if_spppsubr.c revision 1.20.2.9
1 /* $NetBSD: if_spppsubr.c,v 1.20.2.9 2002/02/28 04:15:02 nathanw Exp $ */ 2 3 /* 4 * Synchronous PPP/Cisco link level subroutines. 5 * Keepalive protocol implemented in both Cisco and PPP modes. 6 * 7 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 8 * Author: Serge Vakulenko, <vak (at) cronyx.ru> 9 * 10 * Heavily revamped to conform to RFC 1661. 11 * Copyright (C) 1997, Joerg Wunsch. 12 * 13 * RFC2472 IPv6CP support. 14 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun (at) iijlab.net>. 15 * 16 * This software is distributed with NO WARRANTIES, not even the implied 17 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 18 * 19 * Authors grant any other persons or organisations permission to use 20 * or modify this software as long as this message is kept with the software, 21 * all derivative works or modified versions. 22 * 23 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 24 * 25 * From: if_spppsubr.c,v 1.39 1998/04/04 13:26:03 phk Exp 26 * 27 * From: Id: if_spppsubr.c,v 1.23 1999/02/23 14:47:50 hm Exp 28 */ 29 30 #include <sys/cdefs.h> 31 __KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.20.2.9 2002/02/28 04:15:02 nathanw Exp $"); 32 33 #include "opt_inet.h" 34 #include "opt_ipx.h" 35 #include "opt_iso.h" 36 #include "opt_ns.h" 37 38 #include <sys/param.h> 39 #include <sys/lwp.h> 40 #include <sys/proc.h> 41 #include <sys/systm.h> 42 #include <sys/kernel.h> 43 #include <sys/sockio.h> 44 #include <sys/socket.h> 45 #include <sys/syslog.h> 46 #include <sys/malloc.h> 47 #include <sys/mbuf.h> 48 #include <sys/callout.h> 49 #include <sys/md5.h> 50 51 #include <net/if.h> 52 #include <net/netisr.h> 53 #include <net/if_types.h> 54 #include <net/route.h> 55 #include <net/ppp_defs.h> 56 57 #include <machine/stdarg.h> 58 59 #include <netinet/in.h> 60 #include <netinet/in_systm.h> 61 #include <netinet/in_var.h> 62 #ifdef INET 63 #include <netinet/ip.h> 64 #include <netinet/tcp.h> 65 #endif 66 #include <net/ethertypes.h> 67 68 #ifdef IPX 69 #include <netipx/ipx.h> 70 #include <netipx/ipx_if.h> 71 #endif 72 73 #ifdef NS 74 #include <netns/ns.h> 75 #include <netns/ns_if.h> 76 #endif 77 78 #ifdef ISO 79 #include <netiso/argo_debug.h> 80 #include <netiso/iso.h> 81 #include <netiso/iso_var.h> 82 #include <netiso/iso_snpac.h> 83 #endif 84 85 #include <net/if_sppp.h> 86 #include <net/if_spppvar.h> 87 88 #define MAXALIVECNT 3 /* max. alive packets */ 89 #define DEFAULT_MAX_AUTH_FAILURES 5 /* max. auth. failures */ 90 91 /* 92 * Interface flags that can be set in an ifconfig command. 93 * 94 * Setting link0 will make the link passive, i.e. it will be marked 95 * as being administrative openable, but won't be opened to begin 96 * with. Incoming calls will be answered, or subsequent calls with 97 * -link1 will cause the administrative open of the LCP layer. 98 * 99 * Setting link1 will cause the link to auto-dial only as packets 100 * arrive to be sent. 101 * 102 * Setting IFF_DEBUG will syslog the option negotiation and state 103 * transitions at level kern.debug. Note: all logs consistently look 104 * like 105 * 106 * <if-name><unit>: <proto-name> <additional info...> 107 * 108 * with <if-name><unit> being something like "bppp0", and <proto-name> 109 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 110 */ 111 112 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 113 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 114 115 #define CONF_REQ 1 /* PPP configure request */ 116 #define CONF_ACK 2 /* PPP configure acknowledge */ 117 #define CONF_NAK 3 /* PPP configure negative ack */ 118 #define CONF_REJ 4 /* PPP configure reject */ 119 #define TERM_REQ 5 /* PPP terminate request */ 120 #define TERM_ACK 6 /* PPP terminate acknowledge */ 121 #define CODE_REJ 7 /* PPP code reject */ 122 #define PROTO_REJ 8 /* PPP protocol reject */ 123 #define ECHO_REQ 9 /* PPP echo request */ 124 #define ECHO_REPLY 10 /* PPP echo reply */ 125 #define DISC_REQ 11 /* PPP discard request */ 126 127 #define LCP_OPT_MRU 1 /* maximum receive unit */ 128 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 129 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 130 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 131 #define LCP_OPT_MAGIC 5 /* magic number */ 132 #define LCP_OPT_RESERVED 6 /* reserved */ 133 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 134 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 135 136 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 137 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol */ 138 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 139 #define IPCP_OPT_PRIMDNS 129 /* primary remote dns address */ 140 #define IPCP_OPT_SECDNS 131 /* secondary remote dns address */ 141 142 #define IPV6CP_OPT_IFID 1 /* interface identifier */ 143 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 144 145 #define PAP_REQ 1 /* PAP name/password request */ 146 #define PAP_ACK 2 /* PAP acknowledge */ 147 #define PAP_NAK 3 /* PAP fail */ 148 149 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 150 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 151 #define CHAP_SUCCESS 3 /* CHAP response ok */ 152 #define CHAP_FAILURE 4 /* CHAP response failed */ 153 154 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 155 156 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 157 #define CISCO_UNICAST 0x0f /* Cisco unicast address */ 158 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 159 #define CISCO_ADDR_REQ 0 /* Cisco address request */ 160 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 161 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 162 163 /* states are named and numbered according to RFC 1661 */ 164 #define STATE_INITIAL 0 165 #define STATE_STARTING 1 166 #define STATE_CLOSED 2 167 #define STATE_STOPPED 3 168 #define STATE_CLOSING 4 169 #define STATE_STOPPING 5 170 #define STATE_REQ_SENT 6 171 #define STATE_ACK_RCVD 7 172 #define STATE_ACK_SENT 8 173 #define STATE_OPENED 9 174 175 struct ppp_header { 176 u_char address; 177 u_char control; 178 u_short protocol; 179 } __attribute__((__packed__)); 180 #define PPP_HEADER_LEN sizeof (struct ppp_header) 181 182 struct lcp_header { 183 u_char type; 184 u_char ident; 185 u_short len; 186 } __attribute__((__packed__)); 187 #define LCP_HEADER_LEN sizeof (struct lcp_header) 188 189 struct cisco_packet { 190 u_int32_t type; 191 u_int32_t par1; 192 u_int32_t par2; 193 u_short rel; 194 u_short time0; 195 u_short time1; 196 } __attribute__((__packed__)); 197 #define CISCO_PACKET_LEN 18 198 199 /* 200 * We follow the spelling and capitalization of RFC 1661 here, to make 201 * it easier comparing with the standard. Please refer to this RFC in 202 * case you can't make sense out of these abbreviation; it will also 203 * explain the semantics related to the various events and actions. 204 */ 205 struct cp { 206 u_short proto; /* PPP control protocol number */ 207 u_char protoidx; /* index into state table in struct sppp */ 208 u_char flags; 209 #define CP_LCP 0x01 /* this is the LCP */ 210 #define CP_AUTH 0x02 /* this is an authentication protocol */ 211 #define CP_NCP 0x04 /* this is a NCP */ 212 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 213 const char *name; /* name of this control protocol */ 214 /* event handlers */ 215 void (*Up)(struct sppp *sp); 216 void (*Down)(struct sppp *sp); 217 void (*Open)(struct sppp *sp); 218 void (*Close)(struct sppp *sp); 219 void (*TO)(void *sp); 220 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 221 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 222 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 223 /* actions */ 224 void (*tlu)(struct sppp *sp); 225 void (*tld)(struct sppp *sp); 226 void (*tls)(struct sppp *sp); 227 void (*tlf)(struct sppp *sp); 228 void (*scr)(struct sppp *sp); 229 }; 230 231 static struct sppp *spppq; 232 static struct callout keepalive_ch; 233 234 #ifdef __FreeBSD__ 235 #define SPP_FMT "%s%d: " 236 #define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 237 #else 238 #define SPP_FMT "%s: " 239 #define SPP_ARGS(ifp) (ifp)->if_xname 240 #endif 241 242 #ifdef INET 243 /* 244 * The following disgusting hack gets around the problem that IP TOS 245 * can't be set yet. We want to put "interactive" traffic on a high 246 * priority queue. To decide if traffic is interactive, we check that 247 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 248 * 249 * XXX is this really still necessary? - joerg - 250 */ 251 static u_short interactive_ports[8] = { 252 0, 513, 0, 0, 253 0, 21, 0, 23, 254 }; 255 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 256 #endif 257 258 /* almost every function needs these */ 259 #define STDDCL \ 260 struct ifnet *ifp = &sp->pp_if; \ 261 int debug = ifp->if_flags & IFF_DEBUG 262 263 static int sppp_output(struct ifnet *ifp, struct mbuf *m, 264 struct sockaddr *dst, struct rtentry *rt); 265 266 static void sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2); 267 static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 268 269 static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 270 struct mbuf *m); 271 static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 272 u_char ident, u_short len, void *data); 273 /* static void sppp_cp_timeout(void *arg); */ 274 static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 275 int newstate); 276 static void sppp_auth_send(const struct cp *cp, 277 struct sppp *sp, unsigned int type, unsigned int id, 278 ...); 279 280 static void sppp_up_event(const struct cp *cp, struct sppp *sp); 281 static void sppp_down_event(const struct cp *cp, struct sppp *sp); 282 static void sppp_open_event(const struct cp *cp, struct sppp *sp); 283 static void sppp_close_event(const struct cp *cp, struct sppp *sp); 284 static void sppp_to_event(const struct cp *cp, struct sppp *sp); 285 286 static void sppp_null(struct sppp *sp); 287 288 static void sppp_lcp_init(struct sppp *sp); 289 static void sppp_lcp_up(struct sppp *sp); 290 static void sppp_lcp_down(struct sppp *sp); 291 static void sppp_lcp_open(struct sppp *sp); 292 static void sppp_lcp_close(struct sppp *sp); 293 static void sppp_lcp_TO(void *sp); 294 static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 295 static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 296 static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 297 static void sppp_lcp_tlu(struct sppp *sp); 298 static void sppp_lcp_tld(struct sppp *sp); 299 static void sppp_lcp_tls(struct sppp *sp); 300 static void sppp_lcp_tlf(struct sppp *sp); 301 static void sppp_lcp_scr(struct sppp *sp); 302 static void sppp_lcp_check_and_close(struct sppp *sp); 303 static int sppp_ncp_check(struct sppp *sp); 304 305 static void sppp_ipcp_init(struct sppp *sp); 306 static void sppp_ipcp_up(struct sppp *sp); 307 static void sppp_ipcp_down(struct sppp *sp); 308 static void sppp_ipcp_open(struct sppp *sp); 309 static void sppp_ipcp_close(struct sppp *sp); 310 static void sppp_ipcp_TO(void *sp); 311 static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 312 static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 313 static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 314 static void sppp_ipcp_tlu(struct sppp *sp); 315 static void sppp_ipcp_tld(struct sppp *sp); 316 static void sppp_ipcp_tls(struct sppp *sp); 317 static void sppp_ipcp_tlf(struct sppp *sp); 318 static void sppp_ipcp_scr(struct sppp *sp); 319 320 static void sppp_ipv6cp_init(struct sppp *sp); 321 static void sppp_ipv6cp_up(struct sppp *sp); 322 static void sppp_ipv6cp_down(struct sppp *sp); 323 static void sppp_ipv6cp_open(struct sppp *sp); 324 static void sppp_ipv6cp_close(struct sppp *sp); 325 static void sppp_ipv6cp_TO(void *sp); 326 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 327 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 328 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 329 static void sppp_ipv6cp_tlu(struct sppp *sp); 330 static void sppp_ipv6cp_tld(struct sppp *sp); 331 static void sppp_ipv6cp_tls(struct sppp *sp); 332 static void sppp_ipv6cp_tlf(struct sppp *sp); 333 static void sppp_ipv6cp_scr(struct sppp *sp); 334 335 static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 336 static void sppp_pap_init(struct sppp *sp); 337 static void sppp_pap_open(struct sppp *sp); 338 static void sppp_pap_close(struct sppp *sp); 339 static void sppp_pap_TO(void *sp); 340 static void sppp_pap_my_TO(void *sp); 341 static void sppp_pap_tlu(struct sppp *sp); 342 static void sppp_pap_tld(struct sppp *sp); 343 static void sppp_pap_scr(struct sppp *sp); 344 345 static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 346 static void sppp_chap_init(struct sppp *sp); 347 static void sppp_chap_open(struct sppp *sp); 348 static void sppp_chap_close(struct sppp *sp); 349 static void sppp_chap_TO(void *sp); 350 static void sppp_chap_tlu(struct sppp *sp); 351 static void sppp_chap_tld(struct sppp *sp); 352 static void sppp_chap_scr(struct sppp *sp); 353 354 static const char *sppp_auth_type_name(u_short proto, u_char type); 355 static const char *sppp_cp_type_name(u_char type); 356 static const char *sppp_dotted_quad(u_int32_t addr); 357 static const char *sppp_ipcp_opt_name(u_char opt); 358 #ifdef INET6 359 static const char *sppp_ipv6cp_opt_name(u_char opt); 360 #endif 361 static const char *sppp_lcp_opt_name(u_char opt); 362 static const char *sppp_phase_name(int phase); 363 static const char *sppp_proto_name(u_short proto); 364 static const char *sppp_state_name(int state); 365 static int sppp_params(struct sppp *sp, int cmd, void *data); 366 static void sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, 367 u_int32_t *srcmask); 368 static void sppp_keepalive(void *dummy); 369 static void sppp_phase_network(struct sppp *sp); 370 static void sppp_print_bytes(const u_char *p, u_short len); 371 static void sppp_print_string(const char *p, u_short len); 372 static void sppp_set_ip_addrs(struct sppp *sp, u_int32_t myaddr, u_int32_t hisaddr); 373 static void sppp_clear_ip_addrs(struct sppp *sp); 374 #ifdef INET6 375 static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 376 struct in6_addr *dst, struct in6_addr *srcmask); 377 #ifdef IPV6CP_MYIFID_DYN 378 static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 379 static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 380 #endif 381 static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 382 #endif 383 384 /* our control protocol descriptors */ 385 static const struct cp lcp = { 386 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 387 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 388 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 389 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 390 sppp_lcp_scr 391 }; 392 393 static const struct cp ipcp = { 394 PPP_IPCP, IDX_IPCP, 395 #ifdef INET 396 CP_NCP, /*don't run IPCP if there's no IPv4 support*/ 397 #else 398 0, 399 #endif 400 "ipcp", 401 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 402 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 403 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 404 sppp_ipcp_scr 405 }; 406 407 static const struct cp ipv6cp = { 408 PPP_IPV6CP, IDX_IPV6CP, 409 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 410 CP_NCP, 411 #else 412 0, 413 #endif 414 "ipv6cp", 415 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 416 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 417 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 418 sppp_ipv6cp_scr 419 }; 420 421 static const struct cp pap = { 422 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 423 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 424 sppp_pap_TO, 0, 0, 0, 425 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 426 sppp_pap_scr 427 }; 428 429 static const struct cp chap = { 430 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 431 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 432 sppp_chap_TO, 0, 0, 0, 433 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 434 sppp_chap_scr 435 }; 436 437 static const struct cp *cps[IDX_COUNT] = { 438 &lcp, /* IDX_LCP */ 439 &ipcp, /* IDX_IPCP */ 440 &ipv6cp, /* IDX_IPV6CP */ 441 &pap, /* IDX_PAP */ 442 &chap, /* IDX_CHAP */ 443 }; 444 445 446 /* 447 * Exported functions, comprising our interface to the lower layer. 448 */ 449 450 /* 451 * Process the received packet. 