FreeBSD/Linux Kernel Cross Reference
sys/net/if_spppsubr.c
1 /*
2 * Synchronous PPP/Cisco/Frame Relay link level subroutines.
3 * Keepalive protocol implemented in both Cisco and PPP modes.
4 */
5 /*-
6 * Copyright (C) 1994-2000 Cronyx Engineering.
7 * Author: Serge Vakulenko, <vak@cronyx.ru>
8 *
9 * Heavily revamped to conform to RFC 1661.
10 * Copyright (C) 1997, 2001 Joerg Wunsch.
11 *
12 * This software is distributed with NO WARRANTIES, not even the implied
13 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
14 *
15 * Authors grant any other persons or organisations permission to use
16 * or modify this software as long as this message is kept with the software,
17 * all derivative works or modified versions.
18 *
19 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997
20 *
21 * $FreeBSD: releng/6.1/sys/net/if_spppsubr.c 161557 2006-08-23 22:06:40Z cperciva $
22 */
23
24 #include <sys/param.h>
25
26 #if defined(__FreeBSD__) && __FreeBSD__ >= 3
27 #include "opt_inet.h"
28 #include "opt_inet6.h"
29 #include "opt_ipx.h"
30 #endif
31
32 #ifdef NetBSD1_3
33 # if NetBSD1_3 > 6
34 # include "opt_inet.h"
35 # include "opt_inet6.h"
36 # include "opt_iso.h"
37 # endif
38 #endif
39
40 #include <sys/systm.h>
41 #include <sys/kernel.h>
42 #include <sys/module.h>
43 #include <sys/sockio.h>
44 #include <sys/socket.h>
45 #include <sys/syslog.h>
46 #if defined(__FreeBSD__) && __FreeBSD__ >= 3
47 #include <sys/random.h>
48 #endif
49 #include <sys/malloc.h>
50 #include <sys/mbuf.h>
51
52 #if defined (__OpenBSD__)
53 #include <sys/md5k.h>
54 #else
55 #include <sys/md5.h>
56 #endif
57
58 #include <net/if.h>
59 #include <net/netisr.h>
60 #include <net/if_types.h>
61 #include <net/route.h>
62 #include <netinet/in.h>
63 #include <netinet/in_systm.h>
64 #include <netinet/ip.h>
65 #include <net/slcompress.h>
66
67 #if defined (__NetBSD__) || defined (__OpenBSD__)
68 #include <machine/cpu.h> /* XXX for softnet */
69 #endif
70
71 #include <machine/stdarg.h>
72
73 #include <netinet/in_var.h>
74
75 #ifdef INET
76 #include <netinet/ip.h>
77 #include <netinet/tcp.h>
78 #endif
79
80 #ifdef INET6
81 #include <netinet6/scope6_var.h>
82 #endif
83
84 #if defined (__FreeBSD__) || defined (__OpenBSD__)
85 # include <netinet/if_ether.h>
86 #else
87 # include <net/ethertypes.h>
88 #endif
89
90 #ifdef IPX
91 #include <netipx/ipx.h>
92 #include <netipx/ipx_if.h>
93 #endif
94
95 #include <net/if_sppp.h>
96
97 #if defined(__FreeBSD__) && __FreeBSD__ >= 3
98 # define IOCTL_CMD_T u_long
99 #else
100 # define IOCTL_CMD_T int
101 #endif
102
103 #define MAXALIVECNT 3 /* max. alive packets */
104
105 /*
106 * Interface flags that can be set in an ifconfig command.
107 *
108 * Setting link0 will make the link passive, i.e. it will be marked
109 * as being administrative openable, but won't be opened to begin
110 * with. Incoming calls will be answered, or subsequent calls with
111 * -link1 will cause the administrative open of the LCP layer.
112 *
113 * Setting link1 will cause the link to auto-dial only as packets
114 * arrive to be sent.
115 *
116 * Setting IFF_DEBUG will syslog the option negotiation and state
117 * transitions at level kern.debug. Note: all logs consistently look
118 * like
119 *
120 * <if-name><unit>: <proto-name> <additional info...>
121 *
122 * with <if-name><unit> being something like "bppp0", and <proto-name>
123 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc.
124 */
125
126 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */
127 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */
128 #define IFF_CISCO IFF_LINK2 /* auto-dial on output */
129
130 #define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */
131 #define PPP_UI 0x03 /* Unnumbered Information */
132 #define PPP_IP 0x0021 /* Internet Protocol */
133 #define PPP_ISO 0x0023 /* ISO OSI Protocol */
134 #define PPP_XNS 0x0025 /* Xerox NS Protocol */
135 #define PPP_IPX 0x002b /* Novell IPX Protocol */
136 #define PPP_VJ_COMP 0x002d /* VJ compressed TCP/IP */
137 #define PPP_VJ_UCOMP 0x002f /* VJ uncompressed TCP/IP */
138 #define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */
139 #define PPP_LCP 0xc021 /* Link Control Protocol */
140 #define PPP_PAP 0xc023 /* Password Authentication Protocol */
141 #define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */
142 #define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */
143 #define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */
144
145 #define CONF_REQ 1 /* PPP configure request */
146 #define CONF_ACK 2 /* PPP configure acknowledge */
147 #define CONF_NAK 3 /* PPP configure negative ack */
148 #define CONF_REJ 4 /* PPP configure reject */
149 #define TERM_REQ 5 /* PPP terminate request */
150 #define TERM_ACK 6 /* PPP terminate acknowledge */
151 #define CODE_REJ 7 /* PPP code reject */
152 #define PROTO_REJ 8 /* PPP protocol reject */
153 #define ECHO_REQ 9 /* PPP echo request */
154 #define ECHO_REPLY 10 /* PPP echo reply */
155 #define DISC_REQ 11 /* PPP discard request */
156
157 #define LCP_OPT_MRU 1 /* maximum receive unit */
158 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */
159 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */
160 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */
161 #define LCP_OPT_MAGIC 5 /* magic number */
162 #define LCP_OPT_RESERVED 6 /* reserved */
163 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */
164 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */
165
166 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */
167 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */
168 #define IPCP_OPT_ADDRESS 3 /* local IP address */
169
170 #define IPV6CP_OPT_IFID 1 /* interface identifier */
171 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */
172
173 #define IPCP_COMP_VJ 0x2d /* Code for VJ compression */
174
175 #define PAP_REQ 1 /* PAP name/password request */
176 #define PAP_ACK 2 /* PAP acknowledge */
177 #define PAP_NAK 3 /* PAP fail */
178
179 #define CHAP_CHALLENGE 1 /* CHAP challenge request */
180 #define CHAP_RESPONSE 2 /* CHAP challenge response */
181 #define CHAP_SUCCESS 3 /* CHAP response ok */
182 #define CHAP_FAILURE 4 /* CHAP response failed */
183
184 #define CHAP_MD5 5 /* hash algorithm - MD5 */
185
186 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */
187 #define CISCO_UNICAST 0x0f /* Cisco unicast address */
188 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */
189 #define CISCO_ADDR_REQ 0 /* Cisco address request */
190 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */
191 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */
192
193 /* states are named and numbered according to RFC 1661 */
194 #define STATE_INITIAL 0
195 #define STATE_STARTING 1
196 #define STATE_CLOSED 2
197 #define STATE_STOPPED 3
198 #define STATE_CLOSING 4
199 #define STATE_STOPPING 5
200 #define STATE_REQ_SENT 6
201 #define STATE_ACK_RCVD 7
202 #define STATE_ACK_SENT 8
203 #define STATE_OPENED 9
204
205 MALLOC_DEFINE(M_SPPP, "sppp", "synchronous PPP interface internals");
206
207 struct ppp_header {
208 u_char address;
209 u_char control;
210 u_short protocol;
211 } __packed;
212 #define PPP_HEADER_LEN sizeof (struct ppp_header)
213
214 struct lcp_header {
215 u_char type;
216 u_char ident;
217 u_short len;
218 } __packed;
219 #define LCP_HEADER_LEN sizeof (struct lcp_header)
220
221 struct cisco_packet {
222 u_long type;
223 u_long par1;
224 u_long par2;
225 u_short rel;
226 u_short time0;
227 u_short time1;
228 } __packed;
229 #define CISCO_PACKET_LEN sizeof (struct cisco_packet)
230
231 /*
232 * We follow the spelling and capitalization of RFC 1661 here, to make
233 * it easier comparing with the standard. Please refer to this RFC in
234 * case you can't make sense out of these abbreviation; it will also
235 * explain the semantics related to the various events and actions.
236 */
237 struct cp {
238 u_short proto; /* PPP control protocol number */
239 u_char protoidx; /* index into state table in struct sppp */
240 u_char flags;
241 #define CP_LCP 0x01 /* this is the LCP */
242 #define CP_AUTH 0x02 /* this is an authentication protocol */
243 #define CP_NCP 0x04 /* this is a NCP */
244 #define CP_QUAL 0x08 /* this is a quality reporting protocol */
245 const char *name; /* name of this control protocol */
246 /* event handlers */
247 void (*Up)(struct sppp *sp);
248 void (*Down)(struct sppp *sp);
249 void (*Open)(struct sppp *sp);
250 void (*Close)(struct sppp *sp);
251 void (*TO)(void *sp);
252 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len);
253 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len);
254 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len);
255 /* actions */
256 void (*tlu)(struct sppp *sp);
257 void (*tld)(struct sppp *sp);
258 void (*tls)(struct sppp *sp);
259 void (*tlf)(struct sppp *sp);
260 void (*scr)(struct sppp *sp);
261 };
262
263 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 && __FreeBSD_version < 501113
264 #define SPP_FMT "%s%d: "
265 #define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit
266 #else
267 #define SPP_FMT "%s: "
268 #define SPP_ARGS(ifp) (ifp)->if_xname
269 #endif
270
271 #define SPPP_LOCK(sp) \
272 do { \
273 if (!(SP2IFP(sp)->if_flags & IFF_NEEDSGIANT)) \
274 mtx_lock (&(sp)->mtx); \
275 } while (0)
276 #define SPPP_UNLOCK(sp) \
277 do { \
278 if (!(SP2IFP(sp)->if_flags & IFF_NEEDSGIANT)) \
279 mtx_unlock (&(sp)->mtx); \
280 } while (0)
281
282 #define SPPP_LOCK_ASSERT(sp) \
283 do { \
284 if (!(SP2IFP(sp)->if_flags & IFF_NEEDSGIANT)) \
285 mtx_assert (&(sp)->mtx, MA_OWNED); \
286 } while (0)
287 #define SPPP_LOCK_OWNED(sp) \
288 (!(SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) && \
289 mtx_owned (&sp->mtx))
290
291 #ifdef INET
292 /*
293 * The following disgusting hack gets around the problem that IP TOS
294 * can't be set yet. We want to put "interactive" traffic on a high
295 * priority queue. To decide if traffic is interactive, we check that
296 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control.
297 *
298 * XXX is this really still necessary? - joerg -
299 */
300 static const u_short interactive_ports[8] = {
301 0, 513, 0, 0,
302 0, 21, 0, 23,
303 };
304 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p))
305 #endif
306
307 /* almost every function needs these */
308 #define STDDCL \
309 struct ifnet *ifp = SP2IFP(sp); \
310 int debug = ifp->if_flags & IFF_DEBUG
311
312 static int sppp_output(struct ifnet *ifp, struct mbuf *m,
313 struct sockaddr *dst, struct rtentry *rt);
314
315 static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2);
316 static void sppp_cisco_input(struct sppp *sp, struct mbuf *m);
317
318 static void sppp_cp_input(const struct cp *cp, struct sppp *sp,
319 struct mbuf *m);
320 static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
321 u_char ident, u_short len, void *data);
322 /* static void sppp_cp_timeout(void *arg); */
323 static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp,
324 int newstate);
325 static void sppp_auth_send(const struct cp *cp,
326 struct sppp *sp, unsigned int type, unsigned int id,
327 ...);
328
329 static void sppp_up_event(const struct cp *cp, struct sppp *sp);
330 static void sppp_down_event(const struct cp *cp, struct sppp *sp);
331 static void sppp_open_event(const struct cp *cp, struct sppp *sp);
332 static void sppp_close_event(const struct cp *cp, struct sppp *sp);
333 static void sppp_to_event(const struct cp *cp, struct sppp *sp);
334
335 static void sppp_null(struct sppp *sp);
336
337 static void sppp_pp_up(struct sppp *sp);
338 static void sppp_pp_down(struct sppp *sp);
339
340 static void sppp_lcp_init(struct sppp *sp);
341 static void sppp_lcp_up(struct sppp *sp);
342 static void sppp_lcp_down(struct sppp *sp);
343 static void sppp_lcp_open(struct sppp *sp);
344 static void sppp_lcp_close(struct sppp *sp);
345 static void sppp_lcp_TO(void *sp);
346 static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
347 static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
348 static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
349 static void sppp_lcp_tlu(struct sppp *sp);
350 static void sppp_lcp_tld(struct sppp *sp);
351 static void sppp_lcp_tls(struct sppp *sp);
352 static void sppp_lcp_tlf(struct sppp *sp);
353 static void sppp_lcp_scr(struct sppp *sp);
354 static void sppp_lcp_check_and_close(struct sppp *sp);
355 static int sppp_ncp_check(struct sppp *sp);
356
357 static void sppp_ipcp_init(struct sppp *sp);
358 static void sppp_ipcp_up(struct sppp *sp);
359 static void sppp_ipcp_down(struct sppp *sp);
360 static void sppp_ipcp_open(struct sppp *sp);
361 static void sppp_ipcp_close(struct sppp *sp);
362 static void sppp_ipcp_TO(void *sp);
363 static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
364 static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
365 static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
366 static void sppp_ipcp_tlu(struct sppp *sp);
367 static void sppp_ipcp_tld(struct sppp *sp);
368 static void sppp_ipcp_tls(struct sppp *sp);
369 static void sppp_ipcp_tlf(struct sppp *sp);
370 static void sppp_ipcp_scr(struct sppp *sp);
371
372 static void sppp_ipv6cp_init(struct sppp *sp);
373 static void sppp_ipv6cp_up(struct sppp *sp);
374 static void sppp_ipv6cp_down(struct sppp *sp);
375 static void sppp_ipv6cp_open(struct sppp *sp);
376 static void sppp_ipv6cp_close(struct sppp *sp);
377 static void sppp_ipv6cp_TO(void *sp);
378 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len);
379 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
380 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
381 static void sppp_ipv6cp_tlu(struct sppp *sp);
382 static void sppp_ipv6cp_tld(struct sppp *sp);
383 static void sppp_ipv6cp_tls(struct sppp *sp);
384 static void sppp_ipv6cp_tlf(struct sppp *sp);
385 static void sppp_ipv6cp_scr(struct sppp *sp);
386
387 static void sppp_pap_input(struct sppp *sp, struct mbuf *m);
388 static void sppp_pap_init(struct sppp *sp);
389 static void sppp_pap_open(struct sppp *sp);
390 static void sppp_pap_close(struct sppp *sp);
391 static void sppp_pap_TO(void *sp);
392 static void sppp_pap_my_TO(void *sp);
393 static void sppp_pap_tlu(struct sppp *sp);
394 static void sppp_pap_tld(struct sppp *sp);
395 static void sppp_pap_scr(struct sppp *sp);
396
397 static void sppp_chap_input(struct sppp *sp, struct mbuf *m);
398 static void sppp_chap_init(struct sppp *sp);
399 static void sppp_chap_open(struct sppp *sp);
400 static void sppp_chap_close(struct sppp *sp);
401 static void sppp_chap_TO(void *sp);
402 static void sppp_chap_tlu(struct sppp *sp);
403 static void sppp_chap_tld(struct sppp *sp);
404 static void sppp_chap_scr(struct sppp *sp);
405
406 static const char *sppp_auth_type_name(u_short proto, u_char type);
407 static const char *sppp_cp_type_name(u_char type);
408 static const char *sppp_dotted_quad(u_long addr);
409 static const char *sppp_ipcp_opt_name(u_char opt);
410 #ifdef INET6
411 static const char *sppp_ipv6cp_opt_name(u_char opt);
412 #endif
413 static const char *sppp_lcp_opt_name(u_char opt);
414 static const char *sppp_phase_name(enum ppp_phase phase);
415 static const char *sppp_proto_name(u_short proto);
416 static const char *sppp_state_name(int state);
417 static int sppp_params(struct sppp *sp, u_long cmd, void *data);
418 static int sppp_strnlen(u_char *p, int max);
419 static void sppp_keepalive(void *dummy);
420 static void sppp_phase_network(struct sppp *sp);
421 static void sppp_print_bytes(const u_char *p, u_short len);
422 static void sppp_print_string(const char *p, u_short len);
423 static void sppp_qflush(struct ifqueue *ifq);
424 static void sppp_set_ip_addr(struct sppp *sp, u_long src);
425 #ifdef INET6
426 static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src,
427 struct in6_addr *dst, struct in6_addr *srcmask);
428 #ifdef IPV6CP_MYIFID_DYN
429 static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src);
430 static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src);
431 #endif
432 static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src);
433 #endif
434
435 /* if_start () wrapper */
436 static void sppp_ifstart (struct ifnet *ifp);
437
438 /* our control protocol descriptors */
439 static const struct cp lcp = {
440 PPP_LCP, IDX_LCP, CP_LCP, "lcp",
441 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close,
442 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak,
443 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf,
444 sppp_lcp_scr
445 };
446
447 static const struct cp ipcp = {
448 PPP_IPCP, IDX_IPCP,
449 #ifdef INET /* don't run IPCP if there's no IPv4 support */
450 CP_NCP,
451 #else
452 0,
453 #endif
454 "ipcp",
455 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close,
456 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak,
457 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf,
458 sppp_ipcp_scr
459 };
460
461 static const struct cp ipv6cp = {
462 PPP_IPV6CP, IDX_IPV6CP,
463 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/
464 CP_NCP,
465 #else
466 0,
467 #endif
468 "ipv6cp",
469 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close,
470 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak,
471 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf,
472 sppp_ipv6cp_scr
473 };
474
475 static const struct cp pap = {
476 PPP_PAP, IDX_PAP, CP_AUTH, "pap",
477 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close,
478 sppp_pap_TO, 0, 0, 0,
479 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null,
480 sppp_pap_scr
481 };
482
483 static const struct cp chap = {
484 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap",
485 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close,
486 sppp_chap_TO, 0, 0, 0,
487 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null,
488 sppp_chap_scr
489 };
490
491 static const struct cp *cps[IDX_COUNT] = {
492 &lcp, /* IDX_LCP */
493 &ipcp, /* IDX_IPCP */
494 &ipv6cp, /* IDX_IPV6CP */
495 &pap, /* IDX_PAP */
496 &chap, /* IDX_CHAP */
497 };
498
499 static void*
500 sppp_alloc(u_char type, struct ifnet *ifp)
501 {
502 struct sppp *sp;
503
504 sp = malloc(sizeof(struct sppp), M_SPPP, M_WAITOK | M_ZERO);
505 sp->pp_ifp = ifp;
506
507 return (sp);
508 }
509
510 static void
511 sppp_free(void *com, u_char type)
512 {
513
514 free(com, M_SPPP);
515 }
516
517 static int
518 sppp_modevent(module_t mod, int type, void *unused)
519 {
520 switch (type) {
521 case MOD_LOAD:
522 /*
523 * XXX: should probably be IFT_SPPP, but it's fairly
524 * harmless to allocate struct sppp's for non-sppp
525 * interfaces.
526 */
527
528 if_register_com_alloc(IFT_PPP, sppp_alloc, sppp_free);
529 break;
530 case MOD_UNLOAD:
531 /* if_deregister_com_alloc(IFT_PPP); */
532 return EACCES;
533 default:
534 return EOPNOTSUPP;
535 }
536 return 0;
537 }
538 static moduledata_t spppmod = {
539 "sppp",
540 sppp_modevent,
541 0
542 };
543 MODULE_VERSION(sppp, 1);
544 DECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY);
545
546 /*
547 * Exported functions, comprising our interface to the lower layer.
548 */
549
550 /*
551 * Process the received packet.
552 */
553 void
554 sppp_input(struct ifnet *ifp, struct mbuf *m)
555 {
556 struct ppp_header *h;
557 int isr = -1;
558 struct sppp *sp = IFP2SP(ifp);
559 u_char *iphdr;
560 int hlen, vjlen, do_account = 0;
561 int debug;
562
563 SPPP_LOCK(sp);
564 debug = ifp->if_flags & IFF_DEBUG;
565
566 if (ifp->if_flags & IFF_UP)
567 /* Count received bytes, add FCS and one flag */
568 ifp->if_ibytes += m->m_pkthdr.len + 3;
569
570 if (m->m_pkthdr.len <= PPP_HEADER_LEN) {
571 /* Too small packet, drop it. */
572 if (debug)
573 log(LOG_DEBUG,
574 SPP_FMT "input packet is too small, %d bytes\n",
575 SPP_ARGS(ifp), m->m_pkthdr.len);
576 drop:
577 m_freem (m);
578 SPPP_UNLOCK(sp);
579 drop2:
580 ++ifp->if_ierrors;
581 ++ifp->if_iqdrops;
582 return;
583 }
584
585 if (sp->pp_mode == PP_FR) {
586 sppp_fr_input (sp, m);
587 SPPP_UNLOCK(sp);
588 return;
589 }
590
591 /* Get PPP header. */
592 h = mtod (m, struct ppp_header*);
593 m_adj (m, PPP_HEADER_LEN);
594
595 switch (h->address) {
596 case PPP_ALLSTATIONS:
597 if (h->control != PPP_UI)
598 goto invalid;
599 if (sp->pp_mode == IFF_CISCO) {
600 if (debug)
601 log(LOG_DEBUG,
602 SPP_FMT "PPP packet in Cisco mode "
603 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
604 SPP_ARGS(ifp),
605 h->address, h->control, ntohs(h->protocol));
606 goto drop;
607 }
608 switch (ntohs (h->protocol)) {
609 default:
610 if (debug)
611 log(LOG_DEBUG,
612 SPP_FMT "rejecting protocol "
613 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
614 SPP_ARGS(ifp),
615 h->address, h->control, ntohs(h->protocol));
616 if (sp->state[IDX_LCP] == STATE_OPENED)
617 sppp_cp_send (sp, PPP_LCP, PROTO_REJ,
618 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2,
619 &h->protocol);
620 ++ifp->if_noproto;
621 goto drop;
622 case PPP_LCP:
623 sppp_cp_input(&lcp, sp, m);
624 m_freem (m);
625 SPPP_UNLOCK(sp);
626 return;
627 case PPP_PAP:
628 if (sp->pp_phase >= PHASE_AUTHENTICATE)
629 sppp_pap_input(sp, m);
630 m_freem (m);
631 SPPP_UNLOCK(sp);
632 return;
633 case PPP_CHAP:
634 if (sp->pp_phase >= PHASE_AUTHENTICATE)
635 sppp_chap_input(sp, m);
636 m_freem (m);
637 SPPP_UNLOCK(sp);
638 return;
639 #ifdef INET
640 case PPP_IPCP:
641 if (sp->pp_phase == PHASE_NETWORK)
642 sppp_cp_input(&ipcp, sp, m);
643 m_freem (m);
644 SPPP_UNLOCK(sp);
645 return;
646 case PPP_IP:
647 if (sp->state[IDX_IPCP] == STATE_OPENED) {
648 isr = NETISR_IP;
649 }
650 do_account++;
651 break;
652 case PPP_VJ_COMP:
653 if (sp->state[IDX_IPCP] == STATE_OPENED) {
654 if ((vjlen =
655 sl_uncompress_tcp_core(mtod(m, u_char *),
656 m->m_len, m->m_len,
657 TYPE_COMPRESSED_TCP,
658 sp->pp_comp,
659 &iphdr, &hlen)) <= 0) {
660 if (debug)
661 log(LOG_INFO,
662 SPP_FMT "VJ uncompress failed on compressed packet\n",
663 SPP_ARGS(ifp));
664 goto drop;
665 }
666
667 /*
668 * Trim the VJ header off the packet, and prepend
669 * the uncompressed IP header (which will usually
670 * end up in two chained mbufs since there's not
671 * enough leading space in the existing mbuf).
