1 /* $NetBSD: if_spppsubr.c,v 1.268 2024/02/17 15:47:39 martin Exp $ */ 2 3 /* 4 * Synchronous PPP/Cisco link level subroutines. 5 * Keepalive protocol implemented in both Cisco and PPP modes. 6 * 7 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 8 * Author: Serge Vakulenko, <vak@cronyx.ru> 9 * 10 * Heavily revamped to conform to RFC 1661. 11 * Copyright (C) 1997, Joerg Wunsch. 12 * 13 * RFC2472 IPv6CP support. 14 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun@iijlab.net>. 15 * 16 * Redistribution and use in source and binary forms, with or without 17 * modification, are permitted provided that the following conditions are met: 18 * 1. Redistributions of source code must retain the above copyright notice, 19 * this list of conditions and the following disclaimer. 20 * 2. Redistributions in binary form must reproduce the above copyright notice, 21 * this list of conditions and the following disclaimer in the documentation 22 * and/or other materials provided with the distribution. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY 25 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE 28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 32 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 34 * POSSIBILITY OF SUCH DAMAGE. 35 * 36 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 37 * 38 * From: if_spppsubr.c,v 1.39 1998/04/04 13:26:03 phk Exp 39 * 40 * From: Id: if_spppsubr.c,v 1.23 1999/02/23 14:47:50 hm Exp 41 */ 42 43 #include <sys/cdefs.h> 44 __KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.268 2024/02/17 15:47:39 martin Exp $"); 45 46 #if defined(_KERNEL_OPT) 47 #include "opt_inet.h" 48 #include "opt_modular.h" 49 #include "opt_compat_netbsd.h" 50 #include "opt_net_mpsafe.h" 51 #include "opt_sppp.h" 52 #endif 53 54 #include <sys/param.h> 55 #include <sys/proc.h> 56 #include <sys/systm.h> 57 #include <sys/kernel.h> 58 #include <sys/sockio.h> 59 #include <sys/socket.h> 60 #include <sys/syslog.h> 61 #include <sys/malloc.h> 62 #include <sys/mbuf.h> 63 #include <sys/callout.h> 64 #include <sys/md5.h> 65 #include <sys/inttypes.h> 66 #include <sys/kauth.h> 67 #include <sys/cprng.h> 68 #include <sys/module.h> 69 #include <sys/workqueue.h> 70 #include <sys/atomic.h> 71 #include <sys/compat_stub.h> 72 #include <sys/cpu.h> 73 74 #include <net/if.h> 75 #include <net/if_types.h> 76 #include <net/route.h> 77 #include <net/ppp_defs.h> 78 79 #include <netinet/in.h> 80 #include <netinet/in_systm.h> 81 #include <netinet/in_var.h> 82 #ifdef INET 83 #include <netinet/ip.h> 84 #include <netinet/tcp.h> 85 #endif 86 #include <net/ethertypes.h> 87 88 #ifdef INET6 89 #include <netinet6/scope6_var.h> 90 #endif 91 92 #include <net/if_sppp.h> 93 #include <net/if_spppvar.h> 94 95 #ifdef NET_MPSAFE 96 #define SPPPSUBR_MPSAFE 1 97 #endif 98 99 #define DEFAULT_KEEPALIVE_INTERVAL 10 /* seconds between checks */ 100 #define DEFAULT_ALIVE_INTERVAL 1 /* count of sppp_keepalive */ 101 #define LOOPALIVECNT 3 /* loopback detection tries */ 102 #define DEFAULT_MAXALIVECNT 3 /* max. missed alive packets */ 103 #define DEFAULT_NORECV_TIME 15 /* before we get worried */ 104 #define DEFAULT_MAX_AUTH_FAILURES 5 /* max. auth. failures */ 105 106 #ifndef SPPP_KEEPALIVE_INTERVAL 107 #define SPPP_KEEPALIVE_INTERVAL DEFAULT_KEEPALIVE_INTERVAL 108 #endif 109 110 #ifndef SPPP_NORECV_TIME 111 #define SPPP_NORECV_TIME DEFAULT_NORECV_TIME 112 #endif 113 114 #ifndef SPPP_ALIVE_INTERVAL 115 #define SPPP_ALIVE_INTERVAL DEFAULT_ALIVE_INTERVAL 116 #endif 117 118 #define SPPP_CPTYPE_NAMELEN 5 /* buf size of cp type name */ 119 #define SPPP_AUTHTYPE_NAMELEN 32 /* buf size of auth type name */ 120 #define SPPP_LCPOPT_NAMELEN 5 /* buf size of lcp option name */ 121 #define SPPP_IPCPOPT_NAMELEN 5 /* buf size of ipcp option name */ 122 #define SPPP_IPV6CPOPT_NAMELEN 5 /* buf size of ipv6cp option name */ 123 #define SPPP_PROTO_NAMELEN 7 /* buf size of protocol name */ 124 #define SPPP_DOTQUAD_BUFLEN 16 /* length of "aa.bb.cc.dd" */ 125 126 /* 127 * Interface flags that can be set in an ifconfig command. 128 * 129 * Setting link0 will make the link passive, i.e. it will be marked 130 * as being administrative openable, but won't be opened to begin 131 * with. Incoming calls will be answered, or subsequent calls with 132 * -link1 will cause the administrative open of the LCP layer. 133 * 134 * Setting link1 will cause the link to auto-dial only as packets 135 * arrive to be sent. 136 * 137 * Setting IFF_DEBUG will syslog the option negotiation and state 138 * transitions at level kern.debug. Note: all logs consistently look 139 * like 140 * 141 * <if-name><unit>: <proto-name> <additional info...> 142 * 143 * with <if-name><unit> being something like "bppp0", and <proto-name> 144 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 145 */ 146 147 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 148 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 149 150 #define CONF_REQ 1 /* PPP configure request */ 151 #define CONF_ACK 2 /* PPP configure acknowledge */ 152 #define CONF_NAK 3 /* PPP configure negative ack */ 153 #define CONF_REJ 4 /* PPP configure reject */ 154 #define TERM_REQ 5 /* PPP terminate request */ 155 #define TERM_ACK 6 /* PPP terminate acknowledge */ 156 #define CODE_REJ 7 /* PPP code reject */ 157 #define PROTO_REJ 8 /* PPP protocol reject */ 158 #define ECHO_REQ 9 /* PPP echo request */ 159 #define ECHO_REPLY 10 /* PPP echo reply */ 160 #define DISC_REQ 11 /* PPP discard request */ 161 162 #define LCP_OPT_MRU 1 /* maximum receive unit */ 163 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 164 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 165 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 166 #define LCP_OPT_MAGIC 5 /* magic number */ 167 #define LCP_OPT_RESERVED 6 /* reserved */ 168 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 169 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 170 #define LCP_OPT_FCS_ALTS 9 /* FCS alternatives */ 171 #define LCP_OPT_SELF_DESC_PAD 10 /* self-describing padding */ 172 #define LCP_OPT_CALL_BACK 13 /* callback */ 173 #define LCP_OPT_COMPOUND_FRMS 15 /* compound frames */ 174 #define LCP_OPT_MP_MRRU 17 /* multilink MRRU */ 175 #define LCP_OPT_MP_SSNHF 18 /* multilink short seq. numbers */ 176 #define LCP_OPT_MP_EID 19 /* multilink endpoint discriminator */ 177 178 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 179 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol */ 180 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 181 #define IPCP_OPT_PRIMDNS 129 /* primary remote dns address */ 182 #define IPCP_OPT_SECDNS 131 /* secondary remote dns address */ 183 184 #define IPCP_UPDATE_LIMIT 8 /* limit of pending IP updating job */ 185 #define IPCP_SET_ADDRS 1 /* marker for IP address setting job */ 186 #define IPCP_CLEAR_ADDRS 2 /* marker for IP address clearing job */ 187 188 #define IPV6CP_OPT_IFID 1 /* interface identifier */ 189 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 190 191 #define PAP_REQ 1 /* PAP name/password request */ 192 #define PAP_ACK 2 /* PAP acknowledge */ 193 #define PAP_NAK 3 /* PAP fail */ 194 195 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 196 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 197 #define CHAP_SUCCESS 3 /* CHAP response ok */ 198 #define CHAP_FAILURE 4 /* CHAP response failed */ 199 200 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 201 202 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 203 #define CISCO_UNICAST 0x0f /* Cisco unicast address */ 204 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 205 #define CISCO_ADDR_REQ 0 /* Cisco address request */ 206 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 207 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 208 209 #define PPP_NOPROTO 0 /* no authentication protocol */ 210 211 enum { 212 STATE_INITIAL = SPPP_STATE_INITIAL, 213 STATE_STARTING = SPPP_STATE_STARTING, 214 STATE_CLOSED = SPPP_STATE_CLOSED, 215 STATE_STOPPED = SPPP_STATE_STOPPED, 216 STATE_CLOSING = SPPP_STATE_CLOSING, 217 STATE_STOPPING = SPPP_STATE_STOPPING, 218 STATE_REQ_SENT = SPPP_STATE_REQ_SENT, 219 STATE_ACK_RCVD = SPPP_STATE_ACK_RCVD, 220 STATE_ACK_SENT = SPPP_STATE_ACK_SENT, 221 STATE_OPENED = SPPP_STATE_OPENED, 222 }; 223 224 enum cp_rcr_type { 225 CP_RCR_NONE = 0, /* initial value */ 226 CP_RCR_ACK, /* RCR+ */ 227 CP_RCR_NAK, /* RCR- */ 228 CP_RCR_REJ, /* RCR- */ 229 CP_RCR_DROP, /* DROP message */ 230 CP_RCR_ERR, /* internal error */ 231 }; 232 233 struct ppp_header { 234 uint8_t address; 235 uint8_t control; 236 uint16_t protocol; 237 } __packed; 238 #define PPP_HEADER_LEN sizeof (struct ppp_header) 239 240 struct lcp_header { 241 uint8_t type; 242 uint8_t ident; 243 uint16_t len; 244 } __packed; 245 #define LCP_HEADER_LEN sizeof (struct lcp_header) 246 247 struct cisco_packet { 248 uint32_t type; 249 uint32_t par1; 250 uint32_t par2; 251 uint16_t rel; 252 uint16_t time0; 253 uint16_t time1; 254 } __packed; 255 #define CISCO_PACKET_LEN 18 256 257 /* 258 * We follow the spelling and capitalization of RFC 1661 here, to make 259 * it easier comparing with the standard. Please refer to this RFC in 260 * case you can't make sense out of these abbreviation; it will also 261 * explain the semantics related to the various events and actions. 262 */ 263 struct cp { 264 u_short proto; /* PPP control protocol number */ 265 u_char protoidx; /* index into state table in struct sppp */ 266 u_char flags; 267 #define CP_LCP 0x01 /* this is the LCP */ 268 #define CP_AUTH 0x02 /* this is an authentication protocol */ 269 #define CP_NCP 0x04 /* this is a NCP */ 270 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 271 const char *name; /* name of this control protocol */ 272 /* event handlers */ 273 void (*Up)(struct sppp *, void *); 274 void (*Down)(struct sppp *, void *); 275 void (*Open)(struct sppp *, void *); 276 void (*Close)(struct sppp *, void *); 277 void (*TO)(struct sppp *, void *); 278 /* actions */ 279 void (*tlu)(struct sppp *); 280 void (*tld)(struct sppp *); 281 void (*tls)(const struct cp *, struct sppp *); 282 void (*tlf)(const struct cp *, struct sppp *); 283 void (*scr)(struct sppp *); 284 void (*screply)(const struct cp *, struct sppp *, u_char, 285 uint8_t, size_t, void *); 286 287 /* message parser */ 288 enum cp_rcr_type 289 (*parse_confreq)(struct sppp *, struct lcp_header *, int, 290 uint8_t **, size_t *, size_t *); 291 void (*parse_confrej)(struct sppp *, struct lcp_header *, int); 292 void (*parse_confnak)(struct sppp *, struct lcp_header *, int); 293 }; 294 295 enum auth_role { 296 SPPP_AUTH_NOROLE = 0, 297 SPPP_AUTH_SERV = __BIT(0), 298 SPPP_AUTH_PEER = __BIT(1), 299 }; 300 301 static struct sppp *spppq; 302 static kmutex_t *spppq_lock = NULL; 303 static callout_t keepalive_ch; 304 static unsigned int sppp_keepalive_cnt = 0; 305 306 pktq_rps_hash_func_t sppp_pktq_rps_hash_p; 307 308 #define SPPPQ_LOCK() if (spppq_lock) \ 309 mutex_enter(spppq_lock); 310 #define SPPPQ_UNLOCK() if (spppq_lock) \ 311 mutex_exit(spppq_lock); 312 313 #define SPPP_LOCK(_sp, _op) rw_enter(&(_sp)->pp_lock, (_op)) 314 #define SPPP_UNLOCK(_sp) rw_exit(&(_sp)->pp_lock) 315 #define SPPP_WLOCKED(_sp) rw_write_held(&(_sp)->pp_lock) 316 #define SPPP_UPGRADE(_sp) do{ \ 317 SPPP_UNLOCK(_sp); \ 318 SPPP_LOCK(_sp, RW_WRITER); \ 319 }while (0) 320 #define SPPP_DOWNGRADE(_sp) rw_downgrade(&(_sp)->pp_lock) 321 #define SPPP_WQ_SET(_wk, _func, _arg) \ 322 sppp_wq_set((_wk), (_func), __UNCONST((_arg))) 323 #define SPPP_LOG(_sp, _lvl, _fmt, _args...) do { \ 324 if (__predict_true((_sp) != NULL)) { \ 325 log((_lvl), "%s: ", (_sp)->pp_if.if_xname); \ 326 } \ 327 addlog((_fmt), ##_args); \ 328 } while (0) 329 #define SPPP_DLOG(_sp, _fmt, _args...) do { \ 330 if (!sppp_debug_enabled(_sp)) \ 331 break; \ 332 SPPP_LOG(_sp, LOG_DEBUG, _fmt, ##_args); \ 333 } while (0) 334 335 #ifdef INET 336 #ifndef SPPPSUBR_MPSAFE 337 /* 338 * The following disgusting hack gets around the problem that IP TOS 339 * can't be set yet. We want to put "interactive" traffic on a high 340 * priority queue. To decide if traffic is interactive, we check that 341 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 342 * 343 * XXX is this really still necessary? - joerg - 344 */ 345 static u_short interactive_ports[8] = { 346 0, 513, 0, 0, 347 0, 21, 0, 23, 348 }; 349 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 350 #endif /* SPPPSUBR_MPSAFE */ 351 #endif 352 353 /* almost every function needs these */ 354 355 static bool sppp_debug_enabled(struct sppp *sp); 356 static int sppp_output(struct ifnet *, struct mbuf *, 357 const struct sockaddr *, const struct rtentry *); 358 359 static void sppp_cp_init(const struct cp *, struct sppp *); 360 static void sppp_cp_fini(const struct cp *, struct sppp *); 361 static void sppp_cp_input(const struct cp *, struct sppp *, 362 struct mbuf *); 363 static void sppp_cp_input(const struct cp *, struct sppp *, 364 struct mbuf *); 365 static void sppp_cp_send(struct sppp *, u_short, u_char, 366 u_char, u_short, void *); 367 /* static void sppp_cp_timeout(void *arg); */ 368 static void sppp_cp_change_state(const struct cp *, struct sppp *, int); 369 static struct workqueue * 370 sppp_wq_create(struct sppp *, const char *, pri_t, int, int); 371 static void sppp_wq_destroy(struct sppp *, struct workqueue *); 372 static void sppp_wq_set(struct sppp_work *, 373 void (*)(struct sppp *, void *), void *); 374 static void sppp_wq_add(struct workqueue *, struct sppp_work *); 375 static void sppp_wq_wait(struct workqueue *, struct sppp_work *); 376 static void sppp_cp_to_lcp(void *); 377 static void sppp_cp_to_ipcp(void *); 378 static void sppp_cp_to_ipv6cp(void *); 379 static void sppp_auth_send(const struct cp *, struct sppp *, 380 unsigned int, unsigned int, ...); 381 static int sppp_auth_role(const struct cp *, struct sppp *); 382 static void sppp_auth_to_event(struct sppp *, void *); 383 static void sppp_auth_screply(const struct cp *, struct sppp *, 384 u_char, uint8_t, size_t, void *); 385 static void sppp_up_event(struct sppp *, void *); 386 static void sppp_down_event(struct sppp *, void *); 387 static void sppp_open_event(struct sppp *, void *); 388 static void sppp_close_event(struct sppp *, void *); 389 static void sppp_to_event(struct sppp *, void *); 390 static void sppp_rcr_event(struct sppp *, void *); 391 static void sppp_rca_event(struct sppp *, void *); 392 static void sppp_rcn_event(struct sppp *, void *); 393 static void sppp_rtr_event(struct sppp *, void *); 394 static void sppp_rta_event(struct sppp *, void *); 395 static void sppp_rxj_event(struct sppp *, void *); 396 397 static void sppp_null(struct sppp *); 398 static void sppp_tls(const struct cp *, struct sppp *); 399 static void sppp_tlf(const struct cp *, struct sppp *); 400 static void sppp_screply(const struct cp *, struct sppp *, 401 u_char, uint8_t, size_t, void *); 402 static void sppp_ifdown(struct sppp *, void *); 403 404 static void sppp_lcp_init(struct sppp *); 405 static void sppp_lcp_up(struct sppp *, void *); 406 static void sppp_lcp_down(struct sppp *, void *); 407 static void sppp_lcp_open(struct sppp *, void *); 408 static enum cp_rcr_type 409 sppp_lcp_confreq(struct sppp *, struct lcp_header *, int, 410 uint8_t **, size_t *, size_t *); 411 static void sppp_lcp_confrej(struct sppp *, struct lcp_header *, int); 412 static void sppp_lcp_confnak(struct sppp *, struct lcp_header *, int); 413 static void sppp_lcp_tlu(struct sppp *); 414 static void sppp_lcp_tld(struct sppp *); 415 static void sppp_lcp_tls(const struct cp *, struct sppp *); 416 static void sppp_lcp_tlf(const struct cp *, struct sppp *); 417 static void sppp_lcp_scr(struct sppp *); 418 static void sppp_lcp_check_and_close(struct sppp *); 419 static int sppp_cp_check(struct sppp *, u_char); 420 421 static void sppp_ipcp_init(struct sppp *); 422 static void sppp_ipcp_open(struct sppp *, void *); 423 static void sppp_ipcp_close(struct sppp *, void *); 424 static enum cp_rcr_type 425 sppp_ipcp_confreq(struct sppp *, struct lcp_header *, int, 426 uint8_t **, size_t *, size_t *); 427 static void sppp_ipcp_confrej(struct sppp *, struct lcp_header *, int); 428 static void sppp_ipcp_confnak(struct sppp *, struct lcp_header *, int); 429 static void sppp_ipcp_tlu(struct sppp *); 430 static void sppp_ipcp_tld(struct sppp *); 431 static void sppp_ipcp_scr(struct sppp *); 432 433 static void sppp_ipv6cp_init(struct sppp *); 434 static void sppp_ipv6cp_open(struct sppp *, void *); 435 static enum cp_rcr_type 436 sppp_ipv6cp_confreq(struct sppp *, struct lcp_header *, int, 437 uint8_t **, size_t *, size_t *); 438 static void sppp_ipv6cp_confrej(struct sppp *, struct lcp_header *, int); 439 static void sppp_ipv6cp_confnak(struct sppp *, struct lcp_header *, int); 440 static void sppp_ipv6cp_tlu(struct sppp *); 441 static void sppp_ipv6cp_tld(struct sppp *); 442 static void sppp_ipv6cp_scr(struct sppp *); 443 444 static void sppp_pap_input(struct sppp *, struct mbuf *); 445 static void sppp_pap_init(struct sppp *); 446 static void sppp_pap_tlu(struct sppp *); 447 static void sppp_pap_scr(struct sppp *); 448 449 static void sppp_chap_input(struct sppp *, struct mbuf *); 450 static void sppp_chap_init(struct sppp *); 451 static void sppp_chap_open(struct sppp *, void *); 452 static void sppp_chap_tlu(struct sppp *); 453 static void sppp_chap_scr(struct sppp *); 454 static void sppp_chap_rcv_challenge_event(struct sppp *, void *); 455 456 static const char *sppp_auth_type_name(char *, size_t, u_short, u_char); 457 static const char *sppp_cp_type_name(char *, size_t, u_char); 458 static const char *sppp_dotted_quad(char *, size_t, uint32_t); 459 static const char *sppp_ipcp_opt_name(char *, size_t, u_char); 460 #ifdef INET6 461 static const char *sppp_ipv6cp_opt_name(char *, size_t, u_char); 462 #endif 463 static const char *sppp_lcp_opt_name(char *, size_t, u_char); 464 static const char *sppp_phase_name(int); 465 static const char *sppp_proto_name(char *, size_t, u_short); 466 static const char *sppp_state_name(int); 467 static int sppp_params(struct sppp *, u_long, void *); 468 #ifdef INET 469 static void sppp_get_ip_addrs(struct sppp *, uint32_t *, uint32_t *, uint32_t *); 470 static void sppp_set_ip_addrs(struct sppp *); 471 static void sppp_clear_ip_addrs(struct sppp *); 472 #endif 473 static void sppp_keepalive(void *); 474 static void sppp_phase_network(struct sppp *); 475 static void sppp_print_bytes(const u_char *, u_short); 476 static void sppp_print_string(const char *, u_short); 477 #ifdef INET6 478 static void sppp_get_ip6_addrs(struct sppp *, struct in6_addr *, 479 struct in6_addr *, struct in6_addr *); 480 #ifdef IPV6CP_MYIFID_DYN 481 static void sppp_set_ip6_addr(struct sppp *, const struct in6_addr *); 482 static void sppp_gen_ip6_addr(struct sppp *, const struct in6_addr *); 483 #endif 484 static void sppp_suggest_ip6_addr(struct sppp *, struct in6_addr *); 485 #endif 486 487 static void sppp_notify_up(struct sppp *); 488 static void sppp_notify_down(struct sppp *); 489 static void sppp_notify_tls_wlocked(struct sppp *); 490 static void sppp_notify_tlf_wlocked(struct sppp *); 491 #ifdef INET6 492 static void sppp_notify_con_wlocked(struct sppp *); 493 #endif 494 static void sppp_notify_con(struct sppp *); 495 496 static void sppp_notify_chg_wlocked(struct sppp *); 497 498 /* our control protocol descriptors */ 499 static const struct cp lcp = { 500 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 501 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, 502 sppp_close_event, sppp_to_event, 503 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, 504 sppp_lcp_tlf, sppp_lcp_scr, sppp_screply, 505 sppp_lcp_confreq, sppp_lcp_confrej, sppp_lcp_confnak 506 }; 507 508 static const struct cp ipcp = { 509 PPP_IPCP, IDX_IPCP, 510 #ifdef INET 511 CP_NCP, /*don't run IPCP if there's no IPv4 support*/ 512 #else 513 0, 514 #endif 515 "ipcp", 516 sppp_up_event, sppp_down_event, sppp_ipcp_open, 517 sppp_ipcp_close, sppp_to_event, 518 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_tls, 519 sppp_tlf, sppp_ipcp_scr, sppp_screply, 520 sppp_ipcp_confreq, sppp_ipcp_confrej, sppp_ipcp_confnak, 521 }; 522 523 static const struct cp ipv6cp = { 524 PPP_IPV6CP, IDX_IPV6CP, 525 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 526 CP_NCP, 527 #else 528 0, 529 #endif 530 "ipv6cp", 531 sppp_up_event, sppp_down_event, sppp_ipv6cp_open, 532 sppp_close_event, sppp_to_event, 533 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_tls, 534 sppp_tlf, sppp_ipv6cp_scr, sppp_screply, 535 sppp_ipv6cp_confreq, sppp_ipv6cp_confrej, sppp_ipv6cp_confnak, 536 }; 537 538 static const struct cp pap = { 539 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 540 sppp_up_event, sppp_down_event, sppp_open_event, 541 sppp_close_event, sppp_auth_to_event, 542 sppp_pap_tlu, sppp_null, sppp_tls, sppp_tlf, 543 sppp_pap_scr, sppp_auth_screply, 544 NULL, NULL, NULL 545 }; 546 547 static const struct cp chap = { 548 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 549 sppp_up_event, sppp_down_event, sppp_chap_open, 550 sppp_close_event, sppp_auth_to_event, 551 sppp_chap_tlu, sppp_null, sppp_tls, sppp_tlf, 552 sppp_chap_scr, sppp_auth_screply, 553 NULL, NULL, NULL 554 }; 555 556 static const struct cp *cps[IDX_COUNT] = { 557 &lcp, /* IDX_LCP */ 558 &ipcp, /* IDX_IPCP */ 559 &ipv6cp, /* IDX_IPV6CP */ 560 &pap, /* IDX_PAP */ 561 &chap, /* IDX_CHAP */ 562 }; 563 564 static inline u_int 565 sppp_proto2authproto(u_short proto) 566 { 567 568 switch (proto) { 569 case PPP_PAP: 570 return SPPP_AUTHPROTO_PAP; 571 case PPP_CHAP: 572 return SPPP_AUTHPROTO_CHAP; 573 } 574 575 return SPPP_AUTHPROTO_NONE; 576 } 577 578 static inline u_short 579 sppp_authproto2proto(u_int authproto) 580 { 581 582 switch (authproto) { 583 case SPPP_AUTHPROTO_PAP: 584 return PPP_PAP; 585 case SPPP_AUTHPROTO_CHAP: 586 return PPP_CHAP; 587 } 588 589 return PPP_NOPROTO; 590 } 591 592 static inline bool 593 sppp_debug_enabled(struct sppp *sp) 594 { 595 596 if (__predict_false(sp == NULL)) 597 return false; 598 599 if ((sp->pp_if.if_flags & IFF_DEBUG) == 0) 600 return false; 601 602 return true; 603 } 604 605 static void 606 sppp_change_phase(struct sppp *sp, int phase) 607 { 608 struct ifnet *ifp; 609 610 KASSERT(SPPP_WLOCKED(sp)); 611 612 ifp = &sp->pp_if; 613 614 if (sp->pp_phase == phase) 615 return; 616 617 sp->pp_phase = phase; 618 619 if (phase == SPPP_PHASE_NETWORK) 620 if_link_state_change(ifp, LINK_STATE_UP); 621 else 622 if_link_state_change(ifp, LINK_STATE_DOWN); 623 624 SPPP_DLOG(sp, "phase %s\n", 625 sppp_phase_name(sp->pp_phase)); 626 } 627 628 /* 629 * Exported functions, comprising our interface to the lower layer. 630 */ 631 632 /* 633 * Process the received packet. 