1 /* $OpenBSD: if_spppsubr.c,v 1.124 2014/07/12 18:44:22 tedu Exp $ */
2 /*
3 * Synchronous PPP/Cisco link level subroutines.
4 * Keepalive protocol implemented in both Cisco and PPP modes.
5 *
6 * Copyright (C) 1994-1996 Cronyx Engineering Ltd.
7 * Author: Serge Vakulenko, <vak@cronyx.ru>
8 *
9 * Heavily revamped to conform to RFC 1661.
10 * Copyright (C) 1997, Joerg Wunsch.
11 *
12 * RFC2472 IPv6CP support.
13 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun@iijlab.net>.
14 *
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions are met:
17 * 1. Redistributions of source code must retain the above copyright notice,
18 * this list of conditions and the following disclaimer.
19 * 2. Redistributions in binary form must reproduce the above copyright notice,
20 * this list of conditions and the following disclaimer in the documentation
21 * and/or other materials provided with the distribution.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY
24 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE
27 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
30 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
31 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGE.
34 *
35 * From: Version 2.6, Tue May 12 17:10:39 MSD 1998
36 */
37
38 #include <sys/param.h>
39
40 #include <sys/systm.h>
41 #include <sys/kernel.h>
42 #include <sys/sockio.h>
43 #include <sys/socket.h>
44 #include <sys/syslog.h>
45 #include <sys/malloc.h>
46 #include <sys/mbuf.h>
47
48 #include <sys/timeout.h>
49 #include <crypto/md5.h>
50
51 #include <net/if.h>
52 #include <net/netisr.h>
53 #include <net/if_types.h>
54 #include <net/route.h>
55
56 /* for arc4random() */
57 #include <dev/rndvar.h>
58
59 #include <sys/stdarg.h>
60
61 #ifdef INET
62 #include <netinet/in.h>
63 #include <netinet/in_systm.h>
64 #include <netinet/in_var.h>
65 #include <netinet/ip.h>
66 #include <netinet/tcp.h>
67 #include <netinet/if_ether.h>
68 #endif
69
70 #ifdef INET6
71 #include <netinet6/in6_ifattach.h>
72 #endif
73
74 #include <net/if_sppp.h>
75
76 # define UNTIMEOUT(fun, arg, handle) \
77 timeout_del(&(handle))
78
79 #define LOOPALIVECNT 3 /* loopback detection tries */
80 #define MAXALIVECNT 3 /* max. missed alive packets */
81 #define NORECV_TIME 15 /* before we get worried */
82
83 /*
84 * Interface flags that can be set in an ifconfig command.
85 *
86 * Setting link0 will make the link passive, i.e. it will be marked
87 * as being administrative openable, but won't be opened to begin
88 * with. Incoming calls will be answered, or subsequent calls with
89 * -link1 will cause the administrative open of the LCP layer.
90 *
91 * Setting link1 will cause the link to auto-dial only as packets
92 * arrive to be sent.
93 *
94 * Setting IFF_DEBUG will syslog the option negotiation and state
95 * transitions at level kern.debug. Note: all logs consistently look
96 * like
97 *
98 * <if-name><unit>: <proto-name> <additional info...>
99 *
100 * with <if-name><unit> being something like "bppp0", and <proto-name>
101 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc.
102 */
103
104 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */
105 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */
106
107 #define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */
108 #define PPP_UI 0x03 /* Unnumbered Information */
109 #define PPP_IP 0x0021 /* Internet Protocol */
110 #define PPP_ISO 0x0023 /* ISO OSI Protocol */
111 #define PPP_XNS 0x0025 /* Xerox NS Protocol */
112 #define PPP_IPX 0x002b /* Novell IPX Protocol */
113 #define PPP_IPV6 0x0057 /* Internet Protocol v6 */
114 #define PPP_LCP 0xc021 /* Link Control Protocol */
115 #define PPP_PAP 0xc023 /* Password Authentication Protocol */
116 #define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */
117 #define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */
118 #define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */
119
120 #define CONF_REQ 1 /* PPP configure request */
121 #define CONF_ACK 2 /* PPP configure acknowledge */
122 #define CONF_NAK 3 /* PPP configure negative ack */
123 #define CONF_REJ 4 /* PPP configure reject */
124 #define TERM_REQ 5 /* PPP terminate request */
125 #define TERM_ACK 6 /* PPP terminate acknowledge */
126 #define CODE_REJ 7 /* PPP code reject */
127 #define PROTO_REJ 8 /* PPP protocol reject */
128 #define ECHO_REQ 9 /* PPP echo request */
129 #define ECHO_REPLY 10 /* PPP echo reply */
130 #define DISC_REQ 11 /* PPP discard request */
131
132 #define LCP_OPT_MRU 1 /* maximum receive unit */
133 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */
134 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */
135 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */
136 #define LCP_OPT_MAGIC 5 /* magic number */
137 #define LCP_OPT_RESERVED 6 /* reserved */
138 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */
139 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */
140
141 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */
142 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */
143 #define IPCP_OPT_ADDRESS 3 /* local IP address */
144
145 #define IPV6CP_OPT_IFID 1 /* interface identifier */
146 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */
147
148 #define PAP_REQ 1 /* PAP name/password request */
149 #define PAP_ACK 2 /* PAP acknowledge */
150 #define PAP_NAK 3 /* PAP fail */
151
152 #define CHAP_CHALLENGE 1 /* CHAP challenge request */
153 #define CHAP_RESPONSE 2 /* CHAP challenge response */
154 #define CHAP_SUCCESS 3 /* CHAP response ok */
155 #define CHAP_FAILURE 4 /* CHAP response failed */
156
157 #define CHAP_MD5 5 /* hash algorithm - MD5 */
158
159 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */
160 #define CISCO_UNICAST 0x0f /* Cisco unicast address */
161 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */
162 #define CISCO_ADDR_REQ 0 /* Cisco address request */
163 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */
164 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */
165
166 /* states are named and numbered according to RFC 1661 */
167 #define STATE_INITIAL 0
168 #define STATE_STARTING 1
169 #define STATE_CLOSED 2
170 #define STATE_STOPPED 3
171 #define STATE_CLOSING 4
172 #define STATE_STOPPING 5
173 #define STATE_REQ_SENT 6
174 #define STATE_ACK_RCVD 7
175 #define STATE_ACK_SENT 8
176 #define STATE_OPENED 9
177
178 struct ppp_header {
179 u_char address;
180 u_char control;
181 u_short protocol;
182 };
183 #define PPP_HEADER_LEN sizeof (struct ppp_header)
184
185 struct lcp_header {
186 u_char type;
187 u_char ident;
188 u_short len;
189 };
190 #define LCP_HEADER_LEN sizeof (struct lcp_header)
191
192 struct cisco_packet {
193 u_int32_t type;
194 u_int32_t par1;
195 u_int32_t par2;
196 u_short rel;
197 u_short time0;
198 u_short time1;
199 };
200 #define CISCO_PACKET_LEN 18
201
202 /*
203 * We follow the spelling and capitalization of RFC 1661 here, to make
204 * it easier comparing with the standard. Please refer to this RFC in
205 * case you can't make sense out of these abbreviation; it will also
206 * explain the semantics related to the various events and actions.
207 */
208 struct cp {
209 u_short proto; /* PPP control protocol number */
210 u_char protoidx; /* index into state table in struct sppp */
211 u_char flags;
212 #define CP_LCP 0x01 /* this is the LCP */
213 #define CP_AUTH 0x02 /* this is an authentication protocol */
214 #define CP_NCP 0x04 /* this is a NCP */
215 #define CP_QUAL 0x08 /* this is a quality reporting protocol */
216 const char *name; /* name of this control protocol */
217 /* event handlers */
218 void (*Up)(struct sppp *sp);
219 void (*Down)(struct sppp *sp);
220 void (*Open)(struct sppp *sp);
221 void (*Close)(struct sppp *sp);
222 void (*TO)(void *sp);
223 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len);
224 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len);
225 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len);
226 /* actions */
227 void (*tlu)(struct sppp *sp);
228 void (*tld)(struct sppp *sp);
229 void (*tls)(struct sppp *sp);
230 void (*tlf)(struct sppp *sp);
231 void (*scr)(struct sppp *sp);
232 };
233
234 static struct sppp *spppq;
235 static struct timeout keepalive_ch;
236
237 #define SPP_FMT "%s: "
238 #define SPP_ARGS(ifp) (ifp)->if_xname
239
240 /* almost every function needs these */
241 #define STDDCL \
242 struct ifnet *ifp = &sp->pp_if; \
243 int debug = ifp->if_flags & IFF_DEBUG
244
245 int sppp_output(struct ifnet *ifp, struct mbuf *m,
246 struct sockaddr *dst, struct rtentry *rt);
247
248 void sppp_cisco_send(struct sppp *sp, u_int32_t type, u_int32_t par1, u_int32_t par2);
249 void sppp_cisco_input(struct sppp *sp, struct mbuf *m);
250
251 void sppp_cp_input(const struct cp *cp, struct sppp *sp,
252 struct mbuf *m);
253 void sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
254 u_char ident, u_short len, void *data);
255 #ifdef notyet
256 void sppp_cp_timeout(void *arg);
257 #endif
258 void sppp_cp_change_state(const struct cp *cp, struct sppp *sp,
259 int newstate);
260 void sppp_auth_send(const struct cp *cp,
261 struct sppp *sp, unsigned int type, u_int id,
262 ...);
263
264 void sppp_up_event(const struct cp *cp, struct sppp *sp);
265 void sppp_down_event(const struct cp *cp, struct sppp *sp);
266 void sppp_open_event(const struct cp *cp, struct sppp *sp);
267 void sppp_close_event(const struct cp *cp, struct sppp *sp);
268 void sppp_increasing_timeout(const struct cp *cp, struct sppp *sp);
269 void sppp_to_event(const struct cp *cp, struct sppp *sp);
270
271 void sppp_null(struct sppp *sp);
272
273 void sppp_lcp_init(struct sppp *sp);
274 void sppp_lcp_up(struct sppp *sp);
275 void sppp_lcp_down(struct sppp *sp);
276 void sppp_lcp_open(struct sppp *sp);
277 void sppp_lcp_close(struct sppp *sp);
278 void sppp_lcp_TO(void *sp);
279 int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
280 void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
281 void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
282 void sppp_lcp_tlu(struct sppp *sp);
283 void sppp_lcp_tld(struct sppp *sp);
284 void sppp_lcp_tls(struct sppp *sp);
285 void sppp_lcp_tlf(struct sppp *sp);
286 void sppp_lcp_scr(struct sppp *sp);
287 void sppp_lcp_check_and_close(struct sppp *sp);
288 int sppp_ncp_check(struct sppp *sp);
289
290 void sppp_ipcp_init(struct sppp *sp);
291 void sppp_ipcp_destroy(struct sppp *sp);
292 void sppp_ipcp_up(struct sppp *sp);
293 void sppp_ipcp_down(struct sppp *sp);
294 void sppp_ipcp_open(struct sppp *sp);
295 void sppp_ipcp_close(struct sppp *sp);
296 void sppp_ipcp_TO(void *sp);
297 int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
298 void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
299 void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
300 void sppp_ipcp_tlu(struct sppp *sp);
301 void sppp_ipcp_tld(struct sppp *sp);
302 void sppp_ipcp_tls(struct sppp *sp);
303 void sppp_ipcp_tlf(struct sppp *sp);
304 void sppp_ipcp_scr(struct sppp *sp);
305
306 void sppp_ipv6cp_init(struct sppp *sp);
307 void sppp_ipv6cp_destroy(struct sppp *sp);
308 void sppp_ipv6cp_up(struct sppp *sp);
309 void sppp_ipv6cp_down(struct sppp *sp);
310 void sppp_ipv6cp_open(struct sppp *sp);
311 void sppp_ipv6cp_close(struct sppp *sp);
312 void sppp_ipv6cp_TO(void *sp);
313 int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len);
314 void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
315 void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
316 void sppp_ipv6cp_tlu(struct sppp *sp);
317 void sppp_ipv6cp_tld(struct sppp *sp);
318 void sppp_ipv6cp_tls(struct sppp *sp);
319 void sppp_ipv6cp_tlf(struct sppp *sp);
320 void sppp_ipv6cp_scr(struct sppp *sp);
321 const char *sppp_ipv6cp_opt_name(u_char opt);
322 void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src,
323 struct in6_addr *dst, struct in6_addr *srcmask);
324 void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src, const struct in6_addr *dst);
325 void sppp_update_ip6_addr(void *arg1, void *arg2);
326 void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest);
327
328 void sppp_pap_input(struct sppp *sp, struct mbuf *m);
329 void sppp_pap_init(struct sppp *sp);
330 void sppp_pap_open(struct sppp *sp);
331 void sppp_pap_close(struct sppp *sp);
332 void sppp_pap_TO(void *sp);
333 void sppp_pap_my_TO(void *sp);
334 void sppp_pap_tlu(struct sppp *sp);
335 void sppp_pap_tld(struct sppp *sp);
336 void sppp_pap_scr(struct sppp *sp);
337
338 void sppp_chap_input(struct sppp *sp, struct mbuf *m);
339 void sppp_chap_init(struct sppp *sp);
340 void sppp_chap_open(struct sppp *sp);
341 void sppp_chap_close(struct sppp *sp);
342 void sppp_chap_TO(void *sp);
343 void sppp_chap_tlu(struct sppp *sp);
344 void sppp_chap_tld(struct sppp *sp);
345 void sppp_chap_scr(struct sppp *sp);
346
347 const char *sppp_auth_type_name(u_short proto, u_char type);
348 const char *sppp_cp_type_name(u_char type);
349 const char *sppp_dotted_quad(u_int32_t addr);
350 const char *sppp_ipcp_opt_name(u_char opt);
351 const char *sppp_lcp_opt_name(u_char opt);
352 const char *sppp_phase_name(enum ppp_phase phase);
353 const char *sppp_proto_name(u_short proto);
354 const char *sppp_state_name(int state);
355 int sppp_get_params(struct sppp *sp, struct ifreq *data);
356 int sppp_set_params(struct sppp *sp, struct ifreq *data);
357 void sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst,
358 u_int32_t *srcmask);
359 void sppp_keepalive(void *dummy);
360 void sppp_phase_network(struct sppp *sp);
361 void sppp_print_bytes(const u_char *p, u_short len);
362 void sppp_print_string(const char *p, u_short len);
363 void sppp_qflush(struct ifqueue *ifq);
364 int sppp_update_gw_walker(struct radix_node *rn, void *arg, u_int);
365 void sppp_update_gw(struct ifnet *ifp);
366 void sppp_set_ip_addrs(void *, void *);
367 void sppp_clear_ip_addrs(void *, void *);
368 void sppp_set_phase(struct sppp *sp);
369
370 /* our control protocol descriptors */
371 static const struct cp lcp = {
372 PPP_LCP, IDX_LCP, CP_LCP, "lcp",
373 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close,
374 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak,
375 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf,
376 sppp_lcp_scr
377 };
378
379 static const struct cp ipcp = {
380 PPP_IPCP, IDX_IPCP,
381 #ifdef INET /* don't run IPCP if there's no IPv4 support */
382 CP_NCP,
383 #else
384 0,
385 #endif
386 "ipcp",
387 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close,
388 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak,
389 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf,
390 sppp_ipcp_scr
391 };
392
393 static const struct cp ipv6cp = {
394 PPP_IPV6CP, IDX_IPV6CP,
395 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/
396 CP_NCP,
397 #else
398 0,
399 #endif
400 "ipv6cp",
401 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close,
402 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak,
403 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf,
404 sppp_ipv6cp_scr
405 };
406
407 static const struct cp pap = {
408 PPP_PAP, IDX_PAP, CP_AUTH, "pap",
409 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close,
410 sppp_pap_TO, 0, 0, 0,
411 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null,
412 sppp_pap_scr
413 };
414
415 static const struct cp chap = {
416 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap",
417 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close,
418 sppp_chap_TO, 0, 0, 0,
419 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null,
420 sppp_chap_scr
421 };
422
423 static const struct cp *cps[IDX_COUNT] = {
424 &lcp, /* IDX_LCP */
425 &ipcp, /* IDX_IPCP */
426 &ipv6cp, /* IDX_IPV6CP */
427 &pap, /* IDX_PAP */
428 &chap, /* IDX_CHAP */
429 };
430
431
432 �/*
433 * Exported functions, comprising our interface to the lower layer.
434 */
435
436 /* Workaround */
437 void
438 spppattach(struct ifnet *ifp)
439 {
440 }
441
442 /*
443 * Process the received packet.
444 */
445 void
446 sppp_input(struct ifnet *ifp, struct mbuf *m)
447 {
448 struct ppp_header ht;
449 struct ifqueue *inq = 0;
450 struct sppp *sp = (struct sppp *)ifp;
451 struct timeval tv;
452 int debug = ifp->if_flags & IFF_DEBUG;
453 int s;
454
455 if (ifp->if_flags & IFF_UP) {
456 /* Count received bytes, add hardware framing */
457 ifp->if_ibytes += m->m_pkthdr.len + sp->pp_framebytes;
458 /* Note time of last receive */
459 getmicrouptime(&tv);
460 sp->pp_last_receive = tv.tv_sec;
461 }
462
463 if (m->m_pkthdr.len <= PPP_HEADER_LEN) {
464 /* Too small packet, drop it. */
465 if (debug)
466 log(LOG_DEBUG,
467 SPP_FMT "input packet is too small, %d bytes\n",
468 SPP_ARGS(ifp), m->m_pkthdr.len);
469 drop:
470 ++ifp->if_ierrors;
471 ++ifp->if_iqdrops;
472 m_freem (m);
473 return;
474 }
475
476 /* mark incoming routing domain */
477 m->m_pkthdr.ph_rtableid = ifp->if_rdomain;
478
479 if (sp->pp_flags & PP_NOFRAMING) {
480 m_copydata(m, 0, sizeof(ht.protocol), (caddr_t)&ht.protocol);
481 m_adj(m, 2);
482 ht.control = PPP_UI;
483 ht.address = PPP_ALLSTATIONS;
484 } else {
485 /* Get PPP header. */
486 m_copydata(m, 0, sizeof(ht), (caddr_t)&ht);
487 m_adj (m, PPP_HEADER_LEN);
488 }
489
490 /* preserve the alignment */
491 if (m->m_len < m->m_pkthdr.len) {
492 m = m_pullup(m, m->m_pkthdr.len);
493 if (m == NULL) {
494 if (debug)
495 log(LOG_DEBUG,
496 SPP_FMT "Failed to align packet!\n", SPP_ARGS(ifp));
497 ++ifp->if_ierrors;
498 ++ifp->if_iqdrops;
499 return;
500 }
501 }
502
503 switch (ht.address) {
504 case PPP_ALLSTATIONS:
505 if (ht.control != PPP_UI)
506 goto invalid;
507 if (sp->pp_flags & PP_CISCO) {
508 if (debug)
509 log(LOG_DEBUG,
510 SPP_FMT "PPP packet in Cisco mode "
511 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
512 SPP_ARGS(ifp),
513 ht.address, ht.control, ntohs(ht.protocol));
514 goto drop;
515 }
516 switch (ntohs (ht.protocol)) {
517 default:
518 if (sp->state[IDX_LCP] == STATE_OPENED)
519 sppp_cp_send (sp, PPP_LCP, PROTO_REJ,
520 ++sp->pp_seq, 2, &ht.protocol);
521 if (debug)
522 log(LOG_DEBUG,
523 SPP_FMT "invalid input protocol "
524 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
525 SPP_ARGS(ifp),
526 ht.address, ht.control, ntohs(ht.protocol));
527 ++ifp->if_noproto;
528 goto drop;
529 case PPP_LCP:
530 sppp_cp_input(&lcp, sp, m);
531 m_freem (m);
532 return;
533 case PPP_PAP:
534 if (sp->pp_phase >= PHASE_AUTHENTICATE)
535 sppp_pap_input(sp, m);
536 m_freem (m);
537 return;
538 case PPP_CHAP:
539 if (sp->pp_phase >= PHASE_AUTHENTICATE)
540 sppp_chap_input(sp, m);
541 m_freem (m);
542 return;
543 #ifdef INET
544 case PPP_IPCP:
545 if (sp->pp_phase == PHASE_NETWORK)
546 sppp_cp_input(&ipcp, sp, m);
547 m_freem (m);
548 return;
549 case PPP_IP:
550 if (sp->state[IDX_IPCP] == STATE_OPENED) {
551 schednetisr (NETISR_IP);
552 inq = &ipintrq;
553 sp->pp_last_activity = tv.tv_sec;
554 }
555 break;
556 #endif
557 #ifdef INET6
558 case PPP_IPV6CP:
559 if (sp->pp_phase == PHASE_NETWORK)
560 sppp_cp_input(&ipv6cp, sp, m);
561 m_freem (m);
562 return;
563 case PPP_IPV6:
564 if (sp->state[IDX_IPV6CP] == STATE_OPENED) {
565 schednetisr (NETISR_IPV6);
566 inq = &ip6intrq;
567 sp->pp_last_activity = tv.tv_sec;
568 }
569 break;
570 #endif
571 }
572 break;
573 case CISCO_MULTICAST:
574 case CISCO_UNICAST:
575 /* Don't check the control field here (RFC 1547). */
576 if (! (sp->pp_flags & PP_CISCO)) {
577 if (debug)
578 log(LOG_DEBUG,
579 SPP_FMT "Cisco packet in PPP mode "
580 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
581 SPP_ARGS(ifp),
582 ht.address, ht.control, ntohs(ht.protocol));
583 goto drop;
584 }
585 switch (ntohs (ht.protocol)) {
586 default:
587 ++ifp->if_noproto;
588 goto invalid;
589 case CISCO_KEEPALIVE:
590 sppp_cisco_input ((struct sppp*) ifp, m);
591 m_freem (m);
592 return;
593 #ifdef INET
594 case ETHERTYPE_IP:
595 schednetisr (NETISR_IP);
596 inq = &ipintrq;
597 break;
598 #endif
599 #ifdef INET6
600 case ETHERTYPE_IPV6:
601 schednetisr (NETISR_IPV6);
602 inq = &ip6intrq;
603 break;
604 #endif
605 }
606 break;
607 default: /* Invalid PPP packet. */
608 invalid:
609 if (debug)
610 log(LOG_DEBUG,
611 SPP_FMT "invalid input packet "
612 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
613 SPP_ARGS(ifp),
614 ht.address, ht.control, ntohs(ht.protocol));
615 goto drop;
616 }
617
618 if (! (ifp->if_flags & IFF_UP) || ! inq)
619 goto drop;
620
621 /* Check queue. */
622 s = splnet();
623 if (IF_QFULL (inq)) {
624 /* Queue overflow. */
625 IF_DROP(inq);
626 splx(s);
627 if (debug)
628 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n",
629 SPP_ARGS(ifp));
630 if (!inq->ifq_congestion)
631 if_congestion(inq);
632 goto drop;
633 }
634 IF_ENQUEUE(inq, m);
635 splx(s);
636 }
637
638 /*
639 * Enqueue transmit packet.
