1 /* $OpenBSD: if_spppsubr.c,v 1.181 2019/11/13 10:15:10 bluhm Exp $ */ 2 /* 3 * Synchronous PPP link level subroutines. 4 * 5 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 6 * Author: Serge Vakulenko, <vak@cronyx.ru> 7 * 8 * Heavily revamped to conform to RFC 1661. 9 * Copyright (C) 1997, Joerg Wunsch. 10 * 11 * RFC2472 IPv6CP support. 12 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun@iijlab.net>. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions are met: 16 * 1. Redistributions of source code must retain the above copyright notice, 17 * this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright notice, 19 * this list of conditions and the following disclaimer in the documentation 20 * and/or other materials provided with the distribution. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY 23 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE 26 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 29 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 32 * POSSIBILITY OF SUCH DAMAGE. 33 * 34 * From: Version 2.6, Tue May 12 17:10:39 MSD 1998 35 */ 36 37 #include <sys/param.h> 38 39 #include <sys/systm.h> 40 #include <sys/kernel.h> 41 #include <sys/sockio.h> 42 #include <sys/socket.h> 43 #include <sys/syslog.h> 44 #include <sys/malloc.h> 45 #include <sys/mbuf.h> 46 47 #include <sys/timeout.h> 48 #include <crypto/md5.h> 49 50 #include <net/if.h> 51 #include <net/if_var.h> 52 #include <net/netisr.h> 53 #include <net/if_types.h> 54 #include <net/route.h> 55 56 #include <sys/stdarg.h> 57 58 #include <netinet/in.h> 59 #include <netinet/in_var.h> 60 #include <netinet/ip.h> 61 62 #ifdef INET6 63 #include <netinet6/in6_ifattach.h> 64 #endif 65 66 #include <net/if_sppp.h> 67 68 # define UNTIMEOUT(fun, arg, handle) \ 69 timeout_del(&(handle)) 70 71 #define LOOPALIVECNT 3 /* loopback detection tries */ 72 #define MAXALIVECNT 3 /* max. missed alive packets */ 73 #define NORECV_TIME 15 /* before we get worried */ 74 75 /* 76 * Interface flags that can be set in an ifconfig command. 77 * 78 * Setting link0 will make the link passive, i.e. it will be marked 79 * as being administrative openable, but won't be opened to begin 80 * with. Incoming calls will be answered, or subsequent calls with 81 * -link1 will cause the administrative open of the LCP layer. 82 * 83 * Setting link1 will cause the link to auto-dial only as packets 84 * arrive to be sent. 85 * 86 * Setting IFF_DEBUG will syslog the option negotiation and state 87 * transitions at level kern.debug. Note: all logs consistently look 88 * like 89 * 90 * <if-name><unit>: <proto-name> <additional info...> 91 * 92 * with <if-name><unit> being something like "bppp0", and <proto-name> 93 * being one of "lcp", "ipcp", "chap", "pap", etc. 94 */ 95 96 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 97 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 98 99 #define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 100 #define PPP_UI 0x03 /* Unnumbered Information */ 101 #define PPP_IP 0x0021 /* Internet Protocol */ 102 #define PPP_ISO 0x0023 /* ISO OSI Protocol */ 103 #define PPP_XNS 0x0025 /* Xerox NS Protocol */ 104 #define PPP_IPX 0x002b /* Novell IPX Protocol */ 105 #define PPP_IPV6 0x0057 /* Internet Protocol v6 */ 106 #define PPP_LCP 0xc021 /* Link Control Protocol */ 107 #define PPP_PAP 0xc023 /* Password Authentication Protocol */ 108 #define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 109 #define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 110 #define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 111 112 #define CONF_REQ 1 /* PPP configure request */ 113 #define CONF_ACK 2 /* PPP configure acknowledge */ 114 #define CONF_NAK 3 /* PPP configure negative ack */ 115 #define CONF_REJ 4 /* PPP configure reject */ 116 #define TERM_REQ 5 /* PPP terminate request */ 117 #define TERM_ACK 6 /* PPP terminate acknowledge */ 118 #define CODE_REJ 7 /* PPP code reject */ 119 #define PROTO_REJ 8 /* PPP protocol reject */ 120 #define ECHO_REQ 9 /* PPP echo request */ 121 #define ECHO_REPLY 10 /* PPP echo reply */ 122 #define DISC_REQ 11 /* PPP discard request */ 123 124 #define LCP_OPT_MRU 1 /* maximum receive unit */ 125 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 126 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 127 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 128 #define LCP_OPT_MAGIC 5 /* magic number */ 129 #define LCP_OPT_RESERVED 6 /* reserved */ 130 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 131 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 132 133 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 134 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 135 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 136 137 #define IPV6CP_OPT_IFID 1 /* interface identifier */ 138 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 139 140 #define PAP_REQ 1 /* PAP name/password request */ 141 #define PAP_ACK 2 /* PAP acknowledge */ 142 #define PAP_NAK 3 /* PAP fail */ 143 144 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 145 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 146 #define CHAP_SUCCESS 3 /* CHAP response ok */ 147 #define CHAP_FAILURE 4 /* CHAP response failed */ 148 149 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 150 151 /* states are named and numbered according to RFC 1661 */ 152 #define STATE_INITIAL 0 153 #define STATE_STARTING 1 154 #define STATE_CLOSED 2 155 #define STATE_STOPPED 3 156 #define STATE_CLOSING 4 157 #define STATE_STOPPING 5 158 #define STATE_REQ_SENT 6 159 #define STATE_ACK_RCVD 7 160 #define STATE_ACK_SENT 8 161 #define STATE_OPENED 9 162 163 #define PKTHDRLEN 2 164 165 struct ppp_header { 166 u_char address; 167 u_char control; 168 u_short protocol; 169 }; 170 #define PPP_HEADER_LEN sizeof (struct ppp_header) 171 172 struct lcp_header { 173 u_char type; 174 u_char ident; 175 u_short len; 176 }; 177 #define LCP_HEADER_LEN sizeof (struct lcp_header) 178 179 /* 180 * We follow the spelling and capitalization of RFC 1661 here, to make 181 * it easier comparing with the standard. Please refer to this RFC in 182 * case you can't make sense out of these abbreviation; it will also 183 * explain the semantics related to the various events and actions. 184 */ 185 struct cp { 186 u_short proto; /* PPP control protocol number */ 187 u_char protoidx; /* index into state table in struct sppp */ 188 u_char flags; 189 #define CP_LCP 0x01 /* this is the LCP */ 190 #define CP_AUTH 0x02 /* this is an authentication protocol */ 191 #define CP_NCP 0x04 /* this is a NCP */ 192 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 193 const char *name; /* name of this control protocol */ 194 /* event handlers */ 195 void (*Up)(struct sppp *sp); 196 void (*Down)(struct sppp *sp); 197 void (*Open)(struct sppp *sp); 198 void (*Close)(struct sppp *sp); 199 void (*TO)(void *sp); 200 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 201 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 202 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 203 /* actions */ 204 void (*tlu)(struct sppp *sp); 205 void (*tld)(struct sppp *sp); 206 void (*tls)(struct sppp *sp); 207 void (*tlf)(struct sppp *sp); 208 void (*scr)(struct sppp *sp); 209 }; 210 211 static struct sppp *spppq; 212 static struct timeout keepalive_ch; 213 214 #define SPP_FMT "%s: " 215 #define SPP_ARGS(ifp) (ifp)->if_xname 216 217 /* almost every function needs these */ 218 #define STDDCL \ 219 struct ifnet *ifp = &sp->pp_if; \ 220 int debug = ifp->if_flags & IFF_DEBUG 221 222 int sppp_output(struct ifnet *ifp, struct mbuf *m, 223 struct sockaddr *dst, struct rtentry *rt); 224 225 void sppp_cp_input(const struct cp *cp, struct sppp *sp, 226 struct mbuf *m); 227 void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 228 u_char ident, u_short len, void *data); 229 #ifdef notyet 230 void sppp_cp_timeout(void *arg); 231 #endif 232 void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 233 int newstate); 234 void sppp_auth_send(const struct cp *cp, 235 struct sppp *sp, unsigned int type, u_int id, 236 ...); 237 238 void sppp_up_event(const struct cp *cp, struct sppp *sp); 239 void sppp_down_event(const struct cp *cp, struct sppp *sp); 240 void sppp_open_event(const struct cp *cp, struct sppp *sp); 241 void sppp_close_event(const struct cp *cp, struct sppp *sp); 242 void sppp_increasing_timeout(const struct cp *cp, struct sppp *sp); 243 void sppp_to_event(const struct cp *cp, struct sppp *sp); 244 245 void sppp_null(struct sppp *sp); 246 247 void sppp_lcp_init(struct sppp *sp); 248 void sppp_lcp_up(struct sppp *sp); 249 void sppp_lcp_down(struct sppp *sp); 250 void sppp_lcp_open(struct sppp *sp); 251 void sppp_lcp_close(struct sppp *sp); 252 void sppp_lcp_TO(void *sp); 253 int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 254 void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 255 void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 256 void sppp_lcp_tlu(struct sppp *sp); 257 void sppp_lcp_tld(struct sppp *sp); 258 void sppp_lcp_tls(struct sppp *sp); 259 void sppp_lcp_tlf(struct sppp *sp); 260 void sppp_lcp_scr(struct sppp *sp); 261 void sppp_lcp_check_and_close(struct sppp *sp); 262 int sppp_ncp_check(struct sppp *sp); 263 264 void sppp_ipcp_init(struct sppp *sp); 265 void sppp_ipcp_destroy(struct sppp *sp); 266 void sppp_ipcp_up(struct sppp *sp); 267 void sppp_ipcp_down(struct sppp *sp); 268 void sppp_ipcp_open(struct sppp *sp); 269 void sppp_ipcp_close(struct sppp *sp); 270 void sppp_ipcp_TO(void *sp); 271 int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 272 void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 273 void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 274 void sppp_ipcp_tlu(struct sppp *sp); 275 void sppp_ipcp_tld(struct sppp *sp); 276 void sppp_ipcp_tls(struct sppp *sp); 277 void sppp_ipcp_tlf(struct sppp *sp); 278 void sppp_ipcp_scr(struct sppp *sp); 279 280 void sppp_ipv6cp_init(struct sppp *sp); 281 void sppp_ipv6cp_destroy(struct sppp *sp); 282 void sppp_ipv6cp_up(struct sppp *sp); 283 void sppp_ipv6cp_down(struct sppp *sp); 284 void sppp_ipv6cp_open(struct sppp *sp); 285 void sppp_ipv6cp_close(struct sppp *sp); 286 void sppp_ipv6cp_TO(void *sp); 287 int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 288 void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 289 void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 290 void sppp_ipv6cp_tlu(struct sppp *sp); 291 void sppp_ipv6cp_tld(struct sppp *sp); 292 void sppp_ipv6cp_tls(struct sppp *sp); 293 void sppp_ipv6cp_tlf(struct sppp *sp); 294 void sppp_ipv6cp_scr(struct sppp *sp); 295 const char *sppp_ipv6cp_opt_name(u_char opt); 296 void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 297 struct in6_addr *dst, struct in6_addr *srcmask); 298 void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src, const struct in6_addr *dst); 299 void sppp_update_ip6_addr(void *sp); 300 void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest); 301 302 void sppp_pap_input(struct sppp *sp, struct mbuf *m); 303 void sppp_pap_init(struct sppp *sp); 304 void sppp_pap_open(struct sppp *sp); 305 void sppp_pap_close(struct sppp *sp); 306 void sppp_pap_TO(void *sp); 307 void sppp_pap_my_TO(void *sp); 308 void sppp_pap_tlu(struct sppp *sp); 309 void sppp_pap_tld(struct sppp *sp); 310 void sppp_pap_scr(struct sppp *sp); 311 312 void sppp_chap_input(struct sppp *sp, struct mbuf *m); 313 void sppp_chap_init(struct sppp *sp); 314 void sppp_chap_open(struct sppp *sp); 315 void sppp_chap_close(struct sppp *sp); 316 void sppp_chap_TO(void *sp); 317 void sppp_chap_tlu(struct sppp *sp); 318 void sppp_chap_tld(struct sppp *sp); 319 void sppp_chap_scr(struct sppp *sp); 320 321 const char *sppp_auth_type_name(u_short proto, u_char type); 322 const char *sppp_cp_type_name(u_char type); 323 const char *sppp_dotted_quad(u_int32_t addr); 324 const char *sppp_ipcp_opt_name(u_char opt); 325 const char *sppp_lcp_opt_name(u_char opt); 326 const char *sppp_phase_name(enum ppp_phase phase); 327 const char *sppp_proto_name(u_short proto); 328 const char *sppp_state_name(int state); 329 int sppp_get_params(struct sppp *sp, struct ifreq *data); 330 int sppp_set_params(struct sppp *sp, struct ifreq *data); 331 void sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, 332 u_int32_t *srcmask); 333 void sppp_keepalive(void *dummy); 334 void sppp_phase_network(struct sppp *sp); 335 void sppp_print_bytes(const u_char *p, u_short len); 336 void sppp_print_string(const char *p, u_short len); 337 int sppp_update_gw_walker(struct rtentry *rt, void *arg, unsigned int id); 338 void sppp_update_gw(struct ifnet *ifp); 339 void sppp_set_ip_addrs(void *); 340 void sppp_clear_ip_addrs(void *); 341 void sppp_set_phase(struct sppp *sp); 342 343 /* our control protocol descriptors */ 344 static const struct cp lcp = { 345 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 346 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 347 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 348 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 349 sppp_lcp_scr 350 }; 351 352 static const struct cp ipcp = { 353 PPP_IPCP, IDX_IPCP, 354 CP_NCP, 355 "ipcp", 356 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 357 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 358 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 359 sppp_ipcp_scr 360 }; 361 362 static const struct cp ipv6cp = { 363 PPP_IPV6CP, IDX_IPV6CP, 364 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 365 CP_NCP, 366 #else 367 0, 368 #endif 369 "ipv6cp", 370 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 371 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 372 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 373 sppp_ipv6cp_scr 374 }; 375 376 static const struct cp pap = { 377 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 378 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 379 sppp_pap_TO, 0, 0, 0, 380 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 381 sppp_pap_scr 382 }; 383 384 static const struct cp chap = { 385 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 386 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 387 sppp_chap_TO, 0, 0, 0, 388 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 389 sppp_chap_scr 390 }; 391 392 static const struct cp *cps[IDX_COUNT] = { 393 &lcp, /* IDX_LCP */ 394 &ipcp, /* IDX_IPCP */ 395 &ipv6cp, /* IDX_IPV6CP */ 396 &pap, /* IDX_PAP */ 397 &chap, /* IDX_CHAP */ 398 }; 399 400 401 /* 402 * Exported functions, comprising our interface to the lower layer. 403 */ 404 405 /* Workaround */ 406 void 407 spppattach(struct ifnet *ifp) 408 { 409 } 410 411 /* 412 * Process the received packet. 413 */ 414 void 415 sppp_input(struct ifnet *ifp, struct mbuf *m) 416 { 417 struct ppp_header ht; 418 struct sppp *sp = (struct sppp *)ifp; 419 struct timeval tv; 420 int debug = ifp->if_flags & IFF_DEBUG; 421 422 getmicrouptime(&tv); 423 424 if (ifp->if_flags & IFF_UP) { 425 /* Count received bytes, add hardware framing */ 426 ifp->if_ibytes += m->m_pkthdr.len + sp->pp_framebytes; 427 /* Note time of last receive */ 428 sp->pp_last_receive = tv.tv_sec; 429 } 430 431 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 432 /* Too small packet, drop it. */ 433 if (debug) 434 log(LOG_DEBUG, 435 SPP_FMT "input packet is too small, %d bytes\n", 436 SPP_ARGS(ifp), m->m_pkthdr.len); 437 drop: 438 m_freem (m); 439 ++ifp->if_ierrors; 440 ++ifp->if_iqdrops; 441 return; 442 } 443 444 /* mark incoming routing domain */ 445 m->m_pkthdr.ph_rtableid = ifp->if_rdomain; 446 447 m_copydata(m, 0, sizeof(ht.protocol), (caddr_t)&ht.protocol); 448 m_adj(m, 2); 449 ht.control = PPP_UI; 450 ht.address = PPP_ALLSTATIONS; 451 452 /* preserve the alignment */ 453 if (m->m_len < m->m_pkthdr.len) { 454 m = m_pullup(m, m->m_pkthdr.len); 455 if (m == NULL) { 456 if (debug) 457 log(LOG_DEBUG, 458 SPP_FMT "Failed to align packet!