Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/net/if_spppsubr.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* 2 * Synchronous PPP/Cisco/Frame Relay link level subroutines. 3 * Keepalive protocol implemented in both Cisco and PPP modes. 4 */ 5 /*- 6 * Copyright (C) 1994-2000 Cronyx Engineering. 7 * Author: Serge Vakulenko, <vak@cronyx.ru> 8 * 9 * Heavily revamped to conform to RFC 1661. 10 * Copyright (C) 1997, 2001 Joerg Wunsch. 11 * 12 * This software is distributed with NO WARRANTIES, not even the implied 13 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 14 * 15 * Authors grant any other persons or organisations permission to use 16 * or modify this software as long as this message is kept with the software, 17 * all derivative works or modified versions. 18 * 19 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 20 * 21 * $FreeBSD: releng/11.1/sys/net/if_spppsubr.c 298995 2016-05-03 18:05:43Z pfg $ 22 */ 23 24 #include <sys/param.h> 25 26 #include "opt_inet.h" 27 #include "opt_inet6.h" 28 29 #include <sys/systm.h> 30 #include <sys/kernel.h> 31 #include <sys/lock.h> 32 #include <sys/module.h> 33 #include <sys/rmlock.h> 34 #include <sys/sockio.h> 35 #include <sys/socket.h> 36 #include <sys/syslog.h> 37 #include <sys/random.h> 38 #include <sys/malloc.h> 39 #include <sys/mbuf.h> 40 41 #include <sys/md5.h> 42 43 #include <net/if.h> 44 #include <net/if_var.h> 45 #include <net/netisr.h> 46 #include <net/if_types.h> 47 #include <net/route.h> 48 #include <net/vnet.h> 49 #include <netinet/in.h> 50 #include <netinet/in_systm.h> 51 #include <netinet/ip.h> 52 #include <net/slcompress.h> 53 54 #include <machine/stdarg.h> 55 56 #include <netinet/in_var.h> 57 58 #ifdef INET 59 #include <netinet/ip.h> 60 #include <netinet/tcp.h> 61 #endif 62 63 #ifdef INET6 64 #include <netinet6/scope6_var.h> 65 #endif 66 67 #include <netinet/if_ether.h> 68 69 #include <net/if_sppp.h> 70 71 #define IOCTL_CMD_T u_long 72 #define MAXALIVECNT 3 /* max. alive packets */ 73 74 /* 75 * Interface flags that can be set in an ifconfig command. 76 * 77 * Setting link0 will make the link passive, i.e. it will be marked 78 * as being administrative openable, but won't be opened to begin 79 * with. Incoming calls will be answered, or subsequent calls with 80 * -link1 will cause the administrative open of the LCP layer. 81 * 82 * Setting link1 will cause the link to auto-dial only as packets 83 * arrive to be sent. 84 * 85 * Setting IFF_DEBUG will syslog the option negotiation and state 86 * transitions at level kern.debug. Note: all logs consistently look 87 * like 88 * 89 * <if-name><unit>: <proto-name> <additional info...> 90 * 91 * with <if-name><unit> being something like "bppp0", and <proto-name> 92 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 93 */ 94 95 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 96 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 97 #define IFF_CISCO IFF_LINK2 /* auto-dial on output */ 98 99 #define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 100 #define PPP_UI 0x03 /* Unnumbered Information */ 101 #define PPP_IP 0x0021 /* Internet Protocol */ 102 #define PPP_ISO 0x0023 /* ISO OSI Protocol */ 103 #define PPP_XNS 0x0025 /* Xerox NS Protocol */ 104 #define PPP_IPX 0x002b /* Novell IPX Protocol */ 105 #define PPP_VJ_COMP 0x002d /* VJ compressed TCP/IP */ 106 #define PPP_VJ_UCOMP 0x002f /* VJ uncompressed TCP/IP */ 107 #define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */ 108 #define PPP_LCP 0xc021 /* Link Control Protocol */ 109 #define PPP_PAP 0xc023 /* Password Authentication Protocol */ 110 #define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 111 #define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 112 #define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 113 114 #define CONF_REQ 1 /* PPP configure request */ 115 #define CONF_ACK 2 /* PPP configure acknowledge */ 116 #define CONF_NAK 3 /* PPP configure negative ack */ 117 #define CONF_REJ 4 /* PPP configure reject */ 118 #define TERM_REQ 5 /* PPP terminate request */ 119 #define TERM_ACK 6 /* PPP terminate acknowledge */ 120 #define CODE_REJ 7 /* PPP code reject */ 121 #define PROTO_REJ 8 /* PPP protocol reject */ 122 #define ECHO_REQ 9 /* PPP echo request */ 123 #define ECHO_REPLY 10 /* PPP echo reply */ 124 #define DISC_REQ 11 /* PPP discard request */ 125 126 #define LCP_OPT_MRU 1 /* maximum receive unit */ 127 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 128 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 129 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 130 #define LCP_OPT_MAGIC 5 /* magic number */ 131 #define LCP_OPT_RESERVED 6 /* reserved */ 132 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 133 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 134 135 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 136 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 137 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 138 139 #define IPV6CP_OPT_IFID 1 /* interface identifier */ 140 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 141 142 #define IPCP_COMP_VJ 0x2d /* Code for VJ compression */ 143 144 #define PAP_REQ 1 /* PAP name/password request */ 145 #define PAP_ACK 2 /* PAP acknowledge */ 146 #define PAP_NAK 3 /* PAP fail */ 147 148 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 149 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 150 #define CHAP_SUCCESS 3 /* CHAP response ok */ 151 #define CHAP_FAILURE 4 /* CHAP response failed */ 152 153 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 154 155 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 156 #define CISCO_UNICAST 0x0f /* Cisco unicast address */ 157 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 158 #define CISCO_ADDR_REQ 0 /* Cisco address request */ 159 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 160 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 161 162 /* states are named and numbered according to RFC 1661 */ 163 #define STATE_INITIAL 0 164 #define STATE_STARTING 1 165 #define STATE_CLOSED 2 166 #define STATE_STOPPED 3 167 #define STATE_CLOSING 4 168 #define STATE_STOPPING 5 169 #define STATE_REQ_SENT 6 170 #define STATE_ACK_RCVD 7 171 #define STATE_ACK_SENT 8 172 #define STATE_OPENED 9 173 174 static MALLOC_DEFINE(M_SPPP, "sppp", "synchronous PPP interface internals"); 175 176 struct ppp_header { 177 u_char address; 178 u_char control; 179 u_short protocol; 180 } __packed; 181 #define PPP_HEADER_LEN sizeof (struct ppp_header) 182 183 struct lcp_header { 184 u_char type; 185 u_char ident; 186 u_short len; 187 } __packed; 188 #define LCP_HEADER_LEN sizeof (struct lcp_header) 189 190 struct cisco_packet { 191 u_long type; 192 u_long par1; 193 u_long par2; 194 u_short rel; 195 u_short time0; 196 u_short time1; 197 } __packed; 198 #define CISCO_PACKET_LEN sizeof (struct cisco_packet) 199 200 /* 201 * We follow the spelling and capitalization of RFC 1661 here, to make 202 * it easier comparing with the standard. Please refer to this RFC in 203 * case you can't make sense out of these abbreviation; it will also 204 * explain the semantics related to the various events and actions. 205 */ 206 struct cp { 207 u_short proto; /* PPP control protocol number */ 208 u_char protoidx; /* index into state table in struct sppp */ 209 u_char flags; 210 #define CP_LCP 0x01 /* this is the LCP */ 211 #define CP_AUTH 0x02 /* this is an authentication protocol */ 212 #define CP_NCP 0x04 /* this is a NCP */ 213 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 214 const char *name; /* name of this control protocol */ 215 /* event handlers */ 216 void (*Up)(struct sppp *sp); 217 void (*Down)(struct sppp *sp); 218 void (*Open)(struct sppp *sp); 219 void (*Close)(struct sppp *sp); 220 void (*TO)(void *sp); 221 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 222 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 223 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 224 /* actions */ 225 void (*tlu)(struct sppp *sp); 226 void (*tld)(struct sppp *sp); 227 void (*tls)(struct sppp *sp); 228 void (*tlf)(struct sppp *sp); 229 void (*scr)(struct sppp *sp); 230 }; 231 232 #define SPP_FMT "%s: " 233 #define SPP_ARGS(ifp) (ifp)->if_xname 234 235 #define SPPP_LOCK(sp) mtx_lock (&(sp)->mtx) 236 #define SPPP_UNLOCK(sp) mtx_unlock (&(sp)->mtx) 237 #define SPPP_LOCK_ASSERT(sp) mtx_assert (&(sp)->mtx, MA_OWNED) 238 #define SPPP_LOCK_OWNED(sp) mtx_owned (&(sp)->mtx) 239 240 #ifdef INET 241 /* 242 * The following disgusting hack gets around the problem that IP TOS 243 * can't be set yet. We want to put "interactive" traffic on a high 244 * priority queue. To decide if traffic is interactive, we check that 245 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 246 * 247 * XXX is this really still necessary? - joerg - 248 */ 249 static const u_short interactive_ports[8] = { 250 0, 513, 0, 0, 251 0, 21, 0, 23, 252 }; 253 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 254 #endif 255 256 /* almost every function needs these */ 257 #define STDDCL \ 258 struct ifnet *ifp = SP2IFP(sp); \ 259 int debug = ifp->if_flags & IFF_DEBUG 260 261 static int sppp_output(struct ifnet *ifp, struct mbuf *m, 262 const struct sockaddr *dst, struct route *ro); 263 264 static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 265 static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 266 267 static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 268 struct mbuf *m); 269 static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 270 u_char ident, u_short len, void *data); 271 /* static void sppp_cp_timeout(void *arg); */ 272 static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 273 int newstate); 274 static void sppp_auth_send(const struct cp *cp, 275 struct sppp *sp, unsigned int type, unsigned int id, 276 ...); 277 278 static void sppp_up_event(const struct cp *cp, struct sppp *sp); 279 static void sppp_down_event(const struct cp *cp, struct sppp *sp); 280 static void sppp_open_event(const struct cp *cp, struct sppp *sp); 281 static void sppp_close_event(const struct cp *cp, struct sppp *sp); 282 static void sppp_to_event(const struct cp *cp, struct sppp *sp); 283 284 static void sppp_null(struct sppp *sp); 285 286 static void sppp_pp_up(struct sppp *sp); 287 static void sppp_pp_down(struct sppp *sp); 288 289 static void sppp_lcp_init(struct sppp *sp); 290 static void sppp_lcp_up(struct sppp *sp); 291 static void sppp_lcp_down(struct sppp *sp); 292 static void sppp_lcp_open(struct sppp *sp); 293 static void sppp_lcp_close(struct sppp *sp); 294 static void sppp_lcp_TO(void *sp); 295 static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 296 static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 297 static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 298 static void sppp_lcp_tlu(struct sppp *sp); 299 static void sppp_lcp_tld(struct sppp *sp); 300 static void sppp_lcp_tls(struct sppp *sp); 301 static void sppp_lcp_tlf(struct sppp *sp); 302 static void sppp_lcp_scr(struct sppp *sp); 303 static void sppp_lcp_check_and_close(struct sppp *sp); 304 static int sppp_ncp_check(struct sppp *sp); 305 306 static void sppp_ipcp_init(struct sppp *sp); 307 static void sppp_ipcp_up(struct sppp *sp); 308 static void sppp_ipcp_down(struct sppp *sp); 309 static void sppp_ipcp_open(struct sppp *sp); 310 static void sppp_ipcp_close(struct sppp *sp); 311 static void sppp_ipcp_TO(void *sp); 312 static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 313 static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 314 static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 315 static void sppp_ipcp_tlu(struct sppp *sp); 316 static void sppp_ipcp_tld(struct sppp *sp); 317 static void sppp_ipcp_tls(struct sppp *sp); 318 static void sppp_ipcp_tlf(struct sppp *sp); 319 static void sppp_ipcp_scr(struct sppp *sp); 320 321 static void sppp_ipv6cp_init(struct sppp *sp); 322 static void sppp_ipv6cp_up(struct sppp *sp); 323 static void sppp_ipv6cp_down(struct sppp *sp); 324 static void sppp_ipv6cp_open(struct sppp *sp); 325 static void sppp_ipv6cp_close(struct sppp *sp); 326 static void sppp_ipv6cp_TO(void *sp); 327 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 328 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 329 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 330 static void sppp_ipv6cp_tlu(struct sppp *sp); 331 static void sppp_ipv6cp_tld(struct sppp *sp); 332 static void sppp_ipv6cp_tls(struct sppp *sp); 333 static void sppp_ipv6cp_tlf(struct sppp *sp); 334 static void sppp_ipv6cp_scr(struct sppp *sp); 335 336 static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 337 static void sppp_pap_init(struct sppp *sp); 338 static void sppp_pap_open(struct sppp *sp); 339 static void sppp_pap_close(struct sppp *sp); 340 static void sppp_pap_TO(void *sp); 341 static void sppp_pap_my_TO(void *sp); 342 static void sppp_pap_tlu(struct sppp *sp); 343 static void sppp_pap_tld(struct sppp *sp); 344 static void sppp_pap_scr(struct sppp *sp); 345 346 static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 347 static void sppp_chap_init(struct sppp *sp); 348 static void sppp_chap_open(struct sppp *sp); 349 static void sppp_chap_close(struct sppp *sp); 350 static void sppp_chap_TO(void *sp); 351 static void sppp_chap_tlu(struct sppp *sp); 352 static void sppp_chap_tld(struct sppp *sp); 353 static void sppp_chap_scr(struct sppp *sp); 354 355 static const char *sppp_auth_type_name(u_short proto, u_char type); 356 static const char *sppp_cp_type_name(u_char type); 357 #ifdef INET 358 static const char *sppp_dotted_quad(u_long addr); 359 static const char *sppp_ipcp_opt_name(u_char opt); 360 #endif 361 #ifdef INET6 362 static const char *sppp_ipv6cp_opt_name(u_char opt); 363 #endif 364 static const char *sppp_lcp_opt_name(u_char opt); 365 static const char *sppp_phase_name(enum ppp_phase phase); 366 static const char *sppp_proto_name(u_short proto); 367 static const char *sppp_state_name(int state); 368 static int sppp_params(struct sppp *sp, u_long cmd, void *data); 369 static int sppp_strnlen(u_char *p, int max); 370 static void sppp_keepalive(void *dummy); 371 static void sppp_phase_network(struct sppp *sp); 372 static void sppp_print_bytes(const u_char *p, u_short len); 373 static void sppp_print_string(const char *p, u_short len); 374 static void sppp_qflush(struct ifqueue *ifq); 375 #ifdef INET 376 static void sppp_set_ip_addr(struct sppp *sp, u_long src); 377 #endif 378 #ifdef INET6 379 static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 380 struct in6_addr *dst, struct in6_addr *srcmask); 381 #ifdef IPV6CP_MYIFID_DYN 382 static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 383 static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 384 #endif 385 static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 386 #endif 387 388 /* if_start () wrapper */ 389 static void sppp_ifstart (struct ifnet *ifp); 390 391 /* our control protocol descriptors */ 392 static const struct cp lcp = { 393 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 394 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 395 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 396 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 397 sppp_lcp_scr 398 }; 399 400 static const struct cp ipcp = { 401 PPP_IPCP, IDX_IPCP, 402 #ifdef INET /* don't run IPCP if there's no IPv4 support */ 403 CP_NCP, 404 #else 405 0, 406 #endif 407 "ipcp", 408 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 409 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 410 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 411 sppp_ipcp_scr 412 }; 413 414 static const struct cp ipv6cp = { 415 PPP_IPV6CP, IDX_IPV6CP, 416 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 417 CP_NCP, 418 #else 419 0, 420 #endif 421 "ipv6cp", 422 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 423 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 424 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 425 sppp_ipv6cp_scr 426 }; 427 428 static const struct cp pap = { 429 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 430 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 431 sppp_pap_TO, 0, 0, 0, 432 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 433 sppp_pap_scr 434 }; 435 436 static const struct cp chap = { 437 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 438 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 439 sppp_chap_TO, 0, 0, 0, 440 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 441 sppp_chap_scr 442 }; 443 444 static const struct cp *cps[IDX_COUNT] = { 445 &lcp, /* IDX_LCP */ 446 &ipcp, /* IDX_IPCP */ 447 &ipv6cp, /* IDX_IPV6CP */ 448 &pap, /* IDX_PAP */ 449 &chap, /* IDX_CHAP */ 450 }; 451 452 static void* 453 sppp_alloc(u_char type, struct ifnet *ifp) 454 { 455 struct sppp *sp; 456 457 sp = malloc(sizeof(struct sppp), M_SPPP, M_WAITOK | M_ZERO); 458 sp->pp_ifp = ifp; 459 460 return (sp); 461 } 462 463 static void 464 sppp_free(void *com, u_char type) 465 { 466 467 free(com, M_SPPP); 468 } 469 470 static int 471 sppp_modevent(module_t mod, int type, void *unused) 472 { 473 switch (type) { 474 case MOD_LOAD: 475 /* 476 * XXX: should probably be IFT_SPPP, but it's fairly 477 * harmless to allocate struct sppp's for non-sppp 478 * interfaces. 479 */ 480 481 if_register_com_alloc(IFT_PPP, sppp_alloc, sppp_free); 482 break; 483 case MOD_UNLOAD: 484 /* if_deregister_com_alloc(IFT_PPP); */ 485 return EACCES; 486 default: 487 return EOPNOTSUPP; 488 } 489 return 0; 490 } 491 static moduledata_t spppmod = { 492 "sppp", 493 sppp_modevent, 494 0 495 }; 496 MODULE_VERSION(sppp, 1); 497 DECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY); 498 499 /* 500 * Exported functions, comprising our interface to the lower layer. 501 */ 502 503 /* 504 * Process the received packet. 