672 */
673 m_adj(m, vjlen);
674 M_PREPEND(m, hlen, M_DONTWAIT);
675 if (m == NULL) {
676 SPPP_UNLOCK(sp);
677 goto drop2;
678 }
679 bcopy(iphdr, mtod(m, u_char *), hlen);
680 isr = NETISR_IP;
681 }
682 do_account++;
683 break;
684 case PPP_VJ_UCOMP:
685 if (sp->state[IDX_IPCP] == STATE_OPENED) {
686 if (sl_uncompress_tcp_core(mtod(m, u_char *),
687 m->m_len, m->m_len,
688 TYPE_UNCOMPRESSED_TCP,
689 sp->pp_comp,
690 &iphdr, &hlen) != 0) {
691 if (debug)
692 log(LOG_INFO,
693 SPP_FMT "VJ uncompress failed on uncompressed packet\n",
694 SPP_ARGS(ifp));
695 goto drop;
696 }
697 isr = NETISR_IP;
698 }
699 do_account++;
700 break;
701 #endif
702 #ifdef INET6
703 case PPP_IPV6CP:
704 if (sp->pp_phase == PHASE_NETWORK)
705 sppp_cp_input(&ipv6cp, sp, m);
706 m_freem (m);
707 SPPP_UNLOCK(sp);
708 return;
709
710 case PPP_IPV6:
711 if (sp->state[IDX_IPV6CP] == STATE_OPENED)
712 isr = NETISR_IPV6;
713 do_account++;
714 break;
715 #endif
716 #ifdef IPX
717 case PPP_IPX:
718 /* IPX IPXCP not implemented yet */
719 if (sp->pp_phase == PHASE_NETWORK)
720 isr = NETISR_IPX;
721 do_account++;
722 break;
723 #endif
724 }
725 break;
726 case CISCO_MULTICAST:
727 case CISCO_UNICAST:
728 /* Don't check the control field here (RFC 1547). */
729 if (sp->pp_mode != IFF_CISCO) {
730 if (debug)
731 log(LOG_DEBUG,
732 SPP_FMT "Cisco packet in PPP mode "
733 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
734 SPP_ARGS(ifp),
735 h->address, h->control, ntohs(h->protocol));
736 goto drop;
737 }
738 switch (ntohs (h->protocol)) {
739 default:
740 ++ifp->if_noproto;
741 goto invalid;
742 case CISCO_KEEPALIVE:
743 sppp_cisco_input (sp, m);
744 m_freem (m);
745 SPPP_UNLOCK(sp);
746 return;
747 #ifdef INET
748 case ETHERTYPE_IP:
749 isr = NETISR_IP;
750 do_account++;
751 break;
752 #endif
753 #ifdef INET6
754 case ETHERTYPE_IPV6:
755 isr = NETISR_IPV6;
756 do_account++;
757 break;
758 #endif
759 #ifdef IPX
760 case ETHERTYPE_IPX:
761 isr = NETISR_IPX;
762 do_account++;
763 break;
764 #endif
765 }
766 break;
767 default: /* Invalid PPP packet. */
768 invalid:
769 if (debug)
770 log(LOG_DEBUG,
771 SPP_FMT "invalid input packet "
772 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
773 SPP_ARGS(ifp),
774 h->address, h->control, ntohs(h->protocol));
775 goto drop;
776 }
777
778 if (! (ifp->if_flags & IFF_UP) || isr == -1)
779 goto drop;
780
781 SPPP_UNLOCK(sp);
782 /* Check queue. */
783 if (netisr_queue(isr, m)) { /* (0) on success. */
784 if (debug)
785 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n",
786 SPP_ARGS(ifp));
787 goto drop2;
788 }
789
790 if (do_account)
791 /*
792 * Do only account for network packets, not for control
793 * packets. This is used by some subsystems to detect
794 * idle lines.
795 */
796 sp->pp_last_recv = time_second;
797 }
798
799 static void
800 sppp_ifstart_sched(void *dummy)
801 {
802 struct sppp *sp = dummy;
803
804 sp->if_start(SP2IFP(sp));
805 }
806
807 /* if_start () wrapper function. We use it to schedule real if_start () for
808 * execution. We can't call it directly
809 */
810 static void
811 sppp_ifstart(struct ifnet *ifp)
812 {
813 struct sppp *sp = IFP2SP(ifp);
814
815 if (SPPP_LOCK_OWNED(sp)) {
816 if (callout_pending(&sp->ifstart_callout))
817 return;
818 callout_reset(&sp->ifstart_callout, 1, sppp_ifstart_sched,
819 (void *)sp);
820 } else {
821 sp->if_start(ifp);
822 }
823 }
824
825 /*
826 * Enqueue transmit packet.
827 */
828 static int
829 sppp_output(struct ifnet *ifp, struct mbuf *m,
830 struct sockaddr *dst, struct rtentry *rt)
831 {
832 struct sppp *sp = IFP2SP(ifp);
833 struct ppp_header *h;
834 struct ifqueue *ifq = NULL;
835 int s, error, rv = 0;
836 int ipproto = PPP_IP;
837 int debug = ifp->if_flags & IFF_DEBUG;
838
839 s = splimp();
840 SPPP_LOCK(sp);
841
842 if (!(ifp->if_flags & IFF_UP) ||
843 (!(ifp->if_flags & IFF_AUTO) &&
844 !(ifp->if_drv_flags & IFF_DRV_RUNNING))) {
845 #ifdef INET6
846 drop:
847 #endif
848 m_freem (m);
849 SPPP_UNLOCK(sp);
850 splx (s);
851 return (ENETDOWN);
852 }
853
854 if ((ifp->if_flags & IFF_AUTO) &&
855 !(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
856 #ifdef INET6
857 /*
858 * XXX
859 *
860 * Hack to prevent the initialization-time generated
861 * IPv6 multicast packet to erroneously cause a
862 * dialout event in case IPv6 has been
863 * administratively disabled on that interface.
864 */
865 if (dst->sa_family == AF_INET6 &&
866 !(sp->confflags & CONF_ENABLE_IPV6))
867 goto drop;
868 #endif
869 /*
870 * Interface is not yet running, but auto-dial. Need
871 * to start LCP for it.
872 */
873 ifp->if_drv_flags |= IFF_DRV_RUNNING;
874 splx(s);
875 lcp.Open(sp);
876 s = splimp();
877 }
878
879 #ifdef INET
880 if (dst->sa_family == AF_INET) {
881 /* XXX Check mbuf length here? */
882 struct ip *ip = mtod (m, struct ip*);
883 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl);
884
885 /*
886 * When using dynamic local IP address assignment by using
887 * 0.0.0.0 as a local address, the first TCP session will
888 * not connect because the local TCP checksum is computed
889 * using 0.0.0.0 which will later become our real IP address
890 * so the TCP checksum computed at the remote end will
891 * become invalid. So we
892 * - don't let packets with src ip addr 0 thru
893 * - we flag TCP packets with src ip 0 as an error
894 */
895
896 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */
897 {
898 m_freem(m);
899 SPPP_UNLOCK(sp);
900 splx(s);
901 if(ip->ip_p == IPPROTO_TCP)
902 return(EADDRNOTAVAIL);
903 else
904 return(0);
905 }
906
907 /*
908 * Put low delay, telnet, rlogin and ftp control packets
909 * in front of the queue or let ALTQ take care.
910 */
911 if (ALTQ_IS_ENABLED(&ifp->if_snd))
912 ;
913 else if (_IF_QFULL(&sp->pp_fastq))
914 ;
915 else if (ip->ip_tos & IPTOS_LOWDELAY)
916 ifq = &sp->pp_fastq;
917 else if (m->m_len < sizeof *ip + sizeof *tcp)
918 ;
919 else if (ip->ip_p != IPPROTO_TCP)
920 ;
921 else if (INTERACTIVE (ntohs (tcp->th_sport)))
922 ifq = &sp->pp_fastq;
923 else if (INTERACTIVE (ntohs (tcp->th_dport)))
924 ifq = &sp->pp_fastq;
925
926 /*
927 * Do IP Header compression
928 */
929 if (sp->pp_mode != IFF_CISCO && sp->pp_mode != PP_FR &&
930 (sp->ipcp.flags & IPCP_VJ) && ip->ip_p == IPPROTO_TCP)
931 switch (sl_compress_tcp(m, ip, sp->pp_comp,
932 sp->ipcp.compress_cid)) {
933 case TYPE_COMPRESSED_TCP:
934 ipproto = PPP_VJ_COMP;
935 break;
936 case TYPE_UNCOMPRESSED_TCP:
937 ipproto = PPP_VJ_UCOMP;
938 break;
939 case TYPE_IP:
940 ipproto = PPP_IP;
941 break;
942 default:
943 m_freem(m);
944 SPPP_UNLOCK(sp);
945 splx(s);
946 return (EINVAL);
947 }
948 }
949 #endif
950
951 #ifdef INET6
952 if (dst->sa_family == AF_INET6) {
953 /* XXX do something tricky here? */
954 }
955 #endif
956
957 if (sp->pp_mode == PP_FR) {
958 /* Add frame relay header. */
959 m = sppp_fr_header (sp, m, dst->sa_family);
960 if (! m)
961 goto nobufs;
962 goto out;
963 }
964
965 /*
966 * Prepend general data packet PPP header. For now, IP only.
967 */
968 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT);
969 if (! m) {
970 nobufs: if (debug)
971 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n",
972 SPP_ARGS(ifp));
973 ++ifp->if_oerrors;
974 SPPP_UNLOCK(sp);
975 splx (s);
976 return (ENOBUFS);
977 }
978 /*
979 * May want to check size of packet
980 * (albeit due to the implementation it's always enough)
981 */
982 h = mtod (m, struct ppp_header*);
983 if (sp->pp_mode == IFF_CISCO) {
984 h->address = CISCO_UNICAST; /* unicast address */
985 h->control = 0;
986 } else {
987 h->address = PPP_ALLSTATIONS; /* broadcast address */
988 h->control = PPP_UI; /* Unnumbered Info */
989 }
990
991 switch (dst->sa_family) {
992 #ifdef INET
993 case AF_INET: /* Internet Protocol */
994 if (sp->pp_mode == IFF_CISCO)
995 h->protocol = htons (ETHERTYPE_IP);
996 else {
997 /*
998 * Don't choke with an ENETDOWN early. It's
999 * possible that we just started dialing out,
1000 * so don't drop the packet immediately. If
1001 * we notice that we run out of buffer space
1002 * below, we will however remember that we are
1003 * not ready to carry IP packets, and return
1004 * ENETDOWN, as opposed to ENOBUFS.
1005 */
1006 h->protocol = htons(ipproto);
1007 if (sp->state[IDX_IPCP] != STATE_OPENED)
1008 rv = ENETDOWN;
1009 }
1010 break;
1011 #endif
1012 #ifdef INET6
1013 case AF_INET6: /* Internet Protocol */
1014 if (sp->pp_mode == IFF_CISCO)
1015 h->protocol = htons (ETHERTYPE_IPV6);
1016 else {
1017 /*
1018 * Don't choke with an ENETDOWN early. It's
1019 * possible that we just started dialing out,
1020 * so don't drop the packet immediately. If
1021 * we notice that we run out of buffer space
1022 * below, we will however remember that we are
1023 * not ready to carry IP packets, and return
1024 * ENETDOWN, as opposed to ENOBUFS.
1025 */
1026 h->protocol = htons(PPP_IPV6);
1027 if (sp->state[IDX_IPV6CP] != STATE_OPENED)
1028 rv = ENETDOWN;
1029 }
1030 break;
1031 #endif
1032 #ifdef IPX
1033 case AF_IPX: /* Novell IPX Protocol */
1034 h->protocol = htons (sp->pp_mode == IFF_CISCO ?
1035 ETHERTYPE_IPX : PPP_IPX);
1036 break;
1037 #endif
1038 default:
1039 m_freem (m);
1040 ++ifp->if_oerrors;
1041 SPPP_UNLOCK(sp);
1042 splx (s);
1043 return (EAFNOSUPPORT);
1044 }
1045
1046 /*
1047 * Queue message on interface, and start output if interface
1048 * not yet active.
1049 */
1050 out:
1051 if (ifq != NULL)
1052 error = !(IF_HANDOFF_ADJ(ifq, m, ifp, 3));
1053 else
1054 IFQ_HANDOFF_ADJ(ifp, m, 3, error);
1055 if (error) {
1056 ++ifp->if_oerrors;
1057 SPPP_UNLOCK(sp);
1058 splx (s);
1059 return (rv? rv: ENOBUFS);
1060 }
1061 SPPP_UNLOCK(sp);
1062 splx (s);
1063 /*
1064 * Unlike in sppp_input(), we can always bump the timestamp
1065 * here since sppp_output() is only called on behalf of
1066 * network-layer traffic; control-layer traffic is handled
1067 * by sppp_cp_send().
1068 */
1069 sp->pp_last_sent = time_second;
1070 return (0);
1071 }
1072
1073 void
1074 sppp_attach(struct ifnet *ifp)
1075 {
1076 struct sppp *sp = IFP2SP(ifp);
1077
1078 /* Initialize mtx lock */
1079 mtx_init(&sp->mtx, "sppp", MTX_NETWORK_LOCK, MTX_DEF | MTX_RECURSE);
1080
1081 /* Initialize keepalive handler. */
1082 callout_init(&sp->keepalive_callout,
1083 (ifp->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE);
1084 callout_reset(&sp->keepalive_callout, hz * 10, sppp_keepalive,
1085 (void *)sp);
1086
1087 ifp->if_mtu = PP_MTU;
1088 ifp->if_flags = IFF_POINTOPOINT | IFF_MULTICAST;
1089 ifp->if_output = sppp_output;
1090 #if 0
1091 sp->pp_flags = PP_KEEPALIVE;
1092 #endif
1093 ifp->if_snd.ifq_maxlen = 32;
1094 sp->pp_fastq.ifq_maxlen = 32;
1095 sp->pp_cpq.ifq_maxlen = 20;
1096 sp->pp_loopcnt = 0;
1097 sp->pp_alivecnt = 0;
1098 bzero(&sp->pp_seq[0], sizeof(sp->pp_seq));
1099 bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq));
1100 sp->pp_phase = PHASE_DEAD;
1101 sp->pp_up = sppp_pp_up;
1102 sp->pp_down = sppp_pp_down;
1103 if(!mtx_initialized(&sp->pp_cpq.ifq_mtx))
1104 mtx_init(&sp->pp_cpq.ifq_mtx, "sppp_cpq", NULL, MTX_DEF);
1105 if(!mtx_initialized(&sp->pp_fastq.ifq_mtx))
1106 mtx_init(&sp->pp_fastq.ifq_mtx, "sppp_fastq", NULL, MTX_DEF);
1107 sp->pp_last_recv = sp->pp_last_sent = time_second;
1108 sp->confflags = 0;
1109 #ifdef INET
1110 sp->confflags |= CONF_ENABLE_VJ;
1111 #endif
1112 #ifdef INET6
1113 sp->confflags |= CONF_ENABLE_IPV6;
1114 #endif
1115 callout_init(&sp->ifstart_callout,
1116 (ifp->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE);
1117 sp->if_start = ifp->if_start;
1118 ifp->if_start = sppp_ifstart;
1119 sp->pp_comp = malloc(sizeof(struct slcompress), M_TEMP, M_WAITOK);
1120 sl_compress_init(sp->pp_comp, -1);
1121 sppp_lcp_init(sp);
1122 sppp_ipcp_init(sp);
1123 sppp_ipv6cp_init(sp);
1124 sppp_pap_init(sp);
1125 sppp_chap_init(sp);
1126 }
1127
1128 void
1129 sppp_detach(struct ifnet *ifp)
1130 {
1131 struct sppp *sp = IFP2SP(ifp);
1132 int i;
1133
1134 KASSERT(mtx_initialized(&sp->mtx), ("sppp mutex is not initialized"));
1135
1136 /* Stop keepalive handler. */
1137 if (!callout_drain(&sp->keepalive_callout))
1138 callout_stop(&sp->keepalive_callout);
1139
1140 for (i = 0; i < IDX_COUNT; i++) {
1141 if (!callout_drain(&sp->ch[i]))
1142 callout_stop(&sp->ch[i]);
1143 }
1144 if (!callout_drain(&sp->pap_my_to_ch))
1145 callout_stop(&sp->pap_my_to_ch);
1146 mtx_destroy(&sp->pp_cpq.ifq_mtx);
1147 mtx_destroy(&sp->pp_fastq.ifq_mtx);
1148 mtx_destroy(&sp->mtx);
1149 }
1150
1151 /*
1152 * Flush the interface output queue.
1153 */
1154 static void
1155 sppp_flush_unlocked(struct ifnet *ifp)
1156 {
1157 struct sppp *sp = IFP2SP(ifp);
1158
1159 sppp_qflush ((struct ifqueue *)&SP2IFP(sp)->if_snd);
1160 sppp_qflush (&sp->pp_fastq);
1161 sppp_qflush (&sp->pp_cpq);
1162 }
1163
1164 void
1165 sppp_flush(struct ifnet *ifp)
1166 {
1167 struct sppp *sp = IFP2SP(ifp);
1168
1169 SPPP_LOCK(sp);
1170 sppp_flush_unlocked (ifp);
1171 SPPP_UNLOCK(sp);
1172 }
1173
1174 /*
1175 * Check if the output queue is empty.
1176 */
1177 int
1178 sppp_isempty(struct ifnet *ifp)
1179 {
1180 struct sppp *sp = IFP2SP(ifp);
1181 int empty, s;
1182
1183 s = splimp();
1184 SPPP_LOCK(sp);
1185 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head &&
1186 !SP2IFP(sp)->if_snd.ifq_head;
1187 SPPP_UNLOCK(sp);
1188 splx(s);
1189 return (empty);
1190 }
1191
1192 /*
1193 * Get next packet to send.
1194 */
1195 struct mbuf *
1196 sppp_dequeue(struct ifnet *ifp)
1197 {
1198 struct sppp *sp = IFP2SP(ifp);
1199 struct mbuf *m;
1200 int s;
1201
1202 s = splimp();
1203 SPPP_LOCK(sp);
1204 /*
1205 * Process only the control protocol queue until we have at
1206 * least one NCP open.
1207 *
1208 * Do always serve all three queues in Cisco mode.
1209 */
1210 IF_DEQUEUE(&sp->pp_cpq, m);
1211 if (m == NULL &&
1212 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO ||
1213 sp->pp_mode == PP_FR)) {
1214 IF_DEQUEUE(&sp->pp_fastq, m);
1215 if (m == NULL)
1216 IF_DEQUEUE (&SP2IFP(sp)->if_snd, m);
1217 }
1218 SPPP_UNLOCK(sp);
1219 splx(s);
1220 return m;
1221 }
1222
1223 /*
1224 * Pick the next packet, do not remove it from the queue.
1225 */
1226 struct mbuf *
1227 sppp_pick(struct ifnet *ifp)
1228 {
1229 struct sppp *sp = IFP2SP(ifp);
1230 struct mbuf *m;
1231 int s;
1232
1233 s = splimp ();
1234 SPPP_LOCK(sp);
1235
1236 m = sp->pp_cpq.ifq_head;
1237 if (m == NULL &&
1238 (sp->pp_phase == PHASE_NETWORK ||
1239 sp->pp_mode == IFF_CISCO ||
1240 sp->pp_mode == PP_FR))
1241 if ((m = sp->pp_fastq.ifq_head) == NULL)
1242 m = SP2IFP(sp)->if_snd.ifq_head;
1243 SPPP_UNLOCK(sp);
1244 splx (s);
1245 return (m);
1246 }
1247
1248 /*
1249 * Process an ioctl request. Called on low priority level.
1250 */
1251 int
1252 sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data)
1253 {
1254 struct ifreq *ifr = (struct ifreq*) data;
1255 struct sppp *sp = IFP2SP(ifp);
1256 int s, rv, going_up, going_down, newmode;
1257
1258 s = splimp();
1259 SPPP_LOCK(sp);
1260 rv = 0;
1261 switch (cmd) {
1262 case SIOCAIFADDR:
1263 case SIOCSIFDSTADDR:
1264 break;
1265
1266 case SIOCSIFADDR:
1267 /* set the interface "up" when assigning an IP address */
1268 ifp->if_flags |= IFF_UP;
1269 /* FALLTHROUGH */
1270
1271 case SIOCSIFFLAGS:
1272 going_up = ifp->if_flags & IFF_UP &&
1273 (ifp->if_drv_flags & IFF_DRV_RUNNING) == 0;
1274 going_down = (ifp->if_flags & IFF_UP) == 0 &&
1275 ifp->if_drv_flags & IFF_DRV_RUNNING;
1276
1277 newmode = ifp->if_flags & IFF_PASSIVE;
1278 if (!newmode)
1279 newmode = ifp->if_flags & IFF_AUTO;
1280 if (!newmode)
1281 newmode = ifp->if_flags & IFF_CISCO;
1282 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO);
1283 ifp->if_flags |= newmode;
1284
1285 if (!newmode)
1286 newmode = sp->pp_flags & PP_FR;
1287
1288 if (newmode != sp->pp_mode) {
1289 going_down = 1;
1290 if (!going_up)
1291 going_up = ifp->if_drv_flags & IFF_DRV_RUNNING;
1292 }
1293
1294 if (going_down) {
1295 if (sp->pp_mode != IFF_CISCO &&
1296 sp->pp_mode != PP_FR)
1297 lcp.Close(sp);
1298 else if (sp->pp_tlf)
1299 (sp->pp_tlf)(sp);
1300 sppp_flush_unlocked(ifp);
1301 ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
1302 sp->pp_mode = newmode;
1303 }
1304
1305 if (going_up) {
1306 if (sp->pp_mode != IFF_CISCO &&
1307 sp->pp_mode != PP_FR)
1308 lcp.Close(sp);
1309 sp->pp_mode = newmode;
1310 if (sp->pp_mode == 0) {
1311 ifp->if_drv_flags |= IFF_DRV_RUNNING;
1312 lcp.Open(sp);
1313 }
1314 if ((sp->pp_mode == IFF_CISCO) ||
1315 (sp->pp_mode == PP_FR)) {
1316 if (sp->pp_tls)
1317 (sp->pp_tls)(sp);
1318 ifp->if_drv_flags |= IFF_DRV_RUNNING;
1319 }
1320 }
1321
1322 break;
1323
1324 #ifdef SIOCSIFMTU
1325 #ifndef ifr_mtu
1326 #define ifr_mtu ifr_metric
1327 #endif
1328 case SIOCSIFMTU:
1329 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru)
1330 return (EINVAL);
1331 ifp->if_mtu = ifr->ifr_mtu;
1332 break;
1333 #endif
1334 #ifdef SLIOCSETMTU
1335 case SLIOCSETMTU:
1336 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru)
1337 return (EINVAL);
1338 ifp->if_mtu = *(short*)data;
1339 break;
1340 #endif
1341 #ifdef SIOCGIFMTU
1342 case SIOCGIFMTU:
1343 ifr->ifr_mtu = ifp->if_mtu;
1344 break;
1345 #endif
1346 #ifdef SLIOCGETMTU
1347 case SLIOCGETMTU:
1348 *(short*)data = ifp->if_mtu;
1349 break;
1350 #endif
1351 case SIOCADDMULTI:
1352 case SIOCDELMULTI:
1353 break;
1354
1355 case SIOCGIFGENERIC:
1356 case SIOCSIFGENERIC:
1357 rv = sppp_params(sp, cmd, data);
1358 break;
1359
1360 default:
1361 rv = ENOTTY;
1362 }
1363 SPPP_UNLOCK(sp);
1364 splx(s);
1365 return rv;
1366 }
1367
1368 /*
1369 * Cisco framing implementation.
