if_spppsubr.c revision 1.207
1 /* $NetBSD: if_spppsubr.c,v 1.207 2020/11/25 10:08:22 yamaguchi Exp $ */ 2 3 /* 4 * Synchronous PPP/Cisco link level subroutines. 5 * Keepalive protocol implemented in both Cisco and PPP modes. 6 * 7 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 8 * Author: Serge Vakulenko, <vak (at) cronyx.ru> 9 * 10 * Heavily revamped to conform to RFC 1661. 11 * Copyright (C) 1997, Joerg Wunsch. 12 * 13 * RFC2472 IPv6CP support. 14 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun (at) iijlab.net>. 15 * 16 * Redistribution and use in source and binary forms, with or without 17 * modification, are permitted provided that the following conditions are met: 18 * 1. Redistributions of source code must retain the above copyright notice, 19 * this list of conditions and the following disclaimer. 20 * 2. Redistributions in binary form must reproduce the above copyright notice, 21 * this list of conditions and the following disclaimer in the documentation 22 * and/or other materials provided with the distribution. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY 25 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE 28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 32 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 34 * POSSIBILITY OF SUCH DAMAGE. 35 * 36 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 37 * 38 * From: if_spppsubr.c,v 1.39 1998/04/04 13:26:03 phk Exp 39 * 40 * From: Id: if_spppsubr.c,v 1.23 1999/02/23 14:47:50 hm Exp 41 */ 42 43 #include <sys/cdefs.h> 44 __KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.207 2020/11/25 10:08:22 yamaguchi Exp $"); 45 46 #if defined(_KERNEL_OPT) 47 #include "opt_inet.h" 48 #include "opt_modular.h" 49 #include "opt_compat_netbsd.h" 50 #include "opt_net_mpsafe.h" 51 #endif 52 53 #include <sys/param.h> 54 #include <sys/proc.h> 55 #include <sys/systm.h> 56 #include <sys/kernel.h> 57 #include <sys/sockio.h> 58 #include <sys/socket.h> 59 #include <sys/syslog.h> 60 #include <sys/malloc.h> 61 #include <sys/mbuf.h> 62 #include <sys/callout.h> 63 #include <sys/md5.h> 64 #include <sys/inttypes.h> 65 #include <sys/kauth.h> 66 #include <sys/cprng.h> 67 #include <sys/module.h> 68 #include <sys/workqueue.h> 69 #include <sys/atomic.h> 70 #include <sys/compat_stub.h> 71 72 #include <net/if.h> 73 #include <net/netisr.h> 74 #include <net/if_types.h> 75 #include <net/route.h> 76 #include <net/ppp_defs.h> 77 78 #include <netinet/in.h> 79 #include <netinet/in_systm.h> 80 #include <netinet/in_var.h> 81 #ifdef INET 82 #include <netinet/ip.h> 83 #include <netinet/tcp.h> 84 #endif 85 #include <net/ethertypes.h> 86 87 #ifdef INET6 88 #include <netinet6/scope6_var.h> 89 #endif 90 91 #include <net/if_sppp.h> 92 #include <net/if_spppvar.h> 93 94 #ifdef NET_MPSAFE 95 #define SPPPSUBR_MPSAFE 1 96 #endif 97 98 #define LCP_KEEPALIVE_INTERVAL 10 /* seconds between checks */ 99 #define LOOPALIVECNT 3 /* loopback detection tries */ 100 #define DEFAULT_MAXALIVECNT 3 /* max. missed alive packets */ 101 #define DEFAULT_NORECV_TIME 15 /* before we get worried */ 102 #define DEFAULT_MAX_AUTH_FAILURES 5 /* max. auth. failures */ 103 104 /* 105 * Interface flags that can be set in an ifconfig command. 106 * 107 * Setting link0 will make the link passive, i.e. it will be marked 108 * as being administrative openable, but won't be opened to begin 109 * with. Incoming calls will be answered, or subsequent calls with 110 * -link1 will cause the administrative open of the LCP layer. 111 * 112 * Setting link1 will cause the link to auto-dial only as packets 113 * arrive to be sent. 114 * 115 * Setting IFF_DEBUG will syslog the option negotiation and state 116 * transitions at level kern.debug. Note: all logs consistently look 117 * like 118 * 119 * <if-name><unit>: <proto-name> <additional info...> 120 * 121 * with <if-name><unit> being something like "bppp0", and <proto-name> 122 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 123 */ 124 125 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 126 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 127 128 #define CONF_REQ 1 /* PPP configure request */ 129 #define CONF_ACK 2 /* PPP configure acknowledge */ 130 #define CONF_NAK 3 /* PPP configure negative ack */ 131 #define CONF_REJ 4 /* PPP configure reject */ 132 #define TERM_REQ 5 /* PPP terminate request */ 133 #define TERM_ACK 6 /* PPP terminate acknowledge */ 134 #define CODE_REJ 7 /* PPP code reject */ 135 #define PROTO_REJ 8 /* PPP protocol reject */ 136 #define ECHO_REQ 9 /* PPP echo request */ 137 #define ECHO_REPLY 10 /* PPP echo reply */ 138 #define DISC_REQ 11 /* PPP discard request */ 139 140 #define LCP_OPT_MRU 1 /* maximum receive unit */ 141 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 142 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 143 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 144 #define LCP_OPT_MAGIC 5 /* magic number */ 145 #define LCP_OPT_RESERVED 6 /* reserved */ 146 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 147 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 148 #define LCP_OPT_FCS_ALTS 9 /* FCS alternatives */ 149 #define LCP_OPT_SELF_DESC_PAD 10 /* self-describing padding */ 150 #define LCP_OPT_CALL_BACK 13 /* callback */ 151 #define LCP_OPT_COMPOUND_FRMS 15 /* compound frames */ 152 #define LCP_OPT_MP_MRRU 17 /* multilink MRRU */ 153 #define LCP_OPT_MP_SSNHF 18 /* multilink short seq. numbers */ 154 #define LCP_OPT_MP_EID 19 /* multilink endpoint discriminator */ 155 156 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 157 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol */ 158 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 159 #define IPCP_OPT_PRIMDNS 129 /* primary remote dns address */ 160 #define IPCP_OPT_SECDNS 131 /* secondary remote dns address */ 161 162 #define IPCP_UPDATE_LIMIT 8 /* limit of pending IP updating job */ 163 #define IPCP_SET_ADDRS 1 /* marker for IP address setting job */ 164 #define IPCP_CLEAR_ADDRS 2 /* marker for IP address clearing job */ 165 166 #define IPV6CP_OPT_IFID 1 /* interface identifier */ 167 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 168 169 #define PAP_REQ 1 /* PAP name/password request */ 170 #define PAP_ACK 2 /* PAP acknowledge */ 171 #define PAP_NAK 3 /* PAP fail */ 172 173 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 174 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 175 #define CHAP_SUCCESS 3 /* CHAP response ok */ 176 #define CHAP_FAILURE 4 /* CHAP response failed */ 177 178 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 179 180 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 181 #define CISCO_UNICAST 0x0f /* Cisco unicast address */ 182 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 183 #define CISCO_ADDR_REQ 0 /* Cisco address request */ 184 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 185 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 186 187 /* states are named and numbered according to RFC 1661 */ 188 #define STATE_INITIAL 0 189 #define STATE_STARTING 1 190 #define STATE_CLOSED 2 191 #define STATE_STOPPED 3 192 #define STATE_CLOSING 4 193 #define STATE_STOPPING 5 194 #define STATE_REQ_SENT 6 195 #define STATE_ACK_RCVD 7 196 #define STATE_ACK_SENT 8 197 #define STATE_OPENED 9 198 199 enum cp_rcr_type { 200 CP_RCR_NONE = 0, /* initial value */ 201 CP_RCR_ACK, /* RCR+ */ 202 CP_RCR_NAK, /* RCR- */ 203 CP_RCR_REJ, /* RCR- */ 204 CP_RCR_DROP, /* DROP message */ 205 CP_RCR_ERR, /* internal error */ 206 }; 207 208 struct ppp_header { 209 uint8_t address; 210 uint8_t control; 211 uint16_t protocol; 212 } __packed; 213 #define PPP_HEADER_LEN sizeof (struct ppp_header) 214 215 struct lcp_header { 216 uint8_t type; 217 uint8_t ident; 218 uint16_t len; 219 } __packed; 220 #define LCP_HEADER_LEN sizeof (struct lcp_header) 221 222 struct cisco_packet { 223 uint32_t type; 224 uint32_t par1; 225 uint32_t par2; 226 uint16_t rel; 227 uint16_t time0; 228 uint16_t time1; 229 } __packed; 230 #define CISCO_PACKET_LEN 18 231 232 /* 233 * We follow the spelling and capitalization of RFC 1661 here, to make 234 * it easier comparing with the standard. Please refer to this RFC in 235 * case you can't make sense out of these abbreviation; it will also 236 * explain the semantics related to the various events and actions. 237 */ 238 struct cp { 239 u_short proto; /* PPP control protocol number */ 240 u_char protoidx; /* index into state table in struct sppp */ 241 u_char flags; 242 #define CP_LCP 0x01 /* this is the LCP */ 243 #define CP_AUTH 0x02 /* this is an authentication protocol */ 244 #define CP_NCP 0x04 /* this is a NCP */ 245 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 246 const char *name; /* name of this control protocol */ 247 /* event handlers */ 248 void (*Up)(struct sppp *, void *); 249 void (*Down)(struct sppp *, void *); 250 void (*Open)(struct sppp *, void *); 251 void (*Close)(struct sppp *, void *); 252 void (*TO)(struct sppp *, void *); 253 /* actions */ 254 void (*tlu)(struct sppp *); 255 void (*tld)(struct sppp *); 256 void (*tls)(const struct cp *, struct sppp *); 257 void (*tlf)(const struct cp *, struct sppp *); 258 void (*scr)(struct sppp *); 259 void (*scan)(const struct cp *, struct sppp *); 260 261 /* message parser */ 262 enum cp_rcr_type 263 (*parse_confreq)(struct sppp *, struct lcp_header *, int, 264 uint8_t **, size_t *, size_t *); 265 void (*parse_confrej)(struct sppp *, struct lcp_header *, int); 266 void (*parse_confnak)(struct sppp *, struct lcp_header *, int); 267 }; 268 269 enum auth_role { 270 SPPP_AUTH_NOROLE = 0, 271 SPPP_AUTH_SERV = __BIT(0), 272 SPPP_AUTH_PEER = __BIT(1), 273 }; 274 275 static struct sppp *spppq; 276 static kmutex_t *spppq_lock = NULL; 277 static callout_t keepalive_ch; 278 279 #define SPPPQ_LOCK() if (spppq_lock) \ 280 mutex_enter(spppq_lock); 281 #define SPPPQ_UNLOCK() if (spppq_lock) \ 282 mutex_exit(spppq_lock); 283 284 #define SPPP_LOCK(_sp, _op) rw_enter(&(_sp)->pp_lock, (_op)) 285 #define SPPP_UNLOCK(_sp) rw_exit(&(_sp)->pp_lock) 286 #define SPPP_WLOCKED(_sp) rw_write_held(&(_sp)->pp_lock) 287 #define SPPP_UPGRADE(_sp) do{ \ 288 SPPP_UNLOCK(_sp); \ 289 SPPP_LOCK(_sp, RW_WRITER); \ 290 }while (0) 291 #define SPPP_DOWNGRADE(_sp) rw_downgrade(&(_sp)->pp_lock) 292 #define SPPP_WQ_SET(_wk, _func, _arg) \ 293 sppp_wq_set((_wk), (_func), __UNCONST((_arg))) 294 295 #ifdef INET 296 #ifndef SPPPSUBR_MPSAFE 297 /* 298 * The following disgusting hack gets around the problem that IP TOS 299 * can't be set yet. We want to put "interactive" traffic on a high 300 * priority queue. To decide if traffic is interactive, we check that 301 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 302 * 303 * XXX is this really still necessary? - joerg - 304 */ 305 static u_short interactive_ports[8] = { 306 0, 513, 0, 0, 307 0, 21, 0, 23, 308 }; 309 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 310 #endif /* SPPPSUBR_MPSAFE */ 311 #endif 312 313 /* almost every function needs these */ 314 #define STDDCL \ 315 struct ifnet *ifp = &sp->pp_if; \ 316 int debug = ifp->if_flags & IFF_DEBUG 317 318 static int sppp_output(struct ifnet *, struct mbuf *, 319 const struct sockaddr *, const struct rtentry *); 320 321 static void sppp_cisco_send(struct sppp *, int, int32_t, int32_t); 322 static void sppp_cisco_input(struct sppp *, struct mbuf *); 323 324 static void sppp_cp_init(const struct cp *, struct sppp *); 325 static void sppp_cp_fini(const struct cp *, struct sppp *); 326 static void sppp_cp_input(const struct cp *, struct sppp *, 327 struct mbuf *); 328 static void sppp_cp_input(const struct cp *, struct sppp *, 329 struct mbuf *); 330 static void sppp_cp_send(struct sppp *, u_short, u_char, 331 u_char, u_short, void *); 332 /* static void sppp_cp_timeout(void *arg); */ 333 static void sppp_cp_change_state(const struct cp *, struct sppp *, int); 334 static struct workqueue * 335 sppp_wq_create(struct sppp *, const char *, pri_t, int, int); 336 static void sppp_wq_destroy(struct sppp *, struct workqueue *); 337 static void sppp_wq_set(struct sppp_work *, 338 void (*)(struct sppp *, void *), void *); 339 static void sppp_wq_add(struct workqueue *, struct sppp_work *); 340 static void sppp_wq_wait(struct workqueue *, struct sppp_work *); 341 static void sppp_cp_to_lcp(void *); 342 static void sppp_cp_to_ipcp(void *); 343 static void sppp_cp_to_ipv6cp(void *); 344 static void sppp_auth_send(const struct cp *, struct sppp *, 345 unsigned int, unsigned int, ...); 346 static int sppp_auth_role(const struct cp *, struct sppp *); 347 static void sppp_auth_to_event(struct sppp *, void *); 348 static void sppp_auth_sca_scn(const struct cp *, struct sppp *); 349 350 static void sppp_up_event(struct sppp *, void *); 351 static void sppp_down_event(struct sppp *, void *); 352 static void sppp_open_event(struct sppp *, void *); 353 static void sppp_close_event(struct sppp *, void *); 354 static void sppp_to_event(struct sppp *, void *); 355 static void sppp_rcr_event(struct sppp *, void *); 356 static void sppp_rca_event(struct sppp *, void *); 357 static void sppp_rcn_event(struct sppp *, void *); 358 static void sppp_rtr_event(struct sppp *, void *); 359 static void sppp_rta_event(struct sppp *, void *); 360 static void sppp_rxj_event(struct sppp *, void *); 361 362 static void sppp_null(struct sppp *); 363 static void sppp_tls(const struct cp *, struct sppp *); 364 static void sppp_tlf(const struct cp *, struct sppp *); 365 static void sppp_sca_scn(const struct cp *, struct sppp *); 366 static void sppp_ifdown(struct sppp *, void *); 367 368 static void sppp_lcp_init(struct sppp *); 369 static void sppp_lcp_up(struct sppp *, void *); 370 static void sppp_lcp_down(struct sppp *, void *); 371 static void sppp_lcp_open(struct sppp *, void *); 372 static enum cp_rcr_type 373 sppp_lcp_confreq(struct sppp *, struct lcp_header *, int, 374 uint8_t **, size_t *, size_t *); 375 static void sppp_lcp_confrej(struct sppp *, struct lcp_header *, int); 376 static void sppp_lcp_confnak(struct sppp *, struct lcp_header *, int); 377 static void sppp_lcp_tlu(struct sppp *); 378 static void sppp_lcp_tld(struct sppp *); 379 static void sppp_lcp_tls(const struct cp *, struct sppp *); 380 static void sppp_lcp_tlf(const struct cp *, struct sppp *); 381 static void sppp_lcp_scr(struct sppp *); 382 static void sppp_lcp_check_and_close(struct sppp *); 383 static int sppp_cp_check(struct sppp *, u_char); 384 385 static void sppp_ipcp_init(struct sppp *); 386 static void sppp_ipcp_open(struct sppp *, void *); 387 static void sppp_ipcp_close(struct sppp *, void *); 388 static enum cp_rcr_type 389 sppp_ipcp_confreq(struct sppp *, struct lcp_header *, int, 390 uint8_t **, size_t *, size_t *); 391 static void sppp_ipcp_confrej(struct sppp *, struct lcp_header *, int); 392 static void sppp_ipcp_confnak(struct sppp *, struct lcp_header *, int); 393 static void sppp_ipcp_tlu(struct sppp *); 394 static void sppp_ipcp_scr(struct sppp *); 395 396 static void sppp_ipv6cp_init(struct sppp *); 397 static void sppp_ipv6cp_open(struct sppp *, void *); 398 static enum cp_rcr_type 399 sppp_ipv6cp_confreq(struct sppp *, struct lcp_header *, int, 400 uint8_t **, size_t *, size_t *); 401 static void sppp_ipv6cp_confrej(struct sppp *, struct lcp_header *, int); 402 static void sppp_ipv6cp_confnak(struct sppp *, struct lcp_header *, int); 403 static void sppp_ipv6cp_tlu(struct sppp *); 404 static void sppp_ipv6cp_scr(struct sppp *); 405 406 static void sppp_pap_input(struct sppp *, struct mbuf *); 407 static void sppp_pap_init(struct sppp *); 408 static void sppp_pap_tlu(struct sppp *); 409 static void sppp_pap_scr(struct sppp *); 410 static void sppp_pap_scr(struct sppp *); 411 412 static void sppp_chap_input(struct sppp *, struct mbuf *); 413 static void sppp_chap_init(struct sppp *); 414 static void sppp_chap_open(struct sppp *, void *); 415 static void sppp_chap_tlu(struct sppp *); 416 static void sppp_chap_scr(struct sppp *); 417 static void sppp_chap_rcv_challenge_event(struct sppp *, void *); 418 419 static const char *sppp_auth_type_name(u_short, u_char); 420 static const char *sppp_cp_type_name(u_char); 421 static const char *sppp_dotted_quad(uint32_t); 422 static const char *sppp_ipcp_opt_name(u_char); 423 #ifdef INET6 424 static const char *sppp_ipv6cp_opt_name(u_char); 425 #endif 426 static const char *sppp_lcp_opt_name(u_char); 427 static const char *sppp_phase_name(int); 428 static const char *sppp_proto_name(u_short); 429 static const char *sppp_state_name(int); 430 static int sppp_params(struct sppp *, u_long, void *); 431 #ifdef INET 432 static void sppp_get_ip_addrs(struct sppp *, uint32_t *, uint32_t *, uint32_t *); 433 static void sppp_set_ip_addrs_work(struct work *, struct sppp *); 434 static void sppp_set_ip_addrs(struct sppp *); 435 static void sppp_clear_ip_addrs_work(struct work *, struct sppp *); 436 static void sppp_clear_ip_addrs(struct sppp *); 437 static void sppp_update_ip_addrs_work(struct work *, void *); 438 #endif 439 static void sppp_keepalive(void *); 440 static void sppp_phase_network(struct sppp *); 441 static void sppp_print_bytes(const u_char *, u_short); 442 static void sppp_print_string(const char *, u_short); 443 #ifdef INET6 444 static void sppp_get_ip6_addrs(struct sppp *, struct in6_addr *, 445 struct in6_addr *, struct in6_addr *); 446 #ifdef IPV6CP_MYIFID_DYN 447 static void sppp_set_ip6_addr(struct sppp *, const struct in6_addr *); 448 static void sppp_gen_ip6_addr(struct sppp *, const struct in6_addr *); 449 #endif 450 static void sppp_suggest_ip6_addr(struct sppp *, struct in6_addr *); 451 #endif 452 453 static void sppp_notify_up(struct sppp *); 454 static void sppp_notify_down(struct sppp *); 455 static void sppp_notify_tls_wlocked(struct sppp *); 456 static void sppp_notify_tlf_wlocked(struct sppp *); 457 #ifdef INET6 458 static void sppp_notify_con_wlocked(struct sppp *); 459 #endif 460 static void sppp_notify_con(struct sppp *); 461 462 static void sppp_notify_chg_wlocked(struct sppp *); 463 464 /* our control protocol descriptors */ 465 static const struct cp lcp = { 466 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 467 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, 468 sppp_close_event, sppp_to_event, 469 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, 470 sppp_lcp_tlf, sppp_lcp_scr, sppp_sca_scn, 471 sppp_lcp_confreq, sppp_lcp_confrej, sppp_lcp_confnak 472 }; 473 474 static const struct cp ipcp = { 475 PPP_IPCP, IDX_IPCP, 476 #ifdef INET 477 CP_NCP, /*don't run IPCP if there's no IPv4 support*/ 478 #else 479 0, 480 #endif 481 "ipcp", 482 sppp_up_event, sppp_down_event, sppp_ipcp_open, 483 sppp_ipcp_close, sppp_to_event, 484 sppp_ipcp_tlu, sppp_null, sppp_tls, 485 sppp_tlf, sppp_ipcp_scr, sppp_sca_scn, 486 sppp_ipcp_confreq, sppp_ipcp_confrej, sppp_ipcp_confnak, 487 }; 488 489 static const struct cp ipv6cp = { 490 PPP_IPV6CP, IDX_IPV6CP, 491 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 492 CP_NCP, 493 #else 494 0, 495 #endif 496 "ipv6cp", 497 sppp_up_event, sppp_down_event, sppp_ipv6cp_open, 498 sppp_close_event, sppp_to_event, 499 sppp_ipv6cp_tlu, sppp_null, sppp_tls, 500 sppp_tlf, sppp_ipv6cp_scr, sppp_sca_scn, 501 sppp_ipv6cp_confreq, sppp_ipv6cp_confrej, sppp_ipv6cp_confnak, 502 }; 503 504 static const struct cp pap = { 505 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 506 sppp_up_event, sppp_down_event, sppp_open_event, 507 sppp_close_event, sppp_to_event, 508 sppp_pap_tlu, sppp_null, sppp_tls, sppp_tlf, 509 sppp_pap_scr, sppp_auth_sca_scn, 510 NULL, NULL, NULL 511 }; 512 513 static const struct cp chap = { 514 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 515 sppp_up_event, sppp_down_event, sppp_chap_open, 516 sppp_close_event, sppp_auth_to_event, 517 sppp_chap_tlu, sppp_null, sppp_tls, sppp_tlf, 518 sppp_chap_scr, sppp_auth_sca_scn, 519 NULL, NULL, NULL 520 }; 521 522 static const struct cp *cps[IDX_COUNT] = { 523 &lcp, /* IDX_LCP */ 524 &ipcp, /* IDX_IPCP */ 525 &ipv6cp, /* IDX_IPV6CP */ 526 &pap, /* IDX_PAP */ 527 &chap, /* IDX_CHAP */ 528 }; 529 530 static void 531 sppp_change_phase(struct sppp *sp, int phase) 532 { 533 STDDCL; 534 535 KASSERT(SPPP_WLOCKED(sp)); 536 537 if (sp->pp_phase == phase) 538 return; 539 540 sp->pp_phase = phase; 541 542 if (phase == SPPP_PHASE_NETWORK) 543 if_link_state_change(ifp, LINK_STATE_UP); 544 else 545 if_link_state_change(ifp, LINK_STATE_DOWN); 546 547 if (debug) 548 { 549 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 550 sppp_phase_name(sp->pp_phase)); 551 } 552 } 553 554 /* 555 * Exported functions, comprising our interface to the lower layer. 556 */ 557 558 /* 559 * Process the received packet. 560 */ 561 void 562 sppp_input(struct ifnet *ifp, struct mbuf *m) 563 { 564 struct ppp_header *h = NULL; 565 pktqueue_t *pktq = NULL; 566 struct ifqueue *inq = NULL; 567 uint16_t protocol; 568 struct sppp *sp = (struct sppp *)ifp; 569 int debug = ifp->if_flags & IFF_DEBUG; 570 int isr = 0; 571 572 SPPP_LOCK(sp, RW_READER); 573 574 if (ifp->if_flags & IFF_UP) { 575 /* Count received bytes, add hardware framing */ 576 if_statadd(ifp, if_ibytes, m->m_pkthdr.len + sp->pp_framebytes); 577 /* Note time of last receive */ 578 sp->pp_last_receive = time_uptime; 579 } 580 581 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 582 /* Too small packet, drop it. */ 583 if (debug) 584 log(LOG_DEBUG, 585 "%s: input packet is too small, %d bytes\n", 586 ifp->if_xname, m->m_pkthdr.len); 587 drop: 588 if_statadd2(ifp, if_ierrors, 1, if_iqdrops, 1); 589 m_freem(m); 590 SPPP_UNLOCK(sp); 591 return; 592 } 593 594 if (sp->pp_flags & PP_NOFRAMING) { 595 memcpy(&protocol, mtod(m, void *), 2); 596 protocol = ntohs(protocol); 597 m_adj(m, 2); 598 } else { 599 600 /* Get PPP header. */ 601 h = mtod(m, struct ppp_header *); 602 m_adj(m, PPP_HEADER_LEN); 603 604 switch (h->address) { 605 case PPP_ALLSTATIONS: 606 if (h->control != PPP_UI) 607 goto invalid; 608 if (sp->pp_flags & PP_CISCO) { 609 if (debug) 610 log(LOG_DEBUG, 611 "%s: PPP packet in Cisco mode " 612 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 613 ifp->if_xname, 614 h->address, h->control, ntohs(h->protocol)); 615 goto drop; 616 } 617 break; 618 case CISCO_MULTICAST: 619 case CISCO_UNICAST: 620 /* Don't check the control field here (RFC 1547). */ 621 if (! (sp->pp_flags & PP_CISCO)) { 622 if (debug) 623 log(LOG_DEBUG, 624 "%s: Cisco packet in PPP mode " 625 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 626 ifp->if_xname, 627 h->address, h->control, ntohs(h->protocol)); 628 goto drop; 629 } 630 switch (ntohs(h->protocol)) { 631 default: 632 if_statinc(ifp, if_noproto); 633 goto invalid; 634 case CISCO_KEEPALIVE: 635 SPPP_UNLOCK(sp); 636 sppp_cisco_input((struct sppp *) ifp, m); 637 m_freem(m); 638 return; 639 #ifdef INET 640 case ETHERTYPE_IP: 641 pktq = ip_pktq; 642 break; 643 #endif 644 #ifdef INET6 645 case ETHERTYPE_IPV6: 646 pktq = ip6_pktq; 647 break; 648 #endif 649 } 650 goto queue_pkt; 651 default: /* Invalid PPP packet. */ 652 invalid: 653 if (debug) 654 log(LOG_DEBUG, 655 "%s: invalid input packet " 656 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 657 ifp->if_xname, 658 h->address, h->control, ntohs(h->protocol)); 659 goto drop; 660 } 661 protocol = ntohs(h->protocol); 662 } 663 664 switch (protocol) { 665 default: 666 if (sp->scp[IDX_LCP].state == STATE_OPENED) { 667 uint16_t prot = htons(protocol); 668 669 SPPP_UPGRADE(sp); 670 sppp_cp_send(sp, PPP_LCP, PROTO_REJ, 671 ++sp->scp[IDX_LCP].seq, m->m_pkthdr.len + 2, 672 &prot); 673 SPPP_DOWNGRADE(sp); 674 } 675 if (debug) 676 log(LOG_DEBUG, 677 "%s: invalid input protocol " 678 "<proto=0x%x>\n", ifp->if_xname, ntohs(protocol)); 679 if_statinc(ifp, if_noproto); 680 goto drop; 681 case PPP_LCP: 682 SPPP_UNLOCK(sp); 683 sppp_cp_input(&lcp, sp, m); 684 m_freem(m); 685 return; 686 case PPP_PAP: 687 SPPP_UNLOCK(sp); 688 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 689 sppp_pap_input(sp, m); 690 } 691 m_freem(m); 692 return; 693 case PPP_CHAP: 694 SPPP_UNLOCK(sp); 695 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 696 sppp_chap_input(sp, m); 697 } 698 m_freem(m); 699 return; 700 #ifdef INET 701 case PPP_IPCP: 702 SPPP_UNLOCK(sp); 703 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 704 sppp_cp_input(&ipcp, sp, m); 705 } 706 m_freem(m); 707 return; 708 case PPP_IP: 709 if (sp->scp[IDX_IPCP].state == STATE_OPENED) { 710 sp->pp_last_activity = time_uptime; 711 pktq = ip_pktq; 712 } 713 break; 714 #endif 715 #ifdef INET6 716 case PPP_IPV6CP: 717 SPPP_UNLOCK(sp); 718 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 719 sppp_cp_input(&ipv6cp, sp, m); 720 } 721 m_freem(m); 722 return; 723 724 case PPP_IPV6: 725 if (sp->scp[IDX_IPV6CP].state == STATE_OPENED) { 726 sp->pp_last_activity = time_uptime; 727 pktq = ip6_pktq; 728 } 729 break; 730 #endif 731 } 732 733 queue_pkt: 734 if ((ifp->if_flags & IFF_UP) == 0 || (!inq && !pktq)) { 735 goto drop; 736 } 737 738 /* Check queue. */ 739 if (__predict_true(pktq)) { 740 if (__predict_false(!pktq_enqueue(pktq, m, 0))) { 741 goto drop; 742 } 743 SPPP_UNLOCK(sp); 744 return; 745 } 746 747 SPPP_UNLOCK(sp); 748 749 IFQ_LOCK(inq); 750 if (IF_QFULL(inq)) { 751 /* Queue overflow. */ 752 IF_DROP(inq); 753 IFQ_UNLOCK(inq); 754 if (debug) 755 log(LOG_DEBUG, "%s: protocol queue overflow\n", 756 ifp->if_xname); 757 758 SPPP_LOCK(sp, RW_READER); 759 goto drop; 760 } 761 IF_ENQUEUE(inq, m); 762 IFQ_UNLOCK(inq); 763 schednetisr(isr); 764 } 765 766 /* 767 * Enqueue transmit packet. 768 */ 769 static int 770 sppp_output(struct ifnet *ifp, struct mbuf *m, 771 const struct sockaddr *dst, const struct rtentry *rt) 772 { 773 struct sppp *sp = (struct sppp *) ifp; 774 struct ppp_header *h = NULL; 775 #ifndef SPPPSUBR_MPSAFE 776 struct ifqueue *ifq = NULL; /* XXX */ 777 #endif 778 int s, error = 0; 779 uint16_t protocol; 780 size_t pktlen; 781 782 s = splnet(); 783 SPPP_LOCK(sp, RW_READER); 784 785 sp->pp_last_activity = time_uptime; 786 787 if ((ifp->if_flags & IFF_UP) == 0 || 788 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 789 SPPP_UNLOCK(sp); 790 splx(s); 791 792 m_freem(m); 793 794 return (ENETDOWN); 795 } 796 797 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 798 /* 799 * Interface is not yet running, but auto-dial. Need 800 * to start LCP for it. 801 */ 802 ifp->if_flags |= IFF_RUNNING; 803 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); 804 } 805 806 /* 807 * If the queueing discipline needs packet classification, 808 * do it before prepending link headers. 809 */ 810 IFQ_CLASSIFY(&ifp->if_snd, m, dst->sa_family); 811 812 #ifdef INET 813 if (dst->sa_family == AF_INET) { 814 struct ip *ip = NULL; 815 #ifndef SPPPSUBR_MPSAFE 816 struct tcphdr *th = NULL; 817 #endif 818 819 if (m->m_len >= sizeof(struct ip)) { 820 ip = mtod(m, struct ip *); 821 #ifndef SPPPSUBR_MPSAFE 822 if (ip->ip_p == IPPROTO_TCP && 823 m->m_len >= sizeof(struct ip) + (ip->ip_hl << 2) + 824 sizeof(struct tcphdr)) { 825 th = (struct tcphdr *) 826 ((char *)ip + (ip->ip_hl << 2)); 827 } 828 #endif 829 } else 830 ip = NULL; 831 832 /* 833 * When using dynamic local IP address assignment by using 834 * 0.0.0.0 as a local address, the first TCP session will 835 * not connect because the local TCP checksum is computed 836 * using 0.0.0.0 which will later become our real IP address 837 * so the TCP checksum computed at the remote end will 838 * become invalid. So we 839 * - don't let packets with src ip addr 0 thru 840 * - we flag TCP packets with src ip 0 as an error 841 */ 842 if (ip && ip->ip_src.s_addr == INADDR_ANY) { 843 uint8_t proto = ip->ip_p; 844 845 SPPP_UNLOCK(sp); 846 splx(s); 847 848 m_freem(m); 849 if (proto == IPPROTO_TCP) 850 return (EADDRNOTAVAIL); 851 else 852 return (0); 853 } 854 855 #ifndef SPPPSUBR_MPSAFE 856 /* 857 * Put low delay, telnet, rlogin and ftp control packets 858 * in front of the queue. 859 */ 860 if (!IF_QFULL(&sp->pp_fastq) && 861 ((ip && (ip->ip_tos & IPTOS_LOWDELAY)) || 862 (th && (INTERACTIVE(ntohs(th->th_sport)) || 863 INTERACTIVE(ntohs(th->th_dport)))))) 864 ifq = &sp->pp_fastq; 865 #endif /* !SPPPSUBR_MPSAFE */ 866 } 867 #endif 868 869 #ifdef INET6 870 if (dst->sa_family == AF_INET6) { 871 /* XXX do something tricky here? */ 872 } 873 #endif 874 875 if ((sp->pp_flags & PP_NOFRAMING) == 0) { 876 /* 877 * Prepend general data packet PPP header. For now, IP only. 878 */ 879 M_PREPEND(m, PPP_HEADER_LEN, M_DONTWAIT); 880 if (! m) { 881 if (ifp->if_flags & IFF_DEBUG) 882 log(LOG_DEBUG, "%s: no memory for transmit header\n", 883 ifp->if_xname); 884 if_statinc(ifp, if_oerrors); 885 SPPP_UNLOCK(sp); 886 splx(s); 887 return (ENOBUFS); 888 } 889 /* 890 * May want to check size of packet 891 * (albeit due to the implementation it's always enough) 892 */ 893 h = mtod(m, struct ppp_header *); 894 if (sp->pp_flags & PP_CISCO) { 895 h->address = CISCO_UNICAST; /* unicast address */ 896 h->control = 0; 897 } else { 898 h->address = PPP_ALLSTATIONS; /* broadcast address */ 899 h->control = PPP_UI; /* Unnumbered Info */ 900 } 901 } 902 903 switch (dst->sa_family) { 904 #ifdef INET 905 case AF_INET: /* Internet Protocol */ 906 if (sp->pp_flags & PP_CISCO) 907 protocol = htons(ETHERTYPE_IP); 908 else { 909 /* 910 * Don't choke with an ENETDOWN early. It's 911 * possible that we just started dialing out, 912 * so don't drop the packet immediately. If 913 * we notice that we run out of buffer space 914 * below, we will however remember that we are 915 * not ready to carry IP packets, and return 916 * ENETDOWN, as opposed to ENOBUFS. 