FreeBSD/Linux Kernel Cross Reference
sys/net/if_spppsubr.c
1 /* $NetBSD: if_spppsubr.c,v 1.266 2022/09/03 02:47:59 thorpej Exp $ */
2
3 /*
4 * Synchronous PPP/Cisco link level subroutines.
5 * Keepalive protocol implemented in both Cisco and PPP modes.
6 *
7 * Copyright (C) 1994-1996 Cronyx Engineering Ltd.
8 * Author: Serge Vakulenko, <vak@cronyx.ru>
9 *
10 * Heavily revamped to conform to RFC 1661.
11 * Copyright (C) 1997, Joerg Wunsch.
12 *
13 * RFC2472 IPv6CP support.
14 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun@iijlab.net>.
15 *
16 * Redistribution and use in source and binary forms, with or without
17 * modification, are permitted provided that the following conditions are met:
18 * 1. Redistributions of source code must retain the above copyright notice,
19 * this list of conditions and the following disclaimer.
20 * 2. Redistributions in binary form must reproduce the above copyright notice,
21 * this list of conditions and the following disclaimer in the documentation
22 * and/or other materials provided with the distribution.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY
25 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE
28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
32 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
34 * POSSIBILITY OF SUCH DAMAGE.
35 *
36 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997
37 *
38 * From: if_spppsubr.c,v 1.39 1998/04/04 13:26:03 phk Exp
39 *
40 * From: Id: if_spppsubr.c,v 1.23 1999/02/23 14:47:50 hm Exp
41 */
42
43 #include <sys/cdefs.h>
44 __KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.266 2022/09/03 02:47:59 thorpej Exp $");
45
46 #if defined(_KERNEL_OPT)
47 #include "opt_inet.h"
48 #include "opt_modular.h"
49 #include "opt_compat_netbsd.h"
50 #include "opt_net_mpsafe.h"
51 #include "opt_sppp.h"
52 #endif
53
54 #include <sys/param.h>
55 #include <sys/proc.h>
56 #include <sys/systm.h>
57 #include <sys/kernel.h>
58 #include <sys/sockio.h>
59 #include <sys/socket.h>
60 #include <sys/syslog.h>
61 #include <sys/malloc.h>
62 #include <sys/mbuf.h>
63 #include <sys/callout.h>
64 #include <sys/md5.h>
65 #include <sys/inttypes.h>
66 #include <sys/kauth.h>
67 #include <sys/cprng.h>
68 #include <sys/module.h>
69 #include <sys/workqueue.h>
70 #include <sys/atomic.h>
71 #include <sys/compat_stub.h>
72 #include <sys/cpu.h>
73
74 #include <net/if.h>
75 #include <net/if_types.h>
76 #include <net/route.h>
77 #include <net/ppp_defs.h>
78
79 #include <netinet/in.h>
80 #include <netinet/in_systm.h>
81 #include <netinet/in_var.h>
82 #ifdef INET
83 #include <netinet/ip.h>
84 #include <netinet/tcp.h>
85 #endif
86 #include <net/ethertypes.h>
87
88 #ifdef INET6
89 #include <netinet6/scope6_var.h>
90 #endif
91
92 #include <net/if_sppp.h>
93 #include <net/if_spppvar.h>
94
95 #ifdef NET_MPSAFE
96 #define SPPPSUBR_MPSAFE 1
97 #endif
98
99 #define DEFAULT_KEEPALIVE_INTERVAL 10 /* seconds between checks */
100 #define DEFAULT_ALIVE_INTERVAL 1 /* count of sppp_keepalive */
101 #define LOOPALIVECNT 3 /* loopback detection tries */
102 #define DEFAULT_MAXALIVECNT 3 /* max. missed alive packets */
103 #define DEFAULT_NORECV_TIME 15 /* before we get worried */
104 #define DEFAULT_MAX_AUTH_FAILURES 5 /* max. auth. failures */
105
106 #ifndef SPPP_KEEPALIVE_INTERVAL
107 #define SPPP_KEEPALIVE_INTERVAL DEFAULT_KEEPALIVE_INTERVAL
108 #endif
109
110 #ifndef SPPP_NORECV_TIME
111 #define SPPP_NORECV_TIME DEFAULT_NORECV_TIME
112 #endif
113
114 #ifndef SPPP_ALIVE_INTERVAL
115 #define SPPP_ALIVE_INTERVAL DEFAULT_ALIVE_INTERVAL
116 #endif
117
118 #define SPPP_CPTYPE_NAMELEN 5 /* buf size of cp type name */
119 #define SPPP_AUTHTYPE_NAMELEN 32 /* buf size of auth type name */
120 #define SPPP_LCPOPT_NAMELEN 5 /* buf size of lcp option name */
121 #define SPPP_IPCPOPT_NAMELEN 5 /* buf size of ipcp option name */
122 #define SPPP_IPV6CPOPT_NAMELEN 5 /* buf size of ipv6cp option name */
123 #define SPPP_PROTO_NAMELEN 7 /* buf size of protocol name */
124 #define SPPP_DOTQUAD_BUFLEN 16 /* length of "aa.bb.cc.dd" */
125
126 /*
127 * Interface flags that can be set in an ifconfig command.
128 *
129 * Setting link0 will make the link passive, i.e. it will be marked
130 * as being administrative openable, but won't be opened to begin
131 * with. Incoming calls will be answered, or subsequent calls with
132 * -link1 will cause the administrative open of the LCP layer.
133 *
134 * Setting link1 will cause the link to auto-dial only as packets
135 * arrive to be sent.
136 *
137 * Setting IFF_DEBUG will syslog the option negotiation and state
138 * transitions at level kern.debug. Note: all logs consistently look
139 * like
140 *
141 * <if-name><unit>: <proto-name> <additional info...>
142 *
143 * with <if-name><unit> being something like "bppp0", and <proto-name>
144 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc.
145 */
146
147 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */
148 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */
149
150 #define CONF_REQ 1 /* PPP configure request */
151 #define CONF_ACK 2 /* PPP configure acknowledge */
152 #define CONF_NAK 3 /* PPP configure negative ack */
153 #define CONF_REJ 4 /* PPP configure reject */
154 #define TERM_REQ 5 /* PPP terminate request */
155 #define TERM_ACK 6 /* PPP terminate acknowledge */
156 #define CODE_REJ 7 /* PPP code reject */
157 #define PROTO_REJ 8 /* PPP protocol reject */
158 #define ECHO_REQ 9 /* PPP echo request */
159 #define ECHO_REPLY 10 /* PPP echo reply */
160 #define DISC_REQ 11 /* PPP discard request */
161
162 #define LCP_OPT_MRU 1 /* maximum receive unit */
163 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */
164 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */
165 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */
166 #define LCP_OPT_MAGIC 5 /* magic number */
167 #define LCP_OPT_RESERVED 6 /* reserved */
168 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */
169 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */
170 #define LCP_OPT_FCS_ALTS 9 /* FCS alternatives */
171 #define LCP_OPT_SELF_DESC_PAD 10 /* self-describing padding */
172 #define LCP_OPT_CALL_BACK 13 /* callback */
173 #define LCP_OPT_COMPOUND_FRMS 15 /* compound frames */
174 #define LCP_OPT_MP_MRRU 17 /* multilink MRRU */
175 #define LCP_OPT_MP_SSNHF 18 /* multilink short seq. numbers */
176 #define LCP_OPT_MP_EID 19 /* multilink endpoint discriminator */
177
178 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */
179 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol */
180 #define IPCP_OPT_ADDRESS 3 /* local IP address */
181 #define IPCP_OPT_PRIMDNS 129 /* primary remote dns address */
182 #define IPCP_OPT_SECDNS 131 /* secondary remote dns address */
183
184 #define IPCP_UPDATE_LIMIT 8 /* limit of pending IP updating job */
185 #define IPCP_SET_ADDRS 1 /* marker for IP address setting job */
186 #define IPCP_CLEAR_ADDRS 2 /* marker for IP address clearing job */
187
188 #define IPV6CP_OPT_IFID 1 /* interface identifier */
189 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */
190
191 #define PAP_REQ 1 /* PAP name/password request */
192 #define PAP_ACK 2 /* PAP acknowledge */
193 #define PAP_NAK 3 /* PAP fail */
194
195 #define CHAP_CHALLENGE 1 /* CHAP challenge request */
196 #define CHAP_RESPONSE 2 /* CHAP challenge response */
197 #define CHAP_SUCCESS 3 /* CHAP response ok */
198 #define CHAP_FAILURE 4 /* CHAP response failed */
199
200 #define CHAP_MD5 5 /* hash algorithm - MD5 */
201
202 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */
203 #define CISCO_UNICAST 0x0f /* Cisco unicast address */
204 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */
205 #define CISCO_ADDR_REQ 0 /* Cisco address request */
206 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */
207 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */
208
209 #define PPP_NOPROTO 0 /* no authentication protocol */
210
211 enum {
212 STATE_INITIAL = SPPP_STATE_INITIAL,
213 STATE_STARTING = SPPP_STATE_STARTING,
214 STATE_CLOSED = SPPP_STATE_CLOSED,
215 STATE_STOPPED = SPPP_STATE_STOPPED,
216 STATE_CLOSING = SPPP_STATE_CLOSING,
217 STATE_STOPPING = SPPP_STATE_STOPPING,
218 STATE_REQ_SENT = SPPP_STATE_REQ_SENT,
219 STATE_ACK_RCVD = SPPP_STATE_ACK_RCVD,
220 STATE_ACK_SENT = SPPP_STATE_ACK_SENT,
221 STATE_OPENED = SPPP_STATE_OPENED,
222 };
223
224 enum cp_rcr_type {
225 CP_RCR_NONE = 0, /* initial value */
226 CP_RCR_ACK, /* RCR+ */
227 CP_RCR_NAK, /* RCR- */
228 CP_RCR_REJ, /* RCR- */
229 CP_RCR_DROP, /* DROP message */
230 CP_RCR_ERR, /* internal error */
231 };
232
233 struct ppp_header {
234 uint8_t address;
235 uint8_t control;
236 uint16_t protocol;
237 } __packed;
238 #define PPP_HEADER_LEN sizeof (struct ppp_header)
239
240 struct lcp_header {
241 uint8_t type;
242 uint8_t ident;
243 uint16_t len;
244 } __packed;
245 #define LCP_HEADER_LEN sizeof (struct lcp_header)
246
247 struct cisco_packet {
248 uint32_t type;
249 uint32_t par1;
250 uint32_t par2;
251 uint16_t rel;
252 uint16_t time0;
253 uint16_t time1;
254 } __packed;
255 #define CISCO_PACKET_LEN 18
256
257 /*
258 * We follow the spelling and capitalization of RFC 1661 here, to make
259 * it easier comparing with the standard. Please refer to this RFC in
260 * case you can't make sense out of these abbreviation; it will also
261 * explain the semantics related to the various events and actions.
262 */
263 struct cp {
264 u_short proto; /* PPP control protocol number */
265 u_char protoidx; /* index into state table in struct sppp */
266 u_char flags;
267 #define CP_LCP 0x01 /* this is the LCP */
268 #define CP_AUTH 0x02 /* this is an authentication protocol */
269 #define CP_NCP 0x04 /* this is a NCP */
270 #define CP_QUAL 0x08 /* this is a quality reporting protocol */
271 const char *name; /* name of this control protocol */
272 /* event handlers */
273 void (*Up)(struct sppp *, void *);
274 void (*Down)(struct sppp *, void *);
275 void (*Open)(struct sppp *, void *);
276 void (*Close)(struct sppp *, void *);
277 void (*TO)(struct sppp *, void *);
278 /* actions */
279 void (*tlu)(struct sppp *);
280 void (*tld)(struct sppp *);
281 void (*tls)(const struct cp *, struct sppp *);
282 void (*tlf)(const struct cp *, struct sppp *);
283 void (*scr)(struct sppp *);
284 void (*screply)(const struct cp *, struct sppp *, u_char,
285 uint8_t, size_t, void *);
286
287 /* message parser */
288 enum cp_rcr_type
289 (*parse_confreq)(struct sppp *, struct lcp_header *, int,
290 uint8_t **, size_t *, size_t *);
291 void (*parse_confrej)(struct sppp *, struct lcp_header *, int);
292 void (*parse_confnak)(struct sppp *, struct lcp_header *, int);
293 };
294
295 enum auth_role {
296 SPPP_AUTH_NOROLE = 0,
297 SPPP_AUTH_SERV = __BIT(0),
298 SPPP_AUTH_PEER = __BIT(1),
299 };
300
301 static struct sppp *spppq;
302 static kmutex_t *spppq_lock = NULL;
303 static callout_t keepalive_ch;
304 static unsigned int sppp_keepalive_cnt = 0;
305
306 pktq_rps_hash_func_t sppp_pktq_rps_hash_p;
307
308 #define SPPPQ_LOCK() if (spppq_lock) \
309 mutex_enter(spppq_lock);
310 #define SPPPQ_UNLOCK() if (spppq_lock) \
311 mutex_exit(spppq_lock);
312
313 #define SPPP_LOCK(_sp, _op) rw_enter(&(_sp)->pp_lock, (_op))
314 #define SPPP_UNLOCK(_sp) rw_exit(&(_sp)->pp_lock)
315 #define SPPP_WLOCKED(_sp) rw_write_held(&(_sp)->pp_lock)
316 #define SPPP_UPGRADE(_sp) do{ \
317 SPPP_UNLOCK(_sp); \
318 SPPP_LOCK(_sp, RW_WRITER); \
319 }while (0)
320 #define SPPP_DOWNGRADE(_sp) rw_downgrade(&(_sp)->pp_lock)
321 #define SPPP_WQ_SET(_wk, _func, _arg) \
322 sppp_wq_set((_wk), (_func), __UNCONST((_arg)))
323 #define SPPP_LOG(_sp, _lvl, _fmt, _args...) do { \
324 if (__predict_true((_sp) != NULL)) { \
325 log((_lvl), "%s: ", (_sp)->pp_if.if_xname); \
326 } \
327 addlog((_fmt), ##_args); \
328 } while (0)
329 #define SPPP_DLOG(_sp, _fmt, _args...) do { \
330 if (!sppp_debug_enabled(_sp)) \
331 break; \
332 SPPP_LOG(_sp, LOG_DEBUG, _fmt, ##_args); \
333 } while (0)
334
335 #ifdef INET
336 #ifndef SPPPSUBR_MPSAFE
337 /*
338 * The following disgusting hack gets around the problem that IP TOS
339 * can't be set yet. We want to put "interactive" traffic on a high
340 * priority queue. To decide if traffic is interactive, we check that
341 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control.
342 *
343 * XXX is this really still necessary? - joerg -
344 */
345 static u_short interactive_ports[8] = {
346 0, 513, 0, 0,
347 0, 21, 0, 23,
348 };
349 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p))
350 #endif /* SPPPSUBR_MPSAFE */
351 #endif
352
353 /* almost every function needs these */
354
355 static bool sppp_debug_enabled(struct sppp *sp);
356 static int sppp_output(struct ifnet *, struct mbuf *,
357 const struct sockaddr *, const struct rtentry *);
358
359 static void sppp_cp_init(const struct cp *, struct sppp *);
360 static void sppp_cp_fini(const struct cp *, struct sppp *);
361 static void sppp_cp_input(const struct cp *, struct sppp *,
362 struct mbuf *);
363 static void sppp_cp_input(const struct cp *, struct sppp *,
364 struct mbuf *);
365 static void sppp_cp_send(struct sppp *, u_short, u_char,
366 u_char, u_short, void *);
367 /* static void sppp_cp_timeout(void *arg); */
368 static void sppp_cp_change_state(const struct cp *, struct sppp *, int);
369 static struct workqueue *
370 sppp_wq_create(struct sppp *, const char *, pri_t, int, int);
371 static void sppp_wq_destroy(struct sppp *, struct workqueue *);
372 static void sppp_wq_set(struct sppp_work *,
373 void (*)(struct sppp *, void *), void *);
374 static void sppp_wq_add(struct workqueue *, struct sppp_work *);
375 static void sppp_wq_wait(struct workqueue *, struct sppp_work *);
376 static void sppp_cp_to_lcp(void *);
377 static void sppp_cp_to_ipcp(void *);
378 static void sppp_cp_to_ipv6cp(void *);
379 static void sppp_auth_send(const struct cp *, struct sppp *,
380 unsigned int, unsigned int, ...);
381 static int sppp_auth_role(const struct cp *, struct sppp *);
382 static void sppp_auth_to_event(struct sppp *, void *);
383 static void sppp_auth_screply(const struct cp *, struct sppp *,
384 u_char, uint8_t, size_t, void *);
385 static void sppp_up_event(struct sppp *, void *);
386 static void sppp_down_event(struct sppp *, void *);
387 static void sppp_open_event(struct sppp *, void *);
388 static void sppp_close_event(struct sppp *, void *);
389 static void sppp_to_event(struct sppp *, void *);
390 static void sppp_rcr_event(struct sppp *, void *);
391 static void sppp_rca_event(struct sppp *, void *);
392 static void sppp_rcn_event(struct sppp *, void *);
393 static void sppp_rtr_event(struct sppp *, void *);
394 static void sppp_rta_event(struct sppp *, void *);
395 static void sppp_rxj_event(struct sppp *, void *);
396
397 static void sppp_null(struct sppp *);
398 static void sppp_tls(const struct cp *, struct sppp *);
399 static void sppp_tlf(const struct cp *, struct sppp *);
400 static void sppp_screply(const struct cp *, struct sppp *,
401 u_char, uint8_t, size_t, void *);
402 static void sppp_ifdown(struct sppp *, void *);
403
404 static void sppp_lcp_init(struct sppp *);
405 static void sppp_lcp_up(struct sppp *, void *);
406 static void sppp_lcp_down(struct sppp *, void *);
407 static void sppp_lcp_open(struct sppp *, void *);
408 static enum cp_rcr_type
409 sppp_lcp_confreq(struct sppp *, struct lcp_header *, int,
410 uint8_t **, size_t *, size_t *);
411 static void sppp_lcp_confrej(struct sppp *, struct lcp_header *, int);
412 static void sppp_lcp_confnak(struct sppp *, struct lcp_header *, int);
413 static void sppp_lcp_tlu(struct sppp *);
414 static void sppp_lcp_tld(struct sppp *);
415 static void sppp_lcp_tls(const struct cp *, struct sppp *);
416 static void sppp_lcp_tlf(const struct cp *, struct sppp *);
417 static void sppp_lcp_scr(struct sppp *);
418 static void sppp_lcp_check_and_close(struct sppp *);
419 static int sppp_cp_check(struct sppp *, u_char);
420
421 static void sppp_ipcp_init(struct sppp *);
422 static void sppp_ipcp_open(struct sppp *, void *);
423 static void sppp_ipcp_close(struct sppp *, void *);
424 static enum cp_rcr_type
425 sppp_ipcp_confreq(struct sppp *, struct lcp_header *, int,
426 uint8_t **, size_t *, size_t *);
427 static void sppp_ipcp_confrej(struct sppp *, struct lcp_header *, int);
428 static void sppp_ipcp_confnak(struct sppp *, struct lcp_header *, int);
429 static void sppp_ipcp_tlu(struct sppp *);
430 static void sppp_ipcp_tld(struct sppp *);
431 static void sppp_ipcp_scr(struct sppp *);
432
433 static void sppp_ipv6cp_init(struct sppp *);
434 static void sppp_ipv6cp_open(struct sppp *, void *);
435 static enum cp_rcr_type
436 sppp_ipv6cp_confreq(struct sppp *, struct lcp_header *, int,
437 uint8_t **, size_t *, size_t *);
438 static void sppp_ipv6cp_confrej(struct sppp *, struct lcp_header *, int);
439 static void sppp_ipv6cp_confnak(struct sppp *, struct lcp_header *, int);
440 static void sppp_ipv6cp_tlu(struct sppp *);
441 static void sppp_ipv6cp_tld(struct sppp *);
442 static void sppp_ipv6cp_scr(struct sppp *);
443
444 static void sppp_pap_input(struct sppp *, struct mbuf *);
445 static void sppp_pap_init(struct sppp *);
446 static void sppp_pap_tlu(struct sppp *);
447 static void sppp_pap_scr(struct sppp *);
448 static void sppp_pap_scr(struct sppp *);
449
450 static void sppp_chap_input(struct sppp *, struct mbuf *);
451 static void sppp_chap_init(struct sppp *);
452 static void sppp_chap_open(struct sppp *, void *);
453 static void sppp_chap_tlu(struct sppp *);
454 static void sppp_chap_scr(struct sppp *);
455 static void sppp_chap_rcv_challenge_event(struct sppp *, void *);
456
457 static const char *sppp_auth_type_name(char *, size_t, u_short, u_char);
458 static const char *sppp_cp_type_name(char *, size_t, u_char);
459 static const char *sppp_dotted_quad(char *, size_t, uint32_t);
460 static const char *sppp_ipcp_opt_name(char *, size_t, u_char);
461 #ifdef INET6
462 static const char *sppp_ipv6cp_opt_name(char *, size_t, u_char);
463 #endif
464 static const char *sppp_lcp_opt_name(char *, size_t, u_char);
465 static const char *sppp_phase_name(int);
466 static const char *sppp_proto_name(char *, size_t, u_short);
467 static const char *sppp_state_name(int);
468 static int sppp_params(struct sppp *, u_long, void *);
469 #ifdef INET
470 static void sppp_get_ip_addrs(struct sppp *, uint32_t *, uint32_t *, uint32_t *);
471 static void sppp_set_ip_addrs(struct sppp *);
472 static void sppp_clear_ip_addrs(struct sppp *);
473 #endif
474 static void sppp_keepalive(void *);
475 static void sppp_phase_network(struct sppp *);
476 static void sppp_print_bytes(const u_char *, u_short);
477 static void sppp_print_string(const char *, u_short);
478 #ifdef INET6
479 static void sppp_get_ip6_addrs(struct sppp *, struct in6_addr *,
480 struct in6_addr *, struct in6_addr *);
481 #ifdef IPV6CP_MYIFID_DYN
482 static void sppp_set_ip6_addr(struct sppp *, const struct in6_addr *);
483 static void sppp_gen_ip6_addr(struct sppp *, const struct in6_addr *);
484 #endif
485 static void sppp_suggest_ip6_addr(struct sppp *, struct in6_addr *);
486 #endif
487
488 static void sppp_notify_up(struct sppp *);
489 static void sppp_notify_down(struct sppp *);
490 static void sppp_notify_tls_wlocked(struct sppp *);
491 static void sppp_notify_tlf_wlocked(struct sppp *);
492 #ifdef INET6
493 static void sppp_notify_con_wlocked(struct sppp *);
494 #endif
495 static void sppp_notify_con(struct sppp *);
496
497 static void sppp_notify_chg_wlocked(struct sppp *);
498
499 /* our control protocol descriptors */
500 static const struct cp lcp = {
501 PPP_LCP, IDX_LCP, CP_LCP, "lcp",
502 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open,
503 sppp_close_event, sppp_to_event,
504 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls,
505 sppp_lcp_tlf, sppp_lcp_scr, sppp_screply,
506 sppp_lcp_confreq, sppp_lcp_confrej, sppp_lcp_confnak
507 };
508
509 static const struct cp ipcp = {
510 PPP_IPCP, IDX_IPCP,
511 #ifdef INET
512 CP_NCP, /*don't run IPCP if there's no IPv4 support*/
513 #else
514 0,
515 #endif
516 "ipcp",
517 sppp_up_event, sppp_down_event, sppp_ipcp_open,
518 sppp_ipcp_close, sppp_to_event,
519 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_tls,
520 sppp_tlf, sppp_ipcp_scr, sppp_screply,
521 sppp_ipcp_confreq, sppp_ipcp_confrej, sppp_ipcp_confnak,
522 };
523
524 static const struct cp ipv6cp = {
525 PPP_IPV6CP, IDX_IPV6CP,
526 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/
527 CP_NCP,
528 #else
529 0,
530 #endif
531 "ipv6cp",
532 sppp_up_event, sppp_down_event, sppp_ipv6cp_open,
533 sppp_close_event, sppp_to_event,
534 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_tls,
535 sppp_tlf, sppp_ipv6cp_scr, sppp_screply,
536 sppp_ipv6cp_confreq, sppp_ipv6cp_confrej, sppp_ipv6cp_confnak,
537 };
538
539 static const struct cp pap = {
540 PPP_PAP, IDX_PAP, CP_AUTH, "pap",
541 sppp_up_event, sppp_down_event, sppp_open_event,
542 sppp_close_event, sppp_auth_to_event,
543 sppp_pap_tlu, sppp_null, sppp_tls, sppp_tlf,
544 sppp_pap_scr, sppp_auth_screply,
545 NULL, NULL, NULL
546 };
547
548 static const struct cp chap = {
549 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap",
550 sppp_up_event, sppp_down_event, sppp_chap_open,
551 sppp_close_event, sppp_auth_to_event,
552 sppp_chap_tlu, sppp_null, sppp_tls, sppp_tlf,
553 sppp_chap_scr, sppp_auth_screply,
554 NULL, NULL, NULL
555 };
556
557 static const struct cp *cps[IDX_COUNT] = {
558 &lcp, /* IDX_LCP */
559 &ipcp, /* IDX_IPCP */
560 &ipv6cp, /* IDX_IPV6CP */
561 &pap, /* IDX_PAP */
562 &chap, /* IDX_CHAP */
563 };
564
565 static inline u_int
566 sppp_proto2authproto(u_short proto)
567 {
568
569 switch (proto) {
570 case PPP_PAP:
571 return SPPP_AUTHPROTO_PAP;
572 case PPP_CHAP:
573 return SPPP_AUTHPROTO_CHAP;
574 }
575
576 return SPPP_AUTHPROTO_NONE;
577 }
578
579 static inline u_short
580 sppp_authproto2proto(u_int authproto)
581 {
582
583 switch (authproto) {
584 case SPPP_AUTHPROTO_PAP:
585 return PPP_PAP;
586 case SPPP_AUTHPROTO_CHAP:
587 return PPP_CHAP;
588 }
589
590 return PPP_NOPROTO;
591 }
592
593 static inline bool
594 sppp_debug_enabled(struct sppp *sp)
595 {
596
597 if (__predict_false(sp == NULL))
598 return false;
599
600 if ((sp->pp_if.if_flags & IFF_DEBUG) == 0)
601 return false;
602
603 return true;
604 }
605
606 static void
607 sppp_change_phase(struct sppp *sp, int phase)
608 {
609 struct ifnet *ifp;
610
611 KASSERT(SPPP_WLOCKED(sp));
612
613 ifp = &sp->pp_if;
614
615 if (sp->pp_phase == phase)
616 return;
617
618 sp->pp_phase = phase;
619
620 if (phase == SPPP_PHASE_NETWORK)
621 if_link_state_change(ifp, LINK_STATE_UP);
622 else
623 if_link_state_change(ifp, LINK_STATE_DOWN);
624
625 SPPP_DLOG(sp, "phase %s\n",
626 sppp_phase_name(sp->pp_phase));
627 }
628
629 /*
630 * Exported functions, comprising our interface to the lower layer.
631 */
632
633 /*
634 * Process the received packet.
635 */
636 void
637 sppp_input(struct ifnet *ifp, struct mbuf *m)
638 {
639 struct ppp_header *h = NULL;
640 pktqueue_t *pktq = NULL;
641 uint16_t protocol;
642 struct sppp *sp = (struct sppp *)ifp;
643
644 /* No RPS for not-IP. */
645 pktq_rps_hash_func_t rps_hash = NULL;
646
647 SPPP_LOCK(sp, RW_READER);
648
649 if (ifp->if_flags & IFF_UP) {
650 /* Count received bytes, add hardware framing */
651 if_statadd(ifp, if_ibytes, m->m_pkthdr.len + sp->pp_framebytes);
652 /* Note time of last receive */
653 sp->pp_last_receive = time_uptime;
654 }
655
656 if (m->m_pkthdr.len <= PPP_HEADER_LEN) {
657 /* Too small packet, drop it. */
658 SPPP_DLOG(sp, "input packet is too small, "
659 "%d bytes\n", m->m_pkthdr.len);
660 goto drop;
661 }
662
663 if (sp->pp_flags & PP_NOFRAMING) {
664 memcpy(&protocol, mtod(m, void *), 2);
665 protocol = ntohs(protocol);
666 m_adj(m, 2);
667 } else {
668
669 /* Get PPP header. */
670 h = mtod(m, struct ppp_header *);
671 m_adj(m, PPP_HEADER_LEN);
672
673 switch (h->address) {
674 case PPP_ALLSTATIONS:
675 if (h->control != PPP_UI)
676 goto invalid;
677 break;
678 case CISCO_MULTICAST:
679 case CISCO_UNICAST:
680 /* Don't check the control field here (RFC 1547). */
681 SPPP_DLOG(sp, "Cisco packet in PPP mode "
682 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
683 h->address, h->control, ntohs(h->protocol));
684 goto drop;
685 default: /* Invalid PPP packet. */
686 invalid:
687 SPPP_DLOG(sp, "invalid input packet "
688 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
689 h->address, h->control, ntohs(h->protocol));
690 goto drop;
691 }
692 protocol = ntohs(h->protocol);
693 }
694
695 switch (protocol) {
696 reject_protocol:
697 if (sp->scp[IDX_LCP].state == STATE_OPENED) {
698 uint16_t prot = htons(protocol);
699
700 SPPP_UPGRADE(sp);
701 sppp_cp_send(sp, PPP_LCP, PROTO_REJ,
702 ++sp->scp[IDX_LCP].seq, m->m_pkthdr.len + 2,
703 &prot);
704 SPPP_DOWNGRADE(sp);
705 }
706 if_statinc(ifp, if_noproto);
707 goto drop;
708 default:
709 SPPP_DLOG(sp, "invalid input protocol "
710 "<proto=0x%x>\n", protocol);
711 goto reject_protocol;
712 case PPP_LCP:
713 SPPP_UNLOCK(sp);
714 sppp_cp_input(&lcp, sp, m);
715 /* already m_freem(m) */
716 return;
717 case PPP_PAP:
718 SPPP_UNLOCK(sp);
719 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) {
720 sppp_pap_input(sp, m);
721 }
722 m_freem(m);
723 return;
724 case PPP_CHAP:
725 SPPP_UNLOCK(sp);
726 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) {
727 sppp_chap_input(sp, m);
728 }
729 m_freem(m);
730 return;
731 #ifdef INET
732 case PPP_IPCP:
733 if (!ISSET(sp->pp_ncpflags, SPPP_NCP_IPCP)) {
734 SPPP_LOG(sp, LOG_INFO, "reject IPCP packet "
735 "because IPCP is disabled\n");
736 goto reject_protocol;
737 }
738 SPPP_UNLOCK(sp);
739 if (sp->pp_phase == SPPP_PHASE_NETWORK) {
740 sppp_cp_input(&ipcp, sp, m);
741 /* already m_freem(m) */
742 } else {
743 m_freem(m);
744 }
745 return;
746 case PPP_IP:
747 if (sp->scp[IDX_IPCP].state == STATE_OPENED) {
748 sp->pp_last_activity = time_uptime;
749 pktq = ip_pktq;
750 rps_hash = atomic_load_relaxed(&sppp_pktq_rps_hash_p);
751 }
752 break;
753 #endif
754 #ifdef INET6
755 case PPP_IPV6CP:
756 if (!ISSET(sp->pp_ncpflags, SPPP_NCP_IPV6CP)) {
757 SPPP_LOG(sp, LOG_INFO, "reject IPv6CP packet "
758 "because IPv6CP is disabled\n");
759 goto reject_protocol;
760 }
761 SPPP_UNLOCK(sp);
762 if (sp->pp_phase == SPPP_PHASE_NETWORK) {
763 sppp_cp_input(&ipv6cp, sp, m);
764 /* already m_freem(m) */
765 } else {
766 m_freem(m);
767 }
768 return;
769
770 case PPP_IPV6:
771 if (sp->scp[IDX_IPV6CP].state == STATE_OPENED) {
772 sp->pp_last_activity = time_uptime;
773 pktq = ip6_pktq;
774 rps_hash = atomic_load_relaxed(&sppp_pktq_rps_hash_p);
775 }
776 break;
777 #endif
778 }
779
780 if ((ifp->if_flags & IFF_UP) == 0 || pktq == NULL) {
781 goto drop;
782 }
783
784 /* Check queue. */
785 const uint32_t hash = rps_hash ? pktq_rps_hash(&rps_hash, m) : 0;
786 if (__predict_false(!pktq_enqueue(pktq, m, hash))) {
787 goto drop;
788 }
789 SPPP_UNLOCK(sp);
790 return;
791
792 drop:
793 if_statadd2(ifp, if_ierrors, 1, if_iqdrops, 1);
794 m_freem(m);
795 SPPP_UNLOCK(sp);
796 return;
797 }
798
799 /*
800 * Enqueue transmit packet.