452 */ 453 void 454 sppp_input(struct ifnet *ifp, struct mbuf *m) 455 { 456 struct ppp_header *h = NULL; 457 struct ifqueue *inq = 0; 458 u_int16_t protocol; 459 int s; 460 struct sppp *sp = (struct sppp *)ifp; 461 int debug = ifp->if_flags & IFF_DEBUG; 462 463 if (ifp->if_flags & IFF_UP) 464 /* Count received bytes, add hardware framing */ 465 ifp->if_ibytes += m->m_pkthdr.len + sp->pp_framebytes; 466 467 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 468 /* Too small packet, drop it. */ 469 if (debug) 470 log(LOG_DEBUG, 471 SPP_FMT "input packet is too small, %d bytes\n", 472 SPP_ARGS(ifp), m->m_pkthdr.len); 473 drop: 474 ++ifp->if_ierrors; 475 ++ifp->if_iqdrops; 476 m_freem (m); 477 return; 478 } 479 480 if (sp->pp_flags & PP_NOFRAMING) { 481 memcpy(&protocol, mtod(m, void *), 2); 482 protocol = ntohs(protocol); 483 m_adj(m, 2); 484 } else { 485 486 /* Get PPP header. */ 487 h = mtod (m, struct ppp_header*); 488 m_adj (m, PPP_HEADER_LEN); 489 490 switch (h->address) { 491 case PPP_ALLSTATIONS: 492 if (h->control != PPP_UI) 493 goto invalid; 494 if (sp->pp_flags & PP_CISCO) { 495 if (debug) 496 log(LOG_DEBUG, 497 SPP_FMT "PPP packet in Cisco mode " 498 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 499 SPP_ARGS(ifp), 500 h->address, h->control, ntohs(h->protocol)); 501 goto drop; 502 } 503 break; 504 case CISCO_MULTICAST: 505 case CISCO_UNICAST: 506 /* Don't check the control field here (RFC 1547). */ 507 if (! (sp->pp_flags & PP_CISCO)) { 508 if (debug) 509 log(LOG_DEBUG, 510 SPP_FMT "Cisco packet in PPP mode " 511 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 512 SPP_ARGS(ifp), 513 h->address, h->control, ntohs(h->protocol)); 514 goto drop; 515 } 516 switch (ntohs (h->protocol)) { 517 default: 518 ++ifp->if_noproto; 519 goto invalid; 520 case CISCO_KEEPALIVE: 521 sppp_cisco_input ((struct sppp*) ifp, m); 522 m_freem (m); 523 return; 524 #ifdef INET 525 case ETHERTYPE_IP: 526 schednetisr (NETISR_IP); 527 inq = &ipintrq; 528 break; 529 #endif 530 #ifdef INET6 531 case ETHERTYPE_IPV6: 532 schednetisr (NETISR_IPV6); 533 inq = &ip6intrq; 534 break; 535 #endif 536 #ifdef IPX 537 case ETHERTYPE_IPX: 538 schednetisr (NETISR_IPX); 539 inq = &ipxintrq; 540 break; 541 #endif 542 #ifdef NS 543 case ETHERTYPE_NS: 544 schednetisr (NETISR_NS); 545 inq = &nsintrq; 546 break; 547 #endif 548 } 549 goto queue_pkt; 550 default: /* Invalid PPP packet. */ 551 invalid: 552 if (debug) 553 log(LOG_DEBUG, 554 SPP_FMT "invalid input packet " 555 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 556 SPP_ARGS(ifp), 557 h->address, h->control, ntohs(h->protocol)); 558 goto drop; 559 } 560 protocol = ntohs (h->protocol); 561 } 562 563 switch (protocol) { 564 default: 565 if (sp->state[IDX_LCP] == STATE_OPENED) { 566 u_int16_t prot = htons(protocol); 567 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 568 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 569 &prot); 570 } 571 if (debug) 572 log(LOG_DEBUG, 573 SPP_FMT "invalid input protocol " 574 "<proto=0x%x>\n", SPP_ARGS(ifp), ntohs(protocol)); 575 ++ifp->if_noproto; 576 goto drop; 577 case PPP_LCP: 578 sppp_cp_input(&lcp, sp, m); 579 m_freem (m); 580 return; 581 case PPP_PAP: 582 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) 583 sppp_pap_input(sp, m); 584 m_freem (m); 585 return; 586 case PPP_CHAP: 587 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) 588 sppp_chap_input(sp, m); 589 m_freem (m); 590 return; 591 #ifdef INET 592 case PPP_IPCP: 593 if (sp->pp_phase == SPPP_PHASE_NETWORK) 594 sppp_cp_input(&ipcp, sp, m); 595 m_freem (m); 596 return; 597 case PPP_IP: 598 if (sp->state[IDX_IPCP] == STATE_OPENED) { 599 schednetisr (NETISR_IP); 600 inq = &ipintrq; 601 sp->pp_last_activity = time.tv_sec; 602 } 603 break; 604 #endif 605 #ifdef INET6 606 case PPP_IPV6CP: 607 if (sp->pp_phase == SPPP_PHASE_NETWORK) 608 sppp_cp_input(&ipv6cp, sp, m); 609 m_freem (m); 610 return; 611 612 case PPP_IPV6: 613 if (sp->state[IDX_IPV6CP] == STATE_OPENED) { 614 schednetisr (NETISR_IPV6); 615 inq = &ip6intrq; 616 sp->pp_last_activity = time.tv_sec; 617 } 618 break; 619 #endif 620 #ifdef IPX 621 case PPP_IPX: 622 /* IPX IPXCP not implemented yet */ 623 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 624 schednetisr (NETISR_IPX); 625 inq = &ipxintrq; 626 } 627 break; 628 #endif 629 #ifdef NS 630 case PPP_XNS: 631 /* XNS IDPCP not implemented yet */ 632 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 633 schednetisr (NETISR_NS); 634 inq = &nsintrq; 635 } 636 break; 637 #endif 638 #ifdef ISO 639 case PPP_ISO: 640 /* OSI NLCP not implemented yet */ 641 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 642 schednetisr (NETISR_ISO); 643 inq = &clnlintrq; 644 } 645 break; 646 #endif 647 } 648 649 queue_pkt: 650 if (! (ifp->if_flags & IFF_UP) || ! inq) 651 goto drop; 652 653 /* Check queue. */ 654 s = splnet(); 655 if (IF_QFULL (inq)) { 656 /* Queue overflow. */ 657 IF_DROP(inq); 658 splx(s); 659 if (debug) 660 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 661 SPP_ARGS(ifp)); 662 goto drop; 663 } 664 IF_ENQUEUE(inq, m); 665 splx(s); 666 } 667 668 /* 669 * Enqueue transmit packet. 670 */ 671 static int 672 sppp_output(struct ifnet *ifp, struct mbuf *m, 673 struct sockaddr *dst, struct rtentry *rt) 674 { 675 struct sppp *sp = (struct sppp*) ifp; 676 struct ppp_header *h = NULL; 677 struct ifqueue *ifq = NULL; /* XXX */ 678 int s, len, rv = 0; 679 u_int16_t protocol; 680 ALTQ_DECL(struct altq_pktattr pktattr;) 681 682 s = splnet(); 683 684 sp->pp_last_activity = time.tv_sec; 685 686 if ((ifp->if_flags & IFF_UP) == 0 || 687 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 688 m_freem (m); 689 splx (s); 690 return (ENETDOWN); 691 } 692 693 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 694 /* 695 * Interface is not yet running, but auto-dial. Need 696 * to start LCP for it. 697 */ 698 ifp->if_flags |= IFF_RUNNING; 699 splx(s); 700 lcp.Open(sp); 701 s = splnet(); 702 } 703 704 /* 705 * If the queueing discipline needs packet classification, 706 * do it before prepending link headers. 707 */ 708 IFQ_CLASSIFY(&ifp->if_snd, m, dst->sa_family, &pktattr); 709 710 #ifdef INET 711 if (dst->sa_family == AF_INET) 712 { 713 /* Check mbuf length here??? */ 714 struct ip *ip = mtod (m, struct ip*); 715 struct tcphdr *tcp = (struct tcphdr*) ((int32_t*)ip + ip->ip_hl); 716 717 /* 718 * When using dynamic local IP address assignment by using 719 * 0.0.0.0 as a local address, the first TCP session will 720 * not connect because the local TCP checksum is computed 721 * using 0.0.0.0 which will later become our real IP address 722 * so the TCP checksum computed at the remote end will 723 * become invalid. So we 724 * - don't let packets with src ip addr 0 thru 725 * - we flag TCP packets with src ip 0 as an error 726 */ 727 728 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 729 { 730 m_freem(m); 731 splx(s); 732 if(ip->ip_p == IPPROTO_TCP) 733 return(EADDRNOTAVAIL); 734 else 735 return(0); 736 } 737 738 /* 739 * Put low delay, telnet, rlogin and ftp control packets 740 * in front of the queue. 741 */ 742 743 if (! IF_QFULL (&sp->pp_fastq) && 744 ((ip->ip_tos & IPTOS_LOWDELAY) || 745 ((ip->ip_p == IPPROTO_TCP && 746 m->m_len >= sizeof (struct ip) + sizeof (struct tcphdr) && 747 (INTERACTIVE (ntohs (tcp->th_sport)))) || 748 INTERACTIVE (ntohs (tcp->th_dport))))) 749 ifq = &sp->pp_fastq; 750 } 751 #endif 752 753 #ifdef INET6 754 if (dst->sa_family == AF_INET6) { 755 /* XXX do something tricky here? */ 756 } 757 #endif 758 759 if ((sp->pp_flags & PP_NOFRAMING) == 0) { 760 /* 761 * Prepend general data packet PPP header. For now, IP only. 762 */ 763 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 764 if (! m) { 765 if (ifp->if_flags & IFF_DEBUG) 766 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 767 SPP_ARGS(ifp)); 768 ++ifp->if_oerrors; 769 splx (s); 770 return (ENOBUFS); 771 } 772 /* 773 * May want to check size of packet 774 * (albeit due to the implementation it's always enough) 775 */ 776 h = mtod (m, struct ppp_header*); 777 if (sp->pp_flags & PP_CISCO) { 778 h->address = CISCO_UNICAST; /* unicast address */ 779 h->control = 0; 780 } else { 781 h->address = PPP_ALLSTATIONS; /* broadcast address */ 782 h->control = PPP_UI; /* Unnumbered Info */ 783 } 784 } 785 786 switch (dst->sa_family) { 787 #ifdef INET 788 case AF_INET: /* Internet Protocol */ 789 if (sp->pp_flags & PP_CISCO) 790 protocol = htons (ETHERTYPE_IP); 791 else { 792 /* 793 * Don't choke with an ENETDOWN early. It's 794 * possible that we just started dialing out, 795 * so don't drop the packet immediately. If 796 * we notice that we run out of buffer space 797 * below, we will however remember that we are 798 * not ready to carry IP packets, and return 799 * ENETDOWN, as opposed to ENOBUFS. 800 */ 801 protocol = htons(PPP_IP); 802 if (sp->state[IDX_IPCP] != STATE_OPENED) 803 rv = ENETDOWN; 804 } 805 break; 806 #endif 807 #ifdef INET6 808 case AF_INET6: /* Internet Protocol version 6 */ 809 if (sp->pp_flags & PP_CISCO) 810 protocol = htons (ETHERTYPE_IPV6); 811 else { 812 /* 813 * Don't choke with an ENETDOWN early. It's 814 * possible that we just started dialing out, 815 * so don't drop the packet immediately. If 816 * we notice that we run out of buffer space 817 * below, we will however remember that we are 818 * not ready to carry IP packets, and return 819 * ENETDOWN, as opposed to ENOBUFS. 820 */ 821 protocol = htons(PPP_IPV6); 822 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 823 rv = ENETDOWN; 824 } 825 break; 826 #endif 827 #ifdef NS 828 case AF_NS: /* Xerox NS Protocol */ 829 protocol = htons ((sp->pp_flags & PP_CISCO) ? 830 ETHERTYPE_NS : PPP_XNS); 831 break; 832 #endif 833 #ifdef IPX 834 case AF_IPX: /* Novell IPX Protocol */ 835 protocol = htons ((sp->pp_flags & PP_CISCO) ? 836 ETHERTYPE_IPX : PPP_IPX); 837 break; 838 #endif 839 #ifdef ISO 840 case AF_ISO: /* ISO OSI Protocol */ 841 if (sp->pp_flags & PP_CISCO) 842 goto nosupport; 843 protocol = htons (PPP_ISO); 844 break; 845 nosupport: 846 #endif 847 default: 848 m_freem (m); 849 ++ifp->if_oerrors; 850 splx (s); 851 return (EAFNOSUPPORT); 852 } 853 854 if (sp->pp_flags & PP_NOFRAMING) { 855 M_PREPEND (m, 2, M_DONTWAIT); 856 if (m == NULL) { 857 if (ifp->if_flags & IFF_DEBUG) 858 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 859 SPP_ARGS(ifp)); 860 ++ifp->if_oerrors; 861 splx (s); 862 return (ENOBUFS); 863 } 864 *mtod(m, u_int16_t*) = protocol; 865 } else { 866 h->protocol = protocol; 867 } 868 869 /* 870 * Queue message on interface, and start output if interface 871 * not yet active. 872 */ 873 len = m->m_pkthdr.len; 874 if (ifq != NULL 875 #ifdef ALTQ 876 && ALTQ_IS_ENABLED(&ifp->if_snd) == 0 877 #endif 878 ) { 879 if (IF_QFULL (ifq)) { 880 IF_DROP (&ifp->if_snd); 881 m_freem (m); 882 if (rv == 0) 883 rv = ENOBUFS; 884 } 885 IF_ENQUEUE(ifq, m); 886 } else 887 IFQ_ENQUEUE(&ifp->if_snd, m, &pktattr, rv); 888 if (rv != 0) { 889 ++ifp->if_oerrors; 890 splx(s); 891 return (rv); 892 } 893 894 if (! (ifp->if_flags & IFF_OACTIVE)) 895 (*ifp->if_start) (ifp); 896 897 /* 898 * Count output packets and bytes. 899 * The packet length includes header + additional hardware framing 900 * according to RFC 1333. 901 */ 902 ifp->if_obytes += len + sp->pp_framebytes; 903 splx (s); 904 return (0); 905 } 906 907 void 908 sppp_attach(struct ifnet *ifp) 909 { 910 struct sppp *sp = (struct sppp*) ifp; 911 912 /* Initialize keepalive handler. */ 913 if (! spppq) { 914 callout_init(&keepalive_ch); 915 callout_reset(&keepalive_ch, hz * 10, sppp_keepalive, NULL); 916 } 917 918 /* Insert new entry into the keepalive list. */ 919 sp->pp_next = spppq; 920 spppq = sp; 921 922 sp->pp_if.if_type = IFT_PPP; 923 sp->pp_if.if_output = sppp_output; 924 sp->pp_fastq.ifq_maxlen = 32; 925 sp->pp_cpq.ifq_maxlen = 20; 926 sp->pp_loopcnt = 0; 927 sp->pp_alivecnt = 0; 928 sp->pp_last_activity = 0; 929 sp->pp_idle_timeout = 0; 930 memset(&sp->pp_seq[0], 0, sizeof(sp->pp_seq)); 931 memset(&sp->pp_rseq[0], 0, sizeof(sp->pp_rseq)); 932 sp->pp_auth_failures = 0; 933 sp->pp_max_auth_fail = DEFAULT_MAX_AUTH_FAILURES; 934 sp->pp_phase = SPPP_PHASE_DEAD; 935 sp->pp_up = lcp.Up; 936 sp->pp_down = lcp.Down; 937 938 if_alloc_sadl(ifp); 939 940 memset(&sp->myauth, 0, sizeof sp->myauth); 941 memset(&sp->hisauth, 0, sizeof sp->hisauth); 942 sppp_lcp_init(sp); 943 sppp_ipcp_init(sp); 944 sppp_ipv6cp_init(sp); 945 sppp_pap_init(sp); 946 sppp_chap_init(sp); 947 } 948 949 void 950 sppp_detach(struct ifnet *ifp) 951 { 952 struct sppp **q, *p, *sp = (struct sppp*) ifp; 953 int i; 954 955 /* Remove the entry from the keepalive list. */ 956 for (q = &spppq; (p = *q); q = &p->pp_next) 957 if (p == sp) { 958 *q = p->pp_next; 959 break; 960 } 961 962 /* Stop keepalive handler. */ 963 if (! spppq) { 964 callout_stop(&keepalive_ch); 965 } 966 967 for (i = 0; i < IDX_COUNT; i++) { 968 callout_stop(&sp->ch[i]); 969 } 970 callout_stop(&sp->pap_my_to_ch); 971 972 /* free authentication info */ 973 if (sp->myauth.name) free(sp->myauth.name, M_DEVBUF); 974 if (sp->myauth.secret) free(sp->myauth.secret, M_DEVBUF); 975 if (sp->hisauth.name) free(sp->hisauth.name, M_DEVBUF); 976 if (sp->hisauth.secret) free(sp->hisauth.secret, M_DEVBUF); 977 978 if_free_sadl(ifp); 979 } 980 981 /* 982 * Flush the interface output queue. 983 */ 984 void 985 sppp_flush(struct ifnet *ifp) 986 { 987 struct sppp *sp = (struct sppp*) ifp; 988 989 IFQ_PURGE (&sp->pp_if.if_snd); 990 IF_PURGE (&sp->pp_fastq); 991 IF_PURGE (&sp->pp_cpq); 992 } 993 994 /* 995 * Check if the output queue is empty. 996 */ 997 int 998 sppp_isempty(struct ifnet *ifp) 999 { 1000 struct sppp *sp = (struct sppp*) ifp; 1001 int empty, s; 1002 1003 s = splnet(); 1004 empty = IF_IS_EMPTY(&sp->pp_fastq) && IF_IS_EMPTY(&sp->pp_cpq) && 1005 IFQ_IS_EMPTY(&sp->pp_if.if_snd); 1006 splx(s); 1007 return (empty); 1008 } 1009 1010 /* 1011 * Get next packet to send. 1012 */ 1013 struct mbuf * 1014 sppp_dequeue(struct ifnet *ifp) 1015 { 1016 struct sppp *sp = (struct sppp*) ifp; 1017 struct mbuf *m; 1018 int s; 1019 1020 s = splnet(); 1021 /* 1022 * Process only the control protocol queue until we have at 1023 * least one NCP open. 1024 * 1025 * Do always serve all three queues in Cisco mode. 1026 */ 1027 IF_DEQUEUE(&sp->pp_cpq, m); 1028 if (m == NULL && 1029 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) { 1030 IF_DEQUEUE(&sp->pp_fastq, m); 1031 if (m == NULL) 1032 IF_DEQUEUE (&sp->pp_if.if_snd, m); 1033 } 1034 splx(s); 1035 return m; 1036 } 1037 1038 /* 1039 * Pick the next packet, do not remove it from the queue. 1040 */ 1041 struct mbuf * 1042 sppp_pick(struct ifnet *ifp) 1043 { 1044 struct sppp *sp = (struct sppp*)ifp; 1045 struct mbuf *m; 1046 int s; 1047 1048 s= splnet (); 1049 1050 m = sp->pp_cpq.ifq_head; 1051 if (m == NULL && 1052 (sp->pp_phase == SPPP_PHASE_NETWORK || 1053 (sp->pp_flags & PP_CISCO) != 0)) 1054 if ((m = sp->pp_fastq.ifq_head) == NULL) 1055 m = sp->pp_if.if_snd.ifq_head; 1056 splx (s); 1057 return (m); 1058 } 1059 1060 /* 1061 * Process an ioctl request. Called on low priority level. 1062 */ 1063 int 1064 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) 1065 { 1066 struct ifreq *ifr = (struct ifreq*) data; 1067 struct sppp *sp = (struct sppp*) ifp; 1068 int s, error=0, going_up, going_down, newmode; 1069 1070 s = splnet(); 1071 switch (cmd) { 1072 case SIOCAIFADDR: 1073 case SIOCSIFDSTADDR: 1074 break; 1075 1076 case SIOCSIFADDR: 1077 if_up(ifp); 1078 /* fall through... */ 1079 1080 case SIOCSIFFLAGS: 1081 going_up = ifp->if_flags & IFF_UP && 1082 (ifp->if_flags & IFF_RUNNING) == 0; 1083 going_down = (ifp->if_flags & IFF_UP) == 0 && 1084 ifp->if_flags & IFF_RUNNING; 1085 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 1086 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 1087 /* sanity */ 1088 newmode = IFF_PASSIVE; 1089 ifp->if_flags &= ~IFF_AUTO; 1090 } 1091 1092 if (going_up || going_down) 1093 lcp.Close(sp); 1094 if (going_up && newmode == 0) { 1095 /* neither auto-dial nor passive */ 1096 ifp->if_flags |= IFF_RUNNING; 1097 if (!(sp->pp_flags & PP_CISCO)) 1098 lcp.Open(sp); 1099 } else if (going_down) { 1100 sppp_flush(ifp); 1101 ifp->if_flags &= ~IFF_RUNNING; 1102 } 1103 1104 break; 1105 1106 #ifdef SIOCSIFMTU 1107 #ifndef ifr_mtu 1108 #define ifr_mtu ifr_metric 1109 #endif 1110 case SIOCSIFMTU: 1111 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1112 return (EINVAL); 1113 ifp->if_mtu = ifr->ifr_mtu; 1114 break; 1115 #endif 1116 #ifdef SLIOCSETMTU 1117 case SLIOCSETMTU: 1118 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1119 return (EINVAL); 1120 ifp->if_mtu = *(short*)data; 1121 break; 1122 #endif 1123 #ifdef SIOCGIFMTU 1124 case SIOCGIFMTU: 1125 ifr->ifr_mtu = ifp->if_mtu; 1126 break; 1127 #endif 1128 #ifdef SLIOCGETMTU 1129 case SLIOCGETMTU: 1130 *(short*)data = ifp->if_mtu; 1131 break; 1132 #endif 1133 case SIOCADDMULTI: 1134 case SIOCDELMULTI: 1135 break; 1136 1137 case SPPPSETAUTHCFG: 1138 case SPPPSETLCPCFG: 1139 case SPPPSETIDLETO: 1140 case SPPPSETAUTHFAILURE: 1141 { 1142 struct proc *p = curproc->l_proc; /* XXX */ 1143 1144 if ((error = suser(p->p_ucred, &p->p_acflag)) != 0) 1145 break; 1146 } 1147 /* FALLTHROUGH */ 1148 case SPPPGETAUTHCFG: 1149 case SPPPGETLCPCFG: 1150 case SPPPGETSTATUS: 1151 case SPPPGETIDLETO: 1152 case SPPPGETAUTHFAILURES: 1153 error = sppp_params(sp, cmd, data); 1154 break; 1155 1156 default: 1157 error = ENOTTY; 1158 } 1159 splx(s); 1160 return (error); 1161 } 1162 1163 1164 /* 1165 * Cisco framing implementation. 1166 */ 1167 1168 /* 1169 * Handle incoming Cisco keepalive protocol packets. 1170 */ 1171 static void 1172 sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1173 { 1174 STDDCL; 1175 struct cisco_packet *h; 1176 u_int32_t me, mymask; 1177 1178 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1179 if (debug) 1180 log(LOG_DEBUG, 1181 SPP_FMT "cisco invalid packet length: %d bytes\n", 1182 SPP_ARGS(ifp), m->m_pkthdr.len); 1183 return; 1184 } 1185 h = mtod (m, struct cisco_packet*); 1186 if (debug) 1187 log(LOG_DEBUG, 1188 SPP_FMT "cisco input: %d bytes " 1189 "<0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", 1190 SPP_ARGS(ifp), m->m_pkthdr.len, 1191 ntohl (h->type), h->par1, h->par2, (u_int)h->rel, 1192 (u_int)h->time0, (u_int)h->time1); 1193 switch (ntohl (h->type)) { 1194 default: 1195 if (debug) 1196 addlog(SPP_FMT "cisco unknown packet type: 0x%x\n", 1197 SPP_ARGS(ifp), ntohl (h->type)); 1198 break; 1199 case CISCO_ADDR_REPLY: 1200 /* Reply on address request, ignore */ 1201 break; 1202 case CISCO_KEEPALIVE_REQ: 1203 sp->pp_alivecnt = 0; 1204 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1205 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1206 /* Local and remote sequence numbers are equal. 1207 * Probably, the line is in loopback mode. */ 1208 if (sp->pp_loopcnt >= MAXALIVECNT) { 1209 printf (SPP_FMT "loopback\n", 1210 SPP_ARGS(ifp)); 1211 sp->pp_loopcnt = 0; 1212 if (ifp->if_flags & IFF_UP) { 1213 if_down (ifp); 1214 IF_PURGE (&sp->pp_cpq); 1215 } 1216 } 1217 ++sp->pp_loopcnt; 1218 1219 /* Generate new local sequence number */ 1220 sp->pp_seq[IDX_LCP] = random(); 1221 break; 1222 } 1223 sp->pp_loopcnt = 0; 1224 if (! (ifp->if_flags & IFF_UP) && 1225 (ifp->if_flags & IFF_RUNNING)) { 1226 if_up(ifp); 1227 } 1228 break; 1229 case CISCO_ADDR_REQ: 1230 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1231 if (me != 0L) 1232 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1233 break; 1234 } 1235 } 1236 1237 /* 1238 * Send Cisco keepalive packet. 