if_spppsubr.c revision 1.206
1 /* $NetBSD: if_spppsubr.c,v 1.206 2020/11/25 10:05:40 yamaguchi Exp $ */ 2 3 /* 4 * Synchronous PPP/Cisco link level subroutines. 5 * Keepalive protocol implemented in both Cisco and PPP modes. 6 * 7 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 8 * Author: Serge Vakulenko, <vak (at) cronyx.ru> 9 * 10 * Heavily revamped to conform to RFC 1661. 11 * Copyright (C) 1997, Joerg Wunsch. 12 * 13 * RFC2472 IPv6CP support. 14 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun (at) iijlab.net>. 15 * 16 * Redistribution and use in source and binary forms, with or without 17 * modification, are permitted provided that the following conditions are met: 18 * 1. Redistributions of source code must retain the above copyright notice, 19 * this list of conditions and the following disclaimer. 20 * 2. Redistributions in binary form must reproduce the above copyright notice, 21 * this list of conditions and the following disclaimer in the documentation 22 * and/or other materials provided with the distribution. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY 25 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE 28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 32 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 34 * POSSIBILITY OF SUCH DAMAGE. 35 * 36 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 37 * 38 * From: if_spppsubr.c,v 1.39 1998/04/04 13:26:03 phk Exp 39 * 40 * From: Id: if_spppsubr.c,v 1.23 1999/02/23 14:47:50 hm Exp 41 */ 42 43 #include <sys/cdefs.h> 44 __KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.206 2020/11/25 10:05:40 yamaguchi Exp $"); 45 46 #if defined(_KERNEL_OPT) 47 #include "opt_inet.h" 48 #include "opt_modular.h" 49 #include "opt_compat_netbsd.h" 50 #include "opt_net_mpsafe.h" 51 #endif 52 53 #include <sys/param.h> 54 #include <sys/proc.h> 55 #include <sys/systm.h> 56 #include <sys/kernel.h> 57 #include <sys/sockio.h> 58 #include <sys/socket.h> 59 #include <sys/syslog.h> 60 #include <sys/malloc.h> 61 #include <sys/mbuf.h> 62 #include <sys/callout.h> 63 #include <sys/md5.h> 64 #include <sys/inttypes.h> 65 #include <sys/kauth.h> 66 #include <sys/cprng.h> 67 #include <sys/module.h> 68 #include <sys/workqueue.h> 69 #include <sys/atomic.h> 70 #include <sys/compat_stub.h> 71 72 #include <net/if.h> 73 #include <net/netisr.h> 74 #include <net/if_types.h> 75 #include <net/route.h> 76 #include <net/ppp_defs.h> 77 78 #include <netinet/in.h> 79 #include <netinet/in_systm.h> 80 #include <netinet/in_var.h> 81 #ifdef INET 82 #include <netinet/ip.h> 83 #include <netinet/tcp.h> 84 #endif 85 #include <net/ethertypes.h> 86 87 #ifdef INET6 88 #include <netinet6/scope6_var.h> 89 #endif 90 91 #include <net/if_sppp.h> 92 #include <net/if_spppvar.h> 93 94 #ifdef NET_MPSAFE 95 #define SPPPSUBR_MPSAFE 1 96 #endif 97 98 #define LCP_KEEPALIVE_INTERVAL 10 /* seconds between checks */ 99 #define LOOPALIVECNT 3 /* loopback detection tries */ 100 #define DEFAULT_MAXALIVECNT 3 /* max. missed alive packets */ 101 #define DEFAULT_NORECV_TIME 15 /* before we get worried */ 102 #define DEFAULT_MAX_AUTH_FAILURES 5 /* max. auth. failures */ 103 104 /* 105 * Interface flags that can be set in an ifconfig command. 106 * 107 * Setting link0 will make the link passive, i.e. it will be marked 108 * as being administrative openable, but won't be opened to begin 109 * with. Incoming calls will be answered, or subsequent calls with 110 * -link1 will cause the administrative open of the LCP layer. 111 * 112 * Setting link1 will cause the link to auto-dial only as packets 113 * arrive to be sent. 114 * 115 * Setting IFF_DEBUG will syslog the option negotiation and state 116 * transitions at level kern.debug. Note: all logs consistently look 117 * like 118 * 119 * <if-name><unit>: <proto-name> <additional info...> 120 * 121 * with <if-name><unit> being something like "bppp0", and <proto-name> 122 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 123 */ 124 125 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 126 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 127 128 #define CONF_REQ 1 /* PPP configure request */ 129 #define CONF_ACK 2 /* PPP configure acknowledge */ 130 #define CONF_NAK 3 /* PPP configure negative ack */ 131 #define CONF_REJ 4 /* PPP configure reject */ 132 #define TERM_REQ 5 /* PPP terminate request */ 133 #define TERM_ACK 6 /* PPP terminate acknowledge */ 134 #define CODE_REJ 7 /* PPP code reject */ 135 #define PROTO_REJ 8 /* PPP protocol reject */ 136 #define ECHO_REQ 9 /* PPP echo request */ 137 #define ECHO_REPLY 10 /* PPP echo reply */ 138 #define DISC_REQ 11 /* PPP discard request */ 139 140 #define LCP_OPT_MRU 1 /* maximum receive unit */ 141 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 142 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 143 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 144 #define LCP_OPT_MAGIC 5 /* magic number */ 145 #define LCP_OPT_RESERVED 6 /* reserved */ 146 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 147 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 148 #define LCP_OPT_FCS_ALTS 9 /* FCS alternatives */ 149 #define LCP_OPT_SELF_DESC_PAD 10 /* self-describing padding */ 150 #define LCP_OPT_CALL_BACK 13 /* callback */ 151 #define LCP_OPT_COMPOUND_FRMS 15 /* compound frames */ 152 #define LCP_OPT_MP_MRRU 17 /* multilink MRRU */ 153 #define LCP_OPT_MP_SSNHF 18 /* multilink short seq. numbers */ 154 #define LCP_OPT_MP_EID 19 /* multilink endpoint discriminator */ 155 156 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 157 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol */ 158 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 159 #define IPCP_OPT_PRIMDNS 129 /* primary remote dns address */ 160 #define IPCP_OPT_SECDNS 131 /* secondary remote dns address */ 161 162 #define IPCP_UPDATE_LIMIT 8 /* limit of pending IP updating job */ 163 #define IPCP_SET_ADDRS 1 /* marker for IP address setting job */ 164 #define IPCP_CLEAR_ADDRS 2 /* marker for IP address clearing job */ 165 166 #define IPV6CP_OPT_IFID 1 /* interface identifier */ 167 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 168 169 #define PAP_REQ 1 /* PAP name/password request */ 170 #define PAP_ACK 2 /* PAP acknowledge */ 171 #define PAP_NAK 3 /* PAP fail */ 172 173 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 174 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 175 #define CHAP_SUCCESS 3 /* CHAP response ok */ 176 #define CHAP_FAILURE 4 /* CHAP response failed */ 177 178 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 179 180 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 181 #define CISCO_UNICAST 0x0f /* Cisco unicast address */ 182 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 183 #define CISCO_ADDR_REQ 0 /* Cisco address request */ 184 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 185 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 186 187 /* states are named and numbered according to RFC 1661 */ 188 #define STATE_INITIAL 0 189 #define STATE_STARTING 1 190 #define STATE_CLOSED 2 191 #define STATE_STOPPED 3 192 #define STATE_CLOSING 4 193 #define STATE_STOPPING 5 194 #define STATE_REQ_SENT 6 195 #define STATE_ACK_RCVD 7 196 #define STATE_ACK_SENT 8 197 #define STATE_OPENED 9 198 199 enum cp_rcr_type { 200 CP_RCR_NONE = 0, /* initial value */ 201 CP_RCR_ACK, /* RCR+ */ 202 CP_RCR_NAK, /* RCR- */ 203 CP_RCR_REJ, /* RCR- */ 204 CP_RCR_DROP, /* DROP message */ 205 CP_RCR_ERR, /* internal error */ 206 }; 207 208 struct ppp_header { 209 uint8_t address; 210 uint8_t control; 211 uint16_t protocol; 212 } __packed; 213 #define PPP_HEADER_LEN sizeof (struct ppp_header) 214 215 struct lcp_header { 216 uint8_t type; 217 uint8_t ident; 218 uint16_t len; 219 } __packed; 220 #define LCP_HEADER_LEN sizeof (struct lcp_header) 221 222 struct cisco_packet { 223 uint32_t type; 224 uint32_t par1; 225 uint32_t par2; 226 uint16_t rel; 227 uint16_t time0; 228 uint16_t time1; 229 } __packed; 230 #define CISCO_PACKET_LEN 18 231 232 /* 233 * We follow the spelling and capitalization of RFC 1661 here, to make 234 * it easier comparing with the standard. Please refer to this RFC in 235 * case you can't make sense out of these abbreviation; it will also 236 * explain the semantics related to the various events and actions. 237 */ 238 struct cp { 239 u_short proto; /* PPP control protocol number */ 240 u_char protoidx; /* index into state table in struct sppp */ 241 u_char flags; 242 #define CP_LCP 0x01 /* this is the LCP */ 243 #define CP_AUTH 0x02 /* this is an authentication protocol */ 244 #define CP_NCP 0x04 /* this is a NCP */ 245 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 246 const char *name; /* name of this control protocol */ 247 /* event handlers */ 248 void (*Up)(struct sppp *, void *); 249 void (*Down)(struct sppp *, void *); 250 void (*Open)(struct sppp *, void *); 251 void (*Close)(struct sppp *, void *); 252 void (*TO)(struct sppp *, void *); 253 /* actions */ 254 void (*tlu)(struct sppp *); 255 void (*tld)(struct sppp *); 256 void (*tls)(const struct cp *, struct sppp *); 257 void (*tlf)(const struct cp *, struct sppp *); 258 void (*scr)(struct sppp *); 259 void (*scan)(const struct cp *, struct sppp *); 260 261 /* message parser */ 262 enum cp_rcr_type 263 (*parse_confreq)(struct sppp *, struct lcp_header *, int, 264 uint8_t **, size_t *, size_t *); 265 void (*parse_confrej)(struct sppp *, struct lcp_header *, int); 266 void (*parse_confnak)(struct sppp *, struct lcp_header *, int); 267 }; 268 269 enum auth_role { 270 SPPP_AUTH_NOROLE = 0, 271 SPPP_AUTH_SERV = __BIT(0), 272 SPPP_AUTH_PEER = __BIT(1), 273 }; 274 275 static struct sppp *spppq; 276 static kmutex_t *spppq_lock = NULL; 277 static callout_t keepalive_ch; 278 279 #define SPPPQ_LOCK() if (spppq_lock) \ 280 mutex_enter(spppq_lock); 281 #define SPPPQ_UNLOCK() if (spppq_lock) \ 282 mutex_exit(spppq_lock); 283 284 #define SPPP_LOCK(_sp, _op) rw_enter(&(_sp)->pp_lock, (_op)) 285 #define SPPP_UNLOCK(_sp) rw_exit(&(_sp)->pp_lock) 286 #define SPPP_WLOCKED(_sp) rw_write_held(&(_sp)->pp_lock) 287 #define SPPP_UPGRADE(_sp) do{ \ 288 SPPP_UNLOCK(_sp); \ 289 SPPP_LOCK(_sp, RW_WRITER); \ 290 }while (0) 291 #define SPPP_DOWNGRADE(_sp) rw_downgrade(&(_sp)->pp_lock) 292 #define SPPP_WQ_SET(_wk, _func, _arg) \ 293 sppp_wq_set((_wk), (_func), __UNCONST((_arg))) 294 295 #ifdef INET 296 #ifndef SPPPSUBR_MPSAFE 297 /* 298 * The following disgusting hack gets around the problem that IP TOS 299 * can't be set yet. We want to put "interactive" traffic on a high 300 * priority queue. To decide if traffic is interactive, we check that 301 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 302 * 303 * XXX is this really still necessary? - joerg - 304 */ 305 static u_short interactive_ports[8] = { 306 0, 513, 0, 0, 307 0, 21, 0, 23, 308 }; 309 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 310 #endif /* SPPPSUBR_MPSAFE */ 311 #endif 312 313 /* almost every function needs these */ 314 #define STDDCL \ 315 struct ifnet *ifp = &sp->pp_if; \ 316 int debug = ifp->if_flags & IFF_DEBUG 317 318 static int sppp_output(struct ifnet *, struct mbuf *, 319 const struct sockaddr *, const struct rtentry *); 320 321 static void sppp_cisco_send(struct sppp *, int, int32_t, int32_t); 322 static void sppp_cisco_input(struct sppp *, struct mbuf *); 323 324 static void sppp_cp_init(const struct cp *, struct sppp *); 325 static void sppp_cp_fini(const struct cp *, struct sppp *); 326 static void sppp_cp_input(const struct cp *, struct sppp *, 327 struct mbuf *); 328 static void sppp_cp_input(const struct cp *, struct sppp *, 329 struct mbuf *); 330 static void sppp_cp_send(struct sppp *, u_short, u_char, 331 u_char, u_short, void *); 332 /* static void sppp_cp_timeout(void *arg); */ 333 static void sppp_cp_change_state(const struct cp *, struct sppp *, int); 334 static struct workqueue * 335 sppp_wq_create(struct sppp *, const char *, pri_t, int, int); 336 static void sppp_wq_destroy(struct sppp *, struct workqueue *); 337 static void sppp_wq_set(struct sppp_work *, 338 void (*)(struct sppp *, void *), void *); 339 static void sppp_wq_add(struct workqueue *, struct sppp_work *); 340 static void sppp_wq_wait(struct workqueue *, struct sppp_work *); 341 static void sppp_cp_to_lcp(void *); 342 static void sppp_cp_to_ipcp(void *); 343 static void sppp_cp_to_ipv6cp(void *); 344 static void sppp_auth_send(const struct cp *, struct sppp *, 345 unsigned int, unsigned int, ...); 346 static int sppp_auth_role(const struct cp *, struct sppp *); 347 static void sppp_auth_to_event(struct sppp *, void *); 348 static void sppp_auth_sca_scn(const struct cp *, struct sppp *); 349 350 static void sppp_up_event(struct sppp *, void *); 351 static void sppp_down_event(struct sppp *, void *); 352 static void sppp_open_event(struct sppp *, void *); 353 static void sppp_close_event(struct sppp *, void *); 354 static void sppp_to_event(struct sppp *, void *); 355 static void sppp_rcr_event(struct sppp *, void *); 356 static void sppp_rca_event(struct sppp *, void *); 357 static void sppp_rcn_event(struct sppp *, void *); 358 static void sppp_rtr_event(struct sppp *, void *); 359 static void sppp_rta_event(struct sppp *, void *); 360 static void sppp_rxj_event(struct sppp *, void *); 361 362 static void sppp_null(struct sppp *); 363 static void sppp_tls(const struct cp *, struct sppp *); 364 static void sppp_tlf(const struct cp *, struct sppp *); 365 static void sppp_sca_scn(const struct cp *, struct sppp *); 366 static void sppp_ifdown(struct sppp *, void *); 367 368 static void sppp_lcp_init(struct sppp *); 369 static void sppp_lcp_up(struct sppp *, void *); 370 static void sppp_lcp_down(struct sppp *, void *); 371 static void sppp_lcp_open(struct sppp *, void *); 372 static enum cp_rcr_type 373 sppp_lcp_confreq(struct sppp *, struct lcp_header *, int, 374 uint8_t **, size_t *, size_t *); 375 static void sppp_lcp_confrej(struct sppp *, struct lcp_header *, int); 376 static void sppp_lcp_confnak(struct sppp *, struct lcp_header *, int); 377 static void sppp_lcp_tlu(struct sppp *); 378 static void sppp_lcp_tld(struct sppp *); 379 static void sppp_lcp_tls(const struct cp *, struct sppp *); 380 static void sppp_lcp_tlf(const struct cp *, struct sppp *); 381 static void sppp_lcp_scr(struct sppp *); 382 static void sppp_lcp_check_and_close(struct sppp *); 383 static int sppp_cp_check(struct sppp *, u_char); 384 385 static void sppp_ipcp_init(struct sppp *); 386 static void sppp_ipcp_open(struct sppp *, void *); 387 static void sppp_ipcp_close(struct sppp *, void *); 388 static enum cp_rcr_type 389 sppp_ipcp_confreq(struct sppp *, struct lcp_header *, int, 390 uint8_t **, size_t *, size_t *); 391 static void sppp_ipcp_confrej(struct sppp *, struct lcp_header *, int); 392 static void sppp_ipcp_confnak(struct sppp *, struct lcp_header *, int); 393 static void sppp_ipcp_tlu(struct sppp *); 394 static void sppp_ipcp_scr(struct sppp *); 395 396 static void sppp_ipv6cp_init(struct sppp *); 397 static void sppp_ipv6cp_open(struct sppp *, void *); 398 static enum cp_rcr_type 399 sppp_ipv6cp_confreq(struct sppp *, struct lcp_header *, int, 400 uint8_t **, size_t *, size_t *); 401 static void sppp_ipv6cp_confrej(struct sppp *, struct lcp_header *, int); 402 static void sppp_ipv6cp_confnak(struct sppp *, struct lcp_header *, int); 403 static void sppp_ipv6cp_tlu(struct sppp *); 404 static void sppp_ipv6cp_scr(struct sppp *); 405 406 static void sppp_pap_input(struct sppp *, struct mbuf *); 407 static void sppp_pap_init(struct sppp *); 408 static void sppp_pap_tlu(struct sppp *); 409 static void sppp_pap_scr(struct sppp *); 410 static void sppp_pap_scr(struct sppp *); 411 412 static void sppp_chap_input(struct sppp *, struct mbuf *); 413 static void sppp_chap_init(struct sppp *); 414 static void sppp_chap_open(struct sppp *, void *); 415 static void sppp_chap_tlu(struct sppp *); 416 static void sppp_chap_scr(struct sppp *); 417 static void sppp_chap_rcv_challenge_event(struct sppp *, void *); 418 419 static const char *sppp_auth_type_name(u_short, u_char); 420 static const char *sppp_cp_type_name(u_char); 421 static const char *sppp_dotted_quad(uint32_t); 422 static const char *sppp_ipcp_opt_name(u_char); 423 #ifdef INET6 424 static const char *sppp_ipv6cp_opt_name(u_char); 425 #endif 426 static const char *sppp_lcp_opt_name(u_char); 427 static const char *sppp_phase_name(int); 428 static const char *sppp_proto_name(u_short); 429 static const char *sppp_state_name(int); 430 static int sppp_params(struct sppp *, u_long, void *); 431 #ifdef INET 432 static void sppp_get_ip_addrs(struct sppp *, uint32_t *, uint32_t *, uint32_t *); 433 static void sppp_set_ip_addrs_work(struct work *, struct sppp *); 434 static void sppp_set_ip_addrs(struct sppp *); 435 static void sppp_clear_ip_addrs_work(struct work *, struct sppp *); 436 static void sppp_clear_ip_addrs(struct sppp *); 437 static void sppp_update_ip_addrs_work(struct work *, void *); 438 #endif 439 static void sppp_keepalive(void *); 440 static void sppp_phase_network(struct sppp *); 441 static void sppp_print_bytes(const u_char *, u_short); 442 static void sppp_print_string(const char *, u_short); 443 #ifdef INET6 444 static void sppp_get_ip6_addrs(struct sppp *, struct in6_addr *, 445 struct in6_addr *, struct in6_addr *); 446 #ifdef IPV6CP_MYIFID_DYN 447 static void sppp_set_ip6_addr(struct sppp *, const struct in6_addr *); 448 static void sppp_gen_ip6_addr(struct sppp *, const struct in6_addr *); 449 #endif 450 static void sppp_suggest_ip6_addr(struct sppp *, struct in6_addr *); 451 #endif 452 453 static void sppp_notify_up(struct sppp *); 454 static void sppp_notify_down(struct sppp *); 455 static void sppp_notify_tls_wlocked(struct sppp *); 456 static void sppp_notify_tlf_wlocked(struct sppp *); 457 #ifdef INET6 458 static void sppp_notify_con_wlocked(struct sppp *); 459 #endif 460 static void sppp_notify_con(struct sppp *); 461 462 static void sppp_notify_chg_wlocked(struct sppp *); 463 464 /* our control protocol descriptors */ 465 static const struct cp lcp = { 466 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 467 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, 468 sppp_close_event, sppp_to_event, 469 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, 470 sppp_lcp_tlf, sppp_lcp_scr, sppp_sca_scn, 471 sppp_lcp_confreq, sppp_lcp_confrej, sppp_lcp_confnak 472 }; 473 474 static const struct cp ipcp = { 475 PPP_IPCP, IDX_IPCP, 476 #ifdef INET 477 CP_NCP, /*don't run IPCP if there's no IPv4 support*/ 478 #else 479 0, 480 #endif 481 "ipcp", 482 sppp_up_event, sppp_down_event, sppp_ipcp_open, 483 sppp_ipcp_close, sppp_to_event, 484 sppp_ipcp_tlu, sppp_null, sppp_tls, 485 sppp_tlf, sppp_ipcp_scr, sppp_sca_scn, 486 sppp_ipcp_confreq, sppp_ipcp_confrej, sppp_ipcp_confnak, 487 }; 488 489 static const struct cp ipv6cp = { 490 PPP_IPV6CP, IDX_IPV6CP, 491 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 492 CP_NCP, 493 #else 494 0, 495 #endif 496 "ipv6cp", 497 sppp_up_event, sppp_down_event, sppp_ipv6cp_open, 498 sppp_close_event, sppp_to_event, 499 sppp_ipv6cp_tlu, sppp_null, sppp_tls, 500 sppp_tlf, sppp_ipv6cp_scr, sppp_sca_scn, 501 sppp_ipv6cp_confreq, sppp_ipv6cp_confrej, sppp_ipv6cp_confnak, 502 }; 503 504 static const struct cp pap = { 505 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 506 sppp_up_event, sppp_down_event, sppp_open_event, 507 sppp_close_event, sppp_to_event, 508 sppp_pap_tlu, sppp_null, sppp_tls, sppp_tlf, 509 sppp_pap_scr, sppp_auth_sca_scn, 510 NULL, NULL, NULL 511 }; 512 513 static const struct cp chap = { 514 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 515 sppp_up_event, sppp_down_event, sppp_chap_open, 516 sppp_close_event, sppp_auth_to_event, 517 sppp_chap_tlu, sppp_null, sppp_tls, sppp_tlf, 518 sppp_chap_scr, sppp_auth_sca_scn, 519 NULL, NULL, NULL 520 }; 521 522 static const struct cp *cps[IDX_COUNT] = { 523 &lcp, /* IDX_LCP */ 524 &ipcp, /* IDX_IPCP */ 525 &ipv6cp, /* IDX_IPV6CP */ 526 &pap, /* IDX_PAP */ 527 &chap, /* IDX_CHAP */ 528 }; 529 530 static void 531 sppp_change_phase(struct sppp *sp, int phase) 532 { 533 STDDCL; 534 535 KASSERT(SPPP_WLOCKED(sp)); 536 537 if (sp->pp_phase == phase) 538 return; 539 540 sp->pp_phase = phase; 541 542 if (phase == SPPP_PHASE_NETWORK) 543 if_link_state_change(ifp, LINK_STATE_UP); 544 else 545 if_link_state_change(ifp, LINK_STATE_DOWN); 546 547 if (debug) 548 { 549 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 550 sppp_phase_name(sp->pp_phase)); 551 } 552 } 553 554 /* 555 * Exported functions, comprising our interface to the lower layer. 556 */ 557 558 /* 559 * Process the received packet. 