if_spppsubr.c revision 1.17
1 /* $NetBSD: if_spppsubr.c,v 1.17 2001/01/07 21:47:28 martin Exp $ */ 2 3 /* 4 * Synchronous PPP/Cisco link level subroutines. 5 * Keepalive protocol implemented in both Cisco and PPP modes. 6 * 7 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 8 * Author: Serge Vakulenko, <vak (at) cronyx.ru> 9 * 10 * Heavily revamped to conform to RFC 1661. 11 * Copyright (C) 1997, Joerg Wunsch. 12 * 13 * RFC2472 IPv6CP support. 14 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun (at) iijlab.net>. 15 * 16 * This software is distributed with NO WARRANTIES, not even the implied 17 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 18 * 19 * Authors grant any other persons or organisations permission to use 20 * or modify this software as long as this message is kept with the software, 21 * all derivative works or modified versions. 22 * 23 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 24 * 25 * From: if_spppsubr.c,v 1.39 1998/04/04 13:26:03 phk Exp 26 * 27 * From: Id: if_spppsubr.c,v 1.23 1999/02/23 14:47:50 hm Exp 28 */ 29 30 #if defined(__NetBSD__) || (defined(__FreeBSD__) && __FreeBSD__ >= 3) 31 #include "opt_inet.h" 32 #include "opt_ipx.h" 33 #include "opt_iso.h" 34 #include "opt_ns.h" 35 #endif 36 37 #include <sys/param.h> 38 39 #include <sys/systm.h> 40 #include <sys/kernel.h> 41 #include <sys/sockio.h> 42 #include <sys/socket.h> 43 #include <sys/syslog.h> 44 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 45 #include <machine/random.h> 46 #endif 47 #include <sys/malloc.h> 48 #include <sys/mbuf.h> 49 50 #if defined (__OpenBSD__) 51 #include <sys/md5k.h> 52 #else 53 #include <sys/md5.h> 54 #endif 55 56 #include <net/if.h> 57 #include <net/netisr.h> 58 #include <net/if_types.h> 59 #include <net/route.h> 60 #include <net/ppp_defs.h> 61 62 #include <machine/stdarg.h> 63 64 #include <netinet/in.h> 65 #include <netinet/in_systm.h> 66 #include <netinet/in_var.h> 67 #ifdef INET 68 #include <netinet/ip.h> 69 #include <netinet/tcp.h> 70 #endif 71 #if defined (__FreeBSD__) || defined (__OpenBSD__) 72 #include <netinet/if_ether.h> 73 #else 74 #include <net/ethertypes.h> 75 #endif 76 77 #ifdef IPX 78 #include <netipx/ipx.h> 79 #include <netipx/ipx_if.h> 80 #endif 81 82 #ifdef NS 83 #include <netns/ns.h> 84 #include <netns/ns_if.h> 85 #endif 86 87 #ifdef ISO 88 #include <netiso/argo_debug.h> 89 #include <netiso/iso.h> 90 #include <netiso/iso_var.h> 91 #include <netiso/iso_snpac.h> 92 #endif 93 94 #if defined(__FreeBSD__) || defined(__NetBSD__) 95 #include <net/if_sppp.h> 96 #else 97 #include <i4b/sppp/if_sppp.h> 98 #endif 99 #if defined(__NetBSD__) || defined (__OpenBSD__) 100 #include <machine/cpu.h> /* XXX for softnet */ 101 #endif 102 103 #define MAXALIVECNT 3 /* max. alive packets */ 104 105 /* 106 * Interface flags that can be set in an ifconfig command. 107 * 108 * Setting link0 will make the link passive, i.e. it will be marked 109 * as being administrative openable, but won't be opened to begin 110 * with. Incoming calls will be answered, or subsequent calls with 111 * -link1 will cause the administrative open of the LCP layer. 112 * 113 * Setting link1 will cause the link to auto-dial only as packets 114 * arrive to be sent. 115 * 116 * Setting IFF_DEBUG will syslog the option negotiation and state 117 * transitions at level kern.debug. Note: all logs consistently look 118 * like 119 * 120 * <if-name><unit>: <proto-name> <additional info...> 121 * 122 * with <if-name><unit> being something like "bppp0", and <proto-name> 123 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 124 */ 125 126 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 127 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 128 129 #define CONF_REQ 1 /* PPP configure request */ 130 #define CONF_ACK 2 /* PPP configure acknowledge */ 131 #define CONF_NAK 3 /* PPP configure negative ack */ 132 #define CONF_REJ 4 /* PPP configure reject */ 133 #define TERM_REQ 5 /* PPP terminate request */ 134 #define TERM_ACK 6 /* PPP terminate acknowledge */ 135 #define CODE_REJ 7 /* PPP code reject */ 136 #define PROTO_REJ 8 /* PPP protocol reject */ 137 #define ECHO_REQ 9 /* PPP echo request */ 138 #define ECHO_REPLY 10 /* PPP echo reply */ 139 #define DISC_REQ 11 /* PPP discard request */ 140 141 #define LCP_OPT_MRU 1 /* maximum receive unit */ 142 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 143 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 144 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 145 #define LCP_OPT_MAGIC 5 /* magic number */ 146 #define LCP_OPT_RESERVED 6 /* reserved */ 147 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 148 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 149 150 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 151 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol */ 152 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 153 154 #define IPV6CP_OPT_IFID 1 /* interface identifier */ 155 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 156 157 #define PAP_REQ 1 /* PAP name/password request */ 158 #define PAP_ACK 2 /* PAP acknowledge */ 159 #define PAP_NAK 3 /* PAP fail */ 160 161 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 162 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 163 #define CHAP_SUCCESS 3 /* CHAP response ok */ 164 #define CHAP_FAILURE 4 /* CHAP response failed */ 165 166 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 167 168 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 169 #define CISCO_UNICAST 0x0f /* Cisco unicast address */ 170 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 171 #define CISCO_ADDR_REQ 0 /* Cisco address request */ 172 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 173 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 174 175 /* states are named and numbered according to RFC 1661 */ 176 #define STATE_INITIAL 0 177 #define STATE_STARTING 1 178 #define STATE_CLOSED 2 179 #define STATE_STOPPED 3 180 #define STATE_CLOSING 4 181 #define STATE_STOPPING 5 182 #define STATE_REQ_SENT 6 183 #define STATE_ACK_RCVD 7 184 #define STATE_ACK_SENT 8 185 #define STATE_OPENED 9 186 187 struct ppp_header { 188 u_char address; 189 u_char control; 190 u_short protocol; 191 } __attribute__((__packed__)); 192 #define PPP_HEADER_LEN sizeof (struct ppp_header) 193 194 struct lcp_header { 195 u_char type; 196 u_char ident; 197 u_short len; 198 } __attribute__((__packed__)); 199 #define LCP_HEADER_LEN sizeof (struct lcp_header) 200 201 struct cisco_packet { 202 u_long type; 203 u_long par1; 204 u_long par2; 205 u_short rel; 206 u_short time0; 207 u_short time1; 208 } __attribute__((__packed__)); 209 #define CISCO_PACKET_LEN 18 210 211 /* 212 * We follow the spelling and capitalization of RFC 1661 here, to make 213 * it easier comparing with the standard. Please refer to this RFC in 214 * case you can't make sense out of these abbreviation; it will also 215 * explain the semantics related to the various events and actions. 216 */ 217 struct cp { 218 u_short proto; /* PPP control protocol number */ 219 u_char protoidx; /* index into state table in struct sppp */ 220 u_char flags; 221 #define CP_LCP 0x01 /* this is the LCP */ 222 #define CP_AUTH 0x02 /* this is an authentication protocol */ 223 #define CP_NCP 0x04 /* this is a NCP */ 224 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 225 const char *name; /* name of this control protocol */ 226 /* event handlers */ 227 void (*Up)(struct sppp *sp); 228 void (*Down)(struct sppp *sp); 229 void (*Open)(struct sppp *sp); 230 void (*Close)(struct sppp *sp); 231 void (*TO)(void *sp); 232 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 233 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 234 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 235 /* actions */ 236 void (*tlu)(struct sppp *sp); 237 void (*tld)(struct sppp *sp); 238 void (*tls)(struct sppp *sp); 239 void (*tlf)(struct sppp *sp); 240 void (*scr)(struct sppp *sp); 241 }; 242 243 static struct sppp *spppq; 244 #if defined(__NetBSD__) 245 static struct callout keepalive_ch; 246 #endif 247 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 248 static struct callout_handle keepalive_ch; 249 #endif 250 251 #ifdef __FreeBSD__ 252 #define SPP_FMT "%s%d: " 253 #define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 254 #else 255 #define SPP_FMT "%s: " 256 #define SPP_ARGS(ifp) (ifp)->if_xname 257 #endif 258 259 #ifdef INET 260 /* 261 * The following disgusting hack gets around the problem that IP TOS 262 * can't be set yet. We want to put "interactive" traffic on a high 263 * priority queue. To decide if traffic is interactive, we check that 264 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 265 * 266 * XXX is this really still necessary? - joerg - 267 */ 268 static u_short interactive_ports[8] = { 269 0, 513, 0, 0, 270 0, 21, 0, 23, 271 }; 272 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 273 #endif 274 275 /* almost every function needs these */ 276 #define STDDCL \ 277 struct ifnet *ifp = &sp->pp_if; \ 278 int debug = ifp->if_flags & IFF_DEBUG 279 280 static int sppp_output(struct ifnet *ifp, struct mbuf *m, 281 struct sockaddr *dst, struct rtentry *rt); 282 283 static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 284 static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 285 286 static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 287 struct mbuf *m); 288 static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 289 u_char ident, u_short len, void *data); 290 /* static void sppp_cp_timeout(void *arg); */ 291 static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 292 int newstate); 293 static void sppp_auth_send(const struct cp *cp, 294 struct sppp *sp, unsigned int type, unsigned int id, 295 ...); 296 297 static void sppp_up_event(const struct cp *cp, struct sppp *sp); 298 static void sppp_down_event(const struct cp *cp, struct sppp *sp); 299 static void sppp_open_event(const struct cp *cp, struct sppp *sp); 300 static void sppp_close_event(const struct cp *cp, struct sppp *sp); 301 static void sppp_to_event(const struct cp *cp, struct sppp *sp); 302 303 static void sppp_null(struct sppp *sp); 304 305 static void sppp_lcp_init(struct sppp *sp); 306 static void sppp_lcp_up(struct sppp *sp); 307 static void sppp_lcp_down(struct sppp *sp); 308 static void sppp_lcp_open(struct sppp *sp); 309 static void sppp_lcp_close(struct sppp *sp); 310 static void sppp_lcp_TO(void *sp); 311 static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 312 static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 313 static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 314 static void sppp_lcp_tlu(struct sppp *sp); 315 static void sppp_lcp_tld(struct sppp *sp); 316 static void sppp_lcp_tls(struct sppp *sp); 317 static void sppp_lcp_tlf(struct sppp *sp); 318 static void sppp_lcp_scr(struct sppp *sp); 319 static void sppp_lcp_check_and_close(struct sppp *sp); 320 static int sppp_ncp_check(struct sppp *sp); 321 322 static void sppp_ipcp_init(struct sppp *sp); 323 static void sppp_ipcp_up(struct sppp *sp); 324 static void sppp_ipcp_down(struct sppp *sp); 325 static void sppp_ipcp_open(struct sppp *sp); 326 static void sppp_ipcp_close(struct sppp *sp); 327 static void sppp_ipcp_TO(void *sp); 328 static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 329 static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 330 static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 331 static void sppp_ipcp_tlu(struct sppp *sp); 332 static void sppp_ipcp_tld(struct sppp *sp); 333 static void sppp_ipcp_tls(struct sppp *sp); 334 static void sppp_ipcp_tlf(struct sppp *sp); 335 static void sppp_ipcp_scr(struct sppp *sp); 336 337 static void sppp_ipv6cp_init(struct sppp *sp); 338 static void sppp_ipv6cp_up(struct sppp *sp); 339 static void sppp_ipv6cp_down(struct sppp *sp); 340 static void sppp_ipv6cp_open(struct sppp *sp); 341 static void sppp_ipv6cp_close(struct sppp *sp); 342 static void sppp_ipv6cp_TO(void *sp); 343 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 344 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 345 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 346 static void sppp_ipv6cp_tlu(struct sppp *sp); 347 static void sppp_ipv6cp_tld(struct sppp *sp); 348 static void sppp_ipv6cp_tls(struct sppp *sp); 349 static void sppp_ipv6cp_tlf(struct sppp *sp); 350 static void sppp_ipv6cp_scr(struct sppp *sp); 351 352 static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 353 static void sppp_pap_init(struct sppp *sp); 354 static void sppp_pap_open(struct sppp *sp); 355 static void sppp_pap_close(struct sppp *sp); 356 static void sppp_pap_TO(void *sp); 357 static void sppp_pap_my_TO(void *sp); 358 static void sppp_pap_tlu(struct sppp *sp); 359 static void sppp_pap_tld(struct sppp *sp); 360 static void sppp_pap_scr(struct sppp *sp); 361 362 static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 363 static void sppp_chap_init(struct sppp *sp); 364 static void sppp_chap_open(struct sppp *sp); 365 static void sppp_chap_close(struct sppp *sp); 366 static void sppp_chap_TO(void *sp); 367 static void sppp_chap_tlu(struct sppp *sp); 368 static void sppp_chap_tld(struct sppp *sp); 369 static void sppp_chap_scr(struct sppp *sp); 370 371 static const char *sppp_auth_type_name(u_short proto, u_char type); 372 static const char *sppp_cp_type_name(u_char type); 373 static const char *sppp_dotted_quad(u_long addr); 374 static const char *sppp_ipcp_opt_name(u_char opt); 375 #ifdef INET6 376 static const char *sppp_ipv6cp_opt_name(u_char opt); 377 #endif 378 static const char *sppp_lcp_opt_name(u_char opt); 379 static const char *sppp_phase_name(enum ppp_phase phase); 380 static const char *sppp_proto_name(u_short proto); 381 static const char *sppp_state_name(int state); 382 static int sppp_params(struct sppp *sp, int cmd, void *data); 383 static int sppp_strnlen(u_char *p, int max); 384 static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 385 u_long *srcmask); 386 static void sppp_keepalive(void *dummy); 387 static void sppp_phase_network(struct sppp *sp); 388 static void sppp_print_bytes(const u_char *p, u_short len); 389 static void sppp_print_string(const char *p, u_short len); 390 static void sppp_set_ip_addr(struct sppp *sp, u_long src); 391 #ifdef INET6 392 static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 393 struct in6_addr *dst, struct in6_addr *srcmask); 394 #ifdef IPV6CP_MYIFID_DYN 395 static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 396 static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 397 #endif 398 static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 399 #endif 400 401 /* our control protocol descriptors */ 402 static const struct cp lcp = { 403 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 404 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 405 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 406 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 407 sppp_lcp_scr 408 }; 409 410 static const struct cp ipcp = { 411 PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp", 412 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 413 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 414 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 415 sppp_ipcp_scr 416 }; 417 418 static const struct cp ipv6cp = { 419 PPP_IPV6CP, IDX_IPV6CP, 420 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 421 CP_NCP, 422 #else 423 0, 424 #endif 425 "ipv6cp", 426 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 427 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 428 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 429 sppp_ipv6cp_scr 430 }; 431 432 static const struct cp pap = { 433 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 434 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 435 sppp_pap_TO, 0, 0, 0, 436 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 437 sppp_pap_scr 438 }; 439 440 static const struct cp chap = { 441 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 442 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 443 sppp_chap_TO, 0, 0, 0, 444 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 445 sppp_chap_scr 446 }; 447 448 static const struct cp *cps[IDX_COUNT] = { 449 &lcp, /* IDX_LCP */ 450 &ipcp, /* IDX_IPCP */ 451 &ipv6cp, /* IDX_IPV6CP */ 452 &pap, /* IDX_PAP */ 453 &chap, /* IDX_CHAP */ 454 }; 455 456 457 /* 459 * Exported functions, comprising our interface to the lower layer. 460 */ 461 462 /* 463 * Process the received packet. 