634 */ 635 void 636 sppp_input(struct ifnet *ifp, struct mbuf *m) 637 { 638 struct ppp_header *h = NULL; 639 pktqueue_t *pktq = NULL; 640 uint16_t protocol; 641 struct sppp *sp = (struct sppp *)ifp; 642 643 /* No RPS for not-IP. */ 644 pktq_rps_hash_func_t rps_hash = NULL; 645 646 SPPP_LOCK(sp, RW_READER); 647 648 if (ifp->if_flags & IFF_UP) { 649 /* Count received bytes, add hardware framing */ 650 if_statadd(ifp, if_ibytes, m->m_pkthdr.len + sp->pp_framebytes); 651 /* Note time of last receive */ 652 sp->pp_last_receive = time_uptime; 653 } 654 655 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 656 /* Too small packet, drop it. */ 657 SPPP_DLOG(sp, "input packet is too small, " 658 "%d bytes\n", m->m_pkthdr.len); 659 goto drop; 660 } 661 662 if (sp->pp_flags & PP_NOFRAMING) { 663 memcpy(&protocol, mtod(m, void *), 2); 664 protocol = ntohs(protocol); 665 m_adj(m, 2); 666 } else { 667 668 /* Get PPP header. */ 669 h = mtod(m, struct ppp_header *); 670 m_adj(m, PPP_HEADER_LEN); 671 672 switch (h->address) { 673 case PPP_ALLSTATIONS: 674 if (h->control != PPP_UI) 675 goto invalid; 676 break; 677 case CISCO_MULTICAST: 678 case CISCO_UNICAST: 679 /* Don't check the control field here (RFC 1547). */ 680 SPPP_DLOG(sp, "Cisco packet in PPP mode " 681 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 682 h->address, h->control, ntohs(h->protocol)); 683 goto drop; 684 default: /* Invalid PPP packet. */ 685 invalid: 686 SPPP_DLOG(sp, "invalid input packet " 687 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 688 h->address, h->control, ntohs(h->protocol)); 689 goto drop; 690 } 691 protocol = ntohs(h->protocol); 692 } 693 694 switch (protocol) { 695 reject_protocol: 696 if (sp->scp[IDX_LCP].state == STATE_OPENED) { 697 uint16_t prot = htons(protocol); 698 699 SPPP_UPGRADE(sp); 700 sppp_cp_send(sp, PPP_LCP, PROTO_REJ, 701 ++sp->scp[IDX_LCP].seq, m->m_pkthdr.len + 2, 702 &prot); 703 SPPP_DOWNGRADE(sp); 704 } 705 if_statinc(ifp, if_noproto); 706 goto drop; 707 default: 708 SPPP_DLOG(sp, "invalid input protocol " 709 "<proto=0x%x>\n", protocol); 710 goto reject_protocol; 711 case PPP_LCP: 712 SPPP_UNLOCK(sp); 713 sppp_cp_input(&lcp, sp, m); 714 /* already m_freem(m) */ 715 return; 716 case PPP_PAP: 717 SPPP_UNLOCK(sp); 718 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 719 sppp_pap_input(sp, m); 720 } 721 m_freem(m); 722 return; 723 case PPP_CHAP: 724 SPPP_UNLOCK(sp); 725 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 726 sppp_chap_input(sp, m); 727 } 728 m_freem(m); 729 return; 730 #ifdef INET 731 case PPP_IPCP: 732 if (!ISSET(sp->pp_ncpflags, SPPP_NCP_IPCP)) { 733 SPPP_LOG(sp, LOG_INFO, "reject IPCP packet " 734 "because IPCP is disabled\n"); 735 goto reject_protocol; 736 } 737 SPPP_UNLOCK(sp); 738 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 739 sppp_cp_input(&ipcp, sp, m); 740 /* already m_freem(m) */ 741 } else { 742 m_freem(m); 743 } 744 return; 745 case PPP_IP: 746 if (sp->scp[IDX_IPCP].state == STATE_OPENED) { 747 sp->pp_last_activity = time_uptime; 748 pktq = ip_pktq; 749 rps_hash = atomic_load_relaxed(&sppp_pktq_rps_hash_p); 750 } 751 break; 752 #endif 753 #ifdef INET6 754 case PPP_IPV6CP: 755 if (!ISSET(sp->pp_ncpflags, SPPP_NCP_IPV6CP)) { 756 SPPP_LOG(sp, LOG_INFO, "reject IPv6CP packet " 757 "because IPv6CP is disabled\n"); 758 goto reject_protocol; 759 } 760 SPPP_UNLOCK(sp); 761 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 762 sppp_cp_input(&ipv6cp, sp, m); 763 /* already m_freem(m) */ 764 } else { 765 m_freem(m); 766 } 767 return; 768 769 case PPP_IPV6: 770 if (sp->scp[IDX_IPV6CP].state == STATE_OPENED) { 771 sp->pp_last_activity = time_uptime; 772 pktq = ip6_pktq; 773 rps_hash = atomic_load_relaxed(&sppp_pktq_rps_hash_p); 774 } 775 break; 776 #endif 777 } 778 779 if ((ifp->if_flags & IFF_UP) == 0 || pktq == NULL) { 780 goto drop; 781 } 782 783 /* Check queue. */ 784 const uint32_t hash = rps_hash ? pktq_rps_hash(&rps_hash, m) : 0; 785 if (__predict_false(!pktq_enqueue(pktq, m, hash))) { 786 goto drop; 787 } 788 SPPP_UNLOCK(sp); 789 return; 790 791 drop: 792 if_statadd2(ifp, if_ierrors, 1, if_iqdrops, 1); 793 m_freem(m); 794 SPPP_UNLOCK(sp); 795 return; 796 } 797 798 /* 799 * Enqueue transmit packet. 800 */ 801 static int 802 sppp_output(struct ifnet *ifp, struct mbuf *m, 803 const struct sockaddr *dst, const struct rtentry *rt) 804 { 805 struct sppp *sp = (struct sppp *) ifp; 806 struct ppp_header *h = NULL; 807 #ifndef SPPPSUBR_MPSAFE 808 struct ifqueue *ifq = NULL; /* XXX */ 809 #endif 810 int s, error = 0; 811 uint16_t protocol; 812 size_t pktlen; 813 814 s = splnet(); 815 SPPP_LOCK(sp, RW_READER); 816 817 sp->pp_last_activity = time_uptime; 818 819 if ((ifp->if_flags & IFF_UP) == 0 || 820 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 821 SPPP_UNLOCK(sp); 822 splx(s); 823 824 m_freem(m); 825 if_statinc(ifp, if_oerrors); 826 return (ENETDOWN); 827 } 828 829 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 830 /* ignore packets that have no enabled NCP */ 831 if ((dst->sa_family == AF_INET && 832 !ISSET(sp->pp_ncpflags, SPPP_NCP_IPCP)) || 833 (dst->sa_family == AF_INET6 && 834 !ISSET(sp->pp_ncpflags, SPPP_NCP_IPV6CP))) { 835 SPPP_UNLOCK(sp); 836 splx(s); 837 838 m_freem(m); 839 if_statinc(ifp, if_oerrors); 840 return (ENETDOWN); 841 } 842 /* 843 * Interface is not yet running, but auto-dial. Need 844 * to start LCP for it. 845 */ 846 ifp->if_flags |= IFF_RUNNING; 847 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); 848 } 849 850 /* 851 * If the queueing discipline needs packet classification, 852 * do it before prepending link headers. 853 */ 854 IFQ_CLASSIFY(&ifp->if_snd, m, dst->sa_family); 855 856 #ifdef INET 857 if (dst->sa_family == AF_INET) { 858 struct ip *ip = NULL; 859 #ifndef SPPPSUBR_MPSAFE 860 struct tcphdr *th = NULL; 861 #endif 862 863 if (m->m_len >= sizeof(struct ip)) { 864 ip = mtod(m, struct ip *); 865 #ifndef SPPPSUBR_MPSAFE 866 if (ip->ip_p == IPPROTO_TCP && 867 m->m_len >= sizeof(struct ip) + (ip->ip_hl << 2) + 868 sizeof(struct tcphdr)) { 869 th = (struct tcphdr *) 870 ((char *)ip + (ip->ip_hl << 2)); 871 } 872 #endif 873 } else 874 ip = NULL; 875 876 /* 877 * When using dynamic local IP address assignment by using 878 * 0.0.0.0 as a local address, the first TCP session will 879 * not connect because the local TCP checksum is computed 880 * using 0.0.0.0 which will later become our real IP address 881 * so the TCP checksum computed at the remote end will 882 * become invalid. So we 883 * - don't let packets with src ip addr 0 thru 884 * - we flag TCP packets with src ip 0 as an error 885 */ 886 if (ip && ip->ip_src.s_addr == INADDR_ANY) { 887 uint8_t proto = ip->ip_p; 888 889 SPPP_UNLOCK(sp); 890 splx(s); 891 892 m_freem(m); 893 if (proto == IPPROTO_TCP) 894 return (EADDRNOTAVAIL); 895 else 896 return (0); 897 } 898 899 #ifndef SPPPSUBR_MPSAFE 900 /* 901 * Put low delay, telnet, rlogin and ftp control packets 902 * in front of the queue. 903 */ 904 if (!IF_QFULL(&sp->pp_fastq) && 905 ((ip && (ip->ip_tos & IPTOS_LOWDELAY)) || 906 (th && (INTERACTIVE(ntohs(th->th_sport)) || 907 INTERACTIVE(ntohs(th->th_dport)))))) 908 ifq = &sp->pp_fastq; 909 #endif /* !SPPPSUBR_MPSAFE */ 910 } 911 #endif 912 913 #ifdef INET6 914 if (dst->sa_family == AF_INET6) { 915 /* XXX do something tricky here? */ 916 } 917 #endif 918 919 if ((sp->pp_flags & PP_NOFRAMING) == 0) { 920 /* 921 * Prepend general data packet PPP header. For now, IP only. 922 */ 923 M_PREPEND(m, PPP_HEADER_LEN, M_DONTWAIT); 924 if (! m) { 925 SPPP_DLOG(sp, "no memory for transmit header\n"); 926 if_statinc(ifp, if_oerrors); 927 SPPP_UNLOCK(sp); 928 splx(s); 929 return (ENOBUFS); 930 } 931 /* 932 * May want to check size of packet 933 * (albeit due to the implementation it's always enough) 934 */ 935 h = mtod(m, struct ppp_header *); 936 h->address = PPP_ALLSTATIONS; /* broadcast address */ 937 h->control = PPP_UI; /* Unnumbered Info */ 938 } 939 940 switch (dst->sa_family) { 941 #ifdef INET 942 case AF_INET: /* Internet Protocol */ 943 /* 944 * Don't choke with an ENETDOWN early. It's 945 * possible that we just started dialing out, 946 * so don't drop the packet immediately. If 947 * we notice that we run out of buffer space 948 * below, we will however remember that we are 949 * not ready to carry IP packets, and return 950 * ENETDOWN, as opposed to ENOBUFS. 951 */ 952 protocol = htons(PPP_IP); 953 if (sp->scp[IDX_IPCP].state != STATE_OPENED) { 954 if (ifp->if_flags & IFF_AUTO) { 955 error = ENETDOWN; 956 } else { 957 IF_DROP(&ifp->if_snd); 958 SPPP_UNLOCK(sp); 959 splx(s); 960 961 m_freem(m); 962 if_statinc(ifp, if_oerrors); 963 return (ENETDOWN); 964 } 965 } 966 break; 967 #endif 968 #ifdef INET6 969 case AF_INET6: /* Internet Protocol version 6 */ 970 /* 971 * Don't choke with an ENETDOWN early. It's 972 * possible that we just started dialing out, 973 * so don't drop the packet immediately. If 974 * we notice that we run out of buffer space 975 * below, we will however remember that we are 976 * not ready to carry IP packets, and return 977 * ENETDOWN, as opposed to ENOBUFS. 978 */ 979 protocol = htons(PPP_IPV6); 980 if (sp->scp[IDX_IPV6CP].state != STATE_OPENED) { 981 if (ifp->if_flags & IFF_AUTO) { 982 error = ENETDOWN; 983 } else { 984 IF_DROP(&ifp->if_snd); 985 SPPP_UNLOCK(sp); 986 splx(s); 987 988 m_freem(m); 989 if_statinc(ifp, if_oerrors); 990 return (ENETDOWN); 991 } 992 } 993 break; 994 #endif 995 default: 996 m_freem(m); 997 if_statinc(ifp, if_oerrors); 998 SPPP_UNLOCK(sp); 999 splx(s); 1000 return (EAFNOSUPPORT); 1001 } 1002 1003 if (sp->pp_flags & PP_NOFRAMING) { 1004 M_PREPEND(m, 2, M_DONTWAIT); 1005 if (m == NULL) { 1006 SPPP_DLOG(sp, "no memory for transmit header\n"); 1007 if_statinc(ifp, if_oerrors); 1008 SPPP_UNLOCK(sp); 1009 splx(s); 1010 return (ENOBUFS); 1011 } 1012 *mtod(m, uint16_t *) = protocol; 1013 } else { 1014 h->protocol = protocol; 1015 } 1016 1017 pktlen = m->m_pkthdr.len; 1018 #ifdef SPPPSUBR_MPSAFE 1019 SPPP_UNLOCK(sp); 1020 error = if_transmit_lock(ifp, m); 1021 SPPP_LOCK(sp, RW_READER); 1022 if (error == 0) 1023 if_statadd(ifp, if_obytes, pktlen + sp->pp_framebytes); 1024 #else /* !SPPPSUBR_MPSAFE */ 1025 error = ifq_enqueue2(ifp, ifq, m); 1026 1027 if (error == 0) { 1028 /* 1029 * Count output packets and bytes. 1030 * The packet length includes header + additional hardware 1031 * framing according to RFC 1333. 1032 */ 1033 if (!(ifp->if_flags & IFF_OACTIVE)) { 1034 SPPP_UNLOCK(sp); 1035 if_start_lock(ifp); 1036 SPPP_LOCK(sp, RW_READER); 1037 } 1038 if_statadd(ifp, if_obytes, pktlen + sp->pp_framebytes); 1039 } 1040 #endif /* !SPPPSUBR_MPSAFE */ 1041 SPPP_UNLOCK(sp); 1042 splx(s); 1043 return error; 1044 } 1045 1046 void 1047 sppp_attach(struct ifnet *ifp) 1048 { 1049 struct sppp *sp = (struct sppp *) ifp; 1050 char xnamebuf[MAXCOMLEN]; 1051 1052 /* Initialize keepalive handler. */ 1053 if (! spppq) { 1054 callout_init(&keepalive_ch, CALLOUT_MPSAFE); 1055 callout_reset(&keepalive_ch, hz * SPPP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 1056 } 1057 1058 if (! spppq_lock) 1059 spppq_lock = mutex_obj_alloc(MUTEX_DEFAULT, IPL_SOFTNET); 1060 1061 sp->pp_if.if_type = IFT_PPP; 1062 sp->pp_if.if_output = sppp_output; 1063 IFQ_SET_MAXLEN(&sp->pp_fastq, 32); 1064 IFQ_LOCK_INIT(&sp->pp_fastq); 1065 IFQ_SET_MAXLEN(&sp->pp_cpq, 20); 1066 sp->pp_loopcnt = 0; 1067 sp->pp_alivecnt = 0; 1068 sp->pp_alive_interval = SPPP_ALIVE_INTERVAL; 1069 sp->pp_last_activity = 0; 1070 sp->pp_last_receive = 0; 1071 sp->pp_maxalive = DEFAULT_MAXALIVECNT; 1072 sp->pp_max_noreceive = SPPP_NORECV_TIME; 1073 sp->pp_idle_timeout = 0; 1074 sp->pp_max_auth_fail = DEFAULT_MAX_AUTH_FAILURES; 1075 sp->pp_phase = SPPP_PHASE_DEAD; 1076 sp->pp_up = sppp_notify_up; 1077 sp->pp_down = sppp_notify_down; 1078 sp->pp_ncpflags = SPPP_NCP_IPCP | SPPP_NCP_IPV6CP; 1079 #ifdef SPPP_IFDOWN_RECONNECT 1080 sp->pp_flags |= PP_LOOPBACK_IFDOWN | PP_KEEPALIVE_IFDOWN; 1081 #endif 1082 sppp_wq_set(&sp->work_ifdown, sppp_ifdown, NULL); 1083 memset(sp->scp, 0, sizeof(sp->scp)); 1084 rw_init(&sp->pp_lock); 1085 1086 if_alloc_sadl(ifp); 1087 1088 /* Lets not beat about the bush, we know we're down. */ 1089 if_link_state_change(ifp, LINK_STATE_DOWN); 1090 1091 snprintf(xnamebuf, sizeof(xnamebuf), "%s.wq_cp", ifp->if_xname); 1092 sp->wq_cp = sppp_wq_create(sp, xnamebuf, 1093 PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE); 1094 1095 memset(&sp->myauth, 0, sizeof sp->myauth); 1096 memset(&sp->hisauth, 0, sizeof sp->hisauth); 1097 SPPP_LOCK(sp, RW_WRITER); 1098 sppp_lcp_init(sp); 1099 sppp_ipcp_init(sp); 1100 sppp_ipv6cp_init(sp); 1101 sppp_pap_init(sp); 1102 sppp_chap_init(sp); 1103 SPPP_UNLOCK(sp); 1104 1105 SPPPQ_LOCK(); 1106 /* Insert new entry into the keepalive list. */ 1107 sp->pp_next = spppq; 1108 spppq = sp; 1109 SPPPQ_UNLOCK(); 1110 } 1111 1112 void 1113 sppp_detach(struct ifnet *ifp) 1114 { 1115 struct sppp **q, *p, *sp = (struct sppp *) ifp; 1116 1117 /* Remove the entry from the keepalive list. */ 1118 SPPPQ_LOCK(); 1119 for (q = &spppq; (p = *q); q = &p->pp_next) 1120 if (p == sp) { 1121 *q = p->pp_next; 1122 break; 1123 } 1124 SPPPQ_UNLOCK(); 1125 1126 if (! spppq) { 1127 /* Stop keepalive handler. */ 1128 callout_stop(&keepalive_ch); 1129 mutex_obj_free(spppq_lock); 1130 spppq_lock = NULL; 1131 } 1132 1133 sppp_cp_fini(&lcp, sp); 1134 sppp_cp_fini(&ipcp, sp); 1135 sppp_cp_fini(&pap, sp); 1136 sppp_cp_fini(&chap, sp); 1137 #ifdef INET6 1138 sppp_cp_fini(&ipv6cp, sp); 1139 #endif 1140 sppp_wq_destroy(sp, sp->wq_cp); 1141 1142 /* free authentication info */ 1143 if (sp->myauth.name) free(sp->myauth.name, M_DEVBUF); 1144 if (sp->myauth.secret) free(sp->myauth.secret, M_DEVBUF); 1145 if (sp->hisauth.name) free(sp->hisauth.name, M_DEVBUF); 1146 if (sp->hisauth.secret) free(sp->hisauth.secret, M_DEVBUF); 1147 1148 IFQ_LOCK_DESTROY(&sp->pp_fastq); 1149 rw_destroy(&sp->pp_lock); 1150 } 1151 1152 /* 1153 * Flush the interface output queue. 1154 */ 1155 void 1156 sppp_flush(struct ifnet *ifp) 1157 { 1158 struct sppp *sp = (struct sppp *) ifp; 1159 1160 SPPP_LOCK(sp, RW_WRITER); 1161 IFQ_PURGE(&sp->pp_if.if_snd); 1162 IF_PURGE(&sp->pp_fastq); 1163 IF_PURGE(&sp->pp_cpq); 1164 SPPP_UNLOCK(sp); 1165 } 1166 1167 /* 1168 * Check if the output queue is empty. 1169 */ 1170 int 1171 sppp_isempty(struct ifnet *ifp) 1172 { 1173 struct sppp *sp = (struct sppp *) ifp; 1174 int empty, s; 1175 1176 s = splnet(); 1177 SPPP_LOCK(sp, RW_READER); 1178 empty = IF_IS_EMPTY(&sp->pp_fastq) && IF_IS_EMPTY(&sp->pp_cpq) && 1179 IFQ_IS_EMPTY(&sp->pp_if.if_snd); 1180 SPPP_UNLOCK(sp); 1181 splx(s); 1182 return (empty); 1183 } 1184 1185 /* 1186 * Get next packet to send. 1187 */ 1188 struct mbuf * 1189 sppp_dequeue(struct ifnet *ifp) 1190 { 1191 struct sppp *sp = (struct sppp *) ifp; 1192 struct mbuf *m; 1193 int s; 1194 1195 s = splnet(); 1196 SPPP_LOCK(sp, RW_WRITER); 1197 /* 1198 * Process only the control protocol queue until we have at 1199 * least one NCP open. 1200 * 1201 * Do always serve all three queues in Cisco mode. 1202 */ 1203 IF_DEQUEUE(&sp->pp_cpq, m); 1204 if (m == NULL && sppp_cp_check(sp, CP_NCP)) { 1205 IF_DEQUEUE(&sp->pp_fastq, m); 1206 if (m == NULL) 1207 IFQ_DEQUEUE(&sp->pp_if.if_snd, m); 1208 } 1209 SPPP_UNLOCK(sp); 1210 splx(s); 1211 return m; 1212 } 1213 1214 /* 1215 * Process an ioctl request. Called on low priority level. 1216 */ 1217 int 1218 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) 1219 { 1220 struct lwp *l = curlwp; /* XXX */ 1221 struct ifreq *ifr = (struct ifreq *) data; 1222 struct ifaddr *ifa = (struct ifaddr *) data; 1223 struct sppp *sp = (struct sppp *) ifp; 1224 int s, error=0, going_up, going_down; 1225 u_short newmode; 1226 u_long lcp_mru; 1227 1228 s = splnet(); 1229 switch (cmd) { 1230 case SIOCINITIFADDR: 1231 ifa->ifa_rtrequest = p2p_rtrequest; 1232 break; 1233 1234 case SIOCSIFFLAGS: 1235 if ((error = ifioctl_common(ifp, cmd, data)) != 0) 1236 break; 1237 1238 SPPP_LOCK(sp, RW_WRITER); 1239 going_up = ifp->if_flags & IFF_UP && 1240 (ifp->if_flags & IFF_RUNNING) == 0; 1241 going_down = (ifp->if_flags & IFF_UP) == 0 && 1242 ifp->if_flags & IFF_RUNNING; 1243 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 1244 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 1245 /* sanity */ 1246 newmode = IFF_PASSIVE; 1247 ifp->if_flags &= ~IFF_AUTO; 1248 } 1249 1250 if (ifp->if_flags & IFF_UP) { 1251 sp->pp_flags |= PP_ADMIN_UP; 1252 } else { 1253 sp->pp_flags &= ~PP_ADMIN_UP; 1254 } 1255 1256 if (going_up || going_down) { 1257 sp->lcp.reestablish = false; 1258 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 1259 } 1260 if (going_up && newmode == 0) { 1261 /* neither auto-dial nor passive */ 1262 ifp->if_flags |= IFF_RUNNING; 1263 sppp_wq_add(sp->wq_cp, 1264 &sp->scp[IDX_LCP].work_open); 1265 } else if (going_down) { 1266 SPPP_UNLOCK(sp); 1267 sppp_flush(ifp); 1268 SPPP_LOCK(sp, RW_WRITER); 1269 1270 ifp->if_flags &= ~IFF_RUNNING; 1271 } 1272 SPPP_UNLOCK(sp); 1273 break; 1274 1275 case SIOCSIFMTU: 1276 if (ifr->ifr_mtu < PPP_MINMRU || 1277 ifr->ifr_mtu > PP_MTU) { 1278 error = EINVAL; 1279 break; 1280 } 1281 1282 error = ifioctl_common(ifp, cmd, data); 1283 if (error == ENETRESET) 1284 error = 0; 1285 1286 SPPP_LOCK(sp, RW_WRITER); 1287 lcp_mru = sp->lcp.mru; 1288 if (ifp->if_mtu < PP_MTU) { 1289 sp->lcp.mru = ifp->if_mtu; 1290 } else { 1291 sp->lcp.mru = PP_MTU; 1292 } 1293 if (lcp_mru != sp->lcp.mru) 1294 SET(sp->lcp.opts, SPPP_LCP_OPT_MRU); 1295 1296 if (sp->scp[IDX_LCP].state == STATE_OPENED && 1297 ifp->if_mtu > sp->lcp.their_mru) { 1298 sp->pp_saved_mtu = ifp->if_mtu; 1299 ifp->if_mtu = sp->lcp.their_mru; 1300 1301 SPPP_DLOG(sp, "setting MTU " 1302 "from %"PRIu64" bytes to %"PRIu64" bytes\n", 1303 sp->pp_saved_mtu, ifp->if_mtu); 1304 } 1305 SPPP_UNLOCK(sp); 1306 break; 1307 1308 case SIOCGIFMTU: 1309 if ((error = ifioctl_common(ifp, cmd, data)) == ENETRESET) 1310 error = 0; 1311 break; 1312 case SIOCADDMULTI: 1313 case SIOCDELMULTI: 1314 break; 1315 1316 case SPPPSETAUTHCFG: 1317 case SPPPSETLCPCFG: 1318 case SPPPSETNCPCFG: 1319 case SPPPSETIDLETO: 1320 case SPPPSETAUTHFAILURE: 1321 case SPPPSETDNSOPTS: 1322 case SPPPSETKEEPALIVE: 1323 #if defined(COMPAT_50) || defined(MODULAR) 1324 case __SPPPSETIDLETO50: 1325 case __SPPPSETKEEPALIVE50: 1326 #endif /* COMPAT_50 || MODULAR */ 1327 error = kauth_authorize_network(l->l_cred, 1328 KAUTH_NETWORK_INTERFACE, 1329 KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd, 1330 NULL); 1331 if (error) 1332 break; 1333 error = sppp_params(sp, cmd, data); 1334 break; 1335 1336 case SPPPGETAUTHCFG: 1337 case SPPPGETLCPCFG: 1338 case SPPPGETNCPCFG: 1339 case SPPPGETAUTHFAILURES: 1340 error = kauth_authorize_network(l->l_cred, 1341 KAUTH_NETWORK_INTERFACE, 1342 KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, ifp, (void *)cmd, 1343 NULL); 1344 if (error) 1345 break; 1346 error = sppp_params(sp, cmd, data); 1347 break; 1348 1349 case SPPPGETSTATUS: 1350 case SPPPGETSTATUSNCP: 1351 case SPPPGETIDLETO: 1352 case SPPPGETDNSOPTS: 1353 case SPPPGETDNSADDRS: 1354 case SPPPGETKEEPALIVE: 1355 #if defined(COMPAT_50) || defined(MODULAR) 1356 case __SPPPGETIDLETO50: 1357 case __SPPPGETKEEPALIVE50: 1358 #endif /* COMPAT_50 || MODULAR */ 1359 case SPPPGETLCPSTATUS: 1360 case SPPPGETIPCPSTATUS: 1361 case SPPPGETIPV6CPSTATUS: 1362 error = sppp_params(sp, cmd, data); 1363 break; 1364 1365 default: 1366 error = ifioctl_common(ifp, cmd, data); 1367 break; 1368 } 1369 splx(s); 1370 return (error); 1371 } 1372 1373 /* 1374 * PPP protocol implementation. 1375 */ 1376 1377 /* 1378 * Send PPP control protocol packet. 1379 */ 1380 static void 1381 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1382 u_char ident, u_short len, void *data) 1383 { 1384 struct ifnet *ifp; 1385 struct lcp_header *lh; 1386 struct mbuf *m; 1387 size_t pkthdrlen; 1388 1389 KASSERT(SPPP_WLOCKED(sp)); 1390 1391 ifp = &sp->pp_if; 1392 pkthdrlen = (sp->pp_flags & PP_NOFRAMING) ? 2 : PPP_HEADER_LEN; 1393 1394 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) 1395 len = MHLEN - pkthdrlen - LCP_HEADER_LEN; 1396 MGETHDR(m, M_DONTWAIT, MT_DATA); 1397 if (! m) { 1398 return; 1399 } 1400 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 1401 m_reset_rcvif(m); 1402 1403 if (sp->pp_flags & PP_NOFRAMING) { 1404 *mtod(m, uint16_t *) = htons(proto); 1405 lh = (struct lcp_header *)(mtod(m, uint8_t *) + 2); 1406 } else { 1407 struct ppp_header *h; 1408 h = mtod(m, struct ppp_header *); 1409 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1410 h->control = PPP_UI; /* Unnumbered Info */ 1411 h->protocol = htons(proto); /* Link Control Protocol */ 1412 lh = (struct lcp_header *)(h + 1); 1413 } 1414 lh->type = type; 1415 lh->ident = ident; 1416 lh->len = htons(LCP_HEADER_LEN + len); 1417 if (len) 1418 memcpy(lh + 1, data, len); 1419 1420 if (sppp_debug_enabled(sp)) { 1421 char pbuf[SPPP_PROTO_NAMELEN]; 1422 char tbuf[SPPP_CPTYPE_NAMELEN]; 1423 const char *pname, *cpname; 1424 1425 pname = sppp_proto_name(pbuf, sizeof(pbuf), proto); 1426 cpname = sppp_cp_type_name(tbuf, sizeof(tbuf), lh->type); 1427 SPPP_LOG(sp, LOG_DEBUG, "%s output <%s id=0x%x len=%d", 1428 pname, cpname, lh->ident, ntohs(lh->len)); 1429 if (len) 1430 sppp_print_bytes((u_char *)(lh + 1), len); 1431 addlog(">\n"); 1432 } 1433 if (IF_QFULL(&sp->pp_cpq)) { 1434 IF_DROP(&sp->pp_fastq); 1435 IF_DROP(&ifp->if_snd); 1436 m_freem(m); 1437 if_statinc(ifp, if_oerrors); 1438 return; 1439 } 1440 1441 if_statadd(ifp, if_obytes, m->m_pkthdr.len + sp->pp_framebytes); 1442 IF_ENQUEUE(&sp->pp_cpq, m); 1443 1444 if (! (ifp->if_flags & IFF_OACTIVE)) { 1445 SPPP_UNLOCK(sp); 1446 if_start_lock(ifp); 1447 SPPP_LOCK(sp, RW_WRITER); 1448 } 1449 } 1450 1451 static void 1452 sppp_cp_to_lcp(void *xsp) 1453 { 1454 struct sppp *sp = xsp; 1455 1456 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_to); 1457 } 1458 1459 static void 1460 sppp_cp_to_ipcp(void *xsp) 1461 { 1462 struct sppp *sp = xsp; 1463 1464 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_IPCP].work_to); 1465 } 1466 1467 static void 1468 sppp_cp_to_ipv6cp(void *xsp) 1469 { 1470 struct sppp *sp = xsp; 1471 1472 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_IPV6CP].work_to); 1473 } 1474 1475 static void 1476 sppp_cp_to_pap(void *xsp) 1477 { 1478 struct sppp *sp = xsp; 1479 1480 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_to); 1481 } 1482 1483 static void 1484 sppp_cp_to_chap(void *xsp) 1485 { 1486 struct sppp *sp = xsp; 1487 1488 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_to); 1489 } 1490 1491 static void 1492 sppp_cp_init(const struct cp *cp, struct sppp *sp) 1493 { 1494 struct sppp_cp *scp; 1495 typedef void (*sppp_co_cb_t)(void *); 1496 static const sppp_co_cb_t to_cb[IDX_COUNT] = { 1497 [IDX_LCP] = sppp_cp_to_lcp, 1498 [IDX_IPCP] = sppp_cp_to_ipcp, 1499 [IDX_IPV6CP] = sppp_cp_to_ipv6cp, 1500 [IDX_PAP] = sppp_cp_to_pap, 1501 [IDX_CHAP] = sppp_cp_to_chap, 1502 }; 1503 1504 scp = &sp->scp[cp->protoidx]; 1505 scp->state = STATE_INITIAL; 1506 scp->fail_counter = 0; 1507 scp->seq = 0; 1508 scp->rseq = 0; 1509 1510 SPPP_WQ_SET(&scp->work_up, cp->Up, cp); 1511 SPPP_WQ_SET(&scp->work_down, cp->Down, cp); 1512 SPPP_WQ_SET(&scp->work_open, cp->Open, cp); 1513 SPPP_WQ_SET(&scp->work_close, cp->Close, cp); 1514 SPPP_WQ_SET(&scp->work_to, cp->TO, cp); 1515 SPPP_WQ_SET(&scp->work_rcr, sppp_rcr_event, cp); 1516 SPPP_WQ_SET(&scp->work_rca, sppp_rca_event, cp); 1517 SPPP_WQ_SET(&scp->work_rcn, sppp_rcn_event, cp); 1518 SPPP_WQ_SET(&scp->work_rtr, sppp_rtr_event, cp); 1519 SPPP_WQ_SET(&scp->work_rta, sppp_rta_event, cp); 1520 SPPP_WQ_SET(&scp->work_rxj, sppp_rxj_event, cp); 1521 1522 callout_init(&scp->ch, CALLOUT_MPSAFE); 1523 callout_setfunc(&scp->ch, to_cb[cp->protoidx], sp); 1524 } 1525 1526 static void 1527 sppp_cp_fini(const struct cp *cp, struct sppp *sp) 1528 { 1529 struct sppp_cp *scp; 1530 scp = &sp->scp[cp->protoidx]; 1531 1532 sppp_wq_wait(sp->wq_cp, &scp->work_up); 1533 sppp_wq_wait(sp->wq_cp, &scp->work_down); 1534 sppp_wq_wait(sp->wq_cp, &scp->work_open); 1535 sppp_wq_wait(sp->wq_cp, &scp->work_close); 1536 sppp_wq_wait(sp->wq_cp, &scp->work_to); 1537 sppp_wq_wait(sp->wq_cp, &scp->work_rcr); 1538 sppp_wq_wait(sp->wq_cp, &scp->work_rca); 1539 sppp_wq_wait(sp->wq_cp, &scp->work_rcn); 1540 sppp_wq_wait(sp->wq_cp, &scp->work_rtr); 1541 sppp_wq_wait(sp->wq_cp, &scp->work_rta); 1542 sppp_wq_wait(sp->wq_cp, &scp->work_rxj); 1543 1544 callout_halt(&scp->ch, NULL); 1545 callout_destroy(&scp->ch); 1546 1547 if (scp->mbuf_confreq != NULL) { 1548 m_freem(scp->mbuf_confreq); 1549 scp->mbuf_confreq = NULL; 1550 } 1551 if (scp->mbuf_confnak != NULL) { 1552 m_freem(scp->mbuf_confnak); 1553 scp->mbuf_confnak = NULL; 1554 } 1555 } 1556 1557 /* 1558 * Handle incoming PPP control protocol packets. 