1 /* $OpenBSD: if_spppsubr.c,v 1.155 2016/07/11 13:06:31 bluhm Exp $ */
2 /*
3 * Synchronous PPP link level subroutines.
4 *
5 * Copyright (C) 1994-1996 Cronyx Engineering Ltd.
6 * Author: Serge Vakulenko, <vak@cronyx.ru>
7 *
8 * Heavily revamped to conform to RFC 1661.
9 * Copyright (C) 1997, Joerg Wunsch.
10 *
11 * RFC2472 IPv6CP support.
12 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun@iijlab.net>.
13 *
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions are met:
16 * 1. Redistributions of source code must retain the above copyright notice,
17 * this list of conditions and the following disclaimer.
18 * 2. Redistributions in binary form must reproduce the above copyright notice,
19 * this list of conditions and the following disclaimer in the documentation
20 * and/or other materials provided with the distribution.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY
23 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE
26 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
29 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32 * POSSIBILITY OF SUCH DAMAGE.
33 *
34 * From: Version 2.6, Tue May 12 17:10:39 MSD 1998
35 */
36
37 #include <sys/param.h>
38
39 #include <sys/systm.h>
40 #include <sys/kernel.h>
41 #include <sys/sockio.h>
42 #include <sys/socket.h>
43 #include <sys/syslog.h>
44 #include <sys/malloc.h>
45 #include <sys/mbuf.h>
46
47 #include <sys/timeout.h>
48 #include <crypto/md5.h>
49
50 #include <net/if.h>
51 #include <net/if_var.h>
52 #include <net/netisr.h>
53 #include <net/if_types.h>
54 #include <net/route.h>
55
56 #include <sys/stdarg.h>
57
58 #include <netinet/in.h>
59 #include <netinet/in_var.h>
60 #include <netinet/ip.h>
61 #include <netinet/tcp.h>
62 #include <netinet/if_ether.h>
63
64 #ifdef INET6
65 #include <netinet6/in6_ifattach.h>
66 #endif
67
68 #include <net/if_sppp.h>
69
70 # define UNTIMEOUT(fun, arg, handle) \
71 timeout_del(&(handle))
72
73 #define LOOPALIVECNT 3 /* loopback detection tries */
74 #define MAXALIVECNT 3 /* max. missed alive packets */
75 #define NORECV_TIME 15 /* before we get worried */
76
77 /*
78 * Interface flags that can be set in an ifconfig command.
79 *
80 * Setting link0 will make the link passive, i.e. it will be marked
81 * as being administrative openable, but won't be opened to begin
82 * with. Incoming calls will be answered, or subsequent calls with
83 * -link1 will cause the administrative open of the LCP layer.
84 *
85 * Setting link1 will cause the link to auto-dial only as packets
86 * arrive to be sent.
87 *
88 * Setting IFF_DEBUG will syslog the option negotiation and state
89 * transitions at level kern.debug. Note: all logs consistently look
90 * like
91 *
92 * <if-name><unit>: <proto-name> <additional info...>
93 *
94 * with <if-name><unit> being something like "bppp0", and <proto-name>
95 * being one of "lcp", "ipcp", "chap", "pap", etc.
96 */
97
98 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */
99 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */
100
101 #define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */
102 #define PPP_UI 0x03 /* Unnumbered Information */
103 #define PPP_IP 0x0021 /* Internet Protocol */
104 #define PPP_ISO 0x0023 /* ISO OSI Protocol */
105 #define PPP_XNS 0x0025 /* Xerox NS Protocol */
106 #define PPP_IPX 0x002b /* Novell IPX Protocol */
107 #define PPP_IPV6 0x0057 /* Internet Protocol v6 */
108 #define PPP_LCP 0xc021 /* Link Control Protocol */
109 #define PPP_PAP 0xc023 /* Password Authentication Protocol */
110 #define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */
111 #define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */
112 #define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */
113
114 #define CONF_REQ 1 /* PPP configure request */
115 #define CONF_ACK 2 /* PPP configure acknowledge */
116 #define CONF_NAK 3 /* PPP configure negative ack */
117 #define CONF_REJ 4 /* PPP configure reject */
118 #define TERM_REQ 5 /* PPP terminate request */
119 #define TERM_ACK 6 /* PPP terminate acknowledge */
120 #define CODE_REJ 7 /* PPP code reject */
121 #define PROTO_REJ 8 /* PPP protocol reject */
122 #define ECHO_REQ 9 /* PPP echo request */
123 #define ECHO_REPLY 10 /* PPP echo reply */
124 #define DISC_REQ 11 /* PPP discard request */
125
126 #define LCP_OPT_MRU 1 /* maximum receive unit */
127 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */
128 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */
129 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */
130 #define LCP_OPT_MAGIC 5 /* magic number */
131 #define LCP_OPT_RESERVED 6 /* reserved */
132 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */
133 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */
134
135 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */
136 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */
137 #define IPCP_OPT_ADDRESS 3 /* local IP address */
138
139 #define IPV6CP_OPT_IFID 1 /* interface identifier */
140 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */
141
142 #define PAP_REQ 1 /* PAP name/password request */
143 #define PAP_ACK 2 /* PAP acknowledge */
144 #define PAP_NAK 3 /* PAP fail */
145
146 #define CHAP_CHALLENGE 1 /* CHAP challenge request */
147 #define CHAP_RESPONSE 2 /* CHAP challenge response */
148 #define CHAP_SUCCESS 3 /* CHAP response ok */
149 #define CHAP_FAILURE 4 /* CHAP response failed */
150
151 #define CHAP_MD5 5 /* hash algorithm - MD5 */
152
153 /* states are named and numbered according to RFC 1661 */
154 #define STATE_INITIAL 0
155 #define STATE_STARTING 1
156 #define STATE_CLOSED 2
157 #define STATE_STOPPED 3
158 #define STATE_CLOSING 4
159 #define STATE_STOPPING 5
160 #define STATE_REQ_SENT 6
161 #define STATE_ACK_RCVD 7
162 #define STATE_ACK_SENT 8
163 #define STATE_OPENED 9
164
165 #define PKTHDRLEN 2
166
167 struct ppp_header {
168 u_char address;
169 u_char control;
170 u_short protocol;
171 };
172 #define PPP_HEADER_LEN sizeof (struct ppp_header)
173
174 struct lcp_header {
175 u_char type;
176 u_char ident;
177 u_short len;
178 };
179 #define LCP_HEADER_LEN sizeof (struct lcp_header)
180
181 /*
182 * We follow the spelling and capitalization of RFC 1661 here, to make
183 * it easier comparing with the standard. Please refer to this RFC in
184 * case you can't make sense out of these abbreviation; it will also
185 * explain the semantics related to the various events and actions.
186 */
187 struct cp {
188 u_short proto; /* PPP control protocol number */
189 u_char protoidx; /* index into state table in struct sppp */
190 u_char flags;
191 #define CP_LCP 0x01 /* this is the LCP */
192 #define CP_AUTH 0x02 /* this is an authentication protocol */
193 #define CP_NCP 0x04 /* this is a NCP */
194 #define CP_QUAL 0x08 /* this is a quality reporting protocol */
195 const char *name; /* name of this control protocol */
196 /* event handlers */
197 void (*Up)(struct sppp *sp);
198 void (*Down)(struct sppp *sp);
199 void (*Open)(struct sppp *sp);
200 void (*Close)(struct sppp *sp);
201 void (*TO)(void *sp);
202 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len);
203 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len);
204 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len);
205 /* actions */
206 void (*tlu)(struct sppp *sp);
207 void (*tld)(struct sppp *sp);
208 void (*tls)(struct sppp *sp);
209 void (*tlf)(struct sppp *sp);
210 void (*scr)(struct sppp *sp);
211 };
212
213 static struct sppp *spppq;
214 static struct timeout keepalive_ch;
215
216 #define SPP_FMT "%s: "
217 #define SPP_ARGS(ifp) (ifp)->if_xname
218
219 /* almost every function needs these */
220 #define STDDCL \
221 struct ifnet *ifp = &sp->pp_if; \
222 int debug = ifp->if_flags & IFF_DEBUG
223
224 int sppp_output(struct ifnet *ifp, struct mbuf *m,
225 struct sockaddr *dst, struct rtentry *rt);
226
227 void sppp_cp_input(const struct cp *cp, struct sppp *sp,
228 struct mbuf *m);
229 void sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
230 u_char ident, u_short len, void *data);
231 #ifdef notyet
232 void sppp_cp_timeout(void *arg);
233 #endif
234 void sppp_cp_change_state(const struct cp *cp, struct sppp *sp,
235 int newstate);
236 void sppp_auth_send(const struct cp *cp,
237 struct sppp *sp, unsigned int type, u_int id,
238 ...);
239
240 void sppp_up_event(const struct cp *cp, struct sppp *sp);
241 void sppp_down_event(const struct cp *cp, struct sppp *sp);
242 void sppp_open_event(const struct cp *cp, struct sppp *sp);
243 void sppp_close_event(const struct cp *cp, struct sppp *sp);
244 void sppp_increasing_timeout(const struct cp *cp, struct sppp *sp);
245 void sppp_to_event(const struct cp *cp, struct sppp *sp);
246
247 void sppp_null(struct sppp *sp);
248
249 void sppp_lcp_init(struct sppp *sp);
250 void sppp_lcp_up(struct sppp *sp);
251 void sppp_lcp_down(struct sppp *sp);
252 void sppp_lcp_open(struct sppp *sp);
253 void sppp_lcp_close(struct sppp *sp);
254 void sppp_lcp_TO(void *sp);
255 int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
256 void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
257 void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
258 void sppp_lcp_tlu(struct sppp *sp);
259 void sppp_lcp_tld(struct sppp *sp);
260 void sppp_lcp_tls(struct sppp *sp);
261 void sppp_lcp_tlf(struct sppp *sp);
262 void sppp_lcp_scr(struct sppp *sp);
263 void sppp_lcp_check_and_close(struct sppp *sp);
264 int sppp_ncp_check(struct sppp *sp);
265
266 void sppp_ipcp_init(struct sppp *sp);
267 void sppp_ipcp_destroy(struct sppp *sp);
268 void sppp_ipcp_up(struct sppp *sp);
269 void sppp_ipcp_down(struct sppp *sp);
270 void sppp_ipcp_open(struct sppp *sp);
271 void sppp_ipcp_close(struct sppp *sp);
272 void sppp_ipcp_TO(void *sp);
273 int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
274 void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
275 void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
276 void sppp_ipcp_tlu(struct sppp *sp);
277 void sppp_ipcp_tld(struct sppp *sp);
278 void sppp_ipcp_tls(struct sppp *sp);
279 void sppp_ipcp_tlf(struct sppp *sp);
280 void sppp_ipcp_scr(struct sppp *sp);
281
282 void sppp_ipv6cp_init(struct sppp *sp);
283 void sppp_ipv6cp_destroy(struct sppp *sp);
284 void sppp_ipv6cp_up(struct sppp *sp);
285 void sppp_ipv6cp_down(struct sppp *sp);
286 void sppp_ipv6cp_open(struct sppp *sp);
287 void sppp_ipv6cp_close(struct sppp *sp);
288 void sppp_ipv6cp_TO(void *sp);
289 int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len);
290 void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
291 void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
292 void sppp_ipv6cp_tlu(struct sppp *sp);
293 void sppp_ipv6cp_tld(struct sppp *sp);
294 void sppp_ipv6cp_tls(struct sppp *sp);
295 void sppp_ipv6cp_tlf(struct sppp *sp);
296 void sppp_ipv6cp_scr(struct sppp *sp);
297 const char *sppp_ipv6cp_opt_name(u_char opt);
298 void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src,
299 struct in6_addr *dst, struct in6_addr *srcmask);
300 void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src, const struct in6_addr *dst);
301 void sppp_update_ip6_addr(void *sp);
302 void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest);
303
304 void sppp_pap_input(struct sppp *sp, struct mbuf *m);
305 void sppp_pap_init(struct sppp *sp);
306 void sppp_pap_open(struct sppp *sp);
307 void sppp_pap_close(struct sppp *sp);
308 void sppp_pap_TO(void *sp);
309 void sppp_pap_my_TO(void *sp);
310 void sppp_pap_tlu(struct sppp *sp);
311 void sppp_pap_tld(struct sppp *sp);
312 void sppp_pap_scr(struct sppp *sp);
313
314 void sppp_chap_input(struct sppp *sp, struct mbuf *m);
315 void sppp_chap_init(struct sppp *sp);
316 void sppp_chap_open(struct sppp *sp);
317 void sppp_chap_close(struct sppp *sp);
318 void sppp_chap_TO(void *sp);
319 void sppp_chap_tlu(struct sppp *sp);
320 void sppp_chap_tld(struct sppp *sp);
321 void sppp_chap_scr(struct sppp *sp);
322
323 const char *sppp_auth_type_name(u_short proto, u_char type);
324 const char *sppp_cp_type_name(u_char type);
325 const char *sppp_dotted_quad(u_int32_t addr);
326 const char *sppp_ipcp_opt_name(u_char opt);
327 const char *sppp_lcp_opt_name(u_char opt);
328 const char *sppp_phase_name(enum ppp_phase phase);
329 const char *sppp_proto_name(u_short proto);
330 const char *sppp_state_name(int state);
331 int sppp_get_params(struct sppp *sp, struct ifreq *data);
332 int sppp_set_params(struct sppp *sp, struct ifreq *data);
333 void sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst,
334 u_int32_t *srcmask);
335 void sppp_keepalive(void *dummy);
336 void sppp_phase_network(struct sppp *sp);
337 void sppp_print_bytes(const u_char *p, u_short len);
338 void sppp_print_string(const char *p, u_short len);
339 int sppp_update_gw_walker(struct rtentry *rt, void *arg, unsigned int id);
340 void sppp_update_gw(struct ifnet *ifp);
341 void sppp_set_ip_addrs(void *);
342 void sppp_clear_ip_addrs(void *);
343 void sppp_set_phase(struct sppp *sp);
344
345 /* our control protocol descriptors */
346 static const struct cp lcp = {
347 PPP_LCP, IDX_LCP, CP_LCP, "lcp",
348 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close,
349 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak,
350 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf,
351 sppp_lcp_scr
352 };
353
354 static const struct cp ipcp = {
355 PPP_IPCP, IDX_IPCP,
356 CP_NCP,
357 "ipcp",
358 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close,
359 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak,
360 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf,
361 sppp_ipcp_scr
362 };
363
364 static const struct cp ipv6cp = {
365 PPP_IPV6CP, IDX_IPV6CP,
366 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/
367 CP_NCP,
368 #else
369 0,
370 #endif
371 "ipv6cp",
372 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close,
373 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak,
374 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf,
375 sppp_ipv6cp_scr
376 };
377
378 static const struct cp pap = {
379 PPP_PAP, IDX_PAP, CP_AUTH, "pap",
380 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close,
381 sppp_pap_TO, 0, 0, 0,
382 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null,
383 sppp_pap_scr
384 };
385
386 static const struct cp chap = {
387 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap",
388 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close,
389 sppp_chap_TO, 0, 0, 0,
390 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null,
391 sppp_chap_scr
392 };
393
394 static const struct cp *cps[IDX_COUNT] = {
395 &lcp, /* IDX_LCP */
396 &ipcp, /* IDX_IPCP */
397 &ipv6cp, /* IDX_IPV6CP */
398 &pap, /* IDX_PAP */
399 &chap, /* IDX_CHAP */
400 };
401
402
403 �/*
404 * Exported functions, comprising our interface to the lower layer.
405 */
406
407 /* Workaround */
408 void
409 spppattach(struct ifnet *ifp)
410 {
411 }
412
413 /*
414 * Process the received packet.
415 */
416 void
417 sppp_input(struct ifnet *ifp, struct mbuf *m)
418 {
419 struct ppp_header ht;
420 struct niqueue *inq = NULL;
421 struct sppp *sp = (struct sppp *)ifp;
422 struct timeval tv;
423 int debug = ifp->if_flags & IFF_DEBUG;
424
425 if (ifp->if_flags & IFF_UP) {
426 /* Count received bytes, add hardware framing */
427 ifp->if_ibytes += m->m_pkthdr.len + sp->pp_framebytes;
428 /* Note time of last receive */
429 getmicrouptime(&tv);
430 sp->pp_last_receive = tv.tv_sec;
431 }
432
433 if (m->m_pkthdr.len <= PPP_HEADER_LEN) {
434 /* Too small packet, drop it. */
435 if (debug)
436 log(LOG_DEBUG,
437 SPP_FMT "input packet is too small, %d bytes\n",
438 SPP_ARGS(ifp), m->m_pkthdr.len);
439 drop:
440 m_freem (m);
441 dropped:
442 ++ifp->if_ierrors;
443 ++ifp->if_iqdrops;
444 return;
445 }
446
447 /* mark incoming routing domain */
448 m->m_pkthdr.ph_rtableid = ifp->if_rdomain;
449
450 m_copydata(m, 0, sizeof(ht.protocol), (caddr_t)&ht.protocol);
451 m_adj(m, 2);
452 ht.control = PPP_UI;
453 ht.address = PPP_ALLSTATIONS;
454
455 /* preserve the alignment */
456 if (m->m_len < m->m_pkthdr.len) {
457 m = m_pullup(m, m->m_pkthdr.len);
458 if (m == NULL) {
459 if (debug)
460 log(LOG_DEBUG,
461 SPP_FMT "Failed to align packet!\n", SPP_ARGS(ifp));
462 ++ifp->if_ierrors;
463 ++ifp->if_iqdrops;
464 return;
465 }
466 }
467
468 switch (ht.address) {
469 case PPP_ALLSTATIONS:
470 if (ht.control != PPP_UI)
471 goto invalid;
472 switch (ntohs (ht.protocol)) {
473 default:
474 if (sp->state[IDX_LCP] == STATE_OPENED)
475 sppp_cp_send (sp, PPP_LCP, PROTO_REJ,
476 ++sp->pp_seq, 2, &ht.protocol);
477 if (debug)
478 log(LOG_DEBUG,
479 SPP_FMT "invalid input protocol "
480 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
481 SPP_ARGS(ifp),
482 ht.address, ht.control, ntohs(ht.protocol));
483 ++ifp->if_noproto;
484 goto drop;
485 case PPP_LCP:
486 sppp_cp_input(&lcp, sp, m);
487 m_freem (m);
488 return;
489 case PPP_PAP:
490 if (sp->pp_phase >= PHASE_AUTHENTICATE)
491 sppp_pap_input(sp, m);
492 m_freem (m);
493 return;
494 case PPP_CHAP:
495 if (sp->pp_phase >= PHASE_AUTHENTICATE)
496 sppp_chap_input(sp, m);
497 m_freem (m);
498 return;
499 case PPP_IPCP:
500 if (sp->pp_phase == PHASE_NETWORK)
501 sppp_cp_input(&ipcp, sp, m);
502 m_freem (m);
503 return;
504 case PPP_IP:
505 if (sp->state[IDX_IPCP] == STATE_OPENED) {
506 inq = &ipintrq;
507 sp->pp_last_activity = tv.tv_sec;
508 }
509 break;
510 #ifdef INET6
511 case PPP_IPV6CP:
512 if (sp->pp_phase == PHASE_NETWORK)
513 sppp_cp_input(&ipv6cp, sp, m);
514 m_freem (m);
515 return;
516 case PPP_IPV6:
517 if (sp->state[IDX_IPV6CP] == STATE_OPENED) {
518 inq = &ip6intrq;
519 sp->pp_last_activity = tv.tv_sec;
520 }
521 break;
522 #endif
523 }
524 break;
525 default: /* Invalid PPP packet. */
526 invalid:
527 if (debug)
528 log(LOG_DEBUG,
529 SPP_FMT "invalid input packet "
530 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
531 SPP_ARGS(ifp),
532 ht.address, ht.control, ntohs(ht.protocol));
533 goto drop;
534 }
535
536 if (! (ifp->if_flags & IFF_UP) || ! inq)
537 goto drop;
538
539 if (niq_enqueue(inq, m) != 0) {
540 /* Queue overflow. */
541 if (debug)
542 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n",
543 SPP_ARGS(ifp));
544 goto dropped;
545 }
546 }
547
548 /*
549 * Enqueue transmit packet.