464 */ 465 void 466 sppp_input(struct ifnet *ifp, struct mbuf *m) 467 { 468 struct ppp_header *h; 469 struct ifqueue *inq = 0; 470 int s; 471 struct sppp *sp = (struct sppp *)ifp; 472 int debug = ifp->if_flags & IFF_DEBUG; 473 474 if (ifp->if_flags & IFF_UP) 475 /* Count received bytes, add FCS and one flag */ 476 ifp->if_ibytes += m->m_pkthdr.len + 3; 477 478 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 479 /* Too small packet, drop it. */ 480 if (debug) 481 log(LOG_DEBUG, 482 SPP_FMT "input packet is too small, %d bytes\n", 483 SPP_ARGS(ifp), m->m_pkthdr.len); 484 drop: 485 ++ifp->if_ierrors; 486 ++ifp->if_iqdrops; 487 m_freem (m); 488 return; 489 } 490 491 /* Get PPP header. */ 492 h = mtod (m, struct ppp_header*); 493 m_adj (m, PPP_HEADER_LEN); 494 495 switch (h->address) { 496 case PPP_ALLSTATIONS: 497 if (h->control != PPP_UI) 498 goto invalid; 499 if (sp->pp_flags & PP_CISCO) { 500 if (debug) 501 log(LOG_DEBUG, 502 SPP_FMT "PPP packet in Cisco mode " 503 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 504 SPP_ARGS(ifp), 505 h->address, h->control, ntohs(h->protocol)); 506 goto drop; 507 } 508 switch (ntohs (h->protocol)) { 509 default: 510 if (sp->state[IDX_LCP] == STATE_OPENED) 511 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 512 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 513 &h->protocol); 514 if (debug) 515 log(LOG_DEBUG, 516 SPP_FMT "invalid input protocol " 517 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 518 SPP_ARGS(ifp), 519 h->address, h->control, ntohs(h->protocol)); 520 ++ifp->if_noproto; 521 goto drop; 522 case PPP_LCP: 523 sppp_cp_input(&lcp, sp, m); 524 m_freem (m); 525 return; 526 case PPP_PAP: 527 if (sp->pp_phase >= PHASE_AUTHENTICATE) 528 sppp_pap_input(sp, m); 529 m_freem (m); 530 return; 531 case PPP_CHAP: 532 if (sp->pp_phase >= PHASE_AUTHENTICATE) 533 sppp_chap_input(sp, m); 534 m_freem (m); 535 return; 536 #ifdef INET 537 case PPP_IPCP: 538 if (sp->pp_phase == PHASE_NETWORK) 539 sppp_cp_input(&ipcp, sp, m); 540 m_freem (m); 541 return; 542 case PPP_IP: 543 if (sp->state[IDX_IPCP] == STATE_OPENED) { 544 schednetisr (NETISR_IP); 545 inq = &ipintrq; 546 } 547 break; 548 #endif 549 #ifdef INET6 550 case PPP_IPV6CP: 551 if (sp->pp_phase == PHASE_NETWORK) 552 sppp_cp_input(&ipv6cp, sp, m); 553 m_freem (m); 554 return; 555 556 case PPP_IPV6: 557 if (sp->state[IDX_IPV6CP] == STATE_OPENED) { 558 schednetisr (NETISR_IPV6); 559 inq = &ip6intrq; 560 } 561 break; 562 #endif 563 #ifdef IPX 564 case PPP_IPX: 565 /* IPX IPXCP not implemented yet */ 566 if (sp->pp_phase == PHASE_NETWORK) { 567 schednetisr (NETISR_IPX); 568 inq = &ipxintrq; 569 } 570 break; 571 #endif 572 #ifdef NS 573 case PPP_XNS: 574 /* XNS IDPCP not implemented yet */ 575 if (sp->pp_phase == PHASE_NETWORK) { 576 schednetisr (NETISR_NS); 577 inq = &nsintrq; 578 } 579 break; 580 #endif 581 #ifdef ISO 582 case PPP_ISO: 583 /* OSI NLCP not implemented yet */ 584 if (sp->pp_phase == PHASE_NETWORK) { 585 schednetisr (NETISR_ISO); 586 inq = &clnlintrq; 587 } 588 break; 589 #endif 590 } 591 break; 592 case CISCO_MULTICAST: 593 case CISCO_UNICAST: 594 /* Don't check the control field here (RFC 1547). */ 595 if (! (sp->pp_flags & PP_CISCO)) { 596 if (debug) 597 log(LOG_DEBUG, 598 SPP_FMT "Cisco packet in PPP mode " 599 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 600 SPP_ARGS(ifp), 601 h->address, h->control, ntohs(h->protocol)); 602 goto drop; 603 } 604 switch (ntohs (h->protocol)) { 605 default: 606 ++ifp->if_noproto; 607 goto invalid; 608 case CISCO_KEEPALIVE: 609 sppp_cisco_input ((struct sppp*) ifp, m); 610 m_freem (m); 611 return; 612 #ifdef INET 613 case ETHERTYPE_IP: 614 schednetisr (NETISR_IP); 615 inq = &ipintrq; 616 break; 617 #endif 618 #ifdef INET6 619 case ETHERTYPE_IPV6: 620 schednetisr (NETISR_IPV6); 621 inq = &ip6intrq; 622 break; 623 #endif 624 #ifdef IPX 625 case ETHERTYPE_IPX: 626 schednetisr (NETISR_IPX); 627 inq = &ipxintrq; 628 break; 629 #endif 630 #ifdef NS 631 case ETHERTYPE_NS: 632 schednetisr (NETISR_NS); 633 inq = &nsintrq; 634 break; 635 #endif 636 } 637 break; 638 default: /* Invalid PPP packet. */ 639 invalid: 640 if (debug) 641 log(LOG_DEBUG, 642 SPP_FMT "invalid input packet " 643 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 644 SPP_ARGS(ifp), 645 h->address, h->control, ntohs(h->protocol)); 646 goto drop; 647 } 648 649 if (! (ifp->if_flags & IFF_UP) || ! inq) 650 goto drop; 651 652 /* Check queue. */ 653 s = splimp(); 654 if (IF_QFULL (inq)) { 655 /* Queue overflow. */ 656 IF_DROP(inq); 657 splx(s); 658 if (debug) 659 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 660 SPP_ARGS(ifp)); 661 goto drop; 662 } 663 IF_ENQUEUE(inq, m); 664 splx(s); 665 } 666 667 /* 668 * Enqueue transmit packet. 669 */ 670 static int 671 sppp_output(struct ifnet *ifp, struct mbuf *m, 672 struct sockaddr *dst, struct rtentry *rt) 673 { 674 struct sppp *sp = (struct sppp*) ifp; 675 struct ppp_header *h; 676 struct ifqueue *ifq = NULL; /* XXX */ 677 int s, len, rv = 0; 678 ALTQ_DECL(struct altq_pktattr pktattr;) 679 680 s = splimp(); 681 682 if ((ifp->if_flags & IFF_UP) == 0 || 683 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 684 m_freem (m); 685 splx (s); 686 return (ENETDOWN); 687 } 688 689 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 690 /* 691 * Interface is not yet running, but auto-dial. Need 692 * to start LCP for it. 693 */ 694 ifp->if_flags |= IFF_RUNNING; 695 splx(s); 696 lcp.Open(sp); 697 s = splimp(); 698 } 699 700 /* 701 * If the queueing discipline needs packet classification, 702 * do it before prepending link headers. 703 */ 704 IFQ_CLASSIFY(&ifp->if_snd, m, dst->sa_family, &pktattr); 705 706 #ifdef INET 707 if (dst->sa_family == AF_INET) 708 { 709 /* Check mbuf length here??? */ 710 struct ip *ip = mtod (m, struct ip*); 711 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 712 713 /* 714 * When using dynamic local IP address assignment by using 715 * 0.0.0.0 as a local address, the first TCP session will 716 * not connect because the local TCP checksum is computed 717 * using 0.0.0.0 which will later become our real IP address 718 * so the TCP checksum computed at the remote end will 719 * become invalid. So we 720 * - don't let packets with src ip addr 0 thru 721 * - we flag TCP packets with src ip 0 as an error 722 */ 723 724 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 725 { 726 m_freem(m); 727 splx(s); 728 if(ip->ip_p == IPPROTO_TCP) 729 return(EADDRNOTAVAIL); 730 else 731 return(0); 732 } 733 734 /* 735 * Put low delay, telnet, rlogin and ftp control packets 736 * in front of the queue. 737 */ 738 739 if (! IF_QFULL (&sp->pp_fastq) && 740 ((ip->ip_tos & IPTOS_LOWDELAY) || 741 ((ip->ip_p == IPPROTO_TCP && 742 m->m_len >= sizeof (struct ip) + sizeof (struct tcphdr) && 743 (INTERACTIVE (ntohs (tcp->th_sport)))) || 744 INTERACTIVE (ntohs (tcp->th_dport))))) 745 ifq = &sp->pp_fastq; 746 } 747 #endif 748 749 #ifdef INET6 750 if (dst->sa_family == AF_INET6) { 751 /* XXX do something tricky here? */ 752 } 753 #endif 754 755 /* 756 * Prepend general data packet PPP header. For now, IP only. 757 */ 758 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 759 if (! m) { 760 if (ifp->if_flags & IFF_DEBUG) 761 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 762 SPP_ARGS(ifp)); 763 ++ifp->if_oerrors; 764 splx (s); 765 return (ENOBUFS); 766 } 767 /* 768 * May want to check size of packet 769 * (albeit due to the implementation it's always enough) 770 */ 771 h = mtod (m, struct ppp_header*); 772 if (sp->pp_flags & PP_CISCO) { 773 h->address = CISCO_UNICAST; /* unicast address */ 774 h->control = 0; 775 } else { 776 h->address = PPP_ALLSTATIONS; /* broadcast address */ 777 h->control = PPP_UI; /* Unnumbered Info */ 778 } 779 780 switch (dst->sa_family) { 781 #ifdef INET 782 case AF_INET: /* Internet Protocol */ 783 if (sp->pp_flags & PP_CISCO) 784 h->protocol = htons (ETHERTYPE_IP); 785 else { 786 /* 787 * Don't choke with an ENETDOWN early. It's 788 * possible that we just started dialing out, 789 * so don't drop the packet immediately. If 790 * we notice that we run out of buffer space 791 * below, we will however remember that we are 792 * not ready to carry IP packets, and return 793 * ENETDOWN, as opposed to ENOBUFS. 794 */ 795 h->protocol = htons(PPP_IP); 796 if (sp->state[IDX_IPCP] != STATE_OPENED) 797 rv = ENETDOWN; 798 } 799 break; 800 #endif 801 #ifdef INET6 802 case AF_INET6: /* Internet Protocol version 6 */ 803 if (sp->pp_flags & PP_CISCO) 804 h->protocol = htons (ETHERTYPE_IPV6); 805 else { 806 /* 807 * Don't choke with an ENETDOWN early. It's 808 * possible that we just started dialing out, 809 * so don't drop the packet immediately. If 810 * we notice that we run out of buffer space 811 * below, we will however remember that we are 812 * not ready to carry IP packets, and return 813 * ENETDOWN, as opposed to ENOBUFS. 814 */ 815 h->protocol = htons(PPP_IPV6); 816 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 817 rv = ENETDOWN; 818 } 819 break; 820 #endif 821 #ifdef NS 822 case AF_NS: /* Xerox NS Protocol */ 823 h->protocol = htons ((sp->pp_flags & PP_CISCO) ? 824 ETHERTYPE_NS : PPP_XNS); 825 break; 826 #endif 827 #ifdef IPX 828 case AF_IPX: /* Novell IPX Protocol */ 829 h->protocol = htons ((sp->pp_flags & PP_CISCO) ? 830 ETHERTYPE_IPX : PPP_IPX); 831 break; 832 #endif 833 #ifdef ISO 834 case AF_ISO: /* ISO OSI Protocol */ 835 if (sp->pp_flags & PP_CISCO) 836 goto nosupport; 837 h->protocol = htons (PPP_ISO); 838 break; 839 nosupport: 840 #endif 841 default: 842 m_freem (m); 843 ++ifp->if_oerrors; 844 splx (s); 845 return (EAFNOSUPPORT); 846 } 847 848 /* 849 * Queue message on interface, and start output if interface 850 * not yet active. 851 */ 852 len = m->m_pkthdr.len; 853 if (ifq != NULL 854 #ifdef ALTQ 855 && ALTQ_IS_ENABLED(&ifp->if_snd) == 0 856 #endif 857 ) { 858 if (IF_QFULL (ifq)) { 859 IF_DROP (&ifp->if_snd); 860 m_freem (m); 861 if (rv == 0) 862 rv = ENOBUFS; 863 } 864 IF_ENQUEUE(ifq, m); 865 } else 866 IFQ_ENQUEUE(&ifp->if_snd, m, &pktattr, rv); 867 if (rv != 0) { 868 ++ifp->if_oerrors; 869 splx(s); 870 return (rv); 871 } 872 873 if (! (ifp->if_flags & IFF_OACTIVE)) 874 (*ifp->if_start) (ifp); 875 876 /* 877 * Count output packets and bytes. 878 * The packet length includes header, FCS and 1 flag, 879 * according to RFC 1333. 880 */ 881 ifp->if_obytes += len + 3; 882 splx (s); 883 return (0); 884 } 885 886 void 887 sppp_attach(struct ifnet *ifp) 888 { 889 struct sppp *sp = (struct sppp*) ifp; 890 891 /* Initialize keepalive handler. */ 892 if (! spppq) { 893 #if defined(__NetBSD__) 894 callout_init(&keepalive_ch); 895 callout_reset(&keepalive_ch, hz * 10, sppp_keepalive, NULL); 896 #else 897 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 898 keepalive_ch = 899 #endif 900 timeout(sppp_keepalive, 0, hz * 10); 901 #endif /* __NetBSD__ */ 902 } 903 904 /* Insert new entry into the keepalive list. */ 905 sp->pp_next = spppq; 906 spppq = sp; 907 908 sp->pp_if.if_type = IFT_PPP; 909 sp->pp_if.if_output = sppp_output; 910 sp->pp_fastq.ifq_maxlen = 32; 911 sp->pp_cpq.ifq_maxlen = 20; 912 sp->pp_loopcnt = 0; 913 sp->pp_alivecnt = 0; 914 bzero(&sp->pp_seq[0], sizeof(sp->pp_seq)); 915 bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq)); 916 sp->pp_phase = PHASE_DEAD; 917 sp->pp_up = lcp.Up; 918 sp->pp_down = lcp.Down; 919 920 sppp_lcp_init(sp); 921 sppp_ipcp_init(sp); 922 sppp_ipv6cp_init(sp); 923 sppp_pap_init(sp); 924 sppp_chap_init(sp); 925 } 926 927 void 928 sppp_detach(struct ifnet *ifp) 929 { 930 struct sppp **q, *p, *sp = (struct sppp*) ifp; 931 int i; 932 933 /* Remove the entry from the keepalive list. */ 934 for (q = &spppq; (p = *q); q = &p->pp_next) 935 if (p == sp) { 936 *q = p->pp_next; 937 break; 938 } 939 940 /* Stop keepalive handler. */ 941 if (! spppq) { 942 #if defined(__NetBSD__) 943 callout_stop(&keepalive_ch); 944 #else 945 untimeout(sppp_keepalive, 0 946 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 947 ,keepalive_ch 948 #endif 949 ); 950 #endif /* __NetBSD__ */ 951 } 952 953 for (i = 0; i < IDX_COUNT; i++) { 954 #if defined(__NetBSD__) 955 callout_stop(&sp->ch[i]); 956 #else 957 untimeout((cps[i])->TO, (void *)sp 958 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 959 , sp->ch[i] 960 #endif 961 ); 962 #endif /* __NetBSD__ */ 963 } 964 #if defined(__NetBSD__) 965 callout_stop(&sp->pap_my_to_ch); 966 #else 967 untimeout(sppp_pap_my_TO, (void *)sp 968 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 969 , sp->pap_my_to_ch 970 #endif 971 ); 972 #endif /* __NetBSD__ */ 973 } 974 975 /* 976 * Flush the interface output queue. 977 */ 978 void 979 sppp_flush(struct ifnet *ifp) 980 { 981 struct sppp *sp = (struct sppp*) ifp; 982 983 IFQ_PURGE (&sp->pp_if.if_snd); 984 IFQ_PURGE (&sp->pp_fastq); 985 IFQ_PURGE (&sp->pp_cpq); 986 } 987 988 /* 989 * Check if the output queue is empty. 990 */ 991 int 992 sppp_isempty(struct ifnet *ifp) 993 { 994 struct sppp *sp = (struct sppp*) ifp; 995 int empty, s; 996 997 s = splimp(); 998 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 999 !sp->pp_if.if_snd.ifq_head; 1000 splx(s); 1001 return (empty); 1002 } 1003 1004 /* 1005 * Get next packet to send. 1006 */ 1007 struct mbuf * 1008 sppp_dequeue(struct ifnet *ifp) 1009 { 1010 struct sppp *sp = (struct sppp*) ifp; 1011 struct mbuf *m; 1012 int s; 1013 1014 s = splimp(); 1015 /* 1016 * Process only the control protocol queue until we have at 1017 * least one NCP open. 1018 * 1019 * Do always serve all three queues in Cisco mode. 1020 */ 1021 IF_DEQUEUE(&sp->pp_cpq, m); 1022 if (m == NULL && 1023 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) { 1024 IF_DEQUEUE(&sp->pp_fastq, m); 1025 if (m == NULL) 1026 IF_DEQUEUE (&sp->pp_if.if_snd, m); 1027 } 1028 splx(s); 1029 return m; 1030 } 1031 1032 /* 1033 * Pick the next packet, do not remove it from the queue. 1034 */ 1035 struct mbuf * 1036 sppp_pick(struct ifnet *ifp) 1037 { 1038 struct sppp *sp = (struct sppp*)ifp; 1039 struct mbuf *m; 1040 int s; 1041 1042 s= splimp (); 1043 1044 m = sp->pp_cpq.ifq_head; 1045 if (m == NULL && 1046 (sp->pp_phase == PHASE_NETWORK || 1047 (sp->pp_flags & PP_CISCO) != 0)) 1048 if ((m = sp->pp_fastq.ifq_head) == NULL) 1049 m = sp->pp_if.if_snd.ifq_head; 1050 splx (s); 1051 return (m); 1052 } 1053 1054 /* 1055 * Process an ioctl request. Called on low priority level. 1056 */ 1057 int 1058 #if defined(__FreeBSD_version) && __FreeBSD_version >= 300003 1059 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) 1060 #else 1061 sppp_ioctl(struct ifnet *ifp, int cmd, void *data) 1062 #endif 1063 { 1064 struct ifreq *ifr = (struct ifreq*) data; 1065 struct sppp *sp = (struct sppp*) ifp; 1066 int s, rv, going_up, going_down, newmode; 1067 1068 s = splimp(); 1069 rv = 0; 1070 switch (cmd) { 1071 case SIOCAIFADDR: 1072 case SIOCSIFDSTADDR: 1073 break; 1074 1075 case SIOCSIFADDR: 1076 if_up(ifp); 1077 /* fall through... */ 1078 1079 case SIOCSIFFLAGS: 1080 going_up = ifp->if_flags & IFF_UP && 1081 (ifp->if_flags & IFF_RUNNING) == 0; 1082 going_down = (ifp->if_flags & IFF_UP) == 0 && 1083 ifp->if_flags & IFF_RUNNING; 1084 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 1085 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 1086 /* sanity */ 1087 newmode = IFF_PASSIVE; 1088 ifp->if_flags &= ~IFF_AUTO; 1089 } 1090 1091 if (going_up || going_down) 1092 lcp.Close(sp); 1093 if (going_up && newmode == 0) { 1094 /* neither auto-dial nor passive */ 1095 ifp->if_flags |= IFF_RUNNING; 1096 if (!(sp->pp_flags & PP_CISCO)) 1097 lcp.Open(sp); 1098 } else if (going_down) { 1099 sppp_flush(ifp); 1100 ifp->if_flags &= ~IFF_RUNNING; 1101 } 1102 1103 break; 1104 1105 #ifdef SIOCSIFMTU 1106 #ifndef ifr_mtu 1107 #define ifr_mtu ifr_metric 1108 #endif 1109 case SIOCSIFMTU: 1110 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1111 return (EINVAL); 1112 ifp->if_mtu = ifr->ifr_mtu; 1113 break; 1114 #endif 1115 #ifdef SLIOCSETMTU 1116 case SLIOCSETMTU: 1117 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1118 return (EINVAL); 1119 ifp->if_mtu = *(short*)data; 1120 break; 1121 #endif 1122 #ifdef SIOCGIFMTU 1123 case SIOCGIFMTU: 1124 ifr->ifr_mtu = ifp->if_mtu; 1125 break; 1126 #endif 1127 #ifdef SLIOCGETMTU 1128 case SLIOCGETMTU: 1129 *(short*)data = ifp->if_mtu; 1130 break; 1131 #endif 1132 case SIOCADDMULTI: 1133 case SIOCDELMULTI: 1134 break; 1135 1136 case SIOCGIFGENERIC: 1137 case SIOCSIFGENERIC: 1138 rv = sppp_params(sp, cmd, data); 1139 break; 1140 1141 default: 1142 rv = ENOTTY; 1143 } 1144 splx(s); 1145 return rv; 1146 } 1147 1148 1149 /* 1151 * Cisco framing implementation. 1152 */ 1153 1154 /* 1155 * Handle incoming Cisco keepalive protocol packets. 1156 */ 1157 static void 1158 sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1159 { 1160 STDDCL; 1161 struct cisco_packet *h; 1162 u_long me, mymask; 1163 1164 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1165 if (debug) 1166 log(LOG_DEBUG, 1167 SPP_FMT "cisco invalid packet length: %d bytes\n", 1168 SPP_ARGS(ifp), m->m_pkthdr.len); 1169 return; 1170 } 1171 h = mtod (m, struct cisco_packet*); 1172 if (debug) 1173 log(LOG_DEBUG, 1174 SPP_FMT "cisco input: %d bytes " 1175 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1176 SPP_ARGS(ifp), m->m_pkthdr.len, 1177 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1178 (u_int)h->time0, (u_int)h->time1); 1179 switch (ntohl (h->type)) { 1180 default: 1181 if (debug) 1182 addlog(SPP_FMT "cisco unknown packet type: 0x%lx\n", 1183 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1184 break; 1185 case CISCO_ADDR_REPLY: 1186 /* Reply on address request, ignore */ 1187 break; 1188 case CISCO_KEEPALIVE_REQ: 1189 sp->pp_alivecnt = 0; 1190 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1191 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1192 /* Local and remote sequence numbers are equal. 1193 * Probably, the line is in loopback mode. */ 1194 if (sp->pp_loopcnt >= MAXALIVECNT) { 1195 printf (SPP_FMT "loopback\n", 1196 SPP_ARGS(ifp)); 1197 sp->pp_loopcnt = 0; 1198 if (ifp->if_flags & IFF_UP) { 1199 if_down (ifp); 1200 IFQ_PURGE (&sp->pp_cpq); 1201 } 1202 } 1203 ++sp->pp_loopcnt; 1204 1205 /* Generate new local sequence number */ 1206 #if defined(__NetBSD__) || (defined(__FreeBSD__) && __FreeBSD__ >= 3) 1207 sp->pp_seq[IDX_LCP] = random(); 1208 #else 1209 sp->pp_seq[IDX_LCP] ^= time.tv_sec ^ time.tv_usec; 1210 #endif 1211 break; 1212 } 1213 sp->pp_loopcnt = 0; 1214 if (! (ifp->if_flags & IFF_UP) && 1215 (ifp->if_flags & IFF_RUNNING)) { 1216 if_up(ifp); 1217 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1218 } 1219 break; 1220 case CISCO_ADDR_REQ: 1221 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1222 if (me != 0L) 1223 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1224 break; 1225 } 1226 } 1227 1228 /* 1229 * Send Cisco keepalive packet. 