917 */ 918 protocol = htons(PPP_IP); 919 if (sp->scp[IDX_IPCP].state != STATE_OPENED) 920 error = ENETDOWN; 921 } 922 break; 923 #endif 924 #ifdef INET6 925 case AF_INET6: /* Internet Protocol version 6 */ 926 if (sp->pp_flags & PP_CISCO) 927 protocol = htons(ETHERTYPE_IPV6); 928 else { 929 /* 930 * Don't choke with an ENETDOWN early. It's 931 * possible that we just started dialing out, 932 * so don't drop the packet immediately. If 933 * we notice that we run out of buffer space 934 * below, we will however remember that we are 935 * not ready to carry IP packets, and return 936 * ENETDOWN, as opposed to ENOBUFS. 937 */ 938 protocol = htons(PPP_IPV6); 939 if (sp->scp[IDX_IPV6CP].state != STATE_OPENED) 940 error = ENETDOWN; 941 } 942 break; 943 #endif 944 default: 945 m_freem(m); 946 if_statinc(ifp, if_oerrors); 947 SPPP_UNLOCK(sp); 948 splx(s); 949 return (EAFNOSUPPORT); 950 } 951 952 if (sp->pp_flags & PP_NOFRAMING) { 953 M_PREPEND(m, 2, M_DONTWAIT); 954 if (m == NULL) { 955 if (ifp->if_flags & IFF_DEBUG) 956 log(LOG_DEBUG, "%s: no memory for transmit header\n", 957 ifp->if_xname); 958 if_statinc(ifp, if_oerrors); 959 SPPP_UNLOCK(sp); 960 splx(s); 961 return (ENOBUFS); 962 } 963 *mtod(m, uint16_t *) = protocol; 964 } else { 965 h->protocol = protocol; 966 } 967 968 pktlen = m->m_pkthdr.len; 969 #ifdef SPPPSUBR_MPSAFE 970 SPPP_UNLOCK(sp); 971 error = if_transmit_lock(ifp, m); 972 SPPP_LOCK(sp, RW_READER); 973 if (error == 0) 974 if_statadd(ifp, if_obytes, pktlen + sp->pp_framebytes); 975 #else /* !SPPPSUBR_MPSAFE */ 976 error = ifq_enqueue2(ifp, ifq, m); 977 978 if (error == 0) { 979 /* 980 * Count output packets and bytes. 981 * The packet length includes header + additional hardware 982 * framing according to RFC 1333. 983 */ 984 if (!(ifp->if_flags & IFF_OACTIVE)) { 985 SPPP_UNLOCK(sp); 986 if_start_lock(ifp); 987 SPPP_LOCK(sp, RW_READER); 988 } 989 if_statadd(ifp, if_obytes, pktlen + sp->pp_framebytes); 990 } 991 #endif /* !SPPPSUBR_MPSAFE */ 992 SPPP_UNLOCK(sp); 993 splx(s); 994 return error; 995 } 996 997 void 998 sppp_attach(struct ifnet *ifp) 999 { 1000 struct sppp *sp = (struct sppp *) ifp; 1001 char xnamebuf[MAXCOMLEN]; 1002 1003 /* Initialize keepalive handler. */ 1004 if (! spppq) { 1005 callout_init(&keepalive_ch, CALLOUT_MPSAFE); 1006 callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 1007 } 1008 1009 if (! spppq_lock) 1010 spppq_lock = mutex_obj_alloc(MUTEX_DEFAULT, IPL_SOFTNET); 1011 1012 sp->pp_if.if_type = IFT_PPP; 1013 sp->pp_if.if_output = sppp_output; 1014 sp->pp_fastq.ifq_maxlen = 32; 1015 sp->pp_cpq.ifq_maxlen = 20; 1016 sp->pp_loopcnt = 0; 1017 sp->pp_alivecnt = 0; 1018 sp->pp_last_activity = 0; 1019 sp->pp_last_receive = 0; 1020 sp->pp_maxalive = DEFAULT_MAXALIVECNT; 1021 sp->pp_max_noreceive = DEFAULT_NORECV_TIME; 1022 sp->pp_idle_timeout = 0; 1023 sp->pp_max_auth_fail = DEFAULT_MAX_AUTH_FAILURES; 1024 sp->pp_phase = SPPP_PHASE_DEAD; 1025 sp->pp_up = sppp_notify_up; 1026 sp->pp_down = sppp_notify_down; 1027 sppp_wq_set(&sp->work_ifdown, sppp_ifdown, NULL); 1028 memset(sp->scp, 0, sizeof(sp->scp)); 1029 rw_init(&sp->pp_lock); 1030 1031 if_alloc_sadl(ifp); 1032 1033 /* Lets not beat about the bush, we know we're down. */ 1034 ifp->if_link_state = LINK_STATE_DOWN; 1035 1036 snprintf(xnamebuf, sizeof(xnamebuf), "%s.wq_cp", ifp->if_xname); 1037 sp->wq_cp = sppp_wq_create(sp, xnamebuf, 1038 PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE); 1039 1040 memset(&sp->myauth, 0, sizeof sp->myauth); 1041 memset(&sp->hisauth, 0, sizeof sp->hisauth); 1042 SPPP_LOCK(sp, RW_WRITER); 1043 sppp_lcp_init(sp); 1044 sppp_ipcp_init(sp); 1045 sppp_ipv6cp_init(sp); 1046 sppp_pap_init(sp); 1047 sppp_chap_init(sp); 1048 SPPP_UNLOCK(sp); 1049 1050 SPPPQ_LOCK(); 1051 /* Insert new entry into the keepalive list. */ 1052 sp->pp_next = spppq; 1053 spppq = sp; 1054 SPPPQ_UNLOCK(); 1055 } 1056 1057 void 1058 sppp_detach(struct ifnet *ifp) 1059 { 1060 struct sppp **q, *p, *sp = (struct sppp *) ifp; 1061 1062 /* Remove the entry from the keepalive list. */ 1063 SPPPQ_LOCK(); 1064 for (q = &spppq; (p = *q); q = &p->pp_next) 1065 if (p == sp) { 1066 *q = p->pp_next; 1067 break; 1068 } 1069 SPPPQ_UNLOCK(); 1070 1071 if (! spppq) { 1072 /* Stop keepalive handler. */ 1073 callout_stop(&keepalive_ch); 1074 mutex_obj_free(spppq_lock); 1075 spppq_lock = NULL; 1076 } 1077 1078 SPPP_LOCK(sp, RW_WRITER); 1079 1080 /* to avoid workqueue enqueued */ 1081 atomic_swap_uint(&sp->ipcp.update_addrs_enqueued, 1); 1082 workqueue_wait(sp->ipcp.update_addrs_wq, &sp->ipcp.update_addrs_wk); 1083 workqueue_destroy(sp->ipcp.update_addrs_wq); 1084 pcq_destroy(sp->ipcp.update_addrs_q); 1085 1086 sppp_cp_fini(&lcp, sp); 1087 sppp_cp_fini(&ipcp, sp); 1088 sppp_cp_fini(&pap, sp); 1089 sppp_cp_fini(&chap, sp); 1090 #ifdef INET6 1091 sppp_cp_fini(&ipv6cp, sp); 1092 #endif 1093 sppp_wq_destroy(sp, sp->wq_cp); 1094 1095 /* free authentication info */ 1096 if (sp->myauth.name) free(sp->myauth.name, M_DEVBUF); 1097 if (sp->myauth.secret) free(sp->myauth.secret, M_DEVBUF); 1098 if (sp->hisauth.name) free(sp->hisauth.name, M_DEVBUF); 1099 if (sp->hisauth.secret) free(sp->hisauth.secret, M_DEVBUF); 1100 SPPP_UNLOCK(sp); 1101 rw_destroy(&sp->pp_lock); 1102 } 1103 1104 /* 1105 * Flush the interface output queue. 1106 */ 1107 void 1108 sppp_flush(struct ifnet *ifp) 1109 { 1110 struct sppp *sp = (struct sppp *) ifp; 1111 1112 SPPP_LOCK(sp, RW_WRITER); 1113 IFQ_PURGE(&sp->pp_if.if_snd); 1114 IF_PURGE(&sp->pp_fastq); 1115 IF_PURGE(&sp->pp_cpq); 1116 SPPP_UNLOCK(sp); 1117 } 1118 1119 /* 1120 * Check if the output queue is empty. 1121 */ 1122 int 1123 sppp_isempty(struct ifnet *ifp) 1124 { 1125 struct sppp *sp = (struct sppp *) ifp; 1126 int empty, s; 1127 1128 s = splnet(); 1129 SPPP_LOCK(sp, RW_READER); 1130 empty = IF_IS_EMPTY(&sp->pp_fastq) && IF_IS_EMPTY(&sp->pp_cpq) && 1131 IFQ_IS_EMPTY(&sp->pp_if.if_snd); 1132 SPPP_UNLOCK(sp); 1133 splx(s); 1134 return (empty); 1135 } 1136 1137 /* 1138 * Get next packet to send. 1139 */ 1140 struct mbuf * 1141 sppp_dequeue(struct ifnet *ifp) 1142 { 1143 struct sppp *sp = (struct sppp *) ifp; 1144 struct mbuf *m; 1145 int s; 1146 1147 s = splnet(); 1148 SPPP_LOCK(sp, RW_WRITER); 1149 /* 1150 * Process only the control protocol queue until we have at 1151 * least one NCP open. 1152 * 1153 * Do always serve all three queues in Cisco mode. 1154 */ 1155 IF_DEQUEUE(&sp->pp_cpq, m); 1156 if (m == NULL && 1157 (sppp_cp_check(sp, CP_NCP) || (sp->pp_flags & PP_CISCO) != 0)) { 1158 IF_DEQUEUE(&sp->pp_fastq, m); 1159 if (m == NULL) 1160 IFQ_DEQUEUE(&sp->pp_if.if_snd, m); 1161 } 1162 SPPP_UNLOCK(sp); 1163 splx(s); 1164 return m; 1165 } 1166 1167 /* 1168 * Process an ioctl request. Called on low priority level. 1169 */ 1170 int 1171 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) 1172 { 1173 struct lwp *l = curlwp; /* XXX */ 1174 struct ifreq *ifr = (struct ifreq *) data; 1175 struct ifaddr *ifa = (struct ifaddr *) data; 1176 struct sppp *sp = (struct sppp *) ifp; 1177 int s, error=0, going_up, going_down; 1178 u_short newmode; 1179 1180 s = splnet(); 1181 switch (cmd) { 1182 case SIOCINITIFADDR: 1183 ifa->ifa_rtrequest = p2p_rtrequest; 1184 break; 1185 1186 case SIOCSIFFLAGS: 1187 if ((error = ifioctl_common(ifp, cmd, data)) != 0) 1188 break; 1189 1190 SPPP_LOCK(sp, RW_WRITER); 1191 going_up = ifp->if_flags & IFF_UP && 1192 (ifp->if_flags & IFF_RUNNING) == 0; 1193 going_down = (ifp->if_flags & IFF_UP) == 0 && 1194 ifp->if_flags & IFF_RUNNING; 1195 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 1196 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 1197 /* sanity */ 1198 newmode = IFF_PASSIVE; 1199 ifp->if_flags &= ~IFF_AUTO; 1200 } 1201 1202 if (going_up || going_down) { 1203 sp->lcp.reestablish = false; 1204 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 1205 } 1206 if (going_up && newmode == 0) { 1207 /* neither auto-dial nor passive */ 1208 ifp->if_flags |= IFF_RUNNING; 1209 if (!(sp->pp_flags & PP_CISCO)) { 1210 sppp_wq_add(sp->wq_cp, 1211 &sp->scp[IDX_LCP].work_open); 1212 } 1213 } else if (going_down) { 1214 SPPP_UNLOCK(sp); 1215 sppp_flush(ifp); 1216 SPPP_LOCK(sp, RW_WRITER); 1217 1218 ifp->if_flags &= ~IFF_RUNNING; 1219 } 1220 SPPP_UNLOCK(sp); 1221 break; 1222 1223 case SIOCSIFMTU: 1224 if (ifr->ifr_mtu < PPP_MINMRU || 1225 ifr->ifr_mtu > sp->lcp.their_mru) { 1226 error = EINVAL; 1227 break; 1228 } 1229 /*FALLTHROUGH*/ 1230 case SIOCGIFMTU: 1231 if ((error = ifioctl_common(ifp, cmd, data)) == ENETRESET) 1232 error = 0; 1233 break; 1234 case SIOCADDMULTI: 1235 case SIOCDELMULTI: 1236 break; 1237 1238 case SPPPSETAUTHCFG: 1239 case SPPPSETLCPCFG: 1240 case SPPPSETIDLETO: 1241 case SPPPSETAUTHFAILURE: 1242 case SPPPSETDNSOPTS: 1243 case SPPPSETKEEPALIVE: 1244 #if defined(COMPAT_50) || defined(MODULAR) 1245 case __SPPPSETIDLETO50: 1246 case __SPPPSETKEEPALIVE50: 1247 #endif /* COMPAT_50 || MODULAR */ 1248 error = kauth_authorize_network(l->l_cred, 1249 KAUTH_NETWORK_INTERFACE, 1250 KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd, 1251 NULL); 1252 if (error) 1253 break; 1254 error = sppp_params(sp, cmd, data); 1255 break; 1256 1257 case SPPPGETAUTHCFG: 1258 case SPPPGETLCPCFG: 1259 case SPPPGETAUTHFAILURES: 1260 error = kauth_authorize_network(l->l_cred, 1261 KAUTH_NETWORK_INTERFACE, 1262 KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, ifp, (void *)cmd, 1263 NULL); 1264 if (error) 1265 break; 1266 error = sppp_params(sp, cmd, data); 1267 break; 1268 1269 case SPPPGETSTATUS: 1270 case SPPPGETSTATUSNCP: 1271 case SPPPGETIDLETO: 1272 case SPPPGETDNSOPTS: 1273 case SPPPGETDNSADDRS: 1274 case SPPPGETKEEPALIVE: 1275 #if defined(COMPAT_50) || defined(MODULAR) 1276 case __SPPPGETIDLETO50: 1277 case __SPPPGETKEEPALIVE50: 1278 #endif /* COMPAT_50 || MODULAR */ 1279 error = sppp_params(sp, cmd, data); 1280 break; 1281 1282 default: 1283 error = ifioctl_common(ifp, cmd, data); 1284 break; 1285 } 1286 splx(s); 1287 return (error); 1288 } 1289 1290 /* 1291 * Cisco framing implementation. 1292 */ 1293 1294 /* 1295 * Handle incoming Cisco keepalive protocol packets. 1296 */ 1297 static void 1298 sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1299 { 1300 STDDCL; 1301 struct cisco_packet *h; 1302 #ifdef INET 1303 uint32_t me, mymask = 0; /* XXX: GCC */ 1304 #endif 1305 1306 SPPP_LOCK(sp, RW_WRITER); 1307 1308 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1309 if (debug) 1310 log(LOG_DEBUG, 1311 "%s: cisco invalid packet length: %d bytes\n", 1312 ifp->if_xname, m->m_pkthdr.len); 1313 SPPP_UNLOCK(sp); 1314 return; 1315 } 1316 h = mtod(m, struct cisco_packet *); 1317 if (debug) 1318 log(LOG_DEBUG, 1319 "%s: cisco input: %d bytes " 1320 "<0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", 1321 ifp->if_xname, m->m_pkthdr.len, 1322 ntohl(h->type), h->par1, h->par2, (u_int)h->rel, 1323 (u_int)h->time0, (u_int)h->time1); 1324 switch (ntohl(h->type)) { 1325 default: 1326 if (debug) 1327 addlog("%s: cisco unknown packet type: 0x%x\n", 1328 ifp->if_xname, ntohl(h->type)); 1329 break; 1330 case CISCO_ADDR_REPLY: 1331 /* Reply on address request, ignore */ 1332 break; 1333 case CISCO_KEEPALIVE_REQ: 1334 sp->pp_alivecnt = 0; 1335 sp->scp[IDX_LCP].rseq = ntohl(h->par1); 1336 if (sp->scp[IDX_LCP].seq == sp->scp[IDX_LCP].rseq) { 1337 /* Local and remote sequence numbers are equal. 1338 * Probably, the line is in loopback mode. */ 1339 if (sp->pp_loopcnt >= LOOPALIVECNT) { 1340 printf ("%s: loopback\n", 1341 ifp->if_xname); 1342 sp->pp_loopcnt = 0; 1343 if (ifp->if_flags & IFF_UP) { 1344 SPPP_UNLOCK(sp); 1345 if_down(ifp); 1346 SPPP_LOCK(sp, RW_WRITER); 1347 1348 IF_PURGE(&sp->pp_cpq); 1349 } 1350 } 1351 ++sp->pp_loopcnt; 1352 1353 /* Generate new local sequence number */ 1354 sp->scp[IDX_LCP].seq = cprng_fast32(); 1355 break; 1356 } 1357 sp->pp_loopcnt = 0; 1358 if (! (ifp->if_flags & IFF_UP) && 1359 (ifp->if_flags & IFF_RUNNING)) { 1360 SPPP_UNLOCK(sp); 1361 if_up(ifp); 1362 SPPP_LOCK(sp, RW_WRITER); 1363 } 1364 break; 1365 case CISCO_ADDR_REQ: 1366 #ifdef INET 1367 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1368 if (me != 0L) 1369 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1370 #endif 1371 break; 1372 } 1373 SPPP_UNLOCK(sp); 1374 } 1375 1376 /* 1377 * Send Cisco keepalive packet. 1378 */ 1379 static void 1380 sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2) 1381 { 1382 STDDCL; 1383 struct ppp_header *h; 1384 struct cisco_packet *ch; 1385 struct mbuf *m; 1386 uint32_t t; 1387 1388 KASSERT(SPPP_WLOCKED(sp)); 1389 1390 t = time_uptime * 1000; 1391 MGETHDR(m, M_DONTWAIT, MT_DATA); 1392 if (! m) 1393 return; 1394 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1395 m_reset_rcvif(m); 1396 1397 h = mtod(m, struct ppp_header *); 1398 h->address = CISCO_MULTICAST; 1399 h->control = 0; 1400 h->protocol = htons(CISCO_KEEPALIVE); 1401 1402 ch = (struct cisco_packet *)(h + 1); 1403 ch->type = htonl(type); 1404 ch->par1 = htonl(par1); 1405 ch->par2 = htonl(par2); 1406 ch->rel = -1; 1407 1408 ch->time0 = htons((u_short)(t >> 16)); 1409 ch->time1 = htons((u_short) t); 1410 1411 if (debug) 1412 log(LOG_DEBUG, 1413 "%s: cisco output: <0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", 1414 ifp->if_xname, ntohl(ch->type), ch->par1, 1415 ch->par2, (u_int)ch->rel, (u_int)ch->time0, 1416 (u_int)ch->time1); 1417 1418 if (IF_QFULL(&sp->pp_cpq)) { 1419 IF_DROP(&sp->pp_fastq); 1420 IF_DROP(&ifp->if_snd); 1421 m_freem(m); 1422 if_statinc(ifp, if_oerrors); 1423 return; 1424 } 1425 1426 if_statadd(ifp, if_obytes, m->m_pkthdr.len + sp->pp_framebytes); 1427 IF_ENQUEUE(&sp->pp_cpq, m); 1428 1429 if (! (ifp->if_flags & IFF_OACTIVE)) { 1430 SPPP_UNLOCK(sp); 1431 if_start_lock(ifp); 1432 SPPP_LOCK(sp, RW_WRITER); 1433 } 1434 } 1435 1436 /* 1437 * PPP protocol implementation. 1438 */ 1439 1440 /* 1441 * Send PPP control protocol packet. 1442 */ 1443 static void 1444 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1445 u_char ident, u_short len, void *data) 1446 { 1447 STDDCL; 1448 struct lcp_header *lh; 1449 struct mbuf *m; 1450 size_t pkthdrlen; 1451 1452 KASSERT(SPPP_WLOCKED(sp)); 1453 1454 pkthdrlen = (sp->pp_flags & PP_NOFRAMING) ? 