Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/net/if_spppsubr.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* $NetBSD: if_spppsubr.c,v 1.114 2008/10/03 18:33:06 pooka Exp $ */ 2 3 /* 4 * Synchronous PPP/Cisco link level subroutines. 5 * Keepalive protocol implemented in both Cisco and PPP modes. 6 * 7 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 8 * Author: Serge Vakulenko, <vak@cronyx.ru> 9 * 10 * Heavily revamped to conform to RFC 1661. 11 * Copyright (C) 1997, Joerg Wunsch. 12 * 13 * RFC2472 IPv6CP support. 14 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun@iijlab.net>. 15 * 16 * Redistribution and use in source and binary forms, with or without 17 * modification, are permitted provided that the following conditions are met: 18 * 1. Redistributions of source code must retain the above copyright notice, 19 * this list of conditions and the following disclaimer. 20 * 2. Redistributions in binary form must reproduce the above copyright notice, 21 * this list of conditions and the following disclaimer in the documentation 22 * and/or other materials provided with the distribution. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY 25 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE 28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 32 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 34 * POSSIBILITY OF SUCH DAMAGE. 35 * 36 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 37 * 38 * From: if_spppsubr.c,v 1.39 1998/04/04 13:26:03 phk Exp 39 * 40 * From: Id: if_spppsubr.c,v 1.23 1999/02/23 14:47:50 hm Exp 41 */ 42 43 #include <sys/cdefs.h> 44 __KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.114 2008/10/03 18:33:06 pooka Exp $"); 45 46 #include "opt_inet.h" 47 #include "opt_ipx.h" 48 #include "opt_iso.h" 49 #include "opt_pfil_hooks.h" 50 51 #include <sys/param.h> 52 #include <sys/proc.h> 53 #include <sys/systm.h> 54 #include <sys/kernel.h> 55 #include <sys/sockio.h> 56 #include <sys/socket.h> 57 #include <sys/syslog.h> 58 #include <sys/malloc.h> 59 #include <sys/mbuf.h> 60 #include <sys/callout.h> 61 #include <sys/md5.h> 62 #include <sys/inttypes.h> 63 #include <sys/kauth.h> 64 65 #include <net/if.h> 66 #include <net/netisr.h> 67 #include <net/if_types.h> 68 #include <net/route.h> 69 #include <net/ppp_defs.h> 70 71 #include <machine/stdarg.h> 72 73 #include <netinet/in.h> 74 #include <netinet/in_systm.h> 75 #include <netinet/in_var.h> 76 #ifdef INET 77 #include <netinet/ip.h> 78 #include <netinet/tcp.h> 79 #endif 80 #include <net/ethertypes.h> 81 82 #ifdef INET6 83 #include <netinet6/scope6_var.h> 84 #endif 85 86 #ifdef IPX 87 #include <netipx/ipx.h> 88 #include <netipx/ipx_if.h> 89 #endif 90 91 92 #ifdef ISO 93 #include <netiso/argo_debug.h> 94 #include <netiso/iso.h> 95 #include <netiso/iso_var.h> 96 #include <netiso/iso_snpac.h> 97 #endif 98 99 #include <net/if_sppp.h> 100 #include <net/if_spppvar.h> 101 102 #define LCP_KEEPALIVE_INTERVAL 10 /* seconds between checks */ 103 #define LOOPALIVECNT 3 /* loopback detection tries */ 104 #define DEFAULT_MAXALIVECNT 3 /* max. missed alive packets */ 105 #define DEFAULT_NORECV_TIME 15 /* before we get worried */ 106 #define DEFAULT_MAX_AUTH_FAILURES 5 /* max. auth. failures */ 107 108 /* 109 * Interface flags that can be set in an ifconfig command. 110 * 111 * Setting link0 will make the link passive, i.e. it will be marked 112 * as being administrative openable, but won't be opened to begin 113 * with. Incoming calls will be answered, or subsequent calls with 114 * -link1 will cause the administrative open of the LCP layer. 115 * 116 * Setting link1 will cause the link to auto-dial only as packets 117 * arrive to be sent. 118 * 119 * Setting IFF_DEBUG will syslog the option negotiation and state 120 * transitions at level kern.debug. Note: all logs consistently look 121 * like 122 * 123 * <if-name><unit>: <proto-name> <additional info...> 124 * 125 * with <if-name><unit> being something like "bppp0", and <proto-name> 126 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 127 */ 128 129 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 130 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 131 132 #define CONF_REQ 1 /* PPP configure request */ 133 #define CONF_ACK 2 /* PPP configure acknowledge */ 134 #define CONF_NAK 3 /* PPP configure negative ack */ 135 #define CONF_REJ 4 /* PPP configure reject */ 136 #define TERM_REQ 5 /* PPP terminate request */ 137 #define TERM_ACK 6 /* PPP terminate acknowledge */ 138 #define CODE_REJ 7 /* PPP code reject */ 139 #define PROTO_REJ 8 /* PPP protocol reject */ 140 #define ECHO_REQ 9 /* PPP echo request */ 141 #define ECHO_REPLY 10 /* PPP echo reply */ 142 #define DISC_REQ 11 /* PPP discard request */ 143 144 #define LCP_OPT_MRU 1 /* maximum receive unit */ 145 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 146 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 147 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 148 #define LCP_OPT_MAGIC 5 /* magic number */ 149 #define LCP_OPT_RESERVED 6 /* reserved */ 150 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 151 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 152 153 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 154 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol */ 155 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 156 #define IPCP_OPT_PRIMDNS 129 /* primary remote dns address */ 157 #define IPCP_OPT_SECDNS 131 /* secondary remote dns address */ 158 159 #define IPV6CP_OPT_IFID 1 /* interface identifier */ 160 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 161 162 #define PAP_REQ 1 /* PAP name/password request */ 163 #define PAP_ACK 2 /* PAP acknowledge */ 164 #define PAP_NAK 3 /* PAP fail */ 165 166 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 167 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 168 #define CHAP_SUCCESS 3 /* CHAP response ok */ 169 #define CHAP_FAILURE 4 /* CHAP response failed */ 170 171 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 172 173 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 174 #define CISCO_UNICAST 0x0f /* Cisco unicast address */ 175 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 176 #define CISCO_ADDR_REQ 0 /* Cisco address request */ 177 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 178 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 179 180 /* states are named and numbered according to RFC 1661 */ 181 #define STATE_INITIAL 0 182 #define STATE_STARTING 1 183 #define STATE_CLOSED 2 184 #define STATE_STOPPED 3 185 #define STATE_CLOSING 4 186 #define STATE_STOPPING 5 187 #define STATE_REQ_SENT 6 188 #define STATE_ACK_RCVD 7 189 #define STATE_ACK_SENT 8 190 #define STATE_OPENED 9 191 192 struct ppp_header { 193 uint8_t address; 194 uint8_t control; 195 uint16_t protocol; 196 } __packed; 197 #define PPP_HEADER_LEN sizeof (struct ppp_header) 198 199 struct lcp_header { 200 uint8_t type; 201 uint8_t ident; 202 uint16_t len; 203 } __packed; 204 #define LCP_HEADER_LEN sizeof (struct lcp_header) 205 206 struct cisco_packet { 207 uint32_t type; 208 uint32_t par1; 209 uint32_t par2; 210 uint16_t rel; 211 uint16_t time0; 212 uint16_t time1; 213 } __packed; 214 #define CISCO_PACKET_LEN 18 215 216 /* 217 * We follow the spelling and capitalization of RFC 1661 here, to make 218 * it easier comparing with the standard. Please refer to this RFC in 219 * case you can't make sense out of these abbreviation; it will also 220 * explain the semantics related to the various events and actions. 221 */ 222 struct cp { 223 u_short proto; /* PPP control protocol number */ 224 u_char protoidx; /* index into state table in struct sppp */ 225 u_char flags; 226 #define CP_LCP 0x01 /* this is the LCP */ 227 #define CP_AUTH 0x02 /* this is an authentication protocol */ 228 #define CP_NCP 0x04 /* this is a NCP */ 229 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 230 const char *name; /* name of this control protocol */ 231 /* event handlers */ 232 void (*Up)(struct sppp *sp); 233 void (*Down)(struct sppp *sp); 234 void (*Open)(struct sppp *sp); 235 void (*Close)(struct sppp *sp); 236 void (*TO)(void *sp); 237 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 238 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 239 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 240 /* actions */ 241 void (*tlu)(struct sppp *sp); 242 void (*tld)(struct sppp *sp); 243 void (*tls)(struct sppp *sp); 244 void (*tlf)(struct sppp *sp); 245 void (*scr)(struct sppp *sp); 246 }; 247 248 static struct sppp *spppq; 249 static callout_t keepalive_ch; 250 251 #ifdef INET 252 /* 253 * The following disgusting hack gets around the problem that IP TOS 254 * can't be set yet. We want to put "interactive" traffic on a high 255 * priority queue. To decide if traffic is interactive, we check that 256 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 257 * 258 * XXX is this really still necessary? - joerg - 259 */ 260 static u_short interactive_ports[8] = { 261 0, 513, 0, 0, 262 0, 21, 0, 23, 263 }; 264 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 265 #endif 266 267 /* almost every function needs these */ 268 #define STDDCL \ 269 struct ifnet *ifp = &sp->pp_if; \ 270 int debug = ifp->if_flags & IFF_DEBUG 271 272 static int sppp_output(struct ifnet *ifp, struct mbuf *m, 273 const struct sockaddr *dst, struct rtentry *rt); 274 275 static void sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2); 276 static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 277 278 static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 279 struct mbuf *m); 280 static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 281 u_char ident, u_short len, void *data); 282 /* static void sppp_cp_timeout(void *arg); */ 283 static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 284 int newstate); 285 static void sppp_auth_send(const struct cp *cp, 286 struct sppp *sp, unsigned int type, unsigned int id, 287 ...); 288 289 static void sppp_up_event(const struct cp *cp, struct sppp *sp); 290 static void sppp_down_event(const struct cp *cp, struct sppp *sp); 291 static void sppp_open_event(const struct cp *cp, struct sppp *sp); 292 static void sppp_close_event(const struct cp *cp, struct sppp *sp); 293 static void sppp_to_event(const struct cp *cp, struct sppp *sp); 294 295 static void sppp_null(struct sppp *sp); 296 297 static void sppp_lcp_init(struct sppp *sp); 298 static void sppp_lcp_up(struct sppp *sp); 299 static void sppp_lcp_down(struct sppp *sp); 300 static void sppp_lcp_open(struct sppp *sp); 301 static void sppp_lcp_close(struct sppp *sp); 302 static void sppp_lcp_TO(void *sp); 303 static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 304 static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 305 static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 306 static void sppp_lcp_tlu(struct sppp *sp); 307 static void sppp_lcp_tld(struct sppp *sp); 308 static void sppp_lcp_tls(struct sppp *sp); 309 static void sppp_lcp_tlf(struct sppp *sp); 310 static void sppp_lcp_scr(struct sppp *sp); 311 static void sppp_lcp_check_and_close(struct sppp *sp); 312 static int sppp_ncp_check(struct sppp *sp); 313 314 static void sppp_ipcp_init(struct sppp *sp); 315 static void sppp_ipcp_up(struct sppp *sp); 316 static void sppp_ipcp_down(struct sppp *sp); 317 static void sppp_ipcp_open(struct sppp *sp); 318 static void sppp_ipcp_close(struct sppp *sp); 319 static void sppp_ipcp_TO(void *sp); 320 static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 321 static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 322 static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 323 static void sppp_ipcp_tlu(struct sppp *sp); 324 static void sppp_ipcp_tld(struct sppp *sp); 325 static void sppp_ipcp_tls(struct sppp *sp); 326 static void sppp_ipcp_tlf(struct sppp *sp); 327 static void sppp_ipcp_scr(struct sppp *sp); 328 329 static void sppp_ipv6cp_init(struct sppp *sp); 330 static void sppp_ipv6cp_up(struct sppp *sp); 331 static void sppp_ipv6cp_down(struct sppp *sp); 332 static void sppp_ipv6cp_open(struct sppp *sp); 333 static void sppp_ipv6cp_close(struct sppp *sp); 334 static void sppp_ipv6cp_TO(void *sp); 335 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 336 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 337 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 338 static void sppp_ipv6cp_tlu(struct sppp *sp); 339 static void sppp_ipv6cp_tld(struct sppp *sp); 340 static void sppp_ipv6cp_tls(struct sppp *sp); 341 static void sppp_ipv6cp_tlf(struct sppp *sp); 342 static void sppp_ipv6cp_scr(struct sppp *sp); 343 344 static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 345 static void sppp_pap_init(struct sppp *sp); 346 static void sppp_pap_open(struct sppp *sp); 347 static void sppp_pap_close(struct sppp *sp); 348 static void sppp_pap_TO(void *sp); 349 static void sppp_pap_my_TO(void *sp); 350 static void sppp_pap_tlu(struct sppp *sp); 351 static void sppp_pap_tld(struct sppp *sp); 352 static void sppp_pap_scr(struct sppp *sp); 353 354 static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 355 static void sppp_chap_init(struct sppp *sp); 356 static void sppp_chap_open(struct sppp *sp); 357 static void sppp_chap_close(struct sppp *sp); 358 static void sppp_chap_TO(void *sp); 359 static void sppp_chap_tlu(struct sppp *sp); 360 static void sppp_chap_tld(struct sppp *sp); 361 static void sppp_chap_scr(struct sppp *sp); 362 363 static const char *sppp_auth_type_name(u_short proto, u_char type); 364 static const char *sppp_cp_type_name(u_char type); 365 static const char *sppp_dotted_quad(uint32_t addr); 366 static const char *sppp_ipcp_opt_name(u_char opt); 367 #ifdef INET6 368 static const char *sppp_ipv6cp_opt_name(u_char opt); 369 #endif 370 static const char *sppp_lcp_opt_name(u_char opt); 371 static const char *sppp_phase_name(int phase); 372 static const char *sppp_proto_name(u_short proto); 373 static const char *sppp_state_name(int state); 374 static int sppp_params(struct sppp *sp, u_long cmd, void *data); 375 #ifdef INET 376 static void sppp_get_ip_addrs(struct sppp *sp, uint32_t *src, uint32_t *dst, 377 uint32_t *srcmask); 378 static void sppp_set_ip_addrs(struct sppp *sp, uint32_t myaddr, uint32_t hisaddr); 379 static void sppp_clear_ip_addrs(struct sppp *sp); 380 #endif 381 static void sppp_keepalive(void *dummy); 382 static void sppp_phase_network(struct sppp *sp); 383 static void sppp_print_bytes(const u_char *p, u_short len); 384 static void sppp_print_string(const char *p, u_short len); 385 #ifdef INET6 386 static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 387 struct in6_addr *dst, struct in6_addr *srcmask); 388 #ifdef IPV6CP_MYIFID_DYN 389 static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 390 static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 391 #endif 392 static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 393 #endif 394 395 /* our control protocol descriptors */ 396 static const struct cp lcp = { 397 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 398 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 399 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 400 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 401 sppp_lcp_scr 402 }; 403 404 static const struct cp ipcp = { 405 PPP_IPCP, IDX_IPCP, 406 #ifdef INET 407 CP_NCP, /*don't run IPCP if there's no IPv4 support*/ 408 #else 409 0, 410 #endif 411 "ipcp", 412 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 413 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 414 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 415 sppp_ipcp_scr 416 }; 417 418 static const struct cp ipv6cp = { 419 PPP_IPV6CP, IDX_IPV6CP, 420 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 421 CP_NCP, 422 #else 423 0, 424 #endif 425 "ipv6cp", 426 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 427 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 428 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 429 sppp_ipv6cp_scr 430 }; 431 432 static const struct cp pap = { 433 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 434 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 435 sppp_pap_TO, 0, 0, 0, 436 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 437 sppp_pap_scr 438 }; 439 440 static const struct cp chap = { 441 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 442 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 443 sppp_chap_TO, 0, 0, 0, 444 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 445 sppp_chap_scr 446 }; 447 448 static const struct cp *cps[IDX_COUNT] = { 449 &lcp, /* IDX_LCP */ 450 &ipcp, /* IDX_IPCP */ 451 &ipv6cp, /* IDX_IPV6CP */ 452 &pap, /* IDX_PAP */ 453 &chap, /* IDX_CHAP */ 454 }; 455 456 457 void spppattach(int); 458 void 459 /*ARGSUSED*/ 460 spppattach(int count) 461 { 462 } 463 464 /* 465 * Exported functions, comprising our interface to the lower layer. 466 */ 467 468 /* 469 * Process the received packet. 