FreeBSD/Linux Kernel Cross Reference
sys/net/if_spppsubr.c
1 /* $NetBSD: if_spppsubr.c,v 1.82.2.2 2007/06/15 11:37:58 liamjfoy Exp $ */
2
3 /*
4 * Synchronous PPP/Cisco link level subroutines.
5 * Keepalive protocol implemented in both Cisco and PPP modes.
6 *
7 * Copyright (C) 1994-1996 Cronyx Engineering Ltd.
8 * Author: Serge Vakulenko, <vak@cronyx.ru>
9 *
10 * Heavily revamped to conform to RFC 1661.
11 * Copyright (C) 1997, Joerg Wunsch.
12 *
13 * RFC2472 IPv6CP support.
14 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun@iijlab.net>.
15 *
16 * Redistribution and use in source and binary forms, with or without
17 * modification, are permitted provided that the following conditions are met:
18 * 1. Redistributions of source code must retain the above copyright notice,
19 * this list of conditions and the following disclaimer.
20 * 2. Redistributions in binary form must reproduce the above copyright notice,
21 * this list of conditions and the following disclaimer in the documentation
22 * and/or other materials provided with the distribution.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY
25 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE
28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
32 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
34 * POSSIBILITY OF SUCH DAMAGE.
35 *
36 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997
37 *
38 * From: if_spppsubr.c,v 1.39 1998/04/04 13:26:03 phk Exp
39 *
40 * From: Id: if_spppsubr.c,v 1.23 1999/02/23 14:47:50 hm Exp
41 */
42
43 #include <sys/cdefs.h>
44 __KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.82.2.2 2007/06/15 11:37:58 liamjfoy Exp $");
45
46 #include "opt_inet.h"
47 #include "opt_ipx.h"
48 #include "opt_iso.h"
49 #include "opt_ns.h"
50 #include "opt_pfil_hooks.h"
51
52 #include <sys/param.h>
53 #include <sys/proc.h>
54 #include <sys/systm.h>
55 #include <sys/kernel.h>
56 #include <sys/sockio.h>
57 #include <sys/socket.h>
58 #include <sys/syslog.h>
59 #include <sys/malloc.h>
60 #include <sys/mbuf.h>
61 #include <sys/callout.h>
62 #include <sys/md5.h>
63 #include <sys/inttypes.h>
64
65 #include <net/if.h>
66 #include <net/netisr.h>
67 #include <net/if_types.h>
68 #include <net/route.h>
69 #include <net/ppp_defs.h>
70
71 #include <machine/stdarg.h>
72
73 #include <netinet/in.h>
74 #include <netinet/in_systm.h>
75 #include <netinet/in_var.h>
76 #ifdef INET
77 #include <netinet/ip.h>
78 #include <netinet/tcp.h>
79 #endif
80 #include <net/ethertypes.h>
81
82 #ifdef IPX
83 #include <netipx/ipx.h>
84 #include <netipx/ipx_if.h>
85 #endif
86
87 #ifdef NS
88 #include <netns/ns.h>
89 #include <netns/ns_if.h>
90 #endif
91
92 #ifdef ISO
93 #include <netiso/argo_debug.h>
94 #include <netiso/iso.h>
95 #include <netiso/iso_var.h>
96 #include <netiso/iso_snpac.h>
97 #endif
98
99 #include <net/if_sppp.h>
100 #include <net/if_spppvar.h>
101
102 #define LCP_KEEPALIVE_INTERVAL 10 /* seconds between checks */
103 #define LOOPALIVECNT 3 /* loopback detection tries */
104 #define DEFAULT_MAXALIVECNT 3 /* max. missed alive packets */
105 #define DEFAULT_NORECV_TIME 15 /* before we get worried */
106 #define DEFAULT_MAX_AUTH_FAILURES 5 /* max. auth. failures */
107
108 /*
109 * Interface flags that can be set in an ifconfig command.
110 *
111 * Setting link0 will make the link passive, i.e. it will be marked
112 * as being administrative openable, but won't be opened to begin
113 * with. Incoming calls will be answered, or subsequent calls with
114 * -link1 will cause the administrative open of the LCP layer.
115 *
116 * Setting link1 will cause the link to auto-dial only as packets
117 * arrive to be sent.
118 *
119 * Setting IFF_DEBUG will syslog the option negotiation and state
120 * transitions at level kern.debug. Note: all logs consistently look
121 * like
122 *
123 * <if-name><unit>: <proto-name> <additional info...>
124 *
125 * with <if-name><unit> being something like "bppp0", and <proto-name>
126 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc.
127 */
128
129 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */
130 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */
131
132 #define CONF_REQ 1 /* PPP configure request */
133 #define CONF_ACK 2 /* PPP configure acknowledge */
134 #define CONF_NAK 3 /* PPP configure negative ack */
135 #define CONF_REJ 4 /* PPP configure reject */
136 #define TERM_REQ 5 /* PPP terminate request */
137 #define TERM_ACK 6 /* PPP terminate acknowledge */
138 #define CODE_REJ 7 /* PPP code reject */
139 #define PROTO_REJ 8 /* PPP protocol reject */
140 #define ECHO_REQ 9 /* PPP echo request */
141 #define ECHO_REPLY 10 /* PPP echo reply */
142 #define DISC_REQ 11 /* PPP discard request */
143
144 #define LCP_OPT_MRU 1 /* maximum receive unit */
145 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */
146 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */
147 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */
148 #define LCP_OPT_MAGIC 5 /* magic number */
149 #define LCP_OPT_RESERVED 6 /* reserved */
150 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */
151 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */
152
153 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */
154 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol */
155 #define IPCP_OPT_ADDRESS 3 /* local IP address */
156 #define IPCP_OPT_PRIMDNS 129 /* primary remote dns address */
157 #define IPCP_OPT_SECDNS 131 /* secondary remote dns address */
158
159 #define IPV6CP_OPT_IFID 1 /* interface identifier */
160 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */
161
162 #define PAP_REQ 1 /* PAP name/password request */
163 #define PAP_ACK 2 /* PAP acknowledge */
164 #define PAP_NAK 3 /* PAP fail */
165
166 #define CHAP_CHALLENGE 1 /* CHAP challenge request */
167 #define CHAP_RESPONSE 2 /* CHAP challenge response */
168 #define CHAP_SUCCESS 3 /* CHAP response ok */
169 #define CHAP_FAILURE 4 /* CHAP response failed */
170
171 #define CHAP_MD5 5 /* hash algorithm - MD5 */
172
173 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */
174 #define CISCO_UNICAST 0x0f /* Cisco unicast address */
175 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */
176 #define CISCO_ADDR_REQ 0 /* Cisco address request */
177 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */
178 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */
179
180 /* states are named and numbered according to RFC 1661 */
181 #define STATE_INITIAL 0
182 #define STATE_STARTING 1
183 #define STATE_CLOSED 2
184 #define STATE_STOPPED 3
185 #define STATE_CLOSING 4
186 #define STATE_STOPPING 5
187 #define STATE_REQ_SENT 6
188 #define STATE_ACK_RCVD 7
189 #define STATE_ACK_SENT 8
190 #define STATE_OPENED 9
191
192 struct ppp_header {
193 u_int8_t address;
194 u_int8_t control;
195 u_int16_t protocol;
196 } __attribute__((__packed__));
197 #define PPP_HEADER_LEN sizeof (struct ppp_header)
198
199 struct lcp_header {
200 u_int8_t type;
201 u_int8_t ident;
202 u_int16_t len;
203 } __attribute__((__packed__));
204 #define LCP_HEADER_LEN sizeof (struct lcp_header)
205
206 struct cisco_packet {
207 u_int32_t type;
208 u_int32_t par1;
209 u_int32_t par2;
210 u_int16_t rel;
211 u_int16_t time0;
212 u_int16_t time1;
213 } __attribute__((__packed__));
214 #define CISCO_PACKET_LEN 18
215
216 /*
217 * We follow the spelling and capitalization of RFC 1661 here, to make
218 * it easier comparing with the standard. Please refer to this RFC in
219 * case you can't make sense out of these abbreviation; it will also
220 * explain the semantics related to the various events and actions.
221 */
222 struct cp {
223 u_short proto; /* PPP control protocol number */
224 u_char protoidx; /* index into state table in struct sppp */
225 u_char flags;
226 #define CP_LCP 0x01 /* this is the LCP */
227 #define CP_AUTH 0x02 /* this is an authentication protocol */
228 #define CP_NCP 0x04 /* this is a NCP */
229 #define CP_QUAL 0x08 /* this is a quality reporting protocol */
230 const char *name; /* name of this control protocol */
231 /* event handlers */
232 void (*Up)(struct sppp *sp);
233 void (*Down)(struct sppp *sp);
234 void (*Open)(struct sppp *sp);
235 void (*Close)(struct sppp *sp);
236 void (*TO)(void *sp);
237 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len);
238 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len);
239 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len);
240 /* actions */
241 void (*tlu)(struct sppp *sp);
242 void (*tld)(struct sppp *sp);
243 void (*tls)(struct sppp *sp);
244 void (*tlf)(struct sppp *sp);
245 void (*scr)(struct sppp *sp);
246 };
247
248 static struct sppp *spppq;
249 static struct callout keepalive_ch;
250
251 #ifdef INET
252 /*
253 * The following disgusting hack gets around the problem that IP TOS
254 * can't be set yet. We want to put "interactive" traffic on a high
255 * priority queue. To decide if traffic is interactive, we check that
256 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control.
257 *
258 * XXX is this really still necessary? - joerg -
259 */
260 static u_short interactive_ports[8] = {
261 0, 513, 0, 0,
262 0, 21, 0, 23,
263 };
264 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p))
265 #endif
266
267 /* almost every function needs these */
268 #define STDDCL \
269 struct ifnet *ifp = &sp->pp_if; \
270 int debug = ifp->if_flags & IFF_DEBUG
271
272 static int sppp_output(struct ifnet *ifp, struct mbuf *m,
273 struct sockaddr *dst, struct rtentry *rt);
274
275 static void sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2);
276 static void sppp_cisco_input(struct sppp *sp, struct mbuf *m);
277
278 static void sppp_cp_input(const struct cp *cp, struct sppp *sp,
279 struct mbuf *m);
280 static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
281 u_char ident, u_short len, void *data);
282 /* static void sppp_cp_timeout(void *arg); */
283 static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp,
284 int newstate);
285 static void sppp_auth_send(const struct cp *cp,
286 struct sppp *sp, unsigned int type, unsigned int id,
287 ...);
288
289 static void sppp_up_event(const struct cp *cp, struct sppp *sp);
290 static void sppp_down_event(const struct cp *cp, struct sppp *sp);
291 static void sppp_open_event(const struct cp *cp, struct sppp *sp);
292 static void sppp_close_event(const struct cp *cp, struct sppp *sp);
293 static void sppp_to_event(const struct cp *cp, struct sppp *sp);
294
295 static void sppp_null(struct sppp *sp);
296
297 static void sppp_lcp_init(struct sppp *sp);
298 static void sppp_lcp_up(struct sppp *sp);
299 static void sppp_lcp_down(struct sppp *sp);
300 static void sppp_lcp_open(struct sppp *sp);
301 static void sppp_lcp_close(struct sppp *sp);
302 static void sppp_lcp_TO(void *sp);
303 static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
304 static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
305 static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
306 static void sppp_lcp_tlu(struct sppp *sp);
307 static void sppp_lcp_tld(struct sppp *sp);
308 static void sppp_lcp_tls(struct sppp *sp);
309 static void sppp_lcp_tlf(struct sppp *sp);
310 static void sppp_lcp_scr(struct sppp *sp);
311 static void sppp_lcp_check_and_close(struct sppp *sp);
312 static int sppp_ncp_check(struct sppp *sp);
313
314 static void sppp_ipcp_init(struct sppp *sp);
315 static void sppp_ipcp_up(struct sppp *sp);
316 static void sppp_ipcp_down(struct sppp *sp);
317 static void sppp_ipcp_open(struct sppp *sp);
318 static void sppp_ipcp_close(struct sppp *sp);
319 static void sppp_ipcp_TO(void *sp);
320 static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
321 static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
322 static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
323 static void sppp_ipcp_tlu(struct sppp *sp);
324 static void sppp_ipcp_tld(struct sppp *sp);
325 static void sppp_ipcp_tls(struct sppp *sp);
326 static void sppp_ipcp_tlf(struct sppp *sp);
327 static void sppp_ipcp_scr(struct sppp *sp);
328
329 static void sppp_ipv6cp_init(struct sppp *sp);
330 static void sppp_ipv6cp_up(struct sppp *sp);
331 static void sppp_ipv6cp_down(struct sppp *sp);
332 static void sppp_ipv6cp_open(struct sppp *sp);
333 static void sppp_ipv6cp_close(struct sppp *sp);
334 static void sppp_ipv6cp_TO(void *sp);
335 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len);
336 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
337 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
338 static void sppp_ipv6cp_tlu(struct sppp *sp);
339 static void sppp_ipv6cp_tld(struct sppp *sp);
340 static void sppp_ipv6cp_tls(struct sppp *sp);
341 static void sppp_ipv6cp_tlf(struct sppp *sp);
342 static void sppp_ipv6cp_scr(struct sppp *sp);
343
344 static void sppp_pap_input(struct sppp *sp, struct mbuf *m);
345 static void sppp_pap_init(struct sppp *sp);
346 static void sppp_pap_open(struct sppp *sp);
347 static void sppp_pap_close(struct sppp *sp);
348 static void sppp_pap_TO(void *sp);
349 static void sppp_pap_my_TO(void *sp);
350 static void sppp_pap_tlu(struct sppp *sp);
351 static void sppp_pap_tld(struct sppp *sp);
352 static void sppp_pap_scr(struct sppp *sp);
353
354 static void sppp_chap_input(struct sppp *sp, struct mbuf *m);
355 static void sppp_chap_init(struct sppp *sp);
356 static void sppp_chap_open(struct sppp *sp);
357 static void sppp_chap_close(struct sppp *sp);
358 static void sppp_chap_TO(void *sp);
359 static void sppp_chap_tlu(struct sppp *sp);
360 static void sppp_chap_tld(struct sppp *sp);
361 static void sppp_chap_scr(struct sppp *sp);
362
363 static const char *sppp_auth_type_name(u_short proto, u_char type);
364 static const char *sppp_cp_type_name(u_char type);
365 static const char *sppp_dotted_quad(u_int32_t addr);
366 static const char *sppp_ipcp_opt_name(u_char opt);
367 #ifdef INET6
368 static const char *sppp_ipv6cp_opt_name(u_char opt);
369 #endif
370 static const char *sppp_lcp_opt_name(u_char opt);
371 static const char *sppp_phase_name(int phase);
372 static const char *sppp_proto_name(u_short proto);
373 static const char *sppp_state_name(int state);
374 static int sppp_params(struct sppp *sp, int cmd, void *data);
375 #ifdef INET
376 static void sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst,
377 u_int32_t *srcmask);
378 static void sppp_set_ip_addrs(struct sppp *sp, u_int32_t myaddr, u_int32_t hisaddr);
379 static void sppp_clear_ip_addrs(struct sppp *sp);
380 #endif
381 static void sppp_keepalive(void *dummy);
382 static void sppp_phase_network(struct sppp *sp);
383 static void sppp_print_bytes(const u_char *p, u_short len);
384 static void sppp_print_string(const char *p, u_short len);
385 #ifdef INET6
386 static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src,
387 struct in6_addr *dst, struct in6_addr *srcmask);
388 #ifdef IPV6CP_MYIFID_DYN
389 static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src);
390 static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src);
391 #endif
392 static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src);
393 #endif
394
395 /* our control protocol descriptors */
396 static const struct cp lcp = {
397 PPP_LCP, IDX_LCP, CP_LCP, "lcp",
398 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close,
399 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak,
400 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf,
401 sppp_lcp_scr
402 };
403
404 static const struct cp ipcp = {
405 PPP_IPCP, IDX_IPCP,
406 #ifdef INET
407 CP_NCP, /*don't run IPCP if there's no IPv4 support*/
408 #else
409 0,
410 #endif
411 "ipcp",
412 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close,
413 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak,
414 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf,
415 sppp_ipcp_scr
416 };
417
418 static const struct cp ipv6cp = {
419 PPP_IPV6CP, IDX_IPV6CP,
420 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/
421 CP_NCP,
422 #else
423 0,
424 #endif
425 "ipv6cp",
426 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close,
427 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak,
428 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf,
429 sppp_ipv6cp_scr
430 };
431
432 static const struct cp pap = {
433 PPP_PAP, IDX_PAP, CP_AUTH, "pap",
434 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close,
435 sppp_pap_TO, 0, 0, 0,
436 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null,
437 sppp_pap_scr
438 };
439
440 static const struct cp chap = {
441 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap",
442 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close,
443 sppp_chap_TO, 0, 0, 0,
444 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null,
445 sppp_chap_scr
446 };
447
448 static const struct cp *cps[IDX_COUNT] = {
449 &lcp, /* IDX_LCP */
450 &ipcp, /* IDX_IPCP */
451 &ipv6cp, /* IDX_IPV6CP */
452 &pap, /* IDX_PAP */
453 &chap, /* IDX_CHAP */
454 };
455
456
457 /*
458 * Exported functions, comprising our interface to the lower layer.
459 */
460
461 /*
462 * Process the received packet.
463 */
464 void
465 sppp_input(struct ifnet *ifp, struct mbuf *m)
466 {
467 struct ppp_header *h = NULL;
468 struct ifqueue *inq = 0;
469 u_int16_t protocol;
470 int s;
471 struct sppp *sp = (struct sppp *)ifp;
472 int debug = ifp->if_flags & IFF_DEBUG;
473
474 if (ifp->if_flags & IFF_UP) {
475 /* Count received bytes, add hardware framing */
476 ifp->if_ibytes += m->m_pkthdr.len + sp->pp_framebytes;
477 /* Note time of last receive */
478 sp->pp_last_receive = mono_time.tv_sec;
479 }
480
481 if (m->m_pkthdr.len <= PPP_HEADER_LEN) {
482 /* Too small packet, drop it. */
483 if (debug)
484 log(LOG_DEBUG,
485 "%s: input packet is too small, %d bytes\n",
486 ifp->if_xname, m->m_pkthdr.len);
487 drop:
488 ++ifp->if_ierrors;
489 ++ifp->if_iqdrops;
490 m_freem(m);
491 return;
492 }
493
494 if (sp->pp_flags & PP_NOFRAMING) {
495 memcpy(&protocol, mtod(m, void *), 2);
496 protocol = ntohs(protocol);
497 m_adj(m, 2);
498 } else {
499
500 /* Get PPP header. */
501 h = mtod(m, struct ppp_header *);
502 m_adj(m, PPP_HEADER_LEN);
503
504 switch (h->address) {
505 case PPP_ALLSTATIONS:
506 if (h->control != PPP_UI)
507 goto invalid;
508 if (sp->pp_flags & PP_CISCO) {
509 if (debug)
510 log(LOG_DEBUG,
511 "%s: PPP packet in Cisco mode "
512 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
513 ifp->if_xname,
514 h->address, h->control, ntohs(h->protocol));
515 goto drop;
516 }
517 break;
518 case CISCO_MULTICAST:
519 case CISCO_UNICAST:
520 /* Don't check the control field here (RFC 1547). */
521 if (! (sp->pp_flags & PP_CISCO)) {
522 if (debug)
523 log(LOG_DEBUG,
524 "%s: Cisco packet in PPP mode "
525 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
526 ifp->if_xname,
527 h->address, h->control, ntohs(h->protocol));
528 goto drop;
529 }
530 switch (ntohs(h->protocol)) {
531 default:
532 ++ifp->if_noproto;
533 goto invalid;
534 case CISCO_KEEPALIVE:
535 sppp_cisco_input((struct sppp *) ifp, m);
536 m_freem(m);
537 return;
538 #ifdef INET
539 case ETHERTYPE_IP:
540 schednetisr(NETISR_IP);
541 inq = &ipintrq;
542 break;
543 #endif
544 #ifdef INET6
545 case ETHERTYPE_IPV6:
546 schednetisr(NETISR_IPV6);
547 inq = &ip6intrq;
548 break;
549 #endif
550 #ifdef IPX
551 case ETHERTYPE_IPX:
552 schednetisr(NETISR_IPX);
553 inq = &ipxintrq;
554 break;
555 #endif
556 #ifdef NS
557 case ETHERTYPE_NS:
558 schednetisr(NETISR_NS);
559 inq = &nsintrq;
560 break;
561 #endif
562 }
563 goto queue_pkt;
564 default: /* Invalid PPP packet. */
565 invalid:
566 if (debug)
567 log(LOG_DEBUG,
568 "%s: invalid input packet "
569 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
570 ifp->if_xname,
571 h->address, h->control, ntohs(h->protocol));
572 goto drop;
573 }
574 protocol = ntohs(h->protocol);
575 }
576
577 switch (protocol) {
578 default:
579 if (sp->state[IDX_LCP] == STATE_OPENED) {
580 u_int16_t prot = htons(protocol);
581 sppp_cp_send(sp, PPP_LCP, PROTO_REJ,
582 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2,
583 &prot);
584 }
585 if (debug)
586 log(LOG_DEBUG,
587 "%s: invalid input protocol "
588 "<proto=0x%x>\n", ifp->if_xname, ntohs(protocol));
589 ++ifp->if_noproto;
590 goto drop;
591 case PPP_LCP:
592 sppp_cp_input(&lcp, sp, m);
593 m_freem(m);
594 return;
595 case PPP_PAP:
596 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE)
597 sppp_pap_input(sp, m);
598 m_freem(m);
599 return;
600 case PPP_CHAP:
601 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE)
602 sppp_chap_input(sp, m);
603 m_freem(m);
604 return;
605 #ifdef INET
606 case PPP_IPCP:
607 if (sp->pp_phase == SPPP_PHASE_NETWORK)
608 sppp_cp_input(&ipcp, sp, m);
609 m_freem(m);
610 return;
611 case PPP_IP:
612 if (sp->state[IDX_IPCP] == STATE_OPENED) {
613 schednetisr(NETISR_IP);
614 inq = &ipintrq;
615 sp->pp_last_activity = mono_time.tv_sec;
616 }
617 break;
618 #endif
619 #ifdef INET6
620 case PPP_IPV6CP:
621 if (sp->pp_phase == SPPP_PHASE_NETWORK)
622 sppp_cp_input(&ipv6cp, sp, m);
623 m_freem(m);
624 return;
625
626 case PPP_IPV6:
627 if (sp->state[IDX_IPV6CP] == STATE_OPENED) {
628 schednetisr(NETISR_IPV6);
629 inq = &ip6intrq;
630 sp->pp_last_activity = mono_time.tv_sec;
631 }
632 break;
633 #endif
634 #ifdef IPX
635 case PPP_IPX:
636 /* IPX IPXCP not implemented yet */
637 if (sp->pp_phase == SPPP_PHASE_NETWORK) {
638 schednetisr(NETISR_IPX);
639 inq = &ipxintrq;
640 }
641 break;
642 #endif
643 #ifdef NS
644 case PPP_XNS:
645 /* XNS IDPCP not implemented yet */
646 if (sp->pp_phase == SPPP_PHASE_NETWORK) {
647 schednetisr(NETISR_NS);
648 inq = &nsintrq;
649 }
650 break;
651 #endif
652 #ifdef ISO
653 case PPP_ISO:
654 /* OSI NLCP not implemented yet */
655 if (sp->pp_phase == SPPP_PHASE_NETWORK) {
656 schednetisr(NETISR_ISO);
657 inq = &clnlintrq;
658 }
659 break;
660 #endif
661 }
662
663 queue_pkt:
664 if (! (ifp->if_flags & IFF_UP) || ! inq)
665 goto drop;
666
667 /* Check queue. */
668 s = splnet();
669 if (IF_QFULL(inq)) {
670 /* Queue overflow. */
671 IF_DROP(inq);
672 splx(s);
673 if (debug)
674 log(LOG_DEBUG, "%s: protocol queue overflow\n",
675 ifp->if_xname);
676 goto drop;
677 }
678 IF_ENQUEUE(inq, m);
679 splx(s);
680 }
681
682 /*
683 * Enqueue transmit packet.