1370 */
1371
1372 /*
1373 * Handle incoming Cisco keepalive protocol packets.
1374 */
1375 static void
1376 sppp_cisco_input(struct sppp *sp, struct mbuf *m)
1377 {
1378 STDDCL;
1379 struct cisco_packet *h;
1380 u_long me, mymask;
1381
1382 if (m->m_pkthdr.len < CISCO_PACKET_LEN) {
1383 if (debug)
1384 log(LOG_DEBUG,
1385 SPP_FMT "cisco invalid packet length: %d bytes\n",
1386 SPP_ARGS(ifp), m->m_pkthdr.len);
1387 return;
1388 }
1389 h = mtod (m, struct cisco_packet*);
1390 if (debug)
1391 log(LOG_DEBUG,
1392 SPP_FMT "cisco input: %d bytes "
1393 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n",
1394 SPP_ARGS(ifp), m->m_pkthdr.len,
1395 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel,
1396 (u_int)h->time0, (u_int)h->time1);
1397 switch (ntohl (h->type)) {
1398 default:
1399 if (debug)
1400 log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n",
1401 SPP_ARGS(ifp), (u_long)ntohl (h->type));
1402 break;
1403 case CISCO_ADDR_REPLY:
1404 /* Reply on address request, ignore */
1405 break;
1406 case CISCO_KEEPALIVE_REQ:
1407 sp->pp_alivecnt = 0;
1408 sp->pp_rseq[IDX_LCP] = ntohl (h->par1);
1409 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) {
1410 /* Local and remote sequence numbers are equal.
1411 * Probably, the line is in loopback mode. */
1412 if (sp->pp_loopcnt >= MAXALIVECNT) {
1413 printf (SPP_FMT "loopback\n",
1414 SPP_ARGS(ifp));
1415 sp->pp_loopcnt = 0;
1416 if (ifp->if_flags & IFF_UP) {
1417 if_down (ifp);
1418 sppp_qflush (&sp->pp_cpq);
1419 }
1420 }
1421 ++sp->pp_loopcnt;
1422
1423 /* Generate new local sequence number */
1424 #if defined(__FreeBSD__) && __FreeBSD__ >= 3
1425 sp->pp_seq[IDX_LCP] = random();
1426 #else
1427 sp->pp_seq[IDX_LCP] ^= time.tv_sec ^ time.tv_usec;
1428 #endif
1429 break;
1430 }
1431 sp->pp_loopcnt = 0;
1432 if (! (ifp->if_flags & IFF_UP) &&
1433 (ifp->if_drv_flags & IFF_DRV_RUNNING)) {
1434 if_up(ifp);
1435 printf (SPP_FMT "up\n", SPP_ARGS(ifp));
1436 }
1437 break;
1438 case CISCO_ADDR_REQ:
1439 sppp_get_ip_addrs(sp, &me, 0, &mymask);
1440 if (me != 0L)
1441 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask);
1442 break;
1443 }
1444 }
1445
1446 /*
1447 * Send Cisco keepalive packet.
1448 */
1449 static void
1450 sppp_cisco_send(struct sppp *sp, int type, long par1, long par2)
1451 {
1452 STDDCL;
1453 struct ppp_header *h;
1454 struct cisco_packet *ch;
1455 struct mbuf *m;
1456 struct timeval tv;
1457
1458 getmicrouptime(&tv);
1459
1460 MGETHDR (m, M_DONTWAIT, MT_DATA);
1461 if (! m)
1462 return;
1463 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN;
1464 m->m_pkthdr.rcvif = 0;
1465
1466 h = mtod (m, struct ppp_header*);
1467 h->address = CISCO_MULTICAST;
1468 h->control = 0;
1469 h->protocol = htons (CISCO_KEEPALIVE);
1470
1471 ch = (struct cisco_packet*) (h + 1);
1472 ch->type = htonl (type);
1473 ch->par1 = htonl (par1);
1474 ch->par2 = htonl (par2);
1475 ch->rel = -1;
1476
1477 ch->time0 = htons ((u_short) (tv.tv_sec >> 16));
1478 ch->time1 = htons ((u_short) tv.tv_sec);
1479
1480 if (debug)
1481 log(LOG_DEBUG,
1482 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n",
1483 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1,
1484 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1);
1485
1486 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3))
1487 ifp->if_oerrors++;
1488 }
1489
1490 /*
1491 * PPP protocol implementation.
1492 */
1493
1494 /*
1495 * Send PPP control protocol packet.
1496 */
1497 static void
1498 sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
1499 u_char ident, u_short len, void *data)
1500 {
1501 STDDCL;
1502 struct ppp_header *h;
1503 struct lcp_header *lh;
1504 struct mbuf *m;
1505
1506 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN)
1507 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN;
1508 MGETHDR (m, M_DONTWAIT, MT_DATA);
1509 if (! m)
1510 return;
1511 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len;
1512 m->m_pkthdr.rcvif = 0;
1513
1514 h = mtod (m, struct ppp_header*);
1515 h->address = PPP_ALLSTATIONS; /* broadcast address */
1516 h->control = PPP_UI; /* Unnumbered Info */
1517 h->protocol = htons (proto); /* Link Control Protocol */
1518
1519 lh = (struct lcp_header*) (h + 1);
1520 lh->type = type;
1521 lh->ident = ident;
1522 lh->len = htons (LCP_HEADER_LEN + len);
1523 if (len)
1524 bcopy (data, lh+1, len);
1525
1526 if (debug) {
1527 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d",
1528 SPP_ARGS(ifp),
1529 sppp_proto_name(proto),
1530 sppp_cp_type_name (lh->type), lh->ident,
1531 ntohs (lh->len));
1532 sppp_print_bytes ((u_char*) (lh+1), len);
1533 log(-1, ">\n");
1534 }
1535 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3))
1536 ifp->if_oerrors++;
1537 }
1538
1539 /*
1540 * Handle incoming PPP control protocol packets.
1541 */
1542 static void
1543 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m)
1544 {
1545 STDDCL;
1546 struct lcp_header *h;
1547 int len = m->m_pkthdr.len;
1548 int rv;
1549 u_char *p;
1550
1551 if (len < 4) {
1552 if (debug)
1553 log(LOG_DEBUG,
1554 SPP_FMT "%s invalid packet length: %d bytes\n",
1555 SPP_ARGS(ifp), cp->name, len);
1556 return;
1557 }
1558 h = mtod (m, struct lcp_header*);
1559 if (debug) {
1560 log(LOG_DEBUG,
1561 SPP_FMT "%s input(%s): <%s id=0x%x len=%d",
1562 SPP_ARGS(ifp), cp->name,
1563 sppp_state_name(sp->state[cp->protoidx]),
1564 sppp_cp_type_name (h->type), h->ident, ntohs (h->len));
1565 sppp_print_bytes ((u_char*) (h+1), len-4);
1566 log(-1, ">\n");
1567 }
1568 if (len > ntohs (h->len))
1569 len = ntohs (h->len);
1570 p = (u_char *)(h + 1);
1571 switch (h->type) {
1572 case CONF_REQ:
1573 if (len < 4) {
1574 if (debug)
1575 log(-1, SPP_FMT "%s invalid conf-req length %d\n",
1576 SPP_ARGS(ifp), cp->name,
1577 len);
1578 ++ifp->if_ierrors;
1579 break;
1580 }
1581 /* handle states where RCR doesn't get a SCA/SCN */
1582 switch (sp->state[cp->protoidx]) {
1583 case STATE_CLOSING:
1584 case STATE_STOPPING:
1585 return;
1586 case STATE_CLOSED:
1587 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident,
1588 0, 0);
1589 return;
1590 }
1591 rv = (cp->RCR)(sp, h, len);
1592 switch (sp->state[cp->protoidx]) {
1593 case STATE_OPENED:
1594 (cp->tld)(sp);
1595 (cp->scr)(sp);
1596 /* FALLTHROUGH */
1597 case STATE_ACK_SENT:
1598 case STATE_REQ_SENT:
1599 /*
1600 * sppp_cp_change_state() have the side effect of
1601 * restarting the timeouts. We want to avoid that
1602 * if the state don't change, otherwise we won't
1603 * ever timeout and resend a configuration request
1604 * that got lost.
1605 */
1606 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT:
1607 STATE_REQ_SENT))
1608 break;
1609 sppp_cp_change_state(cp, sp, rv?
1610 STATE_ACK_SENT: STATE_REQ_SENT);
1611 break;
1612 case STATE_STOPPED:
1613 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1614 (cp->scr)(sp);
1615 sppp_cp_change_state(cp, sp, rv?
1616 STATE_ACK_SENT: STATE_REQ_SENT);
1617 break;
1618 case STATE_ACK_RCVD:
1619 if (rv) {
1620 sppp_cp_change_state(cp, sp, STATE_OPENED);
1621 if (debug)
1622 log(LOG_DEBUG, SPP_FMT "%s tlu\n",
1623 SPP_ARGS(ifp),
1624 cp->name);
1625 (cp->tlu)(sp);
1626 } else
1627 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1628 break;
1629 default:
1630 printf(SPP_FMT "%s illegal %s in state %s\n",
1631 SPP_ARGS(ifp), cp->name,
1632 sppp_cp_type_name(h->type),
1633 sppp_state_name(sp->state[cp->protoidx]));
1634 ++ifp->if_ierrors;
1635 }
1636 break;
1637 case CONF_ACK:
1638 if (h->ident != sp->confid[cp->protoidx]) {
1639 if (debug)
1640 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n",
1641 SPP_ARGS(ifp), cp->name,
1642 h->ident, sp->confid[cp->protoidx]);
1643 ++ifp->if_ierrors;
1644 break;
1645 }
1646 switch (sp->state[cp->protoidx]) {
1647 case STATE_CLOSED:
1648 case STATE_STOPPED:
1649 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1650 break;
1651 case STATE_CLOSING:
1652 case STATE_STOPPING:
1653 break;
1654 case STATE_REQ_SENT:
1655 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1656 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1657 break;
1658 case STATE_OPENED:
1659 (cp->tld)(sp);
1660 /* FALLTHROUGH */
1661 case STATE_ACK_RCVD:
1662 (cp->scr)(sp);
1663 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1664 break;
1665 case STATE_ACK_SENT:
1666 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1667 sppp_cp_change_state(cp, sp, STATE_OPENED);
1668 if (debug)
1669 log(LOG_DEBUG, SPP_FMT "%s tlu\n",
1670 SPP_ARGS(ifp), cp->name);
1671 (cp->tlu)(sp);
1672 break;
1673 default:
1674 printf(SPP_FMT "%s illegal %s in state %s\n",
1675 SPP_ARGS(ifp), cp->name,
1676 sppp_cp_type_name(h->type),
1677 sppp_state_name(sp->state[cp->protoidx]));
1678 ++ifp->if_ierrors;
1679 }
1680 break;
1681 case CONF_NAK:
1682 case CONF_REJ:
1683 if (h->ident != sp->confid[cp->protoidx]) {
1684 if (debug)
1685 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n",
1686 SPP_ARGS(ifp), cp->name,
1687 h->ident, sp->confid[cp->protoidx]);
1688 ++ifp->if_ierrors;
1689 break;
1690 }
1691 if (h->type == CONF_NAK)
1692 (cp->RCN_nak)(sp, h, len);
1693 else /* CONF_REJ */
1694 (cp->RCN_rej)(sp, h, len);
1695
1696 switch (sp->state[cp->protoidx]) {
1697 case STATE_CLOSED:
1698 case STATE_STOPPED:
1699 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1700 break;
1701 case STATE_REQ_SENT:
1702 case STATE_ACK_SENT:
1703 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1704 /*
1705 * Slow things down a bit if we think we might be
1706 * in loopback. Depend on the timeout to send the
1707 * next configuration request.
1708 */
1709 if (sp->pp_loopcnt)
1710 break;
1711 (cp->scr)(sp);
1712 break;
1713 case STATE_OPENED:
1714 (cp->tld)(sp);
1715 /* FALLTHROUGH */
1716 case STATE_ACK_RCVD:
1717 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1718 (cp->scr)(sp);
1719 break;
1720 case STATE_CLOSING:
1721 case STATE_STOPPING:
1722 break;
1723 default:
1724 printf(SPP_FMT "%s illegal %s in state %s\n",
1725 SPP_ARGS(ifp), cp->name,
1726 sppp_cp_type_name(h->type),
1727 sppp_state_name(sp->state[cp->protoidx]));
1728 ++ifp->if_ierrors;
1729 }
1730 break;
1731
1732 case TERM_REQ:
1733 switch (sp->state[cp->protoidx]) {
1734 case STATE_ACK_RCVD:
1735 case STATE_ACK_SENT:
1736 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1737 /* FALLTHROUGH */
1738 case STATE_CLOSED:
1739 case STATE_STOPPED:
1740 case STATE_CLOSING:
1741 case STATE_STOPPING:
1742 case STATE_REQ_SENT:
1743 sta:
1744 /* Send Terminate-Ack packet. */
1745 if (debug)
1746 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n",
1747 SPP_ARGS(ifp), cp->name);
1748 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1749 break;
1750 case STATE_OPENED:
1751 (cp->tld)(sp);
1752 sp->rst_counter[cp->protoidx] = 0;
1753 sppp_cp_change_state(cp, sp, STATE_STOPPING);
1754 goto sta;
1755 break;
1756 default:
1757 printf(SPP_FMT "%s illegal %s in state %s\n",
1758 SPP_ARGS(ifp), cp->name,
1759 sppp_cp_type_name(h->type),
1760 sppp_state_name(sp->state[cp->protoidx]));
1761 ++ifp->if_ierrors;
1762 }
1763 break;
1764 case TERM_ACK:
1765 switch (sp->state[cp->protoidx]) {
1766 case STATE_CLOSED:
1767 case STATE_STOPPED:
1768 case STATE_REQ_SENT:
1769 case STATE_ACK_SENT:
1770 break;
1771 case STATE_CLOSING:
1772 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1773 (cp->tlf)(sp);
1774 break;
1775 case STATE_STOPPING:
1776 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1777 (cp->tlf)(sp);
1778 break;
1779 case STATE_ACK_RCVD:
1780 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1781 break;
1782 case STATE_OPENED:
1783 (cp->tld)(sp);
1784 (cp->scr)(sp);
1785 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1786 break;
1787 default:
1788 printf(SPP_FMT "%s illegal %s in state %s\n",
1789 SPP_ARGS(ifp), cp->name,
1790 sppp_cp_type_name(h->type),
1791 sppp_state_name(sp->state[cp->protoidx]));
1792 ++ifp->if_ierrors;
1793 }
1794 break;
1795 case CODE_REJ:
1796 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */
1797 log(LOG_INFO,
1798 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, "
1799 "danger will robinson\n",
1800 SPP_ARGS(ifp), cp->name,
1801 sppp_cp_type_name(h->type), ntohs(*((u_short *)p)));
1802 switch (sp->state[cp->protoidx]) {
1803 case STATE_CLOSED:
1804 case STATE_STOPPED:
1805 case STATE_REQ_SENT:
1806 case STATE_ACK_SENT:
1807 case STATE_CLOSING:
1808 case STATE_STOPPING:
1809 case STATE_OPENED:
1810 break;
1811 case STATE_ACK_RCVD:
1812 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1813 break;
1814 default:
1815 printf(SPP_FMT "%s illegal %s in state %s\n",
1816 SPP_ARGS(ifp), cp->name,
1817 sppp_cp_type_name(h->type),
1818 sppp_state_name(sp->state[cp->protoidx]));
1819 ++ifp->if_ierrors;
1820 }
1821 break;
1822 case PROTO_REJ:
1823 {
1824 int catastrophic;
1825 const struct cp *upper;
1826 int i;
1827 u_int16_t proto;
1828
1829 catastrophic = 0;
1830 upper = NULL;
1831 proto = ntohs(*((u_int16_t *)p));
1832 for (i = 0; i < IDX_COUNT; i++) {
1833 if (cps[i]->proto == proto) {
1834 upper = cps[i];
1835 break;
1836 }
1837 }
1838 if (upper == NULL)
1839 catastrophic++;
1840
1841 if (catastrophic || debug)
1842 log(catastrophic? LOG_INFO: LOG_DEBUG,
1843 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n",
1844 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+',
1845 sppp_cp_type_name(h->type), proto,
1846 upper ? upper->name : "unknown",
1847 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?");
1848
1849 /*
1850 * if we got RXJ+ against conf-req, the peer does not implement
1851 * this particular protocol type. terminate the protocol.
1852 */
1853 if (upper && !catastrophic) {
1854 if (sp->state[upper->protoidx] == STATE_REQ_SENT) {
1855 upper->Close(sp);
1856 break;
1857 }
1858 }
1859
1860 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */
1861 switch (sp->state[cp->protoidx]) {
1862 case STATE_CLOSED:
1863 case STATE_STOPPED:
1864 case STATE_REQ_SENT:
1865 case STATE_ACK_SENT:
1866 case STATE_CLOSING:
1867 case STATE_STOPPING:
1868 case STATE_OPENED:
1869 break;
1870 case STATE_ACK_RCVD:
1871 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1872 break;
1873 default:
1874 printf(SPP_FMT "%s illegal %s in state %s\n",
1875 SPP_ARGS(ifp), cp->name,
1876 sppp_cp_type_name(h->type),
1877 sppp_state_name(sp->state[cp->protoidx]));
1878 ++ifp->if_ierrors;
1879 }
1880 break;
1881 }
1882 case DISC_REQ:
1883 if (cp->proto != PPP_LCP)
1884 goto illegal;
1885 /* Discard the packet. */
1886 break;
1887 case ECHO_REQ:
1888 if (cp->proto != PPP_LCP)
1889 goto illegal;
1890 if (sp->state[cp->protoidx] != STATE_OPENED) {
1891 if (debug)
1892 log(-1, SPP_FMT "lcp echo req but lcp closed\n",
1893 SPP_ARGS(ifp));
1894 ++ifp->if_ierrors;
1895 break;
1896 }
1897 if (len < 8) {
1898 if (debug)
1899 log(-1, SPP_FMT "invalid lcp echo request "
1900 "packet length: %d bytes\n",
1901 SPP_ARGS(ifp), len);
1902 break;
1903 }
1904 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) &&
1905 ntohl (*(long*)(h+1)) == sp->lcp.magic) {
1906 /* Line loopback mode detected. */
1907 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp));
1908 sp->pp_loopcnt = MAXALIVECNT * 5;
1909 if_down (ifp);
1910 sppp_qflush (&sp->pp_cpq);
1911
1912 /* Shut down the PPP link. */
1913 /* XXX */
1914 lcp.Down(sp);
1915 lcp.Up(sp);
1916 break;
1917 }
1918 *(long*)(h+1) = htonl (sp->lcp.magic);
1919 if (debug)
1920 log(-1, SPP_FMT "got lcp echo req, sending echo rep\n",
1921 SPP_ARGS(ifp));
1922 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1);
1923 break;
1924 case ECHO_REPLY:
1925 if (cp->proto != PPP_LCP)
1926 goto illegal;
1927 if (h->ident != sp->lcp.echoid) {
1928 ++ifp->if_ierrors;
1929 break;
1930 }
1931 if (len < 8) {
1932 if (debug)
1933 log(-1, SPP_FMT "lcp invalid echo reply "
1934 "packet length: %d bytes\n",
1935 SPP_ARGS(ifp), len);
1936 break;
1937 }
1938 if (debug)
1939 log(-1, SPP_FMT "lcp got echo rep\n",
1940 SPP_ARGS(ifp));
1941 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) ||
1942 ntohl (*(long*)(h+1)) != sp->lcp.magic)
1943 sp->pp_alivecnt = 0;
1944 break;
1945 default:
1946 /* Unknown packet type -- send Code-Reject packet. */
1947 illegal:
1948 if (debug)
1949 log(-1, SPP_FMT "%s send code-rej for 0x%x\n",
1950 SPP_ARGS(ifp), cp->name, h->type);
1951 sppp_cp_send(sp, cp->proto, CODE_REJ,
1952 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h);
1953 ++ifp->if_ierrors;
1954 }
1955 }
1956
1957
1958 /*
1959 * The generic part of all Up/Down/Open/Close/TO event handlers.
1960 * Basically, the state transition handling in the automaton.
1961 */
1962 static void
1963 sppp_up_event(const struct cp *cp, struct sppp *sp)
1964 {
1965 STDDCL;
1966
1967 if (debug)
1968 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n",
1969 SPP_ARGS(ifp), cp->name,
1970 sppp_state_name(sp->state[cp->protoidx]));
1971
1972 switch (sp->state[cp->protoidx]) {
1973 case STATE_INITIAL:
1974 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1975 break;
1976 case STATE_STARTING:
1977 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1978 (cp->scr)(sp);
1979 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1980 break;
1981 default:
1982 printf(SPP_FMT "%s illegal up in state %s\n",
1983 SPP_ARGS(ifp), cp->name,
1984 sppp_state_name(sp->state[cp->protoidx]));
1985 }
1986 }
1987
1988 static void
1989 sppp_down_event(const struct cp *cp, struct sppp *sp)
1990 {
1991 STDDCL;
1992
1993 if (debug)
1994 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n",
1995 SPP_ARGS(ifp), cp->name,
1996 sppp_state_name(sp->state[cp->protoidx]));
1997
1998 switch (sp->state[cp->protoidx]) {
1999 case STATE_CLOSED:
2000 case STATE_CLOSING:
2001 sppp_cp_change_state(cp, sp, STATE_INITIAL);
2002 break;
2003 case STATE_STOPPED:
2004 sppp_cp_change_state(cp, sp, STATE_STARTING);
2005 (cp->tls)(sp);
2006 break;
2007 case STATE_STOPPING:
2008 case STATE_REQ_SENT:
2009 case STATE_ACK_RCVD:
2010 case STATE_ACK_SENT:
2011 sppp_cp_change_state(cp, sp, STATE_STARTING);
2012 break;
2013 case STATE_OPENED:
2014 (cp->tld)(sp);
2015 sppp_cp_change_state(cp, sp, STATE_STARTING);
2016 break;
2017 default:
2018 printf(SPP_FMT "%s illegal down in state %s\n",
2019 SPP_ARGS(ifp), cp->name,
2020 sppp_state_name(sp->state[cp->protoidx]));
2021 }
2022 }
2023
2024
2025 static void
2026 sppp_open_event(const struct cp *cp, struct sppp *sp)
2027 {
2028 STDDCL;
2029
2030 if (debug)
2031 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n",
2032 SPP_ARGS(ifp), cp->name,
2033 sppp_state_name(sp->state[cp->protoidx]));
2034
2035 switch (sp->state[cp->protoidx]) {
2036 case STATE_INITIAL:
2037 sppp_cp_change_state(cp, sp, STATE_STARTING);
2038 (cp->tls)(sp);
2039 break;
2040 case STATE_STARTING:
2041 break;
2042 case STATE_CLOSED:
2043 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
2044 (cp->scr)(sp);
2045 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
2046 break;
2047 case STATE_STOPPED:
2048 /*
2049 * Try escaping stopped state. This seems to bite
2050 * people occasionally, in particular for IPCP,
2051 * presumably following previous IPCP negotiation
2052 * aborts. Somehow, we must have missed a Down event
2053 * which would have caused a transition into starting
2054 * state, so as a bandaid we force the Down event now.