801 */
802 static int
803 sppp_output(struct ifnet *ifp, struct mbuf *m,
804 const struct sockaddr *dst, const struct rtentry *rt)
805 {
806 struct sppp *sp = (struct sppp *) ifp;
807 struct ppp_header *h = NULL;
808 #ifndef SPPPSUBR_MPSAFE
809 struct ifqueue *ifq = NULL; /* XXX */
810 #endif
811 int s, error = 0;
812 uint16_t protocol;
813 size_t pktlen;
814
815 s = splnet();
816 SPPP_LOCK(sp, RW_READER);
817
818 sp->pp_last_activity = time_uptime;
819
820 if ((ifp->if_flags & IFF_UP) == 0 ||
821 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) {
822 SPPP_UNLOCK(sp);
823 splx(s);
824
825 m_freem(m);
826 if_statinc(ifp, if_oerrors);
827 return (ENETDOWN);
828 }
829
830 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) {
831 /* ignore packets that have no enabled NCP */
832 if ((dst->sa_family == AF_INET &&
833 !ISSET(sp->pp_ncpflags, SPPP_NCP_IPCP)) ||
834 (dst->sa_family == AF_INET6 &&
835 !ISSET(sp->pp_ncpflags, SPPP_NCP_IPV6CP))) {
836 SPPP_UNLOCK(sp);
837 splx(s);
838
839 m_freem(m);
840 if_statinc(ifp, if_oerrors);
841 return (ENETDOWN);
842 }
843 /*
844 * Interface is not yet running, but auto-dial. Need
845 * to start LCP for it.
846 */
847 ifp->if_flags |= IFF_RUNNING;
848 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open);
849 }
850
851 /*
852 * If the queueing discipline needs packet classification,
853 * do it before prepending link headers.
854 */
855 IFQ_CLASSIFY(&ifp->if_snd, m, dst->sa_family);
856
857 #ifdef INET
858 if (dst->sa_family == AF_INET) {
859 struct ip *ip = NULL;
860 #ifndef SPPPSUBR_MPSAFE
861 struct tcphdr *th = NULL;
862 #endif
863
864 if (m->m_len >= sizeof(struct ip)) {
865 ip = mtod(m, struct ip *);
866 #ifndef SPPPSUBR_MPSAFE
867 if (ip->ip_p == IPPROTO_TCP &&
868 m->m_len >= sizeof(struct ip) + (ip->ip_hl << 2) +
869 sizeof(struct tcphdr)) {
870 th = (struct tcphdr *)
871 ((char *)ip + (ip->ip_hl << 2));
872 }
873 #endif
874 } else
875 ip = NULL;
876
877 /*
878 * When using dynamic local IP address assignment by using
879 * 0.0.0.0 as a local address, the first TCP session will
880 * not connect because the local TCP checksum is computed
881 * using 0.0.0.0 which will later become our real IP address
882 * so the TCP checksum computed at the remote end will
883 * become invalid. So we
884 * - don't let packets with src ip addr 0 thru
885 * - we flag TCP packets with src ip 0 as an error
886 */
887 if (ip && ip->ip_src.s_addr == INADDR_ANY) {
888 uint8_t proto = ip->ip_p;
889
890 SPPP_UNLOCK(sp);
891 splx(s);
892
893 m_freem(m);
894 if (proto == IPPROTO_TCP)
895 return (EADDRNOTAVAIL);
896 else
897 return (0);
898 }
899
900 #ifndef SPPPSUBR_MPSAFE
901 /*
902 * Put low delay, telnet, rlogin and ftp control packets
903 * in front of the queue.
904 */
905 if (!IF_QFULL(&sp->pp_fastq) &&
906 ((ip && (ip->ip_tos & IPTOS_LOWDELAY)) ||
907 (th && (INTERACTIVE(ntohs(th->th_sport)) ||
908 INTERACTIVE(ntohs(th->th_dport))))))
909 ifq = &sp->pp_fastq;
910 #endif /* !SPPPSUBR_MPSAFE */
911 }
912 #endif
913
914 #ifdef INET6
915 if (dst->sa_family == AF_INET6) {
916 /* XXX do something tricky here? */
917 }
918 #endif
919
920 if ((sp->pp_flags & PP_NOFRAMING) == 0) {
921 /*
922 * Prepend general data packet PPP header. For now, IP only.
923 */
924 M_PREPEND(m, PPP_HEADER_LEN, M_DONTWAIT);
925 if (! m) {
926 SPPP_DLOG(sp, "no memory for transmit header\n");
927 if_statinc(ifp, if_oerrors);
928 SPPP_UNLOCK(sp);
929 splx(s);
930 return (ENOBUFS);
931 }
932 /*
933 * May want to check size of packet
934 * (albeit due to the implementation it's always enough)
935 */
936 h = mtod(m, struct ppp_header *);
937 h->address = PPP_ALLSTATIONS; /* broadcast address */
938 h->control = PPP_UI; /* Unnumbered Info */
939 }
940
941 switch (dst->sa_family) {
942 #ifdef INET
943 case AF_INET: /* Internet Protocol */
944 /*
945 * Don't choke with an ENETDOWN early. It's
946 * possible that we just started dialing out,
947 * so don't drop the packet immediately. If
948 * we notice that we run out of buffer space
949 * below, we will however remember that we are
950 * not ready to carry IP packets, and return
951 * ENETDOWN, as opposed to ENOBUFS.
952 */
953 protocol = htons(PPP_IP);
954 if (sp->scp[IDX_IPCP].state != STATE_OPENED) {
955 if (ifp->if_flags & IFF_AUTO) {
956 error = ENETDOWN;
957 } else {
958 IF_DROP(&ifp->if_snd);
959 SPPP_UNLOCK(sp);
960 splx(s);
961
962 m_freem(m);
963 if_statinc(ifp, if_oerrors);
964 return (ENETDOWN);
965 }
966 }
967 break;
968 #endif
969 #ifdef INET6
970 case AF_INET6: /* Internet Protocol version 6 */
971 /*
972 * Don't choke with an ENETDOWN early. It's
973 * possible that we just started dialing out,
974 * so don't drop the packet immediately. If
975 * we notice that we run out of buffer space
976 * below, we will however remember that we are
977 * not ready to carry IP packets, and return
978 * ENETDOWN, as opposed to ENOBUFS.
979 */
980 protocol = htons(PPP_IPV6);
981 if (sp->scp[IDX_IPV6CP].state != STATE_OPENED) {
982 if (ifp->if_flags & IFF_AUTO) {
983 error = ENETDOWN;
984 } else {
985 IF_DROP(&ifp->if_snd);
986 SPPP_UNLOCK(sp);
987 splx(s);
988
989 m_freem(m);
990 if_statinc(ifp, if_oerrors);
991 return (ENETDOWN);
992 }
993 }
994 break;
995 #endif
996 default:
997 m_freem(m);
998 if_statinc(ifp, if_oerrors);
999 SPPP_UNLOCK(sp);
1000 splx(s);
1001 return (EAFNOSUPPORT);
1002 }
1003
1004 if (sp->pp_flags & PP_NOFRAMING) {
1005 M_PREPEND(m, 2, M_DONTWAIT);
1006 if (m == NULL) {
1007 SPPP_DLOG(sp, "no memory for transmit header\n");
1008 if_statinc(ifp, if_oerrors);
1009 SPPP_UNLOCK(sp);
1010 splx(s);
1011 return (ENOBUFS);
1012 }
1013 *mtod(m, uint16_t *) = protocol;
1014 } else {
1015 h->protocol = protocol;
1016 }
1017
1018 pktlen = m->m_pkthdr.len;
1019 #ifdef SPPPSUBR_MPSAFE
1020 SPPP_UNLOCK(sp);
1021 error = if_transmit_lock(ifp, m);
1022 SPPP_LOCK(sp, RW_READER);
1023 if (error == 0)
1024 if_statadd(ifp, if_obytes, pktlen + sp->pp_framebytes);
1025 #else /* !SPPPSUBR_MPSAFE */
1026 error = ifq_enqueue2(ifp, ifq, m);
1027
1028 if (error == 0) {
1029 /*
1030 * Count output packets and bytes.
1031 * The packet length includes header + additional hardware
1032 * framing according to RFC 1333.
1033 */
1034 if (!(ifp->if_flags & IFF_OACTIVE)) {
1035 SPPP_UNLOCK(sp);
1036 if_start_lock(ifp);
1037 SPPP_LOCK(sp, RW_READER);
1038 }
1039 if_statadd(ifp, if_obytes, pktlen + sp->pp_framebytes);
1040 }
1041 #endif /* !SPPPSUBR_MPSAFE */
1042 SPPP_UNLOCK(sp);
1043 splx(s);
1044 return error;
1045 }
1046
1047 void
1048 sppp_attach(struct ifnet *ifp)
1049 {
1050 struct sppp *sp = (struct sppp *) ifp;
1051 char xnamebuf[MAXCOMLEN];
1052
1053 /* Initialize keepalive handler. */
1054 if (! spppq) {
1055 callout_init(&keepalive_ch, CALLOUT_MPSAFE);
1056 callout_reset(&keepalive_ch, hz * SPPP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL);
1057 }
1058
1059 if (! spppq_lock)
1060 spppq_lock = mutex_obj_alloc(MUTEX_DEFAULT, IPL_SOFTNET);
1061
1062 sp->pp_if.if_type = IFT_PPP;
1063 sp->pp_if.if_output = sppp_output;
1064 IFQ_SET_MAXLEN(&sp->pp_fastq, 32);
1065 IFQ_LOCK_INIT(&sp->pp_fastq);
1066 IFQ_SET_MAXLEN(&sp->pp_cpq, 20);
1067 sp->pp_loopcnt = 0;
1068 sp->pp_alivecnt = 0;
1069 sp->pp_alive_interval = SPPP_ALIVE_INTERVAL;
1070 sp->pp_last_activity = 0;
1071 sp->pp_last_receive = 0;
1072 sp->pp_maxalive = DEFAULT_MAXALIVECNT;
1073 sp->pp_max_noreceive = SPPP_NORECV_TIME;
1074 sp->pp_idle_timeout = 0;
1075 sp->pp_max_auth_fail = DEFAULT_MAX_AUTH_FAILURES;
1076 sp->pp_phase = SPPP_PHASE_DEAD;
1077 sp->pp_up = sppp_notify_up;
1078 sp->pp_down = sppp_notify_down;
1079 sp->pp_ncpflags = SPPP_NCP_IPCP | SPPP_NCP_IPV6CP;
1080 #ifdef SPPP_IFDOWN_RECONNECT
1081 sp->pp_flags |= PP_LOOPBACK_IFDOWN | PP_KEEPALIVE_IFDOWN;
1082 #endif
1083 sppp_wq_set(&sp->work_ifdown, sppp_ifdown, NULL);
1084 memset(sp->scp, 0, sizeof(sp->scp));
1085 rw_init(&sp->pp_lock);
1086
1087 if_alloc_sadl(ifp);
1088
1089 /* Lets not beat about the bush, we know we're down. */
1090 if_link_state_change(ifp, LINK_STATE_DOWN);
1091
1092 snprintf(xnamebuf, sizeof(xnamebuf), "%s.wq_cp", ifp->if_xname);
1093 sp->wq_cp = sppp_wq_create(sp, xnamebuf,
1094 PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE);
1095
1096 memset(&sp->myauth, 0, sizeof sp->myauth);
1097 memset(&sp->hisauth, 0, sizeof sp->hisauth);
1098 SPPP_LOCK(sp, RW_WRITER);
1099 sppp_lcp_init(sp);
1100 sppp_ipcp_init(sp);
1101 sppp_ipv6cp_init(sp);
1102 sppp_pap_init(sp);
1103 sppp_chap_init(sp);
1104 SPPP_UNLOCK(sp);
1105
1106 SPPPQ_LOCK();
1107 /* Insert new entry into the keepalive list. */
1108 sp->pp_next = spppq;
1109 spppq = sp;
1110 SPPPQ_UNLOCK();
1111 }
1112
1113 void
1114 sppp_detach(struct ifnet *ifp)
1115 {
1116 struct sppp **q, *p, *sp = (struct sppp *) ifp;
1117
1118 /* Remove the entry from the keepalive list. */
1119 SPPPQ_LOCK();
1120 for (q = &spppq; (p = *q); q = &p->pp_next)
1121 if (p == sp) {
1122 *q = p->pp_next;
1123 break;
1124 }
1125 SPPPQ_UNLOCK();
1126
1127 if (! spppq) {
1128 /* Stop keepalive handler. */
1129 callout_stop(&keepalive_ch);
1130 mutex_obj_free(spppq_lock);
1131 spppq_lock = NULL;
1132 }
1133
1134 sppp_cp_fini(&lcp, sp);
1135 sppp_cp_fini(&ipcp, sp);
1136 sppp_cp_fini(&pap, sp);
1137 sppp_cp_fini(&chap, sp);
1138 #ifdef INET6
1139 sppp_cp_fini(&ipv6cp, sp);
1140 #endif
1141 sppp_wq_destroy(sp, sp->wq_cp);
1142
1143 /* free authentication info */
1144 if (sp->myauth.name) free(sp->myauth.name, M_DEVBUF);
1145 if (sp->myauth.secret) free(sp->myauth.secret, M_DEVBUF);
1146 if (sp->hisauth.name) free(sp->hisauth.name, M_DEVBUF);
1147 if (sp->hisauth.secret) free(sp->hisauth.secret, M_DEVBUF);
1148
1149 IFQ_LOCK_DESTROY(&sp->pp_fastq);
1150 rw_destroy(&sp->pp_lock);
1151 }
1152
1153 /*
1154 * Flush the interface output queue.
1155 */
1156 void
1157 sppp_flush(struct ifnet *ifp)
1158 {
1159 struct sppp *sp = (struct sppp *) ifp;
1160
1161 SPPP_LOCK(sp, RW_WRITER);
1162 IFQ_PURGE(&sp->pp_if.if_snd);
1163 IF_PURGE(&sp->pp_fastq);
1164 IF_PURGE(&sp->pp_cpq);
1165 SPPP_UNLOCK(sp);
1166 }
1167
1168 /*
1169 * Check if the output queue is empty.
1170 */
1171 int
1172 sppp_isempty(struct ifnet *ifp)
1173 {
1174 struct sppp *sp = (struct sppp *) ifp;
1175 int empty, s;
1176
1177 s = splnet();
1178 SPPP_LOCK(sp, RW_READER);
1179 empty = IF_IS_EMPTY(&sp->pp_fastq) && IF_IS_EMPTY(&sp->pp_cpq) &&
1180 IFQ_IS_EMPTY(&sp->pp_if.if_snd);
1181 SPPP_UNLOCK(sp);
1182 splx(s);
1183 return (empty);
1184 }
1185
1186 /*
1187 * Get next packet to send.
1188 */
1189 struct mbuf *
1190 sppp_dequeue(struct ifnet *ifp)
1191 {
1192 struct sppp *sp = (struct sppp *) ifp;
1193 struct mbuf *m;
1194 int s;
1195
1196 s = splnet();
1197 SPPP_LOCK(sp, RW_WRITER);
1198 /*
1199 * Process only the control protocol queue until we have at
1200 * least one NCP open.
1201 *
1202 * Do always serve all three queues in Cisco mode.
1203 */
1204 IF_DEQUEUE(&sp->pp_cpq, m);
1205 if (m == NULL && sppp_cp_check(sp, CP_NCP)) {
1206 IF_DEQUEUE(&sp->pp_fastq, m);
1207 if (m == NULL)
1208 IFQ_DEQUEUE(&sp->pp_if.if_snd, m);
1209 }
1210 SPPP_UNLOCK(sp);
1211 splx(s);
1212 return m;
1213 }
1214
1215 /*
1216 * Process an ioctl request. Called on low priority level.
1217 */
1218 int
1219 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data)
1220 {
1221 struct lwp *l = curlwp; /* XXX */
1222 struct ifreq *ifr = (struct ifreq *) data;
1223 struct ifaddr *ifa = (struct ifaddr *) data;
1224 struct sppp *sp = (struct sppp *) ifp;
1225 int s, error=0, going_up, going_down;
1226 u_short newmode;
1227 u_long lcp_mru;
1228
1229 s = splnet();
1230 switch (cmd) {
1231 case SIOCINITIFADDR:
1232 ifa->ifa_rtrequest = p2p_rtrequest;
1233 break;
1234
1235 case SIOCSIFFLAGS:
1236 if ((error = ifioctl_common(ifp, cmd, data)) != 0)
1237 break;
1238
1239 SPPP_LOCK(sp, RW_WRITER);
1240 going_up = ifp->if_flags & IFF_UP &&
1241 (ifp->if_flags & IFF_RUNNING) == 0;
1242 going_down = (ifp->if_flags & IFF_UP) == 0 &&
1243 ifp->if_flags & IFF_RUNNING;
1244 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE);
1245 if (newmode == (IFF_AUTO | IFF_PASSIVE)) {
1246 /* sanity */
1247 newmode = IFF_PASSIVE;
1248 ifp->if_flags &= ~IFF_AUTO;
1249 }
1250
1251 if (ifp->if_flags & IFF_UP) {
1252 sp->pp_flags |= PP_ADMIN_UP;
1253 } else {
1254 sp->pp_flags &= ~PP_ADMIN_UP;
1255 }
1256
1257 if (going_up || going_down) {
1258 sp->lcp.reestablish = false;
1259 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close);
1260 }
1261 if (going_up && newmode == 0) {
1262 /* neither auto-dial nor passive */
1263 ifp->if_flags |= IFF_RUNNING;
1264 sppp_wq_add(sp->wq_cp,
1265 &sp->scp[IDX_LCP].work_open);
1266 } else if (going_down) {
1267 SPPP_UNLOCK(sp);
1268 sppp_flush(ifp);
1269 SPPP_LOCK(sp, RW_WRITER);
1270
1271 ifp->if_flags &= ~IFF_RUNNING;
1272 }
1273 SPPP_UNLOCK(sp);
1274 break;
1275
1276 case SIOCSIFMTU:
1277 if (ifr->ifr_mtu < PPP_MINMRU ||
1278 ifr->ifr_mtu > PP_MTU) {
1279 error = EINVAL;
1280 break;
1281 }
1282
1283 error = ifioctl_common(ifp, cmd, data);
1284 if (error == ENETRESET)
1285 error = 0;
1286
1287 SPPP_LOCK(sp, RW_WRITER);
1288 lcp_mru = sp->lcp.mru;
1289 if (ifp->if_mtu < PP_MTU) {
1290 sp->lcp.mru = ifp->if_mtu;
1291 } else {
1292 sp->lcp.mru = PP_MTU;
1293 }
1294 if (lcp_mru != sp->lcp.mru)
1295 SET(sp->lcp.opts, SPPP_LCP_OPT_MRU);
1296
1297 if (sp->scp[IDX_LCP].state == STATE_OPENED &&
1298 ifp->if_mtu > sp->lcp.their_mru) {
1299 sp->pp_saved_mtu = ifp->if_mtu;
1300 ifp->if_mtu = sp->lcp.their_mru;
1301
1302 SPPP_DLOG(sp, "setting MTU "
1303 "from %"PRIu64" bytes to %"PRIu64" bytes\n",
1304 sp->pp_saved_mtu, ifp->if_mtu);
1305 }
1306 SPPP_UNLOCK(sp);
1307 break;
1308
1309 case SIOCGIFMTU:
1310 if ((error = ifioctl_common(ifp, cmd, data)) == ENETRESET)
1311 error = 0;
1312 break;
1313 case SIOCADDMULTI:
1314 case SIOCDELMULTI:
1315 break;
1316
1317 case SPPPSETAUTHCFG:
1318 case SPPPSETLCPCFG:
1319 case SPPPSETNCPCFG:
1320 case SPPPSETIDLETO:
1321 case SPPPSETAUTHFAILURE:
1322 case SPPPSETDNSOPTS:
1323 case SPPPSETKEEPALIVE:
1324 #if defined(COMPAT_50) || defined(MODULAR)
1325 case __SPPPSETIDLETO50:
1326 case __SPPPSETKEEPALIVE50:
1327 #endif /* COMPAT_50 || MODULAR */
1328 error = kauth_authorize_network(l->l_cred,
1329 KAUTH_NETWORK_INTERFACE,
1330 KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd,
1331 NULL);
1332 if (error)
1333 break;
1334 error = sppp_params(sp, cmd, data);
1335 break;
1336
1337 case SPPPGETAUTHCFG:
1338 case SPPPGETLCPCFG:
1339 case SPPPGETNCPCFG:
1340 case SPPPGETAUTHFAILURES:
1341 error = kauth_authorize_network(l->l_cred,
1342 KAUTH_NETWORK_INTERFACE,
1343 KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, ifp, (void *)cmd,
1344 NULL);
1345 if (error)
1346 break;
1347 error = sppp_params(sp, cmd, data);
1348 break;
1349
1350 case SPPPGETSTATUS:
1351 case SPPPGETSTATUSNCP:
1352 case SPPPGETIDLETO:
1353 case SPPPGETDNSOPTS:
1354 case SPPPGETDNSADDRS:
1355 case SPPPGETKEEPALIVE:
1356 #if defined(COMPAT_50) || defined(MODULAR)
1357 case __SPPPGETIDLETO50:
1358 case __SPPPGETKEEPALIVE50:
1359 #endif /* COMPAT_50 || MODULAR */
1360 case SPPPGETLCPSTATUS:
1361 case SPPPGETIPCPSTATUS:
1362 case SPPPGETIPV6CPSTATUS:
1363 error = sppp_params(sp, cmd, data);
1364 break;
1365
1366 default:
1367 error = ifioctl_common(ifp, cmd, data);
1368 break;
1369 }
1370 splx(s);
1371 return (error);
1372 }
1373
1374 /*
1375 * PPP protocol implementation.
1376 */
1377
1378 /*
1379 * Send PPP control protocol packet.
1380 */
1381 static void
1382 sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
1383 u_char ident, u_short len, void *data)
1384 {
1385 struct ifnet *ifp;
1386 struct lcp_header *lh;
1387 struct mbuf *m;
1388 size_t pkthdrlen;
1389
1390 KASSERT(SPPP_WLOCKED(sp));
1391
1392 ifp = &sp->pp_if;
1393 pkthdrlen = (sp->pp_flags & PP_NOFRAMING) ? 2 : PPP_HEADER_LEN;
1394
1395 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN)
1396 len = MHLEN - pkthdrlen - LCP_HEADER_LEN;
1397 MGETHDR(m, M_DONTWAIT, MT_DATA);
1398 if (! m) {
1399 return;
1400 }
1401 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len;
1402 m_reset_rcvif(m);
1403
1404 if (sp->pp_flags & PP_NOFRAMING) {
1405 *mtod(m, uint16_t *) = htons(proto);
1406 lh = (struct lcp_header *)(mtod(m, uint8_t *) + 2);
1407 } else {
1408 struct ppp_header *h;
1409 h = mtod(m, struct ppp_header *);
1410 h->address = PPP_ALLSTATIONS; /* broadcast address */
1411 h->control = PPP_UI; /* Unnumbered Info */
1412 h->protocol = htons(proto); /* Link Control Protocol */
1413 lh = (struct lcp_header *)(h + 1);
1414 }
1415 lh->type = type;
1416 lh->ident = ident;
1417 lh->len = htons(LCP_HEADER_LEN + len);
1418 if (len)
1419 memcpy(lh + 1, data, len);
1420
1421 if (sppp_debug_enabled(sp)) {
1422 char pbuf[SPPP_PROTO_NAMELEN];
1423 char tbuf[SPPP_CPTYPE_NAMELEN];
1424 const char *pname, *cpname;
1425
1426 pname = sppp_proto_name(pbuf, sizeof(pbuf), proto);
1427 cpname = sppp_cp_type_name(tbuf, sizeof(tbuf), lh->type);
1428 SPPP_LOG(sp, LOG_DEBUG, "%s output <%s id=0x%x len=%d",
1429 pname, cpname, lh->ident, ntohs(lh->len));
1430 if (len)
1431 sppp_print_bytes((u_char *)(lh + 1), len);
1432 addlog(">\n");
1433 }
1434 if (IF_QFULL(&sp->pp_cpq)) {
1435 IF_DROP(&sp->pp_fastq);
1436 IF_DROP(&ifp->if_snd);
1437 m_freem(m);
1438 if_statinc(ifp, if_oerrors);
1439 return;
1440 }
1441
1442 if_statadd(ifp, if_obytes, m->m_pkthdr.len + sp->pp_framebytes);
1443 IF_ENQUEUE(&sp->pp_cpq, m);
1444
1445 if (! (ifp->if_flags & IFF_OACTIVE)) {
1446 SPPP_UNLOCK(sp);
1447 if_start_lock(ifp);
1448 SPPP_LOCK(sp, RW_WRITER);
1449 }
1450 }
1451
1452 static void
1453 sppp_cp_to_lcp(void *xsp)
1454 {
1455 struct sppp *sp = xsp;
1456
1457 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_to);
1458 }
1459
1460 static void
1461 sppp_cp_to_ipcp(void *xsp)
1462 {
1463 struct sppp *sp = xsp;
1464
1465 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_IPCP].work_to);
1466 }
1467
1468 static void
1469 sppp_cp_to_ipv6cp(void *xsp)
1470 {
1471 struct sppp *sp = xsp;
1472
1473 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_IPV6CP].work_to);
1474 }
1475
1476 static void
1477 sppp_cp_to_pap(void *xsp)
1478 {
1479 struct sppp *sp = xsp;
1480
1481 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_to);
1482 }
1483
1484 static void
1485 sppp_cp_to_chap(void *xsp)
1486 {
1487 struct sppp *sp = xsp;
1488
1489 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_to);
1490 }
1491
1492 static void
1493 sppp_cp_init(const struct cp *cp, struct sppp *sp)
1494 {
1495 struct sppp_cp *scp;
1496 typedef void (*sppp_co_cb_t)(void *);
1497 static const sppp_co_cb_t to_cb[IDX_COUNT] = {
1498 [IDX_LCP] = sppp_cp_to_lcp,
1499 [IDX_IPCP] = sppp_cp_to_ipcp,
1500 [IDX_IPV6CP] = sppp_cp_to_ipv6cp,
1501 [IDX_PAP] = sppp_cp_to_pap,
1502 [IDX_CHAP] = sppp_cp_to_chap,
1503 };
1504
1505 scp = &sp->scp[cp->protoidx];
1506 scp->state = STATE_INITIAL;
1507 scp->fail_counter = 0;
1508 scp->seq = 0;
1509 scp->rseq = 0;
1510
1511 SPPP_WQ_SET(&scp->work_up, cp->Up, cp);
1512 SPPP_WQ_SET(&scp->work_down, cp->Down, cp);
1513 SPPP_WQ_SET(&scp->work_open, cp->Open, cp);
1514 SPPP_WQ_SET(&scp->work_close, cp->Close, cp);
1515 SPPP_WQ_SET(&scp->work_to, cp->TO, cp);
1516 SPPP_WQ_SET(&scp->work_rcr, sppp_rcr_event, cp);
1517 SPPP_WQ_SET(&scp->work_rca, sppp_rca_event, cp);
1518 SPPP_WQ_SET(&scp->work_rcn, sppp_rcn_event, cp);
1519 SPPP_WQ_SET(&scp->work_rtr, sppp_rtr_event, cp);
1520 SPPP_WQ_SET(&scp->work_rta, sppp_rta_event, cp);
1521 SPPP_WQ_SET(&scp->work_rxj, sppp_rxj_event, cp);
1522
1523 callout_init(&scp->ch, CALLOUT_MPSAFE);
1524 callout_setfunc(&scp->ch, to_cb[cp->protoidx], sp);
1525 }
1526
1527 static void
1528 sppp_cp_fini(const struct cp *cp, struct sppp *sp)
1529 {
1530 struct sppp_cp *scp;
1531 scp = &sp->scp[cp->protoidx];
1532
1533 sppp_wq_wait(sp->wq_cp, &scp->work_up);
1534 sppp_wq_wait(sp->wq_cp, &scp->work_down);
1535 sppp_wq_wait(sp->wq_cp, &scp->work_open);
1536 sppp_wq_wait(sp->wq_cp, &scp->work_close);
1537 sppp_wq_wait(sp->wq_cp, &scp->work_to);
1538 sppp_wq_wait(sp->wq_cp, &scp->work_rcr);
1539 sppp_wq_wait(sp->wq_cp, &scp->work_rca);
1540 sppp_wq_wait(sp->wq_cp, &scp->work_rcn);
1541 sppp_wq_wait(sp->wq_cp, &scp->work_rtr);
1542 sppp_wq_wait(sp->wq_cp, &scp->work_rta);
1543 sppp_wq_wait(sp->wq_cp, &scp->work_rxj);
1544
1545 callout_halt(&scp->ch, NULL);
1546 callout_destroy(&scp->ch);
1547
1548 if (scp->mbuf_confreq != NULL) {
1549 m_freem(scp->mbuf_confreq);
1550 scp->mbuf_confreq = NULL;
1551 }
1552 if (scp->mbuf_confnak != NULL) {
1553 m_freem(scp->mbuf_confnak);
1554 scp->mbuf_confnak = NULL;
1555 }
1556 }
1557
1558 /*
1559 * Handle incoming PPP control protocol packets.
