SENT: 2230 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 2231 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 2232 break; 2233 case STATE_OPENED: 2234 (cp->tld)(sp); 2235 /* fall through */ 2236 case STATE_ACK_RCVD: 2237 (cp->scr)(sp); 2238 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2239 break; 2240 case STATE_ACK_SENT: 2241 sppp_cp_change_state(cp, sp, STATE_OPENED); 2242 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 2243 if (debug) 2244 log(LOG_DEBUG, "%s: %s tlu\n", 2245 ifp->if_xname, cp->name); 2246 (cp->tlu)(sp); 2247 break; 2248 default: 2249 printf("%s: %s illegal RCA in state %s\n", 2250 ifp->if_xname, cp->name, 2251 sppp_state_name(sp->scp[cp->protoidx].state)); 2252 if_statinc(ifp, if_ierrors); 2253 } 2254 } 2255 2256 static void 2257 sppp_rcn_event(struct sppp *sp, void *xcp) 2258 { 2259 const struct cp *cp = xcp; 2260 struct ifnet *ifp = &sp->pp_if; 2261 2262 KASSERT(!cpu_softintr_p()); 2263 2264 switch (sp->scp[cp->protoidx].state) { 2265 case STATE_CLOSED: 2266 case STATE_STOPPED: 2267 if ((cp->flags & CP_AUTH) == 0) { 2268 sppp_cp_send(sp, cp->proto, TERM_ACK, 2269 sp->scp[cp->protoidx].rconfid, 0, 0); 2270 } 2271 break; 2272 case STATE_REQ_SENT: 2273 case STATE_ACK_SENT: 2274 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 2275 (cp->scr)(sp); 2276 break; 2277 case STATE_OPENED: 2278 (cp->tld)(sp); 2279 /* fall through */ 2280 case STATE_ACK_RCVD: 2281 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2282 (cp->scr)(sp); 2283 break; 2284 case STATE_CLOSING: 2285 case STATE_STOPPING: 2286 break; 2287 default: 2288 printf("%s: %s illegal RCN in state %s\n", 2289 ifp->if_xname, cp->name, 2290 sppp_state_name(sp->scp[cp->protoidx].state)); 2291 if_statinc(ifp, if_ierrors); 2292 } 2293 } 2294 2295 static void 2296 sppp_rtr_event(struct sppp *sp, void *xcp) 2297 { 2298 const struct cp *cp = xcp; 2299 STDDCL; 2300 2301 KASSERT(!cpu_softintr_p()); 2302 2303 switch (sp->scp[cp->protoidx].state) { 2304 case STATE_ACK_RCVD: 2305 case STATE_ACK_SENT: 2306 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2307 break; 2308 case STATE_CLOSED: 2309 case STATE_STOPPED: 2310 case STATE_CLOSING: 2311 case STATE_STOPPING: 2312 case STATE_REQ_SENT: 2313 break; 2314 case STATE_OPENED: 2315 (cp->tld)(sp); 2316 sp->scp[cp->protoidx].rst_counter = 0; 2317 sppp_cp_change_state(cp, sp, STATE_STOPPING); 2318 break; 2319 default: 2320 printf("%s: %s illegal RTR in state %s\n", 2321 ifp->if_xname, cp->name, 2322 sppp_state_name(sp->scp[cp->protoidx].state)); 2323 if_statinc(ifp, if_ierrors); 2324 return; 2325 } 2326 2327 /* Send Terminate-Ack packet. */ 2328 if (debug) 2329 log(LOG_DEBUG, "%s: %s send terminate-ack\n", 2330 ifp->if_xname, cp->name); 2331 if ((cp->flags & CP_AUTH) == 0) { 2332 sppp_cp_send(sp, cp->proto, TERM_ACK, 2333 sp->scp[cp->protoidx].rseq, 0, 0); 2334 } 2335 } 2336 2337 static void 2338 sppp_rta_event(struct sppp *sp, void *xcp) 2339 { 2340 const struct cp *cp = xcp; 2341 struct ifnet *ifp = &sp->pp_if; 2342 2343 KASSERT(!cpu_softintr_p()); 2344 2345 switch (sp->scp[cp->protoidx].state) { 2346 case STATE_CLOSED: 2347 case STATE_STOPPED: 2348 case STATE_REQ_SENT: 2349 case STATE_ACK_SENT: 2350 break; 2351 case STATE_CLOSING: 2352 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2353 (cp->tlf)(cp, sp); 2354 break; 2355 case STATE_STOPPING: 2356 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2357 (cp->tlf)(cp, sp); 2358 break; 2359 case STATE_ACK_RCVD: 2360 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2361 break; 2362 case STATE_OPENED: 2363 (cp->tld)(sp); 2364 (cp->scr)(sp); 2365 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 2366 break; 2367 default: 2368 printf("%s: %s illegal RTA in state %s\n", 2369 ifp->if_xname, cp->name, 2370 sppp_state_name(sp->scp[cp->protoidx].state)); 2371 if_statinc(ifp, if_ierrors); 2372 } 2373 } 2374 2375 static void 2376 sppp_rxj_event(struct sppp *sp, void *xcp) 2377 { 2378 const struct cp *cp = xcp; 2379 struct ifnet *ifp = &sp->pp_if; 2380 2381 KASSERT(!cpu_softintr_p()); 2382 2383 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 2384 switch (sp->scp[cp->protoidx].state) { 2385 case STATE_CLOSED: 2386 case STATE_STOPPED: 2387 case STATE_REQ_SENT: 2388 case STATE_ACK_SENT: 2389 case STATE_CLOSING: 2390 case STATE_STOPPING: 2391 case STATE_OPENED: 2392 break; 2393 case STATE_ACK_RCVD: 2394 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2395 break; 2396 default: 2397 printf("%s: %s illegal RXJ- in state %s\n", 2398 ifp->if_xname, cp->name, 2399 sppp_state_name(sp->scp[cp->protoidx].state)); 2400 if_statinc(ifp, if_ierrors); 2401 } 2402 } 2403 2404 /* 2405 * Change the state of a control protocol in the state automaton. 2406 * Takes care of starting/stopping the restart timer. 2407 */ 2408 void 2409 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2410 { 2411 2412 KASSERT(SPPP_WLOCKED(sp)); 2413 2414 sp->scp[cp->protoidx].state = newstate; 2415 callout_stop(&sp->scp[cp->protoidx].ch); 2416 switch (newstate) { 2417 case STATE_INITIAL: 2418 case STATE_STARTING: 2419 case STATE_CLOSED: 2420 case STATE_STOPPED: 2421 case STATE_OPENED: 2422 break; 2423 case STATE_CLOSING: 2424 case STATE_STOPPING: 2425 case STATE_REQ_SENT: 2426 case STATE_ACK_RCVD: 2427 case STATE_ACK_SENT: 2428 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 2429 break; 2430 } 2431 } 2432 2433 /* 2434 *--------------------------------------------------------------------------* 2435 * * 2436 * The LCP implementation. * 2437 * * 2438 *--------------------------------------------------------------------------* 2439 */ 2440 static void 2441 sppp_lcp_init(struct sppp *sp) 2442 { 2443 2444 KASSERT(SPPP_WLOCKED(sp)); 2445 2446 sppp_cp_init(&lcp, sp); 2447 2448 SET(sp->lcp.opts, SPPP_LCP_OPT_MAGIC); 2449 sp->lcp.magic = 0; 2450 sp->lcp.protos = 0; 2451 sp->lcp.max_terminate = 2; 2452 sp->lcp.max_configure = 10; 2453 sp->lcp.max_failure = 10; 2454 sp->lcp.tlf_sent = false; 2455 2456 /* 2457 * Initialize counters and timeout values. Note that we don't 2458 * use the 3 seconds suggested in RFC 1661 since we are likely 2459 * running on a fast link. XXX We should probably implement 2460 * the exponential backoff option. Note that these values are 2461 * relevant for all control protocols, not just LCP only. 2462 */ 2463 sp->lcp.timeout = 1 * hz; 2464 } 2465 2466 static void 2467 sppp_lcp_up(struct sppp *sp, void *xcp) 2468 { 2469 const struct cp *cp = xcp; 2470 int pidx; 2471 STDDCL; 2472 2473 KASSERT(SPPP_WLOCKED(sp)); 2474 2475 pidx = cp->protoidx; 2476 /* Initialize activity timestamp: opening a connection is an activity */ 2477 sp->pp_last_receive = sp->pp_last_activity = time_uptime; 2478 2479 /* 2480 * If this interface is passive or dial-on-demand, and we are 2481 * still in Initial state, it means we've got an incoming 2482 * call. Activate the interface. 2483 */ 2484 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2485 if (debug) 2486 log(LOG_DEBUG, 2487 "%s: Up event", ifp->if_xname); 2488 ifp->if_flags |= IFF_RUNNING; 2489 if (sp->scp[pidx].state == STATE_INITIAL) { 2490 if (debug) 2491 addlog("(incoming call)\n"); 2492 sp->pp_flags |= PP_CALLIN; 2493 sppp_wq_add(sp->wq_cp, &sp->scp[pidx].work_open); 2494 } else if (debug) 2495 addlog("\n"); 2496 } 2497 2498 sppp_up_event(sp, xcp); 2499 } 2500 2501 static void 2502 sppp_lcp_down(struct sppp *sp, void *xcp) 2503 { 2504 const struct cp *cp = xcp; 2505 int pidx; 2506 STDDCL; 2507 2508 KASSERT(SPPP_WLOCKED(sp)); 2509 KASSERT(!cpu_softintr_p()); 2510 2511 pidx = cp->protoidx; 2512 sppp_down_event(sp, xcp); 2513 2514 /* 2515 * We need to do tls to restart when a down event is caused 2516 * by the last tlf. 2517 */ 2518 if (sp->scp[pidx].state == STATE_STARTING && 2519 sp->lcp.tlf_sent) { 2520 cp->tls(cp, sp); 2521 sp->lcp.tlf_sent = false; 2522 } 2523 2524 /* 2525 * If this is neither a dial-on-demand nor a passive 2526 * interface, simulate an ``ifconfig down'' action, so the 2527 * administrator can force a redial by another ``ifconfig 2528 * up''. XXX For leased line operation, should we immediately 2529 * try to reopen the connection here? 2530 */ 2531 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2532 if (debug) 2533 log(LOG_INFO, 2534 "%s: Down event (carrier loss), taking interface down.\n", 2535 ifp->if_xname); 2536 SPPP_UNLOCK(sp); 2537 if_down(ifp); 2538 SPPP_LOCK(sp, RW_WRITER); 2539 2540 if (sp->lcp.reestablish) 2541 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); 2542 } else { 2543 if (debug) 2544 log(LOG_DEBUG, 2545 "%s: Down event (carrier loss)\n", 2546 ifp->if_xname); 2547 2548 sp->pp_flags &= ~PP_CALLIN; 2549 if (sp->scp[pidx].state != STATE_INITIAL) 2550 sppp_wq_add(sp->wq_cp, &sp->scp[pidx].work_close); 2551 ifp->if_flags &= ~IFF_RUNNING; 2552 } 2553 sp->scp[pidx].fail_counter = 0; 2554 } 2555 2556 static void 2557 sppp_lcp_open(struct sppp *sp, void *xcp) 2558 { 2559 2560 KASSERT(SPPP_WLOCKED(sp)); 2561 KASSERT(!cpu_softintr_p()); 2562 2563 sp->lcp.reestablish = false; 2564 2565 if (sp->pp_if.if_mtu < PP_MTU) { 2566 sp->lcp.mru = sp->pp_if.if_mtu; 2567 SET(sp->lcp.opts, SPPP_LCP_OPT_MRU); 2568 } else 2569 sp->lcp.mru = PP_MTU; 2570 sp->lcp.their_mru = PP_MTU; 2571 2572 /* 2573 * If we are authenticator, negotiate LCP_AUTH 2574 */ 2575 if (sp->hisauth.proto != 0) 2576 SET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO); 2577 else 2578 CLR(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO); 2579 sp->pp_flags &= ~PP_NEEDAUTH; 2580 sppp_open_event(sp, xcp); 2581 } 2582 2583 /* 2584 * Analyze a configure request. Return true if it was agreeable, and 2585 * caused action sca, false if it has been rejected or nak'ed, and 2586 * caused action scn. (The return value is used to make the state 2587 * transition decision in the state automaton.) 2588 */ 2589 static enum cp_rcr_type 2590 sppp_lcp_confreq(struct sppp *sp, struct lcp_header *h, int origlen, 2591 uint8_t **msgbuf, size_t *buflen, size_t *msglen) 2592 { 2593 STDDCL; 2594 u_char *buf, *r, *p, l, blen; 2595 enum cp_rcr_type type; 2596 int len, rlen; 2597 uint32_t nmagic; 2598 u_short authproto; 2599 2600 KASSERT(SPPP_WLOCKED(sp)); 2601 2602 if (origlen < sizeof(*h)) 2603 return CP_RCR_DROP; 2604 2605 origlen -= sizeof(*h); 2606 type = CP_RCR_NONE; 2607 type = 0; 2608 2609 if (origlen <= 0) 2610 return CP_RCR_DROP; 2611 else 2612 blen = origlen; 2613 2614 buf = kmem_intr_alloc(blen, KM_NOSLEEP); 2615 if (buf == NULL) 2616 return CP_RCR_DROP; 2617 2618 if (debug) 2619 log(LOG_DEBUG, "%s: lcp parse opts:", 2620 ifp->if_xname); 2621 2622 /* pass 1: check for things that need to be rejected */ 2623 p = (void *)(h + 1); 2624 r = buf; 2625 rlen = 0; 2626 for (len = origlen; len > 1; len-= l, p += l) { 2627 l = p[1]; 2628 if (l == 0) 2629 break; 2630 2631 /* Sanity check option length */ 2632 if (l > len) { 2633 /* 2634 * Malicious option - drop immediately. 2635 * XXX Maybe we should just RXJ it? 2636 */ 2637 addlog("%s: received malicious LCP option 0x%02x, " 2638 "length 0x%02x, (len: 0x%02x) dropping.\n", ifp->if_xname, 2639 p[0], l, len); 2640 type = CP_RCR_ERR; 2641 goto end; 2642 } 2643 if (debug) 2644 addlog(" %s", sppp_lcp_opt_name(*p)); 2645 switch (p[0]) { 2646 case LCP_OPT_MAGIC: 2647 /* Magic number. */ 2648 /* fall through, both are same length */ 2649 case LCP_OPT_ASYNC_MAP: 2650 /* Async control character map. */ 2651 if (len >= 6 || l == 6) 2652 continue; 2653 if (debug) 2654 addlog(" [invalid]"); 2655 break; 2656 case LCP_OPT_MP_EID: 2657 if (len >= l && l >= 3) { 2658 switch (p[2]) { 2659 case 0: if (l==3+ 0) continue;break; 2660 case 2: if (l==3+ 4) continue;break; 2661 case 3: if (l==3+ 6) continue;break; 2662 case 6: if (l==3+16) continue;break; 2663 case 1: /* FALLTHROUGH */ 2664 case 4: if (l<=3+20) continue;break; 2665 case 5: if (l<=3+15) continue;break; 2666 /* XXX should it be default: continue;? */ 2667 } 2668 } 2669 if (debug) 2670 addlog(" [invalid class %d len %d]", p[2], l); 2671 break; 2672 case LCP_OPT_MP_SSNHF: 2673 if (len >= 2 && l == 2) { 2674 if (debug) 2675 addlog(" [rej]"); 2676 break; 2677 } 2678 if (debug) 2679 addlog(" [invalid]"); 2680 break; 2681 case LCP_OPT_MP_MRRU: 2682 /* Multilink maximum received reconstructed unit */ 2683 /* should be fall through, both are same length */ 2684 /* FALLTHROUGH */ 2685 case LCP_OPT_MRU: 2686 /* Maximum receive unit. */ 2687 if (len >= 4 && l == 4) 2688 continue; 2689 if (debug) 2690 addlog(" [invalid]"); 2691 break; 2692 case LCP_OPT_AUTH_PROTO: 2693 if (len < 4) { 2694 if (debug) 2695 addlog(" [invalid]"); 2696 break; 2697 } 2698 authproto = (p[2] << 8) + p[3]; 2699 if (authproto == PPP_CHAP && l != 5) { 2700 if (debug) 2701 addlog(" [invalid chap len]"); 2702 break; 2703 } 2704 if (sp->myauth.proto == 0) { 2705 /* we are not configured to do auth */ 2706 if (debug) 2707 addlog(" [not configured]"); 2708 break; 2709 } 2710 /* 2711 * Remote want us to authenticate, remember this, 2712 * so we stay in SPPP_PHASE_AUTHENTICATE after LCP got 2713 * up. 2714 */ 2715 sp->pp_flags |= PP_NEEDAUTH; 2716 continue; 2717 default: 2718 /* Others not supported. */ 2719 if (debug) 2720 addlog(" [rej]"); 2721 break; 2722 } 2723 if (rlen + l > blen) { 2724 if (debug) 2725 addlog(" [overflow]"); 2726 continue; 2727 } 2728 /* Add the option to rejected list. */ 2729 memcpy(r, p, l); 2730 r += l; 2731 rlen += l; 2732 } 2733 2734 if (rlen > 0) { 2735 type = CP_RCR_REJ; 2736 goto end; 2737 } 2738 2739 if (debug) 2740 addlog("\n"); 2741 2742 /* 2743 * pass 2: check for option values that are unacceptable and 2744 * thus require to be nak'ed. 2745 */ 2746 if (debug) 2747 log(LOG_DEBUG, "%s: lcp parse opt values: ", 2748 ifp->if_xname); 2749 2750 p = (void *)(h + 1); 2751 r = buf; 2752 rlen = 0; 2753 for (len = origlen; len > 0; len -= l, p += l) { 2754 l = p[1]; 2755 if (l == 0) 2756 break; 2757 2758 if (debug) 2759 addlog(" %s", sppp_lcp_opt_name(*p)); 2760 switch (p[0]) { 2761 case LCP_OPT_MAGIC: 2762 /* Magic number -- extract. */ 2763 nmagic = (uint32_t)p[2] << 24 | 2764 (uint32_t)p[3] << 16 | p[4] << 8 | p[5]; 2765 if (nmagic != sp->lcp.magic) { 2766 if (debug) 2767 addlog(" 0x%x", nmagic); 2768 continue; 2769 } 2770 /* 2771 * Local and remote magics equal -- loopback? 