560 */ 561 void 562 sppp_input(struct ifnet *ifp, struct mbuf *m) 563 { 564 struct ppp_header *h = NULL; 565 pktqueue_t *pktq = NULL; 566 struct ifqueue *inq = NULL; 567 uint16_t protocol; 568 struct sppp *sp = (struct sppp *)ifp; 569 int debug = ifp->if_flags & IFF_DEBUG; 570 int isr = 0; 571 572 SPPP_LOCK(sp, RW_READER); 573 574 if (ifp->if_flags & IFF_UP) { 575 /* Count received bytes, add hardware framing */ 576 if_statadd(ifp, if_ibytes, m->m_pkthdr.len + sp->pp_framebytes); 577 /* Note time of last receive */ 578 sp->pp_last_receive = time_uptime; 579 } 580 581 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 582 /* Too small packet, drop it. */ 583 if (debug) 584 log(LOG_DEBUG, 585 "%s: input packet is too small, %d bytes\n", 586 ifp->if_xname, m->m_pkthdr.len); 587 drop: 588 if_statadd2(ifp, if_ierrors, 1, if_iqdrops, 1); 589 m_freem(m); 590 SPPP_UNLOCK(sp); 591 return; 592 } 593 594 if (sp->pp_flags & PP_NOFRAMING) { 595 memcpy(&protocol, mtod(m, void *), 2); 596 protocol = ntohs(protocol); 597 m_adj(m, 2); 598 } else { 599 600 /* Get PPP header. */ 601 h = mtod(m, struct ppp_header *); 602 m_adj(m, PPP_HEADER_LEN); 603 604 switch (h->address) { 605 case PPP_ALLSTATIONS: 606 if (h->control != PPP_UI) 607 goto invalid; 608 if (sp->pp_flags & PP_CISCO) { 609 if (debug) 610 log(LOG_DEBUG, 611 "%s: PPP packet in Cisco mode " 612 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 613 ifp->if_xname, 614 h->address, h->control, ntohs(h->protocol)); 615 goto drop; 616 } 617 break; 618 case CISCO_MULTICAST: 619 case CISCO_UNICAST: 620 /* Don't check the control field here (RFC 1547). */ 621 if (! (sp->pp_flags & PP_CISCO)) { 622 if (debug) 623 log(LOG_DEBUG, 624 "%s: Cisco packet in PPP mode " 625 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 626 ifp->if_xname, 627 h->address, h->control, ntohs(h->protocol)); 628 goto drop; 629 } 630 switch (ntohs(h->protocol)) { 631 default: 632 if_statinc(ifp, if_noproto); 633 goto invalid; 634 case CISCO_KEEPALIVE: 635 SPPP_UNLOCK(sp); 636 sppp_cisco_input((struct sppp *) ifp, m); 637 m_freem(m); 638 return; 639 #ifdef INET 640 case ETHERTYPE_IP: 641 pktq = ip_pktq; 642 break; 643 #endif 644 #ifdef INET6 645 case ETHERTYPE_IPV6: 646 pktq = ip6_pktq; 647 break; 648 #endif 649 } 650 goto queue_pkt; 651 default: /* Invalid PPP packet. */ 652 invalid: 653 if (debug) 654 log(LOG_DEBUG, 655 "%s: invalid input packet " 656 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 657 ifp->if_xname, 658 h->address, h->control, ntohs(h->protocol)); 659 goto drop; 660 } 661 protocol = ntohs(h->protocol); 662 } 663 664 switch (protocol) { 665 default: 666 if (sp->scp[IDX_LCP].state == STATE_OPENED) { 667 uint16_t prot = htons(protocol); 668 669 SPPP_UPGRADE(sp); 670 sppp_cp_send(sp, PPP_LCP, PROTO_REJ, 671 ++sp->scp[IDX_LCP].seq, m->m_pkthdr.len + 2, 672 &prot); 673 SPPP_DOWNGRADE(sp); 674 } 675 if (debug) 676 log(LOG_DEBUG, 677 "%s: invalid input protocol " 678 "<proto=0x%x>\n", ifp->if_xname, ntohs(protocol)); 679 if_statinc(ifp, if_noproto); 680 goto drop; 681 case PPP_LCP: 682 SPPP_UNLOCK(sp); 683 sppp_cp_input(&lcp, sp, m); 684 m_freem(m); 685 return; 686 case PPP_PAP: 687 SPPP_UNLOCK(sp); 688 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 689 sppp_pap_input(sp, m); 690 } 691 m_freem(m); 692 return; 693 case PPP_CHAP: 694 SPPP_UNLOCK(sp); 695 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 696 sppp_chap_input(sp, m); 697 } 698 m_freem(m); 699 return; 700 #ifdef INET 701 case PPP_IPCP: 702 SPPP_UNLOCK(sp); 703 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 704 sppp_cp_input(&ipcp, sp, m); 705 } 706 m_freem(m); 707 return; 708 case PPP_IP: 709 if (sp->scp[IDX_IPCP].state == STATE_OPENED) { 710 sp->pp_last_activity = time_uptime; 711 pktq = ip_pktq; 712 } 713 break; 714 #endif 715 #ifdef INET6 716 case PPP_IPV6CP: 717 SPPP_UNLOCK(sp); 718 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 719 sppp_cp_input(&ipv6cp, sp, m); 720 } 721 m_freem(m); 722 return; 723 724 case PPP_IPV6: 725 if (sp->scp[IDX_IPV6CP].state == STATE_OPENED) { 726 sp->pp_last_activity = time_uptime; 727 pktq = ip6_pktq; 728 } 729 break; 730 #endif 731 } 732 733 queue_pkt: 734 if ((ifp->if_flags & IFF_UP) == 0 || (!inq && !pktq)) { 735 goto drop; 736 } 737 738 /* Check queue. */ 739 if (__predict_true(pktq)) { 740 if (__predict_false(!pktq_enqueue(pktq, m, 0))) { 741 goto drop; 742 } 743 SPPP_UNLOCK(sp); 744 return; 745 } 746 747 SPPP_UNLOCK(sp); 748 749 IFQ_LOCK(inq); 750 if (IF_QFULL(inq)) { 751 /* Queue overflow. */ 752 IF_DROP(inq); 753 IFQ_UNLOCK(inq); 754 if (debug) 755 log(LOG_DEBUG, "%s: protocol queue overflow\n", 756 ifp->if_xname); 757 758 SPPP_LOCK(sp, RW_READER); 759 goto drop; 760 } 761 IF_ENQUEUE(inq, m); 762 IFQ_UNLOCK(inq); 763 schednetisr(isr); 764 } 765 766 /* 767 * Enqueue transmit packet. 768 */ 769 static int 770 sppp_output(struct ifnet *ifp, struct mbuf *m, 771 const struct sockaddr *dst, const struct rtentry *rt) 772 { 773 struct sppp *sp = (struct sppp *) ifp; 774 struct ppp_header *h = NULL; 775 #ifndef SPPPSUBR_MPSAFE 776 struct ifqueue *ifq = NULL; /* XXX */ 777 #endif 778 int s, error = 0; 779 uint16_t protocol; 780 size_t pktlen; 781 782 s = splnet(); 783 SPPP_LOCK(sp, RW_READER); 784 785 sp->pp_last_activity = time_uptime; 786 787 if ((ifp->if_flags & IFF_UP) == 0 || 788 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 789 SPPP_UNLOCK(sp); 790 splx(s); 791 792 m_freem(m); 793 794 return (ENETDOWN); 795 } 796 797 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 798 /* 799 * Interface is not yet running, but auto-dial. Need 800 * to start LCP for it. 801 */ 802 ifp->if_flags |= IFF_RUNNING; 803 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); 804 } 805 806 /* 807 * If the queueing discipline needs packet classification, 808 * do it before prepending link headers. 809 */ 810 IFQ_CLASSIFY(&ifp->if_snd, m, dst->sa_family); 811 812 #ifdef INET 813 if (dst->sa_family == AF_INET) { 814 struct ip *ip = NULL; 815 #ifndef SPPPSUBR_MPSAFE 816 struct tcphdr *th = NULL; 817 #endif 818 819 if (m->m_len >= sizeof(struct ip)) { 820 ip = mtod(m, struct ip *); 821 #ifndef SPPPSUBR_MPSAFE 822 if (ip->ip_p == IPPROTO_TCP && 823 m->m_len >= sizeof(struct ip) + (ip->ip_hl << 2) + 824 sizeof(struct tcphdr)) { 825 th = (struct tcphdr *) 826 ((char *)ip + (ip->ip_hl << 2)); 827 } 828 #endif 829 } else 830 ip = NULL; 831 832 /* 833 * When using dynamic local IP address assignment by using 834 * 0.0.0.0 as a local address, the first TCP session will 835 * not connect because the local TCP checksum is computed 836 * using 0.0.0.0 which will later become our real IP address 837 * so the TCP checksum computed at the remote end will 838 * become invalid. So we 839 * - don't let packets with src ip addr 0 thru 840 * - we flag TCP packets with src ip 0 as an error 841 */ 842 if (ip && ip->ip_src.s_addr == INADDR_ANY) { 843 uint8_t proto = ip->ip_p; 844 845 SPPP_UNLOCK(sp); 846 splx(s); 847 848 m_freem(m); 849 if (proto == IPPROTO_TCP) 850 return (EADDRNOTAVAIL); 851 else 852 return (0); 853 } 854 855 #ifndef SPPPSUBR_MPSAFE 856 /* 857 * Put low delay, telnet, rlogin and ftp control packets 858 * in front of the queue. 859 */ 860 if (!IF_QFULL(&sp->pp_fastq) && 861 ((ip && (ip->ip_tos & IPTOS_LOWDELAY)) || 862 (th && (INTERACTIVE(ntohs(th->th_sport)) || 863 INTERACTIVE(ntohs(th->th_dport)))))) 864 ifq = &sp->pp_fastq; 865 #endif /* !SPPPSUBR_MPSAFE */ 866 } 867 #endif 868 869 #ifdef INET6 870 if (dst->sa_family == AF_INET6) { 871 /* XXX do something tricky here? */ 872 } 873 #endif 874 875 if ((sp->pp_flags & PP_NOFRAMING) == 0) { 876 /* 877 * Prepend general data packet PPP header. For now, IP only. 878 */ 879 M_PREPEND(m, PPP_HEADER_LEN, M_DONTWAIT); 880 if (! m) { 881 if (ifp->if_flags & IFF_DEBUG) 882 log(LOG_DEBUG, "%s: no memory for transmit header\n", 883 ifp->if_xname); 884 if_statinc(ifp, if_oerrors); 885 SPPP_UNLOCK(sp); 886 splx(s); 887 return (ENOBUFS); 888 } 889 /* 890 * May want to check size of packet 891 * (albeit due to the implementation it's always enough) 892 */ 893 h = mtod(m, struct ppp_header *); 894 if (sp->pp_flags & PP_CISCO) { 895 h->address = CISCO_UNICAST; /* unicast address */ 896 h->control = 0; 897 } else { 898 h->address = PPP_ALLSTATIONS; /* broadcast address */ 899 h->control = PPP_UI; /* Unnumbered Info */ 900 } 901 } 902 903 switch (dst->sa_family) { 904 #ifdef INET 905 case AF_INET: /* Internet Protocol */ 906 if (sp->pp_flags & PP_CISCO) 907 protocol = htons(ETHERTYPE_IP); 908 else { 909 /* 910 * Don't choke with an ENETDOWN early. It's 911 * possible that we just started dialing out, 912 * so don't drop the packet immediately. If 913 * we notice that we run out of buffer space 914 * below, we will however remember that we are 915 * not ready to carry IP packets, and return 916 * ENETDOWN, as opposed to ENOBUFS. 917 */ 918 protocol = htons(PPP_IP); 919 if (sp->scp[IDX_IPCP].state != STATE_OPENED) 920 error = ENETDOWN; 921 } 922 break; 923 #endif 924 #ifdef INET6 925 case AF_INET6: /* Internet Protocol version 6 */ 926 if (sp->pp_flags & PP_CISCO) 927 protocol = htons(ETHERTYPE_IPV6); 928 else { 929 /* 930 * Don't choke with an ENETDOWN early. It's 931 * possible that we just started dialing out, 932 * so don't drop the packet immediately. If 933 * we notice that we run out of buffer space 934 * below, we will however remember that we are 935 * not ready to carry IP packets, and return 936 * ENETDOWN, as opposed to ENOBUFS. 937 */ 938 protocol = htons(PPP_IPV6); 939 if (sp->scp[IDX_IPV6CP].state != STATE_OPENED) 940 error = ENETDOWN; 941 } 942 break; 943 #endif 944 default: 945 m_freem(m); 946 if_statinc(ifp, if_oerrors); 947 SPPP_UNLOCK(sp); 948 splx(s); 949 return (EAFNOSUPPORT); 950 } 951 952 if (sp->pp_flags & PP_NOFRAMING) { 953 M_PREPEND(m, 2, M_DONTWAIT); 954 if (m == NULL) { 955 if (ifp->if_flags & IFF_DEBUG) 956 log(LOG_DEBUG, "%s: no memory for transmit header\n", 957 ifp->if_xname); 958 if_statinc(ifp, if_oerrors); 959 SPPP_UNLOCK(sp); 960 splx(s); 961 return (ENOBUFS); 962 } 963 *mtod(m, uint16_t *) = protocol; 964 } else { 965 h->protocol = protocol; 966 } 967 968 pktlen = m->m_pkthdr.len; 969 #ifdef SPPPSUBR_MPSAFE 970 SPPP_UNLOCK(sp); 971 error = if_transmit_lock(ifp, m); 972 SPPP_LOCK(sp, RW_READER); 973 if (error == 0) 974 if_statadd(ifp, if_obytes, pktlen + sp->pp_framebytes); 975 #else /* !SPPPSUBR_MPSAFE */ 976 error = ifq_enqueue2(ifp, ifq, m); 977 978 if (error == 0) { 979 /* 980 * Count output packets and bytes. 981 * The packet length includes header + additional hardware 982 * framing according to RFC 1333. 983 */ 984 if (!(ifp->if_flags & IFF_OACTIVE)) { 985 SPPP_UNLOCK(sp); 986 if_start_lock(ifp); 987 SPPP_LOCK(sp, RW_READER); 988 } 989 if_statadd(ifp, if_obytes, pktlen + sp->pp_framebytes); 990 } 991 #endif /* !SPPPSUBR_MPSAFE */ 992 SPPP_UNLOCK(sp); 993 splx(s); 994 return error; 995 } 996 997 void 998 sppp_attach(struct ifnet *ifp) 999 { 1000 struct sppp *sp = (struct sppp *) ifp; 1001 char xnamebuf[MAXCOMLEN]; 1002 1003 /* Initialize keepalive handler. */ 1004 if (! spppq) { 1005 callout_init(&keepalive_ch, CALLOUT_MPSAFE); 1006 callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 1007 } 1008 1009 if (! spppq_lock) 1010 spppq_lock = mutex_obj_alloc(MUTEX_DEFAULT, IPL_SOFTNET); 1011 1012 sp->pp_if.if_type = IFT_PPP; 1013 sp->pp_if.if_output = sppp_output; 1014 sp->pp_fastq.ifq_maxlen = 32; 1015 sp->pp_cpq.ifq_maxlen = 20; 1016 sp->pp_loopcnt = 0; 1017 sp->pp_alivecnt = 0; 1018 sp->pp_last_activity = 0; 1019 sp->pp_last_receive = 0; 1020 sp->pp_maxalive = DEFAULT_MAXALIVECNT; 1021 sp->pp_max_noreceive = DEFAULT_NORECV_TIME; 1022 sp->pp_idle_timeout = 0; 1023 sp->pp_max_auth_fail = DEFAULT_MAX_AUTH_FAILURES; 1024 sp->pp_phase = SPPP_PHASE_DEAD; 1025 sp->pp_up = sppp_notify_up; 1026 sp->pp_down = sppp_notify_down; 1027 sppp_wq_set(&sp->work_ifdown, sppp_ifdown, NULL); 1028 memset(sp->scp, 0, sizeof(sp->scp)); 1029 rw_init(&sp->pp_lock); 1030 1031 if_alloc_sadl(ifp); 1032 1033 /* Lets not beat about the bush, we know we're down. */ 1034 ifp->if_link_state = LINK_STATE_DOWN; 1035 1036 snprintf(xnamebuf, sizeof(xnamebuf), "%s.wq_cp", ifp->if_xname); 1037 sp->wq_cp = sppp_wq_create(sp, xnamebuf, 1038 PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE); 1039 1040 memset(&sp->myauth, 0, sizeof sp->myauth); 1041 memset(&sp->hisauth, 0, sizeof sp->hisauth); 1042 SPPP_LOCK(sp, RW_WRITER); 1043 sppp_lcp_init(sp); 1044 sppp_ipcp_init(sp); 1045 sppp_ipv6cp_init(sp); 1046 sppp_pap_init(sp); 1047 sppp_chap_init(sp); 1048 SPPP_UNLOCK(sp); 1049 1050 SPPPQ_LOCK(); 1051 /* Insert new entry into the keepalive list. */ 1052 sp->pp_next = spppq; 1053 spppq = sp; 1054 SPPPQ_UNLOCK(); 1055 } 1056 1057 void 1058 sppp_detach(struct ifnet *ifp) 1059 { 1060 struct sppp **q, *p, *sp = (struct sppp *) ifp; 1061 1062 /* Remove the entry from the keepalive list. */ 1063 SPPPQ_LOCK(); 1064 for (q = &spppq; (p = *q); q = &p->pp_next) 1065 if (p == sp) { 1066 *q = p->pp_next; 1067 break; 1068 } 1069 SPPPQ_UNLOCK(); 1070 1071 if (! spppq) { 1072 /* Stop keepalive handler. */ 1073 callout_stop(&keepalive_ch); 1074 mutex_obj_free(spppq_lock); 1075 spppq_lock = NULL; 1076 } 1077 1078 SPPP_LOCK(sp, RW_WRITER); 1079 1080 /* to avoid workqueue enqueued */ 1081 atomic_swap_uint(&sp->ipcp.update_addrs_enqueued, 1); 1082 workqueue_wait(sp->ipcp.update_addrs_wq, &sp->ipcp.update_addrs_wk); 1083 workqueue_destroy(sp->ipcp.update_addrs_wq); 1084 pcq_destroy(sp->ipcp.update_addrs_q); 1085 1086 sppp_cp_fini(&lcp, sp); 1087 sppp_cp_fini(&ipcp, sp); 1088 sppp_cp_fini(&pap, sp); 1089 sppp_cp_fini(&chap, sp); 1090 #ifdef INET6 1091 sppp_cp_fini(&ipv6cp, sp); 1092 #endif 1093 sppp_wq_destroy(sp, sp->wq_cp); 1094 1095 /* free authentication info */ 1096 if (sp->myauth.name) free(sp->myauth.name, M_DEVBUF); 1097 if (sp->myauth.secret) free(sp->myauth.secret, M_DEVBUF); 1098 if (sp->hisauth.name) free(sp->hisauth.name, M_DEVBUF); 1099 if (sp->hisauth.secret) free(sp->hisauth.secret, M_DEVBUF); 1100 SPPP_UNLOCK(sp); 1101 rw_destroy(&sp->pp_lock); 1102 } 1103 1104 /* 1105 * Flush the interface output queue. 1106 */ 1107 void 1108 sppp_flush(struct ifnet *ifp) 1109 { 1110 struct sppp *sp = (struct sppp *) ifp; 1111 1112 SPPP_LOCK(sp, RW_WRITER); 1113 IFQ_PURGE(&sp->pp_if.if_snd); 1114 IF_PURGE(&sp->pp_fastq); 1115 IF_PURGE(&sp->pp_cpq); 1116 SPPP_UNLOCK(sp); 1117 } 1118 1119 /* 1120 * Check if the output queue is empty. 1121 */ 1122 int 1123 sppp_isempty(struct ifnet *ifp) 1124 { 1125 struct sppp *sp = (struct sppp *) ifp; 1126 int empty, s; 1127 1128 s = splnet(); 1129 SPPP_LOCK(sp, RW_READER); 1130 empty = IF_IS_EMPTY(&sp->pp_fastq) && IF_IS_EMPTY(&sp->pp_cpq) && 1131 IFQ_IS_EMPTY(&sp->pp_if.if_snd); 1132 SPPP_UNLOCK(sp); 1133 splx(s); 1134 return (empty); 1135 } 1136 1137 /* 1138 * Get next packet to send. 1139 */ 1140 struct mbuf * 1141 sppp_dequeue(struct ifnet *ifp) 1142 { 1143 struct sppp *sp = (struct sppp *) ifp; 1144 struct mbuf *m; 1145 int s; 1146 1147 s = splnet(); 1148 SPPP_LOCK(sp, RW_WRITER); 1149 /* 1150 * Process only the control protocol queue until we have at 1151 * least one NCP open. 1152 * 1153 * Do always serve all three queues in Cisco mode. 1154 */ 1155 IF_DEQUEUE(&sp->pp_cpq, m); 1156 if (m == NULL && 1157 (sppp_cp_check(sp, CP_NCP) || (sp->pp_flags & PP_CISCO) != 0)) { 1158 IF_DEQUEUE(&sp->pp_fastq, m); 1159 if (m == NULL) 1160 IFQ_DEQUEUE(&sp->pp_if.if_snd, m); 1161 } 1162 SPPP_UNLOCK(sp); 1163 splx(s); 1164 return m; 1165 } 1166 1167 /* 1168 * Process an ioctl request. Called on low priority level. 1169 */ 1170 int 1171 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) 1172 { 1173 struct lwp *l = curlwp; /* XXX */ 1174 struct ifreq *ifr = (struct ifreq *) data; 1175 struct ifaddr *ifa = (struct ifaddr *) data; 1176 struct sppp *sp = (struct sppp *) ifp; 1177 int s, error=0, going_up, going_down; 1178 u_short newmode; 1179 1180 s = splnet(); 1181 switch (cmd) { 1182 case SIOCINITIFADDR: 1183 ifa->ifa_rtrequest = p2p_rtrequest; 1184 break; 1185 1186 case SIOCSIFFLAGS: 1187 if ((error = ifioctl_common(ifp, cmd, data)) != 0) 1188 break; 1189 1190 SPPP_LOCK(sp, RW_WRITER); 1191 going_up = ifp->if_flags & IFF_UP && 1192 (ifp->if_flags & IFF_RUNNING) == 0; 1193 going_down = (ifp->if_flags & IFF_UP) == 0 && 1194 ifp->if_flags & IFF_RUNNING; 1195 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 1196 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 1197 /* sanity */ 1198 newmode = IFF_PASSIVE; 1199 ifp->if_flags &= ~IFF_AUTO; 1200 } 1201 1202 if (going_up || going_down) { 1203 sp->lcp.reestablish = false; 1204 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 1205 } 1206 if (going_up && newmode == 0) { 1207 /* neither auto-dial nor passive */ 1208 ifp->if_flags |= IFF_RUNNING; 1209 if (!(sp->pp_flags & PP_CISCO)) { 1210 sppp_wq_add(sp->wq_cp, 1211 &sp->scp[IDX_LCP].work_open); 1212 } 1213 } else if (going_down) { 1214 SPPP_UNLOCK(sp); 1215 sppp_flush(ifp); 1216 SPPP_LOCK(sp, RW_WRITER); 1217 1218 ifp->if_flags &= ~IFF_RUNNING; 1219 } 1220 SPPP_UNLOCK(sp); 1221 break; 1222 1223 case SIOCSIFMTU: 1224 if (ifr->ifr_mtu < PPP_MINMRU || 1225 ifr->ifr_mtu > sp->lcp.their_mru) { 1226 error = EINVAL; 1227 break; 1228 } 1229 /*FALLTHROUGH*/ 1230 case SIOCGIFMTU: 1231 if ((error = ifioctl_common(ifp, cmd, data)) == ENETRESET) 1232 error = 0; 1233 break; 1234 case SIOCADDMULTI: 1235 case SIOCDELMULTI: 1236 break; 1237 1238 case SPPPSETAUTHCFG: 1239 case SPPPSETLCPCFG: 1240 case SPPPSETIDLETO: 1241 case SPPPSETAUTHFAILURE: 1242 case SPPPSETDNSOPTS: 1243 case SPPPSETKEEPALIVE: 1244 #if defined(COMPAT_50) || defined(MODULAR) 1245 case __SPPPSETIDLETO50: 1246 case __SPPPSETKEEPALIVE50: 1247 #endif /* COMPAT_50 || MODULAR */ 1248 error = kauth_authorize_network(l->l_cred, 1249 KAUTH_NETWORK_INTERFACE, 1250 KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd, 1251 NULL); 1252 if (error) 1253 break; 1254 error = sppp_params(sp, cmd, data); 1255 break; 1256 1257 case SPPPGETAUTHCFG: 1258 case SPPPGETLCPCFG: 1259 case SPPPGETAUTHFAILURES: 1260 error = kauth_authorize_network(l->l_cred, 1261 KAUTH_NETWORK_INTERFACE, 1262 KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, ifp, (void *)cmd, 1263 NULL); 1264 if (error) 1265 break; 1266 error = sppp_params(sp, cmd, data); 1267 break; 1268 1269 case SPPPGETSTATUS: 1270 case SPPPGETSTATUSNCP: 1271 case SPPPGETIDLETO: 1272 case SPPPGETDNSOPTS: 1273 case SPPPGETDNSADDRS: 1274 case SPPPGETKEEPALIVE: 1275 #if defined(COMPAT_50) || defined(MODULAR) 1276 case __SPPPGETIDLETO50: 1277 case __SPPPGETKEEPALIVE50: 1278 #endif /* COMPAT_50 || MODULAR */ 1279 error = sppp_params(sp, cmd, data); 1280 break; 1281 1282 default: 1283 error = ifioctl_common(ifp, cmd, data); 1284 break; 1285 } 1286 splx(s); 1287 return (error); 1288 } 1289 1290 /* 1291 * Cisco framing implementation. 1292 */ 1293 1294 /* 1295 * Handle incoming Cisco keepalive protocol packets. 1296 */ 1297 static void 1298 sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1299 { 1300 STDDCL; 1301 struct cisco_packet *h; 1302 #ifdef INET 1303 uint32_t me, mymask = 0; /* XXX: GCC */ 1304 #endif 1305 1306 SPPP_LOCK(sp, RW_WRITER); 1307 1308 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1309 if (debug) 1310 log(LOG_DEBUG, 1311 "%s: cisco invalid packet length: %d bytes\n", 1312 ifp->if_xname, m->m_pkthdr.len); 1313 SPPP_UNLOCK(sp); 1314 return; 1315 } 1316 h = mtod(m, struct cisco_packet *); 1317 if (debug) 1318 log(LOG_DEBUG, 1319 "%s: cisco input: %d bytes " 1320 "<0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", 1321 ifp->if_xname, m->m_pkthdr.len, 1322 ntohl(h->type), h->par1, h->par2, (u_int)h->rel, 1323 (u_int)h->time0, (u_int)h->time1); 1324 switch (ntohl(h->type)) { 1325 default: 1326 if (debug) 1327 addlog("%s: cisco unknown packet type: 0x%x\n", 1328 ifp->if_xname, ntohl(h->type)); 1329 break; 1330 case CISCO_ADDR_REPLY: 1331 /* Reply on address request, ignore */ 1332 break; 1333 case CISCO_KEEPALIVE_REQ: 1334 sp->pp_alivecnt = 0; 1335 sp->scp[IDX_LCP].rseq = ntohl(h->par1); 1336 if (sp->scp[IDX_LCP].seq == sp->scp[IDX_LCP].rseq) { 1337 /* Local and remote sequence numbers are equal. 1338 * Probably, the line is in loopback mode. */ 1339 if (sp->pp_loopcnt >= LOOPALIVECNT) { 1340 printf ("%s: loopback\n", 1341 ifp->if_xname); 1342 sp->pp_loopcnt = 0; 1343 if (ifp->if_flags & IFF_UP) { 1344 SPPP_UNLOCK(sp); 1345 if_down(ifp); 1346 SPPP_LOCK(sp, RW_WRITER); 1347 1348 IF_PURGE(&sp->pp_cpq); 1349 } 1350 } 1351 ++sp->pp_loopcnt; 1352 1353 /* Generate new local sequence number */ 1354 sp->scp[IDX_LCP].seq = cprng_fast32(); 1355 break; 1356 } 1357 sp->pp_loopcnt = 0; 1358 if (! (ifp->if_flags & IFF_UP) && 1359 (ifp->if_flags & IFF_RUNNING)) { 1360 SPPP_UNLOCK(sp); 1361 if_up(ifp); 1362 SPPP_LOCK(sp, RW_WRITER); 1363 } 1364 break; 1365 case CISCO_ADDR_REQ: 1366 #ifdef INET 1367 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1368 if (me != 0L) 1369 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1370 #endif 1371 break; 1372 } 1373 SPPP_UNLOCK(sp); 1374 } 1375 1376 /* 1377 * Send Cisco keepalive packet. 1378 */ 1379 static void 1380 sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2) 1381 { 1382 STDDCL; 1383 struct ppp_header *h; 1384 struct cisco_packet *ch; 1385 struct mbuf *m; 1386 uint32_t t; 1387 1388 KASSERT(SPPP_WLOCKED(sp)); 1389 1390 t = time_uptime * 1000; 1391 MGETHDR(m, M_DONTWAIT, MT_DATA); 1392 if (! m) 1393 return; 1394 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1395 m_reset_rcvif(m); 1396 1397 h = mtod(m, struct ppp_header *); 1398 h->address = CISCO_MULTICAST; 1399 h->control = 0; 1400 h->protocol = htons(CISCO_KEEPALIVE); 1401 1402 ch = (struct cisco_packet *)(h + 1); 1403 ch->type = htonl(type); 1404 ch->par1 = htonl(par1); 1405 ch->par2 = htonl(par2); 1406 ch->rel = -1; 1407 1408 ch->time0 = htons((u_short)(t >> 16)); 1409 ch->time1 = htons((u_short) t); 1410 1411 if (debug) 1412 log(LOG_DEBUG, 1413 "%s: cisco output: <0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", 1414 ifp->if_xname, ntohl(ch->type), ch->par1, 1415 ch->par2, (u_int)ch->rel, (u_int)ch->time0, 1416 (u_int)ch->time1); 1417 1418 if (IF_QFULL(&sp->pp_cpq)) { 1419 IF_DROP(&sp->pp_fastq); 1420 IF_DROP(&ifp->if_snd); 1421 m_freem(m); 1422 if_statinc(ifp, if_oerrors); 1423 return; 1424 } 1425 1426 if_statadd(ifp, if_obytes, m->m_pkthdr.len + sp->pp_framebytes); 1427 IF_ENQUEUE(&sp->pp_cpq, m); 1428 1429 if (! (ifp->if_flags & IFF_OACTIVE)) { 1430 SPPP_UNLOCK(sp); 1431 if_start_lock(ifp); 1432 SPPP_LOCK(sp, RW_WRITER); 1433 } 1434 } 1435 1436 /* 1437 * PPP protocol implementation. 1438 */ 1439 1440 /* 1441 * Send PPP control protocol packet. 1442 */ 1443 static void 1444 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1445 u_char ident, u_short len, void *data) 1446 { 1447 STDDCL; 1448 struct lcp_header *lh; 1449 struct mbuf *m; 1450 size_t pkthdrlen; 1451 1452 KASSERT(SPPP_WLOCKED(sp)); 1453 1454 pkthdrlen = (sp->pp_flags & PP_NOFRAMING) ? 