1559 */ 1560 static void 1561 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1562 { 1563 struct ifnet *ifp; 1564 struct lcp_header *h; 1565 struct sppp_cp *scp; 1566 int printlen, len = m->m_pkthdr.len; 1567 u_char *p; 1568 uint32_t u32; 1569 char tbuf[SPPP_CPTYPE_NAMELEN]; 1570 const char *cpname; 1571 bool debug; 1572 1573 SPPP_LOCK(sp, RW_WRITER); 1574 1575 ifp = &sp->pp_if; 1576 debug = sppp_debug_enabled(sp); 1577 scp = &sp->scp[cp->protoidx]; 1578 1579 if (len < 4) { 1580 SPPP_DLOG(sp, "%s invalid packet length: %d bytes\n", 1581 cp->name, len); 1582 goto out; 1583 } 1584 h = mtod(m, struct lcp_header *); 1585 if (debug) { 1586 printlen = ntohs(h->len); 1587 cpname = sppp_cp_type_name(tbuf, sizeof(tbuf), h->type); 1588 SPPP_LOG(sp, LOG_DEBUG, "%s input(%s): <%s id=0x%x len=%d", 1589 cp->name, sppp_state_name(scp->state), 1590 cpname, h->ident, printlen); 1591 if (len < printlen) 1592 printlen = len; 1593 if (printlen > 4) 1594 sppp_print_bytes((u_char *)(h + 1), printlen - 4); 1595 addlog(">\n"); 1596 } 1597 if (len > ntohs(h->len)) 1598 len = ntohs(h->len); 1599 p = (u_char *)(h + 1); 1600 switch (h->type) { 1601 case CONF_REQ: 1602 if (len < 4) { 1603 SPPP_DLOG(sp,"%s invalid conf-req length %d\n", 1604 cp->name, len); 1605 if_statinc(ifp, if_ierrors); 1606 break; 1607 } 1608 1609 scp->rcr_type = CP_RCR_NONE; 1610 scp->rconfid = h->ident; 1611 if (scp->mbuf_confreq != NULL) { 1612 m_freem(scp->mbuf_confreq); 1613 } 1614 scp->mbuf_confreq = m; 1615 m = NULL; 1616 sppp_wq_add(sp->wq_cp, &scp->work_rcr); 1617 break; 1618 case CONF_ACK: 1619 if (h->ident != scp->confid) { 1620 SPPP_DLOG(sp, "%s id mismatch 0x%x != 0x%x\n", 1621 cp->name, h->ident, scp->confid); 1622 if_statinc(ifp, if_ierrors); 1623 break; 1624 } 1625 sppp_wq_add(sp->wq_cp, &scp->work_rca); 1626 break; 1627 case CONF_NAK: 1628 case CONF_REJ: 1629 if (h->ident != scp->confid) { 1630 SPPP_DLOG(sp, "%s id mismatch 0x%x != 0x%x\n", 1631 cp->name, h->ident, scp->confid); 1632 if_statinc(ifp, if_ierrors); 1633 break; 1634 } 1635 1636 if (scp->mbuf_confnak) { 1637 m_freem(scp->mbuf_confnak); 1638 } 1639 scp->mbuf_confnak = m; 1640 m = NULL; 1641 sppp_wq_add(sp->wq_cp, &scp->work_rcn); 1642 break; 1643 case TERM_REQ: 1644 scp->rseq = h->ident; 1645 sppp_wq_add(sp->wq_cp, &scp->work_rtr); 1646 break; 1647 case TERM_ACK: 1648 if (h->ident != scp->confid && 1649 h->ident != scp->seq) { 1650 SPPP_DLOG(sp, "%s id mismatch " 1651 "0x%x != 0x%x and 0x%x != %0lx\n", 1652 cp->name, h->ident, scp->confid, 1653 h->ident, scp->seq); 1654 if_statinc(ifp, if_ierrors); 1655 break; 1656 } 1657 1658 sppp_wq_add(sp->wq_cp, &scp->work_rta); 1659 break; 1660 case CODE_REJ: 1661 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1662 cpname = sppp_cp_type_name(tbuf, sizeof(tbuf), h->type); 1663 SPPP_LOG(sp, LOG_INFO, "%s: ignoring RXJ (%s) for code ?, " 1664 "danger will robinson\n", cp->name, cpname); 1665 sppp_wq_add(sp->wq_cp, &scp->work_rxj); 1666 break; 1667 case PROTO_REJ: 1668 { 1669 int catastrophic; 1670 const struct cp *upper; 1671 int i; 1672 uint16_t proto; 1673 1674 catastrophic = 0; 1675 upper = NULL; 1676 proto = p[0] << 8 | p[1]; 1677 for (i = 0; i < IDX_COUNT; i++) { 1678 if (cps[i]->proto == proto) { 1679 upper = cps[i]; 1680 break; 1681 } 1682 } 1683 if (upper == NULL) 1684 catastrophic++; 1685 1686 if (debug) { 1687 cpname = sppp_cp_type_name(tbuf, sizeof(tbuf), h->type); 1688 SPPP_LOG(sp, LOG_INFO, 1689 "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1690 cp->name, catastrophic ? '-' : '+', 1691 cpname, proto, upper ? upper->name : "unknown", 1692 upper ? sppp_state_name(sp->scp[upper->protoidx].state) : "?"); 1693 } 1694 1695 /* 1696 * if we got RXJ+ against conf-req, the peer does not implement 1697 * this particular protocol type. terminate the protocol. 1698 */ 1699 if (upper && !catastrophic) { 1700 if (sp->scp[upper->protoidx].state == STATE_REQ_SENT) { 1701 sppp_wq_add(sp->wq_cp, 1702 &sp->scp[upper->protoidx].work_close); 1703 break; 1704 } 1705 } 1706 sppp_wq_add(sp->wq_cp, &scp->work_rxj); 1707 break; 1708 } 1709 case DISC_REQ: 1710 if (cp->proto != PPP_LCP) 1711 goto illegal; 1712 /* Discard the packet. */ 1713 break; 1714 case ECHO_REQ: 1715 if (cp->proto != PPP_LCP) 1716 goto illegal; 1717 if (scp->state != STATE_OPENED) { 1718 SPPP_DLOG(sp, "lcp echo req but lcp closed\n"); 1719 if_statinc(ifp, if_ierrors); 1720 break; 1721 } 1722 if (len < 8) { 1723 SPPP_DLOG(sp, "invalid lcp echo request " 1724 "packet length: %d bytes\n", len); 1725 break; 1726 } 1727 memcpy(&u32, h + 1, sizeof u32); 1728 if (ntohl(u32) == sp->lcp.magic) { 1729 /* Line loopback mode detected. */ 1730 SPPP_DLOG(sp, "loopback\n"); 1731 1732 if (sp->pp_flags & PP_LOOPBACK_IFDOWN) { 1733 sp->pp_flags |= PP_LOOPBACK; 1734 sppp_wq_add(sp->wq_cp, 1735 &sp->work_ifdown); 1736 } 1737 1738 /* Shut down the PPP link. */ 1739 sppp_wq_add(sp->wq_cp, 1740 &sp->scp[IDX_LCP].work_close); 1741 sppp_wq_add(sp->wq_cp, 1742 &sp->scp[IDX_LCP].work_open); 1743 break; 1744 } 1745 u32 = htonl(sp->lcp.magic); 1746 memcpy(h + 1, &u32, sizeof u32); 1747 SPPP_DLOG(sp, "got lcp echo req, sending echo rep\n"); 1748 sppp_cp_send(sp, PPP_LCP, ECHO_REPLY, h->ident, len - 4, 1749 h + 1); 1750 break; 1751 case ECHO_REPLY: 1752 if (cp->proto != PPP_LCP) 1753 goto illegal; 1754 if (h->ident != sp->lcp.echoid) { 1755 if_statinc(ifp, if_ierrors); 1756 break; 1757 } 1758 if (len < 8) { 1759 SPPP_DLOG(sp, "lcp invalid echo reply " 1760 "packet length: %d bytes\n", len); 1761 break; 1762 } 1763 SPPP_DLOG(sp, "lcp got echo rep\n"); 1764 memcpy(&u32, h + 1, sizeof u32); 1765 if (ntohl(u32) != sp->lcp.magic) 1766 sp->pp_alivecnt = 0; 1767 break; 1768 default: 1769 /* Unknown packet type -- send Code-Reject packet. */ 1770 illegal: 1771 SPPP_DLOG(sp, "%s send code-rej for 0x%x\n", 1772 cp->name, h->type); 1773 sppp_cp_send(sp, cp->proto, CODE_REJ, 1774 ++scp->seq, m->m_pkthdr.len, h); 1775 if_statinc(ifp, if_ierrors); 1776 } 1777 1778 out: 1779 SPPP_UNLOCK(sp); 1780 if (m != NULL) 1781 m_freem(m); 1782 } 1783 1784 /* 1785 * The generic part of all Up/Down/Open/Close/TO event handlers. 1786 * Basically, the state transition handling in the automaton. 1787 */ 1788 static void 1789 sppp_up_event(struct sppp *sp, void *xcp) 1790 { 1791 const struct cp *cp = xcp; 1792 1793 KASSERT(SPPP_WLOCKED(sp)); 1794 KASSERT(!cpu_softintr_p()); 1795 1796 if ((cp->flags & CP_AUTH) != 0 && 1797 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) 1798 return; 1799 1800 SPPP_DLOG(sp, "%s up(%s)\n", cp->name, 1801 sppp_state_name(sp->scp[cp->protoidx].state)); 1802 1803 switch (sp->scp[cp->protoidx].state) { 1804 case STATE_INITIAL: 1805 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1806 break; 1807 case STATE_STARTING: 1808 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 1809 (cp->scr)(sp); 1810 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1811 break; 1812 default: 1813 SPPP_LOG(sp, LOG_DEBUG, 1814 "%s illegal up in state %s\n", cp->name, 1815 sppp_state_name(sp->scp[cp->protoidx].state)); 1816 } 1817 } 1818 1819 static void 1820 sppp_down_event(struct sppp *sp, void *xcp) 1821 { 1822 const struct cp *cp = xcp; 1823 1824 KASSERT(SPPP_WLOCKED(sp)); 1825 KASSERT(!cpu_softintr_p()); 1826 1827 if ((cp->flags & CP_AUTH) != 0 && 1828 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) 1829 return; 1830 1831 SPPP_DLOG(sp, "%s down(%s)\n", cp->name, 1832 sppp_state_name(sp->scp[cp->protoidx].state)); 1833 1834 switch (sp->scp[cp->protoidx].state) { 1835 case STATE_CLOSED: 1836 case STATE_CLOSING: 1837 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1838 break; 1839 case STATE_STOPPED: 1840 (cp->tls)(cp, sp); 1841 /* fall through */ 1842 case STATE_STOPPING: 1843 case STATE_REQ_SENT: 1844 case STATE_ACK_RCVD: 1845 case STATE_ACK_SENT: 1846 sppp_cp_change_state(cp, sp, STATE_STARTING); 1847 break; 1848 case STATE_OPENED: 1849 (cp->tld)(sp); 1850 sppp_cp_change_state(cp, sp, STATE_STARTING); 1851 break; 1852 default: 1853 /* 1854 * a down event may be caused regardless 1855 * of state just in LCP case. 1856 */ 1857 if (cp->proto == PPP_LCP) 1858 break; 1859 1860 SPPP_LOG(sp, LOG_DEBUG, 1861 "%s illegal down in state %s\n", cp->name, 1862 sppp_state_name(sp->scp[cp->protoidx].state)); 1863 } 1864 } 1865 1866 static void 1867 sppp_open_event(struct sppp *sp, void *xcp) 1868 { 1869 const struct cp *cp = xcp; 1870 1871 KASSERT(SPPP_WLOCKED(sp)); 1872 KASSERT(!cpu_softintr_p()); 1873 1874 if ((cp->flags & CP_AUTH) != 0 && 1875 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) 1876 return; 1877 1878 SPPP_DLOG(sp, "%s open(%s)\n", cp->name, 1879 sppp_state_name(sp->scp[cp->protoidx].state)); 1880 1881 switch (sp->scp[cp->protoidx].state) { 1882 case STATE_INITIAL: 1883 sppp_cp_change_state(cp, sp, STATE_STARTING); 1884 (cp->tls)(cp, sp); 1885 break; 1886 case STATE_STARTING: 1887 break; 1888 case STATE_CLOSED: 1889 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 1890 sp->lcp.protos |= (1 << cp->protoidx); 1891 (cp->scr)(sp); 1892 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1893 break; 1894 case STATE_STOPPED: 1895 case STATE_STOPPING: 1896 case STATE_REQ_SENT: 1897 case STATE_ACK_RCVD: 1898 case STATE_ACK_SENT: 1899 case STATE_OPENED: 1900 break; 1901 case STATE_CLOSING: 1902 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1903 break; 1904 } 1905 } 1906 1907 static void 1908 sppp_close_event(struct sppp *sp, void *xcp) 1909 { 1910 const struct cp *cp = xcp; 1911 1912 KASSERT(SPPP_WLOCKED(sp)); 1913 KASSERT(!cpu_softintr_p()); 1914 1915 if ((cp->flags & CP_AUTH) != 0 && 1916 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) 1917 return; 1918 1919 SPPP_DLOG(sp, "%s close(%s)\n", cp->name, 1920 sppp_state_name(sp->scp[cp->protoidx].state)); 1921 1922 switch (sp->scp[cp->protoidx].state) { 1923 case STATE_INITIAL: 1924 case STATE_CLOSED: 1925 case STATE_CLOSING: 1926 break; 1927 case STATE_STARTING: 1928 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1929 (cp->tlf)(cp, sp); 1930 break; 1931 case STATE_STOPPED: 1932 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1933 break; 1934 case STATE_STOPPING: 1935 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1936 break; 1937 case STATE_OPENED: 1938 (cp->tld)(sp); 1939 /* fall through */ 1940 case STATE_REQ_SENT: 1941 case STATE_ACK_RCVD: 1942 case STATE_ACK_SENT: 1943 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_terminate; 1944 if ((cp->flags & CP_AUTH) == 0) { 1945 sppp_cp_send(sp, cp->proto, TERM_REQ, 1946 ++sp->scp[cp->protoidx].seq, 0, 0); 1947 } 1948 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1949 break; 1950 } 1951 } 1952 1953 static void 1954 sppp_to_event(struct sppp *sp, void *xcp) 1955 { 1956 const struct cp *cp = xcp; 1957 int s; 1958 1959 KASSERT(SPPP_WLOCKED(sp)); 1960 KASSERT(!cpu_softintr_p()); 1961 1962 s = splnet(); 1963 1964 SPPP_DLOG(sp, "%s TO(%s) rst_counter = %d\n", cp->name, 1965 sppp_state_name(sp->scp[cp->protoidx].state), 1966 sp->scp[cp->protoidx].rst_counter); 1967 1968 if (--sp->scp[cp->protoidx].rst_counter < 0) 1969 /* TO- event */ 1970 switch (sp->scp[cp->protoidx].state) { 1971 case STATE_CLOSING: 1972 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1973 (cp->tlf)(cp, sp); 1974 break; 1975 case STATE_STOPPING: 1976 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1977 (cp->tlf)(cp, sp); 1978 break; 1979 case STATE_REQ_SENT: 1980 case STATE_ACK_RCVD: 1981 case STATE_ACK_SENT: 1982 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1983 (cp->tlf)(cp, sp); 1984 break; 1985 } 1986 else 1987 /* TO+ event */ 1988 switch (sp->scp[cp->protoidx].state) { 1989 case STATE_CLOSING: 1990 case STATE_STOPPING: 1991 if ((cp->flags & CP_AUTH) == 0) { 1992 sppp_cp_send(sp, cp->proto, TERM_REQ, 1993 ++sp->scp[cp->protoidx].seq, 0, 0); 1994 } 1995 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 1996 break; 1997 case STATE_REQ_SENT: 1998 case STATE_ACK_RCVD: 1999 (cp->scr)(sp); 2000 /* sppp_cp_change_state() will restart the timer */ 2001 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2002 break; 2003 case STATE_ACK_SENT: 2004 (cp->scr)(sp); 2005 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 2006 break; 2007 } 2008 2009 splx(s); 2010 } 2011 static void 2012 sppp_rcr_update_state(const struct cp *cp, struct sppp *sp, 2013 enum cp_rcr_type type, uint8_t ident, size_t msglen, void *msg) 2014 { 2015 struct ifnet *ifp; 2016 u_char ctype; 2017 2018 ifp = &sp->pp_if; 2019 2020 if (type == CP_RCR_ERR) { 2021 /* parse error, shut down */ 2022 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 2023 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); 2024 } else if (type == CP_RCR_ACK) { 2025 /* RCR+ event */ 2026 ctype = CONF_ACK; 2027 switch (sp->scp[cp->protoidx].state) { 2028 case STATE_OPENED: 2029 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2030 cp->tld(sp); 2031 cp->scr(sp); 2032 cp->screply(cp, sp, ctype, ident, msglen, msg); 2033 break; 2034 case STATE_REQ_SENT: 2035 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2036 /* fall through */ 2037 case STATE_ACK_SENT: 2038 cp->screply(cp, sp, ctype, ident, msglen, msg); 2039 break; 2040 case STATE_STOPPED: 2041 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2042 cp->scr(sp); 2043 cp->screply(cp, sp, ctype, ident, msglen, msg); 2044 break; 2045 case STATE_ACK_RCVD: 2046 sppp_cp_change_state(cp, sp, STATE_OPENED); 2047 SPPP_DLOG(sp, "%s tlu\n", cp->name); 2048 cp->tlu(sp); 2049 cp->screply(cp, sp, ctype, ident, msglen, msg); 2050 break; 2051 case STATE_CLOSING: 2052 case STATE_STOPPING: 2053 break; 2054 case STATE_CLOSED: 2055 if ((cp->flags & CP_AUTH) == 0) { 2056 sppp_cp_send(sp, cp->proto, TERM_ACK, 2057 ident, 0, 0); 2058 } 2059 break; 2060 default: 2061 SPPP_LOG(sp, LOG_DEBUG, 2062 "%s illegal RCR+ in state %s\n", cp->name, 2063 sppp_state_name(sp->scp[cp->protoidx].state)); 2064 if_statinc(ifp, if_ierrors); 2065 } 2066 } else if (type == CP_RCR_NAK || type == CP_RCR_REJ) { 2067 ctype = type == CP_RCR_NAK ? CONF_NAK : CONF_REJ; 2068 /* RCR- event */ 2069 switch (sp->scp[cp->protoidx].state) { 2070 case STATE_OPENED: 2071 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2072 cp->tld(sp); 2073 cp->scr(sp); 2074 cp->screply(cp, sp, ctype, ident, msglen, msg); 2075 break; 2076 case STATE_ACK_SENT: 2077 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2078 /* fall through */ 2079 case STATE_REQ_SENT: 2080 cp->screply(cp, sp, ctype, ident, msglen, msg); 2081 break; 2082 case STATE_STOPPED: 2083 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2084 cp->scr(sp); 2085 cp->screply(cp, sp, ctype, ident, msglen, msg); 2086 break; 2087 case STATE_ACK_RCVD: 2088 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 2089 cp->screply(cp, sp, ctype, ident, msglen, msg); 2090 break; 2091 case STATE_CLOSING: 2092 case STATE_STOPPING: 2093 break; 2094 case STATE_CLOSED: 2095 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2096 if ((cp->flags & CP_AUTH) == 0) { 2097 sppp_cp_send(sp, cp->proto, TERM_ACK, 2098 ident, 0, 0); 2099 } 2100 break; 2101 default: 2102 SPPP_LOG(sp, LOG_DEBUG, 2103 "%s illegal RCR- in state %s\n", cp->name, 2104 sppp_state_name(sp->scp[cp->protoidx].state)); 2105 if_statinc(ifp, if_ierrors); 2106 } 2107 } 2108 } 2109 2110 static void 2111 sppp_rcr_event(struct sppp *sp, void *xcp) 2112 { 2113 const struct cp *cp = xcp; 2114 struct sppp_cp *scp; 2115 struct lcp_header *h; 2116 struct mbuf *m; 2117 enum cp_rcr_type type; 2118 size_t len; 2119 uint8_t *buf; 2120 size_t blen, rlen; 2121 uint8_t ident; 2122 2123 KASSERT(!cpu_softintr_p()); 2124 2125 scp = &sp->scp[cp->protoidx]; 2126 2127 if (cp->parse_confreq != NULL) { 2128 m = scp->mbuf_confreq; 2129 if (m == NULL) 2130 return; 2131 scp->mbuf_confreq = NULL; 2132 2133 h = mtod(m, struct lcp_header *); 2134 if (h->type != CONF_REQ) { 2135 m_freem(m); 2136 return; 2137 } 2138 2139 ident = h->ident; 2140 len = MIN(m->m_pkthdr.len, ntohs(h->len)); 2141 2142 type = (cp->parse_confreq)(sp, h, len, 2143 &buf, &blen, &rlen); 2144 m_freem(m); 2145 } else { 2146 /* mbuf_cofreq is already parsed and freed */ 2147 type = scp->rcr_type; 2148 ident = scp->rconfid; 2149 buf = NULL; 2150 blen = rlen = 0; 2151 } 2152 2153 sppp_rcr_update_state(cp, sp, type, ident, rlen, (void *)buf); 2154 2155 if (buf != NULL) 2156 kmem_free(buf, blen); 2157 } 2158 2159 static void 2160 sppp_rca_event(struct sppp *sp, void *xcp) 2161 { 2162 struct ifnet *ifp; 2163 const struct cp *cp = xcp; 2164 2165 KASSERT(!cpu_softintr_p()); 2166 2167 ifp = &sp->pp_if; 2168 2169 switch (sp->scp[cp->protoidx].state) { 2170 case STATE_CLOSED: 2171 case STATE_STOPPED: 2172 if ((cp->flags & CP_AUTH) == 0) { 2173 sppp_cp_send(sp, cp->proto, TERM_ACK, 2174 sp->scp[cp->protoidx].rconfid, 0, 0); 2175 } 2176 break; 2177 case STATE_CLOSING: 2178 case STATE_STOPPING: 2179 break; 2180 case STATE_REQ_SENT: 2181 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 2182 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 2183 break; 2184 case STATE_OPENED: 2185 (cp->tld)(sp); 2186 /* fall through */ 2187 case STATE_ACK_RCVD: 2188 (cp->scr)(sp); 2189 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2190 break; 2191 case STATE_ACK_SENT: 2192 sppp_cp_change_state(cp, sp, STATE_OPENED); 2193 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 2194 SPPP_DLOG(sp, "%s tlu\n", cp->name); 2195 (cp->tlu)(sp); 2196 break; 2197 default: 2198 SPPP_LOG(sp, LOG_DEBUG, 2199 "%s illegal RCA in state %s\n", cp->name, 2200 sppp_state_name(sp->scp[cp->protoidx].state)); 2201 if_statinc(ifp, if_ierrors); 2202 } 2203 } 2204 2205 static void 2206 sppp_rcn_event(struct sppp *sp, void *xcp) 2207 { 2208 const struct cp *cp = xcp; 2209 struct sppp_cp *scp; 2210 struct lcp_header *h; 2211 struct mbuf *m; 2212 struct ifnet *ifp = &sp->pp_if; 2213 size_t len; 2214 2215 KASSERT(!cpu_softintr_p()); 2216 2217 scp = &sp->scp[cp->protoidx]; 2218 m = scp->mbuf_confnak; 2219 if (m == NULL) 2220 return; 2221 scp->mbuf_confnak = NULL; 2222 2223 h = mtod(m, struct lcp_header *); 2224 len = MIN(m->m_pkthdr.len, ntohs(h->len)); 2225 2226 switch (h->type) { 2227 case CONF_NAK: 2228 (cp->parse_confnak)(sp, h, len); 2229 break; 2230 case CONF_REJ: 2231 (cp->parse_confrej)(sp, h, len); 2232 break; 2233 default: 2234 m_freem(m); 2235 return; 2236 } 2237 2238 m_freem(m); 2239 2240 switch (scp->state) { 2241 case STATE_CLOSED: 2242 case STATE_STOPPED: 2243 if ((cp->flags & CP_AUTH) == 0) { 2244 sppp_cp_send(sp, cp->proto, TERM_ACK, 2245 scp->rconfid, 0, 0); 2246 } 2247 break; 2248 case STATE_REQ_SENT: 2249 case STATE_ACK_SENT: 2250 scp->rst_counter = sp->lcp.max_configure; 2251 (cp->scr)(sp); 2252 break; 2253 case STATE_OPENED: 2254 (cp->tld)(sp); 2255 /* fall through */ 2256 case STATE_ACK_RCVD: 2257 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2258 (cp->scr)(sp); 2259 break; 2260 case STATE_CLOSING: 2261 case STATE_STOPPING: 2262 break; 2263 default: 2264 SPPP_LOG(sp, LOG_DEBUG, "%s illegal RCN in state %s\n", 2265 cp->name, sppp_state_name(scp->state)); 2266 if_statinc(ifp, if_ierrors); 2267 } 2268 } 2269 2270 static void 2271 sppp_rtr_event(struct sppp *sp, void *xcp) 2272 { 2273 struct ifnet *ifp; 2274 const struct cp *cp = xcp; 2275 2276 KASSERT(!cpu_softintr_p()); 2277 2278 ifp = &sp->pp_if; 2279 2280 switch (sp->scp[cp->protoidx].state) { 2281 case STATE_ACK_RCVD: 2282 case STATE_ACK_SENT: 2283 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2284 break; 2285 case STATE_CLOSED: 2286 case STATE_STOPPED: 2287 case STATE_CLOSING: 2288 case STATE_STOPPING: 2289 case STATE_REQ_SENT: 2290 break; 2291 case STATE_OPENED: 2292 (cp->tld)(sp); 2293 sp->scp[cp->protoidx].rst_counter = 0; 2294 sppp_cp_change_state(cp, sp, STATE_STOPPING); 2295 break; 2296 default: 2297 SPPP_LOG(sp, LOG_DEBUG, "%s illegal RTR in state %s\n", 2298 cp->name, 2299 sppp_state_name(sp->scp[cp->protoidx].state)); 2300 if_statinc(ifp, if_ierrors); 2301 return; 2302 } 2303 2304 /* Send Terminate-Ack packet. */ 2305 SPPP_DLOG(sp, "%s send terminate-ack\n", cp->name); 2306 if ((cp->flags & CP_AUTH) == 0) { 2307 sppp_cp_send(sp, cp->proto, TERM_ACK, 2308 sp->scp[cp->protoidx].rseq, 0, 0); 2309 } 2310 } 2311 2312 static void 2313 sppp_rta_event(struct sppp *sp, void *xcp) 2314 { 2315 const struct cp *cp = xcp; 2316 struct ifnet *ifp = &sp->pp_if; 2317 2318 KASSERT(!cpu_softintr_p()); 2319 2320 switch (sp->scp[cp->protoidx].state) { 2321 case STATE_CLOSED: 2322 case STATE_STOPPED: 2323 case STATE_REQ_SENT: 2324 case STATE_ACK_SENT: 2325 break; 2326 case STATE_CLOSING: 2327 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2328 (cp->tlf)(cp, sp); 2329 break; 2330 case STATE_STOPPING: 2331 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2332 (cp->tlf)(cp, sp); 2333 break; 2334 case STATE_ACK_RCVD: 2335 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2336 break; 2337 case STATE_OPENED: 2338 (cp->tld)(sp); 2339 (cp->scr)(sp); 2340 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 2341 break; 2342 default: 2343 SPPP_LOG(sp, LOG_DEBUG, "%s illegal RTA in state %s\n", 2344 cp->name, sppp_state_name(sp->scp[cp->protoidx].state)); 2345 if_statinc(ifp, if_ierrors); 2346 } 2347 } 2348 2349 static void 2350 sppp_rxj_event(struct sppp *sp, void *xcp) 2351 { 2352 const struct cp *cp = xcp; 2353 struct ifnet *ifp = &sp->pp_if; 2354 2355 KASSERT(!cpu_softintr_p()); 2356 2357 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 2358 switch (sp->scp[cp->protoidx].state) { 2359 case STATE_CLOSED: 2360 case STATE_STOPPED: 2361 case STATE_REQ_SENT: 2362 case STATE_ACK_SENT: 2363 case STATE_CLOSING: 2364 case STATE_STOPPING: 2365 case STATE_OPENED: 2366 break; 2367 case STATE_ACK_RCVD: 2368 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2369 break; 2370 default: 2371 SPPP_LOG(sp, LOG_DEBUG, "%s illegal RXJ- in state %s\n", 2372 cp->name, sppp_state_name(sp->scp[cp->protoidx].state)); 2373 if_statinc(ifp, if_ierrors); 2374 } 2375 } 2376 2377 /* 2378 * Change the state of a control protocol in the state automaton. 