1 /* $OpenBSD: if_spppsubr.c,v 1.96 2012/01/28 12:14:45 sthen Exp $ */
2 /*
3 * Synchronous PPP/Cisco link level subroutines.
4 * Keepalive protocol implemented in both Cisco and PPP modes.
5 *
6 * Copyright (C) 1994-1996 Cronyx Engineering Ltd.
7 * Author: Serge Vakulenko, <vak@cronyx.ru>
8 *
9 * Heavily revamped to conform to RFC 1661.
10 * Copyright (C) 1997, Joerg Wunsch.
11 *
12 * RFC2472 IPv6CP support.
13 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun@iijlab.net>.
14 *
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions are met:
17 * 1. Redistributions of source code must retain the above copyright notice,
18 * this list of conditions and the following disclaimer.
19 * 2. Redistributions in binary form must reproduce the above copyright notice,
20 * this list of conditions and the following disclaimer in the documentation
21 * and/or other materials provided with the distribution.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY
24 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE
27 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
30 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
31 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGE.
34 *
35 * From: Version 2.6, Tue May 12 17:10:39 MSD 1998
36 */
37
38 #include <sys/param.h>
39
40 #define HIDE
41
42 #include <sys/systm.h>
43 #include <sys/kernel.h>
44 #include <sys/sockio.h>
45 #include <sys/socket.h>
46 #include <sys/proc.h>
47 #include <sys/syslog.h>
48 #include <sys/malloc.h>
49 #include <sys/mbuf.h>
50 #include <sys/workq.h>
51
52 #if defined (__OpenBSD__)
53 #include <sys/timeout.h>
54 #include <crypto/md5.h>
55 #else
56 #include <sys/md5.h>
57 #endif
58
59 #include <net/if.h>
60 #include <net/netisr.h>
61 #include <net/if_types.h>
62 #include <net/route.h>
63
64 /* for arc4random() */
65 #include <dev/rndvar.h>
66
67 #if defined (__FreeBSD__) || defined(__OpenBSD_) || defined(__NetBSD__)
68 #include <machine/random.h>
69 #endif
70 #if defined (__NetBSD__) || defined (__OpenBSD__)
71 #include <machine/cpu.h> /* XXX for softnet */
72 #endif
73 #include <sys/stdarg.h>
74
75 #ifdef INET
76 #include <netinet/in.h>
77 #include <netinet/in_systm.h>
78 #include <netinet/in_var.h>
79 #include <netinet/ip.h>
80 #include <netinet/tcp.h>
81 # if defined (__FreeBSD__) || defined (__OpenBSD__)
82 # include <netinet/if_ether.h>
83 # else
84 # include <net/ethertypes.h>
85 # endif
86 #endif
87
88 #ifdef INET6
89 #include <netinet6/in6_var.h>
90 #endif
91
92 #include <net/if_sppp.h>
93
94 #if defined (__FreeBSD__)
95 # define UNTIMEOUT(fun, arg, handle) \
96 untimeout(fun, arg, handle)
97 #elif defined(__OpenBSD__)
98 # define UNTIMEOUT(fun, arg, handle) \
99 timeout_del(&(handle))
100 #else
101 # define UNTIMEOUT(fun, arg, handle) \
102 untimeout(fun, arg)
103 #endif
104
105 #define LOOPALIVECNT 3 /* loopback detection tries */
106 #define MAXALIVECNT 3 /* max. missed alive packets */
107 #define NORECV_TIME 15 /* before we get worried */
108
109 /*
110 * Interface flags that can be set in an ifconfig command.
111 *
112 * Setting link0 will make the link passive, i.e. it will be marked
113 * as being administrative openable, but won't be opened to begin
114 * with. Incoming calls will be answered, or subsequent calls with
115 * -link1 will cause the administrative open of the LCP layer.
116 *
117 * Setting link1 will cause the link to auto-dial only as packets
118 * arrive to be sent.
119 *
120 * Setting IFF_DEBUG will syslog the option negotiation and state
121 * transitions at level kern.debug. Note: all logs consistently look
122 * like
123 *
124 * <if-name><unit>: <proto-name> <additional info...>
125 *
126 * with <if-name><unit> being something like "bppp0", and <proto-name>
127 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc.
128 */
129
130 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */
131 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */
132
133 #define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */
134 #define PPP_UI 0x03 /* Unnumbered Information */
135 #define PPP_IP 0x0021 /* Internet Protocol */
136 #define PPP_ISO 0x0023 /* ISO OSI Protocol */
137 #define PPP_XNS 0x0025 /* Xerox NS Protocol */
138 #define PPP_IPX 0x002b /* Novell IPX Protocol */
139 #define PPP_IPV6 0x0057 /* Internet Protocol v6 */
140 #define PPP_LCP 0xc021 /* Link Control Protocol */
141 #define PPP_PAP 0xc023 /* Password Authentication Protocol */
142 #define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */
143 #define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */
144 #define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */
145
146 #define CONF_REQ 1 /* PPP configure request */
147 #define CONF_ACK 2 /* PPP configure acknowledge */
148 #define CONF_NAK 3 /* PPP configure negative ack */
149 #define CONF_REJ 4 /* PPP configure reject */
150 #define TERM_REQ 5 /* PPP terminate request */
151 #define TERM_ACK 6 /* PPP terminate acknowledge */
152 #define CODE_REJ 7 /* PPP code reject */
153 #define PROTO_REJ 8 /* PPP protocol reject */
154 #define ECHO_REQ 9 /* PPP echo request */
155 #define ECHO_REPLY 10 /* PPP echo reply */
156 #define DISC_REQ 11 /* PPP discard request */
157
158 #define LCP_OPT_MRU 1 /* maximum receive unit */
159 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */
160 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */
161 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */
162 #define LCP_OPT_MAGIC 5 /* magic number */
163 #define LCP_OPT_RESERVED 6 /* reserved */
164 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */
165 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */
166
167 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */
168 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */
169 #define IPCP_OPT_ADDRESS 3 /* local IP address */
170
171 #define IPV6CP_OPT_IFID 1 /* interface identifier */
172 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */
173
174 #define PAP_REQ 1 /* PAP name/password request */
175 #define PAP_ACK 2 /* PAP acknowledge */
176 #define PAP_NAK 3 /* PAP fail */
177
178 #define CHAP_CHALLENGE 1 /* CHAP challenge request */
179 #define CHAP_RESPONSE 2 /* CHAP challenge response */
180 #define CHAP_SUCCESS 3 /* CHAP response ok */
181 #define CHAP_FAILURE 4 /* CHAP response failed */
182
183 #define CHAP_MD5 5 /* hash algorithm - MD5 */
184
185 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */
186 #define CISCO_UNICAST 0x0f /* Cisco unicast address */
187 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */
188 #define CISCO_ADDR_REQ 0 /* Cisco address request */
189 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */
190 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */
191
192 /* states are named and numbered according to RFC 1661 */
193 #define STATE_INITIAL 0
194 #define STATE_STARTING 1
195 #define STATE_CLOSED 2
196 #define STATE_STOPPED 3
197 #define STATE_CLOSING 4
198 #define STATE_STOPPING 5
199 #define STATE_REQ_SENT 6
200 #define STATE_ACK_RCVD 7
201 #define STATE_ACK_SENT 8
202 #define STATE_OPENED 9
203
204 struct ppp_header {
205 u_char address;
206 u_char control;
207 u_short protocol;
208 };
209 #define PPP_HEADER_LEN sizeof (struct ppp_header)
210
211 struct lcp_header {
212 u_char type;
213 u_char ident;
214 u_short len;
215 };
216 #define LCP_HEADER_LEN sizeof (struct lcp_header)
217
218 struct cisco_packet {
219 u_int32_t type;
220 u_int32_t par1;
221 u_int32_t par2;
222 u_short rel;
223 u_short time0;
224 u_short time1;
225 };
226 #define CISCO_PACKET_LEN 18
227
228 /*
229 * We follow the spelling and capitalization of RFC 1661 here, to make
230 * it easier comparing with the standard. Please refer to this RFC in
231 * case you can't make sense out of these abbreviation; it will also
232 * explain the semantics related to the various events and actions.
233 */
234 struct cp {
235 u_short proto; /* PPP control protocol number */
236 u_char protoidx; /* index into state table in struct sppp */
237 u_char flags;
238 #define CP_LCP 0x01 /* this is the LCP */
239 #define CP_AUTH 0x02 /* this is an authentication protocol */
240 #define CP_NCP 0x04 /* this is a NCP */
241 #define CP_QUAL 0x08 /* this is a quality reporting protocol */
242 const char *name; /* name of this control protocol */
243 /* event handlers */
244 void (*Up)(struct sppp *sp);
245 void (*Down)(struct sppp *sp);
246 void (*Open)(struct sppp *sp);
247 void (*Close)(struct sppp *sp);
248 void (*TO)(void *sp);
249 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len);
250 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len);
251 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len);
252 /* actions */
253 void (*tlu)(struct sppp *sp);
254 void (*tld)(struct sppp *sp);
255 void (*tls)(struct sppp *sp);
256 void (*tlf)(struct sppp *sp);
257 void (*scr)(struct sppp *sp);
258 };
259
260 static struct sppp *spppq;
261 #if defined (__OpenBSD__)
262 static struct timeout keepalive_ch;
263 #endif
264 #if defined (__FreeBSD__)
265 static struct callout_handle keepalive_ch;
266 #endif
267
268 #if defined (__FreeBSD__)
269 #define SPP_FMT "%s%d: "
270 #define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit
271 #else
272 #define SPP_FMT "%s: "
273 #define SPP_ARGS(ifp) (ifp)->if_xname
274 #endif
275
276 /* almost every function needs these */
277 #define STDDCL \
278 struct ifnet *ifp = &sp->pp_if; \
279 int debug = ifp->if_flags & IFF_DEBUG
280
281 HIDE int sppp_output(struct ifnet *ifp, struct mbuf *m,
282 struct sockaddr *dst, struct rtentry *rt);
283
284 HIDE void sppp_cisco_send(struct sppp *sp, u_int32_t type, u_int32_t par1, u_int32_t par2);
285 HIDE void sppp_cisco_input(struct sppp *sp, struct mbuf *m);
286
287 HIDE void sppp_cp_input(const struct cp *cp, struct sppp *sp,
288 struct mbuf *m);
289 HIDE void sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
290 u_char ident, u_short len, void *data);
291 #ifdef notyet
292 HIDE void sppp_cp_timeout(void *arg);
293 #endif
294 HIDE void sppp_cp_change_state(const struct cp *cp, struct sppp *sp,
295 int newstate);
296 HIDE void sppp_auth_send(const struct cp *cp,
297 struct sppp *sp, unsigned int type, u_int id,
298 ...);
299
300 HIDE void sppp_up_event(const struct cp *cp, struct sppp *sp);
301 HIDE void sppp_down_event(const struct cp *cp, struct sppp *sp);
302 HIDE void sppp_open_event(const struct cp *cp, struct sppp *sp);
303 HIDE void sppp_close_event(const struct cp *cp, struct sppp *sp);
304 HIDE void sppp_increasing_timeout(const struct cp *cp, struct sppp *sp);
305 HIDE void sppp_to_event(const struct cp *cp, struct sppp *sp);
306
307 HIDE void sppp_null(struct sppp *sp);
308
309 HIDE void sppp_lcp_init(struct sppp *sp);
310 HIDE void sppp_lcp_up(struct sppp *sp);
311 HIDE void sppp_lcp_down(struct sppp *sp);
312 HIDE void sppp_lcp_open(struct sppp *sp);
313 HIDE void sppp_lcp_close(struct sppp *sp);
314 HIDE void sppp_lcp_TO(void *sp);
315 HIDE int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
316 HIDE void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
317 HIDE void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
318 HIDE void sppp_lcp_tlu(struct sppp *sp);
319 HIDE void sppp_lcp_tld(struct sppp *sp);
320 HIDE void sppp_lcp_tls(struct sppp *sp);
321 HIDE void sppp_lcp_tlf(struct sppp *sp);
322 HIDE void sppp_lcp_scr(struct sppp *sp);
323 HIDE void sppp_lcp_check_and_close(struct sppp *sp);
324 HIDE int sppp_ncp_check(struct sppp *sp);
325
326 HIDE void sppp_ipcp_init(struct sppp *sp);
327 HIDE void sppp_ipcp_up(struct sppp *sp);
328 HIDE void sppp_ipcp_down(struct sppp *sp);
329 HIDE void sppp_ipcp_open(struct sppp *sp);
330 HIDE void sppp_ipcp_close(struct sppp *sp);
331 HIDE void sppp_ipcp_TO(void *sp);
332 HIDE int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
333 HIDE void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
334 HIDE void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
335 HIDE void sppp_ipcp_tlu(struct sppp *sp);
336 HIDE void sppp_ipcp_tld(struct sppp *sp);
337 HIDE void sppp_ipcp_tls(struct sppp *sp);
338 HIDE void sppp_ipcp_tlf(struct sppp *sp);
339 HIDE void sppp_ipcp_scr(struct sppp *sp);
340
341 HIDE void sppp_ipv6cp_init(struct sppp *sp);
342 HIDE void sppp_ipv6cp_up(struct sppp *sp);
343 HIDE void sppp_ipv6cp_down(struct sppp *sp);
344 HIDE void sppp_ipv6cp_open(struct sppp *sp);
345 HIDE void sppp_ipv6cp_close(struct sppp *sp);
346 HIDE void sppp_ipv6cp_TO(void *sp);
347 HIDE int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len);
348 HIDE void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
349 HIDE void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
350 HIDE void sppp_ipv6cp_tlu(struct sppp *sp);
351 HIDE void sppp_ipv6cp_tld(struct sppp *sp);
352 HIDE void sppp_ipv6cp_tls(struct sppp *sp);
353 HIDE void sppp_ipv6cp_tlf(struct sppp *sp);
354 HIDE void sppp_ipv6cp_scr(struct sppp *sp);
355 HIDE const char *sppp_ipv6cp_opt_name(u_char opt);
356 HIDE void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src,
357 struct in6_addr *dst, struct in6_addr *srcmask);
358 HIDE void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src);
359 HIDE void sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr);
360 HIDE void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest);
361
362 HIDE void sppp_pap_input(struct sppp *sp, struct mbuf *m);
363 HIDE void sppp_pap_init(struct sppp *sp);
364 HIDE void sppp_pap_open(struct sppp *sp);
365 HIDE void sppp_pap_close(struct sppp *sp);
366 HIDE void sppp_pap_TO(void *sp);
367 HIDE void sppp_pap_my_TO(void *sp);
368 HIDE void sppp_pap_tlu(struct sppp *sp);
369 HIDE void sppp_pap_tld(struct sppp *sp);
370 HIDE void sppp_pap_scr(struct sppp *sp);
371
372 HIDE void sppp_chap_input(struct sppp *sp, struct mbuf *m);
373 HIDE void sppp_chap_init(struct sppp *sp);
374 HIDE void sppp_chap_open(struct sppp *sp);
375 HIDE void sppp_chap_close(struct sppp *sp);
376 HIDE void sppp_chap_TO(void *sp);
377 HIDE void sppp_chap_tlu(struct sppp *sp);
378 HIDE void sppp_chap_tld(struct sppp *sp);
379 HIDE void sppp_chap_scr(struct sppp *sp);
380
381 HIDE const char *sppp_auth_type_name(u_short proto, u_char type);
382 HIDE const char *sppp_cp_type_name(u_char type);
383 HIDE const char *sppp_dotted_quad(u_int32_t addr);
384 HIDE const char *sppp_ipcp_opt_name(u_char opt);
385 HIDE const char *sppp_lcp_opt_name(u_char opt);
386 HIDE const char *sppp_phase_name(enum ppp_phase phase);
387 HIDE const char *sppp_proto_name(u_short proto);
388 HIDE const char *sppp_state_name(int state);
389 HIDE int sppp_get_params(struct sppp *sp, struct ifreq *data);
390 HIDE int sppp_set_params(struct sppp *sp, struct ifreq *data);
391 HIDE void sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst,
392 u_int32_t *srcmask);
393 HIDE void sppp_keepalive(void *dummy);
394 HIDE void sppp_phase_network(struct sppp *sp);
395 HIDE void sppp_print_bytes(const u_char *p, u_short len);
396 HIDE void sppp_print_string(const char *p, u_short len);
397 HIDE void sppp_qflush(struct ifqueue *ifq);
398 int sppp_update_gw_walker(struct radix_node *rn, void *arg, u_int);
399 void sppp_update_gw(struct ifnet *ifp);
400 HIDE void sppp_set_ip_addrs(void *, void *);
401 HIDE void sppp_clear_ip_addrs(struct sppp *sp);
402 HIDE void sppp_set_phase(struct sppp *sp);
403
404 /* our control protocol descriptors */
405 static const struct cp lcp = {
406 PPP_LCP, IDX_LCP, CP_LCP, "lcp",
407 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close,
408 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak,
409 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf,
410 sppp_lcp_scr
411 };
412
413 static const struct cp ipcp = {
414 PPP_IPCP, IDX_IPCP,
415 #ifdef INET /* don't run IPCP if there's no IPv4 support */
416 CP_NCP,
417 #else
418 0,
419 #endif
420 "ipcp",
421 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close,
422 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak,
423 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf,
424 sppp_ipcp_scr
425 };
426
427 static const struct cp ipv6cp = {
428 PPP_IPV6CP, IDX_IPV6CP,
429 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/
430 CP_NCP,
431 #else
432 0,
433 #endif
434 "ipv6cp",
435 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close,
436 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak,
437 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf,
438 sppp_ipv6cp_scr
439 };
440
441 static const struct cp pap = {
442 PPP_PAP, IDX_PAP, CP_AUTH, "pap",
443 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close,
444 sppp_pap_TO, 0, 0, 0,
445 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null,
446 sppp_pap_scr
447 };
448
449 static const struct cp chap = {
450 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap",
451 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close,
452 sppp_chap_TO, 0, 0, 0,
453 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null,
454 sppp_chap_scr
455 };
456
457 static const struct cp *cps[IDX_COUNT] = {
458 &lcp, /* IDX_LCP */
459 &ipcp, /* IDX_IPCP */
460 &ipv6cp, /* IDX_IPV6CP */
461 &pap, /* IDX_PAP */
462 &chap, /* IDX_CHAP */
463 };
464
465
466 �/*
467 * Exported functions, comprising our interface to the lower layer.
468 */
469
470 #if defined(__OpenBSD__)
471 /* Workaround */
472 void
473 spppattach(struct ifnet *ifp)
474 {
475 }
476 #endif
477
478 /*
479 * Process the received packet.
480 */
481 void
482 sppp_input(struct ifnet *ifp, struct mbuf *m)
483 {
484 struct ppp_header *h, ht;
485 struct ifqueue *inq = 0;
486 struct sppp *sp = (struct sppp *)ifp;
487 struct timeval tv;
488 int debug = ifp->if_flags & IFF_DEBUG;
489 int s;
490
491 if (ifp->if_flags & IFF_UP) {
492 /* Count received bytes, add hardware framing */
493 ifp->if_ibytes += m->m_pkthdr.len + sp->pp_framebytes;
494 /* Note time of last receive */
495 getmicrouptime(&tv);
496 sp->pp_last_receive = tv.tv_sec;
497 }
498
499 if (m->m_pkthdr.len <= PPP_HEADER_LEN) {
500 /* Too small packet, drop it. */
501 if (debug)
502 log(LOG_DEBUG,
503 SPP_FMT "input packet is too small, %d bytes\n",
504 SPP_ARGS(ifp), m->m_pkthdr.len);
505 drop:
506 ++ifp->if_ierrors;
507 ++ifp->if_iqdrops;
508 m_freem (m);
509 return;
510 }
511
512 /* mark incoming routing domain */
513 m->m_pkthdr.rdomain = ifp->if_rdomain;
514
515 if (sp->pp_flags & PP_NOFRAMING) {
516 memcpy(&ht.protocol, mtod(m, char *), sizeof(ht.protocol));
517 m_adj(m, 2);
518 ht.control = PPP_UI;
519 ht.address = PPP_ALLSTATIONS;
520 h = &ht;
521 } else {
522 /* Get PPP header. */
523 h = mtod (m, struct ppp_header*);
524 m_adj (m, PPP_HEADER_LEN);
525 }
526
527 /* preserve the alignment */
528 if (m->m_len < m->m_pkthdr.len) {
529 m = m_pullup(m, m->m_pkthdr.len);
530 if (m == NULL) {
531 if (debug)
532 log(LOG_DEBUG,
533 SPP_FMT "Failed to align packet!\n", SPP_ARGS(ifp));
534 ++ifp->if_ierrors;
535 ++ifp->if_iqdrops;
536 return;
537 }
538 }
539
540 switch (h->address) {
541 case PPP_ALLSTATIONS:
542 if (h->control != PPP_UI)
543 goto invalid;
544 if (sp->pp_flags & PP_CISCO) {
545 if (debug)
546 log(LOG_DEBUG,
547 SPP_FMT "PPP packet in Cisco mode "
548 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
549 SPP_ARGS(ifp),
550 h->address, h->control, ntohs(h->protocol));
551 goto drop;
552 }
553 switch (ntohs (h->protocol)) {
554 default:
555 if (sp->state[IDX_LCP] == STATE_OPENED)
556 sppp_cp_send (sp, PPP_LCP, PROTO_REJ,
557 ++sp->pp_seq, 2, &h->protocol);
558 if (debug)
559 log(LOG_DEBUG,
560 SPP_FMT "invalid input protocol "
561 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
562 SPP_ARGS(ifp),
563 h->address, h->control, ntohs(h->protocol));
564 ++ifp->if_noproto;
565 goto drop;
566 case PPP_LCP:
567 sppp_cp_input(&lcp, sp, m);
568 m_freem (m);
569 return;
570 case PPP_PAP:
571 if (sp->pp_phase >= PHASE_AUTHENTICATE)
572 sppp_pap_input(sp, m);
573 m_freem (m);
574 return;
575 case PPP_CHAP:
576 if (sp->pp_phase >= PHASE_AUTHENTICATE)
577 sppp_chap_input(sp, m);
578 m_freem (m);
579 return;
580 #ifdef INET
581 case PPP_IPCP:
582 if (sp->pp_phase == PHASE_NETWORK)
583 sppp_cp_input(&ipcp, sp, m);
584 m_freem (m);
585 return;
586 case PPP_IP:
587 if (sp->state[IDX_IPCP] == STATE_OPENED) {
588 schednetisr (NETISR_IP);
589 inq = &ipintrq;
590 sp->pp_last_activity = tv.tv_sec;
591 }
592 break;
593 #endif
594 #ifdef INET6
595 case PPP_IPV6CP:
596 if (sp->pp_phase == PHASE_NETWORK)
597 sppp_cp_input(&ipv6cp, sp, m);
598 m_freem (m);
599 return;
600 case PPP_IPV6:
601 if (sp->state[IDX_IPV6CP] == STATE_OPENED) {
602 schednetisr (NETISR_IPV6);
603 inq = &ip6intrq;
604 sp->pp_last_activity = tv.tv_sec;
605 }
606 break;
607 #endif
608 }
609 break;
610 case CISCO_MULTICAST:
611 case CISCO_UNICAST:
612 /* Don't check the control field here (RFC 1547). */
613 if (! (sp->pp_flags & PP_CISCO)) {
614 if (debug)
615 log(LOG_DEBUG,
616 SPP_FMT "Cisco packet in PPP mode "
617 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
618 SPP_ARGS(ifp),
619 h->address, h->control, ntohs(h->protocol));
620 goto drop;
621 }
622 switch (ntohs (h->protocol)) {
623 default:
624 ++ifp->if_noproto;
625 goto invalid;
626 case CISCO_KEEPALIVE:
627 sppp_cisco_input ((struct sppp*) ifp, m);
628 m_freem (m);
629 return;
630 #ifdef INET
631 case ETHERTYPE_IP:
632 schednetisr (NETISR_IP);
633 inq = &ipintrq;
634 break;
635 #endif
636 #ifdef INET6
637 case ETHERTYPE_IPV6:
638 schednetisr (NETISR_IPV6);
639 inq = &ip6intrq;
640 break;
641 #endif
642 }
643 break;
644 default: /* Invalid PPP packet. */
645 invalid:
646 if (debug)
647 log(LOG_DEBUG,
648 SPP_FMT "invalid input packet "
649 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
650 SPP_ARGS(ifp),
651 h->address, h->control, ntohs(h->protocol));
652 goto drop;
653 }
654
655 if (! (ifp->if_flags & IFF_UP) || ! inq)
656 goto drop;
657
658 /* Check queue. */
659 s = splnet();
660 if (IF_QFULL (inq)) {
661 /* Queue overflow. */
662 IF_DROP(inq);
663 splx(s);
664 if (debug)
665 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n",
666 SPP_ARGS(ifp));
667 if (!inq->ifq_congestion)
668 if_congestion(inq);
669 goto drop;
670 }
671 IF_ENQUEUE(inq, m);
672 splx(s);
673 }
674
675 /*
676 * Enqueue transmit packet.