1560 */
1561 static void
1562 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m)
1563 {
1564 struct ifnet *ifp;
1565 struct lcp_header *h;
1566 struct sppp_cp *scp;
1567 int printlen, len = m->m_pkthdr.len;
1568 u_char *p;
1569 uint32_t u32;
1570 char tbuf[SPPP_CPTYPE_NAMELEN];
1571 const char *cpname;
1572 bool debug;
1573
1574 SPPP_LOCK(sp, RW_WRITER);
1575
1576 ifp = &sp->pp_if;
1577 debug = sppp_debug_enabled(sp);
1578 scp = &sp->scp[cp->protoidx];
1579
1580 if (len < 4) {
1581 SPPP_DLOG(sp, "%s invalid packet length: %d bytes\n",
1582 cp->name, len);
1583 goto out;
1584 }
1585 h = mtod(m, struct lcp_header *);
1586 if (debug) {
1587 printlen = ntohs(h->len);
1588 cpname = sppp_cp_type_name(tbuf, sizeof(tbuf), h->type);
1589 SPPP_LOG(sp, LOG_DEBUG, "%s input(%s): <%s id=0x%x len=%d",
1590 cp->name, sppp_state_name(scp->state),
1591 cpname, h->ident, printlen);
1592 if (len < printlen)
1593 printlen = len;
1594 if (printlen > 4)
1595 sppp_print_bytes((u_char *)(h + 1), printlen - 4);
1596 addlog(">\n");
1597 }
1598 if (len > ntohs(h->len))
1599 len = ntohs(h->len);
1600 p = (u_char *)(h + 1);
1601 switch (h->type) {
1602 case CONF_REQ:
1603 if (len < 4) {
1604 SPPP_DLOG(sp,"%s invalid conf-req length %d\n",
1605 cp->name, len);
1606 if_statinc(ifp, if_ierrors);
1607 break;
1608 }
1609
1610 scp->rcr_type = CP_RCR_NONE;
1611 scp->rconfid = h->ident;
1612 if (scp->mbuf_confreq != NULL) {
1613 m_freem(scp->mbuf_confreq);
1614 }
1615 scp->mbuf_confreq = m;
1616 m = NULL;
1617 sppp_wq_add(sp->wq_cp, &scp->work_rcr);
1618 break;
1619 case CONF_ACK:
1620 if (h->ident != scp->confid) {
1621 SPPP_DLOG(sp, "%s id mismatch 0x%x != 0x%x\n",
1622 cp->name, h->ident, scp->confid);
1623 if_statinc(ifp, if_ierrors);
1624 break;
1625 }
1626 sppp_wq_add(sp->wq_cp, &scp->work_rca);
1627 break;
1628 case CONF_NAK:
1629 case CONF_REJ:
1630 if (h->ident != scp->confid) {
1631 SPPP_DLOG(sp, "%s id mismatch 0x%x != 0x%x\n",
1632 cp->name, h->ident, scp->confid);
1633 if_statinc(ifp, if_ierrors);
1634 break;
1635 }
1636
1637 if (scp->mbuf_confnak) {
1638 m_freem(scp->mbuf_confnak);
1639 }
1640 scp->mbuf_confnak = m;
1641 m = NULL;
1642 sppp_wq_add(sp->wq_cp, &scp->work_rcn);
1643 break;
1644 case TERM_REQ:
1645 scp->rseq = h->ident;
1646 sppp_wq_add(sp->wq_cp, &scp->work_rtr);
1647 break;
1648 case TERM_ACK:
1649 if (h->ident != scp->confid &&
1650 h->ident != scp->seq) {
1651 SPPP_DLOG(sp, "%s id mismatch "
1652 "0x%x != 0x%x and 0x%x != %0lx\n",
1653 cp->name, h->ident, scp->confid,
1654 h->ident, scp->seq);
1655 if_statinc(ifp, if_ierrors);
1656 break;
1657 }
1658
1659 sppp_wq_add(sp->wq_cp, &scp->work_rta);
1660 break;
1661 case CODE_REJ:
1662 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */
1663 cpname = sppp_cp_type_name(tbuf, sizeof(tbuf), h->type);
1664 SPPP_LOG(sp, LOG_INFO, "%s: ignoring RXJ (%s) for code ?, "
1665 "danger will robinson\n", cp->name, cpname);
1666 sppp_wq_add(sp->wq_cp, &scp->work_rxj);
1667 break;
1668 case PROTO_REJ:
1669 {
1670 int catastrophic;
1671 const struct cp *upper;
1672 int i;
1673 uint16_t proto;
1674
1675 catastrophic = 0;
1676 upper = NULL;
1677 proto = p[0] << 8 | p[1];
1678 for (i = 0; i < IDX_COUNT; i++) {
1679 if (cps[i]->proto == proto) {
1680 upper = cps[i];
1681 break;
1682 }
1683 }
1684 if (upper == NULL)
1685 catastrophic++;
1686
1687 if (debug) {
1688 cpname = sppp_cp_type_name(tbuf, sizeof(tbuf), h->type);
1689 SPPP_LOG(sp, LOG_INFO,
1690 "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n",
1691 cp->name, catastrophic ? '-' : '+',
1692 cpname, proto, upper ? upper->name : "unknown",
1693 upper ? sppp_state_name(sp->scp[upper->protoidx].state) : "?");
1694 }
1695
1696 /*
1697 * if we got RXJ+ against conf-req, the peer does not implement
1698 * this particular protocol type. terminate the protocol.
1699 */
1700 if (upper && !catastrophic) {
1701 if (sp->scp[upper->protoidx].state == STATE_REQ_SENT) {
1702 sppp_wq_add(sp->wq_cp,
1703 &sp->scp[upper->protoidx].work_close);
1704 break;
1705 }
1706 }
1707 sppp_wq_add(sp->wq_cp, &scp->work_rxj);
1708 break;
1709 }
1710 case DISC_REQ:
1711 if (cp->proto != PPP_LCP)
1712 goto illegal;
1713 /* Discard the packet. */
1714 break;
1715 case ECHO_REQ:
1716 if (cp->proto != PPP_LCP)
1717 goto illegal;
1718 if (scp->state != STATE_OPENED) {
1719 SPPP_DLOG(sp, "lcp echo req but lcp closed\n");
1720 if_statinc(ifp, if_ierrors);
1721 break;
1722 }
1723 if (len < 8) {
1724 SPPP_DLOG(sp, "invalid lcp echo request "
1725 "packet length: %d bytes\n", len);
1726 break;
1727 }
1728 memcpy(&u32, h + 1, sizeof u32);
1729 if (ntohl(u32) == sp->lcp.magic) {
1730 /* Line loopback mode detected. */
1731 SPPP_DLOG(sp, "loopback\n");
1732
1733 if (sp->pp_flags & PP_LOOPBACK_IFDOWN) {
1734 sp->pp_flags |= PP_LOOPBACK;
1735 sppp_wq_add(sp->wq_cp,
1736 &sp->work_ifdown);
1737 }
1738
1739 /* Shut down the PPP link. */
1740 sppp_wq_add(sp->wq_cp,
1741 &sp->scp[IDX_LCP].work_close);
1742 sppp_wq_add(sp->wq_cp,
1743 &sp->scp[IDX_LCP].work_open);
1744 break;
1745 }
1746 u32 = htonl(sp->lcp.magic);
1747 memcpy(h + 1, &u32, sizeof u32);
1748 SPPP_DLOG(sp, "got lcp echo req, sending echo rep\n");
1749 sppp_cp_send(sp, PPP_LCP, ECHO_REPLY, h->ident, len - 4,
1750 h + 1);
1751 break;
1752 case ECHO_REPLY:
1753 if (cp->proto != PPP_LCP)
1754 goto illegal;
1755 if (h->ident != sp->lcp.echoid) {
1756 if_statinc(ifp, if_ierrors);
1757 break;
1758 }
1759 if (len < 8) {
1760 SPPP_DLOG(sp, "lcp invalid echo reply "
1761 "packet length: %d bytes\n", len);
1762 break;
1763 }
1764 SPPP_DLOG(sp, "lcp got echo rep\n");
1765 memcpy(&u32, h + 1, sizeof u32);
1766 if (ntohl(u32) != sp->lcp.magic)
1767 sp->pp_alivecnt = 0;
1768 break;
1769 default:
1770 /* Unknown packet type -- send Code-Reject packet. */
1771 illegal:
1772 SPPP_DLOG(sp, "%s send code-rej for 0x%x\n",
1773 cp->name, h->type);
1774 sppp_cp_send(sp, cp->proto, CODE_REJ,
1775 ++scp->seq, m->m_pkthdr.len, h);
1776 if_statinc(ifp, if_ierrors);
1777 }
1778
1779 out:
1780 SPPP_UNLOCK(sp);
1781 if (m != NULL)
1782 m_freem(m);
1783 }
1784
1785 /*
1786 * The generic part of all Up/Down/Open/Close/TO event handlers.
1787 * Basically, the state transition handling in the automaton.
1788 */
1789 static void
1790 sppp_up_event(struct sppp *sp, void *xcp)
1791 {
1792 const struct cp *cp = xcp;
1793
1794 KASSERT(SPPP_WLOCKED(sp));
1795 KASSERT(!cpu_softintr_p());
1796
1797 if ((cp->flags & CP_AUTH) != 0 &&
1798 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE)
1799 return;
1800
1801 SPPP_DLOG(sp, "%s up(%s)\n", cp->name,
1802 sppp_state_name(sp->scp[cp->protoidx].state));
1803
1804 switch (sp->scp[cp->protoidx].state) {
1805 case STATE_INITIAL:
1806 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1807 break;
1808 case STATE_STARTING:
1809 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure;
1810 (cp->scr)(sp);
1811 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1812 break;
1813 default:
1814 SPPP_LOG(sp, LOG_DEBUG,
1815 "%s illegal up in state %s\n", cp->name,
1816 sppp_state_name(sp->scp[cp->protoidx].state));
1817 }
1818 }
1819
1820 static void
1821 sppp_down_event(struct sppp *sp, void *xcp)
1822 {
1823 const struct cp *cp = xcp;
1824
1825 KASSERT(SPPP_WLOCKED(sp));
1826 KASSERT(!cpu_softintr_p());
1827
1828 if ((cp->flags & CP_AUTH) != 0 &&
1829 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE)
1830 return;
1831
1832 SPPP_DLOG(sp, "%s down(%s)\n", cp->name,
1833 sppp_state_name(sp->scp[cp->protoidx].state));
1834
1835 switch (sp->scp[cp->protoidx].state) {
1836 case STATE_CLOSED:
1837 case STATE_CLOSING:
1838 sppp_cp_change_state(cp, sp, STATE_INITIAL);
1839 break;
1840 case STATE_STOPPED:
1841 (cp->tls)(cp, sp);
1842 /* fall through */
1843 case STATE_STOPPING:
1844 case STATE_REQ_SENT:
1845 case STATE_ACK_RCVD:
1846 case STATE_ACK_SENT:
1847 sppp_cp_change_state(cp, sp, STATE_STARTING);
1848 break;
1849 case STATE_OPENED:
1850 (cp->tld)(sp);
1851 sppp_cp_change_state(cp, sp, STATE_STARTING);
1852 break;
1853 default:
1854 /*
1855 * a down event may be caused regardless
1856 * of state just in LCP case.
1857 */
1858 if (cp->proto == PPP_LCP)
1859 break;
1860
1861 SPPP_LOG(sp, LOG_DEBUG,
1862 "%s illegal down in state %s\n", cp->name,
1863 sppp_state_name(sp->scp[cp->protoidx].state));
1864 }
1865 }
1866
1867 static void
1868 sppp_open_event(struct sppp *sp, void *xcp)
1869 {
1870 const struct cp *cp = xcp;
1871
1872 KASSERT(SPPP_WLOCKED(sp));
1873 KASSERT(!cpu_softintr_p());
1874
1875 if ((cp->flags & CP_AUTH) != 0 &&
1876 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE)
1877 return;
1878
1879 SPPP_DLOG(sp, "%s open(%s)\n", cp->name,
1880 sppp_state_name(sp->scp[cp->protoidx].state));
1881
1882 switch (sp->scp[cp->protoidx].state) {
1883 case STATE_INITIAL:
1884 sppp_cp_change_state(cp, sp, STATE_STARTING);
1885 (cp->tls)(cp, sp);
1886 break;
1887 case STATE_STARTING:
1888 break;
1889 case STATE_CLOSED:
1890 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure;
1891 sp->lcp.protos |= (1 << cp->protoidx);
1892 (cp->scr)(sp);
1893 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1894 break;
1895 case STATE_STOPPED:
1896 case STATE_STOPPING:
1897 case STATE_REQ_SENT:
1898 case STATE_ACK_RCVD:
1899 case STATE_ACK_SENT:
1900 case STATE_OPENED:
1901 break;
1902 case STATE_CLOSING:
1903 sppp_cp_change_state(cp, sp, STATE_STOPPING);
1904 break;
1905 }
1906 }
1907
1908 static void
1909 sppp_close_event(struct sppp *sp, void *xcp)
1910 {
1911 const struct cp *cp = xcp;
1912
1913 KASSERT(SPPP_WLOCKED(sp));
1914 KASSERT(!cpu_softintr_p());
1915
1916 if ((cp->flags & CP_AUTH) != 0 &&
1917 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE)
1918 return;
1919
1920 SPPP_DLOG(sp, "%s close(%s)\n", cp->name,
1921 sppp_state_name(sp->scp[cp->protoidx].state));
1922
1923 switch (sp->scp[cp->protoidx].state) {
1924 case STATE_INITIAL:
1925 case STATE_CLOSED:
1926 case STATE_CLOSING:
1927 break;
1928 case STATE_STARTING:
1929 sppp_cp_change_state(cp, sp, STATE_INITIAL);
1930 (cp->tlf)(cp, sp);
1931 break;
1932 case STATE_STOPPED:
1933 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1934 break;
1935 case STATE_STOPPING:
1936 sppp_cp_change_state(cp, sp, STATE_CLOSING);
1937 break;
1938 case STATE_OPENED:
1939 (cp->tld)(sp);
1940 /* fall through */
1941 case STATE_REQ_SENT:
1942 case STATE_ACK_RCVD:
1943 case STATE_ACK_SENT:
1944 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_terminate;
1945 if ((cp->flags & CP_AUTH) == 0) {
1946 sppp_cp_send(sp, cp->proto, TERM_REQ,
1947 ++sp->scp[cp->protoidx].seq, 0, 0);
1948 }
1949 sppp_cp_change_state(cp, sp, STATE_CLOSING);
1950 break;
1951 }
1952 }
1953
1954 static void
1955 sppp_to_event(struct sppp *sp, void *xcp)
1956 {
1957 const struct cp *cp = xcp;
1958 int s;
1959
1960 KASSERT(SPPP_WLOCKED(sp));
1961 KASSERT(!cpu_softintr_p());
1962
1963 s = splnet();
1964
1965 SPPP_DLOG(sp, "%s TO(%s) rst_counter = %d\n", cp->name,
1966 sppp_state_name(sp->scp[cp->protoidx].state),
1967 sp->scp[cp->protoidx].rst_counter);
1968
1969 if (--sp->scp[cp->protoidx].rst_counter < 0)
1970 /* TO- event */
1971 switch (sp->scp[cp->protoidx].state) {
1972 case STATE_CLOSING:
1973 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1974 (cp->tlf)(cp, sp);
1975 break;
1976 case STATE_STOPPING:
1977 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1978 (cp->tlf)(cp, sp);
1979 break;
1980 case STATE_REQ_SENT:
1981 case STATE_ACK_RCVD:
1982 case STATE_ACK_SENT:
1983 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1984 (cp->tlf)(cp, sp);
1985 break;
1986 }
1987 else
1988 /* TO+ event */
1989 switch (sp->scp[cp->protoidx].state) {
1990 case STATE_CLOSING:
1991 case STATE_STOPPING:
1992 if ((cp->flags & CP_AUTH) == 0) {
1993 sppp_cp_send(sp, cp->proto, TERM_REQ,
1994 ++sp->scp[cp->protoidx].seq, 0, 0);
1995 }
1996 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout);
1997 break;
1998 case STATE_REQ_SENT:
1999 case STATE_ACK_RCVD:
2000 (cp->scr)(sp);
2001 /* sppp_cp_change_state() will restart the timer */
2002 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
2003 break;
2004 case STATE_ACK_SENT:
2005 (cp->scr)(sp);
2006 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout);
2007 break;
2008 }
2009
2010 splx(s);
2011 }
2012 static void
2013 sppp_rcr_update_state(const struct cp *cp, struct sppp *sp,
2014 enum cp_rcr_type type, uint8_t ident, size_t msglen, void *msg)
2015 {
2016 struct ifnet *ifp;
2017 u_char ctype;
2018
2019 ifp = &sp->pp_if;
2020
2021 if (type == CP_RCR_ERR) {
2022 /* parse error, shut down */
2023 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close);
2024 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open);
2025 } else if (type == CP_RCR_ACK) {
2026 /* RCR+ event */
2027 ctype = CONF_ACK;
2028 switch (sp->scp[cp->protoidx].state) {
2029 case STATE_OPENED:
2030 sppp_cp_change_state(cp, sp, STATE_ACK_SENT);
2031 cp->tld(sp);
2032 cp->scr(sp);
2033 cp->screply(cp, sp, ctype, ident, msglen, msg);
2034 break;
2035 case STATE_REQ_SENT:
2036 sppp_cp_change_state(cp, sp, STATE_ACK_SENT);
2037 /* fall through */
2038 case STATE_ACK_SENT:
2039 cp->screply(cp, sp, ctype, ident, msglen, msg);
2040 break;
2041 case STATE_STOPPED:
2042 sppp_cp_change_state(cp, sp, STATE_ACK_SENT);
2043 cp->scr(sp);
2044 cp->screply(cp, sp, ctype, ident, msglen, msg);
2045 break;
2046 case STATE_ACK_RCVD:
2047 sppp_cp_change_state(cp, sp, STATE_OPENED);
2048 SPPP_DLOG(sp, "%s tlu\n", cp->name);
2049 cp->tlu(sp);
2050 cp->screply(cp, sp, ctype, ident, msglen, msg);
2051 break;
2052 case STATE_CLOSING:
2053 case STATE_STOPPING:
2054 break;
2055 case STATE_CLOSED:
2056 if ((cp->flags & CP_AUTH) == 0) {
2057 sppp_cp_send(sp, cp->proto, TERM_ACK,
2058 ident, 0, 0);
2059 }
2060 break;
2061 default:
2062 SPPP_LOG(sp, LOG_DEBUG,
2063 "%s illegal RCR+ in state %s\n", cp->name,
2064 sppp_state_name(sp->scp[cp->protoidx].state));
2065 if_statinc(ifp, if_ierrors);
2066 }
2067 } else if (type == CP_RCR_NAK || type == CP_RCR_REJ) {
2068 ctype = type == CP_RCR_NAK ? CONF_NAK : CONF_REJ;
2069 /* RCR- event */
2070 switch (sp->scp[cp->protoidx].state) {
2071 case STATE_OPENED:
2072 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
2073 cp->tld(sp);
2074 cp->scr(sp);
2075 cp->screply(cp, sp, ctype, ident, msglen, msg);
2076 break;
2077 case STATE_ACK_SENT:
2078 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
2079 /* fall through */
2080 case STATE_REQ_SENT:
2081 cp->screply(cp, sp, ctype, ident, msglen, msg);
2082 break;
2083 case STATE_STOPPED:
2084 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
2085 cp->scr(sp);
2086 cp->screply(cp, sp, ctype, ident, msglen, msg);
2087 break;
2088 case STATE_ACK_RCVD:
2089 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
2090 cp->screply(cp, sp, ctype, ident, msglen, msg);
2091 break;
2092 case STATE_CLOSING:
2093 case STATE_STOPPING:
2094 break;
2095 case STATE_CLOSED:
2096 sppp_cp_change_state(cp, sp, STATE_CLOSED);
2097 if ((cp->flags & CP_AUTH) == 0) {
2098 sppp_cp_send(sp, cp->proto, TERM_ACK,
2099 ident, 0, 0);
2100 }
2101 break;
2102 default:
2103 SPPP_LOG(sp, LOG_DEBUG,
2104 "%s illegal RCR- in state %s\n", cp->name,
2105 sppp_state_name(sp->scp[cp->protoidx].state));
2106 if_statinc(ifp, if_ierrors);
2107 }
2108 }
2109 }
2110
2111 static void
2112 sppp_rcr_event(struct sppp *sp, void *xcp)
2113 {
2114 const struct cp *cp = xcp;
2115 struct sppp_cp *scp;
2116 struct lcp_header *h;
2117 struct mbuf *m;
2118 enum cp_rcr_type type;
2119 size_t len;
2120 uint8_t *buf;
2121 size_t blen, rlen;
2122 uint8_t ident;
2123
2124 KASSERT(!cpu_softintr_p());
2125
2126 scp = &sp->scp[cp->protoidx];
2127
2128 if (cp->parse_confreq != NULL) {
2129 m = scp->mbuf_confreq;
2130 if (m == NULL)
2131 return;
2132 scp->mbuf_confreq = NULL;
2133
2134 h = mtod(m, struct lcp_header *);
2135 if (h->type != CONF_REQ) {
2136 m_freem(m);
2137 return;
2138 }
2139
2140 ident = h->ident;
2141 len = MIN(m->m_pkthdr.len, ntohs(h->len));
2142
2143 type = (cp->parse_confreq)(sp, h, len,
2144 &buf, &blen, &rlen);
2145 m_freem(m);
2146 } else {
2147 /* mbuf_cofreq is already parsed and freed */
2148 type = scp->rcr_type;
2149 ident = scp->rconfid;
2150 buf = NULL;
2151 blen = rlen = 0;
2152 }
2153
2154 sppp_rcr_update_state(cp, sp, type, ident, rlen, (void *)buf);
2155
2156 if (buf != NULL)
2157 kmem_free(buf, blen);
2158 }
2159
2160 static void
2161 sppp_rca_event(struct sppp *sp, void *xcp)
2162 {
2163 struct ifnet *ifp;
2164 const struct cp *cp = xcp;
2165
2166 KASSERT(!cpu_softintr_p());
2167
2168 ifp = &sp->pp_if;
2169
2170 switch (sp->scp[cp->protoidx].state) {
2171 case STATE_CLOSED:
2172 case STATE_STOPPED:
2173 if ((cp->flags & CP_AUTH) == 0) {
2174 sppp_cp_send(sp, cp->proto, TERM_ACK,
2175 sp->scp[cp->protoidx].rconfid, 0, 0);
2176 }
2177 break;
2178 case STATE_CLOSING:
2179 case STATE_STOPPING:
2180 break;
2181 case STATE_REQ_SENT:
2182 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure;
2183 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
2184 break;
2185 case STATE_OPENED:
2186 (cp->tld)(sp);
2187 /* fall through */
2188 case STATE_ACK_RCVD:
2189 (cp->scr)(sp);
2190 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
2191 break;
2192 case STATE_ACK_SENT:
2193 sppp_cp_change_state(cp, sp, STATE_OPENED);
2194 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure;
2195 SPPP_DLOG(sp, "%s tlu\n", cp->name);
2196 (cp->tlu)(sp);
2197 break;
2198 default:
2199 SPPP_LOG(sp, LOG_DEBUG,
2200 "%s illegal RCA in state %s\n", cp->name,
2201 sppp_state_name(sp->scp[cp->protoidx].state));
2202 if_statinc(ifp, if_ierrors);
2203 }
2204 }
2205
2206 static void
2207 sppp_rcn_event(struct sppp *sp, void *xcp)
2208 {
2209 const struct cp *cp = xcp;
2210 struct sppp_cp *scp;
2211 struct lcp_header *h;
2212 struct mbuf *m;
2213 struct ifnet *ifp = &sp->pp_if;
2214 size_t len;
2215
2216 KASSERT(!cpu_softintr_p());
2217
2218 scp = &sp->scp[cp->protoidx];
2219 m = scp->mbuf_confnak;
2220 if (m == NULL)
2221 return;
2222 scp->mbuf_confnak = NULL;
2223
2224 h = mtod(m, struct lcp_header *);
2225 len = MIN(m->m_pkthdr.len, ntohs(h->len));
2226
2227 switch (h->type) {
2228 case CONF_NAK:
2229 (cp->parse_confnak)(sp, h, len);
2230 break;
2231 case CONF_REJ:
2232 (cp->parse_confrej)(sp, h, len);
2233 break;
2234 default:
2235 m_freem(m);
2236 return;
2237 }
2238
2239 m_freem(m);
2240
2241 switch (scp->state) {
2242 case STATE_CLOSED:
2243 case STATE_STOPPED:
2244 if ((cp->flags & CP_AUTH) == 0) {
2245 sppp_cp_send(sp, cp->proto, TERM_ACK,
2246 scp->rconfid, 0, 0);
2247 }
2248 break;
2249 case STATE_REQ_SENT:
2250 case STATE_ACK_SENT:
2251 scp->rst_counter = sp->lcp.max_configure;
2252 (cp->scr)(sp);
2253 break;
2254 case STATE_OPENED:
2255 (cp->tld)(sp);
2256 /* fall through */
2257 case STATE_ACK_RCVD:
2258 sppp_cp_change_state(cp, sp, STATE_ACK_SENT);
2259 (cp->scr)(sp);
2260 break;
2261 case STATE_CLOSING:
2262 case STATE_STOPPING:
2263 break;
2264 default:
2265 SPPP_LOG(sp, LOG_DEBUG, "%s illegal RCN in state %s\n",
2266 cp->name, sppp_state_name(scp->state));
2267 if_statinc(ifp, if_ierrors);
2268 }
2269 }
2270
2271 static void
2272 sppp_rtr_event(struct sppp *sp, void *xcp)
2273 {
2274 struct ifnet *ifp;
2275 const struct cp *cp = xcp;
2276
2277 KASSERT(!cpu_softintr_p());
2278
2279 ifp = &sp->pp_if;
2280
2281 switch (sp->scp[cp->protoidx].state) {
2282 case STATE_ACK_RCVD:
2283 case STATE_ACK_SENT:
2284 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
2285 break;
2286 case STATE_CLOSED:
2287 case STATE_STOPPED:
2288 case STATE_CLOSING:
2289 case STATE_STOPPING:
2290 case STATE_REQ_SENT:
2291 break;
2292 case STATE_OPENED:
2293 (cp->tld)(sp);
2294 sp->scp[cp->protoidx].rst_counter = 0;
2295 sppp_cp_change_state(cp, sp, STATE_STOPPING);
2296 break;
2297 default:
2298 SPPP_LOG(sp, LOG_DEBUG, "%s illegal RTR in state %s\n",
2299 cp->name,
2300 sppp_state_name(sp->scp[cp->protoidx].state));
2301 if_statinc(ifp, if_ierrors);
2302 return;
2303 }
2304
2305 /* Send Terminate-Ack packet. */
2306 SPPP_DLOG(sp, "%s send terminate-ack\n", cp->name);
2307 if ((cp->flags & CP_AUTH) == 0) {
2308 sppp_cp_send(sp, cp->proto, TERM_ACK,
2309 sp->scp[cp->protoidx].rseq, 0, 0);
2310 }
2311 }
2312
2313 static void
2314 sppp_rta_event(struct sppp *sp, void *xcp)
2315 {
2316 const struct cp *cp = xcp;
2317 struct ifnet *ifp = &sp->pp_if;
2318
2319 KASSERT(!cpu_softintr_p());
2320
2321 switch (sp->scp[cp->protoidx].state) {
2322 case STATE_CLOSED:
2323 case STATE_STOPPED:
2324 case STATE_REQ_SENT:
2325 case STATE_ACK_SENT:
2326 break;
2327 case STATE_CLOSING:
2328 sppp_cp_change_state(cp, sp, STATE_CLOSED);
2329 (cp->tlf)(cp, sp);
2330 break;
2331 case STATE_STOPPING:
2332 sppp_cp_change_state(cp, sp, STATE_STOPPED);
2333 (cp->tlf)(cp, sp);
2334 break;
2335 case STATE_ACK_RCVD:
2336 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
2337 break;
2338 case STATE_OPENED:
2339 (cp->tld)(sp);
2340 (cp->scr)(sp);
2341 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
2342 break;
2343 default:
2344 SPPP_LOG(sp, LOG_DEBUG, "%s illegal RTA in state %s\n",
2345 cp->name, sppp_state_name(sp->scp[cp->protoidx].state));
2346 if_statinc(ifp, if_ierrors);
2347 }
2348 }
2349
2350 static void
2351 sppp_rxj_event(struct sppp *sp, void *xcp)
2352 {
2353 const struct cp *cp = xcp;
2354 struct ifnet *ifp = &sp->pp_if;
2355
2356 KASSERT(!cpu_softintr_p());
2357
2358 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */
2359 switch (sp->scp[cp->protoidx].state) {
2360 case STATE_CLOSED:
2361 case STATE_STOPPED:
2362 case STATE_REQ_SENT:
2363 case STATE_ACK_SENT:
2364 case STATE_CLOSING:
2365 case STATE_STOPPING:
2366 case STATE_OPENED:
2367 break;
2368 case STATE_ACK_RCVD:
2369 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
2370 break;
2371 default:
2372 SPPP_LOG(sp, LOG_DEBUG, "%s illegal RXJ- in state %s\n",
2373 cp->name, sppp_state_name(sp->scp[cp->protoidx].state));
2374 if_statinc(ifp, if_ierrors);
2375 }
2376 }
2377
2378 /*
2379 * Change the state of a control protocol in the state automaton.