640 */
641 int
642 sppp_output(struct ifnet *ifp, struct mbuf *m,
643 struct sockaddr *dst, struct rtentry *rt)
644 {
645 struct sppp *sp = (struct sppp*) ifp;
646 struct ppp_header *h;
647 struct timeval tv;
648 int s, len, rv = 0;
649 u_int16_t protocol;
650
651 #ifdef DIAGNOSTIC
652 if (ifp->if_rdomain != rtable_l2(m->m_pkthdr.ph_rtableid)) {
653 printf("%s: trying to send packet on wrong domain. "
654 "if %d vs. mbuf %d, AF %d\n", ifp->if_xname,
655 ifp->if_rdomain, rtable_l2(m->m_pkthdr.ph_rtableid),
656 dst->sa_family);
657 }
658 #endif
659
660 s = splnet();
661
662 getmicrouptime(&tv);
663 sp->pp_last_activity = tv.tv_sec;
664
665 if ((ifp->if_flags & IFF_UP) == 0 ||
666 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) {
667 m_freem (m);
668 splx (s);
669 return (ENETDOWN);
670 }
671
672 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) {
673 /*
674 * Interface is not yet running, but auto-dial. Need
675 * to start LCP for it.
676 */
677 ifp->if_flags |= IFF_RUNNING;
678 splx(s);
679 lcp.Open(sp);
680 s = splnet();
681 }
682
683 #ifdef INET
684 /*
685 * Put low delay, telnet, rlogin and ftp control packets
686 * in front of the queue.
687 */
688 if (dst->sa_family == AF_INET) {
689 struct ip *ip = NULL;
690 struct tcphdr *th = NULL;
691
692 if (m->m_len >= sizeof(struct ip)) {
693 ip = mtod(m, struct ip *);
694 if (ip->ip_p == IPPROTO_TCP &&
695 m->m_len >= sizeof(struct ip) + (ip->ip_hl << 2) +
696 sizeof(struct tcphdr)) {
697 th = (struct tcphdr *)
698 ((caddr_t)ip + (ip->ip_hl << 2));
699 }
700 }
701 /*
702 * When using dynamic local IP address assignment by using
703 * 0.0.0.0 as a local address, the first TCP session will
704 * not connect because the local TCP checksum is computed
705 * using 0.0.0.0 which will later become our real IP address
706 * so the TCP checksum computed at the remote end will
707 * become invalid. So we
708 * - don't let packets with src ip addr 0 thru
709 * - we flag TCP packets with src ip 0 as an error
710 */
711
712 if(ip && ip->ip_src.s_addr == INADDR_ANY) {
713 u_int8_t proto = ip->ip_p;
714
715 m_freem(m);
716 splx(s);
717 if(proto == IPPROTO_TCP)
718 return (EADDRNOTAVAIL);
719 else
720 return (0);
721 }
722 }
723 #endif
724
725 if (sp->pp_flags & PP_NOFRAMING)
726 goto skip_header;
727 /*
728 * Prepend general data packet PPP header. For now, IP only.
729 */
730 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT);
731 if (!m) {
732 if (ifp->if_flags & IFF_DEBUG)
733 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n",
734 SPP_ARGS(ifp));
735 ++ifp->if_oerrors;
736 splx (s);
737 return (ENOBUFS);
738 }
739 /*
740 * May want to check size of packet
741 * (albeit due to the implementation it's always enough)
742 */
743 h = mtod (m, struct ppp_header*);
744 if (sp->pp_flags & PP_CISCO) {
745 h->address = CISCO_UNICAST; /* unicast address */
746 h->control = 0;
747 } else {
748 h->address = PPP_ALLSTATIONS; /* broadcast address */
749 h->control = PPP_UI; /* Unnumbered Info */
750 }
751
752 skip_header:
753 switch (dst->sa_family) {
754 #ifdef INET
755 case AF_INET: /* Internet Protocol */
756 if (sp->pp_flags & PP_CISCO)
757 protocol = htons (ETHERTYPE_IP);
758 else {
759 /*
760 * Don't choke with an ENETDOWN early. It's
761 * possible that we just started dialing out,
762 * so don't drop the packet immediately. If
763 * we notice that we run out of buffer space
764 * below, we will however remember that we are
765 * not ready to carry IP packets, and return
766 * ENETDOWN, as opposed to ENOBUFS.
767 */
768 protocol = htons(PPP_IP);
769 if (sp->state[IDX_IPCP] != STATE_OPENED)
770 rv = ENETDOWN;
771 }
772 break;
773 #endif
774 #ifdef INET6
775 case AF_INET6: /* Internet Protocol v6 */
776 if (sp->pp_flags & PP_CISCO)
777 protocol = htons (ETHERTYPE_IPV6);
778 else {
779 /*
780 * Don't choke with an ENETDOWN early. It's
781 * possible that we just started dialing out,
782 * so don't drop the packet immediately. If
783 * we notice that we run out of buffer space
784 * below, we will however remember that we are
785 * not ready to carry IPv6 packets, and return
786 * ENETDOWN, as opposed to ENOBUFS.
787 */
788 protocol = htons(PPP_IPV6);
789 if (sp->state[IDX_IPV6CP] != STATE_OPENED)
790 rv = ENETDOWN;
791 }
792 break;
793 #endif
794 default:
795 m_freem(m);
796 ++ifp->if_oerrors;
797 splx(s);
798 return (EAFNOSUPPORT);
799 }
800
801 if (sp->pp_flags & PP_NOFRAMING) {
802 M_PREPEND(m, 2, M_DONTWAIT);
803 if (m == NULL) {
804 if (ifp->if_flags & IFF_DEBUG)
805 log(LOG_DEBUG, SPP_FMT
806 "no memory for transmit header\n",
807 SPP_ARGS(ifp));
808 ++ifp->if_oerrors;
809 splx(s);
810 return (ENOBUFS);
811 }
812 *mtod(m, u_int16_t *) = protocol;
813 } else
814 h->protocol = protocol;
815
816 /*
817 * Queue message on interface, and start output if interface
818 * not yet active.
819 */
820 len = m->m_pkthdr.len;
821 IFQ_ENQUEUE(&ifp->if_snd, m, NULL, rv);
822
823 if (rv != 0) {
824 ++ifp->if_oerrors;
825 splx (s);
826 return (rv);
827 }
828
829 if (!(ifp->if_flags & IFF_OACTIVE))
830 (*ifp->if_start) (ifp);
831
832 /*
833 * Count output packets and bytes.
834 * The packet length includes header, FCS and 1 flag,
835 * according to RFC 1333.
836 */
837 ifp->if_obytes += len + sp->pp_framebytes;
838 splx (s);
839 return (0);
840 }
841
842 void
843 sppp_attach(struct ifnet *ifp)
844 {
845 struct sppp *sp = (struct sppp*) ifp;
846 int i;
847
848 /* Initialize keepalive handler. */
849 if (! spppq) {
850 timeout_set(&keepalive_ch, sppp_keepalive, NULL);
851 timeout_add_sec(&keepalive_ch, 10);
852 }
853
854 /* Insert new entry into the keepalive list. */
855 sp->pp_next = spppq;
856 spppq = sp;
857
858 sp->pp_if.if_type = IFT_PPP;
859 sp->pp_if.if_output = sppp_output;
860 IFQ_SET_MAXLEN(&sp->pp_if.if_snd, 50);
861 IFQ_SET_MAXLEN(&sp->pp_cpq, 50);
862 sp->pp_loopcnt = 0;
863 sp->pp_alivecnt = 0;
864 sp->pp_last_activity = 0;
865 sp->pp_last_receive = 0;
866 sp->pp_seq = 0;
867 sp->pp_rseq = 0;
868 sp->pp_phase = PHASE_DEAD;
869 sp->pp_up = lcp.Up;
870 sp->pp_down = lcp.Down;
871
872 for (i = 0; i < IDX_COUNT; i++)
873 timeout_set(&sp->ch[i], (cps[i])->TO, (void *)sp);
874 timeout_set(&sp->pap_my_to_ch, sppp_pap_my_TO, (void *)sp);
875
876 sppp_lcp_init(sp);
877 sppp_ipcp_init(sp);
878 sppp_ipv6cp_init(sp);
879 sppp_pap_init(sp);
880 sppp_chap_init(sp);
881 }
882
883 void
884 sppp_detach(struct ifnet *ifp)
885 {
886 struct sppp **q, *p, *sp = (struct sppp*) ifp;
887 int i;
888
889 sppp_ipcp_destroy(sp);
890 sppp_ipv6cp_destroy(sp);
891
892 /* Remove the entry from the keepalive list. */
893 for (q = &spppq; (p = *q); q = &p->pp_next)
894 if (p == sp) {
895 *q = p->pp_next;
896 break;
897 }
898
899 /* Stop keepalive handler. */
900 if (! spppq)
901 UNTIMEOUT(sppp_keepalive, 0, keepalive_ch);
902
903 for (i = 0; i < IDX_COUNT; i++)
904 UNTIMEOUT((cps[i])->TO, (void *)sp, sp->ch[i]);
905 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
906
907 /* release authentication data */
908 if (sp->myauth.name != NULL)
909 free(sp->myauth.name, M_DEVBUF, 0);
910 if (sp->myauth.secret != NULL)
911 free(sp->myauth.secret, M_DEVBUF, 0);
912 if (sp->hisauth.name != NULL)
913 free(sp->hisauth.name, M_DEVBUF, 0);
914 if (sp->hisauth.secret != NULL)
915 free(sp->hisauth.secret, M_DEVBUF, 0);
916 }
917
918 /*
919 * Flush the interface output queue.
920 */
921 void
922 sppp_flush(struct ifnet *ifp)
923 {
924 struct sppp *sp = (struct sppp*) ifp;
925
926 IFQ_PURGE(&sp->pp_if.if_snd);
927 sppp_qflush (&sp->pp_cpq);
928 }
929
930 /*
931 * Check if the output queue is empty.
932 */
933 int
934 sppp_isempty(struct ifnet *ifp)
935 {
936 struct sppp *sp = (struct sppp*) ifp;
937 int empty, s;
938
939 s = splnet();
940 empty = IF_IS_EMPTY(&sp->pp_cpq) &&
941 IFQ_IS_EMPTY(&sp->pp_if.if_snd);
942 splx(s);
943 return (empty);
944 }
945
946 /*
947 * Get next packet to send.
948 */
949 struct mbuf *
950 sppp_dequeue(struct ifnet *ifp)
951 {
952 struct sppp *sp = (struct sppp*) ifp;
953 struct mbuf *m;
954 int s;
955
956 s = splnet();
957 /*
958 * Process only the control protocol queue until we have at
959 * least one NCP open.
960 *
961 * Do always serve all queues in Cisco mode.
962 */
963 IF_DEQUEUE(&sp->pp_cpq, m);
964 if (m == NULL &&
965 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) {
966 IFQ_DEQUEUE (&sp->pp_if.if_snd, m);
967 }
968 splx(s);
969 return m;
970 }
971
972 /*
973 * Pick the next packet, do not remove it from the queue.
974 */
975 struct mbuf *
976 sppp_pick(struct ifnet *ifp)
977 {
978 struct sppp *sp = (struct sppp*)ifp;
979 struct mbuf *m;
980 int s;
981
982 s = splnet();
983 IF_POLL(&sp->pp_cpq, m);
984 if (m == NULL &&
985 (sp->pp_phase == PHASE_NETWORK ||
986 (sp->pp_flags & PP_CISCO) != 0)) {
987 IFQ_POLL(&sp->pp_if.if_snd, m);
988 }
989 splx (s);
990 return (m);
991 }
992
993 /*
994 * Process an ioctl request. Called on low priority level.
995 */
996 int
997 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data)
998 {
999 struct ifreq *ifr = data;
1000 struct ifaddr *ifa = data;
1001 struct sppp *sp = (struct sppp*) ifp;
1002 int s, rv, going_up, going_down, newmode;
1003
1004 s = splnet();
1005 rv = 0;
1006 switch (cmd) {
1007 case SIOCAIFADDR:
1008 case SIOCSIFDSTADDR:
1009 break;
1010
1011 case SIOCSIFADDR:
1012 if_up(ifp);
1013 ifa->ifa_rtrequest = p2p_rtrequest;
1014 /* FALLTHROUGH */
1015
1016 case SIOCSIFFLAGS:
1017 going_up = (ifp->if_flags & IFF_UP) &&
1018 (ifp->if_flags & IFF_RUNNING) == 0;
1019 going_down = (ifp->if_flags & IFF_UP) == 0 &&
1020 (ifp->if_flags & IFF_RUNNING);
1021 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE);
1022 if (newmode == (IFF_AUTO | IFF_PASSIVE)) {
1023 /* sanity */
1024 newmode = IFF_PASSIVE;
1025 ifp->if_flags &= ~IFF_AUTO;
1026 }
1027
1028 if (going_up || going_down)
1029 if (!(sp->pp_flags & PP_CISCO))
1030 lcp.Close(sp);
1031
1032 if (going_up && newmode == 0) {
1033 /* neither auto-dial nor passive */
1034 ifp->if_flags |= IFF_RUNNING;
1035 if (!(sp->pp_flags & PP_CISCO))
1036 lcp.Open(sp);
1037 } else if (going_down) {
1038 sppp_flush(ifp);
1039 ifp->if_flags &= ~IFF_RUNNING;
1040 }
1041 break;
1042
1043 #ifdef SIOCSIFMTU
1044 case SIOCSIFMTU:
1045 if (ifr->ifr_mtu < 128 ||
1046 (sp->lcp.their_mru > 0 &&
1047 ifr->ifr_mtu > sp->lcp.their_mru)) {
1048 splx(s);
1049 return (EINVAL);
1050 }
1051 ifp->if_mtu = ifr->ifr_mtu;
1052 break;
1053 #endif
1054 #ifdef SLIOCSETMTU
1055 case SLIOCSETMTU:
1056 if (*(short*)data < 128 ||
1057 (sp->lcp.their_mru > 0 &&
1058 *(short*)data > sp->lcp.their_mru)) {
1059 splx(s);
1060 return (EINVAL);
1061 }
1062 ifp->if_mtu = *(short*)data;
1063 break;
1064 #endif
1065 #ifdef SIOCGIFMTU
1066 case SIOCGIFMTU:
1067 ifr->ifr_mtu = ifp->if_mtu;
1068 break;
1069 #endif
1070 #ifdef SIOCGIFHARDMTU
1071 case SIOCGIFHARDMTU:
1072 ifr->ifr_hardmtu = ifp->if_hardmtu;
1073 break;
1074 #endif
1075 #ifdef SLIOCGETMTU
1076 case SLIOCGETMTU:
1077 *(short*)data = ifp->if_mtu;
1078 break;
1079 #endif
1080 case SIOCADDMULTI:
1081 case SIOCDELMULTI:
1082 break;
1083
1084 case SIOCGSPPPPARAMS:
1085 rv = sppp_get_params(sp, ifr);
1086 break;
1087
1088 case SIOCSSPPPPARAMS:
1089 rv = sppp_set_params(sp, ifr);
1090 break;
1091
1092 default:
1093 rv = ENOTTY;
1094 }
1095 splx(s);
1096 return rv;
1097 }
1098
1099
1100 �/*
1101 * Cisco framing implementation.
1102 */
1103
1104 /*
1105 * Handle incoming Cisco keepalive protocol packets.
1106 */
1107 void
1108 sppp_cisco_input(struct sppp *sp, struct mbuf *m)
1109 {
1110 STDDCL;
1111 struct cisco_packet *h;
1112 u_int32_t me, mymask;
1113
1114 if (m->m_pkthdr.len < CISCO_PACKET_LEN) {
1115 if (debug)
1116 log(LOG_DEBUG,
1117 SPP_FMT "cisco invalid packet length: %d bytes\n",
1118 SPP_ARGS(ifp), m->m_pkthdr.len);
1119 return;
1120 }
1121 h = mtod (m, struct cisco_packet*);
1122 if (debug)
1123 log(LOG_DEBUG,
1124 SPP_FMT "cisco input: %d bytes "
1125 "<0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n",
1126 SPP_ARGS(ifp), m->m_pkthdr.len,
1127 ntohl(h->type), h->par1, h->par2, (u_int)h->rel,
1128 (u_int)h->time0, (u_int)h->time1);
1129 switch (ntohl (h->type)) {
1130 default:
1131 if (debug)
1132 addlog(SPP_FMT "cisco unknown packet type: 0x%x\n",
1133 SPP_ARGS(ifp), ntohl(h->type));
1134 break;
1135 case CISCO_ADDR_REPLY:
1136 /* Reply on address request, ignore */
1137 break;
1138 case CISCO_KEEPALIVE_REQ:
1139 sp->pp_alivecnt = 0;
1140 sp->pp_rseq = ntohl (h->par1);
1141 if (sp->pp_seq == sp->pp_rseq) {
1142 /* Local and remote sequence numbers are equal.
1143 * Probably, the line is in loopback mode. */
1144 if (sp->pp_loopcnt >= LOOPALIVECNT) {
1145 log(LOG_INFO, SPP_FMT "loopback\n",
1146 SPP_ARGS(ifp));
1147 sp->pp_loopcnt = 0;
1148 if (ifp->if_flags & IFF_UP) {
1149 if_down (ifp);
1150 sppp_qflush (&sp->pp_cpq);
1151 }
1152 }
1153 ++sp->pp_loopcnt;
1154
1155 /* Generate new local sequence number */
1156 sp->pp_seq = arc4random();
1157 break;
1158 }
1159 sp->pp_loopcnt = 0;
1160 if (! (ifp->if_flags & IFF_UP) &&
1161 (ifp->if_flags & IFF_RUNNING)) {
1162 if_up(ifp);
1163 if (debug)
1164 log(LOG_INFO, SPP_FMT "up\n", SPP_ARGS(ifp));
1165 }
1166 break;
1167 case CISCO_ADDR_REQ:
1168 sppp_get_ip_addrs(sp, &me, 0, &mymask);
1169 if (me != 0)
1170 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask);
1171 break;
1172 }
1173 }
1174
1175 /*
1176 * Send Cisco keepalive packet.
1177 */
1178 void
1179 sppp_cisco_send(struct sppp *sp, u_int32_t type, u_int32_t par1, u_int32_t par2)
1180 {
1181 STDDCL;
1182 struct ppp_header *h;
1183 struct cisco_packet *ch;
1184 struct mbuf *m;
1185 struct timeval tv;
1186
1187 getmicrouptime(&tv);
1188
1189 MGETHDR (m, M_DONTWAIT, MT_DATA);
1190 if (! m)
1191 return;
1192 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN;
1193 m->m_pkthdr.rcvif = 0;
1194
1195 h = mtod (m, struct ppp_header*);
1196 h->address = CISCO_MULTICAST;
1197 h->control = 0;
1198 h->protocol = htons (CISCO_KEEPALIVE);
1199
1200 ch = (struct cisco_packet*) (h + 1);
1201 ch->type = htonl (type);
1202 ch->par1 = htonl (par1);
1203 ch->par2 = htonl (par2);
1204 ch->rel = -1;
1205
1206 ch->time0 = htons ((u_short) (tv.tv_sec >> 16));
1207 ch->time1 = htons ((u_short) tv.tv_sec);
1208
1209 if (debug)
1210 log(LOG_DEBUG, SPP_FMT
1211 "cisco output: <0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n",
1212 SPP_ARGS(ifp), ntohl(ch->type), ch->par1, ch->par2,
1213 (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1);
1214
1215 if (IF_QFULL (&sp->pp_cpq)) {
1216 IF_DROP (&ifp->if_snd);
1217 m_freem (m);
1218 m = NULL;
1219 } else
1220 IF_ENQUEUE (&sp->pp_cpq, m);
1221 if (! (ifp->if_flags & IFF_OACTIVE))
1222 (*ifp->if_start) (ifp);
1223 if (m != NULL)
1224 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes;
1225 }
1226
1227 �/*
1228 * PPP protocol implementation.
1229 */
1230
1231 /*
1232 * Send PPP control protocol packet.
1233 */
1234 void
1235 sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
1236 u_char ident, u_short len, void *data)
1237 {
1238 STDDCL;
1239 struct ppp_header *h;
1240 struct lcp_header *lh;
1241 struct mbuf *m;
1242 size_t pkthdrlen;
1243
1244 pkthdrlen = (sp->pp_flags & PP_NOFRAMING) ? 2 : PPP_HEADER_LEN;
1245
1246 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN)
1247 len = MHLEN - pkthdrlen - LCP_HEADER_LEN;
1248 MGETHDR (m, M_DONTWAIT, MT_DATA);
1249 if (! m)
1250 return;
1251 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len;
1252 m->m_pkthdr.rcvif = 0;
1253
1254 if (sp->pp_flags & PP_NOFRAMING) {
1255 *mtod(m, u_int16_t *) = htons(proto);
1256 lh = (struct lcp_header *)(mtod(m, u_int8_t *) + 2);
1257 } else {
1258 h = mtod (m, struct ppp_header*);
1259 h->address = PPP_ALLSTATIONS; /* broadcast address */
1260 h->control = PPP_UI; /* Unnumbered Info */
1261 h->protocol = htons (proto); /* Link Control Protocol */
1262 lh = (struct lcp_header*) (h + 1);
1263 }
1264 lh->type = type;
1265 lh->ident = ident;
1266 lh->len = htons (LCP_HEADER_LEN + len);
1267 if (len)
1268 bcopy (data, lh+1, len);
1269
1270 if (debug) {
1271 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d",
1272 SPP_ARGS(ifp),
1273 sppp_proto_name(proto),
1274 sppp_cp_type_name (lh->type), lh->ident,
1275 ntohs (lh->len));
1276 if (len)
1277 sppp_print_bytes ((u_char*) (lh+1), len);
1278 addlog(">\n");
1279 }
1280 if (IF_QFULL (&sp->pp_cpq)) {
1281 IF_DROP (&ifp->if_snd);
1282 m_freem (m);
1283 ++ifp->if_oerrors;
1284 m = NULL;
1285 } else
1286 IF_ENQUEUE (&sp->pp_cpq, m);
1287 if (!(ifp->if_flags & IFF_OACTIVE))
1288 (*ifp->if_start) (ifp);
1289 if (m != NULL)
1290 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes;
1291 }
1292
1293 /*
1294 * Handle incoming PPP control protocol packets.