2 : PPP_HEADER_LEN; 1455 1456 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) 1457 len = MHLEN - pkthdrlen - LCP_HEADER_LEN; 1458 MGETHDR(m, M_DONTWAIT, MT_DATA); 1459 if (! m) { 1460 return; 1461 } 1462 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 1463 m_reset_rcvif(m); 1464 1465 if (sp->pp_flags & PP_NOFRAMING) { 1466 *mtod(m, uint16_t *) = htons(proto); 1467 lh = (struct lcp_header *)(mtod(m, uint8_t *) + 2); 1468 } else { 1469 struct ppp_header *h; 1470 h = mtod(m, struct ppp_header *); 1471 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1472 h->control = PPP_UI; /* Unnumbered Info */ 1473 h->protocol = htons(proto); /* Link Control Protocol */ 1474 lh = (struct lcp_header *)(h + 1); 1475 } 1476 lh->type = type; 1477 lh->ident = ident; 1478 lh->len = htons(LCP_HEADER_LEN + len); 1479 if (len) 1480 memcpy(lh + 1, data, len); 1481 1482 if (debug) { 1483 log(LOG_DEBUG, "%s: %s output <%s id=0x%x len=%d", 1484 ifp->if_xname, 1485 sppp_proto_name(proto), 1486 sppp_cp_type_name(lh->type), lh->ident, ntohs(lh->len)); 1487 if (len) 1488 sppp_print_bytes((u_char *)(lh + 1), len); 1489 addlog(">\n"); 1490 } 1491 if (IF_QFULL(&sp->pp_cpq)) { 1492 IF_DROP(&sp->pp_fastq); 1493 IF_DROP(&ifp->if_snd); 1494 m_freem(m); 1495 if_statinc(ifp, if_oerrors); 1496 return; 1497 } 1498 1499 if_statadd(ifp, if_obytes, m->m_pkthdr.len + sp->pp_framebytes); 1500 IF_ENQUEUE(&sp->pp_cpq, m); 1501 1502 if (! (ifp->if_flags & IFF_OACTIVE)) { 1503 SPPP_UNLOCK(sp); 1504 if_start_lock(ifp); 1505 SPPP_LOCK(sp, RW_WRITER); 1506 } 1507 } 1508 1509 static void 1510 sppp_cp_to_lcp(void *xsp) 1511 { 1512 struct sppp *sp = xsp; 1513 1514 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_to); 1515 } 1516 1517 static void 1518 sppp_cp_to_ipcp(void *xsp) 1519 { 1520 struct sppp *sp = xsp; 1521 1522 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_IPCP].work_to); 1523 } 1524 1525 static void 1526 sppp_cp_to_ipv6cp(void *xsp) 1527 { 1528 struct sppp *sp = xsp; 1529 1530 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_IPV6CP].work_to); 1531 } 1532 1533 static void 1534 sppp_cp_to_pap(void *xsp) 1535 { 1536 struct sppp *sp = xsp; 1537 1538 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_to); 1539 } 1540 1541 static void 1542 sppp_cp_to_chap(void *xsp) 1543 { 1544 struct sppp *sp = xsp; 1545 1546 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_to); 1547 } 1548 1549 static void 1550 sppp_cp_init(const struct cp *cp, struct sppp *sp) 1551 { 1552 struct sppp_cp *scp; 1553 typedef void (*sppp_co_cb_t)(void *); 1554 static const sppp_co_cb_t to_cb[IDX_COUNT] = { 1555 [IDX_LCP] = sppp_cp_to_lcp, 1556 [IDX_IPCP] = sppp_cp_to_ipcp, 1557 [IDX_IPV6CP] = sppp_cp_to_ipv6cp, 1558 [IDX_PAP] = sppp_cp_to_pap, 1559 [IDX_CHAP] = sppp_cp_to_chap, 1560 }; 1561 1562 scp = &sp->scp[cp->protoidx]; 1563 scp->state = STATE_INITIAL; 1564 scp->fail_counter = 0; 1565 scp->seq = 0; 1566 scp->rseq = 0; 1567 1568 SPPP_WQ_SET(&scp->work_up, cp->Up, cp); 1569 SPPP_WQ_SET(&scp->work_down, cp->Down, cp); 1570 SPPP_WQ_SET(&scp->work_open, cp->Open, cp); 1571 SPPP_WQ_SET(&scp->work_close, cp->Close, cp); 1572 SPPP_WQ_SET(&scp->work_to, cp->TO, cp); 1573 SPPP_WQ_SET(&scp->work_rcr, sppp_rcr_event, cp); 1574 SPPP_WQ_SET(&scp->work_rca, sppp_rca_event, cp); 1575 SPPP_WQ_SET(&scp->work_rcn, sppp_rcn_event, cp); 1576 SPPP_WQ_SET(&scp->work_rtr, sppp_rtr_event, cp); 1577 SPPP_WQ_SET(&scp->work_rta, sppp_rta_event, cp); 1578 SPPP_WQ_SET(&scp->work_rxj, sppp_rxj_event, cp); 1579 1580 callout_init(&scp->ch, CALLOUT_MPSAFE); 1581 callout_setfunc(&scp->ch, to_cb[cp->protoidx], sp); 1582 } 1583 1584 static void 1585 sppp_cp_fini(const struct cp *cp, struct sppp *sp) 1586 { 1587 struct sppp_cp *scp; 1588 scp = &sp->scp[cp->protoidx]; 1589 1590 sppp_wq_wait(sp->wq_cp, &scp->work_up); 1591 sppp_wq_wait(sp->wq_cp, &scp->work_down); 1592 sppp_wq_wait(sp->wq_cp, &scp->work_open); 1593 sppp_wq_wait(sp->wq_cp, &scp->work_close); 1594 sppp_wq_wait(sp->wq_cp, &scp->work_to); 1595 sppp_wq_wait(sp->wq_cp, &scp->work_rcr); 1596 sppp_wq_wait(sp->wq_cp, &scp->work_rca); 1597 sppp_wq_wait(sp->wq_cp, &scp->work_rcn); 1598 sppp_wq_wait(sp->wq_cp, &scp->work_rtr); 1599 sppp_wq_wait(sp->wq_cp, &scp->work_rta); 1600 sppp_wq_wait(sp->wq_cp, &scp->work_rxj); 1601 1602 callout_halt(&scp->ch, NULL); 1603 callout_destroy(&scp->ch); 1604 } 1605 1606 /* 1607 * Handle incoming PPP control protocol packets. 1608 */ 1609 static void 1610 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1611 { 1612 STDDCL; 1613 struct lcp_header *h; 1614 int printlen, len = m->m_pkthdr.len; 1615 enum cp_rcr_type type; 1616 size_t blen, rlen; 1617 u_char *p; 1618 uint32_t u32; 1619 uint8_t *buf; 1620 1621 SPPP_LOCK(sp, RW_WRITER); 1622 1623 if (len < 4) { 1624 if (debug) 1625 log(LOG_DEBUG, 1626 "%s: %s invalid packet length: %d bytes\n", 1627 ifp->if_xname, cp->name, len); 1628 SPPP_UNLOCK(sp); 1629 return; 1630 } 1631 h = mtod(m, struct lcp_header *); 1632 if (debug) { 1633 printlen = ntohs(h->len); 1634 log(LOG_DEBUG, 1635 "%s: %s input(%s): <%s id=0x%x len=%d", 1636 ifp->if_xname, cp->name, 1637 sppp_state_name(sp->scp[cp->protoidx].state), 1638 sppp_cp_type_name(h->type), h->ident, printlen); 1639 if (len < printlen) 1640 printlen = len; 1641 if (printlen > 4) 1642 sppp_print_bytes((u_char *)(h + 1), printlen - 4); 1643 addlog(">\n"); 1644 } 1645 if (len > ntohs(h->len)) 1646 len = ntohs(h->len); 1647 p = (u_char *)(h + 1); 1648 switch (h->type) { 1649 case CONF_REQ: 1650 if (len < 4) { 1651 if (debug) 1652 addlog("%s: %s invalid conf-req length %d\n", 1653 ifp->if_xname, cp->name, 1654 len); 1655 if_statinc(ifp, if_ierrors); 1656 break; 1657 } 1658 1659 buf = NULL; 1660 blen = 0; 1661 rlen = 0; 1662 1663 type = (cp->parse_confreq)(sp, h, len, 1664 &buf, &blen, &rlen); 1665 1666 if (type == CP_RCR_ERR) { 1667 /* fatal error, shut down */ 1668 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 1669 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); 1670 } else if (buf != NULL) { 1671 if (sp->scp[cp->protoidx].rcr_buf != NULL) { 1672 kmem_intr_free(sp->scp[cp->protoidx].rcr_buf, 1673 sp->scp[cp->protoidx].rcr_blen); 1674 } 1675 1676 sp->scp[cp->protoidx].rcr_buf = (void *)buf; 1677 buf = NULL; 1678 1679 sp->scp[cp->protoidx].rcr_blen = blen; 1680 sp->scp[cp->protoidx].rcr_rlen = rlen; 1681 sp->scp[cp->protoidx].rcr_type = type; 1682 sp->scp[cp->protoidx].rconfid = h->ident; 1683 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rcr); 1684 } 1685 break; 1686 case CONF_ACK: 1687 if (h->ident != sp->scp[cp->protoidx].confid) { 1688 if (debug) 1689 addlog("%s: %s id mismatch 0x%x != 0x%x\n", 1690 ifp->if_xname, cp->name, 1691 h->ident, sp->scp[cp->protoidx].confid); 1692 if_statinc(ifp, if_ierrors); 1693 break; 1694 } 1695 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rca); 1696 break; 1697 case CONF_NAK: 1698 case CONF_REJ: 1699 if (h->ident != sp->scp[cp->protoidx].confid) { 1700 if (debug) 1701 addlog("%s: %s id mismatch 0x%x != 0x%x\n", 1702 ifp->if_xname, cp->name, 1703 h->ident, sp->scp[cp->protoidx].confid); 1704 if_statinc(ifp, if_ierrors); 1705 break; 1706 } 1707 if (h->type == CONF_NAK) 1708 (cp->parse_confnak)(sp, h, len); 1709 else /* CONF_REJ */ 1710 (cp->parse_confrej)(sp, h, len); 1711 1712 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rcn); 1713 break; 1714 1715 case TERM_REQ: 1716 sp->scp[cp->protoidx].rseq = h->ident; 1717 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rtr); 1718 break; 1719 case TERM_ACK: 1720 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rta); 1721 break; 1722 case CODE_REJ: 1723 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1724 log(LOG_INFO, 1725 "%s: %s: ignoring RXJ (%s) for code ?, " 1726 "danger will robinson\n", 1727 ifp->if_xname, cp->name, 1728 sppp_cp_type_name(h->type)); 1729 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rxj); 1730 break; 1731 case PROTO_REJ: 1732 { 1733 int catastrophic; 1734 const struct cp *upper; 1735 int i; 1736 uint16_t proto; 1737 1738 catastrophic = 0; 1739 upper = NULL; 1740 proto = p[0] << 8 | p[1]; 1741 for (i = 0; i < IDX_COUNT; i++) { 1742 if (cps[i]->proto == proto) { 1743 upper = cps[i]; 1744 break; 1745 } 1746 } 1747 if (upper == NULL) 1748 catastrophic++; 1749 1750 if (debug) 1751 log(LOG_INFO, 1752 "%s: %s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1753 ifp->if_xname, cp->name, catastrophic ? '-' : '+', 1754 sppp_cp_type_name(h->type), proto, 1755 upper ? upper->name : "unknown", 1756 upper ? sppp_state_name(sp->scp[upper->protoidx].state) : "?"); 1757 1758 /* 1759 * if we got RXJ+ against conf-req, the peer does not implement 1760 * this particular protocol type. terminate the protocol. 1761 */ 1762 if (upper && !catastrophic) { 1763 if (sp->scp[upper->protoidx].state == STATE_REQ_SENT) { 1764 sppp_wq_add(sp->wq_cp, 1765 &sp->scp[upper->protoidx].work_close); 1766 break; 1767 } 1768 } 1769 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rxj); 1770 break; 1771 } 1772 case DISC_REQ: 1773 if (cp->proto != PPP_LCP) 1774 goto illegal; 1775 /* Discard the packet. */ 1776 break; 1777 case ECHO_REQ: 1778 if (cp->proto != PPP_LCP) 1779 goto illegal; 1780 if (sp->scp[cp->protoidx].state != STATE_OPENED) { 1781 if (debug) 1782 addlog("%s: lcp echo req but lcp closed\n", 1783 ifp->if_xname); 1784 if_statinc(ifp, if_ierrors); 1785 break; 1786 } 1787 if (len < 8) { 1788 if (debug) 1789 addlog("%s: invalid lcp echo request " 1790 "packet length: %d bytes\n", 1791 ifp->if_xname, len); 1792 break; 1793 } 1794 memcpy(&u32, h + 1, sizeof u32); 1795 if (ntohl(u32) == sp->lcp.magic) { 1796 /* Line loopback mode detected. */ 1797 printf("%s: loopback\n", ifp->if_xname); 1798 SPPP_UNLOCK(sp); 1799 if_down(ifp); 1800 SPPP_LOCK(sp, RW_WRITER); 1801 1802 IF_PURGE(&sp->pp_cpq); 1803 1804 /* Shut down the PPP link. */ 1805 /* XXX */ 1806 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_down); 1807 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_up); 1808 break; 1809 } 1810 u32 = htonl(sp->lcp.magic); 1811 memcpy(h + 1, &u32, sizeof u32); 1812 if (debug) 1813 addlog("%s: got lcp echo req, sending echo rep\n", 1814 ifp->if_xname); 1815 sppp_cp_send(sp, PPP_LCP, ECHO_REPLY, h->ident, len - 4, 1816 h + 1); 1817 break; 1818 case ECHO_REPLY: 1819 if (cp->proto != PPP_LCP) 1820 goto illegal; 1821 if (h->ident != sp->lcp.echoid) { 1822 if_statinc(ifp, if_ierrors); 1823 break; 1824 } 1825 if (len < 8) { 1826 if (debug) 1827 addlog("%s: lcp invalid echo reply " 1828 "packet length: %d bytes\n", 1829 ifp->if_xname, len); 1830 break; 1831 } 1832 if (debug) 1833 addlog("%s: lcp got echo rep\n", 1834 ifp->if_xname); 1835 memcpy(&u32, h + 1, sizeof u32); 1836 if (ntohl(u32) != sp->lcp.magic) 1837 sp->pp_alivecnt = 0; 1838 break; 1839 default: 1840 /* Unknown packet type -- send Code-Reject packet. */ 1841 illegal: 1842 if (debug) 1843 addlog("%s: %s send code-rej for 0x%x\n", 1844 ifp->if_xname, cp->name, h->type); 1845 sppp_cp_send(sp, cp->proto, CODE_REJ, 1846 ++sp->scp[cp->protoidx].seq, m->m_pkthdr.len, h); 1847 if_statinc(ifp, if_ierrors); 1848 } 1849 1850 SPPP_UNLOCK(sp); 1851 } 1852 1853 /* 1854 * The generic part of all Up/Down/Open/Close/TO event handlers. 1855 * Basically, the state transition handling in the automaton. 1856 */ 1857 static void 1858 sppp_up_event(struct sppp *sp, void *xcp) 1859 { 1860 const struct cp *cp = xcp; 1861 STDDCL; 1862 1863 KASSERT(SPPP_WLOCKED(sp)); 1864 1865 if ((cp->flags & CP_AUTH) != 0 && 1866 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) 1867 return; 1868 1869 if (debug) 1870 log(LOG_DEBUG, "%s: %s up(%s)\n", 1871 ifp->if_xname, cp->name, 1872 sppp_state_name(sp->scp[cp->protoidx].state)); 1873 1874 switch (sp->scp[cp->protoidx].state) { 1875 case STATE_INITIAL: 1876 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1877 break; 1878 case STATE_STARTING: 1879 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 1880 (cp->scr)(sp); 1881 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1882 break; 1883 default: 1884 printf("%s: %s illegal up in state %s\n", 1885 ifp->if_xname, cp->name, 1886 sppp_state_name(sp->scp[cp->protoidx].state)); 1887 } 1888 } 1889 1890 static void 1891 sppp_down_event(struct sppp *sp, void *xcp) 1892 { 1893 const struct cp *cp = xcp; 1894 STDDCL; 1895 1896 KASSERT(SPPP_WLOCKED(sp)); 1897 1898 if ((cp->flags & CP_AUTH) != 0 && 1899 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) 1900 return; 1901 1902 if (debug) 1903 log(LOG_DEBUG, "%s: %s down(%s)\n", 1904 ifp->if_xname, cp->name, 1905 sppp_state_name(sp->scp[cp->protoidx].state)); 1906 1907 switch (sp->scp[cp->protoidx].state) { 1908 case STATE_CLOSED: 1909 case STATE_CLOSING: 1910 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1911 break; 1912 case STATE_STOPPED: 1913 (cp->tls)(cp, sp); 1914 /* fall through */ 1915 case STATE_STOPPING: 1916 case STATE_REQ_SENT: 1917 case STATE_ACK_RCVD: 1918 case STATE_ACK_SENT: 1919 sppp_cp_change_state(cp, sp, STATE_STARTING); 1920 break; 1921 case STATE_OPENED: 1922 (cp->tld)(sp); 1923 sppp_cp_change_state(cp, sp, STATE_STARTING); 1924 break; 1925 default: 1926 printf("%s: %s illegal down in state %s\n", 1927 ifp->if_xname, cp->name, 1928 sppp_state_name(sp->scp[cp->protoidx].state)); 1929 } 1930 } 1931 1932 static void 1933 sppp_open_event(struct sppp *sp, void *xcp) 1934 { 1935 const struct cp *cp = xcp; 1936 STDDCL; 1937 1938 KASSERT(SPPP_WLOCKED(sp)); 1939 1940 if ((cp->flags & CP_AUTH) != 0 && 1941 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) 1942 return; 1943 1944 if (debug) 1945 log(LOG_DEBUG, "%s: %s open(%s)\n", 1946 ifp->if_xname, cp->name, 1947 sppp_state_name(sp->scp[cp->protoidx].state)); 1948 1949 switch (sp->scp[cp->protoidx].state) { 1950 case STATE_INITIAL: 1951 sppp_cp_change_state(cp, sp, STATE_STARTING); 1952 (cp->tls)(cp, sp); 1953 break; 1954 case STATE_STARTING: 1955 break; 1956 case STATE_CLOSED: 1957 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 1958 (cp->scr)(sp); 1959 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1960 break; 1961 case STATE_STOPPED: 1962 case STATE_STOPPING: 1963 case STATE_REQ_SENT: 1964 case STATE_ACK_RCVD: 1965 case STATE_ACK_SENT: 1966 case STATE_OPENED: 1967 break; 1968 case STATE_CLOSING: 1969 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1970 break; 1971 } 1972 } 1973 1974 static void 1975 sppp_close_event(struct sppp *sp, void *xcp) 1976 { 1977 const struct cp *cp = xcp; 1978 STDDCL; 1979 1980 KASSERT(SPPP_WLOCKED(sp)); 1981 1982 if ((cp->flags & CP_AUTH) != 0 && 1983 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) 1984 return; 1985 1986 if (debug) 1987 log(LOG_DEBUG, "%s: %s close(%s)\n", 1988 ifp->if_xname, cp->name, 1989 sppp_state_name(sp->scp[cp->protoidx].state)); 1990 1991 switch (sp->scp[cp->protoidx].state) { 1992 case STATE_INITIAL: 1993 case STATE_CLOSED: 1994 case STATE_CLOSING: 1995 break; 1996 case STATE_STARTING: 1997 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1998 (cp->tlf)(cp, sp); 1999 break; 2000 case STATE_STOPPED: 2001 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2002 break; 2003 case STATE_STOPPING: 2004 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2005 break; 2006 case STATE_OPENED: 2007 (cp->tld)(sp); 2008 /* fall through */ 2009 case STATE_REQ_SENT: 2010 case STATE_ACK_RCVD: 2011 case STATE_ACK_SENT: 2012 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_terminate; 2013 if ((cp->flags & CP_AUTH) == 0) { 2014 sppp_cp_send(sp, cp->proto, TERM_REQ, 2015 ++sp->scp[cp->protoidx].seq, 0, 0); 2016 } 2017 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2018 break; 2019 } 2020 } 2021 2022 static void 2023 sppp_to_event(struct sppp *sp, void *xcp) 2024 { 2025 const struct cp *cp = xcp; 2026 int s; 2027 STDDCL; 2028 2029 KASSERT(SPPP_WLOCKED(sp)); 2030 2031 s = splnet(); 2032 2033 if (debug) 2034 log(LOG_DEBUG, "%s: %s TO(%s) rst_counter = %d\n", 2035 ifp->if_xname, cp->name, 2036 sppp_state_name(sp->scp[cp->protoidx].state), 2037 sp->scp[cp->protoidx].rst_counter); 2038 2039 if (--sp->scp[cp->protoidx].rst_counter < 0) 2040 /* TO- event */ 2041 switch (sp->scp[cp->protoidx].state) { 2042 case STATE_CLOSING: 2043 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2044 (cp->tlf)(cp, sp); 2045 break; 2046 case STATE_STOPPING: 2047 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2048 (cp->tlf)(cp, sp); 2049 break; 2050 case STATE_REQ_SENT: 2051 case STATE_ACK_RCVD: 2052 case STATE_ACK_SENT: 2053 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2054 (cp->tlf)(cp, sp); 2055 break; 2056 } 2057 else 2058 /* TO+ event */ 2059 switch (sp->scp[cp->protoidx].state) { 2060 case STATE_CLOSING: 2061 case STATE_STOPPING: 2062 if ((cp->flags & CP_AUTH) == 0) { 2063 sppp_cp_send(sp, cp->proto, TERM_REQ, 2064 ++sp->scp[cp->protoidx].seq, 0, 0); 2065 } 2066 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 2067 break; 2068 case STATE_REQ_SENT: 2069 case STATE_ACK_RCVD: 2070 (cp->scr)(sp); 2071 /* sppp_cp_change_state() will restart the timer */ 2072 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2073 break; 2074 case STATE_ACK_SENT: 2075 (cp->scr)(sp); 2076 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 2077 break; 2078 } 2079 2080 splx(s); 2081 } 2082 2083 static void 2084 sppp_rcr_event(struct sppp *sp, void *xcp) 2085 { 2086 const struct cp *cp = xcp; 2087 enum cp_rcr_type type; 2088 void *buf; 2089 size_t blen; 2090 STDDCL; 2091 2092 type = sp->scp[cp->protoidx].rcr_type; 2093 buf = sp->scp[cp->protoidx].rcr_buf; 2094 blen = sp->scp[cp->protoidx].rcr_blen; 2095 2096 if (type == CP_RCR_ACK) { 2097 /* RCR+ event */ 2098 switch (sp->scp[cp->protoidx].state) { 2099 case STATE_OPENED: 2100 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2101 cp->tld(sp); 2102 cp->scr(sp); 2103 cp->scan(cp, sp); 2104 break; 2105 case STATE_ACK_SENT: 2106 case STATE_REQ_SENT: 2107 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2108 cp->scan(cp, sp); 2109 break; 2110 case STATE_STOPPED: 2111 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2112 cp->scr(sp); 2113 cp->scan(cp, sp); 2114 break; 2115 case STATE_ACK_RCVD: 2116 sppp_cp_change_state(cp, sp, STATE_OPENED); 2117 if (debug) 2118 log(LOG_DEBUG, "%s: %s tlu\n", 2119 ifp->if_xname, 2120 cp->name); 2121 cp->tlu(sp); 2122 cp->scan(cp, sp); 2123 break; 2124 case STATE_CLOSING: 2125 case STATE_STOPPING: 2126 if (buf != NULL) { 2127 sp->scp[cp->protoidx].rcr_buf = NULL; 2128 sp->scp[cp->protoidx].rcr_blen = 0; 2129 kmem_free(buf, blen); 2130 } 2131 break; 2132 case STATE_CLOSED: 2133 if ((cp->flags & CP_AUTH) == 0) { 2134 sppp_cp_send(sp, cp->proto, TERM_ACK, 2135 sp->scp[cp->protoidx].rconfid, 0, 0); 2136 } 2137 break; 2138 default: 2139 printf("%s: %s illegal RCR+ in state %s\n", 2140 ifp->if_xname, cp->name, 2141 sppp_state_name(sp->scp[cp->protoidx].state)); 2142 if_statinc(ifp, if_ierrors); 2143 } 2144 } else { 2145 /* RCR- event */ 2146 switch (sp->scp[cp->protoidx].state) { 2147 case STATE_OPENED: 2148 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2149 cp->tld(sp); 2150 cp->scr(sp); 2151 cp->scan(cp, sp); 2152 break; 2153 case STATE_ACK_SENT: 2154 case STATE_REQ_SENT: 2155 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2156 cp->scan(cp, sp); 2157 break; 2158 case STATE_STOPPED: 2159 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2160 cp->scr(sp); 2161 cp->scan(cp, sp); 2162 break; 2163 case STATE_ACK_RCVD: 2164 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 2165 cp->scan(cp, sp); 2166 break; 2167 case STATE_CLOSING: 2168 case STATE_STOPPING: 2169 if (buf != NULL) { 2170 sp->scp[cp->protoidx].rcr_buf = NULL; 2171 sp->scp[cp->protoidx].rcr_blen = 0; 2172 kmem_free(buf, blen); 2173 } 2174 break; 2175 case STATE_CLOSED: 2176 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2177 if ((cp->flags & CP_AUTH) == 0) { 2178 sppp_cp_send(sp, cp->proto, TERM_ACK, 2179 sp->scp[cp->protoidx].rconfid, 0, 0); 2180 } 2181 break; 2182 default: 2183 printf("%s: %s illegal RCR- in state %s\n", 2184 ifp->if_xname, cp->name, 2185 sppp_state_name(sp->scp[cp->protoidx].state)); 2186 if_statinc(ifp, if_ierrors); 2187 } 2188 } 2189 } 2190 2191 static void 2192 sppp_rca_event(struct sppp *sp, void *xcp) 2193 { 2194 const struct cp *cp = xcp; 2195 STDDCL; 2196 2197 switch (sp->scp[cp->protoidx].state) { 2198 case STATE_CLOSED: 2199 case STATE_STOPPED: 2200 if ((cp->flags & CP_AUTH) == 0) { 2201 sppp_cp_send(sp, cp->proto, TERM_ACK, 2202 sp->scp[cp->protoidx].rconfid, 0, 0); 2203 } 2204 break; 2205 case STATE_CLOSING: 2206 case STATE_STOPPING: 2207 break; 2208 case STATE_REQ_SENT: 2209 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 2210 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 2211 break; 2212 case STATE_OPENED: 2213 (cp->tld)(sp); 2214 /* fall through */ 2215 case STATE_ACK_RCVD: 2216 (cp->scr)(sp); 2217 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2218 break; 2219 case STATE_ACK_SENT: 2220 sppp_cp_change_state(cp, sp, STATE_OPENED); 2221 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 2222 if (debug) 2223 log(LOG_DEBUG, "%s: %s tlu\n", 2224 ifp->if_xname, cp->name); 2225 (cp->tlu)(sp); 2226 break; 2227 default: 2228 printf("%s: %s illegal RCA in state %s\n", 2229 ifp->if_xname, cp->name, 2230 sppp_state_name(sp->scp[cp->protoidx].state)); 2231 if_statinc(ifp, if_ierrors); 2232 } 2233 } 2234 2235 static void 2236 sppp_rcn_event(struct sppp *sp, void *xcp) 2237 { 2238 const struct cp *cp = xcp; 2239 struct ifnet *ifp = &sp->pp_if; 2240 2241 switch (sp->scp[cp->protoidx].state) { 2242 case STATE_CLOSED: 2243 case STATE_STOPPED: 2244 if ((cp->flags & CP_AUTH) == 0) { 2245 sppp_cp_send(sp, cp->proto, TERM_ACK, 2246 sp->scp[cp->protoidx].rconfid, 0, 0); 2247 } 2248 break; 2249 case STATE_REQ_SENT: 2250 case STATE_ACK_SENT: 2251 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 2252 (cp->scr)(sp); 2253 break; 2254 case STATE_OPENED: 2255 (cp->tld)(sp); 2256 /* fall through */ 2257 case STATE_ACK_RCVD: 2258 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2259 (cp->scr)(sp); 2260 break; 2261 case STATE_CLOSING: 2262 case STATE_STOPPING: 2263 break; 2264 default: 2265 printf("%s: %s illegal RCN in state %s\n", 2266 ifp->if_xname, cp->name, 2267 sppp_state_name(sp->scp[cp->protoidx].state)); 2268 if_statinc(ifp, if_ierrors); 2269 } 2270 } 2271 2272 static void 2273 sppp_rtr_event(struct sppp *sp, void *xcp) 2274 { 2275 const struct cp *cp = xcp; 2276 STDDCL; 2277 2278 switch (sp->scp[cp->protoidx].state) { 2279 case STATE_ACK_RCVD: 2280 case STATE_ACK_SENT: 2281 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2282 break; 2283 case STATE_CLOSED: 2284 case STATE_STOPPED: 2285 case STATE_CLOSING: 2286 case STATE_STOPPING: 2287 case STATE_REQ_SENT: 2288 break; 2289 case STATE_OPENED: 2290 (cp->tld)(sp); 2291 sp->scp[cp->protoidx].rst_counter = 0; 2292 sppp_cp_change_state(cp, sp, STATE_STOPPING); 2293 break; 2294 default: 2295 printf("%s: %s illegal RTR in state %s\n", 2296 ifp->if_xname, cp->name, 2297 sppp_state_name(sp->scp[cp->protoidx].state)); 2298 if_statinc(ifp, if_ierrors); 2299 return; 2300 } 2301 2302 /* Send Terminate-Ack packet. */ 2303 if (debug) 2304 log(LOG_DEBUG, "%s: %s send terminate-ack\n", 2305 ifp->if_xname, cp->name); 2306 if ((cp->flags & CP_AUTH) == 0) { 2307 sppp_cp_send(sp, cp->proto, TERM_ACK, 2308 sp->scp[cp->protoidx].rseq, 0, 0); 2309 } 2310 } 2311 2312 static void 2313 sppp_rta_event(struct sppp *sp, void *xcp) 2314 { 2315 const struct cp *cp = xcp; 2316 struct ifnet *ifp = &sp->pp_if; 2317 2318 switch (sp->scp[cp->protoidx].state) { 2319 case STATE_CLOSED: 2320 case STATE_STOPPED: 2321 case STATE_REQ_SENT: 2322 case STATE_ACK_SENT: 2323 break; 2324 case STATE_CLOSING: 2325 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2326 (cp->tlf)(cp, sp); 2327 break; 2328 case STATE_STOPPING: 2329 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2330 (cp->tlf)(cp, sp); 2331 break; 2332 case STATE_ACK_RCVD: 2333 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2334 break; 2335 case STATE_OPENED: 2336 (cp->tld)(sp); 2337 (cp->scr)(sp); 2338 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 2339 break; 2340 default: 2341 printf("%s: %s illegal RTA in state %s\n", 2342 ifp->if_xname, cp->name, 2343 sppp_state_name(sp->scp[cp->protoidx].state)); 2344 if_statinc(ifp, if_ierrors); 2345 } 2346 } 2347 2348 static void 2349 sppp_rxj_event(struct sppp *sp, void *xcp) 2350 { 2351 const struct cp *cp = xcp; 2352 struct ifnet *ifp = &sp->pp_if; 2353 2354 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 2355 switch (sp->scp[cp->protoidx].state) { 2356 case STATE_CLOSED: 2357 case STATE_STOPPED: 2358 case STATE_REQ_SENT: 2359 case STATE_ACK_SENT: 2360 case STATE_CLOSING: 2361 case STATE_STOPPING: 2362 case STATE_OPENED: 2363 break; 2364 case STATE_ACK_RCVD: 2365 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2366 break; 2367 default: 2368 printf("%s: %s illegal RXJ- in state %s\n", 2369 ifp->if_xname, cp->name, 2370 sppp_state_name(sp->scp[cp->protoidx].state)); 2371 if_statinc(ifp, if_ierrors); 2372 } 2373 } 2374 2375 /* 2376 * Change the state of a control protocol in the state automaton. 