2772 */ 2773 if (sp->pp_loopcnt >= LOOPALIVECNT*5) { 2774 printf ("%s: loopback\n", 2775 ifp->if_xname); 2776 sp->pp_loopcnt = 0; 2777 if (ifp->if_flags & IFF_UP) { 2778 SPPP_UNLOCK(sp); 2779 if_down(ifp); 2780 SPPP_LOCK(sp, RW_WRITER); 2781 2782 IF_PURGE(&sp->pp_cpq); 2783 /* XXX ? */ 2784 sppp_wq_add(sp->wq_cp, 2785 &sp->scp[IDX_LCP].work_down); 2786 sppp_wq_add(sp->wq_cp, 2787 &sp->scp[IDX_LCP].work_up); 2788 } 2789 } else if (debug) 2790 addlog(" [glitch]"); 2791 ++sp->pp_loopcnt; 2792 /* 2793 * We negate our magic here, and NAK it. If 2794 * we see it later in an NAK packet, we 2795 * suggest a new one. 2796 */ 2797 nmagic = ~sp->lcp.magic; 2798 /* Gonna NAK it. */ 2799 p[2] = nmagic >> 24; 2800 p[3] = nmagic >> 16; 2801 p[4] = nmagic >> 8; 2802 p[5] = nmagic; 2803 break; 2804 2805 case LCP_OPT_ASYNC_MAP: 2806 /* 2807 * Async control character map -- just ignore it. 2808 * 2809 * Quote from RFC 1662, chapter 6: 2810 * To enable this functionality, synchronous PPP 2811 * implementations MUST always respond to the 2812 * Async-Control-Character-Map Configuration 2813 * Option with the LCP Configure-Ack. However, 2814 * acceptance of the Configuration Option does 2815 * not imply that the synchronous implementation 2816 * will do any ACCM mapping. Instead, all such 2817 * octet mapping will be performed by the 2818 * asynchronous-to-synchronous converter. 2819 */ 2820 continue; 2821 2822 case LCP_OPT_MRU: 2823 /* 2824 * Maximum receive unit. Always agreeable, 2825 * but ignored by now. 2826 */ 2827 sp->lcp.their_mru = p[2] * 256 + p[3]; 2828 if (debug) 2829 addlog(" %ld", sp->lcp.their_mru); 2830 continue; 2831 2832 case LCP_OPT_AUTH_PROTO: 2833 authproto = (p[2] << 8) + p[3]; 2834 if (sp->myauth.proto != authproto) { 2835 /* not agreed, nak */ 2836 if (debug) 2837 addlog(" [mine %s != his %s]", 2838 sppp_proto_name(sp->myauth.proto), 2839 sppp_proto_name(authproto)); 2840 p[2] = sp->myauth.proto >> 8; 2841 p[3] = sp->myauth.proto; 2842 break; 2843 } 2844 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2845 if (debug) 2846 addlog(" [chap not MD5]"); 2847 p[4] = CHAP_MD5; 2848 break; 2849 } 2850 continue; 2851 case LCP_OPT_MP_EID: 2852 /* 2853 * Endpoint identification. 2854 * Always agreeable, 2855 * but ignored by now. 2856 */ 2857 if (debug) { 2858 addlog(" type %d", p[2]); 2859 sppp_print_bytes(p+3, p[1]-3); 2860 } 2861 continue; 2862 case LCP_OPT_MP_MRRU: 2863 /* 2864 * Maximum received reconstructed unit. 2865 * Always agreeable, 2866 * but ignored by now. 2867 */ 2868 sp->lcp.their_mrru = p[2] * 256 + p[3]; 2869 if (debug) 2870 addlog(" %ld", sp->lcp.their_mrru); 2871 continue; 2872 } 2873 if (rlen + l > blen) { 2874 if (debug) 2875 addlog(" [overflow]"); 2876 continue; 2877 } 2878 /* Add the option to nak'ed list. */ 2879 memcpy(r, p, l); 2880 r += l; 2881 rlen += l; 2882 } 2883 2884 if (rlen > 0) { 2885 if (++sp->scp[IDX_LCP].fail_counter >= sp->lcp.max_failure) { 2886 if (debug) 2887 addlog(" max_failure (%d) exceeded, ", 2888 sp->lcp.max_failure); 2889 type = CP_RCR_REJ; 2890 } else { 2891 type = CP_RCR_NAK; 2892 } 2893 } else { 2894 type = CP_RCR_ACK; 2895 rlen = origlen; 2896 memcpy(r, h + 1, rlen); 2897 sp->scp[IDX_LCP].fail_counter = 0; 2898 sp->pp_loopcnt = 0; 2899 } 2900 2901 end: 2902 if (debug) 2903 addlog("\n"); 2904 2905 if (type == CP_RCR_ERR || type == CP_RCR_DROP) { 2906 if (buf != NULL) 2907 kmem_intr_free(buf, blen); 2908 } else { 2909 *msgbuf = buf; 2910 *buflen = blen; 2911 *msglen = rlen; 2912 } 2913 2914 return type; 2915 } 2916 2917 /* 2918 * Analyze the LCP Configure-Reject option list, and adjust our 2919 * negotiation. 2920 */ 2921 static void 2922 sppp_lcp_confrej(struct sppp *sp, struct lcp_header *h, int len) 2923 { 2924 STDDCL; 2925 u_char *p, l; 2926 2927 KASSERT(SPPP_WLOCKED(sp)); 2928 2929 if (len <= sizeof(*h)) 2930 return; 2931 2932 len -= sizeof(*h); 2933 2934 if (debug) 2935 log(LOG_DEBUG, "%s: lcp rej opts:", 2936 ifp->if_xname); 2937 2938 p = (void *)(h + 1); 2939 for (; len > 1 && (l = p[1]) != 0; len -= l, p += l) { 2940 /* Sanity check option length */ 2941 if (l > len) { 2942 /* 2943 * Malicious option - drop immediately. 2944 * XXX Maybe we should just RXJ it? 2945 */ 2946 addlog("%s: received malicious LCP option, " 2947 "dropping.\n", ifp->if_xname); 2948 goto end; 2949 } 2950 if (debug) 2951 addlog(" %s", sppp_lcp_opt_name(*p)); 2952 switch (p[0]) { 2953 case LCP_OPT_MAGIC: 2954 /* Magic number -- can't use it, use 0 */ 2955 CLR(sp->lcp.opts, SPPP_LCP_OPT_MAGIC); 2956 sp->lcp.magic = 0; 2957 break; 2958 case LCP_OPT_MRU: 2959 /* 2960 * We try to negotiate a lower MRU if the underlying 2961 * link's MTU is less than PP_MTU (e.g. PPPoE). If the 2962 * peer rejects this lower rate, fallback to the 2963 * default. 2964 */ 2965 if (debug) { 2966 addlog("%s: warning: peer rejected our MRU of " 2967 "%ld bytes. Defaulting to %d bytes\n", 2968 ifp->if_xname, sp->lcp.mru, PP_MTU); 2969 } 2970 CLR(sp->lcp.opts, SPPP_LCP_OPT_MRU); 2971 sp->lcp.mru = PP_MTU; 2972 break; 2973 case LCP_OPT_AUTH_PROTO: 2974 /* 2975 * Peer doesn't want to authenticate himself, 2976 * deny unless this is a dialout call, and 2977 * SPPP_AUTHFLAG_NOCALLOUT is set. 2978 */ 2979 if ((sp->pp_flags & PP_CALLIN) == 0 && 2980 (sp->hisauth.flags & SPPP_AUTHFLAG_NOCALLOUT) != 0) { 2981 if (debug) 2982 addlog(" [don't insist on auth " 2983 "for callout]"); 2984 CLR(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO); 2985 break; 2986 } 2987 if (debug) 2988 addlog("[access denied]\n"); 2989 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 2990 break; 2991 } 2992 } 2993 if (debug) 2994 addlog("\n"); 2995 end: 2996 return; 2997 } 2998 2999 /* 3000 * Analyze the LCP Configure-NAK option list, and adjust our 3001 * negotiation. 3002 */ 3003 static void 3004 sppp_lcp_confnak(struct sppp *sp, struct lcp_header *h, int len) 3005 { 3006 STDDCL; 3007 u_char *p, l; 3008 uint32_t magic; 3009 3010 KASSERT(SPPP_WLOCKED(sp)); 3011 3012 if (len <= sizeof(*h)) 3013 return; 3014 len -= sizeof(*h); 3015 3016 if (debug) 3017 log(LOG_DEBUG, "%s: lcp nak opts:", 3018 ifp->if_xname); 3019 3020 p = (void *)(h + 1); 3021 for (; len > 1 && (l = p[1]) != 0; len -= l, p += l) { 3022 /* Sanity check option length */ 3023 if (l > len) { 3024 /* 3025 * Malicious option - drop immediately. 3026 * XXX Maybe we should just RXJ it? 3027 */ 3028 addlog("%s: received malicious LCP option, " 3029 "dropping.\n", ifp->if_xname); 3030 goto end; 3031 } 3032 if (debug) 3033 addlog(" %s", sppp_lcp_opt_name(*p)); 3034 switch (p[0]) { 3035 case LCP_OPT_MAGIC: 3036 /* Magic number -- renegotiate */ 3037 if (ISSET(sp->lcp.opts, SPPP_LCP_OPT_MAGIC) && 3038 len >= 6 && l == 6) { 3039 magic = (uint32_t)p[2] << 24 | 3040 (uint32_t)p[3] << 16 | p[4] << 8 | p[5]; 3041 /* 3042 * If the remote magic is our negated one, 3043 * this looks like a loopback problem. 3044 * Suggest a new magic to make sure. 3045 */ 3046 if (magic == ~sp->lcp.magic) { 3047 if (debug) 3048 addlog(" magic glitch"); 3049 sp->lcp.magic = cprng_fast32(); 3050 } else { 3051 sp->lcp.magic = magic; 3052 if (debug) 3053 addlog(" %d", magic); 3054 } 3055 } 3056 break; 3057 case LCP_OPT_MRU: 3058 /* 3059 * Peer wants to advise us to negotiate an MRU. 3060 * Agree on it if it's reasonable, or use 3061 * default otherwise. 3062 */ 3063 if (len >= 4 && l == 4) { 3064 u_int mru = p[2] * 256 + p[3]; 3065 if (debug) 3066 addlog(" %d", mru); 3067 if (mru < PPP_MINMRU || mru > sp->pp_if.if_mtu) 3068 mru = sp->pp_if.if_mtu; 3069 sp->lcp.mru = mru; 3070 SET(sp->lcp.opts, SPPP_LCP_OPT_MRU); 3071 } 3072 break; 3073 case LCP_OPT_AUTH_PROTO: 3074 /* 3075 * Peer doesn't like our authentication method, 3076 * deny. 3077 */ 3078 if (debug) 3079 addlog("[access denied]\n"); 3080 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 3081 break; 3082 } 3083 } 3084 if (debug) 3085 addlog("\n"); 3086 end: 3087 return; 3088 } 3089 3090 static void 3091 sppp_lcp_tlu(struct sppp *sp) 3092 { 3093 struct ifnet *ifp = &sp->pp_if; 3094 int i; 3095 3096 KASSERT(SPPP_WLOCKED(sp)); 3097 3098 /* XXX ? */ 3099 if (! (ifp->if_flags & IFF_UP) && 3100 (ifp->if_flags & IFF_RUNNING)) { 3101 /* Coming out of loopback mode. */ 3102 SPPP_UNLOCK(sp); 3103 if_up(ifp); 3104 SPPP_LOCK(sp, RW_WRITER); 3105 } 3106 3107 if (ISSET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO) || 3108 (sp->pp_flags & PP_NEEDAUTH) != 0) 3109 sppp_change_phase(sp, SPPP_PHASE_AUTHENTICATE); 3110 else 3111 sppp_change_phase(sp, SPPP_PHASE_NETWORK); 3112 3113 /* 3114 * Open all authentication protocols. This is even required 3115 * if we already proceeded to network phase, since it might be 3116 * that remote wants us to authenticate, so we might have to 3117 * send a PAP request. Undesired authentication protocols 3118 * don't do anything when they get an Open event. 3119 */ 3120 for (i = 0; i < IDX_COUNT; i++) 3121 if ((cps[i])->flags & CP_AUTH) { 3122 sppp_wq_add(sp->wq_cp, 3123 &sp->scp[(cps[i])->protoidx].work_open); 3124 } 3125 3126 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 3127 /* Notify all NCPs. */ 3128 for (i = 0; i < IDX_COUNT; i++) 3129 if ((cps[i])->flags & CP_NCP) { 3130 sppp_wq_add(sp->wq_cp, 3131 &sp->scp[(cps[i])->protoidx].work_open); 3132 } 3133 } 3134 3135 /* notify low-level driver of state change */ 3136 sppp_notify_chg_wlocked(sp); 3137 } 3138 3139 static void 3140 sppp_lcp_tld(struct sppp *sp) 3141 { 3142 int i, pi, phase; 3143 3144 KASSERT(SPPP_WLOCKED(sp)); 3145 3146 phase = sp->pp_phase; 3147 3148 sppp_change_phase(sp, SPPP_PHASE_TERMINATE); 3149 3150 /* 3151 * Take upper layers down. We send the Down event first and 3152 * the Close second to prevent the upper layers from sending 3153 * ``a flurry of terminate-request packets'', as the RFC 3154 * describes it. 3155 */ 3156 for (i = 0; i < IDX_COUNT; i++) { 3157 pi = (cps[i])->protoidx; 3158 if (((cps[i])->flags & CP_LCP) == 0) { 3159 /* skip if ncp was not started */ 3160 if (phase != SPPP_PHASE_NETWORK && 3161 ((cps[i])->flags & CP_NCP) != 0) 3162 continue; 3163 3164 sppp_wq_add(sp->wq_cp, &sp->scp[pi].work_down); 3165 sppp_wq_add(sp->wq_cp, &sp->scp[pi].work_close); 3166 } 3167 } 3168 } 3169 3170 static void 3171 sppp_lcp_tls(const struct cp *cp __unused, struct sppp *sp) 3172 { 3173 3174 KASSERT(SPPP_WLOCKED(sp)); 3175 3176 if (sp->pp_max_auth_fail != 0 && sp->pp_auth_failures >= sp->pp_max_auth_fail) { 3177 printf("%s: authentication failed %d times, not retrying again\n", 3178 sp->pp_if.if_xname, sp->pp_auth_failures); 3179 3180 SPPP_UNLOCK(sp); 3181 if_down(&sp->pp_if); 3182 SPPP_LOCK(sp, RW_WRITER); 3183 return; 3184 } 3185 3186 sppp_change_phase(sp, SPPP_PHASE_ESTABLISH); 3187 3188 /* Notify lower layer if desired. */ 3189 sppp_notify_tls_wlocked(sp); 3190 sp->lcp.tlf_sent = false; 3191 } 3192 3193 static void 3194 sppp_lcp_tlf(const struct cp *cp __unused, struct sppp *sp) 3195 { 3196 3197 KASSERT(SPPP_WLOCKED(sp)); 3198 3199 sppp_change_phase(sp, SPPP_PHASE_DEAD); 3200 3201 /* Notify lower layer if desired. */ 3202 sppp_notify_tlf_wlocked(sp); 3203 3204 switch (sp->scp[IDX_LCP].state) { 3205 case STATE_CLOSED: 3206 case STATE_STOPPED: 3207 sp->lcp.tlf_sent = true; 3208 break; 3209 case STATE_INITIAL: 3210 default: 3211 /* just in case */ 3212 sp->lcp.tlf_sent = false; 3213 } 3214 } 3215 3216 static void 3217 sppp_lcp_scr(struct sppp *sp) 3218 { 3219 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 3220 int i = 0; 3221 u_short authproto; 3222 3223 KASSERT(SPPP_WLOCKED(sp)); 3224 3225 if (ISSET(sp->lcp.opts, SPPP_LCP_OPT_MAGIC)) { 3226 if (! sp->lcp.magic) 3227 sp->lcp.magic = cprng_fast32(); 3228 opt[i++] = LCP_OPT_MAGIC; 3229 opt[i++] = 6; 3230 opt[i++] = sp->lcp.magic >> 24; 3231 opt[i++] = sp->lcp.magic >> 16; 3232 opt[i++] = sp->lcp.magic >> 8; 3233 opt[i++] = sp->lcp.magic; 3234 } 3235 3236 if (ISSET(sp->lcp.opts,SPPP_LCP_OPT_MRU)) { 3237 opt[i++] = LCP_OPT_MRU; 3238 opt[i++] = 4; 3239 opt[i++] = sp->lcp.mru >> 8; 3240 opt[i++] = sp->lcp.mru; 3241 } 3242 3243 if (ISSET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO)) { 3244 authproto = sp->hisauth.proto; 3245 opt[i++] = LCP_OPT_AUTH_PROTO; 3246 opt[i++] = authproto == PPP_CHAP? 5: 4; 3247 opt[i++] = authproto >> 8; 3248 opt[i++] = authproto; 3249 if (authproto == PPP_CHAP) 3250 opt[i++] = CHAP_MD5; 3251 } 3252 3253 sp->scp[IDX_LCP].confid = ++sp->scp[IDX_LCP].seq; 3254 sppp_cp_send(sp, PPP_LCP, CONF_REQ, sp->scp[IDX_LCP].confid, i, &opt); 3255 } 3256 3257 /* 3258 * Check the open NCPs, return true if at least one NCP is open. 3259 */ 3260 3261 static int 3262 sppp_cp_check(struct sppp *sp, u_char cp_flags) 3263 { 3264 int i, mask; 3265 3266 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 3267 if ((sp->lcp.protos & mask) && (cps[i])->flags & cp_flags) 3268 return 1; 3269 return 0; 3270 } 3271 3272 /* 3273 * Re-check the open NCPs and see if we should terminate the link. 3274 * Called by the NCPs during their tlf action handling. 