1 /* $NetBSD: if_spppsubr.c,v 1.77 2004/04/21 17:45:38 itojun Exp $ */ 2 3 /* 4 * Synchronous PPP/Cisco link level subroutines. 5 * Keepalive protocol implemented in both Cisco and PPP modes. 6 * 7 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 8 * Author: Serge Vakulenko, <vak@cronyx.ru> 9 * 10 * Heavily revamped to conform to RFC 1661. 11 * Copyright (C) 1997, Joerg Wunsch. 12 * 13 * RFC2472 IPv6CP support. 14 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun@iijlab.net>. 15 * 16 * Redistribution and use in source and binary forms, with or without 17 * modification, are permitted provided that the following conditions are met: 18 * 1. Redistributions of source code must retain the above copyright notice, 19 * this list of conditions and the following disclaimer. 20 * 2. Redistributions in binary form must reproduce the above copyright notice, 21 * this list of conditions and the following disclaimer in the documentation 22 * and/or other materials provided with the distribution. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY 25 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE 28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 32 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 34 * POSSIBILITY OF SUCH DAMAGE. 35 * 36 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 37 * 38 * From: if_spppsubr.c,v 1.39 1998/04/04 13:26:03 phk Exp 39 * 40 * From: Id: if_spppsubr.c,v 1.23 1999/02/23 14:47:50 hm Exp 41 */ 42 43 #include <sys/cdefs.h> 44 __KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.77 2004/04/21 17:45:38 itojun Exp $"); 45 46 #include "opt_inet.h" 47 #include "opt_ipx.h" 48 #include "opt_iso.h" 49 #include "opt_ns.h" 50 51 #include <sys/param.h> 52 #include <sys/proc.h> 53 #include <sys/systm.h> 54 #include <sys/kernel.h> 55 #include <sys/sockio.h> 56 #include <sys/socket.h> 57 #include <sys/syslog.h> 58 #include <sys/malloc.h> 59 #include <sys/mbuf.h> 60 #include <sys/callout.h> 61 #include <sys/md5.h> 62 #include <sys/inttypes.h> 63 64 #include <net/if.h> 65 #include <net/netisr.h> 66 #include <net/if_types.h> 67 #include <net/route.h> 68 #include <net/ppp_defs.h> 69 70 #include <machine/stdarg.h> 71 72 #include <netinet/in.h> 73 #include <netinet/in_systm.h> 74 #include <netinet/in_var.h> 75 #ifdef INET 76 #include <netinet/ip.h> 77 #include <netinet/tcp.h> 78 #endif 79 #include <net/ethertypes.h> 80 81 #ifdef IPX 82 #include <netipx/ipx.h> 83 #include <netipx/ipx_if.h> 84 #endif 85 86 #ifdef NS 87 #include <netns/ns.h> 88 #include <netns/ns_if.h> 89 #endif 90 91 #ifdef ISO 92 #include <netiso/argo_debug.h> 93 #include <netiso/iso.h> 94 #include <netiso/iso_var.h> 95 #include <netiso/iso_snpac.h> 96 #endif 97 98 #include <net/if_sppp.h> 99 #include <net/if_spppvar.h> 100 101 #define LCP_KEEPALIVE_INTERVAL 10 /* seconds between checks */ 102 #define LOOPALIVECNT 3 /* loopback detection tries */ 103 #define DEFAULT_MAXALIVECNT 3 /* max. missed alive packets */ 104 #define DEFAULT_NORECV_TIME 15 /* before we get worried */ 105 #define DEFAULT_MAX_AUTH_FAILURES 5 /* max. auth. failures */ 106 107 /* 108 * Interface flags that can be set in an ifconfig command. 109 * 110 * Setting link0 will make the link passive, i.e. it will be marked 111 * as being administrative openable, but won't be opened to begin 112 * with. Incoming calls will be answered, or subsequent calls with 113 * -link1 will cause the administrative open of the LCP layer. 114 * 115 * Setting link1 will cause the link to auto-dial only as packets 116 * arrive to be sent. 117 * 118 * Setting IFF_DEBUG will syslog the option negotiation and state 119 * transitions at level kern.debug. Note: all logs consistently look 120 * like 121 * 122 * <if-name><unit>: <proto-name> <additional info...> 123 * 124 * with <if-name><unit> being something like "bppp0", and <proto-name> 125 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 126 */ 127 128 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 129 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 130 131 #define CONF_REQ 1 /* PPP configure request */ 132 #define CONF_ACK 2 /* PPP configure acknowledge */ 133 #define CONF_NAK 3 /* PPP configure negative ack */ 134 #define CONF_REJ 4 /* PPP configure reject */ 135 #define TERM_REQ 5 /* PPP terminate request */ 136 #define TERM_ACK 6 /* PPP terminate acknowledge */ 137 #define CODE_REJ 7 /* PPP code reject */ 138 #define PROTO_REJ 8 /* PPP protocol reject */ 139 #define ECHO_REQ 9 /* PPP echo request */ 140 #define ECHO_REPLY 10 /* PPP echo reply */ 141 #define DISC_REQ 11 /* PPP discard request */ 142 143 #define LCP_OPT_MRU 1 /* maximum receive unit */ 144 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 145 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 146 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 147 #define LCP_OPT_MAGIC 5 /* magic number */ 148 #define LCP_OPT_RESERVED 6 /* reserved */ 149 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 150 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 151 152 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 153 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol */ 154 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 155 #define IPCP_OPT_PRIMDNS 129 /* primary remote dns address */ 156 #define IPCP_OPT_SECDNS 131 /* secondary remote dns address */ 157 158 #define IPV6CP_OPT_IFID 1 /* interface identifier */ 159 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 160 161 #define PAP_REQ 1 /* PAP name/password request */ 162 #define PAP_ACK 2 /* PAP acknowledge */ 163 #define PAP_NAK 3 /* PAP fail */ 164 165 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 166 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 167 #define CHAP_SUCCESS 3 /* CHAP response ok */ 168 #define CHAP_FAILURE 4 /* CHAP response failed */ 169 170 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 171 172 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 173 #define CISCO_UNICAST 0x0f /* Cisco unicast address */ 174 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 175 #define CISCO_ADDR_REQ 0 /* Cisco address request */ 176 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 177 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 178 179 /* states are named and numbered according to RFC 1661 */ 180 #define STATE_INITIAL 0 181 #define STATE_STARTING 1 182 #define STATE_CLOSED 2 183 #define STATE_STOPPED 3 184 #define STATE_CLOSING 4 185 #define STATE_STOPPING 5 186 #define STATE_REQ_SENT 6 187 #define STATE_ACK_RCVD 7 188 #define STATE_ACK_SENT 8 189 #define STATE_OPENED 9 190 191 struct ppp_header { 192 u_int8_t address; 193 u_int8_t control; 194 u_int16_t protocol; 195 } __attribute__((__packed__)); 196 #define PPP_HEADER_LEN sizeof (struct ppp_header) 197 198 struct lcp_header { 199 u_int8_t type; 200 u_int8_t ident; 201 u_int16_t len; 202 } __attribute__((__packed__)); 203 #define LCP_HEADER_LEN sizeof (struct lcp_header) 204 205 struct cisco_packet { 206 u_int32_t type; 207 u_int32_t par1; 208 u_int32_t par2; 209 u_int16_t rel; 210 u_int16_t time0; 211 u_int16_t time1; 212 } __attribute__((__packed__)); 213 #define CISCO_PACKET_LEN 18 214 215 /* 216 * We follow the spelling and capitalization of RFC 1661 here, to make 217 * it easier comparing with the standard. Please refer to this RFC in 218 * case you can't make sense out of these abbreviation; it will also 219 * explain the semantics related to the various events and actions. 220 */ 221 struct cp { 222 u_short proto; /* PPP control protocol number */ 223 u_char protoidx; /* index into state table in struct sppp */ 224 u_char flags; 225 #define CP_LCP 0x01 /* this is the LCP */ 226 #define CP_AUTH 0x02 /* this is an authentication protocol */ 227 #define CP_NCP 0x04 /* this is a NCP */ 228 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 229 const char *name; /* name of this control protocol */ 230 /* event handlers */ 231 void (*Up)(struct sppp *sp); 232 void (*Down)(struct sppp *sp); 233 void (*Open)(struct sppp *sp); 234 void (*Close)(struct sppp *sp); 235 void (*TO)(void *sp); 236 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 237 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 238 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 239 /* actions */ 240 void (*tlu)(struct sppp *sp); 241 void (*tld)(struct sppp *sp); 242 void (*tls)(struct sppp *sp); 243 void (*tlf)(struct sppp *sp); 244 void (*scr)(struct sppp *sp); 245 }; 246 247 static struct sppp *spppq; 248 static struct callout keepalive_ch; 249 250 #ifdef INET 251 /* 252 * The following disgusting hack gets around the problem that IP TOS 253 * can't be set yet. We want to put "interactive" traffic on a high 254 * priority queue. To decide if traffic is interactive, we check that 255 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 256 * 257 * XXX is this really still necessary? - joerg - 258 */ 259 static u_short interactive_ports[8] = { 260 0, 513, 0, 0, 261 0, 21, 0, 23, 262 }; 263 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 264 #endif 265 266 /* almost every function needs these */ 267 #define STDDCL \ 268 struct ifnet *ifp = &sp->pp_if; \ 269 int debug = ifp->if_flags & IFF_DEBUG 270 271 static int sppp_output(struct ifnet *ifp, struct mbuf *m, 272 struct sockaddr *dst, struct rtentry *rt); 273 274 static void sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2); 275 static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 276 277 static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 278 struct mbuf *m); 279 static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 280 u_char ident, u_short len, void *data); 281 /* static void sppp_cp_timeout(void *arg); */ 282 static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 283 int newstate); 284 static void sppp_auth_send(const struct cp *cp, 285 struct sppp *sp, unsigned int type, unsigned int id, 286 ...); 287 288 static void sppp_up_event(const struct cp *cp, struct sppp *sp); 289 static void sppp_down_event(const struct cp *cp, struct sppp *sp); 290 static void sppp_open_event(const struct cp *cp, struct sppp *sp); 291 static void sppp_close_event(const struct cp *cp, struct sppp *sp); 292 static void sppp_to_event(const struct cp *cp, struct sppp *sp); 293 294 static void sppp_null(struct sppp *sp); 295 296 static void sppp_lcp_init(struct sppp *sp); 297 static void sppp_lcp_up(struct sppp *sp); 298 static void sppp_lcp_down(struct sppp *sp); 299 static void sppp_lcp_open(struct sppp *sp); 300 static void sppp_lcp_close(struct sppp *sp); 301 static void sppp_lcp_TO(void *sp); 302 static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 303 static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 304 static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 305 static void sppp_lcp_tlu(struct sppp *sp); 306 static void sppp_lcp_tld(struct sppp *sp); 307 static void sppp_lcp_tls(struct sppp *sp); 308 static void sppp_lcp_tlf(struct sppp *sp); 309 static void sppp_lcp_scr(struct sppp *sp); 310 static void sppp_lcp_check_and_close(struct sppp *sp); 311 static int sppp_ncp_check(struct sppp *sp); 312 313 static void sppp_ipcp_init(struct sppp *sp); 314 static void sppp_ipcp_up(struct sppp *sp); 315 static void sppp_ipcp_down(struct sppp *sp); 316 static void sppp_ipcp_open(struct sppp *sp); 317 static void sppp_ipcp_close(struct sppp *sp); 318 static void sppp_ipcp_TO(void *sp); 319 static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 320 static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 321 static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 322 static void sppp_ipcp_tlu(struct sppp *sp); 323 static void sppp_ipcp_tld(struct sppp *sp); 324 static void sppp_ipcp_tls(struct sppp *sp); 325 static void sppp_ipcp_tlf(struct sppp *sp); 326 static void sppp_ipcp_scr(struct sppp *sp); 327 328 static void sppp_ipv6cp_init(struct sppp *sp); 329 static void sppp_ipv6cp_up(struct sppp *sp); 330 static void sppp_ipv6cp_down(struct sppp *sp); 331 static void sppp_ipv6cp_open(struct sppp *sp); 332 static void sppp_ipv6cp_close(struct sppp *sp); 333 static void sppp_ipv6cp_TO(void *sp); 334 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 335 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 336 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 337 static void sppp_ipv6cp_tlu(struct sppp *sp); 338 static void sppp_ipv6cp_tld(struct sppp *sp); 339 static void sppp_ipv6cp_tls(struct sppp *sp); 340 static void sppp_ipv6cp_tlf(struct sppp *sp); 341 static void sppp_ipv6cp_scr(struct sppp *sp); 342 343 static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 344 static void sppp_pap_init(struct sppp *sp); 345 static void sppp_pap_open(struct sppp *sp); 346 static void sppp_pap_close(struct sppp *sp); 347 static void sppp_pap_TO(void *sp); 348 static void sppp_pap_my_TO(void *sp); 349 static void sppp_pap_tlu(struct sppp *sp); 350 static void sppp_pap_tld(struct sppp *sp); 351 static void sppp_pap_scr(struct sppp *sp); 352 353 static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 354 static void sppp_chap_init(struct sppp *sp); 355 static void sppp_chap_open(struct sppp *sp); 356 static void sppp_chap_close(struct sppp *sp); 357 static void sppp_chap_TO(void *sp); 358 static void sppp_chap_tlu(struct sppp *sp); 359 static void sppp_chap_tld(struct sppp *sp); 360 static void sppp_chap_scr(struct sppp *sp); 361 362 static const char *sppp_auth_type_name(u_short proto, u_char type); 363 static const char *sppp_cp_type_name(u_char type); 364 static const char *sppp_dotted_quad(u_int32_t addr); 365 static const char *sppp_ipcp_opt_name(u_char opt); 366 #ifdef INET6 367 static const char *sppp_ipv6cp_opt_name(u_char opt); 368 #endif 369 static const char *sppp_lcp_opt_name(u_char opt); 370 static const char *sppp_phase_name(int phase); 371 static const char *sppp_proto_name(u_short proto); 372 static const char *sppp_state_name(int state); 373 static int sppp_params(struct sppp *sp, int cmd, void *data); 374 static void sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, 375 u_int32_t *srcmask); 376 static void sppp_keepalive(void *dummy); 377 static void sppp_phase_network(struct sppp *sp); 378 static void sppp_print_bytes(const u_char *p, u_short len); 379 static void sppp_print_string(const char *p, u_short len); 380 static void sppp_set_ip_addrs(struct sppp *sp, u_int32_t myaddr, u_int32_t hisaddr); 381 static void sppp_clear_ip_addrs(struct sppp *sp); 382 #ifdef INET6 383 static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 384 struct in6_addr *dst, struct in6_addr *srcmask); 385 #ifdef IPV6CP_MYIFID_DYN 386 static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 387 static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 388 #endif 389 static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 390 #endif 391 392 /* our control protocol descriptors */ 393 static const struct cp lcp = { 394 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 395 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 396 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 397 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 398 sppp_lcp_scr 399 }; 400 401 static const struct cp ipcp = { 402 PPP_IPCP, IDX_IPCP, 403 #ifdef INET 404 CP_NCP, /*don't run IPCP if there's no IPv4 support*/ 405 #else 406 0, 407 #endif 408 "ipcp", 409 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 410 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 411 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 412 sppp_ipcp_scr 413 }; 414 415 static const struct cp ipv6cp = { 416 PPP_IPV6CP, IDX_IPV6CP, 417 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 418 CP_NCP, 419 #else 420 0, 421 #endif 422 "ipv6cp", 423 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 424 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 425 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 426 sppp_ipv6cp_scr 427 }; 428 429 static const struct cp pap = { 430 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 431 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 432 sppp_pap_TO, 0, 0, 0, 433 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 434 sppp_pap_scr 435 }; 436 437 static const struct cp chap = { 438 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 439 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 440 sppp_chap_TO, 0, 0, 0, 441 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 442 sppp_chap_scr 443 }; 444 445 static const struct cp *cps[IDX_COUNT] = { 446 &lcp, /* IDX_LCP */ 447 &ipcp, /* IDX_IPCP */ 448 &ipv6cp, /* IDX_IPV6CP */ 449 &pap, /* IDX_PAP */ 450 &chap, /* IDX_CHAP */ 451 }; 452 453 454 /* 455 * Exported functions, comprising our interface to the lower layer. 456 */ 457 458 /* 459 * Process the received packet. 