2055 * This effectively implements (something like the)
2056 * `restart' option mentioned in the state transition
2057 * table of RFC 1661.
2058 */
2059 sppp_cp_change_state(cp, sp, STATE_STARTING);
2060 (cp->tls)(sp);
2061 break;
2062 case STATE_STOPPING:
2063 case STATE_REQ_SENT:
2064 case STATE_ACK_RCVD:
2065 case STATE_ACK_SENT:
2066 case STATE_OPENED:
2067 break;
2068 case STATE_CLOSING:
2069 sppp_cp_change_state(cp, sp, STATE_STOPPING);
2070 break;
2071 }
2072 }
2073
2074
2075 static void
2076 sppp_close_event(const struct cp *cp, struct sppp *sp)
2077 {
2078 STDDCL;
2079
2080 if (debug)
2081 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n",
2082 SPP_ARGS(ifp), cp->name,
2083 sppp_state_name(sp->state[cp->protoidx]));
2084
2085 switch (sp->state[cp->protoidx]) {
2086 case STATE_INITIAL:
2087 case STATE_CLOSED:
2088 case STATE_CLOSING:
2089 break;
2090 case STATE_STARTING:
2091 sppp_cp_change_state(cp, sp, STATE_INITIAL);
2092 (cp->tlf)(sp);
2093 break;
2094 case STATE_STOPPED:
2095 sppp_cp_change_state(cp, sp, STATE_CLOSED);
2096 break;
2097 case STATE_STOPPING:
2098 sppp_cp_change_state(cp, sp, STATE_CLOSING);
2099 break;
2100 case STATE_OPENED:
2101 (cp->tld)(sp);
2102 /* FALLTHROUGH */
2103 case STATE_REQ_SENT:
2104 case STATE_ACK_RCVD:
2105 case STATE_ACK_SENT:
2106 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate;
2107 sppp_cp_send(sp, cp->proto, TERM_REQ,
2108 ++sp->pp_seq[cp->protoidx], 0, 0);
2109 sppp_cp_change_state(cp, sp, STATE_CLOSING);
2110 break;
2111 }
2112 }
2113
2114 static void
2115 sppp_to_event(const struct cp *cp, struct sppp *sp)
2116 {
2117 STDDCL;
2118 int s;
2119
2120 s = splimp();
2121 SPPP_LOCK(sp);
2122 if (debug)
2123 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n",
2124 SPP_ARGS(ifp), cp->name,
2125 sppp_state_name(sp->state[cp->protoidx]),
2126 sp->rst_counter[cp->protoidx]);
2127
2128 if (--sp->rst_counter[cp->protoidx] < 0)
2129 /* TO- event */
2130 switch (sp->state[cp->protoidx]) {
2131 case STATE_CLOSING:
2132 sppp_cp_change_state(cp, sp, STATE_CLOSED);
2133 (cp->tlf)(sp);
2134 break;
2135 case STATE_STOPPING:
2136 sppp_cp_change_state(cp, sp, STATE_STOPPED);
2137 (cp->tlf)(sp);
2138 break;
2139 case STATE_REQ_SENT:
2140 case STATE_ACK_RCVD:
2141 case STATE_ACK_SENT:
2142 sppp_cp_change_state(cp, sp, STATE_STOPPED);
2143 (cp->tlf)(sp);
2144 break;
2145 }
2146 else
2147 /* TO+ event */
2148 switch (sp->state[cp->protoidx]) {
2149 case STATE_CLOSING:
2150 case STATE_STOPPING:
2151 sppp_cp_send(sp, cp->proto, TERM_REQ,
2152 ++sp->pp_seq[cp->protoidx], 0, 0);
2153 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout,
2154 cp->TO, (void *)sp);
2155 break;
2156 case STATE_REQ_SENT:
2157 case STATE_ACK_RCVD:
2158 (cp->scr)(sp);
2159 /* sppp_cp_change_state() will restart the timer */
2160 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
2161 break;
2162 case STATE_ACK_SENT:
2163 (cp->scr)(sp);
2164 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout,
2165 cp->TO, (void *)sp);
2166 break;
2167 }
2168
2169 SPPP_UNLOCK(sp);
2170 splx(s);
2171 }
2172
2173 /*
2174 * Change the state of a control protocol in the state automaton.
2175 * Takes care of starting/stopping the restart timer.
2176 */
2177 static void
2178 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate)
2179 {
2180 sp->state[cp->protoidx] = newstate;
2181
2182 callout_stop (&sp->ch[cp->protoidx]);
2183
2184 switch (newstate) {
2185 case STATE_INITIAL:
2186 case STATE_STARTING:
2187 case STATE_CLOSED:
2188 case STATE_STOPPED:
2189 case STATE_OPENED:
2190 break;
2191 case STATE_CLOSING:
2192 case STATE_STOPPING:
2193 case STATE_REQ_SENT:
2194 case STATE_ACK_RCVD:
2195 case STATE_ACK_SENT:
2196 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout,
2197 cp->TO, (void *)sp);
2198 break;
2199 }
2200 }
2201
2202 /*
2203 *--------------------------------------------------------------------------*
2204 * *
2205 * The LCP implementation. *
2206 * *
2207 *--------------------------------------------------------------------------*
2208 */
2209 static void
2210 sppp_pp_up(struct sppp *sp)
2211 {
2212 SPPP_LOCK(sp);
2213 lcp.Up(sp);
2214 SPPP_UNLOCK(sp);
2215 }
2216
2217 static void
2218 sppp_pp_down(struct sppp *sp)
2219 {
2220 SPPP_LOCK(sp);
2221 lcp.Down(sp);
2222 SPPP_UNLOCK(sp);
2223 }
2224
2225 static void
2226 sppp_lcp_init(struct sppp *sp)
2227 {
2228 sp->lcp.opts = (1 << LCP_OPT_MAGIC);
2229 sp->lcp.magic = 0;
2230 sp->state[IDX_LCP] = STATE_INITIAL;
2231 sp->fail_counter[IDX_LCP] = 0;
2232 sp->pp_seq[IDX_LCP] = 0;
2233 sp->pp_rseq[IDX_LCP] = 0;
2234 sp->lcp.protos = 0;
2235 sp->lcp.mru = sp->lcp.their_mru = PP_MTU;
2236
2237 /* Note that these values are relevant for all control protocols */
2238 sp->lcp.timeout = 3 * hz;
2239 sp->lcp.max_terminate = 2;
2240 sp->lcp.max_configure = 10;
2241 sp->lcp.max_failure = 10;
2242 callout_init(&sp->ch[IDX_LCP],
2243 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE);
2244 }
2245
2246 static void
2247 sppp_lcp_up(struct sppp *sp)
2248 {
2249 STDDCL;
2250
2251 sp->pp_alivecnt = 0;
2252 sp->lcp.opts = (1 << LCP_OPT_MAGIC);
2253 sp->lcp.magic = 0;
2254 sp->lcp.protos = 0;
2255 sp->lcp.mru = sp->lcp.their_mru = PP_MTU;
2256 /*
2257 * If we are authenticator, negotiate LCP_AUTH
2258 */
2259 if (sp->hisauth.proto != 0)
2260 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO);
2261 else
2262 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
2263 sp->pp_flags &= ~PP_NEEDAUTH;
2264 /*
2265 * If this interface is passive or dial-on-demand, and we are
2266 * still in Initial state, it means we've got an incoming
2267 * call. Activate the interface.
2268 */
2269 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) {
2270 if (debug)
2271 log(LOG_DEBUG,
2272 SPP_FMT "Up event", SPP_ARGS(ifp));
2273 ifp->if_drv_flags |= IFF_DRV_RUNNING;
2274 if (sp->state[IDX_LCP] == STATE_INITIAL) {
2275 if (debug)
2276 log(-1, "(incoming call)\n");
2277 sp->pp_flags |= PP_CALLIN;
2278 lcp.Open(sp);
2279 } else if (debug)
2280 log(-1, "\n");
2281 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 &&
2282 (sp->state[IDX_LCP] == STATE_INITIAL)) {
2283 ifp->if_drv_flags |= IFF_DRV_RUNNING;
2284 lcp.Open(sp);
2285 }
2286
2287 sppp_up_event(&lcp, sp);
2288 }
2289
2290 static void
2291 sppp_lcp_down(struct sppp *sp)
2292 {
2293 STDDCL;
2294
2295 sppp_down_event(&lcp, sp);
2296
2297 /*
2298 * If this is neither a dial-on-demand nor a passive
2299 * interface, simulate an ``ifconfig down'' action, so the
2300 * administrator can force a redial by another ``ifconfig
2301 * up''. XXX For leased line operation, should we immediately
2302 * try to reopen the connection here?
2303 */
2304 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) {
2305 log(LOG_INFO,
2306 SPP_FMT "Down event, taking interface down.\n",
2307 SPP_ARGS(ifp));
2308 if_down(ifp);
2309 } else {
2310 if (debug)
2311 log(LOG_DEBUG,
2312 SPP_FMT "Down event (carrier loss)\n",
2313 SPP_ARGS(ifp));
2314 sp->pp_flags &= ~PP_CALLIN;
2315 if (sp->state[IDX_LCP] != STATE_INITIAL)
2316 lcp.Close(sp);
2317 ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
2318 }
2319 }
2320
2321 static void
2322 sppp_lcp_open(struct sppp *sp)
2323 {
2324 sppp_open_event(&lcp, sp);
2325 }
2326
2327 static void
2328 sppp_lcp_close(struct sppp *sp)
2329 {
2330 sppp_close_event(&lcp, sp);
2331 }
2332
2333 static void
2334 sppp_lcp_TO(void *cookie)
2335 {
2336 sppp_to_event(&lcp, (struct sppp *)cookie);
2337 }
2338
2339 /*
2340 * Analyze a configure request. Return true if it was agreeable, and
2341 * caused action sca, false if it has been rejected or nak'ed, and
2342 * caused action scn. (The return value is used to make the state
2343 * transition decision in the state automaton.)
2344 */
2345 static int
2346 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
2347 {
2348 STDDCL;
2349 u_char *buf, *r, *p;
2350 int origlen, rlen;
2351 u_long nmagic;
2352 u_short authproto;
2353
2354 len -= 4;
2355 origlen = len;
2356 buf = r = malloc (len, M_TEMP, M_NOWAIT);
2357 if (! buf)
2358 return (0);
2359
2360 if (debug)
2361 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ",
2362 SPP_ARGS(ifp));
2363
2364 /* pass 1: check for things that need to be rejected */
2365 p = (void*) (h+1);
2366 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
2367 len-=p[1], p+=p[1]) {
2368 if (debug)
2369 log(-1, " %s ", sppp_lcp_opt_name(*p));
2370 switch (*p) {
2371 case LCP_OPT_MAGIC:
2372 /* Magic number. */
2373 if (len >= 6 && p[1] == 6)
2374 continue;
2375 if (debug)
2376 log(-1, "[invalid] ");
2377 break;
2378 case LCP_OPT_ASYNC_MAP:
2379 /* Async control character map. */
2380 if (len >= 6 && p[1] == 6)
2381 continue;
2382 if (debug)
2383 log(-1, "[invalid] ");
2384 break;
2385 case LCP_OPT_MRU:
2386 /* Maximum receive unit. */
2387 if (len >= 4 && p[1] == 4)
2388 continue;
2389 if (debug)
2390 log(-1, "[invalid] ");
2391 break;
2392 case LCP_OPT_AUTH_PROTO:
2393 if (len < 4) {
2394 if (debug)
2395 log(-1, "[invalid] ");
2396 break;
2397 }
2398 authproto = (p[2] << 8) + p[3];
2399 if (authproto == PPP_CHAP && p[1] != 5) {
2400 if (debug)
2401 log(-1, "[invalid chap len] ");
2402 break;
2403 }
2404 if (sp->myauth.proto == 0) {
2405 /* we are not configured to do auth */
2406 if (debug)
2407 log(-1, "[not configured] ");
2408 break;
2409 }
2410 /*
2411 * Remote want us to authenticate, remember this,
2412 * so we stay in PHASE_AUTHENTICATE after LCP got
2413 * up.
2414 */
2415 sp->pp_flags |= PP_NEEDAUTH;
2416 continue;
2417 default:
2418 /* Others not supported. */
2419 if (debug)
2420 log(-1, "[rej] ");
2421 break;
2422 }
2423 /* Add the option to rejected list. */
2424 bcopy (p, r, p[1]);
2425 r += p[1];
2426 rlen += p[1];
2427 }
2428 if (rlen) {
2429 if (debug)
2430 log(-1, " send conf-rej\n");
2431 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
2432 return 0;
2433 } else if (debug)
2434 log(-1, "\n");
2435
2436 /*
2437 * pass 2: check for option values that are unacceptable and
2438 * thus require to be nak'ed.
2439 */
2440 if (debug)
2441 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ",
2442 SPP_ARGS(ifp));
2443
2444 p = (void*) (h+1);
2445 len = origlen;
2446 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
2447 len-=p[1], p+=p[1]) {
2448 if (debug)
2449 log(-1, " %s ", sppp_lcp_opt_name(*p));
2450 switch (*p) {
2451 case LCP_OPT_MAGIC:
2452 /* Magic number -- extract. */
2453 nmagic = (u_long)p[2] << 24 |
2454 (u_long)p[3] << 16 | p[4] << 8 | p[5];
2455 if (nmagic != sp->lcp.magic) {
2456 sp->pp_loopcnt = 0;
2457 if (debug)
2458 log(-1, "0x%lx ", nmagic);
2459 continue;
2460 }
2461 if (debug && sp->pp_loopcnt < MAXALIVECNT*5)
2462 log(-1, "[glitch] ");
2463 ++sp->pp_loopcnt;
2464 /*
2465 * We negate our magic here, and NAK it. If
2466 * we see it later in an NAK packet, we
2467 * suggest a new one.
2468 */
2469 nmagic = ~sp->lcp.magic;
2470 /* Gonna NAK it. */
2471 p[2] = nmagic >> 24;
2472 p[3] = nmagic >> 16;
2473 p[4] = nmagic >> 8;
2474 p[5] = nmagic;
2475 break;
2476
2477 case LCP_OPT_ASYNC_MAP:
2478 /*
2479 * Async control character map -- just ignore it.
2480 *
2481 * Quote from RFC 1662, chapter 6:
2482 * To enable this functionality, synchronous PPP
2483 * implementations MUST always respond to the
2484 * Async-Control-Character-Map Configuration
2485 * Option with the LCP Configure-Ack. However,
2486 * acceptance of the Configuration Option does
2487 * not imply that the synchronous implementation
2488 * will do any ACCM mapping. Instead, all such
2489 * octet mapping will be performed by the
2490 * asynchronous-to-synchronous converter.
2491 */
2492 continue;
2493
2494 case LCP_OPT_MRU:
2495 /*
2496 * Maximum receive unit. Always agreeable,
2497 * but ignored by now.
2498 */
2499 sp->lcp.their_mru = p[2] * 256 + p[3];
2500 if (debug)
2501 log(-1, "%lu ", sp->lcp.their_mru);
2502 continue;
2503
2504 case LCP_OPT_AUTH_PROTO:
2505 authproto = (p[2] << 8) + p[3];
2506 if (sp->myauth.proto != authproto) {
2507 /* not agreed, nak */
2508 if (debug)
2509 log(-1, "[mine %s != his %s] ",
2510 sppp_proto_name(sp->hisauth.proto),
2511 sppp_proto_name(authproto));
2512 p[2] = sp->myauth.proto >> 8;
2513 p[3] = sp->myauth.proto;
2514 break;
2515 }
2516 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) {
2517 if (debug)
2518 log(-1, "[chap not MD5] ");
2519 p[4] = CHAP_MD5;
2520 break;
2521 }
2522 continue;
2523 }
2524 /* Add the option to nak'ed list. */
2525 bcopy (p, r, p[1]);
2526 r += p[1];
2527 rlen += p[1];
2528 }
2529 if (rlen) {
2530 /*
2531 * Local and remote magics equal -- loopback?
2532 */
2533 if (sp->pp_loopcnt >= MAXALIVECNT*5) {
2534 if (sp->pp_loopcnt == MAXALIVECNT*5)
2535 printf (SPP_FMT "loopback\n",
2536 SPP_ARGS(ifp));
2537 if (ifp->if_flags & IFF_UP) {
2538 if_down(ifp);
2539 sppp_qflush(&sp->pp_cpq);
2540 /* XXX ? */
2541 lcp.Down(sp);
2542 lcp.Up(sp);
2543 }
2544 } else if (!sp->pp_loopcnt &&
2545 ++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) {
2546 if (debug)
2547 log(-1, " max_failure (%d) exceeded, "
2548 "send conf-rej\n",
2549 sp->lcp.max_failure);
2550 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
2551 } else {
2552 if (debug)
2553 log(-1, " send conf-nak\n");
2554 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf);
2555 }
2556 } else {
2557 if (debug)
2558 log(-1, " send conf-ack\n");
2559 sp->fail_counter[IDX_LCP] = 0;
2560 sp->pp_loopcnt = 0;
2561 sppp_cp_send (sp, PPP_LCP, CONF_ACK,
2562 h->ident, origlen, h+1);
2563 }
2564
2565 free (buf, M_TEMP);
2566 return (rlen == 0);
2567 }
2568
2569 /*
2570 * Analyze the LCP Configure-Reject option list, and adjust our
2571 * negotiation.
2572 */
2573 static void
2574 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
2575 {
2576 STDDCL;
2577 u_char *buf, *p;
2578
2579 len -= 4;
2580 buf = malloc (len, M_TEMP, M_NOWAIT);
2581 if (!buf)
2582 return;
2583
2584 if (debug)
2585 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ",
2586 SPP_ARGS(ifp));
2587
2588 p = (void*) (h+1);
2589 for (; len >= 2 && p[1] >= 2 && len >= p[1];
2590 len -= p[1], p += p[1]) {
2591 if (debug)
2592 log(-1, " %s ", sppp_lcp_opt_name(*p));
2593 switch (*p) {
2594 case LCP_OPT_MAGIC:
2595 /* Magic number -- can't use it, use 0 */
2596 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC);
2597 sp->lcp.magic = 0;
2598 break;
2599 case LCP_OPT_MRU:
2600 /*
2601 * Should not be rejected anyway, since we only
2602 * negotiate a MRU if explicitly requested by
2603 * peer.
2604 */
2605 sp->lcp.opts &= ~(1 << LCP_OPT_MRU);
2606 break;
2607 case LCP_OPT_AUTH_PROTO:
2608 /*
2609 * Peer doesn't want to authenticate himself,
2610 * deny unless this is a dialout call, and
2611 * AUTHFLAG_NOCALLOUT is set.
2612 */
2613 if ((sp->pp_flags & PP_CALLIN) == 0 &&
2614 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) {
2615 if (debug)
2616 log(-1, "[don't insist on auth "
2617 "for callout]");
2618 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
2619 break;
2620 }
2621 if (debug)
2622 log(-1, "[access denied]\n");
2623 lcp.Close(sp);
2624 break;
2625 }
2626 }
2627 if (debug)
2628 log(-1, "\n");
2629 free (buf, M_TEMP);
2630 return;
2631 }
2632
2633 /*
2634 * Analyze the LCP Configure-NAK option list, and adjust our
2635 * negotiation.
2636 */
2637 static void
2638 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
2639 {
2640 STDDCL;
2641 u_char *buf, *p;
2642 u_long magic;
2643
2644 len -= 4;
2645 buf = malloc (len, M_TEMP, M_NOWAIT);
2646 if (!buf)
2647 return;
2648
2649 if (debug)
2650 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ",
2651 SPP_ARGS(ifp));
2652
2653 p = (void*) (h+1);
2654 for (; len >= 2 && p[1] >= 2 && len >= p[1];
2655 len -= p[1], p += p[1]) {
2656 if (debug)
2657 log(-1, " %s ", sppp_lcp_opt_name(*p));
2658 switch (*p) {
2659 case LCP_OPT_MAGIC:
2660 /* Magic number -- renegotiate */
2661 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) &&
2662 len >= 6 && p[1] == 6) {
2663 magic = (u_long)p[2] << 24 |
2664 (u_long)p[3] << 16 | p[4] << 8 | p[5];
2665 /*
2666 * If the remote magic is our negated one,
2667 * this looks like a loopback problem.
2668 * Suggest a new magic to make sure.
2669 */
2670 if (magic == ~sp->lcp.magic) {
2671 if (debug)
2672 log(-1, "magic glitch ");
2673 #if defined(__FreeBSD__) && __FreeBSD__ >= 3
2674 sp->lcp.magic = random();
2675 #else
2676 sp->lcp.magic = time.tv_sec + time.tv_usec;
2677 #endif
2678 } else {
2679 sp->lcp.magic = magic;
2680 if (debug)
2681 log(-1, "%lu ", magic);
2682 }
2683 }
2684 break;
2685 case LCP_OPT_MRU:
2686 /*
2687 * Peer wants to advise us to negotiate an MRU.
2688 * Agree on it if it's reasonable, or use
2689 * default otherwise.
2690 */
2691 if (len >= 4 && p[1] == 4) {
2692 u_int mru = p[2] * 256 + p[3];
2693 if (debug)
2694 log(-1, "%d ", mru);
2695 if (mru < PP_MTU || mru > PP_MAX_MRU)
2696 mru = PP_MTU;
2697 sp->lcp.mru = mru;
2698 sp->lcp.opts |= (1 << LCP_OPT_MRU);
2699 }
2700 break;
2701 case LCP_OPT_AUTH_PROTO:
2702 /*
2703 * Peer doesn't like our authentication method,
2704 * deny.
