1 /* $OpenBSD: if_spppsubr.c,v 1.192 2023/11/10 15:51:24 bluhm Exp $ */ 2 /* 3 * Synchronous PPP link level subroutines. 4 * 5 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 6 * Author: Serge Vakulenko, <vak@cronyx.ru> 7 * 8 * Heavily revamped to conform to RFC 1661. 9 * Copyright (C) 1997, Joerg Wunsch. 10 * 11 * RFC2472 IPv6CP support. 12 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun@iijlab.net>. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions are met: 16 * 1. Redistributions of source code must retain the above copyright notice, 17 * this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright notice, 19 * this list of conditions and the following disclaimer in the documentation 20 * and/or other materials provided with the distribution. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY 23 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE 26 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 29 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 32 * POSSIBILITY OF SUCH DAMAGE. 33 * 34 * From: Version 2.6, Tue May 12 17:10:39 MSD 1998 35 */ 36 37 #include <sys/param.h> 38 39 #include <sys/systm.h> 40 #include <sys/kernel.h> 41 #include <sys/sockio.h> 42 #include <sys/socket.h> 43 #include <sys/syslog.h> 44 #include <sys/malloc.h> 45 #include <sys/mbuf.h> 46 47 #include <sys/timeout.h> 48 #include <crypto/md5.h> 49 50 #include <net/if.h> 51 #include <net/if_var.h> 52 #include <net/netisr.h> 53 #include <net/if_types.h> 54 #include <net/route.h> 55 56 #include <sys/stdarg.h> 57 58 #include <netinet/in.h> 59 #include <netinet/in_var.h> 60 #include <netinet/ip.h> 61 62 #ifdef INET6 63 #include <netinet6/in6_ifattach.h> 64 #endif 65 66 #include <net/if_sppp.h> 67 68 # define UNTIMEOUT(fun, arg, handle) \ 69 timeout_del(&(handle)) 70 71 #define MAXALIVECNT 3 /* max. missed alive packets */ 72 #define NORECV_TIME 15 /* before we get worried */ 73 74 /* 75 * Interface flags that can be set in an ifconfig command. 76 * 77 * Setting link0 will make the link passive, i.e. it will be marked 78 * as being administrative openable, but won't be opened to begin 79 * with. Incoming calls will be answered, or subsequent calls with 80 * -link1 will cause the administrative open of the LCP layer. 81 * 82 * Setting link1 will cause the link to auto-dial only as packets 83 * arrive to be sent. 84 * 85 * Setting IFF_DEBUG will syslog the option negotiation and state 86 * transitions at level kern.debug. Note: all logs consistently look 87 * like 88 * 89 * <if-name><unit>: <proto-name> <additional info...> 90 * 91 * with <if-name><unit> being something like "bppp0", and <proto-name> 92 * being one of "lcp", "ipcp", "chap", "pap", etc. 93 */ 94 95 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 96 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 97 98 #define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 99 #define PPP_UI 0x03 /* Unnumbered Information */ 100 #define PPP_IP 0x0021 /* Internet Protocol */ 101 #define PPP_ISO 0x0023 /* ISO OSI Protocol */ 102 #define PPP_XNS 0x0025 /* Xerox NS Protocol */ 103 #define PPP_IPX 0x002b /* Novell IPX Protocol */ 104 #define PPP_IPV6 0x0057 /* Internet Protocol v6 */ 105 #define PPP_LCP 0xc021 /* Link Control Protocol */ 106 #define PPP_PAP 0xc023 /* Password Authentication Protocol */ 107 #define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 108 #define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 109 #define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 110 111 #define CONF_REQ 1 /* PPP configure request */ 112 #define CONF_ACK 2 /* PPP configure acknowledge */ 113 #define CONF_NAK 3 /* PPP configure negative ack */ 114 #define CONF_REJ 4 /* PPP configure reject */ 115 #define TERM_REQ 5 /* PPP terminate request */ 116 #define TERM_ACK 6 /* PPP terminate acknowledge */ 117 #define CODE_REJ 7 /* PPP code reject */ 118 #define PROTO_REJ 8 /* PPP protocol reject */ 119 #define ECHO_REQ 9 /* PPP echo request */ 120 #define ECHO_REPLY 10 /* PPP echo reply */ 121 #define DISC_REQ 11 /* PPP discard request */ 122 123 #define LCP_OPT_MRU 1 /* maximum receive unit */ 124 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 125 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 126 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 127 #define LCP_OPT_MAGIC 5 /* magic number */ 128 #define LCP_OPT_RESERVED 6 /* reserved */ 129 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 130 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 131 132 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 133 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 134 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 135 #define IPCP_OPT_PRIMDNS 129 /* primary remote dns address */ 136 #define IPCP_OPT_SECDNS 131 /* secondary remote dns address */ 137 138 /* bitmask value to enable or disable individual IPCP options */ 139 #define SPPP_IPCP_OPT_ADDRESSES 1 140 #define SPPP_IPCP_OPT_COMPRESSION 2 141 #define SPPP_IPCP_OPT_ADDRESS 3 142 #define SPPP_IPCP_OPT_PRIMDNS 4 143 #define SPPP_IPCP_OPT_SECDNS 5 144 145 #define IPV6CP_OPT_IFID 1 /* interface identifier */ 146 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 147 148 #define PAP_REQ 1 /* PAP name/password request */ 149 #define PAP_ACK 2 /* PAP acknowledge */ 150 #define PAP_NAK 3 /* PAP fail */ 151 152 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 153 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 154 #define CHAP_SUCCESS 3 /* CHAP response ok */ 155 #define CHAP_FAILURE 4 /* CHAP response failed */ 156 157 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 158 159 /* states are named and numbered according to RFC 1661 */ 160 #define STATE_INITIAL 0 161 #define STATE_STARTING 1 162 #define STATE_CLOSED 2 163 #define STATE_STOPPED 3 164 #define STATE_CLOSING 4 165 #define STATE_STOPPING 5 166 #define STATE_REQ_SENT 6 167 #define STATE_ACK_RCVD 7 168 #define STATE_ACK_SENT 8 169 #define STATE_OPENED 9 170 171 #define PKTHDRLEN 2 172 173 struct ppp_header { 174 u_char address; 175 u_char control; 176 u_short protocol; 177 }; 178 #define PPP_HEADER_LEN sizeof (struct ppp_header) 179 180 struct lcp_header { 181 u_char type; 182 u_char ident; 183 u_short len; 184 }; 185 #define LCP_HEADER_LEN sizeof (struct lcp_header) 186 187 /* 188 * We follow the spelling and capitalization of RFC 1661 here, to make 189 * it easier comparing with the standard. Please refer to this RFC in 190 * case you can't make sense out of these abbreviation; it will also 191 * explain the semantics related to the various events and actions. 192 */ 193 struct cp { 194 u_short proto; /* PPP control protocol number */ 195 u_char protoidx; /* index into state table in struct sppp */ 196 u_char flags; 197 #define CP_LCP 0x01 /* this is the LCP */ 198 #define CP_AUTH 0x02 /* this is an authentication protocol */ 199 #define CP_NCP 0x04 /* this is a NCP */ 200 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 201 const char *name; /* name of this control protocol */ 202 /* event handlers */ 203 void (*Up)(struct sppp *sp); 204 void (*Down)(struct sppp *sp); 205 void (*Open)(struct sppp *sp); 206 void (*Close)(struct sppp *sp); 207 void (*TO)(void *sp); 208 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 209 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 210 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 211 /* actions */ 212 void (*tlu)(struct sppp *sp); 213 void (*tld)(struct sppp *sp); 214 void (*tls)(struct sppp *sp); 215 void (*tlf)(struct sppp *sp); 216 void (*scr)(struct sppp *sp); 217 }; 218 219 static struct sppp *spppq; 220 static struct timeout keepalive_ch; 221 222 #define SPP_FMT "%s: " 223 #define SPP_ARGS(ifp) (ifp)->if_xname 224 225 /* almost every function needs these */ 226 #define STDDCL \ 227 struct ifnet *ifp = &sp->pp_if; \ 228 int debug = ifp->if_flags & IFF_DEBUG 229 230 int sppp_output(struct ifnet *ifp, struct mbuf *m, 231 struct sockaddr *dst, struct rtentry *rt); 232 233 void sppp_cp_input(const struct cp *cp, struct sppp *sp, 234 struct mbuf *m); 235 void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 236 u_char ident, u_short len, void *data); 237 #ifdef notyet 238 void sppp_cp_timeout(void *arg); 239 #endif 240 void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 241 int newstate); 242 void sppp_auth_send(const struct cp *cp, 243 struct sppp *sp, unsigned int type, u_int id, 244 ...); 245 246 void sppp_up_event(const struct cp *cp, struct sppp *sp); 247 void sppp_down_event(const struct cp *cp, struct sppp *sp); 248 void sppp_open_event(const struct cp *cp, struct sppp *sp); 249 void sppp_close_event(const struct cp *cp, struct sppp *sp); 250 void sppp_increasing_timeout(const struct cp *cp, struct sppp *sp); 251 void sppp_to_event(const struct cp *cp, struct sppp *sp); 252 253 void sppp_null(struct sppp *sp); 254 255 void sppp_lcp_init(struct sppp *sp); 256 void sppp_lcp_up(struct sppp *sp); 257 void sppp_lcp_down(struct sppp *sp); 258 void sppp_lcp_open(struct sppp *sp); 259 void sppp_lcp_close(struct sppp *sp); 260 void sppp_lcp_TO(void *sp); 261 int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 262 void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 263 void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 264 void sppp_lcp_tlu(struct sppp *sp); 265 void sppp_lcp_tld(struct sppp *sp); 266 void sppp_lcp_tls(struct sppp *sp); 267 void sppp_lcp_tlf(struct sppp *sp); 268 void sppp_lcp_scr(struct sppp *sp); 269 void sppp_lcp_check_and_close(struct sppp *sp); 270 int sppp_ncp_check(struct sppp *sp); 271 272 void sppp_ipcp_init(struct sppp *sp); 273 void sppp_ipcp_destroy(struct sppp *sp); 274 void sppp_ipcp_up(struct sppp *sp); 275 void sppp_ipcp_down(struct sppp *sp); 276 void sppp_ipcp_open(struct sppp *sp); 277 void sppp_ipcp_close(struct sppp *sp); 278 void sppp_ipcp_TO(void *sp); 279 int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 280 void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 281 void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 282 void sppp_ipcp_tlu(struct sppp *sp); 283 void sppp_ipcp_tld(struct sppp *sp); 284 void sppp_ipcp_tls(struct sppp *sp); 285 void sppp_ipcp_tlf(struct sppp *sp); 286 void sppp_ipcp_scr(struct sppp *sp); 287 288 void sppp_ipv6cp_init(struct sppp *sp); 289 void sppp_ipv6cp_destroy(struct sppp *sp); 290 void sppp_ipv6cp_up(struct sppp *sp); 291 void sppp_ipv6cp_down(struct sppp *sp); 292 void sppp_ipv6cp_open(struct sppp *sp); 293 void sppp_ipv6cp_close(struct sppp *sp); 294 void sppp_ipv6cp_TO(void *sp); 295 int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 296 void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 297 void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 298 void sppp_ipv6cp_tlu(struct sppp *sp); 299 void sppp_ipv6cp_tld(struct sppp *sp); 300 void sppp_ipv6cp_tls(struct sppp *sp); 301 void sppp_ipv6cp_tlf(struct sppp *sp); 302 void sppp_ipv6cp_scr(struct sppp *sp); 303 const char *sppp_ipv6cp_opt_name(u_char opt); 304 void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 305 struct in6_addr *dst, struct in6_addr *srcmask); 306 void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src, const struct in6_addr *dst); 307 void sppp_update_ip6_addr(void *sp); 308 void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest); 309 310 void sppp_pap_input(struct sppp *sp, struct mbuf *m); 311 void sppp_pap_init(struct sppp *sp); 312 void sppp_pap_open(struct sppp *sp); 313 void sppp_pap_close(struct sppp *sp); 314 void sppp_pap_TO(void *sp); 315 void sppp_pap_my_TO(void *sp); 316 void sppp_pap_tlu(struct sppp *sp); 317 void sppp_pap_tld(struct sppp *sp); 318 void sppp_pap_scr(struct sppp *sp); 319 320 void sppp_chap_input(struct sppp *sp, struct mbuf *m); 321 void sppp_chap_init(struct sppp *sp); 322 void sppp_chap_open(struct sppp *sp); 323 void sppp_chap_close(struct sppp *sp); 324 void sppp_chap_TO(void *sp); 325 void sppp_chap_tlu(struct sppp *sp); 326 void sppp_chap_tld(struct sppp *sp); 327 void sppp_chap_scr(struct sppp *sp); 328 329 const char *sppp_auth_type_name(u_short proto, u_char type); 330 const char *sppp_cp_type_name(u_char type); 331 const char *sppp_dotted_quad(u_int32_t addr); 332 const char *sppp_ipcp_opt_name(u_char opt); 333 const char *sppp_lcp_opt_name(u_char opt); 334 const char *sppp_phase_name(enum ppp_phase phase); 335 const char *sppp_proto_name(u_short proto); 336 const char *sppp_state_name(int state); 337 int sppp_get_params(struct sppp *sp, struct ifreq *data); 338 int sppp_set_params(struct sppp *sp, struct ifreq *data); 339 void sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, 340 u_int32_t *srcmask); 341 void sppp_keepalive(void *dummy); 342 void sppp_phase_network(struct sppp *sp); 343 void sppp_print_bytes(const u_char *p, u_short len); 344 void sppp_print_string(const char *p, u_short len); 345 int sppp_update_gw_walker(struct rtentry *rt, void *arg, unsigned int id); 346 void sppp_update_gw(struct ifnet *ifp); 347 void sppp_set_ip_addrs(void *); 348 void sppp_clear_ip_addrs(void *); 349 void sppp_set_phase(struct sppp *sp); 350 void sppp_update_dns(struct ifnet *ifp); 351 void sppp_rtrequest(struct ifnet *ifp, int req, struct rtentry *rt); 352 353 /* our control protocol descriptors */ 354 static const struct cp lcp = { 355 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 356 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 357 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 358 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 359 sppp_lcp_scr 360 }; 361 362 static const struct cp ipcp = { 363 PPP_IPCP, IDX_IPCP, 364 CP_NCP, 365 "ipcp", 366 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 367 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 368 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 369 sppp_ipcp_scr 370 }; 371 372 static const struct cp ipv6cp = { 373 PPP_IPV6CP, IDX_IPV6CP, 374 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 375 CP_NCP, 376 #else 377 0, 378 #endif 379 "ipv6cp", 380 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 381 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 382 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 383 sppp_ipv6cp_scr 384 }; 385 386 static const struct cp pap = { 387 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 388 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 389 sppp_pap_TO, 0, 0, 0, 390 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 391 sppp_pap_scr 392 }; 393 394 static const struct cp chap = { 395 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 396 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 397 sppp_chap_TO, 0, 0, 0, 398 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 399 sppp_chap_scr 400 }; 401 402 static const struct cp *cps[IDX_COUNT] = { 403 &lcp, /* IDX_LCP */ 404 &ipcp, /* IDX_IPCP */ 405 &ipv6cp, /* IDX_IPV6CP */ 406 &pap, /* IDX_PAP */ 407 &chap, /* IDX_CHAP */ 408 }; 409 410 411 /* 412 * Exported functions, comprising our interface to the lower layer. 413 */ 414 415 /* Workaround */ 416 void 417 spppattach(struct ifnet *ifp) 418 { 419 } 420 421 /* 422 * Process the received packet. 423 */ 424 void 425 sppp_input(struct ifnet *ifp, struct mbuf *m) 426 { 427 struct ppp_header ht; 428 struct sppp *sp = (struct sppp *)ifp; 429 struct timeval tv; 430 int debug = ifp->if_flags & IFF_DEBUG; 431 432 getmicrouptime(&tv); 433 434 if (ifp->if_flags & IFF_UP) { 435 /* Count received bytes, add hardware framing */ 436 ifp->if_ibytes += m->m_pkthdr.len + sp->pp_framebytes; 437 /* Note time of last receive */ 438 sp->pp_last_receive = tv.tv_sec; 439 } 440 441 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 442 /* Too small packet, drop it. */ 443 if (debug) 444 log(LOG_DEBUG, 445 SPP_FMT "input packet is too small, %d bytes\n", 446 SPP_ARGS(ifp), m->m_pkthdr.len); 447 drop: 448 m_freem (m); 449 ++ifp->if_ierrors; 450 ++ifp->if_iqdrops; 451 return; 452 } 453 454 /* mark incoming routing domain */ 455 m->m_pkthdr.ph_rtableid = ifp->if_rdomain; 456 457 m_copydata(m, 0, sizeof(ht.protocol), (caddr_t)&ht.protocol); 458 m_adj(m, 2); 459 ht.control = PPP_UI; 460 ht.address = PPP_ALLSTATIONS; 461 462 /* preserve the alignment */ 463 if (m->m_len < m->m_pkthdr.len) { 464 m = m_pullup(m, m->m_pkthdr.len); 465 if (m == NULL) { 466 if (debug) 467 log(LOG_DEBUG, 468 SPP_FMT "Failed to align packet!