677 */
678 HIDE int
679 sppp_output(struct ifnet *ifp, struct mbuf *m,
680 struct sockaddr *dst, struct rtentry *rt)
681 {
682 struct sppp *sp = (struct sppp*) ifp;
683 struct ppp_header *h;
684 struct ifqueue *ifq = NULL;
685 struct timeval tv;
686 int s, len, rv = 0;
687 u_int16_t protocol;
688
689 #ifdef DIAGNOSTIC
690 if (ifp->if_rdomain != rtable_l2(m->m_pkthdr.rdomain)) {
691 printf("%s: trying to send packet on wrong domain. "
692 "if %d vs. mbuf %d, AF %d\n", ifp->if_xname,
693 ifp->if_rdomain, rtable_l2(m->m_pkthdr.rdomain),
694 dst->sa_family);
695 }
696 #endif
697
698 s = splnet();
699
700 getmicrouptime(&tv);
701 sp->pp_last_activity = tv.tv_sec;
702
703 if ((ifp->if_flags & IFF_UP) == 0 ||
704 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) {
705 m_freem (m);
706 splx (s);
707 return (ENETDOWN);
708 }
709
710 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) {
711 /*
712 * Interface is not yet running, but auto-dial. Need
713 * to start LCP for it.
714 */
715 ifp->if_flags |= IFF_RUNNING;
716 splx(s);
717 lcp.Open(sp);
718 s = splnet();
719 }
720
721 #ifdef INET
722 /*
723 * Put low delay, telnet, rlogin and ftp control packets
724 * in front of the queue.
725 */
726 if (dst->sa_family == AF_INET) {
727 struct ip *ip = NULL;
728 struct tcphdr *th = NULL;
729
730 if (m->m_len >= sizeof(struct ip)) {
731 ip = mtod(m, struct ip *);
732 if (ip->ip_p == IPPROTO_TCP &&
733 m->m_len >= sizeof(struct ip) + (ip->ip_hl << 2) +
734 sizeof(struct tcphdr)) {
735 th = (struct tcphdr *)
736 ((caddr_t)ip + (ip->ip_hl << 2));
737 }
738 }
739 /*
740 * When using dynamic local IP address assignment by using
741 * 0.0.0.0 as a local address, the first TCP session will
742 * not connect because the local TCP checksum is computed
743 * using 0.0.0.0 which will later become our real IP address
744 * so the TCP checksum computed at the remote end will
745 * become invalid. So we
746 * - don't let packets with src ip addr 0 thru
747 * - we flag TCP packets with src ip 0 as an error
748 */
749
750 if(ip && ip->ip_src.s_addr == INADDR_ANY) {
751 u_int8_t proto = ip->ip_p;
752
753 m_freem(m);
754 splx(s);
755 if(proto == IPPROTO_TCP)
756 return (EADDRNOTAVAIL);
757 else
758 return (0);
759 }
760 }
761 #endif
762
763 if (sp->pp_flags & PP_NOFRAMING)
764 goto skip_header;
765 /*
766 * Prepend general data packet PPP header. For now, IP only.
767 */
768 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT);
769 if (!m) {
770 if (ifp->if_flags & IFF_DEBUG)
771 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n",
772 SPP_ARGS(ifp));
773 ++ifp->if_oerrors;
774 splx (s);
775 return (ENOBUFS);
776 }
777 /*
778 * May want to check size of packet
779 * (albeit due to the implementation it's always enough)
780 */
781 h = mtod (m, struct ppp_header*);
782 if (sp->pp_flags & PP_CISCO) {
783 h->address = CISCO_UNICAST; /* unicast address */
784 h->control = 0;
785 } else {
786 h->address = PPP_ALLSTATIONS; /* broadcast address */
787 h->control = PPP_UI; /* Unnumbered Info */
788 }
789
790 skip_header:
791 switch (dst->sa_family) {
792 #ifdef INET
793 case AF_INET: /* Internet Protocol */
794 if (sp->pp_flags & PP_CISCO)
795 protocol = htons (ETHERTYPE_IP);
796 else {
797 /*
798 * Don't choke with an ENETDOWN early. It's
799 * possible that we just started dialing out,
800 * so don't drop the packet immediately. If
801 * we notice that we run out of buffer space
802 * below, we will however remember that we are
803 * not ready to carry IP packets, and return
804 * ENETDOWN, as opposed to ENOBUFS.
805 */
806 protocol = htons(PPP_IP);
807 if (sp->state[IDX_IPCP] != STATE_OPENED)
808 rv = ENETDOWN;
809 }
810 break;
811 #endif
812 #ifdef INET6
813 case AF_INET6: /* Internet Protocol v6 */
814 if (sp->pp_flags & PP_CISCO)
815 protocol = htons (ETHERTYPE_IPV6);
816 else {
817 /*
818 * Don't choke with an ENETDOWN early. It's
819 * possible that we just started dialing out,
820 * so don't drop the packet immediately. If
821 * we notice that we run out of buffer space
822 * below, we will however remember that we are
823 * not ready to carry IPv6 packets, and return
824 * ENETDOWN, as opposed to ENOBUFS.
825 */
826 protocol = htons(PPP_IPV6);
827 if (sp->state[IDX_IPV6CP] != STATE_OPENED)
828 rv = ENETDOWN;
829 }
830 break;
831 #endif
832 default:
833 m_freem(m);
834 ++ifp->if_oerrors;
835 splx(s);
836 return (EAFNOSUPPORT);
837 }
838
839 if (sp->pp_flags & PP_NOFRAMING) {
840 M_PREPEND(m, 2, M_DONTWAIT);
841 if (m == NULL) {
842 if (ifp->if_flags & IFF_DEBUG)
843 log(LOG_DEBUG, SPP_FMT
844 "no memory for transmit header\n",
845 SPP_ARGS(ifp));
846 ++ifp->if_oerrors;
847 splx(s);
848 return (ENOBUFS);
849 }
850 *mtod(m, u_int16_t *) = protocol;
851 } else
852 h->protocol = protocol;
853
854 /*
855 * Queue message on interface, and start output if interface
856 * not yet active.
857 */
858 len = m->m_pkthdr.len;
859 if (ifq != NULL
860 #ifdef ALTQ
861 && ALTQ_IS_ENABLED(&ifp->if_snd) == 0
862 #endif
863 ) {
864 if (IF_QFULL (ifq)) {
865 IF_DROP (&ifp->if_snd);
866 m_freem (m);
867 if (rv == 0)
868 rv = ENOBUFS;
869 } else
870 IF_ENQUEUE (ifq, m);
871 } else
872 IFQ_ENQUEUE(&ifp->if_snd, m, NULL, rv);
873
874 if (rv != 0) {
875 ++ifp->if_oerrors;
876 splx (s);
877 return (rv);
878 }
879
880 if (!(ifp->if_flags & IFF_OACTIVE))
881 (*ifp->if_start) (ifp);
882
883 /*
884 * Count output packets and bytes.
885 * The packet length includes header, FCS and 1 flag,
886 * according to RFC 1333.
887 */
888 ifp->if_obytes += len + sp->pp_framebytes;
889 splx (s);
890 return (0);
891 }
892
893 void
894 sppp_attach(struct ifnet *ifp)
895 {
896 struct sppp *sp = (struct sppp*) ifp;
897 int i;
898
899 /* Initialize keepalive handler. */
900 if (! spppq) {
901 #if defined (__FreeBSD__)
902 keepalive_ch = timeout(sppp_keepalive, 0, hz * 10);
903 #elif defined(__OpenBSD__)
904 timeout_set(&keepalive_ch, sppp_keepalive, NULL);
905 timeout_add_sec(&keepalive_ch, 10);
906 #endif
907 }
908
909 /* Insert new entry into the keepalive list. */
910 sp->pp_next = spppq;
911 spppq = sp;
912
913 sp->pp_if.if_type = IFT_PPP;
914 sp->pp_if.if_output = sppp_output;
915 IFQ_SET_MAXLEN(&sp->pp_if.if_snd, 50);
916 IFQ_SET_MAXLEN(&sp->pp_cpq, 50);
917 sp->pp_loopcnt = 0;
918 sp->pp_alivecnt = 0;
919 sp->pp_last_activity = 0;
920 sp->pp_last_receive = 0;
921 sp->pp_seq = 0;
922 sp->pp_rseq = 0;
923 sp->pp_phase = PHASE_DEAD;
924 sp->pp_up = lcp.Up;
925 sp->pp_down = lcp.Down;
926
927 for (i = 0; i < IDX_COUNT; i++)
928 timeout_set(&sp->ch[i], (cps[i])->TO, (void *)sp);
929 timeout_set(&sp->pap_my_to_ch, sppp_pap_my_TO, (void *)sp);
930
931 sppp_lcp_init(sp);
932 sppp_ipcp_init(sp);
933 sppp_ipv6cp_init(sp);
934 sppp_pap_init(sp);
935 sppp_chap_init(sp);
936 }
937
938 void
939 sppp_detach(struct ifnet *ifp)
940 {
941 struct sppp **q, *p, *sp = (struct sppp*) ifp;
942 int i;
943
944 /* Remove the entry from the keepalive list. */
945 for (q = &spppq; (p = *q); q = &p->pp_next)
946 if (p == sp) {
947 *q = p->pp_next;
948 break;
949 }
950
951 /* Stop keepalive handler. */
952 if (! spppq)
953 UNTIMEOUT(sppp_keepalive, 0, keepalive_ch);
954
955 for (i = 0; i < IDX_COUNT; i++)
956 UNTIMEOUT((cps[i])->TO, (void *)sp, sp->ch[i]);
957 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
958
959 /* release authentication data */
960 if (sp->myauth.name != NULL)
961 free(sp->myauth.name, M_DEVBUF);
962 if (sp->myauth.secret != NULL)
963 free(sp->myauth.secret, M_DEVBUF);
964 if (sp->hisauth.name != NULL)
965 free(sp->hisauth.name, M_DEVBUF);
966 if (sp->hisauth.secret != NULL)
967 free(sp->hisauth.secret, M_DEVBUF);
968 }
969
970 /*
971 * Flush the interface output queue.
972 */
973 void
974 sppp_flush(struct ifnet *ifp)
975 {
976 struct sppp *sp = (struct sppp*) ifp;
977
978 IFQ_PURGE(&sp->pp_if.if_snd);
979 sppp_qflush (&sp->pp_cpq);
980 }
981
982 /*
983 * Check if the output queue is empty.
984 */
985 int
986 sppp_isempty(struct ifnet *ifp)
987 {
988 struct sppp *sp = (struct sppp*) ifp;
989 int empty, s;
990
991 s = splnet();
992 empty = IF_IS_EMPTY(&sp->pp_cpq) &&
993 IFQ_IS_EMPTY(&sp->pp_if.if_snd);
994 splx(s);
995 return (empty);
996 }
997
998 /*
999 * Get next packet to send.
1000 */
1001 struct mbuf *
1002 sppp_dequeue(struct ifnet *ifp)
1003 {
1004 struct sppp *sp = (struct sppp*) ifp;
1005 struct mbuf *m;
1006 int s;
1007
1008 s = splnet();
1009 /*
1010 * Process only the control protocol queue until we have at
1011 * least one NCP open.
1012 *
1013 * Do always serve all queues in Cisco mode.
1014 */
1015 IF_DEQUEUE(&sp->pp_cpq, m);
1016 if (m == NULL &&
1017 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) {
1018 IFQ_DEQUEUE (&sp->pp_if.if_snd, m);
1019 }
1020 splx(s);
1021 return m;
1022 }
1023
1024 /*
1025 * Pick the next packet, do not remove it from the queue.
1026 */
1027 struct mbuf *
1028 sppp_pick(struct ifnet *ifp)
1029 {
1030 struct sppp *sp = (struct sppp*)ifp;
1031 struct mbuf *m;
1032 int s;
1033
1034 s = splnet();
1035 IF_POLL(&sp->pp_cpq, m);
1036 if (m == NULL &&
1037 (sp->pp_phase == PHASE_NETWORK ||
1038 (sp->pp_flags & PP_CISCO) != 0)) {
1039 IFQ_POLL(&sp->pp_if.if_snd, m);
1040 }
1041 splx (s);
1042 return (m);
1043 }
1044
1045 /*
1046 * Process an ioctl request. Called on low priority level.
1047 */
1048 int
1049 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data)
1050 {
1051 struct ifreq *ifr = (struct ifreq*) data;
1052 struct sppp *sp = (struct sppp*) ifp;
1053 int s, rv, going_up, going_down, newmode;
1054
1055 s = splnet();
1056 rv = 0;
1057 switch (cmd) {
1058 case SIOCAIFADDR:
1059 case SIOCSIFDSTADDR:
1060 break;
1061
1062 case SIOCSIFADDR:
1063 if_up(ifp);
1064 /* FALLTHROUGH */
1065
1066 case SIOCSIFFLAGS:
1067 going_up = (ifp->if_flags & IFF_UP) &&
1068 (ifp->if_flags & IFF_RUNNING) == 0;
1069 going_down = (ifp->if_flags & IFF_UP) == 0 &&
1070 (ifp->if_flags & IFF_RUNNING);
1071 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE);
1072 if (newmode == (IFF_AUTO | IFF_PASSIVE)) {
1073 /* sanity */
1074 newmode = IFF_PASSIVE;
1075 ifp->if_flags &= ~IFF_AUTO;
1076 }
1077
1078 if (going_up || going_down)
1079 if (!(sp->pp_flags & PP_CISCO))
1080 lcp.Close(sp);
1081
1082 if (going_up && newmode == 0) {
1083 /* neither auto-dial nor passive */
1084 ifp->if_flags |= IFF_RUNNING;
1085 if (!(sp->pp_flags & PP_CISCO))
1086 lcp.Open(sp);
1087 } else if (going_down) {
1088 sppp_flush(ifp);
1089 ifp->if_flags &= ~IFF_RUNNING;
1090 }
1091 break;
1092
1093 #ifdef SIOCSIFMTU
1094 case SIOCSIFMTU:
1095 if (ifr->ifr_mtu < 128 ||
1096 (sp->lcp.their_mru > 0 &&
1097 ifr->ifr_mtu > sp->lcp.their_mru)) {
1098 splx(s);
1099 return (EINVAL);
1100 }
1101 ifp->if_mtu = ifr->ifr_mtu;
1102 break;
1103 #endif
1104 #ifdef SLIOCSETMTU
1105 case SLIOCSETMTU:
1106 if (*(short*)data < 128 ||
1107 (sp->lcp.their_mru > 0 &&
1108 *(short*)data > sp->lcp.their_mru)) {
1109 splx(s);
1110 return (EINVAL);
1111 }
1112 ifp->if_mtu = *(short*)data;
1113 break;
1114 #endif
1115 #ifdef SIOCGIFMTU
1116 case SIOCGIFMTU:
1117 ifr->ifr_mtu = ifp->if_mtu;
1118 break;
1119 #endif
1120 #ifdef SLIOCGETMTU
1121 case SLIOCGETMTU:
1122 *(short*)data = ifp->if_mtu;
1123 break;
1124 #endif
1125 case SIOCADDMULTI:
1126 case SIOCDELMULTI:
1127 break;
1128
1129 case SIOCGIFGENERIC:
1130 rv = sppp_get_params(sp, ifr);
1131 break;
1132
1133 case SIOCSIFGENERIC:
1134 rv = sppp_set_params(sp, ifr);
1135 break;
1136
1137 default:
1138 rv = ENOTTY;
1139 }
1140 splx(s);
1141 return rv;
1142 }
1143
1144
1145 �/*
1146 * Cisco framing implementation.
1147 */
1148
1149 /*
1150 * Handle incoming Cisco keepalive protocol packets.
1151 */
1152 HIDE void
1153 sppp_cisco_input(struct sppp *sp, struct mbuf *m)
1154 {
1155 STDDCL;
1156 struct cisco_packet *h;
1157 u_int32_t me, mymask;
1158
1159 if (m->m_pkthdr.len < CISCO_PACKET_LEN) {
1160 if (debug)
1161 log(LOG_DEBUG,
1162 SPP_FMT "cisco invalid packet length: %d bytes\n",
1163 SPP_ARGS(ifp), m->m_pkthdr.len);
1164 return;
1165 }
1166 h = mtod (m, struct cisco_packet*);
1167 if (debug)
1168 log(LOG_DEBUG,
1169 SPP_FMT "cisco input: %d bytes "
1170 "<0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n",
1171 SPP_ARGS(ifp), m->m_pkthdr.len,
1172 ntohl(h->type), h->par1, h->par2, (u_int)h->rel,
1173 (u_int)h->time0, (u_int)h->time1);
1174 switch (ntohl (h->type)) {
1175 default:
1176 if (debug)
1177 addlog(SPP_FMT "cisco unknown packet type: 0x%x\n",
1178 SPP_ARGS(ifp), ntohl(h->type));
1179 break;
1180 case CISCO_ADDR_REPLY:
1181 /* Reply on address request, ignore */
1182 break;
1183 case CISCO_KEEPALIVE_REQ:
1184 sp->pp_alivecnt = 0;
1185 sp->pp_rseq = ntohl (h->par1);
1186 if (sp->pp_seq == sp->pp_rseq) {
1187 /* Local and remote sequence numbers are equal.
1188 * Probably, the line is in loopback mode. */
1189 if (sp->pp_loopcnt >= LOOPALIVECNT) {
1190 log(LOG_INFO, SPP_FMT "loopback\n",
1191 SPP_ARGS(ifp));
1192 sp->pp_loopcnt = 0;
1193 if (ifp->if_flags & IFF_UP) {
1194 if_down (ifp);
1195 sppp_qflush (&sp->pp_cpq);
1196 }
1197 }
1198 ++sp->pp_loopcnt;
1199
1200 /* Generate new local sequence number */
1201 #if defined (__FreeBSD__) || defined (__NetBSD__) || defined(__OpenBSD__)
1202 sp->pp_seq = arc4random();
1203 #else
1204 sp->pp_seq ^= time.tv_sec ^ time.tv_usec;
1205 #endif
1206 break;
1207 }
1208 sp->pp_loopcnt = 0;
1209 if (! (ifp->if_flags & IFF_UP) &&
1210 (ifp->if_flags & IFF_RUNNING)) {
1211 if_up(ifp);
1212 if (debug)
1213 log(LOG_INFO, SPP_FMT "up\n", SPP_ARGS(ifp));
1214 }
1215 break;
1216 case CISCO_ADDR_REQ:
1217 sppp_get_ip_addrs(sp, &me, 0, &mymask);
1218 if (me != 0)
1219 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask);
1220 break;
1221 }
1222 }
1223
1224 /*
1225 * Send Cisco keepalive packet.
1226 */
1227 HIDE void
1228 sppp_cisco_send(struct sppp *sp, u_int32_t type, u_int32_t par1, u_int32_t par2)
1229 {
1230 STDDCL;
1231 struct ppp_header *h;
1232 struct cisco_packet *ch;
1233 struct mbuf *m;
1234 struct timeval tv;
1235
1236 getmicrouptime(&tv);
1237
1238 MGETHDR (m, M_DONTWAIT, MT_DATA);
1239 if (! m)
1240 return;
1241 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN;
1242 m->m_pkthdr.rcvif = 0;
1243
1244 h = mtod (m, struct ppp_header*);
1245 h->address = CISCO_MULTICAST;
1246 h->control = 0;
1247 h->protocol = htons (CISCO_KEEPALIVE);
1248
1249 ch = (struct cisco_packet*) (h + 1);
1250 ch->type = htonl (type);
1251 ch->par1 = htonl (par1);
1252 ch->par2 = htonl (par2);
1253 ch->rel = -1;
1254
1255 ch->time0 = htons ((u_short) (tv.tv_sec >> 16));
1256 ch->time1 = htons ((u_short) tv.tv_sec);
1257
1258 if (debug)
1259 log(LOG_DEBUG, SPP_FMT
1260 "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n",
1261 SPP_ARGS(ifp), ntohl(ch->type), ch->par1, ch->par2,
1262 (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1);
1263
1264 if (IF_QFULL (&sp->pp_cpq)) {
1265 IF_DROP (&ifp->if_snd);
1266 m_freem (m);
1267 m = NULL;
1268 } else
1269 IF_ENQUEUE (&sp->pp_cpq, m);
1270 if (! (ifp->if_flags & IFF_OACTIVE))
1271 (*ifp->if_start) (ifp);
1272 if (m != NULL)
1273 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes;
1274 }
1275
1276 �/*
1277 * PPP protocol implementation.
