1 /* $NetBSD: if_spppsubr.c,v 1.267 2023/03/25 21:35:49 andvar Exp $ */ 2 3 /* 4 * Synchronous PPP/Cisco link level subroutines. 5 * Keepalive protocol implemented in both Cisco and PPP modes. 6 * 7 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 8 * Author: Serge Vakulenko, <vak@cronyx.ru> 9 * 10 * Heavily revamped to conform to RFC 1661. 11 * Copyright (C) 1997, Joerg Wunsch. 12 * 13 * RFC2472 IPv6CP support. 14 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun@iijlab.net>. 15 * 16 * Redistribution and use in source and binary forms, with or without 17 * modification, are permitted provided that the following conditions are met: 18 * 1. Redistributions of source code must retain the above copyright notice, 19 * this list of conditions and the following disclaimer. 20 * 2. Redistributions in binary form must reproduce the above copyright notice, 21 * this list of conditions and the following disclaimer in the documentation 22 * and/or other materials provided with the distribution. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY 25 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE 28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 32 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 34 * POSSIBILITY OF SUCH DAMAGE. 35 * 36 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 37 * 38 * From: if_spppsubr.c,v 1.39 1998/04/04 13:26:03 phk Exp 39 * 40 * From: Id: if_spppsubr.c,v 1.23 1999/02/23 14:47:50 hm Exp 41 */ 42 43 #include <sys/cdefs.h> 44 __KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.267 2023/03/25 21:35:49 andvar Exp $"); 45 46 #if defined(_KERNEL_OPT) 47 #include "opt_inet.h" 48 #include "opt_modular.h" 49 #include "opt_compat_netbsd.h" 50 #include "opt_net_mpsafe.h" 51 #include "opt_sppp.h" 52 #endif 53 54 #include <sys/param.h> 55 #include <sys/proc.h> 56 #include <sys/systm.h> 57 #include <sys/kernel.h> 58 #include <sys/sockio.h> 59 #include <sys/socket.h> 60 #include <sys/syslog.h> 61 #include <sys/malloc.h> 62 #include <sys/mbuf.h> 63 #include <sys/callout.h> 64 #include <sys/md5.h> 65 #include <sys/inttypes.h> 66 #include <sys/kauth.h> 67 #include <sys/cprng.h> 68 #include <sys/module.h> 69 #include <sys/workqueue.h> 70 #include <sys/atomic.h> 71 #include <sys/compat_stub.h> 72 #include <sys/cpu.h> 73 74 #include <net/if.h> 75 #include <net/if_types.h> 76 #include <net/route.h> 77 #include <net/ppp_defs.h> 78 79 #include <netinet/in.h> 80 #include <netinet/in_systm.h> 81 #include <netinet/in_var.h> 82 #ifdef INET 83 #include <netinet/ip.h> 84 #include <netinet/tcp.h> 85 #endif 86 #include <net/ethertypes.h> 87 88 #ifdef INET6 89 #include <netinet6/scope6_var.h> 90 #endif 91 92 #include <net/if_sppp.h> 93 #include <net/if_spppvar.h> 94 95 #ifdef NET_MPSAFE 96 #define SPPPSUBR_MPSAFE 1 97 #endif 98 99 #define DEFAULT_KEEPALIVE_INTERVAL 10 /* seconds between checks */ 100 #define DEFAULT_ALIVE_INTERVAL 1 /* count of sppp_keepalive */ 101 #define LOOPALIVECNT 3 /* loopback detection tries */ 102 #define DEFAULT_MAXALIVECNT 3 /* max. missed alive packets */ 103 #define DEFAULT_NORECV_TIME 15 /* before we get worried */ 104 #define DEFAULT_MAX_AUTH_FAILURES 5 /* max. auth. failures */ 105 106 #ifndef SPPP_KEEPALIVE_INTERVAL 107 #define SPPP_KEEPALIVE_INTERVAL DEFAULT_KEEPALIVE_INTERVAL 108 #endif 109 110 #ifndef SPPP_NORECV_TIME 111 #define SPPP_NORECV_TIME DEFAULT_NORECV_TIME 112 #endif 113 114 #ifndef SPPP_ALIVE_INTERVAL 115 #define SPPP_ALIVE_INTERVAL DEFAULT_ALIVE_INTERVAL 116 #endif 117 118 #define SPPP_CPTYPE_NAMELEN 5 /* buf size of cp type name */ 119 #define SPPP_AUTHTYPE_NAMELEN 32 /* buf size of auth type name */ 120 #define SPPP_LCPOPT_NAMELEN 5 /* buf size of lcp option name */ 121 #define SPPP_IPCPOPT_NAMELEN 5 /* buf size of ipcp option name */ 122 #define SPPP_IPV6CPOPT_NAMELEN 5 /* buf size of ipv6cp option name */ 123 #define SPPP_PROTO_NAMELEN 7 /* buf size of protocol name */ 124 #define SPPP_DOTQUAD_BUFLEN 16 /* length of "aa.bb.cc.dd" */ 125 126 /* 127 * Interface flags that can be set in an ifconfig command. 128 * 129 * Setting link0 will make the link passive, i.e. it will be marked 130 * as being administrative openable, but won't be opened to begin 131 * with. Incoming calls will be answered, or subsequent calls with 132 * -link1 will cause the administrative open of the LCP layer. 133 * 134 * Setting link1 will cause the link to auto-dial only as packets 135 * arrive to be sent. 136 * 137 * Setting IFF_DEBUG will syslog the option negotiation and state 138 * transitions at level kern.debug. Note: all logs consistently look 139 * like 140 * 141 * <if-name><unit>: <proto-name> <additional info...> 142 * 143 * with <if-name><unit> being something like "bppp0", and <proto-name> 144 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 145 */ 146 147 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 148 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 149 150 #define CONF_REQ 1 /* PPP configure request */ 151 #define CONF_ACK 2 /* PPP configure acknowledge */ 152 #define CONF_NAK 3 /* PPP configure negative ack */ 153 #define CONF_REJ 4 /* PPP configure reject */ 154 #define TERM_REQ 5 /* PPP terminate request */ 155 #define TERM_ACK 6 /* PPP terminate acknowledge */ 156 #define CODE_REJ 7 /* PPP code reject */ 157 #define PROTO_REJ 8 /* PPP protocol reject */ 158 #define ECHO_REQ 9 /* PPP echo request */ 159 #define ECHO_REPLY 10 /* PPP echo reply */ 160 #define DISC_REQ 11 /* PPP discard request */ 161 162 #define LCP_OPT_MRU 1 /* maximum receive unit */ 163 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 164 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 165 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 166 #define LCP_OPT_MAGIC 5 /* magic number */ 167 #define LCP_OPT_RESERVED 6 /* reserved */ 168 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 169 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 170 #define LCP_OPT_FCS_ALTS 9 /* FCS alternatives */ 171 #define LCP_OPT_SELF_DESC_PAD 10 /* self-describing padding */ 172 #define LCP_OPT_CALL_BACK 13 /* callback */ 173 #define LCP_OPT_COMPOUND_FRMS 15 /* compound frames */ 174 #define LCP_OPT_MP_MRRU 17 /* multilink MRRU */ 175 #define LCP_OPT_MP_SSNHF 18 /* multilink short seq. numbers */ 176 #define LCP_OPT_MP_EID 19 /* multilink endpoint discriminator */ 177 178 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 179 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol */ 180 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 181 #define IPCP_OPT_PRIMDNS 129 /* primary remote dns address */ 182 #define IPCP_OPT_SECDNS 131 /* secondary remote dns address */ 183 184 #define IPCP_UPDATE_LIMIT 8 /* limit of pending IP updating job */ 185 #define IPCP_SET_ADDRS 1 /* marker for IP address setting job */ 186 #define IPCP_CLEAR_ADDRS 2 /* marker for IP address clearing job */ 187 188 #define IPV6CP_OPT_IFID 1 /* interface identifier */ 189 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 190 191 #define PAP_REQ 1 /* PAP name/password request */ 192 #define PAP_ACK 2 /* PAP acknowledge */ 193 #define PAP_NAK 3 /* PAP fail */ 194 195 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 196 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 197 #define CHAP_SUCCESS 3 /* CHAP response ok */ 198 #define CHAP_FAILURE 4 /* CHAP response failed */ 199 200 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 201 202 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 203 #define CISCO_UNICAST 0x0f /* Cisco unicast address */ 204 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 205 #define CISCO_ADDR_REQ 0 /* Cisco address request */ 206 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 207 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 208 209 #define PPP_NOPROTO 0 /* no authentication protocol */ 210 211 enum { 212 STATE_INITIAL = SPPP_STATE_INITIAL, 213 STATE_STARTING = SPPP_STATE_STARTING, 214 STATE_CLOSED = SPPP_STATE_CLOSED, 215 STATE_STOPPED = SPPP_STATE_STOPPED, 216 STATE_CLOSING = SPPP_STATE_CLOSING, 217 STATE_STOPPING = SPPP_STATE_STOPPING, 218 STATE_REQ_SENT = SPPP_STATE_REQ_SENT, 219 STATE_ACK_RCVD = SPPP_STATE_ACK_RCVD, 220 STATE_ACK_SENT = SPPP_STATE_ACK_SENT, 221 STATE_OPENED = SPPP_STATE_OPENED, 222 }; 223 224 enum cp_rcr_type { 225 CP_RCR_NONE = 0, /* initial value */ 226 CP_RCR_ACK, /* RCR+ */ 227 CP_RCR_NAK, /* RCR- */ 228 CP_RCR_REJ, /* RCR- */ 229 CP_RCR_DROP, /* DROP message */ 230 CP_RCR_ERR, /* internal error */ 231 }; 232 233 struct ppp_header { 234 uint8_t address; 235 uint8_t control; 236 uint16_t protocol; 237 } __packed; 238 #define PPP_HEADER_LEN sizeof (struct ppp_header) 239 240 struct lcp_header { 241 uint8_t type; 242 uint8_t ident; 243 uint16_t len; 244 } __packed; 245 #define LCP_HEADER_LEN sizeof (struct lcp_header) 246 247 struct cisco_packet { 248 uint32_t type; 249 uint32_t par1; 250 uint32_t par2; 251 uint16_t rel; 252 uint16_t time0; 253 uint16_t time1; 254 } __packed; 255 #define CISCO_PACKET_LEN 18 256 257 /* 258 * We follow the spelling and capitalization of RFC 1661 here, to make 259 * it easier comparing with the standard. Please refer to this RFC in 260 * case you can't make sense out of these abbreviation; it will also 261 * explain the semantics related to the various events and actions. 262 */ 263 struct cp { 264 u_short proto; /* PPP control protocol number */ 265 u_char protoidx; /* index into state table in struct sppp */ 266 u_char flags; 267 #define CP_LCP 0x01 /* this is the LCP */ 268 #define CP_AUTH 0x02 /* this is an authentication protocol */ 269 #define CP_NCP 0x04 /* this is a NCP */ 270 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 271 const char *name; /* name of this control protocol */ 272 /* event handlers */ 273 void (*Up)(struct sppp *, void *); 274 void (*Down)(struct sppp *, void *); 275 void (*Open)(struct sppp *, void *); 276 void (*Close)(struct sppp *, void *); 277 void (*TO)(struct sppp *, void *); 278 /* actions */ 279 void (*tlu)(struct sppp *); 280 void (*tld)(struct sppp *); 281 void (*tls)(const struct cp *, struct sppp *); 282 void (*tlf)(const struct cp *, struct sppp *); 283 void (*scr)(struct sppp *); 284 void (*screply)(const struct cp *, struct sppp *, u_char, 285 uint8_t, size_t, void *); 286 287 /* message parser */ 288 enum cp_rcr_type 289 (*parse_confreq)(struct sppp *, struct lcp_header *, int, 290 uint8_t **, size_t *, size_t *); 291 void (*parse_confrej)(struct sppp *, struct lcp_header *, int); 292 void (*parse_confnak)(struct sppp *, struct lcp_header *, int); 293 }; 294 295 enum auth_role { 296 SPPP_AUTH_NOROLE = 0, 297 SPPP_AUTH_SERV = __BIT(0), 298 SPPP_AUTH_PEER = __BIT(1), 299 }; 300 301 static struct sppp *spppq; 302 static kmutex_t *spppq_lock = NULL; 303 static callout_t keepalive_ch; 304 static unsigned int sppp_keepalive_cnt = 0; 305 306 pktq_rps_hash_func_t sppp_pktq_rps_hash_p; 307 308 #define SPPPQ_LOCK() if (spppq_lock) \ 309 mutex_enter(spppq_lock); 310 #define SPPPQ_UNLOCK() if (spppq_lock) \ 311 mutex_exit(spppq_lock); 312 313 #define SPPP_LOCK(_sp, _op) rw_enter(&(_sp)->pp_lock, (_op)) 314 #define SPPP_UNLOCK(_sp) rw_exit(&(_sp)->pp_lock) 315 #define SPPP_WLOCKED(_sp) rw_write_held(&(_sp)->pp_lock) 316 #define SPPP_UPGRADE(_sp) do{ \ 317 SPPP_UNLOCK(_sp); \ 318 SPPP_LOCK(_sp, RW_WRITER); \ 319 }while (0) 320 #define SPPP_DOWNGRADE(_sp) rw_downgrade(&(_sp)->pp_lock) 321 #define SPPP_WQ_SET(_wk, _func, _arg) \ 322 sppp_wq_set((_wk), (_func), __UNCONST((_arg))) 323 #define SPPP_LOG(_sp, _lvl, _fmt, _args...) do { \ 324 if (__predict_true((_sp) != NULL)) { \ 325 log((_lvl), "%s: ", (_sp)->pp_if.if_xname); \ 326 } \ 327 addlog((_fmt), ##_args); \ 328 } while (0) 329 #define SPPP_DLOG(_sp, _fmt, _args...) do { \ 330 if (!sppp_debug_enabled(_sp)) \ 331 break; \ 332 SPPP_LOG(_sp, LOG_DEBUG, _fmt, ##_args); \ 333 } while (0) 334 335 #ifdef INET 336 #ifndef SPPPSUBR_MPSAFE 337 /* 338 * The following disgusting hack gets around the problem that IP TOS 339 * can't be set yet. We want to put "interactive" traffic on a high 340 * priority queue. To decide if traffic is interactive, we check that 341 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 342 * 343 * XXX is this really still necessary? - joerg - 344 */ 345 static u_short interactive_ports[8] = { 346 0, 513, 0, 0, 347 0, 21, 0, 23, 348 }; 349 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 350 #endif /* SPPPSUBR_MPSAFE */ 351 #endif 352 353 /* almost every function needs these */ 354 355 static bool sppp_debug_enabled(struct sppp *sp); 356 static int sppp_output(struct ifnet *, struct mbuf *, 357 const struct sockaddr *, const struct rtentry *); 358 359 static void sppp_cp_init(const struct cp *, struct sppp *); 360 static void sppp_cp_fini(const struct cp *, struct sppp *); 361 static void sppp_cp_input(const struct cp *, struct sppp *, 362 struct mbuf *); 363 static void sppp_cp_input(const struct cp *, struct sppp *, 364 struct mbuf *); 365 static void sppp_cp_send(struct sppp *, u_short, u_char, 366 u_char, u_short, void *); 367 /* static void sppp_cp_timeout(void *arg); */ 368 static void sppp_cp_change_state(const struct cp *, struct sppp *, int); 369 static struct workqueue * 370 sppp_wq_create(struct sppp *, const char *, pri_t, int, int); 371 static void sppp_wq_destroy(struct sppp *, struct workqueue *); 372 static void sppp_wq_set(struct sppp_work *, 373 void (*)(struct sppp *, void *), void *); 374 static void sppp_wq_add(struct workqueue *, struct sppp_work *); 375 static void sppp_wq_wait(struct workqueue *, struct sppp_work *); 376 static void sppp_cp_to_lcp(void *); 377 static void sppp_cp_to_ipcp(void *); 378 static void sppp_cp_to_ipv6cp(void *); 379 static void sppp_auth_send(const struct cp *, struct sppp *, 380 unsigned int, unsigned int, ...); 381 static int sppp_auth_role(const struct cp *, struct sppp *); 382 static void sppp_auth_to_event(struct sppp *, void *); 383 static void sppp_auth_screply(const struct cp *, struct sppp *, 384 u_char, uint8_t, size_t, void *); 385 static void sppp_up_event(struct sppp *, void *); 386 static void sppp_down_event(struct sppp *, void *); 387 static void sppp_open_event(struct sppp *, void *); 388 static void sppp_close_event(struct sppp *, void *); 389 static void sppp_to_event(struct sppp *, void *); 390 static void sppp_rcr_event(struct sppp *, void *); 391 static void sppp_rca_event(struct sppp *, void *); 392 static void sppp_rcn_event(struct sppp *, void *); 393 static void sppp_rtr_event(struct sppp *, void *); 394 static void sppp_rta_event(struct sppp *, void *); 395 static void sppp_rxj_event(struct sppp *, void *); 396 397 static void sppp_null(struct sppp *); 398 static void sppp_tls(const struct cp *, struct sppp *); 399 static void sppp_tlf(const struct cp *, struct sppp *); 400 static void sppp_screply(const struct cp *, struct sppp *, 401 u_char, uint8_t, size_t, void *); 402 static void sppp_ifdown(struct sppp *, void *); 403 404 static void sppp_lcp_init(struct sppp *); 405 static void sppp_lcp_up(struct sppp *, void *); 406 static void sppp_lcp_down(struct sppp *, void *); 407 static void sppp_lcp_open(struct sppp *, void *); 408 static enum cp_rcr_type 409 sppp_lcp_confreq(struct sppp *, struct lcp_header *, int, 410 uint8_t **, size_t *, size_t *); 411 static void sppp_lcp_confrej(struct sppp *, struct lcp_header *, int); 412 static void sppp_lcp_confnak(struct sppp *, struct lcp_header *, int); 413 static void sppp_lcp_tlu(struct sppp *); 414 static void sppp_lcp_tld(struct sppp *); 415 static void sppp_lcp_tls(const struct cp *, struct sppp *); 416 static void sppp_lcp_tlf(const struct cp *, struct sppp *); 417 static void sppp_lcp_scr(struct sppp *); 418 static void sppp_lcp_check_and_close(struct sppp *); 419 static int sppp_cp_check(struct sppp *, u_char); 420 421 static void sppp_ipcp_init(struct sppp *); 422 static void sppp_ipcp_open(struct sppp *, void *); 423 static void sppp_ipcp_close(struct sppp *, void *); 424 static enum cp_rcr_type 425 sppp_ipcp_confreq(struct sppp *, struct lcp_header *, int, 426 uint8_t **, size_t *, size_t *); 427 static void sppp_ipcp_confrej(struct sppp *, struct lcp_header *, int); 428 static void sppp_ipcp_confnak(struct sppp *, struct lcp_header *, int); 429 static void sppp_ipcp_tlu(struct sppp *); 430 static void sppp_ipcp_tld(struct sppp *); 431 static void sppp_ipcp_scr(struct sppp *); 432 433 static void sppp_ipv6cp_init(struct sppp *); 434 static void sppp_ipv6cp_open(struct sppp *, void *); 435 static enum cp_rcr_type 436 sppp_ipv6cp_confreq(struct sppp *, struct lcp_header *, int, 437 uint8_t **, size_t *, size_t *); 438 static void sppp_ipv6cp_confrej(struct sppp *, struct lcp_header *, int); 439 static void sppp_ipv6cp_confnak(struct sppp *, struct lcp_header *, int); 440 static void sppp_ipv6cp_tlu(struct sppp *); 441 static void sppp_ipv6cp_tld(struct sppp *); 442 static void sppp_ipv6cp_scr(struct sppp *); 443 444 static void sppp_pap_input(struct sppp *, struct mbuf *); 445 static void sppp_pap_init(struct sppp *); 446 static void sppp_pap_tlu(struct sppp *); 447 static void sppp_pap_scr(struct sppp *); 448 static void sppp_pap_scr(struct sppp *); 449 450 static void sppp_chap_input(struct sppp *, struct mbuf *); 451 static void sppp_chap_init(struct sppp *); 452 static void sppp_chap_open(struct sppp *, void *); 453 static void sppp_chap_tlu(struct sppp *); 454 static void sppp_chap_scr(struct sppp *); 455 static void sppp_chap_rcv_challenge_event(struct sppp *, void *); 456 457 static const char *sppp_auth_type_name(char *, size_t, u_short, u_char); 458 static const char *sppp_cp_type_name(char *, size_t, u_char); 459 static const char *sppp_dotted_quad(char *, size_t, uint32_t); 460 static const char *sppp_ipcp_opt_name(char *, size_t, u_char); 461 #ifdef INET6 462 static const char *sppp_ipv6cp_opt_name(char *, size_t, u_char); 463 #endif 464 static const char *sppp_lcp_opt_name(char *, size_t, u_char); 465 static const char *sppp_phase_name(int); 466 static const char *sppp_proto_name(char *, size_t, u_short); 467 static const char *sppp_state_name(int); 468 static int sppp_params(struct sppp *, u_long, void *); 469 #ifdef INET 470 static void sppp_get_ip_addrs(struct sppp *, uint32_t *, uint32_t *, uint32_t *); 471 static void sppp_set_ip_addrs(struct sppp *); 472 static void sppp_clear_ip_addrs(struct sppp *); 473 #endif 474 static void sppp_keepalive(void *); 475 static void sppp_phase_network(struct sppp *); 476 static void sppp_print_bytes(const u_char *, u_short); 477 static void sppp_print_string(const char *, u_short); 478 #ifdef INET6 479 static void sppp_get_ip6_addrs(struct sppp *, struct in6_addr *, 480 struct in6_addr *, struct in6_addr *); 481 #ifdef IPV6CP_MYIFID_DYN 482 static void sppp_set_ip6_addr(struct sppp *, const struct in6_addr *); 483 static void sppp_gen_ip6_addr(struct sppp *, const struct in6_addr *); 484 #endif 485 static void sppp_suggest_ip6_addr(struct sppp *, struct in6_addr *); 486 #endif 487 488 static void sppp_notify_up(struct sppp *); 489 static void sppp_notify_down(struct sppp *); 490 static void sppp_notify_tls_wlocked(struct sppp *); 491 static void sppp_notify_tlf_wlocked(struct sppp *); 492 #ifdef INET6 493 static void sppp_notify_con_wlocked(struct sppp *); 494 #endif 495 static void sppp_notify_con(struct sppp *); 496 497 static void sppp_notify_chg_wlocked(struct sppp *); 498 499 /* our control protocol descriptors */ 500 static const struct cp lcp = { 501 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 502 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, 503 sppp_close_event, sppp_to_event, 504 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, 505 sppp_lcp_tlf, sppp_lcp_scr, sppp_screply, 506 sppp_lcp_confreq, sppp_lcp_confrej, sppp_lcp_confnak 507 }; 508 509 static const struct cp ipcp = { 510 PPP_IPCP, IDX_IPCP, 511 #ifdef INET 512 CP_NCP, /*don't run IPCP if there's no IPv4 support*/ 513 #else 514 0, 515 #endif 516 "ipcp", 517 sppp_up_event, sppp_down_event, sppp_ipcp_open, 518 sppp_ipcp_close, sppp_to_event, 519 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_tls, 520 sppp_tlf, sppp_ipcp_scr, sppp_screply, 521 sppp_ipcp_confreq, sppp_ipcp_confrej, sppp_ipcp_confnak, 522 }; 523 524 static const struct cp ipv6cp = { 525 PPP_IPV6CP, IDX_IPV6CP, 526 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 527 CP_NCP, 528 #else 529 0, 530 #endif 531 "ipv6cp", 532 sppp_up_event, sppp_down_event, sppp_ipv6cp_open, 533 sppp_close_event, sppp_to_event, 534 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_tls, 535 sppp_tlf, sppp_ipv6cp_scr, sppp_screply, 536 sppp_ipv6cp_confreq, sppp_ipv6cp_confrej, sppp_ipv6cp_confnak, 537 }; 538 539 static const struct cp pap = { 540 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 541 sppp_up_event, sppp_down_event, sppp_open_event, 542 sppp_close_event, sppp_auth_to_event, 543 sppp_pap_tlu, sppp_null, sppp_tls, sppp_tlf, 544 sppp_pap_scr, sppp_auth_screply, 545 NULL, NULL, NULL 546 }; 547 548 static const struct cp chap = { 549 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 550 sppp_up_event, sppp_down_event, sppp_chap_open, 551 sppp_close_event, sppp_auth_to_event, 552 sppp_chap_tlu, sppp_null, sppp_tls, sppp_tlf, 553 sppp_chap_scr, sppp_auth_screply, 554 NULL, NULL, NULL 555 }; 556 557 static const struct cp *cps[IDX_COUNT] = { 558 &lcp, /* IDX_LCP */ 559 &ipcp, /* IDX_IPCP */ 560 &ipv6cp, /* IDX_IPV6CP */ 561 &pap, /* IDX_PAP */ 562 &chap, /* IDX_CHAP */ 563 }; 564 565 static inline u_int 566 sppp_proto2authproto(u_short proto) 567 { 568 569 switch (proto) { 570 case PPP_PAP: 571 return SPPP_AUTHPROTO_PAP; 572 case PPP_CHAP: 573 return SPPP_AUTHPROTO_CHAP; 574 } 575 576 return SPPP_AUTHPROTO_NONE; 577 } 578 579 static inline u_short 580 sppp_authproto2proto(u_int authproto) 581 { 582 583 switch (authproto) { 584 case SPPP_AUTHPROTO_PAP: 585 return PPP_PAP; 586 case SPPP_AUTHPROTO_CHAP: 587 return PPP_CHAP; 588 } 589 590 return PPP_NOPROTO; 591 } 592 593 static inline bool 594 sppp_debug_enabled(struct sppp *sp) 595 { 596 597 if (__predict_false(sp == NULL)) 598 return false; 599 600 if ((sp->pp_if.if_flags & IFF_DEBUG) == 0) 601 return false; 602 603 return true; 604 } 605 606 static void 607 sppp_change_phase(struct sppp *sp, int phase) 608 { 609 struct ifnet *ifp; 610 611 KASSERT(SPPP_WLOCKED(sp)); 612 613 ifp = &sp->pp_if; 614 615 if (sp->pp_phase == phase) 616 return; 617 618 sp->pp_phase = phase; 619 620 if (phase == SPPP_PHASE_NETWORK) 621 if_link_state_change(ifp, LINK_STATE_UP); 622 else 623 if_link_state_change(ifp, LINK_STATE_DOWN); 624 625 SPPP_DLOG(sp, "phase %s\n", 626 sppp_phase_name(sp->pp_phase)); 627 } 628 629 /* 630 * Exported functions, comprising our interface to the lower layer. 