\n", SPP_ARGS(ifp)); 469 ++ifp->if_ierrors; 470 ++ifp->if_iqdrops; 471 return; 472 } 473 } 474 475 switch (ht.address) { 476 case PPP_ALLSTATIONS: 477 if (ht.control != PPP_UI) 478 goto invalid; 479 switch (ntohs (ht.protocol)) { 480 default: 481 if (sp->state[IDX_LCP] == STATE_OPENED) 482 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 483 ++sp->pp_seq, 2, &ht.protocol); 484 if (debug) 485 log(LOG_DEBUG, 486 SPP_FMT "invalid input protocol " 487 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 488 SPP_ARGS(ifp), 489 ht.address, ht.control, ntohs(ht.protocol)); 490 ++ifp->if_noproto; 491 goto drop; 492 case PPP_LCP: 493 sppp_cp_input(&lcp, sp, m); 494 m_freem (m); 495 return; 496 case PPP_PAP: 497 if (sp->pp_phase >= PHASE_AUTHENTICATE) 498 sppp_pap_input(sp, m); 499 m_freem (m); 500 return; 501 case PPP_CHAP: 502 if (sp->pp_phase >= PHASE_AUTHENTICATE) 503 sppp_chap_input(sp, m); 504 m_freem (m); 505 return; 506 case PPP_IPCP: 507 if (sp->pp_phase == PHASE_NETWORK) 508 sppp_cp_input(&ipcp, sp, m); 509 m_freem (m); 510 return; 511 case PPP_IP: 512 if (sp->state[IDX_IPCP] == STATE_OPENED) { 513 sp->pp_last_activity = tv.tv_sec; 514 if (ifp->if_flags & IFF_UP) { 515 ipv4_input(ifp, m); 516 return; 517 } 518 } 519 break; 520 #ifdef INET6 521 case PPP_IPV6CP: 522 if (sp->pp_phase == PHASE_NETWORK) 523 sppp_cp_input(&ipv6cp, sp, m); 524 m_freem (m); 525 return; 526 case PPP_IPV6: 527 if (sp->state[IDX_IPV6CP] == STATE_OPENED) { 528 sp->pp_last_activity = tv.tv_sec; 529 if (ifp->if_flags & IFF_UP) { 530 ipv6_input(ifp, m); 531 return; 532 } 533 } 534 break; 535 #endif 536 } 537 break; 538 default: /* Invalid PPP packet. */ 539 invalid: 540 if (debug) 541 log(LOG_DEBUG, 542 SPP_FMT "invalid input packet " 543 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 544 SPP_ARGS(ifp), 545 ht.address, ht.control, ntohs(ht.protocol)); 546 goto drop; 547 } 548 549 goto drop; 550 } 551 552 /* 553 * Enqueue transmit packet. 554 */ 555 int 556 sppp_output(struct ifnet *ifp, struct mbuf *m, 557 struct sockaddr *dst, struct rtentry *rt) 558 { 559 struct sppp *sp = (struct sppp*) ifp; 560 struct timeval tv; 561 int s, rv = 0; 562 u_int16_t protocol; 563 564 #ifdef DIAGNOSTIC 565 if (ifp->if_rdomain != rtable_l2(m->m_pkthdr.ph_rtableid)) { 566 printf("%s: trying to send packet on wrong domain. " 567 "if %d vs. mbuf %d, AF %d\n", ifp->if_xname, 568 ifp->if_rdomain, rtable_l2(m->m_pkthdr.ph_rtableid), 569 dst->sa_family); 570 } 571 #endif 572 573 s = splnet(); 574 575 getmicrouptime(&tv); 576 sp->pp_last_activity = tv.tv_sec; 577 578 if ((ifp->if_flags & IFF_UP) == 0 || 579 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 580 m_freem (m); 581 splx (s); 582 return (ENETDOWN); 583 } 584 585 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 586 /* 587 * Interface is not yet running, but auto-dial. Need 588 * to start LCP for it. 589 */ 590 ifp->if_flags |= IFF_RUNNING; 591 splx(s); 592 lcp.Open(sp); 593 s = splnet(); 594 } 595 596 if (dst->sa_family == AF_INET) { 597 struct ip *ip = NULL; 598 599 if (m->m_len >= sizeof(struct ip)) 600 ip = mtod(m, struct ip *); 601 602 /* 603 * When using dynamic local IP address assignment by using 604 * 0.0.0.0 as a local address, the first TCP session will 605 * not connect because the local TCP checksum is computed 606 * using 0.0.0.0 which will later become our real IP address 607 * so the TCP checksum computed at the remote end will 608 * become invalid. So we 609 * - don't let packets with src ip addr 0 thru 610 * - we flag TCP packets with src ip 0 as an error 611 */ 612 613 if (ip && ip->ip_src.s_addr == INADDR_ANY) { 614 u_int8_t proto = ip->ip_p; 615 616 m_freem(m); 617 splx(s); 618 if (proto == IPPROTO_TCP) 619 return (EADDRNOTAVAIL); 620 else 621 return (0); 622 } 623 } 624 625 switch (dst->sa_family) { 626 case AF_INET: /* Internet Protocol */ 627 /* 628 * Don't choke with an ENETDOWN early. It's 629 * possible that we just started dialing out, 630 * so don't drop the packet immediately. If 631 * we notice that we run out of buffer space 632 * below, we will however remember that we are 633 * not ready to carry IP packets, and return 634 * ENETDOWN, as opposed to ENOBUFS. 635 */ 636 protocol = htons(PPP_IP); 637 if (sp->state[IDX_IPCP] != STATE_OPENED) 638 rv = ENETDOWN; 639 break; 640 #ifdef INET6 641 case AF_INET6: /* Internet Protocol v6 */ 642 /* 643 * Don't choke with an ENETDOWN early. It's 644 * possible that we just started dialing out, 645 * so don't drop the packet immediately. If 646 * we notice that we run out of buffer space 647 * below, we will however remember that we are 648 * not ready to carry IPv6 packets, and return 649 * ENETDOWN, as opposed to ENOBUFS. 650 */ 651 protocol = htons(PPP_IPV6); 652 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 653 rv = ENETDOWN; 654 break; 655 #endif 656 default: 657 m_freem(m); 658 ++ifp->if_oerrors; 659 splx(s); 660 return (EAFNOSUPPORT); 661 } 662 663 M_PREPEND(m, 2, M_DONTWAIT); 664 if (m == NULL) { 665 if (ifp->if_flags & IFF_DEBUG) 666 log(LOG_DEBUG, SPP_FMT 667 "no memory for transmit header\n", 668 SPP_ARGS(ifp)); 669 ++ifp->if_oerrors; 670 splx(s); 671 return (rv ? rv : ENOBUFS); 672 } 673 *mtod(m, u_int16_t *) = protocol; 674 675 /* 676 * Queue message on interface, and start output if interface 677 * not yet active. 678 */ 679 rv = if_enqueue(ifp, m); 680 if (rv != 0) { 681 ifp->if_oerrors++; 682 splx(s); 683 return (rv); 684 } 685 686 /* 687 * Count output packets and bytes. 688 * The packet length includes header, FCS and 1 flag, 689 * according to RFC 1333. 690 */ 691 ifp->if_obytes += sp->pp_framebytes; 692 splx(s); 693 694 return (0); 695 } 696 697 void 698 sppp_attach(struct ifnet *ifp) 699 { 700 struct sppp *sp = (struct sppp*) ifp; 701 int i; 702 703 /* Initialize keepalive handler. */ 704 if (! spppq) { 705 timeout_set_proc(&keepalive_ch, sppp_keepalive, NULL); 706 timeout_add_sec(&keepalive_ch, 10); 707 } 708 709 /* Insert new entry into the keepalive list. */ 710 sp->pp_next = spppq; 711 spppq = sp; 712 713 sp->pp_if.if_type = IFT_PPP; 714 sp->pp_if.if_output = sppp_output; 715 sp->pp_if.if_rtrequest = sppp_rtrequest; 716 ifq_init_maxlen(&sp->pp_if.if_snd, 50); 717 mq_init(&sp->pp_cpq, 50, IPL_NET); 718 sp->pp_loopcnt = 0; 719 sp->pp_alivecnt = 0; 720 sp->pp_last_activity = 0; 721 sp->pp_last_receive = 0; 722 sp->pp_seq = 0; 723 sp->pp_rseq = 0; 724 sp->pp_phase = PHASE_DEAD; 725 sp->pp_up = lcp.Up; 726 sp->pp_down = lcp.Down; 727 728 for (i = 0; i < IDX_COUNT; i++) 729 timeout_set(&sp->ch[i], (cps[i])->TO, (void *)sp); 730 timeout_set(&sp->pap_my_to_ch, sppp_pap_my_TO, (void *)sp); 731 732 sppp_lcp_init(sp); 733 sppp_ipcp_init(sp); 734 sppp_ipv6cp_init(sp); 735 sppp_pap_init(sp); 736 sppp_chap_init(sp); 737 } 738 739 void 740 sppp_detach(struct ifnet *ifp) 741 { 742 struct sppp **q, *p, *sp = (struct sppp*) ifp; 743 int i; 744 745 sppp_ipcp_destroy(sp); 746 sppp_ipv6cp_destroy(sp); 747 748 /* Remove the entry from the keepalive list. */ 749 for (q = &spppq; (p = *q); q = &p->pp_next) 750 if (p == sp) { 751 *q = p->pp_next; 752 break; 753 } 754 755 /* Stop keepalive handler. */ 756 if (! spppq) 757 UNTIMEOUT(sppp_keepalive, 0, keepalive_ch); 758 759 for (i = 0; i < IDX_COUNT; i++) 760 UNTIMEOUT((cps[i])->TO, (void *)sp, sp->ch[i]); 761 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 762 763 /* release authentication data */ 764 if (sp->myauth.name != NULL) 765 free(sp->myauth.name, M_DEVBUF, strlen(sp->myauth.name) + 1); 766 if (sp->myauth.secret != NULL) 767 free(sp->myauth.secret, M_DEVBUF, 768 strlen(sp->myauth.secret) + 1); 769 if (sp->hisauth.name != NULL) 770 free(sp->hisauth.name, M_DEVBUF, strlen(sp->hisauth.name) + 1); 771 if (sp->hisauth.secret != NULL) 772 free(sp->hisauth.secret, M_DEVBUF, 773 strlen(sp->hisauth.secret) + 1); 774 } 775 776 /* 777 * Flush the interface output queue. 778 */ 779 void 780 sppp_flush(struct ifnet *ifp) 781 { 782 struct sppp *sp = (struct sppp*) ifp; 783 784 ifq_purge(&sp->pp_if.if_snd); 785 mq_purge(&sp->pp_cpq); 786 } 787 788 /* 789 * Check if the output queue is empty. 790 */ 791 int 792 sppp_isempty(struct ifnet *ifp) 793 { 794 struct sppp *sp = (struct sppp*) ifp; 795 int empty, s; 796 797 s = splnet(); 798 empty = mq_empty(&sp->pp_cpq) && ifq_empty(&sp->pp_if.if_snd); 799 splx(s); 800 return (empty); 801 } 802 803 /* 804 * Get next packet to send. 805 */ 806 struct mbuf * 807 sppp_dequeue(struct ifnet *ifp) 808 { 809 struct sppp *sp = (struct sppp*) ifp; 810 struct mbuf *m; 811 int s; 812 813 s = splnet(); 814 /* 815 * Process only the control protocol queue until we have at 816 * least one NCP open. 817 */ 818 m = mq_dequeue(&sp->pp_cpq); 819 if (m == NULL && sppp_ncp_check(sp)) { 820 m = ifq_dequeue(&sp->pp_if.if_snd); 821 } 822 splx(s); 823 return m; 824 } 825 826 /* 827 * Process an ioctl request. Called on low priority level. 828 */ 829 int 830 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) 831 { 832 struct ifreq *ifr = data; 833 struct sppp *sp = (struct sppp*) ifp; 834 int s, rv, going_up, going_down, newmode; 835 836 s = splnet(); 837 rv = 0; 838 switch (cmd) { 839 case SIOCSIFDSTADDR: 840 break; 841 842 case SIOCSIFADDR: 843 if_up(ifp); 844 /* FALLTHROUGH */ 845 846 case SIOCSIFFLAGS: 847 going_up = (ifp->if_flags & IFF_UP) && 848 (ifp->if_flags & IFF_RUNNING) == 0; 849 going_down = (ifp->if_flags & IFF_UP) == 0 && 850 (ifp->if_flags & IFF_RUNNING); 851 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 852 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 853 /* sanity */ 854 newmode = IFF_PASSIVE; 855 ifp->if_flags &= ~IFF_AUTO; 856 } 857 858 if (going_up || going_down) 859 lcp.Close(sp); 860 861 if (going_up && newmode == 0) { 862 /* neither auto-dial nor passive */ 863 ifp->if_flags |= IFF_RUNNING; 864 lcp.Open(sp); 865 } else if (going_down) { 866 sppp_flush(ifp); 867 ifp->if_flags &= ~IFF_RUNNING; 868 } 869 break; 870 871 case SIOCSIFMTU: 872 if (ifr->ifr_mtu < 128 || 873 (sp->lcp.their_mru > 0 && 874 ifr->ifr_mtu > sp->lcp.their_mru)) { 875 splx(s); 876 return (EINVAL); 877 } 878 ifp->if_mtu = ifr->ifr_mtu; 879 break; 880 case SIOCADDMULTI: 881 case SIOCDELMULTI: 882 break; 883 884 case SIOCGSPPPPARAMS: 885 rv = sppp_get_params(sp, ifr); 886 break; 887 888 case SIOCSSPPPPARAMS: 889 if ((rv = suser(curproc)) != 0) 890 break; 891 rv = sppp_set_params(sp, ifr); 892 break; 893 894 default: 895 rv = ENOTTY; 896 } 897 splx(s); 898 return rv; 899 } 900 901 /* 902 * PPP protocol implementation. 903 */ 904 905 /* 906 * Send PPP control protocol packet. 907 */ 908 void 909 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 910 u_char ident, u_short len, void *data) 911 { 912 STDDCL; 913 int s; 914 struct lcp_header *lh; 915 struct mbuf *m; 916 917 if (len > MHLEN - PKTHDRLEN - LCP_HEADER_LEN) 918 len = MHLEN - PKTHDRLEN - LCP_HEADER_LEN; 919 MGETHDR (m, M_DONTWAIT, MT_DATA); 920 if (! m) 921 return; 922 m->m_pkthdr.len = m->m_len = PKTHDRLEN + LCP_HEADER_LEN + len; 923 m->m_pkthdr.ph_ifidx = 0; 924 m->m_pkthdr.pf.prio = sp->pp_if.if_llprio; 925 926 *mtod(m, u_int16_t *) = htons(proto); 927 lh = (struct lcp_header *)(mtod(m, u_int8_t *) + 2); 928 lh->type = type; 929 lh->ident = ident; 930 lh->len = htons (LCP_HEADER_LEN + len); 931 if (len) 932 bcopy (data, lh+1, len); 933 934 if (debug) { 935 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 936 SPP_ARGS(ifp), 937 sppp_proto_name(proto), 938 sppp_cp_type_name (lh->type), lh->ident, 939 ntohs (lh->len)); 940 if (len) 941 sppp_print_bytes ((u_char*) (lh+1), len); 942 addlog(">\n"); 943 } 944 945 len = m->m_pkthdr.len + sp->pp_framebytes; 946 if (mq_enqueue(&sp->pp_cpq, m) != 0) { 947 ifp->if_oerrors++; 948 return; 949 } 950 951 ifp->if_obytes += len; 952 s = splnet(); 953 if_start(ifp); 954 splx(s); 955 } 956 957 /* 958 * Handle incoming PPP control protocol packets. 959 */ 960 void 961 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 962 { 963 STDDCL; 964 struct lcp_header *h; 965 int len = m->m_pkthdr.len; 966 int rv; 967 u_char *p; 968 u_long nmagic; 969 970 if (len < 4) { 971 if (debug) 972 log(LOG_DEBUG, 973 SPP_FMT "%s invalid packet length: %d bytes\n", 974 SPP_ARGS(ifp), cp->name, len); 975 return; 976 } 977 h = mtod (m, struct lcp_header*); 978 if (debug) { 979 log(LOG_DEBUG, 980 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 981 SPP_ARGS(ifp), cp->name, 982 sppp_state_name(sp->state[cp->protoidx]), 983 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 984 if (len > 4) 985 sppp_print_bytes ((u_char*) (h+1), len-4); 986 addlog(">\n"); 987 } 988 if (len > ntohs (h->len)) 989 len = ntohs (h->len); 990 p = (u_char *)(h + 1); 991 switch (h->type) { 992 case CONF_REQ: 993 if (len < 4) { 994 if (debug) 995 addlog(SPP_FMT "%s invalid conf-req length %d\n", 996 SPP_ARGS(ifp), cp->name, 997 len); 998 ++ifp->if_ierrors; 999 break; 1000 } 1001 /* handle states where RCR doesn't get a SCA/SCN */ 1002 switch (sp->state[cp->protoidx]) { 1003 case STATE_CLOSING: 1004 case STATE_STOPPING: 1005 return; 1006 case STATE_CLOSED: 1007 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1008 0, 0); 1009 return; 1010 } 1011 rv = (cp->RCR)(sp, h, len); 1012 /* silently drop illegal packets */ 1013 if (rv == -1) 1014 return; 1015 switch (sp->state[cp->protoidx]) { 1016 case STATE_OPENED: 1017 sppp_cp_change_state(cp, sp, rv? 1018 STATE_ACK_SENT: STATE_REQ_SENT); 1019 (cp->tld)(sp); 1020 (cp->scr)(sp); 1021 break; 1022 case STATE_ACK_SENT: 1023 case STATE_REQ_SENT: 1024 sppp_cp_change_state(cp, sp, rv? 1025 STATE_ACK_SENT: STATE_REQ_SENT); 1026 break; 1027 case STATE_STOPPED: 1028 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1029 sppp_cp_change_state(cp, sp, rv? 1030 STATE_ACK_SENT: STATE_REQ_SENT); 1031 (cp->scr)(sp); 1032 break; 1033 case STATE_ACK_RCVD: 1034 if (rv) { 1035 sppp_cp_change_state(cp, sp, STATE_OPENED); 1036 if (debug) 1037 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1038 SPP_ARGS(ifp), 1039 cp->name); 1040 (cp->tlu)(sp); 1041 } else 1042 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1043 break; 1044 default: 1045 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1046 SPP_ARGS(ifp), cp->name, 1047 sppp_cp_type_name(h->type), 1048 sppp_state_name(sp->state[cp->protoidx])); */ 1049 ++ifp->if_ierrors; 1050 } 1051 break; 1052 case CONF_ACK: 1053 if (h->ident != sp->confid[cp->protoidx]) { 1054 if (debug) 1055 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1056 SPP_ARGS(ifp), cp->name, 1057 h->ident, sp->confid[cp->protoidx]); 1058 ++ifp->if_ierrors; 1059 break; 1060 } 1061 switch (sp->state[cp->protoidx]) { 1062 case STATE_CLOSED: 1063 case STATE_STOPPED: 1064 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1065 break; 1066 case STATE_CLOSING: 1067 case STATE_STOPPING: 1068 break; 1069 case STATE_REQ_SENT: 1070 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1071 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1072 break; 1073 case STATE_OPENED: 1074 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1075 (cp->tld)(sp); 1076 (cp->scr)(sp); 1077 break; 1078 case STATE_ACK_RCVD: 1079 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1080 (cp->scr)(sp); 1081 break; 1082 case STATE_ACK_SENT: 1083 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1084 sppp_cp_change_state(cp, sp, STATE_OPENED); 1085 if (debug) 1086 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1087 SPP_ARGS(ifp), cp->name); 1088 (cp->tlu)(sp); 1089 break; 1090 default: 1091 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1092 SPP_ARGS(ifp), cp->name, 1093 sppp_cp_type_name(h->type), 1094 sppp_state_name(sp->state[cp->protoidx])); */ 1095 ++ifp->if_ierrors; 1096 } 1097 break; 1098 case CONF_NAK: 1099 case CONF_REJ: 1100 if (h->ident != sp->confid[cp->protoidx]) { 1101 if (debug) 1102 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1103 SPP_ARGS(ifp), cp->name, 1104 h->ident, sp->confid[cp->protoidx]); 1105 ++ifp->if_ierrors; 1106 break; 1107 } 1108 if (h->type == CONF_NAK) 1109 (cp->RCN_nak)(sp, h, len); 1110 else /* CONF_REJ */ 1111 (cp->RCN_rej)(sp, h, len); 1112 1113 switch (sp->state[cp->protoidx]) { 1114 case STATE_CLOSED: 1115 case STATE_STOPPED: 1116 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1117 break; 1118 case STATE_REQ_SENT: 1119 case STATE_ACK_SENT: 1120 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1121 (cp->scr)(sp); 1122 break; 1123 case STATE_OPENED: 1124 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1125 (cp->tld)(sp); 1126 (cp->scr)(sp); 1127 break; 1128 case STATE_ACK_RCVD: 1129 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1130 (cp->scr)(sp); 1131 break; 1132 case STATE_CLOSING: 1133 case STATE_STOPPING: 1134 break; 1135 default: 1136 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1137 SPP_ARGS(ifp), cp->name, 1138 sppp_cp_type_name(h->type), 1139 sppp_state_name(sp->state[cp->protoidx])); */ 1140 ++ifp->if_ierrors; 1141 } 1142 break; 1143 1144 case TERM_REQ: 1145 switch (sp->state[cp->protoidx]) { 1146 case STATE_ACK_RCVD: 1147 case STATE_ACK_SENT: 1148 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1149 /* FALLTHROUGH */ 1150 case STATE_CLOSED: 1151 case STATE_STOPPED: 1152 case STATE_CLOSING: 1153 case STATE_STOPPING: 1154 case STATE_REQ_SENT: 1155 sta: 1156 /* Send Terminate-Ack packet. */ 1157 if (debug) 1158 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1159 SPP_ARGS(ifp), cp->name); 1160 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1161 break; 1162 case STATE_OPENED: 1163 sp->rst_counter[cp->protoidx] = 0; 1164 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1165 (cp->tld)(sp); 1166 goto sta; 1167 break; 1168 default: 1169 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1170 SPP_ARGS(ifp), cp->name, 1171 sppp_cp_type_name(h->type), 1172 sppp_state_name(sp->state[cp->protoidx])); */ 1173 ++ifp->if_ierrors; 1174 } 1175 break; 1176 case TERM_ACK: 1177 switch (sp->state[cp->protoidx]) { 1178 case STATE_CLOSED: 1179 case STATE_STOPPED: 1180 case STATE_REQ_SENT: 1181 case STATE_ACK_SENT: 1182 break; 1183 case STATE_CLOSING: 1184 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1185 (cp->tlf)(sp); 1186 break; 1187 case STATE_STOPPING: 1188 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1189 (cp->tlf)(sp); 1190 break; 1191 case STATE_ACK_RCVD: 1192 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1193 break; 1194 case STATE_OPENED: 1195 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1196 (cp->tld)(sp); 1197 (cp->scr)(sp); 1198 break; 1199 default: 1200 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1201 SPP_ARGS(ifp), cp->name, 1202 sppp_cp_type_name(h->type), 1203 sppp_state_name(sp->state[cp->protoidx])); */ 1204 ++ifp->if_ierrors; 1205 } 1206 break; 1207 case CODE_REJ: 1208 case PROTO_REJ: 1209 { 1210 int catastrophic = 0; 1211 const struct cp *upper = NULL; 1212 int i; 1213 u_int16_t proto; 1214 1215 if (len < 2) { 1216 if (debug) 1217 log(LOG_DEBUG, SPP_FMT "invalid proto-rej length\n", 1218 SPP_ARGS(ifp)); 1219 ++ifp->if_ierrors; 1220 break; 1221 } 1222 1223 proto = ntohs(*((u_int16_t *)p)); 1224 for (i = 0; i < IDX_COUNT; i++) { 1225 if (cps[i]->proto == proto) { 1226 upper = cps[i]; 1227 break; 1228 } 1229 } 1230 if (upper == NULL) 1231 catastrophic++; 1232 1233 if (catastrophic || debug) 1234 log(catastrophic? LOG_INFO: LOG_DEBUG, 1235 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1236 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1237 sppp_cp_type_name(h->type), proto, 1238 upper ? upper->name : "unknown", 1239 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1240 1241 /* 1242 * if we got RXJ+ against conf-req, the peer does not implement 1243 * this particular protocol type. terminate the protocol. 