460 */ 461 void 462 sppp_input(struct ifnet *ifp, struct mbuf *m) 463 { 464 struct ppp_header *h = NULL; 465 struct ifqueue *inq = 0; 466 u_int16_t protocol; 467 int s; 468 struct sppp *sp = (struct sppp *)ifp; 469 int debug = ifp->if_flags & IFF_DEBUG; 470 471 if (ifp->if_flags & IFF_UP) { 472 /* Count received bytes, add hardware framing */ 473 ifp->if_ibytes += m->m_pkthdr.len + sp->pp_framebytes; 474 /* Note time of last receive */ 475 sp->pp_last_receive = mono_time.tv_sec; 476 } 477 478 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 479 /* Too small packet, drop it. */ 480 if (debug) 481 log(LOG_DEBUG, 482 "%s: input packet is too small, %d bytes\n", 483 ifp->if_xname, m->m_pkthdr.len); 484 drop: 485 ++ifp->if_ierrors; 486 ++ifp->if_iqdrops; 487 m_freem(m); 488 return; 489 } 490 491 if (sp->pp_flags & PP_NOFRAMING) { 492 memcpy(&protocol, mtod(m, void *), 2); 493 protocol = ntohs(protocol); 494 m_adj(m, 2); 495 } else { 496 497 /* Get PPP header. */ 498 h = mtod(m, struct ppp_header *); 499 m_adj(m, PPP_HEADER_LEN); 500 501 switch (h->address) { 502 case PPP_ALLSTATIONS: 503 if (h->control != PPP_UI) 504 goto invalid; 505 if (sp->pp_flags & PP_CISCO) { 506 if (debug) 507 log(LOG_DEBUG, 508 "%s: PPP packet in Cisco mode " 509 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 510 ifp->if_xname, 511 h->address, h->control, ntohs(h->protocol)); 512 goto drop; 513 } 514 break; 515 case CISCO_MULTICAST: 516 case CISCO_UNICAST: 517 /* Don't check the control field here (RFC 1547). */ 518 if (! (sp->pp_flags & PP_CISCO)) { 519 if (debug) 520 log(LOG_DEBUG, 521 "%s: Cisco packet in PPP mode " 522 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 523 ifp->if_xname, 524 h->address, h->control, ntohs(h->protocol)); 525 goto drop; 526 } 527 switch (ntohs(h->protocol)) { 528 default: 529 ++ifp->if_noproto; 530 goto invalid; 531 case CISCO_KEEPALIVE: 532 sppp_cisco_input((struct sppp *) ifp, m); 533 m_freem(m); 534 return; 535 #ifdef INET 536 case ETHERTYPE_IP: 537 schednetisr(NETISR_IP); 538 inq = &ipintrq; 539 break; 540 #endif 541 #ifdef INET6 542 case ETHERTYPE_IPV6: 543 schednetisr(NETISR_IPV6); 544 inq = &ip6intrq; 545 break; 546 #endif 547 #ifdef IPX 548 case ETHERTYPE_IPX: 549 schednetisr(NETISR_IPX); 550 inq = &ipxintrq; 551 break; 552 #endif 553 #ifdef NS 554 case ETHERTYPE_NS: 555 schednetisr(NETISR_NS); 556 inq = &nsintrq; 557 break; 558 #endif 559 } 560 goto queue_pkt; 561 default: /* Invalid PPP packet. */ 562 invalid: 563 if (debug) 564 log(LOG_DEBUG, 565 "%s: invalid input packet " 566 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 567 ifp->if_xname, 568 h->address, h->control, ntohs(h->protocol)); 569 goto drop; 570 } 571 protocol = ntohs(h->protocol); 572 } 573 574 switch (protocol) { 575 default: 576 if (sp->state[IDX_LCP] == STATE_OPENED) { 577 u_int16_t prot = htons(protocol); 578 sppp_cp_send(sp, PPP_LCP, PROTO_REJ, 579 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 580 &prot); 581 } 582 if (debug) 583 log(LOG_DEBUG, 584 "%s: invalid input protocol " 585 "<proto=0x%x>\n", ifp->if_xname, ntohs(protocol)); 586 ++ifp->if_noproto; 587 goto drop; 588 case PPP_LCP: 589 sppp_cp_input(&lcp, sp, m); 590 m_freem(m); 591 return; 592 case PPP_PAP: 593 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) 594 sppp_pap_input(sp, m); 595 m_freem(m); 596 return; 597 case PPP_CHAP: 598 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) 599 sppp_chap_input(sp, m); 600 m_freem(m); 601 return; 602 #ifdef INET 603 case PPP_IPCP: 604 if (sp->pp_phase == SPPP_PHASE_NETWORK) 605 sppp_cp_input(&ipcp, sp, m); 606 m_freem(m); 607 return; 608 case PPP_IP: 609 if (sp->state[IDX_IPCP] == STATE_OPENED) { 610 schednetisr(NETISR_IP); 611 inq = &ipintrq; 612 sp->pp_last_activity = mono_time.tv_sec; 613 } 614 break; 615 #endif 616 #ifdef INET6 617 case PPP_IPV6CP: 618 if (sp->pp_phase == SPPP_PHASE_NETWORK) 619 sppp_cp_input(&ipv6cp, sp, m); 620 m_freem(m); 621 return; 622 623 case PPP_IPV6: 624 if (sp->state[IDX_IPV6CP] == STATE_OPENED) { 625 schednetisr(NETISR_IPV6); 626 inq = &ip6intrq; 627 sp->pp_last_activity = mono_time.tv_sec; 628 } 629 break; 630 #endif 631 #ifdef IPX 632 case PPP_IPX: 633 /* IPX IPXCP not implemented yet */ 634 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 635 schednetisr(NETISR_IPX); 636 inq = &ipxintrq; 637 } 638 break; 639 #endif 640 #ifdef NS 641 case PPP_XNS: 642 /* XNS IDPCP not implemented yet */ 643 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 644 schednetisr(NETISR_NS); 645 inq = &nsintrq; 646 } 647 break; 648 #endif 649 #ifdef ISO 650 case PPP_ISO: 651 /* OSI NLCP not implemented yet */ 652 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 653 schednetisr(NETISR_ISO); 654 inq = &clnlintrq; 655 } 656 break; 657 #endif 658 } 659 660 queue_pkt: 661 if (! (ifp->if_flags & IFF_UP) || ! inq) 662 goto drop; 663 664 /* Check queue. */ 665 s = splnet(); 666 if (IF_QFULL(inq)) { 667 /* Queue overflow. */ 668 IF_DROP(inq); 669 splx(s); 670 if (debug) 671 log(LOG_DEBUG, "%s: protocol queue overflow\n", 672 ifp->if_xname); 673 goto drop; 674 } 675 IF_ENQUEUE(inq, m); 676 splx(s); 677 } 678 679 /* 680 * Enqueue transmit packet. 681 */ 682 static int 683 sppp_output(struct ifnet *ifp, struct mbuf *m, 684 struct sockaddr *dst, struct rtentry *rt) 685 { 686 struct sppp *sp = (struct sppp *) ifp; 687 struct ppp_header *h = NULL; 688 struct ifqueue *ifq = NULL; /* XXX */ 689 int s, len, rv = 0; 690 u_int16_t protocol; 691 ALTQ_DECL(struct altq_pktattr pktattr;) 692 693 s = splnet(); 694 695 sp->pp_last_activity = mono_time.tv_sec; 696 697 if ((ifp->if_flags & IFF_UP) == 0 || 698 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 699 m_freem(m); 700 splx(s); 701 return (ENETDOWN); 702 } 703 704 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 705 /* 706 * Interface is not yet running, but auto-dial. Need 707 * to start LCP for it. 708 */ 709 ifp->if_flags |= IFF_RUNNING; 710 splx(s); 711 lcp.Open(sp); 712 s = splnet(); 713 } 714 715 /* 716 * If the queueing discipline needs packet classification, 717 * do it before prepending link headers. 718 */ 719 IFQ_CLASSIFY(&ifp->if_snd, m, dst->sa_family, &pktattr); 720 721 #ifdef INET 722 if (dst->sa_family == AF_INET) { 723 struct ip *ip = NULL; 724 struct tcphdr *th = NULL; 725 726 if (m->m_len >= sizeof(struct ip)) { 727 ip = mtod(m, struct ip *); 728 if (ip->ip_p == IPPROTO_TCP && 729 m->m_len >= sizeof(struct ip) + (ip->ip_hl << 2) + 730 sizeof(struct tcphdr)) { 731 th = (struct tcphdr *) 732 ((caddr_t)ip + (ip->ip_hl << 2)); 733 } 734 } else 735 ip = NULL; 736 737 /* 738 * When using dynamic local IP address assignment by using 739 * 0.0.0.0 as a local address, the first TCP session will 740 * not connect because the local TCP checksum is computed 741 * using 0.0.0.0 which will later become our real IP address 742 * so the TCP checksum computed at the remote end will 743 * become invalid. So we 744 * - don't let packets with src ip addr 0 thru 745 * - we flag TCP packets with src ip 0 as an error 746 */ 747 if (ip && ip->ip_src.s_addr == INADDR_ANY) { 748 u_int8_t proto = ip->ip_p; 749 750 m_freem(m); 751 splx(s); 752 if (proto == IPPROTO_TCP) 753 return (EADDRNOTAVAIL); 754 else 755 return (0); 756 } 757 758 /* 759 * Put low delay, telnet, rlogin and ftp control packets 760 * in front of the queue. 761 */ 762 763 if (!IF_QFULL(&sp->pp_fastq) && 764 ((ip && (ip->ip_tos & IPTOS_LOWDELAY)) || 765 (th && (INTERACTIVE(ntohs(th->th_sport)) || 766 INTERACTIVE(ntohs(th->th_dport)))))) 767 ifq = &sp->pp_fastq; 768 } 769 #endif 770 771 #ifdef INET6 772 if (dst->sa_family == AF_INET6) { 773 /* XXX do something tricky here? */ 774 } 775 #endif 776 777 if ((sp->pp_flags & PP_NOFRAMING) == 0) { 778 /* 779 * Prepend general data packet PPP header. For now, IP only. 780 */ 781 M_PREPEND(m, PPP_HEADER_LEN, M_DONTWAIT); 782 if (! m) { 783 if (ifp->if_flags & IFF_DEBUG) 784 log(LOG_DEBUG, "%s: no memory for transmit header\n", 785 ifp->if_xname); 786 ++ifp->if_oerrors; 787 splx(s); 788 return (ENOBUFS); 789 } 790 /* 791 * May want to check size of packet 792 * (albeit due to the implementation it's always enough) 793 */ 794 h = mtod(m, struct ppp_header *); 795 if (sp->pp_flags & PP_CISCO) { 796 h->address = CISCO_UNICAST; /* unicast address */ 797 h->control = 0; 798 } else { 799 h->address = PPP_ALLSTATIONS; /* broadcast address */ 800 h->control = PPP_UI; /* Unnumbered Info */ 801 } 802 } 803 804 switch (dst->sa_family) { 805 #ifdef INET 806 case AF_INET: /* Internet Protocol */ 807 if (sp->pp_flags & PP_CISCO) 808 protocol = htons(ETHERTYPE_IP); 809 else { 810 /* 811 * Don't choke with an ENETDOWN early. It's 812 * possible that we just started dialing out, 813 * so don't drop the packet immediately. If 814 * we notice that we run out of buffer space 815 * below, we will however remember that we are 816 * not ready to carry IP packets, and return 817 * ENETDOWN, as opposed to ENOBUFS. 818 */ 819 protocol = htons(PPP_IP); 820 if (sp->state[IDX_IPCP] != STATE_OPENED) 821 rv = ENETDOWN; 822 } 823 break; 824 #endif 825 #ifdef INET6 826 case AF_INET6: /* Internet Protocol version 6 */ 827 if (sp->pp_flags & PP_CISCO) 828 protocol = htons(ETHERTYPE_IPV6); 829 else { 830 /* 831 * Don't choke with an ENETDOWN early. It's 832 * possible that we just started dialing out, 833 * so don't drop the packet immediately. If 834 * we notice that we run out of buffer space 835 * below, we will however remember that we are 836 * not ready to carry IP packets, and return 837 * ENETDOWN, as opposed to ENOBUFS. 838 */ 839 protocol = htons(PPP_IPV6); 840 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 841 rv = ENETDOWN; 842 } 843 break; 844 #endif 845 #ifdef NS 846 case AF_NS: /* Xerox NS Protocol */ 847 protocol = htons((sp->pp_flags & PP_CISCO) ? 848 ETHERTYPE_NS : PPP_XNS); 849 break; 850 #endif 851 #ifdef IPX 852 case AF_IPX: /* Novell IPX Protocol */ 853 protocol = htons((sp->pp_flags & PP_CISCO) ? 854 ETHERTYPE_IPX : PPP_IPX); 855 break; 856 #endif 857 #ifdef ISO 858 case AF_ISO: /* ISO OSI Protocol */ 859 if (sp->pp_flags & PP_CISCO) 860 goto nosupport; 861 protocol = htons(PPP_ISO); 862 break; 863 nosupport: 864 #endif 865 default: 866 m_freem(m); 867 ++ifp->if_oerrors; 868 splx(s); 869 return (EAFNOSUPPORT); 870 } 871 872 if (sp->pp_flags & PP_NOFRAMING) { 873 M_PREPEND(m, 2, M_DONTWAIT); 874 if (m == NULL) { 875 if (ifp->if_flags & IFF_DEBUG) 876 log(LOG_DEBUG, "%s: no memory for transmit header\n", 877 ifp->if_xname); 878 ++ifp->if_oerrors; 879 splx(s); 880 return (ENOBUFS); 881 } 882 *mtod(m, u_int16_t *) = protocol; 883 } else { 884 h->protocol = protocol; 885 } 886 887 /* 888 * Queue message on interface, and start output if interface 889 * not yet active. 890 */ 891 len = m->m_pkthdr.len; 892 if (ifq != NULL 893 #ifdef ALTQ 894 && ALTQ_IS_ENABLED(&ifp->if_snd) == 0 895 #endif 896 ) { 897 if (IF_QFULL(ifq)) { 898 IF_DROP(&ifp->if_snd); 899 m_freem(m); 900 if (rv == 0) 901 rv = ENOBUFS; 902 } 903 else 904 IF_ENQUEUE(ifq, m); 905 } else 906 IFQ_ENQUEUE(&ifp->if_snd, m, &pktattr, rv); 907 if (rv != 0) { 908 ++ifp->if_oerrors; 909 splx(s); 910 return (rv); 911 } 912 913 if (! (ifp->if_flags & IFF_OACTIVE)) 914 (*ifp->if_start)(ifp); 915 916 /* 917 * Count output packets and bytes. 918 * The packet length includes header + additional hardware framing 919 * according to RFC 1333. 920 */ 921 ifp->if_obytes += len + sp->pp_framebytes; 922 splx(s); 923 return (0); 924 } 925 926 void 927 sppp_attach(struct ifnet *ifp) 928 { 929 struct sppp *sp = (struct sppp *) ifp; 930 931 /* Initialize keepalive handler. */ 932 if (! spppq) { 933 callout_init(&keepalive_ch); 934 callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 935 } 936 937 /* Insert new entry into the keepalive list. */ 938 sp->pp_next = spppq; 939 spppq = sp; 940 941 sp->pp_if.if_type = IFT_PPP; 942 sp->pp_if.if_output = sppp_output; 943 sp->pp_fastq.ifq_maxlen = 32; 944 sp->pp_cpq.ifq_maxlen = 20; 945 sp->pp_loopcnt = 0; 946 sp->pp_alivecnt = 0; 947 sp->pp_last_activity = 0; 948 sp->pp_last_receive = 0; 949 sp->pp_maxalive = DEFAULT_MAXALIVECNT; 950 sp->pp_max_noreceive = DEFAULT_NORECV_TIME; 951 sp->pp_idle_timeout = 0; 952 memset(&sp->pp_seq[0], 0, sizeof(sp->pp_seq)); 953 memset(&sp->pp_rseq[0], 0, sizeof(sp->pp_rseq)); 954 sp->pp_auth_failures = 0; 955 sp->pp_max_auth_fail = DEFAULT_MAX_AUTH_FAILURES; 956 sp->pp_phase = SPPP_PHASE_DEAD; 957 sp->pp_up = lcp.Up; 958 sp->pp_down = lcp.Down; 959 960 if_alloc_sadl(ifp); 961 962 memset(&sp->myauth, 0, sizeof sp->myauth); 963 memset(&sp->hisauth, 0, sizeof sp->hisauth); 964 sppp_lcp_init(sp); 965 sppp_ipcp_init(sp); 966 sppp_ipv6cp_init(sp); 967 sppp_pap_init(sp); 968 sppp_chap_init(sp); 969 } 970 971 void 972 sppp_detach(struct ifnet *ifp) 973 { 974 struct sppp **q, *p, *sp = (struct sppp *) ifp; 975 int i; 976 977 /* Remove the entry from the keepalive list. */ 978 for (q = &spppq; (p = *q); q = &p->pp_next) 979 if (p == sp) { 980 *q = p->pp_next; 981 break; 982 } 983 984 /* Stop keepalive handler. */ 985 if (! spppq) { 986 callout_stop(&keepalive_ch); 987 } 988 989 for (i = 0; i < IDX_COUNT; i++) { 990 callout_stop(&sp->ch[i]); 991 } 992 callout_stop(&sp->pap_my_to_ch); 993 994 /* free authentication info */ 995 if (sp->myauth.name) free(sp->myauth.name, M_DEVBUF); 996 if (sp->myauth.secret) free(sp->myauth.secret, M_DEVBUF); 997 if (sp->hisauth.name) free(sp->hisauth.name, M_DEVBUF); 998 if (sp->hisauth.secret) free(sp->hisauth.secret, M_DEVBUF); 999 1000 #if 0 /* done in if_detach() */ 1001 if_free_sadl(ifp); 1002 #endif 1003 } 1004 1005 /* 1006 * Flush the interface output queue. 1007 */ 1008 void 1009 sppp_flush(struct ifnet *ifp) 1010 { 1011 struct sppp *sp = (struct sppp *) ifp; 1012 1013 IFQ_PURGE(&sp->pp_if.if_snd); 1014 IF_PURGE(&sp->pp_fastq); 1015 IF_PURGE(&sp->pp_cpq); 1016 } 1017 1018 /* 1019 * Check if the output queue is empty. 1020 */ 1021 int 1022 sppp_isempty(struct ifnet *ifp) 1023 { 1024 struct sppp *sp = (struct sppp *) ifp; 1025 int empty, s; 1026 1027 s = splnet(); 1028 empty = IF_IS_EMPTY(&sp->pp_fastq) && IF_IS_EMPTY(&sp->pp_cpq) && 1029 IFQ_IS_EMPTY(&sp->pp_if.if_snd); 1030 splx(s); 1031 return (empty); 1032 } 1033 1034 /* 1035 * Get next packet to send. 1036 */ 1037 struct mbuf * 1038 sppp_dequeue(struct ifnet *ifp) 1039 { 1040 struct sppp *sp = (struct sppp *) ifp; 1041 struct mbuf *m; 1042 int s; 1043 1044 s = splnet(); 1045 /* 1046 * Process only the control protocol queue until we have at 1047 * least one NCP open. 1048 * 1049 * Do always serve all three queues in Cisco mode. 1050 */ 1051 IF_DEQUEUE(&sp->pp_cpq, m); 1052 if (m == NULL && 1053 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) { 1054 IF_DEQUEUE(&sp->pp_fastq, m); 1055 if (m == NULL) 1056 IFQ_DEQUEUE(&sp->pp_if.if_snd, m); 1057 } 1058 splx(s); 1059 return m; 1060 } 1061 1062 /* 1063 * Process an ioctl request. Called on low priority level. 1064 */ 1065 int 1066 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) 1067 { 1068 struct ifreq *ifr = (struct ifreq *) data; 1069 struct sppp *sp = (struct sppp *) ifp; 1070 int s, error=0, going_up, going_down, newmode; 1071 1072 s = splnet(); 1073 switch (cmd) { 1074 case SIOCAIFADDR: 1075 case SIOCSIFDSTADDR: 1076 break; 1077 1078 case SIOCSIFADDR: 1079 if_up(ifp); 1080 /* fall through... */ 1081 1082 case SIOCSIFFLAGS: 1083 going_up = ifp->if_flags & IFF_UP && 1084 (ifp->if_flags & IFF_RUNNING) == 0; 1085 going_down = (ifp->if_flags & IFF_UP) == 0 && 1086 ifp->if_flags & IFF_RUNNING; 1087 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 1088 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 1089 /* sanity */ 1090 newmode = IFF_PASSIVE; 1091 ifp->if_flags &= ~IFF_AUTO; 1092 } 1093 1094 if (going_up || going_down) 1095 lcp.Close(sp); 1096 if (going_up && newmode == 0) { 1097 /* neither auto-dial nor passive */ 1098 ifp->if_flags |= IFF_RUNNING; 1099 if (!(sp->pp_flags & PP_CISCO)) 1100 lcp.Open(sp); 1101 } else if (going_down) { 1102 sppp_flush(ifp); 1103 ifp->if_flags &= ~IFF_RUNNING; 1104 } 1105 1106 break; 1107 1108 #ifdef SIOCSIFMTU 1109 #ifndef ifr_mtu 1110 #define ifr_mtu ifr_metric 1111 #endif 1112 case SIOCSIFMTU: 1113 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) { 1114 error = EINVAL; 1115 break; 1116 } 1117 1118 ifp->if_mtu = ifr->ifr_mtu; 1119 break; 1120 #endif 1121 #ifdef SLIOCSETMTU 1122 case SLIOCSETMTU: 1123 if (*(short *)data < 128 || *(short *)data > sp->lcp.their_mru) 1124 { 1125 error = EINVAL; 1126 break; 1127 } 1128 1129 ifp->if_mtu = *(short *)data; 1130 break; 1131 #endif 1132 #ifdef SIOCGIFMTU 1133 case SIOCGIFMTU: 1134 ifr->ifr_mtu = ifp->if_mtu; 1135 break; 1136 #endif 1137 #ifdef SLIOCGETMTU 1138 case SLIOCGETMTU: 1139 *(short *)data = ifp->if_mtu; 1140 break; 1141 #endif 1142 case SIOCADDMULTI: 1143 case SIOCDELMULTI: 1144 break; 1145 1146 case SPPPSETAUTHCFG: 1147 case SPPPGETAUTHCFG: 1148 case SPPPSETLCPCFG: 1149 case SPPPGETLCPCFG: 1150 case SPPPSETIDLETO: 1151 case SPPPSETAUTHFAILURE: 1152 case SPPPGETAUTHFAILURES: 1153 case SPPPSETDNSOPTS: 1154 case SPPPSETKEEPALIVE: 1155 { 1156 struct proc *p = curproc; /* XXX */ 1157 1158 if ((error = suser(p->p_ucred, &p->p_acflag)) != 0) 1159 break; 1160 } 1161 /* FALLTHROUGH */ 1162 case SPPPGETSTATUS: 1163 case SPPPGETSTATUSNCP: 1164 case SPPPGETIDLETO: 1165 case SPPPGETDNSOPTS: 1166 case SPPPGETDNSADDRS: 1167 case SPPPGETKEEPALIVE: 1168 error = sppp_params(sp, cmd, data); 1169 break; 1170 1171 default: 1172 error = ENOTTY; 1173 } 1174 splx(s); 1175 return (error); 1176 } 1177 1178 1179 /* 1180 * Cisco framing implementation. 1181 */ 1182 1183 /* 1184 * Handle incoming Cisco keepalive protocol packets. 1185 */ 1186 static void 1187 sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1188 { 1189 STDDCL; 1190 struct cisco_packet *h; 1191 u_int32_t me, mymask; 1192 1193 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1194 if (debug) 1195 log(LOG_DEBUG, 1196 "%s: cisco invalid packet length: %d bytes\n", 1197 ifp->if_xname, m->m_pkthdr.len); 1198 return; 1199 } 1200 h = mtod(m, struct cisco_packet *); 1201 if (debug) 1202 log(LOG_DEBUG, 1203 "%s: cisco input: %d bytes " 1204 "<0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", 1205 ifp->if_xname, m->m_pkthdr.len, 1206 ntohl (h->type), h->par1, h->par2, (u_int)h->rel, 1207 (u_int)h->time0, (u_int)h->time1); 1208 switch (ntohl (h->type)) { 1209 default: 1210 if (debug) 1211 addlog("%s: cisco unknown packet type: 0x%x\n", 1212 ifp->if_xname, ntohl (h->type)); 1213 break; 1214 case CISCO_ADDR_REPLY: 1215 /* Reply on address request, ignore */ 1216 break; 1217 case CISCO_KEEPALIVE_REQ: 1218 sp->pp_alivecnt = 0; 1219 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1220 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1221 /* Local and remote sequence numbers are equal. 1222 * Probably, the line is in loopback mode. */ 1223 if (sp->pp_loopcnt >= LOOPALIVECNT) { 1224 printf ("%s: loopback\n", 1225 ifp->if_xname); 1226 sp->pp_loopcnt = 0; 1227 if (ifp->if_flags & IFF_UP) { 1228 if_down(ifp); 1229 IF_PURGE(&sp->pp_cpq); 1230 } 1231 } 1232 ++sp->pp_loopcnt; 1233 1234 /* Generate new local sequence number */ 1235 sp->pp_seq[IDX_LCP] = arc4random(); 1236 break; 1237 } 1238 sp->pp_loopcnt = 0; 1239 if (! (ifp->if_flags & IFF_UP) && 1240 (ifp->if_flags & IFF_RUNNING)) { 1241 if_up(ifp); 1242 } 1243 break; 1244 case CISCO_ADDR_REQ: 1245 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1246 if (me != 0L) 1247 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1248 break; 1249 } 1250 } 1251 1252 /* 1253 * Send Cisco keepalive packet. 1254 */ 1255 static void 1256 sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2) 1257 { 1258 STDDCL; 1259 struct ppp_header *h; 1260 struct cisco_packet *ch; 1261 struct mbuf *m; 1262 u_int32_t t = (time.tv_sec - boottime.tv_sec) * 1000; 1263 1264 MGETHDR(m, M_DONTWAIT, MT_DATA); 1265 if (! m) 1266 return; 1267 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1268 m->m_pkthdr.rcvif = 0; 1269 1270 h = mtod(m, struct ppp_header *); 1271 h->address = CISCO_MULTICAST; 1272 h->control = 0; 1273 h->protocol = htons(CISCO_KEEPALIVE); 1274 1275 ch = (struct cisco_packet *)(h + 1); 1276 ch->type = htonl(type); 1277 ch->par1 = htonl(par1); 1278 ch->par2 = htonl(par2); 1279 ch->rel = -1; 1280 1281 ch->time0 = htons((u_short)(t >> 16)); 1282 ch->time1 = htons((u_short) t); 1283 1284 if (debug) 1285 log(LOG_DEBUG, 1286 "%s: cisco output: <0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", 1287 ifp->if_xname, ntohl (ch->type), ch->par1, 1288 ch->par2, (u_int)ch->rel, (u_int)ch->time0, 1289 (u_int)ch->time1); 1290 1291 if (IF_QFULL(&sp->pp_cpq)) { 1292 IF_DROP(&sp->pp_fastq); 1293 IF_DROP(&ifp->if_snd); 1294 m_freem(m); 1295 ++ifp->if_oerrors; 1296 return; 1297 } else 1298 IF_ENQUEUE(&sp->pp_cpq, m); 1299 if (! (ifp->if_flags & IFF_OACTIVE)) 1300 (*ifp->if_start)(ifp); 1301 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes; 1302 } 1303 1304 /* 1305 * PPP protocol implementation. 