Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/net/if_spppsubr.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* $NetBSD: if_spppsubr.c,v 1.82.2.2 2007/06/15 11:37:58 liamjfoy Exp $ */ 2 3 /* 4 * Synchronous PPP/Cisco link level subroutines. 5 * Keepalive protocol implemented in both Cisco and PPP modes. 6 * 7 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 8 * Author: Serge Vakulenko, <vak@cronyx.ru> 9 * 10 * Heavily revamped to conform to RFC 1661. 11 * Copyright (C) 1997, Joerg Wunsch. 12 * 13 * RFC2472 IPv6CP support. 14 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun@iijlab.net>. 15 * 16 * Redistribution and use in source and binary forms, with or without 17 * modification, are permitted provided that the following conditions are met: 18 * 1. Redistributions of source code must retain the above copyright notice, 19 * this list of conditions and the following disclaimer. 20 * 2. Redistributions in binary form must reproduce the above copyright notice, 21 * this list of conditions and the following disclaimer in the documentation 22 * and/or other materials provided with the distribution. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY 25 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE 28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 32 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 34 * POSSIBILITY OF SUCH DAMAGE. 35 * 36 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 37 * 38 * From: if_spppsubr.c,v 1.39 1998/04/04 13:26:03 phk Exp 39 * 40 * From: Id: if_spppsubr.c,v 1.23 1999/02/23 14:47:50 hm Exp 41 */ 42 43 #include <sys/cdefs.h> 44 __KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.82.2.2 2007/06/15 11:37:58 liamjfoy Exp $"); 45 46 #include "opt_inet.h" 47 #include "opt_ipx.h" 48 #include "opt_iso.h" 49 #include "opt_ns.h" 50 #include "opt_pfil_hooks.h" 51 52 #include <sys/param.h> 53 #include <sys/proc.h> 54 #include <sys/systm.h> 55 #include <sys/kernel.h> 56 #include <sys/sockio.h> 57 #include <sys/socket.h> 58 #include <sys/syslog.h> 59 #include <sys/malloc.h> 60 #include <sys/mbuf.h> 61 #include <sys/callout.h> 62 #include <sys/md5.h> 63 #include <sys/inttypes.h> 64 65 #include <net/if.h> 66 #include <net/netisr.h> 67 #include <net/if_types.h> 68 #include <net/route.h> 69 #include <net/ppp_defs.h> 70 71 #include <machine/stdarg.h> 72 73 #include <netinet/in.h> 74 #include <netinet/in_systm.h> 75 #include <netinet/in_var.h> 76 #ifdef INET 77 #include <netinet/ip.h> 78 #include <netinet/tcp.h> 79 #endif 80 #include <net/ethertypes.h> 81 82 #ifdef IPX 83 #include <netipx/ipx.h> 84 #include <netipx/ipx_if.h> 85 #endif 86 87 #ifdef NS 88 #include <netns/ns.h> 89 #include <netns/ns_if.h> 90 #endif 91 92 #ifdef ISO 93 #include <netiso/argo_debug.h> 94 #include <netiso/iso.h> 95 #include <netiso/iso_var.h> 96 #include <netiso/iso_snpac.h> 97 #endif 98 99 #include <net/if_sppp.h> 100 #include <net/if_spppvar.h> 101 102 #define LCP_KEEPALIVE_INTERVAL 10 /* seconds between checks */ 103 #define LOOPALIVECNT 3 /* loopback detection tries */ 104 #define DEFAULT_MAXALIVECNT 3 /* max. missed alive packets */ 105 #define DEFAULT_NORECV_TIME 15 /* before we get worried */ 106 #define DEFAULT_MAX_AUTH_FAILURES 5 /* max. auth. failures */ 107 108 /* 109 * Interface flags that can be set in an ifconfig command. 110 * 111 * Setting link0 will make the link passive, i.e. it will be marked 112 * as being administrative openable, but won't be opened to begin 113 * with. Incoming calls will be answered, or subsequent calls with 114 * -link1 will cause the administrative open of the LCP layer. 115 * 116 * Setting link1 will cause the link to auto-dial only as packets 117 * arrive to be sent. 118 * 119 * Setting IFF_DEBUG will syslog the option negotiation and state 120 * transitions at level kern.debug. Note: all logs consistently look 121 * like 122 * 123 * <if-name><unit>: <proto-name> <additional info...> 124 * 125 * with <if-name><unit> being something like "bppp0", and <proto-name> 126 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 127 */ 128 129 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 130 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 131 132 #define CONF_REQ 1 /* PPP configure request */ 133 #define CONF_ACK 2 /* PPP configure acknowledge */ 134 #define CONF_NAK 3 /* PPP configure negative ack */ 135 #define CONF_REJ 4 /* PPP configure reject */ 136 #define TERM_REQ 5 /* PPP terminate request */ 137 #define TERM_ACK 6 /* PPP terminate acknowledge */ 138 #define CODE_REJ 7 /* PPP code reject */ 139 #define PROTO_REJ 8 /* PPP protocol reject */ 140 #define ECHO_REQ 9 /* PPP echo request */ 141 #define ECHO_REPLY 10 /* PPP echo reply */ 142 #define DISC_REQ 11 /* PPP discard request */ 143 144 #define LCP_OPT_MRU 1 /* maximum receive unit */ 145 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 146 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 147 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 148 #define LCP_OPT_MAGIC 5 /* magic number */ 149 #define LCP_OPT_RESERVED 6 /* reserved */ 150 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 151 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 152 153 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 154 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol */ 155 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 156 #define IPCP_OPT_PRIMDNS 129 /* primary remote dns address */ 157 #define IPCP_OPT_SECDNS 131 /* secondary remote dns address */ 158 159 #define IPV6CP_OPT_IFID 1 /* interface identifier */ 160 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 161 162 #define PAP_REQ 1 /* PAP name/password request */ 163 #define PAP_ACK 2 /* PAP acknowledge */ 164 #define PAP_NAK 3 /* PAP fail */ 165 166 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 167 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 168 #define CHAP_SUCCESS 3 /* CHAP response ok */ 169 #define CHAP_FAILURE 4 /* CHAP response failed */ 170 171 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 172 173 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 174 #define CISCO_UNICAST 0x0f /* Cisco unicast address */ 175 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 176 #define CISCO_ADDR_REQ 0 /* Cisco address request */ 177 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 178 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 179 180 /* states are named and numbered according to RFC 1661 */ 181 #define STATE_INITIAL 0 182 #define STATE_STARTING 1 183 #define STATE_CLOSED 2 184 #define STATE_STOPPED 3 185 #define STATE_CLOSING 4 186 #define STATE_STOPPING 5 187 #define STATE_REQ_SENT 6 188 #define STATE_ACK_RCVD 7 189 #define STATE_ACK_SENT 8 190 #define STATE_OPENED 9 191 192 struct ppp_header { 193 u_int8_t address; 194 u_int8_t control; 195 u_int16_t protocol; 196 } __attribute__((__packed__)); 197 #define PPP_HEADER_LEN sizeof (struct ppp_header) 198 199 struct lcp_header { 200 u_int8_t type; 201 u_int8_t ident; 202 u_int16_t len; 203 } __attribute__((__packed__)); 204 #define LCP_HEADER_LEN sizeof (struct lcp_header) 205 206 struct cisco_packet { 207 u_int32_t type; 208 u_int32_t par1; 209 u_int32_t par2; 210 u_int16_t rel; 211 u_int16_t time0; 212 u_int16_t time1; 213 } __attribute__((__packed__)); 214 #define CISCO_PACKET_LEN 18 215 216 /* 217 * We follow the spelling and capitalization of RFC 1661 here, to make 218 * it easier comparing with the standard. Please refer to this RFC in 219 * case you can't make sense out of these abbreviation; it will also 220 * explain the semantics related to the various events and actions. 221 */ 222 struct cp { 223 u_short proto; /* PPP control protocol number */ 224 u_char protoidx; /* index into state table in struct sppp */ 225 u_char flags; 226 #define CP_LCP 0x01 /* this is the LCP */ 227 #define CP_AUTH 0x02 /* this is an authentication protocol */ 228 #define CP_NCP 0x04 /* this is a NCP */ 229 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 230 const char *name; /* name of this control protocol */ 231 /* event handlers */ 232 void (*Up)(struct sppp *sp); 233 void (*Down)(struct sppp *sp); 234 void (*Open)(struct sppp *sp); 235 void (*Close)(struct sppp *sp); 236 void (*TO)(void *sp); 237 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 238 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 239 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 240 /* actions */ 241 void (*tlu)(struct sppp *sp); 242 void (*tld)(struct sppp *sp); 243 void (*tls)(struct sppp *sp); 244 void (*tlf)(struct sppp *sp); 245 void (*scr)(struct sppp *sp); 246 }; 247 248 static struct sppp *spppq; 249 static struct callout keepalive_ch; 250 251 #ifdef INET 252 /* 253 * The following disgusting hack gets around the problem that IP TOS 254 * can't be set yet. We want to put "interactive" traffic on a high 255 * priority queue. To decide if traffic is interactive, we check that 256 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 257 * 258 * XXX is this really still necessary? - joerg - 259 */ 260 static u_short interactive_ports[8] = { 261 0, 513, 0, 0, 262 0, 21, 0, 23, 263 }; 264 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 265 #endif 266 267 /* almost every function needs these */ 268 #define STDDCL \ 269 struct ifnet *ifp = &sp->pp_if; \ 270 int debug = ifp->if_flags & IFF_DEBUG 271 272 static int sppp_output(struct ifnet *ifp, struct mbuf *m, 273 struct sockaddr *dst, struct rtentry *rt); 274 275 static void sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2); 276 static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 277 278 static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 279 struct mbuf *m); 280 static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 281 u_char ident, u_short len, void *data); 282 /* static void sppp_cp_timeout(void *arg); */ 283 static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 284 int newstate); 285 static void sppp_auth_send(const struct cp *cp, 286 struct sppp *sp, unsigned int type, unsigned int id, 287 ...); 288 289 static void sppp_up_event(const struct cp *cp, struct sppp *sp); 290 static void sppp_down_event(const struct cp *cp, struct sppp *sp); 291 static void sppp_open_event(const struct cp *cp, struct sppp *sp); 292 static void sppp_close_event(const struct cp *cp, struct sppp *sp); 293 static void sppp_to_event(const struct cp *cp, struct sppp *sp); 294 295 static void sppp_null(struct sppp *sp); 296 297 static void sppp_lcp_init(struct sppp *sp); 298 static void sppp_lcp_up(struct sppp *sp); 299 static void sppp_lcp_down(struct sppp *sp); 300 static void sppp_lcp_open(struct sppp *sp); 301 static void sppp_lcp_close(struct sppp *sp); 302 static void sppp_lcp_TO(void *sp); 303 static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 304 static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 305 static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 306 static void sppp_lcp_tlu(struct sppp *sp); 307 static void sppp_lcp_tld(struct sppp *sp); 308 static void sppp_lcp_tls(struct sppp *sp); 309 static void sppp_lcp_tlf(struct sppp *sp); 310 static void sppp_lcp_scr(struct sppp *sp); 311 static void sppp_lcp_check_and_close(struct sppp *sp); 312 static int sppp_ncp_check(struct sppp *sp); 313 314 static void sppp_ipcp_init(struct sppp *sp); 315 static void sppp_ipcp_up(struct sppp *sp); 316 static void sppp_ipcp_down(struct sppp *sp); 317 static void sppp_ipcp_open(struct sppp *sp); 318 static void sppp_ipcp_close(struct sppp *sp); 319 static void sppp_ipcp_TO(void *sp); 320 static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 321 static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 322 static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 323 static void sppp_ipcp_tlu(struct sppp *sp); 324 static void sppp_ipcp_tld(struct sppp *sp); 325 static void sppp_ipcp_tls(struct sppp *sp); 326 static void sppp_ipcp_tlf(struct sppp *sp); 327 static void sppp_ipcp_scr(struct sppp *sp); 328 329 static void sppp_ipv6cp_init(struct sppp *sp); 330 static void sppp_ipv6cp_up(struct sppp *sp); 331 static void sppp_ipv6cp_down(struct sppp *sp); 332 static void sppp_ipv6cp_open(struct sppp *sp); 333 static void sppp_ipv6cp_close(struct sppp *sp); 334 static void sppp_ipv6cp_TO(void *sp); 335 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 336 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 337 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 338 static void sppp_ipv6cp_tlu(struct sppp *sp); 339 static void sppp_ipv6cp_tld(struct sppp *sp); 340 static void sppp_ipv6cp_tls(struct sppp *sp); 341 static void sppp_ipv6cp_tlf(struct sppp *sp); 342 static void sppp_ipv6cp_scr(struct sppp *sp); 343 344 static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 345 static void sppp_pap_init(struct sppp *sp); 346 static void sppp_pap_open(struct sppp *sp); 347 static void sppp_pap_close(struct sppp *sp); 348 static void sppp_pap_TO(void *sp); 349 static void sppp_pap_my_TO(void *sp); 350 static void sppp_pap_tlu(struct sppp *sp); 351 static void sppp_pap_tld(struct sppp *sp); 352 static void sppp_pap_scr(struct sppp *sp); 353 354 static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 355 static void sppp_chap_init(struct sppp *sp); 356 static void sppp_chap_open(struct sppp *sp); 357 static void sppp_chap_close(struct sppp *sp); 358 static void sppp_chap_TO(void *sp); 359 static void sppp_chap_tlu(struct sppp *sp); 360 static void sppp_chap_tld(struct sppp *sp); 361 static void sppp_chap_scr(struct sppp *sp); 362 363 static const char *sppp_auth_type_name(u_short proto, u_char type); 364 static const char *sppp_cp_type_name(u_char type); 365 static const char *sppp_dotted_quad(u_int32_t addr); 366 static const char *sppp_ipcp_opt_name(u_char opt); 367 #ifdef INET6 368 static const char *sppp_ipv6cp_opt_name(u_char opt); 369 #endif 370 static const char *sppp_lcp_opt_name(u_char opt); 371 static const char *sppp_phase_name(int phase); 372 static const char *sppp_proto_name(u_short proto); 373 static const char *sppp_state_name(int state); 374 static int sppp_params(struct sppp *sp, int cmd, void *data); 375 #ifdef INET 376 static void sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, 377 u_int32_t *srcmask); 378 static void sppp_set_ip_addrs(struct sppp *sp, u_int32_t myaddr, u_int32_t hisaddr); 379 static void sppp_clear_ip_addrs(struct sppp *sp); 380 #endif 381 static void sppp_keepalive(void *dummy); 382 static void sppp_phase_network(struct sppp *sp); 383 static void sppp_print_bytes(const u_char *p, u_short len); 384 static void sppp_print_string(const char *p, u_short len); 385 #ifdef INET6 386 static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 387 struct in6_addr *dst, struct in6_addr *srcmask); 388 #ifdef IPV6CP_MYIFID_DYN 389 static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 390 static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 391 #endif 392 static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 393 #endif 394 395 /* our control protocol descriptors */ 396 static const struct cp lcp = { 397 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 398 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 399 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 400 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 401 sppp_lcp_scr 402 }; 403 404 static const struct cp ipcp = { 405 PPP_IPCP, IDX_IPCP, 406 #ifdef INET 407 CP_NCP, /*don't run IPCP if there's no IPv4 support*/ 408 #else 409 0, 410 #endif 411 "ipcp", 412 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 413 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 414 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 415 sppp_ipcp_scr 416 }; 417 418 static const struct cp ipv6cp = { 419 PPP_IPV6CP, IDX_IPV6CP, 420 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 421 CP_NCP, 422 #else 423 0, 424 #endif 425 "ipv6cp", 426 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 427 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 428 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 429 sppp_ipv6cp_scr 430 }; 431 432 static const struct cp pap = { 433 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 434 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 435 sppp_pap_TO, 0, 0, 0, 436 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 437 sppp_pap_scr 438 }; 439 440 static const struct cp chap = { 441 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 442 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 443 sppp_chap_TO, 0, 0, 0, 444 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 445 sppp_chap_scr 446 }; 447 448 static const struct cp *cps[IDX_COUNT] = { 449 &lcp, /* IDX_LCP */ 450 &ipcp, /* IDX_IPCP */ 451 &ipv6cp, /* IDX_IPV6CP */ 452 &pap, /* IDX_PAP */ 453 &chap, /* IDX_CHAP */ 454 }; 455 456 457 /* 458 * Exported functions, comprising our interface to the lower layer. 459 */ 460 461 /* 462 * Process the received packet. 