2380 * Takes care of starting/stopping the restart timer.
2381 */
2382 void
2383 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate)
2384 {
2385
2386 KASSERT(SPPP_WLOCKED(sp));
2387
2388 sp->scp[cp->protoidx].state = newstate;
2389 callout_stop(&sp->scp[cp->protoidx].ch);
2390 switch (newstate) {
2391 case STATE_INITIAL:
2392 case STATE_STARTING:
2393 case STATE_CLOSED:
2394 case STATE_STOPPED:
2395 case STATE_OPENED:
2396 break;
2397 case STATE_CLOSING:
2398 case STATE_STOPPING:
2399 case STATE_REQ_SENT:
2400 case STATE_ACK_RCVD:
2401 case STATE_ACK_SENT:
2402 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout);
2403 break;
2404 }
2405 }
2406
2407 /*
2408 *--------------------------------------------------------------------------*
2409 * *
2410 * The LCP implementation. *
2411 * *
2412 *--------------------------------------------------------------------------*
2413 */
2414 static void
2415 sppp_lcp_init(struct sppp *sp)
2416 {
2417
2418 KASSERT(SPPP_WLOCKED(sp));
2419
2420 sppp_cp_init(&lcp, sp);
2421
2422 SET(sp->lcp.opts, SPPP_LCP_OPT_MAGIC);
2423 sp->lcp.magic = 0;
2424 sp->lcp.protos = 0;
2425 sp->lcp.max_terminate = 2;
2426 sp->lcp.max_configure = 10;
2427 sp->lcp.max_failure = 10;
2428 sp->lcp.tlf_sent = false;
2429
2430 /*
2431 * Initialize counters and timeout values. Note that we don't
2432 * use the 3 seconds suggested in RFC 1661 since we are likely
2433 * running on a fast link. XXX We should probably implement
2434 * the exponential backoff option. Note that these values are
2435 * relevant for all control protocols, not just LCP only.
2436 */
2437 sp->lcp.timeout = 1 * hz;
2438 }
2439
2440 static void
2441 sppp_lcp_up(struct sppp *sp, void *xcp)
2442 {
2443 struct ifnet *ifp;
2444 const struct cp *cp = xcp;
2445 int pidx;
2446
2447 KASSERT(SPPP_WLOCKED(sp));
2448 ifp = &sp->pp_if;
2449
2450 pidx = cp->protoidx;
2451 /* Initialize activity timestamp: opening a connection is an activity */
2452 sp->pp_last_receive = sp->pp_last_activity = time_uptime;
2453
2454 /*
2455 * If this interface is passive or dial-on-demand, and we are
2456 * still in Initial state, it means we've got an incoming
2457 * call. Activate the interface.
2458 */
2459 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) {
2460 ifp->if_flags |= IFF_RUNNING;
2461 if (sp->scp[pidx].state == STATE_INITIAL) {
2462 SPPP_DLOG(sp, "Up event (incoming call)\n");
2463 sp->pp_flags |= PP_CALLIN;
2464 sppp_wq_add(sp->wq_cp, &sp->scp[pidx].work_open);
2465 } else {
2466 SPPP_DLOG(sp, "Up event\n");
2467 }
2468 }
2469
2470 sppp_up_event(sp, xcp);
2471 }
2472
2473 static void
2474 sppp_lcp_down(struct sppp *sp, void *xcp)
2475 {
2476 const struct cp *cp = xcp;
2477 struct ifnet *ifp;
2478 int pidx;
2479
2480 KASSERT(SPPP_WLOCKED(sp));
2481 KASSERT(!cpu_softintr_p());
2482
2483 ifp = &sp->pp_if;
2484 pidx = cp->protoidx;
2485 sppp_down_event(sp, xcp);
2486
2487 /*
2488 * We need to do tls to restart when a down event is caused
2489 * by the last tlf.
2490 */
2491 if (sp->scp[pidx].state == STATE_STARTING &&
2492 sp->lcp.tlf_sent) {
2493 cp->tls(cp, sp);
2494 sp->lcp.tlf_sent = false;
2495 }
2496
2497 SPPP_DLOG(sp, "Down event (carrier loss)\n");
2498
2499 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) {
2500 if (sp->lcp.reestablish)
2501 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open);
2502 } else {
2503 sp->pp_flags &= ~PP_CALLIN;
2504 if (sp->scp[pidx].state != STATE_INITIAL)
2505 sppp_wq_add(sp->wq_cp, &sp->scp[pidx].work_close);
2506 ifp->if_flags &= ~IFF_RUNNING;
2507 }
2508 sp->scp[pidx].fail_counter = 0;
2509 }
2510
2511 static void
2512 sppp_lcp_open(struct sppp *sp, void *xcp)
2513 {
2514
2515 KASSERT(SPPP_WLOCKED(sp));
2516 KASSERT(!cpu_softintr_p());
2517
2518 sp->lcp.reestablish = false;
2519 sp->scp[IDX_LCP].fail_counter = 0;
2520
2521 /* the interface was down while waiting for reconnection */
2522 if ((sp->pp_flags & PP_ADMIN_UP) == 0)
2523 return;
2524
2525 if (sp->pp_if.if_mtu < PP_MTU) {
2526 sp->lcp.mru = sp->pp_if.if_mtu;
2527 SET(sp->lcp.opts, SPPP_LCP_OPT_MRU);
2528 } else {
2529 sp->lcp.mru = PP_MTU;
2530 }
2531 sp->lcp.their_mru = PP_MTU;
2532
2533 /*
2534 * If we are authenticator, negotiate LCP_AUTH
2535 */
2536 if (sp->hisauth.proto != PPP_NOPROTO)
2537 SET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO);
2538 else
2539 CLR(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO);
2540 sp->pp_flags &= ~PP_NEEDAUTH;
2541 sppp_open_event(sp, xcp);
2542 }
2543
2544
2545 /*
2546 * Analyze a configure request. Return true if it was agreeable, and
2547 * caused action sca, false if it has been rejected or nak'ed, and
2548 * caused action scn. (The return value is used to make the state
2549 * transition decision in the state automaton.)
2550 */
2551 static enum cp_rcr_type
2552 sppp_lcp_confreq(struct sppp *sp, struct lcp_header *h, int origlen,
2553 uint8_t **msgbuf, size_t *buflen, size_t *msglen)
2554 {
2555 u_char *buf, *r, *p, l, blen;
2556 enum cp_rcr_type type;
2557 int len, rlen;
2558 uint32_t nmagic;
2559 u_short authproto;
2560 char lbuf[SPPP_LCPOPT_NAMELEN];
2561 bool debug;
2562
2563 KASSERT(SPPP_WLOCKED(sp));
2564
2565 debug = sppp_debug_enabled(sp);
2566
2567 if (origlen < sizeof(*h))
2568 return CP_RCR_DROP;
2569
2570 origlen -= sizeof(*h);
2571 type = CP_RCR_NONE;
2572 type = 0;
2573
2574 if (origlen <= 0)
2575 return CP_RCR_DROP;
2576 else
2577 blen = origlen;
2578
2579 buf = kmem_intr_alloc(blen, KM_NOSLEEP);
2580 if (buf == NULL)
2581 return CP_RCR_DROP;
2582
2583 if (debug)
2584 SPPP_LOG(sp, LOG_DEBUG, "lcp parse opts:");
2585
2586 /* pass 1: check for things that need to be rejected */
2587 p = (void *)(h + 1);
2588 r = buf;
2589 rlen = 0;
2590 for (len = origlen; len > 1; len-= l, p += l) {
2591 l = p[1];
2592 if (l == 0)
2593 break;
2594
2595 /* Sanity check option length */
2596 if (l > len) {
2597 /*
2598 * Malicious option - drop immediately.
2599 * XXX Maybe we should just RXJ it?
2600 */
2601 if (debug)
2602 addlog("\n");
2603
2604 SPPP_LOG(sp, LOG_DEBUG,
2605 "received malicious LCP option 0x%02x, "
2606 "length 0x%02x, (len: 0x%02x) dropping.\n",
2607 p[0], l, len);
2608 type = CP_RCR_ERR;
2609 goto end;
2610 }
2611 if (debug)
2612 addlog(" %s", sppp_lcp_opt_name(lbuf, sizeof(lbuf), *p));
2613 switch (p[0]) {
2614 case LCP_OPT_MAGIC:
2615 /* Magic number. */
2616 /* fall through, both are same length */
2617 case LCP_OPT_ASYNC_MAP:
2618 /* Async control character map. */
2619 if (len >= 6 || l == 6)
2620 continue;
2621 if (debug)
2622 addlog(" [invalid]");
2623 break;
2624 case LCP_OPT_MP_EID:
2625 if (len >= l && l >= 3) {
2626 switch (p[2]) {
2627 case 0: if (l==3+ 0) continue;break;
2628 case 2: if (l==3+ 4) continue;break;
2629 case 3: if (l==3+ 6) continue;break;
2630 case 6: if (l==3+16) continue;break;
2631 case 1: /* FALLTHROUGH */
2632 case 4: if (l<=3+20) continue;break;
2633 case 5: if (l<=3+15) continue;break;
2634 /* XXX should it be default: continue;? */
2635 }
2636 }
2637 if (debug)
2638 addlog(" [invalid class %d len %d]", p[2], l);
2639 break;
2640 case LCP_OPT_MP_SSNHF:
2641 if (len >= 2 && l == 2) {
2642 if (debug)
2643 addlog(" [rej]");
2644 break;
2645 }
2646 if (debug)
2647 addlog(" [invalid]");
2648 break;
2649 case LCP_OPT_MP_MRRU:
2650 /* Multilink maximum received reconstructed unit */
2651 /* should be fall through, both are same length */
2652 /* FALLTHROUGH */
2653 case LCP_OPT_MRU:
2654 /* Maximum receive unit. */
2655 if (len >= 4 && l == 4)
2656 continue;
2657 if (debug)
2658 addlog(" [invalid]");
2659 break;
2660 case LCP_OPT_AUTH_PROTO:
2661 if (len < 4) {
2662 if (debug)
2663 addlog(" [invalid]");
2664 break;
2665 }
2666 authproto = (p[2] << 8) + p[3];
2667 if (authproto == PPP_CHAP && l != 5) {
2668 if (debug)
2669 addlog(" [invalid chap len]");
2670 break;
2671 }
2672 if (ISSET(sp->myauth.flags, SPPP_AUTHFLAG_PASSIVEAUTHPROTO)) {
2673 if (authproto == PPP_PAP || authproto == PPP_CHAP)
2674 sp->myauth.proto = authproto;
2675 }
2676 if (sp->myauth.proto == PPP_NOPROTO) {
2677 /* we are not configured to do auth */
2678 if (debug)
2679 addlog(" [not configured]");
2680 break;
2681 }
2682 /*
2683 * Remote want us to authenticate, remember this,
2684 * so we stay in SPPP_PHASE_AUTHENTICATE after LCP got
2685 * up.
2686 */
2687 sp->pp_flags |= PP_NEEDAUTH;
2688 continue;
2689 default:
2690 /* Others not supported. */
2691 if (debug)
2692 addlog(" [rej]");
2693 break;
2694 }
2695 if (rlen + l > blen) {
2696 if (debug)
2697 addlog(" [overflow]");
2698 continue;
2699 }
2700 /* Add the option to rejected list. */
2701 memcpy(r, p, l);
2702 r += l;
2703 rlen += l;
2704 }
2705
2706 if (rlen > 0) {
2707 type = CP_RCR_REJ;
2708 goto end;
2709 }
2710
2711 if (debug)
2712 addlog("\n");
2713
2714 /*
2715 * pass 2: check for option values that are unacceptable and
2716 * thus require to be nak'ed.
2717 */
2718 if (debug)
2719 SPPP_LOG(sp, LOG_DEBUG, "lcp parse opt values:");
2720
2721 p = (void *)(h + 1);
2722 r = buf;
2723 rlen = 0;
2724 for (len = origlen; len > 0; len -= l, p += l) {
2725 l = p[1];
2726 if (l == 0)
2727 break;
2728
2729 if (debug)
2730 addlog(" %s", sppp_lcp_opt_name(lbuf, sizeof(lbuf), *p));
2731 switch (p[0]) {
2732 case LCP_OPT_MAGIC:
2733 /* Magic number -- extract. */
2734 nmagic = (uint32_t)p[2] << 24 |
2735 (uint32_t)p[3] << 16 | p[4] << 8 | p[5];
2736 if (nmagic != sp->lcp.magic) {
2737 if (debug)
2738 addlog(" 0x%x", nmagic);
2739 continue;
2740 }
2741 /*
2742 * Local and remote magics equal -- loopback?
2743 */
2744 if (sp->pp_loopcnt >= LOOPALIVECNT*5) {
2745 SPPP_DLOG(sp, "loopback\n");
2746 sp->pp_loopcnt = 0;
2747
2748 if (sp->pp_flags & PP_LOOPBACK_IFDOWN) {
2749 sp->pp_flags |= PP_LOOPBACK;
2750 sppp_wq_add(sp->wq_cp,
2751 &sp->work_ifdown);
2752 }
2753
2754 sppp_wq_add(sp->wq_cp,
2755 &sp->scp[IDX_LCP].work_close);
2756 sppp_wq_add(sp->wq_cp,
2757 &sp->scp[IDX_LCP].work_open);
2758 } else {
2759 if (debug)
2760 addlog(" [glitch]");
2761 ++sp->pp_loopcnt;
2762 }
2763 /*
2764 * We negate our magic here, and NAK it. If
2765 * we see it later in an NAK packet, we
2766 * suggest a new one.
2767 */
2768 nmagic = ~sp->lcp.magic;
2769 /* Gonna NAK it. */
2770 p[2] = nmagic >> 24;
2771 p[3] = nmagic >> 16;
2772 p[4] = nmagic >> 8;
2773 p[5] = nmagic;
2774 break;
2775
2776 case LCP_OPT_ASYNC_MAP:
2777 /*
2778 * Async control character map -- just ignore it.
2779 *
2780 * Quote from RFC 1662, chapter 6:
2781 * To enable this functionality, synchronous PPP
2782 * implementations MUST always respond to the
2783 * Async-Control-Character-Map Configuration
2784 * Option with the LCP Configure-Ack. However,
2785 * acceptance of the Configuration Option does
2786 * not imply that the synchronous implementation
2787 * will do any ACCM mapping. Instead, all such
2788 * octet mapping will be performed by the
2789 * asynchronous-to-synchronous converter.
2790 */
2791 continue;
2792
2793 case LCP_OPT_MRU:
2794 /*
2795 * Maximum receive unit. Always agreeable,
2796 * but ignored by now.
2797 */
2798 sp->lcp.their_mru = p[2] * 256 + p[3];
2799 if (debug)
2800 addlog(" %ld", sp->lcp.their_mru);
2801 continue;
2802
2803 case LCP_OPT_AUTH_PROTO:
2804 authproto = (p[2] << 8) + p[3];
2805 if (ISSET(sp->myauth.flags, SPPP_AUTHFLAG_PASSIVEAUTHPROTO)) {
2806 if (authproto == PPP_PAP || authproto == PPP_CHAP)
2807 sp->myauth.proto = authproto;
2808 }
2809 if (sp->myauth.proto == authproto) {
2810 if (authproto != PPP_CHAP || p[4] == CHAP_MD5) {
2811 continue;
2812 }
2813 if (debug)
2814 addlog(" [chap without MD5]");
2815 } else {
2816 if (debug) {
2817 char pbuf1[SPPP_PROTO_NAMELEN];
2818 char pbuf2[SPPP_PROTO_NAMELEN];
2819 const char *pname1, *pname2;
2820
2821 pname1 = sppp_proto_name(pbuf1,
2822 sizeof(pbuf1), sp->myauth.proto);
2823 pname2 = sppp_proto_name(pbuf2,
2824 sizeof(pbuf2), authproto);
2825 addlog(" [mine %s != his %s]",
2826 pname1, pname2);
2827 }
2828 }
2829 /* not agreed, nak */
2830 if (sp->myauth.proto == PPP_CHAP) {
2831 l = 5;
2832 } else {
2833 l = 4;
2834 }
2835
2836 if (rlen + l > blen) {
2837 if (debug)
2838 addlog(" [overflow]");
2839 continue;
2840 }
2841
2842 r[0] = LCP_OPT_AUTH_PROTO;
2843 r[1] = l;
2844 r[2] = sp->myauth.proto >> 8;
2845 r[3] = sp->myauth.proto & 0xff;
2846 if (sp->myauth.proto == PPP_CHAP)
2847 r[4] = CHAP_MD5;
2848 rlen += l;
2849 r += l;
2850 continue;
2851 case LCP_OPT_MP_EID:
2852 /*
2853 * Endpoint identification.
2854 * Always agreeable,
2855 * but ignored by now.
2856 */
2857 if (debug) {
2858 addlog(" type %d", p[2]);
2859 sppp_print_bytes(p+3, p[1]-3);
2860 }
2861 continue;
2862 case LCP_OPT_MP_MRRU:
2863 /*
2864 * Maximum received reconstructed unit.
2865 * Always agreeable,
2866 * but ignored by now.
2867 */
2868 sp->lcp.their_mrru = p[2] * 256 + p[3];
2869 if (debug)
2870 addlog(" %ld", sp->lcp.their_mrru);
2871 continue;
2872 }
2873 if (rlen + l > blen) {
2874 if (debug)
2875 addlog(" [overflow]");
2876 continue;
2877 }
2878 /* Add the option to nak'ed list. */
2879 memcpy(r, p, l);
2880 r += l;
2881 rlen += l;
2882 }
2883
2884 if (rlen > 0) {
2885 if (++sp->scp[IDX_LCP].fail_counter >= sp->lcp.max_failure) {
2886 if (debug)
2887 addlog(" max_failure (%d) exceeded, ",
2888 sp->lcp.max_failure);
2889 type = CP_RCR_REJ;
2890 } else {
2891 type = CP_RCR_NAK;
2892 }
2893 } else {
2894 type = CP_RCR_ACK;
2895 rlen = origlen;
2896 memcpy(r, h + 1, rlen);
2897 sp->scp[IDX_LCP].fail_counter = 0;
2898 sp->pp_loopcnt = 0;
2899 }
2900
2901 end:
2902 if (debug)
2903 addlog("\n");
2904
2905 if (type == CP_RCR_ERR || type == CP_RCR_DROP) {
2906 if (buf != NULL)
2907 kmem_intr_free(buf, blen);
2908 } else {
2909 *msgbuf = buf;
2910 *buflen = blen;
2911 *msglen = rlen;
2912 }
2913
2914 return type;
2915 }
2916
2917 /*
2918 * Analyze the LCP Configure-Reject option list, and adjust our
2919 * negotiation.
2920 */
2921 static void
2922 sppp_lcp_confrej(struct sppp *sp, struct lcp_header *h, int len)
2923 {
2924 u_char *p, l;
2925 bool debug;
2926
2927 KASSERT(SPPP_WLOCKED(sp));
2928
2929 debug = sppp_debug_enabled(sp);
2930
2931 if (len <= sizeof(*h))
2932 return;
2933
2934 len -= sizeof(*h);
2935
2936 if (debug)
2937 SPPP_LOG(sp, LOG_DEBUG, "lcp rej opts:");
2938
2939 p = (void *)(h + 1);
2940 for (; len > 1 && (l = p[1]) != 0; len -= l, p += l) {
2941 /* Sanity check option length */
2942 if (l > len) {
2943 /*
2944 * Malicious option - drop immediately.
2945 * XXX Maybe we should just RXJ it?
2946 */
2947 if (debug)
2948 addlog("\n");
2949
2950 SPPP_LOG(sp, LOG_DEBUG,
2951 "received malicious LCP option, dropping.\n");
2952 goto end;
2953 }
2954 if (debug) {
2955 char lbuf[SPPP_LCPOPT_NAMELEN];
2956 addlog(" %s", sppp_lcp_opt_name(lbuf, sizeof(lbuf), *p));
2957 }
2958 switch (p[0]) {
2959 case LCP_OPT_MAGIC:
2960 /* Magic number -- can't use it, use 0 */
2961 CLR(sp->lcp.opts, SPPP_LCP_OPT_MAGIC);
2962 sp->lcp.magic = 0;
2963 break;
2964 case LCP_OPT_MRU:
2965 /*
2966 * We try to negotiate a lower MRU if the underlying
2967 * link's MTU is less than PP_MTU (e.g. PPPoE). If the
2968 * peer rejects this lower rate, fallback to the
2969 * default.
2970 */
2971 if (!debug) {
2972 SPPP_LOG(sp, LOG_INFO,
2973 "peer rejected our MRU of "
2974 "%ld bytes. Defaulting to %d bytes\n",
2975 sp->lcp.mru, PP_MTU);
2976 }
2977 CLR(sp->lcp.opts, SPPP_LCP_OPT_MRU);
2978 sp->lcp.mru = PP_MTU;
2979 break;
2980 case LCP_OPT_AUTH_PROTO:
2981 /*
2982 * Peer doesn't want to authenticate himself,
2983 * deny unless this is a dialout call, and
2984 * SPPP_AUTHFLAG_NOCALLOUT is set.
2985 */
2986 if ((sp->pp_flags & PP_CALLIN) == 0 &&
2987 (sp->hisauth.flags & SPPP_AUTHFLAG_NOCALLOUT) != 0) {
2988 if (debug) {
2989 addlog(" [don't insist on auth "
2990 "for callout]");
2991 }
2992 CLR(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO);
2993 break;
2994 }
2995 if (debug)
2996 addlog("[access denied]\n");
2997 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close);
2998 break;
2999 }
3000 }
3001 if (debug)
3002 addlog("\n");
3003 end:
3004 return;
3005 }
3006
3007 /*
3008 * Analyze the LCP Configure-NAK option list, and adjust our
3009 * negotiation.
3010 */
3011 static void
3012 sppp_lcp_confnak(struct sppp *sp, struct lcp_header *h, int len)
3013 {
3014 u_char *p, l;
3015 uint32_t magic;
3016 bool debug;
3017
3018 KASSERT(SPPP_WLOCKED(sp));
3019
3020 if (len <= sizeof(*h))
3021 return;
3022
3023 debug = sppp_debug_enabled(sp);
3024 len -= sizeof(*h);
3025
3026 if (debug)
3027 SPPP_LOG(sp, LOG_DEBUG, "lcp nak opts:");
3028
3029 p = (void *)(h + 1);
3030 for (; len > 1 && (l = p[1]) != 0; len -= l, p += l) {
3031 /* Sanity check option length */
3032 if (l > len) {
3033 /*
3034 * Malicious option - drop immediately.
3035 * XXX Maybe we should just RXJ it?
3036 */
3037 if (debug)
3038 addlog("\n");
3039
3040 SPPP_LOG(sp, LOG_DEBUG,
3041 "received malicious LCP option, dropping.\n");
3042 goto end;
3043 }
3044 if (debug) {
3045 char lbuf[SPPP_LCPOPT_NAMELEN];
3046 addlog(" %s", sppp_lcp_opt_name(lbuf, sizeof(lbuf),*p));
3047 }
3048 switch (p[0]) {
3049 case LCP_OPT_MAGIC:
3050 /* Magic number -- renegotiate */
3051 if (ISSET(sp->lcp.opts, SPPP_LCP_OPT_MAGIC) &&
3052 len >= 6 && l == 6) {
3053 magic = (uint32_t)p[2] << 24 |
3054 (uint32_t)p[3] << 16 | p[4] << 8 | p[5];
3055 /*
3056 * If the remote magic is our negated one,
3057 * this looks like a loopback problem.
3058 * Suggest a new magic to make sure.
3059 */
3060 if (magic == ~sp->lcp.magic) {
3061 if (debug)
3062 addlog(" magic glitch");
3063 sp->lcp.magic = cprng_fast32();
3064 } else {
3065 sp->lcp.magic = magic;
3066 if (debug)
3067 addlog(" %d", magic);
3068 }
3069 }
3070 break;
3071 case LCP_OPT_MRU:
3072 /*
3073 * Peer wants to advise us to negotiate an MRU.
3074 * Agree on it if it's reasonable, or use
3075 * default otherwise.
3076 */
3077 if (len >= 4 && l == 4) {
3078 u_int mru = p[2] * 256 + p[3];
3079 if (debug)
3080 addlog(" %d", mru);
3081 if (mru < PPP_MINMRU || mru > sp->pp_if.if_mtu)
3082 mru = sp->pp_if.if_mtu;
3083 sp->lcp.mru = mru;
3084 SET(sp->lcp.opts, SPPP_LCP_OPT_MRU);
3085 }
3086 break;
3087 case LCP_OPT_AUTH_PROTO:
3088 /*
3089 * Peer doesn't like our authentication method,
3090 * deny.
3091 */
3092 if (debug)
3093 addlog("[access denied]\n");
3094 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close);
3095 break;
3096 }
3097 }
3098 if (debug)
3099 addlog("\n");
3100 end:
3101 return;
3102 }
3103
3104 static void
3105 sppp_lcp_tlu(struct sppp *sp)
3106 {
3107 struct ifnet *ifp;
3108 struct sppp_cp *scp;
3109 int i;
3110 bool going_up;
3111
3112 KASSERT(SPPP_WLOCKED(sp));
3113
3114 ifp = &sp->pp_if;
3115
3116 /* unlock for IFNET_LOCK and if_up() */
3117 SPPP_UNLOCK(sp);
3118
3119 if (! (ifp->if_flags & IFF_UP) &&
3120 (ifp->if_flags & IFF_RUNNING)) {
3121 /* Coming out of loopback mode. */
3122 going_up = true;
3123 if_up(ifp);
3124 } else {
3125 going_up = false;
3126 }
3127
3128 IFNET_LOCK(ifp);
3129 SPPP_LOCK(sp, RW_WRITER);
3130
3131 if (going_up) {
3132 if ((sp->pp_flags & PP_LOOPBACK) == 0) {
3133 SPPP_LOG(sp, LOG_DEBUG,
3134 "interface is going up, "
3135 "but no loopback packet is deteted\n");
3136 }
3137 sp->pp_flags &= ~PP_LOOPBACK;
3138 }
3139
3140 if (ifp->if_mtu > sp->lcp.their_mru) {
3141 sp->pp_saved_mtu = ifp->if_mtu;
3142 ifp->if_mtu = sp->lcp.their_mru;
3143 SPPP_DLOG(sp, "setting MTU "
3144 "from %"PRIu64" bytes to %"PRIu64" bytes\n",
3145 sp->pp_saved_mtu, ifp->if_mtu);
3146 }
3147 IFNET_UNLOCK(ifp);
3148
3149 if (ISSET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO) ||
3150 (sp->pp_flags & PP_NEEDAUTH) != 0)
3151 sppp_change_phase(sp, SPPP_PHASE_AUTHENTICATE);
3152 else
3153 sppp_change_phase(sp, SPPP_PHASE_NETWORK);
3154
3155
3156 for (i = 0; i < IDX_COUNT; i++) {
3157 scp = &sp->scp[(cps[i])->protoidx];
3158
3159 if (((cps[i])->flags & CP_LCP) == 0)
3160 sppp_wq_add(sp->wq_cp, &scp->work_up);
3161
3162 /*
3163 * Open all authentication protocols. This is even required
3164 * if we already proceeded to network phase, since it might be
3165 * that remote wants us to authenticate, so we might have to
3166 * send a PAP request. Undesired authentication protocols
3167 * don't do anything when they get an Open event.
3168 */
3169 if ((cps[i])->flags & CP_AUTH)
3170 sppp_wq_add(sp->wq_cp, &scp->work_open);
3171
3172 /* Open all NCPs. */
3173 if (sp->pp_phase == SPPP_PHASE_NETWORK &&
3174 ((cps[i])->flags & CP_NCP) != 0) {
3175 sppp_wq_add(sp->wq_cp, &scp->work_open);
3176 }
3177 }
3178
3179 /* notify low-level driver of state change */
3180 sppp_notify_chg_wlocked(sp);
3181 }
3182
3183 static void
3184 sppp_lcp_tld(struct sppp *sp)
3185 {
3186 struct ifnet *ifp;
3187 struct sppp_cp *scp;
3188 int i, phase;
3189
3190 KASSERT(SPPP_WLOCKED(sp));
3191
3192 phase = sp->pp_phase;
3193
3194 sppp_change_phase(sp, SPPP_PHASE_TERMINATE);
3195
3196 if (sp->pp_saved_mtu > 0) {
3197 ifp = &sp->pp_if;
3198
3199 SPPP_UNLOCK(sp);
3200 IFNET_LOCK(ifp);
3201 SPPP_LOCK(sp, RW_WRITER);
3202
3203 SPPP_DLOG(sp, "setting MTU "
3204 "from %"PRIu64" bytes to %"PRIu64" bytes\n",
3205 ifp->if_mtu, sp->pp_saved_mtu);
3206
3207 ifp->if_mtu = sp->pp_saved_mtu;
3208 sp->pp_saved_mtu = 0;
3209 IFNET_UNLOCK(ifp);
3210 }
3211
3212 /*
3213 * Take upper layers down. We send the Down event first and
3214 * the Close second to prevent the upper layers from sending
3215 * ``a flurry of terminate-request packets'', as the RFC
3216 * describes it.