1295 */
1296 void
1297 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m)
1298 {
1299 STDDCL;
1300 struct lcp_header *h;
1301 int len = m->m_pkthdr.len;
1302 int rv;
1303 u_char *p;
1304 u_long nmagic;
1305
1306 if (len < 4) {
1307 if (debug)
1308 log(LOG_DEBUG,
1309 SPP_FMT "%s invalid packet length: %d bytes\n",
1310 SPP_ARGS(ifp), cp->name, len);
1311 return;
1312 }
1313 h = mtod (m, struct lcp_header*);
1314 if (debug) {
1315 log(LOG_DEBUG,
1316 SPP_FMT "%s input(%s): <%s id=0x%x len=%d",
1317 SPP_ARGS(ifp), cp->name,
1318 sppp_state_name(sp->state[cp->protoidx]),
1319 sppp_cp_type_name (h->type), h->ident, ntohs (h->len));
1320 if (len > 4)
1321 sppp_print_bytes ((u_char*) (h+1), len-4);
1322 addlog(">\n");
1323 }
1324 if (len > ntohs (h->len))
1325 len = ntohs (h->len);
1326 p = (u_char *)(h + 1);
1327 switch (h->type) {
1328 case CONF_REQ:
1329 if (len < 4) {
1330 if (debug)
1331 addlog(SPP_FMT "%s invalid conf-req length %d\n",
1332 SPP_ARGS(ifp), cp->name,
1333 len);
1334 ++ifp->if_ierrors;
1335 break;
1336 }
1337 /* handle states where RCR doesn't get a SCA/SCN */
1338 switch (sp->state[cp->protoidx]) {
1339 case STATE_CLOSING:
1340 case STATE_STOPPING:
1341 return;
1342 case STATE_CLOSED:
1343 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident,
1344 0, 0);
1345 return;
1346 }
1347 rv = (cp->RCR)(sp, h, len);
1348 /* silently drop illegal packets */
1349 if (rv == -1)
1350 return;
1351 switch (sp->state[cp->protoidx]) {
1352 case STATE_OPENED:
1353 sppp_cp_change_state(cp, sp, rv?
1354 STATE_ACK_SENT: STATE_REQ_SENT);
1355 (cp->tld)(sp);
1356 (cp->scr)(sp);
1357 break;
1358 case STATE_ACK_SENT:
1359 case STATE_REQ_SENT:
1360 sppp_cp_change_state(cp, sp, rv?
1361 STATE_ACK_SENT: STATE_REQ_SENT);
1362 break;
1363 case STATE_STOPPED:
1364 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1365 sppp_cp_change_state(cp, sp, rv?
1366 STATE_ACK_SENT: STATE_REQ_SENT);
1367 (cp->scr)(sp);
1368 break;
1369 case STATE_ACK_RCVD:
1370 if (rv) {
1371 sppp_cp_change_state(cp, sp, STATE_OPENED);
1372 if (debug)
1373 log(LOG_DEBUG, SPP_FMT "%s tlu\n",
1374 SPP_ARGS(ifp),
1375 cp->name);
1376 (cp->tlu)(sp);
1377 } else
1378 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1379 break;
1380 default:
1381 /* printf(SPP_FMT "%s illegal %s in state %s\n",
1382 SPP_ARGS(ifp), cp->name,
1383 sppp_cp_type_name(h->type),
1384 sppp_state_name(sp->state[cp->protoidx])); */
1385 ++ifp->if_ierrors;
1386 }
1387 break;
1388 case CONF_ACK:
1389 if (h->ident != sp->confid[cp->protoidx]) {
1390 if (debug)
1391 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n",
1392 SPP_ARGS(ifp), cp->name,
1393 h->ident, sp->confid[cp->protoidx]);
1394 ++ifp->if_ierrors;
1395 break;
1396 }
1397 switch (sp->state[cp->protoidx]) {
1398 case STATE_CLOSED:
1399 case STATE_STOPPED:
1400 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1401 break;
1402 case STATE_CLOSING:
1403 case STATE_STOPPING:
1404 break;
1405 case STATE_REQ_SENT:
1406 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1407 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1408 break;
1409 case STATE_OPENED:
1410 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1411 (cp->tld)(sp);
1412 (cp->scr)(sp);
1413 break;
1414 case STATE_ACK_RCVD:
1415 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1416 (cp->scr)(sp);
1417 break;
1418 case STATE_ACK_SENT:
1419 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1420 sppp_cp_change_state(cp, sp, STATE_OPENED);
1421 if (debug)
1422 log(LOG_DEBUG, SPP_FMT "%s tlu\n",
1423 SPP_ARGS(ifp), cp->name);
1424 (cp->tlu)(sp);
1425 break;
1426 default:
1427 /* printf(SPP_FMT "%s illegal %s in state %s\n",
1428 SPP_ARGS(ifp), cp->name,
1429 sppp_cp_type_name(h->type),
1430 sppp_state_name(sp->state[cp->protoidx])); */
1431 ++ifp->if_ierrors;
1432 }
1433 break;
1434 case CONF_NAK:
1435 case CONF_REJ:
1436 if (h->ident != sp->confid[cp->protoidx]) {
1437 if (debug)
1438 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n",
1439 SPP_ARGS(ifp), cp->name,
1440 h->ident, sp->confid[cp->protoidx]);
1441 ++ifp->if_ierrors;
1442 break;
1443 }
1444 if (h->type == CONF_NAK)
1445 (cp->RCN_nak)(sp, h, len);
1446 else /* CONF_REJ */
1447 (cp->RCN_rej)(sp, h, len);
1448
1449 switch (sp->state[cp->protoidx]) {
1450 case STATE_CLOSED:
1451 case STATE_STOPPED:
1452 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1453 break;
1454 case STATE_REQ_SENT:
1455 case STATE_ACK_SENT:
1456 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1457 (cp->scr)(sp);
1458 break;
1459 case STATE_OPENED:
1460 sppp_cp_change_state(cp, sp, STATE_ACK_SENT);
1461 (cp->tld)(sp);
1462 (cp->scr)(sp);
1463 break;
1464 case STATE_ACK_RCVD:
1465 sppp_cp_change_state(cp, sp, STATE_ACK_SENT);
1466 (cp->scr)(sp);
1467 break;
1468 case STATE_CLOSING:
1469 case STATE_STOPPING:
1470 break;
1471 default:
1472 /* printf(SPP_FMT "%s illegal %s in state %s\n",
1473 SPP_ARGS(ifp), cp->name,
1474 sppp_cp_type_name(h->type),
1475 sppp_state_name(sp->state[cp->protoidx])); */
1476 ++ifp->if_ierrors;
1477 }
1478 break;
1479
1480 case TERM_REQ:
1481 switch (sp->state[cp->protoidx]) {
1482 case STATE_ACK_RCVD:
1483 case STATE_ACK_SENT:
1484 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1485 /* FALLTHROUGH */
1486 case STATE_CLOSED:
1487 case STATE_STOPPED:
1488 case STATE_CLOSING:
1489 case STATE_STOPPING:
1490 case STATE_REQ_SENT:
1491 sta:
1492 /* Send Terminate-Ack packet. */
1493 if (debug)
1494 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n",
1495 SPP_ARGS(ifp), cp->name);
1496 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1497 break;
1498 case STATE_OPENED:
1499 sp->rst_counter[cp->protoidx] = 0;
1500 sppp_cp_change_state(cp, sp, STATE_STOPPING);
1501 (cp->tld)(sp);
1502 goto sta;
1503 break;
1504 default:
1505 /* printf(SPP_FMT "%s illegal %s in state %s\n",
1506 SPP_ARGS(ifp), cp->name,
1507 sppp_cp_type_name(h->type),
1508 sppp_state_name(sp->state[cp->protoidx])); */
1509 ++ifp->if_ierrors;
1510 }
1511 break;
1512 case TERM_ACK:
1513 switch (sp->state[cp->protoidx]) {
1514 case STATE_CLOSED:
1515 case STATE_STOPPED:
1516 case STATE_REQ_SENT:
1517 case STATE_ACK_SENT:
1518 break;
1519 case STATE_CLOSING:
1520 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1521 (cp->tlf)(sp);
1522 break;
1523 case STATE_STOPPING:
1524 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1525 (cp->tlf)(sp);
1526 break;
1527 case STATE_ACK_RCVD:
1528 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1529 break;
1530 case STATE_OPENED:
1531 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1532 (cp->tld)(sp);
1533 (cp->scr)(sp);
1534 break;
1535 default:
1536 /* printf(SPP_FMT "%s illegal %s in state %s\n",
1537 SPP_ARGS(ifp), cp->name,
1538 sppp_cp_type_name(h->type),
1539 sppp_state_name(sp->state[cp->protoidx])); */
1540 ++ifp->if_ierrors;
1541 }
1542 break;
1543 case CODE_REJ:
1544 case PROTO_REJ:
1545 {
1546 int catastrophic = 0;
1547 const struct cp *upper = NULL;
1548 int i;
1549 u_int16_t proto;
1550
1551 if (len < 2) {
1552 if (debug)
1553 log(LOG_DEBUG, SPP_FMT "invalid proto-rej length\n",
1554 SPP_ARGS(ifp));
1555 ++ifp->if_ierrors;
1556 break;
1557 }
1558
1559 proto = ntohs(*((u_int16_t *)p));
1560 for (i = 0; i < IDX_COUNT; i++) {
1561 if (cps[i]->proto == proto) {
1562 upper = cps[i];
1563 break;
1564 }
1565 }
1566 if (upper == NULL)
1567 catastrophic++;
1568
1569 if (catastrophic || debug)
1570 log(catastrophic? LOG_INFO: LOG_DEBUG,
1571 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n",
1572 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+',
1573 sppp_cp_type_name(h->type), proto,
1574 upper ? upper->name : "unknown",
1575 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?");
1576
1577 /*
1578 * if we got RXJ+ against conf-req, the peer does not implement
1579 * this particular protocol type. terminate the protocol.
1580 */
1581 if (upper) {
1582 if (sp->state[upper->protoidx] == STATE_REQ_SENT) {
1583 upper->Close(sp);
1584 break;
1585 }
1586 }
1587
1588 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */
1589 switch (sp->state[cp->protoidx]) {
1590 case STATE_CLOSED:
1591 case STATE_STOPPED:
1592 case STATE_REQ_SENT:
1593 case STATE_ACK_SENT:
1594 case STATE_CLOSING:
1595 case STATE_STOPPING:
1596 case STATE_OPENED:
1597 break;
1598 case STATE_ACK_RCVD:
1599 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1600 break;
1601 default:
1602 /* printf(SPP_FMT "%s illegal %s in state %s\n",
1603 SPP_ARGS(ifp), cp->name,
1604 sppp_cp_type_name(h->type),
1605 sppp_state_name(sp->state[cp->protoidx])); */
1606 ++ifp->if_ierrors;
1607 }
1608 break;
1609 }
1610 case DISC_REQ:
1611 if (cp->proto != PPP_LCP)
1612 goto illegal;
1613 /* Discard the packet. */
1614 break;
1615 case ECHO_REQ:
1616 if (cp->proto != PPP_LCP)
1617 goto illegal;
1618 if (sp->state[cp->protoidx] != STATE_OPENED) {
1619 if (debug)
1620 addlog(SPP_FMT "lcp echo req but lcp closed\n",
1621 SPP_ARGS(ifp));
1622 ++ifp->if_ierrors;
1623 break;
1624 }
1625 if (len < 8) {
1626 if (debug)
1627 addlog(SPP_FMT "invalid lcp echo request "
1628 "packet length: %d bytes\n",
1629 SPP_ARGS(ifp), len);
1630 break;
1631 }
1632
1633 nmagic = (u_long)p[0] << 24 |
1634 (u_long)p[1] << 16 | p[2] << 8 | p[3];
1635
1636 if (nmagic == sp->lcp.magic) {
1637 /* Line loopback mode detected. */
1638 log(LOG_INFO, SPP_FMT "loopback\n", SPP_ARGS(ifp));
1639 /* Shut down the PPP link. */
1640 lcp.Close(sp);
1641 break;
1642 }
1643
1644 p[0] = sp->lcp.magic >> 24;
1645 p[1] = sp->lcp.magic >> 16;
1646 p[2] = sp->lcp.magic >> 8;
1647 p[3] = sp->lcp.magic;
1648
1649 if (debug)
1650 addlog(SPP_FMT "got lcp echo req, sending echo rep\n",
1651 SPP_ARGS(ifp));
1652 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1);
1653 break;
1654 case ECHO_REPLY:
1655 if (cp->proto != PPP_LCP)
1656 goto illegal;
1657 if (h->ident != sp->lcp.echoid) {
1658 ++ifp->if_ierrors;
1659 break;
1660 }
1661 if (len < 8) {
1662 if (debug)
1663 addlog(SPP_FMT "lcp invalid echo reply "
1664 "packet length: %d bytes\n",
1665 SPP_ARGS(ifp), len);
1666 break;
1667 }
1668 if (debug)
1669 addlog(SPP_FMT "lcp got echo rep\n",
1670 SPP_ARGS(ifp));
1671
1672 nmagic = (u_long)p[0] << 24 |
1673 (u_long)p[1] << 16 | p[2] << 8 | p[3];
1674
1675 if (nmagic != sp->lcp.magic)
1676 sp->pp_alivecnt = 0;
1677 break;
1678 default:
1679 /* Unknown packet type -- send Code-Reject packet. */
1680 illegal:
1681 if (debug)
1682 addlog(SPP_FMT "%s send code-rej for 0x%x\n",
1683 SPP_ARGS(ifp), cp->name, h->type);
1684 sppp_cp_send(sp, cp->proto, CODE_REJ, ++sp->pp_seq,
1685 m->m_pkthdr.len, h);
1686 ++ifp->if_ierrors;
1687 }
1688 }
1689
1690
1691 /*
1692 * The generic part of all Up/Down/Open/Close/TO event handlers.
1693 * Basically, the state transition handling in the automaton.
1694 */
1695 void
1696 sppp_up_event(const struct cp *cp, struct sppp *sp)
1697 {
1698 STDDCL;
1699
1700 if (debug)
1701 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n",
1702 SPP_ARGS(ifp), cp->name,
1703 sppp_state_name(sp->state[cp->protoidx]));
1704
1705 switch (sp->state[cp->protoidx]) {
1706 case STATE_INITIAL:
1707 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1708 break;
1709 case STATE_STARTING:
1710 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1711 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1712 (cp->scr)(sp);
1713 break;
1714 default:
1715 /* printf(SPP_FMT "%s illegal up in state %s\n",
1716 SPP_ARGS(ifp), cp->name,
1717 sppp_state_name(sp->state[cp->protoidx])); */
1718 break;
1719 }
1720 }
1721
1722 void
1723 sppp_down_event(const struct cp *cp, struct sppp *sp)
1724 {
1725 STDDCL;
1726
1727 if (debug)
1728 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n",
1729 SPP_ARGS(ifp), cp->name,
1730 sppp_state_name(sp->state[cp->protoidx]));
1731
1732 switch (sp->state[cp->protoidx]) {
1733 case STATE_CLOSED:
1734 case STATE_CLOSING:
1735 sppp_cp_change_state(cp, sp, STATE_INITIAL);
1736 break;
1737 case STATE_STOPPED:
1738 sppp_cp_change_state(cp, sp, STATE_STARTING);
1739 (cp->tls)(sp);
1740 break;
1741 case STATE_STOPPING:
1742 case STATE_REQ_SENT:
1743 case STATE_ACK_RCVD:
1744 case STATE_ACK_SENT:
1745 sppp_cp_change_state(cp, sp, STATE_STARTING);
1746 break;
1747 case STATE_OPENED:
1748 sppp_cp_change_state(cp, sp, STATE_STARTING);
1749 (cp->tld)(sp);
1750 break;
1751 default:
1752 /* printf(SPP_FMT "%s illegal down in state %s\n",
1753 SPP_ARGS(ifp), cp->name,
1754 sppp_state_name(sp->state[cp->protoidx])); */
1755 break;
1756 }
1757 }
1758
1759
1760 void
1761 sppp_open_event(const struct cp *cp, struct sppp *sp)
1762 {
1763 STDDCL;
1764
1765 if (debug)
1766 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n",
1767 SPP_ARGS(ifp), cp->name,
1768 sppp_state_name(sp->state[cp->protoidx]));
1769
1770 switch (sp->state[cp->protoidx]) {
1771 case STATE_INITIAL:
1772 sppp_cp_change_state(cp, sp, STATE_STARTING);
1773 (cp->tls)(sp);
1774 break;
1775 case STATE_STARTING:
1776 break;
1777 case STATE_CLOSED:
1778 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1779 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1780 (cp->scr)(sp);
1781 break;
1782 case STATE_STOPPED:
1783 case STATE_STOPPING:
1784 case STATE_REQ_SENT:
1785 case STATE_ACK_RCVD:
1786 case STATE_ACK_SENT:
1787 case STATE_OPENED:
1788 break;
1789 case STATE_CLOSING:
1790 sppp_cp_change_state(cp, sp, STATE_STOPPING);
1791 break;
1792 }
1793 }
1794
1795
1796 void
1797 sppp_close_event(const struct cp *cp, struct sppp *sp)
1798 {
1799 STDDCL;
1800
1801 if (debug)
1802 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n",
1803 SPP_ARGS(ifp), cp->name,
1804 sppp_state_name(sp->state[cp->protoidx]));
1805
1806 switch (sp->state[cp->protoidx]) {
1807 case STATE_INITIAL:
1808 case STATE_CLOSED:
1809 case STATE_CLOSING:
1810 break;
1811 case STATE_STARTING:
1812 sppp_cp_change_state(cp, sp, STATE_INITIAL);
1813 (cp->tlf)(sp);
1814 break;
1815 case STATE_STOPPED:
1816 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1817 break;
1818 case STATE_STOPPING:
1819 sppp_cp_change_state(cp, sp, STATE_CLOSING);
1820 break;
1821 case STATE_OPENED:
1822 sppp_cp_change_state(cp, sp, STATE_CLOSING);
1823 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate;
1824 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0);
1825 (cp->tld)(sp);
1826 break;
1827 case STATE_REQ_SENT:
1828 case STATE_ACK_RCVD:
1829 case STATE_ACK_SENT:
1830 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate;
1831 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0);
1832 sppp_cp_change_state(cp, sp, STATE_CLOSING);
1833 break;
1834 }
1835 }
1836
1837 void
1838 sppp_increasing_timeout (const struct cp *cp, struct sppp *sp)
1839 {
1840 int timo;
1841
1842 timo = sp->lcp.max_configure - sp->rst_counter[cp->protoidx];
1843 if (timo < 1)
1844 timo = 1;
1845 timeout_add(&sp->ch[cp->protoidx], timo * sp->lcp.timeout);
1846 }
1847
1848 void
1849 sppp_to_event(const struct cp *cp, struct sppp *sp)
1850 {
1851 STDDCL;
1852 int s;
1853
1854 s = splnet();
1855 if (debug)
1856 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n",
1857 SPP_ARGS(ifp), cp->name,
1858 sppp_state_name(sp->state[cp->protoidx]),
1859 sp->rst_counter[cp->protoidx]);
1860
1861 if (--sp->rst_counter[cp->protoidx] < 0)
1862 /* TO- event */
1863 switch (sp->state[cp->protoidx]) {
1864 case STATE_CLOSING:
1865 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1866 (cp->tlf)(sp);
1867 break;
1868 case STATE_STOPPING:
1869 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1870 (cp->tlf)(sp);
1871 break;
1872 case STATE_REQ_SENT:
1873 case STATE_ACK_RCVD:
1874 case STATE_ACK_SENT:
1875 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1876 (cp->tlf)(sp);
1877 break;
1878 }
1879 else
1880 /* TO+ event */
1881 switch (sp->state[cp->protoidx]) {
1882 case STATE_CLOSING:
1883 case STATE_STOPPING:
1884 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq,
1885 0, 0);
1886 sppp_increasing_timeout (cp, sp);
1887 break;
1888 case STATE_REQ_SENT:
1889 case STATE_ACK_RCVD:
1890 /* sppp_cp_change_state() will restart the timer */
1891 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1892 (cp->scr)(sp);
1893 break;
1894 case STATE_ACK_SENT:
1895 sppp_increasing_timeout (cp, sp);
1896 (cp->scr)(sp);
1897 break;
1898 }
1899
1900 splx(s);
1901 }
1902
1903 /*
1904 * Change the state of a control protocol in the state automaton.
1905 * Takes care of starting/stopping the restart timer.