1230 */ 1231 static void 1232 sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1233 { 1234 STDDCL; 1235 struct ppp_header *h; 1236 struct cisco_packet *ch; 1237 struct mbuf *m; 1238 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1239 struct timeval tv; 1240 #else 1241 u_long t = (time.tv_sec - boottime.tv_sec) * 1000; 1242 #endif 1243 1244 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1245 getmicrouptime(&tv); 1246 #endif 1247 1248 MGETHDR (m, M_DONTWAIT, MT_DATA); 1249 if (! m) 1250 return; 1251 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1252 m->m_pkthdr.rcvif = 0; 1253 1254 h = mtod (m, struct ppp_header*); 1255 h->address = CISCO_MULTICAST; 1256 h->control = 0; 1257 h->protocol = htons (CISCO_KEEPALIVE); 1258 1259 ch = (struct cisco_packet*) (h + 1); 1260 ch->type = htonl (type); 1261 ch->par1 = htonl (par1); 1262 ch->par2 = htonl (par2); 1263 ch->rel = -1; 1264 1265 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1266 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1267 ch->time1 = htons ((u_short) tv.tv_sec); 1268 #else 1269 ch->time0 = htons ((u_short) (t >> 16)); 1270 ch->time1 = htons ((u_short) t); 1271 #endif 1272 1273 if (debug) 1274 log(LOG_DEBUG, 1275 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1276 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1277 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1278 1279 if (IF_QFULL (&sp->pp_cpq)) { 1280 IF_DROP (&sp->pp_fastq); 1281 IF_DROP (&ifp->if_snd); 1282 m_freem (m); 1283 } else 1284 IF_ENQUEUE (&sp->pp_cpq, m); 1285 if (! (ifp->if_flags & IFF_OACTIVE)) 1286 (*ifp->if_start) (ifp); 1287 ifp->if_obytes += m->m_pkthdr.len + 3; 1288 } 1289 1290 /* 1292 * PPP protocol implementation. 1293 */ 1294 1295 /* 1296 * Send PPP control protocol packet. 1297 */ 1298 static void 1299 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1300 u_char ident, u_short len, void *data) 1301 { 1302 STDDCL; 1303 struct ppp_header *h; 1304 struct lcp_header *lh; 1305 struct mbuf *m; 1306 1307 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1308 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1309 MGETHDR (m, M_DONTWAIT, MT_DATA); 1310 if (! m) 1311 return; 1312 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1313 m->m_pkthdr.rcvif = 0; 1314 1315 h = mtod (m, struct ppp_header*); 1316 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1317 h->control = PPP_UI; /* Unnumbered Info */ 1318 h->protocol = htons (proto); /* Link Control Protocol */ 1319 1320 lh = (struct lcp_header*) (h + 1); 1321 lh->type = type; 1322 lh->ident = ident; 1323 lh->len = htons (LCP_HEADER_LEN + len); 1324 if (len) 1325 bcopy (data, lh+1, len); 1326 1327 if (debug) { 1328 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1329 SPP_ARGS(ifp), 1330 sppp_proto_name(proto), 1331 sppp_cp_type_name (lh->type), lh->ident, 1332 ntohs (lh->len)); 1333 if (len) 1334 sppp_print_bytes ((u_char*) (lh+1), len); 1335 addlog(">\n"); 1336 } 1337 if (IF_QFULL (&sp->pp_cpq)) { 1338 IF_DROP (&sp->pp_fastq); 1339 IF_DROP (&ifp->if_snd); 1340 m_freem (m); 1341 ++ifp->if_oerrors; 1342 } else 1343 IF_ENQUEUE (&sp->pp_cpq, m); 1344 if (! (ifp->if_flags & IFF_OACTIVE)) 1345 (*ifp->if_start) (ifp); 1346 ifp->if_obytes += m->m_pkthdr.len + 3; 1347 } 1348 1349 /* 1350 * Handle incoming PPP control protocol packets. 1351 */ 1352 static void 1353 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1354 { 1355 STDDCL; 1356 struct lcp_header *h; 1357 int len = m->m_pkthdr.len; 1358 int rv; 1359 u_char *p; 1360 1361 if (len < 4) { 1362 if (debug) 1363 log(LOG_DEBUG, 1364 SPP_FMT "%s invalid packet length: %d bytes\n", 1365 SPP_ARGS(ifp), cp->name, len); 1366 return; 1367 } 1368 h = mtod (m, struct lcp_header*); 1369 if (debug) { 1370 log(LOG_DEBUG, 1371 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1372 SPP_ARGS(ifp), cp->name, 1373 sppp_state_name(sp->state[cp->protoidx]), 1374 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1375 if (len > 4) 1376 sppp_print_bytes ((u_char*) (h+1), len-4); 1377 addlog(">\n"); 1378 } 1379 if (len > ntohs (h->len)) 1380 len = ntohs (h->len); 1381 p = (u_char *)(h + 1); 1382 switch (h->type) { 1383 case CONF_REQ: 1384 if (len < 4) { 1385 if (debug) 1386 addlog(SPP_FMT "%s invalid conf-req length %d\n", 1387 SPP_ARGS(ifp), cp->name, 1388 len); 1389 ++ifp->if_ierrors; 1390 break; 1391 } 1392 /* handle states where RCR doesn't get a SCA/SCN */ 1393 switch (sp->state[cp->protoidx]) { 1394 case STATE_CLOSING: 1395 case STATE_STOPPING: 1396 return; 1397 case STATE_CLOSED: 1398 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1399 0, 0); 1400 return; 1401 } 1402 rv = (cp->RCR)(sp, h, len); 1403 switch (sp->state[cp->protoidx]) { 1404 case STATE_OPENED: 1405 (cp->tld)(sp); 1406 (cp->scr)(sp); 1407 /* fall through... */ 1408 case STATE_ACK_SENT: 1409 case STATE_REQ_SENT: 1410 sppp_cp_change_state(cp, sp, rv? 1411 STATE_ACK_SENT: STATE_REQ_SENT); 1412 break; 1413 case STATE_STOPPED: 1414 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1415 (cp->scr)(sp); 1416 sppp_cp_change_state(cp, sp, rv? 1417 STATE_ACK_SENT: STATE_REQ_SENT); 1418 break; 1419 case STATE_ACK_RCVD: 1420 if (rv) { 1421 sppp_cp_change_state(cp, sp, STATE_OPENED); 1422 if (debug) 1423 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1424 SPP_ARGS(ifp), 1425 cp->name); 1426 (cp->tlu)(sp); 1427 } else 1428 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1429 break; 1430 default: 1431 printf(SPP_FMT "%s illegal %s in state %s\n", 1432 SPP_ARGS(ifp), cp->name, 1433 sppp_cp_type_name(h->type), 1434 sppp_state_name(sp->state[cp->protoidx])); 1435 ++ifp->if_ierrors; 1436 } 1437 break; 1438 case CONF_ACK: 1439 if (h->ident != sp->confid[cp->protoidx]) { 1440 if (debug) 1441 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1442 SPP_ARGS(ifp), cp->name, 1443 h->ident, sp->confid[cp->protoidx]); 1444 ++ifp->if_ierrors; 1445 break; 1446 } 1447 switch (sp->state[cp->protoidx]) { 1448 case STATE_CLOSED: 1449 case STATE_STOPPED: 1450 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1451 break; 1452 case STATE_CLOSING: 1453 case STATE_STOPPING: 1454 break; 1455 case STATE_REQ_SENT: 1456 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1457 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1458 break; 1459 case STATE_OPENED: 1460 (cp->tld)(sp); 1461 /* fall through */ 1462 case STATE_ACK_RCVD: 1463 (cp->scr)(sp); 1464 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1465 break; 1466 case STATE_ACK_SENT: 1467 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1468 sppp_cp_change_state(cp, sp, STATE_OPENED); 1469 if (debug) 1470 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1471 SPP_ARGS(ifp), cp->name); 1472 (cp->tlu)(sp); 1473 break; 1474 default: 1475 printf(SPP_FMT "%s illegal %s in state %s\n", 1476 SPP_ARGS(ifp), cp->name, 1477 sppp_cp_type_name(h->type), 1478 sppp_state_name(sp->state[cp->protoidx])); 1479 ++ifp->if_ierrors; 1480 } 1481 break; 1482 case CONF_NAK: 1483 case CONF_REJ: 1484 if (h->ident != sp->confid[cp->protoidx]) { 1485 if (debug) 1486 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1487 SPP_ARGS(ifp), cp->name, 1488 h->ident, sp->confid[cp->protoidx]); 1489 ++ifp->if_ierrors; 1490 break; 1491 } 1492 if (h->type == CONF_NAK) 1493 (cp->RCN_nak)(sp, h, len); 1494 else /* CONF_REJ */ 1495 (cp->RCN_rej)(sp, h, len); 1496 1497 switch (sp->state[cp->protoidx]) { 1498 case STATE_CLOSED: 1499 case STATE_STOPPED: 1500 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1501 break; 1502 case STATE_REQ_SENT: 1503 case STATE_ACK_SENT: 1504 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1505 (cp->scr)(sp); 1506 break; 1507 case STATE_OPENED: 1508 (cp->tld)(sp); 1509 /* fall through */ 1510 case STATE_ACK_RCVD: 1511 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1512 (cp->scr)(sp); 1513 break; 1514 case STATE_CLOSING: 1515 case STATE_STOPPING: 1516 break; 1517 default: 1518 printf(SPP_FMT "%s illegal %s in state %s\n", 1519 SPP_ARGS(ifp), cp->name, 1520 sppp_cp_type_name(h->type), 1521 sppp_state_name(sp->state[cp->protoidx])); 1522 ++ifp->if_ierrors; 1523 } 1524 break; 1525 1526 case TERM_REQ: 1527 switch (sp->state[cp->protoidx]) { 1528 case STATE_ACK_RCVD: 1529 case STATE_ACK_SENT: 1530 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1531 /* fall through */ 1532 case STATE_CLOSED: 1533 case STATE_STOPPED: 1534 case STATE_CLOSING: 1535 case STATE_STOPPING: 1536 case STATE_REQ_SENT: 1537 sta: 1538 /* Send Terminate-Ack packet. */ 1539 if (debug) 1540 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1541 SPP_ARGS(ifp), cp->name); 1542 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1543 break; 1544 case STATE_OPENED: 1545 (cp->tld)(sp); 1546 sp->rst_counter[cp->protoidx] = 0; 1547 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1548 goto sta; 1549 break; 1550 default: 1551 printf(SPP_FMT "%s illegal %s in state %s\n", 1552 SPP_ARGS(ifp), cp->name, 1553 sppp_cp_type_name(h->type), 1554 sppp_state_name(sp->state[cp->protoidx])); 1555 ++ifp->if_ierrors; 1556 } 1557 break; 1558 case TERM_ACK: 1559 switch (sp->state[cp->protoidx]) { 1560 case STATE_CLOSED: 1561 case STATE_STOPPED: 1562 case STATE_REQ_SENT: 1563 case STATE_ACK_SENT: 1564 break; 1565 case STATE_CLOSING: 1566 (cp->tlf)(sp); 1567 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1568 break; 1569 case STATE_STOPPING: 1570 (cp->tlf)(sp); 1571 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1572 break; 1573 case STATE_ACK_RCVD: 1574 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1575 break; 1576 case STATE_OPENED: 1577 (cp->tld)(sp); 1578 (cp->scr)(sp); 1579 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1580 break; 1581 default: 1582 printf(SPP_FMT "%s illegal %s in state %s\n", 1583 SPP_ARGS(ifp), cp->name, 1584 sppp_cp_type_name(h->type), 1585 sppp_state_name(sp->state[cp->protoidx])); 1586 ++ifp->if_ierrors; 1587 } 1588 break; 1589 case CODE_REJ: 1590 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1591 log(LOG_INFO, 1592 SPP_FMT "%s: ignoring RXJ (%s) for code ?, " 1593 "danger will robinson\n", 1594 SPP_ARGS(ifp), cp->name, 1595 sppp_cp_type_name(h->type)); 1596 switch (sp->state[cp->protoidx]) { 1597 case STATE_CLOSED: 1598 case STATE_STOPPED: 1599 case STATE_REQ_SENT: 1600 case STATE_ACK_SENT: 1601 case STATE_CLOSING: 1602 case STATE_STOPPING: 1603 case STATE_OPENED: 1604 break; 1605 case STATE_ACK_RCVD: 1606 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1607 break; 1608 default: 1609 printf(SPP_FMT "%s illegal %s in state %s\n", 1610 SPP_ARGS(ifp), cp->name, 1611 sppp_cp_type_name(h->type), 1612 sppp_state_name(sp->state[cp->protoidx])); 1613 ++ifp->if_ierrors; 1614 } 1615 break; 1616 case PROTO_REJ: 1617 { 1618 int catastrophic; 1619 const struct cp *upper; 1620 int i; 1621 u_int16_t proto; 1622 1623 catastrophic = 0; 1624 upper = NULL; 1625 proto = ntohs(*((u_int16_t *)p)); 1626 for (i = 0; i < IDX_COUNT; i++) { 1627 if (cps[i]->proto == proto) { 1628 upper = cps[i]; 1629 break; 1630 } 1631 } 1632 if (upper == NULL) 1633 catastrophic++; 1634 1635 log(LOG_INFO, 1636 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1637 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1638 sppp_cp_type_name(h->type), proto, 1639 upper ? upper->name : "unknown", 1640 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1641 1642 /* 1643 * if we got RXJ+ against conf-req, the peer does not implement 1644 * this particular protocol type. terminate the protocol. 1645 */ 1646 if (upper && !catastrophic) { 1647 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1648 upper->Close(sp); 1649 break; 1650 } 1651 } 1652 1653 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1654 switch (sp->state[cp->protoidx]) { 1655 case STATE_CLOSED: 1656 case STATE_STOPPED: 1657 case STATE_REQ_SENT: 1658 case STATE_ACK_SENT: 1659 case STATE_CLOSING: 1660 case STATE_STOPPING: 1661 case STATE_OPENED: 1662 break; 1663 case STATE_ACK_RCVD: 1664 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1665 break; 1666 default: 1667 printf(SPP_FMT "%s illegal %s in state %s\n", 1668 SPP_ARGS(ifp), cp->name, 1669 sppp_cp_type_name(h->type), 1670 sppp_state_name(sp->state[cp->protoidx])); 1671 ++ifp->if_ierrors; 1672 } 1673 break; 1674 } 1675 case DISC_REQ: 1676 if (cp->proto != PPP_LCP) 1677 goto illegal; 1678 /* Discard the packet. */ 1679 break; 1680 case ECHO_REQ: 1681 if (cp->proto != PPP_LCP) 1682 goto illegal; 1683 if (sp->state[cp->protoidx] != STATE_OPENED) { 1684 if (debug) 1685 addlog(SPP_FMT "lcp echo req but lcp closed\n", 1686 SPP_ARGS(ifp)); 1687 ++ifp->if_ierrors; 1688 break; 1689 } 1690 if (len < 8) { 1691 if (debug) 1692 addlog(SPP_FMT "invalid lcp echo request " 1693 "packet length: %d bytes\n", 1694 SPP_ARGS(ifp), len); 1695 break; 1696 } 1697 if (ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1698 /* Line loopback mode detected. */ 1699 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1700 if_down (ifp); 1701 IFQ_PURGE (&sp->pp_cpq); 1702 1703 /* Shut down the PPP link. */ 1704 /* XXX */ 1705 lcp.Down(sp); 1706 lcp.Up(sp); 1707 break; 1708 } 1709 *(long*)(h+1) = htonl (sp->lcp.magic); 1710 if (debug) 1711 addlog(SPP_FMT "got lcp echo req, sending echo rep\n", 1712 SPP_ARGS(ifp)); 1713 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1714 break; 1715 case ECHO_REPLY: 1716 if (cp->proto != PPP_LCP) 1717 goto illegal; 1718 if (h->ident != sp->lcp.echoid) { 1719 ++ifp->if_ierrors; 1720 break; 1721 } 1722 if (len < 8) { 1723 if (debug) 1724 addlog(SPP_FMT "lcp invalid echo reply " 1725 "packet length: %d bytes\n", 1726 SPP_ARGS(ifp), len); 1727 break; 1728 } 1729 if (debug) 1730 addlog(SPP_FMT "lcp got echo rep\n", 1731 SPP_ARGS(ifp)); 1732 if (ntohl (*(long*)(h+1)) != sp->lcp.magic) 1733 sp->pp_alivecnt = 0; 1734 break; 1735 default: 1736 /* Unknown packet type -- send Code-Reject packet. */ 1737 illegal: 1738 if (debug) 1739 addlog(SPP_FMT "%s send code-rej for 0x%x\n", 1740 SPP_ARGS(ifp), cp->name, h->type); 1741 sppp_cp_send(sp, cp->proto, CODE_REJ, 1742 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1743 ++ifp->if_ierrors; 1744 } 1745 } 1746 1747 1748 /* 1749 * The generic part of all Up/Down/Open/Close/TO event handlers. 1750 * Basically, the state transition handling in the automaton. 1751 */ 1752 static void 1753 sppp_up_event(const struct cp *cp, struct sppp *sp) 1754 { 1755 STDDCL; 1756 1757 if (debug) 1758 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1759 SPP_ARGS(ifp), cp->name, 1760 sppp_state_name(sp->state[cp->protoidx])); 1761 1762 switch (sp->state[cp->protoidx]) { 1763 case STATE_INITIAL: 1764 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1765 break; 1766 case STATE_STARTING: 1767 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1768 (cp->scr)(sp); 1769 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1770 break; 1771 default: 1772 printf(SPP_FMT "%s illegal up in state %s\n", 1773 SPP_ARGS(ifp), cp->name, 1774 sppp_state_name(sp->state[cp->protoidx])); 1775 } 1776 } 1777 1778 static void 1779 sppp_down_event(const struct cp *cp, struct sppp *sp) 1780 { 1781 STDDCL; 1782 1783 if (debug) 1784 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1785 SPP_ARGS(ifp), cp->name, 1786 sppp_state_name(sp->state[cp->protoidx])); 1787 1788 switch (sp->state[cp->protoidx]) { 1789 case STATE_CLOSED: 1790 case STATE_CLOSING: 1791 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1792 break; 1793 case STATE_STOPPED: 1794 (cp->tls)(sp); 1795 /* fall through */ 1796 case STATE_STOPPING: 1797 case STATE_REQ_SENT: 1798 case STATE_ACK_RCVD: 1799 case STATE_ACK_SENT: 1800 sppp_cp_change_state(cp, sp, STATE_STARTING); 1801 break; 1802 case STATE_OPENED: 1803 (cp->tld)(sp); 1804 sppp_cp_change_state(cp, sp, STATE_STARTING); 1805 break; 1806 default: 1807 printf(SPP_FMT "%s illegal down in state %s\n", 1808 SPP_ARGS(ifp), cp->name, 1809 sppp_state_name(sp->state[cp->protoidx])); 1810 } 1811 } 1812 1813 1814 static void 1815 sppp_open_event(const struct cp *cp, struct sppp *sp) 1816 { 1817 STDDCL; 1818 1819 if (debug) 1820 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1821 SPP_ARGS(ifp), cp->name, 1822 sppp_state_name(sp->state[cp->protoidx])); 1823 1824 switch (sp->state[cp->protoidx]) { 1825 case STATE_INITIAL: 1826 (cp->tls)(sp); 1827 sppp_cp_change_state(cp, sp, STATE_STARTING); 1828 break; 1829 case STATE_STARTING: 1830 break; 1831 case STATE_CLOSED: 1832 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1833 (cp->scr)(sp); 1834 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1835 break; 1836 case STATE_STOPPED: 1837 case STATE_STOPPING: 1838 case STATE_REQ_SENT: 1839 case STATE_ACK_RCVD: 1840 case STATE_ACK_SENT: 1841 case STATE_OPENED: 1842 break; 1843 case STATE_CLOSING: 1844 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1845 break; 1846 } 1847 } 1848 1849 1850 static void 1851 sppp_close_event(const struct cp *cp, struct sppp *sp) 1852 { 1853 STDDCL; 1854 1855 if (debug) 1856 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1857 SPP_ARGS(ifp), cp->name, 1858 sppp_state_name(sp->state[cp->protoidx])); 1859 1860 switch (sp->state[cp->protoidx]) { 1861 case STATE_INITIAL: 1862 case STATE_CLOSED: 1863 case STATE_CLOSING: 1864 break; 1865 case STATE_STARTING: 1866 (cp->tlf)(sp); 1867 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1868 break; 1869 case STATE_STOPPED: 1870 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1871 break; 1872 case STATE_STOPPING: 1873 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1874 break; 1875 case STATE_OPENED: 1876 (cp->tld)(sp); 1877 /* fall through */ 1878 case STATE_REQ_SENT: 1879 case STATE_ACK_RCVD: 1880 case STATE_ACK_SENT: 1881 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1882 sppp_cp_send(sp, cp->proto, TERM_REQ, 1883 ++sp->pp_seq[cp->protoidx], 0, 0); 1884 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1885 break; 1886 } 1887 } 1888 1889 static void 1890 sppp_to_event(const struct cp *cp, struct sppp *sp) 1891 { 1892 STDDCL; 1893 int s; 1894 1895 s = splimp(); 1896 if (debug) 1897 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 1898 SPP_ARGS(ifp), cp->name, 1899 sppp_state_name(sp->state[cp->protoidx]), 1900 sp->rst_counter[cp->protoidx]); 1901 1902 if (--sp->rst_counter[cp->protoidx] < 0) 1903 /* TO- event */ 1904 switch (sp->state[cp->protoidx]) { 1905 case STATE_CLOSING: 1906 (cp->tlf)(sp); 1907 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1908 break; 1909 case STATE_STOPPING: 1910 (cp->tlf)(sp); 1911 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1912 break; 1913 case STATE_REQ_SENT: 1914 case STATE_ACK_RCVD: 1915 case STATE_ACK_SENT: 1916 (cp->tlf)(sp); 1917 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1918 break; 1919 } 1920 else 1921 /* TO+ event */ 1922 switch (sp->state[cp->protoidx]) { 1923 case STATE_CLOSING: 1924 case STATE_STOPPING: 1925 sppp_cp_send(sp, cp->proto, TERM_REQ, 1926 ++sp->pp_seq[cp->protoidx], 0, 0); 1927 #if defined(__NetBSD__) 1928 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1929 cp->TO, sp); 1930 #else 1931 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1932 sp->ch[cp->protoidx] = 1933 #endif 1934 timeout(cp->TO, (void *)sp, sp->lcp.timeout); 1935 #endif /* __NetBSD__ */ 1936 break; 1937 case STATE_REQ_SENT: 1938 case STATE_ACK_RCVD: 1939 (cp->scr)(sp); 1940 /* sppp_cp_change_state() will restart the timer */ 1941 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1942 break; 1943 case STATE_ACK_SENT: 1944 (cp->scr)(sp); 1945 #if defined(__NetBSD__) 1946 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1947 cp->TO, sp); 1948 #else 1949 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1950 sp->ch[cp->protoidx] = 1951 #endif 1952 timeout(cp->TO, (void *)sp, sp->lcp.timeout); 1953 #endif /* __NetBSD__ */ 1954 break; 1955 } 1956 1957 splx(s); 1958 } 1959 1960 /* 1961 * Change the state of a control protocol in the state automaton. 