3275 */ 3276 static void 3277 sppp_lcp_check_and_close(struct sppp *sp) 3278 { 3279 3280 KASSERT(SPPP_WLOCKED(sp)); 3281 3282 if (sp->pp_phase < SPPP_PHASE_AUTHENTICATE) { 3283 /* don't bother, we are already going down */ 3284 return; 3285 } 3286 3287 if (sp->pp_phase == SPPP_PHASE_AUTHENTICATE && 3288 sppp_cp_check(sp, CP_AUTH)) 3289 return; 3290 3291 if (sp->pp_phase >= SPPP_PHASE_NETWORK && 3292 sppp_cp_check(sp, CP_NCP)) 3293 return; 3294 3295 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 3296 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); 3297 } 3298 3299 /* 3300 *--------------------------------------------------------------------------* 3301 * * 3302 * The IPCP implementation. * 3303 * * 3304 *--------------------------------------------------------------------------* 3305 */ 3306 3307 static void 3308 sppp_ipcp_init(struct sppp *sp) 3309 { 3310 3311 KASSERT(SPPP_WLOCKED(sp)); 3312 3313 sppp_cp_init(&ipcp, sp); 3314 3315 sp->ipcp.opts = 0; 3316 sp->ipcp.flags = 0; 3317 } 3318 3319 static void 3320 sppp_ipcp_open(struct sppp *sp, void *xcp) 3321 { 3322 STDDCL; 3323 uint32_t myaddr, hisaddr; 3324 3325 KASSERT(SPPP_WLOCKED(sp)); 3326 KASSERT(!cpu_softintr_p()); 3327 3328 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN|IPCP_HISADDR_DYN); 3329 sp->ipcp.req_myaddr = 0; 3330 sp->ipcp.req_hisaddr = 0; 3331 memset(&sp->dns_addrs, 0, sizeof sp->dns_addrs); 3332 3333 #ifdef INET 3334 kpreempt_disable(); 3335 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 3336 kpreempt_enable(); 3337 #else 3338 myaddr = hisaddr = 0; 3339 #endif 3340 /* 3341 * If we don't have his address, this probably means our 3342 * interface doesn't want to talk IP at all. (This could 3343 * be the case if somebody wants to speak only IPX, for 3344 * example.) Don't open IPCP in this case. 3345 */ 3346 if (hisaddr == 0) { 3347 /* XXX this message should go away */ 3348 if (debug) 3349 log(LOG_DEBUG, "%s: ipcp_open(): no IP interface\n", 3350 ifp->if_xname); 3351 return; 3352 } 3353 3354 if (myaddr == 0) { 3355 /* 3356 * I don't have an assigned address, so i need to 3357 * negotiate my address. 3358 */ 3359 sp->ipcp.flags |= IPCP_MYADDR_DYN; 3360 SET(sp->ipcp.opts, SPPP_IPCP_OPT_ADDRESS); 3361 } 3362 if (hisaddr == 1) { 3363 /* 3364 * XXX - remove this hack! 3365 * remote has no valid address, we need to get one assigned. 3366 */ 3367 sp->ipcp.flags |= IPCP_HISADDR_DYN; 3368 } 3369 3370 if (sp->query_dns & 1) { 3371 SET(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS); 3372 } else { 3373 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS); 3374 } 3375 3376 if (sp->query_dns & 2) { 3377 SET(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS); 3378 } else { 3379 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS); 3380 } 3381 sppp_open_event(sp, xcp); 3382 } 3383 3384 static void 3385 sppp_ipcp_close(struct sppp *sp, void *xcp) 3386 { 3387 3388 KASSERT(SPPP_WLOCKED(sp)); 3389 KASSERT(!cpu_softintr_p()); 3390 3391 sppp_close_event(sp, xcp); 3392 3393 #ifdef INET 3394 if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN)) 3395 /* 3396 * Some address was dynamic, clear it again. 3397 */ 3398 sppp_clear_ip_addrs(sp); 3399 #endif 3400 } 3401 3402 /* 3403 * Analyze a configure request. Return true if it was agreeable, and 3404 * caused action sca, false if it has been rejected or nak'ed, and 3405 * caused action scn. (The return value is used to make the state 3406 * transition decision in the state automaton.) 3407 */ 3408 static enum cp_rcr_type 3409 sppp_ipcp_confreq(struct sppp *sp, struct lcp_header *h, int origlen, 3410 uint8_t **msgbuf, size_t *buflen, size_t *msglen) 3411 { 3412 u_char *buf, *r, *p, l, blen; 3413 enum cp_rcr_type type; 3414 struct ifnet *ifp = &sp->pp_if; 3415 int rlen, len, debug = ifp->if_flags & IFF_DEBUG; 3416 uint32_t hisaddr, desiredaddr; 3417 3418 KASSERT(SPPP_WLOCKED(sp)); 3419 3420 type = CP_RCR_NONE; 3421 origlen -= sizeof(*h); 3422 3423 if (origlen < 0) 3424 return CP_RCR_DROP; 3425 3426 /* 3427 * Make sure to allocate a buf that can at least hold a 3428 * conf-nak with an `address' option. We might need it below. 3429 */ 3430 blen = MAX(6, origlen); 3431 3432 buf = kmem_intr_alloc(blen, KM_NOSLEEP); 3433 if (buf == NULL) 3434 return CP_RCR_DROP; 3435 3436 /* pass 1: see if we can recognize them */ 3437 if (debug) 3438 log(LOG_DEBUG, "%s: ipcp parse opts:", 3439 ifp->if_xname); 3440 p = (void *)(h + 1); 3441 r = buf; 3442 rlen = 0; 3443 for (len = origlen; len > 1; len -= l, p += l) { 3444 l = p[1]; 3445 if (l == 0) 3446 break; 3447 3448 /* Sanity check option length */ 3449 if (l > len) { 3450 /* XXX should we just RXJ? */ 3451 addlog("%s: malicious IPCP option received, dropping\n", 3452 ifp->if_xname); 3453 type = CP_RCR_ERR; 3454 goto end; 3455 } 3456 if (debug) 3457 addlog(" %s", sppp_ipcp_opt_name(*p)); 3458 switch (p[0]) { 3459 #ifdef notyet 3460 case IPCP_OPT_COMPRESSION: 3461 if (len >= 6 && l >= 6) { 3462 /* correctly formed compress option */ 3463 continue; 3464 } 3465 if (debug) 3466 addlog(" [invalid]"); 3467 break; 3468 #endif 3469 case IPCP_OPT_ADDRESS: 3470 if (len >= 6 && l == 6) { 3471 /* correctly formed address option */ 3472 continue; 3473 } 3474 if (debug) 3475 addlog(" [invalid]"); 3476 break; 3477 default: 3478 /* Others not supported. */ 3479 if (debug) 3480 addlog(" [rej]"); 3481 break; 3482 } 3483 /* Add the option to rejected list. */ 3484 if (rlen + l > blen) { 3485 if (debug) 3486 addlog(" [overflow]"); 3487 continue; 3488 } 3489 memcpy(r, p, l); 3490 r += l; 3491 rlen += l; 3492 } 3493 3494 if (rlen > 0) { 3495 type = CP_RCR_REJ; 3496 goto end; 3497 } 3498 3499 if (debug) 3500 addlog("\n"); 3501 3502 /* pass 2: parse option values */ 3503 if (sp->ipcp.flags & IPCP_HISADDR_SEEN) 3504 hisaddr = sp->ipcp.req_hisaddr; /* we already aggreed on that */ 3505 else 3506 #ifdef INET 3507 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */ 3508 #else 3509 hisaddr = 0; 3510 #endif 3511 if (debug) 3512 log(LOG_DEBUG, "%s: ipcp parse opt values: ", 3513 ifp->if_xname); 3514 p = (void *)(h + 1); 3515 r = buf; 3516 rlen = 0; 3517 for (len = origlen; len > 1; len -= l, p += l) { 3518 l = p[1]; 3519 if (l == 0) 3520 break; 3521 3522 if (debug) 3523 addlog(" %s", sppp_ipcp_opt_name(*p)); 3524 switch (p[0]) { 3525 #ifdef notyet 3526 case IPCP_OPT_COMPRESSION: 3527 continue; 3528 #endif 3529 case IPCP_OPT_ADDRESS: 3530 desiredaddr = p[2] << 24 | p[3] << 16 | 3531 p[4] << 8 | p[5]; 3532 if (desiredaddr == hisaddr || 3533 ((sp->ipcp.flags & IPCP_HISADDR_DYN) && desiredaddr != 0)) { 3534 /* 3535 * Peer's address is same as our value, 3536 * this is agreeable. Gonna conf-ack 3537 * it. 3538 */ 3539 if (debug) 3540 addlog(" %s [ack]", 3541 sppp_dotted_quad(hisaddr)); 3542 /* record that we've seen it already */ 3543 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 3544 sp->ipcp.req_hisaddr = desiredaddr; 3545 hisaddr = desiredaddr; 3546 continue; 3547 } 3548 /* 3549 * The address wasn't agreeable. This is either 3550 * he sent us 0.0.0.0, asking to assign him an 3551 * address, or he send us another address not 3552 * matching our value. Either case, we gonna 3553 * conf-nak it with our value. 3554 */ 3555 if (debug) { 3556 if (desiredaddr == 0) 3557 addlog(" [addr requested]"); 3558 else 3559 addlog(" %s [not agreed]", 3560 sppp_dotted_quad(desiredaddr)); 3561 } 3562 3563 p[2] = hisaddr >> 24; 3564 p[3] = hisaddr >> 16; 3565 p[4] = hisaddr >> 8; 3566 p[5] = hisaddr; 3567 break; 3568 } 3569 if (rlen + l > blen) { 3570 if (debug) 3571 addlog(" [overflow]"); 3572 continue; 3573 } 3574 /* Add the option to nak'ed list. */ 3575 memcpy(r, p, l); 3576 r += l; 3577 rlen += l; 3578 } 3579 3580 if (rlen > 0) { 3581 type = CP_RCR_NAK; 3582 } else { 3583 if ((sp->ipcp.flags & IPCP_HISADDR_SEEN) == 0) { 3584 /* 3585 * If we are about to conf-ack the request, but haven't seen 3586 * his address so far, gonna conf-nak it instead, with the 3587 * `address' option present and our idea of his address being 3588 * filled in there, to request negotiation of both addresses. 3589 * 3590 * XXX This can result in an endless req - nak loop if peer 3591 * doesn't want to send us his address. Q: What should we do 3592 * about it? XXX A: implement the max-failure counter. 3593 */ 3594 buf[0] = IPCP_OPT_ADDRESS; 3595 buf[1] = 6; 3596 buf[2] = hisaddr >> 24; 3597 buf[3] = hisaddr >> 16; 3598 buf[4] = hisaddr >> 8; 3599 buf[5] = hisaddr; 3600 rlen = 6; 3601 if (debug) 3602 addlog(" still need hisaddr"); 3603 type = CP_RCR_NAK; 3604 } else { 3605 type = CP_RCR_ACK; 3606 rlen = origlen; 3607 memcpy(r, h + 1, rlen); 3608 } 3609 } 3610 3611 end: 3612 if (debug) 3613 addlog("\n"); 3614 3615 if (type == CP_RCR_ERR || type == CP_RCR_DROP) { 3616 if (buf != NULL) 3617 kmem_intr_free(buf, blen); 3618 } else { 3619 *msgbuf = buf; 3620 *buflen = blen; 3621 *msglen = rlen; 3622 } 3623 3624 return type; 3625 } 3626 3627 /* 3628 * Analyze the IPCP Configure-Reject option list, and adjust our 3629 * negotiation. 3630 */ 3631 static void 3632 sppp_ipcp_confrej(struct sppp *sp, struct lcp_header *h, int len) 3633 { 3634 u_char *p, l; 3635 struct ifnet *ifp = &sp->pp_if; 3636 int debug = ifp->if_flags & IFF_DEBUG; 3637 3638 KASSERT(SPPP_WLOCKED(sp)); 3639 3640 if (len <= sizeof(*h)) 3641 return; 3642 3643 len -= sizeof(*h); 3644 3645 if (debug) 3646 log(LOG_DEBUG, "%s: ipcp rej opts:", 3647 ifp->if_xname); 3648 3649 p = (void *)(h + 1); 3650 for (; len > 1; len -= l, p += l) { 3651 l = p[1]; 3652 if (l == 0) 3653 break; 3654 3655 /* Sanity check option length */ 3656 if (l > len) { 3657 /* XXX should we just RXJ? */ 3658 addlog("%s: malicious IPCP option received, dropping\n", 3659 ifp->if_xname); 3660 goto end; 3661 } 3662 if (debug) 3663 addlog(" %s", sppp_ipcp_opt_name(*p)); 3664 switch (p[0]) { 3665 case IPCP_OPT_ADDRESS: 3666 /* 3667 * Peer doesn't grok address option. This is 3668 * bad. XXX Should we better give up here? 3669 */ 3670 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_ADDRESS); 3671 break; 3672 #ifdef notyet 3673 case IPCP_OPT_COMPRESS: 3674 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_COMPRESS); 3675 break; 3676 #endif 3677 case IPCP_OPT_PRIMDNS: 3678 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS); 3679 break; 3680 3681 case IPCP_OPT_SECDNS: 3682 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS); 3683 break; 3684 } 3685 } 3686 if (debug) 3687 addlog("\n"); 3688 end: 3689 return; 3690 } 3691 3692 /* 3693 * Analyze the IPCP Configure-NAK option list, and adjust our 3694 * negotiation. 3695 */ 3696 static void 3697 sppp_ipcp_confnak(struct sppp *sp, struct lcp_header *h, int len) 3698 { 3699 u_char *p, l; 3700 struct ifnet *ifp = &sp->pp_if; 3701 int debug = ifp->if_flags & IFF_DEBUG; 3702 uint32_t wantaddr; 3703 3704 KASSERT(SPPP_WLOCKED(sp)); 3705 3706 len -= sizeof(*h); 3707 3708 if (debug) 3709 log(LOG_DEBUG, "%s: ipcp nak opts:", 3710 ifp->if_xname); 3711 3712 p = (void *)(h + 1); 3713 for (; len > 1; len -= l, p += l) { 3714 l = p[1]; 3715 if (l == 0) 3716 break; 3717 3718 /* Sanity check option length */ 3719 if (l > len) { 3720 /* XXX should we just RXJ? */ 3721 addlog("%s: malicious IPCP option received, dropping\n", 3722 ifp->if_xname); 3723 return; 3724 } 3725 if (debug) 3726 addlog(" %s", sppp_ipcp_opt_name(*p)); 3727 switch (*p) { 3728 case IPCP_OPT_ADDRESS: 3729 /* 3730 * Peer doesn't like our local IP address. See 3731 * if we can do something for him. We'll drop 3732 * him our address then. 3733 */ 3734 if (len >= 6 && l == 6) { 3735 wantaddr = p[2] << 24 | p[3] << 16 | 3736 p[4] << 8 | p[5]; 3737 SET(sp->ipcp.opts, SPPP_IPCP_OPT_ADDRESS); 3738 if (debug) 3739 addlog(" [wantaddr %s]", 3740 sppp_dotted_quad(wantaddr)); 3741 /* 3742 * When doing dynamic address assignment, 3743 * we accept his offer. Otherwise, we 3744 * ignore it and thus continue to negotiate 3745 * our already existing value. 3746 */ 3747 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3748 if (debug) 3749 addlog(" [agree]"); 3750 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3751 sp->ipcp.req_myaddr = wantaddr; 3752 } 3753 } 3754 break; 3755 3756 case IPCP_OPT_PRIMDNS: 3757 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS) && 3758 len >= 6 && l == 6) { 3759 sp->dns_addrs[0] = p[2] << 24 | p[3] << 16 | 3760 p[4] << 8 | p[5]; 3761 } 3762 break; 3763 3764 case IPCP_OPT_SECDNS: 3765 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS) && 3766 len >= 6 && l == 6) { 3767 sp->dns_addrs[1] = p[2] << 24 | p[3] << 16 | 3768 p[4] << 8 | p[5]; 3769 } 3770 break; 3771 #ifdef notyet 3772 case IPCP_OPT_COMPRESS: 3773 /* 3774 * Peer wants different compression parameters. 3775 */ 3776 break; 3777 #endif 3778 } 3779 } 3780 if (debug) 3781 addlog("\n"); 3782 } 3783 3784 static void 3785 sppp_ipcp_tlu(struct sppp *sp) 3786 { 3787 #ifdef INET 3788 KASSERT(SPPP_WLOCKED(sp)); 3789 /* we are up. Set addresses and notify anyone interested */ 3790 sppp_set_ip_addrs(sp); 3791 #endif 3792 } 3793 3794 static void 3795 sppp_ipcp_scr(struct sppp *sp) 3796 { 3797 uint8_t opt[6 /* compression */ + 6 /* address */ + 12 /* dns addresses */]; 3798 #ifdef INET 3799 uint32_t ouraddr; 3800 #endif 3801 int i = 0; 3802 3803 KASSERT(SPPP_WLOCKED(sp)); 3804 3805 #ifdef notyet 3806 if (ISSET(sp->ipcp.opts,SPPP_IPCP_OPT_COMPRESSION)) { 3807 opt[i++] = IPCP_OPT_COMPRESSION; 3808 opt[i++] = 6; 3809 opt[i++] = 0; /* VJ header compression */ 3810 opt[i++] = 0x2d; /* VJ header compression */ 3811 opt[i++] = max_slot_id; 3812 opt[i++] = comp_slot_id; 3813 } 3814 #endif 3815 3816 #ifdef INET 3817 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_ADDRESS)) { 3818 if (sp->ipcp.flags & IPCP_MYADDR_SEEN) { 3819 ouraddr = sp->ipcp.req_myaddr; /* not sure if this can ever happen */ 3820 } else { 3821 kpreempt_disable(); 3822 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3823 kpreempt_enable(); 3824 } 3825 opt[i++] = IPCP_OPT_ADDRESS; 3826 opt[i++] = 6; 3827 opt[i++] = ouraddr >> 24; 3828 opt[i++] = ouraddr >> 16; 3829 opt[i++] = ouraddr >> 8; 3830 opt[i++] = ouraddr; 3831 } 3832 #endif 3833 3834 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS)) { 3835 opt[i++] = IPCP_OPT_PRIMDNS; 3836 opt[i++] = 6; 3837 opt[i++] = sp->dns_addrs[0] >> 24; 3838 opt[i++] = sp->dns_addrs[0] >> 16; 3839 opt[i++] = sp->dns_addrs[0] >> 8; 3840 opt[i++] = sp->dns_addrs[0]; 3841 } 3842 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS)) { 3843 opt[i++] = IPCP_OPT_SECDNS; 3844 opt[i++] = 6; 3845 opt[i++] = sp->dns_addrs[1] >> 24; 3846 opt[i++] = sp->dns_addrs[1] >> 16; 3847 opt[i++] = sp->dns_addrs[1] >> 8; 3848 opt[i++] = sp->dns_addrs[1]; 3849 } 3850 3851 sp->scp[IDX_IPCP].confid = ++sp->scp[IDX_IPCP].seq; 3852 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->scp[IDX_IPCP].confid, i, &opt); 3853 } 3854 3855 /* 3856 *--------------------------------------------------------------------------* 3857 * * 3858 * The IPv6CP implementation. * 3859 * * 3860 *--------------------------------------------------------------------------* 3861 */ 3862 3863 #ifdef INET6 3864 static void 3865 sppp_ipv6cp_init(struct sppp *sp) 3866 { 3867 3868 KASSERT(SPPP_WLOCKED(sp)); 3869 3870 sppp_cp_init(&ipv6cp, sp); 3871 3872 sp->ipv6cp.opts = 0; 3873 sp->ipv6cp.flags = 0; 3874 } 3875 3876 static void 3877 sppp_ipv6cp_open(struct sppp *sp, void *xcp) 3878 { 3879 STDDCL; 3880 struct in6_addr myaddr, hisaddr; 3881 3882 KASSERT(SPPP_WLOCKED(sp)); 3883 KASSERT(!cpu_softintr_p()); 3884 3885 #ifdef IPV6CP_MYIFID_DYN 3886 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3887 #else 3888 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3889 #endif 3890 3891 kpreempt_disable(); 3892 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3893 kpreempt_enable(); 3894 /* 3895 * If we don't have our address, this probably means our 3896 * interface doesn't want to talk IPv6 at all. (This could 3897 * be the case if somebody wants to speak only IPX, for 3898 * example.) Don't open IPv6CP in this case. 3899 */ 3900 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3901 /* XXX this message should go away */ 3902 if (debug) 3903 log(LOG_DEBUG, "%s: ipv6cp_open(): no IPv6 interface\n", 3904 ifp->if_xname); 3905 return; 3906 } 3907 3908 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3909 SET(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_IFID); 3910 sppp_open_event(sp, xcp); 3911 } 3912 3913 /* 3914 * Analyze a configure request. Return true if it was agreeable, and 3915 * caused action sca, false if it has been rejected or nak'ed, and 3916 * caused action scn. (The return value is used to make the state 3917 * transition decision in the state automaton.) 