1244 */ 1245 if (upper) { 1246 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1247 upper->Close(sp); 1248 break; 1249 } 1250 } 1251 1252 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1253 switch (sp->state[cp->protoidx]) { 1254 case STATE_CLOSED: 1255 case STATE_STOPPED: 1256 case STATE_REQ_SENT: 1257 case STATE_ACK_SENT: 1258 case STATE_CLOSING: 1259 case STATE_STOPPING: 1260 case STATE_OPENED: 1261 break; 1262 case STATE_ACK_RCVD: 1263 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1264 break; 1265 default: 1266 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1267 SPP_ARGS(ifp), cp->name, 1268 sppp_cp_type_name(h->type), 1269 sppp_state_name(sp->state[cp->protoidx])); */ 1270 ++ifp->if_ierrors; 1271 } 1272 break; 1273 } 1274 case DISC_REQ: 1275 if (cp->proto != PPP_LCP) 1276 goto illegal; 1277 /* Discard the packet. */ 1278 break; 1279 case ECHO_REQ: 1280 if (cp->proto != PPP_LCP) 1281 goto illegal; 1282 if (sp->state[cp->protoidx] != STATE_OPENED) { 1283 if (debug) 1284 addlog(SPP_FMT "lcp echo req but lcp closed\n", 1285 SPP_ARGS(ifp)); 1286 ++ifp->if_ierrors; 1287 break; 1288 } 1289 if (len < 8) { 1290 if (debug) 1291 addlog(SPP_FMT "invalid lcp echo request " 1292 "packet length: %d bytes\n", 1293 SPP_ARGS(ifp), len); 1294 break; 1295 } 1296 1297 nmagic = (u_long)p[0] << 24 | 1298 (u_long)p[1] << 16 | p[2] << 8 | p[3]; 1299 1300 if (nmagic == sp->lcp.magic) { 1301 /* Line loopback mode detected. */ 1302 log(LOG_INFO, SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1303 /* Shut down the PPP link. */ 1304 lcp.Close(sp); 1305 break; 1306 } 1307 1308 p[0] = sp->lcp.magic >> 24; 1309 p[1] = sp->lcp.magic >> 16; 1310 p[2] = sp->lcp.magic >> 8; 1311 p[3] = sp->lcp.magic; 1312 1313 if (debug) 1314 addlog(SPP_FMT "got lcp echo req, sending echo rep\n", 1315 SPP_ARGS(ifp)); 1316 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1317 break; 1318 case ECHO_REPLY: 1319 if (cp->proto != PPP_LCP) 1320 goto illegal; 1321 if (h->ident != sp->lcp.echoid) { 1322 ++ifp->if_ierrors; 1323 break; 1324 } 1325 if (len < 8) { 1326 if (debug) 1327 addlog(SPP_FMT "lcp invalid echo reply " 1328 "packet length: %d bytes\n", 1329 SPP_ARGS(ifp), len); 1330 break; 1331 } 1332 if (debug) 1333 addlog(SPP_FMT "lcp got echo rep\n", 1334 SPP_ARGS(ifp)); 1335 1336 nmagic = (u_long)p[0] << 24 | 1337 (u_long)p[1] << 16 | p[2] << 8 | p[3]; 1338 1339 if (nmagic != sp->lcp.magic) 1340 sp->pp_alivecnt = 0; 1341 break; 1342 default: 1343 /* Unknown packet type -- send Code-Reject packet. */ 1344 illegal: 1345 if (debug) 1346 addlog(SPP_FMT "%s send code-rej for 0x%x\n", 1347 SPP_ARGS(ifp), cp->name, h->type); 1348 sppp_cp_send(sp, cp->proto, CODE_REJ, ++sp->pp_seq, 1349 m->m_pkthdr.len, h); 1350 ++ifp->if_ierrors; 1351 } 1352 } 1353 1354 1355 /* 1356 * The generic part of all Up/Down/Open/Close/TO event handlers. 1357 * Basically, the state transition handling in the automaton. 1358 */ 1359 void 1360 sppp_up_event(const struct cp *cp, struct sppp *sp) 1361 { 1362 STDDCL; 1363 1364 if (debug) 1365 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1366 SPP_ARGS(ifp), cp->name, 1367 sppp_state_name(sp->state[cp->protoidx])); 1368 1369 switch (sp->state[cp->protoidx]) { 1370 case STATE_INITIAL: 1371 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1372 break; 1373 case STATE_STARTING: 1374 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1375 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1376 (cp->scr)(sp); 1377 break; 1378 default: 1379 /* printf(SPP_FMT "%s illegal up in state %s\n", 1380 SPP_ARGS(ifp), cp->name, 1381 sppp_state_name(sp->state[cp->protoidx])); */ 1382 break; 1383 } 1384 } 1385 1386 void 1387 sppp_down_event(const struct cp *cp, struct sppp *sp) 1388 { 1389 STDDCL; 1390 1391 if (debug) 1392 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1393 SPP_ARGS(ifp), cp->name, 1394 sppp_state_name(sp->state[cp->protoidx])); 1395 1396 switch (sp->state[cp->protoidx]) { 1397 case STATE_CLOSED: 1398 case STATE_CLOSING: 1399 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1400 break; 1401 case STATE_STOPPED: 1402 sppp_cp_change_state(cp, sp, STATE_STARTING); 1403 (cp->tls)(sp); 1404 break; 1405 case STATE_STOPPING: 1406 case STATE_REQ_SENT: 1407 case STATE_ACK_RCVD: 1408 case STATE_ACK_SENT: 1409 sppp_cp_change_state(cp, sp, STATE_STARTING); 1410 break; 1411 case STATE_OPENED: 1412 sppp_cp_change_state(cp, sp, STATE_STARTING); 1413 (cp->tld)(sp); 1414 break; 1415 default: 1416 /* printf(SPP_FMT "%s illegal down in state %s\n", 1417 SPP_ARGS(ifp), cp->name, 1418 sppp_state_name(sp->state[cp->protoidx])); */ 1419 break; 1420 } 1421 } 1422 1423 1424 void 1425 sppp_open_event(const struct cp *cp, struct sppp *sp) 1426 { 1427 STDDCL; 1428 1429 if (debug) 1430 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1431 SPP_ARGS(ifp), cp->name, 1432 sppp_state_name(sp->state[cp->protoidx])); 1433 1434 switch (sp->state[cp->protoidx]) { 1435 case STATE_INITIAL: 1436 sppp_cp_change_state(cp, sp, STATE_STARTING); 1437 (cp->tls)(sp); 1438 break; 1439 case STATE_STARTING: 1440 break; 1441 case STATE_CLOSED: 1442 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1443 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1444 (cp->scr)(sp); 1445 break; 1446 case STATE_STOPPED: 1447 case STATE_STOPPING: 1448 case STATE_REQ_SENT: 1449 case STATE_ACK_RCVD: 1450 case STATE_ACK_SENT: 1451 case STATE_OPENED: 1452 break; 1453 case STATE_CLOSING: 1454 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1455 break; 1456 } 1457 } 1458 1459 1460 void 1461 sppp_close_event(const struct cp *cp, struct sppp *sp) 1462 { 1463 STDDCL; 1464 1465 if (debug) 1466 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1467 SPP_ARGS(ifp), cp->name, 1468 sppp_state_name(sp->state[cp->protoidx])); 1469 1470 switch (sp->state[cp->protoidx]) { 1471 case STATE_INITIAL: 1472 case STATE_CLOSED: 1473 case STATE_CLOSING: 1474 break; 1475 case STATE_STARTING: 1476 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1477 (cp->tlf)(sp); 1478 break; 1479 case STATE_STOPPED: 1480 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1481 break; 1482 case STATE_STOPPING: 1483 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1484 break; 1485 case STATE_OPENED: 1486 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1487 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1488 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0); 1489 (cp->tld)(sp); 1490 break; 1491 case STATE_REQ_SENT: 1492 case STATE_ACK_RCVD: 1493 case STATE_ACK_SENT: 1494 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1495 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0); 1496 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1497 break; 1498 } 1499 } 1500 1501 void 1502 sppp_increasing_timeout (const struct cp *cp, struct sppp *sp) 1503 { 1504 int timo; 1505 1506 timo = sp->lcp.max_configure - sp->rst_counter[cp->protoidx]; 1507 if (timo < 1) 1508 timo = 1; 1509 timeout_add_sec(&sp->ch[cp->protoidx], timo * sp->lcp.timeout); 1510 } 1511 1512 void 1513 sppp_to_event(const struct cp *cp, struct sppp *sp) 1514 { 1515 STDDCL; 1516 int s; 1517 1518 s = splnet(); 1519 if (debug) 1520 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 1521 SPP_ARGS(ifp), cp->name, 1522 sppp_state_name(sp->state[cp->protoidx]), 1523 sp->rst_counter[cp->protoidx]); 1524 1525 if (--sp->rst_counter[cp->protoidx] < 0) 1526 /* TO- event */ 1527 switch (sp->state[cp->protoidx]) { 1528 case STATE_CLOSING: 1529 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1530 (cp->tlf)(sp); 1531 break; 1532 case STATE_STOPPING: 1533 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1534 (cp->tlf)(sp); 1535 break; 1536 case STATE_REQ_SENT: 1537 case STATE_ACK_RCVD: 1538 case STATE_ACK_SENT: 1539 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1540 (cp->tlf)(sp); 1541 break; 1542 } 1543 else 1544 /* TO+ event */ 1545 switch (sp->state[cp->protoidx]) { 1546 case STATE_CLOSING: 1547 case STATE_STOPPING: 1548 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 1549 0, 0); 1550 sppp_increasing_timeout (cp, sp); 1551 break; 1552 case STATE_REQ_SENT: 1553 case STATE_ACK_RCVD: 1554 /* sppp_cp_change_state() will restart the timer */ 1555 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1556 (cp->scr)(sp); 1557 break; 1558 case STATE_ACK_SENT: 1559 sppp_increasing_timeout (cp, sp); 1560 (cp->scr)(sp); 1561 break; 1562 } 1563 1564 splx(s); 1565 } 1566 1567 /* 1568 * Change the state of a control protocol in the state automaton. 1569 * Takes care of starting/stopping the restart timer. 1570 */ 1571 void 1572 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1573 { 1574 STDDCL; 1575 1576 if (debug && sp->state[cp->protoidx] != newstate) 1577 log(LOG_DEBUG, SPP_FMT "%s %s->%s\n", 1578 SPP_ARGS(ifp), cp->name, 1579 sppp_state_name(sp->state[cp->protoidx]), 1580 sppp_state_name(newstate)); 1581 sp->state[cp->protoidx] = newstate; 1582 1583 switch (newstate) { 1584 case STATE_INITIAL: 1585 case STATE_STARTING: 1586 case STATE_CLOSED: 1587 case STATE_STOPPED: 1588 case STATE_OPENED: 1589 UNTIMEOUT(cp->TO, (void *)sp, sp->ch[cp->protoidx]); 1590 break; 1591 case STATE_CLOSING: 1592 case STATE_STOPPING: 1593 case STATE_REQ_SENT: 1594 case STATE_ACK_RCVD: 1595 case STATE_ACK_SENT: 1596 if (!timeout_pending(&sp->ch[cp->protoidx])) 1597 sppp_increasing_timeout (cp, sp); 1598 break; 1599 } 1600 } 1601 /* 1602 *--------------------------------------------------------------------------* 1603 * * 1604 * The LCP implementation. * 1605 * * 1606 *--------------------------------------------------------------------------* 1607 */ 1608 void 1609 sppp_lcp_init(struct sppp *sp) 1610 { 1611 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1612 sp->lcp.magic = 0; 1613 sp->state[IDX_LCP] = STATE_INITIAL; 1614 sp->fail_counter[IDX_LCP] = 0; 1615 sp->lcp.protos = 0; 1616 sp->lcp.mru = sp->pp_if.if_mtu; 1617 sp->lcp.their_mru = 0; 1618 1619 /* 1620 * Initialize counters and timeout values. Note that we don't 1621 * use the 3 seconds suggested in RFC 1661 since we are likely 1622 * running on a fast link. XXX We should probably implement 1623 * the exponential backoff option. Note that these values are 1624 * relevant for all control protocols, not just LCP only. 1625 */ 1626 sp->lcp.timeout = 1; /* seconds */ 1627 sp->lcp.max_terminate = 2; 1628 sp->lcp.max_configure = 10; 1629 sp->lcp.max_failure = 10; 1630 } 1631 1632 void 1633 sppp_lcp_up(struct sppp *sp) 1634 { 1635 STDDCL; 1636 struct timeval tv; 1637 1638 sp->pp_alivecnt = 0; 1639 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1640 sp->lcp.magic = 0; 1641 sp->lcp.protos = 0; 1642 if (sp->pp_if.if_mtu != PP_MTU) { 1643 sp->lcp.mru = sp->pp_if.if_mtu; 1644 sp->lcp.opts |= (1 << LCP_OPT_MRU); 1645 } else 1646 sp->lcp.mru = PP_MTU; 1647 sp->lcp.their_mru = PP_MTU; 1648 1649 getmicrouptime(&tv); 1650 sp->pp_last_receive = sp->pp_last_activity = tv.tv_sec; 1651 1652 /* 1653 * If this interface is passive or dial-on-demand, and we are 1654 * still in Initial state, it means we've got an incoming 1655 * call. Activate the interface. 1656 */ 1657 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 1658 if (debug) 1659 log(LOG_DEBUG, 1660 SPP_FMT "Up event", SPP_ARGS(ifp)); 1661 ifp->if_flags |= IFF_RUNNING; 1662 if (sp->state[IDX_LCP] == STATE_INITIAL) { 1663 if (debug) 1664 addlog("(incoming call)\n"); 1665 sp->pp_flags |= PP_CALLIN; 1666 lcp.Open(sp); 1667 } else if (debug) 1668 addlog("\n"); 1669 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 1670 (sp->state[IDX_LCP] == STATE_INITIAL)) { 1671 ifp->if_flags |= IFF_RUNNING; 1672 lcp.Open(sp); 1673 } 1674 1675 sppp_up_event(&lcp, sp); 1676 } 1677 1678 void 1679 sppp_lcp_down(struct sppp *sp) 1680 { 1681 STDDCL; 1682 1683 sppp_down_event(&lcp, sp); 1684 1685 /* 1686 * If this is neither a dial-on-demand nor a passive 1687 * interface, simulate an ``ifconfig down'' action, so the 1688 * administrator can force a redial by another ``ifconfig 1689 * up''. XXX For leased line operation, should we immediately 1690 * try to reopen the connection here? 1691 */ 1692 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 1693 if (debug) 1694 log(LOG_DEBUG, SPP_FMT "Down event (carrier loss), " 1695 "taking interface down.", SPP_ARGS(ifp)); 1696 if_down(ifp); 1697 } else { 1698 if (debug) 1699 log(LOG_DEBUG, SPP_FMT "Down event (carrier loss)\n", 1700 SPP_ARGS(ifp)); 1701 } 1702 1703 if (sp->state[IDX_LCP] != STATE_INITIAL) 1704 lcp.Close(sp); 1705 sp->lcp.their_mru = 0; 1706 sp->pp_flags &= ~PP_CALLIN; 1707 ifp->if_flags &= ~IFF_RUNNING; 1708 sppp_flush(ifp); 1709 } 1710 1711 void 1712 sppp_lcp_open(struct sppp *sp) 1713 { 1714 /* 1715 * If we are authenticator, negotiate LCP_AUTH 1716 */ 1717 if (sp->hisauth.proto != 0) 1718 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 1719 else 1720 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 1721 sp->pp_flags &= ~PP_NEEDAUTH; 1722 sppp_open_event(&lcp, sp); 1723 } 1724 1725 void 1726 sppp_lcp_close(struct sppp *sp) 1727 { 1728 sppp_close_event(&lcp, sp); 1729 } 1730 1731 void 1732 sppp_lcp_TO(void *cookie) 1733 { 1734 sppp_to_event(&lcp, (struct sppp *)cookie); 1735 } 1736 1737 /* 1738 * Analyze a configure request. Return true if it was agreeable, and 1739 * caused action sca, false if it has been rejected or nak'ed, and 1740 * caused action scn. (The return value is used to make the state 1741 * transition decision in the state automaton.) 