1239 */ 1240 static void 1241 sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2) 1242 { 1243 STDDCL; 1244 struct ppp_header *h; 1245 struct cisco_packet *ch; 1246 struct mbuf *m; 1247 u_int32_t t = (time.tv_sec - boottime.tv_sec) * 1000; 1248 1249 MGETHDR (m, M_DONTWAIT, MT_DATA); 1250 if (! m) 1251 return; 1252 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1253 m->m_pkthdr.rcvif = 0; 1254 1255 h = mtod (m, struct ppp_header*); 1256 h->address = CISCO_MULTICAST; 1257 h->control = 0; 1258 h->protocol = htons (CISCO_KEEPALIVE); 1259 1260 ch = (struct cisco_packet*) (h + 1); 1261 ch->type = htonl (type); 1262 ch->par1 = htonl (par1); 1263 ch->par2 = htonl (par2); 1264 ch->rel = -1; 1265 1266 ch->time0 = htons ((u_short) (t >> 16)); 1267 ch->time1 = htons ((u_short) t); 1268 1269 if (debug) 1270 log(LOG_DEBUG, 1271 SPP_FMT "cisco output: <0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", 1272 SPP_ARGS(ifp), ntohl (ch->type), ch->par1, 1273 ch->par2, (u_int)ch->rel, (u_int)ch->time0, 1274 (u_int)ch->time1); 1275 1276 if (IF_QFULL (&sp->pp_cpq)) { 1277 IF_DROP (&sp->pp_fastq); 1278 IF_DROP (&ifp->if_snd); 1279 m_freem (m); 1280 } else 1281 IF_ENQUEUE (&sp->pp_cpq, m); 1282 if (! (ifp->if_flags & IFF_OACTIVE)) 1283 (*ifp->if_start) (ifp); 1284 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes; 1285 } 1286 1287 /* 1288 * PPP protocol implementation. 1289 */ 1290 1291 /* 1292 * Send PPP control protocol packet. 1293 */ 1294 static void 1295 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1296 u_char ident, u_short len, void *data) 1297 { 1298 STDDCL; 1299 struct lcp_header *lh; 1300 struct mbuf *m; 1301 size_t pkthdrlen; 1302 1303 pkthdrlen = (sp->pp_flags & PP_NOFRAMING) ? 2 : PPP_HEADER_LEN; 1304 1305 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) 1306 len = MHLEN - pkthdrlen - LCP_HEADER_LEN; 1307 MGETHDR (m, M_DONTWAIT, MT_DATA); 1308 if (! m) 1309 return; 1310 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 1311 m->m_pkthdr.rcvif = 0; 1312 1313 if (sp->pp_flags & PP_NOFRAMING) { 1314 *mtod(m, u_int16_t*) = htons(proto); 1315 lh = (struct lcp_header*)(mtod(m, u_int8_t*) + 2); 1316 } else { 1317 struct ppp_header *h; 1318 h = mtod (m, struct ppp_header*); 1319 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1320 h->control = PPP_UI; /* Unnumbered Info */ 1321 h->protocol = htons (proto); /* Link Control Protocol */ 1322 lh = (struct lcp_header*) (h + 1); 1323 } 1324 lh->type = type; 1325 lh->ident = ident; 1326 lh->len = htons (LCP_HEADER_LEN + len); 1327 if (len) 1328 bcopy (data, lh+1, len); 1329 1330 if (debug) { 1331 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1332 SPP_ARGS(ifp), 1333 sppp_proto_name(proto), 1334 sppp_cp_type_name (lh->type), lh->ident, 1335 ntohs (lh->len)); 1336 if (len) 1337 sppp_print_bytes ((u_char*) (lh+1), len); 1338 addlog(">\n"); 1339 } 1340 if (IF_QFULL (&sp->pp_cpq)) { 1341 IF_DROP (&sp->pp_fastq); 1342 IF_DROP (&ifp->if_snd); 1343 m_freem (m); 1344 ++ifp->if_oerrors; 1345 } else 1346 IF_ENQUEUE (&sp->pp_cpq, m); 1347 if (! (ifp->if_flags & IFF_OACTIVE)) 1348 (*ifp->if_start) (ifp); 1349 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes; 1350 } 1351 1352 /* 1353 * Handle incoming PPP control protocol packets. 1354 */ 1355 static void 1356 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1357 { 1358 STDDCL; 1359 struct lcp_header *h; 1360 int len = m->m_pkthdr.len; 1361 int rv; 1362 u_char *p; 1363 u_int32_t u32; 1364 1365 if (len < 4) { 1366 if (debug) 1367 log(LOG_DEBUG, 1368 SPP_FMT "%s invalid packet length: %d bytes\n", 1369 SPP_ARGS(ifp), cp->name, len); 1370 return; 1371 } 1372 h = mtod (m, struct lcp_header*); 1373 if (debug) { 1374 log(LOG_DEBUG, 1375 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1376 SPP_ARGS(ifp), cp->name, 1377 sppp_state_name(sp->state[cp->protoidx]), 1378 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1379 if (len > 4) 1380 sppp_print_bytes ((u_char*) (h+1), len-4); 1381 addlog(">\n"); 1382 } 1383 if (len > ntohs (h->len)) 1384 len = ntohs (h->len); 1385 p = (u_char *)(h + 1); 1386 switch (h->type) { 1387 case CONF_REQ: 1388 if (len < 4) { 1389 if (debug) 1390 addlog(SPP_FMT "%s invalid conf-req length %d\n", 1391 SPP_ARGS(ifp), cp->name, 1392 len); 1393 ++ifp->if_ierrors; 1394 break; 1395 } 1396 /* handle states where RCR doesn't get a SCA/SCN */ 1397 switch (sp->state[cp->protoidx]) { 1398 case STATE_CLOSING: 1399 case STATE_STOPPING: 1400 return; 1401 case STATE_CLOSED: 1402 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1403 0, 0); 1404 return; 1405 } 1406 rv = (cp->RCR)(sp, h, len); 1407 switch (sp->state[cp->protoidx]) { 1408 case STATE_OPENED: 1409 (cp->tld)(sp); 1410 (cp->scr)(sp); 1411 /* fall through... */ 1412 case STATE_ACK_SENT: 1413 case STATE_REQ_SENT: 1414 sppp_cp_change_state(cp, sp, rv? 1415 STATE_ACK_SENT: STATE_REQ_SENT); 1416 break; 1417 case STATE_STOPPED: 1418 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1419 (cp->scr)(sp); 1420 sppp_cp_change_state(cp, sp, rv? 1421 STATE_ACK_SENT: STATE_REQ_SENT); 1422 break; 1423 case STATE_ACK_RCVD: 1424 if (rv) { 1425 sppp_cp_change_state(cp, sp, STATE_OPENED); 1426 if (debug) 1427 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1428 SPP_ARGS(ifp), 1429 cp->name); 1430 (cp->tlu)(sp); 1431 } else 1432 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1433 break; 1434 default: 1435 printf(SPP_FMT "%s illegal %s in state %s\n", 1436 SPP_ARGS(ifp), cp->name, 1437 sppp_cp_type_name(h->type), 1438 sppp_state_name(sp->state[cp->protoidx])); 1439 ++ifp->if_ierrors; 1440 } 1441 break; 1442 case CONF_ACK: 1443 if (h->ident != sp->confid[cp->protoidx]) { 1444 if (debug) 1445 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1446 SPP_ARGS(ifp), cp->name, 1447 h->ident, sp->confid[cp->protoidx]); 1448 ++ifp->if_ierrors; 1449 break; 1450 } 1451 switch (sp->state[cp->protoidx]) { 1452 case STATE_CLOSED: 1453 case STATE_STOPPED: 1454 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1455 break; 1456 case STATE_CLOSING: 1457 case STATE_STOPPING: 1458 break; 1459 case STATE_REQ_SENT: 1460 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1461 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1462 break; 1463 case STATE_OPENED: 1464 (cp->tld)(sp); 1465 /* fall through */ 1466 case STATE_ACK_RCVD: 1467 (cp->scr)(sp); 1468 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1469 break; 1470 case STATE_ACK_SENT: 1471 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1472 sppp_cp_change_state(cp, sp, STATE_OPENED); 1473 if (debug) 1474 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1475 SPP_ARGS(ifp), cp->name); 1476 (cp->tlu)(sp); 1477 break; 1478 default: 1479 printf(SPP_FMT "%s illegal %s in state %s\n", 1480 SPP_ARGS(ifp), cp->name, 1481 sppp_cp_type_name(h->type), 1482 sppp_state_name(sp->state[cp->protoidx])); 1483 ++ifp->if_ierrors; 1484 } 1485 break; 1486 case CONF_NAK: 1487 case CONF_REJ: 1488 if (h->ident != sp->confid[cp->protoidx]) { 1489 if (debug) 1490 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1491 SPP_ARGS(ifp), cp->name, 1492 h->ident, sp->confid[cp->protoidx]); 1493 ++ifp->if_ierrors; 1494 break; 1495 } 1496 if (h->type == CONF_NAK) 1497 (cp->RCN_nak)(sp, h, len); 1498 else /* CONF_REJ */ 1499 (cp->RCN_rej)(sp, h, len); 1500 1501 switch (sp->state[cp->protoidx]) { 1502 case STATE_CLOSED: 1503 case STATE_STOPPED: 1504 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1505 break; 1506 case STATE_REQ_SENT: 1507 case STATE_ACK_SENT: 1508 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1509 (cp->scr)(sp); 1510 break; 1511 case STATE_OPENED: 1512 (cp->tld)(sp); 1513 /* fall through */ 1514 case STATE_ACK_RCVD: 1515 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1516 (cp->scr)(sp); 1517 break; 1518 case STATE_CLOSING: 1519 case STATE_STOPPING: 1520 break; 1521 default: 1522 printf(SPP_FMT "%s illegal %s in state %s\n", 1523 SPP_ARGS(ifp), cp->name, 1524 sppp_cp_type_name(h->type), 1525 sppp_state_name(sp->state[cp->protoidx])); 1526 ++ifp->if_ierrors; 1527 } 1528 break; 1529 1530 case TERM_REQ: 1531 switch (sp->state[cp->protoidx]) { 1532 case STATE_ACK_RCVD: 1533 case STATE_ACK_SENT: 1534 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1535 /* fall through */ 1536 case STATE_CLOSED: 1537 case STATE_STOPPED: 1538 case STATE_CLOSING: 1539 case STATE_STOPPING: 1540 case STATE_REQ_SENT: 1541 sta: 1542 /* Send Terminate-Ack packet. */ 1543 if (debug) 1544 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1545 SPP_ARGS(ifp), cp->name); 1546 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1547 break; 1548 case STATE_OPENED: 1549 (cp->tld)(sp); 1550 sp->rst_counter[cp->protoidx] = 0; 1551 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1552 goto sta; 1553 break; 1554 default: 1555 printf(SPP_FMT "%s illegal %s in state %s\n", 1556 SPP_ARGS(ifp), cp->name, 1557 sppp_cp_type_name(h->type), 1558 sppp_state_name(sp->state[cp->protoidx])); 1559 ++ifp->if_ierrors; 1560 } 1561 break; 1562 case TERM_ACK: 1563 switch (sp->state[cp->protoidx]) { 1564 case STATE_CLOSED: 1565 case STATE_STOPPED: 1566 case STATE_REQ_SENT: 1567 case STATE_ACK_SENT: 1568 break; 1569 case STATE_CLOSING: 1570 (cp->tlf)(sp); 1571 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1572 sppp_lcp_check_and_close(sp); 1573 break; 1574 case STATE_STOPPING: 1575 (cp->tlf)(sp); 1576 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1577 sppp_lcp_check_and_close(sp); 1578 break; 1579 case STATE_ACK_RCVD: 1580 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1581 break; 1582 case STATE_OPENED: 1583 (cp->tld)(sp); 1584 (cp->scr)(sp); 1585 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1586 break; 1587 default: 1588 printf(SPP_FMT "%s illegal %s in state %s\n", 1589 SPP_ARGS(ifp), cp->name, 1590 sppp_cp_type_name(h->type), 1591 sppp_state_name(sp->state[cp->protoidx])); 1592 ++ifp->if_ierrors; 1593 } 1594 break; 1595 case CODE_REJ: 1596 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1597 log(LOG_INFO, 1598 SPP_FMT "%s: ignoring RXJ (%s) for code ?, " 1599 "danger will robinson\n", 1600 SPP_ARGS(ifp), cp->name, 1601 sppp_cp_type_name(h->type)); 1602 switch (sp->state[cp->protoidx]) { 1603 case STATE_CLOSED: 1604 case STATE_STOPPED: 1605 case STATE_REQ_SENT: 1606 case STATE_ACK_SENT: 1607 case STATE_CLOSING: 1608 case STATE_STOPPING: 1609 case STATE_OPENED: 1610 break; 1611 case STATE_ACK_RCVD: 1612 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1613 break; 1614 default: 1615 printf(SPP_FMT "%s illegal %s in state %s\n", 1616 SPP_ARGS(ifp), cp->name, 1617 sppp_cp_type_name(h->type), 1618 sppp_state_name(sp->state[cp->protoidx])); 1619 ++ifp->if_ierrors; 1620 } 1621 break; 1622 case PROTO_REJ: 1623 { 1624 int catastrophic; 1625 const struct cp *upper; 1626 int i; 1627 u_int16_t proto; 1628 1629 catastrophic = 0; 1630 upper = NULL; 1631 proto = p[0] << 8 | p[1]; 1632 for (i = 0; i < IDX_COUNT; i++) { 1633 if (cps[i]->proto == proto) { 1634 upper = cps[i]; 1635 break; 1636 } 1637 } 1638 if (upper == NULL) 1639 catastrophic++; 1640 1641 log(LOG_INFO, 1642 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1643 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1644 sppp_cp_type_name(h->type), proto, 1645 upper ? upper->name : "unknown", 1646 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1647 1648 /* 1649 * if we got RXJ+ against conf-req, the peer does not implement 1650 * this particular protocol type. terminate the protocol. 1651 */ 1652 if (upper && !catastrophic) { 1653 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1654 upper->Close(sp); 1655 break; 1656 } 1657 } 1658 1659 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1660 switch (sp->state[cp->protoidx]) { 1661 case STATE_CLOSED: 1662 case STATE_STOPPED: 1663 case STATE_REQ_SENT: 1664 case STATE_ACK_SENT: 1665 case STATE_CLOSING: 1666 case STATE_STOPPING: 1667 case STATE_OPENED: 1668 break; 1669 case STATE_ACK_RCVD: 1670 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1671 break; 1672 default: 1673 printf(SPP_FMT "%s illegal %s in state %s\n", 1674 SPP_ARGS(ifp), cp->name, 1675 sppp_cp_type_name(h->type), 1676 sppp_state_name(sp->state[cp->protoidx])); 1677 ++ifp->if_ierrors; 1678 } 1679 break; 1680 } 1681 case DISC_REQ: 1682 if (cp->proto != PPP_LCP) 1683 goto illegal; 1684 /* Discard the packet. */ 1685 break; 1686 case ECHO_REQ: 1687 if (cp->proto != PPP_LCP) 1688 goto illegal; 1689 if (sp->state[cp->protoidx] != STATE_OPENED) { 1690 if (debug) 1691 addlog(SPP_FMT "lcp echo req but lcp closed\n", 1692 SPP_ARGS(ifp)); 1693 ++ifp->if_ierrors; 1694 break; 1695 } 1696 if (len < 8) { 1697 if (debug) 1698 addlog(SPP_FMT "invalid lcp echo request " 1699 "packet length: %d bytes\n", 1700 SPP_ARGS(ifp), len); 1701 break; 1702 } 1703 memcpy(&u32, h + 1, sizeof u32); 1704 if (ntohl(u32) == sp->lcp.magic) { 1705 /* Line loopback mode detected. */ 1706 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1707 if_down (ifp); 1708 IF_PURGE (&sp->pp_cpq); 1709 1710 /* Shut down the PPP link. */ 1711 /* XXX */ 1712 lcp.Down(sp); 1713 lcp.Up(sp); 1714 break; 1715 } 1716 u32 = htonl(sp->lcp.magic); 1717 memcpy(h + 1, &u32, sizeof u32); 1718 if (debug) 1719 addlog(SPP_FMT "got lcp echo req, sending echo rep\n", 1720 SPP_ARGS(ifp)); 1721 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1722 break; 1723 case ECHO_REPLY: 1724 if (cp->proto != PPP_LCP) 1725 goto illegal; 1726 if (h->ident != sp->lcp.echoid) { 1727 ++ifp->if_ierrors; 1728 break; 1729 } 1730 if (len < 8) { 1731 if (debug) 1732 addlog(SPP_FMT "lcp invalid echo reply " 1733 "packet length: %d bytes\n", 1734 SPP_ARGS(ifp), len); 1735 break; 1736 } 1737 if (debug) 1738 addlog(SPP_FMT "lcp got echo rep\n", 1739 SPP_ARGS(ifp)); 1740 memcpy(&u32, h + 1, sizeof u32); 1741 if (ntohl(u32) != sp->lcp.magic) 1742 sp->pp_alivecnt = 0; 1743 break; 1744 default: 1745 /* Unknown packet type -- send Code-Reject packet. */ 1746 illegal: 1747 if (debug) 1748 addlog(SPP_FMT "%s send code-rej for 0x%x\n", 1749 SPP_ARGS(ifp), cp->name, h->type); 1750 sppp_cp_send(sp, cp->proto, CODE_REJ, 1751 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1752 ++ifp->if_ierrors; 1753 } 1754 } 1755 1756 1757 /* 1758 * The generic part of all Up/Down/Open/Close/TO event handlers. 1759 * Basically, the state transition handling in the automaton. 1760 */ 1761 static void 1762 sppp_up_event(const struct cp *cp, struct sppp *sp) 1763 { 1764 STDDCL; 1765 1766 if (debug) 1767 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1768 SPP_ARGS(ifp), cp->name, 1769 sppp_state_name(sp->state[cp->protoidx])); 1770 1771 switch (sp->state[cp->protoidx]) { 1772 case STATE_INITIAL: 1773 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1774 break; 1775 case STATE_STARTING: 1776 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1777 (cp->scr)(sp); 1778 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1779 break; 1780 default: 1781 printf(SPP_FMT "%s illegal up in state %s\n", 1782 SPP_ARGS(ifp), cp->name, 1783 sppp_state_name(sp->state[cp->protoidx])); 1784 } 1785 } 1786 1787 static void 1788 sppp_down_event(const struct cp *cp, struct sppp *sp) 1789 { 1790 STDDCL; 1791 1792 if (debug) 1793 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1794 SPP_ARGS(ifp), cp->name, 1795 sppp_state_name(sp->state[cp->protoidx])); 1796 1797 switch (sp->state[cp->protoidx]) { 1798 case STATE_CLOSED: 1799 case STATE_CLOSING: 1800 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1801 break; 1802 case STATE_STOPPED: 1803 (cp->tls)(sp); 1804 /* fall through */ 1805 case STATE_STOPPING: 1806 case STATE_REQ_SENT: 1807 case STATE_ACK_RCVD: 1808 case STATE_ACK_SENT: 1809 sppp_cp_change_state(cp, sp, STATE_STARTING); 1810 break; 1811 case STATE_OPENED: 1812 (cp->tld)(sp); 1813 sppp_cp_change_state(cp, sp, STATE_STARTING); 1814 break; 1815 default: 1816 printf(SPP_FMT "%s illegal down in state %s\n", 1817 SPP_ARGS(ifp), cp->name, 1818 sppp_state_name(sp->state[cp->protoidx])); 1819 } 1820 } 1821 1822 1823 static void 1824 sppp_open_event(const struct cp *cp, struct sppp *sp) 1825 { 1826 STDDCL; 1827 1828 if (debug) 1829 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1830 SPP_ARGS(ifp), cp->name, 1831 sppp_state_name(sp->state[cp->protoidx])); 1832 1833 switch (sp->state[cp->protoidx]) { 1834 case STATE_INITIAL: 1835 (cp->tls)(sp); 1836 sppp_cp_change_state(cp, sp, STATE_STARTING); 1837 break; 1838 case STATE_STARTING: 1839 break; 1840 case STATE_CLOSED: 1841 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1842 (cp->scr)(sp); 1843 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1844 break; 1845 case STATE_STOPPED: 1846 case STATE_STOPPING: 1847 case STATE_REQ_SENT: 1848 case STATE_ACK_RCVD: 1849 case STATE_ACK_SENT: 1850 case STATE_OPENED: 1851 break; 1852 case STATE_CLOSING: 1853 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1854 break; 1855 } 1856 } 1857 1858 1859 static void 1860 sppp_close_event(const struct cp *cp, struct sppp *sp) 1861 { 1862 STDDCL; 1863 1864 if (debug) 1865 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1866 SPP_ARGS(ifp), cp->name, 1867 sppp_state_name(sp->state[cp->protoidx])); 1868 1869 switch (sp->state[cp->protoidx]) { 1870 case STATE_INITIAL: 1871 case STATE_CLOSED: 1872 case STATE_CLOSING: 1873 break; 1874 case STATE_STARTING: 1875 (cp->tlf)(sp); 1876 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1877 break; 1878 case STATE_STOPPED: 1879 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1880 break; 1881 case STATE_STOPPING: 1882 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1883 break; 1884 case STATE_OPENED: 1885 (cp->tld)(sp); 1886 /* fall through */ 1887 case STATE_REQ_SENT: 1888 case STATE_ACK_RCVD: 1889 case STATE_ACK_SENT: 1890 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1891 sppp_cp_send(sp, cp->proto, TERM_REQ, 1892 ++sp->pp_seq[cp->protoidx], 0, 0); 1893 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1894 break; 1895 } 1896 } 1897 1898 static void 1899 sppp_to_event(const struct cp *cp, struct sppp *sp) 1900 { 1901 STDDCL; 1902 int s; 1903 1904 s = splnet(); 1905 if (debug) 1906 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 1907 SPP_ARGS(ifp), cp->name, 1908 sppp_state_name(sp->state[cp->protoidx]), 1909 sp->rst_counter[cp->protoidx]); 1910 1911 if (--sp->rst_counter[cp->protoidx] < 0) 1912 /* TO- event */ 1913 switch (sp->state[cp->protoidx]) { 1914 case STATE_CLOSING: 1915 (cp->tlf)(sp); 1916 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1917 sppp_lcp_check_and_close(sp); 1918 break; 1919 case STATE_STOPPING: 1920 (cp->tlf)(sp); 1921 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1922 sppp_lcp_check_and_close(sp); 1923 break; 1924 case STATE_REQ_SENT: 1925 case STATE_ACK_RCVD: 1926 case STATE_ACK_SENT: 1927 (cp->tlf)(sp); 1928 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1929 sppp_lcp_check_and_close(sp); 1930 break; 1931 } 1932 else 1933 /* TO+ event */ 1934 switch (sp->state[cp->protoidx]) { 1935 case STATE_CLOSING: 1936 case STATE_STOPPING: 1937 sppp_cp_send(sp, cp->proto, TERM_REQ, 1938 ++sp->pp_seq[cp->protoidx], 0, 0); 1939 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1940 cp->TO, sp); 1941 break; 1942 case STATE_REQ_SENT: 1943 case STATE_ACK_RCVD: 1944 (cp->scr)(sp); 1945 /* sppp_cp_change_state() will restart the timer */ 1946 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1947 break; 1948 case STATE_ACK_SENT: 1949 (cp->scr)(sp); 1950 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1951 cp->TO, sp); 1952 break; 1953 } 1954 1955 splx(s); 1956 } 1957 1958 /* 1959 * Change the state of a control protocol in the state automaton. 