1278 */
1279
1280 /*
1281 * Send PPP control protocol packet.
1282 */
1283 HIDE void
1284 sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
1285 u_char ident, u_short len, void *data)
1286 {
1287 STDDCL;
1288 struct ppp_header *h;
1289 struct lcp_header *lh;
1290 struct mbuf *m;
1291 size_t pkthdrlen;
1292
1293 pkthdrlen = (sp->pp_flags & PP_NOFRAMING) ? 2 : PPP_HEADER_LEN;
1294
1295 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN)
1296 len = MHLEN - pkthdrlen - LCP_HEADER_LEN;
1297 MGETHDR (m, M_DONTWAIT, MT_DATA);
1298 if (! m)
1299 return;
1300 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len;
1301 m->m_pkthdr.rcvif = 0;
1302
1303 if (sp->pp_flags & PP_NOFRAMING) {
1304 *mtod(m, u_int16_t *) = htons(proto);
1305 lh = (struct lcp_header *)(mtod(m, u_int8_t *) + 2);
1306 } else {
1307 h = mtod (m, struct ppp_header*);
1308 h->address = PPP_ALLSTATIONS; /* broadcast address */
1309 h->control = PPP_UI; /* Unnumbered Info */
1310 h->protocol = htons (proto); /* Link Control Protocol */
1311 lh = (struct lcp_header*) (h + 1);
1312 }
1313 lh->type = type;
1314 lh->ident = ident;
1315 lh->len = htons (LCP_HEADER_LEN + len);
1316 if (len)
1317 bcopy (data, lh+1, len);
1318
1319 if (debug) {
1320 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d",
1321 SPP_ARGS(ifp),
1322 sppp_proto_name(proto),
1323 sppp_cp_type_name (lh->type), lh->ident,
1324 ntohs (lh->len));
1325 if (len)
1326 sppp_print_bytes ((u_char*) (lh+1), len);
1327 addlog(">\n");
1328 }
1329 if (IF_QFULL (&sp->pp_cpq)) {
1330 IF_DROP (&ifp->if_snd);
1331 m_freem (m);
1332 ++ifp->if_oerrors;
1333 m = NULL;
1334 } else
1335 IF_ENQUEUE (&sp->pp_cpq, m);
1336 if (!(ifp->if_flags & IFF_OACTIVE))
1337 (*ifp->if_start) (ifp);
1338 if (m != NULL)
1339 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes;
1340 }
1341
1342 /*
1343 * Handle incoming PPP control protocol packets.
1344 */
1345 HIDE void
1346 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m)
1347 {
1348 STDDCL;
1349 struct lcp_header *h;
1350 int len = m->m_pkthdr.len;
1351 int rv;
1352 u_char *p;
1353 u_long nmagic;
1354
1355 if (len < 4) {
1356 if (debug)
1357 log(LOG_DEBUG,
1358 SPP_FMT "%s invalid packet length: %d bytes\n",
1359 SPP_ARGS(ifp), cp->name, len);
1360 return;
1361 }
1362 h = mtod (m, struct lcp_header*);
1363 if (debug) {
1364 log(LOG_DEBUG,
1365 SPP_FMT "%s input(%s): <%s id=0x%x len=%d",
1366 SPP_ARGS(ifp), cp->name,
1367 sppp_state_name(sp->state[cp->protoidx]),
1368 sppp_cp_type_name (h->type), h->ident, ntohs (h->len));
1369 if (len > 4)
1370 sppp_print_bytes ((u_char*) (h+1), len-4);
1371 addlog(">\n");
1372 }
1373 if (len > ntohs (h->len))
1374 len = ntohs (h->len);
1375 p = (u_char *)(h + 1);
1376 switch (h->type) {
1377 case CONF_REQ:
1378 if (len < 4) {
1379 if (debug)
1380 addlog(SPP_FMT "%s invalid conf-req length %d\n",
1381 SPP_ARGS(ifp), cp->name,
1382 len);
1383 ++ifp->if_ierrors;
1384 break;
1385 }
1386 /* handle states where RCR doesn't get a SCA/SCN */
1387 switch (sp->state[cp->protoidx]) {
1388 case STATE_CLOSING:
1389 case STATE_STOPPING:
1390 return;
1391 case STATE_CLOSED:
1392 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident,
1393 0, 0);
1394 return;
1395 }
1396 rv = (cp->RCR)(sp, h, len);
1397 /* silently drop illegal packets */
1398 if (rv == -1)
1399 return;
1400 switch (sp->state[cp->protoidx]) {
1401 case STATE_OPENED:
1402 sppp_cp_change_state(cp, sp, rv?
1403 STATE_ACK_SENT: STATE_REQ_SENT);
1404 (cp->tld)(sp);
1405 (cp->scr)(sp);
1406 break;
1407 case STATE_ACK_SENT:
1408 case STATE_REQ_SENT:
1409 sppp_cp_change_state(cp, sp, rv?
1410 STATE_ACK_SENT: STATE_REQ_SENT);
1411 break;
1412 case STATE_STOPPED:
1413 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1414 sppp_cp_change_state(cp, sp, rv?
1415 STATE_ACK_SENT: STATE_REQ_SENT);
1416 (cp->scr)(sp);
1417 break;
1418 case STATE_ACK_RCVD:
1419 if (rv) {
1420 sppp_cp_change_state(cp, sp, STATE_OPENED);
1421 if (debug)
1422 log(LOG_DEBUG, SPP_FMT "%s tlu\n",
1423 SPP_ARGS(ifp),
1424 cp->name);
1425 (cp->tlu)(sp);
1426 } else
1427 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1428 break;
1429 default:
1430 /* printf(SPP_FMT "%s illegal %s in state %s\n",
1431 SPP_ARGS(ifp), cp->name,
1432 sppp_cp_type_name(h->type),
1433 sppp_state_name(sp->state[cp->protoidx])); */
1434 ++ifp->if_ierrors;
1435 }
1436 break;
1437 case CONF_ACK:
1438 if (h->ident != sp->confid[cp->protoidx]) {
1439 if (debug)
1440 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n",
1441 SPP_ARGS(ifp), cp->name,
1442 h->ident, sp->confid[cp->protoidx]);
1443 ++ifp->if_ierrors;
1444 break;
1445 }
1446 switch (sp->state[cp->protoidx]) {
1447 case STATE_CLOSED:
1448 case STATE_STOPPED:
1449 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1450 break;
1451 case STATE_CLOSING:
1452 case STATE_STOPPING:
1453 break;
1454 case STATE_REQ_SENT:
1455 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1456 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1457 break;
1458 case STATE_OPENED:
1459 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1460 (cp->tld)(sp);
1461 (cp->scr)(sp);
1462 break;
1463 case STATE_ACK_RCVD:
1464 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1465 (cp->scr)(sp);
1466 break;
1467 case STATE_ACK_SENT:
1468 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1469 sppp_cp_change_state(cp, sp, STATE_OPENED);
1470 if (debug)
1471 log(LOG_DEBUG, SPP_FMT "%s tlu\n",
1472 SPP_ARGS(ifp), cp->name);
1473 (cp->tlu)(sp);
1474 break;
1475 default:
1476 /* printf(SPP_FMT "%s illegal %s in state %s\n",
1477 SPP_ARGS(ifp), cp->name,
1478 sppp_cp_type_name(h->type),
1479 sppp_state_name(sp->state[cp->protoidx])); */
1480 ++ifp->if_ierrors;
1481 }
1482 break;
1483 case CONF_NAK:
1484 case CONF_REJ:
1485 if (h->ident != sp->confid[cp->protoidx]) {
1486 if (debug)
1487 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n",
1488 SPP_ARGS(ifp), cp->name,
1489 h->ident, sp->confid[cp->protoidx]);
1490 ++ifp->if_ierrors;
1491 break;
1492 }
1493 if (h->type == CONF_NAK)
1494 (cp->RCN_nak)(sp, h, len);
1495 else /* CONF_REJ */
1496 (cp->RCN_rej)(sp, h, len);
1497
1498 switch (sp->state[cp->protoidx]) {
1499 case STATE_CLOSED:
1500 case STATE_STOPPED:
1501 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1502 break;
1503 case STATE_REQ_SENT:
1504 case STATE_ACK_SENT:
1505 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1506 (cp->scr)(sp);
1507 break;
1508 case STATE_OPENED:
1509 sppp_cp_change_state(cp, sp, STATE_ACK_SENT);
1510 (cp->tld)(sp);
1511 (cp->scr)(sp);
1512 break;
1513 case STATE_ACK_RCVD:
1514 sppp_cp_change_state(cp, sp, STATE_ACK_SENT);
1515 (cp->scr)(sp);
1516 break;
1517 case STATE_CLOSING:
1518 case STATE_STOPPING:
1519 break;
1520 default:
1521 /* printf(SPP_FMT "%s illegal %s in state %s\n",
1522 SPP_ARGS(ifp), cp->name,
1523 sppp_cp_type_name(h->type),
1524 sppp_state_name(sp->state[cp->protoidx])); */
1525 ++ifp->if_ierrors;
1526 }
1527 break;
1528
1529 case TERM_REQ:
1530 switch (sp->state[cp->protoidx]) {
1531 case STATE_ACK_RCVD:
1532 case STATE_ACK_SENT:
1533 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1534 /* FALLTHROUGH */
1535 case STATE_CLOSED:
1536 case STATE_STOPPED:
1537 case STATE_CLOSING:
1538 case STATE_STOPPING:
1539 case STATE_REQ_SENT:
1540 sta:
1541 /* Send Terminate-Ack packet. */
1542 if (debug)
1543 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n",
1544 SPP_ARGS(ifp), cp->name);
1545 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1546 break;
1547 case STATE_OPENED:
1548 sp->rst_counter[cp->protoidx] = 0;
1549 sppp_cp_change_state(cp, sp, STATE_STOPPING);
1550 (cp->tld)(sp);
1551 goto sta;
1552 break;
1553 default:
1554 /* printf(SPP_FMT "%s illegal %s in state %s\n",
1555 SPP_ARGS(ifp), cp->name,
1556 sppp_cp_type_name(h->type),
1557 sppp_state_name(sp->state[cp->protoidx])); */
1558 ++ifp->if_ierrors;
1559 }
1560 break;
1561 case TERM_ACK:
1562 switch (sp->state[cp->protoidx]) {
1563 case STATE_CLOSED:
1564 case STATE_STOPPED:
1565 case STATE_REQ_SENT:
1566 case STATE_ACK_SENT:
1567 break;
1568 case STATE_CLOSING:
1569 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1570 (cp->tlf)(sp);
1571 break;
1572 case STATE_STOPPING:
1573 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1574 (cp->tlf)(sp);
1575 break;
1576 case STATE_ACK_RCVD:
1577 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1578 break;
1579 case STATE_OPENED:
1580 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1581 (cp->tld)(sp);
1582 (cp->scr)(sp);
1583 break;
1584 default:
1585 /* printf(SPP_FMT "%s illegal %s in state %s\n",
1586 SPP_ARGS(ifp), cp->name,
1587 sppp_cp_type_name(h->type),
1588 sppp_state_name(sp->state[cp->protoidx])); */
1589 ++ifp->if_ierrors;
1590 }
1591 break;
1592 case CODE_REJ:
1593 case PROTO_REJ:
1594 {
1595 int catastrophic = 0;
1596 const struct cp *upper = NULL;
1597 int i;
1598 u_int16_t proto;
1599
1600 if (len < 2) {
1601 if (debug)
1602 log(LOG_DEBUG, SPP_FMT "invalid proto-rej length\n",
1603 SPP_ARGS(ifp));
1604 ++ifp->if_ierrors;
1605 break;
1606 }
1607
1608 proto = ntohs(*((u_int16_t *)p));
1609 for (i = 0; i < IDX_COUNT; i++) {
1610 if (cps[i]->proto == proto) {
1611 upper = cps[i];
1612 break;
1613 }
1614 }
1615 if (upper == NULL)
1616 catastrophic++;
1617
1618 if (catastrophic || debug)
1619 log(catastrophic? LOG_INFO: LOG_DEBUG,
1620 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n",
1621 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+',
1622 sppp_cp_type_name(h->type), proto,
1623 upper ? upper->name : "unknown",
1624 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?");
1625
1626 /*
1627 * if we got RXJ+ against conf-req, the peer does not implement
1628 * this particular protocol type. terminate the protocol.
1629 */
1630 if (upper) {
1631 if (sp->state[upper->protoidx] == STATE_REQ_SENT) {
1632 upper->Close(sp);
1633 break;
1634 }
1635 }
1636
1637 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */
1638 switch (sp->state[cp->protoidx]) {
1639 case STATE_CLOSED:
1640 case STATE_STOPPED:
1641 case STATE_REQ_SENT:
1642 case STATE_ACK_SENT:
1643 case STATE_CLOSING:
1644 case STATE_STOPPING:
1645 case STATE_OPENED:
1646 break;
1647 case STATE_ACK_RCVD:
1648 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1649 break;
1650 default:
1651 /* printf(SPP_FMT "%s illegal %s in state %s\n",
1652 SPP_ARGS(ifp), cp->name,
1653 sppp_cp_type_name(h->type),
1654 sppp_state_name(sp->state[cp->protoidx])); */
1655 ++ifp->if_ierrors;
1656 }
1657 break;
1658 }
1659 case DISC_REQ:
1660 if (cp->proto != PPP_LCP)
1661 goto illegal;
1662 /* Discard the packet. */
1663 break;
1664 case ECHO_REQ:
1665 if (cp->proto != PPP_LCP)
1666 goto illegal;
1667 if (sp->state[cp->protoidx] != STATE_OPENED) {
1668 if (debug)
1669 addlog(SPP_FMT "lcp echo req but lcp closed\n",
1670 SPP_ARGS(ifp));
1671 ++ifp->if_ierrors;
1672 break;
1673 }
1674 if (len < 8) {
1675 if (debug)
1676 addlog(SPP_FMT "invalid lcp echo request "
1677 "packet length: %d bytes\n",
1678 SPP_ARGS(ifp), len);
1679 break;
1680 }
1681
1682 nmagic = (u_long)p[0] << 24 |
1683 (u_long)p[1] << 16 | p[2] << 8 | p[3];
1684
1685 if (nmagic == sp->lcp.magic) {
1686 /* Line loopback mode detected. */
1687 log(LOG_INFO, SPP_FMT "loopback\n", SPP_ARGS(ifp));
1688 /* Shut down the PPP link. */
1689 lcp.Close(sp);
1690 break;
1691 }
1692
1693 p[0] = sp->lcp.magic >> 24;
1694 p[1] = sp->lcp.magic >> 16;
1695 p[2] = sp->lcp.magic >> 8;
1696 p[3] = sp->lcp.magic;
1697
1698 if (debug)
1699 addlog(SPP_FMT "got lcp echo req, sending echo rep\n",
1700 SPP_ARGS(ifp));
1701 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1);
1702 break;
1703 case ECHO_REPLY:
1704 if (cp->proto != PPP_LCP)
1705 goto illegal;
1706 if (h->ident != sp->lcp.echoid) {
1707 ++ifp->if_ierrors;
1708 break;
1709 }
1710 if (len < 8) {
1711 if (debug)
1712 addlog(SPP_FMT "lcp invalid echo reply "
1713 "packet length: %d bytes\n",
1714 SPP_ARGS(ifp), len);
1715 break;
1716 }
1717 if (debug)
1718 addlog(SPP_FMT "lcp got echo rep\n",
1719 SPP_ARGS(ifp));
1720
1721 nmagic = (u_long)p[0] << 24 |
1722 (u_long)p[1] << 16 | p[2] << 8 | p[3];
1723
1724 if (nmagic != sp->lcp.magic)
1725 sp->pp_alivecnt = 0;
1726 break;
1727 default:
1728 /* Unknown packet type -- send Code-Reject packet. */
1729 illegal:
1730 if (debug)
1731 addlog(SPP_FMT "%s send code-rej for 0x%x\n",
1732 SPP_ARGS(ifp), cp->name, h->type);
1733 sppp_cp_send(sp, cp->proto, CODE_REJ, ++sp->pp_seq,
1734 m->m_pkthdr.len, h);
1735 ++ifp->if_ierrors;
1736 }
1737 }
1738
1739
1740 /*
1741 * The generic part of all Up/Down/Open/Close/TO event handlers.
1742 * Basically, the state transition handling in the automaton.
1743 */
1744 HIDE void
1745 sppp_up_event(const struct cp *cp, struct sppp *sp)
1746 {
1747 STDDCL;
1748
1749 if (debug)
1750 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n",
1751 SPP_ARGS(ifp), cp->name,
1752 sppp_state_name(sp->state[cp->protoidx]));
1753
1754 switch (sp->state[cp->protoidx]) {
1755 case STATE_INITIAL:
1756 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1757 break;
1758 case STATE_STARTING:
1759 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1760 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1761 (cp->scr)(sp);
1762 break;
1763 default:
1764 /* printf(SPP_FMT "%s illegal up in state %s\n",
1765 SPP_ARGS(ifp), cp->name,
1766 sppp_state_name(sp->state[cp->protoidx])); */
1767 break;
1768 }
1769 }
1770
1771 HIDE void
1772 sppp_down_event(const struct cp *cp, struct sppp *sp)
1773 {
1774 STDDCL;
1775
1776 if (debug)
1777 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n",
1778 SPP_ARGS(ifp), cp->name,
1779 sppp_state_name(sp->state[cp->protoidx]));
1780
1781 switch (sp->state[cp->protoidx]) {
1782 case STATE_CLOSED:
1783 case STATE_CLOSING:
1784 sppp_cp_change_state(cp, sp, STATE_INITIAL);
1785 break;
1786 case STATE_STOPPED:
1787 sppp_cp_change_state(cp, sp, STATE_STARTING);
1788 (cp->tls)(sp);
1789 break;
1790 case STATE_STOPPING:
1791 case STATE_REQ_SENT:
1792 case STATE_ACK_RCVD:
1793 case STATE_ACK_SENT:
1794 sppp_cp_change_state(cp, sp, STATE_STARTING);
1795 break;
1796 case STATE_OPENED:
1797 sppp_cp_change_state(cp, sp, STATE_STARTING);
1798 (cp->tld)(sp);
1799 break;
1800 default:
1801 /* printf(SPP_FMT "%s illegal down in state %s\n",
1802 SPP_ARGS(ifp), cp->name,
1803 sppp_state_name(sp->state[cp->protoidx])); */
1804 break;
1805 }
1806 }
1807
1808
1809 HIDE void
1810 sppp_open_event(const struct cp *cp, struct sppp *sp)
1811 {
1812 STDDCL;
1813
1814 if (debug)
1815 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n",
1816 SPP_ARGS(ifp), cp->name,
1817 sppp_state_name(sp->state[cp->protoidx]));
1818
1819 switch (sp->state[cp->protoidx]) {
1820 case STATE_INITIAL:
1821 sppp_cp_change_state(cp, sp, STATE_STARTING);
1822 (cp->tls)(sp);
1823 break;
1824 case STATE_STARTING:
1825 break;
1826 case STATE_CLOSED:
1827 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1828 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1829 (cp->scr)(sp);
1830 break;
1831 case STATE_STOPPED:
1832 case STATE_STOPPING:
1833 case STATE_REQ_SENT:
1834 case STATE_ACK_RCVD:
1835 case STATE_ACK_SENT:
1836 case STATE_OPENED:
1837 break;
1838 case STATE_CLOSING:
1839 sppp_cp_change_state(cp, sp, STATE_STOPPING);
1840 break;
1841 }
1842 }
1843
1844
1845 HIDE void
1846 sppp_close_event(const struct cp *cp, struct sppp *sp)
1847 {
1848 STDDCL;
1849
1850 if (debug)
1851 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n",
1852 SPP_ARGS(ifp), cp->name,
1853 sppp_state_name(sp->state[cp->protoidx]));
1854
1855 switch (sp->state[cp->protoidx]) {
1856 case STATE_INITIAL:
1857 case STATE_CLOSED:
1858 case STATE_CLOSING:
1859 break;
1860 case STATE_STARTING:
1861 sppp_cp_change_state(cp, sp, STATE_INITIAL);
1862 (cp->tlf)(sp);
1863 break;
1864 case STATE_STOPPED:
1865 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1866 break;
1867 case STATE_STOPPING:
1868 sppp_cp_change_state(cp, sp, STATE_CLOSING);
1869 break;
1870 case STATE_OPENED:
1871 sppp_cp_change_state(cp, sp, STATE_CLOSING);
1872 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate;
1873 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0);
1874 (cp->tld)(sp);
1875 break;
1876 case STATE_REQ_SENT:
1877 case STATE_ACK_RCVD:
1878 case STATE_ACK_SENT:
1879 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate;
1880 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0);
1881 sppp_cp_change_state(cp, sp, STATE_CLOSING);
1882 break;
1883 }
1884 }
1885
1886 HIDE void
1887 sppp_increasing_timeout (const struct cp *cp, struct sppp *sp)
1888 {
1889 int timo;
1890
1891 timo = sp->lcp.max_configure - sp->rst_counter[cp->protoidx];
1892 if (timo < 1)
1893 timo = 1;
1894 #if defined(__FreeBSD__) && __FreeBSD__ >= 3
1895 sp->ch[cp->protoidx] =
1896 timeout(cp->TO, (void *)sp, timo * sp->lcp.timeout);
1897 #elif defined(__OpenBSD__)
1898 timeout_add(&sp->ch[cp->protoidx], timo * sp->lcp.timeout);
1899 #endif
1900 }
1901
1902 HIDE void
1903 sppp_to_event(const struct cp *cp, struct sppp *sp)
1904 {
1905 STDDCL;
1906 int s;
1907
1908 s = splnet();
1909 if (debug)
1910 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n",
1911 SPP_ARGS(ifp), cp->name,
1912 sppp_state_name(sp->state[cp->protoidx]),
1913 sp->rst_counter[cp->protoidx]);
1914
1915 if (--sp->rst_counter[cp->protoidx] < 0)
1916 /* TO- event */
1917 switch (sp->state[cp->protoidx]) {
1918 case STATE_CLOSING:
1919 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1920 (cp->tlf)(sp);
1921 break;
1922 case STATE_STOPPING:
1923 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1924 (cp->tlf)(sp);
1925 break;
1926 case STATE_REQ_SENT:
1927 case STATE_ACK_RCVD:
1928 case STATE_ACK_SENT:
1929 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1930 (cp->tlf)(sp);
1931 break;
1932 }
1933 else
1934 /* TO+ event */
1935 switch (sp->state[cp->protoidx]) {
1936 case STATE_CLOSING:
1937 case STATE_STOPPING:
1938 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq,
1939 0, 0);
1940 sppp_increasing_timeout (cp, sp);
1941 break;
1942 case STATE_REQ_SENT:
1943 case STATE_ACK_RCVD:
1944 /* sppp_cp_change_state() will restart the timer */
1945 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1946 (cp->scr)(sp);
1947 break;
1948 case STATE_ACK_SENT:
1949 sppp_increasing_timeout (cp, sp);
1950 (cp->scr)(sp);
1951 break;
1952 }
1953
1954 splx(s);
1955 }
1956
1957 /*
1958 * Change the state of a control protocol in the state automaton.