2377 * Takes care of starting/stopping the restart timer. 2378 */ 2379 void 2380 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2381 { 2382 2383 KASSERT(SPPP_WLOCKED(sp)); 2384 2385 sp->scp[cp->protoidx].state = newstate; 2386 callout_stop(&sp->scp[cp->protoidx].ch); 2387 switch (newstate) { 2388 case STATE_INITIAL: 2389 case STATE_STARTING: 2390 case STATE_CLOSED: 2391 case STATE_STOPPED: 2392 case STATE_OPENED: 2393 break; 2394 case STATE_CLOSING: 2395 case STATE_STOPPING: 2396 case STATE_REQ_SENT: 2397 case STATE_ACK_RCVD: 2398 case STATE_ACK_SENT: 2399 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 2400 break; 2401 } 2402 } 2403 2404 /* 2405 *--------------------------------------------------------------------------* 2406 * * 2407 * The LCP implementation. * 2408 * * 2409 *--------------------------------------------------------------------------* 2410 */ 2411 static void 2412 sppp_lcp_init(struct sppp *sp) 2413 { 2414 2415 KASSERT(SPPP_WLOCKED(sp)); 2416 2417 sppp_cp_init(&lcp, sp); 2418 2419 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2420 sp->lcp.magic = 0; 2421 sp->lcp.protos = 0; 2422 sp->lcp.max_terminate = 2; 2423 sp->lcp.max_configure = 10; 2424 sp->lcp.max_failure = 10; 2425 2426 /* 2427 * Initialize counters and timeout values. Note that we don't 2428 * use the 3 seconds suggested in RFC 1661 since we are likely 2429 * running on a fast link. XXX We should probably implement 2430 * the exponential backoff option. Note that these values are 2431 * relevant for all control protocols, not just LCP only. 2432 */ 2433 sp->lcp.timeout = 1 * hz; 2434 } 2435 2436 static void 2437 sppp_lcp_up(struct sppp *sp, void *xcp) 2438 { 2439 const struct cp *cp = xcp; 2440 int pidx; 2441 STDDCL; 2442 2443 KASSERT(SPPP_WLOCKED(sp)); 2444 2445 pidx = cp->protoidx; 2446 /* Initialize activity timestamp: opening a connection is an activity */ 2447 sp->pp_last_receive = sp->pp_last_activity = time_uptime; 2448 2449 /* 2450 * If this interface is passive or dial-on-demand, and we are 2451 * still in Initial state, it means we've got an incoming 2452 * call. Activate the interface. 2453 */ 2454 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2455 if (debug) 2456 log(LOG_DEBUG, 2457 "%s: Up event", ifp->if_xname); 2458 ifp->if_flags |= IFF_RUNNING; 2459 if (sp->scp[pidx].state == STATE_INITIAL) { 2460 if (debug) 2461 addlog("(incoming call)\n"); 2462 sp->pp_flags |= PP_CALLIN; 2463 sppp_wq_add(sp->wq_cp, &sp->scp[pidx].work_open); 2464 } else if (debug) 2465 addlog("\n"); 2466 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2467 (sp->scp[IDX_LCP].state == STATE_INITIAL)) { 2468 ifp->if_flags |= IFF_RUNNING; 2469 sppp_wq_add(sp->wq_cp, &sp->scp[pidx].work_open); 2470 } 2471 2472 sppp_up_event(sp, xcp); 2473 } 2474 2475 static void 2476 sppp_lcp_down(struct sppp *sp, void *xcp) 2477 { 2478 const struct cp *cp = xcp; 2479 int pidx; 2480 STDDCL; 2481 2482 KASSERT(SPPP_WLOCKED(sp)); 2483 2484 pidx = cp->protoidx; 2485 sppp_down_event(sp, xcp); 2486 2487 /* 2488 * If this is neither a dial-on-demand nor a passive 2489 * interface, simulate an ``ifconfig down'' action, so the 2490 * administrator can force a redial by another ``ifconfig 2491 * up''. XXX For leased line operation, should we immediately 2492 * try to reopen the connection here? 2493 */ 2494 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2495 if (debug) 2496 log(LOG_INFO, 2497 "%s: Down event (carrier loss), taking interface down.\n", 2498 ifp->if_xname); 2499 SPPP_UNLOCK(sp); 2500 if_down(ifp); 2501 SPPP_LOCK(sp, RW_WRITER); 2502 2503 if (sp->lcp.reestablish) 2504 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); 2505 } else { 2506 if (debug) 2507 log(LOG_DEBUG, 2508 "%s: Down event (carrier loss)\n", 2509 ifp->if_xname); 2510 } 2511 sp->scp[pidx].fail_counter = 0; 2512 sp->pp_flags &= ~PP_CALLIN; 2513 if (sp->scp[pidx].state != STATE_INITIAL) 2514 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 2515 ifp->if_flags &= ~IFF_RUNNING; 2516 } 2517 2518 static void 2519 sppp_lcp_open(struct sppp *sp, void *xcp) 2520 { 2521 2522 KASSERT(SPPP_WLOCKED(sp)); 2523 2524 sp->lcp.reestablish = false; 2525 2526 if (sp->pp_if.if_mtu < PP_MTU) { 2527 sp->lcp.mru = sp->pp_if.if_mtu; 2528 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2529 } else 2530 sp->lcp.mru = PP_MTU; 2531 sp->lcp.their_mru = PP_MTU; 2532 2533 /* 2534 * If we are authenticator, negotiate LCP_AUTH 2535 */ 2536 if (sp->hisauth.proto != 0) 2537 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2538 else 2539 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2540 sp->pp_flags &= ~PP_NEEDAUTH; 2541 sppp_open_event(sp, xcp); 2542 } 2543 2544 /* 2545 * Analyze a configure request. Return true if it was agreeable, and 2546 * caused action sca, false if it has been rejected or nak'ed, and 2547 * caused action scn. (The return value is used to make the state 2548 * transition decision in the state automaton.) 2549 */ 2550 static enum cp_rcr_type 2551 sppp_lcp_confreq(struct sppp *sp, struct lcp_header *h, int origlen, 2552 uint8_t **msgbuf, size_t *buflen, size_t *msglen) 2553 { 2554 STDDCL; 2555 u_char *buf, *r, *p, l, blen; 2556 enum cp_rcr_type type; 2557 int len, rlen; 2558 uint32_t nmagic; 2559 u_short authproto; 2560 2561 KASSERT(SPPP_WLOCKED(sp)); 2562 2563 if (origlen < sizeof(*h)) 2564 return CP_RCR_DROP; 2565 2566 origlen -= sizeof(*h); 2567 type = CP_RCR_NONE; 2568 type = 0; 2569 2570 if (origlen <= 0) 2571 return CP_RCR_DROP; 2572 else 2573 blen = origlen; 2574 2575 buf = kmem_intr_alloc(blen, KM_NOSLEEP); 2576 if (buf == NULL) 2577 return CP_RCR_DROP; 2578 2579 if (debug) 2580 log(LOG_DEBUG, "%s: lcp parse opts:", 2581 ifp->if_xname); 2582 2583 /* pass 1: check for things that need to be rejected */ 2584 p = (void *)(h + 1); 2585 r = buf; 2586 rlen = 0; 2587 for (len = origlen; len > 1; len-= l, p += l) { 2588 l = p[1]; 2589 if (l == 0) 2590 break; 2591 2592 /* Sanity check option length */ 2593 if (l > len) { 2594 /* 2595 * Malicious option - drop immediately. 2596 * XXX Maybe we should just RXJ it? 2597 */ 2598 addlog("%s: received malicious LCP option 0x%02x, " 2599 "length 0x%02x, (len: 0x%02x) dropping.\n", ifp->if_xname, 2600 p[0], l, len); 2601 type = CP_RCR_ERR; 2602 goto end; 2603 } 2604 if (debug) 2605 addlog(" %s", sppp_lcp_opt_name(*p)); 2606 switch (p[0]) { 2607 case LCP_OPT_MAGIC: 2608 /* Magic number. */ 2609 /* fall through, both are same length */ 2610 case LCP_OPT_ASYNC_MAP: 2611 /* Async control character map. */ 2612 if (len >= 6 || l == 6) 2613 continue; 2614 if (debug) 2615 addlog(" [invalid]"); 2616 break; 2617 case LCP_OPT_MP_EID: 2618 if (len >= l && l >= 3) { 2619 switch (p[2]) { 2620 case 0: if (l==3+ 0) continue;break; 2621 case 2: if (l==3+ 4) continue;break; 2622 case 3: if (l==3+ 6) continue;break; 2623 case 6: if (l==3+16) continue;break; 2624 case 1: /* FALLTHROUGH */ 2625 case 4: if (l<=3+20) continue;break; 2626 case 5: if (l<=3+15) continue;break; 2627 /* XXX should it be default: continue;? */ 2628 } 2629 } 2630 if (debug) 2631 addlog(" [invalid class %d len %d]", p[2], l); 2632 break; 2633 case LCP_OPT_MP_SSNHF: 2634 if (len >= 2 && l == 2) { 2635 if (debug) 2636 addlog(" [rej]"); 2637 break; 2638 } 2639 if (debug) 2640 addlog(" [invalid]"); 2641 break; 2642 case LCP_OPT_MP_MRRU: 2643 /* Multilink maximum received reconstructed unit */ 2644 /* should be fall through, both are same length */ 2645 /* FALLTHROUGH */ 2646 case LCP_OPT_MRU: 2647 /* Maximum receive unit. */ 2648 if (len >= 4 && l == 4) 2649 continue; 2650 if (debug) 2651 addlog(" [invalid]"); 2652 break; 2653 case LCP_OPT_AUTH_PROTO: 2654 if (len < 4) { 2655 if (debug) 2656 addlog(" [invalid]"); 2657 break; 2658 } 2659 authproto = (p[2] << 8) + p[3]; 2660 if (authproto == PPP_CHAP && l != 5) { 2661 if (debug) 2662 addlog(" [invalid chap len]"); 2663 break; 2664 } 2665 if (sp->myauth.proto == 0) { 2666 /* we are not configured to do auth */ 2667 if (debug) 2668 addlog(" [not configured]"); 2669 break; 2670 } 2671 /* 2672 * Remote want us to authenticate, remember this, 2673 * so we stay in SPPP_PHASE_AUTHENTICATE after LCP got 2674 * up. 2675 */ 2676 sp->pp_flags |= PP_NEEDAUTH; 2677 continue; 2678 default: 2679 /* Others not supported. */ 2680 if (debug) 2681 addlog(" [rej]"); 2682 break; 2683 } 2684 if (rlen + l > blen) { 2685 if (debug) 2686 addlog(" [overflow]"); 2687 continue; 2688 } 2689 /* Add the option to rejected list. */ 2690 memcpy(r, p, l); 2691 r += l; 2692 rlen += l; 2693 } 2694 2695 if (rlen > 0) { 2696 type = CP_RCR_REJ; 2697 goto end; 2698 } 2699 2700 if (debug) 2701 addlog("\n"); 2702 2703 /* 2704 * pass 2: check for option values that are unacceptable and 2705 * thus require to be nak'ed. 2706 */ 2707 if (debug) 2708 log(LOG_DEBUG, "%s: lcp parse opt values: ", 2709 ifp->if_xname); 2710 2711 p = (void *)(h + 1); 2712 r = buf; 2713 rlen = 0; 2714 for (len = origlen; len > 0; len -= l, p += l) { 2715 l = p[1]; 2716 if (l == 0) 2717 break; 2718 2719 if (debug) 2720 addlog(" %s", sppp_lcp_opt_name(*p)); 2721 switch (p[0]) { 2722 case LCP_OPT_MAGIC: 2723 /* Magic number -- extract. */ 2724 nmagic = (uint32_t)p[2] << 24 | 2725 (uint32_t)p[3] << 16 | p[4] << 8 | p[5]; 2726 if (nmagic != sp->lcp.magic) { 2727 if (debug) 2728 addlog(" 0x%x", nmagic); 2729 continue; 2730 } 2731 /* 2732 * Local and remote magics equal -- loopback? 2733 */ 2734 if (sp->pp_loopcnt >= LOOPALIVECNT*5) { 2735 printf ("%s: loopback\n", 2736 ifp->if_xname); 2737 sp->pp_loopcnt = 0; 2738 if (ifp->if_flags & IFF_UP) { 2739 SPPP_UNLOCK(sp); 2740 if_down(ifp); 2741 SPPP_LOCK(sp, RW_WRITER); 2742 2743 IF_PURGE(&sp->pp_cpq); 2744 /* XXX ? */ 2745 sppp_wq_add(sp->wq_cp, 2746 &sp->scp[IDX_LCP].work_down); 2747 sppp_wq_add(sp->wq_cp, 2748 &sp->scp[IDX_LCP].work_up); 2749 } 2750 } else if (debug) 2751 addlog(" [glitch]"); 2752 ++sp->pp_loopcnt; 2753 /* 2754 * We negate our magic here, and NAK it. If 2755 * we see it later in an NAK packet, we 2756 * suggest a new one. 2757 */ 2758 nmagic = ~sp->lcp.magic; 2759 /* Gonna NAK it. */ 2760 p[2] = nmagic >> 24; 2761 p[3] = nmagic >> 16; 2762 p[4] = nmagic >> 8; 2763 p[5] = nmagic; 2764 break; 2765 2766 case LCP_OPT_ASYNC_MAP: 2767 /* 2768 * Async control character map -- just ignore it. 2769 * 2770 * Quote from RFC 1662, chapter 6: 2771 * To enable this functionality, synchronous PPP 2772 * implementations MUST always respond to the 2773 * Async-Control-Character-Map Configuration 2774 * Option with the LCP Configure-Ack. However, 2775 * acceptance of the Configuration Option does 2776 * not imply that the synchronous implementation 2777 * will do any ACCM mapping. Instead, all such 2778 * octet mapping will be performed by the 2779 * asynchronous-to-synchronous converter. 2780 */ 2781 continue; 2782 2783 case LCP_OPT_MRU: 2784 /* 2785 * Maximum receive unit. Always agreeable, 2786 * but ignored by now. 2787 */ 2788 sp->lcp.their_mru = p[2] * 256 + p[3]; 2789 if (debug) 2790 addlog(" %ld", sp->lcp.their_mru); 2791 continue; 2792 2793 case LCP_OPT_AUTH_PROTO: 2794 authproto = (p[2] << 8) + p[3]; 2795 if (sp->myauth.proto != authproto) { 2796 /* not agreed, nak */ 2797 if (debug) 2798 addlog(" [mine %s != his %s]", 2799 sppp_proto_name(sp->myauth.proto), 2800 sppp_proto_name(authproto)); 2801 p[2] = sp->myauth.proto >> 8; 2802 p[3] = sp->myauth.proto; 2803 break; 2804 } 2805 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2806 if (debug) 2807 addlog(" [chap not MD5]"); 2808 p[4] = CHAP_MD5; 2809 break; 2810 } 2811 continue; 2812 case LCP_OPT_MP_EID: 2813 /* 2814 * Endpoint identification. 2815 * Always agreeable, 2816 * but ignored by now. 2817 */ 2818 if (debug) { 2819 addlog(" type %d", p[2]); 2820 sppp_print_bytes(p+3, p[1]-3); 2821 } 2822 continue; 2823 case LCP_OPT_MP_MRRU: 2824 /* 2825 * Maximum received reconstructed unit. 2826 * Always agreeable, 2827 * but ignored by now. 2828 */ 2829 sp->lcp.their_mrru = p[2] * 256 + p[3]; 2830 if (debug) 2831 addlog(" %ld", sp->lcp.their_mrru); 2832 continue; 2833 } 2834 if (rlen + l > blen) { 2835 if (debug) 2836 addlog(" [overflow]"); 2837 continue; 2838 } 2839 /* Add the option to nak'ed list. */ 2840 memcpy(r, p, l); 2841 r += l; 2842 rlen += l; 2843 } 2844 2845 if (rlen > 0) { 2846 if (++sp->scp[IDX_LCP].fail_counter >= sp->lcp.max_failure) { 2847 if (debug) 2848 addlog(" max_failure (%d) exceeded, ", 2849 sp->lcp.max_failure); 2850 type = CP_RCR_REJ; 2851 } else { 2852 type = CP_RCR_NAK; 2853 } 2854 } else { 2855 type = CP_RCR_ACK; 2856 rlen = origlen; 2857 memcpy(r, h + 1, rlen); 2858 sp->scp[IDX_LCP].fail_counter = 0; 2859 sp->pp_loopcnt = 0; 2860 } 2861 2862 end: 2863 if (debug) 2864 addlog("\n"); 2865 2866 if (type == CP_RCR_ERR || type == CP_RCR_DROP) { 2867 if (buf != NULL) 2868 kmem_intr_free(buf, blen); 2869 } else { 2870 *msgbuf = buf; 2871 *buflen = blen; 2872 *msglen = rlen; 2873 } 2874 2875 return type; 2876 } 2877 2878 /* 2879 * Analyze the LCP Configure-Reject option list, and adjust our 2880 * negotiation. 2881 */ 2882 static void 2883 sppp_lcp_confrej(struct sppp *sp, struct lcp_header *h, int len) 2884 { 2885 STDDCL; 2886 u_char *p, l; 2887 2888 KASSERT(SPPP_WLOCKED(sp)); 2889 2890 if (len <= sizeof(*h)) 2891 return; 2892 2893 len -= sizeof(*h); 2894 2895 if (debug) 2896 log(LOG_DEBUG, "%s: lcp rej opts:", 2897 ifp->if_xname); 2898 2899 p = (void *)(h + 1); 2900 for (; len > 1 && (l = p[1]) != 0; len -= l, p += l) { 2901 /* Sanity check option length */ 2902 if (l > len) { 2903 /* 2904 * Malicious option - drop immediately. 2905 * XXX Maybe we should just RXJ it? 2906 */ 2907 addlog("%s: received malicious LCP option, " 2908 "dropping.\n", ifp->if_xname); 2909 goto end; 2910 } 2911 if (debug) 2912 addlog(" %s", sppp_lcp_opt_name(*p)); 2913 switch (p[0]) { 2914 case LCP_OPT_MAGIC: 2915 /* Magic number -- can't use it, use 0 */ 2916 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2917 sp->lcp.magic = 0; 2918 break; 2919 case LCP_OPT_MRU: 2920 /* 2921 * We try to negotiate a lower MRU if the underlying 2922 * link's MTU is less than PP_MTU (e.g. PPPoE). If the 2923 * peer rejects this lower rate, fallback to the 2924 * default. 2925 */ 2926 if (debug) { 2927 addlog("%s: warning: peer rejected our MRU of " 2928 "%ld bytes. Defaulting to %d bytes\n", 2929 ifp->if_xname, sp->lcp.mru, PP_MTU); 2930 } 2931 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2932 sp->lcp.mru = PP_MTU; 2933 break; 2934 case LCP_OPT_AUTH_PROTO: 2935 /* 2936 * Peer doesn't want to authenticate himself, 2937 * deny unless this is a dialout call, and 2938 * SPPP_AUTHFLAG_NOCALLOUT is set. 2939 */ 2940 if ((sp->pp_flags & PP_CALLIN) == 0 && 2941 (sp->hisauth.flags & SPPP_AUTHFLAG_NOCALLOUT) != 0) { 2942 if (debug) 2943 addlog(" [don't insist on auth " 2944 "for callout]"); 2945 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2946 break; 2947 } 2948 if (debug) 2949 addlog("[access denied]\n"); 2950 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 2951 break; 2952 } 2953 } 2954 if (debug) 2955 addlog("\n"); 2956 end: 2957 return; 2958 } 2959 2960 /* 2961 * Analyze the LCP Configure-NAK option list, and adjust our 2962 * negotiation. 2963 */ 2964 static void 2965 sppp_lcp_confnak(struct sppp *sp, struct lcp_header *h, int len) 2966 { 2967 STDDCL; 2968 u_char *p, l; 2969 uint32_t magic; 2970 2971 KASSERT(SPPP_WLOCKED(sp)); 2972 2973 if (len <= sizeof(*h)) 2974 return; 2975 len -= sizeof(*h); 2976 2977 if (debug) 2978 log(LOG_DEBUG, "%s: lcp nak opts:", 2979 ifp->if_xname); 2980 2981 p = (void *)(h + 1); 2982 for (; len > 1 && (l = p[1]) != 0; len -= l, p += l) { 2983 /* Sanity check option length */ 2984 if (l > len) { 2985 /* 2986 * Malicious option - drop immediately. 2987 * XXX Maybe we should just RXJ it? 2988 */ 2989 addlog("%s: received malicious LCP option, " 2990 "dropping.\n", ifp->if_xname); 2991 goto end; 2992 } 2993 if (debug) 2994 addlog(" %s", sppp_lcp_opt_name(*p)); 2995 switch (p[0]) { 2996 case LCP_OPT_MAGIC: 2997 /* Magic number -- renegotiate */ 2998 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2999 len >= 6 && l == 6) { 3000 magic = (uint32_t)p[2] << 24 | 3001 (uint32_t)p[3] << 16 | p[4] << 8 | p[5]; 3002 /* 3003 * If the remote magic is our negated one, 3004 * this looks like a loopback problem. 3005 * Suggest a new magic to make sure. 3006 */ 3007 if (magic == ~sp->lcp.magic) { 3008 if (debug) 3009 addlog(" magic glitch"); 3010 sp->lcp.magic = cprng_fast32(); 3011 } else { 3012 sp->lcp.magic = magic; 3013 if (debug) 3014 addlog(" %d", magic); 3015 } 3016 } 3017 break; 3018 case LCP_OPT_MRU: 3019 /* 3020 * Peer wants to advise us to negotiate an MRU. 3021 * Agree on it if it's reasonable, or use 3022 * default otherwise. 3023 */ 3024 if (len >= 4 && l == 4) { 3025 u_int mru = p[2] * 256 + p[3]; 3026 if (debug) 3027 addlog(" %d", mru); 3028 if (mru < PPP_MINMRU || mru > sp->pp_if.if_mtu) 3029 mru = sp->pp_if.if_mtu; 3030 sp->lcp.mru = mru; 3031 sp->lcp.opts |= (1 << LCP_OPT_MRU); 3032 } 3033 break; 3034 case LCP_OPT_AUTH_PROTO: 3035 /* 3036 * Peer doesn't like our authentication method, 3037 * deny. 3038 */ 3039 if (debug) 3040 addlog("[access denied]\n"); 3041 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 3042 break; 3043 } 3044 } 3045 if (debug) 3046 addlog("\n"); 3047 end: 3048 return; 3049 } 3050 3051 static void 3052 sppp_lcp_tlu(struct sppp *sp) 3053 { 3054 struct ifnet *ifp = &sp->pp_if; 3055 int i; 3056 3057 KASSERT(SPPP_WLOCKED(sp)); 3058 3059 /* XXX ? */ 3060 if (! (ifp->if_flags & IFF_UP) && 3061 (ifp->if_flags & IFF_RUNNING)) { 3062 /* Coming out of loopback mode. */ 3063 SPPP_UNLOCK(sp); 3064 if_up(ifp); 3065 SPPP_LOCK(sp, RW_WRITER); 3066 } 3067 3068 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 3069 (sp->pp_flags & PP_NEEDAUTH) != 0) 3070 sppp_change_phase(sp, SPPP_PHASE_AUTHENTICATE); 3071 else 3072 sppp_change_phase(sp, SPPP_PHASE_NETWORK); 3073 3074 /* 3075 * Open all authentication protocols. This is even required 3076 * if we already proceeded to network phase, since it might be 3077 * that remote wants us to authenticate, so we might have to 3078 * send a PAP request. Undesired authentication protocols 3079 * don't do anything when they get an Open event. 