463 */ 464 void 465 sppp_input(struct ifnet *ifp, struct mbuf *m) 466 { 467 struct ppp_header *h = NULL; 468 struct ifqueue *inq = 0; 469 u_int16_t protocol; 470 int s; 471 struct sppp *sp = (struct sppp *)ifp; 472 int debug = ifp->if_flags & IFF_DEBUG; 473 474 if (ifp->if_flags & IFF_UP) { 475 /* Count received bytes, add hardware framing */ 476 ifp->if_ibytes += m->m_pkthdr.len + sp->pp_framebytes; 477 /* Note time of last receive */ 478 sp->pp_last_receive = mono_time.tv_sec; 479 } 480 481 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 482 /* Too small packet, drop it. */ 483 if (debug) 484 log(LOG_DEBUG, 485 "%s: input packet is too small, %d bytes\n", 486 ifp->if_xname, m->m_pkthdr.len); 487 drop: 488 ++ifp->if_ierrors; 489 ++ifp->if_iqdrops; 490 m_freem(m); 491 return; 492 } 493 494 if (sp->pp_flags & PP_NOFRAMING) { 495 memcpy(&protocol, mtod(m, void *), 2); 496 protocol = ntohs(protocol); 497 m_adj(m, 2); 498 } else { 499 500 /* Get PPP header. */ 501 h = mtod(m, struct ppp_header *); 502 m_adj(m, PPP_HEADER_LEN); 503 504 switch (h->address) { 505 case PPP_ALLSTATIONS: 506 if (h->control != PPP_UI) 507 goto invalid; 508 if (sp->pp_flags & PP_CISCO) { 509 if (debug) 510 log(LOG_DEBUG, 511 "%s: PPP packet in Cisco mode " 512 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 513 ifp->if_xname, 514 h->address, h->control, ntohs(h->protocol)); 515 goto drop; 516 } 517 break; 518 case CISCO_MULTICAST: 519 case CISCO_UNICAST: 520 /* Don't check the control field here (RFC 1547). */ 521 if (! (sp->pp_flags & PP_CISCO)) { 522 if (debug) 523 log(LOG_DEBUG, 524 "%s: Cisco packet in PPP mode " 525 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 526 ifp->if_xname, 527 h->address, h->control, ntohs(h->protocol)); 528 goto drop; 529 } 530 switch (ntohs(h->protocol)) { 531 default: 532 ++ifp->if_noproto; 533 goto invalid; 534 case CISCO_KEEPALIVE: 535 sppp_cisco_input((struct sppp *) ifp, m); 536 m_freem(m); 537 return; 538 #ifdef INET 539 case ETHERTYPE_IP: 540 schednetisr(NETISR_IP); 541 inq = &ipintrq; 542 break; 543 #endif 544 #ifdef INET6 545 case ETHERTYPE_IPV6: 546 schednetisr(NETISR_IPV6); 547 inq = &ip6intrq; 548 break; 549 #endif 550 #ifdef IPX 551 case ETHERTYPE_IPX: 552 schednetisr(NETISR_IPX); 553 inq = &ipxintrq; 554 break; 555 #endif 556 #ifdef NS 557 case ETHERTYPE_NS: 558 schednetisr(NETISR_NS); 559 inq = &nsintrq; 560 break; 561 #endif 562 } 563 goto queue_pkt; 564 default: /* Invalid PPP packet. */ 565 invalid: 566 if (debug) 567 log(LOG_DEBUG, 568 "%s: invalid input packet " 569 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 570 ifp->if_xname, 571 h->address, h->control, ntohs(h->protocol)); 572 goto drop; 573 } 574 protocol = ntohs(h->protocol); 575 } 576 577 switch (protocol) { 578 default: 579 if (sp->state[IDX_LCP] == STATE_OPENED) { 580 u_int16_t prot = htons(protocol); 581 sppp_cp_send(sp, PPP_LCP, PROTO_REJ, 582 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 583 &prot); 584 } 585 if (debug) 586 log(LOG_DEBUG, 587 "%s: invalid input protocol " 588 "<proto=0x%x>\n", ifp->if_xname, ntohs(protocol)); 589 ++ifp->if_noproto; 590 goto drop; 591 case PPP_LCP: 592 sppp_cp_input(&lcp, sp, m); 593 m_freem(m); 594 return; 595 case PPP_PAP: 596 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) 597 sppp_pap_input(sp, m); 598 m_freem(m); 599 return; 600 case PPP_CHAP: 601 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) 602 sppp_chap_input(sp, m); 603 m_freem(m); 604 return; 605 #ifdef INET 606 case PPP_IPCP: 607 if (sp->pp_phase == SPPP_PHASE_NETWORK) 608 sppp_cp_input(&ipcp, sp, m); 609 m_freem(m); 610 return; 611 case PPP_IP: 612 if (sp->state[IDX_IPCP] == STATE_OPENED) { 613 schednetisr(NETISR_IP); 614 inq = &ipintrq; 615 sp->pp_last_activity = mono_time.tv_sec; 616 } 617 break; 618 #endif 619 #ifdef INET6 620 case PPP_IPV6CP: 621 if (sp->pp_phase == SPPP_PHASE_NETWORK) 622 sppp_cp_input(&ipv6cp, sp, m); 623 m_freem(m); 624 return; 625 626 case PPP_IPV6: 627 if (sp->state[IDX_IPV6CP] == STATE_OPENED) { 628 schednetisr(NETISR_IPV6); 629 inq = &ip6intrq; 630 sp->pp_last_activity = mono_time.tv_sec; 631 } 632 break; 633 #endif 634 #ifdef IPX 635 case PPP_IPX: 636 /* IPX IPXCP not implemented yet */ 637 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 638 schednetisr(NETISR_IPX); 639 inq = &ipxintrq; 640 } 641 break; 642 #endif 643 #ifdef NS 644 case PPP_XNS: 645 /* XNS IDPCP not implemented yet */ 646 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 647 schednetisr(NETISR_NS); 648 inq = &nsintrq; 649 } 650 break; 651 #endif 652 #ifdef ISO 653 case PPP_ISO: 654 /* OSI NLCP not implemented yet */ 655 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 656 schednetisr(NETISR_ISO); 657 inq = &clnlintrq; 658 } 659 break; 660 #endif 661 } 662 663 queue_pkt: 664 if (! (ifp->if_flags & IFF_UP) || ! inq) 665 goto drop; 666 667 /* Check queue. */ 668 s = splnet(); 669 if (IF_QFULL(inq)) { 670 /* Queue overflow. */ 671 IF_DROP(inq); 672 splx(s); 673 if (debug) 674 log(LOG_DEBUG, "%s: protocol queue overflow\n", 675 ifp->if_xname); 676 goto drop; 677 } 678 IF_ENQUEUE(inq, m); 679 splx(s); 680 } 681 682 /* 683 * Enqueue transmit packet. 684 */ 685 static int 686 sppp_output(struct ifnet *ifp, struct mbuf *m, 687 struct sockaddr *dst, struct rtentry *rt) 688 { 689 struct sppp *sp = (struct sppp *) ifp; 690 struct ppp_header *h = NULL; 691 struct ifqueue *ifq = NULL; /* XXX */ 692 int s, len, rv = 0; 693 u_int16_t protocol; 694 ALTQ_DECL(struct altq_pktattr pktattr;) 695 696 s = splnet(); 697 698 sp->pp_last_activity = mono_time.tv_sec; 699 700 if ((ifp->if_flags & IFF_UP) == 0 || 701 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 702 m_freem(m); 703 splx(s); 704 return (ENETDOWN); 705 } 706 707 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 708 /* 709 * Interface is not yet running, but auto-dial. Need 710 * to start LCP for it. 711 */ 712 ifp->if_flags |= IFF_RUNNING; 713 splx(s); 714 lcp.Open(sp); 715 s = splnet(); 716 } 717 718 /* 719 * If the queueing discipline needs packet classification, 720 * do it before prepending link headers. 721 */ 722 IFQ_CLASSIFY(&ifp->if_snd, m, dst->sa_family, &pktattr); 723 724 #ifdef INET 725 if (dst->sa_family == AF_INET) { 726 struct ip *ip = NULL; 727 struct tcphdr *th = NULL; 728 729 if (m->m_len >= sizeof(struct ip)) { 730 ip = mtod(m, struct ip *); 731 if (ip->ip_p == IPPROTO_TCP && 732 m->m_len >= sizeof(struct ip) + (ip->ip_hl << 2) + 733 sizeof(struct tcphdr)) { 734 th = (struct tcphdr *) 735 ((caddr_t)ip + (ip->ip_hl << 2)); 736 } 737 } else 738 ip = NULL; 739 740 /* 741 * When using dynamic local IP address assignment by using 742 * 0.0.0.0 as a local address, the first TCP session will 743 * not connect because the local TCP checksum is computed 744 * using 0.0.0.0 which will later become our real IP address 745 * so the TCP checksum computed at the remote end will 746 * become invalid. So we 747 * - don't let packets with src ip addr 0 thru 748 * - we flag TCP packets with src ip 0 as an error 749 */ 750 if (ip && ip->ip_src.s_addr == INADDR_ANY) { 751 u_int8_t proto = ip->ip_p; 752 753 m_freem(m); 754 splx(s); 755 if (proto == IPPROTO_TCP) 756 return (EADDRNOTAVAIL); 757 else 758 return (0); 759 } 760 761 /* 762 * Put low delay, telnet, rlogin and ftp control packets 763 * in front of the queue. 764 */ 765 766 if (!IF_QFULL(&sp->pp_fastq) && 767 ((ip && (ip->ip_tos & IPTOS_LOWDELAY)) || 768 (th && (INTERACTIVE(ntohs(th->th_sport)) || 769 INTERACTIVE(ntohs(th->th_dport)))))) 770 ifq = &sp->pp_fastq; 771 } 772 #endif 773 774 #ifdef INET6 775 if (dst->sa_family == AF_INET6) { 776 /* XXX do something tricky here? */ 777 } 778 #endif 779 780 if ((sp->pp_flags & PP_NOFRAMING) == 0) { 781 /* 782 * Prepend general data packet PPP header. For now, IP only. 783 */ 784 M_PREPEND(m, PPP_HEADER_LEN, M_DONTWAIT); 785 if (! m) { 786 if (ifp->if_flags & IFF_DEBUG) 787 log(LOG_DEBUG, "%s: no memory for transmit header\n", 788 ifp->if_xname); 789 ++ifp->if_oerrors; 790 splx(s); 791 return (ENOBUFS); 792 } 793 /* 794 * May want to check size of packet 795 * (albeit due to the implementation it's always enough) 796 */ 797 h = mtod(m, struct ppp_header *); 798 if (sp->pp_flags & PP_CISCO) { 799 h->address = CISCO_UNICAST; /* unicast address */ 800 h->control = 0; 801 } else { 802 h->address = PPP_ALLSTATIONS; /* broadcast address */ 803 h->control = PPP_UI; /* Unnumbered Info */ 804 } 805 } 806 807 switch (dst->sa_family) { 808 #ifdef INET 809 case AF_INET: /* Internet Protocol */ 810 if (sp->pp_flags & PP_CISCO) 811 protocol = htons(ETHERTYPE_IP); 812 else { 813 /* 814 * Don't choke with an ENETDOWN early. It's 815 * possible that we just started dialing out, 816 * so don't drop the packet immediately. If 817 * we notice that we run out of buffer space 818 * below, we will however remember that we are 819 * not ready to carry IP packets, and return 820 * ENETDOWN, as opposed to ENOBUFS. 821 */ 822 protocol = htons(PPP_IP); 823 if (sp->state[IDX_IPCP] != STATE_OPENED) 824 rv = ENETDOWN; 825 } 826 break; 827 #endif 828 #ifdef INET6 829 case AF_INET6: /* Internet Protocol version 6 */ 830 if (sp->pp_flags & PP_CISCO) 831 protocol = htons(ETHERTYPE_IPV6); 832 else { 833 /* 834 * Don't choke with an ENETDOWN early. It's 835 * possible that we just started dialing out, 836 * so don't drop the packet immediately. If 837 * we notice that we run out of buffer space 838 * below, we will however remember that we are 839 * not ready to carry IP packets, and return 840 * ENETDOWN, as opposed to ENOBUFS. 841 */ 842 protocol = htons(PPP_IPV6); 843 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 844 rv = ENETDOWN; 845 } 846 break; 847 #endif 848 #ifdef NS 849 case AF_NS: /* Xerox NS Protocol */ 850 protocol = htons((sp->pp_flags & PP_CISCO) ? 851 ETHERTYPE_NS : PPP_XNS); 852 break; 853 #endif 854 #ifdef IPX 855 case AF_IPX: /* Novell IPX Protocol */ 856 protocol = htons((sp->pp_flags & PP_CISCO) ? 857 ETHERTYPE_IPX : PPP_IPX); 858 break; 859 #endif 860 #ifdef ISO 861 case AF_ISO: /* ISO OSI Protocol */ 862 if (sp->pp_flags & PP_CISCO) 863 goto nosupport; 864 protocol = htons(PPP_ISO); 865 break; 866 nosupport: 867 #endif 868 default: 869 m_freem(m); 870 ++ifp->if_oerrors; 871 splx(s); 872 return (EAFNOSUPPORT); 873 } 874 875 if (sp->pp_flags & PP_NOFRAMING) { 876 M_PREPEND(m, 2, M_DONTWAIT); 877 if (m == NULL) { 878 if (ifp->if_flags & IFF_DEBUG) 879 log(LOG_DEBUG, "%s: no memory for transmit header\n", 880 ifp->if_xname); 881 ++ifp->if_oerrors; 882 splx(s); 883 return (ENOBUFS); 884 } 885 *mtod(m, u_int16_t *) = protocol; 886 } else { 887 h->protocol = protocol; 888 } 889 890 /* 891 * Queue message on interface, and start output if interface 892 * not yet active. 893 */ 894 len = m->m_pkthdr.len; 895 if (ifq != NULL 896 #ifdef ALTQ 897 && ALTQ_IS_ENABLED(&ifp->if_snd) == 0 898 #endif 899 ) { 900 if (IF_QFULL(ifq)) { 901 IF_DROP(&ifp->if_snd); 902 m_freem(m); 903 if (rv == 0) 904 rv = ENOBUFS; 905 } 906 else 907 IF_ENQUEUE(ifq, m); 908 } else 909 IFQ_ENQUEUE(&ifp->if_snd, m, &pktattr, rv); 910 if (rv != 0) { 911 ++ifp->if_oerrors; 912 splx(s); 913 return (rv); 914 } 915 916 if (! (ifp->if_flags & IFF_OACTIVE)) 917 (*ifp->if_start)(ifp); 918 919 /* 920 * Count output packets and bytes. 921 * The packet length includes header + additional hardware framing 922 * according to RFC 1333. 923 */ 924 ifp->if_obytes += len + sp->pp_framebytes; 925 splx(s); 926 return (0); 927 } 928 929 void 930 sppp_attach(struct ifnet *ifp) 931 { 932 struct sppp *sp = (struct sppp *) ifp; 933 934 /* Initialize keepalive handler. */ 935 if (! spppq) { 936 callout_init(&keepalive_ch); 937 callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 938 } 939 940 /* Insert new entry into the keepalive list. */ 941 sp->pp_next = spppq; 942 spppq = sp; 943 944 sp->pp_if.if_type = IFT_PPP; 945 sp->pp_if.if_output = sppp_output; 946 sp->pp_fastq.ifq_maxlen = 32; 947 sp->pp_cpq.ifq_maxlen = 20; 948 sp->pp_loopcnt = 0; 949 sp->pp_alivecnt = 0; 950 sp->pp_last_activity = 0; 951 sp->pp_last_receive = 0; 952 sp->pp_maxalive = DEFAULT_MAXALIVECNT; 953 sp->pp_max_noreceive = DEFAULT_NORECV_TIME; 954 sp->pp_idle_timeout = 0; 955 memset(&sp->pp_seq[0], 0, sizeof(sp->pp_seq)); 956 memset(&sp->pp_rseq[0], 0, sizeof(sp->pp_rseq)); 957 sp->pp_auth_failures = 0; 958 sp->pp_max_auth_fail = DEFAULT_MAX_AUTH_FAILURES; 959 sp->pp_phase = SPPP_PHASE_DEAD; 960 sp->pp_up = lcp.Up; 961 sp->pp_down = lcp.Down; 962 963 if_alloc_sadl(ifp); 964 965 memset(&sp->myauth, 0, sizeof sp->myauth); 966 memset(&sp->hisauth, 0, sizeof sp->hisauth); 967 sppp_lcp_init(sp); 968 sppp_ipcp_init(sp); 969 sppp_ipv6cp_init(sp); 970 sppp_pap_init(sp); 971 sppp_chap_init(sp); 972 } 973 974 void 975 sppp_detach(struct ifnet *ifp) 976 { 977 struct sppp **q, *p, *sp = (struct sppp *) ifp; 978 int i; 979 980 /* Remove the entry from the keepalive list. */ 981 for (q = &spppq; (p = *q); q = &p->pp_next) 982 if (p == sp) { 983 *q = p->pp_next; 984 break; 985 } 986 987 /* Stop keepalive handler. */ 988 if (! spppq) { 989 callout_stop(&keepalive_ch); 990 } 991 992 for (i = 0; i < IDX_COUNT; i++) { 993 callout_stop(&sp->ch[i]); 994 } 995 callout_stop(&sp->pap_my_to_ch); 996 997 /* free authentication info */ 998 if (sp->myauth.name) free(sp->myauth.name, M_DEVBUF); 999 if (sp->myauth.secret) free(sp->myauth.secret, M_DEVBUF); 1000 if (sp->hisauth.name) free(sp->hisauth.name, M_DEVBUF); 1001 if (sp->hisauth.secret) free(sp->hisauth.secret, M_DEVBUF); 1002 1003 #if 0 /* done in if_detach() */ 1004 if_free_sadl(ifp); 1005 #endif 1006 } 1007 1008 /* 1009 * Flush the interface output queue. 1010 */ 1011 void 1012 sppp_flush(struct ifnet *ifp) 1013 { 1014 struct sppp *sp = (struct sppp *) ifp; 1015 1016 IFQ_PURGE(&sp->pp_if.if_snd); 1017 IF_PURGE(&sp->pp_fastq); 1018 IF_PURGE(&sp->pp_cpq); 1019 } 1020 1021 /* 1022 * Check if the output queue is empty. 1023 */ 1024 int 1025 sppp_isempty(struct ifnet *ifp) 1026 { 1027 struct sppp *sp = (struct sppp *) ifp; 1028 int empty, s; 1029 1030 s = splnet(); 1031 empty = IF_IS_EMPTY(&sp->pp_fastq) && IF_IS_EMPTY(&sp->pp_cpq) && 1032 IFQ_IS_EMPTY(&sp->pp_if.if_snd); 1033 splx(s); 1034 return (empty); 1035 } 1036 1037 /* 1038 * Get next packet to send. 1039 */ 1040 struct mbuf * 1041 sppp_dequeue(struct ifnet *ifp) 1042 { 1043 struct sppp *sp = (struct sppp *) ifp; 1044 struct mbuf *m; 1045 int s; 1046 1047 s = splnet(); 1048 /* 1049 * Process only the control protocol queue until we have at 1050 * least one NCP open. 1051 * 1052 * Do always serve all three queues in Cisco mode. 1053 */ 1054 IF_DEQUEUE(&sp->pp_cpq, m); 1055 if (m == NULL && 1056 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) { 1057 IF_DEQUEUE(&sp->pp_fastq, m); 1058 if (m == NULL) 1059 IFQ_DEQUEUE(&sp->pp_if.if_snd, m); 1060 } 1061 splx(s); 1062 return m; 1063 } 1064 1065 /* 1066 * Process an ioctl request. Called on low priority level. 1067 */ 1068 int 1069 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) 1070 { 1071 struct ifreq *ifr = (struct ifreq *) data; 1072 struct sppp *sp = (struct sppp *) ifp; 1073 int s, error=0, going_up, going_down, newmode; 1074 1075 s = splnet(); 1076 switch (cmd) { 1077 case SIOCAIFADDR: 1078 case SIOCSIFDSTADDR: 1079 case SIOCSIFADDR: 1080 break; 1081 1082 case SIOCSIFFLAGS: 1083 going_up = ifp->if_flags & IFF_UP && 1084 (ifp->if_flags & IFF_RUNNING) == 0; 1085 going_down = (ifp->if_flags & IFF_UP) == 0 && 1086 ifp->if_flags & IFF_RUNNING; 1087 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 1088 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 1089 /* sanity */ 1090 newmode = IFF_PASSIVE; 1091 ifp->if_flags &= ~IFF_AUTO; 1092 } 1093 1094 if (going_up || going_down) 1095 lcp.Close(sp); 1096 if (going_up && newmode == 0) { 1097 /* neither auto-dial nor passive */ 1098 ifp->if_flags |= IFF_RUNNING; 1099 if (!(sp->pp_flags & PP_CISCO)) 1100 lcp.Open(sp); 1101 } else if (going_down) { 1102 sppp_flush(ifp); 1103 ifp->if_flags &= ~IFF_RUNNING; 1104 } 1105 1106 break; 1107 1108 #ifdef SIOCSIFMTU 1109 #ifndef ifr_mtu 1110 #define ifr_mtu ifr_metric 1111 #endif 1112 case SIOCSIFMTU: 1113 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) { 1114 error = EINVAL; 1115 break; 1116 } 1117 1118 ifp->if_mtu = ifr->ifr_mtu; 1119 break; 1120 #endif 1121 #ifdef SLIOCSETMTU 1122 case SLIOCSETMTU: 1123 if (*(short *)data < 128 || *(short *)data > sp->lcp.their_mru) 1124 { 1125 error = EINVAL; 1126 break; 1127 } 1128 1129 ifp->if_mtu = *(short *)data; 1130 break; 1131 #endif 1132 #ifdef SIOCGIFMTU 1133 case SIOCGIFMTU: 1134 ifr->ifr_mtu = ifp->if_mtu; 1135 break; 1136 #endif 1137 #ifdef SLIOCGETMTU 1138 case SLIOCGETMTU: 1139 *(short *)data = ifp->if_mtu; 1140 break; 1141 #endif 1142 case SIOCADDMULTI: 1143 case SIOCDELMULTI: 1144 break; 1145 1146 case SPPPSETAUTHCFG: 1147 case SPPPGETAUTHCFG: 1148 case SPPPSETLCPCFG: 1149 case SPPPGETLCPCFG: 1150 case SPPPSETIDLETO: 1151 case SPPPSETAUTHFAILURE: 1152 case SPPPGETAUTHFAILURES: 1153 case SPPPSETDNSOPTS: 1154 case SPPPSETKEEPALIVE: 1155 { 1156 struct proc *p = curproc; /* XXX */ 1157 1158 if ((error = suser(p->p_ucred, &p->p_acflag)) != 0) 1159 break; 1160 } 1161 /* FALLTHROUGH */ 1162 case SPPPGETSTATUS: 1163 case SPPPGETSTATUSNCP: 1164 case SPPPGETIDLETO: 1165 case SPPPGETDNSOPTS: 1166 case SPPPGETDNSADDRS: 1167 case SPPPGETKEEPALIVE: 1168 error = sppp_params(sp, cmd, data); 1169 break; 1170 1171 default: 1172 error = ENOTTY; 1173 } 1174 splx(s); 1175 return (error); 1176 } 1177 1178 1179 /* 1180 * Cisco framing implementation. 1181 */ 1182 1183 /* 1184 * Handle incoming Cisco keepalive protocol packets. 1185 */ 1186 static void 1187 sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1188 { 1189 STDDCL; 1190 struct cisco_packet *h; 1191 #ifdef INET 1192 u_int32_t me, mymask; 1193 #endif 1194 1195 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1196 if (debug) 1197 log(LOG_DEBUG, 1198 "%s: cisco invalid packet length: %d bytes\n", 1199 ifp->if_xname, m->m_pkthdr.len); 1200 return; 1201 } 1202 h = mtod(m, struct cisco_packet *); 1203 if (debug) 1204 log(LOG_DEBUG, 1205 "%s: cisco input: %d bytes " 1206 "<0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", 1207 ifp->if_xname, m->m_pkthdr.len, 1208 ntohl(h->type), h->par1, h->par2, (u_int)h->rel, 1209 (u_int)h->time0, (u_int)h->time1); 1210 switch (ntohl(h->type)) { 1211 default: 1212 if (debug) 1213 addlog("%s: cisco unknown packet type: 0x%x\n", 1214 ifp->if_xname, ntohl(h->type)); 1215 break; 1216 case CISCO_ADDR_REPLY: 1217 /* Reply on address request, ignore */ 1218 break; 1219 case CISCO_KEEPALIVE_REQ: 1220 sp->pp_alivecnt = 0; 1221 sp->pp_rseq[IDX_LCP] = ntohl(h->par1); 1222 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1223 /* Local and remote sequence numbers are equal. 1224 * Probably, the line is in loopback mode. */ 1225 if (sp->pp_loopcnt >= LOOPALIVECNT) { 1226 printf ("%s: loopback\n", 1227 ifp->if_xname); 1228 sp->pp_loopcnt = 0; 1229 if (ifp->if_flags & IFF_UP) { 1230 if_down(ifp); 1231 IF_PURGE(&sp->pp_cpq); 1232 } 1233 } 1234 ++sp->pp_loopcnt; 1235 1236 /* Generate new local sequence number */ 1237 sp->pp_seq[IDX_LCP] = arc4random(); 1238 break; 1239 } 1240 sp->pp_loopcnt = 0; 1241 if (! (ifp->if_flags & IFF_UP) && 1242 (ifp->if_flags & IFF_RUNNING)) { 1243 if_up(ifp); 1244 } 1245 break; 1246 case CISCO_ADDR_REQ: 1247 #ifdef INET 1248 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1249 if (me != 0L) 1250 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1251 #endif 1252 break; 1253 } 1254 } 1255 1256 /* 1257 * Send Cisco keepalive packet. 1258 */ 1259 static void 1260 sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2) 1261 { 1262 STDDCL; 1263 struct ppp_header *h; 1264 struct cisco_packet *ch; 1265 struct mbuf *m; 1266 u_int32_t t = (time.tv_sec - boottime.tv_sec) * 1000; 1267 1268 MGETHDR(m, M_DONTWAIT, MT_DATA); 1269 if (! m) 1270 return; 1271 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1272 m->m_pkthdr.rcvif = 0; 1273 1274 h = mtod(m, struct ppp_header *); 1275 h->address = CISCO_MULTICAST; 1276 h->control = 0; 1277 h->protocol = htons(CISCO_KEEPALIVE); 1278 1279 ch = (struct cisco_packet *)(h + 1); 1280 ch->type = htonl(type); 1281 ch->par1 = htonl(par1); 1282 ch->par2 = htonl(par2); 1283 ch->rel = -1; 1284 1285 ch->time0 = htons((u_short)(t >> 16)); 1286 ch->time1 = htons((u_short) t); 1287 1288 if (debug) 1289 log(LOG_DEBUG, 1290 "%s: cisco output: <0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", 1291 ifp->if_xname, ntohl(ch->type), ch->par1, 1292 ch->par2, (u_int)ch->rel, (u_int)ch->time0, 1293 (u_int)ch->time1); 1294 1295 if (IF_QFULL(&sp->pp_cpq)) { 1296 IF_DROP(&sp->pp_fastq); 1297 IF_DROP(&ifp->if_snd); 1298 m_freem(m); 1299 ++ifp->if_oerrors; 1300 return; 1301 } else 1302 IF_ENQUEUE(&sp->pp_cpq, m); 1303 if (! (ifp->if_flags & IFF_OACTIVE)) 1304 (*ifp->if_start)(ifp); 1305 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes; 1306 } 1307 1308 /* 1309 * PPP protocol implementation. 1310 */ 1311 1312 /* 1313 * Send PPP control protocol packet. 1314 */ 1315 static void 1316 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1317 u_char ident, u_short len, void *data) 1318 { 1319 STDDCL; 1320 struct lcp_header *lh; 1321 struct mbuf *m; 1322 size_t pkthdrlen; 1323 1324 pkthdrlen = (sp->pp_flags & PP_NOFRAMING) ? 