\n", SPP_ARGS(ifp)); 459 ++ifp->if_ierrors; 460 ++ifp->if_iqdrops; 461 return; 462 } 463 } 464 465 switch (ht.address) { 466 case PPP_ALLSTATIONS: 467 if (ht.control != PPP_UI) 468 goto invalid; 469 switch (ntohs (ht.protocol)) { 470 default: 471 if (sp->state[IDX_LCP] == STATE_OPENED) 472 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 473 ++sp->pp_seq, 2, &ht.protocol); 474 if (debug) 475 log(LOG_DEBUG, 476 SPP_FMT "invalid input protocol " 477 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 478 SPP_ARGS(ifp), 479 ht.address, ht.control, ntohs(ht.protocol)); 480 ++ifp->if_noproto; 481 goto drop; 482 case PPP_LCP: 483 sppp_cp_input(&lcp, sp, m); 484 m_freem (m); 485 return; 486 case PPP_PAP: 487 if (sp->pp_phase >= PHASE_AUTHENTICATE) 488 sppp_pap_input(sp, m); 489 m_freem (m); 490 return; 491 case PPP_CHAP: 492 if (sp->pp_phase >= PHASE_AUTHENTICATE) 493 sppp_chap_input(sp, m); 494 m_freem (m); 495 return; 496 case PPP_IPCP: 497 if (sp->pp_phase == PHASE_NETWORK) 498 sppp_cp_input(&ipcp, sp, m); 499 m_freem (m); 500 return; 501 case PPP_IP: 502 if (sp->state[IDX_IPCP] == STATE_OPENED) { 503 sp->pp_last_activity = tv.tv_sec; 504 if (ifp->if_flags & IFF_UP) { 505 ipv4_input(ifp, m); 506 return; 507 } 508 } 509 break; 510 #ifdef INET6 511 case PPP_IPV6CP: 512 if (sp->pp_phase == PHASE_NETWORK) 513 sppp_cp_input(&ipv6cp, sp, m); 514 m_freem (m); 515 return; 516 case PPP_IPV6: 517 if (sp->state[IDX_IPV6CP] == STATE_OPENED) { 518 sp->pp_last_activity = tv.tv_sec; 519 if (ifp->if_flags & IFF_UP) { 520 ipv6_input(ifp, m); 521 return; 522 } 523 } 524 break; 525 #endif 526 } 527 break; 528 default: /* Invalid PPP packet. */ 529 invalid: 530 if (debug) 531 log(LOG_DEBUG, 532 SPP_FMT "invalid input packet " 533 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 534 SPP_ARGS(ifp), 535 ht.address, ht.control, ntohs(ht.protocol)); 536 goto drop; 537 } 538 539 goto drop; 540 } 541 542 /* 543 * Enqueue transmit packet. 544 */ 545 int 546 sppp_output(struct ifnet *ifp, struct mbuf *m, 547 struct sockaddr *dst, struct rtentry *rt) 548 { 549 struct sppp *sp = (struct sppp*) ifp; 550 struct timeval tv; 551 int s, rv = 0; 552 u_int16_t protocol; 553 554 #ifdef DIAGNOSTIC 555 if (ifp->if_rdomain != rtable_l2(m->m_pkthdr.ph_rtableid)) { 556 printf("%s: trying to send packet on wrong domain. " 557 "if %d vs. mbuf %d, AF %d\n", ifp->if_xname, 558 ifp->if_rdomain, rtable_l2(m->m_pkthdr.ph_rtableid), 559 dst->sa_family); 560 } 561 #endif 562 563 s = splnet(); 564 565 getmicrouptime(&tv); 566 sp->pp_last_activity = tv.tv_sec; 567 568 if ((ifp->if_flags & IFF_UP) == 0 || 569 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 570 m_freem (m); 571 splx (s); 572 return (ENETDOWN); 573 } 574 575 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 576 /* 577 * Interface is not yet running, but auto-dial. Need 578 * to start LCP for it. 579 */ 580 ifp->if_flags |= IFF_RUNNING; 581 splx(s); 582 lcp.Open(sp); 583 s = splnet(); 584 } 585 586 if (dst->sa_family == AF_INET) { 587 struct ip *ip = NULL; 588 589 if (m->m_len >= sizeof(struct ip)) 590 ip = mtod(m, struct ip *); 591 592 /* 593 * When using dynamic local IP address assignment by using 594 * 0.0.0.0 as a local address, the first TCP session will 595 * not connect because the local TCP checksum is computed 596 * using 0.0.0.0 which will later become our real IP address 597 * so the TCP checksum computed at the remote end will 598 * become invalid. So we 599 * - don't let packets with src ip addr 0 thru 600 * - we flag TCP packets with src ip 0 as an error 601 */ 602 603 if (ip && ip->ip_src.s_addr == INADDR_ANY) { 604 u_int8_t proto = ip->ip_p; 605 606 m_freem(m); 607 splx(s); 608 if (proto == IPPROTO_TCP) 609 return (EADDRNOTAVAIL); 610 else 611 return (0); 612 } 613 } 614 615 switch (dst->sa_family) { 616 case AF_INET: /* Internet Protocol */ 617 /* 618 * Don't choke with an ENETDOWN early. It's 619 * possible that we just started dialing out, 620 * so don't drop the packet immediately. If 621 * we notice that we run out of buffer space 622 * below, we will however remember that we are 623 * not ready to carry IP packets, and return 624 * ENETDOWN, as opposed to ENOBUFS. 625 */ 626 protocol = htons(PPP_IP); 627 if (sp->state[IDX_IPCP] != STATE_OPENED) 628 rv = ENETDOWN; 629 break; 630 #ifdef INET6 631 case AF_INET6: /* Internet Protocol v6 */ 632 /* 633 * Don't choke with an ENETDOWN early. It's 634 * possible that we just started dialing out, 635 * so don't drop the packet immediately. If 636 * we notice that we run out of buffer space 637 * below, we will however remember that we are 638 * not ready to carry IPv6 packets, and return 639 * ENETDOWN, as opposed to ENOBUFS. 640 */ 641 protocol = htons(PPP_IPV6); 642 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 643 rv = ENETDOWN; 644 break; 645 #endif 646 default: 647 m_freem(m); 648 ++ifp->if_oerrors; 649 splx(s); 650 return (EAFNOSUPPORT); 651 } 652 653 M_PREPEND(m, 2, M_DONTWAIT); 654 if (m == NULL) { 655 if (ifp->if_flags & IFF_DEBUG) 656 log(LOG_DEBUG, SPP_FMT 657 "no memory for transmit header\n", 658 SPP_ARGS(ifp)); 659 ++ifp->if_oerrors; 660 splx(s); 661 return (rv ? rv : ENOBUFS); 662 } 663 *mtod(m, u_int16_t *) = protocol; 664 665 /* 666 * Queue message on interface, and start output if interface 667 * not yet active. 668 */ 669 rv = if_enqueue(ifp, m); 670 if (rv != 0) { 671 ifp->if_oerrors++; 672 splx(s); 673 return (rv); 674 } 675 676 /* 677 * Count output packets and bytes. 678 * The packet length includes header, FCS and 1 flag, 679 * according to RFC 1333. 680 */ 681 ifp->if_obytes += sp->pp_framebytes; 682 splx(s); 683 684 return (0); 685 } 686 687 void 688 sppp_attach(struct ifnet *ifp) 689 { 690 struct sppp *sp = (struct sppp*) ifp; 691 int i; 692 693 /* Initialize keepalive handler. */ 694 if (! spppq) { 695 timeout_set_proc(&keepalive_ch, sppp_keepalive, NULL); 696 timeout_add_sec(&keepalive_ch, 10); 697 } 698 699 /* Insert new entry into the keepalive list. */ 700 sp->pp_next = spppq; 701 spppq = sp; 702 703 sp->pp_if.if_type = IFT_PPP; 704 sp->pp_if.if_output = sppp_output; 705 IFQ_SET_MAXLEN(&sp->pp_if.if_snd, 50); 706 mq_init(&sp->pp_cpq, 50, IPL_NET); 707 sp->pp_loopcnt = 0; 708 sp->pp_alivecnt = 0; 709 sp->pp_last_activity = 0; 710 sp->pp_last_receive = 0; 711 sp->pp_seq = 0; 712 sp->pp_rseq = 0; 713 sp->pp_phase = PHASE_DEAD; 714 sp->pp_up = lcp.Up; 715 sp->pp_down = lcp.Down; 716 717 for (i = 0; i < IDX_COUNT; i++) 718 timeout_set(&sp->ch[i], (cps[i])->TO, (void *)sp); 719 timeout_set(&sp->pap_my_to_ch, sppp_pap_my_TO, (void *)sp); 720 721 sppp_lcp_init(sp); 722 sppp_ipcp_init(sp); 723 sppp_ipv6cp_init(sp); 724 sppp_pap_init(sp); 725 sppp_chap_init(sp); 726 } 727 728 void 729 sppp_detach(struct ifnet *ifp) 730 { 731 struct sppp **q, *p, *sp = (struct sppp*) ifp; 732 int i; 733 734 sppp_ipcp_destroy(sp); 735 sppp_ipv6cp_destroy(sp); 736 737 /* Remove the entry from the keepalive list. */ 738 for (q = &spppq; (p = *q); q = &p->pp_next) 739 if (p == sp) { 740 *q = p->pp_next; 741 break; 742 } 743 744 /* Stop keepalive handler. */ 745 if (! spppq) 746 UNTIMEOUT(sppp_keepalive, 0, keepalive_ch); 747 748 for (i = 0; i < IDX_COUNT; i++) 749 UNTIMEOUT((cps[i])->TO, (void *)sp, sp->ch[i]); 750 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 751 752 /* release authentication data */ 753 if (sp->myauth.name != NULL) 754 free(sp->myauth.name, M_DEVBUF, 0); 755 if (sp->myauth.secret != NULL) 756 free(sp->myauth.secret, M_DEVBUF, 0); 757 if (sp->hisauth.name != NULL) 758 free(sp->hisauth.name, M_DEVBUF, 0); 759 if (sp->hisauth.secret != NULL) 760 free(sp->hisauth.secret, M_DEVBUF, 0); 761 } 762 763 /* 764 * Flush the interface output queue. 765 */ 766 void 767 sppp_flush(struct ifnet *ifp) 768 { 769 struct sppp *sp = (struct sppp*) ifp; 770 771 IFQ_PURGE(&sp->pp_if.if_snd); 772 mq_purge(&sp->pp_cpq); 773 } 774 775 /* 776 * Check if the output queue is empty. 777 */ 778 int 779 sppp_isempty(struct ifnet *ifp) 780 { 781 struct sppp *sp = (struct sppp*) ifp; 782 int empty, s; 783 784 s = splnet(); 785 empty = mq_empty(&sp->pp_cpq) && IFQ_IS_EMPTY(&sp->pp_if.if_snd); 786 splx(s); 787 return (empty); 788 } 789 790 /* 791 * Get next packet to send. 792 */ 793 struct mbuf * 794 sppp_dequeue(struct ifnet *ifp) 795 { 796 struct sppp *sp = (struct sppp*) ifp; 797 struct mbuf *m; 798 int s; 799 800 s = splnet(); 801 /* 802 * Process only the control protocol queue until we have at 803 * least one NCP open. 804 */ 805 m = mq_dequeue(&sp->pp_cpq); 806 if (m == NULL && sppp_ncp_check(sp)) { 807 IFQ_DEQUEUE (&sp->pp_if.if_snd, m); 808 } 809 splx(s); 810 return m; 811 } 812 813 /* 814 * Process an ioctl request. Called on low priority level. 815 */ 816 int 817 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) 818 { 819 struct ifreq *ifr = data; 820 struct sppp *sp = (struct sppp*) ifp; 821 int s, rv, going_up, going_down, newmode; 822 823 s = splnet(); 824 rv = 0; 825 switch (cmd) { 826 case SIOCSIFDSTADDR: 827 break; 828 829 case SIOCSIFADDR: 830 if_up(ifp); 831 /* FALLTHROUGH */ 832 833 case SIOCSIFFLAGS: 834 going_up = (ifp->if_flags & IFF_UP) && 835 (ifp->if_flags & IFF_RUNNING) == 0; 836 going_down = (ifp->if_flags & IFF_UP) == 0 && 837 (ifp->if_flags & IFF_RUNNING); 838 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 839 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 840 /* sanity */ 841 newmode = IFF_PASSIVE; 842 ifp->if_flags &= ~IFF_AUTO; 843 } 844 845 if (going_up || going_down) 846 lcp.Close(sp); 847 848 if (going_up && newmode == 0) { 849 /* neither auto-dial nor passive */ 850 ifp->if_flags |= IFF_RUNNING; 851 lcp.Open(sp); 852 } else if (going_down) { 853 sppp_flush(ifp); 854 ifp->if_flags &= ~IFF_RUNNING; 855 } 856 break; 857 858 case SIOCSIFMTU: 859 if (ifr->ifr_mtu < 128 || 860 (sp->lcp.their_mru > 0 && 861 ifr->ifr_mtu > sp->lcp.their_mru)) { 862 splx(s); 863 return (EINVAL); 864 } 865 ifp->if_mtu = ifr->ifr_mtu; 866 break; 867 case SIOCADDMULTI: 868 case SIOCDELMULTI: 869 break; 870 871 case SIOCGSPPPPARAMS: 872 rv = sppp_get_params(sp, ifr); 873 break; 874 875 case SIOCSSPPPPARAMS: 876 if ((rv = suser(curproc)) != 0) 877 break; 878 rv = sppp_set_params(sp, ifr); 879 break; 880 881 default: 882 rv = ENOTTY; 883 } 884 splx(s); 885 return rv; 886 } 887 888 /* 889 * PPP protocol implementation. 890 */ 891 892 /* 893 * Send PPP control protocol packet. 894 */ 895 void 896 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 897 u_char ident, u_short len, void *data) 898 { 899 STDDCL; 900 int s; 901 struct lcp_header *lh; 902 struct mbuf *m; 903 904 if (len > MHLEN - PKTHDRLEN - LCP_HEADER_LEN) 905 len = MHLEN - PKTHDRLEN - LCP_HEADER_LEN; 906 MGETHDR (m, M_DONTWAIT, MT_DATA); 907 if (! m) 908 return; 909 m->m_pkthdr.len = m->m_len = PKTHDRLEN + LCP_HEADER_LEN + len; 910 m->m_pkthdr.ph_ifidx = 0; 911 m->m_pkthdr.pf.prio = sp->pp_if.if_llprio; 912 913 *mtod(m, u_int16_t *) = htons(proto); 914 lh = (struct lcp_header *)(mtod(m, u_int8_t *) + 2); 915 lh->type = type; 916 lh->ident = ident; 917 lh->len = htons (LCP_HEADER_LEN + len); 918 if (len) 919 bcopy (data, lh+1, len); 920 921 if (debug) { 922 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 923 SPP_ARGS(ifp), 924 sppp_proto_name(proto), 925 sppp_cp_type_name (lh->type), lh->ident, 926 ntohs (lh->len)); 927 if (len) 928 sppp_print_bytes ((u_char*) (lh+1), len); 929 addlog(">\n"); 930 } 931 932 len = m->m_pkthdr.len + sp->pp_framebytes; 933 if (mq_enqueue(&sp->pp_cpq, m) != 0) { 934 ifp->if_oerrors++; 935 return; 936 } 937 938 ifp->if_obytes += len; 939 s = splnet(); 940 if_start(ifp); 941 splx(s); 942 } 943 944 /* 945 * Handle incoming PPP control protocol packets. 946 */ 947 void 948 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 949 { 950 STDDCL; 951 struct lcp_header *h; 952 int len = m->m_pkthdr.len; 953 int rv; 954 u_char *p; 955 u_long nmagic; 956 957 if (len < 4) { 958 if (debug) 959 log(LOG_DEBUG, 960 SPP_FMT "%s invalid packet length: %d bytes\n", 961 SPP_ARGS(ifp), cp->name, len); 962 return; 963 } 964 h = mtod (m, struct lcp_header*); 965 if (debug) { 966 log(LOG_DEBUG, 967 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 968 SPP_ARGS(ifp), cp->name, 969 sppp_state_name(sp->state[cp->protoidx]), 970 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 971 if (len > 4) 972 sppp_print_bytes ((u_char*) (h+1), len-4); 973 addlog(">\n"); 974 } 975 if (len > ntohs (h->len)) 976 len = ntohs (h->len); 977 p = (u_char *)(h + 1); 978 switch (h->type) { 979 case CONF_REQ: 980 if (len < 4) { 981 if (debug) 982 addlog(SPP_FMT "%s invalid conf-req length %d\n", 983 SPP_ARGS(ifp), cp->name, 984 len); 985 ++ifp->if_ierrors; 986 break; 987 } 988 /* handle states where RCR doesn't get a SCA/SCN */ 989 switch (sp->state[cp->protoidx]) { 990 case STATE_CLOSING: 991 case STATE_STOPPING: 992 return; 993 case STATE_CLOSED: 994 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 995 0, 0); 996 return; 997 } 998 rv = (cp->RCR)(sp, h, len); 999 /* silently drop illegal packets */ 1000 if (rv == -1) 1001 return; 1002 switch (sp->state[cp->protoidx]) { 1003 case STATE_OPENED: 1004 sppp_cp_change_state(cp, sp, rv? 1005 STATE_ACK_SENT: STATE_REQ_SENT); 1006 (cp->tld)(sp); 1007 (cp->scr)(sp); 1008 break; 1009 case STATE_ACK_SENT: 1010 case STATE_REQ_SENT: 1011 sppp_cp_change_state(cp, sp, rv? 1012 STATE_ACK_SENT: STATE_REQ_SENT); 1013 break; 1014 case STATE_STOPPED: 1015 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1016 sppp_cp_change_state(cp, sp, rv? 1017 STATE_ACK_SENT: STATE_REQ_SENT); 1018 (cp->scr)(sp); 1019 break; 1020 case STATE_ACK_RCVD: 1021 if (rv) { 1022 sppp_cp_change_state(cp, sp, STATE_OPENED); 1023 if (debug) 1024 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1025 SPP_ARGS(ifp), 1026 cp->name); 1027 (cp->tlu)(sp); 1028 } else 1029 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1030 break; 1031 default: 1032 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1033 SPP_ARGS(ifp), cp->name, 1034 sppp_cp_type_name(h->type), 1035 sppp_state_name(sp->state[cp->protoidx])); */ 1036 ++ifp->if_ierrors; 1037 } 1038 break; 1039 case CONF_ACK: 1040 if (h->ident != sp->confid[cp->protoidx]) { 1041 if (debug) 1042 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1043 SPP_ARGS(ifp), cp->name, 1044 h->ident, sp->confid[cp->protoidx]); 1045 ++ifp->if_ierrors; 1046 break; 1047 } 1048 switch (sp->state[cp->protoidx]) { 1049 case STATE_CLOSED: 1050 case STATE_STOPPED: 1051 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1052 break; 1053 case STATE_CLOSING: 1054 case STATE_STOPPING: 1055 break; 1056 case STATE_REQ_SENT: 1057 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1058 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1059 break; 1060 case STATE_OPENED: 1061 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1062 (cp->tld)(sp); 1063 (cp->scr)(sp); 1064 break; 1065 case STATE_ACK_RCVD: 1066 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1067 (cp->scr)(sp); 1068 break; 1069 case STATE_ACK_SENT: 1070 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1071 sppp_cp_change_state(cp, sp, STATE_OPENED); 1072 if (debug) 1073 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1074 SPP_ARGS(ifp), cp->name); 1075 (cp->tlu)(sp); 1076 break; 1077 default: 1078 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1079 SPP_ARGS(ifp), cp->name, 1080 sppp_cp_type_name(h->type), 1081 sppp_state_name(sp->state[cp->protoidx])); */ 1082 ++ifp->if_ierrors; 1083 } 1084 break; 1085 case CONF_NAK: 1086 case CONF_REJ: 1087 if (h->ident != sp->confid[cp->protoidx]) { 1088 if (debug) 1089 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1090 SPP_ARGS(ifp), cp->name, 1091 h->ident, sp->confid[cp->protoidx]); 1092 ++ifp->if_ierrors; 1093 break; 1094 } 1095 if (h->type == CONF_NAK) 1096 (cp->RCN_nak)(sp, h, len); 1097 else /* CONF_REJ */ 1098 (cp->RCN_rej)(sp, h, len); 1099 1100 switch (sp->state[cp->protoidx]) { 1101 case STATE_CLOSED: 1102 case STATE_STOPPED: 1103 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1104 break; 1105 case STATE_REQ_SENT: 1106 case STATE_ACK_SENT: 1107 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1108 (cp->scr)(sp); 1109 break; 1110 case STATE_OPENED: 1111 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1112 (cp->tld)(sp); 1113 (cp->scr)(sp); 1114 break; 1115 case STATE_ACK_RCVD: 1116 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1117 (cp->scr)(sp); 1118 break; 1119 case STATE_CLOSING: 1120 case STATE_STOPPING: 1121 break; 1122 default: 1123 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1124 SPP_ARGS(ifp), cp->name, 1125 sppp_cp_type_name(h->type), 1126 sppp_state_name(sp->state[cp->protoidx])); */ 1127 ++ifp->if_ierrors; 1128 } 1129 break; 1130 1131 case TERM_REQ: 1132 switch (sp->state[cp->protoidx]) { 1133 case STATE_ACK_RCVD: 1134 case STATE_ACK_SENT: 