3080 */ 3081 for (i = 0; i < IDX_COUNT; i++) 3082 if ((cps[i])->flags & CP_AUTH) { 3083 sppp_wq_add(sp->wq_cp, 3084 &sp->scp[(cps[i])->protoidx].work_open); 3085 } 3086 3087 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 3088 /* Notify all NCPs. */ 3089 for (i = 0; i < IDX_COUNT; i++) 3090 if ((cps[i])->flags & CP_NCP) { 3091 sppp_wq_add(sp->wq_cp, 3092 &sp->scp[(cps[i])->protoidx].work_open); 3093 } 3094 } 3095 3096 /* notify low-level driver of state change */ 3097 sppp_notify_chg_wlocked(sp); 3098 } 3099 3100 static void 3101 sppp_lcp_tld(struct sppp *sp) 3102 { 3103 int i, pi, phase; 3104 3105 KASSERT(SPPP_WLOCKED(sp)); 3106 3107 phase = sp->pp_phase; 3108 3109 sppp_change_phase(sp, SPPP_PHASE_TERMINATE); 3110 3111 /* 3112 * Take upper layers down. We send the Down event first and 3113 * the Close second to prevent the upper layers from sending 3114 * ``a flurry of terminate-request packets'', as the RFC 3115 * describes it. 3116 */ 3117 for (i = 0; i < IDX_COUNT; i++) { 3118 pi = (cps[i])->protoidx; 3119 if (((cps[i])->flags & CP_LCP) == 0) { 3120 /* skip if ncp was not started */ 3121 if (phase != SPPP_PHASE_NETWORK && 3122 ((cps[i])->flags & CP_NCP) != 0) 3123 continue; 3124 3125 sppp_wq_add(sp->wq_cp, &sp->scp[pi].work_down); 3126 sppp_wq_add(sp->wq_cp, &sp->scp[pi].work_close); 3127 } 3128 } 3129 } 3130 3131 static void 3132 sppp_lcp_tls(const struct cp *cp __unused, struct sppp *sp) 3133 { 3134 3135 KASSERT(SPPP_WLOCKED(sp)); 3136 3137 if (sp->pp_max_auth_fail != 0 && sp->pp_auth_failures >= sp->pp_max_auth_fail) { 3138 printf("%s: authentication failed %d times, not retrying again\n", 3139 sp->pp_if.if_xname, sp->pp_auth_failures); 3140 3141 SPPP_UNLOCK(sp); 3142 if_down(&sp->pp_if); 3143 SPPP_LOCK(sp, RW_WRITER); 3144 return; 3145 } 3146 3147 sppp_change_phase(sp, SPPP_PHASE_ESTABLISH); 3148 3149 /* Notify lower layer if desired. */ 3150 sppp_notify_tls_wlocked(sp); 3151 } 3152 3153 static void 3154 sppp_lcp_tlf(const struct cp *cp __unused, struct sppp *sp) 3155 { 3156 3157 KASSERT(SPPP_WLOCKED(sp)); 3158 3159 sppp_change_phase(sp, SPPP_PHASE_DEAD); 3160 3161 /* Notify lower layer if desired. */ 3162 sppp_notify_tlf_wlocked(sp); 3163 } 3164 3165 static void 3166 sppp_lcp_scr(struct sppp *sp) 3167 { 3168 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 3169 int i = 0; 3170 u_short authproto; 3171 3172 KASSERT(SPPP_WLOCKED(sp)); 3173 3174 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 3175 if (! sp->lcp.magic) 3176 sp->lcp.magic = cprng_fast32(); 3177 opt[i++] = LCP_OPT_MAGIC; 3178 opt[i++] = 6; 3179 opt[i++] = sp->lcp.magic >> 24; 3180 opt[i++] = sp->lcp.magic >> 16; 3181 opt[i++] = sp->lcp.magic >> 8; 3182 opt[i++] = sp->lcp.magic; 3183 } 3184 3185 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 3186 opt[i++] = LCP_OPT_MRU; 3187 opt[i++] = 4; 3188 opt[i++] = sp->lcp.mru >> 8; 3189 opt[i++] = sp->lcp.mru; 3190 } 3191 3192 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 3193 authproto = sp->hisauth.proto; 3194 opt[i++] = LCP_OPT_AUTH_PROTO; 3195 opt[i++] = authproto == PPP_CHAP? 5: 4; 3196 opt[i++] = authproto >> 8; 3197 opt[i++] = authproto; 3198 if (authproto == PPP_CHAP) 3199 opt[i++] = CHAP_MD5; 3200 } 3201 3202 sp->scp[IDX_LCP].confid = ++sp->scp[IDX_LCP].seq; 3203 sppp_cp_send(sp, PPP_LCP, CONF_REQ, sp->scp[IDX_LCP].confid, i, &opt); 3204 } 3205 3206 /* 3207 * Check the open NCPs, return true if at least one NCP is open. 3208 */ 3209 3210 static int 3211 sppp_cp_check(struct sppp *sp, u_char cp_flags) 3212 { 3213 int i, mask; 3214 3215 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 3216 if ((sp->lcp.protos & mask) && (cps[i])->flags & cp_flags) 3217 return 1; 3218 return 0; 3219 } 3220 3221 /* 3222 * Re-check the open NCPs and see if we should terminate the link. 3223 * Called by the NCPs during their tlf action handling. 3224 */ 3225 static void 3226 sppp_lcp_check_and_close(struct sppp *sp) 3227 { 3228 3229 KASSERT(SPPP_WLOCKED(sp)); 3230 3231 if (sp->pp_phase < SPPP_PHASE_AUTHENTICATE) { 3232 /* don't bother, we are already going down */ 3233 return; 3234 } 3235 3236 if (sp->pp_phase == SPPP_PHASE_AUTHENTICATE && 3237 sppp_cp_check(sp, CP_AUTH)) 3238 return; 3239 3240 if (sp->pp_phase >= SPPP_PHASE_NETWORK && 3241 sppp_cp_check(sp, CP_NCP)) 3242 return; 3243 3244 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 3245 } 3246 3247 /* 3248 *--------------------------------------------------------------------------* 3249 * * 3250 * The IPCP implementation. * 3251 * * 3252 *--------------------------------------------------------------------------* 3253 */ 3254 3255 static void 3256 sppp_ipcp_init(struct sppp *sp) 3257 { 3258 int error; 3259 3260 KASSERT(SPPP_WLOCKED(sp)); 3261 3262 sppp_cp_init(&ipcp, sp); 3263 3264 sp->ipcp.opts = 0; 3265 sp->ipcp.flags = 0; 3266 3267 error = workqueue_create(&sp->ipcp.update_addrs_wq, "ipcp_addr", 3268 sppp_update_ip_addrs_work, sp, PRI_SOFTNET, IPL_NET, 0); 3269 if (error) 3270 panic("%s: update_addrs workqueue_create failed (%d)\n", 3271 __func__, error); 3272 sp->ipcp.update_addrs_q = pcq_create(IPCP_UPDATE_LIMIT, KM_SLEEP); 3273 3274 sp->ipcp.update_addrs_enqueued = 0; 3275 } 3276 3277 static void 3278 sppp_ipcp_open(struct sppp *sp, void *xcp) 3279 { 3280 STDDCL; 3281 uint32_t myaddr, hisaddr; 3282 3283 KASSERT(SPPP_WLOCKED(sp)); 3284 3285 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN|IPCP_HISADDR_DYN); 3286 sp->ipcp.req_myaddr = 0; 3287 sp->ipcp.req_hisaddr = 0; 3288 memset(&sp->dns_addrs, 0, sizeof sp->dns_addrs); 3289 3290 #ifdef INET 3291 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 3292 #else 3293 myaddr = hisaddr = 0; 3294 #endif 3295 /* 3296 * If we don't have his address, this probably means our 3297 * interface doesn't want to talk IP at all. (This could 3298 * be the case if somebody wants to speak only IPX, for 3299 * example.) Don't open IPCP in this case. 3300 */ 3301 if (hisaddr == 0) { 3302 /* XXX this message should go away */ 3303 if (debug) 3304 log(LOG_DEBUG, "%s: ipcp_open(): no IP interface\n", 3305 ifp->if_xname); 3306 return; 3307 } 3308 3309 if (myaddr == 0) { 3310 /* 3311 * I don't have an assigned address, so i need to 3312 * negotiate my address. 3313 */ 3314 sp->ipcp.flags |= IPCP_MYADDR_DYN; 3315 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3316 } 3317 if (hisaddr == 1) { 3318 /* 3319 * XXX - remove this hack! 3320 * remote has no valid address, we need to get one assigned. 3321 */ 3322 sp->ipcp.flags |= IPCP_HISADDR_DYN; 3323 } 3324 sppp_open_event(sp, xcp); 3325 } 3326 3327 static void 3328 sppp_ipcp_close(struct sppp *sp, void *xcp) 3329 { 3330 3331 KASSERT(SPPP_WLOCKED(sp)); 3332 3333 sppp_close_event(sp, xcp); 3334 3335 #ifdef INET 3336 if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN)) 3337 /* 3338 * Some address was dynamic, clear it again. 3339 */ 3340 sppp_clear_ip_addrs(sp); 3341 #endif 3342 } 3343 3344 /* 3345 * Analyze a configure request. Return true if it was agreeable, and 3346 * caused action sca, false if it has been rejected or nak'ed, and 3347 * caused action scn. (The return value is used to make the state 3348 * transition decision in the state automaton.) 3349 */ 3350 static enum cp_rcr_type 3351 sppp_ipcp_confreq(struct sppp *sp, struct lcp_header *h, int origlen, 3352 uint8_t **msgbuf, size_t *buflen, size_t *msglen) 3353 { 3354 u_char *buf, *r, *p, l, blen; 3355 enum cp_rcr_type type; 3356 struct ifnet *ifp = &sp->pp_if; 3357 int rlen, len, debug = ifp->if_flags & IFF_DEBUG; 3358 uint32_t hisaddr, desiredaddr; 3359 3360 KASSERT(SPPP_WLOCKED(sp)); 3361 3362 type = CP_RCR_NONE; 3363 origlen -= sizeof(*h); 3364 3365 if (origlen < 0) 3366 return CP_RCR_DROP; 3367 3368 /* 3369 * Make sure to allocate a buf that can at least hold a 3370 * conf-nak with an `address' option. We might need it below. 3371 */ 3372 blen = MAX(6, origlen); 3373 3374 buf = kmem_intr_alloc(blen, KM_NOSLEEP); 3375 if (buf == NULL) 3376 return CP_RCR_DROP; 3377 3378 /* pass 1: see if we can recognize them */ 3379 if (debug) 3380 log(LOG_DEBUG, "%s: ipcp parse opts:", 3381 ifp->if_xname); 3382 p = (void *)(h + 1); 3383 r = buf; 3384 rlen = 0; 3385 for (len = origlen; len > 1; len -= l, p += l) { 3386 l = p[1]; 3387 if (l == 0) 3388 break; 3389 3390 /* Sanity check option length */ 3391 if (l > len) { 3392 /* XXX should we just RXJ? */ 3393 addlog("%s: malicious IPCP option received, dropping\n", 3394 ifp->if_xname); 3395 type = CP_RCR_ERR; 3396 goto end; 3397 } 3398 if (debug) 3399 addlog(" %s", sppp_ipcp_opt_name(*p)); 3400 switch (p[0]) { 3401 #ifdef notyet 3402 case IPCP_OPT_COMPRESSION: 3403 if (len >= 6 && l >= 6) { 3404 /* correctly formed compress option */ 3405 continue; 3406 } 3407 if (debug) 3408 addlog(" [invalid]"); 3409 break; 3410 #endif 3411 case IPCP_OPT_ADDRESS: 3412 if (len >= 6 && l == 6) { 3413 /* correctly formed address option */ 3414 continue; 3415 } 3416 if (debug) 3417 addlog(" [invalid]"); 3418 break; 3419 default: 3420 /* Others not supported. */ 3421 if (debug) 3422 addlog(" [rej]"); 3423 break; 3424 } 3425 /* Add the option to rejected list. */ 3426 if (rlen + l > blen) { 3427 if (debug) 3428 addlog(" [overflow]"); 3429 continue; 3430 } 3431 memcpy(r, p, l); 3432 r += l; 3433 rlen += l; 3434 } 3435 3436 if (rlen > 0) { 3437 type = CP_RCR_REJ; 3438 goto end; 3439 } 3440 3441 if (debug) 3442 addlog("\n"); 3443 3444 /* pass 2: parse option values */ 3445 if (sp->ipcp.flags & IPCP_HISADDR_SEEN) 3446 hisaddr = sp->ipcp.req_hisaddr; /* we already aggreed on that */ 3447 else 3448 #ifdef INET 3449 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */ 3450 #else 3451 hisaddr = 0; 3452 #endif 3453 if (debug) 3454 log(LOG_DEBUG, "%s: ipcp parse opt values: ", 3455 ifp->if_xname); 3456 p = (void *)(h + 1); 3457 r = buf; 3458 rlen = 0; 3459 for (len = origlen; len > 1; len -= l, p += l) { 3460 l = p[1]; 3461 if (l == 0) 3462 break; 3463 3464 if (debug) 3465 addlog(" %s", sppp_ipcp_opt_name(*p)); 3466 switch (p[0]) { 3467 #ifdef notyet 3468 case IPCP_OPT_COMPRESSION: 3469 continue; 3470 #endif 3471 case IPCP_OPT_ADDRESS: 3472 desiredaddr = p[2] << 24 | p[3] << 16 | 3473 p[4] << 8 | p[5]; 3474 if (desiredaddr == hisaddr || 3475 ((sp->ipcp.flags & IPCP_HISADDR_DYN) && desiredaddr != 0)) { 3476 /* 3477 * Peer's address is same as our value, 3478 * this is agreeable. Gonna conf-ack 3479 * it. 3480 */ 3481 if (debug) 3482 addlog(" %s [ack]", 3483 sppp_dotted_quad(hisaddr)); 3484 /* record that we've seen it already */ 3485 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 3486 sp->ipcp.req_hisaddr = desiredaddr; 3487 hisaddr = desiredaddr; 3488 continue; 3489 } 3490 /* 3491 * The address wasn't agreeable. This is either 3492 * he sent us 0.0.0.0, asking to assign him an 3493 * address, or he send us another address not 3494 * matching our value. Either case, we gonna 3495 * conf-nak it with our value. 3496 */ 3497 if (debug) { 3498 if (desiredaddr == 0) 3499 addlog(" [addr requested]"); 3500 else 3501 addlog(" %s [not agreed]", 3502 sppp_dotted_quad(desiredaddr)); 3503 } 3504 3505 p[2] = hisaddr >> 24; 3506 p[3] = hisaddr >> 16; 3507 p[4] = hisaddr >> 8; 3508 p[5] = hisaddr; 3509 break; 3510 } 3511 if (rlen + l > blen) { 3512 if (debug) 3513 addlog(" [overflow]"); 3514 continue; 3515 } 3516 /* Add the option to nak'ed list. */ 3517 memcpy(r, p, l); 3518 r += l; 3519 rlen += l; 3520 } 3521 3522 if (rlen > 0) { 3523 type = CP_RCR_NAK; 3524 } else { 3525 if ((sp->ipcp.flags & IPCP_HISADDR_SEEN) == 0) { 3526 /* 3527 * If we are about to conf-ack the request, but haven't seen 3528 * his address so far, gonna conf-nak it instead, with the 3529 * `address' option present and our idea of his address being 3530 * filled in there, to request negotiation of both addresses. 3531 * 3532 * XXX This can result in an endless req - nak loop if peer 3533 * doesn't want to send us his address. Q: What should we do 3534 * about it? XXX A: implement the max-failure counter. 3535 */ 3536 buf[0] = IPCP_OPT_ADDRESS; 3537 buf[1] = 6; 3538 buf[2] = hisaddr >> 24; 3539 buf[3] = hisaddr >> 16; 3540 buf[4] = hisaddr >> 8; 3541 buf[5] = hisaddr; 3542 rlen = 6; 3543 if (debug) 3544 addlog(" still need hisaddr"); 3545 type = CP_RCR_NAK; 3546 } else { 3547 type = CP_RCR_ACK; 3548 rlen = origlen; 3549 memcpy(r, h + 1, rlen); 3550 } 3551 } 3552 3553 end: 3554 if (debug) 3555 addlog("\n"); 3556 3557 if (type == CP_RCR_ERR || type == CP_RCR_DROP) { 3558 if (buf != NULL) 3559 kmem_intr_free(buf, blen); 3560 } else { 3561 *msgbuf = buf; 3562 *buflen = blen; 3563 *msglen = rlen; 3564 } 3565 3566 return type; 3567 } 3568 3569 /* 3570 * Analyze the IPCP Configure-Reject option list, and adjust our 3571 * negotiation. 3572 */ 3573 static void 3574 sppp_ipcp_confrej(struct sppp *sp, struct lcp_header *h, int len) 3575 { 3576 u_char *p, l; 3577 struct ifnet *ifp = &sp->pp_if; 3578 int debug = ifp->if_flags & IFF_DEBUG; 3579 3580 KASSERT(SPPP_WLOCKED(sp)); 3581 3582 if (len <= sizeof(*h)) 3583 return; 3584 3585 len -= sizeof(*h); 3586 3587 if (debug) 3588 log(LOG_DEBUG, "%s: ipcp rej opts:", 3589 ifp->if_xname); 3590 3591 p = (void *)(h + 1); 3592 for (; len > 1; len -= l, p += l) { 3593 l = p[1]; 3594 if (l == 0) 3595 break; 3596 3597 /* Sanity check option length */ 3598 if (l > len) { 3599 /* XXX should we just RXJ? */ 3600 addlog("%s: malicious IPCP option received, dropping\n", 3601 ifp->if_xname); 3602 goto end; 3603 } 3604 if (debug) 3605 addlog(" %s", sppp_ipcp_opt_name(*p)); 3606 switch (p[0]) { 3607 case IPCP_OPT_ADDRESS: 3608 /* 3609 * Peer doesn't grok address option. This is 3610 * bad. XXX Should we better give up here? 3611 */ 3612 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3613 break; 3614 #ifdef notyet 3615 case IPCP_OPT_COMPRESS: 3616 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS); 3617 break; 3618 #endif 3619 } 3620 } 3621 if (debug) 3622 addlog("\n"); 3623 end: 3624 return; 3625 } 3626 3627 /* 3628 * Analyze the IPCP Configure-NAK option list, and adjust our 3629 * negotiation. 3630 */ 3631 static void 3632 sppp_ipcp_confnak(struct sppp *sp, struct lcp_header *h, int len) 3633 { 3634 u_char *p, l; 3635 struct ifnet *ifp = &sp->pp_if; 3636 int debug = ifp->if_flags & IFF_DEBUG; 3637 uint32_t wantaddr; 3638 3639 KASSERT(SPPP_WLOCKED(sp)); 3640 3641 len -= sizeof(*h); 3642 3643 if (debug) 3644 log(LOG_DEBUG, "%s: ipcp nak opts:", 3645 ifp->if_xname); 3646 3647 p = (void *)(h + 1); 3648 for (; len > 1; len -= l, p += l) { 3649 l = p[1]; 3650 if (l == 0) 3651 break; 3652 3653 /* Sanity check option length */ 3654 if (l > len) { 3655 /* XXX should we just RXJ? */ 3656 addlog("%s: malicious IPCP option received, dropping\n", 3657 ifp->if_xname); 3658 return; 3659 } 3660 if (debug) 3661 addlog(" %s", sppp_ipcp_opt_name(*p)); 3662 switch (*p) { 3663 case IPCP_OPT_ADDRESS: 3664 /* 3665 * Peer doesn't like our local IP address. See 3666 * if we can do something for him. We'll drop 3667 * him our address then. 3668 */ 3669 if (len >= 6 && l == 6) { 3670 wantaddr = p[2] << 24 | p[3] << 16 | 3671 p[4] << 8 | p[5]; 3672 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3673 if (debug) 3674 addlog(" [wantaddr %s]", 3675 sppp_dotted_quad(wantaddr)); 3676 /* 3677 * When doing dynamic address assignment, 3678 * we accept his offer. Otherwise, we 3679 * ignore it and thus continue to negotiate 3680 * our already existing value. 3681 */ 3682 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3683 if (debug) 3684 addlog(" [agree]"); 3685 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3686 sp->ipcp.req_myaddr = wantaddr; 3687 } 3688 } 3689 break; 3690 3691 case IPCP_OPT_PRIMDNS: 3692 if (len >= 6 && l == 6) { 3693 sp->dns_addrs[0] = p[2] << 24 | p[3] << 16 | 3694 p[4] << 8 | p[5]; 3695 } 3696 break; 3697 3698 case IPCP_OPT_SECDNS: 3699 if (len >= 6 && l == 6) { 3700 sp->dns_addrs[1] = p[2] << 24 | p[3] << 16 | 3701 p[4] << 8 | p[5]; 3702 } 3703 break; 3704 #ifdef notyet 3705 case IPCP_OPT_COMPRESS: 3706 /* 3707 * Peer wants different compression parameters. 3708 */ 3709 break; 3710 #endif 3711 } 3712 } 3713 if (debug) 3714 addlog("\n"); 3715 } 3716 3717 static void 3718 sppp_ipcp_tlu(struct sppp *sp) 3719 { 3720 #ifdef INET 3721 KASSERT(SPPP_WLOCKED(sp)); 3722 /* we are up. Set addresses and notify anyone interested */ 3723 sppp_set_ip_addrs(sp); 3724 #endif 3725 } 3726 3727 static void 3728 sppp_ipcp_scr(struct sppp *sp) 3729 { 3730 uint8_t opt[6 /* compression */ + 6 /* address */ + 12 /* dns addresses */]; 3731 #ifdef INET 3732 uint32_t ouraddr; 3733 #endif 3734 int i = 0; 3735 3736 KASSERT(SPPP_WLOCKED(sp)); 3737 3738 #ifdef notyet 3739 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3740 opt[i++] = IPCP_OPT_COMPRESSION; 3741 opt[i++] = 6; 3742 opt[i++] = 0; /* VJ header compression */ 3743 opt[i++] = 0x2d; /* VJ header compression */ 3744 opt[i++] = max_slot_id; 3745 opt[i++] = comp_slot_id; 3746 } 3747 #endif 3748 3749 #ifdef INET 3750 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3751 if (sp->ipcp.flags & IPCP_MYADDR_SEEN) 3752 ouraddr = sp->ipcp.req_myaddr; /* not sure if this can ever happen */ 3753 else 3754 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3755 opt[i++] = IPCP_OPT_ADDRESS; 3756 opt[i++] = 6; 3757 opt[i++] = ouraddr >> 24; 3758 opt[i++] = ouraddr >> 16; 3759 opt[i++] = ouraddr >> 8; 3760 opt[i++] = ouraddr; 3761 } 3762 #endif 3763 3764 if (sp->query_dns & 1) { 3765 opt[i++] = IPCP_OPT_PRIMDNS; 3766 opt[i++] = 6; 3767 opt[i++] = sp->dns_addrs[0] >> 24; 3768 opt[i++] = sp->dns_addrs[0] >> 16; 3769 opt[i++] = sp->dns_addrs[0] >> 8; 3770 opt[i++] = sp->dns_addrs[0]; 3771 } 3772 if (sp->query_dns & 2) { 3773 opt[i++] = IPCP_OPT_SECDNS; 3774 opt[i++] = 6; 3775 opt[i++] = sp->dns_addrs[1] >> 24; 3776 opt[i++] = sp->dns_addrs[1] >> 16; 3777 opt[i++] = sp->dns_addrs[1] >> 8; 3778 opt[i++] = sp->dns_addrs[1]; 3779 } 3780 3781 sp->scp[IDX_IPCP].confid = ++sp->scp[IDX_IPCP].seq; 3782 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->scp[IDX_IPCP].confid, i, &opt); 3783 } 3784 3785 /* 3786 *--------------------------------------------------------------------------* 3787 * * 3788 * The IPv6CP implementation. * 3789 * * 3790 *--------------------------------------------------------------------------* 3791 */ 3792 3793 #ifdef INET6 3794 static void 3795 sppp_ipv6cp_init(struct sppp *sp) 3796 { 3797 3798 KASSERT(SPPP_WLOCKED(sp)); 3799 3800 sppp_cp_init(&ipv6cp, sp); 3801 3802 sp->ipv6cp.opts = 0; 3803 sp->ipv6cp.flags = 0; 3804 } 3805 3806 static void 3807 sppp_ipv6cp_open(struct sppp *sp, void *xcp) 3808 { 3809 STDDCL; 3810 struct in6_addr myaddr, hisaddr; 3811 3812 KASSERT(SPPP_WLOCKED(sp)); 3813 3814 #ifdef IPV6CP_MYIFID_DYN 3815 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3816 #else 3817 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3818 #endif 3819 3820 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3821 /* 3822 * If we don't have our address, this probably means our 3823 * interface doesn't want to talk IPv6 at all. (This could 3824 * be the case if somebody wants to speak only IPX, for 3825 * example.) Don't open IPv6CP in this case. 3826 */ 3827 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3828 /* XXX this message should go away */ 3829 if (debug) 3830 log(LOG_DEBUG, "%s: ipv6cp_open(): no IPv6 interface\n", 3831 ifp->if_xname); 3832 return; 3833 } 3834 3835 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3836 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3837 sppp_open_event(sp, xcp); 3838 } 3839 3840 /* 3841 * Analyze a configure request. Return true if it was agreeable, and 3842 * caused action sca, false if it has been rejected or nak'ed, and 3843 * caused action scn. (The return value is used to make the state 3844 * transition decision in the state automaton.) 3845 */ 3846 static enum cp_rcr_type 3847 sppp_ipv6cp_confreq(struct sppp *sp, struct lcp_header *h, int origlen, 3848 uint8_t **msgbuf, size_t *buflen, size_t *msglen) 3849 { 3850 u_char *buf, *r, *p, l, blen; 3851 struct ifnet *ifp = &sp->pp_if; 3852 int rlen, len, debug = ifp->if_flags & IFF_DEBUG; 3853 struct in6_addr myaddr, desiredaddr, suggestaddr; 3854 enum cp_rcr_type type; 3855 int ifidcount; 3856 int collision, nohisaddr; 3857 char ip6buf[INET6_ADDRSTRLEN]; 3858 3859 KASSERT(SPPP_WLOCKED(sp)); 3860 3861 type = CP_RCR_NONE; 3862 origlen -= sizeof(*h); 3863 3864 if (origlen < 0) 3865 return CP_RCR_DROP; 3866 3867 /* 3868 * Make sure to allocate a buf that can at least hold a 3869 * conf-nak with an `address' option. We might need it below. 3870 */ 3871 blen = MAX(6, origlen); 3872 3873 buf = kmem_intr_alloc(blen, KM_NOSLEEP); 3874 if (buf == NULL) 3875 return CP_RCR_DROP; 3876 3877 /* pass 1: see if we can recognize them */ 3878 if (debug) 3879 log(LOG_DEBUG, "%s: ipv6cp parse opts:", 3880 ifp->if_xname); 3881 p = (void *)(h + 1); 3882 r = buf; 3883 rlen = 0; 3884 ifidcount = 0; 3885 for (len = origlen; len > 1; len -= l, p += l) { 3886 l = p[1]; 3887 if (l == 0) 3888 break; 3889 3890 /* Sanity check option length */ 3891 if (l > len) { 3892 /* XXX just RXJ? */ 3893 addlog("%s: received malicious IPCPv6 option, " 3894 "dropping\n", ifp->if_xname); 3895 type = CP_RCR_ERR; 3896 goto end; 3897 } 3898 if (debug) 3899 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3900 switch (p[0]) { 3901 case IPV6CP_OPT_IFID: 3902 if (len >= 10 && l == 10 && ifidcount == 0) { 3903 /* correctly formed address option */ 3904 ifidcount++; 3905 continue; 3906 } 3907 if (debug) 3908 addlog(" [invalid]"); 3909 break; 3910 #ifdef notyet 3911 case IPV6CP_OPT_COMPRESSION: 3912 if (len >= 4 && l >= 4) { 3913 /* correctly formed compress option */ 3914 continue; 3915 } 3916 if (debug) 3917 addlog(" [invalid]"); 3918 break; 3919 #endif 3920 default: 3921 /* Others not supported. */ 3922 if (debug) 3923 addlog(" [rej]"); 3924 break; 3925 } 3926 if (rlen + l > blen) { 3927 if (debug) 3928 addlog(" [overflow]"); 3929 continue; 3930 } 3931 /* Add the option to rejected list. */ 3932 memcpy(r, p, l); 3933 r += l; 3934 rlen += l; 3935 } 3936 3937 if (rlen > 0) { 3938 type = CP_RCR_REJ; 3939 goto end; 3940 } 3941 3942 if (debug) 3943 addlog("\n"); 3944 3945 /* pass 2: parse option values */ 3946 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3947 if (debug) 3948 log(LOG_DEBUG, "%s: ipv6cp parse opt values: ", 3949 ifp->if_xname); 3950 p = (void *)(h + 1); 3951 r = buf; 3952 rlen = 0; 3953 type = CP_RCR_ACK; 3954 for (len = origlen; len > 1; len -= l, p += l) { 3955 l = p[1]; 3956 if (l == 0) 3957 break; 3958 3959 if (debug) 3960 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3961 switch (p[0]) { 3962 #ifdef notyet 3963 case IPV6CP_OPT_COMPRESSION: 3964 continue; 3965 #endif 3966 case IPV6CP_OPT_IFID: 3967 memset(&desiredaddr, 0, sizeof(desiredaddr)); 3968 memcpy(&desiredaddr.s6_addr[8], &p[2], 8); 3969 collision = (memcmp(&desiredaddr.s6_addr[8], 3970 &myaddr.s6_addr[8], 8) == 0); 3971 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3972 3973 desiredaddr.s6_addr16[0] = htons(0xfe80); 3974 (void)in6_setscope(&desiredaddr, &sp->pp_if, NULL); 3975 3976 if (!collision && !nohisaddr) { 3977 /* no collision, hisaddr known - Conf-Ack */ 3978 type = CP_RCR_ACK; 3979 3980 if (debug) { 3981 addlog(" %s [%s]", 3982 IN6_PRINT(ip6buf, &desiredaddr), 3983 sppp_cp_type_name(CONF_ACK)); 3984 } 3985 continue; 3986 } 3987 3988 memset(&suggestaddr, 0, sizeof(suggestaddr)); 3989 if (collision && nohisaddr) { 3990 /* collision, hisaddr unknown - Conf-Rej */ 3991 type = CP_RCR_REJ; 3992 memset(&p[2], 0, 8); 3993 } else { 3994 /* 3995 * - no collision, hisaddr unknown, or 3996 * - collision, hisaddr known 3997 * Conf-Nak, suggest hisaddr 3998 */ 3999 type = CP_RCR_NAK; 4000 sppp_suggest_ip6_addr(sp, &suggestaddr); 4001 memcpy(&p[2], &suggestaddr.s6_addr[8], 8); 4002 } 4003 if (debug) { 4004 int ctype = type == CP_RCR_REJ ? CONF_REJ : CONF_NAK; 4005 addlog(" %s [%s]", IN6_PRINT(ip6buf, &desiredaddr), 4006 sppp_cp_type_name(ctype)); 4007 } 4008 break; 4009 } 4010 if (rlen + l > blen) { 4011 if (debug) 4012 addlog(" [overflow]"); 4013 continue; 4014 } 4015 /* Add the option to nak'ed list. */ 4016 memcpy(r, p, l); 4017 r += l; 4018 rlen += l; 4019 } 4020 4021 if (rlen > 0) { 4022 if (type != CP_RCR_ACK) { 4023 if (debug) { 4024 int ctype ; 4025 ctype = type == CP_RCR_REJ ? 