1906 */
1907 void
1908 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate)
1909 {
1910 STDDCL;
1911
1912 if (debug && sp->state[cp->protoidx] != newstate)
1913 log(LOG_DEBUG, SPP_FMT "%s %s->%s\n",
1914 SPP_ARGS(ifp), cp->name,
1915 sppp_state_name(sp->state[cp->protoidx]),
1916 sppp_state_name(newstate));
1917 sp->state[cp->protoidx] = newstate;
1918
1919 switch (newstate) {
1920 case STATE_INITIAL:
1921 case STATE_STARTING:
1922 case STATE_CLOSED:
1923 case STATE_STOPPED:
1924 case STATE_OPENED:
1925 UNTIMEOUT(cp->TO, (void *)sp, sp->ch[cp->protoidx]);
1926 break;
1927 case STATE_CLOSING:
1928 case STATE_STOPPING:
1929 case STATE_REQ_SENT:
1930 case STATE_ACK_RCVD:
1931 case STATE_ACK_SENT:
1932 if (!timeout_pending(&sp->ch[cp->protoidx]))
1933 sppp_increasing_timeout (cp, sp);
1934 break;
1935 }
1936 }
1937 �/*
1938 *--------------------------------------------------------------------------*
1939 * *
1940 * The LCP implementation. *
1941 * *
1942 *--------------------------------------------------------------------------*
1943 */
1944 void
1945 sppp_lcp_init(struct sppp *sp)
1946 {
1947 sp->lcp.opts = (1 << LCP_OPT_MAGIC);
1948 sp->lcp.magic = 0;
1949 sp->state[IDX_LCP] = STATE_INITIAL;
1950 sp->fail_counter[IDX_LCP] = 0;
1951 sp->lcp.protos = 0;
1952 sp->lcp.mru = sp->pp_if.if_mtu;
1953 sp->lcp.their_mru = 0;
1954
1955 /*
1956 * Initialize counters and timeout values. Note that we don't
1957 * use the 3 seconds suggested in RFC 1661 since we are likely
1958 * running on a fast link. XXX We should probably implement
1959 * the exponential backoff option. Note that these values are
1960 * relevant for all control protocols, not just LCP only.
1961 */
1962 sp->lcp.timeout = 1 * hz;
1963 sp->lcp.max_terminate = 2;
1964 sp->lcp.max_configure = 10;
1965 sp->lcp.max_failure = 10;
1966 }
1967
1968 void
1969 sppp_lcp_up(struct sppp *sp)
1970 {
1971 STDDCL;
1972 struct timeval tv;
1973
1974 if (sp->pp_flags & PP_CISCO) {
1975 int s = splsoftnet();
1976 sp->pp_if.if_link_state = LINK_STATE_UP;
1977 if_link_state_change(&sp->pp_if);
1978 splx(s);
1979 return;
1980 }
1981
1982 sp->pp_alivecnt = 0;
1983 sp->lcp.opts = (1 << LCP_OPT_MAGIC);
1984 sp->lcp.magic = 0;
1985 sp->lcp.protos = 0;
1986 if (sp->pp_if.if_mtu != PP_MTU) {
1987 sp->lcp.mru = sp->pp_if.if_mtu;
1988 sp->lcp.opts |= (1 << LCP_OPT_MRU);
1989 } else
1990 sp->lcp.mru = PP_MTU;
1991 sp->lcp.their_mru = PP_MTU;
1992
1993 getmicrouptime(&tv);
1994 sp->pp_last_receive = sp->pp_last_activity = tv.tv_sec;
1995
1996 /*
1997 * If this interface is passive or dial-on-demand, and we are
1998 * still in Initial state, it means we've got an incoming
1999 * call. Activate the interface.
2000 */
2001 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) {
2002 if (debug)
2003 log(LOG_DEBUG,
2004 SPP_FMT "Up event", SPP_ARGS(ifp));
2005 ifp->if_flags |= IFF_RUNNING;
2006 if (sp->state[IDX_LCP] == STATE_INITIAL) {
2007 if (debug)
2008 addlog("(incoming call)\n");
2009 sp->pp_flags |= PP_CALLIN;
2010 lcp.Open(sp);
2011 } else if (debug)
2012 addlog("\n");
2013 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 &&
2014 (sp->state[IDX_LCP] == STATE_INITIAL)) {
2015 ifp->if_flags |= IFF_RUNNING;
2016 lcp.Open(sp);
2017 }
2018
2019 sppp_up_event(&lcp, sp);
2020 }
2021
2022 void
2023 sppp_lcp_down(struct sppp *sp)
2024 {
2025 STDDCL;
2026
2027 if (sp->pp_flags & PP_CISCO) {
2028 int s = splsoftnet();
2029 sp->pp_if.if_link_state = LINK_STATE_DOWN;
2030 if_link_state_change(&sp->pp_if);
2031 splx(s);
2032 return;
2033 }
2034
2035 sppp_down_event(&lcp, sp);
2036
2037 /*
2038 * If this is neither a dial-on-demand nor a passive
2039 * interface, simulate an ``ifconfig down'' action, so the
2040 * administrator can force a redial by another ``ifconfig
2041 * up''. XXX For leased line operation, should we immediately
2042 * try to reopen the connection here?
2043 */
2044 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) {
2045 if (debug)
2046 log(LOG_DEBUG, SPP_FMT "Down event (carrier loss), "
2047 "taking interface down.", SPP_ARGS(ifp));
2048 if_down(ifp);
2049 } else {
2050 if (debug)
2051 log(LOG_DEBUG, SPP_FMT "Down event (carrier loss)\n",
2052 SPP_ARGS(ifp));
2053 }
2054
2055 if (sp->state[IDX_LCP] != STATE_INITIAL)
2056 lcp.Close(sp);
2057 sp->lcp.their_mru = 0;
2058 sp->pp_flags &= ~PP_CALLIN;
2059 ifp->if_flags &= ~IFF_RUNNING;
2060 sppp_flush(ifp);
2061 }
2062
2063 void
2064 sppp_lcp_open(struct sppp *sp)
2065 {
2066 /*
2067 * If we are authenticator, negotiate LCP_AUTH
2068 */
2069 if (sp->hisauth.proto != 0)
2070 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO);
2071 else
2072 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
2073 sp->pp_flags &= ~PP_NEEDAUTH;
2074 sppp_open_event(&lcp, sp);
2075 }
2076
2077 void
2078 sppp_lcp_close(struct sppp *sp)
2079 {
2080 sppp_close_event(&lcp, sp);
2081 }
2082
2083 void
2084 sppp_lcp_TO(void *cookie)
2085 {
2086 sppp_to_event(&lcp, (struct sppp *)cookie);
2087 }
2088
2089 /*
2090 * Analyze a configure request. Return true if it was agreeable, and
2091 * caused action sca, false if it has been rejected or nak'ed, and
2092 * caused action scn. (The return value is used to make the state
2093 * transition decision in the state automaton.)
2094 */
2095 int
2096 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
2097 {
2098 STDDCL;
2099 u_char *buf, *r, *p;
2100 int origlen, rlen;
2101 u_long nmagic;
2102 u_short authproto;
2103
2104 len -= 4;
2105 origlen = len;
2106 buf = r = malloc (len, M_TEMP, M_NOWAIT);
2107 if (! buf)
2108 return (0);
2109
2110 if (debug)
2111 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ",
2112 SPP_ARGS(ifp));
2113
2114 /* pass 1: check for things that need to be rejected */
2115 p = (void*) (h+1);
2116 for (rlen = 0; len > 1; len -= p[1], p += p[1]) {
2117 if (p[1] < 2 || p[1] > len) {
2118 free(buf, M_TEMP, 0);
2119 return (-1);
2120 }
2121 if (debug)
2122 addlog("%s ", sppp_lcp_opt_name(*p));
2123 switch (*p) {
2124 case LCP_OPT_MAGIC:
2125 /* Magic number. */
2126 /* FALLTHROUGH, both are same length */
2127 case LCP_OPT_ASYNC_MAP:
2128 /* Async control character map. */
2129 if (len >= 6 && p[1] == 6)
2130 continue;
2131 if (debug)
2132 addlog("[invalid] ");
2133 break;
2134 case LCP_OPT_MRU:
2135 /* Maximum receive unit. */
2136 if (len >= 4 && p[1] == 4)
2137 continue;
2138 if (debug)
2139 addlog("[invalid] ");
2140 break;
2141 case LCP_OPT_AUTH_PROTO:
2142 if (len < 4) {
2143 if (debug)
2144 addlog("[invalid] ");
2145 break;
2146 }
2147 authproto = (p[2] << 8) + p[3];
2148 if (authproto == PPP_CHAP && p[1] != 5) {
2149 if (debug)
2150 addlog("[invalid chap len] ");
2151 break;
2152 }
2153 if (sp->myauth.proto == 0) {
2154 /* we are not configured to do auth */
2155 if (debug)
2156 addlog("[not configured] ");
2157 break;
2158 }
2159 /*
2160 * Remote want us to authenticate, remember this,
2161 * so we stay in PHASE_AUTHENTICATE after LCP got
2162 * up.
2163 */
2164 sp->pp_flags |= PP_NEEDAUTH;
2165 continue;
2166 default:
2167 /* Others not supported. */
2168 if (debug)
2169 addlog("[rej] ");
2170 break;
2171 }
2172 /* Add the option to rejected list. */
2173 bcopy (p, r, p[1]);
2174 r += p[1];
2175 rlen += p[1];
2176 }
2177 if (rlen) {
2178 if (debug)
2179 addlog(" send conf-rej\n");
2180 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
2181 goto end;
2182 } else if (debug)
2183 addlog("\n");
2184
2185 /*
2186 * pass 2: check for option values that are unacceptable and
2187 * thus require to be nak'ed.
2188 */
2189 if (debug)
2190 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ",
2191 SPP_ARGS(ifp));
2192
2193 p = (void*) (h+1);
2194 len = origlen;
2195 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2196 if (debug)
2197 addlog("%s ", sppp_lcp_opt_name(*p));
2198 switch (*p) {
2199 case LCP_OPT_MAGIC:
2200 /* Magic number -- extract. */
2201 nmagic = (u_long)p[2] << 24 |
2202 (u_long)p[3] << 16 | p[4] << 8 | p[5];
2203 if (nmagic != sp->lcp.magic) {
2204 if (debug)
2205 addlog("0x%lx ", nmagic);
2206 continue;
2207 }
2208 if (debug)
2209 addlog("[glitch] ");
2210 ++sp->pp_loopcnt;
2211 /*
2212 * We negate our magic here, and NAK it. If
2213 * we see it later in an NAK packet, we
2214 * suggest a new one.
2215 */
2216 nmagic = ~sp->lcp.magic;
2217 /* Gonna NAK it. */
2218 p[2] = nmagic >> 24;
2219 p[3] = nmagic >> 16;
2220 p[4] = nmagic >> 8;
2221 p[5] = nmagic;
2222 break;
2223
2224 case LCP_OPT_ASYNC_MAP:
2225 /* Async control character map -- check to be zero. */
2226 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) {
2227 if (debug)
2228 addlog("[empty] ");
2229 continue;
2230 }
2231 if (debug)
2232 addlog("[non-empty] ");
2233 /* suggest a zero one */
2234 p[2] = p[3] = p[4] = p[5] = 0;
2235 break;
2236
2237 case LCP_OPT_MRU:
2238 /*
2239 * Maximum receive unit. Always agreeable,
2240 * but ignored by now.
2241 */
2242 sp->lcp.their_mru = p[2] * 256 + p[3];
2243 if (debug)
2244 addlog("%lu ", sp->lcp.their_mru);
2245 continue;
2246
2247 case LCP_OPT_AUTH_PROTO:
2248 authproto = (p[2] << 8) + p[3];
2249 if (sp->myauth.proto != authproto) {
2250 /* not agreed, nak */
2251 if (debug)
2252 addlog("[mine %s != his %s] ",
2253 sppp_proto_name(sp->hisauth.proto),
2254 sppp_proto_name(authproto));
2255 p[2] = sp->myauth.proto >> 8;
2256 p[3] = sp->myauth.proto;
2257 break;
2258 }
2259 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) {
2260 if (debug)
2261 addlog("[chap not MD5] ");
2262 p[4] = CHAP_MD5;
2263 break;
2264 }
2265 continue;
2266 }
2267 /* Add the option to nak'ed list. */
2268 bcopy (p, r, p[1]);
2269 r += p[1];
2270 rlen += p[1];
2271 }
2272 if (rlen) {
2273 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) {
2274 if (debug)
2275 addlog(" max_failure (%d) exceeded, "
2276 "send conf-rej\n",
2277 sp->lcp.max_failure);
2278 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
2279 } else {
2280 if (debug)
2281 addlog(" send conf-nak\n");
2282 sppp_cp_send(sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf);
2283 }
2284 goto end;
2285 } else {
2286 if (debug)
2287 addlog("send conf-ack\n");
2288 sp->fail_counter[IDX_LCP] = 0;
2289 sp->pp_loopcnt = 0;
2290 sppp_cp_send (sp, PPP_LCP, CONF_ACK,
2291 h->ident, origlen, h+1);
2292 }
2293
2294 end:
2295 free(buf, M_TEMP, 0);
2296 return (rlen == 0);
2297 }
2298
2299 /*
2300 * Analyze the LCP Configure-Reject option list, and adjust our
2301 * negotiation.
2302 */
2303 void
2304 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
2305 {
2306 STDDCL;
2307 u_char *p;
2308
2309 len -= 4;
2310
2311 if (debug)
2312 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ",
2313 SPP_ARGS(ifp));
2314
2315 p = (void*) (h+1);
2316 for (; len > 1; len -= p[1], p += p[1]) {
2317 if (p[1] < 2 || p[1] > len)
2318 return;
2319 if (debug)
2320 addlog("%s ", sppp_lcp_opt_name(*p));
2321 switch (*p) {
2322 case LCP_OPT_MAGIC:
2323 /* Magic number -- can't use it, use 0 */
2324 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC);
2325 sp->lcp.magic = 0;
2326 break;
2327 case LCP_OPT_MRU:
2328 /*
2329 * Should not be rejected anyway, since we only
2330 * negotiate a MRU if explicitly requested by
2331 * peer.
2332 */
2333 sp->lcp.opts &= ~(1 << LCP_OPT_MRU);
2334 break;
2335 case LCP_OPT_AUTH_PROTO:
2336 /*
2337 * Peer doesn't want to authenticate himself,
2338 * deny unless this is a dialout call, and
2339 * AUTHFLAG_NOCALLOUT is set.
2340 */
2341 if ((sp->pp_flags & PP_CALLIN) == 0 &&
2342 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) {
2343 if (debug)
2344 addlog("[don't insist on auth "
2345 "for callout]");
2346 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
2347 break;
2348 }
2349 if (debug)
2350 addlog("[access denied]\n");
2351 lcp.Close(sp);
2352 break;
2353 }
2354 }
2355 if (debug)
2356 addlog("\n");
2357 }
2358
2359 /*
2360 * Analyze the LCP Configure-NAK option list, and adjust our
2361 * negotiation.
2362 */
2363 void
2364 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
2365 {
2366 STDDCL;
2367 u_char *p;
2368 u_long magic;
2369
2370 len -= 4;
2371
2372 if (debug)
2373 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ",
2374 SPP_ARGS(ifp));
2375
2376 p = (void*) (h+1);
2377 for (; len > 1; len -= p[1], p += p[1]) {
2378 if (p[1] < 2 || p[1] > len)
2379 return;
2380 if (debug)
2381 addlog("%s ", sppp_lcp_opt_name(*p));
2382 switch (*p) {
2383 case LCP_OPT_MAGIC:
2384 /* Magic number -- renegotiate */
2385 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) &&
2386 len >= 6 && p[1] == 6) {
2387 magic = (u_long)p[2] << 24 |
2388 (u_long)p[3] << 16 | p[4] << 8 | p[5];
2389 /*
2390 * If the remote magic is our negated one,
2391 * this looks like a loopback problem.
2392 * Suggest a new magic to make sure.
2393 */
2394 if (magic == ~sp->lcp.magic) {
2395 if (debug)
2396 addlog("magic glitch ");
2397 sp->lcp.magic = arc4random();
2398 } else {
2399 sp->lcp.magic = magic;
2400 if (debug)
2401 addlog("%lu ", magic);
2402 }
2403 }
2404 break;
2405 case LCP_OPT_MRU:
2406 /*
2407 * Peer wants to advise us to negotiate an MRU.
2408 * Agree on it if it's reasonable, or use
2409 * default otherwise.
2410 */
2411 if (len >= 4 && p[1] == 4) {
2412 u_int mru = p[2] * 256 + p[3];
2413 if (debug)
2414 addlog("%d ", mru);
2415 if (mru < PP_MIN_MRU)
2416 mru = PP_MIN_MRU;
2417 if (mru > PP_MAX_MRU)
2418 mru = PP_MAX_MRU;
2419 sp->lcp.mru = mru;
2420 sp->lcp.opts |= (1 << LCP_OPT_MRU);
2421 }
2422 break;
2423 case LCP_OPT_AUTH_PROTO:
2424 /*
2425 * Peer doesn't like our authentication method,
2426 * deny.
2427 */
2428 if (debug)
2429 addlog("[access denied]\n");
2430 lcp.Close(sp);
2431 break;
2432 }
2433 }
2434 if (debug)
2435 addlog("\n");
2436 }
2437
2438 void
2439 sppp_lcp_tlu(struct sppp *sp)
2440 {
2441 struct ifnet *ifp = &sp->pp_if;
2442 int i;
2443 u_long mask;
2444
2445 /* XXX ? */
2446 if (! (ifp->if_flags & IFF_UP) &&
2447 (ifp->if_flags & IFF_RUNNING)) {
2448 /* Coming out of loopback mode. */
2449 if_up(ifp);
2450 if (ifp->if_flags & IFF_DEBUG)
2451 log(LOG_INFO, SPP_FMT "up\n", SPP_ARGS(ifp));
2452 }
2453
2454 for (i = 0; i < IDX_COUNT; i++)
2455 if ((cps[i])->flags & CP_QUAL)
2456 (cps[i])->Open(sp);
2457
2458 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 ||
2459 (sp->pp_flags & PP_NEEDAUTH) != 0)
2460 sp->pp_phase = PHASE_AUTHENTICATE;
2461 else
2462 sp->pp_phase = PHASE_NETWORK;
2463
2464 sppp_set_phase(sp);
2465
2466 /*
2467 * Open all authentication protocols. This is even required
2468 * if we already proceeded to network phase, since it might be
2469 * that remote wants us to authenticate, so we might have to
2470 * send a PAP request. Undesired authentication protocols
2471 * don't do anything when they get an Open event.
2472 */
2473 for (i = 0; i < IDX_COUNT; i++)
2474 if ((cps[i])->flags & CP_AUTH)
2475 (cps[i])->Open(sp);
2476
2477 if (sp->pp_phase == PHASE_NETWORK) {
2478 /* Notify all NCPs. */
2479 for (i = 0; i < IDX_COUNT; i++)
2480 if ((cps[i])->flags & CP_NCP)
2481 (cps[i])->Open(sp);
2482 }
2483
2484 /* Send Up events to all started protos. */
2485 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2486 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0)
2487 (cps[i])->Up(sp);
2488
2489 /* notify low-level driver of state change */
2490 if (sp->pp_chg)
2491 sp->pp_chg(sp, (int)sp->pp_phase);
2492
2493 if (sp->pp_phase == PHASE_NETWORK)
2494 /* if no NCP is starting, close down */
2495 sppp_lcp_check_and_close(sp);
2496 }
2497
2498 void
2499 sppp_lcp_tld(struct sppp *sp)
2500 {
2501 int i;
2502 u_long mask;
2503
2504 sp->pp_phase = PHASE_TERMINATE;
2505
2506 sppp_set_phase(sp);
2507
2508 /*
2509 * Take upper layers down. We send the Down event first and
2510 * the Close second to prevent the upper layers from sending
2511 * ``a flurry of terminate-request packets'', as the RFC
2512 * describes it.
2513 */
2514 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2515 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) {
2516 (cps[i])->Down(sp);
2517 (cps[i])->Close(sp);
2518 }
2519 }
2520
2521 void
2522 sppp_lcp_tls(struct sppp *sp)
2523 {
2524 sp->pp_phase = PHASE_ESTABLISH;
2525
2526 sppp_set_phase(sp);
2527
2528 /* Notify lower layer if desired. */
2529 if (sp->pp_tls)
2530 (sp->pp_tls)(sp);
2531 }
2532
2533 void
2534 sppp_lcp_tlf(struct sppp *sp)
2535 {
2536 sp->pp_phase = PHASE_DEAD;
2537 sppp_set_phase(sp);
2538
2539 /* Notify lower layer if desired. */
2540 if (sp->pp_tlf)
2541 (sp->pp_tlf)(sp);
2542 }
2543
2544 void
2545 sppp_lcp_scr(struct sppp *sp)
2546 {
2547 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */];
2548 int i = 0;
2549 u_short authproto;
2550
2551 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) {
2552 if (! sp->lcp.magic)
2553 sp->lcp.magic = arc4random();
2554 opt[i++] = LCP_OPT_MAGIC;
2555 opt[i++] = 6;
2556 opt[i++] = sp->lcp.magic >> 24;
2557 opt[i++] = sp->lcp.magic >> 16;
2558 opt[i++] = sp->lcp.magic >> 8;
2559 opt[i++] = sp->lcp.magic;
2560 }
2561
2562 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) {
2563 opt[i++] = LCP_OPT_MRU;
2564 opt[i++] = 4;
2565 opt[i++] = sp->lcp.mru >> 8;
2566 opt[i++] = sp->lcp.mru;
2567 }
2568
2569 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) {
2570 authproto = sp->hisauth.proto;
2571 opt[i++] = LCP_OPT_AUTH_PROTO;
2572 opt[i++] = authproto == PPP_CHAP? 5: 4;
2573 opt[i++] = authproto >> 8;
2574 opt[i++] = authproto;
2575 if (authproto == PPP_CHAP)
2576 opt[i++] = CHAP_MD5;
2577 }
2578
2579 sp->confid[IDX_LCP] = ++sp->pp_seq;
2580 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, opt);
2581 }
2582
2583 /*
2584 * Check the open NCPs, return true if at least one NCP is open.
2585 */
2586 int
2587 sppp_ncp_check(struct sppp *sp)
2588 {
2589 int i, mask;
2590
2591 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2592 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP)
2593 return 1;
2594 return 0;
2595 }
2596
2597 /*
2598 * Re-check the open NCPs and see if we should terminate the link.
2599 * Called by the NCPs during their tlf action handling.