2 : PPP_HEADER_LEN; 1455 1456 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) 1457 len = MHLEN - pkthdrlen - LCP_HEADER_LEN; 1458 MGETHDR(m, M_DONTWAIT, MT_DATA); 1459 if (! m) { 1460 return; 1461 } 1462 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 1463 m_reset_rcvif(m); 1464 1465 if (sp->pp_flags & PP_NOFRAMING) { 1466 *mtod(m, uint16_t *) = htons(proto); 1467 lh = (struct lcp_header *)(mtod(m, uint8_t *) + 2); 1468 } else { 1469 struct ppp_header *h; 1470 h = mtod(m, struct ppp_header *); 1471 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1472 h->control = PPP_UI; /* Unnumbered Info */ 1473 h->protocol = htons(proto); /* Link Control Protocol */ 1474 lh = (struct lcp_header *)(h + 1); 1475 } 1476 lh->type = type; 1477 lh->ident = ident; 1478 lh->len = htons(LCP_HEADER_LEN + len); 1479 if (len) 1480 memcpy(lh + 1, data, len); 1481 1482 if (debug) { 1483 log(LOG_DEBUG, "%s: %s output <%s id=0x%x len=%d", 1484 ifp->if_xname, 1485 sppp_proto_name(proto), 1486 sppp_cp_type_name(lh->type), lh->ident, ntohs(lh->len)); 1487 if (len) 1488 sppp_print_bytes((u_char *)(lh + 1), len); 1489 addlog(">\n"); 1490 } 1491 if (IF_QFULL(&sp->pp_cpq)) { 1492 IF_DROP(&sp->pp_fastq); 1493 IF_DROP(&ifp->if_snd); 1494 m_freem(m); 1495 if_statinc(ifp, if_oerrors); 1496 return; 1497 } 1498 1499 if_statadd(ifp, if_obytes, m->m_pkthdr.len + sp->pp_framebytes); 1500 IF_ENQUEUE(&sp->pp_cpq, m); 1501 1502 if (! (ifp->if_flags & IFF_OACTIVE)) { 1503 SPPP_UNLOCK(sp); 1504 if_start_lock(ifp); 1505 SPPP_LOCK(sp, RW_WRITER); 1506 } 1507 } 1508 1509 static void 1510 sppp_cp_to_lcp(void *xsp) 1511 { 1512 struct sppp *sp = xsp; 1513 1514 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_to); 1515 } 1516 1517 static void 1518 sppp_cp_to_ipcp(void *xsp) 1519 { 1520 struct sppp *sp = xsp; 1521 1522 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_IPCP].work_to); 1523 } 1524 1525 static void 1526 sppp_cp_to_ipv6cp(void *xsp) 1527 { 1528 struct sppp *sp = xsp; 1529 1530 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_IPV6CP].work_to); 1531 } 1532 1533 static void 1534 sppp_cp_to_pap(void *xsp) 1535 { 1536 struct sppp *sp = xsp; 1537 1538 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_to); 1539 } 1540 1541 static void 1542 sppp_cp_to_chap(void *xsp) 1543 { 1544 struct sppp *sp = xsp; 1545 1546 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_to); 1547 } 1548 1549 static void 1550 sppp_cp_init(const struct cp *cp, struct sppp *sp) 1551 { 1552 struct sppp_cp *scp; 1553 typedef void (*sppp_co_cb_t)(void *); 1554 static const sppp_co_cb_t to_cb[IDX_COUNT] = { 1555 [IDX_LCP] = sppp_cp_to_lcp, 1556 [IDX_IPCP] = sppp_cp_to_ipcp, 1557 [IDX_IPV6CP] = sppp_cp_to_ipv6cp, 1558 [IDX_PAP] = sppp_cp_to_pap, 1559 [IDX_CHAP] = sppp_cp_to_chap, 1560 }; 1561 1562 scp = &sp->scp[cp->protoidx]; 1563 scp->state = STATE_INITIAL; 1564 scp->fail_counter = 0; 1565 scp->seq = 0; 1566 scp->rseq = 0; 1567 1568 SPPP_WQ_SET(&scp->work_up, cp->Up, cp); 1569 SPPP_WQ_SET(&scp->work_down, cp->Down, cp); 1570 SPPP_WQ_SET(&scp->work_open, cp->Open, cp); 1571 SPPP_WQ_SET(&scp->work_close, cp->Close, cp); 1572 SPPP_WQ_SET(&scp->work_to, cp->TO, cp); 1573 SPPP_WQ_SET(&scp->work_rcr, sppp_rcr_event, cp); 1574 SPPP_WQ_SET(&scp->work_rca, sppp_rca_event, cp); 1575 SPPP_WQ_SET(&scp->work_rcn, sppp_rcn_event, cp); 1576 SPPP_WQ_SET(&scp->work_rtr, sppp_rtr_event, cp); 1577 SPPP_WQ_SET(&scp->work_rta, sppp_rta_event, cp); 1578 SPPP_WQ_SET(&scp->work_rxj, sppp_rxj_event, cp); 1579 1580 callout_init(&scp->ch, CALLOUT_MPSAFE); 1581 callout_setfunc(&scp->ch, to_cb[cp->protoidx], sp); 1582 } 1583 1584 static void 1585 sppp_cp_fini(const struct cp *cp, struct sppp *sp) 1586 { 1587 struct sppp_cp *scp; 1588 scp = &sp->scp[cp->protoidx]; 1589 1590 sppp_wq_wait(sp->wq_cp, &scp->work_up); 1591 sppp_wq_wait(sp->wq_cp, &scp->work_down); 1592 sppp_wq_wait(sp->wq_cp, &scp->work_open); 1593 sppp_wq_wait(sp->wq_cp, &scp->work_close); 1594 sppp_wq_wait(sp->wq_cp, &scp->work_to); 1595 sppp_wq_wait(sp->wq_cp, &scp->work_rcr); 1596 sppp_wq_wait(sp->wq_cp, &scp->work_rca); 1597 sppp_wq_wait(sp->wq_cp, &scp->work_rcn); 1598 sppp_wq_wait(sp->wq_cp, &scp->work_rtr); 1599 sppp_wq_wait(sp->wq_cp, &scp->work_rta); 1600 sppp_wq_wait(sp->wq_cp, &scp->work_rxj); 1601 1602 callout_halt(&scp->ch, NULL); 1603 callout_destroy(&scp->ch); 1604 } 1605 1606 /* 1607 * Handle incoming PPP control protocol packets. 1608 */ 1609 static void 1610 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1611 { 1612 STDDCL; 1613 struct lcp_header *h; 1614 int printlen, len = m->m_pkthdr.len; 1615 enum cp_rcr_type type; 1616 size_t blen, rlen; 1617 u_char *p; 1618 uint32_t u32; 1619 uint8_t *buf; 1620 1621 SPPP_LOCK(sp, RW_WRITER); 1622 1623 if (len < 4) { 1624 if (debug) 1625 log(LOG_DEBUG, 1626 "%s: %s invalid packet length: %d bytes\n", 1627 ifp->if_xname, cp->name, len); 1628 SPPP_UNLOCK(sp); 1629 return; 1630 } 1631 h = mtod(m, struct lcp_header *); 1632 if (debug) { 1633 printlen = ntohs(h->len); 1634 log(LOG_DEBUG, 1635 "%s: %s input(%s): <%s id=0x%x len=%d", 1636 ifp->if_xname, cp->name, 1637 sppp_state_name(sp->scp[cp->protoidx].state), 1638 sppp_cp_type_name(h->type), h->ident, printlen); 1639 if (len < printlen) 1640 printlen = len; 1641 if (printlen > 4) 1642 sppp_print_bytes((u_char *)(h + 1), printlen - 4); 1643 addlog(">\n"); 1644 } 1645 if (len > ntohs(h->len)) 1646 len = ntohs(h->len); 1647 p = (u_char *)(h + 1); 1648 switch (h->type) { 1649 case CONF_REQ: 1650 if (len < 4) { 1651 if (debug) 1652 addlog("%s: %s invalid conf-req length %d\n", 1653 ifp->if_xname, cp->name, 1654 len); 1655 if_statinc(ifp, if_ierrors); 1656 break; 1657 } 1658 1659 buf = NULL; 1660 blen = 0; 1661 rlen = 0; 1662 1663 type = (cp->parse_confreq)(sp, h, len, 1664 &buf, &blen, &rlen); 1665 1666 if (type == CP_RCR_ERR) { 1667 /* fatal error, shut down */ 1668 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 1669 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); 1670 } else if (buf != NULL) { 1671 if (sp->scp[cp->protoidx].rcr_buf != NULL) { 1672 kmem_intr_free(sp->scp[cp->protoidx].rcr_buf, 1673 sp->scp[cp->protoidx].rcr_blen); 1674 } 1675 1676 sp->scp[cp->protoidx].rcr_buf = (void *)buf; 1677 buf = NULL; 1678 1679 sp->scp[cp->protoidx].rcr_blen = blen; 1680 sp->scp[cp->protoidx].rcr_rlen = rlen; 1681 sp->scp[cp->protoidx].rcr_type = type; 1682 sp->scp[cp->protoidx].rconfid = h->ident; 1683 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rcr); 1684 } 1685 break; 1686 case CONF_ACK: 1687 if (h->ident != sp->scp[cp->protoidx].confid) { 1688 if (debug) 1689 addlog("%s: %s id mismatch 0x%x != 0x%x\n", 1690 ifp->if_xname, cp->name, 1691 h->ident, sp->scp[cp->protoidx].confid); 1692 if_statinc(ifp, if_ierrors); 1693 break; 1694 } 1695 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rca); 1696 break; 1697 case CONF_NAK: 1698 case CONF_REJ: 1699 if (h->ident != sp->scp[cp->protoidx].confid) { 1700 if (debug) 1701 addlog("%s: %s id mismatch 0x%x != 0x%x\n", 1702 ifp->if_xname, cp->name, 1703 h->ident, sp->scp[cp->protoidx].confid); 1704 if_statinc(ifp, if_ierrors); 1705 break; 1706 } 1707 if (h->type == CONF_NAK) 1708 (cp->parse_confnak)(sp, h, len); 1709 else /* CONF_REJ */ 1710 (cp->parse_confrej)(sp, h, len); 1711 1712 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rcn); 1713 break; 1714 1715 case TERM_REQ: 1716 sp->scp[cp->protoidx].rseq = h->ident; 1717 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rtr); 1718 break; 1719 case TERM_ACK: 1720 if (h->ident != sp->scp[cp->protoidx].confid && 1721 h->ident != sp->scp[cp->protoidx].seq) { 1722 if (debug) 1723 addlog("%s: %s id mismatch " 1724 "0x%x != 0x%x and 0x%x != %0lx\n", 1725 ifp->if_xname, cp->name, 1726 h->ident, sp->scp[cp->protoidx].confid, 1727 h->ident, sp->scp[cp->protoidx].seq); 1728 if_statinc(ifp, if_ierrors); 1729 break; 1730 } 1731 1732 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rta); 1733 break; 1734 case CODE_REJ: 1735 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1736 log(LOG_INFO, 1737 "%s: %s: ignoring RXJ (%s) for code ?, " 1738 "danger will robinson\n", 1739 ifp->if_xname, cp->name, 1740 sppp_cp_type_name(h->type)); 1741 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rxj); 1742 break; 1743 case PROTO_REJ: 1744 { 1745 int catastrophic; 1746 const struct cp *upper; 1747 int i; 1748 uint16_t proto; 1749 1750 catastrophic = 0; 1751 upper = NULL; 1752 proto = p[0] << 8 | p[1]; 1753 for (i = 0; i < IDX_COUNT; i++) { 1754 if (cps[i]->proto == proto) { 1755 upper = cps[i]; 1756 break; 1757 } 1758 } 1759 if (upper == NULL) 1760 catastrophic++; 1761 1762 if (debug) 1763 log(LOG_INFO, 1764 "%s: %s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1765 ifp->if_xname, cp->name, catastrophic ? '-' : '+', 1766 sppp_cp_type_name(h->type), proto, 1767 upper ? upper->name : "unknown", 1768 upper ? sppp_state_name(sp->scp[upper->protoidx].state) : "?"); 1769 1770 /* 1771 * if we got RXJ+ against conf-req, the peer does not implement 1772 * this particular protocol type. terminate the protocol. 1773 */ 1774 if (upper && !catastrophic) { 1775 if (sp->scp[upper->protoidx].state == STATE_REQ_SENT) { 1776 sppp_wq_add(sp->wq_cp, 1777 &sp->scp[upper->protoidx].work_close); 1778 break; 1779 } 1780 } 1781 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rxj); 1782 break; 1783 } 1784 case DISC_REQ: 1785 if (cp->proto != PPP_LCP) 1786 goto illegal; 1787 /* Discard the packet. */ 1788 break; 1789 case ECHO_REQ: 1790 if (cp->proto != PPP_LCP) 1791 goto illegal; 1792 if (sp->scp[cp->protoidx].state != STATE_OPENED) { 1793 if (debug) 1794 addlog("%s: lcp echo req but lcp closed\n", 1795 ifp->if_xname); 1796 if_statinc(ifp, if_ierrors); 1797 break; 1798 } 1799 if (len < 8) { 1800 if (debug) 1801 addlog("%s: invalid lcp echo request " 1802 "packet length: %d bytes\n", 1803 ifp->if_xname, len); 1804 break; 1805 } 1806 memcpy(&u32, h + 1, sizeof u32); 1807 if (ntohl(u32) == sp->lcp.magic) { 1808 /* Line loopback mode detected. */ 1809 printf("%s: loopback\n", ifp->if_xname); 1810 SPPP_UNLOCK(sp); 1811 if_down(ifp); 1812 SPPP_LOCK(sp, RW_WRITER); 1813 1814 IF_PURGE(&sp->pp_cpq); 1815 1816 /* Shut down the PPP link. */ 1817 /* XXX */ 1818 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_down); 1819 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_up); 1820 break; 1821 } 1822 u32 = htonl(sp->lcp.magic); 1823 memcpy(h + 1, &u32, sizeof u32); 1824 if (debug) 1825 addlog("%s: got lcp echo req, sending echo rep\n", 1826 ifp->if_xname); 1827 sppp_cp_send(sp, PPP_LCP, ECHO_REPLY, h->ident, len - 4, 1828 h + 1); 1829 break; 1830 case ECHO_REPLY: 1831 if (cp->proto != PPP_LCP) 1832 goto illegal; 1833 if (h->ident != sp->lcp.echoid) { 1834 if_statinc(ifp, if_ierrors); 1835 break; 1836 } 1837 if (len < 8) { 1838 if (debug) 1839 addlog("%s: lcp invalid echo reply " 1840 "packet length: %d bytes\n", 1841 ifp->if_xname, len); 1842 break; 1843 } 1844 if (debug) 1845 addlog("%s: lcp got echo rep\n", 1846 ifp->if_xname); 1847 memcpy(&u32, h + 1, sizeof u32); 1848 if (ntohl(u32) != sp->lcp.magic) 1849 sp->pp_alivecnt = 0; 1850 break; 1851 default: 1852 /* Unknown packet type -- send Code-Reject packet. */ 1853 illegal: 1854 if (debug) 1855 addlog("%s: %s send code-rej for 0x%x\n", 1856 ifp->if_xname, cp->name, h->type); 1857 sppp_cp_send(sp, cp->proto, CODE_REJ, 1858 ++sp->scp[cp->protoidx].seq, m->m_pkthdr.len, h); 1859 if_statinc(ifp, if_ierrors); 1860 } 1861 1862 SPPP_UNLOCK(sp); 1863 } 1864 1865 /* 1866 * The generic part of all Up/Down/Open/Close/TO event handlers. 1867 * Basically, the state transition handling in the automaton. 1868 */ 1869 static void 1870 sppp_up_event(struct sppp *sp, void *xcp) 1871 { 1872 const struct cp *cp = xcp; 1873 STDDCL; 1874 1875 KASSERT(SPPP_WLOCKED(sp)); 1876 1877 if ((cp->flags & CP_AUTH) != 0 && 1878 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) 1879 return; 1880 1881 if (debug) 1882 log(LOG_DEBUG, "%s: %s up(%s)\n", 1883 ifp->if_xname, cp->name, 1884 sppp_state_name(sp->scp[cp->protoidx].state)); 1885 1886 switch (sp->scp[cp->protoidx].state) { 1887 case STATE_INITIAL: 1888 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1889 break; 1890 case STATE_STARTING: 1891 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 1892 (cp->scr)(sp); 1893 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1894 break; 1895 default: 1896 printf("%s: %s illegal up in state %s\n", 1897 ifp->if_xname, cp->name, 1898 sppp_state_name(sp->scp[cp->protoidx].state)); 1899 } 1900 } 1901 1902 static void 1903 sppp_down_event(struct sppp *sp, void *xcp) 1904 { 1905 const struct cp *cp = xcp; 1906 STDDCL; 1907 1908 KASSERT(SPPP_WLOCKED(sp)); 1909 1910 if ((cp->flags & CP_AUTH) != 0 && 1911 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) 1912 return; 1913 1914 if (debug) 1915 log(LOG_DEBUG, "%s: %s down(%s)\n", 1916 ifp->if_xname, cp->name, 1917 sppp_state_name(sp->scp[cp->protoidx].state)); 1918 1919 switch (sp->scp[cp->protoidx].state) { 1920 case STATE_CLOSED: 1921 case STATE_CLOSING: 1922 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1923 break; 1924 case STATE_STOPPED: 1925 (cp->tls)(cp, sp); 1926 /* fall through */ 1927 case STATE_STOPPING: 1928 case STATE_REQ_SENT: 1929 case STATE_ACK_RCVD: 1930 case STATE_ACK_SENT: 1931 sppp_cp_change_state(cp, sp, STATE_STARTING); 1932 break; 1933 case STATE_OPENED: 1934 (cp->tld)(sp); 1935 sppp_cp_change_state(cp, sp, STATE_STARTING); 1936 break; 1937 default: 1938 printf("%s: %s illegal down in state %s\n", 1939 ifp->if_xname, cp->name, 1940 sppp_state_name(sp->scp[cp->protoidx].state)); 1941 } 1942 } 1943 1944 static void 1945 sppp_open_event(struct sppp *sp, void *xcp) 1946 { 1947 const struct cp *cp = xcp; 1948 STDDCL; 1949 1950 KASSERT(SPPP_WLOCKED(sp)); 1951 1952 if ((cp->flags & CP_AUTH) != 0 && 1953 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) 1954 return; 1955 1956 if (debug) 1957 log(LOG_DEBUG, "%s: %s open(%s)\n", 1958 ifp->if_xname, cp->name, 1959 sppp_state_name(sp->scp[cp->protoidx].state)); 1960 1961 switch (sp->scp[cp->protoidx].state) { 1962 case STATE_INITIAL: 1963 sppp_cp_change_state(cp, sp, STATE_STARTING); 1964 (cp->tls)(cp, sp); 1965 break; 1966 case STATE_STARTING: 1967 break; 1968 case STATE_CLOSED: 1969 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 1970 (cp->scr)(sp); 1971 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1972 break; 1973 case STATE_STOPPED: 1974 case STATE_STOPPING: 1975 case STATE_REQ_SENT: 1976 case STATE_ACK_RCVD: 1977 case STATE_ACK_SENT: 1978 case STATE_OPENED: 1979 break; 1980 case STATE_CLOSING: 1981 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1982 