3217 */
3218 for (i = 0; i < IDX_COUNT; i++) {
3219 scp = &sp->scp[(cps[i])->protoidx];
3220
3221 if (((cps[i])->flags & CP_LCP) == 0)
3222 sppp_wq_add(sp->wq_cp, &scp->work_down);
3223
3224 if ((cps[i])->flags & CP_AUTH) {
3225 sppp_wq_add(sp->wq_cp, &scp->work_close);
3226 }
3227
3228 /* Close all NCPs. */
3229 if (phase == SPPP_PHASE_NETWORK &&
3230 ((cps[i])->flags & CP_NCP) != 0) {
3231 sppp_wq_add(sp->wq_cp, &scp->work_close);
3232 }
3233 }
3234 }
3235
3236 static void
3237 sppp_lcp_tls(const struct cp *cp __unused, struct sppp *sp)
3238 {
3239
3240 KASSERT(SPPP_WLOCKED(sp));
3241
3242 sppp_change_phase(sp, SPPP_PHASE_ESTABLISH);
3243
3244 /* Notify lower layer if desired. */
3245 sppp_notify_tls_wlocked(sp);
3246 sp->lcp.tlf_sent = false;
3247 }
3248
3249 static void
3250 sppp_lcp_tlf(const struct cp *cp __unused, struct sppp *sp)
3251 {
3252
3253 KASSERT(SPPP_WLOCKED(sp));
3254
3255 sppp_change_phase(sp, SPPP_PHASE_DEAD);
3256
3257 /* Notify lower layer if desired. */
3258 sppp_notify_tlf_wlocked(sp);
3259
3260 switch (sp->scp[IDX_LCP].state) {
3261 case STATE_CLOSED:
3262 case STATE_STOPPED:
3263 sp->lcp.tlf_sent = true;
3264 break;
3265 case STATE_INITIAL:
3266 default:
3267 /* just in case */
3268 sp->lcp.tlf_sent = false;
3269 }
3270 }
3271
3272 static void
3273 sppp_lcp_scr(struct sppp *sp)
3274 {
3275 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */];
3276 int i = 0;
3277 u_short authproto;
3278
3279 KASSERT(SPPP_WLOCKED(sp));
3280
3281 if (ISSET(sp->lcp.opts, SPPP_LCP_OPT_MAGIC)) {
3282 if (! sp->lcp.magic)
3283 sp->lcp.magic = cprng_fast32();
3284 opt[i++] = LCP_OPT_MAGIC;
3285 opt[i++] = 6;
3286 opt[i++] = sp->lcp.magic >> 24;
3287 opt[i++] = sp->lcp.magic >> 16;
3288 opt[i++] = sp->lcp.magic >> 8;
3289 opt[i++] = sp->lcp.magic;
3290 }
3291
3292 if (ISSET(sp->lcp.opts,SPPP_LCP_OPT_MRU)) {
3293 opt[i++] = LCP_OPT_MRU;
3294 opt[i++] = 4;
3295 opt[i++] = sp->lcp.mru >> 8;
3296 opt[i++] = sp->lcp.mru;
3297 }
3298
3299 if (ISSET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO)) {
3300 authproto = sp->hisauth.proto;
3301 opt[i++] = LCP_OPT_AUTH_PROTO;
3302 opt[i++] = authproto == PPP_CHAP? 5: 4;
3303 opt[i++] = authproto >> 8;
3304 opt[i++] = authproto;
3305 if (authproto == PPP_CHAP)
3306 opt[i++] = CHAP_MD5;
3307 }
3308
3309 sp->scp[IDX_LCP].confid = ++sp->scp[IDX_LCP].seq;
3310 sppp_cp_send(sp, PPP_LCP, CONF_REQ, sp->scp[IDX_LCP].confid, i, &opt);
3311 }
3312
3313 /*
3314 * Check the open NCPs, return true if at least one NCP is open.
3315 */
3316
3317 static int
3318 sppp_cp_check(struct sppp *sp, u_char cp_flags)
3319 {
3320 int i, mask;
3321
3322 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
3323 if ((sp->lcp.protos & mask) && (cps[i])->flags & cp_flags)
3324 return 1;
3325 return 0;
3326 }
3327
3328 /*
3329 * Re-check the open NCPs and see if we should terminate the link.
3330 * Called by the NCPs during their tlf action handling.
3331 */
3332 static void
3333 sppp_lcp_check_and_close(struct sppp *sp)
3334 {
3335
3336 KASSERT(SPPP_WLOCKED(sp));
3337
3338 if (sp->pp_phase < SPPP_PHASE_AUTHENTICATE) {
3339 /* don't bother, we are already going down */
3340 return;
3341 }
3342
3343 if (sp->pp_phase == SPPP_PHASE_AUTHENTICATE &&
3344 sppp_cp_check(sp, CP_AUTH))
3345 return;
3346
3347 if (sp->pp_phase >= SPPP_PHASE_NETWORK &&
3348 sppp_cp_check(sp, CP_NCP))
3349 return;
3350
3351 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close);
3352
3353 if (sp->pp_max_auth_fail != 0 &&
3354 sp->pp_auth_failures >= sp->pp_max_auth_fail) {
3355 SPPP_LOG(sp, LOG_INFO, "authentication failed %d times, "
3356 "not retrying again\n", sp->pp_auth_failures);
3357
3358 sppp_wq_add(sp->wq_cp, &sp->work_ifdown);
3359 sp->pp_if.if_flags &= ~IFF_RUNNING;
3360 } else {
3361 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open);
3362 }
3363 }
3364
3365 /*
3366 *--------------------------------------------------------------------------*
3367 * *
3368 * The IPCP implementation. *
3369 * *
3370 *--------------------------------------------------------------------------*
3371 */
3372
3373 static void
3374 sppp_ipcp_init(struct sppp *sp)
3375 {
3376
3377 KASSERT(SPPP_WLOCKED(sp));
3378
3379 sppp_cp_init(&ipcp, sp);
3380
3381 sp->ipcp.opts = 0;
3382 sp->ipcp.flags = 0;
3383 }
3384
3385 static void
3386 sppp_ipcp_open(struct sppp *sp, void *xcp)
3387 {
3388 uint32_t myaddr, hisaddr;
3389
3390 KASSERT(SPPP_WLOCKED(sp));
3391 KASSERT(!cpu_softintr_p());
3392
3393 if (!ISSET(sp->pp_ncpflags, SPPP_NCP_IPCP))
3394 return;
3395
3396 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN|IPCP_HISADDR_DYN);
3397 sp->ipcp.req_myaddr = 0;
3398 sp->ipcp.req_hisaddr = 0;
3399 memset(&sp->dns_addrs, 0, sizeof sp->dns_addrs);
3400
3401 #ifdef INET
3402 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0);
3403 #else
3404 myaddr = hisaddr = 0;
3405 #endif
3406 /*
3407 * If we don't have his address, this probably means our
3408 * interface doesn't want to talk IP at all. (This could
3409 * be the case if somebody wants to speak only IPX, for
3410 * example.) Don't open IPCP in this case.
3411 */
3412 if (hisaddr == 0) {
3413 /* XXX this message should go away */
3414 SPPP_DLOG(sp, "ipcp_open(): no IP interface\n");
3415 return;
3416 }
3417
3418 if (myaddr == 0) {
3419 /*
3420 * I don't have an assigned address, so i need to
3421 * negotiate my address.
3422 */
3423 sp->ipcp.flags |= IPCP_MYADDR_DYN;
3424 SET(sp->ipcp.opts, SPPP_IPCP_OPT_ADDRESS);
3425 }
3426 if (hisaddr == 1) {
3427 /*
3428 * XXX - remove this hack!
3429 * remote has no valid address, we need to get one assigned.
3430 */
3431 sp->ipcp.flags |= IPCP_HISADDR_DYN;
3432 sp->ipcp.saved_hisaddr = htonl(hisaddr);
3433 }
3434
3435 if (sp->query_dns & 1) {
3436 SET(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS);
3437 } else {
3438 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS);
3439 }
3440
3441 if (sp->query_dns & 2) {
3442 SET(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS);
3443 } else {
3444 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS);
3445 }
3446 sppp_open_event(sp, xcp);
3447 }
3448
3449 static void
3450 sppp_ipcp_close(struct sppp *sp, void *xcp)
3451 {
3452
3453 KASSERT(SPPP_WLOCKED(sp));
3454 KASSERT(!cpu_softintr_p());
3455
3456 sppp_close_event(sp, xcp);
3457
3458 #ifdef INET
3459 if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN)) {
3460 /*
3461 * Some address was dynamic, clear it again.
3462 */
3463 sppp_clear_ip_addrs(sp);
3464 }
3465 #endif
3466 memset(&sp->dns_addrs, 0, sizeof sp->dns_addrs);
3467 }
3468
3469 /*
3470 * Analyze a configure request. Return true if it was agreeable, and
3471 * caused action sca, false if it has been rejected or nak'ed, and
3472 * caused action scn. (The return value is used to make the state
3473 * transition decision in the state automaton.)
3474 */
3475 static enum cp_rcr_type
3476 sppp_ipcp_confreq(struct sppp *sp, struct lcp_header *h, int origlen,
3477 uint8_t **msgbuf, size_t *buflen, size_t *msglen)
3478 {
3479 u_char *buf, *r, *p, l, blen;
3480 enum cp_rcr_type type;
3481 int rlen, len;
3482 uint32_t hisaddr, desiredaddr;
3483 char ipbuf[SPPP_IPCPOPT_NAMELEN];
3484 char dqbuf[SPPP_DOTQUAD_BUFLEN];
3485 const char *dq;
3486 bool debug;
3487
3488 KASSERT(SPPP_WLOCKED(sp));
3489
3490 type = CP_RCR_NONE;
3491 origlen -= sizeof(*h);
3492
3493 if (origlen < 0)
3494 return CP_RCR_DROP;
3495
3496 debug = sppp_debug_enabled(sp);
3497
3498 /*
3499 * Make sure to allocate a buf that can at least hold a
3500 * conf-nak with an `address' option. We might need it below.
3501 */
3502 blen = MAX(6, origlen);
3503
3504 buf = kmem_intr_alloc(blen, KM_NOSLEEP);
3505 if (buf == NULL)
3506 return CP_RCR_DROP;
3507
3508 /* pass 1: see if we can recognize them */
3509 if (debug)
3510 SPPP_LOG(sp, LOG_DEBUG, "ipcp parse opts:");
3511 p = (void *)(h + 1);
3512 r = buf;
3513 rlen = 0;
3514 for (len = origlen; len > 1; len -= l, p += l) {
3515 l = p[1];
3516 if (l == 0)
3517 break;
3518
3519 /* Sanity check option length */
3520 if (l > len) {
3521 /* XXX should we just RXJ? */
3522 if (debug)
3523 addlog("\n");
3524
3525 SPPP_LOG(sp, LOG_DEBUG,
3526 " malicious IPCP option received, dropping\n");
3527 type = CP_RCR_ERR;
3528 goto end;
3529 }
3530 if (debug) {
3531 addlog(" %s",
3532 sppp_ipcp_opt_name(ipbuf, sizeof(ipbuf), *p));
3533 }
3534 switch (p[0]) {
3535 #ifdef notyet
3536 case IPCP_OPT_COMPRESSION:
3537 if (len >= 6 && l >= 6) {
3538 /* correctly formed compress option */
3539 continue;
3540 }
3541 if (debug)
3542 addlog(" [invalid]");
3543 break;
3544 #endif
3545 case IPCP_OPT_ADDRESS:
3546 if (len >= 6 && l == 6) {
3547 /* correctly formed address option */
3548 continue;
3549 }
3550 if (debug)
3551 addlog(" [invalid]");
3552 break;
3553 default:
3554 /* Others not supported. */
3555 if (debug)
3556 addlog(" [rej]");
3557 break;
3558 }
3559 /* Add the option to rejected list. */
3560 if (rlen + l > blen) {
3561 if (debug)
3562 addlog(" [overflow]");
3563 continue;
3564 }
3565 memcpy(r, p, l);
3566 r += l;
3567 rlen += l;
3568 }
3569
3570 if (rlen > 0) {
3571 type = CP_RCR_REJ;
3572 goto end;
3573 }
3574
3575 if (debug)
3576 addlog("\n");
3577
3578 /* pass 2: parse option values */
3579 if (sp->ipcp.flags & IPCP_HISADDR_SEEN)
3580 hisaddr = sp->ipcp.req_hisaddr; /* we already aggreed on that */
3581 else
3582 #ifdef INET
3583 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */
3584 #else
3585 hisaddr = 0;
3586 #endif
3587 if (debug)
3588 SPPP_LOG(sp, LOG_DEBUG, "ipcp parse opt values:");
3589 p = (void *)(h + 1);
3590 r = buf;
3591 rlen = 0;
3592 for (len = origlen; len > 1; len -= l, p += l) {
3593 l = p[1];
3594 if (l == 0)
3595 break;
3596
3597 if (debug) {
3598 addlog(" %s",
3599 sppp_ipcp_opt_name(ipbuf, sizeof(ipbuf), *p));
3600 }
3601 switch (p[0]) {
3602 #ifdef notyet
3603 case IPCP_OPT_COMPRESSION:
3604 continue;
3605 #endif
3606 case IPCP_OPT_ADDRESS:
3607 desiredaddr = p[2] << 24 | p[3] << 16 |
3608 p[4] << 8 | p[5];
3609 if (desiredaddr == hisaddr ||
3610 ((sp->ipcp.flags & IPCP_HISADDR_DYN) && desiredaddr != 0)) {
3611 /*
3612 * Peer's address is same as our value,
3613 * this is agreeable. Gonna conf-ack
3614 * it.
3615 */
3616 if (debug) {
3617 dq = sppp_dotted_quad(dqbuf,
3618 sizeof(dqbuf), hisaddr);
3619 addlog(" %s [ack]", dq);
3620 }
3621 /* record that we've seen it already */
3622 sp->ipcp.flags |= IPCP_HISADDR_SEEN;
3623 sp->ipcp.req_hisaddr = desiredaddr;
3624 hisaddr = desiredaddr;
3625 continue;
3626 }
3627 /*
3628 * The address wasn't agreeable. This is either
3629 * he sent us 0.0.0.0, asking to assign him an
3630 * address, or he send us another address not
3631 * matching our value. Either case, we gonna
3632 * conf-nak it with our value.
3633 */
3634 if (debug) {
3635 if (desiredaddr == 0) {
3636 addlog(" [addr requested]");
3637 } else {
3638 dq = sppp_dotted_quad(dqbuf,
3639 sizeof(dqbuf), desiredaddr);
3640 addlog(" %s [not agreed]", dq);
3641 }
3642 }
3643
3644 p[2] = hisaddr >> 24;
3645 p[3] = hisaddr >> 16;
3646 p[4] = hisaddr >> 8;
3647 p[5] = hisaddr;
3648 break;
3649 }
3650 if (rlen + l > blen) {
3651 if (debug)
3652 addlog(" [overflow]");
3653 continue;
3654 }
3655 /* Add the option to nak'ed list. */
3656 memcpy(r, p, l);
3657 r += l;
3658 rlen += l;
3659 }
3660
3661 if (rlen > 0) {
3662 type = CP_RCR_NAK;
3663 } else {
3664 if ((sp->ipcp.flags & IPCP_HISADDR_SEEN) == 0) {
3665 /*
3666 * If we are about to conf-ack the request, but haven't seen
3667 * his address so far, gonna conf-nak it instead, with the
3668 * `address' option present and our idea of his address being
3669 * filled in there, to request negotiation of both addresses.
3670 *
3671 * XXX This can result in an endless req - nak loop if peer
3672 * doesn't want to send us his address. Q: What should we do
3673 * about it? XXX A: implement the max-failure counter.
3674 */
3675 buf[0] = IPCP_OPT_ADDRESS;
3676 buf[1] = 6;
3677 buf[2] = hisaddr >> 24;
3678 buf[3] = hisaddr >> 16;
3679 buf[4] = hisaddr >> 8;
3680 buf[5] = hisaddr;
3681 rlen = 6;
3682 if (debug)
3683 addlog(" still need hisaddr");
3684 type = CP_RCR_NAK;
3685 } else {
3686 type = CP_RCR_ACK;
3687 rlen = origlen;
3688 memcpy(r, h + 1, rlen);
3689 }
3690 }
3691
3692 end:
3693 if (debug)
3694 addlog("\n");
3695
3696 if (type == CP_RCR_ERR || type == CP_RCR_DROP) {
3697 if (buf != NULL)
3698 kmem_intr_free(buf, blen);
3699 } else {
3700 *msgbuf = buf;
3701 *buflen = blen;
3702 *msglen = rlen;
3703 }
3704
3705 return type;
3706 }
3707
3708 /*
3709 * Analyze the IPCP Configure-Reject option list, and adjust our
3710 * negotiation.
3711 */
3712 static void
3713 sppp_ipcp_confrej(struct sppp *sp, struct lcp_header *h, int len)
3714 {
3715 u_char *p, l;
3716 bool debug;
3717
3718 KASSERT(SPPP_WLOCKED(sp));
3719
3720 if (len <= sizeof(*h))
3721 return;
3722
3723 len -= sizeof(*h);
3724 debug = sppp_debug_enabled(sp);
3725
3726 if (debug)
3727 SPPP_LOG(sp, LOG_DEBUG, "ipcp rej opts:");
3728
3729 p = (void *)(h + 1);
3730 for (; len > 1; len -= l, p += l) {
3731 l = p[1];
3732 if (l == 0)
3733 break;
3734
3735 /* Sanity check option length */
3736 if (l > len) {
3737 /* XXX should we just RXJ? */
3738 if (debug)
3739 addlog("\n");
3740 SPPP_LOG(sp, LOG_DEBUG,
3741 "malicious IPCP option received, dropping\n");
3742 goto end;
3743 }
3744 if (debug) {
3745 char ipbuf[SPPP_IPCPOPT_NAMELEN];
3746 addlog(" %s",
3747 sppp_ipcp_opt_name(ipbuf, sizeof(ipbuf), *p));
3748 }
3749 switch (p[0]) {
3750 case IPCP_OPT_ADDRESS:
3751 /*
3752 * Peer doesn't grok address option. This is
3753 * bad. XXX Should we better give up here?
3754 */
3755 if (!debug) {
3756 SPPP_LOG(sp, LOG_ERR,
3757 "IPCP address option rejected\n");
3758 }
3759 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_ADDRESS);
3760 break;
3761 #ifdef notyet
3762 case IPCP_OPT_COMPRESS:
3763 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_COMPRESS);
3764 break;
3765 #endif
3766 case IPCP_OPT_PRIMDNS:
3767 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS);
3768 break;
3769
3770 case IPCP_OPT_SECDNS:
3771 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS);
3772 break;
3773 }
3774 }
3775 if (debug)
3776 addlog("\n");
3777 end:
3778 return;
3779 }
3780
3781 /*
3782 * Analyze the IPCP Configure-NAK option list, and adjust our
3783 * negotiation.
3784 */
3785 static void
3786 sppp_ipcp_confnak(struct sppp *sp, struct lcp_header *h, int len)
3787 {
3788 u_char *p, l;
3789 struct ifnet *ifp = &sp->pp_if;
3790 int debug = ifp->if_flags & IFF_DEBUG;
3791 uint32_t wantaddr;
3792
3793 KASSERT(SPPP_WLOCKED(sp));
3794
3795 len -= sizeof(*h);
3796
3797 debug = sppp_debug_enabled(sp);
3798
3799 if (debug)
3800 SPPP_LOG(sp, LOG_DEBUG, "ipcp nak opts:");
3801
3802 p = (void *)(h + 1);
3803 for (; len > 1; len -= l, p += l) {
3804 l = p[1];
3805 if (l == 0)
3806 break;
3807
3808 /* Sanity check option length */
3809 if (l > len) {
3810 /* XXX should we just RXJ? */
3811 if (debug)
3812 addlog("\n");
3813 SPPP_LOG(sp, LOG_DEBUG,
3814 "malicious IPCP option received, dropping\n");
3815 return;
3816 }
3817 if (debug) {
3818 char ipbuf[SPPP_IPCPOPT_NAMELEN];
3819 addlog(" %s",
3820 sppp_ipcp_opt_name(ipbuf, sizeof(ipbuf), *p));
3821 }
3822 switch (*p) {
3823 case IPCP_OPT_ADDRESS:
3824 /*
3825 * Peer doesn't like our local IP address. See
3826 * if we can do something for him. We'll drop
3827 * him our address then.
3828 */
3829 if (len >= 6 && l == 6) {
3830 wantaddr = p[2] << 24 | p[3] << 16 |
3831 p[4] << 8 | p[5];
3832 SET(sp->ipcp.opts, SPPP_IPCP_OPT_ADDRESS);
3833 if (debug) {
3834 char dqbuf[SPPP_DOTQUAD_BUFLEN];
3835 const char *dq;
3836
3837 dq = sppp_dotted_quad(dqbuf,
3838 sizeof(dqbuf), wantaddr);
3839 addlog(" [wantaddr %s]", dq);
3840 }
3841 /*
3842 * When doing dynamic address assignment,
3843 * we accept his offer. Otherwise, we
3844 * ignore it and thus continue to negotiate
3845 * our already existing value.
3846 */
3847 if (sp->ipcp.flags & IPCP_MYADDR_DYN) {
3848 if (ntohl(wantaddr) != INADDR_ANY) {
3849 if (debug)
3850 addlog(" [agree]");
3851 sp->ipcp.flags |= IPCP_MYADDR_SEEN;
3852 sp->ipcp.req_myaddr = wantaddr;
3853 } else {
3854 if (debug)
3855 addlog(" [not agreed]");
3856 }
3857 }
3858 }
3859 break;
3860
3861 case IPCP_OPT_PRIMDNS:
3862 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS) &&
3863 len >= 6 && l == 6) {
3864 sp->dns_addrs[0] = p[2] << 24 | p[3] << 16 |
3865 p[4] << 8 | p[5];
3866 }
3867 break;
3868
3869 case IPCP_OPT_SECDNS:
3870 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS) &&
3871 len >= 6 && l == 6) {
3872 sp->dns_addrs[1] = p[2] << 24 | p[3] << 16 |
3873 p[4] << 8 | p[5];
3874 }
3875 break;
3876 #ifdef notyet
3877 case IPCP_OPT_COMPRESS:
3878 /*
3879 * Peer wants different compression parameters.
3880 */
3881 break;
3882 #endif
3883 }
3884 }
3885 if (debug)
3886 addlog("\n");
3887 }
3888
3889 static void
3890 sppp_ipcp_tlu(struct sppp *sp)
3891 {
3892 #ifdef INET
3893 struct ifnet *ifp;
3894
3895 KASSERT(SPPP_WLOCKED(sp));
3896
3897 SPPP_LOG(sp, LOG_INFO, "IPCP layer up\n");
3898 ifp = &sp->pp_if;
3899 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) &&
3900 ((sp->ipcp.flags & IPCP_MYADDR_SEEN) == 0)) {
3901 SPPP_LOG(sp, LOG_WARNING,
3902 "no IP address, closing IPCP\n");
3903 sppp_wq_add(sp->wq_cp,
3904 &sp->scp[IDX_IPCP].work_close);
3905 } else {
3906 /* we are up. Set addresses and notify anyone interested */
3907 sppp_set_ip_addrs(sp);
3908 rt_ifmsg(ifp);
3909 }
3910 #endif
3911 }
3912
3913 static void
3914 sppp_ipcp_tld(struct sppp *sp)
3915 {
3916 #ifdef INET
3917 struct ifnet *ifp;
3918
3919 KASSERT(SPPP_WLOCKED(sp));
3920
3921 SPPP_LOG(sp, LOG_INFO, "IPCP layer down\n");
3922 ifp = &sp->pp_if;
3923 rt_ifmsg(ifp);
3924 #endif
3925 }
3926
3927 static void
3928 sppp_ipcp_scr(struct sppp *sp)
3929 {
3930 uint8_t opt[6 /* compression */ + 6 /* address */ + 12 /* dns addresses */];
3931 #ifdef INET
3932 uint32_t ouraddr;
3933 #endif
3934 int i = 0;
3935
3936 KASSERT(SPPP_WLOCKED(sp));
3937
3938 #ifdef notyet
3939 if (ISSET(sp->ipcp.opts,SPPP_IPCP_OPT_COMPRESSION)) {
3940 opt[i++] = IPCP_OPT_COMPRESSION;
3941 opt[i++] = 6;
3942 opt[i++] = 0; /* VJ header compression */
3943 opt[i++] = 0x2d; /* VJ header compression */
3944 opt[i++] = max_slot_id;
3945 opt[i++] = comp_slot_id;
3946 }
3947 #endif
3948
3949 #ifdef INET
3950 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_ADDRESS)) {
3951 if (sp->ipcp.flags & IPCP_MYADDR_SEEN) {
3952 ouraddr = sp->ipcp.req_myaddr; /* not sure if this can ever happen */
3953 } else {
3954 sppp_get_ip_addrs(sp, &ouraddr, 0, 0);
3955 }
3956 opt[i++] = IPCP_OPT_ADDRESS;
3957 opt[i++] = 6;
3958 opt[i++] = ouraddr >> 24;
3959 opt[i++] = ouraddr >> 16;
3960 opt[i++] = ouraddr >> 8;
3961 opt[i++] = ouraddr;
3962 }
3963 #endif
3964
3965 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS)) {
3966 opt[i++] = IPCP_OPT_PRIMDNS;
3967 opt[i++] = 6;
3968 opt[i++] = sp->dns_addrs[0] >> 24;
3969 opt[i++] = sp->dns_addrs[0] >> 16;
3970 opt[i++] = sp->dns_addrs[0] >> 8;
3971 opt[i++] = sp->dns_addrs[0];
3972 }
3973 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS)) {
3974 opt[i++] = IPCP_OPT_SECDNS;
3975 opt[i++] = 6;
3976 opt[i++] = sp->dns_addrs[1] >> 24;
3977 opt[i++] = sp->dns_addrs[1] >> 16;
3978 opt[i++] = sp->dns_addrs[1] >> 8;
3979 opt[i++] = sp->dns_addrs[1];
3980 }
3981
3982 sp->scp[IDX_IPCP].confid = ++sp->scp[IDX_IPCP].seq;
3983 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->scp[IDX_IPCP].confid, i, &opt);
3984 }
3985
3986 /*
3987 *--------------------------------------------------------------------------*
3988 * *
3989 * The IPv6CP implementation. *
3990 * *
3991 *--------------------------------------------------------------------------*
3992 */
3993
3994 #ifdef INET6
3995 static void
3996 sppp_ipv6cp_init(struct sppp *sp)
3997 {
3998
3999 KASSERT(SPPP_WLOCKED(sp));
4000
4001 sppp_cp_init(&ipv6cp, sp);
4002
4003 sp->ipv6cp.opts = 0;
4004 sp->ipv6cp.flags = 0;
4005 }
4006
4007 static void
4008 sppp_ipv6cp_open(struct sppp *sp, void *xcp)
4009 {
4010 struct in6_addr myaddr, hisaddr;
4011
4012 KASSERT(SPPP_WLOCKED(sp));
4013 KASSERT(!cpu_softintr_p());
4014
4015 if (!ISSET(sp->pp_ncpflags, SPPP_NCP_IPV6CP))
4016 return;
4017
4018 #ifdef IPV6CP_MYIFID_DYN
4019 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN);
4020 #else
4021 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN;
4022 #endif
4023
4024 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0);
4025 /*
4026 * If we don't have our address, this probably means our
4027 * interface doesn't want to talk IPv6 at all. (This could
4028 * be the case if somebody wants to speak only IPX, for
4029 * example.) Don't open IPv6CP in this case.
4030 */
4031 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) {
4032 /* XXX this message should go away */
4033 SPPP_DLOG(sp, "ipv6cp_open(): no IPv6 interface\n");
4034 return;
4035 }
4036
4037 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN;
4038 SET(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_IFID);
4039 sppp_open_event(sp, xcp);
4040 }
4041
4042 /*
4043 * Analyze a configure request. Return true if it was agreeable, and
4044 * caused action sca, false if it has been rejected or nak'ed, and
4045 * caused action scn. (The return value is used to make the state
4046 * transition decision in the state automaton.)
4047 */
4048 static enum cp_rcr_type
4049 sppp_ipv6cp_confreq(struct sppp *sp, struct lcp_header *h, int origlen,
4050 uint8_t **msgbuf, size_t *buflen, size_t *msglen)
4051 {
4052 u_char *buf, *r, *p, l, blen;
4053 int rlen, len;
4054 struct in6_addr myaddr, desiredaddr, suggestaddr;
4055 enum cp_rcr_type type;
4056 int ifidcount;
4057 int collision, nohisaddr;
4058 char ip6buf[INET6_ADDRSTRLEN];
4059 char tbuf[SPPP_CPTYPE_NAMELEN];
4060 char ipv6buf[SPPP_IPV6CPOPT_NAMELEN];
4061 const char *cpname;
4062 bool debug;
4063
4064 KASSERT(SPPP_WLOCKED(sp));
4065
4066 debug = sppp_debug_enabled(sp);
4067 type = CP_RCR_NONE;
4068 origlen -= sizeof(*h);
4069
4070 if (origlen < 0)
4071 return CP_RCR_DROP;
4072
4073 /*
4074 * Make sure to allocate a buf that can at least hold a
4075 * conf-nak with an `address' option. We might need it below.
