if_spppsubr.c revision 1.200
1 /* $NetBSD: if_spppsubr.c,v 1.200 2020/11/25 09:41:20 yamaguchi Exp $ */ 2 3 /* 4 * Synchronous PPP/Cisco link level subroutines. 5 * Keepalive protocol implemented in both Cisco and PPP modes. 6 * 7 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 8 * Author: Serge Vakulenko, <vak (at) cronyx.ru> 9 * 10 * Heavily revamped to conform to RFC 1661. 11 * Copyright (C) 1997, Joerg Wunsch. 12 * 13 * RFC2472 IPv6CP support. 14 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun (at) iijlab.net>. 15 * 16 * Redistribution and use in source and binary forms, with or without 17 * modification, are permitted provided that the following conditions are met: 18 * 1. Redistributions of source code must retain the above copyright notice, 19 * this list of conditions and the following disclaimer. 20 * 2. Redistributions in binary form must reproduce the above copyright notice, 21 * this list of conditions and the following disclaimer in the documentation 22 * and/or other materials provided with the distribution. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY 25 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE 28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 32 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 34 * POSSIBILITY OF SUCH DAMAGE. 35 * 36 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 37 * 38 * From: if_spppsubr.c,v 1.39 1998/04/04 13:26:03 phk Exp 39 * 40 * From: Id: if_spppsubr.c,v 1.23 1999/02/23 14:47:50 hm Exp 41 */ 42 43 #include <sys/cdefs.h> 44 __KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.200 2020/11/25 09:41:20 yamaguchi Exp $"); 45 46 #if defined(_KERNEL_OPT) 47 #include "opt_inet.h" 48 #include "opt_modular.h" 49 #include "opt_compat_netbsd.h" 50 #include "opt_net_mpsafe.h" 51 #endif 52 53 54 #include <sys/param.h> 55 #include <sys/proc.h> 56 #include <sys/systm.h> 57 #include <sys/kernel.h> 58 #include <sys/sockio.h> 59 #include <sys/socket.h> 60 #include <sys/syslog.h> 61 #include <sys/malloc.h> 62 #include <sys/mbuf.h> 63 #include <sys/callout.h> 64 #include <sys/md5.h> 65 #include <sys/inttypes.h> 66 #include <sys/kauth.h> 67 #include <sys/cprng.h> 68 #include <sys/module.h> 69 #include <sys/workqueue.h> 70 #include <sys/atomic.h> 71 #include <sys/compat_stub.h> 72 73 #include <net/if.h> 74 #include <net/netisr.h> 75 #include <net/if_types.h> 76 #include <net/route.h> 77 #include <net/ppp_defs.h> 78 79 #include <netinet/in.h> 80 #include <netinet/in_systm.h> 81 #include <netinet/in_var.h> 82 #ifdef INET 83 #include <netinet/ip.h> 84 #include <netinet/tcp.h> 85 #endif 86 #include <net/ethertypes.h> 87 88 #ifdef INET6 89 #include <netinet6/scope6_var.h> 90 #endif 91 92 #include <net/if_sppp.h> 93 #include <net/if_spppvar.h> 94 95 #ifdef NET_MPSAFE 96 #define SPPPSUBR_MPSAFE 1 97 #endif 98 99 #define LCP_KEEPALIVE_INTERVAL 10 /* seconds between checks */ 100 #define LOOPALIVECNT 3 /* loopback detection tries */ 101 #define DEFAULT_MAXALIVECNT 3 /* max. missed alive packets */ 102 #define DEFAULT_NORECV_TIME 15 /* before we get worried */ 103 #define DEFAULT_MAX_AUTH_FAILURES 5 /* max. auth. failures */ 104 105 /* 106 * Interface flags that can be set in an ifconfig command. 107 * 108 * Setting link0 will make the link passive, i.e. it will be marked 109 * as being administrative openable, but won't be opened to begin 110 * with. Incoming calls will be answered, or subsequent calls with 111 * -link1 will cause the administrative open of the LCP layer. 112 * 113 * Setting link1 will cause the link to auto-dial only as packets 114 * arrive to be sent. 115 * 116 * Setting IFF_DEBUG will syslog the option negotiation and state 117 * transitions at level kern.debug. Note: all logs consistently look 118 * like 119 * 120 * <if-name><unit>: <proto-name> <additional info...> 121 * 122 * with <if-name><unit> being something like "bppp0", and <proto-name> 123 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 124 */ 125 126 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 127 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 128 129 #define CONF_REQ 1 /* PPP configure request */ 130 #define CONF_ACK 2 /* PPP configure acknowledge */ 131 #define CONF_NAK 3 /* PPP configure negative ack */ 132 #define CONF_REJ 4 /* PPP configure reject */ 133 #define TERM_REQ 5 /* PPP terminate request */ 134 #define TERM_ACK 6 /* PPP terminate acknowledge */ 135 #define CODE_REJ 7 /* PPP code reject */ 136 #define PROTO_REJ 8 /* PPP protocol reject */ 137 #define ECHO_REQ 9 /* PPP echo request */ 138 #define ECHO_REPLY 10 /* PPP echo reply */ 139 #define DISC_REQ 11 /* PPP discard request */ 140 141 #define LCP_OPT_MRU 1 /* maximum receive unit */ 142 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 143 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 144 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 145 #define LCP_OPT_MAGIC 5 /* magic number */ 146 #define LCP_OPT_RESERVED 6 /* reserved */ 147 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 148 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 149 #define LCP_OPT_FCS_ALTS 9 /* FCS alternatives */ 150 #define LCP_OPT_SELF_DESC_PAD 10 /* self-describing padding */ 151 #define LCP_OPT_CALL_BACK 13 /* callback */ 152 #define LCP_OPT_COMPOUND_FRMS 15 /* compound frames */ 153 #define LCP_OPT_MP_MRRU 17 /* multilink MRRU */ 154 #define LCP_OPT_MP_SSNHF 18 /* multilink short seq. numbers */ 155 #define LCP_OPT_MP_EID 19 /* multilink endpoint discriminator */ 156 157 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 158 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol */ 159 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 160 #define IPCP_OPT_PRIMDNS 129 /* primary remote dns address */ 161 #define IPCP_OPT_SECDNS 131 /* secondary remote dns address */ 162 163 #define IPCP_UPDATE_LIMIT 8 /* limit of pending IP updating job */ 164 #define IPCP_SET_ADDRS 1 /* marker for IP address setting job */ 165 #define IPCP_CLEAR_ADDRS 2 /* marker for IP address clearing job */ 166 167 #define IPV6CP_OPT_IFID 1 /* interface identifier */ 168 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 169 170 #define PAP_REQ 1 /* PAP name/password request */ 171 #define PAP_ACK 2 /* PAP acknowledge */ 172 #define PAP_NAK 3 /* PAP fail */ 173 174 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 175 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 176 #define CHAP_SUCCESS 3 /* CHAP response ok */ 177 #define CHAP_FAILURE 4 /* CHAP response failed */ 178 179 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 180 181 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 182 #define CISCO_UNICAST 0x0f /* Cisco unicast address */ 183 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 184 #define CISCO_ADDR_REQ 0 /* Cisco address request */ 185 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 186 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 187 188 /* states are named and numbered according to RFC 1661 */ 189 #define STATE_INITIAL 0 190 #define STATE_STARTING 1 191 #define STATE_CLOSED 2 192 #define STATE_STOPPED 3 193 #define STATE_CLOSING 4 194 #define STATE_STOPPING 5 195 #define STATE_REQ_SENT 6 196 #define STATE_ACK_RCVD 7 197 #define STATE_ACK_SENT 8 198 #define STATE_OPENED 9 199 200 struct ppp_header { 201 uint8_t address; 202 uint8_t control; 203 uint16_t protocol; 204 } __packed; 205 #define PPP_HEADER_LEN sizeof (struct ppp_header) 206 207 struct lcp_header { 208 uint8_t type; 209 uint8_t ident; 210 uint16_t len; 211 } __packed; 212 #define LCP_HEADER_LEN sizeof (struct lcp_header) 213 214 struct cisco_packet { 215 uint32_t type; 216 uint32_t par1; 217 uint32_t par2; 218 uint16_t rel; 219 uint16_t time0; 220 uint16_t time1; 221 } __packed; 222 #define CISCO_PACKET_LEN 18 223 224 /* 225 * We follow the spelling and capitalization of RFC 1661 here, to make 226 * it easier comparing with the standard. Please refer to this RFC in 227 * case you can't make sense out of these abbreviation; it will also 228 * explain the semantics related to the various events and actions. 229 */ 230 struct cp { 231 u_short proto; /* PPP control protocol number */ 232 u_char protoidx; /* index into state table in struct sppp */ 233 u_char flags; 234 #define CP_LCP 0x01 /* this is the LCP */ 235 #define CP_AUTH 0x02 /* this is an authentication protocol */ 236 #define CP_NCP 0x04 /* this is a NCP */ 237 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 238 const char *name; /* name of this control protocol */ 239 /* event handlers */ 240 void (*Up)(struct sppp *, void *); 241 void (*Down)(struct sppp *, void *); 242 void (*Open)(struct sppp *, void *); 243 void (*Close)(struct sppp *, void *); 244 void (*TO)(struct sppp *, void *); 245 int (*RCR)(struct sppp *, struct lcp_header *, int); 246 void (*RCN_rej)(struct sppp *, struct lcp_header *, int); 247 void (*RCN_nak)(struct sppp *, struct lcp_header *, int); 248 /* actions */ 249 void (*tlu)(struct sppp *sp); 250 void (*tld)(struct sppp *sp); 251 void (*tls)(struct sppp *sp); 252 void (*tlf)(struct sppp *sp); 253 void (*scr)(struct sppp *sp); 254 void (*scan)(const struct cp *, struct sppp *); 255 }; 256 257 static struct sppp *spppq; 258 static kmutex_t *spppq_lock = NULL; 259 static callout_t keepalive_ch; 260 261 #define SPPPQ_LOCK() if (spppq_lock) \ 262 mutex_enter(spppq_lock); 263 #define SPPPQ_UNLOCK() if (spppq_lock) \ 264 mutex_exit(spppq_lock); 265 266 #define SPPP_LOCK(_sp, _op) rw_enter(&(_sp)->pp_lock, (_op)) 267 #define SPPP_UNLOCK(_sp) rw_exit(&(_sp)->pp_lock) 268 #define SPPP_WLOCKED(_sp) rw_write_held(&(_sp)->pp_lock) 269 #define SPPP_UPGRADE(_sp) do{ \ 270 SPPP_UNLOCK(_sp); \ 271 SPPP_LOCK(_sp, RW_WRITER); \ 272 }while (0) 273 #define SPPP_DOWNGRADE(_sp) rw_downgrade(&(_sp)->pp_lock) 274 #define SPPP_WQ_SET(_wk, _func, _arg) \ 275 sppp_wq_set((_wk), (_func), __UNCONST((_arg))) 276 277 #ifdef INET 278 #ifndef SPPPSUBR_MPSAFE 279 /* 280 * The following disgusting hack gets around the problem that IP TOS 281 * can't be set yet. We want to put "interactive" traffic on a high 282 * priority queue. To decide if traffic is interactive, we check that 283 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 284 * 285 * XXX is this really still necessary? - joerg - 286 */ 287 static u_short interactive_ports[8] = { 288 0, 513, 0, 0, 289 0, 21, 0, 23, 290 }; 291 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 292 #endif /* SPPPSUBR_MPSAFE */ 293 #endif 294 295 /* almost every function needs these */ 296 #define STDDCL \ 297 struct ifnet *ifp = &sp->pp_if; \ 298 int debug = ifp->if_flags & IFF_DEBUG 299 300 static int sppp_output(struct ifnet *, struct mbuf *, 301 const struct sockaddr *, const struct rtentry *); 302 303 static void sppp_cisco_send(struct sppp *, int, int32_t, int32_t); 304 static void sppp_cisco_input(struct sppp *, struct mbuf *); 305 306 static void sppp_cp_init(const struct cp *, struct sppp *); 307 static void sppp_cp_fini(const struct cp *, struct sppp *); 308 static void sppp_cp_input(const struct cp *, struct sppp *, 309 struct mbuf *); 310 static void sppp_cp_input(const struct cp *, struct sppp *, 311 struct mbuf *); 312 static void sppp_cp_send(struct sppp *, u_short, u_char, 313 u_char, u_short, void *); 314 /* static void sppp_cp_timeout(void *arg); */ 315 static void sppp_cp_change_state(const struct cp *, struct sppp *, int); 316 static struct workqueue * 317 sppp_wq_create(struct sppp *, const char *, pri_t, int, int); 318 static void sppp_wq_destroy(struct sppp *, struct workqueue *); 319 static void sppp_wq_set(struct sppp_work *, 320 void (*)(struct sppp *, void *), void *); 321 static void sppp_wq_add(struct workqueue *, struct sppp_work *); 322 static void sppp_wq_wait(struct workqueue *, struct sppp_work *); 323 static void sppp_cp_to_lcp(void *); 324 static void sppp_cp_to_ipcp(void *); 325 static void sppp_cp_to_ipv6cp(void *); 326 static void sppp_auth_send(const struct cp *, struct sppp *, 327 unsigned int, unsigned int, ...); 328 329 static void sppp_up_event(struct sppp *, void *); 330 static void sppp_down_event(struct sppp *, void *); 331 static void sppp_open_event(struct sppp *, void *); 332 static void sppp_close_event(struct sppp *, void *); 333 static void sppp_to_event(struct sppp *, void *); 334 static void sppp_rcr_event(struct sppp *, void *); 335 static void sppp_rca_event(struct sppp *, void *); 336 static void sppp_rcn_event(struct sppp *, void *); 337 static void sppp_rtr_event(struct sppp *, void *); 338 static void sppp_rta_event(struct sppp *, void *); 339 static void sppp_rxj_event(struct sppp *, void *); 340 static void sppp_null_event(struct sppp *, void *); 341 342 static void sppp_null(struct sppp *); 343 static void sppp_sca_scn(const struct cp *, struct sppp *); 344 static void sppp_ifdown(struct sppp *, void *); 345 346 static void sppp_lcp_init(struct sppp *); 347 static void sppp_lcp_up(struct sppp *, void *); 348 static void sppp_lcp_down(struct sppp *, void *); 349 static void sppp_lcp_open(struct sppp *, void *); 350 static void sppp_lcp_close(struct sppp *, void *); 351 static void sppp_lcp_TO(struct sppp *, void *); 352 static int sppp_lcp_RCR(struct sppp *, struct lcp_header *, int); 353 static void sppp_lcp_RCN_rej(struct sppp *, struct lcp_header *, int); 354 static void sppp_lcp_RCN_nak(struct sppp *, struct lcp_header *, int); 355 static void sppp_lcp_tlu(struct sppp *); 356 static void sppp_lcp_tld(struct sppp *); 357 static void sppp_lcp_tls(struct sppp *); 358 static void sppp_lcp_tlf(struct sppp *); 359 static void sppp_lcp_scr(struct sppp *); 360 static void sppp_lcp_check_and_close(struct sppp *); 361 static int sppp_ncp_check(struct sppp *); 362 363 static void sppp_ipcp_init(struct sppp *); 364 static void sppp_ipcp_up(struct sppp *, void *); 365 static void sppp_ipcp_down(struct sppp *, void *); 366 static void sppp_ipcp_open(struct sppp *, void *); 367 static void sppp_ipcp_close(struct sppp *, void *); 368 static void sppp_ipcp_TO(struct sppp *, void *); 369 static int sppp_ipcp_RCR(struct sppp *, struct lcp_header *, int); 370 static void sppp_ipcp_RCN_rej(struct sppp *, struct lcp_header *, int); 371 static void sppp_ipcp_RCN_nak(struct sppp *, struct lcp_header *, int); 372 static void sppp_ipcp_tlu(struct sppp *); 373 static void sppp_ipcp_tld(struct sppp *); 374 static void sppp_ipcp_tls(struct sppp *); 375 static void sppp_ipcp_tlf(struct sppp *); 376 static void sppp_ipcp_scr(struct sppp *); 377 378 static void sppp_ipv6cp_init(struct sppp *); 379 static void sppp_ipv6cp_up(struct sppp *, void *); 380 static void sppp_ipv6cp_down(struct sppp *, void *); 381 static void sppp_ipv6cp_open(struct sppp *, void *); 382 static void sppp_ipv6cp_close(struct sppp *, void *); 383 static void sppp_ipv6cp_TO(struct sppp *, void *); 384 static int sppp_ipv6cp_RCR(struct sppp *, struct lcp_header *, int); 385 static void sppp_ipv6cp_RCN_rej(struct sppp *, struct lcp_header *, int); 386 static void sppp_ipv6cp_RCN_nak(struct sppp *, struct lcp_header *, int); 387 static void sppp_ipv6cp_tlu(struct sppp *); 388 static void sppp_ipv6cp_tld(struct sppp *); 389 static void sppp_ipv6cp_tls(struct sppp *); 390 static void sppp_ipv6cp_tlf(struct sppp *); 391 static void sppp_ipv6cp_scr(struct sppp *); 392 393 static void sppp_pap_input(struct sppp *, struct mbuf *); 394 static void sppp_pap_init(struct sppp *); 395 static void sppp_pap_open(struct sppp *, void *); 396 static void sppp_pap_close(struct sppp *, void *); 397 static void sppp_pap_TO(void *); 398 static void sppp_pap_my_TO(void *); 399 static void sppp_pap_tlu(struct sppp *); 400 static void sppp_pap_tld(struct sppp *); 401 static void sppp_pap_scr(struct sppp *); 402 403 static void sppp_chap_input(struct sppp *, struct mbuf *); 404 static void sppp_chap_init(struct sppp *); 405 static void sppp_chap_open(struct sppp *, void *); 406 static void sppp_chap_close(struct sppp *, void *); 407 static void sppp_chap_TO(void *); 408 static void sppp_chap_tlu(struct sppp *); 409 static void sppp_chap_tld(struct sppp *); 410 static void sppp_chap_scr(struct sppp *); 411 412 static const char *sppp_auth_type_name(u_short, u_char); 413 static const char *sppp_cp_type_name(u_char); 414 static const char *sppp_dotted_quad(uint32_t); 415 static const char *sppp_ipcp_opt_name(u_char); 416 #ifdef INET6 417 static const char *sppp_ipv6cp_opt_name(u_char); 418 #endif 419 static const char *sppp_lcp_opt_name(u_char); 420 static const char *sppp_phase_name(int); 421 static const char *sppp_proto_name(u_short); 422 static const char *sppp_state_name(int); 423 static int sppp_params(struct sppp *, u_long, void *); 424 #ifdef INET 425 static void sppp_get_ip_addrs(struct sppp *, uint32_t *, uint32_t *, uint32_t *); 426 static void sppp_set_ip_addrs_work(struct work *, struct sppp *); 427 static void sppp_set_ip_addrs(struct sppp *); 428 static void sppp_clear_ip_addrs_work(struct work *, struct sppp *); 429 static void sppp_clear_ip_addrs(struct sppp *); 430 static void sppp_update_ip_addrs_work(struct work *, void *); 431 #endif 432 static void sppp_keepalive(void *); 433 static void sppp_phase_network(struct sppp *); 434 static void sppp_print_bytes(const u_char *, u_short); 435 static void sppp_print_string(const char *, u_short); 436 #ifdef INET6 437 static void sppp_get_ip6_addrs(struct sppp *, struct in6_addr *, 438 struct in6_addr *, struct in6_addr *); 439 #ifdef IPV6CP_MYIFID_DYN 440 static void sppp_set_ip6_addr(struct sppp *, const struct in6_addr *); 441 static void sppp_gen_ip6_addr(struct sppp *, const struct in6_addr *); 442 #endif 443 static void sppp_suggest_ip6_addr(struct sppp *, struct in6_addr *); 444 #endif 445 446 static void sppp_notify_up(struct sppp *); 447 static void sppp_notify_down(struct sppp *); 448 static void sppp_notify_tls_wlocked(struct sppp *); 449 static void sppp_notify_tlf_wlocked(struct sppp *); 450 #ifdef INET6 451 static void sppp_notify_con_wlocked(struct sppp *); 452 #endif 453 static void sppp_notify_con(struct sppp *); 454 455 static void sppp_notify_chg_wlocked(struct sppp *); 456 457 458 /* our control protocol descriptors */ 459 static const struct cp lcp = { 460 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 461 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 462 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 463 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 464 sppp_lcp_scr, sppp_sca_scn 465 }; 466 467 static const struct cp ipcp = { 468 PPP_IPCP, IDX_IPCP, 469 #ifdef INET 470 CP_NCP, /*don't run IPCP if there's no IPv4 support*/ 471 #else 472 0, 473 #endif 474 "ipcp", 475 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 476 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 477 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 478 sppp_ipcp_scr, sppp_sca_scn 479 }; 480 481 static const struct cp ipv6cp = { 482 PPP_IPV6CP, IDX_IPV6CP, 483 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 484 CP_NCP, 485 #else 486 0, 487 #endif 488 "ipv6cp", 489 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 490 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 491 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 492 sppp_ipv6cp_scr, sppp_sca_scn 493 }; 494 495 static const struct cp pap = { 496 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 497 sppp_null_event, sppp_null_event, sppp_pap_open, sppp_pap_close, 498 sppp_null_event, 0, 0, 0, 499 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 500 sppp_pap_scr, 0 501 }; 502 503 static const struct cp chap = { 504 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 505 sppp_null_event, sppp_null_event, sppp_chap_open, sppp_chap_close, 506 sppp_null_event, 0, 0, 0, 507 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 508 sppp_chap_scr, 0 509 }; 510 511 static const struct cp *cps[IDX_COUNT] = { 512 &lcp, /* IDX_LCP */ 513 &ipcp, /* IDX_IPCP */ 514 &ipv6cp, /* IDX_IPV6CP */ 515 &pap, /* IDX_PAP */ 516 &chap, /* IDX_CHAP */ 517 }; 518 519 static void 520 sppp_change_phase(struct sppp *sp, int phase) 521 { 522 STDDCL; 523 524 KASSERT(SPPP_WLOCKED(sp)); 525 526 if (sp->pp_phase == phase) 527 return; 528 529 sp->pp_phase = phase; 530 531 if (phase == SPPP_PHASE_NETWORK) 532 if_link_state_change(ifp, LINK_STATE_UP); 533 else 534 if_link_state_change(ifp, LINK_STATE_DOWN); 535 536 if (debug) 537 { 538 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 539 sppp_phase_name(sp->pp_phase)); 540 } 541 } 542 543 /* 544 * Exported functions, comprising our interface to the lower layer. 545 */ 546 547 /* 548 * Process the received packet. 