505 */ 506 void 507 sppp_input(struct ifnet *ifp, struct mbuf *m) 508 { 509 struct ppp_header *h; 510 int isr = -1; 511 struct sppp *sp = IFP2SP(ifp); 512 int debug, do_account = 0; 513 #ifdef INET 514 int hlen, vjlen; 515 u_char *iphdr; 516 #endif 517 518 SPPP_LOCK(sp); 519 debug = ifp->if_flags & IFF_DEBUG; 520 521 if (ifp->if_flags & IFF_UP) 522 /* Count received bytes, add FCS and one flag */ 523 if_inc_counter(ifp, IFCOUNTER_IBYTES, m->m_pkthdr.len + 3); 524 525 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 526 /* Too small packet, drop it. */ 527 if (debug) 528 log(LOG_DEBUG, 529 SPP_FMT "input packet is too small, %d bytes\n", 530 SPP_ARGS(ifp), m->m_pkthdr.len); 531 drop: 532 m_freem (m); 533 SPPP_UNLOCK(sp); 534 drop2: 535 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 536 if_inc_counter(ifp, IFCOUNTER_IQDROPS, 1); 537 return; 538 } 539 540 if (sp->pp_mode == PP_FR) { 541 sppp_fr_input (sp, m); 542 SPPP_UNLOCK(sp); 543 return; 544 } 545 546 /* Get PPP header. */ 547 h = mtod (m, struct ppp_header*); 548 m_adj (m, PPP_HEADER_LEN); 549 550 switch (h->address) { 551 case PPP_ALLSTATIONS: 552 if (h->control != PPP_UI) 553 goto invalid; 554 if (sp->pp_mode == IFF_CISCO) { 555 if (debug) 556 log(LOG_DEBUG, 557 SPP_FMT "PPP packet in Cisco mode " 558 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 559 SPP_ARGS(ifp), 560 h->address, h->control, ntohs(h->protocol)); 561 goto drop; 562 } 563 switch (ntohs (h->protocol)) { 564 default: 565 if (debug) 566 log(LOG_DEBUG, 567 SPP_FMT "rejecting protocol " 568 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 569 SPP_ARGS(ifp), 570 h->address, h->control, ntohs(h->protocol)); 571 if (sp->state[IDX_LCP] == STATE_OPENED) 572 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 573 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 574 &h->protocol); 575 if_inc_counter(ifp, IFCOUNTER_NOPROTO, 1); 576 goto drop; 577 case PPP_LCP: 578 sppp_cp_input(&lcp, sp, m); 579 m_freem (m); 580 SPPP_UNLOCK(sp); 581 return; 582 case PPP_PAP: 583 if (sp->pp_phase >= PHASE_AUTHENTICATE) 584 sppp_pap_input(sp, m); 585 m_freem (m); 586 SPPP_UNLOCK(sp); 587 return; 588 case PPP_CHAP: 589 if (sp->pp_phase >= PHASE_AUTHENTICATE) 590 sppp_chap_input(sp, m); 591 m_freem (m); 592 SPPP_UNLOCK(sp); 593 return; 594 #ifdef INET 595 case PPP_IPCP: 596 if (sp->pp_phase == PHASE_NETWORK) 597 sppp_cp_input(&ipcp, sp, m); 598 m_freem (m); 599 SPPP_UNLOCK(sp); 600 return; 601 case PPP_IP: 602 if (sp->state[IDX_IPCP] == STATE_OPENED) { 603 isr = NETISR_IP; 604 } 605 do_account++; 606 break; 607 case PPP_VJ_COMP: 608 if (sp->state[IDX_IPCP] == STATE_OPENED) { 609 if ((vjlen = 610 sl_uncompress_tcp_core(mtod(m, u_char *), 611 m->m_len, m->m_len, 612 TYPE_COMPRESSED_TCP, 613 sp->pp_comp, 614 &iphdr, &hlen)) <= 0) { 615 if (debug) 616 log(LOG_INFO, 617 SPP_FMT "VJ uncompress failed on compressed packet\n", 618 SPP_ARGS(ifp)); 619 goto drop; 620 } 621 622 /* 623 * Trim the VJ header off the packet, and prepend 624 * the uncompressed IP header (which will usually 625 * end up in two chained mbufs since there's not 626 * enough leading space in the existing mbuf). 627 */ 628 m_adj(m, vjlen); 629 M_PREPEND(m, hlen, M_NOWAIT); 630 if (m == NULL) { 631 SPPP_UNLOCK(sp); 632 goto drop2; 633 } 634 bcopy(iphdr, mtod(m, u_char *), hlen); 635 isr = NETISR_IP; 636 } 637 do_account++; 638 break; 639 case PPP_VJ_UCOMP: 640 if (sp->state[IDX_IPCP] == STATE_OPENED) { 641 if (sl_uncompress_tcp_core(mtod(m, u_char *), 642 m->m_len, m->m_len, 643 TYPE_UNCOMPRESSED_TCP, 644 sp->pp_comp, 645 &iphdr, &hlen) != 0) { 646 if (debug) 647 log(LOG_INFO, 648 SPP_FMT "VJ uncompress failed on uncompressed packet\n", 649 SPP_ARGS(ifp)); 650 goto drop; 651 } 652 isr = NETISR_IP; 653 } 654 do_account++; 655 break; 656 #endif 657 #ifdef INET6 658 case PPP_IPV6CP: 659 if (sp->pp_phase == PHASE_NETWORK) 660 sppp_cp_input(&ipv6cp, sp, m); 661 m_freem (m); 662 SPPP_UNLOCK(sp); 663 return; 664 665 case PPP_IPV6: 666 if (sp->state[IDX_IPV6CP] == STATE_OPENED) 667 isr = NETISR_IPV6; 668 do_account++; 669 break; 670 #endif 671 } 672 break; 673 case CISCO_MULTICAST: 674 case CISCO_UNICAST: 675 /* Don't check the control field here (RFC 1547). */ 676 if (sp->pp_mode != IFF_CISCO) { 677 if (debug) 678 log(LOG_DEBUG, 679 SPP_FMT "Cisco packet in PPP mode " 680 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 681 SPP_ARGS(ifp), 682 h->address, h->control, ntohs(h->protocol)); 683 goto drop; 684 } 685 switch (ntohs (h->protocol)) { 686 default: 687 if_inc_counter(ifp, IFCOUNTER_NOPROTO, 1); 688 goto invalid; 689 case CISCO_KEEPALIVE: 690 sppp_cisco_input (sp, m); 691 m_freem (m); 692 SPPP_UNLOCK(sp); 693 return; 694 #ifdef INET 695 case ETHERTYPE_IP: 696 isr = NETISR_IP; 697 do_account++; 698 break; 699 #endif 700 #ifdef INET6 701 case ETHERTYPE_IPV6: 702 isr = NETISR_IPV6; 703 do_account++; 704 break; 705 #endif 706 } 707 break; 708 default: /* Invalid PPP packet. */ 709 invalid: 710 if (debug) 711 log(LOG_DEBUG, 712 SPP_FMT "invalid input packet " 713 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 714 SPP_ARGS(ifp), 715 h->address, h->control, ntohs(h->protocol)); 716 goto drop; 717 } 718 719 if (! (ifp->if_flags & IFF_UP) || isr == -1) 720 goto drop; 721 722 SPPP_UNLOCK(sp); 723 M_SETFIB(m, ifp->if_fib); 724 /* Check queue. */ 725 if (netisr_queue(isr, m)) { /* (0) on success. */ 726 if (debug) 727 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 728 SPP_ARGS(ifp)); 729 goto drop2; 730 } 731 732 if (do_account) 733 /* 734 * Do only account for network packets, not for control 735 * packets. This is used by some subsystems to detect 736 * idle lines. 737 */ 738 sp->pp_last_recv = time_uptime; 739 } 740 741 static void 742 sppp_ifstart_sched(void *dummy) 743 { 744 struct sppp *sp = dummy; 745 746 sp->if_start(SP2IFP(sp)); 747 } 748 749 /* if_start () wrapper function. We use it to schedule real if_start () for 750 * execution. We can't call it directly 751 */ 752 static void 753 sppp_ifstart(struct ifnet *ifp) 754 { 755 struct sppp *sp = IFP2SP(ifp); 756 757 if (SPPP_LOCK_OWNED(sp)) { 758 if (callout_pending(&sp->ifstart_callout)) 759 return; 760 callout_reset(&sp->ifstart_callout, 1, sppp_ifstart_sched, 761 (void *)sp); 762 } else { 763 sp->if_start(ifp); 764 } 765 } 766 767 /* 768 * Enqueue transmit packet. 769 */ 770 static int 771 sppp_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, 772 struct route *ro) 773 { 774 struct sppp *sp = IFP2SP(ifp); 775 struct ppp_header *h; 776 struct ifqueue *ifq = NULL; 777 int error, rv = 0; 778 #ifdef INET 779 int ipproto = PPP_IP; 780 #endif 781 int debug = ifp->if_flags & IFF_DEBUG; 782 783 SPPP_LOCK(sp); 784 785 if (!(ifp->if_flags & IFF_UP) || 786 (!(ifp->if_flags & IFF_AUTO) && 787 !(ifp->if_drv_flags & IFF_DRV_RUNNING))) { 788 #ifdef INET6 789 drop: 790 #endif 791 m_freem (m); 792 SPPP_UNLOCK(sp); 793 return (ENETDOWN); 794 } 795 796 if ((ifp->if_flags & IFF_AUTO) && 797 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) { 798 #ifdef INET6 799 /* 800 * XXX 801 * 802 * Hack to prevent the initialization-time generated 803 * IPv6 multicast packet to erroneously cause a 804 * dialout event in case IPv6 has been 805 * administratively disabled on that interface. 806 */ 807 if (dst->sa_family == AF_INET6 && 808 !(sp->confflags & CONF_ENABLE_IPV6)) 809 goto drop; 810 #endif 811 /* 812 * Interface is not yet running, but auto-dial. Need 813 * to start LCP for it. 814 */ 815 ifp->if_drv_flags |= IFF_DRV_RUNNING; 816 lcp.Open(sp); 817 } 818 819 #ifdef INET 820 if (dst->sa_family == AF_INET) { 821 /* XXX Check mbuf length here? */ 822 struct ip *ip = mtod (m, struct ip*); 823 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 824 825 /* 826 * When using dynamic local IP address assignment by using 827 * 0.0.0.0 as a local address, the first TCP session will 828 * not connect because the local TCP checksum is computed 829 * using 0.0.0.0 which will later become our real IP address 830 * so the TCP checksum computed at the remote end will 831 * become invalid. So we 832 * - don't let packets with src ip addr 0 thru 833 * - we flag TCP packets with src ip 0 as an error 834 */ 835 836 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 837 { 838 m_freem(m); 839 SPPP_UNLOCK(sp); 840 if(ip->ip_p == IPPROTO_TCP) 841 return(EADDRNOTAVAIL); 842 else 843 return(0); 844 } 845 846 /* 847 * Put low delay, telnet, rlogin and ftp control packets 848 * in front of the queue or let ALTQ take care. 849 */ 850 if (ALTQ_IS_ENABLED(&ifp->if_snd)) 851 ; 852 else if (_IF_QFULL(&sp->pp_fastq)) 853 ; 854 else if (ip->ip_tos & IPTOS_LOWDELAY) 855 ifq = &sp->pp_fastq; 856 else if (m->m_len < sizeof *ip + sizeof *tcp) 857 ; 858 else if (ip->ip_p != IPPROTO_TCP) 859 ; 860 else if (INTERACTIVE (ntohs (tcp->th_sport))) 861 ifq = &sp->pp_fastq; 862 else if (INTERACTIVE (ntohs (tcp->th_dport))) 863 ifq = &sp->pp_fastq; 864 865 /* 866 * Do IP Header compression 867 */ 868 if (sp->pp_mode != IFF_CISCO && sp->pp_mode != PP_FR && 869 (sp->ipcp.flags & IPCP_VJ) && ip->ip_p == IPPROTO_TCP) 870 switch (sl_compress_tcp(m, ip, sp->pp_comp, 871 sp->ipcp.compress_cid)) { 872 case TYPE_COMPRESSED_TCP: 873 ipproto = PPP_VJ_COMP; 874 break; 875 case TYPE_UNCOMPRESSED_TCP: 876 ipproto = PPP_VJ_UCOMP; 877 break; 878 case TYPE_IP: 879 ipproto = PPP_IP; 880 break; 881 default: 882 m_freem(m); 883 SPPP_UNLOCK(sp); 884 return (EINVAL); 885 } 886 } 887 #endif 888 889 #ifdef INET6 890 if (dst->sa_family == AF_INET6) { 891 /* XXX do something tricky here? */ 892 } 893 #endif 894 895 if (sp->pp_mode == PP_FR) { 896 /* Add frame relay header. */ 897 m = sppp_fr_header (sp, m, dst->sa_family); 898 if (! m) 899 goto nobufs; 900 goto out; 901 } 902 903 /* 904 * Prepend general data packet PPP header. For now, IP only. 905 */ 906 M_PREPEND (m, PPP_HEADER_LEN, M_NOWAIT); 907 if (! m) { 908 nobufs: if (debug) 909 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 910 SPP_ARGS(ifp)); 911 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 912 SPPP_UNLOCK(sp); 913 return (ENOBUFS); 914 } 915 /* 916 * May want to check size of packet 917 * (albeit due to the implementation it's always enough) 918 */ 919 h = mtod (m, struct ppp_header*); 920 if (sp->pp_mode == IFF_CISCO) { 921 h->address = CISCO_UNICAST; /* unicast address */ 922 h->control = 0; 923 } else { 924 h->address = PPP_ALLSTATIONS; /* broadcast address */ 925 h->control = PPP_UI; /* Unnumbered Info */ 926 } 927 928 switch (dst->sa_family) { 929 #ifdef INET 930 case AF_INET: /* Internet Protocol */ 931 if (sp->pp_mode == IFF_CISCO) 932 h->protocol = htons (ETHERTYPE_IP); 933 else { 934 /* 935 * Don't choke with an ENETDOWN early. It's 936 * possible that we just started dialing out, 937 * so don't drop the packet immediately. If 938 * we notice that we run out of buffer space 939 * below, we will however remember that we are 940 * not ready to carry IP packets, and return 941 * ENETDOWN, as opposed to ENOBUFS. 942 */ 943 h->protocol = htons(ipproto); 944 if (sp->state[IDX_IPCP] != STATE_OPENED) 945 rv = ENETDOWN; 946 } 947 break; 948 #endif 949 #ifdef INET6 950 case AF_INET6: /* Internet Protocol */ 951 if (sp->pp_mode == IFF_CISCO) 952 h->protocol = htons (ETHERTYPE_IPV6); 953 else { 954 /* 955 * Don't choke with an ENETDOWN early. It's 956 * possible that we just started dialing out, 957 * so don't drop the packet immediately. If 958 * we notice that we run out of buffer space 959 * below, we will however remember that we are 960 * not ready to carry IP packets, and return 961 * ENETDOWN, as opposed to ENOBUFS. 962 */ 963 h->protocol = htons(PPP_IPV6); 964 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 965 rv = ENETDOWN; 966 } 967 break; 968 #endif 969 default: 970 m_freem (m); 971 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 972 SPPP_UNLOCK(sp); 973 return (EAFNOSUPPORT); 974 } 975 976 /* 977 * Queue message on interface, and start output if interface 978 * not yet active. 979 */ 980 out: 981 if (ifq != NULL) 982 error = !(IF_HANDOFF_ADJ(ifq, m, ifp, 3)); 983 else 984 IFQ_HANDOFF_ADJ(ifp, m, 3, error); 985 if (error) { 986 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 987 SPPP_UNLOCK(sp); 988 return (rv? rv: ENOBUFS); 989 } 990 SPPP_UNLOCK(sp); 991 /* 992 * Unlike in sppp_input(), we can always bump the timestamp 993 * here since sppp_output() is only called on behalf of 994 * network-layer traffic; control-layer traffic is handled 995 * by sppp_cp_send(). 996 */ 997 sp->pp_last_sent = time_uptime; 998 return (0); 999 } 1000 1001 void 1002 sppp_attach(struct ifnet *ifp) 1003 { 1004 struct sppp *sp = IFP2SP(ifp); 1005 1006 /* Initialize mtx lock */ 1007 mtx_init(&sp->mtx, "sppp", MTX_NETWORK_LOCK, MTX_DEF | MTX_RECURSE); 1008 1009 /* Initialize keepalive handler. */ 1010 callout_init(&sp->keepalive_callout, 1); 1011 callout_reset(&sp->keepalive_callout, hz * 10, sppp_keepalive, 1012 (void *)sp); 1013 1014 ifp->if_mtu = PP_MTU; 1015 ifp->if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 1016 ifp->if_output = sppp_output; 1017 #if 0 1018 sp->pp_flags = PP_KEEPALIVE; 1019 #endif 1020 ifp->if_snd.ifq_maxlen = 32; 1021 sp->pp_fastq.ifq_maxlen = 32; 1022 sp->pp_cpq.ifq_maxlen = 20; 1023 sp->pp_loopcnt = 0; 1024 sp->pp_alivecnt = 0; 1025 bzero(&sp->pp_seq[0], sizeof(sp->pp_seq)); 1026 bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq)); 1027 sp->pp_phase = PHASE_DEAD; 1028 sp->pp_up = sppp_pp_up; 1029 sp->pp_down = sppp_pp_down; 1030 if(!mtx_initialized(&sp->pp_cpq.ifq_mtx)) 1031 mtx_init(&sp->pp_cpq.ifq_mtx, "sppp_cpq", NULL, MTX_DEF); 1032 if(!mtx_initialized(&sp->pp_fastq.ifq_mtx)) 1033 mtx_init(&sp->pp_fastq.ifq_mtx, "sppp_fastq", NULL, MTX_DEF); 1034 sp->pp_last_recv = sp->pp_last_sent = time_uptime; 1035 sp->confflags = 0; 1036 #ifdef INET 1037 sp->confflags |= CONF_ENABLE_VJ; 1038 #endif 1039 #ifdef INET6 1040 sp->confflags |= CONF_ENABLE_IPV6; 1041 #endif 1042 callout_init(&sp->ifstart_callout, 1); 1043 sp->if_start = ifp->if_start; 1044 ifp->if_start = sppp_ifstart; 1045 sp->pp_comp = malloc(sizeof(struct slcompress), M_TEMP, M_WAITOK); 1046 sl_compress_init(sp->pp_comp, -1); 1047 sppp_lcp_init(sp); 1048 sppp_ipcp_init(sp); 1049 sppp_ipv6cp_init(sp); 1050 sppp_pap_init(sp); 1051 sppp_chap_init(sp); 1052 } 1053 1054 void 1055 sppp_detach(struct ifnet *ifp) 1056 { 1057 struct sppp *sp = IFP2SP(ifp); 1058 int i; 1059 1060 KASSERT(mtx_initialized(&sp->mtx), ("sppp mutex is not initialized")); 1061 1062 /* Stop keepalive handler. */ 1063 if (!callout_drain(&sp->keepalive_callout)) 1064 callout_stop(&sp->keepalive_callout); 1065 1066 for (i = 0; i < IDX_COUNT; i++) { 1067 if (!callout_drain(&sp->ch[i])) 1068 callout_stop(&sp->ch[i]); 1069 } 1070 if (!callout_drain(&sp->pap_my_to_ch)) 1071 callout_stop(&sp->pap_my_to_ch); 1072 mtx_destroy(&sp->pp_cpq.ifq_mtx); 1073 mtx_destroy(&sp->pp_fastq.ifq_mtx); 1074 mtx_destroy(&sp->mtx); 1075 } 1076 1077 /* 1078 * Flush the interface output queue. 1079 */ 1080 static void 1081 sppp_flush_unlocked(struct ifnet *ifp) 1082 { 1083 struct sppp *sp = IFP2SP(ifp); 1084 1085 sppp_qflush ((struct ifqueue *)&SP2IFP(sp)->if_snd); 1086 sppp_qflush (&sp->pp_fastq); 1087 sppp_qflush (&sp->pp_cpq); 1088 } 1089 1090 void 1091 sppp_flush(struct ifnet *ifp) 1092 { 1093 struct sppp *sp = IFP2SP(ifp); 1094 1095 SPPP_LOCK(sp); 1096 sppp_flush_unlocked (ifp); 1097 SPPP_UNLOCK(sp); 1098 } 1099 1100 /* 1101 * Check if the output queue is empty. 1102 */ 1103 int 1104 sppp_isempty(struct ifnet *ifp) 1105 { 1106 struct sppp *sp = IFP2SP(ifp); 1107 int empty; 1108 1109 SPPP_LOCK(sp); 1110 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 1111 !SP2IFP(sp)->if_snd.ifq_head; 1112 SPPP_UNLOCK(sp); 1113 return (empty); 1114 } 1115 1116 /* 1117 * Get next packet to send. 1118 */ 1119 struct mbuf * 1120 sppp_dequeue(struct ifnet *ifp) 1121 { 1122 struct sppp *sp = IFP2SP(ifp); 1123 struct mbuf *m; 1124 1125 SPPP_LOCK(sp); 1126 /* 1127 * Process only the control protocol queue until we have at 1128 * least one NCP open. 1129 * 1130 * Do always serve all three queues in Cisco mode. 1131 */ 1132 IF_DEQUEUE(&sp->pp_cpq, m); 1133 if (m == NULL && 1134 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO || 1135 sp->pp_mode == PP_FR)) { 1136 IF_DEQUEUE(&sp->pp_fastq, m); 1137 if (m == NULL) 1138 IF_DEQUEUE (&SP2IFP(sp)->if_snd, m); 1139 } 1140 SPPP_UNLOCK(sp); 1141 return m; 1142 } 1143 1144 /* 1145 * Pick the next packet, do not remove it from the queue. 1146 */ 1147 struct mbuf * 1148 sppp_pick(struct ifnet *ifp) 1149 { 1150 struct sppp *sp = IFP2SP(ifp); 1151 struct mbuf *m; 1152 1153 SPPP_LOCK(sp); 1154 1155 m = sp->pp_cpq.ifq_head; 1156 if (m == NULL && 1157 (sp->pp_phase == PHASE_NETWORK || 1158 sp->pp_mode == IFF_CISCO || 1159 sp->pp_mode == PP_FR)) 1160 if ((m = sp->pp_fastq.ifq_head) == NULL) 1161 m = SP2IFP(sp)->if_snd.ifq_head; 1162 SPPP_UNLOCK(sp); 1163 return (m); 1164 } 1165 1166 /* 1167 * Process an ioctl request. Called on low priority level. 1168 */ 1169 int 1170 sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data) 1171 { 1172 struct ifreq *ifr = (struct ifreq*) data; 1173 struct sppp *sp = IFP2SP(ifp); 1174 int rv, going_up, going_down, newmode; 1175 1176 SPPP_LOCK(sp); 1177 rv = 0; 1178 switch (cmd) { 1179 case SIOCAIFADDR: 1180 break; 1181 1182 case SIOCSIFADDR: 1183 /* set the interface "up" when assigning an IP address */ 1184 ifp->if_flags |= IFF_UP; 1185 /* FALLTHROUGH */ 1186 1187 case SIOCSIFFLAGS: 1188 going_up = ifp->if_flags & IFF_UP && 1189 (ifp->if_drv_flags & IFF_DRV_RUNNING) == 0; 1190 going_down = (ifp->if_flags & IFF_UP) == 0 && 1191 ifp->if_drv_flags & IFF_DRV_RUNNING; 1192 1193 newmode = ifp->if_flags & IFF_PASSIVE; 1194 if (!newmode) 1195 newmode = ifp->if_flags & IFF_AUTO; 1196 if (!newmode) 1197 newmode = ifp->if_flags & IFF_CISCO; 1198 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO); 1199 ifp->if_flags |= newmode; 1200 1201 if (!newmode) 1202 newmode = sp->pp_flags & PP_FR; 1203 1204 if (newmode != sp->pp_mode) { 1205 going_down = 1; 1206 if (!going_up) 1207 going_up = ifp->if_drv_flags & IFF_DRV_RUNNING; 1208 } 1209 1210 if (going_down) { 1211 if (sp->pp_mode != IFF_CISCO && 1212 sp->pp_mode != PP_FR) 1213 lcp.Close(sp); 1214 else if (sp->pp_tlf) 1215 (sp->pp_tlf)(sp); 1216 sppp_flush_unlocked(ifp); 1217 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1218 sp->pp_mode = newmode; 1219 } 1220 1221 if (going_up) { 1222 if (sp->pp_mode != IFF_CISCO && 1223 sp->pp_mode != PP_FR) 1224 lcp.Close(sp); 1225 sp->pp_mode = newmode; 1226 if (sp->pp_mode == 0) { 1227 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1228 lcp.Open(sp); 1229 } 1230 if ((sp->pp_mode == IFF_CISCO) || 1231 (sp->pp_mode == PP_FR)) { 1232 if (sp->pp_tls) 1233 (sp->pp_tls)(sp); 1234 ifp->if_drv_flags |= IFF_DRV_RUNNING; 1235 } 1236 } 1237 1238 break; 1239 1240 #ifdef SIOCSIFMTU 1241 #ifndef ifr_mtu 1242 #define ifr_mtu ifr_metric 1243 #endif 1244 case SIOCSIFMTU: 1245 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1246 return (EINVAL); 1247 ifp->if_mtu = ifr->ifr_mtu; 1248 break; 1249 #endif 1250 #ifdef SLIOCSETMTU 1251 case SLIOCSETMTU: 1252 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1253 return (EINVAL); 1254 ifp->if_mtu = *(short*)data; 1255 break; 1256 #endif 1257 #ifdef SIOCGIFMTU 1258 case SIOCGIFMTU: 1259 ifr->ifr_mtu = ifp->if_mtu; 1260 break; 1261 #endif 1262 #ifdef SLIOCGETMTU 1263 case SLIOCGETMTU: 1264 *(short*)data = ifp->if_mtu; 1265 break; 1266 #endif 1267 case SIOCADDMULTI: 1268 case SIOCDELMULTI: 1269 break; 1270 1271 case SIOCGIFGENERIC: 1272 case SIOCSIFGENERIC: 1273 rv = sppp_params(sp, cmd, data); 1274 break; 1275 1276 default: 1277 rv = ENOTTY; 1278 } 1279 SPPP_UNLOCK(sp); 1280 return rv; 1281 } 1282 1283 /* 1284 * Cisco framing implementation. 