550 */
551 int
552 sppp_output(struct ifnet *ifp, struct mbuf *m,
553 struct sockaddr *dst, struct rtentry *rt)
554 {
555 struct sppp *sp = (struct sppp*) ifp;
556 struct timeval tv;
557 int s, rv = 0;
558 u_int16_t protocol;
559
560 #ifdef DIAGNOSTIC
561 if (ifp->if_rdomain != rtable_l2(m->m_pkthdr.ph_rtableid)) {
562 printf("%s: trying to send packet on wrong domain. "
563 "if %d vs. mbuf %d, AF %d\n", ifp->if_xname,
564 ifp->if_rdomain, rtable_l2(m->m_pkthdr.ph_rtableid),
565 dst->sa_family);
566 }
567 #endif
568
569 s = splnet();
570
571 getmicrouptime(&tv);
572 sp->pp_last_activity = tv.tv_sec;
573
574 if ((ifp->if_flags & IFF_UP) == 0 ||
575 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) {
576 m_freem (m);
577 splx (s);
578 return (ENETDOWN);
579 }
580
581 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) {
582 /*
583 * Interface is not yet running, but auto-dial. Need
584 * to start LCP for it.
585 */
586 ifp->if_flags |= IFF_RUNNING;
587 splx(s);
588 lcp.Open(sp);
589 s = splnet();
590 }
591
592 if (dst->sa_family == AF_INET) {
593 struct ip *ip = NULL;
594
595 /*
596 * When using dynamic local IP address assignment by using
597 * 0.0.0.0 as a local address, the first TCP session will
598 * not connect because the local TCP checksum is computed
599 * using 0.0.0.0 which will later become our real IP address
600 * so the TCP checksum computed at the remote end will
601 * become invalid. So we
602 * - don't let packets with src ip addr 0 thru
603 * - we flag TCP packets with src ip 0 as an error
604 */
605
606 if(ip && ip->ip_src.s_addr == INADDR_ANY) {
607 u_int8_t proto = ip->ip_p;
608
609 m_freem(m);
610 splx(s);
611 if(proto == IPPROTO_TCP)
612 return (EADDRNOTAVAIL);
613 else
614 return (0);
615 }
616 }
617
618 switch (dst->sa_family) {
619 case AF_INET: /* Internet Protocol */
620 /*
621 * Don't choke with an ENETDOWN early. It's
622 * possible that we just started dialing out,
623 * so don't drop the packet immediately. If
624 * we notice that we run out of buffer space
625 * below, we will however remember that we are
626 * not ready to carry IP packets, and return
627 * ENETDOWN, as opposed to ENOBUFS.
628 */
629 protocol = htons(PPP_IP);
630 if (sp->state[IDX_IPCP] != STATE_OPENED)
631 rv = ENETDOWN;
632 break;
633 #ifdef INET6
634 case AF_INET6: /* Internet Protocol v6 */
635 /*
636 * Don't choke with an ENETDOWN early. It's
637 * possible that we just started dialing out,
638 * so don't drop the packet immediately. If
639 * we notice that we run out of buffer space
640 * below, we will however remember that we are
641 * not ready to carry IPv6 packets, and return
642 * ENETDOWN, as opposed to ENOBUFS.
643 */
644 protocol = htons(PPP_IPV6);
645 if (sp->state[IDX_IPV6CP] != STATE_OPENED)
646 rv = ENETDOWN;
647 break;
648 #endif
649 default:
650 m_freem(m);
651 ++ifp->if_oerrors;
652 splx(s);
653 return (EAFNOSUPPORT);
654 }
655
656 M_PREPEND(m, 2, M_DONTWAIT);
657 if (m == NULL) {
658 if (ifp->if_flags & IFF_DEBUG)
659 log(LOG_DEBUG, SPP_FMT
660 "no memory for transmit header\n",
661 SPP_ARGS(ifp));
662 ++ifp->if_oerrors;
663 splx(s);
664 return (ENOBUFS);
665 }
666 *mtod(m, u_int16_t *) = protocol;
667
668 /*
669 * Queue message on interface, and start output if interface
670 * not yet active.
671 */
672 rv = if_enqueue(ifp, m);
673 if (rv != 0) {
674 ifp->if_oerrors++;
675 return (rv);
676 }
677
678 /*
679 * Count output packets and bytes.
680 * The packet length includes header, FCS and 1 flag,
681 * according to RFC 1333.
682 */
683 ifp->if_obytes += sp->pp_framebytes;
684
685 return (0);
686 }
687
688 void
689 sppp_attach(struct ifnet *ifp)
690 {
691 struct sppp *sp = (struct sppp*) ifp;
692 int i;
693
694 /* Initialize keepalive handler. */
695 if (! spppq) {
696 timeout_set(&keepalive_ch, sppp_keepalive, NULL);
697 timeout_add_sec(&keepalive_ch, 10);
698 }
699
700 /* Insert new entry into the keepalive list. */
701 sp->pp_next = spppq;
702 spppq = sp;
703
704 sp->pp_if.if_type = IFT_PPP;
705 sp->pp_if.if_output = sppp_output;
706 IFQ_SET_MAXLEN(&sp->pp_if.if_snd, 50);
707 mq_init(&sp->pp_cpq, 50, IPL_NET);
708 sp->pp_loopcnt = 0;
709 sp->pp_alivecnt = 0;
710 sp->pp_last_activity = 0;
711 sp->pp_last_receive = 0;
712 sp->pp_seq = 0;
713 sp->pp_rseq = 0;
714 sp->pp_phase = PHASE_DEAD;
715 sp->pp_up = lcp.Up;
716 sp->pp_down = lcp.Down;
717
718 for (i = 0; i < IDX_COUNT; i++)
719 timeout_set(&sp->ch[i], (cps[i])->TO, (void *)sp);
720 timeout_set(&sp->pap_my_to_ch, sppp_pap_my_TO, (void *)sp);
721
722 sppp_lcp_init(sp);
723 sppp_ipcp_init(sp);
724 sppp_ipv6cp_init(sp);
725 sppp_pap_init(sp);
726 sppp_chap_init(sp);
727 }
728
729 void
730 sppp_detach(struct ifnet *ifp)
731 {
732 struct sppp **q, *p, *sp = (struct sppp*) ifp;
733 int i;
734
735 sppp_ipcp_destroy(sp);
736 sppp_ipv6cp_destroy(sp);
737
738 /* Remove the entry from the keepalive list. */
739 for (q = &spppq; (p = *q); q = &p->pp_next)
740 if (p == sp) {
741 *q = p->pp_next;
742 break;
743 }
744
745 /* Stop keepalive handler. */
746 if (! spppq)
747 UNTIMEOUT(sppp_keepalive, 0, keepalive_ch);
748
749 for (i = 0; i < IDX_COUNT; i++)
750 UNTIMEOUT((cps[i])->TO, (void *)sp, sp->ch[i]);
751 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
752
753 /* release authentication data */
754 if (sp->myauth.name != NULL)
755 free(sp->myauth.name, M_DEVBUF, 0);
756 if (sp->myauth.secret != NULL)
757 free(sp->myauth.secret, M_DEVBUF, 0);
758 if (sp->hisauth.name != NULL)
759 free(sp->hisauth.name, M_DEVBUF, 0);
760 if (sp->hisauth.secret != NULL)
761 free(sp->hisauth.secret, M_DEVBUF, 0);
762 }
763
764 /*
765 * Flush the interface output queue.
766 */
767 void
768 sppp_flush(struct ifnet *ifp)
769 {
770 struct sppp *sp = (struct sppp*) ifp;
771
772 IFQ_PURGE(&sp->pp_if.if_snd);
773 mq_purge(&sp->pp_cpq);
774 }
775
776 /*
777 * Check if the output queue is empty.
778 */
779 int
780 sppp_isempty(struct ifnet *ifp)
781 {
782 struct sppp *sp = (struct sppp*) ifp;
783 int empty, s;
784
785 s = splnet();
786 empty = mq_empty(&sp->pp_cpq) && IFQ_IS_EMPTY(&sp->pp_if.if_snd);
787 splx(s);
788 return (empty);
789 }
790
791 /*
792 * Get next packet to send.
793 */
794 struct mbuf *
795 sppp_dequeue(struct ifnet *ifp)
796 {
797 struct sppp *sp = (struct sppp*) ifp;
798 struct mbuf *m;
799 int s;
800
801 s = splnet();
802 /*
803 * Process only the control protocol queue until we have at
804 * least one NCP open.
805 */
806 m = mq_dequeue(&sp->pp_cpq);
807 if (m == NULL && sppp_ncp_check(sp)) {
808 IFQ_DEQUEUE (&sp->pp_if.if_snd, m);
809 }
810 splx(s);
811 return m;
812 }
813
814 /*
815 * Process an ioctl request. Called on low priority level.
816 */
817 int
818 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data)
819 {
820 struct ifreq *ifr = data;
821 struct sppp *sp = (struct sppp*) ifp;
822 int s, rv, going_up, going_down, newmode;
823
824 s = splnet();
825 rv = 0;
826 switch (cmd) {
827 case SIOCAIFADDR:
828 case SIOCSIFDSTADDR:
829 break;
830
831 case SIOCSIFADDR:
832 if_up(ifp);
833 /* FALLTHROUGH */
834
835 case SIOCSIFFLAGS:
836 going_up = (ifp->if_flags & IFF_UP) &&
837 (ifp->if_flags & IFF_RUNNING) == 0;
838 going_down = (ifp->if_flags & IFF_UP) == 0 &&
839 (ifp->if_flags & IFF_RUNNING);
840 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE);
841 if (newmode == (IFF_AUTO | IFF_PASSIVE)) {
842 /* sanity */
843 newmode = IFF_PASSIVE;
844 ifp->if_flags &= ~IFF_AUTO;
845 }
846
847 if (going_up || going_down)
848 lcp.Close(sp);
849
850 if (going_up && newmode == 0) {
851 /* neither auto-dial nor passive */
852 ifp->if_flags |= IFF_RUNNING;
853 lcp.Open(sp);
854 } else if (going_down) {
855 sppp_flush(ifp);
856 ifp->if_flags &= ~IFF_RUNNING;
857 }
858 break;
859
860 case SIOCSIFMTU:
861 if (ifr->ifr_mtu < 128 ||
862 (sp->lcp.their_mru > 0 &&
863 ifr->ifr_mtu > sp->lcp.their_mru)) {
864 splx(s);
865 return (EINVAL);
866 }
867 ifp->if_mtu = ifr->ifr_mtu;
868 break;
869 case SIOCGIFMTU:
870 ifr->ifr_mtu = ifp->if_mtu;
871 break;
872 case SIOCGIFHARDMTU:
873 ifr->ifr_hardmtu = ifp->if_hardmtu;
874 break;
875 case SIOCADDMULTI:
876 case SIOCDELMULTI:
877 break;
878
879 case SIOCGSPPPPARAMS:
880 rv = sppp_get_params(sp, ifr);
881 break;
882
883 case SIOCSSPPPPARAMS:
884 rv = sppp_set_params(sp, ifr);
885 break;
886
887 default:
888 rv = ENOTTY;
889 }
890 splx(s);
891 return rv;
892 }
893
894 �/*
895 * PPP protocol implementation.
896 */
897
898 /*
899 * Send PPP control protocol packet.
900 */
901 void
902 sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
903 u_char ident, u_short len, void *data)
904 {
905 STDDCL;
906 int s;
907 struct lcp_header *lh;
908 struct mbuf *m;
909
910 if (len > MHLEN - PKTHDRLEN - LCP_HEADER_LEN)
911 len = MHLEN - PKTHDRLEN - LCP_HEADER_LEN;
912 MGETHDR (m, M_DONTWAIT, MT_DATA);
913 if (! m)
914 return;
915 m->m_pkthdr.len = m->m_len = PKTHDRLEN + LCP_HEADER_LEN + len;
916 m->m_pkthdr.ph_ifidx = 0;
917 m->m_pkthdr.pf.prio = sp->pp_if.if_llprio;
918
919 *mtod(m, u_int16_t *) = htons(proto);
920 lh = (struct lcp_header *)(mtod(m, u_int8_t *) + 2);
921 lh->type = type;
922 lh->ident = ident;
923 lh->len = htons (LCP_HEADER_LEN + len);
924 if (len)
925 bcopy (data, lh+1, len);
926
927 if (debug) {
928 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d",
929 SPP_ARGS(ifp),
930 sppp_proto_name(proto),
931 sppp_cp_type_name (lh->type), lh->ident,
932 ntohs (lh->len));
933 if (len)
934 sppp_print_bytes ((u_char*) (lh+1), len);
935 addlog(">\n");
936 }
937
938 len = m->m_pkthdr.len + sp->pp_framebytes;
939 if (mq_enqueue(&sp->pp_cpq, m) != 0) {
940 ifp->if_oerrors++;
941 return;
942 }
943
944 ifp->if_obytes += len;
945 s = splnet();
946 if_start(ifp);
947 splx(s);
948 }
949
950 /*
951 * Handle incoming PPP control protocol packets.
952 */
953 void
954 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m)
955 {
956 STDDCL;
957 struct lcp_header *h;
958 int len = m->m_pkthdr.len;
959 int rv;
960 u_char *p;
961 u_long nmagic;
962
963 if (len < 4) {
964 if (debug)
965 log(LOG_DEBUG,
966 SPP_FMT "%s invalid packet length: %d bytes\n",
967 SPP_ARGS(ifp), cp->name, len);
968 return;
969 }
970 h = mtod (m, struct lcp_header*);
971 if (debug) {
972 log(LOG_DEBUG,
973 SPP_FMT "%s input(%s): <%s id=0x%x len=%d",
974 SPP_ARGS(ifp), cp->name,
975 sppp_state_name(sp->state[cp->protoidx]),
976 sppp_cp_type_name (h->type), h->ident, ntohs (h->len));
977 if (len > 4)
978 sppp_print_bytes ((u_char*) (h+1), len-4);
979 addlog(">\n");
980 }
981 if (len > ntohs (h->len))
982 len = ntohs (h->len);
983 p = (u_char *)(h + 1);
984 switch (h->type) {
985 case CONF_REQ:
986 if (len < 4) {
987 if (debug)
988 addlog(SPP_FMT "%s invalid conf-req length %d\n",
989 SPP_ARGS(ifp), cp->name,
990 len);
991 ++ifp->if_ierrors;
992 break;
993 }
994 /* handle states where RCR doesn't get a SCA/SCN */
995 switch (sp->state[cp->protoidx]) {
996 case STATE_CLOSING:
997 case STATE_STOPPING:
998 return;
999 case STATE_CLOSED:
1000 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident,
1001 0, 0);
1002 return;
1003 }
1004 rv = (cp->RCR)(sp, h, len);
1005 /* silently drop illegal packets */
1006 if (rv == -1)
1007 return;
1008 switch (sp->state[cp->protoidx]) {
1009 case STATE_OPENED:
1010 sppp_cp_change_state(cp, sp, rv?
1011 STATE_ACK_SENT: STATE_REQ_SENT);
1012 (cp->tld)(sp);
1013 (cp->scr)(sp);
1014 break;
1015 case STATE_ACK_SENT:
1016 case STATE_REQ_SENT:
1017 sppp_cp_change_state(cp, sp, rv?
1018 STATE_ACK_SENT: STATE_REQ_SENT);
1019 break;
1020 case STATE_STOPPED:
1021 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1022 sppp_cp_change_state(cp, sp, rv?
1023 STATE_ACK_SENT: STATE_REQ_SENT);
1024 (cp->scr)(sp);
1025 break;
1026 case STATE_ACK_RCVD:
1027 if (rv) {
1028 sppp_cp_change_state(cp, sp, STATE_OPENED);
1029 if (debug)
1030 log(LOG_DEBUG, SPP_FMT "%s tlu\n",
1031 SPP_ARGS(ifp),
1032 cp->name);
1033 (cp->tlu)(sp);
1034 } else
1035 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1036 break;
1037 default:
1038 /* printf(SPP_FMT "%s illegal %s in state %s\n",
1039 SPP_ARGS(ifp), cp->name,
1040 sppp_cp_type_name(h->type),
1041 sppp_state_name(sp->state[cp->protoidx])); */
1042 ++ifp->if_ierrors;
1043 }
1044 break;
1045 case CONF_ACK:
1046 if (h->ident != sp->confid[cp->protoidx]) {
1047 if (debug)
1048 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n",
1049 SPP_ARGS(ifp), cp->name,
1050 h->ident, sp->confid[cp->protoidx]);
1051 ++ifp->if_ierrors;
1052 break;
1053 }
1054 switch (sp->state[cp->protoidx]) {
1055 case STATE_CLOSED:
1056 case STATE_STOPPED:
1057 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1058 break;
1059 case STATE_CLOSING:
1060 case STATE_STOPPING:
1061 break;
1062 case STATE_REQ_SENT:
1063 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1064 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1065 break;
1066 case STATE_OPENED:
1067 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1068 (cp->tld)(sp);
1069 (cp->scr)(sp);
1070 break;
1071 case STATE_ACK_RCVD:
1072 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1073 (cp->scr)(sp);
1074 break;
1075 case STATE_ACK_SENT:
1076 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1077 sppp_cp_change_state(cp, sp, STATE_OPENED);
1078 if (debug)
1079 log(LOG_DEBUG, SPP_FMT "%s tlu\n",
1080 SPP_ARGS(ifp), cp->name);
1081 (cp->tlu)(sp);
1082 break;
1083 default:
1084 /* printf(SPP_FMT "%s illegal %s in state %s\n",
1085 SPP_ARGS(ifp), cp->name,
1086 sppp_cp_type_name(h->type),
1087 sppp_state_name(sp->state[cp->protoidx])); */
1088 ++ifp->if_ierrors;
1089 }
1090 break;
1091 case CONF_NAK:
1092 case CONF_REJ:
1093 if (h->ident != sp->confid[cp->protoidx]) {
1094 if (debug)
1095 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n",
1096 SPP_ARGS(ifp), cp->name,
1097 h->ident, sp->confid[cp->protoidx]);
1098 ++ifp->if_ierrors;
1099 break;
1100 }
1101 if (h->type == CONF_NAK)
1102 (cp->RCN_nak)(sp, h, len);
1103 else /* CONF_REJ */
1104 (cp->RCN_rej)(sp, h, len);
1105
1106 switch (sp->state[cp->protoidx]) {
1107 case STATE_CLOSED:
1108 case STATE_STOPPED:
1109 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1110 break;
1111 case STATE_REQ_SENT:
1112 case STATE_ACK_SENT:
1113 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1114 (cp->scr)(sp);
1115 break;
1116 case STATE_OPENED:
1117 sppp_cp_change_state(cp, sp, STATE_ACK_SENT);
1118 (cp->tld)(sp);
1119 (cp->scr)(sp);
1120 break;
1121 case STATE_ACK_RCVD:
1122 sppp_cp_change_state(cp, sp, STATE_ACK_SENT);
1123 (cp->scr)(sp);
1124 break;
1125 case STATE_CLOSING:
1126 case STATE_STOPPING:
1127 break;
1128 default:
1129 /* printf(SPP_FMT "%s illegal %s in state %s\n",
1130 SPP_ARGS(ifp), cp->name,
1131 sppp_cp_type_name(h->type),
1132 sppp_state_name(sp->state[cp->protoidx])); */
1133 ++ifp->if_ierrors;
1134 }
1135 break;
1136
1137 case TERM_REQ:
1138 switch (sp->state[cp->protoidx]) {
1139 case STATE_ACK_RCVD:
1140 case STATE_ACK_SENT:
1141 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1142 /* FALLTHROUGH */
1143 case STATE_CLOSED:
1144 case STATE_STOPPED:
1145 case STATE_CLOSING:
1146 case STATE_STOPPING:
1147 case STATE_REQ_SENT:
1148 sta:
1149 /* Send Terminate-Ack packet. */
1150 if (debug)
1151 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n",
1152 SPP_ARGS(ifp), cp->name);
1153 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1154 break;
1155 case STATE_OPENED:
1156 sp->rst_counter[cp->protoidx] = 0;
1157 sppp_cp_change_state(cp, sp, STATE_STOPPING);
1158 (cp->tld)(sp);
1159 goto sta;
1160 break;
1161 default:
1162 /* printf(SPP_FMT "%s illegal %s in state %s\n",
1163 SPP_ARGS(ifp), cp->name,
1164 sppp_cp_type_name(h->type),
1165 sppp_state_name(sp->state[cp->protoidx])); */
1166 ++ifp->if_ierrors;
1167 }
1168 break;
1169 case TERM_ACK:
1170 switch (sp->state[cp->protoidx]) {
1171 case STATE_CLOSED:
1172 case STATE_STOPPED:
1173 case STATE_REQ_SENT:
1174 case STATE_ACK_SENT:
1175 break;
1176 case STATE_CLOSING:
1177 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1178 (cp->tlf)(sp);
1179 break;
1180 case STATE_STOPPING:
1181 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1182 (cp->tlf)(sp);
1183 break;
1184 case STATE_ACK_RCVD:
1185 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1186 break;
1187 case STATE_OPENED:
1188 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1189 (cp->tld)(sp);
1190 (cp->scr)(sp);
1191 break;
1192 default:
1193 /* printf(SPP_FMT "%s illegal %s in state %s\n",
1194 SPP_ARGS(ifp), cp->name,
1195 sppp_cp_type_name(h->type),
1196 sppp_state_name(sp->state[cp->protoidx])); */
1197 ++ifp->if_ierrors;
1198 }
1199 break;
1200 case CODE_REJ:
1201 case PROTO_REJ:
1202 {
1203 int catastrophic = 0;
1204 const struct cp *upper = NULL;
1205 int i;
1206 u_int16_t proto;
1207
1208 if (len < 2) {
1209 if (debug)
1210 log(LOG_DEBUG, SPP_FMT "invalid proto-rej length\n",
1211 SPP_ARGS(ifp));
1212 ++ifp->if_ierrors;
1213 break;
1214 }
1215
1216 proto = ntohs(*((u_int16_t *)p));
1217 for (i = 0; i < IDX_COUNT; i++) {
1218 if (cps[i]->proto == proto) {
1219 upper = cps[i];
1220 break;
1221 }
1222 }
1223 if (upper == NULL)
1224 catastrophic++;
1225
1226 if (catastrophic || debug)
1227 log(catastrophic? LOG_INFO: LOG_DEBUG,
1228 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n",
1229 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+',
1230 sppp_cp_type_name(h->type), proto,
1231 upper ? upper->name : "unknown",
1232 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?");
1233
1234 /*
1235 * if we got RXJ+ against conf-req, the peer does not implement
1236 * this particular protocol type. terminate the protocol.