1135 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1136 /* FALLTHROUGH */ 1137 case STATE_CLOSED: 1138 case STATE_STOPPED: 1139 case STATE_CLOSING: 1140 case STATE_STOPPING: 1141 case STATE_REQ_SENT: 1142 sta: 1143 /* Send Terminate-Ack packet. */ 1144 if (debug) 1145 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1146 SPP_ARGS(ifp), cp->name); 1147 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1148 break; 1149 case STATE_OPENED: 1150 sp->rst_counter[cp->protoidx] = 0; 1151 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1152 (cp->tld)(sp); 1153 goto sta; 1154 break; 1155 default: 1156 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1157 SPP_ARGS(ifp), cp->name, 1158 sppp_cp_type_name(h->type), 1159 sppp_state_name(sp->state[cp->protoidx])); */ 1160 ++ifp->if_ierrors; 1161 } 1162 break; 1163 case TERM_ACK: 1164 switch (sp->state[cp->protoidx]) { 1165 case STATE_CLOSED: 1166 case STATE_STOPPED: 1167 case STATE_REQ_SENT: 1168 case STATE_ACK_SENT: 1169 break; 1170 case STATE_CLOSING: 1171 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1172 (cp->tlf)(sp); 1173 break; 1174 case STATE_STOPPING: 1175 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1176 (cp->tlf)(sp); 1177 break; 1178 case STATE_ACK_RCVD: 1179 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1180 break; 1181 case STATE_OPENED: 1182 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1183 (cp->tld)(sp); 1184 (cp->scr)(sp); 1185 break; 1186 default: 1187 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1188 SPP_ARGS(ifp), cp->name, 1189 sppp_cp_type_name(h->type), 1190 sppp_state_name(sp->state[cp->protoidx])); */ 1191 ++ifp->if_ierrors; 1192 } 1193 break; 1194 case CODE_REJ: 1195 case PROTO_REJ: 1196 { 1197 int catastrophic = 0; 1198 const struct cp *upper = NULL; 1199 int i; 1200 u_int16_t proto; 1201 1202 if (len < 2) { 1203 if (debug) 1204 log(LOG_DEBUG, SPP_FMT "invalid proto-rej length\n", 1205 SPP_ARGS(ifp)); 1206 ++ifp->if_ierrors; 1207 break; 1208 } 1209 1210 proto = ntohs(*((u_int16_t *)p)); 1211 for (i = 0; i < IDX_COUNT; i++) { 1212 if (cps[i]->proto == proto) { 1213 upper = cps[i]; 1214 break; 1215 } 1216 } 1217 if (upper == NULL) 1218 catastrophic++; 1219 1220 if (catastrophic || debug) 1221 log(catastrophic? LOG_INFO: LOG_DEBUG, 1222 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1223 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1224 sppp_cp_type_name(h->type), proto, 1225 upper ? upper->name : "unknown", 1226 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1227 1228 /* 1229 * if we got RXJ+ against conf-req, the peer does not implement 1230 * this particular protocol type. terminate the protocol. 1231 */ 1232 if (upper) { 1233 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1234 upper->Close(sp); 1235 break; 1236 } 1237 } 1238 1239 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1240 switch (sp->state[cp->protoidx]) { 1241 case STATE_CLOSED: 1242 case STATE_STOPPED: 1243 case STATE_REQ_SENT: 1244 case STATE_ACK_SENT: 1245 case STATE_CLOSING: 1246 case STATE_STOPPING: 1247 case STATE_OPENED: 1248 break; 1249 case STATE_ACK_RCVD: 1250 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1251 break; 1252 default: 1253 /* printf(SPP_FMT "%s illegal %s in state %s\n", 1254 SPP_ARGS(ifp), cp->name, 1255 sppp_cp_type_name(h->type), 1256 sppp_state_name(sp->state[cp->protoidx])); */ 1257 ++ifp->if_ierrors; 1258 } 1259 break; 1260 } 1261 case DISC_REQ: 1262 if (cp->proto != PPP_LCP) 1263 goto illegal; 1264 /* Discard the packet. */ 1265 break; 1266 case ECHO_REQ: 1267 if (cp->proto != PPP_LCP) 1268 goto illegal; 1269 if (sp->state[cp->protoidx] != STATE_OPENED) { 1270 if (debug) 1271 addlog(SPP_FMT "lcp echo req but lcp closed\n", 1272 SPP_ARGS(ifp)); 1273 ++ifp->if_ierrors; 1274 break; 1275 } 1276 if (len < 8) { 1277 if (debug) 1278 addlog(SPP_FMT "invalid lcp echo request " 1279 "packet length: %d bytes\n", 1280 SPP_ARGS(ifp), len); 1281 break; 1282 } 1283 1284 nmagic = (u_long)p[0] << 24 | 1285 (u_long)p[1] << 16 | p[2] << 8 | p[3]; 1286 1287 if (nmagic == sp->lcp.magic) { 1288 /* Line loopback mode detected. */ 1289 log(LOG_INFO, SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1290 /* Shut down the PPP link. */ 1291 lcp.Close(sp); 1292 break; 1293 } 1294 1295 p[0] = sp->lcp.magic >> 24; 1296 p[1] = sp->lcp.magic >> 16; 1297 p[2] = sp->lcp.magic >> 8; 1298 p[3] = sp->lcp.magic; 1299 1300 if (debug) 1301 addlog(SPP_FMT "got lcp echo req, sending echo rep\n", 1302 SPP_ARGS(ifp)); 1303 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1304 break; 1305 case ECHO_REPLY: 1306 if (cp->proto != PPP_LCP) 1307 goto illegal; 1308 if (h->ident != sp->lcp.echoid) { 1309 ++ifp->if_ierrors; 1310 break; 1311 } 1312 if (len < 8) { 1313 if (debug) 1314 addlog(SPP_FMT "lcp invalid echo reply " 1315 "packet length: %d bytes\n", 1316 SPP_ARGS(ifp), len); 1317 break; 1318 } 1319 if (debug) 1320 addlog(SPP_FMT "lcp got echo rep\n", 1321 SPP_ARGS(ifp)); 1322 1323 nmagic = (u_long)p[0] << 24 | 1324 (u_long)p[1] << 16 | p[2] << 8 | p[3]; 1325 1326 if (nmagic != sp->lcp.magic) 1327 sp->pp_alivecnt = 0; 1328 break; 1329 default: 1330 /* Unknown packet type -- send Code-Reject packet. */ 1331 illegal: 1332 if (debug) 1333 addlog(SPP_FMT "%s send code-rej for 0x%x\n", 1334 SPP_ARGS(ifp), cp->name, h->type); 1335 sppp_cp_send(sp, cp->proto, CODE_REJ, ++sp->pp_seq, 1336 m->m_pkthdr.len, h); 1337 ++ifp->if_ierrors; 1338 } 1339 } 1340 1341 1342 /* 1343 * The generic part of all Up/Down/Open/Close/TO event handlers. 1344 * Basically, the state transition handling in the automaton. 1345 */ 1346 void 1347 sppp_up_event(const struct cp *cp, struct sppp *sp) 1348 { 1349 STDDCL; 1350 1351 if (debug) 1352 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1353 SPP_ARGS(ifp), cp->name, 1354 sppp_state_name(sp->state[cp->protoidx])); 1355 1356 switch (sp->state[cp->protoidx]) { 1357 case STATE_INITIAL: 1358 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1359 break; 1360 case STATE_STARTING: 1361 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1362 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1363 (cp->scr)(sp); 1364 break; 1365 default: 1366 /* printf(SPP_FMT "%s illegal up in state %s\n", 1367 SPP_ARGS(ifp), cp->name, 1368 sppp_state_name(sp->state[cp->protoidx])); */ 1369 break; 1370 } 1371 } 1372 1373 void 1374 sppp_down_event(const struct cp *cp, struct sppp *sp) 1375 { 1376 STDDCL; 1377 1378 if (debug) 1379 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1380 SPP_ARGS(ifp), cp->name, 1381 sppp_state_name(sp->state[cp->protoidx])); 1382 1383 switch (sp->state[cp->protoidx]) { 1384 case STATE_CLOSED: 1385 case STATE_CLOSING: 1386 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1387 break; 1388 case STATE_STOPPED: 1389 sppp_cp_change_state(cp, sp, STATE_STARTING); 1390 (cp->tls)(sp); 1391 break; 1392 case STATE_STOPPING: 1393 case STATE_REQ_SENT: 1394 case STATE_ACK_RCVD: 1395 case STATE_ACK_SENT: 1396 sppp_cp_change_state(cp, sp, STATE_STARTING); 1397 break; 1398 case STATE_OPENED: 1399 sppp_cp_change_state(cp, sp, STATE_STARTING); 1400 (cp->tld)(sp); 1401 break; 1402 default: 1403 /* printf(SPP_FMT "%s illegal down in state %s\n", 1404 SPP_ARGS(ifp), cp->name, 1405 sppp_state_name(sp->state[cp->protoidx])); */ 1406 break; 1407 } 1408 } 1409 1410 1411 void 1412 sppp_open_event(const struct cp *cp, struct sppp *sp) 1413 { 1414 STDDCL; 1415 1416 if (debug) 1417 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1418 SPP_ARGS(ifp), cp->name, 1419 sppp_state_name(sp->state[cp->protoidx])); 1420 1421 switch (sp->state[cp->protoidx]) { 1422 case STATE_INITIAL: 1423 sppp_cp_change_state(cp, sp, STATE_STARTING); 1424 (cp->tls)(sp); 1425 break; 1426 case STATE_STARTING: 1427 break; 1428 case STATE_CLOSED: 1429 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1430 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1431 (cp->scr)(sp); 1432 break; 1433 case STATE_STOPPED: 1434 case STATE_STOPPING: 1435 case STATE_REQ_SENT: 1436 case STATE_ACK_RCVD: 1437 case STATE_ACK_SENT: 1438 case STATE_OPENED: 1439 break; 1440 case STATE_CLOSING: 1441 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1442 break; 1443 } 1444 } 1445 1446 1447 void 1448 sppp_close_event(const struct cp *cp, struct sppp *sp) 1449 { 1450 STDDCL; 1451 1452 if (debug) 1453 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1454 SPP_ARGS(ifp), cp->name, 1455 sppp_state_name(sp->state[cp->protoidx])); 1456 1457 switch (sp->state[cp->protoidx]) { 1458 case STATE_INITIAL: 1459 case STATE_CLOSED: 1460 case STATE_CLOSING: 1461 break; 1462 case STATE_STARTING: 1463 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1464 (cp->tlf)(sp); 1465 break; 1466 case STATE_STOPPED: 1467 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1468 break; 1469 case STATE_STOPPING: 1470 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1471 break; 1472 case STATE_OPENED: 1473 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1474 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1475 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0); 1476 (cp->tld)(sp); 1477 break; 1478 case STATE_REQ_SENT: 1479 case STATE_ACK_RCVD: 1480 case STATE_ACK_SENT: 1481 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1482 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0); 1483 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1484 break; 1485 } 1486 } 1487 1488 void 1489 sppp_increasing_timeout (const struct cp *cp, struct sppp *sp) 1490 { 1491 int timo; 1492 1493 timo = sp->lcp.max_configure - sp->rst_counter[cp->protoidx]; 1494 if (timo < 1) 1495 timo = 1; 1496 timeout_add_sec(&sp->ch[cp->protoidx], timo * sp->lcp.timeout); 1497 } 1498 1499 void 1500 sppp_to_event(const struct cp *cp, struct sppp *sp) 1501 { 1502 STDDCL; 1503 int s; 1504 1505 s = splnet(); 1506 if (debug) 1507 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 1508 SPP_ARGS(ifp), cp->name, 1509 sppp_state_name(sp->state[cp->protoidx]), 1510 sp->rst_counter[cp->protoidx]); 1511 1512 if (--sp->rst_counter[cp->protoidx] < 0) 1513 /* TO- event */ 1514 switch (sp->state[cp->protoidx]) { 1515 case STATE_CLOSING: 1516 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1517 (cp->tlf)(sp); 1518 break; 1519 case STATE_STOPPING: 1520 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1521 (cp->tlf)(sp); 1522 break; 1523 case STATE_REQ_SENT: 1524 case STATE_ACK_RCVD: 1525 case STATE_ACK_SENT: 1526 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1527 (cp->tlf)(sp); 1528 break; 1529 } 1530 else 1531 /* TO+ event */ 1532 switch (sp->state[cp->protoidx]) { 1533 case STATE_CLOSING: 1534 case STATE_STOPPING: 1535 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 1536 0, 0); 1537 sppp_increasing_timeout (cp, sp); 1538 break; 1539 case STATE_REQ_SENT: 1540 case STATE_ACK_RCVD: 1541 /* sppp_cp_change_state() will restart the timer */ 1542 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1543 (cp->scr)(sp); 1544 break; 1545 case STATE_ACK_SENT: 1546 sppp_increasing_timeout (cp, sp); 1547 (cp->scr)(sp); 1548 break; 1549 } 1550 1551 splx(s); 1552 } 1553 1554 /* 1555 * Change the state of a control protocol in the state automaton. 1556 * Takes care of starting/stopping the restart timer. 1557 */ 1558 void 1559 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1560 { 1561 STDDCL; 1562 1563 if (debug && sp->state[cp->protoidx] != newstate) 1564 log(LOG_DEBUG, SPP_FMT "%s %s->%s\n", 1565 SPP_ARGS(ifp), cp->name, 1566 sppp_state_name(sp->state[cp->protoidx]), 1567 sppp_state_name(newstate)); 1568 sp->state[cp->protoidx] = newstate; 1569 1570 switch (newstate) { 1571 case STATE_INITIAL: 1572 case STATE_STARTING: 1573 case STATE_CLOSED: 1574 case STATE_STOPPED: 1575 case STATE_OPENED: 1576 UNTIMEOUT(cp->TO, (void *)sp, sp->ch[cp->protoidx]); 1577 break; 1578 case STATE_CLOSING: 1579 case STATE_STOPPING: 1580 case STATE_REQ_SENT: 1581 case STATE_ACK_RCVD: 1582 case STATE_ACK_SENT: 1583 if (!timeout_pending(&sp->ch[cp->protoidx])) 1584 sppp_increasing_timeout (cp, sp); 1585 break; 1586 } 1587 } 1588 /* 1589 *--------------------------------------------------------------------------* 1590 * * 1591 * The LCP implementation. * 1592 * * 1593 *--------------------------------------------------------------------------* 1594 */ 1595 void 1596 sppp_lcp_init(struct sppp *sp) 1597 { 1598 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1599 sp->lcp.magic = 0; 1600 sp->state[IDX_LCP] = STATE_INITIAL; 1601 sp->fail_counter[IDX_LCP] = 0; 1602 sp->lcp.protos = 0; 1603 sp->lcp.mru = sp->pp_if.if_mtu; 1604 sp->lcp.their_mru = 0; 1605 1606 /* 1607 * Initialize counters and timeout values. Note that we don't 1608 * use the 3 seconds suggested in RFC 1661 since we are likely 1609 * running on a fast link. XXX We should probably implement 1610 * the exponential backoff option. Note that these values are 1611 * relevant for all control protocols, not just LCP only. 1612 */ 1613 sp->lcp.timeout = 1; /* seconds */ 1614 sp->lcp.max_terminate = 2; 1615 sp->lcp.max_configure = 10; 1616 sp->lcp.max_failure = 10; 1617 } 1618 1619 void 1620 sppp_lcp_up(struct sppp *sp) 1621 { 1622 STDDCL; 1623 struct timeval tv; 1624 1625 sp->pp_alivecnt = 0; 1626 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1627 sp->lcp.magic = 0; 1628 sp->lcp.protos = 0; 1629 if (sp->pp_if.if_mtu != PP_MTU) { 1630 sp->lcp.mru = sp->pp_if.if_mtu; 1631 sp->lcp.opts |= (1 << LCP_OPT_MRU); 1632 } else 1633 sp->lcp.mru = PP_MTU; 1634 sp->lcp.their_mru = PP_MTU; 1635 1636 getmicrouptime(&tv); 1637 sp->pp_last_receive = sp->pp_last_activity = tv.tv_sec; 1638 1639 /* 1640 * If this interface is passive or dial-on-demand, and we are 1641 * still in Initial state, it means we've got an incoming 1642 * call. Activate the interface. 1643 */ 1644 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 1645 if (debug) 1646 log(LOG_DEBUG, 1647 SPP_FMT "Up event", SPP_ARGS(ifp)); 1648 ifp->if_flags |= IFF_RUNNING; 1649 if (sp->state[IDX_LCP] == STATE_INITIAL) { 1650 if (debug) 1651 addlog("(incoming call)\n"); 1652 sp->pp_flags |= PP_CALLIN; 1653 lcp.Open(sp); 1654 } else if (debug) 1655 addlog("\n"); 1656 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 1657 (sp->state[IDX_LCP] == STATE_INITIAL)) { 1658 ifp->if_flags |= IFF_RUNNING; 1659 lcp.Open(sp); 1660 } 1661 1662 sppp_up_event(&lcp, sp); 1663 } 1664 1665 void 1666 sppp_lcp_down(struct sppp *sp) 1667 { 1668 STDDCL; 1669 1670 sppp_down_event(&lcp, sp); 1671 1672 /* 1673 * If this is neither a dial-on-demand nor a passive 1674 * interface, simulate an ``ifconfig down'' action, so the 1675 * administrator can force a redial by another ``ifconfig 1676 * up''. XXX For leased line operation, should we immediately 1677 * try to reopen the connection here? 1678 */ 1679 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 1680 if (debug) 1681 log(LOG_DEBUG, SPP_FMT "Down event (carrier loss), " 1682 "taking interface down.", SPP_ARGS(ifp)); 1683 if_down(ifp); 1684 } else { 1685 if (debug) 1686 log(LOG_DEBUG, SPP_FMT "Down event (carrier loss)\n", 1687 SPP_ARGS(ifp)); 1688 } 1689 1690 if (sp->state[IDX_LCP] != STATE_INITIAL) 1691 lcp.Close(sp); 1692 sp->lcp.their_mru = 0; 1693 sp->pp_flags &= ~PP_CALLIN; 1694 ifp->if_flags &= ~IFF_RUNNING; 1695 sppp_flush(ifp); 1696 } 1697 1698 void 1699 sppp_lcp_open(struct sppp *sp) 1700 { 1701 /* 1702 * If we are authenticator, negotiate LCP_AUTH 1703 */ 1704 if (sp->hisauth.proto != 0) 1705 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 1706 else 1707 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 1708 sp->pp_flags &= ~PP_NEEDAUTH; 1709 sppp_open_event(&lcp, sp); 1710 } 1711 1712 void 1713 sppp_lcp_close(struct sppp *sp) 1714 { 1715 sppp_close_event(&lcp, sp); 1716 } 1717 1718 void 1719 sppp_lcp_TO(void *cookie) 1720 { 1721 sppp_to_event(&lcp, (struct sppp *)cookie); 1722 } 1723 1724 /* 1725 * Analyze a configure request. Return true if it was agreeable, and 1726 * caused action sca, false if it has been rejected or nak'ed, and 1727 * caused action scn. (The return value is used to make the state 1728 * transition decision in the state automaton.) 