1285 */ 1286 1287 /* 1288 * Handle incoming Cisco keepalive protocol packets. 1289 */ 1290 static void 1291 sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1292 { 1293 STDDCL; 1294 struct cisco_packet *h; 1295 u_long me, mymask; 1296 1297 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1298 if (debug) 1299 log(LOG_DEBUG, 1300 SPP_FMT "cisco invalid packet length: %d bytes\n", 1301 SPP_ARGS(ifp), m->m_pkthdr.len); 1302 return; 1303 } 1304 h = mtod (m, struct cisco_packet*); 1305 if (debug) 1306 log(LOG_DEBUG, 1307 SPP_FMT "cisco input: %d bytes " 1308 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1309 SPP_ARGS(ifp), m->m_pkthdr.len, 1310 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1311 (u_int)h->time0, (u_int)h->time1); 1312 switch (ntohl (h->type)) { 1313 default: 1314 if (debug) 1315 log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n", 1316 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1317 break; 1318 case CISCO_ADDR_REPLY: 1319 /* Reply on address request, ignore */ 1320 break; 1321 case CISCO_KEEPALIVE_REQ: 1322 sp->pp_alivecnt = 0; 1323 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1324 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1325 /* Local and remote sequence numbers are equal. 1326 * Probably, the line is in loopback mode. */ 1327 if (sp->pp_loopcnt >= MAXALIVECNT) { 1328 printf (SPP_FMT "loopback\n", 1329 SPP_ARGS(ifp)); 1330 sp->pp_loopcnt = 0; 1331 if (ifp->if_flags & IFF_UP) { 1332 if_down (ifp); 1333 sppp_qflush (&sp->pp_cpq); 1334 } 1335 } 1336 ++sp->pp_loopcnt; 1337 1338 /* Generate new local sequence number */ 1339 sp->pp_seq[IDX_LCP] = random(); 1340 break; 1341 } 1342 sp->pp_loopcnt = 0; 1343 if (! (ifp->if_flags & IFF_UP) && 1344 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 1345 if_up(ifp); 1346 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1347 } 1348 break; 1349 case CISCO_ADDR_REQ: 1350 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1351 if (me != 0L) 1352 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1353 break; 1354 } 1355 } 1356 1357 /* 1358 * Send Cisco keepalive packet. 1359 */ 1360 static void 1361 sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1362 { 1363 STDDCL; 1364 struct ppp_header *h; 1365 struct cisco_packet *ch; 1366 struct mbuf *m; 1367 struct timeval tv; 1368 1369 getmicrouptime(&tv); 1370 1371 MGETHDR (m, M_NOWAIT, MT_DATA); 1372 if (! m) 1373 return; 1374 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1375 m->m_pkthdr.rcvif = 0; 1376 1377 h = mtod (m, struct ppp_header*); 1378 h->address = CISCO_MULTICAST; 1379 h->control = 0; 1380 h->protocol = htons (CISCO_KEEPALIVE); 1381 1382 ch = (struct cisco_packet*) (h + 1); 1383 ch->type = htonl (type); 1384 ch->par1 = htonl (par1); 1385 ch->par2 = htonl (par2); 1386 ch->rel = -1; 1387 1388 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1389 ch->time1 = htons ((u_short) tv.tv_sec); 1390 1391 if (debug) 1392 log(LOG_DEBUG, 1393 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1394 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1395 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1396 1397 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1398 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 1399 } 1400 1401 /* 1402 * PPP protocol implementation. 1403 */ 1404 1405 /* 1406 * Send PPP control protocol packet. 1407 */ 1408 static void 1409 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1410 u_char ident, u_short len, void *data) 1411 { 1412 STDDCL; 1413 struct ppp_header *h; 1414 struct lcp_header *lh; 1415 struct mbuf *m; 1416 1417 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1418 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1419 MGETHDR (m, M_NOWAIT, MT_DATA); 1420 if (! m) 1421 return; 1422 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1423 m->m_pkthdr.rcvif = 0; 1424 1425 h = mtod (m, struct ppp_header*); 1426 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1427 h->control = PPP_UI; /* Unnumbered Info */ 1428 h->protocol = htons (proto); /* Link Control Protocol */ 1429 1430 lh = (struct lcp_header*) (h + 1); 1431 lh->type = type; 1432 lh->ident = ident; 1433 lh->len = htons (LCP_HEADER_LEN + len); 1434 if (len) 1435 bcopy (data, lh+1, len); 1436 1437 if (debug) { 1438 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1439 SPP_ARGS(ifp), 1440 sppp_proto_name(proto), 1441 sppp_cp_type_name (lh->type), lh->ident, 1442 ntohs (lh->len)); 1443 sppp_print_bytes ((u_char*) (lh+1), len); 1444 log(-1, ">\n"); 1445 } 1446 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 1447 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 1448 } 1449 1450 /* 1451 * Handle incoming PPP control protocol packets. 1452 */ 1453 static void 1454 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1455 { 1456 STDDCL; 1457 struct lcp_header *h; 1458 int len = m->m_pkthdr.len; 1459 int rv; 1460 u_char *p; 1461 1462 if (len < 4) { 1463 if (debug) 1464 log(LOG_DEBUG, 1465 SPP_FMT "%s invalid packet length: %d bytes\n", 1466 SPP_ARGS(ifp), cp->name, len); 1467 return; 1468 } 1469 h = mtod (m, struct lcp_header*); 1470 if (debug) { 1471 log(LOG_DEBUG, 1472 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1473 SPP_ARGS(ifp), cp->name, 1474 sppp_state_name(sp->state[cp->protoidx]), 1475 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1476 sppp_print_bytes ((u_char*) (h+1), len-4); 1477 log(-1, ">\n"); 1478 } 1479 if (len > ntohs (h->len)) 1480 len = ntohs (h->len); 1481 p = (u_char *)(h + 1); 1482 switch (h->type) { 1483 case CONF_REQ: 1484 if (len < 4) { 1485 if (debug) 1486 log(-1, SPP_FMT "%s invalid conf-req length %d\n", 1487 SPP_ARGS(ifp), cp->name, 1488 len); 1489 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1490 break; 1491 } 1492 /* handle states where RCR doesn't get a SCA/SCN */ 1493 switch (sp->state[cp->protoidx]) { 1494 case STATE_CLOSING: 1495 case STATE_STOPPING: 1496 return; 1497 case STATE_CLOSED: 1498 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1499 0, 0); 1500 return; 1501 } 1502 rv = (cp->RCR)(sp, h, len); 1503 switch (sp->state[cp->protoidx]) { 1504 case STATE_OPENED: 1505 (cp->tld)(sp); 1506 (cp->scr)(sp); 1507 /* FALLTHROUGH */ 1508 case STATE_ACK_SENT: 1509 case STATE_REQ_SENT: 1510 /* 1511 * sppp_cp_change_state() have the side effect of 1512 * restarting the timeouts. We want to avoid that 1513 * if the state don't change, otherwise we won't 1514 * ever timeout and resend a configuration request 1515 * that got lost. 1516 */ 1517 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT: 1518 STATE_REQ_SENT)) 1519 break; 1520 sppp_cp_change_state(cp, sp, rv? 1521 STATE_ACK_SENT: STATE_REQ_SENT); 1522 break; 1523 case STATE_STOPPED: 1524 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1525 (cp->scr)(sp); 1526 sppp_cp_change_state(cp, sp, rv? 1527 STATE_ACK_SENT: STATE_REQ_SENT); 1528 break; 1529 case STATE_ACK_RCVD: 1530 if (rv) { 1531 sppp_cp_change_state(cp, sp, STATE_OPENED); 1532 if (debug) 1533 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1534 SPP_ARGS(ifp), 1535 cp->name); 1536 (cp->tlu)(sp); 1537 } else 1538 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1539 break; 1540 default: 1541 printf(SPP_FMT "%s illegal %s in state %s\n", 1542 SPP_ARGS(ifp), cp->name, 1543 sppp_cp_type_name(h->type), 1544 sppp_state_name(sp->state[cp->protoidx])); 1545 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1546 } 1547 break; 1548 case CONF_ACK: 1549 if (h->ident != sp->confid[cp->protoidx]) { 1550 if (debug) 1551 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1552 SPP_ARGS(ifp), cp->name, 1553 h->ident, sp->confid[cp->protoidx]); 1554 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1555 break; 1556 } 1557 switch (sp->state[cp->protoidx]) { 1558 case STATE_CLOSED: 1559 case STATE_STOPPED: 1560 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1561 break; 1562 case STATE_CLOSING: 1563 case STATE_STOPPING: 1564 break; 1565 case STATE_REQ_SENT: 1566 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1567 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1568 break; 1569 case STATE_OPENED: 1570 (cp->tld)(sp); 1571 /* FALLTHROUGH */ 1572 case STATE_ACK_RCVD: 1573 (cp->scr)(sp); 1574 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1575 break; 1576 case STATE_ACK_SENT: 1577 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1578 sppp_cp_change_state(cp, sp, STATE_OPENED); 1579 if (debug) 1580 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1581 SPP_ARGS(ifp), cp->name); 1582 (cp->tlu)(sp); 1583 break; 1584 default: 1585 printf(SPP_FMT "%s illegal %s in state %s\n", 1586 SPP_ARGS(ifp), cp->name, 1587 sppp_cp_type_name(h->type), 1588 sppp_state_name(sp->state[cp->protoidx])); 1589 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1590 } 1591 break; 1592 case CONF_NAK: 1593 case CONF_REJ: 1594 if (h->ident != sp->confid[cp->protoidx]) { 1595 if (debug) 1596 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1597 SPP_ARGS(ifp), cp->name, 1598 h->ident, sp->confid[cp->protoidx]); 1599 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1600 break; 1601 } 1602 if (h->type == CONF_NAK) 1603 (cp->RCN_nak)(sp, h, len); 1604 else /* CONF_REJ */ 1605 (cp->RCN_rej)(sp, h, len); 1606 1607 switch (sp->state[cp->protoidx]) { 1608 case STATE_CLOSED: 1609 case STATE_STOPPED: 1610 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1611 break; 1612 case STATE_REQ_SENT: 1613 case STATE_ACK_SENT: 1614 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1615 /* 1616 * Slow things down a bit if we think we might be 1617 * in loopback. Depend on the timeout to send the 1618 * next configuration request. 1619 */ 1620 if (sp->pp_loopcnt) 1621 break; 1622 (cp->scr)(sp); 1623 break; 1624 case STATE_OPENED: 1625 (cp->tld)(sp); 1626 /* FALLTHROUGH */ 1627 case STATE_ACK_RCVD: 1628 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1629 (cp->scr)(sp); 1630 break; 1631 case STATE_CLOSING: 1632 case STATE_STOPPING: 1633 break; 1634 default: 1635 printf(SPP_FMT "%s illegal %s in state %s\n", 1636 SPP_ARGS(ifp), cp->name, 1637 sppp_cp_type_name(h->type), 1638 sppp_state_name(sp->state[cp->protoidx])); 1639 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1640 } 1641 break; 1642 1643 case TERM_REQ: 1644 switch (sp->state[cp->protoidx]) { 1645 case STATE_ACK_RCVD: 1646 case STATE_ACK_SENT: 1647 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1648 /* FALLTHROUGH */ 1649 case STATE_CLOSED: 1650 case STATE_STOPPED: 1651 case STATE_CLOSING: 1652 case STATE_STOPPING: 1653 case STATE_REQ_SENT: 1654 sta: 1655 /* Send Terminate-Ack packet. */ 1656 if (debug) 1657 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1658 SPP_ARGS(ifp), cp->name); 1659 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1660 break; 1661 case STATE_OPENED: 1662 (cp->tld)(sp); 1663 sp->rst_counter[cp->protoidx] = 0; 1664 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1665 goto sta; 1666 break; 1667 default: 1668 printf(SPP_FMT "%s illegal %s in state %s\n", 1669 SPP_ARGS(ifp), cp->name, 1670 sppp_cp_type_name(h->type), 1671 sppp_state_name(sp->state[cp->protoidx])); 1672 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1673 } 1674 break; 1675 case TERM_ACK: 1676 switch (sp->state[cp->protoidx]) { 1677 case STATE_CLOSED: 1678 case STATE_STOPPED: 1679 case STATE_REQ_SENT: 1680 case STATE_ACK_SENT: 1681 break; 1682 case STATE_CLOSING: 1683 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1684 (cp->tlf)(sp); 1685 break; 1686 case STATE_STOPPING: 1687 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1688 (cp->tlf)(sp); 1689 break; 1690 case STATE_ACK_RCVD: 1691 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1692 break; 1693 case STATE_OPENED: 1694 (cp->tld)(sp); 1695 (cp->scr)(sp); 1696 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1697 break; 1698 default: 1699 printf(SPP_FMT "%s illegal %s in state %s\n", 1700 SPP_ARGS(ifp), cp->name, 1701 sppp_cp_type_name(h->type), 1702 sppp_state_name(sp->state[cp->protoidx])); 1703 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1704 } 1705 break; 1706 case CODE_REJ: 1707 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1708 log(LOG_INFO, 1709 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1710 "danger will robinson\n", 1711 SPP_ARGS(ifp), cp->name, 1712 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1713 switch (sp->state[cp->protoidx]) { 1714 case STATE_CLOSED: 1715 case STATE_STOPPED: 1716 case STATE_REQ_SENT: 1717 case STATE_ACK_SENT: 1718 case STATE_CLOSING: 1719 case STATE_STOPPING: 1720 case STATE_OPENED: 1721 break; 1722 case STATE_ACK_RCVD: 1723 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1724 break; 1725 default: 1726 printf(SPP_FMT "%s illegal %s in state %s\n", 1727 SPP_ARGS(ifp), cp->name, 1728 sppp_cp_type_name(h->type), 1729 sppp_state_name(sp->state[cp->protoidx])); 1730 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1731 } 1732 break; 1733 case PROTO_REJ: 1734 { 1735 int catastrophic; 1736 const struct cp *upper; 1737 int i; 1738 u_int16_t proto; 1739 1740 catastrophic = 0; 1741 upper = NULL; 1742 proto = ntohs(*((u_int16_t *)p)); 1743 for (i = 0; i < IDX_COUNT; i++) { 1744 if (cps[i]->proto == proto) { 1745 upper = cps[i]; 1746 break; 1747 } 1748 } 1749 if (upper == NULL) 1750 catastrophic++; 1751 1752 if (catastrophic || debug) 1753 log(catastrophic? LOG_INFO: LOG_DEBUG, 1754 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1755 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1756 sppp_cp_type_name(h->type), proto, 1757 upper ? upper->name : "unknown", 1758 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1759 1760 /* 1761 * if we got RXJ+ against conf-req, the peer does not implement 1762 * this particular protocol type. terminate the protocol. 1763 */ 1764 if (upper && !catastrophic) { 1765 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1766 upper->Close(sp); 1767 break; 1768 } 1769 } 1770 1771 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1772 switch (sp->state[cp->protoidx]) { 1773 case STATE_CLOSED: 1774 case STATE_STOPPED: 1775 case STATE_REQ_SENT: 1776 case STATE_ACK_SENT: 1777 case STATE_CLOSING: 1778 case STATE_STOPPING: 1779 case STATE_OPENED: 1780 break; 1781 case STATE_ACK_RCVD: 1782 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1783 break; 1784 default: 1785 printf(SPP_FMT "%s illegal %s in state %s\n", 1786 SPP_ARGS(ifp), cp->name, 1787 sppp_cp_type_name(h->type), 1788 sppp_state_name(sp->state[cp->protoidx])); 1789 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1790 } 1791 break; 1792 } 1793 case DISC_REQ: 1794 if (cp->proto != PPP_LCP) 1795 goto illegal; 1796 /* Discard the packet. */ 1797 break; 1798 case ECHO_REQ: 1799 if (cp->proto != PPP_LCP) 1800 goto illegal; 1801 if (sp->state[cp->protoidx] != STATE_OPENED) { 1802 if (debug) 1803 log(-1, SPP_FMT "lcp echo req but lcp closed\n", 1804 SPP_ARGS(ifp)); 1805 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1806 break; 1807 } 1808 if (len < 8) { 1809 if (debug) 1810 log(-1, SPP_FMT "invalid lcp echo request " 1811 "packet length: %d bytes\n", 1812 SPP_ARGS(ifp), len); 1813 break; 1814 } 1815 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 1816 ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1817 /* Line loopback mode detected. */ 1818 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1819 sp->pp_loopcnt = MAXALIVECNT * 5; 1820 if_down (ifp); 1821 sppp_qflush (&sp->pp_cpq); 1822 1823 /* Shut down the PPP link. */ 1824 /* XXX */ 1825 lcp.Down(sp); 1826 lcp.Up(sp); 1827 break; 1828 } 1829 *(long*)(h+1) = htonl (sp->lcp.magic); 1830 if (debug) 1831 log(-1, SPP_FMT "got lcp echo req, sending echo rep\n", 1832 SPP_ARGS(ifp)); 1833 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1834 break; 1835 case ECHO_REPLY: 1836 if (cp->proto != PPP_LCP) 1837 goto illegal; 1838 if (h->ident != sp->lcp.echoid) { 1839 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1840 break; 1841 } 1842 if (len < 8) { 1843 if (debug) 1844 log(-1, SPP_FMT "lcp invalid echo reply " 1845 "packet length: %d bytes\n", 1846 SPP_ARGS(ifp), len); 1847 break; 1848 } 1849 if (debug) 1850 log(-1, SPP_FMT "lcp got echo rep\n", 1851 SPP_ARGS(ifp)); 1852 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) || 1853 ntohl (*(long*)(h+1)) != sp->lcp.magic) 1854 sp->pp_alivecnt = 0; 1855 break; 1856 default: 1857 /* Unknown packet type -- send Code-Reject packet. */ 1858 illegal: 1859 if (debug) 1860 log(-1, SPP_FMT "%s send code-rej for 0x%x\n", 1861 SPP_ARGS(ifp), cp->name, h->type); 1862 sppp_cp_send(sp, cp->proto, CODE_REJ, 1863 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1864 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 1865 } 1866 } 1867 1868 1869 /* 1870 * The generic part of all Up/Down/Open/Close/TO event handlers. 1871 * Basically, the state transition handling in the automaton. 1872 */ 1873 static void 1874 sppp_up_event(const struct cp *cp, struct sppp *sp) 1875 { 1876 STDDCL; 1877 1878 if (debug) 1879 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1880 SPP_ARGS(ifp), cp->name, 1881 sppp_state_name(sp->state[cp->protoidx])); 1882 1883 switch (sp->state[cp->protoidx]) { 1884 case STATE_INITIAL: 1885 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1886 break; 1887 case STATE_STARTING: 1888 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1889 (cp->scr)(sp); 1890 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1891 break; 1892 default: 1893 printf(SPP_FMT "%s illegal up in state %s\n", 1894 SPP_ARGS(ifp), cp->name, 1895 sppp_state_name(sp->state[cp->protoidx])); 1896 } 1897 } 1898 1899 static void 1900 sppp_down_event(const struct cp *cp, struct sppp *sp) 1901 { 1902 STDDCL; 1903 1904 if (debug) 1905 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1906 SPP_ARGS(ifp), cp->name, 1907 sppp_state_name(sp->state[cp->protoidx])); 1908 1909 switch (sp->state[cp->protoidx]) { 1910 case STATE_CLOSED: 1911 case STATE_CLOSING: 1912 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1913 break; 1914 case STATE_STOPPED: 1915 sppp_cp_change_state(cp, sp, STATE_STARTING); 1916 (cp->tls)(sp); 1917 break; 1918 case STATE_STOPPING: 1919 case STATE_REQ_SENT: 1920 case STATE_ACK_RCVD: 1921 case STATE_ACK_SENT: 1922 sppp_cp_change_state(cp, sp, STATE_STARTING); 1923 break; 1924 case STATE_OPENED: 1925 (cp->tld)(sp); 1926 sppp_cp_change_state(cp, sp, STATE_STARTING); 1927 break; 1928 default: 1929 printf(SPP_FMT "%s illegal down in state %s\n", 1930 SPP_ARGS(ifp), cp->name, 1931 sppp_state_name(sp->state[cp->protoidx])); 1932 } 1933 } 1934 1935 1936 static void 1937 sppp_open_event(const struct cp *cp, struct sppp *sp) 1938 { 1939 STDDCL; 1940 1941 if (debug) 1942 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1943 SPP_ARGS(ifp), cp->name, 1944 sppp_state_name(sp->state[cp->protoidx])); 1945 1946 switch (sp->state[cp->protoidx]) { 1947 case STATE_INITIAL: 1948 sppp_cp_change_state(cp, sp, STATE_STARTING); 1949 (cp->tls)(sp); 1950 break; 1951 case STATE_STARTING: 1952 break; 1953 case STATE_CLOSED: 1954 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1955 (cp->scr)(sp); 1956 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1957 break; 1958 case STATE_STOPPED: 1959 /* 1960 * Try escaping stopped state. This seems to bite 1961 * people occasionally, in particular for IPCP, 1962 * presumably following previous IPCP negotiation 1963 * aborts. Somehow, we must have missed a Down event 1964 * which would have caused a transition into starting 1965 * state, so as a bandaid we force the Down event now. 1966 * This effectively implements (something like the) 1967 * `restart' option mentioned in the state transition 1968 * table of RFC 1661. 