549 */ 550 void 551 sppp_input(struct ifnet *ifp, struct mbuf *m) 552 { 553 struct ppp_header *h = NULL; 554 pktqueue_t *pktq = NULL; 555 struct ifqueue *inq = NULL; 556 uint16_t protocol; 557 struct sppp *sp = (struct sppp *)ifp; 558 int debug = ifp->if_flags & IFF_DEBUG; 559 int isr = 0; 560 561 SPPP_LOCK(sp, RW_READER); 562 563 if (ifp->if_flags & IFF_UP) { 564 /* Count received bytes, add hardware framing */ 565 if_statadd(ifp, if_ibytes, m->m_pkthdr.len + sp->pp_framebytes); 566 /* Note time of last receive */ 567 sp->pp_last_receive = time_uptime; 568 } 569 570 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 571 /* Too small packet, drop it. */ 572 if (debug) 573 log(LOG_DEBUG, 574 "%s: input packet is too small, %d bytes\n", 575 ifp->if_xname, m->m_pkthdr.len); 576 drop: 577 if_statadd2(ifp, if_ierrors, 1, if_iqdrops, 1); 578 m_freem(m); 579 SPPP_UNLOCK(sp); 580 return; 581 } 582 583 if (sp->pp_flags & PP_NOFRAMING) { 584 memcpy(&protocol, mtod(m, void *), 2); 585 protocol = ntohs(protocol); 586 m_adj(m, 2); 587 } else { 588 589 /* Get PPP header. */ 590 h = mtod(m, struct ppp_header *); 591 m_adj(m, PPP_HEADER_LEN); 592 593 switch (h->address) { 594 case PPP_ALLSTATIONS: 595 if (h->control != PPP_UI) 596 goto invalid; 597 if (sp->pp_flags & PP_CISCO) { 598 if (debug) 599 log(LOG_DEBUG, 600 "%s: PPP packet in Cisco mode " 601 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 602 ifp->if_xname, 603 h->address, h->control, ntohs(h->protocol)); 604 goto drop; 605 } 606 break; 607 case CISCO_MULTICAST: 608 case CISCO_UNICAST: 609 /* Don't check the control field here (RFC 1547). */ 610 if (! (sp->pp_flags & PP_CISCO)) { 611 if (debug) 612 log(LOG_DEBUG, 613 "%s: Cisco packet in PPP mode " 614 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 615 ifp->if_xname, 616 h->address, h->control, ntohs(h->protocol)); 617 goto drop; 618 } 619 switch (ntohs(h->protocol)) { 620 default: 621 if_statinc(ifp, if_noproto); 622 goto invalid; 623 case CISCO_KEEPALIVE: 624 SPPP_UNLOCK(sp); 625 sppp_cisco_input((struct sppp *) ifp, m); 626 m_freem(m); 627 return; 628 #ifdef INET 629 case ETHERTYPE_IP: 630 pktq = ip_pktq; 631 break; 632 #endif 633 #ifdef INET6 634 case ETHERTYPE_IPV6: 635 pktq = ip6_pktq; 636 break; 637 #endif 638 } 639 goto queue_pkt; 640 default: /* Invalid PPP packet. */ 641 invalid: 642 if (debug) 643 log(LOG_DEBUG, 644 "%s: invalid input packet " 645 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 646 ifp->if_xname, 647 h->address, h->control, ntohs(h->protocol)); 648 goto drop; 649 } 650 protocol = ntohs(h->protocol); 651 } 652 653 switch (protocol) { 654 default: 655 if (sp->scp[IDX_LCP].state == STATE_OPENED) { 656 uint16_t prot = htons(protocol); 657 658 SPPP_UPGRADE(sp); 659 sppp_cp_send(sp, PPP_LCP, PROTO_REJ, 660 ++sp->scp[IDX_LCP].seq, m->m_pkthdr.len + 2, 661 &prot); 662 SPPP_DOWNGRADE(sp); 663 } 664 if (debug) 665 log(LOG_DEBUG, 666 "%s: invalid input protocol " 667 "<proto=0x%x>\n", ifp->if_xname, ntohs(protocol)); 668 if_statinc(ifp, if_noproto); 669 goto drop; 670 case PPP_LCP: 671 SPPP_UNLOCK(sp); 672 sppp_cp_input(&lcp, sp, m); 673 m_freem(m); 674 return; 675 case PPP_PAP: 676 SPPP_UNLOCK(sp); 677 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 678 sppp_pap_input(sp, m); 679 } 680 m_freem(m); 681 return; 682 case PPP_CHAP: 683 SPPP_UNLOCK(sp); 684 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 685 sppp_chap_input(sp, m); 686 } 687 m_freem(m); 688 return; 689 #ifdef INET 690 case PPP_IPCP: 691 SPPP_UNLOCK(sp); 692 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 693 sppp_cp_input(&ipcp, sp, m); 694 } 695 m_freem(m); 696 return; 697 case PPP_IP: 698 if (sp->scp[IDX_IPCP].state == STATE_OPENED) { 699 sp->pp_last_activity = time_uptime; 700 pktq = ip_pktq; 701 } 702 break; 703 #endif 704 #ifdef INET6 705 case PPP_IPV6CP: 706 SPPP_UNLOCK(sp); 707 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 708 sppp_cp_input(&ipv6cp, sp, m); 709 } 710 m_freem(m); 711 return; 712 713 case PPP_IPV6: 714 if (sp->scp[IDX_IPV6CP].state == STATE_OPENED) { 715 sp->pp_last_activity = time_uptime; 716 pktq = ip6_pktq; 717 } 718 break; 719 #endif 720 } 721 722 queue_pkt: 723 if ((ifp->if_flags & IFF_UP) == 0 || (!inq && !pktq)) { 724 goto drop; 725 } 726 727 /* Check queue. */ 728 if (__predict_true(pktq)) { 729 if (__predict_false(!pktq_enqueue(pktq, m, 0))) { 730 goto drop; 731 } 732 SPPP_UNLOCK(sp); 733 return; 734 } 735 736 SPPP_UNLOCK(sp); 737 738 IFQ_LOCK(inq); 739 if (IF_QFULL(inq)) { 740 /* Queue overflow. */ 741 IF_DROP(inq); 742 IFQ_UNLOCK(inq); 743 if (debug) 744 log(LOG_DEBUG, "%s: protocol queue overflow\n", 745 ifp->if_xname); 746 747 SPPP_LOCK(sp, RW_READER); 748 goto drop; 749 } 750 IF_ENQUEUE(inq, m); 751 IFQ_UNLOCK(inq); 752 schednetisr(isr); 753 } 754 755 /* 756 * Enqueue transmit packet. 757 */ 758 static int 759 sppp_output(struct ifnet *ifp, struct mbuf *m, 760 const struct sockaddr *dst, const struct rtentry *rt) 761 { 762 struct sppp *sp = (struct sppp *) ifp; 763 struct ppp_header *h = NULL; 764 #ifndef SPPPSUBR_MPSAFE 765 struct ifqueue *ifq = NULL; /* XXX */ 766 #endif 767 int s, error = 0; 768 uint16_t protocol; 769 size_t pktlen; 770 771 s = splnet(); 772 SPPP_LOCK(sp, RW_READER); 773 774 sp->pp_last_activity = time_uptime; 775 776 if ((ifp->if_flags & IFF_UP) == 0 || 777 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 778 SPPP_UNLOCK(sp); 779 splx(s); 780 781 m_freem(m); 782 783 return (ENETDOWN); 784 } 785 786 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 787 /* 788 * Interface is not yet running, but auto-dial. Need 789 * to start LCP for it. 790 */ 791 ifp->if_flags |= IFF_RUNNING; 792 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); 793 } 794 795 /* 796 * If the queueing discipline needs packet classification, 797 * do it before prepending link headers. 798 */ 799 IFQ_CLASSIFY(&ifp->if_snd, m, dst->sa_family); 800 801 #ifdef INET 802 if (dst->sa_family == AF_INET) { 803 struct ip *ip = NULL; 804 #ifndef SPPPSUBR_MPSAFE 805 struct tcphdr *th = NULL; 806 #endif 807 808 if (m->m_len >= sizeof(struct ip)) { 809 ip = mtod(m, struct ip *); 810 #ifndef SPPPSUBR_MPSAFE 811 if (ip->ip_p == IPPROTO_TCP && 812 m->m_len >= sizeof(struct ip) + (ip->ip_hl << 2) + 813 sizeof(struct tcphdr)) { 814 th = (struct tcphdr *) 815 ((char *)ip + (ip->ip_hl << 2)); 816 } 817 #endif 818 } else 819 ip = NULL; 820 821 /* 822 * When using dynamic local IP address assignment by using 823 * 0.0.0.0 as a local address, the first TCP session will 824 * not connect because the local TCP checksum is computed 825 * using 0.0.0.0 which will later become our real IP address 826 * so the TCP checksum computed at the remote end will 827 * become invalid. So we 828 * - don't let packets with src ip addr 0 thru 829 * - we flag TCP packets with src ip 0 as an error 830 */ 831 if (ip && ip->ip_src.s_addr == INADDR_ANY) { 832 uint8_t proto = ip->ip_p; 833 834 SPPP_UNLOCK(sp); 835 splx(s); 836 837 m_freem(m); 838 if (proto == IPPROTO_TCP) 839 return (EADDRNOTAVAIL); 840 else 841 return (0); 842 } 843 844 #ifndef SPPPSUBR_MPSAFE 845 /* 846 * Put low delay, telnet, rlogin and ftp control packets 847 * in front of the queue. 848 */ 849 if (!IF_QFULL(&sp->pp_fastq) && 850 ((ip && (ip->ip_tos & IPTOS_LOWDELAY)) || 851 (th && (INTERACTIVE(ntohs(th->th_sport)) || 852 INTERACTIVE(ntohs(th->th_dport)))))) 853 ifq = &sp->pp_fastq; 854 #endif /* !SPPPSUBR_MPSAFE */ 855 } 856 #endif 857 858 #ifdef INET6 859 if (dst->sa_family == AF_INET6) { 860 /* XXX do something tricky here? */ 861 } 862 #endif 863 864 if ((sp->pp_flags & PP_NOFRAMING) == 0) { 865 /* 866 * Prepend general data packet PPP header. For now, IP only. 867 */ 868 M_PREPEND(m, PPP_HEADER_LEN, M_DONTWAIT); 869 if (! m) { 870 if (ifp->if_flags & IFF_DEBUG) 871 log(LOG_DEBUG, "%s: no memory for transmit header\n", 872 ifp->if_xname); 873 if_statinc(ifp, if_oerrors); 874 SPPP_UNLOCK(sp); 875 splx(s); 876 return (ENOBUFS); 877 } 878 /* 879 * May want to check size of packet 880 * (albeit due to the implementation it's always enough) 881 */ 882 h = mtod(m, struct ppp_header *); 883 if (sp->pp_flags & PP_CISCO) { 884 h->address = CISCO_UNICAST; /* unicast address */ 885 h->control = 0; 886 } else { 887 h->address = PPP_ALLSTATIONS; /* broadcast address */ 888 h->control = PPP_UI; /* Unnumbered Info */ 889 } 890 } 891 892 switch (dst->sa_family) { 893 #ifdef INET 894 case AF_INET: /* Internet Protocol */ 895 if (sp->pp_flags & PP_CISCO) 896 protocol = htons(ETHERTYPE_IP); 897 else { 898 /* 899 * Don't choke with an ENETDOWN early. It's 900 * possible that we just started dialing out, 901 * so don't drop the packet immediately. If 902 * we notice that we run out of buffer space 903 * below, we will however remember that we are 904 * not ready to carry IP packets, and return 905 * ENETDOWN, as opposed to ENOBUFS. 906 */ 907 protocol = htons(PPP_IP); 908 if (sp->scp[IDX_IPCP].state != STATE_OPENED) 909 error = ENETDOWN; 910 } 911 break; 912 #endif 913 #ifdef INET6 914 case AF_INET6: /* Internet Protocol version 6 */ 915 if (sp->pp_flags & PP_CISCO) 916 protocol = htons(ETHERTYPE_IPV6); 917 else { 918 /* 919 * Don't choke with an ENETDOWN early. It's 920 * possible that we just started dialing out, 921 * so don't drop the packet immediately. If 922 * we notice that we run out of buffer space 923 * below, we will however remember that we are 924 * not ready to carry IP packets, and return 925 * ENETDOWN, as opposed to ENOBUFS. 926 */ 927 protocol = htons(PPP_IPV6); 928 if (sp->scp[IDX_IPV6CP].state != STATE_OPENED) 929 error = ENETDOWN; 930 } 931 break; 932 #endif 933 default: 934 m_freem(m); 935 if_statinc(ifp, if_oerrors); 936 SPPP_UNLOCK(sp); 937 splx(s); 938 return (EAFNOSUPPORT); 939 } 940 941 if (sp->pp_flags & PP_NOFRAMING) { 942 M_PREPEND(m, 2, M_DONTWAIT); 943 if (m == NULL) { 944 if (ifp->if_flags & IFF_DEBUG) 945 log(LOG_DEBUG, "%s: no memory for transmit header\n", 946 ifp->if_xname); 947 if_statinc(ifp, if_oerrors); 948 SPPP_UNLOCK(sp); 949 splx(s); 950 return (ENOBUFS); 951 } 952 *mtod(m, uint16_t *) = protocol; 953 } else { 954 h->protocol = protocol; 955 } 956 957 pktlen = m->m_pkthdr.len; 958 #ifdef SPPPSUBR_MPSAFE 959 SPPP_UNLOCK(sp); 960 error = if_transmit_lock(ifp, m); 961 SPPP_LOCK(sp, RW_READER); 962 if (error == 0) 963 if_statadd(ifp, if_obytes, pktlen + sp->pp_framebytes); 964 #else /* !SPPPSUBR_MPSAFE */ 965 error = ifq_enqueue2(ifp, ifq, m); 966 967 if (error == 0) { 968 /* 969 * Count output packets and bytes. 970 * The packet length includes header + additional hardware 971 * framing according to RFC 1333. 972 */ 973 if (!(ifp->if_flags & IFF_OACTIVE)) { 974 SPPP_UNLOCK(sp); 975 if_start_lock(ifp); 976 SPPP_LOCK(sp, RW_READER); 977 } 978 if_statadd(ifp, if_obytes, pktlen + sp->pp_framebytes); 979 } 980 #endif /* !SPPPSUBR_MPSAFE */ 981 SPPP_UNLOCK(sp); 982 splx(s); 983 return error; 984 } 985 986 void 987 sppp_attach(struct ifnet *ifp) 988 { 989 struct sppp *sp = (struct sppp *) ifp; 990 char xnamebuf[MAXCOMLEN]; 991 992 /* Initialize keepalive handler. */ 993 if (! spppq) { 994 callout_init(&keepalive_ch, CALLOUT_MPSAFE); 995 callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 996 } 997 998 if (! spppq_lock) 999 spppq_lock = mutex_obj_alloc(MUTEX_DEFAULT, IPL_SOFTNET); 1000 1001 sp->pp_if.if_type = IFT_PPP; 1002 sp->pp_if.if_output = sppp_output; 1003 sp->pp_fastq.ifq_maxlen = 32; 1004 sp->pp_cpq.ifq_maxlen = 20; 1005 sp->pp_loopcnt = 0; 1006 sp->pp_alivecnt = 0; 1007 sp->pp_last_activity = 0; 1008 sp->pp_last_receive = 0; 1009 sp->pp_maxalive = DEFAULT_MAXALIVECNT; 1010 sp->pp_max_noreceive = DEFAULT_NORECV_TIME; 1011 sp->pp_idle_timeout = 0; 1012 sp->pp_max_auth_fail = DEFAULT_MAX_AUTH_FAILURES; 1013 sp->pp_phase = SPPP_PHASE_DEAD; 1014 sp->pp_up = sppp_notify_up; 1015 sp->pp_down = sppp_notify_down; 1016 sppp_wq_set(&sp->work_ifdown, sppp_ifdown, NULL); 1017 memset(sp->scp, 0, sizeof(sp->scp)); 1018 rw_init(&sp->pp_lock); 1019 1020 if_alloc_sadl(ifp); 1021 1022 /* Lets not beat about the bush, we know we're down. */ 1023 ifp->if_link_state = LINK_STATE_DOWN; 1024 1025 snprintf(xnamebuf, sizeof(xnamebuf), "%s.wq_cp", ifp->if_xname); 1026 sp->wq_cp = sppp_wq_create(sp, xnamebuf, 1027 PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE); 1028 1029 memset(&sp->myauth, 0, sizeof sp->myauth); 1030 memset(&sp->hisauth, 0, sizeof sp->hisauth); 1031 SPPP_LOCK(sp, RW_WRITER); 1032 sppp_lcp_init(sp); 1033 sppp_ipcp_init(sp); 1034 sppp_ipv6cp_init(sp); 1035 sppp_pap_init(sp); 1036 sppp_chap_init(sp); 1037 SPPP_UNLOCK(sp); 1038 1039 SPPPQ_LOCK(); 1040 /* Insert new entry into the keepalive list. */ 1041 sp->pp_next = spppq; 1042 spppq = sp; 1043 SPPPQ_UNLOCK(); 1044 } 1045 1046 void 1047 sppp_detach(struct ifnet *ifp) 1048 { 1049 struct sppp **q, *p, *sp = (struct sppp *) ifp; 1050 1051 /* Remove the entry from the keepalive list. */ 1052 SPPPQ_LOCK(); 1053 for (q = &spppq; (p = *q); q = &p->pp_next) 1054 if (p == sp) { 1055 *q = p->pp_next; 1056 break; 1057 } 1058 SPPPQ_UNLOCK(); 1059 1060 if (! spppq) { 1061 /* Stop keepalive handler. */ 1062 callout_stop(&keepalive_ch); 1063 mutex_obj_free(spppq_lock); 1064 spppq_lock = NULL; 1065 } 1066 1067 SPPP_LOCK(sp, RW_WRITER); 1068 1069 /* to avoid workqueue enqueued */ 1070 atomic_swap_uint(&sp->ipcp.update_addrs_enqueued, 1); 1071 workqueue_wait(sp->ipcp.update_addrs_wq, &sp->ipcp.update_addrs_wk); 1072 workqueue_destroy(sp->ipcp.update_addrs_wq); 1073 pcq_destroy(sp->ipcp.update_addrs_q); 1074 1075 sppp_cp_fini(&lcp, sp); 1076 sppp_cp_fini(&ipcp, sp); 1077 callout_stop(&sp->scp[IDX_PAP].ch); 1078 callout_stop(&sp->scp[IDX_CHAP].ch); 1079 #ifdef INET6 1080 sppp_cp_fini(&ipv6cp, sp); 1081 #endif 1082 sppp_wq_destroy(sp, sp->wq_cp); 1083 callout_stop(&sp->pap_my_to_ch); 1084 1085 /* free authentication info */ 1086 if (sp->myauth.name) free(sp->myauth.name, M_DEVBUF); 1087 if (sp->myauth.secret) free(sp->myauth.secret, M_DEVBUF); 1088 if (sp->hisauth.name) free(sp->hisauth.name, M_DEVBUF); 1089 if (sp->hisauth.secret) free(sp->hisauth.secret, M_DEVBUF); 1090 SPPP_UNLOCK(sp); 1091 rw_destroy(&sp->pp_lock); 1092 } 1093 1094 /* 1095 * Flush the interface output queue. 1096 */ 1097 void 1098 sppp_flush(struct ifnet *ifp) 1099 { 1100 struct sppp *sp = (struct sppp *) ifp; 1101 1102 SPPP_LOCK(sp, RW_WRITER); 1103 IFQ_PURGE(&sp->pp_if.if_snd); 1104 IF_PURGE(&sp->pp_fastq); 1105 IF_PURGE(&sp->pp_cpq); 1106 SPPP_UNLOCK(sp); 1107 } 1108 1109 /* 1110 * Check if the output queue is empty. 1111 */ 1112 int 1113 sppp_isempty(struct ifnet *ifp) 1114 { 1115 struct sppp *sp = (struct sppp *) ifp; 1116 int empty, s; 1117 1118 s = splnet(); 1119 SPPP_LOCK(sp, RW_READER); 1120 empty = IF_IS_EMPTY(&sp->pp_fastq) && IF_IS_EMPTY(&sp->pp_cpq) && 1121 IFQ_IS_EMPTY(&sp->pp_if.if_snd); 1122 SPPP_UNLOCK(sp); 1123 splx(s); 1124 return (empty); 1125 } 1126 1127 /* 1128 * Get next packet to send. 1129 */ 1130 struct mbuf * 1131 sppp_dequeue(struct ifnet *ifp) 1132 { 1133 struct sppp *sp = (struct sppp *) ifp; 1134 struct mbuf *m; 1135 int s; 1136 1137 s = splnet(); 1138 SPPP_LOCK(sp, RW_WRITER); 1139 /* 1140 * Process only the control protocol queue until we have at 1141 * least one NCP open. 1142 * 1143 * Do always serve all three queues in Cisco mode. 1144 */ 1145 IF_DEQUEUE(&sp->pp_cpq, m); 1146 if (m == NULL && 1147 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) { 1148 IF_DEQUEUE(&sp->pp_fastq, m); 1149 if (m == NULL) 1150 IFQ_DEQUEUE(&sp->pp_if.if_snd, m); 1151 } 1152 SPPP_UNLOCK(sp); 1153 splx(s); 1154 return m; 1155 } 1156 1157 /* 1158 * Process an ioctl request. Called on low priority level. 1159 */ 1160 int 1161 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) 1162 { 1163 struct lwp *l = curlwp; /* XXX */ 1164 struct ifreq *ifr = (struct ifreq *) data; 1165 struct ifaddr *ifa = (struct ifaddr *) data; 1166 struct sppp *sp = (struct sppp *) ifp; 1167 int s, error=0, going_up, going_down; 1168 u_short newmode; 1169 1170 s = splnet(); 1171 switch (cmd) { 1172 case SIOCINITIFADDR: 1173 ifa->ifa_rtrequest = p2p_rtrequest; 1174 break; 1175 1176 case SIOCSIFFLAGS: 1177 if ((error = ifioctl_common(ifp, cmd, data)) != 0) 1178 break; 1179 1180 SPPP_LOCK(sp, RW_WRITER); 1181 going_up = ifp->if_flags & IFF_UP && 1182 (ifp->if_flags & IFF_RUNNING) == 0; 1183 going_down = (ifp->if_flags & IFF_UP) == 0 && 1184 ifp->if_flags & IFF_RUNNING; 1185 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 1186 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 1187 /* sanity */ 1188 newmode = IFF_PASSIVE; 1189 ifp->if_flags &= ~IFF_AUTO; 1190 } 1191 1192 if (going_up || going_down) { 1193 sp->lcp.reestablish = false; 1194 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 1195 } 1196 if (going_up && newmode == 0) { 1197 /* neither auto-dial nor passive */ 1198 ifp->if_flags |= IFF_RUNNING; 1199 if (!(sp->pp_flags & PP_CISCO)) { 1200 sppp_wq_add(sp->wq_cp, 1201 &sp->scp[IDX_LCP].work_open); 1202 } 1203 } else if (going_down) { 1204 SPPP_UNLOCK(sp); 1205 sppp_flush(ifp); 1206 SPPP_LOCK(sp, RW_WRITER); 1207 1208 ifp->if_flags &= ~IFF_RUNNING; 1209 } 1210 SPPP_UNLOCK(sp); 1211 break; 1212 1213 case SIOCSIFMTU: 1214 if (ifr->ifr_mtu < PPP_MINMRU || 1215 ifr->ifr_mtu > sp->lcp.their_mru) { 1216 error = EINVAL; 1217 break; 1218 } 1219 /*FALLTHROUGH*/ 1220 case SIOCGIFMTU: 1221 if ((error = ifioctl_common(ifp, cmd, data)) == ENETRESET) 1222 error = 0; 1223 break; 1224 case SIOCADDMULTI: 1225 case SIOCDELMULTI: 1226 break; 1227 1228 case SPPPSETAUTHCFG: 1229 case SPPPSETLCPCFG: 1230 case SPPPSETIDLETO: 1231 case SPPPSETAUTHFAILURE: 1232 case SPPPSETDNSOPTS: 1233 case SPPPSETKEEPALIVE: 1234 #if defined(COMPAT_50) || defined(MODULAR) 1235 case __SPPPSETIDLETO50: 1236 case __SPPPSETKEEPALIVE50: 1237 #endif /* COMPAT_50 || MODULAR */ 1238 error = kauth_authorize_network(l->l_cred, 1239 KAUTH_NETWORK_INTERFACE, 1240 KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd, 1241 NULL); 1242 if (error) 1243 break; 1244 error = sppp_params(sp, cmd, data); 1245 break; 1246 1247 case SPPPGETAUTHCFG: 1248 case SPPPGETLCPCFG: 1249 case SPPPGETAUTHFAILURES: 1250 error = kauth_authorize_network(l->l_cred, 1251 KAUTH_NETWORK_INTERFACE, 1252 KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, ifp, (void *)cmd, 1253 NULL); 1254 if (error) 1255 break; 1256 error = sppp_params(sp, cmd, data); 1257 break; 1258 1259 case SPPPGETSTATUS: 1260 case SPPPGETSTATUSNCP: 1261 case SPPPGETIDLETO: 1262 case SPPPGETDNSOPTS: 1263 case SPPPGETDNSADDRS: 1264 case SPPPGETKEEPALIVE: 1265 #if defined(COMPAT_50) || defined(MODULAR) 1266 case __SPPPGETIDLETO50: 1267 case __SPPPGETKEEPALIVE50: 1268 #endif /* COMPAT_50 || MODULAR */ 1269 error = sppp_params(sp, cmd, data); 1270 break; 1271 1272 default: 1273 error = ifioctl_common(ifp, cmd, data); 1274 break; 1275 } 1276 splx(s); 1277 return (error); 1278 } 1279 1280 1281 /* 1282 * Cisco framing implementation. 1283 */ 1284 1285 /* 1286 * Handle incoming Cisco keepalive protocol packets. 1287 */ 1288 static void 1289 sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1290 { 1291 STDDCL; 1292 struct cisco_packet *h; 1293 #ifdef INET 1294 uint32_t me, mymask = 0; /* XXX: GCC */ 1295 #endif 1296 1297 SPPP_LOCK(sp, RW_WRITER); 1298 1299 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1300 if (debug) 1301 log(LOG_DEBUG, 1302 "%s: cisco invalid packet length: %d bytes\n", 1303 ifp->if_xname, m->m_pkthdr.len); 1304 SPPP_UNLOCK(sp); 1305 return; 1306 } 1307 h = mtod(m, struct cisco_packet *); 1308 if (debug) 1309 log(LOG_DEBUG, 1310 "%s: cisco input: %d bytes " 1311 "<0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", 1312 ifp->if_xname, m->m_pkthdr.len, 1313 ntohl(h->type), h->par1, h->par2, (u_int)h->rel, 1314 (u_int)h->time0, (u_int)h->time1); 1315 switch (ntohl(h->type)) { 1316 default: 1317 if (debug) 1318 addlog("%s: cisco unknown packet type: 0x%x\n", 1319 ifp->if_xname, ntohl(h->type)); 1320 break; 1321 case CISCO_ADDR_REPLY: 1322 /* Reply on address request, ignore */ 1323 break; 1324 case CISCO_KEEPALIVE_REQ: 1325 sp->pp_alivecnt = 0; 1326 sp->scp[IDX_LCP].rseq = ntohl(h->par1); 1327 if (sp->scp[IDX_LCP].seq == sp->scp[IDX_LCP].rseq) { 1328 /* Local and remote sequence numbers are equal. 1329 * Probably, the line is in loopback mode. */ 1330 if (sp->pp_loopcnt >= LOOPALIVECNT) { 1331 printf ("%s: loopback\n", 1332 ifp->if_xname); 1333 sp->pp_loopcnt = 0; 1334 if (ifp->if_flags & IFF_UP) { 1335 SPPP_UNLOCK(sp); 1336 if_down(ifp); 1337 SPPP_LOCK(sp, RW_WRITER); 1338 1339 IF_PURGE(&sp->pp_cpq); 1340 } 1341 } 1342 ++sp->pp_loopcnt; 1343 1344 /* Generate new local sequence number */ 1345 sp->scp[IDX_LCP].seq = cprng_fast32(); 1346 break; 1347 } 1348 sp->pp_loopcnt = 0; 1349 if (! (ifp->if_flags & IFF_UP) && 1350 (ifp->if_flags & IFF_RUNNING)) { 1351 SPPP_UNLOCK(sp); 1352 if_up(ifp); 1353 SPPP_LOCK(sp, RW_WRITER); 1354 } 1355 break; 1356 case CISCO_ADDR_REQ: 1357 #ifdef INET 1358 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1359 if (me != 0L) 1360 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1361 #endif 1362 break; 1363 } 1364 SPPP_UNLOCK(sp); 1365 } 1366 1367 /* 1368 * Send Cisco keepalive packet. 1369 */ 1370 static void 1371 sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2) 1372 { 1373 STDDCL; 1374 struct ppp_header *h; 1375 struct cisco_packet *ch; 1376 struct mbuf *m; 1377 uint32_t t; 1378 1379 KASSERT(SPPP_WLOCKED(sp)); 1380 1381 t = time_uptime * 1000; 1382 MGETHDR(m, M_DONTWAIT, MT_DATA); 1383 if (! m) 1384 return; 1385 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1386 m_reset_rcvif(m); 1387 1388 h = mtod(m, struct ppp_header *); 1389 h->address = CISCO_MULTICAST; 1390 h->control = 0; 1391 h->protocol = htons(CISCO_KEEPALIVE); 1392 1393 ch = (struct cisco_packet *)(h + 1); 1394 ch->type = htonl(type); 1395 ch->par1 = htonl(par1); 1396 ch->par2 = htonl(par2); 1397 ch->rel = -1; 1398 1399 ch->time0 = htons((u_short)(t >> 16)); 1400 ch->time1 = htons((u_short) t); 1401 1402 if (debug) 1403 log(LOG_DEBUG, 1404 "%s: cisco output: <0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", 1405 ifp->if_xname, ntohl(ch->type), ch->par1, 1406 ch->par2, (u_int)ch->rel, (u_int)ch->time0, 1407 (u_int)ch->time1); 1408 1409 if (IF_QFULL(&sp->pp_cpq)) { 1410 IF_DROP(&sp->pp_fastq); 1411 IF_DROP(&ifp->if_snd); 1412 m_freem(m); 1413 if_statinc(ifp, if_oerrors); 1414 return; 1415 } 1416 1417 if_statadd(ifp, if_obytes, m->m_pkthdr.len + sp->pp_framebytes); 1418 IF_ENQUEUE(&sp->pp_cpq, m); 1419 1420 if (! (ifp->if_flags & IFF_OACTIVE)) { 1421 SPPP_UNLOCK(sp); 1422 if_start_lock(ifp); 1423 SPPP_LOCK(sp, RW_WRITER); 1424 } 1425 } 1426 1427 /* 1428 * PPP protocol implementation. 1429 */ 1430 1431 /* 1432 * Send PPP control protocol packet. 1433 */ 1434 static void 1435 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1436 u_char ident, u_short len, void *data) 1437 { 1438 STDDCL; 1439 struct lcp_header *lh; 1440 struct mbuf *m; 1441 size_t pkthdrlen; 1442 1443 KASSERT(SPPP_WLOCKED(sp)); 1444 1445 pkthdrlen = (sp->pp_flags & PP_NOFRAMING) ? 