2600 */
2601 void
2602 sppp_lcp_check_and_close(struct sppp *sp)
2603 {
2604
2605 if (sp->pp_phase < PHASE_NETWORK)
2606 /* don't bother, we are already going down */
2607 return;
2608
2609 if (sppp_ncp_check(sp))
2610 return;
2611
2612 lcp.Close(sp);
2613 }
2614 �/*
2615 *--------------------------------------------------------------------------*
2616 * *
2617 * The IPCP implementation. *
2618 * *
2619 *--------------------------------------------------------------------------*
2620 */
2621
2622 void
2623 sppp_ipcp_init(struct sppp *sp)
2624 {
2625 sp->ipcp.opts = 0;
2626 sp->ipcp.flags = 0;
2627 sp->state[IDX_IPCP] = STATE_INITIAL;
2628 sp->fail_counter[IDX_IPCP] = 0;
2629 task_set(&sp->ipcp.set_addr_task, sppp_set_ip_addrs, sp, NULL);
2630 task_set(&sp->ipcp.clear_addr_task, sppp_clear_ip_addrs, sp, NULL);
2631 }
2632
2633 void
2634 sppp_ipcp_destroy(struct sppp *sp)
2635 {
2636 task_del(systq, &sp->ipcp.set_addr_task);
2637 task_del(systq, &sp->ipcp.clear_addr_task);
2638 }
2639
2640 void
2641 sppp_ipcp_up(struct sppp *sp)
2642 {
2643 sppp_up_event(&ipcp, sp);
2644 }
2645
2646 void
2647 sppp_ipcp_down(struct sppp *sp)
2648 {
2649 sppp_down_event(&ipcp, sp);
2650 }
2651
2652 void
2653 sppp_ipcp_open(struct sppp *sp)
2654 {
2655 sppp_open_event(&ipcp, sp);
2656 }
2657
2658 void
2659 sppp_ipcp_close(struct sppp *sp)
2660 {
2661 sppp_close_event(&ipcp, sp);
2662 }
2663
2664 void
2665 sppp_ipcp_TO(void *cookie)
2666 {
2667 sppp_to_event(&ipcp, (struct sppp *)cookie);
2668 }
2669
2670 /*
2671 * Analyze a configure request. Return true if it was agreeable, and
2672 * caused action sca, false if it has been rejected or nak'ed, and
2673 * caused action scn. (The return value is used to make the state
2674 * transition decision in the state automaton.)
2675 */
2676 int
2677 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
2678 {
2679 u_char *buf, *r, *p;
2680 struct ifnet *ifp = &sp->pp_if;
2681 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG;
2682 u_int32_t hisaddr, desiredaddr;
2683
2684 len -= 4;
2685 origlen = len;
2686 /*
2687 * Make sure to allocate a buf that can at least hold a
2688 * conf-nak with an `address' option. We might need it below.
2689 */
2690 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT);
2691 if (! buf)
2692 return (0);
2693
2694 /* pass 1: see if we can recognize them */
2695 if (debug)
2696 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ",
2697 SPP_ARGS(ifp));
2698 p = (void*) (h+1);
2699 for (rlen = 0; len > 1; len -= p[1], p += p[1]) {
2700 if (p[1] < 2 || p[1] > len) {
2701 free(buf, M_TEMP, 0);
2702 return (-1);
2703 }
2704 if (debug)
2705 addlog("%s ", sppp_ipcp_opt_name(*p));
2706 switch (*p) {
2707 #ifdef notyet
2708 case IPCP_OPT_COMPRESSION:
2709 if (len >= 6 && p[1] >= 6) {
2710 /* correctly formed compress option */
2711 continue;
2712 }
2713 if (debug)
2714 addlog("[invalid] ");
2715 break;
2716 #endif
2717 case IPCP_OPT_ADDRESS:
2718 if (len >= 6 && p[1] == 6) {
2719 /* correctly formed address option */
2720 continue;
2721 }
2722 if (debug)
2723 addlog("[invalid] ");
2724 break;
2725 default:
2726 /* Others not supported. */
2727 if (debug)
2728 addlog("[rej] ");
2729 break;
2730 }
2731 /* Add the option to rejected list. */
2732 bcopy (p, r, p[1]);
2733 r += p[1];
2734 rlen += p[1];
2735 }
2736 if (rlen) {
2737 if (debug)
2738 addlog(" send conf-rej\n");
2739 sppp_cp_send(sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf);
2740 goto end;
2741 } else if (debug)
2742 addlog("\n");
2743
2744 /* pass 2: parse option values */
2745 if (sp->ipcp.flags & IPCP_HISADDR_SEEN)
2746 hisaddr = sp->ipcp.req_hisaddr; /* we already agreed on that */
2747 else
2748 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */
2749 if (debug)
2750 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ",
2751 SPP_ARGS(ifp));
2752 p = (void*) (h+1);
2753 len = origlen;
2754 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2755 if (debug)
2756 addlog(" %s ", sppp_ipcp_opt_name(*p));
2757 switch (*p) {
2758 #ifdef notyet
2759 case IPCP_OPT_COMPRESSION:
2760 continue;
2761 #endif
2762 case IPCP_OPT_ADDRESS:
2763 desiredaddr = p[2] << 24 | p[3] << 16 |
2764 p[4] << 8 | p[5];
2765 if (desiredaddr == hisaddr ||
2766 ((sp->ipcp.flags & IPCP_HISADDR_DYN) &&
2767 desiredaddr != 0)) {
2768 /*
2769 * Peer's address is same as our value,
2770 * or we have set it to 0.0.0.1 to
2771 * indicate that we do not really care,
2772 * this is agreeable. Gonna conf-ack
2773 * it.
2774 */
2775 if (debug)
2776 addlog("%s [ack] ",
2777 sppp_dotted_quad(desiredaddr));
2778 /* record that we've seen it already */
2779 sp->ipcp.flags |= IPCP_HISADDR_SEEN;
2780 sp->ipcp.req_hisaddr = desiredaddr;
2781 hisaddr = desiredaddr;
2782 continue;
2783 }
2784 /*
2785 * The address wasn't agreeable. This is either
2786 * he sent us 0.0.0.0, asking to assign him an
2787 * address, or he send us another address not
2788 * matching our value. Either case, we gonna
2789 * conf-nak it with our value.
2790 */
2791 if (debug) {
2792 if (desiredaddr == 0)
2793 addlog("[addr requested] ");
2794 else
2795 addlog("%s [not agreed] ",
2796 sppp_dotted_quad(desiredaddr));
2797 }
2798
2799 p[2] = hisaddr >> 24;
2800 p[3] = hisaddr >> 16;
2801 p[4] = hisaddr >> 8;
2802 p[5] = hisaddr;
2803 break;
2804 }
2805 /* Add the option to nak'ed list. */
2806 bcopy (p, r, p[1]);
2807 r += p[1];
2808 rlen += p[1];
2809 }
2810
2811 /*
2812 * If we are about to conf-ack the request, but haven't seen
2813 * his address so far, gonna conf-nak it instead, with the
2814 * `address' option present and our idea of his address being
2815 * filled in there, to request negotiation of both addresses.
2816 *
2817 * XXX This can result in an endless req - nak loop if peer
2818 * doesn't want to send us his address. Q: What should we do
2819 * about it? XXX A: implement the max-failure counter.
2820 */
2821 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) {
2822 buf[0] = IPCP_OPT_ADDRESS;
2823 buf[1] = 6;
2824 buf[2] = hisaddr >> 24;
2825 buf[3] = hisaddr >> 16;
2826 buf[4] = hisaddr >> 8;
2827 buf[5] = hisaddr;
2828 rlen = 6;
2829 if (debug)
2830 addlog("still need hisaddr ");
2831 }
2832
2833 if (rlen) {
2834 if (debug)
2835 addlog(" send conf-nak\n");
2836 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf);
2837 } else {
2838 if (debug)
2839 addlog(" send conf-ack\n");
2840 sppp_cp_send (sp, PPP_IPCP, CONF_ACK,
2841 h->ident, origlen, h+1);
2842 }
2843
2844 end:
2845 free(buf, M_TEMP, 0);
2846 return (rlen == 0);
2847 }
2848
2849 /*
2850 * Analyze the IPCP Configure-Reject option list, and adjust our
2851 * negotiation.
2852 */
2853 void
2854 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
2855 {
2856 u_char *p;
2857 struct ifnet *ifp = &sp->pp_if;
2858 int debug = ifp->if_flags & IFF_DEBUG;
2859
2860 len -= 4;
2861
2862 if (debug)
2863 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ",
2864 SPP_ARGS(ifp));
2865
2866 p = (void*) (h+1);
2867 for (; len > 1; len -= p[1], p += p[1]) {
2868 if (p[1] < 2 || p[1] > len)
2869 return;
2870 if (debug)
2871 addlog("%s ", sppp_ipcp_opt_name(*p));
2872 switch (*p) {
2873 case IPCP_OPT_ADDRESS:
2874 /*
2875 * Peer doesn't grok address option. This is
2876 * bad. XXX Should we better give up here?
2877 */
2878 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS);
2879 break;
2880 #ifdef notyet
2881 case IPCP_OPT_COMPRESS:
2882 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS);
2883 break;
2884 #endif
2885 }
2886 }
2887 if (debug)
2888 addlog("\n");
2889 }
2890
2891 /*
2892 * Analyze the IPCP Configure-NAK option list, and adjust our
2893 * negotiation.
2894 */
2895 void
2896 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
2897 {
2898 u_char *p;
2899 struct ifnet *ifp = &sp->pp_if;
2900 int debug = ifp->if_flags & IFF_DEBUG;
2901 u_int32_t wantaddr;
2902
2903 len -= 4;
2904
2905 if (debug)
2906 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ",
2907 SPP_ARGS(ifp));
2908
2909 p = (void*) (h+1);
2910 for (; len > 1; len -= p[1], p += p[1]) {
2911 if (p[1] < 2 || p[1] > len)
2912 return;
2913 if (debug)
2914 addlog("%s ", sppp_ipcp_opt_name(*p));
2915 switch (*p) {
2916 case IPCP_OPT_ADDRESS:
2917 /*
2918 * Peer doesn't like our local IP address. See
2919 * if we can do something for him. We'll drop
2920 * him our address then.
2921 */
2922 if (len >= 6 && p[1] == 6) {
2923 wantaddr = p[2] << 24 | p[3] << 16 |
2924 p[4] << 8 | p[5];
2925 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
2926 if (debug)
2927 addlog("[wantaddr %s] ",
2928 sppp_dotted_quad(wantaddr));
2929 /*
2930 * When doing dynamic address assignment,
2931 * we accept his offer. Otherwise, we
2932 * ignore it and thus continue to negotiate
2933 * our already existing value.
2934 */
2935 if (sp->ipcp.flags & IPCP_MYADDR_DYN) {
2936 if (debug)
2937 addlog("[agree] ");
2938 sp->ipcp.flags |= IPCP_MYADDR_SEEN;
2939 sp->ipcp.req_myaddr = wantaddr;
2940 }
2941 }
2942 break;
2943 #ifdef notyet
2944 case IPCP_OPT_COMPRESS:
2945 /*
2946 * Peer wants different compression parameters.
2947 */
2948 break;
2949 #endif
2950 }
2951 }
2952 if (debug)
2953 addlog("\n");
2954 }
2955
2956 void
2957 sppp_ipcp_tlu(struct sppp *sp)
2958 {
2959 if (sp->ipcp.req_myaddr != 0 || sp->ipcp.req_hisaddr != 0)
2960 task_add(systq, &sp->ipcp.set_addr_task);
2961 }
2962
2963 void
2964 sppp_ipcp_tld(struct sppp *sp)
2965 {
2966 }
2967
2968 void
2969 sppp_ipcp_tls(struct sppp *sp)
2970 {
2971 STDDCL;
2972 u_int32_t myaddr, hisaddr;
2973
2974 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|
2975 IPCP_MYADDR_DYN|IPCP_HISADDR_DYN);
2976 sp->ipcp.req_myaddr = 0;
2977 sp->ipcp.req_hisaddr = 0;
2978
2979 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0);
2980 /*
2981 * If we don't have his address, this probably means our
2982 * interface doesn't want to talk IP at all. (This could
2983 * be the case if somebody wants to speak only IPX, for
2984 * example.) Don't open IPCP in this case.
2985 */
2986 if (hisaddr == 0) {
2987 /* XXX this message should go away */
2988 if (debug)
2989 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n",
2990 SPP_ARGS(ifp));
2991 return;
2992 }
2993
2994 if (myaddr == 0) {
2995 /*
2996 * I don't have an assigned address, so i need to
2997 * negotiate my address.
2998 */
2999 sp->ipcp.flags |= IPCP_MYADDR_DYN;
3000 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
3001 }
3002 if (hisaddr == 1) {
3003 /*
3004 * XXX - remove this hack!
3005 * remote has no valid address, we need to get one assigned.
3006 */
3007 sp->ipcp.flags |= IPCP_HISADDR_DYN;
3008 }
3009
3010 /* indicate to LCP that it must stay alive */
3011 sp->lcp.protos |= (1 << IDX_IPCP);
3012 }
3013
3014 void
3015 sppp_ipcp_tlf(struct sppp *sp)
3016 {
3017 if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN))
3018 /* Some address was dynamic, clear it again. */
3019 task_add(systq, &sp->ipcp.clear_addr_task);
3020
3021 /* we no longer need LCP */
3022 sp->lcp.protos &= ~(1 << IDX_IPCP);
3023 sppp_lcp_check_and_close(sp);
3024 }
3025
3026 void
3027 sppp_ipcp_scr(struct sppp *sp)
3028 {
3029 char opt[6 /* compression */ + 6 /* address */];
3030 u_int32_t ouraddr;
3031 int i = 0;
3032
3033 #ifdef notyet
3034 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) {
3035 opt[i++] = IPCP_OPT_COMPRESSION;
3036 opt[i++] = 6;
3037 opt[i++] = 0; /* VJ header compression */
3038 opt[i++] = 0x2d; /* VJ header compression */
3039 opt[i++] = max_slot_id;
3040 opt[i++] = comp_slot_id;
3041 }
3042 #endif
3043
3044 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) {
3045 if (sp->ipcp.flags & IPCP_MYADDR_SEEN)
3046 /* not sure if this can ever happen */
3047 ouraddr = sp->ipcp.req_myaddr;
3048 else
3049 sppp_get_ip_addrs(sp, &ouraddr, 0, 0);
3050 opt[i++] = IPCP_OPT_ADDRESS;
3051 opt[i++] = 6;
3052 opt[i++] = ouraddr >> 24;
3053 opt[i++] = ouraddr >> 16;
3054 opt[i++] = ouraddr >> 8;
3055 opt[i++] = ouraddr;
3056 }
3057
3058 sp->confid[IDX_IPCP] = ++sp->pp_seq;
3059 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, opt);
3060 }
3061
3062 /*
3063 *--------------------------------------------------------------------------*
3064 * *
3065 * The IPv6CP implementation. *
3066 * *
3067 *--------------------------------------------------------------------------*
3068 */
3069
3070 #ifdef INET6
3071 void
3072 sppp_ipv6cp_init(struct sppp *sp)
3073 {
3074 sp->ipv6cp.opts = 0;
3075 sp->ipv6cp.flags = 0;
3076 sp->state[IDX_IPV6CP] = STATE_INITIAL;
3077 sp->fail_counter[IDX_IPV6CP] = 0;
3078 task_set(&sp->ipv6cp.set_addr_task, sppp_update_ip6_addr, sp,
3079 &sp->ipv6cp.req_ifid);
3080 }
3081
3082 void
3083 sppp_ipv6cp_destroy(struct sppp *sp)
3084 {
3085 task_del(systq, &sp->ipv6cp.set_addr_task);
3086 }
3087
3088 void
3089 sppp_ipv6cp_up(struct sppp *sp)
3090 {
3091 sppp_up_event(&ipv6cp, sp);
3092 }
3093
3094 void
3095 sppp_ipv6cp_down(struct sppp *sp)
3096 {
3097 sppp_down_event(&ipv6cp, sp);
3098 }
3099
3100 void
3101 sppp_ipv6cp_open(struct sppp *sp)
3102 {
3103 STDDCL;
3104 struct in6_addr myaddr, hisaddr;
3105
3106 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN);
3107
3108 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, NULL);
3109 /*
3110 * If we don't have our address, this probably means our
3111 * interface doesn't want to talk IPv6 at all. (This could
3112 * be the case if the IFXF_NOINET6 flag is set, for
3113 * example.) Don't open IPv6CP in this case.
3114 */
3115 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) {
3116 /* XXX this message should go away */
3117 if (debug)
3118 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n",
3119 SPP_ARGS(ifp));
3120 return;
3121 }
3122 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID);
3123 sppp_open_event(&ipv6cp, sp);
3124 }
3125
3126 void
3127 sppp_ipv6cp_close(struct sppp *sp)
3128 {
3129 sppp_close_event(&ipv6cp, sp);
3130 }
3131
3132 void
3133 sppp_ipv6cp_TO(void *cookie)
3134 {
3135 sppp_to_event(&ipv6cp, (struct sppp *)cookie);
3136 }
3137
3138 int
3139 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len)
3140 {
3141 u_char *buf, *r, *p;
3142 struct ifnet *ifp = &sp->pp_if;
3143 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG;
3144 struct in6_addr myaddr, desiredaddr, suggestaddr;
3145 int ifidcount;
3146 int type;
3147 int collision, nohisaddr;
3148 char addr[INET6_ADDRSTRLEN];
3149
3150 len -= 4;
3151 origlen = len;
3152 /*
3153 * Make sure to allocate a buf that can at least hold a
3154 * conf-nak with an `address' option. We might need it below.
3155 */
3156 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT);
3157 if (! buf)
3158 return (0);
3159
3160 /* pass 1: see if we can recognize them */
3161 if (debug)
3162 log(LOG_DEBUG, "%s: ipv6cp parse opts:",
3163 SPP_ARGS(ifp));
3164 p = (void *)(h + 1);
3165 ifidcount = 0;
3166 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
3167 /* Sanity check option length */
3168 if (p[1] < 2 || p[1] > len) {
3169 free(buf, M_TEMP, 0);
3170 return (-1);
3171 }
3172 if (debug)
3173 addlog(" %s", sppp_ipv6cp_opt_name(*p));
3174 switch (*p) {
3175 case IPV6CP_OPT_IFID:
3176 if (len >= 10 && p[1] == 10 && ifidcount == 0) {
3177 /* correctly formed address option */
3178 ifidcount++;
3179 continue;
3180 }
3181 if (debug)
3182 addlog(" [invalid]");
3183 break;
3184 #ifdef notyet
3185 case IPV6CP_OPT_COMPRESSION:
3186 if (len >= 4 && p[1] >= 4) {
3187 /* correctly formed compress option */
3188 continue;
3189 }
3190 if (debug)
3191 addlog(" [invalid]");
3192 break;
3193 #endif
3194 default:
3195 /* Others not supported. */
3196 if (debug)
3197 addlog(" [rej]");
3198 break;
3199 }
3200 /* Add the option to rejected list. */
3201 bcopy (p, r, p[1]);
3202 r += p[1];
3203 rlen += p[1];
3204 }
3205 if (rlen) {
3206 if (debug)
3207 addlog(" send conf-rej\n");
3208 sppp_cp_send(sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf);
3209 goto end;
3210 } else if (debug)
3211 addlog("\n");
3212
3213 /* pass 2: parse option values */
3214 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN)
3215 myaddr = sp->ipv6cp.req_ifid.ifra_addr.sin6_addr;
3216 else
3217 sppp_get_ip6_addrs(sp, &myaddr, NULL, NULL);
3218 if (debug)
3219 log(LOG_DEBUG, "%s: ipv6cp parse opt values: ",
3220 SPP_ARGS(ifp));
3221 p = (void *)(h + 1);
3222 len = origlen;
3223 type = CONF_ACK;
3224 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
3225 if (debug)
3226 addlog(" %s", sppp_ipv6cp_opt_name(*p));
3227 switch (*p) {
3228 #ifdef notyet
3229 case IPV6CP_OPT_COMPRESSION:
3230 continue;
3231 #endif
3232 case IPV6CP_OPT_IFID:
3233 memset(&desiredaddr, 0, sizeof(desiredaddr));
3234 bcopy(&p[2], &desiredaddr.s6_addr[8], 8);
3235 collision = (memcmp(&desiredaddr.s6_addr[8],
3236 &myaddr.s6_addr[8], 8) == 0);
3237 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr);
3238
3239 desiredaddr.s6_addr16[0] = htons(0xfe80);
3240
3241 if (!collision && !nohisaddr) {
3242 /* no collision, hisaddr known - Conf-Ack */
3243 type = CONF_ACK;
3244
3245 if (debug) {
3246 addlog(" %s [%s]",
3247 inet_ntop(AF_INET6, &desiredaddr,
3248 addr, sizeof(addr)),
3249 sppp_cp_type_name(type));
3250 }
3251 sppp_set_ip6_addr(sp, &myaddr, &desiredaddr);
3252 continue;
3253 }
3254
3255 memset(&suggestaddr, 0, sizeof(suggestaddr));
3256 if (collision && nohisaddr) {
3257 /* collision, hisaddr unknown - Conf-Rej */
3258 type = CONF_REJ;
3259 memset(&p[2], 0, 8);
3260 } else {
3261 /*
3262 * - no collision, hisaddr unknown, or
3263 * - collision, hisaddr known
3264 * Conf-Nak, suggest hisaddr
3265 */
3266 type = CONF_NAK;
3267 sppp_suggest_ip6_addr(sp, &suggestaddr);
3268 bcopy(&suggestaddr.s6_addr[8], &p[2], 8);
3269 }
3270 if (debug)
3271 addlog(" %s [%s]",
3272 inet_ntop(AF_INET6, &desiredaddr, addr,
3273 sizeof(addr)),
3274 sppp_cp_type_name(type));
3275 break;
3276 }
3277 /* Add the option to nak'ed list. */
3278 bcopy (p, r, p[1]);
3279 r += p[1];
3280 rlen += p[1];
3281 }
3282
3283 if (rlen == 0 && type == CONF_ACK) {
3284 if (debug)
3285 addlog(" send %s\n", sppp_cp_type_name(type));
3286 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, origlen, h + 1);
3287 } else {
3288 #ifdef notdef
3289 if (type == CONF_ACK)
3290 panic("IPv6CP RCR: CONF_ACK with non-zero rlen");
3291 #endif
3292
3293 if (debug) {
3294 addlog(" send %s suggest %s\n",
3295 sppp_cp_type_name(type),
3296 inet_ntop(AF_INET6, &suggestaddr, addr,
3297 sizeof(addr)));
3298 }
3299 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, rlen, buf);
3300 }
3301
3302 end:
3303 free(buf, M_TEMP, 0);
3304 return (rlen == 0);
3305 }
3306
3307 void
3308 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
3309 {
3310 u_char *p;
3311 struct ifnet *ifp = &sp->pp_if;
3312 int debug = ifp->if_flags & IFF_DEBUG;
3313
3314 len -= 4;
3315
3316 if (debug)
3317 log(LOG_DEBUG, "%s: ipv6cp rej opts:",
3318 SPP_ARGS(ifp));
3319
3320 p = (void *)(h + 1);
3321 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
3322 if (p[1] < 2 || p[1] > len)
3323 return;
3324 if (debug)
3325 addlog(" %s", sppp_ipv6cp_opt_name(*p));
3326 switch (*p) {
3327 case IPV6CP_OPT_IFID:
3328 /*
3329 * Peer doesn't grok address option. This is
3330 * bad. XXX Should we better give up here?