1306 */ 1307 1308 /* 1309 * Send PPP control protocol packet. 1310 */ 1311 static void 1312 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1313 u_char ident, u_short len, void *data) 1314 { 1315 STDDCL; 1316 struct lcp_header *lh; 1317 struct mbuf *m; 1318 size_t pkthdrlen; 1319 1320 pkthdrlen = (sp->pp_flags & PP_NOFRAMING) ? 2 : PPP_HEADER_LEN; 1321 1322 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) 1323 len = MHLEN - pkthdrlen - LCP_HEADER_LEN; 1324 MGETHDR(m, M_DONTWAIT, MT_DATA); 1325 if (! m) 1326 return; 1327 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 1328 m->m_pkthdr.rcvif = 0; 1329 1330 if (sp->pp_flags & PP_NOFRAMING) { 1331 *mtod(m, u_int16_t *) = htons(proto); 1332 lh = (struct lcp_header *)(mtod(m, u_int8_t *) + 2); 1333 } else { 1334 struct ppp_header *h; 1335 h = mtod(m, struct ppp_header *); 1336 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1337 h->control = PPP_UI; /* Unnumbered Info */ 1338 h->protocol = htons(proto); /* Link Control Protocol */ 1339 lh = (struct lcp_header *)(h + 1); 1340 } 1341 lh->type = type; 1342 lh->ident = ident; 1343 lh->len = htons(LCP_HEADER_LEN + len); 1344 if (len) 1345 bcopy (data, lh + 1, len); 1346 1347 if (debug) { 1348 log(LOG_DEBUG, "%s: %s output <%s id=0x%x len=%d", 1349 ifp->if_xname, 1350 sppp_proto_name(proto), 1351 sppp_cp_type_name(lh->type), lh->ident, ntohs(lh->len)); 1352 if (len) 1353 sppp_print_bytes((u_char *)(lh + 1), len); 1354 addlog(">\n"); 1355 } 1356 if (IF_QFULL(&sp->pp_cpq)) { 1357 IF_DROP(&sp->pp_fastq); 1358 IF_DROP(&ifp->if_snd); 1359 m_freem(m); 1360 ++ifp->if_oerrors; 1361 return; 1362 } else 1363 IF_ENQUEUE(&sp->pp_cpq, m); 1364 if (! (ifp->if_flags & IFF_OACTIVE)) 1365 (*ifp->if_start)(ifp); 1366 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes; 1367 } 1368 1369 /* 1370 * Handle incoming PPP control protocol packets. 1371 */ 1372 static void 1373 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1374 { 1375 STDDCL; 1376 struct lcp_header *h; 1377 int len = m->m_pkthdr.len; 1378 int rv; 1379 u_char *p; 1380 u_int32_t u32; 1381 1382 if (len < 4) { 1383 if (debug) 1384 log(LOG_DEBUG, 1385 "%s: %s invalid packet length: %d bytes\n", 1386 ifp->if_xname, cp->name, len); 1387 return; 1388 } 1389 h = mtod(m, struct lcp_header *); 1390 if (debug) { 1391 log(LOG_DEBUG, 1392 "%s: %s input(%s): <%s id=0x%x len=%d", 1393 ifp->if_xname, cp->name, 1394 sppp_state_name(sp->state[cp->protoidx]), 1395 sppp_cp_type_name(h->type), h->ident, ntohs(h->len)); 1396 if (len > 4) 1397 sppp_print_bytes((u_char *)(h + 1), len - 4); 1398 addlog(">\n"); 1399 } 1400 if (len > ntohs(h->len)) 1401 len = ntohs(h->len); 1402 p = (u_char *)(h + 1); 1403 switch (h->type) { 1404 case CONF_REQ: 1405 if (len < 4) { 1406 if (debug) 1407 addlog("%s: %s invalid conf-req length %d\n", 1408 ifp->if_xname, cp->name, 1409 len); 1410 ++ifp->if_ierrors; 1411 break; 1412 } 1413 /* handle states where RCR doesn't get a SCA/SCN */ 1414 switch (sp->state[cp->protoidx]) { 1415 case STATE_CLOSING: 1416 case STATE_STOPPING: 1417 return; 1418 case STATE_CLOSED: 1419 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1420 0, 0); 1421 return; 1422 } 1423 rv = (cp->RCR)(sp, h, len); 1424 switch (sp->state[cp->protoidx]) { 1425 case STATE_OPENED: 1426 (cp->tld)(sp); 1427 (cp->scr)(sp); 1428 /* fall through... */ 1429 case STATE_ACK_SENT: 1430 case STATE_REQ_SENT: 1431 sppp_cp_change_state(cp, sp, rv? 1432 STATE_ACK_SENT: STATE_REQ_SENT); 1433 break; 1434 case STATE_STOPPED: 1435 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1436 (cp->scr)(sp); 1437 sppp_cp_change_state(cp, sp, rv? 1438 STATE_ACK_SENT: STATE_REQ_SENT); 1439 break; 1440 case STATE_ACK_RCVD: 1441 if (rv) { 1442 sppp_cp_change_state(cp, sp, STATE_OPENED); 1443 if (debug) 1444 log(LOG_DEBUG, "%s: %s tlu\n", 1445 ifp->if_xname, 1446 cp->name); 1447 (cp->tlu)(sp); 1448 } else 1449 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1450 break; 1451 default: 1452 printf("%s: %s illegal %s in state %s\n", 1453 ifp->if_xname, cp->name, 1454 sppp_cp_type_name(h->type), 1455 sppp_state_name(sp->state[cp->protoidx])); 1456 ++ifp->if_ierrors; 1457 } 1458 break; 1459 case CONF_ACK: 1460 if (h->ident != sp->confid[cp->protoidx]) { 1461 if (debug) 1462 addlog("%s: %s id mismatch 0x%x != 0x%x\n", 1463 ifp->if_xname, cp->name, 1464 h->ident, sp->confid[cp->protoidx]); 1465 ++ifp->if_ierrors; 1466 break; 1467 } 1468 switch (sp->state[cp->protoidx]) { 1469 case STATE_CLOSED: 1470 case STATE_STOPPED: 1471 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1472 break; 1473 case STATE_CLOSING: 1474 case STATE_STOPPING: 1475 break; 1476 case STATE_REQ_SENT: 1477 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1478 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1479 break; 1480 case STATE_OPENED: 1481 (cp->tld)(sp); 1482 /* fall through */ 1483 case STATE_ACK_RCVD: 1484 (cp->scr)(sp); 1485 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1486 break; 1487 case STATE_ACK_SENT: 1488 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1489 sppp_cp_change_state(cp, sp, STATE_OPENED); 1490 if (debug) 1491 log(LOG_DEBUG, "%s: %s tlu\n", 1492 ifp->if_xname, cp->name); 1493 (cp->tlu)(sp); 1494 break; 1495 default: 1496 printf("%s: %s illegal %s in state %s\n", 1497 ifp->if_xname, cp->name, 1498 sppp_cp_type_name(h->type), 1499 sppp_state_name(sp->state[cp->protoidx])); 1500 ++ifp->if_ierrors; 1501 } 1502 break; 1503 case CONF_NAK: 1504 case CONF_REJ: 1505 if (h->ident != sp->confid[cp->protoidx]) { 1506 if (debug) 1507 addlog("%s: %s id mismatch 0x%x != 0x%x\n", 1508 ifp->if_xname, cp->name, 1509 h->ident, sp->confid[cp->protoidx]); 1510 ++ifp->if_ierrors; 1511 break; 1512 } 1513 if (h->type == CONF_NAK) 1514 (cp->RCN_nak)(sp, h, len); 1515 else /* CONF_REJ */ 1516 (cp->RCN_rej)(sp, h, len); 1517 1518 switch (sp->state[cp->protoidx]) { 1519 case STATE_CLOSED: 1520 case STATE_STOPPED: 1521 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1522 break; 1523 case STATE_REQ_SENT: 1524 case STATE_ACK_SENT: 1525 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1526 (cp->scr)(sp); 1527 break; 1528 case STATE_OPENED: 1529 (cp->tld)(sp); 1530 /* fall through */ 1531 case STATE_ACK_RCVD: 1532 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1533 (cp->scr)(sp); 1534 break; 1535 case STATE_CLOSING: 1536 case STATE_STOPPING: 1537 break; 1538 default: 1539 printf("%s: %s illegal %s in state %s\n", 1540 ifp->if_xname, cp->name, 1541 sppp_cp_type_name(h->type), 1542 sppp_state_name(sp->state[cp->protoidx])); 1543 ++ifp->if_ierrors; 1544 } 1545 break; 1546 1547 case TERM_REQ: 1548 switch (sp->state[cp->protoidx]) { 1549 case STATE_ACK_RCVD: 1550 case STATE_ACK_SENT: 1551 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1552 /* fall through */ 1553 case STATE_CLOSED: 1554 case STATE_STOPPED: 1555 case STATE_CLOSING: 1556 case STATE_STOPPING: 1557 case STATE_REQ_SENT: 1558 sta: 1559 /* Send Terminate-Ack packet. */ 1560 if (debug) 1561 log(LOG_DEBUG, "%s: %s send terminate-ack\n", 1562 ifp->if_xname, cp->name); 1563 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1564 break; 1565 case STATE_OPENED: 1566 (cp->tld)(sp); 1567 sp->rst_counter[cp->protoidx] = 0; 1568 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1569 goto sta; 1570 default: 1571 printf("%s: %s illegal %s in state %s\n", 1572 ifp->if_xname, cp->name, 1573 sppp_cp_type_name(h->type), 1574 sppp_state_name(sp->state[cp->protoidx])); 1575 ++ifp->if_ierrors; 1576 } 1577 break; 1578 case TERM_ACK: 1579 switch (sp->state[cp->protoidx]) { 1580 case STATE_CLOSED: 1581 case STATE_STOPPED: 1582 case STATE_REQ_SENT: 1583 case STATE_ACK_SENT: 1584 break; 1585 case STATE_CLOSING: 1586 (cp->tlf)(sp); 1587 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1588 sppp_lcp_check_and_close(sp); 1589 break; 1590 case STATE_STOPPING: 1591 (cp->tlf)(sp); 1592 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1593 sppp_lcp_check_and_close(sp); 1594 break; 1595 case STATE_ACK_RCVD: 1596 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1597 break; 1598 case STATE_OPENED: 1599 (cp->tld)(sp); 1600 (cp->scr)(sp); 1601 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1602 break; 1603 default: 1604 printf("%s: %s illegal %s in state %s\n", 1605 ifp->if_xname, cp->name, 1606 sppp_cp_type_name(h->type), 1607 sppp_state_name(sp->state[cp->protoidx])); 1608 ++ifp->if_ierrors; 1609 } 1610 break; 1611 case CODE_REJ: 1612 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1613 log(LOG_INFO, 1614 "%s: %s: ignoring RXJ (%s) for code ?, " 1615 "danger will robinson\n", 1616 ifp->if_xname, cp->name, 1617 sppp_cp_type_name(h->type)); 1618 switch (sp->state[cp->protoidx]) { 1619 case STATE_CLOSED: 1620 case STATE_STOPPED: 1621 case STATE_REQ_SENT: 1622 case STATE_ACK_SENT: 1623 case STATE_CLOSING: 1624 case STATE_STOPPING: 1625 case STATE_OPENED: 1626 break; 1627 case STATE_ACK_RCVD: 1628 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1629 break; 1630 default: 1631 printf("%s: %s illegal %s in state %s\n", 1632 ifp->if_xname, cp->name, 1633 sppp_cp_type_name(h->type), 1634 sppp_state_name(sp->state[cp->protoidx])); 1635 ++ifp->if_ierrors; 1636 } 1637 break; 1638 case PROTO_REJ: 1639 { 1640 int catastrophic; 1641 const struct cp *upper; 1642 int i; 1643 u_int16_t proto; 1644 1645 catastrophic = 0; 1646 upper = NULL; 1647 proto = p[0] << 8 | p[1]; 1648 for (i = 0; i < IDX_COUNT; i++) { 1649 if (cps[i]->proto == proto) { 1650 upper = cps[i]; 1651 break; 1652 } 1653 } 1654 if (upper == NULL) 1655 catastrophic++; 1656 1657 if (debug) 1658 log(LOG_INFO, 1659 "%s: %s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1660 ifp->if_xname, cp->name, catastrophic ? '-' : '+', 1661 sppp_cp_type_name(h->type), proto, 1662 upper ? upper->name : "unknown", 1663 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1664 1665 /* 1666 * if we got RXJ+ against conf-req, the peer does not implement 1667 * this particular protocol type. terminate the protocol. 1668 */ 1669 if (upper && !catastrophic) { 1670 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1671 upper->Close(sp); 1672 break; 1673 } 1674 } 1675 1676 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1677 switch (sp->state[cp->protoidx]) { 1678 case STATE_CLOSED: 1679 case STATE_STOPPED: 1680 case STATE_REQ_SENT: 1681 case STATE_ACK_SENT: 1682 case STATE_CLOSING: 1683 case STATE_STOPPING: 1684 case STATE_OPENED: 1685 break; 1686 case STATE_ACK_RCVD: 1687 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1688 break; 1689 default: 1690 printf("%s: %s illegal %s in state %s\n", 1691 ifp->if_xname, cp->name, 1692 sppp_cp_type_name(h->type), 1693 sppp_state_name(sp->state[cp->protoidx])); 1694 ++ifp->if_ierrors; 1695 } 1696 break; 1697 } 1698 case DISC_REQ: 1699 if (cp->proto != PPP_LCP) 1700 goto illegal; 1701 /* Discard the packet. */ 1702 break; 1703 case ECHO_REQ: 1704 if (cp->proto != PPP_LCP) 1705 goto illegal; 1706 if (sp->state[cp->protoidx] != STATE_OPENED) { 1707 if (debug) 1708 addlog("%s: lcp echo req but lcp closed\n", 1709 ifp->if_xname); 1710 ++ifp->if_ierrors; 1711 break; 1712 } 1713 if (len < 8) { 1714 if (debug) 1715 addlog("%s: invalid lcp echo request " 1716 "packet length: %d bytes\n", 1717 ifp->if_xname, len); 1718 break; 1719 } 1720 memcpy(&u32, h + 1, sizeof u32); 1721 if (ntohl(u32) == sp->lcp.magic) { 1722 /* Line loopback mode detected. */ 1723 printf("%s: loopback\n", ifp->if_xname); 1724 if_down(ifp); 1725 IF_PURGE(&sp->pp_cpq); 1726 1727 /* Shut down the PPP link. */ 1728 /* XXX */ 1729 lcp.Down(sp); 1730 lcp.Up(sp); 1731 break; 1732 } 1733 u32 = htonl(sp->lcp.magic); 1734 memcpy(h + 1, &u32, sizeof u32); 1735 if (debug) 1736 addlog("%s: got lcp echo req, sending echo rep\n", 1737 ifp->if_xname); 1738 sppp_cp_send(sp, PPP_LCP, ECHO_REPLY, h->ident, len - 4, 1739 h + 1); 1740 break; 1741 case ECHO_REPLY: 1742 if (cp->proto != PPP_LCP) 1743 goto illegal; 1744 if (h->ident != sp->lcp.echoid) { 1745 ++ifp->if_ierrors; 1746 break; 1747 } 1748 if (len < 8) { 1749 if (debug) 1750 addlog("%s: lcp invalid echo reply " 1751 "packet length: %d bytes\n", 1752 ifp->if_xname, len); 1753 break; 1754 } 1755 if (debug) 1756 addlog("%s: lcp got echo rep\n", 1757 ifp->if_xname); 1758 memcpy(&u32, h + 1, sizeof u32); 1759 if (ntohl(u32) != sp->lcp.magic) 1760 sp->pp_alivecnt = 0; 1761 break; 1762 default: 1763 /* Unknown packet type -- send Code-Reject packet. */ 1764 illegal: 1765 if (debug) 1766 addlog("%s: %s send code-rej for 0x%x\n", 1767 ifp->if_xname, cp->name, h->type); 1768 sppp_cp_send(sp, cp->proto, CODE_REJ, 1769 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1770 ++ifp->if_ierrors; 1771 } 1772 } 1773 1774 1775 /* 1776 * The generic part of all Up/Down/Open/Close/TO event handlers. 1777 * Basically, the state transition handling in the automaton. 1778 */ 1779 static void 1780 sppp_up_event(const struct cp *cp, struct sppp *sp) 1781 { 1782 STDDCL; 1783 1784 if (debug) 1785 log(LOG_DEBUG, "%s: %s up(%s)\n", 1786 ifp->if_xname, cp->name, 1787 sppp_state_name(sp->state[cp->protoidx])); 1788 1789 switch (sp->state[cp->protoidx]) { 1790 case STATE_INITIAL: 1791 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1792 break; 1793 case STATE_STARTING: 1794 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1795 (cp->scr)(sp); 1796 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1797 break; 1798 default: 1799 printf("%s: %s illegal up in state %s\n", 1800 ifp->if_xname, cp->name, 1801 sppp_state_name(sp->state[cp->protoidx])); 1802 } 1803 } 1804 1805 static void 1806 sppp_down_event(const struct cp *cp, struct sppp *sp) 1807 { 1808 STDDCL; 1809 1810 if (debug) 1811 log(LOG_DEBUG, "%s: %s down(%s)\n", 1812 ifp->if_xname, cp->name, 1813 sppp_state_name(sp->state[cp->protoidx])); 1814 1815 switch (sp->state[cp->protoidx]) { 1816 case STATE_CLOSED: 1817 case STATE_CLOSING: 1818 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1819 break; 1820 case STATE_STOPPED: 1821 (cp->tls)(sp); 1822 /* fall through */ 1823 case STATE_STOPPING: 1824 case STATE_REQ_SENT: 1825 case STATE_ACK_RCVD: 1826 case STATE_ACK_SENT: 1827 sppp_cp_change_state(cp, sp, STATE_STARTING); 1828 break; 1829 case STATE_OPENED: 1830 (cp->tld)(sp); 1831 sppp_cp_change_state(cp, sp, STATE_STARTING); 1832 break; 1833 default: 1834 printf("%s: %s illegal down in state %s\n", 1835 ifp->if_xname, cp->name, 1836 sppp_state_name(sp->state[cp->protoidx])); 1837 } 1838 } 1839 1840 1841 static void 1842 sppp_open_event(const struct cp *cp, struct sppp *sp) 1843 { 1844 STDDCL; 1845 1846 if (debug) 1847 log(LOG_DEBUG, "%s: %s open(%s)\n", 1848 ifp->if_xname, cp->name, 1849 sppp_state_name(sp->state[cp->protoidx])); 1850 1851 switch (sp->state[cp->protoidx]) { 1852 case STATE_INITIAL: 1853 (cp->tls)(sp); 1854 sppp_cp_change_state(cp, sp, STATE_STARTING); 1855 break; 1856 case STATE_STARTING: 1857 break; 1858 case STATE_CLOSED: 1859 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1860 (cp->scr)(sp); 1861 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1862 break; 1863 case STATE_STOPPED: 1864 case STATE_STOPPING: 1865 case STATE_REQ_SENT: 1866 case STATE_ACK_RCVD: 1867 case STATE_ACK_SENT: 1868 case STATE_OPENED: 1869 break; 1870 case STATE_CLOSING: 1871 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1872 break; 1873 } 1874 } 1875 1876 1877 static void 1878 sppp_close_event(const struct cp *cp, struct sppp *sp) 1879 { 1880 STDDCL; 1881 1882 if (debug) 1883 log(LOG_DEBUG, "%s: %s close(%s)\n", 1884 ifp->if_xname, cp->name, 1885 sppp_state_name(sp->state[cp->protoidx])); 1886 1887 switch (sp->state[cp->protoidx]) { 1888 case STATE_INITIAL: 1889 case STATE_CLOSED: 1890 case STATE_CLOSING: 1891 break; 1892 case STATE_STARTING: 1893 (cp->tlf)(sp); 1894 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1895 break; 1896 case STATE_STOPPED: 1897 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1898 break; 1899 case STATE_STOPPING: 1900 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1901 break; 1902 case STATE_OPENED: 1903 (cp->tld)(sp); 1904 /* fall through */ 1905 case STATE_REQ_SENT: 1906 case STATE_ACK_RCVD: 1907 case STATE_ACK_SENT: 1908 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1909 sppp_cp_send(sp, cp->proto, TERM_REQ, 1910 ++sp->pp_seq[cp->protoidx], 0, 0); 1911 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1912 break; 1913 } 1914 } 1915 1916 static void 1917 sppp_to_event(const struct cp *cp, struct sppp *sp) 1918 { 1919 STDDCL; 1920 int s; 1921 1922 s = splnet(); 1923 if (debug) 1924 log(LOG_DEBUG, "%s: %s TO(%s) rst_counter = %d\n", 1925 ifp->if_xname, cp->name, 1926 sppp_state_name(sp->state[cp->protoidx]), 1927 sp->rst_counter[cp->protoidx]); 1928 1929 if (--sp->rst_counter[cp->protoidx] < 0) 1930 /* TO- event */ 1931 switch (sp->state[cp->protoidx]) { 1932 case STATE_CLOSING: 1933 (cp->tlf)(sp); 1934 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1935 sppp_lcp_check_and_close(sp); 1936 break; 1937 case STATE_STOPPING: 1938 (cp->tlf)(sp); 1939 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1940 sppp_lcp_check_and_close(sp); 1941 break; 1942 case STATE_REQ_SENT: 1943 case STATE_ACK_RCVD: 1944 case STATE_ACK_SENT: 1945 (cp->tlf)(sp); 1946 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1947 sppp_lcp_check_and_close(sp); 1948 break; 1949 } 1950 else 1951 /* TO+ event */ 1952 switch (sp->state[cp->protoidx]) { 1953 case STATE_CLOSING: 1954 case STATE_STOPPING: 1955 sppp_cp_send(sp, cp->proto, TERM_REQ, 1956 ++sp->pp_seq[cp->protoidx], 0, 0); 1957 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1958 cp->TO, sp); 1959 break; 1960 case STATE_REQ_SENT: 1961 case STATE_ACK_RCVD: 1962 (cp->scr)(sp); 1963 /* sppp_cp_change_state() will restart the timer */ 1964 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1965 break; 1966 case STATE_ACK_SENT: 1967 (cp->scr)(sp); 1968 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1969 cp->TO, sp); 1970 break; 1971 } 1972 1973 splx(s); 1974 } 1975 1976 /* 1977 * Change the state of a control protocol in the state automaton. 1978 * Takes care of starting/stopping the restart timer. 