1742 */ 1743 int 1744 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 1745 { 1746 STDDCL; 1747 u_char *buf, *r, *p; 1748 int origlen, rlen; 1749 u_long nmagic; 1750 u_short authproto; 1751 1752 len -= 4; 1753 origlen = len; 1754 buf = r = malloc (origlen, M_TEMP, M_NOWAIT); 1755 if (! buf) 1756 return (0); 1757 1758 if (debug) 1759 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 1760 SPP_ARGS(ifp)); 1761 1762 /* pass 1: check for things that need to be rejected */ 1763 p = (void*) (h+1); 1764 for (rlen = 0; len > 1; len -= p[1], p += p[1]) { 1765 if (p[1] < 2 || p[1] > len) { 1766 free(buf, M_TEMP, origlen); 1767 return (-1); 1768 } 1769 if (debug) 1770 addlog("%s ", sppp_lcp_opt_name(*p)); 1771 switch (*p) { 1772 case LCP_OPT_MAGIC: 1773 /* Magic number. */ 1774 /* FALLTHROUGH, both are same length */ 1775 case LCP_OPT_ASYNC_MAP: 1776 /* Async control character map. */ 1777 if (len >= 6 && p[1] == 6) 1778 continue; 1779 if (debug) 1780 addlog("[invalid] "); 1781 break; 1782 case LCP_OPT_MRU: 1783 /* Maximum receive unit. */ 1784 if (len >= 4 && p[1] == 4) 1785 continue; 1786 if (debug) 1787 addlog("[invalid] "); 1788 break; 1789 case LCP_OPT_AUTH_PROTO: 1790 if (len < 4) { 1791 if (debug) 1792 addlog("[invalid] "); 1793 break; 1794 } 1795 authproto = (p[2] << 8) + p[3]; 1796 if (authproto == PPP_CHAP && p[1] != 5) { 1797 if (debug) 1798 addlog("[invalid chap len] "); 1799 break; 1800 } 1801 if (sp->myauth.proto == 0) { 1802 /* we are not configured to do auth */ 1803 if (debug) 1804 addlog("[not configured] "); 1805 break; 1806 } 1807 /* 1808 * Remote want us to authenticate, remember this, 1809 * so we stay in PHASE_AUTHENTICATE after LCP got 1810 * up. 1811 */ 1812 sp->pp_flags |= PP_NEEDAUTH; 1813 continue; 1814 default: 1815 /* Others not supported. */ 1816 if (debug) 1817 addlog("[rej] "); 1818 break; 1819 } 1820 /* Add the option to rejected list. */ 1821 bcopy (p, r, p[1]); 1822 r += p[1]; 1823 rlen += p[1]; 1824 } 1825 if (rlen) { 1826 if (debug) 1827 addlog(" send conf-rej\n"); 1828 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 1829 goto end; 1830 } else if (debug) 1831 addlog("\n"); 1832 1833 /* 1834 * pass 2: check for option values that are unacceptable and 1835 * thus require to be nak'ed. 1836 */ 1837 if (debug) 1838 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 1839 SPP_ARGS(ifp)); 1840 1841 p = (void*) (h+1); 1842 len = origlen; 1843 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 1844 if (debug) 1845 addlog("%s ", sppp_lcp_opt_name(*p)); 1846 switch (*p) { 1847 case LCP_OPT_MAGIC: 1848 /* Magic number -- extract. */ 1849 nmagic = (u_long)p[2] << 24 | 1850 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 1851 if (nmagic != sp->lcp.magic) { 1852 if (debug) 1853 addlog("0x%lx ", nmagic); 1854 continue; 1855 } 1856 if (debug) 1857 addlog("[glitch] "); 1858 ++sp->pp_loopcnt; 1859 /* 1860 * We negate our magic here, and NAK it. If 1861 * we see it later in an NAK packet, we 1862 * suggest a new one. 1863 */ 1864 nmagic = ~sp->lcp.magic; 1865 /* Gonna NAK it. */ 1866 p[2] = nmagic >> 24; 1867 p[3] = nmagic >> 16; 1868 p[4] = nmagic >> 8; 1869 p[5] = nmagic; 1870 break; 1871 1872 case LCP_OPT_ASYNC_MAP: 1873 /* Async control character map -- check to be zero. */ 1874 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) { 1875 if (debug) 1876 addlog("[empty] "); 1877 continue; 1878 } 1879 if (debug) 1880 addlog("[non-empty] "); 1881 /* suggest a zero one */ 1882 p[2] = p[3] = p[4] = p[5] = 0; 1883 break; 1884 1885 case LCP_OPT_MRU: 1886 /* 1887 * Maximum receive unit. Always agreeable, 1888 * but ignored by now. 1889 */ 1890 sp->lcp.their_mru = p[2] * 256 + p[3]; 1891 if (debug) 1892 addlog("%lu ", sp->lcp.their_mru); 1893 continue; 1894 1895 case LCP_OPT_AUTH_PROTO: 1896 authproto = (p[2] << 8) + p[3]; 1897 if (sp->myauth.proto != authproto) { 1898 /* not agreed, nak */ 1899 if (debug) 1900 addlog("[mine %s != his %s] ", 1901 sppp_proto_name(sp->hisauth.proto), 1902 sppp_proto_name(authproto)); 1903 p[2] = sp->myauth.proto >> 8; 1904 p[3] = sp->myauth.proto; 1905 break; 1906 } 1907 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 1908 if (debug) 1909 addlog("[chap not MD5] "); 1910 p[4] = CHAP_MD5; 1911 break; 1912 } 1913 continue; 1914 } 1915 /* Add the option to nak'ed list. */ 1916 bcopy (p, r, p[1]); 1917 r += p[1]; 1918 rlen += p[1]; 1919 } 1920 if (rlen) { 1921 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 1922 if (debug) 1923 addlog(" max_failure (%d) exceeded, " 1924 "send conf-rej\n", 1925 sp->lcp.max_failure); 1926 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 1927 } else { 1928 if (debug) 1929 addlog(" send conf-nak\n"); 1930 sppp_cp_send(sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 1931 } 1932 goto end; 1933 } else { 1934 if (debug) 1935 addlog("send conf-ack\n"); 1936 sp->fail_counter[IDX_LCP] = 0; 1937 sp->pp_loopcnt = 0; 1938 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 1939 h->ident, origlen, h+1); 1940 } 1941 1942 end: 1943 free(buf, M_TEMP, origlen); 1944 return (rlen == 0); 1945 } 1946 1947 /* 1948 * Analyze the LCP Configure-Reject option list, and adjust our 1949 * negotiation. 1950 */ 1951 void 1952 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 1953 { 1954 STDDCL; 1955 u_char *p; 1956 1957 len -= 4; 1958 1959 if (debug) 1960 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 1961 SPP_ARGS(ifp)); 1962 1963 p = (void*) (h+1); 1964 for (; len > 1; len -= p[1], p += p[1]) { 1965 if (p[1] < 2 || p[1] > len) 1966 return; 1967 if (debug) 1968 addlog("%s ", sppp_lcp_opt_name(*p)); 1969 switch (*p) { 1970 case LCP_OPT_MAGIC: 1971 /* Magic number -- can't use it, use 0 */ 1972 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 1973 sp->lcp.magic = 0; 1974 break; 1975 case LCP_OPT_MRU: 1976 /* 1977 * Should not be rejected anyway, since we only 1978 * negotiate a MRU if explicitly requested by 1979 * peer. 1980 */ 1981 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 1982 break; 1983 case LCP_OPT_AUTH_PROTO: 1984 /* 1985 * Peer doesn't want to authenticate himself, 1986 * deny unless this is a dialout call, and 1987 * AUTHFLAG_NOCALLOUT is set. 1988 */ 1989 if ((sp->pp_flags & PP_CALLIN) == 0 && 1990 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 1991 if (debug) 1992 addlog("[don't insist on auth " 1993 "for callout]"); 1994 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 1995 break; 1996 } 1997 if (debug) 1998 addlog("[access denied]\n"); 1999 lcp.Close(sp); 2000 break; 2001 } 2002 } 2003 if (debug) 2004 addlog("\n"); 2005 } 2006 2007 /* 2008 * Analyze the LCP Configure-NAK option list, and adjust our 2009 * negotiation. 2010 */ 2011 void 2012 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2013 { 2014 STDDCL; 2015 u_char *p; 2016 u_long magic; 2017 2018 len -= 4; 2019 2020 if (debug) 2021 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2022 SPP_ARGS(ifp)); 2023 2024 p = (void*) (h+1); 2025 for (; len > 1; len -= p[1], p += p[1]) { 2026 if (p[1] < 2 || p[1] > len) 2027 return; 2028 if (debug) 2029 addlog("%s ", sppp_lcp_opt_name(*p)); 2030 switch (*p) { 2031 case LCP_OPT_MAGIC: 2032 /* Magic number -- renegotiate */ 2033 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2034 len >= 6 && p[1] == 6) { 2035 magic = (u_long)p[2] << 24 | 2036 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2037 /* 2038 * If the remote magic is our negated one, 2039 * this looks like a loopback problem. 2040 * Suggest a new magic to make sure. 2041 */ 2042 if (magic == ~sp->lcp.magic) { 2043 if (debug) 2044 addlog("magic glitch "); 2045 sp->lcp.magic = arc4random(); 2046 } else { 2047 sp->lcp.magic = magic; 2048 if (debug) 2049 addlog("%lu ", magic); 2050 } 2051 } 2052 break; 2053 case LCP_OPT_MRU: 2054 /* 2055 * Peer wants to advise us to negotiate an MRU. 2056 * Agree on it if it's reasonable, or use 2057 * default otherwise. 2058 */ 2059 if (len >= 4 && p[1] == 4) { 2060 u_int mru = p[2] * 256 + p[3]; 2061 if (debug) 2062 addlog("%d ", mru); 2063 if (mru < PP_MIN_MRU) 2064 mru = PP_MIN_MRU; 2065 if (mru > PP_MAX_MRU) 2066 mru = PP_MAX_MRU; 2067 sp->lcp.mru = mru; 2068 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2069 } 2070 break; 2071 case LCP_OPT_AUTH_PROTO: 2072 /* 2073 * Peer doesn't like our authentication method, 2074 * deny. 2075 */ 2076 if (debug) 2077 addlog("[access denied]\n"); 2078 lcp.Close(sp); 2079 break; 2080 } 2081 } 2082 if (debug) 2083 addlog("\n"); 2084 } 2085 2086 void 2087 sppp_lcp_tlu(struct sppp *sp) 2088 { 2089 struct ifnet *ifp = &sp->pp_if; 2090 int i; 2091 u_long mask; 2092 2093 /* XXX ? */ 2094 if (! (ifp->if_flags & IFF_UP) && 2095 (ifp->if_flags & IFF_RUNNING)) { 2096 /* Coming out of loopback mode. */ 2097 if_up(ifp); 2098 if (ifp->if_flags & IFF_DEBUG) 2099 log(LOG_INFO, SPP_FMT "up\n", SPP_ARGS(ifp)); 2100 } 2101 2102 for (i = 0; i < IDX_COUNT; i++) 2103 if ((cps[i])->flags & CP_QUAL) 2104 (cps[i])->Open(sp); 2105 2106 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2107 (sp->pp_flags & PP_NEEDAUTH) != 0) 2108 sp->pp_phase = PHASE_AUTHENTICATE; 2109 else 2110 sp->pp_phase = PHASE_NETWORK; 2111 2112 sppp_set_phase(sp); 2113 2114 /* 2115 * Open all authentication protocols. This is even required 2116 * if we already proceeded to network phase, since it might be 2117 * that remote wants us to authenticate, so we might have to 2118 * send a PAP request. Undesired authentication protocols 2119 * don't do anything when they get an Open event. 2120 */ 2121 for (i = 0; i < IDX_COUNT; i++) 2122 if ((cps[i])->flags & CP_AUTH) 2123 (cps[i])->Open(sp); 2124 2125 if (sp->pp_phase == PHASE_NETWORK) { 2126 /* Notify all NCPs. */ 2127 for (i = 0; i < IDX_COUNT; i++) 2128 if ((cps[i])->flags & CP_NCP) 2129 (cps[i])->Open(sp); 2130 } 2131 2132 /* Send Up events to all started protos. */ 2133 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2134 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) 2135 (cps[i])->Up(sp); 2136 2137 /* notify low-level driver of state change */ 2138 if (sp->pp_chg) 2139 sp->pp_chg(sp, (int)sp->pp_phase); 2140 2141 if (sp->pp_phase == PHASE_NETWORK) 2142 /* if no NCP is starting, close down */ 2143 sppp_lcp_check_and_close(sp); 2144 } 2145 2146 void 2147 sppp_lcp_tld(struct sppp *sp) 2148 { 2149 int i; 2150 u_long mask; 2151 2152 sp->pp_phase = PHASE_TERMINATE; 2153 2154 sppp_set_phase(sp); 2155 2156 /* 2157 * Take upper layers down. We send the Down event first and 2158 * the Close second to prevent the upper layers from sending 2159 * ``a flurry of terminate-request packets'', as the RFC 2160 * describes it. 2161 */ 2162 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2163 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) { 2164 (cps[i])->Down(sp); 2165 (cps[i])->Close(sp); 2166 } 2167 } 2168 2169 void 2170 sppp_lcp_tls(struct sppp *sp) 2171 { 2172 sp->pp_phase = PHASE_ESTABLISH; 2173 2174 sppp_set_phase(sp); 2175 2176 /* Notify lower layer if desired. */ 2177 if (sp->pp_tls) 2178 (sp->pp_tls)(sp); 2179 } 2180 2181 void 2182 sppp_lcp_tlf(struct sppp *sp) 2183 { 2184 sp->pp_phase = PHASE_DEAD; 2185 sppp_set_phase(sp); 2186 2187 /* Notify lower layer if desired. */ 2188 if (sp->pp_tlf) 2189 (sp->pp_tlf)(sp); 2190 } 2191 2192 void 2193 sppp_lcp_scr(struct sppp *sp) 2194 { 2195 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2196 int i = 0; 2197 u_short authproto; 2198 2199 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2200 if (! sp->lcp.magic) 2201 sp->lcp.magic = arc4random(); 2202 opt[i++] = LCP_OPT_MAGIC; 2203 opt[i++] = 6; 2204 opt[i++] = sp->lcp.magic >> 24; 2205 opt[i++] = sp->lcp.magic >> 16; 2206 opt[i++] = sp->lcp.magic >> 8; 2207 opt[i++] = sp->lcp.magic; 2208 } 2209 2210 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2211 opt[i++] = LCP_OPT_MRU; 2212 opt[i++] = 4; 2213 opt[i++] = sp->lcp.mru >> 8; 2214 opt[i++] = sp->lcp.mru; 2215 } 2216 2217 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2218 authproto = sp->hisauth.proto; 2219 opt[i++] = LCP_OPT_AUTH_PROTO; 2220 opt[i++] = authproto == PPP_CHAP? 5: 4; 2221 opt[i++] = authproto >> 8; 2222 opt[i++] = authproto; 2223 if (authproto == PPP_CHAP) 2224 opt[i++] = CHAP_MD5; 2225 } 2226 2227 sp->confid[IDX_LCP] = ++sp->pp_seq; 2228 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, opt); 2229 } 2230 2231 /* 2232 * Check the open NCPs, return true if at least one NCP is open. 2233 */ 2234 int 2235 sppp_ncp_check(struct sppp *sp) 2236 { 2237 int i, mask; 2238 2239 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2240 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP) 2241 return 1; 2242 return 0; 2243 } 2244 2245 /* 2246 * Re-check the open NCPs and see if we should terminate the link. 2247 * Called by the NCPs during their tlf action handling. 2248 */ 2249 void 2250 sppp_lcp_check_and_close(struct sppp *sp) 2251 { 2252 2253 if (sp->pp_phase < PHASE_NETWORK) 2254 /* don't bother, we are already going down */ 2255 return; 2256 2257 if (sppp_ncp_check(sp)) 2258 return; 2259 2260 lcp.Close(sp); 2261 } 2262 /* 2263 *--------------------------------------------------------------------------* 2264 * * 2265 * The IPCP implementation. * 2266 * * 2267 *--------------------------------------------------------------------------* 2268 */ 2269 2270 void 2271 sppp_ipcp_init(struct sppp *sp) 2272 { 2273 sp->ipcp.opts = 0; 2274 sp->ipcp.flags = 0; 2275 sp->state[IDX_IPCP] = STATE_INITIAL; 2276 sp->fail_counter[IDX_IPCP] = 0; 2277 task_set(&sp->ipcp.set_addr_task, sppp_set_ip_addrs, sp); 2278 task_set(&sp->ipcp.clear_addr_task, sppp_clear_ip_addrs, sp); 2279 } 2280 2281 void 2282 sppp_ipcp_destroy(struct sppp *sp) 2283 { 2284 task_del(systq, &sp->ipcp.set_addr_task); 2285 task_del(systq, &sp->ipcp.clear_addr_task); 2286 } 2287 2288 void 2289 sppp_ipcp_up(struct sppp *sp) 2290 { 2291 sppp_up_event(&ipcp, sp); 2292 } 2293 2294 void 2295 sppp_ipcp_down(struct sppp *sp) 2296 { 2297 sppp_down_event(&ipcp, sp); 2298 } 2299 2300 void 2301 sppp_ipcp_open(struct sppp *sp) 2302 { 2303 sppp_open_event(&ipcp, sp); 2304 } 2305 2306 void 2307 sppp_ipcp_close(struct sppp *sp) 2308 { 2309 sppp_close_event(&ipcp, sp); 2310 } 2311 2312 void 2313 sppp_ipcp_TO(void *cookie) 2314 { 2315 sppp_to_event(&ipcp, (struct sppp *)cookie); 2316 } 2317 2318 /* 2319 * Analyze a configure request. Return true if it was agreeable, and 2320 * caused action sca, false if it has been rejected or nak'ed, and 2321 * caused action scn. (The return value is used to make the state 2322 * transition decision in the state automaton.) 2323 */ 2324 int 2325 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2326 { 2327 u_char *buf, *r, *p; 2328 struct ifnet *ifp = &sp->pp_if; 2329 int rlen, origlen, buflen, debug = ifp->if_flags & IFF_DEBUG; 2330 u_int32_t hisaddr, desiredaddr; 2331 2332 len -= 4; 2333 origlen = len; 2334 /* 2335 * Make sure to allocate a buf that can at least hold a 2336 * conf-nak with an `address' option. We might need it below. 2337 */ 2338 buflen = len < 6? 6: len; 2339 buf = r = malloc (buflen, M_TEMP, M_NOWAIT); 2340 if (! buf) 2341 return (0); 2342 2343 /* pass 1: see if we can recognize them */ 2344 if (debug) 2345 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2346 SPP_ARGS(ifp)); 2347 p = (void*) (h+1); 2348 for (rlen = 0; len > 1; len -= p[1], p += p[1]) { 2349 if (p[1] < 2 || p[1] > len) { 2350 free(buf, M_TEMP, buflen); 2351 return (-1); 2352 } 2353 if (debug) 2354 addlog("%s ", sppp_ipcp_opt_name(*p)); 2355 switch (*p) { 2356 #ifdef notyet 2357 case IPCP_OPT_COMPRESSION: 2358 if (len >= 6 && p[1] >= 6) { 2359 /* correctly formed compress option */ 2360 continue; 2361 } 2362 if (debug) 2363 addlog("[invalid] "); 2364 break; 2365 #endif 2366 case IPCP_OPT_ADDRESS: 2367 if (len >= 6 && p[1] == 6) { 2368 /* correctly formed address option */ 2369 continue; 2370 } 2371 if (debug) 2372 addlog("[invalid] "); 2373 break; 2374 default: 2375 /* Others not supported. */ 2376 if (debug) 2377 addlog("[rej] "); 2378 break; 2379 } 2380 /* Add the option to rejected list. */ 2381 bcopy (p, r, p[1]); 2382 r += p[1]; 2383 rlen += p[1]; 2384 } 2385 if (rlen) { 2386 if (debug) 2387 addlog(" send conf-rej\n"); 2388 sppp_cp_send(sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2389 goto end; 2390 } else if (debug) 2391 addlog("\n"); 2392 2393 /* pass 2: parse option values */ 2394 if (sp->ipcp.flags & IPCP_HISADDR_SEEN) 2395 hisaddr = sp->ipcp.req_hisaddr; /* we already agreed on that */ 2396 else 2397 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */ 2398 if (debug) 2399 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2400 SPP_ARGS(ifp)); 2401 p = (void*) (h+1); 2402 len = origlen; 2403 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2404 if (debug) 2405 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2406 switch (*p) { 2407 #ifdef notyet 2408 case IPCP_OPT_COMPRESSION: 2409 continue; 2410 #endif 2411 case IPCP_OPT_ADDRESS: 2412 desiredaddr = p[2] << 24 | p[3] << 16 | 2413 p[4] << 8 | p[5]; 2414 if (desiredaddr == hisaddr || 2415 ((sp->ipcp.flags & IPCP_HISADDR_DYN) && 2416 desiredaddr != 0)) { 2417 /* 2418 * Peer's address is same as our value, 2419 * or we have set it to 0.0.0.1 to 2420 * indicate that we do not really care, 2421 * this is agreeable. Gonna conf-ack 2422 * it. 2423 */ 2424 if (debug) 2425 addlog("%s [ack] ", 2426 sppp_dotted_quad(desiredaddr)); 2427 /* record that we've seen it already */ 2428 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2429 sp->ipcp.req_hisaddr = desiredaddr; 2430 hisaddr = desiredaddr; 2431 continue; 2432 } 2433 /* 2434 * The address wasn't agreeable. This is either 2435 * he sent us 0.0.0.0, asking to assign him an 2436 * address, or he send us another address not 2437 * matching our value. Either case, we gonna 2438 * conf-nak it with our value. 