4026 CONF_REJ : CONF_NAK; 4027 addlog(" send %s suggest %s\n", 4028 sppp_cp_type_name(ctype), 4029 IN6_PRINT(ip6buf, &suggestaddr)); 4030 } 4031 } 4032 #ifdef notdef 4033 if (type == CP_RCR_ACK) 4034 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 4035 #endif 4036 } else { 4037 if (type == CP_RCR_ACK) { 4038 rlen = origlen; 4039 memcpy(r, h + 1, rlen); 4040 } 4041 } 4042 end: 4043 if (debug) 4044 addlog("\n"); 4045 4046 if (type == CP_RCR_ERR || type == CP_RCR_DROP) { 4047 if (buf != NULL) 4048 kmem_intr_free(buf, blen); 4049 } else { 4050 *msgbuf = buf; 4051 *buflen = blen; 4052 *msglen = rlen; 4053 } 4054 4055 return type; 4056 } 4057 4058 /* 4059 * Analyze the IPv6CP Configure-Reject option list, and adjust our 4060 * negotiation. 4061 */ 4062 static void 4063 sppp_ipv6cp_confrej(struct sppp *sp, struct lcp_header *h, int len) 4064 { 4065 u_char *p, l; 4066 struct ifnet *ifp = &sp->pp_if; 4067 int debug = ifp->if_flags & IFF_DEBUG; 4068 4069 KASSERT(SPPP_WLOCKED(sp)); 4070 4071 if (len <= sizeof(*h)) 4072 return; 4073 4074 len -= sizeof(*h); 4075 4076 if (debug) 4077 log(LOG_DEBUG, "%s: ipv6cp rej opts:", 4078 ifp->if_xname); 4079 4080 p = (void *)(h + 1); 4081 for (; len > 1; len -= l, p += l) { 4082 l = p[1]; 4083 if (l == 0) 4084 break; 4085 4086 if (l > len) { 4087 /* XXX just RXJ? */ 4088 addlog("%s: received malicious IPCPv6 option, " 4089 "dropping\n", ifp->if_xname); 4090 goto end; 4091 } 4092 if (debug) 4093 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 4094 switch (p[0]) { 4095 case IPV6CP_OPT_IFID: 4096 /* 4097 * Peer doesn't grok address option. This is 4098 * bad. XXX Should we better give up here? 4099 */ 4100 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 4101 break; 4102 #ifdef notyet 4103 case IPV6CP_OPT_COMPRESS: 4104 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 4105 break; 4106 #endif 4107 } 4108 } 4109 if (debug) 4110 addlog("\n"); 4111 end: 4112 return; 4113 } 4114 4115 /* 4116 * Analyze the IPv6CP Configure-NAK option list, and adjust our 4117 * negotiation. 4118 */ 4119 static void 4120 sppp_ipv6cp_confnak(struct sppp *sp, struct lcp_header *h, int len) 4121 { 4122 u_char *p, l; 4123 struct ifnet *ifp = &sp->pp_if; 4124 int debug = ifp->if_flags & IFF_DEBUG; 4125 struct in6_addr suggestaddr; 4126 char ip6buf[INET6_ADDRSTRLEN]; 4127 4128 KASSERT(SPPP_WLOCKED(sp)); 4129 4130 if (len <= sizeof(*h)) 4131 return; 4132 4133 len -= sizeof(*h); 4134 4135 if (debug) 4136 log(LOG_DEBUG, "%s: ipv6cp nak opts:", 4137 ifp->if_xname); 4138 4139 p = (void *)(h + 1); 4140 for (; len > 1; len -= l, p += l) { 4141 l = p[1]; 4142 if (l == 0) 4143 break; 4144 4145 if (l > len) { 4146 /* XXX just RXJ? */ 4147 addlog("%s: received malicious IPCPv6 option, " 4148 "dropping\n", ifp->if_xname); 4149 goto end; 4150 } 4151 if (debug) 4152 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 4153 switch (p[0]) { 4154 case IPV6CP_OPT_IFID: 4155 /* 4156 * Peer doesn't like our local ifid. See 4157 * if we can do something for him. We'll drop 4158 * him our address then. 4159 */ 4160 if (len < 10 || l != 10) 4161 break; 4162 memset(&suggestaddr, 0, sizeof(suggestaddr)); 4163 suggestaddr.s6_addr16[0] = htons(0xfe80); 4164 (void)in6_setscope(&suggestaddr, &sp->pp_if, NULL); 4165 memcpy(&suggestaddr.s6_addr[8], &p[2], 8); 4166 4167 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 4168 if (debug) 4169 addlog(" [suggestaddr %s]", 4170 IN6_PRINT(ip6buf, &suggestaddr)); 4171 #ifdef IPV6CP_MYIFID_DYN 4172 /* 4173 * When doing dynamic address assignment, 4174 * we accept his offer. 4175 */ 4176 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 4177 struct in6_addr lastsuggest; 4178 /* 4179 * If <suggested myaddr from peer> equals to 4180 * <hisaddr we have suggested last time>, 4181 * we have a collision. generate new random 4182 * ifid. 4183 */ 4184 sppp_suggest_ip6_addr(&lastsuggest); 4185 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 4186 lastsuggest)) { 4187 if (debug) 4188 addlog(" [random]"); 4189 sppp_gen_ip6_addr(sp, &suggestaddr); 4190 } 4191 sppp_set_ip6_addr(sp, &suggestaddr, 0); 4192 if (debug) 4193 addlog(" [agree]"); 4194 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 4195 } 4196 #else 4197 /* 4198 * Since we do not do dynamic address assignment, 4199 * we ignore it and thus continue to negotiate 4200 * our already existing value. This can possibly 4201 * go into infinite request-reject loop. 4202 * 4203 * This is not likely because we normally use 4204 * ifid based on MAC-address. 4205 * If you have no ethernet card on the node, too bad. 4206 * XXX should we use fail_counter? 4207 */ 4208 #endif 4209 break; 4210 #ifdef notyet 4211 case IPV6CP_OPT_COMPRESS: 4212 /* 4213 * Peer wants different compression parameters. 4214 */ 4215 break; 4216 #endif 4217 } 4218 } 4219 if (debug) 4220 addlog("\n"); 4221 end: 4222 return; 4223 } 4224 4225 static void 4226 sppp_ipv6cp_tlu(struct sppp *sp) 4227 { 4228 4229 KASSERT(SPPP_WLOCKED(sp)); 4230 /* we are up - notify isdn daemon */ 4231 sppp_notify_con_wlocked(sp); 4232 } 4233 4234 static void 4235 sppp_ipv6cp_scr(struct sppp *sp) 4236 { 4237 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 4238 struct in6_addr ouraddr; 4239 int i = 0; 4240 4241 KASSERT(SPPP_WLOCKED(sp)); 4242 4243 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 4244 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 4245 opt[i++] = IPV6CP_OPT_IFID; 4246 opt[i++] = 10; 4247 memcpy(&opt[i], &ouraddr.s6_addr[8], 8); 4248 i += 8; 4249 } 4250 4251 #ifdef notyet 4252 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 4253 opt[i++] = IPV6CP_OPT_COMPRESSION; 4254 opt[i++] = 4; 4255 opt[i++] = 0; /* TBD */ 4256 opt[i++] = 0; /* TBD */ 4257 /* variable length data may follow */ 4258 } 4259 #endif 4260 4261 sp->scp[IDX_IPV6CP].confid = ++sp->scp[IDX_IPV6CP].seq; 4262 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->scp[IDX_IPV6CP].confid, i, &opt); 4263 } 4264 #else /*INET6*/ 4265 static void 4266 sppp_ipv6cp_init(struct sppp *sp) 4267 { 4268 4269 KASSERT(SPPP_WLOCKED(sp)); 4270 } 4271 4272 static void 4273 sppp_ipv6cp_open(struct sppp *sp, void *xcp) 4274 { 4275 4276 KASSERT(SPPP_WLOCKED(sp)); 4277 } 4278 4279 static enum cp_rcr_type 4280 sppp_ipv6cp_confreq(struct sppp *sp, struct lcp_header *h, 4281 int len, uint8_t **msgbuf, size_t *buflen, size_t *msglen) 4282 { 4283 4284 KASSERT(SPPP_WLOCKED(sp)); 4285 return 0; 4286 } 4287 4288 static void 4289 sppp_ipv6cp_confrej(struct sppp *sp, struct lcp_header *h, 4290 int len) 4291 { 4292 4293 KASSERT(SPPP_WLOCKED(sp)); 4294 } 4295 4296 static void 4297 sppp_ipv6cp_confnak(struct sppp *sp, struct lcp_header *h, 4298 int len) 4299 { 4300 4301 KASSERT(SPPP_WLOCKED(sp)); 4302 } 4303 4304 static void 4305 sppp_ipv6cp_tlu(struct sppp *sp) 4306 { 4307 4308 KASSERT(SPPP_WLOCKED(sp)); 4309 } 4310 4311 static void 4312 sppp_ipv6cp_scr(struct sppp *sp) 4313 { 4314 4315 KASSERT(SPPP_WLOCKED(sp)); 4316 } 4317 #endif /*INET6*/ 4318 4319 /* 4320 *--------------------------------------------------------------------------* 4321 * * 4322 * The CHAP implementation. * 4323 * * 4324 *--------------------------------------------------------------------------* 4325 */ 4326 /* 4327 * The authentication protocols is implemented on the state machine for 4328 * control protocols. And it uses following actions and events. 4329 * 4330 * Actions: 4331 * - scr: send CHAP_CHALLENGE and CHAP_RESPONSE 4332 * - sca: send CHAP_SUCCESS 4333 * - scn: send CHAP_FAILURE and shutdown lcp 4334 * Events: 4335 * - RCR+: receive CHAP_RESPONSE containing correct digest 4336 * - RCR-: receive CHAP_RESPONSE containing wrong digest 4337 * - RCA: receive CHAP_SUCCESS 4338 * - RCN: (this event is unused) 4339 * - TO+: re-send CHAP_CHALLENGE and CHAP_RESPONSE 4340 * - TO-: this layer finish 4341 */ 4342 4343 /* 4344 * Handle incoming CHAP packets. 4345 */ 4346 void 4347 sppp_chap_input(struct sppp *sp, struct mbuf *m) 4348 { 4349 STDDCL; 4350 struct lcp_header *h; 4351 int len, x; 4352 u_char *value, *name, digest[sizeof(sp->chap.challenge)]; 4353 int value_len, name_len; 4354 MD5_CTX ctx; 4355 4356 len = m->m_pkthdr.len; 4357 if (len < 4) { 4358 if (debug) 4359 log(LOG_DEBUG, 4360 "%s: chap invalid packet length: %d bytes\n", 4361 ifp->if_xname, len); 4362 return; 4363 } 4364 h = mtod(m, struct lcp_header *); 4365 if (len > ntohs(h->len)) 4366 len = ntohs(h->len); 4367 4368 SPPP_LOCK(sp, RW_WRITER); 4369 4370 switch (h->type) { 4371 /* challenge, failure and success are his authproto */ 4372 case CHAP_CHALLENGE: 4373 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 4374 /* can't do anything useful */ 4375 sp->pp_auth_failures++; 4376 printf("%s: chap input without my name and my secret being set\n", 4377 ifp->if_xname); 4378 break; 4379 } 4380 value = 1 + (u_char *)(h + 1); 4381 value_len = value[-1]; 4382 name = value + value_len; 4383 name_len = len - value_len - 5; 4384 if (name_len < 0) { 4385 if (debug) { 4386 log(LOG_DEBUG, 4387 "%s: chap corrupted challenge " 4388 "<%s id=0x%x len=%d", 4389 ifp->if_xname, 4390 sppp_auth_type_name(PPP_CHAP, h->type), 4391 h->ident, ntohs(h->len)); 4392 if (len > 4) 4393 sppp_print_bytes((u_char *)(h + 1), 4394 len - 4); 4395 addlog(">\n"); 4396 } 4397 break; 4398 } 4399 4400 if (debug) { 4401 log(LOG_DEBUG, 4402 "%s: chap input <%s id=0x%x len=%d name=", 4403 ifp->if_xname, 4404 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 4405 ntohs(h->len)); 4406 sppp_print_string((char *) name, name_len); 4407 addlog(" value-size=%d value=", value_len); 4408 sppp_print_bytes(value, value_len); 4409 addlog(">\n"); 4410 } 4411 4412 /* Compute reply value. */ 4413 MD5Init(&ctx); 4414 MD5Update(&ctx, &h->ident, 1); 4415 MD5Update(&ctx, sp->myauth.secret, sp->myauth.secret_len); 4416 MD5Update(&ctx, value, value_len); 4417 MD5Final(sp->chap.digest, &ctx); 4418 sp->chap.digest_len = sizeof(sp->chap.digest); 4419 sp->scp[IDX_CHAP].rconfid = h->ident; 4420 4421 sppp_wq_add(sp->wq_cp, &sp->chap.work_challenge_rcvd); 4422 break; 4423 4424 case CHAP_SUCCESS: 4425 if (debug) { 4426 log(LOG_DEBUG, "%s: chap success", 4427 ifp->if_xname); 4428 if (len > 4) { 4429 addlog(": "); 4430 sppp_print_string((char *)(h + 1), len - 4); 4431 } 4432 addlog("\n"); 4433 } 4434 4435 if (h->ident != sp->scp[IDX_CHAP].rconfid) { 4436 if (debug) { 4437 log(LOG_DEBUG, "%s: %s id mismatch 0x%x != 0x%x\n", 4438 ifp->if_xname, chap.name, 4439 h->ident, sp->scp[IDX_CHAP].rconfid); 4440 } 4441 if_statinc(ifp, if_ierrors); 4442 break; 4443 } 4444 4445 if (sp->chap.digest_len == 0) { 4446 if (debug) { 4447 log(LOG_DEBUG, 4448 "%s: receive CHAP success without challenge\n", 4449 ifp->if_xname); 4450 } 4451 if_statinc(ifp, if_ierrors); 4452 break; 4453 } 4454 4455 x = splnet(); 4456 sp->pp_auth_failures = 0; 4457 sp->pp_flags &= ~PP_NEEDAUTH; 4458 splx(x); 4459 memset(sp->chap.digest, 0, sizeof(sp->chap.digest)); 4460 sp->chap.digest_len = 0; 4461 4462 if (!ISSET(sppp_auth_role(&chap, sp), SPPP_AUTH_SERV)) { 4463 /* 4464 * we are not authenticator for CHAP, 4465 * generate a dummy RCR+ event without CHAP_RESPONSE 4466 */ 4467 sp->scp[IDX_CHAP].rcr_type = CP_RCR_ACK; 4468 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rcr); 4469 } 4470 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rca); 4471 break; 4472 4473 case CHAP_FAILURE: 4474 if (h->ident != sp->scp[IDX_CHAP].rconfid) { 4475 if (debug) { 4476 log(LOG_DEBUG, "%s: %s id mismatch 0x%x != 0x%x\n", 4477 ifp->if_xname, chap.name, 4478 h->ident, sp->scp[IDX_CHAP].rconfid); 4479 } 4480 if_statinc(ifp, if_ierrors); 4481 break; 4482 } 4483 4484 if (sp->chap.digest_len == 0) { 4485 if (debug) { 4486 log(LOG_DEBUG, 4487 "%s: receive CHAP failure without challenge\n", 4488 ifp->if_xname); 4489 } 4490 if_statinc(ifp, if_ierrors); 4491 break; 4492 } 4493 4494 x = splnet(); 4495 sp->pp_auth_failures++; 4496 splx(x); 4497 if (debug) { 4498 log(LOG_INFO, "%s: chap failure", 4499 ifp->if_xname); 4500 if (len > 4) { 4501 addlog(": "); 4502 sppp_print_string((char *)(h + 1), len - 4); 4503 } 4504 addlog("\n"); 4505 } else 4506 log(LOG_INFO, "%s: chap failure\n", 4507 ifp->if_xname); 4508 4509 memset(sp->chap.digest, 0, sizeof(sp->chap.digest)); 4510 sp->chap.digest_len = 0; 4511 /* 4512 * await LCP shutdown by authenticator, 4513 * so we don't have to enqueue sc->scp[IDX_CHAP].work_rcn 4514 */ 4515 break; 4516 4517 /* response is my authproto */ 4518 case CHAP_RESPONSE: 4519 if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) { 4520 /* can't do anything useful */ 4521 printf("%s: chap response" 4522 " without his name and his secret being set\n", 4523 ifp->if_xname); 4524 break; 4525 } 4526 value = 1 + (u_char *)(h + 1); 4527 value_len = value[-1]; 4528 name = value + value_len; 4529 name_len = len - value_len - 5; 4530 if (name_len < 0) { 4531 if (debug) { 4532 log(LOG_DEBUG, 4533 "%s: chap corrupted response " 4534 "<%s id=0x%x len=%d", 4535 ifp->if_xname, 4536 sppp_auth_type_name(PPP_CHAP, h->type), 4537 h->ident, ntohs(h->len)); 4538 if (len > 4) 4539 sppp_print_bytes((u_char *)(h + 1), 4540 len - 4); 4541 addlog(">\n"); 4542 } 4543 break; 4544 } 4545 if (h->ident != sp->scp[IDX_CHAP].confid) { 4546 if (debug) 4547 log(LOG_DEBUG, 4548 "%s: chap dropping response for old ID " 4549 "(got %d, expected %d)\n", 4550 ifp->if_xname, 4551 h->ident, sp->scp[IDX_CHAP].confid); 4552 break; 4553 } else { 4554 sp->scp[IDX_CHAP].rconfid = h->ident; 4555 } 4556 4557 if (sp->hisauth.name != NULL && 4558 (name_len != sp->hisauth.name_len 4559 || memcmp(name, sp->hisauth.name, name_len) != 0)) { 4560 log(LOG_INFO, "%s: chap response, his name ", 4561 ifp->if_xname); 4562 sppp_print_string(name, name_len); 4563 addlog(" != expected "); 4564 sppp_print_string(sp->hisauth.name, 4565 sp->hisauth.name_len); 4566 addlog("\n"); 4567 4568 /* generate RCR- event */ 4569 sp->scp[IDX_CHAP].rcr_type = CP_RCR_NAK; 4570 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rcr); 4571 break; 4572 } 4573 4574 if (debug) { 4575 log(LOG_DEBUG, "%s: chap input(%s) " 4576 "<%s id=0x%x len=%d name=", 4577 ifp->if_xname, 4578 sppp_state_name(sp->scp[IDX_CHAP].state), 4579 sppp_auth_type_name(PPP_CHAP, h->type), 4580 h->ident, ntohs(h->len)); 4581 sppp_print_string((char *)name, name_len); 4582 addlog(" value-size=%d value=", value_len); 4583 sppp_print_bytes(value, value_len); 4584 addlog(">\n"); 4585 } 4586 4587 if (value_len == sizeof(sp->chap.challenge) && 4588 value_len == sizeof(sp->chap.digest)) { 4589 MD5Init(&ctx); 4590 MD5Update(&ctx, &h->ident, 1); 4591 MD5Update(&ctx, sp->hisauth.secret, sp->hisauth.secret_len); 4592 MD5Update(&ctx, sp->chap.challenge, sizeof(sp->chap.challenge)); 4593 MD5Final(digest, &ctx); 4594 4595 if (memcmp(digest, value, value_len) == 0) { 4596 sp->scp[IDX_CHAP].rcr_type = CP_RCR_ACK; 4597 if (!ISSET(sppp_auth_role(&chap, sp), SPPP_AUTH_PEER) || 4598 sp->chap.rechallenging) { 4599 /* generate a dummy RCA event*/ 4600 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rca); 4601 } 4602 } else { 4603 sp->scp[IDX_CHAP].rcr_type = CP_RCR_NAK; 4604 } 4605 } else { 4606 if (debug) 4607 log(LOG_DEBUG, 4608 "%s: chap bad hash value length: " 4609 "%d bytes, should be %zu\n", 4610 ifp->if_xname, value_len, 4611 sizeof(sp->chap.challenge)); 4612 4613 sp->scp[IDX_CHAP].rcr_type = CP_RCR_NAK; 4614 } 4615 4616 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rcr); 4617 break; 4618 4619 default: 4620 /* Unknown CHAP packet type -- ignore. */ 4621 if (debug) { 4622 log(LOG_DEBUG, "%s: chap unknown input(%s) " 4623 "<0x%x id=0x%xh len=%d", 4624 ifp->if_xname, 4625 sppp_state_name(sp->scp[IDX_CHAP].state), 4626 h->type, h->ident, ntohs(h->len)); 4627 if (len > 4) 4628 sppp_print_bytes((u_char *)(h + 1), len - 4); 4629 addlog(">\n"); 4630 } 4631 break; 4632 4633 } 4634 4635 SPPP_UNLOCK(sp); 4636 } 4637 4638 static void 4639 sppp_chap_init(struct sppp *sp) 4640 { 4641 4642 KASSERT(SPPP_WLOCKED(sp)); 4643 4644 sppp_cp_init(&chap, sp); 4645 4646 SPPP_WQ_SET(&sp->chap.work_challenge_rcvd, 4647 sppp_chap_rcv_challenge_event, &chap); 4648 } 4649 4650 static void 4651 sppp_chap_open(struct sppp *sp, void *xcp) 4652 { 4653 4654 KASSERT(SPPP_WLOCKED(sp)); 4655 4656 memset(sp->chap.digest, 0, sizeof(sp->chap.digest)); 4657 sp->chap.digest_len = 0; 4658 sp->chap.rechallenging = false; 4659 sp->chap.response_rcvd = false; 4660 sppp_open_event(sp, xcp); 4661 } 4662 4663 static void 4664 sppp_chap_tlu(struct sppp *sp) 4665 { 4666 STDDCL; 4667 int i, x; 4668 4669 KASSERT(SPPP_WLOCKED(sp)); 4670 4671 i = 0; 4672 sp->scp[IDX_CHAP].rst_counter = sp->lcp.max_configure; 4673 x = splnet(); 4674 sp->pp_auth_failures = 0; 4675 splx(x); 4676 4677 log(LOG_DEBUG, "%s: chap %s", ifp->if_xname, 4678 sp->pp_phase == SPPP_PHASE_NETWORK ? "reconfirmed" : "tlu"); 4679 4680 /* 4681 * Some broken CHAP implementations (Conware CoNet, firmware 4682 * 4.0.?) don't want to re-authenticate their CHAP once the 4683 * initial challenge-response exchange has taken place. 4684 * Provide for an option to avoid rechallenges. 4685 */ 4686 if (ISSET(sppp_auth_role(&chap, sp), SPPP_AUTH_SERV) && 4687 (sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) { 4688 /* 4689 * Compute the re-challenge timeout. This will yield 4690 * a number between 300 and 810 seconds. 4691 */ 4692 i = 300 + ((unsigned)(cprng_fast32() & 0xff00) >> 7); 4693 callout_schedule(&sp->scp[IDX_CHAP].ch, i * hz); 4694 4695 if (debug) { 4696 addlog(", next rechallenge in %d seconds", i); 4697 } 4698 } 4699 4700 addlog("\n"); 4701 4702 /* 4703 * If we are already in phase network, we are done here. This 4704 * is the case if this is a dummy tlu event after a re-challenge. 4705 */ 4706 if (sp->pp_phase != SPPP_PHASE_NETWORK) 4707 sppp_phase_network(sp); 4708 } 4709 4710 static void 4711 sppp_chap_scr(struct sppp *sp) 4712 { 4713 uint32_t *ch; 4714 u_char clen, dsize; 4715 int role; 4716 4717 KASSERT(SPPP_WLOCKED(sp)); 4718 4719 role = sppp_auth_role(&chap, sp); 4720 4721 if (ISSET(role, SPPP_AUTH_SERV) && 4722 !sp->chap.response_rcvd) { 4723 /* we are authenticator for CHAP, send challenge */ 4724 ch = (uint32_t *)sp->chap.challenge; 4725 clen = sizeof(sp->chap.challenge); 4726 /* Compute random challenge. */ 4727 cprng_strong(kern_cprng, ch, clen, 0); 4728 4729 sp->scp[IDX_CHAP].confid = ++sp->scp[IDX_CHAP].seq; 4730 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->scp[IDX_CHAP].confid, 4731 sizeof(clen), (const char *)&clen, 4732 sizeof(sp->chap.challenge), sp->chap.challenge, 4733 0); 4734 } 4735 4736 if (ISSET(role, SPPP_AUTH_PEER) && 4737 sp->chap.digest_len > 0) { 4738 /* we are peer for CHAP, send response */ 4739 dsize = sp->chap.digest_len; 4740 4741 sppp_auth_send(&chap, sp, CHAP_RESPONSE, sp->scp[IDX_CHAP].rconfid, 4742 sizeof(dsize), (const char *)&dsize, 4743 sp->chap.digest_len, sp->chap.digest, 4744 sp->myauth.name_len, sp->myauth.name, 0); 4745 } 4746 } 4747 4748 static void 4749 sppp_chap_rcv_challenge_event(struct sppp *sp, void *xcp) 4750 { 4751 const struct cp *cp = xcp; 4752 4753 sp->chap.rechallenging = false; 4754 4755 switch (sp->scp[IDX_CHAP].state) { 4756 case STATE_REQ_SENT: 4757 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 4758 cp->scr(sp); 4759 break; 4760 case STATE_OPENED: 4761 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 4762 cp->scr(sp); 4763 break; 4764 } 4765 } 4766 4767 /* 4768 *--------------------------------------------------------------------------* 4769 * * 4770 * The PAP implementation. * 4771 * * 4772 *--------------------------------------------------------------------------* 4773 */ 4774 /* 4775 * PAP uses following actions and events. 4776 * Actions: 4777 * - scr: send PAP_REQ 4778 * - sca: send PAP_ACK 4779 * - scn: send PAP_NAK 4780 * Events: 4781 * - RCR+: receive PAP_REQ containing correct username and password 4782 * - RCR-: receive PAP_REQ containing wrong username and password 4783 * - RCA: receive PAP_ACK 4784 * - RCN: (this event is unused) 4785 * - TO+: re-send PAP_REQ 4786 * - TO-: this layer finish 4787 */ 4788 4789 /* 4790 * Handle incoming PAP packets. */ 4791 static void 4792 sppp_pap_input(struct sppp *sp, struct mbuf *m) 4793 { 4794 STDDCL; 4795 struct lcp_header *h; 4796 int len, x; 4797 char *name, *secret; 4798 int name_len, secret_len; 4799 4800 /* 4801 * Malicious input might leave this uninitialized, so 4802 * init to an impossible value. 