2379 * Takes care of starting/stopping the restart timer. 2380 */ 2381 void 2382 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2383 { 2384 2385 KASSERT(SPPP_WLOCKED(sp)); 2386 2387 sp->scp[cp->protoidx].state = newstate; 2388 callout_stop(&sp->scp[cp->protoidx].ch); 2389 switch (newstate) { 2390 case STATE_INITIAL: 2391 case STATE_STARTING: 2392 case STATE_CLOSED: 2393 case STATE_STOPPED: 2394 case STATE_OPENED: 2395 break; 2396 case STATE_CLOSING: 2397 case STATE_STOPPING: 2398 case STATE_REQ_SENT: 2399 case STATE_ACK_RCVD: 2400 case STATE_ACK_SENT: 2401 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 2402 break; 2403 } 2404 } 2405 2406 /* 2407 *--------------------------------------------------------------------------* 2408 * * 2409 * The LCP implementation. * 2410 * * 2411 *--------------------------------------------------------------------------* 2412 */ 2413 static void 2414 sppp_lcp_init(struct sppp *sp) 2415 { 2416 2417 KASSERT(SPPP_WLOCKED(sp)); 2418 2419 sppp_cp_init(&lcp, sp); 2420 2421 SET(sp->lcp.opts, SPPP_LCP_OPT_MAGIC); 2422 sp->lcp.magic = 0; 2423 sp->lcp.protos = 0; 2424 sp->lcp.max_terminate = 2; 2425 sp->lcp.max_configure = 10; 2426 sp->lcp.max_failure = 10; 2427 sp->lcp.tlf_sent = false; 2428 2429 /* 2430 * Initialize counters and timeout values. Note that we don't 2431 * use the 3 seconds suggested in RFC 1661 since we are likely 2432 * running on a fast link. XXX We should probably implement 2433 * the exponential backoff option. Note that these values are 2434 * relevant for all control protocols, not just LCP only. 2435 */ 2436 sp->lcp.timeout = 1 * hz; 2437 } 2438 2439 static void 2440 sppp_lcp_up(struct sppp *sp, void *xcp) 2441 { 2442 struct ifnet *ifp; 2443 const struct cp *cp = xcp; 2444 int pidx; 2445 2446 KASSERT(SPPP_WLOCKED(sp)); 2447 ifp = &sp->pp_if; 2448 2449 pidx = cp->protoidx; 2450 /* Initialize activity timestamp: opening a connection is an activity */ 2451 sp->pp_last_receive = sp->pp_last_activity = time_uptime; 2452 2453 /* 2454 * If this interface is passive or dial-on-demand, and we are 2455 * still in Initial state, it means we've got an incoming 2456 * call. Activate the interface. 2457 */ 2458 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2459 ifp->if_flags |= IFF_RUNNING; 2460 if (sp->scp[pidx].state == STATE_INITIAL) { 2461 SPPP_DLOG(sp, "Up event (incoming call)\n"); 2462 sp->pp_flags |= PP_CALLIN; 2463 sppp_wq_add(sp->wq_cp, &sp->scp[pidx].work_open); 2464 } else { 2465 SPPP_DLOG(sp, "Up event\n"); 2466 } 2467 } 2468 2469 sppp_up_event(sp, xcp); 2470 } 2471 2472 static void 2473 sppp_lcp_down(struct sppp *sp, void *xcp) 2474 { 2475 const struct cp *cp = xcp; 2476 struct ifnet *ifp; 2477 int pidx; 2478 2479 KASSERT(SPPP_WLOCKED(sp)); 2480 KASSERT(!cpu_softintr_p()); 2481 2482 ifp = &sp->pp_if; 2483 pidx = cp->protoidx; 2484 sppp_down_event(sp, xcp); 2485 2486 /* 2487 * We need to do tls to restart when a down event is caused 2488 * by the last tlf. 2489 */ 2490 if (sp->scp[pidx].state == STATE_STARTING && 2491 sp->lcp.tlf_sent) { 2492 cp->tls(cp, sp); 2493 sp->lcp.tlf_sent = false; 2494 } 2495 2496 SPPP_DLOG(sp, "Down event (carrier loss)\n"); 2497 2498 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2499 if (sp->lcp.reestablish) 2500 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); 2501 } else { 2502 sp->pp_flags &= ~PP_CALLIN; 2503 if (sp->scp[pidx].state != STATE_INITIAL) 2504 sppp_wq_add(sp->wq_cp, &sp->scp[pidx].work_close); 2505 ifp->if_flags &= ~IFF_RUNNING; 2506 } 2507 sp->scp[pidx].fail_counter = 0; 2508 } 2509 2510 static void 2511 sppp_lcp_open(struct sppp *sp, void *xcp) 2512 { 2513 2514 KASSERT(SPPP_WLOCKED(sp)); 2515 KASSERT(!cpu_softintr_p()); 2516 2517 sp->lcp.reestablish = false; 2518 sp->scp[IDX_LCP].fail_counter = 0; 2519 2520 /* the interface was down while waiting for reconnection */ 2521 if ((sp->pp_flags & PP_ADMIN_UP) == 0) 2522 return; 2523 2524 if (sp->pp_if.if_mtu < PP_MTU) { 2525 sp->lcp.mru = sp->pp_if.if_mtu; 2526 SET(sp->lcp.opts, SPPP_LCP_OPT_MRU); 2527 } else { 2528 sp->lcp.mru = PP_MTU; 2529 } 2530 sp->lcp.their_mru = PP_MTU; 2531 2532 /* 2533 * If we are authenticator, negotiate LCP_AUTH 2534 */ 2535 if (sp->hisauth.proto != PPP_NOPROTO) 2536 SET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO); 2537 else 2538 CLR(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO); 2539 sp->pp_flags &= ~PP_NEEDAUTH; 2540 sppp_open_event(sp, xcp); 2541 } 2542 2543 2544 /* 2545 * Analyze a configure request. Return true if it was agreeable, and 2546 * caused action sca, false if it has been rejected or nak'ed, and 2547 * caused action scn. (The return value is used to make the state 2548 * transition decision in the state automaton.) 2549 */ 2550 static enum cp_rcr_type 2551 sppp_lcp_confreq(struct sppp *sp, struct lcp_header *h, int origlen, 2552 uint8_t **msgbuf, size_t *buflen, size_t *msglen) 2553 { 2554 u_char *buf, *r, *p, l, blen; 2555 enum cp_rcr_type type; 2556 int len, rlen; 2557 uint32_t nmagic; 2558 u_short authproto; 2559 char lbuf[SPPP_LCPOPT_NAMELEN]; 2560 bool debug; 2561 2562 KASSERT(SPPP_WLOCKED(sp)); 2563 2564 debug = sppp_debug_enabled(sp); 2565 2566 if (origlen < sizeof(*h)) 2567 return CP_RCR_DROP; 2568 2569 origlen -= sizeof(*h); 2570 type = CP_RCR_NONE; 2571 type = 0; 2572 2573 if (origlen <= 0) 2574 return CP_RCR_DROP; 2575 else 2576 blen = origlen; 2577 2578 buf = kmem_intr_alloc(blen, KM_NOSLEEP); 2579 if (buf == NULL) 2580 return CP_RCR_DROP; 2581 2582 if (debug) 2583 SPPP_LOG(sp, LOG_DEBUG, "lcp parse opts:"); 2584 2585 /* pass 1: check for things that need to be rejected */ 2586 p = (void *)(h + 1); 2587 r = buf; 2588 rlen = 0; 2589 for (len = origlen; len > 1; len-= l, p += l) { 2590 l = p[1]; 2591 if (l == 0) 2592 break; 2593 2594 /* Sanity check option length */ 2595 if (l > len) { 2596 /* 2597 * Malicious option - drop immediately. 2598 * XXX Maybe we should just RXJ it? 2599 */ 2600 if (debug) 2601 addlog("\n"); 2602 2603 SPPP_LOG(sp, LOG_DEBUG, 2604 "received malicious LCP option 0x%02x, " 2605 "length 0x%02x, (len: 0x%02x) dropping.\n", 2606 p[0], l, len); 2607 type = CP_RCR_ERR; 2608 goto end; 2609 } 2610 if (debug) 2611 addlog(" %s", sppp_lcp_opt_name(lbuf, sizeof(lbuf), *p)); 2612 switch (p[0]) { 2613 case LCP_OPT_MAGIC: 2614 /* Magic number. */ 2615 /* fall through, both are same length */ 2616 case LCP_OPT_ASYNC_MAP: 2617 /* Async control character map. */ 2618 if (len >= 6 || l == 6) 2619 continue; 2620 if (debug) 2621 addlog(" [invalid]"); 2622 break; 2623 case LCP_OPT_MP_EID: 2624 if (len >= l && l >= 3) { 2625 switch (p[2]) { 2626 case 0: if (l==3+ 0) continue;break; 2627 case 2: if (l==3+ 4) continue;break; 2628 case 3: if (l==3+ 6) continue;break; 2629 case 6: if (l==3+16) continue;break; 2630 case 1: /* FALLTHROUGH */ 2631 case 4: if (l<=3+20) continue;break; 2632 case 5: if (l<=3+15) continue;break; 2633 /* XXX should it be default: continue;? */ 2634 } 2635 } 2636 if (debug) 2637 addlog(" [invalid class %d len %d]", p[2], l); 2638 break; 2639 case LCP_OPT_MP_SSNHF: 2640 if (len >= 2 && l == 2) { 2641 if (debug) 2642 addlog(" [rej]"); 2643 break; 2644 } 2645 if (debug) 2646 addlog(" [invalid]"); 2647 break; 2648 case LCP_OPT_MP_MRRU: 2649 /* Multilink maximum received reconstructed unit */ 2650 /* should be fall through, both are same length */ 2651 /* FALLTHROUGH */ 2652 case LCP_OPT_MRU: 2653 /* Maximum receive unit. */ 2654 if (len >= 4 && l == 4) 2655 continue; 2656 if (debug) 2657 addlog(" [invalid]"); 2658 break; 2659 case LCP_OPT_AUTH_PROTO: 2660 if (len < 4) { 2661 if (debug) 2662 addlog(" [invalid]"); 2663 break; 2664 } 2665 authproto = (p[2] << 8) + p[3]; 2666 if (authproto == PPP_CHAP && l != 5) { 2667 if (debug) 2668 addlog(" [invalid chap len]"); 2669 break; 2670 } 2671 if (ISSET(sp->myauth.flags, SPPP_AUTHFLAG_PASSIVEAUTHPROTO)) { 2672 if (authproto == PPP_PAP || authproto == PPP_CHAP) 2673 sp->myauth.proto = authproto; 2674 } 2675 if (sp->myauth.proto == PPP_NOPROTO) { 2676 /* we are not configured to do auth */ 2677 if (debug) 2678 addlog(" [not configured]"); 2679 break; 2680 } 2681 /* 2682 * Remote want us to authenticate, remember this, 2683 * so we stay in SPPP_PHASE_AUTHENTICATE after LCP got 2684 * up. 2685 */ 2686 sp->pp_flags |= PP_NEEDAUTH; 2687 continue; 2688 default: 2689 /* Others not supported. */ 2690 if (debug) 2691 addlog(" [rej]"); 2692 break; 2693 } 2694 if (rlen + l > blen) { 2695 if (debug) 2696 addlog(" [overflow]"); 2697 continue; 2698 } 2699 /* Add the option to rejected list. */ 2700 memcpy(r, p, l); 2701 r += l; 2702 rlen += l; 2703 } 2704 2705 if (rlen > 0) { 2706 type = CP_RCR_REJ; 2707 goto end; 2708 } 2709 2710 if (debug) 2711 addlog("\n"); 2712 2713 /* 2714 * pass 2: check for option values that are unacceptable and 2715 * thus require to be nak'ed. 2716 */ 2717 if (debug) 2718 SPPP_LOG(sp, LOG_DEBUG, "lcp parse opt values:"); 2719 2720 p = (void *)(h + 1); 2721 r = buf; 2722 rlen = 0; 2723 for (len = origlen; len > 0; len -= l, p += l) { 2724 l = p[1]; 2725 if (l == 0) 2726 break; 2727 2728 if (debug) 2729 addlog(" %s", sppp_lcp_opt_name(lbuf, sizeof(lbuf), *p)); 2730 switch (p[0]) { 2731 case LCP_OPT_MAGIC: 2732 /* Magic number -- extract. */ 2733 nmagic = (uint32_t)p[2] << 24 | 2734 (uint32_t)p[3] << 16 | p[4] << 8 | p[5]; 2735 if (nmagic != sp->lcp.magic) { 2736 if (debug) 2737 addlog(" 0x%x", nmagic); 2738 continue; 2739 } 2740 /* 2741 * Local and remote magics equal -- loopback? 2742 */ 2743 if (sp->pp_loopcnt >= LOOPALIVECNT*5) { 2744 SPPP_DLOG(sp, "loopback\n"); 2745 sp->pp_loopcnt = 0; 2746 2747 if (sp->pp_flags & PP_LOOPBACK_IFDOWN) { 2748 sp->pp_flags |= PP_LOOPBACK; 2749 sppp_wq_add(sp->wq_cp, 2750 &sp->work_ifdown); 2751 } 2752 2753 sppp_wq_add(sp->wq_cp, 2754 &sp->scp[IDX_LCP].work_close); 2755 sppp_wq_add(sp->wq_cp, 2756 &sp->scp[IDX_LCP].work_open); 2757 } else { 2758 if (debug) 2759 addlog(" [glitch]"); 2760 ++sp->pp_loopcnt; 2761 } 2762 /* 2763 * We negate our magic here, and NAK it. If 2764 * we see it later in an NAK packet, we 2765 * suggest a new one. 2766 */ 2767 nmagic = ~sp->lcp.magic; 2768 /* Gonna NAK it. */ 2769 p[2] = nmagic >> 24; 2770 p[3] = nmagic >> 16; 2771 p[4] = nmagic >> 8; 2772 p[5] = nmagic; 2773 break; 2774 2775 case LCP_OPT_ASYNC_MAP: 2776 /* 2777 * Async control character map -- just ignore it. 2778 * 2779 * Quote from RFC 1662, chapter 6: 2780 * To enable this functionality, synchronous PPP 2781 * implementations MUST always respond to the 2782 * Async-Control-Character-Map Configuration 2783 * Option with the LCP Configure-Ack. However, 2784 * acceptance of the Configuration Option does 2785 * not imply that the synchronous implementation 2786 * will do any ACCM mapping. Instead, all such 2787 * octet mapping will be performed by the 2788 * asynchronous-to-synchronous converter. 2789 */ 2790 continue; 2791 2792 case LCP_OPT_MRU: 2793 /* 2794 * Maximum receive unit. Always agreeable, 2795 * but ignored by now. 2796 */ 2797 sp->lcp.their_mru = p[2] * 256 + p[3]; 2798 if (debug) 2799 addlog(" %ld", sp->lcp.their_mru); 2800 continue; 2801 2802 case LCP_OPT_AUTH_PROTO: 2803 authproto = (p[2] << 8) + p[3]; 2804 if (ISSET(sp->myauth.flags, SPPP_AUTHFLAG_PASSIVEAUTHPROTO)) { 2805 if (authproto == PPP_PAP || authproto == PPP_CHAP) 2806 sp->myauth.proto = authproto; 2807 } 2808 if (sp->myauth.proto == authproto) { 2809 if (authproto != PPP_CHAP || p[4] == CHAP_MD5) { 2810 continue; 2811 } 2812 if (debug) 2813 addlog(" [chap without MD5]"); 2814 } else { 2815 if (debug) { 2816 char pbuf1[SPPP_PROTO_NAMELEN]; 2817 char pbuf2[SPPP_PROTO_NAMELEN]; 2818 const char *pname1, *pname2; 2819 2820 pname1 = sppp_proto_name(pbuf1, 2821 sizeof(pbuf1), sp->myauth.proto); 2822 pname2 = sppp_proto_name(pbuf2, 2823 sizeof(pbuf2), authproto); 2824 addlog(" [mine %s != his %s]", 2825 pname1, pname2); 2826 } 2827 } 2828 /* not agreed, nak */ 2829 if (sp->myauth.proto == PPP_CHAP) { 2830 l = 5; 2831 } else { 2832 l = 4; 2833 } 2834 2835 if (rlen + l > blen) { 2836 if (debug) 2837 addlog(" [overflow]"); 2838 continue; 2839 } 2840 2841 r[0] = LCP_OPT_AUTH_PROTO; 2842 r[1] = l; 2843 r[2] = sp->myauth.proto >> 8; 2844 r[3] = sp->myauth.proto & 0xff; 2845 if (sp->myauth.proto == PPP_CHAP) 2846 r[4] = CHAP_MD5; 2847 rlen += l; 2848 r += l; 2849 continue; 2850 case LCP_OPT_MP_EID: 2851 /* 2852 * Endpoint identification. 2853 * Always agreeable, 2854 * but ignored by now. 2855 */ 2856 if (debug) { 2857 addlog(" type %d", p[2]); 2858 sppp_print_bytes(p+3, p[1]-3); 2859 } 2860 continue; 2861 case LCP_OPT_MP_MRRU: 2862 /* 2863 * Maximum received reconstructed unit. 2864 * Always agreeable, 2865 * but ignored by now. 2866 */ 2867 sp->lcp.their_mrru = p[2] * 256 + p[3]; 2868 if (debug) 2869 addlog(" %ld", sp->lcp.their_mrru); 2870 continue; 2871 } 2872 if (rlen + l > blen) { 2873 if (debug) 2874 addlog(" [overflow]"); 2875 continue; 2876 } 2877 /* Add the option to nak'ed list. */ 2878 memcpy(r, p, l); 2879 r += l; 2880 rlen += l; 2881 } 2882 2883 if (rlen > 0) { 2884 if (++sp->scp[IDX_LCP].fail_counter >= sp->lcp.max_failure) { 2885 if (debug) 2886 addlog(" max_failure (%d) exceeded, ", 2887 sp->lcp.max_failure); 2888 type = CP_RCR_REJ; 2889 } else { 2890 type = CP_RCR_NAK; 2891 } 2892 } else { 2893 type = CP_RCR_ACK; 2894 rlen = origlen; 2895 memcpy(r, h + 1, rlen); 2896 sp->scp[IDX_LCP].fail_counter = 0; 2897 sp->pp_loopcnt = 0; 2898 } 2899 2900 end: 2901 if (debug) 2902 addlog("\n"); 2903 2904 if (type == CP_RCR_ERR || type == CP_RCR_DROP) { 2905 if (buf != NULL) 2906 kmem_intr_free(buf, blen); 2907 } else { 2908 *msgbuf = buf; 2909 *buflen = blen; 2910 *msglen = rlen; 2911 } 2912 2913 return type; 2914 } 2915 2916 /* 2917 * Analyze the LCP Configure-Reject option list, and adjust our 2918 * negotiation. 2919 */ 2920 static void 2921 sppp_lcp_confrej(struct sppp *sp, struct lcp_header *h, int len) 2922 { 2923 u_char *p, l; 2924 bool debug; 2925 2926 KASSERT(SPPP_WLOCKED(sp)); 2927 2928 debug = sppp_debug_enabled(sp); 2929 2930 if (len <= sizeof(*h)) 2931 return; 2932 2933 len -= sizeof(*h); 2934 2935 if (debug) 2936 SPPP_LOG(sp, LOG_DEBUG, "lcp rej opts:"); 2937 2938 p = (void *)(h + 1); 2939 for (; len > 1 && (l = p[1]) != 0; len -= l, p += l) { 2940 /* Sanity check option length */ 2941 if (l > len) { 2942 /* 2943 * Malicious option - drop immediately. 2944 * XXX Maybe we should just RXJ it? 2945 */ 2946 if (debug) 2947 addlog("\n"); 2948 2949 SPPP_LOG(sp, LOG_DEBUG, 2950 "received malicious LCP option, dropping.\n"); 2951 goto end; 2952 } 2953 if (debug) { 2954 char lbuf[SPPP_LCPOPT_NAMELEN]; 2955 addlog(" %s", sppp_lcp_opt_name(lbuf, sizeof(lbuf), *p)); 2956 } 2957 switch (p[0]) { 2958 case LCP_OPT_MAGIC: 2959 /* Magic number -- can't use it, use 0 */ 2960 CLR(sp->lcp.opts, SPPP_LCP_OPT_MAGIC); 2961 sp->lcp.magic = 0; 2962 break; 2963 case LCP_OPT_MRU: 2964 /* 2965 * We try to negotiate a lower MRU if the underlying 2966 * link's MTU is less than PP_MTU (e.g. PPPoE). If the 2967 * peer rejects this lower rate, fallback to the 2968 * default. 2969 */ 2970 if (!debug) { 2971 SPPP_LOG(sp, LOG_INFO, 2972 "peer rejected our MRU of " 2973 "%ld bytes. Defaulting to %d bytes\n", 2974 sp->lcp.mru, PP_MTU); 2975 } 2976 CLR(sp->lcp.opts, SPPP_LCP_OPT_MRU); 2977 sp->lcp.mru = PP_MTU; 2978 break; 2979 case LCP_OPT_AUTH_PROTO: 2980 /* 2981 * Peer doesn't want to authenticate himself, 2982 * deny unless this is a dialout call, and 2983 * SPPP_AUTHFLAG_NOCALLOUT is set. 2984 */ 2985 if ((sp->pp_flags & PP_CALLIN) == 0 && 2986 (sp->hisauth.flags & SPPP_AUTHFLAG_NOCALLOUT) != 0) { 2987 if (debug) { 2988 addlog(" [don't insist on auth " 2989 "for callout]"); 2990 } 2991 CLR(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO); 2992 break; 2993 } 2994 if (debug) 2995 addlog("[access denied]\n"); 2996 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 2997 break; 2998 } 2999 } 3000 if (debug) 3001 addlog("\n"); 3002 end: 3003 return; 3004 } 3005 3006 /* 3007 * Analyze the LCP Configure-NAK option list, and adjust our 3008 * negotiation. 3009 */ 3010 static void 3011 sppp_lcp_confnak(struct sppp *sp, struct lcp_header *h, int len) 3012 { 3013 u_char *p, l; 3014 uint32_t magic; 3015 bool debug; 3016 3017 KASSERT(SPPP_WLOCKED(sp)); 3018 3019 if (len <= sizeof(*h)) 3020 return; 3021 3022 debug = sppp_debug_enabled(sp); 3023 len -= sizeof(*h); 3024 3025 if (debug) 3026 SPPP_LOG(sp, LOG_DEBUG, "lcp nak opts:"); 3027 3028 p = (void *)(h + 1); 3029 for (; len > 1 && (l = p[1]) != 0; len -= l, p += l) { 3030 /* Sanity check option length */ 3031 if (l > len) { 3032 /* 3033 * Malicious option - drop immediately. 3034 * XXX Maybe we should just RXJ it? 3035 */ 3036 if (debug) 3037 addlog("\n"); 3038 3039 SPPP_LOG(sp, LOG_DEBUG, 3040 "received malicious LCP option, dropping.\n"); 3041 goto end; 3042 } 3043 if (debug) { 3044 char lbuf[SPPP_LCPOPT_NAMELEN]; 3045 addlog(" %s", sppp_lcp_opt_name(lbuf, sizeof(lbuf),*p)); 3046 } 3047 switch (p[0]) { 3048 case LCP_OPT_MAGIC: 3049 /* Magic number -- renegotiate */ 3050 if (ISSET(sp->lcp.opts, SPPP_LCP_OPT_MAGIC) && 3051 len >= 6 && l == 6) { 3052 magic = (uint32_t)p[2] << 24 | 3053 (uint32_t)p[3] << 16 | p[4] << 8 | p[5]; 3054 /* 3055 * If the remote magic is our negated one, 3056 * this looks like a loopback problem. 3057 * Suggest a new magic to make sure. 3058 */ 3059 if (magic == ~sp->lcp.magic) { 3060 if (debug) 3061 addlog(" magic glitch"); 3062 sp->lcp.magic = cprng_fast32(); 3063 } else { 3064 sp->lcp.magic = magic; 3065 if (debug) 3066 addlog(" %d", magic); 3067 } 3068 } 3069 break; 3070 case LCP_OPT_MRU: 3071 /* 3072 * Peer wants to advise us to negotiate an MRU. 3073 * Agree on it if it's reasonable, or use 3074 * default otherwise. 3075 */ 3076 if (len >= 4 && l == 4) { 3077 u_int mru = p[2] * 256 + p[3]; 3078 if (debug) 3079 addlog(" %d", mru); 3080 if (mru < PPP_MINMRU || mru > sp->pp_if.if_mtu) 3081 mru = sp->pp_if.if_mtu; 3082 sp->lcp.mru = mru; 3083 SET(sp->lcp.opts, SPPP_LCP_OPT_MRU); 3084 } 3085 break; 3086 case LCP_OPT_AUTH_PROTO: 3087 /* 3088 * Peer doesn't like our authentication method, 3089 * deny. 3090 */ 3091 if (debug) 3092 addlog("[access denied]\n"); 3093 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 3094 break; 3095 } 3096 } 3097 if (debug) 3098 addlog("\n"); 3099 end: 3100 return; 3101 } 3102 3103 static void 3104 sppp_lcp_tlu(struct sppp *sp) 3105 { 3106 struct ifnet *ifp; 3107 struct sppp_cp *scp; 3108 int i; 3109 bool going_up; 3110 3111 KASSERT(SPPP_WLOCKED(sp)); 3112 3113 ifp = &sp->pp_if; 3114 3115 /* unlock for IFNET_LOCK and if_up() */ 3116 SPPP_UNLOCK(sp); 3117 3118 if (! (ifp->if_flags & IFF_UP) && 3119 (ifp->if_flags & IFF_RUNNING)) { 3120 /* Coming out of loopback mode. */ 3121 going_up = true; 3122 if_up(ifp); 3123 } else { 3124 going_up = false; 3125 } 3126 3127 IFNET_LOCK(ifp); 3128 SPPP_LOCK(sp, RW_WRITER); 3129 3130 if (going_up) { 3131 if ((sp->pp_flags & PP_LOOPBACK) == 0) { 3132 SPPP_LOG(sp, LOG_DEBUG, 3133 "interface is going up, " 3134 "but no loopback packet is detected\n"); 3135 } 3136 sp->pp_flags &= ~PP_LOOPBACK; 3137 } 3138 3139 if (ifp->if_mtu > sp->lcp.their_mru) { 3140 sp->pp_saved_mtu = ifp->if_mtu; 3141 ifp->if_mtu = sp->lcp.their_mru; 3142 SPPP_DLOG(sp, "setting MTU " 3143 "from %"PRIu64" bytes to %"PRIu64" bytes\n", 3144 sp->pp_saved_mtu, ifp->if_mtu); 3145 } 3146 IFNET_UNLOCK(ifp); 3147 3148 if (ISSET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO) || 3149 (sp->pp_flags & PP_NEEDAUTH) != 0) 3150 sppp_change_phase(sp, SPPP_PHASE_AUTHENTICATE); 3151 else 3152 sppp_change_phase(sp, SPPP_PHASE_NETWORK); 3153 3154 3155 for (i = 0; i < IDX_COUNT; i++) { 3156 scp = &sp->scp[(cps[i])->protoidx]; 3157 3158 if (((cps[i])->flags & CP_LCP) == 0) 3159 sppp_wq_add(sp->wq_cp, &scp->work_up); 3160 3161 /* 3162 * Open all authentication protocols. This is even required 3163 * if we already proceeded to network phase, since it might be 3164 * that remote wants us to authenticate, so we might have to 3165 * send a PAP request. Undesired authentication protocols 3166 * don't do anything when they get an Open event. 