631 */ 632 633 /* 634 * Process the received packet. 635 */ 636 void 637 sppp_input(struct ifnet *ifp, struct mbuf *m) 638 { 639 struct ppp_header *h = NULL; 640 pktqueue_t *pktq = NULL; 641 uint16_t protocol; 642 struct sppp *sp = (struct sppp *)ifp; 643 644 /* No RPS for not-IP. */ 645 pktq_rps_hash_func_t rps_hash = NULL; 646 647 SPPP_LOCK(sp, RW_READER); 648 649 if (ifp->if_flags & IFF_UP) { 650 /* Count received bytes, add hardware framing */ 651 if_statadd(ifp, if_ibytes, m->m_pkthdr.len + sp->pp_framebytes); 652 /* Note time of last receive */ 653 sp->pp_last_receive = time_uptime; 654 } 655 656 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 657 /* Too small packet, drop it. */ 658 SPPP_DLOG(sp, "input packet is too small, " 659 "%d bytes\n", m->m_pkthdr.len); 660 goto drop; 661 } 662 663 if (sp->pp_flags & PP_NOFRAMING) { 664 memcpy(&protocol, mtod(m, void *), 2); 665 protocol = ntohs(protocol); 666 m_adj(m, 2); 667 } else { 668 669 /* Get PPP header. */ 670 h = mtod(m, struct ppp_header *); 671 m_adj(m, PPP_HEADER_LEN); 672 673 switch (h->address) { 674 case PPP_ALLSTATIONS: 675 if (h->control != PPP_UI) 676 goto invalid; 677 break; 678 case CISCO_MULTICAST: 679 case CISCO_UNICAST: 680 /* Don't check the control field here (RFC 1547). */ 681 SPPP_DLOG(sp, "Cisco packet in PPP mode " 682 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 683 h->address, h->control, ntohs(h->protocol)); 684 goto drop; 685 default: /* Invalid PPP packet. */ 686 invalid: 687 SPPP_DLOG(sp, "invalid input packet " 688 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 689 h->address, h->control, ntohs(h->protocol)); 690 goto drop; 691 } 692 protocol = ntohs(h->protocol); 693 } 694 695 switch (protocol) { 696 reject_protocol: 697 if (sp->scp[IDX_LCP].state == STATE_OPENED) { 698 uint16_t prot = htons(protocol); 699 700 SPPP_UPGRADE(sp); 701 sppp_cp_send(sp, PPP_LCP, PROTO_REJ, 702 ++sp->scp[IDX_LCP].seq, m->m_pkthdr.len + 2, 703 &prot); 704 SPPP_DOWNGRADE(sp); 705 } 706 if_statinc(ifp, if_noproto); 707 goto drop; 708 default: 709 SPPP_DLOG(sp, "invalid input protocol " 710 "<proto=0x%x>\n", protocol); 711 goto reject_protocol; 712 case PPP_LCP: 713 SPPP_UNLOCK(sp); 714 sppp_cp_input(&lcp, sp, m); 715 /* already m_freem(m) */ 716 return; 717 case PPP_PAP: 718 SPPP_UNLOCK(sp); 719 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 720 sppp_pap_input(sp, m); 721 } 722 m_freem(m); 723 return; 724 case PPP_CHAP: 725 SPPP_UNLOCK(sp); 726 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 727 sppp_chap_input(sp, m); 728 } 729 m_freem(m); 730 return; 731 #ifdef INET 732 case PPP_IPCP: 733 if (!ISSET(sp->pp_ncpflags, SPPP_NCP_IPCP)) { 734 SPPP_LOG(sp, LOG_INFO, "reject IPCP packet " 735 "because IPCP is disabled\n"); 736 goto reject_protocol; 737 } 738 SPPP_UNLOCK(sp); 739 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 740 sppp_cp_input(&ipcp, sp, m); 741 /* already m_freem(m) */ 742 } else { 743 m_freem(m); 744 } 745 return; 746 case PPP_IP: 747 if (sp->scp[IDX_IPCP].state == STATE_OPENED) { 748 sp->pp_last_activity = time_uptime; 749 pktq = ip_pktq; 750 rps_hash = atomic_load_relaxed(&sppp_pktq_rps_hash_p); 751 } 752 break; 753 #endif 754 #ifdef INET6 755 case PPP_IPV6CP: 756 if (!ISSET(sp->pp_ncpflags, SPPP_NCP_IPV6CP)) { 757 SPPP_LOG(sp, LOG_INFO, "reject IPv6CP packet " 758 "because IPv6CP is disabled\n"); 759 goto reject_protocol; 760 } 761 SPPP_UNLOCK(sp); 762 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 763 sppp_cp_input(&ipv6cp, sp, m); 764 /* already m_freem(m) */ 765 } else { 766 m_freem(m); 767 } 768 return; 769 770 case PPP_IPV6: 771 if (sp->scp[IDX_IPV6CP].state == STATE_OPENED) { 772 sp->pp_last_activity = time_uptime; 773 pktq = ip6_pktq; 774 rps_hash = atomic_load_relaxed(&sppp_pktq_rps_hash_p); 775 } 776 break; 777 #endif 778 } 779 780 if ((ifp->if_flags & IFF_UP) == 0 || pktq == NULL) { 781 goto drop; 782 } 783 784 /* Check queue. */ 785 const uint32_t hash = rps_hash ? pktq_rps_hash(&rps_hash, m) : 0; 786 if (__predict_false(!pktq_enqueue(pktq, m, hash))) { 787 goto drop; 788 } 789 SPPP_UNLOCK(sp); 790 return; 791 792 drop: 793 if_statadd2(ifp, if_ierrors, 1, if_iqdrops, 1); 794 m_freem(m); 795 SPPP_UNLOCK(sp); 796 return; 797 } 798 799 /* 800 * Enqueue transmit packet. 801 */ 802 static int 803 sppp_output(struct ifnet *ifp, struct mbuf *m, 804 const struct sockaddr *dst, const struct rtentry *rt) 805 { 806 struct sppp *sp = (struct sppp *) ifp; 807 struct ppp_header *h = NULL; 808 #ifndef SPPPSUBR_MPSAFE 809 struct ifqueue *ifq = NULL; /* XXX */ 810 #endif 811 int s, error = 0; 812 uint16_t protocol; 813 size_t pktlen; 814 815 s = splnet(); 816 SPPP_LOCK(sp, RW_READER); 817 818 sp->pp_last_activity = time_uptime; 819 820 if ((ifp->if_flags & IFF_UP) == 0 || 821 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 822 SPPP_UNLOCK(sp); 823 splx(s); 824 825 m_freem(m); 826 if_statinc(ifp, if_oerrors); 827 return (ENETDOWN); 828 } 829 830 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 831 /* ignore packets that have no enabled NCP */ 832 if ((dst->sa_family == AF_INET && 833 !ISSET(sp->pp_ncpflags, SPPP_NCP_IPCP)) || 834 (dst->sa_family == AF_INET6 && 835 !ISSET(sp->pp_ncpflags, SPPP_NCP_IPV6CP))) { 836 SPPP_UNLOCK(sp); 837 splx(s); 838 839 m_freem(m); 840 if_statinc(ifp, if_oerrors); 841 return (ENETDOWN); 842 } 843 /* 844 * Interface is not yet running, but auto-dial. Need 845 * to start LCP for it. 846 */ 847 ifp->if_flags |= IFF_RUNNING; 848 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); 849 } 850 851 /* 852 * If the queueing discipline needs packet classification, 853 * do it before prepending link headers. 854 */ 855 IFQ_CLASSIFY(&ifp->if_snd, m, dst->sa_family); 856 857 #ifdef INET 858 if (dst->sa_family == AF_INET) { 859 struct ip *ip = NULL; 860 #ifndef SPPPSUBR_MPSAFE 861 struct tcphdr *th = NULL; 862 #endif 863 864 if (m->m_len >= sizeof(struct ip)) { 865 ip = mtod(m, struct ip *); 866 #ifndef SPPPSUBR_MPSAFE 867 if (ip->ip_p == IPPROTO_TCP && 868 m->m_len >= sizeof(struct ip) + (ip->ip_hl << 2) + 869 sizeof(struct tcphdr)) { 870 th = (struct tcphdr *) 871 ((char *)ip + (ip->ip_hl << 2)); 872 } 873 #endif 874 } else 875 ip = NULL; 876 877 /* 878 * When using dynamic local IP address assignment by using 879 * 0.0.0.0 as a local address, the first TCP session will 880 * not connect because the local TCP checksum is computed 881 * using 0.0.0.0 which will later become our real IP address 882 * so the TCP checksum computed at the remote end will 883 * become invalid. So we 884 * - don't let packets with src ip addr 0 thru 885 * - we flag TCP packets with src ip 0 as an error 886 */ 887 if (ip && ip->ip_src.s_addr == INADDR_ANY) { 888 uint8_t proto = ip->ip_p; 889 890 SPPP_UNLOCK(sp); 891 splx(s); 892 893 m_freem(m); 894 if (proto == IPPROTO_TCP) 895 return (EADDRNOTAVAIL); 896 else 897 return (0); 898 } 899 900 #ifndef SPPPSUBR_MPSAFE 901 /* 902 * Put low delay, telnet, rlogin and ftp control packets 903 * in front of the queue. 904 */ 905 if (!IF_QFULL(&sp->pp_fastq) && 906 ((ip && (ip->ip_tos & IPTOS_LOWDELAY)) || 907 (th && (INTERACTIVE(ntohs(th->th_sport)) || 908 INTERACTIVE(ntohs(th->th_dport)))))) 909 ifq = &sp->pp_fastq; 910 #endif /* !SPPPSUBR_MPSAFE */ 911 } 912 #endif 913 914 #ifdef INET6 915 if (dst->sa_family == AF_INET6) { 916 /* XXX do something tricky here? */ 917 } 918 #endif 919 920 if ((sp->pp_flags & PP_NOFRAMING) == 0) { 921 /* 922 * Prepend general data packet PPP header. For now, IP only. 923 */ 924 M_PREPEND(m, PPP_HEADER_LEN, M_DONTWAIT); 925 if (! m) { 926 SPPP_DLOG(sp, "no memory for transmit header\n"); 927 if_statinc(ifp, if_oerrors); 928 SPPP_UNLOCK(sp); 929 splx(s); 930 return (ENOBUFS); 931 } 932 /* 933 * May want to check size of packet 934 * (albeit due to the implementation it's always enough) 935 */ 936 h = mtod(m, struct ppp_header *); 937 h->address = PPP_ALLSTATIONS; /* broadcast address */ 938 h->control = PPP_UI; /* Unnumbered Info */ 939 } 940 941 switch (dst->sa_family) { 942 #ifdef INET 943 case AF_INET: /* Internet Protocol */ 944 /* 945 * Don't choke with an ENETDOWN early. It's 946 * possible that we just started dialing out, 947 * so don't drop the packet immediately. If 948 * we notice that we run out of buffer space 949 * below, we will however remember that we are 950 * not ready to carry IP packets, and return 951 * ENETDOWN, as opposed to ENOBUFS. 952 */ 953 protocol = htons(PPP_IP); 954 if (sp->scp[IDX_IPCP].state != STATE_OPENED) { 955 if (ifp->if_flags & IFF_AUTO) { 956 error = ENETDOWN; 957 } else { 958 IF_DROP(&ifp->if_snd); 959 SPPP_UNLOCK(sp); 960 splx(s); 961 962 m_freem(m); 963 if_statinc(ifp, if_oerrors); 964 return (ENETDOWN); 965 } 966 } 967 break; 968 #endif 969 #ifdef INET6 970 case AF_INET6: /* Internet Protocol version 6 */ 971 /* 972 * Don't choke with an ENETDOWN early. It's 973 * possible that we just started dialing out, 974 * so don't drop the packet immediately. If 975 * we notice that we run out of buffer space 976 * below, we will however remember that we are 977 * not ready to carry IP packets, and return 978 * ENETDOWN, as opposed to ENOBUFS. 979 */ 980 protocol = htons(PPP_IPV6); 981 if (sp->scp[IDX_IPV6CP].state != STATE_OPENED) { 982 if (ifp->if_flags & IFF_AUTO) { 983 error = ENETDOWN; 984 } else { 985 IF_DROP(&ifp->if_snd); 986 SPPP_UNLOCK(sp); 987 splx(s); 988 989 m_freem(m); 990 if_statinc(ifp, if_oerrors); 991 return (ENETDOWN); 992 } 993 } 994 break; 995 #endif 996 default: 997 m_freem(m); 998 if_statinc(ifp, if_oerrors); 999 SPPP_UNLOCK(sp); 1000 splx(s); 1001 return (EAFNOSUPPORT); 1002 } 1003 1004 if (sp->pp_flags & PP_NOFRAMING) { 1005 M_PREPEND(m, 2, M_DONTWAIT); 1006 if (m == NULL) { 1007 SPPP_DLOG(sp, "no memory for transmit header\n"); 1008 if_statinc(ifp, if_oerrors); 1009 SPPP_UNLOCK(sp); 1010 splx(s); 1011 return (ENOBUFS); 1012 } 1013 *mtod(m, uint16_t *) = protocol; 1014 } else { 1015 h->protocol = protocol; 1016 } 1017 1018 pktlen = m->m_pkthdr.len; 1019 #ifdef SPPPSUBR_MPSAFE 1020 SPPP_UNLOCK(sp); 1021 error = if_transmit_lock(ifp, m); 1022 SPPP_LOCK(sp, RW_READER); 1023 if (error == 0) 1024 if_statadd(ifp, if_obytes, pktlen + sp->pp_framebytes); 1025 #else /* !SPPPSUBR_MPSAFE */ 1026 error = ifq_enqueue2(ifp, ifq, m); 1027 1028 if (error == 0) { 1029 /* 1030 * Count output packets and bytes. 1031 * The packet length includes header + additional hardware 1032 * framing according to RFC 1333. 1033 */ 1034 if (!(ifp->if_flags & IFF_OACTIVE)) { 1035 SPPP_UNLOCK(sp); 1036 if_start_lock(ifp); 1037 SPPP_LOCK(sp, RW_READER); 1038 } 1039 if_statadd(ifp, if_obytes, pktlen + sp->pp_framebytes); 1040 } 1041 #endif /* !SPPPSUBR_MPSAFE */ 1042 SPPP_UNLOCK(sp); 1043 splx(s); 1044 return error; 1045 } 1046 1047 void 1048 sppp_attach(struct ifnet *ifp) 1049 { 1050 struct sppp *sp = (struct sppp *) ifp; 1051 char xnamebuf[MAXCOMLEN]; 1052 1053 /* Initialize keepalive handler. */ 1054 if (! spppq) { 1055 callout_init(&keepalive_ch, CALLOUT_MPSAFE); 1056 callout_reset(&keepalive_ch, hz * SPPP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 1057 } 1058 1059 if (! spppq_lock) 1060 spppq_lock = mutex_obj_alloc(MUTEX_DEFAULT, IPL_SOFTNET); 1061 1062 sp->pp_if.if_type = IFT_PPP; 1063 sp->pp_if.if_output = sppp_output; 1064 IFQ_SET_MAXLEN(&sp->pp_fastq, 32); 1065 IFQ_LOCK_INIT(&sp->pp_fastq); 1066 IFQ_SET_MAXLEN(&sp->pp_cpq, 20); 1067 sp->pp_loopcnt = 0; 1068 sp->pp_alivecnt = 0; 1069 sp->pp_alive_interval = SPPP_ALIVE_INTERVAL; 1070 sp->pp_last_activity = 0; 1071 sp->pp_last_receive = 0; 1072 sp->pp_maxalive = DEFAULT_MAXALIVECNT; 1073 sp->pp_max_noreceive = SPPP_NORECV_TIME; 1074 sp->pp_idle_timeout = 0; 1075 sp->pp_max_auth_fail = DEFAULT_MAX_AUTH_FAILURES; 1076 sp->pp_phase = SPPP_PHASE_DEAD; 1077 sp->pp_up = sppp_notify_up; 1078 sp->pp_down = sppp_notify_down; 1079 sp->pp_ncpflags = SPPP_NCP_IPCP | SPPP_NCP_IPV6CP; 1080 #ifdef SPPP_IFDOWN_RECONNECT 1081 sp->pp_flags |= PP_LOOPBACK_IFDOWN | PP_KEEPALIVE_IFDOWN; 1082 #endif 1083 sppp_wq_set(&sp->work_ifdown, sppp_ifdown, NULL); 1084 memset(sp->scp, 0, sizeof(sp->scp)); 1085 rw_init(&sp->pp_lock); 1086 1087 if_alloc_sadl(ifp); 1088 1089 /* Lets not beat about the bush, we know we're down. */ 1090 if_link_state_change(ifp, LINK_STATE_DOWN); 1091 1092 snprintf(xnamebuf, sizeof(xnamebuf), "%s.wq_cp", ifp->if_xname); 1093 sp->wq_cp = sppp_wq_create(sp, xnamebuf, 1094 PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE); 1095 1096 memset(&sp->myauth, 0, sizeof sp->myauth); 1097 memset(&sp->hisauth, 0, sizeof sp->hisauth); 1098 SPPP_LOCK(sp, RW_WRITER); 1099 sppp_lcp_init(sp); 1100 sppp_ipcp_init(sp); 1101 sppp_ipv6cp_init(sp); 1102 sppp_pap_init(sp); 1103 sppp_chap_init(sp); 1104 SPPP_UNLOCK(sp); 1105 1106 SPPPQ_LOCK(); 1107 /* Insert new entry into the keepalive list. */ 1108 sp->pp_next = spppq; 1109 spppq = sp; 1110 SPPPQ_UNLOCK(); 1111 } 1112 1113 void 1114 sppp_detach(struct ifnet *ifp) 1115 { 1116 struct sppp **q, *p, *sp = (struct sppp *) ifp; 1117 1118 /* Remove the entry from the keepalive list. */ 1119 SPPPQ_LOCK(); 1120 for (q = &spppq; (p = *q); q = &p->pp_next) 1121 if (p == sp) { 1122 *q = p->pp_next; 1123 break; 1124 } 1125 SPPPQ_UNLOCK(); 1126 1127 if (! spppq) { 1128 /* Stop keepalive handler. */ 1129 callout_stop(&keepalive_ch); 1130 mutex_obj_free(spppq_lock); 1131 spppq_lock = NULL; 1132 } 1133 1134 sppp_cp_fini(&lcp, sp); 1135 sppp_cp_fini(&ipcp, sp); 1136 sppp_cp_fini(&pap, sp); 1137 sppp_cp_fini(&chap, sp); 1138 #ifdef INET6 1139 sppp_cp_fini(&ipv6cp, sp); 1140 #endif 1141 sppp_wq_destroy(sp, sp->wq_cp); 1142 1143 /* free authentication info */ 1144 if (sp->myauth.name) free(sp->myauth.name, M_DEVBUF); 1145 if (sp->myauth.secret) free(sp->myauth.secret, M_DEVBUF); 1146 if (sp->hisauth.name) free(sp->hisauth.name, M_DEVBUF); 1147 if (sp->hisauth.secret) free(sp->hisauth.secret, M_DEVBUF); 1148 1149 IFQ_LOCK_DESTROY(&sp->pp_fastq); 1150 rw_destroy(&sp->pp_lock); 1151 } 1152 1153 /* 1154 * Flush the interface output queue. 1155 */ 1156 void 1157 sppp_flush(struct ifnet *ifp) 1158 { 1159 struct sppp *sp = (struct sppp *) ifp; 1160 1161 SPPP_LOCK(sp, RW_WRITER); 1162 IFQ_PURGE(&sp->pp_if.if_snd); 1163 IF_PURGE(&sp->pp_fastq); 1164 IF_PURGE(&sp->pp_cpq); 1165 SPPP_UNLOCK(sp); 1166 } 1167 1168 /* 1169 * Check if the output queue is empty. 1170 */ 1171 int 1172 sppp_isempty(struct ifnet *ifp) 1173 { 1174 struct sppp *sp = (struct sppp *) ifp; 1175 int empty, s; 1176 1177 s = splnet(); 1178 SPPP_LOCK(sp, RW_READER); 1179 empty = IF_IS_EMPTY(&sp->pp_fastq) && IF_IS_EMPTY(&sp->pp_cpq) && 1180 IFQ_IS_EMPTY(&sp->pp_if.if_snd); 1181 SPPP_UNLOCK(sp); 1182 splx(s); 1183 return (empty); 1184 } 1185 1186 /* 1187 * Get next packet to send. 1188 */ 1189 struct mbuf * 1190 sppp_dequeue(struct ifnet *ifp) 1191 { 1192 struct sppp *sp = (struct sppp *) ifp; 1193 struct mbuf *m; 1194 int s; 1195 1196 s = splnet(); 1197 SPPP_LOCK(sp, RW_WRITER); 1198 /* 1199 * Process only the control protocol queue until we have at 1200 * least one NCP open. 1201 * 1202 * Do always serve all three queues in Cisco mode. 1203 */ 1204 IF_DEQUEUE(&sp->pp_cpq, m); 1205 if (m == NULL && sppp_cp_check(sp, CP_NCP)) { 1206 IF_DEQUEUE(&sp->pp_fastq, m); 1207 if (m == NULL) 1208 IFQ_DEQUEUE(&sp->pp_if.if_snd, m); 1209 } 1210 SPPP_UNLOCK(sp); 1211 splx(s); 1212 return m; 1213 } 1214 1215 /* 1216 * Process an ioctl request. Called on low priority level. 1217 */ 1218 int 1219 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) 1220 { 1221 struct lwp *l = curlwp; /* XXX */ 1222 struct ifreq *ifr = (struct ifreq *) data; 1223 struct ifaddr *ifa = (struct ifaddr *) data; 1224 struct sppp *sp = (struct sppp *) ifp; 1225 int s, error=0, going_up, going_down; 1226 u_short newmode; 1227 u_long lcp_mru; 1228 1229 s = splnet(); 1230 switch (cmd) { 1231 case SIOCINITIFADDR: 1232 ifa->ifa_rtrequest = p2p_rtrequest; 1233 break; 1234 1235 case SIOCSIFFLAGS: 1236 if ((error = ifioctl_common(ifp, cmd, data)) != 0) 1237 break; 1238 1239 SPPP_LOCK(sp, RW_WRITER); 1240 going_up = ifp->if_flags & IFF_UP && 1241 (ifp->if_flags & IFF_RUNNING) == 0; 1242 going_down = (ifp->if_flags & IFF_UP) == 0 && 1243 ifp->if_flags & IFF_RUNNING; 1244 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 1245 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 1246 /* sanity */ 1247 newmode = IFF_PASSIVE; 1248 ifp->if_flags &= ~IFF_AUTO; 1249 } 1250 1251 if (ifp->if_flags & IFF_UP) { 1252 sp->pp_flags |= PP_ADMIN_UP; 1253 } else { 1254 sp->pp_flags &= ~PP_ADMIN_UP; 1255 } 1256 1257 if (going_up || going_down) { 1258 sp->lcp.reestablish = false; 1259 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 1260 } 1261 if (going_up && newmode == 0) { 1262 /* neither auto-dial nor passive */ 1263 ifp->if_flags |= IFF_RUNNING; 1264 sppp_wq_add(sp->wq_cp, 1265 &sp->scp[IDX_LCP].work_open); 1266 } else if (going_down) { 1267 SPPP_UNLOCK(sp); 1268 sppp_flush(ifp); 1269 SPPP_LOCK(sp, RW_WRITER); 1270 1271 ifp->if_flags &= ~IFF_RUNNING; 1272 } 1273 SPPP_UNLOCK(sp); 1274 break; 1275 1276 case SIOCSIFMTU: 1277 if (ifr->ifr_mtu < PPP_MINMRU || 1278 ifr->ifr_mtu > PP_MTU) { 1279 error = EINVAL; 1280 break; 1281 } 1282 1283 error = ifioctl_common(ifp, cmd, data); 1284 if (error == ENETRESET) 1285 error = 0; 1286 1287 SPPP_LOCK(sp, RW_WRITER); 1288 lcp_mru = sp->lcp.mru; 1289 if (ifp->if_mtu < PP_MTU) { 1290 sp->lcp.mru = ifp->if_mtu; 1291 } else { 1292 sp->lcp.mru = PP_MTU; 1293 } 1294 if (lcp_mru != sp->lcp.mru) 1295 SET(sp->lcp.opts, SPPP_LCP_OPT_MRU); 1296 1297 if (sp->scp[IDX_LCP].state == STATE_OPENED && 1298 ifp->if_mtu > sp->lcp.their_mru) { 1299 sp->pp_saved_mtu = ifp->if_mtu; 1300 ifp->if_mtu = sp->lcp.their_mru; 1301 1302 SPPP_DLOG(sp, "setting MTU " 1303 "from %"PRIu64" bytes to %"PRIu64" bytes\n", 1304 sp->pp_saved_mtu, ifp->if_mtu); 1305 } 1306 SPPP_UNLOCK(sp); 1307 break; 1308 1309 case SIOCGIFMTU: 1310 if ((error = ifioctl_common(ifp, cmd, data)) == ENETRESET) 1311 error = 0; 1312 break; 1313 case SIOCADDMULTI: 1314 case SIOCDELMULTI: 1315 break; 1316 1317 case SPPPSETAUTHCFG: 1318 case SPPPSETLCPCFG: 1319 case SPPPSETNCPCFG: 1320 case SPPPSETIDLETO: 1321 case SPPPSETAUTHFAILURE: 1322 case SPPPSETDNSOPTS: 1323 case SPPPSETKEEPALIVE: 1324 #if defined(COMPAT_50) || defined(MODULAR) 1325 case __SPPPSETIDLETO50: 1326 case __SPPPSETKEEPALIVE50: 1327 #endif /* COMPAT_50 || MODULAR */ 1328 error = kauth_authorize_network(l->l_cred, 1329 KAUTH_NETWORK_INTERFACE, 1330 KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd, 1331 NULL); 1332 if (error) 1333 break; 1334 error = sppp_params(sp, cmd, data); 1335 break; 1336 1337 case SPPPGETAUTHCFG: 1338 case SPPPGETLCPCFG: 1339 case SPPPGETNCPCFG: 1340 case SPPPGETAUTHFAILURES: 1341 error = kauth_authorize_network(l->l_cred, 1342 KAUTH_NETWORK_INTERFACE, 1343 KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, ifp, (void *)cmd, 1344 NULL); 1345 if (error) 1346 break; 1347 error = sppp_params(sp, cmd, data); 1348 break; 1349 1350 case SPPPGETSTATUS: 1351 case SPPPGETSTATUSNCP: 1352 case SPPPGETIDLETO: 1353 case SPPPGETDNSOPTS: 1354 case SPPPGETDNSADDRS: 1355 case SPPPGETKEEPALIVE: 1356 #if defined(COMPAT_50) || defined(MODULAR) 1357 case __SPPPGETIDLETO50: 1358 case __SPPPGETKEEPALIVE50: 1359 #endif /* COMPAT_50 || MODULAR */ 1360 case SPPPGETLCPSTATUS: 1361 case SPPPGETIPCPSTATUS: 1362 case SPPPGETIPV6CPSTATUS: 1363 error = sppp_params(sp, cmd, data); 1364 break; 1365 1366 default: 1367 error = ifioctl_common(ifp, cmd, data); 1368 break; 1369 } 1370 splx(s); 1371 return (error); 1372 } 1373 1374 /* 1375 * PPP protocol implementation. 1376 */ 1377 1378 /* 1379 * Send PPP control protocol packet. 1380 */ 1381 static void 1382 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1383 u_char ident, u_short len, void *data) 1384 { 1385 struct ifnet *ifp; 1386 struct lcp_header *lh; 1387 struct mbuf *m; 1388 size_t pkthdrlen; 1389 1390 KASSERT(SPPP_WLOCKED(sp)); 1391 1392 ifp = &sp->pp_if; 1393 pkthdrlen = (sp->pp_flags & PP_NOFRAMING) ? 2 : PPP_HEADER_LEN; 1394 1395 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) 1396 len = MHLEN - pkthdrlen - LCP_HEADER_LEN; 1397 MGETHDR(m, M_DONTWAIT, MT_DATA); 1398 if (! m) { 1399 return; 1400 } 1401 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 1402 m_reset_rcvif(m); 1403 1404 if (sp->pp_flags & PP_NOFRAMING) { 1405 *mtod(m, uint16_t *) = htons(proto); 1406 lh = (struct lcp_header *)(mtod(m, uint8_t *) + 2); 1407 } else { 1408 struct ppp_header *h; 1409 h = mtod(m, struct ppp_header *); 1410 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1411 h->control = PPP_UI; /* Unnumbered Info */ 1412 h->protocol = htons(proto); /* Link Control Protocol */ 1413 lh = (struct lcp_header *)(h + 1); 1414 } 1415 lh->type = type; 1416 lh->ident = ident; 1417 lh->len = htons(LCP_HEADER_LEN + len); 1418 if (len) 1419 memcpy(lh + 1, data, len); 1420 1421 if (sppp_debug_enabled(sp)) { 1422 char pbuf[SPPP_PROTO_NAMELEN]; 1423 char tbuf[SPPP_CPTYPE_NAMELEN]; 1424 const char *pname, *cpname; 1425 1426 pname = sppp_proto_name(pbuf, sizeof(pbuf), proto); 1427 cpname = sppp_cp_type_name(tbuf, sizeof(tbuf), lh->type); 1428 SPPP_LOG(sp, LOG_DEBUG, "%s output <%s id=0x%x len=%d", 1429 pname, cpname, lh->ident, ntohs(lh->len)); 1430 if (len) 1431 sppp_print_bytes((u_char *)(lh + 1), len); 1432 addlog(">\n"); 1433 } 1434 if (IF_QFULL(&sp->pp_cpq)) { 1435 IF_DROP(&sp->pp_fastq); 1436 IF_DROP(&ifp->if_snd); 1437 m_freem(m); 1438 if_statinc(ifp, if_oerrors); 1439 return; 1440 } 1441 1442 if_statadd(ifp, if_obytes, m->m_pkthdr.len + sp->pp_framebytes); 1443 IF_ENQUEUE(&sp->pp_cpq, m); 1444 1445 if (! (ifp->if_flags & IFF_OACTIVE)) { 1446 SPPP_UNLOCK(sp); 1447 if_start_lock(ifp); 1448 SPPP_LOCK(sp, RW_WRITER); 1449 } 1450 } 1451 1452 static void 1453 sppp_cp_to_lcp(void *xsp) 1454 { 1455 struct sppp *sp = xsp; 1456 1457 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_to); 1458 } 1459 1460 static void 1461 sppp_cp_to_ipcp(void *xsp) 1462 { 1463 struct sppp *sp = xsp; 1464 1465 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_IPCP].work_to); 1466 } 1467 1468 static void 1469 sppp_cp_to_ipv6cp(void *xsp) 1470 { 1471 struct sppp *sp = xsp; 1472 1473 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_IPV6CP].work_to); 1474 } 1475 1476 static void 1477 sppp_cp_to_pap(void *xsp) 1478 { 1479 struct sppp *sp = xsp; 1480 1481 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_to); 1482 } 1483 1484 static void 1485 sppp_cp_to_chap(void *xsp) 1486 { 1487 struct sppp *sp = xsp; 1488 1489 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_to); 1490 } 1491 1492 static void 1493 sppp_cp_init(const struct cp *cp, struct sppp *sp) 1494 { 1495 struct sppp_cp *scp; 1496 typedef void (*sppp_co_cb_t)(void *); 1497 static const sppp_co_cb_t to_cb[IDX_COUNT] = { 1498 [IDX_LCP] = sppp_cp_to_lcp, 1499 [IDX_IPCP] = sppp_cp_to_ipcp, 1500 [IDX_IPV6CP] = sppp_cp_to_ipv6cp, 1501 [IDX_PAP] = sppp_cp_to_pap, 1502 [IDX_CHAP] = sppp_cp_to_chap, 1503 }; 1504 1505 scp = &sp->scp[cp->protoidx]; 1506 scp->state = STATE_INITIAL; 1507 scp->fail_counter = 0; 1508 scp->seq = 0; 1509 scp->rseq = 0; 1510 1511 SPPP_WQ_SET(&scp->work_up, cp->Up, cp); 1512 SPPP_WQ_SET(&scp->work_down, cp->Down, cp); 1513 SPPP_WQ_SET(&scp->work_open, cp->Open, cp); 1514 SPPP_WQ_SET(&scp->work_close, cp->Close, cp); 1515 SPPP_WQ_SET(&scp->work_to, cp->TO, cp); 1516 SPPP_WQ_SET(&scp->work_rcr, sppp_rcr_event, cp); 1517 SPPP_WQ_SET(&scp->work_rca, sppp_rca_event, cp); 1518 SPPP_WQ_SET(&scp->work_rcn, sppp_rcn_event, cp); 1519 SPPP_WQ_SET(&scp->work_rtr, sppp_rtr_event, cp); 1520 SPPP_WQ_SET(&scp->work_rta, sppp_rta_event, cp); 1521 SPPP_WQ_SET(&scp->work_rxj, sppp_rxj_event, cp); 1522 1523 callout_init(&scp->ch, CALLOUT_MPSAFE); 1524 callout_setfunc(&scp->ch, to_cb[cp->protoidx], sp); 1525 } 1526 1527 static void 1528 sppp_cp_fini(const struct cp *cp, struct sppp *sp) 1529 { 1530 struct sppp_cp *scp; 1531 scp = &sp->scp[cp->protoidx]; 1532 1533 sppp_wq_wait(sp->wq_cp, &scp->work_up); 1534 sppp_wq_wait(sp->wq_cp, &scp->work_down); 1535 sppp_wq_wait(sp->wq_cp, &scp->work_open); 1536 sppp_wq_wait(sp->wq_cp, &scp->work_close); 1537 sppp_wq_wait(sp->wq_cp, &scp->work_to); 1538 sppp_wq_wait(sp->wq_cp, &scp->work_rcr); 1539 sppp_wq_wait(sp->wq_cp, &scp->work_rca); 1540 sppp_wq_wait(sp->wq_cp, &scp->work_rcn); 1541 sppp_wq_wait(sp->wq_cp, &scp->work_rtr); 1542 sppp_wq_wait(sp->wq_cp, &scp->work_rta); 1543 sppp_wq_wait(sp->wq_cp, &scp->work_rxj); 1544 1545 callout_halt(&scp->ch, NULL); 1546 callout_destroy(&scp->ch); 1547 1548 if (scp->mbuf_confreq != NULL) { 1549 m_freem(scp->mbuf_confreq); 1550 scp->mbuf_confreq = NULL; 1551 } 1552 if (scp->mbuf_confnak != NULL) { 1553 m_freem(scp->mbuf_confnak); 1554 scp->mbuf_confnak = NULL; 1555 } 1556 } 1557 1558 /* 1559 * Handle incoming PPP control protocol packets. 