1969 */ 1970 sppp_cp_change_state(cp, sp, STATE_STARTING); 1971 (cp->tls)(sp); 1972 break; 1973 case STATE_STOPPING: 1974 case STATE_REQ_SENT: 1975 case STATE_ACK_RCVD: 1976 case STATE_ACK_SENT: 1977 case STATE_OPENED: 1978 break; 1979 case STATE_CLOSING: 1980 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1981 break; 1982 } 1983 } 1984 1985 1986 static void 1987 sppp_close_event(const struct cp *cp, struct sppp *sp) 1988 { 1989 STDDCL; 1990 1991 if (debug) 1992 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1993 SPP_ARGS(ifp), cp->name, 1994 sppp_state_name(sp->state[cp->protoidx])); 1995 1996 switch (sp->state[cp->protoidx]) { 1997 case STATE_INITIAL: 1998 case STATE_CLOSED: 1999 case STATE_CLOSING: 2000 break; 2001 case STATE_STARTING: 2002 sppp_cp_change_state(cp, sp, STATE_INITIAL); 2003 (cp->tlf)(sp); 2004 break; 2005 case STATE_STOPPED: 2006 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2007 break; 2008 case STATE_STOPPING: 2009 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2010 break; 2011 case STATE_OPENED: 2012 (cp->tld)(sp); 2013 /* FALLTHROUGH */ 2014 case STATE_REQ_SENT: 2015 case STATE_ACK_RCVD: 2016 case STATE_ACK_SENT: 2017 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 2018 sppp_cp_send(sp, cp->proto, TERM_REQ, 2019 ++sp->pp_seq[cp->protoidx], 0, 0); 2020 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2021 break; 2022 } 2023 } 2024 2025 static void 2026 sppp_to_event(const struct cp *cp, struct sppp *sp) 2027 { 2028 STDDCL; 2029 2030 SPPP_LOCK(sp); 2031 if (debug) 2032 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 2033 SPP_ARGS(ifp), cp->name, 2034 sppp_state_name(sp->state[cp->protoidx]), 2035 sp->rst_counter[cp->protoidx]); 2036 2037 if (--sp->rst_counter[cp->protoidx] < 0) 2038 /* TO- event */ 2039 switch (sp->state[cp->protoidx]) { 2040 case STATE_CLOSING: 2041 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2042 (cp->tlf)(sp); 2043 break; 2044 case STATE_STOPPING: 2045 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2046 (cp->tlf)(sp); 2047 break; 2048 case STATE_REQ_SENT: 2049 case STATE_ACK_RCVD: 2050 case STATE_ACK_SENT: 2051 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2052 (cp->tlf)(sp); 2053 break; 2054 } 2055 else 2056 /* TO+ event */ 2057 switch (sp->state[cp->protoidx]) { 2058 case STATE_CLOSING: 2059 case STATE_STOPPING: 2060 sppp_cp_send(sp, cp->proto, TERM_REQ, 2061 ++sp->pp_seq[cp->protoidx], 0, 0); 2062 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2063 cp->TO, (void *)sp); 2064 break; 2065 case STATE_REQ_SENT: 2066 case STATE_ACK_RCVD: 2067 (cp->scr)(sp); 2068 /* sppp_cp_change_state() will restart the timer */ 2069 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2070 break; 2071 case STATE_ACK_SENT: 2072 (cp->scr)(sp); 2073 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2074 cp->TO, (void *)sp); 2075 break; 2076 } 2077 2078 SPPP_UNLOCK(sp); 2079 } 2080 2081 /* 2082 * Change the state of a control protocol in the state automaton. 2083 * Takes care of starting/stopping the restart timer. 2084 */ 2085 static void 2086 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2087 { 2088 sp->state[cp->protoidx] = newstate; 2089 2090 callout_stop (&sp->ch[cp->protoidx]); 2091 2092 switch (newstate) { 2093 case STATE_INITIAL: 2094 case STATE_STARTING: 2095 case STATE_CLOSED: 2096 case STATE_STOPPED: 2097 case STATE_OPENED: 2098 break; 2099 case STATE_CLOSING: 2100 case STATE_STOPPING: 2101 case STATE_REQ_SENT: 2102 case STATE_ACK_RCVD: 2103 case STATE_ACK_SENT: 2104 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2105 cp->TO, (void *)sp); 2106 break; 2107 } 2108 } 2109 2110 /* 2111 *--------------------------------------------------------------------------* 2112 * * 2113 * The LCP implementation. * 2114 * * 2115 *--------------------------------------------------------------------------* 2116 */ 2117 static void 2118 sppp_pp_up(struct sppp *sp) 2119 { 2120 SPPP_LOCK(sp); 2121 lcp.Up(sp); 2122 SPPP_UNLOCK(sp); 2123 } 2124 2125 static void 2126 sppp_pp_down(struct sppp *sp) 2127 { 2128 SPPP_LOCK(sp); 2129 lcp.Down(sp); 2130 SPPP_UNLOCK(sp); 2131 } 2132 2133 static void 2134 sppp_lcp_init(struct sppp *sp) 2135 { 2136 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2137 sp->lcp.magic = 0; 2138 sp->state[IDX_LCP] = STATE_INITIAL; 2139 sp->fail_counter[IDX_LCP] = 0; 2140 sp->pp_seq[IDX_LCP] = 0; 2141 sp->pp_rseq[IDX_LCP] = 0; 2142 sp->lcp.protos = 0; 2143 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2144 2145 /* Note that these values are relevant for all control protocols */ 2146 sp->lcp.timeout = 3 * hz; 2147 sp->lcp.max_terminate = 2; 2148 sp->lcp.max_configure = 10; 2149 sp->lcp.max_failure = 10; 2150 callout_init(&sp->ch[IDX_LCP], 1); 2151 } 2152 2153 static void 2154 sppp_lcp_up(struct sppp *sp) 2155 { 2156 STDDCL; 2157 2158 sp->pp_alivecnt = 0; 2159 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2160 sp->lcp.magic = 0; 2161 sp->lcp.protos = 0; 2162 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2163 /* 2164 * If we are authenticator, negotiate LCP_AUTH 2165 */ 2166 if (sp->hisauth.proto != 0) 2167 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2168 else 2169 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2170 sp->pp_flags &= ~PP_NEEDAUTH; 2171 /* 2172 * If this interface is passive or dial-on-demand, and we are 2173 * still in Initial state, it means we've got an incoming 2174 * call. Activate the interface. 2175 */ 2176 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2177 if (debug) 2178 log(LOG_DEBUG, 2179 SPP_FMT "Up event", SPP_ARGS(ifp)); 2180 ifp->if_drv_flags |= IFF_DRV_RUNNING; 2181 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2182 if (debug) 2183 log(-1, "(incoming call)\n"); 2184 sp->pp_flags |= PP_CALLIN; 2185 lcp.Open(sp); 2186 } else if (debug) 2187 log(-1, "\n"); 2188 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2189 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2190 ifp->if_drv_flags |= IFF_DRV_RUNNING; 2191 lcp.Open(sp); 2192 } 2193 2194 sppp_up_event(&lcp, sp); 2195 } 2196 2197 static void 2198 sppp_lcp_down(struct sppp *sp) 2199 { 2200 STDDCL; 2201 2202 sppp_down_event(&lcp, sp); 2203 2204 /* 2205 * If this is neither a dial-on-demand nor a passive 2206 * interface, simulate an ``ifconfig down'' action, so the 2207 * administrator can force a redial by another ``ifconfig 2208 * up''. XXX For leased line operation, should we immediately 2209 * try to reopen the connection here? 2210 */ 2211 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2212 log(LOG_INFO, 2213 SPP_FMT "Down event, taking interface down.\n", 2214 SPP_ARGS(ifp)); 2215 if_down(ifp); 2216 } else { 2217 if (debug) 2218 log(LOG_DEBUG, 2219 SPP_FMT "Down event (carrier loss)\n", 2220 SPP_ARGS(ifp)); 2221 sp->pp_flags &= ~PP_CALLIN; 2222 if (sp->state[IDX_LCP] != STATE_INITIAL) 2223 lcp.Close(sp); 2224 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 2225 } 2226 } 2227 2228 static void 2229 sppp_lcp_open(struct sppp *sp) 2230 { 2231 sppp_open_event(&lcp, sp); 2232 } 2233 2234 static void 2235 sppp_lcp_close(struct sppp *sp) 2236 { 2237 sppp_close_event(&lcp, sp); 2238 } 2239 2240 static void 2241 sppp_lcp_TO(void *cookie) 2242 { 2243 sppp_to_event(&lcp, (struct sppp *)cookie); 2244 } 2245 2246 /* 2247 * Analyze a configure request. Return true if it was agreeable, and 2248 * caused action sca, false if it has been rejected or nak'ed, and 2249 * caused action scn. (The return value is used to make the state 2250 * transition decision in the state automaton.) 2251 */ 2252 static int 2253 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2254 { 2255 STDDCL; 2256 u_char *buf, *r, *p; 2257 int origlen, rlen; 2258 u_long nmagic; 2259 u_short authproto; 2260 2261 len -= 4; 2262 origlen = len; 2263 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2264 if (! buf) 2265 return (0); 2266 2267 if (debug) 2268 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 2269 SPP_ARGS(ifp)); 2270 2271 /* pass 1: check for things that need to be rejected */ 2272 p = (void*) (h+1); 2273 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 2274 len-=p[1], p+=p[1]) { 2275 if (debug) 2276 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2277 switch (*p) { 2278 case LCP_OPT_MAGIC: 2279 /* Magic number. */ 2280 if (len >= 6 && p[1] == 6) 2281 continue; 2282 if (debug) 2283 log(-1, "[invalid] "); 2284 break; 2285 case LCP_OPT_ASYNC_MAP: 2286 /* Async control character map. */ 2287 if (len >= 6 && p[1] == 6) 2288 continue; 2289 if (debug) 2290 log(-1, "[invalid] "); 2291 break; 2292 case LCP_OPT_MRU: 2293 /* Maximum receive unit. */ 2294 if (len >= 4 && p[1] == 4) 2295 continue; 2296 if (debug) 2297 log(-1, "[invalid] "); 2298 break; 2299 case LCP_OPT_AUTH_PROTO: 2300 if (len < 4) { 2301 if (debug) 2302 log(-1, "[invalid] "); 2303 break; 2304 } 2305 authproto = (p[2] << 8) + p[3]; 2306 if (authproto == PPP_CHAP && p[1] != 5) { 2307 if (debug) 2308 log(-1, "[invalid chap len] "); 2309 break; 2310 } 2311 if (sp->myauth.proto == 0) { 2312 /* we are not configured to do auth */ 2313 if (debug) 2314 log(-1, "[not configured] "); 2315 break; 2316 } 2317 /* 2318 * Remote want us to authenticate, remember this, 2319 * so we stay in PHASE_AUTHENTICATE after LCP got 2320 * up. 2321 */ 2322 sp->pp_flags |= PP_NEEDAUTH; 2323 continue; 2324 default: 2325 /* Others not supported. */ 2326 if (debug) 2327 log(-1, "[rej] "); 2328 break; 2329 } 2330 /* Add the option to rejected list. */ 2331 bcopy (p, r, p[1]); 2332 r += p[1]; 2333 rlen += p[1]; 2334 } 2335 if (rlen) { 2336 if (debug) 2337 log(-1, " send conf-rej\n"); 2338 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2339 return 0; 2340 } else if (debug) 2341 log(-1, "\n"); 2342 2343 /* 2344 * pass 2: check for option values that are unacceptable and 2345 * thus require to be nak'ed. 2346 */ 2347 if (debug) 2348 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2349 SPP_ARGS(ifp)); 2350 2351 p = (void*) (h+1); 2352 len = origlen; 2353 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 2354 len-=p[1], p+=p[1]) { 2355 if (debug) 2356 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2357 switch (*p) { 2358 case LCP_OPT_MAGIC: 2359 /* Magic number -- extract. */ 2360 nmagic = (u_long)p[2] << 24 | 2361 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2362 if (nmagic != sp->lcp.magic) { 2363 sp->pp_loopcnt = 0; 2364 if (debug) 2365 log(-1, "0x%lx ", nmagic); 2366 continue; 2367 } 2368 if (debug && sp->pp_loopcnt < MAXALIVECNT*5) 2369 log(-1, "[glitch] "); 2370 ++sp->pp_loopcnt; 2371 /* 2372 * We negate our magic here, and NAK it. If 2373 * we see it later in an NAK packet, we 2374 * suggest a new one. 2375 */ 2376 nmagic = ~sp->lcp.magic; 2377 /* Gonna NAK it. */ 2378 p[2] = nmagic >> 24; 2379 p[3] = nmagic >> 16; 2380 p[4] = nmagic >> 8; 2381 p[5] = nmagic; 2382 break; 2383 2384 case LCP_OPT_ASYNC_MAP: 2385 /* 2386 * Async control character map -- just ignore it. 2387 * 2388 * Quote from RFC 1662, chapter 6: 2389 * To enable this functionality, synchronous PPP 2390 * implementations MUST always respond to the 2391 * Async-Control-Character-Map Configuration 2392 * Option with the LCP Configure-Ack. However, 2393 * acceptance of the Configuration Option does 2394 * not imply that the synchronous implementation 2395 * will do any ACCM mapping. Instead, all such 2396 * octet mapping will be performed by the 2397 * asynchronous-to-synchronous converter. 2398 */ 2399 continue; 2400 2401 case LCP_OPT_MRU: 2402 /* 2403 * Maximum receive unit. Always agreeable, 2404 * but ignored by now. 2405 */ 2406 sp->lcp.their_mru = p[2] * 256 + p[3]; 2407 if (debug) 2408 log(-1, "%lu ", sp->lcp.their_mru); 2409 continue; 2410 2411 case LCP_OPT_AUTH_PROTO: 2412 authproto = (p[2] << 8) + p[3]; 2413 if (sp->myauth.proto != authproto) { 2414 /* not agreed, nak */ 2415 if (debug) 2416 log(-1, "[mine %s != his %s] ", 2417 sppp_proto_name(sp->hisauth.proto), 2418 sppp_proto_name(authproto)); 2419 p[2] = sp->myauth.proto >> 8; 2420 p[3] = sp->myauth.proto; 2421 break; 2422 } 2423 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2424 if (debug) 2425 log(-1, "[chap not MD5] "); 2426 p[4] = CHAP_MD5; 2427 break; 2428 } 2429 continue; 2430 } 2431 /* Add the option to nak'ed list. */ 2432 bcopy (p, r, p[1]); 2433 r += p[1]; 2434 rlen += p[1]; 2435 } 2436 if (rlen) { 2437 /* 2438 * Local and remote magics equal -- loopback? 2439 */ 2440 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2441 if (sp->pp_loopcnt == MAXALIVECNT*5) 2442 printf (SPP_FMT "loopback\n", 2443 SPP_ARGS(ifp)); 2444 if (ifp->if_flags & IFF_UP) { 2445 if_down(ifp); 2446 sppp_qflush(&sp->pp_cpq); 2447 /* XXX ? */ 2448 lcp.Down(sp); 2449 lcp.Up(sp); 2450 } 2451 } else if (!sp->pp_loopcnt && 2452 ++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2453 if (debug) 2454 log(-1, " max_failure (%d) exceeded, " 2455 "send conf-rej\n", 2456 sp->lcp.max_failure); 2457 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2458 } else { 2459 if (debug) 2460 log(-1, " send conf-nak\n"); 2461 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2462 } 2463 } else { 2464 if (debug) 2465 log(-1, " send conf-ack\n"); 2466 sp->fail_counter[IDX_LCP] = 0; 2467 sp->pp_loopcnt = 0; 2468 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2469 h->ident, origlen, h+1); 2470 } 2471 2472 free (buf, M_TEMP); 2473 return (rlen == 0); 2474 } 2475 2476 /* 2477 * Analyze the LCP Configure-Reject option list, and adjust our 2478 * negotiation. 2479 */ 2480 static void 2481 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2482 { 2483 STDDCL; 2484 u_char *buf, *p; 2485 2486 len -= 4; 2487 buf = malloc (len, M_TEMP, M_NOWAIT); 2488 if (!buf) 2489 return; 2490 2491 if (debug) 2492 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2493 SPP_ARGS(ifp)); 2494 2495 p = (void*) (h+1); 2496 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 2497 len -= p[1], p += p[1]) { 2498 if (debug) 2499 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2500 switch (*p) { 2501 case LCP_OPT_MAGIC: 2502 /* Magic number -- can't use it, use 0 */ 2503 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2504 sp->lcp.magic = 0; 2505 break; 2506 case LCP_OPT_MRU: 2507 /* 2508 * Should not be rejected anyway, since we only 2509 * negotiate a MRU if explicitly requested by 2510 * peer. 2511 */ 2512 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2513 break; 2514 case LCP_OPT_AUTH_PROTO: 2515 /* 2516 * Peer doesn't want to authenticate himself, 2517 * deny unless this is a dialout call, and 2518 * AUTHFLAG_NOCALLOUT is set. 2519 */ 2520 if ((sp->pp_flags & PP_CALLIN) == 0 && 2521 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2522 if (debug) 2523 log(-1, "[don't insist on auth " 2524 "for callout]"); 2525 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2526 break; 2527 } 2528 if (debug) 2529 log(-1, "[access denied]\n"); 2530 lcp.Close(sp); 2531 break; 2532 } 2533 } 2534 if (debug) 2535 log(-1, "\n"); 2536 free (buf, M_TEMP); 2537 return; 2538 } 2539 2540 /* 2541 * Analyze the LCP Configure-NAK option list, and adjust our 2542 * negotiation. 2543 */ 2544 static void 2545 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2546 { 2547 STDDCL; 2548 u_char *buf, *p; 2549 u_long magic; 2550 2551 len -= 4; 2552 buf = malloc (len, M_TEMP, M_NOWAIT); 2553 if (!buf) 2554 return; 2555 2556 if (debug) 2557 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2558 SPP_ARGS(ifp)); 2559 2560 p = (void*) (h+1); 2561 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 2562 len -= p[1], p += p[1]) { 2563 if (debug) 2564 log(-1, " %s ", sppp_lcp_opt_name(*p)); 2565 switch (*p) { 2566 case LCP_OPT_MAGIC: 2567 /* Magic number -- renegotiate */ 2568 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2569 len >= 6 && p[1] == 6) { 2570 magic = (u_long)p[2] << 24 | 2571 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2572 /* 2573 * If the remote magic is our negated one, 2574 * this looks like a loopback problem. 2575 * Suggest a new magic to make sure. 2576 */ 2577 if (magic == ~sp->lcp.magic) { 2578 if (debug) 2579 log(-1, "magic glitch "); 2580 sp->lcp.magic = random(); 2581 } else { 2582 sp->lcp.magic = magic; 2583 if (debug) 2584 log(-1, "%lu ", magic); 2585 } 2586 } 2587 break; 2588 case LCP_OPT_MRU: 2589 /* 2590 * Peer wants to advise us to negotiate an MRU. 2591 * Agree on it if it's reasonable, or use 2592 * default otherwise. 2593 */ 2594 if (len >= 4 && p[1] == 4) { 2595 u_int mru = p[2] * 256 + p[3]; 2596 if (debug) 2597 log(-1, "%d ", mru); 2598 if (mru < PP_MTU || mru > PP_MAX_MRU) 2599 mru = PP_MTU; 2600 sp->lcp.mru = mru; 2601 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2602 } 2603 break; 2604 case LCP_OPT_AUTH_PROTO: 2605 /* 2606 * Peer doesn't like our authentication method, 2607 * deny. 2608 */ 2609 if (debug) 2610 log(-1, "[access denied]\n"); 2611 lcp.Close(sp); 2612 break; 2613 } 2614 } 2615 if (debug) 2616 log(-1, "\n"); 2617 free (buf, M_TEMP); 2618 return; 2619 } 2620 2621 static void 2622 sppp_lcp_tlu(struct sppp *sp) 2623 { 2624 STDDCL; 2625 int i; 2626 u_long mask; 2627 2628 /* XXX ? */ 2629 if (! (ifp->if_flags & IFF_UP) && 2630 (ifp->if_drv_flags & IFF_DRV_RUNNING)) { 2631 /* Coming out of loopback mode. */ 2632 if_up(ifp); 2633 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2634 } 2635 2636 for (i = 0; i < IDX_COUNT; i++) 2637 if ((cps[i])->flags & CP_QUAL) 2638 (cps[i])->Open(sp); 2639 2640 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2641 (sp->pp_flags & PP_NEEDAUTH) != 0) 2642 sp->pp_phase = PHASE_AUTHENTICATE; 2643 else 2644 sp->pp_phase = PHASE_NETWORK; 2645 2646 if (debug) 2647 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2648 sppp_phase_name(sp->pp_phase)); 2649 2650 /* 2651 * Open all authentication protocols. This is even required 2652 * if we already proceeded to network phase, since it might be 2653 * that remote wants us to authenticate, so we might have to 2654 * send a PAP request. Undesired authentication protocols 2655 * don't do anything when they get an Open event. 