2705 */
2706 if (debug)
2707 log(-1, "[access denied]\n");
2708 lcp.Close(sp);
2709 break;
2710 }
2711 }
2712 if (debug)
2713 log(-1, "\n");
2714 free (buf, M_TEMP);
2715 return;
2716 }
2717
2718 static void
2719 sppp_lcp_tlu(struct sppp *sp)
2720 {
2721 STDDCL;
2722 int i;
2723 u_long mask;
2724
2725 /* XXX ? */
2726 if (! (ifp->if_flags & IFF_UP) &&
2727 (ifp->if_drv_flags & IFF_DRV_RUNNING)) {
2728 /* Coming out of loopback mode. */
2729 if_up(ifp);
2730 printf (SPP_FMT "up\n", SPP_ARGS(ifp));
2731 }
2732
2733 for (i = 0; i < IDX_COUNT; i++)
2734 if ((cps[i])->flags & CP_QUAL)
2735 (cps[i])->Open(sp);
2736
2737 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 ||
2738 (sp->pp_flags & PP_NEEDAUTH) != 0)
2739 sp->pp_phase = PHASE_AUTHENTICATE;
2740 else
2741 sp->pp_phase = PHASE_NETWORK;
2742
2743 if (debug)
2744 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
2745 sppp_phase_name(sp->pp_phase));
2746
2747 /*
2748 * Open all authentication protocols. This is even required
2749 * if we already proceeded to network phase, since it might be
2750 * that remote wants us to authenticate, so we might have to
2751 * send a PAP request. Undesired authentication protocols
2752 * don't do anything when they get an Open event.
2753 */
2754 for (i = 0; i < IDX_COUNT; i++)
2755 if ((cps[i])->flags & CP_AUTH)
2756 (cps[i])->Open(sp);
2757
2758 if (sp->pp_phase == PHASE_NETWORK) {
2759 /* Notify all NCPs. */
2760 for (i = 0; i < IDX_COUNT; i++)
2761 if (((cps[i])->flags & CP_NCP) &&
2762 /*
2763 * XXX
2764 * Hack to administratively disable IPv6 if
2765 * not desired. Perhaps we should have another
2766 * flag for this, but right now, we can make
2767 * all struct cp's read/only.
2768 */
2769 (cps[i] != &ipv6cp ||
2770 (sp->confflags & CONF_ENABLE_IPV6)))
2771 (cps[i])->Open(sp);
2772 }
2773
2774 /* Send Up events to all started protos. */
2775 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2776 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0)
2777 (cps[i])->Up(sp);
2778
2779 /* notify low-level driver of state change */
2780 if (sp->pp_chg)
2781 sp->pp_chg(sp, (int)sp->pp_phase);
2782
2783 if (sp->pp_phase == PHASE_NETWORK)
2784 /* if no NCP is starting, close down */
2785 sppp_lcp_check_and_close(sp);
2786 }
2787
2788 static void
2789 sppp_lcp_tld(struct sppp *sp)
2790 {
2791 STDDCL;
2792 int i;
2793 u_long mask;
2794
2795 sp->pp_phase = PHASE_TERMINATE;
2796
2797 if (debug)
2798 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
2799 sppp_phase_name(sp->pp_phase));
2800
2801 /*
2802 * Take upper layers down. We send the Down event first and
2803 * the Close second to prevent the upper layers from sending
2804 * ``a flurry of terminate-request packets'', as the RFC
2805 * describes it.
2806 */
2807 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2808 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) {
2809 (cps[i])->Down(sp);
2810 (cps[i])->Close(sp);
2811 }
2812 }
2813
2814 static void
2815 sppp_lcp_tls(struct sppp *sp)
2816 {
2817 STDDCL;
2818
2819 sp->pp_phase = PHASE_ESTABLISH;
2820
2821 if (debug)
2822 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
2823 sppp_phase_name(sp->pp_phase));
2824
2825 /* Notify lower layer if desired. */
2826 if (sp->pp_tls)
2827 (sp->pp_tls)(sp);
2828 else
2829 (sp->pp_up)(sp);
2830 }
2831
2832 static void
2833 sppp_lcp_tlf(struct sppp *sp)
2834 {
2835 STDDCL;
2836
2837 sp->pp_phase = PHASE_DEAD;
2838 if (debug)
2839 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
2840 sppp_phase_name(sp->pp_phase));
2841
2842 /* Notify lower layer if desired. */
2843 if (sp->pp_tlf)
2844 (sp->pp_tlf)(sp);
2845 else
2846 (sp->pp_down)(sp);
2847 }
2848
2849 static void
2850 sppp_lcp_scr(struct sppp *sp)
2851 {
2852 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */];
2853 int i = 0;
2854 u_short authproto;
2855
2856 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) {
2857 if (! sp->lcp.magic)
2858 #if defined(__FreeBSD__) && __FreeBSD__ >= 3
2859 sp->lcp.magic = random();
2860 #else
2861 sp->lcp.magic = time.tv_sec + time.tv_usec;
2862 #endif
2863 opt[i++] = LCP_OPT_MAGIC;
2864 opt[i++] = 6;
2865 opt[i++] = sp->lcp.magic >> 24;
2866 opt[i++] = sp->lcp.magic >> 16;
2867 opt[i++] = sp->lcp.magic >> 8;
2868 opt[i++] = sp->lcp.magic;
2869 }
2870
2871 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) {
2872 opt[i++] = LCP_OPT_MRU;
2873 opt[i++] = 4;
2874 opt[i++] = sp->lcp.mru >> 8;
2875 opt[i++] = sp->lcp.mru;
2876 }
2877
2878 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) {
2879 authproto = sp->hisauth.proto;
2880 opt[i++] = LCP_OPT_AUTH_PROTO;
2881 opt[i++] = authproto == PPP_CHAP? 5: 4;
2882 opt[i++] = authproto >> 8;
2883 opt[i++] = authproto;
2884 if (authproto == PPP_CHAP)
2885 opt[i++] = CHAP_MD5;
2886 }
2887
2888 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP];
2889 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt);
2890 }
2891
2892 /*
2893 * Check the open NCPs, return true if at least one NCP is open.
2894 */
2895 static int
2896 sppp_ncp_check(struct sppp *sp)
2897 {
2898 int i, mask;
2899
2900 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2901 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP)
2902 return 1;
2903 return 0;
2904 }
2905
2906 /*
2907 * Re-check the open NCPs and see if we should terminate the link.
2908 * Called by the NCPs during their tlf action handling.
2909 */
2910 static void
2911 sppp_lcp_check_and_close(struct sppp *sp)
2912 {
2913
2914 if (sp->pp_phase < PHASE_NETWORK)
2915 /* don't bother, we are already going down */
2916 return;
2917
2918 if (sppp_ncp_check(sp))
2919 return;
2920
2921 lcp.Close(sp);
2922 }
2923
2924 /*
2925 *--------------------------------------------------------------------------*
2926 * *
2927 * The IPCP implementation. *
2928 * *
2929 *--------------------------------------------------------------------------*
2930 */
2931
2932 static void
2933 sppp_ipcp_init(struct sppp *sp)
2934 {
2935 sp->ipcp.opts = 0;
2936 sp->ipcp.flags = 0;
2937 sp->state[IDX_IPCP] = STATE_INITIAL;
2938 sp->fail_counter[IDX_IPCP] = 0;
2939 sp->pp_seq[IDX_IPCP] = 0;
2940 sp->pp_rseq[IDX_IPCP] = 0;
2941 callout_init(&sp->ch[IDX_IPCP],
2942 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE);
2943 }
2944
2945 static void
2946 sppp_ipcp_up(struct sppp *sp)
2947 {
2948 sppp_up_event(&ipcp, sp);
2949 }
2950
2951 static void
2952 sppp_ipcp_down(struct sppp *sp)
2953 {
2954 sppp_down_event(&ipcp, sp);
2955 }
2956
2957 static void
2958 sppp_ipcp_open(struct sppp *sp)
2959 {
2960 STDDCL;
2961 u_long myaddr, hisaddr;
2962
2963 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN | IPCP_MYADDR_SEEN |
2964 IPCP_MYADDR_DYN | IPCP_VJ);
2965 sp->ipcp.opts = 0;
2966
2967 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0);
2968 /*
2969 * If we don't have his address, this probably means our
2970 * interface doesn't want to talk IP at all. (This could
2971 * be the case if somebody wants to speak only IPX, for
2972 * example.) Don't open IPCP in this case.
2973 */
2974 if (hisaddr == 0L) {
2975 /* XXX this message should go away */
2976 if (debug)
2977 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n",
2978 SPP_ARGS(ifp));
2979 return;
2980 }
2981 if (myaddr == 0L) {
2982 /*
2983 * I don't have an assigned address, so i need to
2984 * negotiate my address.
2985 */
2986 sp->ipcp.flags |= IPCP_MYADDR_DYN;
2987 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
2988 } else
2989 sp->ipcp.flags |= IPCP_MYADDR_SEEN;
2990 if (sp->confflags & CONF_ENABLE_VJ) {
2991 sp->ipcp.opts |= (1 << IPCP_OPT_COMPRESSION);
2992 sp->ipcp.max_state = MAX_STATES - 1;
2993 sp->ipcp.compress_cid = 1;
2994 }
2995 sppp_open_event(&ipcp, sp);
2996 }
2997
2998 static void
2999 sppp_ipcp_close(struct sppp *sp)
3000 {
3001 sppp_close_event(&ipcp, sp);
3002 if (sp->ipcp.flags & IPCP_MYADDR_DYN)
3003 /*
3004 * My address was dynamic, clear it again.
3005 */
3006 sppp_set_ip_addr(sp, 0L);
3007 }
3008
3009 static void
3010 sppp_ipcp_TO(void *cookie)
3011 {
3012 sppp_to_event(&ipcp, (struct sppp *)cookie);
3013 }
3014
3015 /*
3016 * Analyze a configure request. Return true if it was agreeable, and
3017 * caused action sca, false if it has been rejected or nak'ed, and
3018 * caused action scn. (The return value is used to make the state
3019 * transition decision in the state automaton.)
3020 */
3021 static int
3022 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
3023 {
3024 u_char *buf, *r, *p;
3025 struct ifnet *ifp = SP2IFP(sp);
3026 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG;
3027 u_long hisaddr, desiredaddr;
3028 int gotmyaddr = 0;
3029 int desiredcomp;
3030
3031 len -= 4;
3032 origlen = len;
3033 /*
3034 * Make sure to allocate a buf that can at least hold a
3035 * conf-nak with an `address' option. We might need it below.
3036 */
3037 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT);
3038 if (! buf)
3039 return (0);
3040
3041 /* pass 1: see if we can recognize them */
3042 if (debug)
3043 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ",
3044 SPP_ARGS(ifp));
3045 p = (void*) (h+1);
3046 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
3047 len-=p[1], p+=p[1]) {
3048 if (debug)
3049 log(-1, " %s ", sppp_ipcp_opt_name(*p));
3050 switch (*p) {
3051 case IPCP_OPT_COMPRESSION:
3052 if (!(sp->confflags & CONF_ENABLE_VJ)) {
3053 /* VJ compression administratively disabled */
3054 if (debug)
3055 log(-1, "[locally disabled] ");
3056 break;
3057 }
3058 /*
3059 * In theory, we should only conf-rej an
3060 * option that is shorter than RFC 1618
3061 * requires (i.e. < 4), and should conf-nak
3062 * anything else that is not VJ. However,
3063 * since our algorithm always uses the
3064 * original option to NAK it with new values,
3065 * things would become more complicated. In
3066 * pratice, the only commonly implemented IP
3067 * compression option is VJ anyway, so the
3068 * difference is negligible.
3069 */
3070 if (len >= 6 && p[1] == 6) {
3071 /*
3072 * correctly formed compression option
3073 * that could be VJ compression
3074 */
3075 continue;
3076 }
3077 if (debug)
3078 log(-1,
3079 "optlen %d [invalid/unsupported] ",
3080 p[1]);
3081 break;
3082 case IPCP_OPT_ADDRESS:
3083 if (len >= 6 && p[1] == 6) {
3084 /* correctly formed address option */
3085 continue;
3086 }
3087 if (debug)
3088 log(-1, "[invalid] ");
3089 break;
3090 default:
3091 /* Others not supported. */
3092 if (debug)
3093 log(-1, "[rej] ");
3094 break;
3095 }
3096 /* Add the option to rejected list. */
3097 bcopy (p, r, p[1]);
3098 r += p[1];
3099 rlen += p[1];
3100 }
3101 if (rlen) {
3102 if (debug)
3103 log(-1, " send conf-rej\n");
3104 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf);
3105 return 0;
3106 } else if (debug)
3107 log(-1, "\n");
3108
3109 /* pass 2: parse option values */
3110 sppp_get_ip_addrs(sp, 0, &hisaddr, 0);
3111 if (debug)
3112 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ",
3113 SPP_ARGS(ifp));
3114 p = (void*) (h+1);
3115 len = origlen;
3116 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
3117 len-=p[1], p+=p[1]) {
3118 if (debug)
3119 log(-1, " %s ", sppp_ipcp_opt_name(*p));
3120 switch (*p) {
3121 case IPCP_OPT_COMPRESSION:
3122 desiredcomp = p[2] << 8 | p[3];
3123 /* We only support VJ */
3124 if (desiredcomp == IPCP_COMP_VJ) {
3125 if (debug)
3126 log(-1, "VJ [ack] ");
3127 sp->ipcp.flags |= IPCP_VJ;
3128 sl_compress_init(sp->pp_comp, p[4]);
3129 sp->ipcp.max_state = p[4];
3130 sp->ipcp.compress_cid = p[5];
3131 continue;
3132 }
3133 if (debug)
3134 log(-1,
3135 "compproto %#04x [not supported] ",
3136 desiredcomp);
3137 p[2] = IPCP_COMP_VJ >> 8;
3138 p[3] = IPCP_COMP_VJ;
3139 p[4] = sp->ipcp.max_state;
3140 p[5] = sp->ipcp.compress_cid;
3141 break;
3142 case IPCP_OPT_ADDRESS:
3143 /* This is the address he wants in his end */
3144 desiredaddr = p[2] << 24 | p[3] << 16 |
3145 p[4] << 8 | p[5];
3146 if (desiredaddr == hisaddr ||
3147 (hisaddr >= 1 && hisaddr <= 254 && desiredaddr != 0)) {
3148 /*
3149 * Peer's address is same as our value,
3150 * or we have set it to 0.0.0.* to
3151 * indicate that we do not really care,
3152 * this is agreeable. Gonna conf-ack
3153 * it.
3154 */
3155 if (debug)
3156 log(-1, "%s [ack] ",
3157 sppp_dotted_quad(hisaddr));
3158 /* record that we've seen it already */
3159 sp->ipcp.flags |= IPCP_HISADDR_SEEN;
3160 continue;
3161 }
3162 /*
3163 * The address wasn't agreeable. This is either
3164 * he sent us 0.0.0.0, asking to assign him an
3165 * address, or he send us another address not
3166 * matching our value. Either case, we gonna
3167 * conf-nak it with our value.
3168 * XXX: we should "rej" if hisaddr == 0
3169 */
3170 if (debug) {
3171 if (desiredaddr == 0)
3172 log(-1, "[addr requested] ");
3173 else
3174 log(-1, "%s [not agreed] ",
3175 sppp_dotted_quad(desiredaddr));
3176
3177 }
3178 p[2] = hisaddr >> 24;
3179 p[3] = hisaddr >> 16;
3180 p[4] = hisaddr >> 8;
3181 p[5] = hisaddr;
3182 break;
3183 }
3184 /* Add the option to nak'ed list. */
3185 bcopy (p, r, p[1]);
3186 r += p[1];
3187 rlen += p[1];
3188 }
3189
3190 /*
3191 * If we are about to conf-ack the request, but haven't seen
3192 * his address so far, gonna conf-nak it instead, with the
3193 * `address' option present and our idea of his address being
3194 * filled in there, to request negotiation of both addresses.
3195 *
3196 * XXX This can result in an endless req - nak loop if peer
3197 * doesn't want to send us his address. Q: What should we do
3198 * about it? XXX A: implement the max-failure counter.
3199 */
3200 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) {
3201 buf[0] = IPCP_OPT_ADDRESS;
3202 buf[1] = 6;
3203 buf[2] = hisaddr >> 24;
3204 buf[3] = hisaddr >> 16;
3205 buf[4] = hisaddr >> 8;
3206 buf[5] = hisaddr;
3207 rlen = 6;
3208 if (debug)
3209 log(-1, "still need hisaddr ");
3210 }
3211
3212 if (rlen) {
3213 if (debug)
3214 log(-1, " send conf-nak\n");
3215 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf);
3216 } else {
3217 if (debug)
3218 log(-1, " send conf-ack\n");
3219 sppp_cp_send (sp, PPP_IPCP, CONF_ACK,
3220 h->ident, origlen, h+1);
3221 }
3222
3223 free (buf, M_TEMP);
3224 return (rlen == 0);
3225 }
3226
3227 /*
3228 * Analyze the IPCP Configure-Reject option list, and adjust our
3229 * negotiation.
3230 */
3231 static void
3232 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
3233 {
3234 u_char *buf, *p;
3235 struct ifnet *ifp = SP2IFP(sp);
3236 int debug = ifp->if_flags & IFF_DEBUG;
3237
3238 len -= 4;
3239 buf = malloc (len, M_TEMP, M_NOWAIT);
3240 if (!buf)
3241 return;
3242
3243 if (debug)
3244 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ",
3245 SPP_ARGS(ifp));
3246
3247 p = (void*) (h+1);
3248 for (; len >= 2 && p[1] >= 2 && len >= p[1];
3249 len -= p[1], p += p[1]) {
3250 if (debug)
3251 log(-1, " %s ", sppp_ipcp_opt_name(*p));
3252 switch (*p) {
3253 case IPCP_OPT_COMPRESSION:
3254 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESSION);
3255 break;
3256 case IPCP_OPT_ADDRESS:
3257 /*
3258 * Peer doesn't grok address option. This is
3259 * bad. XXX Should we better give up here?
3260 * XXX We could try old "addresses" option...
3261 */
3262 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS);
3263 break;
3264 }
3265 }
3266 if (debug)
3267 log(-1, "\n");
3268 free (buf, M_TEMP);
3269 return;
3270 }
3271
3272 /*
3273 * Analyze the IPCP Configure-NAK option list, and adjust our
3274 * negotiation.
3275 */
3276 static void
3277 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
3278 {
3279 u_char *buf, *p;
3280 struct ifnet *ifp = SP2IFP(sp);
3281 int debug = ifp->if_flags & IFF_DEBUG;
3282 int desiredcomp;
3283 u_long wantaddr;
3284
3285 len -= 4;
3286 buf = malloc (len, M_TEMP, M_NOWAIT);
3287 if (!buf)
3288 return;
3289
3290 if (debug)
3291 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ",
3292 SPP_ARGS(ifp));
3293
3294 p = (void*) (h+1);
3295 for (; len >= 2 && p[1] >= 2 && len >= p[1];
3296 len -= p[1], p += p[1]) {
3297 if (debug)
3298 log(-1, " %s ", sppp_ipcp_opt_name(*p));
3299 switch (*p) {
3300 case IPCP_OPT_COMPRESSION:
3301 if (len >= 6 && p[1] == 6) {
3302 desiredcomp = p[2] << 8 | p[3];
3303 if (debug)
3304 log(-1, "[wantcomp %#04x] ",
3305 desiredcomp);
3306 if (desiredcomp == IPCP_COMP_VJ) {
3307 sl_compress_init(sp->pp_comp, p[4]);
3308 sp->ipcp.max_state = p[4];
3309 sp->ipcp.compress_cid = p[5];
3310 if (debug)
3311 log(-1, "[agree] ");
3312 } else
3313 sp->ipcp.opts &=
3314 ~(1 << IPCP_OPT_COMPRESSION);
3315 }
3316 break;
3317 case IPCP_OPT_ADDRESS:
3318 /*
3319 * Peer doesn't like our local IP address. See
3320 * if we can do something for him. We'll drop
3321 * him our address then.
3322 */
3323 if (len >= 6 && p[1] == 6) {
3324 wantaddr = p[2] << 24 | p[3] << 16 |
3325 p[4] << 8 | p[5];
3326 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
3327 if (debug)
3328 log(-1, "[wantaddr %s] ",
3329 sppp_dotted_quad(wantaddr));
3330 /*
3331 * When doing dynamic address assignment,
3332 * we accept his offer. Otherwise, we
3333 * ignore it and thus continue to negotiate
3334 * our already existing value.
3335 * XXX: Bogus, if he said no once, he'll
3336 * just say no again, might as well die.
3337 */
3338 if (sp->ipcp.flags & IPCP_MYADDR_DYN) {
3339 sppp_set_ip_addr(sp, wantaddr);
3340 if (debug)
3341 log(-1, "[agree] ");
3342 sp->ipcp.flags |= IPCP_MYADDR_SEEN;
3343 }
3344 }
3345 break;
3346 }
3347 }
3348 if (debug)
3349 log(-1, "\n");
3350 free (buf, M_TEMP);
3351 return;
3352 }
3353
3354 static void
3355 sppp_ipcp_tlu(struct sppp *sp)
3356 {
3357 /* we are up - notify isdn daemon */
3358 if (sp->pp_con)
3359 sp->pp_con(sp);
3360 }
3361
3362 static void
3363 sppp_ipcp_tld(struct sppp *sp)
3364 {
3365 }
3366
3367 static void
3368 sppp_ipcp_tls(struct sppp *sp)
3369 {
3370 /* indicate to LCP that it must stay alive */
3371 sp->lcp.protos |= (1 << IDX_IPCP);
3372 }
3373
3374 static void
3375 sppp_ipcp_tlf(struct sppp *sp)
3376 {
3377 /* we no longer need LCP */
3378 sp->lcp.protos &= ~(1 << IDX_IPCP);
3379 sppp_lcp_check_and_close(sp);
3380 }
3381
3382 static void
3383 sppp_ipcp_scr(struct sppp *sp)
3384 {
3385 char opt[6 /* compression */ + 6 /* address */];
3386 u_long ouraddr;
3387 int i = 0;
3388
3389 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) {
3390 opt[i++] = IPCP_OPT_COMPRESSION;
3391 opt[i++] = 6;
3392 opt[i++] = IPCP_COMP_VJ >> 8;
3393 opt[i++] = IPCP_COMP_VJ;
3394 opt[i++] = sp->ipcp.max_state;
3395 opt[i++] = sp->ipcp.compress_cid;
3396 }
3397 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) {
3398 sppp_get_ip_addrs(sp, &ouraddr, 0, 0);
3399 opt[i++] = IPCP_OPT_ADDRESS;
3400 opt[i++] = 6;
3401 opt[i++] = ouraddr >> 24;
3402 opt[i++] = ouraddr >> 16;
3403 opt[i++] = ouraddr >> 8;
3404 opt[i++] = ouraddr;
3405 }
3406
3407 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP];
3408 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt);
3409 }
3410
3411 /*
3412 *--------------------------------------------------------------------------*
3413 * *
3414 * The IPv6CP implementation. *
3415 * *
3416 *--------------------------------------------------------------------------*
3417 */
3418
3419 #ifdef INET6
3420 static void
3421 sppp_ipv6cp_init(struct sppp *sp)
3422 {
3423 sp->ipv6cp.opts = 0;
3424 sp->ipv6cp.flags = 0;
3425 sp->state[IDX_IPV6CP] = STATE_INITIAL;
3426 sp->fail_counter[IDX_IPV6CP] = 0;
3427 sp->pp_seq[IDX_IPV6CP] = 0;
3428 sp->pp_rseq[IDX_IPV6CP] = 0;
3429 callout_init(&sp->ch[IDX_IPV6CP],
3430 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE);
3431 }
3432
3433 static void
3434 sppp_ipv6cp_up(struct sppp *sp)
3435 {
3436 sppp_up_event(&ipv6cp, sp);
3437 }
3438
3439 static void
3440 sppp_ipv6cp_down(struct sppp *sp)
3441 {
3442 sppp_down_event(&ipv6cp, sp);
3443 }
3444
3445 static void
3446 sppp_ipv6cp_open(struct sppp *sp)
3447 {
3448 STDDCL;
3449 struct in6_addr myaddr, hisaddr;
3450
3451 #ifdef IPV6CP_MYIFID_DYN
3452 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN);
3453 #else
3454 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN;
3455 #endif
3456
3457 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0);
3458 /*
3459 * If we don't have our address, this probably means our
3460 * interface doesn't want to talk IPv6 at all. (This could
3461 * be the case if somebody wants to speak only IPX, for
3462 * example.) Don't open IPv6CP in this case.