3167 */ 3168 if ((cps[i])->flags & CP_AUTH) 3169 sppp_wq_add(sp->wq_cp, &scp->work_open); 3170 3171 /* Open all NCPs. */ 3172 if (sp->pp_phase == SPPP_PHASE_NETWORK && 3173 ((cps[i])->flags & CP_NCP) != 0) { 3174 sppp_wq_add(sp->wq_cp, &scp->work_open); 3175 } 3176 } 3177 3178 /* notify low-level driver of state change */ 3179 sppp_notify_chg_wlocked(sp); 3180 } 3181 3182 static void 3183 sppp_lcp_tld(struct sppp *sp) 3184 { 3185 struct ifnet *ifp; 3186 struct sppp_cp *scp; 3187 int i, phase; 3188 3189 KASSERT(SPPP_WLOCKED(sp)); 3190 3191 phase = sp->pp_phase; 3192 3193 sppp_change_phase(sp, SPPP_PHASE_TERMINATE); 3194 3195 if (sp->pp_saved_mtu > 0) { 3196 ifp = &sp->pp_if; 3197 3198 SPPP_UNLOCK(sp); 3199 IFNET_LOCK(ifp); 3200 SPPP_LOCK(sp, RW_WRITER); 3201 3202 SPPP_DLOG(sp, "setting MTU " 3203 "from %"PRIu64" bytes to %"PRIu64" bytes\n", 3204 ifp->if_mtu, sp->pp_saved_mtu); 3205 3206 ifp->if_mtu = sp->pp_saved_mtu; 3207 sp->pp_saved_mtu = 0; 3208 IFNET_UNLOCK(ifp); 3209 } 3210 3211 /* 3212 * Take upper layers down. We send the Down event first and 3213 * the Close second to prevent the upper layers from sending 3214 * ``a flurry of terminate-request packets'', as the RFC 3215 * describes it. 3216 */ 3217 for (i = 0; i < IDX_COUNT; i++) { 3218 scp = &sp->scp[(cps[i])->protoidx]; 3219 3220 if (((cps[i])->flags & CP_LCP) == 0) 3221 sppp_wq_add(sp->wq_cp, &scp->work_down); 3222 3223 if ((cps[i])->flags & CP_AUTH) { 3224 sppp_wq_add(sp->wq_cp, &scp->work_close); 3225 } 3226 3227 /* Close all NCPs. */ 3228 if (phase == SPPP_PHASE_NETWORK && 3229 ((cps[i])->flags & CP_NCP) != 0) { 3230 sppp_wq_add(sp->wq_cp, &scp->work_close); 3231 } 3232 } 3233 } 3234 3235 static void 3236 sppp_lcp_tls(const struct cp *cp __unused, struct sppp *sp) 3237 { 3238 3239 KASSERT(SPPP_WLOCKED(sp)); 3240 3241 sppp_change_phase(sp, SPPP_PHASE_ESTABLISH); 3242 3243 /* Notify lower layer if desired. */ 3244 sppp_notify_tls_wlocked(sp); 3245 sp->lcp.tlf_sent = false; 3246 } 3247 3248 static void 3249 sppp_lcp_tlf(const struct cp *cp __unused, struct sppp *sp) 3250 { 3251 3252 KASSERT(SPPP_WLOCKED(sp)); 3253 3254 sppp_change_phase(sp, SPPP_PHASE_DEAD); 3255 3256 /* Notify lower layer if desired. */ 3257 sppp_notify_tlf_wlocked(sp); 3258 3259 switch (sp->scp[IDX_LCP].state) { 3260 case STATE_CLOSED: 3261 case STATE_STOPPED: 3262 sp->lcp.tlf_sent = true; 3263 break; 3264 case STATE_INITIAL: 3265 default: 3266 /* just in case */ 3267 sp->lcp.tlf_sent = false; 3268 } 3269 } 3270 3271 static void 3272 sppp_lcp_scr(struct sppp *sp) 3273 { 3274 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 3275 int i = 0; 3276 u_short authproto; 3277 3278 KASSERT(SPPP_WLOCKED(sp)); 3279 3280 if (ISSET(sp->lcp.opts, SPPP_LCP_OPT_MAGIC)) { 3281 if (! sp->lcp.magic) 3282 sp->lcp.magic = cprng_fast32(); 3283 opt[i++] = LCP_OPT_MAGIC; 3284 opt[i++] = 6; 3285 opt[i++] = sp->lcp.magic >> 24; 3286 opt[i++] = sp->lcp.magic >> 16; 3287 opt[i++] = sp->lcp.magic >> 8; 3288 opt[i++] = sp->lcp.magic; 3289 } 3290 3291 if (ISSET(sp->lcp.opts,SPPP_LCP_OPT_MRU)) { 3292 opt[i++] = LCP_OPT_MRU; 3293 opt[i++] = 4; 3294 opt[i++] = sp->lcp.mru >> 8; 3295 opt[i++] = sp->lcp.mru; 3296 } 3297 3298 if (ISSET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO)) { 3299 authproto = sp->hisauth.proto; 3300 opt[i++] = LCP_OPT_AUTH_PROTO; 3301 opt[i++] = authproto == PPP_CHAP? 5: 4; 3302 opt[i++] = authproto >> 8; 3303 opt[i++] = authproto; 3304 if (authproto == PPP_CHAP) 3305 opt[i++] = CHAP_MD5; 3306 } 3307 3308 sp->scp[IDX_LCP].confid = ++sp->scp[IDX_LCP].seq; 3309 sppp_cp_send(sp, PPP_LCP, CONF_REQ, sp->scp[IDX_LCP].confid, i, &opt); 3310 } 3311 3312 /* 3313 * Check the open NCPs, return true if at least one NCP is open. 3314 */ 3315 3316 static int 3317 sppp_cp_check(struct sppp *sp, u_char cp_flags) 3318 { 3319 int i, mask; 3320 3321 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 3322 if ((sp->lcp.protos & mask) && (cps[i])->flags & cp_flags) 3323 return 1; 3324 return 0; 3325 } 3326 3327 /* 3328 * Re-check the open NCPs and see if we should terminate the link. 3329 * Called by the NCPs during their tlf action handling. 3330 */ 3331 static void 3332 sppp_lcp_check_and_close(struct sppp *sp) 3333 { 3334 3335 KASSERT(SPPP_WLOCKED(sp)); 3336 3337 if (sp->pp_phase < SPPP_PHASE_AUTHENTICATE) { 3338 /* don't bother, we are already going down */ 3339 return; 3340 } 3341 3342 if (sp->pp_phase == SPPP_PHASE_AUTHENTICATE && 3343 sppp_cp_check(sp, CP_AUTH)) 3344 return; 3345 3346 if (sp->pp_phase >= SPPP_PHASE_NETWORK && 3347 sppp_cp_check(sp, CP_NCP)) 3348 return; 3349 3350 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 3351 3352 if (sp->pp_max_auth_fail != 0 && 3353 sp->pp_auth_failures >= sp->pp_max_auth_fail) { 3354 SPPP_LOG(sp, LOG_INFO, "authentication failed %d times, " 3355 "not retrying again\n", sp->pp_auth_failures); 3356 3357 sppp_wq_add(sp->wq_cp, &sp->work_ifdown); 3358 sp->pp_if.if_flags &= ~IFF_RUNNING; 3359 } else { 3360 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); 3361 } 3362 } 3363 3364 /* 3365 *--------------------------------------------------------------------------* 3366 * * 3367 * The IPCP implementation. * 3368 * * 3369 *--------------------------------------------------------------------------* 3370 */ 3371 3372 static void 3373 sppp_ipcp_init(struct sppp *sp) 3374 { 3375 3376 KASSERT(SPPP_WLOCKED(sp)); 3377 3378 sppp_cp_init(&ipcp, sp); 3379 3380 sp->ipcp.opts = 0; 3381 sp->ipcp.flags = 0; 3382 } 3383 3384 static void 3385 sppp_ipcp_open(struct sppp *sp, void *xcp) 3386 { 3387 uint32_t myaddr, hisaddr; 3388 3389 KASSERT(SPPP_WLOCKED(sp)); 3390 KASSERT(!cpu_softintr_p()); 3391 3392 if (!ISSET(sp->pp_ncpflags, SPPP_NCP_IPCP)) 3393 return; 3394 3395 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN|IPCP_HISADDR_DYN); 3396 sp->ipcp.req_myaddr = 0; 3397 sp->ipcp.req_hisaddr = 0; 3398 memset(&sp->dns_addrs, 0, sizeof sp->dns_addrs); 3399 3400 #ifdef INET 3401 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 3402 #else 3403 myaddr = hisaddr = 0; 3404 #endif 3405 /* 3406 * If we don't have his address, this probably means our 3407 * interface doesn't want to talk IP at all. (This could 3408 * be the case if somebody wants to speak only IPX, for 3409 * example.) Don't open IPCP in this case. 3410 */ 3411 if (hisaddr == 0) { 3412 /* XXX this message should go away */ 3413 SPPP_DLOG(sp, "ipcp_open(): no IP interface\n"); 3414 return; 3415 } 3416 3417 if (myaddr == 0) { 3418 /* 3419 * I don't have an assigned address, so i need to 3420 * negotiate my address. 3421 */ 3422 sp->ipcp.flags |= IPCP_MYADDR_DYN; 3423 SET(sp->ipcp.opts, SPPP_IPCP_OPT_ADDRESS); 3424 } 3425 if (hisaddr == 1) { 3426 /* 3427 * XXX - remove this hack! 3428 * remote has no valid address, we need to get one assigned. 3429 */ 3430 sp->ipcp.flags |= IPCP_HISADDR_DYN; 3431 sp->ipcp.saved_hisaddr = htonl(hisaddr); 3432 } 3433 3434 if (sp->query_dns & 1) { 3435 SET(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS); 3436 } else { 3437 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS); 3438 } 3439 3440 if (sp->query_dns & 2) { 3441 SET(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS); 3442 } else { 3443 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS); 3444 } 3445 sppp_open_event(sp, xcp); 3446 } 3447 3448 static void 3449 sppp_ipcp_close(struct sppp *sp, void *xcp) 3450 { 3451 3452 KASSERT(SPPP_WLOCKED(sp)); 3453 KASSERT(!cpu_softintr_p()); 3454 3455 sppp_close_event(sp, xcp); 3456 3457 #ifdef INET 3458 if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN)) { 3459 /* 3460 * Some address was dynamic, clear it again. 3461 */ 3462 sppp_clear_ip_addrs(sp); 3463 } 3464 #endif 3465 memset(&sp->dns_addrs, 0, sizeof sp->dns_addrs); 3466 } 3467 3468 /* 3469 * Analyze a configure request. Return true if it was agreeable, and 3470 * caused action sca, false if it has been rejected or nak'ed, and 3471 * caused action scn. (The return value is used to make the state 3472 * transition decision in the state automaton.) 3473 */ 3474 static enum cp_rcr_type 3475 sppp_ipcp_confreq(struct sppp *sp, struct lcp_header *h, int origlen, 3476 uint8_t **msgbuf, size_t *buflen, size_t *msglen) 3477 { 3478 u_char *buf, *r, *p, l, blen; 3479 enum cp_rcr_type type; 3480 int rlen, len; 3481 uint32_t hisaddr, desiredaddr; 3482 char ipbuf[SPPP_IPCPOPT_NAMELEN]; 3483 char dqbuf[SPPP_DOTQUAD_BUFLEN]; 3484 const char *dq; 3485 bool debug; 3486 3487 KASSERT(SPPP_WLOCKED(sp)); 3488 3489 type = CP_RCR_NONE; 3490 origlen -= sizeof(*h); 3491 3492 if (origlen < 0) 3493 return CP_RCR_DROP; 3494 3495 debug = sppp_debug_enabled(sp); 3496 3497 /* 3498 * Make sure to allocate a buf that can at least hold a 3499 * conf-nak with an `address' option. We might need it below. 3500 */ 3501 blen = MAX(6, origlen); 3502 3503 buf = kmem_intr_alloc(blen, KM_NOSLEEP); 3504 if (buf == NULL) 3505 return CP_RCR_DROP; 3506 3507 /* pass 1: see if we can recognize them */ 3508 if (debug) 3509 SPPP_LOG(sp, LOG_DEBUG, "ipcp parse opts:"); 3510 p = (void *)(h + 1); 3511 r = buf; 3512 rlen = 0; 3513 for (len = origlen; len > 1; len -= l, p += l) { 3514 l = p[1]; 3515 if (l == 0) 3516 break; 3517 3518 /* Sanity check option length */ 3519 if (l > len) { 3520 /* XXX should we just RXJ? */ 3521 if (debug) 3522 addlog("\n"); 3523 3524 SPPP_LOG(sp, LOG_DEBUG, 3525 " malicious IPCP option received, dropping\n"); 3526 type = CP_RCR_ERR; 3527 goto end; 3528 } 3529 if (debug) { 3530 addlog(" %s", 3531 sppp_ipcp_opt_name(ipbuf, sizeof(ipbuf), *p)); 3532 } 3533 switch (p[0]) { 3534 #ifdef notyet 3535 case IPCP_OPT_COMPRESSION: 3536 if (len >= 6 && l >= 6) { 3537 /* correctly formed compress option */ 3538 continue; 3539 } 3540 if (debug) 3541 addlog(" [invalid]"); 3542 break; 3543 #endif 3544 case IPCP_OPT_ADDRESS: 3545 if (len >= 6 && l == 6) { 3546 /* correctly formed address option */ 3547 continue; 3548 } 3549 if (debug) 3550 addlog(" [invalid]"); 3551 break; 3552 default: 3553 /* Others not supported. */ 3554 if (debug) 3555 addlog(" [rej]"); 3556 break; 3557 } 3558 /* Add the option to rejected list. */ 3559 if (rlen + l > blen) { 3560 if (debug) 3561 addlog(" [overflow]"); 3562 continue; 3563 } 3564 memcpy(r, p, l); 3565 r += l; 3566 rlen += l; 3567 } 3568 3569 if (rlen > 0) { 3570 type = CP_RCR_REJ; 3571 goto end; 3572 } 3573 3574 if (debug) 3575 addlog("\n"); 3576 3577 /* pass 2: parse option values */ 3578 if (sp->ipcp.flags & IPCP_HISADDR_SEEN) 3579 hisaddr = sp->ipcp.req_hisaddr; /* we already aggreed on that */ 3580 else 3581 #ifdef INET 3582 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */ 3583 #else 3584 hisaddr = 0; 3585 #endif 3586 if (debug) 3587 SPPP_LOG(sp, LOG_DEBUG, "ipcp parse opt values:"); 3588 p = (void *)(h + 1); 3589 r = buf; 3590 rlen = 0; 3591 for (len = origlen; len > 1; len -= l, p += l) { 3592 l = p[1]; 3593 if (l == 0) 3594 break; 3595 3596 if (debug) { 3597 addlog(" %s", 3598 sppp_ipcp_opt_name(ipbuf, sizeof(ipbuf), *p)); 3599 } 3600 switch (p[0]) { 3601 #ifdef notyet 3602 case IPCP_OPT_COMPRESSION: 3603 continue; 3604 #endif 3605 case IPCP_OPT_ADDRESS: 3606 desiredaddr = p[2] << 24 | p[3] << 16 | 3607 p[4] << 8 | p[5]; 3608 if (desiredaddr == hisaddr || 3609 ((sp->ipcp.flags & IPCP_HISADDR_DYN) && desiredaddr != 0)) { 3610 /* 3611 * Peer's address is same as our value, 3612 * this is agreeable. Gonna conf-ack 3613 * it. 3614 */ 3615 if (debug) { 3616 dq = sppp_dotted_quad(dqbuf, 3617 sizeof(dqbuf), hisaddr); 3618 addlog(" %s [ack]", dq); 3619 } 3620 /* record that we've seen it already */ 3621 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 3622 sp->ipcp.req_hisaddr = desiredaddr; 3623 hisaddr = desiredaddr; 3624 continue; 3625 } 3626 /* 3627 * The address wasn't agreeable. This is either 3628 * he sent us 0.0.0.0, asking to assign him an 3629 * address, or he send us another address not 3630 * matching our value. Either case, we gonna 3631 * conf-nak it with our value. 3632 */ 3633 if (debug) { 3634 if (desiredaddr == 0) { 3635 addlog(" [addr requested]"); 3636 } else { 3637 dq = sppp_dotted_quad(dqbuf, 3638 sizeof(dqbuf), desiredaddr); 3639 addlog(" %s [not agreed]", dq); 3640 } 3641 } 3642 3643 p[2] = hisaddr >> 24; 3644 p[3] = hisaddr >> 16; 3645 p[4] = hisaddr >> 8; 3646 p[5] = hisaddr; 3647 break; 3648 } 3649 if (rlen + l > blen) { 3650 if (debug) 3651 addlog(" [overflow]"); 3652 continue; 3653 } 3654 /* Add the option to nak'ed list. */ 3655 memcpy(r, p, l); 3656 r += l; 3657 rlen += l; 3658 } 3659 3660 if (rlen > 0) { 3661 type = CP_RCR_NAK; 3662 } else { 3663 if ((sp->ipcp.flags & IPCP_HISADDR_SEEN) == 0) { 3664 /* 3665 * If we are about to conf-ack the request, but haven't seen 3666 * his address so far, gonna conf-nak it instead, with the 3667 * `address' option present and our idea of his address being 3668 * filled in there, to request negotiation of both addresses. 3669 * 3670 * XXX This can result in an endless req - nak loop if peer 3671 * doesn't want to send us his address. Q: What should we do 3672 * about it? XXX A: implement the max-failure counter. 3673 */ 3674 buf[0] = IPCP_OPT_ADDRESS; 3675 buf[1] = 6; 3676 buf[2] = hisaddr >> 24; 3677 buf[3] = hisaddr >> 16; 3678 buf[4] = hisaddr >> 8; 3679 buf[5] = hisaddr; 3680 rlen = 6; 3681 if (debug) 3682 addlog(" still need hisaddr"); 3683 type = CP_RCR_NAK; 3684 } else { 3685 type = CP_RCR_ACK; 3686 rlen = origlen; 3687 memcpy(r, h + 1, rlen); 3688 } 3689 } 3690 3691 end: 3692 if (debug) 3693 addlog("\n"); 3694 3695 if (type == CP_RCR_ERR || type == CP_RCR_DROP) { 3696 if (buf != NULL) 3697 kmem_intr_free(buf, blen); 3698 } else { 3699 *msgbuf = buf; 3700 *buflen = blen; 3701 *msglen = rlen; 3702 } 3703 3704 return type; 3705 } 3706 3707 /* 3708 * Analyze the IPCP Configure-Reject option list, and adjust our 3709 * negotiation. 3710 */ 3711 static void 3712 sppp_ipcp_confrej(struct sppp *sp, struct lcp_header *h, int len) 3713 { 3714 u_char *p, l; 3715 bool debug; 3716 3717 KASSERT(SPPP_WLOCKED(sp)); 3718 3719 if (len <= sizeof(*h)) 3720 return; 3721 3722 len -= sizeof(*h); 3723 debug = sppp_debug_enabled(sp); 3724 3725 if (debug) 3726 SPPP_LOG(sp, LOG_DEBUG, "ipcp rej opts:"); 3727 3728 p = (void *)(h + 1); 3729 for (; len > 1; len -= l, p += l) { 3730 l = p[1]; 3731 if (l == 0) 3732 break; 3733 3734 /* Sanity check option length */ 3735 if (l > len) { 3736 /* XXX should we just RXJ? */ 3737 if (debug) 3738 addlog("\n"); 3739 SPPP_LOG(sp, LOG_DEBUG, 3740 "malicious IPCP option received, dropping\n"); 3741 goto end; 3742 } 3743 if (debug) { 3744 char ipbuf[SPPP_IPCPOPT_NAMELEN]; 3745 addlog(" %s", 3746 sppp_ipcp_opt_name(ipbuf, sizeof(ipbuf), *p)); 3747 } 3748 switch (p[0]) { 3749 case IPCP_OPT_ADDRESS: 3750 /* 3751 * Peer doesn't grok address option. This is 3752 * bad. XXX Should we better give up here? 3753 */ 3754 if (!debug) { 3755 SPPP_LOG(sp, LOG_ERR, 3756 "IPCP address option rejected\n"); 3757 } 3758 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_ADDRESS); 3759 break; 3760 #ifdef notyet 3761 case IPCP_OPT_COMPRESS: 3762 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_COMPRESS); 3763 break; 3764 #endif 3765 case IPCP_OPT_PRIMDNS: 3766 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS); 3767 break; 3768 3769 case IPCP_OPT_SECDNS: 3770 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS); 3771 break; 3772 } 3773 } 3774 if (debug) 3775 addlog("\n"); 3776 end: 3777 return; 3778 } 3779 3780 /* 3781 * Analyze the IPCP Configure-NAK option list, and adjust our 3782 * negotiation. 3783 */ 3784 static void 3785 sppp_ipcp_confnak(struct sppp *sp, struct lcp_header *h, int len) 3786 { 3787 u_char *p, l; 3788 struct ifnet *ifp = &sp->pp_if; 3789 int debug = ifp->if_flags & IFF_DEBUG; 3790 uint32_t wantaddr; 3791 3792 KASSERT(SPPP_WLOCKED(sp)); 3793 3794 len -= sizeof(*h); 3795 3796 debug = sppp_debug_enabled(sp); 3797 3798 if (debug) 3799 SPPP_LOG(sp, LOG_DEBUG, "ipcp nak opts:"); 3800 3801 p = (void *)(h + 1); 3802 for (; len > 1; len -= l, p += l) { 3803 l = p[1]; 3804 if (l == 0) 3805 break; 3806 3807 /* Sanity check option length */ 3808 if (l > len) { 3809 /* XXX should we just RXJ? */ 3810 if (debug) 3811 addlog("\n"); 3812 SPPP_LOG(sp, LOG_DEBUG, 3813 "malicious IPCP option received, dropping\n"); 3814 return; 3815 } 3816 if (debug) { 3817 char ipbuf[SPPP_IPCPOPT_NAMELEN]; 3818 addlog(" %s", 3819 sppp_ipcp_opt_name(ipbuf, sizeof(ipbuf), *p)); 3820 } 3821 switch (*p) { 3822 case IPCP_OPT_ADDRESS: 3823 /* 3824 * Peer doesn't like our local IP address. See 3825 * if we can do something for him. We'll drop 3826 * him our address then. 3827 */ 3828 if (len >= 6 && l == 6) { 3829 wantaddr = p[2] << 24 | p[3] << 16 | 3830 p[4] << 8 | p[5]; 3831 SET(sp->ipcp.opts, SPPP_IPCP_OPT_ADDRESS); 3832 if (debug) { 3833 char dqbuf[SPPP_DOTQUAD_BUFLEN]; 3834 const char *dq; 3835 3836 dq = sppp_dotted_quad(dqbuf, 3837 sizeof(dqbuf), wantaddr); 3838 addlog(" [wantaddr %s]", dq); 3839 } 3840 /* 3841 * When doing dynamic address assignment, 3842 * we accept his offer. Otherwise, we 3843 * ignore it and thus continue to negotiate 3844 * our already existing value. 3845 */ 3846 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3847 if (ntohl(wantaddr) != INADDR_ANY) { 3848 if (debug) 3849 addlog(" [agree]"); 3850 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3851 sp->ipcp.req_myaddr = wantaddr; 3852 } else { 3853 if (debug) 3854 addlog(" [not agreed]"); 3855 } 3856 } 3857 } 3858 break; 3859 3860 case IPCP_OPT_PRIMDNS: 3861 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS) && 3862 len >= 6 && l == 6) { 3863 sp->dns_addrs[0] = p[2] << 24 | p[3] << 16 | 3864 p[4] << 8 | p[5]; 3865 } 3866 break; 3867 3868 case IPCP_OPT_SECDNS: 3869 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS) && 3870 len >= 6 && l == 6) { 3871 sp->dns_addrs[1] = p[2] << 24 | p[3] << 16 | 3872 p[4] << 8 | p[5]; 3873 } 3874 break; 3875 #ifdef notyet 3876 case IPCP_OPT_COMPRESS: 3877 /* 3878 * Peer wants different compression parameters. 3879 */ 3880 break; 3881 #endif 3882 } 3883 } 3884 if (debug) 3885 addlog("\n"); 3886 } 3887 3888 static void 3889 sppp_ipcp_tlu(struct sppp *sp) 3890 { 3891 #ifdef INET 3892 struct ifnet *ifp; 3893 3894 KASSERT(SPPP_WLOCKED(sp)); 3895 3896 SPPP_LOG(sp, LOG_INFO, "IPCP layer up\n"); 3897 ifp = &sp->pp_if; 3898 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && 3899 ((sp->ipcp.flags & IPCP_MYADDR_SEEN) == 0)) { 3900 SPPP_LOG(sp, LOG_WARNING, 3901 "no IP address, closing IPCP\n"); 3902 sppp_wq_add(sp->wq_cp, 3903 &sp->scp[IDX_IPCP].work_close); 3904 } else { 3905 /* we are up. Set addresses and notify anyone interested */ 3906 sppp_set_ip_addrs(sp); 3907 rt_ifmsg(ifp); 3908 } 3909 #endif 3910 } 3911 3912 static void 3913 sppp_ipcp_tld(struct sppp *sp) 3914 { 3915 #ifdef INET 3916 struct ifnet *ifp; 3917 3918 KASSERT(SPPP_WLOCKED(sp)); 3919 3920 SPPP_LOG(sp, LOG_INFO, "IPCP layer down\n"); 3921 ifp = &sp->pp_if; 3922 rt_ifmsg(ifp); 3923 #endif 3924 } 3925 3926 static void 3927 sppp_ipcp_scr(struct sppp *sp) 3928 { 3929 uint8_t opt[6 /* compression */ + 6 /* address */ + 12 /* dns addresses */]; 3930 #ifdef INET 3931 uint32_t ouraddr; 3932 #endif 3933 int i = 0; 3934 3935 KASSERT(SPPP_WLOCKED(sp)); 3936 3937 #ifdef notyet 3938 if (ISSET(sp->ipcp.opts,SPPP_IPCP_OPT_COMPRESSION)) { 3939 opt[i++] = IPCP_OPT_COMPRESSION; 3940 opt[i++] = 6; 3941 opt[i++] = 0; /* VJ header compression */ 3942 opt[i++] = 0x2d; /* VJ header compression */ 3943 opt[i++] = max_slot_id; 3944 opt[i++] = comp_slot_id; 3945 } 3946 #endif 3947 3948 #ifdef INET 3949 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_ADDRESS)) { 3950 if (sp->ipcp.flags & IPCP_MYADDR_SEEN) { 3951 ouraddr = sp->ipcp.req_myaddr; /* not sure if this can ever happen */ 3952 } else { 3953 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3954 } 3955 opt[i++] = IPCP_OPT_ADDRESS; 3956 opt[i++] = 6; 3957 opt[i++] = ouraddr >> 24; 3958 opt[i++] = ouraddr >> 16; 3959 opt[i++] = ouraddr >> 8; 3960 opt[i++] = ouraddr; 3961 } 3962 #endif 3963 3964 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS)) { 3965 opt[i++] = IPCP_OPT_PRIMDNS; 3966 opt[i++] = 6; 3967 opt[i++] = sp->dns_addrs[0] >> 24; 3968 opt[i++] = sp->dns_addrs[0] >> 16; 3969 opt[i++] = sp->dns_addrs[0] >> 8; 3970 opt[i++] = sp->dns_addrs[0]; 3971 } 3972 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS)) { 3973 opt[i++] = IPCP_OPT_SECDNS; 3974 opt[i++] = 6; 3975 opt[i++] = sp->dns_addrs[1] >> 24; 3976 opt[i++] = sp->dns_addrs[1] >> 16; 3977 opt[i++] = sp->dns_addrs[1] >> 8; 3978 opt[i++] = sp->dns_addrs[1]; 3979 } 3980 3981 sp->scp[IDX_IPCP].confid = ++sp->scp[IDX_IPCP].seq; 3982 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->scp[IDX_IPCP].confid, i, &opt); 3983 } 3984 3985 /* 3986 *--------------------------------------------------------------------------* 3987 * * 3988 * The IPv6CP implementation. * 3989 * * 3990 *--------------------------------------------------------------------------* 3991 */ 3992 3993 #ifdef INET6 3994 static void 3995 sppp_ipv6cp_init(struct sppp *sp) 3996 { 3997 3998 KASSERT(SPPP_WLOCKED(sp)); 3999 4000 sppp_cp_init(&ipv6cp, sp); 4001 4002 sp->ipv6cp.opts = 0; 4003 sp->ipv6cp.flags = 0; 4004 } 4005 4006 static void 4007 sppp_ipv6cp_open(struct sppp *sp, void *xcp) 4008 { 4009 struct in6_addr myaddr, hisaddr; 4010 4011 KASSERT(SPPP_WLOCKED(sp)); 4012 KASSERT(!cpu_softintr_p()); 4013 4014 if (!ISSET(sp->pp_ncpflags, SPPP_NCP_IPV6CP)) 4015 return; 4016 4017 #ifdef IPV6CP_MYIFID_DYN 4018 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 4019 #else 4020 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 4021 #endif 4022 4023 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 4024 /* 4025 * If we don't have our address, this probably means our 4026 * interface doesn't want to talk IPv6 at all. (This could 4027 * be the case if somebody wants to speak only IPX, for 4028 * example.) Don't open IPv6CP in this case. 4029 */ 4030 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 4031 /* XXX this message should go away */ 4032 SPPP_DLOG(sp, "ipv6cp_open(): no IPv6 interface\n"); 4033 return; 4034 } 4035 4036 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 4037 SET(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_IFID); 4038 sppp_open_event(sp, xcp); 4039 } 4040 4041 /* 4042 * Analyze a configure request. Return true if it was agreeable, and 4043 * caused action sca, false if it has been rejected or nak'ed, and 4044 * caused action scn. (The return value is used to make the state 4045 * transition decision in the state automaton.) 4046 */ 4047 static enum cp_rcr_type 4048 sppp_ipv6cp_confreq(struct sppp *sp, struct lcp_header *h, int origlen, 4049 uint8_t **msgbuf, size_t *buflen, size_t *msglen) 4050 { 4051 u_char *buf, *r, *p, l, blen; 4052 int rlen, len; 4053 struct in6_addr myaddr, desiredaddr, suggestaddr; 4054 enum cp_rcr_type type; 4055 int ifidcount; 4056 int collision, nohisaddr; 4057 char ip6buf[INET6_ADDRSTRLEN]; 4058 char tbuf[SPPP_CPTYPE_NAMELEN]; 4059 char ipv6buf[SPPP_IPV6CPOPT_NAMELEN]; 4060 const char *cpname; 4061 bool debug; 4062 4063 KASSERT(SPPP_WLOCKED(sp)); 4064 4065 debug = sppp_debug_enabled(sp); 4066 type = CP_RCR_NONE; 4067 origlen -= sizeof(*h); 4068 4069 if (origlen < 0) 4070 return CP_RCR_DROP; 4071 4072 /* 4073 * Make sure to allocate a buf that can at least hold a 4074 * conf-nak with an `address' option. We might need it below. 