1560 */ 1561 static void 1562 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1563 { 1564 struct ifnet *ifp; 1565 struct lcp_header *h; 1566 struct sppp_cp *scp; 1567 int printlen, len = m->m_pkthdr.len; 1568 u_char *p; 1569 uint32_t u32; 1570 char tbuf[SPPP_CPTYPE_NAMELEN]; 1571 const char *cpname; 1572 bool debug; 1573 1574 SPPP_LOCK(sp, RW_WRITER); 1575 1576 ifp = &sp->pp_if; 1577 debug = sppp_debug_enabled(sp); 1578 scp = &sp->scp[cp->protoidx]; 1579 1580 if (len < 4) { 1581 SPPP_DLOG(sp, "%s invalid packet length: %d bytes\n", 1582 cp->name, len); 1583 goto out; 1584 } 1585 h = mtod(m, struct lcp_header *); 1586 if (debug) { 1587 printlen = ntohs(h->len); 1588 cpname = sppp_cp_type_name(tbuf, sizeof(tbuf), h->type); 1589 SPPP_LOG(sp, LOG_DEBUG, "%s input(%s): <%s id=0x%x len=%d", 1590 cp->name, sppp_state_name(scp->state), 1591 cpname, h->ident, printlen); 1592 if (len < printlen) 1593 printlen = len; 1594 if (printlen > 4) 1595 sppp_print_bytes((u_char *)(h + 1), printlen - 4); 1596 addlog(">\n"); 1597 } 1598 if (len > ntohs(h->len)) 1599 len = ntohs(h->len); 1600 p = (u_char *)(h + 1); 1601 switch (h->type) { 1602 case CONF_REQ: 1603 if (len < 4) { 1604 SPPP_DLOG(sp,"%s invalid conf-req length %d\n", 1605 cp->name, len); 1606 if_statinc(ifp, if_ierrors); 1607 break; 1608 } 1609 1610 scp->rcr_type = CP_RCR_NONE; 1611 scp->rconfid = h->ident; 1612 if (scp->mbuf_confreq != NULL) { 1613 m_freem(scp->mbuf_confreq); 1614 } 1615 scp->mbuf_confreq = m; 1616 m = NULL; 1617 sppp_wq_add(sp->wq_cp, &scp->work_rcr); 1618 break; 1619 case CONF_ACK: 1620 if (h->ident != scp->confid) { 1621 SPPP_DLOG(sp, "%s id mismatch 0x%x != 0x%x\n", 1622 cp->name, h->ident, scp->confid); 1623 if_statinc(ifp, if_ierrors); 1624 break; 1625 } 1626 sppp_wq_add(sp->wq_cp, &scp->work_rca); 1627 break; 1628 case CONF_NAK: 1629 case CONF_REJ: 1630 if (h->ident != scp->confid) { 1631 SPPP_DLOG(sp, "%s id mismatch 0x%x != 0x%x\n", 1632 cp->name, h->ident, scp->confid); 1633 if_statinc(ifp, if_ierrors); 1634 break; 1635 } 1636 1637 if (scp->mbuf_confnak) { 1638 m_freem(scp->mbuf_confnak); 1639 } 1640 scp->mbuf_confnak = m; 1641 m = NULL; 1642 sppp_wq_add(sp->wq_cp, &scp->work_rcn); 1643 break; 1644 case TERM_REQ: 1645 scp->rseq = h->ident; 1646 sppp_wq_add(sp->wq_cp, &scp->work_rtr); 1647 break; 1648 case TERM_ACK: 1649 if (h->ident != scp->confid && 1650 h->ident != scp->seq) { 1651 SPPP_DLOG(sp, "%s id mismatch " 1652 "0x%x != 0x%x and 0x%x != %0lx\n", 1653 cp->name, h->ident, scp->confid, 1654 h->ident, scp->seq); 1655 if_statinc(ifp, if_ierrors); 1656 break; 1657 } 1658 1659 sppp_wq_add(sp->wq_cp, &scp->work_rta); 1660 break; 1661 case CODE_REJ: 1662 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1663 cpname = sppp_cp_type_name(tbuf, sizeof(tbuf), h->type); 1664 SPPP_LOG(sp, LOG_INFO, "%s: ignoring RXJ (%s) for code ?, " 1665 "danger will robinson\n", cp->name, cpname); 1666 sppp_wq_add(sp->wq_cp, &scp->work_rxj); 1667 break; 1668 case PROTO_REJ: 1669 { 1670 int catastrophic; 1671 const struct cp *upper; 1672 int i; 1673 uint16_t proto; 1674 1675 catastrophic = 0; 1676 upper = NULL; 1677 proto = p[0] << 8 | p[1]; 1678 for (i = 0; i < IDX_COUNT; i++) { 1679 if (cps[i]->proto == proto) { 1680 upper = cps[i]; 1681 break; 1682 } 1683 } 1684 if (upper == NULL) 1685 catastrophic++; 1686 1687 if (debug) { 1688 cpname = sppp_cp_type_name(tbuf, sizeof(tbuf), h->type); 1689 SPPP_LOG(sp, LOG_INFO, 1690 "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1691 cp->name, catastrophic ? '-' : '+', 1692 cpname, proto, upper ? upper->name : "unknown", 1693 upper ? sppp_state_name(sp->scp[upper->protoidx].state) : "?"); 1694 } 1695 1696 /* 1697 * if we got RXJ+ against conf-req, the peer does not implement 1698 * this particular protocol type. terminate the protocol. 1699 */ 1700 if (upper && !catastrophic) { 1701 if (sp->scp[upper->protoidx].state == STATE_REQ_SENT) { 1702 sppp_wq_add(sp->wq_cp, 1703 &sp->scp[upper->protoidx].work_close); 1704 break; 1705 } 1706 } 1707 sppp_wq_add(sp->wq_cp, &scp->work_rxj); 1708 break; 1709 } 1710 case DISC_REQ: 1711 if (cp->proto != PPP_LCP) 1712 goto illegal; 1713 /* Discard the packet. */ 1714 break; 1715 case ECHO_REQ: 1716 if (cp->proto != PPP_LCP) 1717 goto illegal; 1718 if (scp->state != STATE_OPENED) { 1719 SPPP_DLOG(sp, "lcp echo req but lcp closed\n"); 1720 if_statinc(ifp, if_ierrors); 1721 break; 1722 } 1723 if (len < 8) { 1724 SPPP_DLOG(sp, "invalid lcp echo request " 1725 "packet length: %d bytes\n", len); 1726 break; 1727 } 1728 memcpy(&u32, h + 1, sizeof u32); 1729 if (ntohl(u32) == sp->lcp.magic) { 1730 /* Line loopback mode detected. */ 1731 SPPP_DLOG(sp, "loopback\n"); 1732 1733 if (sp->pp_flags & PP_LOOPBACK_IFDOWN) { 1734 sp->pp_flags |= PP_LOOPBACK; 1735 sppp_wq_add(sp->wq_cp, 1736 &sp->work_ifdown); 1737 } 1738 1739 /* Shut down the PPP link. */ 1740 sppp_wq_add(sp->wq_cp, 1741 &sp->scp[IDX_LCP].work_close); 1742 sppp_wq_add(sp->wq_cp, 1743 &sp->scp[IDX_LCP].work_open); 1744 break; 1745 } 1746 u32 = htonl(sp->lcp.magic); 1747 memcpy(h + 1, &u32, sizeof u32); 1748 SPPP_DLOG(sp, "got lcp echo req, sending echo rep\n"); 1749 sppp_cp_send(sp, PPP_LCP, ECHO_REPLY, h->ident, len - 4, 1750 h + 1); 1751 break; 1752 case ECHO_REPLY: 1753 if (cp->proto != PPP_LCP) 1754 goto illegal; 1755 if (h->ident != sp->lcp.echoid) { 1756 if_statinc(ifp, if_ierrors); 1757 break; 1758 } 1759 if (len < 8) { 1760 SPPP_DLOG(sp, "lcp invalid echo reply " 1761 "packet length: %d bytes\n", len); 1762 break; 1763 } 1764 SPPP_DLOG(sp, "lcp got echo rep\n"); 1765 memcpy(&u32, h + 1, sizeof u32); 1766 if (ntohl(u32) != sp->lcp.magic) 1767 sp->pp_alivecnt = 0; 1768 break; 1769 default: 1770 /* Unknown packet type -- send Code-Reject packet. */ 1771 illegal: 1772 SPPP_DLOG(sp, "%s send code-rej for 0x%x\n", 1773 cp->name, h->type); 1774 sppp_cp_send(sp, cp->proto, CODE_REJ, 1775 ++scp->seq, m->m_pkthdr.len, h); 1776 if_statinc(ifp, if_ierrors); 1777 } 1778 1779 out: 1780 SPPP_UNLOCK(sp); 1781 if (m != NULL) 1782 m_freem(m); 1783 } 1784 1785 /* 1786 * The generic part of all Up/Down/Open/Close/TO event handlers. 1787 * Basically, the state transition handling in the automaton. 1788 */ 1789 static void 1790 sppp_up_event(struct sppp *sp, void *xcp) 1791 { 1792 const struct cp *cp = xcp; 1793 1794 KASSERT(SPPP_WLOCKED(sp)); 1795 KASSERT(!cpu_softintr_p()); 1796 1797 if ((cp->flags & CP_AUTH) != 0 && 1798 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) 1799 return; 1800 1801 SPPP_DLOG(sp, "%s up(%s)\n", cp->name, 1802 sppp_state_name(sp->scp[cp->protoidx].state)); 1803 1804 switch (sp->scp[cp->protoidx].state) { 1805 case STATE_INITIAL: 1806 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1807 break; 1808 case STATE_STARTING: 1809 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 1810 (cp->scr)(sp); 1811 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1812 break; 1813 default: 1814 SPPP_LOG(sp, LOG_DEBUG, 1815 "%s illegal up in state %s\n", cp->name, 1816 sppp_state_name(sp->scp[cp->protoidx].state)); 1817 } 1818 } 1819 1820 static void 1821 sppp_down_event(struct sppp *sp, void *xcp) 1822 { 1823 const struct cp *cp = xcp; 1824 1825 KASSERT(SPPP_WLOCKED(sp)); 1826 KASSERT(!cpu_softintr_p()); 1827 1828 if ((cp->flags & CP_AUTH) != 0 && 1829 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) 1830 return; 1831 1832 SPPP_DLOG(sp, "%s down(%s)\n", cp->name, 1833 sppp_state_name(sp->scp[cp->protoidx].state)); 1834 1835 switch (sp->scp[cp->protoidx].state) { 1836 case STATE_CLOSED: 1837 case STATE_CLOSING: 1838 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1839 break; 1840 case STATE_STOPPED: 1841 (cp->tls)(cp, sp); 1842 /* fall through */ 1843 case STATE_STOPPING: 1844 case STATE_REQ_SENT: 1845 case STATE_ACK_RCVD: 1846 case STATE_ACK_SENT: 1847 sppp_cp_change_state(cp, sp, STATE_STARTING); 1848 break; 1849 case STATE_OPENED: 1850 (cp->tld)(sp); 1851 sppp_cp_change_state(cp, sp, STATE_STARTING); 1852 break; 1853 default: 1854 /* 1855 * a down event may be caused regardless 1856 * of state just in LCP case. 1857 */ 1858 if (cp->proto == PPP_LCP) 1859 break; 1860 1861 SPPP_LOG(sp, LOG_DEBUG, 1862 "%s illegal down in state %s\n", cp->name, 1863 sppp_state_name(sp->scp[cp->protoidx].state)); 1864 } 1865 } 1866 1867 static void 1868 sppp_open_event(struct sppp *sp, void *xcp) 1869 { 1870 const struct cp *cp = xcp; 1871 1872 KASSERT(SPPP_WLOCKED(sp)); 1873 KASSERT(!cpu_softintr_p()); 1874 1875 if ((cp->flags & CP_AUTH) != 0 && 1876 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) 1877 return; 1878 1879 SPPP_DLOG(sp, "%s open(%s)\n", cp->name, 1880 sppp_state_name(sp->scp[cp->protoidx].state)); 1881 1882 switch (sp->scp[cp->protoidx].state) { 1883 case STATE_INITIAL: 1884 sppp_cp_change_state(cp, sp, STATE_STARTING); 1885 (cp->tls)(cp, sp); 1886 break; 1887 case STATE_STARTING: 1888 break; 1889 case STATE_CLOSED: 1890 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 1891 sp->lcp.protos |= (1 << cp->protoidx); 1892 (cp->scr)(sp); 1893 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1894 break; 1895 case STATE_STOPPED: 1896 case STATE_STOPPING: 1897 case STATE_REQ_SENT: 1898 case STATE_ACK_RCVD: 1899 case STATE_ACK_SENT: 1900 case STATE_OPENED: 1901 break; 1902 case STATE_CLOSING: 1903 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1904 break; 1905 } 1906 } 1907 1908 static void 1909 sppp_close_event(struct sppp *sp, void *xcp) 1910 { 1911 const struct cp *cp = xcp; 1912 1913 KASSERT(SPPP_WLOCKED(sp)); 1914 KASSERT(!cpu_softintr_p()); 1915 1916 if ((cp->flags & CP_AUTH) != 0 && 1917 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) 1918 return; 1919 1920 SPPP_DLOG(sp, "%s close(%s)\n", cp->name, 1921 sppp_state_name(sp->scp[cp->protoidx].state)); 1922 1923 switch (sp->scp[cp->protoidx].state) { 1924 case STATE_INITIAL: 1925 case STATE_CLOSED: 1926 case STATE_CLOSING: 1927 break; 1928 case STATE_STARTING: 1929 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1930 (cp->tlf)(cp, sp); 1931 break; 1932 case STATE_STOPPED: 1933 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1934 break; 1935 case STATE_STOPPING: 1936 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1937 break; 1938 case STATE_OPENED: 1939 (cp->tld)(sp); 1940 /* fall through */ 1941 case STATE_REQ_SENT: 1942 case STATE_ACK_RCVD: 1943 case STATE_ACK_SENT: 1944 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_terminate; 1945 if ((cp->flags & CP_AUTH) == 0) { 1946 sppp_cp_send(sp, cp->proto, TERM_REQ, 1947 ++sp->scp[cp->protoidx].seq, 0, 0); 1948 } 1949 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1950 break; 1951 } 1952 } 1953 1954 static void 1955 sppp_to_event(struct sppp *sp, void *xcp) 1956 { 1957 const struct cp *cp = xcp; 1958 int s; 1959 1960 KASSERT(SPPP_WLOCKED(sp)); 1961 KASSERT(!cpu_softintr_p()); 1962 1963 s = splnet(); 1964 1965 SPPP_DLOG(sp, "%s TO(%s) rst_counter = %d\n", cp->name, 1966 sppp_state_name(sp->scp[cp->protoidx].state), 1967 sp->scp[cp->protoidx].rst_counter); 1968 1969 if (--sp->scp[cp->protoidx].rst_counter < 0) 1970 /* TO- event */ 1971 switch (sp->scp[cp->protoidx].state) { 1972 case STATE_CLOSING: 1973 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1974 (cp->tlf)(cp, sp); 1975 break; 1976 case STATE_STOPPING: 1977 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1978 (cp->tlf)(cp, sp); 1979 break; 1980 case STATE_REQ_SENT: 1981 case STATE_ACK_RCVD: 1982 case STATE_ACK_SENT: 1983 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1984 (cp->tlf)(cp, sp); 1985 break; 1986 } 1987 else 1988 /* TO+ event */ 1989 switch (sp->scp[cp->protoidx].state) { 1990 case STATE_CLOSING: 1991 case STATE_STOPPING: 1992 if ((cp->flags & CP_AUTH) == 0) { 1993 sppp_cp_send(sp, cp->proto, TERM_REQ, 1994 ++sp->scp[cp->protoidx].seq, 0, 0); 1995 } 1996 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 1997 break; 1998 case STATE_REQ_SENT: 1999 case STATE_ACK_RCVD: 2000 (cp->scr)(sp); 2001 /* sppp_cp_change_state() will restart the timer */ 2002 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2003 break; 2004 case STATE_ACK_SENT: 2005 (cp->scr)(sp); 2006 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 2007 break; 2008 } 2009 2010 splx(s); 2011 } 2012 static void 2013 sppp_rcr_update_state(const struct cp *cp, struct sppp *sp, 2014 enum cp_rcr_type type, uint8_t ident, size_t msglen, void *msg) 2015 { 2016 struct ifnet *ifp; 2017 u_char ctype; 2018 2019 ifp = &sp->pp_if; 2020 2021 if (type == CP_RCR_ERR) { 2022 /* parse error, shut down */ 2023 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 2024 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); 2025 } else if (type == CP_RCR_ACK) { 2026 /* RCR+ event */ 2027 ctype = CONF_ACK; 2028 switch (sp->scp[cp->protoidx].state) { 2029 case STATE_OPENED: 2030 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2031 cp->tld(sp); 2032 cp->scr(sp); 2033 cp->screply(cp, sp, ctype, ident, msglen, msg); 2034 break; 2035 case STATE_REQ_SENT: 2036 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2037 /* fall through */ 2038 case STATE_ACK_SENT: 2039 cp->screply(cp, sp, ctype, ident, msglen, msg); 2040 break; 2041 case STATE_STOPPED: 2042 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2043 cp->scr(sp); 2044 cp->screply(cp, sp, ctype, ident, msglen, msg); 2045 break; 2046 case STATE_ACK_RCVD: 2047 sppp_cp_change_state(cp, sp, STATE_OPENED); 2048 SPPP_DLOG(sp, "%s tlu\n", cp->name); 2049 cp->tlu(sp); 2050 cp->screply(cp, sp, ctype, ident, msglen, msg); 2051 break; 2052 case STATE_CLOSING: 2053 case STATE_STOPPING: 2054 break; 2055 case STATE_CLOSED: 2056 if ((cp->flags & CP_AUTH) == 0) { 2057 sppp_cp_send(sp, cp->proto, TERM_ACK, 2058 ident, 0, 0); 2059 } 2060 break; 2061 default: 2062 SPPP_LOG(sp, LOG_DEBUG, 2063 "%s illegal RCR+ in state %s\n", cp->name, 2064 sppp_state_name(sp->scp[cp->protoidx].state)); 2065 if_statinc(ifp, if_ierrors); 2066 } 2067 } else if (type == CP_RCR_NAK || type == CP_RCR_REJ) { 2068 ctype = type == CP_RCR_NAK ? CONF_NAK : CONF_REJ; 2069 /* RCR- event */ 2070 switch (sp->scp[cp->protoidx].state) { 2071 case STATE_OPENED: 2072 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2073 cp->tld(sp); 2074 cp->scr(sp); 2075 cp->screply(cp, sp, ctype, ident, msglen, msg); 2076 break; 2077 case STATE_ACK_SENT: 2078 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2079 /* fall through */ 2080 case STATE_REQ_SENT: 2081 cp->screply(cp, sp, ctype, ident, msglen, msg); 2082 break; 2083 case STATE_STOPPED: 2084 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2085 cp->scr(sp); 2086 cp->screply(cp, sp, ctype, ident, msglen, msg); 2087 break; 2088 case STATE_ACK_RCVD: 2089 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 2090 cp->screply(cp, sp, ctype, ident, msglen, msg); 2091 break; 2092 case STATE_CLOSING: 2093 case STATE_STOPPING: 2094 break; 2095 case STATE_CLOSED: 2096 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2097 if ((cp->flags & CP_AUTH) == 0) { 2098 sppp_cp_send(sp, cp->proto, TERM_ACK, 2099 ident, 0, 0); 2100 } 2101 break; 2102 default: 2103 SPPP_LOG(sp, LOG_DEBUG, 2104 "%s illegal RCR- in state %s\n", cp->name, 2105 sppp_state_name(sp->scp[cp->protoidx].state)); 2106 if_statinc(ifp, if_ierrors); 2107 } 2108 } 2109 } 2110 2111 static void 2112 sppp_rcr_event(struct sppp *sp, void *xcp) 2113 { 2114 const struct cp *cp = xcp; 2115 struct sppp_cp *scp; 2116 struct lcp_header *h; 2117 struct mbuf *m; 2118 enum cp_rcr_type type; 2119 size_t len; 2120 uint8_t *buf; 2121 size_t blen, rlen; 2122 uint8_t ident; 2123 2124 KASSERT(!cpu_softintr_p()); 2125 2126 scp = &sp->scp[cp->protoidx]; 2127 2128 if (cp->parse_confreq != NULL) { 2129 m = scp->mbuf_confreq; 2130 if (m == NULL) 2131 return; 2132 scp->mbuf_confreq = NULL; 2133 2134 h = mtod(m, struct lcp_header *); 2135 if (h->type != CONF_REQ) { 2136 m_freem(m); 2137 return; 2138 } 2139 2140 ident = h->ident; 2141 len = MIN(m->m_pkthdr.len, ntohs(h->len)); 2142 2143 type = (cp->parse_confreq)(sp, h, len, 2144 &buf, &blen, &rlen); 2145 m_freem(m); 2146 } else { 2147 /* mbuf_cofreq is already parsed and freed */ 2148 type = scp->rcr_type; 2149 ident = scp->rconfid; 2150 buf = NULL; 2151 blen = rlen = 0; 2152 } 2153 2154 sppp_rcr_update_state(cp, sp, type, ident, rlen, (void *)buf); 2155 2156 if (buf != NULL) 2157 kmem_free(buf, blen); 2158 } 2159 2160 static void 2161 sppp_rca_event(struct sppp *sp, void *xcp) 2162 { 2163 struct ifnet *ifp; 2164 const struct cp *cp = xcp; 2165 2166 KASSERT(!cpu_softintr_p()); 2167 2168 ifp = &sp->pp_if; 2169 2170 switch (sp->scp[cp->protoidx].state) { 2171 case STATE_CLOSED: 2172 case STATE_STOPPED: 2173 if ((cp->flags & CP_AUTH) == 0) { 2174 sppp_cp_send(sp, cp->proto, TERM_ACK, 2175 sp->scp[cp->protoidx].rconfid, 0, 0); 2176 } 2177 break; 2178 case STATE_CLOSING: 2179 case STATE_STOPPING: 2180 break; 2181 case STATE_REQ_SENT: 2182 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 2183 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 2184 break; 2185 case STATE_OPENED: 2186 (cp->tld)(sp); 2187 /* fall through */ 2188 case STATE_ACK_RCVD: 2189 (cp->scr)(sp); 2190 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2191 break; 2192 case STATE_ACK_SENT: 2193 sppp_cp_change_state(cp, sp, STATE_OPENED); 2194 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 2195 SPPP_DLOG(sp, "%s tlu\n", cp->name); 2196 (cp->tlu)(sp); 2197 break; 2198 default: 2199 SPPP_LOG(sp, LOG_DEBUG, 2200 "%s illegal RCA in state %s\n", cp->name, 2201 sppp_state_name(sp->scp[cp->protoidx].state)); 2202 if_statinc(ifp, if_ierrors); 2203 } 2204 } 2205 2206 static void 2207 sppp_rcn_event(struct sppp *sp, void *xcp) 2208 { 2209 const struct cp *cp = xcp; 2210 struct sppp_cp *scp; 2211 struct lcp_header *h; 2212 struct mbuf *m; 2213 struct ifnet *ifp = &sp->pp_if; 2214 size_t len; 2215 2216 KASSERT(!cpu_softintr_p()); 2217 2218 scp = &sp->scp[cp->protoidx]; 2219 m = scp->mbuf_confnak; 2220 if (m == NULL) 2221 return; 2222 scp->mbuf_confnak = NULL; 2223 2224 h = mtod(m, struct lcp_header *); 2225 len = MIN(m->m_pkthdr.len, ntohs(h->len)); 2226 2227 switch (h->type) { 2228 case CONF_NAK: 2229 (cp->parse_confnak)(sp, h, len); 2230 break; 2231 case CONF_REJ: 2232 (cp->parse_confrej)(sp, h, len); 2233 break; 2234 default: 2235 m_freem(m); 2236 return; 2237 } 2238 2239 m_freem(m); 2240 2241 switch (scp->state) { 2242 case STATE_CLOSED: 2243 case STATE_STOPPED: 2244 if ((cp->flags & CP_AUTH) == 0) { 2245 sppp_cp_send(sp, cp->proto, TERM_ACK, 2246 scp->rconfid, 0, 0); 2247 } 2248 break; 2249 case STATE_REQ_SENT: 2250 case STATE_ACK_SENT: 2251 scp->rst_counter = sp->lcp.max_configure; 2252 (cp->scr)(sp); 2253 break; 2254 case STATE_OPENED: 2255 (cp->tld)(sp); 2256 /* fall through */ 2257 case STATE_ACK_RCVD: 2258 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2259 (cp->scr)(sp); 2260 break; 2261 case STATE_CLOSING: 2262 case STATE_STOPPING: 2263 break; 2264 default: 2265 SPPP_LOG(sp, LOG_DEBUG, "%s illegal RCN in state %s\n", 2266 cp->name, sppp_state_name(scp->state)); 2267 if_statinc(ifp, if_ierrors); 2268 } 2269 } 2270 2271 static void 2272 sppp_rtr_event(struct sppp *sp, void *xcp) 2273 { 2274 struct ifnet *ifp; 2275 const struct cp *cp = xcp; 2276 2277 KASSERT(!cpu_softintr_p()); 2278 2279 ifp = &sp->pp_if; 2280 2281 switch (sp->scp[cp->protoidx].state) { 2282 case STATE_ACK_RCVD: 2283 case STATE_ACK_SENT: 2284 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2285 break; 2286 case STATE_CLOSED: 2287 case STATE_STOPPED: 2288 case STATE_CLOSING: 2289 case STATE_STOPPING: 2290 case STATE_REQ_SENT: 2291 break; 2292 case STATE_OPENED: 2293 (cp->tld)(sp); 2294 sp->scp[cp->protoidx].rst_counter = 0; 2295 sppp_cp_change_state(cp, sp, STATE_STOPPING); 2296 break; 2297 default: 2298 SPPP_LOG(sp, LOG_DEBUG, "%s illegal RTR in state %s\n", 2299 cp->name, 2300 sppp_state_name(sp->scp[cp->protoidx].state)); 2301 if_statinc(ifp, if_ierrors); 2302 return; 2303 } 2304 2305 /* Send Terminate-Ack packet. */ 2306 SPPP_DLOG(sp, "%s send terminate-ack\n", cp->name); 2307 if ((cp->flags & CP_AUTH) == 0) { 2308 sppp_cp_send(sp, cp->proto, TERM_ACK, 2309 sp->scp[cp->protoidx].rseq, 0, 0); 2310 } 2311 } 2312 2313 static void 2314 sppp_rta_event(struct sppp *sp, void *xcp) 2315 { 2316 const struct cp *cp = xcp; 2317 struct ifnet *ifp = &sp->pp_if; 2318 2319 KASSERT(!cpu_softintr_p()); 2320 2321 switch (sp->scp[cp->protoidx].state) { 2322 case STATE_CLOSED: 2323 case STATE_STOPPED: 2324 case STATE_REQ_SENT: 2325 case STATE_ACK_SENT: 2326 break; 2327 case STATE_CLOSING: 2328 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2329 (cp->tlf)(cp, sp); 2330 break; 2331 case STATE_STOPPING: 2332 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2333 (cp->tlf)(cp, sp); 2334 break; 2335 case STATE_ACK_RCVD: 2336 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2337 break; 2338 case STATE_OPENED: 2339 (cp->tld)(sp); 2340 (cp->scr)(sp); 2341 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 2342 break; 2343 default: 2344 SPPP_LOG(sp, LOG_DEBUG, "%s illegal RTA in state %s\n", 2345 cp->name, sppp_state_name(sp->scp[cp->protoidx].state)); 2346 if_statinc(ifp, if_ierrors); 2347 } 2348 } 2349 2350 static void 2351 sppp_rxj_event(struct sppp *sp, void *xcp) 2352 { 2353 const struct cp *cp = xcp; 2354 struct ifnet *ifp = &sp->pp_if; 2355 2356 KASSERT(!cpu_softintr_p()); 2357 2358 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 2359 switch (sp->scp[cp->protoidx].state) { 2360 case STATE_CLOSED: 2361 case STATE_STOPPED: 2362 case STATE_REQ_SENT: 2363 case STATE_ACK_SENT: 2364 case STATE_CLOSING: 2365 case STATE_STOPPING: 2366 case STATE_OPENED: 2367 break; 2368 case STATE_ACK_RCVD: 2369 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2370 break; 2371 default: 2372 SPPP_LOG(sp, LOG_DEBUG, "%s illegal RXJ- in state %s\n", 2373 cp->name, sppp_state_name(sp->scp[cp->protoidx].state)); 2374 if_statinc(ifp, if_ierrors); 2375 } 2376 } 2377 2378 /* 2379 * Change the state of a control protocol in the state automaton. 