1962 * Takes care of starting/stopping the restart timer. 1963 */ 1964 void 1965 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1966 { 1967 sp->state[cp->protoidx] = newstate; 1968 1969 #if defined(__NetBSD__) 1970 callout_stop(&sp->ch[cp->protoidx]); 1971 #else 1972 untimeout(cp->TO, (void *)sp 1973 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1974 , sp->ch[cp->protoidx] 1975 #endif 1976 ); 1977 #endif /* __NetBSD__ */ 1978 switch (newstate) { 1979 case STATE_INITIAL: 1980 case STATE_STARTING: 1981 case STATE_CLOSED: 1982 case STATE_STOPPED: 1983 case STATE_OPENED: 1984 break; 1985 case STATE_CLOSING: 1986 case STATE_STOPPING: 1987 case STATE_REQ_SENT: 1988 case STATE_ACK_RCVD: 1989 case STATE_ACK_SENT: 1990 #if defined(__NetBSD__) 1991 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1992 cp->TO, sp); 1993 #else 1994 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1995 sp->ch[cp->protoidx] = 1996 #endif 1997 timeout(cp->TO, (void *)sp, sp->lcp.timeout); 1998 #endif /* __NetBSD__ */ 1999 break; 2000 } 2001 } 2002 /* 2004 *--------------------------------------------------------------------------* 2005 * * 2006 * The LCP implementation. * 2007 * * 2008 *--------------------------------------------------------------------------* 2009 */ 2010 static void 2011 sppp_lcp_init(struct sppp *sp) 2012 { 2013 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2014 sp->lcp.magic = 0; 2015 sp->state[IDX_LCP] = STATE_INITIAL; 2016 sp->fail_counter[IDX_LCP] = 0; 2017 sp->pp_seq[IDX_LCP] = 0; 2018 sp->pp_rseq[IDX_LCP] = 0; 2019 sp->lcp.protos = 0; 2020 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2021 2022 /* 2023 * Initialize counters and timeout values. Note that we don't 2024 * use the 3 seconds suggested in RFC 1661 since we are likely 2025 * running on a fast link. XXX We should probably implement 2026 * the exponential backoff option. Note that these values are 2027 * relevant for all control protocols, not just LCP only. 2028 */ 2029 sp->lcp.timeout = 1 * hz; 2030 sp->lcp.max_terminate = 2; 2031 sp->lcp.max_configure = 10; 2032 sp->lcp.max_failure = 10; 2033 #if defined(__NetBSD__) 2034 callout_init(&sp->ch[IDX_LCP]); 2035 #endif 2036 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 2037 callout_handle_init(&sp->ch[IDX_LCP]); 2038 #endif 2039 } 2040 2041 static void 2042 sppp_lcp_up(struct sppp *sp) 2043 { 2044 STDDCL; 2045 2046 /* 2047 * If this interface is passive or dial-on-demand, and we are 2048 * still in Initial state, it means we've got an incoming 2049 * call. Activate the interface. 2050 */ 2051 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2052 if (debug) 2053 log(LOG_DEBUG, 2054 SPP_FMT "Up event", SPP_ARGS(ifp)); 2055 ifp->if_flags |= IFF_RUNNING; 2056 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2057 if (debug) 2058 addlog("(incoming call)\n"); 2059 sp->pp_flags |= PP_CALLIN; 2060 lcp.Open(sp); 2061 } else if (debug) 2062 addlog("\n"); 2063 } 2064 2065 sppp_up_event(&lcp, sp); 2066 } 2067 2068 static void 2069 sppp_lcp_down(struct sppp *sp) 2070 { 2071 STDDCL; 2072 2073 sppp_down_event(&lcp, sp); 2074 2075 /* 2076 * If this is neither a dial-on-demand nor a passive 2077 * interface, simulate an ``ifconfig down'' action, so the 2078 * administrator can force a redial by another ``ifconfig 2079 * up''. XXX For leased line operation, should we immediately 2080 * try to reopen the connection here? 2081 */ 2082 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2083 log(LOG_INFO, 2084 SPP_FMT "Down event (carrier loss), taking interface down.\n", 2085 SPP_ARGS(ifp)); 2086 if_down(ifp); 2087 } else { 2088 if (debug) 2089 log(LOG_DEBUG, 2090 SPP_FMT "Down event (carrier loss)\n", 2091 SPP_ARGS(ifp)); 2092 } 2093 sp->pp_flags &= ~PP_CALLIN; 2094 if (sp->state[IDX_LCP] != STATE_INITIAL) 2095 lcp.Close(sp); 2096 ifp->if_flags &= ~IFF_RUNNING; 2097 } 2098 2099 static void 2100 sppp_lcp_open(struct sppp *sp) 2101 { 2102 /* 2103 * If we are authenticator, negotiate LCP_AUTH 2104 */ 2105 if (sp->hisauth.proto != 0) 2106 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2107 else 2108 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2109 sp->pp_flags &= ~PP_NEEDAUTH; 2110 sppp_open_event(&lcp, sp); 2111 } 2112 2113 static void 2114 sppp_lcp_close(struct sppp *sp) 2115 { 2116 sppp_close_event(&lcp, sp); 2117 } 2118 2119 static void 2120 sppp_lcp_TO(void *cookie) 2121 { 2122 sppp_to_event(&lcp, (struct sppp *)cookie); 2123 } 2124 2125 /* 2126 * Analyze a configure request. Return true if it was agreeable, and 2127 * caused action sca, false if it has been rejected or nak'ed, and 2128 * caused action scn. (The return value is used to make the state 2129 * transition decision in the state automaton.) 2130 */ 2131 static int 2132 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2133 { 2134 STDDCL; 2135 u_char *buf, *r, *p; 2136 int origlen, rlen; 2137 u_long nmagic; 2138 u_short authproto; 2139 2140 len -= 4; 2141 origlen = len; 2142 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2143 if (! buf) 2144 return (0); 2145 2146 if (debug) 2147 log(LOG_DEBUG, SPP_FMT "lcp parse opts:", 2148 SPP_ARGS(ifp)); 2149 2150 /* pass 1: check for things that need to be rejected */ 2151 p = (void*) (h+1); 2152 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2153 if (debug) 2154 addlog(" %s", sppp_lcp_opt_name(*p)); 2155 switch (*p) { 2156 case LCP_OPT_MAGIC: 2157 /* Magic number. */ 2158 /* fall through, both are same length */ 2159 case LCP_OPT_ASYNC_MAP: 2160 /* Async control character map. */ 2161 if (len >= 6 || p[1] == 6) 2162 continue; 2163 if (debug) 2164 addlog(" [invalid]"); 2165 break; 2166 case LCP_OPT_MRU: 2167 /* Maximum receive unit. */ 2168 if (len >= 4 && p[1] == 4) 2169 continue; 2170 if (debug) 2171 addlog(" [invalid]"); 2172 break; 2173 case LCP_OPT_AUTH_PROTO: 2174 if (len < 4) { 2175 if (debug) 2176 addlog(" [invalid]"); 2177 break; 2178 } 2179 authproto = (p[2] << 8) + p[3]; 2180 if (authproto == PPP_CHAP && p[1] != 5) { 2181 if (debug) 2182 addlog(" [invalid chap len]"); 2183 break; 2184 } 2185 if (sp->myauth.proto == 0) { 2186 /* we are not configured to do auth */ 2187 if (debug) 2188 addlog(" [not configured]"); 2189 break; 2190 } 2191 /* 2192 * Remote want us to authenticate, remember this, 2193 * so we stay in PHASE_AUTHENTICATE after LCP got 2194 * up. 2195 */ 2196 sp->pp_flags |= PP_NEEDAUTH; 2197 continue; 2198 default: 2199 /* Others not supported. */ 2200 if (debug) 2201 addlog(" [rej]"); 2202 break; 2203 } 2204 /* Add the option to rejected list. */ 2205 bcopy (p, r, p[1]); 2206 r += p[1]; 2207 rlen += p[1]; 2208 } 2209 if (rlen) { 2210 if (debug) 2211 addlog(" send conf-rej\n"); 2212 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2213 goto end; 2214 } else if (debug) 2215 addlog("\n"); 2216 2217 /* 2218 * pass 2: check for option values that are unacceptable and 2219 * thus require to be nak'ed. 2220 */ 2221 if (debug) 2222 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2223 SPP_ARGS(ifp)); 2224 2225 p = (void*) (h+1); 2226 len = origlen; 2227 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2228 if (debug) 2229 addlog(" %s", sppp_lcp_opt_name(*p)); 2230 switch (*p) { 2231 case LCP_OPT_MAGIC: 2232 /* Magic number -- extract. */ 2233 nmagic = (u_long)p[2] << 24 | 2234 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2235 if (nmagic != sp->lcp.magic) { 2236 if (debug) 2237 addlog(" 0x%lx", nmagic); 2238 continue; 2239 } 2240 /* 2241 * Local and remote magics equal -- loopback? 2242 */ 2243 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2244 printf (SPP_FMT "loopback\n", 2245 SPP_ARGS(ifp)); 2246 sp->pp_loopcnt = 0; 2247 if (ifp->if_flags & IFF_UP) { 2248 if_down(ifp); 2249 IFQ_PURGE(&sp->pp_cpq); 2250 /* XXX ? */ 2251 lcp.Down(sp); 2252 lcp.Up(sp); 2253 } 2254 } else if (debug) 2255 addlog(" [glitch]"); 2256 ++sp->pp_loopcnt; 2257 /* 2258 * We negate our magic here, and NAK it. If 2259 * we see it later in an NAK packet, we 2260 * suggest a new one. 2261 */ 2262 nmagic = ~sp->lcp.magic; 2263 /* Gonna NAK it. */ 2264 p[2] = nmagic >> 24; 2265 p[3] = nmagic >> 16; 2266 p[4] = nmagic >> 8; 2267 p[5] = nmagic; 2268 break; 2269 2270 case LCP_OPT_ASYNC_MAP: 2271 /* Async control character map -- check to be zero. */ 2272 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) { 2273 if (debug) 2274 addlog(" [empty]"); 2275 continue; 2276 } 2277 if (debug) 2278 addlog(" [non-empty]"); 2279 /* suggest a zero one */ 2280 p[2] = p[3] = p[4] = p[5] = 0; 2281 break; 2282 2283 case LCP_OPT_MRU: 2284 /* 2285 * Maximum receive unit. Always agreeable, 2286 * but ignored by now. 2287 */ 2288 sp->lcp.their_mru = p[2] * 256 + p[3]; 2289 if (debug) 2290 addlog(" %ld", sp->lcp.their_mru); 2291 continue; 2292 2293 case LCP_OPT_AUTH_PROTO: 2294 authproto = (p[2] << 8) + p[3]; 2295 if (sp->myauth.proto != authproto) { 2296 /* not agreed, nak */ 2297 if (debug) 2298 addlog(" [mine %s != his %s]", 2299 sppp_proto_name(sp->hisauth.proto), 2300 sppp_proto_name(authproto)); 2301 p[2] = sp->myauth.proto >> 8; 2302 p[3] = sp->myauth.proto; 2303 break; 2304 } 2305 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2306 if (debug) 2307 addlog(" [chap not MD5]"); 2308 p[4] = CHAP_MD5; 2309 break; 2310 } 2311 continue; 2312 } 2313 /* Add the option to nak'ed list. */ 2314 bcopy (p, r, p[1]); 2315 r += p[1]; 2316 rlen += p[1]; 2317 } 2318 if (rlen) { 2319 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2320 if (debug) 2321 addlog(" max_failure (%d) exceeded, " 2322 "send conf-rej\n", 2323 sp->lcp.max_failure); 2324 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2325 } else { 2326 if (debug) 2327 addlog(" send conf-nak\n"); 2328 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2329 } 2330 goto end; 2331 } else { 2332 if (debug) 2333 addlog(" send conf-ack\n"); 2334 sp->fail_counter[IDX_LCP] = 0; 2335 sp->pp_loopcnt = 0; 2336 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2337 h->ident, origlen, h+1); 2338 } 2339 2340 end: 2341 free (buf, M_TEMP); 2342 return (rlen == 0); 2343 } 2344 2345 /* 2346 * Analyze the LCP Configure-Reject option list, and adjust our 2347 * negotiation. 2348 */ 2349 static void 2350 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2351 { 2352 STDDCL; 2353 u_char *buf, *p; 2354 2355 len -= 4; 2356 buf = malloc (len, M_TEMP, M_NOWAIT); 2357 if (!buf) 2358 return; 2359 2360 if (debug) 2361 log(LOG_DEBUG, SPP_FMT "lcp rej opts:", 2362 SPP_ARGS(ifp)); 2363 2364 p = (void*) (h+1); 2365 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2366 if (debug) 2367 addlog(" %s", sppp_lcp_opt_name(*p)); 2368 switch (*p) { 2369 case LCP_OPT_MAGIC: 2370 /* Magic number -- can't use it, use 0 */ 2371 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2372 sp->lcp.magic = 0; 2373 break; 2374 case LCP_OPT_MRU: 2375 /* 2376 * Should not be rejected anyway, since we only 2377 * negotiate a MRU if explicitly requested by 2378 * peer. 2379 */ 2380 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2381 break; 2382 case LCP_OPT_AUTH_PROTO: 2383 /* 2384 * Peer doesn't want to authenticate himself, 2385 * deny unless this is a dialout call, and 2386 * AUTHFLAG_NOCALLOUT is set. 2387 */ 2388 if ((sp->pp_flags & PP_CALLIN) == 0 && 2389 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2390 if (debug) 2391 addlog(" [don't insist on auth " 2392 "for callout]"); 2393 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2394 break; 2395 } 2396 if (debug) 2397 addlog("[access denied]\n"); 2398 lcp.Close(sp); 2399 break; 2400 } 2401 } 2402 if (debug) 2403 addlog("\n"); 2404 free (buf, M_TEMP); 2405 return; 2406 } 2407 2408 /* 2409 * Analyze the LCP Configure-NAK option list, and adjust our 2410 * negotiation. 2411 */ 2412 static void 2413 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2414 { 2415 STDDCL; 2416 u_char *buf, *p; 2417 u_long magic; 2418 2419 len -= 4; 2420 buf = malloc (len, M_TEMP, M_NOWAIT); 2421 if (!buf) 2422 return; 2423 2424 if (debug) 2425 log(LOG_DEBUG, SPP_FMT "lcp nak opts:", 2426 SPP_ARGS(ifp)); 2427 2428 p = (void*) (h+1); 2429 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2430 if (debug) 2431 addlog(" %s", sppp_lcp_opt_name(*p)); 2432 switch (*p) { 2433 case LCP_OPT_MAGIC: 2434 /* Magic number -- renegotiate */ 2435 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2436 len >= 6 && p[1] == 6) { 2437 magic = (u_long)p[2] << 24 | 2438 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2439 /* 2440 * If the remote magic is our negated one, 2441 * this looks like a loopback problem. 2442 * Suggest a new magic to make sure. 2443 */ 2444 if (magic == ~sp->lcp.magic) { 2445 if (debug) 2446 addlog(" magic glitch"); 2447 #if defined(__NetBSD__) || (defined(__FreeBSD__) && __FreeBSD__ >= 3) 2448 sp->lcp.magic = random(); 2449 #else 2450 sp->lcp.magic = time.tv_sec + time.tv_usec; 2451 #endif 2452 } else { 2453 sp->lcp.magic = magic; 2454 if (debug) 2455 addlog(" %ld", magic); 2456 } 2457 } 2458 break; 2459 case LCP_OPT_MRU: 2460 /* 2461 * Peer wants to advise us to negotiate an MRU. 2462 * Agree on it if it's reasonable, or use 2463 * default otherwise. 2464 */ 2465 if (len >= 4 && p[1] == 4) { 2466 u_int mru = p[2] * 256 + p[3]; 2467 if (debug) 2468 addlog(" %d", mru); 2469 if (mru < PP_MTU || mru > PP_MAX_MRU) 2470 mru = PP_MTU; 2471 sp->lcp.mru = mru; 2472 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2473 } 2474 break; 2475 case LCP_OPT_AUTH_PROTO: 2476 /* 2477 * Peer doesn't like our authentication method, 2478 * deny. 2479 */ 2480 if (debug) 2481 addlog("[access denied]\n"); 2482 lcp.Close(sp); 2483 break; 2484 } 2485 } 2486 if (debug) 2487 addlog("\n"); 2488 free (buf, M_TEMP); 2489 return; 2490 } 2491 2492 static void 2493 sppp_lcp_tlu(struct sppp *sp) 2494 { 2495 STDDCL; 2496 int i; 2497 u_long mask; 2498 2499 /* XXX ? */ 2500 if (! (ifp->if_flags & IFF_UP) && 2501 (ifp->if_flags & IFF_RUNNING)) { 2502 /* Coming out of loopback mode. */ 2503 if_up(ifp); 2504 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2505 } 2506 2507 for (i = 0; i < IDX_COUNT; i++) 2508 if ((cps[i])->flags & CP_QUAL) 2509 (cps[i])->Open(sp); 2510 2511 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2512 (sp->pp_flags & PP_NEEDAUTH) != 0) 2513 sp->pp_phase = PHASE_AUTHENTICATE; 2514 else 2515 sp->pp_phase = PHASE_NETWORK; 2516 2517 if(debug) 2518 { 2519 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2520 sppp_phase_name(sp->pp_phase)); 2521 } 2522 2523 /* 2524 * Open all authentication protocols. This is even required 2525 * if we already proceeded to network phase, since it might be 2526 * that remote wants us to authenticate, so we might have to 2527 * send a PAP request. Undesired authentication protocols 2528 * don't do anything when they get an Open event. 2529 */ 2530 for (i = 0; i < IDX_COUNT; i++) 2531 if ((cps[i])->flags & CP_AUTH) 2532 (cps[i])->Open(sp); 2533 2534 if (sp->pp_phase == PHASE_NETWORK) { 2535 /* Notify all NCPs. */ 2536 for (i = 0; i < IDX_COUNT; i++) 2537 if ((cps[i])->flags & CP_NCP) 2538 (cps[i])->Open(sp); 2539 } 2540 2541 /* Send Up events to all started protos. */ 2542 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2543 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2544 (cps[i])->Up(sp); 2545 2546 /* notify low-level driver of state change */ 2547 if (sp->pp_chg) 2548 sp->pp_chg(sp, (int)sp->pp_phase); 2549 2550 if (sp->pp_phase == PHASE_NETWORK) 2551 /* if no NCP is starting, close down */ 2552 sppp_lcp_check_and_close(sp); 2553 } 2554 2555 static void 2556 sppp_lcp_tld(struct sppp *sp) 2557 { 2558 STDDCL; 2559 int i; 2560 u_long mask; 2561 2562 sp->pp_phase = PHASE_TERMINATE; 2563 2564 if(debug) 2565 { 2566 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2567 sppp_phase_name(sp->pp_phase)); 2568 } 2569 2570 /* 2571 * Take upper layers down. We send the Down event first and 2572 * the Close second to prevent the upper layers from sending 2573 * ``a flurry of terminate-request packets'', as the RFC 2574 * describes it. 2575 */ 2576 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2577 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2578 (cps[i])->Down(sp); 2579 (cps[i])->Close(sp); 2580 } 2581 } 2582 2583 static void 2584 sppp_lcp_tls(struct sppp *sp) 2585 { 2586 STDDCL; 2587 2588 sp->pp_phase = PHASE_ESTABLISH; 2589 2590 if(debug) 2591 { 2592 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2593 sppp_phase_name(sp->pp_phase)); 2594 } 2595 2596 /* Notify lower layer if desired. */ 2597 if (sp->pp_tls) 2598 (sp->pp_tls)(sp); 2599 } 2600 2601 static void 2602 sppp_lcp_tlf(struct sppp *sp) 2603 { 2604 STDDCL; 2605 2606 sp->pp_phase = PHASE_DEAD; 2607 2608 if(debug) 2609 { 2610 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2611 sppp_phase_name(sp->pp_phase)); 2612 } 2613 2614 /* Notify lower layer if desired. */ 2615 if (sp->pp_tlf) 2616 (sp->pp_tlf)(sp); 2617 } 2618 2619 static void 2620 sppp_lcp_scr(struct sppp *sp) 2621 { 2622 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2623 int i = 0; 2624 u_short authproto; 2625 2626 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2627 if (! sp->lcp.magic) 2628 #if defined(__NetBSD__) || (defined(__FreeBSD__) && __FreeBSD__ >= 3) 2629 sp->lcp.magic = random(); 2630 #else 2631 sp->lcp.magic = time.tv_sec + time.tv_usec; 2632 #endif 2633 opt[i++] = LCP_OPT_MAGIC; 2634 opt[i++] = 6; 2635 opt[i++] = sp->lcp.magic >> 24; 2636 opt[i++] = sp->lcp.magic >> 16; 2637 opt[i++] = sp->lcp.magic >> 8; 2638 opt[i++] = sp->lcp.magic; 2639 } 2640 2641 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2642 opt[i++] = LCP_OPT_MRU; 2643 opt[i++] = 4; 2644 opt[i++] = sp->lcp.mru >> 8; 2645 opt[i++] = sp->lcp.mru; 2646 } 2647 2648 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2649 authproto = sp->hisauth.proto; 2650 opt[i++] = LCP_OPT_AUTH_PROTO; 2651 opt[i++] = authproto == PPP_CHAP? 5: 4; 2652 opt[i++] = authproto >> 8; 2653 opt[i++] = authproto; 2654 if (authproto == PPP_CHAP) 2655 opt[i++] = CHAP_MD5; 2656 } 2657 2658 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2659 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2660 } 2661 2662 /* 2663 * Check the open NCPs, return true if at least one NCP is open. 2664 */ 2665 static int 2666 sppp_ncp_check(struct sppp *sp) 2667 { 2668 int i, mask; 2669 2670 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2671 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2672 return 1; 2673 return 0; 2674 } 2675 2676 /* 2677 * Re-check the open NCPs and see if we should terminate the link. 2678 * Called by the NCPs during their tlf action handling. 