1979 */ 1980 void 1981 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1982 { 1983 sp->state[cp->protoidx] = newstate; 1984 callout_stop(&sp->ch[cp->protoidx]); 1985 switch (newstate) { 1986 case STATE_INITIAL: 1987 case STATE_STARTING: 1988 case STATE_CLOSED: 1989 case STATE_STOPPED: 1990 case STATE_OPENED: 1991 break; 1992 case STATE_CLOSING: 1993 case STATE_STOPPING: 1994 case STATE_REQ_SENT: 1995 case STATE_ACK_RCVD: 1996 case STATE_ACK_SENT: 1997 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1998 cp->TO, sp); 1999 break; 2000 } 2001 } 2002 2003 /* 2004 *--------------------------------------------------------------------------* 2005 * * 2006 * The LCP implementation. * 2007 * * 2008 *--------------------------------------------------------------------------* 2009 */ 2010 static void 2011 sppp_lcp_init(struct sppp *sp) 2012 { 2013 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2014 sp->lcp.magic = 0; 2015 sp->state[IDX_LCP] = STATE_INITIAL; 2016 sp->fail_counter[IDX_LCP] = 0; 2017 sp->pp_seq[IDX_LCP] = 0; 2018 sp->pp_rseq[IDX_LCP] = 0; 2019 sp->lcp.protos = 0; 2020 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2021 2022 /* 2023 * Initialize counters and timeout values. Note that we don't 2024 * use the 3 seconds suggested in RFC 1661 since we are likely 2025 * running on a fast link. XXX We should probably implement 2026 * the exponential backoff option. Note that these values are 2027 * relevant for all control protocols, not just LCP only. 2028 */ 2029 sp->lcp.timeout = 1 * hz; 2030 sp->lcp.max_terminate = 2; 2031 sp->lcp.max_configure = 10; 2032 sp->lcp.max_failure = 10; 2033 callout_init(&sp->ch[IDX_LCP]); 2034 } 2035 2036 static void 2037 sppp_lcp_up(struct sppp *sp) 2038 { 2039 STDDCL; 2040 2041 /* Initialize activity timestamp: opening a connection is an activity */ 2042 sp->pp_last_receive = sp->pp_last_activity = mono_time.tv_sec; 2043 2044 /* 2045 * If this interface is passive or dial-on-demand, and we are 2046 * still in Initial state, it means we've got an incoming 2047 * call. Activate the interface. 2048 */ 2049 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2050 if (debug) 2051 log(LOG_DEBUG, 2052 "%s: Up event", ifp->if_xname); 2053 ifp->if_flags |= IFF_RUNNING; 2054 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2055 if (debug) 2056 addlog("(incoming call)\n"); 2057 sp->pp_flags |= PP_CALLIN; 2058 lcp.Open(sp); 2059 } else if (debug) 2060 addlog("\n"); 2061 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2062 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2063 ifp->if_flags |= IFF_RUNNING; 2064 lcp.Open(sp); 2065 } 2066 2067 sppp_up_event(&lcp, sp); 2068 } 2069 2070 static void 2071 sppp_lcp_down(struct sppp *sp) 2072 { 2073 STDDCL; 2074 2075 sppp_down_event(&lcp, sp); 2076 2077 /* 2078 * If this is neither a dial-on-demand nor a passive 2079 * interface, simulate an ``ifconfig down'' action, so the 2080 * administrator can force a redial by another ``ifconfig 2081 * up''. XXX For leased line operation, should we immediately 2082 * try to reopen the connection here? 2083 */ 2084 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2085 if (debug) 2086 log(LOG_INFO, 2087 "%s: Down event (carrier loss), taking interface down.\n", 2088 ifp->if_xname); 2089 if_down(ifp); 2090 } else { 2091 if (debug) 2092 log(LOG_DEBUG, 2093 "%s: Down event (carrier loss)\n", 2094 ifp->if_xname); 2095 } 2096 sp->pp_flags &= ~PP_CALLIN; 2097 if (sp->state[IDX_LCP] != STATE_INITIAL) 2098 lcp.Close(sp); 2099 ifp->if_flags &= ~IFF_RUNNING; 2100 } 2101 2102 static void 2103 sppp_lcp_open(struct sppp *sp) 2104 { 2105 /* 2106 * If we are authenticator, negotiate LCP_AUTH 2107 */ 2108 if (sp->hisauth.proto != 0) 2109 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2110 else 2111 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2112 sp->pp_flags &= ~PP_NEEDAUTH; 2113 sppp_open_event(&lcp, sp); 2114 } 2115 2116 static void 2117 sppp_lcp_close(struct sppp *sp) 2118 { 2119 sppp_close_event(&lcp, sp); 2120 } 2121 2122 static void 2123 sppp_lcp_TO(void *cookie) 2124 { 2125 sppp_to_event(&lcp, (struct sppp *)cookie); 2126 } 2127 2128 /* 2129 * Analyze a configure request. Return true if it was agreeable, and 2130 * caused action sca, false if it has been rejected or nak'ed, and 2131 * caused action scn. (The return value is used to make the state 2132 * transition decision in the state automaton.) 2133 */ 2134 static int 2135 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2136 { 2137 STDDCL; 2138 u_char *buf, *r, *p; 2139 int origlen, rlen; 2140 u_int32_t nmagic; 2141 u_short authproto; 2142 2143 len -= 4; 2144 origlen = len; 2145 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2146 if (! buf) 2147 return (0); 2148 2149 if (debug) 2150 log(LOG_DEBUG, "%s: lcp parse opts:", 2151 ifp->if_xname); 2152 2153 /* pass 1: check for things that need to be rejected */ 2154 p = (void *)(h + 1); 2155 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2156 if (debug) 2157 addlog(" %s", sppp_lcp_opt_name(*p)); 2158 switch (*p) { 2159 case LCP_OPT_MAGIC: 2160 /* Magic number. */ 2161 /* fall through, both are same length */ 2162 case LCP_OPT_ASYNC_MAP: 2163 /* Async control character map. */ 2164 if (len >= 6 || p[1] == 6) 2165 continue; 2166 if (debug) 2167 addlog(" [invalid]"); 2168 break; 2169 case LCP_OPT_MRU: 2170 /* Maximum receive unit. */ 2171 if (len >= 4 && p[1] == 4) 2172 continue; 2173 if (debug) 2174 addlog(" [invalid]"); 2175 break; 2176 case LCP_OPT_AUTH_PROTO: 2177 if (len < 4) { 2178 if (debug) 2179 addlog(" [invalid]"); 2180 break; 2181 } 2182 authproto = (p[2] << 8) + p[3]; 2183 if (authproto == PPP_CHAP && p[1] != 5) { 2184 if (debug) 2185 addlog(" [invalid chap len]"); 2186 break; 2187 } 2188 if (sp->myauth.proto == 0) { 2189 /* we are not configured to do auth */ 2190 if (debug) 2191 addlog(" [not configured]"); 2192 break; 2193 } 2194 /* 2195 * Remote want us to authenticate, remember this, 2196 * so we stay in SPPP_PHASE_AUTHENTICATE after LCP got 2197 * up. 2198 */ 2199 sp->pp_flags |= PP_NEEDAUTH; 2200 continue; 2201 default: 2202 /* Others not supported. */ 2203 if (debug) 2204 addlog(" [rej]"); 2205 break; 2206 } 2207 /* Add the option to rejected list. */ 2208 bcopy (p, r, p[1]); 2209 r += p[1]; 2210 rlen += p[1]; 2211 } 2212 if (rlen) { 2213 if (debug) 2214 addlog(" send conf-rej\n"); 2215 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2216 goto end; 2217 } else if (debug) 2218 addlog("\n"); 2219 2220 /* 2221 * pass 2: check for option values that are unacceptable and 2222 * thus require to be nak'ed. 2223 */ 2224 if (debug) 2225 log(LOG_DEBUG, "%s: lcp parse opt values: ", 2226 ifp->if_xname); 2227 2228 p = (void *)(h + 1); 2229 len = origlen; 2230 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2231 if (debug) 2232 addlog(" %s", sppp_lcp_opt_name(*p)); 2233 switch (*p) { 2234 case LCP_OPT_MAGIC: 2235 /* Magic number -- extract. */ 2236 nmagic = (u_int32_t)p[2] << 24 | 2237 (u_int32_t)p[3] << 16 | p[4] << 8 | p[5]; 2238 if (nmagic != sp->lcp.magic) { 2239 if (debug) 2240 addlog(" 0x%x", nmagic); 2241 continue; 2242 } 2243 /* 2244 * Local and remote magics equal -- loopback? 2245 */ 2246 if (sp->pp_loopcnt >= LOOPALIVECNT*5) { 2247 printf ("%s: loopback\n", 2248 ifp->if_xname); 2249 sp->pp_loopcnt = 0; 2250 if (ifp->if_flags & IFF_UP) { 2251 if_down(ifp); 2252 IF_PURGE(&sp->pp_cpq); 2253 /* XXX ? */ 2254 lcp.Down(sp); 2255 lcp.Up(sp); 2256 } 2257 } else if (debug) 2258 addlog(" [glitch]"); 2259 ++sp->pp_loopcnt; 2260 /* 2261 * We negate our magic here, and NAK it. If 2262 * we see it later in an NAK packet, we 2263 * suggest a new one. 2264 */ 2265 nmagic = ~sp->lcp.magic; 2266 /* Gonna NAK it. */ 2267 p[2] = nmagic >> 24; 2268 p[3] = nmagic >> 16; 2269 p[4] = nmagic >> 8; 2270 p[5] = nmagic; 2271 break; 2272 2273 case LCP_OPT_ASYNC_MAP: 2274 /* 2275 * Async control character map -- just ignore it. 2276 * 2277 * Quote from RFC 1662, chapter 6: 2278 * To enable this functionality, synchronous PPP 2279 * implementations MUST always respond to the 2280 * Async-Control-Character-Map Configuration 2281 * Option with the LCP Configure-Ack. However, 2282 * acceptance of the Configuration Option does 2283 * not imply that the synchronous implementation 2284 * will do any ACCM mapping. Instead, all such 2285 * octet mapping will be performed by the 2286 * asynchronous-to-synchronous converter. 2287 */ 2288 continue; 2289 2290 case LCP_OPT_MRU: 2291 /* 2292 * Maximum receive unit. Always agreeable, 2293 * but ignored by now. 2294 */ 2295 sp->lcp.their_mru = p[2] * 256 + p[3]; 2296 if (debug) 2297 addlog(" %ld", sp->lcp.their_mru); 2298 continue; 2299 2300 case LCP_OPT_AUTH_PROTO: 2301 authproto = (p[2] << 8) + p[3]; 2302 if (sp->myauth.proto != authproto) { 2303 /* not agreed, nak */ 2304 if (debug) 2305 addlog(" [mine %s != his %s]", 2306 sppp_proto_name(sp->myauth.proto), 2307 sppp_proto_name(authproto)); 2308 p[2] = sp->myauth.proto >> 8; 2309 p[3] = sp->myauth.proto; 2310 break; 2311 } 2312 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2313 if (debug) 2314 addlog(" [chap not MD5]"); 2315 p[4] = CHAP_MD5; 2316 break; 2317 } 2318 continue; 2319 } 2320 /* Add the option to nak'ed list. */ 2321 bcopy (p, r, p[1]); 2322 r += p[1]; 2323 rlen += p[1]; 2324 } 2325 if (rlen) { 2326 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2327 if (debug) 2328 addlog(" max_failure (%d) exceeded, " 2329 "send conf-rej\n", 2330 sp->lcp.max_failure); 2331 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2332 } else { 2333 if (debug) 2334 addlog(" send conf-nak\n"); 2335 sppp_cp_send(sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2336 } 2337 goto end; 2338 } else { 2339 if (debug) 2340 addlog(" send conf-ack\n"); 2341 sp->fail_counter[IDX_LCP] = 0; 2342 sp->pp_loopcnt = 0; 2343 sppp_cp_send(sp, PPP_LCP, CONF_ACK, h->ident, origlen, h + 1); 2344 } 2345 2346 end: 2347 free(buf, M_TEMP); 2348 return (rlen == 0); 2349 } 2350 2351 /* 2352 * Analyze the LCP Configure-Reject option list, and adjust our 2353 * negotiation. 2354 */ 2355 static void 2356 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2357 { 2358 STDDCL; 2359 u_char *buf, *p; 2360 2361 len -= 4; 2362 buf = malloc (len, M_TEMP, M_NOWAIT); 2363 if (!buf) 2364 return; 2365 2366 if (debug) 2367 log(LOG_DEBUG, "%s: lcp rej opts:", 2368 ifp->if_xname); 2369 2370 p = (void *)(h + 1); 2371 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2372 if (debug) 2373 addlog(" %s", sppp_lcp_opt_name(*p)); 2374 switch (*p) { 2375 case LCP_OPT_MAGIC: 2376 /* Magic number -- can't use it, use 0 */ 2377 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2378 sp->lcp.magic = 0; 2379 break; 2380 case LCP_OPT_MRU: 2381 /* 2382 * Should not be rejected anyway, since we only 2383 * negotiate a MRU if explicitly requested by 2384 * peer. 2385 */ 2386 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2387 break; 2388 case LCP_OPT_AUTH_PROTO: 2389 /* 2390 * Peer doesn't want to authenticate himself, 2391 * deny unless this is a dialout call, and 2392 * SPPP_AUTHFLAG_NOCALLOUT is set. 2393 */ 2394 if ((sp->pp_flags & PP_CALLIN) == 0 && 2395 (sp->hisauth.flags & SPPP_AUTHFLAG_NOCALLOUT) != 0) { 2396 if (debug) 2397 addlog(" [don't insist on auth " 2398 "for callout]"); 2399 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2400 break; 2401 } 2402 if (debug) 2403 addlog("[access denied]\n"); 2404 lcp.Close(sp); 2405 break; 2406 } 2407 } 2408 if (debug) 2409 addlog("\n"); 2410 free(buf, M_TEMP); 2411 return; 2412 } 2413 2414 /* 2415 * Analyze the LCP Configure-NAK option list, and adjust our 2416 * negotiation. 2417 */ 2418 static void 2419 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2420 { 2421 STDDCL; 2422 u_char *buf, *p; 2423 u_int32_t magic; 2424 2425 len -= 4; 2426 buf = malloc (len, M_TEMP, M_NOWAIT); 2427 if (!buf) 2428 return; 2429 2430 if (debug) 2431 log(LOG_DEBUG, "%s: lcp nak opts:", 2432 ifp->if_xname); 2433 2434 p = (void *)(h + 1); 2435 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2436 if (debug) 2437 addlog(" %s", sppp_lcp_opt_name(*p)); 2438 switch (*p) { 2439 case LCP_OPT_MAGIC: 2440 /* Magic number -- renegotiate */ 2441 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2442 len >= 6 && p[1] == 6) { 2443 magic = (u_int32_t)p[2] << 24 | 2444 (u_int32_t)p[3] << 16 | p[4] << 8 | p[5]; 2445 /* 2446 * If the remote magic is our negated one, 2447 * this looks like a loopback problem. 2448 * Suggest a new magic to make sure. 2449 */ 2450 if (magic == ~sp->lcp.magic) { 2451 if (debug) 2452 addlog(" magic glitch"); 2453 sp->lcp.magic = arc4random(); 2454 } else { 2455 sp->lcp.magic = magic; 2456 if (debug) 2457 addlog(" %d", magic); 2458 } 2459 } 2460 break; 2461 case LCP_OPT_MRU: 2462 /* 2463 * Peer wants to advise us to negotiate an MRU. 2464 * Agree on it if it's reasonable, or use 2465 * default otherwise. 2466 */ 2467 if (len >= 4 && p[1] == 4) { 2468 u_int mru = p[2] * 256 + p[3]; 2469 if (debug) 2470 addlog(" %d", mru); 2471 if (mru < PP_MTU || mru > PP_MAX_MRU) 2472 mru = PP_MTU; 2473 sp->lcp.mru = mru; 2474 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2475 } 2476 break; 2477 case LCP_OPT_AUTH_PROTO: 2478 /* 2479 * Peer doesn't like our authentication method, 2480 * deny. 2481 */ 2482 if (debug) 2483 addlog("[access denied]\n"); 2484 lcp.Close(sp); 2485 break; 2486 } 2487 } 2488 if (debug) 2489 addlog("\n"); 2490 free(buf, M_TEMP); 2491 return; 2492 } 2493 2494 static void 2495 sppp_lcp_tlu(struct sppp *sp) 2496 { 2497 STDDCL; 2498 int i; 2499 u_int32_t mask; 2500 2501 /* XXX ? */ 2502 if (! (ifp->if_flags & IFF_UP) && 2503 (ifp->if_flags & IFF_RUNNING)) { 2504 /* Coming out of loopback mode. */ 2505 if_up(ifp); 2506 } 2507 2508 for (i = 0; i < IDX_COUNT; i++) 2509 if ((cps[i])->flags & CP_QUAL) 2510 (cps[i])->Open(sp); 2511 2512 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2513 (sp->pp_flags & PP_NEEDAUTH) != 0) 2514 sp->pp_phase = SPPP_PHASE_AUTHENTICATE; 2515 else 2516 sp->pp_phase = SPPP_PHASE_NETWORK; 2517 2518 if (debug) 2519 { 2520 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 2521 sppp_phase_name(sp->pp_phase)); 2522 } 2523 2524 /* 2525 * Open all authentication protocols. This is even required 2526 * if we already proceeded to network phase, since it might be 2527 * that remote wants us to authenticate, so we might have to 2528 * send a PAP request. Undesired authentication protocols 2529 * don't do anything when they get an Open event. 2530 */ 2531 for (i = 0; i < IDX_COUNT; i++) 2532 if ((cps[i])->flags & CP_AUTH) 2533 (cps[i])->Open(sp); 2534 2535 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 2536 /* Notify all NCPs. */ 2537 for (i = 0; i < IDX_COUNT; i++) 2538 if ((cps[i])->flags & CP_NCP) 2539 (cps[i])->Open(sp); 2540 } 2541 2542 /* Send Up events to all started protos. */ 2543 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2544 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2545 (cps[i])->Up(sp); 2546 2547 /* notify low-level driver of state change */ 2548 if (sp->pp_chg) 2549 sp->pp_chg(sp, (int)sp->pp_phase); 2550 2551 if (sp->pp_phase == SPPP_PHASE_NETWORK) 2552 /* if no NCP is starting, close down */ 2553 sppp_lcp_check_and_close(sp); 2554 } 2555 2556 static void 2557 sppp_lcp_tld(struct sppp *sp) 2558 { 2559 STDDCL; 2560 int i; 2561 u_int32_t mask; 2562 2563 sp->pp_phase = SPPP_PHASE_TERMINATE; 2564 2565 if (debug) 2566 { 2567 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 2568 sppp_phase_name(sp->pp_phase)); 2569 } 2570 2571 /* 2572 * Take upper layers down. We send the Down event first and 2573 * the Close second to prevent the upper layers from sending 2574 * ``a flurry of terminate-request packets'', as the RFC 2575 * describes it. 2576 */ 2577 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2578 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2579 (cps[i])->Down(sp); 2580 (cps[i])->Close(sp); 2581 } 2582 } 2583 2584 static void 2585 sppp_lcp_tls(struct sppp *sp) 2586 { 2587 STDDCL; 2588 2589 if (sp->pp_max_auth_fail != 0 && sp->pp_auth_failures >= sp->pp_max_auth_fail) { 2590 printf("%s: authentication failed %d times, not retrying again\n", 2591 sp->pp_if.if_xname, sp->pp_auth_failures); 2592 if_down(&sp->pp_if); 2593 return; 2594 } 2595 2596 sp->pp_phase = SPPP_PHASE_ESTABLISH; 2597 2598 if (debug) 2599 { 2600 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 2601 sppp_phase_name(sp->pp_phase)); 2602 } 2603 2604 /* Notify lower layer if desired. */ 2605 if (sp->pp_tls) 2606 (sp->pp_tls)(sp); 2607 } 2608 2609 static void 2610 sppp_lcp_tlf(struct sppp *sp) 2611 { 2612 STDDCL; 2613 2614 sp->pp_phase = SPPP_PHASE_DEAD; 2615 2616 if (debug) 2617 { 2618 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 2619 sppp_phase_name(sp->pp_phase)); 2620 } 2621 2622 /* Notify lower layer if desired. */ 2623 if (sp->pp_tlf) 2624 (sp->pp_tlf)(sp); 2625 } 2626 2627 static void 2628 sppp_lcp_scr(struct sppp *sp) 2629 { 2630 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2631 int i = 0; 2632 u_short authproto; 2633 2634 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2635 if (! sp->lcp.magic) 2636 sp->lcp.magic = arc4random(); 2637 opt[i++] = LCP_OPT_MAGIC; 2638 opt[i++] = 6; 2639 opt[i++] = sp->lcp.magic >> 24; 2640 opt[i++] = sp->lcp.magic >> 16; 2641 opt[i++] = sp->lcp.magic >> 8; 2642 opt[i++] = sp->lcp.magic; 2643 } 2644 2645 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2646 opt[i++] = LCP_OPT_MRU; 2647 opt[i++] = 4; 2648 opt[i++] = sp->lcp.mru >> 8; 2649 opt[i++] = sp->lcp.mru; 2650 } 2651 2652 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2653 authproto = sp->hisauth.proto; 2654 opt[i++] = LCP_OPT_AUTH_PROTO; 2655 opt[i++] = authproto == PPP_CHAP? 5: 4; 2656 opt[i++] = authproto >> 8; 2657 opt[i++] = authproto; 2658 if (authproto == PPP_CHAP) 2659 opt[i++] = CHAP_MD5; 2660 } 2661 2662 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2663 sppp_cp_send(sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2664 } 2665 2666 /* 2667 * Check the open NCPs, return true if at least one NCP is open. 2668 */ 2669 static int 2670 sppp_ncp_check(struct sppp *sp) 2671 { 2672 int i, mask; 2673 2674 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2675 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2676 return 1; 2677 return 0; 2678 } 2679 2680 /* 2681 * Re-check the open NCPs and see if we should terminate the link. 2682 * Called by the NCPs during their tlf action handling. 