470 */ 471 void 472 sppp_input(struct ifnet *ifp, struct mbuf *m) 473 { 474 struct ppp_header *h = NULL; 475 struct ifqueue *inq = 0; 476 uint16_t protocol; 477 int s; 478 struct sppp *sp = (struct sppp *)ifp; 479 int debug = ifp->if_flags & IFF_DEBUG; 480 481 if (ifp->if_flags & IFF_UP) { 482 /* Count received bytes, add hardware framing */ 483 ifp->if_ibytes += m->m_pkthdr.len + sp->pp_framebytes; 484 /* Note time of last receive */ 485 sp->pp_last_receive = time_uptime; 486 } 487 488 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 489 /* Too small packet, drop it. */ 490 if (debug) 491 log(LOG_DEBUG, 492 "%s: input packet is too small, %d bytes\n", 493 ifp->if_xname, m->m_pkthdr.len); 494 drop: 495 ++ifp->if_ierrors; 496 ++ifp->if_iqdrops; 497 m_freem(m); 498 return; 499 } 500 501 if (sp->pp_flags & PP_NOFRAMING) { 502 memcpy(&protocol, mtod(m, void *), 2); 503 protocol = ntohs(protocol); 504 m_adj(m, 2); 505 } else { 506 507 /* Get PPP header. */ 508 h = mtod(m, struct ppp_header *); 509 m_adj(m, PPP_HEADER_LEN); 510 511 switch (h->address) { 512 case PPP_ALLSTATIONS: 513 if (h->control != PPP_UI) 514 goto invalid; 515 if (sp->pp_flags & PP_CISCO) { 516 if (debug) 517 log(LOG_DEBUG, 518 "%s: PPP packet in Cisco mode " 519 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 520 ifp->if_xname, 521 h->address, h->control, ntohs(h->protocol)); 522 goto drop; 523 } 524 break; 525 case CISCO_MULTICAST: 526 case CISCO_UNICAST: 527 /* Don't check the control field here (RFC 1547). */ 528 if (! (sp->pp_flags & PP_CISCO)) { 529 if (debug) 530 log(LOG_DEBUG, 531 "%s: Cisco packet in PPP mode " 532 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 533 ifp->if_xname, 534 h->address, h->control, ntohs(h->protocol)); 535 goto drop; 536 } 537 switch (ntohs(h->protocol)) { 538 default: 539 ++ifp->if_noproto; 540 goto invalid; 541 case CISCO_KEEPALIVE: 542 sppp_cisco_input((struct sppp *) ifp, m); 543 m_freem(m); 544 return; 545 #ifdef INET 546 case ETHERTYPE_IP: 547 schednetisr(NETISR_IP); 548 inq = &ipintrq; 549 break; 550 #endif 551 #ifdef INET6 552 case ETHERTYPE_IPV6: 553 schednetisr(NETISR_IPV6); 554 inq = &ip6intrq; 555 break; 556 #endif 557 #ifdef IPX 558 case ETHERTYPE_IPX: 559 schednetisr(NETISR_IPX); 560 inq = &ipxintrq; 561 break; 562 #endif 563 } 564 goto queue_pkt; 565 default: /* Invalid PPP packet. */ 566 invalid: 567 if (debug) 568 log(LOG_DEBUG, 569 "%s: invalid input packet " 570 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 571 ifp->if_xname, 572 h->address, h->control, ntohs(h->protocol)); 573 goto drop; 574 } 575 protocol = ntohs(h->protocol); 576 } 577 578 switch (protocol) { 579 default: 580 if (sp->state[IDX_LCP] == STATE_OPENED) { 581 uint16_t prot = htons(protocol); 582 sppp_cp_send(sp, PPP_LCP, PROTO_REJ, 583 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 584 &prot); 585 } 586 if (debug) 587 log(LOG_DEBUG, 588 "%s: invalid input protocol " 589 "<proto=0x%x>\n", ifp->if_xname, ntohs(protocol)); 590 ++ifp->if_noproto; 591 goto drop; 592 case PPP_LCP: 593 sppp_cp_input(&lcp, sp, m); 594 m_freem(m); 595 return; 596 case PPP_PAP: 597 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) 598 sppp_pap_input(sp, m); 599 m_freem(m); 600 return; 601 case PPP_CHAP: 602 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) 603 sppp_chap_input(sp, m); 604 m_freem(m); 605 return; 606 #ifdef INET 607 case PPP_IPCP: 608 if (sp->pp_phase == SPPP_PHASE_NETWORK) 609 sppp_cp_input(&ipcp, sp, m); 610 m_freem(m); 611 return; 612 case PPP_IP: 613 if (sp->state[IDX_IPCP] == STATE_OPENED) { 614 schednetisr(NETISR_IP); 615 inq = &ipintrq; 616 sp->pp_last_activity = time_uptime; 617 } 618 break; 619 #endif 620 #ifdef INET6 621 case PPP_IPV6CP: 622 if (sp->pp_phase == SPPP_PHASE_NETWORK) 623 sppp_cp_input(&ipv6cp, sp, m); 624 m_freem(m); 625 return; 626 627 case PPP_IPV6: 628 if (sp->state[IDX_IPV6CP] == STATE_OPENED) { 629 schednetisr(NETISR_IPV6); 630 inq = &ip6intrq; 631 sp->pp_last_activity = time_uptime; 632 } 633 break; 634 #endif 635 #ifdef IPX 636 case PPP_IPX: 637 /* IPX IPXCP not implemented yet */ 638 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 639 schednetisr(NETISR_IPX); 640 inq = &ipxintrq; 641 } 642 break; 643 #endif 644 #ifdef ISO 645 case PPP_ISO: 646 /* OSI NLCP not implemented yet */ 647 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 648 schednetisr(NETISR_ISO); 649 inq = &clnlintrq; 650 } 651 break; 652 #endif 653 } 654 655 queue_pkt: 656 if (! (ifp->if_flags & IFF_UP) || ! inq) 657 goto drop; 658 659 /* Check queue. */ 660 s = splnet(); 661 if (IF_QFULL(inq)) { 662 /* Queue overflow. */ 663 IF_DROP(inq); 664 splx(s); 665 if (debug) 666 log(LOG_DEBUG, "%s: protocol queue overflow\n", 667 ifp->if_xname); 668 goto drop; 669 } 670 IF_ENQUEUE(inq, m); 671 splx(s); 672 } 673 674 /* 675 * Enqueue transmit packet. 676 */ 677 static int 678 sppp_output(struct ifnet *ifp, struct mbuf *m, 679 const struct sockaddr *dst, struct rtentry *rt) 680 { 681 struct sppp *sp = (struct sppp *) ifp; 682 struct ppp_header *h = NULL; 683 struct ifqueue *ifq = NULL; /* XXX */ 684 int s, error = 0; 685 uint16_t protocol; 686 ALTQ_DECL(struct altq_pktattr pktattr;) 687 688 s = splnet(); 689 690 sp->pp_last_activity = time_uptime; 691 692 if ((ifp->if_flags & IFF_UP) == 0 || 693 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 694 m_freem(m); 695 splx(s); 696 return (ENETDOWN); 697 } 698 699 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 700 /* 701 * Interface is not yet running, but auto-dial. Need 702 * to start LCP for it. 703 */ 704 ifp->if_flags |= IFF_RUNNING; 705 splx(s); 706 lcp.Open(sp); 707 s = splnet(); 708 } 709 710 /* 711 * If the queueing discipline needs packet classification, 712 * do it before prepending link headers. 713 */ 714 IFQ_CLASSIFY(&ifp->if_snd, m, dst->sa_family, &pktattr); 715 716 #ifdef INET 717 if (dst->sa_family == AF_INET) { 718 struct ip *ip = NULL; 719 struct tcphdr *th = NULL; 720 721 if (m->m_len >= sizeof(struct ip)) { 722 ip = mtod(m, struct ip *); 723 if (ip->ip_p == IPPROTO_TCP && 724 m->m_len >= sizeof(struct ip) + (ip->ip_hl << 2) + 725 sizeof(struct tcphdr)) { 726 th = (struct tcphdr *) 727 ((char *)ip + (ip->ip_hl << 2)); 728 } 729 } else 730 ip = NULL; 731 732 /* 733 * When using dynamic local IP address assignment by using 734 * 0.0.0.0 as a local address, the first TCP session will 735 * not connect because the local TCP checksum is computed 736 * using 0.0.0.0 which will later become our real IP address 737 * so the TCP checksum computed at the remote end will 738 * become invalid. So we 739 * - don't let packets with src ip addr 0 thru 740 * - we flag TCP packets with src ip 0 as an error 741 */ 742 if (ip && ip->ip_src.s_addr == INADDR_ANY) { 743 uint8_t proto = ip->ip_p; 744 745 m_freem(m); 746 splx(s); 747 if (proto == IPPROTO_TCP) 748 return (EADDRNOTAVAIL); 749 else 750 return (0); 751 } 752 753 /* 754 * Put low delay, telnet, rlogin and ftp control packets 755 * in front of the queue. 756 */ 757 758 if (!IF_QFULL(&sp->pp_fastq) && 759 ((ip && (ip->ip_tos & IPTOS_LOWDELAY)) || 760 (th && (INTERACTIVE(ntohs(th->th_sport)) || 761 INTERACTIVE(ntohs(th->th_dport)))))) 762 ifq = &sp->pp_fastq; 763 } 764 #endif 765 766 #ifdef INET6 767 if (dst->sa_family == AF_INET6) { 768 /* XXX do something tricky here? */ 769 } 770 #endif 771 772 if ((sp->pp_flags & PP_NOFRAMING) == 0) { 773 /* 774 * Prepend general data packet PPP header. For now, IP only. 775 */ 776 M_PREPEND(m, PPP_HEADER_LEN, M_DONTWAIT); 777 if (! m) { 778 if (ifp->if_flags & IFF_DEBUG) 779 log(LOG_DEBUG, "%s: no memory for transmit header\n", 780 ifp->if_xname); 781 ++ifp->if_oerrors; 782 splx(s); 783 return (ENOBUFS); 784 } 785 /* 786 * May want to check size of packet 787 * (albeit due to the implementation it's always enough) 788 */ 789 h = mtod(m, struct ppp_header *); 790 if (sp->pp_flags & PP_CISCO) { 791 h->address = CISCO_UNICAST; /* unicast address */ 792 h->control = 0; 793 } else { 794 h->address = PPP_ALLSTATIONS; /* broadcast address */ 795 h->control = PPP_UI; /* Unnumbered Info */ 796 } 797 } 798 799 switch (dst->sa_family) { 800 #ifdef INET 801 case AF_INET: /* Internet Protocol */ 802 if (sp->pp_flags & PP_CISCO) 803 protocol = htons(ETHERTYPE_IP); 804 else { 805 /* 806 * Don't choke with an ENETDOWN early. It's 807 * possible that we just started dialing out, 808 * so don't drop the packet immediately. If 809 * we notice that we run out of buffer space 810 * below, we will however remember that we are 811 * not ready to carry IP packets, and return 812 * ENETDOWN, as opposed to ENOBUFS. 813 */ 814 protocol = htons(PPP_IP); 815 if (sp->state[IDX_IPCP] != STATE_OPENED) 816 error = ENETDOWN; 817 } 818 break; 819 #endif 820 #ifdef INET6 821 case AF_INET6: /* Internet Protocol version 6 */ 822 if (sp->pp_flags & PP_CISCO) 823 protocol = htons(ETHERTYPE_IPV6); 824 else { 825 /* 826 * Don't choke with an ENETDOWN early. It's 827 * possible that we just started dialing out, 828 * so don't drop the packet immediately. If 829 * we notice that we run out of buffer space 830 * below, we will however remember that we are 831 * not ready to carry IP packets, and return 832 * ENETDOWN, as opposed to ENOBUFS. 833 */ 834 protocol = htons(PPP_IPV6); 835 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 836 error = ENETDOWN; 837 } 838 break; 839 #endif 840 #ifdef IPX 841 case AF_IPX: /* Novell IPX Protocol */ 842 protocol = htons((sp->pp_flags & PP_CISCO) ? 843 ETHERTYPE_IPX : PPP_IPX); 844 break; 845 #endif 846 #ifdef ISO 847 case AF_ISO: /* ISO OSI Protocol */ 848 if (sp->pp_flags & PP_CISCO) 849 goto nosupport; 850 protocol = htons(PPP_ISO); 851 break; 852 nosupport: 853 #endif 854 default: 855 m_freem(m); 856 ++ifp->if_oerrors; 857 splx(s); 858 return (EAFNOSUPPORT); 859 } 860 861 if (sp->pp_flags & PP_NOFRAMING) { 862 M_PREPEND(m, 2, M_DONTWAIT); 863 if (m == NULL) { 864 if (ifp->if_flags & IFF_DEBUG) 865 log(LOG_DEBUG, "%s: no memory for transmit header\n", 866 ifp->if_xname); 867 ++ifp->if_oerrors; 868 splx(s); 869 return (ENOBUFS); 870 } 871 *mtod(m, uint16_t *) = protocol; 872 } else { 873 h->protocol = protocol; 874 } 875 876 877 error = ifq_enqueue2(ifp, ifq, m ALTQ_COMMA ALTQ_DECL(&pktattr)); 878 879 if (error == 0) { 880 /* 881 * Count output packets and bytes. 882 * The packet length includes header + additional hardware 883 * framing according to RFC 1333. 884 */ 885 if (!(ifp->if_flags & IFF_OACTIVE)) 886 (*ifp->if_start)(ifp); 887 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes; 888 } 889 splx(s); 890 return error; 891 } 892 893 void 894 sppp_attach(struct ifnet *ifp) 895 { 896 struct sppp *sp = (struct sppp *) ifp; 897 898 /* Initialize keepalive handler. */ 899 if (! spppq) { 900 callout_init(&keepalive_ch, 0); 901 callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 902 } 903 904 /* Insert new entry into the keepalive list. */ 905 sp->pp_next = spppq; 906 spppq = sp; 907 908 sp->pp_if.if_type = IFT_PPP; 909 sp->pp_if.if_output = sppp_output; 910 sp->pp_fastq.ifq_maxlen = 32; 911 sp->pp_cpq.ifq_maxlen = 20; 912 sp->pp_loopcnt = 0; 913 sp->pp_alivecnt = 0; 914 sp->pp_last_activity = 0; 915 sp->pp_last_receive = 0; 916 sp->pp_maxalive = DEFAULT_MAXALIVECNT; 917 sp->pp_max_noreceive = DEFAULT_NORECV_TIME; 918 sp->pp_idle_timeout = 0; 919 memset(&sp->pp_seq[0], 0, sizeof(sp->pp_seq)); 920 memset(&sp->pp_rseq[0], 0, sizeof(sp->pp_rseq)); 921 sp->pp_auth_failures = 0; 922 sp->pp_max_auth_fail = DEFAULT_MAX_AUTH_FAILURES; 923 sp->pp_phase = SPPP_PHASE_DEAD; 924 sp->pp_up = lcp.Up; 925 sp->pp_down = lcp.Down; 926 927 if_alloc_sadl(ifp); 928 929 memset(&sp->myauth, 0, sizeof sp->myauth); 930 memset(&sp->hisauth, 0, sizeof sp->hisauth); 931 sppp_lcp_init(sp); 932 sppp_ipcp_init(sp); 933 sppp_ipv6cp_init(sp); 934 sppp_pap_init(sp); 935 sppp_chap_init(sp); 936 } 937 938 void 939 sppp_detach(struct ifnet *ifp) 940 { 941 struct sppp **q, *p, *sp = (struct sppp *) ifp; 942 943 /* Remove the entry from the keepalive list. */ 944 for (q = &spppq; (p = *q); q = &p->pp_next) 945 if (p == sp) { 946 *q = p->pp_next; 947 break; 948 } 949 950 /* Stop keepalive handler. */ 951 if (! spppq) { 952 callout_stop(&keepalive_ch); 953 } 954 955 callout_stop(&sp->ch[IDX_LCP]); 956 callout_stop(&sp->ch[IDX_IPCP]); 957 callout_stop(&sp->ch[IDX_PAP]); 958 callout_stop(&sp->ch[IDX_CHAP]); 959 #ifdef INET6 960 callout_stop(&sp->ch[IDX_IPV6CP]); 961 #endif 962 callout_stop(&sp->pap_my_to_ch); 963 964 /* free authentication info */ 965 if (sp->myauth.name) free(sp->myauth.name, M_DEVBUF); 966 if (sp->myauth.secret) free(sp->myauth.secret, M_DEVBUF); 967 if (sp->hisauth.name) free(sp->hisauth.name, M_DEVBUF); 968 if (sp->hisauth.secret) free(sp->hisauth.secret, M_DEVBUF); 969 970 #if 0 /* done in if_detach() */ 971 if_free_sadl(ifp); 972 #endif 973 } 974 975 /* 976 * Flush the interface output queue. 977 */ 978 void 979 sppp_flush(struct ifnet *ifp) 980 { 981 struct sppp *sp = (struct sppp *) ifp; 982 983 IFQ_PURGE(&sp->pp_if.if_snd); 984 IF_PURGE(&sp->pp_fastq); 985 IF_PURGE(&sp->pp_cpq); 986 } 987 988 /* 989 * Check if the output queue is empty. 990 */ 991 int 992 sppp_isempty(struct ifnet *ifp) 993 { 994 struct sppp *sp = (struct sppp *) ifp; 995 int empty, s; 996 997 s = splnet(); 998 empty = IF_IS_EMPTY(&sp->pp_fastq) && IF_IS_EMPTY(&sp->pp_cpq) && 999 IFQ_IS_EMPTY(&sp->pp_if.if_snd); 1000 splx(s); 1001 return (empty); 1002 } 1003 1004 /* 1005 * Get next packet to send. 1006 */ 1007 struct mbuf * 1008 sppp_dequeue(struct ifnet *ifp) 1009 { 1010 struct sppp *sp = (struct sppp *) ifp; 1011 struct mbuf *m; 1012 int s; 1013 1014 s = splnet(); 1015 /* 1016 * Process only the control protocol queue until we have at 1017 * least one NCP open. 1018 * 1019 * Do always serve all three queues in Cisco mode. 1020 */ 1021 IF_DEQUEUE(&sp->pp_cpq, m); 1022 if (m == NULL && 1023 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) { 1024 IF_DEQUEUE(&sp->pp_fastq, m); 1025 if (m == NULL) 1026 IFQ_DEQUEUE(&sp->pp_if.if_snd, m); 1027 } 1028 splx(s); 1029 return m; 1030 } 1031 1032 /* 1033 * Process an ioctl request. Called on low priority level. 1034 */ 1035 int 1036 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) 1037 { 1038 struct lwp *l = curlwp; /* XXX */ 1039 struct ifreq *ifr = (struct ifreq *) data; 1040 struct sppp *sp = (struct sppp *) ifp; 1041 int s, error=0, going_up, going_down, newmode; 1042 1043 s = splnet(); 1044 switch (cmd) { 1045 case SIOCAIFADDR: 1046 case SIOCSIFDSTADDR: 1047 case SIOCSIFADDR: 1048 break; 1049 1050 case SIOCSIFFLAGS: 1051 going_up = ifp->if_flags & IFF_UP && 1052 (ifp->if_flags & IFF_RUNNING) == 0; 1053 going_down = (ifp->if_flags & IFF_UP) == 0 && 1054 ifp->if_flags & IFF_RUNNING; 1055 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 1056 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 1057 /* sanity */ 1058 newmode = IFF_PASSIVE; 1059 ifp->if_flags &= ~IFF_AUTO; 1060 } 1061 1062 if (going_up || going_down) 1063 lcp.Close(sp); 1064 if (going_up && newmode == 0) { 1065 /* neither auto-dial nor passive */ 1066 ifp->if_flags |= IFF_RUNNING; 1067 if (!(sp->pp_flags & PP_CISCO)) 1068 lcp.Open(sp); 1069 } else if (going_down) { 1070 sppp_flush(ifp); 1071 ifp->if_flags &= ~IFF_RUNNING; 1072 } 1073 1074 break; 1075 1076 case SIOCSIFMTU: 1077 if (ifr->ifr_mtu < PPP_MINMRU || 1078 ifr->ifr_mtu > sp->lcp.their_mru) { 1079 error = EINVAL; 1080 break; 1081 } 1082 /*FALLTHROUGH*/ 1083 case SIOCGIFMTU: 1084 if ((error = ifioctl_common(ifp, cmd, data)) == ENETRESET) 1085 error = 0; 1086 break; 1087 case SIOCADDMULTI: 1088 case SIOCDELMULTI: 1089 break; 1090 1091 case SPPPSETAUTHCFG: 1092 case SPPPSETLCPCFG: 1093 case SPPPSETIDLETO: 1094 case SPPPSETAUTHFAILURE: 1095 case SPPPSETDNSOPTS: 1096 case SPPPSETKEEPALIVE: 1097 error = kauth_authorize_network(l->l_cred, 1098 KAUTH_NETWORK_INTERFACE, 1099 KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd, 1100 NULL); 1101 if (error) 1102 break; 1103 error = sppp_params(sp, cmd, data); 1104 break; 1105 1106 case SPPPGETAUTHCFG: 1107 case SPPPGETLCPCFG: 1108 case SPPPGETAUTHFAILURES: 1109 error = kauth_authorize_network(l->l_cred, 1110 KAUTH_NETWORK_INTERFACE, 1111 KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, ifp, (void *)cmd, 1112 NULL); 1113 if (error) 1114 break; 1115 error = sppp_params(sp, cmd, data); 1116 break; 1117 1118 case SPPPGETSTATUS: 1119 case SPPPGETSTATUSNCP: 1120 case SPPPGETIDLETO: 1121 case SPPPGETDNSOPTS: 1122 case SPPPGETDNSADDRS: 1123 case SPPPGETKEEPALIVE: 1124 error = sppp_params(sp, cmd, data); 1125 break; 1126 1127 default: 1128 error = ENOTTY; 1129 } 1130 splx(s); 1131 return (error); 1132 } 1133 1134 1135 /* 1136 * Cisco framing implementation. 1137 */ 1138 1139 /* 1140 * Handle incoming Cisco keepalive protocol packets. 1141 */ 1142 static void 1143 sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1144 { 1145 STDDCL; 1146 struct cisco_packet *h; 1147 #ifdef INET 1148 uint32_t me, mymask = 0; /* XXX: GCC */ 1149 #endif 1150 1151 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1152 if (debug) 1153 log(LOG_DEBUG, 1154 "%s: cisco invalid packet length: %d bytes\n", 1155 ifp->if_xname, m->m_pkthdr.len); 1156 return; 1157 } 1158 h = mtod(m, struct cisco_packet *); 1159 if (debug) 1160 log(LOG_DEBUG, 1161 "%s: cisco input: %d bytes " 1162 "<0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", 1163 ifp->if_xname, m->m_pkthdr.len, 1164 ntohl(h->type), h->par1, h->par2, (u_int)h->rel, 1165 (u_int)h->time0, (u_int)h->time1); 1166 switch (ntohl(h->type)) { 1167 default: 1168 if (debug) 1169 addlog("%s: cisco unknown packet type: 0x%x\n", 1170 ifp->if_xname, ntohl(h->type)); 1171 break; 1172 case CISCO_ADDR_REPLY: 1173 /* Reply on address request, ignore */ 1174 break; 1175 case CISCO_KEEPALIVE_REQ: 1176 sp->pp_alivecnt = 0; 1177 sp->pp_rseq[IDX_LCP] = ntohl(h->par1); 1178 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1179 /* Local and remote sequence numbers are equal. 1180 * Probably, the line is in loopback mode. */ 1181 if (sp->pp_loopcnt >= LOOPALIVECNT) { 1182 printf ("%s: loopback\n", 1183 ifp->if_xname); 1184 sp->pp_loopcnt = 0; 1185 if (ifp->if_flags & IFF_UP) { 1186 if_down(ifp); 1187 IF_PURGE(&sp->pp_cpq); 1188 } 1189 } 1190 ++sp->pp_loopcnt; 1191 1192 /* Generate new local sequence number */ 1193 sp->pp_seq[IDX_LCP] = arc4random(); 1194 break; 1195 } 1196 sp->pp_loopcnt = 0; 1197 if (! (ifp->if_flags & IFF_UP) && 1198 (ifp->if_flags & IFF_RUNNING)) { 1199 if_up(ifp); 1200 } 1201 break; 1202 case CISCO_ADDR_REQ: 1203 #ifdef INET 1204 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1205 if (me != 0L) 1206 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1207 #endif 1208 break; 1209 } 1210 } 1211 1212 /* 1213 * Send Cisco keepalive packet. 1214 */ 1215 static void 1216 sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2) 1217 { 1218 STDDCL; 1219 struct ppp_header *h; 1220 struct cisco_packet *ch; 1221 struct mbuf *m; 1222 uint32_t t; 1223 1224 t = time_uptime * 1000; 1225 MGETHDR(m, M_DONTWAIT, MT_DATA); 1226 if (! m) 1227 return; 1228 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1229 m->m_pkthdr.rcvif = 0; 1230 1231 h = mtod(m, struct ppp_header *); 1232 h->address = CISCO_MULTICAST; 1233 h->control = 0; 1234 h->protocol = htons(CISCO_KEEPALIVE); 1235 1236 ch = (struct cisco_packet *)(h + 1); 1237 ch->type = htonl(type); 1238 ch->par1 = htonl(par1); 1239 ch->par2 = htonl(par2); 1240 ch->rel = -1; 1241 1242 ch->time0 = htons((u_short)(t >> 16)); 1243 ch->time1 = htons((u_short) t); 1244 1245 if (debug) 1246 log(LOG_DEBUG, 1247 "%s: cisco output: <0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", 1248 ifp->if_xname, ntohl(ch->type), ch->par1, 1249 ch->par2, (u_int)ch->rel, (u_int)ch->time0, 1250 (u_int)ch->time1); 1251 1252 if (IF_QFULL(&sp->pp_cpq)) { 1253 IF_DROP(&sp->pp_fastq); 1254 IF_DROP(&ifp->if_snd); 1255 m_freem(m); 1256 ++ifp->if_oerrors; 1257 return; 1258 } else 1259 IF_ENQUEUE(&sp->pp_cpq, m); 1260 if (! (ifp->if_flags & IFF_OACTIVE)) 1261 (*ifp->if_start)(ifp); 1262 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes; 1263 } 1264 1265 /* 1266 * PPP protocol implementation. 1267 */ 1268 1269 /* 1270 * Send PPP control protocol packet. 1271 */ 1272 static void 1273 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1274 u_char ident, u_short len, void *data) 1275 { 1276 STDDCL; 1277 struct lcp_header *lh; 1278 struct mbuf *m; 1279 size_t pkthdrlen; 1280 1281 pkthdrlen = (sp->pp_flags & PP_NOFRAMING) ? 