1729 */ 1730 int 1731 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 1732 { 1733 STDDCL; 1734 u_char *buf, *r, *p; 1735 int origlen, rlen; 1736 u_long nmagic; 1737 u_short authproto; 1738 1739 len -= 4; 1740 origlen = len; 1741 buf = r = malloc (len, M_TEMP, M_NOWAIT); 1742 if (! buf) 1743 return (0); 1744 1745 if (debug) 1746 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 1747 SPP_ARGS(ifp)); 1748 1749 /* pass 1: check for things that need to be rejected */ 1750 p = (void*) (h+1); 1751 for (rlen = 0; len > 1; len -= p[1], p += p[1]) { 1752 if (p[1] < 2 || p[1] > len) { 1753 free(buf, M_TEMP, 0); 1754 return (-1); 1755 } 1756 if (debug) 1757 addlog("%s ", sppp_lcp_opt_name(*p)); 1758 switch (*p) { 1759 case LCP_OPT_MAGIC: 1760 /* Magic number. */ 1761 /* FALLTHROUGH, both are same length */ 1762 case LCP_OPT_ASYNC_MAP: 1763 /* Async control character map. */ 1764 if (len >= 6 && p[1] == 6) 1765 continue; 1766 if (debug) 1767 addlog("[invalid] "); 1768 break; 1769 case LCP_OPT_MRU: 1770 /* Maximum receive unit. */ 1771 if (len >= 4 && p[1] == 4) 1772 continue; 1773 if (debug) 1774 addlog("[invalid] "); 1775 break; 1776 case LCP_OPT_AUTH_PROTO: 1777 if (len < 4) { 1778 if (debug) 1779 addlog("[invalid] "); 1780 break; 1781 } 1782 authproto = (p[2] << 8) + p[3]; 1783 if (authproto == PPP_CHAP && p[1] != 5) { 1784 if (debug) 1785 addlog("[invalid chap len] "); 1786 break; 1787 } 1788 if (sp->myauth.proto == 0) { 1789 /* we are not configured to do auth */ 1790 if (debug) 1791 addlog("[not configured] "); 1792 break; 1793 } 1794 /* 1795 * Remote want us to authenticate, remember this, 1796 * so we stay in PHASE_AUTHENTICATE after LCP got 1797 * up. 1798 */ 1799 sp->pp_flags |= PP_NEEDAUTH; 1800 continue; 1801 default: 1802 /* Others not supported. */ 1803 if (debug) 1804 addlog("[rej] "); 1805 break; 1806 } 1807 /* Add the option to rejected list. */ 1808 bcopy (p, r, p[1]); 1809 r += p[1]; 1810 rlen += p[1]; 1811 } 1812 if (rlen) { 1813 if (debug) 1814 addlog(" send conf-rej\n"); 1815 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 1816 goto end; 1817 } else if (debug) 1818 addlog("\n"); 1819 1820 /* 1821 * pass 2: check for option values that are unacceptable and 1822 * thus require to be nak'ed. 1823 */ 1824 if (debug) 1825 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 1826 SPP_ARGS(ifp)); 1827 1828 p = (void*) (h+1); 1829 len = origlen; 1830 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 1831 if (debug) 1832 addlog("%s ", sppp_lcp_opt_name(*p)); 1833 switch (*p) { 1834 case LCP_OPT_MAGIC: 1835 /* Magic number -- extract. */ 1836 nmagic = (u_long)p[2] << 24 | 1837 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 1838 if (nmagic != sp->lcp.magic) { 1839 if (debug) 1840 addlog("0x%lx ", nmagic); 1841 continue; 1842 } 1843 if (debug) 1844 addlog("[glitch] "); 1845 ++sp->pp_loopcnt; 1846 /* 1847 * We negate our magic here, and NAK it. If 1848 * we see it later in an NAK packet, we 1849 * suggest a new one. 1850 */ 1851 nmagic = ~sp->lcp.magic; 1852 /* Gonna NAK it. */ 1853 p[2] = nmagic >> 24; 1854 p[3] = nmagic >> 16; 1855 p[4] = nmagic >> 8; 1856 p[5] = nmagic; 1857 break; 1858 1859 case LCP_OPT_ASYNC_MAP: 1860 /* Async control character map -- check to be zero. */ 1861 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) { 1862 if (debug) 1863 addlog("[empty] "); 1864 continue; 1865 } 1866 if (debug) 1867 addlog("[non-empty] "); 1868 /* suggest a zero one */ 1869 p[2] = p[3] = p[4] = p[5] = 0; 1870 break; 1871 1872 case LCP_OPT_MRU: 1873 /* 1874 * Maximum receive unit. Always agreeable, 1875 * but ignored by now. 1876 */ 1877 sp->lcp.their_mru = p[2] * 256 + p[3]; 1878 if (debug) 1879 addlog("%lu ", sp->lcp.their_mru); 1880 continue; 1881 1882 case LCP_OPT_AUTH_PROTO: 1883 authproto = (p[2] << 8) + p[3]; 1884 if (sp->myauth.proto != authproto) { 1885 /* not agreed, nak */ 1886 if (debug) 1887 addlog("[mine %s != his %s] ", 1888 sppp_proto_name(sp->hisauth.proto), 1889 sppp_proto_name(authproto)); 1890 p[2] = sp->myauth.proto >> 8; 1891 p[3] = sp->myauth.proto; 1892 break; 1893 } 1894 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 1895 if (debug) 1896 addlog("[chap not MD5] "); 1897 p[4] = CHAP_MD5; 1898 break; 1899 } 1900 continue; 1901 } 1902 /* Add the option to nak'ed list. */ 1903 bcopy (p, r, p[1]); 1904 r += p[1]; 1905 rlen += p[1]; 1906 } 1907 if (rlen) { 1908 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 1909 if (debug) 1910 addlog(" max_failure (%d) exceeded, " 1911 "send conf-rej\n", 1912 sp->lcp.max_failure); 1913 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 1914 } else { 1915 if (debug) 1916 addlog(" send conf-nak\n"); 1917 sppp_cp_send(sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 1918 } 1919 goto end; 1920 } else { 1921 if (debug) 1922 addlog("send conf-ack\n"); 1923 sp->fail_counter[IDX_LCP] = 0; 1924 sp->pp_loopcnt = 0; 1925 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 1926 h->ident, origlen, h+1); 1927 } 1928 1929 end: 1930 free(buf, M_TEMP, 0); 1931 return (rlen == 0); 1932 } 1933 1934 /* 1935 * Analyze the LCP Configure-Reject option list, and adjust our 1936 * negotiation. 1937 */ 1938 void 1939 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 1940 { 1941 STDDCL; 1942 u_char *p; 1943 1944 len -= 4; 1945 1946 if (debug) 1947 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 1948 SPP_ARGS(ifp)); 1949 1950 p = (void*) (h+1); 1951 for (; len > 1; len -= p[1], p += p[1]) { 1952 if (p[1] < 2 || p[1] > len) 1953 return; 1954 if (debug) 1955 addlog("%s ", sppp_lcp_opt_name(*p)); 1956 switch (*p) { 1957 case LCP_OPT_MAGIC: 1958 /* Magic number -- can't use it, use 0 */ 1959 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 1960 sp->lcp.magic = 0; 1961 break; 1962 case LCP_OPT_MRU: 1963 /* 1964 * Should not be rejected anyway, since we only 1965 * negotiate a MRU if explicitly requested by 1966 * peer. 1967 */ 1968 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 1969 break; 1970 case LCP_OPT_AUTH_PROTO: 1971 /* 1972 * Peer doesn't want to authenticate himself, 1973 * deny unless this is a dialout call, and 1974 * AUTHFLAG_NOCALLOUT is set. 1975 */ 1976 if ((sp->pp_flags & PP_CALLIN) == 0 && 1977 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 1978 if (debug) 1979 addlog("[don't insist on auth " 1980 "for callout]"); 1981 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 1982 break; 1983 } 1984 if (debug) 1985 addlog("[access denied]\n"); 1986 lcp.Close(sp); 1987 break; 1988 } 1989 } 1990 if (debug) 1991 addlog("\n"); 1992 } 1993 1994 /* 1995 * Analyze the LCP Configure-NAK option list, and adjust our 1996 * negotiation. 1997 */ 1998 void 1999 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2000 { 2001 STDDCL; 2002 u_char *p; 2003 u_long magic; 2004 2005 len -= 4; 2006 2007 if (debug) 2008 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2009 SPP_ARGS(ifp)); 2010 2011 p = (void*) (h+1); 2012 for (; len > 1; len -= p[1], p += p[1]) { 2013 if (p[1] < 2 || p[1] > len) 2014 return; 2015 if (debug) 2016 addlog("%s ", sppp_lcp_opt_name(*p)); 2017 switch (*p) { 2018 case LCP_OPT_MAGIC: 2019 /* Magic number -- renegotiate */ 2020 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2021 len >= 6 && p[1] == 6) { 2022 magic = (u_long)p[2] << 24 | 2023 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2024 /* 2025 * If the remote magic is our negated one, 2026 * this looks like a loopback problem. 2027 * Suggest a new magic to make sure. 2028 */ 2029 if (magic == ~sp->lcp.magic) { 2030 if (debug) 2031 addlog("magic glitch "); 2032 sp->lcp.magic = arc4random(); 2033 } else { 2034 sp->lcp.magic = magic; 2035 if (debug) 2036 addlog("%lu ", magic); 2037 } 2038 } 2039 break; 2040 case LCP_OPT_MRU: 2041 /* 2042 * Peer wants to advise us to negotiate an MRU. 2043 * Agree on it if it's reasonable, or use 2044 * default otherwise. 2045 */ 2046 if (len >= 4 && p[1] == 4) { 2047 u_int mru = p[2] * 256 + p[3]; 2048 if (debug) 2049 addlog("%d ", mru); 2050 if (mru < PP_MIN_MRU) 2051 mru = PP_MIN_MRU; 2052 if (mru > PP_MAX_MRU) 2053 mru = PP_MAX_MRU; 2054 sp->lcp.mru = mru; 2055 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2056 } 2057 break; 2058 case LCP_OPT_AUTH_PROTO: 2059 /* 2060 * Peer doesn't like our authentication method, 2061 * deny. 2062 */ 2063 if (debug) 2064 addlog("[access denied]\n"); 2065 lcp.Close(sp); 2066 break; 2067 } 2068 } 2069 if (debug) 2070 addlog("\n"); 2071 } 2072 2073 void 2074 sppp_lcp_tlu(struct sppp *sp) 2075 { 2076 struct ifnet *ifp = &sp->pp_if; 2077 int i; 2078 u_long mask; 2079 2080 /* XXX ? */ 2081 if (! (ifp->if_flags & IFF_UP) && 2082 (ifp->if_flags & IFF_RUNNING)) { 2083 /* Coming out of loopback mode. */ 2084 if_up(ifp); 2085 if (ifp->if_flags & IFF_DEBUG) 2086 log(LOG_INFO, SPP_FMT "up\n", SPP_ARGS(ifp)); 2087 } 2088 2089 for (i = 0; i < IDX_COUNT; i++) 2090 if ((cps[i])->flags & CP_QUAL) 2091 (cps[i])->Open(sp); 2092 2093 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2094 (sp->pp_flags & PP_NEEDAUTH) != 0) 2095 sp->pp_phase = PHASE_AUTHENTICATE; 2096 else 2097 sp->pp_phase = PHASE_NETWORK; 2098 2099 sppp_set_phase(sp); 2100 2101 /* 2102 * Open all authentication protocols. This is even required 2103 * if we already proceeded to network phase, since it might be 2104 * that remote wants us to authenticate, so we might have to 2105 * send a PAP request. Undesired authentication protocols 2106 * don't do anything when they get an Open event. 2107 */ 2108 for (i = 0; i < IDX_COUNT; i++) 2109 if ((cps[i])->flags & CP_AUTH) 2110 (cps[i])->Open(sp); 2111 2112 if (sp->pp_phase == PHASE_NETWORK) { 2113 /* Notify all NCPs. */ 2114 for (i = 0; i < IDX_COUNT; i++) 2115 if ((cps[i])->flags & CP_NCP) 2116 (cps[i])->Open(sp); 2117 } 2118 2119 /* Send Up events to all started protos. */ 2120 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2121 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) 2122 (cps[i])->Up(sp); 2123 2124 /* notify low-level driver of state change */ 2125 if (sp->pp_chg) 2126 sp->pp_chg(sp, (int)sp->pp_phase); 2127 2128 if (sp->pp_phase == PHASE_NETWORK) 2129 /* if no NCP is starting, close down */ 2130 sppp_lcp_check_and_close(sp); 2131 } 2132 2133 void 2134 sppp_lcp_tld(struct sppp *sp) 2135 { 2136 int i; 2137 u_long mask; 2138 2139 sp->pp_phase = PHASE_TERMINATE; 2140 2141 sppp_set_phase(sp); 2142 2143 /* 2144 * Take upper layers down. We send the Down event first and 2145 * the Close second to prevent the upper layers from sending 2146 * ``a flurry of terminate-request packets'', as the RFC 2147 * describes it. 2148 */ 2149 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2150 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) { 2151 (cps[i])->Down(sp); 2152 (cps[i])->Close(sp); 2153 } 2154 } 2155 2156 void 2157 sppp_lcp_tls(struct sppp *sp) 2158 { 2159 sp->pp_phase = PHASE_ESTABLISH; 2160 2161 sppp_set_phase(sp); 2162 2163 /* Notify lower layer if desired. */ 2164 if (sp->pp_tls) 2165 (sp->pp_tls)(sp); 2166 } 2167 2168 void 2169 sppp_lcp_tlf(struct sppp *sp) 2170 { 2171 sp->pp_phase = PHASE_DEAD; 2172 sppp_set_phase(sp); 2173 2174 /* Notify lower layer if desired. */ 2175 if (sp->pp_tlf) 2176 (sp->pp_tlf)(sp); 2177 } 2178 2179 void 2180 sppp_lcp_scr(struct sppp *sp) 2181 { 2182 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2183 int i = 0; 2184 u_short authproto; 2185 2186 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2187 if (! sp->lcp.magic) 2188 sp->lcp.magic = arc4random(); 2189 opt[i++] = LCP_OPT_MAGIC; 2190 opt[i++] = 6; 2191 opt[i++] = sp->lcp.magic >> 24; 2192 opt[i++] = sp->lcp.magic >> 16; 2193 opt[i++] = sp->lcp.magic >> 8; 2194 opt[i++] = sp->lcp.magic; 2195 } 2196 2197 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2198 opt[i++] = LCP_OPT_MRU; 2199 opt[i++] = 4; 2200 opt[i++] = sp->lcp.mru >> 8; 2201 opt[i++] = sp->lcp.mru; 2202 } 2203 2204 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2205 authproto = sp->hisauth.proto; 2206 opt[i++] = LCP_OPT_AUTH_PROTO; 2207 opt[i++] = authproto == PPP_CHAP? 5: 4; 2208 opt[i++] = authproto >> 8; 2209 opt[i++] = authproto; 2210 if (authproto == PPP_CHAP) 2211 opt[i++] = CHAP_MD5; 2212 } 2213 2214 sp->confid[IDX_LCP] = ++sp->pp_seq; 2215 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, opt); 2216 } 2217 2218 /* 2219 * Check the open NCPs, return true if at least one NCP is open. 2220 */ 2221 int 2222 sppp_ncp_check(struct sppp *sp) 2223 { 2224 int i, mask; 2225 2226 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2227 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP) 2228 return 1; 2229 return 0; 2230 } 2231 2232 /* 2233 * Re-check the open NCPs and see if we should terminate the link. 2234 * Called by the NCPs during their tlf action handling. 2235 */ 2236 void 2237 sppp_lcp_check_and_close(struct sppp *sp) 2238 { 2239 2240 if (sp->pp_phase < PHASE_NETWORK) 2241 /* don't bother, we are already going down */ 2242 return; 2243 2244 if (sppp_ncp_check(sp)) 2245 return; 2246 2247 lcp.Close(sp); 2248 } 2249 /* 2250 *--------------------------------------------------------------------------* 2251 * * 2252 * The IPCP implementation. * 2253 * * 2254 *--------------------------------------------------------------------------* 2255 */ 2256 2257 void 2258 sppp_ipcp_init(struct sppp *sp) 2259 { 2260 sp->ipcp.opts = 0; 2261 sp->ipcp.flags = 0; 2262 sp->state[IDX_IPCP] = STATE_INITIAL; 2263 sp->fail_counter[IDX_IPCP] = 0; 2264 task_set(&sp->ipcp.set_addr_task, sppp_set_ip_addrs, sp); 2265 task_set(&sp->ipcp.clear_addr_task, sppp_clear_ip_addrs, sp); 2266 } 2267 2268 void 2269 sppp_ipcp_destroy(struct sppp *sp) 2270 { 2271 task_del(systq, &sp->ipcp.set_addr_task); 2272 task_del(systq, &sp->ipcp.clear_addr_task); 2273 } 2274 2275 void 2276 sppp_ipcp_up(struct sppp *sp) 2277 { 2278 sppp_up_event(&ipcp, sp); 2279 } 2280 2281 void 2282 sppp_ipcp_down(struct sppp *sp) 2283 { 2284 sppp_down_event(&ipcp, sp); 2285 } 2286 2287 void 2288 sppp_ipcp_open(struct sppp *sp) 2289 { 2290 sppp_open_event(&ipcp, sp); 2291 } 2292 2293 void 2294 sppp_ipcp_close(struct sppp *sp) 2295 { 2296 sppp_close_event(&ipcp, sp); 2297 } 2298 2299 void 2300 sppp_ipcp_TO(void *cookie) 2301 { 2302 sppp_to_event(&ipcp, (struct sppp *)cookie); 2303 } 2304 2305 /* 2306 * Analyze a configure request. Return true if it was agreeable, and 2307 * caused action sca, false if it has been rejected or nak'ed, and 2308 * caused action scn. (The return value is used to make the state 2309 * transition decision in the state automaton.) 2310 */ 2311 int 2312 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2313 { 2314 u_char *buf, *r, *p; 2315 struct ifnet *ifp = &sp->pp_if; 2316 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2317 u_int32_t hisaddr, desiredaddr; 2318 2319 len -= 4; 2320 origlen = len; 2321 /* 2322 * Make sure to allocate a buf that can at least hold a 2323 * conf-nak with an `address' option. We might need it below. 2324 */ 2325 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2326 if (! buf) 2327 return (0); 2328 2329 /* pass 1: see if we can recognize them */ 2330 if (debug) 2331 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2332 SPP_ARGS(ifp)); 2333 p = (void*) (h+1); 2334 for (rlen = 0; len > 1; len -= p[1], p += p[1]) { 2335 if (p[1] < 2 || p[1] > len) { 2336 free(buf, M_TEMP, 0); 2337 return (-1); 2338 } 2339 if (debug) 2340 addlog("%s ", sppp_ipcp_opt_name(*p)); 2341 switch (*p) { 2342 #ifdef notyet 2343 case IPCP_OPT_COMPRESSION: 2344 if (len >= 6 && p[1] >= 6) { 2345 /* correctly formed compress option */ 2346 continue; 2347 } 2348 if (debug) 2349 addlog("[invalid] "); 2350 break; 2351 #endif 2352 case IPCP_OPT_ADDRESS: 2353 if (len >= 6 && p[1] == 6) { 2354 /* correctly formed address option */ 2355 continue; 2356 } 2357 if (debug) 2358 addlog("[invalid] "); 2359 break; 2360 default: 2361 /* Others not supported. */ 2362 if (debug) 2363 addlog("[rej] "); 2364 break; 2365 } 2366 /* Add the option to rejected list. */ 2367 bcopy (p, r, p[1]); 2368 r += p[1]; 2369 rlen += p[1]; 2370 } 2371 if (rlen) { 2372 if (debug) 2373 addlog(" send conf-rej\n"); 2374 sppp_cp_send(sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2375 goto end; 2376 } else if (debug) 2377 addlog("\n"); 2378 2379 /* pass 2: parse option values */ 2380 if (sp->ipcp.flags & IPCP_HISADDR_SEEN) 2381 hisaddr = sp->ipcp.req_hisaddr; /* we already agreed on that */ 2382 else 2383 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */ 2384 if (debug) 2385 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2386 SPP_ARGS(ifp)); 2387 p = (void*) (h+1); 2388 len = origlen; 2389 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2390 if (debug) 2391 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2392 switch (*p) { 2393 #ifdef notyet 2394 case IPCP_OPT_COMPRESSION: 2395 continue; 2396 #endif 2397 case IPCP_OPT_ADDRESS: 2398 desiredaddr = p[2] << 24 | p[3] << 16 | 2399 p[4] << 8 | p[5]; 2400 if (desiredaddr == hisaddr || 2401 ((sp->ipcp.flags & IPCP_HISADDR_DYN) && 2402 desiredaddr != 0)) { 2403 /* 2404 * Peer's address is same as our value, 2405 * or we have set it to 0.0.0.1 to 2406 * indicate that we do not really care, 2407 * this is agreeable. Gonna conf-ack 2408 * it. 2409 */ 2410 if (debug) 2411 addlog("%s [ack] ", 2412 sppp_dotted_quad(desiredaddr)); 2413 /* record that we've seen it already */ 2414 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2415 sp->ipcp.req_hisaddr = desiredaddr; 2416 hisaddr = desiredaddr; 2417 continue; 2418 } 2419 /* 2420 * The address wasn't agreeable. This is either 2421 * he sent us 0.0.0.0, asking to assign him an 2422 * address, or he send us another address not 2423 * matching our value. Either case, we gonna 2424 * conf-nak it with our value. 