2 : PPP_HEADER_LEN; 1446 1447 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) 1448 len = MHLEN - pkthdrlen - LCP_HEADER_LEN; 1449 MGETHDR(m, M_DONTWAIT, MT_DATA); 1450 if (! m) { 1451 return; 1452 } 1453 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 1454 m_reset_rcvif(m); 1455 1456 if (sp->pp_flags & PP_NOFRAMING) { 1457 *mtod(m, uint16_t *) = htons(proto); 1458 lh = (struct lcp_header *)(mtod(m, uint8_t *) + 2); 1459 } else { 1460 struct ppp_header *h; 1461 h = mtod(m, struct ppp_header *); 1462 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1463 h->control = PPP_UI; /* Unnumbered Info */ 1464 h->protocol = htons(proto); /* Link Control Protocol */ 1465 lh = (struct lcp_header *)(h + 1); 1466 } 1467 lh->type = type; 1468 lh->ident = ident; 1469 lh->len = htons(LCP_HEADER_LEN + len); 1470 if (len) 1471 memcpy(lh + 1, data, len); 1472 1473 if (debug) { 1474 log(LOG_DEBUG, "%s: %s output <%s id=0x%x len=%d", 1475 ifp->if_xname, 1476 sppp_proto_name(proto), 1477 sppp_cp_type_name(lh->type), lh->ident, ntohs(lh->len)); 1478 if (len) 1479 sppp_print_bytes((u_char *)(lh + 1), len); 1480 addlog(">\n"); 1481 } 1482 if (IF_QFULL(&sp->pp_cpq)) { 1483 IF_DROP(&sp->pp_fastq); 1484 IF_DROP(&ifp->if_snd); 1485 m_freem(m); 1486 if_statinc(ifp, if_oerrors); 1487 return; 1488 } 1489 1490 if_statadd(ifp, if_obytes, m->m_pkthdr.len + sp->pp_framebytes); 1491 IF_ENQUEUE(&sp->pp_cpq, m); 1492 1493 1494 if (! (ifp->if_flags & IFF_OACTIVE)) { 1495 SPPP_UNLOCK(sp); 1496 if_start_lock(ifp); 1497 SPPP_LOCK(sp, RW_WRITER); 1498 } 1499 } 1500 1501 static void 1502 sppp_cp_to_lcp(void *xsp) 1503 { 1504 struct sppp *sp = xsp; 1505 1506 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_to); 1507 } 1508 1509 static void 1510 sppp_cp_to_ipcp(void *xsp) 1511 { 1512 struct sppp *sp = xsp; 1513 1514 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_IPCP].work_to); 1515 } 1516 1517 static void 1518 sppp_cp_to_ipv6cp(void *xsp) 1519 { 1520 struct sppp *sp = xsp; 1521 1522 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_IPV6CP].work_to); 1523 } 1524 1525 static void 1526 sppp_cp_init(const struct cp *cp, struct sppp *sp) 1527 { 1528 struct sppp_cp *scp; 1529 typedef void (*sppp_co_cb_t)(void *); 1530 static const sppp_co_cb_t to_cb[IDX_COUNT] = { 1531 [IDX_LCP] = sppp_cp_to_lcp, 1532 [IDX_IPCP] = sppp_cp_to_ipcp, 1533 [IDX_IPV6CP] = sppp_cp_to_ipv6cp, 1534 }; 1535 1536 scp = &sp->scp[cp->protoidx]; 1537 1538 SPPP_WQ_SET(&scp->work_up, cp->Up, cp); 1539 SPPP_WQ_SET(&scp->work_down, cp->Down, cp); 1540 SPPP_WQ_SET(&scp->work_open, cp->Open, cp); 1541 SPPP_WQ_SET(&scp->work_close, cp->Close, cp); 1542 SPPP_WQ_SET(&scp->work_to, cp->TO, cp); 1543 SPPP_WQ_SET(&scp->work_rcr, sppp_rcr_event, cp); 1544 SPPP_WQ_SET(&scp->work_rca, sppp_rca_event, cp); 1545 SPPP_WQ_SET(&scp->work_rcn, sppp_rcn_event, cp); 1546 SPPP_WQ_SET(&scp->work_rtr, sppp_rtr_event, cp); 1547 SPPP_WQ_SET(&scp->work_rta, sppp_rta_event, cp); 1548 SPPP_WQ_SET(&scp->work_rxj, sppp_rxj_event, cp); 1549 1550 callout_init(&scp->ch, CALLOUT_MPSAFE); 1551 callout_setfunc(&scp->ch, to_cb[cp->protoidx], sp); 1552 } 1553 1554 static void 1555 sppp_cp_fini(const struct cp *cp, struct sppp *sp) 1556 { 1557 struct sppp_cp *scp; 1558 scp = &sp->scp[cp->protoidx]; 1559 1560 sppp_wq_wait(sp->wq_cp, &scp->work_up); 1561 sppp_wq_wait(sp->wq_cp, &scp->work_down); 1562 sppp_wq_wait(sp->wq_cp, &scp->work_open); 1563 sppp_wq_wait(sp->wq_cp, &scp->work_close); 1564 sppp_wq_wait(sp->wq_cp, &scp->work_to); 1565 sppp_wq_wait(sp->wq_cp, &scp->work_rcr); 1566 sppp_wq_wait(sp->wq_cp, &scp->work_rca); 1567 sppp_wq_wait(sp->wq_cp, &scp->work_rcn); 1568 sppp_wq_wait(sp->wq_cp, &scp->work_rtr); 1569 sppp_wq_wait(sp->wq_cp, &scp->work_rta); 1570 sppp_wq_wait(sp->wq_cp, &scp->work_rxj); 1571 1572 callout_halt(&scp->ch, NULL); 1573 callout_destroy(&scp->ch); 1574 } 1575 1576 /* 1577 * Handle incoming PPP control protocol packets. 1578 */ 1579 static void 1580 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1581 { 1582 STDDCL; 1583 struct lcp_header *h; 1584 int printlen, len = m->m_pkthdr.len; 1585 int rv; 1586 u_char *p; 1587 uint32_t u32; 1588 1589 SPPP_LOCK(sp, RW_WRITER); 1590 1591 if (len < 4) { 1592 if (debug) 1593 log(LOG_DEBUG, 1594 "%s: %s invalid packet length: %d bytes\n", 1595 ifp->if_xname, cp->name, len); 1596 SPPP_UNLOCK(sp); 1597 return; 1598 } 1599 h = mtod(m, struct lcp_header *); 1600 if (debug) { 1601 printlen = ntohs(h->len); 1602 log(LOG_DEBUG, 1603 "%s: %s input(%s): <%s id=0x%x len=%d", 1604 ifp->if_xname, cp->name, 1605 sppp_state_name(sp->scp[cp->protoidx].state), 1606 sppp_cp_type_name(h->type), h->ident, printlen); 1607 if (len < printlen) 1608 printlen = len; 1609 if (printlen > 4) 1610 sppp_print_bytes((u_char *)(h + 1), printlen - 4); 1611 addlog(">\n"); 1612 } 1613 if (len > ntohs(h->len)) 1614 len = ntohs(h->len); 1615 p = (u_char *)(h + 1); 1616 switch (h->type) { 1617 case CONF_REQ: 1618 if (len < 4) { 1619 if (debug) 1620 addlog("%s: %s invalid conf-req length %d\n", 1621 ifp->if_xname, cp->name, 1622 len); 1623 if_statinc(ifp, if_ierrors); 1624 break; 1625 } 1626 rv = (cp->RCR)(sp, h, len); 1627 if (rv < 0) { 1628 /* fatal error, shut down */ 1629 (cp->tld)(sp); 1630 sppp_lcp_tlf(sp); 1631 SPPP_UNLOCK(sp); 1632 return; 1633 } 1634 sp->scp[cp->protoidx].rconfid = h->ident; 1635 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rcr); 1636 break; 1637 case CONF_ACK: 1638 if (h->ident != sp->scp[cp->protoidx].confid) { 1639 if (debug) 1640 addlog("%s: %s id mismatch 0x%x != 0x%x\n", 1641 ifp->if_xname, cp->name, 1642 h->ident, sp->scp[cp->protoidx].confid); 1643 if_statinc(ifp, if_ierrors); 1644 break; 1645 } 1646 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rca); 1647 break; 1648 case CONF_NAK: 1649 case CONF_REJ: 1650 if (h->ident != sp->scp[cp->protoidx].confid) { 1651 if (debug) 1652 addlog("%s: %s id mismatch 0x%x != 0x%x\n", 1653 ifp->if_xname, cp->name, 1654 h->ident, sp->scp[cp->protoidx].confid); 1655 if_statinc(ifp, if_ierrors); 1656 break; 1657 } 1658 if (h->type == CONF_NAK) 1659 (cp->RCN_nak)(sp, h, len); 1660 else /* CONF_REJ */ 1661 (cp->RCN_rej)(sp, h, len); 1662 1663 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rcn); 1664 break; 1665 1666 case TERM_REQ: 1667 sp->scp[cp->protoidx].rseq = h->ident; 1668 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rtr); 1669 break; 1670 case TERM_ACK: 1671 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rta); 1672 break; 1673 case CODE_REJ: 1674 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1675 log(LOG_INFO, 1676 "%s: %s: ignoring RXJ (%s) for code ?, " 1677 "danger will robinson\n", 1678 ifp->if_xname, cp->name, 1679 sppp_cp_type_name(h->type)); 1680 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rxj); 1681 break; 1682 case PROTO_REJ: 1683 { 1684 int catastrophic; 1685 const struct cp *upper; 1686 int i; 1687 uint16_t proto; 1688 1689 catastrophic = 0; 1690 upper = NULL; 1691 proto = p[0] << 8 | p[1]; 1692 for (i = 0; i < IDX_COUNT; i++) { 1693 if (cps[i]->proto == proto) { 1694 upper = cps[i]; 1695 break; 1696 } 1697 } 1698 if (upper == NULL) 1699 catastrophic++; 1700 1701 if (debug) 1702 log(LOG_INFO, 1703 "%s: %s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1704 ifp->if_xname, cp->name, catastrophic ? '-' : '+', 1705 sppp_cp_type_name(h->type), proto, 1706 upper ? upper->name : "unknown", 1707 upper ? sppp_state_name(sp->scp[upper->protoidx].state) : "?"); 1708 1709 /* 1710 * if we got RXJ+ against conf-req, the peer does not implement 1711 * this particular protocol type. terminate the protocol. 1712 */ 1713 if (upper && !catastrophic) { 1714 if (sp->scp[upper->protoidx].state == STATE_REQ_SENT) { 1715 sppp_wq_add(sp->wq_cp, 1716 &sp->scp[upper->protoidx].work_close); 1717 break; 1718 } 1719 } 1720 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rxj); 1721 break; 1722 } 1723 case DISC_REQ: 1724 if (cp->proto != PPP_LCP) 1725 goto illegal; 1726 /* Discard the packet. */ 1727 break; 1728 case ECHO_REQ: 1729 if (cp->proto != PPP_LCP) 1730 goto illegal; 1731 if (sp->scp[cp->protoidx].state != STATE_OPENED) { 1732 if (debug) 1733 addlog("%s: lcp echo req but lcp closed\n", 1734 ifp->if_xname); 1735 if_statinc(ifp, if_ierrors); 1736 break; 1737 } 1738 if (len < 8) { 1739 if (debug) 1740 addlog("%s: invalid lcp echo request " 1741 "packet length: %d bytes\n", 1742 ifp->if_xname, len); 1743 break; 1744 } 1745 memcpy(&u32, h + 1, sizeof u32); 1746 if (ntohl(u32) == sp->lcp.magic) { 1747 /* Line loopback mode detected. */ 1748 printf("%s: loopback\n", ifp->if_xname); 1749 SPPP_UNLOCK(sp); 1750 if_down(ifp); 1751 SPPP_LOCK(sp, RW_WRITER); 1752 1753 IF_PURGE(&sp->pp_cpq); 1754 1755 /* Shut down the PPP link. */ 1756 /* XXX */ 1757 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_down); 1758 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_up); 1759 break; 1760 } 1761 u32 = htonl(sp->lcp.magic); 1762 memcpy(h + 1, &u32, sizeof u32); 1763 if (debug) 1764 addlog("%s: got lcp echo req, sending echo rep\n", 1765 ifp->if_xname); 1766 sppp_cp_send(sp, PPP_LCP, ECHO_REPLY, h->ident, len - 4, 1767 h + 1); 1768 break; 1769 case ECHO_REPLY: 1770 if (cp->proto != PPP_LCP) 1771 goto illegal; 1772 if (h->ident != sp->lcp.echoid) { 1773 if_statinc(ifp, if_ierrors); 1774 break; 1775 } 1776 if (len < 8) { 1777 if (debug) 1778 addlog("%s: lcp invalid echo reply " 1779 "packet length: %d bytes\n", 1780 ifp->if_xname, len); 1781 break; 1782 } 1783 if (debug) 1784 addlog("%s: lcp got echo rep\n", 1785 ifp->if_xname); 1786 memcpy(&u32, h + 1, sizeof u32); 1787 if (ntohl(u32) != sp->lcp.magic) 1788 sp->pp_alivecnt = 0; 1789 break; 1790 default: 1791 /* Unknown packet type -- send Code-Reject packet. */ 1792 illegal: 1793 if (debug) 1794 addlog("%s: %s send code-rej for 0x%x\n", 1795 ifp->if_xname, cp->name, h->type); 1796 sppp_cp_send(sp, cp->proto, CODE_REJ, 1797 ++sp->scp[cp->protoidx].seq, m->m_pkthdr.len, h); 1798 if_statinc(ifp, if_ierrors); 1799 } 1800 1801 SPPP_UNLOCK(sp); 1802 } 1803 1804 1805 /* 1806 * The generic part of all Up/Down/Open/Close/TO event handlers. 1807 * Basically, the state transition handling in the automaton. 1808 */ 1809 static void 1810 sppp_up_event(struct sppp *sp, void *xcp) 1811 { 1812 const struct cp *cp = xcp; 1813 STDDCL; 1814 1815 KASSERT(SPPP_WLOCKED(sp)); 1816 1817 if (debug) 1818 log(LOG_DEBUG, "%s: %s up(%s)\n", 1819 ifp->if_xname, cp->name, 1820 sppp_state_name(sp->scp[cp->protoidx].state)); 1821 1822 switch (sp->scp[cp->protoidx].state) { 1823 case STATE_INITIAL: 1824 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1825 break; 1826 case STATE_STARTING: 1827 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 1828 (cp->scr)(sp); 1829 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1830 break; 1831 default: 1832 printf("%s: %s illegal up in state %s\n", 1833 ifp->if_xname, cp->name, 1834 sppp_state_name(sp->scp[cp->protoidx].state)); 1835 } 1836 } 1837 1838 static void 1839 sppp_down_event(struct sppp *sp, void *xcp) 1840 { 1841 const struct cp *cp = xcp; 1842 STDDCL; 1843 1844 KASSERT(SPPP_WLOCKED(sp)); 1845 1846 if (debug) 1847 log(LOG_DEBUG, "%s: %s down(%s)\n", 1848 ifp->if_xname, cp->name, 1849 sppp_state_name(sp->scp[cp->protoidx].state)); 1850 1851 switch (sp->scp[cp->protoidx].state) { 1852 case STATE_CLOSED: 1853 case STATE_CLOSING: 1854 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1855 break; 1856 case STATE_STOPPED: 1857 (cp->tls)(sp); 1858 /* fall through */ 1859 case STATE_STOPPING: 1860 case STATE_REQ_SENT: 1861 case STATE_ACK_RCVD: 1862 case STATE_ACK_SENT: 1863 sppp_cp_change_state(cp, sp, STATE_STARTING); 1864 break; 1865 case STATE_OPENED: 1866 (cp->tld)(sp); 1867 sppp_cp_change_state(cp, sp, STATE_STARTING); 1868 break; 1869 default: 1870 printf("%s: %s illegal down in state %s\n", 1871 ifp->if_xname, cp->name, 1872 sppp_state_name(sp->scp[cp->protoidx].state)); 1873 } 1874 } 1875 1876 1877 static void 1878 sppp_open_event(struct sppp *sp, void *xcp) 1879 { 1880 const struct cp *cp = xcp; 1881 STDDCL; 1882 1883 KASSERT(SPPP_WLOCKED(sp)); 1884 1885 if (debug) 1886 log(LOG_DEBUG, "%s: %s open(%s)\n", 1887 ifp->if_xname, cp->name, 1888 sppp_state_name(sp->scp[cp->protoidx].state)); 1889 1890 switch (sp->scp[cp->protoidx].state) { 1891 case STATE_INITIAL: 1892 sppp_cp_change_state(cp, sp, STATE_STARTING); 1893 (cp->tls)(sp); 1894 break; 1895 case STATE_STARTING: 1896 break; 1897 case STATE_CLOSED: 1898 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 1899 (cp->scr)(sp); 1900 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1901 break; 1902 case STATE_STOPPED: 1903 case STATE_STOPPING: 1904 case STATE_REQ_SENT: 1905 case STATE_ACK_RCVD: 1906 case STATE_ACK_SENT: 1907 case STATE_OPENED: 1908 break; 1909 case STATE_CLOSING: 1910 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1911 break; 1912 } 1913 } 1914 1915 1916 static void 1917 sppp_close_event(struct sppp *sp, void *xcp) 1918 { 1919 const struct cp *cp = xcp; 1920 STDDCL; 1921 1922 KASSERT(SPPP_WLOCKED(sp)); 1923 1924 if (debug) 1925 log(LOG_DEBUG, "%s: %s close(%s)\n", 1926 ifp->if_xname, cp->name, 1927 sppp_state_name(sp->scp[cp->protoidx].state)); 1928 1929 switch (sp->scp[cp->protoidx].state) { 1930 case STATE_INITIAL: 1931 case STATE_CLOSED: 1932 case STATE_CLOSING: 1933 break; 1934 case STATE_STARTING: 1935 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1936 (cp->tlf)(sp); 1937 break; 1938 case STATE_STOPPED: 1939 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1940 break; 1941 case STATE_STOPPING: 1942 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1943 break; 1944 case STATE_OPENED: 1945 (cp->tld)(sp); 1946 /* fall through */ 1947 case STATE_REQ_SENT: 1948 case STATE_ACK_RCVD: 1949 case STATE_ACK_SENT: 1950 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_terminate; 1951 sppp_cp_send(sp, cp->proto, TERM_REQ, 1952 ++sp->scp[cp->protoidx].seq, 0, 0); 1953 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1954 break; 1955 } 1956 } 1957 1958 static void 1959 sppp_to_event(struct sppp *sp, void *xcp) 1960 { 1961 const struct cp *cp = xcp; 1962 int s; 1963 STDDCL; 1964 1965 KASSERT(SPPP_WLOCKED(sp)); 1966 1967 s = splnet(); 1968 1969 if (debug) 1970 log(LOG_DEBUG, "%s: %s TO(%s) rst_counter = %d\n", 1971 ifp->if_xname, cp->name, 1972 sppp_state_name(sp->scp[cp->protoidx].state), 1973 sp->scp[cp->protoidx].rst_counter); 1974 1975 if (--sp->scp[cp->protoidx].rst_counter < 0) 1976 /* TO- event */ 1977 switch (sp->scp[cp->protoidx].state) { 1978 case STATE_CLOSING: 1979 (cp->tlf)(sp); 1980 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1981 sppp_lcp_check_and_close(sp); 1982 break; 1983 case STATE_STOPPING: 1984 (cp->tlf)(sp); 1985 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1986 sppp_lcp_check_and_close(sp); 1987 break; 1988 case STATE_REQ_SENT: 1989 case STATE_ACK_RCVD: 1990 case STATE_ACK_SENT: 1991 (cp->tlf)(sp); 1992 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1993 sppp_lcp_check_and_close(sp); 1994 break; 1995 } 1996 else 1997 /* TO+ event */ 1998 switch (sp->scp[cp->protoidx].state) { 1999 case STATE_CLOSING: 2000 case STATE_STOPPING: 2001 sppp_cp_send(sp, cp->proto, TERM_REQ, 2002 ++sp->scp[cp->protoidx].seq, 0, 0); 2003 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 2004 break; 2005 case STATE_REQ_SENT: 2006 case STATE_ACK_RCVD: 2007 (cp->scr)(sp); 2008 /* sppp_cp_change_state() will restart the timer */ 2009 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2010 break; 2011 case STATE_ACK_SENT: 2012 (cp->scr)(sp); 2013 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 2014 break; 2015 } 2016 2017 splx(s); 2018 } 2019 2020 static void 2021 sppp_rcr_event(struct sppp *sp, void *xcp) 2022 { 2023 const struct cp *cp = xcp; 2024 u_char type; 2025 void *buf; 2026 size_t blen; 2027 STDDCL; 2028 2029 type = sp->scp[cp->protoidx].rcr_type; 2030 buf = sp->scp[cp->protoidx].rcr_buf; 2031 blen = sp->scp[cp->protoidx].rcr_blen; 2032 2033 if (type == CONF_ACK) { 2034 /* RCR+ event */ 2035 switch (sp->scp[cp->protoidx].state) { 2036 case STATE_OPENED: 2037 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2038 cp->tld(sp); 2039 cp->scr(sp); 2040 cp->scan(cp, sp); 2041 break; 2042 case STATE_ACK_SENT: 2043 case STATE_REQ_SENT: 2044 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2045 cp->scan(cp, sp); 2046 break; 2047 case STATE_STOPPED: 2048 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2049 cp->scr(sp); 2050 cp->scan(cp, sp); 2051 break; 2052 case STATE_ACK_RCVD: 2053 sppp_cp_change_state(cp, sp, STATE_OPENED); 2054 if (debug) 2055 log(LOG_DEBUG, "%s: %s tlu\n", 2056 ifp->if_xname, 2057 cp->name); 2058 cp->tlu(sp); 2059 cp->scan(cp, sp); 2060 break; 2061 case STATE_CLOSING: 2062 case STATE_STOPPING: 2063 if (buf != NULL) { 2064 sp->scp[cp->protoidx].rcr_buf = NULL; 2065 sp->scp[cp->protoidx].rcr_blen = 0; 2066 kmem_free(buf, blen); 2067 } 2068 break; 2069 case STATE_CLOSED: 2070 sppp_cp_send(sp, cp->proto, TERM_ACK, 2071 sp->scp[cp->protoidx].rconfid, 0, 0); 2072 break; 2073 default: 2074 printf("%s: %s illegal RCR+ in state %s\n", 2075 ifp->if_xname, cp->name, 2076 sppp_state_name(sp->scp[cp->protoidx].state)); 2077 if_statinc(ifp, if_ierrors); 2078 } 2079 } else { 2080 /* RCR- event */ 2081 switch (sp->scp[cp->protoidx].state) { 2082 case STATE_OPENED: 2083 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2084 cp->tld(sp); 2085 cp->scr(sp); 2086 cp->scan(cp, sp); 2087 break; 2088 case STATE_ACK_SENT: 2089 case STATE_REQ_SENT: 2090 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2091 cp->scan(cp, sp); 2092 break; 2093 case STATE_STOPPED: 2094 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2095 cp->scr(sp); 2096 cp->scan(cp, sp); 2097 break; 2098 case STATE_ACK_RCVD: 2099 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 2100 cp->scan(cp, sp); 2101 break; 2102 case STATE_CLOSING: 2103 case STATE_STOPPING: 2104 if (buf != NULL) { 2105 sp->scp[cp->protoidx].rcr_buf = NULL; 2106 sp->scp[cp->protoidx].rcr_blen = 0; 2107 kmem_free(buf, blen); 2108 } 2109 break; 2110 case STATE_CLOSED: 2111 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2112 sppp_cp_send(sp, cp->proto, TERM_ACK, 2113 sp->scp[cp->protoidx].rconfid, 0, 0); 2114 break; 2115 default: 2116 printf("%s: %s illegal RCR- in state %s\n", 2117 ifp->if_xname, cp->name, 2118 sppp_state_name(sp->scp[cp->protoidx].state)); 2119 if_statinc(ifp, if_ierrors); 2120 } 2121 } 2122 } 2123 2124 static void 2125 sppp_rca_event(struct sppp *sp, void *xcp) 2126 { 2127 const struct cp *cp = xcp; 2128 STDDCL; 2129 2130 switch (sp->scp[cp->protoidx].state) { 2131 case STATE_CLOSED: 2132 case STATE_STOPPED: 2133 sppp_cp_send(sp, cp->proto, TERM_ACK, 2134 sp->scp[cp->protoidx].rconfid, 0, 0); 2135 break; 2136 case STATE_CLOSING: 2137 case STATE_STOPPING: 2138 break; 2139 case STATE_REQ_SENT: 2140 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 2141 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 2142 break; 2143 case STATE_OPENED: 2144 (cp->tld)(sp); 2145 /* fall through */ 2146 case STATE_ACK_RCVD: 2147 (cp->scr)(sp); 2148 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2149 break; 2150 case STATE_ACK_SENT: 2151 sppp_cp_change_state(cp, sp, STATE_OPENED); 2152 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 2153 if (debug) 2154 log(LOG_DEBUG, "%s: %s tlu\n", 2155 ifp->if_xname, cp->name); 2156 (cp->tlu)(sp); 2157 break; 2158 default: 2159 printf("%s: %s illegal RCA in state %s\n", 2160 ifp->if_xname, cp->name, 2161 sppp_state_name(sp->scp[cp->protoidx].state)); 2162 if_statinc(ifp, if_ierrors); 2163 } 2164 } 2165 2166 static void 2167 sppp_rcn_event(struct sppp *sp, void *xcp) 2168 { 2169 const struct cp *cp = xcp; 2170 struct ifnet *ifp = &sp->pp_if; 2171 2172 switch (sp->scp[cp->protoidx].state) { 2173 case STATE_CLOSED: 2174 case STATE_STOPPED: 2175 sppp_cp_send(sp, cp->proto, TERM_ACK, 2176 sp->scp[cp->protoidx].rconfid, 0, 0); 2177 break; 2178 case STATE_REQ_SENT: 2179 case STATE_ACK_SENT: 2180 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 2181 (cp->scr)(sp); 2182 break; 2183 case STATE_OPENED: 2184 (cp->tld)(sp); 2185 /* fall through */ 2186 case STATE_ACK_RCVD: 2187 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2188 (cp->scr)(sp); 2189 break; 2190 case STATE_CLOSING: 2191 case STATE_STOPPING: 2192 break; 2193 default: 2194 printf("%s: %s illegal RCN in state %s\n", 2195 ifp->if_xname, cp->name, 2196 sppp_state_name(sp->scp[cp->protoidx].state)); 2197 if_statinc(ifp, if_ierrors); 2198 } 2199 } 2200 2201 static void 2202 sppp_rtr_event(struct sppp *sp, void *xcp) 2203 { 2204 const struct cp *cp = xcp; 2205 STDDCL; 2206 2207 switch (sp->scp[cp->protoidx].state) { 2208 case STATE_ACK_RCVD: 2209 case STATE_ACK_SENT: 2210 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2211 break; 2212 case STATE_CLOSED: 2213 case STATE_STOPPED: 2214 case STATE_CLOSING: 2215 case STATE_STOPPING: 2216 case STATE_REQ_SENT: 2217 break; 2218 case STATE_OPENED: 2219 (cp->tld)(sp); 2220 sp->scp[cp->protoidx].rst_counter = 0; 2221 sppp_cp_change_state(cp, sp, STATE_STOPPING); 2222 break; 2223 default: 2224 printf("%s: %s illegal RTR in state %s\n", 2225 ifp->if_xname, cp->name, 2226 sppp_state_name(sp->scp[cp->protoidx].state)); 2227 if_statinc(ifp, if_ierrors); 2228 return; 2229 } 2230 2231 /* Send Terminate-Ack packet. */ 2232 if (debug) 2233 log(LOG_DEBUG, "%s: %s send terminate-ack\n", 2234 ifp->if_xname, cp->name); 2235 sppp_cp_send(sp, cp->proto, TERM_ACK, 2236 sp->scp[cp->protoidx].rseq, 0, 0); 2237 } 2238 2239 static void 2240 sppp_rta_event(struct sppp *sp, void *xcp) 2241 { 2242 const struct cp *cp = xcp; 2243 struct ifnet *ifp = &sp->pp_if; 2244 2245 switch (sp->scp[cp->protoidx].state) { 2246 case STATE_CLOSED: 2247 case STATE_STOPPED: 2248 case STATE_REQ_SENT: 2249 case STATE_ACK_SENT: 2250 break; 2251 case STATE_CLOSING: 2252 (cp->tlf)(sp); 2253 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2254 sppp_lcp_check_and_close(sp); 2255 break; 2256 case STATE_STOPPING: 2257 (cp->tlf)(sp); 2258 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2259 sppp_lcp_check_and_close(sp); 2260 break; 2261 case STATE_ACK_RCVD: 2262 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2263 break; 2264 case STATE_OPENED: 2265 (cp->tld)(sp); 2266 (cp->scr)(sp); 2267 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 2268 break; 2269 default: 2270 printf("%s: %s illegal RTA in state %s\n", 2271 ifp->if_xname, cp->name, 2272 sppp_state_name(sp->scp[cp->protoidx].state)); 2273 if_statinc(ifp, if_ierrors); 2274 } 2275 } 2276 2277 static void 2278 sppp_rxj_event(struct sppp *sp, void *xcp) 2279 { 2280 const struct cp *cp = xcp; 2281 struct ifnet *ifp = &sp->pp_if; 2282 2283 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 2284 switch (sp->scp[cp->protoidx].state) { 2285 case STATE_CLOSED: 2286 case STATE_STOPPED: 2287 case STATE_REQ_SENT: 2288 case STATE_ACK_SENT: 2289 case STATE_CLOSING: 2290 case STATE_STOPPING: 2291 case STATE_OPENED: 2292 break; 2293 case STATE_ACK_RCVD: 2294 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2295 break; 2296 default: 2297 printf("%s: %s illegal RXJ- in state %s\n", 2298 ifp->if_xname, cp->name, 2299 sppp_state_name(sp->scp[cp->protoidx].state)); 2300 if_statinc(ifp, if_ierrors); 2301 } 2302 } 2303 2304 /* 2305 * Change the state of a control protocol in the state automaton. 2306 * Takes care of starting/stopping the restart timer. 