1960 * Takes care of starting/stopping the restart timer. 1961 */ 1962 void 1963 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1964 { 1965 sp->state[cp->protoidx] = newstate; 1966 callout_stop(&sp->ch[cp->protoidx]); 1967 switch (newstate) { 1968 case STATE_INITIAL: 1969 case STATE_STARTING: 1970 case STATE_CLOSED: 1971 case STATE_STOPPED: 1972 case STATE_OPENED: 1973 break; 1974 case STATE_CLOSING: 1975 case STATE_STOPPING: 1976 case STATE_REQ_SENT: 1977 case STATE_ACK_RCVD: 1978 case STATE_ACK_SENT: 1979 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1980 cp->TO, sp); 1981 break; 1982 } 1983 } 1984 1985 /* 1986 *--------------------------------------------------------------------------* 1987 * * 1988 * The LCP implementation. * 1989 * * 1990 *--------------------------------------------------------------------------* 1991 */ 1992 static void 1993 sppp_lcp_init(struct sppp *sp) 1994 { 1995 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1996 sp->lcp.magic = 0; 1997 sp->state[IDX_LCP] = STATE_INITIAL; 1998 sp->fail_counter[IDX_LCP] = 0; 1999 sp->pp_seq[IDX_LCP] = 0; 2000 sp->pp_rseq[IDX_LCP] = 0; 2001 sp->lcp.protos = 0; 2002 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2003 2004 /* 2005 * Initialize counters and timeout values. Note that we don't 2006 * use the 3 seconds suggested in RFC 1661 since we are likely 2007 * running on a fast link. XXX We should probably implement 2008 * the exponential backoff option. Note that these values are 2009 * relevant for all control protocols, not just LCP only. 2010 */ 2011 sp->lcp.timeout = 1 * hz; 2012 sp->lcp.max_terminate = 2; 2013 sp->lcp.max_configure = 10; 2014 sp->lcp.max_failure = 10; 2015 callout_init(&sp->ch[IDX_LCP]); 2016 } 2017 2018 static void 2019 sppp_lcp_up(struct sppp *sp) 2020 { 2021 STDDCL; 2022 2023 /* Initialize activity timestamp: opening a connection is an activity */ 2024 sp->pp_last_activity = time.tv_sec; 2025 2026 /* 2027 * If this interface is passive or dial-on-demand, and we are 2028 * still in Initial state, it means we've got an incoming 2029 * call. Activate the interface. 2030 */ 2031 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2032 if (debug) 2033 log(LOG_DEBUG, 2034 SPP_FMT "Up event", SPP_ARGS(ifp)); 2035 ifp->if_flags |= IFF_RUNNING; 2036 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2037 if (debug) 2038 addlog("(incoming call)\n"); 2039 sp->pp_flags |= PP_CALLIN; 2040 lcp.Open(sp); 2041 } else if (debug) 2042 addlog("\n"); 2043 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2044 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2045 ifp->if_flags |= IFF_RUNNING; 2046 lcp.Open(sp); 2047 } 2048 2049 sppp_up_event(&lcp, sp); 2050 } 2051 2052 static void 2053 sppp_lcp_down(struct sppp *sp) 2054 { 2055 STDDCL; 2056 2057 sppp_down_event(&lcp, sp); 2058 2059 /* 2060 * If this is neither a dial-on-demand nor a passive 2061 * interface, simulate an ``ifconfig down'' action, so the 2062 * administrator can force a redial by another ``ifconfig 2063 * up''. XXX For leased line operation, should we immediately 2064 * try to reopen the connection here? 2065 */ 2066 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2067 log(LOG_INFO, 2068 SPP_FMT "Down event (carrier loss), taking interface down.\n", 2069 SPP_ARGS(ifp)); 2070 if_down(ifp); 2071 } else { 2072 if (debug) 2073 log(LOG_DEBUG, 2074 SPP_FMT "Down event (carrier loss)\n", 2075 SPP_ARGS(ifp)); 2076 } 2077 sp->pp_flags &= ~PP_CALLIN; 2078 if (sp->state[IDX_LCP] != STATE_INITIAL) 2079 lcp.Close(sp); 2080 ifp->if_flags &= ~IFF_RUNNING; 2081 } 2082 2083 static void 2084 sppp_lcp_open(struct sppp *sp) 2085 { 2086 /* 2087 * If we are authenticator, negotiate LCP_AUTH 2088 */ 2089 if (sp->hisauth.proto != 0) 2090 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2091 else 2092 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2093 sp->pp_flags &= ~PP_NEEDAUTH; 2094 sppp_open_event(&lcp, sp); 2095 } 2096 2097 static void 2098 sppp_lcp_close(struct sppp *sp) 2099 { 2100 sppp_close_event(&lcp, sp); 2101 } 2102 2103 static void 2104 sppp_lcp_TO(void *cookie) 2105 { 2106 sppp_to_event(&lcp, (struct sppp *)cookie); 2107 } 2108 2109 /* 2110 * Analyze a configure request. Return true if it was agreeable, and 2111 * caused action sca, false if it has been rejected or nak'ed, and 2112 * caused action scn. (The return value is used to make the state 2113 * transition decision in the state automaton.) 2114 */ 2115 static int 2116 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2117 { 2118 STDDCL; 2119 u_char *buf, *r, *p; 2120 int origlen, rlen; 2121 u_int32_t nmagic; 2122 u_short authproto; 2123 2124 len -= 4; 2125 origlen = len; 2126 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2127 if (! buf) 2128 return (0); 2129 2130 if (debug) 2131 log(LOG_DEBUG, SPP_FMT "lcp parse opts:", 2132 SPP_ARGS(ifp)); 2133 2134 /* pass 1: check for things that need to be rejected */ 2135 p = (void*) (h+1); 2136 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2137 if (debug) 2138 addlog(" %s", sppp_lcp_opt_name(*p)); 2139 switch (*p) { 2140 case LCP_OPT_MAGIC: 2141 /* Magic number. */ 2142 /* fall through, both are same length */ 2143 case LCP_OPT_ASYNC_MAP: 2144 /* Async control character map. */ 2145 if (len >= 6 || p[1] == 6) 2146 continue; 2147 if (debug) 2148 addlog(" [invalid]"); 2149 break; 2150 case LCP_OPT_MRU: 2151 /* Maximum receive unit. */ 2152 if (len >= 4 && p[1] == 4) 2153 continue; 2154 if (debug) 2155 addlog(" [invalid]"); 2156 break; 2157 case LCP_OPT_AUTH_PROTO: 2158 if (len < 4) { 2159 if (debug) 2160 addlog(" [invalid]"); 2161 break; 2162 } 2163 authproto = (p[2] << 8) + p[3]; 2164 if (authproto == PPP_CHAP && p[1] != 5) { 2165 if (debug) 2166 addlog(" [invalid chap len]"); 2167 break; 2168 } 2169 if (sp->myauth.proto == 0) { 2170 /* we are not configured to do auth */ 2171 if (debug) 2172 addlog(" [not configured]"); 2173 break; 2174 } 2175 /* 2176 * Remote want us to authenticate, remember this, 2177 * so we stay in SPPP_PHASE_AUTHENTICATE after LCP got 2178 * up. 2179 */ 2180 sp->pp_flags |= PP_NEEDAUTH; 2181 continue; 2182 default: 2183 /* Others not supported. */ 2184 if (debug) 2185 addlog(" [rej]"); 2186 break; 2187 } 2188 /* Add the option to rejected list. */ 2189 bcopy (p, r, p[1]); 2190 r += p[1]; 2191 rlen += p[1]; 2192 } 2193 if (rlen) { 2194 if (debug) 2195 addlog(" send conf-rej\n"); 2196 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2197 goto end; 2198 } else if (debug) 2199 addlog("\n"); 2200 2201 /* 2202 * pass 2: check for option values that are unacceptable and 2203 * thus require to be nak'ed. 2204 */ 2205 if (debug) 2206 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2207 SPP_ARGS(ifp)); 2208 2209 p = (void*) (h+1); 2210 len = origlen; 2211 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2212 if (debug) 2213 addlog(" %s", sppp_lcp_opt_name(*p)); 2214 switch (*p) { 2215 case LCP_OPT_MAGIC: 2216 /* Magic number -- extract. */ 2217 nmagic = (u_int32_t)p[2] << 24 | 2218 (u_int32_t)p[3] << 16 | p[4] << 8 | p[5]; 2219 if (nmagic != sp->lcp.magic) { 2220 if (debug) 2221 addlog(" 0x%x", nmagic); 2222 continue; 2223 } 2224 /* 2225 * Local and remote magics equal -- loopback? 2226 */ 2227 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2228 printf (SPP_FMT "loopback\n", 2229 SPP_ARGS(ifp)); 2230 sp->pp_loopcnt = 0; 2231 if (ifp->if_flags & IFF_UP) { 2232 if_down(ifp); 2233 IF_PURGE(&sp->pp_cpq); 2234 /* XXX ? */ 2235 lcp.Down(sp); 2236 lcp.Up(sp); 2237 } 2238 } else if (debug) 2239 addlog(" [glitch]"); 2240 ++sp->pp_loopcnt; 2241 /* 2242 * We negate our magic here, and NAK it. If 2243 * we see it later in an NAK packet, we 2244 * suggest a new one. 2245 */ 2246 nmagic = ~sp->lcp.magic; 2247 /* Gonna NAK it. */ 2248 p[2] = nmagic >> 24; 2249 p[3] = nmagic >> 16; 2250 p[4] = nmagic >> 8; 2251 p[5] = nmagic; 2252 break; 2253 2254 case LCP_OPT_ASYNC_MAP: 2255 /* Async control character map -- check to be zero. */ 2256 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) { 2257 if (debug) 2258 addlog(" [empty]"); 2259 continue; 2260 } 2261 if (debug) 2262 addlog(" [non-empty]"); 2263 /* suggest a zero one */ 2264 p[2] = p[3] = p[4] = p[5] = 0; 2265 break; 2266 2267 case LCP_OPT_MRU: 2268 /* 2269 * Maximum receive unit. Always agreeable, 2270 * but ignored by now. 2271 */ 2272 sp->lcp.their_mru = p[2] * 256 + p[3]; 2273 if (debug) 2274 addlog(" %ld", sp->lcp.their_mru); 2275 continue; 2276 2277 case LCP_OPT_AUTH_PROTO: 2278 authproto = (p[2] << 8) + p[3]; 2279 if (sp->myauth.proto != authproto) { 2280 /* not agreed, nak */ 2281 if (debug) 2282 addlog(" [mine %s != his %s]", 2283 sppp_proto_name(sp->hisauth.proto), 2284 sppp_proto_name(authproto)); 2285 p[2] = sp->myauth.proto >> 8; 2286 p[3] = sp->myauth.proto; 2287 break; 2288 } 2289 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2290 if (debug) 2291 addlog(" [chap not MD5]"); 2292 p[4] = CHAP_MD5; 2293 break; 2294 } 2295 continue; 2296 } 2297 /* Add the option to nak'ed list. */ 2298 bcopy (p, r, p[1]); 2299 r += p[1]; 2300 rlen += p[1]; 2301 } 2302 if (rlen) { 2303 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2304 if (debug) 2305 addlog(" max_failure (%d) exceeded, " 2306 "send conf-rej\n", 2307 sp->lcp.max_failure); 2308 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2309 } else { 2310 if (debug) 2311 addlog(" send conf-nak\n"); 2312 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2313 } 2314 goto end; 2315 } else { 2316 if (debug) 2317 addlog(" send conf-ack\n"); 2318 sp->fail_counter[IDX_LCP] = 0; 2319 sp->pp_loopcnt = 0; 2320 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2321 h->ident, origlen, h+1); 2322 } 2323 2324 end: 2325 free (buf, M_TEMP); 2326 return (rlen == 0); 2327 } 2328 2329 /* 2330 * Analyze the LCP Configure-Reject option list, and adjust our 2331 * negotiation. 2332 */ 2333 static void 2334 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2335 { 2336 STDDCL; 2337 u_char *buf, *p; 2338 2339 len -= 4; 2340 buf = malloc (len, M_TEMP, M_NOWAIT); 2341 if (!buf) 2342 return; 2343 2344 if (debug) 2345 log(LOG_DEBUG, SPP_FMT "lcp rej opts:", 2346 SPP_ARGS(ifp)); 2347 2348 p = (void*) (h+1); 2349 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2350 if (debug) 2351 addlog(" %s", sppp_lcp_opt_name(*p)); 2352 switch (*p) { 2353 case LCP_OPT_MAGIC: 2354 /* Magic number -- can't use it, use 0 */ 2355 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2356 sp->lcp.magic = 0; 2357 break; 2358 case LCP_OPT_MRU: 2359 /* 2360 * Should not be rejected anyway, since we only 2361 * negotiate a MRU if explicitly requested by 2362 * peer. 2363 */ 2364 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2365 break; 2366 case LCP_OPT_AUTH_PROTO: 2367 /* 2368 * Peer doesn't want to authenticate himself, 2369 * deny unless this is a dialout call, and 2370 * SPPP_AUTHFLAG_NOCALLOUT is set. 2371 */ 2372 if ((sp->pp_flags & PP_CALLIN) == 0 && 2373 (sp->hisauth.flags & SPPP_AUTHFLAG_NOCALLOUT) != 0) { 2374 if (debug) 2375 addlog(" [don't insist on auth " 2376 "for callout]"); 2377 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2378 break; 2379 } 2380 if (debug) 2381 addlog("[access denied]\n"); 2382 lcp.Close(sp); 2383 break; 2384 } 2385 } 2386 if (debug) 2387 addlog("\n"); 2388 free (buf, M_TEMP); 2389 return; 2390 } 2391 2392 /* 2393 * Analyze the LCP Configure-NAK option list, and adjust our 2394 * negotiation. 2395 */ 2396 static void 2397 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2398 { 2399 STDDCL; 2400 u_char *buf, *p; 2401 u_int32_t magic; 2402 2403 len -= 4; 2404 buf = malloc (len, M_TEMP, M_NOWAIT); 2405 if (!buf) 2406 return; 2407 2408 if (debug) 2409 log(LOG_DEBUG, SPP_FMT "lcp nak opts:", 2410 SPP_ARGS(ifp)); 2411 2412 p = (void*) (h+1); 2413 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2414 if (debug) 2415 addlog(" %s", sppp_lcp_opt_name(*p)); 2416 switch (*p) { 2417 case LCP_OPT_MAGIC: 2418 /* Magic number -- renegotiate */ 2419 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2420 len >= 6 && p[1] == 6) { 2421 magic = (u_int32_t)p[2] << 24 | 2422 (u_int32_t)p[3] << 16 | p[4] << 8 | p[5]; 2423 /* 2424 * If the remote magic is our negated one, 2425 * this looks like a loopback problem. 2426 * Suggest a new magic to make sure. 2427 */ 2428 if (magic == ~sp->lcp.magic) { 2429 if (debug) 2430 addlog(" magic glitch"); 2431 sp->lcp.magic = random(); 2432 } else { 2433 sp->lcp.magic = magic; 2434 if (debug) 2435 addlog(" %d", magic); 2436 } 2437 } 2438 break; 2439 case LCP_OPT_MRU: 2440 /* 2441 * Peer wants to advise us to negotiate an MRU. 2442 * Agree on it if it's reasonable, or use 2443 * default otherwise. 2444 */ 2445 if (len >= 4 && p[1] == 4) { 2446 u_int mru = p[2] * 256 + p[3]; 2447 if (debug) 2448 addlog(" %d", mru); 2449 if (mru < PP_MTU || mru > PP_MAX_MRU) 2450 mru = PP_MTU; 2451 sp->lcp.mru = mru; 2452 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2453 } 2454 break; 2455 case LCP_OPT_AUTH_PROTO: 2456 /* 2457 * Peer doesn't like our authentication method, 2458 * deny. 2459 */ 2460 if (debug) 2461 addlog("[access denied]\n"); 2462 lcp.Close(sp); 2463 break; 2464 } 2465 } 2466 if (debug) 2467 addlog("\n"); 2468 free (buf, M_TEMP); 2469 return; 2470 } 2471 2472 static void 2473 sppp_lcp_tlu(struct sppp *sp) 2474 { 2475 STDDCL; 2476 int i; 2477 u_int32_t mask; 2478 2479 /* XXX ? */ 2480 if (! (ifp->if_flags & IFF_UP) && 2481 (ifp->if_flags & IFF_RUNNING)) { 2482 /* Coming out of loopback mode. */ 2483 if_up(ifp); 2484 } 2485 2486 for (i = 0; i < IDX_COUNT; i++) 2487 if ((cps[i])->flags & CP_QUAL) 2488 (cps[i])->Open(sp); 2489 2490 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2491 (sp->pp_flags & PP_NEEDAUTH) != 0) 2492 sp->pp_phase = SPPP_PHASE_AUTHENTICATE; 2493 else 2494 sp->pp_phase = SPPP_PHASE_NETWORK; 2495 2496 if(debug) 2497 { 2498 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2499 sppp_phase_name(sp->pp_phase)); 2500 } 2501 2502 /* 2503 * Open all authentication protocols. This is even required 2504 * if we already proceeded to network phase, since it might be 2505 * that remote wants us to authenticate, so we might have to 2506 * send a PAP request. Undesired authentication protocols 2507 * don't do anything when they get an Open event. 2508 */ 2509 for (i = 0; i < IDX_COUNT; i++) 2510 if ((cps[i])->flags & CP_AUTH) 2511 (cps[i])->Open(sp); 2512 2513 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 2514 /* Notify all NCPs. */ 2515 for (i = 0; i < IDX_COUNT; i++) 2516 if ((cps[i])->flags & CP_NCP) 2517 (cps[i])->Open(sp); 2518 } 2519 2520 /* Send Up events to all started protos. */ 2521 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2522 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2523 (cps[i])->Up(sp); 2524 2525 /* notify low-level driver of state change */ 2526 if (sp->pp_chg) 2527 sp->pp_chg(sp, (int)sp->pp_phase); 2528 2529 if (sp->pp_phase == SPPP_PHASE_NETWORK) 2530 /* if no NCP is starting, close down */ 2531 sppp_lcp_check_and_close(sp); 2532 } 2533 2534 static void 2535 sppp_lcp_tld(struct sppp *sp) 2536 { 2537 STDDCL; 2538 int i; 2539 u_int32_t mask; 2540 2541 sp->pp_phase = SPPP_PHASE_TERMINATE; 2542 2543 if(debug) 2544 { 2545 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2546 sppp_phase_name(sp->pp_phase)); 2547 } 2548 2549 /* 2550 * Take upper layers down. We send the Down event first and 2551 * the Close second to prevent the upper layers from sending 2552 * ``a flurry of terminate-request packets'', as the RFC 2553 * describes it. 2554 */ 2555 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2556 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2557 (cps[i])->Down(sp); 2558 (cps[i])->Close(sp); 2559 } 2560 } 2561 2562 static void 2563 sppp_lcp_tls(struct sppp *sp) 2564 { 2565 STDDCL; 2566 2567 if (sp->pp_max_auth_fail != 0 && sp->pp_auth_failures >= sp->pp_max_auth_fail) { 2568 printf("%s: authentication failed %d times, not retrying again\n", 2569 sp->pp_if.if_xname, sp->pp_auth_failures); 2570 if_down(&sp->pp_if); 2571 return; 2572 } 2573 2574 sp->pp_phase = SPPP_PHASE_ESTABLISH; 2575 2576 if(debug) 2577 { 2578 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2579 sppp_phase_name(sp->pp_phase)); 2580 } 2581 2582 /* Notify lower layer if desired. */ 2583 if (sp->pp_tls) 2584 (sp->pp_tls)(sp); 2585 } 2586 2587 static void 2588 sppp_lcp_tlf(struct sppp *sp) 2589 { 2590 STDDCL; 2591 2592 sp->pp_phase = SPPP_PHASE_DEAD; 2593 2594 if(debug) 2595 { 2596 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2597 sppp_phase_name(sp->pp_phase)); 2598 } 2599 2600 /* Notify lower layer if desired. */ 2601 if (sp->pp_tlf) 2602 (sp->pp_tlf)(sp); 2603 } 2604 2605 static void 2606 sppp_lcp_scr(struct sppp *sp) 2607 { 2608 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2609 int i = 0; 2610 u_short authproto; 2611 2612 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2613 if (! sp->lcp.magic) 2614 sp->lcp.magic = random(); 2615 opt[i++] = LCP_OPT_MAGIC; 2616 opt[i++] = 6; 2617 opt[i++] = sp->lcp.magic >> 24; 2618 opt[i++] = sp->lcp.magic >> 16; 2619 opt[i++] = sp->lcp.magic >> 8; 2620 opt[i++] = sp->lcp.magic; 2621 } 2622 2623 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2624 opt[i++] = LCP_OPT_MRU; 2625 opt[i++] = 4; 2626 opt[i++] = sp->lcp.mru >> 8; 2627 opt[i++] = sp->lcp.mru; 2628 } 2629 2630 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2631 authproto = sp->hisauth.proto; 2632 opt[i++] = LCP_OPT_AUTH_PROTO; 2633 opt[i++] = authproto == PPP_CHAP? 5: 4; 2634 opt[i++] = authproto >> 8; 2635 opt[i++] = authproto; 2636 if (authproto == PPP_CHAP) 2637 opt[i++] = CHAP_MD5; 2638 } 2639 2640 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2641 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2642 } 2643 2644 /* 2645 * Check the open NCPs, return true if at least one NCP is open. 2646 */ 2647 static int 2648 sppp_ncp_check(struct sppp *sp) 2649 { 2650 int i, mask; 2651 2652 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2653 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2654 return 1; 2655 return 0; 2656 } 2657 2658 /* 2659 * Re-check the open NCPs and see if we should terminate the link. 2660 * Called by the NCPs during their tlf action handling. 