2425 */ 2426 if (debug) { 2427 if (desiredaddr == 0) 2428 addlog("[addr requested] "); 2429 else 2430 addlog("%s [not agreed] ", 2431 sppp_dotted_quad(desiredaddr)); 2432 } 2433 2434 p[2] = hisaddr >> 24; 2435 p[3] = hisaddr >> 16; 2436 p[4] = hisaddr >> 8; 2437 p[5] = hisaddr; 2438 break; 2439 } 2440 /* Add the option to nak'ed list. */ 2441 bcopy (p, r, p[1]); 2442 r += p[1]; 2443 rlen += p[1]; 2444 } 2445 2446 /* 2447 * If we are about to conf-ack the request, but haven't seen 2448 * his address so far, gonna conf-nak it instead, with the 2449 * `address' option present and our idea of his address being 2450 * filled in there, to request negotiation of both addresses. 2451 * 2452 * XXX This can result in an endless req - nak loop if peer 2453 * doesn't want to send us his address. Q: What should we do 2454 * about it? XXX A: implement the max-failure counter. 2455 */ 2456 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) { 2457 buf[0] = IPCP_OPT_ADDRESS; 2458 buf[1] = 6; 2459 buf[2] = hisaddr >> 24; 2460 buf[3] = hisaddr >> 16; 2461 buf[4] = hisaddr >> 8; 2462 buf[5] = hisaddr; 2463 rlen = 6; 2464 if (debug) 2465 addlog("still need hisaddr "); 2466 } 2467 2468 if (rlen) { 2469 if (debug) 2470 addlog(" send conf-nak\n"); 2471 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2472 } else { 2473 if (debug) 2474 addlog(" send conf-ack\n"); 2475 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 2476 h->ident, origlen, h+1); 2477 } 2478 2479 end: 2480 free(buf, M_TEMP, 0); 2481 return (rlen == 0); 2482 } 2483 2484 /* 2485 * Analyze the IPCP Configure-Reject option list, and adjust our 2486 * negotiation. 2487 */ 2488 void 2489 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2490 { 2491 u_char *p; 2492 struct ifnet *ifp = &sp->pp_if; 2493 int debug = ifp->if_flags & IFF_DEBUG; 2494 2495 len -= 4; 2496 2497 if (debug) 2498 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 2499 SPP_ARGS(ifp)); 2500 2501 p = (void*) (h+1); 2502 for (; len > 1; len -= p[1], p += p[1]) { 2503 if (p[1] < 2 || p[1] > len) 2504 return; 2505 if (debug) 2506 addlog("%s ", sppp_ipcp_opt_name(*p)); 2507 switch (*p) { 2508 case IPCP_OPT_ADDRESS: 2509 /* 2510 * Peer doesn't grok address option. This is 2511 * bad. XXX Should we better give up here? 2512 */ 2513 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 2514 break; 2515 #ifdef notyet 2516 case IPCP_OPT_COMPRESS: 2517 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS); 2518 break; 2519 #endif 2520 } 2521 } 2522 if (debug) 2523 addlog("\n"); 2524 } 2525 2526 /* 2527 * Analyze the IPCP Configure-NAK option list, and adjust our 2528 * negotiation. 2529 */ 2530 void 2531 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2532 { 2533 u_char *p; 2534 struct ifnet *ifp = &sp->pp_if; 2535 int debug = ifp->if_flags & IFF_DEBUG; 2536 u_int32_t wantaddr; 2537 2538 len -= 4; 2539 2540 if (debug) 2541 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 2542 SPP_ARGS(ifp)); 2543 2544 p = (void*) (h+1); 2545 for (; len > 1; len -= p[1], p += p[1]) { 2546 if (p[1] < 2 || p[1] > len) 2547 return; 2548 if (debug) 2549 addlog("%s ", sppp_ipcp_opt_name(*p)); 2550 switch (*p) { 2551 case IPCP_OPT_ADDRESS: 2552 /* 2553 * Peer doesn't like our local IP address. See 2554 * if we can do something for him. We'll drop 2555 * him our address then. 2556 */ 2557 if (len >= 6 && p[1] == 6) { 2558 wantaddr = p[2] << 24 | p[3] << 16 | 2559 p[4] << 8 | p[5]; 2560 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2561 if (debug) 2562 addlog("[wantaddr %s] ", 2563 sppp_dotted_quad(wantaddr)); 2564 /* 2565 * When doing dynamic address assignment, 2566 * we accept his offer. Otherwise, we 2567 * ignore it and thus continue to negotiate 2568 * our already existing value. 2569 */ 2570 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 2571 if (debug) 2572 addlog("[agree] "); 2573 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2574 sp->ipcp.req_myaddr = wantaddr; 2575 } 2576 } 2577 break; 2578 #ifdef notyet 2579 case IPCP_OPT_COMPRESS: 2580 /* 2581 * Peer wants different compression parameters. 2582 */ 2583 break; 2584 #endif 2585 } 2586 } 2587 if (debug) 2588 addlog("\n"); 2589 } 2590 2591 void 2592 sppp_ipcp_tlu(struct sppp *sp) 2593 { 2594 if (sp->ipcp.req_myaddr != 0 || sp->ipcp.req_hisaddr != 0) 2595 task_add(systq, &sp->ipcp.set_addr_task); 2596 } 2597 2598 void 2599 sppp_ipcp_tld(struct sppp *sp) 2600 { 2601 } 2602 2603 void 2604 sppp_ipcp_tls(struct sppp *sp) 2605 { 2606 STDDCL; 2607 u_int32_t myaddr, hisaddr; 2608 2609 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN| 2610 IPCP_MYADDR_DYN|IPCP_HISADDR_DYN); 2611 sp->ipcp.req_myaddr = 0; 2612 sp->ipcp.req_hisaddr = 0; 2613 2614 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2615 /* 2616 * If we don't have his address, this probably means our 2617 * interface doesn't want to talk IP at all. (This could 2618 * be the case if somebody wants to speak only IPX, for 2619 * example.) Don't open IPCP in this case. 2620 */ 2621 if (hisaddr == 0) { 2622 /* XXX this message should go away */ 2623 if (debug) 2624 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2625 SPP_ARGS(ifp)); 2626 return; 2627 } 2628 2629 if (myaddr == 0) { 2630 /* 2631 * I don't have an assigned address, so i need to 2632 * negotiate my address. 2633 */ 2634 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2635 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2636 } 2637 if (hisaddr >= 1 && hisaddr <= 255) { 2638 /* 2639 * XXX - remove this hack! 2640 * remote has no valid address, we need to get one assigned. 2641 */ 2642 sp->ipcp.flags |= IPCP_HISADDR_DYN; 2643 } 2644 2645 /* indicate to LCP that it must stay alive */ 2646 sp->lcp.protos |= (1 << IDX_IPCP); 2647 } 2648 2649 void 2650 sppp_ipcp_tlf(struct sppp *sp) 2651 { 2652 if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN)) 2653 /* Some address was dynamic, clear it again. */ 2654 task_add(systq, &sp->ipcp.clear_addr_task); 2655 2656 /* we no longer need LCP */ 2657 sp->lcp.protos &= ~(1 << IDX_IPCP); 2658 sppp_lcp_check_and_close(sp); 2659 } 2660 2661 void 2662 sppp_ipcp_scr(struct sppp *sp) 2663 { 2664 char opt[6 /* compression */ + 6 /* address */]; 2665 u_int32_t ouraddr; 2666 int i = 0; 2667 2668 #ifdef notyet 2669 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 2670 opt[i++] = IPCP_OPT_COMPRESSION; 2671 opt[i++] = 6; 2672 opt[i++] = 0; /* VJ header compression */ 2673 opt[i++] = 0x2d; /* VJ header compression */ 2674 opt[i++] = max_slot_id; 2675 opt[i++] = comp_slot_id; 2676 } 2677 #endif 2678 2679 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 2680 if (sp->ipcp.flags & IPCP_MYADDR_SEEN) 2681 /* not sure if this can ever happen */ 2682 ouraddr = sp->ipcp.req_myaddr; 2683 else 2684 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 2685 opt[i++] = IPCP_OPT_ADDRESS; 2686 opt[i++] = 6; 2687 opt[i++] = ouraddr >> 24; 2688 opt[i++] = ouraddr >> 16; 2689 opt[i++] = ouraddr >> 8; 2690 opt[i++] = ouraddr; 2691 } 2692 2693 sp->confid[IDX_IPCP] = ++sp->pp_seq; 2694 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, opt); 2695 } 2696 2697 /* 2698 *--------------------------------------------------------------------------* 2699 * * 2700 * The IPv6CP implementation. * 2701 * * 2702 *--------------------------------------------------------------------------* 2703 */ 2704 2705 #ifdef INET6 2706 void 2707 sppp_ipv6cp_init(struct sppp *sp) 2708 { 2709 sp->ipv6cp.opts = 0; 2710 sp->ipv6cp.flags = 0; 2711 sp->state[IDX_IPV6CP] = STATE_INITIAL; 2712 sp->fail_counter[IDX_IPV6CP] = 0; 2713 task_set(&sp->ipv6cp.set_addr_task, sppp_update_ip6_addr, sp); 2714 } 2715 2716 void 2717 sppp_ipv6cp_destroy(struct sppp *sp) 2718 { 2719 task_del(systq, &sp->ipv6cp.set_addr_task); 2720 } 2721 2722 void 2723 sppp_ipv6cp_up(struct sppp *sp) 2724 { 2725 sppp_up_event(&ipv6cp, sp); 2726 } 2727 2728 void 2729 sppp_ipv6cp_down(struct sppp *sp) 2730 { 2731 sppp_down_event(&ipv6cp, sp); 2732 } 2733 2734 void 2735 sppp_ipv6cp_open(struct sppp *sp) 2736 { 2737 STDDCL; 2738 struct in6_addr myaddr, hisaddr; 2739 2740 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 2741 2742 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, NULL); 2743 /* 2744 * If we don't have our address, this probably means our 2745 * interface doesn't want to talk IPv6 at all. (This could 2746 * be the case if the IFXF_NOINET6 flag is set, for 2747 * example.) Don't open IPv6CP in this case. 2748 */ 2749 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 2750 /* XXX this message should go away */ 2751 if (debug) 2752 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 2753 SPP_ARGS(ifp)); 2754 return; 2755 } 2756 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 2757 sppp_open_event(&ipv6cp, sp); 2758 } 2759 2760 void 2761 sppp_ipv6cp_close(struct sppp *sp) 2762 { 2763 sppp_close_event(&ipv6cp, sp); 2764 } 2765 2766 void 2767 sppp_ipv6cp_TO(void *cookie) 2768 { 2769 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 2770 } 2771 2772 int 2773 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2774 { 2775 u_char *buf, *r, *p; 2776 struct ifnet *ifp = &sp->pp_if; 2777 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2778 struct in6_addr myaddr, desiredaddr, suggestaddr; 2779 int ifidcount; 2780 int type; 2781 int collision, nohisaddr; 2782 char addr[INET6_ADDRSTRLEN]; 2783 2784 len -= 4; 2785 origlen = len; 2786 /* 2787 * Make sure to allocate a buf that can at least hold a 2788 * conf-nak with an `address' option. We might need it below. 2789 */ 2790 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2791 if (! buf) 2792 return (0); 2793 2794 /* pass 1: see if we can recognize them */ 2795 if (debug) 2796 log(LOG_DEBUG, "%s: ipv6cp parse opts:", 2797 SPP_ARGS(ifp)); 2798 p = (void *)(h + 1); 2799 ifidcount = 0; 2800 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2801 /* Sanity check option length */ 2802 if (p[1] < 2 || p[1] > len) { 2803 free(buf, M_TEMP, 0); 2804 return (-1); 2805 } 2806 if (debug) 2807 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 2808 switch (*p) { 2809 case IPV6CP_OPT_IFID: 2810 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 2811 /* correctly formed address option */ 2812 ifidcount++; 2813 continue; 2814 } 2815 if (debug) 2816 addlog(" [invalid]"); 2817 break; 2818 #ifdef notyet 2819 case IPV6CP_OPT_COMPRESSION: 2820 if (len >= 4 && p[1] >= 4) { 2821 /* correctly formed compress option */ 2822 continue; 2823 } 2824 if (debug) 2825 addlog(" [invalid]"); 2826 break; 2827 #endif 2828 default: 2829 /* Others not supported. */ 2830 if (debug) 2831 addlog(" [rej]"); 2832 break; 2833 } 2834 /* Add the option to rejected list. */ 2835 bcopy (p, r, p[1]); 2836 r += p[1]; 2837 rlen += p[1]; 2838 } 2839 if (rlen) { 2840 if (debug) 2841 addlog(" send conf-rej\n"); 2842 sppp_cp_send(sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 2843 goto end; 2844 } else if (debug) 2845 addlog("\n"); 2846 2847 /* pass 2: parse option values */ 2848 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) 2849 myaddr = sp->ipv6cp.req_ifid.ifra_addr.sin6_addr; 2850 else 2851 sppp_get_ip6_addrs(sp, &myaddr, NULL, NULL); 2852 if (debug) 2853 log(LOG_DEBUG, "%s: ipv6cp parse opt values: ", 2854 SPP_ARGS(ifp)); 2855 p = (void *)(h + 1); 2856 len = origlen; 2857 type = CONF_ACK; 2858 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2859 if (debug) 2860 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 2861 switch (*p) { 2862 #ifdef notyet 2863 case IPV6CP_OPT_COMPRESSION: 2864 continue; 2865 #endif 2866 case IPV6CP_OPT_IFID: 2867 memset(&desiredaddr, 0, sizeof(desiredaddr)); 2868 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 2869 collision = (memcmp(&desiredaddr.s6_addr[8], 2870 &myaddr.s6_addr[8], 8) == 0); 2871 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 2872 2873 desiredaddr.s6_addr16[0] = htons(0xfe80); 2874 2875 if (!collision && !nohisaddr) { 2876 /* no collision, hisaddr known - Conf-Ack */ 2877 type = CONF_ACK; 2878 2879 if (debug) { 2880 addlog(" %s [%s]", 2881 inet_ntop(AF_INET6, &desiredaddr, 2882 addr, sizeof(addr)), 2883 sppp_cp_type_name(type)); 2884 } 2885 sppp_set_ip6_addr(sp, &myaddr, &desiredaddr); 2886 continue; 2887 } 2888 2889 memset(&suggestaddr, 0, sizeof(suggestaddr)); 2890 if (collision && nohisaddr) { 2891 /* collision, hisaddr unknown - Conf-Rej */ 2892 type = CONF_REJ; 2893 memset(&p[2], 0, 8); 2894 } else { 2895 /* 2896 * - no collision, hisaddr unknown, or 2897 * - collision, hisaddr known 2898 * Conf-Nak, suggest hisaddr 2899 */ 2900 type = CONF_NAK; 2901 sppp_suggest_ip6_addr(sp, &suggestaddr); 2902 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 2903 } 2904 if (debug) 2905 addlog(" %s [%s]", 2906 inet_ntop(AF_INET6, &desiredaddr, addr, 2907 sizeof(addr)), 2908 sppp_cp_type_name(type)); 2909 break; 2910 } 2911 /* Add the option to nak'ed list. */ 2912 bcopy (p, r, p[1]); 2913 r += p[1]; 2914 rlen += p[1]; 2915 } 2916 2917 if (rlen == 0 && type == CONF_ACK) { 2918 if (debug) 2919 addlog(" send %s\n", sppp_cp_type_name(type)); 2920 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, origlen, h + 1); 2921 } else { 2922 #ifdef notdef 2923 if (type == CONF_ACK) 2924 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 2925 #endif 2926 2927 if (debug) { 2928 addlog(" send %s suggest %s\n", 2929 sppp_cp_type_name(type), 2930 inet_ntop(AF_INET6, &suggestaddr, addr, 2931 sizeof(addr))); 2932 } 2933 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, rlen, buf); 2934 } 2935 2936 end: 2937 free(buf, M_TEMP, 0); 2938 return (rlen == 0); 2939 } 2940 2941 void 2942 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2943 { 2944 u_char *p; 2945 struct ifnet *ifp = &sp->pp_if; 2946 int debug = ifp->if_flags & IFF_DEBUG; 2947 2948 len -= 4; 2949 2950 if (debug) 2951 log(LOG_DEBUG, "%s: ipv6cp rej opts:", 2952 SPP_ARGS(ifp)); 2953 2954 p = (void *)(h + 1); 2955 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2956 if (p[1] < 2 || p[1] > len) 2957 return; 2958 if (debug) 2959 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 2960 switch (*p) { 2961 case IPV6CP_OPT_IFID: 2962 /* 2963 * Peer doesn't grok address option. This is 2964 * bad. XXX Should we better give up here? 2965 */ 2966 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 2967 break; 2968 #ifdef notyet 2969 case IPV6CP_OPT_COMPRESS: 2970 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 2971 break; 2972 #endif 2973 } 2974 } 2975 if (debug) 2976 addlog("\n"); 2977 return; 2978 } 2979 2980 void 2981 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2982 { 2983 u_char *p; 2984 struct ifnet *ifp = &sp->pp_if; 2985 int debug = ifp->if_flags & IFF_DEBUG; 2986 struct in6_addr suggestaddr; 2987 char addr[INET6_ADDRSTRLEN]; 2988 2989 len -= 4; 2990 2991 if (debug) 2992 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts: ", 2993 SPP_ARGS(ifp)); 2994 2995 p = (void*) (h+1); 2996 for (; len > 1; len -= p[1], p += p[1]) { 2997 if (p[1] < 2 || p[1] > len) 2998 return; 2999 if (debug) 3000 addlog("%s ", sppp_ipv6cp_opt_name(*p)); 3001 switch (*p) { 3002 case IPV6CP_OPT_IFID: 3003 /* 3004 * Peer doesn't like our local ifid. See 3005 * if we can do something for him. We'll drop 3006 * him our address then. 3007 */ 3008 if (len < 10 || p[1] != 10) 3009 break; 3010 sp->ipv6cp.flags |= IPV6CP_MYIFID_DYN; 3011 memset(&suggestaddr, 0, sizeof(suggestaddr)); 3012 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3013 if (IN6_IS_ADDR_UNSPECIFIED(&suggestaddr) || 3014 (sp->ipv6cp.flags & IPV6CP_MYIFID_SEEN)) { 3015 /* 3016 * The peer didn't suggest anything, 3017 * or wants us to change a previously 3018 * suggested address. 