684 */
685 static int
686 sppp_output(struct ifnet *ifp, struct mbuf *m,
687 struct sockaddr *dst, struct rtentry *rt)
688 {
689 struct sppp *sp = (struct sppp *) ifp;
690 struct ppp_header *h = NULL;
691 struct ifqueue *ifq = NULL; /* XXX */
692 int s, len, rv = 0;
693 u_int16_t protocol;
694 ALTQ_DECL(struct altq_pktattr pktattr;)
695
696 s = splnet();
697
698 sp->pp_last_activity = mono_time.tv_sec;
699
700 if ((ifp->if_flags & IFF_UP) == 0 ||
701 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) {
702 m_freem(m);
703 splx(s);
704 return (ENETDOWN);
705 }
706
707 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) {
708 /*
709 * Interface is not yet running, but auto-dial. Need
710 * to start LCP for it.
711 */
712 ifp->if_flags |= IFF_RUNNING;
713 splx(s);
714 lcp.Open(sp);
715 s = splnet();
716 }
717
718 /*
719 * If the queueing discipline needs packet classification,
720 * do it before prepending link headers.
721 */
722 IFQ_CLASSIFY(&ifp->if_snd, m, dst->sa_family, &pktattr);
723
724 #ifdef INET
725 if (dst->sa_family == AF_INET) {
726 struct ip *ip = NULL;
727 struct tcphdr *th = NULL;
728
729 if (m->m_len >= sizeof(struct ip)) {
730 ip = mtod(m, struct ip *);
731 if (ip->ip_p == IPPROTO_TCP &&
732 m->m_len >= sizeof(struct ip) + (ip->ip_hl << 2) +
733 sizeof(struct tcphdr)) {
734 th = (struct tcphdr *)
735 ((caddr_t)ip + (ip->ip_hl << 2));
736 }
737 } else
738 ip = NULL;
739
740 /*
741 * When using dynamic local IP address assignment by using
742 * 0.0.0.0 as a local address, the first TCP session will
743 * not connect because the local TCP checksum is computed
744 * using 0.0.0.0 which will later become our real IP address
745 * so the TCP checksum computed at the remote end will
746 * become invalid. So we
747 * - don't let packets with src ip addr 0 thru
748 * - we flag TCP packets with src ip 0 as an error
749 */
750 if (ip && ip->ip_src.s_addr == INADDR_ANY) {
751 u_int8_t proto = ip->ip_p;
752
753 m_freem(m);
754 splx(s);
755 if (proto == IPPROTO_TCP)
756 return (EADDRNOTAVAIL);
757 else
758 return (0);
759 }
760
761 /*
762 * Put low delay, telnet, rlogin and ftp control packets
763 * in front of the queue.
764 */
765
766 if (!IF_QFULL(&sp->pp_fastq) &&
767 ((ip && (ip->ip_tos & IPTOS_LOWDELAY)) ||
768 (th && (INTERACTIVE(ntohs(th->th_sport)) ||
769 INTERACTIVE(ntohs(th->th_dport))))))
770 ifq = &sp->pp_fastq;
771 }
772 #endif
773
774 #ifdef INET6
775 if (dst->sa_family == AF_INET6) {
776 /* XXX do something tricky here? */
777 }
778 #endif
779
780 if ((sp->pp_flags & PP_NOFRAMING) == 0) {
781 /*
782 * Prepend general data packet PPP header. For now, IP only.
783 */
784 M_PREPEND(m, PPP_HEADER_LEN, M_DONTWAIT);
785 if (! m) {
786 if (ifp->if_flags & IFF_DEBUG)
787 log(LOG_DEBUG, "%s: no memory for transmit header\n",
788 ifp->if_xname);
789 ++ifp->if_oerrors;
790 splx(s);
791 return (ENOBUFS);
792 }
793 /*
794 * May want to check size of packet
795 * (albeit due to the implementation it's always enough)
796 */
797 h = mtod(m, struct ppp_header *);
798 if (sp->pp_flags & PP_CISCO) {
799 h->address = CISCO_UNICAST; /* unicast address */
800 h->control = 0;
801 } else {
802 h->address = PPP_ALLSTATIONS; /* broadcast address */
803 h->control = PPP_UI; /* Unnumbered Info */
804 }
805 }
806
807 switch (dst->sa_family) {
808 #ifdef INET
809 case AF_INET: /* Internet Protocol */
810 if (sp->pp_flags & PP_CISCO)
811 protocol = htons(ETHERTYPE_IP);
812 else {
813 /*
814 * Don't choke with an ENETDOWN early. It's
815 * possible that we just started dialing out,
816 * so don't drop the packet immediately. If
817 * we notice that we run out of buffer space
818 * below, we will however remember that we are
819 * not ready to carry IP packets, and return
820 * ENETDOWN, as opposed to ENOBUFS.
821 */
822 protocol = htons(PPP_IP);
823 if (sp->state[IDX_IPCP] != STATE_OPENED)
824 rv = ENETDOWN;
825 }
826 break;
827 #endif
828 #ifdef INET6
829 case AF_INET6: /* Internet Protocol version 6 */
830 if (sp->pp_flags & PP_CISCO)
831 protocol = htons(ETHERTYPE_IPV6);
832 else {
833 /*
834 * Don't choke with an ENETDOWN early. It's
835 * possible that we just started dialing out,
836 * so don't drop the packet immediately. If
837 * we notice that we run out of buffer space
838 * below, we will however remember that we are
839 * not ready to carry IP packets, and return
840 * ENETDOWN, as opposed to ENOBUFS.
841 */
842 protocol = htons(PPP_IPV6);
843 if (sp->state[IDX_IPV6CP] != STATE_OPENED)
844 rv = ENETDOWN;
845 }
846 break;
847 #endif
848 #ifdef NS
849 case AF_NS: /* Xerox NS Protocol */
850 protocol = htons((sp->pp_flags & PP_CISCO) ?
851 ETHERTYPE_NS : PPP_XNS);
852 break;
853 #endif
854 #ifdef IPX
855 case AF_IPX: /* Novell IPX Protocol */
856 protocol = htons((sp->pp_flags & PP_CISCO) ?
857 ETHERTYPE_IPX : PPP_IPX);
858 break;
859 #endif
860 #ifdef ISO
861 case AF_ISO: /* ISO OSI Protocol */
862 if (sp->pp_flags & PP_CISCO)
863 goto nosupport;
864 protocol = htons(PPP_ISO);
865 break;
866 nosupport:
867 #endif
868 default:
869 m_freem(m);
870 ++ifp->if_oerrors;
871 splx(s);
872 return (EAFNOSUPPORT);
873 }
874
875 if (sp->pp_flags & PP_NOFRAMING) {
876 M_PREPEND(m, 2, M_DONTWAIT);
877 if (m == NULL) {
878 if (ifp->if_flags & IFF_DEBUG)
879 log(LOG_DEBUG, "%s: no memory for transmit header\n",
880 ifp->if_xname);
881 ++ifp->if_oerrors;
882 splx(s);
883 return (ENOBUFS);
884 }
885 *mtod(m, u_int16_t *) = protocol;
886 } else {
887 h->protocol = protocol;
888 }
889
890 /*
891 * Queue message on interface, and start output if interface
892 * not yet active.
893 */
894 len = m->m_pkthdr.len;
895 if (ifq != NULL
896 #ifdef ALTQ
897 && ALTQ_IS_ENABLED(&ifp->if_snd) == 0
898 #endif
899 ) {
900 if (IF_QFULL(ifq)) {
901 IF_DROP(&ifp->if_snd);
902 m_freem(m);
903 if (rv == 0)
904 rv = ENOBUFS;
905 }
906 else
907 IF_ENQUEUE(ifq, m);
908 } else
909 IFQ_ENQUEUE(&ifp->if_snd, m, &pktattr, rv);
910 if (rv != 0) {
911 ++ifp->if_oerrors;
912 splx(s);
913 return (rv);
914 }
915
916 if (! (ifp->if_flags & IFF_OACTIVE))
917 (*ifp->if_start)(ifp);
918
919 /*
920 * Count output packets and bytes.
921 * The packet length includes header + additional hardware framing
922 * according to RFC 1333.
923 */
924 ifp->if_obytes += len + sp->pp_framebytes;
925 splx(s);
926 return (0);
927 }
928
929 void
930 sppp_attach(struct ifnet *ifp)
931 {
932 struct sppp *sp = (struct sppp *) ifp;
933
934 /* Initialize keepalive handler. */
935 if (! spppq) {
936 callout_init(&keepalive_ch);
937 callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL);
938 }
939
940 /* Insert new entry into the keepalive list. */
941 sp->pp_next = spppq;
942 spppq = sp;
943
944 sp->pp_if.if_type = IFT_PPP;
945 sp->pp_if.if_output = sppp_output;
946 sp->pp_fastq.ifq_maxlen = 32;
947 sp->pp_cpq.ifq_maxlen = 20;
948 sp->pp_loopcnt = 0;
949 sp->pp_alivecnt = 0;
950 sp->pp_last_activity = 0;
951 sp->pp_last_receive = 0;
952 sp->pp_maxalive = DEFAULT_MAXALIVECNT;
953 sp->pp_max_noreceive = DEFAULT_NORECV_TIME;
954 sp->pp_idle_timeout = 0;
955 memset(&sp->pp_seq[0], 0, sizeof(sp->pp_seq));
956 memset(&sp->pp_rseq[0], 0, sizeof(sp->pp_rseq));
957 sp->pp_auth_failures = 0;
958 sp->pp_max_auth_fail = DEFAULT_MAX_AUTH_FAILURES;
959 sp->pp_phase = SPPP_PHASE_DEAD;
960 sp->pp_up = lcp.Up;
961 sp->pp_down = lcp.Down;
962
963 if_alloc_sadl(ifp);
964
965 memset(&sp->myauth, 0, sizeof sp->myauth);
966 memset(&sp->hisauth, 0, sizeof sp->hisauth);
967 sppp_lcp_init(sp);
968 sppp_ipcp_init(sp);
969 sppp_ipv6cp_init(sp);
970 sppp_pap_init(sp);
971 sppp_chap_init(sp);
972 }
973
974 void
975 sppp_detach(struct ifnet *ifp)
976 {
977 struct sppp **q, *p, *sp = (struct sppp *) ifp;
978 int i;
979
980 /* Remove the entry from the keepalive list. */
981 for (q = &spppq; (p = *q); q = &p->pp_next)
982 if (p == sp) {
983 *q = p->pp_next;
984 break;
985 }
986
987 /* Stop keepalive handler. */
988 if (! spppq) {
989 callout_stop(&keepalive_ch);
990 }
991
992 for (i = 0; i < IDX_COUNT; i++) {
993 callout_stop(&sp->ch[i]);
994 }
995 callout_stop(&sp->pap_my_to_ch);
996
997 /* free authentication info */
998 if (sp->myauth.name) free(sp->myauth.name, M_DEVBUF);
999 if (sp->myauth.secret) free(sp->myauth.secret, M_DEVBUF);
1000 if (sp->hisauth.name) free(sp->hisauth.name, M_DEVBUF);
1001 if (sp->hisauth.secret) free(sp->hisauth.secret, M_DEVBUF);
1002
1003 #if 0 /* done in if_detach() */
1004 if_free_sadl(ifp);
1005 #endif
1006 }
1007
1008 /*
1009 * Flush the interface output queue.
1010 */
1011 void
1012 sppp_flush(struct ifnet *ifp)
1013 {
1014 struct sppp *sp = (struct sppp *) ifp;
1015
1016 IFQ_PURGE(&sp->pp_if.if_snd);
1017 IF_PURGE(&sp->pp_fastq);
1018 IF_PURGE(&sp->pp_cpq);
1019 }
1020
1021 /*
1022 * Check if the output queue is empty.
1023 */
1024 int
1025 sppp_isempty(struct ifnet *ifp)
1026 {
1027 struct sppp *sp = (struct sppp *) ifp;
1028 int empty, s;
1029
1030 s = splnet();
1031 empty = IF_IS_EMPTY(&sp->pp_fastq) && IF_IS_EMPTY(&sp->pp_cpq) &&
1032 IFQ_IS_EMPTY(&sp->pp_if.if_snd);
1033 splx(s);
1034 return (empty);
1035 }
1036
1037 /*
1038 * Get next packet to send.
1039 */
1040 struct mbuf *
1041 sppp_dequeue(struct ifnet *ifp)
1042 {
1043 struct sppp *sp = (struct sppp *) ifp;
1044 struct mbuf *m;
1045 int s;
1046
1047 s = splnet();
1048 /*
1049 * Process only the control protocol queue until we have at
1050 * least one NCP open.
1051 *
1052 * Do always serve all three queues in Cisco mode.
1053 */
1054 IF_DEQUEUE(&sp->pp_cpq, m);
1055 if (m == NULL &&
1056 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) {
1057 IF_DEQUEUE(&sp->pp_fastq, m);
1058 if (m == NULL)
1059 IFQ_DEQUEUE(&sp->pp_if.if_snd, m);
1060 }
1061 splx(s);
1062 return m;
1063 }
1064
1065 /*
1066 * Process an ioctl request. Called on low priority level.
1067 */
1068 int
1069 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data)
1070 {
1071 struct ifreq *ifr = (struct ifreq *) data;
1072 struct sppp *sp = (struct sppp *) ifp;
1073 int s, error=0, going_up, going_down, newmode;
1074
1075 s = splnet();
1076 switch (cmd) {
1077 case SIOCAIFADDR:
1078 case SIOCSIFDSTADDR:
1079 case SIOCSIFADDR:
1080 break;
1081
1082 case SIOCSIFFLAGS:
1083 going_up = ifp->if_flags & IFF_UP &&
1084 (ifp->if_flags & IFF_RUNNING) == 0;
1085 going_down = (ifp->if_flags & IFF_UP) == 0 &&
1086 ifp->if_flags & IFF_RUNNING;
1087 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE);
1088 if (newmode == (IFF_AUTO | IFF_PASSIVE)) {
1089 /* sanity */
1090 newmode = IFF_PASSIVE;
1091 ifp->if_flags &= ~IFF_AUTO;
1092 }
1093
1094 if (going_up || going_down)
1095 lcp.Close(sp);
1096 if (going_up && newmode == 0) {
1097 /* neither auto-dial nor passive */
1098 ifp->if_flags |= IFF_RUNNING;
1099 if (!(sp->pp_flags & PP_CISCO))
1100 lcp.Open(sp);
1101 } else if (going_down) {
1102 sppp_flush(ifp);
1103 ifp->if_flags &= ~IFF_RUNNING;
1104 }
1105
1106 break;
1107
1108 #ifdef SIOCSIFMTU
1109 #ifndef ifr_mtu
1110 #define ifr_mtu ifr_metric
1111 #endif
1112 case SIOCSIFMTU:
1113 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) {
1114 error = EINVAL;
1115 break;
1116 }
1117
1118 ifp->if_mtu = ifr->ifr_mtu;
1119 break;
1120 #endif
1121 #ifdef SLIOCSETMTU
1122 case SLIOCSETMTU:
1123 if (*(short *)data < 128 || *(short *)data > sp->lcp.their_mru)
1124 {
1125 error = EINVAL;
1126 break;
1127 }
1128
1129 ifp->if_mtu = *(short *)data;
1130 break;
1131 #endif
1132 #ifdef SIOCGIFMTU
1133 case SIOCGIFMTU:
1134 ifr->ifr_mtu = ifp->if_mtu;
1135 break;
1136 #endif
1137 #ifdef SLIOCGETMTU
1138 case SLIOCGETMTU:
1139 *(short *)data = ifp->if_mtu;
1140 break;
1141 #endif
1142 case SIOCADDMULTI:
1143 case SIOCDELMULTI:
1144 break;
1145
1146 case SPPPSETAUTHCFG:
1147 case SPPPGETAUTHCFG:
1148 case SPPPSETLCPCFG:
1149 case SPPPGETLCPCFG:
1150 case SPPPSETIDLETO:
1151 case SPPPSETAUTHFAILURE:
1152 case SPPPGETAUTHFAILURES:
1153 case SPPPSETDNSOPTS:
1154 case SPPPSETKEEPALIVE:
1155 {
1156 struct proc *p = curproc; /* XXX */
1157
1158 if ((error = suser(p->p_ucred, &p->p_acflag)) != 0)
1159 break;
1160 }
1161 /* FALLTHROUGH */
1162 case SPPPGETSTATUS:
1163 case SPPPGETSTATUSNCP:
1164 case SPPPGETIDLETO:
1165 case SPPPGETDNSOPTS:
1166 case SPPPGETDNSADDRS:
1167 case SPPPGETKEEPALIVE:
1168 error = sppp_params(sp, cmd, data);
1169 break;
1170
1171 default:
1172 error = ENOTTY;
1173 }
1174 splx(s);
1175 return (error);
1176 }
1177
1178
1179 /*
1180 * Cisco framing implementation.
1181 */
1182
1183 /*
1184 * Handle incoming Cisco keepalive protocol packets.
1185 */
1186 static void
1187 sppp_cisco_input(struct sppp *sp, struct mbuf *m)
1188 {
1189 STDDCL;
1190 struct cisco_packet *h;
1191 #ifdef INET
1192 u_int32_t me, mymask;
1193 #endif
1194
1195 if (m->m_pkthdr.len < CISCO_PACKET_LEN) {
1196 if (debug)
1197 log(LOG_DEBUG,
1198 "%s: cisco invalid packet length: %d bytes\n",
1199 ifp->if_xname, m->m_pkthdr.len);
1200 return;
1201 }
1202 h = mtod(m, struct cisco_packet *);
1203 if (debug)
1204 log(LOG_DEBUG,
1205 "%s: cisco input: %d bytes "
1206 "<0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n",
1207 ifp->if_xname, m->m_pkthdr.len,
1208 ntohl(h->type), h->par1, h->par2, (u_int)h->rel,
1209 (u_int)h->time0, (u_int)h->time1);
1210 switch (ntohl(h->type)) {
1211 default:
1212 if (debug)
1213 addlog("%s: cisco unknown packet type: 0x%x\n",
1214 ifp->if_xname, ntohl(h->type));
1215 break;
1216 case CISCO_ADDR_REPLY:
1217 /* Reply on address request, ignore */
1218 break;
1219 case CISCO_KEEPALIVE_REQ:
1220 sp->pp_alivecnt = 0;
1221 sp->pp_rseq[IDX_LCP] = ntohl(h->par1);
1222 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) {
1223 /* Local and remote sequence numbers are equal.
1224 * Probably, the line is in loopback mode. */
1225 if (sp->pp_loopcnt >= LOOPALIVECNT) {
1226 printf ("%s: loopback\n",
1227 ifp->if_xname);
1228 sp->pp_loopcnt = 0;
1229 if (ifp->if_flags & IFF_UP) {
1230 if_down(ifp);
1231 IF_PURGE(&sp->pp_cpq);
1232 }
1233 }
1234 ++sp->pp_loopcnt;
1235
1236 /* Generate new local sequence number */
1237 sp->pp_seq[IDX_LCP] = arc4random();
1238 break;
1239 }
1240 sp->pp_loopcnt = 0;
1241 if (! (ifp->if_flags & IFF_UP) &&
1242 (ifp->if_flags & IFF_RUNNING)) {
1243 if_up(ifp);
1244 }
1245 break;
1246 case CISCO_ADDR_REQ:
1247 #ifdef INET
1248 sppp_get_ip_addrs(sp, &me, 0, &mymask);
1249 if (me != 0L)
1250 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask);
1251 #endif
1252 break;
1253 }
1254 }
1255
1256 /*
1257 * Send Cisco keepalive packet.
1258 */
1259 static void
1260 sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2)
1261 {
1262 STDDCL;
1263 struct ppp_header *h;
1264 struct cisco_packet *ch;
1265 struct mbuf *m;
1266 u_int32_t t = (time.tv_sec - boottime.tv_sec) * 1000;
1267
1268 MGETHDR(m, M_DONTWAIT, MT_DATA);
1269 if (! m)
1270 return;
1271 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN;
1272 m->m_pkthdr.rcvif = 0;
1273
1274 h = mtod(m, struct ppp_header *);
1275 h->address = CISCO_MULTICAST;
1276 h->control = 0;
1277 h->protocol = htons(CISCO_KEEPALIVE);
1278
1279 ch = (struct cisco_packet *)(h + 1);
1280 ch->type = htonl(type);
1281 ch->par1 = htonl(par1);
1282 ch->par2 = htonl(par2);
1283 ch->rel = -1;
1284
1285 ch->time0 = htons((u_short)(t >> 16));
1286 ch->time1 = htons((u_short) t);
1287
1288 if (debug)
1289 log(LOG_DEBUG,
1290 "%s: cisco output: <0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n",
1291 ifp->if_xname, ntohl(ch->type), ch->par1,
1292 ch->par2, (u_int)ch->rel, (u_int)ch->time0,
1293 (u_int)ch->time1);
1294
1295 if (IF_QFULL(&sp->pp_cpq)) {
1296 IF_DROP(&sp->pp_fastq);
1297 IF_DROP(&ifp->if_snd);
1298 m_freem(m);
1299 ++ifp->if_oerrors;
1300 return;
1301 } else
1302 IF_ENQUEUE(&sp->pp_cpq, m);
1303 if (! (ifp->if_flags & IFF_OACTIVE))
1304 (*ifp->if_start)(ifp);
1305 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes;
1306 }
1307
1308 /*
1309 * PPP protocol implementation.
1310 */
1311
1312 /*
1313 * Send PPP control protocol packet.
1314 */
1315 static void
1316 sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
1317 u_char ident, u_short len, void *data)
1318 {
1319 STDDCL;
1320 struct lcp_header *lh;
1321 struct mbuf *m;
1322 size_t pkthdrlen;
1323
1324 pkthdrlen = (sp->pp_flags & PP_NOFRAMING) ? 2 : PPP_HEADER_LEN;
1325
1326 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN)
1327 len = MHLEN - pkthdrlen - LCP_HEADER_LEN;
1328 MGETHDR(m, M_DONTWAIT, MT_DATA);
1329 if (! m)
1330 return;
1331 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len;
1332 m->m_pkthdr.rcvif = 0;
1333
1334 if (sp->pp_flags & PP_NOFRAMING) {
1335 *mtod(m, u_int16_t *) = htons(proto);
1336 lh = (struct lcp_header *)(mtod(m, u_int8_t *) + 2);
1337 } else {
1338 struct ppp_header *h;
1339 h = mtod(m, struct ppp_header *);
1340 h->address = PPP_ALLSTATIONS; /* broadcast address */
1341 h->control = PPP_UI; /* Unnumbered Info */
1342 h->protocol = htons(proto); /* Link Control Protocol */
1343 lh = (struct lcp_header *)(h + 1);
1344 }
1345 lh->type = type;
1346 lh->ident = ident;
1347 lh->len = htons(LCP_HEADER_LEN + len);
1348 if (len)
1349 bcopy (data, lh + 1, len);
1350
1351 if (debug) {
1352 log(LOG_DEBUG, "%s: %s output <%s id=0x%x len=%d",
1353 ifp->if_xname,
1354 sppp_proto_name(proto),
1355 sppp_cp_type_name(lh->type), lh->ident, ntohs(lh->len));
1356 if (len)
1357 sppp_print_bytes((u_char *)(lh + 1), len);
1358 addlog(">\n");
1359 }
1360 if (IF_QFULL(&sp->pp_cpq)) {
1361 IF_DROP(&sp->pp_fastq);
1362 IF_DROP(&ifp->if_snd);
1363 m_freem(m);
1364 ++ifp->if_oerrors;
1365 return;
1366 } else
1367 IF_ENQUEUE(&sp->pp_cpq, m);
1368 if (! (ifp->if_flags & IFF_OACTIVE))
1369 (*ifp->if_start)(ifp);
1370 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes;
1371 }
1372
1373 /*
1374 * Handle incoming PPP control protocol packets.