4076 */
4077 blen = MAX(6, origlen);
4078
4079 buf = kmem_intr_alloc(blen, KM_NOSLEEP);
4080 if (buf == NULL)
4081 return CP_RCR_DROP;
4082
4083 /* pass 1: see if we can recognize them */
4084 if (debug)
4085 SPPP_LOG(sp, LOG_DEBUG, "ipv6cp parse opts:");
4086 p = (void *)(h + 1);
4087 r = buf;
4088 rlen = 0;
4089 ifidcount = 0;
4090 for (len = origlen; len > 1; len -= l, p += l) {
4091 l = p[1];
4092 if (l == 0)
4093 break;
4094
4095 /* Sanity check option length */
4096 if (l > len) {
4097 /* XXX just RXJ? */
4098 if (debug)
4099 addlog("\n");
4100 SPPP_LOG(sp, LOG_DEBUG,
4101 "received malicious IPCPv6 option, "
4102 "dropping\n");
4103 type = CP_RCR_ERR;
4104 goto end;
4105 }
4106 if (debug) {
4107 addlog(" %s", sppp_ipv6cp_opt_name(ipv6buf,
4108 sizeof(ipv6buf),*p));
4109 }
4110 switch (p[0]) {
4111 case IPV6CP_OPT_IFID:
4112 if (len >= 10 && l == 10 && ifidcount == 0) {
4113 /* correctly formed address option */
4114 ifidcount++;
4115 continue;
4116 }
4117 if (debug)
4118 addlog(" [invalid]");
4119 break;
4120 #ifdef notyet
4121 case IPV6CP_OPT_COMPRESSION:
4122 if (len >= 4 && l >= 4) {
4123 /* correctly formed compress option */
4124 continue;
4125 }
4126 if (debug)
4127 addlog(" [invalid]");
4128 break;
4129 #endif
4130 default:
4131 /* Others not supported. */
4132 if (debug)
4133 addlog(" [rej]");
4134 break;
4135 }
4136 if (rlen + l > blen) {
4137 if (debug)
4138 addlog(" [overflow]");
4139 continue;
4140 }
4141 /* Add the option to rejected list. */
4142 memcpy(r, p, l);
4143 r += l;
4144 rlen += l;
4145 }
4146
4147 if (rlen > 0) {
4148 type = CP_RCR_REJ;
4149 goto end;
4150 }
4151
4152 if (debug)
4153 addlog("\n");
4154
4155 /* pass 2: parse option values */
4156 sppp_get_ip6_addrs(sp, &myaddr, 0, 0);
4157 if (debug)
4158 SPPP_LOG(sp, LOG_DEBUG, "ipv6cp parse opt values:");
4159 p = (void *)(h + 1);
4160 r = buf;
4161 rlen = 0;
4162 type = CP_RCR_ACK;
4163 for (len = origlen; len > 1; len -= l, p += l) {
4164 l = p[1];
4165 if (l == 0)
4166 break;
4167
4168 if (debug) {
4169 addlog(" %s", sppp_ipv6cp_opt_name(ipv6buf,
4170 sizeof(ipv6buf), *p));
4171 }
4172 switch (p[0]) {
4173 #ifdef notyet
4174 case IPV6CP_OPT_COMPRESSION:
4175 continue;
4176 #endif
4177 case IPV6CP_OPT_IFID:
4178 memset(&desiredaddr, 0, sizeof(desiredaddr));
4179 memcpy(&desiredaddr.s6_addr[8], &p[2], 8);
4180 collision = (memcmp(&desiredaddr.s6_addr[8],
4181 &myaddr.s6_addr[8], 8) == 0);
4182 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr);
4183
4184 desiredaddr.s6_addr16[0] = htons(0xfe80);
4185 (void)in6_setscope(&desiredaddr, &sp->pp_if, NULL);
4186
4187 if (!collision && !nohisaddr) {
4188 /* no collision, hisaddr known - Conf-Ack */
4189 type = CP_RCR_ACK;
4190 memcpy(sp->ipv6cp.my_ifid, &myaddr.s6_addr[8],
4191 sizeof(sp->ipv6cp.my_ifid));
4192 memcpy(sp->ipv6cp.his_ifid,
4193 &desiredaddr.s6_addr[8],
4194 sizeof(sp->ipv6cp.my_ifid));
4195
4196 if (debug) {
4197 cpname = sppp_cp_type_name(tbuf,
4198 sizeof(tbuf), CONF_ACK);
4199 addlog(" %s [%s]",
4200 IN6_PRINT(ip6buf, &desiredaddr),
4201 cpname);
4202 }
4203 continue;
4204 }
4205
4206 memset(&suggestaddr, 0, sizeof(suggestaddr));
4207 if (collision && nohisaddr) {
4208 /* collision, hisaddr unknown - Conf-Rej */
4209 type = CP_RCR_REJ;
4210 memset(&p[2], 0, 8);
4211 } else {
4212 /*
4213 * - no collision, hisaddr unknown, or
4214 * - collision, hisaddr known
4215 * Conf-Nak, suggest hisaddr
4216 */
4217 type = CP_RCR_NAK;
4218 sppp_suggest_ip6_addr(sp, &suggestaddr);
4219 memcpy(&p[2], &suggestaddr.s6_addr[8], 8);
4220 }
4221 if (debug) {
4222 int ctype = type == CP_RCR_REJ ? CONF_REJ : CONF_NAK;
4223
4224 cpname = sppp_cp_type_name(tbuf, sizeof(tbuf), ctype);
4225 addlog(" %s [%s]", IN6_PRINT(ip6buf, &desiredaddr),
4226 cpname);
4227 }
4228 break;
4229 }
4230 if (rlen + l > blen) {
4231 if (debug)
4232 addlog(" [overflow]");
4233 continue;
4234 }
4235 /* Add the option to nak'ed list. */
4236 memcpy(r, p, l);
4237 r += l;
4238 rlen += l;
4239 }
4240
4241 if (rlen > 0) {
4242 if (type != CP_RCR_ACK) {
4243 if (debug) {
4244 int ctype ;
4245 ctype = type == CP_RCR_REJ ?
4246 CONF_REJ : CONF_NAK;
4247 cpname = sppp_cp_type_name(tbuf, sizeof(tbuf), ctype);
4248 addlog(" send %s suggest %s\n",
4249 cpname, IN6_PRINT(ip6buf, &suggestaddr));
4250 }
4251 }
4252 #ifdef notdef
4253 if (type == CP_RCR_ACK)
4254 panic("IPv6CP RCR: CONF_ACK with non-zero rlen");
4255 #endif
4256 } else {
4257 if (type == CP_RCR_ACK) {
4258 rlen = origlen;
4259 memcpy(r, h + 1, rlen);
4260 }
4261 }
4262 end:
4263 if (debug)
4264 addlog("\n");
4265
4266 if (type == CP_RCR_ERR || type == CP_RCR_DROP) {
4267 if (buf != NULL)
4268 kmem_intr_free(buf, blen);
4269 } else {
4270 *msgbuf = buf;
4271 *buflen = blen;
4272 *msglen = rlen;
4273 }
4274
4275 return type;
4276 }
4277
4278 /*
4279 * Analyze the IPv6CP Configure-Reject option list, and adjust our
4280 * negotiation.
4281 */
4282 static void
4283 sppp_ipv6cp_confrej(struct sppp *sp, struct lcp_header *h, int len)
4284 {
4285 u_char *p, l;
4286 bool debug;
4287
4288 KASSERT(SPPP_WLOCKED(sp));
4289
4290 if (len <= sizeof(*h))
4291 return;
4292
4293 len -= sizeof(*h);
4294 debug = sppp_debug_enabled(sp);
4295
4296 if (debug)
4297 SPPP_LOG(sp, LOG_DEBUG, "ipv6cp rej opts:");
4298
4299 p = (void *)(h + 1);
4300 for (; len > 1; len -= l, p += l) {
4301 l = p[1];
4302 if (l == 0)
4303 break;
4304
4305 if (l > len) {
4306 /* XXX just RXJ? */
4307 if (debug)
4308 addlog("\n");
4309 SPPP_LOG(sp, LOG_DEBUG,
4310 "received malicious IPCPv6 option, "
4311 "dropping\n");
4312 goto end;
4313 }
4314 if (debug) {
4315 char ipv6buf[SPPP_IPV6CPOPT_NAMELEN];
4316 addlog(" %s", sppp_ipv6cp_opt_name(ipv6buf,
4317 sizeof(ipv6buf), *p));
4318 }
4319 switch (p[0]) {
4320 case IPV6CP_OPT_IFID:
4321 /*
4322 * Peer doesn't grok address option. This is
4323 * bad. XXX Should we better give up here?
4324 */
4325 CLR(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_IFID);
4326 break;
4327 #ifdef notyet
4328 case IPV6CP_OPT_COMPRESS:
4329 CLR(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_COMPRESS);
4330 break;
4331 #endif
4332 }
4333 }
4334 if (debug)
4335 addlog("\n");
4336 end:
4337 return;
4338 }
4339
4340 /*
4341 * Analyze the IPv6CP Configure-NAK option list, and adjust our
4342 * negotiation.
4343 */
4344 static void
4345 sppp_ipv6cp_confnak(struct sppp *sp, struct lcp_header *h, int len)
4346 {
4347 u_char *p, l;
4348 struct in6_addr suggestaddr;
4349 char ip6buf[INET6_ADDRSTRLEN];
4350 bool debug;
4351
4352 KASSERT(SPPP_WLOCKED(sp));
4353
4354 if (len <= sizeof(*h))
4355 return;
4356
4357 len -= sizeof(*h);
4358 debug = sppp_debug_enabled(sp);
4359
4360 if (debug)
4361 SPPP_LOG(sp, LOG_DEBUG, "ipv6cp nak opts:");
4362
4363 p = (void *)(h + 1);
4364 for (; len > 1; len -= l, p += l) {
4365 l = p[1];
4366 if (l == 0)
4367 break;
4368
4369 if (l > len) {
4370 /* XXX just RXJ? */
4371 if (debug)
4372 addlog("\n");
4373 SPPP_LOG(sp, LOG_DEBUG,
4374 "received malicious IPCPv6 option, "
4375 "dropping\n");
4376 goto end;
4377 }
4378 if (debug) {
4379 char ipv6buf[SPPP_IPV6CPOPT_NAMELEN];
4380 addlog(" %s", sppp_ipv6cp_opt_name(ipv6buf,
4381 sizeof(ipv6buf), *p));
4382 }
4383 switch (p[0]) {
4384 case IPV6CP_OPT_IFID:
4385 /*
4386 * Peer doesn't like our local ifid. See
4387 * if we can do something for him. We'll drop
4388 * him our address then.
4389 */
4390 if (len < 10 || l != 10)
4391 break;
4392 memset(&suggestaddr, 0, sizeof(suggestaddr));
4393 suggestaddr.s6_addr16[0] = htons(0xfe80);
4394 (void)in6_setscope(&suggestaddr, &sp->pp_if, NULL);
4395 memcpy(&suggestaddr.s6_addr[8], &p[2], 8);
4396
4397 SET(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_IFID);
4398 if (debug)
4399 addlog(" [suggestaddr %s]",
4400 IN6_PRINT(ip6buf, &suggestaddr));
4401 #ifdef IPV6CP_MYIFID_DYN
4402 /*
4403 * When doing dynamic address assignment,
4404 * we accept his offer.
4405 */
4406 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) {
4407 struct in6_addr lastsuggest;
4408 /*
4409 * If <suggested myaddr from peer> equals to
4410 * <hisaddr we have suggested last time>,
4411 * we have a collision. generate new random
4412 * ifid.
4413 */
4414 sppp_suggest_ip6_addr(&lastsuggest);
4415 if (IN6_ARE_ADDR_EQUAL(&suggestaddr,
4416 lastsuggest)) {
4417 if (debug)
4418 addlog(" [random]");
4419 sppp_gen_ip6_addr(sp, &suggestaddr);
4420 }
4421 sppp_set_ip6_addr(sp, &suggestaddr, 0);
4422 if (debug)
4423 addlog(" [agree]");
4424 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN;
4425 }
4426 #else
4427 /*
4428 * Since we do not do dynamic address assignment,
4429 * we ignore it and thus continue to negotiate
4430 * our already existing value. This can possibly
4431 * go into infinite request-reject loop.
4432 *
4433 * This is not likely because we normally use
4434 * ifid based on MAC-address.
4435 * If you have no ethernet card on the node, too bad.
4436 * XXX should we use fail_counter?
4437 */
4438 #endif
4439 break;
4440 #ifdef notyet
4441 case IPV6CP_OPT_COMPRESS:
4442 /*
4443 * Peer wants different compression parameters.
4444 */
4445 break;
4446 #endif
4447 }
4448 }
4449 if (debug)
4450 addlog("\n");
4451 end:
4452 return;
4453 }
4454
4455 static void
4456 sppp_ipv6cp_tlu(struct sppp *sp)
4457 {
4458 struct ifnet *ifp;
4459
4460 KASSERT(SPPP_WLOCKED(sp));
4461
4462 SPPP_LOG(sp, LOG_INFO, "IPv6CP layer up\n");
4463 ifp = &sp->pp_if;
4464 /* we are up - notify isdn daemon */
4465 sppp_notify_con_wlocked(sp);
4466 rt_ifmsg(ifp);
4467 }
4468
4469 static void
4470 sppp_ipv6cp_tld(struct sppp *sp)
4471 {
4472 struct ifnet *ifp;
4473
4474 KASSERT(SPPP_WLOCKED(sp));
4475
4476 SPPP_LOG(sp, LOG_INFO, "IPv6CP layer down\n");
4477 ifp = &sp->pp_if;
4478 rt_ifmsg(ifp);
4479 }
4480
4481 static void
4482 sppp_ipv6cp_scr(struct sppp *sp)
4483 {
4484 char opt[10 /* ifid */ + 4 /* compression, minimum */];
4485 struct in6_addr ouraddr;
4486 int i = 0;
4487
4488 KASSERT(SPPP_WLOCKED(sp));
4489
4490 if (ISSET(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_IFID)) {
4491 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0);
4492
4493 opt[i++] = IPV6CP_OPT_IFID;
4494 opt[i++] = 10;
4495 memcpy(&opt[i], &ouraddr.s6_addr[8], 8);
4496 i += 8;
4497 }
4498
4499 #ifdef notyet
4500 if (ISSET(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_COMPRESSION)) {
4501 opt[i++] = IPV6CP_OPT_COMPRESSION;
4502 opt[i++] = 4;
4503 opt[i++] = 0; /* TBD */
4504 opt[i++] = 0; /* TBD */
4505 /* variable length data may follow */
4506 }
4507 #endif
4508
4509 sp->scp[IDX_IPV6CP].confid = ++sp->scp[IDX_IPV6CP].seq;
4510 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->scp[IDX_IPV6CP].confid, i, &opt);
4511 }
4512 #else /*INET6*/
4513 static void
4514 sppp_ipv6cp_init(struct sppp *sp)
4515 {
4516
4517 KASSERT(SPPP_WLOCKED(sp));
4518 }
4519
4520 static void
4521 sppp_ipv6cp_open(struct sppp *sp, void *xcp)
4522 {
4523
4524 KASSERT(SPPP_WLOCKED(sp));
4525 }
4526
4527 static enum cp_rcr_type
4528 sppp_ipv6cp_confreq(struct sppp *sp, struct lcp_header *h,
4529 int len, uint8_t **msgbuf, size_t *buflen, size_t *msglen)
4530 {
4531
4532 KASSERT(SPPP_WLOCKED(sp));
4533 return 0;
4534 }
4535
4536 static void
4537 sppp_ipv6cp_confrej(struct sppp *sp, struct lcp_header *h,
4538 int len)
4539 {
4540
4541 KASSERT(SPPP_WLOCKED(sp));
4542 }
4543
4544 static void
4545 sppp_ipv6cp_confnak(struct sppp *sp, struct lcp_header *h,
4546 int len)
4547 {
4548
4549 KASSERT(SPPP_WLOCKED(sp));
4550 }
4551
4552 static void
4553 sppp_ipv6cp_tlu(struct sppp *sp)
4554 {
4555
4556 KASSERT(SPPP_WLOCKED(sp));
4557 }
4558
4559 static void
4560 sppp_ipv6cp_tld(struct sppp *sp)
4561 {
4562
4563 KASSERT(SPPP_WLOCKED(sp));
4564 }
4565
4566 static void
4567 sppp_ipv6cp_scr(struct sppp *sp)
4568 {
4569
4570 KASSERT(SPPP_WLOCKED(sp));
4571 }
4572 #endif /*INET6*/
4573
4574 /*
4575 *--------------------------------------------------------------------------*
4576 * *
4577 * The CHAP implementation. *
4578 * *
4579 *--------------------------------------------------------------------------*
4580 */
4581 /*
4582 * The authentication protocols is implemented on the state machine for
4583 * control protocols. And it uses following actions and events.
4584 *
4585 * Actions:
4586 * - scr: send CHAP_CHALLENGE and CHAP_RESPONSE
4587 * - sca: send CHAP_SUCCESS
4588 * - scn: send CHAP_FAILURE and shutdown lcp
4589 * Events:
4590 * - RCR+: receive CHAP_RESPONSE containing correct digest
4591 * - RCR-: receive CHAP_RESPONSE containing wrong digest
4592 * - RCA: receive CHAP_SUCCESS
4593 * - RCN: (this event is unused)
4594 * - TO+: re-send CHAP_CHALLENGE and CHAP_RESPONSE
4595 * - TO-: this layer finish
4596 */
4597
4598 /*
4599 * Handle incoming CHAP packets.
4600 */
4601 void
4602 sppp_chap_input(struct sppp *sp, struct mbuf *m)
4603 {
4604 struct ifnet *ifp;
4605 struct lcp_header *h;
4606 int len, x;
4607 u_char *value, *name, digest[sizeof(sp->chap.challenge)];
4608 int value_len, name_len;
4609 MD5_CTX ctx;
4610 char abuf[SPPP_AUTHTYPE_NAMELEN];
4611 const char *authname;
4612 bool debug;
4613
4614 ifp = &sp->pp_if;
4615 debug = sppp_debug_enabled(sp);
4616 len = m->m_pkthdr.len;
4617 if (len < 4) {
4618 SPPP_DLOG(sp, "chap invalid packet length: "
4619 "%d bytes\n", len);
4620 return;
4621 }
4622 h = mtod(m, struct lcp_header *);
4623 if (len > ntohs(h->len))
4624 len = ntohs(h->len);
4625
4626 SPPP_LOCK(sp, RW_WRITER);
4627
4628 switch (h->type) {
4629 /* challenge, failure and success are his authproto */
4630 case CHAP_CHALLENGE:
4631 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) {
4632 /* can't do anything useful */
4633 sp->pp_auth_failures++;
4634 SPPP_DLOG(sp, "chap input "
4635 "without my name and my secret being set\n");
4636 break;
4637 }
4638 value = 1 + (u_char *)(h + 1);
4639 value_len = value[-1];
4640 name = value + value_len;
4641 name_len = len - value_len - 5;
4642 if (name_len < 0) {
4643 if (debug) {
4644 authname = sppp_auth_type_name(abuf,
4645 sizeof(abuf), PPP_CHAP, h->type);
4646 SPPP_LOG(sp, LOG_DEBUG,
4647 "chap corrupted challenge "
4648 "<%s id=0x%x len=%d",
4649 authname, h->ident, ntohs(h->len));
4650 if (len > 4)
4651 sppp_print_bytes((u_char *)(h + 1),
4652 len - 4);
4653 addlog(">\n");
4654 }
4655 break;
4656 }
4657
4658 if (debug) {
4659 authname = sppp_auth_type_name(abuf,
4660 sizeof(abuf), PPP_CHAP, h->type);
4661 SPPP_LOG(sp, LOG_DEBUG,
4662 "chap input <%s id=0x%x len=%d name=",
4663 authname, h->ident, ntohs(h->len));
4664 sppp_print_string((char *) name, name_len);
4665 addlog(" value-size=%d value=", value_len);
4666 sppp_print_bytes(value, value_len);
4667 addlog(">\n");
4668 }
4669
4670 /* Compute reply value. */
4671 MD5Init(&ctx);
4672 MD5Update(&ctx, &h->ident, 1);
4673 MD5Update(&ctx, sp->myauth.secret, sp->myauth.secret_len);
4674 MD5Update(&ctx, value, value_len);
4675 MD5Final(sp->chap.digest, &ctx);
4676 sp->chap.digest_len = sizeof(sp->chap.digest);
4677 sp->scp[IDX_CHAP].rconfid = h->ident;
4678
4679 sppp_wq_add(sp->wq_cp, &sp->chap.work_challenge_rcvd);
4680 break;
4681
4682 case CHAP_SUCCESS:
4683 if (debug) {
4684 SPPP_LOG(sp, LOG_DEBUG, "chap success");
4685 if (len > 4) {
4686 addlog(": ");
4687 sppp_print_string((char *)(h + 1), len - 4);
4688 }
4689 addlog("\n");
4690 }
4691
4692 if (h->ident != sp->scp[IDX_CHAP].rconfid) {
4693 SPPP_DLOG(sp, "%s id mismatch 0x%x != 0x%x\n",
4694 chap.name, h->ident,
4695 sp->scp[IDX_CHAP].rconfid);
4696 if_statinc(ifp, if_ierrors);
4697 break;
4698 }
4699
4700 if (sp->chap.digest_len == 0) {
4701 SPPP_DLOG(sp, "receive CHAP success"
4702 " without challenge\n");
4703 if_statinc(ifp, if_ierrors);
4704 break;
4705 }
4706
4707 x = splnet();
4708 sp->pp_auth_failures = 0;
4709 sp->pp_flags &= ~PP_NEEDAUTH;
4710 splx(x);
4711 memset(sp->chap.digest, 0, sizeof(sp->chap.digest));
4712 sp->chap.digest_len = 0;
4713
4714 if (!ISSET(sppp_auth_role(&chap, sp), SPPP_AUTH_SERV)) {
4715 /*
4716 * we are not authenticator for CHAP,
4717 * generate a dummy RCR+ event without CHAP_RESPONSE
4718 */
4719 sp->scp[IDX_CHAP].rcr_type = CP_RCR_ACK;
4720 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rcr);
4721 }
4722 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rca);
4723 break;
4724
4725 case CHAP_FAILURE:
4726 if (h->ident != sp->scp[IDX_CHAP].rconfid) {
4727 SPPP_DLOG(sp, "%s id mismatch 0x%x != 0x%x\n",
4728 chap.name, h->ident, sp->scp[IDX_CHAP].rconfid);
4729 if_statinc(ifp, if_ierrors);
4730 break;
4731 }
4732
4733 if (sp->chap.digest_len == 0) {
4734 SPPP_DLOG(sp, "receive CHAP failure "
4735 "without challenge\n");
4736 if_statinc(ifp, if_ierrors);
4737 break;
4738 }
4739
4740 x = splnet();
4741 sp->pp_auth_failures++;
4742 splx(x);
4743 SPPP_LOG(sp, LOG_INFO, "chap failure");
4744 if (debug) {
4745 if (len > 4) {
4746 addlog(": ");
4747 sppp_print_string((char *)(h + 1), len - 4);
4748 }
4749 }
4750 addlog("\n");
4751
4752 memset(sp->chap.digest, 0, sizeof(sp->chap.digest));
4753 sp->chap.digest_len = 0;
4754 /*
4755 * await LCP shutdown by authenticator,
4756 * so we don't have to enqueue sc->scp[IDX_CHAP].work_rcn
4757 */
4758 break;
4759
4760 /* response is my authproto */
4761 case CHAP_RESPONSE:
4762 if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) {
4763 /* can't do anything useful */
4764 SPPP_DLOG(sp, "chap response "
4765 "without his name and his secret being set\n");
4766 break;
4767 }
4768 value = 1 + (u_char *)(h + 1);
4769 value_len = value[-1];
4770 name = value + value_len;
4771 name_len = len - value_len - 5;
4772 if (name_len < 0) {
4773 if (debug) {
4774 authname = sppp_auth_type_name(abuf,
4775 sizeof(abuf), PPP_CHAP, h->type);
4776 SPPP_LOG(sp, LOG_DEBUG,
4777 "chap corrupted response "
4778 "<%s id=0x%x len=%d",
4779 authname, h->ident, ntohs(h->len));
4780 if (len > 4)
4781 sppp_print_bytes((u_char *)(h + 1),
4782 len - 4);
4783 addlog(">\n");
4784 }
4785 break;
4786 }
4787 if (h->ident != sp->scp[IDX_CHAP].confid) {
4788 SPPP_DLOG(sp, "chap dropping response for old ID "
4789 "(got %d, expected %d)\n",
4790 h->ident, sp->scp[IDX_CHAP].confid);
4791 break;
4792 } else {
4793 sp->scp[IDX_CHAP].rconfid = h->ident;
4794 }
4795
4796 if (sp->hisauth.name != NULL &&
4797 (name_len != sp->hisauth.name_len
4798 || memcmp(name, sp->hisauth.name, name_len) != 0)) {
4799 SPPP_LOG(sp, LOG_INFO,
4800 "chap response, his name ");
4801 sppp_print_string(name, name_len);
4802 addlog(" != expected ");
4803 sppp_print_string(sp->hisauth.name,
4804 sp->hisauth.name_len);
4805 addlog("\n");
4806
4807 /* generate RCR- event */
4808 sp->scp[IDX_CHAP].rcr_type = CP_RCR_NAK;
4809 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rcr);
4810 break;
4811 }
4812
4813 if (debug) {
4814 authname = sppp_auth_type_name(abuf,
4815 sizeof(abuf), PPP_CHAP, h->type);
4816 SPPP_LOG(sp, LOG_DEBUG, "chap input(%s) "
4817 "<%s id=0x%x len=%d name=",
4818 sppp_state_name(sp->scp[IDX_CHAP].state),
4819 authname, h->ident, ntohs(h->len));
4820 sppp_print_string((char *)name, name_len);
4821 addlog(" value-size=%d value=", value_len);
4822 sppp_print_bytes(value, value_len);
4823 addlog(">\n");
4824 }
4825
4826 if (value_len == sizeof(sp->chap.challenge) &&
4827 value_len == sizeof(sp->chap.digest)) {
4828 MD5Init(&ctx);
4829 MD5Update(&ctx, &h->ident, 1);
4830 MD5Update(&ctx, sp->hisauth.secret, sp->hisauth.secret_len);
4831 MD5Update(&ctx, sp->chap.challenge, sizeof(sp->chap.challenge));
4832 MD5Final(digest, &ctx);
4833
4834 if (memcmp(digest, value, value_len) == 0) {
4835 sp->scp[IDX_CHAP].rcr_type = CP_RCR_ACK;
4836 } else {
4837 sp->scp[IDX_CHAP].rcr_type = CP_RCR_NAK;
4838 }
4839 } else {
4840 if (debug) {
4841 SPPP_LOG(sp, LOG_DEBUG,
4842 "chap bad hash value length: "
4843 "%d bytes, should be %zu\n",
4844 value_len, sizeof(sp->chap.challenge));
4845 }
4846
4847 sp->scp[IDX_CHAP].rcr_type = CP_RCR_NAK;
4848 }
4849
4850 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rcr);
4851
4852 /* generate a dummy RCA event */
4853 if (sp->scp[IDX_CHAP].rcr_type == CP_RCR_ACK &&
4854 (!ISSET(sppp_auth_role(&chap, sp), SPPP_AUTH_PEER) ||
4855 sp->chap.rechallenging)) {
4856 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rca);
4857 }
4858 break;
4859
4860 default:
4861 /* Unknown CHAP packet type -- ignore. */
4862 if (debug) {
4863 SPPP_LOG(sp, LOG_DEBUG, "chap unknown input(%s) "
4864 "<0x%x id=0x%xh len=%d",
4865 sppp_state_name(sp->scp[IDX_CHAP].state),
4866 h->type, h->ident, ntohs(h->len));
4867 if (len > 4)
4868 sppp_print_bytes((u_char *)(h + 1), len - 4);
4869 addlog(">\n");
4870 }
4871 break;
4872
4873 }
4874
4875 SPPP_UNLOCK(sp);
4876 }
4877
4878 static void
4879 sppp_chap_init(struct sppp *sp)
4880 {
4881
4882 KASSERT(SPPP_WLOCKED(sp));
4883
4884 sppp_cp_init(&chap, sp);
4885
4886 SPPP_WQ_SET(&sp->chap.work_challenge_rcvd,
4887 sppp_chap_rcv_challenge_event, &chap);
4888 }
4889
4890 static void
4891 sppp_chap_open(struct sppp *sp, void *xcp)
4892 {
4893
4894 KASSERT(SPPP_WLOCKED(sp));
4895
4896 memset(sp->chap.digest, 0, sizeof(sp->chap.digest));
4897 sp->chap.digest_len = 0;
4898 sp->chap.rechallenging = false;
4899 sp->chap.response_rcvd = false;
4900 sppp_open_event(sp, xcp);
4901 }
4902
4903 static void
4904 sppp_chap_tlu(struct sppp *sp)
4905 {
4906 int i, x;
4907
4908 KASSERT(SPPP_WLOCKED(sp));
4909
4910 i = 0;
4911 sp->scp[IDX_CHAP].rst_counter = sp->lcp.max_configure;
4912 x = splnet();
4913 sp->pp_auth_failures = 0;
4914 splx(x);
4915
4916 SPPP_LOG(sp, LOG_DEBUG, "chap %s",
4917 sp->pp_phase == SPPP_PHASE_NETWORK ? "reconfirmed" : "tlu");
4918
4919 /*
4920 * Some broken CHAP implementations (Conware CoNet, firmware
4921 * 4.0.?) don't want to re-authenticate their CHAP once the
4922 * initial challenge-response exchange has taken place.
4923 * Provide for an option to avoid rechallenges.
4924 */
4925 if (ISSET(sppp_auth_role(&chap, sp), SPPP_AUTH_SERV) &&
4926 (sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) {
4927 /*
4928 * Compute the re-challenge timeout. This will yield
4929 * a number between 300 and 810 seconds.
4930 */
4931 i = 300 + ((unsigned)(cprng_fast32() & 0xff00) >> 7);
4932 callout_schedule(&sp->scp[IDX_CHAP].ch, i * hz);
4933
4934 if (sppp_debug_enabled(sp)) {
4935 addlog(", next rechallenge in %d seconds", i);
4936 }
4937 }
4938
4939 addlog("\n");
4940
4941 /*
4942 * If we are already in phase network, we are done here. This
4943 * is the case if this is a dummy tlu event after a re-challenge.
4944 */
4945 if (sp->pp_phase != SPPP_PHASE_NETWORK)
4946 sppp_phase_network(sp);
4947 }
4948
4949 static void
4950 sppp_chap_scr(struct sppp *sp)
4951 {
4952 uint32_t *ch;
4953 u_char clen, dsize;
4954 int role;
4955
4956 KASSERT(SPPP_WLOCKED(sp));
4957
4958 role = sppp_auth_role(&chap, sp);
4959
4960 if (ISSET(role, SPPP_AUTH_SERV) &&
4961 !sp->chap.response_rcvd) {
4962 /* we are authenticator for CHAP, send challenge */
4963 ch = (uint32_t *)sp->chap.challenge;
4964 clen = sizeof(sp->chap.challenge);
4965 /* Compute random challenge. */
4966 cprng_strong(kern_cprng, ch, clen, 0);
4967
4968 sp->scp[IDX_CHAP].confid = ++sp->scp[IDX_CHAP].seq;
4969 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->scp[IDX_CHAP].confid,
4970 sizeof(clen), (const char *)&clen,
4971 sizeof(sp->chap.challenge), sp->chap.challenge,
4972 0);
4973 }
4974
4975 if (ISSET(role, SPPP_AUTH_PEER) &&
4976 sp->chap.digest_len > 0) {
4977 /* we are peer for CHAP, send response */
4978 dsize = sp->chap.digest_len;
4979
4980 sppp_auth_send(&chap, sp, CHAP_RESPONSE, sp->scp[IDX_CHAP].rconfid,
4981 sizeof(dsize), (const char *)&dsize,
4982 sp->chap.digest_len, sp->chap.digest,
4983 sp->myauth.name_len, sp->myauth.name, 0);
4984 }
4985 }
4986
4987 static void
4988 sppp_chap_rcv_challenge_event(struct sppp *sp, void *xcp)
4989 {
4990 const struct cp *cp = xcp;
4991
4992 KASSERT(!cpu_softintr_p());
4993
4994 sp->chap.rechallenging = false;
4995
4996 switch (sp->scp[IDX_CHAP].state) {
4997 case STATE_REQ_SENT:
4998 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
4999 cp->scr(sp);
5000 break;
5001 case STATE_OPENED:
5002 sppp_cp_change_state(cp, sp, STATE_ACK_SENT);
5003 cp->scr(sp);
5004 break;
5005 }
5006 }
5007
5008 /*
5009 *--------------------------------------------------------------------------*
5010 * *
5011 * The PAP implementation. *
5012 * *
5013 *--------------------------------------------------------------------------*
5014 */
5015 /*
5016 * PAP uses following actions and events.