4803 */ 4804 secret_len = -1; 4805 4806 len = m->m_pkthdr.len; 4807 if (len < 5) { 4808 if (debug) 4809 log(LOG_DEBUG, 4810 "%s: pap invalid packet length: %d bytes\n", 4811 ifp->if_xname, len); 4812 return; 4813 } 4814 h = mtod(m, struct lcp_header *); 4815 if (len > ntohs(h->len)) 4816 len = ntohs(h->len); 4817 4818 SPPP_LOCK(sp, RW_WRITER); 4819 4820 switch (h->type) { 4821 /* PAP request is my authproto */ 4822 case PAP_REQ: 4823 if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) { 4824 /* can't do anything useful */ 4825 printf("%s: pap request" 4826 " without his name and his secret being set\n", 4827 ifp->if_xname); 4828 break; 4829 } 4830 name = 1 + (u_char *)(h + 1); 4831 name_len = name[-1]; 4832 secret = name + name_len + 1; 4833 if (name_len > len - 6 || 4834 (secret_len = secret[-1]) > len - 6 - name_len) { 4835 if (debug) { 4836 log(LOG_DEBUG, "%s: pap corrupted input " 4837 "<%s id=0x%x len=%d", 4838 ifp->if_xname, 4839 sppp_auth_type_name(PPP_PAP, h->type), 4840 h->ident, ntohs(h->len)); 4841 if (len > 4) 4842 sppp_print_bytes((u_char *)(h + 1), 4843 len - 4); 4844 addlog(">\n"); 4845 } 4846 break; 4847 } 4848 if (debug) { 4849 log(LOG_DEBUG, "%s: pap input(%s) " 4850 "<%s id=0x%x len=%d name=", 4851 ifp->if_xname, 4852 sppp_state_name(sp->scp[IDX_PAP].state), 4853 sppp_auth_type_name(PPP_PAP, h->type), 4854 h->ident, ntohs(h->len)); 4855 sppp_print_string((char *)name, name_len); 4856 addlog(" secret="); 4857 sppp_print_string((char *)secret, secret_len); 4858 addlog(">\n"); 4859 } 4860 4861 sp->scp[IDX_PAP].rconfid = h->ident; 4862 4863 if (name_len == sp->hisauth.name_len && 4864 memcmp(name, sp->hisauth.name, name_len) == 0 && 4865 secret_len == sp->hisauth.secret_len && 4866 memcmp(secret, sp->hisauth.secret, secret_len) == 0) { 4867 sp->scp[IDX_PAP].rcr_type = CP_RCR_ACK; 4868 if (!ISSET(sppp_auth_role(&pap, sp), SPPP_AUTH_PEER)) { 4869 /* generate a dummy RCA event*/ 4870 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rca); 4871 } 4872 } else { 4873 sp->scp[IDX_PAP].rcr_type = CP_RCR_NAK; 4874 } 4875 4876 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rcr); 4877 break; 4878 4879 /* ack and nak are his authproto */ 4880 case PAP_ACK: 4881 if (debug) { 4882 log(LOG_DEBUG, "%s: pap success", 4883 ifp->if_xname); 4884 name = 1 + (u_char *)(h + 1); 4885 name_len = name[-1]; 4886 if (len > 5 && name_len < len+4) { 4887 addlog(": "); 4888 sppp_print_string(name, name_len); 4889 } 4890 addlog("\n"); 4891 } 4892 4893 if (h->ident != sp->scp[IDX_PAP].confid) { 4894 if (debug) { 4895 log(LOG_DEBUG, "%s: %s id mismatch 0x%x != 0x%x\n", 4896 ifp->if_xname, pap.name, 4897 h->ident, sp->scp[IDX_PAP].rconfid); 4898 } 4899 if_statinc(ifp, if_ierrors); 4900 break; 4901 } 4902 4903 x = splnet(); 4904 sp->pp_auth_failures = 0; 4905 sp->pp_flags &= ~PP_NEEDAUTH; 4906 splx(x); 4907 4908 /* we are not authenticator, generate a dummy RCR+ event */ 4909 if (!ISSET(sppp_auth_role(&pap, sp), SPPP_AUTH_SERV)) { 4910 sp->scp[IDX_PAP].rcr_type = CP_RCR_ACK; 4911 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rcr); 4912 } 4913 4914 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rca); 4915 break; 4916 4917 case PAP_NAK: 4918 if (debug) { 4919 log(LOG_INFO, "%s: pap failure", 4920 ifp->if_xname); 4921 name = 1 + (u_char *)(h + 1); 4922 name_len = name[-1]; 4923 if (len > 5 && name_len < len+4) { 4924 addlog(": "); 4925 sppp_print_string(name, name_len); 4926 } 4927 addlog("\n"); 4928 } else 4929 log(LOG_INFO, "%s: pap failure\n", 4930 ifp->if_xname); 4931 4932 if (h->ident != sp->scp[IDX_PAP].confid) { 4933 if (debug) { 4934 log(LOG_DEBUG, "%s: %s id mismatch 0x%x != 0x%x\n", 4935 ifp->if_xname, pap.name, 4936 h->ident, sp->scp[IDX_PAP].rconfid); 4937 } 4938 if_statinc(ifp, if_ierrors); 4939 break; 4940 } 4941 4942 sp->pp_auth_failures++; 4943 /* 4944 * await LCP shutdown by authenticator, 4945 * so we don't have to enqueue sc->scp[IDX_PAP].work_rcn 4946 */ 4947 break; 4948 4949 default: 4950 /* Unknown PAP packet type -- ignore. */ 4951 if (debug) { 4952 log(LOG_DEBUG, "%s: pap corrupted input " 4953 "<0x%x id=0x%x len=%d", 4954 ifp->if_xname, 4955 h->type, h->ident, ntohs(h->len)); 4956 if (len > 4) 4957 sppp_print_bytes((u_char *)(h + 1), len - 4); 4958 addlog(">\n"); 4959 } 4960 break; 4961 } 4962 4963 SPPP_UNLOCK(sp); 4964 } 4965 4966 static void 4967 sppp_pap_init(struct sppp *sp) 4968 { 4969 4970 KASSERT(SPPP_WLOCKED(sp)); 4971 sppp_cp_init(&pap, sp); 4972 } 4973 4974 static void 4975 sppp_pap_tlu(struct sppp *sp) 4976 { 4977 STDDCL; 4978 int x; 4979 4980 sp->scp[IDX_PAP].rst_counter = sp->lcp.max_configure; 4981 4982 if (debug) 4983 log(LOG_DEBUG, "%s: %s tlu\n", 4984 ifp->if_xname, pap.name); 4985 4986 x = splnet(); 4987 sp->pp_auth_failures = 0; 4988 splx(x); 4989 4990 if (sp->pp_phase < SPPP_PHASE_NETWORK) 4991 sppp_phase_network(sp); 4992 } 4993 4994 static void 4995 sppp_pap_scr(struct sppp *sp) 4996 { 4997 u_char idlen, pwdlen; 4998 4999 KASSERT(SPPP_WLOCKED(sp)); 5000 5001 if (ISSET(sppp_auth_role(&pap, sp), SPPP_AUTH_PEER) && 5002 sp->scp[IDX_PAP].state != STATE_ACK_RCVD) { 5003 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 5004 log(LOG_DEBUG, "%s: couldn't send PAP_REQ " 5005 "because of no name or no secret\n", 5006 sp->pp_if.if_xname); 5007 } else { 5008 sp->scp[IDX_PAP].confid = ++sp->scp[IDX_PAP].seq; 5009 pwdlen = sp->myauth.secret_len; 5010 idlen = sp->myauth.name_len; 5011 5012 sppp_auth_send(&pap, sp, PAP_REQ, sp->scp[IDX_PAP].confid, 5013 sizeof idlen, (const char *)&idlen, 5014 idlen, sp->myauth.name, 5015 sizeof pwdlen, (const char *)&pwdlen, 5016 pwdlen, sp->myauth.secret, 5017 0); 5018 } 5019 } 5020 } 5021 5022 /* 5023 * Random miscellaneous functions. 5024 */ 5025 5026 /* 5027 * Send a PAP or CHAP proto packet. 5028 * 5029 * Varadic function, each of the elements for the ellipsis is of type 5030 * ``size_t mlen, const u_char *msg''. Processing will stop iff 5031 * mlen == 0. 5032 * NOTE: never declare variadic functions with types subject to type 5033 * promotion (i.e. u_char). This is asking for big trouble depending 5034 * on the architecture you are on... 5035 */ 5036 5037 static void 5038 sppp_auth_send(const struct cp *cp, struct sppp *sp, 5039 unsigned int type, unsigned int id, 5040 ...) 5041 { 5042 STDDCL; 5043 struct lcp_header *lh; 5044 struct mbuf *m; 5045 u_char *p; 5046 int len; 5047 size_t pkthdrlen; 5048 unsigned int mlen; 5049 const char *msg; 5050 va_list ap; 5051 5052 KASSERT(SPPP_WLOCKED(sp)); 5053 5054 MGETHDR(m, M_DONTWAIT, MT_DATA); 5055 if (! m) 5056 return; 5057 m_reset_rcvif(m); 5058 5059 if (sp->pp_flags & PP_NOFRAMING) { 5060 *mtod(m, uint16_t *) = htons(cp->proto); 5061 pkthdrlen = 2; 5062 lh = (struct lcp_header *)(mtod(m, uint8_t *)+2); 5063 } else { 5064 struct ppp_header *h; 5065 h = mtod(m, struct ppp_header *); 5066 h->address = PPP_ALLSTATIONS; /* broadcast address */ 5067 h->control = PPP_UI; /* Unnumbered Info */ 5068 h->protocol = htons(cp->proto); 5069 pkthdrlen = PPP_HEADER_LEN; 5070 5071 lh = (struct lcp_header *)(h + 1); 5072 } 5073 5074 lh->type = type; 5075 lh->ident = id; 5076 p = (u_char *)(lh + 1); 5077 5078 va_start(ap, id); 5079 len = 0; 5080 5081 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 5082 msg = va_arg(ap, const char *); 5083 len += mlen; 5084 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) { 5085 va_end(ap); 5086 m_freem(m); 5087 return; 5088 } 5089 5090 memcpy(p, msg, mlen); 5091 p += mlen; 5092 } 5093 va_end(ap); 5094 5095 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 5096 lh->len = htons(LCP_HEADER_LEN + len); 5097 5098 if (debug) { 5099 log(LOG_DEBUG, "%s: %s output <%s id=0x%x len=%d", 5100 ifp->if_xname, cp->name, 5101 sppp_auth_type_name(cp->proto, lh->type), 5102 lh->ident, ntohs(lh->len)); 5103 if (len) 5104 sppp_print_bytes((u_char *)(lh + 1), len); 5105 addlog(">\n"); 5106 } 5107 if (IF_QFULL(&sp->pp_cpq)) { 5108 IF_DROP(&sp->pp_fastq); 5109 IF_DROP(&ifp->if_snd); 5110 m_freem(m); 5111 if_statinc(ifp, if_oerrors); 5112 return; 5113 } 5114 5115 if_statadd(ifp, if_obytes, m->m_pkthdr.len + sp->pp_framebytes); 5116 IF_ENQUEUE(&sp->pp_cpq, m); 5117 5118 if (! (ifp->if_flags & IFF_OACTIVE)) { 5119 SPPP_UNLOCK(sp); 5120 if_start_lock(ifp); 5121 SPPP_LOCK(sp, RW_WRITER); 5122 } 5123 } 5124 5125 static int 5126 sppp_auth_role(const struct cp *cp, struct sppp *sp) 5127 { 5128 int role; 5129 5130 role = SPPP_AUTH_NOROLE; 5131 5132 if (sp->hisauth.proto == cp->proto && 5133 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) 5134 SET(role, SPPP_AUTH_SERV); 5135 5136 if (sp->myauth.proto == cp->proto) 5137 SET(role, SPPP_AUTH_PEER); 5138 5139 return role; 5140 } 5141 5142 static void 5143 sppp_auth_to_event(struct sppp *sp, void *xcp) 5144 { 5145 const struct cp *cp = xcp; 5146 bool override; 5147 int state; 5148 STDDCL; 5149 5150 KASSERT(SPPP_WLOCKED(sp)); 5151 5152 override = false; 5153 state = sp->scp[cp->protoidx].state; 5154 5155 if (sp->scp[cp->protoidx].rst_counter > 0) { 5156 /* override TO+ event */ 5157 switch (state) { 5158 case STATE_OPENED: 5159 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) { 5160 override = true; 5161 sp->chap.rechallenging = true; 5162 sp->chap.response_rcvd = false; 5163 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 5164 cp->scr(sp); 5165 } 5166 break; 5167 5168 case STATE_ACK_RCVD: 5169 override = true; 5170 cp->scr(sp); 5171 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 5172 break; 5173 } 5174 } 5175 5176 if (override) { 5177 if (debug) 5178 log(LOG_DEBUG, "%s: %s TO(%s) rst_counter = %d\n", 5179 ifp->if_xname, cp->name, 5180 sppp_state_name(state), 5181 sp->scp[cp->protoidx].rst_counter); 5182 sp->scp[cp->protoidx].rst_counter--; 5183 } else { 5184 sppp_to_event(sp, xcp); 5185 } 5186 } 5187 5188 static void 5189 sppp_auth_sca_scn(const struct cp *cp, struct sppp *sp) 5190 { 5191 static const char *succmsg = "Welcome!"; 5192 static const char *failmsg = "Failed..."; 5193 const char *msg; 5194 u_char type, rconfid, mlen; 5195 5196 KASSERT(SPPP_WLOCKED(sp)); 5197 5198 if (!ISSET(sppp_auth_role(cp, sp), SPPP_AUTH_SERV)) 5199 return; 5200 5201 rconfid = sp->scp[cp->protoidx].rconfid; 5202 5203 if (sp->scp[cp->protoidx].rcr_type == CP_RCR_ACK) { 5204 type = cp->proto == PPP_CHAP ? CHAP_SUCCESS : PAP_ACK; 5205 msg = succmsg; 5206 mlen = sizeof(succmsg) - 1; 5207 5208 sp->pp_auth_failures = 0; 5209 } else { 5210 type = cp->proto == PPP_CHAP ? CHAP_FAILURE : PAP_NAK; 5211 msg = failmsg; 5212 mlen = sizeof(failmsg) - 1; 5213 5214 /* shutdown LCP if auth failed */ 5215 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 5216 sp->pp_auth_failures++; 5217 } 5218 5219 sppp_auth_send(cp, sp, type, rconfid, 5220 mlen, (const u_char *)msg, 0); 5221 } 5222 5223 /* 5224 * Send keepalive packets, every 10 seconds. 5225 */ 5226 static void 5227 sppp_keepalive(void *dummy) 5228 { 5229 struct sppp *sp; 5230 int s; 5231 time_t now; 5232 5233 SPPPQ_LOCK(); 5234 5235 s = splnet(); 5236 now = time_uptime; 5237 for (sp=spppq; sp; sp=sp->pp_next) { 5238 struct ifnet *ifp = NULL; 5239 5240 SPPP_LOCK(sp, RW_WRITER); 5241 ifp = &sp->pp_if; 5242 5243 /* check idle timeout */ 5244 if ((sp->pp_idle_timeout != 0) && (ifp->if_flags & IFF_RUNNING) 5245 && (sp->pp_phase == SPPP_PHASE_NETWORK)) { 5246 /* idle timeout is enabled for this interface */ 5247 if ((now-sp->pp_last_activity) >= sp->pp_idle_timeout) { 5248 if (ifp->if_flags & IFF_DEBUG) 5249 printf("%s: no activity for %lu seconds\n", 5250 sp->pp_if.if_xname, 5251 (unsigned long)(now-sp->pp_last_activity)); 5252 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 5253 SPPP_UNLOCK(sp); 5254 continue; 5255 } 5256 } 5257 5258 /* Keepalive mode disabled or channel down? */ 5259 if (! (sp->pp_flags & PP_KEEPALIVE) || 5260 ! (ifp->if_flags & IFF_RUNNING)) { 5261 SPPP_UNLOCK(sp); 5262 continue; 5263 } 5264 5265 /* No keepalive in PPP mode if LCP not opened yet. */ 5266 if (! (sp->pp_flags & PP_CISCO) && 5267 sp->pp_phase < SPPP_PHASE_AUTHENTICATE) { 5268 SPPP_UNLOCK(sp); 5269 continue; 5270 } 5271 5272 /* No echo reply, but maybe user data passed through? */ 5273 if ((now - sp->pp_last_receive) < sp->pp_max_noreceive) { 5274 sp->pp_alivecnt = 0; 5275 SPPP_UNLOCK(sp); 5276 continue; 5277 } 5278 5279 if (sp->pp_alivecnt >= sp->pp_maxalive) { 5280 /* No keepalive packets got. Stop the interface. */ 5281 sppp_wq_add(sp->wq_cp, &sp->work_ifdown); 5282 5283 if (! (sp->pp_flags & PP_CISCO)) { 5284 printf("%s: LCP keepalive timed out, going to restart the connection\n", 5285 ifp->if_xname); 5286 sp->pp_alivecnt = 0; 5287 5288 /* we are down, close all open protocols */ 5289 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 5290 5291 /* And now prepare LCP to reestablish the link, if configured to do so. */ 5292 sp->lcp.reestablish = true; 5293 5294 SPPP_UNLOCK(sp); 5295 continue; 5296 } 5297 } 5298 if (sp->pp_alivecnt < sp->pp_maxalive) 5299 ++sp->pp_alivecnt; 5300 if (sp->pp_flags & PP_CISCO) 5301 sppp_cisco_send(sp, CISCO_KEEPALIVE_REQ, 5302 ++sp->scp[IDX_LCP].seq, sp->scp[IDX_LCP].rseq); 5303 else if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 5304 int32_t nmagic = htonl(sp->lcp.magic); 5305 sp->lcp.echoid = ++sp->scp[IDX_LCP].seq; 5306 sppp_cp_send(sp, PPP_LCP, ECHO_REQ, 5307 sp->lcp.echoid, 4, &nmagic); 5308 } 5309 5310 SPPP_UNLOCK(sp); 5311 } 5312 splx(s); 5313 callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 5314 5315 SPPPQ_UNLOCK(); 5316 } 5317 5318 #ifdef INET 5319 /* 5320 * Get both IP addresses. 5321 */ 5322 static void 5323 sppp_get_ip_addrs(struct sppp *sp, uint32_t *src, uint32_t *dst, uint32_t *srcmask) 5324 { 5325 struct ifnet *ifp = &sp->pp_if; 5326 struct ifaddr *ifa; 5327 struct sockaddr_in *si, *sm; 5328 uint32_t ssrc, ddst; 5329 int s; 5330 struct psref psref; 5331 5332 sm = NULL; 5333 ssrc = ddst = 0; 5334 /* 5335 * Pick the first AF_INET address from the list, 5336 * aliases don't make any sense on a p2p link anyway. 5337 */ 5338 si = 0; 5339 s = pserialize_read_enter(); 5340 IFADDR_READER_FOREACH(ifa, ifp) { 5341 if (ifa->ifa_addr->sa_family == AF_INET) { 5342 si = (struct sockaddr_in *)ifa->ifa_addr; 5343 sm = (struct sockaddr_in *)ifa->ifa_netmask; 5344 if (si) { 5345 ifa_acquire(ifa, &psref); 5346 break; 5347 } 5348 } 5349 } 5350 pserialize_read_exit(s); 5351 if (ifa) { 5352 if (si && si->sin_addr.s_addr) { 5353 ssrc = si->sin_addr.s_addr; 5354 if (srcmask) 5355 *srcmask = ntohl(sm->sin_addr.s_addr); 5356 } 5357 5358 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 5359 if (si && si->sin_addr.s_addr) 5360 ddst = si->sin_addr.s_addr; 5361 ifa_release(ifa, &psref); 5362 } 5363 5364 if (dst) *dst = ntohl(ddst); 5365 if (src) *src = ntohl(ssrc); 5366 } 5367 5368 /* 5369 * Set IP addresses. Must be called at splnet. 5370 * If an address is 0, leave it the way it is. 5371 */ 5372 static void 5373 sppp_set_ip_addrs_work(struct work *wk, struct sppp *sp) 5374 { 5375 STDDCL; 5376 struct ifaddr *ifa; 5377 struct sockaddr_in *si, *dest; 5378 uint32_t myaddr = 0, hisaddr = 0; 5379 int s; 5380 5381 IFNET_LOCK(ifp); 5382 5383 /* 5384 * Pick the first AF_INET address from the list, 5385 * aliases don't make any sense on a p2p link anyway. 5386 */ 5387 si = dest = NULL; 5388 s = pserialize_read_enter(); 5389 IFADDR_READER_FOREACH(ifa, ifp) { 5390 if (ifa->ifa_addr->sa_family == AF_INET) { 5391 si = (struct sockaddr_in *)ifa->ifa_addr; 5392 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 5393 break; 5394 } 5395 } 5396 pserialize_read_exit(s); 5397 5398 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && (sp->ipcp.flags & IPCP_MYADDR_SEEN)) 5399 myaddr = sp->ipcp.req_myaddr; 5400 else if (si != NULL) 5401 myaddr = ntohl(si->sin_addr.s_addr); 5402 5403 if ((sp->ipcp.flags & IPCP_HISADDR_DYN) && (sp->ipcp.flags & IPCP_HISADDR_SEEN)) 5404 hisaddr = sp->ipcp.req_hisaddr; 5405 else if (dest != NULL) 5406 hisaddr = ntohl(dest->sin_addr.s_addr); 5407 5408 if (si != NULL && dest != NULL) { 5409 int error; 5410 struct sockaddr_in new_sin = *si; 5411 struct sockaddr_in new_dst = *dest; 5412 5413 if (myaddr != 0) 5414 new_sin.sin_addr.s_addr = htonl(myaddr); 5415 if (hisaddr != 0) { 5416 new_dst.sin_addr.s_addr = htonl(hisaddr); 5417 if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) 5418 sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr; 5419 } 5420 5421 in_addrhash_remove(ifatoia(ifa)); 5422 5423 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, &new_dst, 0); 5424 5425 in_addrhash_insert(ifatoia(ifa)); 5426 5427 if (debug && error) 5428 { 5429 log(LOG_DEBUG, "%s: %s: in_ifinit failed, error=%d\n", 5430 ifp->if_xname, __func__, error); 5431 } 5432 if (!error) { 5433 pfil_run_addrhooks(if_pfil, SIOCAIFADDR, ifa); 5434 } 5435 } 5436 5437 if (ifp->if_mtu > sp->lcp.their_mru) { 5438 sp->pp_saved_mtu = ifp->if_mtu; 5439 ifp->if_mtu = sp->lcp.their_mru; 5440 if (debug) 5441 log(LOG_DEBUG, 5442 "%s: setting MTU to %" PRIu64 " bytes\n", 5443 ifp->if_xname, ifp->if_mtu); 5444 } 5445 5446 IFNET_UNLOCK(ifp); 5447 5448 sppp_notify_con(sp); 5449 } 5450 5451 static void 5452 sppp_set_ip_addrs(struct sppp *sp) 5453 { 5454 struct ifnet *ifp = &sp->pp_if; 5455 5456 if (!pcq_put(sp->ipcp.update_addrs_q, (void *)IPCP_SET_ADDRS)) { 5457 log(LOG_WARNING, "%s: cannot enqueued, ignore sppp_clear_ip_addrs\n", 5458 ifp->if_xname); 5459 return; 5460 } 5461 5462 if (atomic_swap_uint(&sp->ipcp.update_addrs_enqueued, 1) == 1) 5463 return; 5464 5465 workqueue_enqueue(sp->ipcp.update_addrs_wq, &sp->ipcp.update_addrs_wk, NULL); 5466 } 5467 5468 /* 5469 * Clear IP addresses. Must be called at splnet. 5470 */ 5471 static void 5472 sppp_clear_ip_addrs_work(struct work *wk, struct sppp *sp) 5473 { 5474 STDDCL; 5475 struct ifaddr *ifa; 5476 struct sockaddr_in *si, *dest; 5477 int s; 5478 5479 IFNET_LOCK(ifp); 5480 5481 /* 5482 * Pick the first AF_INET address from the list, 5483 * aliases don't make any sense on a p2p link anyway. 5484 */ 5485 si = dest = NULL; 5486 s = pserialize_read_enter(); 5487 IFADDR_READER_FOREACH(ifa, ifp) { 5488 if (ifa->ifa_addr->sa_family == AF_INET) { 5489 si = (struct sockaddr_in *)ifa->ifa_addr; 5490 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 5491 break; 5492 } 5493 } 5494 pserialize_read_exit(s); 5495 5496 if (si != NULL) { 5497 struct sockaddr_in new_sin = *si; 5498 struct sockaddr_in new_dst = *dest; 5499 int error; 5500 5501 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 5502 new_sin.sin_addr.s_addr = 0; 5503 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 5504 new_dst.sin_addr.s_addr = sp->ipcp.saved_hisaddr; 5505 5506 in_addrhash_remove(ifatoia(ifa)); 5507 5508 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, &new_dst, 0); 5509 5510 in_addrhash_insert(ifatoia(ifa)); 5511 5512 if (debug && error) 5513 { 5514 log(LOG_DEBUG, "%s: %s: in_ifinit failed, error=%d\n", 5515 ifp->if_xname, __func__, error); 5516 } 5517 if (!error) { 5518 pfil_run_addrhooks(if_pfil, SIOCAIFADDR, ifa); 5519 } 5520 } 5521 5522 if (sp->pp_saved_mtu > 0) { 5523 ifp->if_mtu = sp->pp_saved_mtu; 5524 sp->pp_saved_mtu = 0; 5525 if (debug) 5526 log(LOG_DEBUG, 5527 "%s: resetting MTU to %" PRIu64 " bytes\n", 5528 ifp->if_xname, ifp->if_mtu); 5529 } 5530 5531 IFNET_UNLOCK(ifp); 5532 } 5533 5534 static void 5535 sppp_clear_ip_addrs(struct sppp *sp) 5536 { 5537 struct ifnet *ifp = &sp->pp_if; 5538 5539 if (!pcq_put(sp->ipcp.update_addrs_q, (void *)IPCP_CLEAR_ADDRS)) { 5540 log(LOG_WARNING, "%s: cannot enqueued, ignore sppp_clear_ip_addrs\n", 5541 ifp->if_xname); 5542 return; 5543 } 5544 5545 if (atomic_swap_uint(&sp->ipcp.update_addrs_enqueued, 1) == 1) 5546 return; 5547 5548 workqueue_enqueue(sp->ipcp.update_addrs_wq, &sp->ipcp.update_addrs_wk, NULL); 5549 } 5550 5551 static void 5552 sppp_update_ip_addrs_work(struct work *wk, void *arg) 5553 { 5554 struct sppp *sp = arg; 5555 void *work; 5556 5557 atomic_swap_uint(&sp->ipcp.update_addrs_enqueued, 0); 5558 5559 while ((work = pcq_get(sp->ipcp.update_addrs_q)) != NULL) { 5560 int update = (intptr_t)work; 5561 5562 if (update == IPCP_SET_ADDRS) 5563 sppp_set_ip_addrs_work(wk, sp); 5564 else if (update == IPCP_CLEAR_ADDRS) 5565 sppp_clear_ip_addrs_work(wk, sp); 5566 } 5567 } 5568 #endif 5569 5570 #ifdef INET6 5571 /* 5572 * Get both IPv6 addresses. 5573 */ 5574 static void 5575 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 5576 struct in6_addr *srcmask) 5577 { 5578 struct ifnet *ifp = &sp->pp_if; 5579 struct ifaddr *ifa; 5580 struct sockaddr_in6 *si, *sm; 5581 struct in6_addr ssrc, ddst; 5582 int s; 5583 struct psref psref; 5584 5585 sm = NULL; 5586 memset(&ssrc, 0, sizeof(ssrc)); 5587 memset(&ddst, 0, sizeof(ddst)); 5588 /* 5589 * Pick the first link-local AF_INET6 address from the list, 5590 * aliases don't make any sense on a p2p link anyway. 5591 */ 5592 si = 0; 5593 s = pserialize_read_enter(); 5594 IFADDR_READER_FOREACH(ifa, ifp) { 5595 if (ifa->ifa_addr->sa_family == AF_INET6) { 5596 si = (struct sockaddr_in6 *)ifa->ifa_addr; 5597 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 5598 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) { 5599 ifa_acquire(ifa, &psref); 5600 break; 5601 } 5602 } 5603 } 5604 pserialize_read_exit(s); 5605 5606 if (ifa) { 5607 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 5608 memcpy(&ssrc, &si->sin6_addr, sizeof(ssrc)); 5609 if (srcmask) { 5610 memcpy(srcmask, &sm->sin6_addr, 5611 sizeof(*srcmask)); 5612 } 5613 } 5614 5615 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 5616 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 5617 memcpy(&ddst, &si->sin6_addr, sizeof(ddst)); 5618 ifa_release(ifa, &psref); 5619 } 5620 5621 if (dst) 5622 memcpy(dst, &ddst, sizeof(*dst)); 5623 if (src) 5624 memcpy(src, &ssrc, sizeof(*src)); 5625 } 5626 5627 #ifdef IPV6CP_MYIFID_DYN 5628 /* 5629 * Generate random ifid. 5630 */ 5631 static void 5632 sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 5633 { 5634 /* TBD */ 5635 } 5636 5637 /* 5638 * Set my IPv6 address. Must be called at splnet. 