3019 * Configure a new address for us. 3020 */ 3021 sppp_suggest_ip6_addr(sp, &suggestaddr); 3022 sppp_set_ip6_addr(sp, &suggestaddr, NULL); 3023 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3024 } else { 3025 /* Configure address suggested by peer. */ 3026 suggestaddr.s6_addr16[0] = htons(0xfe80); 3027 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3028 if (debug) 3029 addlog(" [suggestaddr %s]", 3030 inet_ntop(AF_INET6, &suggestaddr, 3031 addr, sizeof(addr))); 3032 sppp_set_ip6_addr(sp, &suggestaddr, NULL); 3033 if (debug) 3034 addlog(" [agree]"); 3035 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3036 } 3037 break; 3038 #ifdef notyet 3039 case IPV6CP_OPT_COMPRESS: 3040 /* 3041 * Peer wants different compression parameters. 3042 */ 3043 break; 3044 #endif 3045 } 3046 } 3047 if (debug) 3048 addlog("\n"); 3049 } 3050 3051 void 3052 sppp_ipv6cp_tlu(struct sppp *sp) 3053 { 3054 } 3055 3056 void 3057 sppp_ipv6cp_tld(struct sppp *sp) 3058 { 3059 } 3060 3061 void 3062 sppp_ipv6cp_tls(struct sppp *sp) 3063 { 3064 /* indicate to LCP that it must stay alive */ 3065 sp->lcp.protos |= (1 << IDX_IPV6CP); 3066 } 3067 3068 void 3069 sppp_ipv6cp_tlf(struct sppp *sp) 3070 { 3071 /* we no longer need LCP */ 3072 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3073 sppp_lcp_check_and_close(sp); 3074 } 3075 3076 void 3077 sppp_ipv6cp_scr(struct sppp *sp) 3078 { 3079 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3080 struct in6_addr ouraddr; 3081 int i = 0; 3082 3083 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3084 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) 3085 ouraddr = sp->ipv6cp.req_ifid.ifra_addr.sin6_addr; 3086 else 3087 sppp_get_ip6_addrs(sp, &ouraddr, NULL, NULL); 3088 opt[i++] = IPV6CP_OPT_IFID; 3089 opt[i++] = 10; 3090 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3091 i += 8; 3092 } 3093 3094 #ifdef notyet 3095 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3096 opt[i++] = IPV6CP_OPT_COMPRESSION; 3097 opt[i++] = 4; 3098 opt[i++] = 0; /* TBD */ 3099 opt[i++] = 0; /* TBD */ 3100 /* variable length data may follow */ 3101 } 3102 #endif 3103 3104 sp->confid[IDX_IPV6CP] = ++sp->pp_seq; 3105 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, opt); 3106 } 3107 #else /*INET6*/ 3108 void 3109 sppp_ipv6cp_init(struct sppp *sp) 3110 { 3111 } 3112 3113 void 3114 sppp_ipv6cp_destroy(struct sppp *sp) 3115 { 3116 } 3117 3118 void 3119 sppp_ipv6cp_up(struct sppp *sp) 3120 { 3121 } 3122 3123 void 3124 sppp_ipv6cp_down(struct sppp *sp) 3125 { 3126 } 3127 3128 void 3129 sppp_ipv6cp_open(struct sppp *sp) 3130 { 3131 } 3132 3133 void 3134 sppp_ipv6cp_close(struct sppp *sp) 3135 { 3136 } 3137 3138 void 3139 sppp_ipv6cp_TO(void *sp) 3140 { 3141 } 3142 3143 int 3144 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, 3145 int len) 3146 { 3147 return 0; 3148 } 3149 3150 void 3151 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, 3152 int len) 3153 { 3154 } 3155 3156 void 3157 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, 3158 int len) 3159 { 3160 } 3161 3162 void 3163 sppp_ipv6cp_tlu(struct sppp *sp) 3164 { 3165 } 3166 3167 void 3168 sppp_ipv6cp_tld(struct sppp *sp) 3169 { 3170 } 3171 3172 void 3173 sppp_ipv6cp_tls(struct sppp *sp) 3174 { 3175 } 3176 3177 void 3178 sppp_ipv6cp_tlf(struct sppp *sp) 3179 { 3180 } 3181 3182 void 3183 sppp_ipv6cp_scr(struct sppp *sp) 3184 { 3185 } 3186 #endif /*INET6*/ 3187 3188 /* 3189 *--------------------------------------------------------------------------* 3190 * * 3191 * The CHAP implementation. * 3192 * * 3193 *--------------------------------------------------------------------------* 3194 */ 3195 3196 /* 3197 * The authentication protocols don't employ a full-fledged state machine as 3198 * the control protocols do, since they do have Open and Close events, but 3199 * not Up and Down, nor are they explicitly terminated. Also, use of the 3200 * authentication protocols may be different in both directions (this makes 3201 * sense, think of a machine that never accepts incoming calls but only 3202 * calls out, it doesn't require the called party to authenticate itself). 3203 * 3204 * Our state machine for the local authentication protocol (we are requesting 3205 * the peer to authenticate) looks like: 3206 * 3207 * RCA- 3208 * +--------------------------------------------+ 3209 * V scn,tld| 3210 * +--------+ Close +---------+ RCA+ 3211 * | |<----------------------------------| |------+ 3212 * +--->| Closed | TO* | Opened | sca | 3213 * | | |-----+ +-------| |<-----+ 3214 * | +--------+ irc | | +---------+ 3215 * | ^ | | ^ 3216 * | | | | | 3217 * | | | | | 3218 * | TO-| | | | 3219 * | |tld TO+ V | | 3220 * | | +------->+ | | 3221 * | | | | | | 3222 * | +--------+ V | | 3223 * | | |<----+<--------------------+ | 3224 * | | Req- | scr | 3225 * | | Sent | | 3226 * | | | | 3227 * | +--------+ | 3228 * | RCA- | | RCA+ | 3229 * +------+ +------------------------------------------+ 3230 * scn,tld sca,irc,ict,tlu 3231 * 3232 * 3233 * with: 3234 * 3235 * Open: LCP reached authentication phase 3236 * Close: LCP reached terminate phase 3237 * 3238 * RCA+: received reply (pap-req, chap-response), acceptable 3239 * RCN: received reply (pap-req, chap-response), not acceptable 3240 * TO+: timeout with restart counter >= 0 3241 * TO-: timeout with restart counter < 0 3242 * TO*: reschedule timeout for CHAP 3243 * 3244 * scr: send request packet (none for PAP, chap-challenge) 3245 * sca: send ack packet (pap-ack, chap-success) 3246 * scn: send nak packet (pap-nak, chap-failure) 3247 * ict: initialize re-challenge timer (CHAP only) 3248 * 3249 * tlu: this-layer-up, LCP reaches network phase 3250 * tld: this-layer-down, LCP enters terminate phase 3251 * 3252 * Note that in CHAP mode, after sending a new challenge, while the state 3253 * automaton falls back into Req-Sent state, it doesn't signal a tld 3254 * event to LCP, so LCP remains in network phase. Only after not getting 3255 * any response (or after getting an unacceptable response), CHAP closes, 3256 * causing LCP to enter terminate phase. 3257 * 3258 * With PAP, there is no initial request that can be sent. The peer is 3259 * expected to send one based on the successful negotiation of PAP as 3260 * the authentication protocol during the LCP option negotiation. 3261 * 3262 * Incoming authentication protocol requests (remote requests 3263 * authentication, we are peer) don't employ a state machine at all, 3264 * they are simply answered. Some peers [Ascend P50 firmware rev 3265 * 4.50] react allergically when sending IPCP requests while they are 3266 * still in authentication phase (thereby violating the standard that 3267 * demands that these NCP packets are to be discarded), so we keep 3268 * track of the peer demanding us to authenticate, and only proceed to 3269 * phase network once we've seen a positive acknowledge for the 3270 * authentication. 3271 */ 3272 3273 /* 3274 * Handle incoming CHAP packets. 3275 */ 3276 void 3277 sppp_chap_input(struct sppp *sp, struct mbuf *m) 3278 { 3279 STDDCL; 3280 struct lcp_header *h; 3281 int len, x; 3282 u_char *value, *name, digest[AUTHCHALEN], dsize; 3283 int value_len, name_len; 3284 MD5_CTX ctx; 3285 3286 len = m->m_pkthdr.len; 3287 if (len < 4) { 3288 if (debug) 3289 log(LOG_DEBUG, 3290 SPP_FMT "chap invalid packet length: %d bytes\n", 3291 SPP_ARGS(ifp), len); 3292 return; 3293 } 3294 h = mtod (m, struct lcp_header*); 3295 if (len > ntohs (h->len)) 3296 len = ntohs (h->len); 3297 3298 switch (h->type) { 3299 /* challenge, failure and success are his authproto */ 3300 case CHAP_CHALLENGE: 3301 value = 1 + (u_char*)(h+1); 3302 value_len = value[-1]; 3303 name = value + value_len; 3304 name_len = len - value_len - 5; 3305 if (name_len < 0) { 3306 if (debug) { 3307 log(LOG_DEBUG, 3308 SPP_FMT "chap corrupted challenge " 3309 "<%s id=0x%x len=%d", 3310 SPP_ARGS(ifp), 3311 sppp_auth_type_name(PPP_CHAP, h->type), 3312 h->ident, ntohs(h->len)); 3313 if (len > 4) 3314 sppp_print_bytes((u_char*) (h+1), len-4); 3315 addlog(">\n"); 3316 } 3317 break; 3318 } 3319 3320 if (debug) { 3321 log(LOG_DEBUG, 3322 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3323 SPP_ARGS(ifp), 3324 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3325 ntohs(h->len)); 3326 sppp_print_string((char*) name, name_len); 3327 addlog(" value-size=%d value=", value_len); 3328 sppp_print_bytes(value, value_len); 3329 addlog(">\n"); 3330 } 3331 3332 /* Compute reply value. */ 3333 MD5Init(&ctx); 3334 MD5Update(&ctx, &h->ident, 1); 3335 MD5Update(&ctx, sp->myauth.secret, strlen(sp->myauth.secret)); 3336 MD5Update(&ctx, value, value_len); 3337 MD5Final(digest, &ctx); 3338 dsize = sizeof digest; 3339 3340 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3341 sizeof dsize, (const char *)&dsize, 3342 sizeof digest, digest, 3343 strlen(sp->myauth.name), 3344 sp->myauth.name, 3345 0); 3346 break; 3347 3348 case CHAP_SUCCESS: 3349 if (debug) { 3350 log(LOG_DEBUG, SPP_FMT "chap success", 3351 SPP_ARGS(ifp)); 3352 if (len > 4) { 3353 addlog(": "); 3354 sppp_print_string((char*)(h + 1), len - 4); 3355 } 3356 addlog("\n"); 3357 } 3358 x = splnet(); 3359 sp->pp_flags &= ~PP_NEEDAUTH; 3360 if (sp->myauth.proto == PPP_CHAP && 3361 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3362 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3363 /* 3364 * We are authenticator for CHAP but didn't 3365 * complete yet. Leave it to tlu to proceed 3366 * to network phase. 3367 */ 3368 splx(x); 3369 break; 3370 } 3371 splx(x); 3372 sppp_phase_network(sp); 3373 break; 3374 3375 case CHAP_FAILURE: 3376 if (debug) { 3377 log(LOG_INFO, SPP_FMT "chap failure", 3378 SPP_ARGS(ifp)); 3379 if (len > 4) { 3380 addlog(": "); 3381 sppp_print_string((char*)(h + 1), len - 4); 3382 } 3383 addlog("\n"); 3384 } else 3385 log(LOG_INFO, SPP_FMT "chap failure\n", 3386 SPP_ARGS(ifp)); 3387 /* await LCP shutdown by authenticator */ 3388 break; 3389 3390 /* response is my authproto */ 3391 case CHAP_RESPONSE: 3392 value = 1 + (u_char*)(h+1); 3393 value_len = value[-1]; 3394 name = value + value_len; 3395 name_len = len - value_len - 5; 3396 if (name_len < 0) { 3397 if (debug) { 3398 log(LOG_DEBUG, 3399 SPP_FMT "chap corrupted response " 3400 "<%s id=0x%x len=%d", 3401 SPP_ARGS(ifp), 3402 sppp_auth_type_name(PPP_CHAP, h->type), 3403 h->ident, ntohs(h->len)); 3404 if (len > 4) 3405 sppp_print_bytes((u_char*)(h+1), len-4); 3406 addlog(">\n"); 3407 } 3408 break; 3409 } 3410 if (h->ident != sp->confid[IDX_CHAP]) { 3411 if (debug) 3412 log(LOG_DEBUG, 3413 SPP_FMT "chap dropping response for old ID " 3414 "(got %d, expected %d)\n", 3415 SPP_ARGS(ifp), 3416 h->ident, sp->confid[IDX_CHAP]); 3417 break; 3418 } 3419 if (name_len != strlen(sp->hisauth.name) 3420 || bcmp(name, sp->hisauth.name, name_len) != 0) { 3421 log(LOG_INFO, SPP_FMT "chap response, his name ", 3422 SPP_ARGS(ifp)); 3423 sppp_print_string(name, name_len); 3424 addlog(" != expected "); 3425 sppp_print_string(sp->hisauth.name, 3426 strlen(sp->hisauth.name)); 3427 addlog("\n"); 3428 } 3429 if (debug) { 3430 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 3431 "<%s id=0x%x len=%d name=", 3432 SPP_ARGS(ifp), 3433 sppp_state_name(sp->state[IDX_CHAP]), 3434 sppp_auth_type_name(PPP_CHAP, h->type), 3435 h->ident, ntohs (h->len)); 3436 sppp_print_string((char*)name, name_len); 3437 addlog(" value-size=%d value=", value_len); 3438 sppp_print_bytes(value, value_len); 3439 addlog(">\n"); 3440 } 3441 if (value_len != AUTHCHALEN) { 3442 if (debug) 3443 log(LOG_DEBUG, 3444 SPP_FMT "chap bad hash value length: " 3445 "%d bytes, should be %d\n", 3446 SPP_ARGS(ifp), value_len, 3447 AUTHCHALEN); 3448 break; 3449 } 3450 3451 MD5Init(&ctx); 3452 MD5Update(&ctx, &h->ident, 1); 3453 MD5Update(&ctx, sp->hisauth.secret, strlen(sp->hisauth.secret)); 3454 MD5Update(&ctx, sp->chap_challenge, AUTHCHALEN); 3455 MD5Final(digest, &ctx); 3456 3457 #define FAILMSG "Failed..." 3458 #define SUCCMSG "Welcome!" 3459 3460 if (value_len != sizeof digest || 3461 timingsafe_bcmp(digest, value, value_len) != 0) { 3462 /* action scn, tld */ 3463 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3464 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3465 0); 3466 chap.tld(sp); 3467 break; 3468 } 3469 /* action sca, perhaps tlu */ 3470 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 3471 sp->state[IDX_CHAP] == STATE_OPENED) 3472 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 3473 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3474 0); 3475 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 3476 sppp_cp_change_state(&chap, sp, STATE_OPENED); 3477 chap.tlu(sp); 3478 } 3479 break; 3480 3481 default: 3482 /* Unknown CHAP packet type -- ignore. */ 3483 if (debug) { 3484 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 3485 "<0x%x id=0x%xh len=%d", 3486 SPP_ARGS(ifp), 3487 sppp_state_name(sp->state[IDX_CHAP]), 3488 h->type, h->ident, ntohs(h->len)); 3489 if (len > 4) 3490 sppp_print_bytes((u_char*)(h+1), len-4); 3491 addlog(">\n"); 3492 } 3493 break; 3494 3495 } 3496 } 3497 3498 void 3499 sppp_chap_init(struct sppp *sp) 3500 { 3501 /* Chap doesn't have STATE_INITIAL at all. */ 3502 sp->state[IDX_CHAP] = STATE_CLOSED; 3503 sp->fail_counter[IDX_CHAP] = 0; 3504 } 3505 3506 void 3507 sppp_chap_open(struct sppp *sp) 3508 { 3509 if (sp->myauth.proto == PPP_CHAP && 3510 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3511 /* we are authenticator for CHAP, start it */ 3512 chap.scr(sp); 3513 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3514 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3515 } 3516 /* nothing to be done if we are peer, await a challenge */ 3517 } 3518 3519 void 3520 sppp_chap_close(struct sppp *sp) 3521 { 3522 if (sp->state[IDX_CHAP] != STATE_CLOSED) 3523 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3524 } 3525 3526 void 3527 sppp_chap_TO(void *cookie) 3528 { 3529 struct sppp *sp = (struct sppp *)cookie; 3530 STDDCL; 3531 int s; 3532 3533 s = splnet(); 3534 if (debug) 3535 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 3536 SPP_ARGS(ifp), 3537 sppp_state_name(sp->state[IDX_CHAP]), 3538 sp->rst_counter[IDX_CHAP]); 3539 3540 if (--sp->rst_counter[IDX_CHAP] < 0) 3541 /* TO- event */ 3542 switch (sp->state[IDX_CHAP]) { 3543 case STATE_REQ_SENT: 3544 chap.tld(sp); 3545 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3546 break; 3547 } 3548 else 3549 /* TO+ (or TO*) event */ 3550 switch (sp->state[IDX_CHAP]) { 3551 case STATE_OPENED: 3552 /* TO* event */ 3553 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3554 /* FALLTHROUGH */ 3555 case STATE_REQ_SENT: 3556 chap.scr(sp); 3557 /* sppp_cp_change_state() will restart the timer */ 3558 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3559 break; 3560 } 3561 3562 splx(s); 3563 } 3564 3565 void 3566 sppp_chap_tlu(struct sppp *sp) 3567 { 3568 STDDCL; 3569 int i = 0, x; 3570 3571 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3572 3573 /* 3574 * Some broken CHAP implementations (Conware CoNet, firmware 3575 * 4.0.?) don't want to re-authenticate their CHAP once the 3576 * initial challenge-response exchange has taken place. 3577 * Provide for an option to avoid rechallenges. 3578 */ 3579 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 3580 /* 3581 * Compute the re-challenge timeout. This will yield 3582 * a number between 300 and 810 seconds. 3583 */ 3584 i = 300 + arc4random_uniform(1 + 810 - 300); 3585 3586 timeout_add_sec(&sp->ch[IDX_CHAP], i); 3587 } 3588 3589 if (debug) { 3590 log(LOG_DEBUG, 3591 SPP_FMT "chap %s, ", 3592 SPP_ARGS(ifp), 3593 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 3594 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 3595 addlog("next re-challenge in %d seconds\n", i); 3596 else 3597 addlog("re-challenging suppressed\n"); 3598 } 3599 3600 x = splnet(); 3601 /* indicate to LCP that we need to be closed down */ 3602 sp->lcp.protos |= (1 << IDX_CHAP); 3603 3604 if (sp->pp_flags & PP_NEEDAUTH) { 3605 /* 3606 * Remote is authenticator, but his auth proto didn't 3607 * complete yet. Defer the transition to network 3608 * phase. 