1959 * Takes care of starting/stopping the restart timer.
1960 */
1961 void
1962 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate)
1963 {
1964 STDDCL;
1965
1966 if (debug && sp->state[cp->protoidx] != newstate)
1967 log(LOG_DEBUG, SPP_FMT "%s %s->%s\n",
1968 SPP_ARGS(ifp), cp->name,
1969 sppp_state_name(sp->state[cp->protoidx]),
1970 sppp_state_name(newstate));
1971 sp->state[cp->protoidx] = newstate;
1972
1973 switch (newstate) {
1974 case STATE_INITIAL:
1975 case STATE_STARTING:
1976 case STATE_CLOSED:
1977 case STATE_STOPPED:
1978 case STATE_OPENED:
1979 UNTIMEOUT(cp->TO, (void *)sp, sp->ch[cp->protoidx]);
1980 break;
1981 case STATE_CLOSING:
1982 case STATE_STOPPING:
1983 case STATE_REQ_SENT:
1984 case STATE_ACK_RCVD:
1985 case STATE_ACK_SENT:
1986 if (!timeout_pending(&sp->ch[cp->protoidx]))
1987 sppp_increasing_timeout (cp, sp);
1988 break;
1989 }
1990 }
1991 �/*
1992 *--------------------------------------------------------------------------*
1993 * *
1994 * The LCP implementation. *
1995 * *
1996 *--------------------------------------------------------------------------*
1997 */
1998 HIDE void
1999 sppp_lcp_init(struct sppp *sp)
2000 {
2001 sp->lcp.opts = (1 << LCP_OPT_MAGIC);
2002 sp->lcp.magic = 0;
2003 sp->state[IDX_LCP] = STATE_INITIAL;
2004 sp->fail_counter[IDX_LCP] = 0;
2005 sp->lcp.protos = 0;
2006 sp->lcp.mru = sp->pp_if.if_mtu;
2007 sp->lcp.their_mru = 0;
2008
2009 /*
2010 * Initialize counters and timeout values. Note that we don't
2011 * use the 3 seconds suggested in RFC 1661 since we are likely
2012 * running on a fast link. XXX We should probably implement
2013 * the exponential backoff option. Note that these values are
2014 * relevant for all control protocols, not just LCP only.
2015 */
2016 sp->lcp.timeout = 1 * hz;
2017 sp->lcp.max_terminate = 2;
2018 sp->lcp.max_configure = 10;
2019 sp->lcp.max_failure = 10;
2020 #if defined (__FreeBSD__)
2021 callout_handle_init(&sp->ch[IDX_LCP]);
2022 #endif
2023 }
2024
2025 HIDE void
2026 sppp_lcp_up(struct sppp *sp)
2027 {
2028 STDDCL;
2029 struct timeval tv;
2030
2031 if (sp->pp_flags & PP_CISCO) {
2032 int s = splsoftnet();
2033 sp->pp_if.if_link_state = LINK_STATE_UP;
2034 if_link_state_change(&sp->pp_if);
2035 splx(s);
2036 return;
2037 }
2038
2039 sp->pp_alivecnt = 0;
2040 sp->lcp.opts = (1 << LCP_OPT_MAGIC);
2041 sp->lcp.magic = 0;
2042 sp->lcp.protos = 0;
2043 if (sp->pp_if.if_mtu != PP_MTU) {
2044 sp->lcp.mru = sp->pp_if.if_mtu;
2045 sp->lcp.opts |= (1 << LCP_OPT_MRU);
2046 } else
2047 sp->lcp.mru = PP_MTU;
2048 sp->lcp.their_mru = PP_MTU;
2049
2050 getmicrouptime(&tv);
2051 sp->pp_last_receive = sp->pp_last_activity = tv.tv_sec;
2052
2053 /*
2054 * If this interface is passive or dial-on-demand, and we are
2055 * still in Initial state, it means we've got an incoming
2056 * call. Activate the interface.
2057 */
2058 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) {
2059 if (debug)
2060 log(LOG_DEBUG,
2061 SPP_FMT "Up event", SPP_ARGS(ifp));
2062 ifp->if_flags |= IFF_RUNNING;
2063 if (sp->state[IDX_LCP] == STATE_INITIAL) {
2064 if (debug)
2065 addlog("(incoming call)\n");
2066 sp->pp_flags |= PP_CALLIN;
2067 lcp.Open(sp);
2068 } else if (debug)
2069 addlog("\n");
2070 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 &&
2071 (sp->state[IDX_LCP] == STATE_INITIAL)) {
2072 ifp->if_flags |= IFF_RUNNING;
2073 lcp.Open(sp);
2074 }
2075
2076 sppp_up_event(&lcp, sp);
2077 }
2078
2079 HIDE void
2080 sppp_lcp_down(struct sppp *sp)
2081 {
2082 STDDCL;
2083
2084 if (sp->pp_flags & PP_CISCO) {
2085 int s = splsoftnet();
2086 sp->pp_if.if_link_state = LINK_STATE_DOWN;
2087 if_link_state_change(&sp->pp_if);
2088 splx(s);
2089 return;
2090 }
2091
2092 sppp_down_event(&lcp, sp);
2093
2094 /*
2095 * If this is neither a dial-on-demand nor a passive
2096 * interface, simulate an ``ifconfig down'' action, so the
2097 * administrator can force a redial by another ``ifconfig
2098 * up''. XXX For leased line operation, should we immediately
2099 * try to reopen the connection here?
2100 */
2101 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) {
2102 if (debug)
2103 log(LOG_DEBUG, SPP_FMT "Down event (carrier loss), "
2104 "taking interface down.", SPP_ARGS(ifp));
2105 if_down(ifp);
2106 } else {
2107 if (debug)
2108 log(LOG_DEBUG, SPP_FMT "Down event (carrier loss)\n",
2109 SPP_ARGS(ifp));
2110 }
2111
2112 if (sp->state[IDX_LCP] != STATE_INITIAL)
2113 lcp.Close(sp);
2114 sp->lcp.their_mru = 0;
2115 sp->pp_flags &= ~PP_CALLIN;
2116 ifp->if_flags &= ~IFF_RUNNING;
2117 sppp_flush(ifp);
2118 }
2119
2120 HIDE void
2121 sppp_lcp_open(struct sppp *sp)
2122 {
2123 /*
2124 * If we are authenticator, negotiate LCP_AUTH
2125 */
2126 if (sp->hisauth.proto != 0)
2127 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO);
2128 else
2129 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
2130 sp->pp_flags &= ~PP_NEEDAUTH;
2131 sppp_open_event(&lcp, sp);
2132 }
2133
2134 HIDE void
2135 sppp_lcp_close(struct sppp *sp)
2136 {
2137 sppp_close_event(&lcp, sp);
2138 }
2139
2140 HIDE void
2141 sppp_lcp_TO(void *cookie)
2142 {
2143 sppp_to_event(&lcp, (struct sppp *)cookie);
2144 }
2145
2146 /*
2147 * Analyze a configure request. Return true if it was agreeable, and
2148 * caused action sca, false if it has been rejected or nak'ed, and
2149 * caused action scn. (The return value is used to make the state
2150 * transition decision in the state automaton.)
2151 */
2152 HIDE int
2153 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
2154 {
2155 STDDCL;
2156 u_char *buf, *r, *p;
2157 int origlen, rlen;
2158 u_long nmagic;
2159 u_short authproto;
2160
2161 len -= 4;
2162 origlen = len;
2163 buf = r = malloc (len, M_TEMP, M_NOWAIT);
2164 if (! buf)
2165 return (0);
2166
2167 if (debug)
2168 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ",
2169 SPP_ARGS(ifp));
2170
2171 /* pass 1: check for things that need to be rejected */
2172 p = (void*) (h+1);
2173 for (rlen = 0; len > 1; len -= p[1], p += p[1]) {
2174 if (p[1] < 2 || p[1] > len) {
2175 free(buf, M_TEMP);
2176 return (-1);
2177 }
2178 if (debug)
2179 addlog("%s ", sppp_lcp_opt_name(*p));
2180 switch (*p) {
2181 case LCP_OPT_MAGIC:
2182 /* Magic number. */
2183 /* FALLTHROUGH, both are same length */
2184 case LCP_OPT_ASYNC_MAP:
2185 /* Async control character map. */
2186 if (len >= 6 && p[1] == 6)
2187 continue;
2188 if (debug)
2189 addlog("[invalid] ");
2190 break;
2191 case LCP_OPT_MRU:
2192 /* Maximum receive unit. */
2193 if (len >= 4 && p[1] == 4)
2194 continue;
2195 if (debug)
2196 addlog("[invalid] ");
2197 break;
2198 case LCP_OPT_AUTH_PROTO:
2199 if (len < 4) {
2200 if (debug)
2201 addlog("[invalid] ");
2202 break;
2203 }
2204 authproto = (p[2] << 8) + p[3];
2205 if (authproto == PPP_CHAP && p[1] != 5) {
2206 if (debug)
2207 addlog("[invalid chap len] ");
2208 break;
2209 }
2210 if (sp->myauth.proto == 0) {
2211 /* we are not configured to do auth */
2212 if (debug)
2213 addlog("[not configured] ");
2214 break;
2215 }
2216 /*
2217 * Remote want us to authenticate, remember this,
2218 * so we stay in PHASE_AUTHENTICATE after LCP got
2219 * up.
2220 */
2221 sp->pp_flags |= PP_NEEDAUTH;
2222 continue;
2223 default:
2224 /* Others not supported. */
2225 if (debug)
2226 addlog("[rej] ");
2227 break;
2228 }
2229 /* Add the option to rejected list. */
2230 bcopy (p, r, p[1]);
2231 r += p[1];
2232 rlen += p[1];
2233 }
2234 if (rlen) {
2235 if (debug)
2236 addlog(" send conf-rej\n");
2237 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
2238 goto end;
2239 } else if (debug)
2240 addlog("\n");
2241
2242 /*
2243 * pass 2: check for option values that are unacceptable and
2244 * thus require to be nak'ed.
2245 */
2246 if (debug)
2247 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ",
2248 SPP_ARGS(ifp));
2249
2250 p = (void*) (h+1);
2251 len = origlen;
2252 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2253 if (debug)
2254 addlog("%s ", sppp_lcp_opt_name(*p));
2255 switch (*p) {
2256 case LCP_OPT_MAGIC:
2257 /* Magic number -- extract. */
2258 nmagic = (u_long)p[2] << 24 |
2259 (u_long)p[3] << 16 | p[4] << 8 | p[5];
2260 if (nmagic != sp->lcp.magic) {
2261 if (debug)
2262 addlog("0x%lx ", nmagic);
2263 continue;
2264 }
2265 if (debug)
2266 addlog("[glitch] ");
2267 ++sp->pp_loopcnt;
2268 /*
2269 * We negate our magic here, and NAK it. If
2270 * we see it later in an NAK packet, we
2271 * suggest a new one.
2272 */
2273 nmagic = ~sp->lcp.magic;
2274 /* Gonna NAK it. */
2275 p[2] = nmagic >> 24;
2276 p[3] = nmagic >> 16;
2277 p[4] = nmagic >> 8;
2278 p[5] = nmagic;
2279 break;
2280
2281 case LCP_OPT_ASYNC_MAP:
2282 /* Async control character map -- check to be zero. */
2283 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) {
2284 if (debug)
2285 addlog("[empty] ");
2286 continue;
2287 }
2288 if (debug)
2289 addlog("[non-empty] ");
2290 /* suggest a zero one */
2291 p[2] = p[3] = p[4] = p[5] = 0;
2292 break;
2293
2294 case LCP_OPT_MRU:
2295 /*
2296 * Maximum receive unit. Always agreeable,
2297 * but ignored by now.
2298 */
2299 sp->lcp.their_mru = p[2] * 256 + p[3];
2300 if (debug)
2301 addlog("%lu ", sp->lcp.their_mru);
2302 continue;
2303
2304 case LCP_OPT_AUTH_PROTO:
2305 authproto = (p[2] << 8) + p[3];
2306 if (sp->myauth.proto != authproto) {
2307 /* not agreed, nak */
2308 if (debug)
2309 addlog("[mine %s != his %s] ",
2310 sppp_proto_name(sp->hisauth.proto),
2311 sppp_proto_name(authproto));
2312 p[2] = sp->myauth.proto >> 8;
2313 p[3] = sp->myauth.proto;
2314 break;
2315 }
2316 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) {
2317 if (debug)
2318 addlog("[chap not MD5] ");
2319 p[4] = CHAP_MD5;
2320 break;
2321 }
2322 continue;
2323 }
2324 /* Add the option to nak'ed list. */
2325 bcopy (p, r, p[1]);
2326 r += p[1];
2327 rlen += p[1];
2328 }
2329 if (rlen) {
2330 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) {
2331 if (debug)
2332 addlog(" max_failure (%d) exceeded, "
2333 "send conf-rej\n",
2334 sp->lcp.max_failure);
2335 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
2336 } else {
2337 if (debug)
2338 addlog(" send conf-nak\n");
2339 sppp_cp_send(sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf);
2340 }
2341 goto end;
2342 } else {
2343 if (debug)
2344 addlog("send conf-ack\n");
2345 sp->fail_counter[IDX_LCP] = 0;
2346 sp->pp_loopcnt = 0;
2347 sppp_cp_send (sp, PPP_LCP, CONF_ACK,
2348 h->ident, origlen, h+1);
2349 }
2350
2351 end:
2352 free(buf, M_TEMP);
2353 return (rlen == 0);
2354 }
2355
2356 /*
2357 * Analyze the LCP Configure-Reject option list, and adjust our
2358 * negotiation.
2359 */
2360 HIDE void
2361 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
2362 {
2363 STDDCL;
2364 u_char *p;
2365
2366 len -= 4;
2367
2368 if (debug)
2369 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ",
2370 SPP_ARGS(ifp));
2371
2372 p = (void*) (h+1);
2373 for (; len > 1; len -= p[1], p += p[1]) {
2374 if (p[1] < 2 || p[1] > len)
2375 return;
2376 if (debug)
2377 addlog("%s ", sppp_lcp_opt_name(*p));
2378 switch (*p) {
2379 case LCP_OPT_MAGIC:
2380 /* Magic number -- can't use it, use 0 */
2381 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC);
2382 sp->lcp.magic = 0;
2383 break;
2384 case LCP_OPT_MRU:
2385 /*
2386 * Should not be rejected anyway, since we only
2387 * negotiate a MRU if explicitly requested by
2388 * peer.
2389 */
2390 sp->lcp.opts &= ~(1 << LCP_OPT_MRU);
2391 break;
2392 case LCP_OPT_AUTH_PROTO:
2393 /*
2394 * Peer doesn't want to authenticate himself,
2395 * deny unless this is a dialout call, and
2396 * AUTHFLAG_NOCALLOUT is set.
2397 */
2398 if ((sp->pp_flags & PP_CALLIN) == 0 &&
2399 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) {
2400 if (debug)
2401 addlog("[don't insist on auth "
2402 "for callout]");
2403 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
2404 break;
2405 }
2406 if (debug)
2407 addlog("[access denied]\n");
2408 lcp.Close(sp);
2409 break;
2410 }
2411 }
2412 if (debug)
2413 addlog("\n");
2414 }
2415
2416 /*
2417 * Analyze the LCP Configure-NAK option list, and adjust our
2418 * negotiation.
2419 */
2420 HIDE void
2421 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
2422 {
2423 STDDCL;
2424 u_char *p;
2425 u_long magic;
2426
2427 len -= 4;
2428
2429 if (debug)
2430 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ",
2431 SPP_ARGS(ifp));
2432
2433 p = (void*) (h+1);
2434 for (; len > 1; len -= p[1], p += p[1]) {
2435 if (p[1] < 2 || p[1] > len)
2436 return;
2437 if (debug)
2438 addlog("%s ", sppp_lcp_opt_name(*p));
2439 switch (*p) {
2440 case LCP_OPT_MAGIC:
2441 /* Magic number -- renegotiate */
2442 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) &&
2443 len >= 6 && p[1] == 6) {
2444 magic = (u_long)p[2] << 24 |
2445 (u_long)p[3] << 16 | p[4] << 8 | p[5];
2446 /*
2447 * If the remote magic is our negated one,
2448 * this looks like a loopback problem.
2449 * Suggest a new magic to make sure.
2450 */
2451 if (magic == ~sp->lcp.magic) {
2452 if (debug)
2453 addlog("magic glitch ");
2454 sp->lcp.magic = arc4random();
2455 } else {
2456 sp->lcp.magic = magic;
2457 if (debug)
2458 addlog("%lu ", magic);
2459 }
2460 }
2461 break;
2462 case LCP_OPT_MRU:
2463 /*
2464 * Peer wants to advise us to negotiate an MRU.
2465 * Agree on it if it's reasonable, or use
2466 * default otherwise.
2467 */
2468 if (len >= 4 && p[1] == 4) {
2469 u_int mru = p[2] * 256 + p[3];
2470 if (debug)
2471 addlog("%d ", mru);
2472 if (mru < PP_MIN_MRU)
2473 mru = PP_MIN_MRU;
2474 if (mru > PP_MAX_MRU)
2475 mru = PP_MAX_MRU;
2476 sp->lcp.mru = mru;
2477 sp->lcp.opts |= (1 << LCP_OPT_MRU);
2478 }
2479 break;
2480 case LCP_OPT_AUTH_PROTO:
2481 /*
2482 * Peer doesn't like our authentication method,
2483 * deny.
2484 */
2485 if (debug)
2486 addlog("[access denied]\n");
2487 lcp.Close(sp);
2488 break;
2489 }
2490 }
2491 if (debug)
2492 addlog("\n");
2493 }
2494
2495 HIDE void
2496 sppp_lcp_tlu(struct sppp *sp)
2497 {
2498 struct ifnet *ifp = &sp->pp_if;
2499 int i;
2500 u_long mask;
2501
2502 /* XXX ? */
2503 if (! (ifp->if_flags & IFF_UP) &&
2504 (ifp->if_flags & IFF_RUNNING)) {
2505 /* Coming out of loopback mode. */
2506 if_up(ifp);
2507 if (ifp->if_flags & IFF_DEBUG)
2508 log(LOG_INFO, SPP_FMT "up\n", SPP_ARGS(ifp));
2509 }
2510
2511 for (i = 0; i < IDX_COUNT; i++)
2512 if ((cps[i])->flags & CP_QUAL)
2513 (cps[i])->Open(sp);
2514
2515 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 ||
2516 (sp->pp_flags & PP_NEEDAUTH) != 0)
2517 sp->pp_phase = PHASE_AUTHENTICATE;
2518 else
2519 sp->pp_phase = PHASE_NETWORK;
2520
2521 sppp_set_phase(sp);
2522
2523 /*
2524 * Open all authentication protocols. This is even required
2525 * if we already proceeded to network phase, since it might be
2526 * that remote wants us to authenticate, so we might have to
2527 * send a PAP request. Undesired authentication protocols
2528 * don't do anything when they get an Open event.
2529 */
2530 for (i = 0; i < IDX_COUNT; i++)
2531 if ((cps[i])->flags & CP_AUTH)
2532 (cps[i])->Open(sp);
2533
2534 if (sp->pp_phase == PHASE_NETWORK) {
2535 /* Notify all NCPs. */
2536 for (i = 0; i < IDX_COUNT; i++)
2537 if ((cps[i])->flags & CP_NCP)
2538 (cps[i])->Open(sp);
2539 }
2540
2541 /* Send Up events to all started protos. */
2542 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2543 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0)
2544 (cps[i])->Up(sp);
2545
2546 /* notify low-level driver of state change */
2547 if (sp->pp_chg)
2548 sp->pp_chg(sp, (int)sp->pp_phase);
2549
2550 if (sp->pp_phase == PHASE_NETWORK)
2551 /* if no NCP is starting, close down */
2552 sppp_lcp_check_and_close(sp);
2553 }
2554
2555 HIDE void
2556 sppp_lcp_tld(struct sppp *sp)
2557 {
2558 int i;
2559 u_long mask;
2560
2561 sp->pp_phase = PHASE_TERMINATE;
2562
2563 sppp_set_phase(sp);
2564
2565 /*
2566 * Take upper layers down. We send the Down event first and
2567 * the Close second to prevent the upper layers from sending
2568 * ``a flurry of terminate-request packets'', as the RFC
2569 * describes it.
2570 */
2571 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2572 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) {
2573 (cps[i])->Down(sp);
2574 (cps[i])->Close(sp);
2575 }
2576 }
2577
2578 HIDE void
2579 sppp_lcp_tls(struct sppp *sp)
2580 {
2581 sp->pp_phase = PHASE_ESTABLISH;
2582
2583 sppp_set_phase(sp);
2584
2585 /* Notify lower layer if desired. */
2586 if (sp->pp_tls)
2587 (sp->pp_tls)(sp);
2588 }
2589
2590 HIDE void
2591 sppp_lcp_tlf(struct sppp *sp)
2592 {
2593 sp->pp_phase = PHASE_DEAD;
2594 sppp_set_phase(sp);
2595
2596 /* Notify lower layer if desired. */
2597 if (sp->pp_tlf)
2598 (sp->pp_tlf)(sp);
2599 }
2600
2601 HIDE void
2602 sppp_lcp_scr(struct sppp *sp)
2603 {
2604 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */];
2605 int i = 0;
2606 u_short authproto;
2607
2608 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) {
2609 if (! sp->lcp.magic)
2610 #if defined (__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
2611 sp->lcp.magic = arc4random();
2612 #else
2613 sp->lcp.magic = time.tv_sec + time.tv_usec;
2614 #endif
2615 opt[i++] = LCP_OPT_MAGIC;
2616 opt[i++] = 6;
2617 opt[i++] = sp->lcp.magic >> 24;
2618 opt[i++] = sp->lcp.magic >> 16;
2619 opt[i++] = sp->lcp.magic >> 8;
2620 opt[i++] = sp->lcp.magic;
2621 }
2622
2623 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) {
2624 opt[i++] = LCP_OPT_MRU;
2625 opt[i++] = 4;
2626 opt[i++] = sp->lcp.mru >> 8;
2627 opt[i++] = sp->lcp.mru;
2628 }
2629
2630 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) {
2631 authproto = sp->hisauth.proto;
2632 opt[i++] = LCP_OPT_AUTH_PROTO;
2633 opt[i++] = authproto == PPP_CHAP? 5: 4;
2634 opt[i++] = authproto >> 8;
2635 opt[i++] = authproto;
2636 if (authproto == PPP_CHAP)
2637 opt[i++] = CHAP_MD5;
2638 }
2639
2640 sp->confid[IDX_LCP] = ++sp->pp_seq;
2641 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, opt);
2642 }
2643
2644 /*
2645 * Check the open NCPs, return true if at least one NCP is open.