5017 * Actions:
5018 * - scr: send PAP_REQ
5019 * - sca: send PAP_ACK
5020 * - scn: send PAP_NAK
5021 * Events:
5022 * - RCR+: receive PAP_REQ containing correct username and password
5023 * - RCR-: receive PAP_REQ containing wrong username and password
5024 * - RCA: receive PAP_ACK
5025 * - RCN: (this event is unused)
5026 * - TO+: re-send PAP_REQ
5027 * - TO-: this layer finish
5028 */
5029
5030 /*
5031 * Handle incoming PAP packets. */
5032 static void
5033 sppp_pap_input(struct sppp *sp, struct mbuf *m)
5034 {
5035 struct ifnet *ifp;
5036 struct lcp_header *h;
5037 int len, x;
5038 char *name, *secret;
5039 int name_len, secret_len;
5040 char abuf[SPPP_AUTHTYPE_NAMELEN];
5041 const char *authname;
5042 bool debug;
5043
5044 ifp = &sp->pp_if;
5045 debug = sppp_debug_enabled(sp);
5046
5047 /*
5048 * Malicious input might leave this uninitialized, so
5049 * init to an impossible value.
5050 */
5051 secret_len = -1;
5052
5053 len = m->m_pkthdr.len;
5054 if (len < 5) {
5055 SPPP_DLOG(sp, "pap invalid packet length: "
5056 "%d bytes\n", len);
5057 return;
5058 }
5059 h = mtod(m, struct lcp_header *);
5060 if (len > ntohs(h->len))
5061 len = ntohs(h->len);
5062
5063 SPPP_LOCK(sp, RW_WRITER);
5064
5065 switch (h->type) {
5066 /* PAP request is my authproto */
5067 case PAP_REQ:
5068 if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) {
5069 /* can't do anything useful */
5070 SPPP_DLOG(sp, "pap request"
5071 " without his name and his secret being set\n");
5072 break;
5073 }
5074 name = 1 + (u_char *)(h + 1);
5075 name_len = name[-1];
5076 secret = name + name_len + 1;
5077 if (name_len > len - 6 ||
5078 (secret_len = secret[-1]) > len - 6 - name_len) {
5079 if (debug) {
5080 authname = sppp_auth_type_name(abuf,
5081 sizeof(abuf), PPP_PAP, h->type);
5082 SPPP_LOG(sp, LOG_DEBUG, "pap corrupted input "
5083 "<%s id=0x%x len=%d",
5084 authname, h->ident, ntohs(h->len));
5085 if (len > 4)
5086 sppp_print_bytes((u_char *)(h + 1),
5087 len - 4);
5088 addlog(">\n");
5089 }
5090 break;
5091 }
5092 if (debug) {
5093 authname = sppp_auth_type_name(abuf,
5094 sizeof(abuf), PPP_PAP, h->type);
5095 SPPP_LOG(sp, LOG_DEBUG, "pap input(%s) "
5096 "<%s id=0x%x len=%d name=",
5097 sppp_state_name(sp->scp[IDX_PAP].state),
5098 authname, h->ident, ntohs(h->len));
5099 sppp_print_string((char *)name, name_len);
5100 addlog(" secret=");
5101 sppp_print_string((char *)secret, secret_len);
5102 addlog(">\n");
5103 }
5104
5105 sp->scp[IDX_PAP].rconfid = h->ident;
5106
5107 if (name_len == sp->hisauth.name_len &&
5108 memcmp(name, sp->hisauth.name, name_len) == 0 &&
5109 secret_len == sp->hisauth.secret_len &&
5110 memcmp(secret, sp->hisauth.secret, secret_len) == 0) {
5111 sp->scp[IDX_PAP].rcr_type = CP_RCR_ACK;
5112 } else {
5113 sp->scp[IDX_PAP].rcr_type = CP_RCR_NAK;
5114 }
5115
5116 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rcr);
5117
5118 /* generate a dummy RCA event */
5119 if (sp->scp[IDX_PAP].rcr_type == CP_RCR_ACK &&
5120 !ISSET(sppp_auth_role(&pap, sp), SPPP_AUTH_PEER)) {
5121 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rca);
5122 }
5123 break;
5124
5125 /* ack and nak are his authproto */
5126 case PAP_ACK:
5127 if (debug) {
5128 SPPP_LOG(sp, LOG_DEBUG, "pap success");
5129 name = 1 + (u_char *)(h + 1);
5130 name_len = name[-1];
5131 if (len > 5 && name_len < len+4) {
5132 addlog(": ");
5133 sppp_print_string(name, name_len);
5134 }
5135 addlog("\n");
5136 }
5137
5138 if (h->ident != sp->scp[IDX_PAP].confid) {
5139 SPPP_DLOG(sp, "%s id mismatch 0x%x != 0x%x\n",
5140 pap.name, h->ident, sp->scp[IDX_PAP].rconfid);
5141 if_statinc(ifp, if_ierrors);
5142 break;
5143 }
5144
5145 x = splnet();
5146 sp->pp_auth_failures = 0;
5147 sp->pp_flags &= ~PP_NEEDAUTH;
5148 splx(x);
5149
5150 /* we are not authenticator, generate a dummy RCR+ event */
5151 if (!ISSET(sppp_auth_role(&pap, sp), SPPP_AUTH_SERV)) {
5152 sp->scp[IDX_PAP].rcr_type = CP_RCR_ACK;
5153 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rcr);
5154 }
5155
5156 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rca);
5157 break;
5158
5159 case PAP_NAK:
5160 if (debug) {
5161 SPPP_LOG(sp, LOG_INFO, "pap failure");
5162 name = 1 + (u_char *)(h + 1);
5163 name_len = name[-1];
5164 if (len > 5 && name_len < len+4) {
5165 addlog(": ");
5166 sppp_print_string(name, name_len);
5167 }
5168 addlog("\n");
5169 } else {
5170 SPPP_LOG(sp, LOG_INFO, "pap failure\n");
5171 }
5172
5173 if (h->ident != sp->scp[IDX_PAP].confid) {
5174 SPPP_DLOG(sp, "%s id mismatch 0x%x != 0x%x\n",
5175 pap.name, h->ident, sp->scp[IDX_PAP].rconfid);
5176 if_statinc(ifp, if_ierrors);
5177 break;
5178 }
5179
5180 sp->pp_auth_failures++;
5181 /*
5182 * await LCP shutdown by authenticator,
5183 * so we don't have to enqueue sc->scp[IDX_PAP].work_rcn
5184 */
5185 break;
5186
5187 default:
5188 /* Unknown PAP packet type -- ignore. */
5189 if (debug) {
5190 SPPP_LOG(sp, LOG_DEBUG, "pap corrupted input "
5191 "<0x%x id=0x%x len=%d",
5192 h->type, h->ident, ntohs(h->len));
5193 if (len > 4)
5194 sppp_print_bytes((u_char *)(h + 1), len - 4);
5195 addlog(">\n");
5196 }
5197 break;
5198 }
5199
5200 SPPP_UNLOCK(sp);
5201 }
5202
5203 static void
5204 sppp_pap_init(struct sppp *sp)
5205 {
5206
5207 KASSERT(SPPP_WLOCKED(sp));
5208 sppp_cp_init(&pap, sp);
5209 }
5210
5211 static void
5212 sppp_pap_tlu(struct sppp *sp)
5213 {
5214 int x;
5215
5216 SPPP_DLOG(sp, "%s tlu\n", pap.name);
5217
5218 sp->scp[IDX_PAP].rst_counter = sp->lcp.max_configure;
5219 x = splnet();
5220 sp->pp_auth_failures = 0;
5221 splx(x);
5222
5223 if (sp->pp_phase < SPPP_PHASE_NETWORK)
5224 sppp_phase_network(sp);
5225 }
5226
5227 static void
5228 sppp_pap_scr(struct sppp *sp)
5229 {
5230 u_char idlen, pwdlen;
5231
5232 KASSERT(SPPP_WLOCKED(sp));
5233
5234 if (ISSET(sppp_auth_role(&pap, sp), SPPP_AUTH_PEER) &&
5235 sp->scp[IDX_PAP].state != STATE_ACK_RCVD) {
5236 if (sp->myauth.secret == NULL ||
5237 sp->myauth.name == NULL) {
5238 SPPP_LOG(sp, LOG_DEBUG,
5239 "couldn't send PAP_REQ "
5240 "because of no name or no secret\n");
5241 } else {
5242 sp->scp[IDX_PAP].confid = ++sp->scp[IDX_PAP].seq;
5243 pwdlen = sp->myauth.secret_len;
5244 idlen = sp->myauth.name_len;
5245
5246 sppp_auth_send(&pap, sp, PAP_REQ, sp->scp[IDX_PAP].confid,
5247 sizeof idlen, (const char *)&idlen,
5248 idlen, sp->myauth.name,
5249 sizeof pwdlen, (const char *)&pwdlen,
5250 pwdlen, sp->myauth.secret,
5251 0);
5252 }
5253 }
5254 }
5255
5256 /*
5257 * Random miscellaneous functions.
5258 */
5259
5260 /*
5261 * Send a PAP or CHAP proto packet.
5262 *
5263 * Varadic function, each of the elements for the ellipsis is of type
5264 * ``size_t mlen, const u_char *msg''. Processing will stop iff
5265 * mlen == 0.
5266 * NOTE: never declare variadic functions with types subject to type
5267 * promotion (i.e. u_char). This is asking for big trouble depending
5268 * on the architecture you are on...
5269 */
5270
5271 static void
5272 sppp_auth_send(const struct cp *cp, struct sppp *sp,
5273 unsigned int type, unsigned int id,
5274 ...)
5275 {
5276 struct ifnet *ifp;
5277 struct lcp_header *lh;
5278 struct mbuf *m;
5279 u_char *p;
5280 int len;
5281 size_t pkthdrlen;
5282 unsigned int mlen;
5283 const char *msg;
5284 va_list ap;
5285
5286 KASSERT(SPPP_WLOCKED(sp));
5287
5288 ifp = &sp->pp_if;
5289
5290 MGETHDR(m, M_DONTWAIT, MT_DATA);
5291 if (! m)
5292 return;
5293 m_reset_rcvif(m);
5294
5295 if (sp->pp_flags & PP_NOFRAMING) {
5296 *mtod(m, uint16_t *) = htons(cp->proto);
5297 pkthdrlen = 2;
5298 lh = (struct lcp_header *)(mtod(m, uint8_t *)+2);
5299 } else {
5300 struct ppp_header *h;
5301 h = mtod(m, struct ppp_header *);
5302 h->address = PPP_ALLSTATIONS; /* broadcast address */
5303 h->control = PPP_UI; /* Unnumbered Info */
5304 h->protocol = htons(cp->proto);
5305 pkthdrlen = PPP_HEADER_LEN;
5306
5307 lh = (struct lcp_header *)(h + 1);
5308 }
5309
5310 lh->type = type;
5311 lh->ident = id;
5312 p = (u_char *)(lh + 1);
5313
5314 va_start(ap, id);
5315 len = 0;
5316
5317 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) {
5318 msg = va_arg(ap, const char *);
5319 len += mlen;
5320 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) {
5321 va_end(ap);
5322 m_freem(m);
5323 return;
5324 }
5325
5326 memcpy(p, msg, mlen);
5327 p += mlen;
5328 }
5329 va_end(ap);
5330
5331 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len;
5332 lh->len = htons(LCP_HEADER_LEN + len);
5333
5334 if (sppp_debug_enabled(sp)) {
5335 char abuf[SPPP_AUTHTYPE_NAMELEN];
5336 const char *authname;
5337
5338 authname = sppp_auth_type_name(abuf,
5339 sizeof(abuf), cp->proto, lh->type);
5340 SPPP_LOG(sp, LOG_DEBUG, "%s output <%s id=0x%x len=%d",
5341 cp->name, authname,
5342 lh->ident, ntohs(lh->len));
5343 if (len)
5344 sppp_print_bytes((u_char *)(lh + 1), len);
5345 addlog(">\n");
5346 }
5347 if (IF_QFULL(&sp->pp_cpq)) {
5348 IF_DROP(&sp->pp_fastq);
5349 IF_DROP(&ifp->if_snd);
5350 m_freem(m);
5351 if_statinc(ifp, if_oerrors);
5352 return;
5353 }
5354
5355 if_statadd(ifp, if_obytes, m->m_pkthdr.len + sp->pp_framebytes);
5356 IF_ENQUEUE(&sp->pp_cpq, m);
5357
5358 if (! (ifp->if_flags & IFF_OACTIVE)) {
5359 SPPP_UNLOCK(sp);
5360 if_start_lock(ifp);
5361 SPPP_LOCK(sp, RW_WRITER);
5362 }
5363 }
5364
5365 static int
5366 sppp_auth_role(const struct cp *cp, struct sppp *sp)
5367 {
5368 int role;
5369
5370 role = SPPP_AUTH_NOROLE;
5371
5372 if (sp->hisauth.proto == cp->proto &&
5373 ISSET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO))
5374 SET(role, SPPP_AUTH_SERV);
5375
5376 if (sp->myauth.proto == cp->proto)
5377 SET(role, SPPP_AUTH_PEER);
5378
5379 return role;
5380 }
5381
5382 static void
5383 sppp_auth_to_event(struct sppp *sp, void *xcp)
5384 {
5385 const struct cp *cp = xcp;
5386 bool override;
5387 int state;
5388
5389 KASSERT(SPPP_WLOCKED(sp));
5390 KASSERT(!cpu_softintr_p());
5391
5392 override = false;
5393 state = sp->scp[cp->protoidx].state;
5394
5395 if (sp->scp[cp->protoidx].rst_counter > 0) {
5396 /* override TO+ event */
5397 switch (state) {
5398 case STATE_OPENED:
5399 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) {
5400 override = true;
5401 sp->chap.rechallenging = true;
5402 sp->chap.response_rcvd = false;
5403 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
5404 cp->scr(sp);
5405 }
5406 break;
5407
5408 case STATE_ACK_RCVD:
5409 override = true;
5410 cp->scr(sp);
5411 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout);
5412 break;
5413 }
5414 }
5415
5416 if (override) {
5417 SPPP_DLOG(sp, "%s TO(%s) rst_counter = %d\n",
5418 cp->name, sppp_state_name(state),
5419 sp->scp[cp->protoidx].rst_counter);
5420 sp->scp[cp->protoidx].rst_counter--;
5421 } else {
5422 sppp_to_event(sp, xcp);
5423 }
5424 }
5425
5426 static void
5427 sppp_auth_screply(const struct cp *cp, struct sppp *sp, u_char ctype,
5428 uint8_t ident, size_t _mlen __unused, void *_msg __unused)
5429 {
5430 static const char *succmsg = "Welcome!";
5431 static const char *failmsg = "Failed...";
5432 const char *msg;
5433 u_char type, mlen;
5434
5435 KASSERT(SPPP_WLOCKED(sp));
5436
5437 if (!ISSET(sppp_auth_role(cp, sp), SPPP_AUTH_SERV))
5438 return;
5439
5440 if (ctype == CONF_ACK) {
5441 type = cp->proto == PPP_CHAP ? CHAP_SUCCESS : PAP_ACK;
5442 msg = succmsg;
5443 mlen = sizeof(succmsg) - 1;
5444
5445 sp->pp_auth_failures = 0;
5446 } else {
5447 type = cp->proto == PPP_CHAP ? CHAP_FAILURE : PAP_NAK;
5448 msg = failmsg;
5449 mlen = sizeof(failmsg) - 1;
5450
5451 /* shutdown LCP if auth failed */
5452 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close);
5453 sp->pp_auth_failures++;
5454 }
5455
5456 sppp_auth_send(cp, sp, type, ident, mlen, (const u_char *)msg, 0);
5457 }
5458
5459 /*
5460 * Send keepalive packets, every 10 seconds.
5461 */
5462 static void
5463 sppp_keepalive(void *dummy)
5464 {
5465 struct sppp *sp;
5466 int s;
5467 time_t now;
5468
5469 SPPPQ_LOCK();
5470
5471 s = splnet();
5472 now = time_uptime;
5473 for (sp=spppq; sp; sp=sp->pp_next) {
5474 struct ifnet *ifp = NULL;
5475
5476 SPPP_LOCK(sp, RW_WRITER);
5477 ifp = &sp->pp_if;
5478
5479 /* check idle timeout */
5480 if ((sp->pp_idle_timeout != 0) && (ifp->if_flags & IFF_RUNNING)
5481 && (sp->pp_phase == SPPP_PHASE_NETWORK)) {
5482 /* idle timeout is enabled for this interface */
5483 if ((now-sp->pp_last_activity) >= sp->pp_idle_timeout) {
5484 SPPP_DLOG(sp, "no activity for %lu seconds\n",
5485 (unsigned long)(now-sp->pp_last_activity));
5486 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close);
5487 SPPP_UNLOCK(sp);
5488 continue;
5489 }
5490 }
5491
5492 /* Keepalive mode disabled or channel down? */
5493 if (! (sp->pp_flags & PP_KEEPALIVE) ||
5494 ! (ifp->if_flags & IFF_RUNNING)) {
5495 SPPP_UNLOCK(sp);
5496 continue;
5497 }
5498
5499 /* No keepalive in PPP mode if LCP not opened yet. */
5500 if (sp->pp_phase < SPPP_PHASE_AUTHENTICATE) {
5501 SPPP_UNLOCK(sp);
5502 continue;
5503 }
5504
5505 /* No echo reply, but maybe user data passed through? */
5506 if (sp->pp_max_noreceive != 0 &&
5507 (now - sp->pp_last_receive) < sp->pp_max_noreceive) {
5508 sp->pp_alivecnt = 0;
5509 SPPP_UNLOCK(sp);
5510 continue;
5511 }
5512
5513 /* No echo request */
5514 if (sp->pp_alive_interval == 0) {
5515 SPPP_UNLOCK(sp);
5516 continue;
5517 }
5518
5519 /* send a ECHO_REQ once in sp->pp_alive_interval times */
5520 if ((sppp_keepalive_cnt % sp->pp_alive_interval) != 0) {
5521 SPPP_UNLOCK(sp);
5522 continue;
5523 }
5524
5525 if (sp->pp_alivecnt >= sp->pp_maxalive) {
5526 /* No keepalive packets got. Stop the interface. */
5527 if (sp->pp_flags & PP_KEEPALIVE_IFDOWN)
5528 sppp_wq_add(sp->wq_cp, &sp->work_ifdown);
5529
5530 SPPP_LOG(sp, LOG_INFO,"LCP keepalive timed out, "
5531 "going to restart the connection\n");
5532 sp->pp_alivecnt = 0;
5533
5534 /* we are down, close all open protocols */
5535 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close);
5536
5537 /* And now prepare LCP to reestablish the link, if configured to do so. */
5538 sp->lcp.reestablish = true;
5539
5540 SPPP_UNLOCK(sp);
5541 continue;
5542 }
5543 if (sp->pp_alivecnt < sp->pp_maxalive)
5544 ++sp->pp_alivecnt;
5545 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) {
5546 int32_t nmagic = htonl(sp->lcp.magic);
5547 sp->lcp.echoid = ++sp->scp[IDX_LCP].seq;
5548 sppp_cp_send(sp, PPP_LCP, ECHO_REQ,
5549 sp->lcp.echoid, 4, &nmagic);
5550 }
5551
5552 SPPP_UNLOCK(sp);
5553 }
5554 splx(s);
5555 sppp_keepalive_cnt++;
5556 callout_reset(&keepalive_ch, hz * SPPP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL);
5557
5558 SPPPQ_UNLOCK();
5559 }
5560
5561 #ifdef INET
5562 /*
5563 * Get both IP addresses.
5564 */
5565 static void
5566 sppp_get_ip_addrs(struct sppp *sp, uint32_t *src, uint32_t *dst, uint32_t *srcmask)
5567 {
5568 struct ifnet *ifp = &sp->pp_if;
5569 struct ifaddr *ifa;
5570 struct sockaddr_in *si, *sm;
5571 uint32_t ssrc, ddst;
5572 int bound, s;
5573 struct psref psref;
5574
5575 sm = NULL;
5576 ssrc = ddst = 0;
5577 /*
5578 * Pick the first AF_INET address from the list,
5579 * aliases don't make any sense on a p2p link anyway.
5580 */
5581 si = 0;
5582 bound = curlwp_bind();
5583 s = pserialize_read_enter();
5584 IFADDR_READER_FOREACH(ifa, ifp) {
5585 if (ifa->ifa_addr->sa_family == AF_INET) {
5586 si = (struct sockaddr_in *)ifa->ifa_addr;
5587 sm = (struct sockaddr_in *)ifa->ifa_netmask;
5588 if (si) {
5589 ifa_acquire(ifa, &psref);
5590 break;
5591 }
5592 }
5593 }
5594 pserialize_read_exit(s);
5595 if (ifa) {
5596 if (si && si->sin_addr.s_addr) {
5597 ssrc = si->sin_addr.s_addr;
5598 if (srcmask)
5599 *srcmask = ntohl(sm->sin_addr.s_addr);
5600 }
5601
5602 si = (struct sockaddr_in *)ifa->ifa_dstaddr;
5603 if (si && si->sin_addr.s_addr)
5604 ddst = si->sin_addr.s_addr;
5605 ifa_release(ifa, &psref);
5606 }
5607 curlwp_bindx(bound);
5608
5609 if (dst) *dst = ntohl(ddst);
5610 if (src) *src = ntohl(ssrc);
5611 }
5612
5613 /*
5614 * Set IP addresses. Must be called at splnet.
5615 * If an address is 0, leave it the way it is.
5616 */
5617 static void
5618 sppp_set_ip_addrs(struct sppp *sp)
5619 {
5620 struct ifnet *ifp;
5621 struct ifaddr *ifa;
5622 struct sockaddr_in *si, *dest;
5623 uint32_t myaddr = 0, hisaddr = 0;
5624 int s;
5625
5626 KASSERT(SPPP_WLOCKED(sp));
5627
5628 ifp = &sp->pp_if;
5629
5630 SPPP_UNLOCK(sp);
5631 IFNET_LOCK(ifp);
5632 SPPP_LOCK(sp, RW_WRITER);
5633
5634 /*
5635 * Pick the first AF_INET address from the list,
5636 * aliases don't make any sense on a p2p link anyway.
5637 */
5638 si = dest = NULL;
5639 s = pserialize_read_enter();
5640 IFADDR_READER_FOREACH(ifa, ifp) {
5641 if (ifa->ifa_addr->sa_family == AF_INET) {
5642 si = (struct sockaddr_in *)ifa->ifa_addr;
5643 dest = (struct sockaddr_in *)ifa->ifa_dstaddr;
5644 break;
5645 }
5646 }
5647 pserialize_read_exit(s);
5648
5649 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && (sp->ipcp.flags & IPCP_MYADDR_SEEN))
5650 myaddr = sp->ipcp.req_myaddr;
5651 else if (si != NULL)
5652 myaddr = ntohl(si->sin_addr.s_addr);
5653
5654 if ((sp->ipcp.flags & IPCP_HISADDR_DYN) && (sp->ipcp.flags & IPCP_HISADDR_SEEN))
5655 hisaddr = sp->ipcp.req_hisaddr;
5656 else if (dest != NULL)
5657 hisaddr = ntohl(dest->sin_addr.s_addr);
5658
5659 if (si != NULL && dest != NULL) {
5660 int error;
5661 struct sockaddr_in new_sin = *si;
5662 struct sockaddr_in new_dst = *dest;
5663
5664 if (myaddr != 0)
5665 new_sin.sin_addr.s_addr = htonl(myaddr);
5666 if (hisaddr != 0) {
5667 new_dst.sin_addr.s_addr = htonl(hisaddr);
5668 if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr)
5669 sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr;
5670 }
5671
5672 in_addrhash_remove(ifatoia(ifa));
5673
5674 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, &new_dst, 0);
5675
5676 in_addrhash_insert(ifatoia(ifa));
5677
5678 if (error) {
5679 SPPP_DLOG(sp, "%s: in_ifinit failed, error=%d\n",
5680 __func__, error);
5681 } else {
5682 pfil_run_addrhooks(if_pfil, SIOCAIFADDR, ifa);
5683 }
5684 }
5685
5686 IFNET_UNLOCK(ifp);
5687
5688 sppp_notify_con(sp);
5689 }
5690
5691 /*
5692 * Clear IP addresses. Must be called at splnet.
5693 */
5694 static void
5695 sppp_clear_ip_addrs(struct sppp *sp)
5696 {
5697 struct ifnet *ifp;
5698 struct ifaddr *ifa;
5699 struct sockaddr_in *si, *dest;
5700 int s;
5701
5702 KASSERT(SPPP_WLOCKED(sp));
5703
5704 ifp = &sp->pp_if;
5705
5706 SPPP_UNLOCK(sp);
5707 IFNET_LOCK(ifp);
5708 SPPP_LOCK(sp, RW_WRITER);
5709
5710 /*
5711 * Pick the first AF_INET address from the list,
5712 * aliases don't make any sense on a p2p link anyway.
5713 */
5714 si = dest = NULL;
5715 s = pserialize_read_enter();
5716 IFADDR_READER_FOREACH(ifa, ifp) {
5717 if (ifa->ifa_addr->sa_family == AF_INET) {
5718 si = (struct sockaddr_in *)ifa->ifa_addr;
5719 dest = (struct sockaddr_in *)ifa->ifa_dstaddr;
5720 break;
5721 }
5722 }
5723 pserialize_read_exit(s);
5724
5725 if (si != NULL) {
5726 struct sockaddr_in new_sin = *si;
5727 struct sockaddr_in new_dst = *dest;
5728 int error;
5729
5730 if (sp->ipcp.flags & IPCP_MYADDR_DYN)
5731 new_sin.sin_addr.s_addr = 0;
5732 if (sp->ipcp.flags & IPCP_HISADDR_DYN &&
5733 ntohl(sp->ipcp.saved_hisaddr) != 0)
5734 new_dst.sin_addr.s_addr = sp->ipcp.saved_hisaddr;
5735
5736 in_addrhash_remove(ifatoia(ifa));
5737
5738 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, &new_dst, 0);
5739
5740 in_addrhash_insert(ifatoia(ifa));
5741
5742 if (error) {
5743 SPPP_DLOG(sp, "%s: in_ifinit failed, error=%d\n",
5744 __func__, error);
5745 } else {
5746 pfil_run_addrhooks(if_pfil, SIOCAIFADDR, ifa);
5747 }
5748 }
5749
5750 IFNET_UNLOCK(ifp);
5751 }
5752 #endif
5753
5754 #ifdef INET6
5755 /*
5756 * Get both IPv6 addresses.
5757 */
5758 static void
5759 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst,
5760 struct in6_addr *srcmask)
5761 {
5762 struct ifnet *ifp = &sp->pp_if;
5763 struct ifaddr *ifa;
5764 struct sockaddr_in6 *si, *sm;
5765 struct in6_addr ssrc, ddst;
5766 int bound, s;
5767 struct psref psref;
5768
5769 sm = NULL;
5770 memset(&ssrc, 0, sizeof(ssrc));
5771 memset(&ddst, 0, sizeof(ddst));
5772 /*
5773 * Pick the first link-local AF_INET6 address from the list,
5774 * aliases don't make any sense on a p2p link anyway.
5775 */
5776 si = 0;
5777 bound = curlwp_bind();
5778 s = pserialize_read_enter();
5779 IFADDR_READER_FOREACH(ifa, ifp) {
5780 if (ifa->ifa_addr->sa_family == AF_INET6) {
5781 si = (struct sockaddr_in6 *)ifa->ifa_addr;
5782 sm = (struct sockaddr_in6 *)ifa->ifa_netmask;
5783 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) {
5784 ifa_acquire(ifa, &psref);
5785 break;
5786 }
5787 }
5788 }
5789 pserialize_read_exit(s);
5790
5791 if (ifa) {
5792 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) {
5793 memcpy(&ssrc, &si->sin6_addr, sizeof(ssrc));
5794 if (srcmask) {
5795 memcpy(srcmask, &sm->sin6_addr,
5796 sizeof(*srcmask));
5797 }
5798 }
5799
5800 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr;
5801 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr))
5802 memcpy(&ddst, &si->sin6_addr, sizeof(ddst));
5803 ifa_release(ifa, &psref);
5804 }
5805 curlwp_bindx(bound);
5806
5807 if (dst)
5808 memcpy(dst, &ddst, sizeof(*dst));
5809 if (src)
5810 memcpy(src, &ssrc, sizeof(*src));
5811 }
5812
5813 #ifdef IPV6CP_MYIFID_DYN
5814 /*
5815 * Generate random ifid.
5816 */
5817 static void
5818 sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr)
5819 {
5820 /* TBD */
5821 }
5822
5823 /*
5824 * Set my IPv6 address. Must be called at splnet.
5825 */
5826 static void
5827 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src)
5828 {
5829 struct ifnet *ifp;
5830 struct ifaddr *ifa;
5831 struct sockaddr_in6 *sin6;
5832 int s;
5833 struct psref psref;
5834
5835 KASSERT(SPPP_WLOCKED(sp));
5836
5837 ifp = &sp->pp_if;
5838
5839 SPPP_UNLOCK(sp);
5840 IFNET_LOCK(ifp);
5841 SPPP_LOCK(sp, RW_WRITER);
5842
5843 /*
5844 * Pick the first link-local AF_INET6 address from the list,
5845 * aliases don't make any sense on a p2p link anyway.
5846 */
5847
5848 sin6 = NULL;
5849 s = pserialize_read_enter();
5850 IFADDR_READER_FOREACH(ifa, ifp)
5851 {
5852 if (ifa->ifa_addr->sa_family == AF_INET6)
5853 {
5854 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr;
5855 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) {
5856 ifa_acquire(ifa, &psref);
5857 break;
5858 }
5859 }
5860 }
5861 pserialize_read_exit(s);
5862
5863 if (ifa && sin6)
5864 {
5865 int error;
5866 struct sockaddr_in6 new_sin6 = *sin6;
5867
5868 memcpy(&new_sin6.sin6_addr, src, sizeof(new_sin6.sin6_addr));
5869 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1);
5870 if (error) {
5871 SPPP_DLOG(sp, "%s: in6_ifinit failed, error=%d\n",
5872 __func__, error);
5873 } else {
5874 pfil_run_addrhooks(if_pfil, SIOCAIFADDR_IN6, ifa);
5875 }
5876 ifa_release(ifa, &psref);
5877 }
5878
5879 IFNET_UNLOCK(ifp);
5880 }
5881 #endif
5882
5883 /*
5884 * Suggest a candidate address to be used by peer.