4075 */ 4076 blen = MAX(6, origlen); 4077 4078 buf = kmem_intr_alloc(blen, KM_NOSLEEP); 4079 if (buf == NULL) 4080 return CP_RCR_DROP; 4081 4082 /* pass 1: see if we can recognize them */ 4083 if (debug) 4084 SPPP_LOG(sp, LOG_DEBUG, "ipv6cp parse opts:"); 4085 p = (void *)(h + 1); 4086 r = buf; 4087 rlen = 0; 4088 ifidcount = 0; 4089 for (len = origlen; len > 1; len -= l, p += l) { 4090 l = p[1]; 4091 if (l == 0) 4092 break; 4093 4094 /* Sanity check option length */ 4095 if (l > len) { 4096 /* XXX just RXJ? */ 4097 if (debug) 4098 addlog("\n"); 4099 SPPP_LOG(sp, LOG_DEBUG, 4100 "received malicious IPCPv6 option, " 4101 "dropping\n"); 4102 type = CP_RCR_ERR; 4103 goto end; 4104 } 4105 if (debug) { 4106 addlog(" %s", sppp_ipv6cp_opt_name(ipv6buf, 4107 sizeof(ipv6buf),*p)); 4108 } 4109 switch (p[0]) { 4110 case IPV6CP_OPT_IFID: 4111 if (len >= 10 && l == 10 && ifidcount == 0) { 4112 /* correctly formed address option */ 4113 ifidcount++; 4114 continue; 4115 } 4116 if (debug) 4117 addlog(" [invalid]"); 4118 break; 4119 #ifdef notyet 4120 case IPV6CP_OPT_COMPRESSION: 4121 if (len >= 4 && l >= 4) { 4122 /* correctly formed compress option */ 4123 continue; 4124 } 4125 if (debug) 4126 addlog(" [invalid]"); 4127 break; 4128 #endif 4129 default: 4130 /* Others not supported. */ 4131 if (debug) 4132 addlog(" [rej]"); 4133 break; 4134 } 4135 if (rlen + l > blen) { 4136 if (debug) 4137 addlog(" [overflow]"); 4138 continue; 4139 } 4140 /* Add the option to rejected list. */ 4141 memcpy(r, p, l); 4142 r += l; 4143 rlen += l; 4144 } 4145 4146 if (rlen > 0) { 4147 type = CP_RCR_REJ; 4148 goto end; 4149 } 4150 4151 if (debug) 4152 addlog("\n"); 4153 4154 /* pass 2: parse option values */ 4155 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 4156 if (debug) 4157 SPPP_LOG(sp, LOG_DEBUG, "ipv6cp parse opt values:"); 4158 p = (void *)(h + 1); 4159 r = buf; 4160 rlen = 0; 4161 type = CP_RCR_ACK; 4162 for (len = origlen; len > 1; len -= l, p += l) { 4163 l = p[1]; 4164 if (l == 0) 4165 break; 4166 4167 if (debug) { 4168 addlog(" %s", sppp_ipv6cp_opt_name(ipv6buf, 4169 sizeof(ipv6buf), *p)); 4170 } 4171 switch (p[0]) { 4172 #ifdef notyet 4173 case IPV6CP_OPT_COMPRESSION: 4174 continue; 4175 #endif 4176 case IPV6CP_OPT_IFID: 4177 memset(&desiredaddr, 0, sizeof(desiredaddr)); 4178 memcpy(&desiredaddr.s6_addr[8], &p[2], 8); 4179 collision = (memcmp(&desiredaddr.s6_addr[8], 4180 &myaddr.s6_addr[8], 8) == 0); 4181 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 4182 4183 desiredaddr.s6_addr16[0] = htons(0xfe80); 4184 (void)in6_setscope(&desiredaddr, &sp->pp_if, NULL); 4185 4186 if (!collision && !nohisaddr) { 4187 /* no collision, hisaddr known - Conf-Ack */ 4188 type = CP_RCR_ACK; 4189 memcpy(sp->ipv6cp.my_ifid, &myaddr.s6_addr[8], 4190 sizeof(sp->ipv6cp.my_ifid)); 4191 memcpy(sp->ipv6cp.his_ifid, 4192 &desiredaddr.s6_addr[8], 4193 sizeof(sp->ipv6cp.my_ifid)); 4194 4195 if (debug) { 4196 cpname = sppp_cp_type_name(tbuf, 4197 sizeof(tbuf), CONF_ACK); 4198 addlog(" %s [%s]", 4199 IN6_PRINT(ip6buf, &desiredaddr), 4200 cpname); 4201 } 4202 continue; 4203 } 4204 4205 memset(&suggestaddr, 0, sizeof(suggestaddr)); 4206 if (collision && nohisaddr) { 4207 /* collision, hisaddr unknown - Conf-Rej */ 4208 type = CP_RCR_REJ; 4209 memset(&p[2], 0, 8); 4210 } else { 4211 /* 4212 * - no collision, hisaddr unknown, or 4213 * - collision, hisaddr known 4214 * Conf-Nak, suggest hisaddr 4215 */ 4216 type = CP_RCR_NAK; 4217 sppp_suggest_ip6_addr(sp, &suggestaddr); 4218 memcpy(&p[2], &suggestaddr.s6_addr[8], 8); 4219 } 4220 if (debug) { 4221 int ctype = type == CP_RCR_REJ ? CONF_REJ : CONF_NAK; 4222 4223 cpname = sppp_cp_type_name(tbuf, sizeof(tbuf), ctype); 4224 addlog(" %s [%s]", IN6_PRINT(ip6buf, &desiredaddr), 4225 cpname); 4226 } 4227 break; 4228 } 4229 if (rlen + l > blen) { 4230 if (debug) 4231 addlog(" [overflow]"); 4232 continue; 4233 } 4234 /* Add the option to nak'ed list. */ 4235 memcpy(r, p, l); 4236 r += l; 4237 rlen += l; 4238 } 4239 4240 if (rlen > 0) { 4241 if (type != CP_RCR_ACK) { 4242 if (debug) { 4243 int ctype ; 4244 ctype = type == CP_RCR_REJ ? 4245 CONF_REJ : CONF_NAK; 4246 cpname = sppp_cp_type_name(tbuf, sizeof(tbuf), ctype); 4247 addlog(" send %s suggest %s\n", 4248 cpname, IN6_PRINT(ip6buf, &suggestaddr)); 4249 } 4250 } 4251 #ifdef notdef 4252 if (type == CP_RCR_ACK) 4253 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 4254 #endif 4255 } else { 4256 if (type == CP_RCR_ACK) { 4257 rlen = origlen; 4258 memcpy(r, h + 1, rlen); 4259 } 4260 } 4261 end: 4262 if (debug) 4263 addlog("\n"); 4264 4265 if (type == CP_RCR_ERR || type == CP_RCR_DROP) { 4266 if (buf != NULL) 4267 kmem_intr_free(buf, blen); 4268 } else { 4269 *msgbuf = buf; 4270 *buflen = blen; 4271 *msglen = rlen; 4272 } 4273 4274 return type; 4275 } 4276 4277 /* 4278 * Analyze the IPv6CP Configure-Reject option list, and adjust our 4279 * negotiation. 4280 */ 4281 static void 4282 sppp_ipv6cp_confrej(struct sppp *sp, struct lcp_header *h, int len) 4283 { 4284 u_char *p, l; 4285 bool debug; 4286 4287 KASSERT(SPPP_WLOCKED(sp)); 4288 4289 if (len <= sizeof(*h)) 4290 return; 4291 4292 len -= sizeof(*h); 4293 debug = sppp_debug_enabled(sp); 4294 4295 if (debug) 4296 SPPP_LOG(sp, LOG_DEBUG, "ipv6cp rej opts:"); 4297 4298 p = (void *)(h + 1); 4299 for (; len > 1; len -= l, p += l) { 4300 l = p[1]; 4301 if (l == 0) 4302 break; 4303 4304 if (l > len) { 4305 /* XXX just RXJ? */ 4306 if (debug) 4307 addlog("\n"); 4308 SPPP_LOG(sp, LOG_DEBUG, 4309 "received malicious IPCPv6 option, " 4310 "dropping\n"); 4311 goto end; 4312 } 4313 if (debug) { 4314 char ipv6buf[SPPP_IPV6CPOPT_NAMELEN]; 4315 addlog(" %s", sppp_ipv6cp_opt_name(ipv6buf, 4316 sizeof(ipv6buf), *p)); 4317 } 4318 switch (p[0]) { 4319 case IPV6CP_OPT_IFID: 4320 /* 4321 * Peer doesn't grok address option. This is 4322 * bad. XXX Should we better give up here? 4323 */ 4324 CLR(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_IFID); 4325 break; 4326 #ifdef notyet 4327 case IPV6CP_OPT_COMPRESS: 4328 CLR(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_COMPRESS); 4329 break; 4330 #endif 4331 } 4332 } 4333 if (debug) 4334 addlog("\n"); 4335 end: 4336 return; 4337 } 4338 4339 /* 4340 * Analyze the IPv6CP Configure-NAK option list, and adjust our 4341 * negotiation. 4342 */ 4343 static void 4344 sppp_ipv6cp_confnak(struct sppp *sp, struct lcp_header *h, int len) 4345 { 4346 u_char *p, l; 4347 struct in6_addr suggestaddr; 4348 char ip6buf[INET6_ADDRSTRLEN]; 4349 bool debug; 4350 4351 KASSERT(SPPP_WLOCKED(sp)); 4352 4353 if (len <= sizeof(*h)) 4354 return; 4355 4356 len -= sizeof(*h); 4357 debug = sppp_debug_enabled(sp); 4358 4359 if (debug) 4360 SPPP_LOG(sp, LOG_DEBUG, "ipv6cp nak opts:"); 4361 4362 p = (void *)(h + 1); 4363 for (; len > 1; len -= l, p += l) { 4364 l = p[1]; 4365 if (l == 0) 4366 break; 4367 4368 if (l > len) { 4369 /* XXX just RXJ? */ 4370 if (debug) 4371 addlog("\n"); 4372 SPPP_LOG(sp, LOG_DEBUG, 4373 "received malicious IPCPv6 option, " 4374 "dropping\n"); 4375 goto end; 4376 } 4377 if (debug) { 4378 char ipv6buf[SPPP_IPV6CPOPT_NAMELEN]; 4379 addlog(" %s", sppp_ipv6cp_opt_name(ipv6buf, 4380 sizeof(ipv6buf), *p)); 4381 } 4382 switch (p[0]) { 4383 case IPV6CP_OPT_IFID: 4384 /* 4385 * Peer doesn't like our local ifid. See 4386 * if we can do something for him. We'll drop 4387 * him our address then. 4388 */ 4389 if (len < 10 || l != 10) 4390 break; 4391 memset(&suggestaddr, 0, sizeof(suggestaddr)); 4392 suggestaddr.s6_addr16[0] = htons(0xfe80); 4393 (void)in6_setscope(&suggestaddr, &sp->pp_if, NULL); 4394 memcpy(&suggestaddr.s6_addr[8], &p[2], 8); 4395 4396 SET(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_IFID); 4397 if (debug) 4398 addlog(" [suggestaddr %s]", 4399 IN6_PRINT(ip6buf, &suggestaddr)); 4400 #ifdef IPV6CP_MYIFID_DYN 4401 /* 4402 * When doing dynamic address assignment, 4403 * we accept his offer. 4404 */ 4405 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 4406 struct in6_addr lastsuggest; 4407 /* 4408 * If <suggested myaddr from peer> equals to 4409 * <hisaddr we have suggested last time>, 4410 * we have a collision. generate new random 4411 * ifid. 4412 */ 4413 sppp_suggest_ip6_addr(&lastsuggest); 4414 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 4415 lastsuggest)) { 4416 if (debug) 4417 addlog(" [random]"); 4418 sppp_gen_ip6_addr(sp, &suggestaddr); 4419 } 4420 sppp_set_ip6_addr(sp, &suggestaddr, 0); 4421 if (debug) 4422 addlog(" [agree]"); 4423 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 4424 } 4425 #else 4426 /* 4427 * Since we do not do dynamic address assignment, 4428 * we ignore it and thus continue to negotiate 4429 * our already existing value. This can possibly 4430 * go into infinite request-reject loop. 4431 * 4432 * This is not likely because we normally use 4433 * ifid based on MAC-address. 4434 * If you have no ethernet card on the node, too bad. 4435 * XXX should we use fail_counter? 4436 */ 4437 #endif 4438 break; 4439 #ifdef notyet 4440 case IPV6CP_OPT_COMPRESS: 4441 /* 4442 * Peer wants different compression parameters. 4443 */ 4444 break; 4445 #endif 4446 } 4447 } 4448 if (debug) 4449 addlog("\n"); 4450 end: 4451 return; 4452 } 4453 4454 static void 4455 sppp_ipv6cp_tlu(struct sppp *sp) 4456 { 4457 struct ifnet *ifp; 4458 4459 KASSERT(SPPP_WLOCKED(sp)); 4460 4461 SPPP_LOG(sp, LOG_INFO, "IPv6CP layer up\n"); 4462 ifp = &sp->pp_if; 4463 /* we are up - notify isdn daemon */ 4464 sppp_notify_con_wlocked(sp); 4465 rt_ifmsg(ifp); 4466 } 4467 4468 static void 4469 sppp_ipv6cp_tld(struct sppp *sp) 4470 { 4471 struct ifnet *ifp; 4472 4473 KASSERT(SPPP_WLOCKED(sp)); 4474 4475 SPPP_LOG(sp, LOG_INFO, "IPv6CP layer down\n"); 4476 ifp = &sp->pp_if; 4477 rt_ifmsg(ifp); 4478 } 4479 4480 static void 4481 sppp_ipv6cp_scr(struct sppp *sp) 4482 { 4483 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 4484 struct in6_addr ouraddr; 4485 int i = 0; 4486 4487 KASSERT(SPPP_WLOCKED(sp)); 4488 4489 if (ISSET(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_IFID)) { 4490 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 4491 4492 opt[i++] = IPV6CP_OPT_IFID; 4493 opt[i++] = 10; 4494 memcpy(&opt[i], &ouraddr.s6_addr[8], 8); 4495 i += 8; 4496 } 4497 4498 #ifdef notyet 4499 if (ISSET(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_COMPRESSION)) { 4500 opt[i++] = IPV6CP_OPT_COMPRESSION; 4501 opt[i++] = 4; 4502 opt[i++] = 0; /* TBD */ 4503 opt[i++] = 0; /* TBD */ 4504 /* variable length data may follow */ 4505 } 4506 #endif 4507 4508 sp->scp[IDX_IPV6CP].confid = ++sp->scp[IDX_IPV6CP].seq; 4509 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->scp[IDX_IPV6CP].confid, i, &opt); 4510 } 4511 #else /*INET6*/ 4512 static void 4513 sppp_ipv6cp_init(struct sppp *sp) 4514 { 4515 4516 KASSERT(SPPP_WLOCKED(sp)); 4517 } 4518 4519 static void 4520 sppp_ipv6cp_open(struct sppp *sp, void *xcp) 4521 { 4522 4523 KASSERT(SPPP_WLOCKED(sp)); 4524 } 4525 4526 static enum cp_rcr_type 4527 sppp_ipv6cp_confreq(struct sppp *sp, struct lcp_header *h, 4528 int len, uint8_t **msgbuf, size_t *buflen, size_t *msglen) 4529 { 4530 4531 KASSERT(SPPP_WLOCKED(sp)); 4532 return 0; 4533 } 4534 4535 static void 4536 sppp_ipv6cp_confrej(struct sppp *sp, struct lcp_header *h, 4537 int len) 4538 { 4539 4540 KASSERT(SPPP_WLOCKED(sp)); 4541 } 4542 4543 static void 4544 sppp_ipv6cp_confnak(struct sppp *sp, struct lcp_header *h, 4545 int len) 4546 { 4547 4548 KASSERT(SPPP_WLOCKED(sp)); 4549 } 4550 4551 static void 4552 sppp_ipv6cp_tlu(struct sppp *sp) 4553 { 4554 4555 KASSERT(SPPP_WLOCKED(sp)); 4556 } 4557 4558 static void 4559 sppp_ipv6cp_tld(struct sppp *sp) 4560 { 4561 4562 KASSERT(SPPP_WLOCKED(sp)); 4563 } 4564 4565 static void 4566 sppp_ipv6cp_scr(struct sppp *sp) 4567 { 4568 4569 KASSERT(SPPP_WLOCKED(sp)); 4570 } 4571 #endif /*INET6*/ 4572 4573 /* 4574 *--------------------------------------------------------------------------* 4575 * * 4576 * The CHAP implementation. * 4577 * * 4578 *--------------------------------------------------------------------------* 4579 */ 4580 /* 4581 * The authentication protocols is implemented on the state machine for 4582 * control protocols. And it uses following actions and events. 4583 * 4584 * Actions: 4585 * - scr: send CHAP_CHALLENGE and CHAP_RESPONSE 4586 * - sca: send CHAP_SUCCESS 4587 * - scn: send CHAP_FAILURE and shutdown lcp 4588 * Events: 4589 * - RCR+: receive CHAP_RESPONSE containing correct digest 4590 * - RCR-: receive CHAP_RESPONSE containing wrong digest 4591 * - RCA: receive CHAP_SUCCESS 4592 * - RCN: (this event is unused) 4593 * - TO+: re-send CHAP_CHALLENGE and CHAP_RESPONSE 4594 * - TO-: this layer finish 4595 */ 4596 4597 /* 4598 * Handle incoming CHAP packets. 4599 */ 4600 void 4601 sppp_chap_input(struct sppp *sp, struct mbuf *m) 4602 { 4603 struct ifnet *ifp; 4604 struct lcp_header *h; 4605 int len, x; 4606 u_char *value, *name, digest[sizeof(sp->chap.challenge)]; 4607 int value_len, name_len; 4608 MD5_CTX ctx; 4609 char abuf[SPPP_AUTHTYPE_NAMELEN]; 4610 const char *authname; 4611 bool debug; 4612 4613 ifp = &sp->pp_if; 4614 debug = sppp_debug_enabled(sp); 4615 len = m->m_pkthdr.len; 4616 if (len < 4) { 4617 SPPP_DLOG(sp, "chap invalid packet length: " 4618 "%d bytes\n", len); 4619 return; 4620 } 4621 h = mtod(m, struct lcp_header *); 4622 if (len > ntohs(h->len)) 4623 len = ntohs(h->len); 4624 4625 SPPP_LOCK(sp, RW_WRITER); 4626 4627 switch (h->type) { 4628 /* challenge, failure and success are his authproto */ 4629 case CHAP_CHALLENGE: 4630 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 4631 /* can't do anything useful */ 4632 sp->pp_auth_failures++; 4633 SPPP_DLOG(sp, "chap input " 4634 "without my name and my secret being set\n"); 4635 break; 4636 } 4637 value = 1 + (u_char *)(h + 1); 4638 value_len = value[-1]; 4639 name = value + value_len; 4640 name_len = len - value_len - 5; 4641 if (name_len < 0) { 4642 if (debug) { 4643 authname = sppp_auth_type_name(abuf, 4644 sizeof(abuf), PPP_CHAP, h->type); 4645 SPPP_LOG(sp, LOG_DEBUG, 4646 "chap corrupted challenge " 4647 "<%s id=0x%x len=%d", 4648 authname, h->ident, ntohs(h->len)); 4649 if (len > 4) 4650 sppp_print_bytes((u_char *)(h + 1), 4651 len - 4); 4652 addlog(">\n"); 4653 } 4654 break; 4655 } 4656 4657 if (debug) { 4658 authname = sppp_auth_type_name(abuf, 4659 sizeof(abuf), PPP_CHAP, h->type); 4660 SPPP_LOG(sp, LOG_DEBUG, 4661 "chap input <%s id=0x%x len=%d name=", 4662 authname, h->ident, ntohs(h->len)); 4663 sppp_print_string((char *) name, name_len); 4664 addlog(" value-size=%d value=", value_len); 4665 sppp_print_bytes(value, value_len); 4666 addlog(">\n"); 4667 } 4668 4669 /* Compute reply value. */ 4670 MD5Init(&ctx); 4671 MD5Update(&ctx, &h->ident, 1); 4672 MD5Update(&ctx, sp->myauth.secret, sp->myauth.secret_len); 4673 MD5Update(&ctx, value, value_len); 4674 MD5Final(sp->chap.digest, &ctx); 4675 sp->chap.digest_len = sizeof(sp->chap.digest); 4676 sp->scp[IDX_CHAP].rconfid = h->ident; 4677 4678 sppp_wq_add(sp->wq_cp, &sp->chap.work_challenge_rcvd); 4679 break; 4680 4681 case CHAP_SUCCESS: 4682 if (debug) { 4683 SPPP_LOG(sp, LOG_DEBUG, "chap success"); 4684 if (len > 4) { 4685 addlog(": "); 4686 sppp_print_string((char *)(h + 1), len - 4); 4687 } 4688 addlog("\n"); 4689 } 4690 4691 if (h->ident != sp->scp[IDX_CHAP].rconfid) { 4692 SPPP_DLOG(sp, "%s id mismatch 0x%x != 0x%x\n", 4693 chap.name, h->ident, 4694 sp->scp[IDX_CHAP].rconfid); 4695 if_statinc(ifp, if_ierrors); 4696 break; 4697 } 4698 4699 if (sp->chap.digest_len == 0) { 4700 SPPP_DLOG(sp, "receive CHAP success" 4701 " without challenge\n"); 4702 if_statinc(ifp, if_ierrors); 4703 break; 4704 } 4705 4706 x = splnet(); 4707 sp->pp_auth_failures = 0; 4708 sp->pp_flags &= ~PP_NEEDAUTH; 4709 splx(x); 4710 memset(sp->chap.digest, 0, sizeof(sp->chap.digest)); 4711 sp->chap.digest_len = 0; 4712 4713 if (!ISSET(sppp_auth_role(&chap, sp), SPPP_AUTH_SERV)) { 4714 /* 4715 * we are not authenticator for CHAP, 4716 * generate a dummy RCR+ event without CHAP_RESPONSE 4717 */ 4718 sp->scp[IDX_CHAP].rcr_type = CP_RCR_ACK; 4719 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rcr); 4720 } 4721 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rca); 4722 break; 4723 4724 case CHAP_FAILURE: 4725 if (h->ident != sp->scp[IDX_CHAP].rconfid) { 4726 SPPP_DLOG(sp, "%s id mismatch 0x%x != 0x%x\n", 4727 chap.name, h->ident, sp->scp[IDX_CHAP].rconfid); 4728 if_statinc(ifp, if_ierrors); 4729 break; 4730 } 4731 4732 if (sp->chap.digest_len == 0) { 4733 SPPP_DLOG(sp, "receive CHAP failure " 4734 "without challenge\n"); 4735 if_statinc(ifp, if_ierrors); 4736 break; 4737 } 4738 4739 x = splnet(); 4740 sp->pp_auth_failures++; 4741 splx(x); 4742 SPPP_LOG(sp, LOG_INFO, "chap failure"); 4743 if (debug) { 4744 if (len > 4) { 4745 addlog(": "); 4746 sppp_print_string((char *)(h + 1), len - 4); 4747 } 4748 } 4749 addlog("\n"); 4750 4751 memset(sp->chap.digest, 0, sizeof(sp->chap.digest)); 4752 sp->chap.digest_len = 0; 4753 /* 4754 * await LCP shutdown by authenticator, 4755 * so we don't have to enqueue sc->scp[IDX_CHAP].work_rcn 4756 */ 4757 break; 4758 4759 /* response is my authproto */ 4760 case CHAP_RESPONSE: 4761 if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) { 4762 /* can't do anything useful */ 4763 SPPP_DLOG(sp, "chap response " 4764 "without his name and his secret being set\n"); 4765 break; 4766 } 4767 value = 1 + (u_char *)(h + 1); 4768 value_len = value[-1]; 4769 name = value + value_len; 4770 name_len = len - value_len - 5; 4771 if (name_len < 0) { 4772 if (debug) { 4773 authname = sppp_auth_type_name(abuf, 4774 sizeof(abuf), PPP_CHAP, h->type); 4775 SPPP_LOG(sp, LOG_DEBUG, 4776 "chap corrupted response " 4777 "<%s id=0x%x len=%d", 4778 authname, h->ident, ntohs(h->len)); 4779 if (len > 4) 4780 sppp_print_bytes((u_char *)(h + 1), 4781 len - 4); 4782 addlog(">\n"); 4783 } 4784 break; 4785 } 4786 if (h->ident != sp->scp[IDX_CHAP].confid) { 4787 SPPP_DLOG(sp, "chap dropping response for old ID " 4788 "(got %d, expected %d)\n", 4789 h->ident, sp->scp[IDX_CHAP].confid); 4790 break; 4791 } else { 4792 sp->scp[IDX_CHAP].rconfid = h->ident; 4793 } 4794 4795 if (sp->hisauth.name != NULL && 4796 (name_len != sp->hisauth.name_len 4797 || memcmp(name, sp->hisauth.name, name_len) != 0)) { 4798 SPPP_LOG(sp, LOG_INFO, 4799 "chap response, his name "); 4800 sppp_print_string(name, name_len); 4801 addlog(" != expected "); 4802 sppp_print_string(sp->hisauth.name, 4803 sp->hisauth.name_len); 4804 addlog("\n"); 4805 4806 /* generate RCR- event */ 4807 sp->scp[IDX_CHAP].rcr_type = CP_RCR_NAK; 4808 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rcr); 4809 break; 4810 } 4811 4812 if (debug) { 4813 authname = sppp_auth_type_name(abuf, 4814 sizeof(abuf), PPP_CHAP, h->type); 4815 SPPP_LOG(sp, LOG_DEBUG, "chap input(%s) " 4816 "<%s id=0x%x len=%d name=", 4817 sppp_state_name(sp->scp[IDX_CHAP].state), 4818 authname, h->ident, ntohs(h->len)); 4819 sppp_print_string((char *)name, name_len); 4820 addlog(" value-size=%d value=", value_len); 4821 sppp_print_bytes(value, value_len); 4822 addlog(">\n"); 4823 } 4824 4825 if (value_len == sizeof(sp->chap.challenge) && 4826 value_len == sizeof(sp->chap.digest)) { 4827 MD5Init(&ctx); 4828 MD5Update(&ctx, &h->ident, 1); 4829 MD5Update(&ctx, sp->hisauth.secret, sp->hisauth.secret_len); 4830 MD5Update(&ctx, sp->chap.challenge, sizeof(sp->chap.challenge)); 4831 MD5Final(digest, &ctx); 4832 4833 if (memcmp(digest, value, value_len) == 0) { 4834 sp->scp[IDX_CHAP].rcr_type = CP_RCR_ACK; 4835 } else { 4836 sp->scp[IDX_CHAP].rcr_type = CP_RCR_NAK; 4837 } 4838 } else { 4839 if (debug) { 4840 SPPP_LOG(sp, LOG_DEBUG, 4841 "chap bad hash value length: " 4842 "%d bytes, should be %zu\n", 4843 value_len, sizeof(sp->chap.challenge)); 4844 } 4845 4846 sp->scp[IDX_CHAP].rcr_type = CP_RCR_NAK; 4847 } 4848 4849 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rcr); 4850 4851 /* generate a dummy RCA event */ 4852 if (sp->scp[IDX_CHAP].rcr_type == CP_RCR_ACK && 4853 (!ISSET(sppp_auth_role(&chap, sp), SPPP_AUTH_PEER) || 4854 sp->chap.rechallenging)) { 4855 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rca); 4856 } 4857 break; 4858 4859 default: 4860 /* Unknown CHAP packet type -- ignore. */ 4861 if (debug) { 4862 SPPP_LOG(sp, LOG_DEBUG, "chap unknown input(%s) " 4863 "<0x%x id=0x%xh len=%d", 4864 sppp_state_name(sp->scp[IDX_CHAP].state), 4865 h->type, h->ident, ntohs(h->len)); 4866 if (len > 4) 4867 sppp_print_bytes((u_char *)(h + 1), len - 4); 4868 addlog(">\n"); 4869 } 4870 break; 4871 4872 } 4873 4874 SPPP_UNLOCK(sp); 4875 } 4876 4877 static void 4878 sppp_chap_init(struct sppp *sp) 4879 { 4880 4881 KASSERT(SPPP_WLOCKED(sp)); 4882 4883 sppp_cp_init(&chap, sp); 4884 4885 SPPP_WQ_SET(&sp->chap.work_challenge_rcvd, 4886 sppp_chap_rcv_challenge_event, &chap); 4887 } 4888 4889 static void 4890 sppp_chap_open(struct sppp *sp, void *xcp) 4891 { 4892 4893 KASSERT(SPPP_WLOCKED(sp)); 4894 4895 memset(sp->chap.digest, 0, sizeof(sp->chap.digest)); 4896 sp->chap.digest_len = 0; 4897 sp->chap.rechallenging = false; 4898 sp->chap.response_rcvd = false; 4899 sppp_open_event(sp, xcp); 4900 } 4901 4902 static void 4903 sppp_chap_tlu(struct sppp *sp) 4904 { 4905 int i, x; 4906 4907 KASSERT(SPPP_WLOCKED(sp)); 4908 4909 i = 0; 4910 sp->scp[IDX_CHAP].rst_counter = sp->lcp.max_configure; 4911 x = splnet(); 4912 sp->pp_auth_failures = 0; 4913 splx(x); 4914 4915 SPPP_LOG(sp, LOG_DEBUG, "chap %s", 4916 sp->pp_phase == SPPP_PHASE_NETWORK ? "reconfirmed" : "tlu"); 4917 4918 /* 4919 * Some broken CHAP implementations (Conware CoNet, firmware 4920 * 4.0.?) don't want to re-authenticate their CHAP once the 4921 * initial challenge-response exchange has taken place. 4922 * Provide for an option to avoid rechallenges. 4923 */ 4924 if (ISSET(sppp_auth_role(&chap, sp), SPPP_AUTH_SERV) && 4925 (sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) { 4926 /* 4927 * Compute the re-challenge timeout. This will yield 4928 * a number between 300 and 810 seconds. 4929 */ 4930 i = 300 + ((unsigned)(cprng_fast32() & 0xff00) >> 7); 4931 callout_schedule(&sp->scp[IDX_CHAP].ch, i * hz); 4932 4933 if (sppp_debug_enabled(sp)) { 4934 addlog(", next rechallenge in %d seconds", i); 4935 } 4936 } 4937 4938 addlog("\n"); 4939 4940 /* 4941 * If we are already in phase network, we are done here. This 4942 * is the case if this is a dummy tlu event after a re-challenge. 4943 */ 4944 if (sp->pp_phase != SPPP_PHASE_NETWORK) 4945 sppp_phase_network(sp); 4946 } 4947 4948 static void 4949 sppp_chap_scr(struct sppp *sp) 4950 { 4951 uint32_t *ch; 4952 u_char clen, dsize; 4953 int role; 4954 4955 KASSERT(SPPP_WLOCKED(sp)); 4956 4957 role = sppp_auth_role(&chap, sp); 4958 4959 if (ISSET(role, SPPP_AUTH_SERV) && 4960 !sp->chap.response_rcvd) { 4961 /* we are authenticator for CHAP, send challenge */ 4962 ch = (uint32_t *)sp->chap.challenge; 4963 clen = sizeof(sp->chap.challenge); 4964 /* Compute random challenge. */ 4965 cprng_strong(kern_cprng, ch, clen, 0); 4966 4967 sp->scp[IDX_CHAP].confid = ++sp->scp[IDX_CHAP].seq; 4968 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->scp[IDX_CHAP].confid, 4969 sizeof(clen), (const char *)&clen, 4970 sizeof(sp->chap.challenge), sp->chap.challenge, 4971 0); 4972 } 4973 4974 if (ISSET(role, SPPP_AUTH_PEER) && 4975 sp->chap.digest_len > 0) { 4976 /* we are peer for CHAP, send response */ 4977 dsize = sp->chap.digest_len; 4978 4979 sppp_auth_send(&chap, sp, CHAP_RESPONSE, sp->scp[IDX_CHAP].rconfid, 4980 sizeof(dsize), (const char *)&dsize, 4981 sp->chap.digest_len, sp->chap.digest, 4982 sp->myauth.name_len, sp->myauth.name, 0); 4983 } 4984 } 4985 4986 static void 4987 sppp_chap_rcv_challenge_event(struct sppp *sp, void *xcp) 4988 { 4989 const struct cp *cp = xcp; 4990 4991 KASSERT(!cpu_softintr_p()); 4992 4993 sp->chap.rechallenging = false; 4994 4995 switch (sp->scp[IDX_CHAP].state) { 4996 case STATE_REQ_SENT: 4997 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 4998 cp->scr(sp); 4999 break; 5000 case STATE_OPENED: 5001 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 5002 cp->scr(sp); 5003 break; 5004 } 5005 } 5006 5007 /* 5008 *--------------------------------------------------------------------------* 5009 * * 5010 * The PAP implementation. * 5011 * * 5012 *--------------------------------------------------------------------------* 5013 */ 5014 /* 5015 * PAP uses following actions and events. 