2 : PPP_HEADER_LEN; 1282 1283 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) 1284 len = MHLEN - pkthdrlen - LCP_HEADER_LEN; 1285 MGETHDR(m, M_DONTWAIT, MT_DATA); 1286 if (! m) 1287 return; 1288 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 1289 m->m_pkthdr.rcvif = 0; 1290 1291 if (sp->pp_flags & PP_NOFRAMING) { 1292 *mtod(m, uint16_t *) = htons(proto); 1293 lh = (struct lcp_header *)(mtod(m, uint8_t *) + 2); 1294 } else { 1295 struct ppp_header *h; 1296 h = mtod(m, struct ppp_header *); 1297 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1298 h->control = PPP_UI; /* Unnumbered Info */ 1299 h->protocol = htons(proto); /* Link Control Protocol */ 1300 lh = (struct lcp_header *)(h + 1); 1301 } 1302 lh->type = type; 1303 lh->ident = ident; 1304 lh->len = htons(LCP_HEADER_LEN + len); 1305 if (len) 1306 bcopy (data, lh + 1, len); 1307 1308 if (debug) { 1309 log(LOG_DEBUG, "%s: %s output <%s id=0x%x len=%d", 1310 ifp->if_xname, 1311 sppp_proto_name(proto), 1312 sppp_cp_type_name(lh->type), lh->ident, ntohs(lh->len)); 1313 if (len) 1314 sppp_print_bytes((u_char *)(lh + 1), len); 1315 addlog(">\n"); 1316 } 1317 if (IF_QFULL(&sp->pp_cpq)) { 1318 IF_DROP(&sp->pp_fastq); 1319 IF_DROP(&ifp->if_snd); 1320 m_freem(m); 1321 ++ifp->if_oerrors; 1322 return; 1323 } else 1324 IF_ENQUEUE(&sp->pp_cpq, m); 1325 if (! (ifp->if_flags & IFF_OACTIVE)) 1326 (*ifp->if_start)(ifp); 1327 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes; 1328 } 1329 1330 /* 1331 * Handle incoming PPP control protocol packets. 1332 */ 1333 static void 1334 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1335 { 1336 STDDCL; 1337 struct lcp_header *h; 1338 int printlen, len = m->m_pkthdr.len; 1339 int rv; 1340 u_char *p; 1341 uint32_t u32; 1342 1343 if (len < 4) { 1344 if (debug) 1345 log(LOG_DEBUG, 1346 "%s: %s invalid packet length: %d bytes\n", 1347 ifp->if_xname, cp->name, len); 1348 return; 1349 } 1350 h = mtod(m, struct lcp_header *); 1351 if (debug) { 1352 printlen = ntohs(h->len); 1353 log(LOG_DEBUG, 1354 "%s: %s input(%s): <%s id=0x%x len=%d", 1355 ifp->if_xname, cp->name, 1356 sppp_state_name(sp->state[cp->protoidx]), 1357 sppp_cp_type_name(h->type), h->ident, printlen); 1358 if (len < printlen) 1359 printlen = len; 1360 if (printlen > 4) 1361 sppp_print_bytes((u_char *)(h + 1), printlen - 4); 1362 addlog(">\n"); 1363 } 1364 if (len > ntohs(h->len)) 1365 len = ntohs(h->len); 1366 p = (u_char *)(h + 1); 1367 switch (h->type) { 1368 case CONF_REQ: 1369 if (len < 4) { 1370 if (debug) 1371 addlog("%s: %s invalid conf-req length %d\n", 1372 ifp->if_xname, cp->name, 1373 len); 1374 ++ifp->if_ierrors; 1375 break; 1376 } 1377 /* handle states where RCR doesn't get a SCA/SCN */ 1378 switch (sp->state[cp->protoidx]) { 1379 case STATE_CLOSING: 1380 case STATE_STOPPING: 1381 return; 1382 case STATE_CLOSED: 1383 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1384 0, 0); 1385 return; 1386 } 1387 rv = (cp->RCR)(sp, h, len); 1388 if (rv < 0) { 1389 /* fatal error, shut down */ 1390 (cp->tld)(sp); 1391 sppp_lcp_tlf(sp); 1392 return; 1393 } 1394 switch (sp->state[cp->protoidx]) { 1395 case STATE_OPENED: 1396 (cp->tld)(sp); 1397 (cp->scr)(sp); 1398 /* fall through... */ 1399 case STATE_ACK_SENT: 1400 case STATE_REQ_SENT: 1401 sppp_cp_change_state(cp, sp, rv? 1402 STATE_ACK_SENT: STATE_REQ_SENT); 1403 break; 1404 case STATE_STOPPED: 1405 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1406 (cp->scr)(sp); 1407 sppp_cp_change_state(cp, sp, rv? 1408 STATE_ACK_SENT: STATE_REQ_SENT); 1409 break; 1410 case STATE_ACK_RCVD: 1411 if (rv) { 1412 sppp_cp_change_state(cp, sp, STATE_OPENED); 1413 if (debug) 1414 log(LOG_DEBUG, "%s: %s tlu\n", 1415 ifp->if_xname, 1416 cp->name); 1417 (cp->tlu)(sp); 1418 } else 1419 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1420 break; 1421 default: 1422 printf("%s: %s illegal %s in state %s\n", 1423 ifp->if_xname, cp->name, 1424 sppp_cp_type_name(h->type), 1425 sppp_state_name(sp->state[cp->protoidx])); 1426 ++ifp->if_ierrors; 1427 } 1428 break; 1429 case CONF_ACK: 1430 if (h->ident != sp->confid[cp->protoidx]) { 1431 if (debug) 1432 addlog("%s: %s id mismatch 0x%x != 0x%x\n", 1433 ifp->if_xname, cp->name, 1434 h->ident, sp->confid[cp->protoidx]); 1435 ++ifp->if_ierrors; 1436 break; 1437 } 1438 switch (sp->state[cp->protoidx]) { 1439 case STATE_CLOSED: 1440 case STATE_STOPPED: 1441 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1442 break; 1443 case STATE_CLOSING: 1444 case STATE_STOPPING: 1445 break; 1446 case STATE_REQ_SENT: 1447 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1448 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1449 break; 1450 case STATE_OPENED: 1451 (cp->tld)(sp); 1452 /* fall through */ 1453 case STATE_ACK_RCVD: 1454 (cp->scr)(sp); 1455 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1456 break; 1457 case STATE_ACK_SENT: 1458 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1459 sppp_cp_change_state(cp, sp, STATE_OPENED); 1460 if (debug) 1461 log(LOG_DEBUG, "%s: %s tlu\n", 1462 ifp->if_xname, cp->name); 1463 (cp->tlu)(sp); 1464 break; 1465 default: 1466 printf("%s: %s illegal %s in state %s\n", 1467 ifp->if_xname, cp->name, 1468 sppp_cp_type_name(h->type), 1469 sppp_state_name(sp->state[cp->protoidx])); 1470 ++ifp->if_ierrors; 1471 } 1472 break; 1473 case CONF_NAK: 1474 case CONF_REJ: 1475 if (h->ident != sp->confid[cp->protoidx]) { 1476 if (debug) 1477 addlog("%s: %s id mismatch 0x%x != 0x%x\n", 1478 ifp->if_xname, cp->name, 1479 h->ident, sp->confid[cp->protoidx]); 1480 ++ifp->if_ierrors; 1481 break; 1482 } 1483 if (h->type == CONF_NAK) 1484 (cp->RCN_nak)(sp, h, len); 1485 else /* CONF_REJ */ 1486 (cp->RCN_rej)(sp, h, len); 1487 1488 switch (sp->state[cp->protoidx]) { 1489 case STATE_CLOSED: 1490 case STATE_STOPPED: 1491 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1492 break; 1493 case STATE_REQ_SENT: 1494 case STATE_ACK_SENT: 1495 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1496 (cp->scr)(sp); 1497 break; 1498 case STATE_OPENED: 1499 (cp->tld)(sp); 1500 /* fall through */ 1501 case STATE_ACK_RCVD: 1502 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1503 (cp->scr)(sp); 1504 break; 1505 case STATE_CLOSING: 1506 case STATE_STOPPING: 1507 break; 1508 default: 1509 printf("%s: %s illegal %s in state %s\n", 1510 ifp->if_xname, cp->name, 1511 sppp_cp_type_name(h->type), 1512 sppp_state_name(sp->state[cp->protoidx])); 1513 ++ifp->if_ierrors; 1514 } 1515 break; 1516 1517 case TERM_REQ: 1518 switch (sp->state[cp->protoidx]) { 1519 case STATE_ACK_RCVD: 1520 case STATE_ACK_SENT: 1521 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1522 /* fall through */ 1523 case STATE_CLOSED: 1524 case STATE_STOPPED: 1525 case STATE_CLOSING: 1526 case STATE_STOPPING: 1527 case STATE_REQ_SENT: 1528 sta: 1529 /* Send Terminate-Ack packet. */ 1530 if (debug) 1531 log(LOG_DEBUG, "%s: %s send terminate-ack\n", 1532 ifp->if_xname, cp->name); 1533 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1534 break; 1535 case STATE_OPENED: 1536 (cp->tld)(sp); 1537 sp->rst_counter[cp->protoidx] = 0; 1538 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1539 goto sta; 1540 default: 1541 printf("%s: %s illegal %s in state %s\n", 1542 ifp->if_xname, cp->name, 1543 sppp_cp_type_name(h->type), 1544 sppp_state_name(sp->state[cp->protoidx])); 1545 ++ifp->if_ierrors; 1546 } 1547 break; 1548 case TERM_ACK: 1549 switch (sp->state[cp->protoidx]) { 1550 case STATE_CLOSED: 1551 case STATE_STOPPED: 1552 case STATE_REQ_SENT: 1553 case STATE_ACK_SENT: 1554 break; 1555 case STATE_CLOSING: 1556 (cp->tlf)(sp); 1557 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1558 sppp_lcp_check_and_close(sp); 1559 break; 1560 case STATE_STOPPING: 1561 (cp->tlf)(sp); 1562 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1563 sppp_lcp_check_and_close(sp); 1564 break; 1565 case STATE_ACK_RCVD: 1566 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1567 break; 1568 case STATE_OPENED: 1569 (cp->tld)(sp); 1570 (cp->scr)(sp); 1571 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1572 break; 1573 default: 1574 printf("%s: %s illegal %s in state %s\n", 1575 ifp->if_xname, cp->name, 1576 sppp_cp_type_name(h->type), 1577 sppp_state_name(sp->state[cp->protoidx])); 1578 ++ifp->if_ierrors; 1579 } 1580 break; 1581 case CODE_REJ: 1582 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1583 log(LOG_INFO, 1584 "%s: %s: ignoring RXJ (%s) for code ?, " 1585 "danger will robinson\n", 1586 ifp->if_xname, cp->name, 1587 sppp_cp_type_name(h->type)); 1588 switch (sp->state[cp->protoidx]) { 1589 case STATE_CLOSED: 1590 case STATE_STOPPED: 1591 case STATE_REQ_SENT: 1592 case STATE_ACK_SENT: 1593 case STATE_CLOSING: 1594 case STATE_STOPPING: 1595 case STATE_OPENED: 1596 break; 1597 case STATE_ACK_RCVD: 1598 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1599 break; 1600 default: 1601 printf("%s: %s illegal %s in state %s\n", 1602 ifp->if_xname, cp->name, 1603 sppp_cp_type_name(h->type), 1604 sppp_state_name(sp->state[cp->protoidx])); 1605 ++ifp->if_ierrors; 1606 } 1607 break; 1608 case PROTO_REJ: 1609 { 1610 int catastrophic; 1611 const struct cp *upper; 1612 int i; 1613 uint16_t proto; 1614 1615 catastrophic = 0; 1616 upper = NULL; 1617 proto = p[0] << 8 | p[1]; 1618 for (i = 0; i < IDX_COUNT; i++) { 1619 if (cps[i]->proto == proto) { 1620 upper = cps[i]; 1621 break; 1622 } 1623 } 1624 if (upper == NULL) 1625 catastrophic++; 1626 1627 if (debug) 1628 log(LOG_INFO, 1629 "%s: %s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1630 ifp->if_xname, cp->name, catastrophic ? '-' : '+', 1631 sppp_cp_type_name(h->type), proto, 1632 upper ? upper->name : "unknown", 1633 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1634 1635 /* 1636 * if we got RXJ+ against conf-req, the peer does not implement 1637 * this particular protocol type. terminate the protocol. 1638 */ 1639 if (upper && !catastrophic) { 1640 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1641 upper->Close(sp); 1642 break; 1643 } 1644 } 1645 1646 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1647 switch (sp->state[cp->protoidx]) { 1648 case STATE_CLOSED: 1649 case STATE_STOPPED: 1650 case STATE_REQ_SENT: 1651 case STATE_ACK_SENT: 1652 case STATE_CLOSING: 1653 case STATE_STOPPING: 1654 case STATE_OPENED: 1655 break; 1656 case STATE_ACK_RCVD: 1657 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1658 break; 1659 default: 1660 printf("%s: %s illegal %s in state %s\n", 1661 ifp->if_xname, cp->name, 1662 sppp_cp_type_name(h->type), 1663 sppp_state_name(sp->state[cp->protoidx])); 1664 ++ifp->if_ierrors; 1665 } 1666 break; 1667 } 1668 case DISC_REQ: 1669 if (cp->proto != PPP_LCP) 1670 goto illegal; 1671 /* Discard the packet. */ 1672 break; 1673 case ECHO_REQ: 1674 if (cp->proto != PPP_LCP) 1675 goto illegal; 1676 if (sp->state[cp->protoidx] != STATE_OPENED) { 1677 if (debug) 1678 addlog("%s: lcp echo req but lcp closed\n", 1679 ifp->if_xname); 1680 ++ifp->if_ierrors; 1681 break; 1682 } 1683 if (len < 8) { 1684 if (debug) 1685 addlog("%s: invalid lcp echo request " 1686 "packet length: %d bytes\n", 1687 ifp->if_xname, len); 1688 break; 1689 } 1690 memcpy(&u32, h + 1, sizeof u32); 1691 if (ntohl(u32) == sp->lcp.magic) { 1692 /* Line loopback mode detected. */ 1693 printf("%s: loopback\n", ifp->if_xname); 1694 if_down(ifp); 1695 IF_PURGE(&sp->pp_cpq); 1696 1697 /* Shut down the PPP link. */ 1698 /* XXX */ 1699 lcp.Down(sp); 1700 lcp.Up(sp); 1701 break; 1702 } 1703 u32 = htonl(sp->lcp.magic); 1704 memcpy(h + 1, &u32, sizeof u32); 1705 if (debug) 1706 addlog("%s: got lcp echo req, sending echo rep\n", 1707 ifp->if_xname); 1708 sppp_cp_send(sp, PPP_LCP, ECHO_REPLY, h->ident, len - 4, 1709 h + 1); 1710 break; 1711 case ECHO_REPLY: 1712 if (cp->proto != PPP_LCP) 1713 goto illegal; 1714 if (h->ident != sp->lcp.echoid) { 1715 ++ifp->if_ierrors; 1716 break; 1717 } 1718 if (len < 8) { 1719 if (debug) 1720 addlog("%s: lcp invalid echo reply " 1721 "packet length: %d bytes\n", 1722 ifp->if_xname, len); 1723 break; 1724 } 1725 if (debug) 1726 addlog("%s: lcp got echo rep\n", 1727 ifp->if_xname); 1728 memcpy(&u32, h + 1, sizeof u32); 1729 if (ntohl(u32) != sp->lcp.magic) 1730 sp->pp_alivecnt = 0; 1731 break; 1732 default: 1733 /* Unknown packet type -- send Code-Reject packet. */ 1734 illegal: 1735 if (debug) 1736 addlog("%s: %s send code-rej for 0x%x\n", 1737 ifp->if_xname, cp->name, h->type); 1738 sppp_cp_send(sp, cp->proto, CODE_REJ, 1739 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1740 ++ifp->if_ierrors; 1741 } 1742 } 1743 1744 1745 /* 1746 * The generic part of all Up/Down/Open/Close/TO event handlers. 1747 * Basically, the state transition handling in the automaton. 1748 */ 1749 static void 1750 sppp_up_event(const struct cp *cp, struct sppp *sp) 1751 { 1752 STDDCL; 1753 1754 if (debug) 1755 log(LOG_DEBUG, "%s: %s up(%s)\n", 1756 ifp->if_xname, cp->name, 1757 sppp_state_name(sp->state[cp->protoidx])); 1758 1759 switch (sp->state[cp->protoidx]) { 1760 case STATE_INITIAL: 1761 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1762 break; 1763 case STATE_STARTING: 1764 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1765 (cp->scr)(sp); 1766 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1767 break; 1768 default: 1769 printf("%s: %s illegal up in state %s\n", 1770 ifp->if_xname, cp->name, 1771 sppp_state_name(sp->state[cp->protoidx])); 1772 } 1773 } 1774 1775 static void 1776 sppp_down_event(const struct cp *cp, struct sppp *sp) 1777 { 1778 STDDCL; 1779 1780 if (debug) 1781 log(LOG_DEBUG, "%s: %s down(%s)\n", 1782 ifp->if_xname, cp->name, 1783 sppp_state_name(sp->state[cp->protoidx])); 1784 1785 switch (sp->state[cp->protoidx]) { 1786 case STATE_CLOSED: 1787 case STATE_CLOSING: 1788 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1789 break; 1790 case STATE_STOPPED: 1791 (cp->tls)(sp); 1792 /* fall through */ 1793 case STATE_STOPPING: 1794 case STATE_REQ_SENT: 1795 case STATE_ACK_RCVD: 1796 case STATE_ACK_SENT: 1797 sppp_cp_change_state(cp, sp, STATE_STARTING); 1798 break; 1799 case STATE_OPENED: 1800 (cp->tld)(sp); 1801 sppp_cp_change_state(cp, sp, STATE_STARTING); 1802 break; 1803 default: 1804 printf("%s: %s illegal down in state %s\n", 1805 ifp->if_xname, cp->name, 1806 sppp_state_name(sp->state[cp->protoidx])); 1807 } 1808 } 1809 1810 1811 static void 1812 sppp_open_event(const struct cp *cp, struct sppp *sp) 1813 { 1814 STDDCL; 1815 1816 if (debug) 1817 log(LOG_DEBUG, "%s: %s open(%s)\n", 1818 ifp->if_xname, cp->name, 1819 sppp_state_name(sp->state[cp->protoidx])); 1820 1821 switch (sp->state[cp->protoidx]) { 1822 case STATE_INITIAL: 1823 sppp_cp_change_state(cp, sp, STATE_STARTING); 1824 (cp->tls)(sp); 1825 break; 1826 case STATE_STARTING: 1827 break; 1828 case STATE_CLOSED: 1829 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1830 (cp->scr)(sp); 1831 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1832 break; 1833 case STATE_STOPPED: 1834 case STATE_STOPPING: 1835 case STATE_REQ_SENT: 1836 case STATE_ACK_RCVD: 1837 case STATE_ACK_SENT: 1838 case STATE_OPENED: 1839 break; 1840 case STATE_CLOSING: 1841 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1842 break; 1843 } 1844 } 1845 1846 1847 static void 1848 sppp_close_event(const struct cp *cp, struct sppp *sp) 1849 { 1850 STDDCL; 1851 1852 if (debug) 1853 log(LOG_DEBUG, "%s: %s close(%s)\n", 1854 ifp->if_xname, cp->name, 1855 sppp_state_name(sp->state[cp->protoidx])); 1856 1857 switch (sp->state[cp->protoidx]) { 1858 case STATE_INITIAL: 1859 case STATE_CLOSED: 1860 case STATE_CLOSING: 1861 break; 1862 case STATE_STARTING: 1863 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1864 (cp->tlf)(sp); 1865 break; 1866 case STATE_STOPPED: 1867 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1868 break; 1869 case STATE_STOPPING: 1870 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1871 break; 1872 case STATE_OPENED: 1873 (cp->tld)(sp); 1874 /* fall through */ 1875 case STATE_REQ_SENT: 1876 case STATE_ACK_RCVD: 1877 case STATE_ACK_SENT: 1878 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1879 sppp_cp_send(sp, cp->proto, TERM_REQ, 1880 ++sp->pp_seq[cp->protoidx], 0, 0); 1881 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1882 break; 1883 } 1884 } 1885 1886 static void 1887 sppp_to_event(const struct cp *cp, struct sppp *sp) 1888 { 1889 STDDCL; 1890 int s; 1891 1892 s = splnet(); 1893 if (debug) 1894 log(LOG_DEBUG, "%s: %s TO(%s) rst_counter = %d\n", 1895 ifp->if_xname, cp->name, 1896 sppp_state_name(sp->state[cp->protoidx]), 1897 sp->rst_counter[cp->protoidx]); 1898 1899 if (--sp->rst_counter[cp->protoidx] < 0) 1900 /* TO- event */ 1901 switch (sp->state[cp->protoidx]) { 1902 case STATE_CLOSING: 1903 (cp->tlf)(sp); 1904 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1905 sppp_lcp_check_and_close(sp); 1906 break; 1907 case STATE_STOPPING: 1908 (cp->tlf)(sp); 1909 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1910 sppp_lcp_check_and_close(sp); 1911 break; 1912 case STATE_REQ_SENT: 1913 case STATE_ACK_RCVD: 1914 case STATE_ACK_SENT: 1915 (cp->tlf)(sp); 1916 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1917 sppp_lcp_check_and_close(sp); 1918 break; 1919 } 1920 else 1921 /* TO+ event */ 1922 switch (sp->state[cp->protoidx]) { 1923 case STATE_CLOSING: 1924 case STATE_STOPPING: 1925 sppp_cp_send(sp, cp->proto, TERM_REQ, 1926 ++sp->pp_seq[cp->protoidx], 0, 0); 1927 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1928 cp->TO, sp); 1929 break; 1930 case STATE_REQ_SENT: 1931 case STATE_ACK_RCVD: 1932 (cp->scr)(sp); 1933 /* sppp_cp_change_state() will restart the timer */ 1934 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1935 break; 1936 case STATE_ACK_SENT: 1937 (cp->scr)(sp); 1938 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1939 cp->TO, sp); 1940 break; 1941 } 1942 1943 splx(s); 1944 } 1945 1946 /* 1947 * Change the state of a control protocol in the state automaton. 1948 * Takes care of starting/stopping the restart timer. 1949 */ 1950 void 1951 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1952 { 1953 sp->state[cp->protoidx] = newstate; 1954 callout_stop(&sp->ch[cp->protoidx]); 1955 switch (newstate) { 1956 case STATE_INITIAL: 1957 case STATE_STARTING: 1958 case STATE_CLOSED: 1959 case STATE_STOPPED: 1960 case STATE_OPENED: 1961 break; 1962 case STATE_CLOSING: 1963 case STATE_STOPPING: 1964 case STATE_REQ_SENT: 1965 case STATE_ACK_RCVD: 1966 case STATE_ACK_SENT: 1967 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1968 cp->TO, sp); 1969 break; 1970 } 1971 } 1972 1973 /* 1974 *--------------------------------------------------------------------------* 1975 * * 1976 * The LCP implementation. * 1977 * * 1978 *--------------------------------------------------------------------------* 1979 */ 1980 static void 1981 sppp_lcp_init(struct sppp *sp) 1982 { 1983 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1984 sp->lcp.magic = 0; 1985 sp->state[IDX_LCP] = STATE_INITIAL; 1986 sp->fail_counter[IDX_LCP] = 0; 1987 sp->pp_seq[IDX_LCP] = 0; 1988 sp->pp_rseq[IDX_LCP] = 0; 1989 sp->lcp.protos = 0; 1990 if (sp->pp_if.if_mtu < PP_MTU) { 1991 sp->lcp.mru = sp->pp_if.if_mtu; 1992 sp->lcp.opts |= (1 << LCP_OPT_MRU); 1993 } else 1994 sp->lcp.mru = PP_MTU; 1995 sp->lcp.their_mru = PP_MTU; 1996 1997 /* 1998 * Initialize counters and timeout values. Note that we don't 1999 * use the 3 seconds suggested in RFC 1661 since we are likely 2000 * running on a fast link. XXX We should probably implement 2001 * the exponential backoff option. Note that these values are 2002 * relevant for all control protocols, not just LCP only. 2003 */ 2004 sp->lcp.timeout = 1 * hz; 2005 sp->lcp.max_terminate = 2; 2006 sp->lcp.max_configure = 10; 2007 sp->lcp.max_failure = 10; 2008 callout_init(&sp->ch[IDX_LCP], 0); 2009 } 2010 2011 static void 2012 sppp_lcp_up(struct sppp *sp) 2013 { 2014 STDDCL; 2015 2016 /* Initialize activity timestamp: opening a connection is an activity */ 2017 sp->pp_last_receive = sp->pp_last_activity = time_uptime; 2018 2019 /* 2020 * If this interface is passive or dial-on-demand, and we are 2021 * still in Initial state, it means we've got an incoming 2022 * call. Activate the interface. 