2 : PPP_HEADER_LEN; 1325 1326 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) 1327 len = MHLEN - pkthdrlen - LCP_HEADER_LEN; 1328 MGETHDR(m, M_DONTWAIT, MT_DATA); 1329 if (! m) 1330 return; 1331 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 1332 m->m_pkthdr.rcvif = 0; 1333 1334 if (sp->pp_flags & PP_NOFRAMING) { 1335 *mtod(m, u_int16_t *) = htons(proto); 1336 lh = (struct lcp_header *)(mtod(m, u_int8_t *) + 2); 1337 } else { 1338 struct ppp_header *h; 1339 h = mtod(m, struct ppp_header *); 1340 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1341 h->control = PPP_UI; /* Unnumbered Info */ 1342 h->protocol = htons(proto); /* Link Control Protocol */ 1343 lh = (struct lcp_header *)(h + 1); 1344 } 1345 lh->type = type; 1346 lh->ident = ident; 1347 lh->len = htons(LCP_HEADER_LEN + len); 1348 if (len) 1349 bcopy (data, lh + 1, len); 1350 1351 if (debug) { 1352 log(LOG_DEBUG, "%s: %s output <%s id=0x%x len=%d", 1353 ifp->if_xname, 1354 sppp_proto_name(proto), 1355 sppp_cp_type_name(lh->type), lh->ident, ntohs(lh->len)); 1356 if (len) 1357 sppp_print_bytes((u_char *)(lh + 1), len); 1358 addlog(">\n"); 1359 } 1360 if (IF_QFULL(&sp->pp_cpq)) { 1361 IF_DROP(&sp->pp_fastq); 1362 IF_DROP(&ifp->if_snd); 1363 m_freem(m); 1364 ++ifp->if_oerrors; 1365 return; 1366 } else 1367 IF_ENQUEUE(&sp->pp_cpq, m); 1368 if (! (ifp->if_flags & IFF_OACTIVE)) 1369 (*ifp->if_start)(ifp); 1370 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes; 1371 } 1372 1373 /* 1374 * Handle incoming PPP control protocol packets. 1375 */ 1376 static void 1377 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1378 { 1379 STDDCL; 1380 struct lcp_header *h; 1381 int printlen, len = m->m_pkthdr.len; 1382 int rv; 1383 u_char *p; 1384 u_int32_t u32; 1385 1386 if (len < 4) { 1387 if (debug) 1388 log(LOG_DEBUG, 1389 "%s: %s invalid packet length: %d bytes\n", 1390 ifp->if_xname, cp->name, len); 1391 return; 1392 } 1393 h = mtod(m, struct lcp_header *); 1394 if (debug) { 1395 printlen = ntohs(h->len); 1396 log(LOG_DEBUG, 1397 "%s: %s input(%s): <%s id=0x%x len=%d", 1398 ifp->if_xname, cp->name, 1399 sppp_state_name(sp->state[cp->protoidx]), 1400 sppp_cp_type_name(h->type), h->ident, printlen); 1401 if (len < printlen) 1402 printlen = len; 1403 if (printlen > 4) 1404 sppp_print_bytes((u_char *)(h + 1), printlen - 4); 1405 addlog(">\n"); 1406 } 1407 if (len > ntohs(h->len)) 1408 len = ntohs(h->len); 1409 p = (u_char *)(h + 1); 1410 switch (h->type) { 1411 case CONF_REQ: 1412 if (len < 4) { 1413 if (debug) 1414 addlog("%s: %s invalid conf-req length %d\n", 1415 ifp->if_xname, cp->name, 1416 len); 1417 ++ifp->if_ierrors; 1418 break; 1419 } 1420 /* handle states where RCR doesn't get a SCA/SCN */ 1421 switch (sp->state[cp->protoidx]) { 1422 case STATE_CLOSING: 1423 case STATE_STOPPING: 1424 return; 1425 case STATE_CLOSED: 1426 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1427 0, 0); 1428 return; 1429 } 1430 rv = (cp->RCR)(sp, h, len); 1431 if (rv < 0) { 1432 /* fatal error, shut down */ 1433 (cp->tld)(sp); 1434 sppp_lcp_tlf(sp); 1435 return; 1436 } 1437 switch (sp->state[cp->protoidx]) { 1438 case STATE_OPENED: 1439 (cp->tld)(sp); 1440 (cp->scr)(sp); 1441 /* fall through... */ 1442 case STATE_ACK_SENT: 1443 case STATE_REQ_SENT: 1444 sppp_cp_change_state(cp, sp, rv? 1445 STATE_ACK_SENT: STATE_REQ_SENT); 1446 break; 1447 case STATE_STOPPED: 1448 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1449 (cp->scr)(sp); 1450 sppp_cp_change_state(cp, sp, rv? 1451 STATE_ACK_SENT: STATE_REQ_SENT); 1452 break; 1453 case STATE_ACK_RCVD: 1454 if (rv) { 1455 sppp_cp_change_state(cp, sp, STATE_OPENED); 1456 if (debug) 1457 log(LOG_DEBUG, "%s: %s tlu\n", 1458 ifp->if_xname, 1459 cp->name); 1460 (cp->tlu)(sp); 1461 } else 1462 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1463 break; 1464 default: 1465 printf("%s: %s illegal %s in state %s\n", 1466 ifp->if_xname, cp->name, 1467 sppp_cp_type_name(h->type), 1468 sppp_state_name(sp->state[cp->protoidx])); 1469 ++ifp->if_ierrors; 1470 } 1471 break; 1472 case CONF_ACK: 1473 if (h->ident != sp->confid[cp->protoidx]) { 1474 if (debug) 1475 addlog("%s: %s id mismatch 0x%x != 0x%x\n", 1476 ifp->if_xname, cp->name, 1477 h->ident, sp->confid[cp->protoidx]); 1478 ++ifp->if_ierrors; 1479 break; 1480 } 1481 switch (sp->state[cp->protoidx]) { 1482 case STATE_CLOSED: 1483 case STATE_STOPPED: 1484 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1485 break; 1486 case STATE_CLOSING: 1487 case STATE_STOPPING: 1488 break; 1489 case STATE_REQ_SENT: 1490 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1491 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1492 break; 1493 case STATE_OPENED: 1494 (cp->tld)(sp); 1495 /* fall through */ 1496 case STATE_ACK_RCVD: 1497 (cp->scr)(sp); 1498 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1499 break; 1500 case STATE_ACK_SENT: 1501 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1502 sppp_cp_change_state(cp, sp, STATE_OPENED); 1503 if (debug) 1504 log(LOG_DEBUG, "%s: %s tlu\n", 1505 ifp->if_xname, cp->name); 1506 (cp->tlu)(sp); 1507 break; 1508 default: 1509 printf("%s: %s illegal %s in state %s\n", 1510 ifp->if_xname, cp->name, 1511 sppp_cp_type_name(h->type), 1512 sppp_state_name(sp->state[cp->protoidx])); 1513 ++ifp->if_ierrors; 1514 } 1515 break; 1516 case CONF_NAK: 1517 case CONF_REJ: 1518 if (h->ident != sp->confid[cp->protoidx]) { 1519 if (debug) 1520 addlog("%s: %s id mismatch 0x%x != 0x%x\n", 1521 ifp->if_xname, cp->name, 1522 h->ident, sp->confid[cp->protoidx]); 1523 ++ifp->if_ierrors; 1524 break; 1525 } 1526 if (h->type == CONF_NAK) 1527 (cp->RCN_nak)(sp, h, len); 1528 else /* CONF_REJ */ 1529 (cp->RCN_rej)(sp, h, len); 1530 1531 switch (sp->state[cp->protoidx]) { 1532 case STATE_CLOSED: 1533 case STATE_STOPPED: 1534 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1535 break; 1536 case STATE_REQ_SENT: 1537 case STATE_ACK_SENT: 1538 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1539 (cp->scr)(sp); 1540 break; 1541 case STATE_OPENED: 1542 (cp->tld)(sp); 1543 /* fall through */ 1544 case STATE_ACK_RCVD: 1545 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1546 (cp->scr)(sp); 1547 break; 1548 case STATE_CLOSING: 1549 case STATE_STOPPING: 1550 break; 1551 default: 1552 printf("%s: %s illegal %s in state %s\n", 1553 ifp->if_xname, cp->name, 1554 sppp_cp_type_name(h->type), 1555 sppp_state_name(sp->state[cp->protoidx])); 1556 ++ifp->if_ierrors; 1557 } 1558 break; 1559 1560 case TERM_REQ: 1561 switch (sp->state[cp->protoidx]) { 1562 case STATE_ACK_RCVD: 1563 case STATE_ACK_SENT: 1564 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1565 /* fall through */ 1566 case STATE_CLOSED: 1567 case STATE_STOPPED: 1568 case STATE_CLOSING: 1569 case STATE_STOPPING: 1570 case STATE_REQ_SENT: 1571 sta: 1572 /* Send Terminate-Ack packet. */ 1573 if (debug) 1574 log(LOG_DEBUG, "%s: %s send terminate-ack\n", 1575 ifp->if_xname, cp->name); 1576 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1577 break; 1578 case STATE_OPENED: 1579 (cp->tld)(sp); 1580 sp->rst_counter[cp->protoidx] = 0; 1581 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1582 goto sta; 1583 default: 1584 printf("%s: %s illegal %s in state %s\n", 1585 ifp->if_xname, cp->name, 1586 sppp_cp_type_name(h->type), 1587 sppp_state_name(sp->state[cp->protoidx])); 1588 ++ifp->if_ierrors; 1589 } 1590 break; 1591 case TERM_ACK: 1592 switch (sp->state[cp->protoidx]) { 1593 case STATE_CLOSED: 1594 case STATE_STOPPED: 1595 case STATE_REQ_SENT: 1596 case STATE_ACK_SENT: 1597 break; 1598 case STATE_CLOSING: 1599 (cp->tlf)(sp); 1600 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1601 sppp_lcp_check_and_close(sp); 1602 break; 1603 case STATE_STOPPING: 1604 (cp->tlf)(sp); 1605 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1606 sppp_lcp_check_and_close(sp); 1607 break; 1608 case STATE_ACK_RCVD: 1609 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1610 break; 1611 case STATE_OPENED: 1612 (cp->tld)(sp); 1613 (cp->scr)(sp); 1614 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1615 break; 1616 default: 1617 printf("%s: %s illegal %s in state %s\n", 1618 ifp->if_xname, cp->name, 1619 sppp_cp_type_name(h->type), 1620 sppp_state_name(sp->state[cp->protoidx])); 1621 ++ifp->if_ierrors; 1622 } 1623 break; 1624 case CODE_REJ: 1625 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1626 log(LOG_INFO, 1627 "%s: %s: ignoring RXJ (%s) for code ?, " 1628 "danger will robinson\n", 1629 ifp->if_xname, cp->name, 1630 sppp_cp_type_name(h->type)); 1631 switch (sp->state[cp->protoidx]) { 1632 case STATE_CLOSED: 1633 case STATE_STOPPED: 1634 case STATE_REQ_SENT: 1635 case STATE_ACK_SENT: 1636 case STATE_CLOSING: 1637 case STATE_STOPPING: 1638 case STATE_OPENED: 1639 break; 1640 case STATE_ACK_RCVD: 1641 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1642 break; 1643 default: 1644 printf("%s: %s illegal %s in state %s\n", 1645 ifp->if_xname, cp->name, 1646 sppp_cp_type_name(h->type), 1647 sppp_state_name(sp->state[cp->protoidx])); 1648 ++ifp->if_ierrors; 1649 } 1650 break; 1651 case PROTO_REJ: 1652 { 1653 int catastrophic; 1654 const struct cp *upper; 1655 int i; 1656 u_int16_t proto; 1657 1658 catastrophic = 0; 1659 upper = NULL; 1660 proto = p[0] << 8 | p[1]; 1661 for (i = 0; i < IDX_COUNT; i++) { 1662 if (cps[i]->proto == proto) { 1663 upper = cps[i]; 1664 break; 1665 } 1666 } 1667 if (upper == NULL) 1668 catastrophic++; 1669 1670 if (debug) 1671 log(LOG_INFO, 1672 "%s: %s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1673 ifp->if_xname, cp->name, catastrophic ? '-' : '+', 1674 sppp_cp_type_name(h->type), proto, 1675 upper ? upper->name : "unknown", 1676 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1677 1678 /* 1679 * if we got RXJ+ against conf-req, the peer does not implement 1680 * this particular protocol type. terminate the protocol. 1681 */ 1682 if (upper && !catastrophic) { 1683 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1684 upper->Close(sp); 1685 break; 1686 } 1687 } 1688 1689 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1690 switch (sp->state[cp->protoidx]) { 1691 case STATE_CLOSED: 1692 case STATE_STOPPED: 1693 case STATE_REQ_SENT: 1694 case STATE_ACK_SENT: 1695 case STATE_CLOSING: 1696 case STATE_STOPPING: 1697 case STATE_OPENED: 1698 break; 1699 case STATE_ACK_RCVD: 1700 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1701 break; 1702 default: 1703 printf("%s: %s illegal %s in state %s\n", 1704 ifp->if_xname, cp->name, 1705 sppp_cp_type_name(h->type), 1706 sppp_state_name(sp->state[cp->protoidx])); 1707 ++ifp->if_ierrors; 1708 } 1709 break; 1710 } 1711 case DISC_REQ: 1712 if (cp->proto != PPP_LCP) 1713 goto illegal; 1714 /* Discard the packet. */ 1715 break; 1716 case ECHO_REQ: 1717 if (cp->proto != PPP_LCP) 1718 goto illegal; 1719 if (sp->state[cp->protoidx] != STATE_OPENED) { 1720 if (debug) 1721 addlog("%s: lcp echo req but lcp closed\n", 1722 ifp->if_xname); 1723 ++ifp->if_ierrors; 1724 break; 1725 } 1726 if (len < 8) { 1727 if (debug) 1728 addlog("%s: invalid lcp echo request " 1729 "packet length: %d bytes\n", 1730 ifp->if_xname, len); 1731 break; 1732 } 1733 memcpy(&u32, h + 1, sizeof u32); 1734 if (ntohl(u32) == sp->lcp.magic) { 1735 /* Line loopback mode detected. */ 1736 printf("%s: loopback\n", ifp->if_xname); 1737 if_down(ifp); 1738 IF_PURGE(&sp->pp_cpq); 1739 1740 /* Shut down the PPP link. */ 1741 /* XXX */ 1742 lcp.Down(sp); 1743 lcp.Up(sp); 1744 break; 1745 } 1746 u32 = htonl(sp->lcp.magic); 1747 memcpy(h + 1, &u32, sizeof u32); 1748 if (debug) 1749 addlog("%s: got lcp echo req, sending echo rep\n", 1750 ifp->if_xname); 1751 sppp_cp_send(sp, PPP_LCP, ECHO_REPLY, h->ident, len - 4, 1752 h + 1); 1753 break; 1754 case ECHO_REPLY: 1755 if (cp->proto != PPP_LCP) 1756 goto illegal; 1757 if (h->ident != sp->lcp.echoid) { 1758 ++ifp->if_ierrors; 1759 break; 1760 } 1761 if (len < 8) { 1762 if (debug) 1763 addlog("%s: lcp invalid echo reply " 1764 "packet length: %d bytes\n", 1765 ifp->if_xname, len); 1766 break; 1767 } 1768 if (debug) 1769 addlog("%s: lcp got echo rep\n", 1770 ifp->if_xname); 1771 memcpy(&u32, h + 1, sizeof u32); 1772 if (ntohl(u32) != sp->lcp.magic) 1773 sp->pp_alivecnt = 0; 1774 break; 1775 default: 1776 /* Unknown packet type -- send Code-Reject packet. */ 1777 illegal: 1778 if (debug) 1779 addlog("%s: %s send code-rej for 0x%x\n", 1780 ifp->if_xname, cp->name, h->type); 1781 sppp_cp_send(sp, cp->proto, CODE_REJ, 1782 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1783 ++ifp->if_ierrors; 1784 } 1785 } 1786 1787 1788 /* 1789 * The generic part of all Up/Down/Open/Close/TO event handlers. 1790 * Basically, the state transition handling in the automaton. 1791 */ 1792 static void 1793 sppp_up_event(const struct cp *cp, struct sppp *sp) 1794 { 1795 STDDCL; 1796 1797 if (debug) 1798 log(LOG_DEBUG, "%s: %s up(%s)\n", 1799 ifp->if_xname, cp->name, 1800 sppp_state_name(sp->state[cp->protoidx])); 1801 1802 switch (sp->state[cp->protoidx]) { 1803 case STATE_INITIAL: 1804 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1805 break; 1806 case STATE_STARTING: 1807 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1808 (cp->scr)(sp); 1809 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1810 break; 1811 default: 1812 printf("%s: %s illegal up in state %s\n", 1813 ifp->if_xname, cp->name, 1814 sppp_state_name(sp->state[cp->protoidx])); 1815 } 1816 } 1817 1818 static void 1819 sppp_down_event(const struct cp *cp, struct sppp *sp) 1820 { 1821 STDDCL; 1822 1823 if (debug) 1824 log(LOG_DEBUG, "%s: %s down(%s)\n", 1825 ifp->if_xname, cp->name, 1826 sppp_state_name(sp->state[cp->protoidx])); 1827 1828 switch (sp->state[cp->protoidx]) { 1829 case STATE_CLOSED: 1830 case STATE_CLOSING: 1831 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1832 break; 1833 case STATE_STOPPED: 1834 (cp->tls)(sp); 1835 /* fall through */ 1836 case STATE_STOPPING: 1837 case STATE_REQ_SENT: 1838 case STATE_ACK_RCVD: 1839 case STATE_ACK_SENT: 1840 sppp_cp_change_state(cp, sp, STATE_STARTING); 1841 break; 1842 case STATE_OPENED: 1843 (cp->tld)(sp); 1844 sppp_cp_change_state(cp, sp, STATE_STARTING); 1845 break; 1846 default: 1847 printf("%s: %s illegal down in state %s\n", 1848 ifp->if_xname, cp->name, 1849 sppp_state_name(sp->state[cp->protoidx])); 1850 } 1851 } 1852 1853 1854 static void 1855 sppp_open_event(const struct cp *cp, struct sppp *sp) 1856 { 1857 STDDCL; 1858 1859 if (debug) 1860 log(LOG_DEBUG, "%s: %s open(%s)\n", 1861 ifp->if_xname, cp->name, 1862 sppp_state_name(sp->state[cp->protoidx])); 1863 1864 switch (sp->state[cp->protoidx]) { 1865 case STATE_INITIAL: 1866 (cp->tls)(sp); 1867 sppp_cp_change_state(cp, sp, STATE_STARTING); 1868 break; 1869 case STATE_STARTING: 1870 break; 1871 case STATE_CLOSED: 1872 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1873 (cp->scr)(sp); 1874 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1875 break; 1876 case STATE_STOPPED: 1877 case STATE_STOPPING: 1878 case STATE_REQ_SENT: 1879 case STATE_ACK_RCVD: 1880 case STATE_ACK_SENT: 1881 case STATE_OPENED: 1882 break; 1883 case STATE_CLOSING: 1884 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1885 break; 1886 } 1887 } 1888 1889 1890 static void 1891 sppp_close_event(const struct cp *cp, struct sppp *sp) 1892 { 1893 STDDCL; 1894 1895 if (debug) 1896 log(LOG_DEBUG, "%s: %s close(%s)\n", 1897 ifp->if_xname, cp->name, 1898 sppp_state_name(sp->state[cp->protoidx])); 1899 1900 switch (sp->state[cp->protoidx]) { 1901 case STATE_INITIAL: 1902 case STATE_CLOSED: 1903 case STATE_CLOSING: 1904 break; 1905 case STATE_STARTING: 1906 (cp->tlf)(sp); 1907 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1908 break; 1909 case STATE_STOPPED: 1910 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1911 break; 1912 case STATE_STOPPING: 1913 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1914 break; 1915 case STATE_OPENED: 1916 (cp->tld)(sp); 1917 /* fall through */ 1918 case STATE_REQ_SENT: 1919 case STATE_ACK_RCVD: 1920 case STATE_ACK_SENT: 1921 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1922 sppp_cp_send(sp, cp->proto, TERM_REQ, 1923 ++sp->pp_seq[cp->protoidx], 0, 0); 1924 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1925 break; 1926 } 1927 } 1928 1929 static void 1930 sppp_to_event(const struct cp *cp, struct sppp *sp) 1931 { 1932 STDDCL; 1933 int s; 1934 1935 s = splnet(); 1936 if (debug) 1937 log(LOG_DEBUG, "%s: %s TO(%s) rst_counter = %d\n", 1938 ifp->if_xname, cp->name, 1939 sppp_state_name(sp->state[cp->protoidx]), 1940 sp->rst_counter[cp->protoidx]); 1941 1942 if (--sp->rst_counter[cp->protoidx] < 0) 1943 /* TO- event */ 1944 switch (sp->state[cp->protoidx]) { 1945 case STATE_CLOSING: 1946 (cp->tlf)(sp); 1947 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1948 sppp_lcp_check_and_close(sp); 1949 break; 1950 case STATE_STOPPING: 1951 (cp->tlf)(sp); 1952 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1953 sppp_lcp_check_and_close(sp); 1954 break; 1955 case STATE_REQ_SENT: 1956 case STATE_ACK_RCVD: 1957 case STATE_ACK_SENT: 1958 (cp->tlf)(sp); 1959 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1960 sppp_lcp_check_and_close(sp); 1961 break; 1962 } 1963 else 1964 /* TO+ event */ 1965 switch (sp->state[cp->protoidx]) { 1966 case STATE_CLOSING: 1967 case STATE_STOPPING: 1968 sppp_cp_send(sp, cp->proto, TERM_REQ, 1969 ++sp->pp_seq[cp->protoidx], 0, 0); 1970 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1971 cp->TO, sp); 1972 break; 1973 case STATE_REQ_SENT: 1974 case STATE_ACK_RCVD: 1975 (cp->scr)(sp); 1976 /* sppp_cp_change_state() will restart the timer */ 1977 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1978 break; 1979 case STATE_ACK_SENT: 1980 (cp->scr)(sp); 1981 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1982 cp->TO, sp); 1983 break; 1984 } 1985 1986 splx(s); 1987 } 1988 1989 /* 1990 * Change the state of a control protocol in the state automaton. 1991 * Takes care of starting/stopping the restart timer. 1992 */ 1993 void 1994 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1995 { 1996 sp->state[cp->protoidx] = newstate; 1997 callout_stop(&sp->ch[cp->protoidx]); 1998 switch (newstate) { 1999 case STATE_INITIAL: 2000 case STATE_STARTING: 2001 case STATE_CLOSED: 2002 case STATE_STOPPED: 2003 case STATE_OPENED: 2004 break; 2005 case STATE_CLOSING: 2006 case STATE_STOPPING: 2007 case STATE_REQ_SENT: 2008 case STATE_ACK_RCVD: 2009 case STATE_ACK_SENT: 2010 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 2011 cp->TO, sp); 2012 break; 2013 } 2014 } 2015 2016 /* 2017 *--------------------------------------------------------------------------* 2018 * * 2019 * The LCP implementation. * 2020 * * 2021 *--------------------------------------------------------------------------* 2022 */ 2023 static void 2024 sppp_lcp_init(struct sppp *sp) 2025 { 2026 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2027 sp->lcp.magic = 0; 2028 sp->state[IDX_LCP] = STATE_INITIAL; 2029 sp->fail_counter[IDX_LCP] = 0; 2030 sp->pp_seq[IDX_LCP] = 0; 2031 sp->pp_rseq[IDX_LCP] = 0; 2032 sp->lcp.protos = 0; 2033 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2034 2035 /* 2036 * Initialize counters and timeout values. Note that we don't 2037 * use the 3 seconds suggested in RFC 1661 since we are likely 2038 * running on a fast link. XXX We should probably implement 2039 * the exponential backoff option. Note that these values are 2040 * relevant for all control protocols, not just LCP only. 2041 */ 2042 sp->lcp.timeout = 1 * hz; 2043 sp->lcp.max_terminate = 2; 2044 sp->lcp.max_configure = 10; 2045 sp->lcp.max_failure = 10; 2046 callout_init(&sp->ch[IDX_LCP]); 2047 } 2048 2049 static void 2050 sppp_lcp_up(struct sppp *sp) 2051 { 2052 STDDCL; 2053 2054 /* Initialize activity timestamp: opening a connection is an activity */ 2055 sp->pp_last_receive = sp->pp_last_activity = mono_time.tv_sec; 2056 2057 /* 2058 * If this interface is passive or dial-on-demand, and we are 2059 * still in Initial state, it means we've got an incoming 2060 * call. Activate the interface. 