2439 */ 2440 if (debug) { 2441 if (desiredaddr == 0) 2442 addlog("[addr requested] "); 2443 else 2444 addlog("%s [not agreed] ", 2445 sppp_dotted_quad(desiredaddr)); 2446 } 2447 2448 p[2] = hisaddr >> 24; 2449 p[3] = hisaddr >> 16; 2450 p[4] = hisaddr >> 8; 2451 p[5] = hisaddr; 2452 break; 2453 } 2454 /* Add the option to nak'ed list. */ 2455 bcopy (p, r, p[1]); 2456 r += p[1]; 2457 rlen += p[1]; 2458 } 2459 2460 /* 2461 * If we are about to conf-ack the request, but haven't seen 2462 * his address so far, gonna conf-nak it instead, with the 2463 * `address' option present and our idea of his address being 2464 * filled in there, to request negotiation of both addresses. 2465 * 2466 * XXX This can result in an endless req - nak loop if peer 2467 * doesn't want to send us his address. Q: What should we do 2468 * about it? XXX A: implement the max-failure counter. 2469 */ 2470 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) { 2471 buf[0] = IPCP_OPT_ADDRESS; 2472 buf[1] = 6; 2473 buf[2] = hisaddr >> 24; 2474 buf[3] = hisaddr >> 16; 2475 buf[4] = hisaddr >> 8; 2476 buf[5] = hisaddr; 2477 rlen = 6; 2478 if (debug) 2479 addlog("still need hisaddr "); 2480 } 2481 2482 if (rlen) { 2483 if (debug) 2484 addlog(" send conf-nak\n"); 2485 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2486 } else { 2487 if (debug) 2488 addlog(" send conf-ack\n"); 2489 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 2490 h->ident, origlen, h+1); 2491 } 2492 2493 end: 2494 free(buf, M_TEMP, buflen); 2495 return (rlen == 0); 2496 } 2497 2498 /* 2499 * Analyze the IPCP Configure-Reject option list, and adjust our 2500 * negotiation. 2501 */ 2502 void 2503 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2504 { 2505 u_char *p; 2506 struct ifnet *ifp = &sp->pp_if; 2507 int debug = ifp->if_flags & IFF_DEBUG; 2508 2509 len -= 4; 2510 2511 if (debug) 2512 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 2513 SPP_ARGS(ifp)); 2514 2515 p = (void*) (h+1); 2516 for (; len > 1; len -= p[1], p += p[1]) { 2517 if (p[1] < 2 || p[1] > len) 2518 return; 2519 if (debug) 2520 addlog("%s ", sppp_ipcp_opt_name(*p)); 2521 switch (*p) { 2522 case IPCP_OPT_ADDRESS: 2523 /* 2524 * Peer doesn't grok address option. This is 2525 * bad. XXX Should we better give up here? 2526 */ 2527 sp->ipcp.opts &= ~(1 << SPPP_IPCP_OPT_ADDRESS); 2528 break; 2529 #ifdef notyet 2530 case IPCP_OPT_COMPRESS: 2531 sp->ipcp.opts &= ~(1 << SPPP_IPCP_OPT_COMPRESS); 2532 break; 2533 #endif 2534 case IPCP_OPT_PRIMDNS: 2535 sp->ipcp.opts &= ~(1 << SPPP_IPCP_OPT_PRIMDNS); 2536 break; 2537 case IPCP_OPT_SECDNS: 2538 sp->ipcp.opts &= ~(1 << SPPP_IPCP_OPT_SECDNS); 2539 break; 2540 } 2541 } 2542 if (debug) 2543 addlog("\n"); 2544 } 2545 2546 /* 2547 * Analyze the IPCP Configure-NAK option list, and adjust our 2548 * negotiation. 2549 */ 2550 void 2551 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2552 { 2553 u_char *p; 2554 struct ifnet *ifp = &sp->pp_if; 2555 int debug = ifp->if_flags & IFF_DEBUG; 2556 u_int32_t wantaddr; 2557 2558 len -= 4; 2559 2560 if (debug) 2561 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 2562 SPP_ARGS(ifp)); 2563 2564 p = (void*) (h+1); 2565 for (; len > 1; len -= p[1], p += p[1]) { 2566 if (p[1] < 2 || p[1] > len) 2567 return; 2568 if (debug) 2569 addlog("%s ", sppp_ipcp_opt_name(*p)); 2570 switch (*p) { 2571 case IPCP_OPT_ADDRESS: 2572 /* 2573 * Peer doesn't like our local IP address. See 2574 * if we can do something for him. We'll drop 2575 * him our address then. 2576 */ 2577 if (len >= 6 && p[1] == 6) { 2578 wantaddr = p[2] << 24 | p[3] << 16 | 2579 p[4] << 8 | p[5]; 2580 sp->ipcp.opts |= (1 << SPPP_IPCP_OPT_ADDRESS); 2581 if (debug) 2582 addlog("[wantaddr %s] ", 2583 sppp_dotted_quad(wantaddr)); 2584 /* 2585 * When doing dynamic address assignment, 2586 * we accept his offer. Otherwise, we 2587 * ignore it and thus continue to negotiate 2588 * our already existing value. 2589 */ 2590 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 2591 if (debug) 2592 addlog("[agree] "); 2593 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2594 sp->ipcp.req_myaddr = wantaddr; 2595 } 2596 } 2597 break; 2598 #ifdef notyet 2599 case IPCP_OPT_COMPRESS: 2600 /* 2601 * Peer wants different compression parameters. 2602 */ 2603 break; 2604 #endif 2605 case IPCP_OPT_PRIMDNS: 2606 if (len >= 6 && p[1] == 6) 2607 memcpy(&sp->ipcp.dns[0].s_addr, p + 2, 2608 sizeof(sp->ipcp.dns[0])); 2609 break; 2610 case IPCP_OPT_SECDNS: 2611 if (len >= 6 && p[1] == 6) 2612 memcpy(&sp->ipcp.dns[1].s_addr, p + 2, 2613 sizeof(sp->ipcp.dns[1])); 2614 break; 2615 } 2616 } 2617 if (debug) 2618 addlog("\n"); 2619 } 2620 2621 void 2622 sppp_ipcp_tlu(struct sppp *sp) 2623 { 2624 if (sp->ipcp.req_myaddr != 0 || sp->ipcp.req_hisaddr != 0) 2625 task_add(systq, &sp->ipcp.set_addr_task); 2626 } 2627 2628 void 2629 sppp_ipcp_tld(struct sppp *sp) 2630 { 2631 } 2632 2633 void 2634 sppp_ipcp_tls(struct sppp *sp) 2635 { 2636 STDDCL; 2637 u_int32_t myaddr, hisaddr; 2638 2639 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN| 2640 IPCP_MYADDR_DYN|IPCP_HISADDR_DYN); 2641 sp->ipcp.req_myaddr = 0; 2642 sp->ipcp.req_hisaddr = 0; 2643 memset(&sp->ipcp.dns, 0, sizeof(sp->ipcp.dns)); 2644 2645 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2646 /* 2647 * If we don't have his address, this probably means our 2648 * interface doesn't want to talk IP at all. (This could 2649 * be the case if somebody wants to speak only IPX, for 2650 * example.) Don't open IPCP in this case. 2651 */ 2652 if (hisaddr == 0) { 2653 /* XXX this message should go away */ 2654 if (debug) 2655 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2656 SPP_ARGS(ifp)); 2657 return; 2658 } 2659 2660 if (myaddr == 0) { 2661 /* 2662 * I don't have an assigned address, so i need to 2663 * negotiate my address. 2664 */ 2665 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2666 sp->ipcp.opts |= (1 << SPPP_IPCP_OPT_ADDRESS); 2667 } 2668 if (hisaddr >= 1 && hisaddr <= 255) { 2669 /* 2670 * XXX - remove this hack! 2671 * remote has no valid address, we need to get one assigned. 2672 */ 2673 sp->ipcp.flags |= IPCP_HISADDR_DYN; 2674 } 2675 2676 /* negotiate name server addresses */ 2677 sp->ipcp.opts |= (1 << SPPP_IPCP_OPT_PRIMDNS); 2678 sp->ipcp.opts |= (1 << SPPP_IPCP_OPT_SECDNS); 2679 2680 /* indicate to LCP that it must stay alive */ 2681 sp->lcp.protos |= (1 << IDX_IPCP); 2682 } 2683 2684 void 2685 sppp_ipcp_tlf(struct sppp *sp) 2686 { 2687 if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN)) 2688 /* Some address was dynamic, clear it again. */ 2689 task_add(systq, &sp->ipcp.clear_addr_task); 2690 2691 /* we no longer need LCP */ 2692 sp->lcp.protos &= ~(1 << IDX_IPCP); 2693 sppp_lcp_check_and_close(sp); 2694 } 2695 2696 void 2697 sppp_ipcp_scr(struct sppp *sp) 2698 { 2699 char opt[6 /* compression */ + 6 /* address */ + 12 /* dns addrs */]; 2700 u_int32_t ouraddr; 2701 int i = 0; 2702 2703 #ifdef notyet 2704 if (sp->ipcp.opts & (1 << SPPP_IPCP_OPT_COMPRESSION)) { 2705 opt[i++] = IPCP_OPT_COMPRESSION; 2706 opt[i++] = 6; 2707 opt[i++] = 0; /* VJ header compression */ 2708 opt[i++] = 0x2d; /* VJ header compression */ 2709 opt[i++] = max_slot_id; 2710 opt[i++] = comp_slot_id; 2711 } 2712 #endif 2713 2714 if (sp->ipcp.opts & (1 << SPPP_IPCP_OPT_ADDRESS)) { 2715 if (sp->ipcp.flags & IPCP_MYADDR_SEEN) 2716 /* not sure if this can ever happen */ 2717 ouraddr = sp->ipcp.req_myaddr; 2718 else 2719 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 2720 opt[i++] = IPCP_OPT_ADDRESS; 2721 opt[i++] = 6; 2722 opt[i++] = ouraddr >> 24; 2723 opt[i++] = ouraddr >> 16; 2724 opt[i++] = ouraddr >> 8; 2725 opt[i++] = ouraddr; 2726 } 2727 2728 if (sp->ipcp.opts & (1 << SPPP_IPCP_OPT_PRIMDNS)) { 2729 opt[i++] = IPCP_OPT_PRIMDNS; 2730 opt[i++] = 6; 2731 memcpy(&opt[i], &sp->ipcp.dns[0].s_addr, 2732 sizeof(sp->ipcp.dns[0])); 2733 i += sizeof(sp->ipcp.dns[0]); 2734 } 2735 2736 if (sp->ipcp.opts & (1 << SPPP_IPCP_OPT_SECDNS)) { 2737 opt[i++] = IPCP_OPT_SECDNS; 2738 opt[i++] = 6; 2739 memcpy(&opt[i], &sp->ipcp.dns[1].s_addr, 2740 sizeof(sp->ipcp.dns[1])); 2741 i += sizeof(sp->ipcp.dns[1]); 2742 } 2743 2744 sp->confid[IDX_IPCP] = ++sp->pp_seq; 2745 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, opt); 2746 } 2747 2748 /* 2749 *--------------------------------------------------------------------------* 2750 * * 2751 * The IPv6CP implementation. * 2752 * * 2753 *--------------------------------------------------------------------------* 2754 */ 2755 2756 #ifdef INET6 2757 void 2758 sppp_ipv6cp_init(struct sppp *sp) 2759 { 2760 sp->ipv6cp.opts = 0; 2761 sp->ipv6cp.flags = 0; 2762 sp->state[IDX_IPV6CP] = STATE_INITIAL; 2763 sp->fail_counter[IDX_IPV6CP] = 0; 2764 task_set(&sp->ipv6cp.set_addr_task, sppp_update_ip6_addr, sp); 2765 } 2766 2767 void 2768 sppp_ipv6cp_destroy(struct sppp *sp) 2769 { 2770 task_del(systq, &sp->ipv6cp.set_addr_task); 2771 } 2772 2773 void 2774 sppp_ipv6cp_up(struct sppp *sp) 2775 { 2776 sppp_up_event(&ipv6cp, sp); 2777 } 2778 2779 void 2780 sppp_ipv6cp_down(struct sppp *sp) 2781 { 2782 sppp_down_event(&ipv6cp, sp); 2783 } 2784 2785 void 2786 sppp_ipv6cp_open(struct sppp *sp) 2787 { 2788 STDDCL; 2789 struct in6_addr myaddr, hisaddr; 2790 2791 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 2792 2793 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, NULL); 2794 /* 2795 * If we don't have our address, this probably means our 2796 * interface doesn't want to talk IPv6 at all. (This could 2797 * be the case if the IFXF_NOINET6 flag is set, for 2798 * example.) Don't open IPv6CP in this case. 2799 */ 2800 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 2801 /* XXX this message should go away */ 2802 if (debug) 2803 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 2804 SPP_ARGS(ifp)); 2805 return; 2806 } 2807 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 2808 sppp_open_event(&ipv6cp, sp); 2809 } 2810 2811 void 2812 sppp_ipv6cp_close(struct sppp *sp) 2813 { 2814 sppp_close_event(&ipv6cp, sp); 2815 } 2816 2817 void 2818 sppp_ipv6cp_TO(void *cookie) 2819 { 2820 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 2821 } 2822 2823 int 2824 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2825 { 2826 u_char *buf, *r, *p; 2827 struct ifnet *ifp = &sp->pp_if; 2828 int rlen, origlen, buflen, debug = ifp->if_flags & IFF_DEBUG; 2829 struct in6_addr myaddr, desiredaddr, suggestaddr; 2830 int ifidcount; 2831 int type; 2832 int collision, nohisaddr; 2833 char addr[INET6_ADDRSTRLEN]; 2834 2835 len -= 4; 2836 origlen = len; 2837 /* 2838 * Make sure to allocate a buf that can at least hold a 2839 * conf-nak with an `address' option. We might need it below. 2840 */ 2841 buflen = len < 6? 6: len; 2842 buf = r = malloc (buflen, M_TEMP, M_NOWAIT); 2843 if (! buf) 2844 return (0); 2845 2846 /* pass 1: see if we can recognize them */ 2847 if (debug) 2848 log(LOG_DEBUG, "%s: ipv6cp parse opts:", 2849 SPP_ARGS(ifp)); 2850 p = (void *)(h + 1); 2851 ifidcount = 0; 2852 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2853 /* Sanity check option length */ 2854 if (p[1] < 2 || p[1] > len) { 2855 free(buf, M_TEMP, buflen); 2856 return (-1); 2857 } 2858 if (debug) 2859 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 2860 switch (*p) { 2861 case IPV6CP_OPT_IFID: 2862 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 2863 /* correctly formed address option */ 2864 ifidcount++; 2865 continue; 2866 } 2867 if (debug) 2868 addlog(" [invalid]"); 2869 break; 2870 #ifdef notyet 2871 case IPV6CP_OPT_COMPRESSION: 2872 if (len >= 4 && p[1] >= 4) { 2873 /* correctly formed compress option */ 2874 continue; 2875 } 2876 if (debug) 2877 addlog(" [invalid]"); 2878 break; 2879 #endif 2880 default: 2881 /* Others not supported. */ 2882 if (debug) 2883 addlog(" [rej]"); 2884 break; 2885 } 2886 /* Add the option to rejected list. */ 2887 bcopy (p, r, p[1]); 2888 r += p[1]; 2889 rlen += p[1]; 2890 } 2891 if (rlen) { 2892 if (debug) 2893 addlog(" send conf-rej\n"); 2894 sppp_cp_send(sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 2895 goto end; 2896 } else if (debug) 2897 addlog("\n"); 2898 2899 /* pass 2: parse option values */ 2900 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) 2901 myaddr = sp->ipv6cp.req_ifid.ifra_addr.sin6_addr; 2902 else 2903 sppp_get_ip6_addrs(sp, &myaddr, NULL, NULL); 2904 if (debug) 2905 log(LOG_DEBUG, "%s: ipv6cp parse opt values: ", 2906 SPP_ARGS(ifp)); 2907 p = (void *)(h + 1); 2908 len = origlen; 2909 type = CONF_ACK; 2910 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2911 if (debug) 2912 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 2913 switch (*p) { 2914 #ifdef notyet 2915 case IPV6CP_OPT_COMPRESSION: 2916 continue; 2917 #endif 2918 case IPV6CP_OPT_IFID: 2919 memset(&desiredaddr, 0, sizeof(desiredaddr)); 2920 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 2921 collision = (memcmp(&desiredaddr.s6_addr[8], 2922 &myaddr.s6_addr[8], 8) == 0); 2923 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 2924 2925 desiredaddr.s6_addr16[0] = htons(0xfe80); 2926 2927 if (!collision && !nohisaddr) { 2928 /* no collision, hisaddr known - Conf-Ack */ 2929 type = CONF_ACK; 2930 2931 if (debug) { 2932 addlog(" %s [%s]", 2933 inet_ntop(AF_INET6, &desiredaddr, 2934 addr, sizeof(addr)), 2935 sppp_cp_type_name(type)); 2936 } 2937 sppp_set_ip6_addr(sp, &myaddr, &desiredaddr); 2938 continue; 2939 } 2940 2941 memset(&suggestaddr, 0, sizeof(suggestaddr)); 2942 if (collision && nohisaddr) { 2943 /* collision, hisaddr unknown - Conf-Rej */ 2944 type = CONF_REJ; 2945 memset(&p[2], 0, 8); 2946 } else { 2947 /* 2948 * - no collision, hisaddr unknown, or 2949 * - collision, hisaddr known 2950 * Conf-Nak, suggest hisaddr 2951 */ 2952 type = CONF_NAK; 2953 sppp_suggest_ip6_addr(sp, &suggestaddr); 2954 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 2955 } 2956 if (debug) 2957 addlog(" %s [%s]", 2958 inet_ntop(AF_INET6, &desiredaddr, addr, 2959 sizeof(addr)), 2960 sppp_cp_type_name(type)); 2961 break; 2962 } 2963 /* Add the option to nak'ed list. */ 2964 bcopy (p, r, p[1]); 2965 r += p[1]; 2966 rlen += p[1]; 2967 } 2968 2969 if (rlen == 0 && type == CONF_ACK) { 2970 if (debug) 2971 addlog(" send %s\n", sppp_cp_type_name(type)); 2972 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, origlen, h + 1); 2973 } else { 2974 #ifdef notdef 2975 if (type == CONF_ACK) 2976 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 2977 #endif 2978 2979 if (debug) { 2980 addlog(" send %s suggest %s\n", 2981 sppp_cp_type_name(type), 2982 inet_ntop(AF_INET6, &suggestaddr, addr, 2983 sizeof(addr))); 2984 } 2985 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, rlen, buf); 2986 } 2987 2988 end: 2989 free(buf, M_TEMP, buflen); 2990 return (rlen == 0); 2991 } 2992 2993 void 2994 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2995 { 2996 u_char *p; 2997 struct ifnet *ifp = &sp->pp_if; 2998 int debug = ifp->if_flags & IFF_DEBUG; 2999 3000 len -= 4; 3001 3002 if (debug) 3003 log(LOG_DEBUG, "%s: ipv6cp rej opts:", 3004 SPP_ARGS(ifp)); 3005 3006 p = (void *)(h + 1); 3007 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3008 if (p[1] < 2 || p[1] > len) 3009 return; 3010 if (debug) 3011 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3012 switch (*p) { 3013 case IPV6CP_OPT_IFID: 3014 /* 3015 * Peer doesn't grok address option. This is 3016 * bad. XXX Should we better give up here? 3017 */ 3018 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3019 break; 3020 #ifdef notyet 3021 case IPV6CP_OPT_COMPRESS: 3022 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3023 break; 3024 #endif 3025 } 3026 } 3027 if (debug) 3028 addlog("\n"); 3029 return; 3030 } 3031 3032 void 3033 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3034 { 3035 u_char *p; 3036 struct ifnet *ifp = &sp->pp_if; 3037 int debug = ifp->if_flags & IFF_DEBUG; 3038 struct in6_addr suggestaddr; 3039 char addr[INET6_ADDRSTRLEN]; 3040 3041 len -= 4; 3042 3043 if (debug) 3044 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts: ", 3045 SPP_ARGS(ifp)); 3046 3047 p = (void*) (h+1); 3048 for (; len > 1; len -= p[1], p += p[1]) { 3049 if (p[1] < 2 || p[1] > len) 3050 return; 3051 if (debug) 3052 addlog("%s ", sppp_ipv6cp_opt_name(*p)); 3053 switch (*p) { 3054 case IPV6CP_OPT_IFID: 3055 /* 3056 * Peer doesn't like our local ifid. See 3057 * if we can do something for him. We'll drop 3058 * him our address then. 3059 */ 3060 if (len < 10 || p[1] != 10) 3061 break; 3062 sp->ipv6cp.flags |= IPV6CP_MYIFID_DYN; 3063 memset(&suggestaddr, 0, sizeof(suggestaddr)); 3064 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3065 if (IN6_IS_ADDR_UNSPECIFIED(&suggestaddr) || 3066 (sp->ipv6cp.flags & IPV6CP_MYIFID_SEEN)) { 3067 /* 3068 * The peer didn't suggest anything, 3069 * or wants us to change a previously 3070 * suggested address. 