2656 */ 2657 for (i = 0; i < IDX_COUNT; i++) 2658 if ((cps[i])->flags & CP_AUTH) 2659 (cps[i])->Open(sp); 2660 2661 if (sp->pp_phase == PHASE_NETWORK) { 2662 /* Notify all NCPs. */ 2663 for (i = 0; i < IDX_COUNT; i++) 2664 if (((cps[i])->flags & CP_NCP) && 2665 /* 2666 * XXX 2667 * Hack to administratively disable IPv6 if 2668 * not desired. Perhaps we should have another 2669 * flag for this, but right now, we can make 2670 * all struct cp's read/only. 2671 */ 2672 (cps[i] != &ipv6cp || 2673 (sp->confflags & CONF_ENABLE_IPV6))) 2674 (cps[i])->Open(sp); 2675 } 2676 2677 /* Send Up events to all started protos. */ 2678 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2679 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2680 (cps[i])->Up(sp); 2681 2682 /* notify low-level driver of state change */ 2683 if (sp->pp_chg) 2684 sp->pp_chg(sp, (int)sp->pp_phase); 2685 2686 if (sp->pp_phase == PHASE_NETWORK) 2687 /* if no NCP is starting, close down */ 2688 sppp_lcp_check_and_close(sp); 2689 } 2690 2691 static void 2692 sppp_lcp_tld(struct sppp *sp) 2693 { 2694 STDDCL; 2695 int i; 2696 u_long mask; 2697 2698 sp->pp_phase = PHASE_TERMINATE; 2699 2700 if (debug) 2701 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2702 sppp_phase_name(sp->pp_phase)); 2703 2704 /* 2705 * Take upper layers down. We send the Down event first and 2706 * the Close second to prevent the upper layers from sending 2707 * ``a flurry of terminate-request packets'', as the RFC 2708 * describes it. 2709 */ 2710 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2711 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2712 (cps[i])->Down(sp); 2713 (cps[i])->Close(sp); 2714 } 2715 } 2716 2717 static void 2718 sppp_lcp_tls(struct sppp *sp) 2719 { 2720 STDDCL; 2721 2722 sp->pp_phase = PHASE_ESTABLISH; 2723 2724 if (debug) 2725 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2726 sppp_phase_name(sp->pp_phase)); 2727 2728 /* Notify lower layer if desired. */ 2729 if (sp->pp_tls) 2730 (sp->pp_tls)(sp); 2731 else 2732 (sp->pp_up)(sp); 2733 } 2734 2735 static void 2736 sppp_lcp_tlf(struct sppp *sp) 2737 { 2738 STDDCL; 2739 2740 sp->pp_phase = PHASE_DEAD; 2741 if (debug) 2742 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2743 sppp_phase_name(sp->pp_phase)); 2744 2745 /* Notify lower layer if desired. */ 2746 if (sp->pp_tlf) 2747 (sp->pp_tlf)(sp); 2748 else 2749 (sp->pp_down)(sp); 2750 } 2751 2752 static void 2753 sppp_lcp_scr(struct sppp *sp) 2754 { 2755 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2756 int i = 0; 2757 u_short authproto; 2758 2759 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2760 if (! sp->lcp.magic) 2761 sp->lcp.magic = random(); 2762 opt[i++] = LCP_OPT_MAGIC; 2763 opt[i++] = 6; 2764 opt[i++] = sp->lcp.magic >> 24; 2765 opt[i++] = sp->lcp.magic >> 16; 2766 opt[i++] = sp->lcp.magic >> 8; 2767 opt[i++] = sp->lcp.magic; 2768 } 2769 2770 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2771 opt[i++] = LCP_OPT_MRU; 2772 opt[i++] = 4; 2773 opt[i++] = sp->lcp.mru >> 8; 2774 opt[i++] = sp->lcp.mru; 2775 } 2776 2777 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2778 authproto = sp->hisauth.proto; 2779 opt[i++] = LCP_OPT_AUTH_PROTO; 2780 opt[i++] = authproto == PPP_CHAP? 5: 4; 2781 opt[i++] = authproto >> 8; 2782 opt[i++] = authproto; 2783 if (authproto == PPP_CHAP) 2784 opt[i++] = CHAP_MD5; 2785 } 2786 2787 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2788 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2789 } 2790 2791 /* 2792 * Check the open NCPs, return true if at least one NCP is open. 2793 */ 2794 static int 2795 sppp_ncp_check(struct sppp *sp) 2796 { 2797 int i, mask; 2798 2799 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2800 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2801 return 1; 2802 return 0; 2803 } 2804 2805 /* 2806 * Re-check the open NCPs and see if we should terminate the link. 2807 * Called by the NCPs during their tlf action handling. 2808 */ 2809 static void 2810 sppp_lcp_check_and_close(struct sppp *sp) 2811 { 2812 2813 if (sp->pp_phase < PHASE_NETWORK) 2814 /* don't bother, we are already going down */ 2815 return; 2816 2817 if (sppp_ncp_check(sp)) 2818 return; 2819 2820 lcp.Close(sp); 2821 } 2822 2823 /* 2824 *--------------------------------------------------------------------------* 2825 * * 2826 * The IPCP implementation. * 2827 * * 2828 *--------------------------------------------------------------------------* 2829 */ 2830 2831 #ifdef INET 2832 static void 2833 sppp_ipcp_init(struct sppp *sp) 2834 { 2835 sp->ipcp.opts = 0; 2836 sp->ipcp.flags = 0; 2837 sp->state[IDX_IPCP] = STATE_INITIAL; 2838 sp->fail_counter[IDX_IPCP] = 0; 2839 sp->pp_seq[IDX_IPCP] = 0; 2840 sp->pp_rseq[IDX_IPCP] = 0; 2841 callout_init(&sp->ch[IDX_IPCP], 1); 2842 } 2843 2844 static void 2845 sppp_ipcp_up(struct sppp *sp) 2846 { 2847 sppp_up_event(&ipcp, sp); 2848 } 2849 2850 static void 2851 sppp_ipcp_down(struct sppp *sp) 2852 { 2853 sppp_down_event(&ipcp, sp); 2854 } 2855 2856 static void 2857 sppp_ipcp_open(struct sppp *sp) 2858 { 2859 STDDCL; 2860 u_long myaddr, hisaddr; 2861 2862 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN | IPCP_MYADDR_SEEN | 2863 IPCP_MYADDR_DYN | IPCP_VJ); 2864 sp->ipcp.opts = 0; 2865 2866 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2867 /* 2868 * If we don't have his address, this probably means our 2869 * interface doesn't want to talk IP at all. (This could 2870 * be the case if somebody wants to speak only IPX, for 2871 * example.) Don't open IPCP in this case. 2872 */ 2873 if (hisaddr == 0L) { 2874 /* XXX this message should go away */ 2875 if (debug) 2876 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2877 SPP_ARGS(ifp)); 2878 return; 2879 } 2880 if (myaddr == 0L) { 2881 /* 2882 * I don't have an assigned address, so i need to 2883 * negotiate my address. 2884 */ 2885 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2886 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2887 } else 2888 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2889 if (sp->confflags & CONF_ENABLE_VJ) { 2890 sp->ipcp.opts |= (1 << IPCP_OPT_COMPRESSION); 2891 sp->ipcp.max_state = MAX_STATES - 1; 2892 sp->ipcp.compress_cid = 1; 2893 } 2894 sppp_open_event(&ipcp, sp); 2895 } 2896 2897 static void 2898 sppp_ipcp_close(struct sppp *sp) 2899 { 2900 sppp_close_event(&ipcp, sp); 2901 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2902 /* 2903 * My address was dynamic, clear it again. 2904 */ 2905 sppp_set_ip_addr(sp, 0L); 2906 } 2907 2908 static void 2909 sppp_ipcp_TO(void *cookie) 2910 { 2911 sppp_to_event(&ipcp, (struct sppp *)cookie); 2912 } 2913 2914 /* 2915 * Analyze a configure request. Return true if it was agreeable, and 2916 * caused action sca, false if it has been rejected or nak'ed, and 2917 * caused action scn. (The return value is used to make the state 2918 * transition decision in the state automaton.) 2919 */ 2920 static int 2921 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2922 { 2923 u_char *buf, *r, *p; 2924 struct ifnet *ifp = SP2IFP(sp); 2925 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2926 u_long hisaddr, desiredaddr; 2927 int gotmyaddr = 0; 2928 int desiredcomp; 2929 2930 len -= 4; 2931 origlen = len; 2932 /* 2933 * Make sure to allocate a buf that can at least hold a 2934 * conf-nak with an `address' option. We might need it below. 2935 */ 2936 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2937 if (! buf) 2938 return (0); 2939 2940 /* pass 1: see if we can recognize them */ 2941 if (debug) 2942 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2943 SPP_ARGS(ifp)); 2944 p = (void*) (h+1); 2945 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 2946 len-=p[1], p+=p[1]) { 2947 if (debug) 2948 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 2949 switch (*p) { 2950 case IPCP_OPT_COMPRESSION: 2951 if (!(sp->confflags & CONF_ENABLE_VJ)) { 2952 /* VJ compression administratively disabled */ 2953 if (debug) 2954 log(-1, "[locally disabled] "); 2955 break; 2956 } 2957 /* 2958 * In theory, we should only conf-rej an 2959 * option that is shorter than RFC 1618 2960 * requires (i.e. < 4), and should conf-nak 2961 * anything else that is not VJ. However, 2962 * since our algorithm always uses the 2963 * original option to NAK it with new values, 2964 * things would become more complicated. In 2965 * practice, the only commonly implemented IP 2966 * compression option is VJ anyway, so the 2967 * difference is negligible. 2968 */ 2969 if (len >= 6 && p[1] == 6) { 2970 /* 2971 * correctly formed compression option 2972 * that could be VJ compression 2973 */ 2974 continue; 2975 } 2976 if (debug) 2977 log(-1, 2978 "optlen %d [invalid/unsupported] ", 2979 p[1]); 2980 break; 2981 case IPCP_OPT_ADDRESS: 2982 if (len >= 6 && p[1] == 6) { 2983 /* correctly formed address option */ 2984 continue; 2985 } 2986 if (debug) 2987 log(-1, "[invalid] "); 2988 break; 2989 default: 2990 /* Others not supported. */ 2991 if (debug) 2992 log(-1, "[rej] "); 2993 break; 2994 } 2995 /* Add the option to rejected list. */ 2996 bcopy (p, r, p[1]); 2997 r += p[1]; 2998 rlen += p[1]; 2999 } 3000 if (rlen) { 3001 if (debug) 3002 log(-1, " send conf-rej\n"); 3003 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 3004 return 0; 3005 } else if (debug) 3006 log(-1, "\n"); 3007 3008 /* pass 2: parse option values */ 3009 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 3010 if (debug) 3011 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 3012 SPP_ARGS(ifp)); 3013 p = (void*) (h+1); 3014 len = origlen; 3015 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3016 len-=p[1], p+=p[1]) { 3017 if (debug) 3018 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3019 switch (*p) { 3020 case IPCP_OPT_COMPRESSION: 3021 desiredcomp = p[2] << 8 | p[3]; 3022 /* We only support VJ */ 3023 if (desiredcomp == IPCP_COMP_VJ) { 3024 if (debug) 3025 log(-1, "VJ [ack] "); 3026 sp->ipcp.flags |= IPCP_VJ; 3027 sl_compress_init(sp->pp_comp, p[4]); 3028 sp->ipcp.max_state = p[4]; 3029 sp->ipcp.compress_cid = p[5]; 3030 continue; 3031 } 3032 if (debug) 3033 log(-1, 3034 "compproto %#04x [not supported] ", 3035 desiredcomp); 3036 p[2] = IPCP_COMP_VJ >> 8; 3037 p[3] = IPCP_COMP_VJ; 3038 p[4] = sp->ipcp.max_state; 3039 p[5] = sp->ipcp.compress_cid; 3040 break; 3041 case IPCP_OPT_ADDRESS: 3042 /* This is the address he wants in his end */ 3043 desiredaddr = p[2] << 24 | p[3] << 16 | 3044 p[4] << 8 | p[5]; 3045 if (desiredaddr == hisaddr || 3046 (hisaddr >= 1 && hisaddr <= 254 && desiredaddr != 0)) { 3047 /* 3048 * Peer's address is same as our value, 3049 * or we have set it to 0.0.0.* to 3050 * indicate that we do not really care, 3051 * this is agreeable. Gonna conf-ack 3052 * it. 3053 */ 3054 if (debug) 3055 log(-1, "%s [ack] ", 3056 sppp_dotted_quad(hisaddr)); 3057 /* record that we've seen it already */ 3058 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 3059 continue; 3060 } 3061 /* 3062 * The address wasn't agreeable. This is either 3063 * he sent us 0.0.0.0, asking to assign him an 3064 * address, or he send us another address not 3065 * matching our value. Either case, we gonna 3066 * conf-nak it with our value. 3067 * XXX: we should "rej" if hisaddr == 0 3068 */ 3069 if (debug) { 3070 if (desiredaddr == 0) 3071 log(-1, "[addr requested] "); 3072 else 3073 log(-1, "%s [not agreed] ", 3074 sppp_dotted_quad(desiredaddr)); 3075 3076 } 3077 p[2] = hisaddr >> 24; 3078 p[3] = hisaddr >> 16; 3079 p[4] = hisaddr >> 8; 3080 p[5] = hisaddr; 3081 break; 3082 } 3083 /* Add the option to nak'ed list. */ 3084 bcopy (p, r, p[1]); 3085 r += p[1]; 3086 rlen += p[1]; 3087 } 3088 3089 /* 3090 * If we are about to conf-ack the request, but haven't seen 3091 * his address so far, gonna conf-nak it instead, with the 3092 * `address' option present and our idea of his address being 3093 * filled in there, to request negotiation of both addresses. 3094 * 3095 * XXX This can result in an endless req - nak loop if peer 3096 * doesn't want to send us his address. Q: What should we do 3097 * about it? XXX A: implement the max-failure counter. 3098 */ 3099 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 3100 buf[0] = IPCP_OPT_ADDRESS; 3101 buf[1] = 6; 3102 buf[2] = hisaddr >> 24; 3103 buf[3] = hisaddr >> 16; 3104 buf[4] = hisaddr >> 8; 3105 buf[5] = hisaddr; 3106 rlen = 6; 3107 if (debug) 3108 log(-1, "still need hisaddr "); 3109 } 3110 3111 if (rlen) { 3112 if (debug) 3113 log(-1, " send conf-nak\n"); 3114 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 3115 } else { 3116 if (debug) 3117 log(-1, " send conf-ack\n"); 3118 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 3119 h->ident, origlen, h+1); 3120 } 3121 3122 free (buf, M_TEMP); 3123 return (rlen == 0); 3124 } 3125 3126 /* 3127 * Analyze the IPCP Configure-Reject option list, and adjust our 3128 * negotiation. 3129 */ 3130 static void 3131 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3132 { 3133 u_char *buf, *p; 3134 struct ifnet *ifp = SP2IFP(sp); 3135 int debug = ifp->if_flags & IFF_DEBUG; 3136 3137 len -= 4; 3138 buf = malloc (len, M_TEMP, M_NOWAIT); 3139 if (!buf) 3140 return; 3141 3142 if (debug) 3143 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 3144 SPP_ARGS(ifp)); 3145 3146 p = (void*) (h+1); 3147 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3148 len -= p[1], p += p[1]) { 3149 if (debug) 3150 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3151 switch (*p) { 3152 case IPCP_OPT_COMPRESSION: 3153 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESSION); 3154 break; 3155 case IPCP_OPT_ADDRESS: 3156 /* 3157 * Peer doesn't grok address option. This is 3158 * bad. XXX Should we better give up here? 3159 * XXX We could try old "addresses" option... 3160 */ 3161 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3162 break; 3163 } 3164 } 3165 if (debug) 3166 log(-1, "\n"); 3167 free (buf, M_TEMP); 3168 return; 3169 } 3170 3171 /* 3172 * Analyze the IPCP Configure-NAK option list, and adjust our 3173 * negotiation. 3174 */ 3175 static void 3176 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3177 { 3178 u_char *buf, *p; 3179 struct ifnet *ifp = SP2IFP(sp); 3180 int debug = ifp->if_flags & IFF_DEBUG; 3181 int desiredcomp; 3182 u_long wantaddr; 3183 3184 len -= 4; 3185 buf = malloc (len, M_TEMP, M_NOWAIT); 3186 if (!buf) 3187 return; 3188 3189 if (debug) 3190 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 3191 SPP_ARGS(ifp)); 3192 3193 p = (void*) (h+1); 3194 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3195 len -= p[1], p += p[1]) { 3196 if (debug) 3197 log(-1, " %s ", sppp_ipcp_opt_name(*p)); 3198 switch (*p) { 3199 case IPCP_OPT_COMPRESSION: 3200 if (len >= 6 && p[1] == 6) { 3201 desiredcomp = p[2] << 8 | p[3]; 3202 if (debug) 3203 log(-1, "[wantcomp %#04x] ", 3204 desiredcomp); 3205 if (desiredcomp == IPCP_COMP_VJ) { 3206 sl_compress_init(sp->pp_comp, p[4]); 3207 sp->ipcp.max_state = p[4]; 3208 sp->ipcp.compress_cid = p[5]; 3209 if (debug) 3210 log(-1, "[agree] "); 3211 } else 3212 sp->ipcp.opts &= 3213 ~(1 << IPCP_OPT_COMPRESSION); 3214 } 3215 break; 3216 case IPCP_OPT_ADDRESS: 3217 /* 3218 * Peer doesn't like our local IP address. See 3219 * if we can do something for him. We'll drop 3220 * him our address then. 3221 */ 3222 if (len >= 6 && p[1] == 6) { 3223 wantaddr = p[2] << 24 | p[3] << 16 | 3224 p[4] << 8 | p[5]; 3225 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3226 if (debug) 3227 log(-1, "[wantaddr %s] ", 3228 sppp_dotted_quad(wantaddr)); 3229 /* 3230 * When doing dynamic address assignment, 3231 * we accept his offer. Otherwise, we 3232 * ignore it and thus continue to negotiate 3233 * our already existing value. 3234 * XXX: Bogus, if he said no once, he'll 3235 * just say no again, might as well die. 3236 */ 3237 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3238 sppp_set_ip_addr(sp, wantaddr); 3239 if (debug) 3240 log(-1, "[agree] "); 3241 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3242 } 3243 } 3244 break; 3245 } 3246 } 3247 if (debug) 3248 log(-1, "\n"); 3249 free (buf, M_TEMP); 3250 return; 3251 } 3252 3253 static void 3254 sppp_ipcp_tlu(struct sppp *sp) 3255 { 3256 /* we are up - notify isdn daemon */ 3257 if (sp->pp_con) 3258 sp->pp_con(sp); 3259 } 3260 3261 static void 3262 sppp_ipcp_tld(struct sppp *sp) 3263 { 3264 } 3265 3266 static void 3267 sppp_ipcp_tls(struct sppp *sp) 3268 { 3269 /* indicate to LCP that it must stay alive */ 3270 sp->lcp.protos |= (1 << IDX_IPCP); 3271 } 3272 3273 static void 3274 sppp_ipcp_tlf(struct sppp *sp) 3275 { 3276 /* we no longer need LCP */ 3277 sp->lcp.protos &= ~(1 << IDX_IPCP); 3278 sppp_lcp_check_and_close(sp); 3279 } 3280 3281 static void 3282 sppp_ipcp_scr(struct sppp *sp) 3283 { 3284 char opt[6 /* compression */ + 6 /* address */]; 3285 u_long ouraddr; 3286 int i = 0; 3287 3288 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3289 opt[i++] = IPCP_OPT_COMPRESSION; 3290 opt[i++] = 6; 3291 opt[i++] = IPCP_COMP_VJ >> 8; 3292 opt[i++] = IPCP_COMP_VJ; 3293 opt[i++] = sp->ipcp.max_state; 3294 opt[i++] = sp->ipcp.compress_cid; 3295 } 3296 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3297 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3298 opt[i++] = IPCP_OPT_ADDRESS; 3299 opt[i++] = 6; 3300 opt[i++] = ouraddr >> 24; 3301 opt[i++] = ouraddr >> 16; 3302 opt[i++] = ouraddr >> 8; 3303 opt[i++] = ouraddr; 3304 } 3305 3306 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3307 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3308 } 3309 #else /* !INET */ 3310 static void 3311 sppp_ipcp_init(struct sppp *sp) 3312 { 3313 } 3314 3315 static void 3316 sppp_ipcp_up(struct sppp *sp) 3317 { 3318 } 3319 3320 static void 3321 sppp_ipcp_down(struct sppp *sp) 3322 { 3323 } 3324 3325 static void 3326 sppp_ipcp_open(struct sppp *sp) 3327 { 3328 } 3329 3330 static void 3331 sppp_ipcp_close(struct sppp *sp) 3332 { 3333 } 3334 3335 static void 3336 sppp_ipcp_TO(void *cookie) 3337 { 3338 } 3339 3340 static int 3341 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3342 { 3343 return (0); 3344 } 3345 3346 static void 3347 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3348 { 3349 } 3350 3351 static void 3352 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3353 { 3354 } 3355 3356 static void 3357 sppp_ipcp_tlu(struct sppp *sp) 3358 { 3359 } 3360 3361 static void 3362 sppp_ipcp_tld(struct sppp *sp) 3363 { 3364 } 3365 3366 static void 3367 sppp_ipcp_tls(struct sppp *sp) 3368 { 3369 } 3370 3371 static void 3372 sppp_ipcp_tlf(struct sppp *sp) 3373 { 3374 } 3375 3376 static void 3377 sppp_ipcp_scr(struct sppp *sp) 3378 { 3379 } 3380 #endif 3381 3382 /* 3383 *--------------------------------------------------------------------------* 3384 * * 3385 * The IPv6CP implementation. * 3386 * * 3387 *--------------------------------------------------------------------------* 3388 */ 3389 3390 #ifdef INET6 3391 static void 3392 sppp_ipv6cp_init(struct sppp *sp) 3393 { 3394 sp->ipv6cp.opts = 0; 3395 sp->ipv6cp.flags = 0; 3396 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3397 sp->fail_counter[IDX_IPV6CP] = 0; 3398 sp->pp_seq[IDX_IPV6CP] = 0; 3399 sp->pp_rseq[IDX_IPV6CP] = 0; 3400 callout_init(&sp->ch[IDX_IPV6CP], 1); 3401 } 3402 3403 static void 3404 sppp_ipv6cp_up(struct sppp *sp) 3405 { 3406 sppp_up_event(&ipv6cp, sp); 3407 } 3408 3409 static void 3410 sppp_ipv6cp_down(struct sppp *sp) 3411 { 3412 sppp_down_event(&ipv6cp, sp); 3413 } 3414 3415 static void 3416 sppp_ipv6cp_open(struct sppp *sp) 3417 { 3418 STDDCL; 3419 struct in6_addr myaddr, hisaddr; 3420 3421 #ifdef IPV6CP_MYIFID_DYN 3422 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3423 #else 3424 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3425 #endif 3426 3427 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3428 /* 3429 * If we don't have our address, this probably means our 3430 * interface doesn't want to talk IPv6 at all. (This could 3431 * be the case if somebody wants to speak only IPX, for 3432 * example.) Don't open IPv6CP in this case. 3433 */ 3434 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3435 /* XXX this message should go away */ 3436 if (debug) 3437 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3438 SPP_ARGS(ifp)); 3439 return; 3440 } 3441 3442 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3443 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3444 sppp_open_event(&ipv6cp, sp); 3445 } 3446 3447 static void 3448 sppp_ipv6cp_close(struct sppp *sp) 3449 { 3450 sppp_close_event(&ipv6cp, sp); 3451 } 3452 3453 static void 3454 sppp_ipv6cp_TO(void *cookie) 3455 { 3456 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3457 } 3458 3459 /* 3460 * Analyze a configure request. Return true if it was agreeable, and 3461 * caused action sca, false if it has been rejected or nak'ed, and 3462 * caused action scn. (The return value is used to make the state 3463 * transition decision in the state automaton.) 