3918 */ 3919 static enum cp_rcr_type 3920 sppp_ipv6cp_confreq(struct sppp *sp, struct lcp_header *h, int origlen, 3921 uint8_t **msgbuf, size_t *buflen, size_t *msglen) 3922 { 3923 u_char *buf, *r, *p, l, blen; 3924 struct ifnet *ifp = &sp->pp_if; 3925 int rlen, len, debug = ifp->if_flags & IFF_DEBUG; 3926 struct in6_addr myaddr, desiredaddr, suggestaddr; 3927 enum cp_rcr_type type; 3928 int ifidcount; 3929 int collision, nohisaddr; 3930 char ip6buf[INET6_ADDRSTRLEN]; 3931 3932 KASSERT(SPPP_WLOCKED(sp)); 3933 3934 type = CP_RCR_NONE; 3935 origlen -= sizeof(*h); 3936 3937 if (origlen < 0) 3938 return CP_RCR_DROP; 3939 3940 /* 3941 * Make sure to allocate a buf that can at least hold a 3942 * conf-nak with an `address' option. We might need it below. 3943 */ 3944 blen = MAX(6, origlen); 3945 3946 buf = kmem_intr_alloc(blen, KM_NOSLEEP); 3947 if (buf == NULL) 3948 return CP_RCR_DROP; 3949 3950 /* pass 1: see if we can recognize them */ 3951 if (debug) 3952 log(LOG_DEBUG, "%s: ipv6cp parse opts:", 3953 ifp->if_xname); 3954 p = (void *)(h + 1); 3955 r = buf; 3956 rlen = 0; 3957 ifidcount = 0; 3958 for (len = origlen; len > 1; len -= l, p += l) { 3959 l = p[1]; 3960 if (l == 0) 3961 break; 3962 3963 /* Sanity check option length */ 3964 if (l > len) { 3965 /* XXX just RXJ? */ 3966 addlog("%s: received malicious IPCPv6 option, " 3967 "dropping\n", ifp->if_xname); 3968 type = CP_RCR_ERR; 3969 goto end; 3970 } 3971 if (debug) 3972 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3973 switch (p[0]) { 3974 case IPV6CP_OPT_IFID: 3975 if (len >= 10 && l == 10 && ifidcount == 0) { 3976 /* correctly formed address option */ 3977 ifidcount++; 3978 continue; 3979 } 3980 if (debug) 3981 addlog(" [invalid]"); 3982 break; 3983 #ifdef notyet 3984 case IPV6CP_OPT_COMPRESSION: 3985 if (len >= 4 && l >= 4) { 3986 /* correctly formed compress option */ 3987 continue; 3988 } 3989 if (debug) 3990 addlog(" [invalid]"); 3991 break; 3992 #endif 3993 default: 3994 /* Others not supported. */ 3995 if (debug) 3996 addlog(" [rej]"); 3997 break; 3998 } 3999 if (rlen + l > blen) { 4000 if (debug) 4001 addlog(" [overflow]"); 4002 continue; 4003 } 4004 /* Add the option to rejected list. */ 4005 memcpy(r, p, l); 4006 r += l; 4007 rlen += l; 4008 } 4009 4010 if (rlen > 0) { 4011 type = CP_RCR_REJ; 4012 goto end; 4013 } 4014 4015 if (debug) 4016 addlog("\n"); 4017 4018 /* pass 2: parse option values */ 4019 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 4020 if (debug) 4021 log(LOG_DEBUG, "%s: ipv6cp parse opt values: ", 4022 ifp->if_xname); 4023 p = (void *)(h + 1); 4024 r = buf; 4025 rlen = 0; 4026 type = CP_RCR_ACK; 4027 for (len = origlen; len > 1; len -= l, p += l) { 4028 l = p[1]; 4029 if (l == 0) 4030 break; 4031 4032 if (debug) 4033 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 4034 switch (p[0]) { 4035 #ifdef notyet 4036 case IPV6CP_OPT_COMPRESSION: 4037 continue; 4038 #endif 4039 case IPV6CP_OPT_IFID: 4040 memset(&desiredaddr, 0, sizeof(desiredaddr)); 4041 memcpy(&desiredaddr.s6_addr[8], &p[2], 8); 4042 collision = (memcmp(&desiredaddr.s6_addr[8], 4043 &myaddr.s6_addr[8], 8) == 0); 4044 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 4045 4046 desiredaddr.s6_addr16[0] = htons(0xfe80); 4047 (void)in6_setscope(&desiredaddr, &sp->pp_if, NULL); 4048 4049 if (!collision && !nohisaddr) { 4050 /* no collision, hisaddr known - Conf-Ack */ 4051 type = CP_RCR_ACK; 4052 memcpy(sp->ipv6cp.my_ifid, &myaddr.s6_addr[8], 4053 sizeof(sp->ipv6cp.my_ifid)); 4054 memcpy(sp->ipv6cp.his_ifid, 4055 &desiredaddr.s6_addr[8], 4056 sizeof(sp->ipv6cp.my_ifid)); 4057 4058 if (debug) { 4059 addlog(" %s [%s]", 4060 IN6_PRINT(ip6buf, &desiredaddr), 4061 sppp_cp_type_name(CONF_ACK)); 4062 } 4063 continue; 4064 } 4065 4066 memset(&suggestaddr, 0, sizeof(suggestaddr)); 4067 if (collision && nohisaddr) { 4068 /* collision, hisaddr unknown - Conf-Rej */ 4069 type = CP_RCR_REJ; 4070 memset(&p[2], 0, 8); 4071 } else { 4072 /* 4073 * - no collision, hisaddr unknown, or 4074 * - collision, hisaddr known 4075 * Conf-Nak, suggest hisaddr 4076 */ 4077 type = CP_RCR_NAK; 4078 sppp_suggest_ip6_addr(sp, &suggestaddr); 4079 memcpy(&p[2], &suggestaddr.s6_addr[8], 8); 4080 } 4081 if (debug) { 4082 int ctype = type == CP_RCR_REJ ? CONF_REJ : CONF_NAK; 4083 addlog(" %s [%s]", IN6_PRINT(ip6buf, &desiredaddr), 4084 sppp_cp_type_name(ctype)); 4085 } 4086 break; 4087 } 4088 if (rlen + l > blen) { 4089 if (debug) 4090 addlog(" [overflow]"); 4091 continue; 4092 } 4093 /* Add the option to nak'ed list. */ 4094 memcpy(r, p, l); 4095 r += l; 4096 rlen += l; 4097 } 4098 4099 if (rlen > 0) { 4100 if (type != CP_RCR_ACK) { 4101 if (debug) { 4102 int ctype ; 4103 ctype = type == CP_RCR_REJ ? 4104 CONF_REJ : CONF_NAK; 4105 addlog(" send %s suggest %s\n", 4106 sppp_cp_type_name(ctype), 4107 IN6_PRINT(ip6buf, &suggestaddr)); 4108 } 4109 } 4110 #ifdef notdef 4111 if (type == CP_RCR_ACK) 4112 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 4113 #endif 4114 } else { 4115 if (type == CP_RCR_ACK) { 4116 rlen = origlen; 4117 memcpy(r, h + 1, rlen); 4118 } 4119 } 4120 end: 4121 if (debug) 4122 addlog("\n"); 4123 4124 if (type == CP_RCR_ERR || type == CP_RCR_DROP) { 4125 if (buf != NULL) 4126 kmem_intr_free(buf, blen); 4127 } else { 4128 *msgbuf = buf; 4129 *buflen = blen; 4130 *msglen = rlen; 4131 } 4132 4133 return type; 4134 } 4135 4136 /* 4137 * Analyze the IPv6CP Configure-Reject option list, and adjust our 4138 * negotiation. 4139 */ 4140 static void 4141 sppp_ipv6cp_confrej(struct sppp *sp, struct lcp_header *h, int len) 4142 { 4143 u_char *p, l; 4144 struct ifnet *ifp = &sp->pp_if; 4145 int debug = ifp->if_flags & IFF_DEBUG; 4146 4147 KASSERT(SPPP_WLOCKED(sp)); 4148 4149 if (len <= sizeof(*h)) 4150 return; 4151 4152 len -= sizeof(*h); 4153 4154 if (debug) 4155 log(LOG_DEBUG, "%s: ipv6cp rej opts:", 4156 ifp->if_xname); 4157 4158 p = (void *)(h + 1); 4159 for (; len > 1; len -= l, p += l) { 4160 l = p[1]; 4161 if (l == 0) 4162 break; 4163 4164 if (l > len) { 4165 /* XXX just RXJ? */ 4166 addlog("%s: received malicious IPCPv6 option, " 4167 "dropping\n", ifp->if_xname); 4168 goto end; 4169 } 4170 if (debug) 4171 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 4172 switch (p[0]) { 4173 case IPV6CP_OPT_IFID: 4174 /* 4175 * Peer doesn't grok address option. This is 4176 * bad. XXX Should we better give up here? 4177 */ 4178 CLR(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_IFID); 4179 break; 4180 #ifdef notyet 4181 case IPV6CP_OPT_COMPRESS: 4182 CLR(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_COMPRESS); 4183 break; 4184 #endif 4185 } 4186 } 4187 if (debug) 4188 addlog("\n"); 4189 end: 4190 return; 4191 } 4192 4193 /* 4194 * Analyze the IPv6CP Configure-NAK option list, and adjust our 4195 * negotiation. 4196 */ 4197 static void 4198 sppp_ipv6cp_confnak(struct sppp *sp, struct lcp_header *h, int len) 4199 { 4200 u_char *p, l; 4201 struct ifnet *ifp = &sp->pp_if; 4202 int debug = ifp->if_flags & IFF_DEBUG; 4203 struct in6_addr suggestaddr; 4204 char ip6buf[INET6_ADDRSTRLEN]; 4205 4206 KASSERT(SPPP_WLOCKED(sp)); 4207 4208 if (len <= sizeof(*h)) 4209 return; 4210 4211 len -= sizeof(*h); 4212 4213 if (debug) 4214 log(LOG_DEBUG, "%s: ipv6cp nak opts:", 4215 ifp->if_xname); 4216 4217 p = (void *)(h + 1); 4218 for (; len > 1; len -= l, p += l) { 4219 l = p[1]; 4220 if (l == 0) 4221 break; 4222 4223 if (l > len) { 4224 /* XXX just RXJ? */ 4225 addlog("%s: received malicious IPCPv6 option, " 4226 "dropping\n", ifp->if_xname); 4227 goto end; 4228 } 4229 if (debug) 4230 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 4231 switch (p[0]) { 4232 case IPV6CP_OPT_IFID: 4233 /* 4234 * Peer doesn't like our local ifid. See 4235 * if we can do something for him. We'll drop 4236 * him our address then. 4237 */ 4238 if (len < 10 || l != 10) 4239 break; 4240 memset(&suggestaddr, 0, sizeof(suggestaddr)); 4241 suggestaddr.s6_addr16[0] = htons(0xfe80); 4242 (void)in6_setscope(&suggestaddr, &sp->pp_if, NULL); 4243 memcpy(&suggestaddr.s6_addr[8], &p[2], 8); 4244 4245 SET(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_IFID); 4246 if (debug) 4247 addlog(" [suggestaddr %s]", 4248 IN6_PRINT(ip6buf, &suggestaddr)); 4249 #ifdef IPV6CP_MYIFID_DYN 4250 /* 4251 * When doing dynamic address assignment, 4252 * we accept his offer. 4253 */ 4254 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 4255 struct in6_addr lastsuggest; 4256 /* 4257 * If <suggested myaddr from peer> equals to 4258 * <hisaddr we have suggested last time>, 4259 * we have a collision. generate new random 4260 * ifid. 4261 */ 4262 sppp_suggest_ip6_addr(&lastsuggest); 4263 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 4264 lastsuggest)) { 4265 if (debug) 4266 addlog(" [random]"); 4267 sppp_gen_ip6_addr(sp, &suggestaddr); 4268 } 4269 sppp_set_ip6_addr(sp, &suggestaddr, 0); 4270 if (debug) 4271 addlog(" [agree]"); 4272 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 4273 } 4274 #else 4275 /* 4276 * Since we do not do dynamic address assignment, 4277 * we ignore it and thus continue to negotiate 4278 * our already existing value. This can possibly 4279 * go into infinite request-reject loop. 4280 * 4281 * This is not likely because we normally use 4282 * ifid based on MAC-address. 4283 * If you have no ethernet card on the node, too bad. 4284 * XXX should we use fail_counter? 4285 */ 4286 #endif 4287 break; 4288 #ifdef notyet 4289 case IPV6CP_OPT_COMPRESS: 4290 /* 4291 * Peer wants different compression parameters. 4292 */ 4293 break; 4294 #endif 4295 } 4296 } 4297 if (debug) 4298 addlog("\n"); 4299 end: 4300 return; 4301 } 4302 4303 static void 4304 sppp_ipv6cp_tlu(struct sppp *sp) 4305 { 4306 4307 KASSERT(SPPP_WLOCKED(sp)); 4308 /* we are up - notify isdn daemon */ 4309 sppp_notify_con_wlocked(sp); 4310 } 4311 4312 static void 4313 sppp_ipv6cp_scr(struct sppp *sp) 4314 { 4315 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 4316 struct in6_addr ouraddr; 4317 int i = 0; 4318 4319 KASSERT(SPPP_WLOCKED(sp)); 4320 4321 if (ISSET(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_IFID)) { 4322 kpreempt_disable(); 4323 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 4324 kpreempt_enable(); 4325 4326 opt[i++] = IPV6CP_OPT_IFID; 4327 opt[i++] = 10; 4328 memcpy(&opt[i], &ouraddr.s6_addr[8], 8); 4329 i += 8; 4330 } 4331 4332 #ifdef notyet 4333 if (ISSET(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_COMPRESSION)) { 4334 opt[i++] = IPV6CP_OPT_COMPRESSION; 4335 opt[i++] = 4; 4336 opt[i++] = 0; /* TBD */ 4337 opt[i++] = 0; /* TBD */ 4338 /* variable length data may follow */ 4339 } 4340 #endif 4341 4342 sp->scp[IDX_IPV6CP].confid = ++sp->scp[IDX_IPV6CP].seq; 4343 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->scp[IDX_IPV6CP].confid, i, &opt); 4344 } 4345 #else /*INET6*/ 4346 static void 4347 sppp_ipv6cp_init(struct sppp *sp) 4348 { 4349 4350 KASSERT(SPPP_WLOCKED(sp)); 4351 } 4352 4353 static void 4354 sppp_ipv6cp_open(struct sppp *sp, void *xcp) 4355 { 4356 4357 KASSERT(SPPP_WLOCKED(sp)); 4358 } 4359 4360 static enum cp_rcr_type 4361 sppp_ipv6cp_confreq(struct sppp *sp, struct lcp_header *h, 4362 int len, uint8_t **msgbuf, size_t *buflen, size_t *msglen) 4363 { 4364 4365 KASSERT(SPPP_WLOCKED(sp)); 4366 return 0; 4367 } 4368 4369 static void 4370 sppp_ipv6cp_confrej(struct sppp *sp, struct lcp_header *h, 4371 int len) 4372 { 4373 4374 KASSERT(SPPP_WLOCKED(sp)); 4375 } 4376 4377 static void 4378 sppp_ipv6cp_confnak(struct sppp *sp, struct lcp_header *h, 4379 int len) 4380 { 4381 4382 KASSERT(SPPP_WLOCKED(sp)); 4383 } 4384 4385 static void 4386 sppp_ipv6cp_tlu(struct sppp *sp) 4387 { 4388 4389 KASSERT(SPPP_WLOCKED(sp)); 4390 } 4391 4392 static void 4393 sppp_ipv6cp_scr(struct sppp *sp) 4394 { 4395 4396 KASSERT(SPPP_WLOCKED(sp)); 4397 } 4398 #endif /*INET6*/ 4399 4400 /* 4401 *--------------------------------------------------------------------------* 4402 * * 4403 * The CHAP implementation. * 4404 * * 4405 *--------------------------------------------------------------------------* 4406 */ 4407 /* 4408 * The authentication protocols is implemented on the state machine for 4409 * control protocols. And it uses following actions and events. 4410 * 4411 * Actions: 4412 * - scr: send CHAP_CHALLENGE and CHAP_RESPONSE 4413 * - sca: send CHAP_SUCCESS 4414 * - scn: send CHAP_FAILURE and shutdown lcp 4415 * Events: 4416 * - RCR+: receive CHAP_RESPONSE containing correct digest 4417 * - RCR-: receive CHAP_RESPONSE containing wrong digest 4418 * - RCA: receive CHAP_SUCCESS 4419 * - RCN: (this event is unused) 4420 * - TO+: re-send CHAP_CHALLENGE and CHAP_RESPONSE 4421 * - TO-: this layer finish 4422 */ 4423 4424 /* 4425 * Handle incoming CHAP packets. 