1375 */
1376 static void
1377 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m)
1378 {
1379 STDDCL;
1380 struct lcp_header *h;
1381 int printlen, len = m->m_pkthdr.len;
1382 int rv;
1383 u_char *p;
1384 u_int32_t u32;
1385
1386 if (len < 4) {
1387 if (debug)
1388 log(LOG_DEBUG,
1389 "%s: %s invalid packet length: %d bytes\n",
1390 ifp->if_xname, cp->name, len);
1391 return;
1392 }
1393 h = mtod(m, struct lcp_header *);
1394 if (debug) {
1395 printlen = ntohs(h->len);
1396 log(LOG_DEBUG,
1397 "%s: %s input(%s): <%s id=0x%x len=%d",
1398 ifp->if_xname, cp->name,
1399 sppp_state_name(sp->state[cp->protoidx]),
1400 sppp_cp_type_name(h->type), h->ident, printlen);
1401 if (len < printlen)
1402 printlen = len;
1403 if (printlen > 4)
1404 sppp_print_bytes((u_char *)(h + 1), printlen - 4);
1405 addlog(">\n");
1406 }
1407 if (len > ntohs(h->len))
1408 len = ntohs(h->len);
1409 p = (u_char *)(h + 1);
1410 switch (h->type) {
1411 case CONF_REQ:
1412 if (len < 4) {
1413 if (debug)
1414 addlog("%s: %s invalid conf-req length %d\n",
1415 ifp->if_xname, cp->name,
1416 len);
1417 ++ifp->if_ierrors;
1418 break;
1419 }
1420 /* handle states where RCR doesn't get a SCA/SCN */
1421 switch (sp->state[cp->protoidx]) {
1422 case STATE_CLOSING:
1423 case STATE_STOPPING:
1424 return;
1425 case STATE_CLOSED:
1426 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident,
1427 0, 0);
1428 return;
1429 }
1430 rv = (cp->RCR)(sp, h, len);
1431 if (rv < 0) {
1432 /* fatal error, shut down */
1433 (cp->tld)(sp);
1434 sppp_lcp_tlf(sp);
1435 return;
1436 }
1437 switch (sp->state[cp->protoidx]) {
1438 case STATE_OPENED:
1439 (cp->tld)(sp);
1440 (cp->scr)(sp);
1441 /* fall through... */
1442 case STATE_ACK_SENT:
1443 case STATE_REQ_SENT:
1444 sppp_cp_change_state(cp, sp, rv?
1445 STATE_ACK_SENT: STATE_REQ_SENT);
1446 break;
1447 case STATE_STOPPED:
1448 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1449 (cp->scr)(sp);
1450 sppp_cp_change_state(cp, sp, rv?
1451 STATE_ACK_SENT: STATE_REQ_SENT);
1452 break;
1453 case STATE_ACK_RCVD:
1454 if (rv) {
1455 sppp_cp_change_state(cp, sp, STATE_OPENED);
1456 if (debug)
1457 log(LOG_DEBUG, "%s: %s tlu\n",
1458 ifp->if_xname,
1459 cp->name);
1460 (cp->tlu)(sp);
1461 } else
1462 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1463 break;
1464 default:
1465 printf("%s: %s illegal %s in state %s\n",
1466 ifp->if_xname, cp->name,
1467 sppp_cp_type_name(h->type),
1468 sppp_state_name(sp->state[cp->protoidx]));
1469 ++ifp->if_ierrors;
1470 }
1471 break;
1472 case CONF_ACK:
1473 if (h->ident != sp->confid[cp->protoidx]) {
1474 if (debug)
1475 addlog("%s: %s id mismatch 0x%x != 0x%x\n",
1476 ifp->if_xname, cp->name,
1477 h->ident, sp->confid[cp->protoidx]);
1478 ++ifp->if_ierrors;
1479 break;
1480 }
1481 switch (sp->state[cp->protoidx]) {
1482 case STATE_CLOSED:
1483 case STATE_STOPPED:
1484 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1485 break;
1486 case STATE_CLOSING:
1487 case STATE_STOPPING:
1488 break;
1489 case STATE_REQ_SENT:
1490 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1491 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1492 break;
1493 case STATE_OPENED:
1494 (cp->tld)(sp);
1495 /* fall through */
1496 case STATE_ACK_RCVD:
1497 (cp->scr)(sp);
1498 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1499 break;
1500 case STATE_ACK_SENT:
1501 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1502 sppp_cp_change_state(cp, sp, STATE_OPENED);
1503 if (debug)
1504 log(LOG_DEBUG, "%s: %s tlu\n",
1505 ifp->if_xname, cp->name);
1506 (cp->tlu)(sp);
1507 break;
1508 default:
1509 printf("%s: %s illegal %s in state %s\n",
1510 ifp->if_xname, cp->name,
1511 sppp_cp_type_name(h->type),
1512 sppp_state_name(sp->state[cp->protoidx]));
1513 ++ifp->if_ierrors;
1514 }
1515 break;
1516 case CONF_NAK:
1517 case CONF_REJ:
1518 if (h->ident != sp->confid[cp->protoidx]) {
1519 if (debug)
1520 addlog("%s: %s id mismatch 0x%x != 0x%x\n",
1521 ifp->if_xname, cp->name,
1522 h->ident, sp->confid[cp->protoidx]);
1523 ++ifp->if_ierrors;
1524 break;
1525 }
1526 if (h->type == CONF_NAK)
1527 (cp->RCN_nak)(sp, h, len);
1528 else /* CONF_REJ */
1529 (cp->RCN_rej)(sp, h, len);
1530
1531 switch (sp->state[cp->protoidx]) {
1532 case STATE_CLOSED:
1533 case STATE_STOPPED:
1534 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1535 break;
1536 case STATE_REQ_SENT:
1537 case STATE_ACK_SENT:
1538 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1539 (cp->scr)(sp);
1540 break;
1541 case STATE_OPENED:
1542 (cp->tld)(sp);
1543 /* fall through */
1544 case STATE_ACK_RCVD:
1545 sppp_cp_change_state(cp, sp, STATE_ACK_SENT);
1546 (cp->scr)(sp);
1547 break;
1548 case STATE_CLOSING:
1549 case STATE_STOPPING:
1550 break;
1551 default:
1552 printf("%s: %s illegal %s in state %s\n",
1553 ifp->if_xname, cp->name,
1554 sppp_cp_type_name(h->type),
1555 sppp_state_name(sp->state[cp->protoidx]));
1556 ++ifp->if_ierrors;
1557 }
1558 break;
1559
1560 case TERM_REQ:
1561 switch (sp->state[cp->protoidx]) {
1562 case STATE_ACK_RCVD:
1563 case STATE_ACK_SENT:
1564 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1565 /* fall through */
1566 case STATE_CLOSED:
1567 case STATE_STOPPED:
1568 case STATE_CLOSING:
1569 case STATE_STOPPING:
1570 case STATE_REQ_SENT:
1571 sta:
1572 /* Send Terminate-Ack packet. */
1573 if (debug)
1574 log(LOG_DEBUG, "%s: %s send terminate-ack\n",
1575 ifp->if_xname, cp->name);
1576 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1577 break;
1578 case STATE_OPENED:
1579 (cp->tld)(sp);
1580 sp->rst_counter[cp->protoidx] = 0;
1581 sppp_cp_change_state(cp, sp, STATE_STOPPING);
1582 goto sta;
1583 default:
1584 printf("%s: %s illegal %s in state %s\n",
1585 ifp->if_xname, cp->name,
1586 sppp_cp_type_name(h->type),
1587 sppp_state_name(sp->state[cp->protoidx]));
1588 ++ifp->if_ierrors;
1589 }
1590 break;
1591 case TERM_ACK:
1592 switch (sp->state[cp->protoidx]) {
1593 case STATE_CLOSED:
1594 case STATE_STOPPED:
1595 case STATE_REQ_SENT:
1596 case STATE_ACK_SENT:
1597 break;
1598 case STATE_CLOSING:
1599 (cp->tlf)(sp);
1600 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1601 sppp_lcp_check_and_close(sp);
1602 break;
1603 case STATE_STOPPING:
1604 (cp->tlf)(sp);
1605 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1606 sppp_lcp_check_and_close(sp);
1607 break;
1608 case STATE_ACK_RCVD:
1609 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1610 break;
1611 case STATE_OPENED:
1612 (cp->tld)(sp);
1613 (cp->scr)(sp);
1614 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1615 break;
1616 default:
1617 printf("%s: %s illegal %s in state %s\n",
1618 ifp->if_xname, cp->name,
1619 sppp_cp_type_name(h->type),
1620 sppp_state_name(sp->state[cp->protoidx]));
1621 ++ifp->if_ierrors;
1622 }
1623 break;
1624 case CODE_REJ:
1625 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */
1626 log(LOG_INFO,
1627 "%s: %s: ignoring RXJ (%s) for code ?, "
1628 "danger will robinson\n",
1629 ifp->if_xname, cp->name,
1630 sppp_cp_type_name(h->type));
1631 switch (sp->state[cp->protoidx]) {
1632 case STATE_CLOSED:
1633 case STATE_STOPPED:
1634 case STATE_REQ_SENT:
1635 case STATE_ACK_SENT:
1636 case STATE_CLOSING:
1637 case STATE_STOPPING:
1638 case STATE_OPENED:
1639 break;
1640 case STATE_ACK_RCVD:
1641 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1642 break;
1643 default:
1644 printf("%s: %s illegal %s in state %s\n",
1645 ifp->if_xname, cp->name,
1646 sppp_cp_type_name(h->type),
1647 sppp_state_name(sp->state[cp->protoidx]));
1648 ++ifp->if_ierrors;
1649 }
1650 break;
1651 case PROTO_REJ:
1652 {
1653 int catastrophic;
1654 const struct cp *upper;
1655 int i;
1656 u_int16_t proto;
1657
1658 catastrophic = 0;
1659 upper = NULL;
1660 proto = p[0] << 8 | p[1];
1661 for (i = 0; i < IDX_COUNT; i++) {
1662 if (cps[i]->proto == proto) {
1663 upper = cps[i];
1664 break;
1665 }
1666 }
1667 if (upper == NULL)
1668 catastrophic++;
1669
1670 if (debug)
1671 log(LOG_INFO,
1672 "%s: %s: RXJ%c (%s) for proto 0x%x (%s/%s)\n",
1673 ifp->if_xname, cp->name, catastrophic ? '-' : '+',
1674 sppp_cp_type_name(h->type), proto,
1675 upper ? upper->name : "unknown",
1676 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?");
1677
1678 /*
1679 * if we got RXJ+ against conf-req, the peer does not implement
1680 * this particular protocol type. terminate the protocol.
1681 */
1682 if (upper && !catastrophic) {
1683 if (sp->state[upper->protoidx] == STATE_REQ_SENT) {
1684 upper->Close(sp);
1685 break;
1686 }
1687 }
1688
1689 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */
1690 switch (sp->state[cp->protoidx]) {
1691 case STATE_CLOSED:
1692 case STATE_STOPPED:
1693 case STATE_REQ_SENT:
1694 case STATE_ACK_SENT:
1695 case STATE_CLOSING:
1696 case STATE_STOPPING:
1697 case STATE_OPENED:
1698 break;
1699 case STATE_ACK_RCVD:
1700 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1701 break;
1702 default:
1703 printf("%s: %s illegal %s in state %s\n",
1704 ifp->if_xname, cp->name,
1705 sppp_cp_type_name(h->type),
1706 sppp_state_name(sp->state[cp->protoidx]));
1707 ++ifp->if_ierrors;
1708 }
1709 break;
1710 }
1711 case DISC_REQ:
1712 if (cp->proto != PPP_LCP)
1713 goto illegal;
1714 /* Discard the packet. */
1715 break;
1716 case ECHO_REQ:
1717 if (cp->proto != PPP_LCP)
1718 goto illegal;
1719 if (sp->state[cp->protoidx] != STATE_OPENED) {
1720 if (debug)
1721 addlog("%s: lcp echo req but lcp closed\n",
1722 ifp->if_xname);
1723 ++ifp->if_ierrors;
1724 break;
1725 }
1726 if (len < 8) {
1727 if (debug)
1728 addlog("%s: invalid lcp echo request "
1729 "packet length: %d bytes\n",
1730 ifp->if_xname, len);
1731 break;
1732 }
1733 memcpy(&u32, h + 1, sizeof u32);
1734 if (ntohl(u32) == sp->lcp.magic) {
1735 /* Line loopback mode detected. */
1736 printf("%s: loopback\n", ifp->if_xname);
1737 if_down(ifp);
1738 IF_PURGE(&sp->pp_cpq);
1739
1740 /* Shut down the PPP link. */
1741 /* XXX */
1742 lcp.Down(sp);
1743 lcp.Up(sp);
1744 break;
1745 }
1746 u32 = htonl(sp->lcp.magic);
1747 memcpy(h + 1, &u32, sizeof u32);
1748 if (debug)
1749 addlog("%s: got lcp echo req, sending echo rep\n",
1750 ifp->if_xname);
1751 sppp_cp_send(sp, PPP_LCP, ECHO_REPLY, h->ident, len - 4,
1752 h + 1);
1753 break;
1754 case ECHO_REPLY:
1755 if (cp->proto != PPP_LCP)
1756 goto illegal;
1757 if (h->ident != sp->lcp.echoid) {
1758 ++ifp->if_ierrors;
1759 break;
1760 }
1761 if (len < 8) {
1762 if (debug)
1763 addlog("%s: lcp invalid echo reply "
1764 "packet length: %d bytes\n",
1765 ifp->if_xname, len);
1766 break;
1767 }
1768 if (debug)
1769 addlog("%s: lcp got echo rep\n",
1770 ifp->if_xname);
1771 memcpy(&u32, h + 1, sizeof u32);
1772 if (ntohl(u32) != sp->lcp.magic)
1773 sp->pp_alivecnt = 0;
1774 break;
1775 default:
1776 /* Unknown packet type -- send Code-Reject packet. */
1777 illegal:
1778 if (debug)
1779 addlog("%s: %s send code-rej for 0x%x\n",
1780 ifp->if_xname, cp->name, h->type);
1781 sppp_cp_send(sp, cp->proto, CODE_REJ,
1782 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h);
1783 ++ifp->if_ierrors;
1784 }
1785 }
1786
1787
1788 /*
1789 * The generic part of all Up/Down/Open/Close/TO event handlers.
1790 * Basically, the state transition handling in the automaton.
1791 */
1792 static void
1793 sppp_up_event(const struct cp *cp, struct sppp *sp)
1794 {
1795 STDDCL;
1796
1797 if (debug)
1798 log(LOG_DEBUG, "%s: %s up(%s)\n",
1799 ifp->if_xname, cp->name,
1800 sppp_state_name(sp->state[cp->protoidx]));
1801
1802 switch (sp->state[cp->protoidx]) {
1803 case STATE_INITIAL:
1804 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1805 break;
1806 case STATE_STARTING:
1807 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1808 (cp->scr)(sp);
1809 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1810 break;
1811 default:
1812 printf("%s: %s illegal up in state %s\n",
1813 ifp->if_xname, cp->name,
1814 sppp_state_name(sp->state[cp->protoidx]));
1815 }
1816 }
1817
1818 static void
1819 sppp_down_event(const struct cp *cp, struct sppp *sp)
1820 {
1821 STDDCL;
1822
1823 if (debug)
1824 log(LOG_DEBUG, "%s: %s down(%s)\n",
1825 ifp->if_xname, cp->name,
1826 sppp_state_name(sp->state[cp->protoidx]));
1827
1828 switch (sp->state[cp->protoidx]) {
1829 case STATE_CLOSED:
1830 case STATE_CLOSING:
1831 sppp_cp_change_state(cp, sp, STATE_INITIAL);
1832 break;
1833 case STATE_STOPPED:
1834 (cp->tls)(sp);
1835 /* fall through */
1836 case STATE_STOPPING:
1837 case STATE_REQ_SENT:
1838 case STATE_ACK_RCVD:
1839 case STATE_ACK_SENT:
1840 sppp_cp_change_state(cp, sp, STATE_STARTING);
1841 break;
1842 case STATE_OPENED:
1843 (cp->tld)(sp);
1844 sppp_cp_change_state(cp, sp, STATE_STARTING);
1845 break;
1846 default:
1847 printf("%s: %s illegal down in state %s\n",
1848 ifp->if_xname, cp->name,
1849 sppp_state_name(sp->state[cp->protoidx]));
1850 }
1851 }
1852
1853
1854 static void
1855 sppp_open_event(const struct cp *cp, struct sppp *sp)
1856 {
1857 STDDCL;
1858
1859 if (debug)
1860 log(LOG_DEBUG, "%s: %s open(%s)\n",
1861 ifp->if_xname, cp->name,
1862 sppp_state_name(sp->state[cp->protoidx]));
1863
1864 switch (sp->state[cp->protoidx]) {
1865 case STATE_INITIAL:
1866 (cp->tls)(sp);
1867 sppp_cp_change_state(cp, sp, STATE_STARTING);
1868 break;
1869 case STATE_STARTING:
1870 break;
1871 case STATE_CLOSED:
1872 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1873 (cp->scr)(sp);
1874 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1875 break;
1876 case STATE_STOPPED:
1877 case STATE_STOPPING:
1878 case STATE_REQ_SENT:
1879 case STATE_ACK_RCVD:
1880 case STATE_ACK_SENT:
1881 case STATE_OPENED:
1882 break;
1883 case STATE_CLOSING:
1884 sppp_cp_change_state(cp, sp, STATE_STOPPING);
1885 break;
1886 }
1887 }
1888
1889
1890 static void
1891 sppp_close_event(const struct cp *cp, struct sppp *sp)
1892 {
1893 STDDCL;
1894
1895 if (debug)
1896 log(LOG_DEBUG, "%s: %s close(%s)\n",
1897 ifp->if_xname, cp->name,
1898 sppp_state_name(sp->state[cp->protoidx]));
1899
1900 switch (sp->state[cp->protoidx]) {
1901 case STATE_INITIAL:
1902 case STATE_CLOSED:
1903 case STATE_CLOSING:
1904 break;
1905 case STATE_STARTING:
1906 (cp->tlf)(sp);
1907 sppp_cp_change_state(cp, sp, STATE_INITIAL);
1908 break;
1909 case STATE_STOPPED:
1910 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1911 break;
1912 case STATE_STOPPING:
1913 sppp_cp_change_state(cp, sp, STATE_CLOSING);
1914 break;
1915 case STATE_OPENED:
1916 (cp->tld)(sp);
1917 /* fall through */
1918 case STATE_REQ_SENT:
1919 case STATE_ACK_RCVD:
1920 case STATE_ACK_SENT:
1921 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate;
1922 sppp_cp_send(sp, cp->proto, TERM_REQ,
1923 ++sp->pp_seq[cp->protoidx], 0, 0);
1924 sppp_cp_change_state(cp, sp, STATE_CLOSING);
1925 break;
1926 }
1927 }
1928
1929 static void
1930 sppp_to_event(const struct cp *cp, struct sppp *sp)
1931 {
1932 STDDCL;
1933 int s;
1934
1935 s = splnet();
1936 if (debug)
1937 log(LOG_DEBUG, "%s: %s TO(%s) rst_counter = %d\n",
1938 ifp->if_xname, cp->name,
1939 sppp_state_name(sp->state[cp->protoidx]),
1940 sp->rst_counter[cp->protoidx]);
1941
1942 if (--sp->rst_counter[cp->protoidx] < 0)
1943 /* TO- event */
1944 switch (sp->state[cp->protoidx]) {
1945 case STATE_CLOSING:
1946 (cp->tlf)(sp);
1947 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1948 sppp_lcp_check_and_close(sp);
1949 break;
1950 case STATE_STOPPING:
1951 (cp->tlf)(sp);
1952 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1953 sppp_lcp_check_and_close(sp);
1954 break;
1955 case STATE_REQ_SENT:
1956 case STATE_ACK_RCVD:
1957 case STATE_ACK_SENT:
1958 (cp->tlf)(sp);
1959 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1960 sppp_lcp_check_and_close(sp);
1961 break;
1962 }
1963 else
1964 /* TO+ event */
1965 switch (sp->state[cp->protoidx]) {
1966 case STATE_CLOSING:
1967 case STATE_STOPPING:
1968 sppp_cp_send(sp, cp->proto, TERM_REQ,
1969 ++sp->pp_seq[cp->protoidx], 0, 0);
1970 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout,
1971 cp->TO, sp);
1972 break;
1973 case STATE_REQ_SENT:
1974 case STATE_ACK_RCVD:
1975 (cp->scr)(sp);
1976 /* sppp_cp_change_state() will restart the timer */
1977 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1978 break;
1979 case STATE_ACK_SENT:
1980 (cp->scr)(sp);
1981 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout,
1982 cp->TO, sp);
1983 break;
1984 }
1985
1986 splx(s);
1987 }
1988
1989 /*
1990 * Change the state of a control protocol in the state automaton.
1991 * Takes care of starting/stopping the restart timer.
1992 */
1993 void
1994 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate)
1995 {
1996 sp->state[cp->protoidx] = newstate;
1997 callout_stop(&sp->ch[cp->protoidx]);
1998 switch (newstate) {
1999 case STATE_INITIAL:
2000 case STATE_STARTING:
2001 case STATE_CLOSED:
2002 case STATE_STOPPED:
2003 case STATE_OPENED:
2004 break;
2005 case STATE_CLOSING:
2006 case STATE_STOPPING:
2007 case STATE_REQ_SENT:
2008 case STATE_ACK_RCVD:
2009 case STATE_ACK_SENT:
2010 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout,
2011 cp->TO, sp);
2012 break;
2013 }
2014 }
2015
2016 /*
2017 *--------------------------------------------------------------------------*
2018 * *
2019 * The LCP implementation. *
2020 * *
2021 *--------------------------------------------------------------------------*
2022 */
2023 static void
2024 sppp_lcp_init(struct sppp *sp)
2025 {
2026 sp->lcp.opts = (1 << LCP_OPT_MAGIC);
2027 sp->lcp.magic = 0;
2028 sp->state[IDX_LCP] = STATE_INITIAL;
2029 sp->fail_counter[IDX_LCP] = 0;
2030 sp->pp_seq[IDX_LCP] = 0;
2031 sp->pp_rseq[IDX_LCP] = 0;
2032 sp->lcp.protos = 0;
2033 sp->lcp.mru = sp->lcp.their_mru = PP_MTU;
2034
2035 /*
2036 * Initialize counters and timeout values. Note that we don't
2037 * use the 3 seconds suggested in RFC 1661 since we are likely
2038 * running on a fast link. XXX We should probably implement
2039 * the exponential backoff option. Note that these values are
2040 * relevant for all control protocols, not just LCP only.