2380 * Takes care of starting/stopping the restart timer. 2381 */ 2382 void 2383 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2384 { 2385 2386 KASSERT(SPPP_WLOCKED(sp)); 2387 2388 sp->scp[cp->protoidx].state = newstate; 2389 callout_stop(&sp->scp[cp->protoidx].ch); 2390 switch (newstate) { 2391 case STATE_INITIAL: 2392 case STATE_STARTING: 2393 case STATE_CLOSED: 2394 case STATE_STOPPED: 2395 case STATE_OPENED: 2396 break; 2397 case STATE_CLOSING: 2398 case STATE_STOPPING: 2399 case STATE_REQ_SENT: 2400 case STATE_ACK_RCVD: 2401 case STATE_ACK_SENT: 2402 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 2403 break; 2404 } 2405 } 2406 2407 /* 2408 *--------------------------------------------------------------------------* 2409 * * 2410 * The LCP implementation. * 2411 * * 2412 *--------------------------------------------------------------------------* 2413 */ 2414 static void 2415 sppp_lcp_init(struct sppp *sp) 2416 { 2417 2418 KASSERT(SPPP_WLOCKED(sp)); 2419 2420 sppp_cp_init(&lcp, sp); 2421 2422 SET(sp->lcp.opts, SPPP_LCP_OPT_MAGIC); 2423 sp->lcp.magic = 0; 2424 sp->lcp.protos = 0; 2425 sp->lcp.max_terminate = 2; 2426 sp->lcp.max_configure = 10; 2427 sp->lcp.max_failure = 10; 2428 sp->lcp.tlf_sent = false; 2429 2430 /* 2431 * Initialize counters and timeout values. Note that we don't 2432 * use the 3 seconds suggested in RFC 1661 since we are likely 2433 * running on a fast link. XXX We should probably implement 2434 * the exponential backoff option. Note that these values are 2435 * relevant for all control protocols, not just LCP only. 2436 */ 2437 sp->lcp.timeout = 1 * hz; 2438 } 2439 2440 static void 2441 sppp_lcp_up(struct sppp *sp, void *xcp) 2442 { 2443 struct ifnet *ifp; 2444 const struct cp *cp = xcp; 2445 int pidx; 2446 2447 KASSERT(SPPP_WLOCKED(sp)); 2448 ifp = &sp->pp_if; 2449 2450 pidx = cp->protoidx; 2451 /* Initialize activity timestamp: opening a connection is an activity */ 2452 sp->pp_last_receive = sp->pp_last_activity = time_uptime; 2453 2454 /* 2455 * If this interface is passive or dial-on-demand, and we are 2456 * still in Initial state, it means we've got an incoming 2457 * call. Activate the interface. 2458 */ 2459 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2460 ifp->if_flags |= IFF_RUNNING; 2461 if (sp->scp[pidx].state == STATE_INITIAL) { 2462 SPPP_DLOG(sp, "Up event (incoming call)\n"); 2463 sp->pp_flags |= PP_CALLIN; 2464 sppp_wq_add(sp->wq_cp, &sp->scp[pidx].work_open); 2465 } else { 2466 SPPP_DLOG(sp, "Up event\n"); 2467 } 2468 } 2469 2470 sppp_up_event(sp, xcp); 2471 } 2472 2473 static void 2474 sppp_lcp_down(struct sppp *sp, void *xcp) 2475 { 2476 const struct cp *cp = xcp; 2477 struct ifnet *ifp; 2478 int pidx; 2479 2480 KASSERT(SPPP_WLOCKED(sp)); 2481 KASSERT(!cpu_softintr_p()); 2482 2483 ifp = &sp->pp_if; 2484 pidx = cp->protoidx; 2485 sppp_down_event(sp, xcp); 2486 2487 /* 2488 * We need to do tls to restart when a down event is caused 2489 * by the last tlf. 2490 */ 2491 if (sp->scp[pidx].state == STATE_STARTING && 2492 sp->lcp.tlf_sent) { 2493 cp->tls(cp, sp); 2494 sp->lcp.tlf_sent = false; 2495 } 2496 2497 SPPP_DLOG(sp, "Down event (carrier loss)\n"); 2498 2499 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2500 if (sp->lcp.reestablish) 2501 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); 2502 } else { 2503 sp->pp_flags &= ~PP_CALLIN; 2504 if (sp->scp[pidx].state != STATE_INITIAL) 2505 sppp_wq_add(sp->wq_cp, &sp->scp[pidx].work_close); 2506 ifp->if_flags &= ~IFF_RUNNING; 2507 } 2508 sp->scp[pidx].fail_counter = 0; 2509 } 2510 2511 static void 2512 sppp_lcp_open(struct sppp *sp, void *xcp) 2513 { 2514 2515 KASSERT(SPPP_WLOCKED(sp)); 2516 KASSERT(!cpu_softintr_p()); 2517 2518 sp->lcp.reestablish = false; 2519 sp->scp[IDX_LCP].fail_counter = 0; 2520 2521 /* the interface was down while waiting for reconnection */ 2522 if ((sp->pp_flags & PP_ADMIN_UP) == 0) 2523 return; 2524 2525 if (sp->pp_if.if_mtu < PP_MTU) { 2526 sp->lcp.mru = sp->pp_if.if_mtu; 2527 SET(sp->lcp.opts, SPPP_LCP_OPT_MRU); 2528 } else { 2529 sp->lcp.mru = PP_MTU; 2530 } 2531 sp->lcp.their_mru = PP_MTU; 2532 2533 /* 2534 * If we are authenticator, negotiate LCP_AUTH 2535 */ 2536 if (sp->hisauth.proto != PPP_NOPROTO) 2537 SET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO); 2538 else 2539 CLR(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO); 2540 sp->pp_flags &= ~PP_NEEDAUTH; 2541 sppp_open_event(sp, xcp); 2542 } 2543 2544 2545 /* 2546 * Analyze a configure request. Return true if it was agreeable, and 2547 * caused action sca, false if it has been rejected or nak'ed, and 2548 * caused action scn. (The return value is used to make the state 2549 * transition decision in the state automaton.) 2550 */ 2551 static enum cp_rcr_type 2552 sppp_lcp_confreq(struct sppp *sp, struct lcp_header *h, int origlen, 2553 uint8_t **msgbuf, size_t *buflen, size_t *msglen) 2554 { 2555 u_char *buf, *r, *p, l, blen; 2556 enum cp_rcr_type type; 2557 int len, rlen; 2558 uint32_t nmagic; 2559 u_short authproto; 2560 char lbuf[SPPP_LCPOPT_NAMELEN]; 2561 bool debug; 2562 2563 KASSERT(SPPP_WLOCKED(sp)); 2564 2565 debug = sppp_debug_enabled(sp); 2566 2567 if (origlen < sizeof(*h)) 2568 return CP_RCR_DROP; 2569 2570 origlen -= sizeof(*h); 2571 type = CP_RCR_NONE; 2572 type = 0; 2573 2574 if (origlen <= 0) 2575 return CP_RCR_DROP; 2576 else 2577 blen = origlen; 2578 2579 buf = kmem_intr_alloc(blen, KM_NOSLEEP); 2580 if (buf == NULL) 2581 return CP_RCR_DROP; 2582 2583 if (debug) 2584 SPPP_LOG(sp, LOG_DEBUG, "lcp parse opts:"); 2585 2586 /* pass 1: check for things that need to be rejected */ 2587 p = (void *)(h + 1); 2588 r = buf; 2589 rlen = 0; 2590 for (len = origlen; len > 1; len-= l, p += l) { 2591 l = p[1]; 2592 if (l == 0) 2593 break; 2594 2595 /* Sanity check option length */ 2596 if (l > len) { 2597 /* 2598 * Malicious option - drop immediately. 2599 * XXX Maybe we should just RXJ it? 2600 */ 2601 if (debug) 2602 addlog("\n"); 2603 2604 SPPP_LOG(sp, LOG_DEBUG, 2605 "received malicious LCP option 0x%02x, " 2606 "length 0x%02x, (len: 0x%02x) dropping.\n", 2607 p[0], l, len); 2608 type = CP_RCR_ERR; 2609 goto end; 2610 } 2611 if (debug) 2612 addlog(" %s", sppp_lcp_opt_name(lbuf, sizeof(lbuf), *p)); 2613 switch (p[0]) { 2614 case LCP_OPT_MAGIC: 2615 /* Magic number. */ 2616 /* fall through, both are same length */ 2617 case LCP_OPT_ASYNC_MAP: 2618 /* Async control character map. */ 2619 if (len >= 6 || l == 6) 2620 continue; 2621 if (debug) 2622 addlog(" [invalid]"); 2623 break; 2624 case LCP_OPT_MP_EID: 2625 if (len >= l && l >= 3) { 2626 switch (p[2]) { 2627 case 0: if (l==3+ 0) continue;break; 2628 case 2: if (l==3+ 4) continue;break; 2629 case 3: if (l==3+ 6) continue;break; 2630 case 6: if (l==3+16) continue;break; 2631 case 1: /* FALLTHROUGH */ 2632 case 4: if (l<=3+20) continue;break; 2633 case 5: if (l<=3+15) continue;break; 2634 /* XXX should it be default: continue;? */ 2635 } 2636 } 2637 if (debug) 2638 addlog(" [invalid class %d len %d]", p[2], l); 2639 break; 2640 case LCP_OPT_MP_SSNHF: 2641 if (len >= 2 && l == 2) { 2642 if (debug) 2643 addlog(" [rej]"); 2644 break; 2645 } 2646 if (debug) 2647 addlog(" [invalid]"); 2648 break; 2649 case LCP_OPT_MP_MRRU: 2650 /* Multilink maximum received reconstructed unit */ 2651 /* should be fall through, both are same length */ 2652 /* FALLTHROUGH */ 2653 case LCP_OPT_MRU: 2654 /* Maximum receive unit. */ 2655 if (len >= 4 && l == 4) 2656 continue; 2657 if (debug) 2658 addlog(" [invalid]"); 2659 break; 2660 case LCP_OPT_AUTH_PROTO: 2661 if (len < 4) { 2662 if (debug) 2663 addlog(" [invalid]"); 2664 break; 2665 } 2666 authproto = (p[2] << 8) + p[3]; 2667 if (authproto == PPP_CHAP && l != 5) { 2668 if (debug) 2669 addlog(" [invalid chap len]"); 2670 break; 2671 } 2672 if (ISSET(sp->myauth.flags, SPPP_AUTHFLAG_PASSIVEAUTHPROTO)) { 2673 if (authproto == PPP_PAP || authproto == PPP_CHAP) 2674 sp->myauth.proto = authproto; 2675 } 2676 if (sp->myauth.proto == PPP_NOPROTO) { 2677 /* we are not configured to do auth */ 2678 if (debug) 2679 addlog(" [not configured]"); 2680 break; 2681 } 2682 /* 2683 * Remote want us to authenticate, remember this, 2684 * so we stay in SPPP_PHASE_AUTHENTICATE after LCP got 2685 * up. 2686 */ 2687 sp->pp_flags |= PP_NEEDAUTH; 2688 continue; 2689 default: 2690 /* Others not supported. */ 2691 if (debug) 2692 addlog(" [rej]"); 2693 break; 2694 } 2695 if (rlen + l > blen) { 2696 if (debug) 2697 addlog(" [overflow]"); 2698 continue; 2699 } 2700 /* Add the option to rejected list. */ 2701 memcpy(r, p, l); 2702 r += l; 2703 rlen += l; 2704 } 2705 2706 if (rlen > 0) { 2707 type = CP_RCR_REJ; 2708 goto end; 2709 } 2710 2711 if (debug) 2712 addlog("\n"); 2713 2714 /* 2715 * pass 2: check for option values that are unacceptable and 2716 * thus require to be nak'ed. 2717 */ 2718 if (debug) 2719 SPPP_LOG(sp, LOG_DEBUG, "lcp parse opt values:"); 2720 2721 p = (void *)(h + 1); 2722 r = buf; 2723 rlen = 0; 2724 for (len = origlen; len > 0; len -= l, p += l) { 2725 l = p[1]; 2726 if (l == 0) 2727 break; 2728 2729 if (debug) 2730 addlog(" %s", sppp_lcp_opt_name(lbuf, sizeof(lbuf), *p)); 2731 switch (p[0]) { 2732 case LCP_OPT_MAGIC: 2733 /* Magic number -- extract. */ 2734 nmagic = (uint32_t)p[2] << 24 | 2735 (uint32_t)p[3] << 16 | p[4] << 8 | p[5]; 2736 if (nmagic != sp->lcp.magic) { 2737 if (debug) 2738 addlog(" 0x%x", nmagic); 2739 continue; 2740 } 2741 /* 2742 * Local and remote magics equal -- loopback? 2743 */ 2744 if (sp->pp_loopcnt >= LOOPALIVECNT*5) { 2745 SPPP_DLOG(sp, "loopback\n"); 2746 sp->pp_loopcnt = 0; 2747 2748 if (sp->pp_flags & PP_LOOPBACK_IFDOWN) { 2749 sp->pp_flags |= PP_LOOPBACK; 2750 sppp_wq_add(sp->wq_cp, 2751 &sp->work_ifdown); 2752 } 2753 2754 sppp_wq_add(sp->wq_cp, 2755 &sp->scp[IDX_LCP].work_close); 2756 sppp_wq_add(sp->wq_cp, 2757 &sp->scp[IDX_LCP].work_open); 2758 } else { 2759 if (debug) 2760 addlog(" [glitch]"); 2761 ++sp->pp_loopcnt; 2762 } 2763 /* 2764 * We negate our magic here, and NAK it. If 2765 * we see it later in an NAK packet, we 2766 * suggest a new one. 2767 */ 2768 nmagic = ~sp->lcp.magic; 2769 /* Gonna NAK it. */ 2770 p[2] = nmagic >> 24; 2771 p[3] = nmagic >> 16; 2772 p[4] = nmagic >> 8; 2773 p[5] = nmagic; 2774 break; 2775 2776 case LCP_OPT_ASYNC_MAP: 2777 /* 2778 * Async control character map -- just ignore it. 2779 * 2780 * Quote from RFC 1662, chapter 6: 2781 * To enable this functionality, synchronous PPP 2782 * implementations MUST always respond to the 2783 * Async-Control-Character-Map Configuration 2784 * Option with the LCP Configure-Ack. However, 2785 * acceptance of the Configuration Option does 2786 * not imply that the synchronous implementation 2787 * will do any ACCM mapping. Instead, all such 2788 * octet mapping will be performed by the 2789 * asynchronous-to-synchronous converter. 2790 */ 2791 continue; 2792 2793 case LCP_OPT_MRU: 2794 /* 2795 * Maximum receive unit. Always agreeable, 2796 * but ignored by now. 2797 */ 2798 sp->lcp.their_mru = p[2] * 256 + p[3]; 2799 if (debug) 2800 addlog(" %ld", sp->lcp.their_mru); 2801 continue; 2802 2803 case LCP_OPT_AUTH_PROTO: 2804 authproto = (p[2] << 8) + p[3]; 2805 if (ISSET(sp->myauth.flags, SPPP_AUTHFLAG_PASSIVEAUTHPROTO)) { 2806 if (authproto == PPP_PAP || authproto == PPP_CHAP) 2807 sp->myauth.proto = authproto; 2808 } 2809 if (sp->myauth.proto == authproto) { 2810 if (authproto != PPP_CHAP || p[4] == CHAP_MD5) { 2811 continue; 2812 } 2813 if (debug) 2814 addlog(" [chap without MD5]"); 2815 } else { 2816 if (debug) { 2817 char pbuf1[SPPP_PROTO_NAMELEN]; 2818 char pbuf2[SPPP_PROTO_NAMELEN]; 2819 const char *pname1, *pname2; 2820 2821 pname1 = sppp_proto_name(pbuf1, 2822 sizeof(pbuf1), sp->myauth.proto); 2823 pname2 = sppp_proto_name(pbuf2, 2824 sizeof(pbuf2), authproto); 2825 addlog(" [mine %s != his %s]", 2826 pname1, pname2); 2827 } 2828 } 2829 /* not agreed, nak */ 2830 if (sp->myauth.proto == PPP_CHAP) { 2831 l = 5; 2832 } else { 2833 l = 4; 2834 } 2835 2836 if (rlen + l > blen) { 2837 if (debug) 2838 addlog(" [overflow]"); 2839 continue; 2840 } 2841 2842 r[0] = LCP_OPT_AUTH_PROTO; 2843 r[1] = l; 2844 r[2] = sp->myauth.proto >> 8; 2845 r[3] = sp->myauth.proto & 0xff; 2846 if (sp->myauth.proto == PPP_CHAP) 2847 r[4] = CHAP_MD5; 2848 rlen += l; 2849 r += l; 2850 continue; 2851 case LCP_OPT_MP_EID: 2852 /* 2853 * Endpoint identification. 2854 * Always agreeable, 2855 * but ignored by now. 2856 */ 2857 if (debug) { 2858 addlog(" type %d", p[2]); 2859 sppp_print_bytes(p+3, p[1]-3); 2860 } 2861 continue; 2862 case LCP_OPT_MP_MRRU: 2863 /* 2864 * Maximum received reconstructed unit. 2865 * Always agreeable, 2866 * but ignored by now. 2867 */ 2868 sp->lcp.their_mrru = p[2] * 256 + p[3]; 2869 if (debug) 2870 addlog(" %ld", sp->lcp.their_mrru); 2871 continue; 2872 } 2873 if (rlen + l > blen) { 2874 if (debug) 2875 addlog(" [overflow]"); 2876 continue; 2877 } 2878 /* Add the option to nak'ed list. */ 2879 memcpy(r, p, l); 2880 r += l; 2881 rlen += l; 2882 } 2883 2884 if (rlen > 0) { 2885 if (++sp->scp[IDX_LCP].fail_counter >= sp->lcp.max_failure) { 2886 if (debug) 2887 addlog(" max_failure (%d) exceeded, ", 2888 sp->lcp.max_failure); 2889 type = CP_RCR_REJ; 2890 } else { 2891 type = CP_RCR_NAK; 2892 } 2893 } else { 2894 type = CP_RCR_ACK; 2895 rlen = origlen; 2896 memcpy(r, h + 1, rlen); 2897 sp->scp[IDX_LCP].fail_counter = 0; 2898 sp->pp_loopcnt = 0; 2899 } 2900 2901 end: 2902 if (debug) 2903 addlog("\n"); 2904 2905 if (type == CP_RCR_ERR || type == CP_RCR_DROP) { 2906 if (buf != NULL) 2907 kmem_intr_free(buf, blen); 2908 } else { 2909 *msgbuf = buf; 2910 *buflen = blen; 2911 *msglen = rlen; 2912 } 2913 2914 return type; 2915 } 2916 2917 /* 2918 * Analyze the LCP Configure-Reject option list, and adjust our 2919 * negotiation. 2920 */ 2921 static void 2922 sppp_lcp_confrej(struct sppp *sp, struct lcp_header *h, int len) 2923 { 2924 u_char *p, l; 2925 bool debug; 2926 2927 KASSERT(SPPP_WLOCKED(sp)); 2928 2929 debug = sppp_debug_enabled(sp); 2930 2931 if (len <= sizeof(*h)) 2932 return; 2933 2934 len -= sizeof(*h); 2935 2936 if (debug) 2937 SPPP_LOG(sp, LOG_DEBUG, "lcp rej opts:"); 2938 2939 p = (void *)(h + 1); 2940 for (; len > 1 && (l = p[1]) != 0; len -= l, p += l) { 2941 /* Sanity check option length */ 2942 if (l > len) { 2943 /* 2944 * Malicious option - drop immediately. 2945 * XXX Maybe we should just RXJ it? 2946 */ 2947 if (debug) 2948 addlog("\n"); 2949 2950 SPPP_LOG(sp, LOG_DEBUG, 2951 "received malicious LCP option, dropping.\n"); 2952 goto end; 2953 } 2954 if (debug) { 2955 char lbuf[SPPP_LCPOPT_NAMELEN]; 2956 addlog(" %s", sppp_lcp_opt_name(lbuf, sizeof(lbuf), *p)); 2957 } 2958 switch (p[0]) { 2959 case LCP_OPT_MAGIC: 2960 /* Magic number -- can't use it, use 0 */ 2961 CLR(sp->lcp.opts, SPPP_LCP_OPT_MAGIC); 2962 sp->lcp.magic = 0; 2963 break; 2964 case LCP_OPT_MRU: 2965 /* 2966 * We try to negotiate a lower MRU if the underlying 2967 * link's MTU is less than PP_MTU (e.g. PPPoE). If the 2968 * peer rejects this lower rate, fallback to the 2969 * default. 2970 */ 2971 if (!debug) { 2972 SPPP_LOG(sp, LOG_INFO, 2973 "peer rejected our MRU of " 2974 "%ld bytes. Defaulting to %d bytes\n", 2975 sp->lcp.mru, PP_MTU); 2976 } 2977 CLR(sp->lcp.opts, SPPP_LCP_OPT_MRU); 2978 sp->lcp.mru = PP_MTU; 2979 break; 2980 case LCP_OPT_AUTH_PROTO: 2981 /* 2982 * Peer doesn't want to authenticate himself, 2983 * deny unless this is a dialout call, and 2984 * SPPP_AUTHFLAG_NOCALLOUT is set. 2985 */ 2986 if ((sp->pp_flags & PP_CALLIN) == 0 && 2987 (sp->hisauth.flags & SPPP_AUTHFLAG_NOCALLOUT) != 0) { 2988 if (debug) { 2989 addlog(" [don't insist on auth " 2990 "for callout]"); 2991 } 2992 CLR(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO); 2993 break; 2994 } 2995 if (debug) 2996 addlog("[access denied]\n"); 2997 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 2998 break; 2999 } 3000 } 3001 if (debug) 3002 addlog("\n"); 3003 end: 3004 return; 3005 } 3006 3007 /* 3008 * Analyze the LCP Configure-NAK option list, and adjust our 3009 * negotiation. 3010 */ 3011 static void 3012 sppp_lcp_confnak(struct sppp *sp, struct lcp_header *h, int len) 3013 { 3014 u_char *p, l; 3015 uint32_t magic; 3016 bool debug; 3017 3018 KASSERT(SPPP_WLOCKED(sp)); 3019 3020 if (len <= sizeof(*h)) 3021 return; 3022 3023 debug = sppp_debug_enabled(sp); 3024 len -= sizeof(*h); 3025 3026 if (debug) 3027 SPPP_LOG(sp, LOG_DEBUG, "lcp nak opts:"); 3028 3029 p = (void *)(h + 1); 3030 for (; len > 1 && (l = p[1]) != 0; len -= l, p += l) { 3031 /* Sanity check option length */ 3032 if (l > len) { 3033 /* 3034 * Malicious option - drop immediately. 3035 * XXX Maybe we should just RXJ it? 3036 */ 3037 if (debug) 3038 addlog("\n"); 3039 3040 SPPP_LOG(sp, LOG_DEBUG, 3041 "received malicious LCP option, dropping.\n"); 3042 goto end; 3043 } 3044 if (debug) { 3045 char lbuf[SPPP_LCPOPT_NAMELEN]; 3046 addlog(" %s", sppp_lcp_opt_name(lbuf, sizeof(lbuf),*p)); 3047 } 3048 switch (p[0]) { 3049 case LCP_OPT_MAGIC: 3050 /* Magic number -- renegotiate */ 3051 if (ISSET(sp->lcp.opts, SPPP_LCP_OPT_MAGIC) && 3052 len >= 6 && l == 6) { 3053 magic = (uint32_t)p[2] << 24 | 3054 (uint32_t)p[3] << 16 | p[4] << 8 | p[5]; 3055 /* 3056 * If the remote magic is our negated one, 3057 * this looks like a loopback problem. 3058 * Suggest a new magic to make sure. 3059 */ 3060 if (magic == ~sp->lcp.magic) { 3061 if (debug) 3062 addlog(" magic glitch"); 3063 sp->lcp.magic = cprng_fast32(); 3064 } else { 3065 sp->lcp.magic = magic; 3066 if (debug) 3067 addlog(" %d", magic); 3068 } 3069 } 3070 break; 3071 case LCP_OPT_MRU: 3072 /* 3073 * Peer wants to advise us to negotiate an MRU. 3074 * Agree on it if it's reasonable, or use 3075 * default otherwise. 3076 */ 3077 if (len >= 4 && l == 4) { 3078 u_int mru = p[2] * 256 + p[3]; 3079 if (debug) 3080 addlog(" %d", mru); 3081 if (mru < PPP_MINMRU || mru > sp->pp_if.if_mtu) 3082 mru = sp->pp_if.if_mtu; 3083 sp->lcp.mru = mru; 3084 SET(sp->lcp.opts, SPPP_LCP_OPT_MRU); 3085 } 3086 break; 3087 case LCP_OPT_AUTH_PROTO: 3088 /* 3089 * Peer doesn't like our authentication method, 3090 * deny. 3091 */ 3092 if (debug) 3093 addlog("[access denied]\n"); 3094 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 3095 break; 3096 } 3097 } 3098 if (debug) 3099 addlog("\n"); 3100 end: 3101 return; 3102 } 3103 3104 static void 3105 sppp_lcp_tlu(struct sppp *sp) 3106 { 3107 struct ifnet *ifp; 3108 struct sppp_cp *scp; 3109 int i; 3110 bool going_up; 3111 3112 KASSERT(SPPP_WLOCKED(sp)); 3113 3114 ifp = &sp->pp_if; 3115 3116 /* unlock for IFNET_LOCK and if_up() */ 3117 SPPP_UNLOCK(sp); 3118 3119 if (! (ifp->if_flags & IFF_UP) && 3120 (ifp->if_flags & IFF_RUNNING)) { 3121 /* Coming out of loopback mode. */ 3122 going_up = true; 3123 if_up(ifp); 3124 } else { 3125 going_up = false; 3126 } 3127 3128 IFNET_LOCK(ifp); 3129 SPPP_LOCK(sp, RW_WRITER); 3130 3131 if (going_up) { 3132 if ((sp->pp_flags & PP_LOOPBACK) == 0) { 3133 SPPP_LOG(sp, LOG_DEBUG, 3134 "interface is going up, " 3135 "but no loopback packet is detected\n"); 3136 } 3137 sp->pp_flags &= ~PP_LOOPBACK; 3138 } 3139 3140 if (ifp->if_mtu > sp->lcp.their_mru) { 3141 sp->pp_saved_mtu = ifp->if_mtu; 3142 ifp->if_mtu = sp->lcp.their_mru; 3143 SPPP_DLOG(sp, "setting MTU " 3144 "from %"PRIu64" bytes to %"PRIu64" bytes\n", 3145 sp->pp_saved_mtu, ifp->if_mtu); 3146 } 3147 IFNET_UNLOCK(ifp); 3148 3149 if (ISSET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO) || 3150 (sp->pp_flags & PP_NEEDAUTH) != 0) 3151 sppp_change_phase(sp, SPPP_PHASE_AUTHENTICATE); 3152 else 3153 sppp_change_phase(sp, SPPP_PHASE_NETWORK); 3154 3155 3156 for (i = 0; i < IDX_COUNT; i++) { 3157 scp = &sp->scp[(cps[i])->protoidx]; 3158 3159 if (((cps[i])->flags & CP_LCP) == 0) 3160 sppp_wq_add(sp->wq_cp, &scp->work_up); 3161 3162 /* 3163 * Open all authentication protocols. This is even required 3164 * if we already proceeded to network phase, since it might be 3165 * that remote wants us to authenticate, so we might have to 3166 * send a PAP request. Undesired authentication protocols 3167 * don't do anything when they get an Open event. 