2307 */ 2308 void 2309 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2310 { 2311 2312 KASSERT(SPPP_WLOCKED(sp)); 2313 2314 sp->scp[cp->protoidx].state = newstate; 2315 callout_stop(&sp->scp[cp->protoidx].ch); 2316 switch (newstate) { 2317 case STATE_INITIAL: 2318 case STATE_STARTING: 2319 case STATE_CLOSED: 2320 case STATE_STOPPED: 2321 case STATE_OPENED: 2322 break; 2323 case STATE_CLOSING: 2324 case STATE_STOPPING: 2325 case STATE_REQ_SENT: 2326 case STATE_ACK_RCVD: 2327 case STATE_ACK_SENT: 2328 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 2329 break; 2330 } 2331 } 2332 2333 /* 2334 *--------------------------------------------------------------------------* 2335 * * 2336 * The LCP implementation. * 2337 * * 2338 *--------------------------------------------------------------------------* 2339 */ 2340 static void 2341 sppp_lcp_init(struct sppp *sp) 2342 { 2343 2344 KASSERT(SPPP_WLOCKED(sp)); 2345 2346 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2347 sp->lcp.magic = 0; 2348 sp->scp[IDX_LCP].state = STATE_INITIAL; 2349 sp->scp[IDX_LCP].fail_counter = 0; 2350 sp->scp[IDX_LCP].seq = 0; 2351 sp->scp[IDX_LCP].rseq = 0; 2352 sp->lcp.protos = 0; 2353 2354 /* 2355 * Initialize counters and timeout values. Note that we don't 2356 * use the 3 seconds suggested in RFC 1661 since we are likely 2357 * running on a fast link. XXX We should probably implement 2358 * the exponential backoff option. Note that these values are 2359 * relevant for all control protocols, not just LCP only. 2360 */ 2361 sp->lcp.timeout = 1 * hz; 2362 sp->lcp.max_terminate = 2; 2363 sp->lcp.max_configure = 10; 2364 sp->lcp.max_failure = 10; 2365 sppp_cp_init(&lcp, sp); 2366 } 2367 2368 static void 2369 sppp_lcp_up(struct sppp *sp, void *xcp) 2370 { 2371 const struct cp *cp = xcp; 2372 int pidx; 2373 STDDCL; 2374 2375 KASSERT(SPPP_WLOCKED(sp)); 2376 2377 pidx = cp->protoidx; 2378 /* Initialize activity timestamp: opening a connection is an activity */ 2379 sp->pp_last_receive = sp->pp_last_activity = time_uptime; 2380 2381 /* 2382 * If this interface is passive or dial-on-demand, and we are 2383 * still in Initial state, it means we've got an incoming 2384 * call. Activate the interface. 2385 */ 2386 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2387 if (debug) 2388 log(LOG_DEBUG, 2389 "%s: Up event", ifp->if_xname); 2390 ifp->if_flags |= IFF_RUNNING; 2391 if (sp->scp[pidx].state == STATE_INITIAL) { 2392 if (debug) 2393 addlog("(incoming call)\n"); 2394 sp->pp_flags |= PP_CALLIN; 2395 sppp_wq_add(sp->wq_cp, &sp->scp[pidx].work_open); 2396 } else if (debug) 2397 addlog("\n"); 2398 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2399 (sp->scp[IDX_LCP].state == STATE_INITIAL)) { 2400 ifp->if_flags |= IFF_RUNNING; 2401 sppp_wq_add(sp->wq_cp, &sp->scp[pidx].work_open); 2402 } 2403 2404 sppp_up_event(sp, xcp); 2405 } 2406 2407 static void 2408 sppp_lcp_down(struct sppp *sp, void *xcp) 2409 { 2410 STDDCL; 2411 2412 KASSERT(SPPP_WLOCKED(sp)); 2413 2414 sppp_down_event(sp, xcp); 2415 2416 /* 2417 * If this is neither a dial-on-demand nor a passive 2418 * interface, simulate an ``ifconfig down'' action, so the 2419 * administrator can force a redial by another ``ifconfig 2420 * up''. XXX For leased line operation, should we immediately 2421 * try to reopen the connection here? 2422 */ 2423 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2424 if (debug) 2425 log(LOG_INFO, 2426 "%s: Down event (carrier loss), taking interface down.\n", 2427 ifp->if_xname); 2428 SPPP_UNLOCK(sp); 2429 if_down(ifp); 2430 SPPP_LOCK(sp, RW_WRITER); 2431 2432 if (sp->lcp.reestablish) 2433 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); 2434 } else { 2435 if (debug) 2436 log(LOG_DEBUG, 2437 "%s: Down event (carrier loss)\n", 2438 ifp->if_xname); 2439 } 2440 sp->scp[IDX_LCP].fail_counter = 0; 2441 sp->pp_flags &= ~PP_CALLIN; 2442 if (sp->scp[IDX_LCP].state != STATE_INITIAL) 2443 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 2444 ifp->if_flags &= ~IFF_RUNNING; 2445 2446 } 2447 2448 static void 2449 sppp_lcp_open(struct sppp *sp, void *xcp) 2450 { 2451 2452 KASSERT(SPPP_WLOCKED(sp)); 2453 2454 sp->lcp.reestablish = false; 2455 2456 if (sp->pp_if.if_mtu < PP_MTU) { 2457 sp->lcp.mru = sp->pp_if.if_mtu; 2458 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2459 } else 2460 sp->lcp.mru = PP_MTU; 2461 sp->lcp.their_mru = PP_MTU; 2462 2463 /* 2464 * If we are authenticator, negotiate LCP_AUTH 2465 */ 2466 if (sp->hisauth.proto != 0) 2467 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2468 else 2469 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2470 sp->pp_flags &= ~PP_NEEDAUTH; 2471 sppp_open_event(sp, xcp); 2472 } 2473 2474 static void 2475 sppp_lcp_close(struct sppp *sp, void *xcp) 2476 { 2477 2478 KASSERT(SPPP_WLOCKED(sp)); 2479 sppp_close_event(sp, xcp); 2480 } 2481 2482 static void 2483 sppp_lcp_TO(struct sppp *sp, void *xcp) 2484 { 2485 2486 sppp_to_event(sp, xcp); 2487 } 2488 2489 /* 2490 * Analyze a configure request. Return true if it was agreeable, and 2491 * caused action sca, false if it has been rejected or nak'ed, and 2492 * caused action scn. (The return value is used to make the state 2493 * transition decision in the state automaton.) 2494 */ 2495 static int 2496 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int origlen) 2497 { 2498 STDDCL; 2499 u_char *buf, *r, *p, l, blen, type; 2500 int len, rlen; 2501 uint32_t nmagic; 2502 u_short authproto; 2503 2504 KASSERT(SPPP_WLOCKED(sp)); 2505 2506 if (origlen < sizeof(*h)) 2507 return 0; 2508 2509 origlen -= sizeof(*h); 2510 type = 0; 2511 2512 if (origlen <= 0) 2513 return 0; 2514 else 2515 blen = origlen; 2516 2517 buf = kmem_intr_alloc(blen, KM_NOSLEEP); 2518 if (buf == NULL) 2519 return 0; 2520 2521 if (debug) 2522 log(LOG_DEBUG, "%s: lcp parse opts:", 2523 ifp->if_xname); 2524 2525 /* pass 1: check for things that need to be rejected */ 2526 p = (void *)(h + 1); 2527 r = buf; 2528 rlen = 0; 2529 for (len = origlen; len > 1; len-= l, p += l) { 2530 l = p[1]; 2531 if (l == 0) 2532 break; 2533 2534 /* Sanity check option length */ 2535 if (l > len) { 2536 /* 2537 * Malicious option - drop immediately. 2538 * XXX Maybe we should just RXJ it? 2539 */ 2540 addlog("%s: received malicious LCP option 0x%02x, " 2541 "length 0x%02x, (len: 0x%02x) dropping.\n", ifp->if_xname, 2542 p[0], l, len); 2543 rlen = -1; 2544 goto end; 2545 } 2546 if (debug) 2547 addlog(" %s", sppp_lcp_opt_name(*p)); 2548 switch (p[0]) { 2549 case LCP_OPT_MAGIC: 2550 /* Magic number. */ 2551 /* fall through, both are same length */ 2552 case LCP_OPT_ASYNC_MAP: 2553 /* Async control character map. */ 2554 if (len >= 6 || l == 6) 2555 continue; 2556 if (debug) 2557 addlog(" [invalid]"); 2558 break; 2559 case LCP_OPT_MP_EID: 2560 if (len >= l && l >= 3) { 2561 switch (p[2]) { 2562 case 0: if (l==3+ 0) continue;break; 2563 case 2: if (l==3+ 4) continue;break; 2564 case 3: if (l==3+ 6) continue;break; 2565 case 6: if (l==3+16) continue;break; 2566 case 1: /* FALLTHROUGH */ 2567 case 4: if (l<=3+20) continue;break; 2568 case 5: if (l<=3+15) continue;break; 2569 /* XXX should it be default: continue;? */ 2570 } 2571 } 2572 if (debug) 2573 addlog(" [invalid class %d len %d]", p[2], l); 2574 break; 2575 case LCP_OPT_MP_SSNHF: 2576 if (len >= 2 && l == 2) { 2577 if (debug) 2578 addlog(" [rej]"); 2579 break; 2580 } 2581 if (debug) 2582 addlog(" [invalid]"); 2583 break; 2584 case LCP_OPT_MP_MRRU: 2585 /* Multilink maximum received reconstructed unit */ 2586 /* should be fall through, both are same length */ 2587 /* FALLTHROUGH */ 2588 case LCP_OPT_MRU: 2589 /* Maximum receive unit. */ 2590 if (len >= 4 && l == 4) 2591 continue; 2592 if (debug) 2593 addlog(" [invalid]"); 2594 break; 2595 case LCP_OPT_AUTH_PROTO: 2596 if (len < 4) { 2597 if (debug) 2598 addlog(" [invalid]"); 2599 break; 2600 } 2601 authproto = (p[2] << 8) + p[3]; 2602 if (authproto == PPP_CHAP && l != 5) { 2603 if (debug) 2604 addlog(" [invalid chap len]"); 2605 break; 2606 } 2607 if (sp->myauth.proto == 0) { 2608 /* we are not configured to do auth */ 2609 if (debug) 2610 addlog(" [not configured]"); 2611 break; 2612 } 2613 /* 2614 * Remote want us to authenticate, remember this, 2615 * so we stay in SPPP_PHASE_AUTHENTICATE after LCP got 2616 * up. 2617 */ 2618 sp->pp_flags |= PP_NEEDAUTH; 2619 continue; 2620 default: 2621 /* Others not supported. */ 2622 if (debug) 2623 addlog(" [rej]"); 2624 break; 2625 } 2626 if (rlen + l > blen) { 2627 if (debug) 2628 addlog(" [overflow]"); 2629 continue; 2630 } 2631 /* Add the option to rejected list. */ 2632 memcpy(r, p, l); 2633 r += l; 2634 rlen += l; 2635 } 2636 2637 if (rlen > 0) { 2638 type = CONF_REJ; 2639 goto end; 2640 } 2641 2642 if (debug) 2643 addlog("\n"); 2644 2645 /* 2646 * pass 2: check for option values that are unacceptable and 2647 * thus require to be nak'ed. 2648 */ 2649 if (debug) 2650 log(LOG_DEBUG, "%s: lcp parse opt values: ", 2651 ifp->if_xname); 2652 2653 p = (void *)(h + 1); 2654 r = buf; 2655 rlen = 0; 2656 for (len = origlen; len > 0; len -= l, p += l) { 2657 l = p[1]; 2658 if (l == 0) 2659 break; 2660 2661 if (debug) 2662 addlog(" %s", sppp_lcp_opt_name(*p)); 2663 switch (p[0]) { 2664 case LCP_OPT_MAGIC: 2665 /* Magic number -- extract. */ 2666 nmagic = (uint32_t)p[2] << 24 | 2667 (uint32_t)p[3] << 16 | p[4] << 8 | p[5]; 2668 if (nmagic != sp->lcp.magic) { 2669 if (debug) 2670 addlog(" 0x%x", nmagic); 2671 continue; 2672 } 2673 /* 2674 * Local and remote magics equal -- loopback? 2675 */ 2676 if (sp->pp_loopcnt >= LOOPALIVECNT*5) { 2677 printf ("%s: loopback\n", 2678 ifp->if_xname); 2679 sp->pp_loopcnt = 0; 2680 if (ifp->if_flags & IFF_UP) { 2681 SPPP_UNLOCK(sp); 2682 if_down(ifp); 2683 SPPP_LOCK(sp, RW_WRITER); 2684 2685 IF_PURGE(&sp->pp_cpq); 2686 /* XXX ? */ 2687 sppp_wq_add(sp->wq_cp, 2688 &sp->scp[IDX_LCP].work_down); 2689 sppp_wq_add(sp->wq_cp, 2690 &sp->scp[IDX_LCP].work_up); 2691 } 2692 } else if (debug) 2693 addlog(" [glitch]"); 2694 ++sp->pp_loopcnt; 2695 /* 2696 * We negate our magic here, and NAK it. If 2697 * we see it later in an NAK packet, we 2698 * suggest a new one. 2699 */ 2700 nmagic = ~sp->lcp.magic; 2701 /* Gonna NAK it. */ 2702 p[2] = nmagic >> 24; 2703 p[3] = nmagic >> 16; 2704 p[4] = nmagic >> 8; 2705 p[5] = nmagic; 2706 break; 2707 2708 case LCP_OPT_ASYNC_MAP: 2709 /* 2710 * Async control character map -- just ignore it. 2711 * 2712 * Quote from RFC 1662, chapter 6: 2713 * To enable this functionality, synchronous PPP 2714 * implementations MUST always respond to the 2715 * Async-Control-Character-Map Configuration 2716 * Option with the LCP Configure-Ack. However, 2717 * acceptance of the Configuration Option does 2718 * not imply that the synchronous implementation 2719 * will do any ACCM mapping. Instead, all such 2720 * octet mapping will be performed by the 2721 * asynchronous-to-synchronous converter. 2722 */ 2723 continue; 2724 2725 case LCP_OPT_MRU: 2726 /* 2727 * Maximum receive unit. Always agreeable, 2728 * but ignored by now. 2729 */ 2730 sp->lcp.their_mru = p[2] * 256 + p[3]; 2731 if (debug) 2732 addlog(" %ld", sp->lcp.their_mru); 2733 continue; 2734 2735 case LCP_OPT_AUTH_PROTO: 2736 authproto = (p[2] << 8) + p[3]; 2737 if (sp->myauth.proto != authproto) { 2738 /* not agreed, nak */ 2739 if (debug) 2740 addlog(" [mine %s != his %s]", 2741 sppp_proto_name(sp->myauth.proto), 2742 sppp_proto_name(authproto)); 2743 p[2] = sp->myauth.proto >> 8; 2744 p[3] = sp->myauth.proto; 2745 break; 2746 } 2747 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2748 if (debug) 2749 addlog(" [chap not MD5]"); 2750 p[4] = CHAP_MD5; 2751 break; 2752 } 2753 continue; 2754 case LCP_OPT_MP_EID: 2755 /* 2756 * Endpoint identification. 2757 * Always agreeable, 2758 * but ignored by now. 2759 */ 2760 if (debug) { 2761 addlog(" type %d", p[2]); 2762 sppp_print_bytes(p+3, p[1]-3); 2763 } 2764 continue; 2765 case LCP_OPT_MP_MRRU: 2766 /* 2767 * Maximum received reconstructed unit. 2768 * Always agreeable, 2769 * but ignored by now. 2770 */ 2771 sp->lcp.their_mrru = p[2] * 256 + p[3]; 2772 if (debug) 2773 addlog(" %ld", sp->lcp.their_mrru); 2774 continue; 2775 } 2776 if (rlen + l > blen) { 2777 if (debug) 2778 addlog(" [overflow]"); 2779 continue; 2780 } 2781 /* Add the option to nak'ed list. */ 2782 memcpy(r, p, l); 2783 r += l; 2784 rlen += l; 2785 } 2786 2787 if (rlen > 0) { 2788 if (++sp->scp[IDX_LCP].fail_counter >= sp->lcp.max_failure) { 2789 if (debug) 2790 addlog(" max_failure (%d) exceeded, ", 2791 sp->lcp.max_failure); 2792 type = CONF_REJ; 2793 } else { 2794 type = CONF_NAK; 2795 } 2796 } else { 2797 type = CONF_ACK; 2798 rlen = origlen; 2799 memcpy(r, h + 1, rlen); 2800 sp->scp[IDX_LCP].fail_counter = 0; 2801 sp->pp_loopcnt = 0; 2802 } 2803 2804 end: 2805 if (debug) 2806 addlog("\n"); 2807 2808 if (sp->scp[IDX_LCP].rcr_buf != NULL) { 2809 kmem_intr_free(sp->scp[IDX_LCP].rcr_buf, 2810 sp->scp[IDX_LCP].rcr_blen); 2811 } 2812 2813 if (rlen < 0) { 2814 kmem_intr_free(buf, blen); 2815 sp->scp[IDX_IPCP].rcr_buf = NULL; 2816 sp->scp[IDX_IPCP].rcr_rlen = 0; 2817 return -1; 2818 } 2819 2820 sp->scp[IDX_LCP].rcr_type = type; 2821 sp->scp[IDX_LCP].rcr_buf = buf; 2822 sp->scp[IDX_LCP].rcr_blen = blen; 2823 sp->scp[IDX_LCP].rcr_rlen = rlen; 2824 2825 if (type != CONF_ACK) 2826 return 0; 2827 return 1; 2828 } 2829 2830 /* 2831 * Analyze the LCP Configure-Reject option list, and adjust our 2832 * negotiation. 2833 */ 2834 static void 2835 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2836 { 2837 STDDCL; 2838 u_char *p, l; 2839 2840 KASSERT(SPPP_WLOCKED(sp)); 2841 2842 if (len <= sizeof(*h)) 2843 return; 2844 2845 len -= sizeof(*h); 2846 2847 if (debug) 2848 log(LOG_DEBUG, "%s: lcp rej opts:", 2849 ifp->if_xname); 2850 2851 p = (void *)(h + 1); 2852 for (; len > 1 && (l = p[1]) != 0; len -= l, p += l) { 2853 /* Sanity check option length */ 2854 if (l > len) { 2855 /* 2856 * Malicious option - drop immediately. 2857 * XXX Maybe we should just RXJ it? 2858 */ 2859 addlog("%s: received malicious LCP option, " 2860 "dropping.\n", ifp->if_xname); 2861 goto end; 2862 } 2863 if (debug) 2864 addlog(" %s", sppp_lcp_opt_name(*p)); 2865 switch (p[0]) { 2866 case LCP_OPT_MAGIC: 2867 /* Magic number -- can't use it, use 0 */ 2868 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2869 sp->lcp.magic = 0; 2870 break; 2871 case LCP_OPT_MRU: 2872 /* 2873 * We try to negotiate a lower MRU if the underlying 2874 * link's MTU is less than PP_MTU (e.g. PPPoE). If the 2875 * peer rejects this lower rate, fallback to the 2876 * default. 2877 */ 2878 if (debug) { 2879 addlog("%s: warning: peer rejected our MRU of " 2880 "%ld bytes. Defaulting to %d bytes\n", 2881 ifp->if_xname, sp->lcp.mru, PP_MTU); 2882 } 2883 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2884 sp->lcp.mru = PP_MTU; 2885 break; 2886 case LCP_OPT_AUTH_PROTO: 2887 /* 2888 * Peer doesn't want to authenticate himself, 2889 * deny unless this is a dialout call, and 2890 * SPPP_AUTHFLAG_NOCALLOUT is set. 2891 */ 2892 if ((sp->pp_flags & PP_CALLIN) == 0 && 2893 (sp->hisauth.flags & SPPP_AUTHFLAG_NOCALLOUT) != 0) { 2894 if (debug) 2895 addlog(" [don't insist on auth " 2896 "for callout]"); 2897 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2898 break; 2899 } 2900 if (debug) 2901 addlog("[access denied]\n"); 2902 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 2903 break; 2904 } 2905 } 2906 if (debug) 2907 addlog("\n"); 2908 end: 2909 return; 2910 } 2911 2912 /* 2913 * Analyze the LCP Configure-NAK option list, and adjust our 2914 * negotiation. 2915 */ 2916 static void 2917 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2918 { 2919 STDDCL; 2920 u_char *p, l; 2921 uint32_t magic; 2922 2923 KASSERT(SPPP_WLOCKED(sp)); 2924 2925 if (len <= sizeof(*h)) 2926 return; 2927 len -= sizeof(*h); 2928 2929 if (debug) 2930 log(LOG_DEBUG, "%s: lcp nak opts:", 2931 ifp->if_xname); 2932 2933 p = (void *)(h + 1); 2934 for (; len > 1 && (l = p[1]) != 0; len -= l, p += l) { 2935 /* Sanity check option length */ 2936 if (l > len) { 2937 /* 2938 * Malicious option - drop immediately. 2939 * XXX Maybe we should just RXJ it? 2940 */ 2941 addlog("%s: received malicious LCP option, " 2942 "dropping.\n", ifp->if_xname); 2943 goto end; 2944 } 2945 if (debug) 2946 addlog(" %s", sppp_lcp_opt_name(*p)); 2947 switch (p[0]) { 2948 case LCP_OPT_MAGIC: 2949 /* Magic number -- renegotiate */ 2950 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2951 len >= 6 && l == 6) { 2952 magic = (uint32_t)p[2] << 24 | 2953 (uint32_t)p[3] << 16 | p[4] << 8 | p[5]; 2954 /* 2955 * If the remote magic is our negated one, 2956 * this looks like a loopback problem. 2957 * Suggest a new magic to make sure. 2958 */ 2959 if (magic == ~sp->lcp.magic) { 2960 if (debug) 2961 addlog(" magic glitch"); 2962 sp->lcp.magic = cprng_fast32(); 2963 } else { 2964 sp->lcp.magic = magic; 2965 if (debug) 2966 addlog(" %d", magic); 2967 } 2968 } 2969 break; 2970 case LCP_OPT_MRU: 2971 /* 2972 * Peer wants to advise us to negotiate an MRU. 2973 * Agree on it if it's reasonable, or use 2974 * default otherwise. 2975 */ 2976 if (len >= 4 && l == 4) { 2977 u_int mru = p[2] * 256 + p[3]; 2978 if (debug) 2979 addlog(" %d", mru); 2980 if (mru < PPP_MINMRU || mru > sp->pp_if.if_mtu) 2981 mru = sp->pp_if.if_mtu; 2982 sp->lcp.mru = mru; 2983 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2984 } 2985 break; 2986 case LCP_OPT_AUTH_PROTO: 2987 /* 2988 * Peer doesn't like our authentication method, 2989 * deny. 2990 */ 2991 if (debug) 2992 addlog("[access denied]\n"); 2993 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 2994 break; 2995 } 2996 } 2997 if (debug) 2998 addlog("\n"); 2999 end: 3000 return; 3001 } 3002 3003 static void 3004 sppp_lcp_tlu(struct sppp *sp) 3005 { 3006 struct ifnet *ifp = &sp->pp_if; 3007 int i; 3008 uint32_t mask; 3009 3010 KASSERT(SPPP_WLOCKED(sp)); 3011 3012 /* XXX ? */ 3013 if (! (ifp->if_flags & IFF_UP) && 3014 (ifp->if_flags & IFF_RUNNING)) { 3015 /* Coming out of loopback mode. */ 3016 SPPP_UNLOCK(sp); 3017 if_up(ifp); 3018 SPPP_LOCK(sp, RW_WRITER); 3019 } 3020 3021 for (i = 0; i < IDX_COUNT; i++) 3022 if ((cps[i])->flags & CP_QUAL) { 3023 (cps[i])->Open(sp, __UNCONST(&cps[i])); 3024 } 3025 3026 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 3027 (sp->pp_flags & PP_NEEDAUTH) != 0) 3028 sppp_change_phase(sp, SPPP_PHASE_AUTHENTICATE); 3029 else 3030 sppp_change_phase(sp, SPPP_PHASE_NETWORK); 3031 3032 /* 3033 * Open all authentication protocols. This is even required 3034 * if we already proceeded to network phase, since it might be 3035 * that remote wants us to authenticate, so we might have to 3036 * send a PAP request. Undesired authentication protocols 3037 * don't do anything when they get an Open event. 3038 */ 3039 for (i = 0; i < IDX_COUNT; i++) 3040 if ((cps[i])->flags & CP_AUTH) 3041 (cps[i])->Open(sp, __UNCONST(&cps[i])); 3042 3043 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 3044 /* Notify all NCPs. */ 3045 for (i = 0; i < IDX_COUNT; i++) 3046 if ((cps[i])->flags & CP_NCP) 3047 (cps[i])->Open(sp, __UNCONST(&cps[i])); 3048 } 3049 3050 /* Send Up events to all started protos. */ 3051 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) { 3052 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 3053 (cps[i])->Up(sp, __UNCONST(&cps[i])); 3054 } 3055 } 3056 3057 /* notify low-level driver of state change */ 3058 sppp_notify_chg_wlocked(sp); 3059 3060 if (sp->pp_phase == SPPP_PHASE_NETWORK) 3061 /* if no NCP is starting, close down */ 3062 sppp_lcp_check_and_close(sp); 3063 } 3064 3065 static void 3066 sppp_lcp_tld(struct sppp *sp) 3067 { 3068 int i; 3069 uint32_t mask; 3070 3071 KASSERT(SPPP_WLOCKED(sp)); 3072 3073 sppp_change_phase(sp, SPPP_PHASE_TERMINATE); 3074 3075 /* 3076 * Take upper layers down. We send the Down event first and 3077 * the Close second to prevent the upper layers from sending 3078 * ``a flurry of terminate-request packets'', as the RFC 3079 * describes it. 3080 */ 3081 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) { 3082 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 3083 (cps[i])->Down(sp, __UNCONST(&cps[i])); 3084 (cps[i])->Close(sp,__UNCONST(&cps[i])); 3085 } 3086 } 3087 } 3088 3089 static void 3090 sppp_lcp_tls(struct sppp *sp) 3091 { 3092 3093 KASSERT(SPPP_WLOCKED(sp)); 3094 3095 3096 if (sp->pp_max_auth_fail != 0 && sp->pp_auth_failures >= sp->pp_max_auth_fail) { 3097 printf("%s: authentication failed %d times, not retrying again\n", 3098 sp->pp_if.if_xname, sp->pp_auth_failures); 3099 3100 SPPP_UNLOCK(sp); 3101 if_down(&sp->pp_if); 3102 SPPP_LOCK(sp, RW_WRITER); 3103 return; 3104 } 3105 3106 sppp_change_phase(sp, SPPP_PHASE_ESTABLISH); 3107 3108 /* Notify lower layer if desired. */ 3109 sppp_notify_tls_wlocked(sp); 3110 } 3111 3112 static void 3113 sppp_lcp_tlf(struct sppp *sp) 3114 { 3115 3116 KASSERT(SPPP_WLOCKED(sp)); 3117 3118 sppp_change_phase(sp, SPPP_PHASE_DEAD); 3119 3120 /* Notify lower layer if desired. */ 3121 sppp_notify_tlf_wlocked(sp); 3122 } 3123 3124 static void 3125 sppp_lcp_scr(struct sppp *sp) 3126 { 3127 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 3128 int i = 0; 3129 u_short authproto; 3130 3131 KASSERT(SPPP_WLOCKED(sp)); 3132 3133 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 3134 if (! sp->lcp.magic) 3135 sp->lcp.magic = cprng_fast32(); 3136 opt[i++] = LCP_OPT_MAGIC; 3137 opt[i++] = 6; 3138 opt[i++] = sp->lcp.magic >> 24; 3139 opt[i++] = sp->lcp.magic >> 16; 3140 opt[i++] = sp->lcp.magic >> 8; 3141 opt[i++] = sp->lcp.magic; 3142 } 3143 3144 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 3145 opt[i++] = LCP_OPT_MRU; 3146 opt[i++] = 4; 3147 opt[i++] = sp->lcp.mru >> 8; 3148 opt[i++] = sp->lcp.mru; 3149 } 3150 3151 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 3152 authproto = sp->hisauth.proto; 3153 opt[i++] = LCP_OPT_AUTH_PROTO; 3154 opt[i++] = authproto == PPP_CHAP? 5: 4; 3155 opt[i++] = authproto >> 8; 3156 opt[i++] = authproto; 3157 if (authproto == PPP_CHAP) 3158 opt[i++] = CHAP_MD5; 3159 } 3160 3161 sp->scp[IDX_LCP].confid = ++sp->scp[IDX_LCP].seq; 3162 sppp_cp_send(sp, PPP_LCP, CONF_REQ, sp->scp[IDX_LCP].confid, i, &opt); 3163 } 3164 3165 /* 3166 * Check the open NCPs, return true if at least one NCP is open. 3167 */ 3168 static int 3169 sppp_ncp_check(struct sppp *sp) 3170 { 3171 int i, mask; 3172 3173 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 3174 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 3175 return 1; 3176 return 0; 3177 } 3178 3179 /* 3180 * Re-check the open NCPs and see if we should terminate the link. 3181 * Called by the NCPs during their tlf action handling. 