2679 */ 2680 static void 2681 sppp_lcp_check_and_close(struct sppp *sp) 2682 { 2683 2684 if (sp->pp_phase < PHASE_NETWORK) 2685 /* don't bother, we are already going down */ 2686 return; 2687 2688 if (sppp_ncp_check(sp)) 2689 return; 2690 2691 lcp.Close(sp); 2692 } 2693 2694 2695 /* 2697 *--------------------------------------------------------------------------* 2698 * * 2699 * The IPCP implementation. * 2700 * * 2701 *--------------------------------------------------------------------------* 2702 */ 2703 2704 static void 2705 sppp_ipcp_init(struct sppp *sp) 2706 { 2707 sp->ipcp.opts = 0; 2708 sp->ipcp.flags = 0; 2709 sp->state[IDX_IPCP] = STATE_INITIAL; 2710 sp->fail_counter[IDX_IPCP] = 0; 2711 sp->pp_seq[IDX_IPCP] = 0; 2712 sp->pp_rseq[IDX_IPCP] = 0; 2713 #if defined(__NetBSD__) 2714 callout_init(&sp->ch[IDX_IPCP]); 2715 #endif 2716 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 2717 callout_handle_init(&sp->ch[IDX_IPCP]); 2718 #endif 2719 } 2720 2721 static void 2722 sppp_ipcp_up(struct sppp *sp) 2723 { 2724 sppp_up_event(&ipcp, sp); 2725 } 2726 2727 static void 2728 sppp_ipcp_down(struct sppp *sp) 2729 { 2730 sppp_down_event(&ipcp, sp); 2731 } 2732 2733 static void 2734 sppp_ipcp_open(struct sppp *sp) 2735 { 2736 STDDCL; 2737 u_long myaddr, hisaddr; 2738 2739 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN); 2740 2741 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2742 /* 2743 * If we don't have his address, this probably means our 2744 * interface doesn't want to talk IP at all. (This could 2745 * be the case if somebody wants to speak only IPX, for 2746 * example.) Don't open IPCP in this case. 2747 */ 2748 if (hisaddr == 0L) { 2749 /* XXX this message should go away */ 2750 if (debug) 2751 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2752 SPP_ARGS(ifp)); 2753 return; 2754 } 2755 2756 if (myaddr == 0L) { 2757 /* 2758 * I don't have an assigned address, so i need to 2759 * negotiate my address. 2760 */ 2761 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2762 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2763 } else 2764 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2765 sppp_open_event(&ipcp, sp); 2766 } 2767 2768 static void 2769 sppp_ipcp_close(struct sppp *sp) 2770 { 2771 sppp_close_event(&ipcp, sp); 2772 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2773 /* 2774 * My address was dynamic, clear it again. 2775 */ 2776 sppp_set_ip_addr(sp, 0L); 2777 } 2778 2779 static void 2780 sppp_ipcp_TO(void *cookie) 2781 { 2782 sppp_to_event(&ipcp, (struct sppp *)cookie); 2783 } 2784 2785 /* 2786 * Analyze a configure request. Return true if it was agreeable, and 2787 * caused action sca, false if it has been rejected or nak'ed, and 2788 * caused action scn. (The return value is used to make the state 2789 * transition decision in the state automaton.) 2790 */ 2791 static int 2792 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2793 { 2794 u_char *buf, *r, *p; 2795 struct ifnet *ifp = &sp->pp_if; 2796 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2797 u_long hisaddr, desiredaddr; 2798 int gotmyaddr = 0; 2799 2800 len -= 4; 2801 origlen = len; 2802 /* 2803 * Make sure to allocate a buf that can at least hold a 2804 * conf-nak with an `address' option. We might need it below. 2805 */ 2806 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2807 if (! buf) 2808 return (0); 2809 2810 /* pass 1: see if we can recognize them */ 2811 if (debug) 2812 log(LOG_DEBUG, SPP_FMT "ipcp parse opts:", 2813 SPP_ARGS(ifp)); 2814 p = (void*) (h+1); 2815 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2816 if (debug) 2817 addlog(" %s", sppp_ipcp_opt_name(*p)); 2818 switch (*p) { 2819 #ifdef notyet 2820 case IPCP_OPT_COMPRESSION: 2821 if (len >= 6 && p[1] >= 6) { 2822 /* correctly formed compress option */ 2823 continue; 2824 } 2825 if (debug) 2826 addlog(" [invalid]"); 2827 break; 2828 #endif 2829 case IPCP_OPT_ADDRESS: 2830 if (len >= 6 && p[1] == 6) { 2831 /* correctly formed address option */ 2832 continue; 2833 } 2834 if (debug) 2835 addlog(" [invalid]"); 2836 break; 2837 default: 2838 /* Others not supported. */ 2839 if (debug) 2840 addlog(" [rej]"); 2841 break; 2842 } 2843 /* Add the option to rejected list. */ 2844 bcopy (p, r, p[1]); 2845 r += p[1]; 2846 rlen += p[1]; 2847 } 2848 if (rlen) { 2849 if (debug) 2850 addlog(" send conf-rej\n"); 2851 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2852 goto end; 2853 } else if (debug) 2854 addlog("\n"); 2855 2856 /* pass 2: parse option values */ 2857 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 2858 if (debug) 2859 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2860 SPP_ARGS(ifp)); 2861 p = (void*) (h+1); 2862 len = origlen; 2863 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2864 if (debug) 2865 addlog(" %s", sppp_ipcp_opt_name(*p)); 2866 switch (*p) { 2867 #ifdef notyet 2868 case IPCP_OPT_COMPRESSION: 2869 continue; 2870 #endif 2871 case IPCP_OPT_ADDRESS: 2872 desiredaddr = p[2] << 24 | p[3] << 16 | 2873 p[4] << 8 | p[5]; 2874 if (!(sp->ipcp.flags & IPCP_MYADDR_SEEN) && 2875 (sp->ipcp.flags & IPCP_MYADDR_DYN)) { 2876 /* 2877 * hopefully this is our address !! 2878 */ 2879 if (debug) 2880 addlog(" [wantmyaddr %s]", 2881 sppp_dotted_quad(desiredaddr)); 2882 /* 2883 * When doing dynamic address assignment, 2884 * we accept his offer. Otherwise, we 2885 * ignore it and thus continue to negotiate 2886 * our already existing value. 2887 */ 2888 sppp_set_ip_addr(sp, desiredaddr); 2889 if (debug) 2890 addlog(" [agree]"); 2891 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2892 gotmyaddr++; 2893 continue; 2894 } else { 2895 if (desiredaddr == hisaddr || 2896 (hisaddr == 1 && desiredaddr != 0)) { 2897 /* 2898 * Peer's address is same as our value, 2899 * this is agreeable. Gonna conf-ack 2900 * it. 2901 */ 2902 if (debug) 2903 addlog(" %s [ack]", 2904 sppp_dotted_quad(hisaddr)); 2905 /* record that we've seen it already */ 2906 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2907 continue; 2908 } 2909 /* 2910 * The address wasn't agreeable. This is either 2911 * he sent us 0.0.0.0, asking to assign him an 2912 * address, or he send us another address not 2913 * matching our value. Either case, we gonna 2914 * conf-nak it with our value. 2915 */ 2916 if (debug) { 2917 if (desiredaddr == 0) 2918 addlog(" [addr requested]"); 2919 else 2920 addlog(" %s [not agreed]", 2921 sppp_dotted_quad(desiredaddr)); 2922 } 2923 2924 p[2] = hisaddr >> 24; 2925 p[3] = hisaddr >> 16; 2926 p[4] = hisaddr >> 8; 2927 p[5] = hisaddr; 2928 break; 2929 } 2930 } 2931 /* Add the option to nak'ed list. */ 2932 bcopy (p, r, p[1]); 2933 r += p[1]; 2934 rlen += p[1]; 2935 } 2936 2937 /* 2938 * If we are about to conf-ack the request, but haven't seen 2939 * his address so far, gonna conf-nak it instead, with the 2940 * `address' option present and our idea of his address being 2941 * filled in there, to request negotiation of both addresses. 2942 * 2943 * XXX This can result in an endless req - nak loop if peer 2944 * doesn't want to send us his address. Q: What should we do 2945 * about it? XXX A: implement the max-failure counter. 2946 */ 2947 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 2948 buf[0] = IPCP_OPT_ADDRESS; 2949 buf[1] = 6; 2950 buf[2] = hisaddr >> 24; 2951 buf[3] = hisaddr >> 16; 2952 buf[4] = hisaddr >> 8; 2953 buf[5] = hisaddr; 2954 rlen = 6; 2955 if (debug) 2956 addlog(" still need hisaddr"); 2957 } 2958 2959 if (rlen) { 2960 if (debug) 2961 addlog(" send conf-nak\n"); 2962 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2963 } else { 2964 if (debug) 2965 addlog(" send conf-ack\n"); 2966 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 2967 h->ident, origlen, h+1); 2968 } 2969 2970 end: 2971 free (buf, M_TEMP); 2972 return (rlen == 0); 2973 } 2974 2975 /* 2976 * Analyze the IPCP Configure-Reject option list, and adjust our 2977 * negotiation. 2978 */ 2979 static void 2980 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2981 { 2982 u_char *buf, *p; 2983 struct ifnet *ifp = &sp->pp_if; 2984 int debug = ifp->if_flags & IFF_DEBUG; 2985 2986 len -= 4; 2987 buf = malloc (len, M_TEMP, M_NOWAIT); 2988 if (!buf) 2989 return; 2990 2991 if (debug) 2992 log(LOG_DEBUG, SPP_FMT "ipcp rej opts:", 2993 SPP_ARGS(ifp)); 2994 2995 p = (void*) (h+1); 2996 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2997 if (debug) 2998 addlog(" %s", sppp_ipcp_opt_name(*p)); 2999 switch (*p) { 3000 case IPCP_OPT_ADDRESS: 3001 /* 3002 * Peer doesn't grok address option. This is 3003 * bad. XXX Should we better give up here? 3004 */ 3005 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3006 break; 3007 #ifdef notyet 3008 case IPCP_OPT_COMPRESS: 3009 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS); 3010 break; 3011 #endif 3012 } 3013 } 3014 if (debug) 3015 addlog("\n"); 3016 free (buf, M_TEMP); 3017 return; 3018 } 3019 3020 /* 3021 * Analyze the IPCP Configure-NAK option list, and adjust our 3022 * negotiation. 3023 */ 3024 static void 3025 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3026 { 3027 u_char *buf, *p; 3028 struct ifnet *ifp = &sp->pp_if; 3029 int debug = ifp->if_flags & IFF_DEBUG; 3030 u_long wantaddr; 3031 3032 len -= 4; 3033 buf = malloc (len, M_TEMP, M_NOWAIT); 3034 if (!buf) 3035 return; 3036 3037 if (debug) 3038 log(LOG_DEBUG, SPP_FMT "ipcp nak opts:", 3039 SPP_ARGS(ifp)); 3040 3041 p = (void*) (h+1); 3042 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3043 if (debug) 3044 addlog(" %s", sppp_ipcp_opt_name(*p)); 3045 switch (*p) { 3046 case IPCP_OPT_ADDRESS: 3047 /* 3048 * Peer doesn't like our local IP address. See 3049 * if we can do something for him. We'll drop 3050 * him our address then. 3051 */ 3052 if (len >= 6 && p[1] == 6) { 3053 wantaddr = p[2] << 24 | p[3] << 16 | 3054 p[4] << 8 | p[5]; 3055 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3056 if (debug) 3057 addlog(" [wantaddr %s]", 3058 sppp_dotted_quad(wantaddr)); 3059 /* 3060 * When doing dynamic address assignment, 3061 * we accept his offer. Otherwise, we 3062 * ignore it and thus continue to negotiate 3063 * our already existing value. 3064 */ 3065 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3066 sppp_set_ip_addr(sp, wantaddr); 3067 if (debug) 3068 addlog(" [agree]"); 3069 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3070 } 3071 } 3072 break; 3073 #ifdef notyet 3074 case IPCP_OPT_COMPRESS: 3075 /* 3076 * Peer wants different compression parameters. 3077 */ 3078 break; 3079 #endif 3080 } 3081 } 3082 if (debug) 3083 addlog("\n"); 3084 free (buf, M_TEMP); 3085 return; 3086 } 3087 3088 static void 3089 sppp_ipcp_tlu(struct sppp *sp) 3090 { 3091 /* we are up - notify isdn daemon */ 3092 if (sp->pp_con) 3093 sp->pp_con(sp); 3094 } 3095 3096 static void 3097 sppp_ipcp_tld(struct sppp *sp) 3098 { 3099 } 3100 3101 static void 3102 sppp_ipcp_tls(struct sppp *sp) 3103 { 3104 /* indicate to LCP that it must stay alive */ 3105 sp->lcp.protos |= (1 << IDX_IPCP); 3106 } 3107 3108 static void 3109 sppp_ipcp_tlf(struct sppp *sp) 3110 { 3111 3112 #if 0 /* need #if 0 to close IPCP properly */ 3113 /* we no longer need LCP */ 3114 sp->lcp.protos &= ~(1 << IDX_IPCP); 3115 sppp_lcp_check_and_close(sp); 3116 #endif 3117 } 3118 3119 static void 3120 sppp_ipcp_scr(struct sppp *sp) 3121 { 3122 char opt[6 /* compression */ + 6 /* address */]; 3123 u_long ouraddr; 3124 int i = 0; 3125 3126 #ifdef notyet 3127 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3128 opt[i++] = IPCP_OPT_COMPRESSION; 3129 opt[i++] = 6; 3130 opt[i++] = 0; /* VJ header compression */ 3131 opt[i++] = 0x2d; /* VJ header compression */ 3132 opt[i++] = max_slot_id; 3133 opt[i++] = comp_slot_id; 3134 } 3135 #endif 3136 3137 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3138 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3139 opt[i++] = IPCP_OPT_ADDRESS; 3140 opt[i++] = 6; 3141 opt[i++] = ouraddr >> 24; 3142 opt[i++] = ouraddr >> 16; 3143 opt[i++] = ouraddr >> 8; 3144 opt[i++] = ouraddr; 3145 } 3146 3147 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3148 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3149 } 3150 3151 3152 /* 3154 *--------------------------------------------------------------------------* 3155 * * 3156 * The IPv6CP implementation. * 3157 * * 3158 *--------------------------------------------------------------------------* 3159 */ 3160 3161 #ifdef INET6 3162 static void 3163 sppp_ipv6cp_init(struct sppp *sp) 3164 { 3165 sp->ipv6cp.opts = 0; 3166 sp->ipv6cp.flags = 0; 3167 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3168 sp->fail_counter[IDX_IPV6CP] = 0; 3169 sp->pp_seq[IDX_IPV6CP] = 0; 3170 sp->pp_rseq[IDX_IPV6CP] = 0; 3171 #if defined(__NetBSD__) 3172 callout_init(&sp->ch[IDX_IPV6CP]); 3173 #endif 3174 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3175 callout_handle_init(&sp->ch[IDX_IPV6CP]); 3176 #endif 3177 } 3178 3179 static void 3180 sppp_ipv6cp_up(struct sppp *sp) 3181 { 3182 sppp_up_event(&ipv6cp, sp); 3183 } 3184 3185 static void 3186 sppp_ipv6cp_down(struct sppp *sp) 3187 { 3188 sppp_down_event(&ipv6cp, sp); 3189 } 3190 3191 static void 3192 sppp_ipv6cp_open(struct sppp *sp) 3193 { 3194 STDDCL; 3195 struct in6_addr myaddr, hisaddr; 3196 3197 #ifdef IPV6CP_MYIFID_DYN 3198 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3199 #else 3200 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3201 #endif 3202 3203 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3204 /* 3205 * If we don't have our address, this probably means our 3206 * interface doesn't want to talk IPv6 at all. (This could 3207 * be the case if somebody wants to speak only IPX, for 3208 * example.) Don't open IPv6CP in this case. 3209 */ 3210 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3211 /* XXX this message should go away */ 3212 if (debug) 3213 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3214 SPP_ARGS(ifp)); 3215 return; 3216 } 3217 3218 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3219 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3220 sppp_open_event(&ipv6cp, sp); 3221 } 3222 3223 static void 3224 sppp_ipv6cp_close(struct sppp *sp) 3225 { 3226 sppp_close_event(&ipv6cp, sp); 3227 } 3228 3229 static void 3230 sppp_ipv6cp_TO(void *cookie) 3231 { 3232 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3233 } 3234 3235 /* 3236 * Analyze a configure request. Return true if it was agreeable, and 3237 * caused action sca, false if it has been rejected or nak'ed, and 3238 * caused action scn. (The return value is used to make the state 3239 * transition decision in the state automaton.) 3240 */ 3241 static int 3242 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3243 { 3244 u_char *buf, *r, *p; 3245 struct ifnet *ifp = &sp->pp_if; 3246 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3247 struct in6_addr myaddr, desiredaddr, suggestaddr; 3248 int ifidcount; 3249 int type; 3250 int collision, nohisaddr; 3251 3252 len -= 4; 3253 origlen = len; 3254 /* 3255 * Make sure to allocate a buf that can at least hold a 3256 * conf-nak with an `address' option. We might need it below. 