2646 */
2647 HIDE int
2648 sppp_ncp_check(struct sppp *sp)
2649 {
2650 int i, mask;
2651
2652 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2653 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP)
2654 return 1;
2655 return 0;
2656 }
2657
2658 /*
2659 * Re-check the open NCPs and see if we should terminate the link.
2660 * Called by the NCPs during their tlf action handling.
2661 */
2662 HIDE void
2663 sppp_lcp_check_and_close(struct sppp *sp)
2664 {
2665
2666 if (sp->pp_phase < PHASE_NETWORK)
2667 /* don't bother, we are already going down */
2668 return;
2669
2670 if (sppp_ncp_check(sp))
2671 return;
2672
2673 lcp.Close(sp);
2674 }
2675 �/*
2676 *--------------------------------------------------------------------------*
2677 * *
2678 * The IPCP implementation. *
2679 * *
2680 *--------------------------------------------------------------------------*
2681 */
2682
2683 HIDE void
2684 sppp_ipcp_init(struct sppp *sp)
2685 {
2686 sp->ipcp.opts = 0;
2687 sp->ipcp.flags = 0;
2688 sp->state[IDX_IPCP] = STATE_INITIAL;
2689 sp->fail_counter[IDX_IPCP] = 0;
2690 #if defined (__FreeBSD__)
2691 callout_handle_init(&sp->ch[IDX_IPCP]);
2692 #endif
2693 }
2694
2695 HIDE void
2696 sppp_ipcp_up(struct sppp *sp)
2697 {
2698 sppp_up_event(&ipcp, sp);
2699 }
2700
2701 HIDE void
2702 sppp_ipcp_down(struct sppp *sp)
2703 {
2704 sppp_down_event(&ipcp, sp);
2705 }
2706
2707 HIDE void
2708 sppp_ipcp_open(struct sppp *sp)
2709 {
2710 sppp_open_event(&ipcp, sp);
2711 }
2712
2713 HIDE void
2714 sppp_ipcp_close(struct sppp *sp)
2715 {
2716 sppp_close_event(&ipcp, sp);
2717 }
2718
2719 HIDE void
2720 sppp_ipcp_TO(void *cookie)
2721 {
2722 sppp_to_event(&ipcp, (struct sppp *)cookie);
2723 }
2724
2725 /*
2726 * Analyze a configure request. Return true if it was agreeable, and
2727 * caused action sca, false if it has been rejected or nak'ed, and
2728 * caused action scn. (The return value is used to make the state
2729 * transition decision in the state automaton.)
2730 */
2731 HIDE int
2732 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
2733 {
2734 u_char *buf, *r, *p;
2735 struct ifnet *ifp = &sp->pp_if;
2736 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG;
2737 u_int32_t hisaddr, desiredaddr;
2738
2739 len -= 4;
2740 origlen = len;
2741 /*
2742 * Make sure to allocate a buf that can at least hold a
2743 * conf-nak with an `address' option. We might need it below.
2744 */
2745 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT);
2746 if (! buf)
2747 return (0);
2748
2749 /* pass 1: see if we can recognize them */
2750 if (debug)
2751 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ",
2752 SPP_ARGS(ifp));
2753 p = (void*) (h+1);
2754 for (rlen = 0; len > 1; len -= p[1], p += p[1]) {
2755 if (p[1] < 2 || p[1] > len) {
2756 free(buf, M_TEMP);
2757 return (-1);
2758 }
2759 if (debug)
2760 addlog("%s ", sppp_ipcp_opt_name(*p));
2761 switch (*p) {
2762 #ifdef notyet
2763 case IPCP_OPT_COMPRESSION:
2764 if (len >= 6 && p[1] >= 6) {
2765 /* correctly formed compress option */
2766 continue;
2767 }
2768 if (debug)
2769 addlog("[invalid] ");
2770 break;
2771 #endif
2772 case IPCP_OPT_ADDRESS:
2773 if (len >= 6 && p[1] == 6) {
2774 /* correctly formed address option */
2775 continue;
2776 }
2777 if (debug)
2778 addlog("[invalid] ");
2779 break;
2780 default:
2781 /* Others not supported. */
2782 if (debug)
2783 addlog("[rej] ");
2784 break;
2785 }
2786 /* Add the option to rejected list. */
2787 bcopy (p, r, p[1]);
2788 r += p[1];
2789 rlen += p[1];
2790 }
2791 if (rlen) {
2792 if (debug)
2793 addlog(" send conf-rej\n");
2794 sppp_cp_send(sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf);
2795 goto end;
2796 } else if (debug)
2797 addlog("\n");
2798
2799 /* pass 2: parse option values */
2800 if (sp->ipcp.flags & IPCP_HISADDR_SEEN)
2801 hisaddr = sp->ipcp.req_hisaddr; /* we already agreed on that */
2802 else
2803 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */
2804 if (debug)
2805 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ",
2806 SPP_ARGS(ifp));
2807 p = (void*) (h+1);
2808 len = origlen;
2809 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2810 if (debug)
2811 addlog(" %s ", sppp_ipcp_opt_name(*p));
2812 switch (*p) {
2813 #ifdef notyet
2814 case IPCP_OPT_COMPRESSION:
2815 continue;
2816 #endif
2817 case IPCP_OPT_ADDRESS:
2818 desiredaddr = p[2] << 24 | p[3] << 16 |
2819 p[4] << 8 | p[5];
2820 if (desiredaddr == hisaddr ||
2821 ((sp->ipcp.flags & IPCP_HISADDR_DYN) &&
2822 desiredaddr != 0)) {
2823 /*
2824 * Peer's address is same as our value,
2825 * or we have set it to 0.0.0.1 to
2826 * indicate that we do not really care,
2827 * this is agreeable. Gonna conf-ack
2828 * it.
2829 */
2830 if (debug)
2831 addlog("%s [ack] ",
2832 sppp_dotted_quad(desiredaddr));
2833 /* record that we've seen it already */
2834 sp->ipcp.flags |= IPCP_HISADDR_SEEN;
2835 sp->ipcp.req_hisaddr = desiredaddr;
2836 hisaddr = desiredaddr;
2837 continue;
2838 }
2839 /*
2840 * The address wasn't agreeable. This is either
2841 * he sent us 0.0.0.0, asking to assign him an
2842 * address, or he send us another address not
2843 * matching our value. Either case, we gonna
2844 * conf-nak it with our value.
2845 */
2846 if (debug) {
2847 if (desiredaddr == 0)
2848 addlog("[addr requested] ");
2849 else
2850 addlog("%s [not agreed] ",
2851 sppp_dotted_quad(desiredaddr));
2852 }
2853
2854 p[2] = hisaddr >> 24;
2855 p[3] = hisaddr >> 16;
2856 p[4] = hisaddr >> 8;
2857 p[5] = hisaddr;
2858 break;
2859 }
2860 /* Add the option to nak'ed list. */
2861 bcopy (p, r, p[1]);
2862 r += p[1];
2863 rlen += p[1];
2864 }
2865
2866 /*
2867 * If we are about to conf-ack the request, but haven't seen
2868 * his address so far, gonna conf-nak it instead, with the
2869 * `address' option present and our idea of his address being
2870 * filled in there, to request negotiation of both addresses.
2871 *
2872 * XXX This can result in an endless req - nak loop if peer
2873 * doesn't want to send us his address. Q: What should we do
2874 * about it? XXX A: implement the max-failure counter.
2875 */
2876 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) {
2877 buf[0] = IPCP_OPT_ADDRESS;
2878 buf[1] = 6;
2879 buf[2] = hisaddr >> 24;
2880 buf[3] = hisaddr >> 16;
2881 buf[4] = hisaddr >> 8;
2882 buf[5] = hisaddr;
2883 rlen = 6;
2884 if (debug)
2885 addlog("still need hisaddr ");
2886 }
2887
2888 if (rlen) {
2889 if (debug)
2890 addlog(" send conf-nak\n");
2891 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf);
2892 } else {
2893 if (debug)
2894 addlog(" send conf-ack\n");
2895 sppp_cp_send (sp, PPP_IPCP, CONF_ACK,
2896 h->ident, origlen, h+1);
2897 }
2898
2899 end:
2900 free(buf, M_TEMP);
2901 return (rlen == 0);
2902 }
2903
2904 /*
2905 * Analyze the IPCP Configure-Reject option list, and adjust our
2906 * negotiation.
2907 */
2908 HIDE void
2909 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
2910 {
2911 u_char *p;
2912 struct ifnet *ifp = &sp->pp_if;
2913 int debug = ifp->if_flags & IFF_DEBUG;
2914
2915 len -= 4;
2916
2917 if (debug)
2918 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ",
2919 SPP_ARGS(ifp));
2920
2921 p = (void*) (h+1);
2922 for (; len > 1; len -= p[1], p += p[1]) {
2923 if (p[1] < 2 || p[1] > len)
2924 return;
2925 if (debug)
2926 addlog("%s ", sppp_ipcp_opt_name(*p));
2927 switch (*p) {
2928 case IPCP_OPT_ADDRESS:
2929 /*
2930 * Peer doesn't grok address option. This is
2931 * bad. XXX Should we better give up here?
2932 */
2933 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS);
2934 break;
2935 #ifdef notyet
2936 case IPCP_OPT_COMPRESS:
2937 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS);
2938 break;
2939 #endif
2940 }
2941 }
2942 if (debug)
2943 addlog("\n");
2944 }
2945
2946 /*
2947 * Analyze the IPCP Configure-NAK option list, and adjust our
2948 * negotiation.
2949 */
2950 HIDE void
2951 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
2952 {
2953 u_char *p;
2954 struct ifnet *ifp = &sp->pp_if;
2955 int debug = ifp->if_flags & IFF_DEBUG;
2956 u_int32_t wantaddr;
2957
2958 len -= 4;
2959
2960 if (debug)
2961 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ",
2962 SPP_ARGS(ifp));
2963
2964 p = (void*) (h+1);
2965 for (; len > 1; len -= p[1], p += p[1]) {
2966 if (p[1] < 2 || p[1] > len)
2967 return;
2968 if (debug)
2969 addlog("%s ", sppp_ipcp_opt_name(*p));
2970 switch (*p) {
2971 case IPCP_OPT_ADDRESS:
2972 /*
2973 * Peer doesn't like our local IP address. See
2974 * if we can do something for him. We'll drop
2975 * him our address then.
2976 */
2977 if (len >= 6 && p[1] == 6) {
2978 wantaddr = p[2] << 24 | p[3] << 16 |
2979 p[4] << 8 | p[5];
2980 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
2981 if (debug)
2982 addlog("[wantaddr %s] ",
2983 sppp_dotted_quad(wantaddr));
2984 /*
2985 * When doing dynamic address assignment,
2986 * we accept his offer. Otherwise, we
2987 * ignore it and thus continue to negotiate
2988 * our already existing value.
2989 */
2990 if (sp->ipcp.flags & IPCP_MYADDR_DYN) {
2991 if (debug)
2992 addlog("[agree] ");
2993 sp->ipcp.flags |= IPCP_MYADDR_SEEN;
2994 sp->ipcp.req_myaddr = wantaddr;
2995 }
2996 }
2997 break;
2998 #ifdef notyet
2999 case IPCP_OPT_COMPRESS:
3000 /*
3001 * Peer wants different compression parameters.
3002 */
3003 break;
3004 #endif
3005 }
3006 }
3007 if (debug)
3008 addlog("\n");
3009 }
3010
3011 struct sppp_set_ip_addrs_args {
3012 struct sppp *sp;
3013 u_int32_t myaddr;
3014 u_int32_t hisaddr;
3015 };
3016
3017 HIDE void
3018 sppp_ipcp_tlu(struct sppp *sp)
3019 {
3020 struct ifnet *ifp = &sp->pp_if;
3021 struct sppp_set_ip_addrs_args *args;
3022
3023 args = malloc(sizeof(*args), M_TEMP, M_NOWAIT);
3024 if (args == NULL)
3025 return;
3026
3027 args->sp = sp;
3028
3029 /* we are up. Set addresses and notify anyone interested */
3030 sppp_get_ip_addrs(sp, &args->myaddr, &args->hisaddr, 0);
3031 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) &&
3032 (sp->ipcp.flags & IPCP_MYADDR_SEEN))
3033 args->myaddr = sp->ipcp.req_myaddr;
3034 if ((sp->ipcp.flags & IPCP_HISADDR_DYN) &&
3035 (sp->ipcp.flags & IPCP_HISADDR_SEEN))
3036 args->hisaddr = sp->ipcp.req_hisaddr;
3037
3038 if (workq_add_task(NULL, 0, sppp_set_ip_addrs, args, NULL)) {
3039 free(args, M_TEMP);
3040 printf("%s: workq_add_task failed, cannot set "
3041 "addresses\n", ifp->if_xname);
3042 }
3043 }
3044
3045 HIDE void
3046 sppp_ipcp_tld(struct sppp *sp)
3047 {
3048 }
3049
3050 HIDE void
3051 sppp_ipcp_tls(struct sppp *sp)
3052 {
3053 STDDCL;
3054 u_int32_t myaddr, hisaddr;
3055
3056 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|
3057 IPCP_MYADDR_DYN|IPCP_HISADDR_DYN);
3058 sp->ipcp.req_myaddr = 0;
3059 sp->ipcp.req_hisaddr = 0;
3060
3061 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0);
3062 /*
3063 * If we don't have his address, this probably means our
3064 * interface doesn't want to talk IP at all. (This could
3065 * be the case if somebody wants to speak only IPX, for
3066 * example.) Don't open IPCP in this case.
3067 */
3068 if (hisaddr == 0) {
3069 /* XXX this message should go away */
3070 if (debug)
3071 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n",
3072 SPP_ARGS(ifp));
3073 return;
3074 }
3075
3076 if (myaddr == 0) {
3077 /*
3078 * I don't have an assigned address, so i need to
3079 * negotiate my address.
3080 */
3081 sp->ipcp.flags |= IPCP_MYADDR_DYN;
3082 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
3083 }
3084 if (hisaddr == 1) {
3085 /*
3086 * XXX - remove this hack!
3087 * remote has no valid address, we need to get one assigned.
3088 */
3089 sp->ipcp.flags |= IPCP_HISADDR_DYN;
3090 }
3091
3092 /* indicate to LCP that it must stay alive */
3093 sp->lcp.protos |= (1 << IDX_IPCP);
3094 }
3095
3096 HIDE void
3097 sppp_ipcp_tlf(struct sppp *sp)
3098 {
3099 if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN))
3100 /* Some address was dynamic, clear it again. */
3101 sppp_clear_ip_addrs(sp);
3102
3103 /* we no longer need LCP */
3104 sp->lcp.protos &= ~(1 << IDX_IPCP);
3105 sppp_lcp_check_and_close(sp);
3106 }
3107
3108 HIDE void
3109 sppp_ipcp_scr(struct sppp *sp)
3110 {
3111 char opt[6 /* compression */ + 6 /* address */];
3112 u_int32_t ouraddr;
3113 int i = 0;
3114
3115 #ifdef notyet
3116 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) {
3117 opt[i++] = IPCP_OPT_COMPRESSION;
3118 opt[i++] = 6;
3119 opt[i++] = 0; /* VJ header compression */
3120 opt[i++] = 0x2d; /* VJ header compression */
3121 opt[i++] = max_slot_id;
3122 opt[i++] = comp_slot_id;
3123 }
3124 #endif
3125
3126 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) {
3127 if (sp->ipcp.flags & IPCP_MYADDR_SEEN)
3128 /* not sure if this can ever happen */
3129 ouraddr = sp->ipcp.req_myaddr;
3130 else
3131 sppp_get_ip_addrs(sp, &ouraddr, 0, 0);
3132 opt[i++] = IPCP_OPT_ADDRESS;
3133 opt[i++] = 6;
3134 opt[i++] = ouraddr >> 24;
3135 opt[i++] = ouraddr >> 16;
3136 opt[i++] = ouraddr >> 8;
3137 opt[i++] = ouraddr;
3138 }
3139
3140 sp->confid[IDX_IPCP] = ++sp->pp_seq;
3141 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, opt);
3142 }
3143
3144 /*
3145 *--------------------------------------------------------------------------*
3146 * *
3147 * The IPv6CP implementation. *
3148 * *
3149 *--------------------------------------------------------------------------*
3150 */
3151
3152 #ifdef INET6
3153 HIDE void
3154 sppp_ipv6cp_init(struct sppp *sp)
3155 {
3156 sp->ipv6cp.opts = 0;
3157 sp->ipv6cp.flags = 0;
3158 sp->state[IDX_IPV6CP] = STATE_INITIAL;
3159 sp->fail_counter[IDX_IPV6CP] = 0;
3160 #if defined (__FreeBSD__)
3161 callout_handle_init(&sp->ch[IDX_IPV6CP]);
3162 #endif
3163 }
3164
3165 HIDE void
3166 sppp_ipv6cp_up(struct sppp *sp)
3167 {
3168 sppp_up_event(&ipv6cp, sp);
3169 }
3170
3171 HIDE void
3172 sppp_ipv6cp_down(struct sppp *sp)
3173 {
3174 sppp_down_event(&ipv6cp, sp);
3175 }
3176
3177 HIDE void
3178 sppp_ipv6cp_open(struct sppp *sp)
3179 {
3180 STDDCL;
3181 struct in6_addr myaddr, hisaddr;
3182
3183 #ifdef IPV6CP_MYIFID_DYN
3184 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN);
3185 #else
3186 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN;
3187 #endif
3188
3189 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0);
3190 /*
3191 * If we don't have our address, this probably means our
3192 * interface doesn't want to talk IPv6 at all. (This could
3193 * be the case if somebody wants to speak only IPX, for
3194 * example.) Don't open IPv6CP in this case.
3195 */
3196 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) {
3197 /* XXX this message should go away */
3198 if (debug)
3199 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n",
3200 SPP_ARGS(ifp));
3201 return;
3202 }
3203 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN;
3204 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID);
3205 sppp_open_event(&ipv6cp, sp);
3206 }
3207
3208 HIDE void
3209 sppp_ipv6cp_close(struct sppp *sp)
3210 {
3211 sppp_close_event(&ipv6cp, sp);
3212 }
3213
3214 HIDE void
3215 sppp_ipv6cp_TO(void *cookie)
3216 {
3217 sppp_to_event(&ipv6cp, (struct sppp *)cookie);
3218 }
3219
3220 HIDE int
3221 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len)
3222 {
3223 u_char *buf, *r, *p;
3224 struct ifnet *ifp = &sp->pp_if;
3225 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG;
3226 struct in6_addr myaddr, desiredaddr, suggestaddr;
3227 int ifidcount;
3228 int type;
3229 int collision, nohisaddr;
3230
3231 len -= 4;
3232 origlen = len;
3233 /*
3234 * Make sure to allocate a buf that can at least hold a
3235 * conf-nak with an `address' option. We might need it below.
3236 */
3237 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT);
3238 if (! buf)
3239 return (0);
3240
3241 /* pass 1: see if we can recognize them */
3242 if (debug)
3243 log(LOG_DEBUG, "%s: ipv6cp parse opts:",
3244 SPP_ARGS(ifp));
3245 p = (void *)(h + 1);
3246 ifidcount = 0;
3247 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
3248 /* Sanity check option length */
3249 if (p[1] < 2 || p[1] > len) {
3250 free(buf, M_TEMP);
3251 return (-1);
3252 }
3253 if (debug)
3254 addlog(" %s", sppp_ipv6cp_opt_name(*p));
3255 switch (*p) {
3256 case IPV6CP_OPT_IFID:
3257 if (len >= 10 && p[1] == 10 && ifidcount == 0) {
3258 /* correctly formed address option */
3259 ifidcount++;
3260 continue;
3261 }
3262 if (debug)
3263 addlog(" [invalid]");
3264 break;
3265 #ifdef notyet
3266 case IPV6CP_OPT_COMPRESSION:
3267 if (len >= 4 && p[1] >= 4) {
3268 /* correctly formed compress option */
3269 continue;
3270 }
3271 if (debug)
3272 addlog(" [invalid]");
3273 break;
3274 #endif
3275 default:
3276 /* Others not supported. */
3277 if (debug)
3278 addlog(" [rej]");
3279 break;
3280 }
3281 /* Add the option to rejected list. */
3282 bcopy (p, r, p[1]);
3283 r += p[1];
3284 rlen += p[1];
3285 }
3286 if (rlen) {
3287 if (debug)
3288 addlog(" send conf-rej\n");
3289 sppp_cp_send(sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf);
3290 goto end;
3291 } else if (debug)
3292 addlog("\n");
3293
3294 /* pass 2: parse option values */
3295 sppp_get_ip6_addrs(sp, &myaddr, 0, 0);
3296 if (debug)
3297 log(LOG_DEBUG, "%s: ipv6cp parse opt values: ",
3298 SPP_ARGS(ifp));
3299 p = (void *)(h + 1);
3300 len = origlen;
3301 type = CONF_ACK;
3302 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
3303 if (debug)
3304 addlog(" %s", sppp_ipv6cp_opt_name(*p));
3305 switch (*p) {
3306 #ifdef notyet
3307 case IPV6CP_OPT_COMPRESSION:
3308 continue;
3309 #endif
3310 case IPV6CP_OPT_IFID:
3311 memset(&desiredaddr, 0, sizeof(desiredaddr));
3312 bcopy(&p[2], &desiredaddr.s6_addr[8], 8);
3313 collision = (memcmp(&desiredaddr.s6_addr[8],
3314 &myaddr.s6_addr[8], 8) == 0);
3315 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr);
3316
3317 desiredaddr.s6_addr16[0] = htons(0xfe80);
3318
3319 if (!collision && !nohisaddr) {
3320 /* no collision, hisaddr known - Conf-Ack */
3321 type = CONF_ACK;
3322
3323 if (debug) {
3324 addlog(" %s [%s]",
3325 ip6_sprintf(&desiredaddr),
3326 sppp_cp_type_name(type));
3327 }
3328 continue;
3329 }
3330
3331 memset(&suggestaddr, 0, sizeof(suggestaddr));
3332 if (collision && nohisaddr) {
3333 /* collision, hisaddr unknown - Conf-Rej */
3334 type = CONF_REJ;
3335 memset(&p[2], 0, 8);
3336 } else {
3337 /*
3338 * - no collision, hisaddr unknown, or
3339 * - collision, hisaddr known
3340 * Conf-Nak, suggest hisaddr
3341 */
3342 type = CONF_NAK;
3343 sppp_suggest_ip6_addr(sp, &suggestaddr);
3344 bcopy(&suggestaddr.s6_addr[8], &p[2], 8);
3345 }
3346 if (debug)
3347 addlog(" %s [%s]", ip6_sprintf(&desiredaddr),
3348 sppp_cp_type_name(type));
3349 break;
3350 }
3351 /* Add the option to nak'ed list. */
3352 bcopy (p, r, p[1]);
3353 r += p[1];
3354 rlen += p[1];
3355 }
3356
3357 if (rlen == 0 && type == CONF_ACK) {
3358 if (debug)
3359 addlog(" send %s\n", sppp_cp_type_name(type));
3360 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, origlen, h + 1);
3361 } else {
3362 #ifdef notdef
3363 if (type == CONF_ACK)
3364 panic("IPv6CP RCR: CONF_ACK with non-zero rlen");
3365 #endif
3366
3367 if (debug) {
3368 addlog(" send %s suggest %s\n",
3369 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr));
3370 }
3371 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, rlen, buf);
3372 }
3373
3374 end:
3375 free(buf, M_TEMP);
3376 return (rlen == 0);
3377 }
3378
3379 HIDE void
3380 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
3381 {
3382 u_char *p;
3383 struct ifnet *ifp = &sp->pp_if;
3384 int debug = ifp->if_flags & IFF_DEBUG;
3385
3386 len -= 4;
3387
3388 if (debug)
3389 log(LOG_DEBUG, "%s: ipv6cp rej opts:",
3390 SPP_ARGS(ifp));
3391
3392 p = (void *)(h + 1);
3393 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
3394 if (p[1] < 2 || p[1] > len)
3395 return;
3396 if (debug)
3397 addlog(" %s", sppp_ipv6cp_opt_name(*p));
3398 switch (*p) {
3399 case IPV6CP_OPT_IFID:
3400 /*
3401 * Peer doesn't grok address option. This is
3402 * bad. XXX Should we better give up here?