5639 */ 5640 static void 5641 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 5642 { 5643 STDDCL; 5644 struct ifaddr *ifa; 5645 struct sockaddr_in6 *sin6; 5646 int s; 5647 struct psref psref; 5648 5649 IFNET_LOCK(ifp); 5650 5651 /* 5652 * Pick the first link-local AF_INET6 address from the list, 5653 * aliases don't make any sense on a p2p link anyway. 5654 */ 5655 5656 sin6 = NULL; 5657 s = pserialize_read_enter(); 5658 IFADDR_READER_FOREACH(ifa, ifp) 5659 { 5660 if (ifa->ifa_addr->sa_family == AF_INET6) 5661 { 5662 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 5663 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 5664 ifa_acquire(ifa, &psref); 5665 break; 5666 } 5667 } 5668 } 5669 pserialize_read_exit(s); 5670 5671 if (ifa && sin6) 5672 { 5673 int error; 5674 struct sockaddr_in6 new_sin6 = *sin6; 5675 5676 memcpy(&new_sin6.sin6_addr, src, sizeof(new_sin6.sin6_addr)); 5677 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 5678 if (debug && error) 5679 { 5680 log(LOG_DEBUG, "%s: %s: in6_ifinit failed, error=%d\n", 5681 ifp->if_xname, __func__, error); 5682 } 5683 if (!error) { 5684 pfil_run_addrhooks(if_pfil, SIOCAIFADDR_IN6, ifa); 5685 } 5686 ifa_release(ifa, &psref); 5687 } 5688 5689 IFNET_UNLOCK(ifp); 5690 } 5691 #endif 5692 5693 /* 5694 * Suggest a candidate address to be used by peer. 5695 */ 5696 static void 5697 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 5698 { 5699 struct in6_addr myaddr; 5700 struct timeval tv; 5701 5702 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 5703 5704 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 5705 microtime(&tv); 5706 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 5707 myaddr.s6_addr[14] ^= 0xff; 5708 myaddr.s6_addr[15] ^= 0xff; 5709 } else { 5710 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 5711 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 5712 } 5713 if (suggest) 5714 memcpy(suggest, &myaddr, sizeof(myaddr)); 5715 } 5716 #endif /*INET6*/ 5717 5718 /* 5719 * Process ioctl requests specific to the PPP interface. 5720 * Permissions have already been checked. 5721 */ 5722 static int 5723 sppp_params(struct sppp *sp, u_long cmd, void *data) 5724 { 5725 switch (cmd) { 5726 case SPPPGETAUTHCFG: 5727 { 5728 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 5729 int error; 5730 size_t len; 5731 5732 SPPP_LOCK(sp, RW_READER); 5733 5734 cfg->myauthflags = sp->myauth.flags; 5735 cfg->hisauthflags = sp->hisauth.flags; 5736 strlcpy(cfg->ifname, sp->pp_if.if_xname, sizeof(cfg->ifname)); 5737 cfg->hisauth = 0; 5738 if (sp->hisauth.proto) 5739 cfg->hisauth = (sp->hisauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP; 5740 cfg->myauth = 0; 5741 if (sp->myauth.proto) 5742 cfg->myauth = (sp->myauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP; 5743 if (cfg->myname_length == 0) { 5744 if (sp->myauth.name != NULL) 5745 cfg->myname_length = sp->myauth.name_len + 1; 5746 } else { 5747 if (sp->myauth.name == NULL) { 5748 cfg->myname_length = 0; 5749 } else { 5750 len = sp->myauth.name_len + 1; 5751 5752 if (cfg->myname_length < len) { 5753 SPPP_UNLOCK(sp); 5754 return (ENAMETOOLONG); 5755 } 5756 error = copyout(sp->myauth.name, cfg->myname, len); 5757 if (error) { 5758 SPPP_UNLOCK(sp); 5759 return error; 5760 } 5761 } 5762 } 5763 if (cfg->hisname_length == 0) { 5764 if (sp->hisauth.name != NULL) 5765 cfg->hisname_length = sp->hisauth.name_len + 1; 5766 } else { 5767 if (sp->hisauth.name == NULL) { 5768 cfg->hisname_length = 0; 5769 } else { 5770 len = sp->hisauth.name_len + 1; 5771 5772 if (cfg->hisname_length < len) { 5773 SPPP_UNLOCK(sp); 5774 return (ENAMETOOLONG); 5775 } 5776 error = copyout(sp->hisauth.name, cfg->hisname, len); 5777 if (error) { 5778 SPPP_UNLOCK(sp); 5779 return error; 5780 } 5781 } 5782 } 5783 SPPP_UNLOCK(sp); 5784 } 5785 break; 5786 case SPPPSETAUTHCFG: 5787 { 5788 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 5789 int error; 5790 5791 SPPP_LOCK(sp, RW_WRITER); 5792 5793 if (sp->myauth.name) { 5794 free(sp->myauth.name, M_DEVBUF); 5795 sp->myauth.name = NULL; 5796 } 5797 if (sp->myauth.secret) { 5798 free(sp->myauth.secret, M_DEVBUF); 5799 sp->myauth.secret = NULL; 5800 } 5801 if (sp->hisauth.name) { 5802 free(sp->hisauth.name, M_DEVBUF); 5803 sp->hisauth.name = NULL; 5804 } 5805 if (sp->hisauth.secret) { 5806 free(sp->hisauth.secret, M_DEVBUF); 5807 sp->hisauth.secret = NULL; 5808 } 5809 5810 if (cfg->hisname != NULL && cfg->hisname_length > 0) { 5811 if (cfg->hisname_length >= MCLBYTES) { 5812 SPPP_UNLOCK(sp); 5813 return (ENAMETOOLONG); 5814 } 5815 sp->hisauth.name = malloc(cfg->hisname_length, M_DEVBUF, M_WAITOK); 5816 error = copyin(cfg->hisname, sp->hisauth.name, cfg->hisname_length); 5817 if (error) { 5818 free(sp->hisauth.name, M_DEVBUF); 5819 sp->hisauth.name = NULL; 5820 SPPP_UNLOCK(sp); 5821 return error; 5822 } 5823 sp->hisauth.name_len = cfg->hisname_length - 1; 5824 sp->hisauth.name[sp->hisauth.name_len] = 0; 5825 } 5826 if (cfg->hissecret != NULL && cfg->hissecret_length > 0) { 5827 if (cfg->hissecret_length >= MCLBYTES) { 5828 SPPP_UNLOCK(sp); 5829 return (ENAMETOOLONG); 5830 } 5831 sp->hisauth.secret = malloc(cfg->hissecret_length, 5832 M_DEVBUF, M_WAITOK); 5833 error = copyin(cfg->hissecret, sp->hisauth.secret, 5834 cfg->hissecret_length); 5835 if (error) { 5836 free(sp->hisauth.secret, M_DEVBUF); 5837 sp->hisauth.secret = NULL; 5838 SPPP_UNLOCK(sp); 5839 return error; 5840 } 5841 sp->hisauth.secret_len = cfg->hissecret_length - 1; 5842 sp->hisauth.secret[sp->hisauth.secret_len] = 0; 5843 } 5844 if (cfg->myname != NULL && cfg->myname_length > 0) { 5845 if (cfg->myname_length >= MCLBYTES) { 5846 SPPP_UNLOCK(sp); 5847 return (ENAMETOOLONG); 5848 } 5849 sp->myauth.name = malloc(cfg->myname_length, M_DEVBUF, M_WAITOK); 5850 error = copyin(cfg->myname, sp->myauth.name, cfg->myname_length); 5851 if (error) { 5852 free(sp->myauth.name, M_DEVBUF); 5853 sp->myauth.name = NULL; 5854 SPPP_UNLOCK(sp); 5855 return error; 5856 } 5857 sp->myauth.name_len = cfg->myname_length - 1; 5858 sp->myauth.name[sp->myauth.name_len] = 0; 5859 } 5860 if (cfg->mysecret != NULL && cfg->mysecret_length > 0) { 5861 if (cfg->mysecret_length >= MCLBYTES) { 5862 SPPP_UNLOCK(sp); 5863 return (ENAMETOOLONG); 5864 } 5865 sp->myauth.secret = malloc(cfg->mysecret_length, 5866 M_DEVBUF, M_WAITOK); 5867 error = copyin(cfg->mysecret, sp->myauth.secret, 5868 cfg->mysecret_length); 5869 if (error) { 5870 free(sp->myauth.secret, M_DEVBUF); 5871 sp->myauth.secret = NULL; 5872 SPPP_UNLOCK(sp); 5873 return error; 5874 } 5875 sp->myauth.secret_len = cfg->mysecret_length - 1; 5876 sp->myauth.secret[sp->myauth.secret_len] = 0; 5877 } 5878 sp->myauth.flags = cfg->myauthflags; 5879 if (cfg->myauth) 5880 sp->myauth.proto = (cfg->myauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP; 5881 sp->hisauth.flags = cfg->hisauthflags; 5882 if (cfg->hisauth) 5883 sp->hisauth.proto = (cfg->hisauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP; 5884 sp->pp_auth_failures = 0; 5885 if (sp->hisauth.proto != 0) 5886 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 5887 else 5888 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 5889 5890 SPPP_UNLOCK(sp); 5891 } 5892 break; 5893 case SPPPGETLCPCFG: 5894 { 5895 struct sppplcpcfg *lcpp = (struct sppplcpcfg *)data; 5896 5897 SPPP_LOCK(sp, RW_READER); 5898 lcpp->lcp_timeout = sp->lcp.timeout; 5899 SPPP_UNLOCK(sp); 5900 } 5901 break; 5902 case SPPPSETLCPCFG: 5903 { 5904 struct sppplcpcfg *lcpp = (struct sppplcpcfg *)data; 5905 5906 SPPP_LOCK(sp, RW_WRITER); 5907 sp->lcp.timeout = lcpp->lcp_timeout; 5908 SPPP_UNLOCK(sp); 5909 } 5910 break; 5911 case SPPPGETSTATUS: 5912 { 5913 struct spppstatus *status = (struct spppstatus *)data; 5914 5915 SPPP_LOCK(sp, RW_READER); 5916 status->phase = sp->pp_phase; 5917 SPPP_UNLOCK(sp); 5918 } 5919 break; 5920 case SPPPGETSTATUSNCP: 5921 { 5922 struct spppstatusncp *status = (struct spppstatusncp *)data; 5923 5924 SPPP_LOCK(sp, RW_READER); 5925 status->phase = sp->pp_phase; 5926 status->ncpup = sppp_cp_check(sp, CP_NCP); 5927 SPPP_UNLOCK(sp); 5928 } 5929 break; 5930 case SPPPGETIDLETO: 5931 { 5932 struct spppidletimeout *to = (struct spppidletimeout *)data; 5933 5934 SPPP_LOCK(sp, RW_READER); 5935 to->idle_seconds = sp->pp_idle_timeout; 5936 SPPP_UNLOCK(sp); 5937 } 5938 break; 5939 case SPPPSETIDLETO: 5940 { 5941 struct spppidletimeout *to = (struct spppidletimeout *)data; 5942 5943 SPPP_LOCK(sp, RW_WRITER); 5944 sp->pp_idle_timeout = to->idle_seconds; 5945 SPPP_UNLOCK(sp); 5946 } 5947 break; 5948 case SPPPSETAUTHFAILURE: 5949 { 5950 struct spppauthfailuresettings *afsettings = 5951 (struct spppauthfailuresettings *)data; 5952 5953 SPPP_LOCK(sp, RW_WRITER); 5954 sp->pp_max_auth_fail = afsettings->max_failures; 5955 sp->pp_auth_failures = 0; 5956 SPPP_UNLOCK(sp); 5957 } 5958 break; 5959 case SPPPGETAUTHFAILURES: 5960 { 5961 struct spppauthfailurestats *stats = (struct spppauthfailurestats *)data; 5962 5963 SPPP_LOCK(sp, RW_READER); 5964 stats->auth_failures = sp->pp_auth_failures; 5965 stats->max_failures = sp->pp_max_auth_fail; 5966 SPPP_UNLOCK(sp); 5967 } 5968 break; 5969 case SPPPSETDNSOPTS: 5970 { 5971 struct spppdnssettings *req = (struct spppdnssettings *)data; 5972 5973 SPPP_LOCK(sp, RW_WRITER); 5974 sp->query_dns = req->query_dns & 3; 5975 SPPP_UNLOCK(sp); 5976 } 5977 break; 5978 case SPPPGETDNSOPTS: 5979 { 5980 struct spppdnssettings *req = (struct spppdnssettings *)data; 5981 5982 SPPP_LOCK(sp, RW_READER); 5983 req->query_dns = sp->query_dns; 5984 SPPP_UNLOCK(sp); 5985 } 5986 break; 5987 case SPPPGETDNSADDRS: 5988 { 5989 struct spppdnsaddrs *addrs = (struct spppdnsaddrs *)data; 5990 5991 SPPP_LOCK(sp, RW_READER); 5992 memcpy(&addrs->dns, &sp->dns_addrs, sizeof addrs->dns); 5993 SPPP_UNLOCK(sp); 5994 } 5995 break; 5996 case SPPPGETKEEPALIVE: 5997 { 5998 struct spppkeepalivesettings *settings = 5999 (struct spppkeepalivesettings*)data; 6000 6001 SPPP_LOCK(sp, RW_READER); 6002 settings->maxalive = sp->pp_maxalive; 6003 settings->max_noreceive = sp->pp_max_noreceive; 6004 SPPP_UNLOCK(sp); 6005 } 6006 break; 6007 case SPPPSETKEEPALIVE: 6008 { 6009 struct spppkeepalivesettings *settings = 6010 (struct spppkeepalivesettings*)data; 6011 6012 SPPP_LOCK(sp, RW_WRITER); 6013 sp->pp_maxalive = settings->maxalive; 6014 sp->pp_max_noreceive = settings->max_noreceive; 6015 SPPP_UNLOCK(sp); 6016 } 6017 break; 6018 default: 6019 { 6020 int ret; 6021 6022 MODULE_HOOK_CALL(sppp_params_50_hook, (sp, cmd, data), 6023 enosys(), ret); 6024 if (ret != ENOSYS) 6025 return ret; 6026 return (EINVAL); 6027 } 6028 } 6029 return (0); 6030 } 6031 6032 static void 6033 sppp_phase_network(struct sppp *sp) 6034 { 6035 int i; 6036 6037 KASSERT(SPPP_WLOCKED(sp)); 6038 6039 sppp_change_phase(sp, SPPP_PHASE_NETWORK); 6040 6041 /* Notify NCPs now. */ 6042 for (i = 0; i < IDX_COUNT; i++) 6043 if ((cps[i])->flags & CP_NCP) 6044 sppp_wq_add(sp->wq_cp, &sp->scp[i].work_open); 6045 } 6046 6047 static const char * 6048 sppp_cp_type_name(u_char type) 6049 { 6050 static char buf[12]; 6051 switch (type) { 6052 case CONF_REQ: return "conf-req"; 6053 case CONF_ACK: return "conf-ack"; 6054 case CONF_NAK: return "conf-nak"; 6055 case CONF_REJ: return "conf-rej"; 6056 case TERM_REQ: return "term-req"; 6057 case TERM_ACK: return "term-ack"; 6058 case CODE_REJ: return "code-rej"; 6059 case PROTO_REJ: return "proto-rej"; 6060 case ECHO_REQ: return "echo-req"; 6061 case ECHO_REPLY: return "echo-reply"; 6062 case DISC_REQ: return "discard-req"; 6063 } 6064 snprintf(buf, sizeof(buf), "0x%x", type); 6065 return buf; 6066 } 6067 6068 static const char * 6069 sppp_auth_type_name(u_short proto, u_char type) 6070 { 6071 static char buf[32]; 6072 const char *name; 6073 6074 switch (proto) { 6075 case PPP_CHAP: 6076 switch (type) { 6077 case CHAP_CHALLENGE: return "challenge"; 6078 case CHAP_RESPONSE: return "response"; 6079 case CHAP_SUCCESS: return "success"; 6080 case CHAP_FAILURE: return "failure"; 6081 default: name = "chap"; break; 6082 } 6083 break; 6084 6085 case PPP_PAP: 6086 switch (type) { 6087 case PAP_REQ: return "req"; 6088 case PAP_ACK: return "ack"; 6089 case PAP_NAK: return "nak"; 6090 default: name = "pap"; break; 6091 } 6092 break; 6093 6094 default: 6095 name = "bad"; 6096 break; 6097 } 6098 6099 snprintf(buf, sizeof(buf), "%s(%#x) %#x", name, proto, type); 6100 return buf; 6101 } 6102 6103 static const char * 6104 sppp_lcp_opt_name(u_char opt) 6105 { 6106 static char buf[12]; 6107 switch (opt) { 6108 case LCP_OPT_MRU: return "mru"; 6109 case LCP_OPT_ASYNC_MAP: return "async-map"; 6110 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 6111 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 6112 case LCP_OPT_MAGIC: return "magic"; 6113 case LCP_OPT_PROTO_COMP: return "proto-comp"; 6114 case LCP_OPT_ADDR_COMP: return "addr-comp"; 6115 case LCP_OPT_SELF_DESC_PAD: return "sdpad"; 6116 case LCP_OPT_CALL_BACK: return "callback"; 6117 case LCP_OPT_COMPOUND_FRMS: return "cmpd-frms"; 6118 case LCP_OPT_MP_MRRU: return "mrru"; 6119 case LCP_OPT_MP_SSNHF: return "mp-ssnhf"; 6120 case LCP_OPT_MP_EID: return "mp-eid"; 6121 } 6122 snprintf(buf, sizeof(buf), "0x%x", opt); 6123 return buf; 6124 } 6125 6126 static const char * 6127 sppp_ipcp_opt_name(u_char opt) 6128 { 6129 static char buf[12]; 6130 switch (opt) { 6131 case IPCP_OPT_ADDRESSES: return "addresses"; 6132 case IPCP_OPT_COMPRESSION: return "compression"; 6133 case IPCP_OPT_ADDRESS: return "address"; 6134 } 6135 snprintf(buf, sizeof(buf), "0x%x", opt); 6136 return buf; 6137 } 6138 6139 #ifdef INET6 6140 static const char * 6141 sppp_ipv6cp_opt_name(u_char opt) 6142 { 6143 static char buf[12]; 6144 switch (opt) { 6145 case IPV6CP_OPT_IFID: return "ifid"; 6146 case IPV6CP_OPT_COMPRESSION: return "compression"; 6147 } 6148 snprintf(buf, sizeof(buf), "0x%x", opt); 6149 return buf; 6150 } 6151 #endif 6152 6153 static const char * 6154 sppp_state_name(int state) 6155 { 6156 switch (state) { 6157 case STATE_INITIAL: return "initial"; 6158 case STATE_STARTING: return "starting"; 6159 case STATE_CLOSED: return "closed"; 6160 case STATE_STOPPED: return "stopped"; 6161 case STATE_CLOSING: return "closing"; 6162 case STATE_STOPPING: return "stopping"; 6163 case STATE_REQ_SENT: return "req-sent"; 6164 case STATE_ACK_RCVD: return "ack-rcvd"; 6165 case STATE_ACK_SENT: return "ack-sent"; 6166 case STATE_OPENED: return "opened"; 6167 } 6168 return "illegal"; 6169 } 6170 6171 static const char * 6172 sppp_phase_name(int phase) 6173 { 6174 switch (phase) { 6175 case SPPP_PHASE_DEAD: return "dead"; 6176 case SPPP_PHASE_ESTABLISH: return "establish"; 6177 case SPPP_PHASE_TERMINATE: return "terminate"; 6178 case SPPP_PHASE_AUTHENTICATE: return "authenticate"; 6179 case SPPP_PHASE_NETWORK: return "network"; 6180 } 6181 return "illegal"; 6182 } 6183 6184 static const char * 6185 sppp_proto_name(u_short proto) 6186 { 6187 static char buf[12]; 6188 switch (proto) { 6189 case PPP_LCP: return "lcp"; 6190 case PPP_IPCP: return "ipcp"; 6191 case PPP_PAP: return "pap"; 6192 case PPP_CHAP: return "chap"; 6193 case PPP_IPV6CP: return "ipv6cp"; 6194 } 6195 snprintf(buf, sizeof(buf), "0x%x", (unsigned)proto); 6196 return buf; 6197 } 6198 6199 static void 6200 sppp_print_bytes(const u_char *p, u_short len) 6201 { 6202 addlog(" %02x", *p++); 6203 while (--len > 0) 6204 addlog("-%02x", *p++); 6205 } 6206 6207 static void 6208 sppp_print_string(const char *p, u_short len) 6209 { 6210 u_char c; 6211 6212 while (len-- > 0) { 6213 c = *p++; 6214 /* 6215 * Print only ASCII chars directly. RFC 1994 recommends 6216 * using only them, but we don't rely on it. */ 6217 if (c < ' ' || c > '~') 6218 addlog("\\x%x", c); 6219 else 6220 addlog("%c", c); 6221 } 6222 } 6223 6224 static const char * 6225 sppp_dotted_quad(uint32_t addr) 6226 { 6227 static char s[16]; 6228 snprintf(s, sizeof(s), "%d.%d.%d.%d", 6229 (int)((addr >> 24) & 0xff), 6230 (int)((addr >> 16) & 0xff), 6231 (int)((addr >> 8) & 0xff), 6232 (int)(addr & 0xff)); 6233 return s; 6234 } 6235 6236 /* a dummy, used to drop uninteresting events */ 6237 static void 6238 sppp_null(struct sppp *unused) 6239 { 6240 /* do just nothing */ 6241 } 6242 6243 static void 6244 sppp_tls(const struct cp *cp, struct sppp *sp) 6245 { 6246 6247 /* notify lcp that is lower layer */ 6248 sp->lcp.protos |= (1 << cp->protoidx); 6249 6250 if (sp->scp[IDX_LCP].state == STATE_OPENED) 6251 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_up); 6252 } 6253 6254 static void 6255 sppp_tlf(const struct cp *cp, struct sppp *sp) 6256 { 6257 STDDCL; 6258 6259 if (debug) 6260 log(LOG_DEBUG, "%s: %s tlf\n", ifp->if_xname, cp->name); 6261 6262 /* notify lcp that is lower layer */ 6263 sp->lcp.protos &= ~(1 << cp->protoidx); 6264 6265 /* cleanup */ 6266 if (sp->scp[cp->protoidx].rcr_buf != NULL) { 6267 kmem_free(sp->scp[cp->protoidx].rcr_buf, 6268 sp->scp[cp->protoidx].rcr_blen); 6269 } 6270 6271 sp->scp[cp->protoidx].rcr_buf = NULL; 6272 sp->scp[cp->protoidx].rcr_blen = 0; 6273 sp->scp[cp->protoidx].rcr_rlen = 0; 6274 6275 sppp_lcp_check_and_close(sp); 6276 } 6277 6278 static void 6279 sppp_sca_scn(const struct cp *cp, struct sppp *sp) 6280 { 6281 STDDCL; 6282 u_char rconfid, rlen; 6283 int type; 6284 void *buf; 6285 size_t blen; 6286 6287 rconfid = sp->scp[cp->protoidx].rconfid; 6288 buf = sp->scp[cp->protoidx].rcr_buf; 6289 rlen = sp->scp[cp->protoidx].rcr_rlen; 6290 blen = sp->scp[cp->protoidx].rcr_blen; 6291 6292 sp->scp[cp->protoidx].rcr_buf = NULL; 6293 sp->scp[cp->protoidx].rcr_blen = 0; 6294 6295 switch (sp->scp[cp->protoidx].rcr_type) { 6296 case CP_RCR_ACK: 6297 type = CONF_ACK; 6298 break; 6299 case CP_RCR_REJ: 6300 type = CONF_REJ; 6301 break; 6302 case CP_RCR_NAK: 6303 type = CONF_NAK; 6304 break; 6305 default: 6306 type = -1; 6307 break; 6308 } 6309 6310 sp->scp[cp->protoidx].rcr_type = CP_RCR_NONE; 6311 6312 if (buf != NULL) { 6313 if (rlen > 0 && type != -1) { 6314 if (debug) { 6315 log(LOG_DEBUG, "%s: send %s\n", 6316 ifp->if_xname, sppp_cp_type_name(type)); 6317 } 6318 sppp_cp_send(sp, cp->proto, type, rconfid, rlen, buf); 6319 } 6320 kmem_free(buf, blen); 6321 } 6322 } 6323 6324 static void 6325 sppp_ifdown(struct sppp *sp, void *xcp __unused) 6326 { 6327 6328 SPPP_UNLOCK(sp); 6329 if_down(&sp->pp_if); 6330 IF_PURGE(&sp->pp_cpq); 6331 SPPP_LOCK(sp, RW_WRITER); 6332 } 6333 6334 /* 6335 * This file is large. Tell emacs to highlight it nevertheless. 6336 * 6337 * Local Variables: 6338 * hilit-auto-highlight-maxout: 120000 6339 * End: 6340 */ 6341 6342 /* 6343 * Module glue 6344 */ 6345 MODULE(MODULE_CLASS_MISC, sppp_subr, NULL); 6346 6347 static int 6348 sppp_subr_modcmd(modcmd_t cmd, void *arg) 6349 { 6350 switch (cmd) { 6351 case MODULE_CMD_INIT: 6352 case MODULE_CMD_FINI: 6353 return 0; 6354 case MODULE_CMD_STAT: 6355 case MODULE_CMD_AUTOUNLOAD: 6356 default: 6357 return ENOTTY; 6358 } 6359 } 6360 6361 static void 6362 sppp_notify_up(struct sppp *sp) 6363 { 6364 6365 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_up); 6366 } 6367 6368 static void 6369 sppp_notify_down(struct sppp *sp) 6370 { 6371 6372 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_down); 6373 } 6374 6375 static void 6376 sppp_notify_tls_wlocked(struct sppp *sp) 6377 { 6378 6379 KASSERT(SPPP_WLOCKED(sp)); 6380 6381 if (!sp->pp_tls) 6382 return; 6383 6384 SPPP_UNLOCK(sp); 6385 sp->pp_tls(sp); 6386 SPPP_LOCK(sp, RW_WRITER); 6387 } 6388 6389 static void 6390 sppp_notify_tlf_wlocked(struct sppp *sp) 6391 { 6392 6393 KASSERT(SPPP_WLOCKED(sp)); 6394 6395 if (!sp->pp_tlf) 6396 return; 6397 6398 SPPP_UNLOCK(sp); 6399 sp->pp_tlf(sp); 6400 SPPP_LOCK(sp, RW_WRITER); 6401 } 6402 6403 static void 6404 sppp_notify_con(struct sppp *sp) 6405 { 6406 6407 if (!sp->pp_con) 6408 return; 6409 6410 sp->pp_con(sp); 6411 } 6412 6413 #ifdef INET6 6414 static void 6415 sppp_notify_con_wlocked(struct sppp *sp) 6416 { 6417 6418 KASSERT(SPPP_WLOCKED(sp)); 6419 6420 SPPP_UNLOCK(sp); 6421 sppp_notify_con(sp); 6422 SPPP_LOCK(sp, RW_WRITER); 6423 6424 } 6425 #endif 6426 6427 static void 6428 sppp_notify_chg_wlocked(struct sppp *sp) 6429 { 6430 6431 KASSERT(SPPP_WLOCKED(sp)); 6432 6433 if (!sp->pp_chg) 6434 return; 6435 6436 SPPP_UNLOCK(sp); 6437 sp->pp_chg(sp, sp->pp_phase); 6438 SPPP_LOCK(sp, RW_WRITER); 6439 } 6440 6441 static void 6442 sppp_wq_work(struct work *wk, void *xsp) 6443 { 6444 struct sppp *sp; 6445 struct sppp_work *work; 6446 6447 sp = xsp; 6448 work = container_of(wk, struct sppp_work, work); 6449 atomic_cas_uint(&work->state, SPPP_WK_BUSY, SPPP_WK_FREE); 6450 6451 SPPP_LOCK(sp, RW_WRITER); 6452 work->func(sp, work->arg); 6453 SPPP_UNLOCK(sp); 6454 } 6455 6456 static struct workqueue * 6457 sppp_wq_create(struct sppp *sp, const char *xnamebuf, pri_t prio, int ipl, int flags) 6458 { 6459 struct workqueue *wq; 6460 int error; 6461 6462 error = workqueue_create(&wq, xnamebuf, sppp_wq_work, 6463 (void *)sp, prio, ipl, flags); 6464 if (error) { 6465 panic("%s: workqueue_create failed [%s, %d]\n", 6466 sp->pp_if.if_xname, xnamebuf, error); 6467 } 6468 6469 return wq; 6470 } 6471 6472 static void 6473 sppp_wq_destroy(struct sppp *sp __unused, struct workqueue *wq) 6474 { 6475 6476 workqueue_destroy(wq); 6477 } 6478 6479 static void 6480 sppp_wq_set(struct sppp_work *work, 6481 void (*func)(struct sppp *, void *), void *arg) 6482 { 6483 6484 work->func = func; 6485 work->arg = arg; 6486 } 6487 6488 static void 6489 sppp_wq_add(struct workqueue *wq, struct sppp_work *work) 6490 { 6491 6492 if (atomic_cas_uint(&work->state, SPPP_WK_FREE, SPPP_WK_BUSY) 6493 != SPPP_WK_FREE) 6494 return; 6495 6496 KASSERT(work->func != NULL); 6497 kpreempt_disable(); 6498 workqueue_enqueue(wq, &work->work, NULL); 6499 kpreempt_enable(); 6500 } 6501 static void 6502 sppp_wq_wait(struct workqueue *wq, struct sppp_work *work) 6503 { 6504 6505 atomic_swap_uint(&work->state, SPPP_WK_UNAVAIL); 6506 workqueue_wait(wq, &work->work); 6507 } 6508
Indexes created Mon Oct 13 14:09:54 GMT 2025