2061 */ 2062 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2063 if (debug) 2064 log(LOG_DEBUG, 2065 "%s: Up event", ifp->if_xname); 2066 ifp->if_flags |= IFF_RUNNING; 2067 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2068 if (debug) 2069 addlog("(incoming call)\n"); 2070 sp->pp_flags |= PP_CALLIN; 2071 lcp.Open(sp); 2072 } else if (debug) 2073 addlog("\n"); 2074 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2075 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2076 ifp->if_flags |= IFF_RUNNING; 2077 lcp.Open(sp); 2078 } 2079 2080 sppp_up_event(&lcp, sp); 2081 } 2082 2083 static void 2084 sppp_lcp_down(struct sppp *sp) 2085 { 2086 STDDCL; 2087 2088 sppp_down_event(&lcp, sp); 2089 2090 /* 2091 * If this is neither a dial-on-demand nor a passive 2092 * interface, simulate an ``ifconfig down'' action, so the 2093 * administrator can force a redial by another ``ifconfig 2094 * up''. XXX For leased line operation, should we immediately 2095 * try to reopen the connection here? 2096 */ 2097 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2098 if (debug) 2099 log(LOG_INFO, 2100 "%s: Down event (carrier loss), taking interface down.\n", 2101 ifp->if_xname); 2102 if_down(ifp); 2103 } else { 2104 if (debug) 2105 log(LOG_DEBUG, 2106 "%s: Down event (carrier loss)\n", 2107 ifp->if_xname); 2108 } 2109 sp->pp_flags &= ~PP_CALLIN; 2110 if (sp->state[IDX_LCP] != STATE_INITIAL) 2111 lcp.Close(sp); 2112 ifp->if_flags &= ~IFF_RUNNING; 2113 } 2114 2115 static void 2116 sppp_lcp_open(struct sppp *sp) 2117 { 2118 /* 2119 * If we are authenticator, negotiate LCP_AUTH 2120 */ 2121 if (sp->hisauth.proto != 0) 2122 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2123 else 2124 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2125 sp->pp_flags &= ~PP_NEEDAUTH; 2126 sppp_open_event(&lcp, sp); 2127 } 2128 2129 static void 2130 sppp_lcp_close(struct sppp *sp) 2131 { 2132 sppp_close_event(&lcp, sp); 2133 } 2134 2135 static void 2136 sppp_lcp_TO(void *cookie) 2137 { 2138 sppp_to_event(&lcp, (struct sppp *)cookie); 2139 } 2140 2141 /* 2142 * Analyze a configure request. Return true if it was agreeable, and 2143 * caused action sca, false if it has been rejected or nak'ed, and 2144 * caused action scn. (The return value is used to make the state 2145 * transition decision in the state automaton.) 2146 */ 2147 static int 2148 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2149 { 2150 STDDCL; 2151 u_char *buf, *r, *p; 2152 int origlen, rlen; 2153 u_int32_t nmagic; 2154 u_short authproto; 2155 2156 len -= 4; 2157 origlen = len; 2158 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2159 if (! buf) 2160 return (0); 2161 2162 if (debug) 2163 log(LOG_DEBUG, "%s: lcp parse opts:", 2164 ifp->if_xname); 2165 2166 /* pass 1: check for things that need to be rejected */ 2167 p = (void *)(h + 1); 2168 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2169 /* Sanity check option length */ 2170 if (p[1] > len) { 2171 /* 2172 * Malicious option - drop imediately. 2173 * XXX Maybe we should just RXJ it? 2174 */ 2175 addlog("%s: received malicious LCP option 0x%02x, " 2176 "length 0x%02x, (len: 0x%02x) dropping.\n", ifp->if_xname, 2177 p[0], p[1], len); 2178 goto drop; 2179 } 2180 if (debug) 2181 addlog(" %s", sppp_lcp_opt_name(*p)); 2182 switch (*p) { 2183 case LCP_OPT_MAGIC: 2184 /* Magic number. */ 2185 /* fall through, both are same length */ 2186 case LCP_OPT_ASYNC_MAP: 2187 /* Async control character map. */ 2188 if (len >= 6 || p[1] == 6) 2189 continue; 2190 if (debug) 2191 addlog(" [invalid]"); 2192 break; 2193 case LCP_OPT_MRU: 2194 /* Maximum receive unit. */ 2195 if (len >= 4 && p[1] == 4) 2196 continue; 2197 if (debug) 2198 addlog(" [invalid]"); 2199 break; 2200 case LCP_OPT_AUTH_PROTO: 2201 if (len < 4) { 2202 if (debug) 2203 addlog(" [invalid]"); 2204 break; 2205 } 2206 authproto = (p[2] << 8) + p[3]; 2207 if (authproto == PPP_CHAP && p[1] != 5) { 2208 if (debug) 2209 addlog(" [invalid chap len]"); 2210 break; 2211 } 2212 if (sp->myauth.proto == 0) { 2213 /* we are not configured to do auth */ 2214 if (debug) 2215 addlog(" [not configured]"); 2216 break; 2217 } 2218 /* 2219 * Remote want us to authenticate, remember this, 2220 * so we stay in SPPP_PHASE_AUTHENTICATE after LCP got 2221 * up. 2222 */ 2223 sp->pp_flags |= PP_NEEDAUTH; 2224 continue; 2225 default: 2226 /* Others not supported. */ 2227 if (debug) 2228 addlog(" [rej]"); 2229 break; 2230 } 2231 /* Add the option to rejected list. */ 2232 bcopy (p, r, p[1]); 2233 r += p[1]; 2234 rlen += p[1]; 2235 } 2236 if (rlen) { 2237 if (debug) 2238 addlog(" send conf-rej\n"); 2239 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2240 goto end; 2241 } else if (debug) 2242 addlog("\n"); 2243 2244 /* 2245 * pass 2: check for option values that are unacceptable and 2246 * thus require to be nak'ed. 2247 */ 2248 if (debug) 2249 log(LOG_DEBUG, "%s: lcp parse opt values: ", 2250 ifp->if_xname); 2251 2252 p = (void *)(h + 1); 2253 len = origlen; 2254 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2255 if (debug) 2256 addlog(" %s", sppp_lcp_opt_name(*p)); 2257 switch (*p) { 2258 case LCP_OPT_MAGIC: 2259 /* Magic number -- extract. */ 2260 nmagic = (u_int32_t)p[2] << 24 | 2261 (u_int32_t)p[3] << 16 | p[4] << 8 | p[5]; 2262 if (nmagic != sp->lcp.magic) { 2263 if (debug) 2264 addlog(" 0x%x", nmagic); 2265 continue; 2266 } 2267 /* 2268 * Local and remote magics equal -- loopback? 2269 */ 2270 if (sp->pp_loopcnt >= LOOPALIVECNT*5) { 2271 printf ("%s: loopback\n", 2272 ifp->if_xname); 2273 sp->pp_loopcnt = 0; 2274 if (ifp->if_flags & IFF_UP) { 2275 if_down(ifp); 2276 IF_PURGE(&sp->pp_cpq); 2277 /* XXX ? */ 2278 lcp.Down(sp); 2279 lcp.Up(sp); 2280 } 2281 } else if (debug) 2282 addlog(" [glitch]"); 2283 ++sp->pp_loopcnt; 2284 /* 2285 * We negate our magic here, and NAK it. If 2286 * we see it later in an NAK packet, we 2287 * suggest a new one. 2288 */ 2289 nmagic = ~sp->lcp.magic; 2290 /* Gonna NAK it. */ 2291 p[2] = nmagic >> 24; 2292 p[3] = nmagic >> 16; 2293 p[4] = nmagic >> 8; 2294 p[5] = nmagic; 2295 break; 2296 2297 case LCP_OPT_ASYNC_MAP: 2298 /* 2299 * Async control character map -- just ignore it. 2300 * 2301 * Quote from RFC 1662, chapter 6: 2302 * To enable this functionality, synchronous PPP 2303 * implementations MUST always respond to the 2304 * Async-Control-Character-Map Configuration 2305 * Option with the LCP Configure-Ack. However, 2306 * acceptance of the Configuration Option does 2307 * not imply that the synchronous implementation 2308 * will do any ACCM mapping. Instead, all such 2309 * octet mapping will be performed by the 2310 * asynchronous-to-synchronous converter. 2311 */ 2312 continue; 2313 2314 case LCP_OPT_MRU: 2315 /* 2316 * Maximum receive unit. Always agreeable, 2317 * but ignored by now. 2318 */ 2319 sp->lcp.their_mru = p[2] * 256 + p[3]; 2320 if (debug) 2321 addlog(" %ld", sp->lcp.their_mru); 2322 continue; 2323 2324 case LCP_OPT_AUTH_PROTO: 2325 authproto = (p[2] << 8) + p[3]; 2326 if (sp->myauth.proto != authproto) { 2327 /* not agreed, nak */ 2328 if (debug) 2329 addlog(" [mine %s != his %s]", 2330 sppp_proto_name(sp->myauth.proto), 2331 sppp_proto_name(authproto)); 2332 p[2] = sp->myauth.proto >> 8; 2333 p[3] = sp->myauth.proto; 2334 break; 2335 } 2336 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2337 if (debug) 2338 addlog(" [chap not MD5]"); 2339 p[4] = CHAP_MD5; 2340 break; 2341 } 2342 continue; 2343 } 2344 /* Add the option to nak'ed list. */ 2345 bcopy (p, r, p[1]); 2346 r += p[1]; 2347 rlen += p[1]; 2348 } 2349 if (rlen) { 2350 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2351 if (debug) 2352 addlog(" max_failure (%d) exceeded, " 2353 "send conf-rej\n", 2354 sp->lcp.max_failure); 2355 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2356 } else { 2357 if (debug) 2358 addlog(" send conf-nak\n"); 2359 sppp_cp_send(sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2360 } 2361 goto end; 2362 } else { 2363 if (debug) 2364 addlog(" send conf-ack\n"); 2365 sp->fail_counter[IDX_LCP] = 0; 2366 sp->pp_loopcnt = 0; 2367 sppp_cp_send(sp, PPP_LCP, CONF_ACK, h->ident, origlen, h + 1); 2368 } 2369 2370 end: 2371 free(buf, M_TEMP); 2372 return (rlen == 0); 2373 2374 drop: 2375 free(buf, M_TEMP); 2376 return -1; 2377 } 2378 2379 /* 2380 * Analyze the LCP Configure-Reject option list, and adjust our 2381 * negotiation. 2382 */ 2383 static void 2384 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2385 { 2386 STDDCL; 2387 u_char *buf, *p; 2388 2389 len -= 4; 2390 buf = malloc (len, M_TEMP, M_NOWAIT); 2391 if (!buf) 2392 return; 2393 2394 if (debug) 2395 log(LOG_DEBUG, "%s: lcp rej opts:", 2396 ifp->if_xname); 2397 2398 p = (void *)(h + 1); 2399 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2400 /* Sanity check option length */ 2401 if (p[1] > len) { 2402 /* 2403 * Malicious option - drop imediately. 2404 * XXX Maybe we should just RXJ it? 2405 */ 2406 addlog("%s: received malicious LCP option, " 2407 "dropping.\n", ifp->if_xname); 2408 goto drop; 2409 } 2410 if (debug) 2411 addlog(" %s", sppp_lcp_opt_name(*p)); 2412 switch (*p) { 2413 case LCP_OPT_MAGIC: 2414 /* Magic number -- can't use it, use 0 */ 2415 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2416 sp->lcp.magic = 0; 2417 break; 2418 case LCP_OPT_MRU: 2419 /* 2420 * Should not be rejected anyway, since we only 2421 * negotiate a MRU if explicitly requested by 2422 * peer. 2423 */ 2424 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2425 break; 2426 case LCP_OPT_AUTH_PROTO: 2427 /* 2428 * Peer doesn't want to authenticate himself, 2429 * deny unless this is a dialout call, and 2430 * SPPP_AUTHFLAG_NOCALLOUT is set. 2431 */ 2432 if ((sp->pp_flags & PP_CALLIN) == 0 && 2433 (sp->hisauth.flags & SPPP_AUTHFLAG_NOCALLOUT) != 0) { 2434 if (debug) 2435 addlog(" [don't insist on auth " 2436 "for callout]"); 2437 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2438 break; 2439 } 2440 if (debug) 2441 addlog("[access denied]\n"); 2442 lcp.Close(sp); 2443 break; 2444 } 2445 } 2446 if (debug) 2447 addlog("\n"); 2448 drop: 2449 free(buf, M_TEMP); 2450 return; 2451 } 2452 2453 /* 2454 * Analyze the LCP Configure-NAK option list, and adjust our 2455 * negotiation. 2456 */ 2457 static void 2458 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2459 { 2460 STDDCL; 2461 u_char *buf, *p; 2462 u_int32_t magic; 2463 2464 len -= 4; 2465 buf = malloc (len, M_TEMP, M_NOWAIT); 2466 if (!buf) 2467 return; 2468 2469 if (debug) 2470 log(LOG_DEBUG, "%s: lcp nak opts:", 2471 ifp->if_xname); 2472 2473 p = (void *)(h + 1); 2474 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2475 /* Sanity check option length */ 2476 if (p[1] > len) { 2477 /* 2478 * Malicious option - drop imediately. 2479 * XXX Maybe we should just RXJ it? 2480 */ 2481 addlog("%s: received malicious LCP option, " 2482 "dropping.\n", ifp->if_xname); 2483 goto drop; 2484 } 2485 if (debug) 2486 addlog(" %s", sppp_lcp_opt_name(*p)); 2487 switch (*p) { 2488 case LCP_OPT_MAGIC: 2489 /* Magic number -- renegotiate */ 2490 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2491 len >= 6 && p[1] == 6) { 2492 magic = (u_int32_t)p[2] << 24 | 2493 (u_int32_t)p[3] << 16 | p[4] << 8 | p[5]; 2494 /* 2495 * If the remote magic is our negated one, 2496 * this looks like a loopback problem. 2497 * Suggest a new magic to make sure. 2498 */ 2499 if (magic == ~sp->lcp.magic) { 2500 if (debug) 2501 addlog(" magic glitch"); 2502 sp->lcp.magic = arc4random(); 2503 } else { 2504 sp->lcp.magic = magic; 2505 if (debug) 2506 addlog(" %d", magic); 2507 } 2508 } 2509 break; 2510 case LCP_OPT_MRU: 2511 /* 2512 * Peer wants to advise us to negotiate an MRU. 2513 * Agree on it if it's reasonable, or use 2514 * default otherwise. 2515 */ 2516 if (len >= 4 && p[1] == 4) { 2517 u_int mru = p[2] * 256 + p[3]; 2518 if (debug) 2519 addlog(" %d", mru); 2520 if (mru < PP_MTU || mru > PP_MAX_MRU) 2521 mru = PP_MTU; 2522 sp->lcp.mru = mru; 2523 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2524 } 2525 break; 2526 case LCP_OPT_AUTH_PROTO: 2527 /* 2528 * Peer doesn't like our authentication method, 2529 * deny. 2530 */ 2531 if (debug) 2532 addlog("[access denied]\n"); 2533 lcp.Close(sp); 2534 break; 2535 } 2536 } 2537 if (debug) 2538 addlog("\n"); 2539 drop: 2540 free(buf, M_TEMP); 2541 return; 2542 } 2543 2544 static void 2545 sppp_lcp_tlu(struct sppp *sp) 2546 { 2547 STDDCL; 2548 int i; 2549 u_int32_t mask; 2550 2551 /* XXX ? */ 2552 if (! (ifp->if_flags & IFF_UP) && 2553 (ifp->if_flags & IFF_RUNNING)) { 2554 /* Coming out of loopback mode. */ 2555 if_up(ifp); 2556 } 2557 2558 for (i = 0; i < IDX_COUNT; i++) 2559 if ((cps[i])->flags & CP_QUAL) 2560 (cps[i])->Open(sp); 2561 2562 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2563 (sp->pp_flags & PP_NEEDAUTH) != 0) 2564 sp->pp_phase = SPPP_PHASE_AUTHENTICATE; 2565 else 2566 sp->pp_phase = SPPP_PHASE_NETWORK; 2567 2568 if (debug) 2569 { 2570 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 2571 sppp_phase_name(sp->pp_phase)); 2572 } 2573 2574 /* 2575 * Open all authentication protocols. This is even required 2576 * if we already proceeded to network phase, since it might be 2577 * that remote wants us to authenticate, so we might have to 2578 * send a PAP request. Undesired authentication protocols 2579 * don't do anything when they get an Open event. 2580 */ 2581 for (i = 0; i < IDX_COUNT; i++) 2582 if ((cps[i])->flags & CP_AUTH) 2583 (cps[i])->Open(sp); 2584 2585 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 2586 /* Notify all NCPs. */ 2587 for (i = 0; i < IDX_COUNT; i++) 2588 if ((cps[i])->flags & CP_NCP) 2589 (cps[i])->Open(sp); 2590 } 2591 2592 /* Send Up events to all started protos. */ 2593 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2594 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2595 (cps[i])->Up(sp); 2596 2597 /* notify low-level driver of state change */ 2598 if (sp->pp_chg) 2599 sp->pp_chg(sp, (int)sp->pp_phase); 2600 2601 if (sp->pp_phase == SPPP_PHASE_NETWORK) 2602 /* if no NCP is starting, close down */ 2603 sppp_lcp_check_and_close(sp); 2604 } 2605 2606 static void 2607 sppp_lcp_tld(struct sppp *sp) 2608 { 2609 STDDCL; 2610 int i; 2611 u_int32_t mask; 2612 2613 sp->pp_phase = SPPP_PHASE_TERMINATE; 2614 2615 if (debug) 2616 { 2617 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 2618 sppp_phase_name(sp->pp_phase)); 2619 } 2620 2621 /* 2622 * Take upper layers down. We send the Down event first and 2623 * the Close second to prevent the upper layers from sending 2624 * ``a flurry of terminate-request packets'', as the RFC 2625 * describes it. 2626 */ 2627 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2628 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2629 (cps[i])->Down(sp); 2630 (cps[i])->Close(sp); 2631 } 2632 } 2633 2634 static void 2635 sppp_lcp_tls(struct sppp *sp) 2636 { 2637 STDDCL; 2638 2639 if (sp->pp_max_auth_fail != 0 && sp->pp_auth_failures >= sp->pp_max_auth_fail) { 2640 printf("%s: authentication failed %d times, not retrying again\n", 2641 sp->pp_if.if_xname, sp->pp_auth_failures); 2642 if_down(&sp->pp_if); 2643 return; 2644 } 2645 2646 sp->pp_phase = SPPP_PHASE_ESTABLISH; 2647 2648 if (debug) 2649 { 2650 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 2651 sppp_phase_name(sp->pp_phase)); 2652 } 2653 2654 /* Notify lower layer if desired. */ 2655 if (sp->pp_tls) 2656 (sp->pp_tls)(sp); 2657 } 2658 2659 static void 2660 sppp_lcp_tlf(struct sppp *sp) 2661 { 2662 STDDCL; 2663 2664 sp->pp_phase = SPPP_PHASE_DEAD; 2665 2666 if (debug) 2667 { 2668 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 2669 sppp_phase_name(sp->pp_phase)); 2670 } 2671 2672 /* Notify lower layer if desired. */ 2673 if (sp->pp_tlf) 2674 (sp->pp_tlf)(sp); 2675 } 2676 2677 static void 2678 sppp_lcp_scr(struct sppp *sp) 2679 { 2680 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2681 int i = 0; 2682 u_short authproto; 2683 2684 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2685 if (! sp->lcp.magic) 2686 sp->lcp.magic = arc4random(); 2687 opt[i++] = LCP_OPT_MAGIC; 2688 opt[i++] = 6; 2689 opt[i++] = sp->lcp.magic >> 24; 2690 opt[i++] = sp->lcp.magic >> 16; 2691 opt[i++] = sp->lcp.magic >> 8; 2692 opt[i++] = sp->lcp.magic; 2693 } 2694 2695 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2696 opt[i++] = LCP_OPT_MRU; 2697 opt[i++] = 4; 2698 opt[i++] = sp->lcp.mru >> 8; 2699 opt[i++] = sp->lcp.mru; 2700 } 2701 2702 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2703 authproto = sp->hisauth.proto; 2704 opt[i++] = LCP_OPT_AUTH_PROTO; 2705 opt[i++] = authproto == PPP_CHAP? 5: 4; 2706 opt[i++] = authproto >> 8; 2707 opt[i++] = authproto; 2708 if (authproto == PPP_CHAP) 2709 opt[i++] = CHAP_MD5; 2710 } 2711 2712 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2713 sppp_cp_send(sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2714 } 2715 2716 /* 2717 * Check the open NCPs, return true if at least one NCP is open. 2718 */ 2719 static int 2720 sppp_ncp_check(struct sppp *sp) 2721 { 2722 int i, mask; 2723 2724 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2725 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2726 return 1; 2727 return 0; 2728 } 2729 2730 /* 2731 * Re-check the open NCPs and see if we should terminate the link. 2732 * Called by the NCPs during their tlf action handling. 