2023 */ 2024 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2025 if (debug) 2026 log(LOG_DEBUG, 2027 "%s: Up event", ifp->if_xname); 2028 ifp->if_flags |= IFF_RUNNING; 2029 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2030 if (debug) 2031 addlog("(incoming call)\n"); 2032 sp->pp_flags |= PP_CALLIN; 2033 lcp.Open(sp); 2034 } else if (debug) 2035 addlog("\n"); 2036 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2037 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2038 ifp->if_flags |= IFF_RUNNING; 2039 lcp.Open(sp); 2040 } 2041 2042 sppp_up_event(&lcp, sp); 2043 } 2044 2045 static void 2046 sppp_lcp_down(struct sppp *sp) 2047 { 2048 STDDCL; 2049 2050 sppp_down_event(&lcp, sp); 2051 2052 /* 2053 * If this is neither a dial-on-demand nor a passive 2054 * interface, simulate an ``ifconfig down'' action, so the 2055 * administrator can force a redial by another ``ifconfig 2056 * up''. XXX For leased line operation, should we immediately 2057 * try to reopen the connection here? 2058 */ 2059 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2060 if (debug) 2061 log(LOG_INFO, 2062 "%s: Down event (carrier loss), taking interface down.\n", 2063 ifp->if_xname); 2064 if_down(ifp); 2065 } else { 2066 if (debug) 2067 log(LOG_DEBUG, 2068 "%s: Down event (carrier loss)\n", 2069 ifp->if_xname); 2070 } 2071 sp->pp_flags &= ~PP_CALLIN; 2072 if (sp->state[IDX_LCP] != STATE_INITIAL) 2073 lcp.Close(sp); 2074 ifp->if_flags &= ~IFF_RUNNING; 2075 } 2076 2077 static void 2078 sppp_lcp_open(struct sppp *sp) 2079 { 2080 /* 2081 * If we are authenticator, negotiate LCP_AUTH 2082 */ 2083 if (sp->hisauth.proto != 0) 2084 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2085 else 2086 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2087 sp->pp_flags &= ~PP_NEEDAUTH; 2088 sppp_open_event(&lcp, sp); 2089 } 2090 2091 static void 2092 sppp_lcp_close(struct sppp *sp) 2093 { 2094 sppp_close_event(&lcp, sp); 2095 } 2096 2097 static void 2098 sppp_lcp_TO(void *cookie) 2099 { 2100 sppp_to_event(&lcp, (struct sppp *)cookie); 2101 } 2102 2103 /* 2104 * Analyze a configure request. Return true if it was agreeable, and 2105 * caused action sca, false if it has been rejected or nak'ed, and 2106 * caused action scn. (The return value is used to make the state 2107 * transition decision in the state automaton.) 2108 */ 2109 static int 2110 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2111 { 2112 STDDCL; 2113 u_char *buf, *r, *p; 2114 int origlen, rlen; 2115 uint32_t nmagic; 2116 u_short authproto; 2117 2118 len -= 4; 2119 origlen = len; 2120 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2121 if (! buf) 2122 return (0); 2123 2124 if (debug) 2125 log(LOG_DEBUG, "%s: lcp parse opts:", 2126 ifp->if_xname); 2127 2128 /* pass 1: check for things that need to be rejected */ 2129 p = (void *)(h + 1); 2130 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2131 /* Sanity check option length */ 2132 if (p[1] > len) { 2133 /* 2134 * Malicious option - drop immediately. 2135 * XXX Maybe we should just RXJ it? 2136 */ 2137 addlog("%s: received malicious LCP option 0x%02x, " 2138 "length 0x%02x, (len: 0x%02x) dropping.\n", ifp->if_xname, 2139 p[0], p[1], len); 2140 goto drop; 2141 } 2142 if (debug) 2143 addlog(" %s", sppp_lcp_opt_name(*p)); 2144 switch (*p) { 2145 case LCP_OPT_MAGIC: 2146 /* Magic number. */ 2147 /* fall through, both are same length */ 2148 case LCP_OPT_ASYNC_MAP: 2149 /* Async control character map. */ 2150 if (len >= 6 || p[1] == 6) 2151 continue; 2152 if (debug) 2153 addlog(" [invalid]"); 2154 break; 2155 case LCP_OPT_MRU: 2156 /* Maximum receive unit. */ 2157 if (len >= 4 && p[1] == 4) 2158 continue; 2159 if (debug) 2160 addlog(" [invalid]"); 2161 break; 2162 case LCP_OPT_AUTH_PROTO: 2163 if (len < 4) { 2164 if (debug) 2165 addlog(" [invalid]"); 2166 break; 2167 } 2168 authproto = (p[2] << 8) + p[3]; 2169 if (authproto == PPP_CHAP && p[1] != 5) { 2170 if (debug) 2171 addlog(" [invalid chap len]"); 2172 break; 2173 } 2174 if (sp->myauth.proto == 0) { 2175 /* we are not configured to do auth */ 2176 if (debug) 2177 addlog(" [not configured]"); 2178 break; 2179 } 2180 /* 2181 * Remote want us to authenticate, remember this, 2182 * so we stay in SPPP_PHASE_AUTHENTICATE after LCP got 2183 * up. 2184 */ 2185 sp->pp_flags |= PP_NEEDAUTH; 2186 continue; 2187 default: 2188 /* Others not supported. */ 2189 if (debug) 2190 addlog(" [rej]"); 2191 break; 2192 } 2193 /* Add the option to rejected list. */ 2194 bcopy (p, r, p[1]); 2195 r += p[1]; 2196 rlen += p[1]; 2197 } 2198 if (rlen) { 2199 if (debug) 2200 addlog(" send conf-rej\n"); 2201 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2202 goto end; 2203 } else if (debug) 2204 addlog("\n"); 2205 2206 /* 2207 * pass 2: check for option values that are unacceptable and 2208 * thus require to be nak'ed. 2209 */ 2210 if (debug) 2211 log(LOG_DEBUG, "%s: lcp parse opt values: ", 2212 ifp->if_xname); 2213 2214 p = (void *)(h + 1); 2215 len = origlen; 2216 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2217 if (debug) 2218 addlog(" %s", sppp_lcp_opt_name(*p)); 2219 switch (*p) { 2220 case LCP_OPT_MAGIC: 2221 /* Magic number -- extract. */ 2222 nmagic = (uint32_t)p[2] << 24 | 2223 (uint32_t)p[3] << 16 | p[4] << 8 | p[5]; 2224 if (nmagic != sp->lcp.magic) { 2225 if (debug) 2226 addlog(" 0x%x", nmagic); 2227 continue; 2228 } 2229 /* 2230 * Local and remote magics equal -- loopback? 2231 */ 2232 if (sp->pp_loopcnt >= LOOPALIVECNT*5) { 2233 printf ("%s: loopback\n", 2234 ifp->if_xname); 2235 sp->pp_loopcnt = 0; 2236 if (ifp->if_flags & IFF_UP) { 2237 if_down(ifp); 2238 IF_PURGE(&sp->pp_cpq); 2239 /* XXX ? */ 2240 lcp.Down(sp); 2241 lcp.Up(sp); 2242 } 2243 } else if (debug) 2244 addlog(" [glitch]"); 2245 ++sp->pp_loopcnt; 2246 /* 2247 * We negate our magic here, and NAK it. If 2248 * we see it later in an NAK packet, we 2249 * suggest a new one. 2250 */ 2251 nmagic = ~sp->lcp.magic; 2252 /* Gonna NAK it. */ 2253 p[2] = nmagic >> 24; 2254 p[3] = nmagic >> 16; 2255 p[4] = nmagic >> 8; 2256 p[5] = nmagic; 2257 break; 2258 2259 case LCP_OPT_ASYNC_MAP: 2260 /* 2261 * Async control character map -- just ignore it. 2262 * 2263 * Quote from RFC 1662, chapter 6: 2264 * To enable this functionality, synchronous PPP 2265 * implementations MUST always respond to the 2266 * Async-Control-Character-Map Configuration 2267 * Option with the LCP Configure-Ack. However, 2268 * acceptance of the Configuration Option does 2269 * not imply that the synchronous implementation 2270 * will do any ACCM mapping. Instead, all such 2271 * octet mapping will be performed by the 2272 * asynchronous-to-synchronous converter. 2273 */ 2274 continue; 2275 2276 case LCP_OPT_MRU: 2277 /* 2278 * Maximum receive unit. Always agreeable, 2279 * but ignored by now. 2280 */ 2281 sp->lcp.their_mru = p[2] * 256 + p[3]; 2282 if (debug) 2283 addlog(" %ld", sp->lcp.their_mru); 2284 continue; 2285 2286 case LCP_OPT_AUTH_PROTO: 2287 authproto = (p[2] << 8) + p[3]; 2288 if (sp->myauth.proto != authproto) { 2289 /* not agreed, nak */ 2290 if (debug) 2291 addlog(" [mine %s != his %s]", 2292 sppp_proto_name(sp->myauth.proto), 2293 sppp_proto_name(authproto)); 2294 p[2] = sp->myauth.proto >> 8; 2295 p[3] = sp->myauth.proto; 2296 break; 2297 } 2298 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2299 if (debug) 2300 addlog(" [chap not MD5]"); 2301 p[4] = CHAP_MD5; 2302 break; 2303 } 2304 continue; 2305 } 2306 /* Add the option to nak'ed list. */ 2307 bcopy (p, r, p[1]); 2308 r += p[1]; 2309 rlen += p[1]; 2310 } 2311 if (rlen) { 2312 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2313 if (debug) 2314 addlog(" max_failure (%d) exceeded, " 2315 "send conf-rej\n", 2316 sp->lcp.max_failure); 2317 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2318 } else { 2319 if (debug) 2320 addlog(" send conf-nak\n"); 2321 sppp_cp_send(sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2322 } 2323 goto end; 2324 } else { 2325 if (debug) 2326 addlog(" send conf-ack\n"); 2327 sp->fail_counter[IDX_LCP] = 0; 2328 sp->pp_loopcnt = 0; 2329 sppp_cp_send(sp, PPP_LCP, CONF_ACK, h->ident, origlen, h + 1); 2330 } 2331 2332 end: 2333 free(buf, M_TEMP); 2334 return (rlen == 0); 2335 2336 drop: 2337 free(buf, M_TEMP); 2338 return -1; 2339 } 2340 2341 /* 2342 * Analyze the LCP Configure-Reject option list, and adjust our 2343 * negotiation. 2344 */ 2345 static void 2346 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2347 { 2348 STDDCL; 2349 u_char *buf, *p; 2350 2351 len -= 4; 2352 buf = malloc (len, M_TEMP, M_NOWAIT); 2353 if (!buf) 2354 return; 2355 2356 if (debug) 2357 log(LOG_DEBUG, "%s: lcp rej opts:", 2358 ifp->if_xname); 2359 2360 p = (void *)(h + 1); 2361 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2362 /* Sanity check option length */ 2363 if (p[1] > len) { 2364 /* 2365 * Malicious option - drop immediately. 2366 * XXX Maybe we should just RXJ it? 2367 */ 2368 addlog("%s: received malicious LCP option, " 2369 "dropping.\n", ifp->if_xname); 2370 goto drop; 2371 } 2372 if (debug) 2373 addlog(" %s", sppp_lcp_opt_name(*p)); 2374 switch (*p) { 2375 case LCP_OPT_MAGIC: 2376 /* Magic number -- can't use it, use 0 */ 2377 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2378 sp->lcp.magic = 0; 2379 break; 2380 case LCP_OPT_MRU: 2381 /* 2382 * We try to negotiate a lower MRU if the underlying 2383 * link's MTU is less than PP_MTU (e.g. PPPoE). If the 2384 * peer rejects this lower rate, fallback to the 2385 * default. 2386 */ 2387 if (debug) { 2388 addlog("%s: warning: peer rejected our MRU of " 2389 "%ld bytes. Defaulting to %d bytes\n", 2390 ifp->if_xname, sp->lcp.mru, PP_MTU); 2391 } 2392 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2393 sp->lcp.mru = PP_MTU; 2394 break; 2395 case LCP_OPT_AUTH_PROTO: 2396 /* 2397 * Peer doesn't want to authenticate himself, 2398 * deny unless this is a dialout call, and 2399 * SPPP_AUTHFLAG_NOCALLOUT is set. 2400 */ 2401 if ((sp->pp_flags & PP_CALLIN) == 0 && 2402 (sp->hisauth.flags & SPPP_AUTHFLAG_NOCALLOUT) != 0) { 2403 if (debug) 2404 addlog(" [don't insist on auth " 2405 "for callout]"); 2406 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2407 break; 2408 } 2409 if (debug) 2410 addlog("[access denied]\n"); 2411 lcp.Close(sp); 2412 break; 2413 } 2414 } 2415 if (debug) 2416 addlog("\n"); 2417 drop: 2418 free(buf, M_TEMP); 2419 return; 2420 } 2421 2422 /* 2423 * Analyze the LCP Configure-NAK option list, and adjust our 2424 * negotiation. 2425 */ 2426 static void 2427 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2428 { 2429 STDDCL; 2430 u_char *buf, *p; 2431 uint32_t magic; 2432 2433 len -= 4; 2434 buf = malloc (len, M_TEMP, M_NOWAIT); 2435 if (!buf) 2436 return; 2437 2438 if (debug) 2439 log(LOG_DEBUG, "%s: lcp nak opts:", 2440 ifp->if_xname); 2441 2442 p = (void *)(h + 1); 2443 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2444 /* Sanity check option length */ 2445 if (p[1] > len) { 2446 /* 2447 * Malicious option - drop immediately. 2448 * XXX Maybe we should just RXJ it? 2449 */ 2450 addlog("%s: received malicious LCP option, " 2451 "dropping.\n", ifp->if_xname); 2452 goto drop; 2453 } 2454 if (debug) 2455 addlog(" %s", sppp_lcp_opt_name(*p)); 2456 switch (*p) { 2457 case LCP_OPT_MAGIC: 2458 /* Magic number -- renegotiate */ 2459 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2460 len >= 6 && p[1] == 6) { 2461 magic = (uint32_t)p[2] << 24 | 2462 (uint32_t)p[3] << 16 | p[4] << 8 | p[5]; 2463 /* 2464 * If the remote magic is our negated one, 2465 * this looks like a loopback problem. 2466 * Suggest a new magic to make sure. 2467 */ 2468 if (magic == ~sp->lcp.magic) { 2469 if (debug) 2470 addlog(" magic glitch"); 2471 sp->lcp.magic = arc4random(); 2472 } else { 2473 sp->lcp.magic = magic; 2474 if (debug) 2475 addlog(" %d", magic); 2476 } 2477 } 2478 break; 2479 case LCP_OPT_MRU: 2480 /* 2481 * Peer wants to advise us to negotiate an MRU. 2482 * Agree on it if it's reasonable, or use 2483 * default otherwise. 2484 */ 2485 if (len >= 4 && p[1] == 4) { 2486 u_int mru = p[2] * 256 + p[3]; 2487 if (debug) 2488 addlog(" %d", mru); 2489 if (mru < PPP_MINMRU || mru > sp->pp_if.if_mtu) 2490 mru = sp->pp_if.if_mtu; 2491 sp->lcp.mru = mru; 2492 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2493 } 2494 break; 2495 case LCP_OPT_AUTH_PROTO: 2496 /* 2497 * Peer doesn't like our authentication method, 2498 * deny. 2499 */ 2500 if (debug) 2501 addlog("[access denied]\n"); 2502 lcp.Close(sp); 2503 break; 2504 } 2505 } 2506 if (debug) 2507 addlog("\n"); 2508 drop: 2509 free(buf, M_TEMP); 2510 return; 2511 } 2512 2513 static void 2514 sppp_lcp_tlu(struct sppp *sp) 2515 { 2516 STDDCL; 2517 int i; 2518 uint32_t mask; 2519 2520 /* XXX ? */ 2521 if (! (ifp->if_flags & IFF_UP) && 2522 (ifp->if_flags & IFF_RUNNING)) { 2523 /* Coming out of loopback mode. */ 2524 if_up(ifp); 2525 } 2526 2527 for (i = 0; i < IDX_COUNT; i++) 2528 if ((cps[i])->flags & CP_QUAL) 2529 (cps[i])->Open(sp); 2530 2531 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2532 (sp->pp_flags & PP_NEEDAUTH) != 0) 2533 sp->pp_phase = SPPP_PHASE_AUTHENTICATE; 2534 else 2535 sp->pp_phase = SPPP_PHASE_NETWORK; 2536 2537 if (debug) 2538 { 2539 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 2540 sppp_phase_name(sp->pp_phase)); 2541 } 2542 2543 /* 2544 * Open all authentication protocols. This is even required 2545 * if we already proceeded to network phase, since it might be 2546 * that remote wants us to authenticate, so we might have to 2547 * send a PAP request. Undesired authentication protocols 2548 * don't do anything when they get an Open event. 2549 */ 2550 for (i = 0; i < IDX_COUNT; i++) 2551 if ((cps[i])->flags & CP_AUTH) 2552 (cps[i])->Open(sp); 2553 2554 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 2555 /* Notify all NCPs. */ 2556 for (i = 0; i < IDX_COUNT; i++) 2557 if ((cps[i])->flags & CP_NCP) 2558 (cps[i])->Open(sp); 2559 } 2560 2561 /* Send Up events to all started protos. */ 2562 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2563 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2564 (cps[i])->Up(sp); 2565 2566 /* notify low-level driver of state change */ 2567 if (sp->pp_chg) 2568 sp->pp_chg(sp, (int)sp->pp_phase); 2569 2570 if (sp->pp_phase == SPPP_PHASE_NETWORK) 2571 /* if no NCP is starting, close down */ 2572 sppp_lcp_check_and_close(sp); 2573 } 2574 2575 static void 2576 sppp_lcp_tld(struct sppp *sp) 2577 { 2578 STDDCL; 2579 int i; 2580 uint32_t mask; 2581 2582 sp->pp_phase = SPPP_PHASE_TERMINATE; 2583 2584 if (debug) 2585 { 2586 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 2587 sppp_phase_name(sp->pp_phase)); 2588 } 2589 2590 /* 2591 * Take upper layers down. We send the Down event first and 2592 * the Close second to prevent the upper layers from sending 2593 * ``a flurry of terminate-request packets'', as the RFC 2594 * describes it. 2595 */ 2596 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2597 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2598 (cps[i])->Down(sp); 2599 (cps[i])->Close(sp); 2600 } 2601 } 2602 2603 static void 2604 sppp_lcp_tls(struct sppp *sp) 2605 { 2606 STDDCL; 2607 2608 if (sp->pp_max_auth_fail != 0 && sp->pp_auth_failures >= sp->pp_max_auth_fail) { 2609 printf("%s: authentication failed %d times, not retrying again\n", 2610 sp->pp_if.if_xname, sp->pp_auth_failures); 2611 if_down(&sp->pp_if); 2612 return; 2613 } 2614 2615 sp->pp_phase = SPPP_PHASE_ESTABLISH; 2616 2617 if (debug) 2618 { 2619 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 2620 sppp_phase_name(sp->pp_phase)); 2621 } 2622 2623 /* Notify lower layer if desired. */ 2624 if (sp->pp_tls) 2625 (sp->pp_tls)(sp); 2626 } 2627 2628 static void 2629 sppp_lcp_tlf(struct sppp *sp) 2630 { 2631 STDDCL; 2632 2633 sp->pp_phase = SPPP_PHASE_DEAD; 2634 2635 if (debug) 2636 { 2637 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 2638 sppp_phase_name(sp->pp_phase)); 2639 } 2640 2641 /* Notify lower layer if desired. */ 2642 if (sp->pp_tlf) 2643 (sp->pp_tlf)(sp); 2644 } 2645 2646 static void 2647 sppp_lcp_scr(struct sppp *sp) 2648 { 2649 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2650 int i = 0; 2651 u_short authproto; 2652 2653 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2654 if (! sp->lcp.magic) 2655 sp->lcp.magic = arc4random(); 2656 opt[i++] = LCP_OPT_MAGIC; 2657 opt[i++] = 6; 2658 opt[i++] = sp->lcp.magic >> 24; 2659 opt[i++] = sp->lcp.magic >> 16; 2660 opt[i++] = sp->lcp.magic >> 8; 2661 opt[i++] = sp->lcp.magic; 2662 } 2663 2664 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2665 opt[i++] = LCP_OPT_MRU; 2666 opt[i++] = 4; 2667 opt[i++] = sp->lcp.mru >> 8; 2668 opt[i++] = sp->lcp.mru; 2669 } 2670 2671 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2672 authproto = sp->hisauth.proto; 2673 opt[i++] = LCP_OPT_AUTH_PROTO; 2674 opt[i++] = authproto == PPP_CHAP? 5: 4; 2675 opt[i++] = authproto >> 8; 2676 opt[i++] = authproto; 2677 if (authproto == PPP_CHAP) 2678 opt[i++] = CHAP_MD5; 2679 } 2680 2681 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2682 sppp_cp_send(sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2683 } 2684 2685 /* 2686 * Check the open NCPs, return true if at least one NCP is open. 2687 */ 2688 static int 2689 sppp_ncp_check(struct sppp *sp) 2690 { 2691 int i, mask; 2692 2693 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2694 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2695 return 1; 2696 return 0; 2697 } 2698 2699 /* 2700 * Re-check the open NCPs and see if we should terminate the link. 2701 * Called by the NCPs during their tlf action handling. 2702 */ 2703 static void 2704 sppp_lcp_check_and_close(struct sppp *sp) 2705 { 2706 2707 if (sp->pp_phase < SPPP_PHASE_NETWORK) 2708 /* don't bother, we are already going down */ 2709 return; 2710 2711 if (sppp_ncp_check(sp)) 2712 return; 2713 2714 lcp.Close(sp); 2715 } 2716 2717 2718 /* 2719 *--------------------------------------------------------------------------* 2720 * * 2721 * The IPCP implementation. * 2722 * * 2723 *--------------------------------------------------------------------------* 2724 */ 2725 2726 static void 2727 sppp_ipcp_init(struct sppp *sp) 2728 { 2729 sp->ipcp.opts = 0; 2730 sp->ipcp.flags = 0; 2731 sp->state[IDX_IPCP] = STATE_INITIAL; 2732 sp->fail_counter[IDX_IPCP] = 0; 2733 sp->pp_seq[IDX_IPCP] = 0; 2734 sp->pp_rseq[IDX_IPCP] = 0; 2735 callout_init(&sp->ch[IDX_IPCP], 0); 2736 } 2737 2738 static void 2739 sppp_ipcp_up(struct sppp *sp) 2740 { 2741 sppp_up_event(&ipcp, sp); 2742 } 2743 2744 static void 2745 sppp_ipcp_down(struct sppp *sp) 2746 { 2747 sppp_down_event(&ipcp, sp); 2748 } 2749 2750 static void 2751 sppp_ipcp_open(struct sppp *sp) 2752 { 2753 STDDCL; 2754 uint32_t myaddr, hisaddr; 2755 2756 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN|IPCP_HISADDR_DYN); 2757 sp->ipcp.req_myaddr = 0; 2758 sp->ipcp.req_hisaddr = 0; 2759 memset(&sp->dns_addrs, 0, sizeof sp->dns_addrs); 2760 2761 #ifdef INET 2762 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2763 #else 2764 myaddr = hisaddr = 0; 2765 #endif 2766 /* 2767 * If we don't have his address, this probably means our 2768 * interface doesn't want to talk IP at all. (This could 2769 * be the case if somebody wants to speak only IPX, for 2770 * example.) Don't open IPCP in this case. 2771 */ 2772 if (hisaddr == 0) { 2773 /* XXX this message should go away */ 2774 if (debug) 2775 log(LOG_DEBUG, "%s: ipcp_open(): no IP interface\n", 2776 ifp->if_xname); 2777 return; 2778 } 2779 2780 if (myaddr == 0) { 2781 /* 2782 * I don't have an assigned address, so i need to 2783 * negotiate my address. 