1237 */
1238 if (upper) {
1239 if (sp->state[upper->protoidx] == STATE_REQ_SENT) {
1240 upper->Close(sp);
1241 break;
1242 }
1243 }
1244
1245 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */
1246 switch (sp->state[cp->protoidx]) {
1247 case STATE_CLOSED:
1248 case STATE_STOPPED:
1249 case STATE_REQ_SENT:
1250 case STATE_ACK_SENT:
1251 case STATE_CLOSING:
1252 case STATE_STOPPING:
1253 case STATE_OPENED:
1254 break;
1255 case STATE_ACK_RCVD:
1256 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1257 break;
1258 default:
1259 /* printf(SPP_FMT "%s illegal %s in state %s\n",
1260 SPP_ARGS(ifp), cp->name,
1261 sppp_cp_type_name(h->type),
1262 sppp_state_name(sp->state[cp->protoidx])); */
1263 ++ifp->if_ierrors;
1264 }
1265 break;
1266 }
1267 case DISC_REQ:
1268 if (cp->proto != PPP_LCP)
1269 goto illegal;
1270 /* Discard the packet. */
1271 break;
1272 case ECHO_REQ:
1273 if (cp->proto != PPP_LCP)
1274 goto illegal;
1275 if (sp->state[cp->protoidx] != STATE_OPENED) {
1276 if (debug)
1277 addlog(SPP_FMT "lcp echo req but lcp closed\n",
1278 SPP_ARGS(ifp));
1279 ++ifp->if_ierrors;
1280 break;
1281 }
1282 if (len < 8) {
1283 if (debug)
1284 addlog(SPP_FMT "invalid lcp echo request "
1285 "packet length: %d bytes\n",
1286 SPP_ARGS(ifp), len);
1287 break;
1288 }
1289
1290 nmagic = (u_long)p[0] << 24 |
1291 (u_long)p[1] << 16 | p[2] << 8 | p[3];
1292
1293 if (nmagic == sp->lcp.magic) {
1294 /* Line loopback mode detected. */
1295 log(LOG_INFO, SPP_FMT "loopback\n", SPP_ARGS(ifp));
1296 /* Shut down the PPP link. */
1297 lcp.Close(sp);
1298 break;
1299 }
1300
1301 p[0] = sp->lcp.magic >> 24;
1302 p[1] = sp->lcp.magic >> 16;
1303 p[2] = sp->lcp.magic >> 8;
1304 p[3] = sp->lcp.magic;
1305
1306 if (debug)
1307 addlog(SPP_FMT "got lcp echo req, sending echo rep\n",
1308 SPP_ARGS(ifp));
1309 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1);
1310 break;
1311 case ECHO_REPLY:
1312 if (cp->proto != PPP_LCP)
1313 goto illegal;
1314 if (h->ident != sp->lcp.echoid) {
1315 ++ifp->if_ierrors;
1316 break;
1317 }
1318 if (len < 8) {
1319 if (debug)
1320 addlog(SPP_FMT "lcp invalid echo reply "
1321 "packet length: %d bytes\n",
1322 SPP_ARGS(ifp), len);
1323 break;
1324 }
1325 if (debug)
1326 addlog(SPP_FMT "lcp got echo rep\n",
1327 SPP_ARGS(ifp));
1328
1329 nmagic = (u_long)p[0] << 24 |
1330 (u_long)p[1] << 16 | p[2] << 8 | p[3];
1331
1332 if (nmagic != sp->lcp.magic)
1333 sp->pp_alivecnt = 0;
1334 break;
1335 default:
1336 /* Unknown packet type -- send Code-Reject packet. */
1337 illegal:
1338 if (debug)
1339 addlog(SPP_FMT "%s send code-rej for 0x%x\n",
1340 SPP_ARGS(ifp), cp->name, h->type);
1341 sppp_cp_send(sp, cp->proto, CODE_REJ, ++sp->pp_seq,
1342 m->m_pkthdr.len, h);
1343 ++ifp->if_ierrors;
1344 }
1345 }
1346
1347
1348 /*
1349 * The generic part of all Up/Down/Open/Close/TO event handlers.
1350 * Basically, the state transition handling in the automaton.
1351 */
1352 void
1353 sppp_up_event(const struct cp *cp, struct sppp *sp)
1354 {
1355 STDDCL;
1356
1357 if (debug)
1358 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n",
1359 SPP_ARGS(ifp), cp->name,
1360 sppp_state_name(sp->state[cp->protoidx]));
1361
1362 switch (sp->state[cp->protoidx]) {
1363 case STATE_INITIAL:
1364 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1365 break;
1366 case STATE_STARTING:
1367 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1368 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1369 (cp->scr)(sp);
1370 break;
1371 default:
1372 /* printf(SPP_FMT "%s illegal up in state %s\n",
1373 SPP_ARGS(ifp), cp->name,
1374 sppp_state_name(sp->state[cp->protoidx])); */
1375 break;
1376 }
1377 }
1378
1379 void
1380 sppp_down_event(const struct cp *cp, struct sppp *sp)
1381 {
1382 STDDCL;
1383
1384 if (debug)
1385 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n",
1386 SPP_ARGS(ifp), cp->name,
1387 sppp_state_name(sp->state[cp->protoidx]));
1388
1389 switch (sp->state[cp->protoidx]) {
1390 case STATE_CLOSED:
1391 case STATE_CLOSING:
1392 sppp_cp_change_state(cp, sp, STATE_INITIAL);
1393 break;
1394 case STATE_STOPPED:
1395 sppp_cp_change_state(cp, sp, STATE_STARTING);
1396 (cp->tls)(sp);
1397 break;
1398 case STATE_STOPPING:
1399 case STATE_REQ_SENT:
1400 case STATE_ACK_RCVD:
1401 case STATE_ACK_SENT:
1402 sppp_cp_change_state(cp, sp, STATE_STARTING);
1403 break;
1404 case STATE_OPENED:
1405 sppp_cp_change_state(cp, sp, STATE_STARTING);
1406 (cp->tld)(sp);
1407 break;
1408 default:
1409 /* printf(SPP_FMT "%s illegal down in state %s\n",
1410 SPP_ARGS(ifp), cp->name,
1411 sppp_state_name(sp->state[cp->protoidx])); */
1412 break;
1413 }
1414 }
1415
1416
1417 void
1418 sppp_open_event(const struct cp *cp, struct sppp *sp)
1419 {
1420 STDDCL;
1421
1422 if (debug)
1423 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n",
1424 SPP_ARGS(ifp), cp->name,
1425 sppp_state_name(sp->state[cp->protoidx]));
1426
1427 switch (sp->state[cp->protoidx]) {
1428 case STATE_INITIAL:
1429 sppp_cp_change_state(cp, sp, STATE_STARTING);
1430 (cp->tls)(sp);
1431 break;
1432 case STATE_STARTING:
1433 break;
1434 case STATE_CLOSED:
1435 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1436 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1437 (cp->scr)(sp);
1438 break;
1439 case STATE_STOPPED:
1440 case STATE_STOPPING:
1441 case STATE_REQ_SENT:
1442 case STATE_ACK_RCVD:
1443 case STATE_ACK_SENT:
1444 case STATE_OPENED:
1445 break;
1446 case STATE_CLOSING:
1447 sppp_cp_change_state(cp, sp, STATE_STOPPING);
1448 break;
1449 }
1450 }
1451
1452
1453 void
1454 sppp_close_event(const struct cp *cp, struct sppp *sp)
1455 {
1456 STDDCL;
1457
1458 if (debug)
1459 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n",
1460 SPP_ARGS(ifp), cp->name,
1461 sppp_state_name(sp->state[cp->protoidx]));
1462
1463 switch (sp->state[cp->protoidx]) {
1464 case STATE_INITIAL:
1465 case STATE_CLOSED:
1466 case STATE_CLOSING:
1467 break;
1468 case STATE_STARTING:
1469 sppp_cp_change_state(cp, sp, STATE_INITIAL);
1470 (cp->tlf)(sp);
1471 break;
1472 case STATE_STOPPED:
1473 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1474 break;
1475 case STATE_STOPPING:
1476 sppp_cp_change_state(cp, sp, STATE_CLOSING);
1477 break;
1478 case STATE_OPENED:
1479 sppp_cp_change_state(cp, sp, STATE_CLOSING);
1480 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate;
1481 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0);
1482 (cp->tld)(sp);
1483 break;
1484 case STATE_REQ_SENT:
1485 case STATE_ACK_RCVD:
1486 case STATE_ACK_SENT:
1487 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate;
1488 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0);
1489 sppp_cp_change_state(cp, sp, STATE_CLOSING);
1490 break;
1491 }
1492 }
1493
1494 void
1495 sppp_increasing_timeout (const struct cp *cp, struct sppp *sp)
1496 {
1497 int timo;
1498
1499 timo = sp->lcp.max_configure - sp->rst_counter[cp->protoidx];
1500 if (timo < 1)
1501 timo = 1;
1502 timeout_add(&sp->ch[cp->protoidx], timo * sp->lcp.timeout);
1503 }
1504
1505 void
1506 sppp_to_event(const struct cp *cp, struct sppp *sp)
1507 {
1508 STDDCL;
1509 int s;
1510
1511 s = splnet();
1512 if (debug)
1513 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n",
1514 SPP_ARGS(ifp), cp->name,
1515 sppp_state_name(sp->state[cp->protoidx]),
1516 sp->rst_counter[cp->protoidx]);
1517
1518 if (--sp->rst_counter[cp->protoidx] < 0)
1519 /* TO- event */
1520 switch (sp->state[cp->protoidx]) {
1521 case STATE_CLOSING:
1522 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1523 (cp->tlf)(sp);
1524 break;
1525 case STATE_STOPPING:
1526 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1527 (cp->tlf)(sp);
1528 break;
1529 case STATE_REQ_SENT:
1530 case STATE_ACK_RCVD:
1531 case STATE_ACK_SENT:
1532 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1533 (cp->tlf)(sp);
1534 break;
1535 }
1536 else
1537 /* TO+ event */
1538 switch (sp->state[cp->protoidx]) {
1539 case STATE_CLOSING:
1540 case STATE_STOPPING:
1541 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq,
1542 0, 0);
1543 sppp_increasing_timeout (cp, sp);
1544 break;
1545 case STATE_REQ_SENT:
1546 case STATE_ACK_RCVD:
1547 /* sppp_cp_change_state() will restart the timer */
1548 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1549 (cp->scr)(sp);
1550 break;
1551 case STATE_ACK_SENT:
1552 sppp_increasing_timeout (cp, sp);
1553 (cp->scr)(sp);
1554 break;
1555 }
1556
1557 splx(s);
1558 }
1559
1560 /*
1561 * Change the state of a control protocol in the state automaton.
1562 * Takes care of starting/stopping the restart timer.
1563 */
1564 void
1565 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate)
1566 {
1567 STDDCL;
1568
1569 if (debug && sp->state[cp->protoidx] != newstate)
1570 log(LOG_DEBUG, SPP_FMT "%s %s->%s\n",
1571 SPP_ARGS(ifp), cp->name,
1572 sppp_state_name(sp->state[cp->protoidx]),
1573 sppp_state_name(newstate));
1574 sp->state[cp->protoidx] = newstate;
1575
1576 switch (newstate) {
1577 case STATE_INITIAL:
1578 case STATE_STARTING:
1579 case STATE_CLOSED:
1580 case STATE_STOPPED:
1581 case STATE_OPENED:
1582 UNTIMEOUT(cp->TO, (void *)sp, sp->ch[cp->protoidx]);
1583 break;
1584 case STATE_CLOSING:
1585 case STATE_STOPPING:
1586 case STATE_REQ_SENT:
1587 case STATE_ACK_RCVD:
1588 case STATE_ACK_SENT:
1589 if (!timeout_pending(&sp->ch[cp->protoidx]))
1590 sppp_increasing_timeout (cp, sp);
1591 break;
1592 }
1593 }
1594 �/*
1595 *--------------------------------------------------------------------------*
1596 * *
1597 * The LCP implementation. *
1598 * *
1599 *--------------------------------------------------------------------------*
1600 */
1601 void
1602 sppp_lcp_init(struct sppp *sp)
1603 {
1604 sp->lcp.opts = (1 << LCP_OPT_MAGIC);
1605 sp->lcp.magic = 0;
1606 sp->state[IDX_LCP] = STATE_INITIAL;
1607 sp->fail_counter[IDX_LCP] = 0;
1608 sp->lcp.protos = 0;
1609 sp->lcp.mru = sp->pp_if.if_mtu;
1610 sp->lcp.their_mru = 0;
1611
1612 /*
1613 * Initialize counters and timeout values. Note that we don't
1614 * use the 3 seconds suggested in RFC 1661 since we are likely
1615 * running on a fast link. XXX We should probably implement
1616 * the exponential backoff option. Note that these values are
1617 * relevant for all control protocols, not just LCP only.
1618 */
1619 sp->lcp.timeout = 1 * hz;
1620 sp->lcp.max_terminate = 2;
1621 sp->lcp.max_configure = 10;
1622 sp->lcp.max_failure = 10;
1623 }
1624
1625 void
1626 sppp_lcp_up(struct sppp *sp)
1627 {
1628 STDDCL;
1629 struct timeval tv;
1630
1631 sp->pp_alivecnt = 0;
1632 sp->lcp.opts = (1 << LCP_OPT_MAGIC);
1633 sp->lcp.magic = 0;
1634 sp->lcp.protos = 0;
1635 if (sp->pp_if.if_mtu != PP_MTU) {
1636 sp->lcp.mru = sp->pp_if.if_mtu;
1637 sp->lcp.opts |= (1 << LCP_OPT_MRU);
1638 } else
1639 sp->lcp.mru = PP_MTU;
1640 sp->lcp.their_mru = PP_MTU;
1641
1642 getmicrouptime(&tv);
1643 sp->pp_last_receive = sp->pp_last_activity = tv.tv_sec;
1644
1645 /*
1646 * If this interface is passive or dial-on-demand, and we are
1647 * still in Initial state, it means we've got an incoming
1648 * call. Activate the interface.
1649 */
1650 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) {
1651 if (debug)
1652 log(LOG_DEBUG,
1653 SPP_FMT "Up event", SPP_ARGS(ifp));
1654 ifp->if_flags |= IFF_RUNNING;
1655 if (sp->state[IDX_LCP] == STATE_INITIAL) {
1656 if (debug)
1657 addlog("(incoming call)\n");
1658 sp->pp_flags |= PP_CALLIN;
1659 lcp.Open(sp);
1660 } else if (debug)
1661 addlog("\n");
1662 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 &&
1663 (sp->state[IDX_LCP] == STATE_INITIAL)) {
1664 ifp->if_flags |= IFF_RUNNING;
1665 lcp.Open(sp);
1666 }
1667
1668 sppp_up_event(&lcp, sp);
1669 }
1670
1671 void
1672 sppp_lcp_down(struct sppp *sp)
1673 {
1674 STDDCL;
1675
1676 sppp_down_event(&lcp, sp);
1677
1678 /*
1679 * If this is neither a dial-on-demand nor a passive
1680 * interface, simulate an ``ifconfig down'' action, so the
1681 * administrator can force a redial by another ``ifconfig
1682 * up''. XXX For leased line operation, should we immediately
1683 * try to reopen the connection here?
1684 */
1685 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) {
1686 if (debug)
1687 log(LOG_DEBUG, SPP_FMT "Down event (carrier loss), "
1688 "taking interface down.", SPP_ARGS(ifp));
1689 if_down(ifp);
1690 } else {
1691 if (debug)
1692 log(LOG_DEBUG, SPP_FMT "Down event (carrier loss)\n",
1693 SPP_ARGS(ifp));
1694 }
1695
1696 if (sp->state[IDX_LCP] != STATE_INITIAL)
1697 lcp.Close(sp);
1698 sp->lcp.their_mru = 0;
1699 sp->pp_flags &= ~PP_CALLIN;
1700 ifp->if_flags &= ~IFF_RUNNING;
1701 sppp_flush(ifp);
1702 }
1703
1704 void
1705 sppp_lcp_open(struct sppp *sp)
1706 {
1707 /*
1708 * If we are authenticator, negotiate LCP_AUTH
1709 */
1710 if (sp->hisauth.proto != 0)
1711 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO);
1712 else
1713 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
1714 sp->pp_flags &= ~PP_NEEDAUTH;
1715 sppp_open_event(&lcp, sp);
1716 }
1717
1718 void
1719 sppp_lcp_close(struct sppp *sp)
1720 {
1721 sppp_close_event(&lcp, sp);
1722 }
1723
1724 void
1725 sppp_lcp_TO(void *cookie)
1726 {
1727 sppp_to_event(&lcp, (struct sppp *)cookie);
1728 }
1729
1730 /*
1731 * Analyze a configure request. Return true if it was agreeable, and
1732 * caused action sca, false if it has been rejected or nak'ed, and
1733 * caused action scn. (The return value is used to make the state
1734 * transition decision in the state automaton.)
1735 */
1736 int
1737 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
1738 {
1739 STDDCL;
1740 u_char *buf, *r, *p;
1741 int origlen, rlen;
1742 u_long nmagic;
1743 u_short authproto;
1744
1745 len -= 4;
1746 origlen = len;
1747 buf = r = malloc (len, M_TEMP, M_NOWAIT);
1748 if (! buf)
1749 return (0);
1750
1751 if (debug)
1752 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ",
1753 SPP_ARGS(ifp));
1754
1755 /* pass 1: check for things that need to be rejected */
1756 p = (void*) (h+1);
1757 for (rlen = 0; len > 1; len -= p[1], p += p[1]) {
1758 if (p[1] < 2 || p[1] > len) {
1759 free(buf, M_TEMP, 0);
1760 return (-1);
1761 }
1762 if (debug)
1763 addlog("%s ", sppp_lcp_opt_name(*p));
1764 switch (*p) {
1765 case LCP_OPT_MAGIC:
1766 /* Magic number. */
1767 /* FALLTHROUGH, both are same length */
1768 case LCP_OPT_ASYNC_MAP:
1769 /* Async control character map. */
1770 if (len >= 6 && p[1] == 6)
1771 continue;
1772 if (debug)
1773 addlog("[invalid] ");
1774 break;
1775 case LCP_OPT_MRU:
1776 /* Maximum receive unit. */
1777 if (len >= 4 && p[1] == 4)
1778 continue;
1779 if (debug)
1780 addlog("[invalid] ");
1781 break;
1782 case LCP_OPT_AUTH_PROTO:
1783 if (len < 4) {
1784 if (debug)
1785 addlog("[invalid] ");
1786 break;
1787 }
1788 authproto = (p[2] << 8) + p[3];
1789 if (authproto == PPP_CHAP && p[1] != 5) {
1790 if (debug)
1791 addlog("[invalid chap len] ");
1792 break;
1793 }
1794 if (sp->myauth.proto == 0) {
1795 /* we are not configured to do auth */
1796 if (debug)
1797 addlog("[not configured] ");
1798 break;
1799 }
1800 /*
1801 * Remote want us to authenticate, remember this,
1802 * so we stay in PHASE_AUTHENTICATE after LCP got
1803 * up.