5016 * Actions: 5017 * - scr: send PAP_REQ 5018 * - sca: send PAP_ACK 5019 * - scn: send PAP_NAK 5020 * Events: 5021 * - RCR+: receive PAP_REQ containing correct username and password 5022 * - RCR-: receive PAP_REQ containing wrong username and password 5023 * - RCA: receive PAP_ACK 5024 * - RCN: (this event is unused) 5025 * - TO+: re-send PAP_REQ 5026 * - TO-: this layer finish 5027 */ 5028 5029 /* 5030 * Handle incoming PAP packets. */ 5031 static void 5032 sppp_pap_input(struct sppp *sp, struct mbuf *m) 5033 { 5034 struct ifnet *ifp; 5035 struct lcp_header *h; 5036 int len, x; 5037 char *name, *secret; 5038 int name_len, secret_len; 5039 char abuf[SPPP_AUTHTYPE_NAMELEN]; 5040 const char *authname; 5041 bool debug; 5042 5043 ifp = &sp->pp_if; 5044 debug = sppp_debug_enabled(sp); 5045 5046 /* 5047 * Malicious input might leave this uninitialized, so 5048 * init to an impossible value. 5049 */ 5050 secret_len = -1; 5051 5052 len = m->m_pkthdr.len; 5053 if (len < 5) { 5054 SPPP_DLOG(sp, "pap invalid packet length: " 5055 "%d bytes\n", len); 5056 return; 5057 } 5058 h = mtod(m, struct lcp_header *); 5059 if (len > ntohs(h->len)) 5060 len = ntohs(h->len); 5061 5062 SPPP_LOCK(sp, RW_WRITER); 5063 5064 switch (h->type) { 5065 /* PAP request is my authproto */ 5066 case PAP_REQ: 5067 if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) { 5068 /* can't do anything useful */ 5069 SPPP_DLOG(sp, "pap request" 5070 " without his name and his secret being set\n"); 5071 break; 5072 } 5073 name = 1 + (u_char *)(h + 1); 5074 name_len = name[-1]; 5075 secret = name + name_len + 1; 5076 if (name_len > len - 6 || 5077 (secret_len = secret[-1]) > len - 6 - name_len) { 5078 if (debug) { 5079 authname = sppp_auth_type_name(abuf, 5080 sizeof(abuf), PPP_PAP, h->type); 5081 SPPP_LOG(sp, LOG_DEBUG, "pap corrupted input " 5082 "<%s id=0x%x len=%d", 5083 authname, h->ident, ntohs(h->len)); 5084 if (len > 4) 5085 sppp_print_bytes((u_char *)(h + 1), 5086 len - 4); 5087 addlog(">\n"); 5088 } 5089 break; 5090 } 5091 if (debug) { 5092 authname = sppp_auth_type_name(abuf, 5093 sizeof(abuf), PPP_PAP, h->type); 5094 SPPP_LOG(sp, LOG_DEBUG, "pap input(%s) " 5095 "<%s id=0x%x len=%d name=", 5096 sppp_state_name(sp->scp[IDX_PAP].state), 5097 authname, h->ident, ntohs(h->len)); 5098 sppp_print_string((char *)name, name_len); 5099 addlog(" secret="); 5100 sppp_print_string((char *)secret, secret_len); 5101 addlog(">\n"); 5102 } 5103 5104 sp->scp[IDX_PAP].rconfid = h->ident; 5105 5106 if (name_len == sp->hisauth.name_len && 5107 memcmp(name, sp->hisauth.name, name_len) == 0 && 5108 secret_len == sp->hisauth.secret_len && 5109 memcmp(secret, sp->hisauth.secret, secret_len) == 0) { 5110 sp->scp[IDX_PAP].rcr_type = CP_RCR_ACK; 5111 } else { 5112 sp->scp[IDX_PAP].rcr_type = CP_RCR_NAK; 5113 } 5114 5115 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rcr); 5116 5117 /* generate a dummy RCA event */ 5118 if (sp->scp[IDX_PAP].rcr_type == CP_RCR_ACK && 5119 !ISSET(sppp_auth_role(&pap, sp), SPPP_AUTH_PEER)) { 5120 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rca); 5121 } 5122 break; 5123 5124 /* ack and nak are his authproto */ 5125 case PAP_ACK: 5126 if (debug) { 5127 SPPP_LOG(sp, LOG_DEBUG, "pap success"); 5128 name = 1 + (u_char *)(h + 1); 5129 name_len = name[-1]; 5130 if (len > 5 && name_len < len+4) { 5131 addlog(": "); 5132 sppp_print_string(name, name_len); 5133 } 5134 addlog("\n"); 5135 } 5136 5137 if (h->ident != sp->scp[IDX_PAP].confid) { 5138 SPPP_DLOG(sp, "%s id mismatch 0x%x != 0x%x\n", 5139 pap.name, h->ident, sp->scp[IDX_PAP].rconfid); 5140 if_statinc(ifp, if_ierrors); 5141 break; 5142 } 5143 5144 x = splnet(); 5145 sp->pp_auth_failures = 0; 5146 sp->pp_flags &= ~PP_NEEDAUTH; 5147 splx(x); 5148 5149 /* we are not authenticator, generate a dummy RCR+ event */ 5150 if (!ISSET(sppp_auth_role(&pap, sp), SPPP_AUTH_SERV)) { 5151 sp->scp[IDX_PAP].rcr_type = CP_RCR_ACK; 5152 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rcr); 5153 } 5154 5155 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rca); 5156 break; 5157 5158 case PAP_NAK: 5159 if (debug) { 5160 SPPP_LOG(sp, LOG_INFO, "pap failure"); 5161 name = 1 + (u_char *)(h + 1); 5162 name_len = name[-1]; 5163 if (len > 5 && name_len < len+4) { 5164 addlog(": "); 5165 sppp_print_string(name, name_len); 5166 } 5167 addlog("\n"); 5168 } else { 5169 SPPP_LOG(sp, LOG_INFO, "pap failure\n"); 5170 } 5171 5172 if (h->ident != sp->scp[IDX_PAP].confid) { 5173 SPPP_DLOG(sp, "%s id mismatch 0x%x != 0x%x\n", 5174 pap.name, h->ident, sp->scp[IDX_PAP].rconfid); 5175 if_statinc(ifp, if_ierrors); 5176 break; 5177 } 5178 5179 sp->pp_auth_failures++; 5180 /* 5181 * await LCP shutdown by authenticator, 5182 * so we don't have to enqueue sc->scp[IDX_PAP].work_rcn 5183 */ 5184 break; 5185 5186 default: 5187 /* Unknown PAP packet type -- ignore. */ 5188 if (debug) { 5189 SPPP_LOG(sp, LOG_DEBUG, "pap corrupted input " 5190 "<0x%x id=0x%x len=%d", 5191 h->type, h->ident, ntohs(h->len)); 5192 if (len > 4) 5193 sppp_print_bytes((u_char *)(h + 1), len - 4); 5194 addlog(">\n"); 5195 } 5196 break; 5197 } 5198 5199 SPPP_UNLOCK(sp); 5200 } 5201 5202 static void 5203 sppp_pap_init(struct sppp *sp) 5204 { 5205 5206 KASSERT(SPPP_WLOCKED(sp)); 5207 sppp_cp_init(&pap, sp); 5208 } 5209 5210 static void 5211 sppp_pap_tlu(struct sppp *sp) 5212 { 5213 int x; 5214 5215 SPPP_DLOG(sp, "%s tlu\n", pap.name); 5216 5217 sp->scp[IDX_PAP].rst_counter = sp->lcp.max_configure; 5218 x = splnet(); 5219 sp->pp_auth_failures = 0; 5220 splx(x); 5221 5222 if (sp->pp_phase < SPPP_PHASE_NETWORK) 5223 sppp_phase_network(sp); 5224 } 5225 5226 static void 5227 sppp_pap_scr(struct sppp *sp) 5228 { 5229 u_char idlen, pwdlen; 5230 5231 KASSERT(SPPP_WLOCKED(sp)); 5232 5233 if (ISSET(sppp_auth_role(&pap, sp), SPPP_AUTH_PEER) && 5234 sp->scp[IDX_PAP].state != STATE_ACK_RCVD) { 5235 if (sp->myauth.secret == NULL || 5236 sp->myauth.name == NULL) { 5237 SPPP_LOG(sp, LOG_DEBUG, 5238 "couldn't send PAP_REQ " 5239 "because of no name or no secret\n"); 5240 } else { 5241 sp->scp[IDX_PAP].confid = ++sp->scp[IDX_PAP].seq; 5242 pwdlen = sp->myauth.secret_len; 5243 idlen = sp->myauth.name_len; 5244 5245 sppp_auth_send(&pap, sp, PAP_REQ, sp->scp[IDX_PAP].confid, 5246 sizeof idlen, (const char *)&idlen, 5247 idlen, sp->myauth.name, 5248 sizeof pwdlen, (const char *)&pwdlen, 5249 pwdlen, sp->myauth.secret, 5250 0); 5251 } 5252 } 5253 } 5254 5255 /* 5256 * Random miscellaneous functions. 5257 */ 5258 5259 /* 5260 * Send a PAP or CHAP proto packet. 5261 * 5262 * Varadic function, each of the elements for the ellipsis is of type 5263 * ``size_t mlen, const u_char *msg''. Processing will stop iff 5264 * mlen == 0. 5265 * NOTE: never declare variadic functions with types subject to type 5266 * promotion (i.e. u_char). This is asking for big trouble depending 5267 * on the architecture you are on... 5268 */ 5269 5270 static void 5271 sppp_auth_send(const struct cp *cp, struct sppp *sp, 5272 unsigned int type, unsigned int id, 5273 ...) 5274 { 5275 struct ifnet *ifp; 5276 struct lcp_header *lh; 5277 struct mbuf *m; 5278 u_char *p; 5279 int len; 5280 size_t pkthdrlen; 5281 unsigned int mlen; 5282 const char *msg; 5283 va_list ap; 5284 5285 KASSERT(SPPP_WLOCKED(sp)); 5286 5287 ifp = &sp->pp_if; 5288 5289 MGETHDR(m, M_DONTWAIT, MT_DATA); 5290 if (! m) 5291 return; 5292 m_reset_rcvif(m); 5293 5294 if (sp->pp_flags & PP_NOFRAMING) { 5295 *mtod(m, uint16_t *) = htons(cp->proto); 5296 pkthdrlen = 2; 5297 lh = (struct lcp_header *)(mtod(m, uint8_t *)+2); 5298 } else { 5299 struct ppp_header *h; 5300 h = mtod(m, struct ppp_header *); 5301 h->address = PPP_ALLSTATIONS; /* broadcast address */ 5302 h->control = PPP_UI; /* Unnumbered Info */ 5303 h->protocol = htons(cp->proto); 5304 pkthdrlen = PPP_HEADER_LEN; 5305 5306 lh = (struct lcp_header *)(h + 1); 5307 } 5308 5309 lh->type = type; 5310 lh->ident = id; 5311 p = (u_char *)(lh + 1); 5312 5313 va_start(ap, id); 5314 len = 0; 5315 5316 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 5317 msg = va_arg(ap, const char *); 5318 len += mlen; 5319 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) { 5320 va_end(ap); 5321 m_freem(m); 5322 return; 5323 } 5324 5325 memcpy(p, msg, mlen); 5326 p += mlen; 5327 } 5328 va_end(ap); 5329 5330 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 5331 lh->len = htons(LCP_HEADER_LEN + len); 5332 5333 if (sppp_debug_enabled(sp)) { 5334 char abuf[SPPP_AUTHTYPE_NAMELEN]; 5335 const char *authname; 5336 5337 authname = sppp_auth_type_name(abuf, 5338 sizeof(abuf), cp->proto, lh->type); 5339 SPPP_LOG(sp, LOG_DEBUG, "%s output <%s id=0x%x len=%d", 5340 cp->name, authname, 5341 lh->ident, ntohs(lh->len)); 5342 if (len) 5343 sppp_print_bytes((u_char *)(lh + 1), len); 5344 addlog(">\n"); 5345 } 5346 if (IF_QFULL(&sp->pp_cpq)) { 5347 IF_DROP(&sp->pp_fastq); 5348 IF_DROP(&ifp->if_snd); 5349 m_freem(m); 5350 if_statinc(ifp, if_oerrors); 5351 return; 5352 } 5353 5354 if_statadd(ifp, if_obytes, m->m_pkthdr.len + sp->pp_framebytes); 5355 IF_ENQUEUE(&sp->pp_cpq, m); 5356 5357 if (! (ifp->if_flags & IFF_OACTIVE)) { 5358 SPPP_UNLOCK(sp); 5359 if_start_lock(ifp); 5360 SPPP_LOCK(sp, RW_WRITER); 5361 } 5362 } 5363 5364 static int 5365 sppp_auth_role(const struct cp *cp, struct sppp *sp) 5366 { 5367 int role; 5368 5369 role = SPPP_AUTH_NOROLE; 5370 5371 if (sp->hisauth.proto == cp->proto && 5372 ISSET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO)) 5373 SET(role, SPPP_AUTH_SERV); 5374 5375 if (sp->myauth.proto == cp->proto) 5376 SET(role, SPPP_AUTH_PEER); 5377 5378 return role; 5379 } 5380 5381 static void 5382 sppp_auth_to_event(struct sppp *sp, void *xcp) 5383 { 5384 const struct cp *cp = xcp; 5385 bool override; 5386 int state; 5387 5388 KASSERT(SPPP_WLOCKED(sp)); 5389 KASSERT(!cpu_softintr_p()); 5390 5391 override = false; 5392 state = sp->scp[cp->protoidx].state; 5393 5394 if (sp->scp[cp->protoidx].rst_counter > 0) { 5395 /* override TO+ event */ 5396 switch (state) { 5397 case STATE_OPENED: 5398 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) { 5399 override = true; 5400 sp->chap.rechallenging = true; 5401 sp->chap.response_rcvd = false; 5402 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 5403 cp->scr(sp); 5404 } 5405 break; 5406 5407 case STATE_ACK_RCVD: 5408 override = true; 5409 cp->scr(sp); 5410 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 5411 break; 5412 } 5413 } 5414 5415 if (override) { 5416 SPPP_DLOG(sp, "%s TO(%s) rst_counter = %d\n", 5417 cp->name, sppp_state_name(state), 5418 sp->scp[cp->protoidx].rst_counter); 5419 sp->scp[cp->protoidx].rst_counter--; 5420 } else { 5421 sppp_to_event(sp, xcp); 5422 } 5423 } 5424 5425 static void 5426 sppp_auth_screply(const struct cp *cp, struct sppp *sp, u_char ctype, 5427 uint8_t ident, size_t _mlen __unused, void *_msg __unused) 5428 { 5429 static const char *succmsg = "Welcome!"; 5430 static const char *failmsg = "Failed..."; 5431 const char *msg; 5432 u_char type, mlen; 5433 5434 KASSERT(SPPP_WLOCKED(sp)); 5435 5436 if (!ISSET(sppp_auth_role(cp, sp), SPPP_AUTH_SERV)) 5437 return; 5438 5439 if (ctype == CONF_ACK) { 5440 type = cp->proto == PPP_CHAP ? CHAP_SUCCESS : PAP_ACK; 5441 msg = succmsg; 5442 mlen = sizeof(succmsg) - 1; 5443 5444 sp->pp_auth_failures = 0; 5445 } else { 5446 type = cp->proto == PPP_CHAP ? CHAP_FAILURE : PAP_NAK; 5447 msg = failmsg; 5448 mlen = sizeof(failmsg) - 1; 5449 5450 /* shutdown LCP if auth failed */ 5451 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 5452 sp->pp_auth_failures++; 5453 } 5454 5455 sppp_auth_send(cp, sp, type, ident, mlen, (const u_char *)msg, 0); 5456 } 5457 5458 /* 5459 * Send keepalive packets, every 10 seconds. 5460 */ 5461 static void 5462 sppp_keepalive(void *dummy) 5463 { 5464 struct sppp *sp; 5465 int s; 5466 time_t now; 5467 5468 SPPPQ_LOCK(); 5469 5470 s = splnet(); 5471 now = time_uptime; 5472 for (sp=spppq; sp; sp=sp->pp_next) { 5473 struct ifnet *ifp = NULL; 5474 5475 SPPP_LOCK(sp, RW_WRITER); 5476 ifp = &sp->pp_if; 5477 5478 /* check idle timeout */ 5479 if ((sp->pp_idle_timeout != 0) && (ifp->if_flags & IFF_RUNNING) 5480 && (sp->pp_phase == SPPP_PHASE_NETWORK)) { 5481 /* idle timeout is enabled for this interface */ 5482 if ((now-sp->pp_last_activity) >= sp->pp_idle_timeout) { 5483 SPPP_DLOG(sp, "no activity for %lu seconds\n", 5484 (unsigned long)(now-sp->pp_last_activity)); 5485 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 5486 SPPP_UNLOCK(sp); 5487 continue; 5488 } 5489 } 5490 5491 /* Keepalive mode disabled or channel down? */ 5492 if (! (sp->pp_flags & PP_KEEPALIVE) || 5493 ! (ifp->if_flags & IFF_RUNNING)) { 5494 SPPP_UNLOCK(sp); 5495 continue; 5496 } 5497 5498 /* No keepalive in PPP mode if LCP not opened yet. */ 5499 if (sp->pp_phase < SPPP_PHASE_AUTHENTICATE) { 5500 SPPP_UNLOCK(sp); 5501 continue; 5502 } 5503 5504 /* No echo reply, but maybe user data passed through? */ 5505 if (sp->pp_max_noreceive != 0 && 5506 (now - sp->pp_last_receive) < sp->pp_max_noreceive) { 5507 sp->pp_alivecnt = 0; 5508 SPPP_UNLOCK(sp); 5509 continue; 5510 } 5511 5512 /* No echo request */ 5513 if (sp->pp_alive_interval == 0) { 5514 SPPP_UNLOCK(sp); 5515 continue; 5516 } 5517 5518 /* send a ECHO_REQ once in sp->pp_alive_interval times */ 5519 if ((sppp_keepalive_cnt % sp->pp_alive_interval) != 0) { 5520 SPPP_UNLOCK(sp); 5521 continue; 5522 } 5523 5524 if (sp->pp_alivecnt >= sp->pp_maxalive) { 5525 /* No keepalive packets got. Stop the interface. */ 5526 if (sp->pp_flags & PP_KEEPALIVE_IFDOWN) 5527 sppp_wq_add(sp->wq_cp, &sp->work_ifdown); 5528 5529 SPPP_LOG(sp, LOG_INFO,"LCP keepalive timed out, " 5530 "going to restart the connection\n"); 5531 sp->pp_alivecnt = 0; 5532 5533 /* we are down, close all open protocols */ 5534 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 5535 5536 /* And now prepare LCP to reestablish the link, if configured to do so. */ 5537 sp->lcp.reestablish = true; 5538 5539 SPPP_UNLOCK(sp); 5540 continue; 5541 } 5542 if (sp->pp_alivecnt < sp->pp_maxalive) 5543 ++sp->pp_alivecnt; 5544 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 5545 int32_t nmagic = htonl(sp->lcp.magic); 5546 sp->lcp.echoid = ++sp->scp[IDX_LCP].seq; 5547 sppp_cp_send(sp, PPP_LCP, ECHO_REQ, 5548 sp->lcp.echoid, 4, &nmagic); 5549 } 5550 5551 SPPP_UNLOCK(sp); 5552 } 5553 splx(s); 5554 sppp_keepalive_cnt++; 5555 callout_reset(&keepalive_ch, hz * SPPP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 5556 5557 SPPPQ_UNLOCK(); 5558 } 5559 5560 #ifdef INET 5561 /* 5562 * Get both IP addresses. 5563 */ 5564 static void 5565 sppp_get_ip_addrs(struct sppp *sp, uint32_t *src, uint32_t *dst, uint32_t *srcmask) 5566 { 5567 struct ifnet *ifp = &sp->pp_if; 5568 struct ifaddr *ifa; 5569 struct sockaddr_in *si, *sm; 5570 uint32_t ssrc, ddst; 5571 int bound, s; 5572 struct psref psref; 5573 5574 sm = NULL; 5575 ssrc = ddst = 0; 5576 /* 5577 * Pick the first AF_INET address from the list, 5578 * aliases don't make any sense on a p2p link anyway. 5579 */ 5580 si = 0; 5581 bound = curlwp_bind(); 5582 s = pserialize_read_enter(); 5583 IFADDR_READER_FOREACH(ifa, ifp) { 5584 if (ifa->ifa_addr->sa_family == AF_INET) { 5585 si = (struct sockaddr_in *)ifa->ifa_addr; 5586 sm = (struct sockaddr_in *)ifa->ifa_netmask; 5587 if (si) { 5588 ifa_acquire(ifa, &psref); 5589 break; 5590 } 5591 } 5592 } 5593 pserialize_read_exit(s); 5594 if (ifa) { 5595 if (si && si->sin_addr.s_addr) { 5596 ssrc = si->sin_addr.s_addr; 5597 if (srcmask) 5598 *srcmask = ntohl(sm->sin_addr.s_addr); 5599 } 5600 5601 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 5602 if (si && si->sin_addr.s_addr) 5603 ddst = si->sin_addr.s_addr; 5604 ifa_release(ifa, &psref); 5605 } 5606 curlwp_bindx(bound); 5607 5608 if (dst) *dst = ntohl(ddst); 5609 if (src) *src = ntohl(ssrc); 5610 } 5611 5612 /* 5613 * Set IP addresses. Must be called at splnet. 5614 * If an address is 0, leave it the way it is. 5615 */ 5616 static void 5617 sppp_set_ip_addrs(struct sppp *sp) 5618 { 5619 struct ifnet *ifp; 5620 struct ifaddr *ifa; 5621 struct sockaddr_in *si, *dest; 5622 uint32_t myaddr = 0, hisaddr = 0; 5623 int s; 5624 5625 KASSERT(SPPP_WLOCKED(sp)); 5626 5627 ifp = &sp->pp_if; 5628 5629 SPPP_UNLOCK(sp); 5630 IFNET_LOCK(ifp); 5631 SPPP_LOCK(sp, RW_WRITER); 5632 5633 /* 5634 * Pick the first AF_INET address from the list, 5635 * aliases don't make any sense on a p2p link anyway. 5636 */ 5637 si = dest = NULL; 5638 s = pserialize_read_enter(); 5639 IFADDR_READER_FOREACH(ifa, ifp) { 5640 if (ifa->ifa_addr->sa_family == AF_INET) { 5641 si = (struct sockaddr_in *)ifa->ifa_addr; 5642 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 5643 break; 5644 } 5645 } 5646 pserialize_read_exit(s); 5647 5648 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && (sp->ipcp.flags & IPCP_MYADDR_SEEN)) 5649 myaddr = sp->ipcp.req_myaddr; 5650 else if (si != NULL) 5651 myaddr = ntohl(si->sin_addr.s_addr); 5652 5653 if ((sp->ipcp.flags & IPCP_HISADDR_DYN) && (sp->ipcp.flags & IPCP_HISADDR_SEEN)) 5654 hisaddr = sp->ipcp.req_hisaddr; 5655 else if (dest != NULL) 5656 hisaddr = ntohl(dest->sin_addr.s_addr); 5657 5658 if (si != NULL && dest != NULL) { 5659 int error; 5660 struct sockaddr_in new_sin = *si; 5661 struct sockaddr_in new_dst = *dest; 5662 5663 if (myaddr != 0) 5664 new_sin.sin_addr.s_addr = htonl(myaddr); 5665 if (hisaddr != 0) { 5666 new_dst.sin_addr.s_addr = htonl(hisaddr); 5667 if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) 5668 sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr; 5669 } 5670 5671 in_addrhash_remove(ifatoia(ifa)); 5672 5673 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, &new_dst, 0); 5674 5675 in_addrhash_insert(ifatoia(ifa)); 5676 5677 if (error) { 5678 SPPP_DLOG(sp, "%s: in_ifinit failed, error=%d\n", 5679 __func__, error); 5680 } else { 5681 pfil_run_addrhooks(if_pfil, SIOCAIFADDR, ifa); 5682 } 5683 } 5684 5685 IFNET_UNLOCK(ifp); 5686 5687 sppp_notify_con(sp); 5688 } 5689 5690 /* 5691 * Clear IP addresses. Must be called at splnet. 5692 */ 5693 static void 5694 sppp_clear_ip_addrs(struct sppp *sp) 5695 { 5696 struct ifnet *ifp; 5697 struct ifaddr *ifa; 5698 struct sockaddr_in *si, *dest; 5699 int s; 5700 5701 KASSERT(SPPP_WLOCKED(sp)); 5702 5703 ifp = &sp->pp_if; 5704 5705 SPPP_UNLOCK(sp); 5706 IFNET_LOCK(ifp); 5707 SPPP_LOCK(sp, RW_WRITER); 5708 5709 /* 5710 * Pick the first AF_INET address from the list, 5711 * aliases don't make any sense on a p2p link anyway. 5712 */ 5713 si = dest = NULL; 5714 s = pserialize_read_enter(); 5715 IFADDR_READER_FOREACH(ifa, ifp) { 5716 if (ifa->ifa_addr->sa_family == AF_INET) { 5717 si = (struct sockaddr_in *)ifa->ifa_addr; 5718 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 5719 break; 5720 } 5721 } 5722 pserialize_read_exit(s); 5723 5724 if (si != NULL) { 5725 struct sockaddr_in new_sin = *si; 5726 struct sockaddr_in new_dst = *dest; 5727 int error; 5728 5729 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 5730 new_sin.sin_addr.s_addr = 0; 5731 if (sp->ipcp.flags & IPCP_HISADDR_DYN && 5732 ntohl(sp->ipcp.saved_hisaddr) != 0) 5733 new_dst.sin_addr.s_addr = sp->ipcp.saved_hisaddr; 5734 5735 in_addrhash_remove(ifatoia(ifa)); 5736 5737 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, &new_dst, 0); 5738 5739 in_addrhash_insert(ifatoia(ifa)); 5740 5741 if (error) { 5742 SPPP_DLOG(sp, "%s: in_ifinit failed, error=%d\n", 5743 __func__, error); 5744 } else { 5745 pfil_run_addrhooks(if_pfil, SIOCAIFADDR, ifa); 5746 } 5747 } 5748 5749 IFNET_UNLOCK(ifp); 5750 } 5751 #endif 5752 5753 #ifdef INET6 5754 /* 5755 * Get both IPv6 addresses. 5756 */ 5757 static void 5758 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 5759 struct in6_addr *srcmask) 5760 { 5761 struct ifnet *ifp = &sp->pp_if; 5762 struct ifaddr *ifa; 5763 struct sockaddr_in6 *si, *sm; 5764 struct in6_addr ssrc, ddst; 5765 int bound, s; 5766 struct psref psref; 5767 5768 sm = NULL; 5769 memset(&ssrc, 0, sizeof(ssrc)); 5770 memset(&ddst, 0, sizeof(ddst)); 5771 /* 5772 * Pick the first link-local AF_INET6 address from the list, 5773 * aliases don't make any sense on a p2p link anyway. 5774 */ 5775 si = 0; 5776 bound = curlwp_bind(); 5777 s = pserialize_read_enter(); 5778 IFADDR_READER_FOREACH(ifa, ifp) { 5779 if (ifa->ifa_addr->sa_family == AF_INET6) { 5780 si = (struct sockaddr_in6 *)ifa->ifa_addr; 5781 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 5782 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) { 5783 ifa_acquire(ifa, &psref); 5784 break; 5785 } 5786 } 5787 } 5788 pserialize_read_exit(s); 5789 5790 if (ifa) { 5791 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 5792 memcpy(&ssrc, &si->sin6_addr, sizeof(ssrc)); 5793 if (srcmask) { 5794 memcpy(srcmask, &sm->sin6_addr, 5795 sizeof(*srcmask)); 5796 } 5797 } 5798 5799 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 5800 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 5801 memcpy(&ddst, &si->sin6_addr, sizeof(ddst)); 5802 ifa_release(ifa, &psref); 5803 } 5804 curlwp_bindx(bound); 5805 5806 if (dst) 5807 memcpy(dst, &ddst, sizeof(*dst)); 5808 if (src) 5809 memcpy(src, &ssrc, sizeof(*src)); 5810 } 5811 5812 #ifdef IPV6CP_MYIFID_DYN 5813 /* 5814 * Generate random ifid. 5815 */ 5816 static void 5817 sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 5818 { 5819 /* TBD */ 5820 } 5821 5822 /* 5823 * Set my IPv6 address. Must be called at splnet. 5824 */ 5825 static void 5826 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 5827 { 5828 struct ifnet *ifp; 5829 struct ifaddr *ifa; 5830 struct sockaddr_in6 *sin6; 5831 int s; 5832 struct psref psref; 5833 5834 KASSERT(SPPP_WLOCKED(sp)); 5835 5836 ifp = &sp->pp_if; 5837 5838 SPPP_UNLOCK(sp); 5839 IFNET_LOCK(ifp); 5840 SPPP_LOCK(sp, RW_WRITER); 5841 5842 /* 5843 * Pick the first link-local AF_INET6 address from the list, 5844 * aliases don't make any sense on a p2p link anyway. 