3331 */
3332 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID);
3333 break;
3334 #ifdef notyet
3335 case IPV6CP_OPT_COMPRESS:
3336 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS);
3337 break;
3338 #endif
3339 }
3340 }
3341 if (debug)
3342 addlog("\n");
3343 return;
3344 }
3345
3346 void
3347 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
3348 {
3349 u_char *p;
3350 struct ifnet *ifp = &sp->pp_if;
3351 int debug = ifp->if_flags & IFF_DEBUG;
3352 struct in6_addr suggestaddr;
3353 char addr[INET6_ADDRSTRLEN];
3354
3355 len -= 4;
3356
3357 if (debug)
3358 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts: ",
3359 SPP_ARGS(ifp));
3360
3361 p = (void*) (h+1);
3362 for (; len > 1; len -= p[1], p += p[1]) {
3363 if (p[1] < 2 || p[1] > len)
3364 return;
3365 if (debug)
3366 addlog("%s ", sppp_ipv6cp_opt_name(*p));
3367 switch (*p) {
3368 case IPV6CP_OPT_IFID:
3369 /*
3370 * Peer doesn't like our local ifid. See
3371 * if we can do something for him. We'll drop
3372 * him our address then.
3373 */
3374 if (len < 10 || p[1] != 10)
3375 break;
3376 sp->ipv6cp.flags |= IPV6CP_MYIFID_DYN;
3377 memset(&suggestaddr, 0, sizeof(suggestaddr));
3378 bcopy(&p[2], &suggestaddr.s6_addr[8], 8);
3379 if (IN6_IS_ADDR_UNSPECIFIED(&suggestaddr) ||
3380 (sp->ipv6cp.flags & IPV6CP_MYIFID_SEEN)) {
3381 /*
3382 * The peer didn't suggest anything,
3383 * or wants us to change a previously
3384 * suggested address.
3385 * Configure a new address for us.
3386 */
3387 sppp_suggest_ip6_addr(sp, &suggestaddr);
3388 sppp_set_ip6_addr(sp, &suggestaddr, NULL);
3389 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN;
3390 } else {
3391 /* Configure address suggested by peer. */
3392 suggestaddr.s6_addr16[0] = htons(0xfe80);
3393 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID);
3394 if (debug)
3395 addlog(" [suggestaddr %s]",
3396 inet_ntop(AF_INET6, &suggestaddr,
3397 addr, sizeof(addr)));
3398 sppp_set_ip6_addr(sp, &suggestaddr, NULL);
3399 if (debug)
3400 addlog(" [agree]");
3401 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN;
3402 }
3403 break;
3404 #ifdef notyet
3405 case IPV6CP_OPT_COMPRESS:
3406 /*
3407 * Peer wants different compression parameters.
3408 */
3409 break;
3410 #endif
3411 }
3412 }
3413 if (debug)
3414 addlog("\n");
3415 }
3416
3417 void
3418 sppp_ipv6cp_tlu(struct sppp *sp)
3419 {
3420 }
3421
3422 void
3423 sppp_ipv6cp_tld(struct sppp *sp)
3424 {
3425 }
3426
3427 void
3428 sppp_ipv6cp_tls(struct sppp *sp)
3429 {
3430 /* indicate to LCP that it must stay alive */
3431 sp->lcp.protos |= (1 << IDX_IPV6CP);
3432 }
3433
3434 void
3435 sppp_ipv6cp_tlf(struct sppp *sp)
3436 {
3437 /* we no longer need LCP */
3438 sp->lcp.protos &= ~(1 << IDX_IPV6CP);
3439 sppp_lcp_check_and_close(sp);
3440 }
3441
3442 void
3443 sppp_ipv6cp_scr(struct sppp *sp)
3444 {
3445 char opt[10 /* ifid */ + 4 /* compression, minimum */];
3446 struct in6_addr ouraddr;
3447 int i = 0;
3448
3449 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) {
3450 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN)
3451 ouraddr = sp->ipv6cp.req_ifid.ifra_addr.sin6_addr;
3452 else
3453 sppp_get_ip6_addrs(sp, &ouraddr, NULL, NULL);
3454 opt[i++] = IPV6CP_OPT_IFID;
3455 opt[i++] = 10;
3456 bcopy(&ouraddr.s6_addr[8], &opt[i], 8);
3457 i += 8;
3458 }
3459
3460 #ifdef notyet
3461 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) {
3462 opt[i++] = IPV6CP_OPT_COMPRESSION;
3463 opt[i++] = 4;
3464 p opt[i++] = 0; /* TBD */
3465 opt[i++] = 0; /* TBD */
3466 /* variable length data may follow */
3467 }
3468 #endif
3469
3470 sp->confid[IDX_IPV6CP] = ++sp->pp_seq;
3471 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, opt);
3472 }
3473 #else /*INET6*/
3474 void
3475 sppp_ipv6cp_init(struct sppp *sp)
3476 {
3477 }
3478
3479 void
3480 sppp_ipv6cp_destroy(struct sppp *sp)
3481 {
3482 }
3483
3484 void
3485 sppp_ipv6cp_up(struct sppp *sp)
3486 {
3487 }
3488
3489 void
3490 sppp_ipv6cp_down(struct sppp *sp)
3491 {
3492 }
3493
3494 void
3495 sppp_ipv6cp_open(struct sppp *sp)
3496 {
3497 }
3498
3499 void
3500 sppp_ipv6cp_close(struct sppp *sp)
3501 {
3502 }
3503
3504 void
3505 sppp_ipv6cp_TO(void *sp)
3506 {
3507 }
3508
3509 int
3510 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h,
3511 int len)
3512 {
3513 return 0;
3514 }
3515
3516 void
3517 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h,
3518 int len)
3519 {
3520 }
3521
3522 void
3523 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h,
3524 int len)
3525 {
3526 }
3527
3528 void
3529 sppp_ipv6cp_tlu(struct sppp *sp)
3530 {
3531 }
3532
3533 void
3534 sppp_ipv6cp_tld(struct sppp *sp)
3535 {
3536 }
3537
3538 void
3539 sppp_ipv6cp_tls(struct sppp *sp)
3540 {
3541 }
3542
3543 void
3544 sppp_ipv6cp_tlf(struct sppp *sp)
3545 {
3546 }
3547
3548 void
3549 sppp_ipv6cp_scr(struct sppp *sp)
3550 {
3551 }
3552 #endif /*INET6*/
3553
3554 /*
3555 *--------------------------------------------------------------------------*
3556 * *
3557 * The CHAP implementation. *
3558 * *
3559 *--------------------------------------------------------------------------*
3560 */
3561
3562 /*
3563 * The authentication protocols don't employ a full-fledged state machine as
3564 * the control protocols do, since they do have Open and Close events, but
3565 * not Up and Down, nor are they explicitly terminated. Also, use of the
3566 * authentication protocols may be different in both directions (this makes
3567 * sense, think of a machine that never accepts incoming calls but only
3568 * calls out, it doesn't require the called party to authenticate itself).
3569 *
3570 * Our state machine for the local authentication protocol (we are requesting
3571 * the peer to authenticate) looks like:
3572 *
3573 * RCA-
3574 * +--------------------------------------------+
3575 * V scn,tld|
3576 * +--------+ Close +---------+ RCA+
3577 * | |<----------------------------------| |------+
3578 * +--->| Closed | TO* | Opened | sca |
3579 * | | |-----+ +-------| |<-----+
3580 * | +--------+ irc | | +---------+
3581 * | ^ | | ^
3582 * | | | | |
3583 * | | | | |
3584 * | TO-| | | |
3585 * | |tld TO+ V | |
3586 * | | +------->+ | |
3587 * | | | | | |
3588 * | +--------+ V | |
3589 * | | |<----+<--------------------+ |
3590 * | | Req- | scr |
3591 * | | Sent | |
3592 * | | | |
3593 * | +--------+ |
3594 * | RCA- | | RCA+ |
3595 * +------+ +------------------------------------------+
3596 * scn,tld sca,irc,ict,tlu
3597 *
3598 *
3599 * with:
3600 *
3601 * Open: LCP reached authentication phase
3602 * Close: LCP reached terminate phase
3603 *
3604 * RCA+: received reply (pap-req, chap-response), acceptable
3605 * RCN: received reply (pap-req, chap-response), not acceptable
3606 * TO+: timeout with restart counter >= 0
3607 * TO-: timeout with restart counter < 0
3608 * TO*: reschedule timeout for CHAP
3609 *
3610 * scr: send request packet (none for PAP, chap-challenge)
3611 * sca: send ack packet (pap-ack, chap-success)
3612 * scn: send nak packet (pap-nak, chap-failure)
3613 * ict: initialize re-challenge timer (CHAP only)
3614 *
3615 * tlu: this-layer-up, LCP reaches network phase
3616 * tld: this-layer-down, LCP enters terminate phase
3617 *
3618 * Note that in CHAP mode, after sending a new challenge, while the state
3619 * automaton falls back into Req-Sent state, it doesn't signal a tld
3620 * event to LCP, so LCP remains in network phase. Only after not getting
3621 * any response (or after getting an unacceptable response), CHAP closes,
3622 * causing LCP to enter terminate phase.
3623 *
3624 * With PAP, there is no initial request that can be sent. The peer is
3625 * expected to send one based on the successful negotiation of PAP as
3626 * the authentication protocol during the LCP option negotiation.
3627 *
3628 * Incoming authentication protocol requests (remote requests
3629 * authentication, we are peer) don't employ a state machine at all,
3630 * they are simply answered. Some peers [Ascend P50 firmware rev
3631 * 4.50] react allergically when sending IPCP requests while they are
3632 * still in authentication phase (thereby violating the standard that
3633 * demands that these NCP packets are to be discarded), so we keep
3634 * track of the peer demanding us to authenticate, and only proceed to
3635 * phase network once we've seen a positive acknowledge for the
3636 * authentication.
3637 */
3638
3639 /*
3640 * Handle incoming CHAP packets.
3641 */
3642 void
3643 sppp_chap_input(struct sppp *sp, struct mbuf *m)
3644 {
3645 STDDCL;
3646 struct lcp_header *h;
3647 int len, x;
3648 u_char *value, *name, digest[AUTHCHALEN], dsize;
3649 int value_len, name_len;
3650 MD5_CTX ctx;
3651
3652 len = m->m_pkthdr.len;
3653 if (len < 4) {
3654 if (debug)
3655 log(LOG_DEBUG,
3656 SPP_FMT "chap invalid packet length: %d bytes\n",
3657 SPP_ARGS(ifp), len);
3658 return;
3659 }
3660 h = mtod (m, struct lcp_header*);
3661 if (len > ntohs (h->len))
3662 len = ntohs (h->len);
3663
3664 switch (h->type) {
3665 /* challenge, failure and success are his authproto */
3666 case CHAP_CHALLENGE:
3667 value = 1 + (u_char*)(h+1);
3668 value_len = value[-1];
3669 name = value + value_len;
3670 name_len = len - value_len - 5;
3671 if (name_len < 0) {
3672 if (debug) {
3673 log(LOG_DEBUG,
3674 SPP_FMT "chap corrupted challenge "
3675 "<%s id=0x%x len=%d",
3676 SPP_ARGS(ifp),
3677 sppp_auth_type_name(PPP_CHAP, h->type),
3678 h->ident, ntohs(h->len));
3679 if (len > 4)
3680 sppp_print_bytes((u_char*) (h+1), len-4);
3681 addlog(">\n");
3682 }
3683 break;
3684 }
3685
3686 if (debug) {
3687 log(LOG_DEBUG,
3688 SPP_FMT "chap input <%s id=0x%x len=%d name=",
3689 SPP_ARGS(ifp),
3690 sppp_auth_type_name(PPP_CHAP, h->type), h->ident,
3691 ntohs(h->len));
3692 sppp_print_string((char*) name, name_len);
3693 addlog(" value-size=%d value=", value_len);
3694 sppp_print_bytes(value, value_len);
3695 addlog(">\n");
3696 }
3697
3698 /* Compute reply value. */
3699 MD5Init(&ctx);
3700 MD5Update(&ctx, &h->ident, 1);
3701 MD5Update(&ctx, sp->myauth.secret, strlen(sp->myauth.secret));
3702 MD5Update(&ctx, value, value_len);
3703 MD5Final(digest, &ctx);
3704 dsize = sizeof digest;
3705
3706 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident,
3707 sizeof dsize, (const char *)&dsize,
3708 sizeof digest, digest,
3709 strlen(sp->myauth.name),
3710 sp->myauth.name,
3711 0);
3712 break;
3713
3714 case CHAP_SUCCESS:
3715 if (debug) {
3716 log(LOG_DEBUG, SPP_FMT "chap success",
3717 SPP_ARGS(ifp));
3718 if (len > 4) {
3719 addlog(": ");
3720 sppp_print_string((char*)(h + 1), len - 4);
3721 }
3722 addlog("\n");
3723 }
3724 x = splnet();
3725 sp->pp_flags &= ~PP_NEEDAUTH;
3726 if (sp->myauth.proto == PPP_CHAP &&
3727 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) &&
3728 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) {
3729 /*
3730 * We are authenticator for CHAP but didn't
3731 * complete yet. Leave it to tlu to proceed
3732 * to network phase.
3733 */
3734 splx(x);
3735 break;
3736 }
3737 splx(x);
3738 sppp_phase_network(sp);
3739 break;
3740
3741 case CHAP_FAILURE:
3742 if (debug) {
3743 log(LOG_INFO, SPP_FMT "chap failure",
3744 SPP_ARGS(ifp));
3745 if (len > 4) {
3746 addlog(": ");
3747 sppp_print_string((char*)(h + 1), len - 4);
3748 }
3749 addlog("\n");
3750 } else
3751 log(LOG_INFO, SPP_FMT "chap failure\n",
3752 SPP_ARGS(ifp));
3753 /* await LCP shutdown by authenticator */
3754 break;
3755
3756 /* response is my authproto */
3757 case CHAP_RESPONSE:
3758 value = 1 + (u_char*)(h+1);
3759 value_len = value[-1];
3760 name = value + value_len;
3761 name_len = len - value_len - 5;
3762 if (name_len < 0) {
3763 if (debug) {
3764 log(LOG_DEBUG,
3765 SPP_FMT "chap corrupted response "
3766 "<%s id=0x%x len=%d",
3767 SPP_ARGS(ifp),
3768 sppp_auth_type_name(PPP_CHAP, h->type),
3769 h->ident, ntohs(h->len));
3770 if (len > 4)
3771 sppp_print_bytes((u_char*)(h+1), len-4);
3772 addlog(">\n");
3773 }
3774 break;
3775 }
3776 if (h->ident != sp->confid[IDX_CHAP]) {
3777 if (debug)
3778 log(LOG_DEBUG,
3779 SPP_FMT "chap dropping response for old ID "
3780 "(got %d, expected %d)\n",
3781 SPP_ARGS(ifp),
3782 h->ident, sp->confid[IDX_CHAP]);
3783 break;
3784 }
3785 if (name_len != strlen(sp->hisauth.name)
3786 || bcmp(name, sp->hisauth.name, name_len) != 0) {
3787 log(LOG_INFO, SPP_FMT "chap response, his name ",
3788 SPP_ARGS(ifp));
3789 sppp_print_string(name, name_len);
3790 addlog(" != expected ");
3791 sppp_print_string(sp->hisauth.name,
3792 strlen(sp->hisauth.name));
3793 addlog("\n");
3794 }
3795 if (debug) {
3796 log(LOG_DEBUG, SPP_FMT "chap input(%s) "
3797 "<%s id=0x%x len=%d name=",
3798 SPP_ARGS(ifp),
3799 sppp_state_name(sp->state[IDX_CHAP]),
3800 sppp_auth_type_name(PPP_CHAP, h->type),
3801 h->ident, ntohs (h->len));
3802 sppp_print_string((char*)name, name_len);
3803 addlog(" value-size=%d value=", value_len);
3804 sppp_print_bytes(value, value_len);
3805 addlog(">\n");
3806 }
3807 if (value_len != AUTHCHALEN) {
3808 if (debug)
3809 log(LOG_DEBUG,
3810 SPP_FMT "chap bad hash value length: "
3811 "%d bytes, should be %d\n",
3812 SPP_ARGS(ifp), value_len,
3813 AUTHCHALEN);
3814 break;
3815 }
3816
3817 MD5Init(&ctx);
3818 MD5Update(&ctx, &h->ident, 1);
3819 MD5Update(&ctx, sp->hisauth.secret, strlen(sp->hisauth.secret));
3820 MD5Update(&ctx, sp->chap_challenge, AUTHCHALEN);
3821 MD5Final(digest, &ctx);
3822
3823 #define FAILMSG "Failed..."
3824 #define SUCCMSG "Welcome!"
3825
3826 if (value_len != sizeof digest ||
3827 timingsafe_bcmp(digest, value, value_len) != 0) {
3828 /* action scn, tld */
3829 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident,
3830 sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
3831 0);
3832 chap.tld(sp);
3833 break;
3834 }
3835 /* action sca, perhaps tlu */
3836 if (sp->state[IDX_CHAP] == STATE_REQ_SENT ||
3837 sp->state[IDX_CHAP] == STATE_OPENED)
3838 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident,
3839 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
3840 0);
3841 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) {
3842 sppp_cp_change_state(&chap, sp, STATE_OPENED);
3843 chap.tlu(sp);
3844 }
3845 break;
3846
3847 default:
3848 /* Unknown CHAP packet type -- ignore. */
3849 if (debug) {
3850 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) "
3851 "<0x%x id=0x%xh len=%d",
3852 SPP_ARGS(ifp),
3853 sppp_state_name(sp->state[IDX_CHAP]),
3854 h->type, h->ident, ntohs(h->len));
3855 if (len > 4)
3856 sppp_print_bytes((u_char*)(h+1), len-4);
3857 addlog(">\n");
3858 }
3859 break;
3860
3861 }
3862 }
3863
3864 void
3865 sppp_chap_init(struct sppp *sp)
3866 {
3867 /* Chap doesn't have STATE_INITIAL at all. */
3868 sp->state[IDX_CHAP] = STATE_CLOSED;
3869 sp->fail_counter[IDX_CHAP] = 0;
3870 }
3871
3872 void
3873 sppp_chap_open(struct sppp *sp)
3874 {
3875 if (sp->myauth.proto == PPP_CHAP &&
3876 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
3877 /* we are authenticator for CHAP, start it */
3878 chap.scr(sp);
3879 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
3880 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
3881 }
3882 /* nothing to be done if we are peer, await a challenge */
3883 }
3884
3885 void
3886 sppp_chap_close(struct sppp *sp)
3887 {
3888 if (sp->state[IDX_CHAP] != STATE_CLOSED)
3889 sppp_cp_change_state(&chap, sp, STATE_CLOSED);
3890 }
3891
3892 void
3893 sppp_chap_TO(void *cookie)
3894 {
3895 struct sppp *sp = (struct sppp *)cookie;
3896 STDDCL;
3897 int s;
3898
3899 s = splnet();
3900 if (debug)
3901 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n",
3902 SPP_ARGS(ifp),
3903 sppp_state_name(sp->state[IDX_CHAP]),
3904 sp->rst_counter[IDX_CHAP]);
3905
3906 if (--sp->rst_counter[IDX_CHAP] < 0)
3907 /* TO- event */
3908 switch (sp->state[IDX_CHAP]) {
3909 case STATE_REQ_SENT:
3910 chap.tld(sp);
3911 sppp_cp_change_state(&chap, sp, STATE_CLOSED);
3912 break;
3913 }
3914 else
3915 /* TO+ (or TO*) event */
3916 switch (sp->state[IDX_CHAP]) {
3917 case STATE_OPENED:
3918 /* TO* event */
3919 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
3920 /* FALLTHROUGH */
3921 case STATE_REQ_SENT:
3922 chap.scr(sp);
3923 /* sppp_cp_change_state() will restart the timer */
3924 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
3925 break;
3926 }
3927
3928 splx(s);
3929 }
3930
3931 void
3932 sppp_chap_tlu(struct sppp *sp)
3933 {
3934 STDDCL;
3935 int i = 0, x;
3936
3937 i = 0;
3938 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
3939
3940 /*
3941 * Some broken CHAP implementations (Conware CoNet, firmware
3942 * 4.0.?) don't want to re-authenticate their CHAP once the
3943 * initial challenge-response exchange has taken place.
3944 * Provide for an option to avoid rechallenges.
3945 */
3946 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) {
3947 /*
3948 * Compute the re-challenge timeout. This will yield
3949 * a number between 300 and 810 seconds.
3950 */
3951 i = 300 + (arc4random() & 0x01fe);
3952
3953 timeout_add_sec(&sp->ch[IDX_CHAP], i);
3954 }
3955
3956 if (debug) {
3957 log(LOG_DEBUG,
3958 SPP_FMT "chap %s, ",
3959 SPP_ARGS(ifp),
3960 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu");
3961 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0)
3962 addlog("next re-challenge in %d seconds\n", i);
3963 else
3964 addlog("re-challenging suppressed\n");
3965 }
3966
3967 x = splnet();
3968 /* indicate to LCP that we need to be closed down */
3969 sp->lcp.protos |= (1 << IDX_CHAP);
3970
3971 if (sp->pp_flags & PP_NEEDAUTH) {
3972 /*
3973 * Remote is authenticator, but his auth proto didn't
3974 * complete yet. Defer the transition to network
3975 * phase.
3976 */
3977 splx(x);
3978 return;
3979 }
3980 splx(x);
3981
3982 /*
3983 * If we are already in phase network, we are done here. This
3984 * is the case if this is a dummy tlu event after a re-challenge.