3463 */
3464 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) {
3465 /* XXX this message should go away */
3466 if (debug)
3467 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n",
3468 SPP_ARGS(ifp));
3469 return;
3470 }
3471
3472 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN;
3473 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID);
3474 sppp_open_event(&ipv6cp, sp);
3475 }
3476
3477 static void
3478 sppp_ipv6cp_close(struct sppp *sp)
3479 {
3480 sppp_close_event(&ipv6cp, sp);
3481 }
3482
3483 static void
3484 sppp_ipv6cp_TO(void *cookie)
3485 {
3486 sppp_to_event(&ipv6cp, (struct sppp *)cookie);
3487 }
3488
3489 /*
3490 * Analyze a configure request. Return true if it was agreeable, and
3491 * caused action sca, false if it has been rejected or nak'ed, and
3492 * caused action scn. (The return value is used to make the state
3493 * transition decision in the state automaton.)
3494 */
3495 static int
3496 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len)
3497 {
3498 u_char *buf, *r, *p;
3499 struct ifnet *ifp = SP2IFP(sp);
3500 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG;
3501 struct in6_addr myaddr, desiredaddr, suggestaddr;
3502 int ifidcount;
3503 int type;
3504 int collision, nohisaddr;
3505
3506 len -= 4;
3507 origlen = len;
3508 /*
3509 * Make sure to allocate a buf that can at least hold a
3510 * conf-nak with an `address' option. We might need it below.
3511 */
3512 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT);
3513 if (! buf)
3514 return (0);
3515
3516 /* pass 1: see if we can recognize them */
3517 if (debug)
3518 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:",
3519 SPP_ARGS(ifp));
3520 p = (void*) (h+1);
3521 ifidcount = 0;
3522 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
3523 len-=p[1], p+=p[1]) {
3524 if (debug)
3525 log(-1, " %s", sppp_ipv6cp_opt_name(*p));
3526 switch (*p) {
3527 case IPV6CP_OPT_IFID:
3528 if (len >= 10 && p[1] == 10 && ifidcount == 0) {
3529 /* correctly formed address option */
3530 ifidcount++;
3531 continue;
3532 }
3533 if (debug)
3534 log(-1, " [invalid]");
3535 break;
3536 #ifdef notyet
3537 case IPV6CP_OPT_COMPRESSION:
3538 if (len >= 4 && p[1] >= 4) {
3539 /* correctly formed compress option */
3540 continue;
3541 }
3542 if (debug)
3543 log(-1, " [invalid]");
3544 break;
3545 #endif
3546 default:
3547 /* Others not supported. */
3548 if (debug)
3549 log(-1, " [rej]");
3550 break;
3551 }
3552 /* Add the option to rejected list. */
3553 bcopy (p, r, p[1]);
3554 r += p[1];
3555 rlen += p[1];
3556 }
3557 if (rlen) {
3558 if (debug)
3559 log(-1, " send conf-rej\n");
3560 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf);
3561 goto end;
3562 } else if (debug)
3563 log(-1, "\n");
3564
3565 /* pass 2: parse option values */
3566 sppp_get_ip6_addrs(sp, &myaddr, 0, 0);
3567 if (debug)
3568 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ",
3569 SPP_ARGS(ifp));
3570 p = (void*) (h+1);
3571 len = origlen;
3572 type = CONF_ACK;
3573 for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
3574 len-=p[1], p+=p[1]) {
3575 if (debug)
3576 log(-1, " %s", sppp_ipv6cp_opt_name(*p));
3577 switch (*p) {
3578 #ifdef notyet
3579 case IPV6CP_OPT_COMPRESSION:
3580 continue;
3581 #endif
3582 case IPV6CP_OPT_IFID:
3583 bzero(&desiredaddr, sizeof(desiredaddr));
3584 bcopy(&p[2], &desiredaddr.s6_addr[8], 8);
3585 collision = (bcmp(&desiredaddr.s6_addr[8],
3586 &myaddr.s6_addr[8], 8) == 0);
3587 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr);
3588
3589 desiredaddr.s6_addr16[0] = htons(0xfe80);
3590 (void)in6_setscope(&desiredaddr, SP2IFP(sp), NULL);
3591
3592 if (!collision && !nohisaddr) {
3593 /* no collision, hisaddr known - Conf-Ack */
3594 type = CONF_ACK;
3595
3596 if (debug) {
3597 log(-1, " %s [%s]",
3598 ip6_sprintf(&desiredaddr),
3599 sppp_cp_type_name(type));
3600 }
3601 continue;
3602 }
3603
3604 bzero(&suggestaddr, sizeof(&suggestaddr));
3605 if (collision && nohisaddr) {
3606 /* collision, hisaddr unknown - Conf-Rej */
3607 type = CONF_REJ;
3608 bzero(&p[2], 8);
3609 } else {
3610 /*
3611 * - no collision, hisaddr unknown, or
3612 * - collision, hisaddr known
3613 * Conf-Nak, suggest hisaddr
3614 */
3615 type = CONF_NAK;
3616 sppp_suggest_ip6_addr(sp, &suggestaddr);
3617 bcopy(&suggestaddr.s6_addr[8], &p[2], 8);
3618 }
3619 if (debug)
3620 log(-1, " %s [%s]", ip6_sprintf(&desiredaddr),
3621 sppp_cp_type_name(type));
3622 break;
3623 }
3624 /* Add the option to nak'ed list. */
3625 bcopy (p, r, p[1]);
3626 r += p[1];
3627 rlen += p[1];
3628 }
3629
3630 if (rlen == 0 && type == CONF_ACK) {
3631 if (debug)
3632 log(-1, " send %s\n", sppp_cp_type_name(type));
3633 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1);
3634 } else {
3635 #ifdef DIAGNOSTIC
3636 if (type == CONF_ACK)
3637 panic("IPv6CP RCR: CONF_ACK with non-zero rlen");
3638 #endif
3639
3640 if (debug) {
3641 log(-1, " send %s suggest %s\n",
3642 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr));
3643 }
3644 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf);
3645 }
3646
3647 end:
3648 free (buf, M_TEMP);
3649 return (rlen == 0);
3650 }
3651
3652 /*
3653 * Analyze the IPv6CP Configure-Reject option list, and adjust our
3654 * negotiation.
3655 */
3656 static void
3657 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
3658 {
3659 u_char *buf, *p;
3660 struct ifnet *ifp = SP2IFP(sp);
3661 int debug = ifp->if_flags & IFF_DEBUG;
3662
3663 len -= 4;
3664 buf = malloc (len, M_TEMP, M_NOWAIT);
3665 if (!buf)
3666 return;
3667
3668 if (debug)
3669 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:",
3670 SPP_ARGS(ifp));
3671
3672 p = (void*) (h+1);
3673 for (; len >= 2 && p[1] >= 2 && len >= p[1];
3674 len -= p[1], p += p[1]) {
3675 if (debug)
3676 log(-1, " %s", sppp_ipv6cp_opt_name(*p));
3677 switch (*p) {
3678 case IPV6CP_OPT_IFID:
3679 /*
3680 * Peer doesn't grok address option. This is
3681 * bad. XXX Should we better give up here?
3682 */
3683 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID);
3684 break;
3685 #ifdef notyet
3686 case IPV6CP_OPT_COMPRESS:
3687 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS);
3688 break;
3689 #endif
3690 }
3691 }
3692 if (debug)
3693 log(-1, "\n");
3694 free (buf, M_TEMP);
3695 return;
3696 }
3697
3698 /*
3699 * Analyze the IPv6CP Configure-NAK option list, and adjust our
3700 * negotiation.
3701 */
3702 static void
3703 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
3704 {
3705 u_char *buf, *p;
3706 struct ifnet *ifp = SP2IFP(sp);
3707 int debug = ifp->if_flags & IFF_DEBUG;
3708 struct in6_addr suggestaddr;
3709
3710 len -= 4;
3711 buf = malloc (len, M_TEMP, M_NOWAIT);
3712 if (!buf)
3713 return;
3714
3715 if (debug)
3716 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:",
3717 SPP_ARGS(ifp));
3718
3719 p = (void*) (h+1);
3720 for (; len >= 2 && p[1] >= 2 && len >= p[1];
3721 len -= p[1], p += p[1]) {
3722 if (debug)
3723 log(-1, " %s", sppp_ipv6cp_opt_name(*p));
3724 switch (*p) {
3725 case IPV6CP_OPT_IFID:
3726 /*
3727 * Peer doesn't like our local ifid. See
3728 * if we can do something for him. We'll drop
3729 * him our address then.
3730 */
3731 if (len < 10 || p[1] != 10)
3732 break;
3733 bzero(&suggestaddr, sizeof(suggestaddr));
3734 suggestaddr.s6_addr16[0] = htons(0xfe80);
3735 (void)in6_setscope(&suggestaddr, SP2IFP(sp), NULL);
3736 bcopy(&p[2], &suggestaddr.s6_addr[8], 8);
3737
3738 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID);
3739 if (debug)
3740 log(-1, " [suggestaddr %s]",
3741 ip6_sprintf(&suggestaddr));
3742 #ifdef IPV6CP_MYIFID_DYN
3743 /*
3744 * When doing dynamic address assignment,
3745 * we accept his offer.
3746 */
3747 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) {
3748 struct in6_addr lastsuggest;
3749 /*
3750 * If <suggested myaddr from peer> equals to
3751 * <hisaddr we have suggested last time>,
3752 * we have a collision. generate new random
3753 * ifid.
3754 */
3755 sppp_suggest_ip6_addr(&lastsuggest);
3756 if (IN6_ARE_ADDR_EQUAL(&suggestaddr,
3757 lastsuggest)) {
3758 if (debug)
3759 log(-1, " [random]");
3760 sppp_gen_ip6_addr(sp, &suggestaddr);
3761 }
3762 sppp_set_ip6_addr(sp, &suggestaddr, 0);
3763 if (debug)
3764 log(-1, " [agree]");
3765 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN;
3766 }
3767 #else
3768 /*
3769 * Since we do not do dynamic address assignment,
3770 * we ignore it and thus continue to negotiate
3771 * our already existing value. This can possibly
3772 * go into infinite request-reject loop.
3773 *
3774 * This is not likely because we normally use
3775 * ifid based on MAC-address.
3776 * If you have no ethernet card on the node, too bad.
3777 * XXX should we use fail_counter?
3778 */
3779 #endif
3780 break;
3781 #ifdef notyet
3782 case IPV6CP_OPT_COMPRESS:
3783 /*
3784 * Peer wants different compression parameters.
3785 */
3786 break;
3787 #endif
3788 }
3789 }
3790 if (debug)
3791 log(-1, "\n");
3792 free (buf, M_TEMP);
3793 return;
3794 }
3795 static void
3796 sppp_ipv6cp_tlu(struct sppp *sp)
3797 {
3798 /* we are up - notify isdn daemon */
3799 if (sp->pp_con)
3800 sp->pp_con(sp);
3801 }
3802
3803 static void
3804 sppp_ipv6cp_tld(struct sppp *sp)
3805 {
3806 }
3807
3808 static void
3809 sppp_ipv6cp_tls(struct sppp *sp)
3810 {
3811 /* indicate to LCP that it must stay alive */
3812 sp->lcp.protos |= (1 << IDX_IPV6CP);
3813 }
3814
3815 static void
3816 sppp_ipv6cp_tlf(struct sppp *sp)
3817 {
3818
3819 #if 0 /* need #if 0 to close IPv6CP properly */
3820 /* we no longer need LCP */
3821 sp->lcp.protos &= ~(1 << IDX_IPV6CP);
3822 sppp_lcp_check_and_close(sp);
3823 #endif
3824 }
3825
3826 static void
3827 sppp_ipv6cp_scr(struct sppp *sp)
3828 {
3829 char opt[10 /* ifid */ + 4 /* compression, minimum */];
3830 struct in6_addr ouraddr;
3831 int i = 0;
3832
3833 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) {
3834 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0);
3835 opt[i++] = IPV6CP_OPT_IFID;
3836 opt[i++] = 10;
3837 bcopy(&ouraddr.s6_addr[8], &opt[i], 8);
3838 i += 8;
3839 }
3840
3841 #ifdef notyet
3842 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) {
3843 opt[i++] = IPV6CP_OPT_COMPRESSION;
3844 opt[i++] = 4;
3845 opt[i++] = 0; /* TBD */
3846 opt[i++] = 0; /* TBD */
3847 /* variable length data may follow */
3848 }
3849 #endif
3850
3851 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP];
3852 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt);
3853 }
3854 #else /*INET6*/
3855 static void sppp_ipv6cp_init(struct sppp *sp)
3856 {
3857 }
3858
3859 static void sppp_ipv6cp_up(struct sppp *sp)
3860 {
3861 }
3862
3863 static void sppp_ipv6cp_down(struct sppp *sp)
3864 {
3865 }
3866
3867
3868 static void sppp_ipv6cp_open(struct sppp *sp)
3869 {
3870 }
3871
3872 static void sppp_ipv6cp_close(struct sppp *sp)
3873 {
3874 }
3875
3876 static void sppp_ipv6cp_TO(void *sp)
3877 {
3878 }
3879
3880 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len)
3881 {
3882 return 0;
3883 }
3884
3885 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
3886 {
3887 }
3888
3889 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
3890 {
3891 }
3892
3893 static void sppp_ipv6cp_tlu(struct sppp *sp)
3894 {
3895 }
3896
3897 static void sppp_ipv6cp_tld(struct sppp *sp)
3898 {
3899 }
3900
3901 static void sppp_ipv6cp_tls(struct sppp *sp)
3902 {
3903 }
3904
3905 static void sppp_ipv6cp_tlf(struct sppp *sp)
3906 {
3907 }
3908
3909 static void sppp_ipv6cp_scr(struct sppp *sp)
3910 {
3911 }
3912 #endif /*INET6*/
3913
3914 /*
3915 *--------------------------------------------------------------------------*
3916 * *
3917 * The CHAP implementation. *
3918 * *
3919 *--------------------------------------------------------------------------*
3920 */
3921
3922 /*
3923 * The authentication protocols don't employ a full-fledged state machine as
3924 * the control protocols do, since they do have Open and Close events, but
3925 * not Up and Down, nor are they explicitly terminated. Also, use of the
3926 * authentication protocols may be different in both directions (this makes
3927 * sense, think of a machine that never accepts incoming calls but only
3928 * calls out, it doesn't require the called party to authenticate itself).
3929 *
3930 * Our state machine for the local authentication protocol (we are requesting
3931 * the peer to authenticate) looks like:
3932 *
3933 * RCA-
3934 * +--------------------------------------------+
3935 * V scn,tld|
3936 * +--------+ Close +---------+ RCA+
3937 * | |<----------------------------------| |------+
3938 * +--->| Closed | TO* | Opened | sca |
3939 * | | |-----+ +-------| |<-----+
3940 * | +--------+ irc | | +---------+
3941 * | ^ | | ^
3942 * | | | | |
3943 * | | | | |
3944 * | TO-| | | |
3945 * | |tld TO+ V | |
3946 * | | +------->+ | |
3947 * | | | | | |
3948 * | +--------+ V | |
3949 * | | |<----+<--------------------+ |
3950 * | | Req- | scr |
3951 * | | Sent | |
3952 * | | | |
3953 * | +--------+ |
3954 * | RCA- | | RCA+ |
3955 * +------+ +------------------------------------------+
3956 * scn,tld sca,irc,ict,tlu
3957 *
3958 *
3959 * with:
3960 *
3961 * Open: LCP reached authentication phase
3962 * Close: LCP reached terminate phase
3963 *
3964 * RCA+: received reply (pap-req, chap-response), acceptable
3965 * RCN: received reply (pap-req, chap-response), not acceptable
3966 * TO+: timeout with restart counter >= 0
3967 * TO-: timeout with restart counter < 0
3968 * TO*: reschedule timeout for CHAP
3969 *
3970 * scr: send request packet (none for PAP, chap-challenge)
3971 * sca: send ack packet (pap-ack, chap-success)
3972 * scn: send nak packet (pap-nak, chap-failure)
3973 * ict: initialize re-challenge timer (CHAP only)
3974 *
3975 * tlu: this-layer-up, LCP reaches network phase
3976 * tld: this-layer-down, LCP enters terminate phase
3977 *
3978 * Note that in CHAP mode, after sending a new challenge, while the state
3979 * automaton falls back into Req-Sent state, it doesn't signal a tld
3980 * event to LCP, so LCP remains in network phase. Only after not getting
3981 * any response (or after getting an unacceptable response), CHAP closes,
3982 * causing LCP to enter terminate phase.
3983 *
3984 * With PAP, there is no initial request that can be sent. The peer is
3985 * expected to send one based on the successful negotiation of PAP as
3986 * the authentication protocol during the LCP option negotiation.
3987 *
3988 * Incoming authentication protocol requests (remote requests
3989 * authentication, we are peer) don't employ a state machine at all,
3990 * they are simply answered. Some peers [Ascend P50 firmware rev
3991 * 4.50] react allergically when sending IPCP requests while they are
3992 * still in authentication phase (thereby violating the standard that
3993 * demands that these NCP packets are to be discarded), so we keep
3994 * track of the peer demanding us to authenticate, and only proceed to
3995 * phase network once we've seen a positive acknowledge for the
3996 * authentication.
3997 */
3998
3999 /*
4000 * Handle incoming CHAP packets.
4001 */
4002 static void
4003 sppp_chap_input(struct sppp *sp, struct mbuf *m)
4004 {
4005 STDDCL;
4006 struct lcp_header *h;
4007 int len, x;
4008 u_char *value, *name, digest[AUTHKEYLEN], dsize;
4009 int value_len, name_len;
4010 MD5_CTX ctx;
4011
4012 len = m->m_pkthdr.len;
4013 if (len < 4) {
4014 if (debug)
4015 log(LOG_DEBUG,
4016 SPP_FMT "chap invalid packet length: %d bytes\n",
4017 SPP_ARGS(ifp), len);
4018 return;
4019 }
4020 h = mtod (m, struct lcp_header*);
4021 if (len > ntohs (h->len))
4022 len = ntohs (h->len);
4023
4024 switch (h->type) {
4025 /* challenge, failure and success are his authproto */
4026 case CHAP_CHALLENGE:
4027 value = 1 + (u_char*)(h+1);
4028 value_len = value[-1];
4029 name = value + value_len;
4030 name_len = len - value_len - 5;
4031 if (name_len < 0) {
4032 if (debug) {
4033 log(LOG_DEBUG,
4034 SPP_FMT "chap corrupted challenge "
4035 "<%s id=0x%x len=%d",
4036 SPP_ARGS(ifp),
4037 sppp_auth_type_name(PPP_CHAP, h->type),
4038 h->ident, ntohs(h->len));
4039 sppp_print_bytes((u_char*) (h+1), len-4);
4040 log(-1, ">\n");
4041 }
4042 break;
4043 }
4044
4045 if (debug) {
4046 log(LOG_DEBUG,
4047 SPP_FMT "chap input <%s id=0x%x len=%d name=",
4048 SPP_ARGS(ifp),
4049 sppp_auth_type_name(PPP_CHAP, h->type), h->ident,
4050 ntohs(h->len));
4051 sppp_print_string((char*) name, name_len);
4052 log(-1, " value-size=%d value=", value_len);
4053 sppp_print_bytes(value, value_len);
4054 log(-1, ">\n");
4055 }
4056
4057 /* Compute reply value. */
4058 MD5Init(&ctx);
4059 MD5Update(&ctx, &h->ident, 1);
4060 MD5Update(&ctx, sp->myauth.secret,
4061 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN));
4062 MD5Update(&ctx, value, value_len);
4063 MD5Final(digest, &ctx);
4064 dsize = sizeof digest;
4065
4066 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident,
4067 sizeof dsize, (const char *)&dsize,
4068 sizeof digest, digest,
4069 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN),
4070 sp->myauth.name,
4071 0);
4072 break;
4073
4074 case CHAP_SUCCESS:
4075 if (debug) {
4076 log(LOG_DEBUG, SPP_FMT "chap success",
4077 SPP_ARGS(ifp));
4078 if (len > 4) {
4079 log(-1, ": ");
4080 sppp_print_string((char*)(h + 1), len - 4);
4081 }
4082 log(-1, "\n");
4083 }
4084 x = splimp();
4085 SPPP_LOCK(sp);
4086 sp->pp_flags &= ~PP_NEEDAUTH;
4087 if (sp->myauth.proto == PPP_CHAP &&
4088 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) &&
4089 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) {
4090 /*
4091 * We are authenticator for CHAP but didn't
4092 * complete yet. Leave it to tlu to proceed
4093 * to network phase.
4094 */
4095 SPPP_UNLOCK(sp);
4096 splx(x);
4097 break;
4098 }
4099 SPPP_UNLOCK(sp);
4100 splx(x);
4101 sppp_phase_network(sp);
4102 break;
4103
4104 case CHAP_FAILURE:
4105 if (debug) {
4106 log(LOG_INFO, SPP_FMT "chap failure",
4107 SPP_ARGS(ifp));
4108 if (len > 4) {
4109 log(-1, ": ");
4110 sppp_print_string((char*)(h + 1), len - 4);
4111 }
4112 log(-1, "\n");
4113 } else
4114 log(LOG_INFO, SPP_FMT "chap failure\n",
4115 SPP_ARGS(ifp));
4116 /* await LCP shutdown by authenticator */
4117 break;
4118
4119 /* response is my authproto */
4120 case CHAP_RESPONSE:
4121 value = 1 + (u_char*)(h+1);
4122 value_len = value[-1];
4123 name = value + value_len;
4124 name_len = len - value_len - 5;
4125 if (name_len < 0) {
4126 if (debug) {
4127 log(LOG_DEBUG,
4128 SPP_FMT "chap corrupted response "
4129 "<%s id=0x%x len=%d",
4130 SPP_ARGS(ifp),
4131 sppp_auth_type_name(PPP_CHAP, h->type),
4132 h->ident, ntohs(h->len));
4133 sppp_print_bytes((u_char*)(h+1), len-4);
4134 log(-1, ">\n");
4135 }
4136 break;
4137 }
4138 if (h->ident != sp->confid[IDX_CHAP]) {
4139 if (debug)
4140 log(LOG_DEBUG,
4141 SPP_FMT "chap dropping response for old ID "
4142 "(got %d, expected %d)\n",
4143 SPP_ARGS(ifp),
4144 h->ident, sp->confid[IDX_CHAP]);
4145 break;
4146 }
4147 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)
4148 || bcmp(name, sp->hisauth.name, name_len) != 0) {
4149 log(LOG_INFO, SPP_FMT "chap response, his name ",
4150 SPP_ARGS(ifp));
4151 sppp_print_string(name, name_len);
4152 log(-1, " != expected ");
4153 sppp_print_string(sp->hisauth.name,
4154 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN));
4155 log(-1, "\n");
4156 }
4157 if (debug) {
4158 log(LOG_DEBUG, SPP_FMT "chap input(%s) "
4159 "<%s id=0x%x len=%d name=",
4160 SPP_ARGS(ifp),
4161 sppp_state_name(sp->state[IDX_CHAP]),
4162 sppp_auth_type_name(PPP_CHAP, h->type),
4163 h->ident, ntohs (h->len));
4164 sppp_print_string((char*)name, name_len);
4165 log(-1, " value-size=%d value=", value_len);
4166 sppp_print_bytes(value, value_len);
4167 log(-1, ">\n");
4168 }
4169 if (value_len != AUTHKEYLEN) {
4170 if (debug)
4171 log(LOG_DEBUG,
4172 SPP_FMT "chap bad hash value length: "
4173 "%d bytes, should be %d\n",
4174 SPP_ARGS(ifp), value_len,
4175 AUTHKEYLEN);
4176 break;
4177 }
4178
4179 MD5Init(&ctx);
4180 MD5Update(&ctx, &h->ident, 1);
4181 MD5Update(&ctx, sp->hisauth.secret,
4182 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN));
4183 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN);
4184 MD5Final(digest, &ctx);
4185
4186 #define FAILMSG "Failed..."