3403 */
3404 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID);
3405 break;
3406 #ifdef notyet
3407 case IPV6CP_OPT_COMPRESS:
3408 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS);
3409 break;
3410 #endif
3411 }
3412 }
3413 if (debug)
3414 addlog("\n");
3415 return;
3416 }
3417
3418 HIDE void
3419 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
3420 {
3421 u_char *p;
3422 struct ifnet *ifp = &sp->pp_if;
3423 int debug = ifp->if_flags & IFF_DEBUG;
3424 struct in6_addr suggestaddr;
3425
3426 len -= 4;
3427
3428 if (debug)
3429 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts: ",
3430 SPP_ARGS(ifp));
3431
3432 p = (void*) (h+1);
3433 for (; len > 1; len -= p[1], p += p[1]) {
3434 if (p[1] < 2 || p[1] > len)
3435 return;
3436 if (debug)
3437 addlog("%s ", sppp_ipv6cp_opt_name(*p));
3438 switch (*p) {
3439 case IPV6CP_OPT_IFID:
3440 /*
3441 * Peer doesn't like our local ifid. See
3442 * if we can do something for him. We'll drop
3443 * him our address then.
3444 */
3445 if (len < 10 || p[1] != 10)
3446 break;
3447 memset(&suggestaddr, 0, sizeof(suggestaddr));
3448 suggestaddr.s6_addr16[0] = htons(0xfe80);
3449 bcopy(&p[2], &suggestaddr.s6_addr[8], 8);
3450
3451 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID);
3452 if (debug)
3453 addlog(" [suggestaddr %s]",
3454 ip6_sprintf(&suggestaddr));
3455 #ifdef IPV6CP_MYIFID_DYN
3456 /*
3457 * When doing dynamic address assignment,
3458 * we accept his offer.
3459 */
3460 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) {
3461 struct in6_addr lastsuggest;
3462 /*
3463 * If <suggested myaddr from peer> equals to
3464 * <hisaddr we have suggested last time>,
3465 * we have a collision. generate new random
3466 * ifid.
3467 */
3468 sppp_suggest_ip6_addr(sp,&lastsuggest);
3469 if (IN6_ARE_ADDR_EQUAL(&suggestaddr,
3470 &lastsuggest)) {
3471 if (debug)
3472 addlog(" [random]");
3473 sppp_gen_ip6_addr(sp, &suggestaddr);
3474 }
3475 sppp_set_ip6_addr(sp, &suggestaddr);
3476 if (debug)
3477 addlog(" [agree]");
3478 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN;
3479 }
3480 #else
3481 /*
3482 * Since we do not do dynamic address assignment,
3483 * we ignore it and thus continue to negotiate
3484 * our already existing value. This can possibly
3485 * go into infinite request-reject loop.
3486 *
3487 * This is not likely because we normally use
3488 * ifid based on MAC-address.
3489 * If you have no ethernet card on the node, too bad.
3490 * XXX should we use fail_counter?
3491 */
3492 #endif
3493 break;
3494 #ifdef notyet
3495 case IPV6CP_OPT_COMPRESS:
3496 /*
3497 * Peer wants different compression parameters.
3498 */
3499 break;
3500 #endif
3501 }
3502 }
3503 if (debug)
3504 addlog("\n");
3505 }
3506
3507 HIDE void
3508 sppp_ipv6cp_tlu(struct sppp *sp)
3509 {
3510 }
3511
3512 HIDE void
3513 sppp_ipv6cp_tld(struct sppp *sp)
3514 {
3515 }
3516
3517 HIDE void
3518 sppp_ipv6cp_tls(struct sppp *sp)
3519 {
3520 /* indicate to LCP that it must stay alive */
3521 sp->lcp.protos |= (1 << IDX_IPV6CP);
3522 }
3523
3524 HIDE void
3525 sppp_ipv6cp_tlf(struct sppp *sp)
3526 {
3527 /* we no longer need LCP */
3528 sp->lcp.protos &= ~(1 << IDX_IPV6CP);
3529 sppp_lcp_check_and_close(sp);
3530 }
3531
3532 HIDE void
3533 sppp_ipv6cp_scr(struct sppp *sp)
3534 {
3535 char opt[10 /* ifid */ + 4 /* compression, minimum */];
3536 struct in6_addr ouraddr;
3537 int i = 0;
3538
3539 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) {
3540 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0);
3541 opt[i++] = IPV6CP_OPT_IFID;
3542 opt[i++] = 10;
3543 bcopy(&ouraddr.s6_addr[8], &opt[i], 8);
3544 i += 8;
3545 }
3546
3547 #ifdef notyet
3548 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) {
3549 opt[i++] = IPV6CP_OPT_COMPRESSION;
3550 opt[i++] = 4;
3551 p opt[i++] = 0; /* TBD */
3552 opt[i++] = 0; /* TBD */
3553 /* variable length data may follow */
3554 }
3555 #endif
3556
3557 sp->confid[IDX_IPV6CP] = ++sp->pp_seq;
3558 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, opt);
3559 }
3560 #else /*INET6*/
3561 HIDE void
3562 sppp_ipv6cp_init(struct sppp *sp)
3563 {
3564 }
3565
3566 HIDE void
3567 sppp_ipv6cp_up(struct sppp *sp)
3568 {
3569 }
3570
3571 HIDE void
3572 sppp_ipv6cp_down(struct sppp *sp)
3573 {
3574 }
3575
3576 HIDE void
3577 sppp_ipv6cp_open(struct sppp *sp)
3578 {
3579 }
3580
3581 HIDE void
3582 sppp_ipv6cp_close(struct sppp *sp)
3583 {
3584 }
3585
3586 HIDE void
3587 sppp_ipv6cp_TO(void *sp)
3588 {
3589 }
3590
3591 HIDE int
3592 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h,
3593 int len)
3594 {
3595 return 0;
3596 }
3597
3598 HIDE void
3599 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h,
3600 int len)
3601 {
3602 }
3603
3604 HIDE void
3605 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h,
3606 int len)
3607 {
3608 }
3609
3610 HIDE void
3611 sppp_ipv6cp_tlu(struct sppp *sp)
3612 {
3613 }
3614
3615 HIDE void
3616 sppp_ipv6cp_tld(struct sppp *sp)
3617 {
3618 }
3619
3620 HIDE void
3621 sppp_ipv6cp_tls(struct sppp *sp)
3622 {
3623 }
3624
3625 HIDE void
3626 sppp_ipv6cp_tlf(struct sppp *sp)
3627 {
3628 }
3629
3630 HIDE void
3631 sppp_ipv6cp_scr(struct sppp *sp)
3632 {
3633 }
3634 #endif /*INET6*/
3635
3636 /*
3637 *--------------------------------------------------------------------------*
3638 * *
3639 * The CHAP implementation. *
3640 * *
3641 *--------------------------------------------------------------------------*
3642 */
3643
3644 /*
3645 * The authentication protocols don't employ a full-fledged state machine as
3646 * the control protocols do, since they do have Open and Close events, but
3647 * not Up and Down, nor are they explicitly terminated. Also, use of the
3648 * authentication protocols may be different in both directions (this makes
3649 * sense, think of a machine that never accepts incoming calls but only
3650 * calls out, it doesn't require the called party to authenticate itself).
3651 *
3652 * Our state machine for the local authentication protocol (we are requesting
3653 * the peer to authenticate) looks like:
3654 *
3655 * RCA-
3656 * +--------------------------------------------+
3657 * V scn,tld|
3658 * +--------+ Close +---------+ RCA+
3659 * | |<----------------------------------| |------+
3660 * +--->| Closed | TO* | Opened | sca |
3661 * | | |-----+ +-------| |<-----+
3662 * | +--------+ irc | | +---------+
3663 * | ^ | | ^
3664 * | | | | |
3665 * | | | | |
3666 * | TO-| | | |
3667 * | |tld TO+ V | |
3668 * | | +------->+ | |
3669 * | | | | | |
3670 * | +--------+ V | |
3671 * | | |<----+<--------------------+ |
3672 * | | Req- | scr |
3673 * | | Sent | |
3674 * | | | |
3675 * | +--------+ |
3676 * | RCA- | | RCA+ |
3677 * +------+ +------------------------------------------+
3678 * scn,tld sca,irc,ict,tlu
3679 *
3680 *
3681 * with:
3682 *
3683 * Open: LCP reached authentication phase
3684 * Close: LCP reached terminate phase
3685 *
3686 * RCA+: received reply (pap-req, chap-response), acceptable
3687 * RCN: received reply (pap-req, chap-response), not acceptable
3688 * TO+: timeout with restart counter >= 0
3689 * TO-: timeout with restart counter < 0
3690 * TO*: reschedule timeout for CHAP
3691 *
3692 * scr: send request packet (none for PAP, chap-challenge)
3693 * sca: send ack packet (pap-ack, chap-success)
3694 * scn: send nak packet (pap-nak, chap-failure)
3695 * ict: initialize re-challenge timer (CHAP only)
3696 *
3697 * tlu: this-layer-up, LCP reaches network phase
3698 * tld: this-layer-down, LCP enters terminate phase
3699 *
3700 * Note that in CHAP mode, after sending a new challenge, while the state
3701 * automaton falls back into Req-Sent state, it doesn't signal a tld
3702 * event to LCP, so LCP remains in network phase. Only after not getting
3703 * any response (or after getting an unacceptable response), CHAP closes,
3704 * causing LCP to enter terminate phase.
3705 *
3706 * With PAP, there is no initial request that can be sent. The peer is
3707 * expected to send one based on the successful negotiation of PAP as
3708 * the authentication protocol during the LCP option negotiation.
3709 *
3710 * Incoming authentication protocol requests (remote requests
3711 * authentication, we are peer) don't employ a state machine at all,
3712 * they are simply answered. Some peers [Ascend P50 firmware rev
3713 * 4.50] react allergically when sending IPCP requests while they are
3714 * still in authentication phase (thereby violating the standard that
3715 * demands that these NCP packets are to be discarded), so we keep
3716 * track of the peer demanding us to authenticate, and only proceed to
3717 * phase network once we've seen a positive acknowledge for the
3718 * authentication.
3719 */
3720
3721 /*
3722 * Handle incoming CHAP packets.
3723 */
3724 void
3725 sppp_chap_input(struct sppp *sp, struct mbuf *m)
3726 {
3727 STDDCL;
3728 struct lcp_header *h;
3729 int len, x;
3730 u_char *value, *name, digest[AUTHCHALEN], dsize;
3731 int value_len, name_len;
3732 MD5_CTX ctx;
3733
3734 len = m->m_pkthdr.len;
3735 if (len < 4) {
3736 if (debug)
3737 log(LOG_DEBUG,
3738 SPP_FMT "chap invalid packet length: %d bytes\n",
3739 SPP_ARGS(ifp), len);
3740 return;
3741 }
3742 h = mtod (m, struct lcp_header*);
3743 if (len > ntohs (h->len))
3744 len = ntohs (h->len);
3745
3746 switch (h->type) {
3747 /* challenge, failure and success are his authproto */
3748 case CHAP_CHALLENGE:
3749 value = 1 + (u_char*)(h+1);
3750 value_len = value[-1];
3751 name = value + value_len;
3752 name_len = len - value_len - 5;
3753 if (name_len < 0) {
3754 if (debug) {
3755 log(LOG_DEBUG,
3756 SPP_FMT "chap corrupted challenge "
3757 "<%s id=0x%x len=%d",
3758 SPP_ARGS(ifp),
3759 sppp_auth_type_name(PPP_CHAP, h->type),
3760 h->ident, ntohs(h->len));
3761 if (len > 4)
3762 sppp_print_bytes((u_char*) (h+1), len-4);
3763 addlog(">\n");
3764 }
3765 break;
3766 }
3767
3768 if (debug) {
3769 log(LOG_DEBUG,
3770 SPP_FMT "chap input <%s id=0x%x len=%d name=",
3771 SPP_ARGS(ifp),
3772 sppp_auth_type_name(PPP_CHAP, h->type), h->ident,
3773 ntohs(h->len));
3774 sppp_print_string((char*) name, name_len);
3775 addlog(" value-size=%d value=", value_len);
3776 sppp_print_bytes(value, value_len);
3777 addlog(">\n");
3778 }
3779
3780 /* Compute reply value. */
3781 MD5Init(&ctx);
3782 MD5Update(&ctx, &h->ident, 1);
3783 MD5Update(&ctx, sp->myauth.secret, strlen(sp->myauth.secret));
3784 MD5Update(&ctx, value, value_len);
3785 MD5Final(digest, &ctx);
3786 dsize = sizeof digest;
3787
3788 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident,
3789 sizeof dsize, (const char *)&dsize,
3790 sizeof digest, digest,
3791 strlen(sp->myauth.name),
3792 sp->myauth.name,
3793 0);
3794 break;
3795
3796 case CHAP_SUCCESS:
3797 if (debug) {
3798 log(LOG_DEBUG, SPP_FMT "chap success",
3799 SPP_ARGS(ifp));
3800 if (len > 4) {
3801 addlog(": ");
3802 sppp_print_string((char*)(h + 1), len - 4);
3803 }
3804 addlog("\n");
3805 }
3806 x = splnet();
3807 sp->pp_flags &= ~PP_NEEDAUTH;
3808 if (sp->myauth.proto == PPP_CHAP &&
3809 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) &&
3810 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) {
3811 /*
3812 * We are authenticator for CHAP but didn't
3813 * complete yet. Leave it to tlu to proceed
3814 * to network phase.
3815 */
3816 splx(x);
3817 break;
3818 }
3819 splx(x);
3820 sppp_phase_network(sp);
3821 break;
3822
3823 case CHAP_FAILURE:
3824 if (debug) {
3825 log(LOG_INFO, SPP_FMT "chap failure",
3826 SPP_ARGS(ifp));
3827 if (len > 4) {
3828 addlog(": ");
3829 sppp_print_string((char*)(h + 1), len - 4);
3830 }
3831 addlog("\n");
3832 } else
3833 log(LOG_INFO, SPP_FMT "chap failure\n",
3834 SPP_ARGS(ifp));
3835 /* await LCP shutdown by authenticator */
3836 break;
3837
3838 /* response is my authproto */
3839 case CHAP_RESPONSE:
3840 value = 1 + (u_char*)(h+1);
3841 value_len = value[-1];
3842 name = value + value_len;
3843 name_len = len - value_len - 5;
3844 if (name_len < 0) {
3845 if (debug) {
3846 log(LOG_DEBUG,
3847 SPP_FMT "chap corrupted response "
3848 "<%s id=0x%x len=%d",
3849 SPP_ARGS(ifp),
3850 sppp_auth_type_name(PPP_CHAP, h->type),
3851 h->ident, ntohs(h->len));
3852 if (len > 4)
3853 sppp_print_bytes((u_char*)(h+1), len-4);
3854 addlog(">\n");
3855 }
3856 break;
3857 }
3858 if (h->ident != sp->confid[IDX_CHAP]) {
3859 if (debug)
3860 log(LOG_DEBUG,
3861 SPP_FMT "chap dropping response for old ID "
3862 "(got %d, expected %d)\n",
3863 SPP_ARGS(ifp),
3864 h->ident, sp->confid[IDX_CHAP]);
3865 break;
3866 }
3867 if (name_len != strlen(sp->hisauth.name)
3868 || bcmp(name, sp->hisauth.name, name_len) != 0) {
3869 log(LOG_INFO, SPP_FMT "chap response, his name ",
3870 SPP_ARGS(ifp));
3871 sppp_print_string(name, name_len);
3872 addlog(" != expected ");
3873 sppp_print_string(sp->hisauth.name,
3874 strlen(sp->hisauth.name));
3875 addlog("\n");
3876 }
3877 if (debug) {
3878 log(LOG_DEBUG, SPP_FMT "chap input(%s) "
3879 "<%s id=0x%x len=%d name=",
3880 SPP_ARGS(ifp),
3881 sppp_state_name(sp->state[IDX_CHAP]),
3882 sppp_auth_type_name(PPP_CHAP, h->type),
3883 h->ident, ntohs (h->len));
3884 sppp_print_string((char*)name, name_len);
3885 addlog(" value-size=%d value=", value_len);
3886 sppp_print_bytes(value, value_len);
3887 addlog(">\n");
3888 }
3889 if (value_len != AUTHCHALEN) {
3890 if (debug)
3891 log(LOG_DEBUG,
3892 SPP_FMT "chap bad hash value length: "
3893 "%d bytes, should be %d\n",
3894 SPP_ARGS(ifp), value_len,
3895 AUTHCHALEN);
3896 break;
3897 }
3898
3899 MD5Init(&ctx);
3900 MD5Update(&ctx, &h->ident, 1);
3901 MD5Update(&ctx, sp->hisauth.secret, strlen(sp->hisauth.secret));
3902 MD5Update(&ctx, sp->chap_challenge, AUTHCHALEN);
3903 MD5Final(digest, &ctx);
3904
3905 #define FAILMSG "Failed..."
3906 #define SUCCMSG "Welcome!"
3907
3908 if (value_len != sizeof digest ||
3909 timingsafe_bcmp(digest, value, value_len) != 0) {
3910 /* action scn, tld */
3911 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident,
3912 sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
3913 0);
3914 chap.tld(sp);
3915 break;
3916 }
3917 /* action sca, perhaps tlu */
3918 if (sp->state[IDX_CHAP] == STATE_REQ_SENT ||
3919 sp->state[IDX_CHAP] == STATE_OPENED)
3920 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident,
3921 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
3922 0);
3923 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) {
3924 sppp_cp_change_state(&chap, sp, STATE_OPENED);
3925 chap.tlu(sp);
3926 }
3927 break;
3928
3929 default:
3930 /* Unknown CHAP packet type -- ignore. */
3931 if (debug) {
3932 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) "
3933 "<0x%x id=0x%xh len=%d",
3934 SPP_ARGS(ifp),
3935 sppp_state_name(sp->state[IDX_CHAP]),
3936 h->type, h->ident, ntohs(h->len));
3937 if (len > 4)
3938 sppp_print_bytes((u_char*)(h+1), len-4);
3939 addlog(">\n");
3940 }
3941 break;
3942
3943 }
3944 }
3945
3946 HIDE void
3947 sppp_chap_init(struct sppp *sp)
3948 {
3949 /* Chap doesn't have STATE_INITIAL at all. */
3950 sp->state[IDX_CHAP] = STATE_CLOSED;
3951 sp->fail_counter[IDX_CHAP] = 0;
3952 #if defined (__FreeBSD__)
3953 callout_handle_init(&sp->ch[IDX_CHAP]);
3954 #endif
3955 }
3956
3957 HIDE void
3958 sppp_chap_open(struct sppp *sp)
3959 {
3960 if (sp->myauth.proto == PPP_CHAP &&
3961 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
3962 /* we are authenticator for CHAP, start it */
3963 chap.scr(sp);
3964 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
3965 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
3966 }
3967 /* nothing to be done if we are peer, await a challenge */
3968 }
3969
3970 HIDE void
3971 sppp_chap_close(struct sppp *sp)
3972 {
3973 if (sp->state[IDX_CHAP] != STATE_CLOSED)
3974 sppp_cp_change_state(&chap, sp, STATE_CLOSED);
3975 }
3976
3977 HIDE void
3978 sppp_chap_TO(void *cookie)
3979 {
3980 struct sppp *sp = (struct sppp *)cookie;
3981 STDDCL;
3982 int s;
3983
3984 s = splnet();
3985 if (debug)
3986 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n",
3987 SPP_ARGS(ifp),
3988 sppp_state_name(sp->state[IDX_CHAP]),
3989 sp->rst_counter[IDX_CHAP]);
3990
3991 if (--sp->rst_counter[IDX_CHAP] < 0)
3992 /* TO- event */
3993 switch (sp->state[IDX_CHAP]) {
3994 case STATE_REQ_SENT:
3995 chap.tld(sp);
3996 sppp_cp_change_state(&chap, sp, STATE_CLOSED);
3997 break;
3998 }
3999 else
4000 /* TO+ (or TO*) event */
4001 switch (sp->state[IDX_CHAP]) {
4002 case STATE_OPENED:
4003 /* TO* event */
4004 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
4005 /* FALLTHROUGH */
4006 case STATE_REQ_SENT:
4007 chap.scr(sp);
4008 /* sppp_cp_change_state() will restart the timer */
4009 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
4010 break;
4011 }
4012
4013 splx(s);
4014 }
4015
4016 HIDE void
4017 sppp_chap_tlu(struct sppp *sp)
4018 {
4019 STDDCL;
4020 int i = 0, x;
4021
4022 i = 0;
4023 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
4024
4025 /*
4026 * Some broken CHAP implementations (Conware CoNet, firmware
4027 * 4.0.?) don't want to re-authenticate their CHAP once the
4028 * initial challenge-response exchange has taken place.