2784 */ 2785 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2786 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2787 } 2788 if (hisaddr == 1) { 2789 /* 2790 * XXX - remove this hack! 2791 * remote has no valid address, we need to get one assigned. 2792 */ 2793 sp->ipcp.flags |= IPCP_HISADDR_DYN; 2794 } 2795 sppp_open_event(&ipcp, sp); 2796 } 2797 2798 static void 2799 sppp_ipcp_close(struct sppp *sp) 2800 { 2801 STDDCL; 2802 2803 sppp_close_event(&ipcp, sp); 2804 #ifdef INET 2805 if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN)) 2806 /* 2807 * Some address was dynamic, clear it again. 2808 */ 2809 sppp_clear_ip_addrs(sp); 2810 #endif 2811 2812 if (sp->pp_saved_mtu > 0) { 2813 ifp->if_mtu = sp->pp_saved_mtu; 2814 sp->pp_saved_mtu = 0; 2815 if (debug) 2816 log(LOG_DEBUG, 2817 "%s: resetting MTU to %" PRIu64 " bytes\n", 2818 ifp->if_xname, ifp->if_mtu); 2819 } 2820 } 2821 2822 static void 2823 sppp_ipcp_TO(void *cookie) 2824 { 2825 sppp_to_event(&ipcp, (struct sppp *)cookie); 2826 } 2827 2828 /* 2829 * Analyze a configure request. Return true if it was agreeable, and 2830 * caused action sca, false if it has been rejected or nak'ed, and 2831 * caused action scn. (The return value is used to make the state 2832 * transition decision in the state automaton.) 2833 */ 2834 static int 2835 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2836 { 2837 u_char *buf, *r, *p; 2838 struct ifnet *ifp = &sp->pp_if; 2839 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2840 uint32_t hisaddr, desiredaddr; 2841 2842 len -= 4; 2843 origlen = len; 2844 /* 2845 * Make sure to allocate a buf that can at least hold a 2846 * conf-nak with an `address' option. We might need it below. 2847 */ 2848 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2849 if (! buf) 2850 return (0); 2851 2852 /* pass 1: see if we can recognize them */ 2853 if (debug) 2854 log(LOG_DEBUG, "%s: ipcp parse opts:", 2855 ifp->if_xname); 2856 p = (void *)(h + 1); 2857 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2858 /* Sanity check option length */ 2859 if (p[1] > len) { 2860 /* XXX should we just RXJ? */ 2861 addlog("%s: malicious IPCP option received, dropping\n", 2862 ifp->if_xname); 2863 goto drop; 2864 } 2865 if (debug) 2866 addlog(" %s", sppp_ipcp_opt_name(*p)); 2867 switch (*p) { 2868 #ifdef notyet 2869 case IPCP_OPT_COMPRESSION: 2870 if (len >= 6 && p[1] >= 6) { 2871 /* correctly formed compress option */ 2872 continue; 2873 } 2874 if (debug) 2875 addlog(" [invalid]"); 2876 break; 2877 #endif 2878 case IPCP_OPT_ADDRESS: 2879 if (len >= 6 && p[1] == 6) { 2880 /* correctly formed address option */ 2881 continue; 2882 } 2883 if (debug) 2884 addlog(" [invalid]"); 2885 break; 2886 default: 2887 /* Others not supported. */ 2888 if (debug) 2889 addlog(" [rej]"); 2890 break; 2891 } 2892 /* Add the option to rejected list. */ 2893 bcopy (p, r, p[1]); 2894 r += p[1]; 2895 rlen += p[1]; 2896 } 2897 if (rlen) { 2898 if (debug) 2899 addlog(" send conf-rej\n"); 2900 sppp_cp_send(sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2901 goto end; 2902 } else if (debug) 2903 addlog("\n"); 2904 2905 /* pass 2: parse option values */ 2906 if (sp->ipcp.flags & IPCP_HISADDR_SEEN) 2907 hisaddr = sp->ipcp.req_hisaddr; /* we already aggreed on that */ 2908 else 2909 #ifdef INET 2910 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */ 2911 #else 2912 hisaddr = 0; 2913 #endif 2914 if (debug) 2915 log(LOG_DEBUG, "%s: ipcp parse opt values: ", 2916 ifp->if_xname); 2917 p = (void *)(h + 1); 2918 len = origlen; 2919 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2920 if (debug) 2921 addlog(" %s", sppp_ipcp_opt_name(*p)); 2922 switch (*p) { 2923 #ifdef notyet 2924 case IPCP_OPT_COMPRESSION: 2925 continue; 2926 #endif 2927 case IPCP_OPT_ADDRESS: 2928 desiredaddr = p[2] << 24 | p[3] << 16 | 2929 p[4] << 8 | p[5]; 2930 if (desiredaddr == hisaddr || 2931 ((sp->ipcp.flags & IPCP_HISADDR_DYN) && desiredaddr != 0)) { 2932 /* 2933 * Peer's address is same as our value, 2934 * this is agreeable. Gonna conf-ack 2935 * it. 2936 */ 2937 if (debug) 2938 addlog(" %s [ack]", 2939 sppp_dotted_quad(hisaddr)); 2940 /* record that we've seen it already */ 2941 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2942 sp->ipcp.req_hisaddr = desiredaddr; 2943 hisaddr = desiredaddr; 2944 continue; 2945 } 2946 /* 2947 * The address wasn't agreeable. This is either 2948 * he sent us 0.0.0.0, asking to assign him an 2949 * address, or he send us another address not 2950 * matching our value. Either case, we gonna 2951 * conf-nak it with our value. 2952 */ 2953 if (debug) { 2954 if (desiredaddr == 0) 2955 addlog(" [addr requested]"); 2956 else 2957 addlog(" %s [not agreed]", 2958 sppp_dotted_quad(desiredaddr)); 2959 } 2960 2961 p[2] = hisaddr >> 24; 2962 p[3] = hisaddr >> 16; 2963 p[4] = hisaddr >> 8; 2964 p[5] = hisaddr; 2965 break; 2966 } 2967 /* Add the option to nak'ed list. */ 2968 bcopy (p, r, p[1]); 2969 r += p[1]; 2970 rlen += p[1]; 2971 } 2972 2973 /* 2974 * If we are about to conf-ack the request, but haven't seen 2975 * his address so far, gonna conf-nak it instead, with the 2976 * `address' option present and our idea of his address being 2977 * filled in there, to request negotiation of both addresses. 2978 * 2979 * XXX This can result in an endless req - nak loop if peer 2980 * doesn't want to send us his address. Q: What should we do 2981 * about it? XXX A: implement the max-failure counter. 2982 */ 2983 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) { 2984 buf[0] = IPCP_OPT_ADDRESS; 2985 buf[1] = 6; 2986 buf[2] = hisaddr >> 24; 2987 buf[3] = hisaddr >> 16; 2988 buf[4] = hisaddr >> 8; 2989 buf[5] = hisaddr; 2990 rlen = 6; 2991 if (debug) 2992 addlog(" still need hisaddr"); 2993 } 2994 2995 if (rlen) { 2996 if (debug) 2997 addlog(" send conf-nak\n"); 2998 sppp_cp_send(sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2999 } else { 3000 if (debug) 3001 addlog(" send conf-ack\n"); 3002 sppp_cp_send(sp, PPP_IPCP, CONF_ACK, h->ident, origlen, h + 1); 3003 } 3004 3005 end: 3006 free(buf, M_TEMP); 3007 return (rlen == 0); 3008 3009 drop: 3010 free(buf, M_TEMP); 3011 return -1; 3012 } 3013 3014 /* 3015 * Analyze the IPCP Configure-Reject option list, and adjust our 3016 * negotiation. 3017 */ 3018 static void 3019 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3020 { 3021 u_char *buf, *p; 3022 struct ifnet *ifp = &sp->pp_if; 3023 int debug = ifp->if_flags & IFF_DEBUG; 3024 3025 len -= 4; 3026 buf = malloc (len, M_TEMP, M_NOWAIT); 3027 if (!buf) 3028 return; 3029 3030 if (debug) 3031 log(LOG_DEBUG, "%s: ipcp rej opts:", 3032 ifp->if_xname); 3033 3034 p = (void *)(h + 1); 3035 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3036 /* Sanity check option length */ 3037 if (p[1] > len) { 3038 /* XXX should we just RXJ? */ 3039 addlog("%s: malicious IPCP option received, dropping\n", 3040 ifp->if_xname); 3041 goto drop; 3042 } 3043 if (debug) 3044 addlog(" %s", sppp_ipcp_opt_name(*p)); 3045 switch (*p) { 3046 case IPCP_OPT_ADDRESS: 3047 /* 3048 * Peer doesn't grok address option. This is 3049 * bad. XXX Should we better give up here? 3050 */ 3051 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3052 break; 3053 #ifdef notyet 3054 case IPCP_OPT_COMPRESS: 3055 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS); 3056 break; 3057 #endif 3058 } 3059 } 3060 if (debug) 3061 addlog("\n"); 3062 drop: 3063 free(buf, M_TEMP); 3064 return; 3065 } 3066 3067 /* 3068 * Analyze the IPCP Configure-NAK option list, and adjust our 3069 * negotiation. 3070 */ 3071 static void 3072 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3073 { 3074 u_char *p; 3075 struct ifnet *ifp = &sp->pp_if; 3076 int debug = ifp->if_flags & IFF_DEBUG; 3077 uint32_t wantaddr; 3078 3079 len -= 4; 3080 3081 if (debug) 3082 log(LOG_DEBUG, "%s: ipcp nak opts:", 3083 ifp->if_xname); 3084 3085 p = (void *)(h + 1); 3086 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3087 /* Sanity check option length */ 3088 if (p[1] > len) { 3089 /* XXX should we just RXJ? */ 3090 addlog("%s: malicious IPCP option received, dropping\n", 3091 ifp->if_xname); 3092 return; 3093 } 3094 if (debug) 3095 addlog(" %s", sppp_ipcp_opt_name(*p)); 3096 switch (*p) { 3097 case IPCP_OPT_ADDRESS: 3098 /* 3099 * Peer doesn't like our local IP address. See 3100 * if we can do something for him. We'll drop 3101 * him our address then. 3102 */ 3103 if (len >= 6 && p[1] == 6) { 3104 wantaddr = p[2] << 24 | p[3] << 16 | 3105 p[4] << 8 | p[5]; 3106 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3107 if (debug) 3108 addlog(" [wantaddr %s]", 3109 sppp_dotted_quad(wantaddr)); 3110 /* 3111 * When doing dynamic address assignment, 3112 * we accept his offer. Otherwise, we 3113 * ignore it and thus continue to negotiate 3114 * our already existing value. 3115 */ 3116 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3117 if (debug) 3118 addlog(" [agree]"); 3119 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3120 sp->ipcp.req_myaddr = wantaddr; 3121 } 3122 } 3123 break; 3124 3125 case IPCP_OPT_PRIMDNS: 3126 if (len >= 6 && p[1] == 6) { 3127 sp->dns_addrs[0] = p[2] << 24 | p[3] << 16 | 3128 p[4] << 8 | p[5]; 3129 } 3130 break; 3131 3132 case IPCP_OPT_SECDNS: 3133 if (len >= 6 && p[1] == 6) { 3134 sp->dns_addrs[1] = p[2] << 24 | p[3] << 16 | 3135 p[4] << 8 | p[5]; 3136 } 3137 break; 3138 #ifdef notyet 3139 case IPCP_OPT_COMPRESS: 3140 /* 3141 * Peer wants different compression parameters. 3142 */ 3143 break; 3144 #endif 3145 } 3146 } 3147 if (debug) 3148 addlog("\n"); 3149 } 3150 3151 static void 3152 sppp_ipcp_tlu(struct sppp *sp) 3153 { 3154 #ifdef INET 3155 /* we are up. Set addresses and notify anyone interested */ 3156 STDDCL; 3157 uint32_t myaddr, hisaddr; 3158 3159 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 3160 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && (sp->ipcp.flags & IPCP_MYADDR_SEEN)) 3161 myaddr = sp->ipcp.req_myaddr; 3162 if ((sp->ipcp.flags & IPCP_HISADDR_DYN) && (sp->ipcp.flags & IPCP_HISADDR_SEEN)) 3163 hisaddr = sp->ipcp.req_hisaddr; 3164 sppp_set_ip_addrs(sp, myaddr, hisaddr); 3165 3166 if (ifp->if_mtu > sp->lcp.their_mru) { 3167 sp->pp_saved_mtu = ifp->if_mtu; 3168 ifp->if_mtu = sp->lcp.their_mru; 3169 if (debug) 3170 log(LOG_DEBUG, 3171 "%s: setting MTU to %" PRIu64 " bytes\n", 3172 ifp->if_xname, ifp->if_mtu); 3173 } 3174 3175 if (sp->pp_con) 3176 sp->pp_con(sp); 3177 #endif 3178 } 3179 3180 static void 3181 sppp_ipcp_tld(struct sppp *sp) 3182 { 3183 } 3184 3185 static void 3186 sppp_ipcp_tls(struct sppp *sp) 3187 { 3188 /* indicate to LCP that it must stay alive */ 3189 sp->lcp.protos |= (1 << IDX_IPCP); 3190 } 3191 3192 static void 3193 sppp_ipcp_tlf(struct sppp *sp) 3194 { 3195 /* we no longer need LCP */ 3196 sp->lcp.protos &= ~(1 << IDX_IPCP); 3197 } 3198 3199 static void 3200 sppp_ipcp_scr(struct sppp *sp) 3201 { 3202 char opt[6 /* compression */ + 6 /* address */ + 12 /* dns addresses */]; 3203 #ifdef INET 3204 uint32_t ouraddr; 3205 #endif 3206 int i = 0; 3207 3208 #ifdef notyet 3209 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3210 opt[i++] = IPCP_OPT_COMPRESSION; 3211 opt[i++] = 6; 3212 opt[i++] = 0; /* VJ header compression */ 3213 opt[i++] = 0x2d; /* VJ header compression */ 3214 opt[i++] = max_slot_id; 3215 opt[i++] = comp_slot_id; 3216 } 3217 #endif 3218 3219 #ifdef INET 3220 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3221 if (sp->ipcp.flags & IPCP_MYADDR_SEEN) 3222 ouraddr = sp->ipcp.req_myaddr; /* not sure if this can ever happen */ 3223 else 3224 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3225 opt[i++] = IPCP_OPT_ADDRESS; 3226 opt[i++] = 6; 3227 opt[i++] = ouraddr >> 24; 3228 opt[i++] = ouraddr >> 16; 3229 opt[i++] = ouraddr >> 8; 3230 opt[i++] = ouraddr; 3231 } 3232 #endif 3233 3234 if (sp->query_dns & 1) { 3235 opt[i++] = IPCP_OPT_PRIMDNS; 3236 opt[i++] = 6; 3237 opt[i++] = sp->dns_addrs[0] >> 24; 3238 opt[i++] = sp->dns_addrs[0] >> 16; 3239 opt[i++] = sp->dns_addrs[0] >> 8; 3240 opt[i++] = sp->dns_addrs[0]; 3241 } 3242 if (sp->query_dns & 2) { 3243 opt[i++] = IPCP_OPT_SECDNS; 3244 opt[i++] = 6; 3245 opt[i++] = sp->dns_addrs[1] >> 24; 3246 opt[i++] = sp->dns_addrs[1] >> 16; 3247 opt[i++] = sp->dns_addrs[1] >> 8; 3248 opt[i++] = sp->dns_addrs[1]; 3249 } 3250 3251 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3252 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3253 } 3254 3255 3256 /* 3257 *--------------------------------------------------------------------------* 3258 * * 3259 * The IPv6CP implementation. * 3260 * * 3261 *--------------------------------------------------------------------------* 3262 */ 3263 3264 #ifdef INET6 3265 static void 3266 sppp_ipv6cp_init(struct sppp *sp) 3267 { 3268 sp->ipv6cp.opts = 0; 3269 sp->ipv6cp.flags = 0; 3270 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3271 sp->fail_counter[IDX_IPV6CP] = 0; 3272 sp->pp_seq[IDX_IPV6CP] = 0; 3273 sp->pp_rseq[IDX_IPV6CP] = 0; 3274 callout_init(&sp->ch[IDX_IPV6CP], 0); 3275 } 3276 3277 static void 3278 sppp_ipv6cp_up(struct sppp *sp) 3279 { 3280 sppp_up_event(&ipv6cp, sp); 3281 } 3282 3283 static void 3284 sppp_ipv6cp_down(struct sppp *sp) 3285 { 3286 sppp_down_event(&ipv6cp, sp); 3287 } 3288 3289 static void 3290 sppp_ipv6cp_open(struct sppp *sp) 3291 { 3292 STDDCL; 3293 struct in6_addr myaddr, hisaddr; 3294 3295 #ifdef IPV6CP_MYIFID_DYN 3296 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3297 #else 3298 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3299 #endif 3300 3301 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3302 /* 3303 * If we don't have our address, this probably means our 3304 * interface doesn't want to talk IPv6 at all. (This could 3305 * be the case if somebody wants to speak only IPX, for 3306 * example.) Don't open IPv6CP in this case. 3307 */ 3308 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3309 /* XXX this message should go away */ 3310 if (debug) 3311 log(LOG_DEBUG, "%s: ipv6cp_open(): no IPv6 interface\n", 3312 ifp->if_xname); 3313 return; 3314 } 3315 3316 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3317 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3318 sppp_open_event(&ipv6cp, sp); 3319 } 3320 3321 static void 3322 sppp_ipv6cp_close(struct sppp *sp) 3323 { 3324 sppp_close_event(&ipv6cp, sp); 3325 } 3326 3327 static void 3328 sppp_ipv6cp_TO(void *cookie) 3329 { 3330 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3331 } 3332 3333 /* 3334 * Analyze a configure request. Return true if it was agreeable, and 3335 * caused action sca, false if it has been rejected or nak'ed, and 3336 * caused action scn. (The return value is used to make the state 3337 * transition decision in the state automaton.) 3338 */ 3339 static int 3340 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3341 { 3342 u_char *buf, *r, *p; 3343 struct ifnet *ifp = &sp->pp_if; 3344 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3345 struct in6_addr myaddr, desiredaddr, suggestaddr; 3346 int ifidcount; 3347 int type; 3348 int collision, nohisaddr; 3349 3350 len -= 4; 3351 origlen = len; 3352 /* 3353 * Make sure to allocate a buf that can at least hold a 3354 * conf-nak with an `address' option. We might need it below. 3355 */ 3356 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3357 if (! buf) 3358 return (0); 3359 3360 /* pass 1: see if we can recognize them */ 3361 if (debug) 3362 log(LOG_DEBUG, "%s: ipv6cp parse opts:", 3363 ifp->if_xname); 3364 p = (void *)(h + 1); 3365 ifidcount = 0; 3366 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3367 /* Sanity check option length */ 3368 if (p[1] > len) { 3369 /* XXX just RXJ? */ 3370 addlog("%s: received malicious IPCPv6 option, " 3371 "dropping\n", ifp->if_xname); 3372 goto drop; 3373 } 3374 if (debug) 3375 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3376 switch (*p) { 3377 case IPV6CP_OPT_IFID: 3378 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3379 /* correctly formed address option */ 3380 ifidcount++; 3381 continue; 3382 } 3383 if (debug) 3384 addlog(" [invalid]"); 3385 break; 3386 #ifdef notyet 3387 case IPV6CP_OPT_COMPRESSION: 3388 if (len >= 4 && p[1] >= 4) { 3389 /* correctly formed compress option */ 3390 continue; 3391 } 3392 if (debug) 3393 addlog(" [invalid]"); 3394 break; 3395 #endif 3396 default: 3397 /* Others not supported. */ 3398 if (debug) 3399 addlog(" [rej]"); 3400 break; 3401 } 3402 /* Add the option to rejected list. */ 3403 bcopy (p, r, p[1]); 3404 r += p[1]; 3405 rlen += p[1]; 3406 } 3407 if (rlen) { 3408 if (debug) 3409 addlog(" send conf-rej\n"); 3410 sppp_cp_send(sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3411 goto end; 3412 } else if (debug) 3413 addlog("\n"); 3414 3415 /* pass 2: parse option values */ 3416 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3417 if (debug) 3418 log(LOG_DEBUG, "%s: ipv6cp parse opt values: ", 3419 ifp->if_xname); 3420 p = (void *)(h + 1); 3421 len = origlen; 3422 type = CONF_ACK; 3423 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3424 if (debug) 3425 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3426 switch (*p) { 3427 #ifdef notyet 3428 case IPV6CP_OPT_COMPRESSION: 3429 continue; 3430 #endif 3431 case IPV6CP_OPT_IFID: 3432 memset(&desiredaddr, 0, sizeof(desiredaddr)); 3433 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3434 collision = (memcmp(&desiredaddr.s6_addr[8], 3435 &myaddr.s6_addr[8], 8) == 0); 3436 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3437 3438 desiredaddr.s6_addr16[0] = htons(0xfe80); 3439 (void)in6_setscope(&desiredaddr, &sp->pp_if, NULL); 3440 3441 if (!collision && !nohisaddr) { 3442 /* no collision, hisaddr known - Conf-Ack */ 3443 type = CONF_ACK; 3444 3445 if (debug) { 3446 addlog(" %s [%s]", 3447 ip6_sprintf(&desiredaddr), 3448 sppp_cp_type_name(type)); 3449 } 3450 continue; 3451 } 3452 3453 memset(&suggestaddr, 0, sizeof(suggestaddr)); 3454 if (collision && nohisaddr) { 3455 /* collision, hisaddr unknown - Conf-Rej */ 3456 type = CONF_REJ; 3457 memset(&p[2], 0, 8); 3458 } else { 3459 /* 3460 * - no collision, hisaddr unknown, or 3461 * - collision, hisaddr known 3462 * Conf-Nak, suggest hisaddr 3463 */ 3464 type = CONF_NAK; 3465 sppp_suggest_ip6_addr(sp, &suggestaddr); 3466 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3467 } 3468 if (debug) 3469 addlog(" %s [%s]", ip6_sprintf(&desiredaddr), 3470 sppp_cp_type_name(type)); 3471 break; 3472 } 3473 /* Add the option to nak'ed list. */ 3474 bcopy (p, r, p[1]); 3475 r += p[1]; 3476 rlen += p[1]; 3477 } 3478 3479 if (rlen == 0 && type == CONF_ACK) { 3480 if (debug) 3481 addlog(" send %s\n", sppp_cp_type_name(type)); 3482 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, origlen, h + 1); 3483 } else { 3484 #ifdef notdef 3485 if (type == CONF_ACK) 3486 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3487 #endif 3488 3489 if (debug) { 3490 addlog(" send %s suggest %s\n", 3491 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr)); 3492 } 3493 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3494 } 3495 3496 end: 3497 free(buf, M_TEMP); 3498 return (rlen == 0); 3499 3500 drop: 3501 free(buf, M_TEMP); 3502 return -1; 3503 } 3504 3505 /* 3506 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3507 * negotiation. 