1804 */
1805 sp->pp_flags |= PP_NEEDAUTH;
1806 continue;
1807 default:
1808 /* Others not supported. */
1809 if (debug)
1810 addlog("[rej] ");
1811 break;
1812 }
1813 /* Add the option to rejected list. */
1814 bcopy (p, r, p[1]);
1815 r += p[1];
1816 rlen += p[1];
1817 }
1818 if (rlen) {
1819 if (debug)
1820 addlog(" send conf-rej\n");
1821 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
1822 goto end;
1823 } else if (debug)
1824 addlog("\n");
1825
1826 /*
1827 * pass 2: check for option values that are unacceptable and
1828 * thus require to be nak'ed.
1829 */
1830 if (debug)
1831 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ",
1832 SPP_ARGS(ifp));
1833
1834 p = (void*) (h+1);
1835 len = origlen;
1836 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
1837 if (debug)
1838 addlog("%s ", sppp_lcp_opt_name(*p));
1839 switch (*p) {
1840 case LCP_OPT_MAGIC:
1841 /* Magic number -- extract. */
1842 nmagic = (u_long)p[2] << 24 |
1843 (u_long)p[3] << 16 | p[4] << 8 | p[5];
1844 if (nmagic != sp->lcp.magic) {
1845 if (debug)
1846 addlog("0x%lx ", nmagic);
1847 continue;
1848 }
1849 if (debug)
1850 addlog("[glitch] ");
1851 ++sp->pp_loopcnt;
1852 /*
1853 * We negate our magic here, and NAK it. If
1854 * we see it later in an NAK packet, we
1855 * suggest a new one.
1856 */
1857 nmagic = ~sp->lcp.magic;
1858 /* Gonna NAK it. */
1859 p[2] = nmagic >> 24;
1860 p[3] = nmagic >> 16;
1861 p[4] = nmagic >> 8;
1862 p[5] = nmagic;
1863 break;
1864
1865 case LCP_OPT_ASYNC_MAP:
1866 /* Async control character map -- check to be zero. */
1867 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) {
1868 if (debug)
1869 addlog("[empty] ");
1870 continue;
1871 }
1872 if (debug)
1873 addlog("[non-empty] ");
1874 /* suggest a zero one */
1875 p[2] = p[3] = p[4] = p[5] = 0;
1876 break;
1877
1878 case LCP_OPT_MRU:
1879 /*
1880 * Maximum receive unit. Always agreeable,
1881 * but ignored by now.
1882 */
1883 sp->lcp.their_mru = p[2] * 256 + p[3];
1884 if (debug)
1885 addlog("%lu ", sp->lcp.their_mru);
1886 continue;
1887
1888 case LCP_OPT_AUTH_PROTO:
1889 authproto = (p[2] << 8) + p[3];
1890 if (sp->myauth.proto != authproto) {
1891 /* not agreed, nak */
1892 if (debug)
1893 addlog("[mine %s != his %s] ",
1894 sppp_proto_name(sp->hisauth.proto),
1895 sppp_proto_name(authproto));
1896 p[2] = sp->myauth.proto >> 8;
1897 p[3] = sp->myauth.proto;
1898 break;
1899 }
1900 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) {
1901 if (debug)
1902 addlog("[chap not MD5] ");
1903 p[4] = CHAP_MD5;
1904 break;
1905 }
1906 continue;
1907 }
1908 /* Add the option to nak'ed list. */
1909 bcopy (p, r, p[1]);
1910 r += p[1];
1911 rlen += p[1];
1912 }
1913 if (rlen) {
1914 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) {
1915 if (debug)
1916 addlog(" max_failure (%d) exceeded, "
1917 "send conf-rej\n",
1918 sp->lcp.max_failure);
1919 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
1920 } else {
1921 if (debug)
1922 addlog(" send conf-nak\n");
1923 sppp_cp_send(sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf);
1924 }
1925 goto end;
1926 } else {
1927 if (debug)
1928 addlog("send conf-ack\n");
1929 sp->fail_counter[IDX_LCP] = 0;
1930 sp->pp_loopcnt = 0;
1931 sppp_cp_send (sp, PPP_LCP, CONF_ACK,
1932 h->ident, origlen, h+1);
1933 }
1934
1935 end:
1936 free(buf, M_TEMP, 0);
1937 return (rlen == 0);
1938 }
1939
1940 /*
1941 * Analyze the LCP Configure-Reject option list, and adjust our
1942 * negotiation.
1943 */
1944 void
1945 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
1946 {
1947 STDDCL;
1948 u_char *p;
1949
1950 len -= 4;
1951
1952 if (debug)
1953 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ",
1954 SPP_ARGS(ifp));
1955
1956 p = (void*) (h+1);
1957 for (; len > 1; len -= p[1], p += p[1]) {
1958 if (p[1] < 2 || p[1] > len)
1959 return;
1960 if (debug)
1961 addlog("%s ", sppp_lcp_opt_name(*p));
1962 switch (*p) {
1963 case LCP_OPT_MAGIC:
1964 /* Magic number -- can't use it, use 0 */
1965 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC);
1966 sp->lcp.magic = 0;
1967 break;
1968 case LCP_OPT_MRU:
1969 /*
1970 * Should not be rejected anyway, since we only
1971 * negotiate a MRU if explicitly requested by
1972 * peer.
1973 */
1974 sp->lcp.opts &= ~(1 << LCP_OPT_MRU);
1975 break;
1976 case LCP_OPT_AUTH_PROTO:
1977 /*
1978 * Peer doesn't want to authenticate himself,
1979 * deny unless this is a dialout call, and
1980 * AUTHFLAG_NOCALLOUT is set.
1981 */
1982 if ((sp->pp_flags & PP_CALLIN) == 0 &&
1983 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) {
1984 if (debug)
1985 addlog("[don't insist on auth "
1986 "for callout]");
1987 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
1988 break;
1989 }
1990 if (debug)
1991 addlog("[access denied]\n");
1992 lcp.Close(sp);
1993 break;
1994 }
1995 }
1996 if (debug)
1997 addlog("\n");
1998 }
1999
2000 /*
2001 * Analyze the LCP Configure-NAK option list, and adjust our
2002 * negotiation.
2003 */
2004 void
2005 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
2006 {
2007 STDDCL;
2008 u_char *p;
2009 u_long magic;
2010
2011 len -= 4;
2012
2013 if (debug)
2014 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ",
2015 SPP_ARGS(ifp));
2016
2017 p = (void*) (h+1);
2018 for (; len > 1; len -= p[1], p += p[1]) {
2019 if (p[1] < 2 || p[1] > len)
2020 return;
2021 if (debug)
2022 addlog("%s ", sppp_lcp_opt_name(*p));
2023 switch (*p) {
2024 case LCP_OPT_MAGIC:
2025 /* Magic number -- renegotiate */
2026 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) &&
2027 len >= 6 && p[1] == 6) {
2028 magic = (u_long)p[2] << 24 |
2029 (u_long)p[3] << 16 | p[4] << 8 | p[5];
2030 /*
2031 * If the remote magic is our negated one,
2032 * this looks like a loopback problem.
2033 * Suggest a new magic to make sure.
2034 */
2035 if (magic == ~sp->lcp.magic) {
2036 if (debug)
2037 addlog("magic glitch ");
2038 sp->lcp.magic = arc4random();
2039 } else {
2040 sp->lcp.magic = magic;
2041 if (debug)
2042 addlog("%lu ", magic);
2043 }
2044 }
2045 break;
2046 case LCP_OPT_MRU:
2047 /*
2048 * Peer wants to advise us to negotiate an MRU.
2049 * Agree on it if it's reasonable, or use
2050 * default otherwise.
2051 */
2052 if (len >= 4 && p[1] == 4) {
2053 u_int mru = p[2] * 256 + p[3];
2054 if (debug)
2055 addlog("%d ", mru);
2056 if (mru < PP_MIN_MRU)
2057 mru = PP_MIN_MRU;
2058 if (mru > PP_MAX_MRU)
2059 mru = PP_MAX_MRU;
2060 sp->lcp.mru = mru;
2061 sp->lcp.opts |= (1 << LCP_OPT_MRU);
2062 }
2063 break;
2064 case LCP_OPT_AUTH_PROTO:
2065 /*
2066 * Peer doesn't like our authentication method,
2067 * deny.
2068 */
2069 if (debug)
2070 addlog("[access denied]\n");
2071 lcp.Close(sp);
2072 break;
2073 }
2074 }
2075 if (debug)
2076 addlog("\n");
2077 }
2078
2079 void
2080 sppp_lcp_tlu(struct sppp *sp)
2081 {
2082 struct ifnet *ifp = &sp->pp_if;
2083 int i;
2084 u_long mask;
2085
2086 /* XXX ? */
2087 if (! (ifp->if_flags & IFF_UP) &&
2088 (ifp->if_flags & IFF_RUNNING)) {
2089 /* Coming out of loopback mode. */
2090 if_up(ifp);
2091 if (ifp->if_flags & IFF_DEBUG)
2092 log(LOG_INFO, SPP_FMT "up\n", SPP_ARGS(ifp));
2093 }
2094
2095 for (i = 0; i < IDX_COUNT; i++)
2096 if ((cps[i])->flags & CP_QUAL)
2097 (cps[i])->Open(sp);
2098
2099 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 ||
2100 (sp->pp_flags & PP_NEEDAUTH) != 0)
2101 sp->pp_phase = PHASE_AUTHENTICATE;
2102 else
2103 sp->pp_phase = PHASE_NETWORK;
2104
2105 sppp_set_phase(sp);
2106
2107 /*
2108 * Open all authentication protocols. This is even required
2109 * if we already proceeded to network phase, since it might be
2110 * that remote wants us to authenticate, so we might have to
2111 * send a PAP request. Undesired authentication protocols
2112 * don't do anything when they get an Open event.
2113 */
2114 for (i = 0; i < IDX_COUNT; i++)
2115 if ((cps[i])->flags & CP_AUTH)
2116 (cps[i])->Open(sp);
2117
2118 if (sp->pp_phase == PHASE_NETWORK) {
2119 /* Notify all NCPs. */
2120 for (i = 0; i < IDX_COUNT; i++)
2121 if ((cps[i])->flags & CP_NCP)
2122 (cps[i])->Open(sp);
2123 }
2124
2125 /* Send Up events to all started protos. */
2126 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2127 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0)
2128 (cps[i])->Up(sp);
2129
2130 /* notify low-level driver of state change */
2131 if (sp->pp_chg)
2132 sp->pp_chg(sp, (int)sp->pp_phase);
2133
2134 if (sp->pp_phase == PHASE_NETWORK)
2135 /* if no NCP is starting, close down */
2136 sppp_lcp_check_and_close(sp);
2137 }
2138
2139 void
2140 sppp_lcp_tld(struct sppp *sp)
2141 {
2142 int i;
2143 u_long mask;
2144
2145 sp->pp_phase = PHASE_TERMINATE;
2146
2147 sppp_set_phase(sp);
2148
2149 /*
2150 * Take upper layers down. We send the Down event first and
2151 * the Close second to prevent the upper layers from sending
2152 * ``a flurry of terminate-request packets'', as the RFC
2153 * describes it.
2154 */
2155 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2156 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) {
2157 (cps[i])->Down(sp);
2158 (cps[i])->Close(sp);
2159 }
2160 }
2161
2162 void
2163 sppp_lcp_tls(struct sppp *sp)
2164 {
2165 sp->pp_phase = PHASE_ESTABLISH;
2166
2167 sppp_set_phase(sp);
2168
2169 /* Notify lower layer if desired. */
2170 if (sp->pp_tls)
2171 (sp->pp_tls)(sp);
2172 }
2173
2174 void
2175 sppp_lcp_tlf(struct sppp *sp)
2176 {
2177 sp->pp_phase = PHASE_DEAD;
2178 sppp_set_phase(sp);
2179
2180 /* Notify lower layer if desired. */
2181 if (sp->pp_tlf)
2182 (sp->pp_tlf)(sp);
2183 }
2184
2185 void
2186 sppp_lcp_scr(struct sppp *sp)
2187 {
2188 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */];
2189 int i = 0;
2190 u_short authproto;
2191
2192 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) {
2193 if (! sp->lcp.magic)
2194 sp->lcp.magic = arc4random();
2195 opt[i++] = LCP_OPT_MAGIC;
2196 opt[i++] = 6;
2197 opt[i++] = sp->lcp.magic >> 24;
2198 opt[i++] = sp->lcp.magic >> 16;
2199 opt[i++] = sp->lcp.magic >> 8;
2200 opt[i++] = sp->lcp.magic;
2201 }
2202
2203 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) {
2204 opt[i++] = LCP_OPT_MRU;
2205 opt[i++] = 4;
2206 opt[i++] = sp->lcp.mru >> 8;
2207 opt[i++] = sp->lcp.mru;
2208 }
2209
2210 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) {
2211 authproto = sp->hisauth.proto;
2212 opt[i++] = LCP_OPT_AUTH_PROTO;
2213 opt[i++] = authproto == PPP_CHAP? 5: 4;
2214 opt[i++] = authproto >> 8;
2215 opt[i++] = authproto;
2216 if (authproto == PPP_CHAP)
2217 opt[i++] = CHAP_MD5;
2218 }
2219
2220 sp->confid[IDX_LCP] = ++sp->pp_seq;
2221 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, opt);
2222 }
2223
2224 /*
2225 * Check the open NCPs, return true if at least one NCP is open.
2226 */
2227 int
2228 sppp_ncp_check(struct sppp *sp)
2229 {
2230 int i, mask;
2231
2232 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2233 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP)
2234 return 1;
2235 return 0;
2236 }
2237
2238 /*
2239 * Re-check the open NCPs and see if we should terminate the link.
2240 * Called by the NCPs during their tlf action handling.
2241 */
2242 void
2243 sppp_lcp_check_and_close(struct sppp *sp)
2244 {
2245
2246 if (sp->pp_phase < PHASE_NETWORK)
2247 /* don't bother, we are already going down */
2248 return;
2249
2250 if (sppp_ncp_check(sp))
2251 return;
2252
2253 lcp.Close(sp);
2254 }
2255 �/*
2256 *--------------------------------------------------------------------------*
2257 * *
2258 * The IPCP implementation. *
2259 * *
2260 *--------------------------------------------------------------------------*
2261 */
2262
2263 void
2264 sppp_ipcp_init(struct sppp *sp)
2265 {
2266 sp->ipcp.opts = 0;
2267 sp->ipcp.flags = 0;
2268 sp->state[IDX_IPCP] = STATE_INITIAL;
2269 sp->fail_counter[IDX_IPCP] = 0;
2270 task_set(&sp->ipcp.set_addr_task, sppp_set_ip_addrs, sp);
2271 task_set(&sp->ipcp.clear_addr_task, sppp_clear_ip_addrs, sp);
2272 }
2273
2274 void
2275 sppp_ipcp_destroy(struct sppp *sp)
2276 {
2277 task_del(systq, &sp->ipcp.set_addr_task);
2278 task_del(systq, &sp->ipcp.clear_addr_task);
2279 }
2280
2281 void
2282 sppp_ipcp_up(struct sppp *sp)
2283 {
2284 sppp_up_event(&ipcp, sp);
2285 }
2286
2287 void
2288 sppp_ipcp_down(struct sppp *sp)
2289 {
2290 sppp_down_event(&ipcp, sp);
2291 }
2292
2293 void
2294 sppp_ipcp_open(struct sppp *sp)
2295 {
2296 sppp_open_event(&ipcp, sp);
2297 }
2298
2299 void
2300 sppp_ipcp_close(struct sppp *sp)
2301 {
2302 sppp_close_event(&ipcp, sp);
2303 }
2304
2305 void
2306 sppp_ipcp_TO(void *cookie)
2307 {
2308 sppp_to_event(&ipcp, (struct sppp *)cookie);
2309 }
2310
2311 /*
2312 * Analyze a configure request. Return true if it was agreeable, and
2313 * caused action sca, false if it has been rejected or nak'ed, and
2314 * caused action scn. (The return value is used to make the state
2315 * transition decision in the state automaton.)
2316 */
2317 int
2318 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
2319 {
2320 u_char *buf, *r, *p;
2321 struct ifnet *ifp = &sp->pp_if;
2322 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG;
2323 u_int32_t hisaddr, desiredaddr;
2324
2325 len -= 4;
2326 origlen = len;
2327 /*
2328 * Make sure to allocate a buf that can at least hold a
2329 * conf-nak with an `address' option. We might need it below.
2330 */
2331 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT);
2332 if (! buf)
2333 return (0);
2334
2335 /* pass 1: see if we can recognize them */
2336 if (debug)
2337 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ",
2338 SPP_ARGS(ifp));
2339 p = (void*) (h+1);
2340 for (rlen = 0; len > 1; len -= p[1], p += p[1]) {
2341 if (p[1] < 2 || p[1] > len) {
2342 free(buf, M_TEMP, 0);
2343 return (-1);
2344 }
2345 if (debug)
2346 addlog("%s ", sppp_ipcp_opt_name(*p));
2347 switch (*p) {
2348 #ifdef notyet
2349 case IPCP_OPT_COMPRESSION:
2350 if (len >= 6 && p[1] >= 6) {
2351 /* correctly formed compress option */
2352 continue;
2353 }
2354 if (debug)
2355 addlog("[invalid] ");
2356 break;
2357 #endif
2358 case IPCP_OPT_ADDRESS:
2359 if (len >= 6 && p[1] == 6) {
2360 /* correctly formed address option */
2361 continue;
2362 }
2363 if (debug)
2364 addlog("[invalid] ");
2365 break;
2366 default:
2367 /* Others not supported. */
2368 if (debug)
2369 addlog("[rej] ");
2370 break;
2371 }
2372 /* Add the option to rejected list. */
2373 bcopy (p, r, p[1]);
2374 r += p[1];
2375 rlen += p[1];
2376 }
2377 if (rlen) {
2378 if (debug)
2379 addlog(" send conf-rej\n");
2380 sppp_cp_send(sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf);
2381 goto end;
2382 } else if (debug)
2383 addlog("\n");
2384
2385 /* pass 2: parse option values */
2386 if (sp->ipcp.flags & IPCP_HISADDR_SEEN)
2387 hisaddr = sp->ipcp.req_hisaddr; /* we already agreed on that */
2388 else
2389 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */
2390 if (debug)
2391 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ",
2392 SPP_ARGS(ifp));
2393 p = (void*) (h+1);
2394 len = origlen;
2395 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2396 if (debug)
2397 addlog(" %s ", sppp_ipcp_opt_name(*p));
2398 switch (*p) {
2399 #ifdef notyet
2400 case IPCP_OPT_COMPRESSION:
2401 continue;
2402 #endif
2403 case IPCP_OPT_ADDRESS:
2404 desiredaddr = p[2] << 24 | p[3] << 16 |
2405 p[4] << 8 | p[5];
2406 if (desiredaddr == hisaddr ||
2407 ((sp->ipcp.flags & IPCP_HISADDR_DYN) &&
2408 desiredaddr != 0)) {
2409 /*
2410 * Peer's address is same as our value,
2411 * or we have set it to 0.0.0.1 to
2412 * indicate that we do not really care,
2413 * this is agreeable. Gonna conf-ack
2414 * it.
2415 */
2416 if (debug)
2417 addlog("%s [ack] ",
2418 sppp_dotted_quad(desiredaddr));
2419 /* record that we've seen it already */
2420 sp->ipcp.flags |= IPCP_HISADDR_SEEN;
2421 sp->ipcp.req_hisaddr = desiredaddr;
2422 hisaddr = desiredaddr;
2423 continue;
2424 }
2425 /*
2426 * The address wasn't agreeable. This is either
2427 * he sent us 0.0.0.0, asking to assign him an
2428 * address, or he send us another address not
2429 * matching our value. Either case, we gonna
2430 * conf-nak it with our value.