4029 * Provide for an option to avoid rechallenges.
4030 */
4031 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) {
4032 /*
4033 * Compute the re-challenge timeout. This will yield
4034 * a number between 300 and 810 seconds.
4035 */
4036 i = 300 + (arc4random() & 0x01fe);
4037
4038 #if defined (__FreeBSD__)
4039 sp->ch[IDX_CHAP] = timeout(chap.TO, (void *)sp, i * hz);
4040 #elif defined(__OpenBSD__)
4041 timeout_add_sec(&sp->ch[IDX_CHAP], i);
4042 #endif
4043 }
4044
4045 if (debug) {
4046 log(LOG_DEBUG,
4047 SPP_FMT "chap %s, ",
4048 SPP_ARGS(ifp),
4049 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu");
4050 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0)
4051 addlog("next re-challenge in %d seconds\n", i);
4052 else
4053 addlog("re-challenging suppressed\n");
4054 }
4055
4056 x = splnet();
4057 /* indicate to LCP that we need to be closed down */
4058 sp->lcp.protos |= (1 << IDX_CHAP);
4059
4060 if (sp->pp_flags & PP_NEEDAUTH) {
4061 /*
4062 * Remote is authenticator, but his auth proto didn't
4063 * complete yet. Defer the transition to network
4064 * phase.
4065 */
4066 splx(x);
4067 return;
4068 }
4069 splx(x);
4070
4071 /*
4072 * If we are already in phase network, we are done here. This
4073 * is the case if this is a dummy tlu event after a re-challenge.
4074 */
4075 if (sp->pp_phase != PHASE_NETWORK)
4076 sppp_phase_network(sp);
4077 }
4078
4079 HIDE void
4080 sppp_chap_tld(struct sppp *sp)
4081 {
4082 STDDCL;
4083
4084 if (debug)
4085 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp));
4086 UNTIMEOUT(chap.TO, (void *)sp, sp->ch[IDX_CHAP]);
4087 sp->lcp.protos &= ~(1 << IDX_CHAP);
4088
4089 lcp.Close(sp);
4090 }
4091
4092 HIDE void
4093 sppp_chap_scr(struct sppp *sp)
4094 {
4095 u_char clen;
4096
4097 /* Compute random challenge. */
4098 arc4random_buf(sp->chap_challenge, sizeof(sp->chap_challenge));
4099 clen = AUTHCHALEN;
4100
4101 sp->confid[IDX_CHAP] = ++sp->pp_seq;
4102
4103 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP],
4104 sizeof clen, (const char *)&clen,
4105 (size_t)AUTHCHALEN, sp->chap_challenge,
4106 strlen(sp->myauth.name),
4107 sp->myauth.name,
4108 0);
4109 }
4110 �/*
4111 *--------------------------------------------------------------------------*
4112 * *
4113 * The PAP implementation. *
4114 * *
4115 *--------------------------------------------------------------------------*
4116 */
4117 /*
4118 * For PAP, we need to keep a little state also if we are the peer, not the
4119 * authenticator. This is since we don't get a request to authenticate, but
4120 * have to repeatedly authenticate ourself until we got a response (or the
4121 * retry counter is expired).
4122 */
4123
4124 /*
4125 * Handle incoming PAP packets. */
4126 HIDE void
4127 sppp_pap_input(struct sppp *sp, struct mbuf *m)
4128 {
4129 STDDCL;
4130 struct lcp_header *h;
4131 int len, x;
4132 u_char *name, *passwd, mlen;
4133 int name_len, passwd_len;
4134
4135 len = m->m_pkthdr.len;
4136 if (len < 5) {
4137 if (debug)
4138 log(LOG_DEBUG,
4139 SPP_FMT "pap invalid packet length: %d bytes\n",
4140 SPP_ARGS(ifp), len);
4141 return;
4142 }
4143 h = mtod (m, struct lcp_header*);
4144 if (len > ntohs (h->len))
4145 len = ntohs (h->len);
4146 switch (h->type) {
4147 /* PAP request is my authproto */
4148 case PAP_REQ:
4149 name = 1 + (u_char*)(h+1);
4150 name_len = name[-1];
4151 passwd = name + name_len + 1;
4152 if (name_len > len - 6 ||
4153 (passwd_len = passwd[-1]) > len - 6 - name_len) {
4154 if (debug) {
4155 log(LOG_DEBUG, SPP_FMT "pap corrupted input "
4156 "<%s id=0x%x len=%d",
4157 SPP_ARGS(ifp),
4158 sppp_auth_type_name(PPP_PAP, h->type),
4159 h->ident, ntohs(h->len));
4160 if (len > 4)
4161 sppp_print_bytes((u_char*)(h+1), len-4);
4162 addlog(">\n");
4163 }
4164 break;
4165 }
4166 if (debug) {
4167 log(LOG_DEBUG, SPP_FMT "pap input(%s) "
4168 "<%s id=0x%x len=%d name=",
4169 SPP_ARGS(ifp),
4170 sppp_state_name(sp->state[IDX_PAP]),
4171 sppp_auth_type_name(PPP_PAP, h->type),
4172 h->ident, ntohs(h->len));
4173 sppp_print_string((char*)name, name_len);
4174 addlog(" passwd=");
4175 sppp_print_string((char*)passwd, passwd_len);
4176 addlog(">\n");
4177 }
4178 if (name_len > AUTHMAXLEN ||
4179 passwd_len > AUTHMAXLEN ||
4180 bcmp(name, sp->hisauth.name, name_len) != 0 ||
4181 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) {
4182 /* action scn, tld */
4183 mlen = sizeof(FAILMSG) - 1;
4184 sppp_auth_send(&pap, sp, PAP_NAK, h->ident,
4185 sizeof mlen, (const char *)&mlen,
4186 sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
4187 0);
4188 pap.tld(sp);
4189 break;
4190 }
4191 /* action sca, perhaps tlu */
4192 if (sp->state[IDX_PAP] == STATE_REQ_SENT ||
4193 sp->state[IDX_PAP] == STATE_OPENED) {
4194 mlen = sizeof(SUCCMSG) - 1;
4195 sppp_auth_send(&pap, sp, PAP_ACK, h->ident,
4196 sizeof mlen, (const char *)&mlen,
4197 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
4198 0);
4199 }
4200 if (sp->state[IDX_PAP] == STATE_REQ_SENT) {
4201 sppp_cp_change_state(&pap, sp, STATE_OPENED);
4202 pap.tlu(sp);
4203 }
4204 break;
4205
4206 /* ack and nak are his authproto */
4207 case PAP_ACK:
4208 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
4209 if (debug) {
4210 log(LOG_DEBUG, SPP_FMT "pap success",
4211 SPP_ARGS(ifp));
4212 name_len = *((char *)h);
4213 if (len > 5 && name_len) {
4214 addlog(": ");
4215 sppp_print_string((char*)(h+1), name_len);
4216 }
4217 addlog("\n");
4218 }
4219 x = splnet();
4220 sp->pp_flags &= ~PP_NEEDAUTH;
4221 if (sp->myauth.proto == PPP_PAP &&
4222 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) &&
4223 (sp->lcp.protos & (1 << IDX_PAP)) == 0) {
4224 /*
4225 * We are authenticator for PAP but didn't
4226 * complete yet. Leave it to tlu to proceed
4227 * to network phase.
4228 */
4229 splx(x);
4230 break;
4231 }
4232 splx(x);
4233 sppp_phase_network(sp);
4234 break;
4235
4236 case PAP_NAK:
4237 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
4238 if (debug) {
4239 log(LOG_INFO, SPP_FMT "pap failure",
4240 SPP_ARGS(ifp));
4241 name_len = *((char *)h);
4242 if (len > 5 && name_len) {
4243 addlog(": ");
4244 sppp_print_string((char*)(h+1), name_len);
4245 }
4246 addlog("\n");
4247 } else
4248 log(LOG_INFO, SPP_FMT "pap failure\n",
4249 SPP_ARGS(ifp));
4250 /* await LCP shutdown by authenticator */
4251 break;
4252
4253 default:
4254 /* Unknown PAP packet type -- ignore. */
4255 if (debug) {
4256 log(LOG_DEBUG, SPP_FMT "pap corrupted input "
4257 "<0x%x id=0x%x len=%d",
4258 SPP_ARGS(ifp),
4259 h->type, h->ident, ntohs(h->len));
4260 if (len > 4)
4261 sppp_print_bytes((u_char*)(h+1), len-4);
4262 addlog(">\n");
4263 }
4264 break;
4265
4266 }
4267 }
4268
4269 HIDE void
4270 sppp_pap_init(struct sppp *sp)
4271 {
4272 /* PAP doesn't have STATE_INITIAL at all. */
4273 sp->state[IDX_PAP] = STATE_CLOSED;
4274 sp->fail_counter[IDX_PAP] = 0;
4275 #if defined (__FreeBSD__)
4276 callout_handle_init(&sp->ch[IDX_PAP]);
4277 callout_handle_init(&sp->pap_my_to_ch);
4278 #endif
4279 }
4280
4281 HIDE void
4282 sppp_pap_open(struct sppp *sp)
4283 {
4284 if (sp->hisauth.proto == PPP_PAP &&
4285 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
4286 /* we are authenticator for PAP, start our timer */
4287 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
4288 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
4289 }
4290 if (sp->myauth.proto == PPP_PAP) {
4291 /* we are peer, send a request, and start a timer */
4292 pap.scr(sp);
4293 #if defined (__FreeBSD__)
4294 sp->pap_my_to_ch =
4295 timeout(sppp_pap_my_TO, (void *)sp, sp->lcp.timeout);
4296 #elif defined (__OpenBSD__)
4297 timeout_add(&sp->pap_my_to_ch, sp->lcp.timeout);
4298 #endif
4299 }
4300 }
4301
4302 HIDE void
4303 sppp_pap_close(struct sppp *sp)
4304 {
4305 if (sp->state[IDX_PAP] != STATE_CLOSED)
4306 sppp_cp_change_state(&pap, sp, STATE_CLOSED);
4307 }
4308
4309 /*
4310 * That's the timeout routine if we are authenticator. Since the
4311 * authenticator is basically passive in PAP, we can't do much here.
4312 */
4313 HIDE void
4314 sppp_pap_TO(void *cookie)
4315 {
4316 struct sppp *sp = (struct sppp *)cookie;
4317 STDDCL;
4318 int s;
4319
4320 s = splnet();
4321 if (debug)
4322 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n",
4323 SPP_ARGS(ifp),
4324 sppp_state_name(sp->state[IDX_PAP]),
4325 sp->rst_counter[IDX_PAP]);
4326
4327 if (--sp->rst_counter[IDX_PAP] < 0)
4328 /* TO- event */
4329 switch (sp->state[IDX_PAP]) {
4330 case STATE_REQ_SENT:
4331 pap.tld(sp);
4332 sppp_cp_change_state(&pap, sp, STATE_CLOSED);
4333 break;
4334 }
4335 else
4336 /* TO+ event, not very much we could do */
4337 switch (sp->state[IDX_PAP]) {
4338 case STATE_REQ_SENT:
4339 /* sppp_cp_change_state() will restart the timer */
4340 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
4341 break;
4342 }
4343
4344 splx(s);
4345 }
4346
4347 /*
4348 * That's the timeout handler if we are peer. Since the peer is active,
4349 * we need to retransmit our PAP request since it is apparently lost.
4350 * XXX We should impose a max counter.
4351 */
4352 HIDE void
4353 sppp_pap_my_TO(void *cookie)
4354 {
4355 struct sppp *sp = (struct sppp *)cookie;
4356 STDDCL;
4357
4358 if (debug)
4359 log(LOG_DEBUG, SPP_FMT "pap peer TO\n",
4360 SPP_ARGS(ifp));
4361
4362 pap.scr(sp);
4363 }
4364
4365 HIDE void
4366 sppp_pap_tlu(struct sppp *sp)
4367 {
4368 STDDCL;
4369 int x;
4370
4371 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
4372
4373 if (debug)
4374 log(LOG_DEBUG, SPP_FMT "%s tlu\n",
4375 SPP_ARGS(ifp), pap.name);
4376
4377 x = splnet();
4378 /* indicate to LCP that we need to be closed down */
4379 sp->lcp.protos |= (1 << IDX_PAP);
4380
4381 if (sp->pp_flags & PP_NEEDAUTH) {
4382 /*
4383 * Remote is authenticator, but his auth proto didn't
4384 * complete yet. Defer the transition to network
4385 * phase.
4386 */
4387 splx(x);
4388 return;
4389 }
4390 splx(x);
4391 sppp_phase_network(sp);
4392 }
4393
4394 HIDE void
4395 sppp_pap_tld(struct sppp *sp)
4396 {
4397 STDDCL;
4398
4399 if (debug)
4400 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp));
4401 UNTIMEOUT(pap.TO, (void *)sp, sp->ch[IDX_PAP]);
4402 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
4403 sp->lcp.protos &= ~(1 << IDX_PAP);
4404
4405 lcp.Close(sp);
4406 }
4407
4408 HIDE void
4409 sppp_pap_scr(struct sppp *sp)
4410 {
4411 u_char idlen, pwdlen;
4412
4413 sp->confid[IDX_PAP] = ++sp->pp_seq;
4414 pwdlen = strlen(sp->myauth.secret);
4415 idlen = strlen(sp->myauth.name);
4416
4417 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP],
4418 sizeof idlen, (const char *)&idlen,
4419 (size_t)idlen, sp->myauth.name,
4420 sizeof pwdlen, (const char *)&pwdlen,
4421 (size_t)pwdlen, sp->myauth.secret,
4422 0);
4423 }
4424 �/*
4425 * Random miscellaneous functions.
4426 */
4427
4428 /*
4429 * Send a PAP or CHAP proto packet.
4430 *
4431 * Varadic function, each of the elements for the ellipsis is of type
4432 * ``size_t mlen, const u_char *msg''. Processing will stop iff
4433 * mlen == 0.
4434 */
4435
4436 HIDE void
4437 sppp_auth_send(const struct cp *cp, struct sppp *sp,
4438 unsigned int type, u_int id, ...)
4439 {
4440 STDDCL;
4441 struct ppp_header *h;
4442 struct lcp_header *lh;
4443 struct mbuf *m;
4444 u_char *p;
4445 int len;
4446 size_t pkthdrlen;
4447 unsigned int mlen;
4448 const char *msg;
4449 va_list ap;
4450
4451 MGETHDR (m, M_DONTWAIT, MT_DATA);
4452 if (! m)
4453 return;
4454 m->m_pkthdr.rcvif = 0;
4455
4456 if (sp->pp_flags & PP_NOFRAMING) {
4457 *mtod(m, u_int16_t *) = htons(cp->proto);
4458 pkthdrlen = 2;
4459 lh = (struct lcp_header *)(mtod(m, u_int8_t *) + 2);
4460 } else {
4461 h = mtod (m, struct ppp_header*);
4462 h->address = PPP_ALLSTATIONS; /* broadcast address */
4463 h->control = PPP_UI; /* Unnumbered Info */
4464 h->protocol = htons(cp->proto);
4465 pkthdrlen = PPP_HEADER_LEN;
4466 lh = (struct lcp_header*)(h + 1);
4467 }
4468
4469 lh->type = type;
4470 lh->ident = id;
4471 p = (u_char*) (lh+1);
4472
4473 va_start(ap, id);
4474 len = 0;
4475
4476 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) {
4477 msg = va_arg(ap, const char *);
4478 len += mlen;
4479 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) {
4480 va_end(ap);
4481 m_freem(m);
4482 return;
4483 }
4484
4485 bcopy(msg, p, mlen);
4486 p += mlen;
4487 }
4488 va_end(ap);
4489
4490 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len;
4491 lh->len = htons (LCP_HEADER_LEN + len);
4492
4493 if (debug) {
4494 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d",
4495 SPP_ARGS(ifp), cp->name,
4496 sppp_auth_type_name(cp->proto, lh->type),
4497 lh->ident, ntohs(lh->len));
4498 if (len)
4499 sppp_print_bytes((u_char*) (lh+1), len);
4500 addlog(">\n");
4501 }
4502 if (IF_QFULL (&sp->pp_cpq)) {
4503 IF_DROP (&ifp->if_snd);
4504 m_freem (m);
4505 ++ifp->if_oerrors;
4506 m = NULL;
4507 } else
4508 IF_ENQUEUE (&sp->pp_cpq, m);
4509 if (! (ifp->if_flags & IFF_OACTIVE))
4510 (*ifp->if_start) (ifp);
4511 if (m != NULL)
4512 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes;
4513 }
4514
4515 /*
4516 * Flush interface queue.
4517 */
4518 HIDE void
4519 sppp_qflush(struct ifqueue *ifq)
4520 {
4521 IF_PURGE(ifq);
4522 }
4523
4524 /*
4525 * Send keepalive packets, every 10 seconds.
4526 */
4527 HIDE void
4528 sppp_keepalive(void *dummy)
4529 {
4530 struct sppp *sp;
4531 int s;
4532 struct timeval tv;
4533
4534 s = splnet();
4535 getmicrouptime(&tv);
4536 for (sp=spppq; sp; sp=sp->pp_next) {
4537 struct ifnet *ifp = &sp->pp_if;
4538
4539 /* Keepalive mode disabled or channel down? */
4540 if (! (sp->pp_flags & PP_KEEPALIVE) ||
4541 ! (ifp->if_flags & IFF_RUNNING))
4542 continue;
4543
4544 /* No keepalive in PPP mode if LCP not opened yet. */
4545 if (! (sp->pp_flags & PP_CISCO) &&
4546 sp->pp_phase < PHASE_AUTHENTICATE)
4547 continue;
4548
4549 /* No echo reply, but maybe user data passed through? */
4550 if (!(sp->pp_flags & PP_CISCO) &&
4551 (tv.tv_sec - sp->pp_last_receive) < NORECV_TIME) {
4552 sp->pp_alivecnt = 0;
4553 continue;
4554 }
4555
4556 if (sp->pp_alivecnt >= MAXALIVECNT) {
4557 /* No keepalive packets got. Stop the interface. */
4558 if_down (ifp);
4559 sppp_qflush (&sp->pp_cpq);
4560 if (! (sp->pp_flags & PP_CISCO)) {
4561 log(LOG_INFO, SPP_FMT "LCP keepalive timeout\n",
4562 SPP_ARGS(ifp));
4563 sp->pp_alivecnt = 0;
4564
4565 /* we are down, close all open protocols */
4566 lcp.Close(sp);
4567
4568 /* And now prepare LCP to reestablish the link, if configured to do so. */
4569 sppp_cp_change_state(&lcp, sp, STATE_STOPPED);
4570
4571 /* Close connection immediately, completition of this
4572 * will summon the magic needed to reestablish it. */
4573 if (sp->pp_tlf)
4574 sp->pp_tlf(sp);
4575 continue;
4576 }
4577 }
4578 if (sp->pp_alivecnt < MAXALIVECNT)
4579 ++sp->pp_alivecnt;
4580 if (sp->pp_flags & PP_CISCO)
4581 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, ++sp->pp_seq,
4582 sp->pp_rseq);
4583 else if (sp->pp_phase >= PHASE_AUTHENTICATE) {
4584 unsigned long nmagic = htonl (sp->lcp.magic);
4585 sp->lcp.echoid = ++sp->pp_seq;
4586 sppp_cp_send (sp, PPP_LCP, ECHO_REQ,
4587 sp->lcp.echoid, 4, &nmagic);
4588 }
4589 }
4590 splx(s);
4591 #if defined (__FreeBSD__)
4592 keepalive_ch = timeout(sppp_keepalive, 0, hz * 10);
4593 #endif
4594 #if defined (__OpenBSD__)
4595 timeout_add_sec(&keepalive_ch, 10);
4596 #endif
4597 }
4598
4599 /*
4600 * Get both IP addresses.
4601 */
4602 HIDE void
4603 sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst,
4604 u_int32_t *srcmask)
4605 {
4606 struct ifnet *ifp = &sp->pp_if;
4607 struct ifaddr *ifa;
4608 struct sockaddr_in *si, *sm = 0;
4609 u_int32_t ssrc, ddst;
4610
4611 sm = NULL;
4612 ssrc = ddst = 0;
4613 /*
4614 * Pick the first AF_INET address from the list,
4615 * aliases don't make any sense on a p2p link anyway.
4616 */
4617 #if defined (__FreeBSD__)
4618 for (ifa = ifp->if_addrhead.tqh_first, si = 0;
4619 ifa;
4620 ifa = ifa->ifa_link.tqe_next)
4621 #else
4622 si = 0;
4623 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
4624 #endif
4625 {
4626 if (ifa->ifa_addr->sa_family == AF_INET) {
4627 si = (struct sockaddr_in *)ifa->ifa_addr;
4628 sm = (struct sockaddr_in *)ifa->ifa_netmask;
4629 if (si)
4630 break;
4631 }
4632 }
4633 if (ifa) {
4634 if (si && si->sin_addr.s_addr) {
4635 ssrc = si->sin_addr.s_addr;
4636 if (srcmask)
4637 *srcmask = ntohl(sm->sin_addr.s_addr);
4638 }
4639
4640 si = (struct sockaddr_in *)ifa->ifa_dstaddr;
4641 if (si && si->sin_addr.s_addr)
4642 ddst = si->sin_addr.s_addr;
4643 }
4644
4645 if (dst) *dst = ntohl(ddst);
4646 if (src) *src = ntohl(ssrc);
4647 }
4648
4649 int
4650 sppp_update_gw_walker(struct radix_node *rn, void *arg, u_int id)
4651 {
4652 struct ifnet *ifp = arg;
4653 struct rtentry *rt = (struct rtentry *)rn;
4654
4655 if (rt->rt_ifp == ifp) {
4656 if (rt->rt_ifa->ifa_dstaddr->sa_family !=
4657 rt->rt_gateway->sa_family ||
4658 (rt->rt_flags & RTF_GATEWAY) == 0)
4659 return (0); /* do not modify non-gateway routes */
4660 bcopy(rt->rt_ifa->ifa_dstaddr, rt->rt_gateway,
4661 rt->rt_ifa->ifa_dstaddr->sa_len);
4662 }
4663 return (0);
4664 }
4665
4666 void
4667 sppp_update_gw(struct ifnet *ifp)
4668 {
4669 struct radix_node_head *rnh;
4670 u_int tid;
4671
4672 /* update routing table */
4673 for (tid = 0; tid <= RT_TABLEID_MAX; tid++) {
4674 if ((rnh = rt_gettable(AF_INET, tid)) != NULL) {
4675 while ((*rnh->rnh_walktree)(rnh,
4676 sppp_update_gw_walker, ifp) == EAGAIN)
4677 ; /* nothing */
4678 }
4679 }
4680 }
4681
4682 /*
4683 * Work queue task adding addresses from process context.