3257 */ 3258 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3259 if (! buf) 3260 return (0); 3261 3262 /* pass 1: see if we can recognize them */ 3263 if (debug) 3264 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3265 SPP_ARGS(ifp)); 3266 p = (void*) (h+1); 3267 ifidcount = 0; 3268 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3269 if (debug) 3270 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3271 switch (*p) { 3272 case IPV6CP_OPT_IFID: 3273 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3274 /* correctly formed address option */ 3275 ifidcount++; 3276 continue; 3277 } 3278 if (debug) 3279 addlog(" [invalid]"); 3280 break; 3281 #ifdef notyet 3282 case IPV6CP_OPT_COMPRESSION: 3283 if (len >= 4 && p[1] >= 4) { 3284 /* correctly formed compress option */ 3285 continue; 3286 } 3287 if (debug) 3288 addlog(" [invalid]"); 3289 break; 3290 #endif 3291 default: 3292 /* Others not supported. */ 3293 if (debug) 3294 addlog(" [rej]"); 3295 break; 3296 } 3297 /* Add the option to rejected list. */ 3298 bcopy (p, r, p[1]); 3299 r += p[1]; 3300 rlen += p[1]; 3301 } 3302 if (rlen) { 3303 if (debug) 3304 addlog(" send conf-rej\n"); 3305 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3306 goto end; 3307 } else if (debug) 3308 addlog("\n"); 3309 3310 /* pass 2: parse option values */ 3311 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3312 if (debug) 3313 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3314 SPP_ARGS(ifp)); 3315 p = (void*) (h+1); 3316 len = origlen; 3317 type = CONF_ACK; 3318 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3319 if (debug) 3320 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3321 switch (*p) { 3322 #ifdef notyet 3323 case IPV6CP_OPT_COMPRESSION: 3324 continue; 3325 #endif 3326 case IPV6CP_OPT_IFID: 3327 bzero(&desiredaddr, sizeof(desiredaddr)); 3328 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3329 collision = (bcmp(&desiredaddr.s6_addr[8], 3330 &myaddr.s6_addr[8], 8) == 0); 3331 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3332 3333 desiredaddr.s6_addr16[0] = htons(0xfe80); 3334 desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3335 3336 if (!collision && !nohisaddr) { 3337 /* no collision, hisaddr known - Conf-Ack */ 3338 type = CONF_ACK; 3339 3340 if (debug) { 3341 addlog(" %s [%s]", 3342 ip6_sprintf(&desiredaddr), 3343 sppp_cp_type_name(type)); 3344 } 3345 continue; 3346 } 3347 3348 bzero(&suggestaddr, sizeof(&suggestaddr)); 3349 if (collision && nohisaddr) { 3350 /* collision, hisaddr unknown - Conf-Rej */ 3351 type = CONF_REJ; 3352 bzero(&p[2], 8); 3353 } else { 3354 /* 3355 * - no collision, hisaddr unknown, or 3356 * - collision, hisaddr known 3357 * Conf-Nak, suggest hisaddr 3358 */ 3359 type = CONF_NAK; 3360 sppp_suggest_ip6_addr(sp, &suggestaddr); 3361 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3362 } 3363 if (debug) 3364 addlog(" %s [%s]", ip6_sprintf(&desiredaddr), 3365 sppp_cp_type_name(type)); 3366 break; 3367 } 3368 /* Add the option to nak'ed list. */ 3369 bcopy (p, r, p[1]); 3370 r += p[1]; 3371 rlen += p[1]; 3372 } 3373 3374 if (rlen == 0 && type == CONF_ACK) { 3375 if (debug) 3376 addlog(" send %s\n", sppp_cp_type_name(type)); 3377 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3378 } else { 3379 #ifdef DIAGNOSTIC 3380 if (type == CONF_ACK) 3381 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3382 #endif 3383 3384 if (debug) { 3385 addlog(" send %s suggest %s\n", 3386 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr)); 3387 } 3388 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3389 } 3390 3391 end: 3392 free (buf, M_TEMP); 3393 return (rlen == 0); 3394 } 3395 3396 /* 3397 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3398 * negotiation. 3399 */ 3400 static void 3401 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3402 { 3403 u_char *buf, *p; 3404 struct ifnet *ifp = &sp->pp_if; 3405 int debug = ifp->if_flags & IFF_DEBUG; 3406 3407 len -= 4; 3408 buf = malloc (len, M_TEMP, M_NOWAIT); 3409 if (!buf) 3410 return; 3411 3412 if (debug) 3413 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3414 SPP_ARGS(ifp)); 3415 3416 p = (void*) (h+1); 3417 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3418 if (debug) 3419 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3420 switch (*p) { 3421 case IPV6CP_OPT_IFID: 3422 /* 3423 * Peer doesn't grok address option. This is 3424 * bad. XXX Should we better give up here? 3425 */ 3426 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3427 break; 3428 #ifdef notyet 3429 case IPV6CP_OPT_COMPRESS: 3430 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3431 break; 3432 #endif 3433 } 3434 } 3435 if (debug) 3436 addlog("\n"); 3437 free (buf, M_TEMP); 3438 return; 3439 } 3440 3441 /* 3442 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3443 * negotiation. 3444 */ 3445 static void 3446 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3447 { 3448 u_char *buf, *p; 3449 struct ifnet *ifp = &sp->pp_if; 3450 int debug = ifp->if_flags & IFF_DEBUG; 3451 struct in6_addr suggestaddr; 3452 3453 len -= 4; 3454 buf = malloc (len, M_TEMP, M_NOWAIT); 3455 if (!buf) 3456 return; 3457 3458 if (debug) 3459 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3460 SPP_ARGS(ifp)); 3461 3462 p = (void*) (h+1); 3463 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3464 if (debug) 3465 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3466 switch (*p) { 3467 case IPV6CP_OPT_IFID: 3468 /* 3469 * Peer doesn't like our local ifid. See 3470 * if we can do something for him. We'll drop 3471 * him our address then. 3472 */ 3473 if (len < 10 || p[1] != 10) 3474 break; 3475 bzero(&suggestaddr, sizeof(suggestaddr)); 3476 suggestaddr.s6_addr16[0] = htons(0xfe80); 3477 suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3478 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3479 3480 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3481 if (debug) 3482 addlog(" [suggestaddr %s]", 3483 ip6_sprintf(&suggestaddr)); 3484 #ifdef IPV6CP_MYIFID_DYN 3485 /* 3486 * When doing dynamic address assignment, 3487 * we accept his offer. 3488 */ 3489 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3490 struct in6_addr lastsuggest; 3491 /* 3492 * If <suggested myaddr from peer> equals to 3493 * <hisaddr we have suggested last time>, 3494 * we have a collision. generate new random 3495 * ifid. 3496 */ 3497 sppp_suggest_ip6_addr(&lastsuggest); 3498 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3499 lastsuggest)) { 3500 if (debug) 3501 addlog(" [random]"); 3502 sppp_gen_ip6_addr(sp, &suggestaddr); 3503 } 3504 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3505 if (debug) 3506 addlog(" [agree]"); 3507 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3508 } 3509 #else 3510 /* 3511 * Since we do not do dynamic address assignment, 3512 * we ignore it and thus continue to negotiate 3513 * our already existing value. This can possibly 3514 * go into infinite request-reject loop. 3515 * 3516 * This is not likely because we normally use 3517 * ifid based on MAC-address. 3518 * If you have no ethernet card on the node, too bad. 3519 * XXX should we use fail_counter? 3520 */ 3521 #endif 3522 break; 3523 #ifdef notyet 3524 case IPV6CP_OPT_COMPRESS: 3525 /* 3526 * Peer wants different compression parameters. 3527 */ 3528 break; 3529 #endif 3530 } 3531 } 3532 if (debug) 3533 addlog("\n"); 3534 free (buf, M_TEMP); 3535 return; 3536 } 3537 3538 static void 3539 sppp_ipv6cp_tlu(struct sppp *sp) 3540 { 3541 /* we are up - notify isdn daemon */ 3542 if (sp->pp_con) 3543 sp->pp_con(sp); 3544 } 3545 3546 static void 3547 sppp_ipv6cp_tld(struct sppp *sp) 3548 { 3549 } 3550 3551 static void 3552 sppp_ipv6cp_tls(struct sppp *sp) 3553 { 3554 /* indicate to LCP that it must stay alive */ 3555 sp->lcp.protos |= (1 << IDX_IPV6CP); 3556 } 3557 3558 static void 3559 sppp_ipv6cp_tlf(struct sppp *sp) 3560 { 3561 3562 #if 0 /* need #if 0 to close IPv6CP properly */ 3563 /* we no longer need LCP */ 3564 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3565 sppp_lcp_check_and_close(sp); 3566 #endif 3567 } 3568 3569 static void 3570 sppp_ipv6cp_scr(struct sppp *sp) 3571 { 3572 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3573 struct in6_addr ouraddr; 3574 int i = 0; 3575 3576 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3577 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3578 opt[i++] = IPV6CP_OPT_IFID; 3579 opt[i++] = 10; 3580 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3581 i += 8; 3582 } 3583 3584 #ifdef notyet 3585 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3586 opt[i++] = IPV6CP_OPT_COMPRESSION; 3587 opt[i++] = 4; 3588 opt[i++] = 0; /* TBD */ 3589 opt[i++] = 0; /* TBD */ 3590 /* variable length data may follow */ 3591 } 3592 #endif 3593 3594 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3595 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3596 } 3597 #else /*INET6*/ 3598 static void sppp_ipv6cp_init(struct sppp *sp) 3599 { 3600 } 3601 3602 static void sppp_ipv6cp_up(struct sppp *sp) 3603 { 3604 } 3605 3606 static void sppp_ipv6cp_down(struct sppp *sp) 3607 { 3608 } 3609 3610 3611 static void sppp_ipv6cp_open(struct sppp *sp) 3612 { 3613 } 3614 3615 static void sppp_ipv6cp_close(struct sppp *sp) 3616 { 3617 } 3618 3619 static void sppp_ipv6cp_TO(void *sp) 3620 { 3621 } 3622 3623 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3624 { 3625 return 0; 3626 } 3627 3628 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3629 { 3630 } 3631 3632 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3633 { 3634 } 3635 3636 static void sppp_ipv6cp_tlu(struct sppp *sp) 3637 { 3638 } 3639 3640 static void sppp_ipv6cp_tld(struct sppp *sp) 3641 { 3642 } 3643 3644 static void sppp_ipv6cp_tls(struct sppp *sp) 3645 { 3646 } 3647 3648 static void sppp_ipv6cp_tlf(struct sppp *sp) 3649 { 3650 } 3651 3652 static void sppp_ipv6cp_scr(struct sppp *sp) 3653 { 3654 } 3655 #endif /*INET6*/ 3656 3657 3658 /* 3660 *--------------------------------------------------------------------------* 3661 * * 3662 * The CHAP implementation. * 3663 * * 3664 *--------------------------------------------------------------------------* 3665 */ 3666 3667 /* 3668 * The authentication protocols don't employ a full-fledged state machine as 3669 * the control protocols do, since they do have Open and Close events, but 3670 * not Up and Down, nor are they explicitly terminated. Also, use of the 3671 * authentication protocols may be different in both directions (this makes 3672 * sense, think of a machine that never accepts incoming calls but only 3673 * calls out, it doesn't require the called party to authenticate itself). 3674 * 3675 * Our state machine for the local authentication protocol (we are requesting 3676 * the peer to authenticate) looks like: 3677 * 3678 * RCA- 3679 * +--------------------------------------------+ 3680 * V scn,tld| 3681 * +--------+ Close +---------+ RCA+ 3682 * | |<----------------------------------| |------+ 3683 * +--->| Closed | TO* | Opened | sca | 3684 * | | |-----+ +-------| |<-----+ 3685 * | +--------+ irc | | +---------+ 3686 * | ^ | | ^ 3687 * | | | | | 3688 * | | | | | 3689 * | TO-| | | | 3690 * | |tld TO+ V | | 3691 * | | +------->+ | | 3692 * | | | | | | 3693 * | +--------+ V | | 3694 * | | |<----+<--------------------+ | 3695 * | | Req- | scr | 3696 * | | Sent | | 3697 * | | | | 3698 * | +--------+ | 3699 * | RCA- | | RCA+ | 3700 * +------+ +------------------------------------------+ 3701 * scn,tld sca,irc,ict,tlu 3702 * 3703 * 3704 * with: 3705 * 3706 * Open: LCP reached authentication phase 3707 * Close: LCP reached terminate phase 3708 * 3709 * RCA+: received reply (pap-req, chap-response), acceptable 3710 * RCN: received reply (pap-req, chap-response), not acceptable 3711 * TO+: timeout with restart counter >= 0 3712 * TO-: timeout with restart counter < 0 3713 * TO*: reschedule timeout for CHAP 3714 * 3715 * scr: send request packet (none for PAP, chap-challenge) 3716 * sca: send ack packet (pap-ack, chap-success) 3717 * scn: send nak packet (pap-nak, chap-failure) 3718 * ict: initialize re-challenge timer (CHAP only) 3719 * 3720 * tlu: this-layer-up, LCP reaches network phase 3721 * tld: this-layer-down, LCP enters terminate phase 3722 * 3723 * Note that in CHAP mode, after sending a new challenge, while the state 3724 * automaton falls back into Req-Sent state, it doesn't signal a tld 3725 * event to LCP, so LCP remains in network phase. Only after not getting 3726 * any response (or after getting an unacceptable response), CHAP closes, 3727 * causing LCP to enter terminate phase. 3728 * 3729 * With PAP, there is no initial request that can be sent. The peer is 3730 * expected to send one based on the successful negotiation of PAP as 3731 * the authentication protocol during the LCP option negotiation. 3732 * 3733 * Incoming authentication protocol requests (remote requests 3734 * authentication, we are peer) don't employ a state machine at all, 3735 * they are simply answered. Some peers [Ascend P50 firmware rev 3736 * 4.50] react allergically when sending IPCP/IPv6CP requests while they are 3737 * still in authentication phase (thereby violating the standard that 3738 * demands that these NCP packets are to be discarded), so we keep 3739 * track of the peer demanding us to authenticate, and only proceed to 3740 * phase network once we've seen a positive acknowledge for the 3741 * authentication. 3742 */ 3743 3744 /* 3745 * Handle incoming CHAP packets. 3746 */ 3747 void 3748 sppp_chap_input(struct sppp *sp, struct mbuf *m) 3749 { 3750 STDDCL; 3751 struct lcp_header *h; 3752 int len, x; 3753 u_char *value, *name, digest[AUTHKEYLEN], dsize; 3754 int value_len, name_len; 3755 MD5_CTX ctx; 3756 3757 len = m->m_pkthdr.len; 3758 if (len < 4) { 3759 if (debug) 3760 log(LOG_DEBUG, 3761 SPP_FMT "chap invalid packet length: %d bytes\n", 3762 SPP_ARGS(ifp), len); 3763 return; 3764 } 3765 h = mtod (m, struct lcp_header*); 3766 if (len > ntohs (h->len)) 3767 len = ntohs (h->len); 3768 3769 switch (h->type) { 3770 /* challenge, failure and success are his authproto */ 3771 case CHAP_CHALLENGE: 3772 value = 1 + (u_char*)(h+1); 3773 value_len = value[-1]; 3774 name = value + value_len; 3775 name_len = len - value_len - 5; 3776 if (name_len < 0) { 3777 if (debug) { 3778 log(LOG_DEBUG, 3779 SPP_FMT "chap corrupted challenge " 3780 "<%s id=0x%x len=%d", 3781 SPP_ARGS(ifp), 3782 sppp_auth_type_name(PPP_CHAP, h->type), 3783 h->ident, ntohs(h->len)); 3784 if (len > 4) 3785 sppp_print_bytes((u_char*) (h+1), len-4); 3786 addlog(">\n"); 3787 } 3788 break; 3789 } 3790 3791 if (debug) { 3792 log(LOG_DEBUG, 3793 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3794 SPP_ARGS(ifp), 3795 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3796 ntohs(h->len)); 3797 sppp_print_string((char*) name, name_len); 3798 addlog(" value-size=%d value=", value_len); 3799 sppp_print_bytes(value, value_len); 3800 addlog(">\n"); 3801 } 3802 3803 /* Compute reply value. */ 3804 MD5Init(&ctx); 3805 MD5Update(&ctx, &h->ident, 1); 3806 MD5Update(&ctx, sp->myauth.secret, 3807 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 3808 MD5Update(&ctx, value, value_len); 3809 MD5Final(digest, &ctx); 3810 dsize = sizeof digest; 3811 3812 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3813 sizeof dsize, (const char *)&dsize, 3814 sizeof digest, digest, 3815 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3816 sp->myauth.name, 3817 0); 3818 break; 3819 3820 case CHAP_SUCCESS: 3821 if (debug) { 3822 log(LOG_DEBUG, SPP_FMT "chap success", 3823 SPP_ARGS(ifp)); 3824 if (len > 4) { 3825 addlog(": "); 3826 sppp_print_string((char*)(h + 1), len - 4); 3827 } 3828 addlog("\n"); 3829 } 3830 x = splimp(); 3831 sp->pp_flags &= ~PP_NEEDAUTH; 3832 if (sp->myauth.proto == PPP_CHAP && 3833 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3834 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3835 /* 3836 * We are authenticator for CHAP but didn't 3837 * complete yet. Leave it to tlu to proceed 3838 * to network phase. 3839 */ 3840 splx(x); 3841 break; 3842 } 3843 splx(x); 3844 sppp_phase_network(sp); 3845 break; 3846 3847 case CHAP_FAILURE: 3848 if (debug) { 3849 log(LOG_INFO, SPP_FMT "chap failure", 3850 SPP_ARGS(ifp)); 3851 if (len > 4) { 3852 addlog(": "); 3853 sppp_print_string((char*)(h + 1), len - 4); 3854 } 3855 addlog("\n"); 3856 } else 3857 log(LOG_INFO, SPP_FMT "chap failure\n", 3858 SPP_ARGS(ifp)); 3859 /* await LCP shutdown by authenticator */ 3860 break; 3861 3862 /* response is my authproto */ 3863 case CHAP_RESPONSE: 3864 value = 1 + (u_char*)(h+1); 3865 value_len = value[-1]; 3866 name = value + value_len; 3867 name_len = len - value_len - 5; 3868 if (name_len < 0) { 3869 if (debug) { 3870 log(LOG_DEBUG, 3871 SPP_FMT "chap corrupted response " 3872 "<%s id=0x%x len=%d", 3873 SPP_ARGS(ifp), 3874 sppp_auth_type_name(PPP_CHAP, h->type), 3875 h->ident, ntohs(h->len)); 3876 if (len > 4) 3877 sppp_print_bytes((u_char*)(h+1), len-4); 3878 addlog(">\n"); 3879 } 3880 break; 3881 } 3882 if (h->ident != sp->confid[IDX_CHAP]) { 3883 if (debug) 3884 log(LOG_DEBUG, 3885 SPP_FMT "chap dropping response for old ID " 3886 "(got %d, expected %d)\n", 3887 SPP_ARGS(ifp), 3888 h->ident, sp->confid[IDX_CHAP]); 3889 break; 3890 } 3891 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 3892 || bcmp(name, sp->hisauth.name, name_len) != 0) { 3893 log(LOG_INFO, SPP_FMT "chap response, his name ", 3894 SPP_ARGS(ifp)); 3895 sppp_print_string(name, name_len); 3896 addlog(" != expected "); 3897 sppp_print_string(sp->hisauth.name, 3898 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 3899 addlog("\n"); 3900 } 3901 if (debug) { 3902 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 3903 "<%s id=0x%x len=%d name=", 3904 SPP_ARGS(ifp), 3905 sppp_state_name(sp->state[IDX_CHAP]), 3906 sppp_auth_type_name(PPP_CHAP, h->type), 3907 h->ident, ntohs (h->len)); 3908 sppp_print_string((char*)name, name_len); 3909 addlog(" value-size=%d value=", value_len); 3910 sppp_print_bytes(value, value_len); 3911 addlog(">\n"); 3912 } 3913 if (value_len != AUTHKEYLEN) { 3914 if (debug) 3915 log(LOG_DEBUG, 3916 SPP_FMT "chap bad hash value length: " 3917 "%d bytes, should be %d\n", 3918 SPP_ARGS(ifp), value_len, 3919 AUTHKEYLEN); 3920 break; 3921 } 3922 3923 MD5Init(&ctx); 3924 MD5Update(&ctx, &h->ident, 1); 3925 MD5Update(&ctx, sp->hisauth.secret, 3926 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 3927 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 3928 MD5Final(digest, &ctx); 3929 3930 #define FAILMSG "Failed..." 3931 #define SUCCMSG "Welcome!" 