3464 */ 3465 static int 3466 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3467 { 3468 u_char *buf, *r, *p; 3469 struct ifnet *ifp = SP2IFP(sp); 3470 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3471 struct in6_addr myaddr, desiredaddr, suggestaddr; 3472 int ifidcount; 3473 int type; 3474 int collision, nohisaddr; 3475 char ip6buf[INET6_ADDRSTRLEN]; 3476 3477 len -= 4; 3478 origlen = len; 3479 /* 3480 * Make sure to allocate a buf that can at least hold a 3481 * conf-nak with an `address' option. We might need it below. 3482 */ 3483 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3484 if (! buf) 3485 return (0); 3486 3487 /* pass 1: see if we can recognize them */ 3488 if (debug) 3489 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3490 SPP_ARGS(ifp)); 3491 p = (void*) (h+1); 3492 ifidcount = 0; 3493 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3494 len-=p[1], p+=p[1]) { 3495 if (debug) 3496 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3497 switch (*p) { 3498 case IPV6CP_OPT_IFID: 3499 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3500 /* correctly formed address option */ 3501 ifidcount++; 3502 continue; 3503 } 3504 if (debug) 3505 log(-1, " [invalid]"); 3506 break; 3507 #ifdef notyet 3508 case IPV6CP_OPT_COMPRESSION: 3509 if (len >= 4 && p[1] >= 4) { 3510 /* correctly formed compress option */ 3511 continue; 3512 } 3513 if (debug) 3514 log(-1, " [invalid]"); 3515 break; 3516 #endif 3517 default: 3518 /* Others not supported. */ 3519 if (debug) 3520 log(-1, " [rej]"); 3521 break; 3522 } 3523 /* Add the option to rejected list. */ 3524 bcopy (p, r, p[1]); 3525 r += p[1]; 3526 rlen += p[1]; 3527 } 3528 if (rlen) { 3529 if (debug) 3530 log(-1, " send conf-rej\n"); 3531 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3532 goto end; 3533 } else if (debug) 3534 log(-1, "\n"); 3535 3536 /* pass 2: parse option values */ 3537 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3538 if (debug) 3539 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3540 SPP_ARGS(ifp)); 3541 p = (void*) (h+1); 3542 len = origlen; 3543 type = CONF_ACK; 3544 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1]; 3545 len-=p[1], p+=p[1]) { 3546 if (debug) 3547 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3548 switch (*p) { 3549 #ifdef notyet 3550 case IPV6CP_OPT_COMPRESSION: 3551 continue; 3552 #endif 3553 case IPV6CP_OPT_IFID: 3554 bzero(&desiredaddr, sizeof(desiredaddr)); 3555 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3556 collision = (bcmp(&desiredaddr.s6_addr[8], 3557 &myaddr.s6_addr[8], 8) == 0); 3558 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3559 3560 desiredaddr.s6_addr16[0] = htons(0xfe80); 3561 (void)in6_setscope(&desiredaddr, SP2IFP(sp), NULL); 3562 3563 if (!collision && !nohisaddr) { 3564 /* no collision, hisaddr known - Conf-Ack */ 3565 type = CONF_ACK; 3566 3567 if (debug) { 3568 log(-1, " %s [%s]", 3569 ip6_sprintf(ip6buf, &desiredaddr), 3570 sppp_cp_type_name(type)); 3571 } 3572 continue; 3573 } 3574 3575 bzero(&suggestaddr, sizeof(suggestaddr)); 3576 if (collision && nohisaddr) { 3577 /* collision, hisaddr unknown - Conf-Rej */ 3578 type = CONF_REJ; 3579 bzero(&p[2], 8); 3580 } else { 3581 /* 3582 * - no collision, hisaddr unknown, or 3583 * - collision, hisaddr known 3584 * Conf-Nak, suggest hisaddr 3585 */ 3586 type = CONF_NAK; 3587 sppp_suggest_ip6_addr(sp, &suggestaddr); 3588 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3589 } 3590 if (debug) 3591 log(-1, " %s [%s]", 3592 ip6_sprintf(ip6buf, &desiredaddr), 3593 sppp_cp_type_name(type)); 3594 break; 3595 } 3596 /* Add the option to nak'ed list. */ 3597 bcopy (p, r, p[1]); 3598 r += p[1]; 3599 rlen += p[1]; 3600 } 3601 3602 if (rlen == 0 && type == CONF_ACK) { 3603 if (debug) 3604 log(-1, " send %s\n", sppp_cp_type_name(type)); 3605 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3606 } else { 3607 #ifdef DIAGNOSTIC 3608 if (type == CONF_ACK) 3609 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3610 #endif 3611 3612 if (debug) { 3613 log(-1, " send %s suggest %s\n", 3614 sppp_cp_type_name(type), 3615 ip6_sprintf(ip6buf, &suggestaddr)); 3616 } 3617 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3618 } 3619 3620 end: 3621 free (buf, M_TEMP); 3622 return (rlen == 0); 3623 } 3624 3625 /* 3626 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3627 * negotiation. 3628 */ 3629 static void 3630 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3631 { 3632 u_char *buf, *p; 3633 struct ifnet *ifp = SP2IFP(sp); 3634 int debug = ifp->if_flags & IFF_DEBUG; 3635 3636 len -= 4; 3637 buf = malloc (len, M_TEMP, M_NOWAIT); 3638 if (!buf) 3639 return; 3640 3641 if (debug) 3642 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3643 SPP_ARGS(ifp)); 3644 3645 p = (void*) (h+1); 3646 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3647 len -= p[1], p += p[1]) { 3648 if (debug) 3649 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3650 switch (*p) { 3651 case IPV6CP_OPT_IFID: 3652 /* 3653 * Peer doesn't grok address option. This is 3654 * bad. XXX Should we better give up here? 3655 */ 3656 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3657 break; 3658 #ifdef notyet 3659 case IPV6CP_OPT_COMPRESS: 3660 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3661 break; 3662 #endif 3663 } 3664 } 3665 if (debug) 3666 log(-1, "\n"); 3667 free (buf, M_TEMP); 3668 return; 3669 } 3670 3671 /* 3672 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3673 * negotiation. 3674 */ 3675 static void 3676 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3677 { 3678 u_char *buf, *p; 3679 struct ifnet *ifp = SP2IFP(sp); 3680 int debug = ifp->if_flags & IFF_DEBUG; 3681 struct in6_addr suggestaddr; 3682 char ip6buf[INET6_ADDRSTRLEN]; 3683 3684 len -= 4; 3685 buf = malloc (len, M_TEMP, M_NOWAIT); 3686 if (!buf) 3687 return; 3688 3689 if (debug) 3690 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3691 SPP_ARGS(ifp)); 3692 3693 p = (void*) (h+1); 3694 for (; len >= 2 && p[1] >= 2 && len >= p[1]; 3695 len -= p[1], p += p[1]) { 3696 if (debug) 3697 log(-1, " %s", sppp_ipv6cp_opt_name(*p)); 3698 switch (*p) { 3699 case IPV6CP_OPT_IFID: 3700 /* 3701 * Peer doesn't like our local ifid. See 3702 * if we can do something for him. We'll drop 3703 * him our address then. 3704 */ 3705 if (len < 10 || p[1] != 10) 3706 break; 3707 bzero(&suggestaddr, sizeof(suggestaddr)); 3708 suggestaddr.s6_addr16[0] = htons(0xfe80); 3709 (void)in6_setscope(&suggestaddr, SP2IFP(sp), NULL); 3710 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3711 3712 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3713 if (debug) 3714 log(-1, " [suggestaddr %s]", 3715 ip6_sprintf(ip6buf, &suggestaddr)); 3716 #ifdef IPV6CP_MYIFID_DYN 3717 /* 3718 * When doing dynamic address assignment, 3719 * we accept his offer. 3720 */ 3721 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3722 struct in6_addr lastsuggest; 3723 /* 3724 * If <suggested myaddr from peer> equals to 3725 * <hisaddr we have suggested last time>, 3726 * we have a collision. generate new random 3727 * ifid. 3728 */ 3729 sppp_suggest_ip6_addr(&lastsuggest); 3730 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3731 lastsuggest)) { 3732 if (debug) 3733 log(-1, " [random]"); 3734 sppp_gen_ip6_addr(sp, &suggestaddr); 3735 } 3736 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3737 if (debug) 3738 log(-1, " [agree]"); 3739 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3740 } 3741 #else 3742 /* 3743 * Since we do not do dynamic address assignment, 3744 * we ignore it and thus continue to negotiate 3745 * our already existing value. This can possibly 3746 * go into infinite request-reject loop. 3747 * 3748 * This is not likely because we normally use 3749 * ifid based on MAC-address. 3750 * If you have no ethernet card on the node, too bad. 3751 * XXX should we use fail_counter? 3752 */ 3753 #endif 3754 break; 3755 #ifdef notyet 3756 case IPV6CP_OPT_COMPRESS: 3757 /* 3758 * Peer wants different compression parameters. 3759 */ 3760 break; 3761 #endif 3762 } 3763 } 3764 if (debug) 3765 log(-1, "\n"); 3766 free (buf, M_TEMP); 3767 return; 3768 } 3769 static void 3770 sppp_ipv6cp_tlu(struct sppp *sp) 3771 { 3772 /* we are up - notify isdn daemon */ 3773 if (sp->pp_con) 3774 sp->pp_con(sp); 3775 } 3776 3777 static void 3778 sppp_ipv6cp_tld(struct sppp *sp) 3779 { 3780 } 3781 3782 static void 3783 sppp_ipv6cp_tls(struct sppp *sp) 3784 { 3785 /* indicate to LCP that it must stay alive */ 3786 sp->lcp.protos |= (1 << IDX_IPV6CP); 3787 } 3788 3789 static void 3790 sppp_ipv6cp_tlf(struct sppp *sp) 3791 { 3792 3793 #if 0 /* need #if 0 to close IPv6CP properly */ 3794 /* we no longer need LCP */ 3795 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3796 sppp_lcp_check_and_close(sp); 3797 #endif 3798 } 3799 3800 static void 3801 sppp_ipv6cp_scr(struct sppp *sp) 3802 { 3803 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3804 struct in6_addr ouraddr; 3805 int i = 0; 3806 3807 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3808 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3809 opt[i++] = IPV6CP_OPT_IFID; 3810 opt[i++] = 10; 3811 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3812 i += 8; 3813 } 3814 3815 #ifdef notyet 3816 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3817 opt[i++] = IPV6CP_OPT_COMPRESSION; 3818 opt[i++] = 4; 3819 opt[i++] = 0; /* TBD */ 3820 opt[i++] = 0; /* TBD */ 3821 /* variable length data may follow */ 3822 } 3823 #endif 3824 3825 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3826 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3827 } 3828 #else /*INET6*/ 3829 static void sppp_ipv6cp_init(struct sppp *sp) 3830 { 3831 } 3832 3833 static void sppp_ipv6cp_up(struct sppp *sp) 3834 { 3835 } 3836 3837 static void sppp_ipv6cp_down(struct sppp *sp) 3838 { 3839 } 3840 3841 3842 static void sppp_ipv6cp_open(struct sppp *sp) 3843 { 3844 } 3845 3846 static void sppp_ipv6cp_close(struct sppp *sp) 3847 { 3848 } 3849 3850 static void sppp_ipv6cp_TO(void *sp) 3851 { 3852 } 3853 3854 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3855 { 3856 return 0; 3857 } 3858 3859 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3860 { 3861 } 3862 3863 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3864 { 3865 } 3866 3867 static void sppp_ipv6cp_tlu(struct sppp *sp) 3868 { 3869 } 3870 3871 static void sppp_ipv6cp_tld(struct sppp *sp) 3872 { 3873 } 3874 3875 static void sppp_ipv6cp_tls(struct sppp *sp) 3876 { 3877 } 3878 3879 static void sppp_ipv6cp_tlf(struct sppp *sp) 3880 { 3881 } 3882 3883 static void sppp_ipv6cp_scr(struct sppp *sp) 3884 { 3885 } 3886 #endif /*INET6*/ 3887 3888 /* 3889 *--------------------------------------------------------------------------* 3890 * * 3891 * The CHAP implementation. * 3892 * * 3893 *--------------------------------------------------------------------------* 3894 */ 3895 3896 /* 3897 * The authentication protocols don't employ a full-fledged state machine as 3898 * the control protocols do, since they do have Open and Close events, but 3899 * not Up and Down, nor are they explicitly terminated. Also, use of the 3900 * authentication protocols may be different in both directions (this makes 3901 * sense, think of a machine that never accepts incoming calls but only 3902 * calls out, it doesn't require the called party to authenticate itself). 3903 * 3904 * Our state machine for the local authentication protocol (we are requesting 3905 * the peer to authenticate) looks like: 3906 * 3907 * RCA- 3908 * +--------------------------------------------+ 3909 * V scn,tld| 3910 * +--------+ Close +---------+ RCA+ 3911 * | |<----------------------------------| |------+ 3912 * +--->| Closed | TO* | Opened | sca | 3913 * | | |-----+ +-------| |<-----+ 3914 * | +--------+ irc | | +---------+ 3915 * | ^ | | ^ 3916 * | | | | | 3917 * | | | | | 3918 * | TO-| | | | 3919 * | |tld TO+ V | | 3920 * | | +------->+ | | 3921 * | | | | | | 3922 * | +--------+ V | | 3923 * | | |<----+<--------------------+ | 3924 * | | Req- | scr | 3925 * | | Sent | | 3926 * | | | | 3927 * | +--------+ | 3928 * | RCA- | | RCA+ | 3929 * +------+ +------------------------------------------+ 3930 * scn,tld sca,irc,ict,tlu 3931 * 3932 * 3933 * with: 3934 * 3935 * Open: LCP reached authentication phase 3936 * Close: LCP reached terminate phase 3937 * 3938 * RCA+: received reply (pap-req, chap-response), acceptable 3939 * RCN: received reply (pap-req, chap-response), not acceptable 3940 * TO+: timeout with restart counter >= 0 3941 * TO-: timeout with restart counter < 0 3942 * TO*: reschedule timeout for CHAP 3943 * 3944 * scr: send request packet (none for PAP, chap-challenge) 3945 * sca: send ack packet (pap-ack, chap-success) 3946 * scn: send nak packet (pap-nak, chap-failure) 3947 * ict: initialize re-challenge timer (CHAP only) 3948 * 3949 * tlu: this-layer-up, LCP reaches network phase 3950 * tld: this-layer-down, LCP enters terminate phase 3951 * 3952 * Note that in CHAP mode, after sending a new challenge, while the state 3953 * automaton falls back into Req-Sent state, it doesn't signal a tld 3954 * event to LCP, so LCP remains in network phase. Only after not getting 3955 * any response (or after getting an unacceptable response), CHAP closes, 3956 * causing LCP to enter terminate phase. 3957 * 3958 * With PAP, there is no initial request that can be sent. The peer is 3959 * expected to send one based on the successful negotiation of PAP as 3960 * the authentication protocol during the LCP option negotiation. 3961 * 3962 * Incoming authentication protocol requests (remote requests 3963 * authentication, we are peer) don't employ a state machine at all, 3964 * they are simply answered. Some peers [Ascend P50 firmware rev 3965 * 4.50] react allergically when sending IPCP requests while they are 3966 * still in authentication phase (thereby violating the standard that 3967 * demands that these NCP packets are to be discarded), so we keep 3968 * track of the peer demanding us to authenticate, and only proceed to 3969 * phase network once we've seen a positive acknowledge for the 3970 * authentication. 3971 */ 3972 3973 /* 3974 * Handle incoming CHAP packets. 3975 */ 3976 static void 3977 sppp_chap_input(struct sppp *sp, struct mbuf *m) 3978 { 3979 STDDCL; 3980 struct lcp_header *h; 3981 int len; 3982 u_char *value, *name, digest[AUTHKEYLEN], dsize; 3983 int value_len, name_len; 3984 MD5_CTX ctx; 3985 3986 len = m->m_pkthdr.len; 3987 if (len < 4) { 3988 if (debug) 3989 log(LOG_DEBUG, 3990 SPP_FMT "chap invalid packet length: %d bytes\n", 3991 SPP_ARGS(ifp), len); 3992 return; 3993 } 3994 h = mtod (m, struct lcp_header*); 3995 if (len > ntohs (h->len)) 3996 len = ntohs (h->len); 3997 3998 switch (h->type) { 3999 /* challenge, failure and success are his authproto */ 4000 case CHAP_CHALLENGE: 4001 value = 1 + (u_char*)(h+1); 4002 value_len = value[-1]; 4003 name = value + value_len; 4004 name_len = len - value_len - 5; 4005 if (name_len < 0) { 4006 if (debug) { 4007 log(LOG_DEBUG, 4008 SPP_FMT "chap corrupted challenge " 4009 "<%s id=0x%x len=%d", 4010 SPP_ARGS(ifp), 4011 sppp_auth_type_name(PPP_CHAP, h->type), 4012 h->ident, ntohs(h->len)); 4013 sppp_print_bytes((u_char*) (h+1), len-4); 4014 log(-1, ">\n"); 4015 } 4016 break; 4017 } 4018 4019 if (debug) { 4020 log(LOG_DEBUG, 4021 SPP_FMT "chap input <%s id=0x%x len=%d name=", 4022 SPP_ARGS(ifp), 4023 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 4024 ntohs(h->len)); 4025 sppp_print_string((char*) name, name_len); 4026 log(-1, " value-size=%d value=", value_len); 4027 sppp_print_bytes(value, value_len); 4028 log(-1, ">\n"); 4029 } 4030 4031 /* Compute reply value. */ 4032 MD5Init(&ctx); 4033 MD5Update(&ctx, &h->ident, 1); 4034 MD5Update(&ctx, sp->myauth.secret, 4035 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 4036 MD5Update(&ctx, value, value_len); 4037 MD5Final(digest, &ctx); 4038 dsize = sizeof digest; 4039 4040 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 4041 sizeof dsize, (const char *)&dsize, 4042 sizeof digest, digest, 4043 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4044 sp->myauth.name, 4045 0); 4046 break; 4047 4048 case CHAP_SUCCESS: 4049 if (debug) { 4050 log(LOG_DEBUG, SPP_FMT "chap success", 4051 SPP_ARGS(ifp)); 4052 if (len > 4) { 4053 log(-1, ": "); 4054 sppp_print_string((char*)(h + 1), len - 4); 4055 } 4056 log(-1, "\n"); 4057 } 4058 SPPP_LOCK(sp); 4059 sp->pp_flags &= ~PP_NEEDAUTH; 4060 if (sp->myauth.proto == PPP_CHAP && 4061 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4062 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 4063 /* 4064 * We are authenticator for CHAP but didn't 4065 * complete yet. Leave it to tlu to proceed 4066 * to network phase. 