4426 */ 4427 void 4428 sppp_chap_input(struct sppp *sp, struct mbuf *m) 4429 { 4430 STDDCL; 4431 struct lcp_header *h; 4432 int len, x; 4433 u_char *value, *name, digest[sizeof(sp->chap.challenge)]; 4434 int value_len, name_len; 4435 MD5_CTX ctx; 4436 4437 len = m->m_pkthdr.len; 4438 if (len < 4) { 4439 if (debug) 4440 log(LOG_DEBUG, 4441 "%s: chap invalid packet length: %d bytes\n", 4442 ifp->if_xname, len); 4443 return; 4444 } 4445 h = mtod(m, struct lcp_header *); 4446 if (len > ntohs(h->len)) 4447 len = ntohs(h->len); 4448 4449 SPPP_LOCK(sp, RW_WRITER); 4450 4451 switch (h->type) { 4452 /* challenge, failure and success are his authproto */ 4453 case CHAP_CHALLENGE: 4454 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 4455 /* can't do anything useful */ 4456 sp->pp_auth_failures++; 4457 printf("%s: chap input without my name and my secret being set\n", 4458 ifp->if_xname); 4459 break; 4460 } 4461 value = 1 + (u_char *)(h + 1); 4462 value_len = value[-1]; 4463 name = value + value_len; 4464 name_len = len - value_len - 5; 4465 if (name_len < 0) { 4466 if (debug) { 4467 log(LOG_DEBUG, 4468 "%s: chap corrupted challenge " 4469 "<%s id=0x%x len=%d", 4470 ifp->if_xname, 4471 sppp_auth_type_name(PPP_CHAP, h->type), 4472 h->ident, ntohs(h->len)); 4473 if (len > 4) 4474 sppp_print_bytes((u_char *)(h + 1), 4475 len - 4); 4476 addlog(">\n"); 4477 } 4478 break; 4479 } 4480 4481 if (debug) { 4482 log(LOG_DEBUG, 4483 "%s: chap input <%s id=0x%x len=%d name=", 4484 ifp->if_xname, 4485 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 4486 ntohs(h->len)); 4487 sppp_print_string((char *) name, name_len); 4488 addlog(" value-size=%d value=", value_len); 4489 sppp_print_bytes(value, value_len); 4490 addlog(">\n"); 4491 } 4492 4493 /* Compute reply value. */ 4494 MD5Init(&ctx); 4495 MD5Update(&ctx, &h->ident, 1); 4496 MD5Update(&ctx, sp->myauth.secret, sp->myauth.secret_len); 4497 MD5Update(&ctx, value, value_len); 4498 MD5Final(sp->chap.digest, &ctx); 4499 sp->chap.digest_len = sizeof(sp->chap.digest); 4500 sp->scp[IDX_CHAP].rconfid = h->ident; 4501 4502 sppp_wq_add(sp->wq_cp, &sp->chap.work_challenge_rcvd); 4503 break; 4504 4505 case CHAP_SUCCESS: 4506 if (debug) { 4507 log(LOG_DEBUG, "%s: chap success", 4508 ifp->if_xname); 4509 if (len > 4) { 4510 addlog(": "); 4511 sppp_print_string((char *)(h + 1), len - 4); 4512 } 4513 addlog("\n"); 4514 } 4515 4516 if (h->ident != sp->scp[IDX_CHAP].rconfid) { 4517 if (debug) { 4518 log(LOG_DEBUG, "%s: %s id mismatch 0x%x != 0x%x\n", 4519 ifp->if_xname, chap.name, 4520 h->ident, sp->scp[IDX_CHAP].rconfid); 4521 } 4522 if_statinc(ifp, if_ierrors); 4523 break; 4524 } 4525 4526 if (sp->chap.digest_len == 0) { 4527 if (debug) { 4528 log(LOG_DEBUG, 4529 "%s: receive CHAP success without challenge\n", 4530 ifp->if_xname); 4531 } 4532 if_statinc(ifp, if_ierrors); 4533 break; 4534 } 4535 4536 x = splnet(); 4537 sp->pp_auth_failures = 0; 4538 sp->pp_flags &= ~PP_NEEDAUTH; 4539 splx(x); 4540 memset(sp->chap.digest, 0, sizeof(sp->chap.digest)); 4541 sp->chap.digest_len = 0; 4542 4543 if (!ISSET(sppp_auth_role(&chap, sp), SPPP_AUTH_SERV)) { 4544 /* 4545 * we are not authenticator for CHAP, 4546 * generate a dummy RCR+ event without CHAP_RESPONSE 4547 */ 4548 sp->scp[IDX_CHAP].rcr_type = CP_RCR_ACK; 4549 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rcr); 4550 } 4551 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rca); 4552 break; 4553 4554 case CHAP_FAILURE: 4555 if (h->ident != sp->scp[IDX_CHAP].rconfid) { 4556 if (debug) { 4557 log(LOG_DEBUG, "%s: %s id mismatch 0x%x != 0x%x\n", 4558 ifp->if_xname, chap.name, 4559 h->ident, sp->scp[IDX_CHAP].rconfid); 4560 } 4561 if_statinc(ifp, if_ierrors); 4562 break; 4563 } 4564 4565 if (sp->chap.digest_len == 0) { 4566 if (debug) { 4567 log(LOG_DEBUG, 4568 "%s: receive CHAP failure without challenge\n", 4569 ifp->if_xname); 4570 } 4571 if_statinc(ifp, if_ierrors); 4572 break; 4573 } 4574 4575 x = splnet(); 4576 sp->pp_auth_failures++; 4577 splx(x); 4578 if (debug) { 4579 log(LOG_INFO, "%s: chap failure", 4580 ifp->if_xname); 4581 if (len > 4) { 4582 addlog(": "); 4583 sppp_print_string((char *)(h + 1), len - 4); 4584 } 4585 addlog("\n"); 4586 } else 4587 log(LOG_INFO, "%s: chap failure\n", 4588 ifp->if_xname); 4589 4590 memset(sp->chap.digest, 0, sizeof(sp->chap.digest)); 4591 sp->chap.digest_len = 0; 4592 /* 4593 * await LCP shutdown by authenticator, 4594 * so we don't have to enqueue sc->scp[IDX_CHAP].work_rcn 4595 */ 4596 break; 4597 4598 /* response is my authproto */ 4599 case CHAP_RESPONSE: 4600 if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) { 4601 /* can't do anything useful */ 4602 printf("%s: chap response" 4603 " without his name and his secret being set\n", 4604 ifp->if_xname); 4605 break; 4606 } 4607 value = 1 + (u_char *)(h + 1); 4608 value_len = value[-1]; 4609 name = value + value_len; 4610 name_len = len - value_len - 5; 4611 if (name_len < 0) { 4612 if (debug) { 4613 log(LOG_DEBUG, 4614 "%s: chap corrupted response " 4615 "<%s id=0x%x len=%d", 4616 ifp->if_xname, 4617 sppp_auth_type_name(PPP_CHAP, h->type), 4618 h->ident, ntohs(h->len)); 4619 if (len > 4) 4620 sppp_print_bytes((u_char *)(h + 1), 4621 len - 4); 4622 addlog(">\n"); 4623 } 4624 break; 4625 } 4626 if (h->ident != sp->scp[IDX_CHAP].confid) { 4627 if (debug) 4628 log(LOG_DEBUG, 4629 "%s: chap dropping response for old ID " 4630 "(got %d, expected %d)\n", 4631 ifp->if_xname, 4632 h->ident, sp->scp[IDX_CHAP].confid); 4633 break; 4634 } else { 4635 sp->scp[IDX_CHAP].rconfid = h->ident; 4636 } 4637 4638 if (sp->hisauth.name != NULL && 4639 (name_len != sp->hisauth.name_len 4640 || memcmp(name, sp->hisauth.name, name_len) != 0)) { 4641 log(LOG_INFO, "%s: chap response, his name ", 4642 ifp->if_xname); 4643 sppp_print_string(name, name_len); 4644 addlog(" != expected "); 4645 sppp_print_string(sp->hisauth.name, 4646 sp->hisauth.name_len); 4647 addlog("\n"); 4648 4649 /* generate RCR- event */ 4650 sp->scp[IDX_CHAP].rcr_type = CP_RCR_NAK; 4651 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rcr); 4652 break; 4653 } 4654 4655 if (debug) { 4656 log(LOG_DEBUG, "%s: chap input(%s) " 4657 "<%s id=0x%x len=%d name=", 4658 ifp->if_xname, 4659 sppp_state_name(sp->scp[IDX_CHAP].state), 4660 sppp_auth_type_name(PPP_CHAP, h->type), 4661 h->ident, ntohs(h->len)); 4662 sppp_print_string((char *)name, name_len); 4663 addlog(" value-size=%d value=", value_len); 4664 sppp_print_bytes(value, value_len); 4665 addlog(">\n"); 4666 } 4667 4668 if (value_len == sizeof(sp->chap.challenge) && 4669 value_len == sizeof(sp->chap.digest)) { 4670 MD5Init(&ctx); 4671 MD5Update(&ctx, &h->ident, 1); 4672 MD5Update(&ctx, sp->hisauth.secret, sp->hisauth.secret_len); 4673 MD5Update(&ctx, sp->chap.challenge, sizeof(sp->chap.challenge)); 4674 MD5Final(digest, &ctx); 4675 4676 if (memcmp(digest, value, value_len) == 0) { 4677 sp->scp[IDX_CHAP].rcr_type = CP_RCR_ACK; 4678 if (!ISSET(sppp_auth_role(&chap, sp), SPPP_AUTH_PEER) || 4679 sp->chap.rechallenging) { 4680 /* generate a dummy RCA event*/ 4681 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rca); 4682 } 4683 } else { 4684 sp->scp[IDX_CHAP].rcr_type = CP_RCR_NAK; 4685 } 4686 } else { 4687 if (debug) 4688 log(LOG_DEBUG, 4689 "%s: chap bad hash value length: " 4690 "%d bytes, should be %zu\n", 4691 ifp->if_xname, value_len, 4692 sizeof(sp->chap.challenge)); 4693 4694 sp->scp[IDX_CHAP].rcr_type = CP_RCR_NAK; 4695 } 4696 4697 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rcr); 4698 break; 4699 4700 default: 4701 /* Unknown CHAP packet type -- ignore. */ 4702 if (debug) { 4703 log(LOG_DEBUG, "%s: chap unknown input(%s) " 4704 "<0x%x id=0x%xh len=%d", 4705 ifp->if_xname, 4706 sppp_state_name(sp->scp[IDX_CHAP].state), 4707 h->type, h->ident, ntohs(h->len)); 4708 if (len > 4) 4709 sppp_print_bytes((u_char *)(h + 1), len - 4); 4710 addlog(">\n"); 4711 } 4712 break; 4713 4714 } 4715 4716 SPPP_UNLOCK(sp); 4717 } 4718 4719 static void 4720 sppp_chap_init(struct sppp *sp) 4721 { 4722 4723 KASSERT(SPPP_WLOCKED(sp)); 4724 4725 sppp_cp_init(&chap, sp); 4726 4727 SPPP_WQ_SET(&sp->chap.work_challenge_rcvd, 4728 sppp_chap_rcv_challenge_event, &chap); 4729 } 4730 4731 static void 4732 sppp_chap_open(struct sppp *sp, void *xcp) 4733 { 4734 4735 KASSERT(SPPP_WLOCKED(sp)); 4736 4737 memset(sp->chap.digest, 0, sizeof(sp->chap.digest)); 4738 sp->chap.digest_len = 0; 4739 sp->chap.rechallenging = false; 4740 sp->chap.response_rcvd = false; 4741 sppp_open_event(sp, xcp); 4742 } 4743 4744 static void 4745 sppp_chap_tlu(struct sppp *sp) 4746 { 4747 STDDCL; 4748 int i, x; 4749 4750 KASSERT(SPPP_WLOCKED(sp)); 4751 4752 i = 0; 4753 sp->scp[IDX_CHAP].rst_counter = sp->lcp.max_configure; 4754 x = splnet(); 4755 sp->pp_auth_failures = 0; 4756 splx(x); 4757 4758 log(LOG_DEBUG, "%s: chap %s", ifp->if_xname, 4759 sp->pp_phase == SPPP_PHASE_NETWORK ? "reconfirmed" : "tlu"); 4760 4761 /* 4762 * Some broken CHAP implementations (Conware CoNet, firmware 4763 * 4.0.?) don't want to re-authenticate their CHAP once the 4764 * initial challenge-response exchange has taken place. 4765 * Provide for an option to avoid rechallenges. 4766 */ 4767 if (ISSET(sppp_auth_role(&chap, sp), SPPP_AUTH_SERV) && 4768 (sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) { 4769 /* 4770 * Compute the re-challenge timeout. This will yield 4771 * a number between 300 and 810 seconds. 4772 */ 4773 i = 300 + ((unsigned)(cprng_fast32() & 0xff00) >> 7); 4774 callout_schedule(&sp->scp[IDX_CHAP].ch, i * hz); 4775 4776 if (debug) { 4777 addlog(", next rechallenge in %d seconds", i); 4778 } 4779 } 4780 4781 addlog("\n"); 4782 4783 /* 4784 * If we are already in phase network, we are done here. This 4785 * is the case if this is a dummy tlu event after a re-challenge. 4786 */ 4787 if (sp->pp_phase != SPPP_PHASE_NETWORK) 4788 sppp_phase_network(sp); 4789 } 4790 4791 static void 4792 sppp_chap_scr(struct sppp *sp) 4793 { 4794 uint32_t *ch; 4795 u_char clen, dsize; 4796 int role; 4797 4798 KASSERT(SPPP_WLOCKED(sp)); 4799 4800 role = sppp_auth_role(&chap, sp); 4801 4802 if (ISSET(role, SPPP_AUTH_SERV) && 4803 !sp->chap.response_rcvd) { 4804 /* we are authenticator for CHAP, send challenge */ 4805 ch = (uint32_t *)sp->chap.challenge; 4806 clen = sizeof(sp->chap.challenge); 4807 /* Compute random challenge. */ 4808 cprng_strong(kern_cprng, ch, clen, 0); 4809 4810 sp->scp[IDX_CHAP].confid = ++sp->scp[IDX_CHAP].seq; 4811 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->scp[IDX_CHAP].confid, 4812 sizeof(clen), (const char *)&clen, 4813 sizeof(sp->chap.challenge), sp->chap.challenge, 4814 0); 4815 } 4816 4817 if (ISSET(role, SPPP_AUTH_PEER) && 4818 sp->chap.digest_len > 0) { 4819 /* we are peer for CHAP, send response */ 4820 dsize = sp->chap.digest_len; 4821 4822 sppp_auth_send(&chap, sp, CHAP_RESPONSE, sp->scp[IDX_CHAP].rconfid, 4823 sizeof(dsize), (const char *)&dsize, 4824 sp->chap.digest_len, sp->chap.digest, 4825 sp->myauth.name_len, sp->myauth.name, 0); 4826 } 4827 } 4828 4829 static void 4830 sppp_chap_rcv_challenge_event(struct sppp *sp, void *xcp) 4831 { 4832 const struct cp *cp = xcp; 4833 4834 KASSERT(!cpu_softintr_p()); 4835 4836 sp->chap.rechallenging = false; 4837 4838 switch (sp->scp[IDX_CHAP].state) { 4839 case STATE_REQ_SENT: 4840 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 4841 cp->scr(sp); 4842 break; 4843 case STATE_OPENED: 4844 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 4845 cp->scr(sp); 4846 break; 4847 } 4848 } 4849 4850 /* 4851 *--------------------------------------------------------------------------* 4852 * * 4853 * The PAP implementation. * 4854 * * 4855 *--------------------------------------------------------------------------* 4856 */ 4857 /* 4858 * PAP uses following actions and events. 4859 * Actions: 4860 * - scr: send PAP_REQ 4861 * - sca: send PAP_ACK 4862 * - scn: send PAP_NAK 4863 * Events: 4864 * - RCR+: receive PAP_REQ containing correct username and password 4865 * - RCR-: receive PAP_REQ containing wrong username and password 4866 * - RCA: receive PAP_ACK 4867 * - RCN: (this event is unused) 4868 * - TO+: re-send PAP_REQ 4869 * - TO-: this layer finish 4870 */ 4871 4872 /* 4873 * Handle incoming PAP packets. */ 4874 static void 4875 sppp_pap_input(struct sppp *sp, struct mbuf *m) 4876 { 4877 STDDCL; 4878 struct lcp_header *h; 4879 int len, x; 4880 char *name, *secret; 4881 int name_len, secret_len; 4882 4883 /* 4884 * Malicious input might leave this uninitialized, so 4885 * init to an impossible value. 