3609 */ 3610 splx(x); 3611 return; 3612 } 3613 splx(x); 3614 3615 /* 3616 * If we are already in phase network, we are done here. This 3617 * is the case if this is a dummy tlu event after a re-challenge. 3618 */ 3619 if (sp->pp_phase != PHASE_NETWORK) 3620 sppp_phase_network(sp); 3621 } 3622 3623 void 3624 sppp_chap_tld(struct sppp *sp) 3625 { 3626 STDDCL; 3627 3628 if (debug) 3629 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 3630 UNTIMEOUT(chap.TO, (void *)sp, sp->ch[IDX_CHAP]); 3631 sp->lcp.protos &= ~(1 << IDX_CHAP); 3632 3633 lcp.Close(sp); 3634 } 3635 3636 void 3637 sppp_chap_scr(struct sppp *sp) 3638 { 3639 u_char clen; 3640 3641 /* Compute random challenge. */ 3642 arc4random_buf(sp->chap_challenge, sizeof(sp->chap_challenge)); 3643 clen = AUTHCHALEN; 3644 3645 sp->confid[IDX_CHAP] = ++sp->pp_seq; 3646 3647 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 3648 sizeof clen, (const char *)&clen, 3649 (size_t)AUTHCHALEN, sp->chap_challenge, 3650 strlen(sp->myauth.name), 3651 sp->myauth.name, 3652 0); 3653 } 3654 /* 3655 *--------------------------------------------------------------------------* 3656 * * 3657 * The PAP implementation. * 3658 * * 3659 *--------------------------------------------------------------------------* 3660 */ 3661 /* 3662 * For PAP, we need to keep a little state also if we are the peer, not the 3663 * authenticator. This is since we don't get a request to authenticate, but 3664 * have to repeatedly authenticate ourself until we got a response (or the 3665 * retry counter is expired). 3666 */ 3667 3668 /* 3669 * Handle incoming PAP packets. */ 3670 void 3671 sppp_pap_input(struct sppp *sp, struct mbuf *m) 3672 { 3673 STDDCL; 3674 struct lcp_header *h; 3675 int len, x; 3676 u_char *name, *passwd, mlen; 3677 int name_len, passwd_len; 3678 3679 len = m->m_pkthdr.len; 3680 if (len < 5) { 3681 if (debug) 3682 log(LOG_DEBUG, 3683 SPP_FMT "pap invalid packet length: %d bytes\n", 3684 SPP_ARGS(ifp), len); 3685 return; 3686 } 3687 h = mtod (m, struct lcp_header*); 3688 if (len > ntohs (h->len)) 3689 len = ntohs (h->len); 3690 switch (h->type) { 3691 /* PAP request is my authproto */ 3692 case PAP_REQ: 3693 name = 1 + (u_char*)(h+1); 3694 name_len = name[-1]; 3695 passwd = name + name_len + 1; 3696 if (name_len > len - 6 || 3697 (passwd_len = passwd[-1]) > len - 6 - name_len) { 3698 if (debug) { 3699 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3700 "<%s id=0x%x len=%d", 3701 SPP_ARGS(ifp), 3702 sppp_auth_type_name(PPP_PAP, h->type), 3703 h->ident, ntohs(h->len)); 3704 if (len > 4) 3705 sppp_print_bytes((u_char*)(h+1), len-4); 3706 addlog(">\n"); 3707 } 3708 break; 3709 } 3710 if (debug) { 3711 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 3712 "<%s id=0x%x len=%d name=", 3713 SPP_ARGS(ifp), 3714 sppp_state_name(sp->state[IDX_PAP]), 3715 sppp_auth_type_name(PPP_PAP, h->type), 3716 h->ident, ntohs(h->len)); 3717 sppp_print_string((char*)name, name_len); 3718 addlog(" passwd="); 3719 sppp_print_string((char*)passwd, passwd_len); 3720 addlog(">\n"); 3721 } 3722 if (name_len > AUTHMAXLEN || 3723 passwd_len > AUTHMAXLEN || 3724 bcmp(name, sp->hisauth.name, name_len) != 0 || 3725 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 3726 /* action scn, tld */ 3727 mlen = sizeof(FAILMSG) - 1; 3728 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 3729 sizeof mlen, (const char *)&mlen, 3730 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3731 0); 3732 pap.tld(sp); 3733 break; 3734 } 3735 /* action sca, perhaps tlu */ 3736 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 3737 sp->state[IDX_PAP] == STATE_OPENED) { 3738 mlen = sizeof(SUCCMSG) - 1; 3739 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 3740 sizeof mlen, (const char *)&mlen, 3741 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3742 0); 3743 } 3744 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 3745 sppp_cp_change_state(&pap, sp, STATE_OPENED); 3746 pap.tlu(sp); 3747 } 3748 break; 3749 3750 /* ack and nak are his authproto */ 3751 case PAP_ACK: 3752 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3753 if (debug) { 3754 log(LOG_DEBUG, SPP_FMT "pap success", 3755 SPP_ARGS(ifp)); 3756 name_len = *((char *)h); 3757 if (len > 5 && name_len) { 3758 addlog(": "); 3759 sppp_print_string((char*)(h+1), name_len); 3760 } 3761 addlog("\n"); 3762 } 3763 x = splnet(); 3764 sp->pp_flags &= ~PP_NEEDAUTH; 3765 if (sp->myauth.proto == PPP_PAP && 3766 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3767 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 3768 /* 3769 * We are authenticator for PAP but didn't 3770 * complete yet. Leave it to tlu to proceed 3771 * to network phase. 3772 */ 3773 splx(x); 3774 break; 3775 } 3776 splx(x); 3777 sppp_phase_network(sp); 3778 break; 3779 3780 case PAP_NAK: 3781 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3782 if (debug) { 3783 log(LOG_INFO, SPP_FMT "pap failure", 3784 SPP_ARGS(ifp)); 3785 name_len = *((char *)h); 3786 if (len > 5 && name_len) { 3787 addlog(": "); 3788 sppp_print_string((char*)(h+1), name_len); 3789 } 3790 addlog("\n"); 3791 } else 3792 log(LOG_INFO, SPP_FMT "pap failure\n", 3793 SPP_ARGS(ifp)); 3794 /* await LCP shutdown by authenticator */ 3795 break; 3796 3797 default: 3798 /* Unknown PAP packet type -- ignore. */ 3799 if (debug) { 3800 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3801 "<0x%x id=0x%x len=%d", 3802 SPP_ARGS(ifp), 3803 h->type, h->ident, ntohs(h->len)); 3804 if (len > 4) 3805 sppp_print_bytes((u_char*)(h+1), len-4); 3806 addlog(">\n"); 3807 } 3808 break; 3809 3810 } 3811 } 3812 3813 void 3814 sppp_pap_init(struct sppp *sp) 3815 { 3816 /* PAP doesn't have STATE_INITIAL at all. */ 3817 sp->state[IDX_PAP] = STATE_CLOSED; 3818 sp->fail_counter[IDX_PAP] = 0; 3819 } 3820 3821 void 3822 sppp_pap_open(struct sppp *sp) 3823 { 3824 if (sp->hisauth.proto == PPP_PAP && 3825 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3826 /* we are authenticator for PAP, start our timer */ 3827 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3828 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3829 } 3830 if (sp->myauth.proto == PPP_PAP) { 3831 /* we are peer, send a request, and start a timer */ 3832 pap.scr(sp); 3833 timeout_add_sec(&sp->pap_my_to_ch, sp->lcp.timeout); 3834 } 3835 } 3836 3837 void 3838 sppp_pap_close(struct sppp *sp) 3839 { 3840 if (sp->state[IDX_PAP] != STATE_CLOSED) 3841 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3842 } 3843 3844 /* 3845 * That's the timeout routine if we are authenticator. Since the 3846 * authenticator is basically passive in PAP, we can't do much here. 3847 */ 3848 void 3849 sppp_pap_TO(void *cookie) 3850 { 3851 struct sppp *sp = (struct sppp *)cookie; 3852 STDDCL; 3853 int s; 3854 3855 s = splnet(); 3856 if (debug) 3857 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 3858 SPP_ARGS(ifp), 3859 sppp_state_name(sp->state[IDX_PAP]), 3860 sp->rst_counter[IDX_PAP]); 3861 3862 if (--sp->rst_counter[IDX_PAP] < 0) 3863 /* TO- event */ 3864 switch (sp->state[IDX_PAP]) { 3865 case STATE_REQ_SENT: 3866 pap.tld(sp); 3867 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3868 break; 3869 } 3870 else 3871 /* TO+ event, not very much we could do */ 3872 switch (sp->state[IDX_PAP]) { 3873 case STATE_REQ_SENT: 3874 /* sppp_cp_change_state() will restart the timer */ 3875 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3876 break; 3877 } 3878 3879 splx(s); 3880 } 3881 3882 /* 3883 * That's the timeout handler if we are peer. Since the peer is active, 3884 * we need to retransmit our PAP request since it is apparently lost. 3885 * XXX We should impose a max counter. 3886 */ 3887 void 3888 sppp_pap_my_TO(void *cookie) 3889 { 3890 struct sppp *sp = (struct sppp *)cookie; 3891 STDDCL; 3892 3893 if (debug) 3894 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 3895 SPP_ARGS(ifp)); 3896 3897 pap.scr(sp); 3898 } 3899 3900 void 3901 sppp_pap_tlu(struct sppp *sp) 3902 { 3903 STDDCL; 3904 int x; 3905 3906 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3907 3908 if (debug) 3909 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 3910 SPP_ARGS(ifp), pap.name); 3911 3912 x = splnet(); 3913 /* indicate to LCP that we need to be closed down */ 3914 sp->lcp.protos |= (1 << IDX_PAP); 3915 3916 if (sp->pp_flags & PP_NEEDAUTH) { 3917 /* 3918 * Remote is authenticator, but his auth proto didn't 3919 * complete yet. Defer the transition to network 3920 * phase. 3921 */ 3922 splx(x); 3923 return; 3924 } 3925 splx(x); 3926 sppp_phase_network(sp); 3927 } 3928 3929 void 3930 sppp_pap_tld(struct sppp *sp) 3931 { 3932 STDDCL; 3933 3934 if (debug) 3935 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 3936 UNTIMEOUT(pap.TO, (void *)sp, sp->ch[IDX_PAP]); 3937 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch); 3938 sp->lcp.protos &= ~(1 << IDX_PAP); 3939 3940 lcp.Close(sp); 3941 } 3942 3943 void 3944 sppp_pap_scr(struct sppp *sp) 3945 { 3946 u_char idlen, pwdlen; 3947 3948 sp->confid[IDX_PAP] = ++sp->pp_seq; 3949 pwdlen = strlen(sp->myauth.secret); 3950 idlen = strlen(sp->myauth.name); 3951 3952 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 3953 sizeof idlen, (const char *)&idlen, 3954 (size_t)idlen, sp->myauth.name, 3955 sizeof pwdlen, (const char *)&pwdlen, 3956 (size_t)pwdlen, sp->myauth.secret, 3957 0); 3958 } 3959 /* 3960 * Random miscellaneous functions. 3961 */ 3962 3963 /* 3964 * Send a PAP or CHAP proto packet. 3965 * 3966 * Varadic function, each of the elements for the ellipsis is of type 3967 * ``size_t mlen, const u_char *msg''. Processing will stop iff 3968 * mlen == 0. 3969 */ 3970 3971 void 3972 sppp_auth_send(const struct cp *cp, struct sppp *sp, 3973 unsigned int type, u_int id, ...) 3974 { 3975 STDDCL; 3976 struct lcp_header *lh; 3977 struct mbuf *m; 3978 u_char *p; 3979 int len, s; 3980 unsigned int mlen; 3981 const char *msg; 3982 va_list ap; 3983 3984 MGETHDR (m, M_DONTWAIT, MT_DATA); 3985 if (! m) 3986 return; 3987 m->m_pkthdr.ph_ifidx = 0; 3988 m->m_pkthdr.pf.prio = sp->pp_if.if_llprio; 3989 3990 *mtod(m, u_int16_t *) = htons(cp->proto); 3991 lh = (struct lcp_header *)(mtod(m, u_int8_t *) + 2); 3992 3993 lh->type = type; 3994 lh->ident = id; 3995 p = (u_char*) (lh+1); 3996 3997 va_start(ap, id); 3998 len = 0; 3999 4000 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4001 msg = va_arg(ap, const char *); 4002 len += mlen; 4003 if (len > MHLEN - PKTHDRLEN - LCP_HEADER_LEN) { 4004 va_end(ap); 4005 m_freem(m); 4006 return; 4007 } 4008 4009 bcopy(msg, p, mlen); 4010 p += mlen; 4011 } 4012 va_end(ap); 4013 4014 m->m_pkthdr.len = m->m_len = PKTHDRLEN + LCP_HEADER_LEN + len; 4015 lh->len = htons (LCP_HEADER_LEN + len); 4016 4017 if (debug) { 4018 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4019 SPP_ARGS(ifp), cp->name, 4020 sppp_auth_type_name(cp->proto, lh->type), 4021 lh->ident, ntohs(lh->len)); 4022 if (len) 4023 sppp_print_bytes((u_char*) (lh+1), len); 4024 addlog(">\n"); 4025 } 4026 4027 len = m->m_pkthdr.len + sp->pp_framebytes; 4028 if (mq_enqueue(&sp->pp_cpq, m) != 0) { 4029 ifp->if_oerrors++; 4030 return; 4031 } 4032 4033 ifp->if_obytes += len; 4034 s = splnet(); 4035 if_start(ifp); 4036 splx(s); 4037 } 4038 4039 /* 4040 * Send keepalive packets, every 10 seconds. 4041 */ 4042 void 4043 sppp_keepalive(void *dummy) 4044 { 4045 struct sppp *sp; 4046 int s; 4047 struct timeval tv; 4048 4049 NET_LOCK(); 4050 s = splnet(); 4051 getmicrouptime(&tv); 4052 for (sp=spppq; sp; sp=sp->pp_next) { 4053 struct ifnet *ifp = &sp->pp_if; 4054 4055 /* Keepalive mode disabled or channel down? */ 4056 if (! (sp->pp_flags & PP_KEEPALIVE) || 4057 ! (ifp->if_flags & IFF_RUNNING)) 4058 continue; 4059 4060 /* No keepalive if LCP not opened yet. */ 4061 if (sp->pp_phase < PHASE_AUTHENTICATE) 4062 continue; 4063 4064 /* No echo reply, but maybe user data passed through? */ 4065 if ((tv.tv_sec - sp->pp_last_receive) < NORECV_TIME) { 4066 sp->pp_alivecnt = 0; 4067 continue; 4068 } 4069 4070 if (sp->pp_alivecnt >= MAXALIVECNT) { 4071 /* No keepalive packets got. Stop the interface. */ 4072 if_down (ifp); 4073 mq_purge(&sp->pp_cpq); 4074 log(LOG_INFO, SPP_FMT "LCP keepalive timeout\n", 4075 SPP_ARGS(ifp)); 4076 sp->pp_alivecnt = 0; 4077 4078 /* we are down, close all open protocols */ 4079 lcp.Close(sp); 4080 4081 /* And now prepare LCP to reestablish the link, 4082 * if configured to do so. */ 4083 sppp_cp_change_state(&lcp, sp, STATE_STOPPED); 4084 4085 /* Close connection immediately, completion of this 4086 * will summon the magic needed to reestablish it. */ 4087 if (sp->pp_tlf) 4088 sp->pp_tlf(sp); 4089 continue; 4090 } 4091 if (sp->pp_alivecnt < MAXALIVECNT) 4092 ++sp->pp_alivecnt; 4093 if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4094 u_int32_t nmagic = htonl(sp->lcp.magic); 4095 sp->lcp.echoid = ++sp->pp_seq; 4096 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4097 sp->lcp.echoid, 4, &nmagic); 4098 } 4099 } 4100 splx(s); 4101 NET_UNLOCK(); 4102 timeout_add_sec(&keepalive_ch, 10); 4103 } 4104 4105 /* 4106 * Get both IP addresses. 4107 */ 4108 void 4109 sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, 4110 u_int32_t *srcmask) 4111 { 4112 struct ifnet *ifp = &sp->pp_if; 4113 struct ifaddr *ifa; 4114 struct sockaddr_in *si, *sm = 0; 4115 u_int32_t ssrc, ddst; 4116 4117 sm = NULL; 4118 ssrc = ddst = 0; 4119 /* 4120 * Pick the first AF_INET address from the list, 4121 * aliases don't make any sense on a p2p link anyway. 4122 */ 4123 si = 0; 4124 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4125 { 4126 if (ifa->ifa_addr->sa_family == AF_INET) { 4127 si = (struct sockaddr_in *)ifa->ifa_addr; 4128 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4129 if (si) 4130 break; 4131 } 4132 } 4133 if (ifa) { 4134 if (si && si->sin_addr.s_addr) { 4135 ssrc = si->sin_addr.s_addr; 4136 if (srcmask) 4137 *srcmask = ntohl(sm->sin_addr.s_addr); 4138 } 4139 4140 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4141 if (si && si->sin_addr.s_addr) 4142 ddst = si->sin_addr.s_addr; 4143 } 4144 4145 if (dst) *dst = ntohl(ddst); 4146 if (src) *src = ntohl(ssrc); 4147 } 4148 4149 int 4150 sppp_update_gw_walker(struct rtentry *rt, void *arg, unsigned int id) 4151 { 4152 struct ifnet *ifp = arg; 4153 4154 if (rt->rt_ifidx == ifp->if_index) { 4155 if (rt->rt_ifa->ifa_dstaddr->sa_family != 4156 rt->rt_gateway->sa_family || 4157 !ISSET(rt->rt_flags, RTF_GATEWAY)) 4158 return (0); /* do not modify non-gateway routes */ 4159 rt_setgate(rt, rt->rt_ifa->ifa_dstaddr, ifp->if_rdomain); 4160 } 4161 return (0); 4162 } 4163 4164 void 4165 sppp_update_gw(struct ifnet *ifp) 4166 { 4167 u_int tid; 4168 4169 /* update routing table */ 4170 for (tid = 0; tid <= RT_TABLEID_MAX; tid++) { 4171 rtable_walk(tid, AF_INET, NULL, sppp_update_gw_walker, ifp); 4172 } 4173 } 4174 4175 /* 4176 * Task adding addresses from process context. 4177 * If an address is 0, leave it the way it is. 4178 */ 4179 void 4180 sppp_set_ip_addrs(void *arg1) 4181 { 4182 struct sppp *sp = arg1; 4183 u_int32_t myaddr; 4184 u_int32_t hisaddr; 4185 struct ifnet *ifp = &sp->pp_if; 4186 int debug = ifp->if_flags & IFF_DEBUG; 4187 struct ifaddr *ifa; 4188 struct sockaddr_in *si; 4189 struct sockaddr_in *dest; 4190 4191 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, NULL); 4192 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && 4193 (sp->ipcp.flags & IPCP_MYADDR_SEEN)) 4194 myaddr = sp->ipcp.req_myaddr; 4195 if ((sp->ipcp.flags & IPCP_HISADDR_DYN) && 4196 (sp->ipcp.flags & IPCP_HISADDR_SEEN)) 4197 hisaddr = sp->ipcp.req_hisaddr; 4198 4199 4200 NET_LOCK(); 4201 /* 4202 * Pick the first AF_INET address from the list, 4203 * aliases don't make any sense on a p2p link anyway. 4204 */ 4205 4206 si = 0; 4207 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4208 { 4209 if (ifa->ifa_addr->sa_family == AF_INET) 4210 { 4211 si = (struct sockaddr_in *)ifa->ifa_addr; 4212 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 4213 if (si) 4214 break; 4215 } 4216 } 4217 4218 if (ifa && si) { 4219 int error; 4220 struct sockaddr_in new_sin = *si; 4221 struct sockaddr_in new_dst = *dest; 4222 4223 in_ifscrub(ifp, ifatoia(ifa)); 4224 4225 if (myaddr != 0) 4226 new_sin.sin_addr.s_addr = htonl(myaddr); 4227 if (hisaddr != 0) { 4228 new_dst.sin_addr.s_addr = htonl(hisaddr); 4229 if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) { 4230 sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr; 4231 *dest = new_dst; /* fix dstaddr in place */ 4232 } 4233 } 4234 if (!