break; 1983 } 1984 } 1985 1986 static void 1987 sppp_close_event(struct sppp *sp, void *xcp) 1988 { 1989 const struct cp *cp = xcp; 1990 STDDCL; 1991 1992 KASSERT(SPPP_WLOCKED(sp)); 1993 1994 if ((cp->flags & CP_AUTH) != 0 && 1995 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) 1996 return; 1997 1998 if (debug) 1999 log(LOG_DEBUG, "%s: %s close(%s)\n", 2000 ifp->if_xname, cp->name, 2001 sppp_state_name(sp->scp[cp->protoidx].state)); 2002 2003 switch (sp->scp[cp->protoidx].state) { 2004 case STATE_INITIAL: 2005 case STATE_CLOSED: 2006 case STATE_CLOSING: 2007 break; 2008 case STATE_STARTING: 2009 sppp_cp_change_state(cp, sp, STATE_INITIAL); 2010 (cp->tlf)(cp, sp); 2011 break; 2012 case STATE_STOPPED: 2013 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2014 break; 2015 case STATE_STOPPING: 2016 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2017 break; 2018 case STATE_OPENED: 2019 (cp->tld)(sp); 2020 /* fall through */ 2021 case STATE_REQ_SENT: 2022 case STATE_ACK_RCVD: 2023 case STATE_ACK_SENT: 2024 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_terminate; 2025 if ((cp->flags & CP_AUTH) == 0) { 2026 sppp_cp_send(sp, cp->proto, TERM_REQ, 2027 ++sp->scp[cp->protoidx].seq, 0, 0); 2028 } 2029 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2030 break; 2031 } 2032 } 2033 2034 static void 2035 sppp_to_event(struct sppp *sp, void *xcp) 2036 { 2037 const struct cp *cp = xcp; 2038 int s; 2039 STDDCL; 2040 2041 KASSERT(SPPP_WLOCKED(sp)); 2042 2043 s = splnet(); 2044 2045 if (debug) 2046 log(LOG_DEBUG, "%s: %s TO(%s) rst_counter = %d\n", 2047 ifp->if_xname, cp->name, 2048 sppp_state_name(sp->scp[cp->protoidx].state), 2049 sp->scp[cp->protoidx].rst_counter); 2050 2051 if (--sp->scp[cp->protoidx].rst_counter < 0) 2052 /* TO- event */ 2053 switch (sp->scp[cp->protoidx].state) { 2054 case STATE_CLOSING: 2055 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2056 (cp->tlf)(cp, sp); 2057 break; 2058 case STATE_STOPPING: 2059 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2060 (cp->tlf)(cp, sp); 2061 break; 2062 case STATE_REQ_SENT: 2063 case STATE_ACK_RCVD: 2064 case STATE_ACK_SENT: 2065 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2066 (cp->tlf)(cp, sp); 2067 break; 2068 } 2069 else 2070 /* TO+ event */ 2071 switch (sp->scp[cp->protoidx].state) { 2072 case STATE_CLOSING: 2073 case STATE_STOPPING: 2074 if ((cp->flags & CP_AUTH) == 0) { 2075 sppp_cp_send(sp, cp->proto, TERM_REQ, 2076 ++sp->scp[cp->protoidx].seq, 0, 0); 2077 } 2078 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 2079 break; 2080 case STATE_REQ_SENT: 2081 case STATE_ACK_RCVD: 2082 (cp->scr)(sp); 2083 /* sppp_cp_change_state() will restart the timer */ 2084 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2085 break; 2086 case STATE_ACK_SENT: 2087 (cp->scr)(sp); 2088 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 2089 break; 2090 } 2091 2092 splx(s); 2093 } 2094 2095 static void 2096 sppp_rcr_event(struct sppp *sp, void *xcp) 2097 { 2098 const struct cp *cp = xcp; 2099 enum cp_rcr_type type; 2100 void *buf; 2101 size_t blen; 2102 STDDCL; 2103 2104 type = sp->scp[cp->protoidx].rcr_type; 2105 buf = sp->scp[cp->protoidx].rcr_buf; 2106 blen = sp->scp[cp->protoidx].rcr_blen; 2107 2108 if (type == CP_RCR_ACK) { 2109 /* RCR+ event */ 2110 switch (sp->scp[cp->protoidx].state) { 2111 case STATE_OPENED: 2112 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2113 cp->tld(sp); 2114 cp->scr(sp); 2115 cp->scan(cp, sp); 2116 break; 2117 case STATE_ACK_SENT: 2118 case STATE_REQ_SENT: 2119 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2120 cp->scan(cp, sp); 2121 break; 2122 case STATE_STOPPED: 2123 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2124 cp->scr(sp); 2125 cp->scan(cp, sp); 2126 break; 2127 case STATE_ACK_RCVD: 2128 sppp_cp_change_state(cp, sp, STATE_OPENED); 2129 if (debug) 2130 log(LOG_DEBUG, "%s: %s tlu\n", 2131 ifp->if_xname, 2132 cp->name); 2133 cp->tlu(sp); 2134 cp->scan(cp, sp); 2135 break; 2136 case STATE_CLOSING: 2137 case STATE_STOPPING: 2138 if (buf != NULL) { 2139 sp->scp[cp->protoidx].rcr_buf = NULL; 2140 sp->scp[cp->protoidx].rcr_blen = 0; 2141 kmem_free(buf, blen); 2142 } 2143 break; 2144 case STATE_CLOSED: 2145 if ((cp->flags & CP_AUTH) == 0) { 2146 sppp_cp_send(sp, cp->proto, TERM_ACK, 2147 sp->scp[cp->protoidx].rconfid, 0, 0); 2148 } 2149 break; 2150 default: 2151 printf("%s: %s illegal RCR+ in state %s\n", 2152 ifp->if_xname, cp->name, 2153 sppp_state_name(sp->scp[cp->protoidx].state)); 2154 if_statinc(ifp, if_ierrors); 2155 } 2156 } else { 2157 /* RCR- event */ 2158 switch (sp->scp[cp->protoidx].state) { 2159 case STATE_OPENED: 2160 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2161 cp->tld(sp); 2162 cp->scr(sp); 2163 cp->scan(cp, sp); 2164 break; 2165 case STATE_ACK_SENT: 2166 case STATE_REQ_SENT: 2167 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2168 cp->scan(cp, sp); 2169 break; 2170 case STATE_STOPPED: 2171 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2172 cp->scr(sp); 2173 cp->scan(cp, sp); 2174 break; 2175 case STATE_ACK_RCVD: 2176 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 2177 cp->scan(cp, sp); 2178 break; 2179 case STATE_CLOSING: 2180 case STATE_STOPPING: 2181 if (buf != NULL) { 2182 sp->scp[cp->protoidx].rcr_buf = NULL; 2183 sp->scp[cp->protoidx].rcr_blen = 0; 2184 kmem_free(buf, blen); 2185 } 2186 break; 2187 case STATE_CLOSED: 2188 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2189 if ((cp->flags & CP_AUTH) == 0) { 2190 sppp_cp_send(sp, cp->proto, TERM_ACK, 2191 sp->scp[cp->protoidx].rconfid, 0, 0); 2192 } 2193 break; 2194 default: 2195 printf("%s: %s illegal RCR- in state %s\n", 2196 ifp->if_xname, cp->name, 2197 sppp_state_name(sp->scp[cp->protoidx].state)); 2198 if_statinc(ifp, if_ierrors); 2199 } 2200 } 2201 } 2202 2203 static void 2204 sppp_rca_event(struct sppp *sp, void *xcp) 2205 { 2206 const struct cp *cp = xcp; 2207 STDDCL; 2208 2209 switch (sp->scp[cp->protoidx].state) { 2210 case STATE_CLOSED: 2211 case STATE_STOPPED: 2212 if ((cp->flags & CP_AUTH) == 0) { 2213 sppp_cp_send(sp, cp->proto, TERM_ACK, 2214 sp->scp[cp->protoidx].rconfid, 0, 0); 2215 } 2216 break; 2217 case STATE_CLOSING: 2218 case STATE_STOPPING: 2219 break; 2220 case STATE_REQ_SENT: 2221 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 2222 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 2223 break; 2224 case STATE_OPENED: 2225 (cp->tld)(sp); 2226 /* fall through */ 2227 case STATE_ACK_RCVD: 2228 (cp->scr)(sp); 2229 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2230 break; 2231 case STATE_ACK_SENT: 2232 sppp_cp_change_state(cp, sp, STATE_OPENED); 2233 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 2234 if (debug) 2235 log(LOG_DEBUG, "%s: %s tlu\n", 2236 ifp->if_xname, cp->name); 2237 (cp->tlu)(sp); 2238 break; 2239 default: 2240 printf("%s: %s illegal RCA in state %s\n", 2241 ifp->if_xname, cp->name, 2242 sppp_state_name(sp->scp[cp->protoidx].state)); 2243 if_statinc(ifp, if_ierrors); 2244 } 2245 } 2246 2247 static void 2248 sppp_rcn_event(struct sppp *sp, void *xcp) 2249 { 2250 const struct cp *cp = xcp; 2251 struct ifnet *ifp = &sp->pp_if; 2252 2253 switch (sp->scp[cp->protoidx].state) { 2254 case STATE_CLOSED: 2255 case STATE_STOPPED: 2256 if ((cp->flags & CP_AUTH) == 0) { 2257 sppp_cp_send(sp, cp->proto, TERM_ACK, 2258 sp->scp[cp->protoidx].rconfid, 0, 0); 2259 } 2260 break; 2261 case STATE_REQ_SENT: 2262 case STATE_ACK_SENT: 2263 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 2264 (cp->scr)(sp); 2265 break; 2266 case STATE_OPENED: 2267 (cp->tld)(sp); 2268 /* fall through */ 2269 case STATE_ACK_RCVD: 2270 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2271 (cp->scr)(sp); 2272 break; 2273 case STATE_CLOSING: 2274 case STATE_STOPPING: 2275 break; 2276 default: 2277 printf("%s: %s illegal RCN in state %s\n", 2278 ifp->if_xname, cp->name, 2279 sppp_state_name(sp->scp[cp->protoidx].state)); 2280 if_statinc(ifp, if_ierrors); 2281 } 2282 } 2283 2284 static void 2285 sppp_rtr_event(struct sppp *sp, void *xcp) 2286 { 2287 const struct cp *cp = xcp; 2288 STDDCL; 2289 2290 switch (sp->scp[cp->protoidx].state) { 2291 case STATE_ACK_RCVD: 2292 case STATE_ACK_SENT: 2293 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2294 break; 2295 case STATE_CLOSED: 2296 case STATE_STOPPED: 2297 case STATE_CLOSING: 2298 case STATE_STOPPING: 2299 case STATE_REQ_SENT: 2300 break; 2301 case STATE_OPENED: 2302 (cp->tld)(sp); 2303 sp->scp[cp->protoidx].rst_counter = 0; 2304 sppp_cp_change_state(cp, sp, STATE_STOPPING); 2305 break; 2306 default: 2307 printf("%s: %s illegal RTR in state %s\n", 2308 ifp->if_xname, cp->name, 2309 sppp_state_name(sp->scp[cp->protoidx].state)); 2310 if_statinc(ifp, if_ierrors); 2311 return; 2312 } 2313 2314 /* Send Terminate-Ack packet. */ 2315 if (debug) 2316 log(LOG_DEBUG, "%s: %s send terminate-ack\n", 2317 ifp->if_xname, cp->name); 2318 if ((cp->flags & CP_AUTH) == 0) { 2319 sppp_cp_send(sp, cp->proto, TERM_ACK, 2320 sp->scp[cp->protoidx].rseq, 0, 0); 2321 } 2322 } 2323 2324 static void 2325 sppp_rta_event(struct sppp *sp, void *xcp) 2326 { 2327 const struct cp *cp = xcp; 2328 struct ifnet *ifp = &sp->pp_if; 2329 2330 switch (sp->scp[cp->protoidx].state) { 2331 case STATE_CLOSED: 2332 case STATE_STOPPED: 2333 case STATE_REQ_SENT: 2334 case STATE_ACK_SENT: 2335 break; 2336 case STATE_CLOSING: 2337 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2338 (cp->tlf)(cp, sp); 2339 break; 2340 case STATE_STOPPING: 2341 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2342 (cp->tlf)(cp, sp); 2343 break; 2344 case STATE_ACK_RCVD: 2345 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2346 break; 2347 case STATE_OPENED: 2348 (cp->tld)(sp); 2349 (cp->scr)(sp); 2350 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 2351 break; 2352 default: 2353 printf("%s: %s illegal RTA in state %s\n", 2354 ifp->if_xname, cp->name, 2355 sppp_state_name(sp->scp[cp->protoidx].state)); 2356 if_statinc(ifp, if_ierrors); 2357 } 2358 } 2359 2360 static void 2361 sppp_rxj_event(struct sppp *sp, void *xcp) 2362 { 2363 const struct cp *cp = xcp; 2364 struct ifnet *ifp = &sp->pp_if; 2365 2366 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 2367 switch (sp->scp[cp->protoidx].state) { 2368 case STATE_CLOSED: 2369 case STATE_STOPPED: 2370 case STATE_REQ_SENT: 2371 case STATE_ACK_SENT: 2372 case STATE_CLOSING: 2373 case STATE_STOPPING: 2374 case STATE_OPENED: 2375 break; 2376 case STATE_ACK_RCVD: 2377 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2378 break; 2379 default: 2380 printf("%s: %s illegal RXJ- in state %s\n", 2381 ifp->if_xname, cp->name, 2382 sppp_state_name(sp->scp[cp->protoidx].state)); 2383 if_statinc(ifp, if_ierrors); 2384 } 2385 } 2386 2387 /* 2388 * Change the state of a control protocol in the state automaton. 2389 * Takes care of starting/stopping the restart timer. 2390 */ 2391 void 2392 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2393 { 2394 2395 KASSERT(SPPP_WLOCKED(sp)); 2396 2397 sp->scp[cp->protoidx].state = newstate; 2398 callout_stop(&sp->scp[cp->protoidx].ch); 2399 switch (newstate) { 2400 case STATE_INITIAL: 2401 case STATE_STARTING: 2402 case STATE_CLOSED: 2403 case STATE_STOPPED: 2404 case STATE_OPENED: 2405 break; 2406 case STATE_CLOSING: 2407 case STATE_STOPPING: 2408 case STATE_REQ_SENT: 2409 case STATE_ACK_RCVD: 2410 case STATE_ACK_SENT: 2411 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 2412 break; 2413 } 2414 } 2415 2416 /* 2417 *--------------------------------------------------------------------------* 2418 * * 2419 * The LCP implementation. * 2420 * * 2421 *--------------------------------------------------------------------------* 2422 */ 2423 static void 2424 sppp_lcp_init(struct sppp *sp) 2425 { 2426 2427 KASSERT(SPPP_WLOCKED(sp)); 2428 2429 sppp_cp_init(&lcp, sp); 2430 2431 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2432 sp->lcp.magic = 0; 2433 sp->lcp.protos = 0; 2434 sp->lcp.max_terminate = 2; 2435 sp->lcp.max_configure = 10; 2436 sp->lcp.max_failure = 10; 2437 2438 /* 2439 * Initialize counters and timeout values. Note that we don't 2440 * use the 3 seconds suggested in RFC 1661 since we are likely 2441 * running on a fast link. XXX We should probably implement 2442 * the exponential backoff option. Note that these values are 2443 * relevant for all control protocols, not just LCP only. 2444 */ 2445 sp->lcp.timeout = 1 * hz; 2446 } 2447 2448 static void 2449 sppp_lcp_up(struct sppp *sp, void *xcp) 2450 { 2451 const struct cp *cp = xcp; 2452 int pidx; 2453 STDDCL; 2454 2455 KASSERT(SPPP_WLOCKED(sp)); 2456 2457 pidx = cp->protoidx; 2458 /* Initialize activity timestamp: opening a connection is an activity */ 2459 sp->pp_last_receive = sp->pp_last_activity = time_uptime; 2460 2461 /* 2462 * If this interface is passive or dial-on-demand, and we are 2463 * still in Initial state, it means we've got an incoming 2464 * call. Activate the interface. 2465 */ 2466 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2467 if (debug) 2468 log(LOG_DEBUG, 2469 "%s: Up event", ifp->if_xname); 2470 ifp->if_flags |= IFF_RUNNING; 2471 if (sp->scp[pidx].state == STATE_INITIAL) { 2472 if (debug) 2473 addlog("(incoming call)\n"); 2474 sp->pp_flags |= PP_CALLIN; 2475 sppp_wq_add(sp->wq_cp, &sp->scp[pidx].work_open); 2476 } else if (debug) 2477 addlog("\n"); 2478 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2479 (sp->scp[IDX_LCP].state == STATE_INITIAL)) { 2480 ifp->if_flags |= IFF_RUNNING; 2481 sppp_wq_add(sp->wq_cp, &sp->scp[pidx].work_open); 2482 } 2483 2484 sppp_up_event(sp, xcp); 2485 } 2486 2487 static void 2488 sppp_lcp_down(struct sppp *sp, void *xcp) 2489 { 2490 const struct cp *cp = xcp; 2491 int pidx; 2492 STDDCL; 2493 2494 KASSERT(SPPP_WLOCKED(sp)); 2495 2496 pidx = cp->protoidx; 2497 sppp_down_event(sp, xcp); 2498 2499 /* 2500 * If this is neither a dial-on-demand nor a passive 2501 * interface, simulate an ``ifconfig down'' action, so the 2502 * administrator can force a redial by another ``ifconfig 2503 * up''. XXX For leased line operation, should we immediately 2504 * try to reopen the connection here? 2505 */ 2506 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2507 if (debug) 2508 log(LOG_INFO, 2509 "%s: Down event (carrier loss), taking interface down.