4886 */ 4887 secret_len = -1; 4888 4889 len = m->m_pkthdr.len; 4890 if (len < 5) { 4891 if (debug) 4892 log(LOG_DEBUG, 4893 "%s: pap invalid packet length: %d bytes\n", 4894 ifp->if_xname, len); 4895 return; 4896 } 4897 h = mtod(m, struct lcp_header *); 4898 if (len > ntohs(h->len)) 4899 len = ntohs(h->len); 4900 4901 SPPP_LOCK(sp, RW_WRITER); 4902 4903 switch (h->type) { 4904 /* PAP request is my authproto */ 4905 case PAP_REQ: 4906 if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) { 4907 /* can't do anything useful */ 4908 printf("%s: pap request" 4909 " without his name and his secret being set\n", 4910 ifp->if_xname); 4911 break; 4912 } 4913 name = 1 + (u_char *)(h + 1); 4914 name_len = name[-1]; 4915 secret = name + name_len + 1; 4916 if (name_len > len - 6 || 4917 (secret_len = secret[-1]) > len - 6 - name_len) { 4918 if (debug) { 4919 log(LOG_DEBUG, "%s: pap corrupted input " 4920 "<%s id=0x%x len=%d", 4921 ifp->if_xname, 4922 sppp_auth_type_name(PPP_PAP, h->type), 4923 h->ident, ntohs(h->len)); 4924 if (len > 4) 4925 sppp_print_bytes((u_char *)(h + 1), 4926 len - 4); 4927 addlog(">\n"); 4928 } 4929 break; 4930 } 4931 if (debug) { 4932 log(LOG_DEBUG, "%s: pap input(%s) " 4933 "<%s id=0x%x len=%d name=", 4934 ifp->if_xname, 4935 sppp_state_name(sp->scp[IDX_PAP].state), 4936 sppp_auth_type_name(PPP_PAP, h->type), 4937 h->ident, ntohs(h->len)); 4938 sppp_print_string((char *)name, name_len); 4939 addlog(" secret="); 4940 sppp_print_string((char *)secret, secret_len); 4941 addlog(">\n"); 4942 } 4943 4944 sp->scp[IDX_PAP].rconfid = h->ident; 4945 4946 if (name_len == sp->hisauth.name_len && 4947 memcmp(name, sp->hisauth.name, name_len) == 0 && 4948 secret_len == sp->hisauth.secret_len && 4949 memcmp(secret, sp->hisauth.secret, secret_len) == 0) { 4950 sp->scp[IDX_PAP].rcr_type = CP_RCR_ACK; 4951 if (!ISSET(sppp_auth_role(&pap, sp), SPPP_AUTH_PEER)) { 4952 /* generate a dummy RCA event*/ 4953 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rca); 4954 } 4955 } else { 4956 sp->scp[IDX_PAP].rcr_type = CP_RCR_NAK; 4957 } 4958 4959 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rcr); 4960 break; 4961 4962 /* ack and nak are his authproto */ 4963 case PAP_ACK: 4964 if (debug) { 4965 log(LOG_DEBUG, "%s: pap success", 4966 ifp->if_xname); 4967 name = 1 + (u_char *)(h + 1); 4968 name_len = name[-1]; 4969 if (len > 5 && name_len < len+4) { 4970 addlog(": "); 4971 sppp_print_string(name, name_len); 4972 } 4973 addlog("\n"); 4974 } 4975 4976 if (h->ident != sp->scp[IDX_PAP].confid) { 4977 if (debug) { 4978 log(LOG_DEBUG, "%s: %s id mismatch 0x%x != 0x%x\n", 4979 ifp->if_xname, pap.name, 4980 h->ident, sp->scp[IDX_PAP].rconfid); 4981 } 4982 if_statinc(ifp, if_ierrors); 4983 break; 4984 } 4985 4986 x = splnet(); 4987 sp->pp_auth_failures = 0; 4988 sp->pp_flags &= ~PP_NEEDAUTH; 4989 splx(x); 4990 4991 /* we are not authenticator, generate a dummy RCR+ event */ 4992 if (!ISSET(sppp_auth_role(&pap, sp), SPPP_AUTH_SERV)) { 4993 sp->scp[IDX_PAP].rcr_type = CP_RCR_ACK; 4994 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rcr); 4995 } 4996 4997 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rca); 4998 break; 4999 5000 case PAP_NAK: 5001 if (debug) { 5002 log(LOG_INFO, "%s: pap failure", 5003 ifp->if_xname); 5004 name = 1 + (u_char *)(h + 1); 5005 name_len = name[-1]; 5006 if (len > 5 && name_len < len+4) { 5007 addlog(": "); 5008 sppp_print_string(name, name_len); 5009 } 5010 addlog("\n"); 5011 } else 5012 log(LOG_INFO, "%s: pap failure\n", 5013 ifp->if_xname); 5014 5015 if (h->ident != sp->scp[IDX_PAP].confid) { 5016 if (debug) { 5017 log(LOG_DEBUG, "%s: %s id mismatch 0x%x != 0x%x\n", 5018 ifp->if_xname, pap.name, 5019 h->ident, sp->scp[IDX_PAP].rconfid); 5020 } 5021 if_statinc(ifp, if_ierrors); 5022 break; 5023 } 5024 5025 sp->pp_auth_failures++; 5026 /* 5027 * await LCP shutdown by authenticator, 5028 * so we don't have to enqueue sc->scp[IDX_PAP].work_rcn 5029 */ 5030 break; 5031 5032 default: 5033 /* Unknown PAP packet type -- ignore. */ 5034 if (debug) { 5035 log(LOG_DEBUG, "%s: pap corrupted input " 5036 "<0x%x id=0x%x len=%d", 5037 ifp->if_xname, 5038 h->type, h->ident, ntohs(h->len)); 5039 if (len > 4) 5040 sppp_print_bytes((u_char *)(h + 1), len - 4); 5041 addlog(">\n"); 5042 } 5043 break; 5044 } 5045 5046 SPPP_UNLOCK(sp); 5047 } 5048 5049 static void 5050 sppp_pap_init(struct sppp *sp) 5051 { 5052 5053 KASSERT(SPPP_WLOCKED(sp)); 5054 sppp_cp_init(&pap, sp); 5055 } 5056 5057 static void 5058 sppp_pap_tlu(struct sppp *sp) 5059 { 5060 STDDCL; 5061 int x; 5062 5063 sp->scp[IDX_PAP].rst_counter = sp->lcp.max_configure; 5064 5065 if (debug) 5066 log(LOG_DEBUG, "%s: %s tlu\n", 5067 ifp->if_xname, pap.name); 5068 5069 x = splnet(); 5070 sp->pp_auth_failures = 0; 5071 splx(x); 5072 5073 if (sp->pp_phase < SPPP_PHASE_NETWORK) 5074 sppp_phase_network(sp); 5075 } 5076 5077 static void 5078 sppp_pap_scr(struct sppp *sp) 5079 { 5080 u_char idlen, pwdlen; 5081 5082 KASSERT(SPPP_WLOCKED(sp)); 5083 5084 if (ISSET(sppp_auth_role(&pap, sp), SPPP_AUTH_PEER) && 5085 sp->scp[IDX_PAP].state != STATE_ACK_RCVD) { 5086 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 5087 log(LOG_DEBUG, "%s: couldn't send PAP_REQ " 5088 "because of no name or no secret\n", 5089 sp->pp_if.if_xname); 5090 } else { 5091 sp->scp[IDX_PAP].confid = ++sp->scp[IDX_PAP].seq; 5092 pwdlen = sp->myauth.secret_len; 5093 idlen = sp->myauth.name_len; 5094 5095 sppp_auth_send(&pap, sp, PAP_REQ, sp->scp[IDX_PAP].confid, 5096 sizeof idlen, (const char *)&idlen, 5097 idlen, sp->myauth.name, 5098 sizeof pwdlen, (const char *)&pwdlen, 5099 pwdlen, sp->myauth.secret, 5100 0); 5101 } 5102 } 5103 } 5104 5105 /* 5106 * Random miscellaneous functions. 5107 */ 5108 5109 /* 5110 * Send a PAP or CHAP proto packet. 5111 * 5112 * Varadic function, each of the elements for the ellipsis is of type 5113 * ``size_t mlen, const u_char *msg''. Processing will stop iff 5114 * mlen == 0. 5115 * NOTE: never declare variadic functions with types subject to type 5116 * promotion (i.e. u_char). This is asking for big trouble depending 5117 * on the architecture you are on... 5118 */ 5119 5120 static void 5121 sppp_auth_send(const struct cp *cp, struct sppp *sp, 5122 unsigned int type, unsigned int id, 5123 ...) 5124 { 5125 STDDCL; 5126 struct lcp_header *lh; 5127 struct mbuf *m; 5128 u_char *p; 5129 int len; 5130 size_t pkthdrlen; 5131 unsigned int mlen; 5132 const char *msg; 5133 va_list ap; 5134 5135 KASSERT(SPPP_WLOCKED(sp)); 5136 5137 MGETHDR(m, M_DONTWAIT, MT_DATA); 5138 if (! m) 5139 return; 5140 m_reset_rcvif(m); 5141 5142 if (sp->pp_flags & PP_NOFRAMING) { 5143 *mtod(m, uint16_t *) = htons(cp->proto); 5144 pkthdrlen = 2; 5145 lh = (struct lcp_header *)(mtod(m, uint8_t *)+2); 5146 } else { 5147 struct ppp_header *h; 5148 h = mtod(m, struct ppp_header *); 5149 h->address = PPP_ALLSTATIONS; /* broadcast address */ 5150 h->control = PPP_UI; /* Unnumbered Info */ 5151 h->protocol = htons(cp->proto); 5152 pkthdrlen = PPP_HEADER_LEN; 5153 5154 lh = (struct lcp_header *)(h + 1); 5155 } 5156 5157 lh->type = type; 5158 lh->ident = id; 5159 p = (u_char *)(lh + 1); 5160 5161 va_start(ap, id); 5162 len = 0; 5163 5164 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 5165 msg = va_arg(ap, const char *); 5166 len += mlen; 5167 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) { 5168 va_end(ap); 5169 m_freem(m); 5170 return; 5171 } 5172 5173 memcpy(p, msg, mlen); 5174 p += mlen; 5175 } 5176 va_end(ap); 5177 5178 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 5179 lh->len = htons(LCP_HEADER_LEN + len); 5180 5181 if (debug) { 5182 log(LOG_DEBUG, "%s: %s output <%s id=0x%x len=%d", 5183 ifp->if_xname, cp->name, 5184 sppp_auth_type_name(cp->proto, lh->type), 5185 lh->ident, ntohs(lh->len)); 5186 if (len) 5187 sppp_print_bytes((u_char *)(lh + 1), len); 5188 addlog(">\n"); 5189 } 5190 if (IF_QFULL(&sp->pp_cpq)) { 5191 IF_DROP(&sp->pp_fastq); 5192 IF_DROP(&ifp->if_snd); 5193 m_freem(m); 5194 if_statinc(ifp, if_oerrors); 5195 return; 5196 } 5197 5198 if_statadd(ifp, if_obytes, m->m_pkthdr.len + sp->pp_framebytes); 5199 IF_ENQUEUE(&sp->pp_cpq, m); 5200 5201 if (! (ifp->if_flags & IFF_OACTIVE)) { 5202 SPPP_UNLOCK(sp); 5203 if_start_lock(ifp); 5204 SPPP_LOCK(sp, RW_WRITER); 5205 } 5206 } 5207 5208 static int 5209 sppp_auth_role(const struct cp *cp, struct sppp *sp) 5210 { 5211 int role; 5212 5213 role = SPPP_AUTH_NOROLE; 5214 5215 if (sp->hisauth.proto == cp->proto && 5216 ISSET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO)) 5217 SET(role, SPPP_AUTH_SERV); 5218 5219 if (sp->myauth.proto == cp->proto) 5220 SET(role, SPPP_AUTH_PEER); 5221 5222 return role; 5223 } 5224 5225 static void 5226 sppp_auth_to_event(struct sppp *sp, void *xcp) 5227 { 5228 const struct cp *cp = xcp; 5229 bool override; 5230 int state; 5231 STDDCL; 5232 5233 KASSERT(SPPP_WLOCKED(sp)); 5234 KASSERT(!cpu_softintr_p()); 5235 5236 override = false; 5237 state = sp->scp[cp->protoidx].state; 5238 5239 if (sp->scp[cp->protoidx].rst_counter > 0) { 5240 /* override TO+ event */ 5241 switch (state) { 5242 case STATE_OPENED: 5243 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) { 5244 override = true; 5245 sp->chap.rechallenging = true; 5246 sp->chap.response_rcvd = false; 5247 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 5248 cp->scr(sp); 5249 } 5250 break; 5251 5252 case STATE_ACK_RCVD: 5253 override = true; 5254 cp->scr(sp); 5255 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 5256 break; 5257 } 5258 } 5259 5260 if (override) { 5261 if (debug) 5262 log(LOG_DEBUG, "%s: %s TO(%s) rst_counter = %d\n", 5263 ifp->if_xname, cp->name, 5264 sppp_state_name(state), 5265 sp->scp[cp->protoidx].rst_counter); 5266 sp->scp[cp->protoidx].rst_counter--; 5267 } else { 5268 sppp_to_event(sp, xcp); 5269 } 5270 } 5271 5272 static void 5273 sppp_auth_sca_scn(const struct cp *cp, struct sppp *sp) 5274 { 5275 static const char *succmsg = "Welcome!"; 5276 static const char *failmsg = "Failed..."; 5277 const char *msg; 5278 u_char type, rconfid, mlen; 5279 5280 KASSERT(SPPP_WLOCKED(sp)); 5281 5282 if (!ISSET(sppp_auth_role(cp, sp), SPPP_AUTH_SERV)) 5283 return; 5284 5285 rconfid = sp->scp[cp->protoidx].rconfid; 5286 5287 if (sp->scp[cp->protoidx].rcr_type == CP_RCR_ACK) { 5288 type = cp->proto == PPP_CHAP ? CHAP_SUCCESS : PAP_ACK; 5289 msg = succmsg; 5290 mlen = sizeof(succmsg) - 1; 5291 5292 sp->pp_auth_failures = 0; 5293 } else { 5294 type = cp->proto == PPP_CHAP ? CHAP_FAILURE : PAP_NAK; 5295 msg = failmsg; 5296 mlen = sizeof(failmsg) - 1; 5297 5298 /* shutdown LCP if auth failed */ 5299 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 5300 sp->pp_auth_failures++; 5301 } 5302 5303 sppp_auth_send(cp, sp, type, rconfid, 5304 mlen, (const u_char *)msg, 0); 5305 } 5306 5307 /* 5308 * Send keepalive packets, every 10 seconds. 5309 */ 5310 static void 5311 sppp_keepalive(void *dummy) 5312 { 5313 struct sppp *sp; 5314 int s; 5315 time_t now; 5316 5317 SPPPQ_LOCK(); 5318 5319 s = splnet(); 5320 now = time_uptime; 5321 for (sp=spppq; sp; sp=sp->pp_next) { 5322 struct ifnet *ifp = NULL; 5323 5324 SPPP_LOCK(sp, RW_WRITER); 5325 ifp = &sp->pp_if; 5326 5327 /* check idle timeout */ 5328 if ((sp->pp_idle_timeout != 0) && (ifp->if_flags & IFF_RUNNING) 5329 && (sp->pp_phase == SPPP_PHASE_NETWORK)) { 5330 /* idle timeout is enabled for this interface */ 5331 if ((now-sp->pp_last_activity) >= sp->pp_idle_timeout) { 5332 if (ifp->if_flags & IFF_DEBUG) 5333 printf("%s: no activity for %lu seconds\n", 5334 sp->pp_if.if_xname, 5335 (unsigned long)(now-sp->pp_last_activity)); 5336 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 5337 SPPP_UNLOCK(sp); 5338 continue; 5339 } 5340 } 5341 5342 /* Keepalive mode disabled or channel down? */ 5343 if (! (sp->pp_flags & PP_KEEPALIVE) || 5344 ! (ifp->if_flags & IFF_RUNNING)) { 5345 SPPP_UNLOCK(sp); 5346 continue; 5347 } 5348 5349 /* No keepalive in PPP mode if LCP not opened yet. */ 5350 if (! (sp->pp_flags & PP_CISCO) && 5351 sp->pp_phase < SPPP_PHASE_AUTHENTICATE) { 5352 SPPP_UNLOCK(sp); 5353 continue; 5354 } 5355 5356 /* No echo reply, but maybe user data passed through? */ 5357 if ((now - sp->pp_last_receive) < sp->pp_max_noreceive) { 5358 sp->pp_alivecnt = 0; 5359 SPPP_UNLOCK(sp); 5360 continue; 5361 } 5362 5363 if (sp->pp_alivecnt >= sp->pp_maxalive) { 5364 /* No keepalive packets got. Stop the interface. */ 5365 sppp_wq_add(sp->wq_cp, &sp->work_ifdown); 5366 5367 if (! (sp->pp_flags & PP_CISCO)) { 5368 printf("%s: LCP keepalive timed out, going to restart the connection\n", 5369 ifp->if_xname); 5370 sp->pp_alivecnt = 0; 5371 5372 /* we are down, close all open protocols */ 5373 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 5374 5375 /* And now prepare LCP to reestablish the link, if configured to do so. */ 5376 sp->lcp.reestablish = true; 5377 5378 SPPP_UNLOCK(sp); 5379 continue; 5380 } 5381 } 5382 if (sp->pp_alivecnt < sp->pp_maxalive) 5383 ++sp->pp_alivecnt; 5384 if (sp->pp_flags & PP_CISCO) 5385 sppp_cisco_send(sp, CISCO_KEEPALIVE_REQ, 5386 ++sp->scp[IDX_LCP].seq, sp->scp[IDX_LCP].rseq); 5387 else if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 5388 int32_t nmagic = htonl(sp->lcp.magic); 5389 sp->lcp.echoid = ++sp->scp[IDX_LCP].seq; 5390 sppp_cp_send(sp, PPP_LCP, ECHO_REQ, 5391 sp->lcp.echoid, 4, &nmagic); 5392 } 5393 5394 SPPP_UNLOCK(sp); 5395 } 5396 splx(s); 5397 callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 5398 5399 SPPPQ_UNLOCK(); 5400 } 5401 5402 #ifdef INET 5403 /* 5404 * Get both IP addresses. 5405 */ 5406 static void 5407 sppp_get_ip_addrs(struct sppp *sp, uint32_t *src, uint32_t *dst, uint32_t *srcmask) 5408 { 5409 struct ifnet *ifp = &sp->pp_if; 5410 struct ifaddr *ifa; 5411 struct sockaddr_in *si, *sm; 5412 uint32_t ssrc, ddst; 5413 int s; 5414 struct psref psref; 5415 5416 sm = NULL; 5417 ssrc = ddst = 0; 5418 /* 5419 * Pick the first AF_INET address from the list, 5420 * aliases don't make any sense on a p2p link anyway. 5421 */ 5422 si = 0; 5423 s = pserialize_read_enter(); 5424 IFADDR_READER_FOREACH(ifa, ifp) { 5425 if (ifa->ifa_addr->sa_family == AF_INET) { 5426 si = (struct sockaddr_in *)ifa->ifa_addr; 5427 sm = (struct sockaddr_in *)ifa->ifa_netmask; 5428 if (si) { 5429 ifa_acquire(ifa, &psref); 5430 break; 5431 } 5432 } 5433 } 5434 pserialize_read_exit(s); 5435 if (ifa) { 5436 if (si && si->sin_addr.s_addr) { 5437 ssrc = si->sin_addr.s_addr; 5438 if (srcmask) 5439 *srcmask = ntohl(sm->sin_addr.s_addr); 5440 } 5441 5442 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 5443 if (si && si->sin_addr.s_addr) 5444 ddst = si->sin_addr.s_addr; 5445 ifa_release(ifa, &psref); 5446 } 5447 5448 if (dst) *dst = ntohl(ddst); 5449 if (src) *src = ntohl(ssrc); 5450 } 5451 5452 /* 5453 * Set IP addresses. Must be called at splnet. 5454 * If an address is 0, leave it the way it is. 5455 */ 5456 static void 5457 sppp_set_ip_addrs(struct sppp *sp) 5458 { 5459 STDDCL; 5460 struct ifaddr *ifa; 5461 struct sockaddr_in *si, *dest; 5462 uint32_t myaddr = 0, hisaddr = 0; 5463 int s; 5464 5465 IFNET_LOCK(ifp); 5466 5467 /* 5468 * Pick the first AF_INET address from the list, 5469 * aliases don't make any sense on a p2p link anyway. 