2661 */ 2662 static void 2663 sppp_lcp_check_and_close(struct sppp *sp) 2664 { 2665 2666 if (sp->pp_phase < SPPP_PHASE_NETWORK) 2667 /* don't bother, we are already going down */ 2668 return; 2669 2670 if (sppp_ncp_check(sp)) 2671 return; 2672 2673 lcp.Close(sp); 2674 } 2675 2676 2677 /* 2678 *--------------------------------------------------------------------------* 2679 * * 2680 * The IPCP implementation. * 2681 * * 2682 *--------------------------------------------------------------------------* 2683 */ 2684 2685 static void 2686 sppp_ipcp_init(struct sppp *sp) 2687 { 2688 sp->ipcp.opts = 0; 2689 sp->ipcp.flags = 0; 2690 sp->state[IDX_IPCP] = STATE_INITIAL; 2691 sp->fail_counter[IDX_IPCP] = 0; 2692 sp->pp_seq[IDX_IPCP] = 0; 2693 sp->pp_rseq[IDX_IPCP] = 0; 2694 callout_init(&sp->ch[IDX_IPCP]); 2695 } 2696 2697 static void 2698 sppp_ipcp_up(struct sppp *sp) 2699 { 2700 sppp_up_event(&ipcp, sp); 2701 } 2702 2703 static void 2704 sppp_ipcp_down(struct sppp *sp) 2705 { 2706 sppp_down_event(&ipcp, sp); 2707 } 2708 2709 static void 2710 sppp_ipcp_open(struct sppp *sp) 2711 { 2712 STDDCL; 2713 u_int32_t myaddr, hisaddr; 2714 2715 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN|IPCP_HISADDR_DYN); 2716 sp->ipcp.req_myaddr = 0; 2717 sp->ipcp.req_hisaddr = 0; 2718 2719 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2720 /* 2721 * If we don't have his address, this probably means our 2722 * interface doesn't want to talk IP at all. (This could 2723 * be the case if somebody wants to speak only IPX, for 2724 * example.) Don't open IPCP in this case. 2725 */ 2726 if (hisaddr == 0L) { 2727 /* XXX this message should go away */ 2728 if (debug) 2729 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2730 SPP_ARGS(ifp)); 2731 return; 2732 } 2733 2734 if (myaddr == 0) { 2735 /* 2736 * I don't have an assigned address, so i need to 2737 * negotiate my address. 2738 */ 2739 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2740 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2741 } 2742 if (hisaddr == 1) { 2743 /* 2744 * XXX - remove this hack! 2745 * remote has no valid adress, we need to get one assigned. 2746 */ 2747 sp->ipcp.flags |= IPCP_HISADDR_DYN; 2748 } 2749 sppp_open_event(&ipcp, sp); 2750 } 2751 2752 static void 2753 sppp_ipcp_close(struct sppp *sp) 2754 { 2755 sppp_close_event(&ipcp, sp); 2756 if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN)) 2757 /* 2758 * Some address was dynamic, clear it again. 2759 */ 2760 sppp_clear_ip_addrs(sp); 2761 } 2762 2763 static void 2764 sppp_ipcp_TO(void *cookie) 2765 { 2766 sppp_to_event(&ipcp, (struct sppp *)cookie); 2767 } 2768 2769 /* 2770 * Analyze a configure request. Return true if it was agreeable, and 2771 * caused action sca, false if it has been rejected or nak'ed, and 2772 * caused action scn. (The return value is used to make the state 2773 * transition decision in the state automaton.) 2774 */ 2775 static int 2776 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2777 { 2778 u_char *buf, *r, *p; 2779 struct ifnet *ifp = &sp->pp_if; 2780 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2781 u_int32_t hisaddr, desiredaddr; 2782 2783 len -= 4; 2784 origlen = len; 2785 /* 2786 * Make sure to allocate a buf that can at least hold a 2787 * conf-nak with an `address' option. We might need it below. 2788 */ 2789 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2790 if (! buf) 2791 return (0); 2792 2793 /* pass 1: see if we can recognize them */ 2794 if (debug) 2795 log(LOG_DEBUG, SPP_FMT "ipcp parse opts:", 2796 SPP_ARGS(ifp)); 2797 p = (void*) (h+1); 2798 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2799 if (debug) 2800 addlog(" %s", sppp_ipcp_opt_name(*p)); 2801 switch (*p) { 2802 #ifdef notyet 2803 case IPCP_OPT_COMPRESSION: 2804 if (len >= 6 && p[1] >= 6) { 2805 /* correctly formed compress option */ 2806 continue; 2807 } 2808 if (debug) 2809 addlog(" [invalid]"); 2810 break; 2811 #endif 2812 case IPCP_OPT_ADDRESS: 2813 if (len >= 6 && p[1] == 6) { 2814 /* correctly formed address option */ 2815 continue; 2816 } 2817 if (debug) 2818 addlog(" [invalid]"); 2819 break; 2820 default: 2821 /* Others not supported. */ 2822 if (debug) 2823 addlog(" [rej]"); 2824 break; 2825 } 2826 /* Add the option to rejected list. */ 2827 bcopy (p, r, p[1]); 2828 r += p[1]; 2829 rlen += p[1]; 2830 } 2831 if (rlen) { 2832 if (debug) 2833 addlog(" send conf-rej\n"); 2834 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2835 goto end; 2836 } else if (debug) 2837 addlog("\n"); 2838 2839 /* pass 2: parse option values */ 2840 if (sp->ipcp.flags & IPCP_HISADDR_SEEN) 2841 hisaddr = sp->ipcp.req_hisaddr; /* we already aggreed on that */ 2842 else 2843 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */ 2844 if (debug) 2845 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2846 SPP_ARGS(ifp)); 2847 p = (void*) (h+1); 2848 len = origlen; 2849 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2850 if (debug) 2851 addlog(" %s", sppp_ipcp_opt_name(*p)); 2852 switch (*p) { 2853 #ifdef notyet 2854 case IPCP_OPT_COMPRESSION: 2855 continue; 2856 #endif 2857 case IPCP_OPT_ADDRESS: 2858 desiredaddr = p[2] << 24 | p[3] << 16 | 2859 p[4] << 8 | p[5]; 2860 if (desiredaddr == hisaddr || 2861 ((sp->ipcp.flags & IPCP_HISADDR_DYN) && desiredaddr != 0)) { 2862 /* 2863 * Peer's address is same as our value, 2864 * this is agreeable. Gonna conf-ack 2865 * it. 2866 */ 2867 if (debug) 2868 addlog(" %s [ack]", 2869 sppp_dotted_quad(hisaddr)); 2870 /* record that we've seen it already */ 2871 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2872 sp->ipcp.req_hisaddr = desiredaddr; 2873 hisaddr = desiredaddr; 2874 continue; 2875 } 2876 /* 2877 * The address wasn't agreeable. This is either 2878 * he sent us 0.0.0.0, asking to assign him an 2879 * address, or he send us another address not 2880 * matching our value. Either case, we gonna 2881 * conf-nak it with our value. 2882 */ 2883 if (debug) { 2884 if (desiredaddr == 0) 2885 addlog(" [addr requested]"); 2886 else 2887 addlog(" %s [not agreed]", 2888 sppp_dotted_quad(desiredaddr)); 2889 } 2890 2891 p[2] = hisaddr >> 24; 2892 p[3] = hisaddr >> 16; 2893 p[4] = hisaddr >> 8; 2894 p[5] = hisaddr; 2895 break; 2896 } 2897 /* Add the option to nak'ed list. */ 2898 bcopy (p, r, p[1]); 2899 r += p[1]; 2900 rlen += p[1]; 2901 } 2902 2903 /* 2904 * If we are about to conf-ack the request, but haven't seen 2905 * his address so far, gonna conf-nak it instead, with the 2906 * `address' option present and our idea of his address being 2907 * filled in there, to request negotiation of both addresses. 2908 * 2909 * XXX This can result in an endless req - nak loop if peer 2910 * doesn't want to send us his address. Q: What should we do 2911 * about it? XXX A: implement the max-failure counter. 2912 */ 2913 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) { 2914 buf[0] = IPCP_OPT_ADDRESS; 2915 buf[1] = 6; 2916 buf[2] = hisaddr >> 24; 2917 buf[3] = hisaddr >> 16; 2918 buf[4] = hisaddr >> 8; 2919 buf[5] = hisaddr; 2920 rlen = 6; 2921 if (debug) 2922 addlog(" still need hisaddr"); 2923 } 2924 2925 if (rlen) { 2926 if (debug) 2927 addlog(" send conf-nak\n"); 2928 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2929 } else { 2930 if (debug) 2931 addlog(" send conf-ack\n"); 2932 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 2933 h->ident, origlen, h+1); 2934 } 2935 2936 end: 2937 free (buf, M_TEMP); 2938 return (rlen == 0); 2939 } 2940 2941 /* 2942 * Analyze the IPCP Configure-Reject option list, and adjust our 2943 * negotiation. 2944 */ 2945 static void 2946 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2947 { 2948 u_char *buf, *p; 2949 struct ifnet *ifp = &sp->pp_if; 2950 int debug = ifp->if_flags & IFF_DEBUG; 2951 2952 len -= 4; 2953 buf = malloc (len, M_TEMP, M_NOWAIT); 2954 if (!buf) 2955 return; 2956 2957 if (debug) 2958 log(LOG_DEBUG, SPP_FMT "ipcp rej opts:", 2959 SPP_ARGS(ifp)); 2960 2961 p = (void*) (h+1); 2962 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2963 if (debug) 2964 addlog(" %s", sppp_ipcp_opt_name(*p)); 2965 switch (*p) { 2966 case IPCP_OPT_ADDRESS: 2967 /* 2968 * Peer doesn't grok address option. This is 2969 * bad. XXX Should we better give up here? 2970 */ 2971 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 2972 break; 2973 #ifdef notyet 2974 case IPCP_OPT_COMPRESS: 2975 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS); 2976 break; 2977 #endif 2978 } 2979 } 2980 if (debug) 2981 addlog("\n"); 2982 free (buf, M_TEMP); 2983 return; 2984 } 2985 2986 /* 2987 * Analyze the IPCP Configure-NAK option list, and adjust our 2988 * negotiation. 2989 */ 2990 static void 2991 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2992 { 2993 u_char *buf, *p; 2994 struct ifnet *ifp = &sp->pp_if; 2995 int debug = ifp->if_flags & IFF_DEBUG; 2996 u_int32_t wantaddr; 2997 2998 len -= 4; 2999 buf = malloc (len, M_TEMP, M_NOWAIT); 3000 if (!buf) 3001 return; 3002 3003 if (debug) 3004 log(LOG_DEBUG, SPP_FMT "ipcp nak opts:", 3005 SPP_ARGS(ifp)); 3006 3007 p = (void*) (h+1); 3008 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3009 if (debug) 3010 addlog(" %s", sppp_ipcp_opt_name(*p)); 3011 switch (*p) { 3012 case IPCP_OPT_ADDRESS: 3013 /* 3014 * Peer doesn't like our local IP address. See 3015 * if we can do something for him. We'll drop 3016 * him our address then. 3017 */ 3018 if (len >= 6 && p[1] == 6) { 3019 wantaddr = p[2] << 24 | p[3] << 16 | 3020 p[4] << 8 | p[5]; 3021 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3022 if (debug) 3023 addlog(" [wantaddr %s]", 3024 sppp_dotted_quad(wantaddr)); 3025 /* 3026 * When doing dynamic address assignment, 3027 * we accept his offer. Otherwise, we 3028 * ignore it and thus continue to negotiate 3029 * our already existing value. 3030 */ 3031 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3032 if (debug) 3033 addlog(" [agree]"); 3034 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3035 sp->ipcp.req_myaddr = wantaddr; 3036 } 3037 } 3038 break; 3039 #ifdef notyet 3040 case IPCP_OPT_COMPRESS: 3041 /* 3042 * Peer wants different compression parameters. 3043 */ 3044 break; 3045 #endif 3046 } 3047 } 3048 if (debug) 3049 addlog("\n"); 3050 free (buf, M_TEMP); 3051 return; 3052 } 3053 3054 static void 3055 sppp_ipcp_tlu(struct sppp *sp) 3056 { 3057 /* we are up. Set addresses and notify anyone interested */ 3058 u_int32_t myaddr, hisaddr; 3059 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 3060 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && (sp->ipcp.flags & IPCP_MYADDR_SEEN)) 3061 myaddr = sp->ipcp.req_myaddr; 3062 if ((sp->ipcp.flags & IPCP_HISADDR_DYN) && (sp->ipcp.flags & IPCP_HISADDR_SEEN)) 3063 hisaddr = sp->ipcp.req_hisaddr; 3064 sppp_set_ip_addrs(sp, myaddr, hisaddr); 3065 if (sp->pp_con) 3066 sp->pp_con(sp); 3067 } 3068 3069 static void 3070 sppp_ipcp_tld(struct sppp *sp) 3071 { 3072 } 3073 3074 static void 3075 sppp_ipcp_tls(struct sppp *sp) 3076 { 3077 /* indicate to LCP that it must stay alive */ 3078 sp->lcp.protos |= (1 << IDX_IPCP); 3079 } 3080 3081 static void 3082 sppp_ipcp_tlf(struct sppp *sp) 3083 { 3084 /* we no longer need LCP */ 3085 sp->lcp.protos &= ~(1 << IDX_IPCP); 3086 } 3087 3088 static void 3089 sppp_ipcp_scr(struct sppp *sp) 3090 { 3091 char opt[6 /* compression */ + 6 /* address */]; 3092 u_int32_t ouraddr; 3093 int i = 0; 3094 3095 #ifdef notyet 3096 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3097 opt[i++] = IPCP_OPT_COMPRESSION; 3098 opt[i++] = 6; 3099 opt[i++] = 0; /* VJ header compression */ 3100 opt[i++] = 0x2d; /* VJ header compression */ 3101 opt[i++] = max_slot_id; 3102 opt[i++] = comp_slot_id; 3103 } 3104 #endif 3105 3106 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3107 if (sp->ipcp.flags & IPCP_MYADDR_SEEN) 3108 ouraddr = sp->ipcp.req_myaddr; /* not sure if this can ever happen */ 3109 else 3110 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3111 opt[i++] = IPCP_OPT_ADDRESS; 3112 opt[i++] = 6; 3113 opt[i++] = ouraddr >> 24; 3114 opt[i++] = ouraddr >> 16; 3115 opt[i++] = ouraddr >> 8; 3116 opt[i++] = ouraddr; 3117 } 3118 3119 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3120 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3121 } 3122 3123 3124 /* 3125 *--------------------------------------------------------------------------* 3126 * * 3127 * The IPv6CP implementation. * 3128 * * 3129 *--------------------------------------------------------------------------* 3130 */ 3131 3132 #ifdef INET6 3133 static void 3134 sppp_ipv6cp_init(struct sppp *sp) 3135 { 3136 sp->ipv6cp.opts = 0; 3137 sp->ipv6cp.flags = 0; 3138 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3139 sp->fail_counter[IDX_IPV6CP] = 0; 3140 sp->pp_seq[IDX_IPV6CP] = 0; 3141 sp->pp_rseq[IDX_IPV6CP] = 0; 3142 callout_init(&sp->ch[IDX_IPV6CP]); 3143 } 3144 3145 static void 3146 sppp_ipv6cp_up(struct sppp *sp) 3147 { 3148 sppp_up_event(&ipv6cp, sp); 3149 } 3150 3151 static void 3152 sppp_ipv6cp_down(struct sppp *sp) 3153 { 3154 sppp_down_event(&ipv6cp, sp); 3155 } 3156 3157 static void 3158 sppp_ipv6cp_open(struct sppp *sp) 3159 { 3160 STDDCL; 3161 struct in6_addr myaddr, hisaddr; 3162 3163 #ifdef IPV6CP_MYIFID_DYN 3164 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3165 #else 3166 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3167 #endif 3168 3169 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3170 /* 3171 * If we don't have our address, this probably means our 3172 * interface doesn't want to talk IPv6 at all. (This could 3173 * be the case if somebody wants to speak only IPX, for 3174 * example.) Don't open IPv6CP in this case. 3175 */ 3176 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3177 /* XXX this message should go away */ 3178 if (debug) 3179 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3180 SPP_ARGS(ifp)); 3181 return; 3182 } 3183 3184 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3185 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3186 sppp_open_event(&ipv6cp, sp); 3187 } 3188 3189 static void 3190 sppp_ipv6cp_close(struct sppp *sp) 3191 { 3192 sppp_close_event(&ipv6cp, sp); 3193 } 3194 3195 static void 3196 sppp_ipv6cp_TO(void *cookie) 3197 { 3198 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3199 } 3200 3201 /* 3202 * Analyze a configure request. Return true if it was agreeable, and 3203 * caused action sca, false if it has been rejected or nak'ed, and 3204 * caused action scn. (The return value is used to make the state 3205 * transition decision in the state automaton.) 3206 */ 3207 static int 3208 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3209 { 3210 u_char *buf, *r, *p; 3211 struct ifnet *ifp = &sp->pp_if; 3212 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3213 struct in6_addr myaddr, desiredaddr, suggestaddr; 3214 int ifidcount; 3215 int type; 3216 int collision, nohisaddr; 3217 3218 len -= 4; 3219 origlen = len; 3220 /* 3221 * Make sure to allocate a buf that can at least hold a 3222 * conf-nak with an `address' option. We might need it below. 3223 */ 3224 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3225 if (! buf) 3226 return (0); 3227 3228 /* pass 1: see if we can recognize them */ 3229 if (debug) 3230 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3231 SPP_ARGS(ifp)); 3232 p = (void*) (h+1); 3233 ifidcount = 0; 3234 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3235 if (debug) 3236 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3237 switch (*p) { 3238 case IPV6CP_OPT_IFID: 3239 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3240 /* correctly formed address option */ 3241 ifidcount++; 3242 continue; 3243 } 3244 if (debug) 3245 addlog(" [invalid]"); 3246 break; 3247 #ifdef notyet 3248 case IPV6CP_OPT_COMPRESSION: 3249 if (len >= 4 && p[1] >= 4) { 3250 /* correctly formed compress option */ 3251 continue; 3252 } 3253 if (debug) 3254 addlog(" [invalid]"); 3255 break; 3256 #endif 3257 default: 3258 /* Others not supported. */ 3259 if (debug) 3260 addlog(" [rej]"); 3261 break; 3262 } 3263 /* Add the option to rejected list. */ 3264 bcopy (p, r, p[1]); 3265 r += p[1]; 3266 rlen += p[1]; 3267 } 3268 if (rlen) { 3269 if (debug) 3270 addlog(" send conf-rej\n"); 3271 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3272 goto end; 3273 } else if (debug) 3274 addlog("\n"); 3275 3276 /* pass 2: parse option values */ 3277 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3278 if (debug) 3279 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3280 SPP_ARGS(ifp)); 3281 p = (void*) (h+1); 3282 len = origlen; 3283 type = CONF_ACK; 3284 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3285 if (debug) 3286 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3287 switch (*p) { 3288 #ifdef notyet 3289 case IPV6CP_OPT_COMPRESSION: 3290 continue; 3291 #endif 3292 case IPV6CP_OPT_IFID: 3293 memset(&desiredaddr, 0, sizeof(desiredaddr)); 3294 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3295 collision = (memcmp(&desiredaddr.s6_addr[8], 3296 &myaddr.s6_addr[8], 8) == 0); 3297 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3298 3299 desiredaddr.s6_addr16[0] = htons(0xfe80); 3300 desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3301 3302 if (!collision && !nohisaddr) { 3303 /* no collision, hisaddr known - Conf-Ack */ 3304 type = CONF_ACK; 3305 3306 if (debug) { 3307 addlog(" %s [%s]", 3308 ip6_sprintf(&desiredaddr), 3309 sppp_cp_type_name(type)); 3310 } 3311 continue; 3312 } 3313 3314 memset(&suggestaddr, 0, sizeof(&suggestaddr)); 3315 if (collision && nohisaddr) { 3316 /* collision, hisaddr unknown - Conf-Rej */ 3317 type = CONF_REJ; 3318 memset(&p[2], 0, 8); 3319 } else { 3320 /* 3321 * - no collision, hisaddr unknown, or 3322 * - collision, hisaddr known 3323 * Conf-Nak, suggest hisaddr 3324 */ 3325 type = CONF_NAK; 3326 sppp_suggest_ip6_addr(sp, &suggestaddr); 3327 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3328 } 3329 if (debug) 3330 addlog(" %s [%s]", ip6_sprintf(&desiredaddr), 3331 sppp_cp_type_name(type)); 3332 break; 3333 } 3334 /* Add the option to nak'ed list. */ 3335 bcopy (p, r, p[1]); 3336 r += p[1]; 3337 rlen += p[1]; 3338 } 3339 3340 if (rlen == 0 && type == CONF_ACK) { 3341 if (debug) 3342 addlog(" send %s\n", sppp_cp_type_name(type)); 3343 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3344 } else { 3345 #ifdef DIAGNOSTIC 3346 if (type == CONF_ACK) 3347 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3348 #endif 3349 3350 if (debug) { 3351 addlog(" send %s suggest %s\n", 3352 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr)); 3353 } 3354 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3355 } 3356 3357 end: 3358 free (buf, M_TEMP); 3359 return (rlen == 0); 3360 } 3361 3362 /* 3363 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3364 * negotiation. 