2431 */
2432 if (debug) {
2433 if (desiredaddr == 0)
2434 addlog("[addr requested] ");
2435 else
2436 addlog("%s [not agreed] ",
2437 sppp_dotted_quad(desiredaddr));
2438 }
2439
2440 p[2] = hisaddr >> 24;
2441 p[3] = hisaddr >> 16;
2442 p[4] = hisaddr >> 8;
2443 p[5] = hisaddr;
2444 break;
2445 }
2446 /* Add the option to nak'ed list. */
2447 bcopy (p, r, p[1]);
2448 r += p[1];
2449 rlen += p[1];
2450 }
2451
2452 /*
2453 * If we are about to conf-ack the request, but haven't seen
2454 * his address so far, gonna conf-nak it instead, with the
2455 * `address' option present and our idea of his address being
2456 * filled in there, to request negotiation of both addresses.
2457 *
2458 * XXX This can result in an endless req - nak loop if peer
2459 * doesn't want to send us his address. Q: What should we do
2460 * about it? XXX A: implement the max-failure counter.
2461 */
2462 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) {
2463 buf[0] = IPCP_OPT_ADDRESS;
2464 buf[1] = 6;
2465 buf[2] = hisaddr >> 24;
2466 buf[3] = hisaddr >> 16;
2467 buf[4] = hisaddr >> 8;
2468 buf[5] = hisaddr;
2469 rlen = 6;
2470 if (debug)
2471 addlog("still need hisaddr ");
2472 }
2473
2474 if (rlen) {
2475 if (debug)
2476 addlog(" send conf-nak\n");
2477 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf);
2478 } else {
2479 if (debug)
2480 addlog(" send conf-ack\n");
2481 sppp_cp_send (sp, PPP_IPCP, CONF_ACK,
2482 h->ident, origlen, h+1);
2483 }
2484
2485 end:
2486 free(buf, M_TEMP, 0);
2487 return (rlen == 0);
2488 }
2489
2490 /*
2491 * Analyze the IPCP Configure-Reject option list, and adjust our
2492 * negotiation.
2493 */
2494 void
2495 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
2496 {
2497 u_char *p;
2498 struct ifnet *ifp = &sp->pp_if;
2499 int debug = ifp->if_flags & IFF_DEBUG;
2500
2501 len -= 4;
2502
2503 if (debug)
2504 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ",
2505 SPP_ARGS(ifp));
2506
2507 p = (void*) (h+1);
2508 for (; len > 1; len -= p[1], p += p[1]) {
2509 if (p[1] < 2 || p[1] > len)
2510 return;
2511 if (debug)
2512 addlog("%s ", sppp_ipcp_opt_name(*p));
2513 switch (*p) {
2514 case IPCP_OPT_ADDRESS:
2515 /*
2516 * Peer doesn't grok address option. This is
2517 * bad. XXX Should we better give up here?
2518 */
2519 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS);
2520 break;
2521 #ifdef notyet
2522 case IPCP_OPT_COMPRESS:
2523 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS);
2524 break;
2525 #endif
2526 }
2527 }
2528 if (debug)
2529 addlog("\n");
2530 }
2531
2532 /*
2533 * Analyze the IPCP Configure-NAK option list, and adjust our
2534 * negotiation.
2535 */
2536 void
2537 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
2538 {
2539 u_char *p;
2540 struct ifnet *ifp = &sp->pp_if;
2541 int debug = ifp->if_flags & IFF_DEBUG;
2542 u_int32_t wantaddr;
2543
2544 len -= 4;
2545
2546 if (debug)
2547 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ",
2548 SPP_ARGS(ifp));
2549
2550 p = (void*) (h+1);
2551 for (; len > 1; len -= p[1], p += p[1]) {
2552 if (p[1] < 2 || p[1] > len)
2553 return;
2554 if (debug)
2555 addlog("%s ", sppp_ipcp_opt_name(*p));
2556 switch (*p) {
2557 case IPCP_OPT_ADDRESS:
2558 /*
2559 * Peer doesn't like our local IP address. See
2560 * if we can do something for him. We'll drop
2561 * him our address then.
2562 */
2563 if (len >= 6 && p[1] == 6) {
2564 wantaddr = p[2] << 24 | p[3] << 16 |
2565 p[4] << 8 | p[5];
2566 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
2567 if (debug)
2568 addlog("[wantaddr %s] ",
2569 sppp_dotted_quad(wantaddr));
2570 /*
2571 * When doing dynamic address assignment,
2572 * we accept his offer. Otherwise, we
2573 * ignore it and thus continue to negotiate
2574 * our already existing value.
2575 */
2576 if (sp->ipcp.flags & IPCP_MYADDR_DYN) {
2577 if (debug)
2578 addlog("[agree] ");
2579 sp->ipcp.flags |= IPCP_MYADDR_SEEN;
2580 sp->ipcp.req_myaddr = wantaddr;
2581 }
2582 }
2583 break;
2584 #ifdef notyet
2585 case IPCP_OPT_COMPRESS:
2586 /*
2587 * Peer wants different compression parameters.
2588 */
2589 break;
2590 #endif
2591 }
2592 }
2593 if (debug)
2594 addlog("\n");
2595 }
2596
2597 void
2598 sppp_ipcp_tlu(struct sppp *sp)
2599 {
2600 if (sp->ipcp.req_myaddr != 0 || sp->ipcp.req_hisaddr != 0)
2601 task_add(systq, &sp->ipcp.set_addr_task);
2602 }
2603
2604 void
2605 sppp_ipcp_tld(struct sppp *sp)
2606 {
2607 }
2608
2609 void
2610 sppp_ipcp_tls(struct sppp *sp)
2611 {
2612 STDDCL;
2613 u_int32_t myaddr, hisaddr;
2614
2615 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|
2616 IPCP_MYADDR_DYN|IPCP_HISADDR_DYN);
2617 sp->ipcp.req_myaddr = 0;
2618 sp->ipcp.req_hisaddr = 0;
2619
2620 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0);
2621 /*
2622 * If we don't have his address, this probably means our
2623 * interface doesn't want to talk IP at all. (This could
2624 * be the case if somebody wants to speak only IPX, for
2625 * example.) Don't open IPCP in this case.
2626 */
2627 if (hisaddr == 0) {
2628 /* XXX this message should go away */
2629 if (debug)
2630 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n",
2631 SPP_ARGS(ifp));
2632 return;
2633 }
2634
2635 if (myaddr == 0) {
2636 /*
2637 * I don't have an assigned address, so i need to
2638 * negotiate my address.
2639 */
2640 sp->ipcp.flags |= IPCP_MYADDR_DYN;
2641 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
2642 }
2643 if (hisaddr == 1) {
2644 /*
2645 * XXX - remove this hack!
2646 * remote has no valid address, we need to get one assigned.
2647 */
2648 sp->ipcp.flags |= IPCP_HISADDR_DYN;
2649 }
2650
2651 /* indicate to LCP that it must stay alive */
2652 sp->lcp.protos |= (1 << IDX_IPCP);
2653 }
2654
2655 void
2656 sppp_ipcp_tlf(struct sppp *sp)
2657 {
2658 if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN))
2659 /* Some address was dynamic, clear it again. */
2660 task_add(systq, &sp->ipcp.clear_addr_task);
2661
2662 /* we no longer need LCP */
2663 sp->lcp.protos &= ~(1 << IDX_IPCP);
2664 sppp_lcp_check_and_close(sp);
2665 }
2666
2667 void
2668 sppp_ipcp_scr(struct sppp *sp)
2669 {
2670 char opt[6 /* compression */ + 6 /* address */];
2671 u_int32_t ouraddr;
2672 int i = 0;
2673
2674 #ifdef notyet
2675 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) {
2676 opt[i++] = IPCP_OPT_COMPRESSION;
2677 opt[i++] = 6;
2678 opt[i++] = 0; /* VJ header compression */
2679 opt[i++] = 0x2d; /* VJ header compression */
2680 opt[i++] = max_slot_id;
2681 opt[i++] = comp_slot_id;
2682 }
2683 #endif
2684
2685 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) {
2686 if (sp->ipcp.flags & IPCP_MYADDR_SEEN)
2687 /* not sure if this can ever happen */
2688 ouraddr = sp->ipcp.req_myaddr;
2689 else
2690 sppp_get_ip_addrs(sp, &ouraddr, 0, 0);
2691 opt[i++] = IPCP_OPT_ADDRESS;
2692 opt[i++] = 6;
2693 opt[i++] = ouraddr >> 24;
2694 opt[i++] = ouraddr >> 16;
2695 opt[i++] = ouraddr >> 8;
2696 opt[i++] = ouraddr;
2697 }
2698
2699 sp->confid[IDX_IPCP] = ++sp->pp_seq;
2700 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, opt);
2701 }
2702
2703 /*
2704 *--------------------------------------------------------------------------*
2705 * *
2706 * The IPv6CP implementation. *
2707 * *
2708 *--------------------------------------------------------------------------*
2709 */
2710
2711 #ifdef INET6
2712 void
2713 sppp_ipv6cp_init(struct sppp *sp)
2714 {
2715 sp->ipv6cp.opts = 0;
2716 sp->ipv6cp.flags = 0;
2717 sp->state[IDX_IPV6CP] = STATE_INITIAL;
2718 sp->fail_counter[IDX_IPV6CP] = 0;
2719 task_set(&sp->ipv6cp.set_addr_task, sppp_update_ip6_addr, sp);
2720 }
2721
2722 void
2723 sppp_ipv6cp_destroy(struct sppp *sp)
2724 {
2725 task_del(systq, &sp->ipv6cp.set_addr_task);
2726 }
2727
2728 void
2729 sppp_ipv6cp_up(struct sppp *sp)
2730 {
2731 sppp_up_event(&ipv6cp, sp);
2732 }
2733
2734 void
2735 sppp_ipv6cp_down(struct sppp *sp)
2736 {
2737 sppp_down_event(&ipv6cp, sp);
2738 }
2739
2740 void
2741 sppp_ipv6cp_open(struct sppp *sp)
2742 {
2743 STDDCL;
2744 struct in6_addr myaddr, hisaddr;
2745
2746 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN);
2747
2748 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, NULL);
2749 /*
2750 * If we don't have our address, this probably means our
2751 * interface doesn't want to talk IPv6 at all. (This could
2752 * be the case if the IFXF_NOINET6 flag is set, for
2753 * example.) Don't open IPv6CP in this case.
2754 */
2755 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) {
2756 /* XXX this message should go away */
2757 if (debug)
2758 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n",
2759 SPP_ARGS(ifp));
2760 return;
2761 }
2762 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID);
2763 sppp_open_event(&ipv6cp, sp);
2764 }
2765
2766 void
2767 sppp_ipv6cp_close(struct sppp *sp)
2768 {
2769 sppp_close_event(&ipv6cp, sp);
2770 }
2771
2772 void
2773 sppp_ipv6cp_TO(void *cookie)
2774 {
2775 sppp_to_event(&ipv6cp, (struct sppp *)cookie);
2776 }
2777
2778 int
2779 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len)
2780 {
2781 u_char *buf, *r, *p;
2782 struct ifnet *ifp = &sp->pp_if;
2783 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG;
2784 struct in6_addr myaddr, desiredaddr, suggestaddr;
2785 int ifidcount;
2786 int type;
2787 int collision, nohisaddr;
2788 char addr[INET6_ADDRSTRLEN];
2789
2790 len -= 4;
2791 origlen = len;
2792 /*
2793 * Make sure to allocate a buf that can at least hold a
2794 * conf-nak with an `address' option. We might need it below.
2795 */
2796 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT);
2797 if (! buf)
2798 return (0);
2799
2800 /* pass 1: see if we can recognize them */
2801 if (debug)
2802 log(LOG_DEBUG, "%s: ipv6cp parse opts:",
2803 SPP_ARGS(ifp));
2804 p = (void *)(h + 1);
2805 ifidcount = 0;
2806 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2807 /* Sanity check option length */
2808 if (p[1] < 2 || p[1] > len) {
2809 free(buf, M_TEMP, 0);
2810 return (-1);
2811 }
2812 if (debug)
2813 addlog(" %s", sppp_ipv6cp_opt_name(*p));
2814 switch (*p) {
2815 case IPV6CP_OPT_IFID:
2816 if (len >= 10 && p[1] == 10 && ifidcount == 0) {
2817 /* correctly formed address option */
2818 ifidcount++;
2819 continue;
2820 }
2821 if (debug)
2822 addlog(" [invalid]");
2823 break;
2824 #ifdef notyet
2825 case IPV6CP_OPT_COMPRESSION:
2826 if (len >= 4 && p[1] >= 4) {
2827 /* correctly formed compress option */
2828 continue;
2829 }
2830 if (debug)
2831 addlog(" [invalid]");
2832 break;
2833 #endif
2834 default:
2835 /* Others not supported. */
2836 if (debug)
2837 addlog(" [rej]");
2838 break;
2839 }
2840 /* Add the option to rejected list. */
2841 bcopy (p, r, p[1]);
2842 r += p[1];
2843 rlen += p[1];
2844 }
2845 if (rlen) {
2846 if (debug)
2847 addlog(" send conf-rej\n");
2848 sppp_cp_send(sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf);
2849 goto end;
2850 } else if (debug)
2851 addlog("\n");
2852
2853 /* pass 2: parse option values */
2854 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN)
2855 myaddr = sp->ipv6cp.req_ifid.ifra_addr.sin6_addr;
2856 else
2857 sppp_get_ip6_addrs(sp, &myaddr, NULL, NULL);
2858 if (debug)
2859 log(LOG_DEBUG, "%s: ipv6cp parse opt values: ",
2860 SPP_ARGS(ifp));
2861 p = (void *)(h + 1);
2862 len = origlen;
2863 type = CONF_ACK;
2864 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2865 if (debug)
2866 addlog(" %s", sppp_ipv6cp_opt_name(*p));
2867 switch (*p) {
2868 #ifdef notyet
2869 case IPV6CP_OPT_COMPRESSION:
2870 continue;
2871 #endif
2872 case IPV6CP_OPT_IFID:
2873 memset(&desiredaddr, 0, sizeof(desiredaddr));
2874 bcopy(&p[2], &desiredaddr.s6_addr[8], 8);
2875 collision = (memcmp(&desiredaddr.s6_addr[8],
2876 &myaddr.s6_addr[8], 8) == 0);
2877 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr);
2878
2879 desiredaddr.s6_addr16[0] = htons(0xfe80);
2880
2881 if (!collision && !nohisaddr) {
2882 /* no collision, hisaddr known - Conf-Ack */
2883 type = CONF_ACK;
2884
2885 if (debug) {
2886 addlog(" %s [%s]",
2887 inet_ntop(AF_INET6, &desiredaddr,
2888 addr, sizeof(addr)),
2889 sppp_cp_type_name(type));
2890 }
2891 sppp_set_ip6_addr(sp, &myaddr, &desiredaddr);
2892 continue;
2893 }
2894
2895 memset(&suggestaddr, 0, sizeof(suggestaddr));
2896 if (collision && nohisaddr) {
2897 /* collision, hisaddr unknown - Conf-Rej */
2898 type = CONF_REJ;
2899 memset(&p[2], 0, 8);
2900 } else {
2901 /*
2902 * - no collision, hisaddr unknown, or
2903 * - collision, hisaddr known
2904 * Conf-Nak, suggest hisaddr
2905 */
2906 type = CONF_NAK;
2907 sppp_suggest_ip6_addr(sp, &suggestaddr);
2908 bcopy(&suggestaddr.s6_addr[8], &p[2], 8);
2909 }
2910 if (debug)
2911 addlog(" %s [%s]",
2912 inet_ntop(AF_INET6, &desiredaddr, addr,
2913 sizeof(addr)),
2914 sppp_cp_type_name(type));
2915 break;
2916 }
2917 /* Add the option to nak'ed list. */
2918 bcopy (p, r, p[1]);
2919 r += p[1];
2920 rlen += p[1];
2921 }
2922
2923 if (rlen == 0 && type == CONF_ACK) {
2924 if (debug)
2925 addlog(" send %s\n", sppp_cp_type_name(type));
2926 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, origlen, h + 1);
2927 } else {
2928 #ifdef notdef
2929 if (type == CONF_ACK)
2930 panic("IPv6CP RCR: CONF_ACK with non-zero rlen");
2931 #endif
2932
2933 if (debug) {
2934 addlog(" send %s suggest %s\n",
2935 sppp_cp_type_name(type),
2936 inet_ntop(AF_INET6, &suggestaddr, addr,
2937 sizeof(addr)));
2938 }
2939 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, rlen, buf);
2940 }
2941
2942 end:
2943 free(buf, M_TEMP, 0);
2944 return (rlen == 0);
2945 }
2946
2947 void
2948 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
2949 {
2950 u_char *p;
2951 struct ifnet *ifp = &sp->pp_if;
2952 int debug = ifp->if_flags & IFF_DEBUG;
2953
2954 len -= 4;
2955
2956 if (debug)
2957 log(LOG_DEBUG, "%s: ipv6cp rej opts:",
2958 SPP_ARGS(ifp));
2959
2960 p = (void *)(h + 1);
2961 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
2962 if (p[1] < 2 || p[1] > len)
2963 return;
2964 if (debug)
2965 addlog(" %s", sppp_ipv6cp_opt_name(*p));
2966 switch (*p) {
2967 case IPV6CP_OPT_IFID:
2968 /*
2969 * Peer doesn't grok address option. This is
2970 * bad. XXX Should we better give up here?
2971 */
2972 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID);
2973 break;
2974 #ifdef notyet
2975 case IPV6CP_OPT_COMPRESS:
2976 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS);
2977 break;
2978 #endif
2979 }
2980 }
2981 if (debug)
2982 addlog("\n");
2983 return;
2984 }
2985
2986 void
2987 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
2988 {
2989 u_char *p;
2990 struct ifnet *ifp = &sp->pp_if;
2991 int debug = ifp->if_flags & IFF_DEBUG;
2992 struct in6_addr suggestaddr;
2993 char addr[INET6_ADDRSTRLEN];
2994
2995 len -= 4;
2996
2997 if (debug)
2998 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts: ",
2999 SPP_ARGS(ifp));
3000
3001 p = (void*) (h+1);
3002 for (; len > 1; len -= p[1], p += p[1]) {
3003 if (p[1] < 2 || p[1] > len)
3004 return;
3005 if (debug)
3006 addlog("%s ", sppp_ipv6cp_opt_name(*p));
3007 switch (*p) {
3008 case IPV6CP_OPT_IFID:
3009 /*
3010 * Peer doesn't like our local ifid. See
3011 * if we can do something for him. We'll drop
3012 * him our address then.
3013 */
3014 if (len < 10 || p[1] != 10)
3015 break;
3016 sp->ipv6cp.flags |= IPV6CP_MYIFID_DYN;
3017 memset(&suggestaddr, 0, sizeof(suggestaddr));
3018 bcopy(&p[2], &suggestaddr.s6_addr[8], 8);
3019 if (IN6_IS_ADDR_UNSPECIFIED(&suggestaddr) ||
3020 (sp->ipv6cp.flags & IPV6CP_MYIFID_SEEN)) {
3021 /*
3022 * The peer didn't suggest anything,
3023 * or wants us to change a previously
3024 * suggested address.
3025 * Configure a new address for us.
3026 */
3027 sppp_suggest_ip6_addr(sp, &suggestaddr);
3028 sppp_set_ip6_addr(sp, &suggestaddr, NULL);
3029 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN;
3030 } else {
3031 /* Configure address suggested by peer. */
3032 suggestaddr.s6_addr16[0] = htons(0xfe80);
3033 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID);
3034 if (debug)
3035 addlog(" [suggestaddr %s]",
3036 inet_ntop(AF_INET6, &suggestaddr,
3037 addr, sizeof(addr)));
3038 sppp_set_ip6_addr(sp, &suggestaddr, NULL);
3039 if (debug)
3040 addlog(" [agree]");
3041 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN;
3042 }
3043 break;
3044 #ifdef notyet
3045 case IPV6CP_OPT_COMPRESS:
3046 /*
3047 * Peer wants different compression parameters.