3071 * Configure a new address for us. 3072 */ 3073 sppp_suggest_ip6_addr(sp, &suggestaddr); 3074 sppp_set_ip6_addr(sp, &suggestaddr, NULL); 3075 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3076 } else { 3077 /* Configure address suggested by peer. */ 3078 suggestaddr.s6_addr16[0] = htons(0xfe80); 3079 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3080 if (debug) 3081 addlog(" [suggestaddr %s]", 3082 inet_ntop(AF_INET6, &suggestaddr, 3083 addr, sizeof(addr))); 3084 sppp_set_ip6_addr(sp, &suggestaddr, NULL); 3085 if (debug) 3086 addlog(" [agree]"); 3087 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3088 } 3089 break; 3090 #ifdef notyet 3091 case IPV6CP_OPT_COMPRESS: 3092 /* 3093 * Peer wants different compression parameters. 3094 */ 3095 break; 3096 #endif 3097 } 3098 } 3099 if (debug) 3100 addlog("\n"); 3101 } 3102 3103 void 3104 sppp_ipv6cp_tlu(struct sppp *sp) 3105 { 3106 } 3107 3108 void 3109 sppp_ipv6cp_tld(struct sppp *sp) 3110 { 3111 } 3112 3113 void 3114 sppp_ipv6cp_tls(struct sppp *sp) 3115 { 3116 /* indicate to LCP that it must stay alive */ 3117 sp->lcp.protos |= (1 << IDX_IPV6CP); 3118 } 3119 3120 void 3121 sppp_ipv6cp_tlf(struct sppp *sp) 3122 { 3123 /* we no longer need LCP */ 3124 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3125 sppp_lcp_check_and_close(sp); 3126 } 3127 3128 void 3129 sppp_ipv6cp_scr(struct sppp *sp) 3130 { 3131 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3132 struct in6_addr ouraddr; 3133 int i = 0; 3134 3135 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3136 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) 3137 ouraddr = sp->ipv6cp.req_ifid.ifra_addr.sin6_addr; 3138 else 3139 sppp_get_ip6_addrs(sp, &ouraddr, NULL, NULL); 3140 opt[i++] = IPV6CP_OPT_IFID; 3141 opt[i++] = 10; 3142 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3143 i += 8; 3144 } 3145 3146 #ifdef notyet 3147 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3148 opt[i++] = IPV6CP_OPT_COMPRESSION; 3149 opt[i++] = 4; 3150 opt[i++] = 0; /* TBD */ 3151 opt[i++] = 0; /* TBD */ 3152 /* variable length data may follow */ 3153 } 3154 #endif 3155 3156 sp->confid[IDX_IPV6CP] = ++sp->pp_seq; 3157 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, opt); 3158 } 3159 #else /*INET6*/ 3160 void 3161 sppp_ipv6cp_init(struct sppp *sp) 3162 { 3163 } 3164 3165 void 3166 sppp_ipv6cp_destroy(struct sppp *sp) 3167 { 3168 } 3169 3170 void 3171 sppp_ipv6cp_up(struct sppp *sp) 3172 { 3173 } 3174 3175 void 3176 sppp_ipv6cp_down(struct sppp *sp) 3177 { 3178 } 3179 3180 void 3181 sppp_ipv6cp_open(struct sppp *sp) 3182 { 3183 } 3184 3185 void 3186 sppp_ipv6cp_close(struct sppp *sp) 3187 { 3188 } 3189 3190 void 3191 sppp_ipv6cp_TO(void *sp) 3192 { 3193 } 3194 3195 int 3196 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, 3197 int len) 3198 { 3199 return 0; 3200 } 3201 3202 void 3203 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, 3204 int len) 3205 { 3206 } 3207 3208 void 3209 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, 3210 int len) 3211 { 3212 } 3213 3214 void 3215 sppp_ipv6cp_tlu(struct sppp *sp) 3216 { 3217 } 3218 3219 void 3220 sppp_ipv6cp_tld(struct sppp *sp) 3221 { 3222 } 3223 3224 void 3225 sppp_ipv6cp_tls(struct sppp *sp) 3226 { 3227 } 3228 3229 void 3230 sppp_ipv6cp_tlf(struct sppp *sp) 3231 { 3232 } 3233 3234 void 3235 sppp_ipv6cp_scr(struct sppp *sp) 3236 { 3237 } 3238 #endif /*INET6*/ 3239 3240 /* 3241 *--------------------------------------------------------------------------* 3242 * * 3243 * The CHAP implementation. * 3244 * * 3245 *--------------------------------------------------------------------------* 3246 */ 3247 3248 /* 3249 * The authentication protocols don't employ a full-fledged state machine as 3250 * the control protocols do, since they do have Open and Close events, but 3251 * not Up and Down, nor are they explicitly terminated. Also, use of the 3252 * authentication protocols may be different in both directions (this makes 3253 * sense, think of a machine that never accepts incoming calls but only 3254 * calls out, it doesn't require the called party to authenticate itself). 3255 * 3256 * Our state machine for the local authentication protocol (we are requesting 3257 * the peer to authenticate) looks like: 3258 * 3259 * RCA- 3260 * +--------------------------------------------+ 3261 * V scn,tld| 3262 * +--------+ Close +---------+ RCA+ 3263 * | |<----------------------------------| |------+ 3264 * +--->| Closed | TO* | Opened | sca | 3265 * | | |-----+ +-------| |<-----+ 3266 * | +--------+ irc | | +---------+ 3267 * | ^ | | ^ 3268 * | | | | | 3269 * | | | | | 3270 * | TO-| | | | 3271 * | |tld TO+ V | | 3272 * | | +------->+ | | 3273 * | | | | | | 3274 * | +--------+ V | | 3275 * | | |<----+<--------------------+ | 3276 * | | Req- | scr | 3277 * | | Sent | | 3278 * | | | | 3279 * | +--------+ | 3280 * | RCA- | | RCA+ | 3281 * +------+ +------------------------------------------+ 3282 * scn,tld sca,irc,ict,tlu 3283 * 3284 * 3285 * with: 3286 * 3287 * Open: LCP reached authentication phase 3288 * Close: LCP reached terminate phase 3289 * 3290 * RCA+: received reply (pap-req, chap-response), acceptable 3291 * RCN: received reply (pap-req, chap-response), not acceptable 3292 * TO+: timeout with restart counter >= 0 3293 * TO-: timeout with restart counter < 0 3294 * TO*: reschedule timeout for CHAP 3295 * 3296 * scr: send request packet (none for PAP, chap-challenge) 3297 * sca: send ack packet (pap-ack, chap-success) 3298 * scn: send nak packet (pap-nak, chap-failure) 3299 * ict: initialize re-challenge timer (CHAP only) 3300 * 3301 * tlu: this-layer-up, LCP reaches network phase 3302 * tld: this-layer-down, LCP enters terminate phase 3303 * 3304 * Note that in CHAP mode, after sending a new challenge, while the state 3305 * automaton falls back into Req-Sent state, it doesn't signal a tld 3306 * event to LCP, so LCP remains in network phase. Only after not getting 3307 * any response (or after getting an unacceptable response), CHAP closes, 3308 * causing LCP to enter terminate phase. 3309 * 3310 * With PAP, there is no initial request that can be sent. The peer is 3311 * expected to send one based on the successful negotiation of PAP as 3312 * the authentication protocol during the LCP option negotiation. 3313 * 3314 * Incoming authentication protocol requests (remote requests 3315 * authentication, we are peer) don't employ a state machine at all, 3316 * they are simply answered. Some peers [Ascend P50 firmware rev 3317 * 4.50] react allergically when sending IPCP requests while they are 3318 * still in authentication phase (thereby violating the standard that 3319 * demands that these NCP packets are to be discarded), so we keep 3320 * track of the peer demanding us to authenticate, and only proceed to 3321 * phase network once we've seen a positive acknowledge for the 3322 * authentication. 3323 */ 3324 3325 /* 3326 * Handle incoming CHAP packets. 3327 */ 3328 void 3329 sppp_chap_input(struct sppp *sp, struct mbuf *m) 3330 { 3331 STDDCL; 3332 struct lcp_header *h; 3333 int len, x; 3334 u_char *value, *name, digest[AUTHCHALEN], dsize; 3335 int value_len, name_len; 3336 MD5_CTX ctx; 3337 3338 len = m->m_pkthdr.len; 3339 if (len < 4) { 3340 if (debug) 3341 log(LOG_DEBUG, 3342 SPP_FMT "chap invalid packet length: %d bytes\n", 3343 SPP_ARGS(ifp), len); 3344 return; 3345 } 3346 h = mtod (m, struct lcp_header*); 3347 if (len > ntohs (h->len)) 3348 len = ntohs (h->len); 3349 3350 switch (h->type) { 3351 /* challenge, failure and success are his authproto */ 3352 case CHAP_CHALLENGE: 3353 value = 1 + (u_char*)(h+1); 3354 value_len = value[-1]; 3355 name = value + value_len; 3356 name_len = len - value_len - 5; 3357 if (name_len < 0) { 3358 if (debug) { 3359 log(LOG_DEBUG, 3360 SPP_FMT "chap corrupted challenge " 3361 "<%s id=0x%x len=%d", 3362 SPP_ARGS(ifp), 3363 sppp_auth_type_name(PPP_CHAP, h->type), 3364 h->ident, ntohs(h->len)); 3365 if (len > 4) 3366 sppp_print_bytes((u_char*) (h+1), len-4); 3367 addlog(">\n"); 3368 } 3369 break; 3370 } 3371 3372 if (debug) { 3373 log(LOG_DEBUG, 3374 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3375 SPP_ARGS(ifp), 3376 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3377 ntohs(h->len)); 3378 sppp_print_string((char*) name, name_len); 3379 addlog(" value-size=%d value=", value_len); 3380 sppp_print_bytes(value, value_len); 3381 addlog(">\n"); 3382 } 3383 3384 /* Compute reply value. */ 3385 MD5Init(&ctx); 3386 MD5Update(&ctx, &h->ident, 1); 3387 MD5Update(&ctx, sp->myauth.secret, strlen(sp->myauth.secret)); 3388 MD5Update(&ctx, value, value_len); 3389 MD5Final(digest, &ctx); 3390 dsize = sizeof digest; 3391 3392 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3393 sizeof dsize, (const char *)&dsize, 3394 sizeof digest, digest, 3395 strlen(sp->myauth.name), 3396 sp->myauth.name, 3397 0); 3398 break; 3399 3400 case CHAP_SUCCESS: 3401 if (debug) { 3402 log(LOG_DEBUG, SPP_FMT "chap success", 3403 SPP_ARGS(ifp)); 3404 if (len > 4) { 3405 addlog(": "); 3406 sppp_print_string((char*)(h + 1), len - 4); 3407 } 3408 addlog("\n"); 3409 } 3410 x = splnet(); 3411 sp->pp_flags &= ~PP_NEEDAUTH; 3412 if (sp->myauth.proto == PPP_CHAP && 3413 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3414 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3415 /* 3416 * We are authenticator for CHAP but didn't 3417 * complete yet. Leave it to tlu to proceed 3418 * to network phase. 3419 */ 3420 splx(x); 3421 break; 3422 } 3423 splx(x); 3424 sppp_phase_network(sp); 3425 break; 3426 3427 case CHAP_FAILURE: 3428 if (debug) { 3429 log(LOG_INFO, SPP_FMT "chap failure", 3430 SPP_ARGS(ifp)); 3431 if (len > 4) { 3432 addlog(": "); 3433 sppp_print_string((char*)(h + 1), len - 4); 3434 } 3435 addlog("\n"); 3436 } else 3437 log(LOG_INFO, SPP_FMT "chap failure\n", 3438 SPP_ARGS(ifp)); 3439 /* await LCP shutdown by authenticator */ 3440 break; 3441 3442 /* response is my authproto */ 3443 case CHAP_RESPONSE: 3444 value = 1 + (u_char*)(h+1); 3445 value_len = value[-1]; 3446 name = value + value_len; 3447 name_len = len - value_len - 5; 3448 if (name_len < 0) { 3449 if (debug) { 3450 log(LOG_DEBUG, 3451 SPP_FMT "chap corrupted response " 3452 "<%s id=0x%x len=%d", 3453 SPP_ARGS(ifp), 3454 sppp_auth_type_name(PPP_CHAP, h->type), 3455 h->ident, ntohs(h->len)); 3456 if (len > 4) 3457 sppp_print_bytes((u_char*)(h+1), len-4); 3458 addlog(">\n"); 3459 } 3460 break; 3461 } 3462 if (h->ident != sp->confid[IDX_CHAP]) { 3463 if (debug) 3464 log(LOG_DEBUG, 3465 SPP_FMT "chap dropping response for old ID " 3466 "(got %d, expected %d)\n", 3467 SPP_ARGS(ifp), 3468 h->ident, sp->confid[IDX_CHAP]); 3469 break; 3470 } 3471 if (name_len != strlen(sp->hisauth.name) 3472 || bcmp(name, sp->hisauth.name, name_len) != 0) { 3473 log(LOG_INFO, SPP_FMT "chap response, his name ", 3474 SPP_ARGS(ifp)); 3475 sppp_print_string(name, name_len); 3476 addlog(" != expected "); 3477 sppp_print_string(sp->hisauth.name, 3478 strlen(sp->hisauth.name)); 3479 addlog("\n"); 3480 } 3481 if (debug) { 3482 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 3483 "<%s id=0x%x len=%d name=", 3484 SPP_ARGS(ifp), 3485 sppp_state_name(sp->state[IDX_CHAP]), 3486 sppp_auth_type_name(PPP_CHAP, h->type), 3487 h->ident, ntohs (h->len)); 3488 sppp_print_string((char*)name, name_len); 3489 addlog(" value-size=%d value=", value_len); 3490 sppp_print_bytes(value, value_len); 3491 addlog(">\n"); 3492 } 3493 if (value_len != AUTHCHALEN) { 3494 if (debug) 3495 log(LOG_DEBUG, 3496 SPP_FMT "chap bad hash value length: " 3497 "%d bytes, should be %d\n", 3498 SPP_ARGS(ifp), value_len, 3499 AUTHCHALEN); 3500 break; 3501 } 3502 3503 MD5Init(&ctx); 3504 MD5Update(&ctx, &h->ident, 1); 3505 MD5Update(&ctx, sp->hisauth.secret, strlen(sp->hisauth.secret)); 3506 MD5Update(&ctx, sp->chap_challenge, AUTHCHALEN); 3507 MD5Final(digest, &ctx); 3508 3509 #define FAILMSG "Failed..." 3510 #define SUCCMSG "Welcome!" 3511 3512 if (value_len != sizeof digest || 3513 timingsafe_bcmp(digest, value, value_len) != 0) { 3514 /* action scn, tld */ 3515 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3516 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3517 0); 3518 chap.tld(sp); 3519 break; 3520 } 3521 /* action sca, perhaps tlu */ 3522 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 3523 sp->state[IDX_CHAP] == STATE_OPENED) 3524 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 3525 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3526 0); 3527 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 3528 sppp_cp_change_state(&chap, sp, STATE_OPENED); 3529 chap.tlu(sp); 3530 } 3531 break; 3532 3533 default: 3534 /* Unknown CHAP packet type -- ignore. */ 3535 if (debug) { 3536 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 3537 "<0x%x id=0x%xh len=%d", 3538 SPP_ARGS(ifp), 3539 sppp_state_name(sp->state[IDX_CHAP]), 3540 h->type, h->ident, ntohs(h->len)); 3541 if (len > 4) 3542 sppp_print_bytes((u_char*)(h+1), len-4); 3543 addlog(">\n"); 3544 } 3545 break; 3546 3547 } 3548 } 3549 3550 void 3551 sppp_chap_init(struct sppp *sp) 3552 { 3553 /* Chap doesn't have STATE_INITIAL at all. */ 3554 sp->state[IDX_CHAP] = STATE_CLOSED; 3555 sp->fail_counter[IDX_CHAP] = 0; 3556 } 3557 3558 void 3559 sppp_chap_open(struct sppp *sp) 3560 { 3561 if (sp->myauth.proto == PPP_CHAP && 3562 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3563 /* we are authenticator for CHAP, start it */ 3564 chap.scr(sp); 3565 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3566 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3567 } 3568 /* nothing to be done if we are peer, await a challenge */ 3569 } 3570 3571 void 3572 sppp_chap_close(struct sppp *sp) 3573 { 3574 if (sp->state[IDX_CHAP] != STATE_CLOSED) 3575 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3576 } 3577 3578 void 3579 sppp_chap_TO(void *cookie) 3580 { 3581 struct sppp *sp = (struct sppp *)cookie; 3582 STDDCL; 3583 int s; 3584 3585 s = splnet(); 3586 if (debug) 3587 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 3588 SPP_ARGS(ifp), 3589 sppp_state_name(sp->state[IDX_CHAP]), 3590 sp->rst_counter[IDX_CHAP]); 3591 3592 if (--sp->rst_counter[IDX_CHAP] < 0) 3593 /* TO- event */ 3594 switch (sp->state[IDX_CHAP]) { 3595 case STATE_REQ_SENT: 3596 chap.tld(sp); 3597 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3598 break; 3599 } 3600 else 3601 /* TO+ (or TO*) event */ 3602 switch (sp->state[IDX_CHAP]) { 3603 case STATE_OPENED: 3604 /* TO* event */ 3605 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3606 /* FALLTHROUGH */ 3607 case STATE_REQ_SENT: 3608 chap.scr(sp); 3609 /* sppp_cp_change_state() will restart the timer */ 3610 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3611 break; 3612 } 3613 3614 splx(s); 3615 } 3616 3617 void 3618 sppp_chap_tlu(struct sppp *sp) 3619 { 3620 STDDCL; 3621 int i = 0, x; 3622 3623 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3624 3625 /* 3626 * Some broken CHAP implementations (Conware CoNet, firmware 3627 * 4.0.?) don't want to re-authenticate their CHAP once the 3628 * initial challenge-response exchange has taken place. 3629 * Provide for an option to avoid rechallenges. 3630 */ 3631 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 3632 /* 3633 * Compute the re-challenge timeout. This will yield 3634 * a number between 300 and 810 seconds. 3635 */ 3636 i = 300 + arc4random_uniform(1 + 810 - 300); 3637 3638 timeout_add_sec(&sp->ch[IDX_CHAP], i); 3639 } 3640 3641 if (debug) { 3642 log(LOG_DEBUG, 3643 SPP_FMT "chap %s, ", 3644 SPP_ARGS(ifp), 3645 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 3646 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 3647 addlog("next re-challenge in %d seconds\n", i); 3648 else 3649 addlog("re-challenging suppressed\n"); 3650 } 3651 3652 x = splnet(); 3653 /* indicate to LCP that we need to be closed down */ 3654 sp->lcp.protos |= (1 << IDX_CHAP); 3655 3656 if (sp->pp_flags & PP_NEEDAUTH) { 3657 /* 3658 * Remote is authenticator, but his auth proto didn't 3659 * complete yet. Defer the transition to network 3660 * phase. 3661 */ 3662 splx(x); 3663 return; 3664 } 3665 splx(x); 3666 3667 /* 3668 * If we are already in phase network, we are done here. This 3669 * is the case if this is a dummy tlu event after a re-challenge. 