2041 */
2042 sp->lcp.timeout = 1 * hz;
2043 sp->lcp.max_terminate = 2;
2044 sp->lcp.max_configure = 10;
2045 sp->lcp.max_failure = 10;
2046 callout_init(&sp->ch[IDX_LCP]);
2047 }
2048
2049 static void
2050 sppp_lcp_up(struct sppp *sp)
2051 {
2052 STDDCL;
2053
2054 /* Initialize activity timestamp: opening a connection is an activity */
2055 sp->pp_last_receive = sp->pp_last_activity = mono_time.tv_sec;
2056
2057 /*
2058 * If this interface is passive or dial-on-demand, and we are
2059 * still in Initial state, it means we've got an incoming
2060 * call. Activate the interface.
2061 */
2062 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) {
2063 if (debug)
2064 log(LOG_DEBUG,
2065 "%s: Up event", ifp->if_xname);
2066 ifp->if_flags |= IFF_RUNNING;
2067 if (sp->state[IDX_LCP] == STATE_INITIAL) {
2068 if (debug)
2069 addlog("(incoming call)\n");
2070 sp->pp_flags |= PP_CALLIN;
2071 lcp.Open(sp);
2072 } else if (debug)
2073 addlog("\n");
2074 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 &&
2075 (sp->state[IDX_LCP] == STATE_INITIAL)) {
2076 ifp->if_flags |= IFF_RUNNING;
2077 lcp.Open(sp);
2078 }
2079
2080 sppp_up_event(&lcp, sp);
2081 }
2082
2083 static void
2084 sppp_lcp_down(struct sppp *sp)
2085 {
2086 STDDCL;
2087
2088 sppp_down_event(&lcp, sp);
2089
2090 /*
2091 * If this is neither a dial-on-demand nor a passive
2092 * interface, simulate an ``ifconfig down'' action, so the
2093 * administrator can force a redial by another ``ifconfig
2094 * up''. XXX For leased line operation, should we immediately
2095 * try to reopen the connection here?
2096 */
2097 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) {
2098 if (debug)
2099 log(LOG_INFO,
2100 "%s: Down event (carrier loss), taking interface down.\n",
2101 ifp->if_xname);
2102 if_down(ifp);
2103 } else {
2104 if (debug)
2105 log(LOG_DEBUG,
2106 "%s: Down event (carrier loss)\n",
2107 ifp->if_xname);
2108 }
2109 sp->pp_flags &= ~PP_CALLIN;
2110 if (sp->state[IDX_LCP] != STATE_INITIAL)
2111 lcp.Close(sp);
2112 ifp->if_flags &= ~IFF_RUNNING;
2113 }
2114
2115 static void
2116 sppp_lcp_open(struct sppp *sp)
2117 {
2118 /*
2119 * If we are authenticator, negotiate LCP_AUTH
2120 */
2121 if (sp->hisauth.proto != 0)
2122 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO);
2123 else
2124 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
2125 sp->pp_flags &= ~PP_NEEDAUTH;
2126 sppp_open_event(&lcp, sp);
2127 }
2128
2129 static void
2130 sppp_lcp_close(struct sppp *sp)
2131 {
2132 sppp_close_event(&lcp, sp);
2133 }
2134
2135 static void
2136 sppp_lcp_TO(void *cookie)
2137 {
2138 sppp_to_event(&lcp, (struct sppp *)cookie);
2139 }
2140
2141 /*
2142 * Analyze a configure request. Return true if it was agreeable, and
2143 * caused action sca, false if it has been rejected or nak'ed, and
2144 * caused action scn. (The return value is used to make the state
2145 * transition decision in the state automaton.)
2146 */
2147 static int
2148 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
2149 {
2150 STDDCL;
2151 u_char *buf, *r, *p;
2152 int origlen, rlen;
2153 u_int32_t nmagic;
2154 u_short authproto;
2155
2156 len -= 4;
2157 origlen = len;
2158 buf = r = malloc (len, M_TEMP, M_NOWAIT);
2159 if (! buf)
2160 return (0);
2161
2162 if (debug)
2163 log(LOG_DEBUG, "%s: lcp parse opts:",
2164 ifp->if_xname);
2165
2166 /* pass 1: check for things that need to be rejected */
2167 p = (void *)(h + 1);
2168 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2169 /* Sanity check option length */
2170 if (p[1] > len) {
2171 /*
2172 * Malicious option - drop imediately.
2173 * XXX Maybe we should just RXJ it?
2174 */
2175 addlog("%s: received malicious LCP option 0x%02x, "
2176 "length 0x%02x, (len: 0x%02x) dropping.\n", ifp->if_xname,
2177 p[0], p[1], len);
2178 goto drop;
2179 }
2180 if (debug)
2181 addlog(" %s", sppp_lcp_opt_name(*p));
2182 switch (*p) {
2183 case LCP_OPT_MAGIC:
2184 /* Magic number. */
2185 /* fall through, both are same length */
2186 case LCP_OPT_ASYNC_MAP:
2187 /* Async control character map. */
2188 if (len >= 6 || p[1] == 6)
2189 continue;
2190 if (debug)
2191 addlog(" [invalid]");
2192 break;
2193 case LCP_OPT_MRU:
2194 /* Maximum receive unit. */
2195 if (len >= 4 && p[1] == 4)
2196 continue;
2197 if (debug)
2198 addlog(" [invalid]");
2199 break;
2200 case LCP_OPT_AUTH_PROTO:
2201 if (len < 4) {
2202 if (debug)
2203 addlog(" [invalid]");
2204 break;
2205 }
2206 authproto = (p[2] << 8) + p[3];
2207 if (authproto == PPP_CHAP && p[1] != 5) {
2208 if (debug)
2209 addlog(" [invalid chap len]");
2210 break;
2211 }
2212 if (sp->myauth.proto == 0) {
2213 /* we are not configured to do auth */
2214 if (debug)
2215 addlog(" [not configured]");
2216 break;
2217 }
2218 /*
2219 * Remote want us to authenticate, remember this,
2220 * so we stay in SPPP_PHASE_AUTHENTICATE after LCP got
2221 * up.
2222 */
2223 sp->pp_flags |= PP_NEEDAUTH;
2224 continue;
2225 default:
2226 /* Others not supported. */
2227 if (debug)
2228 addlog(" [rej]");
2229 break;
2230 }
2231 /* Add the option to rejected list. */
2232 bcopy (p, r, p[1]);
2233 r += p[1];
2234 rlen += p[1];
2235 }
2236 if (rlen) {
2237 if (debug)
2238 addlog(" send conf-rej\n");
2239 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
2240 goto end;
2241 } else if (debug)
2242 addlog("\n");
2243
2244 /*
2245 * pass 2: check for option values that are unacceptable and
2246 * thus require to be nak'ed.
2247 */
2248 if (debug)
2249 log(LOG_DEBUG, "%s: lcp parse opt values: ",
2250 ifp->if_xname);
2251
2252 p = (void *)(h + 1);
2253 len = origlen;
2254 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2255 if (debug)
2256 addlog(" %s", sppp_lcp_opt_name(*p));
2257 switch (*p) {
2258 case LCP_OPT_MAGIC:
2259 /* Magic number -- extract. */
2260 nmagic = (u_int32_t)p[2] << 24 |
2261 (u_int32_t)p[3] << 16 | p[4] << 8 | p[5];
2262 if (nmagic != sp->lcp.magic) {
2263 if (debug)
2264 addlog(" 0x%x", nmagic);
2265 continue;
2266 }
2267 /*
2268 * Local and remote magics equal -- loopback?
2269 */
2270 if (sp->pp_loopcnt >= LOOPALIVECNT*5) {
2271 printf ("%s: loopback\n",
2272 ifp->if_xname);
2273 sp->pp_loopcnt = 0;
2274 if (ifp->if_flags & IFF_UP) {
2275 if_down(ifp);
2276 IF_PURGE(&sp->pp_cpq);
2277 /* XXX ? */
2278 lcp.Down(sp);
2279 lcp.Up(sp);
2280 }
2281 } else if (debug)
2282 addlog(" [glitch]");
2283 ++sp->pp_loopcnt;
2284 /*
2285 * We negate our magic here, and NAK it. If
2286 * we see it later in an NAK packet, we
2287 * suggest a new one.
2288 */
2289 nmagic = ~sp->lcp.magic;
2290 /* Gonna NAK it. */
2291 p[2] = nmagic >> 24;
2292 p[3] = nmagic >> 16;
2293 p[4] = nmagic >> 8;
2294 p[5] = nmagic;
2295 break;
2296
2297 case LCP_OPT_ASYNC_MAP:
2298 /*
2299 * Async control character map -- just ignore it.
2300 *
2301 * Quote from RFC 1662, chapter 6:
2302 * To enable this functionality, synchronous PPP
2303 * implementations MUST always respond to the
2304 * Async-Control-Character-Map Configuration
2305 * Option with the LCP Configure-Ack. However,
2306 * acceptance of the Configuration Option does
2307 * not imply that the synchronous implementation
2308 * will do any ACCM mapping. Instead, all such
2309 * octet mapping will be performed by the
2310 * asynchronous-to-synchronous converter.
2311 */
2312 continue;
2313
2314 case LCP_OPT_MRU:
2315 /*
2316 * Maximum receive unit. Always agreeable,
2317 * but ignored by now.
2318 */
2319 sp->lcp.their_mru = p[2] * 256 + p[3];
2320 if (debug)
2321 addlog(" %ld", sp->lcp.their_mru);
2322 continue;
2323
2324 case LCP_OPT_AUTH_PROTO:
2325 authproto = (p[2] << 8) + p[3];
2326 if (sp->myauth.proto != authproto) {
2327 /* not agreed, nak */
2328 if (debug)
2329 addlog(" [mine %s != his %s]",
2330 sppp_proto_name(sp->myauth.proto),
2331 sppp_proto_name(authproto));
2332 p[2] = sp->myauth.proto >> 8;
2333 p[3] = sp->myauth.proto;
2334 break;
2335 }
2336 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) {
2337 if (debug)
2338 addlog(" [chap not MD5]");
2339 p[4] = CHAP_MD5;
2340 break;
2341 }
2342 continue;
2343 }
2344 /* Add the option to nak'ed list. */
2345 bcopy (p, r, p[1]);
2346 r += p[1];
2347 rlen += p[1];
2348 }
2349 if (rlen) {
2350 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) {
2351 if (debug)
2352 addlog(" max_failure (%d) exceeded, "
2353 "send conf-rej\n",
2354 sp->lcp.max_failure);
2355 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
2356 } else {
2357 if (debug)
2358 addlog(" send conf-nak\n");
2359 sppp_cp_send(sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf);
2360 }
2361 goto end;
2362 } else {
2363 if (debug)
2364 addlog(" send conf-ack\n");
2365 sp->fail_counter[IDX_LCP] = 0;
2366 sp->pp_loopcnt = 0;
2367 sppp_cp_send(sp, PPP_LCP, CONF_ACK, h->ident, origlen, h + 1);
2368 }
2369
2370 end:
2371 free(buf, M_TEMP);
2372 return (rlen == 0);
2373
2374 drop:
2375 free(buf, M_TEMP);
2376 return -1;
2377 }
2378
2379 /*
2380 * Analyze the LCP Configure-Reject option list, and adjust our
2381 * negotiation.
2382 */
2383 static void
2384 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
2385 {
2386 STDDCL;
2387 u_char *buf, *p;
2388
2389 len -= 4;
2390 buf = malloc (len, M_TEMP, M_NOWAIT);
2391 if (!buf)
2392 return;
2393
2394 if (debug)
2395 log(LOG_DEBUG, "%s: lcp rej opts:",
2396 ifp->if_xname);
2397
2398 p = (void *)(h + 1);
2399 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
2400 /* Sanity check option length */
2401 if (p[1] > len) {
2402 /*
2403 * Malicious option - drop imediately.
2404 * XXX Maybe we should just RXJ it?
2405 */
2406 addlog("%s: received malicious LCP option, "
2407 "dropping.\n", ifp->if_xname);
2408 goto drop;
2409 }
2410 if (debug)
2411 addlog(" %s", sppp_lcp_opt_name(*p));
2412 switch (*p) {
2413 case LCP_OPT_MAGIC:
2414 /* Magic number -- can't use it, use 0 */
2415 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC);
2416 sp->lcp.magic = 0;
2417 break;
2418 case LCP_OPT_MRU:
2419 /*
2420 * Should not be rejected anyway, since we only
2421 * negotiate a MRU if explicitly requested by
2422 * peer.
2423 */
2424 sp->lcp.opts &= ~(1 << LCP_OPT_MRU);
2425 break;
2426 case LCP_OPT_AUTH_PROTO:
2427 /*
2428 * Peer doesn't want to authenticate himself,
2429 * deny unless this is a dialout call, and
2430 * SPPP_AUTHFLAG_NOCALLOUT is set.
2431 */
2432 if ((sp->pp_flags & PP_CALLIN) == 0 &&
2433 (sp->hisauth.flags & SPPP_AUTHFLAG_NOCALLOUT) != 0) {
2434 if (debug)
2435 addlog(" [don't insist on auth "
2436 "for callout]");
2437 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
2438 break;
2439 }
2440 if (debug)
2441 addlog("[access denied]\n");
2442 lcp.Close(sp);
2443 break;
2444 }
2445 }
2446 if (debug)
2447 addlog("\n");
2448 drop:
2449 free(buf, M_TEMP);
2450 return;
2451 }
2452
2453 /*
2454 * Analyze the LCP Configure-NAK option list, and adjust our
2455 * negotiation.
2456 */
2457 static void
2458 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
2459 {
2460 STDDCL;
2461 u_char *buf, *p;
2462 u_int32_t magic;
2463
2464 len -= 4;
2465 buf = malloc (len, M_TEMP, M_NOWAIT);
2466 if (!buf)
2467 return;
2468
2469 if (debug)
2470 log(LOG_DEBUG, "%s: lcp nak opts:",
2471 ifp->if_xname);
2472
2473 p = (void *)(h + 1);
2474 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
2475 /* Sanity check option length */
2476 if (p[1] > len) {
2477 /*
2478 * Malicious option - drop imediately.
2479 * XXX Maybe we should just RXJ it?
2480 */
2481 addlog("%s: received malicious LCP option, "
2482 "dropping.\n", ifp->if_xname);
2483 goto drop;
2484 }
2485 if (debug)
2486 addlog(" %s", sppp_lcp_opt_name(*p));
2487 switch (*p) {
2488 case LCP_OPT_MAGIC:
2489 /* Magic number -- renegotiate */
2490 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) &&
2491 len >= 6 && p[1] == 6) {
2492 magic = (u_int32_t)p[2] << 24 |
2493 (u_int32_t)p[3] << 16 | p[4] << 8 | p[5];
2494 /*
2495 * If the remote magic is our negated one,
2496 * this looks like a loopback problem.
2497 * Suggest a new magic to make sure.
2498 */
2499 if (magic == ~sp->lcp.magic) {
2500 if (debug)
2501 addlog(" magic glitch");
2502 sp->lcp.magic = arc4random();
2503 } else {
2504 sp->lcp.magic = magic;
2505 if (debug)
2506 addlog(" %d", magic);
2507 }
2508 }
2509 break;
2510 case LCP_OPT_MRU:
2511 /*
2512 * Peer wants to advise us to negotiate an MRU.
2513 * Agree on it if it's reasonable, or use
2514 * default otherwise.
2515 */
2516 if (len >= 4 && p[1] == 4) {
2517 u_int mru = p[2] * 256 + p[3];
2518 if (debug)
2519 addlog(" %d", mru);
2520 if (mru < PP_MTU || mru > PP_MAX_MRU)
2521 mru = PP_MTU;
2522 sp->lcp.mru = mru;
2523 sp->lcp.opts |= (1 << LCP_OPT_MRU);
2524 }
2525 break;
2526 case LCP_OPT_AUTH_PROTO:
2527 /*
2528 * Peer doesn't like our authentication method,
2529 * deny.
2530 */
2531 if (debug)
2532 addlog("[access denied]\n");
2533 lcp.Close(sp);
2534 break;
2535 }
2536 }
2537 if (debug)
2538 addlog("\n");
2539 drop:
2540 free(buf, M_TEMP);
2541 return;
2542 }
2543
2544 static void
2545 sppp_lcp_tlu(struct sppp *sp)
2546 {
2547 STDDCL;
2548 int i;
2549 u_int32_t mask;
2550
2551 /* XXX ? */
2552 if (! (ifp->if_flags & IFF_UP) &&
2553 (ifp->if_flags & IFF_RUNNING)) {
2554 /* Coming out of loopback mode. */
2555 if_up(ifp);
2556 }
2557
2558 for (i = 0; i < IDX_COUNT; i++)
2559 if ((cps[i])->flags & CP_QUAL)
2560 (cps[i])->Open(sp);
2561
2562 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 ||
2563 (sp->pp_flags & PP_NEEDAUTH) != 0)
2564 sp->pp_phase = SPPP_PHASE_AUTHENTICATE;
2565 else
2566 sp->pp_phase = SPPP_PHASE_NETWORK;
2567
2568 if (debug)
2569 {
2570 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname,
2571 sppp_phase_name(sp->pp_phase));
2572 }
2573
2574 /*
2575 * Open all authentication protocols. This is even required
2576 * if we already proceeded to network phase, since it might be
2577 * that remote wants us to authenticate, so we might have to
2578 * send a PAP request. Undesired authentication protocols
2579 * don't do anything when they get an Open event.
2580 */
2581 for (i = 0; i < IDX_COUNT; i++)
2582 if ((cps[i])->flags & CP_AUTH)
2583 (cps[i])->Open(sp);
2584
2585 if (sp->pp_phase == SPPP_PHASE_NETWORK) {
2586 /* Notify all NCPs. */
2587 for (i = 0; i < IDX_COUNT; i++)
2588 if ((cps[i])->flags & CP_NCP)
2589 (cps[i])->Open(sp);
2590 }
2591
2592 /* Send Up events to all started protos. */
2593 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2594 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0)
2595 (cps[i])->Up(sp);
2596
2597 /* notify low-level driver of state change */
2598 if (sp->pp_chg)
2599 sp->pp_chg(sp, (int)sp->pp_phase);
2600
2601 if (sp->pp_phase == SPPP_PHASE_NETWORK)
2602 /* if no NCP is starting, close down */
2603 sppp_lcp_check_and_close(sp);
2604 }
2605
2606 static void
2607 sppp_lcp_tld(struct sppp *sp)
2608 {
2609 STDDCL;
2610 int i;
2611 u_int32_t mask;
2612
2613 sp->pp_phase = SPPP_PHASE_TERMINATE;
2614
2615 if (debug)
2616 {
2617 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname,
2618 sppp_phase_name(sp->pp_phase));
2619 }
2620
2621 /*
2622 * Take upper layers down. We send the Down event first and
2623 * the Close second to prevent the upper layers from sending
2624 * ``a flurry of terminate-request packets'', as the RFC
2625 * describes it.
2626 */
2627 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2628 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) {
2629 (cps[i])->Down(sp);
2630 (cps[i])->Close(sp);
2631 }
2632 }
2633
2634 static void
2635 sppp_lcp_tls(struct sppp *sp)
2636 {
2637 STDDCL;
2638
2639 if (sp->pp_max_auth_fail != 0 && sp->pp_auth_failures >= sp->pp_max_auth_fail) {
2640 printf("%s: authentication failed %d times, not retrying again\n",
2641 sp->pp_if.if_xname, sp->pp_auth_failures);
2642 if_down(&sp->pp_if);
2643 return;
2644 }
2645
2646 sp->pp_phase = SPPP_PHASE_ESTABLISH;
2647
2648 if (debug)
2649 {
2650 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname,
2651 sppp_phase_name(sp->pp_phase));
2652 }
2653
2654 /* Notify lower layer if desired. */
2655 if (sp->pp_tls)
2656 (sp->pp_tls)(sp);
2657 }
2658
2659 static void
2660 sppp_lcp_tlf(struct sppp *sp)
2661 {
2662 STDDCL;
2663
2664 sp->pp_phase = SPPP_PHASE_DEAD;
2665
2666 if (debug)
2667 {
2668 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname,
2669 sppp_phase_name(sp->pp_phase));
2670 }
2671
2672 /* Notify lower layer if desired. */
2673 if (sp->pp_tlf)
2674 (sp->pp_tlf)(sp);
2675 }
2676
2677 static void
2678 sppp_lcp_scr(struct sppp *sp)
2679 {
2680 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */];
2681 int i = 0;
2682 u_short authproto;
2683
2684 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) {
2685 if (! sp->lcp.magic)
2686 sp->lcp.magic = arc4random();
2687 opt[i++] = LCP_OPT_MAGIC;
2688 opt[i++] = 6;
2689 opt[i++] = sp->lcp.magic >> 24;
2690 opt[i++] = sp->lcp.magic >> 16;
2691 opt[i++] = sp->lcp.magic >> 8;
2692 opt[i++] = sp->lcp.magic;
2693 }
2694
2695 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) {
2696 opt[i++] = LCP_OPT_MRU;
2697 opt[i++] = 4;
2698 opt[i++] = sp->lcp.mru >> 8;
2699 opt[i++] = sp->lcp.mru;
2700 }
2701
2702 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) {
2703 authproto = sp->hisauth.proto;
2704 opt[i++] = LCP_OPT_AUTH_PROTO;
2705 opt[i++] = authproto == PPP_CHAP? 5: 4;
2706 opt[i++] = authproto >> 8;
2707 opt[i++] = authproto;
2708 if (authproto == PPP_CHAP)
2709 opt[i++] = CHAP_MD5;
2710 }
2711
2712 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP];
2713 sppp_cp_send(sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt);
2714 }
2715
2716 /*
2717 * Check the open NCPs, return true if at least one NCP is open.
2718 */
2719 static int
2720 sppp_ncp_check(struct sppp *sp)
2721 {
2722 int i, mask;
2723
2724 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2725 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP)
2726 return 1;
2727 return 0;
2728 }
2729
2730 /*
2731 * Re-check the open NCPs and see if we should terminate the link.
2732 * Called by the NCPs during their tlf action handling.
2733 */
2734 static void
2735 sppp_lcp_check_and_close(struct sppp *sp)
2736 {
2737
2738 if (sp->pp_phase < SPPP_PHASE_NETWORK)
2739 /* don't bother, we are already going down */
2740 return;
2741
2742 if (sppp_ncp_check(sp))
2743 return;
2744
2745 lcp.Close(sp);
2746 }
2747
2748
2749 /*
2750 *--------------------------------------------------------------------------*
2751 * *
2752 * The IPCP implementation. *
2753 * *
2754 *--------------------------------------------------------------------------*
2755 */
2756
2757 static void
2758 sppp_ipcp_init(struct sppp *sp)
2759 {
2760 sp->ipcp.opts = 0;
2761 sp->ipcp.flags = 0;
2762 sp->state[IDX_IPCP] = STATE_INITIAL;
2763 sp->fail_counter[IDX_IPCP] = 0;
2764 sp->pp_seq[IDX_IPCP] = 0;
2765 sp->pp_rseq[IDX_IPCP] = 0;
2766 callout_init(&sp->ch[IDX_IPCP]);
2767 }
2768
2769 static void
2770 sppp_ipcp_up(struct sppp *sp)
2771 {
2772 sppp_up_event(&ipcp, sp);
2773 }
2774
2775 static void
2776 sppp_ipcp_down(struct sppp *sp)
2777 {
2778 sppp_down_event(&ipcp, sp);
2779 }
2780
2781 static void
2782 sppp_ipcp_open(struct sppp *sp)
2783 {
2784 STDDCL;
2785 u_int32_t myaddr, hisaddr;
2786
2787 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN|IPCP_HISADDR_DYN);
2788 sp->ipcp.req_myaddr = 0;
2789 sp->ipcp.req_hisaddr = 0;
2790 memset(&sp->dns_addrs, 0, sizeof sp->dns_addrs);
2791
2792 #ifdef INET
2793 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0);
2794 #else
2795 myaddr = hisaddr = 0;
2796 #endif
2797 /*
2798 * If we don't have his address, this probably means our
2799 * interface doesn't want to talk IP at all. (This could
2800 * be the case if somebody wants to speak only IPX, for
2801 * example.) Don't open IPCP in this case.