3048 */
3049 break;
3050 #endif
3051 }
3052 }
3053 if (debug)
3054 addlog("\n");
3055 }
3056
3057 void
3058 sppp_ipv6cp_tlu(struct sppp *sp)
3059 {
3060 }
3061
3062 void
3063 sppp_ipv6cp_tld(struct sppp *sp)
3064 {
3065 }
3066
3067 void
3068 sppp_ipv6cp_tls(struct sppp *sp)
3069 {
3070 /* indicate to LCP that it must stay alive */
3071 sp->lcp.protos |= (1 << IDX_IPV6CP);
3072 }
3073
3074 void
3075 sppp_ipv6cp_tlf(struct sppp *sp)
3076 {
3077 /* we no longer need LCP */
3078 sp->lcp.protos &= ~(1 << IDX_IPV6CP);
3079 sppp_lcp_check_and_close(sp);
3080 }
3081
3082 void
3083 sppp_ipv6cp_scr(struct sppp *sp)
3084 {
3085 char opt[10 /* ifid */ + 4 /* compression, minimum */];
3086 struct in6_addr ouraddr;
3087 int i = 0;
3088
3089 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) {
3090 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN)
3091 ouraddr = sp->ipv6cp.req_ifid.ifra_addr.sin6_addr;
3092 else
3093 sppp_get_ip6_addrs(sp, &ouraddr, NULL, NULL);
3094 opt[i++] = IPV6CP_OPT_IFID;
3095 opt[i++] = 10;
3096 bcopy(&ouraddr.s6_addr[8], &opt[i], 8);
3097 i += 8;
3098 }
3099
3100 #ifdef notyet
3101 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) {
3102 opt[i++] = IPV6CP_OPT_COMPRESSION;
3103 opt[i++] = 4;
3104 p opt[i++] = 0; /* TBD */
3105 opt[i++] = 0; /* TBD */
3106 /* variable length data may follow */
3107 }
3108 #endif
3109
3110 sp->confid[IDX_IPV6CP] = ++sp->pp_seq;
3111 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, opt);
3112 }
3113 #else /*INET6*/
3114 void
3115 sppp_ipv6cp_init(struct sppp *sp)
3116 {
3117 }
3118
3119 void
3120 sppp_ipv6cp_destroy(struct sppp *sp)
3121 {
3122 }
3123
3124 void
3125 sppp_ipv6cp_up(struct sppp *sp)
3126 {
3127 }
3128
3129 void
3130 sppp_ipv6cp_down(struct sppp *sp)
3131 {
3132 }
3133
3134 void
3135 sppp_ipv6cp_open(struct sppp *sp)
3136 {
3137 }
3138
3139 void
3140 sppp_ipv6cp_close(struct sppp *sp)
3141 {
3142 }
3143
3144 void
3145 sppp_ipv6cp_TO(void *sp)
3146 {
3147 }
3148
3149 int
3150 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h,
3151 int len)
3152 {
3153 return 0;
3154 }
3155
3156 void
3157 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h,
3158 int len)
3159 {
3160 }
3161
3162 void
3163 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h,
3164 int len)
3165 {
3166 }
3167
3168 void
3169 sppp_ipv6cp_tlu(struct sppp *sp)
3170 {
3171 }
3172
3173 void
3174 sppp_ipv6cp_tld(struct sppp *sp)
3175 {
3176 }
3177
3178 void
3179 sppp_ipv6cp_tls(struct sppp *sp)
3180 {
3181 }
3182
3183 void
3184 sppp_ipv6cp_tlf(struct sppp *sp)
3185 {
3186 }
3187
3188 void
3189 sppp_ipv6cp_scr(struct sppp *sp)
3190 {
3191 }
3192 #endif /*INET6*/
3193
3194 /*
3195 *--------------------------------------------------------------------------*
3196 * *
3197 * The CHAP implementation. *
3198 * *
3199 *--------------------------------------------------------------------------*
3200 */
3201
3202 /*
3203 * The authentication protocols don't employ a full-fledged state machine as
3204 * the control protocols do, since they do have Open and Close events, but
3205 * not Up and Down, nor are they explicitly terminated. Also, use of the
3206 * authentication protocols may be different in both directions (this makes
3207 * sense, think of a machine that never accepts incoming calls but only
3208 * calls out, it doesn't require the called party to authenticate itself).
3209 *
3210 * Our state machine for the local authentication protocol (we are requesting
3211 * the peer to authenticate) looks like:
3212 *
3213 * RCA-
3214 * +--------------------------------------------+
3215 * V scn,tld|
3216 * +--------+ Close +---------+ RCA+
3217 * | |<----------------------------------| |------+
3218 * +--->| Closed | TO* | Opened | sca |
3219 * | | |-----+ +-------| |<-----+
3220 * | +--------+ irc | | +---------+
3221 * | ^ | | ^
3222 * | | | | |
3223 * | | | | |
3224 * | TO-| | | |
3225 * | |tld TO+ V | |
3226 * | | +------->+ | |
3227 * | | | | | |
3228 * | +--------+ V | |
3229 * | | |<----+<--------------------+ |
3230 * | | Req- | scr |
3231 * | | Sent | |
3232 * | | | |
3233 * | +--------+ |
3234 * | RCA- | | RCA+ |
3235 * +------+ +------------------------------------------+
3236 * scn,tld sca,irc,ict,tlu
3237 *
3238 *
3239 * with:
3240 *
3241 * Open: LCP reached authentication phase
3242 * Close: LCP reached terminate phase
3243 *
3244 * RCA+: received reply (pap-req, chap-response), acceptable
3245 * RCN: received reply (pap-req, chap-response), not acceptable
3246 * TO+: timeout with restart counter >= 0
3247 * TO-: timeout with restart counter < 0
3248 * TO*: reschedule timeout for CHAP
3249 *
3250 * scr: send request packet (none for PAP, chap-challenge)
3251 * sca: send ack packet (pap-ack, chap-success)
3252 * scn: send nak packet (pap-nak, chap-failure)
3253 * ict: initialize re-challenge timer (CHAP only)
3254 *
3255 * tlu: this-layer-up, LCP reaches network phase
3256 * tld: this-layer-down, LCP enters terminate phase
3257 *
3258 * Note that in CHAP mode, after sending a new challenge, while the state
3259 * automaton falls back into Req-Sent state, it doesn't signal a tld
3260 * event to LCP, so LCP remains in network phase. Only after not getting
3261 * any response (or after getting an unacceptable response), CHAP closes,
3262 * causing LCP to enter terminate phase.
3263 *
3264 * With PAP, there is no initial request that can be sent. The peer is
3265 * expected to send one based on the successful negotiation of PAP as
3266 * the authentication protocol during the LCP option negotiation.
3267 *
3268 * Incoming authentication protocol requests (remote requests
3269 * authentication, we are peer) don't employ a state machine at all,
3270 * they are simply answered. Some peers [Ascend P50 firmware rev
3271 * 4.50] react allergically when sending IPCP requests while they are
3272 * still in authentication phase (thereby violating the standard that
3273 * demands that these NCP packets are to be discarded), so we keep
3274 * track of the peer demanding us to authenticate, and only proceed to
3275 * phase network once we've seen a positive acknowledge for the
3276 * authentication.
3277 */
3278
3279 /*
3280 * Handle incoming CHAP packets.
3281 */
3282 void
3283 sppp_chap_input(struct sppp *sp, struct mbuf *m)
3284 {
3285 STDDCL;
3286 struct lcp_header *h;
3287 int len, x;
3288 u_char *value, *name, digest[AUTHCHALEN], dsize;
3289 int value_len, name_len;
3290 MD5_CTX ctx;
3291
3292 len = m->m_pkthdr.len;
3293 if (len < 4) {
3294 if (debug)
3295 log(LOG_DEBUG,
3296 SPP_FMT "chap invalid packet length: %d bytes\n",
3297 SPP_ARGS(ifp), len);
3298 return;
3299 }
3300 h = mtod (m, struct lcp_header*);
3301 if (len > ntohs (h->len))
3302 len = ntohs (h->len);
3303
3304 switch (h->type) {
3305 /* challenge, failure and success are his authproto */
3306 case CHAP_CHALLENGE:
3307 value = 1 + (u_char*)(h+1);
3308 value_len = value[-1];
3309 name = value + value_len;
3310 name_len = len - value_len - 5;
3311 if (name_len < 0) {
3312 if (debug) {
3313 log(LOG_DEBUG,
3314 SPP_FMT "chap corrupted challenge "
3315 "<%s id=0x%x len=%d",
3316 SPP_ARGS(ifp),
3317 sppp_auth_type_name(PPP_CHAP, h->type),
3318 h->ident, ntohs(h->len));
3319 if (len > 4)
3320 sppp_print_bytes((u_char*) (h+1), len-4);
3321 addlog(">\n");
3322 }
3323 break;
3324 }
3325
3326 if (debug) {
3327 log(LOG_DEBUG,
3328 SPP_FMT "chap input <%s id=0x%x len=%d name=",
3329 SPP_ARGS(ifp),
3330 sppp_auth_type_name(PPP_CHAP, h->type), h->ident,
3331 ntohs(h->len));
3332 sppp_print_string((char*) name, name_len);
3333 addlog(" value-size=%d value=", value_len);
3334 sppp_print_bytes(value, value_len);
3335 addlog(">\n");
3336 }
3337
3338 /* Compute reply value. */
3339 MD5Init(&ctx);
3340 MD5Update(&ctx, &h->ident, 1);
3341 MD5Update(&ctx, sp->myauth.secret, strlen(sp->myauth.secret));
3342 MD5Update(&ctx, value, value_len);
3343 MD5Final(digest, &ctx);
3344 dsize = sizeof digest;
3345
3346 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident,
3347 sizeof dsize, (const char *)&dsize,
3348 sizeof digest, digest,
3349 strlen(sp->myauth.name),
3350 sp->myauth.name,
3351 0);
3352 break;
3353
3354 case CHAP_SUCCESS:
3355 if (debug) {
3356 log(LOG_DEBUG, SPP_FMT "chap success",
3357 SPP_ARGS(ifp));
3358 if (len > 4) {
3359 addlog(": ");
3360 sppp_print_string((char*)(h + 1), len - 4);
3361 }
3362 addlog("\n");
3363 }
3364 x = splnet();
3365 sp->pp_flags &= ~PP_NEEDAUTH;
3366 if (sp->myauth.proto == PPP_CHAP &&
3367 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) &&
3368 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) {
3369 /*
3370 * We are authenticator for CHAP but didn't
3371 * complete yet. Leave it to tlu to proceed
3372 * to network phase.
3373 */
3374 splx(x);
3375 break;
3376 }
3377 splx(x);
3378 sppp_phase_network(sp);
3379 break;
3380
3381 case CHAP_FAILURE:
3382 if (debug) {
3383 log(LOG_INFO, SPP_FMT "chap failure",
3384 SPP_ARGS(ifp));
3385 if (len > 4) {
3386 addlog(": ");
3387 sppp_print_string((char*)(h + 1), len - 4);
3388 }
3389 addlog("\n");
3390 } else
3391 log(LOG_INFO, SPP_FMT "chap failure\n",
3392 SPP_ARGS(ifp));
3393 /* await LCP shutdown by authenticator */
3394 break;
3395
3396 /* response is my authproto */
3397 case CHAP_RESPONSE:
3398 value = 1 + (u_char*)(h+1);
3399 value_len = value[-1];
3400 name = value + value_len;
3401 name_len = len - value_len - 5;
3402 if (name_len < 0) {
3403 if (debug) {
3404 log(LOG_DEBUG,
3405 SPP_FMT "chap corrupted response "
3406 "<%s id=0x%x len=%d",
3407 SPP_ARGS(ifp),
3408 sppp_auth_type_name(PPP_CHAP, h->type),
3409 h->ident, ntohs(h->len));
3410 if (len > 4)
3411 sppp_print_bytes((u_char*)(h+1), len-4);
3412 addlog(">\n");
3413 }
3414 break;
3415 }
3416 if (h->ident != sp->confid[IDX_CHAP]) {
3417 if (debug)
3418 log(LOG_DEBUG,
3419 SPP_FMT "chap dropping response for old ID "
3420 "(got %d, expected %d)\n",
3421 SPP_ARGS(ifp),
3422 h->ident, sp->confid[IDX_CHAP]);
3423 break;
3424 }
3425 if (name_len != strlen(sp->hisauth.name)
3426 || bcmp(name, sp->hisauth.name, name_len) != 0) {
3427 log(LOG_INFO, SPP_FMT "chap response, his name ",
3428 SPP_ARGS(ifp));
3429 sppp_print_string(name, name_len);
3430 addlog(" != expected ");
3431 sppp_print_string(sp->hisauth.name,
3432 strlen(sp->hisauth.name));
3433 addlog("\n");
3434 }
3435 if (debug) {
3436 log(LOG_DEBUG, SPP_FMT "chap input(%s) "
3437 "<%s id=0x%x len=%d name=",
3438 SPP_ARGS(ifp),
3439 sppp_state_name(sp->state[IDX_CHAP]),
3440 sppp_auth_type_name(PPP_CHAP, h->type),
3441 h->ident, ntohs (h->len));
3442 sppp_print_string((char*)name, name_len);
3443 addlog(" value-size=%d value=", value_len);
3444 sppp_print_bytes(value, value_len);
3445 addlog(">\n");
3446 }
3447 if (value_len != AUTHCHALEN) {
3448 if (debug)
3449 log(LOG_DEBUG,
3450 SPP_FMT "chap bad hash value length: "
3451 "%d bytes, should be %d\n",
3452 SPP_ARGS(ifp), value_len,
3453 AUTHCHALEN);
3454 break;
3455 }
3456
3457 MD5Init(&ctx);
3458 MD5Update(&ctx, &h->ident, 1);
3459 MD5Update(&ctx, sp->hisauth.secret, strlen(sp->hisauth.secret));
3460 MD5Update(&ctx, sp->chap_challenge, AUTHCHALEN);
3461 MD5Final(digest, &ctx);
3462
3463 #define FAILMSG "Failed..."
3464 #define SUCCMSG "Welcome!"
3465
3466 if (value_len != sizeof digest ||
3467 timingsafe_bcmp(digest, value, value_len) != 0) {
3468 /* action scn, tld */
3469 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident,
3470 sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
3471 0);
3472 chap.tld(sp);
3473 break;
3474 }
3475 /* action sca, perhaps tlu */
3476 if (sp->state[IDX_CHAP] == STATE_REQ_SENT ||
3477 sp->state[IDX_CHAP] == STATE_OPENED)
3478 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident,
3479 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
3480 0);
3481 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) {
3482 sppp_cp_change_state(&chap, sp, STATE_OPENED);
3483 chap.tlu(sp);
3484 }
3485 break;
3486
3487 default:
3488 /* Unknown CHAP packet type -- ignore. */
3489 if (debug) {
3490 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) "
3491 "<0x%x id=0x%xh len=%d",
3492 SPP_ARGS(ifp),
3493 sppp_state_name(sp->state[IDX_CHAP]),
3494 h->type, h->ident, ntohs(h->len));
3495 if (len > 4)
3496 sppp_print_bytes((u_char*)(h+1), len-4);
3497 addlog(">\n");
3498 }
3499 break;
3500
3501 }
3502 }
3503
3504 void
3505 sppp_chap_init(struct sppp *sp)
3506 {
3507 /* Chap doesn't have STATE_INITIAL at all. */
3508 sp->state[IDX_CHAP] = STATE_CLOSED;
3509 sp->fail_counter[IDX_CHAP] = 0;
3510 }
3511
3512 void
3513 sppp_chap_open(struct sppp *sp)
3514 {
3515 if (sp->myauth.proto == PPP_CHAP &&
3516 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
3517 /* we are authenticator for CHAP, start it */
3518 chap.scr(sp);
3519 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
3520 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
3521 }
3522 /* nothing to be done if we are peer, await a challenge */
3523 }
3524
3525 void
3526 sppp_chap_close(struct sppp *sp)
3527 {
3528 if (sp->state[IDX_CHAP] != STATE_CLOSED)
3529 sppp_cp_change_state(&chap, sp, STATE_CLOSED);
3530 }
3531
3532 void
3533 sppp_chap_TO(void *cookie)
3534 {
3535 struct sppp *sp = (struct sppp *)cookie;
3536 STDDCL;
3537 int s;
3538
3539 s = splnet();
3540 if (debug)
3541 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n",
3542 SPP_ARGS(ifp),
3543 sppp_state_name(sp->state[IDX_CHAP]),
3544 sp->rst_counter[IDX_CHAP]);
3545
3546 if (--sp->rst_counter[IDX_CHAP] < 0)
3547 /* TO- event */
3548 switch (sp->state[IDX_CHAP]) {
3549 case STATE_REQ_SENT:
3550 chap.tld(sp);
3551 sppp_cp_change_state(&chap, sp, STATE_CLOSED);
3552 break;
3553 }
3554 else
3555 /* TO+ (or TO*) event */
3556 switch (sp->state[IDX_CHAP]) {
3557 case STATE_OPENED:
3558 /* TO* event */
3559 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
3560 /* FALLTHROUGH */
3561 case STATE_REQ_SENT:
3562 chap.scr(sp);
3563 /* sppp_cp_change_state() will restart the timer */
3564 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
3565 break;
3566 }
3567
3568 splx(s);
3569 }
3570
3571 void
3572 sppp_chap_tlu(struct sppp *sp)
3573 {
3574 STDDCL;
3575 int i = 0, x;
3576
3577 i = 0;
3578 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
3579
3580 /*
3581 * Some broken CHAP implementations (Conware CoNet, firmware
3582 * 4.0.?) don't want to re-authenticate their CHAP once the
3583 * initial challenge-response exchange has taken place.
3584 * Provide for an option to avoid rechallenges.
3585 */
3586 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) {
3587 /*
3588 * Compute the re-challenge timeout. This will yield
3589 * a number between 300 and 810 seconds.
3590 */
3591 i = 300 + (arc4random() & 0x01fe);
3592
3593 timeout_add_sec(&sp->ch[IDX_CHAP], i);
3594 }
3595
3596 if (debug) {
3597 log(LOG_DEBUG,
3598 SPP_FMT "chap %s, ",
3599 SPP_ARGS(ifp),
3600 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu");
3601 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0)
3602 addlog("next re-challenge in %d seconds\n", i);
3603 else
3604 addlog("re-challenging suppressed\n");
3605 }
3606
3607 x = splnet();
3608 /* indicate to LCP that we need to be closed down */
3609 sp->lcp.protos |= (1 << IDX_CHAP);
3610
3611 if (sp->pp_flags & PP_NEEDAUTH) {
3612 /*
3613 * Remote is authenticator, but his auth proto didn't
3614 * complete yet. Defer the transition to network
3615 * phase.
3616 */
3617 splx(x);
3618 return;
3619 }
3620 splx(x);
3621
3622 /*
3623 * If we are already in phase network, we are done here. This
3624 * is the case if this is a dummy tlu event after a re-challenge.
3625 */
3626 if (sp->pp_phase != PHASE_NETWORK)
3627 sppp_phase_network(sp);
3628 }
3629
3630 void
3631 sppp_chap_tld(struct sppp *sp)
3632 {
3633 STDDCL;
3634
3635 if (debug)
3636 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp));
3637 UNTIMEOUT(chap.TO, (void *)sp, sp->ch[IDX_CHAP]);
3638 sp->lcp.protos &= ~(1 << IDX_CHAP);
3639
3640 lcp.Close(sp);
3641 }
3642
3643 void
3644 sppp_chap_scr(struct sppp *sp)
3645 {
3646 u_char clen;
3647
3648 /* Compute random challenge. */
3649 arc4random_buf(sp->chap_challenge, sizeof(sp->chap_challenge));
3650 clen = AUTHCHALEN;
3651
3652 sp->confid[IDX_CHAP] = ++sp->pp_seq;
3653
3654 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP],
3655 sizeof clen, (const char *)&clen,
3656 (size_t)AUTHCHALEN, sp->chap_challenge,
3657 strlen(sp->myauth.name),
3658 sp->myauth.name,
3659 0);
3660 }
3661 �/*
3662 *--------------------------------------------------------------------------*
3663 * *
3664 * The PAP implementation. *
3665 * *
3666 *--------------------------------------------------------------------------*
3667 */
3668 /*
3669 * For PAP, we need to keep a little state also if we are the peer, not the
3670 * authenticator. This is since we don't get a request to authenticate, but
3671 * have to repeatedly authenticate ourself until we got a response (or the
3672 * retry counter is expired).