3365 */ 3366 static void 3367 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3368 { 3369 u_char *buf, *p; 3370 struct ifnet *ifp = &sp->pp_if; 3371 int debug = ifp->if_flags & IFF_DEBUG; 3372 3373 len -= 4; 3374 buf = malloc (len, M_TEMP, M_NOWAIT); 3375 if (!buf) 3376 return; 3377 3378 if (debug) 3379 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3380 SPP_ARGS(ifp)); 3381 3382 p = (void*) (h+1); 3383 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3384 if (debug) 3385 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3386 switch (*p) { 3387 case IPV6CP_OPT_IFID: 3388 /* 3389 * Peer doesn't grok address option. This is 3390 * bad. XXX Should we better give up here? 3391 */ 3392 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3393 break; 3394 #ifdef notyet 3395 case IPV6CP_OPT_COMPRESS: 3396 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3397 break; 3398 #endif 3399 } 3400 } 3401 if (debug) 3402 addlog("\n"); 3403 free (buf, M_TEMP); 3404 return; 3405 } 3406 3407 /* 3408 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3409 * negotiation. 3410 */ 3411 static void 3412 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3413 { 3414 u_char *buf, *p; 3415 struct ifnet *ifp = &sp->pp_if; 3416 int debug = ifp->if_flags & IFF_DEBUG; 3417 struct in6_addr suggestaddr; 3418 3419 len -= 4; 3420 buf = malloc (len, M_TEMP, M_NOWAIT); 3421 if (!buf) 3422 return; 3423 3424 if (debug) 3425 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3426 SPP_ARGS(ifp)); 3427 3428 p = (void*) (h+1); 3429 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3430 if (debug) 3431 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3432 switch (*p) { 3433 case IPV6CP_OPT_IFID: 3434 /* 3435 * Peer doesn't like our local ifid. See 3436 * if we can do something for him. We'll drop 3437 * him our address then. 3438 */ 3439 if (len < 10 || p[1] != 10) 3440 break; 3441 memset(&suggestaddr, 0, sizeof(suggestaddr)); 3442 suggestaddr.s6_addr16[0] = htons(0xfe80); 3443 suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3444 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3445 3446 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3447 if (debug) 3448 addlog(" [suggestaddr %s]", 3449 ip6_sprintf(&suggestaddr)); 3450 #ifdef IPV6CP_MYIFID_DYN 3451 /* 3452 * When doing dynamic address assignment, 3453 * we accept his offer. 3454 */ 3455 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3456 struct in6_addr lastsuggest; 3457 /* 3458 * If <suggested myaddr from peer> equals to 3459 * <hisaddr we have suggested last time>, 3460 * we have a collision. generate new random 3461 * ifid. 3462 */ 3463 sppp_suggest_ip6_addr(&lastsuggest); 3464 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3465 lastsuggest)) { 3466 if (debug) 3467 addlog(" [random]"); 3468 sppp_gen_ip6_addr(sp, &suggestaddr); 3469 } 3470 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3471 if (debug) 3472 addlog(" [agree]"); 3473 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3474 } 3475 #else 3476 /* 3477 * Since we do not do dynamic address assignment, 3478 * we ignore it and thus continue to negotiate 3479 * our already existing value. This can possibly 3480 * go into infinite request-reject loop. 3481 * 3482 * This is not likely because we normally use 3483 * ifid based on MAC-address. 3484 * If you have no ethernet card on the node, too bad. 3485 * XXX should we use fail_counter? 3486 */ 3487 #endif 3488 break; 3489 #ifdef notyet 3490 case IPV6CP_OPT_COMPRESS: 3491 /* 3492 * Peer wants different compression parameters. 3493 */ 3494 break; 3495 #endif 3496 } 3497 } 3498 if (debug) 3499 addlog("\n"); 3500 free (buf, M_TEMP); 3501 return; 3502 } 3503 3504 static void 3505 sppp_ipv6cp_tlu(struct sppp *sp) 3506 { 3507 /* we are up - notify isdn daemon */ 3508 if (sp->pp_con) 3509 sp->pp_con(sp); 3510 } 3511 3512 static void 3513 sppp_ipv6cp_tld(struct sppp *sp) 3514 { 3515 } 3516 3517 static void 3518 sppp_ipv6cp_tls(struct sppp *sp) 3519 { 3520 /* indicate to LCP that it must stay alive */ 3521 sp->lcp.protos |= (1 << IDX_IPV6CP); 3522 } 3523 3524 static void 3525 sppp_ipv6cp_tlf(struct sppp *sp) 3526 { 3527 /* we no longer need LCP */ 3528 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3529 } 3530 3531 static void 3532 sppp_ipv6cp_scr(struct sppp *sp) 3533 { 3534 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3535 struct in6_addr ouraddr; 3536 int i = 0; 3537 3538 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3539 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3540 opt[i++] = IPV6CP_OPT_IFID; 3541 opt[i++] = 10; 3542 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3543 i += 8; 3544 } 3545 3546 #ifdef notyet 3547 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3548 opt[i++] = IPV6CP_OPT_COMPRESSION; 3549 opt[i++] = 4; 3550 opt[i++] = 0; /* TBD */ 3551 opt[i++] = 0; /* TBD */ 3552 /* variable length data may follow */ 3553 } 3554 #endif 3555 3556 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3557 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3558 } 3559 #else /*INET6*/ 3560 static void sppp_ipv6cp_init(struct sppp *sp) 3561 { 3562 } 3563 3564 static void sppp_ipv6cp_up(struct sppp *sp) 3565 { 3566 } 3567 3568 static void sppp_ipv6cp_down(struct sppp *sp) 3569 { 3570 } 3571 3572 3573 static void sppp_ipv6cp_open(struct sppp *sp) 3574 { 3575 } 3576 3577 static void sppp_ipv6cp_close(struct sppp *sp) 3578 { 3579 } 3580 3581 static void sppp_ipv6cp_TO(void *sp) 3582 { 3583 } 3584 3585 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3586 { 3587 return 0; 3588 } 3589 3590 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3591 { 3592 } 3593 3594 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3595 { 3596 } 3597 3598 static void sppp_ipv6cp_tlu(struct sppp *sp) 3599 { 3600 } 3601 3602 static void sppp_ipv6cp_tld(struct sppp *sp) 3603 { 3604 } 3605 3606 static void sppp_ipv6cp_tls(struct sppp *sp) 3607 { 3608 } 3609 3610 static void sppp_ipv6cp_tlf(struct sppp *sp) 3611 { 3612 } 3613 3614 static void sppp_ipv6cp_scr(struct sppp *sp) 3615 { 3616 } 3617 #endif /*INET6*/ 3618 3619 3620 /* 3621 *--------------------------------------------------------------------------* 3622 * * 3623 * The CHAP implementation. * 3624 * * 3625 *--------------------------------------------------------------------------* 3626 */ 3627 3628 /* 3629 * The authentication protocols don't employ a full-fledged state machine as 3630 * the control protocols do, since they do have Open and Close events, but 3631 * not Up and Down, nor are they explicitly terminated. Also, use of the 3632 * authentication protocols may be different in both directions (this makes 3633 * sense, think of a machine that never accepts incoming calls but only 3634 * calls out, it doesn't require the called party to authenticate itself). 3635 * 3636 * Our state machine for the local authentication protocol (we are requesting 3637 * the peer to authenticate) looks like: 3638 * 3639 * RCA- 3640 * +--------------------------------------------+ 3641 * V scn,tld| 3642 * +--------+ Close +---------+ RCA+ 3643 * | |<----------------------------------| |------+ 3644 * +--->| Closed | TO* | Opened | sca | 3645 * | | |-----+ +-------| |<-----+ 3646 * | +--------+ irc | | +---------+ 3647 * | ^ | | ^ 3648 * | | | | | 3649 * | | | | | 3650 * | TO-| | | | 3651 * | |tld TO+ V | | 3652 * | | +------->+ | | 3653 * | | | | | | 3654 * | +--------+ V | | 3655 * | | |<----+<--------------------+ | 3656 * | | Req- | scr | 3657 * | | Sent | | 3658 * | | | | 3659 * | +--------+ | 3660 * | RCA- | | RCA+ | 3661 * +------+ +------------------------------------------+ 3662 * scn,tld sca,irc,ict,tlu 3663 * 3664 * 3665 * with: 3666 * 3667 * Open: LCP reached authentication phase 3668 * Close: LCP reached terminate phase 3669 * 3670 * RCA+: received reply (pap-req, chap-response), acceptable 3671 * RCN: received reply (pap-req, chap-response), not acceptable 3672 * TO+: timeout with restart counter >= 0 3673 * TO-: timeout with restart counter < 0 3674 * TO*: reschedule timeout for CHAP 3675 * 3676 * scr: send request packet (none for PAP, chap-challenge) 3677 * sca: send ack packet (pap-ack, chap-success) 3678 * scn: send nak packet (pap-nak, chap-failure) 3679 * ict: initialize re-challenge timer (CHAP only) 3680 * 3681 * tlu: this-layer-up, LCP reaches network phase 3682 * tld: this-layer-down, LCP enters terminate phase 3683 * 3684 * Note that in CHAP mode, after sending a new challenge, while the state 3685 * automaton falls back into Req-Sent state, it doesn't signal a tld 3686 * event to LCP, so LCP remains in network phase. Only after not getting 3687 * any response (or after getting an unacceptable response), CHAP closes, 3688 * causing LCP to enter terminate phase. 3689 * 3690 * With PAP, there is no initial request that can be sent. The peer is 3691 * expected to send one based on the successful negotiation of PAP as 3692 * the authentication protocol during the LCP option negotiation. 3693 * 3694 * Incoming authentication protocol requests (remote requests 3695 * authentication, we are peer) don't employ a state machine at all, 3696 * they are simply answered. Some peers [Ascend P50 firmware rev 3697 * 4.50] react allergically when sending IPCP/IPv6CP requests while they are 3698 * still in authentication phase (thereby violating the standard that 3699 * demands that these NCP packets are to be discarded), so we keep 3700 * track of the peer demanding us to authenticate, and only proceed to 3701 * phase network once we've seen a positive acknowledge for the 3702 * authentication. 3703 */ 3704 3705 /* 3706 * Handle incoming CHAP packets. 3707 */ 3708 void 3709 sppp_chap_input(struct sppp *sp, struct mbuf *m) 3710 { 3711 STDDCL; 3712 struct lcp_header *h; 3713 int len, x; 3714 u_char *value, *name, digest[sizeof(sp->myauth.challenge)], dsize; 3715 int value_len, name_len; 3716 MD5_CTX ctx; 3717 3718 len = m->m_pkthdr.len; 3719 if (len < 4) { 3720 if (debug) 3721 log(LOG_DEBUG, 3722 SPP_FMT "chap invalid packet length: %d bytes\n", 3723 SPP_ARGS(ifp), len); 3724 return; 3725 } 3726 h = mtod (m, struct lcp_header*); 3727 if (len > ntohs (h->len)) 3728 len = ntohs (h->len); 3729 3730 switch (h->type) { 3731 /* challenge, failure and success are his authproto */ 3732 case CHAP_CHALLENGE: 3733 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 3734 /* can't do anything usefull */ 3735 sp->pp_auth_failures++; 3736 printf(SPP_FMT "chap input without my name and my secret being set\n", 3737 SPP_ARGS(ifp)); 3738 break; 3739 } 3740 value = 1 + (u_char*)(h+1); 3741 value_len = value[-1]; 3742 name = value + value_len; 3743 name_len = len - value_len - 5; 3744 if (name_len < 0) { 3745 if (debug) { 3746 log(LOG_DEBUG, 3747 SPP_FMT "chap corrupted challenge " 3748 "<%s id=0x%x len=%d", 3749 SPP_ARGS(ifp), 3750 sppp_auth_type_name(PPP_CHAP, h->type), 3751 h->ident, ntohs(h->len)); 3752 if (len > 4) 3753 sppp_print_bytes((u_char*) (h+1), len-4); 3754 addlog(">\n"); 3755 } 3756 break; 3757 } 3758 3759 if (debug) { 3760 log(LOG_DEBUG, 3761 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3762 SPP_ARGS(ifp), 3763 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3764 ntohs(h->len)); 3765 sppp_print_string((char*) name, name_len); 3766 addlog(" value-size=%d value=", value_len); 3767 sppp_print_bytes(value, value_len); 3768 addlog(">\n"); 3769 } 3770 3771 /* Compute reply value. */ 3772 MD5Init(&ctx); 3773 MD5Update(&ctx, &h->ident, 1); 3774 MD5Update(&ctx, sp->myauth.secret, strlen(sp->myauth.secret)); 3775 MD5Update(&ctx, value, value_len); 3776 MD5Final(digest, &ctx); 3777 dsize = sizeof digest; 3778 3779 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3780 sizeof dsize, (const char *)&dsize, 3781 sizeof digest, digest, 3782 strlen(sp->myauth.name), 3783 sp->myauth.name, 3784 0); 3785 break; 3786 3787 case CHAP_SUCCESS: 3788 if (debug) { 3789 log(LOG_DEBUG, SPP_FMT "chap success", 3790 SPP_ARGS(ifp)); 3791 if (len > 4) { 3792 addlog(": "); 3793 sppp_print_string((char*)(h + 1), len - 4); 3794 } 3795 addlog("\n"); 3796 } 3797 x = splnet(); 3798 sp->pp_auth_failures = 0; 3799 sp->pp_flags &= ~PP_NEEDAUTH; 3800 if (sp->myauth.proto == PPP_CHAP && 3801 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3802 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3803 /* 3804 * We are authenticator for CHAP but didn't 3805 * complete yet. Leave it to tlu to proceed 3806 * to network phase. 3807 */ 3808 splx(x); 3809 break; 3810 } 3811 splx(x); 3812 sppp_phase_network(sp); 3813 break; 3814 3815 case CHAP_FAILURE: 3816 x = splnet(); 3817 sp->pp_auth_failures++; 3818 splx(x); 3819 if (debug) { 3820 log(LOG_INFO, SPP_FMT "chap failure", 3821 SPP_ARGS(ifp)); 3822 if (len > 4) { 3823 addlog(": "); 3824 sppp_print_string((char*)(h + 1), len - 4); 3825 } 3826 addlog("\n"); 3827 } else 3828 log(LOG_INFO, SPP_FMT "chap failure\n", 3829 SPP_ARGS(ifp)); 3830 /* await LCP shutdown by authenticator */ 3831 break; 3832 3833 /* response is my authproto */ 3834 case CHAP_RESPONSE: 3835 if (sp->hisauth.secret == NULL) { 3836 /* can't do anything usefull */ 3837 printf(SPP_FMT "chap input without his secret being set\n", 3838 SPP_ARGS(ifp)); 3839 break; 3840 } 3841 value = 1 + (u_char*)(h+1); 3842 value_len = value[-1]; 3843 name = value + value_len; 3844 name_len = len - value_len - 5; 3845 if (name_len < 0) { 3846 if (debug) { 3847 log(LOG_DEBUG, 3848 SPP_FMT "chap corrupted response " 3849 "<%s id=0x%x len=%d", 3850 SPP_ARGS(ifp), 3851 sppp_auth_type_name(PPP_CHAP, h->type), 3852 h->ident, ntohs(h->len)); 3853 if (len > 4) 3854 sppp_print_bytes((u_char*)(h+1), len-4); 3855 addlog(">\n"); 3856 } 3857 break; 3858 } 3859 if (h->ident != sp->confid[IDX_CHAP]) { 3860 if (debug) 3861 log(LOG_DEBUG, 3862 SPP_FMT "chap dropping response for old ID " 3863 "(got %d, expected %d)\n", 3864 SPP_ARGS(ifp), 3865 h->ident, sp->confid[IDX_CHAP]); 3866 break; 3867 } 3868 if (sp->hisauth.name != NULL && 3869 (name_len != strlen(sp->hisauth.name) 3870 || memcmp(name, sp->hisauth.name, name_len) != 0)) { 3871 log(LOG_INFO, SPP_FMT "chap response, his name ", 3872 SPP_ARGS(ifp)); 3873 sppp_print_string(name, name_len); 3874 addlog(" != expected "); 3875 sppp_print_string(sp->hisauth.name, 3876 strlen(sp->hisauth.name)); 3877 addlog("\n"); 3878 goto chap_failure; 3879 } 3880 if (debug) { 3881 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 3882 "<%s id=0x%x len=%d name=", 3883 SPP_ARGS(ifp), 3884 sppp_state_name(sp->state[IDX_CHAP]), 3885 sppp_auth_type_name(PPP_CHAP, h->type), 3886 h->ident, ntohs (h->len)); 3887 sppp_print_string((char*)name, name_len); 3888 addlog(" value-size=%d value=", value_len); 3889 sppp_print_bytes(value, value_len); 3890 addlog(">\n"); 3891 } 3892 if (value_len != sizeof(sp->myauth.challenge)) { 3893 if (debug) 3894 log(LOG_DEBUG, 3895 SPP_FMT "chap bad hash value length: " 3896 "%d bytes, should be %ld\n", 3897 SPP_ARGS(ifp), value_len, 3898 (long) sizeof(sp->myauth.challenge)); 3899 goto chap_failure; 3900 } 3901 3902 MD5Init(&ctx); 3903 MD5Update(&ctx, &h->ident, 1); 3904 MD5Update(&ctx, sp->hisauth.secret, 3905 strlen(sp->hisauth.secret)); 3906 MD5Update(&ctx, sp->myauth.challenge, sizeof(sp->myauth.challenge)); 3907 MD5Final(digest, &ctx); 3908 3909 #define FAILMSG "Failed..." 3910 #define SUCCMSG "Welcome!" 3911 3912 if (value_len != sizeof digest || 3913 memcmp(digest, value, value_len) != 0) { 3914 chap_failure: 3915 /* action scn, tld */ 3916 x = splnet(); 3917 sp->pp_auth_failures++; 3918 splx(x); 3919 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3920 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3921 0); 3922 chap.tld(sp); 3923 break; 3924 } 3925 sp->pp_auth_failures = 0; 3926 /* action sca, perhaps tlu */ 3927 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 3928 sp->state[IDX_CHAP] == STATE_OPENED) 3929 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 3930 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3931 0); 3932 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 3933 sppp_cp_change_state(&chap, sp, STATE_OPENED); 3934 chap.tlu(sp); 3935 } 3936 break; 3937 3938 default: 3939 /* Unknown CHAP packet type -- ignore. */ 3940 if (debug) { 3941 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 3942 "<0x%x id=0x%xh len=%d", 3943 SPP_ARGS(ifp), 3944 sppp_state_name(sp->state[IDX_CHAP]), 3945 h->type, h->ident, ntohs(h->len)); 3946 if (len > 4) 3947 sppp_print_bytes((u_char*)(h+1), len-4); 3948 addlog(">\n"); 3949 } 3950 break; 3951 3952 } 3953 } 3954 3955 static void 3956 sppp_chap_init(struct sppp *sp) 3957 { 3958 /* Chap doesn't have STATE_INITIAL at all. */ 3959 sp->state[IDX_CHAP] = STATE_CLOSED; 3960 sp->fail_counter[IDX_CHAP] = 0; 3961 sp->pp_seq[IDX_CHAP] = 0; 3962 sp->pp_rseq[IDX_CHAP] = 0; 3963 callout_init(&sp->ch[IDX_CHAP]); 3964 } 3965 3966 static void 3967 sppp_chap_open(struct sppp *sp) 3968 { 3969 if (sp->myauth.proto == PPP_CHAP && 3970 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3971 /* we are authenticator for CHAP, start it */ 3972 chap.scr(sp); 3973 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3974 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3975 } 3976 /* nothing to be done if we are peer, await a challenge */ 3977 } 3978 3979 static void 3980 sppp_chap_close(struct sppp *sp) 3981 { 3982 if (sp->state[IDX_CHAP] != STATE_CLOSED) 3983 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3984 } 3985 3986 static void 3987 sppp_chap_TO(void *cookie) 3988 { 3989 struct sppp *sp = (struct sppp *)cookie; 3990 STDDCL; 3991 int s; 3992 3993 s = splnet(); 3994 if (debug) 3995 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 3996 SPP_ARGS(ifp), 3997 sppp_state_name(sp->state[IDX_CHAP]), 3998 sp->rst_counter[IDX_CHAP]); 3999 4000 if (--sp->rst_counter[IDX_CHAP] < 0) 4001 /* TO- event */ 4002 switch (sp->state[IDX_CHAP]) { 4003 case STATE_REQ_SENT: 4004 chap.tld(sp); 4005 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4006 break; 4007 } 4008 else 4009 /* TO+ (or TO*) event */ 4010 switch (sp->state[IDX_CHAP]) { 4011 case STATE_OPENED: 4012 /* TO* event */ 4013 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4014 /* fall through */ 4015 case STATE_REQ_SENT: 4016 chap.scr(sp); 4017 /* sppp_cp_change_state() will restart the timer */ 4018 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4019 break; 4020 } 4021 4022 splx(s); 4023 } 4024 4025 static void 4026 sppp_chap_tlu(struct sppp *sp) 4027 { 4028 STDDCL; 4029 int i, x; 4030 4031 i = 0; 4032 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4033 4034 /* 4035 * Some broken CHAP implementations (Conware CoNet, firmware 4036 * 4.0.?) don't want to re-authenticate their CHAP once the 4037 * initial challenge-response exchange has taken place. 