3182 */ 3183 static void 3184 sppp_lcp_check_and_close(struct sppp *sp) 3185 { 3186 3187 KASSERT(SPPP_WLOCKED(sp)); 3188 3189 if (sp->pp_phase < SPPP_PHASE_NETWORK) 3190 /* don't bother, we are already going down */ 3191 return; 3192 3193 if (sppp_ncp_check(sp)) 3194 return; 3195 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 3196 } 3197 3198 3199 /* 3200 *--------------------------------------------------------------------------* 3201 * * 3202 * The IPCP implementation. * 3203 * * 3204 *--------------------------------------------------------------------------* 3205 */ 3206 3207 static void 3208 sppp_ipcp_init(struct sppp *sp) 3209 { 3210 int error; 3211 3212 KASSERT(SPPP_WLOCKED(sp)); 3213 3214 sp->ipcp.opts = 0; 3215 sp->ipcp.flags = 0; 3216 sp->scp[IDX_IPCP].state = STATE_INITIAL; 3217 sp->scp[IDX_IPCP].fail_counter = 0; 3218 sp->scp[IDX_IPCP].seq = 0; 3219 sp->scp[IDX_IPCP].rseq = 0; 3220 sppp_cp_init(&ipcp, sp); 3221 3222 error = workqueue_create(&sp->ipcp.update_addrs_wq, "ipcp_addr", 3223 sppp_update_ip_addrs_work, sp, PRI_SOFTNET, IPL_NET, 0); 3224 if (error) 3225 panic("%s: update_addrs workqueue_create failed (%d)\n", 3226 __func__, error); 3227 sp->ipcp.update_addrs_q = pcq_create(IPCP_UPDATE_LIMIT, KM_SLEEP); 3228 3229 sp->ipcp.update_addrs_enqueued = 0; 3230 } 3231 3232 static void 3233 sppp_ipcp_up(struct sppp *sp, void *xcp) 3234 { 3235 KASSERT(SPPP_WLOCKED(sp)); 3236 sppp_up_event(sp, xcp); 3237 } 3238 3239 static void 3240 sppp_ipcp_down(struct sppp *sp, void *xcp) 3241 { 3242 KASSERT(SPPP_WLOCKED(sp)); 3243 sppp_down_event(sp, xcp); 3244 } 3245 3246 static void 3247 sppp_ipcp_open(struct sppp *sp, void *xcp) 3248 { 3249 STDDCL; 3250 uint32_t myaddr, hisaddr; 3251 3252 KASSERT(SPPP_WLOCKED(sp)); 3253 3254 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN|IPCP_HISADDR_DYN); 3255 sp->ipcp.req_myaddr = 0; 3256 sp->ipcp.req_hisaddr = 0; 3257 memset(&sp->dns_addrs, 0, sizeof sp->dns_addrs); 3258 3259 #ifdef INET 3260 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 3261 #else 3262 myaddr = hisaddr = 0; 3263 #endif 3264 /* 3265 * If we don't have his address, this probably means our 3266 * interface doesn't want to talk IP at all. (This could 3267 * be the case if somebody wants to speak only IPX, for 3268 * example.) Don't open IPCP in this case. 3269 */ 3270 if (hisaddr == 0) { 3271 /* XXX this message should go away */ 3272 if (debug) 3273 log(LOG_DEBUG, "%s: ipcp_open(): no IP interface\n", 3274 ifp->if_xname); 3275 return; 3276 } 3277 3278 if (myaddr == 0) { 3279 /* 3280 * I don't have an assigned address, so i need to 3281 * negotiate my address. 3282 */ 3283 sp->ipcp.flags |= IPCP_MYADDR_DYN; 3284 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3285 } 3286 if (hisaddr == 1) { 3287 /* 3288 * XXX - remove this hack! 3289 * remote has no valid address, we need to get one assigned. 3290 */ 3291 sp->ipcp.flags |= IPCP_HISADDR_DYN; 3292 } 3293 sppp_open_event(sp, xcp); 3294 } 3295 3296 static void 3297 sppp_ipcp_close(struct sppp *sp, void *xcp) 3298 { 3299 3300 KASSERT(SPPP_WLOCKED(sp)); 3301 3302 sppp_close_event(sp, xcp); 3303 3304 #ifdef INET 3305 if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN)) 3306 /* 3307 * Some address was dynamic, clear it again. 3308 */ 3309 sppp_clear_ip_addrs(sp); 3310 #endif 3311 } 3312 3313 static void 3314 sppp_ipcp_TO(struct sppp *sp, void *xcp) 3315 { 3316 3317 sppp_to_event(sp, xcp); 3318 } 3319 3320 /* 3321 * Analyze a configure request. Return true if it was agreeable, and 3322 * caused action sca, false if it has been rejected or nak'ed, and 3323 * caused action scn. (The return value is used to make the state 3324 * transition decision in the state automaton.) 3325 */ 3326 static int 3327 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int origlen) 3328 { 3329 u_char *buf, *r, *p, l, blen, type; 3330 struct ifnet *ifp = &sp->pp_if; 3331 int rlen, len, debug = ifp->if_flags & IFF_DEBUG; 3332 uint32_t hisaddr, desiredaddr; 3333 3334 KASSERT(SPPP_WLOCKED(sp)); 3335 3336 if (origlen < sizeof(*h)) 3337 return 0; 3338 3339 origlen -= sizeof(*h); 3340 type = 0; 3341 3342 /* 3343 * Make sure to allocate a buf that can at least hold a 3344 * conf-nak with an `address' option. We might need it below. 3345 */ 3346 blen = MAX(6, origlen); 3347 3348 buf = kmem_intr_alloc(blen, KM_NOSLEEP); 3349 if (buf == NULL) 3350 return 0; 3351 3352 /* pass 1: see if we can recognize them */ 3353 if (debug) 3354 log(LOG_DEBUG, "%s: ipcp parse opts:", 3355 ifp->if_xname); 3356 p = (void *)(h + 1); 3357 r = buf; 3358 rlen = 0; 3359 for (len = origlen; len > 1; len -= l, p += l) { 3360 l = p[1]; 3361 if (l == 0) 3362 break; 3363 3364 /* Sanity check option length */ 3365 if (l > len) { 3366 /* XXX should we just RXJ? */ 3367 addlog("%s: malicious IPCP option received, dropping\n", 3368 ifp->if_xname); 3369 rlen = -1; 3370 goto end; 3371 } 3372 if (debug) 3373 addlog(" %s", sppp_ipcp_opt_name(*p)); 3374 switch (p[0]) { 3375 #ifdef notyet 3376 case IPCP_OPT_COMPRESSION: 3377 if (len >= 6 && l >= 6) { 3378 /* correctly formed compress option */ 3379 continue; 3380 } 3381 if (debug) 3382 addlog(" [invalid]"); 3383 break; 3384 #endif 3385 case IPCP_OPT_ADDRESS: 3386 if (len >= 6 && l == 6) { 3387 /* correctly formed address option */ 3388 continue; 3389 } 3390 if (debug) 3391 addlog(" [invalid]"); 3392 break; 3393 default: 3394 /* Others not supported. */ 3395 if (debug) 3396 addlog(" [rej]"); 3397 break; 3398 } 3399 /* Add the option to rejected list. */ 3400 if (rlen + l > blen) { 3401 if (debug) 3402 addlog(" [overflow]"); 3403 continue; 3404 } 3405 memcpy(r, p, l); 3406 r += l; 3407 rlen += l; 3408 } 3409 3410 if (rlen > 0) { 3411 type = CONF_REJ; 3412 goto end; 3413 } 3414 3415 if (debug) 3416 addlog("\n"); 3417 3418 /* pass 2: parse option values */ 3419 if (sp->ipcp.flags & IPCP_HISADDR_SEEN) 3420 hisaddr = sp->ipcp.req_hisaddr; /* we already aggreed on that */ 3421 else 3422 #ifdef INET 3423 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */ 3424 #else 3425 hisaddr = 0; 3426 #endif 3427 if (debug) 3428 log(LOG_DEBUG, "%s: ipcp parse opt values: ", 3429 ifp->if_xname); 3430 p = (void *)(h + 1); 3431 r = buf; 3432 rlen = 0; 3433 for (len = origlen; len > 1; len -= l, p += l) { 3434 l = p[1]; 3435 if (l == 0) 3436 break; 3437 3438 if (debug) 3439 addlog(" %s", sppp_ipcp_opt_name(*p)); 3440 switch (p[0]) { 3441 #ifdef notyet 3442 case IPCP_OPT_COMPRESSION: 3443 continue; 3444 #endif 3445 case IPCP_OPT_ADDRESS: 3446 desiredaddr = p[2] << 24 | p[3] << 16 | 3447 p[4] << 8 | p[5]; 3448 if (desiredaddr == hisaddr || 3449 ((sp->ipcp.flags & IPCP_HISADDR_DYN) && desiredaddr != 0)) { 3450 /* 3451 * Peer's address is same as our value, 3452 * this is agreeable. Gonna conf-ack 3453 * it. 3454 */ 3455 if (debug) 3456 addlog(" %s [ack]", 3457 sppp_dotted_quad(hisaddr)); 3458 /* record that we've seen it already */ 3459 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 3460 sp->ipcp.req_hisaddr = desiredaddr; 3461 hisaddr = desiredaddr; 3462 continue; 3463 } 3464 /* 3465 * The address wasn't agreeable. This is either 3466 * he sent us 0.0.0.0, asking to assign him an 3467 * address, or he send us another address not 3468 * matching our value. Either case, we gonna 3469 * conf-nak it with our value. 3470 */ 3471 if (debug) { 3472 if (desiredaddr == 0) 3473 addlog(" [addr requested]"); 3474 else 3475 addlog(" %s [not agreed]", 3476 sppp_dotted_quad(desiredaddr)); 3477 } 3478 3479 p[2] = hisaddr >> 24; 3480 p[3] = hisaddr >> 16; 3481 p[4] = hisaddr >> 8; 3482 p[5] = hisaddr; 3483 break; 3484 } 3485 if (rlen + l > blen) { 3486 if (debug) 3487 addlog(" [overflow]"); 3488 continue; 3489 } 3490 /* Add the option to nak'ed list. */ 3491 memcpy(r, p, l); 3492 r += l; 3493 rlen += l; 3494 } 3495 3496 if (rlen > 0) { 3497 type = CONF_NAK; 3498 } else { 3499 if ((sp->ipcp.flags & IPCP_HISADDR_SEEN) == 0) { 3500 /* 3501 * If we are about to conf-ack the request, but haven't seen 3502 * his address so far, gonna conf-nak it instead, with the 3503 * `address' option present and our idea of his address being 3504 * filled in there, to request negotiation of both addresses. 3505 * 3506 * XXX This can result in an endless req - nak loop if peer 3507 * doesn't want to send us his address. Q: What should we do 3508 * about it? XXX A: implement the max-failure counter. 3509 */ 3510 buf[0] = IPCP_OPT_ADDRESS; 3511 buf[1] = 6; 3512 buf[2] = hisaddr >> 24; 3513 buf[3] = hisaddr >> 16; 3514 buf[4] = hisaddr >> 8; 3515 buf[5] = hisaddr; 3516 rlen = 6; 3517 if (debug) 3518 addlog(" still need hisaddr"); 3519 type = CONF_NAK; 3520 } else { 3521 type = CONF_ACK; 3522 rlen = origlen; 3523 memcpy(r, h + 1, rlen); 3524 } 3525 } 3526 3527 end: 3528 if (debug) 3529 addlog("\n"); 3530 3531 if (rlen < 0) { 3532 kmem_intr_free(buf, blen); 3533 return -1; 3534 } 3535 3536 if (sp->scp[IDX_IPCP].rcr_buf != NULL) { 3537 kmem_intr_free(sp->scp[IDX_IPCP].rcr_buf, 3538 sp->scp[IDX_IPCP].rcr_blen); 3539 } 3540 3541 sp->scp[IDX_IPCP].rcr_type = type; 3542 sp->scp[IDX_IPCP].rcr_buf = buf; 3543 sp->scp[IDX_IPCP].rcr_blen = blen; 3544 sp->scp[IDX_IPCP].rcr_rlen = rlen; 3545 3546 if (type != CONF_ACK) 3547 return 0; 3548 return 1; 3549 } 3550 3551 /* 3552 * Analyze the IPCP Configure-Reject option list, and adjust our 3553 * negotiation. 3554 */ 3555 static void 3556 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3557 { 3558 u_char *p, l; 3559 struct ifnet *ifp = &sp->pp_if; 3560 int debug = ifp->if_flags & IFF_DEBUG; 3561 3562 KASSERT(SPPP_WLOCKED(sp)); 3563 3564 if (len <= sizeof(*h)) 3565 return; 3566 3567 len -= sizeof(*h); 3568 3569 if (debug) 3570 log(LOG_DEBUG, "%s: ipcp rej opts:", 3571 ifp->if_xname); 3572 3573 p = (void *)(h + 1); 3574 for (; len > 1; len -= l, p += l) { 3575 l = p[1]; 3576 if (l == 0) 3577 break; 3578 3579 /* Sanity check option length */ 3580 if (l > len) { 3581 /* XXX should we just RXJ? */ 3582 addlog("%s: malicious IPCP option received, dropping\n", 3583 ifp->if_xname); 3584 goto end; 3585 } 3586 if (debug) 3587 addlog(" %s", sppp_ipcp_opt_name(*p)); 3588 switch (p[0]) { 3589 case IPCP_OPT_ADDRESS: 3590 /* 3591 * Peer doesn't grok address option. This is 3592 * bad. XXX Should we better give up here? 3593 */ 3594 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3595 break; 3596 #ifdef notyet 3597 case IPCP_OPT_COMPRESS: 3598 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS); 3599 break; 3600 #endif 3601 } 3602 } 3603 if (debug) 3604 addlog("\n"); 3605 end: 3606 return; 3607 } 3608 3609 /* 3610 * Analyze the IPCP Configure-NAK option list, and adjust our 3611 * negotiation. 3612 */ 3613 static void 3614 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3615 { 3616 u_char *p, l; 3617 struct ifnet *ifp = &sp->pp_if; 3618 int debug = ifp->if_flags & IFF_DEBUG; 3619 uint32_t wantaddr; 3620 3621 KASSERT(SPPP_WLOCKED(sp)); 3622 3623 len -= sizeof(*h); 3624 3625 if (debug) 3626 log(LOG_DEBUG, "%s: ipcp nak opts:", 3627 ifp->if_xname); 3628 3629 p = (void *)(h + 1); 3630 for (; len > 1; len -= l, p += l) { 3631 l = p[1]; 3632 if (l == 0) 3633 break; 3634 3635 /* Sanity check option length */ 3636 if (l > len) { 3637 /* XXX should we just RXJ? */ 3638 addlog("%s: malicious IPCP option received, dropping\n", 3639 ifp->if_xname); 3640 return; 3641 } 3642 if (debug) 3643 addlog(" %s", sppp_ipcp_opt_name(*p)); 3644 switch (*p) { 3645 case IPCP_OPT_ADDRESS: 3646 /* 3647 * Peer doesn't like our local IP address. See 3648 * if we can do something for him. We'll drop 3649 * him our address then. 3650 */ 3651 if (len >= 6 && l == 6) { 3652 wantaddr = p[2] << 24 | p[3] << 16 | 3653 p[4] << 8 | p[5]; 3654 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3655 if (debug) 3656 addlog(" [wantaddr %s]", 3657 sppp_dotted_quad(wantaddr)); 3658 /* 3659 * When doing dynamic address assignment, 3660 * we accept his offer. Otherwise, we 3661 * ignore it and thus continue to negotiate 3662 * our already existing value. 3663 */ 3664 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3665 if (debug) 3666 addlog(" [agree]"); 3667 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3668 sp->ipcp.req_myaddr = wantaddr; 3669 } 3670 } 3671 break; 3672 3673 case IPCP_OPT_PRIMDNS: 3674 if (len >= 6 && l == 6) { 3675 sp->dns_addrs[0] = p[2] << 24 | p[3] << 16 | 3676 p[4] << 8 | p[5]; 3677 } 3678 break; 3679 3680 case IPCP_OPT_SECDNS: 3681 if (len >= 6 && l == 6) { 3682 sp->dns_addrs[1] = p[2] << 24 | p[3] << 16 | 3683 p[4] << 8 | p[5]; 3684 } 3685 break; 3686 #ifdef notyet 3687 case IPCP_OPT_COMPRESS: 3688 /* 3689 * Peer wants different compression parameters. 3690 */ 3691 break; 3692 #endif 3693 } 3694 } 3695 if (debug) 3696 addlog("\n"); 3697 } 3698 3699 static void 3700 sppp_ipcp_tlu(struct sppp *sp) 3701 { 3702 #ifdef INET 3703 KASSERT(SPPP_WLOCKED(sp)); 3704 /* we are up. Set addresses and notify anyone interested */ 3705 sppp_set_ip_addrs(sp); 3706 #endif 3707 } 3708 3709 static void 3710 sppp_ipcp_tld(struct sppp *sp) 3711 { 3712 3713 KASSERT(SPPP_WLOCKED(sp)); 3714 } 3715 3716 static void 3717 sppp_ipcp_tls(struct sppp *sp) 3718 { 3719 3720 KASSERT(SPPP_WLOCKED(sp)); 3721 /* indicate to LCP that it must stay alive */ 3722 sp->lcp.protos |= (1 << IDX_IPCP); 3723 } 3724 3725 static void 3726 sppp_ipcp_tlf(struct sppp *sp) 3727 { 3728 3729 KASSERT(SPPP_WLOCKED(sp)); 3730 3731 /* we no longer need LCP */ 3732 sp->lcp.protos &= ~(1 << IDX_IPCP); 3733 } 3734 3735 static void 3736 sppp_ipcp_scr(struct sppp *sp) 3737 { 3738 uint8_t opt[6 /* compression */ + 6 /* address */ + 12 /* dns addresses */]; 3739 #ifdef INET 3740 uint32_t ouraddr; 3741 #endif 3742 int i = 0; 3743 3744 KASSERT(SPPP_WLOCKED(sp)); 3745 3746 #ifdef notyet 3747 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3748 opt[i++] = IPCP_OPT_COMPRESSION; 3749 opt[i++] = 6; 3750 opt[i++] = 0; /* VJ header compression */ 3751 opt[i++] = 0x2d; /* VJ header compression */ 3752 opt[i++] = max_slot_id; 3753 opt[i++] = comp_slot_id; 3754 } 3755 #endif 3756 3757 #ifdef INET 3758 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3759 if (sp->ipcp.flags & IPCP_MYADDR_SEEN) 3760 ouraddr = sp->ipcp.req_myaddr; /* not sure if this can ever happen */ 3761 else 3762 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3763 opt[i++] = IPCP_OPT_ADDRESS; 3764 opt[i++] = 6; 3765 opt[i++] = ouraddr >> 24; 3766 opt[i++] = ouraddr >> 16; 3767 opt[i++] = ouraddr >> 8; 3768 opt[i++] = ouraddr; 3769 } 3770 #endif 3771 3772 if (sp->query_dns & 1) { 3773 opt[i++] = IPCP_OPT_PRIMDNS; 3774 opt[i++] = 6; 3775 opt[i++] = sp->dns_addrs[0] >> 24; 3776 opt[i++] = sp->dns_addrs[0] >> 16; 3777 opt[i++] = sp->dns_addrs[0] >> 8; 3778 opt[i++] = sp->dns_addrs[0]; 3779 } 3780 if (sp->query_dns & 2) { 3781 opt[i++] = IPCP_OPT_SECDNS; 3782 opt[i++] = 6; 3783 opt[i++] = sp->dns_addrs[1] >> 24; 3784 opt[i++] = sp->dns_addrs[1] >> 16; 3785 opt[i++] = sp->dns_addrs[1] >> 8; 3786 opt[i++] = sp->dns_addrs[1]; 3787 } 3788 3789 sp->scp[IDX_IPCP].confid = ++sp->scp[IDX_IPCP].seq; 3790 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->scp[IDX_IPCP].confid, i, &opt); 3791 } 3792 3793 3794 /* 3795 *--------------------------------------------------------------------------* 3796 * * 3797 * The IPv6CP implementation. * 3798 * * 3799 *--------------------------------------------------------------------------* 3800 */ 3801 3802 #ifdef INET6 3803 static void 3804 sppp_ipv6cp_init(struct sppp *sp) 3805 { 3806 3807 KASSERT(SPPP_WLOCKED(sp)); 3808 3809 sp->ipv6cp.opts = 0; 3810 sp->ipv6cp.flags = 0; 3811 sp->scp[IDX_IPV6CP].state = STATE_INITIAL; 3812 sp->scp[IDX_IPV6CP].fail_counter = 0; 3813 sp->scp[IDX_IPV6CP].seq = 0; 3814 sp->scp[IDX_IPV6CP].rseq = 0; 3815 sppp_cp_init(&ipv6cp, sp); 3816 } 3817 3818 static void 3819 sppp_ipv6cp_up(struct sppp *sp, void *xcp) 3820 { 3821 3822 KASSERT(SPPP_WLOCKED(sp)); 3823 sppp_up_event(sp, xcp); 3824 } 3825 3826 static void 3827 sppp_ipv6cp_down(struct sppp *sp, void *xcp) 3828 { 3829 3830 KASSERT(SPPP_WLOCKED(sp)); 3831 sppp_down_event(sp, xcp); 3832 } 3833 3834 static void 3835 sppp_ipv6cp_open(struct sppp *sp, void *xcp) 3836 { 3837 STDDCL; 3838 struct in6_addr myaddr, hisaddr; 3839 3840 KASSERT(SPPP_WLOCKED(sp)); 3841 3842 #ifdef IPV6CP_MYIFID_DYN 3843 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3844 #else 3845 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3846 #endif 3847 3848 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3849 /* 3850 * If we don't have our address, this probably means our 3851 * interface doesn't want to talk IPv6 at all. (This could 3852 * be the case if somebody wants to speak only IPX, for 3853 * example.) Don't open IPv6CP in this case. 3854 */ 3855 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3856 /* XXX this message should go away */ 3857 if (debug) 3858 log(LOG_DEBUG, "%s: ipv6cp_open(): no IPv6 interface\n", 3859 ifp->if_xname); 3860 return; 3861 } 3862 3863 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3864 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3865 sppp_open_event(sp, xcp); 3866 } 3867 3868 static void 3869 sppp_ipv6cp_close(struct sppp *sp, void *xcp) 3870 { 3871 3872 KASSERT(SPPP_WLOCKED(sp)); 3873 sppp_close_event(sp, xcp); 3874 } 3875 3876 static void 3877 sppp_ipv6cp_TO(struct sppp *sp, void *xcp) 3878 { 3879 3880 sppp_to_event(sp, xcp); 3881 } 3882 3883 /* 3884 * Analyze a configure request. Return true if it was agreeable, and 3885 * caused action sca, false if it has been rejected or nak'ed, and 3886 * caused action scn. (The return value is used to make the state 3887 * transition decision in the state automaton.) 3888 */ 3889 static int 3890 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int origlen) 3891 { 3892 u_char *buf, *r, *p, l, blen; 3893 struct ifnet *ifp = &sp->pp_if; 3894 int rlen, len, debug = ifp->if_flags & IFF_DEBUG; 3895 struct in6_addr myaddr, desiredaddr, suggestaddr; 3896 int ifidcount; 3897 int type; 3898 int collision, nohisaddr; 3899 char ip6buf[INET6_ADDRSTRLEN]; 3900 3901 KASSERT(SPPP_WLOCKED(sp)); 3902 3903 if (origlen < sizeof(*h)) 3904 return 0; 3905 3906 origlen -= sizeof(*h); 3907 type = 0; 3908 3909 /* 3910 * Make sure to allocate a buf that can at least hold a 3911 * conf-nak with an `address' option. We might need it below. 3912 */ 3913 blen = MAX(6, origlen); 3914 3915 buf = kmem_intr_alloc(blen, KM_NOSLEEP); 3916 if (buf == NULL) 3917 return 0; 3918 3919 /* pass 1: see if we can recognize them */ 3920 if (debug) 3921 log(LOG_DEBUG, "%s: ipv6cp parse opts:", 3922 ifp->if_xname); 3923 p = (void *)(h + 1); 3924 r = buf; 3925 rlen = 0; 3926 ifidcount = 0; 3927 for (len = origlen; len > 1; len -= l, p += l) { 3928 l = p[1]; 3929 if (l == 0) 3930 break; 3931 3932 /* Sanity check option length */ 3933 if (l > len) { 3934 /* XXX just RXJ? */ 3935 addlog("%s: received malicious IPCPv6 option, " 3936 "dropping\n", ifp->if_xname); 3937 rlen = -1; 3938 goto end; 3939 } 3940 if (debug) 3941 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3942 switch (p[0]) { 3943 case IPV6CP_OPT_IFID: 3944 if (len >= 10 && l == 10 && ifidcount == 0) { 3945 /* correctly formed address option */ 3946 ifidcount++; 3947 continue; 3948 } 3949 if (debug) 3950 addlog(" [invalid]"); 3951 break; 3952 #ifdef notyet 3953 case IPV6CP_OPT_COMPRESSION: 3954 if (len >= 4 && l >= 4) { 3955 /* correctly formed compress option */ 3956 continue; 3957 } 3958 if (debug) 3959 addlog(" [invalid]"); 3960 break; 3961 #endif 3962 default: 3963 /* Others not supported. */ 3964 if (debug) 3965 addlog(" [rej]"); 3966 break; 3967 } 3968 if (rlen + l > blen) { 3969 if (debug) 3970 addlog(" [overflow]"); 3971 continue; 3972 } 3973 /* Add the option to rejected list. */ 3974 memcpy(r, p, l); 3975 r += l; 3976 rlen += l; 3977 } 3978 3979 if (rlen > 0) { 3980 type = CONF_REJ; 3981 goto end; 3982 } 3983 3984 if (debug) 3985 addlog("\n"); 3986 3987 /* pass 2: parse option values */ 3988 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3989 if (debug) 3990 log(LOG_DEBUG, "%s: ipv6cp parse opt values: ", 3991 ifp->if_xname); 3992 p = (void *)(h + 1); 3993 r = buf; 3994 rlen = 0; 3995 type = CONF_ACK; 3996 for (len = origlen; len > 1; len -= l, p += l) { 3997 l = p[1]; 3998 if (l == 0) 3999 break; 4000 4001 if (debug) 4002 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 4003 switch (p[0]) { 4004 #ifdef notyet 4005 case IPV6CP_OPT_COMPRESSION: 4006 continue; 4007 #endif 4008 case IPV6CP_OPT_IFID: 4009 memset(&desiredaddr, 0, sizeof(desiredaddr)); 4010 memcpy(&desiredaddr.s6_addr[8], &p[2], 8); 4011 collision = (memcmp(&desiredaddr.s6_addr[8], 4012 &myaddr.s6_addr[8], 8) == 0); 4013 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 4014 4015 desiredaddr.s6_addr16[0] = htons(0xfe80); 4016 (void)in6_setscope(&desiredaddr, &sp->pp_if, NULL); 4017 4018 if (!collision && !nohisaddr) { 4019 /* no collision, hisaddr known - Conf-Ack */ 4020 type = CONF_ACK; 4021 4022 if (debug) { 4023 addlog(" %s [%s]", 4024 IN6_PRINT(ip6buf, &desiredaddr), 4025 sppp_cp_type_name(type)); 4026 } 4027 continue; 4028 } 4029 4030 memset(&suggestaddr, 0, sizeof(suggestaddr)); 4031 if (collision && nohisaddr) { 4032 /* collision, hisaddr unknown - Conf-Rej */ 4033 type = CONF_REJ; 4034 memset(&p[2], 0, 8); 4035 } else { 4036 /* 4037 * - no collision, hisaddr unknown, or 4038 * - collision, hisaddr known 4039 * Conf-Nak, suggest hisaddr 4040 */ 4041 type = CONF_NAK; 4042 sppp_suggest_ip6_addr(sp, &suggestaddr); 4043 memcpy(&p[2], &suggestaddr.s6_addr[8], 8); 4044 } 4045 if (debug) 4046 addlog(" %s [%s]", IN6_PRINT(ip6buf, &desiredaddr), 4047 sppp_cp_type_name(type)); 4048 break; 4049 } 4050 if (rlen + l > blen) { 4051 if (debug) 4052 addlog(" [overflow]"); 4053 continue; 4054 } 4055 /* Add the option to nak'ed list. */ 4056 memcpy(r, p, l); 4057 r += l; 4058 rlen += l; 4059 } 4060 4061 if (rlen > 0) { 4062 if (type != CONF_ACK) { 4063 if (debug) { 4064 addlog(" send %s suggest %s\n", 4065 sppp_cp_type_name(type), 4066 IN6_PRINT(ip6buf, &suggestaddr)); 4067 } 4068 } 4069 #ifdef notdef 4070 if (type == CONF_ACK) 4071 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 4072 #endif 4073 } else { 4074 if (type == CONF_ACK) { 4075 rlen = origlen; 4076 memcpy(r, h + 1, rlen); 4077 } 4078 } 4079 end: 4080 if (debug) 4081 addlog("\n"); 4082 4083 if (rlen < 0) { 4084 kmem_intr_free(buf, blen); 4085 return -1; 4086 } 4087 4088 if (sp->scp[IDX_IPV6CP].rcr_buf != NULL) { 4089 kmem_intr_free(sp->scp[IDX_IPV6CP].rcr_buf, 4090 sp->scp[IDX_IPV6CP].rcr_blen); 4091 } 4092 4093 sp->scp[IDX_IPV6CP].rcr_type = type; 4094 sp->scp[IDX_IPV6CP].rcr_buf = buf; 4095 sp->scp[IDX_IPV6CP].rcr_blen = blen; 4096 sp->scp[IDX_IPV6CP].rcr_rlen = rlen; 4097 4098 if (type != CONF_ACK) 4099 return 0; 4100 return 0; 4101 } 4102 4103 /* 4104 * Analyze the IPv6CP Configure-Reject option list, and adjust our 4105 * negotiation. 