3932 3933 if (value_len != sizeof digest || 3934 bcmp(digest, value, value_len) != 0) { 3935 /* action scn, tld */ 3936 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3937 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3938 0); 3939 chap.tld(sp); 3940 break; 3941 } 3942 /* action sca, perhaps tlu */ 3943 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 3944 sp->state[IDX_CHAP] == STATE_OPENED) 3945 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 3946 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3947 0); 3948 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 3949 sppp_cp_change_state(&chap, sp, STATE_OPENED); 3950 chap.tlu(sp); 3951 } 3952 break; 3953 3954 default: 3955 /* Unknown CHAP packet type -- ignore. */ 3956 if (debug) { 3957 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 3958 "<0x%x id=0x%xh len=%d", 3959 SPP_ARGS(ifp), 3960 sppp_state_name(sp->state[IDX_CHAP]), 3961 h->type, h->ident, ntohs(h->len)); 3962 if (len > 4) 3963 sppp_print_bytes((u_char*)(h+1), len-4); 3964 addlog(">\n"); 3965 } 3966 break; 3967 3968 } 3969 } 3970 3971 static void 3972 sppp_chap_init(struct sppp *sp) 3973 { 3974 /* Chap doesn't have STATE_INITIAL at all. */ 3975 sp->state[IDX_CHAP] = STATE_CLOSED; 3976 sp->fail_counter[IDX_CHAP] = 0; 3977 sp->pp_seq[IDX_CHAP] = 0; 3978 sp->pp_rseq[IDX_CHAP] = 0; 3979 #if defined(__NetBSD__) 3980 callout_init(&sp->ch[IDX_CHAP]); 3981 #endif 3982 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3983 callout_handle_init(&sp->ch[IDX_CHAP]); 3984 #endif 3985 } 3986 3987 static void 3988 sppp_chap_open(struct sppp *sp) 3989 { 3990 if (sp->myauth.proto == PPP_CHAP && 3991 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3992 /* we are authenticator for CHAP, start it */ 3993 chap.scr(sp); 3994 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3995 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3996 } 3997 /* nothing to be done if we are peer, await a challenge */ 3998 } 3999 4000 static void 4001 sppp_chap_close(struct sppp *sp) 4002 { 4003 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4004 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4005 } 4006 4007 static void 4008 sppp_chap_TO(void *cookie) 4009 { 4010 struct sppp *sp = (struct sppp *)cookie; 4011 STDDCL; 4012 int s; 4013 4014 s = splimp(); 4015 if (debug) 4016 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 4017 SPP_ARGS(ifp), 4018 sppp_state_name(sp->state[IDX_CHAP]), 4019 sp->rst_counter[IDX_CHAP]); 4020 4021 if (--sp->rst_counter[IDX_CHAP] < 0) 4022 /* TO- event */ 4023 switch (sp->state[IDX_CHAP]) { 4024 case STATE_REQ_SENT: 4025 chap.tld(sp); 4026 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4027 break; 4028 } 4029 else 4030 /* TO+ (or TO*) event */ 4031 switch (sp->state[IDX_CHAP]) { 4032 case STATE_OPENED: 4033 /* TO* event */ 4034 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4035 /* fall through */ 4036 case STATE_REQ_SENT: 4037 chap.scr(sp); 4038 /* sppp_cp_change_state() will restart the timer */ 4039 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4040 break; 4041 } 4042 4043 splx(s); 4044 } 4045 4046 static void 4047 sppp_chap_tlu(struct sppp *sp) 4048 { 4049 STDDCL; 4050 int i, x; 4051 4052 i = 0; 4053 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4054 4055 /* 4056 * Some broken CHAP implementations (Conware CoNet, firmware 4057 * 4.0.?) don't want to re-authenticate their CHAP once the 4058 * initial challenge-response exchange has taken place. 4059 * Provide for an option to avoid rechallenges. 4060 */ 4061 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 4062 /* 4063 * Compute the re-challenge timeout. This will yield 4064 * a number between 300 and 810 seconds. 4065 */ 4066 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 4067 4068 #if defined(__NetBSD__) 4069 callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, sp); 4070 #else 4071 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 4072 sp->ch[IDX_CHAP] = 4073 #endif 4074 timeout(chap.TO, (void *)sp, i * hz); 4075 #endif /* __NetBSD__ */ 4076 } 4077 4078 if (debug) { 4079 log(LOG_DEBUG, 4080 SPP_FMT "chap %s, ", 4081 SPP_ARGS(ifp), 4082 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 4083 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 4084 addlog("next re-challenge in %d seconds\n", i); 4085 else 4086 addlog("re-challenging supressed\n"); 4087 } 4088 4089 x = splimp(); 4090 /* indicate to LCP that we need to be closed down */ 4091 sp->lcp.protos |= (1 << IDX_CHAP); 4092 4093 if (sp->pp_flags & PP_NEEDAUTH) { 4094 /* 4095 * Remote is authenticator, but his auth proto didn't 4096 * complete yet. Defer the transition to network 4097 * phase. 4098 */ 4099 splx(x); 4100 return; 4101 } 4102 splx(x); 4103 4104 /* 4105 * If we are already in phase network, we are done here. This 4106 * is the case if this is a dummy tlu event after a re-challenge. 4107 */ 4108 if (sp->pp_phase != PHASE_NETWORK) 4109 sppp_phase_network(sp); 4110 } 4111 4112 static void 4113 sppp_chap_tld(struct sppp *sp) 4114 { 4115 STDDCL; 4116 4117 if (debug) 4118 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 4119 #if defined(__NetBSD__) 4120 callout_stop(&sp->ch[IDX_CHAP]); 4121 #else 4122 untimeout(chap.TO, (void *)sp 4123 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 4124 , sp->ch[IDX_CHAP] 4125 #endif 4126 ); 4127 #endif /* __NetBSD__ */ 4128 sp->lcp.protos &= ~(1 << IDX_CHAP); 4129 4130 lcp.Close(sp); 4131 } 4132 4133 static void 4134 sppp_chap_scr(struct sppp *sp) 4135 { 4136 struct timeval tv; 4137 u_long *ch, seed; 4138 u_char clen; 4139 4140 /* Compute random challenge. */ 4141 ch = (u_long *)sp->myauth.challenge; 4142 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 4143 read_random(&seed, sizeof seed); 4144 #else 4145 microtime(&tv); 4146 seed = tv.tv_sec ^ tv.tv_usec; 4147 #endif 4148 ch[0] = seed ^ random(); 4149 ch[1] = seed ^ random(); 4150 ch[2] = seed ^ random(); 4151 ch[3] = seed ^ random(); 4152 clen = AUTHKEYLEN; 4153 4154 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4155 4156 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4157 sizeof clen, (const char *)&clen, 4158 (size_t)AUTHKEYLEN, sp->myauth.challenge, 4159 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 4160 sp->myauth.name, 4161 0); 4162 } 4163 /* 4165 *--------------------------------------------------------------------------* 4166 * * 4167 * The PAP implementation. * 4168 * * 4169 *--------------------------------------------------------------------------* 4170 */ 4171 /* 4172 * For PAP, we need to keep a little state also if we are the peer, not the 4173 * authenticator. This is since we don't get a request to authenticate, but 4174 * have to repeatedly authenticate ourself until we got a response (or the 4175 * retry counter is expired). 4176 */ 4177 4178 /* 4179 * Handle incoming PAP packets. */ 4180 static void 4181 sppp_pap_input(struct sppp *sp, struct mbuf *m) 4182 { 4183 STDDCL; 4184 struct lcp_header *h; 4185 int len, x; 4186 u_char *name, *passwd, mlen; 4187 int name_len, passwd_len; 4188 4189 len = m->m_pkthdr.len; 4190 if (len < 5) { 4191 if (debug) 4192 log(LOG_DEBUG, 4193 SPP_FMT "pap invalid packet length: %d bytes\n", 4194 SPP_ARGS(ifp), len); 4195 return; 4196 } 4197 h = mtod (m, struct lcp_header*); 4198 if (len > ntohs (h->len)) 4199 len = ntohs (h->len); 4200 switch (h->type) { 4201 /* PAP request is my authproto */ 4202 case PAP_REQ: 4203 name = 1 + (u_char*)(h+1); 4204 name_len = name[-1]; 4205 passwd = name + name_len + 1; 4206 if (name_len > len - 6 || 4207 (passwd_len = passwd[-1]) > len - 6 - name_len) { 4208 if (debug) { 4209 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4210 "<%s id=0x%x len=%d", 4211 SPP_ARGS(ifp), 4212 sppp_auth_type_name(PPP_PAP, h->type), 4213 h->ident, ntohs(h->len)); 4214 if (len > 4) 4215 sppp_print_bytes((u_char*)(h+1), len-4); 4216 addlog(">\n"); 4217 } 4218 break; 4219 } 4220 if (debug) { 4221 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4222 "<%s id=0x%x len=%d name=", 4223 SPP_ARGS(ifp), 4224 sppp_state_name(sp->state[IDX_PAP]), 4225 sppp_auth_type_name(PPP_PAP, h->type), 4226 h->ident, ntohs(h->len)); 4227 sppp_print_string((char*)name, name_len); 4228 addlog(" passwd="); 4229 sppp_print_string((char*)passwd, passwd_len); 4230 addlog(">\n"); 4231 } 4232 if (name_len > AUTHNAMELEN || 4233 passwd_len > AUTHKEYLEN || 4234 bcmp(name, sp->hisauth.name, name_len) != 0 || 4235 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 4236 /* action scn, tld */ 4237 mlen = sizeof(FAILMSG) - 1; 4238 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4239 sizeof mlen, (const char *)&mlen, 4240 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4241 0); 4242 pap.tld(sp); 4243 break; 4244 } 4245 /* action sca, perhaps tlu */ 4246 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4247 sp->state[IDX_PAP] == STATE_OPENED) { 4248 mlen = sizeof(SUCCMSG) - 1; 4249 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4250 sizeof mlen, (const char *)&mlen, 4251 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4252 0); 4253 } 4254 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4255 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4256 pap.tlu(sp); 4257 } 4258 break; 4259 4260 /* ack and nak are his authproto */ 4261 case PAP_ACK: 4262 #if defined(__NetBSD__) 4263 callout_stop(&sp->pap_my_to_ch); 4264 #else 4265 untimeout(sppp_pap_my_TO, (void *)sp 4266 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 4267 , sp->pap_my_to_ch 4268 #endif 4269 ); 4270 #endif /* __NetBSD__ */ 4271 if (debug) { 4272 log(LOG_DEBUG, SPP_FMT "pap success", 4273 SPP_ARGS(ifp)); 4274 name_len = *((char *)h); 4275 if (len > 5 && name_len) { 4276 addlog(": "); 4277 sppp_print_string((char*)(h+1), name_len); 4278 } 4279 addlog("\n"); 4280 } 4281 x = splimp(); 4282 sp->pp_flags &= ~PP_NEEDAUTH; 4283 if (sp->myauth.proto == PPP_PAP && 4284 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4285 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4286 /* 4287 * We are authenticator for PAP but didn't 4288 * complete yet. Leave it to tlu to proceed 4289 * to network phase. 4290 */ 4291 splx(x); 4292 break; 4293 } 4294 splx(x); 4295 sppp_phase_network(sp); 4296 break; 4297 4298 case PAP_NAK: 4299 #if defined(__NetBSD__) 4300 callout_stop(&sp->pap_my_to_ch); 4301 #else 4302 untimeout(sppp_pap_my_TO, (void *)sp 4303 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 4304 , sp->pap_my_to_ch 4305 #endif 4306 ); 4307 #endif /* __NetBSD__ */ 4308 if (debug) { 4309 log(LOG_INFO, SPP_FMT "pap failure", 4310 SPP_ARGS(ifp)); 4311 name_len = *((char *)h); 4312 if (len > 5 && name_len) { 4313 addlog(": "); 4314 sppp_print_string((char*)(h+1), name_len); 4315 } 4316 addlog("\n"); 4317 } else 4318 log(LOG_INFO, SPP_FMT "pap failure\n", 4319 SPP_ARGS(ifp)); 4320 /* await LCP shutdown by authenticator */ 4321 break; 4322 4323 default: 4324 /* Unknown PAP packet type -- ignore. */ 4325 if (debug) { 4326 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4327 "<0x%x id=0x%x len=%d", 4328 SPP_ARGS(ifp), 4329 h->type, h->ident, ntohs(h->len)); 4330 if (len > 4) 4331 sppp_print_bytes((u_char*)(h+1), len-4); 4332 addlog(">\n"); 4333 } 4334 break; 4335 4336 } 4337 } 4338 4339 static void 4340 sppp_pap_init(struct sppp *sp) 4341 { 4342 /* PAP doesn't have STATE_INITIAL at all. */ 4343 sp->state[IDX_PAP] = STATE_CLOSED; 4344 sp->fail_counter[IDX_PAP] = 0; 4345 sp->pp_seq[IDX_PAP] = 0; 4346 sp->pp_rseq[IDX_PAP] = 0; 4347 #if defined(__NetBSD__) 4348 callout_init(&sp->ch[IDX_PAP]); 4349 callout_init(&sp->pap_my_to_ch); 4350 #endif 4351 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 4352 callout_handle_init(&sp->ch[IDX_PAP]); 4353 callout_handle_init(&sp->pap_my_to_ch); 4354 #endif 4355 } 4356 4357 static void 4358 sppp_pap_open(struct sppp *sp) 4359 { 4360 if (sp->hisauth.proto == PPP_PAP && 4361 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4362 /* we are authenticator for PAP, start our timer */ 4363 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4364 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4365 } 4366 if (sp->myauth.proto == PPP_PAP) { 4367 /* we are peer, send a request, and start a timer */ 4368 pap.scr(sp); 4369 #if defined(__NetBSD__) 4370 callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout, 4371 sppp_pap_my_TO, sp); 4372 #else 4373 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 4374 sp->pap_my_to_ch = 4375 #endif 4376 timeout(sppp_pap_my_TO, (void *)sp, sp->lcp.timeout); 4377 #endif /* __NetBSD__ */ 4378 } 4379 } 4380 4381 static void 4382 sppp_pap_close(struct sppp *sp) 4383 { 4384 if (sp->state[IDX_PAP] != STATE_CLOSED) 4385 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4386 } 4387 4388 /* 4389 * That's the timeout routine if we are authenticator. Since the 4390 * authenticator is basically passive in PAP, we can't do much here. 4391 */ 4392 static void 4393 sppp_pap_TO(void *cookie) 4394 { 4395 struct sppp *sp = (struct sppp *)cookie; 4396 STDDCL; 4397 int s; 4398 4399 s = splimp(); 4400 if (debug) 4401 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4402 SPP_ARGS(ifp), 4403 sppp_state_name(sp->state[IDX_PAP]), 4404 sp->rst_counter[IDX_PAP]); 4405 4406 if (--sp->rst_counter[IDX_PAP] < 0) 4407 /* TO- event */ 4408 switch (sp->state[IDX_PAP]) { 4409 case STATE_REQ_SENT: 4410 pap.tld(sp); 4411 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4412 break; 4413 } 4414 else 4415 /* TO+ event, not very much we could do */ 4416 switch (sp->state[IDX_PAP]) { 4417 case STATE_REQ_SENT: 4418 /* sppp_cp_change_state() will restart the timer */ 4419 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4420 break; 4421 } 4422 4423 splx(s); 4424 } 4425 4426 /* 4427 * That's the timeout handler if we are peer. Since the peer is active, 4428 * we need to retransmit our PAP request since it is apparently lost. 4429 * XXX We should impose a max counter. 4430 */ 4431 static void 4432 sppp_pap_my_TO(void *cookie) 4433 { 4434 struct sppp *sp = (struct sppp *)cookie; 4435 STDDCL; 4436 4437 if (debug) 4438 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4439 SPP_ARGS(ifp)); 4440 4441 pap.scr(sp); 4442 } 4443 4444 static void 4445 sppp_pap_tlu(struct sppp *sp) 4446 { 4447 STDDCL; 4448 int x; 4449 4450 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4451 4452 if (debug) 4453 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4454 SPP_ARGS(ifp), pap.name); 4455 4456 x = splimp(); 4457 /* indicate to LCP that we need to be closed down */ 4458 sp->lcp.protos |= (1 << IDX_PAP); 4459 4460 if (sp->pp_flags & PP_NEEDAUTH) { 4461 /* 4462 * Remote is authenticator, but his auth proto didn't 4463 * complete yet. Defer the transition to network 4464 * phase. 4465 */ 4466 splx(x); 4467 return; 4468 } 4469 splx(x); 4470 sppp_phase_network(sp); 4471 } 4472 4473 static void 4474 sppp_pap_tld(struct sppp *sp) 4475 { 4476 STDDCL; 4477 4478 if (debug) 4479 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4480 #if defined(__NetBSD__) 4481 callout_stop(&sp->ch[IDX_PAP]); 4482 #else 4483 untimeout(pap.TO, (void *)sp 4484 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 4485 , sp->ch[IDX_PAP] 4486 #endif 4487 ); 4488 #endif /* __NetBSD__ */ 4489 4490 #if defined(__NetBSD__) 4491 callout_stop(&sp->pap_my_to_ch); 4492 #else 4493 untimeout(sppp_pap_my_TO, (void *)sp 4494 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 4495 , sp->pap_my_to_ch 4496 #endif 4497 ); 4498 #endif /* __NetBSD__ */ 4499 sp->lcp.protos &= ~(1 << IDX_PAP); 4500 4501 lcp.Close(sp); 4502 } 4503 4504 static void 4505 sppp_pap_scr(struct sppp *sp) 4506 { 4507 u_char idlen, pwdlen; 4508 4509 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4510 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 4511 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 4512 4513 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4514 sizeof idlen, (const char *)&idlen, 4515 (size_t)idlen, sp->myauth.name, 4516 sizeof pwdlen, (const char *)&pwdlen, 4517 (size_t)pwdlen, sp->myauth.secret, 4518 0); 4519 } 4520 /* 4522 * Random miscellaneous functions. 4523 */ 4524 4525 /* 4526 * Send a PAP or CHAP proto packet. 4527 * 4528 * Varadic function, each of the elements for the ellipsis is of type 4529 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4530 * mlen == 0. 4531 * NOTE: never declare variadic functions with types subject to type 4532 * promotion (i.e. u_char). This is asking for big trouble depending 4533 * on the architecture you are on... 4534 */ 4535 4536 static void 4537 sppp_auth_send(const struct cp *cp, struct sppp *sp, 4538 unsigned int type, unsigned int id, 4539 ...) 4540 { 4541 STDDCL; 4542 struct ppp_header *h; 4543 struct lcp_header *lh; 4544 struct mbuf *m; 4545 u_char *p; 4546 int len; 4547 unsigned int mlen; 4548 const char *msg; 4549 va_list ap; 4550 4551 MGETHDR (m, M_DONTWAIT, MT_DATA); 4552 if (! m) 4553 return; 4554 m->m_pkthdr.rcvif = 0; 4555 4556 h = mtod (m, struct ppp_header*); 4557 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4558 h->control = PPP_UI; /* Unnumbered Info */ 4559 h->protocol = htons(cp->proto); 4560 4561 lh = (struct lcp_header*)(h + 1); 4562 lh->type = type; 4563 lh->ident = id; 4564 p = (u_char*) (lh+1); 4565 4566 va_start(ap, id); 4567 len = 0; 4568 4569 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4570 msg = va_arg(ap, const char *); 4571 len += mlen; 4572 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 4573 va_end(ap); 4574 m_freem(m); 4575 return; 4576 } 4577 4578 bcopy(msg, p, mlen); 4579 p += mlen; 4580 } 4581 va_end(ap); 4582 4583 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 4584 lh->len = htons (LCP_HEADER_LEN + len); 4585 4586 if (debug) { 4587 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4588 SPP_ARGS(ifp), cp->name, 4589 sppp_auth_type_name(cp->proto, lh->type), 4590 lh->ident, ntohs(lh->len)); 4591 if (len) 4592 sppp_print_bytes((u_char*) (lh+1), len); 4593 addlog(">\n"); 4594 } 4595 if (IF_QFULL (&sp->pp_cpq)) { 4596 IF_DROP (&sp->pp_fastq); 4597 IF_DROP (&ifp->if_snd); 4598 m_freem (m); 4599 ++ifp->if_oerrors; 4600 } else 4601 IF_ENQUEUE (&sp->pp_cpq, m); 4602 if (! (ifp->if_flags & IFF_OACTIVE)) 4603 (*ifp->if_start) (ifp); 4604 ifp->if_obytes += m->m_pkthdr.len + 3; 4605 } 4606 4607 /* 4608 * Send keepalive packets, every 10 seconds. 