4684 * If an address is 0, leave it the way it is.
4685 */
4686 HIDE void
4687 sppp_set_ip_addrs(void *arg1, void *arg2)
4688 {
4689 struct sppp_set_ip_addrs_args *args = arg1;
4690 struct sppp *sp = args->sp;
4691 u_int32_t myaddr = args->myaddr;
4692 u_int32_t hisaddr = args->hisaddr;
4693 struct ifnet *ifp = &sp->pp_if;
4694 int debug = ifp->if_flags & IFF_DEBUG;
4695 struct ifaddr *ifa;
4696 struct sockaddr_in *si;
4697 struct sockaddr_in *dest;
4698 int s;
4699
4700 /* Arguments are now on local stack so free temporary storage. */
4701 free(args, M_TEMP);
4702
4703 s = splsoftnet();
4704
4705 /*
4706 * Pick the first AF_INET address from the list,
4707 * aliases don't make any sense on a p2p link anyway.
4708 */
4709
4710 #if defined (__FreeBSD__)
4711 for (ifa = ifp->if_addrhead.tqh_first, si = 0;
4712 ifa;
4713 ifa = ifa->ifa_link.tqe_next)
4714 #else
4715 si = 0;
4716 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
4717 #endif
4718 {
4719 if (ifa->ifa_addr->sa_family == AF_INET)
4720 {
4721 si = (struct sockaddr_in *)ifa->ifa_addr;
4722 dest = (struct sockaddr_in *)ifa->ifa_dstaddr;
4723 if (si)
4724 break;
4725 }
4726 }
4727
4728 if (ifa && si) {
4729 int error;
4730 struct sockaddr_in new_sin = *si;
4731 struct sockaddr_in new_dst = *dest;
4732
4733 /*
4734 * Scrub old routes now instead of calling in_ifinit with
4735 * scrub=1, because we may change the dstaddr
4736 * before the call to in_ifinit.
4737 */
4738 in_ifscrub(ifp, ifatoia(ifa));
4739
4740 if (myaddr != 0)
4741 new_sin.sin_addr.s_addr = htonl(myaddr);
4742 if (hisaddr != 0) {
4743 new_dst.sin_addr.s_addr = htonl(hisaddr);
4744 if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) {
4745 sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr;
4746 *dest = new_dst; /* fix dstaddr in place */
4747 }
4748 }
4749 if (!(error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 0, 0)))
4750 dohooks(ifp->if_addrhooks, 0);
4751 if (debug && error) {
4752 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addrs: in_ifinit "
4753 " failed, error=%d\n", SPP_ARGS(ifp), error);
4754 splx(s);
4755 return;
4756 }
4757 sppp_update_gw(ifp);
4758 }
4759 splx(s);
4760 }
4761
4762 /*
4763 * Clear IP addresses. Must be called at splnet.
4764 */
4765 HIDE void
4766 sppp_clear_ip_addrs(struct sppp *sp)
4767 {
4768 struct ifnet *ifp = &sp->pp_if;
4769 struct ifaddr *ifa;
4770 struct sockaddr_in *si;
4771 struct sockaddr_in *dest;
4772
4773 u_int32_t remote;
4774 if (sp->ipcp.flags & IPCP_HISADDR_DYN)
4775 remote = sp->ipcp.saved_hisaddr;
4776 else
4777 sppp_get_ip_addrs(sp, 0, &remote, 0);
4778
4779 /*
4780 * Pick the first AF_INET address from the list,
4781 * aliases don't make any sense on a p2p link anyway.
4782 */
4783
4784 si = 0;
4785 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
4786 if (ifa->ifa_addr->sa_family == AF_INET) {
4787 si = (struct sockaddr_in *)ifa->ifa_addr;
4788 dest = (struct sockaddr_in *)ifa->ifa_dstaddr;
4789 if (si)
4790 break;
4791 }
4792 }
4793
4794 if (ifa && si) {
4795 struct sockaddr_in new_sin = *si;
4796
4797 in_ifscrub(ifp, ifatoia(ifa));
4798 if (sp->ipcp.flags & IPCP_MYADDR_DYN)
4799 new_sin.sin_addr.s_addr = 0;
4800 if (sp->ipcp.flags & IPCP_HISADDR_DYN)
4801 /* replace peer addr in place */
4802 dest->sin_addr.s_addr = sp->ipcp.saved_hisaddr;
4803 if (!in_ifinit(ifp, ifatoia(ifa), &new_sin, 0, 0))
4804 dohooks(ifp->if_addrhooks, 0);
4805 sppp_update_gw(ifp);
4806 }
4807 }
4808
4809
4810 #ifdef INET6
4811 /*
4812 * Get both IPv6 addresses.
4813 */
4814 HIDE void
4815 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst,
4816 struct in6_addr *srcmask)
4817 {
4818 struct ifnet *ifp = &sp->pp_if;
4819 struct ifaddr *ifa;
4820 struct sockaddr_in6 *si, *sm;
4821 struct in6_addr ssrc, ddst;
4822
4823 sm = NULL;
4824 bzero(&ssrc, sizeof(ssrc));
4825 bzero(&ddst, sizeof(ddst));
4826 /*
4827 * Pick the first link-local AF_INET6 address from the list,
4828 * aliases don't make any sense on a p2p link anyway.
4829 */
4830 si = 0;
4831 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
4832 if (ifa->ifa_addr->sa_family == AF_INET6) {
4833 si = (struct sockaddr_in6 *)ifa->ifa_addr;
4834 sm = (struct sockaddr_in6 *)ifa->ifa_netmask;
4835 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr))
4836 break;
4837 }
4838 }
4839
4840 if (ifa) {
4841 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) {
4842 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc));
4843 if (srcmask) {
4844 bcopy(&sm->sin6_addr, srcmask,
4845 sizeof(*srcmask));
4846 }
4847 }
4848
4849 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr;
4850 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr))
4851 bcopy(&si->sin6_addr, &ddst, sizeof(ddst));
4852 }
4853
4854 if (dst)
4855 bcopy(&ddst, dst, sizeof(*dst));
4856 if (src)
4857 bcopy(&ssrc, src, sizeof(*src));
4858 }
4859
4860 #ifdef IPV6CP_MYIFID_DYN
4861 /*
4862 * Generate random ifid.
4863 */
4864 HIDE void
4865 sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr)
4866 {
4867 /* TBD */
4868 }
4869
4870 /*
4871 * Set my IPv6 address. Must be called at splnet.
4872 */
4873 HIDE void
4874 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src)
4875 {
4876 struct ifnet *ifp = &sp->pp_if;
4877 struct ifaddr *ifa;
4878 struct sockaddr_in6 *sin6;
4879
4880 /*
4881 * Pick the first link-local AF_INET6 address from the list,
4882 * aliases don't make any sense on a p2p link anyway.
4883 */
4884
4885 sin6 = NULL;
4886 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
4887 if (ifa->ifa_addr->sa_family == AF_INET6) {
4888 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr;
4889 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))
4890 break;
4891 }
4892 }
4893
4894 if (ifa && sin6) {
4895 struct sockaddr_in6 new_sin6 = *sin6;
4896 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr));
4897 dohooks(ifp->if_addrhooks, 0);
4898 }
4899 }
4900 #endif
4901
4902 /*
4903 * Suggest a candidate address to be used by peer.
4904 */
4905 HIDE void
4906 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest)
4907 {
4908 struct in6_addr myaddr;
4909 struct timeval tv;
4910
4911 sppp_get_ip6_addrs(sp, &myaddr, 0, 0);
4912
4913 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */
4914 getmicrouptime(&tv);
4915 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) {
4916 myaddr.s6_addr[14] ^= 0xff;
4917 myaddr.s6_addr[15] ^= 0xff;
4918 } else {
4919 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff);
4920 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff);
4921 }
4922 if (suggest)
4923 bcopy(&myaddr, suggest, sizeof(myaddr));
4924 }
4925 #endif /*INET6*/
4926
4927 HIDE int
4928 sppp_get_params(struct sppp *sp, struct ifreq *ifr)
4929 {
4930 int cmd;
4931
4932 if (copyin((caddr_t)ifr->ifr_data, &cmd, sizeof cmd) != 0)
4933 return EFAULT;
4934
4935 switch (cmd) {
4936 case SPPPIOGDEFS:
4937 {
4938 struct spppreq *spr;
4939
4940 spr = malloc(sizeof(*spr), M_DEVBUF, M_WAITOK);
4941
4942 /*
4943 * We copy over the entire current state, but clean
4944 * out some of the stuff we don't wanna pass up.
4945 * Remember, SIOCGIFGENERIC is unprotected, and can be
4946 * called by any user. No need to ever get PAP or
4947 * CHAP secrets back to userland anyway.
4948 */
4949
4950 spr->cmd = cmd;
4951 bcopy(sp, &spr->defs, sizeof(struct sppp));
4952
4953 explicit_bzero(&spr->defs.myauth, sizeof(spr->defs.myauth));
4954 explicit_bzero(&spr->defs.hisauth, sizeof(spr->defs.hisauth));
4955 explicit_bzero(&spr->defs.chap_challenge,
4956 sizeof(spr->defs.chap_challenge));
4957
4958 if (copyout(spr, (caddr_t)ifr->ifr_data, sizeof(*spr)) != 0) {
4959 free(spr, M_DEVBUF);
4960 return EFAULT;
4961 }
4962 free(spr, M_DEVBUF);
4963 break;
4964 }
4965 case SPPPIOGMAUTH:
4966 case SPPPIOGHAUTH:
4967 {
4968 struct sauthreq *spa;
4969 struct sauth *auth;
4970
4971 spa = malloc(sizeof(*spa), M_DEVBUF, M_WAITOK);
4972 auth = (cmd == SPPPIOGMAUTH) ? &sp->myauth : &sp->hisauth;
4973 bzero(spa, sizeof(*spa));
4974 spa->proto = auth->proto;
4975 spa->flags = auth->flags;
4976
4977 /* do not copy the secret, and only let root know the name */
4978 if (auth->name != NULL && suser(curproc, 0) == 0)
4979 strlcpy(spa->name, auth->name, sizeof(spa->name));
4980
4981 if (copyout(spa, (caddr_t)ifr->ifr_data, sizeof(*spa)) != 0) {
4982 free(spa, M_DEVBUF);
4983 return EFAULT;
4984 }
4985 free(spa, M_DEVBUF);
4986 break;
4987 }
4988 default:
4989 return EINVAL;
4990 }
4991
4992 return 0;
4993 }
4994
4995
4996 HIDE int
4997 sppp_set_params(struct sppp *sp, struct ifreq *ifr)
4998 {
4999 int cmd;
5000
5001 if (copyin((caddr_t)ifr->ifr_data, &cmd, sizeof cmd) != 0)
5002 return EFAULT;
5003
5004 /*
5005 * We have a very specific idea of which fields we allow
5006 * being passed back from userland, so to not clobber our
5007 * current state. For one, we only allow setting
5008 * anything if LCP is in dead phase. Once the LCP
5009 * negotiations started, the authentication settings must
5010 * not be changed again. (The administrator can force an
5011 * ifconfig down in order to get LCP back into dead
5012 * phase.)
5013 */
5014 if (sp->pp_phase != PHASE_DEAD)
5015 return EBUSY;
5016
5017 switch (cmd) {
5018 case SPPPIOSDEFS:
5019 {
5020 struct spppreq *spr;
5021
5022 spr = malloc(sizeof(*spr), M_DEVBUF, M_WAITOK);
5023
5024 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(*spr)) != 0) {
5025 free(spr, M_DEVBUF);
5026 return EFAULT;
5027 }
5028 /*
5029 * Also, we only allow for authentication parameters to be
5030 * specified.
5031 *
5032 * XXX Should allow to set or clear pp_flags.
5033 */
5034 free(spr, M_DEVBUF);
5035 break;
5036 }
5037 case SPPPIOSMAUTH:
5038 case SPPPIOSHAUTH:
5039 {
5040 /*
5041 * Finally, if the respective authentication protocol to
5042 * be used is set differently than 0, but the secret is
5043 * passed as all zeros, we don't trash the existing secret.
5044 * This allows an administrator to change the system name
5045 * only without clobbering the secret (which he didn't get
5046 * back in a previous SPPPIOGXAUTH call). However, the
5047 * secrets are cleared if the authentication protocol is
5048 * reset to 0.
5049 */
5050
5051 struct sauthreq *spa;
5052 struct sauth *auth;
5053 char *p;
5054 int len;
5055
5056 spa = malloc(sizeof(*spa), M_DEVBUF, M_WAITOK);
5057
5058 auth = (cmd == SPPPIOSMAUTH) ? &sp->myauth : &sp->hisauth;
5059
5060 if (copyin((caddr_t)ifr->ifr_data, spa, sizeof(*spa)) != 0) {
5061 free(spa, M_DEVBUF);
5062 return EFAULT;
5063 }
5064
5065 if (spa->proto != 0 && spa->proto != PPP_PAP &&
5066 spa->proto != PPP_CHAP) {
5067 free(spa, M_DEVBUF);
5068 return EINVAL;
5069 }
5070
5071 if (spa->proto == 0) {
5072 /* resetting auth */
5073 if (auth->name != NULL)
5074 free(auth->name, M_DEVBUF);
5075 if (auth->secret != NULL)
5076 free(auth->secret, M_DEVBUF);
5077 bzero(auth, sizeof *auth);
5078 explicit_bzero(sp->chap_challenge, sizeof sp->chap_challenge);
5079 } else {
5080 /* setting/changing auth */
5081 auth->proto = spa->proto;
5082 auth->flags = spa->flags;
5083
5084 spa->name[AUTHMAXLEN - 1] = '\0';
5085 len = strlen(spa->name) + 1;
5086 p = malloc(len, M_DEVBUF, M_WAITOK);
5087 strlcpy(p, spa->name, len);
5088 if (auth->name != NULL)
5089 free(auth->name, M_DEVBUF);
5090 auth->name = p;
5091
5092 if (spa->secret[0] != '\0') {
5093 spa->secret[AUTHMAXLEN - 1] = '\0';
5094 len = strlen(spa->secret) + 1;
5095 p = malloc(len, M_DEVBUF, M_WAITOK);
5096 strlcpy(p, spa->secret, len);
5097 if (auth->secret != NULL)
5098 free(auth->secret, M_DEVBUF);
5099 auth->secret = p;
5100 } else if (!auth->secret) {
5101 p = malloc(1, M_DEVBUF, M_WAITOK);
5102 p[0] = '\0';
5103 auth->secret = p;
5104 }
5105 }
5106 free(spa, M_DEVBUF);
5107 break;
5108 }
5109 default:
5110 return EINVAL;
5111 }
5112
5113 return 0;
5114 }
5115
5116 HIDE void
5117 sppp_phase_network(struct sppp *sp)
5118 {
5119 int i;
5120 u_long mask;
5121
5122 sp->pp_phase = PHASE_NETWORK;
5123
5124 sppp_set_phase(sp);
5125
5126 /* Notify NCPs now. */
5127 for (i = 0; i < IDX_COUNT; i++)
5128 if ((cps[i])->flags & CP_NCP)
5129 (cps[i])->Open(sp);
5130
5131 /* Send Up events to all NCPs. */
5132 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
5133 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP))
5134 (cps[i])->Up(sp);
5135
5136 /* if no NCP is starting, all this was in vain, close down */
5137 sppp_lcp_check_and_close(sp);
5138 }
5139
5140
5141 HIDE const char *
5142 sppp_cp_type_name(u_char type)
5143 {
5144 static char buf[12];
5145 switch (type) {
5146 case CONF_REQ: return "conf-req";
5147 case CONF_ACK: return "conf-ack";
5148 case CONF_NAK: return "conf-nak";
5149 case CONF_REJ: return "conf-rej";
5150 case TERM_REQ: return "term-req";
5151 case TERM_ACK: return "term-ack";
5152 case CODE_REJ: return "code-rej";
5153 case PROTO_REJ: return "proto-rej";
5154 case ECHO_REQ: return "echo-req";
5155 case ECHO_REPLY: return "echo-reply";
5156 case DISC_REQ: return "discard-req";
5157 }
5158 snprintf (buf, sizeof buf, "0x%x", type);
5159 return buf;
5160 }
5161
5162 HIDE const char *
5163 sppp_auth_type_name(u_short proto, u_char type)
5164 {
5165 static char buf[12];
5166 switch (proto) {
5167 case PPP_CHAP:
5168 switch (type) {
5169 case CHAP_CHALLENGE: return "challenge";
5170 case CHAP_RESPONSE: return "response";
5171 case CHAP_SUCCESS: return "success";
5172 case CHAP_FAILURE: return "failure";
5173 }
5174 case PPP_PAP:
5175 switch (type) {
5176 case PAP_REQ: return "req";
5177 case PAP_ACK: return "ack";
5178 case PAP_NAK: return "nak";
5179 }
5180 }
5181 snprintf (buf, sizeof buf, "0x%x", type);
5182 return buf;
5183 }
5184
5185 HIDE const char *
5186 sppp_lcp_opt_name(u_char opt)
5187 {
5188 static char buf[12];
5189 switch (opt) {
5190 case LCP_OPT_MRU: return "mru";
5191 case LCP_OPT_ASYNC_MAP: return "async-map";
5192 case LCP_OPT_AUTH_PROTO: return "auth-proto";
5193 case LCP_OPT_QUAL_PROTO: return "qual-proto";
5194 case LCP_OPT_MAGIC: return "magic";
5195 case LCP_OPT_PROTO_COMP: return "proto-comp";
5196 case LCP_OPT_ADDR_COMP: return "addr-comp";
5197 }
5198 snprintf (buf, sizeof buf, "0x%x", opt);
5199 return buf;
5200 }
5201
5202 HIDE const char *
5203 sppp_ipcp_opt_name(u_char opt)
5204 {
5205 static char buf[12];
5206 switch (opt) {
5207 case IPCP_OPT_ADDRESSES: return "addresses";
5208 case IPCP_OPT_COMPRESSION: return "compression";
5209 case IPCP_OPT_ADDRESS: return "address";
5210 }
5211 snprintf (buf, sizeof buf, "0x%x", opt);
5212 return buf;
5213 }
5214
5215 #ifdef INET6
5216 HIDE const char *
5217 sppp_ipv6cp_opt_name(u_char opt)
5218 {
5219 static char buf[12];
5220 switch (opt) {
5221 case IPV6CP_OPT_IFID: return "ifid";
5222 case IPV6CP_OPT_COMPRESSION: return "compression";
5223 }
5224 snprintf (buf, sizeof buf, "0x%x", opt);
5225 return buf;
5226 }
5227 #endif
5228
5229 HIDE const char *
5230 sppp_state_name(int state)
5231 {
5232 switch (state) {
5233 case STATE_INITIAL: return "initial";
5234 case STATE_STARTING: return "starting";
5235 case STATE_CLOSED: return "closed";
5236 case STATE_STOPPED: return "stopped";
5237 case STATE_CLOSING: return "closing";
5238 case STATE_STOPPING: return "stopping";
5239 case STATE_REQ_SENT: return "req-sent";
5240 case STATE_ACK_RCVD: return "ack-rcvd";
5241 case STATE_ACK_SENT: return "ack-sent";
5242 case STATE_OPENED: return "opened";
5243 }
5244 return "illegal";
5245 }
5246
5247 HIDE const char *
5248 sppp_phase_name(enum ppp_phase phase)
5249 {
5250 switch (phase) {
5251 case PHASE_DEAD: return "dead";
5252 case PHASE_ESTABLISH: return "establish";
5253 case PHASE_TERMINATE: return "terminate";
5254 case PHASE_AUTHENTICATE: return "authenticate";
5255 case PHASE_NETWORK: return "network";
5256 }
5257 return "illegal";
5258 }
5259
5260 HIDE const char *
5261 sppp_proto_name(u_short proto)
5262 {
5263 static char buf[12];
5264 switch (proto) {
5265 case PPP_LCP: return "lcp";
5266 case PPP_IPCP: return "ipcp";
5267 case PPP_PAP: return "pap";
5268 case PPP_CHAP: return "chap";
5269 }
5270 snprintf(buf, sizeof buf, "0x%x", (unsigned)proto);
5271 return buf;
5272 }
5273
5274 HIDE void
5275 sppp_print_bytes(const u_char *p, u_short len)
5276 {
5277 addlog(" %02x", *p++);
5278 while (--len > 0)
5279 addlog("-%02x", *p++);
5280 }
5281
5282 HIDE void
5283 sppp_print_string(const char *p, u_short len)
5284 {
5285 u_char c;
5286
5287 while (len-- > 0) {
5288 c = *p++;
5289 /*
5290 * Print only ASCII chars directly. RFC 1994 recommends
5291 * using only them, but we don't rely on it. */
5292 if (c < ' ' || c > '~')
5293 addlog("\\x%x", c);
5294 else
5295 addlog("%c", c);
5296 }
5297 }
5298
5299 HIDE const char *
5300 sppp_dotted_quad(u_int32_t addr)
5301 {
5302 static char s[16];
5303 snprintf(s, sizeof s, "%d.%d.%d.%d",
5304 (int)((addr >> 24) & 0xff),
5305 (int)((addr >> 16) & 0xff),
5306 (int)((addr >> 8) & 0xff),
5307 (int)(addr & 0xff));
5308 return s;
5309 }
5310
5311 /* a dummy, used to drop uninteresting events */
5312 HIDE void
5313 sppp_null(struct sppp *unused)
5314 {
5315 /* do just nothing */
5316 }
5317 /*
5318 * This file is large. Tell emacs to highlight it nevertheless.
5319 *
5320 * Local Variables:
5321 * hilit-auto-highlight-maxout: 120000
5322 * End:
5323 */
5324
5325 HIDE void
5326 sppp_set_phase(struct sppp *sp)
5327 {
5328 STDDCL;
5329 int lstate, s;
5330
5331 if (debug)
5332 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
5333 sppp_phase_name(sp->pp_phase));
5334
5335 /* set link state */
5336 if (sp->pp_phase == PHASE_NETWORK)
5337 lstate = LINK_STATE_UP;
5338 else
5339 lstate = LINK_STATE_DOWN;
5340
5341 if (ifp->if_link_state != lstate) {
5342 ifp->if_link_state = lstate;
5343 s = splsoftnet();
5344 if_link_state_change(ifp);
5345 splx(s);
5346 }
5347 }
5348