3168 */ 3169 if ((cps[i])->flags & CP_AUTH) 3170 sppp_wq_add(sp->wq_cp, &scp->work_open); 3171 3172 /* Open all NCPs. */ 3173 if (sp->pp_phase == SPPP_PHASE_NETWORK && 3174 ((cps[i])->flags & CP_NCP) != 0) { 3175 sppp_wq_add(sp->wq_cp, &scp->work_open); 3176 } 3177 } 3178 3179 /* notify low-level driver of state change */ 3180 sppp_notify_chg_wlocked(sp); 3181 } 3182 3183 static void 3184 sppp_lcp_tld(struct sppp *sp) 3185 { 3186 struct ifnet *ifp; 3187 struct sppp_cp *scp; 3188 int i, phase; 3189 3190 KASSERT(SPPP_WLOCKED(sp)); 3191 3192 phase = sp->pp_phase; 3193 3194 sppp_change_phase(sp, SPPP_PHASE_TERMINATE); 3195 3196 if (sp->pp_saved_mtu > 0) { 3197 ifp = &sp->pp_if; 3198 3199 SPPP_UNLOCK(sp); 3200 IFNET_LOCK(ifp); 3201 SPPP_LOCK(sp, RW_WRITER); 3202 3203 SPPP_DLOG(sp, "setting MTU " 3204 "from %"PRIu64" bytes to %"PRIu64" bytes\n", 3205 ifp->if_mtu, sp->pp_saved_mtu); 3206 3207 ifp->if_mtu = sp->pp_saved_mtu; 3208 sp->pp_saved_mtu = 0; 3209 IFNET_UNLOCK(ifp); 3210 } 3211 3212 /* 3213 * Take upper layers down. We send the Down event first and 3214 * the Close second to prevent the upper layers from sending 3215 * ``a flurry of terminate-request packets'', as the RFC 3216 * describes it. 3217 */ 3218 for (i = 0; i < IDX_COUNT; i++) { 3219 scp = &sp->scp[(cps[i])->protoidx]; 3220 3221 if (((cps[i])->flags & CP_LCP) == 0) 3222 sppp_wq_add(sp->wq_cp, &scp->work_down); 3223 3224 if ((cps[i])->flags & CP_AUTH) { 3225 sppp_wq_add(sp->wq_cp, &scp->work_close); 3226 } 3227 3228 /* Close all NCPs. */ 3229 if (phase == SPPP_PHASE_NETWORK && 3230 ((cps[i])->flags & CP_NCP) != 0) { 3231 sppp_wq_add(sp->wq_cp, &scp->work_close); 3232 } 3233 } 3234 } 3235 3236 static void 3237 sppp_lcp_tls(const struct cp *cp __unused, struct sppp *sp) 3238 { 3239 3240 KASSERT(SPPP_WLOCKED(sp)); 3241 3242 sppp_change_phase(sp, SPPP_PHASE_ESTABLISH); 3243 3244 /* Notify lower layer if desired. */ 3245 sppp_notify_tls_wlocked(sp); 3246 sp->lcp.tlf_sent = false; 3247 } 3248 3249 static void 3250 sppp_lcp_tlf(const struct cp *cp __unused, struct sppp *sp) 3251 { 3252 3253 KASSERT(SPPP_WLOCKED(sp)); 3254 3255 sppp_change_phase(sp, SPPP_PHASE_DEAD); 3256 3257 /* Notify lower layer if desired. */ 3258 sppp_notify_tlf_wlocked(sp); 3259 3260 switch (sp->scp[IDX_LCP].state) { 3261 case STATE_CLOSED: 3262 case STATE_STOPPED: 3263 sp->lcp.tlf_sent = true; 3264 break; 3265 case STATE_INITIAL: 3266 default: 3267 /* just in case */ 3268 sp->lcp.tlf_sent = false; 3269 } 3270 } 3271 3272 static void 3273 sppp_lcp_scr(struct sppp *sp) 3274 { 3275 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 3276 int i = 0; 3277 u_short authproto; 3278 3279 KASSERT(SPPP_WLOCKED(sp)); 3280 3281 if (ISSET(sp->lcp.opts, SPPP_LCP_OPT_MAGIC)) { 3282 if (! sp->lcp.magic) 3283 sp->lcp.magic = cprng_fast32(); 3284 opt[i++] = LCP_OPT_MAGIC; 3285 opt[i++] = 6; 3286 opt[i++] = sp->lcp.magic >> 24; 3287 opt[i++] = sp->lcp.magic >> 16; 3288 opt[i++] = sp->lcp.magic >> 8; 3289 opt[i++] = sp->lcp.magic; 3290 } 3291 3292 if (ISSET(sp->lcp.opts,SPPP_LCP_OPT_MRU)) { 3293 opt[i++] = LCP_OPT_MRU; 3294 opt[i++] = 4; 3295 opt[i++] = sp->lcp.mru >> 8; 3296 opt[i++] = sp->lcp.mru; 3297 } 3298 3299 if (ISSET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO)) { 3300 authproto = sp->hisauth.proto; 3301 opt[i++] = LCP_OPT_AUTH_PROTO; 3302 opt[i++] = authproto == PPP_CHAP? 5: 4; 3303 opt[i++] = authproto >> 8; 3304 opt[i++] = authproto; 3305 if (authproto == PPP_CHAP) 3306 opt[i++] = CHAP_MD5; 3307 } 3308 3309 sp->scp[IDX_LCP].confid = ++sp->scp[IDX_LCP].seq; 3310 sppp_cp_send(sp, PPP_LCP, CONF_REQ, sp->scp[IDX_LCP].confid, i, &opt); 3311 } 3312 3313 /* 3314 * Check the open NCPs, return true if at least one NCP is open. 3315 */ 3316 3317 static int 3318 sppp_cp_check(struct sppp *sp, u_char cp_flags) 3319 { 3320 int i, mask; 3321 3322 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 3323 if ((sp->lcp.protos & mask) && (cps[i])->flags & cp_flags) 3324 return 1; 3325 return 0; 3326 } 3327 3328 /* 3329 * Re-check the open NCPs and see if we should terminate the link. 3330 * Called by the NCPs during their tlf action handling. 3331 */ 3332 static void 3333 sppp_lcp_check_and_close(struct sppp *sp) 3334 { 3335 3336 KASSERT(SPPP_WLOCKED(sp)); 3337 3338 if (sp->pp_phase < SPPP_PHASE_AUTHENTICATE) { 3339 /* don't bother, we are already going down */ 3340 return; 3341 } 3342 3343 if (sp->pp_phase == SPPP_PHASE_AUTHENTICATE && 3344 sppp_cp_check(sp, CP_AUTH)) 3345 return; 3346 3347 if (sp->pp_phase >= SPPP_PHASE_NETWORK && 3348 sppp_cp_check(sp, CP_NCP)) 3349 return; 3350 3351 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 3352 3353 if (sp->pp_max_auth_fail != 0 && 3354 sp->pp_auth_failures >= sp->pp_max_auth_fail) { 3355 SPPP_LOG(sp, LOG_INFO, "authentication failed %d times, " 3356 "not retrying again\n", sp->pp_auth_failures); 3357 3358 sppp_wq_add(sp->wq_cp, &sp->work_ifdown); 3359 sp->pp_if.if_flags &= ~IFF_RUNNING; 3360 } else { 3361 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); 3362 } 3363 } 3364 3365 /* 3366 *--------------------------------------------------------------------------* 3367 * * 3368 * The IPCP implementation. * 3369 * * 3370 *--------------------------------------------------------------------------* 3371 */ 3372 3373 static void 3374 sppp_ipcp_init(struct sppp *sp) 3375 { 3376 3377 KASSERT(SPPP_WLOCKED(sp)); 3378 3379 sppp_cp_init(&ipcp, sp); 3380 3381 sp->ipcp.opts = 0; 3382 sp->ipcp.flags = 0; 3383 } 3384 3385 static void 3386 sppp_ipcp_open(struct sppp *sp, void *xcp) 3387 { 3388 uint32_t myaddr, hisaddr; 3389 3390 KASSERT(SPPP_WLOCKED(sp)); 3391 KASSERT(!cpu_softintr_p()); 3392 3393 if (!ISSET(sp->pp_ncpflags, SPPP_NCP_IPCP)) 3394 return; 3395 3396 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN|IPCP_HISADDR_DYN); 3397 sp->ipcp.req_myaddr = 0; 3398 sp->ipcp.req_hisaddr = 0; 3399 memset(&sp->dns_addrs, 0, sizeof sp->dns_addrs); 3400 3401 #ifdef INET 3402 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 3403 #else 3404 myaddr = hisaddr = 0; 3405 #endif 3406 /* 3407 * If we don't have his address, this probably means our 3408 * interface doesn't want to talk IP at all. (This could 3409 * be the case if somebody wants to speak only IPX, for 3410 * example.) Don't open IPCP in this case. 3411 */ 3412 if (hisaddr == 0) { 3413 /* XXX this message should go away */ 3414 SPPP_DLOG(sp, "ipcp_open(): no IP interface\n"); 3415 return; 3416 } 3417 3418 if (myaddr == 0) { 3419 /* 3420 * I don't have an assigned address, so i need to 3421 * negotiate my address. 3422 */ 3423 sp->ipcp.flags |= IPCP_MYADDR_DYN; 3424 SET(sp->ipcp.opts, SPPP_IPCP_OPT_ADDRESS); 3425 } 3426 if (hisaddr == 1) { 3427 /* 3428 * XXX - remove this hack! 3429 * remote has no valid address, we need to get one assigned. 3430 */ 3431 sp->ipcp.flags |= IPCP_HISADDR_DYN; 3432 sp->ipcp.saved_hisaddr = htonl(hisaddr); 3433 } 3434 3435 if (sp->query_dns & 1) { 3436 SET(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS); 3437 } else { 3438 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS); 3439 } 3440 3441 if (sp->query_dns & 2) { 3442 SET(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS); 3443 } else { 3444 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS); 3445 } 3446 sppp_open_event(sp, xcp); 3447 } 3448 3449 static void 3450 sppp_ipcp_close(struct sppp *sp, void *xcp) 3451 { 3452 3453 KASSERT(SPPP_WLOCKED(sp)); 3454 KASSERT(!cpu_softintr_p()); 3455 3456 sppp_close_event(sp, xcp); 3457 3458 #ifdef INET 3459 if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN)) { 3460 /* 3461 * Some address was dynamic, clear it again. 3462 */ 3463 sppp_clear_ip_addrs(sp); 3464 } 3465 #endif 3466 memset(&sp->dns_addrs, 0, sizeof sp->dns_addrs); 3467 } 3468 3469 /* 3470 * Analyze a configure request. Return true if it was agreeable, and 3471 * caused action sca, false if it has been rejected or nak'ed, and 3472 * caused action scn. (The return value is used to make the state 3473 * transition decision in the state automaton.) 3474 */ 3475 static enum cp_rcr_type 3476 sppp_ipcp_confreq(struct sppp *sp, struct lcp_header *h, int origlen, 3477 uint8_t **msgbuf, size_t *buflen, size_t *msglen) 3478 { 3479 u_char *buf, *r, *p, l, blen; 3480 enum cp_rcr_type type; 3481 int rlen, len; 3482 uint32_t hisaddr, desiredaddr; 3483 char ipbuf[SPPP_IPCPOPT_NAMELEN]; 3484 char dqbuf[SPPP_DOTQUAD_BUFLEN]; 3485 const char *dq; 3486 bool debug; 3487 3488 KASSERT(SPPP_WLOCKED(sp)); 3489 3490 type = CP_RCR_NONE; 3491 origlen -= sizeof(*h); 3492 3493 if (origlen < 0) 3494 return CP_RCR_DROP; 3495 3496 debug = sppp_debug_enabled(sp); 3497 3498 /* 3499 * Make sure to allocate a buf that can at least hold a 3500 * conf-nak with an `address' option. We might need it below. 3501 */ 3502 blen = MAX(6, origlen); 3503 3504 buf = kmem_intr_alloc(blen, KM_NOSLEEP); 3505 if (buf == NULL) 3506 return CP_RCR_DROP; 3507 3508 /* pass 1: see if we can recognize them */ 3509 if (debug) 3510 SPPP_LOG(sp, LOG_DEBUG, "ipcp parse opts:"); 3511 p = (void *)(h + 1); 3512 r = buf; 3513 rlen = 0; 3514 for (len = origlen; len > 1; len -= l, p += l) { 3515 l = p[1]; 3516 if (l == 0) 3517 break; 3518 3519 /* Sanity check option length */ 3520 if (l > len) { 3521 /* XXX should we just RXJ? */ 3522 if (debug) 3523 addlog("\n"); 3524 3525 SPPP_LOG(sp, LOG_DEBUG, 3526 " malicious IPCP option received, dropping\n"); 3527 type = CP_RCR_ERR; 3528 goto end; 3529 } 3530 if (debug) { 3531 addlog(" %s", 3532 sppp_ipcp_opt_name(ipbuf, sizeof(ipbuf), *p)); 3533 } 3534 switch (p[0]) { 3535 #ifdef notyet 3536 case IPCP_OPT_COMPRESSION: 3537 if (len >= 6 && l >= 6) { 3538 /* correctly formed compress option */ 3539 continue; 3540 } 3541 if (debug) 3542 addlog(" [invalid]"); 3543 break; 3544 #endif 3545 case IPCP_OPT_ADDRESS: 3546 if (len >= 6 && l == 6) { 3547 /* correctly formed address option */ 3548 continue; 3549 } 3550 if (debug) 3551 addlog(" [invalid]"); 3552 break; 3553 default: 3554 /* Others not supported. */ 3555 if (debug) 3556 addlog(" [rej]"); 3557 break; 3558 } 3559 /* Add the option to rejected list. */ 3560 if (rlen + l > blen) { 3561 if (debug) 3562 addlog(" [overflow]"); 3563 continue; 3564 } 3565 memcpy(r, p, l); 3566 r += l; 3567 rlen += l; 3568 } 3569 3570 if (rlen > 0) { 3571 type = CP_RCR_REJ; 3572 goto end; 3573 } 3574 3575 if (debug) 3576 addlog("\n"); 3577 3578 /* pass 2: parse option values */ 3579 if (sp->ipcp.flags & IPCP_HISADDR_SEEN) 3580 hisaddr = sp->ipcp.req_hisaddr; /* we already aggreed on that */ 3581 else 3582 #ifdef INET 3583 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */ 3584 #else 3585 hisaddr = 0; 3586 #endif 3587 if (debug) 3588 SPPP_LOG(sp, LOG_DEBUG, "ipcp parse opt values:"); 3589 p = (void *)(h + 1); 3590 r = buf; 3591 rlen = 0; 3592 for (len = origlen; len > 1; len -= l, p += l) { 3593 l = p[1]; 3594 if (l == 0) 3595 break; 3596 3597 if (debug) { 3598 addlog(" %s", 3599 sppp_ipcp_opt_name(ipbuf, sizeof(ipbuf), *p)); 3600 } 3601 switch (p[0]) { 3602 #ifdef notyet 3603 case IPCP_OPT_COMPRESSION: 3604 continue; 3605 #endif 3606 case IPCP_OPT_ADDRESS: 3607 desiredaddr = p[2] << 24 | p[3] << 16 | 3608 p[4] << 8 | p[5]; 3609 if (desiredaddr == hisaddr || 3610 ((sp->ipcp.flags & IPCP_HISADDR_DYN) && desiredaddr != 0)) { 3611 /* 3612 * Peer's address is same as our value, 3613 * this is agreeable. Gonna conf-ack 3614 * it. 3615 */ 3616 if (debug) { 3617 dq = sppp_dotted_quad(dqbuf, 3618 sizeof(dqbuf), hisaddr); 3619 addlog(" %s [ack]", dq); 3620 } 3621 /* record that we've seen it already */ 3622 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 3623 sp->ipcp.req_hisaddr = desiredaddr; 3624 hisaddr = desiredaddr; 3625 continue; 3626 } 3627 /* 3628 * The address wasn't agreeable. This is either 3629 * he sent us 0.0.0.0, asking to assign him an 3630 * address, or he send us another address not 3631 * matching our value. Either case, we gonna 3632 * conf-nak it with our value. 3633 */ 3634 if (debug) { 3635 if (desiredaddr == 0) { 3636 addlog(" [addr requested]"); 3637 } else { 3638 dq = sppp_dotted_quad(dqbuf, 3639 sizeof(dqbuf), desiredaddr); 3640 addlog(" %s [not agreed]", dq); 3641 } 3642 } 3643 3644 p[2] = hisaddr >> 24; 3645 p[3] = hisaddr >> 16; 3646 p[4] = hisaddr >> 8; 3647 p[5] = hisaddr; 3648 break; 3649 } 3650 if (rlen + l > blen) { 3651 if (debug) 3652 addlog(" [overflow]"); 3653 continue; 3654 } 3655 /* Add the option to nak'ed list. */ 3656 memcpy(r, p, l); 3657 r += l; 3658 rlen += l; 3659 } 3660 3661 if (rlen > 0) { 3662 type = CP_RCR_NAK; 3663 } else { 3664 if ((sp->ipcp.flags & IPCP_HISADDR_SEEN) == 0) { 3665 /* 3666 * If we are about to conf-ack the request, but haven't seen 3667 * his address so far, gonna conf-nak it instead, with the 3668 * `address' option present and our idea of his address being 3669 * filled in there, to request negotiation of both addresses. 3670 * 3671 * XXX This can result in an endless req - nak loop if peer 3672 * doesn't want to send us his address. Q: What should we do 3673 * about it? XXX A: implement the max-failure counter. 3674 */ 3675 buf[0] = IPCP_OPT_ADDRESS; 3676 buf[1] = 6; 3677 buf[2] = hisaddr >> 24; 3678 buf[3] = hisaddr >> 16; 3679 buf[4] = hisaddr >> 8; 3680 buf[5] = hisaddr; 3681 rlen = 6; 3682 if (debug) 3683 addlog(" still need hisaddr"); 3684 type = CP_RCR_NAK; 3685 } else { 3686 type = CP_RCR_ACK; 3687 rlen = origlen; 3688 memcpy(r, h + 1, rlen); 3689 } 3690 } 3691 3692 end: 3693 if (debug) 3694 addlog("\n"); 3695 3696 if (type == CP_RCR_ERR || type == CP_RCR_DROP) { 3697 if (buf != NULL) 3698 kmem_intr_free(buf, blen); 3699 } else { 3700 *msgbuf = buf; 3701 *buflen = blen; 3702 *msglen = rlen; 3703 } 3704 3705 return type; 3706 } 3707 3708 /* 3709 * Analyze the IPCP Configure-Reject option list, and adjust our 3710 * negotiation. 3711 */ 3712 static void 3713 sppp_ipcp_confrej(struct sppp *sp, struct lcp_header *h, int len) 3714 { 3715 u_char *p, l; 3716 bool debug; 3717 3718 KASSERT(SPPP_WLOCKED(sp)); 3719 3720 if (len <= sizeof(*h)) 3721 return; 3722 3723 len -= sizeof(*h); 3724 debug = sppp_debug_enabled(sp); 3725 3726 if (debug) 3727 SPPP_LOG(sp, LOG_DEBUG, "ipcp rej opts:"); 3728 3729 p = (void *)(h + 1); 3730 for (; len > 1; len -= l, p += l) { 3731 l = p[1]; 3732 if (l == 0) 3733 break; 3734 3735 /* Sanity check option length */ 3736 if (l > len) { 3737 /* XXX should we just RXJ? */ 3738 if (debug) 3739 addlog("\n"); 3740 SPPP_LOG(sp, LOG_DEBUG, 3741 "malicious IPCP option received, dropping\n"); 3742 goto end; 3743 } 3744 if (debug) { 3745 char ipbuf[SPPP_IPCPOPT_NAMELEN]; 3746 addlog(" %s", 3747 sppp_ipcp_opt_name(ipbuf, sizeof(ipbuf), *p)); 3748 } 3749 switch (p[0]) { 3750 case IPCP_OPT_ADDRESS: 3751 /* 3752 * Peer doesn't grok address option. This is 3753 * bad. XXX Should we better give up here? 3754 */ 3755 if (!debug) { 3756 SPPP_LOG(sp, LOG_ERR, 3757 "IPCP address option rejected\n"); 3758 } 3759 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_ADDRESS); 3760 break; 3761 #ifdef notyet 3762 case IPCP_OPT_COMPRESS: 3763 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_COMPRESS); 3764 break; 3765 #endif 3766 case IPCP_OPT_PRIMDNS: 3767 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS); 3768 break; 3769 3770 case IPCP_OPT_SECDNS: 3771 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS); 3772 break; 3773 } 3774 } 3775 if (debug) 3776 addlog("\n"); 3777 end: 3778 return; 3779 } 3780 3781 /* 3782 * Analyze the IPCP Configure-NAK option list, and adjust our 3783 * negotiation. 3784 */ 3785 static void 3786 sppp_ipcp_confnak(struct sppp *sp, struct lcp_header *h, int len) 3787 { 3788 u_char *p, l; 3789 struct ifnet *ifp = &sp->pp_if; 3790 int debug = ifp->if_flags & IFF_DEBUG; 3791 uint32_t wantaddr; 3792 3793 KASSERT(SPPP_WLOCKED(sp)); 3794 3795 len -= sizeof(*h); 3796 3797 debug = sppp_debug_enabled(sp); 3798 3799 if (debug) 3800 SPPP_LOG(sp, LOG_DEBUG, "ipcp nak opts:"); 3801 3802 p = (void *)(h + 1); 3803 for (; len > 1; len -= l, p += l) { 3804 l = p[1]; 3805 if (l == 0) 3806 break; 3807 3808 /* Sanity check option length */ 3809 if (l > len) { 3810 /* XXX should we just RXJ? */ 3811 if (debug) 3812 addlog("\n"); 3813 SPPP_LOG(sp, LOG_DEBUG, 3814 "malicious IPCP option received, dropping\n"); 3815 return; 3816 } 3817 if (debug) { 3818 char ipbuf[SPPP_IPCPOPT_NAMELEN]; 3819 addlog(" %s", 3820 sppp_ipcp_opt_name(ipbuf, sizeof(ipbuf), *p)); 3821 } 3822 switch (*p) { 3823 case IPCP_OPT_ADDRESS: 3824 /* 3825 * Peer doesn't like our local IP address. See 3826 * if we can do something for him. We'll drop 3827 * him our address then. 3828 */ 3829 if (len >= 6 && l == 6) { 3830 wantaddr = p[2] << 24 | p[3] << 16 | 3831 p[4] << 8 | p[5]; 3832 SET(sp->ipcp.opts, SPPP_IPCP_OPT_ADDRESS); 3833 if (debug) { 3834 char dqbuf[SPPP_DOTQUAD_BUFLEN]; 3835 const char *dq; 3836 3837 dq = sppp_dotted_quad(dqbuf, 3838 sizeof(dqbuf), wantaddr); 3839 addlog(" [wantaddr %s]", dq); 3840 } 3841 /* 3842 * When doing dynamic address assignment, 3843 * we accept his offer. Otherwise, we 3844 * ignore it and thus continue to negotiate 3845 * our already existing value. 3846 */ 3847 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3848 if (ntohl(wantaddr) != INADDR_ANY) { 3849 if (debug) 3850 addlog(" [agree]"); 3851 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3852 sp->ipcp.req_myaddr = wantaddr; 3853 } else { 3854 if (debug) 3855 addlog(" [not agreed]"); 3856 } 3857 } 3858 } 3859 break; 3860 3861 case IPCP_OPT_PRIMDNS: 3862 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS) && 3863 len >= 6 && l == 6) { 3864 sp->dns_addrs[0] = p[2] << 24 | p[3] << 16 | 3865 p[4] << 8 | p[5]; 3866 } 3867 break; 3868 3869 case IPCP_OPT_SECDNS: 3870 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS) && 3871 len >= 6 && l == 6) { 3872 sp->dns_addrs[1] = p[2] << 24 | p[3] << 16 | 3873 p[4] << 8 | p[5]; 3874 } 3875 break; 3876 #ifdef notyet 3877 case IPCP_OPT_COMPRESS: 3878 /* 3879 * Peer wants different compression parameters. 3880 */ 3881 break; 3882 #endif 3883 } 3884 } 3885 if (debug) 3886 addlog("\n"); 3887 } 3888 3889 static void 3890 sppp_ipcp_tlu(struct sppp *sp) 3891 { 3892 #ifdef INET 3893 struct ifnet *ifp; 3894 3895 KASSERT(SPPP_WLOCKED(sp)); 3896 3897 SPPP_LOG(sp, LOG_INFO, "IPCP layer up\n"); 3898 ifp = &sp->pp_if; 3899 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && 3900 ((sp->ipcp.flags & IPCP_MYADDR_SEEN) == 0)) { 3901 SPPP_LOG(sp, LOG_WARNING, 3902 "no IP address, closing IPCP\n"); 3903 sppp_wq_add(sp->wq_cp, 3904 &sp->scp[IDX_IPCP].work_close); 3905 } else { 3906 /* we are up. Set addresses and notify anyone interested */ 3907 sppp_set_ip_addrs(sp); 3908 rt_ifmsg(ifp); 3909 } 3910 #endif 3911 } 3912 3913 static void 3914 sppp_ipcp_tld(struct sppp *sp) 3915 { 3916 #ifdef INET 3917 struct ifnet *ifp; 3918 3919 KASSERT(SPPP_WLOCKED(sp)); 3920 3921 SPPP_LOG(sp, LOG_INFO, "IPCP layer down\n"); 3922 ifp = &sp->pp_if; 3923 rt_ifmsg(ifp); 3924 #endif 3925 } 3926 3927 static void 3928 sppp_ipcp_scr(struct sppp *sp) 3929 { 3930 uint8_t opt[6 /* compression */ + 6 /* address */ + 12 /* dns addresses */]; 3931 #ifdef INET 3932 uint32_t ouraddr; 3933 #endif 3934 int i = 0; 3935 3936 KASSERT(SPPP_WLOCKED(sp)); 3937 3938 #ifdef notyet 3939 if (ISSET(sp->ipcp.opts,SPPP_IPCP_OPT_COMPRESSION)) { 3940 opt[i++] = IPCP_OPT_COMPRESSION; 3941 opt[i++] = 6; 3942 opt[i++] = 0; /* VJ header compression */ 3943 opt[i++] = 0x2d; /* VJ header compression */ 3944 opt[i++] = max_slot_id; 3945 opt[i++] = comp_slot_id; 3946 } 3947 #endif 3948 3949 #ifdef INET 3950 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_ADDRESS)) { 3951 if (sp->ipcp.flags & IPCP_MYADDR_SEEN) { 3952 ouraddr = sp->ipcp.req_myaddr; /* not sure if this can ever happen */ 3953 } else { 3954 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3955 } 3956 opt[i++] = IPCP_OPT_ADDRESS; 3957 opt[i++] = 6; 3958 opt[i++] = ouraddr >> 24; 3959 opt[i++] = ouraddr >> 16; 3960 opt[i++] = ouraddr >> 8; 3961 opt[i++] = ouraddr; 3962 } 3963 #endif 3964 3965 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS)) { 3966 opt[i++] = IPCP_OPT_PRIMDNS; 3967 opt[i++] = 6; 3968 opt[i++] = sp->dns_addrs[0] >> 24; 3969 opt[i++] = sp->dns_addrs[0] >> 16; 3970 opt[i++] = sp->dns_addrs[0] >> 8; 3971 opt[i++] = sp->dns_addrs[0]; 3972 } 3973 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS)) { 3974 opt[i++] = IPCP_OPT_SECDNS; 3975 opt[i++] = 6; 3976 opt[i++] = sp->dns_addrs[1] >> 24; 3977 opt[i++] = sp->dns_addrs[1] >> 16; 3978 opt[i++] = sp->dns_addrs[1] >> 8; 3979 opt[i++] = sp->dns_addrs[1]; 3980 } 3981 3982 sp->scp[IDX_IPCP].confid = ++sp->scp[IDX_IPCP].seq; 3983 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->scp[IDX_IPCP].confid, i, &opt); 3984 } 3985 3986 /* 3987 *--------------------------------------------------------------------------* 3988 * * 3989 * The IPv6CP implementation. * 3990 * * 3991 *--------------------------------------------------------------------------* 3992 */ 3993 3994 #ifdef INET6 3995 static void 3996 sppp_ipv6cp_init(struct sppp *sp) 3997 { 3998 3999 KASSERT(SPPP_WLOCKED(sp)); 4000 4001 sppp_cp_init(&ipv6cp, sp); 4002 4003 sp->ipv6cp.opts = 0; 4004 sp->ipv6cp.flags = 0; 4005 } 4006 4007 static void 4008 sppp_ipv6cp_open(struct sppp *sp, void *xcp) 4009 { 4010 struct in6_addr myaddr, hisaddr; 4011 4012 KASSERT(SPPP_WLOCKED(sp)); 4013 KASSERT(!cpu_softintr_p()); 4014 4015 if (!ISSET(sp->pp_ncpflags, SPPP_NCP_IPV6CP)) 4016 return; 4017 4018 #ifdef IPV6CP_MYIFID_DYN 4019 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 4020 #else 4021 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 4022 #endif 4023 4024 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 4025 /* 4026 * If we don't have our address, this probably means our 4027 * interface doesn't want to talk IPv6 at all. (This could 4028 * be the case if somebody wants to speak only IPX, for 4029 * example.) Don't open IPv6CP in this case. 4030 */ 4031 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 4032 /* XXX this message should go away */ 4033 SPPP_DLOG(sp, "ipv6cp_open(): no IPv6 interface\n"); 4034 return; 4035 } 4036 4037 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 4038 SET(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_IFID); 4039 sppp_open_event(sp, xcp); 4040 } 4041 4042 /* 4043 * Analyze a configure request. Return true if it was agreeable, and 4044 * caused action sca, false if it has been rejected or nak'ed, and 4045 * caused action scn. (The return value is used to make the state 4046 * transition decision in the state automaton.) 4047 */ 4048 static enum cp_rcr_type 4049 sppp_ipv6cp_confreq(struct sppp *sp, struct lcp_header *h, int origlen, 4050 uint8_t **msgbuf, size_t *buflen, size_t *msglen) 4051 { 4052 u_char *buf, *r, *p, l, blen; 4053 int rlen, len; 4054 struct in6_addr myaddr, desiredaddr, suggestaddr; 4055 enum cp_rcr_type type; 4056 int ifidcount; 4057 int collision, nohisaddr; 4058 char ip6buf[INET6_ADDRSTRLEN]; 4059 char tbuf[SPPP_CPTYPE_NAMELEN]; 4060 char ipv6buf[SPPP_IPV6CPOPT_NAMELEN]; 4061 const char *cpname; 4062 bool debug; 4063 4064 KASSERT(SPPP_WLOCKED(sp)); 4065 4066 debug = sppp_debug_enabled(sp); 4067 type = CP_RCR_NONE; 4068 origlen -= sizeof(*h); 4069 4070 if (origlen < 0) 4071 return CP_RCR_DROP; 4072 4073 /* 4074 * Make sure to allocate a buf that can at least hold a 4075 * conf-nak with an `address' option. We might need it below. 