3508 */ 3509 static void 3510 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3511 { 3512 u_char *buf, *p; 3513 struct ifnet *ifp = &sp->pp_if; 3514 int debug = ifp->if_flags & IFF_DEBUG; 3515 3516 len -= 4; 3517 buf = malloc (len, M_TEMP, M_NOWAIT); 3518 if (!buf) 3519 return; 3520 3521 if (debug) 3522 log(LOG_DEBUG, "%s: ipv6cp rej opts:", 3523 ifp->if_xname); 3524 3525 p = (void *)(h + 1); 3526 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3527 if (p[1] > len) { 3528 /* XXX just RXJ? */ 3529 addlog("%s: received malicious IPCPv6 option, " 3530 "dropping\n", ifp->if_xname); 3531 goto drop; 3532 } 3533 if (debug) 3534 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3535 switch (*p) { 3536 case IPV6CP_OPT_IFID: 3537 /* 3538 * Peer doesn't grok address option. This is 3539 * bad. XXX Should we better give up here? 3540 */ 3541 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3542 break; 3543 #ifdef notyet 3544 case IPV6CP_OPT_COMPRESS: 3545 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3546 break; 3547 #endif 3548 } 3549 } 3550 if (debug) 3551 addlog("\n"); 3552 drop: 3553 free(buf, M_TEMP); 3554 return; 3555 } 3556 3557 /* 3558 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3559 * negotiation. 3560 */ 3561 static void 3562 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3563 { 3564 u_char *buf, *p; 3565 struct ifnet *ifp = &sp->pp_if; 3566 int debug = ifp->if_flags & IFF_DEBUG; 3567 struct in6_addr suggestaddr; 3568 3569 len -= 4; 3570 buf = malloc (len, M_TEMP, M_NOWAIT); 3571 if (!buf) 3572 return; 3573 3574 if (debug) 3575 log(LOG_DEBUG, "%s: ipv6cp nak opts:", 3576 ifp->if_xname); 3577 3578 p = (void *)(h + 1); 3579 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3580 if (p[1] > len) { 3581 /* XXX just RXJ? */ 3582 addlog("%s: received malicious IPCPv6 option, " 3583 "dropping\n", ifp->if_xname); 3584 goto drop; 3585 } 3586 if (debug) 3587 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3588 switch (*p) { 3589 case IPV6CP_OPT_IFID: 3590 /* 3591 * Peer doesn't like our local ifid. See 3592 * if we can do something for him. We'll drop 3593 * him our address then. 3594 */ 3595 if (len < 10 || p[1] != 10) 3596 break; 3597 memset(&suggestaddr, 0, sizeof(suggestaddr)); 3598 suggestaddr.s6_addr16[0] = htons(0xfe80); 3599 (void)in6_setscope(&suggestaddr, &sp->pp_if, NULL); 3600 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3601 3602 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3603 if (debug) 3604 addlog(" [suggestaddr %s]", 3605 ip6_sprintf(&suggestaddr)); 3606 #ifdef IPV6CP_MYIFID_DYN 3607 /* 3608 * When doing dynamic address assignment, 3609 * we accept his offer. 3610 */ 3611 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3612 struct in6_addr lastsuggest; 3613 /* 3614 * If <suggested myaddr from peer> equals to 3615 * <hisaddr we have suggested last time>, 3616 * we have a collision. generate new random 3617 * ifid. 3618 */ 3619 sppp_suggest_ip6_addr(&lastsuggest); 3620 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3621 lastsuggest)) { 3622 if (debug) 3623 addlog(" [random]"); 3624 sppp_gen_ip6_addr(sp, &suggestaddr); 3625 } 3626 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3627 if (debug) 3628 addlog(" [agree]"); 3629 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3630 } 3631 #else 3632 /* 3633 * Since we do not do dynamic address assignment, 3634 * we ignore it and thus continue to negotiate 3635 * our already existing value. This can possibly 3636 * go into infinite request-reject loop. 3637 * 3638 * This is not likely because we normally use 3639 * ifid based on MAC-address. 3640 * If you have no ethernet card on the node, too bad. 3641 * XXX should we use fail_counter? 3642 */ 3643 #endif 3644 break; 3645 #ifdef notyet 3646 case IPV6CP_OPT_COMPRESS: 3647 /* 3648 * Peer wants different compression parameters. 3649 */ 3650 break; 3651 #endif 3652 } 3653 } 3654 if (debug) 3655 addlog("\n"); 3656 drop: 3657 free(buf, M_TEMP); 3658 return; 3659 } 3660 3661 static void 3662 sppp_ipv6cp_tlu(struct sppp *sp) 3663 { 3664 /* we are up - notify isdn daemon */ 3665 if (sp->pp_con) 3666 sp->pp_con(sp); 3667 } 3668 3669 static void 3670 sppp_ipv6cp_tld(struct sppp *sp) 3671 { 3672 } 3673 3674 static void 3675 sppp_ipv6cp_tls(struct sppp *sp) 3676 { 3677 /* indicate to LCP that it must stay alive */ 3678 sp->lcp.protos |= (1 << IDX_IPV6CP); 3679 } 3680 3681 static void 3682 sppp_ipv6cp_tlf(struct sppp *sp) 3683 { 3684 /* we no longer need LCP */ 3685 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3686 } 3687 3688 static void 3689 sppp_ipv6cp_scr(struct sppp *sp) 3690 { 3691 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3692 struct in6_addr ouraddr; 3693 int i = 0; 3694 3695 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3696 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3697 opt[i++] = IPV6CP_OPT_IFID; 3698 opt[i++] = 10; 3699 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3700 i += 8; 3701 } 3702 3703 #ifdef notyet 3704 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3705 opt[i++] = IPV6CP_OPT_COMPRESSION; 3706 opt[i++] = 4; 3707 opt[i++] = 0; /* TBD */ 3708 opt[i++] = 0; /* TBD */ 3709 /* variable length data may follow */ 3710 } 3711 #endif 3712 3713 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3714 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3715 } 3716 #else /*INET6*/ 3717 static void 3718 sppp_ipv6cp_init(struct sppp *sp) 3719 { 3720 } 3721 3722 static void 3723 sppp_ipv6cp_up(struct sppp *sp) 3724 { 3725 } 3726 3727 static void 3728 sppp_ipv6cp_down(struct sppp *sp) 3729 { 3730 } 3731 3732 static void 3733 sppp_ipv6cp_open(struct sppp *sp) 3734 { 3735 } 3736 3737 static void 3738 sppp_ipv6cp_close(struct sppp *sp) 3739 { 3740 } 3741 3742 static void 3743 sppp_ipv6cp_TO(void *sp) 3744 { 3745 } 3746 3747 static int 3748 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, 3749 int len) 3750 { 3751 return 0; 3752 } 3753 3754 static void 3755 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, 3756 int len) 3757 { 3758 } 3759 3760 static void 3761 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, 3762 int len) 3763 { 3764 } 3765 3766 static void 3767 sppp_ipv6cp_tlu(struct sppp *sp) 3768 { 3769 } 3770 3771 static void 3772 sppp_ipv6cp_tld(struct sppp *sp) 3773 { 3774 } 3775 3776 static void 3777 sppp_ipv6cp_tls(struct sppp *sp) 3778 { 3779 } 3780 3781 static void 3782 sppp_ipv6cp_tlf(struct sppp *sp) 3783 { 3784 } 3785 3786 static void 3787 sppp_ipv6cp_scr(struct sppp *sp) 3788 { 3789 } 3790 #endif /*INET6*/ 3791 3792 3793 /* 3794 *--------------------------------------------------------------------------* 3795 * * 3796 * The CHAP implementation. * 3797 * * 3798 *--------------------------------------------------------------------------* 3799 */ 3800 3801 /* 3802 * The authentication protocols don't employ a full-fledged state machine as 3803 * the control protocols do, since they do have Open and Close events, but 3804 * not Up and Down, nor are they explicitly terminated. Also, use of the 3805 * authentication protocols may be different in both directions (this makes 3806 * sense, think of a machine that never accepts incoming calls but only 3807 * calls out, it doesn't require the called party to authenticate itself). 3808 * 3809 * Our state machine for the local authentication protocol (we are requesting 3810 * the peer to authenticate) looks like: 3811 * 3812 * RCA- 3813 * +--------------------------------------------+ 3814 * V scn,tld| 3815 * +--------+ Close +---------+ RCA+ 3816 * | |<----------------------------------| |------+ 3817 * +--->| Closed | TO* | Opened | sca | 3818 * | | |-----+ +-------| |<-----+ 3819 * | +--------+ irc | | +---------+ 3820 * | ^ | | ^ 3821 * | | | | | 3822 * | | | | | 3823 * | TO-| | | | 3824 * | |tld TO+ V | | 3825 * | | +------->+ | | 3826 * | | | | | | 3827 * | +--------+ V | | 3828 * | | |<----+<--------------------+ | 3829 * | | Req- | scr | 3830 * | | Sent | | 3831 * | | | | 3832 * | +--------+ | 3833 * | RCA- | | RCA+ | 3834 * +------+ +------------------------------------------+ 3835 * scn,tld sca,irc,ict,tlu 3836 * 3837 * 3838 * with: 3839 * 3840 * Open: LCP reached authentication phase 3841 * Close: LCP reached terminate phase 3842 * 3843 * RCA+: received reply (pap-req, chap-response), acceptable 3844 * RCN: received reply (pap-req, chap-response), not acceptable 3845 * TO+: timeout with restart counter >= 0 3846 * TO-: timeout with restart counter < 0 3847 * TO*: reschedule timeout for CHAP 3848 * 3849 * scr: send request packet (none for PAP, chap-challenge) 3850 * sca: send ack packet (pap-ack, chap-success) 3851 * scn: send nak packet (pap-nak, chap-failure) 3852 * ict: initialize re-challenge timer (CHAP only) 3853 * 3854 * tlu: this-layer-up, LCP reaches network phase 3855 * tld: this-layer-down, LCP enters terminate phase 3856 * 3857 * Note that in CHAP mode, after sending a new challenge, while the state 3858 * automaton falls back into Req-Sent state, it doesn't signal a tld 3859 * event to LCP, so LCP remains in network phase. Only after not getting 3860 * any response (or after getting an unacceptable response), CHAP closes, 3861 * causing LCP to enter terminate phase. 3862 * 3863 * With PAP, there is no initial request that can be sent. The peer is 3864 * expected to send one based on the successful negotiation of PAP as 3865 * the authentication protocol during the LCP option negotiation. 3866 * 3867 * Incoming authentication protocol requests (remote requests 3868 * authentication, we are peer) don't employ a state machine at all, 3869 * they are simply answered. Some peers [Ascend P50 firmware rev 3870 * 4.50] react allergically when sending IPCP/IPv6CP requests while they are 3871 * still in authentication phase (thereby violating the standard that 3872 * demands that these NCP packets are to be discarded), so we keep 3873 * track of the peer demanding us to authenticate, and only proceed to 3874 * phase network once we've seen a positive acknowledge for the 3875 * authentication. 3876 */ 3877 3878 /* 3879 * Handle incoming CHAP packets. 3880 */ 3881 void 3882 sppp_chap_input(struct sppp *sp, struct mbuf *m) 3883 { 3884 STDDCL; 3885 struct lcp_header *h; 3886 int len, x; 3887 u_char *value, *name, digest[sizeof(sp->myauth.challenge)], dsize; 3888 int value_len, name_len; 3889 MD5_CTX ctx; 3890 3891 len = m->m_pkthdr.len; 3892 if (len < 4) { 3893 if (debug) 3894 log(LOG_DEBUG, 3895 "%s: chap invalid packet length: %d bytes\n", 3896 ifp->if_xname, len); 3897 return; 3898 } 3899 h = mtod(m, struct lcp_header *); 3900 if (len > ntohs(h->len)) 3901 len = ntohs(h->len); 3902 3903 switch (h->type) { 3904 /* challenge, failure and success are his authproto */ 3905 case CHAP_CHALLENGE: 3906 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 3907 /* can't do anything usefull */ 3908 sp->pp_auth_failures++; 3909 printf("%s: chap input without my name and my secret being set\n", 3910 ifp->if_xname); 3911 break; 3912 } 3913 value = 1 + (u_char *)(h + 1); 3914 value_len = value[-1]; 3915 name = value + value_len; 3916 name_len = len - value_len - 5; 3917 if (name_len < 0) { 3918 if (debug) { 3919 log(LOG_DEBUG, 3920 "%s: chap corrupted challenge " 3921 "<%s id=0x%x len=%d", 3922 ifp->if_xname, 3923 sppp_auth_type_name(PPP_CHAP, h->type), 3924 h->ident, ntohs(h->len)); 3925 if (len > 4) 3926 sppp_print_bytes((u_char *)(h + 1), 3927 len - 4); 3928 addlog(">\n"); 3929 } 3930 break; 3931 } 3932 3933 if (debug) { 3934 log(LOG_DEBUG, 3935 "%s: chap input <%s id=0x%x len=%d name=", 3936 ifp->if_xname, 3937 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3938 ntohs(h->len)); 3939 sppp_print_string((char *) name, name_len); 3940 addlog(" value-size=%d value=", value_len); 3941 sppp_print_bytes(value, value_len); 3942 addlog(">\n"); 3943 } 3944 3945 /* Compute reply value. */ 3946 MD5Init(&ctx); 3947 MD5Update(&ctx, &h->ident, 1); 3948 MD5Update(&ctx, sp->myauth.secret, sp->myauth.secret_len); 3949 MD5Update(&ctx, value, value_len); 3950 MD5Final(digest, &ctx); 3951 dsize = sizeof digest; 3952 3953 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3954 sizeof dsize, (const char *)&dsize, 3955 sizeof digest, digest, 3956 sp->myauth.name_len, 3957 sp->myauth.name, 3958 0); 3959 break; 3960 3961 case CHAP_SUCCESS: 3962 if (debug) { 3963 log(LOG_DEBUG, "%s: chap success", 3964 ifp->if_xname); 3965 if (len > 4) { 3966 addlog(": "); 3967 sppp_print_string((char *)(h + 1), len - 4); 3968 } 3969 addlog("\n"); 3970 } 3971 x = splnet(); 3972 sp->pp_auth_failures = 0; 3973 sp->pp_flags &= ~PP_NEEDAUTH; 3974 if (sp->myauth.proto == PPP_CHAP && 3975 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3976 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3977 /* 3978 * We are authenticator for CHAP but didn't 3979 * complete yet. Leave it to tlu to proceed 3980 * to network phase. 3981 */ 3982 splx(x); 3983 break; 3984 } 3985 splx(x); 3986 sppp_phase_network(sp); 3987 break; 3988 3989 case CHAP_FAILURE: 3990 x = splnet(); 3991 sp->pp_auth_failures++; 3992 splx(x); 3993 if (debug) { 3994 log(LOG_INFO, "%s: chap failure", 3995 ifp->if_xname); 3996 if (len > 4) { 3997 addlog(": "); 3998 sppp_print_string((char *)(h + 1), len - 4); 3999 } 4000 addlog("\n"); 4001 } else 4002 log(LOG_INFO, "%s: chap failure\n", 4003 ifp->if_xname); 4004 /* await LCP shutdown by authenticator */ 4005 break; 4006 4007 /* response is my authproto */ 4008 case CHAP_RESPONSE: 4009 if (sp->hisauth.secret == NULL) { 4010 /* can't do anything usefull */ 4011 printf("%s: chap input without his secret being set\n", 4012 ifp->if_xname); 4013 break; 4014 } 4015 value = 1 + (u_char *)(h + 1); 4016 value_len = value[-1]; 4017 name = value + value_len; 4018 name_len = len - value_len - 5; 4019 if (name_len < 0) { 4020 if (debug) { 4021 log(LOG_DEBUG, 4022 "%s: chap corrupted response " 4023 "<%s id=0x%x len=%d", 4024 ifp->if_xname, 4025 sppp_auth_type_name(PPP_CHAP, h->type), 4026 h->ident, ntohs(h->len)); 4027 if (len > 4) 4028 sppp_print_bytes((u_char *)(h + 1), 4029 len - 4); 4030 addlog(">\n"); 4031 } 4032 break; 4033 } 4034 if (h->ident != sp->confid[IDX_CHAP]) { 4035 if (debug) 4036 log(LOG_DEBUG, 4037 "%s: chap dropping response for old ID " 4038 "(got %d, expected %d)\n", 4039 ifp->if_xname, 4040 h->ident, sp->confid[IDX_CHAP]); 4041 break; 4042 } 4043 if (sp->hisauth.name != NULL && 4044 (name_len != sp->hisauth.name_len 4045 || memcmp(name, sp->hisauth.name, name_len) != 0)) { 4046 log(LOG_INFO, "%s: chap response, his name ", 4047 ifp->if_xname); 4048 sppp_print_string(name, name_len); 4049 addlog(" != expected "); 4050 sppp_print_string(sp->hisauth.name, 4051 sp->hisauth.name_len); 4052 addlog("\n"); 4053 goto chap_failure; 4054 } 4055 if (debug) { 4056 log(LOG_DEBUG, "%s: chap input(%s) " 4057 "<%s id=0x%x len=%d name=", 4058 ifp->if_xname, 4059 sppp_state_name(sp->state[IDX_CHAP]), 4060 sppp_auth_type_name(PPP_CHAP, h->type), 4061 h->ident, ntohs(h->len)); 4062 sppp_print_string((char *)name, name_len); 4063 addlog(" value-size=%d value=", value_len); 4064 sppp_print_bytes(value, value_len); 4065 addlog(">\n"); 4066 } 4067 if (value_len != sizeof(sp->myauth.challenge)) { 4068 if (debug) 4069 log(LOG_DEBUG, 4070 "%s: chap bad hash value length: " 4071 "%d bytes, should be %ld\n", 4072 ifp->if_xname, value_len, 4073 (long) sizeof(sp->myauth.challenge)); 4074 goto chap_failure; 4075 } 4076 4077 MD5Init(&ctx); 4078 MD5Update(&ctx, &h->ident, 1); 4079 MD5Update(&ctx, sp->hisauth.secret, sp->hisauth.secret_len); 4080 MD5Update(&ctx, sp->myauth.challenge, sizeof(sp->myauth.challenge)); 4081 MD5Final(digest, &ctx); 4082 4083 #define FAILMSG "Failed..." 4084 #define SUCCMSG "Welcome!" 4085 4086 if (value_len != sizeof digest || 4087 memcmp(digest, value, value_len) != 0) { 4088 chap_failure: 4089 /* action scn, tld */ 4090 x = splnet(); 4091 sp->pp_auth_failures++; 4092 splx(x); 4093 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 4094 sizeof(FAILMSG) - 1, (const u_char *)FAILMSG, 4095 0); 4096 chap.tld(sp); 4097 break; 4098 } 4099 sp->pp_auth_failures = 0; 4100 /* action sca, perhaps tlu */ 4101 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 4102 sp->state[IDX_CHAP] == STATE_OPENED) 4103 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4104 sizeof(SUCCMSG) - 1, (const u_char *)SUCCMSG, 4105 0); 4106 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 4107 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4108 chap.tlu(sp); 4109 } 4110 break; 4111 4112 default: 4113 /* Unknown CHAP packet type -- ignore. */ 4114 if (debug) { 4115 log(LOG_DEBUG, "%s: chap unknown input(%s) " 4116 "<0x%x id=0x%xh len=%d", 4117 ifp->if_xname, 4118 sppp_state_name(sp->state[IDX_CHAP]), 4119 h->type, h->ident, ntohs(h->len)); 4120 if (len > 4) 4121 sppp_print_bytes((u_char *)(h + 1), len - 4); 4122 addlog(">\n"); 4123 } 4124 break; 4125 4126 } 4127 } 4128 4129 static void 4130 sppp_chap_init(struct sppp *sp) 4131 { 4132 /* Chap doesn't have STATE_INITIAL at all. */ 4133 sp->state[IDX_CHAP] = STATE_CLOSED; 4134 sp->fail_counter[IDX_CHAP] = 0; 4135 sp->pp_seq[IDX_CHAP] = 0; 4136 sp->pp_rseq[IDX_CHAP] = 0; 4137 callout_init(&sp->ch[IDX_CHAP], 0); 4138 } 4139 4140 static void 4141 sppp_chap_open(struct sppp *sp) 4142 { 4143 if (sp->myauth.proto == PPP_CHAP && 4144 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4145 /* we are authenticator for CHAP, start it */ 4146 chap.scr(sp); 4147 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4148 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4149 } 4150 /* nothing to be done if we are peer, await a challenge */ 4151 } 4152 4153 static void 4154 sppp_chap_close(struct sppp *sp) 4155 { 4156 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4157 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4158 } 4159 4160 static void 4161 sppp_chap_TO(void *cookie) 4162 { 4163 struct sppp *sp = (struct sppp *)cookie; 4164 STDDCL; 4165 int s; 4166 4167 s = splnet(); 4168 if (debug) 4169 log(LOG_DEBUG, "%s: chap TO(%s) rst_counter = %d\n", 4170 ifp->if_xname, 4171 sppp_state_name(sp->state[IDX_CHAP]), 4172 sp->rst_counter[IDX_CHAP]); 4173 4174 if (--sp->rst_counter[IDX_CHAP] < 0) 4175 /* TO- event */ 4176 switch (sp->state[IDX_CHAP]) { 4177 case STATE_REQ_SENT: 4178 chap.tld(sp); 4179 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4180 break; 4181 } 4182 else 4183 /* TO+ (or TO*) event */ 4184 switch (sp->state[IDX_CHAP]) { 4185 case STATE_OPENED: 4186 /* TO* event */ 4187 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4188 /* fall through */ 4189 case STATE_REQ_SENT: 4190 chap.scr(sp); 4191 /* sppp_cp_change_state() will restart the timer */ 4192 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4193 break; 4194 } 4195 4196 splx(s); 4197 } 4198 4199 static void 4200 sppp_chap_tlu(struct sppp *sp) 4201 { 4202 STDDCL; 4203 int i, x; 4204 4205 i = 0; 4206 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4207 4208 /* 4209 * Some broken CHAP implementations (Conware CoNet, firmware 4210 * 4.0.?) don't want to re-authenticate their CHAP once the 4211 * initial challenge-response exchange has taken place. 