4067 */ 4068 SPPP_UNLOCK(sp); 4069 break; 4070 } 4071 SPPP_UNLOCK(sp); 4072 sppp_phase_network(sp); 4073 break; 4074 4075 case CHAP_FAILURE: 4076 if (debug) { 4077 log(LOG_INFO, SPP_FMT "chap failure", 4078 SPP_ARGS(ifp)); 4079 if (len > 4) { 4080 log(-1, ": "); 4081 sppp_print_string((char*)(h + 1), len - 4); 4082 } 4083 log(-1, "\n"); 4084 } else 4085 log(LOG_INFO, SPP_FMT "chap failure\n", 4086 SPP_ARGS(ifp)); 4087 /* await LCP shutdown by authenticator */ 4088 break; 4089 4090 /* response is my authproto */ 4091 case CHAP_RESPONSE: 4092 value = 1 + (u_char*)(h+1); 4093 value_len = value[-1]; 4094 name = value + value_len; 4095 name_len = len - value_len - 5; 4096 if (name_len < 0) { 4097 if (debug) { 4098 log(LOG_DEBUG, 4099 SPP_FMT "chap corrupted response " 4100 "<%s id=0x%x len=%d", 4101 SPP_ARGS(ifp), 4102 sppp_auth_type_name(PPP_CHAP, h->type), 4103 h->ident, ntohs(h->len)); 4104 sppp_print_bytes((u_char*)(h+1), len-4); 4105 log(-1, ">\n"); 4106 } 4107 break; 4108 } 4109 if (h->ident != sp->confid[IDX_CHAP]) { 4110 if (debug) 4111 log(LOG_DEBUG, 4112 SPP_FMT "chap dropping response for old ID " 4113 "(got %d, expected %d)\n", 4114 SPP_ARGS(ifp), 4115 h->ident, sp->confid[IDX_CHAP]); 4116 break; 4117 } 4118 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 4119 || bcmp(name, sp->hisauth.name, name_len) != 0) { 4120 log(LOG_INFO, SPP_FMT "chap response, his name ", 4121 SPP_ARGS(ifp)); 4122 sppp_print_string(name, name_len); 4123 log(-1, " != expected "); 4124 sppp_print_string(sp->hisauth.name, 4125 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 4126 log(-1, "\n"); 4127 } 4128 if (debug) { 4129 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 4130 "<%s id=0x%x len=%d name=", 4131 SPP_ARGS(ifp), 4132 sppp_state_name(sp->state[IDX_CHAP]), 4133 sppp_auth_type_name(PPP_CHAP, h->type), 4134 h->ident, ntohs (h->len)); 4135 sppp_print_string((char*)name, name_len); 4136 log(-1, " value-size=%d value=", value_len); 4137 sppp_print_bytes(value, value_len); 4138 log(-1, ">\n"); 4139 } 4140 if (value_len != AUTHKEYLEN) { 4141 if (debug) 4142 log(LOG_DEBUG, 4143 SPP_FMT "chap bad hash value length: " 4144 "%d bytes, should be %d\n", 4145 SPP_ARGS(ifp), value_len, 4146 AUTHKEYLEN); 4147 break; 4148 } 4149 4150 MD5Init(&ctx); 4151 MD5Update(&ctx, &h->ident, 1); 4152 MD5Update(&ctx, sp->hisauth.secret, 4153 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 4154 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 4155 MD5Final(digest, &ctx); 4156 4157 #define FAILMSG "Failed..." 4158 #define SUCCMSG "Welcome!" 4159 4160 if (value_len != sizeof digest || 4161 bcmp(digest, value, value_len) != 0) { 4162 /* action scn, tld */ 4163 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 4164 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4165 0); 4166 chap.tld(sp); 4167 break; 4168 } 4169 /* action sca, perhaps tlu */ 4170 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 4171 sp->state[IDX_CHAP] == STATE_OPENED) 4172 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4173 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4174 0); 4175 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 4176 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4177 chap.tlu(sp); 4178 } 4179 break; 4180 4181 default: 4182 /* Unknown CHAP packet type -- ignore. */ 4183 if (debug) { 4184 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 4185 "<0x%x id=0x%xh len=%d", 4186 SPP_ARGS(ifp), 4187 sppp_state_name(sp->state[IDX_CHAP]), 4188 h->type, h->ident, ntohs(h->len)); 4189 sppp_print_bytes((u_char*)(h+1), len-4); 4190 log(-1, ">\n"); 4191 } 4192 break; 4193 4194 } 4195 } 4196 4197 static void 4198 sppp_chap_init(struct sppp *sp) 4199 { 4200 /* Chap doesn't have STATE_INITIAL at all. */ 4201 sp->state[IDX_CHAP] = STATE_CLOSED; 4202 sp->fail_counter[IDX_CHAP] = 0; 4203 sp->pp_seq[IDX_CHAP] = 0; 4204 sp->pp_rseq[IDX_CHAP] = 0; 4205 callout_init(&sp->ch[IDX_CHAP], 1); 4206 } 4207 4208 static void 4209 sppp_chap_open(struct sppp *sp) 4210 { 4211 if (sp->myauth.proto == PPP_CHAP && 4212 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4213 /* we are authenticator for CHAP, start it */ 4214 chap.scr(sp); 4215 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4216 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4217 } 4218 /* nothing to be done if we are peer, await a challenge */ 4219 } 4220 4221 static void 4222 sppp_chap_close(struct sppp *sp) 4223 { 4224 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4225 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4226 } 4227 4228 static void 4229 sppp_chap_TO(void *cookie) 4230 { 4231 struct sppp *sp = (struct sppp *)cookie; 4232 STDDCL; 4233 4234 SPPP_LOCK(sp); 4235 if (debug) 4236 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 4237 SPP_ARGS(ifp), 4238 sppp_state_name(sp->state[IDX_CHAP]), 4239 sp->rst_counter[IDX_CHAP]); 4240 4241 if (--sp->rst_counter[IDX_CHAP] < 0) 4242 /* TO- event */ 4243 switch (sp->state[IDX_CHAP]) { 4244 case STATE_REQ_SENT: 4245 chap.tld(sp); 4246 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4247 break; 4248 } 4249 else 4250 /* TO+ (or TO*) event */ 4251 switch (sp->state[IDX_CHAP]) { 4252 case STATE_OPENED: 4253 /* TO* event */ 4254 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4255 /* FALLTHROUGH */ 4256 case STATE_REQ_SENT: 4257 chap.scr(sp); 4258 /* sppp_cp_change_state() will restart the timer */ 4259 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4260 break; 4261 } 4262 4263 SPPP_UNLOCK(sp); 4264 } 4265 4266 static void 4267 sppp_chap_tlu(struct sppp *sp) 4268 { 4269 STDDCL; 4270 int i; 4271 4272 i = 0; 4273 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4274 4275 /* 4276 * Some broken CHAP implementations (Conware CoNet, firmware 4277 * 4.0.?) don't want to re-authenticate their CHAP once the 4278 * initial challenge-response exchange has taken place. 4279 * Provide for an option to avoid rechallenges. 4280 */ 4281 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 4282 /* 4283 * Compute the re-challenge timeout. This will yield 4284 * a number between 300 and 810 seconds. 4285 */ 4286 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 4287 callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, (void *)sp); 4288 } 4289 4290 if (debug) { 4291 log(LOG_DEBUG, 4292 SPP_FMT "chap %s, ", 4293 SPP_ARGS(ifp), 4294 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 4295 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 4296 log(-1, "next re-challenge in %d seconds\n", i); 4297 else 4298 log(-1, "re-challenging suppressed\n"); 4299 } 4300 4301 SPPP_LOCK(sp); 4302 /* indicate to LCP that we need to be closed down */ 4303 sp->lcp.protos |= (1 << IDX_CHAP); 4304 4305 if (sp->pp_flags & PP_NEEDAUTH) { 4306 /* 4307 * Remote is authenticator, but his auth proto didn't 4308 * complete yet. Defer the transition to network 4309 * phase. 4310 */ 4311 SPPP_UNLOCK(sp); 4312 return; 4313 } 4314 SPPP_UNLOCK(sp); 4315 4316 /* 4317 * If we are already in phase network, we are done here. This 4318 * is the case if this is a dummy tlu event after a re-challenge. 4319 */ 4320 if (sp->pp_phase != PHASE_NETWORK) 4321 sppp_phase_network(sp); 4322 } 4323 4324 static void 4325 sppp_chap_tld(struct sppp *sp) 4326 { 4327 STDDCL; 4328 4329 if (debug) 4330 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 4331 callout_stop(&sp->ch[IDX_CHAP]); 4332 sp->lcp.protos &= ~(1 << IDX_CHAP); 4333 4334 lcp.Close(sp); 4335 } 4336 4337 static void 4338 sppp_chap_scr(struct sppp *sp) 4339 { 4340 u_long *ch, seed; 4341 u_char clen; 4342 4343 /* Compute random challenge. */ 4344 ch = (u_long *)sp->myauth.challenge; 4345 read_random(&seed, sizeof seed); 4346 ch[0] = seed ^ random(); 4347 ch[1] = seed ^ random(); 4348 ch[2] = seed ^ random(); 4349 ch[3] = seed ^ random(); 4350 clen = AUTHKEYLEN; 4351 4352 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4353 4354 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4355 sizeof clen, (const char *)&clen, 4356 (size_t)AUTHKEYLEN, sp->myauth.challenge, 4357 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4358 sp->myauth.name, 4359 0); 4360 } 4361 4362 /* 4363 *--------------------------------------------------------------------------* 4364 * * 4365 * The PAP implementation. * 4366 * * 4367 *--------------------------------------------------------------------------* 4368 */ 4369 /* 4370 * For PAP, we need to keep a little state also if we are the peer, not the 4371 * authenticator. This is since we don't get a request to authenticate, but 4372 * have to repeatedly authenticate ourself until we got a response (or the 4373 * retry counter is expired). 4374 */ 4375 4376 /* 4377 * Handle incoming PAP packets. */ 4378 static void 4379 sppp_pap_input(struct sppp *sp, struct mbuf *m) 4380 { 4381 STDDCL; 4382 struct lcp_header *h; 4383 int len; 4384 u_char *name, *passwd, mlen; 4385 int name_len, passwd_len; 4386 4387 len = m->m_pkthdr.len; 4388 if (len < 5) { 4389 if (debug) 4390 log(LOG_DEBUG, 4391 SPP_FMT "pap invalid packet length: %d bytes\n", 4392 SPP_ARGS(ifp), len); 4393 return; 4394 } 4395 h = mtod (m, struct lcp_header*); 4396 if (len > ntohs (h->len)) 4397 len = ntohs (h->len); 4398 switch (h->type) { 4399 /* PAP request is my authproto */ 4400 case PAP_REQ: 4401 name = 1 + (u_char*)(h+1); 4402 name_len = name[-1]; 4403 passwd = name + name_len + 1; 4404 if (name_len > len - 6 || 4405 (passwd_len = passwd[-1]) > len - 6 - name_len) { 4406 if (debug) { 4407 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4408 "<%s id=0x%x len=%d", 4409 SPP_ARGS(ifp), 4410 sppp_auth_type_name(PPP_PAP, h->type), 4411 h->ident, ntohs(h->len)); 4412 sppp_print_bytes((u_char*)(h+1), len-4); 4413 log(-1, ">\n"); 4414 } 4415 break; 4416 } 4417 if (debug) { 4418 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4419 "<%s id=0x%x len=%d name=", 4420 SPP_ARGS(ifp), 4421 sppp_state_name(sp->state[IDX_PAP]), 4422 sppp_auth_type_name(PPP_PAP, h->type), 4423 h->ident, ntohs(h->len)); 4424 sppp_print_string((char*)name, name_len); 4425 log(-1, " passwd="); 4426 sppp_print_string((char*)passwd, passwd_len); 4427 log(-1, ">\n"); 4428 } 4429 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) || 4430 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) || 4431 bcmp(name, sp->hisauth.name, name_len) != 0 || 4432 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 4433 /* action scn, tld */ 4434 mlen = sizeof(FAILMSG) - 1; 4435 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4436 sizeof mlen, (const char *)&mlen, 4437 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4438 0); 4439 pap.tld(sp); 4440 break; 4441 } 4442 /* action sca, perhaps tlu */ 4443 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4444 sp->state[IDX_PAP] == STATE_OPENED) { 4445 mlen = sizeof(SUCCMSG) - 1; 4446 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4447 sizeof mlen, (const char *)&mlen, 4448 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4449 0); 4450 } 4451 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4452 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4453 pap.tlu(sp); 4454 } 4455 break; 4456 4457 /* ack and nak are his authproto */ 4458 case PAP_ACK: 4459 callout_stop(&sp->pap_my_to_ch); 4460 if (debug) { 4461 log(LOG_DEBUG, SPP_FMT "pap success", 4462 SPP_ARGS(ifp)); 4463 name_len = *((char *)h); 4464 if (len > 5 && name_len) { 4465 log(-1, ": "); 4466 sppp_print_string((char*)(h+1), name_len); 4467 } 4468 log(-1, "\n"); 4469 } 4470 SPPP_LOCK(sp); 4471 sp->pp_flags &= ~PP_NEEDAUTH; 4472 if (sp->myauth.proto == PPP_PAP && 4473 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4474 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4475 /* 4476 * We are authenticator for PAP but didn't 4477 * complete yet. Leave it to tlu to proceed 4478 * to network phase. 4479 */ 4480 SPPP_UNLOCK(sp); 4481 break; 4482 } 4483 SPPP_UNLOCK(sp); 4484 sppp_phase_network(sp); 4485 break; 4486 4487 case PAP_NAK: 4488 callout_stop (&sp->pap_my_to_ch); 4489 if (debug) { 4490 log(LOG_INFO, SPP_FMT "pap failure", 4491 SPP_ARGS(ifp)); 4492 name_len = *((char *)h); 4493 if (len > 5 && name_len) { 4494 log(-1, ": "); 4495 sppp_print_string((char*)(h+1), name_len); 4496 } 4497 log(-1, "\n"); 4498 } else 4499 log(LOG_INFO, SPP_FMT "pap failure\n", 4500 SPP_ARGS(ifp)); 4501 /* await LCP shutdown by authenticator */ 4502 break; 4503 4504 default: 4505 /* Unknown PAP packet type -- ignore. */ 4506 if (debug) { 4507 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4508 "<0x%x id=0x%x len=%d", 4509 SPP_ARGS(ifp), 4510 h->type, h->ident, ntohs(h->len)); 4511 sppp_print_bytes((u_char*)(h+1), len-4); 4512 log(-1, ">\n"); 4513 } 4514 break; 4515 4516 } 4517 } 4518 4519 static void 4520 sppp_pap_init(struct sppp *sp) 4521 { 4522 /* PAP doesn't have STATE_INITIAL at all. */ 4523 sp->state[IDX_PAP] = STATE_CLOSED; 4524 sp->fail_counter[IDX_PAP] = 0; 4525 sp->pp_seq[IDX_PAP] = 0; 4526 sp->pp_rseq[IDX_PAP] = 0; 4527 callout_init(&sp->ch[IDX_PAP], 1); 4528 callout_init(&sp->pap_my_to_ch, 1); 4529 } 4530 4531 static void 4532 sppp_pap_open(struct sppp *sp) 4533 { 4534 if (sp->hisauth.proto == PPP_PAP && 4535 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4536 /* we are authenticator for PAP, start our timer */ 4537 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4538 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4539 } 4540 if (sp->myauth.proto == PPP_PAP) { 4541 /* we are peer, send a request, and start a timer */ 4542 pap.scr(sp); 4543 callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout, 4544 sppp_pap_my_TO, (void *)sp); 4545 } 4546 } 4547 4548 static void 4549 sppp_pap_close(struct sppp *sp) 4550 { 4551 if (sp->state[IDX_PAP] != STATE_CLOSED) 4552 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4553 } 4554 4555 /* 4556 * That's the timeout routine if we are authenticator. Since the 4557 * authenticator is basically passive in PAP, we can't do much here. 4558 */ 4559 static void 4560 sppp_pap_TO(void *cookie) 4561 { 4562 struct sppp *sp = (struct sppp *)cookie; 4563 STDDCL; 4564 4565 SPPP_LOCK(sp); 4566 if (debug) 4567 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4568 SPP_ARGS(ifp), 4569 sppp_state_name(sp->state[IDX_PAP]), 4570 sp->rst_counter[IDX_PAP]); 4571 4572 if (--sp->rst_counter[IDX_PAP] < 0) 4573 /* TO- event */ 4574 switch (sp->state[IDX_PAP]) { 4575 case STATE_REQ_SENT: 4576 pap.tld(sp); 4577 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4578 break; 4579 } 4580 else 4581 /* TO+ event, not very much we could do */ 4582 switch (sp->state[IDX_PAP]) { 4583 case STATE_REQ_SENT: 4584 /* sppp_cp_change_state() will restart the timer */ 4585 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4586 break; 4587 } 4588 4589 SPPP_UNLOCK(sp); 4590 } 4591 4592 /* 4593 * That's the timeout handler if we are peer. Since the peer is active, 4594 * we need to retransmit our PAP request since it is apparently lost. 4595 * XXX We should impose a max counter. 4596 */ 4597 static void 4598 sppp_pap_my_TO(void *cookie) 4599 { 4600 struct sppp *sp = (struct sppp *)cookie; 4601 STDDCL; 4602 4603 if (debug) 4604 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4605 SPP_ARGS(ifp)); 4606 4607 SPPP_LOCK(sp); 4608 pap.scr(sp); 4609 SPPP_UNLOCK(sp); 4610 } 4611 4612 static void 4613 sppp_pap_tlu(struct sppp *sp) 4614 { 4615 STDDCL; 4616 4617 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4618 4619 if (debug) 4620 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4621 SPP_ARGS(ifp), pap.name); 4622 4623 SPPP_LOCK(sp); 4624 /* indicate to LCP that we need to be closed down */ 4625 sp->lcp.protos |= (1 << IDX_PAP); 4626 4627 if (sp->pp_flags & PP_NEEDAUTH) { 4628 /* 4629 * Remote is authenticator, but his auth proto didn't 4630 * complete yet. Defer the transition to network 4631 * phase. 4632 */ 4633 SPPP_UNLOCK(sp); 4634 return; 4635 } 4636 SPPP_UNLOCK(sp); 4637 sppp_phase_network(sp); 4638 } 4639 4640 static void 4641 sppp_pap_tld(struct sppp *sp) 4642 { 4643 STDDCL; 4644 4645 if (debug) 4646 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4647 callout_stop (&sp->ch[IDX_PAP]); 4648 callout_stop (&sp->pap_my_to_ch); 4649 sp->lcp.protos &= ~(1 << IDX_PAP); 4650 4651 lcp.Close(sp); 4652 } 4653 4654 static void 4655 sppp_pap_scr(struct sppp *sp) 4656 { 4657 u_char idlen, pwdlen; 4658 4659 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4660 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 4661 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 4662 4663 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4664 sizeof idlen, (const char *)&idlen, 4665 (size_t)idlen, sp->myauth.name, 4666 sizeof pwdlen, (const char *)&pwdlen, 4667 (size_t)pwdlen, sp->myauth.secret, 4668 0); 4669 } 4670 4671 /* 4672 * Random miscellaneous functions. 4673 */ 4674 4675 /* 4676 * Send a PAP or CHAP proto packet. 4677 * 4678 * Varadic function, each of the elements for the ellipsis is of type 4679 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4680 * mlen == 0. 4681 * NOTE: never declare variadic functions with types subject to type 4682 * promotion (i.e. u_char). This is asking for big trouble depending 4683 * on the architecture you are on... 4684 */ 4685 4686 static void 4687 sppp_auth_send(const struct cp *cp, struct sppp *sp, 4688 unsigned int type, unsigned int id, 4689 ...) 4690 { 4691 STDDCL; 4692 struct ppp_header *h; 4693 struct lcp_header *lh; 4694 struct mbuf *m; 4695 u_char *p; 4696 int len; 4697 unsigned int mlen; 4698 const char *msg; 4699 va_list ap; 4700 4701 MGETHDR (m, M_NOWAIT, MT_DATA); 4702 if (! m) 4703 return; 4704 m->m_pkthdr.rcvif = 0; 4705 4706 h = mtod (m, struct ppp_header*); 4707 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4708 h->control = PPP_UI; /* Unnumbered Info */ 4709 h->protocol = htons(cp->proto); 4710 4711 lh = (struct lcp_header*)(h + 1); 4712 lh->type = type; 4713 lh->ident = id; 4714 p = (u_char*) (lh+1); 4715 4716 va_start(ap, id); 4717 len = 0; 4718 4719 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4720 msg = va_arg(ap, const char *); 4721 len += mlen; 4722 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 4723 va_end(ap); 4724 m_freem(m); 4725 return; 4726 } 4727 4728 bcopy(msg, p, mlen); 4729 p += mlen; 4730 } 4731 va_end(ap); 4732 4733 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 4734 lh->len = htons (LCP_HEADER_LEN + len); 4735 4736 if (debug) { 4737 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4738 SPP_ARGS(ifp), cp->name, 4739 sppp_auth_type_name(cp->proto, lh->type), 4740 lh->ident, ntohs(lh->len)); 4741 sppp_print_bytes((u_char*) (lh+1), len); 4742 log(-1, ">\n"); 4743 } 4744 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3)) 4745 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 4746 } 4747 4748 /* 4749 * Flush interface queue. 