4076 */ 4077 blen = MAX(6, origlen); 4078 4079 buf = kmem_intr_alloc(blen, KM_NOSLEEP); 4080 if (buf == NULL) 4081 return CP_RCR_DROP; 4082 4083 /* pass 1: see if we can recognize them */ 4084 if (debug) 4085 SPPP_LOG(sp, LOG_DEBUG, "ipv6cp parse opts:"); 4086 p = (void *)(h + 1); 4087 r = buf; 4088 rlen = 0; 4089 ifidcount = 0; 4090 for (len = origlen; len > 1; len -= l, p += l) { 4091 l = p[1]; 4092 if (l == 0) 4093 break; 4094 4095 /* Sanity check option length */ 4096 if (l > len) { 4097 /* XXX just RXJ? */ 4098 if (debug) 4099 addlog("\n"); 4100 SPPP_LOG(sp, LOG_DEBUG, 4101 "received malicious IPCPv6 option, " 4102 "dropping\n"); 4103 type = CP_RCR_ERR; 4104 goto end; 4105 } 4106 if (debug) { 4107 addlog(" %s", sppp_ipv6cp_opt_name(ipv6buf, 4108 sizeof(ipv6buf),*p)); 4109 } 4110 switch (p[0]) { 4111 case IPV6CP_OPT_IFID: 4112 if (len >= 10 && l == 10 && ifidcount == 0) { 4113 /* correctly formed address option */ 4114 ifidcount++; 4115 continue; 4116 } 4117 if (debug) 4118 addlog(" [invalid]"); 4119 break; 4120 #ifdef notyet 4121 case IPV6CP_OPT_COMPRESSION: 4122 if (len >= 4 && l >= 4) { 4123 /* correctly formed compress option */ 4124 continue; 4125 } 4126 if (debug) 4127 addlog(" [invalid]"); 4128 break; 4129 #endif 4130 default: 4131 /* Others not supported. */ 4132 if (debug) 4133 addlog(" [rej]"); 4134 break; 4135 } 4136 if (rlen + l > blen) { 4137 if (debug) 4138 addlog(" [overflow]"); 4139 continue; 4140 } 4141 /* Add the option to rejected list. */ 4142 memcpy(r, p, l); 4143 r += l; 4144 rlen += l; 4145 } 4146 4147 if (rlen > 0) { 4148 type = CP_RCR_REJ; 4149 goto end; 4150 } 4151 4152 if (debug) 4153 addlog("\n"); 4154 4155 /* pass 2: parse option values */ 4156 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 4157 if (debug) 4158 SPPP_LOG(sp, LOG_DEBUG, "ipv6cp parse opt values:"); 4159 p = (void *)(h + 1); 4160 r = buf; 4161 rlen = 0; 4162 type = CP_RCR_ACK; 4163 for (len = origlen; len > 1; len -= l, p += l) { 4164 l = p[1]; 4165 if (l == 0) 4166 break; 4167 4168 if (debug) { 4169 addlog(" %s", sppp_ipv6cp_opt_name(ipv6buf, 4170 sizeof(ipv6buf), *p)); 4171 } 4172 switch (p[0]) { 4173 #ifdef notyet 4174 case IPV6CP_OPT_COMPRESSION: 4175 continue; 4176 #endif 4177 case IPV6CP_OPT_IFID: 4178 memset(&desiredaddr, 0, sizeof(desiredaddr)); 4179 memcpy(&desiredaddr.s6_addr[8], &p[2], 8); 4180 collision = (memcmp(&desiredaddr.s6_addr[8], 4181 &myaddr.s6_addr[8], 8) == 0); 4182 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 4183 4184 desiredaddr.s6_addr16[0] = htons(0xfe80); 4185 (void)in6_setscope(&desiredaddr, &sp->pp_if, NULL); 4186 4187 if (!collision && !nohisaddr) { 4188 /* no collision, hisaddr known - Conf-Ack */ 4189 type = CP_RCR_ACK; 4190 memcpy(sp->ipv6cp.my_ifid, &myaddr.s6_addr[8], 4191 sizeof(sp->ipv6cp.my_ifid)); 4192 memcpy(sp->ipv6cp.his_ifid, 4193 &desiredaddr.s6_addr[8], 4194 sizeof(sp->ipv6cp.my_ifid)); 4195 4196 if (debug) { 4197 cpname = sppp_cp_type_name(tbuf, 4198 sizeof(tbuf), CONF_ACK); 4199 addlog(" %s [%s]", 4200 IN6_PRINT(ip6buf, &desiredaddr), 4201 cpname); 4202 } 4203 continue; 4204 } 4205 4206 memset(&suggestaddr, 0, sizeof(suggestaddr)); 4207 if (collision && nohisaddr) { 4208 /* collision, hisaddr unknown - Conf-Rej */ 4209 type = CP_RCR_REJ; 4210 memset(&p[2], 0, 8); 4211 } else { 4212 /* 4213 * - no collision, hisaddr unknown, or 4214 * - collision, hisaddr known 4215 * Conf-Nak, suggest hisaddr 4216 */ 4217 type = CP_RCR_NAK; 4218 sppp_suggest_ip6_addr(sp, &suggestaddr); 4219 memcpy(&p[2], &suggestaddr.s6_addr[8], 8); 4220 } 4221 if (debug) { 4222 int ctype = type == CP_RCR_REJ ? CONF_REJ : CONF_NAK; 4223 4224 cpname = sppp_cp_type_name(tbuf, sizeof(tbuf), ctype); 4225 addlog(" %s [%s]", IN6_PRINT(ip6buf, &desiredaddr), 4226 cpname); 4227 } 4228 break; 4229 } 4230 if (rlen + l > blen) { 4231 if (debug) 4232 addlog(" [overflow]"); 4233 continue; 4234 } 4235 /* Add the option to nak'ed list. */ 4236 memcpy(r, p, l); 4237 r += l; 4238 rlen += l; 4239 } 4240 4241 if (rlen > 0) { 4242 if (type != CP_RCR_ACK) { 4243 if (debug) { 4244 int ctype ; 4245 ctype = type == CP_RCR_REJ ? 4246 CONF_REJ : CONF_NAK; 4247 cpname = sppp_cp_type_name(tbuf, sizeof(tbuf), ctype); 4248 addlog(" send %s suggest %s\n", 4249 cpname, IN6_PRINT(ip6buf, &suggestaddr)); 4250 } 4251 } 4252 #ifdef notdef 4253 if (type == CP_RCR_ACK) 4254 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 4255 #endif 4256 } else { 4257 if (type == CP_RCR_ACK) { 4258 rlen = origlen; 4259 memcpy(r, h + 1, rlen); 4260 } 4261 } 4262 end: 4263 if (debug) 4264 addlog("\n"); 4265 4266 if (type == CP_RCR_ERR || type == CP_RCR_DROP) { 4267 if (buf != NULL) 4268 kmem_intr_free(buf, blen); 4269 } else { 4270 *msgbuf = buf; 4271 *buflen = blen; 4272 *msglen = rlen; 4273 } 4274 4275 return type; 4276 } 4277 4278 /* 4279 * Analyze the IPv6CP Configure-Reject option list, and adjust our 4280 * negotiation. 4281 */ 4282 static void 4283 sppp_ipv6cp_confrej(struct sppp *sp, struct lcp_header *h, int len) 4284 { 4285 u_char *p, l; 4286 bool debug; 4287 4288 KASSERT(SPPP_WLOCKED(sp)); 4289 4290 if (len <= sizeof(*h)) 4291 return; 4292 4293 len -= sizeof(*h); 4294 debug = sppp_debug_enabled(sp); 4295 4296 if (debug) 4297 SPPP_LOG(sp, LOG_DEBUG, "ipv6cp rej opts:"); 4298 4299 p = (void *)(h + 1); 4300 for (; len > 1; len -= l, p += l) { 4301 l = p[1]; 4302 if (l == 0) 4303 break; 4304 4305 if (l > len) { 4306 /* XXX just RXJ? */ 4307 if (debug) 4308 addlog("\n"); 4309 SPPP_LOG(sp, LOG_DEBUG, 4310 "received malicious IPCPv6 option, " 4311 "dropping\n"); 4312 goto end; 4313 } 4314 if (debug) { 4315 char ipv6buf[SPPP_IPV6CPOPT_NAMELEN]; 4316 addlog(" %s", sppp_ipv6cp_opt_name(ipv6buf, 4317 sizeof(ipv6buf), *p)); 4318 } 4319 switch (p[0]) { 4320 case IPV6CP_OPT_IFID: 4321 /* 4322 * Peer doesn't grok address option. This is 4323 * bad. XXX Should we better give up here? 4324 */ 4325 CLR(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_IFID); 4326 break; 4327 #ifdef notyet 4328 case IPV6CP_OPT_COMPRESS: 4329 CLR(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_COMPRESS); 4330 break; 4331 #endif 4332 } 4333 } 4334 if (debug) 4335 addlog("\n"); 4336 end: 4337 return; 4338 } 4339 4340 /* 4341 * Analyze the IPv6CP Configure-NAK option list, and adjust our 4342 * negotiation. 4343 */ 4344 static void 4345 sppp_ipv6cp_confnak(struct sppp *sp, struct lcp_header *h, int len) 4346 { 4347 u_char *p, l; 4348 struct in6_addr suggestaddr; 4349 char ip6buf[INET6_ADDRSTRLEN]; 4350 bool debug; 4351 4352 KASSERT(SPPP_WLOCKED(sp)); 4353 4354 if (len <= sizeof(*h)) 4355 return; 4356 4357 len -= sizeof(*h); 4358 debug = sppp_debug_enabled(sp); 4359 4360 if (debug) 4361 SPPP_LOG(sp, LOG_DEBUG, "ipv6cp nak opts:"); 4362 4363 p = (void *)(h + 1); 4364 for (; len > 1; len -= l, p += l) { 4365 l = p[1]; 4366 if (l == 0) 4367 break; 4368 4369 if (l > len) { 4370 /* XXX just RXJ? */ 4371 if (debug) 4372 addlog("\n"); 4373 SPPP_LOG(sp, LOG_DEBUG, 4374 "received malicious IPCPv6 option, " 4375 "dropping\n"); 4376 goto end; 4377 } 4378 if (debug) { 4379 char ipv6buf[SPPP_IPV6CPOPT_NAMELEN]; 4380 addlog(" %s", sppp_ipv6cp_opt_name(ipv6buf, 4381 sizeof(ipv6buf), *p)); 4382 } 4383 switch (p[0]) { 4384 case IPV6CP_OPT_IFID: 4385 /* 4386 * Peer doesn't like our local ifid. See 4387 * if we can do something for him. We'll drop 4388 * him our address then. 4389 */ 4390 if (len < 10 || l != 10) 4391 break; 4392 memset(&suggestaddr, 0, sizeof(suggestaddr)); 4393 suggestaddr.s6_addr16[0] = htons(0xfe80); 4394 (void)in6_setscope(&suggestaddr, &sp->pp_if, NULL); 4395 memcpy(&suggestaddr.s6_addr[8], &p[2], 8); 4396 4397 SET(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_IFID); 4398 if (debug) 4399 addlog(" [suggestaddr %s]", 4400 IN6_PRINT(ip6buf, &suggestaddr)); 4401 #ifdef IPV6CP_MYIFID_DYN 4402 /* 4403 * When doing dynamic address assignment, 4404 * we accept his offer. 4405 */ 4406 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 4407 struct in6_addr lastsuggest; 4408 /* 4409 * If <suggested myaddr from peer> equals to 4410 * <hisaddr we have suggested last time>, 4411 * we have a collision. generate new random 4412 * ifid. 4413 */ 4414 sppp_suggest_ip6_addr(&lastsuggest); 4415 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 4416 lastsuggest)) { 4417 if (debug) 4418 addlog(" [random]"); 4419 sppp_gen_ip6_addr(sp, &suggestaddr); 4420 } 4421 sppp_set_ip6_addr(sp, &suggestaddr, 0); 4422 if (debug) 4423 addlog(" [agree]"); 4424 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 4425 } 4426 #else 4427 /* 4428 * Since we do not do dynamic address assignment, 4429 * we ignore it and thus continue to negotiate 4430 * our already existing value. This can possibly 4431 * go into infinite request-reject loop. 4432 * 4433 * This is not likely because we normally use 4434 * ifid based on MAC-address. 4435 * If you have no ethernet card on the node, too bad. 4436 * XXX should we use fail_counter? 4437 */ 4438 #endif 4439 break; 4440 #ifdef notyet 4441 case IPV6CP_OPT_COMPRESS: 4442 /* 4443 * Peer wants different compression parameters. 4444 */ 4445 break; 4446 #endif 4447 } 4448 } 4449 if (debug) 4450 addlog("\n"); 4451 end: 4452 return; 4453 } 4454 4455 static void 4456 sppp_ipv6cp_tlu(struct sppp *sp) 4457 { 4458 struct ifnet *ifp; 4459 4460 KASSERT(SPPP_WLOCKED(sp)); 4461 4462 SPPP_LOG(sp, LOG_INFO, "IPv6CP layer up\n"); 4463 ifp = &sp->pp_if; 4464 /* we are up - notify isdn daemon */ 4465 sppp_notify_con_wlocked(sp); 4466 rt_ifmsg(ifp); 4467 } 4468 4469 static void 4470 sppp_ipv6cp_tld(struct sppp *sp) 4471 { 4472 struct ifnet *ifp; 4473 4474 KASSERT(SPPP_WLOCKED(sp)); 4475 4476 SPPP_LOG(sp, LOG_INFO, "IPv6CP layer down\n"); 4477 ifp = &sp->pp_if; 4478 rt_ifmsg(ifp); 4479 } 4480 4481 static void 4482 sppp_ipv6cp_scr(struct sppp *sp) 4483 { 4484 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 4485 struct in6_addr ouraddr; 4486 int i = 0; 4487 4488 KASSERT(SPPP_WLOCKED(sp)); 4489 4490 if (ISSET(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_IFID)) { 4491 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 4492 4493 opt[i++] = IPV6CP_OPT_IFID; 4494 opt[i++] = 10; 4495 memcpy(&opt[i], &ouraddr.s6_addr[8], 8); 4496 i += 8; 4497 } 4498 4499 #ifdef notyet 4500 if (ISSET(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_COMPRESSION)) { 4501 opt[i++] = IPV6CP_OPT_COMPRESSION; 4502 opt[i++] = 4; 4503 opt[i++] = 0; /* TBD */ 4504 opt[i++] = 0; /* TBD */ 4505 /* variable length data may follow */ 4506 } 4507 #endif 4508 4509 sp->scp[IDX_IPV6CP].confid = ++sp->scp[IDX_IPV6CP].seq; 4510 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->scp[IDX_IPV6CP].confid, i, &opt); 4511 } 4512 #else /*INET6*/ 4513 static void 4514 sppp_ipv6cp_init(struct sppp *sp) 4515 { 4516 4517 KASSERT(SPPP_WLOCKED(sp)); 4518 } 4519 4520 static void 4521 sppp_ipv6cp_open(struct sppp *sp, void *xcp) 4522 { 4523 4524 KASSERT(SPPP_WLOCKED(sp)); 4525 } 4526 4527 static enum cp_rcr_type 4528 sppp_ipv6cp_confreq(struct sppp *sp, struct lcp_header *h, 4529 int len, uint8_t **msgbuf, size_t *buflen, size_t *msglen) 4530 { 4531 4532 KASSERT(SPPP_WLOCKED(sp)); 4533 return 0; 4534 } 4535 4536 static void 4537 sppp_ipv6cp_confrej(struct sppp *sp, struct lcp_header *h, 4538 int len) 4539 { 4540 4541 KASSERT(SPPP_WLOCKED(sp)); 4542 } 4543 4544 static void 4545 sppp_ipv6cp_confnak(struct sppp *sp, struct lcp_header *h, 4546 int len) 4547 { 4548 4549 KASSERT(SPPP_WLOCKED(sp)); 4550 } 4551 4552 static void 4553 sppp_ipv6cp_tlu(struct sppp *sp) 4554 { 4555 4556 KASSERT(SPPP_WLOCKED(sp)); 4557 } 4558 4559 static void 4560 sppp_ipv6cp_tld(struct sppp *sp) 4561 { 4562 4563 KASSERT(SPPP_WLOCKED(sp)); 4564 } 4565 4566 static void 4567 sppp_ipv6cp_scr(struct sppp *sp) 4568 { 4569 4570 KASSERT(SPPP_WLOCKED(sp)); 4571 } 4572 #endif /*INET6*/ 4573 4574 /* 4575 *--------------------------------------------------------------------------* 4576 * * 4577 * The CHAP implementation. * 4578 * * 4579 *--------------------------------------------------------------------------* 4580 */ 4581 /* 4582 * The authentication protocols is implemented on the state machine for 4583 * control protocols. And it uses following actions and events. 4584 * 4585 * Actions: 4586 * - scr: send CHAP_CHALLENGE and CHAP_RESPONSE 4587 * - sca: send CHAP_SUCCESS 4588 * - scn: send CHAP_FAILURE and shutdown lcp 4589 * Events: 4590 * - RCR+: receive CHAP_RESPONSE containing correct digest 4591 * - RCR-: receive CHAP_RESPONSE containing wrong digest 4592 * - RCA: receive CHAP_SUCCESS 4593 * - RCN: (this event is unused) 4594 * - TO+: re-send CHAP_CHALLENGE and CHAP_RESPONSE 4595 * - TO-: this layer finish 4596 */ 4597 4598 /* 4599 * Handle incoming CHAP packets. 4600 */ 4601 void 4602 sppp_chap_input(struct sppp *sp, struct mbuf *m) 4603 { 4604 struct ifnet *ifp; 4605 struct lcp_header *h; 4606 int len, x; 4607 u_char *value, *name, digest[sizeof(sp->chap.challenge)]; 4608 int value_len, name_len; 4609 MD5_CTX ctx; 4610 char abuf[SPPP_AUTHTYPE_NAMELEN]; 4611 const char *authname; 4612 bool debug; 4613 4614 ifp = &sp->pp_if; 4615 debug = sppp_debug_enabled(sp); 4616 len = m->m_pkthdr.len; 4617 if (len < 4) { 4618 SPPP_DLOG(sp, "chap invalid packet length: " 4619 "%d bytes\n", len); 4620 return; 4621 } 4622 h = mtod(m, struct lcp_header *); 4623 if (len > ntohs(h->len)) 4624 len = ntohs(h->len); 4625 4626 SPPP_LOCK(sp, RW_WRITER); 4627 4628 switch (h->type) { 4629 /* challenge, failure and success are his authproto */ 4630 case CHAP_CHALLENGE: 4631 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 4632 /* can't do anything useful */ 4633 sp->pp_auth_failures++; 4634 SPPP_DLOG(sp, "chap input " 4635 "without my name and my secret being set\n"); 4636 break; 4637 } 4638 value = 1 + (u_char *)(h + 1); 4639 value_len = value[-1]; 4640 name = value + value_len; 4641 name_len = len - value_len - 5; 4642 if (name_len < 0) { 4643 if (debug) { 4644 authname = sppp_auth_type_name(abuf, 4645 sizeof(abuf), PPP_CHAP, h->type); 4646 SPPP_LOG(sp, LOG_DEBUG, 4647 "chap corrupted challenge " 4648 "<%s id=0x%x len=%d", 4649 authname, h->ident, ntohs(h->len)); 4650 if (len > 4) 4651 sppp_print_bytes((u_char *)(h + 1), 4652 len - 4); 4653 addlog(">\n"); 4654 } 4655 break; 4656 } 4657 4658 if (debug) { 4659 authname = sppp_auth_type_name(abuf, 4660 sizeof(abuf), PPP_CHAP, h->type); 4661 SPPP_LOG(sp, LOG_DEBUG, 4662 "chap input <%s id=0x%x len=%d name=", 4663 authname, h->ident, ntohs(h->len)); 4664 sppp_print_string((char *) name, name_len); 4665 addlog(" value-size=%d value=", value_len); 4666 sppp_print_bytes(value, value_len); 4667 addlog(">\n"); 4668 } 4669 4670 /* Compute reply value. */ 4671 MD5Init(&ctx); 4672 MD5Update(&ctx, &h->ident, 1); 4673 MD5Update(&ctx, sp->myauth.secret, sp->myauth.secret_len); 4674 MD5Update(&ctx, value, value_len); 4675 MD5Final(sp->chap.digest, &ctx); 4676 sp->chap.digest_len = sizeof(sp->chap.digest); 4677 sp->scp[IDX_CHAP].rconfid = h->ident; 4678 4679 sppp_wq_add(sp->wq_cp, &sp->chap.work_challenge_rcvd); 4680 break; 4681 4682 case CHAP_SUCCESS: 4683 if (debug) { 4684 SPPP_LOG(sp, LOG_DEBUG, "chap success"); 4685 if (len > 4) { 4686 addlog(": "); 4687 sppp_print_string((char *)(h + 1), len - 4); 4688 } 4689 addlog("\n"); 4690 } 4691 4692 if (h->ident != sp->scp[IDX_CHAP].rconfid) { 4693 SPPP_DLOG(sp, "%s id mismatch 0x%x != 0x%x\n", 4694 chap.name, h->ident, 4695 sp->scp[IDX_CHAP].rconfid); 4696 if_statinc(ifp, if_ierrors); 4697 break; 4698 } 4699 4700 if (sp->chap.digest_len == 0) { 4701 SPPP_DLOG(sp, "receive CHAP success" 4702 " without challenge\n"); 4703 if_statinc(ifp, if_ierrors); 4704 break; 4705 } 4706 4707 x = splnet(); 4708 sp->pp_auth_failures = 0; 4709 sp->pp_flags &= ~PP_NEEDAUTH; 4710 splx(x); 4711 memset(sp->chap.digest, 0, sizeof(sp->chap.digest)); 4712 sp->chap.digest_len = 0; 4713 4714 if (!ISSET(sppp_auth_role(&chap, sp), SPPP_AUTH_SERV)) { 4715 /* 4716 * we are not authenticator for CHAP, 4717 * generate a dummy RCR+ event without CHAP_RESPONSE 4718 */ 4719 sp->scp[IDX_CHAP].rcr_type = CP_RCR_ACK; 4720 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rcr); 4721 } 4722 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rca); 4723 break; 4724 4725 case CHAP_FAILURE: 4726 if (h->ident != sp->scp[IDX_CHAP].rconfid) { 4727 SPPP_DLOG(sp, "%s id mismatch 0x%x != 0x%x\n", 4728 chap.name, h->ident, sp->scp[IDX_CHAP].rconfid); 4729 if_statinc(ifp, if_ierrors); 4730 break; 4731 } 4732 4733 if (sp->chap.digest_len == 0) { 4734 SPPP_DLOG(sp, "receive CHAP failure " 4735 "without challenge\n"); 4736 if_statinc(ifp, if_ierrors); 4737 break; 4738 } 4739 4740 x = splnet(); 4741 sp->pp_auth_failures++; 4742 splx(x); 4743 SPPP_LOG(sp, LOG_INFO, "chap failure"); 4744 if (debug) { 4745 if (len > 4) { 4746 addlog(": "); 4747 sppp_print_string((char *)(h + 1), len - 4); 4748 } 4749 } 4750 addlog("\n"); 4751 4752 memset(sp->chap.digest, 0, sizeof(sp->chap.digest)); 4753 sp->chap.digest_len = 0; 4754 /* 4755 * await LCP shutdown by authenticator, 4756 * so we don't have to enqueue sc->scp[IDX_CHAP].work_rcn 4757 */ 4758 break; 4759 4760 /* response is my authproto */ 4761 case CHAP_RESPONSE: 4762 if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) { 4763 /* can't do anything useful */ 4764 SPPP_DLOG(sp, "chap response " 4765 "without his name and his secret being set\n"); 4766 break; 4767 } 4768 value = 1 + (u_char *)(h + 1); 4769 value_len = value[-1]; 4770 name = value + value_len; 4771 name_len = len - value_len - 5; 4772 if (name_len < 0) { 4773 if (debug) { 4774 authname = sppp_auth_type_name(abuf, 4775 sizeof(abuf), PPP_CHAP, h->type); 4776 SPPP_LOG(sp, LOG_DEBUG, 4777 "chap corrupted response " 4778 "<%s id=0x%x len=%d", 4779 authname, h->ident, ntohs(h->len)); 4780 if (len > 4) 4781 sppp_print_bytes((u_char *)(h + 1), 4782 len - 4); 4783 addlog(">\n"); 4784 } 4785 break; 4786 } 4787 if (h->ident != sp->scp[IDX_CHAP].confid) { 4788 SPPP_DLOG(sp, "chap dropping response for old ID " 4789 "(got %d, expected %d)\n", 4790 h->ident, sp->scp[IDX_CHAP].confid); 4791 break; 4792 } else { 4793 sp->scp[IDX_CHAP].rconfid = h->ident; 4794 } 4795 4796 if (sp->hisauth.name != NULL && 4797 (name_len != sp->hisauth.name_len 4798 || memcmp(name, sp->hisauth.name, name_len) != 0)) { 4799 SPPP_LOG(sp, LOG_INFO, 4800 "chap response, his name "); 4801 sppp_print_string(name, name_len); 4802 addlog(" != expected "); 4803 sppp_print_string(sp->hisauth.name, 4804 sp->hisauth.name_len); 4805 addlog("\n"); 4806 4807 /* generate RCR- event */ 4808 sp->scp[IDX_CHAP].rcr_type = CP_RCR_NAK; 4809 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rcr); 4810 break; 4811 } 4812 4813 if (debug) { 4814 authname = sppp_auth_type_name(abuf, 4815 sizeof(abuf), PPP_CHAP, h->type); 4816 SPPP_LOG(sp, LOG_DEBUG, "chap input(%s) " 4817 "<%s id=0x%x len=%d name=", 4818 sppp_state_name(sp->scp[IDX_CHAP].state), 4819 authname, h->ident, ntohs(h->len)); 4820 sppp_print_string((char *)name, name_len); 4821 addlog(" value-size=%d value=", value_len); 4822 sppp_print_bytes(value, value_len); 4823 addlog(">\n"); 4824 } 4825 4826 if (value_len == sizeof(sp->chap.challenge) && 4827 value_len == sizeof(sp->chap.digest)) { 4828 MD5Init(&ctx); 4829 MD5Update(&ctx, &h->ident, 1); 4830 MD5Update(&ctx, sp->hisauth.secret, sp->hisauth.secret_len); 4831 MD5Update(&ctx, sp->chap.challenge, sizeof(sp->chap.challenge)); 4832 MD5Final(digest, &ctx); 4833 4834 if (memcmp(digest, value, value_len) == 0) { 4835 sp->scp[IDX_CHAP].rcr_type = CP_RCR_ACK; 4836 } else { 4837 sp->scp[IDX_CHAP].rcr_type = CP_RCR_NAK; 4838 } 4839 } else { 4840 if (debug) { 4841 SPPP_LOG(sp, LOG_DEBUG, 4842 "chap bad hash value length: " 4843 "%d bytes, should be %zu\n", 4844 value_len, sizeof(sp->chap.challenge)); 4845 } 4846 4847 sp->scp[IDX_CHAP].rcr_type = CP_RCR_NAK; 4848 } 4849 4850 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rcr); 4851 4852 /* generate a dummy RCA event */ 4853 if (sp->scp[IDX_CHAP].rcr_type == CP_RCR_ACK && 4854 (!ISSET(sppp_auth_role(&chap, sp), SPPP_AUTH_PEER) || 4855 sp->chap.rechallenging)) { 4856 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rca); 4857 } 4858 break; 4859 4860 default: 4861 /* Unknown CHAP packet type -- ignore. */ 4862 if (debug) { 4863 SPPP_LOG(sp, LOG_DEBUG, "chap unknown input(%s) " 4864 "<0x%x id=0x%xh len=%d", 4865 sppp_state_name(sp->scp[IDX_CHAP].state), 4866 h->type, h->ident, ntohs(h->len)); 4867 if (len > 4) 4868 sppp_print_bytes((u_char *)(h + 1), len - 4); 4869 addlog(">\n"); 4870 } 4871 break; 4872 4873 } 4874 4875 SPPP_UNLOCK(sp); 4876 } 4877 4878 static void 4879 sppp_chap_init(struct sppp *sp) 4880 { 4881 4882 KASSERT(SPPP_WLOCKED(sp)); 4883 4884 sppp_cp_init(&chap, sp); 4885 4886 SPPP_WQ_SET(&sp->chap.work_challenge_rcvd, 4887 sppp_chap_rcv_challenge_event, &chap); 4888 } 4889 4890 static void 4891 sppp_chap_open(struct sppp *sp, void *xcp) 4892 { 4893 4894 KASSERT(SPPP_WLOCKED(sp)); 4895 4896 memset(sp->chap.digest, 0, sizeof(sp->chap.digest)); 4897 sp->chap.digest_len = 0; 4898 sp->chap.rechallenging = false; 4899 sp->chap.response_rcvd = false; 4900 sppp_open_event(sp, xcp); 4901 } 4902 4903 static void 4904 sppp_chap_tlu(struct sppp *sp) 4905 { 4906 int i, x; 4907 4908 KASSERT(SPPP_WLOCKED(sp)); 4909 4910 i = 0; 4911 sp->scp[IDX_CHAP].rst_counter = sp->lcp.max_configure; 4912 x = splnet(); 4913 sp->pp_auth_failures = 0; 4914 splx(x); 4915 4916 SPPP_LOG(sp, LOG_DEBUG, "chap %s", 4917 sp->pp_phase == SPPP_PHASE_NETWORK ? "reconfirmed" : "tlu"); 4918 4919 /* 4920 * Some broken CHAP implementations (Conware CoNet, firmware 4921 * 4.0.?) don't want to re-authenticate their CHAP once the 4922 * initial challenge-response exchange has taken place. 4923 * Provide for an option to avoid rechallenges. 4924 */ 4925 if (ISSET(sppp_auth_role(&chap, sp), SPPP_AUTH_SERV) && 4926 (sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) { 4927 /* 4928 * Compute the re-challenge timeout. This will yield 4929 * a number between 300 and 810 seconds. 4930 */ 4931 i = 300 + ((unsigned)(cprng_fast32() & 0xff00) >> 7); 4932 callout_schedule(&sp->scp[IDX_CHAP].ch, i * hz); 4933 4934 if (sppp_debug_enabled(sp)) { 4935 addlog(", next rechallenge in %d seconds", i); 4936 } 4937 } 4938 4939 addlog("\n"); 4940 4941 /* 4942 * If we are already in phase network, we are done here. This 4943 * is the case if this is a dummy tlu event after a re-challenge. 4944 */ 4945 if (sp->pp_phase != SPPP_PHASE_NETWORK) 4946 sppp_phase_network(sp); 4947 } 4948 4949 static void 4950 sppp_chap_scr(struct sppp *sp) 4951 { 4952 uint32_t *ch; 4953 u_char clen, dsize; 4954 int role; 4955 4956 KASSERT(SPPP_WLOCKED(sp)); 4957 4958 role = sppp_auth_role(&chap, sp); 4959 4960 if (ISSET(role, SPPP_AUTH_SERV) && 4961 !sp->chap.response_rcvd) { 4962 /* we are authenticator for CHAP, send challenge */ 4963 ch = (uint32_t *)sp->chap.challenge; 4964 clen = sizeof(sp->chap.challenge); 4965 /* Compute random challenge. */ 4966 cprng_strong(kern_cprng, ch, clen, 0); 4967 4968 sp->scp[IDX_CHAP].confid = ++sp->scp[IDX_CHAP].seq; 4969 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->scp[IDX_CHAP].confid, 4970 sizeof(clen), (const char *)&clen, 4971 sizeof(sp->chap.challenge), sp->chap.challenge, 4972 0); 4973 } 4974 4975 if (ISSET(role, SPPP_AUTH_PEER) && 4976 sp->chap.digest_len > 0) { 4977 /* we are peer for CHAP, send response */ 4978 dsize = sp->chap.digest_len; 4979 4980 sppp_auth_send(&chap, sp, CHAP_RESPONSE, sp->scp[IDX_CHAP].rconfid, 4981 sizeof(dsize), (const char *)&dsize, 4982 sp->chap.digest_len, sp->chap.digest, 4983 sp->myauth.name_len, sp->myauth.name, 0); 4984 } 4985 } 4986 4987 static void 4988 sppp_chap_rcv_challenge_event(struct sppp *sp, void *xcp) 4989 { 4990 const struct cp *cp = xcp; 4991 4992 KASSERT(!cpu_softintr_p()); 4993 4994 sp->chap.rechallenging = false; 4995 4996 switch (sp->scp[IDX_CHAP].state) { 4997 case STATE_REQ_SENT: 4998 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 4999 cp->scr(sp); 5000 break; 5001 case STATE_OPENED: 5002 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 5003 cp->scr(sp); 5004 break; 5005 } 5006 } 5007 5008 /* 5009 *--------------------------------------------------------------------------* 5010 * * 5011 * The PAP implementation. * 5012 * * 5013 *--------------------------------------------------------------------------* 5014 */ 5015 /* 5016 * PAP uses following actions and events. 