4212 * Provide for an option to avoid rechallenges. 4213 */ 4214 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) { 4215 /* 4216 * Compute the re-challenge timeout. This will yield 4217 * a number between 300 and 810 seconds. 4218 */ 4219 i = 300 + ((unsigned)(arc4random() & 0xff00) >> 7); 4220 4221 callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, sp); 4222 } 4223 4224 if (debug) { 4225 log(LOG_DEBUG, 4226 "%s: chap %s, ", 4227 ifp->if_xname, 4228 sp->pp_phase == SPPP_PHASE_NETWORK? "reconfirmed": "tlu"); 4229 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) 4230 addlog("next re-challenge in %d seconds\n", i); 4231 else 4232 addlog("re-challenging supressed\n"); 4233 } 4234 4235 x = splnet(); 4236 sp->pp_auth_failures = 0; 4237 /* indicate to LCP that we need to be closed down */ 4238 sp->lcp.protos |= (1 << IDX_CHAP); 4239 4240 if (sp->pp_flags & PP_NEEDAUTH) { 4241 /* 4242 * Remote is authenticator, but his auth proto didn't 4243 * complete yet. Defer the transition to network 4244 * phase. 4245 */ 4246 splx(x); 4247 return; 4248 } 4249 splx(x); 4250 4251 /* 4252 * If we are already in phase network, we are done here. This 4253 * is the case if this is a dummy tlu event after a re-challenge. 4254 */ 4255 if (sp->pp_phase != SPPP_PHASE_NETWORK) 4256 sppp_phase_network(sp); 4257 } 4258 4259 static void 4260 sppp_chap_tld(struct sppp *sp) 4261 { 4262 STDDCL; 4263 4264 if (debug) 4265 log(LOG_DEBUG, "%s: chap tld\n", ifp->if_xname); 4266 callout_stop(&sp->ch[IDX_CHAP]); 4267 sp->lcp.protos &= ~(1 << IDX_CHAP); 4268 4269 lcp.Close(sp); 4270 } 4271 4272 static void 4273 sppp_chap_scr(struct sppp *sp) 4274 { 4275 uint32_t *ch; 4276 u_char clen; 4277 4278 if (sp->myauth.name == NULL) { 4279 /* can't do anything usefull */ 4280 printf("%s: chap starting without my name being set\n", 4281 sp->pp_if.if_xname); 4282 return; 4283 } 4284 4285 /* Compute random challenge. */ 4286 ch = (uint32_t *)sp->myauth.challenge; 4287 ch[0] = arc4random(); 4288 ch[1] = arc4random(); 4289 ch[2] = arc4random(); 4290 ch[3] = arc4random(); 4291 clen = 16; /* 4 * sizeof(uint32_t) */ 4292 4293 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4294 4295 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4296 sizeof clen, (const char *)&clen, 4297 sizeof(sp->myauth.challenge), sp->myauth.challenge, 4298 sp->myauth.name_len, 4299 sp->myauth.name, 4300 0); 4301 } 4302 4303 /* 4304 *--------------------------------------------------------------------------* 4305 * * 4306 * The PAP implementation. * 4307 * * 4308 *--------------------------------------------------------------------------* 4309 */ 4310 /* 4311 * For PAP, we need to keep a little state also if we are the peer, not the 4312 * authenticator. This is since we don't get a request to authenticate, but 4313 * have to repeatedly authenticate ourself until we got a response (or the 4314 * retry counter is expired). 4315 */ 4316 4317 /* 4318 * Handle incoming PAP packets. */ 4319 static void 4320 sppp_pap_input(struct sppp *sp, struct mbuf *m) 4321 { 4322 STDDCL; 4323 struct lcp_header *h; 4324 int len, x; 4325 u_char mlen; 4326 char *name, *secret; 4327 int name_len, secret_len; 4328 4329 /* 4330 * Malicious input might leave this uninitialized, so 4331 * init to an impossible value. 4332 */ 4333 secret_len = -1; 4334 4335 len = m->m_pkthdr.len; 4336 if (len < 5) { 4337 if (debug) 4338 log(LOG_DEBUG, 4339 "%s: pap invalid packet length: %d bytes\n", 4340 ifp->if_xname, len); 4341 return; 4342 } 4343 h = mtod(m, struct lcp_header *); 4344 if (len > ntohs(h->len)) 4345 len = ntohs(h->len); 4346 switch (h->type) { 4347 /* PAP request is my authproto */ 4348 case PAP_REQ: 4349 if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) { 4350 /* can't do anything usefull */ 4351 printf("%s: pap request without his name and his secret being set\n", 4352 ifp->if_xname); 4353 break; 4354 } 4355 name = 1 + (u_char *)(h + 1); 4356 name_len = name[-1]; 4357 secret = name + name_len + 1; 4358 if (name_len > len - 6 || 4359 (secret_len = secret[-1]) > len - 6 - name_len) { 4360 if (debug) { 4361 log(LOG_DEBUG, "%s: pap corrupted input " 4362 "<%s id=0x%x len=%d", 4363 ifp->if_xname, 4364 sppp_auth_type_name(PPP_PAP, h->type), 4365 h->ident, ntohs(h->len)); 4366 if (len > 4) 4367 sppp_print_bytes((u_char *)(h + 1), 4368 len - 4); 4369 addlog(">\n"); 4370 } 4371 break; 4372 } 4373 if (debug) { 4374 log(LOG_DEBUG, "%s: pap input(%s) " 4375 "<%s id=0x%x len=%d name=", 4376 ifp->if_xname, 4377 sppp_state_name(sp->state[IDX_PAP]), 4378 sppp_auth_type_name(PPP_PAP, h->type), 4379 h->ident, ntohs(h->len)); 4380 sppp_print_string((char *)name, name_len); 4381 addlog(" secret="); 4382 sppp_print_string((char *)secret, secret_len); 4383 addlog(">\n"); 4384 } 4385 if (name_len != sp->hisauth.name_len || 4386 secret_len != sp->hisauth.secret_len || 4387 memcmp(name, sp->hisauth.name, name_len) != 0 || 4388 memcmp(secret, sp->hisauth.secret, secret_len) != 0) { 4389 /* action scn, tld */ 4390 sp->pp_auth_failures++; 4391 mlen = sizeof(FAILMSG) - 1; 4392 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4393 sizeof mlen, (const char *)&mlen, 4394 sizeof(FAILMSG) - 1, (const u_char *)FAILMSG, 4395 0); 4396 pap.tld(sp); 4397 break; 4398 } 4399 /* action sca, perhaps tlu */ 4400 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4401 sp->state[IDX_PAP] == STATE_OPENED) { 4402 mlen = sizeof(SUCCMSG) - 1; 4403 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4404 sizeof mlen, (const char *)&mlen, 4405 sizeof(SUCCMSG) - 1, (const u_char *)SUCCMSG, 4406 0); 4407 } 4408 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4409 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4410 pap.tlu(sp); 4411 } 4412 break; 4413 4414 /* ack and nak are his authproto */ 4415 case PAP_ACK: 4416 callout_stop(&sp->pap_my_to_ch); 4417 if (debug) { 4418 log(LOG_DEBUG, "%s: pap success", 4419 ifp->if_xname); 4420 name = 1 + (u_char *)(h + 1); 4421 name_len = name[-1]; 4422 if (len > 5 && name_len < len+4) { 4423 addlog(": "); 4424 sppp_print_string(name, name_len); 4425 } 4426 addlog("\n"); 4427 } 4428 x = splnet(); 4429 sp->pp_auth_failures = 0; 4430 sp->pp_flags &= ~PP_NEEDAUTH; 4431 if (sp->myauth.proto == PPP_PAP && 4432 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4433 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4434 /* 4435 * We are authenticator for PAP but didn't 4436 * complete yet. Leave it to tlu to proceed 4437 * to network phase. 4438 */ 4439 splx(x); 4440 break; 4441 } 4442 splx(x); 4443 sppp_phase_network(sp); 4444 break; 4445 4446 case PAP_NAK: 4447 callout_stop(&sp->pap_my_to_ch); 4448 sp->pp_auth_failures++; 4449 if (debug) { 4450 log(LOG_INFO, "%s: pap failure", 4451 ifp->if_xname); 4452 name = 1 + (u_char *)(h + 1); 4453 name_len = name[-1]; 4454 if (len > 5 && name_len < len+4) { 4455 addlog(": "); 4456 sppp_print_string(name, name_len); 4457 } 4458 addlog("\n"); 4459 } else 4460 log(LOG_INFO, "%s: pap failure\n", 4461 ifp->if_xname); 4462 /* await LCP shutdown by authenticator */ 4463 break; 4464 4465 default: 4466 /* Unknown PAP packet type -- ignore. */ 4467 if (debug) { 4468 log(LOG_DEBUG, "%s: pap corrupted input " 4469 "<0x%x id=0x%x len=%d", 4470 ifp->if_xname, 4471 h->type, h->ident, ntohs(h->len)); 4472 if (len > 4) 4473 sppp_print_bytes((u_char *)(h + 1), len - 4); 4474 addlog(">\n"); 4475 } 4476 break; 4477 4478 } 4479 } 4480 4481 static void 4482 sppp_pap_init(struct sppp *sp) 4483 { 4484 /* PAP doesn't have STATE_INITIAL at all. */ 4485 sp->state[IDX_PAP] = STATE_CLOSED; 4486 sp->fail_counter[IDX_PAP] = 0; 4487 sp->pp_seq[IDX_PAP] = 0; 4488 sp->pp_rseq[IDX_PAP] = 0; 4489 callout_init(&sp->ch[IDX_PAP], 0); 4490 callout_init(&sp->pap_my_to_ch, 0); 4491 } 4492 4493 static void 4494 sppp_pap_open(struct sppp *sp) 4495 { 4496 if (sp->hisauth.proto == PPP_PAP && 4497 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4498 /* we are authenticator for PAP, start our timer */ 4499 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4500 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4501 } 4502 if (sp->myauth.proto == PPP_PAP) { 4503 /* we are peer, send a request, and start a timer */ 4504 pap.scr(sp); 4505 callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout, 4506 sppp_pap_my_TO, sp); 4507 } 4508 } 4509 4510 static void 4511 sppp_pap_close(struct sppp *sp) 4512 { 4513 if (sp->state[IDX_PAP] != STATE_CLOSED) 4514 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4515 } 4516 4517 /* 4518 * That's the timeout routine if we are authenticator. Since the 4519 * authenticator is basically passive in PAP, we can't do much here. 4520 */ 4521 static void 4522 sppp_pap_TO(void *cookie) 4523 { 4524 struct sppp *sp = (struct sppp *)cookie; 4525 STDDCL; 4526 int s; 4527 4528 s = splnet(); 4529 if (debug) 4530 log(LOG_DEBUG, "%s: pap TO(%s) rst_counter = %d\n", 4531 ifp->if_xname, 4532 sppp_state_name(sp->state[IDX_PAP]), 4533 sp->rst_counter[IDX_PAP]); 4534 4535 if (--sp->rst_counter[IDX_PAP] < 0) 4536 /* TO- event */ 4537 switch (sp->state[IDX_PAP]) { 4538 case STATE_REQ_SENT: 4539 pap.tld(sp); 4540 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4541 break; 4542 } 4543 else 4544 /* TO+ event, not very much we could do */ 4545 switch (sp->state[IDX_PAP]) { 4546 case STATE_REQ_SENT: 4547 /* sppp_cp_change_state() will restart the timer */ 4548 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4549 break; 4550 } 4551 4552 splx(s); 4553 } 4554 4555 /* 4556 * That's the timeout handler if we are peer. Since the peer is active, 4557 * we need to retransmit our PAP request since it is apparently lost. 4558 * XXX We should impose a max counter. 4559 */ 4560 static void 4561 sppp_pap_my_TO(void *cookie) 4562 { 4563 struct sppp *sp = (struct sppp *)cookie; 4564 STDDCL; 4565 4566 if (debug) 4567 log(LOG_DEBUG, "%s: pap peer TO\n", 4568 ifp->if_xname); 4569 4570 pap.scr(sp); 4571 } 4572 4573 static void 4574 sppp_pap_tlu(struct sppp *sp) 4575 { 4576 STDDCL; 4577 int x; 4578 4579 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4580 4581 if (debug) 4582 log(LOG_DEBUG, "%s: %s tlu\n", 4583 ifp->if_xname, pap.name); 4584 4585 x = splnet(); 4586 sp->pp_auth_failures = 0; 4587 /* indicate to LCP that we need to be closed down */ 4588 sp->lcp.protos |= (1 << IDX_PAP); 4589 4590 if (sp->pp_flags & PP_NEEDAUTH) { 4591 /* 4592 * Remote is authenticator, but his auth proto didn't 4593 * complete yet. Defer the transition to network 4594 * phase. 4595 */ 4596 splx(x); 4597 return; 4598 } 4599 splx(x); 4600 sppp_phase_network(sp); 4601 } 4602 4603 static void 4604 sppp_pap_tld(struct sppp *sp) 4605 { 4606 STDDCL; 4607 4608 if (debug) 4609 log(LOG_DEBUG, "%s: pap tld\n", ifp->if_xname); 4610 callout_stop(&sp->ch[IDX_PAP]); 4611 callout_stop(&sp->pap_my_to_ch); 4612 sp->lcp.protos &= ~(1 << IDX_PAP); 4613 4614 lcp.Close(sp); 4615 } 4616 4617 static void 4618 sppp_pap_scr(struct sppp *sp) 4619 { 4620 u_char idlen, pwdlen; 4621 4622 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 4623 /* can't do anything usefull */ 4624 printf("%s: pap starting without my name and secret being set\n", 4625 sp->pp_if.if_xname); 4626 return; 4627 } 4628 4629 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4630 pwdlen = sp->myauth.secret_len; 4631 idlen = sp->myauth.name_len; 4632 4633 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4634 sizeof idlen, (const char *)&idlen, 4635 idlen, sp->myauth.name, 4636 sizeof pwdlen, (const char *)&pwdlen, 4637 pwdlen, sp->myauth.secret, 4638 0); 4639 } 4640 4641 /* 4642 * Random miscellaneous functions. 4643 */ 4644 4645 /* 4646 * Send a PAP or CHAP proto packet. 4647 * 4648 * Varadic function, each of the elements for the ellipsis is of type 4649 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4650 * mlen == 0. 4651 * NOTE: never declare variadic functions with types subject to type 4652 * promotion (i.e. u_char). This is asking for big trouble depending 4653 * on the architecture you are on... 4654 */ 4655 4656 static void 4657 sppp_auth_send(const struct cp *cp, struct sppp *sp, 4658 unsigned int type, unsigned int id, 4659 ...) 4660 { 4661 STDDCL; 4662 struct lcp_header *lh; 4663 struct mbuf *m; 4664 u_char *p; 4665 int len; 4666 size_t pkthdrlen; 4667 unsigned int mlen; 4668 const char *msg; 4669 va_list ap; 4670 4671 MGETHDR(m, M_DONTWAIT, MT_DATA); 4672 if (! m) 4673 return; 4674 m->m_pkthdr.rcvif = 0; 4675 4676 if (sp->pp_flags & PP_NOFRAMING) { 4677 *mtod(m, uint16_t *) = htons(cp->proto); 4678 pkthdrlen = 2; 4679 lh = (struct lcp_header *)(mtod(m, uint8_t *)+2); 4680 } else { 4681 struct ppp_header *h; 4682 h = mtod(m, struct ppp_header *); 4683 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4684 h->control = PPP_UI; /* Unnumbered Info */ 4685 h->protocol = htons(cp->proto); 4686 pkthdrlen = PPP_HEADER_LEN; 4687 4688 lh = (struct lcp_header *)(h + 1); 4689 } 4690 4691 lh->type = type; 4692 lh->ident = id; 4693 p = (u_char *)(lh + 1); 4694 4695 va_start(ap, id); 4696 len = 0; 4697 4698 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4699 msg = va_arg(ap, const char *); 4700 len += mlen; 4701 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) { 4702 va_end(ap); 4703 m_freem(m); 4704 return; 4705 } 4706 4707 bcopy(msg, p, mlen); 4708 p += mlen; 4709 } 4710 va_end(ap); 4711 4712 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 4713 lh->len = htons(LCP_HEADER_LEN + len); 4714 4715 if (debug) { 4716 log(LOG_DEBUG, "%s: %s output <%s id=0x%x len=%d", 4717 ifp->if_xname, cp->name, 4718 sppp_auth_type_name(cp->proto, lh->type), 4719 lh->ident, ntohs(lh->len)); 4720 if (len) 4721 sppp_print_bytes((u_char *)(lh + 1), len); 4722 addlog(">\n"); 4723 } 4724 if (IF_QFULL(&sp->pp_cpq)) { 4725 IF_DROP(&sp->pp_fastq); 4726 IF_DROP(&ifp->if_snd); 4727 m_freem(m); 4728 ++ifp->if_oerrors; 4729 return; 4730 } else 4731 IF_ENQUEUE(&sp->pp_cpq, m); 4732 if (! (ifp->if_flags & IFF_OACTIVE)) 4733 (*ifp->if_start)(ifp); 4734 ifp->if_obytes += m->m_pkthdr.len + 3; 4735 } 4736 4737 /* 4738 * Send keepalive packets, every 10 seconds. 4739 */ 4740 static void 4741 sppp_keepalive(void *dummy) 4742 { 4743 struct sppp *sp; 4744 int s; 4745 time_t now; 4746 4747 s = splnet(); 4748 now = time_uptime; 4749 for (sp=spppq; sp; sp=sp->pp_next) { 4750 struct ifnet *ifp = &sp->pp_if; 4751 4752 /* check idle timeout */ 4753 if ((sp->pp_idle_timeout != 0) && (ifp->if_flags & IFF_RUNNING) 4754 && (sp->pp_phase == SPPP_PHASE_NETWORK)) { 4755 /* idle timeout is enabled for this interface */ 4756 if ((now-sp->pp_last_activity) >= sp->pp_idle_timeout) { 4757 if (ifp->if_flags & IFF_DEBUG) 4758 printf("%s: no activity for %lu seconds\n", 4759 sp->pp_if.if_xname, 4760 (unsigned long)(now-sp->pp_last_activity)); 4761 lcp.Close(sp); 4762 continue; 4763 } 4764 } 4765 4766 /* Keepalive mode disabled or channel down? */ 4767 if (! (sp->pp_flags & PP_KEEPALIVE) || 4768 ! (ifp->if_flags & IFF_RUNNING)) 4769 continue; 4770 4771 /* No keepalive in PPP mode if LCP not opened yet. */ 4772 if (! (sp->pp_flags & PP_CISCO) && 4773 sp->pp_phase < SPPP_PHASE_AUTHENTICATE) 4774 continue; 4775 4776 /* No echo reply, but maybe user data passed through? */ 4777 if ((now - sp->pp_last_receive) < sp->pp_max_noreceive) { 4778 sp->pp_alivecnt = 0; 4779 continue; 4780 } 4781 4782 if (sp->pp_alivecnt >= sp->pp_maxalive) { 4783 /* No keepalive packets got. Stop the interface. */ 4784 if_down (ifp); 4785 IF_PURGE(&sp->pp_cpq); 4786 if (! (sp->pp_flags & PP_CISCO)) { 4787 printf("%s: LCP keepalive timed out, going to restart the connection\n", 4788 ifp->if_xname); 4789 sp->pp_alivecnt = 0; 4790 4791 /* we are down, close all open protocols */ 4792 lcp.Close(sp); 4793 4794 /* And now prepare LCP to reestablish the link, if configured to do so. */ 4795 sppp_cp_change_state(&lcp, sp, STATE_STOPPED); 4796 4797 /* Close connection immediately, completition of this 4798 * will summon the magic needed to reestablish it. */ 4799 if (sp->pp_tlf) 4800 sp->pp_tlf(sp); 4801 continue; 4802 } 4803 } 4804 if (sp->pp_alivecnt < sp->pp_maxalive) 4805 ++sp->pp_alivecnt; 4806 if (sp->pp_flags & PP_CISCO) 4807 sppp_cisco_send(sp, CISCO_KEEPALIVE_REQ, 4808 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4809 else if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 4810 int32_t nmagic = htonl(sp->lcp.magic); 4811 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4812 sppp_cp_send(sp, PPP_LCP, ECHO_REQ, 4813 sp->lcp.echoid, 4, &nmagic); 4814 } 4815 } 4816 splx(s); 4817 callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 4818 } 4819 4820 #ifdef INET 4821 /* 4822 * Get both IP addresses. 4823 */ 4824 static void 4825 sppp_get_ip_addrs(struct sppp *sp, uint32_t *src, uint32_t *dst, uint32_t *srcmask) 4826 { 4827 struct ifnet *ifp = &sp->pp_if; 4828 struct ifaddr *ifa; 4829 struct sockaddr_in *si, *sm; 4830 uint32_t ssrc, ddst; 4831 4832 sm = NULL; 4833 ssrc = ddst = 0; 4834 /* 4835 * Pick the first AF_INET address from the list, 4836 * aliases don't make any sense on a p2p link anyway. 4837 */ 4838 si = 0; 4839 IFADDR_FOREACH(ifa, ifp) { 4840 if (ifa->ifa_addr->sa_family == AF_INET) { 4841 si = (struct sockaddr_in *)ifa->ifa_addr; 4842 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4843 if (si) 4844 break; 4845 } 4846 } 4847 if (ifa) { 4848 if (si && si->sin_addr.s_addr) { 4849 ssrc = si->sin_addr.s_addr; 4850 if (srcmask) 4851 *srcmask = ntohl(sm->sin_addr.s_addr); 4852 } 4853 4854 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4855 if (si && si->sin_addr.s_addr) 4856 ddst = si->sin_addr.s_addr; 4857 } 4858 4859 if (dst) *dst = ntohl(ddst); 4860 if (src) *src = ntohl(ssrc); 4861 } 4862 4863 /* 4864 * Set IP addresses. Must be called at splnet. 4865 * If an address is 0, leave it the way it is. 4866 */ 4867 static void 4868 sppp_set_ip_addrs(struct sppp *sp, uint32_t myaddr, uint32_t hisaddr) 4869 { 4870 STDDCL; 4871 struct ifaddr *ifa; 4872 struct sockaddr_in *si, *dest; 4873 4874 /* 4875 * Pick the first AF_INET address from the list, 4876 * aliases don't make any sense on a p2p link anyway. 