4187 #define SUCCMSG "Welcome!"
4188
4189 if (value_len != sizeof digest ||
4190 bcmp(digest, value, value_len) != 0) {
4191 /* action scn, tld */
4192 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident,
4193 sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
4194 0);
4195 chap.tld(sp);
4196 break;
4197 }
4198 /* action sca, perhaps tlu */
4199 if (sp->state[IDX_CHAP] == STATE_REQ_SENT ||
4200 sp->state[IDX_CHAP] == STATE_OPENED)
4201 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident,
4202 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
4203 0);
4204 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) {
4205 sppp_cp_change_state(&chap, sp, STATE_OPENED);
4206 chap.tlu(sp);
4207 }
4208 break;
4209
4210 default:
4211 /* Unknown CHAP packet type -- ignore. */
4212 if (debug) {
4213 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) "
4214 "<0x%x id=0x%xh len=%d",
4215 SPP_ARGS(ifp),
4216 sppp_state_name(sp->state[IDX_CHAP]),
4217 h->type, h->ident, ntohs(h->len));
4218 sppp_print_bytes((u_char*)(h+1), len-4);
4219 log(-1, ">\n");
4220 }
4221 break;
4222
4223 }
4224 }
4225
4226 static void
4227 sppp_chap_init(struct sppp *sp)
4228 {
4229 /* Chap doesn't have STATE_INITIAL at all. */
4230 sp->state[IDX_CHAP] = STATE_CLOSED;
4231 sp->fail_counter[IDX_CHAP] = 0;
4232 sp->pp_seq[IDX_CHAP] = 0;
4233 sp->pp_rseq[IDX_CHAP] = 0;
4234 callout_init(&sp->ch[IDX_CHAP],
4235 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE);
4236 }
4237
4238 static void
4239 sppp_chap_open(struct sppp *sp)
4240 {
4241 if (sp->myauth.proto == PPP_CHAP &&
4242 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
4243 /* we are authenticator for CHAP, start it */
4244 chap.scr(sp);
4245 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
4246 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
4247 }
4248 /* nothing to be done if we are peer, await a challenge */
4249 }
4250
4251 static void
4252 sppp_chap_close(struct sppp *sp)
4253 {
4254 if (sp->state[IDX_CHAP] != STATE_CLOSED)
4255 sppp_cp_change_state(&chap, sp, STATE_CLOSED);
4256 }
4257
4258 static void
4259 sppp_chap_TO(void *cookie)
4260 {
4261 struct sppp *sp = (struct sppp *)cookie;
4262 STDDCL;
4263 int s;
4264
4265 s = splimp();
4266 SPPP_LOCK(sp);
4267 if (debug)
4268 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n",
4269 SPP_ARGS(ifp),
4270 sppp_state_name(sp->state[IDX_CHAP]),
4271 sp->rst_counter[IDX_CHAP]);
4272
4273 if (--sp->rst_counter[IDX_CHAP] < 0)
4274 /* TO- event */
4275 switch (sp->state[IDX_CHAP]) {
4276 case STATE_REQ_SENT:
4277 chap.tld(sp);
4278 sppp_cp_change_state(&chap, sp, STATE_CLOSED);
4279 break;
4280 }
4281 else
4282 /* TO+ (or TO*) event */
4283 switch (sp->state[IDX_CHAP]) {
4284 case STATE_OPENED:
4285 /* TO* event */
4286 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
4287 /* FALLTHROUGH */
4288 case STATE_REQ_SENT:
4289 chap.scr(sp);
4290 /* sppp_cp_change_state() will restart the timer */
4291 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
4292 break;
4293 }
4294
4295 SPPP_UNLOCK(sp);
4296 splx(s);
4297 }
4298
4299 static void
4300 sppp_chap_tlu(struct sppp *sp)
4301 {
4302 STDDCL;
4303 int i, x;
4304
4305 i = 0;
4306 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
4307
4308 /*
4309 * Some broken CHAP implementations (Conware CoNet, firmware
4310 * 4.0.?) don't want to re-authenticate their CHAP once the
4311 * initial challenge-response exchange has taken place.
4312 * Provide for an option to avoid rechallenges.
4313 */
4314 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) {
4315 /*
4316 * Compute the re-challenge timeout. This will yield
4317 * a number between 300 and 810 seconds.
4318 */
4319 i = 300 + ((unsigned)(random() & 0xff00) >> 7);
4320 callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, (void *)sp);
4321 }
4322
4323 if (debug) {
4324 log(LOG_DEBUG,
4325 SPP_FMT "chap %s, ",
4326 SPP_ARGS(ifp),
4327 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu");
4328 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0)
4329 log(-1, "next re-challenge in %d seconds\n", i);
4330 else
4331 log(-1, "re-challenging supressed\n");
4332 }
4333
4334 x = splimp();
4335 SPPP_LOCK(sp);
4336 /* indicate to LCP that we need to be closed down */
4337 sp->lcp.protos |= (1 << IDX_CHAP);
4338
4339 if (sp->pp_flags & PP_NEEDAUTH) {
4340 /*
4341 * Remote is authenticator, but his auth proto didn't
4342 * complete yet. Defer the transition to network
4343 * phase.
4344 */
4345 SPPP_UNLOCK(sp);
4346 splx(x);
4347 return;
4348 }
4349 SPPP_UNLOCK(sp);
4350 splx(x);
4351
4352 /*
4353 * If we are already in phase network, we are done here. This
4354 * is the case if this is a dummy tlu event after a re-challenge.
4355 */
4356 if (sp->pp_phase != PHASE_NETWORK)
4357 sppp_phase_network(sp);
4358 }
4359
4360 static void
4361 sppp_chap_tld(struct sppp *sp)
4362 {
4363 STDDCL;
4364
4365 if (debug)
4366 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp));
4367 callout_stop(&sp->ch[IDX_CHAP]);
4368 sp->lcp.protos &= ~(1 << IDX_CHAP);
4369
4370 lcp.Close(sp);
4371 }
4372
4373 static void
4374 sppp_chap_scr(struct sppp *sp)
4375 {
4376 u_long *ch, seed;
4377 u_char clen;
4378
4379 /* Compute random challenge. */
4380 ch = (u_long *)sp->myauth.challenge;
4381 #if defined(__FreeBSD__) && __FreeBSD__ >= 3
4382 read_random(&seed, sizeof seed);
4383 #else
4384 {
4385 struct timeval tv;
4386 microtime(&tv);
4387 seed = tv.tv_sec ^ tv.tv_usec;
4388 }
4389 #endif
4390 ch[0] = seed ^ random();
4391 ch[1] = seed ^ random();
4392 ch[2] = seed ^ random();
4393 ch[3] = seed ^ random();
4394 clen = AUTHKEYLEN;
4395
4396 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP];
4397
4398 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP],
4399 sizeof clen, (const char *)&clen,
4400 (size_t)AUTHKEYLEN, sp->myauth.challenge,
4401 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN),
4402 sp->myauth.name,
4403 0);
4404 }
4405
4406 /*
4407 *--------------------------------------------------------------------------*
4408 * *
4409 * The PAP implementation. *
4410 * *
4411 *--------------------------------------------------------------------------*
4412 */
4413 /*
4414 * For PAP, we need to keep a little state also if we are the peer, not the
4415 * authenticator. This is since we don't get a request to authenticate, but
4416 * have to repeatedly authenticate ourself until we got a response (or the
4417 * retry counter is expired).
4418 */
4419
4420 /*
4421 * Handle incoming PAP packets. */
4422 static void
4423 sppp_pap_input(struct sppp *sp, struct mbuf *m)
4424 {
4425 STDDCL;
4426 struct lcp_header *h;
4427 int len, x;
4428 u_char *name, *passwd, mlen;
4429 int name_len, passwd_len;
4430
4431 len = m->m_pkthdr.len;
4432 if (len < 5) {
4433 if (debug)
4434 log(LOG_DEBUG,
4435 SPP_FMT "pap invalid packet length: %d bytes\n",
4436 SPP_ARGS(ifp), len);
4437 return;
4438 }
4439 h = mtod (m, struct lcp_header*);
4440 if (len > ntohs (h->len))
4441 len = ntohs (h->len);
4442 switch (h->type) {
4443 /* PAP request is my authproto */
4444 case PAP_REQ:
4445 name = 1 + (u_char*)(h+1);
4446 name_len = name[-1];
4447 passwd = name + name_len + 1;
4448 if (name_len > len - 6 ||
4449 (passwd_len = passwd[-1]) > len - 6 - name_len) {
4450 if (debug) {
4451 log(LOG_DEBUG, SPP_FMT "pap corrupted input "
4452 "<%s id=0x%x len=%d",
4453 SPP_ARGS(ifp),
4454 sppp_auth_type_name(PPP_PAP, h->type),
4455 h->ident, ntohs(h->len));
4456 sppp_print_bytes((u_char*)(h+1), len-4);
4457 log(-1, ">\n");
4458 }
4459 break;
4460 }
4461 if (debug) {
4462 log(LOG_DEBUG, SPP_FMT "pap input(%s) "
4463 "<%s id=0x%x len=%d name=",
4464 SPP_ARGS(ifp),
4465 sppp_state_name(sp->state[IDX_PAP]),
4466 sppp_auth_type_name(PPP_PAP, h->type),
4467 h->ident, ntohs(h->len));
4468 sppp_print_string((char*)name, name_len);
4469 log(-1, " passwd=");
4470 sppp_print_string((char*)passwd, passwd_len);
4471 log(-1, ">\n");
4472 }
4473 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) ||
4474 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) ||
4475 bcmp(name, sp->hisauth.name, name_len) != 0 ||
4476 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) {
4477 /* action scn, tld */
4478 mlen = sizeof(FAILMSG) - 1;
4479 sppp_auth_send(&pap, sp, PAP_NAK, h->ident,
4480 sizeof mlen, (const char *)&mlen,
4481 sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
4482 0);
4483 pap.tld(sp);
4484 break;
4485 }
4486 /* action sca, perhaps tlu */
4487 if (sp->state[IDX_PAP] == STATE_REQ_SENT ||
4488 sp->state[IDX_PAP] == STATE_OPENED) {
4489 mlen = sizeof(SUCCMSG) - 1;
4490 sppp_auth_send(&pap, sp, PAP_ACK, h->ident,
4491 sizeof mlen, (const char *)&mlen,
4492 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
4493 0);
4494 }
4495 if (sp->state[IDX_PAP] == STATE_REQ_SENT) {
4496 sppp_cp_change_state(&pap, sp, STATE_OPENED);
4497 pap.tlu(sp);
4498 }
4499 break;
4500
4501 /* ack and nak are his authproto */
4502 case PAP_ACK:
4503 callout_stop(&sp->pap_my_to_ch);
4504 if (debug) {
4505 log(LOG_DEBUG, SPP_FMT "pap success",
4506 SPP_ARGS(ifp));
4507 name_len = *((char *)h);
4508 if (len > 5 && name_len) {
4509 log(-1, ": ");
4510 sppp_print_string((char*)(h+1), name_len);
4511 }
4512 log(-1, "\n");
4513 }
4514 x = splimp();
4515 SPPP_LOCK(sp);
4516 sp->pp_flags &= ~PP_NEEDAUTH;
4517 if (sp->myauth.proto == PPP_PAP &&
4518 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) &&
4519 (sp->lcp.protos & (1 << IDX_PAP)) == 0) {
4520 /*
4521 * We are authenticator for PAP but didn't
4522 * complete yet. Leave it to tlu to proceed
4523 * to network phase.
4524 */
4525 SPPP_UNLOCK(sp);
4526 splx(x);
4527 break;
4528 }
4529 SPPP_UNLOCK(sp);
4530 splx(x);
4531 sppp_phase_network(sp);
4532 break;
4533
4534 case PAP_NAK:
4535 callout_stop (&sp->pap_my_to_ch);
4536 if (debug) {
4537 log(LOG_INFO, SPP_FMT "pap failure",
4538 SPP_ARGS(ifp));
4539 name_len = *((char *)h);
4540 if (len > 5 && name_len) {
4541 log(-1, ": ");
4542 sppp_print_string((char*)(h+1), name_len);
4543 }
4544 log(-1, "\n");
4545 } else
4546 log(LOG_INFO, SPP_FMT "pap failure\n",
4547 SPP_ARGS(ifp));
4548 /* await LCP shutdown by authenticator */
4549 break;
4550
4551 default:
4552 /* Unknown PAP packet type -- ignore. */
4553 if (debug) {
4554 log(LOG_DEBUG, SPP_FMT "pap corrupted input "
4555 "<0x%x id=0x%x len=%d",
4556 SPP_ARGS(ifp),
4557 h->type, h->ident, ntohs(h->len));
4558 sppp_print_bytes((u_char*)(h+1), len-4);
4559 log(-1, ">\n");
4560 }
4561 break;
4562
4563 }
4564 }
4565
4566 static void
4567 sppp_pap_init(struct sppp *sp)
4568 {
4569 /* PAP doesn't have STATE_INITIAL at all. */
4570 sp->state[IDX_PAP] = STATE_CLOSED;
4571 sp->fail_counter[IDX_PAP] = 0;
4572 sp->pp_seq[IDX_PAP] = 0;
4573 sp->pp_rseq[IDX_PAP] = 0;
4574 callout_init(&sp->ch[IDX_PAP],
4575 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE);
4576 callout_init(&sp->pap_my_to_ch,
4577 (SP2IFP(sp)->if_flags & IFF_NEEDSGIANT) ? 0 : CALLOUT_MPSAFE);
4578 }
4579
4580 static void
4581 sppp_pap_open(struct sppp *sp)
4582 {
4583 if (sp->hisauth.proto == PPP_PAP &&
4584 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
4585 /* we are authenticator for PAP, start our timer */
4586 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
4587 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
4588 }
4589 if (sp->myauth.proto == PPP_PAP) {
4590 /* we are peer, send a request, and start a timer */
4591 pap.scr(sp);
4592 callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout,
4593 sppp_pap_my_TO, (void *)sp);
4594 }
4595 }
4596
4597 static void
4598 sppp_pap_close(struct sppp *sp)
4599 {
4600 if (sp->state[IDX_PAP] != STATE_CLOSED)
4601 sppp_cp_change_state(&pap, sp, STATE_CLOSED);
4602 }
4603
4604 /*
4605 * That's the timeout routine if we are authenticator. Since the
4606 * authenticator is basically passive in PAP, we can't do much here.
4607 */
4608 static void
4609 sppp_pap_TO(void *cookie)
4610 {
4611 struct sppp *sp = (struct sppp *)cookie;
4612 STDDCL;
4613 int s;
4614
4615 s = splimp();
4616 SPPP_LOCK(sp);
4617 if (debug)
4618 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n",
4619 SPP_ARGS(ifp),
4620 sppp_state_name(sp->state[IDX_PAP]),
4621 sp->rst_counter[IDX_PAP]);
4622
4623 if (--sp->rst_counter[IDX_PAP] < 0)
4624 /* TO- event */
4625 switch (sp->state[IDX_PAP]) {
4626 case STATE_REQ_SENT:
4627 pap.tld(sp);
4628 sppp_cp_change_state(&pap, sp, STATE_CLOSED);
4629 break;
4630 }
4631 else
4632 /* TO+ event, not very much we could do */
4633 switch (sp->state[IDX_PAP]) {
4634 case STATE_REQ_SENT:
4635 /* sppp_cp_change_state() will restart the timer */
4636 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
4637 break;
4638 }
4639
4640 SPPP_UNLOCK(sp);
4641 splx(s);
4642 }
4643
4644 /*
4645 * That's the timeout handler if we are peer. Since the peer is active,
4646 * we need to retransmit our PAP request since it is apparently lost.
4647 * XXX We should impose a max counter.
4648 */
4649 static void
4650 sppp_pap_my_TO(void *cookie)
4651 {
4652 struct sppp *sp = (struct sppp *)cookie;
4653 STDDCL;
4654
4655 if (debug)
4656 log(LOG_DEBUG, SPP_FMT "pap peer TO\n",
4657 SPP_ARGS(ifp));
4658
4659 SPPP_LOCK(sp);
4660 pap.scr(sp);
4661 SPPP_UNLOCK(sp);
4662 }
4663
4664 static void
4665 sppp_pap_tlu(struct sppp *sp)
4666 {
4667 STDDCL;
4668 int x;
4669
4670 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
4671
4672 if (debug)
4673 log(LOG_DEBUG, SPP_FMT "%s tlu\n",
4674 SPP_ARGS(ifp), pap.name);
4675
4676 x = splimp();
4677 SPPP_LOCK(sp);
4678 /* indicate to LCP that we need to be closed down */
4679 sp->lcp.protos |= (1 << IDX_PAP);
4680
4681 if (sp->pp_flags & PP_NEEDAUTH) {
4682 /*
4683 * Remote is authenticator, but his auth proto didn't
4684 * complete yet. Defer the transition to network
4685 * phase.
4686 */
4687 SPPP_UNLOCK(sp);
4688 splx(x);
4689 return;
4690 }
4691 SPPP_UNLOCK(sp);
4692 splx(x);
4693 sppp_phase_network(sp);
4694 }
4695
4696 static void
4697 sppp_pap_tld(struct sppp *sp)
4698 {
4699 STDDCL;
4700
4701 if (debug)
4702 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp));
4703 callout_stop (&sp->ch[IDX_PAP]);
4704 callout_stop (&sp->pap_my_to_ch);
4705 sp->lcp.protos &= ~(1 << IDX_PAP);
4706
4707 lcp.Close(sp);
4708 }
4709
4710 static void
4711 sppp_pap_scr(struct sppp *sp)
4712 {
4713 u_char idlen, pwdlen;
4714
4715 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP];
4716 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN);
4717 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN);
4718
4719 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP],
4720 sizeof idlen, (const char *)&idlen,
4721 (size_t)idlen, sp->myauth.name,
4722 sizeof pwdlen, (const char *)&pwdlen,
4723 (size_t)pwdlen, sp->myauth.secret,
4724 0);
4725 }
4726
4727 /*
4728 * Random miscellaneous functions.
4729 */
4730
4731 /*
4732 * Send a PAP or CHAP proto packet.
4733 *
4734 * Varadic function, each of the elements for the ellipsis is of type
4735 * ``size_t mlen, const u_char *msg''. Processing will stop iff
4736 * mlen == 0.
4737 * NOTE: never declare variadic functions with types subject to type
4738 * promotion (i.e. u_char). This is asking for big trouble depending
4739 * on the architecture you are on...
4740 */
4741
4742 static void
4743 sppp_auth_send(const struct cp *cp, struct sppp *sp,
4744 unsigned int type, unsigned int id,
4745 ...)
4746 {
4747 STDDCL;
4748 struct ppp_header *h;
4749 struct lcp_header *lh;
4750 struct mbuf *m;
4751 u_char *p;
4752 int len;
4753 unsigned int mlen;
4754 const char *msg;
4755 va_list ap;
4756
4757 MGETHDR (m, M_DONTWAIT, MT_DATA);
4758 if (! m)
4759 return;
4760 m->m_pkthdr.rcvif = 0;
4761
4762 h = mtod (m, struct ppp_header*);
4763 h->address = PPP_ALLSTATIONS; /* broadcast address */
4764 h->control = PPP_UI; /* Unnumbered Info */
4765 h->protocol = htons(cp->proto);
4766
4767 lh = (struct lcp_header*)(h + 1);
4768 lh->type = type;
4769 lh->ident = id;
4770 p = (u_char*) (lh+1);
4771
4772 va_start(ap, id);
4773 len = 0;
4774
4775 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) {
4776 msg = va_arg(ap, const char *);
4777 len += mlen;
4778 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) {
4779 va_end(ap);
4780 m_freem(m);
4781 return;
4782 }
4783
4784 bcopy(msg, p, mlen);
4785 p += mlen;
4786 }
4787 va_end(ap);
4788
4789 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len;
4790 lh->len = htons (LCP_HEADER_LEN + len);
4791
4792 if (debug) {
4793 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d",
4794 SPP_ARGS(ifp), cp->name,
4795 sppp_auth_type_name(cp->proto, lh->type),
4796 lh->ident, ntohs(lh->len));
4797 sppp_print_bytes((u_char*) (lh+1), len);
4798 log(-1, ">\n");
4799 }
4800 if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3))
4801 ifp->if_oerrors++;
4802 }
4803
4804 /*
4805 * Flush interface queue.
4806 */
4807 static void
4808 sppp_qflush(struct ifqueue *ifq)
4809 {
4810 struct mbuf *m, *n;
4811
4812 n = ifq->ifq_head;
4813 while ((m = n)) {
4814 n = m->m_act;
4815 m_freem (m);
4816 }
4817 ifq->ifq_head = 0;
4818 ifq->ifq_tail = 0;
4819 ifq->ifq_len = 0;
4820 }
4821
4822 /*
4823 * Send keepalive packets, every 10 seconds.