5470 */ 5471 si = dest = NULL; 5472 s = pserialize_read_enter(); 5473 IFADDR_READER_FOREACH(ifa, ifp) { 5474 if (ifa->ifa_addr->sa_family == AF_INET) { 5475 si = (struct sockaddr_in *)ifa->ifa_addr; 5476 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 5477 break; 5478 } 5479 } 5480 pserialize_read_exit(s); 5481 5482 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && (sp->ipcp.flags & IPCP_MYADDR_SEEN)) 5483 myaddr = sp->ipcp.req_myaddr; 5484 else if (si != NULL) 5485 myaddr = ntohl(si->sin_addr.s_addr); 5486 5487 if ((sp->ipcp.flags & IPCP_HISADDR_DYN) && (sp->ipcp.flags & IPCP_HISADDR_SEEN)) 5488 hisaddr = sp->ipcp.req_hisaddr; 5489 else if (dest != NULL) 5490 hisaddr = ntohl(dest->sin_addr.s_addr); 5491 5492 if (si != NULL && dest != NULL) { 5493 int error; 5494 struct sockaddr_in new_sin = *si; 5495 struct sockaddr_in new_dst = *dest; 5496 5497 if (myaddr != 0) 5498 new_sin.sin_addr.s_addr = htonl(myaddr); 5499 if (hisaddr != 0) { 5500 new_dst.sin_addr.s_addr = htonl(hisaddr); 5501 if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) 5502 sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr; 5503 } 5504 5505 in_addrhash_remove(ifatoia(ifa)); 5506 5507 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, &new_dst, 0); 5508 5509 in_addrhash_insert(ifatoia(ifa)); 5510 5511 if (debug && error) 5512 { 5513 log(LOG_DEBUG, "%s: %s: in_ifinit failed, error=%d\n", 5514 ifp->if_xname, __func__, error); 5515 } 5516 if (!error) { 5517 pfil_run_addrhooks(if_pfil, SIOCAIFADDR, ifa); 5518 } 5519 } 5520 5521 if (ifp->if_mtu > sp->lcp.their_mru) { 5522 sp->pp_saved_mtu = ifp->if_mtu; 5523 ifp->if_mtu = sp->lcp.their_mru; 5524 if (debug) 5525 log(LOG_DEBUG, 5526 "%s: setting MTU to %" PRIu64 " bytes\n", 5527 ifp->if_xname, ifp->if_mtu); 5528 } 5529 5530 IFNET_UNLOCK(ifp); 5531 5532 sppp_notify_con(sp); 5533 } 5534 5535 /* 5536 * Clear IP addresses. Must be called at splnet. 5537 */ 5538 static void 5539 sppp_clear_ip_addrs(struct sppp *sp) 5540 { 5541 STDDCL; 5542 struct ifaddr *ifa; 5543 struct sockaddr_in *si, *dest; 5544 int s; 5545 5546 IFNET_LOCK(ifp); 5547 5548 /* 5549 * Pick the first AF_INET address from the list, 5550 * aliases don't make any sense on a p2p link anyway. 5551 */ 5552 si = dest = NULL; 5553 s = pserialize_read_enter(); 5554 IFADDR_READER_FOREACH(ifa, ifp) { 5555 if (ifa->ifa_addr->sa_family == AF_INET) { 5556 si = (struct sockaddr_in *)ifa->ifa_addr; 5557 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 5558 break; 5559 } 5560 } 5561 pserialize_read_exit(s); 5562 5563 if (si != NULL) { 5564 struct sockaddr_in new_sin = *si; 5565 struct sockaddr_in new_dst = *dest; 5566 int error; 5567 5568 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 5569 new_sin.sin_addr.s_addr = 0; 5570 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 5571 new_dst.sin_addr.s_addr = sp->ipcp.saved_hisaddr; 5572 5573 in_addrhash_remove(ifatoia(ifa)); 5574 5575 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, &new_dst, 0); 5576 5577 in_addrhash_insert(ifatoia(ifa)); 5578 5579 if (debug && error) 5580 { 5581 log(LOG_DEBUG, "%s: %s: in_ifinit failed, error=%d\n", 5582 ifp->if_xname, __func__, error); 5583 } 5584 if (!error) { 5585 pfil_run_addrhooks(if_pfil, SIOCAIFADDR, ifa); 5586 } 5587 } 5588 5589 if (sp->pp_saved_mtu > 0) { 5590 ifp->if_mtu = sp->pp_saved_mtu; 5591 sp->pp_saved_mtu = 0; 5592 if (debug) 5593 log(LOG_DEBUG, 5594 "%s: resetting MTU to %" PRIu64 " bytes\n", 5595 ifp->if_xname, ifp->if_mtu); 5596 } 5597 5598 IFNET_UNLOCK(ifp); 5599 } 5600 #endif 5601 5602 #ifdef INET6 5603 /* 5604 * Get both IPv6 addresses. 5605 */ 5606 static void 5607 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 5608 struct in6_addr *srcmask) 5609 { 5610 struct ifnet *ifp = &sp->pp_if; 5611 struct ifaddr *ifa; 5612 struct sockaddr_in6 *si, *sm; 5613 struct in6_addr ssrc, ddst; 5614 int s; 5615 struct psref psref; 5616 5617 sm = NULL; 5618 memset(&ssrc, 0, sizeof(ssrc)); 5619 memset(&ddst, 0, sizeof(ddst)); 5620 /* 5621 * Pick the first link-local AF_INET6 address from the list, 5622 * aliases don't make any sense on a p2p link anyway. 5623 */ 5624 si = 0; 5625 s = pserialize_read_enter(); 5626 IFADDR_READER_FOREACH(ifa, ifp) { 5627 if (ifa->ifa_addr->sa_family == AF_INET6) { 5628 si = (struct sockaddr_in6 *)ifa->ifa_addr; 5629 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 5630 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) { 5631 ifa_acquire(ifa, &psref); 5632 break; 5633 } 5634 } 5635 } 5636 pserialize_read_exit(s); 5637 5638 if (ifa) { 5639 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 5640 memcpy(&ssrc, &si->sin6_addr, sizeof(ssrc)); 5641 if (srcmask) { 5642 memcpy(srcmask, &sm->sin6_addr, 5643 sizeof(*srcmask)); 5644 } 5645 } 5646 5647 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 5648 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 5649 memcpy(&ddst, &si->sin6_addr, sizeof(ddst)); 5650 ifa_release(ifa, &psref); 5651 } 5652 5653 if (dst) 5654 memcpy(dst, &ddst, sizeof(*dst)); 5655 if (src) 5656 memcpy(src, &ssrc, sizeof(*src)); 5657 } 5658 5659 #ifdef IPV6CP_MYIFID_DYN 5660 /* 5661 * Generate random ifid. 5662 */ 5663 static void 5664 sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 5665 { 5666 /* TBD */ 5667 } 5668 5669 /* 5670 * Set my IPv6 address. Must be called at splnet. 5671 */ 5672 static void 5673 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 5674 { 5675 STDDCL; 5676 struct ifaddr *ifa; 5677 struct sockaddr_in6 *sin6; 5678 int s; 5679 struct psref psref; 5680 5681 IFNET_LOCK(ifp); 5682 5683 /* 5684 * Pick the first link-local AF_INET6 address from the list, 5685 * aliases don't make any sense on a p2p link anyway. 5686 */ 5687 5688 sin6 = NULL; 5689 s = pserialize_read_enter(); 5690 IFADDR_READER_FOREACH(ifa, ifp) 5691 { 5692 if (ifa->ifa_addr->sa_family == AF_INET6) 5693 { 5694 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 5695 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 5696 ifa_acquire(ifa, &psref); 5697 break; 5698 } 5699 } 5700 } 5701 pserialize_read_exit(s); 5702 5703 if (ifa && sin6) 5704 { 5705 int error; 5706 struct sockaddr_in6 new_sin6 = *sin6; 5707 5708 memcpy(&new_sin6.sin6_addr, src, sizeof(new_sin6.sin6_addr)); 5709 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 5710 if (debug && error) 5711 { 5712 log(LOG_DEBUG, "%s: %s: in6_ifinit failed, error=%d\n", 5713 ifp->if_xname, __func__, error); 5714 } 5715 if (!error) { 5716 pfil_run_addrhooks(if_pfil, SIOCAIFADDR_IN6, ifa); 5717 } 5718 ifa_release(ifa, &psref); 5719 } 5720 5721 IFNET_UNLOCK(ifp); 5722 } 5723 #endif 5724 5725 /* 5726 * Suggest a candidate address to be used by peer. 5727 */ 5728 static void 5729 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 5730 { 5731 struct in6_addr myaddr; 5732 struct timeval tv; 5733 5734 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 5735 5736 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 5737 microtime(&tv); 5738 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 5739 myaddr.s6_addr[14] ^= 0xff; 5740 myaddr.s6_addr[15] ^= 0xff; 5741 } else { 5742 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 5743 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 5744 } 5745 if (suggest) 5746 memcpy(suggest, &myaddr, sizeof(myaddr)); 5747 } 5748 #endif /*INET6*/ 5749 5750 /* 5751 * Process ioctl requests specific to the PPP interface. 5752 * Permissions have already been checked. 5753 */ 5754 static int 5755 sppp_params(struct sppp *sp, u_long cmd, void *data) 5756 { 5757 switch (cmd) { 5758 case SPPPGETAUTHCFG: 5759 { 5760 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 5761 int error; 5762 size_t len; 5763 5764 SPPP_LOCK(sp, RW_READER); 5765 5766 cfg->myauthflags = sp->myauth.flags; 5767 cfg->hisauthflags = sp->hisauth.flags; 5768 strlcpy(cfg->ifname, sp->pp_if.if_xname, sizeof(cfg->ifname)); 5769 cfg->hisauth = 0; 5770 if (sp->hisauth.proto) 5771 cfg->hisauth = (sp->hisauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP; 5772 cfg->myauth = 0; 5773 if (sp->myauth.proto) 5774 cfg->myauth = (sp->myauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP; 5775 if (cfg->myname_length == 0) { 5776 if (sp->myauth.name != NULL) 5777 cfg->myname_length = sp->myauth.name_len + 1; 5778 } else { 5779 if (sp->myauth.name == NULL) { 5780 cfg->myname_length = 0; 5781 } else { 5782 len = sp->myauth.name_len + 1; 5783 5784 if (cfg->myname_length < len) { 5785 SPPP_UNLOCK(sp); 5786 return (ENAMETOOLONG); 5787 } 5788 error = copyout(sp->myauth.name, cfg->myname, len); 5789 if (error) { 5790 SPPP_UNLOCK(sp); 5791 return error; 5792 } 5793 } 5794 } 5795 if (cfg->hisname_length == 0) { 5796 if (sp->hisauth.name != NULL) 5797 cfg->hisname_length = sp->hisauth.name_len + 1; 5798 } else { 5799 if (sp->hisauth.name == NULL) { 5800 cfg->hisname_length = 0; 5801 } else { 5802 len = sp->hisauth.name_len + 1; 5803 5804 if (cfg->hisname_length < len) { 5805 SPPP_UNLOCK(sp); 5806 return (ENAMETOOLONG); 5807 } 5808 error = copyout(sp->hisauth.name, cfg->hisname, len); 5809 if (error) { 5810 SPPP_UNLOCK(sp); 5811 return error; 5812 } 5813 } 5814 } 5815 SPPP_UNLOCK(sp); 5816 } 5817 break; 5818 case SPPPSETAUTHCFG: 5819 { 5820 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 5821 int error; 5822 5823 SPPP_LOCK(sp, RW_WRITER); 5824 5825 if (sp->myauth.name) { 5826 free(sp->myauth.name, M_DEVBUF); 5827 sp->myauth.name = NULL; 5828 } 5829 if (sp->myauth.secret) { 5830 free(sp->myauth.secret, M_DEVBUF); 5831 sp->myauth.secret = NULL; 5832 } 5833 if (sp->hisauth.name) { 5834 free(sp->hisauth.name, M_DEVBUF); 5835 sp->hisauth.name = NULL; 5836 } 5837 if (sp->hisauth.secret) { 5838 free(sp->hisauth.secret, M_DEVBUF); 5839 sp->hisauth.secret = NULL; 5840 } 5841 5842 if (cfg->hisname != NULL && cfg->hisname_length > 0) { 5843 if (cfg->hisname_length >= MCLBYTES) { 5844 SPPP_UNLOCK(sp); 5845 return (ENAMETOOLONG); 5846 } 5847 sp->hisauth.name = malloc(cfg->hisname_length, M_DEVBUF, M_WAITOK); 5848 error = copyin(cfg->hisname, sp->hisauth.name, cfg->hisname_length); 5849 if (error) { 5850 free(sp->hisauth.name, M_DEVBUF); 5851 sp->hisauth.name = NULL; 5852 SPPP_UNLOCK(sp); 5853 return error; 5854 } 5855 sp->hisauth.name_len = cfg->hisname_length - 1; 5856 sp->hisauth.name[sp->hisauth.name_len] = 0; 5857 } 5858 if (cfg->hissecret != NULL && cfg->hissecret_length > 0) { 5859 if (cfg->hissecret_length >= MCLBYTES) { 5860 SPPP_UNLOCK(sp); 5861 return (ENAMETOOLONG); 5862 } 5863 sp->hisauth.secret = malloc(cfg->hissecret_length, 5864 M_DEVBUF, M_WAITOK); 5865 error = copyin(cfg->hissecret, sp->hisauth.secret, 5866 cfg->hissecret_length); 5867 if (error) { 5868 free(sp->hisauth.secret, M_DEVBUF); 5869 sp->hisauth.secret = NULL; 5870 SPPP_UNLOCK(sp); 5871 return error; 5872 } 5873 sp->hisauth.secret_len = cfg->hissecret_length - 1; 5874 sp->hisauth.secret[sp->hisauth.secret_len] = 0; 5875 } 5876 if (cfg->myname != NULL && cfg->myname_length > 0) { 5877 if (cfg->myname_length >= MCLBYTES) { 5878 SPPP_UNLOCK(sp); 5879 return (ENAMETOOLONG); 5880 } 5881 sp->myauth.name = malloc(cfg->myname_length, M_DEVBUF, M_WAITOK); 5882 error = copyin(cfg->myname, sp->myauth.name, cfg->myname_length); 5883 if (error) { 5884 free(sp->myauth.name, M_DEVBUF); 5885 sp->myauth.name = NULL; 5886 SPPP_UNLOCK(sp); 5887 return error; 5888 } 5889 sp->myauth.name_len = cfg->myname_length - 1; 5890 sp->myauth.name[sp->myauth.name_len] = 0; 5891 } 5892 if (cfg->mysecret != NULL && cfg->mysecret_length > 0) { 5893 if (cfg->mysecret_length >= MCLBYTES) { 5894 SPPP_UNLOCK(sp); 5895 return (ENAMETOOLONG); 5896 } 5897 sp->myauth.secret = malloc(cfg->mysecret_length, 5898 M_DEVBUF, M_WAITOK); 5899 error = copyin(cfg->mysecret, sp->myauth.secret, 5900 cfg->mysecret_length); 5901 if (error) { 5902 free(sp->myauth.secret, M_DEVBUF); 5903 sp->myauth.secret = NULL; 5904 SPPP_UNLOCK(sp); 5905 return error; 5906 } 5907 sp->myauth.secret_len = cfg->mysecret_length - 1; 5908 sp->myauth.secret[sp->myauth.secret_len] = 0; 5909 } 5910 sp->myauth.flags = cfg->myauthflags; 5911 if (cfg->myauth) 5912 sp->myauth.proto = (cfg->myauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP; 5913 sp->hisauth.flags = cfg->hisauthflags; 5914 if (cfg->hisauth) 5915 sp->hisauth.proto = (cfg->hisauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP; 5916 sp->pp_auth_failures = 0; 5917 if (sp->hisauth.proto != 0) 5918 SET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO); 5919 else 5920 CLR(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO); 5921 5922 SPPP_UNLOCK(sp); 5923 } 5924 break; 5925 case SPPPGETLCPCFG: 5926 { 5927 struct sppplcpcfg *lcpp = (struct sppplcpcfg *)data; 5928 5929 SPPP_LOCK(sp, RW_READER); 5930 lcpp->lcp_timeout = sp->lcp.timeout; 5931 SPPP_UNLOCK(sp); 5932 } 5933 break; 5934 case SPPPSETLCPCFG: 5935 { 5936 struct sppplcpcfg *lcpp = (struct sppplcpcfg *)data; 5937 5938 SPPP_LOCK(sp, RW_WRITER); 5939 sp->lcp.timeout = lcpp->lcp_timeout; 5940 SPPP_UNLOCK(sp); 5941 } 5942 break; 5943 case SPPPGETSTATUS: 5944 { 5945 struct spppstatus *status = (struct spppstatus *)data; 5946 5947 SPPP_LOCK(sp, RW_READER); 5948 status->phase = sp->pp_phase; 5949 SPPP_UNLOCK(sp); 5950 } 5951 break; 5952 case SPPPGETSTATUSNCP: 5953 { 5954 struct spppstatusncp *status = (struct spppstatusncp *)data; 5955 5956 SPPP_LOCK(sp, RW_READER); 5957 status->phase = sp->pp_phase; 5958 status->ncpup = sppp_cp_check(sp, CP_NCP); 5959 SPPP_UNLOCK(sp); 5960 } 5961 break; 5962 case SPPPGETIDLETO: 5963 { 5964 struct spppidletimeout *to = (struct spppidletimeout *)data; 5965 5966 SPPP_LOCK(sp, RW_READER); 5967 to->idle_seconds = sp->pp_idle_timeout; 5968 SPPP_UNLOCK(sp); 5969 } 5970 break; 5971 case SPPPSETIDLETO: 5972 { 5973 struct spppidletimeout *to = (struct spppidletimeout *)data; 5974 5975 SPPP_LOCK(sp, RW_WRITER); 5976 sp->pp_idle_timeout = to->idle_seconds; 5977 SPPP_UNLOCK(sp); 5978 } 5979 break; 5980 case SPPPSETAUTHFAILURE: 5981 { 5982 struct spppauthfailuresettings *afsettings = 5983 (struct spppauthfailuresettings *)data; 5984 5985 SPPP_LOCK(sp, RW_WRITER); 5986 sp->pp_max_auth_fail = afsettings->max_failures; 5987 sp->pp_auth_failures = 0; 5988 SPPP_UNLOCK(sp); 5989 } 5990 break; 5991 case SPPPGETAUTHFAILURES: 5992 { 5993 struct spppauthfailurestats *stats = (struct spppauthfailurestats *)data; 5994 5995 SPPP_LOCK(sp, RW_READER); 5996 stats->auth_failures = sp->pp_auth_failures; 5997 stats->max_failures = sp->pp_max_auth_fail; 5998 SPPP_UNLOCK(sp); 5999 } 6000 break; 6001 case SPPPSETDNSOPTS: 6002 { 6003 struct spppdnssettings *req = (struct spppdnssettings *)data; 6004 6005 SPPP_LOCK(sp, RW_WRITER); 6006 sp->query_dns = req->query_dns & 3; 6007 SPPP_UNLOCK(sp); 6008 } 6009 break; 6010 case SPPPGETDNSOPTS: 6011 { 6012 struct spppdnssettings *req = (struct spppdnssettings *)data; 6013 6014 SPPP_LOCK(sp, RW_READER); 6015 req->query_dns = sp->query_dns; 6016 SPPP_UNLOCK(sp); 6017 } 6018 break; 6019 case SPPPGETDNSADDRS: 6020 { 6021 struct spppdnsaddrs *addrs = (struct spppdnsaddrs *)data; 6022 6023 SPPP_LOCK(sp, RW_READER); 6024 memcpy(&addrs->dns, &sp->dns_addrs, sizeof addrs->dns); 6025 SPPP_UNLOCK(sp); 6026 } 6027 break; 6028 case SPPPGETKEEPALIVE: 6029 { 6030 struct spppkeepalivesettings *settings = 6031 (struct spppkeepalivesettings*)data; 6032 6033 SPPP_LOCK(sp, RW_READER); 6034 settings->maxalive = sp->pp_maxalive; 6035 settings->max_noreceive = sp->pp_max_noreceive; 6036 SPPP_UNLOCK(sp); 6037 } 6038 break; 6039 case SPPPSETKEEPALIVE: 6040 { 6041 struct spppkeepalivesettings *settings = 6042 (struct spppkeepalivesettings*)data; 6043 6044 SPPP_LOCK(sp, RW_WRITER); 6045 sp->pp_maxalive = settings->maxalive; 6046 sp->pp_max_noreceive = settings->max_noreceive; 6047 SPPP_UNLOCK(sp); 6048 } 6049 break; 6050 case SPPPGETLCPSTATUS: 6051 { 6052 struct sppplcpstatus *status = 6053 (struct sppplcpstatus *)data; 6054 6055 SPPP_LOCK(sp, RW_READER); 6056 status->state = sp->scp[IDX_LCP].state; 6057 status->opts = sp->lcp.opts; 6058 status->magic = sp->lcp.magic; 6059 status->mru = sp->lcp.mru; 6060 SPPP_UNLOCK(sp); 6061 } 6062 break; 6063 case SPPPGETIPCPSTATUS: 6064 { 6065 struct spppipcpstatus *status = 6066 (struct spppipcpstatus *)data; 6067 u_int32_t myaddr; 6068 6069 SPPP_LOCK(sp, RW_READER); 6070 status->state = sp->scp[IDX_IPCP].state; 6071 status->opts = sp->ipcp.opts; 6072 #ifdef INET 6073 kpreempt_disable(); 6074 sppp_get_ip_addrs(sp, &myaddr, 0, 0); 6075 kpreempt_enable(); 6076 #else 6077 myaddr = 0; 6078 #endif 6079 status->myaddr = ntohl(myaddr); 6080 SPPP_UNLOCK(sp); 6081 } 6082 break; 6083 case SPPPGETIPV6CPSTATUS: 6084 { 6085 struct spppipv6cpstatus *status = 6086 (struct spppipv6cpstatus *)data; 6087 6088 SPPP_LOCK(sp, RW_READER); 6089 status->state = sp->scp[IDX_IPV6CP].state; 6090 memcpy(status->my_ifid, sp->ipv6cp.my_ifid, 6091 sizeof(status->my_ifid)); 6092 memcpy(status->his_ifid, sp->ipv6cp.his_ifid, 6093 sizeof(status->his_ifid)); 6094 SPPP_UNLOCK(sp); 6095 } 6096 break; 6097 default: 6098 { 6099 int ret; 6100 6101 MODULE_HOOK_CALL(sppp_params_50_hook, (sp, cmd, data), 6102 enosys(), ret); 6103 if (ret != ENOSYS) 6104 return ret; 6105 return (EINVAL); 6106 } 6107 } 6108 return (0); 6109 } 6110 6111 static void 6112 sppp_phase_network(struct sppp *sp) 6113 { 6114 int i; 6115 6116 KASSERT(SPPP_WLOCKED(sp)); 6117 6118 sppp_change_phase(sp, SPPP_PHASE_NETWORK); 6119 6120 /* Notify NCPs now. */ 6121 for (i = 0; i < IDX_COUNT; i++) 6122 if ((cps[i])->flags & CP_NCP) 6123 sppp_wq_add(sp->wq_cp, &sp->scp[i].work_open); 6124 } 6125 6126 static const char * 6127 sppp_cp_type_name(u_char type) 6128 { 6129 static char buf[12]; 6130 switch (type) { 6131 case CONF_REQ: return "conf-req"; 6132 case CONF_ACK: return "conf-ack"; 6133 case CONF_NAK: return "conf-nak"; 6134 case CONF_REJ: return "conf-rej"; 6135 case TERM_REQ: return "term-req"; 6136 case TERM_ACK: return "term-ack"; 6137 case CODE_REJ: return "code-rej"; 6138 case PROTO_REJ: return "proto-rej"; 6139 case ECHO_REQ: return "echo-req"; 6140 case ECHO_REPLY: return "echo-reply"; 6141 case DISC_REQ: return "discard-req"; 6142 } 6143 snprintf(buf, sizeof(buf), "0x%x", type); 6144 return buf; 6145 } 6146 6147 static const char * 6148 sppp_auth_type_name(u_short proto, u_char type) 6149 { 6150 static char buf[32]; 6151 const char *name; 6152 6153 switch (proto) { 6154 case PPP_CHAP: 6155 switch (type) { 6156 case CHAP_CHALLENGE: return "challenge"; 6157 case CHAP_RESPONSE: return "response"; 6158 case CHAP_SUCCESS: return "success"; 6159 case CHAP_FAILURE: return "failure"; 6160 default: name = "chap"; break; 6161 } 6162 break; 6163 6164 case PPP_PAP: 6165 switch (type) { 6166 case PAP_REQ: return "req"; 6167 case PAP_ACK: return "ack"; 6168 case PAP_NAK: return "nak"; 6169 default: name = "pap"; break; 6170 } 6171 break; 6172 6173 default: 6174 name = "bad"; 6175 break; 6176 } 6177 6178 snprintf(buf, sizeof(buf), "%s(%#x) %#x", name, proto, type); 6179 return buf; 6180 } 6181 6182 static const char * 6183 sppp_lcp_opt_name(u_char opt) 6184 { 6185 static char buf[12]; 6186 switch (opt) { 6187 case LCP_OPT_MRU: return "mru"; 6188 case LCP_OPT_ASYNC_MAP: return "async-map"; 6189 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 6190 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 6191 case LCP_OPT_MAGIC: return "magic"; 6192 case LCP_OPT_PROTO_COMP: return "proto-comp"; 6193 case LCP_OPT_ADDR_COMP: return "addr-comp"; 6194 case LCP_OPT_SELF_DESC_PAD: return "sdpad"; 6195 case LCP_OPT_CALL_BACK: return "callback"; 6196 case LCP_OPT_COMPOUND_FRMS: return "cmpd-frms"; 6197 case LCP_OPT_MP_MRRU: return "mrru"; 6198 case LCP_OPT_MP_SSNHF: return "mp-ssnhf"; 6199 case LCP_OPT_MP_EID: return "mp-eid"; 6200 } 6201 snprintf(buf, sizeof(buf), "0x%x", opt); 6202 return buf; 6203 } 6204 6205 static const char * 6206 sppp_ipcp_opt_name(u_char opt) 6207 { 6208 static char buf[12]; 6209 switch (opt) { 6210 case IPCP_OPT_ADDRESSES: return "addresses"; 6211 case IPCP_OPT_COMPRESSION: return "compression"; 6212 case IPCP_OPT_ADDRESS: return "address"; 6213 } 6214 snprintf(buf, sizeof(buf), "0x%x", opt); 6215 return buf; 6216 } 6217 6218 #ifdef INET6 6219 static const char * 6220 sppp_ipv6cp_opt_name(u_char opt) 6221 { 6222 static char buf[12]; 6223 switch (opt) { 6224 case IPV6CP_OPT_IFID: return "ifid"; 6225 case IPV6CP_OPT_COMPRESSION: return "compression"; 6226 } 6227 snprintf(buf, sizeof(buf), "0x%x", opt); 6228 return buf; 6229 } 6230 #endif 6231 6232 static const char * 6233 sppp_state_name(int state) 6234 { 6235 switch (state) { 6236 case STATE_INITIAL: return "initial"; 6237 case STATE_STARTING: return "starting"; 6238 case STATE_CLOSED: return "closed"; 6239 case STATE_STOPPED: return "stopped"; 6240 case STATE_CLOSING: return "closing"; 6241 case STATE_STOPPING: return "stopping"; 6242 case STATE_REQ_SENT: return "req-sent"; 6243 case STATE_ACK_RCVD: return "ack-rcvd"; 6244 case STATE_ACK_SENT: return "ack-sent"; 6245 case STATE_OPENED: return "opened"; 6246 } 6247 return "illegal"; 6248 } 6249 6250 static const char * 6251 sppp_phase_name(int phase) 6252 { 6253 switch (phase) { 6254 case SPPP_PHASE_DEAD: return "dead"; 6255 case SPPP_PHASE_ESTABLISH: return "establish"; 6256 case SPPP_PHASE_TERMINATE: return "terminate"; 6257 case SPPP_PHASE_AUTHENTICATE: return "authenticate"; 6258 case SPPP_PHASE_NETWORK: return "network"; 6259 } 6260 return "illegal"; 6261 } 6262 6263 static const char * 6264 sppp_proto_name(u_short proto) 6265 { 6266 static char buf[12]; 6267 switch (proto) { 6268 case PPP_LCP: return "lcp"; 6269 case PPP_IPCP: return "ipcp"; 6270 case PPP_PAP: return "pap"; 6271 case PPP_CHAP: return "chap"; 6272 case PPP_IPV6CP: return "ipv6cp"; 6273 } 6274 snprintf(buf, sizeof(buf), "0x%x", (unsigned)proto); 6275 return buf; 6276 } 6277 6278 static void 6279 sppp_print_bytes(const u_char *p, u_short len) 6280 { 6281 addlog(" %02x", *p++); 6282 while (--len > 0) 6283 addlog("-%02x", *p++); 6284 } 6285 6286 static void 6287 sppp_print_string(const char *p, u_short len) 6288 { 6289 u_char c; 6290 6291 while (len-- > 0) { 6292 c = *p++; 6293 /* 6294 * Print only ASCII chars directly. RFC 1994 recommends 6295 * using only them, but we don't rely on it. */ 6296 if (c < ' ' || c > '~') 6297 addlog("\\x%x", c); 6298 else 6299 addlog("%c", c); 6300 } 6301 } 6302 6303 static const char * 6304 sppp_dotted_quad(uint32_t addr) 6305 { 6306 static char s[16]; 6307 snprintf(s, sizeof(s), "%d.%d.%d.%d", 6308 (int)((addr >> 24) & 0xff), 6309 (int)((addr >> 16) & 0xff), 6310 (int)((addr >> 8) & 0xff), 6311 (int)(addr & 0xff)); 6312 return s; 6313 } 6314 6315 /* a dummy, used to drop uninteresting events */ 6316 static void 6317 sppp_null(struct sppp *unused) 6318 { 6319 /* do just nothing */ 6320 } 6321 6322 static void 6323 sppp_tls(const struct cp *cp, struct sppp *sp) 6324 { 6325 6326 /* notify lcp that is lower layer */ 6327 sp->lcp.protos |= (1 << cp->protoidx); 6328 6329 if (sp->scp[IDX_LCP].state == STATE_OPENED) 6330 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_up); 6331 } 6332 6333 static void 6334 sppp_tlf(const struct cp *cp, struct sppp *sp) 6335 { 6336 STDDCL; 6337 6338 if (debug) 6339 log(LOG_DEBUG, "%s: %s tlf\n", ifp->if_xname, cp->name); 6340 6341 /* notify lcp that is lower layer */ 6342 sp->lcp.protos &= ~(1 << cp->protoidx); 6343 6344 /* cleanup */ 6345 if (sp->scp[cp->protoidx].rcr_buf != NULL) { 6346 kmem_free(sp->scp[cp->protoidx].rcr_buf, 6347 sp->scp[cp->protoidx].rcr_blen); 6348 } 6349 6350 sp->scp[cp->protoidx].rcr_buf = NULL; 6351 sp->scp[cp->protoidx].rcr_blen = 0; 6352 sp->scp[cp->protoidx].rcr_rlen = 0; 6353 6354 sppp_lcp_check_and_close(sp); 6355 } 6356 6357 static void 6358 sppp_sca_scn(const struct cp *cp, struct sppp *sp) 6359 { 6360 STDDCL; 6361 u_char rconfid, rlen; 6362 int type; 6363 void *buf; 6364 size_t blen; 6365 6366 rconfid = sp->scp[cp->protoidx].rconfid; 6367 buf = sp->scp[cp->protoidx].rcr_buf; 6368 rlen = sp->scp[cp->protoidx].rcr_rlen; 6369 blen = sp->scp[cp->protoidx].rcr_blen; 6370 6371 sp->scp[cp->protoidx].rcr_buf = NULL; 6372 sp->scp[cp->protoidx].rcr_blen = 0; 6373 6374 switch (sp->scp[cp->protoidx].rcr_type) { 6375 case CP_RCR_ACK: 6376 type = CONF_ACK; 6377 break; 6378 case CP_RCR_REJ: 6379 type = CONF_REJ; 6380 break; 6381 case CP_RCR_NAK: 6382 type = CONF_NAK; 6383 break; 6384 default: 6385 type = -1; 6386 break; 6387 } 6388 6389 sp->scp[cp->protoidx].rcr_type = CP_RCR_NONE; 6390 6391 if (buf != NULL) { 6392 if (rlen > 0 && type != -1) { 6393 if (debug) { 6394 log(LOG_DEBUG, "%s: send %s\n", 6395 ifp->if_xname, sppp_cp_type_name(type)); 6396 } 6397 sppp_cp_send(sp, cp->proto, type, rconfid, rlen, buf); 6398 } 6399 kmem_free(buf, blen); 6400 } 6401 } 6402 6403 static void 6404 sppp_ifdown(struct sppp *sp, void *xcp __unused) 6405 { 6406 6407 SPPP_UNLOCK(sp); 6408 if_down(&sp->pp_if); 6409 IF_PURGE(&sp->pp_cpq); 6410 SPPP_LOCK(sp, RW_WRITER); 6411 } 6412 6413 static void 6414 sppp_notify_up(struct sppp *sp) 6415 { 6416 6417 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_up); 6418 } 6419 6420 static void 6421 sppp_notify_down(struct sppp *sp) 6422 { 6423 6424 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_down); 6425 } 6426 6427 static void 6428 sppp_notify_tls_wlocked(struct sppp *sp) 6429 { 6430 6431 KASSERT(SPPP_WLOCKED(sp)); 6432 6433 if (!sp->pp_tls) 6434 return; 6435 6436 SPPP_UNLOCK(sp); 6437 sp->pp_tls(sp); 6438 SPPP_LOCK(sp, RW_WRITER); 6439 } 6440 6441 static void 6442 sppp_notify_tlf_wlocked(struct sppp *sp) 6443 { 6444 6445 KASSERT(SPPP_WLOCKED(sp)); 6446 6447 if (!sp->pp_tlf) 6448 return; 6449 6450 SPPP_UNLOCK(sp); 6451 sp->pp_tlf(sp); 6452 SPPP_LOCK(sp, RW_WRITER); 6453 } 6454 6455 static void 6456 sppp_notify_con(struct sppp *sp) 6457 { 6458 6459 if (!sp->pp_con) 6460 return; 6461 6462 sp->pp_con(sp); 6463 } 6464 6465 #ifdef INET6 6466 static void 6467 sppp_notify_con_wlocked(struct sppp *sp) 6468 { 6469 6470 KASSERT(SPPP_WLOCKED(sp)); 6471 6472 SPPP_UNLOCK(sp); 6473 sppp_notify_con(sp); 6474 SPPP_LOCK(sp, RW_WRITER); 6475 6476 } 6477 #endif 6478 6479 static void 6480 sppp_notify_chg_wlocked(struct sppp *sp) 6481 { 6482 6483 KASSERT(SPPP_WLOCKED(sp)); 6484 6485 if (!sp->pp_chg) 6486 return; 6487 6488 SPPP_UNLOCK(sp); 6489 sp->pp_chg(sp, sp->pp_phase); 6490 SPPP_LOCK(sp, RW_WRITER); 6491 } 6492 6493 static void 6494 sppp_wq_work(struct work *wk, void *xsp) 6495 { 6496 struct sppp *sp; 6497 struct sppp_work *work; 6498 6499 sp = xsp; 6500 work = container_of(wk, struct sppp_work, work); 6501 atomic_cas_uint(&work->state, SPPP_WK_BUSY, SPPP_WK_FREE); 6502 6503 SPPP_LOCK(sp, RW_WRITER); 6504 work->func(sp, work->arg); 6505 SPPP_UNLOCK(sp); 6506 } 6507 6508 static struct workqueue * 6509 sppp_wq_create(struct sppp *sp, const char *xnamebuf, pri_t prio, int ipl, int flags) 6510 { 6511 struct workqueue *wq; 6512 int error; 6513 6514 error = workqueue_create(&wq, xnamebuf, sppp_wq_work, 6515 (void *)sp, prio, ipl, flags); 6516 if (error) { 6517 panic("%s: workqueue_create failed [%s, %d]\n", 6518 sp->pp_if.if_xname, xnamebuf, error); 6519 } 6520 6521 return wq; 6522 } 6523 6524 static void 6525 sppp_wq_destroy(struct sppp *sp __unused, struct workqueue *wq) 6526 { 6527 6528 workqueue_destroy(wq); 6529 } 6530 6531 static void 6532 sppp_wq_set(struct sppp_work *work, 6533 void (*func)(struct sppp *, void *), void *arg) 6534 { 6535 6536 work->func = func; 6537 work->arg = arg; 6538 } 6539 6540 static void 6541 sppp_wq_add(struct workqueue *wq, struct sppp_work *work) 6542 { 6543 6544 if (atomic_cas_uint(&work->state, SPPP_WK_FREE, SPPP_WK_BUSY) 6545 != SPPP_WK_FREE) 6546 return; 6547 6548 KASSERT(work->func != NULL); 6549 kpreempt_disable(); 6550 workqueue_enqueue(wq, &work->work, NULL); 6551 kpreempt_enable(); 6552 } 6553 static void 6554 sppp_wq_wait(struct workqueue *wq, struct sppp_work *work) 6555 { 6556 6557 atomic_swap_uint(&work->state, SPPP_WK_UNAVAIL); 6558 workqueue_wait(wq, &work->work); 6559 } 6560 6561 /* 6562 * This file is large. Tell emacs to highlight it nevertheless. 6563 * 6564 * Local Variables: 6565 * hilit-auto-highlight-maxout: 120000 6566 * End: 6567 */ 6568 6569 /* 6570 * Module glue 6571 */ 6572 MODULE(MODULE_CLASS_MISC, sppp_subr, NULL); 6573 6574 static int 6575 sppp_subr_modcmd(modcmd_t cmd, void *arg) 6576 { 6577 6578 switch (cmd) { 6579 case MODULE_CMD_INIT: 6580 case MODULE_CMD_FINI: 6581 return 0; 6582 case MODULE_CMD_STAT: 6583 case MODULE_CMD_AUTOUNLOAD: 6584 default: 6585 return ENOTTY; 6586 } 6587 } 6588