4877 */ 4878 4879 IFADDR_FOREACH(ifa, ifp) { 4880 if (ifa->ifa_addr->sa_family == AF_INET) { 4881 si = (struct sockaddr_in *)ifa->ifa_addr; 4882 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 4883 goto found; 4884 } 4885 } 4886 return; 4887 4888 found: 4889 { 4890 int error; 4891 struct sockaddr_in new_sin = *si; 4892 struct sockaddr_in new_dst = *dest; 4893 4894 /* 4895 * Scrub old routes now instead of calling in_ifinit with 4896 * scrub=1, because we may change the dstaddr 4897 * before the call to in_ifinit. 4898 */ 4899 in_ifscrub(ifp, ifatoia(ifa)); 4900 4901 if (myaddr != 0) 4902 new_sin.sin_addr.s_addr = htonl(myaddr); 4903 if (hisaddr != 0) { 4904 new_dst.sin_addr.s_addr = htonl(hisaddr); 4905 if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) { 4906 sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr; 4907 *dest = new_dst; /* fix dstaddr in place */ 4908 } 4909 } 4910 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 0); 4911 if (debug && error) 4912 { 4913 log(LOG_DEBUG, "%s: sppp_set_ip_addrs: in_ifinit " 4914 " failed, error=%d\n", ifp->if_xname, error); 4915 } 4916 #ifdef PFIL_HOOKS 4917 if (!error) 4918 (void)pfil_run_hooks(&if_pfil, 4919 (struct mbuf **)SIOCAIFADDR, ifp, PFIL_IFADDR); 4920 #endif 4921 } 4922 } 4923 4924 /* 4925 * Clear IP addresses. Must be called at splnet. 4926 */ 4927 static void 4928 sppp_clear_ip_addrs(struct sppp *sp) 4929 { 4930 struct ifnet *ifp = &sp->pp_if; 4931 struct ifaddr *ifa; 4932 struct sockaddr_in *si, *dest; 4933 4934 uint32_t remote; 4935 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 4936 remote = sp->ipcp.saved_hisaddr; 4937 else 4938 sppp_get_ip_addrs(sp, 0, &remote, 0); 4939 4940 /* 4941 * Pick the first AF_INET address from the list, 4942 * aliases don't make any sense on a p2p link anyway. 4943 */ 4944 4945 IFADDR_FOREACH(ifa, ifp) { 4946 if (ifa->ifa_addr->sa_family == AF_INET) { 4947 si = (struct sockaddr_in *)ifa->ifa_addr; 4948 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 4949 goto found; 4950 } 4951 } 4952 return; 4953 4954 found: 4955 { 4956 struct sockaddr_in new_sin = *si; 4957 4958 in_ifscrub(ifp, ifatoia(ifa)); 4959 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 4960 new_sin.sin_addr.s_addr = 0; 4961 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 4962 /* replace peer addr in place */ 4963 dest->sin_addr.s_addr = sp->ipcp.saved_hisaddr; 4964 in_ifinit(ifp, ifatoia(ifa), &new_sin, 0); 4965 #ifdef PFIL_HOOKS 4966 (void)pfil_run_hooks(&if_pfil, 4967 (struct mbuf **)SIOCDIFADDR, ifp, PFIL_IFADDR); 4968 #endif 4969 } 4970 } 4971 #endif 4972 4973 #ifdef INET6 4974 /* 4975 * Get both IPv6 addresses. 4976 */ 4977 static void 4978 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4979 struct in6_addr *srcmask) 4980 { 4981 struct ifnet *ifp = &sp->pp_if; 4982 struct ifaddr *ifa; 4983 struct sockaddr_in6 *si, *sm; 4984 struct in6_addr ssrc, ddst; 4985 4986 sm = NULL; 4987 memset(&ssrc, 0, sizeof(ssrc)); 4988 memset(&ddst, 0, sizeof(ddst)); 4989 /* 4990 * Pick the first link-local AF_INET6 address from the list, 4991 * aliases don't make any sense on a p2p link anyway. 4992 */ 4993 si = 0; 4994 IFADDR_FOREACH(ifa, ifp) 4995 if (ifa->ifa_addr->sa_family == AF_INET6) { 4996 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4997 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4998 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4999 break; 5000 } 5001 if (ifa) { 5002 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 5003 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 5004 if (srcmask) { 5005 bcopy(&sm->sin6_addr, srcmask, 5006 sizeof(*srcmask)); 5007 } 5008 } 5009 5010 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 5011 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 5012 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 5013 } 5014 5015 if (dst) 5016 bcopy(&ddst, dst, sizeof(*dst)); 5017 if (src) 5018 bcopy(&ssrc, src, sizeof(*src)); 5019 } 5020 5021 #ifdef IPV6CP_MYIFID_DYN 5022 /* 5023 * Generate random ifid. 5024 */ 5025 static void 5026 sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 5027 { 5028 /* TBD */ 5029 } 5030 5031 /* 5032 * Set my IPv6 address. Must be called at splnet. 5033 */ 5034 static void 5035 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 5036 { 5037 STDDCL; 5038 struct ifaddr *ifa; 5039 struct sockaddr_in6 *sin6; 5040 5041 /* 5042 * Pick the first link-local AF_INET6 address from the list, 5043 * aliases don't make any sense on a p2p link anyway. 5044 */ 5045 5046 sin6 = NULL; 5047 IFADDR_FOREACH(ifa, ifp) 5048 { 5049 if (ifa->ifa_addr->sa_family == AF_INET6) 5050 { 5051 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 5052 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 5053 break; 5054 } 5055 } 5056 5057 if (ifa && sin6) 5058 { 5059 int error; 5060 struct sockaddr_in6 new_sin6 = *sin6; 5061 5062 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 5063 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 5064 if (debug && error) 5065 { 5066 log(LOG_DEBUG, "%s: sppp_set_ip6_addr: in6_ifinit " 5067 " failed, error=%d\n", ifp->if_xname, error); 5068 } 5069 #ifdef PFIL_HOOKS 5070 if (!error) 5071 (void)pfil_run_hooks(&if_pfil, 5072 (struct mbuf **)SIOCAIFADDR_IN6, ifp, PFIL_IFADDR); 5073 #endif 5074 } 5075 } 5076 #endif 5077 5078 /* 5079 * Suggest a candidate address to be used by peer. 5080 */ 5081 static void 5082 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 5083 { 5084 struct in6_addr myaddr; 5085 struct timeval tv; 5086 5087 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 5088 5089 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 5090 microtime(&tv); 5091 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 5092 myaddr.s6_addr[14] ^= 0xff; 5093 myaddr.s6_addr[15] ^= 0xff; 5094 } else { 5095 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 5096 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 5097 } 5098 if (suggest) 5099 bcopy(&myaddr, suggest, sizeof(myaddr)); 5100 } 5101 #endif /*INET6*/ 5102 5103 /* 5104 * Process ioctl requests specific to the PPP interface. 5105 * Permissions have already been checked. 5106 */ 5107 static int 5108 sppp_params(struct sppp *sp, u_long cmd, void *data) 5109 { 5110 switch (cmd) { 5111 case SPPPGETAUTHCFG: 5112 { 5113 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 5114 int error; 5115 size_t len; 5116 5117 cfg->myauthflags = sp->myauth.flags; 5118 cfg->hisauthflags = sp->hisauth.flags; 5119 strncpy(cfg->ifname, sp->pp_if.if_xname, IFNAMSIZ); 5120 cfg->hisauth = 0; 5121 if (sp->hisauth.proto) 5122 cfg->hisauth = (sp->hisauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP; 5123 cfg->myauth = 0; 5124 if (sp->myauth.proto) 5125 cfg->myauth = (sp->myauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP; 5126 if (cfg->myname_length == 0) { 5127 if (sp->myauth.name != NULL) 5128 cfg->myname_length = sp->myauth.name_len + 1; 5129 } else { 5130 if (sp->myauth.name == NULL) { 5131 cfg->myname_length = 0; 5132 } else { 5133 len = sp->myauth.name_len + 1; 5134 if (cfg->myname_length < len) 5135 return (ENAMETOOLONG); 5136 error = copyout(sp->myauth.name, cfg->myname, len); 5137 if (error) return error; 5138 } 5139 } 5140 if (cfg->hisname_length == 0) { 5141 if (sp->hisauth.name != NULL) 5142 cfg->hisname_length = sp->hisauth.name_len + 1; 5143 } else { 5144 if (sp->hisauth.name == NULL) { 5145 cfg->hisname_length = 0; 5146 } else { 5147 len = sp->hisauth.name_len + 1; 5148 if (cfg->hisname_length < len) 5149 return (ENAMETOOLONG); 5150 error = copyout(sp->hisauth.name, cfg->hisname, len); 5151 if (error) return error; 5152 } 5153 } 5154 } 5155 break; 5156 case SPPPSETAUTHCFG: 5157 { 5158 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 5159 int error; 5160 5161 if (sp->myauth.name) { 5162 free(sp->myauth.name, M_DEVBUF); 5163 sp->myauth.name = NULL; 5164 } 5165 if (sp->myauth.secret) { 5166 free(sp->myauth.secret, M_DEVBUF); 5167 sp->myauth.secret = NULL; 5168 } 5169 if (sp->hisauth.name) { 5170 free(sp->hisauth.name, M_DEVBUF); 5171 sp->hisauth.name = NULL; 5172 } 5173 if (sp->hisauth.secret) { 5174 free(sp->hisauth.secret, M_DEVBUF); 5175 sp->hisauth.secret = NULL; 5176 } 5177 5178 if (cfg->hisname != NULL && cfg->hisname_length > 0) { 5179 if (cfg->hisname_length >= MCLBYTES) 5180 return (ENAMETOOLONG); 5181 sp->hisauth.name = malloc(cfg->hisname_length, M_DEVBUF, M_WAITOK); 5182 error = copyin(cfg->hisname, sp->hisauth.name, cfg->hisname_length); 5183 if (error) { 5184 free(sp->hisauth.name, M_DEVBUF); 5185 sp->hisauth.name = NULL; 5186 return error; 5187 } 5188 sp->hisauth.name_len = cfg->hisname_length - 1; 5189 sp->hisauth.name[sp->hisauth.name_len] = 0; 5190 } 5191 if (cfg->hissecret != NULL && cfg->hissecret_length > 0) { 5192 if (cfg->hissecret_length >= MCLBYTES) 5193 return (ENAMETOOLONG); 5194 sp->hisauth.secret = malloc(cfg->hissecret_length, M_DEVBUF, M_WAITOK); 5195 error = copyin(cfg->hissecret, sp->hisauth.secret, cfg->hissecret_length); 5196 if (error) { 5197 free(sp->hisauth.secret, M_DEVBUF); 5198 sp->hisauth.secret = NULL; 5199 return error; 5200 } 5201 sp->hisauth.secret_len = cfg->hissecret_length - 1; 5202 sp->hisauth.secret[sp->hisauth.secret_len] = 0; 5203 } 5204 if (cfg->myname != NULL && cfg->myname_length > 0) { 5205 if (cfg->myname_length >= MCLBYTES) 5206 return (ENAMETOOLONG); 5207 sp->myauth.name = malloc(cfg->myname_length, M_DEVBUF, M_WAITOK); 5208 error = copyin(cfg->myname, sp->myauth.name, cfg->myname_length); 5209 if (error) { 5210 free(sp->myauth.name, M_DEVBUF); 5211 sp->myauth.name = NULL; 5212 return error; 5213 } 5214 sp->myauth.name_len = cfg->myname_length - 1; 5215 sp->myauth.name[sp->myauth.name_len] = 0; 5216 } 5217 if (cfg->mysecret != NULL && cfg->mysecret_length > 0) { 5218 if (cfg->mysecret_length >= MCLBYTES) 5219 return (ENAMETOOLONG); 5220 sp->myauth.secret = malloc(cfg->mysecret_length, M_DEVBUF, M_WAITOK); 5221 error = copyin(cfg->mysecret, sp->myauth.secret, cfg->mysecret_length); 5222 if (error) { 5223 free(sp->myauth.secret, M_DEVBUF); 5224 sp->myauth.secret = NULL; 5225 return error; 5226 } 5227 sp->myauth.secret_len = cfg->mysecret_length - 1; 5228 sp->myauth.secret[sp->myauth.secret_len] = 0; 5229 } 5230 sp->myauth.flags = cfg->myauthflags; 5231 if (cfg->myauth) 5232 sp->myauth.proto = (cfg->myauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP; 5233 sp->hisauth.flags = cfg->hisauthflags; 5234 if (cfg->hisauth) 5235 sp->hisauth.proto = (cfg->hisauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP; 5236 sp->pp_auth_failures = 0; 5237 if (sp->hisauth.proto != 0) 5238 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 5239 else 5240 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 5241 } 5242 break; 5243 case SPPPGETLCPCFG: 5244 { 5245 struct sppplcpcfg *lcpp = (struct sppplcpcfg *)data; 5246 lcpp->lcp_timeout = sp->lcp.timeout; 5247 } 5248 break; 5249 case SPPPSETLCPCFG: 5250 { 5251 struct sppplcpcfg *lcpp = (struct sppplcpcfg *)data; 5252 sp->lcp.timeout = lcpp->lcp_timeout; 5253 } 5254 break; 5255 case SPPPGETSTATUS: 5256 { 5257 struct spppstatus *status = (struct spppstatus *)data; 5258 status->phase = sp->pp_phase; 5259 } 5260 break; 5261 case SPPPGETSTATUSNCP: 5262 { 5263 struct spppstatusncp *status = (struct spppstatusncp *)data; 5264 status->phase = sp->pp_phase; 5265 status->ncpup = sppp_ncp_check(sp); 5266 } 5267 break; 5268 case SPPPGETIDLETO: 5269 { 5270 struct spppidletimeout *to = (struct spppidletimeout *)data; 5271 to->idle_seconds = sp->pp_idle_timeout; 5272 } 5273 break; 5274 case SPPPSETIDLETO: 5275 { 5276 struct spppidletimeout *to = (struct spppidletimeout *)data; 5277 sp->pp_idle_timeout = to->idle_seconds; 5278 } 5279 break; 5280 case SPPPSETAUTHFAILURE: 5281 { 5282 struct spppauthfailuresettings *afsettings = (struct spppauthfailuresettings *)data; 5283 sp->pp_max_auth_fail = afsettings->max_failures; 5284 sp->pp_auth_failures = 0; 5285 } 5286 break; 5287 case SPPPGETAUTHFAILURES: 5288 { 5289 struct spppauthfailurestats *stats = (struct spppauthfailurestats *)data; 5290 stats->auth_failures = sp->pp_auth_failures; 5291 stats->max_failures = sp->pp_max_auth_fail; 5292 } 5293 break; 5294 case SPPPSETDNSOPTS: 5295 { 5296 struct spppdnssettings *req = (struct spppdnssettings *)data; 5297 sp->query_dns = req->query_dns & 3; 5298 } 5299 break; 5300 case SPPPGETDNSOPTS: 5301 { 5302 struct spppdnssettings *req = (struct spppdnssettings *)data; 5303 req->query_dns = sp->query_dns; 5304 } 5305 break; 5306 case SPPPGETDNSADDRS: 5307 { 5308 struct spppdnsaddrs *addrs = (struct spppdnsaddrs *)data; 5309 memcpy(&addrs->dns, &sp->dns_addrs, sizeof addrs->dns); 5310 } 5311 break; 5312 case SPPPGETKEEPALIVE: 5313 { 5314 struct spppkeepalivesettings *settings = 5315 (struct spppkeepalivesettings*)data; 5316 settings->maxalive = sp->pp_maxalive; 5317 settings->max_noreceive = sp->pp_max_noreceive; 5318 } 5319 break; 5320 case SPPPSETKEEPALIVE: 5321 { 5322 struct spppkeepalivesettings *settings = 5323 (struct spppkeepalivesettings*)data; 5324 sp->pp_maxalive = settings->maxalive; 5325 sp->pp_max_noreceive = settings->max_noreceive; 5326 } 5327 break; 5328 default: 5329 return (EINVAL); 5330 } 5331 5332 return (0); 5333 } 5334 5335 static void 5336 sppp_phase_network(struct sppp *sp) 5337 { 5338 STDDCL; 5339 int i; 5340 uint32_t mask; 5341 5342 sp->pp_phase = SPPP_PHASE_NETWORK; 5343 5344 if (debug) 5345 { 5346 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 5347 sppp_phase_name(sp->pp_phase)); 5348 } 5349 5350 /* Notify NCPs now. */ 5351 for (i = 0; i < IDX_COUNT; i++) 5352 if ((cps[i])->flags & CP_NCP) 5353 (cps[i])->Open(sp); 5354 5355 /* Send Up events to all NCPs. */ 5356 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5357 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5358 (cps[i])->Up(sp); 5359 5360 /* if no NCP is starting, all this was in vain, close down */ 5361 sppp_lcp_check_and_close(sp); 5362 } 5363 5364 5365 static const char * 5366 sppp_cp_type_name(u_char type) 5367 { 5368 static char buf[12]; 5369 switch (type) { 5370 case CONF_REQ: return "conf-req"; 5371 case CONF_ACK: return "conf-ack"; 5372 case CONF_NAK: return "conf-nak"; 5373 case CONF_REJ: return "conf-rej"; 5374 case TERM_REQ: return "term-req"; 5375 case TERM_ACK: return "term-ack"; 5376 case CODE_REJ: return "code-rej"; 5377 case PROTO_REJ: return "proto-rej"; 5378 case ECHO_REQ: return "echo-req"; 5379 case ECHO_REPLY: return "echo-reply"; 5380 case DISC_REQ: return "discard-req"; 5381 } 5382 snprintf(buf, sizeof(buf), "0x%x", type); 5383 return buf; 5384 } 5385 5386 static const char * 5387 sppp_auth_type_name(u_short proto, u_char type) 5388 { 5389 static char buf[12]; 5390 switch (proto) { 5391 case PPP_CHAP: 5392 switch (type) { 5393 case CHAP_CHALLENGE: return "challenge"; 5394 case CHAP_RESPONSE: return "response"; 5395 case CHAP_SUCCESS: return "success"; 5396 case CHAP_FAILURE: return "failure"; 5397 } 5398 case PPP_PAP: 5399 switch (type) { 5400 case PAP_REQ: return "req"; 5401 case PAP_ACK: return "ack"; 5402 case PAP_NAK: return "nak"; 5403 } 5404 } 5405 snprintf(buf, sizeof(buf), "0x%x", type); 5406 return buf; 5407 } 5408 5409 static const char * 5410 sppp_lcp_opt_name(u_char opt) 5411 { 5412 static char buf[12]; 5413 switch (opt) { 5414 case LCP_OPT_MRU: return "mru"; 5415 case LCP_OPT_ASYNC_MAP: return "async-map"; 5416 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5417 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5418 case LCP_OPT_MAGIC: return "magic"; 5419 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5420 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5421 } 5422 snprintf(buf, sizeof(buf), "0x%x", opt); 5423 return buf; 5424 } 5425 5426 static const char * 5427 sppp_ipcp_opt_name(u_char opt) 5428 { 5429 static char buf[12]; 5430 switch (opt) { 5431 case IPCP_OPT_ADDRESSES: return "addresses"; 5432 case IPCP_OPT_COMPRESSION: return "compression"; 5433 case IPCP_OPT_ADDRESS: return "address"; 5434 } 5435 snprintf(buf, sizeof(buf), "0x%x", opt); 5436 return buf; 5437 } 5438 5439 #ifdef INET6 5440 static const char * 5441 sppp_ipv6cp_opt_name(u_char opt) 5442 { 5443 static char buf[12]; 5444 switch (opt) { 5445 case IPV6CP_OPT_IFID: return "ifid"; 5446 case IPV6CP_OPT_COMPRESSION: return "compression"; 5447 } 5448 snprintf(buf, sizeof(buf), "0x%x", opt); 5449 return buf; 5450 } 5451 #endif 5452 5453 static const char * 5454 sppp_state_name(int state) 5455 { 5456 switch (state) { 5457 case STATE_INITIAL: return "initial"; 5458 case STATE_STARTING: return "starting"; 5459 case STATE_CLOSED: return "closed"; 5460 case STATE_STOPPED: return "stopped"; 5461 case STATE_CLOSING: return "closing"; 5462 case STATE_STOPPING: return "stopping"; 5463 case STATE_REQ_SENT: return "req-sent"; 5464 case STATE_ACK_RCVD: return "ack-rcvd"; 5465 case STATE_ACK_SENT: return "ack-sent"; 5466 case STATE_OPENED: return "opened"; 5467 } 5468 return "illegal"; 5469 } 5470 5471 static const char * 5472 sppp_phase_name(int phase) 5473 { 5474 switch (phase) { 5475 case SPPP_PHASE_DEAD: return "dead"; 5476 case SPPP_PHASE_ESTABLISH: return "establish"; 5477 case SPPP_PHASE_TERMINATE: return "terminate"; 5478 case SPPP_PHASE_AUTHENTICATE: return "authenticate"; 5479 case SPPP_PHASE_NETWORK: return "network"; 5480 } 5481 return "illegal"; 5482 } 5483 5484 static const char * 5485 sppp_proto_name(u_short proto) 5486 { 5487 static char buf[12]; 5488 switch (proto) { 5489 case PPP_LCP: return "lcp"; 5490 case PPP_IPCP: return "ipcp"; 5491 case PPP_PAP: return "pap"; 5492 case PPP_CHAP: return "chap"; 5493 case PPP_IPV6CP: return "ipv6cp"; 5494 } 5495 snprintf(buf, sizeof(buf), "0x%x", (unsigned)proto); 5496 return buf; 5497 } 5498 5499 static void 5500 sppp_print_bytes(const u_char *p, u_short len) 5501 { 5502 addlog(" %02x", *p++); 5503 while (--len > 0) 5504 addlog("-%02x", *p++); 5505 } 5506 5507 static void 5508 sppp_print_string(const char *p, u_short len) 5509 { 5510 u_char c; 5511 5512 while (len-- > 0) { 5513 c = *p++; 5514 /* 5515 * Print only ASCII chars directly. RFC 1994 recommends 5516 * using only them, but we don't rely on it. */ 5517 if (c < ' ' || c > '~') 5518 addlog("\\x%x", c); 5519 else 5520 addlog("%c", c); 5521 } 5522 } 5523 5524 static const char * 5525 sppp_dotted_quad(uint32_t addr) 5526 { 5527 static char s[16]; 5528 snprintf(s, sizeof(s), "%d.%d.%d.%d", 5529 (int)((addr >> 24) & 0xff), 5530 (int)((addr >> 16) & 0xff), 5531 (int)((addr >> 8) & 0xff), 5532 (int)(addr & 0xff)); 5533 return s; 5534 } 5535 5536 /* a dummy, used to drop uninteresting events */ 5537 static void 5538 sppp_null(struct sppp *unused) 5539 { 5540 /* do just nothing */ 5541 } 5542 /* 5543 * This file is large. Tell emacs to highlight it nevertheless. 5544 * 5545 * Local Variables: 5546 * hilit-auto-highlight-maxout: 120000 5547 * End: 5548 */
Cache object: b9a59baee6d54e4112f376665a3adc87
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]