2683 */ 2684 static void 2685 sppp_lcp_check_and_close(struct sppp *sp) 2686 { 2687 2688 if (sp->pp_phase < SPPP_PHASE_NETWORK) 2689 /* don't bother, we are already going down */ 2690 return; 2691 2692 if (sppp_ncp_check(sp)) 2693 return; 2694 2695 lcp.Close(sp); 2696 } 2697 2698 2699 /* 2700 *--------------------------------------------------------------------------* 2701 * * 2702 * The IPCP implementation. * 2703 * * 2704 *--------------------------------------------------------------------------* 2705 */ 2706 2707 static void 2708 sppp_ipcp_init(struct sppp *sp) 2709 { 2710 sp->ipcp.opts = 0; 2711 sp->ipcp.flags = 0; 2712 sp->state[IDX_IPCP] = STATE_INITIAL; 2713 sp->fail_counter[IDX_IPCP] = 0; 2714 sp->pp_seq[IDX_IPCP] = 0; 2715 sp->pp_rseq[IDX_IPCP] = 0; 2716 callout_init(&sp->ch[IDX_IPCP]); 2717 } 2718 2719 static void 2720 sppp_ipcp_up(struct sppp *sp) 2721 { 2722 sppp_up_event(&ipcp, sp); 2723 } 2724 2725 static void 2726 sppp_ipcp_down(struct sppp *sp) 2727 { 2728 sppp_down_event(&ipcp, sp); 2729 } 2730 2731 static void 2732 sppp_ipcp_open(struct sppp *sp) 2733 { 2734 STDDCL; 2735 u_int32_t myaddr, hisaddr; 2736 2737 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN|IPCP_HISADDR_DYN); 2738 sp->ipcp.req_myaddr = 0; 2739 sp->ipcp.req_hisaddr = 0; 2740 memset(&sp->dns_addrs, 0, sizeof sp->dns_addrs); 2741 2742 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2743 /* 2744 * If we don't have his address, this probably means our 2745 * interface doesn't want to talk IP at all. (This could 2746 * be the case if somebody wants to speak only IPX, for 2747 * example.) Don't open IPCP in this case. 2748 */ 2749 if (hisaddr == 0L) { 2750 /* XXX this message should go away */ 2751 if (debug) 2752 log(LOG_DEBUG, "%s: ipcp_open(): no IP interface\n", 2753 ifp->if_xname); 2754 return; 2755 } 2756 2757 if (myaddr == 0) { 2758 /* 2759 * I don't have an assigned address, so i need to 2760 * negotiate my address. 2761 */ 2762 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2763 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2764 } 2765 if (hisaddr == 1) { 2766 /* 2767 * XXX - remove this hack! 2768 * remote has no valid address, we need to get one assigned. 2769 */ 2770 sp->ipcp.flags |= IPCP_HISADDR_DYN; 2771 } 2772 sppp_open_event(&ipcp, sp); 2773 } 2774 2775 static void 2776 sppp_ipcp_close(struct sppp *sp) 2777 { 2778 STDDCL; 2779 2780 sppp_close_event(&ipcp, sp); 2781 if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN)) 2782 /* 2783 * Some address was dynamic, clear it again. 2784 */ 2785 sppp_clear_ip_addrs(sp); 2786 2787 if (sp->pp_saved_mtu > 0) { 2788 ifp->if_mtu = sp->pp_saved_mtu; 2789 sp->pp_saved_mtu = 0; 2790 if (debug) 2791 log(LOG_DEBUG, 2792 "%s: resetting MTU to %" PRIu64 " bytes\n", 2793 ifp->if_xname, ifp->if_mtu); 2794 } 2795 } 2796 2797 static void 2798 sppp_ipcp_TO(void *cookie) 2799 { 2800 sppp_to_event(&ipcp, (struct sppp *)cookie); 2801 } 2802 2803 /* 2804 * Analyze a configure request. Return true if it was agreeable, and 2805 * caused action sca, false if it has been rejected or nak'ed, and 2806 * caused action scn. (The return value is used to make the state 2807 * transition decision in the state automaton.) 2808 */ 2809 static int 2810 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2811 { 2812 u_char *buf, *r, *p; 2813 struct ifnet *ifp = &sp->pp_if; 2814 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2815 u_int32_t hisaddr, desiredaddr; 2816 2817 len -= 4; 2818 origlen = len; 2819 /* 2820 * Make sure to allocate a buf that can at least hold a 2821 * conf-nak with an `address' option. We might need it below. 2822 */ 2823 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2824 if (! buf) 2825 return (0); 2826 2827 /* pass 1: see if we can recognize them */ 2828 if (debug) 2829 log(LOG_DEBUG, "%s: ipcp parse opts:", 2830 ifp->if_xname); 2831 p = (void *)(h + 1); 2832 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2833 if (debug) 2834 addlog(" %s", sppp_ipcp_opt_name(*p)); 2835 switch (*p) { 2836 #ifdef notyet 2837 case IPCP_OPT_COMPRESSION: 2838 if (len >= 6 && p[1] >= 6) { 2839 /* correctly formed compress option */ 2840 continue; 2841 } 2842 if (debug) 2843 addlog(" [invalid]"); 2844 break; 2845 #endif 2846 case IPCP_OPT_ADDRESS: 2847 if (len >= 6 && p[1] == 6) { 2848 /* correctly formed address option */ 2849 continue; 2850 } 2851 if (debug) 2852 addlog(" [invalid]"); 2853 break; 2854 default: 2855 /* Others not supported. */ 2856 if (debug) 2857 addlog(" [rej]"); 2858 break; 2859 } 2860 /* Add the option to rejected list. */ 2861 bcopy (p, r, p[1]); 2862 r += p[1]; 2863 rlen += p[1]; 2864 } 2865 if (rlen) { 2866 if (debug) 2867 addlog(" send conf-rej\n"); 2868 sppp_cp_send(sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2869 goto end; 2870 } else if (debug) 2871 addlog("\n"); 2872 2873 /* pass 2: parse option values */ 2874 if (sp->ipcp.flags & IPCP_HISADDR_SEEN) 2875 hisaddr = sp->ipcp.req_hisaddr; /* we already aggreed on that */ 2876 else 2877 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */ 2878 if (debug) 2879 log(LOG_DEBUG, "%s: ipcp parse opt values: ", 2880 ifp->if_xname); 2881 p = (void *)(h + 1); 2882 len = origlen; 2883 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2884 if (debug) 2885 addlog(" %s", sppp_ipcp_opt_name(*p)); 2886 switch (*p) { 2887 #ifdef notyet 2888 case IPCP_OPT_COMPRESSION: 2889 continue; 2890 #endif 2891 case IPCP_OPT_ADDRESS: 2892 desiredaddr = p[2] << 24 | p[3] << 16 | 2893 p[4] << 8 | p[5]; 2894 if (desiredaddr == hisaddr || 2895 ((sp->ipcp.flags & IPCP_HISADDR_DYN) && desiredaddr != 0)) { 2896 /* 2897 * Peer's address is same as our value, 2898 * this is agreeable. Gonna conf-ack 2899 * it. 2900 */ 2901 if (debug) 2902 addlog(" %s [ack]", 2903 sppp_dotted_quad(hisaddr)); 2904 /* record that we've seen it already */ 2905 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2906 sp->ipcp.req_hisaddr = desiredaddr; 2907 hisaddr = desiredaddr; 2908 continue; 2909 } 2910 /* 2911 * The address wasn't agreeable. This is either 2912 * he sent us 0.0.0.0, asking to assign him an 2913 * address, or he send us another address not 2914 * matching our value. Either case, we gonna 2915 * conf-nak it with our value. 2916 */ 2917 if (debug) { 2918 if (desiredaddr == 0) 2919 addlog(" [addr requested]"); 2920 else 2921 addlog(" %s [not agreed]", 2922 sppp_dotted_quad(desiredaddr)); 2923 } 2924 2925 p[2] = hisaddr >> 24; 2926 p[3] = hisaddr >> 16; 2927 p[4] = hisaddr >> 8; 2928 p[5] = hisaddr; 2929 break; 2930 } 2931 /* Add the option to nak'ed list. */ 2932 bcopy (p, r, p[1]); 2933 r += p[1]; 2934 rlen += p[1]; 2935 } 2936 2937 /* 2938 * If we are about to conf-ack the request, but haven't seen 2939 * his address so far, gonna conf-nak it instead, with the 2940 * `address' option present and our idea of his address being 2941 * filled in there, to request negotiation of both addresses. 2942 * 2943 * XXX This can result in an endless req - nak loop if peer 2944 * doesn't want to send us his address. Q: What should we do 2945 * about it? XXX A: implement the max-failure counter. 2946 */ 2947 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) { 2948 buf[0] = IPCP_OPT_ADDRESS; 2949 buf[1] = 6; 2950 buf[2] = hisaddr >> 24; 2951 buf[3] = hisaddr >> 16; 2952 buf[4] = hisaddr >> 8; 2953 buf[5] = hisaddr; 2954 rlen = 6; 2955 if (debug) 2956 addlog(" still need hisaddr"); 2957 } 2958 2959 if (rlen) { 2960 if (debug) 2961 addlog(" send conf-nak\n"); 2962 sppp_cp_send(sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2963 } else { 2964 if (debug) 2965 addlog(" send conf-ack\n"); 2966 sppp_cp_send(sp, PPP_IPCP, CONF_ACK, h->ident, origlen, h + 1); 2967 } 2968 2969 end: 2970 free(buf, M_TEMP); 2971 return (rlen == 0); 2972 } 2973 2974 /* 2975 * Analyze the IPCP Configure-Reject option list, and adjust our 2976 * negotiation. 2977 */ 2978 static void 2979 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2980 { 2981 u_char *buf, *p; 2982 struct ifnet *ifp = &sp->pp_if; 2983 int debug = ifp->if_flags & IFF_DEBUG; 2984 2985 len -= 4; 2986 buf = malloc (len, M_TEMP, M_NOWAIT); 2987 if (!buf) 2988 return; 2989 2990 if (debug) 2991 log(LOG_DEBUG, "%s: ipcp rej opts:", 2992 ifp->if_xname); 2993 2994 p = (void *)(h + 1); 2995 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2996 if (debug) 2997 addlog(" %s", sppp_ipcp_opt_name(*p)); 2998 switch (*p) { 2999 case IPCP_OPT_ADDRESS: 3000 /* 3001 * Peer doesn't grok address option. This is 3002 * bad. XXX Should we better give up here? 3003 */ 3004 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3005 break; 3006 #ifdef notyet 3007 case IPCP_OPT_COMPRESS: 3008 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS); 3009 break; 3010 #endif 3011 } 3012 } 3013 if (debug) 3014 addlog("\n"); 3015 free(buf, M_TEMP); 3016 return; 3017 } 3018 3019 /* 3020 * Analyze the IPCP Configure-NAK option list, and adjust our 3021 * negotiation. 3022 */ 3023 static void 3024 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3025 { 3026 u_char *p; 3027 struct ifnet *ifp = &sp->pp_if; 3028 int debug = ifp->if_flags & IFF_DEBUG; 3029 u_int32_t wantaddr; 3030 3031 len -= 4; 3032 3033 if (debug) 3034 log(LOG_DEBUG, "%s: ipcp nak opts:", 3035 ifp->if_xname); 3036 3037 p = (void *)(h + 1); 3038 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3039 if (debug) 3040 addlog(" %s", sppp_ipcp_opt_name(*p)); 3041 switch (*p) { 3042 case IPCP_OPT_ADDRESS: 3043 /* 3044 * Peer doesn't like our local IP address. See 3045 * if we can do something for him. We'll drop 3046 * him our address then. 3047 */ 3048 if (len >= 6 && p[1] == 6) { 3049 wantaddr = p[2] << 24 | p[3] << 16 | 3050 p[4] << 8 | p[5]; 3051 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3052 if (debug) 3053 addlog(" [wantaddr %s]", 3054 sppp_dotted_quad(wantaddr)); 3055 /* 3056 * When doing dynamic address assignment, 3057 * we accept his offer. Otherwise, we 3058 * ignore it and thus continue to negotiate 3059 * our already existing value. 3060 */ 3061 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3062 if (debug) 3063 addlog(" [agree]"); 3064 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3065 sp->ipcp.req_myaddr = wantaddr; 3066 } 3067 } 3068 break; 3069 3070 case IPCP_OPT_PRIMDNS: 3071 if (len >= 6 && p[1] == 6) { 3072 sp->dns_addrs[0] = p[2] << 24 | p[3] << 16 | 3073 p[4] << 8 | p[5]; 3074 } 3075 break; 3076 3077 case IPCP_OPT_SECDNS: 3078 if (len >= 6 && p[1] == 6) { 3079 sp->dns_addrs[1] = p[2] << 24 | p[3] << 16 | 3080 p[4] << 8 | p[5]; 3081 } 3082 break; 3083 #ifdef notyet 3084 case IPCP_OPT_COMPRESS: 3085 /* 3086 * Peer wants different compression parameters. 3087 */ 3088 break; 3089 #endif 3090 } 3091 } 3092 if (debug) 3093 addlog("\n"); 3094 return; 3095 } 3096 3097 static void 3098 sppp_ipcp_tlu(struct sppp *sp) 3099 { 3100 /* we are up. Set addresses and notify anyone interested */ 3101 STDDCL; 3102 u_int32_t myaddr, hisaddr; 3103 3104 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 3105 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && (sp->ipcp.flags & IPCP_MYADDR_SEEN)) 3106 myaddr = sp->ipcp.req_myaddr; 3107 if ((sp->ipcp.flags & IPCP_HISADDR_DYN) && (sp->ipcp.flags & IPCP_HISADDR_SEEN)) 3108 hisaddr = sp->ipcp.req_hisaddr; 3109 sppp_set_ip_addrs(sp, myaddr, hisaddr); 3110 3111 if (ifp->if_mtu > sp->lcp.their_mru) { 3112 sp->pp_saved_mtu = ifp->if_mtu; 3113 ifp->if_mtu = sp->lcp.their_mru; 3114 if (debug) 3115 log(LOG_DEBUG, 3116 "%s: setting MTU to %" PRIu64 " bytes\n", 3117 ifp->if_xname, ifp->if_mtu); 3118 } 3119 3120 if (sp->pp_con) 3121 sp->pp_con(sp); 3122 } 3123 3124 static void 3125 sppp_ipcp_tld(struct sppp *sp) 3126 { 3127 } 3128 3129 static void 3130 sppp_ipcp_tls(struct sppp *sp) 3131 { 3132 /* indicate to LCP that it must stay alive */ 3133 sp->lcp.protos |= (1 << IDX_IPCP); 3134 } 3135 3136 static void 3137 sppp_ipcp_tlf(struct sppp *sp) 3138 { 3139 /* we no longer need LCP */ 3140 sp->lcp.protos &= ~(1 << IDX_IPCP); 3141 } 3142 3143 static void 3144 sppp_ipcp_scr(struct sppp *sp) 3145 { 3146 char opt[6 /* compression */ + 6 /* address */ + 12 /* dns addresses */]; 3147 u_int32_t ouraddr; 3148 int i = 0; 3149 3150 #ifdef notyet 3151 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3152 opt[i++] = IPCP_OPT_COMPRESSION; 3153 opt[i++] = 6; 3154 opt[i++] = 0; /* VJ header compression */ 3155 opt[i++] = 0x2d; /* VJ header compression */ 3156 opt[i++] = max_slot_id; 3157 opt[i++] = comp_slot_id; 3158 } 3159 #endif 3160 3161 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3162 if (sp->ipcp.flags & IPCP_MYADDR_SEEN) 3163 ouraddr = sp->ipcp.req_myaddr; /* not sure if this can ever happen */ 3164 else 3165 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3166 opt[i++] = IPCP_OPT_ADDRESS; 3167 opt[i++] = 6; 3168 opt[i++] = ouraddr >> 24; 3169 opt[i++] = ouraddr >> 16; 3170 opt[i++] = ouraddr >> 8; 3171 opt[i++] = ouraddr; 3172 } 3173 3174 if (sp->query_dns & 1) { 3175 opt[i++] = IPCP_OPT_PRIMDNS; 3176 opt[i++] = 6; 3177 opt[i++] = sp->dns_addrs[0] >> 24; 3178 opt[i++] = sp->dns_addrs[0] >> 16; 3179 opt[i++] = sp->dns_addrs[0] >> 8; 3180 opt[i++] = sp->dns_addrs[0]; 3181 } 3182 if (sp->query_dns & 2) { 3183 opt[i++] = IPCP_OPT_SECDNS; 3184 opt[i++] = 6; 3185 opt[i++] = sp->dns_addrs[1] >> 24; 3186 opt[i++] = sp->dns_addrs[1] >> 16; 3187 opt[i++] = sp->dns_addrs[1] >> 8; 3188 opt[i++] = sp->dns_addrs[1]; 3189 } 3190 3191 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3192 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3193 } 3194 3195 3196 /* 3197 *--------------------------------------------------------------------------* 3198 * * 3199 * The IPv6CP implementation. * 3200 * * 3201 *--------------------------------------------------------------------------* 3202 */ 3203 3204 #ifdef INET6 3205 static void 3206 sppp_ipv6cp_init(struct sppp *sp) 3207 { 3208 sp->ipv6cp.opts = 0; 3209 sp->ipv6cp.flags = 0; 3210 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3211 sp->fail_counter[IDX_IPV6CP] = 0; 3212 sp->pp_seq[IDX_IPV6CP] = 0; 3213 sp->pp_rseq[IDX_IPV6CP] = 0; 3214 callout_init(&sp->ch[IDX_IPV6CP]); 3215 } 3216 3217 static void 3218 sppp_ipv6cp_up(struct sppp *sp) 3219 { 3220 sppp_up_event(&ipv6cp, sp); 3221 } 3222 3223 static void 3224 sppp_ipv6cp_down(struct sppp *sp) 3225 { 3226 sppp_down_event(&ipv6cp, sp); 3227 } 3228 3229 static void 3230 sppp_ipv6cp_open(struct sppp *sp) 3231 { 3232 STDDCL; 3233 struct in6_addr myaddr, hisaddr; 3234 3235 #ifdef IPV6CP_MYIFID_DYN 3236 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3237 #else 3238 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3239 #endif 3240 3241 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3242 /* 3243 * If we don't have our address, this probably means our 3244 * interface doesn't want to talk IPv6 at all. (This could 3245 * be the case if somebody wants to speak only IPX, for 3246 * example.) Don't open IPv6CP in this case. 3247 */ 3248 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3249 /* XXX this message should go away */ 3250 if (debug) 3251 log(LOG_DEBUG, "%s: ipv6cp_open(): no IPv6 interface\n", 3252 ifp->if_xname); 3253 return; 3254 } 3255 3256 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3257 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3258 sppp_open_event(&ipv6cp, sp); 3259 } 3260 3261 static void 3262 sppp_ipv6cp_close(struct sppp *sp) 3263 { 3264 sppp_close_event(&ipv6cp, sp); 3265 } 3266 3267 static void 3268 sppp_ipv6cp_TO(void *cookie) 3269 { 3270 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3271 } 3272 3273 /* 3274 * Analyze a configure request. Return true if it was agreeable, and 3275 * caused action sca, false if it has been rejected or nak'ed, and 3276 * caused action scn. (The return value is used to make the state 3277 * transition decision in the state automaton.) 3278 */ 3279 static int 3280 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3281 { 3282 u_char *buf, *r, *p; 3283 struct ifnet *ifp = &sp->pp_if; 3284 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3285 struct in6_addr myaddr, desiredaddr, suggestaddr; 3286 int ifidcount; 3287 int type; 3288 int collision, nohisaddr; 3289 3290 len -= 4; 3291 origlen = len; 3292 /* 3293 * Make sure to allocate a buf that can at least hold a 3294 * conf-nak with an `address' option. We might need it below. 3295 */ 3296 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3297 if (! buf) 3298 return (0); 3299 3300 /* pass 1: see if we can recognize them */ 3301 if (debug) 3302 log(LOG_DEBUG, "%s: ipv6cp parse opts:", 3303 ifp->if_xname); 3304 p = (void *)(h + 1); 3305 ifidcount = 0; 3306 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3307 if (debug) 3308 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3309 switch (*p) { 3310 case IPV6CP_OPT_IFID: 3311 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3312 /* correctly formed address option */ 3313 ifidcount++; 3314 continue; 3315 } 3316 if (debug) 3317 addlog(" [invalid]"); 3318 break; 3319 #ifdef notyet 3320 case IPV6CP_OPT_COMPRESSION: 3321 if (len >= 4 && p[1] >= 4) { 3322 /* correctly formed compress option */ 3323 continue; 3324 } 3325 if (debug) 3326 addlog(" [invalid]"); 3327 break; 3328 #endif 3329 default: 3330 /* Others not supported. */ 3331 if (debug) 3332 addlog(" [rej]"); 3333 break; 3334 } 3335 /* Add the option to rejected list. */ 3336 bcopy (p, r, p[1]); 3337 r += p[1]; 3338 rlen += p[1]; 3339 } 3340 if (rlen) { 3341 if (debug) 3342 addlog(" send conf-rej\n"); 3343 sppp_cp_send(sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3344 goto end; 3345 } else if (debug) 3346 addlog("\n"); 3347 3348 /* pass 2: parse option values */ 3349 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3350 if (debug) 3351 log(LOG_DEBUG, "%s: ipv6cp parse opt values: ", 3352 ifp->if_xname); 3353 p = (void *)(h + 1); 3354 len = origlen; 3355 type = CONF_ACK; 3356 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3357 if (debug) 3358 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3359 switch (*p) { 3360 #ifdef notyet 3361 case IPV6CP_OPT_COMPRESSION: 3362 continue; 3363 #endif 3364 case IPV6CP_OPT_IFID: 3365 memset(&desiredaddr, 0, sizeof(desiredaddr)); 3366 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3367 collision = (memcmp(&desiredaddr.s6_addr[8], 3368 &myaddr.s6_addr[8], 8) == 0); 3369 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3370 3371 desiredaddr.s6_addr16[0] = htons(0xfe80); 3372 desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3373 3374 if (!collision && !nohisaddr) { 3375 /* no collision, hisaddr known - Conf-Ack */ 3376 type = CONF_ACK; 3377 3378 if (debug) { 3379 addlog(" %s [%s]", 3380 ip6_sprintf(&desiredaddr), 3381 sppp_cp_type_name(type)); 3382 } 3383 continue; 3384 } 3385 3386 memset(&suggestaddr, 0, sizeof(&suggestaddr)); 3387 if (collision && nohisaddr) { 3388 /* collision, hisaddr unknown - Conf-Rej */ 3389 type = CONF_REJ; 3390 memset(&p[2], 0, 8); 3391 } else { 3392 /* 3393 * - no collision, hisaddr unknown, or 3394 * - collision, hisaddr known 3395 * Conf-Nak, suggest hisaddr 3396 */ 3397 type = CONF_NAK; 3398 sppp_suggest_ip6_addr(sp, &suggestaddr); 3399 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3400 } 3401 if (debug) 3402 addlog(" %s [%s]", ip6_sprintf(&desiredaddr), 3403 sppp_cp_type_name(type)); 3404 break; 3405 } 3406 /* Add the option to nak'ed list. */ 3407 bcopy (p, r, p[1]); 3408 r += p[1]; 3409 rlen += p[1]; 3410 } 3411 3412 if (rlen == 0 && type == CONF_ACK) { 3413 if (debug) 3414 addlog(" send %s\n", sppp_cp_type_name(type)); 3415 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, origlen, h + 1); 3416 } else { 3417 #ifdef notdef 3418 if (type == CONF_ACK) 3419 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3420 #endif 3421 3422 if (debug) { 3423 addlog(" send %s suggest %s\n", 3424 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr)); 3425 } 3426 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3427 } 3428 3429 end: 3430 free(buf, M_TEMP); 3431 return (rlen == 0); 3432 } 3433 3434 /* 3435 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3436 * negotiation. 