4106 */ 4107 static void 4108 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 4109 { 4110 u_char *p, l; 4111 struct ifnet *ifp = &sp->pp_if; 4112 int debug = ifp->if_flags & IFF_DEBUG; 4113 4114 KASSERT(SPPP_WLOCKED(sp)); 4115 4116 if (len <= sizeof(*h)) 4117 return; 4118 4119 len -= sizeof(*h); 4120 4121 if (debug) 4122 log(LOG_DEBUG, "%s: ipv6cp rej opts:", 4123 ifp->if_xname); 4124 4125 p = (void *)(h + 1); 4126 for (; len > 1; len -= l, p += l) { 4127 l = p[1]; 4128 if (l == 0) 4129 break; 4130 4131 if (l > len) { 4132 /* XXX just RXJ? */ 4133 addlog("%s: received malicious IPCPv6 option, " 4134 "dropping\n", ifp->if_xname); 4135 goto end; 4136 } 4137 if (debug) 4138 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 4139 switch (p[0]) { 4140 case IPV6CP_OPT_IFID: 4141 /* 4142 * Peer doesn't grok address option. This is 4143 * bad. XXX Should we better give up here? 4144 */ 4145 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 4146 break; 4147 #ifdef notyet 4148 case IPV6CP_OPT_COMPRESS: 4149 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 4150 break; 4151 #endif 4152 } 4153 } 4154 if (debug) 4155 addlog("\n"); 4156 end: 4157 return; 4158 } 4159 4160 /* 4161 * Analyze the IPv6CP Configure-NAK option list, and adjust our 4162 * negotiation. 4163 */ 4164 static void 4165 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 4166 { 4167 u_char *p, l; 4168 struct ifnet *ifp = &sp->pp_if; 4169 int debug = ifp->if_flags & IFF_DEBUG; 4170 struct in6_addr suggestaddr; 4171 char ip6buf[INET6_ADDRSTRLEN]; 4172 4173 KASSERT(SPPP_WLOCKED(sp)); 4174 4175 if (len <= sizeof(*h)) 4176 return; 4177 4178 len -= sizeof(*h); 4179 4180 if (debug) 4181 log(LOG_DEBUG, "%s: ipv6cp nak opts:", 4182 ifp->if_xname); 4183 4184 p = (void *)(h + 1); 4185 for (; len > 1; len -= l, p += l) { 4186 l = p[1]; 4187 if (l == 0) 4188 break; 4189 4190 if (l > len) { 4191 /* XXX just RXJ? */ 4192 addlog("%s: received malicious IPCPv6 option, " 4193 "dropping\n", ifp->if_xname); 4194 goto end; 4195 } 4196 if (debug) 4197 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 4198 switch (p[0]) { 4199 case IPV6CP_OPT_IFID: 4200 /* 4201 * Peer doesn't like our local ifid. See 4202 * if we can do something for him. We'll drop 4203 * him our address then. 4204 */ 4205 if (len < 10 || l != 10) 4206 break; 4207 memset(&suggestaddr, 0, sizeof(suggestaddr)); 4208 suggestaddr.s6_addr16[0] = htons(0xfe80); 4209 (void)in6_setscope(&suggestaddr, &sp->pp_if, NULL); 4210 memcpy(&suggestaddr.s6_addr[8], &p[2], 8); 4211 4212 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 4213 if (debug) 4214 addlog(" [suggestaddr %s]", 4215 IN6_PRINT(ip6buf, &suggestaddr)); 4216 #ifdef IPV6CP_MYIFID_DYN 4217 /* 4218 * When doing dynamic address assignment, 4219 * we accept his offer. 4220 */ 4221 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 4222 struct in6_addr lastsuggest; 4223 /* 4224 * If <suggested myaddr from peer> equals to 4225 * <hisaddr we have suggested last time>, 4226 * we have a collision. generate new random 4227 * ifid. 4228 */ 4229 sppp_suggest_ip6_addr(&lastsuggest); 4230 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 4231 lastsuggest)) { 4232 if (debug) 4233 addlog(" [random]"); 4234 sppp_gen_ip6_addr(sp, &suggestaddr); 4235 } 4236 sppp_set_ip6_addr(sp, &suggestaddr, 0); 4237 if (debug) 4238 addlog(" [agree]"); 4239 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 4240 } 4241 #else 4242 /* 4243 * Since we do not do dynamic address assignment, 4244 * we ignore it and thus continue to negotiate 4245 * our already existing value. This can possibly 4246 * go into infinite request-reject loop. 4247 * 4248 * This is not likely because we normally use 4249 * ifid based on MAC-address. 4250 * If you have no ethernet card on the node, too bad. 4251 * XXX should we use fail_counter? 4252 */ 4253 #endif 4254 break; 4255 #ifdef notyet 4256 case IPV6CP_OPT_COMPRESS: 4257 /* 4258 * Peer wants different compression parameters. 4259 */ 4260 break; 4261 #endif 4262 } 4263 } 4264 if (debug) 4265 addlog("\n"); 4266 end: 4267 return; 4268 } 4269 4270 static void 4271 sppp_ipv6cp_tlu(struct sppp *sp) 4272 { 4273 4274 KASSERT(SPPP_WLOCKED(sp)); 4275 /* we are up - notify isdn daemon */ 4276 sppp_notify_con_wlocked(sp); 4277 } 4278 4279 static void 4280 sppp_ipv6cp_tld(struct sppp *sp) 4281 { 4282 4283 KASSERT(SPPP_WLOCKED(sp)); 4284 } 4285 4286 static void 4287 sppp_ipv6cp_tls(struct sppp *sp) 4288 { 4289 4290 KASSERT(SPPP_WLOCKED(sp)); 4291 /* indicate to LCP that it must stay alive */ 4292 sp->lcp.protos |= (1 << IDX_IPV6CP); 4293 } 4294 4295 static void 4296 sppp_ipv6cp_tlf(struct sppp *sp) 4297 { 4298 4299 KASSERT(SPPP_WLOCKED(sp)); 4300 /* we no longer need LCP */ 4301 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 4302 } 4303 4304 static void 4305 sppp_ipv6cp_scr(struct sppp *sp) 4306 { 4307 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 4308 struct in6_addr ouraddr; 4309 int i = 0; 4310 4311 KASSERT(SPPP_WLOCKED(sp)); 4312 4313 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 4314 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 4315 opt[i++] = IPV6CP_OPT_IFID; 4316 opt[i++] = 10; 4317 memcpy(&opt[i], &ouraddr.s6_addr[8], 8); 4318 i += 8; 4319 } 4320 4321 #ifdef notyet 4322 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 4323 opt[i++] = IPV6CP_OPT_COMPRESSION; 4324 opt[i++] = 4; 4325 opt[i++] = 0; /* TBD */ 4326 opt[i++] = 0; /* TBD */ 4327 /* variable length data may follow */ 4328 } 4329 #endif 4330 4331 sp->scp[IDX_IPV6CP].confid = ++sp->scp[IDX_IPV6CP].seq; 4332 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->scp[IDX_IPV6CP].confid, i, &opt); 4333 } 4334 #else /*INET6*/ 4335 static void 4336 sppp_ipv6cp_init(struct sppp *sp) 4337 { 4338 4339 KASSERT(SPPP_WLOCKED(sp)); 4340 } 4341 4342 static void 4343 sppp_ipv6cp_up(struct sppp *sp, void *xcp __unused) 4344 { 4345 4346 KASSERT(SPPP_WLOCKED(sp)); 4347 } 4348 4349 static void 4350 sppp_ipv6cp_down(struct sppp *sp) 4351 { 4352 4353 KASSERT(SPPP_WLOCKED(sp)); 4354 } 4355 4356 static void 4357 sppp_ipv6cp_open(struct sppp *sp, void *xcp __unused) 4358 { 4359 4360 KASSERT(SPPP_WLOCKED(sp)); 4361 } 4362 4363 static void 4364 sppp_ipv6cp_close(struct sppp *sp, void *xcp __unused) 4365 { 4366 4367 KASSERT(SPPP_WLOCKED(sp)); 4368 } 4369 4370 static void 4371 sppp_ipv6cp_TO(struct sppp *sp, void *xcp __unused) 4372 { 4373 4374 KASSERT(SPPP_WLOCKED(sp)); 4375 } 4376 4377 static int 4378 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, 4379 int len) 4380 { 4381 4382 KASSERT(SPPP_WLOCKED(sp)); 4383 return 0; 4384 } 4385 4386 static void 4387 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, 4388 int len) 4389 { 4390 4391 KASSERT(SPPP_WLOCKED(sp)); 4392 } 4393 4394 static void 4395 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, 4396 int len) 4397 { 4398 4399 KASSERT(SPPP_WLOCKED(sp)); 4400 } 4401 4402 static void 4403 sppp_ipv6cp_tlu(struct sppp *sp) 4404 { 4405 4406 KASSERT(SPPP_WLOCKED(sp)); 4407 } 4408 4409 static void 4410 sppp_ipv6cp_tld(struct sppp *sp) 4411 { 4412 4413 KASSERT(SPPP_WLOCKED(sp)); 4414 } 4415 4416 static void 4417 sppp_ipv6cp_tls(struct sppp *sp) 4418 { 4419 4420 KASSERT(SPPP_WLOCKED(sp)); 4421 } 4422 4423 static void 4424 sppp_ipv6cp_tlf(struct sppp *sp) 4425 { 4426 4427 KASSERT(SPPP_WLOCKED(sp)); 4428 } 4429 4430 static void 4431 sppp_ipv6cp_scr(struct sppp *sp) 4432 { 4433 4434 KASSERT(SPPP_WLOCKED(sp)); 4435 } 4436 #endif /*INET6*/ 4437 4438 4439 /* 4440 *--------------------------------------------------------------------------* 4441 * * 4442 * The CHAP implementation. * 4443 * * 4444 *--------------------------------------------------------------------------* 4445 */ 4446 4447 /* 4448 * The authentication protocols don't employ a full-fledged state machine as 4449 * the control protocols do, since they do have Open and Close events, but 4450 * not Up and Down, nor are they explicitly terminated. Also, use of the 4451 * authentication protocols may be different in both directions (this makes 4452 * sense, think of a machine that never accepts incoming calls but only 4453 * calls out, it doesn't require the called party to authenticate itself). 4454 * 4455 * Our state machine for the local authentication protocol (we are requesting 4456 * the peer to authenticate) looks like: 4457 * 4458 * RCA- 4459 * +--------------------------------------------+ 4460 * V scn,tld| 4461 * +--------+ Close +---------+ RCA+ 4462 * | |<----------------------------------| |------+ 4463 * +--->| Closed | TO* | Opened | sca | 4464 * | | |-----+ +-------| |<-----+ 4465 * | +--------+ irc | | +---------+ 4466 * | ^ | | ^ 4467 * | | | | | 4468 * | | | | | 4469 * | TO-| | | | 4470 * | |tld TO+ V | | 4471 * | | +------->+ | | 4472 * | | | | | | 4473 * | +--------+ V | | 4474 * | | |<----+<--------------------+ | 4475 * | | Req- | scr | 4476 * | | Sent | | 4477 * | | | | 4478 * | +--------+ | 4479 * | RCA- | | RCA+ | 4480 * +------+ +------------------------------------------+ 4481 * scn,tld sca,irc,ict,tlu 4482 * 4483 * 4484 * with: 4485 * 4486 * Open: LCP reached authentication phase 4487 * Close: LCP reached terminate phase 4488 * 4489 * RCA+: received reply (pap-req, chap-response), acceptable 4490 * RCN: received reply (pap-req, chap-response), not acceptable 4491 * TO+: timeout with restart counter >= 0 4492 * TO-: timeout with restart counter < 0 4493 * TO*: reschedule timeout for CHAP 4494 * 4495 * scr: send request packet (none for PAP, chap-challenge) 4496 * sca: send ack packet (pap-ack, chap-success) 4497 * scn: send nak packet (pap-nak, chap-failure) 4498 * ict: initialize re-challenge timer (CHAP only) 4499 * 4500 * tlu: this-layer-up, LCP reaches network phase 4501 * tld: this-layer-down, LCP enters terminate phase 4502 * 4503 * Note that in CHAP mode, after sending a new challenge, while the state 4504 * automaton falls back into Req-Sent state, it doesn't signal a tld 4505 * event to LCP, so LCP remains in network phase. Only after not getting 4506 * any response (or after getting an unacceptable response), CHAP closes, 4507 * causing LCP to enter terminate phase. 4508 * 4509 * With PAP, there is no initial request that can be sent. The peer is 4510 * expected to send one based on the successful negotiation of PAP as 4511 * the authentication protocol during the LCP option negotiation. 4512 * 4513 * Incoming authentication protocol requests (remote requests 4514 * authentication, we are peer) don't employ a state machine at all, 4515 * they are simply answered. Some peers [Ascend P50 firmware rev 4516 * 4.50] react allergically when sending IPCP/IPv6CP requests while they are 4517 * still in authentication phase (thereby violating the standard that 4518 * demands that these NCP packets are to be discarded), so we keep 4519 * track of the peer demanding us to authenticate, and only proceed to 4520 * phase network once we've seen a positive acknowledge for the 4521 * authentication. 4522 */ 4523 4524 /* 4525 * Handle incoming CHAP packets. 4526 */ 4527 void 4528 sppp_chap_input(struct sppp *sp, struct mbuf *m) 4529 { 4530 STDDCL; 4531 struct lcp_header *h; 4532 int len, x; 4533 u_char *value, *name, digest[sizeof(sp->myauth.challenge)], dsize; 4534 int value_len, name_len; 4535 MD5_CTX ctx; 4536 4537 len = m->m_pkthdr.len; 4538 if (len < 4) { 4539 if (debug) 4540 log(LOG_DEBUG, 4541 "%s: chap invalid packet length: %d bytes\n", 4542 ifp->if_xname, len); 4543 return; 4544 } 4545 h = mtod(m, struct lcp_header *); 4546 if (len > ntohs(h->len)) 4547 len = ntohs(h->len); 4548 4549 SPPP_LOCK(sp, RW_WRITER); 4550 4551 switch (h->type) { 4552 /* challenge, failure and success are his authproto */ 4553 case CHAP_CHALLENGE: 4554 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 4555 /* can't do anything useful */ 4556 sp->pp_auth_failures++; 4557 printf("%s: chap input without my name and my secret being set\n", 4558 ifp->if_xname); 4559 break; 4560 } 4561 value = 1 + (u_char *)(h + 1); 4562 value_len = value[-1]; 4563 name = value + value_len; 4564 name_len = len - value_len - 5; 4565 if (name_len < 0) { 4566 if (debug) { 4567 log(LOG_DEBUG, 4568 "%s: chap corrupted challenge " 4569 "<%s id=0x%x len=%d", 4570 ifp->if_xname, 4571 sppp_auth_type_name(PPP_CHAP, h->type), 4572 h->ident, ntohs(h->len)); 4573 if (len > 4) 4574 sppp_print_bytes((u_char *)(h + 1), 4575 len - 4); 4576 addlog(">\n"); 4577 } 4578 break; 4579 } 4580 4581 if (debug) { 4582 log(LOG_DEBUG, 4583 "%s: chap input <%s id=0x%x len=%d name=", 4584 ifp->if_xname, 4585 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 4586 ntohs(h->len)); 4587 sppp_print_string((char *) name, name_len); 4588 addlog(" value-size=%d value=", value_len); 4589 sppp_print_bytes(value, value_len); 4590 addlog(">\n"); 4591 } 4592 4593 /* Compute reply value. */ 4594 MD5Init(&ctx); 4595 MD5Update(&ctx, &h->ident, 1); 4596 MD5Update(&ctx, sp->myauth.secret, sp->myauth.secret_len); 4597 MD5Update(&ctx, value, value_len); 4598 MD5Final(digest, &ctx); 4599 dsize = sizeof digest; 4600 4601 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 4602 sizeof dsize, (const char *)&dsize, 4603 sizeof digest, digest, 4604 sp->myauth.name_len, 4605 sp->myauth.name, 4606 0); 4607 break; 4608 4609 case CHAP_SUCCESS: 4610 if (debug) { 4611 log(LOG_DEBUG, "%s: chap success", 4612 ifp->if_xname); 4613 if (len > 4) { 4614 addlog(": "); 4615 sppp_print_string((char *)(h + 1), len - 4); 4616 } 4617 addlog("\n"); 4618 } 4619 x = splnet(); 4620 sp->pp_auth_failures = 0; 4621 sp->pp_flags &= ~PP_NEEDAUTH; 4622 if (sp->myauth.proto == PPP_CHAP && 4623 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4624 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 4625 /* 4626 * We are authenticator for CHAP but didn't 4627 * complete yet. Leave it to tlu to proceed 4628 * to network phase. 4629 */ 4630 splx(x); 4631 break; 4632 } 4633 splx(x); 4634 sppp_phase_network(sp); 4635 break; 4636 4637 case CHAP_FAILURE: 4638 x = splnet(); 4639 sp->pp_auth_failures++; 4640 splx(x); 4641 if (debug) { 4642 log(LOG_INFO, "%s: chap failure", 4643 ifp->if_xname); 4644 if (len > 4) { 4645 addlog(": "); 4646 sppp_print_string((char *)(h + 1), len - 4); 4647 } 4648 addlog("\n"); 4649 } else 4650 log(LOG_INFO, "%s: chap failure\n", 4651 ifp->if_xname); 4652 /* await LCP shutdown by authenticator */ 4653 break; 4654 4655 /* response is my authproto */ 4656 case CHAP_RESPONSE: 4657 if (sp->hisauth.secret == NULL) { 4658 /* can't do anything useful */ 4659 printf("%s: chap input without his secret being set\n", 4660 ifp->if_xname); 4661 break; 4662 } 4663 value = 1 + (u_char *)(h + 1); 4664 value_len = value[-1]; 4665 name = value + value_len; 4666 name_len = len - value_len - 5; 4667 if (name_len < 0) { 4668 if (debug) { 4669 log(LOG_DEBUG, 4670 "%s: chap corrupted response " 4671 "<%s id=0x%x len=%d", 4672 ifp->if_xname, 4673 sppp_auth_type_name(PPP_CHAP, h->type), 4674 h->ident, ntohs(h->len)); 4675 if (len > 4) 4676 sppp_print_bytes((u_char *)(h + 1), 4677 len - 4); 4678 addlog(">\n"); 4679 } 4680 break; 4681 } 4682 if (h->ident != sp->scp[IDX_CHAP].confid) { 4683 if (debug) 4684 log(LOG_DEBUG, 4685 "%s: chap dropping response for old ID " 4686 "(got %d, expected %d)\n", 4687 ifp->if_xname, 4688 h->ident, sp->scp[IDX_CHAP].confid); 4689 break; 4690 } 4691 if (sp->hisauth.name != NULL && 4692 (name_len != sp->hisauth.name_len 4693 || memcmp(name, sp->hisauth.name, name_len) != 0)) { 4694 log(LOG_INFO, "%s: chap response, his name ", 4695 ifp->if_xname); 4696 sppp_print_string(name, name_len); 4697 addlog(" != expected "); 4698 sppp_print_string(sp->hisauth.name, 4699 sp->hisauth.name_len); 4700 addlog("\n"); 4701 goto chap_failure; 4702 } 4703 if (debug) { 4704 log(LOG_DEBUG, "%s: chap input(%s) " 4705 "<%s id=0x%x len=%d name=", 4706 ifp->if_xname, 4707 sppp_state_name(sp->scp[IDX_CHAP].state), 4708 sppp_auth_type_name(PPP_CHAP, h->type), 4709 h->ident, ntohs(h->len)); 4710 sppp_print_string((char *)name, name_len); 4711 addlog(" value-size=%d value=", value_len); 4712 sppp_print_bytes(value, value_len); 4713 addlog(">\n"); 4714 } 4715 if (value_len != sizeof(sp->hisauth.challenge)) { 4716 if (debug) 4717 log(LOG_DEBUG, 4718 "%s: chap bad hash value length: " 4719 "%d bytes, should be %zu\n", 4720 ifp->if_xname, value_len, 4721 sizeof(sp->hisauth.challenge)); 4722 goto chap_failure; 4723 } 4724 4725 MD5Init(&ctx); 4726 MD5Update(&ctx, &h->ident, 1); 4727 MD5Update(&ctx, sp->hisauth.secret, sp->hisauth.secret_len); 4728 MD5Update(&ctx, sp->hisauth.challenge, sizeof(sp->hisauth.challenge)); 4729 MD5Final(digest, &ctx); 4730 4731 #define FAILMSG "Failed..." 4732 #define SUCCMSG "Welcome!" 4733 4734 if (value_len != sizeof digest || 4735 memcmp(digest, value, value_len) != 0) { 4736 chap_failure: 4737 KASSERT(SPPP_WLOCKED(sp)); 4738 /* action scn, tld */ 4739 sp->pp_auth_failures++; 4740 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 4741 sizeof(FAILMSG) - 1, (const u_char *)FAILMSG, 4742 0); 4743 chap.tld(sp); 4744 break; 4745 } 4746 sp->pp_auth_failures = 0; 4747 /* action sca, perhaps tlu */ 4748 if (sp->scp[IDX_CHAP].state == STATE_REQ_SENT || 4749 sp->scp[IDX_CHAP].state == STATE_OPENED) 4750 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4751 sizeof(SUCCMSG) - 1, (const u_char *)SUCCMSG, 4752 0); 4753 if (sp->scp[IDX_CHAP].state == STATE_REQ_SENT) { 4754 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4755 chap.tlu(sp); 4756 } 4757 break; 4758 4759 default: 4760 /* Unknown CHAP packet type -- ignore. */ 4761 if (debug) { 4762 log(LOG_DEBUG, "%s: chap unknown input(%s) " 4763 "<0x%x id=0x%xh len=%d", 4764 ifp->if_xname, 4765 sppp_state_name(sp->scp[IDX_CHAP].state), 4766 h->type, h->ident, ntohs(h->len)); 4767 if (len > 4) 4768 sppp_print_bytes((u_char *)(h + 1), len - 4); 4769 addlog(">\n"); 4770 } 4771 break; 4772 4773 } 4774 4775 SPPP_UNLOCK(sp); 4776 } 4777 4778 static void 4779 sppp_chap_init(struct sppp *sp) 4780 { 4781 4782 KASSERT(SPPP_WLOCKED(sp)); 4783 4784 /* Chap doesn't have STATE_INITIAL at all. */ 4785 sp->scp[IDX_CHAP].state = STATE_CLOSED; 4786 sp->scp[IDX_CHAP].fail_counter = 0; 4787 sp->scp[IDX_CHAP].seq = 0; 4788 sp->scp[IDX_CHAP].rseq = 0; 4789 callout_init(&sp->scp[IDX_CHAP].ch, CALLOUT_MPSAFE); 4790 callout_setfunc(&sp->scp[IDX_CHAP].ch, 4791 sppp_chap_TO, sp); 4792 } 4793 4794 static void 4795 sppp_chap_open(struct sppp *sp, void *xcp __unused) 4796 { 4797 4798 KASSERT(SPPP_WLOCKED(sp)); 4799 if (sp->hisauth.proto == PPP_CHAP && 4800 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4801 /* we are authenticator for CHAP, start it */ 4802 chap.scr(sp); 4803 sp->scp[IDX_CHAP].rst_counter = sp->lcp.max_configure; 4804 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4805 } 4806 /* nothing to be done if we are peer, await a challenge */ 4807 } 4808 4809 static void 4810 sppp_chap_close(struct sppp *sp, void *xcp __unused) 4811 { 4812 4813 KASSERT(SPPP_WLOCKED(sp)); 4814 if (sp->scp[IDX_CHAP].state != STATE_CLOSED) 4815 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4816 } 4817 4818 static void 4819 sppp_chap_TO(void *cookie) 4820 { 4821 struct sppp *sp = (struct sppp *)cookie; 4822 STDDCL; 4823 int s; 4824 4825 s = splnet(); 4826 4827 SPPP_LOCK(sp, RW_WRITER); 4828 4829 if (debug) 4830 log(LOG_DEBUG, "%s: chap TO(%s) rst_counter = %d\n", 4831 ifp->if_xname, 4832 sppp_state_name(sp->scp[IDX_CHAP].state), 4833 sp->scp[IDX_CHAP].rst_counter); 4834 4835 if (--sp->scp[IDX_CHAP].rst_counter < 0) 4836 /* TO- event */ 4837 switch (sp->scp[IDX_CHAP].state) { 4838 case STATE_REQ_SENT: 4839 chap.tld(sp); 4840 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4841 break; 4842 } 4843 else 4844 /* TO+ (or TO*) event */ 4845 switch (sp->scp[IDX_CHAP].state) { 4846 case STATE_OPENED: 4847 /* TO* event */ 4848 sp->scp[IDX_CHAP].rst_counter = sp->lcp.max_configure; 4849 /* fall through */ 4850 case STATE_REQ_SENT: 4851 chap.scr(sp); 4852 /* sppp_cp_change_state() will restart the timer */ 4853 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4854 break; 4855 } 4856 4857 SPPP_UNLOCK(sp); 4858 splx(s); 4859 } 4860 4861 static void 4862 sppp_chap_tlu(struct sppp *sp) 4863 { 4864 STDDCL; 4865 int i, x; 4866 4867 KASSERT(SPPP_WLOCKED(sp)); 4868 4869 i = 0; 4870 sp->scp[IDX_CHAP].rst_counter = sp->lcp.max_configure; 4871 4872 /* 4873 * Some broken CHAP implementations (Conware CoNet, firmware 4874 * 4.0.?) don't want to re-authenticate their CHAP once the 4875 * initial challenge-response exchange has taken place. 4876 * Provide for an option to avoid rechallenges. 4877 */ 4878 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) { 4879 /* 4880 * Compute the re-challenge timeout. This will yield 4881 * a number between 300 and 810 seconds. 4882 */ 4883 i = 300 + ((unsigned)(cprng_fast32() & 0xff00) >> 7); 4884 4885 callout_schedule(&sp->scp[IDX_CHAP].ch, i * hz); 4886 } 4887 4888 if (debug) { 4889 log(LOG_DEBUG, 4890 "%s: chap %s, ", 4891 ifp->if_xname, 4892 sp->pp_phase == SPPP_PHASE_NETWORK? "reconfirmed": "tlu"); 4893 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) 4894 addlog("next re-challenge in %d seconds\n", i); 4895 else 4896 addlog("re-challenging suppressed\n"); 4897 } 4898 4899 x = splnet(); 4900 sp->pp_auth_failures = 0; 4901 /* indicate to LCP that we need to be closed down */ 4902 sp->lcp.protos |= (1 << IDX_CHAP); 4903 4904 if (sp->pp_flags & PP_NEEDAUTH) { 4905 /* 4906 * Remote is authenticator, but his auth proto didn't 4907 * complete yet. Defer the transition to network 4908 * phase. 4909 */ 4910 splx(x); 4911 return; 4912 } 4913 splx(x); 4914 4915 /* 4916 * If we are already in phase network, we are done here. This 4917 * is the case if this is a dummy tlu event after a re-challenge. 4918 */ 4919 if (sp->pp_phase != SPPP_PHASE_NETWORK) 4920 sppp_phase_network(sp); 4921 } 4922 4923 static void 4924 sppp_chap_tld(struct sppp *sp) 4925 { 4926 STDDCL; 4927 4928 KASSERT(SPPP_WLOCKED(sp)); 4929 4930 if (debug) 4931 log(LOG_DEBUG, "%s: chap tld\n", ifp->if_xname); 4932 callout_stop(&sp->scp[IDX_CHAP].ch); 4933 sp->lcp.protos &= ~(1 << IDX_CHAP); 4934 4935 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 4936 } 4937 4938 static void 4939 sppp_chap_scr(struct sppp *sp) 4940 { 4941 uint32_t *ch; 4942 u_char clen = 4 * sizeof(uint32_t); 4943 4944 KASSERT(SPPP_WLOCKED(sp)); 4945 4946 if (sp->hisauth.name == NULL) { 4947 /* can't do anything useful */ 4948 printf("%s: chap starting without his name being set\n", 4949 sp->pp_if.if_xname); 4950 return; 4951 } 4952 4953 /* Compute random challenge. */ 4954 ch = (uint32_t *)sp->hisauth.challenge; 4955 cprng_strong(kern_cprng, ch, clen, 0); 4956 4957 sp->scp[IDX_CHAP].confid = ++sp->scp[IDX_CHAP].seq; 4958 4959 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->scp[IDX_CHAP].confid, 4960 sizeof clen, (const char *)&clen, 4961 sizeof(sp->hisauth.challenge), sp->hisauth.challenge, 4962 0); 4963 } 4964 4965 /* 4966 *--------------------------------------------------------------------------* 4967 * * 4968 * The PAP implementation. * 4969 * * 4970 *--------------------------------------------------------------------------* 4971 */ 4972 /* 4973 * For PAP, we need to keep a little state also if we are the peer, not the 4974 * authenticator. This is since we don't get a request to authenticate, but 4975 * have to repeatedly authenticate ourself until we got a response (or the 4976 * retry counter is expired). 