2733 */ 2734 static void 2735 sppp_lcp_check_and_close(struct sppp *sp) 2736 { 2737 2738 if (sp->pp_phase < SPPP_PHASE_NETWORK) 2739 /* don't bother, we are already going down */ 2740 return; 2741 2742 if (sppp_ncp_check(sp)) 2743 return; 2744 2745 lcp.Close(sp); 2746 } 2747 2748 2749 /* 2750 *--------------------------------------------------------------------------* 2751 * * 2752 * The IPCP implementation. * 2753 * * 2754 *--------------------------------------------------------------------------* 2755 */ 2756 2757 static void 2758 sppp_ipcp_init(struct sppp *sp) 2759 { 2760 sp->ipcp.opts = 0; 2761 sp->ipcp.flags = 0; 2762 sp->state[IDX_IPCP] = STATE_INITIAL; 2763 sp->fail_counter[IDX_IPCP] = 0; 2764 sp->pp_seq[IDX_IPCP] = 0; 2765 sp->pp_rseq[IDX_IPCP] = 0; 2766 callout_init(&sp->ch[IDX_IPCP]); 2767 } 2768 2769 static void 2770 sppp_ipcp_up(struct sppp *sp) 2771 { 2772 sppp_up_event(&ipcp, sp); 2773 } 2774 2775 static void 2776 sppp_ipcp_down(struct sppp *sp) 2777 { 2778 sppp_down_event(&ipcp, sp); 2779 } 2780 2781 static void 2782 sppp_ipcp_open(struct sppp *sp) 2783 { 2784 STDDCL; 2785 u_int32_t myaddr, hisaddr; 2786 2787 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN|IPCP_HISADDR_DYN); 2788 sp->ipcp.req_myaddr = 0; 2789 sp->ipcp.req_hisaddr = 0; 2790 memset(&sp->dns_addrs, 0, sizeof sp->dns_addrs); 2791 2792 #ifdef INET 2793 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2794 #else 2795 myaddr = hisaddr = 0; 2796 #endif 2797 /* 2798 * If we don't have his address, this probably means our 2799 * interface doesn't want to talk IP at all. (This could 2800 * be the case if somebody wants to speak only IPX, for 2801 * example.) Don't open IPCP in this case. 2802 */ 2803 if (hisaddr == 0) { 2804 /* XXX this message should go away */ 2805 if (debug) 2806 log(LOG_DEBUG, "%s: ipcp_open(): no IP interface\n", 2807 ifp->if_xname); 2808 return; 2809 } 2810 2811 if (myaddr == 0) { 2812 /* 2813 * I don't have an assigned address, so i need to 2814 * negotiate my address. 2815 */ 2816 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2817 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2818 } 2819 if (hisaddr == 1) { 2820 /* 2821 * XXX - remove this hack! 2822 * remote has no valid address, we need to get one assigned. 2823 */ 2824 sp->ipcp.flags |= IPCP_HISADDR_DYN; 2825 } 2826 sppp_open_event(&ipcp, sp); 2827 } 2828 2829 static void 2830 sppp_ipcp_close(struct sppp *sp) 2831 { 2832 STDDCL; 2833 2834 sppp_close_event(&ipcp, sp); 2835 #ifdef INET 2836 if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN)) 2837 /* 2838 * Some address was dynamic, clear it again. 2839 */ 2840 sppp_clear_ip_addrs(sp); 2841 #endif 2842 2843 if (sp->pp_saved_mtu > 0) { 2844 ifp->if_mtu = sp->pp_saved_mtu; 2845 sp->pp_saved_mtu = 0; 2846 if (debug) 2847 log(LOG_DEBUG, 2848 "%s: resetting MTU to %" PRIu64 " bytes\n", 2849 ifp->if_xname, ifp->if_mtu); 2850 } 2851 } 2852 2853 static void 2854 sppp_ipcp_TO(void *cookie) 2855 { 2856 sppp_to_event(&ipcp, (struct sppp *)cookie); 2857 } 2858 2859 /* 2860 * Analyze a configure request. Return true if it was agreeable, and 2861 * caused action sca, false if it has been rejected or nak'ed, and 2862 * caused action scn. (The return value is used to make the state 2863 * transition decision in the state automaton.) 2864 */ 2865 static int 2866 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2867 { 2868 u_char *buf, *r, *p; 2869 struct ifnet *ifp = &sp->pp_if; 2870 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2871 u_int32_t hisaddr, desiredaddr; 2872 2873 len -= 4; 2874 origlen = len; 2875 /* 2876 * Make sure to allocate a buf that can at least hold a 2877 * conf-nak with an `address' option. We might need it below. 2878 */ 2879 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2880 if (! buf) 2881 return (0); 2882 2883 /* pass 1: see if we can recognize them */ 2884 if (debug) 2885 log(LOG_DEBUG, "%s: ipcp parse opts:", 2886 ifp->if_xname); 2887 p = (void *)(h + 1); 2888 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2889 /* Sanity check option length */ 2890 if (p[1] > len) { 2891 /* XXX should we just RXJ? */ 2892 addlog("%s: malicious IPCP option received, dropping\n", 2893 ifp->if_xname); 2894 goto drop; 2895 } 2896 if (debug) 2897 addlog(" %s", sppp_ipcp_opt_name(*p)); 2898 switch (*p) { 2899 #ifdef notyet 2900 case IPCP_OPT_COMPRESSION: 2901 if (len >= 6 && p[1] >= 6) { 2902 /* correctly formed compress option */ 2903 continue; 2904 } 2905 if (debug) 2906 addlog(" [invalid]"); 2907 break; 2908 #endif 2909 case IPCP_OPT_ADDRESS: 2910 if (len >= 6 && p[1] == 6) { 2911 /* correctly formed address option */ 2912 continue; 2913 } 2914 if (debug) 2915 addlog(" [invalid]"); 2916 break; 2917 default: 2918 /* Others not supported. */ 2919 if (debug) 2920 addlog(" [rej]"); 2921 break; 2922 } 2923 /* Add the option to rejected list. */ 2924 bcopy (p, r, p[1]); 2925 r += p[1]; 2926 rlen += p[1]; 2927 } 2928 if (rlen) { 2929 if (debug) 2930 addlog(" send conf-rej\n"); 2931 sppp_cp_send(sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2932 goto end; 2933 } else if (debug) 2934 addlog("\n"); 2935 2936 /* pass 2: parse option values */ 2937 if (sp->ipcp.flags & IPCP_HISADDR_SEEN) 2938 hisaddr = sp->ipcp.req_hisaddr; /* we already aggreed on that */ 2939 else 2940 #ifdef INET 2941 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */ 2942 #else 2943 hisaddr = 0; 2944 #endif 2945 if (debug) 2946 log(LOG_DEBUG, "%s: ipcp parse opt values: ", 2947 ifp->if_xname); 2948 p = (void *)(h + 1); 2949 len = origlen; 2950 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2951 if (debug) 2952 addlog(" %s", sppp_ipcp_opt_name(*p)); 2953 switch (*p) { 2954 #ifdef notyet 2955 case IPCP_OPT_COMPRESSION: 2956 continue; 2957 #endif 2958 case IPCP_OPT_ADDRESS: 2959 desiredaddr = p[2] << 24 | p[3] << 16 | 2960 p[4] << 8 | p[5]; 2961 if (desiredaddr == hisaddr || 2962 ((sp->ipcp.flags & IPCP_HISADDR_DYN) && desiredaddr != 0)) { 2963 /* 2964 * Peer's address is same as our value, 2965 * this is agreeable. Gonna conf-ack 2966 * it. 2967 */ 2968 if (debug) 2969 addlog(" %s [ack]", 2970 sppp_dotted_quad(hisaddr)); 2971 /* record that we've seen it already */ 2972 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2973 sp->ipcp.req_hisaddr = desiredaddr; 2974 hisaddr = desiredaddr; 2975 continue; 2976 } 2977 /* 2978 * The address wasn't agreeable. This is either 2979 * he sent us 0.0.0.0, asking to assign him an 2980 * address, or he send us another address not 2981 * matching our value. Either case, we gonna 2982 * conf-nak it with our value. 2983 */ 2984 if (debug) { 2985 if (desiredaddr == 0) 2986 addlog(" [addr requested]"); 2987 else 2988 addlog(" %s [not agreed]", 2989 sppp_dotted_quad(desiredaddr)); 2990 } 2991 2992 p[2] = hisaddr >> 24; 2993 p[3] = hisaddr >> 16; 2994 p[4] = hisaddr >> 8; 2995 p[5] = hisaddr; 2996 break; 2997 } 2998 /* Add the option to nak'ed list. */ 2999 bcopy (p, r, p[1]); 3000 r += p[1]; 3001 rlen += p[1]; 3002 } 3003 3004 /* 3005 * If we are about to conf-ack the request, but haven't seen 3006 * his address so far, gonna conf-nak it instead, with the 3007 * `address' option present and our idea of his address being 3008 * filled in there, to request negotiation of both addresses. 3009 * 3010 * XXX This can result in an endless req - nak loop if peer 3011 * doesn't want to send us his address. Q: What should we do 3012 * about it? XXX A: implement the max-failure counter. 3013 */ 3014 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) { 3015 buf[0] = IPCP_OPT_ADDRESS; 3016 buf[1] = 6; 3017 buf[2] = hisaddr >> 24; 3018 buf[3] = hisaddr >> 16; 3019 buf[4] = hisaddr >> 8; 3020 buf[5] = hisaddr; 3021 rlen = 6; 3022 if (debug) 3023 addlog(" still need hisaddr"); 3024 } 3025 3026 if (rlen) { 3027 if (debug) 3028 addlog(" send conf-nak\n"); 3029 sppp_cp_send(sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 3030 } else { 3031 if (debug) 3032 addlog(" send conf-ack\n"); 3033 sppp_cp_send(sp, PPP_IPCP, CONF_ACK, h->ident, origlen, h + 1); 3034 } 3035 3036 end: 3037 free(buf, M_TEMP); 3038 return (rlen == 0); 3039 3040 drop: 3041 free(buf, M_TEMP); 3042 return -1; 3043 } 3044 3045 /* 3046 * Analyze the IPCP Configure-Reject option list, and adjust our 3047 * negotiation. 3048 */ 3049 static void 3050 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3051 { 3052 u_char *buf, *p; 3053 struct ifnet *ifp = &sp->pp_if; 3054 int debug = ifp->if_flags & IFF_DEBUG; 3055 3056 len -= 4; 3057 buf = malloc (len, M_TEMP, M_NOWAIT); 3058 if (!buf) 3059 return; 3060 3061 if (debug) 3062 log(LOG_DEBUG, "%s: ipcp rej opts:", 3063 ifp->if_xname); 3064 3065 p = (void *)(h + 1); 3066 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3067 /* Sanity check option length */ 3068 if (p[1] > len) { 3069 /* XXX should we just RXJ? */ 3070 addlog("%s: malicious IPCP option received, dropping\n", 3071 ifp->if_xname); 3072 goto drop; 3073 } 3074 if (debug) 3075 addlog(" %s", sppp_ipcp_opt_name(*p)); 3076 switch (*p) { 3077 case IPCP_OPT_ADDRESS: 3078 /* 3079 * Peer doesn't grok address option. This is 3080 * bad. XXX Should we better give up here? 3081 */ 3082 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3083 break; 3084 #ifdef notyet 3085 case IPCP_OPT_COMPRESS: 3086 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS); 3087 break; 3088 #endif 3089 } 3090 } 3091 if (debug) 3092 addlog("\n"); 3093 drop: 3094 free(buf, M_TEMP); 3095 return; 3096 } 3097 3098 /* 3099 * Analyze the IPCP Configure-NAK option list, and adjust our 3100 * negotiation. 3101 */ 3102 static void 3103 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3104 { 3105 u_char *p; 3106 struct ifnet *ifp = &sp->pp_if; 3107 int debug = ifp->if_flags & IFF_DEBUG; 3108 u_int32_t wantaddr; 3109 3110 len -= 4; 3111 3112 if (debug) 3113 log(LOG_DEBUG, "%s: ipcp nak opts:", 3114 ifp->if_xname); 3115 3116 p = (void *)(h + 1); 3117 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3118 /* Sanity check option length */ 3119 if (p[1] > len) { 3120 /* XXX should we just RXJ? */ 3121 addlog("%s: malicious IPCP option received, dropping\n", 3122 ifp->if_xname); 3123 return; 3124 } 3125 if (debug) 3126 addlog(" %s", sppp_ipcp_opt_name(*p)); 3127 switch (*p) { 3128 case IPCP_OPT_ADDRESS: 3129 /* 3130 * Peer doesn't like our local IP address. See 3131 * if we can do something for him. We'll drop 3132 * him our address then. 3133 */ 3134 if (len >= 6 && p[1] == 6) { 3135 wantaddr = p[2] << 24 | p[3] << 16 | 3136 p[4] << 8 | p[5]; 3137 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3138 if (debug) 3139 addlog(" [wantaddr %s]", 3140 sppp_dotted_quad(wantaddr)); 3141 /* 3142 * When doing dynamic address assignment, 3143 * we accept his offer. Otherwise, we 3144 * ignore it and thus continue to negotiate 3145 * our already existing value. 3146 */ 3147 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3148 if (debug) 3149 addlog(" [agree]"); 3150 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3151 sp->ipcp.req_myaddr = wantaddr; 3152 } 3153 } 3154 break; 3155 3156 case IPCP_OPT_PRIMDNS: 3157 if (len >= 6 && p[1] == 6) { 3158 sp->dns_addrs[0] = p[2] << 24 | p[3] << 16 | 3159 p[4] << 8 | p[5]; 3160 } 3161 break; 3162 3163 case IPCP_OPT_SECDNS: 3164 if (len >= 6 && p[1] == 6) { 3165 sp->dns_addrs[1] = p[2] << 24 | p[3] << 16 | 3166 p[4] << 8 | p[5]; 3167 } 3168 break; 3169 #ifdef notyet 3170 case IPCP_OPT_COMPRESS: 3171 /* 3172 * Peer wants different compression parameters. 3173 */ 3174 break; 3175 #endif 3176 } 3177 } 3178 if (debug) 3179 addlog("\n"); 3180 } 3181 3182 static void 3183 sppp_ipcp_tlu(struct sppp *sp) 3184 { 3185 #ifdef INET 3186 /* we are up. Set addresses and notify anyone interested */ 3187 STDDCL; 3188 u_int32_t myaddr, hisaddr; 3189 3190 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 3191 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && (sp->ipcp.flags & IPCP_MYADDR_SEEN)) 3192 myaddr = sp->ipcp.req_myaddr; 3193 if ((sp->ipcp.flags & IPCP_HISADDR_DYN) && (sp->ipcp.flags & IPCP_HISADDR_SEEN)) 3194 hisaddr = sp->ipcp.req_hisaddr; 3195 sppp_set_ip_addrs(sp, myaddr, hisaddr); 3196 3197 if (ifp->if_mtu > sp->lcp.their_mru) { 3198 sp->pp_saved_mtu = ifp->if_mtu; 3199 ifp->if_mtu = sp->lcp.their_mru; 3200 if (debug) 3201 log(LOG_DEBUG, 3202 "%s: setting MTU to %" PRIu64 " bytes\n", 3203 ifp->if_xname, ifp->if_mtu); 3204 } 3205 3206 if (sp->pp_con) 3207 sp->pp_con(sp); 3208 #endif 3209 } 3210 3211 static void 3212 sppp_ipcp_tld(struct sppp *sp) 3213 { 3214 } 3215 3216 static void 3217 sppp_ipcp_tls(struct sppp *sp) 3218 { 3219 /* indicate to LCP that it must stay alive */ 3220 sp->lcp.protos |= (1 << IDX_IPCP); 3221 } 3222 3223 static void 3224 sppp_ipcp_tlf(struct sppp *sp) 3225 { 3226 /* we no longer need LCP */ 3227 sp->lcp.protos &= ~(1 << IDX_IPCP); 3228 } 3229 3230 static void 3231 sppp_ipcp_scr(struct sppp *sp) 3232 { 3233 char opt[6 /* compression */ + 6 /* address */ + 12 /* dns addresses */]; 3234 #ifdef INET 3235 u_int32_t ouraddr; 3236 #endif 3237 int i = 0; 3238 3239 #ifdef notyet 3240 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3241 opt[i++] = IPCP_OPT_COMPRESSION; 3242 opt[i++] = 6; 3243 opt[i++] = 0; /* VJ header compression */ 3244 opt[i++] = 0x2d; /* VJ header compression */ 3245 opt[i++] = max_slot_id; 3246 opt[i++] = comp_slot_id; 3247 } 3248 #endif 3249 3250 #ifdef INET 3251 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3252 if (sp->ipcp.flags & IPCP_MYADDR_SEEN) 3253 ouraddr = sp->ipcp.req_myaddr; /* not sure if this can ever happen */ 3254 else 3255 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3256 opt[i++] = IPCP_OPT_ADDRESS; 3257 opt[i++] = 6; 3258 opt[i++] = ouraddr >> 24; 3259 opt[i++] = ouraddr >> 16; 3260 opt[i++] = ouraddr >> 8; 3261 opt[i++] = ouraddr; 3262 } 3263 #endif 3264 3265 if (sp->query_dns & 1) { 3266 opt[i++] = IPCP_OPT_PRIMDNS; 3267 opt[i++] = 6; 3268 opt[i++] = sp->dns_addrs[0] >> 24; 3269 opt[i++] = sp->dns_addrs[0] >> 16; 3270 opt[i++] = sp->dns_addrs[0] >> 8; 3271 opt[i++] = sp->dns_addrs[0]; 3272 } 3273 if (sp->query_dns & 2) { 3274 opt[i++] = IPCP_OPT_SECDNS; 3275 opt[i++] = 6; 3276 opt[i++] = sp->dns_addrs[1] >> 24; 3277 opt[i++] = sp->dns_addrs[1] >> 16; 3278 opt[i++] = sp->dns_addrs[1] >> 8; 3279 opt[i++] = sp->dns_addrs[1]; 3280 } 3281 3282 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3283 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3284 } 3285 3286 3287 /* 3288 *--------------------------------------------------------------------------* 3289 * * 3290 * The IPv6CP implementation. * 3291 * * 3292 *--------------------------------------------------------------------------* 3293 */ 3294 3295 #ifdef INET6 3296 static void 3297 sppp_ipv6cp_init(struct sppp *sp) 3298 { 3299 sp->ipv6cp.opts = 0; 3300 sp->ipv6cp.flags = 0; 3301 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3302 sp->fail_counter[IDX_IPV6CP] = 0; 3303 sp->pp_seq[IDX_IPV6CP] = 0; 3304 sp->pp_rseq[IDX_IPV6CP] = 0; 3305 callout_init(&sp->ch[IDX_IPV6CP]); 3306 } 3307 3308 static void 3309 sppp_ipv6cp_up(struct sppp *sp) 3310 { 3311 sppp_up_event(&ipv6cp, sp); 3312 } 3313 3314 static void 3315 sppp_ipv6cp_down(struct sppp *sp) 3316 { 3317 sppp_down_event(&ipv6cp, sp); 3318 } 3319 3320 static void 3321 sppp_ipv6cp_open(struct sppp *sp) 3322 { 3323 STDDCL; 3324 struct in6_addr myaddr, hisaddr; 3325 3326 #ifdef IPV6CP_MYIFID_DYN 3327 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3328 #else 3329 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3330 #endif 3331 3332 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3333 /* 3334 * If we don't have our address, this probably means our 3335 * interface doesn't want to talk IPv6 at all. (This could 3336 * be the case if somebody wants to speak only IPX, for 3337 * example.) Don't open IPv6CP in this case. 3338 */ 3339 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3340 /* XXX this message should go away */ 3341 if (debug) 3342 log(LOG_DEBUG, "%s: ipv6cp_open(): no IPv6 interface\n", 3343 ifp->if_xname); 3344 return; 3345 } 3346 3347 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3348 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3349 sppp_open_event(&ipv6cp, sp); 3350 } 3351 3352 static void 3353 sppp_ipv6cp_close(struct sppp *sp) 3354 { 3355 sppp_close_event(&ipv6cp, sp); 3356 } 3357 3358 static void 3359 sppp_ipv6cp_TO(void *cookie) 3360 { 3361 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3362 } 3363 3364 /* 3365 * Analyze a configure request. Return true if it was agreeable, and 3366 * caused action sca, false if it has been rejected or nak'ed, and 3367 * caused action scn. (The return value is used to make the state 3368 * transition decision in the state automaton.) 3369 */ 3370 static int 3371 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3372 { 3373 u_char *buf, *r, *p; 3374 struct ifnet *ifp = &sp->pp_if; 3375 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3376 struct in6_addr myaddr, desiredaddr, suggestaddr; 3377 int ifidcount; 3378 int type; 3379 int collision, nohisaddr; 3380 3381 len -= 4; 3382 origlen = len; 3383 /* 3384 * Make sure to allocate a buf that can at least hold a 3385 * conf-nak with an `address' option. We might need it below. 3386 */ 3387 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3388 if (! buf) 3389 return (0); 3390 3391 /* pass 1: see if we can recognize them */ 3392 if (debug) 3393 log(LOG_DEBUG, "%s: ipv6cp parse opts:", 3394 ifp->if_xname); 3395 p = (void *)(h + 1); 3396 ifidcount = 0; 3397 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3398 /* Sanity check option length */ 3399 if (p[1] > len) { 3400 /* XXX just RXJ? */ 3401 addlog("%s: received malicious IPCPv6 option, " 3402 "dropping\n", ifp->if_xname); 3403 goto drop; 3404 } 3405 if (debug) 3406 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3407 switch (*p) { 3408 case IPV6CP_OPT_IFID: 3409 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3410 /* correctly formed address option */ 3411 ifidcount++; 3412 continue; 3413 } 3414 if (debug) 3415 addlog(" [invalid]"); 3416 break; 3417 #ifdef notyet 3418 case IPV6CP_OPT_COMPRESSION: 3419 if (len >= 4 && p[1] >= 4) { 3420 /* correctly formed compress option */ 3421 continue; 3422 } 3423 if (debug) 3424 addlog(" [invalid]"); 3425 break; 3426 #endif 3427 default: 3428 /* Others not supported. */ 3429 if (debug) 3430 addlog(" [rej]"); 3431 break; 3432 } 3433 /* Add the option to rejected list. */ 3434 bcopy (p, r, p[1]); 3435 r += p[1]; 3436 rlen += p[1]; 3437 } 3438 if (rlen) { 3439 if (debug) 3440 addlog(" send conf-rej\n"); 3441 sppp_cp_send(sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3442 goto end; 3443 } else if (debug) 3444 addlog("\n"); 3445 3446 /* pass 2: parse option values */ 3447 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3448 if (debug) 3449 log(LOG_DEBUG, "%s: ipv6cp parse opt values: ", 3450 ifp->if_xname); 3451 p = (void *)(h + 1); 3452 len = origlen; 3453 type = CONF_ACK; 3454 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3455 if (debug) 3456 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3457 switch (*p) { 3458 #ifdef notyet 3459 case IPV6CP_OPT_COMPRESSION: 3460 continue; 3461 #endif 3462 case IPV6CP_OPT_IFID: 3463 memset(&desiredaddr, 0, sizeof(desiredaddr)); 3464 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3465 collision = (memcmp(&desiredaddr.s6_addr[8], 3466 &myaddr.s6_addr[8], 8) == 0); 3467 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3468 3469 desiredaddr.s6_addr16[0] = htons(0xfe80); 3470 desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3471 3472 if (!collision && !nohisaddr) { 3473 /* no collision, hisaddr known - Conf-Ack */ 3474 type = CONF_ACK; 3475 3476 if (debug) { 3477 addlog(" %s [%s]", 3478 ip6_sprintf(&desiredaddr), 3479 sppp_cp_type_name(type)); 3480 } 3481 continue; 3482 } 3483 3484 memset(&suggestaddr, 0, sizeof(&suggestaddr)); 3485 if (collision && nohisaddr) { 3486 /* collision, hisaddr unknown - Conf-Rej */ 3487 type = CONF_REJ; 3488 memset(&p[2], 0, 8); 3489 } else { 3490 /* 3491 * - no collision, hisaddr unknown, or 3492 * - collision, hisaddr known 3493 * Conf-Nak, suggest hisaddr 3494 */ 3495 type = CONF_NAK; 3496 sppp_suggest_ip6_addr(sp, &suggestaddr); 3497 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3498 } 3499 if (debug) 3500 addlog(" %s [%s]", ip6_sprintf(&desiredaddr), 3501 sppp_cp_type_name(type)); 3502 break; 3503 } 3504 /* Add the option to nak'ed list. */ 3505 bcopy (p, r, p[1]); 3506 r += p[1]; 3507 rlen += p[1]; 3508 } 3509 3510 if (rlen == 0 && type == CONF_ACK) { 3511 if (debug) 3512 addlog(" send %s\n", sppp_cp_type_name(type)); 3513 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, origlen, h + 1); 3514 } else { 3515 #ifdef notdef 3516 if (type == CONF_ACK) 3517 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3518 #endif 3519 3520 if (debug) { 3521 addlog(" send %s suggest %s\n", 3522 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr)); 3523 } 3524 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3525 } 3526 3527 end: 3528 free(buf, M_TEMP); 3529 return (rlen == 0); 3530 3531 drop: 3532 free(buf, M_TEMP); 3533 return -1; 3534 } 3535 3536 /* 3537 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3538 * negotiation. 