2802 */
2803 if (hisaddr == 0) {
2804 /* XXX this message should go away */
2805 if (debug)
2806 log(LOG_DEBUG, "%s: ipcp_open(): no IP interface\n",
2807 ifp->if_xname);
2808 return;
2809 }
2810
2811 if (myaddr == 0) {
2812 /*
2813 * I don't have an assigned address, so i need to
2814 * negotiate my address.
2815 */
2816 sp->ipcp.flags |= IPCP_MYADDR_DYN;
2817 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
2818 }
2819 if (hisaddr == 1) {
2820 /*
2821 * XXX - remove this hack!
2822 * remote has no valid address, we need to get one assigned.
2823 */
2824 sp->ipcp.flags |= IPCP_HISADDR_DYN;
2825 }
2826 sppp_open_event(&ipcp, sp);
2827 }
2828
2829 static void
2830 sppp_ipcp_close(struct sppp *sp)
2831 {
2832 STDDCL;
2833
2834 sppp_close_event(&ipcp, sp);
2835 #ifdef INET
2836 if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN))
2837 /*
2838 * Some address was dynamic, clear it again.
2839 */
2840 sppp_clear_ip_addrs(sp);
2841 #endif
2842
2843 if (sp->pp_saved_mtu > 0) {
2844 ifp->if_mtu = sp->pp_saved_mtu;
2845 sp->pp_saved_mtu = 0;
2846 if (debug)
2847 log(LOG_DEBUG,
2848 "%s: resetting MTU to %" PRIu64 " bytes\n",
2849 ifp->if_xname, ifp->if_mtu);
2850 }
2851 }
2852
2853 static void
2854 sppp_ipcp_TO(void *cookie)
2855 {
2856 sppp_to_event(&ipcp, (struct sppp *)cookie);
2857 }
2858
2859 /*
2860 * Analyze a configure request. Return true if it was agreeable, and
2861 * caused action sca, false if it has been rejected or nak'ed, and
2862 * caused action scn. (The return value is used to make the state
2863 * transition decision in the state automaton.)
2864 */
2865 static int
2866 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
2867 {
2868 u_char *buf, *r, *p;
2869 struct ifnet *ifp = &sp->pp_if;
2870 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG;
2871 u_int32_t hisaddr, desiredaddr;
2872
2873 len -= 4;
2874 origlen = len;
2875 /*
2876 * Make sure to allocate a buf that can at least hold a
2877 * conf-nak with an `address' option. We might need it below.
2878 */
2879 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT);
2880 if (! buf)
2881 return (0);
2882
2883 /* pass 1: see if we can recognize them */
2884 if (debug)
2885 log(LOG_DEBUG, "%s: ipcp parse opts:",
2886 ifp->if_xname);
2887 p = (void *)(h + 1);
2888 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2889 /* Sanity check option length */
2890 if (p[1] > len) {
2891 /* XXX should we just RXJ? */
2892 addlog("%s: malicious IPCP option received, dropping\n",
2893 ifp->if_xname);
2894 goto drop;
2895 }
2896 if (debug)
2897 addlog(" %s", sppp_ipcp_opt_name(*p));
2898 switch (*p) {
2899 #ifdef notyet
2900 case IPCP_OPT_COMPRESSION:
2901 if (len >= 6 && p[1] >= 6) {
2902 /* correctly formed compress option */
2903 continue;
2904 }
2905 if (debug)
2906 addlog(" [invalid]");
2907 break;
2908 #endif
2909 case IPCP_OPT_ADDRESS:
2910 if (len >= 6 && p[1] == 6) {
2911 /* correctly formed address option */
2912 continue;
2913 }
2914 if (debug)
2915 addlog(" [invalid]");
2916 break;
2917 default:
2918 /* Others not supported. */
2919 if (debug)
2920 addlog(" [rej]");
2921 break;
2922 }
2923 /* Add the option to rejected list. */
2924 bcopy (p, r, p[1]);
2925 r += p[1];
2926 rlen += p[1];
2927 }
2928 if (rlen) {
2929 if (debug)
2930 addlog(" send conf-rej\n");
2931 sppp_cp_send(sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf);
2932 goto end;
2933 } else if (debug)
2934 addlog("\n");
2935
2936 /* pass 2: parse option values */
2937 if (sp->ipcp.flags & IPCP_HISADDR_SEEN)
2938 hisaddr = sp->ipcp.req_hisaddr; /* we already aggreed on that */
2939 else
2940 #ifdef INET
2941 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */
2942 #else
2943 hisaddr = 0;
2944 #endif
2945 if (debug)
2946 log(LOG_DEBUG, "%s: ipcp parse opt values: ",
2947 ifp->if_xname);
2948 p = (void *)(h + 1);
2949 len = origlen;
2950 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2951 if (debug)
2952 addlog(" %s", sppp_ipcp_opt_name(*p));
2953 switch (*p) {
2954 #ifdef notyet
2955 case IPCP_OPT_COMPRESSION:
2956 continue;
2957 #endif
2958 case IPCP_OPT_ADDRESS:
2959 desiredaddr = p[2] << 24 | p[3] << 16 |
2960 p[4] << 8 | p[5];
2961 if (desiredaddr == hisaddr ||
2962 ((sp->ipcp.flags & IPCP_HISADDR_DYN) && desiredaddr != 0)) {
2963 /*
2964 * Peer's address is same as our value,
2965 * this is agreeable. Gonna conf-ack
2966 * it.
2967 */
2968 if (debug)
2969 addlog(" %s [ack]",
2970 sppp_dotted_quad(hisaddr));
2971 /* record that we've seen it already */
2972 sp->ipcp.flags |= IPCP_HISADDR_SEEN;
2973 sp->ipcp.req_hisaddr = desiredaddr;
2974 hisaddr = desiredaddr;
2975 continue;
2976 }
2977 /*
2978 * The address wasn't agreeable. This is either
2979 * he sent us 0.0.0.0, asking to assign him an
2980 * address, or he send us another address not
2981 * matching our value. Either case, we gonna
2982 * conf-nak it with our value.
2983 */
2984 if (debug) {
2985 if (desiredaddr == 0)
2986 addlog(" [addr requested]");
2987 else
2988 addlog(" %s [not agreed]",
2989 sppp_dotted_quad(desiredaddr));
2990 }
2991
2992 p[2] = hisaddr >> 24;
2993 p[3] = hisaddr >> 16;
2994 p[4] = hisaddr >> 8;
2995 p[5] = hisaddr;
2996 break;
2997 }
2998 /* Add the option to nak'ed list. */
2999 bcopy (p, r, p[1]);
3000 r += p[1];
3001 rlen += p[1];
3002 }
3003
3004 /*
3005 * If we are about to conf-ack the request, but haven't seen
3006 * his address so far, gonna conf-nak it instead, with the
3007 * `address' option present and our idea of his address being
3008 * filled in there, to request negotiation of both addresses.
3009 *
3010 * XXX This can result in an endless req - nak loop if peer
3011 * doesn't want to send us his address. Q: What should we do
3012 * about it? XXX A: implement the max-failure counter.
3013 */
3014 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) {
3015 buf[0] = IPCP_OPT_ADDRESS;
3016 buf[1] = 6;
3017 buf[2] = hisaddr >> 24;
3018 buf[3] = hisaddr >> 16;
3019 buf[4] = hisaddr >> 8;
3020 buf[5] = hisaddr;
3021 rlen = 6;
3022 if (debug)
3023 addlog(" still need hisaddr");
3024 }
3025
3026 if (rlen) {
3027 if (debug)
3028 addlog(" send conf-nak\n");
3029 sppp_cp_send(sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf);
3030 } else {
3031 if (debug)
3032 addlog(" send conf-ack\n");
3033 sppp_cp_send(sp, PPP_IPCP, CONF_ACK, h->ident, origlen, h + 1);
3034 }
3035
3036 end:
3037 free(buf, M_TEMP);
3038 return (rlen == 0);
3039
3040 drop:
3041 free(buf, M_TEMP);
3042 return -1;
3043 }
3044
3045 /*
3046 * Analyze the IPCP Configure-Reject option list, and adjust our
3047 * negotiation.
3048 */
3049 static void
3050 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
3051 {
3052 u_char *buf, *p;
3053 struct ifnet *ifp = &sp->pp_if;
3054 int debug = ifp->if_flags & IFF_DEBUG;
3055
3056 len -= 4;
3057 buf = malloc (len, M_TEMP, M_NOWAIT);
3058 if (!buf)
3059 return;
3060
3061 if (debug)
3062 log(LOG_DEBUG, "%s: ipcp rej opts:",
3063 ifp->if_xname);
3064
3065 p = (void *)(h + 1);
3066 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
3067 /* Sanity check option length */
3068 if (p[1] > len) {
3069 /* XXX should we just RXJ? */
3070 addlog("%s: malicious IPCP option received, dropping\n",
3071 ifp->if_xname);
3072 goto drop;
3073 }
3074 if (debug)
3075 addlog(" %s", sppp_ipcp_opt_name(*p));
3076 switch (*p) {
3077 case IPCP_OPT_ADDRESS:
3078 /*
3079 * Peer doesn't grok address option. This is
3080 * bad. XXX Should we better give up here?
3081 */
3082 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS);
3083 break;
3084 #ifdef notyet
3085 case IPCP_OPT_COMPRESS:
3086 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS);
3087 break;
3088 #endif
3089 }
3090 }
3091 if (debug)
3092 addlog("\n");
3093 drop:
3094 free(buf, M_TEMP);
3095 return;
3096 }
3097
3098 /*
3099 * Analyze the IPCP Configure-NAK option list, and adjust our
3100 * negotiation.
3101 */
3102 static void
3103 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
3104 {
3105 u_char *p;
3106 struct ifnet *ifp = &sp->pp_if;
3107 int debug = ifp->if_flags & IFF_DEBUG;
3108 u_int32_t wantaddr;
3109
3110 len -= 4;
3111
3112 if (debug)
3113 log(LOG_DEBUG, "%s: ipcp nak opts:",
3114 ifp->if_xname);
3115
3116 p = (void *)(h + 1);
3117 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
3118 /* Sanity check option length */
3119 if (p[1] > len) {
3120 /* XXX should we just RXJ? */
3121 addlog("%s: malicious IPCP option received, dropping\n",
3122 ifp->if_xname);
3123 return;
3124 }
3125 if (debug)
3126 addlog(" %s", sppp_ipcp_opt_name(*p));
3127 switch (*p) {
3128 case IPCP_OPT_ADDRESS:
3129 /*
3130 * Peer doesn't like our local IP address. See
3131 * if we can do something for him. We'll drop
3132 * him our address then.
3133 */
3134 if (len >= 6 && p[1] == 6) {
3135 wantaddr = p[2] << 24 | p[3] << 16 |
3136 p[4] << 8 | p[5];
3137 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
3138 if (debug)
3139 addlog(" [wantaddr %s]",
3140 sppp_dotted_quad(wantaddr));
3141 /*
3142 * When doing dynamic address assignment,
3143 * we accept his offer. Otherwise, we
3144 * ignore it and thus continue to negotiate
3145 * our already existing value.
3146 */
3147 if (sp->ipcp.flags & IPCP_MYADDR_DYN) {
3148 if (debug)
3149 addlog(" [agree]");
3150 sp->ipcp.flags |= IPCP_MYADDR_SEEN;
3151 sp->ipcp.req_myaddr = wantaddr;
3152 }
3153 }
3154 break;
3155
3156 case IPCP_OPT_PRIMDNS:
3157 if (len >= 6 && p[1] == 6) {
3158 sp->dns_addrs[0] = p[2] << 24 | p[3] << 16 |
3159 p[4] << 8 | p[5];
3160 }
3161 break;
3162
3163 case IPCP_OPT_SECDNS:
3164 if (len >= 6 && p[1] == 6) {
3165 sp->dns_addrs[1] = p[2] << 24 | p[3] << 16 |
3166 p[4] << 8 | p[5];
3167 }
3168 break;
3169 #ifdef notyet
3170 case IPCP_OPT_COMPRESS:
3171 /*
3172 * Peer wants different compression parameters.
3173 */
3174 break;
3175 #endif
3176 }
3177 }
3178 if (debug)
3179 addlog("\n");
3180 }
3181
3182 static void
3183 sppp_ipcp_tlu(struct sppp *sp)
3184 {
3185 #ifdef INET
3186 /* we are up. Set addresses and notify anyone interested */
3187 STDDCL;
3188 u_int32_t myaddr, hisaddr;
3189
3190 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0);
3191 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && (sp->ipcp.flags & IPCP_MYADDR_SEEN))
3192 myaddr = sp->ipcp.req_myaddr;
3193 if ((sp->ipcp.flags & IPCP_HISADDR_DYN) && (sp->ipcp.flags & IPCP_HISADDR_SEEN))
3194 hisaddr = sp->ipcp.req_hisaddr;
3195 sppp_set_ip_addrs(sp, myaddr, hisaddr);
3196
3197 if (ifp->if_mtu > sp->lcp.their_mru) {
3198 sp->pp_saved_mtu = ifp->if_mtu;
3199 ifp->if_mtu = sp->lcp.their_mru;
3200 if (debug)
3201 log(LOG_DEBUG,
3202 "%s: setting MTU to %" PRIu64 " bytes\n",
3203 ifp->if_xname, ifp->if_mtu);
3204 }
3205
3206 if (sp->pp_con)
3207 sp->pp_con(sp);
3208 #endif
3209 }
3210
3211 static void
3212 sppp_ipcp_tld(struct sppp *sp)
3213 {
3214 }
3215
3216 static void
3217 sppp_ipcp_tls(struct sppp *sp)
3218 {
3219 /* indicate to LCP that it must stay alive */
3220 sp->lcp.protos |= (1 << IDX_IPCP);
3221 }
3222
3223 static void
3224 sppp_ipcp_tlf(struct sppp *sp)
3225 {
3226 /* we no longer need LCP */
3227 sp->lcp.protos &= ~(1 << IDX_IPCP);
3228 }
3229
3230 static void
3231 sppp_ipcp_scr(struct sppp *sp)
3232 {
3233 char opt[6 /* compression */ + 6 /* address */ + 12 /* dns addresses */];
3234 #ifdef INET
3235 u_int32_t ouraddr;
3236 #endif
3237 int i = 0;
3238
3239 #ifdef notyet
3240 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) {
3241 opt[i++] = IPCP_OPT_COMPRESSION;
3242 opt[i++] = 6;
3243 opt[i++] = 0; /* VJ header compression */
3244 opt[i++] = 0x2d; /* VJ header compression */
3245 opt[i++] = max_slot_id;
3246 opt[i++] = comp_slot_id;
3247 }
3248 #endif
3249
3250 #ifdef INET
3251 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) {
3252 if (sp->ipcp.flags & IPCP_MYADDR_SEEN)
3253 ouraddr = sp->ipcp.req_myaddr; /* not sure if this can ever happen */
3254 else
3255 sppp_get_ip_addrs(sp, &ouraddr, 0, 0);
3256 opt[i++] = IPCP_OPT_ADDRESS;
3257 opt[i++] = 6;
3258 opt[i++] = ouraddr >> 24;
3259 opt[i++] = ouraddr >> 16;
3260 opt[i++] = ouraddr >> 8;
3261 opt[i++] = ouraddr;
3262 }
3263 #endif
3264
3265 if (sp->query_dns & 1) {
3266 opt[i++] = IPCP_OPT_PRIMDNS;
3267 opt[i++] = 6;
3268 opt[i++] = sp->dns_addrs[0] >> 24;
3269 opt[i++] = sp->dns_addrs[0] >> 16;
3270 opt[i++] = sp->dns_addrs[0] >> 8;
3271 opt[i++] = sp->dns_addrs[0];
3272 }
3273 if (sp->query_dns & 2) {
3274 opt[i++] = IPCP_OPT_SECDNS;
3275 opt[i++] = 6;
3276 opt[i++] = sp->dns_addrs[1] >> 24;
3277 opt[i++] = sp->dns_addrs[1] >> 16;
3278 opt[i++] = sp->dns_addrs[1] >> 8;
3279 opt[i++] = sp->dns_addrs[1];
3280 }
3281
3282 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP];
3283 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt);
3284 }
3285
3286
3287 /*
3288 *--------------------------------------------------------------------------*
3289 * *
3290 * The IPv6CP implementation. *
3291 * *
3292 *--------------------------------------------------------------------------*
3293 */
3294
3295 #ifdef INET6
3296 static void
3297 sppp_ipv6cp_init(struct sppp *sp)
3298 {
3299 sp->ipv6cp.opts = 0;
3300 sp->ipv6cp.flags = 0;
3301 sp->state[IDX_IPV6CP] = STATE_INITIAL;
3302 sp->fail_counter[IDX_IPV6CP] = 0;
3303 sp->pp_seq[IDX_IPV6CP] = 0;
3304 sp->pp_rseq[IDX_IPV6CP] = 0;
3305 callout_init(&sp->ch[IDX_IPV6CP]);
3306 }
3307
3308 static void
3309 sppp_ipv6cp_up(struct sppp *sp)
3310 {
3311 sppp_up_event(&ipv6cp, sp);
3312 }
3313
3314 static void
3315 sppp_ipv6cp_down(struct sppp *sp)
3316 {
3317 sppp_down_event(&ipv6cp, sp);
3318 }
3319
3320 static void
3321 sppp_ipv6cp_open(struct sppp *sp)
3322 {
3323 STDDCL;
3324 struct in6_addr myaddr, hisaddr;
3325
3326 #ifdef IPV6CP_MYIFID_DYN
3327 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN);
3328 #else
3329 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN;
3330 #endif
3331
3332 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0);
3333 /*
3334 * If we don't have our address, this probably means our
3335 * interface doesn't want to talk IPv6 at all. (This could
3336 * be the case if somebody wants to speak only IPX, for
3337 * example.) Don't open IPv6CP in this case.
3338 */
3339 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) {
3340 /* XXX this message should go away */
3341 if (debug)
3342 log(LOG_DEBUG, "%s: ipv6cp_open(): no IPv6 interface\n",
3343 ifp->if_xname);
3344 return;
3345 }
3346
3347 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN;
3348 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID);
3349 sppp_open_event(&ipv6cp, sp);
3350 }
3351
3352 static void
3353 sppp_ipv6cp_close(struct sppp *sp)
3354 {
3355 sppp_close_event(&ipv6cp, sp);
3356 }
3357
3358 static void
3359 sppp_ipv6cp_TO(void *cookie)
3360 {
3361 sppp_to_event(&ipv6cp, (struct sppp *)cookie);
3362 }
3363
3364 /*
3365 * Analyze a configure request. Return true if it was agreeable, and
3366 * caused action sca, false if it has been rejected or nak'ed, and
3367 * caused action scn. (The return value is used to make the state
3368 * transition decision in the state automaton.)
3369 */
3370 static int
3371 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len)
3372 {
3373 u_char *buf, *r, *p;
3374 struct ifnet *ifp = &sp->pp_if;
3375 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG;
3376 struct in6_addr myaddr, desiredaddr, suggestaddr;
3377 int ifidcount;
3378 int type;
3379 int collision, nohisaddr;
3380
3381 len -= 4;
3382 origlen = len;
3383 /*
3384 * Make sure to allocate a buf that can at least hold a
3385 * conf-nak with an `address' option. We might need it below.
3386 */
3387 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT);
3388 if (! buf)
3389 return (0);
3390
3391 /* pass 1: see if we can recognize them */
3392 if (debug)
3393 log(LOG_DEBUG, "%s: ipv6cp parse opts:",
3394 ifp->if_xname);
3395 p = (void *)(h + 1);
3396 ifidcount = 0;
3397 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
3398 /* Sanity check option length */
3399 if (p[1] > len) {
3400 /* XXX just RXJ? */
3401 addlog("%s: received malicious IPCPv6 option, "
3402 "dropping\n", ifp->if_xname);
3403 goto drop;
3404 }
3405 if (debug)
3406 addlog(" %s", sppp_ipv6cp_opt_name(*p));
3407 switch (*p) {
3408 case IPV6CP_OPT_IFID:
3409 if (len >= 10 && p[1] == 10 && ifidcount == 0) {
3410 /* correctly formed address option */
3411 ifidcount++;
3412 continue;
3413 }
3414 if (debug)
3415 addlog(" [invalid]");
3416 break;
3417 #ifdef notyet
3418 case IPV6CP_OPT_COMPRESSION:
3419 if (len >= 4 && p[1] >= 4) {
3420 /* correctly formed compress option */
3421 continue;
3422 }
3423 if (debug)
3424 addlog(" [invalid]");
3425 break;
3426 #endif
3427 default:
3428 /* Others not supported. */
3429 if (debug)
3430 addlog(" [rej]");
3431 break;
3432 }
3433 /* Add the option to rejected list. */
3434 bcopy (p, r, p[1]);
3435 r += p[1];
3436 rlen += p[1];
3437 }
3438 if (rlen) {
3439 if (debug)
3440 addlog(" send conf-rej\n");
3441 sppp_cp_send(sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf);
3442 goto end;
3443 } else if (debug)
3444 addlog("\n");
3445
3446 /* pass 2: parse option values */
3447 sppp_get_ip6_addrs(sp, &myaddr, 0, 0);
3448 if (debug)
3449 log(LOG_DEBUG, "%s: ipv6cp parse opt values: ",
3450 ifp->if_xname);
3451 p = (void *)(h + 1);
3452 len = origlen;
3453 type = CONF_ACK;
3454 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
3455 if (debug)
3456 addlog(" %s", sppp_ipv6cp_opt_name(*p));
3457 switch (*p) {
3458 #ifdef notyet
3459 case IPV6CP_OPT_COMPRESSION:
3460 continue;
3461 #endif
3462 case IPV6CP_OPT_IFID:
3463 memset(&desiredaddr, 0, sizeof(desiredaddr));
3464 bcopy(&p[2], &desiredaddr.s6_addr[8], 8);
3465 collision = (memcmp(&desiredaddr.s6_addr[8],
3466 &myaddr.s6_addr[8], 8) == 0);
3467 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr);
3468
3469 desiredaddr.s6_addr16[0] = htons(0xfe80);
3470 desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index);
3471
3472 if (!collision && !nohisaddr) {
3473 /* no collision, hisaddr known - Conf-Ack */
3474 type = CONF_ACK;
3475
3476 if (debug) {
3477 addlog(" %s [%s]",
3478 ip6_sprintf(&desiredaddr),
3479 sppp_cp_type_name(type));
3480 }
3481 continue;
3482 }
3483
3484 memset(&suggestaddr, 0, sizeof(&suggestaddr));
3485 if (collision && nohisaddr) {
3486 /* collision, hisaddr unknown - Conf-Rej */
3487 type = CONF_REJ;
3488 memset(&p[2], 0, 8);
3489 } else {
3490 /*
3491 * - no collision, hisaddr unknown, or
3492 * - collision, hisaddr known
3493 * Conf-Nak, suggest hisaddr
3494 */
3495 type = CONF_NAK;
3496 sppp_suggest_ip6_addr(sp, &suggestaddr);
3497 bcopy(&suggestaddr.s6_addr[8], &p[2], 8);
3498 }
3499 if (debug)
3500 addlog(" %s [%s]", ip6_sprintf(&desiredaddr),
3501 sppp_cp_type_name(type));
3502 break;
3503 }
3504 /* Add the option to nak'ed list. */
3505 bcopy (p, r, p[1]);
3506 r += p[1];
3507 rlen += p[1];
3508 }
3509
3510 if (rlen == 0 && type == CONF_ACK) {
3511 if (debug)
3512 addlog(" send %s\n", sppp_cp_type_name(type));
3513 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, origlen, h + 1);
3514 } else {
3515 #ifdef notdef
3516 if (type == CONF_ACK)
3517 panic("IPv6CP RCR: CONF_ACK with non-zero rlen");
3518 #endif
3519
3520 if (debug) {
3521 addlog(" send %s suggest %s\n",
3522 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr));
3523 }
3524 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, rlen, buf);
3525 }
3526
3527 end:
3528 free(buf, M_TEMP);
3529 return (rlen == 0);
3530
3531 drop:
3532 free(buf, M_TEMP);
3533 return -1;
3534 }
3535
3536 /*
3537 * Analyze the IPv6CP Configure-Reject option list, and adjust our
3538 * negotiation.