3670 */ 3671 if (sp->pp_phase != PHASE_NETWORK) 3672 sppp_phase_network(sp); 3673 } 3674 3675 void 3676 sppp_chap_tld(struct sppp *sp) 3677 { 3678 STDDCL; 3679 3680 if (debug) 3681 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 3682 UNTIMEOUT(chap.TO, (void *)sp, sp->ch[IDX_CHAP]); 3683 sp->lcp.protos &= ~(1 << IDX_CHAP); 3684 3685 lcp.Close(sp); 3686 } 3687 3688 void 3689 sppp_chap_scr(struct sppp *sp) 3690 { 3691 u_char clen; 3692 3693 /* Compute random challenge. */ 3694 arc4random_buf(sp->chap_challenge, sizeof(sp->chap_challenge)); 3695 clen = AUTHCHALEN; 3696 3697 sp->confid[IDX_CHAP] = ++sp->pp_seq; 3698 3699 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 3700 sizeof clen, (const char *)&clen, 3701 (size_t)AUTHCHALEN, sp->chap_challenge, 3702 strlen(sp->myauth.name), 3703 sp->myauth.name, 3704 0); 3705 } 3706 /* 3707 *--------------------------------------------------------------------------* 3708 * * 3709 * The PAP implementation. * 3710 * * 3711 *--------------------------------------------------------------------------* 3712 */ 3713 /* 3714 * For PAP, we need to keep a little state also if we are the peer, not the 3715 * authenticator. This is since we don't get a request to authenticate, but 3716 * have to repeatedly authenticate ourself until we got a response (or the 3717 * retry counter is expired). 3718 */ 3719 3720 /* 3721 * Handle incoming PAP packets. */ 3722 void 3723 sppp_pap_input(struct sppp *sp, struct mbuf *m) 3724 { 3725 STDDCL; 3726 struct lcp_header *h; 3727 int len, x; 3728 u_char *name, *passwd, mlen; 3729 int name_len, passwd_len; 3730 3731 len = m->m_pkthdr.len; 3732 if (len < 5) { 3733 if (debug) 3734 log(LOG_DEBUG, 3735 SPP_FMT "pap invalid packet length: %d bytes\n", 3736 SPP_ARGS(ifp), len); 3737 return; 3738 } 3739 h = mtod (m, struct lcp_header*); 3740 if (len > ntohs (h->len)) 3741 len = ntohs (h->len); 3742 switch (h->type) { 3743 /* PAP request is my authproto */ 3744 case PAP_REQ: 3745 name = 1 + (u_char*)(h+1); 3746 name_len = name[-1]; 3747 passwd = name + name_len + 1; 3748 if (name_len > len - 6 || 3749 (passwd_len = passwd[-1]) > len - 6 - name_len) { 3750 if (debug) { 3751 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3752 "<%s id=0x%x len=%d", 3753 SPP_ARGS(ifp), 3754 sppp_auth_type_name(PPP_PAP, h->type), 3755 h->ident, ntohs(h->len)); 3756 if (len > 4) 3757 sppp_print_bytes((u_char*)(h+1), len-4); 3758 addlog(">\n"); 3759 } 3760 break; 3761 } 3762 if (debug) { 3763 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 3764 "<%s id=0x%x len=%d name=", 3765 SPP_ARGS(ifp), 3766 sppp_state_name(sp->state[IDX_PAP]), 3767 sppp_auth_type_name(PPP_PAP, h->type), 3768 h->ident, ntohs(h->len)); 3769 sppp_print_string((char*)name, name_len); 3770 addlog(" passwd="); 3771 sppp_print_string((char*)passwd, passwd_len); 3772 addlog(">\n"); 3773 } 3774 if (name_len > AUTHMAXLEN || 3775 passwd_len > AUTHMAXLEN || 3776 bcmp(name, sp->hisauth.name, name_len) != 0 || 3777 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 3778 /* action scn, tld */ 3779 mlen = sizeof(FAILMSG) - 1; 3780 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 3781 sizeof mlen, (const char *)&mlen, 3782 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3783 0); 3784 pap.tld(sp); 3785 break; 3786 } 3787 /* action sca, perhaps tlu */ 3788 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 3789 sp->state[IDX_PAP] == STATE_OPENED) { 3790 mlen = sizeof(SUCCMSG) - 1; 3791 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 3792 sizeof mlen, (const char *)&mlen, 3793 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3794 0); 3795 } 3796 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 3797 sppp_cp_change_state(&pap, sp, STATE_OPENED); 3798 pap.tlu(sp); 3799 } 3800 break; 3801 3802 /* ack and nak are his authproto */ 3803 case PAP_ACK: 3804 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3805 if (debug) { 3806 log(LOG_DEBUG, SPP_FMT "pap success", 3807 SPP_ARGS(ifp)); 3808 name_len = *((char *)h); 3809 if (len > 5 && name_len) { 3810 addlog(": "); 3811 sppp_print_string((char*)(h+1), name_len); 3812 } 3813 addlog("\n"); 3814 } 3815 x = splnet(); 3816 sp->pp_flags &= ~PP_NEEDAUTH; 3817 if (sp->myauth.proto == PPP_PAP && 3818 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3819 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 3820 /* 3821 * We are authenticator for PAP but didn't 3822 * complete yet. Leave it to tlu to proceed 3823 * to network phase. 3824 */ 3825 splx(x); 3826 break; 3827 } 3828 splx(x); 3829 sppp_phase_network(sp); 3830 break; 3831 3832 case PAP_NAK: 3833 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3834 if (debug) { 3835 log(LOG_INFO, SPP_FMT "pap failure", 3836 SPP_ARGS(ifp)); 3837 name_len = *((char *)h); 3838 if (len > 5 && name_len) { 3839 addlog(": "); 3840 sppp_print_string((char*)(h+1), name_len); 3841 } 3842 addlog("\n"); 3843 } else 3844 log(LOG_INFO, SPP_FMT "pap failure\n", 3845 SPP_ARGS(ifp)); 3846 /* await LCP shutdown by authenticator */ 3847 break; 3848 3849 default: 3850 /* Unknown PAP packet type -- ignore. */ 3851 if (debug) { 3852 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3853 "<0x%x id=0x%x len=%d", 3854 SPP_ARGS(ifp), 3855 h->type, h->ident, ntohs(h->len)); 3856 if (len > 4) 3857 sppp_print_bytes((u_char*)(h+1), len-4); 3858 addlog(">\n"); 3859 } 3860 break; 3861 3862 } 3863 } 3864 3865 void 3866 sppp_pap_init(struct sppp *sp) 3867 { 3868 /* PAP doesn't have STATE_INITIAL at all. */ 3869 sp->state[IDX_PAP] = STATE_CLOSED; 3870 sp->fail_counter[IDX_PAP] = 0; 3871 } 3872 3873 void 3874 sppp_pap_open(struct sppp *sp) 3875 { 3876 if (sp->hisauth.proto == PPP_PAP && 3877 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3878 /* we are authenticator for PAP, start our timer */ 3879 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3880 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3881 } 3882 if (sp->myauth.proto == PPP_PAP) { 3883 /* we are peer, send a request, and start a timer */ 3884 pap.scr(sp); 3885 timeout_add_sec(&sp->pap_my_to_ch, sp->lcp.timeout); 3886 } 3887 } 3888 3889 void 3890 sppp_pap_close(struct sppp *sp) 3891 { 3892 if (sp->state[IDX_PAP] != STATE_CLOSED) 3893 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3894 } 3895 3896 /* 3897 * That's the timeout routine if we are authenticator. Since the 3898 * authenticator is basically passive in PAP, we can't do much here. 3899 */ 3900 void 3901 sppp_pap_TO(void *cookie) 3902 { 3903 struct sppp *sp = (struct sppp *)cookie; 3904 STDDCL; 3905 int s; 3906 3907 s = splnet(); 3908 if (debug) 3909 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 3910 SPP_ARGS(ifp), 3911 sppp_state_name(sp->state[IDX_PAP]), 3912 sp->rst_counter[IDX_PAP]); 3913 3914 if (--sp->rst_counter[IDX_PAP] < 0) 3915 /* TO- event */ 3916 switch (sp->state[IDX_PAP]) { 3917 case STATE_REQ_SENT: 3918 pap.tld(sp); 3919 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3920 break; 3921 } 3922 else 3923 /* TO+ event, not very much we could do */ 3924 switch (sp->state[IDX_PAP]) { 3925 case STATE_REQ_SENT: 3926 /* sppp_cp_change_state() will restart the timer */ 3927 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3928 break; 3929 } 3930 3931 splx(s); 3932 } 3933 3934 /* 3935 * That's the timeout handler if we are peer. Since the peer is active, 3936 * we need to retransmit our PAP request since it is apparently lost. 3937 * XXX We should impose a max counter. 3938 */ 3939 void 3940 sppp_pap_my_TO(void *cookie) 3941 { 3942 struct sppp *sp = (struct sppp *)cookie; 3943 STDDCL; 3944 3945 if (debug) 3946 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 3947 SPP_ARGS(ifp)); 3948 3949 pap.scr(sp); 3950 } 3951 3952 void 3953 sppp_pap_tlu(struct sppp *sp) 3954 { 3955 STDDCL; 3956 int x; 3957 3958 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3959 3960 if (debug) 3961 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 3962 SPP_ARGS(ifp), pap.name); 3963 3964 x = splnet(); 3965 /* indicate to LCP that we need to be closed down */ 3966 sp->lcp.protos |= (1 << IDX_PAP); 3967 3968 if (sp->pp_flags & PP_NEEDAUTH) { 3969 /* 3970 * Remote is authenticator, but his auth proto didn't 3971 * complete yet. Defer the transition to network 3972 * phase. 3973 */ 3974 splx(x); 3975 return; 3976 } 3977 splx(x); 3978 sppp_phase_network(sp); 3979 } 3980 3981 void 3982 sppp_pap_tld(struct sppp *sp) 3983 { 3984 STDDCL; 3985 3986 if (debug) 3987 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 3988 UNTIMEOUT(pap.TO, (void *)sp, sp->ch[IDX_PAP]); 3989 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3990 sp->lcp.protos &= ~(1 << IDX_PAP); 3991 3992 lcp.Close(sp); 3993 } 3994 3995 void 3996 sppp_pap_scr(struct sppp *sp) 3997 { 3998 u_char idlen, pwdlen; 3999 4000 sp->confid[IDX_PAP] = ++sp->pp_seq; 4001 pwdlen = strlen(sp->myauth.secret); 4002 idlen = strlen(sp->myauth.name); 4003 4004 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4005 sizeof idlen, (const char *)&idlen, 4006 (size_t)idlen, sp->myauth.name, 4007 sizeof pwdlen, (const char *)&pwdlen, 4008 (size_t)pwdlen, sp->myauth.secret, 4009 0); 4010 } 4011 /* 4012 * Random miscellaneous functions. 4013 */ 4014 4015 /* 4016 * Send a PAP or CHAP proto packet. 4017 * 4018 * Variadic function, each of the elements for the ellipsis is of type 4019 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4020 * mlen == 0. 4021 */ 4022 4023 void 4024 sppp_auth_send(const struct cp *cp, struct sppp *sp, 4025 unsigned int type, u_int id, ...) 4026 { 4027 STDDCL; 4028 struct lcp_header *lh; 4029 struct mbuf *m; 4030 u_char *p; 4031 int len, s; 4032 unsigned int mlen; 4033 const char *msg; 4034 va_list ap; 4035 4036 MGETHDR (m, M_DONTWAIT, MT_DATA); 4037 if (! m) 4038 return; 4039 m->m_pkthdr.ph_ifidx = 0; 4040 m->m_pkthdr.pf.prio = sp->pp_if.if_llprio; 4041 4042 *mtod(m, u_int16_t *) = htons(cp->proto); 4043 lh = (struct lcp_header *)(mtod(m, u_int8_t *) + 2); 4044 4045 lh->type = type; 4046 lh->ident = id; 4047 p = (u_char*) (lh+1); 4048 4049 va_start(ap, id); 4050 len = 0; 4051 4052 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4053 msg = va_arg(ap, const char *); 4054 len += mlen; 4055 if (len > MHLEN - PKTHDRLEN - LCP_HEADER_LEN) { 4056 va_end(ap); 4057 m_freem(m); 4058 return; 4059 } 4060 4061 bcopy(msg, p, mlen); 4062 p += mlen; 4063 } 4064 va_end(ap); 4065 4066 m->m_pkthdr.len = m->m_len = PKTHDRLEN + LCP_HEADER_LEN + len; 4067 lh->len = htons (LCP_HEADER_LEN + len); 4068 4069 if (debug) { 4070 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4071 SPP_ARGS(ifp), cp->name, 4072 sppp_auth_type_name(cp->proto, lh->type), 4073 lh->ident, ntohs(lh->len)); 4074 if (len) 4075 sppp_print_bytes((u_char*) (lh+1), len); 4076 addlog(">\n"); 4077 } 4078 4079 len = m->m_pkthdr.len + sp->pp_framebytes; 4080 if (mq_enqueue(&sp->pp_cpq, m) != 0) { 4081 ifp->if_oerrors++; 4082 return; 4083 } 4084 4085 ifp->if_obytes += len; 4086 s = splnet(); 4087 if_start(ifp); 4088 splx(s); 4089 } 4090 4091 /* 4092 * Send keepalive packets, every 10 seconds. 4093 */ 4094 void 4095 sppp_keepalive(void *dummy) 4096 { 4097 struct sppp *sp; 4098 int s; 4099 struct timeval tv; 4100 4101 NET_LOCK(); 4102 s = splnet(); 4103 getmicrouptime(&tv); 4104 for (sp=spppq; sp; sp=sp->pp_next) { 4105 struct ifnet *ifp = &sp->pp_if; 4106 4107 /* Keepalive mode disabled or channel down? */ 4108 if (! (sp->pp_flags & PP_KEEPALIVE) || 4109 ! (ifp->if_flags & IFF_RUNNING)) 4110 continue; 4111 4112 /* No keepalive if LCP not opened yet. */ 4113 if (sp->pp_phase < PHASE_AUTHENTICATE) 4114 continue; 4115 4116 /* No echo reply, but maybe user data passed through? */ 4117 if ((tv.tv_sec - sp->pp_last_receive) < NORECV_TIME) { 4118 sp->pp_alivecnt = 0; 4119 continue; 4120 } 4121 4122 if (sp->pp_alivecnt >= MAXALIVECNT) { 4123 /* No keepalive packets got. Stop the interface. */ 4124 if_down (ifp); 4125 mq_purge(&sp->pp_cpq); 4126 log(LOG_INFO, SPP_FMT "LCP keepalive timeout\n", 4127 SPP_ARGS(ifp)); 4128 sp->pp_alivecnt = 0; 4129 4130 /* we are down, close all open protocols */ 4131 lcp.Close(sp); 4132 4133 /* And now prepare LCP to reestablish the link, 4134 * if configured to do so. */ 4135 sppp_cp_change_state(&lcp, sp, STATE_STOPPED); 4136 4137 /* Close connection immediately, completion of this 4138 * will summon the magic needed to reestablish it. */ 4139 if (sp->pp_tlf) 4140 sp->pp_tlf(sp); 4141 continue; 4142 } 4143 if (sp->pp_alivecnt < MAXALIVECNT) 4144 ++sp->pp_alivecnt; 4145 if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4146 u_int32_t nmagic = htonl(sp->lcp.magic); 4147 sp->lcp.echoid = ++sp->pp_seq; 4148 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4149 sp->lcp.echoid, 4, &nmagic); 4150 } 4151 } 4152 splx(s); 4153 NET_UNLOCK(); 4154 timeout_add_sec(&keepalive_ch, 10); 4155 } 4156 4157 /* 4158 * Get both IP addresses. 4159 */ 4160 void 4161 sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, 4162 u_int32_t *srcmask) 4163 { 4164 struct ifnet *ifp = &sp->pp_if; 4165 struct ifaddr *ifa; 4166 struct sockaddr_in *si, *sm = 0; 4167 u_int32_t ssrc, ddst; 4168 4169 sm = NULL; 4170 ssrc = ddst = 0; 4171 /* 4172 * Pick the first AF_INET address from the list, 4173 * aliases don't make any sense on a p2p link anyway. 4174 */ 4175 si = 0; 4176 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4177 { 4178 if (ifa->ifa_addr->sa_family == AF_INET) { 4179 si = (struct sockaddr_in *)ifa->ifa_addr; 4180 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4181 if (si) 4182 break; 4183 } 4184 } 4185 if (ifa) { 4186 if (si && si->sin_addr.s_addr) { 4187 ssrc = si->sin_addr.s_addr; 4188 if (srcmask) 4189 *srcmask = ntohl(sm->sin_addr.s_addr); 4190 } 4191 4192 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4193 if (si && si->sin_addr.s_addr) 4194 ddst = si->sin_addr.s_addr; 4195 } 4196 4197 if (dst) *dst = ntohl(ddst); 4198 if (src) *src = ntohl(ssrc); 4199 } 4200 4201 int 4202 sppp_update_gw_walker(struct rtentry *rt, void *arg, unsigned int id) 4203 { 4204 struct ifnet *ifp = arg; 4205 4206 if (rt->rt_ifidx == ifp->if_index) { 4207 if (rt->rt_ifa->ifa_dstaddr->sa_family != 4208 rt->rt_gateway->sa_family || 4209 !ISSET(rt->rt_flags, RTF_GATEWAY)) 4210 return (0); /* do not modify non-gateway routes */ 4211 rt_setgate(rt, rt->rt_ifa->ifa_dstaddr, ifp->if_rdomain); 4212 } 4213 return (0); 4214 } 4215 4216 void 4217 sppp_update_gw(struct ifnet *ifp) 4218 { 4219 u_int tid; 4220 4221 /* update routing table */ 4222 for (tid = 0; tid <= RT_TABLEID_MAX; tid++) { 4223 rtable_walk(tid, AF_INET, NULL, sppp_update_gw_walker, ifp); 4224 } 4225 } 4226 4227 /* 4228 * Task adding addresses from process context. 4229 * If an address is 0, leave it the way it is. 4230 */ 4231 void 4232 sppp_set_ip_addrs(void *arg1) 4233 { 4234 struct sppp *sp = arg1; 4235 u_int32_t myaddr; 4236 u_int32_t hisaddr; 4237 struct ifnet *ifp = &sp->pp_if; 4238 int debug = ifp->if_flags & IFF_DEBUG; 4239 struct ifaddr *ifa; 4240 struct sockaddr_in *si; 4241 struct sockaddr_in *dest; 4242 4243 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, NULL); 4244 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && 4245 (sp->ipcp.flags & IPCP_MYADDR_SEEN)) 4246 myaddr = sp->ipcp.req_myaddr; 4247 if ((sp->ipcp.flags & IPCP_HISADDR_DYN) && 4248 (sp->ipcp.flags & IPCP_HISADDR_SEEN)) 4249 hisaddr = sp->ipcp.req_hisaddr; 4250 4251 4252 NET_LOCK(); 4253 /* 4254 * Pick the first AF_INET address from the list, 4255 * aliases don't make any sense on a p2p link anyway. 4256 */ 4257 4258 si = 0; 4259 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4260 { 4261 if (ifa->ifa_addr->sa_family == AF_INET) 4262 { 4263 si = (struct sockaddr_in *)ifa->ifa_addr; 4264 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 4265 if (si) 4266 break; 4267 } 4268 } 4269 4270 if (ifa && si) { 4271 int error; 4272 struct sockaddr_in new_sin = *si; 4273 struct sockaddr_in new_dst = *dest; 4274 4275 in_ifscrub(ifp, ifatoia(ifa)); 4276 4277 if (myaddr != 0) 4278 new_sin.sin_addr.s_addr = htonl(myaddr); 4279 if (hisaddr != 0) { 4280 new_dst.sin_addr.s_addr = htonl(hisaddr); 4281 if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) { 4282 sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr; 4283 *dest = new_dst; /* fix dstaddr in place */ 4284 } 4285 } 4286 if (!(error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 0))) 4287 if_addrhooks_run(ifp); 4288 if (debug && error) { 4289 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addrs: in_ifinit " 4290 " failed, error=%d\n", SPP_ARGS(ifp), error); 4291 goto out; 4292 } 4293 sppp_update_gw(ifp); 4294 sppp_update_dns(ifp); 4295 } 4296 out: 4297 NET_UNLOCK(); 4298 } 4299 4300 /* 4301 * Task clearing addresses from process context. 4302 * Clear IP addresses. 4303 */ 4304 void 4305 sppp_clear_ip_addrs(void *arg1) 4306 { 4307 struct sppp *sp = (struct sppp *)arg1; 4308 struct ifnet *ifp = &sp->pp_if; 4309 int debug = ifp->if_flags & IFF_DEBUG; 4310 struct ifaddr *ifa; 4311 struct sockaddr_in *si; 4312 struct sockaddr_in *dest; 4313 u_int32_t remote; 4314 4315 NET_LOCK(); 4316 4317 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 4318 remote = sp->ipcp.saved_hisaddr; 4319 else 4320 sppp_get_ip_addrs(sp, 0, &remote, 0); 4321 4322 /* 4323 * Pick the first AF_INET address from the list, 4324 * aliases don't make any sense on a p2p link anyway. 