4609 */ 4610 static void 4611 sppp_keepalive(void *dummy) 4612 { 4613 struct sppp *sp; 4614 int s; 4615 4616 s = splimp(); 4617 for (sp=spppq; sp; sp=sp->pp_next) { 4618 struct ifnet *ifp = &sp->pp_if; 4619 4620 /* Keepalive mode disabled or channel down? */ 4621 if (! (sp->pp_flags & PP_KEEPALIVE) || 4622 ! (ifp->if_flags & IFF_RUNNING)) 4623 continue; 4624 4625 /* No keepalive in PPP mode if LCP not opened yet. */ 4626 if (! (sp->pp_flags & PP_CISCO) && 4627 sp->pp_phase < PHASE_AUTHENTICATE) 4628 continue; 4629 4630 if (sp->pp_alivecnt == MAXALIVECNT) { 4631 /* No keepalive packets got. Stop the interface. */ 4632 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 4633 if_down (ifp); 4634 IFQ_PURGE (&sp->pp_cpq); 4635 if (! (sp->pp_flags & PP_CISCO)) { 4636 /* XXX */ 4637 /* Shut down the PPP link. */ 4638 lcp.Down(sp); 4639 /* Initiate negotiation. XXX */ 4640 lcp.Up(sp); 4641 } 4642 } 4643 if (sp->pp_alivecnt <= MAXALIVECNT) 4644 ++sp->pp_alivecnt; 4645 if (sp->pp_flags & PP_CISCO) 4646 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4647 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4648 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4649 long nmagic = htonl (sp->lcp.magic); 4650 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4651 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4652 sp->lcp.echoid, 4, &nmagic); 4653 } 4654 } 4655 splx(s); 4656 #if defined(__NetBSD__) 4657 callout_reset(&keepalive_ch, hz * 10, sppp_keepalive, NULL); 4658 #else 4659 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 4660 keepalive_ch = 4661 #endif 4662 timeout(sppp_keepalive, 0, hz * 10); 4663 #endif /* __NetBSD__ */ 4664 } 4665 4666 /* 4667 * Get both IP addresses. 4668 */ 4669 static void 4670 sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 4671 { 4672 struct ifnet *ifp = &sp->pp_if; 4673 struct ifaddr *ifa; 4674 struct sockaddr_in *si, *sm; 4675 u_long ssrc, ddst; 4676 4677 sm = NULL; 4678 ssrc = ddst = 0L; 4679 /* 4680 * Pick the first AF_INET address from the list, 4681 * aliases don't make any sense on a p2p link anyway. 4682 */ 4683 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 4684 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 4685 ifa; 4686 ifa = ifa->ifa_link.tqe_next) 4687 #elif defined(__NetBSD__) || defined (__OpenBSD__) 4688 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 4689 ifa; 4690 ifa = ifa->ifa_list.tqe_next) 4691 #else 4692 for (ifa = ifp->if_addrlist, si = 0; 4693 ifa; 4694 ifa = ifa->ifa_next) 4695 #endif 4696 if (ifa->ifa_addr->sa_family == AF_INET) { 4697 si = (struct sockaddr_in *)ifa->ifa_addr; 4698 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4699 if (si) 4700 break; 4701 } 4702 if (ifa) { 4703 if (si && si->sin_addr.s_addr) { 4704 ssrc = si->sin_addr.s_addr; 4705 if (srcmask) 4706 *srcmask = ntohl(sm->sin_addr.s_addr); 4707 } 4708 4709 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4710 if (si && si->sin_addr.s_addr) 4711 ddst = si->sin_addr.s_addr; 4712 } 4713 4714 if (dst) *dst = ntohl(ddst); 4715 if (src) *src = ntohl(ssrc); 4716 } 4717 4718 /* 4719 * Set my IP address. Must be called at splimp. 4720 */ 4721 static void 4722 sppp_set_ip_addr(struct sppp *sp, u_long src) 4723 { 4724 STDDCL; 4725 struct ifaddr *ifa; 4726 struct sockaddr_in *si; 4727 4728 /* 4729 * Pick the first AF_INET address from the list, 4730 * aliases don't make any sense on a p2p link anyway. 4731 */ 4732 4733 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 4734 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 4735 ifa; 4736 ifa = ifa->ifa_link.tqe_next) 4737 #elif defined(__NetBSD__) || defined (__OpenBSD__) 4738 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 4739 ifa; 4740 ifa = ifa->ifa_list.tqe_next) 4741 #else 4742 for (ifa = ifp->if_addrlist, si = 0; 4743 ifa; 4744 ifa = ifa->ifa_next) 4745 #endif 4746 { 4747 if (ifa->ifa_addr->sa_family == AF_INET) 4748 { 4749 si = (struct sockaddr_in *)ifa->ifa_addr; 4750 if (si) 4751 break; 4752 } 4753 } 4754 4755 if (ifa && si) 4756 { 4757 int error; 4758 #if __NetBSD_Version__ >= 103080000 4759 struct sockaddr_in new_sin = *si; 4760 4761 new_sin.sin_addr.s_addr = htonl(src); 4762 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 4763 if(debug && error) 4764 { 4765 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 4766 " failed, error=%d\n", SPP_ARGS(ifp), error); 4767 } 4768 #else 4769 /* delete old route */ 4770 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4771 if(debug && error) 4772 { 4773 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4774 SPP_ARGS(ifp), error); 4775 } 4776 4777 /* set new address */ 4778 si->sin_addr.s_addr = htonl(src); 4779 4780 /* add new route */ 4781 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4782 if (debug && error) 4783 { 4784 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4785 SPP_ARGS(ifp), error); 4786 } 4787 #endif 4788 } 4789 } 4790 4791 #ifdef INET6 4792 /* 4793 * Get both IPv6 addresses. 4794 */ 4795 static void 4796 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4797 struct in6_addr *srcmask) 4798 { 4799 struct ifnet *ifp = &sp->pp_if; 4800 struct ifaddr *ifa; 4801 struct sockaddr_in6 *si, *sm; 4802 struct in6_addr ssrc, ddst; 4803 4804 sm = NULL; 4805 bzero(&ssrc, sizeof(ssrc)); 4806 bzero(&ddst, sizeof(ddst)); 4807 /* 4808 * Pick the first link-local AF_INET6 address from the list, 4809 * aliases don't make any sense on a p2p link anyway. 4810 */ 4811 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 4812 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 4813 ifa; 4814 ifa = ifa->ifa_link.tqe_next) 4815 #elif defined(__NetBSD__) || defined (__OpenBSD__) 4816 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 4817 ifa; 4818 ifa = ifa->ifa_list.tqe_next) 4819 #else 4820 for (ifa = ifp->if_addrlist, si = 0; 4821 ifa; 4822 ifa = ifa->ifa_next) 4823 #endif 4824 if (ifa->ifa_addr->sa_family == AF_INET6) { 4825 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4826 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4827 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4828 break; 4829 } 4830 if (ifa) { 4831 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 4832 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 4833 if (srcmask) { 4834 bcopy(&sm->sin6_addr, srcmask, 4835 sizeof(*srcmask)); 4836 } 4837 } 4838 4839 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 4840 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 4841 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 4842 } 4843 4844 if (dst) 4845 bcopy(&ddst, dst, sizeof(*dst)); 4846 if (src) 4847 bcopy(&ssrc, src, sizeof(*src)); 4848 } 4849 4850 #ifdef IPV6CP_MYIFID_DYN 4851 /* 4852 * Generate random ifid. 4853 */ 4854 static void 4855 sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 4856 { 4857 /* TBD */ 4858 } 4859 4860 /* 4861 * Set my IPv6 address. Must be called at splimp. 4862 */ 4863 static void 4864 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 4865 { 4866 STDDCL; 4867 struct ifaddr *ifa; 4868 struct sockaddr_in6 *sin6; 4869 4870 /* 4871 * Pick the first link-local AF_INET6 address from the list, 4872 * aliases don't make any sense on a p2p link anyway. 4873 */ 4874 4875 sin6 = NULL; 4876 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 4877 for (ifa = ifp->if_addrhead.tqh_first; 4878 ifa; 4879 ifa = ifa->ifa_link.tqe_next) 4880 #elif defined(__NetBSD__) || defined (__OpenBSD__) 4881 for (ifa = ifp->if_addrlist.tqh_first; 4882 ifa; 4883 ifa = ifa->ifa_list.tqe_next) 4884 #else 4885 for (ifa = ifp->if_addrlist; ifa; ifa = ifa->ifa_next) 4886 #endif 4887 { 4888 if (ifa->ifa_addr->sa_family == AF_INET6) 4889 { 4890 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 4891 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 4892 break; 4893 } 4894 } 4895 4896 if (ifa && sin6) 4897 { 4898 int error; 4899 struct sockaddr_in6 new_sin6 = *sin6; 4900 4901 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 4902 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 4903 if (debug && error) 4904 { 4905 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 4906 " failed, error=%d\n", SPP_ARGS(ifp), error); 4907 } 4908 } 4909 } 4910 #endif 4911 4912 /* 4913 * Suggest a candidate address to be used by peer. 4914 */ 4915 static void 4916 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 4917 { 4918 struct in6_addr myaddr; 4919 struct timeval tv; 4920 4921 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 4922 4923 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 4924 microtime(&tv); 4925 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 4926 myaddr.s6_addr[14] ^= 0xff; 4927 myaddr.s6_addr[15] ^= 0xff; 4928 } else { 4929 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 4930 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 4931 } 4932 if (suggest) 4933 bcopy(&myaddr, suggest, sizeof(myaddr)); 4934 } 4935 #endif /*INET6*/ 4936 4937 static int 4938 sppp_params(struct sppp *sp, int cmd, void *data) 4939 { 4940 int subcmd; 4941 struct ifreq *ifr = (struct ifreq *)data; 4942 struct spppreq spr; 4943 4944 /* 4945 * ifr->ifr_data is supposed to point to a struct spppreq. 4946 * Check the cmd word first before attempting to fetch all the 4947 * data. 4948 */ 4949 if ((subcmd = fuword(ifr->ifr_data)) == -1) 4950 return EFAULT; 4951 4952 if (copyin((caddr_t)ifr->ifr_data, &spr, sizeof spr) != 0) 4953 return EFAULT; 4954 4955 switch (subcmd) { 4956 case SPPPIOGDEFS: 4957 if (cmd != (int)SIOCGIFGENERIC) 4958 return EINVAL; 4959 /* 4960 * We copy over the entire current state, but clean 4961 * out some of the stuff we don't wanna pass up. 4962 * Remember, SIOCGIFGENERIC is unprotected, and can be 4963 * called by any user. No need to ever get PAP or 4964 * CHAP secrets back to userland anyway. 4965 */ 4966 bcopy(sp, &spr.defs, sizeof(struct sppp)); 4967 bzero(spr.defs.myauth.secret, AUTHKEYLEN); 4968 bzero(spr.defs.myauth.challenge, AUTHKEYLEN); 4969 bzero(spr.defs.hisauth.secret, AUTHKEYLEN); 4970 bzero(spr.defs.hisauth.challenge, AUTHKEYLEN); 4971 return copyout(&spr, (caddr_t)ifr->ifr_data, sizeof spr); 4972 4973 case SPPPIOSDEFS: 4974 if (cmd != (int)SIOCSIFGENERIC) 4975 return EINVAL; 4976 /* 4977 * We have a very specific idea of which fields we allow 4978 * being passed back from userland, so to not clobber our 4979 * current state. For one, we only allow setting 4980 * anything if LCP is in dead phase. Once the LCP 4981 * negotiations started, the authentication settings must 4982 * not be changed again. (The administrator can force an 4983 * ifconfig down in order to get LCP back into dead 4984 * phase.) 4985 * 4986 * Also, we only allow for authentication parameters to be 4987 * specified. 4988 * 4989 * XXX Should allow to set or clear pp_flags. 4990 * 4991 * Finally, if the respective authentication protocol to 4992 * be used is set differently than 0, but the secret is 4993 * passed as all zeros, we don't trash the existing secret. 4994 * This allows an administrator to change the system name 4995 * only without clobbering the secret (which he didn't get 4996 * back in a previous SPPPIOGDEFS call). However, the 4997 * secrets are cleared if the authentication protocol is 4998 * reset to 0. 4999 */ 5000 if (sp->pp_phase != PHASE_DEAD) 5001 return EBUSY; 5002 5003 if ((spr.defs.myauth.proto != 0 && spr.defs.myauth.proto != PPP_PAP && 5004 spr.defs.myauth.proto != PPP_CHAP) || 5005 (spr.defs.hisauth.proto != 0 && spr.defs.hisauth.proto != PPP_PAP && 5006 spr.defs.hisauth.proto != PPP_CHAP)) 5007 return EINVAL; 5008 5009 if (spr.defs.myauth.proto == 0) 5010 /* resetting myauth */ 5011 bzero(&sp->myauth, sizeof sp->myauth); 5012 else { 5013 /* setting/changing myauth */ 5014 sp->myauth.proto = spr.defs.myauth.proto; 5015 bcopy(spr.defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 5016 if (spr.defs.myauth.secret[0] != '\0') 5017 bcopy(spr.defs.myauth.secret, sp->myauth.secret, 5018 AUTHKEYLEN); 5019 } 5020 if (spr.defs.hisauth.proto == 0) 5021 /* resetting hisauth */ 5022 bzero(&sp->hisauth, sizeof sp->hisauth); 5023 else { 5024 /* setting/changing hisauth */ 5025 sp->hisauth.proto = spr.defs.hisauth.proto; 5026 sp->hisauth.flags = spr.defs.hisauth.flags; 5027 bcopy(spr.defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 5028 if (spr.defs.hisauth.secret[0] != '\0') 5029 bcopy(spr.defs.hisauth.secret, sp->hisauth.secret, 5030 AUTHKEYLEN); 5031 } 5032 break; 5033 5034 default: 5035 return EINVAL; 5036 } 5037 5038 return 0; 5039 } 5040 5041 static void 5042 sppp_phase_network(struct sppp *sp) 5043 { 5044 STDDCL; 5045 int i; 5046 u_long mask; 5047 5048 sp->pp_phase = PHASE_NETWORK; 5049 5050 if(debug) 5051 { 5052 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 5053 sppp_phase_name(sp->pp_phase)); 5054 } 5055 5056 /* Notify NCPs now. */ 5057 for (i = 0; i < IDX_COUNT; i++) 5058 if ((cps[i])->flags & CP_NCP) 5059 (cps[i])->Open(sp); 5060 5061 /* Send Up events to all NCPs. */ 5062 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5063 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5064 (cps[i])->Up(sp); 5065 5066 /* if no NCP is starting, all this was in vain, close down */ 5067 sppp_lcp_check_and_close(sp); 5068 } 5069 5070 5071 static const char * 5072 sppp_cp_type_name(u_char type) 5073 { 5074 static char buf[12]; 5075 switch (type) { 5076 case CONF_REQ: return "conf-req"; 5077 case CONF_ACK: return "conf-ack"; 5078 case CONF_NAK: return "conf-nak"; 5079 case CONF_REJ: return "conf-rej"; 5080 case TERM_REQ: return "term-req"; 5081 case TERM_ACK: return "term-ack"; 5082 case CODE_REJ: return "code-rej"; 5083 case PROTO_REJ: return "proto-rej"; 5084 case ECHO_REQ: return "echo-req"; 5085 case ECHO_REPLY: return "echo-reply"; 5086 case DISC_REQ: return "discard-req"; 5087 } 5088 sprintf (buf, "0x%x", type); 5089 return buf; 5090 } 5091 5092 static const char * 5093 sppp_auth_type_name(u_short proto, u_char type) 5094 { 5095 static char buf[12]; 5096 switch (proto) { 5097 case PPP_CHAP: 5098 switch (type) { 5099 case CHAP_CHALLENGE: return "challenge"; 5100 case CHAP_RESPONSE: return "response"; 5101 case CHAP_SUCCESS: return "success"; 5102 case CHAP_FAILURE: return "failure"; 5103 } 5104 case PPP_PAP: 5105 switch (type) { 5106 case PAP_REQ: return "req"; 5107 case PAP_ACK: return "ack"; 5108 case PAP_NAK: return "nak"; 5109 } 5110 } 5111 sprintf (buf, "0x%x", type); 5112 return buf; 5113 } 5114 5115 static const char * 5116 sppp_lcp_opt_name(u_char opt) 5117 { 5118 static char buf[12]; 5119 switch (opt) { 5120 case LCP_OPT_MRU: return "mru"; 5121 case LCP_OPT_ASYNC_MAP: return "async-map"; 5122 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5123 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5124 case LCP_OPT_MAGIC: return "magic"; 5125 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5126 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5127 } 5128 sprintf (buf, "0x%x", opt); 5129 return buf; 5130 } 5131 5132 static const char * 5133 sppp_ipcp_opt_name(u_char opt) 5134 { 5135 static char buf[12]; 5136 switch (opt) { 5137 case IPCP_OPT_ADDRESSES: return "addresses"; 5138 case IPCP_OPT_COMPRESSION: return "compression"; 5139 case IPCP_OPT_ADDRESS: return "address"; 5140 } 5141 sprintf (buf, "0x%x", opt); 5142 return buf; 5143 } 5144 5145 #ifdef INET6 5146 static const char * 5147 sppp_ipv6cp_opt_name(u_char opt) 5148 { 5149 static char buf[12]; 5150 switch (opt) { 5151 case IPV6CP_OPT_IFID: return "ifid"; 5152 case IPV6CP_OPT_COMPRESSION: return "compression"; 5153 } 5154 sprintf (buf, "0x%x", opt); 5155 return buf; 5156 } 5157 #endif 5158 5159 static const char * 5160 sppp_state_name(int state) 5161 { 5162 switch (state) { 5163 case STATE_INITIAL: return "initial"; 5164 case STATE_STARTING: return "starting"; 5165 case STATE_CLOSED: return "closed"; 5166 case STATE_STOPPED: return "stopped"; 5167 case STATE_CLOSING: return "closing"; 5168 case STATE_STOPPING: return "stopping"; 5169 case STATE_REQ_SENT: return "req-sent"; 5170 case STATE_ACK_RCVD: return "ack-rcvd"; 5171 case STATE_ACK_SENT: return "ack-sent"; 5172 case STATE_OPENED: return "opened"; 5173 } 5174 return "illegal"; 5175 } 5176 5177 static const char * 5178 sppp_phase_name(enum ppp_phase phase) 5179 { 5180 switch (phase) { 5181 case PHASE_DEAD: return "dead"; 5182 case PHASE_ESTABLISH: return "establish"; 5183 case PHASE_TERMINATE: return "terminate"; 5184 case PHASE_AUTHENTICATE: return "authenticate"; 5185 case PHASE_NETWORK: return "network"; 5186 } 5187 return "illegal"; 5188 } 5189 5190 static const char * 5191 sppp_proto_name(u_short proto) 5192 { 5193 static char buf[12]; 5194 switch (proto) { 5195 case PPP_LCP: return "lcp"; 5196 case PPP_IPCP: return "ipcp"; 5197 case PPP_PAP: return "pap"; 5198 case PPP_CHAP: return "chap"; 5199 case PPP_IPV6CP: return "ipv6cp"; 5200 } 5201 sprintf(buf, "0x%x", (unsigned)proto); 5202 return buf; 5203 } 5204 5205 static void 5206 sppp_print_bytes(const u_char *p, u_short len) 5207 { 5208 addlog(" %02x", *p++); 5209 while (--len > 0) 5210 addlog("-%02x", *p++); 5211 } 5212 5213 static void 5214 sppp_print_string(const char *p, u_short len) 5215 { 5216 u_char c; 5217 5218 while (len-- > 0) { 5219 c = *p++; 5220 /* 5221 * Print only ASCII chars directly. RFC 1994 recommends 5222 * using only them, but we don't rely on it. */ 5223 if (c < ' ' || c > '~') 5224 addlog("\\x%x", c); 5225 else 5226 addlog("%c", c); 5227 } 5228 } 5229 5230 static const char * 5231 sppp_dotted_quad(u_long addr) 5232 { 5233 static char s[16]; 5234 sprintf(s, "%d.%d.%d.%d", 5235 (int)((addr >> 24) & 0xff), 5236 (int)((addr >> 16) & 0xff), 5237 (int)((addr >> 8) & 0xff), 5238 (int)(addr & 0xff)); 5239 return s; 5240 } 5241 5242 static int 5243 sppp_strnlen(u_char *p, int max) 5244 { 5245 int len; 5246 5247 for (len = 0; len < max && *p; ++p) 5248 ++len; 5249 return len; 5250 } 5251 5252 /* a dummy, used to drop uninteresting events */ 5253 static void 5254 sppp_null(struct sppp *unused) 5255 { 5256 /* do just nothing */ 5257 } 5258 /* 5259 * This file is large. Tell emacs to highlight it nevertheless. 5260 * 5261 * Local Variables: 5262 * hilit-auto-highlight-maxout: 120000 5263 * End: 5264 */ 5265
Indexes created Fri Sep 26 20:09:58 GMT 2025