3539 */
3540 static void
3541 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
3542 {
3543 u_char *buf, *p;
3544 struct ifnet *ifp = &sp->pp_if;
3545 int debug = ifp->if_flags & IFF_DEBUG;
3546
3547 len -= 4;
3548 buf = malloc (len, M_TEMP, M_NOWAIT);
3549 if (!buf)
3550 return;
3551
3552 if (debug)
3553 log(LOG_DEBUG, "%s: ipv6cp rej opts:",
3554 ifp->if_xname);
3555
3556 p = (void *)(h + 1);
3557 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
3558 if (p[1] > len) {
3559 /* XXX just RXJ? */
3560 addlog("%s: received malicious IPCPv6 option, "
3561 "dropping\n", ifp->if_xname);
3562 goto drop;
3563 }
3564 if (debug)
3565 addlog(" %s", sppp_ipv6cp_opt_name(*p));
3566 switch (*p) {
3567 case IPV6CP_OPT_IFID:
3568 /*
3569 * Peer doesn't grok address option. This is
3570 * bad. XXX Should we better give up here?
3571 */
3572 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID);
3573 break;
3574 #ifdef notyet
3575 case IPV6CP_OPT_COMPRESS:
3576 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS);
3577 break;
3578 #endif
3579 }
3580 }
3581 if (debug)
3582 addlog("\n");
3583 drop:
3584 free(buf, M_TEMP);
3585 return;
3586 }
3587
3588 /*
3589 * Analyze the IPv6CP Configure-NAK option list, and adjust our
3590 * negotiation.
3591 */
3592 static void
3593 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
3594 {
3595 u_char *buf, *p;
3596 struct ifnet *ifp = &sp->pp_if;
3597 int debug = ifp->if_flags & IFF_DEBUG;
3598 struct in6_addr suggestaddr;
3599
3600 len -= 4;
3601 buf = malloc (len, M_TEMP, M_NOWAIT);
3602 if (!buf)
3603 return;
3604
3605 if (debug)
3606 log(LOG_DEBUG, "%s: ipv6cp nak opts:",
3607 ifp->if_xname);
3608
3609 p = (void *)(h + 1);
3610 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
3611 if (p[1] > len) {
3612 /* XXX just RXJ? */
3613 addlog("%s: received malicious IPCPv6 option, "
3614 "dropping\n", ifp->if_xname);
3615 goto drop;
3616 }
3617 if (debug)
3618 addlog(" %s", sppp_ipv6cp_opt_name(*p));
3619 switch (*p) {
3620 case IPV6CP_OPT_IFID:
3621 /*
3622 * Peer doesn't like our local ifid. See
3623 * if we can do something for him. We'll drop
3624 * him our address then.
3625 */
3626 if (len < 10 || p[1] != 10)
3627 break;
3628 memset(&suggestaddr, 0, sizeof(suggestaddr));
3629 suggestaddr.s6_addr16[0] = htons(0xfe80);
3630 suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index);
3631 bcopy(&p[2], &suggestaddr.s6_addr[8], 8);
3632
3633 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID);
3634 if (debug)
3635 addlog(" [suggestaddr %s]",
3636 ip6_sprintf(&suggestaddr));
3637 #ifdef IPV6CP_MYIFID_DYN
3638 /*
3639 * When doing dynamic address assignment,
3640 * we accept his offer.
3641 */
3642 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) {
3643 struct in6_addr lastsuggest;
3644 /*
3645 * If <suggested myaddr from peer> equals to
3646 * <hisaddr we have suggested last time>,
3647 * we have a collision. generate new random
3648 * ifid.
3649 */
3650 sppp_suggest_ip6_addr(&lastsuggest);
3651 if (IN6_ARE_ADDR_EQUAL(&suggestaddr,
3652 lastsuggest)) {
3653 if (debug)
3654 addlog(" [random]");
3655 sppp_gen_ip6_addr(sp, &suggestaddr);
3656 }
3657 sppp_set_ip6_addr(sp, &suggestaddr, 0);
3658 if (debug)
3659 addlog(" [agree]");
3660 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN;
3661 }
3662 #else
3663 /*
3664 * Since we do not do dynamic address assignment,
3665 * we ignore it and thus continue to negotiate
3666 * our already existing value. This can possibly
3667 * go into infinite request-reject loop.
3668 *
3669 * This is not likely because we normally use
3670 * ifid based on MAC-address.
3671 * If you have no ethernet card on the node, too bad.
3672 * XXX should we use fail_counter?
3673 */
3674 #endif
3675 break;
3676 #ifdef notyet
3677 case IPV6CP_OPT_COMPRESS:
3678 /*
3679 * Peer wants different compression parameters.
3680 */
3681 break;
3682 #endif
3683 }
3684 }
3685 if (debug)
3686 addlog("\n");
3687 drop:
3688 free(buf, M_TEMP);
3689 return;
3690 }
3691
3692 static void
3693 sppp_ipv6cp_tlu(struct sppp *sp)
3694 {
3695 /* we are up - notify isdn daemon */
3696 if (sp->pp_con)
3697 sp->pp_con(sp);
3698 }
3699
3700 static void
3701 sppp_ipv6cp_tld(struct sppp *sp)
3702 {
3703 }
3704
3705 static void
3706 sppp_ipv6cp_tls(struct sppp *sp)
3707 {
3708 /* indicate to LCP that it must stay alive */
3709 sp->lcp.protos |= (1 << IDX_IPV6CP);
3710 }
3711
3712 static void
3713 sppp_ipv6cp_tlf(struct sppp *sp)
3714 {
3715 /* we no longer need LCP */
3716 sp->lcp.protos &= ~(1 << IDX_IPV6CP);
3717 }
3718
3719 static void
3720 sppp_ipv6cp_scr(struct sppp *sp)
3721 {
3722 char opt[10 /* ifid */ + 4 /* compression, minimum */];
3723 struct in6_addr ouraddr;
3724 int i = 0;
3725
3726 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) {
3727 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0);
3728 opt[i++] = IPV6CP_OPT_IFID;
3729 opt[i++] = 10;
3730 bcopy(&ouraddr.s6_addr[8], &opt[i], 8);
3731 i += 8;
3732 }
3733
3734 #ifdef notyet
3735 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) {
3736 opt[i++] = IPV6CP_OPT_COMPRESSION;
3737 opt[i++] = 4;
3738 opt[i++] = 0; /* TBD */
3739 opt[i++] = 0; /* TBD */
3740 /* variable length data may follow */
3741 }
3742 #endif
3743
3744 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP];
3745 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt);
3746 }
3747 #else /*INET6*/
3748 static void sppp_ipv6cp_init(struct sppp *sp)
3749 {
3750 }
3751
3752 static void sppp_ipv6cp_up(struct sppp *sp)
3753 {
3754 }
3755
3756 static void sppp_ipv6cp_down(struct sppp *sp)
3757 {
3758 }
3759
3760
3761 static void sppp_ipv6cp_open(struct sppp *sp)
3762 {
3763 }
3764
3765 static void sppp_ipv6cp_close(struct sppp *sp)
3766 {
3767 }
3768
3769 static void sppp_ipv6cp_TO(void *sp)
3770 {
3771 }
3772
3773 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len)
3774 {
3775 return 0;
3776 }
3777
3778 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
3779 {
3780 }
3781
3782 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
3783 {
3784 }
3785
3786 static void sppp_ipv6cp_tlu(struct sppp *sp)
3787 {
3788 }
3789
3790 static void sppp_ipv6cp_tld(struct sppp *sp)
3791 {
3792 }
3793
3794 static void sppp_ipv6cp_tls(struct sppp *sp)
3795 {
3796 }
3797
3798 static void sppp_ipv6cp_tlf(struct sppp *sp)
3799 {
3800 }
3801
3802 static void sppp_ipv6cp_scr(struct sppp *sp)
3803 {
3804 }
3805 #endif /*INET6*/
3806
3807
3808 /*
3809 *--------------------------------------------------------------------------*
3810 * *
3811 * The CHAP implementation. *
3812 * *
3813 *--------------------------------------------------------------------------*
3814 */
3815
3816 /*
3817 * The authentication protocols don't employ a full-fledged state machine as
3818 * the control protocols do, since they do have Open and Close events, but
3819 * not Up and Down, nor are they explicitly terminated. Also, use of the
3820 * authentication protocols may be different in both directions (this makes
3821 * sense, think of a machine that never accepts incoming calls but only
3822 * calls out, it doesn't require the called party to authenticate itself).
3823 *
3824 * Our state machine for the local authentication protocol (we are requesting
3825 * the peer to authenticate) looks like:
3826 *
3827 * RCA-
3828 * +--------------------------------------------+
3829 * V scn,tld|
3830 * +--------+ Close +---------+ RCA+
3831 * | |<----------------------------------| |------+
3832 * +--->| Closed | TO* | Opened | sca |
3833 * | | |-----+ +-------| |<-----+
3834 * | +--------+ irc | | +---------+
3835 * | ^ | | ^
3836 * | | | | |
3837 * | | | | |
3838 * | TO-| | | |
3839 * | |tld TO+ V | |
3840 * | | +------->+ | |
3841 * | | | | | |
3842 * | +--------+ V | |
3843 * | | |<----+<--------------------+ |
3844 * | | Req- | scr |
3845 * | | Sent | |
3846 * | | | |
3847 * | +--------+ |
3848 * | RCA- | | RCA+ |
3849 * +------+ +------------------------------------------+
3850 * scn,tld sca,irc,ict,tlu
3851 *
3852 *
3853 * with:
3854 *
3855 * Open: LCP reached authentication phase
3856 * Close: LCP reached terminate phase
3857 *
3858 * RCA+: received reply (pap-req, chap-response), acceptable
3859 * RCN: received reply (pap-req, chap-response), not acceptable
3860 * TO+: timeout with restart counter >= 0
3861 * TO-: timeout with restart counter < 0
3862 * TO*: reschedule timeout for CHAP
3863 *
3864 * scr: send request packet (none for PAP, chap-challenge)
3865 * sca: send ack packet (pap-ack, chap-success)
3866 * scn: send nak packet (pap-nak, chap-failure)
3867 * ict: initialize re-challenge timer (CHAP only)
3868 *
3869 * tlu: this-layer-up, LCP reaches network phase
3870 * tld: this-layer-down, LCP enters terminate phase
3871 *
3872 * Note that in CHAP mode, after sending a new challenge, while the state
3873 * automaton falls back into Req-Sent state, it doesn't signal a tld
3874 * event to LCP, so LCP remains in network phase. Only after not getting
3875 * any response (or after getting an unacceptable response), CHAP closes,
3876 * causing LCP to enter terminate phase.
3877 *
3878 * With PAP, there is no initial request that can be sent. The peer is
3879 * expected to send one based on the successful negotiation of PAP as
3880 * the authentication protocol during the LCP option negotiation.
3881 *
3882 * Incoming authentication protocol requests (remote requests
3883 * authentication, we are peer) don't employ a state machine at all,
3884 * they are simply answered. Some peers [Ascend P50 firmware rev
3885 * 4.50] react allergically when sending IPCP/IPv6CP requests while they are
3886 * still in authentication phase (thereby violating the standard that
3887 * demands that these NCP packets are to be discarded), so we keep
3888 * track of the peer demanding us to authenticate, and only proceed to
3889 * phase network once we've seen a positive acknowledge for the
3890 * authentication.
3891 */
3892
3893 /*
3894 * Handle incoming CHAP packets.
3895 */
3896 void
3897 sppp_chap_input(struct sppp *sp, struct mbuf *m)
3898 {
3899 STDDCL;
3900 struct lcp_header *h;
3901 int len, x;
3902 u_char *value, *name, digest[sizeof(sp->myauth.challenge)], dsize;
3903 int value_len, name_len;
3904 MD5_CTX ctx;
3905
3906 len = m->m_pkthdr.len;
3907 if (len < 4) {
3908 if (debug)
3909 log(LOG_DEBUG,
3910 "%s: chap invalid packet length: %d bytes\n",
3911 ifp->if_xname, len);
3912 return;
3913 }
3914 h = mtod(m, struct lcp_header *);
3915 if (len > ntohs(h->len))
3916 len = ntohs(h->len);
3917
3918 switch (h->type) {
3919 /* challenge, failure and success are his authproto */
3920 case CHAP_CHALLENGE:
3921 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) {
3922 /* can't do anything usefull */
3923 sp->pp_auth_failures++;
3924 printf("%s: chap input without my name and my secret being set\n",
3925 ifp->if_xname);
3926 break;
3927 }
3928 value = 1 + (u_char *)(h + 1);
3929 value_len = value[-1];
3930 name = value + value_len;
3931 name_len = len - value_len - 5;
3932 if (name_len < 0) {
3933 if (debug) {
3934 log(LOG_DEBUG,
3935 "%s: chap corrupted challenge "
3936 "<%s id=0x%x len=%d",
3937 ifp->if_xname,
3938 sppp_auth_type_name(PPP_CHAP, h->type),
3939 h->ident, ntohs(h->len));
3940 if (len > 4)
3941 sppp_print_bytes((u_char *)(h + 1),
3942 len - 4);
3943 addlog(">\n");
3944 }
3945 break;
3946 }
3947
3948 if (debug) {
3949 log(LOG_DEBUG,
3950 "%s: chap input <%s id=0x%x len=%d name=",
3951 ifp->if_xname,
3952 sppp_auth_type_name(PPP_CHAP, h->type), h->ident,
3953 ntohs(h->len));
3954 sppp_print_string((char *) name, name_len);
3955 addlog(" value-size=%d value=", value_len);
3956 sppp_print_bytes(value, value_len);
3957 addlog(">\n");
3958 }
3959
3960 /* Compute reply value. */
3961 MD5Init(&ctx);
3962 MD5Update(&ctx, &h->ident, 1);
3963 MD5Update(&ctx, sp->myauth.secret, sp->myauth.secret_len);
3964 MD5Update(&ctx, value, value_len);
3965 MD5Final(digest, &ctx);
3966 dsize = sizeof digest;
3967
3968 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident,
3969 sizeof dsize, (const char *)&dsize,
3970 sizeof digest, digest,
3971 sp->myauth.name_len,
3972 sp->myauth.name,
3973 0);
3974 break;
3975
3976 case CHAP_SUCCESS:
3977 if (debug) {
3978 log(LOG_DEBUG, "%s: chap success",
3979 ifp->if_xname);
3980 if (len > 4) {
3981 addlog(": ");
3982 sppp_print_string((char *)(h + 1), len - 4);
3983 }
3984 addlog("\n");
3985 }
3986 x = splnet();
3987 sp->pp_auth_failures = 0;
3988 sp->pp_flags &= ~PP_NEEDAUTH;
3989 if (sp->myauth.proto == PPP_CHAP &&
3990 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) &&
3991 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) {
3992 /*
3993 * We are authenticator for CHAP but didn't
3994 * complete yet. Leave it to tlu to proceed
3995 * to network phase.
3996 */
3997 splx(x);
3998 break;
3999 }
4000 splx(x);
4001 sppp_phase_network(sp);
4002 break;
4003
4004 case CHAP_FAILURE:
4005 x = splnet();
4006 sp->pp_auth_failures++;
4007 splx(x);
4008 if (debug) {
4009 log(LOG_INFO, "%s: chap failure",
4010 ifp->if_xname);
4011 if (len > 4) {
4012 addlog(": ");
4013 sppp_print_string((char *)(h + 1), len - 4);
4014 }
4015 addlog("\n");
4016 } else
4017 log(LOG_INFO, "%s: chap failure\n",
4018 ifp->if_xname);
4019 /* await LCP shutdown by authenticator */
4020 break;
4021
4022 /* response is my authproto */
4023 case CHAP_RESPONSE:
4024 if (sp->hisauth.secret == NULL) {
4025 /* can't do anything usefull */
4026 printf("%s: chap input without his secret being set\n",
4027 ifp->if_xname);
4028 break;
4029 }
4030 value = 1 + (u_char *)(h + 1);
4031 value_len = value[-1];
4032 name = value + value_len;
4033 name_len = len - value_len - 5;
4034 if (name_len < 0) {
4035 if (debug) {
4036 log(LOG_DEBUG,
4037 "%s: chap corrupted response "
4038 "<%s id=0x%x len=%d",
4039 ifp->if_xname,
4040 sppp_auth_type_name(PPP_CHAP, h->type),
4041 h->ident, ntohs(h->len));
4042 if (len > 4)
4043 sppp_print_bytes((u_char *)(h + 1),
4044 len - 4);
4045 addlog(">\n");
4046 }
4047 break;
4048 }
4049 if (h->ident != sp->confid[IDX_CHAP]) {
4050 if (debug)
4051 log(LOG_DEBUG,
4052 "%s: chap dropping response for old ID "
4053 "(got %d, expected %d)\n",
4054 ifp->if_xname,
4055 h->ident, sp->confid[IDX_CHAP]);
4056 break;
4057 }
4058 if (sp->hisauth.name != NULL &&
4059 (name_len != sp->hisauth.name_len
4060 || memcmp(name, sp->hisauth.name, name_len) != 0)) {
4061 log(LOG_INFO, "%s: chap response, his name ",
4062 ifp->if_xname);
4063 sppp_print_string(name, name_len);
4064 addlog(" != expected ");
4065 sppp_print_string(sp->hisauth.name,
4066 sp->hisauth.name_len);
4067 addlog("\n");
4068 goto chap_failure;
4069 }
4070 if (debug) {
4071 log(LOG_DEBUG, "%s: chap input(%s) "
4072 "<%s id=0x%x len=%d name=",
4073 ifp->if_xname,
4074 sppp_state_name(sp->state[IDX_CHAP]),
4075 sppp_auth_type_name(PPP_CHAP, h->type),
4076 h->ident, ntohs(h->len));
4077 sppp_print_string((char *)name, name_len);
4078 addlog(" value-size=%d value=", value_len);
4079 sppp_print_bytes(value, value_len);
4080 addlog(">\n");
4081 }
4082 if (value_len != sizeof(sp->myauth.challenge)) {
4083 if (debug)
4084 log(LOG_DEBUG,
4085 "%s: chap bad hash value length: "
4086 "%d bytes, should be %ld\n",
4087 ifp->if_xname, value_len,
4088 (long) sizeof(sp->myauth.challenge));
4089 goto chap_failure;
4090 }
4091
4092 MD5Init(&ctx);
4093 MD5Update(&ctx, &h->ident, 1);
4094 MD5Update(&ctx, sp->hisauth.secret, sp->hisauth.secret_len);
4095 MD5Update(&ctx, sp->myauth.challenge, sizeof(sp->myauth.challenge));
4096 MD5Final(digest, &ctx);
4097
4098 #define FAILMSG "Failed..."
4099 #define SUCCMSG "Welcome!"
4100
4101 if (value_len != sizeof digest ||
4102 memcmp(digest, value, value_len) != 0) {
4103 chap_failure:
4104 /* action scn, tld */
4105 x = splnet();
4106 sp->pp_auth_failures++;
4107 splx(x);
4108 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident,
4109 sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
4110 0);
4111 chap.tld(sp);
4112 break;
4113 }
4114 sp->pp_auth_failures = 0;
4115 /* action sca, perhaps tlu */
4116 if (sp->state[IDX_CHAP] == STATE_REQ_SENT ||
4117 sp->state[IDX_CHAP] == STATE_OPENED)
4118 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident,
4119 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
4120 0);
4121 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) {
4122 sppp_cp_change_state(&chap, sp, STATE_OPENED);
4123 chap.tlu(sp);
4124 }
4125 break;
4126
4127 default:
4128 /* Unknown CHAP packet type -- ignore. */
4129 if (debug) {
4130 log(LOG_DEBUG, "%s: chap unknown input(%s) "
4131 "<0x%x id=0x%xh len=%d",
4132 ifp->if_xname,
4133 sppp_state_name(sp->state[IDX_CHAP]),
4134 h->type, h->ident, ntohs(h->len));
4135 if (len > 4)
4136 sppp_print_bytes((u_char *)(h + 1), len - 4);
4137 addlog(">\n");
4138 }
4139 break;
4140
4141 }
4142 }
4143
4144 static void
4145 sppp_chap_init(struct sppp *sp)
4146 {
4147 /* Chap doesn't have STATE_INITIAL at all. */
4148 sp->state[IDX_CHAP] = STATE_CLOSED;
4149 sp->fail_counter[IDX_CHAP] = 0;
4150 sp->pp_seq[IDX_CHAP] = 0;
4151 sp->pp_rseq[IDX_CHAP] = 0;
4152 callout_init(&sp->ch[IDX_CHAP]);
4153 }
4154
4155 static void
4156 sppp_chap_open(struct sppp *sp)
4157 {
4158 if (sp->myauth.proto == PPP_CHAP &&
4159 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
4160 /* we are authenticator for CHAP, start it */
4161 chap.scr(sp);
4162 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
4163 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
4164 }
4165 /* nothing to be done if we are peer, await a challenge */
4166 }
4167
4168 static void
4169 sppp_chap_close(struct sppp *sp)
4170 {
4171 if (sp->state[IDX_CHAP] != STATE_CLOSED)
4172 sppp_cp_change_state(&chap, sp, STATE_CLOSED);
4173 }
4174
4175 static void
4176 sppp_chap_TO(void *cookie)
4177 {
4178 struct sppp *sp = (struct sppp *)cookie;
4179 STDDCL;
4180 int s;
4181
4182 s = splnet();
4183 if (debug)
4184 log(LOG_DEBUG, "%s: chap TO(%s) rst_counter = %d\n",
4185 ifp->if_xname,
4186 sppp_state_name(sp->state[IDX_CHAP]),
4187 sp->rst_counter[IDX_CHAP]);
4188
4189 if (--sp->rst_counter[IDX_CHAP] < 0)
4190 /* TO- event */
4191 switch (sp->state[IDX_CHAP]) {
4192 case STATE_REQ_SENT:
4193 chap.tld(sp);
4194 sppp_cp_change_state(&chap, sp, STATE_CLOSED);
4195 break;
4196 }
4197 else
4198 /* TO+ (or TO*) event */
4199 switch (sp->state[IDX_CHAP]) {
4200 case STATE_OPENED:
4201 /* TO* event */
4202 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
4203 /* fall through */
4204 case STATE_REQ_SENT:
4205 chap.scr(sp);
4206 /* sppp_cp_change_state() will restart the timer */
4207 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
4208 break;
4209 }
4210
4211 splx(s);
4212 }
4213
4214 static void
4215 sppp_chap_tlu(struct sppp *sp)
4216 {
4217 STDDCL;
4218 int i, x;
4219
4220 i = 0;
4221 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
4222
4223 /*
4224 * Some broken CHAP implementations (Conware CoNet, firmware
4225 * 4.0.?) don't want to re-authenticate their CHAP once the
4226 * initial challenge-response exchange has taken place.