\n", 2510 ifp->if_xname); 2511 SPPP_UNLOCK(sp); 2512 if_down(ifp); 2513 SPPP_LOCK(sp, RW_WRITER); 2514 2515 if (sp->lcp.reestablish) 2516 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); 2517 } else { 2518 if (debug) 2519 log(LOG_DEBUG, 2520 "%s: Down event (carrier loss)\n", 2521 ifp->if_xname); 2522 } 2523 sp->scp[pidx].fail_counter = 0; 2524 sp->pp_flags &= ~PP_CALLIN; 2525 if (sp->scp[pidx].state != STATE_INITIAL) 2526 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 2527 ifp->if_flags &= ~IFF_RUNNING; 2528 } 2529 2530 static void 2531 sppp_lcp_open(struct sppp *sp, void *xcp) 2532 { 2533 2534 KASSERT(SPPP_WLOCKED(sp)); 2535 2536 sp->lcp.reestablish = false; 2537 2538 if (sp->pp_if.if_mtu < PP_MTU) { 2539 sp->lcp.mru = sp->pp_if.if_mtu; 2540 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2541 } else 2542 sp->lcp.mru = PP_MTU; 2543 sp->lcp.their_mru = PP_MTU; 2544 2545 /* 2546 * If we are authenticator, negotiate LCP_AUTH 2547 */ 2548 if (sp->hisauth.proto != 0) 2549 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2550 else 2551 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2552 sp->pp_flags &= ~PP_NEEDAUTH; 2553 sppp_open_event(sp, xcp); 2554 } 2555 2556 /* 2557 * Analyze a configure request. Return true if it was agreeable, and 2558 * caused action sca, false if it has been rejected or nak'ed, and 2559 * caused action scn. (The return value is used to make the state 2560 * transition decision in the state automaton.) 2561 */ 2562 static enum cp_rcr_type 2563 sppp_lcp_confreq(struct sppp *sp, struct lcp_header *h, int origlen, 2564 uint8_t **msgbuf, size_t *buflen, size_t *msglen) 2565 { 2566 STDDCL; 2567 u_char *buf, *r, *p, l, blen; 2568 enum cp_rcr_type type; 2569 int len, rlen; 2570 uint32_t nmagic; 2571 u_short authproto; 2572 2573 KASSERT(SPPP_WLOCKED(sp)); 2574 2575 if (origlen < sizeof(*h)) 2576 return CP_RCR_DROP; 2577 2578 origlen -= sizeof(*h); 2579 type = CP_RCR_NONE; 2580 type = 0; 2581 2582 if (origlen <= 0) 2583 return CP_RCR_DROP; 2584 else 2585 blen = origlen; 2586 2587 buf = kmem_intr_alloc(blen, KM_NOSLEEP); 2588 if (buf == NULL) 2589 return CP_RCR_DROP; 2590 2591 if (debug) 2592 log(LOG_DEBUG, "%s: lcp parse opts:", 2593 ifp->if_xname); 2594 2595 /* pass 1: check for things that need to be rejected */ 2596 p = (void *)(h + 1); 2597 r = buf; 2598 rlen = 0; 2599 for (len = origlen; len > 1; len-= l, p += l) { 2600 l = p[1]; 2601 if (l == 0) 2602 break; 2603 2604 /* Sanity check option length */ 2605 if (l > len) { 2606 /* 2607 * Malicious option - drop immediately. 2608 * XXX Maybe we should just RXJ it? 2609 */ 2610 addlog("%s: received malicious LCP option 0x%02x, " 2611 "length 0x%02x, (len: 0x%02x) dropping.\n", ifp->if_xname, 2612 p[0], l, len); 2613 type = CP_RCR_ERR; 2614 goto end; 2615 } 2616 if (debug) 2617 addlog(" %s", sppp_lcp_opt_name(*p)); 2618 switch (p[0]) { 2619 case LCP_OPT_MAGIC: 2620 /* Magic number. */ 2621 /* fall through, both are same length */ 2622 case LCP_OPT_ASYNC_MAP: 2623 /* Async control character map. */ 2624 if (len >= 6 || l == 6) 2625 continue; 2626 if (debug) 2627 addlog(" [invalid]"); 2628 break; 2629 case LCP_OPT_MP_EID: 2630 if (len >= l && l >= 3) { 2631 switch (p[2]) { 2632 case 0: if (l==3+ 0) continue;break; 2633 case 2: if (l==3+ 4) continue;break; 2634 case 3: if (l==3+ 6) continue;break; 2635 case 6: if (l==3+16) continue;break; 2636 case 1: /* FALLTHROUGH */ 2637 case 4: if (l<=3+20) continue;break; 2638 case 5: if (l<=3+15) continue;break; 2639 /* XXX should it be default: continue;? */ 2640 } 2641 } 2642 if (debug) 2643 addlog(" [invalid class %d len %d]", p[2], l); 2644 break; 2645 case LCP_OPT_MP_SSNHF: 2646 if (len >= 2 && l == 2) { 2647 if (debug) 2648 addlog(" [rej]"); 2649 break; 2650 } 2651 if (debug) 2652 addlog(" [invalid]"); 2653 break; 2654 case LCP_OPT_MP_MRRU: 2655 /* Multilink maximum received reconstructed unit */ 2656 /* should be fall through, both are same length */ 2657 /* FALLTHROUGH */ 2658 case LCP_OPT_MRU: 2659 /* Maximum receive unit. */ 2660 if (len >= 4 && l == 4) 2661 continue; 2662 if (debug) 2663 addlog(" [invalid]"); 2664 break; 2665 case LCP_OPT_AUTH_PROTO: 2666 if (len < 4) { 2667 if (debug) 2668 addlog(" [invalid]"); 2669 break; 2670 } 2671 authproto = (p[2] << 8) + p[3]; 2672 if (authproto == PPP_CHAP && l != 5) { 2673 if (debug) 2674 addlog(" [invalid chap len]"); 2675 break; 2676 } 2677 if (sp->myauth.proto == 0) { 2678 /* we are not configured to do auth */ 2679 if (debug) 2680 addlog(" [not configured]"); 2681 break; 2682 } 2683 /* 2684 * Remote want us to authenticate, remember this, 2685 * so we stay in SPPP_PHASE_AUTHENTICATE after LCP got 2686 * up. 2687 */ 2688 sp->pp_flags |= PP_NEEDAUTH; 2689 continue; 2690 default: 2691 /* Others not supported. */ 2692 if (debug) 2693 addlog(" [rej]"); 2694 break; 2695 } 2696 if (rlen + l > blen) { 2697 if (debug) 2698 addlog(" [overflow]"); 2699 continue; 2700 } 2701 /* Add the option to rejected list. */ 2702 memcpy(r, p, l); 2703 r += l; 2704 rlen += l; 2705 } 2706 2707 if (rlen > 0) { 2708 type = CP_RCR_REJ; 2709 goto end; 2710 } 2711 2712 if (debug) 2713 addlog("\n"); 2714 2715 /* 2716 * pass 2: check for option values that are unacceptable and 2717 * thus require to be nak'ed. 2718 */ 2719 if (debug) 2720 log(LOG_DEBUG, "%s: lcp parse opt values: ", 2721 ifp->if_xname); 2722 2723 p = (void *)(h + 1); 2724 r = buf; 2725 rlen = 0; 2726 for (len = origlen; len > 0; len -= l, p += l) { 2727 l = p[1]; 2728 if (l == 0) 2729 break; 2730 2731 if (debug) 2732 addlog(" %s", sppp_lcp_opt_name(*p)); 2733 switch (p[0]) { 2734 case LCP_OPT_MAGIC: 2735 /* Magic number -- extract. */ 2736 nmagic = (uint32_t)p[2] << 24 | 2737 (uint32_t)p[3] << 16 | p[4] << 8 | p[5]; 2738 if (nmagic != sp->lcp.magic) { 2739 if (debug) 2740 addlog(" 0x%x", nmagic); 2741 continue; 2742 } 2743 /* 2744 * Local and remote magics equal -- loopback? 2745 */ 2746 if (sp->pp_loopcnt >= LOOPALIVECNT*5) { 2747 printf ("%s: loopback\n", 2748 ifp->if_xname); 2749 sp->pp_loopcnt = 0; 2750 if (ifp->if_flags & IFF_UP) { 2751 SPPP_UNLOCK(sp); 2752 if_down(ifp); 2753 SPPP_LOCK(sp, RW_WRITER); 2754 2755 IF_PURGE(&sp->pp_cpq); 2756 /* XXX ? */ 2757 sppp_wq_add(sp->wq_cp, 2758 &sp->scp[IDX_LCP].work_down); 2759 sppp_wq_add(sp->wq_cp, 2760 &sp->scp[IDX_LCP].work_up); 2761 } 2762 } else if (debug) 2763 addlog(" [glitch]"); 2764 ++sp->pp_loopcnt; 2765 /* 2766 * We negate our magic here, and NAK it. If 2767 * we see it later in an NAK packet, we 2768 * suggest a new one. 2769 */ 2770 nmagic = ~sp->lcp.magic; 2771 /* Gonna NAK it. */ 2772 p[2] = nmagic >> 24; 2773 p[3] = nmagic >> 16; 2774 p[4] = nmagic >> 8; 2775 p[5] = nmagic; 2776 break; 2777 2778 case LCP_OPT_ASYNC_MAP: 2779 /* 2780 * Async control character map -- just ignore it. 2781 * 2782 * Quote from RFC 1662, chapter 6: 2783 * To enable this functionality, synchronous PPP 2784 * implementations MUST always respond to the 2785 * Async-Control-Character-Map Configuration 2786 * Option with the LCP Configure-Ack. However, 2787 * acceptance of the Configuration Option does 2788 * not imply that the synchronous implementation 2789 * will do any ACCM mapping. Instead, all such 2790 * octet mapping will be performed by the 2791 * asynchronous-to-synchronous converter. 2792 */ 2793 continue; 2794 2795 case LCP_OPT_MRU: 2796 /* 2797 * Maximum receive unit. Always agreeable, 2798 * but ignored by now. 2799 */ 2800 sp->lcp.their_mru = p[2] * 256 + p[3]; 2801 if (debug) 2802 addlog(" %ld", sp->lcp.their_mru); 2803 continue; 2804 2805 case LCP_OPT_AUTH_PROTO: 2806 authproto = (p[2] << 8) + p[3]; 2807 if (sp->myauth.proto != authproto) { 2808 /* not agreed, nak */ 2809 if (debug) 2810 addlog(" [mine %s != his %s]", 2811 sppp_proto_name(sp->myauth.proto), 2812 sppp_proto_name(authproto)); 2813 p[2] = sp->myauth.proto >> 8; 2814 p[3] = sp->myauth.proto; 2815 break; 2816 } 2817 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2818 if (debug) 2819 addlog(" [chap not MD5]"); 2820 p[4] = CHAP_MD5; 2821 break; 2822 } 2823 continue; 2824 case LCP_OPT_MP_EID: 2825 /* 2826 * Endpoint identification. 2827 * Always agreeable, 2828 * but ignored by now. 2829 */ 2830 if (debug) { 2831 addlog(" type %d", p[2]); 2832 sppp_print_bytes(p+3, p[1]-3); 2833 } 2834 continue; 2835 case LCP_OPT_MP_MRRU: 2836 /* 2837 * Maximum received reconstructed unit. 2838 * Always agreeable, 2839 * but ignored by now. 2840 */ 2841 sp->lcp.their_mrru = p[2] * 256 + p[3]; 2842 if (debug) 2843 addlog(" %ld", sp->lcp.their_mrru); 2844 continue; 2845 } 2846 if (rlen + l > blen) { 2847 if (debug) 2848 addlog(" [overflow]"); 2849 continue; 2850 } 2851 /* Add the option to nak'ed list. */ 2852 memcpy(r, p, l); 2853 r += l; 2854 rlen += l; 2855 } 2856 2857 if (rlen > 0) { 2858 if (++sp->scp[IDX_LCP].fail_counter >= sp->lcp.max_failure) { 2859 if (debug) 2860 addlog(" max_failure (%d) exceeded, ", 2861 sp->lcp.max_failure); 2862 type = CP_RCR_REJ; 2863 } else { 2864 type = CP_RCR_NAK; 2865 } 2866 } else { 2867 type = CP_RCR_ACK; 2868 rlen = origlen; 2869 memcpy(r, h + 1, rlen); 2870 sp->scp[IDX_LCP].fail_counter = 0; 2871 sp->pp_loopcnt = 0; 2872 } 2873 2874 end: 2875 if (debug) 2876 addlog("\n"); 2877 2878 if (type == CP_RCR_ERR || type == CP_RCR_DROP) { 2879 if (buf != NULL) 2880 kmem_intr_free(buf, blen); 2881 } else { 2882 *msgbuf = buf; 2883 *buflen = blen; 2884 *msglen = rlen; 2885 } 2886 2887 return type; 2888 } 2889 2890 /* 2891 * Analyze the LCP Configure-Reject option list, and adjust our 2892 * negotiation. 2893 */ 2894 static void 2895 sppp_lcp_confrej(struct sppp *sp, struct lcp_header *h, int len) 2896 { 2897 STDDCL; 2898 u_char *p, l; 2899 2900 KASSERT(SPPP_WLOCKED(sp)); 2901 2902 if (len <= sizeof(*h)) 2903 return; 2904 2905 len -= sizeof(*h); 2906 2907 if (debug) 2908 log(LOG_DEBUG, "%s: lcp rej opts:", 2909 ifp->if_xname); 2910 2911 p = (void *)(h + 1); 2912 for (; len > 1 && (l = p[1]) != 0; len -= l, p += l) { 2913 /* Sanity check option length */ 2914 if (l > len) { 2915 /* 2916 * Malicious option - drop immediately. 2917 * XXX Maybe we should just RXJ it? 2918 */ 2919 addlog("%s: received malicious LCP option, " 2920 "dropping.\n", ifp->if_xname); 2921 goto end; 2922 } 2923 if (debug) 2924 addlog(" %s", sppp_lcp_opt_name(*p)); 2925 switch (p[0]) { 2926 case LCP_OPT_MAGIC: 2927 /* Magic number -- can't use it, use 0 */ 2928 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2929 sp->lcp.magic = 0; 2930 break; 2931 case LCP_OPT_MRU: 2932 /* 2933 * We try to negotiate a lower MRU if the underlying 2934 * link's MTU is less than PP_MTU (e.g. PPPoE). If the 2935 * peer rejects this lower rate, fallback to the 2936 * default. 2937 */ 2938 if (debug) { 2939 addlog("%s: warning: peer rejected our MRU of " 2940 "%ld bytes. Defaulting to %d bytes\n", 2941 ifp->if_xname, sp->lcp.mru, PP_MTU); 2942 } 2943 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2944 sp->lcp.mru = PP_MTU; 2945 break; 2946 case LCP_OPT_AUTH_PROTO: 2947 /* 2948 * Peer doesn't want to authenticate himself, 2949 * deny unless this is a dialout call, and 2950 * SPPP_AUTHFLAG_NOCALLOUT is set. 2951 */ 2952 if ((sp->pp_flags & PP_CALLIN) == 0 && 2953 (sp->hisauth.flags & SPPP_AUTHFLAG_NOCALLOUT) != 0) { 2954 if (debug) 2955 addlog(" [don't insist on auth " 2956 "for callout]"); 2957 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2958 break; 2959 } 2960 if (debug) 2961 addlog("[access denied]\n"); 2962 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 2963 break; 2964 } 2965 } 2966 if (debug) 2967 addlog("\n"); 2968 end: 2969 return; 2970 } 2971 2972 /* 2973 * Analyze the LCP Configure-NAK option list, and adjust our 2974 * negotiation. 2975 */ 2976 static void 2977 sppp_lcp_confnak(struct sppp *sp, struct lcp_header *h, int len) 2978 { 2979 STDDCL; 2980 u_char *p, l; 2981 uint32_t magic; 2982 2983 KASSERT(SPPP_WLOCKED(sp)); 2984 2985 if (len <= sizeof(*h)) 2986 return; 2987 len -= sizeof(*h); 2988 2989 if (debug) 2990 log(LOG_DEBUG, "%s: lcp nak opts:", 2991 ifp->if_xname); 2992 2993 p = (void *)(h + 1); 2994 for (; len > 1 && (l = p[1]) != 0; len -= l, p += l) { 2995 /* Sanity check option length */ 2996 if (l > len) { 2997 /* 2998 * Malicious option - drop immediately. 2999 * XXX Maybe we should just RXJ it? 3000 */ 3001 addlog("%s: received malicious LCP option, " 3002 "dropping.\n", ifp->if_xname); 3003 goto end; 3004 } 3005 if (debug) 3006 addlog(" %s", sppp_lcp_opt_name(*p)); 3007 switch (p[0]) { 3008 case LCP_OPT_MAGIC: 3009 /* Magic number -- renegotiate */ 3010 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 3011 len >= 6 && l == 6) { 3012 magic = (uint32_t)p[2] << 24 | 3013 (uint32_t)p[3] << 16 | p[4] << 8 | p[5]; 3014 /* 3015 * If the remote magic is our negated one, 3016 * this looks like a loopback problem. 3017 * Suggest a new magic to make sure. 3018 */ 3019 if (magic == ~sp->lcp.magic) { 3020 if (debug) 3021 addlog(" magic glitch"); 3022 sp->lcp.magic = cprng_fast32(); 3023 } else { 3024 sp->lcp.magic = magic; 3025 if (debug) 3026 addlog(" %d", magic); 3027 } 3028 } 3029 break; 3030 case LCP_OPT_MRU: 3031 /* 3032 * Peer wants to advise us to negotiate an MRU. 3033 * Agree on it if it's reasonable, or use 3034 * default otherwise. 3035 */ 3036 if (len >= 4 && l == 4) { 3037 u_int mru = p[2] * 256 + p[3]; 3038 if (debug) 3039 addlog(" %d", mru); 3040 if (mru < PPP_MINMRU || mru > sp->pp_if.if_mtu) 3041 mru = sp->pp_if.if_mtu; 3042 sp->lcp.mru = mru; 3043 sp->lcp.opts |= (1 << LCP_OPT_MRU); 3044 } 3045 break; 3046 case LCP_OPT_AUTH_PROTO: 3047 /* 3048 * Peer doesn't like our authentication method, 3049 * deny. 3050 */ 3051 if (debug) 3052 addlog("[access denied]\n"); 3053 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 3054 break; 3055 } 3056 } 3057 if (debug) 3058 addlog("\n"); 3059 end: 3060 return; 3061 } 3062 3063 static void 3064 sppp_lcp_tlu(struct sppp *sp) 3065 { 3066 struct ifnet *ifp = &sp->pp_if; 3067 int i; 3068 3069 KASSERT(SPPP_WLOCKED(sp)); 3070 3071 /* XXX ? */ 3072 if (! (ifp->if_flags & IFF_UP) && 3073 (ifp->if_flags & IFF_RUNNING)) { 3074 /* Coming out of loopback mode. */ 3075 SPPP_UNLOCK(sp); 3076 if_up(ifp); 3077 SPPP_LOCK(sp, RW_WRITER); 3078 } 3079 3080 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 3081 (sp->pp_flags & PP_NEEDAUTH) != 0) 3082 sppp_change_phase(sp, SPPP_PHASE_AUTHENTICATE); 3083 else 3084 sppp_change_phase(sp, SPPP_PHASE_NETWORK); 3085 3086 /* 3087 * Open all authentication protocols. This is even required 3088 * if we already proceeded to network phase, since it might be 3089 * that remote wants us to authenticate, so we might have to 3090 * send a PAP request. Undesired authentication protocols 3091 * don't do anything when they get an Open event. 