5017 * Actions: 5018 * - scr: send PAP_REQ 5019 * - sca: send PAP_ACK 5020 * - scn: send PAP_NAK 5021 * Events: 5022 * - RCR+: receive PAP_REQ containing correct username and password 5023 * - RCR-: receive PAP_REQ containing wrong username and password 5024 * - RCA: receive PAP_ACK 5025 * - RCN: (this event is unused) 5026 * - TO+: re-send PAP_REQ 5027 * - TO-: this layer finish 5028 */ 5029 5030 /* 5031 * Handle incoming PAP packets. */ 5032 static void 5033 sppp_pap_input(struct sppp *sp, struct mbuf *m) 5034 { 5035 struct ifnet *ifp; 5036 struct lcp_header *h; 5037 int len, x; 5038 char *name, *secret; 5039 int name_len, secret_len; 5040 char abuf[SPPP_AUTHTYPE_NAMELEN]; 5041 const char *authname; 5042 bool debug; 5043 5044 ifp = &sp->pp_if; 5045 debug = sppp_debug_enabled(sp); 5046 5047 /* 5048 * Malicious input might leave this uninitialized, so 5049 * init to an impossible value. 5050 */ 5051 secret_len = -1; 5052 5053 len = m->m_pkthdr.len; 5054 if (len < 5) { 5055 SPPP_DLOG(sp, "pap invalid packet length: " 5056 "%d bytes\n", len); 5057 return; 5058 } 5059 h = mtod(m, struct lcp_header *); 5060 if (len > ntohs(h->len)) 5061 len = ntohs(h->len); 5062 5063 SPPP_LOCK(sp, RW_WRITER); 5064 5065 switch (h->type) { 5066 /* PAP request is my authproto */ 5067 case PAP_REQ: 5068 if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) { 5069 /* can't do anything useful */ 5070 SPPP_DLOG(sp, "pap request" 5071 " without his name and his secret being set\n"); 5072 break; 5073 } 5074 name = 1 + (u_char *)(h + 1); 5075 name_len = name[-1]; 5076 secret = name + name_len + 1; 5077 if (name_len > len - 6 || 5078 (secret_len = secret[-1]) > len - 6 - name_len) { 5079 if (debug) { 5080 authname = sppp_auth_type_name(abuf, 5081 sizeof(abuf), PPP_PAP, h->type); 5082 SPPP_LOG(sp, LOG_DEBUG, "pap corrupted input " 5083 "<%s id=0x%x len=%d", 5084 authname, h->ident, ntohs(h->len)); 5085 if (len > 4) 5086 sppp_print_bytes((u_char *)(h + 1), 5087 len - 4); 5088 addlog(">\n"); 5089 } 5090 break; 5091 } 5092 if (debug) { 5093 authname = sppp_auth_type_name(abuf, 5094 sizeof(abuf), PPP_PAP, h->type); 5095 SPPP_LOG(sp, LOG_DEBUG, "pap input(%s) " 5096 "<%s id=0x%x len=%d name=", 5097 sppp_state_name(sp->scp[IDX_PAP].state), 5098 authname, h->ident, ntohs(h->len)); 5099 sppp_print_string((char *)name, name_len); 5100 addlog(" secret="); 5101 sppp_print_string((char *)secret, secret_len); 5102 addlog(">\n"); 5103 } 5104 5105 sp->scp[IDX_PAP].rconfid = h->ident; 5106 5107 if (name_len == sp->hisauth.name_len && 5108 memcmp(name, sp->hisauth.name, name_len) == 0 && 5109 secret_len == sp->hisauth.secret_len && 5110 memcmp(secret, sp->hisauth.secret, secret_len) == 0) { 5111 sp->scp[IDX_PAP].rcr_type = CP_RCR_ACK; 5112 } else { 5113 sp->scp[IDX_PAP].rcr_type = CP_RCR_NAK; 5114 } 5115 5116 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rcr); 5117 5118 /* generate a dummy RCA event */ 5119 if (sp->scp[IDX_PAP].rcr_type == CP_RCR_ACK && 5120 !ISSET(sppp_auth_role(&pap, sp), SPPP_AUTH_PEER)) { 5121 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rca); 5122 } 5123 break; 5124 5125 /* ack and nak are his authproto */ 5126 case PAP_ACK: 5127 if (debug) { 5128 SPPP_LOG(sp, LOG_DEBUG, "pap success"); 5129 name = 1 + (u_char *)(h + 1); 5130 name_len = name[-1]; 5131 if (len > 5 && name_len < len+4) { 5132 addlog(": "); 5133 sppp_print_string(name, name_len); 5134 } 5135 addlog("\n"); 5136 } 5137 5138 if (h->ident != sp->scp[IDX_PAP].confid) { 5139 SPPP_DLOG(sp, "%s id mismatch 0x%x != 0x%x\n", 5140 pap.name, h->ident, sp->scp[IDX_PAP].rconfid); 5141 if_statinc(ifp, if_ierrors); 5142 break; 5143 } 5144 5145 x = splnet(); 5146 sp->pp_auth_failures = 0; 5147 sp->pp_flags &= ~PP_NEEDAUTH; 5148 splx(x); 5149 5150 /* we are not authenticator, generate a dummy RCR+ event */ 5151 if (!ISSET(sppp_auth_role(&pap, sp), SPPP_AUTH_SERV)) { 5152 sp->scp[IDX_PAP].rcr_type = CP_RCR_ACK; 5153 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rcr); 5154 } 5155 5156 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rca); 5157 break; 5158 5159 case PAP_NAK: 5160 if (debug) { 5161 SPPP_LOG(sp, LOG_INFO, "pap failure"); 5162 name = 1 + (u_char *)(h + 1); 5163 name_len = name[-1]; 5164 if (len > 5 && name_len < len+4) { 5165 addlog(": "); 5166 sppp_print_string(name, name_len); 5167 } 5168 addlog("\n"); 5169 } else { 5170 SPPP_LOG(sp, LOG_INFO, "pap failure\n"); 5171 } 5172 5173 if (h->ident != sp->scp[IDX_PAP].confid) { 5174 SPPP_DLOG(sp, "%s id mismatch 0x%x != 0x%x\n", 5175 pap.name, h->ident, sp->scp[IDX_PAP].rconfid); 5176 if_statinc(ifp, if_ierrors); 5177 break; 5178 } 5179 5180 sp->pp_auth_failures++; 5181 /* 5182 * await LCP shutdown by authenticator, 5183 * so we don't have to enqueue sc->scp[IDX_PAP].work_rcn 5184 */ 5185 break; 5186 5187 default: 5188 /* Unknown PAP packet type -- ignore. */ 5189 if (debug) { 5190 SPPP_LOG(sp, LOG_DEBUG, "pap corrupted input " 5191 "<0x%x id=0x%x len=%d", 5192 h->type, h->ident, ntohs(h->len)); 5193 if (len > 4) 5194 sppp_print_bytes((u_char *)(h + 1), len - 4); 5195 addlog(">\n"); 5196 } 5197 break; 5198 } 5199 5200 SPPP_UNLOCK(sp); 5201 } 5202 5203 static void 5204 sppp_pap_init(struct sppp *sp) 5205 { 5206 5207 KASSERT(SPPP_WLOCKED(sp)); 5208 sppp_cp_init(&pap, sp); 5209 } 5210 5211 static void 5212 sppp_pap_tlu(struct sppp *sp) 5213 { 5214 int x; 5215 5216 SPPP_DLOG(sp, "%s tlu\n", pap.name); 5217 5218 sp->scp[IDX_PAP].rst_counter = sp->lcp.max_configure; 5219 x = splnet(); 5220 sp->pp_auth_failures = 0; 5221 splx(x); 5222 5223 if (sp->pp_phase < SPPP_PHASE_NETWORK) 5224 sppp_phase_network(sp); 5225 } 5226 5227 static void 5228 sppp_pap_scr(struct sppp *sp) 5229 { 5230 u_char idlen, pwdlen; 5231 5232 KASSERT(SPPP_WLOCKED(sp)); 5233 5234 if (ISSET(sppp_auth_role(&pap, sp), SPPP_AUTH_PEER) && 5235 sp->scp[IDX_PAP].state != STATE_ACK_RCVD) { 5236 if (sp->myauth.secret == NULL || 5237 sp->myauth.name == NULL) { 5238 SPPP_LOG(sp, LOG_DEBUG, 5239 "couldn't send PAP_REQ " 5240 "because of no name or no secret\n"); 5241 } else { 5242 sp->scp[IDX_PAP].confid = ++sp->scp[IDX_PAP].seq; 5243 pwdlen = sp->myauth.secret_len; 5244 idlen = sp->myauth.name_len; 5245 5246 sppp_auth_send(&pap, sp, PAP_REQ, sp->scp[IDX_PAP].confid, 5247 sizeof idlen, (const char *)&idlen, 5248 idlen, sp->myauth.name, 5249 sizeof pwdlen, (const char *)&pwdlen, 5250 pwdlen, sp->myauth.secret, 5251 0); 5252 } 5253 } 5254 } 5255 5256 /* 5257 * Random miscellaneous functions. 5258 */ 5259 5260 /* 5261 * Send a PAP or CHAP proto packet. 5262 * 5263 * Varadic function, each of the elements for the ellipsis is of type 5264 * ``size_t mlen, const u_char *msg''. Processing will stop iff 5265 * mlen == 0. 5266 * NOTE: never declare variadic functions with types subject to type 5267 * promotion (i.e. u_char). This is asking for big trouble depending 5268 * on the architecture you are on... 5269 */ 5270 5271 static void 5272 sppp_auth_send(const struct cp *cp, struct sppp *sp, 5273 unsigned int type, unsigned int id, 5274 ...) 5275 { 5276 struct ifnet *ifp; 5277 struct lcp_header *lh; 5278 struct mbuf *m; 5279 u_char *p; 5280 int len; 5281 size_t pkthdrlen; 5282 unsigned int mlen; 5283 const char *msg; 5284 va_list ap; 5285 5286 KASSERT(SPPP_WLOCKED(sp)); 5287 5288 ifp = &sp->pp_if; 5289 5290 MGETHDR(m, M_DONTWAIT, MT_DATA); 5291 if (! m) 5292 return; 5293 m_reset_rcvif(m); 5294 5295 if (sp->pp_flags & PP_NOFRAMING) { 5296 *mtod(m, uint16_t *) = htons(cp->proto); 5297 pkthdrlen = 2; 5298 lh = (struct lcp_header *)(mtod(m, uint8_t *)+2); 5299 } else { 5300 struct ppp_header *h; 5301 h = mtod(m, struct ppp_header *); 5302 h->address = PPP_ALLSTATIONS; /* broadcast address */ 5303 h->control = PPP_UI; /* Unnumbered Info */ 5304 h->protocol = htons(cp->proto); 5305 pkthdrlen = PPP_HEADER_LEN; 5306 5307 lh = (struct lcp_header *)(h + 1); 5308 } 5309 5310 lh->type = type; 5311 lh->ident = id; 5312 p = (u_char *)(lh + 1); 5313 5314 va_start(ap, id); 5315 len = 0; 5316 5317 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 5318 msg = va_arg(ap, const char *); 5319 len += mlen; 5320 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) { 5321 va_end(ap); 5322 m_freem(m); 5323 return; 5324 } 5325 5326 memcpy(p, msg, mlen); 5327 p += mlen; 5328 } 5329 va_end(ap); 5330 5331 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 5332 lh->len = htons(LCP_HEADER_LEN + len); 5333 5334 if (sppp_debug_enabled(sp)) { 5335 char abuf[SPPP_AUTHTYPE_NAMELEN]; 5336 const char *authname; 5337 5338 authname = sppp_auth_type_name(abuf, 5339 sizeof(abuf), cp->proto, lh->type); 5340 SPPP_LOG(sp, LOG_DEBUG, "%s output <%s id=0x%x len=%d", 5341 cp->name, authname, 5342 lh->ident, ntohs(lh->len)); 5343 if (len) 5344 sppp_print_bytes((u_char *)(lh + 1), len); 5345 addlog(">\n"); 5346 } 5347 if (IF_QFULL(&sp->pp_cpq)) { 5348 IF_DROP(&sp->pp_fastq); 5349 IF_DROP(&ifp->if_snd); 5350 m_freem(m); 5351 if_statinc(ifp, if_oerrors); 5352 return; 5353 } 5354 5355 if_statadd(ifp, if_obytes, m->m_pkthdr.len + sp->pp_framebytes); 5356 IF_ENQUEUE(&sp->pp_cpq, m); 5357 5358 if (! (ifp->if_flags & IFF_OACTIVE)) { 5359 SPPP_UNLOCK(sp); 5360 if_start_lock(ifp); 5361 SPPP_LOCK(sp, RW_WRITER); 5362 } 5363 } 5364 5365 static int 5366 sppp_auth_role(const struct cp *cp, struct sppp *sp) 5367 { 5368 int role; 5369 5370 role = SPPP_AUTH_NOROLE; 5371 5372 if (sp->hisauth.proto == cp->proto && 5373 ISSET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO)) 5374 SET(role, SPPP_AUTH_SERV); 5375 5376 if (sp->myauth.proto == cp->proto) 5377 SET(role, SPPP_AUTH_PEER); 5378 5379 return role; 5380 } 5381 5382 static void 5383 sppp_auth_to_event(struct sppp *sp, void *xcp) 5384 { 5385 const struct cp *cp = xcp; 5386 bool override; 5387 int state; 5388 5389 KASSERT(SPPP_WLOCKED(sp)); 5390 KASSERT(!cpu_softintr_p()); 5391 5392 override = false; 5393 state = sp->scp[cp->protoidx].state; 5394 5395 if (sp->scp[cp->protoidx].rst_counter > 0) { 5396 /* override TO+ event */ 5397 switch (state) { 5398 case STATE_OPENED: 5399 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) { 5400 override = true; 5401 sp->chap.rechallenging = true; 5402 sp->chap.response_rcvd = false; 5403 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 5404 cp->scr(sp); 5405 } 5406 break; 5407 5408 case STATE_ACK_RCVD: 5409 override = true; 5410 cp->scr(sp); 5411 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 5412 break; 5413 } 5414 } 5415 5416 if (override) { 5417 SPPP_DLOG(sp, "%s TO(%s) rst_counter = %d\n", 5418 cp->name, sppp_state_name(state), 5419 sp->scp[cp->protoidx].rst_counter); 5420 sp->scp[cp->protoidx].rst_counter--; 5421 } else { 5422 sppp_to_event(sp, xcp); 5423 } 5424 } 5425 5426 static void 5427 sppp_auth_screply(const struct cp *cp, struct sppp *sp, u_char ctype, 5428 uint8_t ident, size_t _mlen __unused, void *_msg __unused) 5429 { 5430 static const char *succmsg = "Welcome!"; 5431 static const char *failmsg = "Failed..."; 5432 const char *msg; 5433 u_char type, mlen; 5434 5435 KASSERT(SPPP_WLOCKED(sp)); 5436 5437 if (!ISSET(sppp_auth_role(cp, sp), SPPP_AUTH_SERV)) 5438 return; 5439 5440 if (ctype == CONF_ACK) { 5441 type = cp->proto == PPP_CHAP ? CHAP_SUCCESS : PAP_ACK; 5442 msg = succmsg; 5443 mlen = sizeof(succmsg) - 1; 5444 5445 sp->pp_auth_failures = 0; 5446 } else { 5447 type = cp->proto == PPP_CHAP ? CHAP_FAILURE : PAP_NAK; 5448 msg = failmsg; 5449 mlen = sizeof(failmsg) - 1; 5450 5451 /* shutdown LCP if auth failed */ 5452 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 5453 sp->pp_auth_failures++; 5454 } 5455 5456 sppp_auth_send(cp, sp, type, ident, mlen, (const u_char *)msg, 0); 5457 } 5458 5459 /* 5460 * Send keepalive packets, every 10 seconds. 5461 */ 5462 static void 5463 sppp_keepalive(void *dummy) 5464 { 5465 struct sppp *sp; 5466 int s; 5467 time_t now; 5468 5469 SPPPQ_LOCK(); 5470 5471 s = splnet(); 5472 now = time_uptime; 5473 for (sp=spppq; sp; sp=sp->pp_next) { 5474 struct ifnet *ifp = NULL; 5475 5476 SPPP_LOCK(sp, RW_WRITER); 5477 ifp = &sp->pp_if; 5478 5479 /* check idle timeout */ 5480 if ((sp->pp_idle_timeout != 0) && (ifp->if_flags & IFF_RUNNING) 5481 && (sp->pp_phase == SPPP_PHASE_NETWORK)) { 5482 /* idle timeout is enabled for this interface */ 5483 if ((now-sp->pp_last_activity) >= sp->pp_idle_timeout) { 5484 SPPP_DLOG(sp, "no activity for %lu seconds\n", 5485 (unsigned long)(now-sp->pp_last_activity)); 5486 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 5487 SPPP_UNLOCK(sp); 5488 continue; 5489 } 5490 } 5491 5492 /* Keepalive mode disabled or channel down? */ 5493 if (! (sp->pp_flags & PP_KEEPALIVE) || 5494 ! (ifp->if_flags & IFF_RUNNING)) { 5495 SPPP_UNLOCK(sp); 5496 continue; 5497 } 5498 5499 /* No keepalive in PPP mode if LCP not opened yet. */ 5500 if (sp->pp_phase < SPPP_PHASE_AUTHENTICATE) { 5501 SPPP_UNLOCK(sp); 5502 continue; 5503 } 5504 5505 /* No echo reply, but maybe user data passed through? */ 5506 if (sp->pp_max_noreceive != 0 && 5507 (now - sp->pp_last_receive) < sp->pp_max_noreceive) { 5508 sp->pp_alivecnt = 0; 5509 SPPP_UNLOCK(sp); 5510 continue; 5511 } 5512 5513 /* No echo request */ 5514 if (sp->pp_alive_interval == 0) { 5515 SPPP_UNLOCK(sp); 5516 continue; 5517 } 5518 5519 /* send a ECHO_REQ once in sp->pp_alive_interval times */ 5520 if ((sppp_keepalive_cnt % sp->pp_alive_interval) != 0) { 5521 SPPP_UNLOCK(sp); 5522 continue; 5523 } 5524 5525 if (sp->pp_alivecnt >= sp->pp_maxalive) { 5526 /* No keepalive packets got. Stop the interface. */ 5527 if (sp->pp_flags & PP_KEEPALIVE_IFDOWN) 5528 sppp_wq_add(sp->wq_cp, &sp->work_ifdown); 5529 5530 SPPP_LOG(sp, LOG_INFO,"LCP keepalive timed out, " 5531 "going to restart the connection\n"); 5532 sp->pp_alivecnt = 0; 5533 5534 /* we are down, close all open protocols */ 5535 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 5536 5537 /* And now prepare LCP to reestablish the link, if configured to do so. */ 5538 sp->lcp.reestablish = true; 5539 5540 SPPP_UNLOCK(sp); 5541 continue; 5542 } 5543 if (sp->pp_alivecnt < sp->pp_maxalive) 5544 ++sp->pp_alivecnt; 5545 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 5546 int32_t nmagic = htonl(sp->lcp.magic); 5547 sp->lcp.echoid = ++sp->scp[IDX_LCP].seq; 5548 sppp_cp_send(sp, PPP_LCP, ECHO_REQ, 5549 sp->lcp.echoid, 4, &nmagic); 5550 } 5551 5552 SPPP_UNLOCK(sp); 5553 } 5554 splx(s); 5555 sppp_keepalive_cnt++; 5556 callout_reset(&keepalive_ch, hz * SPPP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 5557 5558 SPPPQ_UNLOCK(); 5559 } 5560 5561 #ifdef INET 5562 /* 5563 * Get both IP addresses. 5564 */ 5565 static void 5566 sppp_get_ip_addrs(struct sppp *sp, uint32_t *src, uint32_t *dst, uint32_t *srcmask) 5567 { 5568 struct ifnet *ifp = &sp->pp_if; 5569 struct ifaddr *ifa; 5570 struct sockaddr_in *si, *sm; 5571 uint32_t ssrc, ddst; 5572 int bound, s; 5573 struct psref psref; 5574 5575 sm = NULL; 5576 ssrc = ddst = 0; 5577 /* 5578 * Pick the first AF_INET address from the list, 5579 * aliases don't make any sense on a p2p link anyway. 5580 */ 5581 si = 0; 5582 bound = curlwp_bind(); 5583 s = pserialize_read_enter(); 5584 IFADDR_READER_FOREACH(ifa, ifp) { 5585 if (ifa->ifa_addr->sa_family == AF_INET) { 5586 si = (struct sockaddr_in *)ifa->ifa_addr; 5587 sm = (struct sockaddr_in *)ifa->ifa_netmask; 5588 if (si) { 5589 ifa_acquire(ifa, &psref); 5590 break; 5591 } 5592 } 5593 } 5594 pserialize_read_exit(s); 5595 if (ifa) { 5596 if (si && si->sin_addr.s_addr) { 5597 ssrc = si->sin_addr.s_addr; 5598 if (srcmask) 5599 *srcmask = ntohl(sm->sin_addr.s_addr); 5600 } 5601 5602 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 5603 if (si && si->sin_addr.s_addr) 5604 ddst = si->sin_addr.s_addr; 5605 ifa_release(ifa, &psref); 5606 } 5607 curlwp_bindx(bound); 5608 5609 if (dst) *dst = ntohl(ddst); 5610 if (src) *src = ntohl(ssrc); 5611 } 5612 5613 /* 5614 * Set IP addresses. Must be called at splnet. 5615 * If an address is 0, leave it the way it is. 5616 */ 5617 static void 5618 sppp_set_ip_addrs(struct sppp *sp) 5619 { 5620 struct ifnet *ifp; 5621 struct ifaddr *ifa; 5622 struct sockaddr_in *si, *dest; 5623 uint32_t myaddr = 0, hisaddr = 0; 5624 int s; 5625 5626 KASSERT(SPPP_WLOCKED(sp)); 5627 5628 ifp = &sp->pp_if; 5629 5630 SPPP_UNLOCK(sp); 5631 IFNET_LOCK(ifp); 5632 SPPP_LOCK(sp, RW_WRITER); 5633 5634 /* 5635 * Pick the first AF_INET address from the list, 5636 * aliases don't make any sense on a p2p link anyway. 5637 */ 5638 si = dest = NULL; 5639 s = pserialize_read_enter(); 5640 IFADDR_READER_FOREACH(ifa, ifp) { 5641 if (ifa->ifa_addr->sa_family == AF_INET) { 5642 si = (struct sockaddr_in *)ifa->ifa_addr; 5643 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 5644 break; 5645 } 5646 } 5647 pserialize_read_exit(s); 5648 5649 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && (sp->ipcp.flags & IPCP_MYADDR_SEEN)) 5650 myaddr = sp->ipcp.req_myaddr; 5651 else if (si != NULL) 5652 myaddr = ntohl(si->sin_addr.s_addr); 5653 5654 if ((sp->ipcp.flags & IPCP_HISADDR_DYN) && (sp->ipcp.flags & IPCP_HISADDR_SEEN)) 5655 hisaddr = sp->ipcp.req_hisaddr; 5656 else if (dest != NULL) 5657 hisaddr = ntohl(dest->sin_addr.s_addr); 5658 5659 if (si != NULL && dest != NULL) { 5660 int error; 5661 struct sockaddr_in new_sin = *si; 5662 struct sockaddr_in new_dst = *dest; 5663 5664 if (myaddr != 0) 5665 new_sin.sin_addr.s_addr = htonl(myaddr); 5666 if (hisaddr != 0) { 5667 new_dst.sin_addr.s_addr = htonl(hisaddr); 5668 if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) 5669 sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr; 5670 } 5671 5672 in_addrhash_remove(ifatoia(ifa)); 5673 5674 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, &new_dst, 0); 5675 5676 in_addrhash_insert(ifatoia(ifa)); 5677 5678 if (error) { 5679 SPPP_DLOG(sp, "%s: in_ifinit failed, error=%d\n", 5680 __func__, error); 5681 } else { 5682 pfil_run_addrhooks(if_pfil, SIOCAIFADDR, ifa); 5683 } 5684 } 5685 5686 IFNET_UNLOCK(ifp); 5687 5688 sppp_notify_con(sp); 5689 } 5690 5691 /* 5692 * Clear IP addresses. Must be called at splnet. 5693 */ 5694 static void 5695 sppp_clear_ip_addrs(struct sppp *sp) 5696 { 5697 struct ifnet *ifp; 5698 struct ifaddr *ifa; 5699 struct sockaddr_in *si, *dest; 5700 int s; 5701 5702 KASSERT(SPPP_WLOCKED(sp)); 5703 5704 ifp = &sp->pp_if; 5705 5706 SPPP_UNLOCK(sp); 5707 IFNET_LOCK(ifp); 5708 SPPP_LOCK(sp, RW_WRITER); 5709 5710 /* 5711 * Pick the first AF_INET address from the list, 5712 * aliases don't make any sense on a p2p link anyway. 5713 */ 5714 si = dest = NULL; 5715 s = pserialize_read_enter(); 5716 IFADDR_READER_FOREACH(ifa, ifp) { 5717 if (ifa->ifa_addr->sa_family == AF_INET) { 5718 si = (struct sockaddr_in *)ifa->ifa_addr; 5719 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 5720 break; 5721 } 5722 } 5723 pserialize_read_exit(s); 5724 5725 if (si != NULL) { 5726 struct sockaddr_in new_sin = *si; 5727 struct sockaddr_in new_dst = *dest; 5728 int error; 5729 5730 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 5731 new_sin.sin_addr.s_addr = 0; 5732 if (sp->ipcp.flags & IPCP_HISADDR_DYN && 5733 ntohl(sp->ipcp.saved_hisaddr) != 0) 5734 new_dst.sin_addr.s_addr = sp->ipcp.saved_hisaddr; 5735 5736 in_addrhash_remove(ifatoia(ifa)); 5737 5738 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, &new_dst, 0); 5739 5740 in_addrhash_insert(ifatoia(ifa)); 5741 5742 if (error) { 5743 SPPP_DLOG(sp, "%s: in_ifinit failed, error=%d\n", 5744 __func__, error); 5745 } else { 5746 pfil_run_addrhooks(if_pfil, SIOCAIFADDR, ifa); 5747 } 5748 } 5749 5750 IFNET_UNLOCK(ifp); 5751 } 5752 #endif 5753 5754 #ifdef INET6 5755 /* 5756 * Get both IPv6 addresses. 5757 */ 5758 static void 5759 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 5760 struct in6_addr *srcmask) 5761 { 5762 struct ifnet *ifp = &sp->pp_if; 5763 struct ifaddr *ifa; 5764 struct sockaddr_in6 *si, *sm; 5765 struct in6_addr ssrc, ddst; 5766 int bound, s; 5767 struct psref psref; 5768 5769 sm = NULL; 5770 memset(&ssrc, 0, sizeof(ssrc)); 5771 memset(&ddst, 0, sizeof(ddst)); 5772 /* 5773 * Pick the first link-local AF_INET6 address from the list, 5774 * aliases don't make any sense on a p2p link anyway. 5775 */ 5776 si = 0; 5777 bound = curlwp_bind(); 5778 s = pserialize_read_enter(); 5779 IFADDR_READER_FOREACH(ifa, ifp) { 5780 if (ifa->ifa_addr->sa_family == AF_INET6) { 5781 si = (struct sockaddr_in6 *)ifa->ifa_addr; 5782 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 5783 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) { 5784 ifa_acquire(ifa, &psref); 5785 break; 5786 } 5787 } 5788 } 5789 pserialize_read_exit(s); 5790 5791 if (ifa) { 5792 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 5793 memcpy(&ssrc, &si->sin6_addr, sizeof(ssrc)); 5794 if (srcmask) { 5795 memcpy(srcmask, &sm->sin6_addr, 5796 sizeof(*srcmask)); 5797 } 5798 } 5799 5800 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 5801 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 5802 memcpy(&ddst, &si->sin6_addr, sizeof(ddst)); 5803 ifa_release(ifa, &psref); 5804 } 5805 curlwp_bindx(bound); 5806 5807 if (dst) 5808 memcpy(dst, &ddst, sizeof(*dst)); 5809 if (src) 5810 memcpy(src, &ssrc, sizeof(*src)); 5811 } 5812 5813 #ifdef IPV6CP_MYIFID_DYN 5814 /* 5815 * Generate random ifid. 5816 */ 5817 static void 5818 sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 5819 { 5820 /* TBD */ 5821 } 5822 5823 /* 5824 * Set my IPv6 address. Must be called at splnet. 5825 */ 5826 static void 5827 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 5828 { 5829 struct ifnet *ifp; 5830 struct ifaddr *ifa; 5831 struct sockaddr_in6 *sin6; 5832 int s; 5833 struct psref psref; 5834 5835 KASSERT(SPPP_WLOCKED(sp)); 5836 5837 ifp = &sp->pp_if; 5838 5839 SPPP_UNLOCK(sp); 5840 IFNET_LOCK(ifp); 5841 SPPP_LOCK(sp, RW_WRITER); 5842 5843 /* 5844 * Pick the first link-local AF_INET6 address from the list, 5845 * aliases don't make any sense on a p2p link anyway. 