4038 * Provide for an option to avoid rechallenges. 4039 */ 4040 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) { 4041 /* 4042 * Compute the re-challenge timeout. This will yield 4043 * a number between 300 and 810 seconds. 4044 */ 4045 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 4046 4047 callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, sp); 4048 } 4049 4050 if (debug) { 4051 log(LOG_DEBUG, 4052 SPP_FMT "chap %s, ", 4053 SPP_ARGS(ifp), 4054 sp->pp_phase == SPPP_PHASE_NETWORK? "reconfirmed": "tlu"); 4055 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) 4056 addlog("next re-challenge in %d seconds\n", i); 4057 else 4058 addlog("re-challenging supressed\n"); 4059 } 4060 4061 x = splnet(); 4062 sp->pp_auth_failures = 0; 4063 /* indicate to LCP that we need to be closed down */ 4064 sp->lcp.protos |= (1 << IDX_CHAP); 4065 4066 if (sp->pp_flags & PP_NEEDAUTH) { 4067 /* 4068 * Remote is authenticator, but his auth proto didn't 4069 * complete yet. Defer the transition to network 4070 * phase. 4071 */ 4072 splx(x); 4073 return; 4074 } 4075 splx(x); 4076 4077 /* 4078 * If we are already in phase network, we are done here. This 4079 * is the case if this is a dummy tlu event after a re-challenge. 4080 */ 4081 if (sp->pp_phase != SPPP_PHASE_NETWORK) 4082 sppp_phase_network(sp); 4083 } 4084 4085 static void 4086 sppp_chap_tld(struct sppp *sp) 4087 { 4088 STDDCL; 4089 4090 if (debug) 4091 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 4092 callout_stop(&sp->ch[IDX_CHAP]); 4093 sp->lcp.protos &= ~(1 << IDX_CHAP); 4094 4095 lcp.Close(sp); 4096 } 4097 4098 static void 4099 sppp_chap_scr(struct sppp *sp) 4100 { 4101 struct timeval tv; 4102 u_int32_t *ch, seed; 4103 u_char clen; 4104 4105 if (sp->myauth.name == NULL) { 4106 /* can't do anything usefull */ 4107 printf(SPP_FMT "chap starting without my name being set\n", 4108 SPP_ARGS(&sp->pp_if)); 4109 return; 4110 } 4111 4112 /* Compute random challenge. */ 4113 ch = (u_int32_t *)sp->myauth.challenge; 4114 microtime(&tv); 4115 seed = tv.tv_sec ^ tv.tv_usec; 4116 ch[0] = seed ^ random(); 4117 ch[1] = seed ^ random(); 4118 ch[2] = seed ^ random(); 4119 ch[3] = seed ^ random(); 4120 clen = 16; /* 4 * sizeof(u_int32_t) */ 4121 4122 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4123 4124 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4125 sizeof clen, (const char *)&clen, 4126 sizeof(sp->myauth.challenge), sp->myauth.challenge, 4127 strlen(sp->myauth.name), 4128 sp->myauth.name, 4129 0); 4130 } 4131 4132 /* 4133 *--------------------------------------------------------------------------* 4134 * * 4135 * The PAP implementation. * 4136 * * 4137 *--------------------------------------------------------------------------* 4138 */ 4139 /* 4140 * For PAP, we need to keep a little state also if we are the peer, not the 4141 * authenticator. This is since we don't get a request to authenticate, but 4142 * have to repeatedly authenticate ourself until we got a response (or the 4143 * retry counter is expired). 4144 */ 4145 4146 /* 4147 * Handle incoming PAP packets. */ 4148 static void 4149 sppp_pap_input(struct sppp *sp, struct mbuf *m) 4150 { 4151 STDDCL; 4152 struct lcp_header *h; 4153 int len, x; 4154 u_char mlen; 4155 char *name, *passwd; 4156 int name_len, passwd_len; 4157 4158 len = m->m_pkthdr.len; 4159 if (len < 5) { 4160 if (debug) 4161 log(LOG_DEBUG, 4162 SPP_FMT "pap invalid packet length: %d bytes\n", 4163 SPP_ARGS(ifp), len); 4164 return; 4165 } 4166 h = mtod (m, struct lcp_header*); 4167 if (len > ntohs (h->len)) 4168 len = ntohs (h->len); 4169 switch (h->type) { 4170 /* PAP request is my authproto */ 4171 case PAP_REQ: 4172 if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) { 4173 /* can't do anything usefull */ 4174 printf(SPP_FMT "pap request without his name and his secret being set\n", 4175 SPP_ARGS(ifp)); 4176 break; 4177 } 4178 name = 1 + (u_char*)(h+1); 4179 name_len = name[-1]; 4180 passwd = name + name_len + 1; 4181 if (name_len > len - 6 || 4182 (passwd_len = passwd[-1]) > len - 6 - name_len) { 4183 if (debug) { 4184 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4185 "<%s id=0x%x len=%d", 4186 SPP_ARGS(ifp), 4187 sppp_auth_type_name(PPP_PAP, h->type), 4188 h->ident, ntohs(h->len)); 4189 if (len > 4) 4190 sppp_print_bytes((u_char*)(h+1), len-4); 4191 addlog(">\n"); 4192 } 4193 break; 4194 } 4195 if (debug) { 4196 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4197 "<%s id=0x%x len=%d name=", 4198 SPP_ARGS(ifp), 4199 sppp_state_name(sp->state[IDX_PAP]), 4200 sppp_auth_type_name(PPP_PAP, h->type), 4201 h->ident, ntohs(h->len)); 4202 sppp_print_string((char*)name, name_len); 4203 addlog(" passwd="); 4204 sppp_print_string((char*)passwd, passwd_len); 4205 addlog(">\n"); 4206 } 4207 if (memcmp(name, sp->hisauth.name, name_len) != 0 || 4208 memcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 4209 /* action scn, tld */ 4210 sp->pp_auth_failures++; 4211 mlen = sizeof(FAILMSG) - 1; 4212 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4213 sizeof mlen, (const char *)&mlen, 4214 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4215 0); 4216 pap.tld(sp); 4217 break; 4218 } 4219 /* action sca, perhaps tlu */ 4220 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4221 sp->state[IDX_PAP] == STATE_OPENED) { 4222 mlen = sizeof(SUCCMSG) - 1; 4223 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4224 sizeof mlen, (const char *)&mlen, 4225 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4226 0); 4227 } 4228 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4229 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4230 pap.tlu(sp); 4231 } 4232 break; 4233 4234 /* ack and nak are his authproto */ 4235 case PAP_ACK: 4236 callout_stop(&sp->pap_my_to_ch); 4237 if (debug) { 4238 log(LOG_DEBUG, SPP_FMT "pap success", 4239 SPP_ARGS(ifp)); 4240 name_len = *(char *)h; 4241 if (len > 5 && name_len) { 4242 addlog(": "); 4243 sppp_print_string((char*)(h+1), name_len); 4244 } 4245 addlog("\n"); 4246 } 4247 x = splnet(); 4248 sp->pp_auth_failures = 0; 4249 sp->pp_flags &= ~PP_NEEDAUTH; 4250 if (sp->myauth.proto == PPP_PAP && 4251 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4252 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4253 /* 4254 * We are authenticator for PAP but didn't 4255 * complete yet. Leave it to tlu to proceed 4256 * to network phase. 4257 */ 4258 splx(x); 4259 break; 4260 } 4261 splx(x); 4262 sppp_phase_network(sp); 4263 break; 4264 4265 case PAP_NAK: 4266 callout_stop(&sp->pap_my_to_ch); 4267 sp->pp_auth_failures++; 4268 if (debug) { 4269 log(LOG_INFO, SPP_FMT "pap failure", 4270 SPP_ARGS(ifp)); 4271 name_len = *(char *)h; 4272 if (len > 5 && name_len) { 4273 addlog(": "); 4274 sppp_print_string((char*)(h+1), name_len); 4275 } 4276 addlog("\n"); 4277 } else 4278 log(LOG_INFO, SPP_FMT "pap failure\n", 4279 SPP_ARGS(ifp)); 4280 /* await LCP shutdown by authenticator */ 4281 break; 4282 4283 default: 4284 /* Unknown PAP packet type -- ignore. */ 4285 if (debug) { 4286 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4287 "<0x%x id=0x%x len=%d", 4288 SPP_ARGS(ifp), 4289 h->type, h->ident, ntohs(h->len)); 4290 if (len > 4) 4291 sppp_print_bytes((u_char*)(h+1), len-4); 4292 addlog(">\n"); 4293 } 4294 break; 4295 4296 } 4297 } 4298 4299 static void 4300 sppp_pap_init(struct sppp *sp) 4301 { 4302 /* PAP doesn't have STATE_INITIAL at all. */ 4303 sp->state[IDX_PAP] = STATE_CLOSED; 4304 sp->fail_counter[IDX_PAP] = 0; 4305 sp->pp_seq[IDX_PAP] = 0; 4306 sp->pp_rseq[IDX_PAP] = 0; 4307 callout_init(&sp->ch[IDX_PAP]); 4308 callout_init(&sp->pap_my_to_ch); 4309 } 4310 4311 static void 4312 sppp_pap_open(struct sppp *sp) 4313 { 4314 if (sp->hisauth.proto == PPP_PAP && 4315 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4316 /* we are authenticator for PAP, start our timer */ 4317 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4318 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4319 } 4320 if (sp->myauth.proto == PPP_PAP) { 4321 /* we are peer, send a request, and start a timer */ 4322 pap.scr(sp); 4323 callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout, 4324 sppp_pap_my_TO, sp); 4325 } 4326 } 4327 4328 static void 4329 sppp_pap_close(struct sppp *sp) 4330 { 4331 if (sp->state[IDX_PAP] != STATE_CLOSED) 4332 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4333 } 4334 4335 /* 4336 * That's the timeout routine if we are authenticator. Since the 4337 * authenticator is basically passive in PAP, we can't do much here. 4338 */ 4339 static void 4340 sppp_pap_TO(void *cookie) 4341 { 4342 struct sppp *sp = (struct sppp *)cookie; 4343 STDDCL; 4344 int s; 4345 4346 s = splnet(); 4347 if (debug) 4348 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4349 SPP_ARGS(ifp), 4350 sppp_state_name(sp->state[IDX_PAP]), 4351 sp->rst_counter[IDX_PAP]); 4352 4353 if (--sp->rst_counter[IDX_PAP] < 0) 4354 /* TO- event */ 4355 switch (sp->state[IDX_PAP]) { 4356 case STATE_REQ_SENT: 4357 pap.tld(sp); 4358 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4359 break; 4360 } 4361 else 4362 /* TO+ event, not very much we could do */ 4363 switch (sp->state[IDX_PAP]) { 4364 case STATE_REQ_SENT: 4365 /* sppp_cp_change_state() will restart the timer */ 4366 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4367 break; 4368 } 4369 4370 splx(s); 4371 } 4372 4373 /* 4374 * That's the timeout handler if we are peer. Since the peer is active, 4375 * we need to retransmit our PAP request since it is apparently lost. 4376 * XXX We should impose a max counter. 4377 */ 4378 static void 4379 sppp_pap_my_TO(void *cookie) 4380 { 4381 struct sppp *sp = (struct sppp *)cookie; 4382 STDDCL; 4383 4384 if (debug) 4385 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4386 SPP_ARGS(ifp)); 4387 4388 pap.scr(sp); 4389 } 4390 4391 static void 4392 sppp_pap_tlu(struct sppp *sp) 4393 { 4394 STDDCL; 4395 int x; 4396 4397 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4398 4399 if (debug) 4400 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4401 SPP_ARGS(ifp), pap.name); 4402 4403 x = splnet(); 4404 sp->pp_auth_failures = 0; 4405 /* indicate to LCP that we need to be closed down */ 4406 sp->lcp.protos |= (1 << IDX_PAP); 4407 4408 if (sp->pp_flags & PP_NEEDAUTH) { 4409 /* 4410 * Remote is authenticator, but his auth proto didn't 4411 * complete yet. Defer the transition to network 4412 * phase. 4413 */ 4414 splx(x); 4415 return; 4416 } 4417 splx(x); 4418 sppp_phase_network(sp); 4419 } 4420 4421 static void 4422 sppp_pap_tld(struct sppp *sp) 4423 { 4424 STDDCL; 4425 4426 if (debug) 4427 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4428 callout_stop(&sp->ch[IDX_PAP]); 4429 callout_stop(&sp->pap_my_to_ch); 4430 sp->lcp.protos &= ~(1 << IDX_PAP); 4431 4432 lcp.Close(sp); 4433 } 4434 4435 static void 4436 sppp_pap_scr(struct sppp *sp) 4437 { 4438 u_char idlen, pwdlen; 4439 4440 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 4441 /* can't do anything usefull */ 4442 printf(SPP_FMT "pap starting without my name and secret being set\n", 4443 SPP_ARGS(&sp->pp_if)); 4444 return; 4445 } 4446 4447 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4448 pwdlen = strlen(sp->myauth.secret); 4449 idlen = strlen(sp->myauth.name); 4450 4451 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4452 sizeof idlen, (const char *)&idlen, 4453 idlen, sp->myauth.name, 4454 sizeof pwdlen, (const char *)&pwdlen, 4455 pwdlen, sp->myauth.secret, 4456 0); 4457 } 4458 4459 /* 4460 * Random miscellaneous functions. 4461 */ 4462 4463 /* 4464 * Send a PAP or CHAP proto packet. 4465 * 4466 * Varadic function, each of the elements for the ellipsis is of type 4467 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4468 * mlen == 0. 4469 * NOTE: never declare variadic functions with types subject to type 4470 * promotion (i.e. u_char). This is asking for big trouble depending 4471 * on the architecture you are on... 4472 */ 4473 4474 static void 4475 sppp_auth_send(const struct cp *cp, struct sppp *sp, 4476 unsigned int type, unsigned int id, 4477 ...) 4478 { 4479 STDDCL; 4480 struct lcp_header *lh; 4481 struct mbuf *m; 4482 u_char *p; 4483 int len; 4484 size_t pkthdrlen; 4485 unsigned int mlen; 4486 const char *msg; 4487 va_list ap; 4488 4489 MGETHDR (m, M_DONTWAIT, MT_DATA); 4490 if (! m) 4491 return; 4492 m->m_pkthdr.rcvif = 0; 4493 4494 if (sp->pp_flags & PP_NOFRAMING) { 4495 *mtod(m, u_int16_t*) = htons(cp->proto); 4496 pkthdrlen = 2; 4497 lh = (struct lcp_header*)(mtod(m, u_int8_t*)+2); 4498 } else { 4499 struct ppp_header *h; 4500 h = mtod (m, struct ppp_header*); 4501 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4502 h->control = PPP_UI; /* Unnumbered Info */ 4503 h->protocol = htons(cp->proto); 4504 pkthdrlen = PPP_HEADER_LEN; 4505 4506 lh = (struct lcp_header*)(h + 1); 4507 } 4508 4509 lh->type = type; 4510 lh->ident = id; 4511 p = (u_char*) (lh+1); 4512 4513 va_start(ap, id); 4514 len = 0; 4515 4516 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4517 msg = va_arg(ap, const char *); 4518 len += mlen; 4519 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) { 4520 va_end(ap); 4521 m_freem(m); 4522 return; 4523 } 4524 4525 bcopy(msg, p, mlen); 4526 p += mlen; 4527 } 4528 va_end(ap); 4529 4530 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 4531 lh->len = htons (LCP_HEADER_LEN + len); 4532 4533 if (debug) { 4534 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4535 SPP_ARGS(ifp), cp->name, 4536 sppp_auth_type_name(cp->proto, lh->type), 4537 lh->ident, ntohs(lh->len)); 4538 if (len) 4539 sppp_print_bytes((u_char*) (lh+1), len); 4540 addlog(">\n"); 4541 } 4542 if (IF_QFULL (&sp->pp_cpq)) { 4543 IF_DROP (&sp->pp_fastq); 4544 IF_DROP (&ifp->if_snd); 4545 m_freem (m); 4546 ++ifp->if_oerrors; 4547 } else 4548 IF_ENQUEUE (&sp->pp_cpq, m); 4549 if (! (ifp->if_flags & IFF_OACTIVE)) 4550 (*ifp->if_start) (ifp); 4551 ifp->if_obytes += m->m_pkthdr.len + 3; 4552 } 4553 4554 /* 4555 * Send keepalive packets, every 10 seconds. 4556 */ 4557 static void 4558 sppp_keepalive(void *dummy) 4559 { 4560 struct sppp *sp; 4561 int s; 4562 time_t now; 4563 4564 s = splnet(); 4565 now = time.tv_sec; 4566 for (sp=spppq; sp; sp=sp->pp_next) { 4567 struct ifnet *ifp = &sp->pp_if; 4568 4569 /* check idle timeout */ 4570 if ((sp->pp_idle_timeout != 0) && (ifp->if_flags & IFF_RUNNING) 4571 && (sp->pp_phase == SPPP_PHASE_NETWORK)) { 4572 /* idle timeout is enabled for this interface */ 4573 if ((now-sp->pp_last_activity) >= sp->pp_idle_timeout) { 4574 if (ifp->if_flags & IFF_DEBUG) 4575 printf("%s: no activitiy for %lu seconds\n", 4576 sp->pp_if.if_xname, 4577 (unsigned long)(now-sp->pp_last_activity)); 4578 lcp.Close(sp); 4579 continue; 4580 } 4581 } 4582 4583 /* Keepalive mode disabled or channel down? */ 4584 if (! (sp->pp_flags & PP_KEEPALIVE) || 4585 ! (ifp->if_flags & IFF_RUNNING)) 4586 continue; 4587 4588 /* No keepalive in PPP mode if LCP not opened yet. */ 4589 if (! (sp->pp_flags & PP_CISCO) && 4590 sp->pp_phase < SPPP_PHASE_AUTHENTICATE) 4591 continue; 4592 4593 if (sp->pp_alivecnt == MAXALIVECNT) { 4594 /* No keepalive packets got. Stop the interface. */ 4595 if_down (ifp); 4596 IF_PURGE (&sp->pp_cpq); 4597 if (! (sp->pp_flags & PP_CISCO)) { 4598 printf("%s: LCP keepalive timed out, going to restart the connection\n", 4599 ifp->if_xname); 4600 sp->pp_alivecnt = 0; 4601 4602 /* we are down, close all open protocols */ 4603 lcp.Close(sp); 4604 4605 /* And now prepare LCP to reestablish the link, if configured to do so. */ 4606 sppp_cp_change_state(&lcp, sp, STATE_STOPPED); 4607 4608 /* Close connection imediatly, completition of this 4609 * will summon the magic needed to reestablish it. */ 4610 sp->pp_tlf(sp); 4611 continue; 4612 } 4613 } 4614 if (sp->pp_alivecnt <= MAXALIVECNT) 4615 ++sp->pp_alivecnt; 4616 if (sp->pp_flags & PP_CISCO) 4617 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4618 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4619 else if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 4620 int32_t nmagic = htonl (sp->lcp.magic); 4621 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4622 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4623 sp->lcp.echoid, 4, &nmagic); 4624 } 4625 } 4626 splx(s); 4627 callout_reset(&keepalive_ch, hz * 10, sppp_keepalive, NULL); 4628 } 4629 4630 /* 4631 * Get both IP addresses. 4632 */ 4633 static void 4634 sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, u_int32_t *srcmask) 4635 { 4636 struct ifnet *ifp = &sp->pp_if; 4637 struct ifaddr *ifa; 4638 struct sockaddr_in *si, *sm; 4639 u_int32_t ssrc, ddst; 4640 4641 sm = NULL; 4642 ssrc = ddst = 0; 4643 /* 4644 * Pick the first AF_INET address from the list, 4645 * aliases don't make any sense on a p2p link anyway. 