(error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 0))) 4235 if_addrhooks_run(ifp); 4236 if (debug && error) { 4237 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addrs: in_ifinit " 4238 " failed, error=%d\n", SPP_ARGS(ifp), error); 4239 goto out; 4240 } 4241 sppp_update_gw(ifp); 4242 } 4243 out: 4244 NET_UNLOCK(); 4245 } 4246 4247 /* 4248 * Task clearing addresses from process context. 4249 * Clear IP addresses. 4250 */ 4251 void 4252 sppp_clear_ip_addrs(void *arg1) 4253 { 4254 struct sppp *sp = (struct sppp *)arg1; 4255 struct ifnet *ifp = &sp->pp_if; 4256 int debug = ifp->if_flags & IFF_DEBUG; 4257 struct ifaddr *ifa; 4258 struct sockaddr_in *si; 4259 struct sockaddr_in *dest; 4260 u_int32_t remote; 4261 4262 NET_LOCK(); 4263 4264 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 4265 remote = sp->ipcp.saved_hisaddr; 4266 else 4267 sppp_get_ip_addrs(sp, 0, &remote, 0); 4268 4269 /* 4270 * Pick the first AF_INET address from the list, 4271 * aliases don't make any sense on a p2p link anyway. 4272 */ 4273 4274 si = 0; 4275 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 4276 if (ifa->ifa_addr->sa_family == AF_INET) { 4277 si = (struct sockaddr_in *)ifa->ifa_addr; 4278 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 4279 if (si) 4280 break; 4281 } 4282 } 4283 4284 if (ifa && si) { 4285 int error; 4286 struct sockaddr_in new_sin = *si; 4287 4288 in_ifscrub(ifp, ifatoia(ifa)); 4289 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 4290 new_sin.sin_addr.s_addr = 0; 4291 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 4292 /* replace peer addr in place */ 4293 dest->sin_addr.s_addr = sp->ipcp.saved_hisaddr; 4294 if (!(error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 0))) 4295 if_addrhooks_run(ifp); 4296 if (debug && error) { 4297 log(LOG_DEBUG, SPP_FMT "sppp_clear_ip_addrs: in_ifinit " 4298 " failed, error=%d\n", SPP_ARGS(ifp), error); 4299 goto out; 4300 } 4301 sppp_update_gw(ifp); 4302 } 4303 out: 4304 NET_UNLOCK(); 4305 } 4306 4307 4308 #ifdef INET6 4309 /* 4310 * Get both IPv6 addresses. 4311 */ 4312 void 4313 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4314 struct in6_addr *srcmask) 4315 { 4316 struct ifnet *ifp = &sp->pp_if; 4317 struct in6_ifaddr *ia6; 4318 struct in6_addr ssrc, ddst; 4319 4320 bzero(&ssrc, sizeof(ssrc)); 4321 bzero(&ddst, sizeof(ddst)); 4322 /* 4323 * Pick the first link-local AF_INET6 address from the list, 4324 * aliases don't make any sense on a p2p link anyway. 4325 */ 4326 ia6 = in6ifa_ifpforlinklocal(ifp, 0); 4327 if (ia6) { 4328 if (!IN6_IS_ADDR_UNSPECIFIED(&ia6->ia_addr.sin6_addr)) { 4329 bcopy(&ia6->ia_addr.sin6_addr, &ssrc, sizeof(ssrc)); 4330 if (srcmask) { 4331 bcopy(&ia6->ia_prefixmask.sin6_addr, srcmask, 4332 sizeof(*srcmask)); 4333 } 4334 } 4335 4336 if (!IN6_IS_ADDR_UNSPECIFIED(&ia6->ia_dstaddr.sin6_addr)) 4337 bcopy(&ia6->ia_dstaddr.sin6_addr, &ddst, sizeof(ddst)); 4338 } 4339 4340 if (dst) 4341 bcopy(&ddst, dst, sizeof(*dst)); 4342 if (src) 4343 bcopy(&ssrc, src, sizeof(*src)); 4344 } 4345 4346 /* Task to update my IPv6 address from process context. */ 4347 void 4348 sppp_update_ip6_addr(void *arg) 4349 { 4350 struct sppp *sp = arg; 4351 struct ifnet *ifp = &sp->pp_if; 4352 struct in6_aliasreq *ifra = &sp->ipv6cp.req_ifid; 4353 struct in6_ifaddr *ia6; 4354 int error; 4355 4356 NET_LOCK(); 4357 4358 ia6 = in6ifa_ifpforlinklocal(ifp, 0); 4359 if (ia6 == NULL) { 4360 /* IPv6 disabled? */ 4361 goto out; 4362 } 4363 4364 /* 4365 * Changing the link-local address requires purging all 4366 * existing addresses and routes for the interface first. 4367 */ 4368 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 4369 in6_ifdetach(ifp); 4370 error = in6_ifattach_linklocal(ifp, &ifra->ifra_addr.sin6_addr); 4371 if (error) 4372 log(LOG_ERR, SPP_FMT 4373 "could not update IPv6 address (error %d)\n", 4374 SPP_ARGS(ifp), error); 4375 goto out; 4376 } 4377 4378 /* 4379 * Code below changes address parameters only, not the address itself. 4380 */ 4381 4382 /* Destination address can only be set for /128. */ 4383 if (memcmp(&ia6->ia_prefixmask.sin6_addr, &in6mask128, 4384 sizeof(in6mask128)) != 0) { 4385 ifra->ifra_dstaddr.sin6_len = 0; 4386 ifra->ifra_dstaddr.sin6_family = AF_UNSPEC; 4387 } 4388 4389 ifra->ifra_lifetime = ia6->ia6_lifetime; 4390 4391 error = in6_update_ifa(ifp, ifra, ia6); 4392 if (error) { 4393 log(LOG_ERR, SPP_FMT 4394 "could not update IPv6 address (error %d)\n", 4395 SPP_ARGS(ifp), error); 4396 } 4397 out: 4398 NET_UNLOCK(); 4399 } 4400 4401 /* 4402 * Configure my link-local address. 4403 */ 4404 void 4405 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src, 4406 const struct in6_addr *dst) 4407 { 4408 struct ifnet *ifp = &sp->pp_if; 4409 struct in6_aliasreq *ifra = &sp->ipv6cp.req_ifid; 4410 4411 bzero(ifra, sizeof(*ifra)); 4412 bcopy(ifp->if_xname, ifra->ifra_name, sizeof(ifra->ifra_name)); 4413 4414 ifra->ifra_addr.sin6_len = sizeof(struct sockaddr_in6); 4415 ifra->ifra_addr.sin6_family = AF_INET6; 4416 ifra->ifra_addr.sin6_addr = *src; 4417 if (dst) { 4418 ifra->ifra_dstaddr.sin6_len = sizeof(struct sockaddr_in6); 4419 ifra->ifra_dstaddr.sin6_family = AF_INET6; 4420 ifra->ifra_dstaddr.sin6_addr = *dst; 4421 } else 4422 ifra->ifra_dstaddr.sin6_family = AF_UNSPEC; 4423 4424 /* 4425 * Don't change the existing prefixlen. 4426 * It is common to use a /64 for IPv6 over point-to-point links 4427 * to allow e.g. neighbour discovery and autoconf to work. 4428 * But it is legal to use other values. 4429 */ 4430 ifra->ifra_prefixmask.sin6_family = AF_UNSPEC; 4431 4432 task_add(systq, &sp->ipv6cp.set_addr_task); 4433 } 4434 4435 /* 4436 * Generate an address that differs from our existing address. 4437 */ 4438 void 4439 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 4440 { 4441 struct in6_addr myaddr; 4442 u_int32_t random; 4443 4444 sppp_get_ip6_addrs(sp, &myaddr, NULL, NULL); 4445 4446 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 4447 4448 random = arc4random(); 4449 if ((random & 0xff) == 0 && (random & 0xff00) == 0) { 4450 myaddr.s6_addr[14] ^= 0xff; 4451 myaddr.s6_addr[15] ^= 0xff; 4452 } else { 4453 myaddr.s6_addr[14] ^= (random & 0xff); 4454 myaddr.s6_addr[15] ^= ((random & 0xff00) >> 8); 4455 } 4456 myaddr.s6_addr16[1] = 0; /* KAME hack: clear ifindex */ 4457 bcopy(&myaddr, suggest, sizeof(myaddr)); 4458 } 4459 #endif /*INET6*/ 4460 4461 int 4462 sppp_get_params(struct sppp *sp, struct ifreq *ifr) 4463 { 4464 int cmd; 4465 4466 if (copyin((caddr_t)ifr->ifr_data, &cmd, sizeof cmd) != 0) 4467 return EFAULT; 4468 4469 switch (cmd) { 4470 case SPPPIOGDEFS: 4471 { 4472 struct spppreq *spr; 4473 4474 spr = malloc(sizeof(*spr), M_DEVBUF, M_WAITOK); 4475 spr->cmd = cmd; 4476 spr->phase = sp->pp_phase; 4477 4478 if (copyout(spr, (caddr_t)ifr->ifr_data, sizeof(*spr)) != 0) { 4479 free(spr, M_DEVBUF, 0); 4480 return EFAULT; 4481 } 4482 free(spr, M_DEVBUF, 0); 4483 break; 4484 } 4485 case SPPPIOGMAUTH: 4486 case SPPPIOGHAUTH: 4487 { 4488 struct sauthreq *spa; 4489 struct sauth *auth; 4490 4491 spa = malloc(sizeof(*spa), M_DEVBUF, M_WAITOK); 4492 auth = (cmd == SPPPIOGMAUTH) ? &sp->myauth : &sp->hisauth; 4493 bzero(spa, sizeof(*spa)); 4494 spa->proto = auth->proto; 4495 spa->flags = auth->flags; 4496 4497 /* do not copy the secret, and only let root know the name */ 4498 if (auth->name != NULL && suser(curproc) == 0) 4499 strlcpy(spa->name, auth->name, sizeof(spa->name)); 4500 4501 if (copyout(spa, (caddr_t)ifr->ifr_data, sizeof(*spa)) != 0) { 4502 free(spa, M_DEVBUF, 0); 4503 return EFAULT; 4504 } 4505 free(spa, M_DEVBUF, 0); 4506 break; 4507 } 4508 default: 4509 return EINVAL; 4510 } 4511 4512 return 0; 4513 } 4514 4515 4516 int 4517 sppp_set_params(struct sppp *sp, struct ifreq *ifr) 4518 { 4519 int cmd; 4520 4521 if (copyin((caddr_t)ifr->ifr_data, &cmd, sizeof cmd) != 0) 4522 return EFAULT; 4523 4524 switch (cmd) { 4525 case SPPPIOSDEFS: 4526 { 4527 struct spppreq *spr; 4528 4529 spr = malloc(sizeof(*spr), M_DEVBUF, M_WAITOK); 4530 4531 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(*spr)) != 0) { 4532 free(spr, M_DEVBUF, 0); 4533 return EFAULT; 4534 } 4535 /* 4536 * Also, we only allow for authentication parameters to be 4537 * specified. 4538 * 4539 * XXX Should allow to set or clear pp_flags. 4540 */ 4541 free(spr, M_DEVBUF, 0); 4542 break; 4543 } 4544 case SPPPIOSMAUTH: 4545 case SPPPIOSHAUTH: 4546 { 4547 /* 4548 * Finally, if the respective authentication protocol to 4549 * be used is set differently than 0, but the secret is 4550 * passed as all zeros, we don't trash the existing secret. 4551 * This allows an administrator to change the system name 4552 * only without clobbering the secret (which he didn't get 4553 * back in a previous SPPPIOGXAUTH call). However, the 4554 * secrets are cleared if the authentication protocol is 4555 * reset to 0. 4556 */ 4557 4558 struct sauthreq *spa; 4559 struct sauth *auth; 4560 char *p; 4561 int len; 4562 4563 spa = malloc(sizeof(*spa), M_DEVBUF, M_WAITOK); 4564 4565 auth = (cmd == SPPPIOSMAUTH) ? &sp->myauth : &sp->hisauth; 4566 4567 if (copyin((caddr_t)ifr->ifr_data, spa, sizeof(*spa)) != 0) { 4568 free(spa, M_DEVBUF, 0); 4569 return EFAULT; 4570 } 4571 4572 if (spa->proto != 0 && spa->proto != PPP_PAP && 4573 spa->proto != PPP_CHAP) { 4574 free(spa, M_DEVBUF, 0); 4575 return EINVAL; 4576 } 4577 4578 if (spa->proto == 0) { 4579 /* resetting auth */ 4580 if (auth->name != NULL) 4581 free(auth->name, M_DEVBUF, 0); 4582 if (auth->secret != NULL) 4583 free(auth->secret, M_DEVBUF, 0); 4584 bzero(auth, sizeof *auth); 4585 explicit_bzero(sp->chap_challenge, sizeof sp->chap_challenge); 4586 } else { 4587 /* setting/changing auth */ 4588 auth->proto = spa->proto; 4589 auth->flags = spa->flags; 4590 4591 spa->name[AUTHMAXLEN - 1] = '\0'; 4592 len = strlen(spa->name) + 1; 4593 p = malloc(len, M_DEVBUF, M_WAITOK); 4594 strlcpy(p, spa->name, len); 4595 if (auth->name != NULL) 4596 free(auth->name, M_DEVBUF, 0); 4597 auth->name = p; 4598 4599 if (spa->secret[0] != '\0') { 4600 spa->secret[AUTHMAXLEN - 1] = '\0'; 4601 len = strlen(spa->secret) + 1; 4602 p = malloc(len, M_DEVBUF, M_WAITOK); 4603 strlcpy(p, spa->secret, len); 4604 if (auth->secret != NULL) 4605 free(auth->secret, M_DEVBUF, 0); 4606 auth->secret = p; 4607 } else if (!auth->secret) { 4608 p = malloc(1, M_DEVBUF, M_WAITOK); 4609 p[0] = '\0'; 4610 auth->secret = p; 4611 } 4612 } 4613 free(spa, M_DEVBUF, 0); 4614 break; 4615 } 4616 default: 4617 return EINVAL; 4618 } 4619 4620 return (ENETRESET); 4621 } 4622 4623 void 4624 sppp_phase_network(struct sppp *sp) 4625 { 4626 int i; 4627 u_long mask; 4628 4629 sp->pp_phase = PHASE_NETWORK; 4630 4631 sppp_set_phase(sp); 4632 4633 /* Notify NCPs now. */ 4634 for (i = 0; i < IDX_COUNT; i++) 4635 if ((cps[i])->flags & CP_NCP) 4636 (cps[i])->Open(sp); 4637 4638 /* Send Up events to all NCPs. */ 4639 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 4640 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP)) 4641 (cps[i])->Up(sp); 4642 4643 /* if no NCP is starting, all this was in vain, close down */ 4644 sppp_lcp_check_and_close(sp); 4645 } 4646 4647 4648 const char * 4649 sppp_cp_type_name(u_char type) 4650 { 4651 static char buf[12]; 4652 switch (type) { 4653 case CONF_REQ: return "conf-req"; 4654 case CONF_ACK: return "conf-ack"; 4655 case CONF_NAK: return "conf-nak"; 4656 case CONF_REJ: return "conf-rej"; 4657 case TERM_REQ: return "term-req"; 4658 case TERM_ACK: return "term-ack"; 4659 case CODE_REJ: return "code-rej"; 4660 case PROTO_REJ: return "proto-rej"; 4661 case ECHO_REQ: return "echo-req"; 4662 case ECHO_REPLY: return "echo-reply"; 4663 case DISC_REQ: return "discard-req"; 4664 } 4665 snprintf (buf, sizeof buf, "0x%x", type); 4666 return buf; 4667 } 4668 4669 const char * 4670 sppp_auth_type_name(u_short proto, u_char type) 4671 { 4672 static char buf[12]; 4673 switch (proto) { 4674 case PPP_CHAP: 4675 switch (type) { 4676 case CHAP_CHALLENGE: return "challenge"; 4677 case CHAP_RESPONSE: return "response"; 4678 case CHAP_SUCCESS: return "success"; 4679 case CHAP_FAILURE: return "failure"; 4680 } 4681 case PPP_PAP: 4682 switch (type) { 4683 case PAP_REQ: return "req"; 4684 case PAP_ACK: return "ack"; 4685 case PAP_NAK: return "nak"; 4686 } 4687 } 4688 snprintf (buf, sizeof buf, "0x%x", type); 4689 return buf; 4690 } 4691 4692 const char * 4693 sppp_lcp_opt_name(u_char opt) 4694 { 4695 static char buf[12]; 4696 switch (opt) { 4697 case LCP_OPT_MRU: return "mru"; 4698 case LCP_OPT_ASYNC_MAP: return "async-map"; 4699 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 4700 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 4701 case LCP_OPT_MAGIC: return "magic"; 4702 case LCP_OPT_PROTO_COMP: return "proto-comp"; 4703 case LCP_OPT_ADDR_COMP: return "addr-comp"; 4704 } 4705 snprintf (buf, sizeof buf, "0x%x", opt); 4706 return buf; 4707 } 4708 4709 const char * 4710 sppp_ipcp_opt_name(u_char opt) 4711 { 4712 static char buf[12]; 4713 switch (opt) { 4714 case IPCP_OPT_ADDRESSES: return "addresses"; 4715 case IPCP_OPT_COMPRESSION: return "compression"; 4716 case IPCP_OPT_ADDRESS: return "address"; 4717 } 4718 snprintf (buf, sizeof buf, "0x%x", opt); 4719 return buf; 4720 } 4721 4722 #ifdef INET6 4723 const char * 4724 sppp_ipv6cp_opt_name(u_char opt) 4725 { 4726 static char buf[12]; 4727 switch (opt) { 4728 case IPV6CP_OPT_IFID: return "ifid"; 4729 case IPV6CP_OPT_COMPRESSION: return "compression"; 4730 } 4731 snprintf (buf, sizeof buf, "0x%x", opt); 4732 return buf; 4733 } 4734 #endif 4735 4736 const char * 4737 sppp_state_name(int state) 4738 { 4739 switch (state) { 4740 case STATE_INITIAL: return "initial"; 4741 case STATE_STARTING: return "starting"; 4742 case STATE_CLOSED: return "closed"; 4743 case STATE_STOPPED: return "stopped"; 4744 case STATE_CLOSING: return "closing"; 4745 case STATE_STOPPING: return "stopping"; 4746 case STATE_REQ_SENT: return "req-sent"; 4747 case STATE_ACK_RCVD: return "ack-rcvd"; 4748 case STATE_ACK_SENT: return "ack-sent"; 4749 case STATE_OPENED: return "opened"; 4750 } 4751 return "illegal"; 4752 } 4753 4754 const char * 4755 sppp_phase_name(enum ppp_phase phase) 4756 { 4757 switch (phase) { 4758 case PHASE_DEAD: return "dead"; 4759 case PHASE_ESTABLISH: return "establish"; 4760 case PHASE_TERMINATE: return "terminate"; 4761 case PHASE_AUTHENTICATE: return "authenticate"; 4762 case PHASE_NETWORK: return "network"; 4763 } 4764 return "illegal"; 4765 } 4766 4767 const char * 4768 sppp_proto_name(u_short proto) 4769 { 4770 static char buf[12]; 4771 switch (proto) { 4772 case PPP_LCP: return "lcp"; 4773 case PPP_IPCP: return "ipcp"; 4774 case PPP_IPV6CP: return "ipv6cp"; 4775 case PPP_PAP: return "pap"; 4776 case PPP_CHAP: return "chap"; 4777 } 4778 snprintf(buf, sizeof buf, "0x%x", (unsigned)proto); 4779 return buf; 4780 } 4781 4782 void 4783 sppp_print_bytes(const u_char *p, u_short len) 4784 { 4785 addlog(" %02x", *p++); 4786 while (--len > 0) 4787 addlog("-%02x", *p++); 4788 } 4789 4790 void 4791 sppp_print_string(const char *p, u_short len) 4792 { 4793 u_char c; 4794 4795 while (len-- > 0) { 4796 c = *p++; 4797 /* 4798 * Print only ASCII chars directly. RFC 1994 recommends 4799 * using only them, but we don't rely on it. */ 4800 if (c < ' ' || c > '~') 4801 addlog("\\x%x", c); 4802 else 4803 addlog("%c", c); 4804 } 4805 } 4806 4807 const char * 4808 sppp_dotted_quad(u_int32_t addr) 4809 { 4810 static char s[16]; 4811 snprintf(s, sizeof s, "%d.%d.%d.%d", 4812 (int)((addr >> 24) & 0xff), 4813 (int)((addr >> 16) & 0xff), 4814 (int)((addr >> 8) & 0xff), 4815 (int)(addr & 0xff)); 4816 return s; 4817 } 4818 4819 /* a dummy, used to drop uninteresting events */ 4820 void 4821 sppp_null(struct sppp *unused) 4822 { 4823 /* do just nothing */ 4824 } 4825 4826 void 4827 sppp_set_phase(struct sppp *sp) 4828 { 4829 STDDCL; 4830 int lstate; 4831 4832 if (debug) 4833 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 4834 sppp_phase_name(sp->pp_phase)); 4835 4836 /* set link state */ 4837 if (sp->pp_phase == PHASE_NETWORK) 4838 lstate = LINK_STATE_UP; 4839 else 4840 lstate = LINK_STATE_DOWN; 4841 4842 if (ifp->if_link_state != lstate) { 4843 ifp->if_link_state = lstate; 4844 if_link_state_change(ifp); 4845 } 4846 } 4847