5846 */ 5847 5848 sin6 = NULL; 5849 s = pserialize_read_enter(); 5850 IFADDR_READER_FOREACH(ifa, ifp) 5851 { 5852 if (ifa->ifa_addr->sa_family == AF_INET6) 5853 { 5854 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 5855 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 5856 ifa_acquire(ifa, &psref); 5857 break; 5858 } 5859 } 5860 } 5861 pserialize_read_exit(s); 5862 5863 if (ifa && sin6) 5864 { 5865 int error; 5866 struct sockaddr_in6 new_sin6 = *sin6; 5867 5868 memcpy(&new_sin6.sin6_addr, src, sizeof(new_sin6.sin6_addr)); 5869 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 5870 if (error) { 5871 SPPP_DLOG(sp, "%s: in6_ifinit failed, error=%d\n", 5872 __func__, error); 5873 } else { 5874 pfil_run_addrhooks(if_pfil, SIOCAIFADDR_IN6, ifa); 5875 } 5876 ifa_release(ifa, &psref); 5877 } 5878 5879 IFNET_UNLOCK(ifp); 5880 } 5881 #endif 5882 5883 /* 5884 * Suggest a candidate address to be used by peer. 5885 */ 5886 static void 5887 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 5888 { 5889 struct in6_addr myaddr; 5890 struct timeval tv; 5891 5892 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 5893 5894 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 5895 microtime(&tv); 5896 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 5897 myaddr.s6_addr[14] ^= 0xff; 5898 myaddr.s6_addr[15] ^= 0xff; 5899 } else { 5900 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 5901 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 5902 } 5903 if (suggest) 5904 memcpy(suggest, &myaddr, sizeof(myaddr)); 5905 } 5906 #endif /*INET6*/ 5907 5908 /* 5909 * Process ioctl requests specific to the PPP interface. 5910 * Permissions have already been checked. 5911 */ 5912 static int 5913 sppp_params(struct sppp *sp, u_long cmd, void *data) 5914 { 5915 switch (cmd) { 5916 case SPPPGETAUTHCFG: 5917 { 5918 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 5919 int error; 5920 size_t len; 5921 5922 SPPP_LOCK(sp, RW_READER); 5923 5924 cfg->myauthflags = sp->myauth.flags; 5925 cfg->hisauthflags = sp->hisauth.flags; 5926 strlcpy(cfg->ifname, sp->pp_if.if_xname, sizeof(cfg->ifname)); 5927 cfg->hisauth = sppp_proto2authproto(sp->hisauth.proto); 5928 cfg->myauth = sppp_proto2authproto(sp->myauth.proto); 5929 if (cfg->myname_length == 0) { 5930 if (sp->myauth.name != NULL) 5931 cfg->myname_length = sp->myauth.name_len + 1; 5932 } else { 5933 if (sp->myauth.name == NULL) { 5934 cfg->myname_length = 0; 5935 } else { 5936 len = sp->myauth.name_len + 1; 5937 5938 if (cfg->myname_length < len) { 5939 SPPP_UNLOCK(sp); 5940 return (ENAMETOOLONG); 5941 } 5942 error = copyout(sp->myauth.name, cfg->myname, len); 5943 if (error) { 5944 SPPP_UNLOCK(sp); 5945 return error; 5946 } 5947 } 5948 } 5949 if (cfg->hisname_length == 0) { 5950 if (sp->hisauth.name != NULL) 5951 cfg->hisname_length = sp->hisauth.name_len + 1; 5952 } else { 5953 if (sp->hisauth.name == NULL) { 5954 cfg->hisname_length = 0; 5955 } else { 5956 len = sp->hisauth.name_len + 1; 5957 5958 if (cfg->hisname_length < len) { 5959 SPPP_UNLOCK(sp); 5960 return (ENAMETOOLONG); 5961 } 5962 error = copyout(sp->hisauth.name, cfg->hisname, len); 5963 if (error) { 5964 SPPP_UNLOCK(sp); 5965 return error; 5966 } 5967 } 5968 } 5969 SPPP_UNLOCK(sp); 5970 } 5971 break; 5972 case SPPPSETAUTHCFG: 5973 { 5974 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 5975 int error; 5976 5977 SPPP_LOCK(sp, RW_WRITER); 5978 5979 if (sp->myauth.name) { 5980 free(sp->myauth.name, M_DEVBUF); 5981 sp->myauth.name = NULL; 5982 } 5983 if (sp->myauth.secret) { 5984 free(sp->myauth.secret, M_DEVBUF); 5985 sp->myauth.secret = NULL; 5986 } 5987 if (sp->hisauth.name) { 5988 free(sp->hisauth.name, M_DEVBUF); 5989 sp->hisauth.name = NULL; 5990 } 5991 if (sp->hisauth.secret) { 5992 free(sp->hisauth.secret, M_DEVBUF); 5993 sp->hisauth.secret = NULL; 5994 } 5995 5996 if (cfg->hisname != NULL && cfg->hisname_length > 0) { 5997 if (cfg->hisname_length >= MCLBYTES) { 5998 SPPP_UNLOCK(sp); 5999 return (ENAMETOOLONG); 6000 } 6001 sp->hisauth.name = malloc(cfg->hisname_length, M_DEVBUF, M_WAITOK); 6002 error = copyin(cfg->hisname, sp->hisauth.name, cfg->hisname_length); 6003 if (error) { 6004 free(sp->hisauth.name, M_DEVBUF); 6005 sp->hisauth.name = NULL; 6006 SPPP_UNLOCK(sp); 6007 return error; 6008 } 6009 sp->hisauth.name_len = cfg->hisname_length - 1; 6010 sp->hisauth.name[sp->hisauth.name_len] = 0; 6011 } 6012 if (cfg->hissecret != NULL && cfg->hissecret_length > 0) { 6013 if (cfg->hissecret_length >= MCLBYTES) { 6014 SPPP_UNLOCK(sp); 6015 return (ENAMETOOLONG); 6016 } 6017 sp->hisauth.secret = malloc(cfg->hissecret_length, 6018 M_DEVBUF, M_WAITOK); 6019 error = copyin(cfg->hissecret, sp->hisauth.secret, 6020 cfg->hissecret_length); 6021 if (error) { 6022 free(sp->hisauth.secret, M_DEVBUF); 6023 sp->hisauth.secret = NULL; 6024 SPPP_UNLOCK(sp); 6025 return error; 6026 } 6027 sp->hisauth.secret_len = cfg->hissecret_length - 1; 6028 sp->hisauth.secret[sp->hisauth.secret_len] = 0; 6029 } 6030 if (cfg->myname != NULL && cfg->myname_length > 0) { 6031 if (cfg->myname_length >= MCLBYTES) { 6032 SPPP_UNLOCK(sp); 6033 return (ENAMETOOLONG); 6034 } 6035 sp->myauth.name = malloc(cfg->myname_length, M_DEVBUF, M_WAITOK); 6036 error = copyin(cfg->myname, sp->myauth.name, cfg->myname_length); 6037 if (error) { 6038 free(sp->myauth.name, M_DEVBUF); 6039 sp->myauth.name = NULL; 6040 SPPP_UNLOCK(sp); 6041 return error; 6042 } 6043 sp->myauth.name_len = cfg->myname_length - 1; 6044 sp->myauth.name[sp->myauth.name_len] = 0; 6045 } 6046 if (cfg->mysecret != NULL && cfg->mysecret_length > 0) { 6047 if (cfg->mysecret_length >= MCLBYTES) { 6048 SPPP_UNLOCK(sp); 6049 return (ENAMETOOLONG); 6050 } 6051 sp->myauth.secret = malloc(cfg->mysecret_length, 6052 M_DEVBUF, M_WAITOK); 6053 error = copyin(cfg->mysecret, sp->myauth.secret, 6054 cfg->mysecret_length); 6055 if (error) { 6056 free(sp->myauth.secret, M_DEVBUF); 6057 sp->myauth.secret = NULL; 6058 SPPP_UNLOCK(sp); 6059 return error; 6060 } 6061 sp->myauth.secret_len = cfg->mysecret_length - 1; 6062 sp->myauth.secret[sp->myauth.secret_len] = 0; 6063 } 6064 sp->myauth.flags = cfg->myauthflags; 6065 if (cfg->myauth != SPPP_AUTHPROTO_NOCHG) { 6066 sp->myauth.proto = sppp_authproto2proto(cfg->myauth); 6067 } 6068 sp->hisauth.flags = cfg->hisauthflags; 6069 if (cfg->hisauth != SPPP_AUTHPROTO_NOCHG) { 6070 sp->hisauth.proto = sppp_authproto2proto(cfg->hisauth); 6071 } 6072 sp->pp_auth_failures = 0; 6073 if (sp->hisauth.proto != PPP_NOPROTO) 6074 SET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO); 6075 else 6076 CLR(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO); 6077 6078 SPPP_UNLOCK(sp); 6079 } 6080 break; 6081 case SPPPGETLCPCFG: 6082 { 6083 struct sppplcpcfg *lcpp = (struct sppplcpcfg *)data; 6084 6085 SPPP_LOCK(sp, RW_READER); 6086 lcpp->lcp_timeout = sp->lcp.timeout; 6087 SPPP_UNLOCK(sp); 6088 } 6089 break; 6090 case SPPPSETLCPCFG: 6091 { 6092 struct sppplcpcfg *lcpp = (struct sppplcpcfg *)data; 6093 6094 SPPP_LOCK(sp, RW_WRITER); 6095 sp->lcp.timeout = lcpp->lcp_timeout; 6096 SPPP_UNLOCK(sp); 6097 } 6098 break; 6099 case SPPPGETNCPCFG: 6100 { 6101 struct spppncpcfg *ncpp = (struct spppncpcfg *) data; 6102 6103 SPPP_LOCK(sp, RW_READER); 6104 ncpp->ncp_flags = sp->pp_ncpflags; 6105 SPPP_UNLOCK(sp); 6106 } 6107 break; 6108 case SPPPSETNCPCFG: 6109 { 6110 struct spppncpcfg *ncpp = (struct spppncpcfg *) data; 6111 6112 SPPP_LOCK(sp, RW_WRITER); 6113 sp->pp_ncpflags = ncpp->ncp_flags; 6114 SPPP_UNLOCK(sp); 6115 } 6116 break; 6117 case SPPPGETSTATUS: 6118 { 6119 struct spppstatus *status = (struct spppstatus *)data; 6120 6121 SPPP_LOCK(sp, RW_READER); 6122 status->phase = sp->pp_phase; 6123 SPPP_UNLOCK(sp); 6124 } 6125 break; 6126 case SPPPGETSTATUSNCP: 6127 { 6128 struct spppstatusncp *status = (struct spppstatusncp *)data; 6129 6130 SPPP_LOCK(sp, RW_READER); 6131 status->phase = sp->pp_phase; 6132 status->ncpup = sppp_cp_check(sp, CP_NCP); 6133 SPPP_UNLOCK(sp); 6134 } 6135 break; 6136 case SPPPGETIDLETO: 6137 { 6138 struct spppidletimeout *to = (struct spppidletimeout *)data; 6139 6140 SPPP_LOCK(sp, RW_READER); 6141 to->idle_seconds = sp->pp_idle_timeout; 6142 SPPP_UNLOCK(sp); 6143 } 6144 break; 6145 case SPPPSETIDLETO: 6146 { 6147 struct spppidletimeout *to = (struct spppidletimeout *)data; 6148 6149 SPPP_LOCK(sp, RW_WRITER); 6150 sp->pp_idle_timeout = to->idle_seconds; 6151 SPPP_UNLOCK(sp); 6152 } 6153 break; 6154 case SPPPSETAUTHFAILURE: 6155 { 6156 struct spppauthfailuresettings *afsettings = 6157 (struct spppauthfailuresettings *)data; 6158 6159 SPPP_LOCK(sp, RW_WRITER); 6160 sp->pp_max_auth_fail = afsettings->max_failures; 6161 sp->pp_auth_failures = 0; 6162 SPPP_UNLOCK(sp); 6163 } 6164 break; 6165 case SPPPGETAUTHFAILURES: 6166 { 6167 struct spppauthfailurestats *stats = (struct spppauthfailurestats *)data; 6168 6169 SPPP_LOCK(sp, RW_READER); 6170 stats->auth_failures = sp->pp_auth_failures; 6171 stats->max_failures = sp->pp_max_auth_fail; 6172 SPPP_UNLOCK(sp); 6173 } 6174 break; 6175 case SPPPSETDNSOPTS: 6176 { 6177 struct spppdnssettings *req = (struct spppdnssettings *)data; 6178 6179 SPPP_LOCK(sp, RW_WRITER); 6180 sp->query_dns = req->query_dns & 3; 6181 SPPP_UNLOCK(sp); 6182 } 6183 break; 6184 case SPPPGETDNSOPTS: 6185 { 6186 struct spppdnssettings *req = (struct spppdnssettings *)data; 6187 6188 SPPP_LOCK(sp, RW_READER); 6189 req->query_dns = sp->query_dns; 6190 SPPP_UNLOCK(sp); 6191 } 6192 break; 6193 case SPPPGETDNSADDRS: 6194 { 6195 struct spppdnsaddrs *addrs = (struct spppdnsaddrs *)data; 6196 6197 SPPP_LOCK(sp, RW_READER); 6198 memcpy(&addrs->dns, &sp->dns_addrs, sizeof addrs->dns); 6199 SPPP_UNLOCK(sp); 6200 } 6201 break; 6202 case SPPPGETKEEPALIVE: 6203 { 6204 struct spppkeepalivesettings *settings = 6205 (struct spppkeepalivesettings*)data; 6206 6207 SPPP_LOCK(sp, RW_READER); 6208 settings->maxalive = sp->pp_maxalive; 6209 settings->max_noreceive = sp->pp_max_noreceive; 6210 settings->alive_interval = sp->pp_alive_interval; 6211 SPPP_UNLOCK(sp); 6212 } 6213 break; 6214 case SPPPSETKEEPALIVE: 6215 { 6216 struct spppkeepalivesettings *settings = 6217 (struct spppkeepalivesettings*)data; 6218 6219 SPPP_LOCK(sp, RW_WRITER); 6220 sp->pp_maxalive = settings->maxalive; 6221 sp->pp_max_noreceive = settings->max_noreceive; 6222 sp->pp_alive_interval = settings->alive_interval; 6223 SPPP_UNLOCK(sp); 6224 } 6225 break; 6226 case SPPPGETLCPSTATUS: 6227 { 6228 struct sppplcpstatus *status = 6229 (struct sppplcpstatus *)data; 6230 6231 SPPP_LOCK(sp, RW_READER); 6232 status->state = sp->scp[IDX_LCP].state; 6233 status->opts = sp->lcp.opts; 6234 status->magic = sp->lcp.magic; 6235 status->mru = sp->lcp.mru; 6236 SPPP_UNLOCK(sp); 6237 } 6238 break; 6239 case SPPPGETIPCPSTATUS: 6240 { 6241 struct spppipcpstatus *status = 6242 (struct spppipcpstatus *)data; 6243 u_int32_t myaddr; 6244 6245 SPPP_LOCK(sp, RW_READER); 6246 status->state = sp->scp[IDX_IPCP].state; 6247 status->opts = sp->ipcp.opts; 6248 #ifdef INET 6249 sppp_get_ip_addrs(sp, &myaddr, 0, 0); 6250 #else 6251 myaddr = 0; 6252 #endif 6253 status->myaddr = ntohl(myaddr); 6254 SPPP_UNLOCK(sp); 6255 } 6256 break; 6257 case SPPPGETIPV6CPSTATUS: 6258 { 6259 struct spppipv6cpstatus *status = 6260 (struct spppipv6cpstatus *)data; 6261 6262 SPPP_LOCK(sp, RW_READER); 6263 status->state = sp->scp[IDX_IPV6CP].state; 6264 memcpy(status->my_ifid, sp->ipv6cp.my_ifid, 6265 sizeof(status->my_ifid)); 6266 memcpy(status->his_ifid, sp->ipv6cp.his_ifid, 6267 sizeof(status->his_ifid)); 6268 SPPP_UNLOCK(sp); 6269 } 6270 break; 6271 default: 6272 { 6273 int ret; 6274 6275 MODULE_HOOK_CALL(sppp_params_50_hook, (sp, cmd, data), 6276 enosys(), ret); 6277 if (ret != ENOSYS) 6278 return ret; 6279 return (EINVAL); 6280 } 6281 } 6282 return (0); 6283 } 6284 6285 static void 6286 sppp_phase_network(struct sppp *sp) 6287 { 6288 int i; 6289 6290 KASSERT(SPPP_WLOCKED(sp)); 6291 6292 sppp_change_phase(sp, SPPP_PHASE_NETWORK); 6293 6294 /* Notify NCPs now. */ 6295 for (i = 0; i < IDX_COUNT; i++) 6296 if ((cps[i])->flags & CP_NCP) 6297 sppp_wq_add(sp->wq_cp, &sp->scp[i].work_open); 6298 } 6299 6300 static const char * 6301 sppp_cp_type_name(char *buf, size_t buflen, u_char type) 6302 { 6303 6304 switch (type) { 6305 case CONF_REQ: return "conf-req"; 6306 case CONF_ACK: return "conf-ack"; 6307 case CONF_NAK: return "conf-nak"; 6308 case CONF_REJ: return "conf-rej"; 6309 case TERM_REQ: return "term-req"; 6310 case TERM_ACK: return "term-ack"; 6311 case CODE_REJ: return "code-rej"; 6312 case PROTO_REJ: return "proto-rej"; 6313 case ECHO_REQ: return "echo-req"; 6314 case ECHO_REPLY: return "echo-reply"; 6315 case DISC_REQ: return "discard-req"; 6316 } 6317 if (buf != NULL) 6318 snprintf(buf, buflen, "0x%02x", type); 6319 return buf; 6320 } 6321 6322 static const char * 6323 sppp_auth_type_name(char *buf, size_t buflen, u_short proto, u_char type) 6324 { 6325 const char *name; 6326 6327 switch (proto) { 6328 case PPP_CHAP: 6329 switch (type) { 6330 case CHAP_CHALLENGE: return "challenge"; 6331 case CHAP_RESPONSE: return "response"; 6332 case CHAP_SUCCESS: return "success"; 6333 case CHAP_FAILURE: return "failure"; 6334 default: name = "chap"; break; 6335 } 6336 break; 6337 6338 case PPP_PAP: 6339 switch (type) { 6340 case PAP_REQ: return "req"; 6341 case PAP_ACK: return "ack"; 6342 case PAP_NAK: return "nak"; 6343 default: name = "pap"; break; 6344 } 6345 break; 6346 6347 default: 6348 name = "bad"; 6349 break; 6350 } 6351 6352 if (buf != NULL) 6353 snprintf(buf, buflen, "%s(%#x) 0x%02x", name, proto, type); 6354 return buf; 6355 } 6356 6357 static const char * 6358 sppp_lcp_opt_name(char *buf, size_t buflen, u_char opt) 6359 { 6360 6361 switch (opt) { 6362 case LCP_OPT_MRU: return "mru"; 6363 case LCP_OPT_ASYNC_MAP: return "async-map"; 6364 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 6365 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 6366 case LCP_OPT_MAGIC: return "magic"; 6367 case LCP_OPT_PROTO_COMP: return "proto-comp"; 6368 case LCP_OPT_ADDR_COMP: return "addr-comp"; 6369 case LCP_OPT_SELF_DESC_PAD: return "sdpad"; 6370 case LCP_OPT_CALL_BACK: return "callback"; 6371 case LCP_OPT_COMPOUND_FRMS: return "cmpd-frms"; 6372 case LCP_OPT_MP_MRRU: return "mrru"; 6373 case LCP_OPT_MP_SSNHF: return "mp-ssnhf"; 6374 case LCP_OPT_MP_EID: return "mp-eid"; 6375 } 6376 if (buf != NULL) 6377 snprintf(buf, buflen, "0x%02x", opt); 6378 return buf; 6379 } 6380 6381 static const char * 6382 sppp_ipcp_opt_name(char *buf, size_t buflen, u_char opt) 6383 { 6384 6385 switch (opt) { 6386 case IPCP_OPT_ADDRESSES: return "addresses"; 6387 case IPCP_OPT_COMPRESSION: return "compression"; 6388 case IPCP_OPT_ADDRESS: return "address"; 6389 case IPCP_OPT_PRIMDNS: return "primdns"; 6390 case IPCP_OPT_SECDNS: return "secdns"; 6391 } 6392 if (buf != NULL) 6393 snprintf(buf, buflen, "0x%02x", opt); 6394 return buf; 6395 } 6396 6397 #ifdef INET6 6398 static const char * 6399 sppp_ipv6cp_opt_name(char *buf, size_t buflen, u_char opt) 6400 { 6401 6402 switch (opt) { 6403 case IPV6CP_OPT_IFID: return "ifid"; 6404 case IPV6CP_OPT_COMPRESSION: return "compression"; 6405 } 6406 if (buf != NULL) 6407 snprintf(buf, buflen, "0x%02x", opt); 6408 return buf; 6409 } 6410 #endif 6411 6412 static const char * 6413 sppp_state_name(int state) 6414 { 6415 6416 switch (state) { 6417 case STATE_INITIAL: return "initial"; 6418 case STATE_STARTING: return "starting"; 6419 case STATE_CLOSED: return "closed"; 6420 case STATE_STOPPED: return "stopped"; 6421 case STATE_CLOSING: return "closing"; 6422 case STATE_STOPPING: return "stopping"; 6423 case STATE_REQ_SENT: return "req-sent"; 6424 case STATE_ACK_RCVD: return "ack-rcvd"; 6425 case STATE_ACK_SENT: return "ack-sent"; 6426 case STATE_OPENED: return "opened"; 6427 } 6428 return "illegal"; 6429 } 6430 6431 static const char * 6432 sppp_phase_name(int phase) 6433 { 6434 6435 switch (phase) { 6436 case SPPP_PHASE_DEAD: return "dead"; 6437 case SPPP_PHASE_ESTABLISH: return "establish"; 6438 case SPPP_PHASE_TERMINATE: return "terminate"; 6439 case SPPP_PHASE_AUTHENTICATE: return "authenticate"; 6440 case SPPP_PHASE_NETWORK: return "network"; 6441 } 6442 return "illegal"; 6443 } 6444 6445 static const char * 6446 sppp_proto_name(char *buf, size_t buflen, u_short proto) 6447 { 6448 6449 switch (proto) { 6450 case PPP_LCP: return "lcp"; 6451 case PPP_IPCP: return "ipcp"; 6452 case PPP_PAP: return "pap"; 6453 case PPP_CHAP: return "chap"; 6454 case PPP_IPV6CP: return "ipv6cp"; 6455 } 6456 if (buf != NULL) { 6457 snprintf(buf, sizeof(buf), "0x%04x", 6458 (unsigned)proto); 6459 } 6460 return buf; 6461 } 6462 6463 static void 6464 sppp_print_bytes(const u_char *p, u_short len) 6465 { 6466 addlog(" %02x", *p++); 6467 while (--len > 0) 6468 addlog("-%02x", *p++); 6469 } 6470 6471 static void 6472 sppp_print_string(const char *p, u_short len) 6473 { 6474 u_char c; 6475 6476 while (len-- > 0) { 6477 c = *p++; 6478 /* 6479 * Print only ASCII chars directly. RFC 1994 recommends 6480 * using only them, but we don't rely on it. */ 6481 if (c < ' ' || c > '~') 6482 addlog("\\x%x", c); 6483 else 6484 addlog("%c", c); 6485 } 6486 } 6487 6488 static const char * 6489 sppp_dotted_quad(char *buf, size_t buflen, uint32_t addr) 6490 { 6491 6492 if (buf != NULL) { 6493 snprintf(buf, buflen, "%u.%u.%u.%u", 6494 (unsigned int)((addr >> 24) & 0xff), 6495 (unsigned int)((addr >> 16) & 0xff), 6496 (unsigned int)((addr >> 8) & 0xff), 6497 (unsigned int)(addr & 0xff)); 6498 } 6499 return buf; 6500 } 6501 6502 /* a dummy, used to drop uninteresting events */ 6503 static void 6504 sppp_null(struct sppp *unused) 6505 { 6506 /* do just nothing */ 6507 } 6508 6509 static void 6510 sppp_tls(const struct cp *cp, struct sppp *sp) 6511 { 6512 6513 SPPP_DLOG(sp, "%s tls\n", cp->name); 6514 6515 /* notify lcp that is lower layer */ 6516 sp->lcp.protos |= (1 << cp->protoidx); 6517 } 6518 6519 static void 6520 sppp_tlf(const struct cp *cp, struct sppp *sp) 6521 { 6522 6523 SPPP_DLOG(sp, "%s tlf\n", cp->name); 6524 6525 /* notify lcp that is lower layer */ 6526 sp->lcp.protos &= ~(1 << cp->protoidx); 6527 6528 /* cleanup */ 6529 if (sp->scp[cp->protoidx].mbuf_confreq != NULL) { 6530 m_freem(sp->scp[cp->protoidx].mbuf_confreq); 6531 sp->scp[cp->protoidx].mbuf_confreq = NULL; 6532 } 6533 if (sp->scp[cp->protoidx].mbuf_confnak != NULL) { 6534 m_freem(sp->scp[cp->protoidx].mbuf_confnak); 6535 sp->scp[cp->protoidx].mbuf_confnak = NULL; 6536 } 6537 6538 sppp_lcp_check_and_close(sp); 6539 } 6540 6541 static void 6542 sppp_screply(const struct cp *cp, struct sppp *sp, u_char type, 6543 uint8_t ident, size_t msglen, void *msg) 6544 { 6545 6546 if (msglen == 0) 6547 return; 6548 6549 switch (type) { 6550 case CONF_ACK: 6551 case CONF_NAK: 6552 case CONF_REJ: 6553 break; 6554 default: 6555 return; 6556 } 6557 6558 if (sppp_debug_enabled(sp)) { 6559 char tbuf[SPPP_CPTYPE_NAMELEN]; 6560 const char *cpname; 6561 6562 cpname = sppp_cp_type_name(tbuf, sizeof(tbuf), type); 6563 SPPP_LOG(sp, LOG_DEBUG, "send %s\n", cpname); 6564 } 6565 6566 sppp_cp_send(sp, cp->proto, type, ident, msglen, msg); 6567 } 6568 6569 static void 6570 sppp_ifdown(struct sppp *sp, void *xcp __unused) 6571 { 6572 6573 SPPP_UNLOCK(sp); 6574 if_down(&sp->pp_if); 6575 IF_PURGE(&sp->pp_cpq); 6576 SPPP_LOCK(sp, RW_WRITER); 6577 } 6578 6579 static void 6580 sppp_notify_up(struct sppp *sp) 6581 { 6582 6583 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_up); 6584 } 6585 6586 static void 6587 sppp_notify_down(struct sppp *sp) 6588 { 6589 6590 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_down); 6591 } 6592 6593 static void 6594 sppp_notify_tls_wlocked(struct sppp *sp) 6595 { 6596 6597 KASSERT(SPPP_WLOCKED(sp)); 6598 6599 if (!sp->pp_tls) 6600 return; 6601 6602 SPPP_UNLOCK(sp); 6603 sp->pp_tls(sp); 6604 SPPP_LOCK(sp, RW_WRITER); 6605 } 6606 6607 static void 6608 sppp_notify_tlf_wlocked(struct sppp *sp) 6609 { 6610 6611 KASSERT(SPPP_WLOCKED(sp)); 6612 6613 if (!sp->pp_tlf) 6614 return; 6615 6616 SPPP_UNLOCK(sp); 6617 sp->pp_tlf(sp); 6618 SPPP_LOCK(sp, RW_WRITER); 6619 } 6620 6621 static void 6622 sppp_notify_con(struct sppp *sp) 6623 { 6624 6625 if (!sp->pp_con) 6626 return; 6627 6628 sp->pp_con(sp); 6629 } 6630 6631 #ifdef INET6 6632 static void 6633 sppp_notify_con_wlocked(struct sppp *sp) 6634 { 6635 6636 KASSERT(SPPP_WLOCKED(sp)); 6637 6638 SPPP_UNLOCK(sp); 6639 sppp_notify_con(sp); 6640 SPPP_LOCK(sp, RW_WRITER); 6641 6642 } 6643 #endif 6644 6645 static void 6646 sppp_notify_chg_wlocked(struct sppp *sp) 6647 { 6648 6649 KASSERT(SPPP_WLOCKED(sp)); 6650 6651 if (!sp->pp_chg) 6652 return; 6653 6654 SPPP_UNLOCK(sp); 6655 sp->pp_chg(sp, sp->pp_phase); 6656 SPPP_LOCK(sp, RW_WRITER); 6657 } 6658 6659 static void 6660 sppp_wq_work(struct work *wk, void *xsp) 6661 { 6662 struct sppp *sp; 6663 struct sppp_work *work; 6664 6665 sp = xsp; 6666 work = container_of(wk, struct sppp_work, work); 6667 atomic_cas_uint(&work->state, SPPP_WK_BUSY, SPPP_WK_FREE); 6668 6669 SPPP_LOCK(sp, RW_WRITER); 6670 work->func(sp, work->arg); 6671 SPPP_UNLOCK(sp); 6672 } 6673 6674 static struct workqueue * 6675 sppp_wq_create(struct sppp *sp, const char *xnamebuf, pri_t prio, int ipl, int flags) 6676 { 6677 struct workqueue *wq; 6678 int error; 6679 6680 error = workqueue_create(&wq, xnamebuf, sppp_wq_work, 6681 (void *)sp, prio, ipl, flags); 6682 if (error) { 6683 panic("%s: workqueue_create failed [%s, %d]\n", 6684 sp->pp_if.if_xname, xnamebuf, error); 6685 } 6686 6687 return wq; 6688 } 6689 6690 static void 6691 sppp_wq_destroy(struct sppp *sp __unused, struct workqueue *wq) 6692 { 6693 6694 workqueue_destroy(wq); 6695 } 6696 6697 static void 6698 sppp_wq_set(struct sppp_work *work, 6699 void (*func)(struct sppp *, void *), void *arg) 6700 { 6701 6702 work->func = func; 6703 work->arg = arg; 6704 } 6705 6706 static void 6707 sppp_wq_add(struct workqueue *wq, struct sppp_work *work) 6708 { 6709 6710 if (atomic_cas_uint(&work->state, SPPP_WK_FREE, SPPP_WK_BUSY) 6711 != SPPP_WK_FREE) 6712 return; 6713 6714 KASSERT(work->func != NULL); 6715 kpreempt_disable(); 6716 workqueue_enqueue(wq, &work->work, NULL); 6717 kpreempt_enable(); 6718 } 6719 static void 6720 sppp_wq_wait(struct workqueue *wq, struct sppp_work *work) 6721 { 6722 6723 atomic_swap_uint(&work->state, SPPP_WK_UNAVAIL); 6724 workqueue_wait(wq, &work->work); 6725 } 6726 6727 /* 6728 * This file is large. Tell emacs to highlight it nevertheless. 6729 * 6730 * Local Variables: 6731 * hilit-auto-highlight-maxout: 120000 6732 * End: 6733 */ 6734 6735 /* 6736 * Module glue 6737 */ 6738 MODULE(MODULE_CLASS_MISC, sppp_subr, NULL); 6739 6740 static int 6741 sppp_subr_modcmd(modcmd_t cmd, void *arg) 6742 { 6743 6744 switch (cmd) { 6745 case MODULE_CMD_INIT: 6746 case MODULE_CMD_FINI: 6747 return 0; 6748 case MODULE_CMD_STAT: 6749 case MODULE_CMD_AUTOUNLOAD: 6750 default: 6751 return ENOTTY; 6752 } 6753 } 6754