4227 * Provide for an option to avoid rechallenges.
4228 */
4229 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) {
4230 /*
4231 * Compute the re-challenge timeout. This will yield
4232 * a number between 300 and 810 seconds.
4233 */
4234 i = 300 + ((unsigned)(arc4random() & 0xff00) >> 7);
4235
4236 callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, sp);
4237 }
4238
4239 if (debug) {
4240 log(LOG_DEBUG,
4241 "%s: chap %s, ",
4242 ifp->if_xname,
4243 sp->pp_phase == SPPP_PHASE_NETWORK? "reconfirmed": "tlu");
4244 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0)
4245 addlog("next re-challenge in %d seconds\n", i);
4246 else
4247 addlog("re-challenging supressed\n");
4248 }
4249
4250 x = splnet();
4251 sp->pp_auth_failures = 0;
4252 /* indicate to LCP that we need to be closed down */
4253 sp->lcp.protos |= (1 << IDX_CHAP);
4254
4255 if (sp->pp_flags & PP_NEEDAUTH) {
4256 /*
4257 * Remote is authenticator, but his auth proto didn't
4258 * complete yet. Defer the transition to network
4259 * phase.
4260 */
4261 splx(x);
4262 return;
4263 }
4264 splx(x);
4265
4266 /*
4267 * If we are already in phase network, we are done here. This
4268 * is the case if this is a dummy tlu event after a re-challenge.
4269 */
4270 if (sp->pp_phase != SPPP_PHASE_NETWORK)
4271 sppp_phase_network(sp);
4272 }
4273
4274 static void
4275 sppp_chap_tld(struct sppp *sp)
4276 {
4277 STDDCL;
4278
4279 if (debug)
4280 log(LOG_DEBUG, "%s: chap tld\n", ifp->if_xname);
4281 callout_stop(&sp->ch[IDX_CHAP]);
4282 sp->lcp.protos &= ~(1 << IDX_CHAP);
4283
4284 lcp.Close(sp);
4285 }
4286
4287 static void
4288 sppp_chap_scr(struct sppp *sp)
4289 {
4290 u_int32_t *ch;
4291 u_char clen;
4292
4293 if (sp->myauth.name == NULL) {
4294 /* can't do anything usefull */
4295 printf("%s: chap starting without my name being set\n",
4296 sp->pp_if.if_xname);
4297 return;
4298 }
4299
4300 /* Compute random challenge. */
4301 ch = (u_int32_t *)sp->myauth.challenge;
4302 ch[0] = arc4random();
4303 ch[1] = arc4random();
4304 ch[2] = arc4random();
4305 ch[3] = arc4random();
4306 clen = 16; /* 4 * sizeof(u_int32_t) */
4307
4308 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP];
4309
4310 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP],
4311 sizeof clen, (const char *)&clen,
4312 sizeof(sp->myauth.challenge), sp->myauth.challenge,
4313 sp->myauth.name_len,
4314 sp->myauth.name,
4315 0);
4316 }
4317
4318 /*
4319 *--------------------------------------------------------------------------*
4320 * *
4321 * The PAP implementation. *
4322 * *
4323 *--------------------------------------------------------------------------*
4324 */
4325 /*
4326 * For PAP, we need to keep a little state also if we are the peer, not the
4327 * authenticator. This is since we don't get a request to authenticate, but
4328 * have to repeatedly authenticate ourself until we got a response (or the
4329 * retry counter is expired).
4330 */
4331
4332 /*
4333 * Handle incoming PAP packets. */
4334 static void
4335 sppp_pap_input(struct sppp *sp, struct mbuf *m)
4336 {
4337 STDDCL;
4338 struct lcp_header *h;
4339 int len, x;
4340 u_char mlen;
4341 char *name, *secret;
4342 int name_len, secret_len;
4343
4344 /*
4345 * Malicious input might leave this uninitialized, so
4346 * init to an impossible value.
4347 */
4348 secret_len = -1;
4349
4350 len = m->m_pkthdr.len;
4351 if (len < 5) {
4352 if (debug)
4353 log(LOG_DEBUG,
4354 "%s: pap invalid packet length: %d bytes\n",
4355 ifp->if_xname, len);
4356 return;
4357 }
4358 h = mtod(m, struct lcp_header *);
4359 if (len > ntohs(h->len))
4360 len = ntohs(h->len);
4361 switch (h->type) {
4362 /* PAP request is my authproto */
4363 case PAP_REQ:
4364 if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) {
4365 /* can't do anything usefull */
4366 printf("%s: pap request without his name and his secret being set\n",
4367 ifp->if_xname);
4368 break;
4369 }
4370 name = 1 + (u_char *)(h + 1);
4371 name_len = name[-1];
4372 secret = name + name_len + 1;
4373 if (name_len > len - 6 ||
4374 (secret_len = secret[-1]) > len - 6 - name_len) {
4375 if (debug) {
4376 log(LOG_DEBUG, "%s: pap corrupted input "
4377 "<%s id=0x%x len=%d",
4378 ifp->if_xname,
4379 sppp_auth_type_name(PPP_PAP, h->type),
4380 h->ident, ntohs(h->len));
4381 if (len > 4)
4382 sppp_print_bytes((u_char *)(h + 1),
4383 len - 4);
4384 addlog(">\n");
4385 }
4386 break;
4387 }
4388 if (debug) {
4389 log(LOG_DEBUG, "%s: pap input(%s) "
4390 "<%s id=0x%x len=%d name=",
4391 ifp->if_xname,
4392 sppp_state_name(sp->state[IDX_PAP]),
4393 sppp_auth_type_name(PPP_PAP, h->type),
4394 h->ident, ntohs(h->len));
4395 sppp_print_string((char *)name, name_len);
4396 addlog(" secret=");
4397 sppp_print_string((char *)secret, secret_len);
4398 addlog(">\n");
4399 }
4400 if (name_len != sp->hisauth.name_len ||
4401 secret_len != sp->hisauth.secret_len ||
4402 memcmp(name, sp->hisauth.name, name_len) != 0 ||
4403 memcmp(secret, sp->hisauth.secret, secret_len) != 0) {
4404 /* action scn, tld */
4405 sp->pp_auth_failures++;
4406 mlen = sizeof(FAILMSG) - 1;
4407 sppp_auth_send(&pap, sp, PAP_NAK, h->ident,
4408 sizeof mlen, (const char *)&mlen,
4409 sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
4410 0);
4411 pap.tld(sp);
4412 break;
4413 }
4414 /* action sca, perhaps tlu */
4415 if (sp->state[IDX_PAP] == STATE_REQ_SENT ||
4416 sp->state[IDX_PAP] == STATE_OPENED) {
4417 mlen = sizeof(SUCCMSG) - 1;
4418 sppp_auth_send(&pap, sp, PAP_ACK, h->ident,
4419 sizeof mlen, (const char *)&mlen,
4420 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
4421 0);
4422 }
4423 if (sp->state[IDX_PAP] == STATE_REQ_SENT) {
4424 sppp_cp_change_state(&pap, sp, STATE_OPENED);
4425 pap.tlu(sp);
4426 }
4427 break;
4428
4429 /* ack and nak are his authproto */
4430 case PAP_ACK:
4431 callout_stop(&sp->pap_my_to_ch);
4432 if (debug) {
4433 log(LOG_DEBUG, "%s: pap success",
4434 ifp->if_xname);
4435 name = 1 + (u_char *)(h + 1);
4436 name_len = name[-1];
4437 if (len > 5 && name_len < len+4) {
4438 addlog(": ");
4439 sppp_print_string(name, name_len);
4440 }
4441 addlog("\n");
4442 }
4443 x = splnet();
4444 sp->pp_auth_failures = 0;
4445 sp->pp_flags &= ~PP_NEEDAUTH;
4446 if (sp->myauth.proto == PPP_PAP &&
4447 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) &&
4448 (sp->lcp.protos & (1 << IDX_PAP)) == 0) {
4449 /*
4450 * We are authenticator for PAP but didn't
4451 * complete yet. Leave it to tlu to proceed
4452 * to network phase.
4453 */
4454 splx(x);
4455 break;
4456 }
4457 splx(x);
4458 sppp_phase_network(sp);
4459 break;
4460
4461 case PAP_NAK:
4462 callout_stop(&sp->pap_my_to_ch);
4463 sp->pp_auth_failures++;
4464 if (debug) {
4465 log(LOG_INFO, "%s: pap failure",
4466 ifp->if_xname);
4467 name = 1 + (u_char *)(h + 1);
4468 name_len = name[-1];
4469 if (len > 5 && name_len < len+4) {
4470 addlog(": ");
4471 sppp_print_string(name, name_len);
4472 }
4473 addlog("\n");
4474 } else
4475 log(LOG_INFO, "%s: pap failure\n",
4476 ifp->if_xname);
4477 /* await LCP shutdown by authenticator */
4478 break;
4479
4480 default:
4481 /* Unknown PAP packet type -- ignore. */
4482 if (debug) {
4483 log(LOG_DEBUG, "%s: pap corrupted input "
4484 "<0x%x id=0x%x len=%d",
4485 ifp->if_xname,
4486 h->type, h->ident, ntohs(h->len));
4487 if (len > 4)
4488 sppp_print_bytes((u_char *)(h + 1), len - 4);
4489 addlog(">\n");
4490 }
4491 break;
4492
4493 }
4494 }
4495
4496 static void
4497 sppp_pap_init(struct sppp *sp)
4498 {
4499 /* PAP doesn't have STATE_INITIAL at all. */
4500 sp->state[IDX_PAP] = STATE_CLOSED;
4501 sp->fail_counter[IDX_PAP] = 0;
4502 sp->pp_seq[IDX_PAP] = 0;
4503 sp->pp_rseq[IDX_PAP] = 0;
4504 callout_init(&sp->ch[IDX_PAP]);
4505 callout_init(&sp->pap_my_to_ch);
4506 }
4507
4508 static void
4509 sppp_pap_open(struct sppp *sp)
4510 {
4511 if (sp->hisauth.proto == PPP_PAP &&
4512 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
4513 /* we are authenticator for PAP, start our timer */
4514 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
4515 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
4516 }
4517 if (sp->myauth.proto == PPP_PAP) {
4518 /* we are peer, send a request, and start a timer */
4519 pap.scr(sp);
4520 callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout,
4521 sppp_pap_my_TO, sp);
4522 }
4523 }
4524
4525 static void
4526 sppp_pap_close(struct sppp *sp)
4527 {
4528 if (sp->state[IDX_PAP] != STATE_CLOSED)
4529 sppp_cp_change_state(&pap, sp, STATE_CLOSED);
4530 }
4531
4532 /*
4533 * That's the timeout routine if we are authenticator. Since the
4534 * authenticator is basically passive in PAP, we can't do much here.
4535 */
4536 static void
4537 sppp_pap_TO(void *cookie)
4538 {
4539 struct sppp *sp = (struct sppp *)cookie;
4540 STDDCL;
4541 int s;
4542
4543 s = splnet();
4544 if (debug)
4545 log(LOG_DEBUG, "%s: pap TO(%s) rst_counter = %d\n",
4546 ifp->if_xname,
4547 sppp_state_name(sp->state[IDX_PAP]),
4548 sp->rst_counter[IDX_PAP]);
4549
4550 if (--sp->rst_counter[IDX_PAP] < 0)
4551 /* TO- event */
4552 switch (sp->state[IDX_PAP]) {
4553 case STATE_REQ_SENT:
4554 pap.tld(sp);
4555 sppp_cp_change_state(&pap, sp, STATE_CLOSED);
4556 break;
4557 }
4558 else
4559 /* TO+ event, not very much we could do */
4560 switch (sp->state[IDX_PAP]) {
4561 case STATE_REQ_SENT:
4562 /* sppp_cp_change_state() will restart the timer */
4563 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
4564 break;
4565 }
4566
4567 splx(s);
4568 }
4569
4570 /*
4571 * That's the timeout handler if we are peer. Since the peer is active,
4572 * we need to retransmit our PAP request since it is apparently lost.
4573 * XXX We should impose a max counter.
4574 */
4575 static void
4576 sppp_pap_my_TO(void *cookie)
4577 {
4578 struct sppp *sp = (struct sppp *)cookie;
4579 STDDCL;
4580
4581 if (debug)
4582 log(LOG_DEBUG, "%s: pap peer TO\n",
4583 ifp->if_xname);
4584
4585 pap.scr(sp);
4586 }
4587
4588 static void
4589 sppp_pap_tlu(struct sppp *sp)
4590 {
4591 STDDCL;
4592 int x;
4593
4594 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
4595
4596 if (debug)
4597 log(LOG_DEBUG, "%s: %s tlu\n",
4598 ifp->if_xname, pap.name);
4599
4600 x = splnet();
4601 sp->pp_auth_failures = 0;
4602 /* indicate to LCP that we need to be closed down */
4603 sp->lcp.protos |= (1 << IDX_PAP);
4604
4605 if (sp->pp_flags & PP_NEEDAUTH) {
4606 /*
4607 * Remote is authenticator, but his auth proto didn't
4608 * complete yet. Defer the transition to network
4609 * phase.
4610 */
4611 splx(x);
4612 return;
4613 }
4614 splx(x);
4615 sppp_phase_network(sp);
4616 }
4617
4618 static void
4619 sppp_pap_tld(struct sppp *sp)
4620 {
4621 STDDCL;
4622
4623 if (debug)
4624 log(LOG_DEBUG, "%s: pap tld\n", ifp->if_xname);
4625 callout_stop(&sp->ch[IDX_PAP]);
4626 callout_stop(&sp->pap_my_to_ch);
4627 sp->lcp.protos &= ~(1 << IDX_PAP);
4628
4629 lcp.Close(sp);
4630 }
4631
4632 static void
4633 sppp_pap_scr(struct sppp *sp)
4634 {
4635 u_char idlen, pwdlen;
4636
4637 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) {
4638 /* can't do anything usefull */
4639 printf("%s: pap starting without my name and secret being set\n",
4640 sp->pp_if.if_xname);
4641 return;
4642 }
4643
4644 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP];
4645 pwdlen = sp->myauth.secret_len;
4646 idlen = sp->myauth.name_len;
4647
4648 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP],
4649 sizeof idlen, (const char *)&idlen,
4650 idlen, sp->myauth.name,
4651 sizeof pwdlen, (const char *)&pwdlen,
4652 pwdlen, sp->myauth.secret,
4653 0);
4654 }
4655
4656 /*
4657 * Random miscellaneous functions.
4658 */
4659
4660 /*
4661 * Send a PAP or CHAP proto packet.
4662 *
4663 * Varadic function, each of the elements for the ellipsis is of type
4664 * ``size_t mlen, const u_char *msg''. Processing will stop iff
4665 * mlen == 0.
4666 * NOTE: never declare variadic functions with types subject to type
4667 * promotion (i.e. u_char). This is asking for big trouble depending
4668 * on the architecture you are on...
4669 */
4670
4671 static void
4672 sppp_auth_send(const struct cp *cp, struct sppp *sp,
4673 unsigned int type, unsigned int id,
4674 ...)
4675 {
4676 STDDCL;
4677 struct lcp_header *lh;
4678 struct mbuf *m;
4679 u_char *p;
4680 int len;
4681 size_t pkthdrlen;
4682 unsigned int mlen;
4683 const char *msg;
4684 va_list ap;
4685
4686 MGETHDR(m, M_DONTWAIT, MT_DATA);
4687 if (! m)
4688 return;
4689 m->m_pkthdr.rcvif = 0;
4690
4691 if (sp->pp_flags & PP_NOFRAMING) {
4692 *mtod(m, u_int16_t *) = htons(cp->proto);
4693 pkthdrlen = 2;
4694 lh = (struct lcp_header *)(mtod(m, u_int8_t *)+2);
4695 } else {
4696 struct ppp_header *h;
4697 h = mtod(m, struct ppp_header *);
4698 h->address = PPP_ALLSTATIONS; /* broadcast address */
4699 h->control = PPP_UI; /* Unnumbered Info */
4700 h->protocol = htons(cp->proto);
4701 pkthdrlen = PPP_HEADER_LEN;
4702
4703 lh = (struct lcp_header *)(h + 1);
4704 }
4705
4706 lh->type = type;
4707 lh->ident = id;
4708 p = (u_char *)(lh + 1);
4709
4710 va_start(ap, id);
4711 len = 0;
4712
4713 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) {
4714 msg = va_arg(ap, const char *);
4715 len += mlen;
4716 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) {
4717 va_end(ap);
4718 m_freem(m);
4719 return;
4720 }
4721
4722 bcopy(msg, p, mlen);
4723 p += mlen;
4724 }
4725 va_end(ap);
4726
4727 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len;
4728 lh->len = htons(LCP_HEADER_LEN + len);
4729
4730 if (debug) {
4731 log(LOG_DEBUG, "%s: %s output <%s id=0x%x len=%d",
4732 ifp->if_xname, cp->name,
4733 sppp_auth_type_name(cp->proto, lh->type),
4734 lh->ident, ntohs(lh->len));
4735 if (len)
4736 sppp_print_bytes((u_char *)(lh + 1), len);
4737 addlog(">\n");
4738 }
4739 if (IF_QFULL(&sp->pp_cpq)) {
4740 IF_DROP(&sp->pp_fastq);
4741 IF_DROP(&ifp->if_snd);
4742 m_freem(m);
4743 ++ifp->if_oerrors;
4744 return;
4745 } else
4746 IF_ENQUEUE(&sp->pp_cpq, m);
4747 if (! (ifp->if_flags & IFF_OACTIVE))
4748 (*ifp->if_start)(ifp);
4749 ifp->if_obytes += m->m_pkthdr.len + 3;
4750 }
4751
4752 /*
4753 * Send keepalive packets, every 10 seconds.
4754 */
4755 static void
4756 sppp_keepalive(void *dummy)
4757 {
4758 struct sppp *sp;
4759 int s;
4760 time_t now;
4761
4762 s = splnet();
4763 now = mono_time.tv_sec;
4764 for (sp=spppq; sp; sp=sp->pp_next) {
4765 struct ifnet *ifp = &sp->pp_if;
4766
4767 /* check idle timeout */
4768 if ((sp->pp_idle_timeout != 0) && (ifp->if_flags & IFF_RUNNING)
4769 && (sp->pp_phase == SPPP_PHASE_NETWORK)) {
4770 /* idle timeout is enabled for this interface */
4771 if ((now-sp->pp_last_activity) >= sp->pp_idle_timeout) {
4772 if (ifp->if_flags & IFF_DEBUG)
4773 printf("%s: no activitiy for %lu seconds\n",
4774 sp->pp_if.if_xname,
4775 (unsigned long)(now-sp->pp_last_activity));
4776 lcp.Close(sp);
4777 continue;
4778 }
4779 }
4780
4781 /* Keepalive mode disabled or channel down? */
4782 if (! (sp->pp_flags & PP_KEEPALIVE) ||
4783 ! (ifp->if_flags & IFF_RUNNING))
4784 continue;
4785
4786 /* No keepalive in PPP mode if LCP not opened yet. */
4787 if (! (sp->pp_flags & PP_CISCO) &&
4788 sp->pp_phase < SPPP_PHASE_AUTHENTICATE)
4789 continue;
4790
4791 /* No echo reply, but maybe user data passed through? */
4792 if ((now - sp->pp_last_receive) < sp->pp_max_noreceive) {
4793 sp->pp_alivecnt = 0;
4794 continue;
4795 }
4796
4797 if (sp->pp_alivecnt >= sp->pp_maxalive) {
4798 /* No keepalive packets got. Stop the interface. */
4799 if_down (ifp);
4800 IF_PURGE(&sp->pp_cpq);
4801 if (! (sp->pp_flags & PP_CISCO)) {
4802 printf("%s: LCP keepalive timed out, going to restart the connection\n",
4803 ifp->if_xname);
4804 sp->pp_alivecnt = 0;
4805
4806 /* we are down, close all open protocols */
4807 lcp.Close(sp);
4808
4809 /* And now prepare LCP to reestablish the link, if configured to do so. */
4810 sppp_cp_change_state(&lcp, sp, STATE_STOPPED);
4811
4812 /* Close connection imediatly, completition of this
4813 * will summon the magic needed to reestablish it. */
4814 sp->pp_tlf(sp);
4815 continue;
4816 }
4817 }
4818 if (sp->pp_alivecnt < sp->pp_maxalive)
4819 ++sp->pp_alivecnt;
4820 if (sp->pp_flags & PP_CISCO)
4821 sppp_cisco_send(sp, CISCO_KEEPALIVE_REQ,
4822 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]);
4823 else if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) {
4824 int32_t nmagic = htonl(sp->lcp.magic);
4825 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP];
4826 sppp_cp_send(sp, PPP_LCP, ECHO_REQ,
4827 sp->lcp.echoid, 4, &nmagic);
4828 }
4829 }
4830 splx(s);
4831 callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL);
4832 }
4833
4834 #ifdef INET
4835 /*
4836 * Get both IP addresses.
4837 */
4838 static void
4839 sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, u_int32_t *srcmask)
4840 {
4841 struct ifnet *ifp = &sp->pp_if;
4842 struct ifaddr *ifa;
4843 struct sockaddr_in *si, *sm;
4844 u_int32_t ssrc, ddst;
4845
4846 sm = NULL;
4847 ssrc = ddst = 0;
4848 /*
4849 * Pick the first AF_INET address from the list,
4850 * aliases don't make any sense on a p2p link anyway.
4851 */
4852 si = 0;
4853 IFADDR_FOREACH(ifa, ifp) {
4854 if (ifa->ifa_addr->sa_family == AF_INET) {
4855 si = (struct sockaddr_in *)ifa->ifa_addr;
4856 sm = (struct sockaddr_in *)ifa->ifa_netmask;
4857 if (si)
4858 break;
4859 }
4860 }
4861 if (ifa) {
4862 if (si && si->sin_addr.s_addr) {
4863 ssrc = si->sin_addr.s_addr;
4864 if (srcmask)
4865 *srcmask = ntohl(sm->sin_addr.s_addr);
4866 }
4867
4868 si = (struct sockaddr_in *)ifa->ifa_dstaddr;
4869 if (si && si->sin_addr.s_addr)
4870 ddst = si->sin_addr.s_addr;
4871 }
4872
4873 if (dst) *dst = ntohl(ddst);
4874 if (src) *src = ntohl(ssrc);
4875 }
4876
4877 /*
4878 * Set IP addresses. Must be called at splnet.
4879 * If an address is 0, leave it the way it is.
4880 */
4881 static void
4882 sppp_set_ip_addrs(struct sppp *sp, u_int32_t myaddr, u_int32_t hisaddr)
4883 {
4884 STDDCL;
4885 struct ifaddr *ifa;
4886 struct sockaddr_in *si, *dest;
4887
4888 /*
4889 * Pick the first AF_INET address from the list,
4890 * aliases don't make any sense on a p2p link anyway.
4891 */
4892
4893 IFADDR_FOREACH(ifa, ifp) {
4894 if (ifa->ifa_addr->sa_family == AF_INET) {
4895 si = (struct sockaddr_in *)ifa->ifa_addr;
4896 dest = (struct sockaddr_in *)ifa->ifa_dstaddr;
4897 goto found;
4898 }
4899 }
4900 return;
4901
4902 found:
4903 {
4904 int error;
4905 struct sockaddr_in new_sin = *si;
4906 struct sockaddr_in new_dst = *dest;
4907
4908 /*
4909 * Scrub old routes now instead of calling in_ifinit with
4910 * scrub=1, because we may change the dstaddr
4911 * before the call to in_ifinit.