5845 */ 5846 5847 sin6 = NULL; 5848 s = pserialize_read_enter(); 5849 IFADDR_READER_FOREACH(ifa, ifp) 5850 { 5851 if (ifa->ifa_addr->sa_family == AF_INET6) 5852 { 5853 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 5854 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 5855 ifa_acquire(ifa, &psref); 5856 break; 5857 } 5858 } 5859 } 5860 pserialize_read_exit(s); 5861 5862 if (ifa && sin6) 5863 { 5864 int error; 5865 struct sockaddr_in6 new_sin6 = *sin6; 5866 5867 memcpy(&new_sin6.sin6_addr, src, sizeof(new_sin6.sin6_addr)); 5868 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 5869 if (error) { 5870 SPPP_DLOG(sp, "%s: in6_ifinit failed, error=%d\n", 5871 __func__, error); 5872 } else { 5873 pfil_run_addrhooks(if_pfil, SIOCAIFADDR_IN6, ifa); 5874 } 5875 ifa_release(ifa, &psref); 5876 } 5877 5878 IFNET_UNLOCK(ifp); 5879 } 5880 #endif 5881 5882 /* 5883 * Suggest a candidate address to be used by peer. 5884 */ 5885 static void 5886 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 5887 { 5888 struct in6_addr myaddr; 5889 struct timeval tv; 5890 5891 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 5892 5893 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 5894 microtime(&tv); 5895 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 5896 myaddr.s6_addr[14] ^= 0xff; 5897 myaddr.s6_addr[15] ^= 0xff; 5898 } else { 5899 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 5900 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 5901 } 5902 if (suggest) 5903 memcpy(suggest, &myaddr, sizeof(myaddr)); 5904 } 5905 #endif /*INET6*/ 5906 5907 /* 5908 * Process ioctl requests specific to the PPP interface. 5909 * Permissions have already been checked. 5910 */ 5911 static int 5912 sppp_params(struct sppp *sp, u_long cmd, void *data) 5913 { 5914 switch (cmd) { 5915 case SPPPGETAUTHCFG: 5916 { 5917 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 5918 int error; 5919 size_t len; 5920 5921 SPPP_LOCK(sp, RW_READER); 5922 5923 cfg->myauthflags = sp->myauth.flags; 5924 cfg->hisauthflags = sp->hisauth.flags; 5925 strlcpy(cfg->ifname, sp->pp_if.if_xname, sizeof(cfg->ifname)); 5926 cfg->hisauth = sppp_proto2authproto(sp->hisauth.proto); 5927 cfg->myauth = sppp_proto2authproto(sp->myauth.proto); 5928 if (cfg->myname_length == 0) { 5929 if (sp->myauth.name != NULL) 5930 cfg->myname_length = sp->myauth.name_len + 1; 5931 } else { 5932 if (sp->myauth.name == NULL) { 5933 cfg->myname_length = 0; 5934 } else { 5935 len = sp->myauth.name_len + 1; 5936 5937 if (cfg->myname_length < len) { 5938 SPPP_UNLOCK(sp); 5939 return (ENAMETOOLONG); 5940 } 5941 error = copyout(sp->myauth.name, cfg->myname, len); 5942 if (error) { 5943 SPPP_UNLOCK(sp); 5944 return error; 5945 } 5946 } 5947 } 5948 if (cfg->hisname_length == 0) { 5949 if (sp->hisauth.name != NULL) 5950 cfg->hisname_length = sp->hisauth.name_len + 1; 5951 } else { 5952 if (sp->hisauth.name == NULL) { 5953 cfg->hisname_length = 0; 5954 } else { 5955 len = sp->hisauth.name_len + 1; 5956 5957 if (cfg->hisname_length < len) { 5958 SPPP_UNLOCK(sp); 5959 return (ENAMETOOLONG); 5960 } 5961 error = copyout(sp->hisauth.name, cfg->hisname, len); 5962 if (error) { 5963 SPPP_UNLOCK(sp); 5964 return error; 5965 } 5966 } 5967 } 5968 SPPP_UNLOCK(sp); 5969 } 5970 break; 5971 case SPPPSETAUTHCFG: 5972 { 5973 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 5974 int error; 5975 5976 SPPP_LOCK(sp, RW_WRITER); 5977 5978 if (sp->myauth.name) { 5979 free(sp->myauth.name, M_DEVBUF); 5980 sp->myauth.name = NULL; 5981 } 5982 if (sp->myauth.secret) { 5983 free(sp->myauth.secret, M_DEVBUF); 5984 sp->myauth.secret = NULL; 5985 } 5986 if (sp->hisauth.name) { 5987 free(sp->hisauth.name, M_DEVBUF); 5988 sp->hisauth.name = NULL; 5989 } 5990 if (sp->hisauth.secret) { 5991 free(sp->hisauth.secret, M_DEVBUF); 5992 sp->hisauth.secret = NULL; 5993 } 5994 5995 if (cfg->hisname != NULL && cfg->hisname_length > 0) { 5996 if (cfg->hisname_length >= MCLBYTES) { 5997 SPPP_UNLOCK(sp); 5998 return (ENAMETOOLONG); 5999 } 6000 sp->hisauth.name = malloc(cfg->hisname_length, M_DEVBUF, M_WAITOK); 6001 error = copyin(cfg->hisname, sp->hisauth.name, cfg->hisname_length); 6002 if (error) { 6003 free(sp->hisauth.name, M_DEVBUF); 6004 sp->hisauth.name = NULL; 6005 SPPP_UNLOCK(sp); 6006 return error; 6007 } 6008 sp->hisauth.name_len = cfg->hisname_length - 1; 6009 sp->hisauth.name[sp->hisauth.name_len] = 0; 6010 } 6011 if (cfg->hissecret != NULL && cfg->hissecret_length > 0) { 6012 if (cfg->hissecret_length >= MCLBYTES) { 6013 SPPP_UNLOCK(sp); 6014 return (ENAMETOOLONG); 6015 } 6016 sp->hisauth.secret = malloc(cfg->hissecret_length, 6017 M_DEVBUF, M_WAITOK); 6018 error = copyin(cfg->hissecret, sp->hisauth.secret, 6019 cfg->hissecret_length); 6020 if (error) { 6021 free(sp->hisauth.secret, M_DEVBUF); 6022 sp->hisauth.secret = NULL; 6023 SPPP_UNLOCK(sp); 6024 return error; 6025 } 6026 sp->hisauth.secret_len = cfg->hissecret_length - 1; 6027 sp->hisauth.secret[sp->hisauth.secret_len] = 0; 6028 } 6029 if (cfg->myname != NULL && cfg->myname_length > 0) { 6030 if (cfg->myname_length >= MCLBYTES) { 6031 SPPP_UNLOCK(sp); 6032 return (ENAMETOOLONG); 6033 } 6034 sp->myauth.name = malloc(cfg->myname_length, M_DEVBUF, M_WAITOK); 6035 error = copyin(cfg->myname, sp->myauth.name, cfg->myname_length); 6036 if (error) { 6037 free(sp->myauth.name, M_DEVBUF); 6038 sp->myauth.name = NULL; 6039 SPPP_UNLOCK(sp); 6040 return error; 6041 } 6042 sp->myauth.name_len = cfg->myname_length - 1; 6043 sp->myauth.name[sp->myauth.name_len] = 0; 6044 } 6045 if (cfg->mysecret != NULL && cfg->mysecret_length > 0) { 6046 if (cfg->mysecret_length >= MCLBYTES) { 6047 SPPP_UNLOCK(sp); 6048 return (ENAMETOOLONG); 6049 } 6050 sp->myauth.secret = malloc(cfg->mysecret_length, 6051 M_DEVBUF, M_WAITOK); 6052 error = copyin(cfg->mysecret, sp->myauth.secret, 6053 cfg->mysecret_length); 6054 if (error) { 6055 free(sp->myauth.secret, M_DEVBUF); 6056 sp->myauth.secret = NULL; 6057 SPPP_UNLOCK(sp); 6058 return error; 6059 } 6060 sp->myauth.secret_len = cfg->mysecret_length - 1; 6061 sp->myauth.secret[sp->myauth.secret_len] = 0; 6062 } 6063 sp->myauth.flags = cfg->myauthflags; 6064 if (cfg->myauth != SPPP_AUTHPROTO_NOCHG) { 6065 sp->myauth.proto = sppp_authproto2proto(cfg->myauth); 6066 } 6067 sp->hisauth.flags = cfg->hisauthflags; 6068 if (cfg->hisauth != SPPP_AUTHPROTO_NOCHG) { 6069 sp->hisauth.proto = sppp_authproto2proto(cfg->hisauth); 6070 } 6071 sp->pp_auth_failures = 0; 6072 if (sp->hisauth.proto != PPP_NOPROTO) 6073 SET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO); 6074 else 6075 CLR(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO); 6076 6077 SPPP_UNLOCK(sp); 6078 } 6079 break; 6080 case SPPPGETLCPCFG: 6081 { 6082 struct sppplcpcfg *lcpp = (struct sppplcpcfg *)data; 6083 6084 SPPP_LOCK(sp, RW_READER); 6085 lcpp->lcp_timeout = sp->lcp.timeout; 6086 SPPP_UNLOCK(sp); 6087 } 6088 break; 6089 case SPPPSETLCPCFG: 6090 { 6091 struct sppplcpcfg *lcpp = (struct sppplcpcfg *)data; 6092 6093 SPPP_LOCK(sp, RW_WRITER); 6094 sp->lcp.timeout = lcpp->lcp_timeout; 6095 SPPP_UNLOCK(sp); 6096 } 6097 break; 6098 case SPPPGETNCPCFG: 6099 { 6100 struct spppncpcfg *ncpp = (struct spppncpcfg *) data; 6101 6102 SPPP_LOCK(sp, RW_READER); 6103 ncpp->ncp_flags = sp->pp_ncpflags; 6104 SPPP_UNLOCK(sp); 6105 } 6106 break; 6107 case SPPPSETNCPCFG: 6108 { 6109 struct spppncpcfg *ncpp = (struct spppncpcfg *) data; 6110 6111 SPPP_LOCK(sp, RW_WRITER); 6112 sp->pp_ncpflags = ncpp->ncp_flags; 6113 SPPP_UNLOCK(sp); 6114 } 6115 break; 6116 case SPPPGETSTATUS: 6117 { 6118 struct spppstatus *status = (struct spppstatus *)data; 6119 6120 SPPP_LOCK(sp, RW_READER); 6121 status->phase = sp->pp_phase; 6122 SPPP_UNLOCK(sp); 6123 } 6124 break; 6125 case SPPPGETSTATUSNCP: 6126 { 6127 struct spppstatusncp *status = (struct spppstatusncp *)data; 6128 6129 SPPP_LOCK(sp, RW_READER); 6130 status->phase = sp->pp_phase; 6131 status->ncpup = sppp_cp_check(sp, CP_NCP); 6132 SPPP_UNLOCK(sp); 6133 } 6134 break; 6135 case SPPPGETIDLETO: 6136 { 6137 struct spppidletimeout *to = (struct spppidletimeout *)data; 6138 6139 SPPP_LOCK(sp, RW_READER); 6140 to->idle_seconds = sp->pp_idle_timeout; 6141 SPPP_UNLOCK(sp); 6142 } 6143 break; 6144 case SPPPSETIDLETO: 6145 { 6146 struct spppidletimeout *to = (struct spppidletimeout *)data; 6147 6148 SPPP_LOCK(sp, RW_WRITER); 6149 sp->pp_idle_timeout = to->idle_seconds; 6150 SPPP_UNLOCK(sp); 6151 } 6152 break; 6153 case SPPPSETAUTHFAILURE: 6154 { 6155 struct spppauthfailuresettings *afsettings = 6156 (struct spppauthfailuresettings *)data; 6157 6158 SPPP_LOCK(sp, RW_WRITER); 6159 sp->pp_max_auth_fail = afsettings->max_failures; 6160 sp->pp_auth_failures = 0; 6161 SPPP_UNLOCK(sp); 6162 } 6163 break; 6164 case SPPPGETAUTHFAILURES: 6165 { 6166 struct spppauthfailurestats *stats = (struct spppauthfailurestats *)data; 6167 6168 SPPP_LOCK(sp, RW_READER); 6169 stats->auth_failures = sp->pp_auth_failures; 6170 stats->max_failures = sp->pp_max_auth_fail; 6171 SPPP_UNLOCK(sp); 6172 } 6173 break; 6174 case SPPPSETDNSOPTS: 6175 { 6176 struct spppdnssettings *req = (struct spppdnssettings *)data; 6177 6178 SPPP_LOCK(sp, RW_WRITER); 6179 sp->query_dns = req->query_dns & 3; 6180 SPPP_UNLOCK(sp); 6181 } 6182 break; 6183 case SPPPGETDNSOPTS: 6184 { 6185 struct spppdnssettings *req = (struct spppdnssettings *)data; 6186 6187 SPPP_LOCK(sp, RW_READER); 6188 req->query_dns = sp->query_dns; 6189 SPPP_UNLOCK(sp); 6190 } 6191 break; 6192 case SPPPGETDNSADDRS: 6193 { 6194 struct spppdnsaddrs *addrs = (struct spppdnsaddrs *)data; 6195 6196 SPPP_LOCK(sp, RW_READER); 6197 memcpy(&addrs->dns, &sp->dns_addrs, sizeof addrs->dns); 6198 SPPP_UNLOCK(sp); 6199 } 6200 break; 6201 case SPPPGETKEEPALIVE: 6202 { 6203 struct spppkeepalivesettings *settings = 6204 (struct spppkeepalivesettings*)data; 6205 6206 SPPP_LOCK(sp, RW_READER); 6207 settings->maxalive = sp->pp_maxalive; 6208 settings->max_noreceive = sp->pp_max_noreceive; 6209 settings->alive_interval = sp->pp_alive_interval; 6210 SPPP_UNLOCK(sp); 6211 } 6212 break; 6213 case SPPPSETKEEPALIVE: 6214 { 6215 struct spppkeepalivesettings *settings = 6216 (struct spppkeepalivesettings*)data; 6217 6218 SPPP_LOCK(sp, RW_WRITER); 6219 sp->pp_maxalive = settings->maxalive; 6220 sp->pp_max_noreceive = settings->max_noreceive; 6221 sp->pp_alive_interval = settings->alive_interval; 6222 SPPP_UNLOCK(sp); 6223 } 6224 break; 6225 case SPPPGETLCPSTATUS: 6226 { 6227 struct sppplcpstatus *status = 6228 (struct sppplcpstatus *)data; 6229 6230 SPPP_LOCK(sp, RW_READER); 6231 status->state = sp->scp[IDX_LCP].state; 6232 status->opts = sp->lcp.opts; 6233 status->magic = sp->lcp.magic; 6234 status->mru = sp->lcp.mru; 6235 SPPP_UNLOCK(sp); 6236 } 6237 break; 6238 case SPPPGETIPCPSTATUS: 6239 { 6240 struct spppipcpstatus *status = 6241 (struct spppipcpstatus *)data; 6242 u_int32_t myaddr; 6243 6244 SPPP_LOCK(sp, RW_READER); 6245 status->state = sp->scp[IDX_IPCP].state; 6246 status->opts = sp->ipcp.opts; 6247 #ifdef INET 6248 sppp_get_ip_addrs(sp, &myaddr, 0, 0); 6249 #else 6250 myaddr = 0; 6251 #endif 6252 status->myaddr = ntohl(myaddr); 6253 SPPP_UNLOCK(sp); 6254 } 6255 break; 6256 case SPPPGETIPV6CPSTATUS: 6257 { 6258 struct spppipv6cpstatus *status = 6259 (struct spppipv6cpstatus *)data; 6260 6261 SPPP_LOCK(sp, RW_READER); 6262 status->state = sp->scp[IDX_IPV6CP].state; 6263 memcpy(status->my_ifid, sp->ipv6cp.my_ifid, 6264 sizeof(status->my_ifid)); 6265 memcpy(status->his_ifid, sp->ipv6cp.his_ifid, 6266 sizeof(status->his_ifid)); 6267 SPPP_UNLOCK(sp); 6268 } 6269 break; 6270 default: 6271 { 6272 int ret; 6273 6274 MODULE_HOOK_CALL(sppp_params_50_hook, (sp, cmd, data), 6275 enosys(), ret); 6276 if (ret != ENOSYS) 6277 return ret; 6278 return (EINVAL); 6279 } 6280 } 6281 return (0); 6282 } 6283 6284 static void 6285 sppp_phase_network(struct sppp *sp) 6286 { 6287 int i; 6288 6289 KASSERT(SPPP_WLOCKED(sp)); 6290 6291 sppp_change_phase(sp, SPPP_PHASE_NETWORK); 6292 6293 /* Notify NCPs now. */ 6294 for (i = 0; i < IDX_COUNT; i++) 6295 if ((cps[i])->flags & CP_NCP) 6296 sppp_wq_add(sp->wq_cp, &sp->scp[i].work_open); 6297 } 6298 6299 static const char * 6300 sppp_cp_type_name(char *buf, size_t buflen, u_char type) 6301 { 6302 6303 switch (type) { 6304 case CONF_REQ: return "conf-req"; 6305 case CONF_ACK: return "conf-ack"; 6306 case CONF_NAK: return "conf-nak"; 6307 case CONF_REJ: return "conf-rej"; 6308 case TERM_REQ: return "term-req"; 6309 case TERM_ACK: return "term-ack"; 6310 case CODE_REJ: return "code-rej"; 6311 case PROTO_REJ: return "proto-rej"; 6312 case ECHO_REQ: return "echo-req"; 6313 case ECHO_REPLY: return "echo-reply"; 6314 case DISC_REQ: return "discard-req"; 6315 } 6316 if (buf != NULL) 6317 snprintf(buf, buflen, "0x%02x", type); 6318 return buf; 6319 } 6320 6321 static const char * 6322 sppp_auth_type_name(char *buf, size_t buflen, u_short proto, u_char type) 6323 { 6324 const char *name; 6325 6326 switch (proto) { 6327 case PPP_CHAP: 6328 switch (type) { 6329 case CHAP_CHALLENGE: return "challenge"; 6330 case CHAP_RESPONSE: return "response"; 6331 case CHAP_SUCCESS: return "success"; 6332 case CHAP_FAILURE: return "failure"; 6333 default: name = "chap"; break; 6334 } 6335 break; 6336 6337 case PPP_PAP: 6338 switch (type) { 6339 case PAP_REQ: return "req"; 6340 case PAP_ACK: return "ack"; 6341 case PAP_NAK: return "nak"; 6342 default: name = "pap"; break; 6343 } 6344 break; 6345 6346 default: 6347 name = "bad"; 6348 break; 6349 } 6350 6351 if (buf != NULL) 6352 snprintf(buf, buflen, "%s(%#x) 0x%02x", name, proto, type); 6353 return buf; 6354 } 6355 6356 static const char * 6357 sppp_lcp_opt_name(char *buf, size_t buflen, u_char opt) 6358 { 6359 6360 switch (opt) { 6361 case LCP_OPT_MRU: return "mru"; 6362 case LCP_OPT_ASYNC_MAP: return "async-map"; 6363 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 6364 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 6365 case LCP_OPT_MAGIC: return "magic"; 6366 case LCP_OPT_PROTO_COMP: return "proto-comp"; 6367 case LCP_OPT_ADDR_COMP: return "addr-comp"; 6368 case LCP_OPT_SELF_DESC_PAD: return "sdpad"; 6369 case LCP_OPT_CALL_BACK: return "callback"; 6370 case LCP_OPT_COMPOUND_FRMS: return "cmpd-frms"; 6371 case LCP_OPT_MP_MRRU: return "mrru"; 6372 case LCP_OPT_MP_SSNHF: return "mp-ssnhf"; 6373 case LCP_OPT_MP_EID: return "mp-eid"; 6374 } 6375 if (buf != NULL) 6376 snprintf(buf, buflen, "0x%02x", opt); 6377 return buf; 6378 } 6379 6380 static const char * 6381 sppp_ipcp_opt_name(char *buf, size_t buflen, u_char opt) 6382 { 6383 6384 switch (opt) { 6385 case IPCP_OPT_ADDRESSES: return "addresses"; 6386 case IPCP_OPT_COMPRESSION: return "compression"; 6387 case IPCP_OPT_ADDRESS: return "address"; 6388 case IPCP_OPT_PRIMDNS: return "primdns"; 6389 case IPCP_OPT_SECDNS: return "secdns"; 6390 } 6391 if (buf != NULL) 6392 snprintf(buf, buflen, "0x%02x", opt); 6393 return buf; 6394 } 6395 6396 #ifdef INET6 6397 static const char * 6398 sppp_ipv6cp_opt_name(char *buf, size_t buflen, u_char opt) 6399 { 6400 6401 switch (opt) { 6402 case IPV6CP_OPT_IFID: return "ifid"; 6403 case IPV6CP_OPT_COMPRESSION: return "compression"; 6404 } 6405 if (buf != NULL) 6406 snprintf(buf, buflen, "0x%02x", opt); 6407 return buf; 6408 } 6409 #endif 6410 6411 static const char * 6412 sppp_state_name(int state) 6413 { 6414 6415 switch (state) { 6416 case STATE_INITIAL: return "initial"; 6417 case STATE_STARTING: return "starting"; 6418 case STATE_CLOSED: return "closed"; 6419 case STATE_STOPPED: return "stopped"; 6420 case STATE_CLOSING: return "closing"; 6421 case STATE_STOPPING: return "stopping"; 6422 case STATE_REQ_SENT: return "req-sent"; 6423 case STATE_ACK_RCVD: return "ack-rcvd"; 6424 case STATE_ACK_SENT: return "ack-sent"; 6425 case STATE_OPENED: return "opened"; 6426 } 6427 return "illegal"; 6428 } 6429 6430 static const char * 6431 sppp_phase_name(int phase) 6432 { 6433 6434 switch (phase) { 6435 case SPPP_PHASE_DEAD: return "dead"; 6436 case SPPP_PHASE_ESTABLISH: return "establish"; 6437 case SPPP_PHASE_TERMINATE: return "terminate"; 6438 case SPPP_PHASE_AUTHENTICATE: return "authenticate"; 6439 case SPPP_PHASE_NETWORK: return "network"; 6440 } 6441 return "illegal"; 6442 } 6443 6444 static const char * 6445 sppp_proto_name(char *buf, size_t buflen, u_short proto) 6446 { 6447 6448 switch (proto) { 6449 case PPP_LCP: return "lcp"; 6450 case PPP_IPCP: return "ipcp"; 6451 case PPP_PAP: return "pap"; 6452 case PPP_CHAP: return "chap"; 6453 case PPP_IPV6CP: return "ipv6cp"; 6454 } 6455 if (buf != NULL) { 6456 snprintf(buf, sizeof(buf), "0x%04x", 6457 (unsigned)proto); 6458 } 6459 return buf; 6460 } 6461 6462 static void 6463 sppp_print_bytes(const u_char *p, u_short len) 6464 { 6465 addlog(" %02x", *p++); 6466 while (--len > 0) 6467 addlog("-%02x", *p++); 6468 } 6469 6470 static void 6471 sppp_print_string(const char *p, u_short len) 6472 { 6473 u_char c; 6474 6475 while (len-- > 0) { 6476 c = *p++; 6477 /* 6478 * Print only ASCII chars directly. RFC 1994 recommends 6479 * using only them, but we don't rely on it. */ 6480 if (c < ' ' || c > '~') 6481 addlog("\\x%x", c); 6482 else 6483 addlog("%c", c); 6484 } 6485 } 6486 6487 static const char * 6488 sppp_dotted_quad(char *buf, size_t buflen, uint32_t addr) 6489 { 6490 6491 if (buf != NULL) { 6492 snprintf(buf, buflen, "%u.%u.%u.%u", 6493 (unsigned int)((addr >> 24) & 0xff), 6494 (unsigned int)((addr >> 16) & 0xff), 6495 (unsigned int)((addr >> 8) & 0xff), 6496 (unsigned int)(addr & 0xff)); 6497 } 6498 return buf; 6499 } 6500 6501 /* a dummy, used to drop uninteresting events */ 6502 static void 6503 sppp_null(struct sppp *unused) 6504 { 6505 /* do just nothing */ 6506 } 6507 6508 static void 6509 sppp_tls(const struct cp *cp, struct sppp *sp) 6510 { 6511 6512 SPPP_DLOG(sp, "%s tls\n", cp->name); 6513 6514 /* notify lcp that is lower layer */ 6515 sp->lcp.protos |= (1 << cp->protoidx); 6516 } 6517 6518 static void 6519 sppp_tlf(const struct cp *cp, struct sppp *sp) 6520 { 6521 6522 SPPP_DLOG(sp, "%s tlf\n", cp->name); 6523 6524 /* notify lcp that is lower layer */ 6525 sp->lcp.protos &= ~(1 << cp->protoidx); 6526 6527 /* cleanup */ 6528 if (sp->scp[cp->protoidx].mbuf_confreq != NULL) { 6529 m_freem(sp->scp[cp->protoidx].mbuf_confreq); 6530 sp->scp[cp->protoidx].mbuf_confreq = NULL; 6531 } 6532 if (sp->scp[cp->protoidx].mbuf_confnak != NULL) { 6533 m_freem(sp->scp[cp->protoidx].mbuf_confnak); 6534 sp->scp[cp->protoidx].mbuf_confnak = NULL; 6535 } 6536 6537 sppp_lcp_check_and_close(sp); 6538 } 6539 6540 static void 6541 sppp_screply(const struct cp *cp, struct sppp *sp, u_char type, 6542 uint8_t ident, size_t msglen, void *msg) 6543 { 6544 6545 if (msglen == 0) 6546 return; 6547 6548 switch (type) { 6549 case CONF_ACK: 6550 case CONF_NAK: 6551 case CONF_REJ: 6552 break; 6553 default: 6554 return; 6555 } 6556 6557 if (sppp_debug_enabled(sp)) { 6558 char tbuf[SPPP_CPTYPE_NAMELEN]; 6559 const char *cpname; 6560 6561 cpname = sppp_cp_type_name(tbuf, sizeof(tbuf), type); 6562 SPPP_LOG(sp, LOG_DEBUG, "send %s\n", cpname); 6563 } 6564 6565 sppp_cp_send(sp, cp->proto, type, ident, msglen, msg); 6566 } 6567 6568 static void 6569 sppp_ifdown(struct sppp *sp, void *xcp __unused) 6570 { 6571 6572 SPPP_UNLOCK(sp); 6573 if_down(&sp->pp_if); 6574 IF_PURGE(&sp->pp_cpq); 6575 SPPP_LOCK(sp, RW_WRITER); 6576 } 6577 6578 static void 6579 sppp_notify_up(struct sppp *sp) 6580 { 6581 6582 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_up); 6583 } 6584 6585 static void 6586 sppp_notify_down(struct sppp *sp) 6587 { 6588 6589 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_down); 6590 } 6591 6592 static void 6593 sppp_notify_tls_wlocked(struct sppp *sp) 6594 { 6595 6596 KASSERT(SPPP_WLOCKED(sp)); 6597 6598 if (!sp->pp_tls) 6599 return; 6600 6601 SPPP_UNLOCK(sp); 6602 sp->pp_tls(sp); 6603 SPPP_LOCK(sp, RW_WRITER); 6604 } 6605 6606 static void 6607 sppp_notify_tlf_wlocked(struct sppp *sp) 6608 { 6609 6610 KASSERT(SPPP_WLOCKED(sp)); 6611 6612 if (!sp->pp_tlf) 6613 return; 6614 6615 SPPP_UNLOCK(sp); 6616 sp->pp_tlf(sp); 6617 SPPP_LOCK(sp, RW_WRITER); 6618 } 6619 6620 static void 6621 sppp_notify_con(struct sppp *sp) 6622 { 6623 6624 if (!sp->pp_con) 6625 return; 6626 6627 sp->pp_con(sp); 6628 } 6629 6630 #ifdef INET6 6631 static void 6632 sppp_notify_con_wlocked(struct sppp *sp) 6633 { 6634 6635 KASSERT(SPPP_WLOCKED(sp)); 6636 6637 SPPP_UNLOCK(sp); 6638 sppp_notify_con(sp); 6639 SPPP_LOCK(sp, RW_WRITER); 6640 6641 } 6642 #endif 6643 6644 static void 6645 sppp_notify_chg_wlocked(struct sppp *sp) 6646 { 6647 6648 KASSERT(SPPP_WLOCKED(sp)); 6649 6650 if (!sp->pp_chg) 6651 return; 6652 6653 SPPP_UNLOCK(sp); 6654 sp->pp_chg(sp, sp->pp_phase); 6655 SPPP_LOCK(sp, RW_WRITER); 6656 } 6657 6658 static void 6659 sppp_wq_work(struct work *wk, void *xsp) 6660 { 6661 struct sppp *sp; 6662 struct sppp_work *work; 6663 6664 sp = xsp; 6665 work = container_of(wk, struct sppp_work, work); 6666 atomic_cas_uint(&work->state, SPPP_WK_BUSY, SPPP_WK_FREE); 6667 6668 SPPP_LOCK(sp, RW_WRITER); 6669 work->func(sp, work->arg); 6670 SPPP_UNLOCK(sp); 6671 } 6672 6673 static struct workqueue * 6674 sppp_wq_create(struct sppp *sp, const char *xnamebuf, pri_t prio, int ipl, int flags) 6675 { 6676 struct workqueue *wq; 6677 int error; 6678 6679 error = workqueue_create(&wq, xnamebuf, sppp_wq_work, 6680 (void *)sp, prio, ipl, flags); 6681 if (error) { 6682 panic("%s: workqueue_create failed [%s, %d]\n", 6683 sp->pp_if.if_xname, xnamebuf, error); 6684 } 6685 6686 return wq; 6687 } 6688 6689 static void 6690 sppp_wq_destroy(struct sppp *sp __unused, struct workqueue *wq) 6691 { 6692 6693 workqueue_destroy(wq); 6694 } 6695 6696 static void 6697 sppp_wq_set(struct sppp_work *work, 6698 void (*func)(struct sppp *, void *), void *arg) 6699 { 6700 6701 work->func = func; 6702 work->arg = arg; 6703 } 6704 6705 static void 6706 sppp_wq_add(struct workqueue *wq, struct sppp_work *work) 6707 { 6708 6709 if (atomic_cas_uint(&work->state, SPPP_WK_FREE, SPPP_WK_BUSY) 6710 != SPPP_WK_FREE) 6711 return; 6712 6713 KASSERT(work->func != NULL); 6714 kpreempt_disable(); 6715 workqueue_enqueue(wq, &work->work, NULL); 6716 kpreempt_enable(); 6717 } 6718 static void 6719 sppp_wq_wait(struct workqueue *wq, struct sppp_work *work) 6720 { 6721 6722 atomic_swap_uint(&work->state, SPPP_WK_UNAVAIL); 6723 workqueue_wait(wq, &work->work); 6724 } 6725 6726 /* 6727 * This file is large. Tell emacs to highlight it nevertheless. 6728 * 6729 * Local Variables: 6730 * hilit-auto-highlight-maxout: 120000 6731 * End: 6732 */ 6733 6734 /* 6735 * Module glue 6736 */ 6737 MODULE(MODULE_CLASS_MISC, sppp_subr, NULL); 6738 6739 static int 6740 sppp_subr_modcmd(modcmd_t cmd, void *arg) 6741 { 6742 6743 switch (cmd) { 6744 case MODULE_CMD_INIT: 6745 case MODULE_CMD_FINI: 6746 return 0; 6747 case MODULE_CMD_STAT: 6748 case MODULE_CMD_AUTOUNLOAD: 6749 default: 6750 return ENOTTY; 6751 } 6752 } 6753