3092 */ 3093 for (i = 0; i < IDX_COUNT; i++) 3094 if ((cps[i])->flags & CP_AUTH) { 3095 sppp_wq_add(sp->wq_cp, 3096 &sp->scp[(cps[i])->protoidx].work_open); 3097 } 3098 3099 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 3100 /* Notify all NCPs. */ 3101 for (i = 0; i < IDX_COUNT; i++) 3102 if ((cps[i])->flags & CP_NCP) { 3103 sppp_wq_add(sp->wq_cp, 3104 &sp->scp[(cps[i])->protoidx].work_open); 3105 } 3106 } 3107 3108 /* notify low-level driver of state change */ 3109 sppp_notify_chg_wlocked(sp); 3110 } 3111 3112 static void 3113 sppp_lcp_tld(struct sppp *sp) 3114 { 3115 int i, pi, phase; 3116 3117 KASSERT(SPPP_WLOCKED(sp)); 3118 3119 phase = sp->pp_phase; 3120 3121 sppp_change_phase(sp, SPPP_PHASE_TERMINATE); 3122 3123 /* 3124 * Take upper layers down. We send the Down event first and 3125 * the Close second to prevent the upper layers from sending 3126 * ``a flurry of terminate-request packets'', as the RFC 3127 * describes it. 3128 */ 3129 for (i = 0; i < IDX_COUNT; i++) { 3130 pi = (cps[i])->protoidx; 3131 if (((cps[i])->flags & CP_LCP) == 0) { 3132 /* skip if ncp was not started */ 3133 if (phase != SPPP_PHASE_NETWORK && 3134 ((cps[i])->flags & CP_NCP) != 0) 3135 continue; 3136 3137 sppp_wq_add(sp->wq_cp, &sp->scp[pi].work_down); 3138 sppp_wq_add(sp->wq_cp, &sp->scp[pi].work_close); 3139 } 3140 } 3141 } 3142 3143 static void 3144 sppp_lcp_tls(const struct cp *cp __unused, struct sppp *sp) 3145 { 3146 3147 KASSERT(SPPP_WLOCKED(sp)); 3148 3149 if (sp->pp_max_auth_fail != 0 && sp->pp_auth_failures >= sp->pp_max_auth_fail) { 3150 printf("%s: authentication failed %d times, not retrying again\n", 3151 sp->pp_if.if_xname, sp->pp_auth_failures); 3152 3153 SPPP_UNLOCK(sp); 3154 if_down(&sp->pp_if); 3155 SPPP_LOCK(sp, RW_WRITER); 3156 return; 3157 } 3158 3159 sppp_change_phase(sp, SPPP_PHASE_ESTABLISH); 3160 3161 /* Notify lower layer if desired. */ 3162 sppp_notify_tls_wlocked(sp); 3163 } 3164 3165 static void 3166 sppp_lcp_tlf(const struct cp *cp __unused, struct sppp *sp) 3167 { 3168 3169 KASSERT(SPPP_WLOCKED(sp)); 3170 3171 sppp_change_phase(sp, SPPP_PHASE_DEAD); 3172 3173 /* Notify lower layer if desired. */ 3174 sppp_notify_tlf_wlocked(sp); 3175 } 3176 3177 static void 3178 sppp_lcp_scr(struct sppp *sp) 3179 { 3180 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 3181 int i = 0; 3182 u_short authproto; 3183 3184 KASSERT(SPPP_WLOCKED(sp)); 3185 3186 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 3187 if (! sp->lcp.magic) 3188 sp->lcp.magic = cprng_fast32(); 3189 opt[i++] = LCP_OPT_MAGIC; 3190 opt[i++] = 6; 3191 opt[i++] = sp->lcp.magic >> 24; 3192 opt[i++] = sp->lcp.magic >> 16; 3193 opt[i++] = sp->lcp.magic >> 8; 3194 opt[i++] = sp->lcp.magic; 3195 } 3196 3197 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 3198 opt[i++] = LCP_OPT_MRU; 3199 opt[i++] = 4; 3200 opt[i++] = sp->lcp.mru >> 8; 3201 opt[i++] = sp->lcp.mru; 3202 } 3203 3204 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 3205 authproto = sp->hisauth.proto; 3206 opt[i++] = LCP_OPT_AUTH_PROTO; 3207 opt[i++] = authproto == PPP_CHAP? 5: 4; 3208 opt[i++] = authproto >> 8; 3209 opt[i++] = authproto; 3210 if (authproto == PPP_CHAP) 3211 opt[i++] = CHAP_MD5; 3212 } 3213 3214 sp->scp[IDX_LCP].confid = ++sp->scp[IDX_LCP].seq; 3215 sppp_cp_send(sp, PPP_LCP, CONF_REQ, sp->scp[IDX_LCP].confid, i, &opt); 3216 } 3217 3218 /* 3219 * Check the open NCPs, return true if at least one NCP is open. 3220 */ 3221 3222 static int 3223 sppp_cp_check(struct sppp *sp, u_char cp_flags) 3224 { 3225 int i, mask; 3226 3227 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 3228 if ((sp->lcp.protos & mask) && (cps[i])->flags & cp_flags) 3229 return 1; 3230 return 0; 3231 } 3232 3233 /* 3234 * Re-check the open NCPs and see if we should terminate the link. 3235 * Called by the NCPs during their tlf action handling. 3236 */ 3237 static void 3238 sppp_lcp_check_and_close(struct sppp *sp) 3239 { 3240 3241 KASSERT(SPPP_WLOCKED(sp)); 3242 3243 if (sp->pp_phase < SPPP_PHASE_AUTHENTICATE) { 3244 /* don't bother, we are already going down */ 3245 return; 3246 } 3247 3248 if (sp->pp_phase == SPPP_PHASE_AUTHENTICATE && 3249 sppp_cp_check(sp, CP_AUTH)) 3250 return; 3251 3252 if (sp->pp_phase >= SPPP_PHASE_NETWORK && 3253 sppp_cp_check(sp, CP_NCP)) 3254 return; 3255 3256 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 3257 } 3258 3259 /* 3260 *--------------------------------------------------------------------------* 3261 * * 3262 * The IPCP implementation. * 3263 * * 3264 *--------------------------------------------------------------------------* 3265 */ 3266 3267 static void 3268 sppp_ipcp_init(struct sppp *sp) 3269 { 3270 int error; 3271 3272 KASSERT(SPPP_WLOCKED(sp)); 3273 3274 sppp_cp_init(&ipcp, sp); 3275 3276 sp->ipcp.opts = 0; 3277 sp->ipcp.flags = 0; 3278 3279 error = workqueue_create(&sp->ipcp.update_addrs_wq, "ipcp_addr", 3280 sppp_update_ip_addrs_work, sp, PRI_SOFTNET, IPL_NET, 0); 3281 if (error) 3282 panic("%s: update_addrs workqueue_create failed (%d)\n", 3283 __func__, error); 3284 sp->ipcp.update_addrs_q = pcq_create(IPCP_UPDATE_LIMIT, KM_SLEEP); 3285 3286 sp->ipcp.update_addrs_enqueued = 0; 3287 } 3288 3289 static void 3290 sppp_ipcp_open(struct sppp *sp, void *xcp) 3291 { 3292 STDDCL; 3293 uint32_t myaddr, hisaddr; 3294 3295 KASSERT(SPPP_WLOCKED(sp)); 3296 3297 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN|IPCP_HISADDR_DYN); 3298 sp->ipcp.req_myaddr = 0; 3299 sp->ipcp.req_hisaddr = 0; 3300 memset(&sp->dns_addrs, 0, sizeof sp->dns_addrs); 3301 3302 #ifdef INET 3303 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 3304 #else 3305 myaddr = hisaddr = 0; 3306 #endif 3307 /* 3308 * If we don't have his address, this probably means our 3309 * interface doesn't want to talk IP at all. (This could 3310 * be the case if somebody wants to speak only IPX, for 3311 * example.) Don't open IPCP in this case. 3312 */ 3313 if (hisaddr == 0) { 3314 /* XXX this message should go away */ 3315 if (debug) 3316 log(LOG_DEBUG, "%s: ipcp_open(): no IP interface\n", 3317 ifp->if_xname); 3318 return; 3319 } 3320 3321 if (myaddr == 0) { 3322 /* 3323 * I don't have an assigned address, so i need to 3324 * negotiate my address. 3325 */ 3326 sp->ipcp.flags |= IPCP_MYADDR_DYN; 3327 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3328 } 3329 if (hisaddr == 1) { 3330 /* 3331 * XXX - remove this hack! 3332 * remote has no valid address, we need to get one assigned. 3333 */ 3334 sp->ipcp.flags |= IPCP_HISADDR_DYN; 3335 } 3336 sppp_open_event(sp, xcp); 3337 } 3338 3339 static void 3340 sppp_ipcp_close(struct sppp *sp, void *xcp) 3341 { 3342 3343 KASSERT(SPPP_WLOCKED(sp)); 3344 3345 sppp_close_event(sp, xcp); 3346 3347 #ifdef INET 3348 if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN)) 3349 /* 3350 * Some address was dynamic, clear it again. 3351 */ 3352 sppp_clear_ip_addrs(sp); 3353 #endif 3354 } 3355 3356 /* 3357 * Analyze a configure request. Return true if it was agreeable, and 3358 * caused action sca, false if it has been rejected or nak'ed, and 3359 * caused action scn. (The return value is used to make the state 3360 * transition decision in the state automaton.) 3361 */ 3362 static enum cp_rcr_type 3363 sppp_ipcp_confreq(struct sppp *sp, struct lcp_header *h, int origlen, 3364 uint8_t **msgbuf, size_t *buflen, size_t *msglen) 3365 { 3366 u_char *buf, *r, *p, l, blen; 3367 enum cp_rcr_type type; 3368 struct ifnet *ifp = &sp->pp_if; 3369 int rlen, len, debug = ifp->if_flags & IFF_DEBUG; 3370 uint32_t hisaddr, desiredaddr; 3371 3372 KASSERT(SPPP_WLOCKED(sp)); 3373 3374 type = CP_RCR_NONE; 3375 origlen -= sizeof(*h); 3376 3377 if (origlen < 0) 3378 return CP_RCR_DROP; 3379 3380 /* 3381 * Make sure to allocate a buf that can at least hold a 3382 * conf-nak with an `address' option. We might need it below. 3383 */ 3384 blen = MAX(6, origlen); 3385 3386 buf = kmem_intr_alloc(blen, KM_NOSLEEP); 3387 if (buf == NULL) 3388 return CP_RCR_DROP; 3389 3390 /* pass 1: see if we can recognize them */ 3391 if (debug) 3392 log(LOG_DEBUG, "%s: ipcp parse opts:", 3393 ifp->if_xname); 3394 p = (void *)(h + 1); 3395 r = buf; 3396 rlen = 0; 3397 for (len = origlen; len > 1; len -= l, p += l) { 3398 l = p[1]; 3399 if (l == 0) 3400 break; 3401 3402 /* Sanity check option length */ 3403 if (l > len) { 3404 /* XXX should we just RXJ? */ 3405 addlog("%s: malicious IPCP option received, dropping\n", 3406 ifp->if_xname); 3407 type = CP_RCR_ERR; 3408 goto end; 3409 } 3410 if (debug) 3411 addlog(" %s", sppp_ipcp_opt_name(*p)); 3412 switch (p[0]) { 3413 #ifdef notyet 3414 case IPCP_OPT_COMPRESSION: 3415 if (len >= 6 && l >= 6) { 3416 /* correctly formed compress option */ 3417 continue; 3418 } 3419 if (debug) 3420 addlog(" [invalid]"); 3421 break; 3422 #endif 3423 case IPCP_OPT_ADDRESS: 3424 if (len >= 6 && l == 6) { 3425 /* correctly formed address option */ 3426 continue; 3427 } 3428 if (debug) 3429 addlog(" [invalid]"); 3430 break; 3431 default: 3432 /* Others not supported. */ 3433 if (debug) 3434 addlog(" [rej]"); 3435 break; 3436 } 3437 /* Add the option to rejected list. */ 3438 if (rlen + l > blen) { 3439 if (debug) 3440 addlog(" [overflow]"); 3441 continue; 3442 } 3443 memcpy(r, p, l); 3444 r += l; 3445 rlen += l; 3446 } 3447 3448 if (rlen > 0) { 3449 type = CP_RCR_REJ; 3450 goto end; 3451 } 3452 3453 if (debug) 3454 addlog("\n"); 3455 3456 /* pass 2: parse option values */ 3457 if (sp->ipcp.flags & IPCP_HISADDR_SEEN) 3458 hisaddr = sp->ipcp.req_hisaddr; /* we already aggreed on that */ 3459 else 3460 #ifdef INET 3461 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */ 3462 #else 3463 hisaddr = 0; 3464 #endif 3465 if (debug) 3466 log(LOG_DEBUG, "%s: ipcp parse opt values: ", 3467 ifp->if_xname); 3468 p = (void *)(h + 1); 3469 r = buf; 3470 rlen = 0; 3471 for (len = origlen; len > 1; len -= l, p += l) { 3472 l = p[1]; 3473 if (l == 0) 3474 break; 3475 3476 if (debug) 3477 addlog(" %s", sppp_ipcp_opt_name(*p)); 3478 switch (p[0]) { 3479 #ifdef notyet 3480 case IPCP_OPT_COMPRESSION: 3481 continue; 3482 #endif 3483 case IPCP_OPT_ADDRESS: 3484 desiredaddr = p[2] << 24 | p[3] << 16 | 3485 p[4] << 8 | p[5]; 3486 if (desiredaddr == hisaddr || 3487 ((sp->ipcp.flags & IPCP_HISADDR_DYN) && desiredaddr != 0)) { 3488 /* 3489 * Peer's address is same as our value, 3490 * this is agreeable. Gonna conf-ack 3491 * it. 3492 */ 3493 if (debug) 3494 addlog(" %s [ack]", 3495 sppp_dotted_quad(hisaddr)); 3496 /* record that we've seen it already */ 3497 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 3498 sp->ipcp.req_hisaddr = desiredaddr; 3499 hisaddr = desiredaddr; 3500 continue; 3501 } 3502 /* 3503 * The address wasn't agreeable. This is either 3504 * he sent us 0.0.0.0, asking to assign him an 3505 * address, or he send us another address not 3506 * matching our value. Either case, we gonna 3507 * conf-nak it with our value. 3508 */ 3509 if (debug) { 3510 if (desiredaddr == 0) 3511 addlog(" [addr requested]"); 3512 else 3513 addlog(" %s [not agreed]", 3514 sppp_dotted_quad(desiredaddr)); 3515 } 3516 3517 p[2] = hisaddr >> 24; 3518 p[3] = hisaddr >> 16; 3519 p[4] = hisaddr >> 8; 3520 p[5] = hisaddr; 3521 break; 3522 } 3523 if (rlen + l > blen) { 3524 if (debug) 3525 addlog(" [overflow]"); 3526 continue; 3527 } 3528 /* Add the option to nak'ed list. */ 3529 memcpy(r, p, l); 3530 r += l; 3531 rlen += l; 3532 } 3533 3534 if (rlen > 0) { 3535 type = CP_RCR_NAK; 3536 } else { 3537 if ((sp->ipcp.flags & IPCP_HISADDR_SEEN) == 0) { 3538 /* 3539 * If we are about to conf-ack the request, but haven't seen 3540 * his address so far, gonna conf-nak it instead, with the 3541 * `address' option present and our idea of his address being 3542 * filled in there, to request negotiation of both addresses. 3543 * 3544 * XXX This can result in an endless req - nak loop if peer 3545 * doesn't want to send us his address. Q: What should we do 3546 * about it? XXX A: implement the max-failure counter. 3547 */ 3548 buf[0] = IPCP_OPT_ADDRESS; 3549 buf[1] = 6; 3550 buf[2] = hisaddr >> 24; 3551 buf[3] = hisaddr >> 16; 3552 buf[4] = hisaddr >> 8; 3553 buf[5] = hisaddr; 3554 rlen = 6; 3555 if (debug) 3556 addlog(" still need hisaddr"); 3557 type = CP_RCR_NAK; 3558 } else { 3559 type = CP_RCR_ACK; 3560 rlen = origlen; 3561 memcpy(r, h + 1, rlen); 3562 } 3563 } 3564 3565 end: 3566 if (debug) 3567 addlog("\n"); 3568 3569 if (type == CP_RCR_ERR || type == CP_RCR_DROP) { 3570 if (buf != NULL) 3571 kmem_intr_free(buf, blen); 3572 } else { 3573 *msgbuf = buf; 3574 *buflen = blen; 3575 *msglen = rlen; 3576 } 3577 3578 return type; 3579 } 3580 3581 /* 3582 * Analyze the IPCP Configure-Reject option list, and adjust our 3583 * negotiation. 3584 */ 3585 static void 3586 sppp_ipcp_confrej(struct sppp *sp, struct lcp_header *h, int len) 3587 { 3588 u_char *p, l; 3589 struct ifnet *ifp = &sp->pp_if; 3590 int debug = ifp->if_flags & IFF_DEBUG; 3591 3592 KASSERT(SPPP_WLOCKED(sp)); 3593 3594 if (len <= sizeof(*h)) 3595 return; 3596 3597 len -= sizeof(*h); 3598 3599 if (debug) 3600 log(LOG_DEBUG, "%s: ipcp rej opts:", 3601 ifp->if_xname); 3602 3603 p = (void *)(h + 1); 3604 for (; len > 1; len -= l, p += l) { 3605 l = p[1]; 3606 if (l == 0) 3607 break; 3608 3609 /* Sanity check option length */ 3610 if (l > len) { 3611 /* XXX should we just RXJ? */ 3612 addlog("%s: malicious IPCP option received, dropping\n", 3613 ifp->if_xname); 3614 goto end; 3615 } 3616 if (debug) 3617 addlog(" %s", sppp_ipcp_opt_name(*p)); 3618 switch (p[0]) { 3619 case IPCP_OPT_ADDRESS: 3620 /* 3621 * Peer doesn't grok address option. This is 3622 * bad. XXX Should we better give up here? 3623 */ 3624 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3625 break; 3626 #ifdef notyet 3627 case IPCP_OPT_COMPRESS: 3628 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS); 3629 break; 3630 #endif 3631 } 3632 } 3633 if (debug) 3634 addlog("\n"); 3635 end: 3636 return; 3637 } 3638 3639 /* 3640 * Analyze the IPCP Configure-NAK option list, and adjust our 3641 * negotiation. 3642 */ 3643 static void 3644 sppp_ipcp_confnak(struct sppp *sp, struct lcp_header *h, int len) 3645 { 3646 u_char *p, l; 3647 struct ifnet *ifp = &sp->pp_if; 3648 int debug = ifp->if_flags & IFF_DEBUG; 3649 uint32_t wantaddr; 3650 3651 KASSERT(SPPP_WLOCKED(sp)); 3652 3653 len -= sizeof(*h); 3654 3655 if (debug) 3656 log(LOG_DEBUG, "%s: ipcp nak opts:", 3657 ifp->if_xname); 3658 3659 p = (void *)(h + 1); 3660 for (; len > 1; len -= l, p += l) { 3661 l = p[1]; 3662 if (l == 0) 3663 break; 3664 3665 /* Sanity check option length */ 3666 if (l > len) { 3667 /* XXX should we just RXJ? */ 3668 addlog("%s: malicious IPCP option received, dropping\n", 3669 ifp->if_xname); 3670 return; 3671 } 3672 if (debug) 3673 addlog(" %s", sppp_ipcp_opt_name(*p)); 3674 switch (*p) { 3675 case IPCP_OPT_ADDRESS: 3676 /* 3677 * Peer doesn't like our local IP address. See 3678 * if we can do something for him. We'll drop 3679 * him our address then. 3680 */ 3681 if (len >= 6 && l == 6) { 3682 wantaddr = p[2] << 24 | p[3] << 16 | 3683 p[4] << 8 | p[5]; 3684 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3685 if (debug) 3686 addlog(" [wantaddr %s]", 3687 sppp_dotted_quad(wantaddr)); 3688 /* 3689 * When doing dynamic address assignment, 3690 * we accept his offer. Otherwise, we 3691 * ignore it and thus continue to negotiate 3692 * our already existing value. 