4824 */
4825 static void
4826 sppp_keepalive(void *dummy)
4827 {
4828 struct sppp *sp = (struct sppp*)dummy;
4829 struct ifnet *ifp = SP2IFP(sp);
4830 int s;
4831
4832 s = splimp();
4833 SPPP_LOCK(sp);
4834 /* Keepalive mode disabled or channel down? */
4835 if (! (sp->pp_flags & PP_KEEPALIVE) ||
4836 ! (ifp->if_drv_flags & IFF_DRV_RUNNING))
4837 goto out;
4838
4839 if (sp->pp_mode == PP_FR) {
4840 sppp_fr_keepalive (sp);
4841 goto out;
4842 }
4843
4844 /* No keepalive in PPP mode if LCP not opened yet. */
4845 if (sp->pp_mode != IFF_CISCO &&
4846 sp->pp_phase < PHASE_AUTHENTICATE)
4847 goto out;
4848
4849 if (sp->pp_alivecnt == MAXALIVECNT) {
4850 /* No keepalive packets got. Stop the interface. */
4851 printf (SPP_FMT "down\n", SPP_ARGS(ifp));
4852 if_down (ifp);
4853 sppp_qflush (&sp->pp_cpq);
4854 if (sp->pp_mode != IFF_CISCO) {
4855 /* XXX */
4856 /* Shut down the PPP link. */
4857 lcp.Down(sp);
4858 /* Initiate negotiation. XXX */
4859 lcp.Up(sp);
4860 }
4861 }
4862 if (sp->pp_alivecnt <= MAXALIVECNT)
4863 ++sp->pp_alivecnt;
4864 if (sp->pp_mode == IFF_CISCO)
4865 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ,
4866 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]);
4867 else if (sp->pp_phase >= PHASE_AUTHENTICATE) {
4868 long nmagic = htonl (sp->lcp.magic);
4869 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP];
4870 sppp_cp_send (sp, PPP_LCP, ECHO_REQ,
4871 sp->lcp.echoid, 4, &nmagic);
4872 }
4873 out:
4874 SPPP_UNLOCK(sp);
4875 splx(s);
4876 callout_reset(&sp->keepalive_callout, hz * 10, sppp_keepalive,
4877 (void *)sp);
4878 }
4879
4880 /*
4881 * Get both IP addresses.
4882 */
4883 void
4884 sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask)
4885 {
4886 struct ifnet *ifp = SP2IFP(sp);
4887 struct ifaddr *ifa;
4888 struct sockaddr_in *si, *sm;
4889 u_long ssrc, ddst;
4890
4891 sm = NULL;
4892 ssrc = ddst = 0L;
4893 /*
4894 * Pick the first AF_INET address from the list,
4895 * aliases don't make any sense on a p2p link anyway.
4896 */
4897 si = 0;
4898 #if defined(__FreeBSD__) && __FreeBSD__ >= 3
4899 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link)
4900 #elif defined(__NetBSD__) || defined (__OpenBSD__)
4901 for (ifa = TAILQ_FIRST(&ifp->if_addrlist);
4902 ifa;
4903 ifa = TAILQ_NEXT(ifa, ifa_list))
4904 #else
4905 for (ifa = ifp->if_addrlist;
4906 ifa;
4907 ifa = ifa->ifa_next)
4908 #endif
4909 if (ifa->ifa_addr->sa_family == AF_INET) {
4910 si = (struct sockaddr_in *)ifa->ifa_addr;
4911 sm = (struct sockaddr_in *)ifa->ifa_netmask;
4912 if (si)
4913 break;
4914 }
4915 if (ifa) {
4916 if (si && si->sin_addr.s_addr) {
4917 ssrc = si->sin_addr.s_addr;
4918 if (srcmask)
4919 *srcmask = ntohl(sm->sin_addr.s_addr);
4920 }
4921
4922 si = (struct sockaddr_in *)ifa->ifa_dstaddr;
4923 if (si && si->sin_addr.s_addr)
4924 ddst = si->sin_addr.s_addr;
4925 }
4926
4927 if (dst) *dst = ntohl(ddst);
4928 if (src) *src = ntohl(ssrc);
4929 }
4930
4931 /*
4932 * Set my IP address. Must be called at splimp.
4933 */
4934 static void
4935 sppp_set_ip_addr(struct sppp *sp, u_long src)
4936 {
4937 STDDCL;
4938 struct ifaddr *ifa;
4939 struct sockaddr_in *si;
4940 struct in_ifaddr *ia;
4941
4942 /*
4943 * Pick the first AF_INET address from the list,
4944 * aliases don't make any sense on a p2p link anyway.
4945 */
4946 si = 0;
4947 #if defined(__FreeBSD__) && __FreeBSD__ >= 3
4948 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link)
4949 #elif defined(__NetBSD__) || defined (__OpenBSD__)
4950 for (ifa = TAILQ_FIRST(&ifp->if_addrlist);
4951 ifa;
4952 ifa = TAILQ_NEXT(ifa, ifa_list))
4953 #else
4954 for (ifa = ifp->if_addrlist;
4955 ifa;
4956 ifa = ifa->ifa_next)
4957 #endif
4958 {
4959 if (ifa->ifa_addr->sa_family == AF_INET)
4960 {
4961 si = (struct sockaddr_in *)ifa->ifa_addr;
4962 if (si)
4963 break;
4964 }
4965 }
4966
4967 if (ifa && si)
4968 {
4969 int error;
4970 #if __NetBSD_Version__ >= 103080000
4971 struct sockaddr_in new_sin = *si;
4972
4973 new_sin.sin_addr.s_addr = htonl(src);
4974 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1);
4975 if(debug && error)
4976 {
4977 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit "
4978 " failed, error=%d\n", SPP_ARGS(ifp), error);
4979 }
4980 #else
4981 /* delete old route */
4982 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST);
4983 if(debug && error)
4984 {
4985 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n",
4986 SPP_ARGS(ifp), error);
4987 }
4988
4989 /* set new address */
4990 si->sin_addr.s_addr = htonl(src);
4991 ia = ifatoia(ifa);
4992 LIST_REMOVE(ia, ia_hash);
4993 LIST_INSERT_HEAD(INADDR_HASH(si->sin_addr.s_addr), ia, ia_hash);
4994
4995 /* add new route */
4996 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST);
4997 if (debug && error)
4998 {
4999 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d",
5000 SPP_ARGS(ifp), error);
5001 }
5002 #endif
5003 }
5004 }
5005
5006 #ifdef INET6
5007 /*
5008 * Get both IPv6 addresses.
5009 */
5010 static void
5011 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst,
5012 struct in6_addr *srcmask)
5013 {
5014 struct ifnet *ifp = SP2IFP(sp);
5015 struct ifaddr *ifa;
5016 struct sockaddr_in6 *si, *sm;
5017 struct in6_addr ssrc, ddst;
5018
5019 sm = NULL;
5020 bzero(&ssrc, sizeof(ssrc));
5021 bzero(&ddst, sizeof(ddst));
5022 /*
5023 * Pick the first link-local AF_INET6 address from the list,
5024 * aliases don't make any sense on a p2p link anyway.
5025 */
5026 #if defined(__FreeBSD__) && __FreeBSD__ >= 3
5027 for (ifa = ifp->if_addrhead.tqh_first, si = 0;
5028 ifa;
5029 ifa = ifa->ifa_link.tqe_next)
5030 #elif defined(__NetBSD__) || defined (__OpenBSD__)
5031 for (ifa = ifp->if_addrlist.tqh_first, si = 0;
5032 ifa;
5033 ifa = ifa->ifa_list.tqe_next)
5034 #else
5035 for (ifa = ifp->if_addrlist, si = 0;
5036 ifa;
5037 ifa = ifa->ifa_next)
5038 #endif
5039 if (ifa->ifa_addr->sa_family == AF_INET6) {
5040 si = (struct sockaddr_in6 *)ifa->ifa_addr;
5041 sm = (struct sockaddr_in6 *)ifa->ifa_netmask;
5042 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr))
5043 break;
5044 }
5045 if (ifa) {
5046 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) {
5047 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc));
5048 if (srcmask) {
5049 bcopy(&sm->sin6_addr, srcmask,
5050 sizeof(*srcmask));
5051 }
5052 }
5053
5054 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr;
5055 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr))
5056 bcopy(&si->sin6_addr, &ddst, sizeof(ddst));
5057 }
5058
5059 if (dst)
5060 bcopy(&ddst, dst, sizeof(*dst));
5061 if (src)
5062 bcopy(&ssrc, src, sizeof(*src));
5063 }
5064
5065 #ifdef IPV6CP_MYIFID_DYN
5066 /*
5067 * Generate random ifid.
5068 */
5069 static void
5070 sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr)
5071 {
5072 /* TBD */
5073 }
5074
5075 /*
5076 * Set my IPv6 address. Must be called at splimp.
5077 */
5078 static void
5079 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src)
5080 {
5081 STDDCL;
5082 struct ifaddr *ifa;
5083 struct sockaddr_in6 *sin6;
5084
5085 /*
5086 * Pick the first link-local AF_INET6 address from the list,
5087 * aliases don't make any sense on a p2p link anyway.
5088 */
5089
5090 sin6 = NULL;
5091 #if defined(__FreeBSD__) && __FreeBSD__ >= 3
5092 for (ifa = ifp->if_addrhead.tqh_first;
5093 ifa;
5094 ifa = ifa->ifa_link.tqe_next)
5095 #elif defined(__NetBSD__) || defined (__OpenBSD__)
5096 for (ifa = ifp->if_addrlist.tqh_first;
5097 ifa;
5098 ifa = ifa->ifa_list.tqe_next)
5099 #else
5100 for (ifa = ifp->if_addrlist; ifa; ifa = ifa->ifa_next)
5101 #endif
5102 {
5103 if (ifa->ifa_addr->sa_family == AF_INET6)
5104 {
5105 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr;
5106 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))
5107 break;
5108 }
5109 }
5110
5111 if (ifa && sin6)
5112 {
5113 int error;
5114 struct sockaddr_in6 new_sin6 = *sin6;
5115
5116 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr));
5117 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1);
5118 if (debug && error)
5119 {
5120 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit "
5121 " failed, error=%d\n", SPP_ARGS(ifp), error);
5122 }
5123 }
5124 }
5125 #endif
5126
5127 /*
5128 * Suggest a candidate address to be used by peer.
5129 */
5130 static void
5131 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest)
5132 {
5133 struct in6_addr myaddr;
5134 struct timeval tv;
5135
5136 sppp_get_ip6_addrs(sp, &myaddr, 0, 0);
5137
5138 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */
5139 microtime(&tv);
5140 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) {
5141 myaddr.s6_addr[14] ^= 0xff;
5142 myaddr.s6_addr[15] ^= 0xff;
5143 } else {
5144 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff);
5145 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff);
5146 }
5147 if (suggest)
5148 bcopy(&myaddr, suggest, sizeof(myaddr));
5149 }
5150 #endif /*INET6*/
5151
5152 static int
5153 sppp_params(struct sppp *sp, u_long cmd, void *data)
5154 {
5155 u_long subcmd;
5156 struct ifreq *ifr = (struct ifreq *)data;
5157 struct spppreq *spr;
5158 int rv = 0;
5159
5160 if ((spr = malloc(sizeof(struct spppreq), M_TEMP, M_NOWAIT)) == 0)
5161 return (EAGAIN);
5162 /*
5163 * ifr->ifr_data is supposed to point to a struct spppreq.
5164 * Check the cmd word first before attempting to fetch all the
5165 * data.
5166 */
5167 if ((subcmd = fuword(ifr->ifr_data)) == -1) {
5168 rv = EFAULT;
5169 goto quit;
5170 }
5171
5172 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(struct spppreq)) != 0) {
5173 rv = EFAULT;
5174 goto quit;
5175 }
5176
5177 switch (subcmd) {
5178 case (int)SPPPIOGDEFS:
5179 if (cmd != SIOCGIFGENERIC) {
5180 rv = EINVAL;
5181 break;
5182 }
5183 /*
5184 * We copy over the entire current state, but clean
5185 * out some of the stuff we don't wanna pass up.
5186 * Remember, SIOCGIFGENERIC is unprotected, and can be
5187 * called by any user. No need to ever get PAP or
5188 * CHAP secrets back to userland anyway.
5189 */
5190 spr->defs.pp_phase = sp->pp_phase;
5191 spr->defs.enable_vj = (sp->confflags & CONF_ENABLE_VJ) != 0;
5192 spr->defs.enable_ipv6 = (sp->confflags & CONF_ENABLE_IPV6) != 0;
5193 spr->defs.lcp = sp->lcp;
5194 spr->defs.ipcp = sp->ipcp;
5195 spr->defs.ipv6cp = sp->ipv6cp;
5196 spr->defs.myauth = sp->myauth;
5197 spr->defs.hisauth = sp->hisauth;
5198 bzero(spr->defs.myauth.secret, AUTHKEYLEN);
5199 bzero(spr->defs.myauth.challenge, AUTHKEYLEN);
5200 bzero(spr->defs.hisauth.secret, AUTHKEYLEN);
5201 bzero(spr->defs.hisauth.challenge, AUTHKEYLEN);
5202 /*
5203 * Fixup the LCP timeout value to milliseconds so
5204 * spppcontrol doesn't need to bother about the value
5205 * of "hz". We do the reverse calculation below when
5206 * setting it.
5207 */
5208 spr->defs.lcp.timeout = sp->lcp.timeout * 1000 / hz;
5209 rv = copyout(spr, (caddr_t)ifr->ifr_data,
5210 sizeof(struct spppreq));
5211 break;
5212
5213 case (int)SPPPIOSDEFS:
5214 if (cmd != SIOCSIFGENERIC) {
5215 rv = EINVAL;
5216 break;
5217 }
5218 /*
5219 * We have a very specific idea of which fields we
5220 * allow being passed back from userland, so to not
5221 * clobber our current state. For one, we only allow
5222 * setting anything if LCP is in dead or establish
5223 * phase. Once the authentication negotiations
5224 * started, the authentication settings must not be
5225 * changed again. (The administrator can force an
5226 * ifconfig down in order to get LCP back into dead
5227 * phase.)
5228 *
5229 * Also, we only allow for authentication parameters to be
5230 * specified.
5231 *
5232 * XXX Should allow to set or clear pp_flags.
5233 *
5234 * Finally, if the respective authentication protocol to
5235 * be used is set differently than 0, but the secret is
5236 * passed as all zeros, we don't trash the existing secret.
5237 * This allows an administrator to change the system name
5238 * only without clobbering the secret (which he didn't get
5239 * back in a previous SPPPIOGDEFS call). However, the
5240 * secrets are cleared if the authentication protocol is
5241 * reset to 0. */
5242 if (sp->pp_phase != PHASE_DEAD &&
5243 sp->pp_phase != PHASE_ESTABLISH) {
5244 rv = EBUSY;
5245 break;
5246 }
5247
5248 if ((spr->defs.myauth.proto != 0 && spr->defs.myauth.proto != PPP_PAP &&
5249 spr->defs.myauth.proto != PPP_CHAP) ||
5250 (spr->defs.hisauth.proto != 0 && spr->defs.hisauth.proto != PPP_PAP &&
5251 spr->defs.hisauth.proto != PPP_CHAP)) {
5252 rv = EINVAL;
5253 break;
5254 }
5255
5256 if (spr->defs.myauth.proto == 0)
5257 /* resetting myauth */
5258 bzero(&sp->myauth, sizeof sp->myauth);
5259 else {
5260 /* setting/changing myauth */
5261 sp->myauth.proto = spr->defs.myauth.proto;
5262 bcopy(spr->defs.myauth.name, sp->myauth.name, AUTHNAMELEN);
5263 if (spr->defs.myauth.secret[0] != '\0')
5264 bcopy(spr->defs.myauth.secret, sp->myauth.secret,
5265 AUTHKEYLEN);
5266 }
5267 if (spr->defs.hisauth.proto == 0)
5268 /* resetting hisauth */
5269 bzero(&sp->hisauth, sizeof sp->hisauth);
5270 else {
5271 /* setting/changing hisauth */
5272 sp->hisauth.proto = spr->defs.hisauth.proto;
5273 sp->hisauth.flags = spr->defs.hisauth.flags;
5274 bcopy(spr->defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN);
5275 if (spr->defs.hisauth.secret[0] != '\0')
5276 bcopy(spr->defs.hisauth.secret, sp->hisauth.secret,
5277 AUTHKEYLEN);
5278 }
5279 /* set LCP restart timer timeout */
5280 if (spr->defs.lcp.timeout != 0)
5281 sp->lcp.timeout = spr->defs.lcp.timeout * hz / 1000;
5282 /* set VJ enable and IPv6 disable flags */
5283 #ifdef INET
5284 if (spr->defs.enable_vj)
5285 sp->confflags |= CONF_ENABLE_VJ;
5286 else
5287 sp->confflags &= ~CONF_ENABLE_VJ;
5288 #endif
5289 #ifdef INET6
5290 if (spr->defs.enable_ipv6)
5291 sp->confflags |= CONF_ENABLE_IPV6;
5292 else
5293 sp->confflags &= ~CONF_ENABLE_IPV6;
5294 #endif
5295 break;
5296
5297 default:
5298 rv = EINVAL;
5299 }
5300
5301 quit:
5302 free(spr, M_TEMP);
5303
5304 return (rv);
5305 }
5306
5307 static void
5308 sppp_phase_network(struct sppp *sp)
5309 {
5310 STDDCL;
5311 int i;
5312 u_long mask;
5313
5314 sp->pp_phase = PHASE_NETWORK;
5315
5316 if (debug)
5317 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
5318 sppp_phase_name(sp->pp_phase));
5319
5320 /* Notify NCPs now. */
5321 for (i = 0; i < IDX_COUNT; i++)
5322 if ((cps[i])->flags & CP_NCP)
5323 (cps[i])->Open(sp);
5324
5325 /* Send Up events to all NCPs. */
5326 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
5327 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP))
5328 (cps[i])->Up(sp);
5329
5330 /* if no NCP is starting, all this was in vain, close down */
5331 sppp_lcp_check_and_close(sp);
5332 }
5333
5334
5335 static const char *
5336 sppp_cp_type_name(u_char type)
5337 {
5338 static char buf[12];
5339 switch (type) {
5340 case CONF_REQ: return "conf-req";
5341 case CONF_ACK: return "conf-ack";
5342 case CONF_NAK: return "conf-nak";
5343 case CONF_REJ: return "conf-rej";
5344 case TERM_REQ: return "term-req";
5345 case TERM_ACK: return "term-ack";
5346 case CODE_REJ: return "code-rej";
5347 case PROTO_REJ: return "proto-rej";
5348 case ECHO_REQ: return "echo-req";
5349 case ECHO_REPLY: return "echo-reply";
5350 case DISC_REQ: return "discard-req";
5351 }
5352 snprintf (buf, sizeof(buf), "cp/0x%x", type);
5353 return buf;
5354 }
5355
5356 static const char *
5357 sppp_auth_type_name(u_short proto, u_char type)
5358 {
5359 static char buf[12];
5360 switch (proto) {
5361 case PPP_CHAP:
5362 switch (type) {
5363 case CHAP_CHALLENGE: return "challenge";
5364 case CHAP_RESPONSE: return "response";
5365 case CHAP_SUCCESS: return "success";
5366 case CHAP_FAILURE: return "failure";
5367 }
5368 case PPP_PAP:
5369 switch (type) {
5370 case PAP_REQ: return "req";
5371 case PAP_ACK: return "ack";
5372 case PAP_NAK: return "nak";
5373 }
5374 }
5375 snprintf (buf, sizeof(buf), "auth/0x%x", type);
5376 return buf;
5377 }
5378
5379 static const char *
5380 sppp_lcp_opt_name(u_char opt)
5381 {
5382 static char buf[12];
5383 switch (opt) {
5384 case LCP_OPT_MRU: return "mru";
5385 case LCP_OPT_ASYNC_MAP: return "async-map";
5386 case LCP_OPT_AUTH_PROTO: return "auth-proto";
5387 case LCP_OPT_QUAL_PROTO: return "qual-proto";
5388 case LCP_OPT_MAGIC: return "magic";
5389 case LCP_OPT_PROTO_COMP: return "proto-comp";
5390 case LCP_OPT_ADDR_COMP: return "addr-comp";
5391 }
5392 snprintf (buf, sizeof(buf), "lcp/0x%x", opt);
5393 return buf;
5394 }
5395
5396 static const char *
5397 sppp_ipcp_opt_name(u_char opt)
5398 {
5399 static char buf[12];
5400 switch (opt) {
5401 case IPCP_OPT_ADDRESSES: return "addresses";
5402 case IPCP_OPT_COMPRESSION: return "compression";
5403 case IPCP_OPT_ADDRESS: return "address";
5404 }
5405 snprintf (buf, sizeof(buf), "ipcp/0x%x", opt);
5406 return buf;
5407 }
5408
5409 #ifdef INET6
5410 static const char *
5411 sppp_ipv6cp_opt_name(u_char opt)
5412 {
5413 static char buf[12];
5414 switch (opt) {
5415 case IPV6CP_OPT_IFID: return "ifid";
5416 case IPV6CP_OPT_COMPRESSION: return "compression";
5417 }
5418 sprintf (buf, "0x%x", opt);
5419 return buf;
5420 }
5421 #endif
5422
5423 static const char *
5424 sppp_state_name(int state)
5425 {
5426 switch (state) {
5427 case STATE_INITIAL: return "initial";
5428 case STATE_STARTING: return "starting";
5429 case STATE_CLOSED: return "closed";
5430 case STATE_STOPPED: return "stopped";
5431 case STATE_CLOSING: return "closing";
5432 case STATE_STOPPING: return "stopping";
5433 case STATE_REQ_SENT: return "req-sent";
5434 case STATE_ACK_RCVD: return "ack-rcvd";
5435 case STATE_ACK_SENT: return "ack-sent";
5436 case STATE_OPENED: return "opened";
5437 }
5438 return "illegal";
5439 }
5440
5441 static const char *
5442 sppp_phase_name(enum ppp_phase phase)
5443 {
5444 switch (phase) {
5445 case PHASE_DEAD: return "dead";
5446 case PHASE_ESTABLISH: return "establish";
5447 case PHASE_TERMINATE: return "terminate";
5448 case PHASE_AUTHENTICATE: return "authenticate";
5449 case PHASE_NETWORK: return "network";
5450 }
5451 return "illegal";
5452 }
5453
5454 static const char *
5455 sppp_proto_name(u_short proto)
5456 {
5457 static char buf[12];
5458 switch (proto) {
5459 case PPP_LCP: return "lcp";
5460 case PPP_IPCP: return "ipcp";
5461 case PPP_PAP: return "pap";
5462 case PPP_CHAP: return "chap";
5463 case PPP_IPV6CP: return "ipv6cp";
5464 }
5465 snprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto);
5466 return buf;
5467 }
5468
5469 static void
5470 sppp_print_bytes(const u_char *p, u_short len)
5471 {
5472 if (len)
5473 log(-1, " %*D", len, p, "-");
5474 }
5475
5476 static void
5477 sppp_print_string(const char *p, u_short len)
5478 {
5479 u_char c;
5480
5481 while (len-- > 0) {
5482 c = *p++;
5483 /*
5484 * Print only ASCII chars directly. RFC 1994 recommends
5485 * using only them, but we don't rely on it. */
5486 if (c < ' ' || c > '~')
5487 log(-1, "\\x%x", c);
5488 else
5489 log(-1, "%c", c);
5490 }
5491 }
5492
5493 static const char *
5494 sppp_dotted_quad(u_long addr)
5495 {
5496 static char s[16];
5497 sprintf(s, "%d.%d.%d.%d",
5498 (int)((addr >> 24) & 0xff),
5499 (int)((addr >> 16) & 0xff),
5500 (int)((addr >> 8) & 0xff),
5501 (int)(addr & 0xff));
5502 return s;
5503 }
5504
5505 static int
5506 sppp_strnlen(u_char *p, int max)
5507 {
5508 int len;
5509
5510 for (len = 0; len < max && *p; ++p)
5511 ++len;
5512 return len;
5513 }
5514
5515 /* a dummy, used to drop uninteresting events */
5516 static void
5517 sppp_null(struct sppp *unused)
5518 {
5519 /* do just nothing */
5520 }
Cache object: 1598f1ca6e7ab67eed82a610f1fd5036
|