3985 */
3986 if (sp->pp_phase != PHASE_NETWORK)
3987 sppp_phase_network(sp);
3988 }
3989
3990 void
3991 sppp_chap_tld(struct sppp *sp)
3992 {
3993 STDDCL;
3994
3995 if (debug)
3996 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp));
3997 UNTIMEOUT(chap.TO, (void *)sp, sp->ch[IDX_CHAP]);
3998 sp->lcp.protos &= ~(1 << IDX_CHAP);
3999
4000 lcp.Close(sp);
4001 }
4002
4003 void
4004 sppp_chap_scr(struct sppp *sp)
4005 {
4006 u_char clen;
4007
4008 /* Compute random challenge. */
4009 arc4random_buf(sp->chap_challenge, sizeof(sp->chap_challenge));
4010 clen = AUTHCHALEN;
4011
4012 sp->confid[IDX_CHAP] = ++sp->pp_seq;
4013
4014 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP],
4015 sizeof clen, (const char *)&clen,
4016 (size_t)AUTHCHALEN, sp->chap_challenge,
4017 strlen(sp->myauth.name),
4018 sp->myauth.name,
4019 0);
4020 }
4021 �/*
4022 *--------------------------------------------------------------------------*
4023 * *
4024 * The PAP implementation. *
4025 * *
4026 *--------------------------------------------------------------------------*
4027 */
4028 /*
4029 * For PAP, we need to keep a little state also if we are the peer, not the
4030 * authenticator. This is since we don't get a request to authenticate, but
4031 * have to repeatedly authenticate ourself until we got a response (or the
4032 * retry counter is expired).
4033 */
4034
4035 /*
4036 * Handle incoming PAP packets. */
4037 void
4038 sppp_pap_input(struct sppp *sp, struct mbuf *m)
4039 {
4040 STDDCL;
4041 struct lcp_header *h;
4042 int len, x;
4043 u_char *name, *passwd, mlen;
4044 int name_len, passwd_len;
4045
4046 len = m->m_pkthdr.len;
4047 if (len < 5) {
4048 if (debug)
4049 log(LOG_DEBUG,
4050 SPP_FMT "pap invalid packet length: %d bytes\n",
4051 SPP_ARGS(ifp), len);
4052 return;
4053 }
4054 h = mtod (m, struct lcp_header*);
4055 if (len > ntohs (h->len))
4056 len = ntohs (h->len);
4057 switch (h->type) {
4058 /* PAP request is my authproto */
4059 case PAP_REQ:
4060 name = 1 + (u_char*)(h+1);
4061 name_len = name[-1];
4062 passwd = name + name_len + 1;
4063 if (name_len > len - 6 ||
4064 (passwd_len = passwd[-1]) > len - 6 - name_len) {
4065 if (debug) {
4066 log(LOG_DEBUG, SPP_FMT "pap corrupted input "
4067 "<%s id=0x%x len=%d",
4068 SPP_ARGS(ifp),
4069 sppp_auth_type_name(PPP_PAP, h->type),
4070 h->ident, ntohs(h->len));
4071 if (len > 4)
4072 sppp_print_bytes((u_char*)(h+1), len-4);
4073 addlog(">\n");
4074 }
4075 break;
4076 }
4077 if (debug) {
4078 log(LOG_DEBUG, SPP_FMT "pap input(%s) "
4079 "<%s id=0x%x len=%d name=",
4080 SPP_ARGS(ifp),
4081 sppp_state_name(sp->state[IDX_PAP]),
4082 sppp_auth_type_name(PPP_PAP, h->type),
4083 h->ident, ntohs(h->len));
4084 sppp_print_string((char*)name, name_len);
4085 addlog(" passwd=");
4086 sppp_print_string((char*)passwd, passwd_len);
4087 addlog(">\n");
4088 }
4089 if (name_len > AUTHMAXLEN ||
4090 passwd_len > AUTHMAXLEN ||
4091 bcmp(name, sp->hisauth.name, name_len) != 0 ||
4092 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) {
4093 /* action scn, tld */
4094 mlen = sizeof(FAILMSG) - 1;
4095 sppp_auth_send(&pap, sp, PAP_NAK, h->ident,
4096 sizeof mlen, (const char *)&mlen,
4097 sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
4098 0);
4099 pap.tld(sp);
4100 break;
4101 }
4102 /* action sca, perhaps tlu */
4103 if (sp->state[IDX_PAP] == STATE_REQ_SENT ||
4104 sp->state[IDX_PAP] == STATE_OPENED) {
4105 mlen = sizeof(SUCCMSG) - 1;
4106 sppp_auth_send(&pap, sp, PAP_ACK, h->ident,
4107 sizeof mlen, (const char *)&mlen,
4108 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
4109 0);
4110 }
4111 if (sp->state[IDX_PAP] == STATE_REQ_SENT) {
4112 sppp_cp_change_state(&pap, sp, STATE_OPENED);
4113 pap.tlu(sp);
4114 }
4115 break;
4116
4117 /* ack and nak are his authproto */
4118 case PAP_ACK:
4119 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
4120 if (debug) {
4121 log(LOG_DEBUG, SPP_FMT "pap success",
4122 SPP_ARGS(ifp));
4123 name_len = *((char *)h);
4124 if (len > 5 && name_len) {
4125 addlog(": ");
4126 sppp_print_string((char*)(h+1), name_len);
4127 }
4128 addlog("\n");
4129 }
4130 x = splnet();
4131 sp->pp_flags &= ~PP_NEEDAUTH;
4132 if (sp->myauth.proto == PPP_PAP &&
4133 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) &&
4134 (sp->lcp.protos & (1 << IDX_PAP)) == 0) {
4135 /*
4136 * We are authenticator for PAP but didn't
4137 * complete yet. Leave it to tlu to proceed
4138 * to network phase.
4139 */
4140 splx(x);
4141 break;
4142 }
4143 splx(x);
4144 sppp_phase_network(sp);
4145 break;
4146
4147 case PAP_NAK:
4148 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
4149 if (debug) {
4150 log(LOG_INFO, SPP_FMT "pap failure",
4151 SPP_ARGS(ifp));
4152 name_len = *((char *)h);
4153 if (len > 5 && name_len) {
4154 addlog(": ");
4155 sppp_print_string((char*)(h+1), name_len);
4156 }
4157 addlog("\n");
4158 } else
4159 log(LOG_INFO, SPP_FMT "pap failure\n",
4160 SPP_ARGS(ifp));
4161 /* await LCP shutdown by authenticator */
4162 break;
4163
4164 default:
4165 /* Unknown PAP packet type -- ignore. */
4166 if (debug) {
4167 log(LOG_DEBUG, SPP_FMT "pap corrupted input "
4168 "<0x%x id=0x%x len=%d",
4169 SPP_ARGS(ifp),
4170 h->type, h->ident, ntohs(h->len));
4171 if (len > 4)
4172 sppp_print_bytes((u_char*)(h+1), len-4);
4173 addlog(">\n");
4174 }
4175 break;
4176
4177 }
4178 }
4179
4180 void
4181 sppp_pap_init(struct sppp *sp)
4182 {
4183 /* PAP doesn't have STATE_INITIAL at all. */
4184 sp->state[IDX_PAP] = STATE_CLOSED;
4185 sp->fail_counter[IDX_PAP] = 0;
4186 }
4187
4188 void
4189 sppp_pap_open(struct sppp *sp)
4190 {
4191 if (sp->hisauth.proto == PPP_PAP &&
4192 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
4193 /* we are authenticator for PAP, start our timer */
4194 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
4195 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
4196 }
4197 if (sp->myauth.proto == PPP_PAP) {
4198 /* we are peer, send a request, and start a timer */
4199 pap.scr(sp);
4200 timeout_add(&sp->pap_my_to_ch, sp->lcp.timeout);
4201 }
4202 }
4203
4204 void
4205 sppp_pap_close(struct sppp *sp)
4206 {
4207 if (sp->state[IDX_PAP] != STATE_CLOSED)
4208 sppp_cp_change_state(&pap, sp, STATE_CLOSED);
4209 }
4210
4211 /*
4212 * That's the timeout routine if we are authenticator. Since the
4213 * authenticator is basically passive in PAP, we can't do much here.
4214 */
4215 void
4216 sppp_pap_TO(void *cookie)
4217 {
4218 struct sppp *sp = (struct sppp *)cookie;
4219 STDDCL;
4220 int s;
4221
4222 s = splnet();
4223 if (debug)
4224 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n",
4225 SPP_ARGS(ifp),
4226 sppp_state_name(sp->state[IDX_PAP]),
4227 sp->rst_counter[IDX_PAP]);
4228
4229 if (--sp->rst_counter[IDX_PAP] < 0)
4230 /* TO- event */
4231 switch (sp->state[IDX_PAP]) {
4232 case STATE_REQ_SENT:
4233 pap.tld(sp);
4234 sppp_cp_change_state(&pap, sp, STATE_CLOSED);
4235 break;
4236 }
4237 else
4238 /* TO+ event, not very much we could do */
4239 switch (sp->state[IDX_PAP]) {
4240 case STATE_REQ_SENT:
4241 /* sppp_cp_change_state() will restart the timer */
4242 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
4243 break;
4244 }
4245
4246 splx(s);
4247 }
4248
4249 /*
4250 * That's the timeout handler if we are peer. Since the peer is active,
4251 * we need to retransmit our PAP request since it is apparently lost.
4252 * XXX We should impose a max counter.
4253 */
4254 void
4255 sppp_pap_my_TO(void *cookie)
4256 {
4257 struct sppp *sp = (struct sppp *)cookie;
4258 STDDCL;
4259
4260 if (debug)
4261 log(LOG_DEBUG, SPP_FMT "pap peer TO\n",
4262 SPP_ARGS(ifp));
4263
4264 pap.scr(sp);
4265 }
4266
4267 void
4268 sppp_pap_tlu(struct sppp *sp)
4269 {
4270 STDDCL;
4271 int x;
4272
4273 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
4274
4275 if (debug)
4276 log(LOG_DEBUG, SPP_FMT "%s tlu\n",
4277 SPP_ARGS(ifp), pap.name);
4278
4279 x = splnet();
4280 /* indicate to LCP that we need to be closed down */
4281 sp->lcp.protos |= (1 << IDX_PAP);
4282
4283 if (sp->pp_flags & PP_NEEDAUTH) {
4284 /*
4285 * Remote is authenticator, but his auth proto didn't
4286 * complete yet. Defer the transition to network
4287 * phase.
4288 */
4289 splx(x);
4290 return;
4291 }
4292 splx(x);
4293 sppp_phase_network(sp);
4294 }
4295
4296 void
4297 sppp_pap_tld(struct sppp *sp)
4298 {
4299 STDDCL;
4300
4301 if (debug)
4302 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp));
4303 UNTIMEOUT(pap.TO, (void *)sp, sp->ch[IDX_PAP]);
4304 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
4305 sp->lcp.protos &= ~(1 << IDX_PAP);
4306
4307 lcp.Close(sp);
4308 }
4309
4310 void
4311 sppp_pap_scr(struct sppp *sp)
4312 {
4313 u_char idlen, pwdlen;
4314
4315 sp->confid[IDX_PAP] = ++sp->pp_seq;
4316 pwdlen = strlen(sp->myauth.secret);
4317 idlen = strlen(sp->myauth.name);
4318
4319 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP],
4320 sizeof idlen, (const char *)&idlen,
4321 (size_t)idlen, sp->myauth.name,
4322 sizeof pwdlen, (const char *)&pwdlen,
4323 (size_t)pwdlen, sp->myauth.secret,
4324 0);
4325 }
4326 �/*
4327 * Random miscellaneous functions.
4328 */
4329
4330 /*
4331 * Send a PAP or CHAP proto packet.
4332 *
4333 * Varadic function, each of the elements for the ellipsis is of type
4334 * ``size_t mlen, const u_char *msg''. Processing will stop iff
4335 * mlen == 0.
4336 */
4337
4338 void
4339 sppp_auth_send(const struct cp *cp, struct sppp *sp,
4340 unsigned int type, u_int id, ...)
4341 {
4342 STDDCL;
4343 struct ppp_header *h;
4344 struct lcp_header *lh;
4345 struct mbuf *m;
4346 u_char *p;
4347 int len;
4348 size_t pkthdrlen;
4349 unsigned int mlen;
4350 const char *msg;
4351 va_list ap;
4352
4353 MGETHDR (m, M_DONTWAIT, MT_DATA);
4354 if (! m)
4355 return;
4356 m->m_pkthdr.rcvif = 0;
4357
4358 if (sp->pp_flags & PP_NOFRAMING) {
4359 *mtod(m, u_int16_t *) = htons(cp->proto);
4360 pkthdrlen = 2;
4361 lh = (struct lcp_header *)(mtod(m, u_int8_t *) + 2);
4362 } else {
4363 h = mtod (m, struct ppp_header*);
4364 h->address = PPP_ALLSTATIONS; /* broadcast address */
4365 h->control = PPP_UI; /* Unnumbered Info */
4366 h->protocol = htons(cp->proto);
4367 pkthdrlen = PPP_HEADER_LEN;
4368 lh = (struct lcp_header*)(h + 1);
4369 }
4370
4371 lh->type = type;
4372 lh->ident = id;
4373 p = (u_char*) (lh+1);
4374
4375 va_start(ap, id);
4376 len = 0;
4377
4378 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) {
4379 msg = va_arg(ap, const char *);
4380 len += mlen;
4381 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) {
4382 va_end(ap);
4383 m_freem(m);
4384 return;
4385 }
4386
4387 bcopy(msg, p, mlen);
4388 p += mlen;
4389 }
4390 va_end(ap);
4391
4392 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len;
4393 lh->len = htons (LCP_HEADER_LEN + len);
4394
4395 if (debug) {
4396 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d",
4397 SPP_ARGS(ifp), cp->name,
4398 sppp_auth_type_name(cp->proto, lh->type),
4399 lh->ident, ntohs(lh->len));
4400 if (len)
4401 sppp_print_bytes((u_char*) (lh+1), len);
4402 addlog(">\n");
4403 }
4404 if (IF_QFULL (&sp->pp_cpq)) {
4405 IF_DROP (&ifp->if_snd);
4406 m_freem (m);
4407 ++ifp->if_oerrors;
4408 m = NULL;
4409 } else
4410 IF_ENQUEUE (&sp->pp_cpq, m);
4411 if (! (ifp->if_flags & IFF_OACTIVE))
4412 (*ifp->if_start) (ifp);
4413 if (m != NULL)
4414 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes;
4415 }
4416
4417 /*
4418 * Flush interface queue.
4419 */
4420 void
4421 sppp_qflush(struct ifqueue *ifq)
4422 {
4423 IF_PURGE(ifq);
4424 }
4425
4426 /*
4427 * Send keepalive packets, every 10 seconds.
4428 */
4429 void
4430 sppp_keepalive(void *dummy)
4431 {
4432 struct sppp *sp;
4433 int s;
4434 struct timeval tv;
4435
4436 s = splnet();
4437 getmicrouptime(&tv);
4438 for (sp=spppq; sp; sp=sp->pp_next) {
4439 struct ifnet *ifp = &sp->pp_if;
4440
4441 /* Keepalive mode disabled or channel down? */
4442 if (! (sp->pp_flags & PP_KEEPALIVE) ||
4443 ! (ifp->if_flags & IFF_RUNNING))
4444 continue;
4445
4446 /* No keepalive in PPP mode if LCP not opened yet. */
4447 if (! (sp->pp_flags & PP_CISCO) &&
4448 sp->pp_phase < PHASE_AUTHENTICATE)
4449 continue;
4450
4451 /* No echo reply, but maybe user data passed through? */
4452 if (!(sp->pp_flags & PP_CISCO) &&
4453 (tv.tv_sec - sp->pp_last_receive) < NORECV_TIME) {
4454 sp->pp_alivecnt = 0;
4455 continue;
4456 }
4457
4458 if (sp->pp_alivecnt >= MAXALIVECNT) {
4459 /* No keepalive packets got. Stop the interface. */
4460 if_down (ifp);
4461 sppp_qflush (&sp->pp_cpq);
4462 if (! (sp->pp_flags & PP_CISCO)) {
4463 log(LOG_INFO, SPP_FMT "LCP keepalive timeout\n",
4464 SPP_ARGS(ifp));
4465 sp->pp_alivecnt = 0;
4466
4467 /* we are down, close all open protocols */
4468 lcp.Close(sp);
4469
4470 /* And now prepare LCP to reestablish the link, if configured to do so. */
4471 sppp_cp_change_state(&lcp, sp, STATE_STOPPED);
4472
4473 /* Close connection immediately, completition of this
4474 * will summon the magic needed to reestablish it. */
4475 if (sp->pp_tlf)
4476 sp->pp_tlf(sp);
4477 continue;
4478 }
4479 }
4480 if (sp->pp_alivecnt < MAXALIVECNT)
4481 ++sp->pp_alivecnt;
4482 if (sp->pp_flags & PP_CISCO)
4483 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, ++sp->pp_seq,
4484 sp->pp_rseq);
4485 else if (sp->pp_phase >= PHASE_AUTHENTICATE) {
4486 u_int32_t nmagic = htonl(sp->lcp.magic);
4487 sp->lcp.echoid = ++sp->pp_seq;
4488 sppp_cp_send (sp, PPP_LCP, ECHO_REQ,
4489 sp->lcp.echoid, 4, &nmagic);
4490 }
4491 }
4492 splx(s);
4493 timeout_add_sec(&keepalive_ch, 10);
4494 }
4495
4496 /*
4497 * Get both IP addresses.
4498 */
4499 void
4500 sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst,
4501 u_int32_t *srcmask)
4502 {
4503 struct ifnet *ifp = &sp->pp_if;
4504 struct ifaddr *ifa;
4505 struct sockaddr_in *si, *sm = 0;
4506 u_int32_t ssrc, ddst;
4507
4508 sm = NULL;
4509 ssrc = ddst = 0;
4510 /*
4511 * Pick the first AF_INET address from the list,
4512 * aliases don't make any sense on a p2p link anyway.
4513 */
4514 si = 0;
4515 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
4516 {
4517 if (ifa->ifa_addr->sa_family == AF_INET) {
4518 si = (struct sockaddr_in *)ifa->ifa_addr;
4519 sm = (struct sockaddr_in *)ifa->ifa_netmask;
4520 if (si)
4521 break;
4522 }
4523 }
4524 if (ifa) {
4525 if (si && si->sin_addr.s_addr) {
4526 ssrc = si->sin_addr.s_addr;
4527 if (srcmask)
4528 *srcmask = ntohl(sm->sin_addr.s_addr);
4529 }
4530
4531 si = (struct sockaddr_in *)ifa->ifa_dstaddr;
4532 if (si && si->sin_addr.s_addr)
4533 ddst = si->sin_addr.s_addr;
4534 }
4535
4536 if (dst) *dst = ntohl(ddst);
4537 if (src) *src = ntohl(ssrc);
4538 }
4539
4540 int
4541 sppp_update_gw_walker(struct radix_node *rn, void *arg, u_int id)
4542 {
4543 struct ifnet *ifp = arg;
4544 struct rtentry *rt = (struct rtentry *)rn;
4545
4546 if (rt->rt_ifp == ifp) {
4547 if (rt->rt_ifa->ifa_dstaddr->sa_family !=
4548 rt->rt_gateway->sa_family ||
4549 (rt->rt_flags & RTF_GATEWAY) == 0)
4550 return (0); /* do not modify non-gateway routes */
4551 bcopy(rt->rt_ifa->ifa_dstaddr, rt->rt_gateway,
4552 rt->rt_ifa->ifa_dstaddr->sa_len);
4553 }
4554 return (0);
4555 }
4556
4557 void
4558 sppp_update_gw(struct ifnet *ifp)
4559 {
4560 struct radix_node_head *rnh;
4561 u_int tid;
4562
4563 /* update routing table */
4564 for (tid = 0; tid <= RT_TABLEID_MAX; tid++) {
4565 if ((rnh = rtable_get(tid, AF_INET)) != NULL) {
4566 while ((*rnh->rnh_walktree)(rnh,
4567 sppp_update_gw_walker, ifp) == EAGAIN)
4568 ; /* nothing */
4569 }
4570 }
4571 }
4572
4573 /*
4574 * Task adding addresses from process context.
4575 * If an address is 0, leave it the way it is.
4576 */
4577 void
4578 sppp_set_ip_addrs(void *arg1, void *arg2)
4579 {
4580 struct sppp *sp = arg1;
4581 u_int32_t myaddr;
4582 u_int32_t hisaddr;
4583 struct ifnet *ifp = &sp->pp_if;
4584 int debug = ifp->if_flags & IFF_DEBUG;
4585 struct ifaddr *ifa;
4586 struct sockaddr_in *si;
4587 struct sockaddr_in *dest;
4588 int s;
4589
4590 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, NULL);
4591 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) &&
4592 (sp->ipcp.flags & IPCP_MYADDR_SEEN))
4593 myaddr = sp->ipcp.req_myaddr;
4594 if ((sp->ipcp.flags & IPCP_HISADDR_DYN) &&
4595 (sp->ipcp.flags & IPCP_HISADDR_SEEN))
4596 hisaddr = sp->ipcp.req_hisaddr;
4597
4598 s = splsoftnet();
4599
4600 /*
4601 * Pick the first AF_INET address from the list,
4602 * aliases don't make any sense on a p2p link anyway.
4603 */
4604
4605 si = 0;
4606 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
4607 {
4608 if (ifa->ifa_addr->sa_family == AF_INET)
4609 {
4610 si = (struct sockaddr_in *)ifa->ifa_addr;
4611 dest = (struct sockaddr_in *)ifa->ifa_dstaddr;
4612 if (si)
4613 break;
4614 }
4615 }
4616
4617 if (ifa && si) {
4618 int error;
4619 struct sockaddr_in new_sin = *si;
4620 struct sockaddr_in new_dst = *dest;
4621
4622 in_ifscrub(ifp, ifatoia(ifa));
4623
4624 if (myaddr != 0)
4625 new_sin.sin_addr.s_addr = htonl(myaddr);
4626 if (hisaddr != 0) {
4627 new_dst.sin_addr.s_addr = htonl(hisaddr);
4628 if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) {
4629 sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr;
4630 *dest = new_dst; /* fix dstaddr in place */
4631 }
4632 }
4633 if (!(error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 0)))
4634 dohooks(ifp->if_addrhooks, 0);
4635 if (debug && error) {
4636 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addrs: in_ifinit "
4637 " failed, error=%d\n", SPP_ARGS(ifp), error);
4638 splx(s);
4639 return;
4640 }
4641 sppp_update_gw(ifp);
4642 }
4643 splx(s);
4644 }
4645
4646 /*
4647 * Task clearing addresses from process context.