3673 */
3674
3675 /*
3676 * Handle incoming PAP packets. */
3677 void
3678 sppp_pap_input(struct sppp *sp, struct mbuf *m)
3679 {
3680 STDDCL;
3681 struct lcp_header *h;
3682 int len, x;
3683 u_char *name, *passwd, mlen;
3684 int name_len, passwd_len;
3685
3686 len = m->m_pkthdr.len;
3687 if (len < 5) {
3688 if (debug)
3689 log(LOG_DEBUG,
3690 SPP_FMT "pap invalid packet length: %d bytes\n",
3691 SPP_ARGS(ifp), len);
3692 return;
3693 }
3694 h = mtod (m, struct lcp_header*);
3695 if (len > ntohs (h->len))
3696 len = ntohs (h->len);
3697 switch (h->type) {
3698 /* PAP request is my authproto */
3699 case PAP_REQ:
3700 name = 1 + (u_char*)(h+1);
3701 name_len = name[-1];
3702 passwd = name + name_len + 1;
3703 if (name_len > len - 6 ||
3704 (passwd_len = passwd[-1]) > len - 6 - name_len) {
3705 if (debug) {
3706 log(LOG_DEBUG, SPP_FMT "pap corrupted input "
3707 "<%s id=0x%x len=%d",
3708 SPP_ARGS(ifp),
3709 sppp_auth_type_name(PPP_PAP, h->type),
3710 h->ident, ntohs(h->len));
3711 if (len > 4)
3712 sppp_print_bytes((u_char*)(h+1), len-4);
3713 addlog(">\n");
3714 }
3715 break;
3716 }
3717 if (debug) {
3718 log(LOG_DEBUG, SPP_FMT "pap input(%s) "
3719 "<%s id=0x%x len=%d name=",
3720 SPP_ARGS(ifp),
3721 sppp_state_name(sp->state[IDX_PAP]),
3722 sppp_auth_type_name(PPP_PAP, h->type),
3723 h->ident, ntohs(h->len));
3724 sppp_print_string((char*)name, name_len);
3725 addlog(" passwd=");
3726 sppp_print_string((char*)passwd, passwd_len);
3727 addlog(">\n");
3728 }
3729 if (name_len > AUTHMAXLEN ||
3730 passwd_len > AUTHMAXLEN ||
3731 bcmp(name, sp->hisauth.name, name_len) != 0 ||
3732 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) {
3733 /* action scn, tld */
3734 mlen = sizeof(FAILMSG) - 1;
3735 sppp_auth_send(&pap, sp, PAP_NAK, h->ident,
3736 sizeof mlen, (const char *)&mlen,
3737 sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
3738 0);
3739 pap.tld(sp);
3740 break;
3741 }
3742 /* action sca, perhaps tlu */
3743 if (sp->state[IDX_PAP] == STATE_REQ_SENT ||
3744 sp->state[IDX_PAP] == STATE_OPENED) {
3745 mlen = sizeof(SUCCMSG) - 1;
3746 sppp_auth_send(&pap, sp, PAP_ACK, h->ident,
3747 sizeof mlen, (const char *)&mlen,
3748 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
3749 0);
3750 }
3751 if (sp->state[IDX_PAP] == STATE_REQ_SENT) {
3752 sppp_cp_change_state(&pap, sp, STATE_OPENED);
3753 pap.tlu(sp);
3754 }
3755 break;
3756
3757 /* ack and nak are his authproto */
3758 case PAP_ACK:
3759 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
3760 if (debug) {
3761 log(LOG_DEBUG, SPP_FMT "pap success",
3762 SPP_ARGS(ifp));
3763 name_len = *((char *)h);
3764 if (len > 5 && name_len) {
3765 addlog(": ");
3766 sppp_print_string((char*)(h+1), name_len);
3767 }
3768 addlog("\n");
3769 }
3770 x = splnet();
3771 sp->pp_flags &= ~PP_NEEDAUTH;
3772 if (sp->myauth.proto == PPP_PAP &&
3773 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) &&
3774 (sp->lcp.protos & (1 << IDX_PAP)) == 0) {
3775 /*
3776 * We are authenticator for PAP but didn't
3777 * complete yet. Leave it to tlu to proceed
3778 * to network phase.
3779 */
3780 splx(x);
3781 break;
3782 }
3783 splx(x);
3784 sppp_phase_network(sp);
3785 break;
3786
3787 case PAP_NAK:
3788 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
3789 if (debug) {
3790 log(LOG_INFO, SPP_FMT "pap failure",
3791 SPP_ARGS(ifp));
3792 name_len = *((char *)h);
3793 if (len > 5 && name_len) {
3794 addlog(": ");
3795 sppp_print_string((char*)(h+1), name_len);
3796 }
3797 addlog("\n");
3798 } else
3799 log(LOG_INFO, SPP_FMT "pap failure\n",
3800 SPP_ARGS(ifp));
3801 /* await LCP shutdown by authenticator */
3802 break;
3803
3804 default:
3805 /* Unknown PAP packet type -- ignore. */
3806 if (debug) {
3807 log(LOG_DEBUG, SPP_FMT "pap corrupted input "
3808 "<0x%x id=0x%x len=%d",
3809 SPP_ARGS(ifp),
3810 h->type, h->ident, ntohs(h->len));
3811 if (len > 4)
3812 sppp_print_bytes((u_char*)(h+1), len-4);
3813 addlog(">\n");
3814 }
3815 break;
3816
3817 }
3818 }
3819
3820 void
3821 sppp_pap_init(struct sppp *sp)
3822 {
3823 /* PAP doesn't have STATE_INITIAL at all. */
3824 sp->state[IDX_PAP] = STATE_CLOSED;
3825 sp->fail_counter[IDX_PAP] = 0;
3826 }
3827
3828 void
3829 sppp_pap_open(struct sppp *sp)
3830 {
3831 if (sp->hisauth.proto == PPP_PAP &&
3832 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
3833 /* we are authenticator for PAP, start our timer */
3834 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
3835 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
3836 }
3837 if (sp->myauth.proto == PPP_PAP) {
3838 /* we are peer, send a request, and start a timer */
3839 pap.scr(sp);
3840 timeout_add(&sp->pap_my_to_ch, sp->lcp.timeout);
3841 }
3842 }
3843
3844 void
3845 sppp_pap_close(struct sppp *sp)
3846 {
3847 if (sp->state[IDX_PAP] != STATE_CLOSED)
3848 sppp_cp_change_state(&pap, sp, STATE_CLOSED);
3849 }
3850
3851 /*
3852 * That's the timeout routine if we are authenticator. Since the
3853 * authenticator is basically passive in PAP, we can't do much here.
3854 */
3855 void
3856 sppp_pap_TO(void *cookie)
3857 {
3858 struct sppp *sp = (struct sppp *)cookie;
3859 STDDCL;
3860 int s;
3861
3862 s = splnet();
3863 if (debug)
3864 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n",
3865 SPP_ARGS(ifp),
3866 sppp_state_name(sp->state[IDX_PAP]),
3867 sp->rst_counter[IDX_PAP]);
3868
3869 if (--sp->rst_counter[IDX_PAP] < 0)
3870 /* TO- event */
3871 switch (sp->state[IDX_PAP]) {
3872 case STATE_REQ_SENT:
3873 pap.tld(sp);
3874 sppp_cp_change_state(&pap, sp, STATE_CLOSED);
3875 break;
3876 }
3877 else
3878 /* TO+ event, not very much we could do */
3879 switch (sp->state[IDX_PAP]) {
3880 case STATE_REQ_SENT:
3881 /* sppp_cp_change_state() will restart the timer */
3882 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
3883 break;
3884 }
3885
3886 splx(s);
3887 }
3888
3889 /*
3890 * That's the timeout handler if we are peer. Since the peer is active,
3891 * we need to retransmit our PAP request since it is apparently lost.
3892 * XXX We should impose a max counter.
3893 */
3894 void
3895 sppp_pap_my_TO(void *cookie)
3896 {
3897 struct sppp *sp = (struct sppp *)cookie;
3898 STDDCL;
3899
3900 if (debug)
3901 log(LOG_DEBUG, SPP_FMT "pap peer TO\n",
3902 SPP_ARGS(ifp));
3903
3904 pap.scr(sp);
3905 }
3906
3907 void
3908 sppp_pap_tlu(struct sppp *sp)
3909 {
3910 STDDCL;
3911 int x;
3912
3913 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
3914
3915 if (debug)
3916 log(LOG_DEBUG, SPP_FMT "%s tlu\n",
3917 SPP_ARGS(ifp), pap.name);
3918
3919 x = splnet();
3920 /* indicate to LCP that we need to be closed down */
3921 sp->lcp.protos |= (1 << IDX_PAP);
3922
3923 if (sp->pp_flags & PP_NEEDAUTH) {
3924 /*
3925 * Remote is authenticator, but his auth proto didn't
3926 * complete yet. Defer the transition to network
3927 * phase.
3928 */
3929 splx(x);
3930 return;
3931 }
3932 splx(x);
3933 sppp_phase_network(sp);
3934 }
3935
3936 void
3937 sppp_pap_tld(struct sppp *sp)
3938 {
3939 STDDCL;
3940
3941 if (debug)
3942 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp));
3943 UNTIMEOUT(pap.TO, (void *)sp, sp->ch[IDX_PAP]);
3944 UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
3945 sp->lcp.protos &= ~(1 << IDX_PAP);
3946
3947 lcp.Close(sp);
3948 }
3949
3950 void
3951 sppp_pap_scr(struct sppp *sp)
3952 {
3953 u_char idlen, pwdlen;
3954
3955 sp->confid[IDX_PAP] = ++sp->pp_seq;
3956 pwdlen = strlen(sp->myauth.secret);
3957 idlen = strlen(sp->myauth.name);
3958
3959 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP],
3960 sizeof idlen, (const char *)&idlen,
3961 (size_t)idlen, sp->myauth.name,
3962 sizeof pwdlen, (const char *)&pwdlen,
3963 (size_t)pwdlen, sp->myauth.secret,
3964 0);
3965 }
3966 �/*
3967 * Random miscellaneous functions.
3968 */
3969
3970 /*
3971 * Send a PAP or CHAP proto packet.
3972 *
3973 * Varadic function, each of the elements for the ellipsis is of type
3974 * ``size_t mlen, const u_char *msg''. Processing will stop iff
3975 * mlen == 0.
3976 */
3977
3978 void
3979 sppp_auth_send(const struct cp *cp, struct sppp *sp,
3980 unsigned int type, u_int id, ...)
3981 {
3982 STDDCL;
3983 struct lcp_header *lh;
3984 struct mbuf *m;
3985 u_char *p;
3986 int len, s;
3987 unsigned int mlen;
3988 const char *msg;
3989 va_list ap;
3990
3991 MGETHDR (m, M_DONTWAIT, MT_DATA);
3992 if (! m)
3993 return;
3994 m->m_pkthdr.ph_ifidx = 0;
3995 m->m_pkthdr.pf.prio = sp->pp_if.if_llprio;
3996
3997 *mtod(m, u_int16_t *) = htons(cp->proto);
3998 lh = (struct lcp_header *)(mtod(m, u_int8_t *) + 2);
3999
4000 lh->type = type;
4001 lh->ident = id;
4002 p = (u_char*) (lh+1);
4003
4004 va_start(ap, id);
4005 len = 0;
4006
4007 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) {
4008 msg = va_arg(ap, const char *);
4009 len += mlen;
4010 if (len > MHLEN - PKTHDRLEN - LCP_HEADER_LEN) {
4011 va_end(ap);
4012 m_freem(m);
4013 return;
4014 }
4015
4016 bcopy(msg, p, mlen);
4017 p += mlen;
4018 }
4019 va_end(ap);
4020
4021 m->m_pkthdr.len = m->m_len = PKTHDRLEN + LCP_HEADER_LEN + len;
4022 lh->len = htons (LCP_HEADER_LEN + len);
4023
4024 if (debug) {
4025 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d",
4026 SPP_ARGS(ifp), cp->name,
4027 sppp_auth_type_name(cp->proto, lh->type),
4028 lh->ident, ntohs(lh->len));
4029 if (len)
4030 sppp_print_bytes((u_char*) (lh+1), len);
4031 addlog(">\n");
4032 }
4033
4034 len = m->m_pkthdr.len + sp->pp_framebytes;
4035 if (mq_enqueue(&sp->pp_cpq, m) != 0) {
4036 ifp->if_oerrors++;
4037 return;
4038 }
4039
4040 ifp->if_obytes += len;
4041 s = splnet();
4042 if_start(ifp);
4043 splx(s);
4044 }
4045
4046 /*
4047 * Send keepalive packets, every 10 seconds.
4048 */
4049 void
4050 sppp_keepalive(void *dummy)
4051 {
4052 struct sppp *sp;
4053 int s;
4054 struct timeval tv;
4055
4056 s = splnet();
4057 getmicrouptime(&tv);
4058 for (sp=spppq; sp; sp=sp->pp_next) {
4059 struct ifnet *ifp = &sp->pp_if;
4060
4061 /* Keepalive mode disabled or channel down? */
4062 if (! (sp->pp_flags & PP_KEEPALIVE) ||
4063 ! (ifp->if_flags & IFF_RUNNING))
4064 continue;
4065
4066 /* No keepalive if LCP not opened yet. */
4067 if (sp->pp_phase < PHASE_AUTHENTICATE)
4068 continue;
4069
4070 /* No echo reply, but maybe user data passed through? */
4071 if ((tv.tv_sec - sp->pp_last_receive) < NORECV_TIME) {
4072 sp->pp_alivecnt = 0;
4073 continue;
4074 }
4075
4076 if (sp->pp_alivecnt >= MAXALIVECNT) {
4077 /* No keepalive packets got. Stop the interface. */
4078 if_down (ifp);
4079 mq_purge(&sp->pp_cpq);
4080 log(LOG_INFO, SPP_FMT "LCP keepalive timeout\n",
4081 SPP_ARGS(ifp));
4082 sp->pp_alivecnt = 0;
4083
4084 /* we are down, close all open protocols */
4085 lcp.Close(sp);
4086
4087 /* And now prepare LCP to reestablish the link,
4088 * if configured to do so. */
4089 sppp_cp_change_state(&lcp, sp, STATE_STOPPED);
4090
4091 /* Close connection immediately, completion of this
4092 * will summon the magic needed to reestablish it. */
4093 if (sp->pp_tlf)
4094 sp->pp_tlf(sp);
4095 continue;
4096 }
4097 if (sp->pp_alivecnt < MAXALIVECNT)
4098 ++sp->pp_alivecnt;
4099 if (sp->pp_phase >= PHASE_AUTHENTICATE) {
4100 u_int32_t nmagic = htonl(sp->lcp.magic);
4101 sp->lcp.echoid = ++sp->pp_seq;
4102 sppp_cp_send (sp, PPP_LCP, ECHO_REQ,
4103 sp->lcp.echoid, 4, &nmagic);
4104 }
4105 }
4106 splx(s);
4107 timeout_add_sec(&keepalive_ch, 10);
4108 }
4109
4110 /*
4111 * Get both IP addresses.
4112 */
4113 void
4114 sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst,
4115 u_int32_t *srcmask)
4116 {
4117 struct ifnet *ifp = &sp->pp_if;
4118 struct ifaddr *ifa;
4119 struct sockaddr_in *si, *sm = 0;
4120 u_int32_t ssrc, ddst;
4121
4122 sm = NULL;
4123 ssrc = ddst = 0;
4124 /*
4125 * Pick the first AF_INET address from the list,
4126 * aliases don't make any sense on a p2p link anyway.
4127 */
4128 si = 0;
4129 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
4130 {
4131 if (ifa->ifa_addr->sa_family == AF_INET) {
4132 si = (struct sockaddr_in *)ifa->ifa_addr;
4133 sm = (struct sockaddr_in *)ifa->ifa_netmask;
4134 if (si)
4135 break;
4136 }
4137 }
4138 if (ifa) {
4139 if (si && si->sin_addr.s_addr) {
4140 ssrc = si->sin_addr.s_addr;
4141 if (srcmask)
4142 *srcmask = ntohl(sm->sin_addr.s_addr);
4143 }
4144
4145 si = (struct sockaddr_in *)ifa->ifa_dstaddr;
4146 if (si && si->sin_addr.s_addr)
4147 ddst = si->sin_addr.s_addr;
4148 }
4149
4150 if (dst) *dst = ntohl(ddst);
4151 if (src) *src = ntohl(ssrc);
4152 }
4153
4154 int
4155 sppp_update_gw_walker(struct rtentry *rt, void *arg, unsigned int id)
4156 {
4157 struct ifnet *ifp = arg;
4158
4159 if (rt->rt_ifidx == ifp->if_index) {
4160 if (rt->rt_ifa->ifa_dstaddr->sa_family !=
4161 rt->rt_gateway->sa_family ||
4162 !ISSET(rt->rt_flags, RTF_GATEWAY))
4163 return (0); /* do not modify non-gateway routes */
4164 rt_setgate(rt, rt->rt_ifa->ifa_dstaddr, ifp->if_rdomain);
4165 }
4166 return (0);
4167 }
4168
4169 void
4170 sppp_update_gw(struct ifnet *ifp)
4171 {
4172 u_int tid;
4173
4174 /* update routing table */
4175 for (tid = 0; tid <= RT_TABLEID_MAX; tid++) {
4176 rtable_walk(tid, AF_INET, sppp_update_gw_walker, ifp);
4177 }
4178 }
4179
4180 /*
4181 * Task adding addresses from process context.
4182 * If an address is 0, leave it the way it is.
4183 */
4184 void
4185 sppp_set_ip_addrs(void *arg1)
4186 {
4187 struct sppp *sp = arg1;
4188 u_int32_t myaddr;
4189 u_int32_t hisaddr;
4190 struct ifnet *ifp = &sp->pp_if;
4191 int debug = ifp->if_flags & IFF_DEBUG;
4192 struct ifaddr *ifa;
4193 struct sockaddr_in *si;
4194 struct sockaddr_in *dest;
4195 int s;
4196
4197 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, NULL);
4198 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) &&
4199 (sp->ipcp.flags & IPCP_MYADDR_SEEN))
4200 myaddr = sp->ipcp.req_myaddr;
4201 if ((sp->ipcp.flags & IPCP_HISADDR_DYN) &&
4202 (sp->ipcp.flags & IPCP_HISADDR_SEEN))
4203 hisaddr = sp->ipcp.req_hisaddr;
4204
4205 s = splsoftnet();
4206
4207 /*
4208 * Pick the first AF_INET address from the list,
4209 * aliases don't make any sense on a p2p link anyway.
4210 */
4211
4212 si = 0;
4213 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
4214 {
4215 if (ifa->ifa_addr->sa_family == AF_INET)
4216 {
4217 si = (struct sockaddr_in *)ifa->ifa_addr;
4218 dest = (struct sockaddr_in *)ifa->ifa_dstaddr;
4219 if (si)
4220 break;
4221 }
4222 }
4223
4224 if (ifa && si) {
4225 int error;
4226 struct sockaddr_in new_sin = *si;
4227 struct sockaddr_in new_dst = *dest;
4228
4229 in_ifscrub(ifp, ifatoia(ifa));
4230
4231 if (myaddr != 0)
4232 new_sin.sin_addr.s_addr = htonl(myaddr);
4233 if (hisaddr != 0) {
4234 new_dst.sin_addr.s_addr = htonl(hisaddr);
4235 if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) {
4236 sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr;
4237 *dest = new_dst; /* fix dstaddr in place */
4238 }
4239 }
4240 if (!(error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 0)))
4241 dohooks(ifp->if_addrhooks, 0);
4242 if (debug && error) {
4243 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addrs: in_ifinit "
4244 " failed, error=%d\n", SPP_ARGS(ifp), error);
4245 splx(s);
4246 return;
4247 }
4248 sppp_update_gw(ifp);
4249 }
4250 splx(s);
4251 }
4252
4253 /*
4254 * Task clearing addresses from process context.
4255 * Clear IP addresses.
4256 */
4257 void
4258 sppp_clear_ip_addrs(void *arg1)
4259 {
4260 struct sppp *sp = (struct sppp *)arg1;
4261 struct ifnet *ifp = &sp->pp_if;
4262 int debug = ifp->if_flags & IFF_DEBUG;
4263 struct ifaddr *ifa;
4264 struct sockaddr_in *si;
4265 struct sockaddr_in *dest;
4266 u_int32_t remote;
4267 int s;
4268
4269 s = splsoftnet();
4270
4271 if (sp->ipcp.flags & IPCP_HISADDR_DYN)
4272 remote = sp->ipcp.saved_hisaddr;
4273 else
4274 sppp_get_ip_addrs(sp, 0, &remote, 0);
4275
4276 /*
4277 * Pick the first AF_INET address from the list,
4278 * aliases don't make any sense on a p2p link anyway.