4912 */
4913 in_ifscrub(ifp, ifatoia(ifa));
4914
4915 if (myaddr != 0)
4916 new_sin.sin_addr.s_addr = htonl(myaddr);
4917 if (hisaddr != 0) {
4918 new_dst.sin_addr.s_addr = htonl(hisaddr);
4919 if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) {
4920 sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr;
4921 *dest = new_dst; /* fix dstaddr in place */
4922 }
4923 }
4924 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 0);
4925 if (debug && error)
4926 {
4927 log(LOG_DEBUG, "%s: sppp_set_ip_addrs: in_ifinit "
4928 " failed, error=%d\n", ifp->if_xname, error);
4929 }
4930 #ifdef PFIL_HOOKS
4931 if (!error)
4932 (void)pfil_run_hooks(&if_pfil,
4933 (struct mbuf **)SIOCAIFADDR, ifp, PFIL_IFADDR);
4934 #endif
4935 }
4936 }
4937
4938 /*
4939 * Clear IP addresses. Must be called at splnet.
4940 */
4941 static void
4942 sppp_clear_ip_addrs(struct sppp *sp)
4943 {
4944 struct ifnet *ifp = &sp->pp_if;
4945 struct ifaddr *ifa;
4946 struct sockaddr_in *si, *dest;
4947
4948 u_int32_t remote;
4949 if (sp->ipcp.flags & IPCP_HISADDR_DYN)
4950 remote = sp->ipcp.saved_hisaddr;
4951 else
4952 sppp_get_ip_addrs(sp, 0, &remote, 0);
4953
4954 /*
4955 * Pick the first AF_INET address from the list,
4956 * aliases don't make any sense on a p2p link anyway.
4957 */
4958
4959 IFADDR_FOREACH(ifa, ifp) {
4960 if (ifa->ifa_addr->sa_family == AF_INET) {
4961 si = (struct sockaddr_in *)ifa->ifa_addr;
4962 dest = (struct sockaddr_in *)ifa->ifa_dstaddr;
4963 goto found;
4964 }
4965 }
4966 return;
4967
4968 found:
4969 {
4970 struct sockaddr_in new_sin = *si;
4971
4972 in_ifscrub(ifp, ifatoia(ifa));
4973 if (sp->ipcp.flags & IPCP_MYADDR_DYN)
4974 new_sin.sin_addr.s_addr = 0;
4975 if (sp->ipcp.flags & IPCP_HISADDR_DYN)
4976 /* replace peer addr in place */
4977 dest->sin_addr.s_addr = sp->ipcp.saved_hisaddr;
4978 in_ifinit(ifp, ifatoia(ifa), &new_sin, 0);
4979 #ifdef PFIL_HOOKS
4980 (void)pfil_run_hooks(&if_pfil,
4981 (struct mbuf **)SIOCDIFADDR, ifp, PFIL_IFADDR);
4982 #endif
4983 }
4984 }
4985 #endif
4986
4987 #ifdef INET6
4988 /*
4989 * Get both IPv6 addresses.
4990 */
4991 static void
4992 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst,
4993 struct in6_addr *srcmask)
4994 {
4995 struct ifnet *ifp = &sp->pp_if;
4996 struct ifaddr *ifa;
4997 struct sockaddr_in6 *si, *sm;
4998 struct in6_addr ssrc, ddst;
4999
5000 sm = NULL;
5001 memset(&ssrc, 0, sizeof(ssrc));
5002 memset(&ddst, 0, sizeof(ddst));
5003 /*
5004 * Pick the first link-local AF_INET6 address from the list,
5005 * aliases don't make any sense on a p2p link anyway.
5006 */
5007 si = 0;
5008 IFADDR_FOREACH(ifa, ifp)
5009 if (ifa->ifa_addr->sa_family == AF_INET6) {
5010 si = (struct sockaddr_in6 *)ifa->ifa_addr;
5011 sm = (struct sockaddr_in6 *)ifa->ifa_netmask;
5012 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr))
5013 break;
5014 }
5015 if (ifa) {
5016 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) {
5017 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc));
5018 if (srcmask) {
5019 bcopy(&sm->sin6_addr, srcmask,
5020 sizeof(*srcmask));
5021 }
5022 }
5023
5024 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr;
5025 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr))
5026 bcopy(&si->sin6_addr, &ddst, sizeof(ddst));
5027 }
5028
5029 if (dst)
5030 bcopy(&ddst, dst, sizeof(*dst));
5031 if (src)
5032 bcopy(&ssrc, src, sizeof(*src));
5033 }
5034
5035 #ifdef IPV6CP_MYIFID_DYN
5036 /*
5037 * Generate random ifid.
5038 */
5039 static void
5040 sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr)
5041 {
5042 /* TBD */
5043 }
5044
5045 /*
5046 * Set my IPv6 address. Must be called at splnet.
5047 */
5048 static void
5049 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src)
5050 {
5051 STDDCL;
5052 struct ifaddr *ifa;
5053 struct sockaddr_in6 *sin6;
5054
5055 /*
5056 * Pick the first link-local AF_INET6 address from the list,
5057 * aliases don't make any sense on a p2p link anyway.
5058 */
5059
5060 sin6 = NULL;
5061 IFADDR_FOREACH(ifa, ifp)
5062 {
5063 if (ifa->ifa_addr->sa_family == AF_INET6)
5064 {
5065 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr;
5066 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))
5067 break;
5068 }
5069 }
5070
5071 if (ifa && sin6)
5072 {
5073 int error;
5074 struct sockaddr_in6 new_sin6 = *sin6;
5075
5076 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr));
5077 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1);
5078 if (debug && error)
5079 {
5080 log(LOG_DEBUG, "%s: sppp_set_ip6_addr: in6_ifinit "
5081 " failed, error=%d\n", ifp->if_xname, error);
5082 }
5083 #ifdef PFIL_HOOKS
5084 if (!error)
5085 (void)pfil_run_hooks(&if_pfil,
5086 (struct mbuf **)SIOCAIFADDR_IN6, ifp, PFIL_IFADDR);
5087 #endif
5088 }
5089 }
5090 #endif
5091
5092 /*
5093 * Suggest a candidate address to be used by peer.
5094 */
5095 static void
5096 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest)
5097 {
5098 struct in6_addr myaddr;
5099 struct timeval tv;
5100
5101 sppp_get_ip6_addrs(sp, &myaddr, 0, 0);
5102
5103 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */
5104 microtime(&tv);
5105 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) {
5106 myaddr.s6_addr[14] ^= 0xff;
5107 myaddr.s6_addr[15] ^= 0xff;
5108 } else {
5109 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff);
5110 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff);
5111 }
5112 if (suggest)
5113 bcopy(&myaddr, suggest, sizeof(myaddr));
5114 }
5115 #endif /*INET6*/
5116
5117 /*
5118 * Process ioctl requests specific to the PPP interface.
5119 * Permissions have already been checked.
5120 */
5121 static int
5122 sppp_params(struct sppp *sp, int cmd, void *data)
5123 {
5124 switch (cmd) {
5125 case SPPPGETAUTHCFG:
5126 {
5127 struct spppauthcfg *cfg = (struct spppauthcfg *)data;
5128 int error;
5129 size_t len;
5130
5131 cfg->myauthflags = sp->myauth.flags;
5132 cfg->hisauthflags = sp->hisauth.flags;
5133 strncpy(cfg->ifname, sp->pp_if.if_xname, IFNAMSIZ);
5134 cfg->hisauth = 0;
5135 if (sp->hisauth.proto)
5136 cfg->hisauth = (sp->hisauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP;
5137 cfg->myauth = 0;
5138 if (sp->myauth.proto)
5139 cfg->myauth = (sp->myauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP;
5140 if (cfg->myname_length == 0) {
5141 if (sp->myauth.name != NULL)
5142 cfg->myname_length = sp->myauth.name_len + 1;
5143 } else {
5144 if (sp->myauth.name == NULL) {
5145 cfg->myname_length = 0;
5146 } else {
5147 len = sp->myauth.name_len + 1;
5148 if (cfg->myname_length < len)
5149 return (ENAMETOOLONG);
5150 error = copyout(sp->myauth.name, cfg->myname, len);
5151 if (error) return error;
5152 }
5153 }
5154 if (cfg->hisname_length == 0) {
5155 if (sp->hisauth.name != NULL)
5156 cfg->hisname_length = sp->hisauth.name_len + 1;
5157 } else {
5158 if (sp->hisauth.name == NULL) {
5159 cfg->hisname_length = 0;
5160 } else {
5161 len = sp->hisauth.name_len + 1;
5162 if (cfg->hisname_length < len)
5163 return (ENAMETOOLONG);
5164 error = copyout(sp->hisauth.name, cfg->hisname, len);
5165 if (error) return error;
5166 }
5167 }
5168 }
5169 break;
5170 case SPPPSETAUTHCFG:
5171 {
5172 struct spppauthcfg *cfg = (struct spppauthcfg *)data;
5173 int error;
5174
5175 if (sp->myauth.name) {
5176 free(sp->myauth.name, M_DEVBUF);
5177 sp->myauth.name = NULL;
5178 }
5179 if (sp->myauth.secret) {
5180 free(sp->myauth.secret, M_DEVBUF);
5181 sp->myauth.secret = NULL;
5182 }
5183 if (sp->hisauth.name) {
5184 free(sp->hisauth.name, M_DEVBUF);
5185 sp->hisauth.name = NULL;
5186 }
5187 if (sp->hisauth.secret) {
5188 free(sp->hisauth.secret, M_DEVBUF);
5189 sp->hisauth.secret = NULL;
5190 }
5191
5192 if (cfg->hisname != NULL && cfg->hisname_length > 0) {
5193 if (cfg->hisname_length >= MCLBYTES)
5194 return (ENAMETOOLONG);
5195 sp->hisauth.name = malloc(cfg->hisname_length, M_DEVBUF, M_WAITOK);
5196 error = copyin(cfg->hisname, sp->hisauth.name, cfg->hisname_length);
5197 if (error) {
5198 free(sp->hisauth.name, M_DEVBUF);
5199 sp->hisauth.name = NULL;
5200 return error;
5201 }
5202 sp->hisauth.name_len = cfg->hisname_length - 1;
5203 sp->hisauth.name[sp->hisauth.name_len] = 0;
5204 }
5205 if (cfg->hissecret != NULL && cfg->hissecret_length > 0) {
5206 if (cfg->hissecret_length >= MCLBYTES)
5207 return (ENAMETOOLONG);
5208 sp->hisauth.secret = malloc(cfg->hissecret_length, M_DEVBUF, M_WAITOK);
5209 error = copyin(cfg->hissecret, sp->hisauth.secret, cfg->hissecret_length);
5210 if (error) {
5211 free(sp->hisauth.secret, M_DEVBUF);
5212 sp->hisauth.secret = NULL;
5213 return error;
5214 }
5215 sp->hisauth.secret_len = cfg->hissecret_length - 1;
5216 sp->hisauth.secret[sp->hisauth.secret_len] = 0;
5217 }
5218 if (cfg->myname != NULL && cfg->myname_length > 0) {
5219 if (cfg->myname_length >= MCLBYTES)
5220 return (ENAMETOOLONG);
5221 sp->myauth.name = malloc(cfg->myname_length, M_DEVBUF, M_WAITOK);
5222 error = copyin(cfg->myname, sp->myauth.name, cfg->myname_length);
5223 if (error) {
5224 free(sp->myauth.name, M_DEVBUF);
5225 sp->myauth.name = NULL;
5226 return error;
5227 }
5228 sp->myauth.name_len = cfg->myname_length - 1;
5229 sp->myauth.name[sp->myauth.name_len] = 0;
5230 }
5231 if (cfg->mysecret != NULL && cfg->mysecret_length > 0) {
5232 if (cfg->mysecret_length >= MCLBYTES)
5233 return (ENAMETOOLONG);
5234 sp->myauth.secret = malloc(cfg->mysecret_length, M_DEVBUF, M_WAITOK);
5235 error = copyin(cfg->mysecret, sp->myauth.secret, cfg->mysecret_length);
5236 if (error) {
5237 free(sp->myauth.secret, M_DEVBUF);
5238 sp->myauth.secret = NULL;
5239 return error;
5240 }
5241 sp->myauth.secret_len = cfg->mysecret_length - 1;
5242 sp->myauth.secret[sp->myauth.secret_len] = 0;
5243 }
5244 sp->myauth.flags = cfg->myauthflags;
5245 if (cfg->myauth)
5246 sp->myauth.proto = (cfg->myauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP;
5247 sp->hisauth.flags = cfg->hisauthflags;
5248 if (cfg->hisauth)
5249 sp->hisauth.proto = (cfg->hisauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP;
5250 sp->pp_auth_failures = 0;
5251 if (sp->hisauth.proto != 0)
5252 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO);
5253 else
5254 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
5255 }
5256 break;
5257 case SPPPGETLCPCFG:
5258 {
5259 struct sppplcpcfg *lcp = (struct sppplcpcfg *)data;
5260 lcp->lcp_timeout = sp->lcp.timeout;
5261 }
5262 break;
5263 case SPPPSETLCPCFG:
5264 {
5265 struct sppplcpcfg *lcp = (struct sppplcpcfg *)data;
5266 sp->lcp.timeout = lcp->lcp_timeout;
5267 }
5268 break;
5269 case SPPPGETSTATUS:
5270 {
5271 struct spppstatus *status = (struct spppstatus *)data;
5272 status->phase = sp->pp_phase;
5273 }
5274 break;
5275 case SPPPGETSTATUSNCP:
5276 {
5277 struct spppstatusncp *status = (struct spppstatusncp *)data;
5278 status->phase = sp->pp_phase;
5279 status->ncpup = sppp_ncp_check(sp);
5280 }
5281 break;
5282 case SPPPGETIDLETO:
5283 {
5284 struct spppidletimeout *to = (struct spppidletimeout *)data;
5285 to->idle_seconds = sp->pp_idle_timeout;
5286 }
5287 break;
5288 case SPPPSETIDLETO:
5289 {
5290 struct spppidletimeout *to = (struct spppidletimeout *)data;
5291 sp->pp_idle_timeout = to->idle_seconds;
5292 }
5293 break;
5294 case SPPPSETAUTHFAILURE:
5295 {
5296 struct spppauthfailuresettings *afsettings = (struct spppauthfailuresettings *)data;
5297 sp->pp_max_auth_fail = afsettings->max_failures;
5298 sp->pp_auth_failures = 0;
5299 }
5300 break;
5301 case SPPPGETAUTHFAILURES:
5302 {
5303 struct spppauthfailurestats *stats = (struct spppauthfailurestats *)data;
5304 stats->auth_failures = sp->pp_auth_failures;
5305 stats->max_failures = sp->pp_max_auth_fail;
5306 }
5307 break;
5308 case SPPPSETDNSOPTS:
5309 {
5310 struct spppdnssettings *req = (struct spppdnssettings *)data;
5311 sp->query_dns = req->query_dns & 3;
5312 }
5313 break;
5314 case SPPPGETDNSOPTS:
5315 {
5316 struct spppdnssettings *req = (struct spppdnssettings *)data;
5317 req->query_dns = sp->query_dns;
5318 }
5319 break;
5320 case SPPPGETDNSADDRS:
5321 {
5322 struct spppdnsaddrs *addrs = (struct spppdnsaddrs *)data;
5323 memcpy(&addrs->dns, &sp->dns_addrs, sizeof addrs->dns);
5324 }
5325 break;
5326 case SPPPGETKEEPALIVE:
5327 {
5328 struct spppkeepalivesettings *settings =
5329 (struct spppkeepalivesettings*)data;
5330 settings->maxalive = sp->pp_maxalive;
5331 settings->max_noreceive = sp->pp_max_noreceive;
5332 }
5333 break;
5334 case SPPPSETKEEPALIVE:
5335 {
5336 struct spppkeepalivesettings *settings =
5337 (struct spppkeepalivesettings*)data;
5338 sp->pp_maxalive = settings->maxalive;
5339 sp->pp_max_noreceive = settings->max_noreceive;
5340 }
5341 break;
5342 default:
5343 return (EINVAL);
5344 }
5345
5346 return (0);
5347 }
5348
5349 static void
5350 sppp_phase_network(struct sppp *sp)
5351 {
5352 STDDCL;
5353 int i;
5354 u_int32_t mask;
5355
5356 sp->pp_phase = SPPP_PHASE_NETWORK;
5357
5358 if (debug)
5359 {
5360 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname,
5361 sppp_phase_name(sp->pp_phase));
5362 }
5363
5364 /* Notify NCPs now. */
5365 for (i = 0; i < IDX_COUNT; i++)
5366 if ((cps[i])->flags & CP_NCP)
5367 (cps[i])->Open(sp);
5368
5369 /* Send Up events to all NCPs. */
5370 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
5371 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP))
5372 (cps[i])->Up(sp);
5373
5374 /* if no NCP is starting, all this was in vain, close down */
5375 sppp_lcp_check_and_close(sp);
5376 }
5377
5378
5379 static const char *
5380 sppp_cp_type_name(u_char type)
5381 {
5382 static char buf[12];
5383 switch (type) {
5384 case CONF_REQ: return "conf-req";
5385 case CONF_ACK: return "conf-ack";
5386 case CONF_NAK: return "conf-nak";
5387 case CONF_REJ: return "conf-rej";
5388 case TERM_REQ: return "term-req";
5389 case TERM_ACK: return "term-ack";
5390 case CODE_REJ: return "code-rej";
5391 case PROTO_REJ: return "proto-rej";
5392 case ECHO_REQ: return "echo-req";
5393 case ECHO_REPLY: return "echo-reply";
5394 case DISC_REQ: return "discard-req";
5395 }
5396 snprintf(buf, sizeof(buf), "0x%x", type);
5397 return buf;
5398 }
5399
5400 static const char *
5401 sppp_auth_type_name(u_short proto, u_char type)
5402 {
5403 static char buf[12];
5404 switch (proto) {
5405 case PPP_CHAP:
5406 switch (type) {
5407 case CHAP_CHALLENGE: return "challenge";
5408 case CHAP_RESPONSE: return "response";
5409 case CHAP_SUCCESS: return "success";
5410 case CHAP_FAILURE: return "failure";
5411 }
5412 case PPP_PAP:
5413 switch (type) {
5414 case PAP_REQ: return "req";
5415 case PAP_ACK: return "ack";
5416 case PAP_NAK: return "nak";
5417 }
5418 }
5419 snprintf(buf, sizeof(buf), "0x%x", type);
5420 return buf;
5421 }
5422
5423 static const char *
5424 sppp_lcp_opt_name(u_char opt)
5425 {
5426 static char buf[12];
5427 switch (opt) {
5428 case LCP_OPT_MRU: return "mru";
5429 case LCP_OPT_ASYNC_MAP: return "async-map";
5430 case LCP_OPT_AUTH_PROTO: return "auth-proto";
5431 case LCP_OPT_QUAL_PROTO: return "qual-proto";
5432 case LCP_OPT_MAGIC: return "magic";
5433 case LCP_OPT_PROTO_COMP: return "proto-comp";
5434 case LCP_OPT_ADDR_COMP: return "addr-comp";
5435 }
5436 snprintf(buf, sizeof(buf), "0x%x", opt);
5437 return buf;
5438 }
5439
5440 static const char *
5441 sppp_ipcp_opt_name(u_char opt)
5442 {
5443 static char buf[12];
5444 switch (opt) {
5445 case IPCP_OPT_ADDRESSES: return "addresses";
5446 case IPCP_OPT_COMPRESSION: return "compression";
5447 case IPCP_OPT_ADDRESS: return "address";
5448 }
5449 snprintf(buf, sizeof(buf), "0x%x", opt);
5450 return buf;
5451 }
5452
5453 #ifdef INET6
5454 static const char *
5455 sppp_ipv6cp_opt_name(u_char opt)
5456 {
5457 static char buf[12];
5458 switch (opt) {
5459 case IPV6CP_OPT_IFID: return "ifid";
5460 case IPV6CP_OPT_COMPRESSION: return "compression";
5461 }
5462 snprintf(buf, sizeof(buf), "0x%x", opt);
5463 return buf;
5464 }
5465 #endif
5466
5467 static const char *
5468 sppp_state_name(int state)
5469 {
5470 switch (state) {
5471 case STATE_INITIAL: return "initial";
5472 case STATE_STARTING: return "starting";
5473 case STATE_CLOSED: return "closed";
5474 case STATE_STOPPED: return "stopped";
5475 case STATE_CLOSING: return "closing";
5476 case STATE_STOPPING: return "stopping";
5477 case STATE_REQ_SENT: return "req-sent";
5478 case STATE_ACK_RCVD: return "ack-rcvd";
5479 case STATE_ACK_SENT: return "ack-sent";
5480 case STATE_OPENED: return "opened";
5481 }
5482 return "illegal";
5483 }
5484
5485 static const char *
5486 sppp_phase_name(int phase)
5487 {
5488 switch (phase) {
5489 case SPPP_PHASE_DEAD: return "dead";
5490 case SPPP_PHASE_ESTABLISH: return "establish";
5491 case SPPP_PHASE_TERMINATE: return "terminate";
5492 case SPPP_PHASE_AUTHENTICATE: return "authenticate";
5493 case SPPP_PHASE_NETWORK: return "network";
5494 }
5495 return "illegal";
5496 }
5497
5498 static const char *
5499 sppp_proto_name(u_short proto)
5500 {
5501 static char buf[12];
5502 switch (proto) {
5503 case PPP_LCP: return "lcp";
5504 case PPP_IPCP: return "ipcp";
5505 case PPP_PAP: return "pap";
5506 case PPP_CHAP: return "chap";
5507 case PPP_IPV6CP: return "ipv6cp";
5508 }
5509 snprintf(buf, sizeof(buf), "0x%x", (unsigned)proto);
5510 return buf;
5511 }
5512
5513 static void
5514 sppp_print_bytes(const u_char *p, u_short len)
5515 {
5516 addlog(" %02x", *p++);
5517 while (--len > 0)
5518 addlog("-%02x", *p++);
5519 }
5520
5521 static void
5522 sppp_print_string(const char *p, u_short len)
5523 {
5524 u_char c;
5525
5526 while (len-- > 0) {
5527 c = *p++;
5528 /*
5529 * Print only ASCII chars directly. RFC 1994 recommends
5530 * using only them, but we don't rely on it. */
5531 if (c < ' ' || c > '~')
5532 addlog("\\x%x", c);
5533 else
5534 addlog("%c", c);
5535 }
5536 }
5537
5538 static const char *
5539 sppp_dotted_quad(u_int32_t addr)
5540 {
5541 static char s[16];
5542 snprintf(s, sizeof(s), "%d.%d.%d.%d",
5543 (int)((addr >> 24) & 0xff),
5544 (int)((addr >> 16) & 0xff),
5545 (int)((addr >> 8) & 0xff),
5546 (int)(addr & 0xff));
5547 return s;
5548 }
5549
5550 /* a dummy, used to drop uninteresting events */
5551 static void
5552 sppp_null(struct sppp *unused)
5553 {
5554 /* do just nothing */
5555 }
5556 /*
5557 * This file is large. Tell emacs to highlight it nevertheless.
5558 *
5559 * Local Variables:
5560 * hilit-auto-highlight-maxout: 120000
5561 * End:
5562 */
Cache object: 9a885afa362d70fabb08d10b23933b49
|