5885 */
5886 static void
5887 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest)
5888 {
5889 struct in6_addr myaddr;
5890 struct timeval tv;
5891
5892 sppp_get_ip6_addrs(sp, &myaddr, 0, 0);
5893
5894 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */
5895 microtime(&tv);
5896 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) {
5897 myaddr.s6_addr[14] ^= 0xff;
5898 myaddr.s6_addr[15] ^= 0xff;
5899 } else {
5900 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff);
5901 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff);
5902 }
5903 if (suggest)
5904 memcpy(suggest, &myaddr, sizeof(myaddr));
5905 }
5906 #endif /*INET6*/
5907
5908 /*
5909 * Process ioctl requests specific to the PPP interface.
5910 * Permissions have already been checked.
5911 */
5912 static int
5913 sppp_params(struct sppp *sp, u_long cmd, void *data)
5914 {
5915 switch (cmd) {
5916 case SPPPGETAUTHCFG:
5917 {
5918 struct spppauthcfg *cfg = (struct spppauthcfg *)data;
5919 int error;
5920 size_t len;
5921
5922 SPPP_LOCK(sp, RW_READER);
5923
5924 cfg->myauthflags = sp->myauth.flags;
5925 cfg->hisauthflags = sp->hisauth.flags;
5926 strlcpy(cfg->ifname, sp->pp_if.if_xname, sizeof(cfg->ifname));
5927 cfg->hisauth = sppp_proto2authproto(sp->hisauth.proto);
5928 cfg->myauth = sppp_proto2authproto(sp->myauth.proto);
5929 if (cfg->myname_length == 0) {
5930 if (sp->myauth.name != NULL)
5931 cfg->myname_length = sp->myauth.name_len + 1;
5932 } else {
5933 if (sp->myauth.name == NULL) {
5934 cfg->myname_length = 0;
5935 } else {
5936 len = sp->myauth.name_len + 1;
5937
5938 if (cfg->myname_length < len) {
5939 SPPP_UNLOCK(sp);
5940 return (ENAMETOOLONG);
5941 }
5942 error = copyout(sp->myauth.name, cfg->myname, len);
5943 if (error) {
5944 SPPP_UNLOCK(sp);
5945 return error;
5946 }
5947 }
5948 }
5949 if (cfg->hisname_length == 0) {
5950 if (sp->hisauth.name != NULL)
5951 cfg->hisname_length = sp->hisauth.name_len + 1;
5952 } else {
5953 if (sp->hisauth.name == NULL) {
5954 cfg->hisname_length = 0;
5955 } else {
5956 len = sp->hisauth.name_len + 1;
5957
5958 if (cfg->hisname_length < len) {
5959 SPPP_UNLOCK(sp);
5960 return (ENAMETOOLONG);
5961 }
5962 error = copyout(sp->hisauth.name, cfg->hisname, len);
5963 if (error) {
5964 SPPP_UNLOCK(sp);
5965 return error;
5966 }
5967 }
5968 }
5969 SPPP_UNLOCK(sp);
5970 }
5971 break;
5972 case SPPPSETAUTHCFG:
5973 {
5974 struct spppauthcfg *cfg = (struct spppauthcfg *)data;
5975 int error;
5976
5977 SPPP_LOCK(sp, RW_WRITER);
5978
5979 if (sp->myauth.name) {
5980 free(sp->myauth.name, M_DEVBUF);
5981 sp->myauth.name = NULL;
5982 }
5983 if (sp->myauth.secret) {
5984 free(sp->myauth.secret, M_DEVBUF);
5985 sp->myauth.secret = NULL;
5986 }
5987 if (sp->hisauth.name) {
5988 free(sp->hisauth.name, M_DEVBUF);
5989 sp->hisauth.name = NULL;
5990 }
5991 if (sp->hisauth.secret) {
5992 free(sp->hisauth.secret, M_DEVBUF);
5993 sp->hisauth.secret = NULL;
5994 }
5995
5996 if (cfg->hisname != NULL && cfg->hisname_length > 0) {
5997 if (cfg->hisname_length >= MCLBYTES) {
5998 SPPP_UNLOCK(sp);
5999 return (ENAMETOOLONG);
6000 }
6001 sp->hisauth.name = malloc(cfg->hisname_length, M_DEVBUF, M_WAITOK);
6002 error = copyin(cfg->hisname, sp->hisauth.name, cfg->hisname_length);
6003 if (error) {
6004 free(sp->hisauth.name, M_DEVBUF);
6005 sp->hisauth.name = NULL;
6006 SPPP_UNLOCK(sp);
6007 return error;
6008 }
6009 sp->hisauth.name_len = cfg->hisname_length - 1;
6010 sp->hisauth.name[sp->hisauth.name_len] = 0;
6011 }
6012 if (cfg->hissecret != NULL && cfg->hissecret_length > 0) {
6013 if (cfg->hissecret_length >= MCLBYTES) {
6014 SPPP_UNLOCK(sp);
6015 return (ENAMETOOLONG);
6016 }
6017 sp->hisauth.secret = malloc(cfg->hissecret_length,
6018 M_DEVBUF, M_WAITOK);
6019 error = copyin(cfg->hissecret, sp->hisauth.secret,
6020 cfg->hissecret_length);
6021 if (error) {
6022 free(sp->hisauth.secret, M_DEVBUF);
6023 sp->hisauth.secret = NULL;
6024 SPPP_UNLOCK(sp);
6025 return error;
6026 }
6027 sp->hisauth.secret_len = cfg->hissecret_length - 1;
6028 sp->hisauth.secret[sp->hisauth.secret_len] = 0;
6029 }
6030 if (cfg->myname != NULL && cfg->myname_length > 0) {
6031 if (cfg->myname_length >= MCLBYTES) {
6032 SPPP_UNLOCK(sp);
6033 return (ENAMETOOLONG);
6034 }
6035 sp->myauth.name = malloc(cfg->myname_length, M_DEVBUF, M_WAITOK);
6036 error = copyin(cfg->myname, sp->myauth.name, cfg->myname_length);
6037 if (error) {
6038 free(sp->myauth.name, M_DEVBUF);
6039 sp->myauth.name = NULL;
6040 SPPP_UNLOCK(sp);
6041 return error;
6042 }
6043 sp->myauth.name_len = cfg->myname_length - 1;
6044 sp->myauth.name[sp->myauth.name_len] = 0;
6045 }
6046 if (cfg->mysecret != NULL && cfg->mysecret_length > 0) {
6047 if (cfg->mysecret_length >= MCLBYTES) {
6048 SPPP_UNLOCK(sp);
6049 return (ENAMETOOLONG);
6050 }
6051 sp->myauth.secret = malloc(cfg->mysecret_length,
6052 M_DEVBUF, M_WAITOK);
6053 error = copyin(cfg->mysecret, sp->myauth.secret,
6054 cfg->mysecret_length);
6055 if (error) {
6056 free(sp->myauth.secret, M_DEVBUF);
6057 sp->myauth.secret = NULL;
6058 SPPP_UNLOCK(sp);
6059 return error;
6060 }
6061 sp->myauth.secret_len = cfg->mysecret_length - 1;
6062 sp->myauth.secret[sp->myauth.secret_len] = 0;
6063 }
6064 sp->myauth.flags = cfg->myauthflags;
6065 if (cfg->myauth != SPPP_AUTHPROTO_NOCHG) {
6066 sp->myauth.proto = sppp_authproto2proto(cfg->myauth);
6067 }
6068 sp->hisauth.flags = cfg->hisauthflags;
6069 if (cfg->hisauth != SPPP_AUTHPROTO_NOCHG) {
6070 sp->hisauth.proto = sppp_authproto2proto(cfg->hisauth);
6071 }
6072 sp->pp_auth_failures = 0;
6073 if (sp->hisauth.proto != PPP_NOPROTO)
6074 SET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO);
6075 else
6076 CLR(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO);
6077
6078 SPPP_UNLOCK(sp);
6079 }
6080 break;
6081 case SPPPGETLCPCFG:
6082 {
6083 struct sppplcpcfg *lcpp = (struct sppplcpcfg *)data;
6084
6085 SPPP_LOCK(sp, RW_READER);
6086 lcpp->lcp_timeout = sp->lcp.timeout;
6087 SPPP_UNLOCK(sp);
6088 }
6089 break;
6090 case SPPPSETLCPCFG:
6091 {
6092 struct sppplcpcfg *lcpp = (struct sppplcpcfg *)data;
6093
6094 SPPP_LOCK(sp, RW_WRITER);
6095 sp->lcp.timeout = lcpp->lcp_timeout;
6096 SPPP_UNLOCK(sp);
6097 }
6098 break;
6099 case SPPPGETNCPCFG:
6100 {
6101 struct spppncpcfg *ncpp = (struct spppncpcfg *) data;
6102
6103 SPPP_LOCK(sp, RW_READER);
6104 ncpp->ncp_flags = sp->pp_ncpflags;
6105 SPPP_UNLOCK(sp);
6106 }
6107 break;
6108 case SPPPSETNCPCFG:
6109 {
6110 struct spppncpcfg *ncpp = (struct spppncpcfg *) data;
6111
6112 SPPP_LOCK(sp, RW_WRITER);
6113 sp->pp_ncpflags = ncpp->ncp_flags;
6114 SPPP_UNLOCK(sp);
6115 }
6116 break;
6117 case SPPPGETSTATUS:
6118 {
6119 struct spppstatus *status = (struct spppstatus *)data;
6120
6121 SPPP_LOCK(sp, RW_READER);
6122 status->phase = sp->pp_phase;
6123 SPPP_UNLOCK(sp);
6124 }
6125 break;
6126 case SPPPGETSTATUSNCP:
6127 {
6128 struct spppstatusncp *status = (struct spppstatusncp *)data;
6129
6130 SPPP_LOCK(sp, RW_READER);
6131 status->phase = sp->pp_phase;
6132 status->ncpup = sppp_cp_check(sp, CP_NCP);
6133 SPPP_UNLOCK(sp);
6134 }
6135 break;
6136 case SPPPGETIDLETO:
6137 {
6138 struct spppidletimeout *to = (struct spppidletimeout *)data;
6139
6140 SPPP_LOCK(sp, RW_READER);
6141 to->idle_seconds = sp->pp_idle_timeout;
6142 SPPP_UNLOCK(sp);
6143 }
6144 break;
6145 case SPPPSETIDLETO:
6146 {
6147 struct spppidletimeout *to = (struct spppidletimeout *)data;
6148
6149 SPPP_LOCK(sp, RW_WRITER);
6150 sp->pp_idle_timeout = to->idle_seconds;
6151 SPPP_UNLOCK(sp);
6152 }
6153 break;
6154 case SPPPSETAUTHFAILURE:
6155 {
6156 struct spppauthfailuresettings *afsettings =
6157 (struct spppauthfailuresettings *)data;
6158
6159 SPPP_LOCK(sp, RW_WRITER);
6160 sp->pp_max_auth_fail = afsettings->max_failures;
6161 sp->pp_auth_failures = 0;
6162 SPPP_UNLOCK(sp);
6163 }
6164 break;
6165 case SPPPGETAUTHFAILURES:
6166 {
6167 struct spppauthfailurestats *stats = (struct spppauthfailurestats *)data;
6168
6169 SPPP_LOCK(sp, RW_READER);
6170 stats->auth_failures = sp->pp_auth_failures;
6171 stats->max_failures = sp->pp_max_auth_fail;
6172 SPPP_UNLOCK(sp);
6173 }
6174 break;
6175 case SPPPSETDNSOPTS:
6176 {
6177 struct spppdnssettings *req = (struct spppdnssettings *)data;
6178
6179 SPPP_LOCK(sp, RW_WRITER);
6180 sp->query_dns = req->query_dns & 3;
6181 SPPP_UNLOCK(sp);
6182 }
6183 break;
6184 case SPPPGETDNSOPTS:
6185 {
6186 struct spppdnssettings *req = (struct spppdnssettings *)data;
6187
6188 SPPP_LOCK(sp, RW_READER);
6189 req->query_dns = sp->query_dns;
6190 SPPP_UNLOCK(sp);
6191 }
6192 break;
6193 case SPPPGETDNSADDRS:
6194 {
6195 struct spppdnsaddrs *addrs = (struct spppdnsaddrs *)data;
6196
6197 SPPP_LOCK(sp, RW_READER);
6198 memcpy(&addrs->dns, &sp->dns_addrs, sizeof addrs->dns);
6199 SPPP_UNLOCK(sp);
6200 }
6201 break;
6202 case SPPPGETKEEPALIVE:
6203 {
6204 struct spppkeepalivesettings *settings =
6205 (struct spppkeepalivesettings*)data;
6206
6207 SPPP_LOCK(sp, RW_READER);
6208 settings->maxalive = sp->pp_maxalive;
6209 settings->max_noreceive = sp->pp_max_noreceive;
6210 settings->alive_interval = sp->pp_alive_interval;
6211 SPPP_UNLOCK(sp);
6212 }
6213 break;
6214 case SPPPSETKEEPALIVE:
6215 {
6216 struct spppkeepalivesettings *settings =
6217 (struct spppkeepalivesettings*)data;
6218
6219 SPPP_LOCK(sp, RW_WRITER);
6220 sp->pp_maxalive = settings->maxalive;
6221 sp->pp_max_noreceive = settings->max_noreceive;
6222 sp->pp_alive_interval = settings->alive_interval;
6223 SPPP_UNLOCK(sp);
6224 }
6225 break;
6226 case SPPPGETLCPSTATUS:
6227 {
6228 struct sppplcpstatus *status =
6229 (struct sppplcpstatus *)data;
6230
6231 SPPP_LOCK(sp, RW_READER);
6232 status->state = sp->scp[IDX_LCP].state;
6233 status->opts = sp->lcp.opts;
6234 status->magic = sp->lcp.magic;
6235 status->mru = sp->lcp.mru;
6236 SPPP_UNLOCK(sp);
6237 }
6238 break;
6239 case SPPPGETIPCPSTATUS:
6240 {
6241 struct spppipcpstatus *status =
6242 (struct spppipcpstatus *)data;
6243 u_int32_t myaddr;
6244
6245 SPPP_LOCK(sp, RW_READER);
6246 status->state = sp->scp[IDX_IPCP].state;
6247 status->opts = sp->ipcp.opts;
6248 #ifdef INET
6249 sppp_get_ip_addrs(sp, &myaddr, 0, 0);
6250 #else
6251 myaddr = 0;
6252 #endif
6253 status->myaddr = ntohl(myaddr);
6254 SPPP_UNLOCK(sp);
6255 }
6256 break;
6257 case SPPPGETIPV6CPSTATUS:
6258 {
6259 struct spppipv6cpstatus *status =
6260 (struct spppipv6cpstatus *)data;
6261
6262 SPPP_LOCK(sp, RW_READER);
6263 status->state = sp->scp[IDX_IPV6CP].state;
6264 memcpy(status->my_ifid, sp->ipv6cp.my_ifid,
6265 sizeof(status->my_ifid));
6266 memcpy(status->his_ifid, sp->ipv6cp.his_ifid,
6267 sizeof(status->his_ifid));
6268 SPPP_UNLOCK(sp);
6269 }
6270 break;
6271 default:
6272 {
6273 int ret;
6274
6275 MODULE_HOOK_CALL(sppp_params_50_hook, (sp, cmd, data),
6276 enosys(), ret);
6277 if (ret != ENOSYS)
6278 return ret;
6279 return (EINVAL);
6280 }
6281 }
6282 return (0);
6283 }
6284
6285 static void
6286 sppp_phase_network(struct sppp *sp)
6287 {
6288 int i;
6289
6290 KASSERT(SPPP_WLOCKED(sp));
6291
6292 sppp_change_phase(sp, SPPP_PHASE_NETWORK);
6293
6294 /* Notify NCPs now. */
6295 for (i = 0; i < IDX_COUNT; i++)
6296 if ((cps[i])->flags & CP_NCP)
6297 sppp_wq_add(sp->wq_cp, &sp->scp[i].work_open);
6298 }
6299
6300 static const char *
6301 sppp_cp_type_name(char *buf, size_t buflen, u_char type)
6302 {
6303
6304 switch (type) {
6305 case CONF_REQ: return "conf-req";
6306 case CONF_ACK: return "conf-ack";
6307 case CONF_NAK: return "conf-nak";
6308 case CONF_REJ: return "conf-rej";
6309 case TERM_REQ: return "term-req";
6310 case TERM_ACK: return "term-ack";
6311 case CODE_REJ: return "code-rej";
6312 case PROTO_REJ: return "proto-rej";
6313 case ECHO_REQ: return "echo-req";
6314 case ECHO_REPLY: return "echo-reply";
6315 case DISC_REQ: return "discard-req";
6316 }
6317 if (buf != NULL)
6318 snprintf(buf, buflen, "0x%02x", type);
6319 return buf;
6320 }
6321
6322 static const char *
6323 sppp_auth_type_name(char *buf, size_t buflen, u_short proto, u_char type)
6324 {
6325 const char *name;
6326
6327 switch (proto) {
6328 case PPP_CHAP:
6329 switch (type) {
6330 case CHAP_CHALLENGE: return "challenge";
6331 case CHAP_RESPONSE: return "response";
6332 case CHAP_SUCCESS: return "success";
6333 case CHAP_FAILURE: return "failure";
6334 default: name = "chap"; break;
6335 }
6336 break;
6337
6338 case PPP_PAP:
6339 switch (type) {
6340 case PAP_REQ: return "req";
6341 case PAP_ACK: return "ack";
6342 case PAP_NAK: return "nak";
6343 default: name = "pap"; break;
6344 }
6345 break;
6346
6347 default:
6348 name = "bad";
6349 break;
6350 }
6351
6352 if (buf != NULL)
6353 snprintf(buf, buflen, "%s(%#x) 0x%02x", name, proto, type);
6354 return buf;
6355 }
6356
6357 static const char *
6358 sppp_lcp_opt_name(char *buf, size_t buflen, u_char opt)
6359 {
6360
6361 switch (opt) {
6362 case LCP_OPT_MRU: return "mru";
6363 case LCP_OPT_ASYNC_MAP: return "async-map";
6364 case LCP_OPT_AUTH_PROTO: return "auth-proto";
6365 case LCP_OPT_QUAL_PROTO: return "qual-proto";
6366 case LCP_OPT_MAGIC: return "magic";
6367 case LCP_OPT_PROTO_COMP: return "proto-comp";
6368 case LCP_OPT_ADDR_COMP: return "addr-comp";
6369 case LCP_OPT_SELF_DESC_PAD: return "sdpad";
6370 case LCP_OPT_CALL_BACK: return "callback";
6371 case LCP_OPT_COMPOUND_FRMS: return "cmpd-frms";
6372 case LCP_OPT_MP_MRRU: return "mrru";
6373 case LCP_OPT_MP_SSNHF: return "mp-ssnhf";
6374 case LCP_OPT_MP_EID: return "mp-eid";
6375 }
6376 if (buf != NULL)
6377 snprintf(buf, buflen, "0x%02x", opt);
6378 return buf;
6379 }
6380
6381 static const char *
6382 sppp_ipcp_opt_name(char *buf, size_t buflen, u_char opt)
6383 {
6384
6385 switch (opt) {
6386 case IPCP_OPT_ADDRESSES: return "addresses";
6387 case IPCP_OPT_COMPRESSION: return "compression";
6388 case IPCP_OPT_ADDRESS: return "address";
6389 case IPCP_OPT_PRIMDNS: return "primdns";
6390 case IPCP_OPT_SECDNS: return "secdns";
6391 }
6392 if (buf != NULL)
6393 snprintf(buf, buflen, "0x%02x", opt);
6394 return buf;
6395 }
6396
6397 #ifdef INET6
6398 static const char *
6399 sppp_ipv6cp_opt_name(char *buf, size_t buflen, u_char opt)
6400 {
6401
6402 switch (opt) {
6403 case IPV6CP_OPT_IFID: return "ifid";
6404 case IPV6CP_OPT_COMPRESSION: return "compression";
6405 }
6406 if (buf != NULL)
6407 snprintf(buf, buflen, "0x%02x", opt);
6408 return buf;
6409 }
6410 #endif
6411
6412 static const char *
6413 sppp_state_name(int state)
6414 {
6415
6416 switch (state) {
6417 case STATE_INITIAL: return "initial";
6418 case STATE_STARTING: return "starting";
6419 case STATE_CLOSED: return "closed";
6420 case STATE_STOPPED: return "stopped";
6421 case STATE_CLOSING: return "closing";
6422 case STATE_STOPPING: return "stopping";
6423 case STATE_REQ_SENT: return "req-sent";
6424 case STATE_ACK_RCVD: return "ack-rcvd";
6425 case STATE_ACK_SENT: return "ack-sent";
6426 case STATE_OPENED: return "opened";
6427 }
6428 return "illegal";
6429 }
6430
6431 static const char *
6432 sppp_phase_name(int phase)
6433 {
6434
6435 switch (phase) {
6436 case SPPP_PHASE_DEAD: return "dead";
6437 case SPPP_PHASE_ESTABLISH: return "establish";
6438 case SPPP_PHASE_TERMINATE: return "terminate";
6439 case SPPP_PHASE_AUTHENTICATE: return "authenticate";
6440 case SPPP_PHASE_NETWORK: return "network";
6441 }
6442 return "illegal";
6443 }
6444
6445 static const char *
6446 sppp_proto_name(char *buf, size_t buflen, u_short proto)
6447 {
6448
6449 switch (proto) {
6450 case PPP_LCP: return "lcp";
6451 case PPP_IPCP: return "ipcp";
6452 case PPP_PAP: return "pap";
6453 case PPP_CHAP: return "chap";
6454 case PPP_IPV6CP: return "ipv6cp";
6455 }
6456 if (buf != NULL) {
6457 snprintf(buf, sizeof(buf), "0x%04x",
6458 (unsigned)proto);
6459 }
6460 return buf;
6461 }
6462
6463 static void
6464 sppp_print_bytes(const u_char *p, u_short len)
6465 {
6466 addlog(" %02x", *p++);
6467 while (--len > 0)
6468 addlog("-%02x", *p++);
6469 }
6470
6471 static void
6472 sppp_print_string(const char *p, u_short len)
6473 {
6474 u_char c;
6475
6476 while (len-- > 0) {
6477 c = *p++;
6478 /*
6479 * Print only ASCII chars directly. RFC 1994 recommends
6480 * using only them, but we don't rely on it. */
6481 if (c < ' ' || c > '~')
6482 addlog("\\x%x", c);
6483 else
6484 addlog("%c", c);
6485 }
6486 }
6487
6488 static const char *
6489 sppp_dotted_quad(char *buf, size_t buflen, uint32_t addr)
6490 {
6491
6492 if (buf != NULL) {
6493 snprintf(buf, buflen, "%u.%u.%u.%u",
6494 (unsigned int)((addr >> 24) & 0xff),
6495 (unsigned int)((addr >> 16) & 0xff),
6496 (unsigned int)((addr >> 8) & 0xff),
6497 (unsigned int)(addr & 0xff));
6498 }
6499 return buf;
6500 }
6501
6502 /* a dummy, used to drop uninteresting events */
6503 static void
6504 sppp_null(struct sppp *unused)
6505 {
6506 /* do just nothing */
6507 }
6508
6509 static void
6510 sppp_tls(const struct cp *cp, struct sppp *sp)
6511 {
6512
6513 SPPP_DLOG(sp, "%s tls\n", cp->name);
6514
6515 /* notify lcp that is lower layer */
6516 sp->lcp.protos |= (1 << cp->protoidx);
6517 }
6518
6519 static void
6520 sppp_tlf(const struct cp *cp, struct sppp *sp)
6521 {
6522
6523 SPPP_DLOG(sp, "%s tlf\n", cp->name);
6524
6525 /* notify lcp that is lower layer */
6526 sp->lcp.protos &= ~(1 << cp->protoidx);
6527
6528 /* cleanup */
6529 if (sp->scp[cp->protoidx].mbuf_confreq != NULL) {
6530 m_freem(sp->scp[cp->protoidx].mbuf_confreq);
6531 sp->scp[cp->protoidx].mbuf_confreq = NULL;
6532 }
6533 if (sp->scp[cp->protoidx].mbuf_confnak != NULL) {
6534 m_freem(sp->scp[cp->protoidx].mbuf_confnak);
6535 sp->scp[cp->protoidx].mbuf_confnak = NULL;
6536 }
6537
6538 sppp_lcp_check_and_close(sp);
6539 }
6540
6541 static void
6542 sppp_screply(const struct cp *cp, struct sppp *sp, u_char type,
6543 uint8_t ident, size_t msglen, void *msg)
6544 {
6545
6546 if (msglen == 0)
6547 return;
6548
6549 switch (type) {
6550 case CONF_ACK:
6551 case CONF_NAK:
6552 case CONF_REJ:
6553 break;
6554 default:
6555 return;
6556 }
6557
6558 if (sppp_debug_enabled(sp)) {
6559 char tbuf[SPPP_CPTYPE_NAMELEN];
6560 const char *cpname;
6561
6562 cpname = sppp_cp_type_name(tbuf, sizeof(tbuf), type);
6563 SPPP_LOG(sp, LOG_DEBUG, "send %s\n", cpname);
6564 }
6565
6566 sppp_cp_send(sp, cp->proto, type, ident, msglen, msg);
6567 }
6568
6569 static void
6570 sppp_ifdown(struct sppp *sp, void *xcp __unused)
6571 {
6572
6573 SPPP_UNLOCK(sp);
6574 if_down(&sp->pp_if);
6575 IF_PURGE(&sp->pp_cpq);
6576 SPPP_LOCK(sp, RW_WRITER);
6577 }
6578
6579 static void
6580 sppp_notify_up(struct sppp *sp)
6581 {
6582
6583 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_up);
6584 }
6585
6586 static void
6587 sppp_notify_down(struct sppp *sp)
6588 {
6589
6590 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_down);
6591 }
6592
6593 static void
6594 sppp_notify_tls_wlocked(struct sppp *sp)
6595 {
6596
6597 KASSERT(SPPP_WLOCKED(sp));
6598
6599 if (!sp->pp_tls)
6600 return;
6601
6602 SPPP_UNLOCK(sp);
6603 sp->pp_tls(sp);
6604 SPPP_LOCK(sp, RW_WRITER);
6605 }
6606
6607 static void
6608 sppp_notify_tlf_wlocked(struct sppp *sp)
6609 {
6610
6611 KASSERT(SPPP_WLOCKED(sp));
6612
6613 if (!sp->pp_tlf)
6614 return;
6615
6616 SPPP_UNLOCK(sp);
6617 sp->pp_tlf(sp);
6618 SPPP_LOCK(sp, RW_WRITER);
6619 }
6620
6621 static void
6622 sppp_notify_con(struct sppp *sp)
6623 {
6624
6625 if (!sp->pp_con)
6626 return;
6627
6628 sp->pp_con(sp);
6629 }
6630
6631 #ifdef INET6
6632 static void
6633 sppp_notify_con_wlocked(struct sppp *sp)
6634 {
6635
6636 KASSERT(SPPP_WLOCKED(sp));
6637
6638 SPPP_UNLOCK(sp);
6639 sppp_notify_con(sp);
6640 SPPP_LOCK(sp, RW_WRITER);
6641
6642 }
6643 #endif
6644
6645 static void
6646 sppp_notify_chg_wlocked(struct sppp *sp)
6647 {
6648
6649 KASSERT(SPPP_WLOCKED(sp));
6650
6651 if (!sp->pp_chg)
6652 return;
6653
6654 SPPP_UNLOCK(sp);
6655 sp->pp_chg(sp, sp->pp_phase);
6656 SPPP_LOCK(sp, RW_WRITER);
6657 }
6658
6659 static void
6660 sppp_wq_work(struct work *wk, void *xsp)
6661 {
6662 struct sppp *sp;
6663 struct sppp_work *work;
6664
6665 sp = xsp;
6666 work = container_of(wk, struct sppp_work, work);
6667 atomic_cas_uint(&work->state, SPPP_WK_BUSY, SPPP_WK_FREE);
6668
6669 SPPP_LOCK(sp, RW_WRITER);
6670 work->func(sp, work->arg);
6671 SPPP_UNLOCK(sp);
6672 }
6673
6674 static struct workqueue *
6675 sppp_wq_create(struct sppp *sp, const char *xnamebuf, pri_t prio, int ipl, int flags)
6676 {
6677 struct workqueue *wq;
6678 int error;
6679
6680 error = workqueue_create(&wq, xnamebuf, sppp_wq_work,
6681 (void *)sp, prio, ipl, flags);
6682 if (error) {
6683 panic("%s: workqueue_create failed [%s, %d]\n",
6684 sp->pp_if.if_xname, xnamebuf, error);
6685 }
6686
6687 return wq;
6688 }
6689
6690 static void
6691 sppp_wq_destroy(struct sppp *sp __unused, struct workqueue *wq)
6692 {
6693
6694 workqueue_destroy(wq);
6695 }
6696
6697 static void
6698 sppp_wq_set(struct sppp_work *work,
6699 void (*func)(struct sppp *, void *), void *arg)
6700 {
6701
6702 work->func = func;
6703 work->arg = arg;
6704 }
6705
6706 static void
6707 sppp_wq_add(struct workqueue *wq, struct sppp_work *work)
6708 {
6709
6710 if (atomic_cas_uint(&work->state, SPPP_WK_FREE, SPPP_WK_BUSY)
6711 != SPPP_WK_FREE)
6712 return;
6713
6714 KASSERT(work->func != NULL);
6715 kpreempt_disable();
6716 workqueue_enqueue(wq, &work->work, NULL);
6717 kpreempt_enable();
6718 }
6719 static void
6720 sppp_wq_wait(struct workqueue *wq, struct sppp_work *work)
6721 {
6722
6723 atomic_swap_uint(&work->state, SPPP_WK_UNAVAIL);
6724 workqueue_wait(wq, &work->work);
6725 }
6726
6727 /*
6728 * This file is large. Tell emacs to highlight it nevertheless.
6729 *
6730 * Local Variables:
6731 * hilit-auto-highlight-maxout: 120000
6732 * End:
6733 */
6734
6735 /*
6736 * Module glue
6737 */
6738 MODULE(MODULE_CLASS_MISC, sppp_subr, NULL);
6739
6740 static int
6741 sppp_subr_modcmd(modcmd_t cmd, void *arg)
6742 {
6743
6744 switch (cmd) {
6745 case MODULE_CMD_INIT:
6746 case MODULE_CMD_FINI:
6747 return 0;
6748 case MODULE_CMD_STAT:
6749 case MODULE_CMD_AUTOUNLOAD:
6750 default:
6751 return ENOTTY;
6752 }
6753 }
Cache object: ca457f5e368d3ebf5d43832c0243c7fb
|