3539 */ 3540 static void 3541 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3542 { 3543 u_char *buf, *p; 3544 struct ifnet *ifp = &sp->pp_if; 3545 int debug = ifp->if_flags & IFF_DEBUG; 3546 3547 len -= 4; 3548 buf = malloc (len, M_TEMP, M_NOWAIT); 3549 if (!buf) 3550 return; 3551 3552 if (debug) 3553 log(LOG_DEBUG, "%s: ipv6cp rej opts:", 3554 ifp->if_xname); 3555 3556 p = (void *)(h + 1); 3557 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3558 if (p[1] > len) { 3559 /* XXX just RXJ? */ 3560 addlog("%s: received malicious IPCPv6 option, " 3561 "dropping\n", ifp->if_xname); 3562 goto drop; 3563 } 3564 if (debug) 3565 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3566 switch (*p) { 3567 case IPV6CP_OPT_IFID: 3568 /* 3569 * Peer doesn't grok address option. This is 3570 * bad. XXX Should we better give up here? 3571 */ 3572 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3573 break; 3574 #ifdef notyet 3575 case IPV6CP_OPT_COMPRESS: 3576 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3577 break; 3578 #endif 3579 } 3580 } 3581 if (debug) 3582 addlog("\n"); 3583 drop: 3584 free(buf, M_TEMP); 3585 return; 3586 } 3587 3588 /* 3589 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3590 * negotiation. 3591 */ 3592 static void 3593 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3594 { 3595 u_char *buf, *p; 3596 struct ifnet *ifp = &sp->pp_if; 3597 int debug = ifp->if_flags & IFF_DEBUG; 3598 struct in6_addr suggestaddr; 3599 3600 len -= 4; 3601 buf = malloc (len, M_TEMP, M_NOWAIT); 3602 if (!buf) 3603 return; 3604 3605 if (debug) 3606 log(LOG_DEBUG, "%s: ipv6cp nak opts:", 3607 ifp->if_xname); 3608 3609 p = (void *)(h + 1); 3610 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3611 if (p[1] > len) { 3612 /* XXX just RXJ? */ 3613 addlog("%s: received malicious IPCPv6 option, " 3614 "dropping\n", ifp->if_xname); 3615 goto drop; 3616 } 3617 if (debug) 3618 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3619 switch (*p) { 3620 case IPV6CP_OPT_IFID: 3621 /* 3622 * Peer doesn't like our local ifid. See 3623 * if we can do something for him. We'll drop 3624 * him our address then. 3625 */ 3626 if (len < 10 || p[1] != 10) 3627 break; 3628 memset(&suggestaddr, 0, sizeof(suggestaddr)); 3629 suggestaddr.s6_addr16[0] = htons(0xfe80); 3630 suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3631 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3632 3633 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3634 if (debug) 3635 addlog(" [suggestaddr %s]", 3636 ip6_sprintf(&suggestaddr)); 3637 #ifdef IPV6CP_MYIFID_DYN 3638 /* 3639 * When doing dynamic address assignment, 3640 * we accept his offer. 3641 */ 3642 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3643 struct in6_addr lastsuggest; 3644 /* 3645 * If <suggested myaddr from peer> equals to 3646 * <hisaddr we have suggested last time>, 3647 * we have a collision. generate new random 3648 * ifid. 3649 */ 3650 sppp_suggest_ip6_addr(&lastsuggest); 3651 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3652 lastsuggest)) { 3653 if (debug) 3654 addlog(" [random]"); 3655 sppp_gen_ip6_addr(sp, &suggestaddr); 3656 } 3657 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3658 if (debug) 3659 addlog(" [agree]"); 3660 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3661 } 3662 #else 3663 /* 3664 * Since we do not do dynamic address assignment, 3665 * we ignore it and thus continue to negotiate 3666 * our already existing value. This can possibly 3667 * go into infinite request-reject loop. 3668 * 3669 * This is not likely because we normally use 3670 * ifid based on MAC-address. 3671 * If you have no ethernet card on the node, too bad. 3672 * XXX should we use fail_counter? 3673 */ 3674 #endif 3675 break; 3676 #ifdef notyet 3677 case IPV6CP_OPT_COMPRESS: 3678 /* 3679 * Peer wants different compression parameters. 3680 */ 3681 break; 3682 #endif 3683 } 3684 } 3685 if (debug) 3686 addlog("\n"); 3687 drop: 3688 free(buf, M_TEMP); 3689 return; 3690 } 3691 3692 static void 3693 sppp_ipv6cp_tlu(struct sppp *sp) 3694 { 3695 /* we are up - notify isdn daemon */ 3696 if (sp->pp_con) 3697 sp->pp_con(sp); 3698 } 3699 3700 static void 3701 sppp_ipv6cp_tld(struct sppp *sp) 3702 { 3703 } 3704 3705 static void 3706 sppp_ipv6cp_tls(struct sppp *sp) 3707 { 3708 /* indicate to LCP that it must stay alive */ 3709 sp->lcp.protos |= (1 << IDX_IPV6CP); 3710 } 3711 3712 static void 3713 sppp_ipv6cp_tlf(struct sppp *sp) 3714 { 3715 /* we no longer need LCP */ 3716 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3717 } 3718 3719 static void 3720 sppp_ipv6cp_scr(struct sppp *sp) 3721 { 3722 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3723 struct in6_addr ouraddr; 3724 int i = 0; 3725 3726 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3727 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3728 opt[i++] = IPV6CP_OPT_IFID; 3729 opt[i++] = 10; 3730 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3731 i += 8; 3732 } 3733 3734 #ifdef notyet 3735 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3736 opt[i++] = IPV6CP_OPT_COMPRESSION; 3737 opt[i++] = 4; 3738 opt[i++] = 0; /* TBD */ 3739 opt[i++] = 0; /* TBD */ 3740 /* variable length data may follow */ 3741 } 3742 #endif 3743 3744 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3745 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3746 } 3747 #else /*INET6*/ 3748 static void sppp_ipv6cp_init(struct sppp *sp) 3749 { 3750 } 3751 3752 static void sppp_ipv6cp_up(struct sppp *sp) 3753 { 3754 } 3755 3756 static void sppp_ipv6cp_down(struct sppp *sp) 3757 { 3758 } 3759 3760 3761 static void sppp_ipv6cp_open(struct sppp *sp) 3762 { 3763 } 3764 3765 static void sppp_ipv6cp_close(struct sppp *sp) 3766 { 3767 } 3768 3769 static void sppp_ipv6cp_TO(void *sp) 3770 { 3771 } 3772 3773 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3774 { 3775 return 0; 3776 } 3777 3778 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3779 { 3780 } 3781 3782 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3783 { 3784 } 3785 3786 static void sppp_ipv6cp_tlu(struct sppp *sp) 3787 { 3788 } 3789 3790 static void sppp_ipv6cp_tld(struct sppp *sp) 3791 { 3792 } 3793 3794 static void sppp_ipv6cp_tls(struct sppp *sp) 3795 { 3796 } 3797 3798 static void sppp_ipv6cp_tlf(struct sppp *sp) 3799 { 3800 } 3801 3802 static void sppp_ipv6cp_scr(struct sppp *sp) 3803 { 3804 } 3805 #endif /*INET6*/ 3806 3807 3808 /* 3809 *--------------------------------------------------------------------------* 3810 * * 3811 * The CHAP implementation. * 3812 * * 3813 *--------------------------------------------------------------------------* 3814 */ 3815 3816 /* 3817 * The authentication protocols don't employ a full-fledged state machine as 3818 * the control protocols do, since they do have Open and Close events, but 3819 * not Up and Down, nor are they explicitly terminated. Also, use of the 3820 * authentication protocols may be different in both directions (this makes 3821 * sense, think of a machine that never accepts incoming calls but only 3822 * calls out, it doesn't require the called party to authenticate itself). 3823 * 3824 * Our state machine for the local authentication protocol (we are requesting 3825 * the peer to authenticate) looks like: 3826 * 3827 * RCA- 3828 * +--------------------------------------------+ 3829 * V scn,tld| 3830 * +--------+ Close +---------+ RCA+ 3831 * | |<----------------------------------| |------+ 3832 * +--->| Closed | TO* | Opened | sca | 3833 * | | |-----+ +-------| |<-----+ 3834 * | +--------+ irc | | +---------+ 3835 * | ^ | | ^ 3836 * | | | | | 3837 * | | | | | 3838 * | TO-| | | | 3839 * | |tld TO+ V | | 3840 * | | +------->+ | | 3841 * | | | | | | 3842 * | +--------+ V | | 3843 * | | |<----+<--------------------+ | 3844 * | | Req- | scr | 3845 * | | Sent | | 3846 * | | | | 3847 * | +--------+ | 3848 * | RCA- | | RCA+ | 3849 * +------+ +------------------------------------------+ 3850 * scn,tld sca,irc,ict,tlu 3851 * 3852 * 3853 * with: 3854 * 3855 * Open: LCP reached authentication phase 3856 * Close: LCP reached terminate phase 3857 * 3858 * RCA+: received reply (pap-req, chap-response), acceptable 3859 * RCN: received reply (pap-req, chap-response), not acceptable 3860 * TO+: timeout with restart counter >= 0 3861 * TO-: timeout with restart counter < 0 3862 * TO*: reschedule timeout for CHAP 3863 * 3864 * scr: send request packet (none for PAP, chap-challenge) 3865 * sca: send ack packet (pap-ack, chap-success) 3866 * scn: send nak packet (pap-nak, chap-failure) 3867 * ict: initialize re-challenge timer (CHAP only) 3868 * 3869 * tlu: this-layer-up, LCP reaches network phase 3870 * tld: this-layer-down, LCP enters terminate phase 3871 * 3872 * Note that in CHAP mode, after sending a new challenge, while the state 3873 * automaton falls back into Req-Sent state, it doesn't signal a tld 3874 * event to LCP, so LCP remains in network phase. Only after not getting 3875 * any response (or after getting an unacceptable response), CHAP closes, 3876 * causing LCP to enter terminate phase. 3877 * 3878 * With PAP, there is no initial request that can be sent. The peer is 3879 * expected to send one based on the successful negotiation of PAP as 3880 * the authentication protocol during the LCP option negotiation. 3881 * 3882 * Incoming authentication protocol requests (remote requests 3883 * authentication, we are peer) don't employ a state machine at all, 3884 * they are simply answered. Some peers [Ascend P50 firmware rev 3885 * 4.50] react allergically when sending IPCP/IPv6CP requests while they are 3886 * still in authentication phase (thereby violating the standard that 3887 * demands that these NCP packets are to be discarded), so we keep 3888 * track of the peer demanding us to authenticate, and only proceed to 3889 * phase network once we've seen a positive acknowledge for the 3890 * authentication. 3891 */ 3892 3893 /* 3894 * Handle incoming CHAP packets. 3895 */ 3896 void 3897 sppp_chap_input(struct sppp *sp, struct mbuf *m) 3898 { 3899 STDDCL; 3900 struct lcp_header *h; 3901 int len, x; 3902 u_char *value, *name, digest[sizeof(sp->myauth.challenge)], dsize; 3903 int value_len, name_len; 3904 MD5_CTX ctx; 3905 3906 len = m->m_pkthdr.len; 3907 if (len < 4) { 3908 if (debug) 3909 log(LOG_DEBUG, 3910 "%s: chap invalid packet length: %d bytes\n", 3911 ifp->if_xname, len); 3912 return; 3913 } 3914 h = mtod(m, struct lcp_header *); 3915 if (len > ntohs(h->len)) 3916 len = ntohs(h->len); 3917 3918 switch (h->type) { 3919 /* challenge, failure and success are his authproto */ 3920 case CHAP_CHALLENGE: 3921 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 3922 /* can't do anything usefull */ 3923 sp->pp_auth_failures++; 3924 printf("%s: chap input without my name and my secret being set\n", 3925 ifp->if_xname); 3926 break; 3927 } 3928 value = 1 + (u_char *)(h + 1); 3929 value_len = value[-1]; 3930 name = value + value_len; 3931 name_len = len - value_len - 5; 3932 if (name_len < 0) { 3933 if (debug) { 3934 log(LOG_DEBUG, 3935 "%s: chap corrupted challenge " 3936 "<%s id=0x%x len=%d", 3937 ifp->if_xname, 3938 sppp_auth_type_name(PPP_CHAP, h->type), 3939 h->ident, ntohs(h->len)); 3940 if (len > 4) 3941 sppp_print_bytes((u_char *)(h + 1), 3942 len - 4); 3943 addlog(">\n"); 3944 } 3945 break; 3946 } 3947 3948 if (debug) { 3949 log(LOG_DEBUG, 3950 "%s: chap input <%s id=0x%x len=%d name=", 3951 ifp->if_xname, 3952 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3953 ntohs(h->len)); 3954 sppp_print_string((char *) name, name_len); 3955 addlog(" value-size=%d value=", value_len); 3956 sppp_print_bytes(value, value_len); 3957 addlog(">\n"); 3958 } 3959 3960 /* Compute reply value. */ 3961 MD5Init(&ctx); 3962 MD5Update(&ctx, &h->ident, 1); 3963 MD5Update(&ctx, sp->myauth.secret, sp->myauth.secret_len); 3964 MD5Update(&ctx, value, value_len); 3965 MD5Final(digest, &ctx); 3966 dsize = sizeof digest; 3967 3968 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3969 sizeof dsize, (const char *)&dsize, 3970 sizeof digest, digest, 3971 sp->myauth.name_len, 3972 sp->myauth.name, 3973 0); 3974 break; 3975 3976 case CHAP_SUCCESS: 3977 if (debug) { 3978 log(LOG_DEBUG, "%s: chap success", 3979 ifp->if_xname); 3980 if (len > 4) { 3981 addlog(": "); 3982 sppp_print_string((char *)(h + 1), len - 4); 3983 } 3984 addlog("\n"); 3985 } 3986 x = splnet(); 3987 sp->pp_auth_failures = 0; 3988 sp->pp_flags &= ~PP_NEEDAUTH; 3989 if (sp->myauth.proto == PPP_CHAP && 3990 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3991 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3992 /* 3993 * We are authenticator for CHAP but didn't 3994 * complete yet. Leave it to tlu to proceed 3995 * to network phase. 3996 */ 3997 splx(x); 3998 break; 3999 } 4000 splx(x); 4001 sppp_phase_network(sp); 4002 break; 4003 4004 case CHAP_FAILURE: 4005 x = splnet(); 4006 sp->pp_auth_failures++; 4007 splx(x); 4008 if (debug) { 4009 log(LOG_INFO, "%s: chap failure", 4010 ifp->if_xname); 4011 if (len > 4) { 4012 addlog(": "); 4013 sppp_print_string((char *)(h + 1), len - 4); 4014 } 4015 addlog("\n"); 4016 } else 4017 log(LOG_INFO, "%s: chap failure\n", 4018 ifp->if_xname); 4019 /* await LCP shutdown by authenticator */ 4020 break; 4021 4022 /* response is my authproto */ 4023 case CHAP_RESPONSE: 4024 if (sp->hisauth.secret == NULL) { 4025 /* can't do anything usefull */ 4026 printf("%s: chap input without his secret being set\n", 4027 ifp->if_xname); 4028 break; 4029 } 4030 value = 1 + (u_char *)(h + 1); 4031 value_len = value[-1]; 4032 name = value + value_len; 4033 name_len = len - value_len - 5; 4034 if (name_len < 0) { 4035 if (debug) { 4036 log(LOG_DEBUG, 4037 "%s: chap corrupted response " 4038 "<%s id=0x%x len=%d", 4039 ifp->if_xname, 4040 sppp_auth_type_name(PPP_CHAP, h->type), 4041 h->ident, ntohs(h->len)); 4042 if (len > 4) 4043 sppp_print_bytes((u_char *)(h + 1), 4044 len - 4); 4045 addlog(">\n"); 4046 } 4047 break; 4048 } 4049 if (h->ident != sp->confid[IDX_CHAP]) { 4050 if (debug) 4051 log(LOG_DEBUG, 4052 "%s: chap dropping response for old ID " 4053 "(got %d, expected %d)\n", 4054 ifp->if_xname, 4055 h->ident, sp->confid[IDX_CHAP]); 4056 break; 4057 } 4058 if (sp->hisauth.name != NULL && 4059 (name_len != sp->hisauth.name_len 4060 || memcmp(name, sp->hisauth.name, name_len) != 0)) { 4061 log(LOG_INFO, "%s: chap response, his name ", 4062 ifp->if_xname); 4063 sppp_print_string(name, name_len); 4064 addlog(" != expected "); 4065 sppp_print_string(sp->hisauth.name, 4066 sp->hisauth.name_len); 4067 addlog("\n"); 4068 goto chap_failure; 4069 } 4070 if (debug) { 4071 log(LOG_DEBUG, "%s: chap input(%s) " 4072 "<%s id=0x%x len=%d name=", 4073 ifp->if_xname, 4074 sppp_state_name(sp->state[IDX_CHAP]), 4075 sppp_auth_type_name(PPP_CHAP, h->type), 4076 h->ident, ntohs(h->len)); 4077 sppp_print_string((char *)name, name_len); 4078 addlog(" value-size=%d value=", value_len); 4079 sppp_print_bytes(value, value_len); 4080 addlog(">\n"); 4081 } 4082 if (value_len != sizeof(sp->myauth.challenge)) { 4083 if (debug) 4084 log(LOG_DEBUG, 4085 "%s: chap bad hash value length: " 4086 "%d bytes, should be %ld\n", 4087 ifp->if_xname, value_len, 4088 (long) sizeof(sp->myauth.challenge)); 4089 goto chap_failure; 4090 } 4091 4092 MD5Init(&ctx); 4093 MD5Update(&ctx, &h->ident, 1); 4094 MD5Update(&ctx, sp->hisauth.secret, sp->hisauth.secret_len); 4095 MD5Update(&ctx, sp->myauth.challenge, sizeof(sp->myauth.challenge)); 4096 MD5Final(digest, &ctx); 4097 4098 #define FAILMSG "Failed..." 4099 #define SUCCMSG "Welcome!" 4100 4101 if (value_len != sizeof digest || 4102 memcmp(digest, value, value_len) != 0) { 4103 chap_failure: 4104 /* action scn, tld */ 4105 x = splnet(); 4106 sp->pp_auth_failures++; 4107 splx(x); 4108 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 4109 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4110 0); 4111 chap.tld(sp); 4112 break; 4113 } 4114 sp->pp_auth_failures = 0; 4115 /* action sca, perhaps tlu */ 4116 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 4117 sp->state[IDX_CHAP] == STATE_OPENED) 4118 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4119 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4120 0); 4121 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 4122 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4123 chap.tlu(sp); 4124 } 4125 break; 4126 4127 default: 4128 /* Unknown CHAP packet type -- ignore. */ 4129 if (debug) { 4130 log(LOG_DEBUG, "%s: chap unknown input(%s) " 4131 "<0x%x id=0x%xh len=%d", 4132 ifp->if_xname, 4133 sppp_state_name(sp->state[IDX_CHAP]), 4134 h->type, h->ident, ntohs(h->len)); 4135 if (len > 4) 4136 sppp_print_bytes((u_char *)(h + 1), len - 4); 4137 addlog(">\n"); 4138 } 4139 break; 4140 4141 } 4142 } 4143 4144 static void 4145 sppp_chap_init(struct sppp *sp) 4146 { 4147 /* Chap doesn't have STATE_INITIAL at all. */ 4148 sp->state[IDX_CHAP] = STATE_CLOSED; 4149 sp->fail_counter[IDX_CHAP] = 0; 4150 sp->pp_seq[IDX_CHAP] = 0; 4151 sp->pp_rseq[IDX_CHAP] = 0; 4152 callout_init(&sp->ch[IDX_CHAP]); 4153 } 4154 4155 static void 4156 sppp_chap_open(struct sppp *sp) 4157 { 4158 if (sp->myauth.proto == PPP_CHAP && 4159 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4160 /* we are authenticator for CHAP, start it */ 4161 chap.scr(sp); 4162 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4163 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4164 } 4165 /* nothing to be done if we are peer, await a challenge */ 4166 } 4167 4168 static void 4169 sppp_chap_close(struct sppp *sp) 4170 { 4171 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4172 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4173 } 4174 4175 static void 4176 sppp_chap_TO(void *cookie) 4177 { 4178 struct sppp *sp = (struct sppp *)cookie; 4179 STDDCL; 4180 int s; 4181 4182 s = splnet(); 4183 if (debug) 4184 log(LOG_DEBUG, "%s: chap TO(%s) rst_counter = %d\n", 4185 ifp->if_xname, 4186 sppp_state_name(sp->state[IDX_CHAP]), 4187 sp->rst_counter[IDX_CHAP]); 4188 4189 if (--sp->rst_counter[IDX_CHAP] < 0) 4190 /* TO- event */ 4191 switch (sp->state[IDX_CHAP]) { 4192 case STATE_REQ_SENT: 4193 chap.tld(sp); 4194 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4195 break; 4196 } 4197 else 4198 /* TO+ (or TO*) event */ 4199 switch (sp->state[IDX_CHAP]) { 4200 case STATE_OPENED: 4201 /* TO* event */ 4202 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4203 /* fall through */ 4204 case STATE_REQ_SENT: 4205 chap.scr(sp); 4206 /* sppp_cp_change_state() will restart the timer */ 4207 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4208 break; 4209 } 4210 4211 splx(s); 4212 } 4213 4214 static void 4215 sppp_chap_tlu(struct sppp *sp) 4216 { 4217 STDDCL; 4218 int i, x; 4219 4220 i = 0; 4221 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4222 4223 /* 4224 * Some broken CHAP implementations (Conware CoNet, firmware 4225 * 4.0.?) don't want to re-authenticate their CHAP once the 4226 * initial challenge-response exchange has taken place. 