4648 * Clear IP addresses.
4649 */
4650 void
4651 sppp_clear_ip_addrs(void *arg1, void *arg2)
4652 {
4653 struct sppp *sp = (struct sppp *)arg1;
4654 struct ifnet *ifp = &sp->pp_if;
4655 int debug = ifp->if_flags & IFF_DEBUG;
4656 struct ifaddr *ifa;
4657 struct sockaddr_in *si;
4658 struct sockaddr_in *dest;
4659 u_int32_t remote;
4660 int s;
4661
4662 s = splsoftnet();
4663
4664 if (sp->ipcp.flags & IPCP_HISADDR_DYN)
4665 remote = sp->ipcp.saved_hisaddr;
4666 else
4667 sppp_get_ip_addrs(sp, 0, &remote, 0);
4668
4669 /*
4670 * Pick the first AF_INET address from the list,
4671 * aliases don't make any sense on a p2p link anyway.
4672 */
4673
4674 si = 0;
4675 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
4676 if (ifa->ifa_addr->sa_family == AF_INET) {
4677 si = (struct sockaddr_in *)ifa->ifa_addr;
4678 dest = (struct sockaddr_in *)ifa->ifa_dstaddr;
4679 if (si)
4680 break;
4681 }
4682 }
4683
4684 if (ifa && si) {
4685 int error;
4686 struct sockaddr_in new_sin = *si;
4687
4688 in_ifscrub(ifp, ifatoia(ifa));
4689 if (sp->ipcp.flags & IPCP_MYADDR_DYN)
4690 new_sin.sin_addr.s_addr = 0;
4691 if (sp->ipcp.flags & IPCP_HISADDR_DYN)
4692 /* replace peer addr in place */
4693 dest->sin_addr.s_addr = sp->ipcp.saved_hisaddr;
4694 if (!(error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 0)))
4695 dohooks(ifp->if_addrhooks, 0);
4696 if (debug && error) {
4697 log(LOG_DEBUG, SPP_FMT "sppp_clear_ip_addrs: in_ifinit "
4698 " failed, error=%d\n", SPP_ARGS(ifp), error);
4699 splx(s);
4700 return;
4701 }
4702 sppp_update_gw(ifp);
4703 }
4704 splx(s);
4705 }
4706
4707
4708 #ifdef INET6
4709 /*
4710 * Get both IPv6 addresses.
4711 */
4712 void
4713 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst,
4714 struct in6_addr *srcmask)
4715 {
4716 struct ifnet *ifp = &sp->pp_if;
4717 struct in6_ifaddr *ia6;
4718 struct in6_addr ssrc, ddst;
4719
4720 bzero(&ssrc, sizeof(ssrc));
4721 bzero(&ddst, sizeof(ddst));
4722 /*
4723 * Pick the first link-local AF_INET6 address from the list,
4724 * aliases don't make any sense on a p2p link anyway.
4725 */
4726 ia6 = in6ifa_ifpforlinklocal(ifp, 0);
4727 if (ia6) {
4728 if (!IN6_IS_ADDR_UNSPECIFIED(&ia6->ia_addr.sin6_addr)) {
4729 bcopy(&ia6->ia_addr.sin6_addr, &ssrc, sizeof(ssrc));
4730 if (srcmask) {
4731 bcopy(&ia6->ia_prefixmask.sin6_addr, srcmask,
4732 sizeof(*srcmask));
4733 }
4734 }
4735
4736 if (!IN6_IS_ADDR_UNSPECIFIED(&ia6->ia_dstaddr.sin6_addr))
4737 bcopy(&ia6->ia_dstaddr.sin6_addr, &ddst, sizeof(ddst));
4738 }
4739
4740 if (dst)
4741 bcopy(&ddst, dst, sizeof(*dst));
4742 if (src)
4743 bcopy(&ssrc, src, sizeof(*src));
4744 }
4745
4746 /* Task to update my IPv6 address from process context. */
4747 void
4748 sppp_update_ip6_addr(void *arg1, void *arg2)
4749 {
4750 struct sppp *sp = arg1;
4751 struct ifnet *ifp = &sp->pp_if;
4752 struct in6_aliasreq *ifra = arg2;
4753 struct in6_addr mask = in6mask128;
4754 struct in6_ifaddr *ia6;
4755 int s, error;
4756
4757 s = splnet();
4758
4759 ia6 = in6ifa_ifpforlinklocal(ifp, 0);
4760 if (ia6 == NULL) {
4761 /* IPv6 disabled? */
4762 splx(s);
4763 return;
4764 }
4765
4766 /*
4767 * Changing the link-local address requires purging all
4768 * existing addresses and routes for the interface first.
4769 */
4770 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) {
4771 in6_ifdetach(ifp);
4772 error = in6_ifattach_linklocal(ifp, &ifra->ifra_addr.sin6_addr);
4773 if (error)
4774 log(LOG_ERR, SPP_FMT
4775 "could not update IPv6 address (error %d)\n",
4776 SPP_ARGS(ifp), error);
4777 splx(s);
4778 return;
4779 }
4780
4781 /*
4782 * Code below changes address parameters only, not the address itself.
4783 */
4784
4785 /* Destination address can only be set for /128. */
4786 if (!in6_are_prefix_equal(&ia6->ia_prefixmask.sin6_addr, &mask, 128)) {
4787 ifra->ifra_dstaddr.sin6_len = 0;
4788 ifra->ifra_dstaddr.sin6_family = AF_UNSPEC;
4789 }
4790
4791 ifra->ifra_lifetime = ia6->ia6_lifetime;
4792
4793 error = in6_update_ifa(ifp, ifra, ia6);
4794 if (error) {
4795 log(LOG_ERR, SPP_FMT
4796 "could not update IPv6 address (error %d)\n",
4797 SPP_ARGS(ifp), error);
4798 }
4799 splx(s);
4800 }
4801
4802 /*
4803 * Configure my link-local address.
4804 */
4805 void
4806 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src,
4807 const struct in6_addr *dst)
4808 {
4809 struct ifnet *ifp = &sp->pp_if;
4810 struct in6_aliasreq *ifra = &sp->ipv6cp.req_ifid;
4811
4812 bzero(ifra, sizeof(*ifra));
4813 bcopy(ifp->if_xname, ifra->ifra_name, sizeof(ifra->ifra_name));
4814
4815 ifra->ifra_addr.sin6_len = sizeof(struct sockaddr_in6);
4816 ifra->ifra_addr.sin6_family = AF_INET6;
4817 ifra->ifra_addr.sin6_addr = *src;
4818 if (dst) {
4819 ifra->ifra_dstaddr.sin6_len = sizeof(struct sockaddr_in6);
4820 ifra->ifra_dstaddr.sin6_family = AF_INET6;
4821 ifra->ifra_dstaddr.sin6_addr = *dst;
4822 } else
4823 ifra->ifra_dstaddr.sin6_family = AF_UNSPEC;
4824
4825 /*
4826 * Don't change the existing prefixlen.
4827 * It is common to use a /64 for IPv6 over point-to-point links
4828 * to allow e.g. neighbour discovery and autoconf to work.
4829 * But it is legal to use other values.
4830 */
4831 ifra->ifra_prefixmask.sin6_family = AF_UNSPEC;
4832
4833 /* DAD is redundant after an IPv6CP exchange. */
4834 ifra->ifra_flags |= IN6_IFF_NODAD;
4835
4836 task_add(systq, &sp->ipv6cp.set_addr_task);
4837 }
4838
4839 /*
4840 * Generate an address that differs from our existing address.
4841 */
4842 void
4843 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest)
4844 {
4845 struct in6_addr myaddr;
4846 u_int32_t random;
4847
4848 sppp_get_ip6_addrs(sp, &myaddr, NULL, NULL);
4849
4850 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */
4851
4852 random = arc4random();
4853 if ((random & 0xff) == 0 && (random & 0xff00) == 0) {
4854 myaddr.s6_addr[14] ^= 0xff;
4855 myaddr.s6_addr[15] ^= 0xff;
4856 } else {
4857 myaddr.s6_addr[14] ^= (random & 0xff);
4858 myaddr.s6_addr[15] ^= ((random & 0xff00) >> 8);
4859 }
4860 myaddr.s6_addr16[1] = 0; /* KAME hack: clear ifindex */
4861 bcopy(&myaddr, suggest, sizeof(myaddr));
4862 }
4863 #endif /*INET6*/
4864
4865 int
4866 sppp_get_params(struct sppp *sp, struct ifreq *ifr)
4867 {
4868 int cmd;
4869
4870 if (copyin((caddr_t)ifr->ifr_data, &cmd, sizeof cmd) != 0)
4871 return EFAULT;
4872
4873 switch (cmd) {
4874 case SPPPIOGDEFS:
4875 {
4876 struct spppreq *spr;
4877
4878 spr = malloc(sizeof(*spr), M_DEVBUF, M_WAITOK);
4879 spr->cmd = cmd;
4880 spr->phase = sp->pp_phase;
4881
4882 if (copyout(spr, (caddr_t)ifr->ifr_data, sizeof(*spr)) != 0) {
4883 free(spr, M_DEVBUF, 0);
4884 return EFAULT;
4885 }
4886 free(spr, M_DEVBUF, 0);
4887 break;
4888 }
4889 case SPPPIOGMAUTH:
4890 case SPPPIOGHAUTH:
4891 {
4892 struct sauthreq *spa;
4893 struct sauth *auth;
4894
4895 spa = malloc(sizeof(*spa), M_DEVBUF, M_WAITOK);
4896 auth = (cmd == SPPPIOGMAUTH) ? &sp->myauth : &sp->hisauth;
4897 bzero(spa, sizeof(*spa));
4898 spa->proto = auth->proto;
4899 spa->flags = auth->flags;
4900
4901 /* do not copy the secret, and only let root know the name */
4902 if (auth->name != NULL && suser(curproc, 0) == 0)
4903 strlcpy(spa->name, auth->name, sizeof(spa->name));
4904
4905 if (copyout(spa, (caddr_t)ifr->ifr_data, sizeof(*spa)) != 0) {
4906 free(spa, M_DEVBUF, 0);
4907 return EFAULT;
4908 }
4909 free(spa, M_DEVBUF, 0);
4910 break;
4911 }
4912 default:
4913 return EINVAL;
4914 }
4915
4916 return 0;
4917 }
4918
4919
4920 int
4921 sppp_set_params(struct sppp *sp, struct ifreq *ifr)
4922 {
4923 int cmd;
4924
4925 if (copyin((caddr_t)ifr->ifr_data, &cmd, sizeof cmd) != 0)
4926 return EFAULT;
4927
4928 /*
4929 * We have a very specific idea of which fields we allow
4930 * being passed back from userland, so to not clobber our
4931 * current state. For one, we only allow setting
4932 * anything if LCP is in dead phase. Once the LCP
4933 * negotiations started, the authentication settings must
4934 * not be changed again. (The administrator can force an
4935 * ifconfig down in order to get LCP back into dead
4936 * phase.)
4937 */
4938 if (sp->pp_phase != PHASE_DEAD)
4939 return EBUSY;
4940
4941 switch (cmd) {
4942 case SPPPIOSDEFS:
4943 {
4944 struct spppreq *spr;
4945
4946 spr = malloc(sizeof(*spr), M_DEVBUF, M_WAITOK);
4947
4948 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(*spr)) != 0) {
4949 free(spr, M_DEVBUF, 0);
4950 return EFAULT;
4951 }
4952 /*
4953 * Also, we only allow for authentication parameters to be
4954 * specified.
4955 *
4956 * XXX Should allow to set or clear pp_flags.
4957 */
4958 free(spr, M_DEVBUF, 0);
4959 break;
4960 }
4961 case SPPPIOSMAUTH:
4962 case SPPPIOSHAUTH:
4963 {
4964 /*
4965 * Finally, if the respective authentication protocol to
4966 * be used is set differently than 0, but the secret is
4967 * passed as all zeros, we don't trash the existing secret.
4968 * This allows an administrator to change the system name
4969 * only without clobbering the secret (which he didn't get
4970 * back in a previous SPPPIOGXAUTH call). However, the
4971 * secrets are cleared if the authentication protocol is
4972 * reset to 0.
4973 */
4974
4975 struct sauthreq *spa;
4976 struct sauth *auth;
4977 char *p;
4978 int len;
4979
4980 spa = malloc(sizeof(*spa), M_DEVBUF, M_WAITOK);
4981
4982 auth = (cmd == SPPPIOSMAUTH) ? &sp->myauth : &sp->hisauth;
4983
4984 if (copyin((caddr_t)ifr->ifr_data, spa, sizeof(*spa)) != 0) {
4985 free(spa, M_DEVBUF, 0);
4986 return EFAULT;
4987 }
4988
4989 if (spa->proto != 0 && spa->proto != PPP_PAP &&
4990 spa->proto != PPP_CHAP) {
4991 free(spa, M_DEVBUF, 0);
4992 return EINVAL;
4993 }
4994
4995 if (spa->proto == 0) {
4996 /* resetting auth */
4997 if (auth->name != NULL)
4998 free(auth->name, M_DEVBUF, 0);
4999 if (auth->secret != NULL)
5000 free(auth->secret, M_DEVBUF, 0);
5001 bzero(auth, sizeof *auth);
5002 explicit_bzero(sp->chap_challenge, sizeof sp->chap_challenge);
5003 } else {
5004 /* setting/changing auth */
5005 auth->proto = spa->proto;
5006 auth->flags = spa->flags;
5007
5008 spa->name[AUTHMAXLEN - 1] = '\0';
5009 len = strlen(spa->name) + 1;
5010 p = malloc(len, M_DEVBUF, M_WAITOK);
5011 strlcpy(p, spa->name, len);
5012 if (auth->name != NULL)
5013 free(auth->name, M_DEVBUF, 0);
5014 auth->name = p;
5015
5016 if (spa->secret[0] != '\0') {
5017 spa->secret[AUTHMAXLEN - 1] = '\0';
5018 len = strlen(spa->secret) + 1;
5019 p = malloc(len, M_DEVBUF, M_WAITOK);
5020 strlcpy(p, spa->secret, len);
5021 if (auth->secret != NULL)
5022 free(auth->secret, M_DEVBUF, 0);
5023 auth->secret = p;
5024 } else if (!auth->secret) {
5025 p = malloc(1, M_DEVBUF, M_WAITOK);
5026 p[0] = '\0';
5027 auth->secret = p;
5028 }
5029 }
5030 free(spa, M_DEVBUF, 0);
5031 break;
5032 }
5033 default:
5034 return EINVAL;
5035 }
5036
5037 return 0;
5038 }
5039
5040 void
5041 sppp_phase_network(struct sppp *sp)
5042 {
5043 int i;
5044 u_long mask;
5045
5046 sp->pp_phase = PHASE_NETWORK;
5047
5048 sppp_set_phase(sp);
5049
5050 /* Notify NCPs now. */
5051 for (i = 0; i < IDX_COUNT; i++)
5052 if ((cps[i])->flags & CP_NCP)
5053 (cps[i])->Open(sp);
5054
5055 /* Send Up events to all NCPs. */
5056 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
5057 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP))
5058 (cps[i])->Up(sp);
5059
5060 /* if no NCP is starting, all this was in vain, close down */
5061 sppp_lcp_check_and_close(sp);
5062 }
5063
5064
5065 const char *
5066 sppp_cp_type_name(u_char type)
5067 {
5068 static char buf[12];
5069 switch (type) {
5070 case CONF_REQ: return "conf-req";
5071 case CONF_ACK: return "conf-ack";
5072 case CONF_NAK: return "conf-nak";
5073 case CONF_REJ: return "conf-rej";
5074 case TERM_REQ: return "term-req";
5075 case TERM_ACK: return "term-ack";
5076 case CODE_REJ: return "code-rej";
5077 case PROTO_REJ: return "proto-rej";
5078 case ECHO_REQ: return "echo-req";
5079 case ECHO_REPLY: return "echo-reply";
5080 case DISC_REQ: return "discard-req";
5081 }
5082 snprintf (buf, sizeof buf, "0x%x", type);
5083 return buf;
5084 }
5085
5086 const char *
5087 sppp_auth_type_name(u_short proto, u_char type)
5088 {
5089 static char buf[12];
5090 switch (proto) {
5091 case PPP_CHAP:
5092 switch (type) {
5093 case CHAP_CHALLENGE: return "challenge";
5094 case CHAP_RESPONSE: return "response";
5095 case CHAP_SUCCESS: return "success";
5096 case CHAP_FAILURE: return "failure";
5097 }
5098 case PPP_PAP:
5099 switch (type) {
5100 case PAP_REQ: return "req";
5101 case PAP_ACK: return "ack";
5102 case PAP_NAK: return "nak";
5103 }
5104 }
5105 snprintf (buf, sizeof buf, "0x%x", type);
5106 return buf;
5107 }
5108
5109 const char *
5110 sppp_lcp_opt_name(u_char opt)
5111 {
5112 static char buf[12];
5113 switch (opt) {
5114 case LCP_OPT_MRU: return "mru";
5115 case LCP_OPT_ASYNC_MAP: return "async-map";
5116 case LCP_OPT_AUTH_PROTO: return "auth-proto";
5117 case LCP_OPT_QUAL_PROTO: return "qual-proto";
5118 case LCP_OPT_MAGIC: return "magic";
5119 case LCP_OPT_PROTO_COMP: return "proto-comp";
5120 case LCP_OPT_ADDR_COMP: return "addr-comp";
5121 }
5122 snprintf (buf, sizeof buf, "0x%x", opt);
5123 return buf;
5124 }
5125
5126 const char *
5127 sppp_ipcp_opt_name(u_char opt)
5128 {
5129 static char buf[12];
5130 switch (opt) {
5131 case IPCP_OPT_ADDRESSES: return "addresses";
5132 case IPCP_OPT_COMPRESSION: return "compression";
5133 case IPCP_OPT_ADDRESS: return "address";
5134 }
5135 snprintf (buf, sizeof buf, "0x%x", opt);
5136 return buf;
5137 }
5138
5139 #ifdef INET6
5140 const char *
5141 sppp_ipv6cp_opt_name(u_char opt)
5142 {
5143 static char buf[12];
5144 switch (opt) {
5145 case IPV6CP_OPT_IFID: return "ifid";
5146 case IPV6CP_OPT_COMPRESSION: return "compression";
5147 }
5148 snprintf (buf, sizeof buf, "0x%x", opt);
5149 return buf;
5150 }
5151 #endif
5152
5153 const char *
5154 sppp_state_name(int state)
5155 {
5156 switch (state) {
5157 case STATE_INITIAL: return "initial";
5158 case STATE_STARTING: return "starting";
5159 case STATE_CLOSED: return "closed";
5160 case STATE_STOPPED: return "stopped";
5161 case STATE_CLOSING: return "closing";
5162 case STATE_STOPPING: return "stopping";
5163 case STATE_REQ_SENT: return "req-sent";
5164 case STATE_ACK_RCVD: return "ack-rcvd";
5165 case STATE_ACK_SENT: return "ack-sent";
5166 case STATE_OPENED: return "opened";
5167 }
5168 return "illegal";
5169 }
5170
5171 const char *
5172 sppp_phase_name(enum ppp_phase phase)
5173 {
5174 switch (phase) {
5175 case PHASE_DEAD: return "dead";
5176 case PHASE_ESTABLISH: return "establish";
5177 case PHASE_TERMINATE: return "terminate";
5178 case PHASE_AUTHENTICATE: return "authenticate";
5179 case PHASE_NETWORK: return "network";
5180 }
5181 return "illegal";
5182 }
5183
5184 const char *
5185 sppp_proto_name(u_short proto)
5186 {
5187 static char buf[12];
5188 switch (proto) {
5189 case PPP_LCP: return "lcp";
5190 case PPP_IPCP: return "ipcp";
5191 case PPP_PAP: return "pap";
5192 case PPP_CHAP: return "chap";
5193 }
5194 snprintf(buf, sizeof buf, "0x%x", (unsigned)proto);
5195 return buf;
5196 }
5197
5198 void
5199 sppp_print_bytes(const u_char *p, u_short len)
5200 {
5201 addlog(" %02x", *p++);
5202 while (--len > 0)
5203 addlog("-%02x", *p++);
5204 }
5205
5206 void
5207 sppp_print_string(const char *p, u_short len)
5208 {
5209 u_char c;
5210
5211 while (len-- > 0) {
5212 c = *p++;
5213 /*
5214 * Print only ASCII chars directly. RFC 1994 recommends
5215 * using only them, but we don't rely on it. */
5216 if (c < ' ' || c > '~')
5217 addlog("\\x%x", c);
5218 else
5219 addlog("%c", c);
5220 }
5221 }
5222
5223 const char *
5224 sppp_dotted_quad(u_int32_t addr)
5225 {
5226 static char s[16];
5227 snprintf(s, sizeof s, "%d.%d.%d.%d",
5228 (int)((addr >> 24) & 0xff),
5229 (int)((addr >> 16) & 0xff),
5230 (int)((addr >> 8) & 0xff),
5231 (int)(addr & 0xff));
5232 return s;
5233 }
5234
5235 /* a dummy, used to drop uninteresting events */
5236 void
5237 sppp_null(struct sppp *unused)
5238 {
5239 /* do just nothing */
5240 }
5241
5242 void
5243 sppp_set_phase(struct sppp *sp)
5244 {
5245 STDDCL;
5246 int lstate, s;
5247
5248 if (debug)
5249 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
5250 sppp_phase_name(sp->pp_phase));
5251
5252 /* set link state */
5253 if (sp->pp_phase == PHASE_NETWORK)
5254 lstate = LINK_STATE_UP;
5255 else
5256 lstate = LINK_STATE_DOWN;
5257
5258 if (ifp->if_link_state != lstate) {
5259 ifp->if_link_state = lstate;
5260 s = splsoftnet();
5261 if_link_state_change(ifp);
5262 splx(s);
5263 }
5264 }
5265