3437 */ 3438 static void 3439 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3440 { 3441 u_char *buf, *p; 3442 struct ifnet *ifp = &sp->pp_if; 3443 int debug = ifp->if_flags & IFF_DEBUG; 3444 3445 len -= 4; 3446 buf = malloc (len, M_TEMP, M_NOWAIT); 3447 if (!buf) 3448 return; 3449 3450 if (debug) 3451 log(LOG_DEBUG, "%s: ipv6cp rej opts:", 3452 ifp->if_xname); 3453 3454 p = (void *)(h + 1); 3455 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3456 if (debug) 3457 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3458 switch (*p) { 3459 case IPV6CP_OPT_IFID: 3460 /* 3461 * Peer doesn't grok address option. This is 3462 * bad. XXX Should we better give up here? 3463 */ 3464 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3465 break; 3466 #ifdef notyet 3467 case IPV6CP_OPT_COMPRESS: 3468 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3469 break; 3470 #endif 3471 } 3472 } 3473 if (debug) 3474 addlog("\n"); 3475 free(buf, M_TEMP); 3476 return; 3477 } 3478 3479 /* 3480 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3481 * negotiation. 3482 */ 3483 static void 3484 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3485 { 3486 u_char *buf, *p; 3487 struct ifnet *ifp = &sp->pp_if; 3488 int debug = ifp->if_flags & IFF_DEBUG; 3489 struct in6_addr suggestaddr; 3490 3491 len -= 4; 3492 buf = malloc (len, M_TEMP, M_NOWAIT); 3493 if (!buf) 3494 return; 3495 3496 if (debug) 3497 log(LOG_DEBUG, "%s: ipv6cp nak opts:", 3498 ifp->if_xname); 3499 3500 p = (void *)(h + 1); 3501 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3502 if (debug) 3503 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3504 switch (*p) { 3505 case IPV6CP_OPT_IFID: 3506 /* 3507 * Peer doesn't like our local ifid. See 3508 * if we can do something for him. We'll drop 3509 * him our address then. 3510 */ 3511 if (len < 10 || p[1] != 10) 3512 break; 3513 memset(&suggestaddr, 0, sizeof(suggestaddr)); 3514 suggestaddr.s6_addr16[0] = htons(0xfe80); 3515 suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3516 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3517 3518 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3519 if (debug) 3520 addlog(" [suggestaddr %s]", 3521 ip6_sprintf(&suggestaddr)); 3522 #ifdef IPV6CP_MYIFID_DYN 3523 /* 3524 * When doing dynamic address assignment, 3525 * we accept his offer. 3526 */ 3527 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3528 struct in6_addr lastsuggest; 3529 /* 3530 * If <suggested myaddr from peer> equals to 3531 * <hisaddr we have suggested last time>, 3532 * we have a collision. generate new random 3533 * ifid. 3534 */ 3535 sppp_suggest_ip6_addr(&lastsuggest); 3536 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3537 lastsuggest)) { 3538 if (debug) 3539 addlog(" [random]"); 3540 sppp_gen_ip6_addr(sp, &suggestaddr); 3541 } 3542 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3543 if (debug) 3544 addlog(" [agree]"); 3545 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3546 } 3547 #else 3548 /* 3549 * Since we do not do dynamic address assignment, 3550 * we ignore it and thus continue to negotiate 3551 * our already existing value. This can possibly 3552 * go into infinite request-reject loop. 3553 * 3554 * This is not likely because we normally use 3555 * ifid based on MAC-address. 3556 * If you have no ethernet card on the node, too bad. 3557 * XXX should we use fail_counter? 3558 */ 3559 #endif 3560 break; 3561 #ifdef notyet 3562 case IPV6CP_OPT_COMPRESS: 3563 /* 3564 * Peer wants different compression parameters. 3565 */ 3566 break; 3567 #endif 3568 } 3569 } 3570 if (debug) 3571 addlog("\n"); 3572 free(buf, M_TEMP); 3573 return; 3574 } 3575 3576 static void 3577 sppp_ipv6cp_tlu(struct sppp *sp) 3578 { 3579 /* we are up - notify isdn daemon */ 3580 if (sp->pp_con) 3581 sp->pp_con(sp); 3582 } 3583 3584 static void 3585 sppp_ipv6cp_tld(struct sppp *sp) 3586 { 3587 } 3588 3589 static void 3590 sppp_ipv6cp_tls(struct sppp *sp) 3591 { 3592 /* indicate to LCP that it must stay alive */ 3593 sp->lcp.protos |= (1 << IDX_IPV6CP); 3594 } 3595 3596 static void 3597 sppp_ipv6cp_tlf(struct sppp *sp) 3598 { 3599 /* we no longer need LCP */ 3600 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3601 } 3602 3603 static void 3604 sppp_ipv6cp_scr(struct sppp *sp) 3605 { 3606 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3607 struct in6_addr ouraddr; 3608 int i = 0; 3609 3610 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3611 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3612 opt[i++] = IPV6CP_OPT_IFID; 3613 opt[i++] = 10; 3614 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3615 i += 8; 3616 } 3617 3618 #ifdef notyet 3619 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3620 opt[i++] = IPV6CP_OPT_COMPRESSION; 3621 opt[i++] = 4; 3622 opt[i++] = 0; /* TBD */ 3623 opt[i++] = 0; /* TBD */ 3624 /* variable length data may follow */ 3625 } 3626 #endif 3627 3628 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3629 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3630 } 3631 #else /*INET6*/ 3632 static void sppp_ipv6cp_init(struct sppp *sp) 3633 { 3634 } 3635 3636 static void sppp_ipv6cp_up(struct sppp *sp) 3637 { 3638 } 3639 3640 static void sppp_ipv6cp_down(struct sppp *sp) 3641 { 3642 } 3643 3644 3645 static void sppp_ipv6cp_open(struct sppp *sp) 3646 { 3647 } 3648 3649 static void sppp_ipv6cp_close(struct sppp *sp) 3650 { 3651 } 3652 3653 static void sppp_ipv6cp_TO(void *sp) 3654 { 3655 } 3656 3657 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3658 { 3659 return 0; 3660 } 3661 3662 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3663 { 3664 } 3665 3666 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3667 { 3668 } 3669 3670 static void sppp_ipv6cp_tlu(struct sppp *sp) 3671 { 3672 } 3673 3674 static void sppp_ipv6cp_tld(struct sppp *sp) 3675 { 3676 } 3677 3678 static void sppp_ipv6cp_tls(struct sppp *sp) 3679 { 3680 } 3681 3682 static void sppp_ipv6cp_tlf(struct sppp *sp) 3683 { 3684 } 3685 3686 static void sppp_ipv6cp_scr(struct sppp *sp) 3687 { 3688 } 3689 #endif /*INET6*/ 3690 3691 3692 /* 3693 *--------------------------------------------------------------------------* 3694 * * 3695 * The CHAP implementation. * 3696 * * 3697 *--------------------------------------------------------------------------* 3698 */ 3699 3700 /* 3701 * The authentication protocols don't employ a full-fledged state machine as 3702 * the control protocols do, since they do have Open and Close events, but 3703 * not Up and Down, nor are they explicitly terminated. Also, use of the 3704 * authentication protocols may be different in both directions (this makes 3705 * sense, think of a machine that never accepts incoming calls but only 3706 * calls out, it doesn't require the called party to authenticate itself). 3707 * 3708 * Our state machine for the local authentication protocol (we are requesting 3709 * the peer to authenticate) looks like: 3710 * 3711 * RCA- 3712 * +--------------------------------------------+ 3713 * V scn,tld| 3714 * +--------+ Close +---------+ RCA+ 3715 * | |<----------------------------------| |------+ 3716 * +--->| Closed | TO* | Opened | sca | 3717 * | | |-----+ +-------| |<-----+ 3718 * | +--------+ irc | | +---------+ 3719 * | ^ | | ^ 3720 * | | | | | 3721 * | | | | | 3722 * | TO-| | | | 3723 * | |tld TO+ V | | 3724 * | | +------->+ | | 3725 * | | | | | | 3726 * | +--------+ V | | 3727 * | | |<----+<--------------------+ | 3728 * | | Req- | scr | 3729 * | | Sent | | 3730 * | | | | 3731 * | +--------+ | 3732 * | RCA- | | RCA+ | 3733 * +------+ +------------------------------------------+ 3734 * scn,tld sca,irc,ict,tlu 3735 * 3736 * 3737 * with: 3738 * 3739 * Open: LCP reached authentication phase 3740 * Close: LCP reached terminate phase 3741 * 3742 * RCA+: received reply (pap-req, chap-response), acceptable 3743 * RCN: received reply (pap-req, chap-response), not acceptable 3744 * TO+: timeout with restart counter >= 0 3745 * TO-: timeout with restart counter < 0 3746 * TO*: reschedule timeout for CHAP 3747 * 3748 * scr: send request packet (none for PAP, chap-challenge) 3749 * sca: send ack packet (pap-ack, chap-success) 3750 * scn: send nak packet (pap-nak, chap-failure) 3751 * ict: initialize re-challenge timer (CHAP only) 3752 * 3753 * tlu: this-layer-up, LCP reaches network phase 3754 * tld: this-layer-down, LCP enters terminate phase 3755 * 3756 * Note that in CHAP mode, after sending a new challenge, while the state 3757 * automaton falls back into Req-Sent state, it doesn't signal a tld 3758 * event to LCP, so LCP remains in network phase. Only after not getting 3759 * any response (or after getting an unacceptable response), CHAP closes, 3760 * causing LCP to enter terminate phase. 3761 * 3762 * With PAP, there is no initial request that can be sent. The peer is 3763 * expected to send one based on the successful negotiation of PAP as 3764 * the authentication protocol during the LCP option negotiation. 3765 * 3766 * Incoming authentication protocol requests (remote requests 3767 * authentication, we are peer) don't employ a state machine at all, 3768 * they are simply answered. Some peers [Ascend P50 firmware rev 3769 * 4.50] react allergically when sending IPCP/IPv6CP requests while they are 3770 * still in authentication phase (thereby violating the standard that 3771 * demands that these NCP packets are to be discarded), so we keep 3772 * track of the peer demanding us to authenticate, and only proceed to 3773 * phase network once we've seen a positive acknowledge for the 3774 * authentication. 3775 */ 3776 3777 /* 3778 * Handle incoming CHAP packets. 3779 */ 3780 void 3781 sppp_chap_input(struct sppp *sp, struct mbuf *m) 3782 { 3783 STDDCL; 3784 struct lcp_header *h; 3785 int len, x; 3786 u_char *value, *name, digest[sizeof(sp->myauth.challenge)], dsize; 3787 int value_len, name_len; 3788 MD5_CTX ctx; 3789 3790 len = m->m_pkthdr.len; 3791 if (len < 4) { 3792 if (debug) 3793 log(LOG_DEBUG, 3794 "%s: chap invalid packet length: %d bytes\n", 3795 ifp->if_xname, len); 3796 return; 3797 } 3798 h = mtod(m, struct lcp_header *); 3799 if (len > ntohs(h->len)) 3800 len = ntohs(h->len); 3801 3802 switch (h->type) { 3803 /* challenge, failure and success are his authproto */ 3804 case CHAP_CHALLENGE: 3805 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 3806 /* can't do anything usefull */ 3807 sp->pp_auth_failures++; 3808 printf("%s: chap input without my name and my secret being set\n", 3809 ifp->if_xname); 3810 break; 3811 } 3812 value = 1 + (u_char *)(h + 1); 3813 value_len = value[-1]; 3814 name = value + value_len; 3815 name_len = len - value_len - 5; 3816 if (name_len < 0) { 3817 if (debug) { 3818 log(LOG_DEBUG, 3819 "%s: chap corrupted challenge " 3820 "<%s id=0x%x len=%d", 3821 ifp->if_xname, 3822 sppp_auth_type_name(PPP_CHAP, h->type), 3823 h->ident, ntohs(h->len)); 3824 if (len > 4) 3825 sppp_print_bytes((u_char *)(h + 1), 3826 len - 4); 3827 addlog(">\n"); 3828 } 3829 break; 3830 } 3831 3832 if (debug) { 3833 log(LOG_DEBUG, 3834 "%s: chap input <%s id=0x%x len=%d name=", 3835 ifp->if_xname, 3836 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3837 ntohs(h->len)); 3838 sppp_print_string((char *) name, name_len); 3839 addlog(" value-size=%d value=", value_len); 3840 sppp_print_bytes(value, value_len); 3841 addlog(">\n"); 3842 } 3843 3844 /* Compute reply value. */ 3845 MD5Init(&ctx); 3846 MD5Update(&ctx, &h->ident, 1); 3847 MD5Update(&ctx, sp->myauth.secret, sp->myauth.secret_len); 3848 MD5Update(&ctx, value, value_len); 3849 MD5Final(digest, &ctx); 3850 dsize = sizeof digest; 3851 3852 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3853 sizeof dsize, (const char *)&dsize, 3854 sizeof digest, digest, 3855 sp->myauth.name_len, 3856 sp->myauth.name, 3857 0); 3858 break; 3859 3860 case CHAP_SUCCESS: 3861 if (debug) { 3862 log(LOG_DEBUG, "%s: chap success", 3863 ifp->if_xname); 3864 if (len > 4) { 3865 addlog(": "); 3866 sppp_print_string((char *)(h + 1), len - 4); 3867 } 3868 addlog("\n"); 3869 } 3870 x = splnet(); 3871 sp->pp_auth_failures = 0; 3872 sp->pp_flags &= ~PP_NEEDAUTH; 3873 if (sp->myauth.proto == PPP_CHAP && 3874 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3875 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3876 /* 3877 * We are authenticator for CHAP but didn't 3878 * complete yet. Leave it to tlu to proceed 3879 * to network phase. 3880 */ 3881 splx(x); 3882 break; 3883 } 3884 splx(x); 3885 sppp_phase_network(sp); 3886 break; 3887 3888 case CHAP_FAILURE: 3889 x = splnet(); 3890 sp->pp_auth_failures++; 3891 splx(x); 3892 if (debug) { 3893 log(LOG_INFO, "%s: chap failure", 3894 ifp->if_xname); 3895 if (len > 4) { 3896 addlog(": "); 3897 sppp_print_string((char *)(h + 1), len - 4); 3898 } 3899 addlog("\n"); 3900 } else 3901 log(LOG_INFO, "%s: chap failure\n", 3902 ifp->if_xname); 3903 /* await LCP shutdown by authenticator */ 3904 break; 3905 3906 /* response is my authproto */ 3907 case CHAP_RESPONSE: 3908 if (sp->hisauth.secret == NULL) { 3909 /* can't do anything usefull */ 3910 printf("%s: chap input without his secret being set\n", 3911 ifp->if_xname); 3912 break; 3913 } 3914 value = 1 + (u_char *)(h + 1); 3915 value_len = value[-1]; 3916 name = value + value_len; 3917 name_len = len - value_len - 5; 3918 if (name_len < 0) { 3919 if (debug) { 3920 log(LOG_DEBUG, 3921 "%s: chap corrupted response " 3922 "<%s id=0x%x len=%d", 3923 ifp->if_xname, 3924 sppp_auth_type_name(PPP_CHAP, h->type), 3925 h->ident, ntohs(h->len)); 3926 if (len > 4) 3927 sppp_print_bytes((u_char *)(h + 1), 3928 len - 4); 3929 addlog(">\n"); 3930 } 3931 break; 3932 } 3933 if (h->ident != sp->confid[IDX_CHAP]) { 3934 if (debug) 3935 log(LOG_DEBUG, 3936 "%s: chap dropping response for old ID " 3937 "(got %d, expected %d)\n", 3938 ifp->if_xname, 3939 h->ident, sp->confid[IDX_CHAP]); 3940 break; 3941 } 3942 if (sp->hisauth.name != NULL && 3943 (name_len != sp->hisauth.name_len 3944 || memcmp(name, sp->hisauth.name, name_len) != 0)) { 3945 log(LOG_INFO, "%s: chap response, his name ", 3946 ifp->if_xname); 3947 sppp_print_string(name, name_len); 3948 addlog(" != expected "); 3949 sppp_print_string(sp->hisauth.name, 3950 sp->hisauth.name_len); 3951 addlog("\n"); 3952 goto chap_failure; 3953 } 3954 if (debug) { 3955 log(LOG_DEBUG, "%s: chap input(%s) " 3956 "<%s id=0x%x len=%d name=", 3957 ifp->if_xname, 3958 sppp_state_name(sp->state[IDX_CHAP]), 3959 sppp_auth_type_name(PPP_CHAP, h->type), 3960 h->ident, ntohs(h->len)); 3961 sppp_print_string((char *)name, name_len); 3962 addlog(" value-size=%d value=", value_len); 3963 sppp_print_bytes(value, value_len); 3964 addlog(">\n"); 3965 } 3966 if (value_len != sizeof(sp->myauth.challenge)) { 3967 if (debug) 3968 log(LOG_DEBUG, 3969 "%s: chap bad hash value length: " 3970 "%d bytes, should be %ld\n", 3971 ifp->if_xname, value_len, 3972 (long) sizeof(sp->myauth.challenge)); 3973 goto chap_failure; 3974 } 3975 3976 MD5Init(&ctx); 3977 MD5Update(&ctx, &h->ident, 1); 3978 MD5Update(&ctx, sp->hisauth.secret, sp->hisauth.secret_len); 3979 MD5Update(&ctx, sp->myauth.challenge, sizeof(sp->myauth.challenge)); 3980 MD5Final(digest, &ctx); 3981 3982 #define FAILMSG "Failed..." 3983 #define SUCCMSG "Welcome!" 3984 3985 if (value_len != sizeof digest || 3986 memcmp(digest, value, value_len) != 0) { 3987 chap_failure: 3988 /* action scn, tld */ 3989 x = splnet(); 3990 sp->pp_auth_failures++; 3991 splx(x); 3992 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3993 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3994 0); 3995 chap.tld(sp); 3996 break; 3997 } 3998 sp->pp_auth_failures = 0; 3999 /* action sca, perhaps tlu */ 4000 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 4001 sp->state[IDX_CHAP] == STATE_OPENED) 4002 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4003 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4004 0); 4005 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 4006 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4007 chap.tlu(sp); 4008 } 4009 break; 4010 4011 default: 4012 /* Unknown CHAP packet type -- ignore. */ 4013 if (debug) { 4014 log(LOG_DEBUG, "%s: chap unknown input(%s) " 4015 "<0x%x id=0x%xh len=%d", 4016 ifp->if_xname, 4017 sppp_state_name(sp->state[IDX_CHAP]), 4018 h->type, h->ident, ntohs(h->len)); 4019 if (len > 4) 4020 sppp_print_bytes((u_char *)(h + 1), len - 4); 4021 addlog(">\n"); 4022 } 4023 break; 4024 4025 } 4026 } 4027 4028 static void 4029 sppp_chap_init(struct sppp *sp) 4030 { 4031 /* Chap doesn't have STATE_INITIAL at all. */ 4032 sp->state[IDX_CHAP] = STATE_CLOSED; 4033 sp->fail_counter[IDX_CHAP] = 0; 4034 sp->pp_seq[IDX_CHAP] = 0; 4035 sp->pp_rseq[IDX_CHAP] = 0; 4036 callout_init(&sp->ch[IDX_CHAP]); 4037 } 4038 4039 static void 4040 sppp_chap_open(struct sppp *sp) 4041 { 4042 if (sp->myauth.proto == PPP_CHAP && 4043 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4044 /* we are authenticator for CHAP, start it */ 4045 chap.scr(sp); 4046 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4047 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4048 } 4049 /* nothing to be done if we are peer, await a challenge */ 4050 } 4051 4052 static void 4053 sppp_chap_close(struct sppp *sp) 4054 { 4055 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4056 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4057 } 4058 4059 static void 4060 sppp_chap_TO(void *cookie) 4061 { 4062 struct sppp *sp = (struct sppp *)cookie; 4063 STDDCL; 4064 int s; 4065 4066 s = splnet(); 4067 if (debug) 4068 log(LOG_DEBUG, "%s: chap TO(%s) rst_counter = %d\n", 4069 ifp->if_xname, 4070 sppp_state_name(sp->state[IDX_CHAP]), 4071 sp->rst_counter[IDX_CHAP]); 4072 4073 if (--sp->rst_counter[IDX_CHAP] < 0) 4074 /* TO- event */ 4075 switch (sp->state[IDX_CHAP]) { 4076 case STATE_REQ_SENT: 4077 chap.tld(sp); 4078 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4079 break; 4080 } 4081 else 4082 /* TO+ (or TO*) event */ 4083 switch (sp->state[IDX_CHAP]) { 4084 case STATE_OPENED: 4085 /* TO* event */ 4086 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4087 /* fall through */ 4088 case STATE_REQ_SENT: 4089 chap.scr(sp); 4090 /* sppp_cp_change_state() will restart the timer */ 4091 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4092 break; 4093 } 4094 4095 splx(s); 4096 } 4097 4098 static void 4099 sppp_chap_tlu(struct sppp *sp) 4100 { 4101 STDDCL; 4102 int i, x; 4103 4104 i = 0; 4105 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4106 4107 /* 4108 * Some broken CHAP implementations (Conware CoNet, firmware 4109 * 4.0.?) don't want to re-authenticate their CHAP once the 4110 * initial challenge-response exchange has taken place. 