4325 */ 4326 4327 si = 0; 4328 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 4329 if (ifa->ifa_addr->sa_family == AF_INET) { 4330 si = (struct sockaddr_in *)ifa->ifa_addr; 4331 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 4332 if (si) 4333 break; 4334 } 4335 } 4336 4337 if (ifa && si) { 4338 int error; 4339 struct sockaddr_in new_sin = *si; 4340 4341 in_ifscrub(ifp, ifatoia(ifa)); 4342 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 4343 new_sin.sin_addr.s_addr = 0; 4344 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 4345 /* replace peer addr in place */ 4346 dest->sin_addr.s_addr = sp->ipcp.saved_hisaddr; 4347 if (!(error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 0))) 4348 if_addrhooks_run(ifp); 4349 if (debug && error) { 4350 log(LOG_DEBUG, SPP_FMT "sppp_clear_ip_addrs: in_ifinit " 4351 " failed, error=%d\n", SPP_ARGS(ifp), error); 4352 goto out; 4353 } 4354 sppp_update_gw(ifp); 4355 4356 memset(sp->ipcp.dns, 0, sizeof(sp->ipcp.dns)); 4357 sppp_update_dns(ifp); 4358 } 4359 out: 4360 NET_UNLOCK(); 4361 } 4362 4363 4364 #ifdef INET6 4365 /* 4366 * Get both IPv6 addresses. 4367 */ 4368 void 4369 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4370 struct in6_addr *srcmask) 4371 { 4372 struct ifnet *ifp = &sp->pp_if; 4373 struct in6_ifaddr *ia6; 4374 struct in6_addr ssrc, ddst; 4375 4376 bzero(&ssrc, sizeof(ssrc)); 4377 bzero(&ddst, sizeof(ddst)); 4378 /* 4379 * Pick the first link-local AF_INET6 address from the list, 4380 * aliases don't make any sense on a p2p link anyway. 4381 */ 4382 ia6 = in6ifa_ifpforlinklocal(ifp, 0); 4383 if (ia6) { 4384 if (!IN6_IS_ADDR_UNSPECIFIED(&ia6->ia_addr.sin6_addr)) { 4385 bcopy(&ia6->ia_addr.sin6_addr, &ssrc, sizeof(ssrc)); 4386 if (srcmask) { 4387 bcopy(&ia6->ia_prefixmask.sin6_addr, srcmask, 4388 sizeof(*srcmask)); 4389 } 4390 } 4391 4392 if (!IN6_IS_ADDR_UNSPECIFIED(&ia6->ia_dstaddr.sin6_addr)) 4393 bcopy(&ia6->ia_dstaddr.sin6_addr, &ddst, sizeof(ddst)); 4394 } 4395 4396 if (dst) 4397 bcopy(&ddst, dst, sizeof(*dst)); 4398 if (src) 4399 bcopy(&ssrc, src, sizeof(*src)); 4400 } 4401 4402 /* Task to update my IPv6 address from process context. */ 4403 void 4404 sppp_update_ip6_addr(void *arg) 4405 { 4406 struct sppp *sp = arg; 4407 struct ifnet *ifp = &sp->pp_if; 4408 struct in6_aliasreq *ifra = &sp->ipv6cp.req_ifid; 4409 struct in6_ifaddr *ia6; 4410 int error; 4411 4412 NET_LOCK(); 4413 4414 ia6 = in6ifa_ifpforlinklocal(ifp, 0); 4415 if (ia6 == NULL) { 4416 /* IPv6 disabled? */ 4417 goto out; 4418 } 4419 4420 /* 4421 * Changing the link-local address requires purging all 4422 * existing addresses and routes for the interface first. 4423 */ 4424 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 4425 in6_ifdetach(ifp); 4426 error = in6_ifattach_linklocal(ifp, &ifra->ifra_addr.sin6_addr); 4427 if (error) 4428 log(LOG_ERR, SPP_FMT 4429 "could not update IPv6 address (error %d)\n", 4430 SPP_ARGS(ifp), error); 4431 goto out; 4432 } 4433 4434 /* 4435 * Code below changes address parameters only, not the address itself. 4436 */ 4437 4438 /* Destination address can only be set for /128. */ 4439 if (memcmp(&ia6->ia_prefixmask.sin6_addr, &in6mask128, 4440 sizeof(in6mask128)) != 0) { 4441 ifra->ifra_dstaddr.sin6_len = 0; 4442 ifra->ifra_dstaddr.sin6_family = AF_UNSPEC; 4443 } 4444 4445 ifra->ifra_lifetime = ia6->ia6_lifetime; 4446 4447 error = in6_update_ifa(ifp, ifra, ia6); 4448 if (error) { 4449 log(LOG_ERR, SPP_FMT 4450 "could not update IPv6 address (error %d)\n", 4451 SPP_ARGS(ifp), error); 4452 } 4453 out: 4454 NET_UNLOCK(); 4455 } 4456 4457 /* 4458 * Configure my link-local address. 4459 */ 4460 void 4461 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src, 4462 const struct in6_addr *dst) 4463 { 4464 struct ifnet *ifp = &sp->pp_if; 4465 struct in6_aliasreq *ifra = &sp->ipv6cp.req_ifid; 4466 4467 bzero(ifra, sizeof(*ifra)); 4468 bcopy(ifp->if_xname, ifra->ifra_name, sizeof(ifra->ifra_name)); 4469 4470 ifra->ifra_addr.sin6_len = sizeof(struct sockaddr_in6); 4471 ifra->ifra_addr.sin6_family = AF_INET6; 4472 ifra->ifra_addr.sin6_addr = *src; 4473 if (dst) { 4474 ifra->ifra_dstaddr.sin6_len = sizeof(struct sockaddr_in6); 4475 ifra->ifra_dstaddr.sin6_family = AF_INET6; 4476 ifra->ifra_dstaddr.sin6_addr = *dst; 4477 } else 4478 ifra->ifra_dstaddr.sin6_family = AF_UNSPEC; 4479 4480 /* 4481 * Don't change the existing prefixlen. 4482 * It is common to use a /64 for IPv6 over point-to-point links 4483 * to allow e.g. neighbour discovery and autoconf to work. 4484 * But it is legal to use other values. 4485 */ 4486 ifra->ifra_prefixmask.sin6_family = AF_UNSPEC; 4487 4488 task_add(systq, &sp->ipv6cp.set_addr_task); 4489 } 4490 4491 /* 4492 * Generate an address that differs from our existing address. 4493 */ 4494 void 4495 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 4496 { 4497 struct in6_addr myaddr; 4498 u_int32_t random; 4499 4500 sppp_get_ip6_addrs(sp, &myaddr, NULL, NULL); 4501 4502 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 4503 4504 random = arc4random(); 4505 if ((random & 0xff) == 0 && (random & 0xff00) == 0) { 4506 myaddr.s6_addr[14] ^= 0xff; 4507 myaddr.s6_addr[15] ^= 0xff; 4508 } else { 4509 myaddr.s6_addr[14] ^= (random & 0xff); 4510 myaddr.s6_addr[15] ^= ((random & 0xff00) >> 8); 4511 } 4512 myaddr.s6_addr16[1] = 0; /* KAME hack: clear ifindex */ 4513 bcopy(&myaddr, suggest, sizeof(myaddr)); 4514 } 4515 #endif /*INET6*/ 4516 4517 int 4518 sppp_get_params(struct sppp *sp, struct ifreq *ifr) 4519 { 4520 int cmd; 4521 4522 if (copyin((caddr_t)ifr->ifr_data, &cmd, sizeof cmd) != 0) 4523 return EFAULT; 4524 4525 switch (cmd) { 4526 case SPPPIOGDEFS: 4527 { 4528 struct spppreq *spr; 4529 4530 spr = malloc(sizeof(*spr), M_DEVBUF, M_WAITOK); 4531 spr->cmd = cmd; 4532 spr->phase = sp->pp_phase; 4533 4534 if (copyout(spr, (caddr_t)ifr->ifr_data, sizeof(*spr)) != 0) { 4535 free(spr, M_DEVBUF, sizeof(*spr)); 4536 return EFAULT; 4537 } 4538 free(spr, M_DEVBUF, sizeof(*spr)); 4539 break; 4540 } 4541 case SPPPIOGMAUTH: 4542 case SPPPIOGHAUTH: 4543 { 4544 struct sauthreq *spa; 4545 struct sauth *auth; 4546 4547 spa = malloc(sizeof(*spa), M_DEVBUF, M_WAITOK); 4548 auth = (cmd == SPPPIOGMAUTH) ? &sp->myauth : &sp->hisauth; 4549 bzero(spa, sizeof(*spa)); 4550 spa->proto = auth->proto; 4551 spa->flags = auth->flags; 4552 4553 /* do not copy the secret, and only let root know the name */ 4554 if (auth->name != NULL && suser(curproc) == 0) 4555 strlcpy(spa->name, auth->name, sizeof(spa->name)); 4556 4557 if (copyout(spa, (caddr_t)ifr->ifr_data, sizeof(*spa)) != 0) { 4558 free(spa, M_DEVBUF, sizeof(*spa)); 4559 return EFAULT; 4560 } 4561 free(spa, M_DEVBUF, sizeof(*spa)); 4562 break; 4563 } 4564 case SPPPIOGDNS: 4565 { 4566 struct sdnsreq *spd; 4567 4568 spd = malloc(sizeof(*spd), M_DEVBUF, M_WAITOK); 4569 4570 spd->cmd = cmd; 4571 memcpy(spd->dns, sp->ipcp.dns, sizeof(spd->dns)); 4572 4573 if (copyout(spd, (caddr_t)ifr->ifr_data, sizeof(*spd)) != 0) { 4574 free(spd, M_DEVBUF, 0); 4575 return EFAULT; 4576 } 4577 4578 free(spd, M_DEVBUF, sizeof(*spd)); 4579 break; 4580 } 4581 default: 4582 return EINVAL; 4583 } 4584 4585 return 0; 4586 } 4587 4588 4589 int 4590 sppp_set_params(struct sppp *sp, struct ifreq *ifr) 4591 { 4592 int cmd; 4593 4594 if (copyin((caddr_t)ifr->ifr_data, &cmd, sizeof cmd) != 0) 4595 return EFAULT; 4596 4597 switch (cmd) { 4598 case SPPPIOSDEFS: 4599 { 4600 struct spppreq *spr; 4601 4602 spr = malloc(sizeof(*spr), M_DEVBUF, M_WAITOK); 4603 4604 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(*spr)) != 0) { 4605 free(spr, M_DEVBUF, sizeof(*spr)); 4606 return EFAULT; 4607 } 4608 /* 4609 * Also, we only allow for authentication parameters to be 4610 * specified. 4611 * 4612 * XXX Should allow to set or clear pp_flags. 4613 */ 4614 free(spr, M_DEVBUF, sizeof(*spr)); 4615 break; 4616 } 4617 case SPPPIOSMAUTH: 4618 case SPPPIOSHAUTH: 4619 { 4620 /* 4621 * Finally, if the respective authentication protocol to 4622 * be used is set differently than 0, but the secret is 4623 * passed as all zeros, we don't trash the existing secret. 4624 * This allows an administrator to change the system name 4625 * only without clobbering the secret (which he didn't get 4626 * back in a previous SPPPIOGXAUTH call). However, the 4627 * secrets are cleared if the authentication protocol is 4628 * reset to 0. 4629 */ 4630 4631 struct sauthreq *spa; 4632 struct sauth *auth; 4633 char *p; 4634 int len; 4635 4636 spa = malloc(sizeof(*spa), M_DEVBUF, M_WAITOK); 4637 4638 auth = (cmd == SPPPIOSMAUTH) ? &sp->myauth : &sp->hisauth; 4639 4640 if (copyin((caddr_t)ifr->ifr_data, spa, sizeof(*spa)) != 0) { 4641 free(spa, M_DEVBUF, sizeof(*spa)); 4642 return EFAULT; 4643 } 4644 4645 if (spa->proto != 0 && spa->proto != PPP_PAP && 4646 spa->proto != PPP_CHAP) { 4647 free(spa, M_DEVBUF, sizeof(*spa)); 4648 return EINVAL; 4649 } 4650 4651 if (spa->proto == 0) { 4652 /* resetting auth */ 4653 if (auth->name != NULL) 4654 free(auth->name, M_DEVBUF, 4655 strlen(auth->name) + 1); 4656 if (auth->secret != NULL) 4657 free(auth->secret, M_DEVBUF, 4658 strlen(auth->secret) + 1); 4659 bzero(auth, sizeof *auth); 4660 explicit_bzero(sp->chap_challenge, sizeof sp->chap_challenge); 4661 } else { 4662 /* setting/changing auth */ 4663 auth->proto = spa->proto; 4664 auth->flags = spa->flags; 4665 4666 spa->name[AUTHMAXLEN - 1] = '\0'; 4667 len = strlen(spa->name) + 1; 4668 p = malloc(len, M_DEVBUF, M_WAITOK); 4669 strlcpy(p, spa->name, len); 4670 if (auth->name != NULL) 4671 free(auth->name, M_DEVBUF, 4672 strlen(auth->name) + 1); 4673 auth->name = p; 4674 4675 if (spa->secret[0] != '\0') { 4676 spa->secret[AUTHMAXLEN - 1] = '\0'; 4677 len = strlen(spa->secret) + 1; 4678 p = malloc(len, M_DEVBUF, M_WAITOK); 4679 strlcpy(p, spa->secret, len); 4680 if (auth->secret != NULL) 4681 free(auth->secret, M_DEVBUF, 4682 strlen(auth->secret) + 1); 4683 auth->secret = p; 4684 } else if (!auth->secret) { 4685 p = malloc(1, M_DEVBUF, M_WAITOK); 4686 p[0] = '\0'; 4687 auth->secret = p; 4688 } 4689 } 4690 free(spa, M_DEVBUF, sizeof(*spa)); 4691 break; 4692 } 4693 default: 4694 return EINVAL; 4695 } 4696 4697 return (ENETRESET); 4698 } 4699 4700 void 4701 sppp_phase_network(struct sppp *sp) 4702 { 4703 int i; 4704 u_long mask; 4705 4706 sp->pp_phase = PHASE_NETWORK; 4707 4708 sppp_set_phase(sp); 4709 4710 /* Notify NCPs now. */ 4711 for (i = 0; i < IDX_COUNT; i++) 4712 if ((cps[i])->flags & CP_NCP) 4713 (cps[i])->Open(sp); 4714 4715 /* Send Up events to all NCPs. */ 4716 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 4717 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP)) 4718 (cps[i])->Up(sp); 4719 4720 /* if no NCP is starting, all this was in vain, close down */ 4721 sppp_lcp_check_and_close(sp); 4722 } 4723 4724 4725 const char * 4726 sppp_cp_type_name(u_char type) 4727 { 4728 static char buf[12]; 4729 switch (type) { 4730 case CONF_REQ: return "conf-req"; 4731 case CONF_ACK: return "conf-ack"; 4732 case CONF_NAK: return "conf-nak"; 4733 case CONF_REJ: return "conf-rej"; 4734 case TERM_REQ: return "term-req"; 4735 case TERM_ACK: return "term-ack"; 4736 case CODE_REJ: return "code-rej"; 4737 case PROTO_REJ: return "proto-rej"; 4738 case ECHO_REQ: return "echo-req"; 4739 case ECHO_REPLY: return "echo-reply"; 4740 case DISC_REQ: return "discard-req"; 4741 } 4742 snprintf (buf, sizeof buf, "0x%x", type); 4743 return buf; 4744 } 4745 4746 const char * 4747 sppp_auth_type_name(u_short proto, u_char type) 4748 { 4749 static char buf[12]; 4750 switch (proto) { 4751 case PPP_CHAP: 4752 switch (type) { 4753 case CHAP_CHALLENGE: return "challenge"; 4754 case CHAP_RESPONSE: return "response"; 4755 case CHAP_SUCCESS: return "success"; 4756 case CHAP_FAILURE: return "failure"; 4757 } 4758 case PPP_PAP: 4759 switch (type) { 4760 case PAP_REQ: return "req"; 4761 case PAP_ACK: return "ack"; 4762 case PAP_NAK: return "nak"; 4763 } 4764 } 4765 snprintf (buf, sizeof buf, "0x%x", type); 4766 return buf; 4767 } 4768 4769 const char * 4770 sppp_lcp_opt_name(u_char opt) 4771 { 4772 static char buf[12]; 4773 switch (opt) { 4774 case LCP_OPT_MRU: return "mru"; 4775 case LCP_OPT_ASYNC_MAP: return "async-map"; 4776 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 4777 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 4778 case LCP_OPT_MAGIC: return "magic"; 4779 case LCP_OPT_PROTO_COMP: return "proto-comp"; 4780 case LCP_OPT_ADDR_COMP: return "addr-comp"; 4781 } 4782 snprintf (buf, sizeof buf, "0x%x", opt); 4783 return buf; 4784 } 4785 4786 const char * 4787 sppp_ipcp_opt_name(u_char opt) 4788 { 4789 static char buf[12]; 4790 switch (opt) { 4791 case IPCP_OPT_ADDRESSES: return "addresses"; 4792 case IPCP_OPT_COMPRESSION: return "compression"; 4793 case IPCP_OPT_ADDRESS: return "address"; 4794 case IPCP_OPT_PRIMDNS: return "primdns"; 4795 case IPCP_OPT_SECDNS: return "secdns"; 4796 } 4797 snprintf (buf, sizeof buf, "0x%x", opt); 4798 return buf; 4799 } 4800 4801 #ifdef INET6 4802 const char * 4803 sppp_ipv6cp_opt_name(u_char opt) 4804 { 4805 static char buf[12]; 4806 switch (opt) { 4807 case IPV6CP_OPT_IFID: return "ifid"; 4808 case IPV6CP_OPT_COMPRESSION: return "compression"; 4809 } 4810 snprintf (buf, sizeof buf, "0x%x", opt); 4811 return buf; 4812 } 4813 #endif 4814 4815 const char * 4816 sppp_state_name(int state) 4817 { 4818 switch (state) { 4819 case STATE_INITIAL: return "initial"; 4820 case STATE_STARTING: return "starting"; 4821 case STATE_CLOSED: return "closed"; 4822 case STATE_STOPPED: return "stopped"; 4823 case STATE_CLOSING: return "closing"; 4824 case STATE_STOPPING: return "stopping"; 4825 case STATE_REQ_SENT: return "req-sent"; 4826 case STATE_ACK_RCVD: return "ack-rcvd"; 4827 case STATE_ACK_SENT: return "ack-sent"; 4828 case STATE_OPENED: return "opened"; 4829 } 4830 return "illegal"; 4831 } 4832 4833 const char * 4834 sppp_phase_name(enum ppp_phase phase) 4835 { 4836 switch (phase) { 4837 case PHASE_DEAD: return "dead"; 4838 case PHASE_ESTABLISH: return "establish"; 4839 case PHASE_TERMINATE: return "terminate"; 4840 case PHASE_AUTHENTICATE: return "authenticate"; 4841 case PHASE_NETWORK: return "network"; 4842 } 4843 return "illegal"; 4844 } 4845 4846 const char * 4847 sppp_proto_name(u_short proto) 4848 { 4849 static char buf[12]; 4850 switch (proto) { 4851 case PPP_LCP: return "lcp"; 4852 case PPP_IPCP: return "ipcp"; 4853 case PPP_IPV6CP: return "ipv6cp"; 4854 case PPP_PAP: return "pap"; 4855 case PPP_CHAP: return "chap"; 4856 } 4857 snprintf(buf, sizeof buf, "0x%x", (unsigned)proto); 4858 return buf; 4859 } 4860 4861 void 4862 sppp_print_bytes(const u_char *p, u_short len) 4863 { 4864 addlog(" %02x", *p++); 4865 while (--len > 0) 4866 addlog("-%02x", *p++); 4867 } 4868 4869 void 4870 sppp_print_string(const char *p, u_short len) 4871 { 4872 u_char c; 4873 4874 while (len-- > 0) { 4875 c = *p++; 4876 /* 4877 * Print only ASCII chars directly. RFC 1994 recommends 4878 * using only them, but we don't rely on it. */ 4879 if (c < ' ' || c > '~') 4880 addlog("\\x%x", c); 4881 else 4882 addlog("%c", c); 4883 } 4884 } 4885 4886 const char * 4887 sppp_dotted_quad(u_int32_t addr) 4888 { 4889 static char s[16]; 4890 snprintf(s, sizeof s, "%d.%d.%d.%d", 4891 (int)((addr >> 24) & 0xff), 4892 (int)((addr >> 16) & 0xff), 4893 (int)((addr >> 8) & 0xff), 4894 (int)(addr & 0xff)); 4895 return s; 4896 } 4897 4898 /* a dummy, used to drop uninteresting events */ 4899 void 4900 sppp_null(struct sppp *unused) 4901 { 4902 /* do just nothing */ 4903 } 4904 4905 void 4906 sppp_set_phase(struct sppp *sp) 4907 { 4908 STDDCL; 4909 int lstate; 4910 4911 if (debug) 4912 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 4913 sppp_phase_name(sp->pp_phase)); 4914 4915 /* set link state */ 4916 if (sp->pp_phase == PHASE_NETWORK) 4917 lstate = LINK_STATE_UP; 4918 else 4919 lstate = LINK_STATE_DOWN; 4920 4921 if (ifp->if_link_state != lstate) { 4922 ifp->if_link_state = lstate; 4923 if_link_state_change(ifp); 4924 } 4925 } 4926 4927 void 4928 sppp_update_dns(struct ifnet *ifp) 4929 { 4930 struct rt_addrinfo info; 4931 struct sockaddr_rtdns rtdns; 4932 struct sppp *sp = ifp->if_softc; 4933 size_t sz = 0; 4934 int i, flag = 0; 4935 4936 memset(&rtdns, 0, sizeof(rtdns)); 4937 memset(&info, 0, sizeof(info)); 4938 4939 for (i = 0; i < IPCP_MAX_DNSSRV; i++) { 4940 if (sp->ipcp.dns[i].s_addr == INADDR_ANY) 4941 break; 4942 sz = sizeof(sp->ipcp.dns[i]); 4943 memcpy(rtdns.sr_dns + i * sz, &sp->ipcp.dns[i].s_addr, sz); 4944 flag = RTF_UP; 4945 } 4946 4947 rtdns.sr_family = AF_INET; 4948 rtdns.sr_len = 2 + i * sz; 4949 info.rti_info[RTAX_DNS] = srtdnstosa(&rtdns); 4950 4951 rtm_proposal(ifp, &info, flag, RTP_PROPOSAL_PPP); 4952 } 4953 4954 void 4955 sppp_rtrequest(struct ifnet *ifp, int req, struct rtentry *rt) 4956 { 4957 if (req == RTM_PROPOSAL) { 4958 KERNEL_LOCK(); 4959 sppp_update_dns(ifp); 4960 KERNEL_UNLOCK(); 4961 return; 4962 } 4963 4964 p2p_rtrequest(ifp, req, rt); 4965 } 4966