4227 * Provide for an option to avoid rechallenges. 4228 */ 4229 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) { 4230 /* 4231 * Compute the re-challenge timeout. This will yield 4232 * a number between 300 and 810 seconds. 4233 */ 4234 i = 300 + ((unsigned)(arc4random() & 0xff00) >> 7); 4235 4236 callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, sp); 4237 } 4238 4239 if (debug) { 4240 log(LOG_DEBUG, 4241 "%s: chap %s, ", 4242 ifp->if_xname, 4243 sp->pp_phase == SPPP_PHASE_NETWORK? "reconfirmed": "tlu"); 4244 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) 4245 addlog("next re-challenge in %d seconds\n", i); 4246 else 4247 addlog("re-challenging supressed\n"); 4248 } 4249 4250 x = splnet(); 4251 sp->pp_auth_failures = 0; 4252 /* indicate to LCP that we need to be closed down */ 4253 sp->lcp.protos |= (1 << IDX_CHAP); 4254 4255 if (sp->pp_flags & PP_NEEDAUTH) { 4256 /* 4257 * Remote is authenticator, but his auth proto didn't 4258 * complete yet. Defer the transition to network 4259 * phase. 4260 */ 4261 splx(x); 4262 return; 4263 } 4264 splx(x); 4265 4266 /* 4267 * If we are already in phase network, we are done here. This 4268 * is the case if this is a dummy tlu event after a re-challenge. 4269 */ 4270 if (sp->pp_phase != SPPP_PHASE_NETWORK) 4271 sppp_phase_network(sp); 4272 } 4273 4274 static void 4275 sppp_chap_tld(struct sppp *sp) 4276 { 4277 STDDCL; 4278 4279 if (debug) 4280 log(LOG_DEBUG, "%s: chap tld\n", ifp->if_xname); 4281 callout_stop(&sp->ch[IDX_CHAP]); 4282 sp->lcp.protos &= ~(1 << IDX_CHAP); 4283 4284 lcp.Close(sp); 4285 } 4286 4287 static void 4288 sppp_chap_scr(struct sppp *sp) 4289 { 4290 u_int32_t *ch; 4291 u_char clen; 4292 4293 if (sp->myauth.name == NULL) { 4294 /* can't do anything usefull */ 4295 printf("%s: chap starting without my name being set\n", 4296 sp->pp_if.if_xname); 4297 return; 4298 } 4299 4300 /* Compute random challenge. */ 4301 ch = (u_int32_t *)sp->myauth.challenge; 4302 ch[0] = arc4random(); 4303 ch[1] = arc4random(); 4304 ch[2] = arc4random(); 4305 ch[3] = arc4random(); 4306 clen = 16; /* 4 * sizeof(u_int32_t) */ 4307 4308 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4309 4310 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4311 sizeof clen, (const char *)&clen, 4312 sizeof(sp->myauth.challenge), sp->myauth.challenge, 4313 sp->myauth.name_len, 4314 sp->myauth.name, 4315 0); 4316 } 4317 4318 /* 4319 *--------------------------------------------------------------------------* 4320 * * 4321 * The PAP implementation. * 4322 * * 4323 *--------------------------------------------------------------------------* 4324 */ 4325 /* 4326 * For PAP, we need to keep a little state also if we are the peer, not the 4327 * authenticator. This is since we don't get a request to authenticate, but 4328 * have to repeatedly authenticate ourself until we got a response (or the 4329 * retry counter is expired). 4330 */ 4331 4332 /* 4333 * Handle incoming PAP packets. */ 4334 static void 4335 sppp_pap_input(struct sppp *sp, struct mbuf *m) 4336 { 4337 STDDCL; 4338 struct lcp_header *h; 4339 int len, x; 4340 u_char mlen; 4341 char *name, *secret; 4342 int name_len, secret_len; 4343 4344 /* 4345 * Malicious input might leave this uninitialized, so 4346 * init to an impossible value. 4347 */ 4348 secret_len = -1; 4349 4350 len = m->m_pkthdr.len; 4351 if (len < 5) { 4352 if (debug) 4353 log(LOG_DEBUG, 4354 "%s: pap invalid packet length: %d bytes\n", 4355 ifp->if_xname, len); 4356 return; 4357 } 4358 h = mtod(m, struct lcp_header *); 4359 if (len > ntohs(h->len)) 4360 len = ntohs(h->len); 4361 switch (h->type) { 4362 /* PAP request is my authproto */ 4363 case PAP_REQ: 4364 if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) { 4365 /* can't do anything usefull */ 4366 printf("%s: pap request without his name and his secret being set\n", 4367 ifp->if_xname); 4368 break; 4369 } 4370 name = 1 + (u_char *)(h + 1); 4371 name_len = name[-1]; 4372 secret = name + name_len + 1; 4373 if (name_len > len - 6 || 4374 (secret_len = secret[-1]) > len - 6 - name_len) { 4375 if (debug) { 4376 log(LOG_DEBUG, "%s: pap corrupted input " 4377 "<%s id=0x%x len=%d", 4378 ifp->if_xname, 4379 sppp_auth_type_name(PPP_PAP, h->type), 4380 h->ident, ntohs(h->len)); 4381 if (len > 4) 4382 sppp_print_bytes((u_char *)(h + 1), 4383 len - 4); 4384 addlog(">\n"); 4385 } 4386 break; 4387 } 4388 if (debug) { 4389 log(LOG_DEBUG, "%s: pap input(%s) " 4390 "<%s id=0x%x len=%d name=", 4391 ifp->if_xname, 4392 sppp_state_name(sp->state[IDX_PAP]), 4393 sppp_auth_type_name(PPP_PAP, h->type), 4394 h->ident, ntohs(h->len)); 4395 sppp_print_string((char *)name, name_len); 4396 addlog(" secret="); 4397 sppp_print_string((char *)secret, secret_len); 4398 addlog(">\n"); 4399 } 4400 if (name_len != sp->hisauth.name_len || 4401 secret_len != sp->hisauth.secret_len || 4402 memcmp(name, sp->hisauth.name, name_len) != 0 || 4403 memcmp(secret, sp->hisauth.secret, secret_len) != 0) { 4404 /* action scn, tld */ 4405 sp->pp_auth_failures++; 4406 mlen = sizeof(FAILMSG) - 1; 4407 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4408 sizeof mlen, (const char *)&mlen, 4409 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4410 0); 4411 pap.tld(sp); 4412 break; 4413 } 4414 /* action sca, perhaps tlu */ 4415 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4416 sp->state[IDX_PAP] == STATE_OPENED) { 4417 mlen = sizeof(SUCCMSG) - 1; 4418 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4419 sizeof mlen, (const char *)&mlen, 4420 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4421 0); 4422 } 4423 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4424 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4425 pap.tlu(sp); 4426 } 4427 break; 4428 4429 /* ack and nak are his authproto */ 4430 case PAP_ACK: 4431 callout_stop(&sp->pap_my_to_ch); 4432 if (debug) { 4433 log(LOG_DEBUG, "%s: pap success", 4434 ifp->if_xname); 4435 name = 1 + (u_char *)(h + 1); 4436 name_len = name[-1]; 4437 if (len > 5 && name_len < len+4) { 4438 addlog(": "); 4439 sppp_print_string(name, name_len); 4440 } 4441 addlog("\n"); 4442 } 4443 x = splnet(); 4444 sp->pp_auth_failures = 0; 4445 sp->pp_flags &= ~PP_NEEDAUTH; 4446 if (sp->myauth.proto == PPP_PAP && 4447 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4448 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4449 /* 4450 * We are authenticator for PAP but didn't 4451 * complete yet. Leave it to tlu to proceed 4452 * to network phase. 4453 */ 4454 splx(x); 4455 break; 4456 } 4457 splx(x); 4458 sppp_phase_network(sp); 4459 break; 4460 4461 case PAP_NAK: 4462 callout_stop(&sp->pap_my_to_ch); 4463 sp->pp_auth_failures++; 4464 if (debug) { 4465 log(LOG_INFO, "%s: pap failure", 4466 ifp->if_xname); 4467 name = 1 + (u_char *)(h + 1); 4468 name_len = name[-1]; 4469 if (len > 5 && name_len < len+4) { 4470 addlog(": "); 4471 sppp_print_string(name, name_len); 4472 } 4473 addlog("\n"); 4474 } else 4475 log(LOG_INFO, "%s: pap failure\n", 4476 ifp->if_xname); 4477 /* await LCP shutdown by authenticator */ 4478 break; 4479 4480 default: 4481 /* Unknown PAP packet type -- ignore. */ 4482 if (debug) { 4483 log(LOG_DEBUG, "%s: pap corrupted input " 4484 "<0x%x id=0x%x len=%d", 4485 ifp->if_xname, 4486 h->type, h->ident, ntohs(h->len)); 4487 if (len > 4) 4488 sppp_print_bytes((u_char *)(h + 1), len - 4); 4489 addlog(">\n"); 4490 } 4491 break; 4492 4493 } 4494 } 4495 4496 static void 4497 sppp_pap_init(struct sppp *sp) 4498 { 4499 /* PAP doesn't have STATE_INITIAL at all. */ 4500 sp->state[IDX_PAP] = STATE_CLOSED; 4501 sp->fail_counter[IDX_PAP] = 0; 4502 sp->pp_seq[IDX_PAP] = 0; 4503 sp->pp_rseq[IDX_PAP] = 0; 4504 callout_init(&sp->ch[IDX_PAP]); 4505 callout_init(&sp->pap_my_to_ch); 4506 } 4507 4508 static void 4509 sppp_pap_open(struct sppp *sp) 4510 { 4511 if (sp->hisauth.proto == PPP_PAP && 4512 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4513 /* we are authenticator for PAP, start our timer */ 4514 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4515 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4516 } 4517 if (sp->myauth.proto == PPP_PAP) { 4518 /* we are peer, send a request, and start a timer */ 4519 pap.scr(sp); 4520 callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout, 4521 sppp_pap_my_TO, sp); 4522 } 4523 } 4524 4525 static void 4526 sppp_pap_close(struct sppp *sp) 4527 { 4528 if (sp->state[IDX_PAP] != STATE_CLOSED) 4529 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4530 } 4531 4532 /* 4533 * That's the timeout routine if we are authenticator. Since the 4534 * authenticator is basically passive in PAP, we can't do much here. 4535 */ 4536 static void 4537 sppp_pap_TO(void *cookie) 4538 { 4539 struct sppp *sp = (struct sppp *)cookie; 4540 STDDCL; 4541 int s; 4542 4543 s = splnet(); 4544 if (debug) 4545 log(LOG_DEBUG, "%s: pap TO(%s) rst_counter = %d\n", 4546 ifp->if_xname, 4547 sppp_state_name(sp->state[IDX_PAP]), 4548 sp->rst_counter[IDX_PAP]); 4549 4550 if (--sp->rst_counter[IDX_PAP] < 0) 4551 /* TO- event */ 4552 switch (sp->state[IDX_PAP]) { 4553 case STATE_REQ_SENT: 4554 pap.tld(sp); 4555 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4556 break; 4557 } 4558 else 4559 /* TO+ event, not very much we could do */ 4560 switch (sp->state[IDX_PAP]) { 4561 case STATE_REQ_SENT: 4562 /* sppp_cp_change_state() will restart the timer */ 4563 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4564 break; 4565 } 4566 4567 splx(s); 4568 } 4569 4570 /* 4571 * That's the timeout handler if we are peer. Since the peer is active, 4572 * we need to retransmit our PAP request since it is apparently lost. 4573 * XXX We should impose a max counter. 4574 */ 4575 static void 4576 sppp_pap_my_TO(void *cookie) 4577 { 4578 struct sppp *sp = (struct sppp *)cookie; 4579 STDDCL; 4580 4581 if (debug) 4582 log(LOG_DEBUG, "%s: pap peer TO\n", 4583 ifp->if_xname); 4584 4585 pap.scr(sp); 4586 } 4587 4588 static void 4589 sppp_pap_tlu(struct sppp *sp) 4590 { 4591 STDDCL; 4592 int x; 4593 4594 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4595 4596 if (debug) 4597 log(LOG_DEBUG, "%s: %s tlu\n", 4598 ifp->if_xname, pap.name); 4599 4600 x = splnet(); 4601 sp->pp_auth_failures = 0; 4602 /* indicate to LCP that we need to be closed down */ 4603 sp->lcp.protos |= (1 << IDX_PAP); 4604 4605 if (sp->pp_flags & PP_NEEDAUTH) { 4606 /* 4607 * Remote is authenticator, but his auth proto didn't 4608 * complete yet. Defer the transition to network 4609 * phase. 4610 */ 4611 splx(x); 4612 return; 4613 } 4614 splx(x); 4615 sppp_phase_network(sp); 4616 } 4617 4618 static void 4619 sppp_pap_tld(struct sppp *sp) 4620 { 4621 STDDCL; 4622 4623 if (debug) 4624 log(LOG_DEBUG, "%s: pap tld\n", ifp->if_xname); 4625 callout_stop(&sp->ch[IDX_PAP]); 4626 callout_stop(&sp->pap_my_to_ch); 4627 sp->lcp.protos &= ~(1 << IDX_PAP); 4628 4629 lcp.Close(sp); 4630 } 4631 4632 static void 4633 sppp_pap_scr(struct sppp *sp) 4634 { 4635 u_char idlen, pwdlen; 4636 4637 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 4638 /* can't do anything usefull */ 4639 printf("%s: pap starting without my name and secret being set\n", 4640 sp->pp_if.if_xname); 4641 return; 4642 } 4643 4644 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4645 pwdlen = sp->myauth.secret_len; 4646 idlen = sp->myauth.name_len; 4647 4648 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4649 sizeof idlen, (const char *)&idlen, 4650 idlen, sp->myauth.name, 4651 sizeof pwdlen, (const char *)&pwdlen, 4652 pwdlen, sp->myauth.secret, 4653 0); 4654 } 4655 4656 /* 4657 * Random miscellaneous functions. 4658 */ 4659 4660 /* 4661 * Send a PAP or CHAP proto packet. 4662 * 4663 * Varadic function, each of the elements for the ellipsis is of type 4664 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4665 * mlen == 0. 4666 * NOTE: never declare variadic functions with types subject to type 4667 * promotion (i.e. u_char). This is asking for big trouble depending 4668 * on the architecture you are on... 4669 */ 4670 4671 static void 4672 sppp_auth_send(const struct cp *cp, struct sppp *sp, 4673 unsigned int type, unsigned int id, 4674 ...) 4675 { 4676 STDDCL; 4677 struct lcp_header *lh; 4678 struct mbuf *m; 4679 u_char *p; 4680 int len; 4681 size_t pkthdrlen; 4682 unsigned int mlen; 4683 const char *msg; 4684 va_list ap; 4685 4686 MGETHDR(m, M_DONTWAIT, MT_DATA); 4687 if (! m) 4688 return; 4689 m->m_pkthdr.rcvif = 0; 4690 4691 if (sp->pp_flags & PP_NOFRAMING) { 4692 *mtod(m, u_int16_t *) = htons(cp->proto); 4693 pkthdrlen = 2; 4694 lh = (struct lcp_header *)(mtod(m, u_int8_t *)+2); 4695 } else { 4696 struct ppp_header *h; 4697 h = mtod(m, struct ppp_header *); 4698 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4699 h->control = PPP_UI; /* Unnumbered Info */ 4700 h->protocol = htons(cp->proto); 4701 pkthdrlen = PPP_HEADER_LEN; 4702 4703 lh = (struct lcp_header *)(h + 1); 4704 } 4705 4706 lh->type = type; 4707 lh->ident = id; 4708 p = (u_char *)(lh + 1); 4709 4710 va_start(ap, id); 4711 len = 0; 4712 4713 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4714 msg = va_arg(ap, const char *); 4715 len += mlen; 4716 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) { 4717 va_end(ap); 4718 m_freem(m); 4719 return; 4720 } 4721 4722 bcopy(msg, p, mlen); 4723 p += mlen; 4724 } 4725 va_end(ap); 4726 4727 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 4728 lh->len = htons(LCP_HEADER_LEN + len); 4729 4730 if (debug) { 4731 log(LOG_DEBUG, "%s: %s output <%s id=0x%x len=%d", 4732 ifp->if_xname, cp->name, 4733 sppp_auth_type_name(cp->proto, lh->type), 4734 lh->ident, ntohs(lh->len)); 4735 if (len) 4736 sppp_print_bytes((u_char *)(lh + 1), len); 4737 addlog(">\n"); 4738 } 4739 if (IF_QFULL(&sp->pp_cpq)) { 4740 IF_DROP(&sp->pp_fastq); 4741 IF_DROP(&ifp->if_snd); 4742 m_freem(m); 4743 ++ifp->if_oerrors; 4744 return; 4745 } else 4746 IF_ENQUEUE(&sp->pp_cpq, m); 4747 if (! (ifp->if_flags & IFF_OACTIVE)) 4748 (*ifp->if_start)(ifp); 4749 ifp->if_obytes += m->m_pkthdr.len + 3; 4750 } 4751 4752 /* 4753 * Send keepalive packets, every 10 seconds. 4754 */ 4755 static void 4756 sppp_keepalive(void *dummy) 4757 { 4758 struct sppp *sp; 4759 int s; 4760 time_t now; 4761 4762 s = splnet(); 4763 now = mono_time.tv_sec; 4764 for (sp=spppq; sp; sp=sp->pp_next) { 4765 struct ifnet *ifp = &sp->pp_if; 4766 4767 /* check idle timeout */ 4768 if ((sp->pp_idle_timeout != 0) && (ifp->if_flags & IFF_RUNNING) 4769 && (sp->pp_phase == SPPP_PHASE_NETWORK)) { 4770 /* idle timeout is enabled for this interface */ 4771 if ((now-sp->pp_last_activity) >= sp->pp_idle_timeout) { 4772 if (ifp->if_flags & IFF_DEBUG) 4773 printf("%s: no activitiy for %lu seconds\n", 4774 sp->pp_if.if_xname, 4775 (unsigned long)(now-sp->pp_last_activity)); 4776 lcp.Close(sp); 4777 continue; 4778 } 4779 } 4780 4781 /* Keepalive mode disabled or channel down? */ 4782 if (! (sp->pp_flags & PP_KEEPALIVE) || 4783 ! (ifp->if_flags & IFF_RUNNING)) 4784 continue; 4785 4786 /* No keepalive in PPP mode if LCP not opened yet. */ 4787 if (! (sp->pp_flags & PP_CISCO) && 4788 sp->pp_phase < SPPP_PHASE_AUTHENTICATE) 4789 continue; 4790 4791 /* No echo reply, but maybe user data passed through? */ 4792 if ((now - sp->pp_last_receive) < sp->pp_max_noreceive) { 4793 sp->pp_alivecnt = 0; 4794 continue; 4795 } 4796 4797 if (sp->pp_alivecnt >= sp->pp_maxalive) { 4798 /* No keepalive packets got. Stop the interface. */ 4799 if_down (ifp); 4800 IF_PURGE(&sp->pp_cpq); 4801 if (! (sp->pp_flags & PP_CISCO)) { 4802 printf("%s: LCP keepalive timed out, going to restart the connection\n", 4803 ifp->if_xname); 4804 sp->pp_alivecnt = 0; 4805 4806 /* we are down, close all open protocols */ 4807 lcp.Close(sp); 4808 4809 /* And now prepare LCP to reestablish the link, if configured to do so. */ 4810 sppp_cp_change_state(&lcp, sp, STATE_STOPPED); 4811 4812 /* Close connection imediatly, completition of this 4813 * will summon the magic needed to reestablish it. */ 4814 sp->pp_tlf(sp); 4815 continue; 4816 } 4817 } 4818 if (sp->pp_alivecnt < sp->pp_maxalive) 4819 ++sp->pp_alivecnt; 4820 if (sp->pp_flags & PP_CISCO) 4821 sppp_cisco_send(sp, CISCO_KEEPALIVE_REQ, 4822 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4823 else if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 4824 int32_t nmagic = htonl(sp->lcp.magic); 4825 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4826 sppp_cp_send(sp, PPP_LCP, ECHO_REQ, 4827 sp->lcp.echoid, 4, &nmagic); 4828 } 4829 } 4830 splx(s); 4831 callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 4832 } 4833 4834 #ifdef INET 4835 /* 4836 * Get both IP addresses. 4837 */ 4838 static void 4839 sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, u_int32_t *srcmask) 4840 { 4841 struct ifnet *ifp = &sp->pp_if; 4842 struct ifaddr *ifa; 4843 struct sockaddr_in *si, *sm; 4844 u_int32_t ssrc, ddst; 4845 4846 sm = NULL; 4847 ssrc = ddst = 0; 4848 /* 4849 * Pick the first AF_INET address from the list, 4850 * aliases don't make any sense on a p2p link anyway. 4851 */ 4852 si = 0; 4853 IFADDR_FOREACH(ifa, ifp) { 4854 if (ifa->ifa_addr->sa_family == AF_INET) { 4855 si = (struct sockaddr_in *)ifa->ifa_addr; 4856 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4857 if (si) 4858 break; 4859 } 4860 } 4861 if (ifa) { 4862 if (si && si->sin_addr.s_addr) { 4863 ssrc = si->sin_addr.s_addr; 4864 if (srcmask) 4865 *srcmask = ntohl(sm->sin_addr.s_addr); 4866 } 4867 4868 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4869 if (si && si->sin_addr.s_addr) 4870 ddst = si->sin_addr.s_addr; 4871 } 4872 4873 if (dst) *dst = ntohl(ddst); 4874 if (src) *src = ntohl(ssrc); 4875 } 4876 4877 /* 4878 * Set IP addresses. Must be called at splnet. 