4111 * Provide for an option to avoid rechallenges. 4112 */ 4113 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) { 4114 /* 4115 * Compute the re-challenge timeout. This will yield 4116 * a number between 300 and 810 seconds. 4117 */ 4118 i = 300 + ((unsigned)(arc4random() & 0xff00) >> 7); 4119 4120 callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, sp); 4121 } 4122 4123 if (debug) { 4124 log(LOG_DEBUG, 4125 "%s: chap %s, ", 4126 ifp->if_xname, 4127 sp->pp_phase == SPPP_PHASE_NETWORK? "reconfirmed": "tlu"); 4128 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) 4129 addlog("next re-challenge in %d seconds\n", i); 4130 else 4131 addlog("re-challenging supressed\n"); 4132 } 4133 4134 x = splnet(); 4135 sp->pp_auth_failures = 0; 4136 /* indicate to LCP that we need to be closed down */ 4137 sp->lcp.protos |= (1 << IDX_CHAP); 4138 4139 if (sp->pp_flags & PP_NEEDAUTH) { 4140 /* 4141 * Remote is authenticator, but his auth proto didn't 4142 * complete yet. Defer the transition to network 4143 * phase. 4144 */ 4145 splx(x); 4146 return; 4147 } 4148 splx(x); 4149 4150 /* 4151 * If we are already in phase network, we are done here. This 4152 * is the case if this is a dummy tlu event after a re-challenge. 4153 */ 4154 if (sp->pp_phase != SPPP_PHASE_NETWORK) 4155 sppp_phase_network(sp); 4156 } 4157 4158 static void 4159 sppp_chap_tld(struct sppp *sp) 4160 { 4161 STDDCL; 4162 4163 if (debug) 4164 log(LOG_DEBUG, "%s: chap tld\n", ifp->if_xname); 4165 callout_stop(&sp->ch[IDX_CHAP]); 4166 sp->lcp.protos &= ~(1 << IDX_CHAP); 4167 4168 lcp.Close(sp); 4169 } 4170 4171 static void 4172 sppp_chap_scr(struct sppp *sp) 4173 { 4174 u_int32_t *ch; 4175 u_char clen; 4176 4177 if (sp->myauth.name == NULL) { 4178 /* can't do anything usefull */ 4179 printf("%s: chap starting without my name being set\n", 4180 sp->pp_if.if_xname); 4181 return; 4182 } 4183 4184 /* Compute random challenge. */ 4185 ch = (u_int32_t *)sp->myauth.challenge; 4186 ch[0] = arc4random(); 4187 ch[1] = arc4random(); 4188 ch[2] = arc4random(); 4189 ch[3] = arc4random(); 4190 clen = 16; /* 4 * sizeof(u_int32_t) */ 4191 4192 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4193 4194 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4195 sizeof clen, (const char *)&clen, 4196 sizeof(sp->myauth.challenge), sp->myauth.challenge, 4197 sp->myauth.name_len, 4198 sp->myauth.name, 4199 0); 4200 } 4201 4202 /* 4203 *--------------------------------------------------------------------------* 4204 * * 4205 * The PAP implementation. * 4206 * * 4207 *--------------------------------------------------------------------------* 4208 */ 4209 /* 4210 * For PAP, we need to keep a little state also if we are the peer, not the 4211 * authenticator. This is since we don't get a request to authenticate, but 4212 * have to repeatedly authenticate ourself until we got a response (or the 4213 * retry counter is expired). 4214 */ 4215 4216 /* 4217 * Handle incoming PAP packets. */ 4218 static void 4219 sppp_pap_input(struct sppp *sp, struct mbuf *m) 4220 { 4221 STDDCL; 4222 struct lcp_header *h; 4223 int len, x; 4224 u_char mlen; 4225 char *name, *secret; 4226 int name_len, secret_len; 4227 4228 len = m->m_pkthdr.len; 4229 if (len < 5) { 4230 if (debug) 4231 log(LOG_DEBUG, 4232 "%s: pap invalid packet length: %d bytes\n", 4233 ifp->if_xname, len); 4234 return; 4235 } 4236 h = mtod(m, struct lcp_header *); 4237 if (len > ntohs(h->len)) 4238 len = ntohs(h->len); 4239 switch (h->type) { 4240 /* PAP request is my authproto */ 4241 case PAP_REQ: 4242 if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) { 4243 /* can't do anything usefull */ 4244 printf("%s: pap request without his name and his secret being set\n", 4245 ifp->if_xname); 4246 break; 4247 } 4248 name = 1 + (u_char *)(h + 1); 4249 name_len = name[-1]; 4250 secret = name + name_len + 1; 4251 if (name_len > len - 6 || 4252 (secret_len = secret[-1]) > len - 6 - name_len) { 4253 if (debug) { 4254 log(LOG_DEBUG, "%s: pap corrupted input " 4255 "<%s id=0x%x len=%d", 4256 ifp->if_xname, 4257 sppp_auth_type_name(PPP_PAP, h->type), 4258 h->ident, ntohs(h->len)); 4259 if (len > 4) 4260 sppp_print_bytes((u_char *)(h + 1), 4261 len - 4); 4262 addlog(">\n"); 4263 } 4264 break; 4265 } 4266 if (debug) { 4267 log(LOG_DEBUG, "%s: pap input(%s) " 4268 "<%s id=0x%x len=%d name=", 4269 ifp->if_xname, 4270 sppp_state_name(sp->state[IDX_PAP]), 4271 sppp_auth_type_name(PPP_PAP, h->type), 4272 h->ident, ntohs(h->len)); 4273 sppp_print_string((char *)name, name_len); 4274 addlog(" secret="); 4275 sppp_print_string((char *)secret, secret_len); 4276 addlog(">\n"); 4277 } 4278 if (name_len != sp->hisauth.name_len || 4279 secret_len != sp->hisauth.secret_len || 4280 memcmp(name, sp->hisauth.name, name_len) != 0 || 4281 memcmp(secret, sp->hisauth.secret, secret_len) != 0) { 4282 /* action scn, tld */ 4283 sp->pp_auth_failures++; 4284 mlen = sizeof(FAILMSG) - 1; 4285 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4286 sizeof mlen, (const char *)&mlen, 4287 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4288 0); 4289 pap.tld(sp); 4290 break; 4291 } 4292 /* action sca, perhaps tlu */ 4293 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4294 sp->state[IDX_PAP] == STATE_OPENED) { 4295 mlen = sizeof(SUCCMSG) - 1; 4296 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4297 sizeof mlen, (const char *)&mlen, 4298 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4299 0); 4300 } 4301 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4302 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4303 pap.tlu(sp); 4304 } 4305 break; 4306 4307 /* ack and nak are his authproto */ 4308 case PAP_ACK: 4309 callout_stop(&sp->pap_my_to_ch); 4310 if (debug) { 4311 log(LOG_DEBUG, "%s: pap success", 4312 ifp->if_xname); 4313 name_len = *(char *)h; 4314 if (len > 5 && name_len) { 4315 addlog(": "); 4316 sppp_print_string((char *)(h + 1), name_len); 4317 } 4318 addlog("\n"); 4319 } 4320 x = splnet(); 4321 sp->pp_auth_failures = 0; 4322 sp->pp_flags &= ~PP_NEEDAUTH; 4323 if (sp->myauth.proto == PPP_PAP && 4324 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4325 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4326 /* 4327 * We are authenticator for PAP but didn't 4328 * complete yet. Leave it to tlu to proceed 4329 * to network phase. 4330 */ 4331 splx(x); 4332 break; 4333 } 4334 splx(x); 4335 sppp_phase_network(sp); 4336 break; 4337 4338 case PAP_NAK: 4339 callout_stop(&sp->pap_my_to_ch); 4340 sp->pp_auth_failures++; 4341 if (debug) { 4342 log(LOG_INFO, "%s: pap failure", 4343 ifp->if_xname); 4344 name_len = *(char *)h; 4345 if (len > 5 && name_len) { 4346 addlog(": "); 4347 sppp_print_string((char *)(h + 1), name_len); 4348 } 4349 addlog("\n"); 4350 } else 4351 log(LOG_INFO, "%s: pap failure\n", 4352 ifp->if_xname); 4353 /* await LCP shutdown by authenticator */ 4354 break; 4355 4356 default: 4357 /* Unknown PAP packet type -- ignore. */ 4358 if (debug) { 4359 log(LOG_DEBUG, "%s: pap corrupted input " 4360 "<0x%x id=0x%x len=%d", 4361 ifp->if_xname, 4362 h->type, h->ident, ntohs(h->len)); 4363 if (len > 4) 4364 sppp_print_bytes((u_char *)(h + 1), len - 4); 4365 addlog(">\n"); 4366 } 4367 break; 4368 4369 } 4370 } 4371 4372 static void 4373 sppp_pap_init(struct sppp *sp) 4374 { 4375 /* PAP doesn't have STATE_INITIAL at all. */ 4376 sp->state[IDX_PAP] = STATE_CLOSED; 4377 sp->fail_counter[IDX_PAP] = 0; 4378 sp->pp_seq[IDX_PAP] = 0; 4379 sp->pp_rseq[IDX_PAP] = 0; 4380 callout_init(&sp->ch[IDX_PAP]); 4381 callout_init(&sp->pap_my_to_ch); 4382 } 4383 4384 static void 4385 sppp_pap_open(struct sppp *sp) 4386 { 4387 if (sp->hisauth.proto == PPP_PAP && 4388 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4389 /* we are authenticator for PAP, start our timer */ 4390 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4391 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4392 } 4393 if (sp->myauth.proto == PPP_PAP) { 4394 /* we are peer, send a request, and start a timer */ 4395 pap.scr(sp); 4396 callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout, 4397 sppp_pap_my_TO, sp); 4398 } 4399 } 4400 4401 static void 4402 sppp_pap_close(struct sppp *sp) 4403 { 4404 if (sp->state[IDX_PAP] != STATE_CLOSED) 4405 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4406 } 4407 4408 /* 4409 * That's the timeout routine if we are authenticator. Since the 4410 * authenticator is basically passive in PAP, we can't do much here. 4411 */ 4412 static void 4413 sppp_pap_TO(void *cookie) 4414 { 4415 struct sppp *sp = (struct sppp *)cookie; 4416 STDDCL; 4417 int s; 4418 4419 s = splnet(); 4420 if (debug) 4421 log(LOG_DEBUG, "%s: pap TO(%s) rst_counter = %d\n", 4422 ifp->if_xname, 4423 sppp_state_name(sp->state[IDX_PAP]), 4424 sp->rst_counter[IDX_PAP]); 4425 4426 if (--sp->rst_counter[IDX_PAP] < 0) 4427 /* TO- event */ 4428 switch (sp->state[IDX_PAP]) { 4429 case STATE_REQ_SENT: 4430 pap.tld(sp); 4431 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4432 break; 4433 } 4434 else 4435 /* TO+ event, not very much we could do */ 4436 switch (sp->state[IDX_PAP]) { 4437 case STATE_REQ_SENT: 4438 /* sppp_cp_change_state() will restart the timer */ 4439 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4440 break; 4441 } 4442 4443 splx(s); 4444 } 4445 4446 /* 4447 * That's the timeout handler if we are peer. Since the peer is active, 4448 * we need to retransmit our PAP request since it is apparently lost. 4449 * XXX We should impose a max counter. 4450 */ 4451 static void 4452 sppp_pap_my_TO(void *cookie) 4453 { 4454 struct sppp *sp = (struct sppp *)cookie; 4455 STDDCL; 4456 4457 if (debug) 4458 log(LOG_DEBUG, "%s: pap peer TO\n", 4459 ifp->if_xname); 4460 4461 pap.scr(sp); 4462 } 4463 4464 static void 4465 sppp_pap_tlu(struct sppp *sp) 4466 { 4467 STDDCL; 4468 int x; 4469 4470 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4471 4472 if (debug) 4473 log(LOG_DEBUG, "%s: %s tlu\n", 4474 ifp->if_xname, pap.name); 4475 4476 x = splnet(); 4477 sp->pp_auth_failures = 0; 4478 /* indicate to LCP that we need to be closed down */ 4479 sp->lcp.protos |= (1 << IDX_PAP); 4480 4481 if (sp->pp_flags & PP_NEEDAUTH) { 4482 /* 4483 * Remote is authenticator, but his auth proto didn't 4484 * complete yet. Defer the transition to network 4485 * phase. 4486 */ 4487 splx(x); 4488 return; 4489 } 4490 splx(x); 4491 sppp_phase_network(sp); 4492 } 4493 4494 static void 4495 sppp_pap_tld(struct sppp *sp) 4496 { 4497 STDDCL; 4498 4499 if (debug) 4500 log(LOG_DEBUG, "%s: pap tld\n", ifp->if_xname); 4501 callout_stop(&sp->ch[IDX_PAP]); 4502 callout_stop(&sp->pap_my_to_ch); 4503 sp->lcp.protos &= ~(1 << IDX_PAP); 4504 4505 lcp.Close(sp); 4506 } 4507 4508 static void 4509 sppp_pap_scr(struct sppp *sp) 4510 { 4511 u_char idlen, pwdlen; 4512 4513 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 4514 /* can't do anything usefull */ 4515 printf("%s: pap starting without my name and secret being set\n", 4516 sp->pp_if.if_xname); 4517 return; 4518 } 4519 4520 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4521 pwdlen = sp->myauth.secret_len; 4522 idlen = sp->myauth.name_len; 4523 4524 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4525 sizeof idlen, (const char *)&idlen, 4526 idlen, sp->myauth.name, 4527 sizeof pwdlen, (const char *)&pwdlen, 4528 pwdlen, sp->myauth.secret, 4529 0); 4530 } 4531 4532 /* 4533 * Random miscellaneous functions. 4534 */ 4535 4536 /* 4537 * Send a PAP or CHAP proto packet. 4538 * 4539 * Varadic function, each of the elements for the ellipsis is of type 4540 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4541 * mlen == 0. 4542 * NOTE: never declare variadic functions with types subject to type 4543 * promotion (i.e. u_char). This is asking for big trouble depending 4544 * on the architecture you are on... 4545 */ 4546 4547 static void 4548 sppp_auth_send(const struct cp *cp, struct sppp *sp, 4549 unsigned int type, unsigned int id, 4550 ...) 4551 { 4552 STDDCL; 4553 struct lcp_header *lh; 4554 struct mbuf *m; 4555 u_char *p; 4556 int len; 4557 size_t pkthdrlen; 4558 unsigned int mlen; 4559 const char *msg; 4560 va_list ap; 4561 4562 MGETHDR(m, M_DONTWAIT, MT_DATA); 4563 if (! m) 4564 return; 4565 m->m_pkthdr.rcvif = 0; 4566 4567 if (sp->pp_flags & PP_NOFRAMING) { 4568 *mtod(m, u_int16_t *) = htons(cp->proto); 4569 pkthdrlen = 2; 4570 lh = (struct lcp_header *)(mtod(m, u_int8_t *)+2); 4571 } else { 4572 struct ppp_header *h; 4573 h = mtod(m, struct ppp_header *); 4574 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4575 h->control = PPP_UI; /* Unnumbered Info */ 4576 h->protocol = htons(cp->proto); 4577 pkthdrlen = PPP_HEADER_LEN; 4578 4579 lh = (struct lcp_header *)(h + 1); 4580 } 4581 4582 lh->type = type; 4583 lh->ident = id; 4584 p = (u_char *)(lh + 1); 4585 4586 va_start(ap, id); 4587 len = 0; 4588 4589 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4590 msg = va_arg(ap, const char *); 4591 len += mlen; 4592 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) { 4593 va_end(ap); 4594 m_freem(m); 4595 return; 4596 } 4597 4598 bcopy(msg, p, mlen); 4599 p += mlen; 4600 } 4601 va_end(ap); 4602 4603 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 4604 lh->len = htons(LCP_HEADER_LEN + len); 4605 4606 if (debug) { 4607 log(LOG_DEBUG, "%s: %s output <%s id=0x%x len=%d", 4608 ifp->if_xname, cp->name, 4609 sppp_auth_type_name(cp->proto, lh->type), 4610 lh->ident, ntohs(lh->len)); 4611 if (len) 4612 sppp_print_bytes((u_char *)(lh + 1), len); 4613 addlog(">\n"); 4614 } 4615 if (IF_QFULL(&sp->pp_cpq)) { 4616 IF_DROP(&sp->pp_fastq); 4617 IF_DROP(&ifp->if_snd); 4618 m_freem(m); 4619 ++ifp->if_oerrors; 4620 return; 4621 } else 4622 IF_ENQUEUE(&sp->pp_cpq, m); 4623 if (! (ifp->if_flags & IFF_OACTIVE)) 4624 (*ifp->if_start)(ifp); 4625 ifp->if_obytes += m->m_pkthdr.len + 3; 4626 } 4627 4628 /* 4629 * Send keepalive packets, every 10 seconds. 4630 */ 4631 static void 4632 sppp_keepalive(void *dummy) 4633 { 4634 struct sppp *sp; 4635 int s; 4636 time_t now; 4637 4638 s = splnet(); 4639 now = mono_time.tv_sec; 4640 for (sp=spppq; sp; sp=sp->pp_next) { 4641 struct ifnet *ifp = &sp->pp_if; 4642 4643 /* check idle timeout */ 4644 if ((sp->pp_idle_timeout != 0) && (ifp->if_flags & IFF_RUNNING) 4645 && (sp->pp_phase == SPPP_PHASE_NETWORK)) { 4646 /* idle timeout is enabled for this interface */ 4647 if ((now-sp->pp_last_activity) >= sp->pp_idle_timeout) { 4648 if (ifp->if_flags & IFF_DEBUG) 4649 printf("%s: no activitiy for %lu seconds\n", 4650 sp->pp_if.if_xname, 4651 (unsigned long)(now-sp->pp_last_activity)); 4652 lcp.Close(sp); 4653 continue; 4654 } 4655 } 4656 4657 /* Keepalive mode disabled or channel down? */ 4658 if (! (sp->pp_flags & PP_KEEPALIVE) || 4659 ! (ifp->if_flags & IFF_RUNNING)) 4660 continue; 4661 4662 /* No keepalive in PPP mode if LCP not opened yet. */ 4663 if (! (sp->pp_flags & PP_CISCO) && 4664 sp->pp_phase < SPPP_PHASE_AUTHENTICATE) 4665 continue; 4666 4667 /* No echo reply, but maybe user data passed through? */ 4668 if ((now - sp->pp_last_receive) < sp->pp_max_noreceive) { 4669 sp->pp_alivecnt = 0; 4670 continue; 4671 } 4672 4673 if (sp->pp_alivecnt >= sp->pp_maxalive) { 4674 /* No keepalive packets got. Stop the interface. */ 4675 if_down (ifp); 4676 IF_PURGE(&sp->pp_cpq); 4677 if (! (sp->pp_flags & PP_CISCO)) { 4678 printf("%s: LCP keepalive timed out, going to restart the connection\n", 4679 ifp->if_xname); 4680 sp->pp_alivecnt = 0; 4681 4682 /* we are down, close all open protocols */ 4683 lcp.Close(sp); 4684 4685 /* And now prepare LCP to reestablish the link, if configured to do so. */ 4686 sppp_cp_change_state(&lcp, sp, STATE_STOPPED); 4687 4688 /* Close connection imediatly, completition of this 4689 * will summon the magic needed to reestablish it. */ 4690 sp->pp_tlf(sp); 4691 continue; 4692 } 4693 } 4694 if (sp->pp_alivecnt < sp->pp_maxalive) 4695 ++sp->pp_alivecnt; 4696 if (sp->pp_flags & PP_CISCO) 4697 sppp_cisco_send(sp, CISCO_KEEPALIVE_REQ, 4698 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4699 else if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 4700 int32_t nmagic = htonl(sp->lcp.magic); 4701 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4702 sppp_cp_send(sp, PPP_LCP, ECHO_REQ, 4703 sp->lcp.echoid, 4, &nmagic); 4704 } 4705 } 4706 splx(s); 4707 callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 4708 } 4709 4710 /* 4711 * Get both IP addresses. 4712 */ 4713 static void 4714 sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, u_int32_t *srcmask) 4715 { 4716 struct ifnet *ifp = &sp->pp_if; 4717 struct ifaddr *ifa; 4718 struct sockaddr_in *si, *sm; 4719 u_int32_t ssrc, ddst; 4720 4721 sm = NULL; 4722 ssrc = ddst = 0; 4723 /* 4724 * Pick the first AF_INET address from the list, 4725 * aliases don't make any sense on a p2p link anyway. 4726 */ 4727 si = 0; 4728 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 4729 if (ifa->ifa_addr->sa_family == AF_INET) { 4730 si = (struct sockaddr_in *)ifa->ifa_addr; 4731 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4732 if (si) 4733 break; 4734 } 4735 } 4736 if (ifa) { 4737 if (si && si->sin_addr.s_addr) { 4738 ssrc = si->sin_addr.s_addr; 4739 if (srcmask) 4740 *srcmask = ntohl(sm->sin_addr.s_addr); 4741 } 4742 4743 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4744 if (si && si->sin_addr.s_addr) 4745 ddst = si->sin_addr.s_addr; 4746 } 4747 4748 if (dst) *dst = ntohl(ddst); 4749 if (src) *src = ntohl(ssrc); 4750 } 4751 4752 /* 4753 * Set IP addresses. Must be called at splnet. 4754 * If an address is 0, leave it the way it is. 4755 */ 4756 static void 4757 sppp_set_ip_addrs(struct sppp *sp, u_int32_t myaddr, u_int32_t hisaddr) 4758 { 4759 STDDCL; 4760 struct ifaddr *ifa; 4761 struct sockaddr_in *si, *dest; 4762 4763 /* 4764 * Pick the first AF_INET address from the list, 4765 * aliases don't make any sense on a p2p link anyway. 