4279 */
4280
4281 si = 0;
4282 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
4283 if (ifa->ifa_addr->sa_family == AF_INET) {
4284 si = (struct sockaddr_in *)ifa->ifa_addr;
4285 dest = (struct sockaddr_in *)ifa->ifa_dstaddr;
4286 if (si)
4287 break;
4288 }
4289 }
4290
4291 if (ifa && si) {
4292 int error;
4293 struct sockaddr_in new_sin = *si;
4294
4295 in_ifscrub(ifp, ifatoia(ifa));
4296 if (sp->ipcp.flags & IPCP_MYADDR_DYN)
4297 new_sin.sin_addr.s_addr = 0;
4298 if (sp->ipcp.flags & IPCP_HISADDR_DYN)
4299 /* replace peer addr in place */
4300 dest->sin_addr.s_addr = sp->ipcp.saved_hisaddr;
4301 if (!(error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 0)))
4302 dohooks(ifp->if_addrhooks, 0);
4303 if (debug && error) {
4304 log(LOG_DEBUG, SPP_FMT "sppp_clear_ip_addrs: in_ifinit "
4305 " failed, error=%d\n", SPP_ARGS(ifp), error);
4306 splx(s);
4307 return;
4308 }
4309 sppp_update_gw(ifp);
4310 }
4311 splx(s);
4312 }
4313
4314
4315 #ifdef INET6
4316 /*
4317 * Get both IPv6 addresses.
4318 */
4319 void
4320 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst,
4321 struct in6_addr *srcmask)
4322 {
4323 struct ifnet *ifp = &sp->pp_if;
4324 struct in6_ifaddr *ia6;
4325 struct in6_addr ssrc, ddst;
4326
4327 bzero(&ssrc, sizeof(ssrc));
4328 bzero(&ddst, sizeof(ddst));
4329 /*
4330 * Pick the first link-local AF_INET6 address from the list,
4331 * aliases don't make any sense on a p2p link anyway.
4332 */
4333 ia6 = in6ifa_ifpforlinklocal(ifp, 0);
4334 if (ia6) {
4335 if (!IN6_IS_ADDR_UNSPECIFIED(&ia6->ia_addr.sin6_addr)) {
4336 bcopy(&ia6->ia_addr.sin6_addr, &ssrc, sizeof(ssrc));
4337 if (srcmask) {
4338 bcopy(&ia6->ia_prefixmask.sin6_addr, srcmask,
4339 sizeof(*srcmask));
4340 }
4341 }
4342
4343 if (!IN6_IS_ADDR_UNSPECIFIED(&ia6->ia_dstaddr.sin6_addr))
4344 bcopy(&ia6->ia_dstaddr.sin6_addr, &ddst, sizeof(ddst));
4345 }
4346
4347 if (dst)
4348 bcopy(&ddst, dst, sizeof(*dst));
4349 if (src)
4350 bcopy(&ssrc, src, sizeof(*src));
4351 }
4352
4353 /* Task to update my IPv6 address from process context. */
4354 void
4355 sppp_update_ip6_addr(void *arg)
4356 {
4357 struct sppp *sp = arg;
4358 struct ifnet *ifp = &sp->pp_if;
4359 struct in6_aliasreq *ifra = &sp->ipv6cp.req_ifid;
4360 struct in6_addr mask = in6mask128;
4361 struct in6_ifaddr *ia6;
4362 int s, error;
4363
4364 s = splnet();
4365
4366 ia6 = in6ifa_ifpforlinklocal(ifp, 0);
4367 if (ia6 == NULL) {
4368 /* IPv6 disabled? */
4369 splx(s);
4370 return;
4371 }
4372
4373 /*
4374 * Changing the link-local address requires purging all
4375 * existing addresses and routes for the interface first.
4376 */
4377 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) {
4378 in6_ifdetach(ifp);
4379 error = in6_ifattach_linklocal(ifp, &ifra->ifra_addr.sin6_addr);
4380 if (error)
4381 log(LOG_ERR, SPP_FMT
4382 "could not update IPv6 address (error %d)\n",
4383 SPP_ARGS(ifp), error);
4384 splx(s);
4385 return;
4386 }
4387
4388 /*
4389 * Code below changes address parameters only, not the address itself.
4390 */
4391
4392 /* Destination address can only be set for /128. */
4393 if (!in6_are_prefix_equal(&ia6->ia_prefixmask.sin6_addr, &mask, 128)) {
4394 ifra->ifra_dstaddr.sin6_len = 0;
4395 ifra->ifra_dstaddr.sin6_family = AF_UNSPEC;
4396 }
4397
4398 ifra->ifra_lifetime = ia6->ia6_lifetime;
4399
4400 error = in6_update_ifa(ifp, ifra, ia6);
4401 if (error) {
4402 log(LOG_ERR, SPP_FMT
4403 "could not update IPv6 address (error %d)\n",
4404 SPP_ARGS(ifp), error);
4405 }
4406 splx(s);
4407 }
4408
4409 /*
4410 * Configure my link-local address.
4411 */
4412 void
4413 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src,
4414 const struct in6_addr *dst)
4415 {
4416 struct ifnet *ifp = &sp->pp_if;
4417 struct in6_aliasreq *ifra = &sp->ipv6cp.req_ifid;
4418
4419 bzero(ifra, sizeof(*ifra));
4420 bcopy(ifp->if_xname, ifra->ifra_name, sizeof(ifra->ifra_name));
4421
4422 ifra->ifra_addr.sin6_len = sizeof(struct sockaddr_in6);
4423 ifra->ifra_addr.sin6_family = AF_INET6;
4424 ifra->ifra_addr.sin6_addr = *src;
4425 if (dst) {
4426 ifra->ifra_dstaddr.sin6_len = sizeof(struct sockaddr_in6);
4427 ifra->ifra_dstaddr.sin6_family = AF_INET6;
4428 ifra->ifra_dstaddr.sin6_addr = *dst;
4429 } else
4430 ifra->ifra_dstaddr.sin6_family = AF_UNSPEC;
4431
4432 /*
4433 * Don't change the existing prefixlen.
4434 * It is common to use a /64 for IPv6 over point-to-point links
4435 * to allow e.g. neighbour discovery and autoconf to work.
4436 * But it is legal to use other values.
4437 */
4438 ifra->ifra_prefixmask.sin6_family = AF_UNSPEC;
4439
4440 task_add(systq, &sp->ipv6cp.set_addr_task);
4441 }
4442
4443 /*
4444 * Generate an address that differs from our existing address.
4445 */
4446 void
4447 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest)
4448 {
4449 struct in6_addr myaddr;
4450 u_int32_t random;
4451
4452 sppp_get_ip6_addrs(sp, &myaddr, NULL, NULL);
4453
4454 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */
4455
4456 random = arc4random();
4457 if ((random & 0xff) == 0 && (random & 0xff00) == 0) {
4458 myaddr.s6_addr[14] ^= 0xff;
4459 myaddr.s6_addr[15] ^= 0xff;
4460 } else {
4461 myaddr.s6_addr[14] ^= (random & 0xff);
4462 myaddr.s6_addr[15] ^= ((random & 0xff00) >> 8);
4463 }
4464 myaddr.s6_addr16[1] = 0; /* KAME hack: clear ifindex */
4465 bcopy(&myaddr, suggest, sizeof(myaddr));
4466 }
4467 #endif /*INET6*/
4468
4469 int
4470 sppp_get_params(struct sppp *sp, struct ifreq *ifr)
4471 {
4472 int cmd;
4473
4474 if (copyin((caddr_t)ifr->ifr_data, &cmd, sizeof cmd) != 0)
4475 return EFAULT;
4476
4477 switch (cmd) {
4478 case SPPPIOGDEFS:
4479 {
4480 struct spppreq *spr;
4481
4482 spr = malloc(sizeof(*spr), M_DEVBUF, M_WAITOK);
4483 spr->cmd = cmd;
4484 spr->phase = sp->pp_phase;
4485
4486 if (copyout(spr, (caddr_t)ifr->ifr_data, sizeof(*spr)) != 0) {
4487 free(spr, M_DEVBUF, 0);
4488 return EFAULT;
4489 }
4490 free(spr, M_DEVBUF, 0);
4491 break;
4492 }
4493 case SPPPIOGMAUTH:
4494 case SPPPIOGHAUTH:
4495 {
4496 struct sauthreq *spa;
4497 struct sauth *auth;
4498
4499 spa = malloc(sizeof(*spa), M_DEVBUF, M_WAITOK);
4500 auth = (cmd == SPPPIOGMAUTH) ? &sp->myauth : &sp->hisauth;
4501 bzero(spa, sizeof(*spa));
4502 spa->proto = auth->proto;
4503 spa->flags = auth->flags;
4504
4505 /* do not copy the secret, and only let root know the name */
4506 if (auth->name != NULL && suser(curproc, 0) == 0)
4507 strlcpy(spa->name, auth->name, sizeof(spa->name));
4508
4509 if (copyout(spa, (caddr_t)ifr->ifr_data, sizeof(*spa)) != 0) {
4510 free(spa, M_DEVBUF, 0);
4511 return EFAULT;
4512 }
4513 free(spa, M_DEVBUF, 0);
4514 break;
4515 }
4516 default:
4517 return EINVAL;
4518 }
4519
4520 return 0;
4521 }
4522
4523
4524 int
4525 sppp_set_params(struct sppp *sp, struct ifreq *ifr)
4526 {
4527 int cmd;
4528
4529 if (copyin((caddr_t)ifr->ifr_data, &cmd, sizeof cmd) != 0)
4530 return EFAULT;
4531
4532 switch (cmd) {
4533 case SPPPIOSDEFS:
4534 {
4535 struct spppreq *spr;
4536
4537 spr = malloc(sizeof(*spr), M_DEVBUF, M_WAITOK);
4538
4539 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(*spr)) != 0) {
4540 free(spr, M_DEVBUF, 0);
4541 return EFAULT;
4542 }
4543 /*
4544 * Also, we only allow for authentication parameters to be
4545 * specified.
4546 *
4547 * XXX Should allow to set or clear pp_flags.
4548 */
4549 free(spr, M_DEVBUF, 0);
4550 break;
4551 }
4552 case SPPPIOSMAUTH:
4553 case SPPPIOSHAUTH:
4554 {
4555 /*
4556 * Finally, if the respective authentication protocol to
4557 * be used is set differently than 0, but the secret is
4558 * passed as all zeros, we don't trash the existing secret.
4559 * This allows an administrator to change the system name
4560 * only without clobbering the secret (which he didn't get
4561 * back in a previous SPPPIOGXAUTH call). However, the
4562 * secrets are cleared if the authentication protocol is
4563 * reset to 0.
4564 */
4565
4566 struct sauthreq *spa;
4567 struct sauth *auth;
4568 char *p;
4569 int len;
4570
4571 spa = malloc(sizeof(*spa), M_DEVBUF, M_WAITOK);
4572
4573 auth = (cmd == SPPPIOSMAUTH) ? &sp->myauth : &sp->hisauth;
4574
4575 if (copyin((caddr_t)ifr->ifr_data, spa, sizeof(*spa)) != 0) {
4576 free(spa, M_DEVBUF, 0);
4577 return EFAULT;
4578 }
4579
4580 if (spa->proto != 0 && spa->proto != PPP_PAP &&
4581 spa->proto != PPP_CHAP) {
4582 free(spa, M_DEVBUF, 0);
4583 return EINVAL;
4584 }
4585
4586 if (spa->proto == 0) {
4587 /* resetting auth */
4588 if (auth->name != NULL)
4589 free(auth->name, M_DEVBUF, 0);
4590 if (auth->secret != NULL)
4591 free(auth->secret, M_DEVBUF, 0);
4592 bzero(auth, sizeof *auth);
4593 explicit_bzero(sp->chap_challenge, sizeof sp->chap_challenge);
4594 } else {
4595 /* setting/changing auth */
4596 auth->proto = spa->proto;
4597 auth->flags = spa->flags;
4598
4599 spa->name[AUTHMAXLEN - 1] = '\0';
4600 len = strlen(spa->name) + 1;
4601 p = malloc(len, M_DEVBUF, M_WAITOK);
4602 strlcpy(p, spa->name, len);
4603 if (auth->name != NULL)
4604 free(auth->name, M_DEVBUF, 0);
4605 auth->name = p;
4606
4607 if (spa->secret[0] != '\0') {
4608 spa->secret[AUTHMAXLEN - 1] = '\0';
4609 len = strlen(spa->secret) + 1;
4610 p = malloc(len, M_DEVBUF, M_WAITOK);
4611 strlcpy(p, spa->secret, len);
4612 if (auth->secret != NULL)
4613 free(auth->secret, M_DEVBUF, 0);
4614 auth->secret = p;
4615 } else if (!auth->secret) {
4616 p = malloc(1, M_DEVBUF, M_WAITOK);
4617 p[0] = '\0';
4618 auth->secret = p;
4619 }
4620 }
4621 free(spa, M_DEVBUF, 0);
4622 break;
4623 }
4624 default:
4625 return EINVAL;
4626 }
4627
4628 return (ENETRESET);
4629 }
4630
4631 void
4632 sppp_phase_network(struct sppp *sp)
4633 {
4634 int i;
4635 u_long mask;
4636
4637 sp->pp_phase = PHASE_NETWORK;
4638
4639 sppp_set_phase(sp);
4640
4641 /* Notify NCPs now. */
4642 for (i = 0; i < IDX_COUNT; i++)
4643 if ((cps[i])->flags & CP_NCP)
4644 (cps[i])->Open(sp);
4645
4646 /* Send Up events to all NCPs. */
4647 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
4648 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP))
4649 (cps[i])->Up(sp);
4650
4651 /* if no NCP is starting, all this was in vain, close down */
4652 sppp_lcp_check_and_close(sp);
4653 }
4654
4655
4656 const char *
4657 sppp_cp_type_name(u_char type)
4658 {
4659 static char buf[12];
4660 switch (type) {
4661 case CONF_REQ: return "conf-req";
4662 case CONF_ACK: return "conf-ack";
4663 case CONF_NAK: return "conf-nak";
4664 case CONF_REJ: return "conf-rej";
4665 case TERM_REQ: return "term-req";
4666 case TERM_ACK: return "term-ack";
4667 case CODE_REJ: return "code-rej";
4668 case PROTO_REJ: return "proto-rej";
4669 case ECHO_REQ: return "echo-req";
4670 case ECHO_REPLY: return "echo-reply";
4671 case DISC_REQ: return "discard-req";
4672 }
4673 snprintf (buf, sizeof buf, "0x%x", type);
4674 return buf;
4675 }
4676
4677 const char *
4678 sppp_auth_type_name(u_short proto, u_char type)
4679 {
4680 static char buf[12];
4681 switch (proto) {
4682 case PPP_CHAP:
4683 switch (type) {
4684 case CHAP_CHALLENGE: return "challenge";
4685 case CHAP_RESPONSE: return "response";
4686 case CHAP_SUCCESS: return "success";
4687 case CHAP_FAILURE: return "failure";
4688 }
4689 case PPP_PAP:
4690 switch (type) {
4691 case PAP_REQ: return "req";
4692 case PAP_ACK: return "ack";
4693 case PAP_NAK: return "nak";
4694 }
4695 }
4696 snprintf (buf, sizeof buf, "0x%x", type);
4697 return buf;
4698 }
4699
4700 const char *
4701 sppp_lcp_opt_name(u_char opt)
4702 {
4703 static char buf[12];
4704 switch (opt) {
4705 case LCP_OPT_MRU: return "mru";
4706 case LCP_OPT_ASYNC_MAP: return "async-map";
4707 case LCP_OPT_AUTH_PROTO: return "auth-proto";
4708 case LCP_OPT_QUAL_PROTO: return "qual-proto";
4709 case LCP_OPT_MAGIC: return "magic";
4710 case LCP_OPT_PROTO_COMP: return "proto-comp";
4711 case LCP_OPT_ADDR_COMP: return "addr-comp";
4712 }
4713 snprintf (buf, sizeof buf, "0x%x", opt);
4714 return buf;
4715 }
4716
4717 const char *
4718 sppp_ipcp_opt_name(u_char opt)
4719 {
4720 static char buf[12];
4721 switch (opt) {
4722 case IPCP_OPT_ADDRESSES: return "addresses";
4723 case IPCP_OPT_COMPRESSION: return "compression";
4724 case IPCP_OPT_ADDRESS: return "address";
4725 }
4726 snprintf (buf, sizeof buf, "0x%x", opt);
4727 return buf;
4728 }
4729
4730 #ifdef INET6
4731 const char *
4732 sppp_ipv6cp_opt_name(u_char opt)
4733 {
4734 static char buf[12];
4735 switch (opt) {
4736 case IPV6CP_OPT_IFID: return "ifid";
4737 case IPV6CP_OPT_COMPRESSION: return "compression";
4738 }
4739 snprintf (buf, sizeof buf, "0x%x", opt);
4740 return buf;
4741 }
4742 #endif
4743
4744 const char *
4745 sppp_state_name(int state)
4746 {
4747 switch (state) {
4748 case STATE_INITIAL: return "initial";
4749 case STATE_STARTING: return "starting";
4750 case STATE_CLOSED: return "closed";
4751 case STATE_STOPPED: return "stopped";
4752 case STATE_CLOSING: return "closing";
4753 case STATE_STOPPING: return "stopping";
4754 case STATE_REQ_SENT: return "req-sent";
4755 case STATE_ACK_RCVD: return "ack-rcvd";
4756 case STATE_ACK_SENT: return "ack-sent";
4757 case STATE_OPENED: return "opened";
4758 }
4759 return "illegal";
4760 }
4761
4762 const char *
4763 sppp_phase_name(enum ppp_phase phase)
4764 {
4765 switch (phase) {
4766 case PHASE_DEAD: return "dead";
4767 case PHASE_ESTABLISH: return "establish";
4768 case PHASE_TERMINATE: return "terminate";
4769 case PHASE_AUTHENTICATE: return "authenticate";
4770 case PHASE_NETWORK: return "network";
4771 }
4772 return "illegal";
4773 }
4774
4775 const char *
4776 sppp_proto_name(u_short proto)
4777 {
4778 static char buf[12];
4779 switch (proto) {
4780 case PPP_LCP: return "lcp";
4781 case PPP_IPCP: return "ipcp";
4782 case PPP_IPV6CP: return "ipv6cp";
4783 case PPP_PAP: return "pap";
4784 case PPP_CHAP: return "chap";
4785 }
4786 snprintf(buf, sizeof buf, "0x%x", (unsigned)proto);
4787 return buf;
4788 }
4789
4790 void
4791 sppp_print_bytes(const u_char *p, u_short len)
4792 {
4793 addlog(" %02x", *p++);
4794 while (--len > 0)
4795 addlog("-%02x", *p++);
4796 }
4797
4798 void
4799 sppp_print_string(const char *p, u_short len)
4800 {
4801 u_char c;
4802
4803 while (len-- > 0) {
4804 c = *p++;
4805 /*
4806 * Print only ASCII chars directly. RFC 1994 recommends
4807 * using only them, but we don't rely on it. */
4808 if (c < ' ' || c > '~')
4809 addlog("\\x%x", c);
4810 else
4811 addlog("%c", c);
4812 }
4813 }
4814
4815 const char *
4816 sppp_dotted_quad(u_int32_t addr)
4817 {
4818 static char s[16];
4819 snprintf(s, sizeof s, "%d.%d.%d.%d",
4820 (int)((addr >> 24) & 0xff),
4821 (int)((addr >> 16) & 0xff),
4822 (int)((addr >> 8) & 0xff),
4823 (int)(addr & 0xff));
4824 return s;
4825 }
4826
4827 /* a dummy, used to drop uninteresting events */
4828 void
4829 sppp_null(struct sppp *unused)
4830 {
4831 /* do just nothing */
4832 }
4833
4834 void
4835 sppp_set_phase(struct sppp *sp)
4836 {
4837 STDDCL;
4838 int lstate, s;
4839
4840 if (debug)
4841 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
4842 sppp_phase_name(sp->pp_phase));
4843
4844 /* set link state */
4845 if (sp->pp_phase == PHASE_NETWORK)
4846 lstate = LINK_STATE_UP;
4847 else
4848 lstate = LINK_STATE_DOWN;
4849
4850 if (ifp->if_link_state != lstate) {
4851 ifp->if_link_state = lstate;
4852 s = splsoftnet();
4853 if_link_state_change(ifp);
4854 splx(s);
4855 }
4856 }
4857