4879 * If an address is 0, leave it the way it is. 4880 */ 4881 static void 4882 sppp_set_ip_addrs(struct sppp *sp, u_int32_t myaddr, u_int32_t hisaddr) 4883 { 4884 STDDCL; 4885 struct ifaddr *ifa; 4886 struct sockaddr_in *si, *dest; 4887 4888 /* 4889 * Pick the first AF_INET address from the list, 4890 * aliases don't make any sense on a p2p link anyway. 4891 */ 4892 4893 IFADDR_FOREACH(ifa, ifp) { 4894 if (ifa->ifa_addr->sa_family == AF_INET) { 4895 si = (struct sockaddr_in *)ifa->ifa_addr; 4896 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 4897 goto found; 4898 } 4899 } 4900 return; 4901 4902 found: 4903 { 4904 int error; 4905 struct sockaddr_in new_sin = *si; 4906 struct sockaddr_in new_dst = *dest; 4907 4908 /* 4909 * Scrub old routes now instead of calling in_ifinit with 4910 * scrub=1, because we may change the dstaddr 4911 * before the call to in_ifinit. 4912 */ 4913 in_ifscrub(ifp, ifatoia(ifa)); 4914 4915 if (myaddr != 0) 4916 new_sin.sin_addr.s_addr = htonl(myaddr); 4917 if (hisaddr != 0) { 4918 new_dst.sin_addr.s_addr = htonl(hisaddr); 4919 if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) { 4920 sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr; 4921 *dest = new_dst; /* fix dstaddr in place */ 4922 } 4923 } 4924 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 0); 4925 if (debug && error) 4926 { 4927 log(LOG_DEBUG, "%s: sppp_set_ip_addrs: in_ifinit " 4928 " failed, error=%d\n", ifp->if_xname, error); 4929 } 4930 #ifdef PFIL_HOOKS 4931 if (!error) 4932 (void)pfil_run_hooks(&if_pfil, 4933 (struct mbuf **)SIOCAIFADDR, ifp, PFIL_IFADDR); 4934 #endif 4935 } 4936 } 4937 4938 /* 4939 * Clear IP addresses. Must be called at splnet. 4940 */ 4941 static void 4942 sppp_clear_ip_addrs(struct sppp *sp) 4943 { 4944 struct ifnet *ifp = &sp->pp_if; 4945 struct ifaddr *ifa; 4946 struct sockaddr_in *si, *dest; 4947 4948 u_int32_t remote; 4949 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 4950 remote = sp->ipcp.saved_hisaddr; 4951 else 4952 sppp_get_ip_addrs(sp, 0, &remote, 0); 4953 4954 /* 4955 * Pick the first AF_INET address from the list, 4956 * aliases don't make any sense on a p2p link anyway. 4957 */ 4958 4959 IFADDR_FOREACH(ifa, ifp) { 4960 if (ifa->ifa_addr->sa_family == AF_INET) { 4961 si = (struct sockaddr_in *)ifa->ifa_addr; 4962 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 4963 goto found; 4964 } 4965 } 4966 return; 4967 4968 found: 4969 { 4970 struct sockaddr_in new_sin = *si; 4971 4972 in_ifscrub(ifp, ifatoia(ifa)); 4973 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 4974 new_sin.sin_addr.s_addr = 0; 4975 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 4976 /* replace peer addr in place */ 4977 dest->sin_addr.s_addr = sp->ipcp.saved_hisaddr; 4978 in_ifinit(ifp, ifatoia(ifa), &new_sin, 0); 4979 #ifdef PFIL_HOOKS 4980 (void)pfil_run_hooks(&if_pfil, 4981 (struct mbuf **)SIOCDIFADDR, ifp, PFIL_IFADDR); 4982 #endif 4983 } 4984 } 4985 #endif 4986 4987 #ifdef INET6 4988 /* 4989 * Get both IPv6 addresses. 4990 */ 4991 static void 4992 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4993 struct in6_addr *srcmask) 4994 { 4995 struct ifnet *ifp = &sp->pp_if; 4996 struct ifaddr *ifa; 4997 struct sockaddr_in6 *si, *sm; 4998 struct in6_addr ssrc, ddst; 4999 5000 sm = NULL; 5001 memset(&ssrc, 0, sizeof(ssrc)); 5002 memset(&ddst, 0, sizeof(ddst)); 5003 /* 5004 * Pick the first link-local AF_INET6 address from the list, 5005 * aliases don't make any sense on a p2p link anyway. 5006 */ 5007 si = 0; 5008 IFADDR_FOREACH(ifa, ifp) 5009 if (ifa->ifa_addr->sa_family == AF_INET6) { 5010 si = (struct sockaddr_in6 *)ifa->ifa_addr; 5011 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 5012 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 5013 break; 5014 } 5015 if (ifa) { 5016 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 5017 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 5018 if (srcmask) { 5019 bcopy(&sm->sin6_addr, srcmask, 5020 sizeof(*srcmask)); 5021 } 5022 } 5023 5024 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 5025 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 5026 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 5027 } 5028 5029 if (dst) 5030 bcopy(&ddst, dst, sizeof(*dst)); 5031 if (src) 5032 bcopy(&ssrc, src, sizeof(*src)); 5033 } 5034 5035 #ifdef IPV6CP_MYIFID_DYN 5036 /* 5037 * Generate random ifid. 5038 */ 5039 static void 5040 sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 5041 { 5042 /* TBD */ 5043 } 5044 5045 /* 5046 * Set my IPv6 address. Must be called at splnet. 5047 */ 5048 static void 5049 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 5050 { 5051 STDDCL; 5052 struct ifaddr *ifa; 5053 struct sockaddr_in6 *sin6; 5054 5055 /* 5056 * Pick the first link-local AF_INET6 address from the list, 5057 * aliases don't make any sense on a p2p link anyway. 5058 */ 5059 5060 sin6 = NULL; 5061 IFADDR_FOREACH(ifa, ifp) 5062 { 5063 if (ifa->ifa_addr->sa_family == AF_INET6) 5064 { 5065 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 5066 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 5067 break; 5068 } 5069 } 5070 5071 if (ifa && sin6) 5072 { 5073 int error; 5074 struct sockaddr_in6 new_sin6 = *sin6; 5075 5076 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 5077 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 5078 if (debug && error) 5079 { 5080 log(LOG_DEBUG, "%s: sppp_set_ip6_addr: in6_ifinit " 5081 " failed, error=%d\n", ifp->if_xname, error); 5082 } 5083 #ifdef PFIL_HOOKS 5084 if (!error) 5085 (void)pfil_run_hooks(&if_pfil, 5086 (struct mbuf **)SIOCAIFADDR_IN6, ifp, PFIL_IFADDR); 5087 #endif 5088 } 5089 } 5090 #endif 5091 5092 /* 5093 * Suggest a candidate address to be used by peer. 5094 */ 5095 static void 5096 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 5097 { 5098 struct in6_addr myaddr; 5099 struct timeval tv; 5100 5101 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 5102 5103 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 5104 microtime(&tv); 5105 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 5106 myaddr.s6_addr[14] ^= 0xff; 5107 myaddr.s6_addr[15] ^= 0xff; 5108 } else { 5109 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 5110 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 5111 } 5112 if (suggest) 5113 bcopy(&myaddr, suggest, sizeof(myaddr)); 5114 } 5115 #endif /*INET6*/ 5116 5117 /* 5118 * Process ioctl requests specific to the PPP interface. 5119 * Permissions have already been checked. 5120 */ 5121 static int 5122 sppp_params(struct sppp *sp, int cmd, void *data) 5123 { 5124 switch (cmd) { 5125 case SPPPGETAUTHCFG: 5126 { 5127 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 5128 int error; 5129 size_t len; 5130 5131 cfg->myauthflags = sp->myauth.flags; 5132 cfg->hisauthflags = sp->hisauth.flags; 5133 strncpy(cfg->ifname, sp->pp_if.if_xname, IFNAMSIZ); 5134 cfg->hisauth = 0; 5135 if (sp->hisauth.proto) 5136 cfg->hisauth = (sp->hisauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP; 5137 cfg->myauth = 0; 5138 if (sp->myauth.proto) 5139 cfg->myauth = (sp->myauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP; 5140 if (cfg->myname_length == 0) { 5141 if (sp->myauth.name != NULL) 5142 cfg->myname_length = sp->myauth.name_len + 1; 5143 } else { 5144 if (sp->myauth.name == NULL) { 5145 cfg->myname_length = 0; 5146 } else { 5147 len = sp->myauth.name_len + 1; 5148 if (cfg->myname_length < len) 5149 return (ENAMETOOLONG); 5150 error = copyout(sp->myauth.name, cfg->myname, len); 5151 if (error) return error; 5152 } 5153 } 5154 if (cfg->hisname_length == 0) { 5155 if (sp->hisauth.name != NULL) 5156 cfg->hisname_length = sp->hisauth.name_len + 1; 5157 } else { 5158 if (sp->hisauth.name == NULL) { 5159 cfg->hisname_length = 0; 5160 } else { 5161 len = sp->hisauth.name_len + 1; 5162 if (cfg->hisname_length < len) 5163 return (ENAMETOOLONG); 5164 error = copyout(sp->hisauth.name, cfg->hisname, len); 5165 if (error) return error; 5166 } 5167 } 5168 } 5169 break; 5170 case SPPPSETAUTHCFG: 5171 { 5172 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 5173 int error; 5174 5175 if (sp->myauth.name) { 5176 free(sp->myauth.name, M_DEVBUF); 5177 sp->myauth.name = NULL; 5178 } 5179 if (sp->myauth.secret) { 5180 free(sp->myauth.secret, M_DEVBUF); 5181 sp->myauth.secret = NULL; 5182 } 5183 if (sp->hisauth.name) { 5184 free(sp->hisauth.name, M_DEVBUF); 5185 sp->hisauth.name = NULL; 5186 } 5187 if (sp->hisauth.secret) { 5188 free(sp->hisauth.secret, M_DEVBUF); 5189 sp->hisauth.secret = NULL; 5190 } 5191 5192 if (cfg->hisname != NULL && cfg->hisname_length > 0) { 5193 if (cfg->hisname_length >= MCLBYTES) 5194 return (ENAMETOOLONG); 5195 sp->hisauth.name = malloc(cfg->hisname_length, M_DEVBUF, M_WAITOK); 5196 error = copyin(cfg->hisname, sp->hisauth.name, cfg->hisname_length); 5197 if (error) { 5198 free(sp->hisauth.name, M_DEVBUF); 5199 sp->hisauth.name = NULL; 5200 return error; 5201 } 5202 sp->hisauth.name_len = cfg->hisname_length - 1; 5203 sp->hisauth.name[sp->hisauth.name_len] = 0; 5204 } 5205 if (cfg->hissecret != NULL && cfg->hissecret_length > 0) { 5206 if (cfg->hissecret_length >= MCLBYTES) 5207 return (ENAMETOOLONG); 5208 sp->hisauth.secret = malloc(cfg->hissecret_length, M_DEVBUF, M_WAITOK); 5209 error = copyin(cfg->hissecret, sp->hisauth.secret, cfg->hissecret_length); 5210 if (error) { 5211 free(sp->hisauth.secret, M_DEVBUF); 5212 sp->hisauth.secret = NULL; 5213 return error; 5214 } 5215 sp->hisauth.secret_len = cfg->hissecret_length - 1; 5216 sp->hisauth.secret[sp->hisauth.secret_len] = 0; 5217 } 5218 if (cfg->myname != NULL && cfg->myname_length > 0) { 5219 if (cfg->myname_length >= MCLBYTES) 5220 return (ENAMETOOLONG); 5221 sp->myauth.name = malloc(cfg->myname_length, M_DEVBUF, M_WAITOK); 5222 error = copyin(cfg->myname, sp->myauth.name, cfg->myname_length); 5223 if (error) { 5224 free(sp->myauth.name, M_DEVBUF); 5225 sp->myauth.name = NULL; 5226 return error; 5227 } 5228 sp->myauth.name_len = cfg->myname_length - 1; 5229 sp->myauth.name[sp->myauth.name_len] = 0; 5230 } 5231 if (cfg->mysecret != NULL && cfg->mysecret_length > 0) { 5232 if (cfg->mysecret_length >= MCLBYTES) 5233 return (ENAMETOOLONG); 5234 sp->myauth.secret = malloc(cfg->mysecret_length, M_DEVBUF, M_WAITOK); 5235 error = copyin(cfg->mysecret, sp->myauth.secret, cfg->mysecret_length); 5236 if (error) { 5237 free(sp->myauth.secret, M_DEVBUF); 5238 sp->myauth.secret = NULL; 5239 return error; 5240 } 5241 sp->myauth.secret_len = cfg->mysecret_length - 1; 5242 sp->myauth.secret[sp->myauth.secret_len] = 0; 5243 } 5244 sp->myauth.flags = cfg->myauthflags; 5245 if (cfg->myauth) 5246 sp->myauth.proto = (cfg->myauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP; 5247 sp->hisauth.flags = cfg->hisauthflags; 5248 if (cfg->hisauth) 5249 sp->hisauth.proto = (cfg->hisauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP; 5250 sp->pp_auth_failures = 0; 5251 if (sp->hisauth.proto != 0) 5252 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 5253 else 5254 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 5255 } 5256 break; 5257 case SPPPGETLCPCFG: 5258 { 5259 struct sppplcpcfg *lcp = (struct sppplcpcfg *)data; 5260 lcp->lcp_timeout = sp->lcp.timeout; 5261 } 5262 break; 5263 case SPPPSETLCPCFG: 5264 { 5265 struct sppplcpcfg *lcp = (struct sppplcpcfg *)data; 5266 sp->lcp.timeout = lcp->lcp_timeout; 5267 } 5268 break; 5269 case SPPPGETSTATUS: 5270 { 5271 struct spppstatus *status = (struct spppstatus *)data; 5272 status->phase = sp->pp_phase; 5273 } 5274 break; 5275 case SPPPGETSTATUSNCP: 5276 { 5277 struct spppstatusncp *status = (struct spppstatusncp *)data; 5278 status->phase = sp->pp_phase; 5279 status->ncpup = sppp_ncp_check(sp); 5280 } 5281 break; 5282 case SPPPGETIDLETO: 5283 { 5284 struct spppidletimeout *to = (struct spppidletimeout *)data; 5285 to->idle_seconds = sp->pp_idle_timeout; 5286 } 5287 break; 5288 case SPPPSETIDLETO: 5289 { 5290 struct spppidletimeout *to = (struct spppidletimeout *)data; 5291 sp->pp_idle_timeout = to->idle_seconds; 5292 } 5293 break; 5294 case SPPPSETAUTHFAILURE: 5295 { 5296 struct spppauthfailuresettings *afsettings = (struct spppauthfailuresettings *)data; 5297 sp->pp_max_auth_fail = afsettings->max_failures; 5298 sp->pp_auth_failures = 0; 5299 } 5300 break; 5301 case SPPPGETAUTHFAILURES: 5302 { 5303 struct spppauthfailurestats *stats = (struct spppauthfailurestats *)data; 5304 stats->auth_failures = sp->pp_auth_failures; 5305 stats->max_failures = sp->pp_max_auth_fail; 5306 } 5307 break; 5308 case SPPPSETDNSOPTS: 5309 { 5310 struct spppdnssettings *req = (struct spppdnssettings *)data; 5311 sp->query_dns = req->query_dns & 3; 5312 } 5313 break; 5314 case SPPPGETDNSOPTS: 5315 { 5316 struct spppdnssettings *req = (struct spppdnssettings *)data; 5317 req->query_dns = sp->query_dns; 5318 } 5319 break; 5320 case SPPPGETDNSADDRS: 5321 { 5322 struct spppdnsaddrs *addrs = (struct spppdnsaddrs *)data; 5323 memcpy(&addrs->dns, &sp->dns_addrs, sizeof addrs->dns); 5324 } 5325 break; 5326 case SPPPGETKEEPALIVE: 5327 { 5328 struct spppkeepalivesettings *settings = 5329 (struct spppkeepalivesettings*)data; 5330 settings->maxalive = sp->pp_maxalive; 5331 settings->max_noreceive = sp->pp_max_noreceive; 5332 } 5333 break; 5334 case SPPPSETKEEPALIVE: 5335 { 5336 struct spppkeepalivesettings *settings = 5337 (struct spppkeepalivesettings*)data; 5338 sp->pp_maxalive = settings->maxalive; 5339 sp->pp_max_noreceive = settings->max_noreceive; 5340 } 5341 break; 5342 default: 5343 return (EINVAL); 5344 } 5345 5346 return (0); 5347 } 5348 5349 static void 5350 sppp_phase_network(struct sppp *sp) 5351 { 5352 STDDCL; 5353 int i; 5354 u_int32_t mask; 5355 5356 sp->pp_phase = SPPP_PHASE_NETWORK; 5357 5358 if (debug) 5359 { 5360 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 5361 sppp_phase_name(sp->pp_phase)); 5362 } 5363 5364 /* Notify NCPs now. */ 5365 for (i = 0; i < IDX_COUNT; i++) 5366 if ((cps[i])->flags & CP_NCP) 5367 (cps[i])->Open(sp); 5368 5369 /* Send Up events to all NCPs. */ 5370 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5371 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5372 (cps[i])->Up(sp); 5373 5374 /* if no NCP is starting, all this was in vain, close down */ 5375 sppp_lcp_check_and_close(sp); 5376 } 5377 5378 5379 static const char * 5380 sppp_cp_type_name(u_char type) 5381 { 5382 static char buf[12]; 5383 switch (type) { 5384 case CONF_REQ: return "conf-req"; 5385 case CONF_ACK: return "conf-ack"; 5386 case CONF_NAK: return "conf-nak"; 5387 case CONF_REJ: return "conf-rej"; 5388 case TERM_REQ: return "term-req"; 5389 case TERM_ACK: return "term-ack"; 5390 case CODE_REJ: return "code-rej"; 5391 case PROTO_REJ: return "proto-rej"; 5392 case ECHO_REQ: return "echo-req"; 5393 case ECHO_REPLY: return "echo-reply"; 5394 case DISC_REQ: return "discard-req"; 5395 } 5396 snprintf(buf, sizeof(buf), "0x%x", type); 5397 return buf; 5398 } 5399 5400 static const char * 5401 sppp_auth_type_name(u_short proto, u_char type) 5402 { 5403 static char buf[12]; 5404 switch (proto) { 5405 case PPP_CHAP: 5406 switch (type) { 5407 case CHAP_CHALLENGE: return "challenge"; 5408 case CHAP_RESPONSE: return "response"; 5409 case CHAP_SUCCESS: return "success"; 5410 case CHAP_FAILURE: return "failure"; 5411 } 5412 case PPP_PAP: 5413 switch (type) { 5414 case PAP_REQ: return "req"; 5415 case PAP_ACK: return "ack"; 5416 case PAP_NAK: return "nak"; 5417 } 5418 } 5419 snprintf(buf, sizeof(buf), "0x%x", type); 5420 return buf; 5421 } 5422 5423 static const char * 5424 sppp_lcp_opt_name(u_char opt) 5425 { 5426 static char buf[12]; 5427 switch (opt) { 5428 case LCP_OPT_MRU: return "mru"; 5429 case LCP_OPT_ASYNC_MAP: return "async-map"; 5430 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5431 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5432 case LCP_OPT_MAGIC: return "magic"; 5433 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5434 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5435 } 5436 snprintf(buf, sizeof(buf), "0x%x", opt); 5437 return buf; 5438 } 5439 5440 static const char * 5441 sppp_ipcp_opt_name(u_char opt) 5442 { 5443 static char buf[12]; 5444 switch (opt) { 5445 case IPCP_OPT_ADDRESSES: return "addresses"; 5446 case IPCP_OPT_COMPRESSION: return "compression"; 5447 case IPCP_OPT_ADDRESS: return "address"; 5448 } 5449 snprintf(buf, sizeof(buf), "0x%x", opt); 5450 return buf; 5451 } 5452 5453 #ifdef INET6 5454 static const char * 5455 sppp_ipv6cp_opt_name(u_char opt) 5456 { 5457 static char buf[12]; 5458 switch (opt) { 5459 case IPV6CP_OPT_IFID: return "ifid"; 5460 case IPV6CP_OPT_COMPRESSION: return "compression"; 5461 } 5462 snprintf(buf, sizeof(buf), "0x%x", opt); 5463 return buf; 5464 } 5465 #endif 5466 5467 static const char * 5468 sppp_state_name(int state) 5469 { 5470 switch (state) { 5471 case STATE_INITIAL: return "initial"; 5472 case STATE_STARTING: return "starting"; 5473 case STATE_CLOSED: return "closed"; 5474 case STATE_STOPPED: return "stopped"; 5475 case STATE_CLOSING: return "closing"; 5476 case STATE_STOPPING: return "stopping"; 5477 case STATE_REQ_SENT: return "req-sent"; 5478 case STATE_ACK_RCVD: return "ack-rcvd"; 5479 case STATE_ACK_SENT: return "ack-sent"; 5480 case STATE_OPENED: return "opened"; 5481 } 5482 return "illegal"; 5483 } 5484 5485 static const char * 5486 sppp_phase_name(int phase) 5487 { 5488 switch (phase) { 5489 case SPPP_PHASE_DEAD: return "dead"; 5490 case SPPP_PHASE_ESTABLISH: return "establish"; 5491 case SPPP_PHASE_TERMINATE: return "terminate"; 5492 case SPPP_PHASE_AUTHENTICATE: return "authenticate"; 5493 case SPPP_PHASE_NETWORK: return "network"; 5494 } 5495 return "illegal"; 5496 } 5497 5498 static const char * 5499 sppp_proto_name(u_short proto) 5500 { 5501 static char buf[12]; 5502 switch (proto) { 5503 case PPP_LCP: return "lcp"; 5504 case PPP_IPCP: return "ipcp"; 5505 case PPP_PAP: return "pap"; 5506 case PPP_CHAP: return "chap"; 5507 case PPP_IPV6CP: return "ipv6cp"; 5508 } 5509 snprintf(buf, sizeof(buf), "0x%x", (unsigned)proto); 5510 return buf; 5511 } 5512 5513 static void 5514 sppp_print_bytes(const u_char *p, u_short len) 5515 { 5516 addlog(" %02x", *p++); 5517 while (--len > 0) 5518 addlog("-%02x", *p++); 5519 } 5520 5521 static void 5522 sppp_print_string(const char *p, u_short len) 5523 { 5524 u_char c; 5525 5526 while (len-- > 0) { 5527 c = *p++; 5528 /* 5529 * Print only ASCII chars directly. RFC 1994 recommends 5530 * using only them, but we don't rely on it. */ 5531 if (c < ' ' || c > '~') 5532 addlog("\\x%x", c); 5533 else 5534 addlog("%c", c); 5535 } 5536 } 5537 5538 static const char * 5539 sppp_dotted_quad(u_int32_t addr) 5540 { 5541 static char s[16]; 5542 snprintf(s, sizeof(s), "%d.%d.%d.%d", 5543 (int)((addr >> 24) & 0xff), 5544 (int)((addr >> 16) & 0xff), 5545 (int)((addr >> 8) & 0xff), 5546 (int)(addr & 0xff)); 5547 return s; 5548 } 5549 5550 /* a dummy, used to drop uninteresting events */ 5551 static void 5552 sppp_null(struct sppp *unused) 5553 { 5554 /* do just nothing */ 5555 } 5556 /* 5557 * This file is large. Tell emacs to highlight it nevertheless. 5558 * 5559 * Local Variables: 5560 * hilit-auto-highlight-maxout: 120000 5561 * End: 5562 */
Cache object: 9a885afa362d70fabb08d10b23933b49
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]