4977 */ 4978 4979 /* 4980 * Handle incoming PAP packets. */ 4981 static void 4982 sppp_pap_input(struct sppp *sp, struct mbuf *m) 4983 { 4984 STDDCL; 4985 struct lcp_header *h; 4986 int len, x; 4987 u_char mlen; 4988 char *name, *secret; 4989 int name_len, secret_len; 4990 4991 /* 4992 * Malicious input might leave this uninitialized, so 4993 * init to an impossible value. 4994 */ 4995 secret_len = -1; 4996 4997 len = m->m_pkthdr.len; 4998 if (len < 5) { 4999 if (debug) 5000 log(LOG_DEBUG, 5001 "%s: pap invalid packet length: %d bytes\n", 5002 ifp->if_xname, len); 5003 return; 5004 } 5005 h = mtod(m, struct lcp_header *); 5006 if (len > ntohs(h->len)) 5007 len = ntohs(h->len); 5008 5009 SPPP_LOCK(sp, RW_WRITER); 5010 5011 switch (h->type) { 5012 /* PAP request is my authproto */ 5013 case PAP_REQ: 5014 if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) { 5015 /* can't do anything useful */ 5016 printf("%s: " 5017 "pap request without his name and his secret being set\n", 5018 ifp->if_xname); 5019 break; 5020 } 5021 name = 1 + (u_char *)(h + 1); 5022 name_len = name[-1]; 5023 secret = name + name_len + 1; 5024 if (name_len > len - 6 || 5025 (secret_len = secret[-1]) > len - 6 - name_len) { 5026 if (debug) { 5027 log(LOG_DEBUG, "%s: pap corrupted input " 5028 "<%s id=0x%x len=%d", 5029 ifp->if_xname, 5030 sppp_auth_type_name(PPP_PAP, h->type), 5031 h->ident, ntohs(h->len)); 5032 if (len > 4) 5033 sppp_print_bytes((u_char *)(h + 1), 5034 len - 4); 5035 addlog(">\n"); 5036 } 5037 break; 5038 } 5039 if (debug) { 5040 log(LOG_DEBUG, "%s: pap input(%s) " 5041 "<%s id=0x%x len=%d name=", 5042 ifp->if_xname, 5043 sppp_state_name(sp->scp[IDX_PAP].state), 5044 sppp_auth_type_name(PPP_PAP, h->type), 5045 h->ident, ntohs(h->len)); 5046 sppp_print_string((char *)name, name_len); 5047 addlog(" secret="); 5048 sppp_print_string((char *)secret, secret_len); 5049 addlog(">\n"); 5050 } 5051 if (name_len != sp->hisauth.name_len || 5052 secret_len != sp->hisauth.secret_len || 5053 memcmp(name, sp->hisauth.name, name_len) != 0 || 5054 memcmp(secret, sp->hisauth.secret, secret_len) != 0) { 5055 /* action scn, tld */ 5056 sp->pp_auth_failures++; 5057 mlen = sizeof(FAILMSG) - 1; 5058 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 5059 sizeof mlen, (const char *)&mlen, 5060 sizeof(FAILMSG) - 1, (const u_char *)FAILMSG, 5061 0); 5062 pap.tld(sp); 5063 break; 5064 } 5065 /* action sca, perhaps tlu */ 5066 if (sp->scp[IDX_PAP].state == STATE_REQ_SENT || 5067 sp->scp[IDX_PAP].state == STATE_OPENED) { 5068 mlen = sizeof(SUCCMSG) - 1; 5069 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 5070 sizeof mlen, (const char *)&mlen, 5071 sizeof(SUCCMSG) - 1, (const u_char *)SUCCMSG, 5072 0); 5073 } 5074 if (sp->scp[IDX_PAP].state == STATE_REQ_SENT) { 5075 sppp_cp_change_state(&pap, sp, STATE_OPENED); 5076 pap.tlu(sp); 5077 } 5078 break; 5079 5080 /* ack and nak are his authproto */ 5081 case PAP_ACK: 5082 callout_stop(&sp->pap_my_to_ch); 5083 if (debug) { 5084 log(LOG_DEBUG, "%s: pap success", 5085 ifp->if_xname); 5086 name = 1 + (u_char *)(h + 1); 5087 name_len = name[-1]; 5088 if (len > 5 && name_len < len+4) { 5089 addlog(": "); 5090 sppp_print_string(name, name_len); 5091 } 5092 addlog("\n"); 5093 } 5094 x = splnet(); 5095 sp->pp_auth_failures = 0; 5096 sp->pp_flags &= ~PP_NEEDAUTH; 5097 if (sp->myauth.proto == PPP_PAP && 5098 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 5099 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 5100 /* 5101 * We are authenticator for PAP but didn't 5102 * complete yet. Leave it to tlu to proceed 5103 * to network phase. 5104 */ 5105 splx(x); 5106 break; 5107 } 5108 splx(x); 5109 sppp_phase_network(sp); 5110 break; 5111 5112 case PAP_NAK: 5113 callout_stop(&sp->pap_my_to_ch); 5114 sp->pp_auth_failures++; 5115 if (debug) { 5116 log(LOG_INFO, "%s: pap failure", 5117 ifp->if_xname); 5118 name = 1 + (u_char *)(h + 1); 5119 name_len = name[-1]; 5120 if (len > 5 && name_len < len+4) { 5121 addlog(": "); 5122 sppp_print_string(name, name_len); 5123 } 5124 addlog("\n"); 5125 } else 5126 log(LOG_INFO, "%s: pap failure\n", 5127 ifp->if_xname); 5128 /* await LCP shutdown by authenticator */ 5129 break; 5130 5131 default: 5132 /* Unknown PAP packet type -- ignore. */ 5133 if (debug) { 5134 log(LOG_DEBUG, "%s: pap corrupted input " 5135 "<0x%x id=0x%x len=%d", 5136 ifp->if_xname, 5137 h->type, h->ident, ntohs(h->len)); 5138 if (len > 4) 5139 sppp_print_bytes((u_char *)(h + 1), len - 4); 5140 addlog(">\n"); 5141 } 5142 break; 5143 } 5144 5145 SPPP_UNLOCK(sp); 5146 } 5147 5148 static void 5149 sppp_pap_init(struct sppp *sp) 5150 { 5151 5152 KASSERT(SPPP_WLOCKED(sp)); 5153 5154 /* PAP doesn't have STATE_INITIAL at all. */ 5155 sp->scp[IDX_PAP].state = STATE_CLOSED; 5156 sp->scp[IDX_PAP].fail_counter = 0; 5157 sp->scp[IDX_PAP].seq = 0; 5158 sp->scp[IDX_PAP].rseq = 0; 5159 callout_init(&sp->scp[IDX_PAP].ch, CALLOUT_MPSAFE); 5160 callout_setfunc(&sp->scp[IDX_PAP].ch, 5161 sppp_pap_TO, sp); 5162 callout_init(&sp->pap_my_to_ch, CALLOUT_MPSAFE); 5163 } 5164 5165 static void 5166 sppp_pap_open(struct sppp *sp, void *xcp __unused) 5167 { 5168 5169 KASSERT(SPPP_WLOCKED(sp)); 5170 5171 if (sp->hisauth.proto == PPP_PAP && 5172 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 5173 /* we are authenticator for PAP, start our timer */ 5174 sp->scp[IDX_PAP].rst_counter = sp->lcp.max_configure; 5175 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 5176 } 5177 if (sp->myauth.proto == PPP_PAP) { 5178 /* we are peer, send a request, and start a timer */ 5179 pap.scr(sp); 5180 callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout, 5181 sppp_pap_my_TO, sp); 5182 } 5183 } 5184 5185 static void 5186 sppp_pap_close(struct sppp *sp, void *xcp __unused) 5187 { 5188 5189 KASSERT(SPPP_WLOCKED(sp)); 5190 5191 if (sp->scp[IDX_PAP].state != STATE_CLOSED) 5192 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 5193 } 5194 5195 /* 5196 * That's the timeout routine if we are authenticator. Since the 5197 * authenticator is basically passive in PAP, we can't do much here. 5198 */ 5199 static void 5200 sppp_pap_TO(void *cookie) 5201 { 5202 struct sppp *sp = (struct sppp *)cookie; 5203 STDDCL; 5204 int s; 5205 5206 s = splnet(); 5207 SPPP_LOCK(sp, RW_WRITER); 5208 5209 if (debug) 5210 log(LOG_DEBUG, "%s: pap TO(%s) rst_counter = %d\n", 5211 ifp->if_xname, 5212 sppp_state_name(sp->scp[IDX_PAP].state), 5213 sp->scp[IDX_PAP].rst_counter); 5214 5215 if (--sp->scp[IDX_PAP].rst_counter < 0) 5216 /* TO- event */ 5217 switch (sp->scp[IDX_PAP].state) { 5218 case STATE_REQ_SENT: 5219 pap.tld(sp); 5220 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 5221 break; 5222 } 5223 else 5224 /* TO+ event, not very much we could do */ 5225 switch (sp->scp[IDX_PAP].state) { 5226 case STATE_REQ_SENT: 5227 /* sppp_cp_change_state() will restart the timer */ 5228 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 5229 break; 5230 } 5231 5232 SPPP_UNLOCK(sp); 5233 splx(s); 5234 } 5235 5236 /* 5237 * That's the timeout handler if we are peer. Since the peer is active, 5238 * we need to retransmit our PAP request since it is apparently lost. 5239 * XXX We should impose a max counter. 5240 */ 5241 static void 5242 sppp_pap_my_TO(void *cookie) 5243 { 5244 struct sppp *sp = (struct sppp *)cookie; 5245 STDDCL; 5246 5247 SPPP_LOCK(sp, RW_WRITER); 5248 if (debug) 5249 log(LOG_DEBUG, "%s: pap peer TO\n", 5250 ifp->if_xname); 5251 5252 pap.scr(sp); 5253 5254 SPPP_UNLOCK(sp); 5255 } 5256 5257 static void 5258 sppp_pap_tlu(struct sppp *sp) 5259 { 5260 STDDCL; 5261 int x; 5262 5263 KASSERT(SPPP_WLOCKED(sp)); 5264 5265 sp->scp[IDX_PAP].rst_counter = sp->lcp.max_configure; 5266 5267 if (debug) 5268 log(LOG_DEBUG, "%s: %s tlu\n", 5269 ifp->if_xname, pap.name); 5270 5271 x = splnet(); 5272 sp->pp_auth_failures = 0; 5273 /* indicate to LCP that we need to be closed down */ 5274 sp->lcp.protos |= (1 << IDX_PAP); 5275 5276 if (sp->pp_flags & PP_NEEDAUTH) { 5277 /* 5278 * Remote is authenticator, but his auth proto didn't 5279 * complete yet. Defer the transition to network 5280 * phase. 5281 */ 5282 splx(x); 5283 return; 5284 } 5285 splx(x); 5286 sppp_phase_network(sp); 5287 } 5288 5289 static void 5290 sppp_pap_tld(struct sppp *sp) 5291 { 5292 STDDCL; 5293 5294 KASSERT(SPPP_WLOCKED(sp)); 5295 5296 if (debug) 5297 log(LOG_DEBUG, "%s: pap tld\n", ifp->if_xname); 5298 callout_stop(&sp->scp[IDX_PAP].ch); 5299 callout_stop(&sp->pap_my_to_ch); 5300 sp->lcp.protos &= ~(1 << IDX_PAP); 5301 5302 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 5303 } 5304 5305 static void 5306 sppp_pap_scr(struct sppp *sp) 5307 { 5308 u_char idlen, pwdlen; 5309 5310 KASSERT(SPPP_WLOCKED(sp)); 5311 5312 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 5313 /* can't do anything useful */ 5314 printf("%s: pap starting without my name and secret being set\n", 5315 sp->pp_if.if_xname); 5316 return; 5317 } 5318 5319 sp->scp[IDX_PAP].confid = ++sp->scp[IDX_PAP].seq; 5320 pwdlen = sp->myauth.secret_len; 5321 idlen = sp->myauth.name_len; 5322 5323 sppp_auth_send(&pap, sp, PAP_REQ, sp->scp[IDX_PAP].confid, 5324 sizeof idlen, (const char *)&idlen, 5325 idlen, sp->myauth.name, 5326 sizeof pwdlen, (const char *)&pwdlen, 5327 pwdlen, sp->myauth.secret, 5328 0); 5329 } 5330 5331 /* 5332 * Random miscellaneous functions. 5333 */ 5334 5335 /* 5336 * Send a PAP or CHAP proto packet. 5337 * 5338 * Varadic function, each of the elements for the ellipsis is of type 5339 * ``size_t mlen, const u_char *msg''. Processing will stop iff 5340 * mlen == 0. 5341 * NOTE: never declare variadic functions with types subject to type 5342 * promotion (i.e. u_char). This is asking for big trouble depending 5343 * on the architecture you are on... 5344 */ 5345 5346 static void 5347 sppp_auth_send(const struct cp *cp, struct sppp *sp, 5348 unsigned int type, unsigned int id, 5349 ...) 5350 { 5351 STDDCL; 5352 struct lcp_header *lh; 5353 struct mbuf *m; 5354 u_char *p; 5355 int len; 5356 size_t pkthdrlen; 5357 unsigned int mlen; 5358 const char *msg; 5359 va_list ap; 5360 5361 KASSERT(SPPP_WLOCKED(sp)); 5362 5363 MGETHDR(m, M_DONTWAIT, MT_DATA); 5364 if (! m) 5365 return; 5366 m_reset_rcvif(m); 5367 5368 if (sp->pp_flags & PP_NOFRAMING) { 5369 *mtod(m, uint16_t *) = htons(cp->proto); 5370 pkthdrlen = 2; 5371 lh = (struct lcp_header *)(mtod(m, uint8_t *)+2); 5372 } else { 5373 struct ppp_header *h; 5374 h = mtod(m, struct ppp_header *); 5375 h->address = PPP_ALLSTATIONS; /* broadcast address */ 5376 h->control = PPP_UI; /* Unnumbered Info */ 5377 h->protocol = htons(cp->proto); 5378 pkthdrlen = PPP_HEADER_LEN; 5379 5380 lh = (struct lcp_header *)(h + 1); 5381 } 5382 5383 lh->type = type; 5384 lh->ident = id; 5385 p = (u_char *)(lh + 1); 5386 5387 va_start(ap, id); 5388 len = 0; 5389 5390 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 5391 msg = va_arg(ap, const char *); 5392 len += mlen; 5393 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) { 5394 va_end(ap); 5395 m_freem(m); 5396 return; 5397 } 5398 5399 memcpy(p, msg, mlen); 5400 p += mlen; 5401 } 5402 va_end(ap); 5403 5404 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 5405 lh->len = htons(LCP_HEADER_LEN + len); 5406 5407 if (debug) { 5408 log(LOG_DEBUG, "%s: %s output <%s id=0x%x len=%d", 5409 ifp->if_xname, cp->name, 5410 sppp_auth_type_name(cp->proto, lh->type), 5411 lh->ident, ntohs(lh->len)); 5412 if (len) 5413 sppp_print_bytes((u_char *)(lh + 1), len); 5414 addlog(">\n"); 5415 } 5416 if (IF_QFULL(&sp->pp_cpq)) { 5417 IF_DROP(&sp->pp_fastq); 5418 IF_DROP(&ifp->if_snd); 5419 m_freem(m); 5420 if_statinc(ifp, if_oerrors); 5421 return; 5422 } 5423 5424 if_statadd(ifp, if_obytes, m->m_pkthdr.len + sp->pp_framebytes); 5425 IF_ENQUEUE(&sp->pp_cpq, m); 5426 5427 if (! (ifp->if_flags & IFF_OACTIVE)) { 5428 SPPP_UNLOCK(sp); 5429 if_start_lock(ifp); 5430 SPPP_LOCK(sp, RW_WRITER); 5431 } 5432 } 5433 5434 /* 5435 * Send keepalive packets, every 10 seconds. 5436 */ 5437 static void 5438 sppp_keepalive(void *dummy) 5439 { 5440 struct sppp *sp; 5441 int s; 5442 time_t now; 5443 5444 SPPPQ_LOCK(); 5445 5446 s = splnet(); 5447 now = time_uptime; 5448 for (sp=spppq; sp; sp=sp->pp_next) { 5449 struct ifnet *ifp = NULL; 5450 5451 SPPP_LOCK(sp, RW_WRITER); 5452 ifp = &sp->pp_if; 5453 5454 /* check idle timeout */ 5455 if ((sp->pp_idle_timeout != 0) && (ifp->if_flags & IFF_RUNNING) 5456 && (sp->pp_phase == SPPP_PHASE_NETWORK)) { 5457 /* idle timeout is enabled for this interface */ 5458 if ((now-sp->pp_last_activity) >= sp->pp_idle_timeout) { 5459 if (ifp->if_flags & IFF_DEBUG) 5460 printf("%s: no activity for %lu seconds\n", 5461 sp->pp_if.if_xname, 5462 (unsigned long)(now-sp->pp_last_activity)); 5463 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 5464 SPPP_UNLOCK(sp); 5465 continue; 5466 } 5467 } 5468 5469 /* Keepalive mode disabled or channel down? */ 5470 if (! (sp->pp_flags & PP_KEEPALIVE) || 5471 ! (ifp->if_flags & IFF_RUNNING)) { 5472 SPPP_UNLOCK(sp); 5473 continue; 5474 } 5475 5476 5477 /* No keepalive in PPP mode if LCP not opened yet. */ 5478 if (! (sp->pp_flags & PP_CISCO) && 5479 sp->pp_phase < SPPP_PHASE_AUTHENTICATE) { 5480 SPPP_UNLOCK(sp); 5481 continue; 5482 } 5483 5484 /* No echo reply, but maybe user data passed through? */ 5485 if ((now - sp->pp_last_receive) < sp->pp_max_noreceive) { 5486 sp->pp_alivecnt = 0; 5487 SPPP_UNLOCK(sp); 5488 continue; 5489 } 5490 5491 if (sp->pp_alivecnt >= sp->pp_maxalive) { 5492 /* No keepalive packets got. Stop the interface. */ 5493 sppp_wq_add(sp->wq_cp, &sp->work_ifdown); 5494 5495 if (! (sp->pp_flags & PP_CISCO)) { 5496 printf("%s: LCP keepalive timed out, going to restart the connection\n", 5497 ifp->if_xname); 5498 sp->pp_alivecnt = 0; 5499 5500 /* we are down, close all open protocols */ 5501 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 5502 5503 /* And now prepare LCP to reestablish the link, if configured to do so. */ 5504 sp->lcp.reestablish = true; 5505 5506 SPPP_UNLOCK(sp); 5507 continue; 5508 } 5509 } 5510 if (sp->pp_alivecnt < sp->pp_maxalive) 5511 ++sp->pp_alivecnt; 5512 if (sp->pp_flags & PP_CISCO) 5513 sppp_cisco_send(sp, CISCO_KEEPALIVE_REQ, 5514 ++sp->scp[IDX_LCP].seq, sp->scp[IDX_LCP].rseq); 5515 else if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 5516 int32_t nmagic = htonl(sp->lcp.magic); 5517 sp->lcp.echoid = ++sp->scp[IDX_LCP].seq; 5518 sppp_cp_send(sp, PPP_LCP, ECHO_REQ, 5519 sp->lcp.echoid, 4, &nmagic); 5520 } 5521 5522 SPPP_UNLOCK(sp); 5523 } 5524 splx(s); 5525 callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 5526 5527 SPPPQ_UNLOCK(); 5528 } 5529 5530 #ifdef INET 5531 /* 5532 * Get both IP addresses. 5533 */ 5534 static void 5535 sppp_get_ip_addrs(struct sppp *sp, uint32_t *src, uint32_t *dst, uint32_t *srcmask) 5536 { 5537 struct ifnet *ifp = &sp->pp_if; 5538 struct ifaddr *ifa; 5539 struct sockaddr_in *si, *sm; 5540 uint32_t ssrc, ddst; 5541 int s; 5542 struct psref psref; 5543 5544 sm = NULL; 5545 ssrc = ddst = 0; 5546 /* 5547 * Pick the first AF_INET address from the list, 5548 * aliases don't make any sense on a p2p link anyway. 5549 */ 5550 si = 0; 5551 s = pserialize_read_enter(); 5552 IFADDR_READER_FOREACH(ifa, ifp) { 5553 if (ifa->ifa_addr->sa_family == AF_INET) { 5554 si = (struct sockaddr_in *)ifa->ifa_addr; 5555 sm = (struct sockaddr_in *)ifa->ifa_netmask; 5556 if (si) { 5557 ifa_acquire(ifa, &psref); 5558 break; 5559 } 5560 } 5561 } 5562 pserialize_read_exit(s); 5563 if (ifa) { 5564 if (si && si->sin_addr.s_addr) { 5565 ssrc = si->sin_addr.s_addr; 5566 if (srcmask) 5567 *srcmask = ntohl(sm->sin_addr.s_addr); 5568 } 5569 5570 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 5571 if (si && si->sin_addr.s_addr) 5572 ddst = si->sin_addr.s_addr; 5573 ifa_release(ifa, &psref); 5574 } 5575 5576 if (dst) *dst = ntohl(ddst); 5577 if (src) *src = ntohl(ssrc); 5578 } 5579 5580 /* 5581 * Set IP addresses. Must be called at splnet. 5582 * If an address is 0, leave it the way it is. 5583 */ 5584 static void 5585 sppp_set_ip_addrs_work(struct work *wk, struct sppp *sp) 5586 { 5587 STDDCL; 5588 struct ifaddr *ifa; 5589 struct sockaddr_in *si, *dest; 5590 uint32_t myaddr = 0, hisaddr = 0; 5591 int s; 5592 5593 IFNET_LOCK(ifp); 5594 5595 /* 5596 * Pick the first AF_INET address from the list, 5597 * aliases don't make any sense on a p2p link anyway. 5598 */ 5599 si = dest = NULL; 5600 s = pserialize_read_enter(); 5601 IFADDR_READER_FOREACH(ifa, ifp) { 5602 if (ifa->ifa_addr->sa_family == AF_INET) { 5603 si = (struct sockaddr_in *)ifa->ifa_addr; 5604 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 5605 break; 5606 } 5607 } 5608 pserialize_read_exit(s); 5609 5610 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && (sp->ipcp.flags & IPCP_MYADDR_SEEN)) 5611 myaddr = sp->ipcp.req_myaddr; 5612 else if (si != NULL) 5613 myaddr = ntohl(si->sin_addr.s_addr); 5614 5615 if ((sp->ipcp.flags & IPCP_HISADDR_DYN) && (sp->ipcp.flags & IPCP_HISADDR_SEEN)) 5616 hisaddr = sp->ipcp.req_hisaddr; 5617 else if (dest != NULL) 5618 hisaddr = ntohl(dest->sin_addr.s_addr); 5619 5620 if (si != NULL && dest != NULL) { 5621 int error; 5622 struct sockaddr_in new_sin = *si; 5623 struct sockaddr_in new_dst = *dest; 5624 5625 if (myaddr != 0) 5626 new_sin.sin_addr.s_addr = htonl(myaddr); 5627 if (hisaddr != 0) { 5628 new_dst.sin_addr.s_addr = htonl(hisaddr); 5629 if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) 5630 sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr; 5631 } 5632 5633 in_addrhash_remove(ifatoia(ifa)); 5634 5635 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, &new_dst, 0); 5636 5637 in_addrhash_insert(ifatoia(ifa)); 5638 5639 if (debug && error) 5640 { 5641 log(LOG_DEBUG, "%s: %s: in_ifinit failed, error=%d\n", 5642 ifp->if_xname, __func__, error); 5643 } 5644 if (!error) { 5645 pfil_run_addrhooks(if_pfil, SIOCAIFADDR, ifa); 5646 } 5647 } 5648 5649 if (ifp->if_mtu > sp->lcp.their_mru) { 5650 sp->pp_saved_mtu = ifp->if_mtu; 5651 ifp->if_mtu = sp->lcp.their_mru; 5652 if (debug) 5653 log(LOG_DEBUG, 5654 "%s: setting MTU to %" PRIu64 " bytes\n", 5655 ifp->if_xname, ifp->if_mtu); 5656 } 5657 5658 IFNET_UNLOCK(ifp); 5659 5660 sppp_notify_con(sp); 5661 } 5662 5663 static void 5664 sppp_set_ip_addrs(struct sppp *sp) 5665 { 5666 struct ifnet *ifp = &sp->pp_if; 5667 5668 if (!pcq_put(sp->ipcp.update_addrs_q, (void *)IPCP_SET_ADDRS)) { 5669 log(LOG_WARNING, "%s: cannot enqueued, ignore sppp_clear_ip_addrs\n", 5670 ifp->if_xname); 5671 return; 5672 } 5673 5674 if (atomic_swap_uint(&sp->ipcp.update_addrs_enqueued, 1) == 1) 5675 return; 5676 5677 workqueue_enqueue(sp->ipcp.update_addrs_wq, &sp->ipcp.update_addrs_wk, NULL); 5678 } 5679 5680 /* 5681 * Clear IP addresses. Must be called at splnet. 5682 */ 5683 static void 5684 sppp_clear_ip_addrs_work(struct work *wk, struct sppp *sp) 5685 { 5686 STDDCL; 5687 struct ifaddr *ifa; 5688 struct sockaddr_in *si, *dest; 5689 int s; 5690 5691 IFNET_LOCK(ifp); 5692 5693 /* 5694 * Pick the first AF_INET address from the list, 5695 * aliases don't make any sense on a p2p link anyway. 5696 */ 5697 si = dest = NULL; 5698 s = pserialize_read_enter(); 5699 IFADDR_READER_FOREACH(ifa, ifp) { 5700 if (ifa->ifa_addr->sa_family == AF_INET) { 5701 si = (struct sockaddr_in *)ifa->ifa_addr; 5702 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 5703 break; 5704 } 5705 } 5706 pserialize_read_exit(s); 5707 5708 if (si != NULL) { 5709 struct sockaddr_in new_sin = *si; 5710 struct sockaddr_in new_dst = *dest; 5711 int error; 5712 5713 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 5714 new_sin.sin_addr.s_addr = 0; 5715 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 5716 new_dst.sin_addr.s_addr = sp->ipcp.saved_hisaddr; 5717 5718 in_addrhash_remove(ifatoia(ifa)); 5719 5720 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, &new_dst, 0); 5721 5722 in_addrhash_insert(ifatoia(ifa)); 5723 5724 if (debug && error) 5725 { 5726 log(LOG_DEBUG, "%s: %s: in_ifinit failed, error=%d\n", 5727 ifp->if_xname, __func__, error); 5728 } 5729 if (!error) { 5730 pfil_run_addrhooks(if_pfil, SIOCAIFADDR, ifa); 5731 } 5732 } 5733 5734 if (sp->pp_saved_mtu > 0) { 5735 ifp->if_mtu = sp->pp_saved_mtu; 5736 sp->pp_saved_mtu = 0; 5737 if (debug) 5738 log(LOG_DEBUG, 5739 "%s: resetting MTU to %" PRIu64 " bytes\n", 5740 ifp->if_xname, ifp->if_mtu); 5741 } 5742 5743 IFNET_UNLOCK(ifp); 5744 } 5745 5746 static void 5747 sppp_clear_ip_addrs(struct sppp *sp) 5748 { 5749 struct ifnet *ifp = &sp->pp_if; 5750 5751 if (!pcq_put(sp->ipcp.update_addrs_q, (void *)IPCP_CLEAR_ADDRS)) { 5752 log(LOG_WARNING, "%s: cannot enqueued, ignore sppp_clear_ip_addrs\n", 5753 ifp->if_xname); 5754 return; 5755 } 5756 5757 if (atomic_swap_uint(&sp->ipcp.update_addrs_enqueued, 1) == 1) 5758 return; 5759 5760 workqueue_enqueue(sp->ipcp.update_addrs_wq, &sp->ipcp.update_addrs_wk, NULL); 5761 } 5762 5763 static void 5764 sppp_update_ip_addrs_work(struct work *wk, void *arg) 5765 { 5766 struct sppp *sp = arg; 5767 void *work; 5768 5769 atomic_swap_uint(&sp->ipcp.update_addrs_enqueued, 0); 5770 5771 while ((work = pcq_get(sp->ipcp.update_addrs_q)) != NULL) { 5772 int update = (intptr_t)work; 5773 5774 if (update == IPCP_SET_ADDRS) 5775 sppp_set_ip_addrs_work(wk, sp); 5776 else if (update == IPCP_CLEAR_ADDRS) 5777 sppp_clear_ip_addrs_work(wk, sp); 5778 } 5779 } 5780 #endif 5781 5782 #ifdef INET6 5783 /* 5784 * Get both IPv6 addresses. 5785 */ 5786 static void 5787 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 5788 struct in6_addr *srcmask) 5789 { 5790 struct ifnet *ifp = &sp->pp_if; 5791 struct ifaddr *ifa; 5792 struct sockaddr_in6 *si, *sm; 5793 struct in6_addr ssrc, ddst; 5794 int s; 5795 struct psref psref; 5796 5797 sm = NULL; 5798 memset(&ssrc, 0, sizeof(ssrc)); 5799 memset(&ddst, 0, sizeof(ddst)); 5800 /* 5801 * Pick the first link-local AF_INET6 address from the list, 5802 * aliases don't make any sense on a p2p link anyway. 