4750 */ 4751 static void 4752 sppp_qflush(struct ifqueue *ifq) 4753 { 4754 struct mbuf *m, *n; 4755 4756 n = ifq->ifq_head; 4757 while ((m = n)) { 4758 n = m->m_nextpkt; 4759 m_freem (m); 4760 } 4761 ifq->ifq_head = 0; 4762 ifq->ifq_tail = 0; 4763 ifq->ifq_len = 0; 4764 } 4765 4766 /* 4767 * Send keepalive packets, every 10 seconds. 4768 */ 4769 static void 4770 sppp_keepalive(void *dummy) 4771 { 4772 struct sppp *sp = (struct sppp*)dummy; 4773 struct ifnet *ifp = SP2IFP(sp); 4774 4775 SPPP_LOCK(sp); 4776 /* Keepalive mode disabled or channel down? */ 4777 if (! (sp->pp_flags & PP_KEEPALIVE) || 4778 ! (ifp->if_drv_flags & IFF_DRV_RUNNING)) 4779 goto out; 4780 4781 if (sp->pp_mode == PP_FR) { 4782 sppp_fr_keepalive (sp); 4783 goto out; 4784 } 4785 4786 /* No keepalive in PPP mode if LCP not opened yet. */ 4787 if (sp->pp_mode != IFF_CISCO && 4788 sp->pp_phase < PHASE_AUTHENTICATE) 4789 goto out; 4790 4791 if (sp->pp_alivecnt == MAXALIVECNT) { 4792 /* No keepalive packets got. Stop the interface. */ 4793 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 4794 if_down (ifp); 4795 sppp_qflush (&sp->pp_cpq); 4796 if (sp->pp_mode != IFF_CISCO) { 4797 /* XXX */ 4798 /* Shut down the PPP link. */ 4799 lcp.Down(sp); 4800 /* Initiate negotiation. XXX */ 4801 lcp.Up(sp); 4802 } 4803 } 4804 if (sp->pp_alivecnt <= MAXALIVECNT) 4805 ++sp->pp_alivecnt; 4806 if (sp->pp_mode == IFF_CISCO) 4807 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4808 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4809 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4810 long nmagic = htonl (sp->lcp.magic); 4811 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4812 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4813 sp->lcp.echoid, 4, &nmagic); 4814 } 4815 out: 4816 SPPP_UNLOCK(sp); 4817 callout_reset(&sp->keepalive_callout, hz * 10, sppp_keepalive, 4818 (void *)sp); 4819 } 4820 4821 /* 4822 * Get both IP addresses. 4823 */ 4824 void 4825 sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 4826 { 4827 struct ifnet *ifp = SP2IFP(sp); 4828 struct ifaddr *ifa; 4829 struct sockaddr_in *si, *sm; 4830 u_long ssrc, ddst; 4831 4832 sm = NULL; 4833 ssrc = ddst = 0L; 4834 /* 4835 * Pick the first AF_INET address from the list, 4836 * aliases don't make any sense on a p2p link anyway. 4837 */ 4838 si = NULL; 4839 if_addr_rlock(ifp); 4840 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4841 if (ifa->ifa_addr->sa_family == AF_INET) { 4842 si = (struct sockaddr_in *)ifa->ifa_addr; 4843 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4844 if (si) 4845 break; 4846 } 4847 if (ifa) { 4848 if (si && si->sin_addr.s_addr) { 4849 ssrc = si->sin_addr.s_addr; 4850 if (srcmask) 4851 *srcmask = ntohl(sm->sin_addr.s_addr); 4852 } 4853 4854 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4855 if (si && si->sin_addr.s_addr) 4856 ddst = si->sin_addr.s_addr; 4857 } 4858 if_addr_runlock(ifp); 4859 4860 if (dst) *dst = ntohl(ddst); 4861 if (src) *src = ntohl(ssrc); 4862 } 4863 4864 #ifdef INET 4865 /* 4866 * Set my IP address. 4867 */ 4868 static void 4869 sppp_set_ip_addr(struct sppp *sp, u_long src) 4870 { 4871 STDDCL; 4872 struct ifaddr *ifa; 4873 struct sockaddr_in *si; 4874 struct in_ifaddr *ia; 4875 4876 /* 4877 * Pick the first AF_INET address from the list, 4878 * aliases don't make any sense on a p2p link anyway. 4879 */ 4880 si = NULL; 4881 if_addr_rlock(ifp); 4882 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 4883 if (ifa->ifa_addr->sa_family == AF_INET) { 4884 si = (struct sockaddr_in *)ifa->ifa_addr; 4885 if (si != NULL) { 4886 ifa_ref(ifa); 4887 break; 4888 } 4889 } 4890 } 4891 if_addr_runlock(ifp); 4892 4893 if (ifa != NULL) { 4894 int error; 4895 4896 /* delete old route */ 4897 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4898 if (debug && error) { 4899 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4900 SPP_ARGS(ifp), error); 4901 } 4902 4903 /* set new address */ 4904 si->sin_addr.s_addr = htonl(src); 4905 ia = ifatoia(ifa); 4906 IN_IFADDR_WLOCK(); 4907 LIST_REMOVE(ia, ia_hash); 4908 LIST_INSERT_HEAD(INADDR_HASH(si->sin_addr.s_addr), ia, ia_hash); 4909 IN_IFADDR_WUNLOCK(); 4910 4911 /* add new route */ 4912 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4913 if (debug && error) { 4914 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4915 SPP_ARGS(ifp), error); 4916 } 4917 ifa_free(ifa); 4918 } 4919 } 4920 #endif 4921 4922 #ifdef INET6 4923 /* 4924 * Get both IPv6 addresses. 4925 */ 4926 static void 4927 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4928 struct in6_addr *srcmask) 4929 { 4930 struct ifnet *ifp = SP2IFP(sp); 4931 struct ifaddr *ifa; 4932 struct sockaddr_in6 *si, *sm; 4933 struct in6_addr ssrc, ddst; 4934 4935 sm = NULL; 4936 bzero(&ssrc, sizeof(ssrc)); 4937 bzero(&ddst, sizeof(ddst)); 4938 /* 4939 * Pick the first link-local AF_INET6 address from the list, 4940 * aliases don't make any sense on a p2p link anyway. 4941 */ 4942 si = NULL; 4943 if_addr_rlock(ifp); 4944 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 4945 if (ifa->ifa_addr->sa_family == AF_INET6) { 4946 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4947 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4948 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4949 break; 4950 } 4951 if (ifa) { 4952 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 4953 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 4954 if (srcmask) { 4955 bcopy(&sm->sin6_addr, srcmask, 4956 sizeof(*srcmask)); 4957 } 4958 } 4959 4960 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 4961 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 4962 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 4963 } 4964 4965 if (dst) 4966 bcopy(&ddst, dst, sizeof(*dst)); 4967 if (src) 4968 bcopy(&ssrc, src, sizeof(*src)); 4969 if_addr_runlock(ifp); 4970 } 4971 4972 #ifdef IPV6CP_MYIFID_DYN 4973 /* 4974 * Generate random ifid. 4975 */ 4976 static void 4977 sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 4978 { 4979 /* TBD */ 4980 } 4981 4982 /* 4983 * Set my IPv6 address. 4984 */ 4985 static void 4986 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 4987 { 4988 STDDCL; 4989 struct ifaddr *ifa; 4990 struct sockaddr_in6 *sin6; 4991 4992 /* 4993 * Pick the first link-local AF_INET6 address from the list, 4994 * aliases don't make any sense on a p2p link anyway. 4995 */ 4996 4997 sin6 = NULL; 4998 if_addr_rlock(ifp); 4999 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 5000 if (ifa->ifa_addr->sa_family == AF_INET6) { 5001 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 5002 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 5003 ifa_ref(ifa); 5004 break; 5005 } 5006 } 5007 } 5008 if_addr_runlock(ifp); 5009 5010 if (ifa != NULL) { 5011 int error; 5012 struct sockaddr_in6 new_sin6 = *sin6; 5013 5014 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 5015 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 5016 if (debug && error) { 5017 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 5018 " failed, error=%d\n", SPP_ARGS(ifp), error); 5019 } 5020 ifa_free(ifa); 5021 } 5022 } 5023 #endif 5024 5025 /* 5026 * Suggest a candidate address to be used by peer. 5027 */ 5028 static void 5029 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 5030 { 5031 struct in6_addr myaddr; 5032 struct timeval tv; 5033 5034 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 5035 5036 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 5037 microtime(&tv); 5038 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 5039 myaddr.s6_addr[14] ^= 0xff; 5040 myaddr.s6_addr[15] ^= 0xff; 5041 } else { 5042 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 5043 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 5044 } 5045 if (suggest) 5046 bcopy(&myaddr, suggest, sizeof(myaddr)); 5047 } 5048 #endif /*INET6*/ 5049 5050 static int 5051 sppp_params(struct sppp *sp, u_long cmd, void *data) 5052 { 5053 u_long subcmd; 5054 struct ifreq *ifr = (struct ifreq *)data; 5055 struct spppreq *spr; 5056 int rv = 0; 5057 5058 if ((spr = malloc(sizeof(struct spppreq), M_TEMP, M_NOWAIT)) == NULL) 5059 return (EAGAIN); 5060 /* 5061 * ifr->ifr_data is supposed to point to a struct spppreq. 5062 * Check the cmd word first before attempting to fetch all the 5063 * data. 5064 */ 5065 rv = fueword(ifr->ifr_data, &subcmd); 5066 if (rv == -1) { 5067 rv = EFAULT; 5068 goto quit; 5069 } 5070 5071 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(struct spppreq)) != 0) { 5072 rv = EFAULT; 5073 goto quit; 5074 } 5075 5076 switch (subcmd) { 5077 case (u_long)SPPPIOGDEFS: 5078 if (cmd != SIOCGIFGENERIC) { 5079 rv = EINVAL; 5080 break; 5081 } 5082 /* 5083 * We copy over the entire current state, but clean 5084 * out some of the stuff we don't wanna pass up. 5085 * Remember, SIOCGIFGENERIC is unprotected, and can be 5086 * called by any user. No need to ever get PAP or 5087 * CHAP secrets back to userland anyway. 5088 */ 5089 spr->defs.pp_phase = sp->pp_phase; 5090 spr->defs.enable_vj = (sp->confflags & CONF_ENABLE_VJ) != 0; 5091 spr->defs.enable_ipv6 = (sp->confflags & CONF_ENABLE_IPV6) != 0; 5092 spr->defs.lcp = sp->lcp; 5093 spr->defs.ipcp = sp->ipcp; 5094 spr->defs.ipv6cp = sp->ipv6cp; 5095 spr->defs.myauth = sp->myauth; 5096 spr->defs.hisauth = sp->hisauth; 5097 bzero(spr->defs.myauth.secret, AUTHKEYLEN); 5098 bzero(spr->defs.myauth.challenge, AUTHKEYLEN); 5099 bzero(spr->defs.hisauth.secret, AUTHKEYLEN); 5100 bzero(spr->defs.hisauth.challenge, AUTHKEYLEN); 5101 /* 5102 * Fixup the LCP timeout value to milliseconds so 5103 * spppcontrol doesn't need to bother about the value 5104 * of "hz". We do the reverse calculation below when 5105 * setting it. 5106 */ 5107 spr->defs.lcp.timeout = sp->lcp.timeout * 1000 / hz; 5108 rv = copyout(spr, (caddr_t)ifr->ifr_data, 5109 sizeof(struct spppreq)); 5110 break; 5111 5112 case (u_long)SPPPIOSDEFS: 5113 if (cmd != SIOCSIFGENERIC) { 5114 rv = EINVAL; 5115 break; 5116 } 5117 /* 5118 * We have a very specific idea of which fields we 5119 * allow being passed back from userland, so to not 5120 * clobber our current state. For one, we only allow 5121 * setting anything if LCP is in dead or establish 5122 * phase. Once the authentication negotiations 5123 * started, the authentication settings must not be 5124 * changed again. (The administrator can force an 5125 * ifconfig down in order to get LCP back into dead 5126 * phase.) 5127 * 5128 * Also, we only allow for authentication parameters to be 5129 * specified. 5130 * 5131 * XXX Should allow to set or clear pp_flags. 5132 * 5133 * Finally, if the respective authentication protocol to 5134 * be used is set differently than 0, but the secret is 5135 * passed as all zeros, we don't trash the existing secret. 5136 * This allows an administrator to change the system name 5137 * only without clobbering the secret (which he didn't get 5138 * back in a previous SPPPIOGDEFS call). However, the 5139 * secrets are cleared if the authentication protocol is 5140 * reset to 0. */ 5141 if (sp->pp_phase != PHASE_DEAD && 5142 sp->pp_phase != PHASE_ESTABLISH) { 5143 rv = EBUSY; 5144 break; 5145 } 5146 5147 if ((spr->defs.myauth.proto != 0 && spr->defs.myauth.proto != PPP_PAP && 5148 spr->defs.myauth.proto != PPP_CHAP) || 5149 (spr->defs.hisauth.proto != 0 && spr->defs.hisauth.proto != PPP_PAP && 5150 spr->defs.hisauth.proto != PPP_CHAP)) { 5151 rv = EINVAL; 5152 break; 5153 } 5154 5155 if (spr->defs.myauth.proto == 0) 5156 /* resetting myauth */ 5157 bzero(&sp->myauth, sizeof sp->myauth); 5158 else { 5159 /* setting/changing myauth */ 5160 sp->myauth.proto = spr->defs.myauth.proto; 5161 bcopy(spr->defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 5162 if (spr->defs.myauth.secret[0] != '\0') 5163 bcopy(spr->defs.myauth.secret, sp->myauth.secret, 5164 AUTHKEYLEN); 5165 } 5166 if (spr->defs.hisauth.proto == 0) 5167 /* resetting hisauth */ 5168 bzero(&sp->hisauth, sizeof sp->hisauth); 5169 else { 5170 /* setting/changing hisauth */ 5171 sp->hisauth.proto = spr->defs.hisauth.proto; 5172 sp->hisauth.flags = spr->defs.hisauth.flags; 5173 bcopy(spr->defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 5174 if (spr->defs.hisauth.secret[0] != '\0') 5175 bcopy(spr->defs.hisauth.secret, sp->hisauth.secret, 5176 AUTHKEYLEN); 5177 } 5178 /* set LCP restart timer timeout */ 5179 if (spr->defs.lcp.timeout != 0) 5180 sp->lcp.timeout = spr->defs.lcp.timeout * hz / 1000; 5181 /* set VJ enable and IPv6 disable flags */ 5182 #ifdef INET 5183 if (spr->defs.enable_vj) 5184 sp->confflags |= CONF_ENABLE_VJ; 5185 else 5186 sp->confflags &= ~CONF_ENABLE_VJ; 5187 #endif 5188 #ifdef INET6 5189 if (spr->defs.enable_ipv6) 5190 sp->confflags |= CONF_ENABLE_IPV6; 5191 else 5192 sp->confflags &= ~CONF_ENABLE_IPV6; 5193 #endif 5194 break; 5195 5196 default: 5197 rv = EINVAL; 5198 } 5199 5200 quit: 5201 free(spr, M_TEMP); 5202 5203 return (rv); 5204 } 5205 5206 static void 5207 sppp_phase_network(struct sppp *sp) 5208 { 5209 STDDCL; 5210 int i; 5211 u_long mask; 5212 5213 sp->pp_phase = PHASE_NETWORK; 5214 5215 if (debug) 5216 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 5217 sppp_phase_name(sp->pp_phase)); 5218 5219 /* Notify NCPs now. */ 5220 for (i = 0; i < IDX_COUNT; i++) 5221 if ((cps[i])->flags & CP_NCP) 5222 (cps[i])->Open(sp); 5223 5224 /* Send Up events to all NCPs. */ 5225 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5226 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5227 (cps[i])->Up(sp); 5228 5229 /* if no NCP is starting, all this was in vain, close down */ 5230 sppp_lcp_check_and_close(sp); 5231 } 5232 5233 5234 static const char * 5235 sppp_cp_type_name(u_char type) 5236 { 5237 static char buf[12]; 5238 switch (type) { 5239 case CONF_REQ: return "conf-req"; 5240 case CONF_ACK: return "conf-ack"; 5241 case CONF_NAK: return "conf-nak"; 5242 case CONF_REJ: return "conf-rej"; 5243 case TERM_REQ: return "term-req"; 5244 case TERM_ACK: return "term-ack"; 5245 case CODE_REJ: return "code-rej"; 5246 case PROTO_REJ: return "proto-rej"; 5247 case ECHO_REQ: return "echo-req"; 5248 case ECHO_REPLY: return "echo-reply"; 5249 case DISC_REQ: return "discard-req"; 5250 } 5251 snprintf (buf, sizeof(buf), "cp/0x%x", type); 5252 return buf; 5253 } 5254 5255 static const char * 5256 sppp_auth_type_name(u_short proto, u_char type) 5257 { 5258 static char buf[12]; 5259 switch (proto) { 5260 case PPP_CHAP: 5261 switch (type) { 5262 case CHAP_CHALLENGE: return "challenge"; 5263 case CHAP_RESPONSE: return "response"; 5264 case CHAP_SUCCESS: return "success"; 5265 case CHAP_FAILURE: return "failure"; 5266 } 5267 case PPP_PAP: 5268 switch (type) { 5269 case PAP_REQ: return "req"; 5270 case PAP_ACK: return "ack"; 5271 case PAP_NAK: return "nak"; 5272 } 5273 } 5274 snprintf (buf, sizeof(buf), "auth/0x%x", type); 5275 return buf; 5276 } 5277 5278 static const char * 5279 sppp_lcp_opt_name(u_char opt) 5280 { 5281 static char buf[12]; 5282 switch (opt) { 5283 case LCP_OPT_MRU: return "mru"; 5284 case LCP_OPT_ASYNC_MAP: return "async-map"; 5285 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5286 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5287 case LCP_OPT_MAGIC: return "magic"; 5288 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5289 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5290 } 5291 snprintf (buf, sizeof(buf), "lcp/0x%x", opt); 5292 return buf; 5293 } 5294 5295 #ifdef INET 5296 static const char * 5297 sppp_ipcp_opt_name(u_char opt) 5298 { 5299 static char buf[12]; 5300 switch (opt) { 5301 case IPCP_OPT_ADDRESSES: return "addresses"; 5302 case IPCP_OPT_COMPRESSION: return "compression"; 5303 case IPCP_OPT_ADDRESS: return "address"; 5304 } 5305 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt); 5306 return buf; 5307 } 5308 #endif 5309 5310 #ifdef INET6 5311 static const char * 5312 sppp_ipv6cp_opt_name(u_char opt) 5313 { 5314 static char buf[12]; 5315 switch (opt) { 5316 case IPV6CP_OPT_IFID: return "ifid"; 5317 case IPV6CP_OPT_COMPRESSION: return "compression"; 5318 } 5319 sprintf (buf, "0x%x", opt); 5320 return buf; 5321 } 5322 #endif 5323 5324 static const char * 5325 sppp_state_name(int state) 5326 { 5327 switch (state) { 5328 case STATE_INITIAL: return "initial"; 5329 case STATE_STARTING: return "starting"; 5330 case STATE_CLOSED: return "closed"; 5331 case STATE_STOPPED: return "stopped"; 5332 case STATE_CLOSING: return "closing"; 5333 case STATE_STOPPING: return "stopping"; 5334 case STATE_REQ_SENT: return "req-sent"; 5335 case STATE_ACK_RCVD: return "ack-rcvd"; 5336 case STATE_ACK_SENT: return "ack-sent"; 5337 case STATE_OPENED: return "opened"; 5338 } 5339 return "illegal"; 5340 } 5341 5342 static const char * 5343 sppp_phase_name(enum ppp_phase phase) 5344 { 5345 switch (phase) { 5346 case PHASE_DEAD: return "dead"; 5347 case PHASE_ESTABLISH: return "establish"; 5348 case PHASE_TERMINATE: return "terminate"; 5349 case PHASE_AUTHENTICATE: return "authenticate"; 5350 case PHASE_NETWORK: return "network"; 5351 } 5352 return "illegal"; 5353 } 5354 5355 static const char * 5356 sppp_proto_name(u_short proto) 5357 { 5358 static char buf[12]; 5359 switch (proto) { 5360 case PPP_LCP: return "lcp"; 5361 case PPP_IPCP: return "ipcp"; 5362 case PPP_PAP: return "pap"; 5363 case PPP_CHAP: return "chap"; 5364 case PPP_IPV6CP: return "ipv6cp"; 5365 } 5366 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto); 5367 return buf; 5368 } 5369 5370 static void 5371 sppp_print_bytes(const u_char *p, u_short len) 5372 { 5373 if (len) 5374 log(-1, " %*D", len, p, "-"); 5375 } 5376 5377 static void 5378 sppp_print_string(const char *p, u_short len) 5379 { 5380 u_char c; 5381 5382 while (len-- > 0) { 5383 c = *p++; 5384 /* 5385 * Print only ASCII chars directly. RFC 1994 recommends 5386 * using only them, but we don't rely on it. */ 5387 if (c < ' ' || c > '~') 5388 log(-1, "\\x%x", c); 5389 else 5390 log(-1, "%c", c); 5391 } 5392 } 5393 5394 #ifdef INET 5395 static const char * 5396 sppp_dotted_quad(u_long addr) 5397 { 5398 static char s[16]; 5399 sprintf(s, "%d.%d.%d.%d", 5400 (int)((addr >> 24) & 0xff), 5401 (int)((addr >> 16) & 0xff), 5402 (int)((addr >> 8) & 0xff), 5403 (int)(addr & 0xff)); 5404 return s; 5405 } 5406 #endif 5407 5408 static int 5409 sppp_strnlen(u_char *p, int max) 5410 { 5411 int len; 5412 5413 for (len = 0; len < max && *p; ++p) 5414 ++len; 5415 return len; 5416 } 5417 5418 /* a dummy, used to drop uninteresting events */ 5419 static void 5420 sppp_null(struct sppp *unused) 5421 { 5422 /* do just nothing */ 5423 }
Cache object: 5b60e1ed219a140e22703fdd1777360d
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]