4766 */ 4767 4768 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 4769 if (ifa->ifa_addr->sa_family == AF_INET) { 4770 si = (struct sockaddr_in *)ifa->ifa_addr; 4771 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 4772 goto found; 4773 } 4774 } 4775 return; 4776 4777 found: 4778 { 4779 int error; 4780 struct sockaddr_in new_sin = *si; 4781 struct sockaddr_in new_dst = *dest; 4782 4783 /* 4784 * Scrub old routes now instead of calling in_ifinit with 4785 * scrub=1, because we may change the dstaddr 4786 * before the call to in_ifinit. 4787 */ 4788 in_ifscrub(ifp, ifatoia(ifa)); 4789 4790 if (myaddr != 0) 4791 new_sin.sin_addr.s_addr = htonl(myaddr); 4792 if (hisaddr != 0) { 4793 new_dst.sin_addr.s_addr = htonl(hisaddr); 4794 if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) { 4795 sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr; 4796 *dest = new_dst; /* fix dstaddr in place */ 4797 } 4798 } 4799 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 0); 4800 if (debug && error) 4801 { 4802 log(LOG_DEBUG, "%s: sppp_set_ip_addrs: in_ifinit " 4803 " failed, error=%d\n", ifp->if_xname, error); 4804 } 4805 } 4806 } 4807 4808 /* 4809 * Clear IP addresses. Must be called at splnet. 4810 */ 4811 static void 4812 sppp_clear_ip_addrs(struct sppp *sp) 4813 { 4814 struct ifnet *ifp = &sp->pp_if; 4815 struct ifaddr *ifa; 4816 struct sockaddr_in *si, *dest; 4817 4818 u_int32_t remote; 4819 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 4820 remote = sp->ipcp.saved_hisaddr; 4821 else 4822 sppp_get_ip_addrs(sp, 0, &remote, 0); 4823 4824 /* 4825 * Pick the first AF_INET address from the list, 4826 * aliases don't make any sense on a p2p link anyway. 4827 */ 4828 4829 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 4830 if (ifa->ifa_addr->sa_family == AF_INET) { 4831 si = (struct sockaddr_in *)ifa->ifa_addr; 4832 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 4833 goto found; 4834 } 4835 } 4836 return; 4837 4838 found: 4839 { 4840 struct sockaddr_in new_sin = *si; 4841 4842 in_ifscrub(ifp, ifatoia(ifa)); 4843 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 4844 new_sin.sin_addr.s_addr = 0; 4845 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 4846 /* replace peer addr in place */ 4847 dest->sin_addr.s_addr = sp->ipcp.saved_hisaddr; 4848 in_ifinit(ifp, ifatoia(ifa), &new_sin, 0); 4849 } 4850 } 4851 4852 #ifdef INET6 4853 /* 4854 * Get both IPv6 addresses. 4855 */ 4856 static void 4857 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4858 struct in6_addr *srcmask) 4859 { 4860 struct ifnet *ifp = &sp->pp_if; 4861 struct ifaddr *ifa; 4862 struct sockaddr_in6 *si, *sm; 4863 struct in6_addr ssrc, ddst; 4864 4865 sm = NULL; 4866 memset(&ssrc, 0, sizeof(ssrc)); 4867 memset(&ddst, 0, sizeof(ddst)); 4868 /* 4869 * Pick the first link-local AF_INET6 address from the list, 4870 * aliases don't make any sense on a p2p link anyway. 4871 */ 4872 si = 0; 4873 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4874 if (ifa->ifa_addr->sa_family == AF_INET6) { 4875 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4876 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4877 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4878 break; 4879 } 4880 if (ifa) { 4881 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 4882 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 4883 if (srcmask) { 4884 bcopy(&sm->sin6_addr, srcmask, 4885 sizeof(*srcmask)); 4886 } 4887 } 4888 4889 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 4890 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 4891 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 4892 } 4893 4894 if (dst) 4895 bcopy(&ddst, dst, sizeof(*dst)); 4896 if (src) 4897 bcopy(&ssrc, src, sizeof(*src)); 4898 } 4899 4900 #ifdef IPV6CP_MYIFID_DYN 4901 /* 4902 * Generate random ifid. 4903 */ 4904 static void 4905 sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 4906 { 4907 /* TBD */ 4908 } 4909 4910 /* 4911 * Set my IPv6 address. Must be called at splnet. 4912 */ 4913 static void 4914 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 4915 { 4916 STDDCL; 4917 struct ifaddr *ifa; 4918 struct sockaddr_in6 *sin6; 4919 4920 /* 4921 * Pick the first link-local AF_INET6 address from the list, 4922 * aliases don't make any sense on a p2p link anyway. 4923 */ 4924 4925 sin6 = NULL; 4926 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4927 { 4928 if (ifa->ifa_addr->sa_family == AF_INET6) 4929 { 4930 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 4931 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 4932 break; 4933 } 4934 } 4935 4936 if (ifa && sin6) 4937 { 4938 int error; 4939 struct sockaddr_in6 new_sin6 = *sin6; 4940 4941 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 4942 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 4943 if (debug && error) 4944 { 4945 log(LOG_DEBUG, "%s: sppp_set_ip6_addr: in6_ifinit " 4946 " failed, error=%d\n", ifp->if_xname, error); 4947 } 4948 } 4949 } 4950 #endif 4951 4952 /* 4953 * Suggest a candidate address to be used by peer. 4954 */ 4955 static void 4956 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 4957 { 4958 struct in6_addr myaddr; 4959 struct timeval tv; 4960 4961 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 4962 4963 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 4964 microtime(&tv); 4965 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 4966 myaddr.s6_addr[14] ^= 0xff; 4967 myaddr.s6_addr[15] ^= 0xff; 4968 } else { 4969 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 4970 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 4971 } 4972 if (suggest) 4973 bcopy(&myaddr, suggest, sizeof(myaddr)); 4974 } 4975 #endif /*INET6*/ 4976 4977 /* 4978 * Process ioctl requests specific to the PPP interface. 4979 * Permissions have already been checked. 4980 */ 4981 static int 4982 sppp_params(struct sppp *sp, int cmd, void *data) 4983 { 4984 switch (cmd) { 4985 case SPPPGETAUTHCFG: 4986 { 4987 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 4988 int error; 4989 size_t len; 4990 4991 cfg->myauthflags = sp->myauth.flags; 4992 cfg->hisauthflags = sp->hisauth.flags; 4993 strncpy(cfg->ifname, sp->pp_if.if_xname, IFNAMSIZ); 4994 cfg->hisauth = 0; 4995 if (sp->hisauth.proto) 4996 cfg->hisauth = (sp->hisauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP; 4997 cfg->myauth = 0; 4998 if (sp->myauth.proto) 4999 cfg->myauth = (sp->myauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP; 5000 if (cfg->myname_length == 0) { 5001 if (sp->myauth.name != NULL) 5002 cfg->myname_length = sp->myauth.name_len + 1; 5003 } else { 5004 if (sp->myauth.name == NULL) { 5005 cfg->myname_length = 0; 5006 } else { 5007 len = sp->myauth.name_len + 1; 5008 if (cfg->myname_length < len) 5009 return (ENAMETOOLONG); 5010 error = copyout(sp->myauth.name, cfg->myname, len); 5011 if (error) return error; 5012 } 5013 } 5014 if (cfg->hisname_length == 0) { 5015 if (sp->hisauth.name != NULL) 5016 cfg->hisname_length = sp->hisauth.name_len + 1; 5017 } else { 5018 if (sp->hisauth.name == NULL) { 5019 cfg->hisname_length = 0; 5020 } else { 5021 len = sp->hisauth.name_len + 1; 5022 if (cfg->hisname_length < len) 5023 return (ENAMETOOLONG); 5024 error = copyout(sp->hisauth.name, cfg->hisname, len); 5025 if (error) return error; 5026 } 5027 } 5028 } 5029 break; 5030 case SPPPSETAUTHCFG: 5031 { 5032 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 5033 int error; 5034 5035 if (sp->myauth.name) { 5036 free(sp->myauth.name, M_DEVBUF); 5037 sp->myauth.name = NULL; 5038 } 5039 if (sp->myauth.secret) { 5040 free(sp->myauth.secret, M_DEVBUF); 5041 sp->myauth.secret = NULL; 5042 } 5043 if (sp->hisauth.name) { 5044 free(sp->hisauth.name, M_DEVBUF); 5045 sp->hisauth.name = NULL; 5046 } 5047 if (sp->hisauth.secret) { 5048 free(sp->hisauth.secret, M_DEVBUF); 5049 sp->hisauth.secret = NULL; 5050 } 5051 5052 if (cfg->hisname != NULL && cfg->hisname_length > 0) { 5053 if (cfg->hisname_length >= MCLBYTES) 5054 return (ENAMETOOLONG); 5055 sp->hisauth.name = malloc(cfg->hisname_length, M_DEVBUF, M_WAITOK); 5056 error = copyin(cfg->hisname, sp->hisauth.name, cfg->hisname_length); 5057 if (error) { 5058 free(sp->hisauth.name, M_DEVBUF); 5059 sp->hisauth.name = NULL; 5060 return error; 5061 } 5062 sp->hisauth.name_len = cfg->hisname_length - 1; 5063 sp->hisauth.name[sp->hisauth.name_len] = 0; 5064 } 5065 if (cfg->hissecret != NULL && cfg->hissecret_length > 0) { 5066 if (cfg->hissecret_length >= MCLBYTES) 5067 return (ENAMETOOLONG); 5068 sp->hisauth.secret = malloc(cfg->hissecret_length, M_DEVBUF, M_WAITOK); 5069 error = copyin(cfg->hissecret, sp->hisauth.secret, cfg->hissecret_length); 5070 if (error) { 5071 free(sp->hisauth.secret, M_DEVBUF); 5072 sp->hisauth.secret = NULL; 5073 return error; 5074 } 5075 sp->hisauth.secret_len = cfg->hissecret_length - 1; 5076 sp->hisauth.secret[sp->hisauth.secret_len] = 0; 5077 } 5078 if (cfg->myname != NULL && cfg->myname_length > 0) { 5079 if (cfg->myname_length >= MCLBYTES) 5080 return (ENAMETOOLONG); 5081 sp->myauth.name = malloc(cfg->myname_length, M_DEVBUF, M_WAITOK); 5082 error = copyin(cfg->myname, sp->myauth.name, cfg->myname_length); 5083 if (error) { 5084 free(sp->myauth.name, M_DEVBUF); 5085 sp->myauth.name = NULL; 5086 return error; 5087 } 5088 sp->myauth.name_len = cfg->myname_length - 1; 5089 sp->myauth.name[sp->myauth.name_len] = 0; 5090 } 5091 if (cfg->mysecret != NULL && cfg->mysecret_length > 0) { 5092 if (cfg->mysecret_length >= MCLBYTES) 5093 return (ENAMETOOLONG); 5094 sp->myauth.secret = malloc(cfg->mysecret_length, M_DEVBUF, M_WAITOK); 5095 error = copyin(cfg->mysecret, sp->myauth.secret, cfg->mysecret_length); 5096 if (error) { 5097 free(sp->myauth.secret, M_DEVBUF); 5098 sp->myauth.secret = NULL; 5099 return error; 5100 } 5101 sp->myauth.secret_len = cfg->mysecret_length - 1; 5102 sp->myauth.secret[sp->myauth.secret_len] = 0; 5103 } 5104 sp->myauth.flags = cfg->myauthflags; 5105 if (cfg->myauth) 5106 sp->myauth.proto = (cfg->myauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP; 5107 sp->hisauth.flags = cfg->hisauthflags; 5108 if (cfg->hisauth) 5109 sp->hisauth.proto = (cfg->hisauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP; 5110 sp->pp_auth_failures = 0; 5111 if (sp->hisauth.proto != 0) 5112 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 5113 else 5114 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 5115 } 5116 break; 5117 case SPPPGETLCPCFG: 5118 { 5119 struct sppplcpcfg *lcp = (struct sppplcpcfg *)data; 5120 lcp->lcp_timeout = sp->lcp.timeout; 5121 } 5122 break; 5123 case SPPPSETLCPCFG: 5124 { 5125 struct sppplcpcfg *lcp = (struct sppplcpcfg *)data; 5126 sp->lcp.timeout = lcp->lcp_timeout; 5127 } 5128 break; 5129 case SPPPGETSTATUS: 5130 { 5131 struct spppstatus *status = (struct spppstatus *)data; 5132 status->phase = sp->pp_phase; 5133 } 5134 break; 5135 case SPPPGETSTATUSNCP: 5136 { 5137 struct spppstatusncp *status = (struct spppstatusncp *)data; 5138 status->phase = sp->pp_phase; 5139 status->ncpup = sppp_ncp_check(sp); 5140 } 5141 break; 5142 case SPPPGETIDLETO: 5143 { 5144 struct spppidletimeout *to = (struct spppidletimeout *)data; 5145 to->idle_seconds = sp->pp_idle_timeout; 5146 } 5147 break; 5148 case SPPPSETIDLETO: 5149 { 5150 struct spppidletimeout *to = (struct spppidletimeout *)data; 5151 sp->pp_idle_timeout = to->idle_seconds; 5152 } 5153 break; 5154 case SPPPSETAUTHFAILURE: 5155 { 5156 struct spppauthfailuresettings *afsettings = (struct spppauthfailuresettings *)data; 5157 sp->pp_max_auth_fail = afsettings->max_failures; 5158 sp->pp_auth_failures = 0; 5159 } 5160 break; 5161 case SPPPGETAUTHFAILURES: 5162 { 5163 struct spppauthfailurestats *stats = (struct spppauthfailurestats *)data; 5164 stats->auth_failures = sp->pp_auth_failures; 5165 stats->max_failures = sp->pp_max_auth_fail; 5166 } 5167 break; 5168 case SPPPSETDNSOPTS: 5169 { 5170 struct spppdnssettings *req = (struct spppdnssettings *)data; 5171 sp->query_dns = req->query_dns & 3; 5172 } 5173 break; 5174 case SPPPGETDNSOPTS: 5175 { 5176 struct spppdnssettings *req = (struct spppdnssettings *)data; 5177 req->query_dns = sp->query_dns; 5178 } 5179 break; 5180 case SPPPGETDNSADDRS: 5181 { 5182 struct spppdnsaddrs *addrs = (struct spppdnsaddrs *)data; 5183 memcpy(&addrs->dns, &sp->dns_addrs, sizeof addrs->dns); 5184 } 5185 break; 5186 case SPPPGETKEEPALIVE: 5187 { 5188 struct spppkeepalivesettings *settings = 5189 (struct spppkeepalivesettings*)data; 5190 settings->maxalive = sp->pp_maxalive; 5191 settings->max_noreceive = sp->pp_max_noreceive; 5192 } 5193 break; 5194 case SPPPSETKEEPALIVE: 5195 { 5196 struct spppkeepalivesettings *settings = 5197 (struct spppkeepalivesettings*)data; 5198 sp->pp_maxalive = settings->maxalive; 5199 sp->pp_max_noreceive = settings->max_noreceive; 5200 } 5201 break; 5202 default: 5203 return (EINVAL); 5204 } 5205 5206 return (0); 5207 } 5208 5209 static void 5210 sppp_phase_network(struct sppp *sp) 5211 { 5212 STDDCL; 5213 int i; 5214 u_int32_t mask; 5215 5216 sp->pp_phase = SPPP_PHASE_NETWORK; 5217 5218 if (debug) 5219 { 5220 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 5221 sppp_phase_name(sp->pp_phase)); 5222 } 5223 5224 /* Notify NCPs now. */ 5225 for (i = 0; i < IDX_COUNT; i++) 5226 if ((cps[i])->flags & CP_NCP) 5227 (cps[i])->Open(sp); 5228 5229 /* Send Up events to all NCPs. */ 5230 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5231 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5232 (cps[i])->Up(sp); 5233 5234 /* if no NCP is starting, all this was in vain, close down */ 5235 sppp_lcp_check_and_close(sp); 5236 } 5237 5238 5239 static const char * 5240 sppp_cp_type_name(u_char type) 5241 { 5242 static char buf[12]; 5243 switch (type) { 5244 case CONF_REQ: return "conf-req"; 5245 case CONF_ACK: return "conf-ack"; 5246 case CONF_NAK: return "conf-nak"; 5247 case CONF_REJ: return "conf-rej"; 5248 case TERM_REQ: return "term-req"; 5249 case TERM_ACK: return "term-ack"; 5250 case CODE_REJ: return "code-rej"; 5251 case PROTO_REJ: return "proto-rej"; 5252 case ECHO_REQ: return "echo-req"; 5253 case ECHO_REPLY: return "echo-reply"; 5254 case DISC_REQ: return "discard-req"; 5255 } 5256 snprintf(buf, sizeof(buf), "0x%x", type); 5257 return buf; 5258 } 5259 5260 static const char * 5261 sppp_auth_type_name(u_short proto, u_char type) 5262 { 5263 static char buf[12]; 5264 switch (proto) { 5265 case PPP_CHAP: 5266 switch (type) { 5267 case CHAP_CHALLENGE: return "challenge"; 5268 case CHAP_RESPONSE: return "response"; 5269 case CHAP_SUCCESS: return "success"; 5270 case CHAP_FAILURE: return "failure"; 5271 } 5272 case PPP_PAP: 5273 switch (type) { 5274 case PAP_REQ: return "req"; 5275 case PAP_ACK: return "ack"; 5276 case PAP_NAK: return "nak"; 5277 } 5278 } 5279 snprintf(buf, sizeof(buf), "0x%x", type); 5280 return buf; 5281 } 5282 5283 static const char * 5284 sppp_lcp_opt_name(u_char opt) 5285 { 5286 static char buf[12]; 5287 switch (opt) { 5288 case LCP_OPT_MRU: return "mru"; 5289 case LCP_OPT_ASYNC_MAP: return "async-map"; 5290 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5291 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5292 case LCP_OPT_MAGIC: return "magic"; 5293 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5294 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5295 } 5296 snprintf(buf, sizeof(buf), "0x%x", opt); 5297 return buf; 5298 } 5299 5300 static const char * 5301 sppp_ipcp_opt_name(u_char opt) 5302 { 5303 static char buf[12]; 5304 switch (opt) { 5305 case IPCP_OPT_ADDRESSES: return "addresses"; 5306 case IPCP_OPT_COMPRESSION: return "compression"; 5307 case IPCP_OPT_ADDRESS: return "address"; 5308 } 5309 snprintf(buf, sizeof(buf), "0x%x", opt); 5310 return buf; 5311 } 5312 5313 #ifdef INET6 5314 static const char * 5315 sppp_ipv6cp_opt_name(u_char opt) 5316 { 5317 static char buf[12]; 5318 switch (opt) { 5319 case IPV6CP_OPT_IFID: return "ifid"; 5320 case IPV6CP_OPT_COMPRESSION: return "compression"; 5321 } 5322 snprintf(buf, sizeof(buf), "0x%x", opt); 5323 return buf; 5324 } 5325 #endif 5326 5327 static const char * 5328 sppp_state_name(int state) 5329 { 5330 switch (state) { 5331 case STATE_INITIAL: return "initial"; 5332 case STATE_STARTING: return "starting"; 5333 case STATE_CLOSED: return "closed"; 5334 case STATE_STOPPED: return "stopped"; 5335 case STATE_CLOSING: return "closing"; 5336 case STATE_STOPPING: return "stopping"; 5337 case STATE_REQ_SENT: return "req-sent"; 5338 case STATE_ACK_RCVD: return "ack-rcvd"; 5339 case STATE_ACK_SENT: return "ack-sent"; 5340 case STATE_OPENED: return "opened"; 5341 } 5342 return "illegal"; 5343 } 5344 5345 static const char * 5346 sppp_phase_name(int phase) 5347 { 5348 switch (phase) { 5349 case SPPP_PHASE_DEAD: return "dead"; 5350 case SPPP_PHASE_ESTABLISH: return "establish"; 5351 case SPPP_PHASE_TERMINATE: return "terminate"; 5352 case SPPP_PHASE_AUTHENTICATE: return "authenticate"; 5353 case SPPP_PHASE_NETWORK: return "network"; 5354 } 5355 return "illegal"; 5356 } 5357 5358 static const char * 5359 sppp_proto_name(u_short proto) 5360 { 5361 static char buf[12]; 5362 switch (proto) { 5363 case PPP_LCP: return "lcp"; 5364 case PPP_IPCP: return "ipcp"; 5365 case PPP_PAP: return "pap"; 5366 case PPP_CHAP: return "chap"; 5367 case PPP_IPV6CP: return "ipv6cp"; 5368 } 5369 snprintf(buf, sizeof(buf), "0x%x", (unsigned)proto); 5370 return buf; 5371 } 5372 5373 static void 5374 sppp_print_bytes(const u_char *p, u_short len) 5375 { 5376 addlog(" %02x", *p++); 5377 while (--len > 0) 5378 addlog("-%02x", *p++); 5379 } 5380 5381 static void 5382 sppp_print_string(const char *p, u_short len) 5383 { 5384 u_char c; 5385 5386 while (len-- > 0) { 5387 c = *p++; 5388 /* 5389 * Print only ASCII chars directly. RFC 1994 recommends 5390 * using only them, but we don't rely on it. */ 5391 if (c < ' ' || c > '~') 5392 addlog("\\x%x", c); 5393 else 5394 addlog("%c", c); 5395 } 5396 } 5397 5398 static const char * 5399 sppp_dotted_quad(u_int32_t addr) 5400 { 5401 static char s[16]; 5402 snprintf(s, sizeof(s), "%d.%d.%d.%d", 5403 (int)((addr >> 24) & 0xff), 5404 (int)((addr >> 16) & 0xff), 5405 (int)((addr >> 8) & 0xff), 5406 (int)(addr & 0xff)); 5407 return s; 5408 } 5409 5410 /* a dummy, used to drop uninteresting events */ 5411 static void 5412 sppp_null(struct sppp *unused) 5413 { 5414 /* do just nothing */ 5415 } 5416 /* 5417 * This file is large. Tell emacs to highlight it nevertheless. 5418 * 5419 * Local Variables: 5420 * hilit-auto-highlight-maxout: 120000 5421 * End: 5422 */ 5423