5803 */ 5804 si = 0; 5805 s = pserialize_read_enter(); 5806 IFADDR_READER_FOREACH(ifa, ifp) { 5807 if (ifa->ifa_addr->sa_family == AF_INET6) { 5808 si = (struct sockaddr_in6 *)ifa->ifa_addr; 5809 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 5810 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) { 5811 ifa_acquire(ifa, &psref); 5812 break; 5813 } 5814 } 5815 } 5816 pserialize_read_exit(s); 5817 5818 if (ifa) { 5819 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 5820 memcpy(&ssrc, &si->sin6_addr, sizeof(ssrc)); 5821 if (srcmask) { 5822 memcpy(srcmask, &sm->sin6_addr, 5823 sizeof(*srcmask)); 5824 } 5825 } 5826 5827 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 5828 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 5829 memcpy(&ddst, &si->sin6_addr, sizeof(ddst)); 5830 ifa_release(ifa, &psref); 5831 } 5832 5833 if (dst) 5834 memcpy(dst, &ddst, sizeof(*dst)); 5835 if (src) 5836 memcpy(src, &ssrc, sizeof(*src)); 5837 } 5838 5839 #ifdef IPV6CP_MYIFID_DYN 5840 /* 5841 * Generate random ifid. 5842 */ 5843 static void 5844 sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 5845 { 5846 /* TBD */ 5847 } 5848 5849 /* 5850 * Set my IPv6 address. Must be called at splnet. 5851 */ 5852 static void 5853 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 5854 { 5855 STDDCL; 5856 struct ifaddr *ifa; 5857 struct sockaddr_in6 *sin6; 5858 int s; 5859 struct psref psref; 5860 5861 IFNET_LOCK(ifp); 5862 5863 /* 5864 * Pick the first link-local AF_INET6 address from the list, 5865 * aliases don't make any sense on a p2p link anyway. 5866 */ 5867 5868 sin6 = NULL; 5869 s = pserialize_read_enter(); 5870 IFADDR_READER_FOREACH(ifa, ifp) 5871 { 5872 if (ifa->ifa_addr->sa_family == AF_INET6) 5873 { 5874 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 5875 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 5876 ifa_acquire(ifa, &psref); 5877 break; 5878 } 5879 } 5880 } 5881 pserialize_read_exit(s); 5882 5883 if (ifa && sin6) 5884 { 5885 int error; 5886 struct sockaddr_in6 new_sin6 = *sin6; 5887 5888 memcpy(&new_sin6.sin6_addr, src, sizeof(new_sin6.sin6_addr)); 5889 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 5890 if (debug && error) 5891 { 5892 log(LOG_DEBUG, "%s: %s: in6_ifinit failed, error=%d\n", 5893 ifp->if_xname, __func__, error); 5894 } 5895 if (!error) { 5896 pfil_run_addrhooks(if_pfil, SIOCAIFADDR_IN6, ifa); 5897 } 5898 ifa_release(ifa, &psref); 5899 } 5900 5901 IFNET_UNLOCK(ifp); 5902 } 5903 #endif 5904 5905 /* 5906 * Suggest a candidate address to be used by peer. 5907 */ 5908 static void 5909 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 5910 { 5911 struct in6_addr myaddr; 5912 struct timeval tv; 5913 5914 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 5915 5916 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 5917 microtime(&tv); 5918 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 5919 myaddr.s6_addr[14] ^= 0xff; 5920 myaddr.s6_addr[15] ^= 0xff; 5921 } else { 5922 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 5923 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 5924 } 5925 if (suggest) 5926 memcpy(suggest, &myaddr, sizeof(myaddr)); 5927 } 5928 #endif /*INET6*/ 5929 5930 /* 5931 * Process ioctl requests specific to the PPP interface. 5932 * Permissions have already been checked. 5933 */ 5934 static int 5935 sppp_params(struct sppp *sp, u_long cmd, void *data) 5936 { 5937 switch (cmd) { 5938 case SPPPGETAUTHCFG: 5939 { 5940 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 5941 int error; 5942 size_t len; 5943 5944 SPPP_LOCK(sp, RW_READER); 5945 5946 cfg->myauthflags = sp->myauth.flags; 5947 cfg->hisauthflags = sp->hisauth.flags; 5948 strlcpy(cfg->ifname, sp->pp_if.if_xname, sizeof(cfg->ifname)); 5949 cfg->hisauth = 0; 5950 if (sp->hisauth.proto) 5951 cfg->hisauth = (sp->hisauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP; 5952 cfg->myauth = 0; 5953 if (sp->myauth.proto) 5954 cfg->myauth = (sp->myauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP; 5955 if (cfg->myname_length == 0) { 5956 if (sp->myauth.name != NULL) 5957 cfg->myname_length = sp->myauth.name_len + 1; 5958 } else { 5959 if (sp->myauth.name == NULL) { 5960 cfg->myname_length = 0; 5961 } else { 5962 len = sp->myauth.name_len + 1; 5963 5964 5965 if (cfg->myname_length < len) { 5966 SPPP_UNLOCK(sp); 5967 return (ENAMETOOLONG); 5968 } 5969 error = copyout(sp->myauth.name, cfg->myname, len); 5970 if (error) { 5971 SPPP_UNLOCK(sp); 5972 return error; 5973 } 5974 } 5975 } 5976 if (cfg->hisname_length == 0) { 5977 if (sp->hisauth.name != NULL) 5978 cfg->hisname_length = sp->hisauth.name_len + 1; 5979 } else { 5980 if (sp->hisauth.name == NULL) { 5981 cfg->hisname_length = 0; 5982 } else { 5983 len = sp->hisauth.name_len + 1; 5984 5985 if (cfg->hisname_length < len) { 5986 SPPP_UNLOCK(sp); 5987 return (ENAMETOOLONG); 5988 } 5989 error = copyout(sp->hisauth.name, cfg->hisname, len); 5990 if (error) { 5991 SPPP_UNLOCK(sp); 5992 return error; 5993 } 5994 } 5995 } 5996 SPPP_UNLOCK(sp); 5997 } 5998 break; 5999 case SPPPSETAUTHCFG: 6000 { 6001 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 6002 int error; 6003 6004 SPPP_LOCK(sp, RW_WRITER); 6005 6006 if (sp->myauth.name) { 6007 free(sp->myauth.name, M_DEVBUF); 6008 sp->myauth.name = NULL; 6009 } 6010 if (sp->myauth.secret) { 6011 free(sp->myauth.secret, M_DEVBUF); 6012 sp->myauth.secret = NULL; 6013 } 6014 if (sp->hisauth.name) { 6015 free(sp->hisauth.name, M_DEVBUF); 6016 sp->hisauth.name = NULL; 6017 } 6018 if (sp->hisauth.secret) { 6019 free(sp->hisauth.secret, M_DEVBUF); 6020 sp->hisauth.secret = NULL; 6021 } 6022 6023 if (cfg->hisname != NULL && cfg->hisname_length > 0) { 6024 if (cfg->hisname_length >= MCLBYTES) { 6025 SPPP_UNLOCK(sp); 6026 return (ENAMETOOLONG); 6027 } 6028 sp->hisauth.name = malloc(cfg->hisname_length, M_DEVBUF, M_WAITOK); 6029 error = copyin(cfg->hisname, sp->hisauth.name, cfg->hisname_length); 6030 if (error) { 6031 free(sp->hisauth.name, M_DEVBUF); 6032 sp->hisauth.name = NULL; 6033 SPPP_UNLOCK(sp); 6034 return error; 6035 } 6036 sp->hisauth.name_len = cfg->hisname_length - 1; 6037 sp->hisauth.name[sp->hisauth.name_len] = 0; 6038 } 6039 if (cfg->hissecret != NULL && cfg->hissecret_length > 0) { 6040 if (cfg->hissecret_length >= MCLBYTES) { 6041 SPPP_UNLOCK(sp); 6042 return (ENAMETOOLONG); 6043 } 6044 sp->hisauth.secret = malloc(cfg->hissecret_length, 6045 M_DEVBUF, M_WAITOK); 6046 error = copyin(cfg->hissecret, sp->hisauth.secret, 6047 cfg->hissecret_length); 6048 if (error) { 6049 free(sp->hisauth.secret, M_DEVBUF); 6050 sp->hisauth.secret = NULL; 6051 SPPP_UNLOCK(sp); 6052 return error; 6053 } 6054 sp->hisauth.secret_len = cfg->hissecret_length - 1; 6055 sp->hisauth.secret[sp->hisauth.secret_len] = 0; 6056 } 6057 if (cfg->myname != NULL && cfg->myname_length > 0) { 6058 if (cfg->myname_length >= MCLBYTES) { 6059 SPPP_UNLOCK(sp); 6060 return (ENAMETOOLONG); 6061 } 6062 sp->myauth.name = malloc(cfg->myname_length, M_DEVBUF, M_WAITOK); 6063 error = copyin(cfg->myname, sp->myauth.name, cfg->myname_length); 6064 if (error) { 6065 free(sp->myauth.name, M_DEVBUF); 6066 sp->myauth.name = NULL; 6067 SPPP_UNLOCK(sp); 6068 return error; 6069 } 6070 sp->myauth.name_len = cfg->myname_length - 1; 6071 sp->myauth.name[sp->myauth.name_len] = 0; 6072 } 6073 if (cfg->mysecret != NULL && cfg->mysecret_length > 0) { 6074 if (cfg->mysecret_length >= MCLBYTES) { 6075 SPPP_UNLOCK(sp); 6076 return (ENAMETOOLONG); 6077 } 6078 sp->myauth.secret = malloc(cfg->mysecret_length, 6079 M_DEVBUF, M_WAITOK); 6080 error = copyin(cfg->mysecret, sp->myauth.secret, 6081 cfg->mysecret_length); 6082 if (error) { 6083 free(sp->myauth.secret, M_DEVBUF); 6084 sp->myauth.secret = NULL; 6085 SPPP_UNLOCK(sp); 6086 return error; 6087 } 6088 sp->myauth.secret_len = cfg->mysecret_length - 1; 6089 sp->myauth.secret[sp->myauth.secret_len] = 0; 6090 } 6091 sp->myauth.flags = cfg->myauthflags; 6092 if (cfg->myauth) 6093 sp->myauth.proto = (cfg->myauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP; 6094 sp->hisauth.flags = cfg->hisauthflags; 6095 if (cfg->hisauth) 6096 sp->hisauth.proto = (cfg->hisauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP; 6097 sp->pp_auth_failures = 0; 6098 if (sp->hisauth.proto != 0) 6099 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 6100 else 6101 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 6102 6103 SPPP_UNLOCK(sp); 6104 } 6105 break; 6106 case SPPPGETLCPCFG: 6107 { 6108 struct sppplcpcfg *lcpp = (struct sppplcpcfg *)data; 6109 6110 SPPP_LOCK(sp, RW_READER); 6111 lcpp->lcp_timeout = sp->lcp.timeout; 6112 SPPP_UNLOCK(sp); 6113 } 6114 break; 6115 case SPPPSETLCPCFG: 6116 { 6117 struct sppplcpcfg *lcpp = (struct sppplcpcfg *)data; 6118 6119 SPPP_LOCK(sp, RW_WRITER); 6120 sp->lcp.timeout = lcpp->lcp_timeout; 6121 SPPP_UNLOCK(sp); 6122 } 6123 break; 6124 case SPPPGETSTATUS: 6125 { 6126 struct spppstatus *status = (struct spppstatus *)data; 6127 6128 SPPP_LOCK(sp, RW_READER); 6129 status->phase = sp->pp_phase; 6130 SPPP_UNLOCK(sp); 6131 } 6132 break; 6133 case SPPPGETSTATUSNCP: 6134 { 6135 struct spppstatusncp *status = (struct spppstatusncp *)data; 6136 6137 SPPP_LOCK(sp, RW_READER); 6138 status->phase = sp->pp_phase; 6139 status->ncpup = sppp_ncp_check(sp); 6140 SPPP_UNLOCK(sp); 6141 } 6142 break; 6143 case SPPPGETIDLETO: 6144 { 6145 struct spppidletimeout *to = (struct spppidletimeout *)data; 6146 6147 SPPP_LOCK(sp, RW_READER); 6148 to->idle_seconds = sp->pp_idle_timeout; 6149 SPPP_UNLOCK(sp); 6150 } 6151 break; 6152 case SPPPSETIDLETO: 6153 { 6154 struct spppidletimeout *to = (struct spppidletimeout *)data; 6155 6156 SPPP_LOCK(sp, RW_WRITER); 6157 sp->pp_idle_timeout = to->idle_seconds; 6158 SPPP_UNLOCK(sp); 6159 } 6160 break; 6161 case SPPPSETAUTHFAILURE: 6162 { 6163 struct spppauthfailuresettings *afsettings = 6164 (struct spppauthfailuresettings *)data; 6165 6166 SPPP_LOCK(sp, RW_WRITER); 6167 sp->pp_max_auth_fail = afsettings->max_failures; 6168 sp->pp_auth_failures = 0; 6169 SPPP_UNLOCK(sp); 6170 } 6171 break; 6172 case SPPPGETAUTHFAILURES: 6173 { 6174 struct spppauthfailurestats *stats = (struct spppauthfailurestats *)data; 6175 6176 SPPP_LOCK(sp, RW_READER); 6177 stats->auth_failures = sp->pp_auth_failures; 6178 stats->max_failures = sp->pp_max_auth_fail; 6179 SPPP_UNLOCK(sp); 6180 } 6181 break; 6182 case SPPPSETDNSOPTS: 6183 { 6184 struct spppdnssettings *req = (struct spppdnssettings *)data; 6185 6186 SPPP_LOCK(sp, RW_WRITER); 6187 sp->query_dns = req->query_dns & 3; 6188 SPPP_UNLOCK(sp); 6189 } 6190 break; 6191 case SPPPGETDNSOPTS: 6192 { 6193 struct spppdnssettings *req = (struct spppdnssettings *)data; 6194 6195 SPPP_LOCK(sp, RW_READER); 6196 req->query_dns = sp->query_dns; 6197 SPPP_UNLOCK(sp); 6198 } 6199 break; 6200 case SPPPGETDNSADDRS: 6201 { 6202 struct spppdnsaddrs *addrs = (struct spppdnsaddrs *)data; 6203 6204 SPPP_LOCK(sp, RW_READER); 6205 memcpy(&addrs->dns, &sp->dns_addrs, sizeof addrs->dns); 6206 SPPP_UNLOCK(sp); 6207 } 6208 break; 6209 case SPPPGETKEEPALIVE: 6210 { 6211 struct spppkeepalivesettings *settings = 6212 (struct spppkeepalivesettings*)data; 6213 6214 SPPP_LOCK(sp, RW_READER); 6215 settings->maxalive = sp->pp_maxalive; 6216 settings->max_noreceive = sp->pp_max_noreceive; 6217 SPPP_UNLOCK(sp); 6218 } 6219 break; 6220 case SPPPSETKEEPALIVE: 6221 { 6222 struct spppkeepalivesettings *settings = 6223 (struct spppkeepalivesettings*)data; 6224 6225 SPPP_LOCK(sp, RW_WRITER); 6226 sp->pp_maxalive = settings->maxalive; 6227 sp->pp_max_noreceive = settings->max_noreceive; 6228 SPPP_UNLOCK(sp); 6229 } 6230 break; 6231 default: 6232 { 6233 int ret; 6234 6235 MODULE_HOOK_CALL(sppp_params_50_hook, (sp, cmd, data), 6236 enosys(), ret); 6237 if (ret != ENOSYS) 6238 return ret; 6239 return (EINVAL); 6240 } 6241 } 6242 return (0); 6243 } 6244 6245 static void 6246 sppp_phase_network(struct sppp *sp) 6247 { 6248 int i; 6249 uint32_t mask; 6250 6251 KASSERT(SPPP_WLOCKED(sp)); 6252 6253 sppp_change_phase(sp, SPPP_PHASE_NETWORK); 6254 6255 /* Notify NCPs now. */ 6256 for (i = 0; i < IDX_COUNT; i++) 6257 if ((cps[i])->flags & CP_NCP) 6258 (cps[i])->Open(sp, __UNCONST(&cps[i])); 6259 6260 /* Send Up events to all NCPs. */ 6261 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 6262 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) { 6263 (cps[i])->Up(sp, __UNCONST(&cps[i])); 6264 } 6265 6266 /* if no NCP is starting, all this was in vain, close down */ 6267 sppp_lcp_check_and_close(sp); 6268 } 6269 6270 6271 static const char * 6272 sppp_cp_type_name(u_char type) 6273 { 6274 static char buf[12]; 6275 switch (type) { 6276 case CONF_REQ: return "conf-req"; 6277 case CONF_ACK: return "conf-ack"; 6278 case CONF_NAK: return "conf-nak"; 6279 case CONF_REJ: return "conf-rej"; 6280 case TERM_REQ: return "term-req"; 6281 case TERM_ACK: return "term-ack"; 6282 case CODE_REJ: return "code-rej"; 6283 case PROTO_REJ: return "proto-rej"; 6284 case ECHO_REQ: return "echo-req"; 6285 case ECHO_REPLY: return "echo-reply"; 6286 case DISC_REQ: return "discard-req"; 6287 } 6288 snprintf(buf, sizeof(buf), "0x%x", type); 6289 return buf; 6290 } 6291 6292 static const char * 6293 sppp_auth_type_name(u_short proto, u_char type) 6294 { 6295 static char buf[32]; 6296 const char *name; 6297 6298 switch (proto) { 6299 case PPP_CHAP: 6300 switch (type) { 6301 case CHAP_CHALLENGE: return "challenge"; 6302 case CHAP_RESPONSE: return "response"; 6303 case CHAP_SUCCESS: return "success"; 6304 case CHAP_FAILURE: return "failure"; 6305 default: name = "chap"; break; 6306 } 6307 break; 6308 6309 case PPP_PAP: 6310 switch (type) { 6311 case PAP_REQ: return "req"; 6312 case PAP_ACK: return "ack"; 6313 case PAP_NAK: return "nak"; 6314 default: name = "pap"; break; 6315 } 6316 break; 6317 6318 default: 6319 name = "bad"; 6320 break; 6321 } 6322 6323 snprintf(buf, sizeof(buf), "%s(%#x) %#x", name, proto, type); 6324 return buf; 6325 } 6326 6327 static const char * 6328 sppp_lcp_opt_name(u_char opt) 6329 { 6330 static char buf[12]; 6331 switch (opt) { 6332 case LCP_OPT_MRU: return "mru"; 6333 case LCP_OPT_ASYNC_MAP: return "async-map"; 6334 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 6335 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 6336 case LCP_OPT_MAGIC: return "magic"; 6337 case LCP_OPT_PROTO_COMP: return "proto-comp"; 6338 case LCP_OPT_ADDR_COMP: return "addr-comp"; 6339 case LCP_OPT_SELF_DESC_PAD: return "sdpad"; 6340 case LCP_OPT_CALL_BACK: return "callback"; 6341 case LCP_OPT_COMPOUND_FRMS: return "cmpd-frms"; 6342 case LCP_OPT_MP_MRRU: return "mrru"; 6343 case LCP_OPT_MP_SSNHF: return "mp-ssnhf"; 6344 case LCP_OPT_MP_EID: return "mp-eid"; 6345 } 6346 snprintf(buf, sizeof(buf), "0x%x", opt); 6347 return buf; 6348 } 6349 6350 static const char * 6351 sppp_ipcp_opt_name(u_char opt) 6352 { 6353 static char buf[12]; 6354 switch (opt) { 6355 case IPCP_OPT_ADDRESSES: return "addresses"; 6356 case IPCP_OPT_COMPRESSION: return "compression"; 6357 case IPCP_OPT_ADDRESS: return "address"; 6358 } 6359 snprintf(buf, sizeof(buf), "0x%x", opt); 6360 return buf; 6361 } 6362 6363 #ifdef INET6 6364 static const char * 6365 sppp_ipv6cp_opt_name(u_char opt) 6366 { 6367 static char buf[12]; 6368 switch (opt) { 6369 case IPV6CP_OPT_IFID: return "ifid"; 6370 case IPV6CP_OPT_COMPRESSION: return "compression"; 6371 } 6372 snprintf(buf, sizeof(buf), "0x%x", opt); 6373 return buf; 6374 } 6375 #endif 6376 6377 static const char * 6378 sppp_state_name(int state) 6379 { 6380 switch (state) { 6381 case STATE_INITIAL: return "initial"; 6382 case STATE_STARTING: return "starting"; 6383 case STATE_CLOSED: return "closed"; 6384 case STATE_STOPPED: return "stopped"; 6385 case STATE_CLOSING: return "closing"; 6386 case STATE_STOPPING: return "stopping"; 6387 case STATE_REQ_SENT: return "req-sent"; 6388 case STATE_ACK_RCVD: return "ack-rcvd"; 6389 case STATE_ACK_SENT: return "ack-sent"; 6390 case STATE_OPENED: return "opened"; 6391 } 6392 return "illegal"; 6393 } 6394 6395 static const char * 6396 sppp_phase_name(int phase) 6397 { 6398 switch (phase) { 6399 case SPPP_PHASE_DEAD: return "dead"; 6400 case SPPP_PHASE_ESTABLISH: return "establish"; 6401 case SPPP_PHASE_TERMINATE: return "terminate"; 6402 case SPPP_PHASE_AUTHENTICATE: return "authenticate"; 6403 case SPPP_PHASE_NETWORK: return "network"; 6404 } 6405 return "illegal"; 6406 } 6407 6408 static const char * 6409 sppp_proto_name(u_short proto) 6410 { 6411 static char buf[12]; 6412 switch (proto) { 6413 case PPP_LCP: return "lcp"; 6414 case PPP_IPCP: return "ipcp"; 6415 case PPP_PAP: return "pap"; 6416 case PPP_CHAP: return "chap"; 6417 case PPP_IPV6CP: return "ipv6cp"; 6418 } 6419 snprintf(buf, sizeof(buf), "0x%x", (unsigned)proto); 6420 return buf; 6421 } 6422 6423 static void 6424 sppp_print_bytes(const u_char *p, u_short len) 6425 { 6426 addlog(" %02x", *p++); 6427 while (--len > 0) 6428 addlog("-%02x", *p++); 6429 } 6430 6431 static void 6432 sppp_print_string(const char *p, u_short len) 6433 { 6434 u_char c; 6435 6436 while (len-- > 0) { 6437 c = *p++; 6438 /* 6439 * Print only ASCII chars directly. RFC 1994 recommends 6440 * using only them, but we don't rely on it. */ 6441 if (c < ' ' || c > '~') 6442 addlog("\\x%x", c); 6443 else 6444 addlog("%c", c); 6445 } 6446 } 6447 6448 static const char * 6449 sppp_dotted_quad(uint32_t addr) 6450 { 6451 static char s[16]; 6452 snprintf(s, sizeof(s), "%d.%d.%d.%d", 6453 (int)((addr >> 24) & 0xff), 6454 (int)((addr >> 16) & 0xff), 6455 (int)((addr >> 8) & 0xff), 6456 (int)(addr & 0xff)); 6457 return s; 6458 } 6459 6460 /* a dummy, used to drop uninteresting events */ 6461 static void 6462 sppp_null(struct sppp *unused) 6463 { 6464 /* do just nothing */ 6465 } 6466 6467 static void 6468 sppp_null_event(struct sppp *unused0 __unused, void *unused1 __unused) 6469 { 6470 /* do just nothing */ 6471 } 6472 6473 static void 6474 sppp_sca_scn(const struct cp *cp, struct sppp *sp) 6475 { 6476 STDDCL; 6477 u_char rconfid, type, rlen; 6478 void *buf; 6479 size_t blen; 6480 6481 rconfid = sp->scp[cp->protoidx].rconfid; 6482 type = sp->scp[cp->protoidx].rcr_type; 6483 buf = sp->scp[cp->protoidx].rcr_buf; 6484 rlen = sp->scp[cp->protoidx].rcr_rlen; 6485 blen = sp->scp[cp->protoidx].rcr_blen; 6486 6487 sp->scp[cp->protoidx].rcr_buf = NULL; 6488 sp->scp[cp->protoidx].rcr_blen = 0; 6489 6490 if (buf != NULL) { 6491 if (rlen > 0) { 6492 if (debug) { 6493 log(LOG_DEBUG, "%s: send %s\n", 6494 ifp->if_xname, sppp_cp_type_name(type)); 6495 } 6496 sppp_cp_send(sp, cp->proto, type, rconfid, rlen, buf); 6497 } 6498 kmem_free(buf, blen); 6499 } 6500 } 6501 6502 static void 6503 sppp_ifdown(struct sppp *sp, void *xcp __unused) 6504 { 6505 6506 SPPP_UNLOCK(sp); 6507 if_down(&sp->pp_if); 6508 IF_PURGE(&sp->pp_cpq); 6509 SPPP_LOCK(sp, RW_WRITER); 6510 } 6511 6512 /* 6513 * This file is large. Tell emacs to highlight it nevertheless. 6514 * 6515 * Local Variables: 6516 * hilit-auto-highlight-maxout: 120000 6517 * End: 6518 */ 6519 6520 /* 6521 * Module glue 6522 */ 6523 MODULE(MODULE_CLASS_MISC, sppp_subr, NULL); 6524 6525 static int 6526 sppp_subr_modcmd(modcmd_t cmd, void *arg) 6527 { 6528 switch (cmd) { 6529 case MODULE_CMD_INIT: 6530 case MODULE_CMD_FINI: 6531 return 0; 6532 case MODULE_CMD_STAT: 6533 case MODULE_CMD_AUTOUNLOAD: 6534 default: 6535 return ENOTTY; 6536 } 6537 } 6538 6539 static void 6540 sppp_notify_up(struct sppp *sp) 6541 { 6542 6543 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_up); 6544 } 6545 6546 static void 6547 sppp_notify_down(struct sppp *sp) 6548 { 6549 6550 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_down); 6551 } 6552 6553 static void 6554 sppp_notify_tls_wlocked(struct sppp *sp) 6555 { 6556 6557 KASSERT(SPPP_WLOCKED(sp)); 6558 6559 if (!sp->pp_tls) 6560 return; 6561 6562 SPPP_UNLOCK(sp); 6563 sp->pp_tls(sp); 6564 SPPP_LOCK(sp, RW_WRITER); 6565 } 6566 6567 static void 6568 sppp_notify_tlf_wlocked(struct sppp *sp) 6569 { 6570 6571 KASSERT(SPPP_WLOCKED(sp)); 6572 6573 if (!sp->pp_tlf) 6574 return; 6575 6576 SPPP_UNLOCK(sp); 6577 sp->pp_tlf(sp); 6578 SPPP_LOCK(sp, RW_WRITER); 6579 } 6580 6581 static void 6582 sppp_notify_con(struct sppp *sp) 6583 { 6584 6585 if (!sp->pp_con) 6586 return; 6587 6588 sp->pp_con(sp); 6589 } 6590 6591 #ifdef INET6 6592 static void 6593 sppp_notify_con_wlocked(struct sppp *sp) 6594 { 6595 6596 KASSERT(SPPP_WLOCKED(sp)); 6597 6598 SPPP_UNLOCK(sp); 6599 sppp_notify_con(sp); 6600 SPPP_LOCK(sp, RW_WRITER); 6601 6602 } 6603 #endif 6604 6605 static void 6606 sppp_notify_chg_wlocked(struct sppp *sp) 6607 { 6608 6609 KASSERT(SPPP_WLOCKED(sp)); 6610 6611 if (!sp->pp_chg) 6612 return; 6613 6614 SPPP_UNLOCK(sp); 6615 sp->pp_chg(sp, sp->pp_phase); 6616 SPPP_LOCK(sp, RW_WRITER); 6617 } 6618 6619 static void 6620 sppp_wq_work(struct work *wk, void *xsp) 6621 { 6622 struct sppp *sp; 6623 struct sppp_work *work; 6624 6625 sp = xsp; 6626 work = container_of(wk, struct sppp_work, work); 6627 atomic_cas_uint(&work->state, SPPP_WK_BUSY, SPPP_WK_FREE); 6628 6629 SPPP_LOCK(sp, RW_WRITER); 6630 work->func(sp, work->arg); 6631 SPPP_UNLOCK(sp); 6632 } 6633 6634 static struct workqueue * 6635 sppp_wq_create(struct sppp *sp, const char *xnamebuf, pri_t prio, int ipl, int flags) 6636 { 6637 struct workqueue *wq; 6638 int error; 6639 6640 error = workqueue_create(&wq, xnamebuf, sppp_wq_work, 6641 (void *)sp, prio, ipl, flags); 6642 if (error) { 6643 panic("%s: workqueue_create failed [%s, %d]\n", 6644 sp->pp_if.if_xname, xnamebuf, error); 6645 } 6646 6647 return wq; 6648 } 6649 6650 static void 6651 sppp_wq_destroy(struct sppp *sp __unused, struct workqueue *wq) 6652 { 6653 6654 workqueue_destroy(wq); 6655 } 6656 6657 static void 6658 sppp_wq_set(struct sppp_work *work, 6659 void (*func)(struct sppp *, void *), void *arg) 6660 { 6661 6662 work->func = func; 6663 work->arg = arg; 6664 } 6665 6666 static void 6667 sppp_wq_add(struct workqueue *wq, struct sppp_work *work) 6668 { 6669 6670 if (atomic_cas_uint(&work->state, SPPP_WK_FREE, SPPP_WK_BUSY) 6671 != SPPP_WK_FREE) 6672 return; 6673 6674 KASSERT(work->func != NULL); 6675 kpreempt_disable(); 6676 workqueue_enqueue(wq, &work->work, NULL); 6677 kpreempt_enable(); 6678 } 6679 static void 6680 sppp_wq_wait(struct workqueue *wq, struct sppp_work *work) 6681 { 6682 6683 atomic_swap_uint(&work->state, SPPP_WK_UNAVAIL); 6684 workqueue_wait(wq, &work->work); 6685 } 6686
Indexes created Tue Oct 14 01:09:49 GMT 2025