4646 */ 4647 si = 0; 4648 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 4649 if (ifa->ifa_addr->sa_family == AF_INET) { 4650 si = (struct sockaddr_in *)ifa->ifa_addr; 4651 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4652 if (si) 4653 break; 4654 } 4655 } 4656 if (ifa) { 4657 if (si && si->sin_addr.s_addr) { 4658 ssrc = si->sin_addr.s_addr; 4659 if (srcmask) 4660 *srcmask = ntohl(sm->sin_addr.s_addr); 4661 } 4662 4663 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4664 if (si && si->sin_addr.s_addr) 4665 ddst = si->sin_addr.s_addr; 4666 } 4667 4668 if (dst) *dst = ntohl(ddst); 4669 if (src) *src = ntohl(ssrc); 4670 } 4671 4672 /* 4673 * Set IP addresses. Must be called at splnet. 4674 * If an address is 0, leave it the way it is. 4675 */ 4676 static void 4677 sppp_set_ip_addrs(struct sppp *sp, u_int32_t myaddr, u_int32_t hisaddr) 4678 { 4679 STDDCL; 4680 struct ifaddr *ifa; 4681 struct sockaddr_in *si; 4682 struct sockaddr_in *dest; 4683 4684 /* 4685 * Pick the first AF_INET address from the list, 4686 * aliases don't make any sense on a p2p link anyway. 4687 */ 4688 4689 si = 0; 4690 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4691 { 4692 if (ifa->ifa_addr->sa_family == AF_INET) 4693 { 4694 si = (struct sockaddr_in *)ifa->ifa_addr; 4695 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 4696 if (si) 4697 break; 4698 } 4699 } 4700 4701 if (ifa && si) 4702 { 4703 int error; 4704 struct sockaddr_in new_sin = *si; 4705 struct sockaddr_in new_dst = *dest; 4706 4707 /* 4708 * Scrub old routes now instead of calling in_ifinit with 4709 * scrub=1, because we may change the dstaddr 4710 * before the call to in_ifinit. 4711 */ 4712 in_ifscrub(ifp, ifatoia(ifa)); 4713 4714 if (myaddr != 0) 4715 new_sin.sin_addr.s_addr = htonl(myaddr); 4716 if (hisaddr != 0) { 4717 new_dst.sin_addr.s_addr = htonl(hisaddr); 4718 if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) { 4719 sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr; 4720 *dest = new_dst; /* fix dstaddr in place */ 4721 } 4722 } 4723 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 0); 4724 if(debug && error) 4725 { 4726 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addrs: in_ifinit " 4727 " failed, error=%d\n", SPP_ARGS(ifp), error); 4728 } 4729 } 4730 } 4731 4732 /* 4733 * Clear IP addresses. Must be called at splnet. 4734 */ 4735 static void 4736 sppp_clear_ip_addrs(struct sppp *sp) 4737 { 4738 struct ifnet *ifp = &sp->pp_if; 4739 struct ifaddr *ifa; 4740 struct sockaddr_in *si; 4741 struct sockaddr_in *dest; 4742 4743 u_int32_t remote; 4744 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 4745 remote = sp->ipcp.saved_hisaddr; 4746 else 4747 sppp_get_ip_addrs(sp, 0, &remote, 0); 4748 4749 /* 4750 * Pick the first AF_INET address from the list, 4751 * aliases don't make any sense on a p2p link anyway. 4752 */ 4753 4754 si = 0; 4755 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4756 { 4757 if (ifa->ifa_addr->sa_family == AF_INET) 4758 { 4759 si = (struct sockaddr_in *)ifa->ifa_addr; 4760 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 4761 if (si) 4762 break; 4763 } 4764 } 4765 4766 if (ifa && si) 4767 { 4768 struct sockaddr_in new_sin = *si; 4769 4770 in_ifscrub(ifp, ifatoia(ifa)); 4771 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 4772 new_sin.sin_addr.s_addr = 0; 4773 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 4774 /* replace peer addr in place */ 4775 dest->sin_addr.s_addr = sp->ipcp.saved_hisaddr; 4776 in_ifinit(ifp, ifatoia(ifa), &new_sin, 0); 4777 } 4778 } 4779 4780 #ifdef INET6 4781 /* 4782 * Get both IPv6 addresses. 4783 */ 4784 static void 4785 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4786 struct in6_addr *srcmask) 4787 { 4788 struct ifnet *ifp = &sp->pp_if; 4789 struct ifaddr *ifa; 4790 struct sockaddr_in6 *si, *sm; 4791 struct in6_addr ssrc, ddst; 4792 4793 sm = NULL; 4794 memset(&ssrc, 0, sizeof(ssrc)); 4795 memset(&ddst, 0, sizeof(ddst)); 4796 /* 4797 * Pick the first link-local AF_INET6 address from the list, 4798 * aliases don't make any sense on a p2p link anyway. 4799 */ 4800 si = 0; 4801 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4802 if (ifa->ifa_addr->sa_family == AF_INET6) { 4803 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4804 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4805 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4806 break; 4807 } 4808 if (ifa) { 4809 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 4810 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 4811 if (srcmask) { 4812 bcopy(&sm->sin6_addr, srcmask, 4813 sizeof(*srcmask)); 4814 } 4815 } 4816 4817 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 4818 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 4819 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 4820 } 4821 4822 if (dst) 4823 bcopy(&ddst, dst, sizeof(*dst)); 4824 if (src) 4825 bcopy(&ssrc, src, sizeof(*src)); 4826 } 4827 4828 #ifdef IPV6CP_MYIFID_DYN 4829 /* 4830 * Generate random ifid. 4831 */ 4832 static void 4833 sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 4834 { 4835 /* TBD */ 4836 } 4837 4838 /* 4839 * Set my IPv6 address. Must be called at splnet. 4840 */ 4841 static void 4842 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 4843 { 4844 STDDCL; 4845 struct ifaddr *ifa; 4846 struct sockaddr_in6 *sin6; 4847 4848 /* 4849 * Pick the first link-local AF_INET6 address from the list, 4850 * aliases don't make any sense on a p2p link anyway. 4851 */ 4852 4853 sin6 = NULL; 4854 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4855 { 4856 if (ifa->ifa_addr->sa_family == AF_INET6) 4857 { 4858 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 4859 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 4860 break; 4861 } 4862 } 4863 4864 if (ifa && sin6) 4865 { 4866 int error; 4867 struct sockaddr_in6 new_sin6 = *sin6; 4868 4869 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 4870 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 4871 if (debug && error) 4872 { 4873 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 4874 " failed, error=%d\n", SPP_ARGS(ifp), error); 4875 } 4876 } 4877 } 4878 #endif 4879 4880 /* 4881 * Suggest a candidate address to be used by peer. 4882 */ 4883 static void 4884 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 4885 { 4886 struct in6_addr myaddr; 4887 struct timeval tv; 4888 4889 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 4890 4891 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 4892 microtime(&tv); 4893 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 4894 myaddr.s6_addr[14] ^= 0xff; 4895 myaddr.s6_addr[15] ^= 0xff; 4896 } else { 4897 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 4898 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 4899 } 4900 if (suggest) 4901 bcopy(&myaddr, suggest, sizeof(myaddr)); 4902 } 4903 #endif /*INET6*/ 4904 4905 /* 4906 * Process ioctl requests specific to the PPP interface. 4907 * Permissions have already been checked. 4908 */ 4909 static int 4910 sppp_params(struct sppp *sp, int cmd, void *data) 4911 { 4912 switch (cmd) { 4913 case SPPPGETAUTHCFG: 4914 { 4915 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 4916 int error; 4917 size_t len; 4918 4919 cfg->myauthflags = sp->myauth.flags; 4920 cfg->hisauthflags = sp->hisauth.flags; 4921 strncpy(cfg->ifname, sp->pp_if.if_xname, IFNAMSIZ); 4922 cfg->hisauth = 0; 4923 if (sp->hisauth.proto) 4924 cfg->hisauth = (sp->hisauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP; 4925 cfg->myauth = 0; 4926 if (sp->myauth.proto) 4927 cfg->myauth = (sp->myauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP; 4928 if (cfg->myname_length == 0) { 4929 if (sp->myauth.name != NULL) 4930 cfg->myname_length = strlen(sp->myauth.name)+1; 4931 } else { 4932 if (sp->myauth.name == NULL) { 4933 cfg->myname_length = 0; 4934 } else { 4935 len = strlen(sp->myauth.name)+1; 4936 if (cfg->myname_length < len) 4937 return (ENAMETOOLONG); 4938 error = copyout(sp->myauth.name, cfg->myname, len); 4939 if (error) return error; 4940 } 4941 } 4942 if (cfg->hisname_length == 0) { 4943 if(sp->hisauth.name != NULL) 4944 cfg->hisname_length = strlen(sp->hisauth.name)+1; 4945 } else { 4946 if (sp->hisauth.name == NULL) { 4947 cfg->hisname_length = 0; 4948 } else { 4949 len = strlen(sp->hisauth.name)+1; 4950 if (cfg->hisname_length < len) 4951 return (ENAMETOOLONG); 4952 error = copyout(sp->hisauth.name, cfg->hisname, len); 4953 if (error) return error; 4954 } 4955 } 4956 } 4957 break; 4958 case SPPPSETAUTHCFG: 4959 { 4960 struct spppauthcfg *cfg = (struct spppauthcfg*)data; 4961 int error; 4962 4963 if (sp->myauth.name) { 4964 free(sp->myauth.name, M_DEVBUF); 4965 sp->myauth.name = NULL; 4966 } 4967 if (sp->myauth.secret) { 4968 free(sp->myauth.secret, M_DEVBUF); 4969 sp->myauth.secret = NULL; 4970 } 4971 if (sp->hisauth.name) { 4972 free(sp->hisauth.name, M_DEVBUF); 4973 sp->hisauth.name = NULL; 4974 } 4975 if (sp->hisauth.secret) { 4976 free(sp->hisauth.secret, M_DEVBUF); 4977 sp->hisauth.secret = NULL; 4978 } 4979 4980 if (cfg->hisname != NULL && cfg->hisname_length > 0) { 4981 if (cfg->hisname_length >= MCLBYTES) 4982 return (ENAMETOOLONG); 4983 sp->hisauth.name = malloc(cfg->hisname_length, M_DEVBUF, M_WAITOK); 4984 error = copyin(cfg->hisname, sp->hisauth.name, cfg->hisname_length); 4985 if (error) { 4986 free(sp->hisauth.name, M_DEVBUF); 4987 sp->hisauth.name = NULL; 4988 return error; 4989 } 4990 sp->hisauth.name[cfg->hisname_length-1] = 0; 4991 } 4992 if (cfg->hissecret != NULL && cfg->hissecret_length > 0) { 4993 if (cfg->hissecret_length >= MCLBYTES) 4994 return (ENAMETOOLONG); 4995 sp->hisauth.secret = malloc(cfg->hissecret_length, M_DEVBUF, M_WAITOK); 4996 error = copyin(cfg->hissecret, sp->hisauth.secret, cfg->hissecret_length); 4997 if (error) { 4998 free(sp->hisauth.secret, M_DEVBUF); 4999 sp->hisauth.secret = NULL; 5000 return error; 5001 } 5002 sp->hisauth.secret[cfg->hissecret_length-1] = 0; 5003 } 5004 if (cfg->myname != NULL && cfg->myname_length > 0) { 5005 if (cfg->myname_length >= MCLBYTES) 5006 return (ENAMETOOLONG); 5007 sp->myauth.name = malloc(cfg->myname_length, M_DEVBUF, M_WAITOK); 5008 error = copyin(cfg->myname, sp->myauth.name, cfg->myname_length); 5009 if (error) { 5010 free(sp->myauth.name, M_DEVBUF); 5011 sp->myauth.name = NULL; 5012 return error; 5013 } 5014 sp->myauth.name[cfg->myname_length-1] = 0; 5015 } 5016 if (cfg->mysecret != NULL && cfg->mysecret_length > 0) { 5017 if (cfg->mysecret_length >= MCLBYTES) 5018 return (ENAMETOOLONG); 5019 sp->myauth.secret = malloc(cfg->mysecret_length, M_DEVBUF, M_WAITOK); 5020 error = copyin(cfg->mysecret, sp->myauth.secret, cfg->mysecret_length); 5021 if (error) { 5022 free(sp->myauth.secret, M_DEVBUF); 5023 sp->myauth.secret = NULL; 5024 return error; 5025 } 5026 sp->myauth.secret[cfg->mysecret_length-1] = 0; 5027 } 5028 sp->myauth.flags = cfg->myauthflags; 5029 if (cfg->myauth) 5030 sp->myauth.proto = (cfg->myauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP; 5031 sp->hisauth.flags = cfg->hisauthflags; 5032 if (cfg->hisauth) 5033 sp->hisauth.proto = (cfg->hisauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP; 5034 sp->pp_auth_failures = 0; 5035 } 5036 break; 5037 case SPPPGETLCPCFG: 5038 { 5039 struct sppplcpcfg *lcp = (struct sppplcpcfg *)data; 5040 lcp->lcp_timeout = sp->lcp.timeout; 5041 } 5042 break; 5043 case SPPPSETLCPCFG: 5044 { 5045 struct sppplcpcfg *lcp = (struct sppplcpcfg *)data; 5046 sp->lcp.timeout = lcp->lcp_timeout; 5047 } 5048 break; 5049 case SPPPGETSTATUS: 5050 { 5051 struct spppstatus *status = (struct spppstatus *)data; 5052 status->phase = sp->pp_phase; 5053 } 5054 break; 5055 case SPPPGETIDLETO: 5056 { 5057 struct spppidletimeout *to = (struct spppidletimeout *)data; 5058 to->idle_seconds = sp->pp_idle_timeout; 5059 } 5060 break; 5061 case SPPPSETIDLETO: 5062 { 5063 struct spppidletimeout *to = (struct spppidletimeout *)data; 5064 sp->pp_idle_timeout = to->idle_seconds; 5065 } 5066 break; 5067 case SPPPSETAUTHFAILURE: 5068 { 5069 struct spppauthfailuresettings *afsettings = (struct spppauthfailuresettings *)data; 5070 sp->pp_max_auth_fail = afsettings->max_failures; 5071 sp->pp_auth_failures = 0; 5072 } 5073 break; 5074 case SPPPGETAUTHFAILURES: 5075 { 5076 struct spppauthfailurestats *stats = (struct spppauthfailurestats *)data; 5077 stats->auth_failures = sp->pp_auth_failures; 5078 stats->max_failures = sp->pp_max_auth_fail; 5079 } 5080 break; 5081 default: 5082 return (EINVAL); 5083 } 5084 5085 return (0); 5086 } 5087 5088 static void 5089 sppp_phase_network(struct sppp *sp) 5090 { 5091 STDDCL; 5092 int i; 5093 u_int32_t mask; 5094 5095 sp->pp_phase = SPPP_PHASE_NETWORK; 5096 5097 if(debug) 5098 { 5099 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 5100 sppp_phase_name(sp->pp_phase)); 5101 } 5102 5103 /* Notify NCPs now. */ 5104 for (i = 0; i < IDX_COUNT; i++) 5105 if ((cps[i])->flags & CP_NCP) 5106 (cps[i])->Open(sp); 5107 5108 /* Send Up events to all NCPs. */ 5109 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5110 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5111 (cps[i])->Up(sp); 5112 5113 /* if no NCP is starting, all this was in vain, close down */ 5114 sppp_lcp_check_and_close(sp); 5115 } 5116 5117 5118 static const char * 5119 sppp_cp_type_name(u_char type) 5120 { 5121 static char buf[12]; 5122 switch (type) { 5123 case CONF_REQ: return "conf-req"; 5124 case CONF_ACK: return "conf-ack"; 5125 case CONF_NAK: return "conf-nak"; 5126 case CONF_REJ: return "conf-rej"; 5127 case TERM_REQ: return "term-req"; 5128 case TERM_ACK: return "term-ack"; 5129 case CODE_REJ: return "code-rej"; 5130 case PROTO_REJ: return "proto-rej"; 5131 case ECHO_REQ: return "echo-req"; 5132 case ECHO_REPLY: return "echo-reply"; 5133 case DISC_REQ: return "discard-req"; 5134 } 5135 sprintf (buf, "0x%x", type); 5136 return buf; 5137 } 5138 5139 static const char * 5140 sppp_auth_type_name(u_short proto, u_char type) 5141 { 5142 static char buf[12]; 5143 switch (proto) { 5144 case PPP_CHAP: 5145 switch (type) { 5146 case CHAP_CHALLENGE: return "challenge"; 5147 case CHAP_RESPONSE: return "response"; 5148 case CHAP_SUCCESS: return "success"; 5149 case CHAP_FAILURE: return "failure"; 5150 } 5151 case PPP_PAP: 5152 switch (type) { 5153 case PAP_REQ: return "req"; 5154 case PAP_ACK: return "ack"; 5155 case PAP_NAK: return "nak"; 5156 } 5157 } 5158 sprintf (buf, "0x%x", type); 5159 return buf; 5160 } 5161 5162 static const char * 5163 sppp_lcp_opt_name(u_char opt) 5164 { 5165 static char buf[12]; 5166 switch (opt) { 5167 case LCP_OPT_MRU: return "mru"; 5168 case LCP_OPT_ASYNC_MAP: return "async-map"; 5169 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5170 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5171 case LCP_OPT_MAGIC: return "magic"; 5172 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5173 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5174 } 5175 sprintf (buf, "0x%x", opt); 5176 return buf; 5177 } 5178 5179 static const char * 5180 sppp_ipcp_opt_name(u_char opt) 5181 { 5182 static char buf[12]; 5183 switch (opt) { 5184 case IPCP_OPT_ADDRESSES: return "addresses"; 5185 case IPCP_OPT_COMPRESSION: return "compression"; 5186 case IPCP_OPT_ADDRESS: return "address"; 5187 } 5188 sprintf (buf, "0x%x", opt); 5189 return buf; 5190 } 5191 5192 #ifdef INET6 5193 static const char * 5194 sppp_ipv6cp_opt_name(u_char opt) 5195 { 5196 static char buf[12]; 5197 switch (opt) { 5198 case IPV6CP_OPT_IFID: return "ifid"; 5199 case IPV6CP_OPT_COMPRESSION: return "compression"; 5200 } 5201 sprintf (buf, "0x%x", opt); 5202 return buf; 5203 } 5204 #endif 5205 5206 static const char * 5207 sppp_state_name(int state) 5208 { 5209 switch (state) { 5210 case STATE_INITIAL: return "initial"; 5211 case STATE_STARTING: return "starting"; 5212 case STATE_CLOSED: return "closed"; 5213 case STATE_STOPPED: return "stopped"; 5214 case STATE_CLOSING: return "closing"; 5215 case STATE_STOPPING: return "stopping"; 5216 case STATE_REQ_SENT: return "req-sent"; 5217 case STATE_ACK_RCVD: return "ack-rcvd"; 5218 case STATE_ACK_SENT: return "ack-sent"; 5219 case STATE_OPENED: return "opened"; 5220 } 5221 return "illegal"; 5222 } 5223 5224 static const char * 5225 sppp_phase_name(int phase) 5226 { 5227 switch (phase) { 5228 case SPPP_PHASE_DEAD: return "dead"; 5229 case SPPP_PHASE_ESTABLISH: return "establish"; 5230 case SPPP_PHASE_TERMINATE: return "terminate"; 5231 case SPPP_PHASE_AUTHENTICATE: return "authenticate"; 5232 case SPPP_PHASE_NETWORK: return "network"; 5233 } 5234 return "illegal"; 5235 } 5236 5237 static const char * 5238 sppp_proto_name(u_short proto) 5239 { 5240 static char buf[12]; 5241 switch (proto) { 5242 case PPP_LCP: return "lcp"; 5243 case PPP_IPCP: return "ipcp"; 5244 case PPP_PAP: return "pap"; 5245 case PPP_CHAP: return "chap"; 5246 case PPP_IPV6CP: return "ipv6cp"; 5247 } 5248 sprintf(buf, "0x%x", (unsigned)proto); 5249 return buf; 5250 } 5251 5252 static void 5253 sppp_print_bytes(const u_char *p, u_short len) 5254 { 5255 addlog(" %02x", *p++); 5256 while (--len > 0) 5257 addlog("-%02x", *p++); 5258 } 5259 5260 static void 5261 sppp_print_string(const char *p, u_short len) 5262 { 5263 u_char c; 5264 5265 while (len-- > 0) { 5266 c = *p++; 5267 /* 5268 * Print only ASCII chars directly. RFC 1994 recommends 5269 * using only them, but we don't rely on it. */ 5270 if (c < ' ' || c > '~') 5271 addlog("\\x%x", c); 5272 else 5273 addlog("%c", c); 5274 } 5275 } 5276 5277 static const char * 5278 sppp_dotted_quad(u_int32_t addr) 5279 { 5280 static char s[16]; 5281 sprintf(s, "%d.%d.%d.%d", 5282 (int)((addr >> 24) & 0xff), 5283 (int)((addr >> 16) & 0xff), 5284 (int)((addr >> 8) & 0xff), 5285 (int)(addr & 0xff)); 5286 return s; 5287 } 5288 5289 /* a dummy, used to drop uninteresting events */ 5290 static void 5291 sppp_null(struct sppp *unused) 5292 { 5293 /* do just nothing */ 5294 } 5295 /* 5296 * This file is large. Tell emacs to highlight it nevertheless. 5297 * 5298 * Local Variables: 5299 * hilit-auto-highlight-maxout: 120000 5300 * End: 5301 */ 5302
Indexes created Thu Oct 16 14:10:15 GMT 2025