3693 */ 3694 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3695 if (debug) 3696 addlog(" [agree]"); 3697 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3698 sp->ipcp.req_myaddr = wantaddr; 3699 } 3700 } 3701 break; 3702 3703 case IPCP_OPT_PRIMDNS: 3704 if (len >= 6 && l == 6) { 3705 sp->dns_addrs[0] = p[2] << 24 | p[3] << 16 | 3706 p[4] << 8 | p[5]; 3707 } 3708 break; 3709 3710 case IPCP_OPT_SECDNS: 3711 if (len >= 6 && l == 6) { 3712 sp->dns_addrs[1] = p[2] << 24 | p[3] << 16 | 3713 p[4] << 8 | p[5]; 3714 } 3715 break; 3716 #ifdef notyet 3717 case IPCP_OPT_COMPRESS: 3718 /* 3719 * Peer wants different compression parameters. 3720 */ 3721 break; 3722 #endif 3723 } 3724 } 3725 if (debug) 3726 addlog("\n"); 3727 } 3728 3729 static void 3730 sppp_ipcp_tlu(struct sppp *sp) 3731 { 3732 #ifdef INET 3733 KASSERT(SPPP_WLOCKED(sp)); 3734 /* we are up. Set addresses and notify anyone interested */ 3735 sppp_set_ip_addrs(sp); 3736 #endif 3737 } 3738 3739 static void 3740 sppp_ipcp_scr(struct sppp *sp) 3741 { 3742 uint8_t opt[6 /* compression */ + 6 /* address */ + 12 /* dns addresses */]; 3743 #ifdef INET 3744 uint32_t ouraddr; 3745 #endif 3746 int i = 0; 3747 3748 KASSERT(SPPP_WLOCKED(sp)); 3749 3750 #ifdef notyet 3751 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3752 opt[i++] = IPCP_OPT_COMPRESSION; 3753 opt[i++] = 6; 3754 opt[i++] = 0; /* VJ header compression */ 3755 opt[i++] = 0x2d; /* VJ header compression */ 3756 opt[i++] = max_slot_id; 3757 opt[i++] = comp_slot_id; 3758 } 3759 #endif 3760 3761 #ifdef INET 3762 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3763 if (sp->ipcp.flags & IPCP_MYADDR_SEEN) 3764 ouraddr = sp->ipcp.req_myaddr; /* not sure if this can ever happen */ 3765 else 3766 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3767 opt[i++] = IPCP_OPT_ADDRESS; 3768 opt[i++] = 6; 3769 opt[i++] = ouraddr >> 24; 3770 opt[i++] = ouraddr >> 16; 3771 opt[i++] = ouraddr >> 8; 3772 opt[i++] = ouraddr; 3773 } 3774 #endif 3775 3776 if (sp->query_dns & 1) { 3777 opt[i++] = IPCP_OPT_PRIMDNS; 3778 opt[i++] = 6; 3779 opt[i++] = sp->dns_addrs[0] >> 24; 3780 opt[i++] = sp->dns_addrs[0] >> 16; 3781 opt[i++] = sp->dns_addrs[0] >> 8; 3782 opt[i++] = sp->dns_addrs[0]; 3783 } 3784 if (sp->query_dns & 2) { 3785 opt[i++] = IPCP_OPT_SECDNS; 3786 opt[i++] = 6; 3787 opt[i++] = sp->dns_addrs[1] >> 24; 3788 opt[i++] = sp->dns_addrs[1] >> 16; 3789 opt[i++] = sp->dns_addrs[1] >> 8; 3790 opt[i++] = sp->dns_addrs[1]; 3791 } 3792 3793 sp->scp[IDX_IPCP].confid = ++sp->scp[IDX_IPCP].seq; 3794 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->scp[IDX_IPCP].confid, i, &opt); 3795 } 3796 3797 /* 3798 *--------------------------------------------------------------------------* 3799 * * 3800 * The IPv6CP implementation. * 3801 * * 3802 *--------------------------------------------------------------------------* 3803 */ 3804 3805 #ifdef INET6 3806 static void 3807 sppp_ipv6cp_init(struct sppp *sp) 3808 { 3809 3810 KASSERT(SPPP_WLOCKED(sp)); 3811 3812 sppp_cp_init(&ipv6cp, sp); 3813 3814 sp->ipv6cp.opts = 0; 3815 sp->ipv6cp.flags = 0; 3816 } 3817 3818 static void 3819 sppp_ipv6cp_open(struct sppp *sp, void *xcp) 3820 { 3821 STDDCL; 3822 struct in6_addr myaddr, hisaddr; 3823 3824 KASSERT(SPPP_WLOCKED(sp)); 3825 3826 #ifdef IPV6CP_MYIFID_DYN 3827 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3828 #else 3829 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3830 #endif 3831 3832 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3833 /* 3834 * If we don't have our address, this probably means our 3835 * interface doesn't want to talk IPv6 at all. (This could 3836 * be the case if somebody wants to speak only IPX, for 3837 * example.) Don't open IPv6CP in this case. 3838 */ 3839 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3840 /* XXX this message should go away */ 3841 if (debug) 3842 log(LOG_DEBUG, "%s: ipv6cp_open(): no IPv6 interface\n", 3843 ifp->if_xname); 3844 return; 3845 } 3846 3847 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3848 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3849 sppp_open_event(sp, xcp); 3850 } 3851 3852 /* 3853 * Analyze a configure request. Return true if it was agreeable, and 3854 * caused action sca, false if it has been rejected or nak'ed, and 3855 * caused action scn. (The return value is used to make the state 3856 * transition decision in the state automaton.) 3857 */ 3858 static enum cp_rcr_type 3859 sppp_ipv6cp_confreq(struct sppp *sp, struct lcp_header *h, int origlen, 3860 uint8_t **msgbuf, size_t *buflen, size_t *msglen) 3861 { 3862 u_char *buf, *r, *p, l, blen; 3863 struct ifnet *ifp = &sp->pp_if; 3864 int rlen, len, debug = ifp->if_flags & IFF_DEBUG; 3865 struct in6_addr myaddr, desiredaddr, suggestaddr; 3866 enum cp_rcr_type type; 3867 int ifidcount; 3868 int collision, nohisaddr; 3869 char ip6buf[INET6_ADDRSTRLEN]; 3870 3871 KASSERT(SPPP_WLOCKED(sp)); 3872 3873 type = CP_RCR_NONE; 3874 origlen -= sizeof(*h); 3875 3876 if (origlen < 0) 3877 return CP_RCR_DROP; 3878 3879 /* 3880 * Make sure to allocate a buf that can at least hold a 3881 * conf-nak with an `address' option. We might need it below. 3882 */ 3883 blen = MAX(6, origlen); 3884 3885 buf = kmem_intr_alloc(blen, KM_NOSLEEP); 3886 if (buf == NULL) 3887 return CP_RCR_DROP; 3888 3889 /* pass 1: see if we can recognize them */ 3890 if (debug) 3891 log(LOG_DEBUG, "%s: ipv6cp parse opts:", 3892 ifp->if_xname); 3893 p = (void *)(h + 1); 3894 r = buf; 3895 rlen = 0; 3896 ifidcount = 0; 3897 for (len = origlen; len > 1; len -= l, p += l) { 3898 l = p[1]; 3899 if (l == 0) 3900 break; 3901 3902 /* Sanity check option length */ 3903 if (l > len) { 3904 /* XXX just RXJ? */ 3905 addlog("%s: received malicious IPCPv6 option, " 3906 "dropping\n", ifp->if_xname); 3907 type = CP_RCR_ERR; 3908 goto end; 3909 } 3910 if (debug) 3911 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3912 switch (p[0]) { 3913 case IPV6CP_OPT_IFID: 3914 if (len >= 10 && l == 10 && ifidcount == 0) { 3915 /* correctly formed address option */ 3916 ifidcount++; 3917 continue; 3918 } 3919 if (debug) 3920 addlog(" [invalid]"); 3921 break; 3922 #ifdef notyet 3923 case IPV6CP_OPT_COMPRESSION: 3924 if (len >= 4 && l >= 4) { 3925 /* correctly formed compress option */ 3926 continue; 3927 } 3928 if (debug) 3929 addlog(" [invalid]"); 3930 break; 3931 #endif 3932 default: 3933 /* Others not supported. */ 3934 if (debug) 3935 addlog(" [rej]"); 3936 break; 3937 } 3938 if (rlen + l > blen) { 3939 if (debug) 3940 addlog(" [overflow]"); 3941 continue; 3942 } 3943 /* Add the option to rejected list. */ 3944 memcpy(r, p, l); 3945 r += l; 3946 rlen += l; 3947 } 3948 3949 if (rlen > 0) { 3950 type = CP_RCR_REJ; 3951 goto end; 3952 } 3953 3954 if (debug) 3955 addlog("\n"); 3956 3957 /* pass 2: parse option values */ 3958 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3959 if (debug) 3960 log(LOG_DEBUG, "%s: ipv6cp parse opt values: ", 3961 ifp->if_xname); 3962 p = (void *)(h + 1); 3963 r = buf; 3964 rlen = 0; 3965 type = CP_RCR_ACK; 3966 for (len = origlen; len > 1; len -= l, p += l) { 3967 l = p[1]; 3968 if (l == 0) 3969 break; 3970 3971 if (debug) 3972 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3973 switch (p[0]) { 3974 #ifdef notyet 3975 case IPV6CP_OPT_COMPRESSION: 3976 continue; 3977 #endif 3978 case IPV6CP_OPT_IFID: 3979 memset(&desiredaddr, 0, sizeof(desiredaddr)); 3980 memcpy(&desiredaddr.s6_addr[8], &p[2], 8); 3981 collision = (memcmp(&desiredaddr.s6_addr[8], 3982 &myaddr.s6_addr[8], 8) == 0); 3983 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3984 3985 desiredaddr.s6_addr16[0] = htons(0xfe80); 3986 (void)in6_setscope(&desiredaddr, &sp->pp_if, NULL); 3987 3988 if (!collision && !nohisaddr) { 3989 /* no collision, hisaddr known - Conf-Ack */ 3990 type = CP_RCR_ACK; 3991 3992 if (debug) { 3993 addlog(" %s [%s]", 3994 IN6_PRINT(ip6buf, &desiredaddr), 3995 sppp_cp_type_name(CONF_ACK)); 3996 } 3997 continue; 3998 } 3999 4000 memset(&suggestaddr, 0, sizeof(suggestaddr)); 4001 if (collision && nohisaddr) { 4002 /* collision, hisaddr unknown - Conf-Rej */ 4003 type = CP_RCR_REJ; 4004 memset(&p[2], 0, 8); 4005 } else { 4006 /* 4007 * - no collision, hisaddr unknown, or 4008 * - collision, hisaddr known 4009 * Conf-Nak, suggest hisaddr 4010 */ 4011 type = CP_RCR_NAK; 4012 sppp_suggest_ip6_addr(sp, &suggestaddr); 4013 memcpy(&p[2], &suggestaddr.s6_addr[8], 8); 4014 } 4015 if (debug) { 4016 int ctype = type == CP_RCR_REJ ? CONF_REJ : CONF_NAK; 4017 addlog(" %s [%s]", IN6_PRINT(ip6buf, &desiredaddr), 4018 sppp_cp_type_name(ctype)); 4019 } 4020 break; 4021 } 4022 if (rlen + l > blen) { 4023 if (debug) 4024 addlog(" [overflow]"); 4025 continue; 4026 } 4027 /* Add the option to nak'ed list. */ 4028 memcpy(r, p, l); 4029 r += l; 4030 rlen += l; 4031 } 4032 4033 if (rlen > 0) { 4034 if (type != CP_RCR_ACK) { 4035 if (debug) { 4036 int ctype ; 4037 ctype = type == CP_RCR_REJ ? 4038 CONF_REJ : CONF_NAK; 4039 addlog(" send %s suggest %s\n", 4040 sppp_cp_type_name(ctype), 4041 IN6_PRINT(ip6buf, &suggestaddr)); 4042 } 4043 } 4044 #ifdef notdef 4045 if (type == CP_RCR_ACK) 4046 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 4047 #endif 4048 } else { 4049 if (type == CP_RCR_ACK) { 4050 rlen = origlen; 4051 memcpy(r, h + 1, rlen); 4052 } 4053 } 4054 end: 4055 if (debug) 4056 addlog("\n"); 4057 4058 if (type == CP_RCR_ERR || type == CP_RCR_DROP) { 4059 if (buf != NULL) 4060 kmem_intr_free(buf, blen); 4061 } else { 4062 *msgbuf = buf; 4063 *buflen = blen; 4064 *msglen = rlen; 4065 } 4066 4067 return type; 4068 } 4069 4070 /* 4071 * Analyze the IPv6CP Configure-Reject option list, and adjust our 4072 * negotiation. 4073 */ 4074 static void 4075 sppp_ipv6cp_confrej(struct sppp *sp, struct lcp_header *h, int len) 4076 { 4077 u_char *p, l; 4078 struct ifnet *ifp = &sp->pp_if; 4079 int debug = ifp->if_flags & IFF_DEBUG; 4080 4081 KASSERT(SPPP_WLOCKED(sp)); 4082 4083 if (len <= sizeof(*h)) 4084 return; 4085 4086 len -= sizeof(*h); 4087 4088 if (debug) 4089 log(LOG_DEBUG, "%s: ipv6cp rej opts:", 4090 ifp->if_xname); 4091 4092 p = (void *)(h + 1); 4093 for (; len > 1; len -= l, p += l) { 4094 l = p[1]; 4095 if (l == 0) 4096 break; 4097 4098 if (l > len) { 4099 /* XXX just RXJ? */ 4100 addlog("%s: received malicious IPCPv6 option, " 4101 "dropping\n", ifp->if_xname); 4102 goto end; 4103 } 4104 if (debug) 4105 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 4106 switch (p[0]) { 4107 case IPV6CP_OPT_IFID: 4108 /* 4109 * Peer doesn't grok address option. This is 4110 * bad. XXX Should we better give up here? 4111 */ 4112 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 4113 break; 4114 #ifdef notyet 4115 case IPV6CP_OPT_COMPRESS: 4116 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 4117 break; 4118 #endif 4119 } 4120 } 4121 if (debug) 4122 addlog("\n"); 4123 end: 4124 return; 4125 } 4126 4127 /* 4128 * Analyze the IPv6CP Configure-NAK option list, and adjust our 4129 * negotiation. 4130 */ 4131 static void 4132 sppp_ipv6cp_confnak(struct sppp *sp, struct lcp_header *h, int len) 4133 { 4134 u_char *p, l; 4135 struct ifnet *ifp = &sp->pp_if; 4136 int debug = ifp->if_flags & IFF_DEBUG; 4137 struct in6_addr suggestaddr; 4138 char ip6buf[INET6_ADDRSTRLEN]; 4139 4140 KASSERT(SPPP_WLOCKED(sp)); 4141 4142 if (len <= sizeof(*h)) 4143 return; 4144 4145 len -= sizeof(*h); 4146 4147 if (debug) 4148 log(LOG_DEBUG, "%s: ipv6cp nak opts:", 4149 ifp->if_xname); 4150 4151 p = (void *)(h + 1); 4152 for (; len > 1; len -= l, p += l) { 4153 l = p[1]; 4154 if (l == 0) 4155 break; 4156 4157 if (l > len) { 4158 /* XXX just RXJ? */ 4159 addlog("%s: received malicious IPCPv6 option, " 4160 "dropping\n", ifp->if_xname); 4161 goto end; 4162 } 4163 if (debug) 4164 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 4165 switch (p[0]) { 4166 case IPV6CP_OPT_IFID: 4167 /* 4168 * Peer doesn't like our local ifid. See 4169 * if we can do something for him. We'll drop 4170 * him our address then. 4171 */ 4172 if (len < 10 || l != 10) 4173 break; 4174 memset(&suggestaddr, 0, sizeof(suggestaddr)); 4175 suggestaddr.s6_addr16[0] = htons(0xfe80); 4176 (void)in6_setscope(&suggestaddr, &sp->pp_if, NULL); 4177 memcpy(&suggestaddr.s6_addr[8], &p[2], 8); 4178 4179 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 4180 if (debug) 4181 addlog(" [suggestaddr %s]", 4182 IN6_PRINT(ip6buf, &suggestaddr)); 4183 #ifdef IPV6CP_MYIFID_DYN 4184 /* 4185 * When doing dynamic address assignment, 4186 * we accept his offer. 4187 */ 4188 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 4189 struct in6_addr lastsuggest; 4190 /* 4191 * If <suggested myaddr from peer> equals to 4192 * <hisaddr we have suggested last time>, 4193 * we have a collision. generate new random 4194 * ifid. 4195 */ 4196 sppp_suggest_ip6_addr(&lastsuggest); 4197 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 4198 lastsuggest)) { 4199 if (debug) 4200 addlog(" [random]"); 4201 sppp_gen_ip6_addr(sp, &suggestaddr); 4202 } 4203 sppp_set_ip6_addr(sp, &suggestaddr, 0); 4204 if (debug) 4205 addlog(" [agree]"); 4206 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 4207 } 4208 #else 4209 /* 4210 * Since we do not do dynamic address assignment, 4211 * we ignore it and thus continue to negotiate 4212 * our already existing value. This can possibly 4213 * go into infinite request-reject loop. 4214 * 4215 * This is not likely because we normally use 4216 * ifid based on MAC-address. 4217 * If you have no ethernet card on the node, too bad. 4218 * XXX should we use fail_counter? 4219 */ 4220 #endif 4221 break; 4222 #ifdef notyet 4223 case IPV6CP_OPT_COMPRESS: 4224 /* 4225 * Peer wants different compression parameters. 4226 */ 4227 break; 4228 #endif 4229 } 4230 } 4231 if (debug) 4232 addlog("\n"); 4233 end: 4234 return; 4235 } 4236 4237 static void 4238 sppp_ipv6cp_tlu(struct sppp *sp) 4239 { 4240 4241 KASSERT(SPPP_WLOCKED(sp)); 4242 /* we are up - notify isdn daemon */ 4243 sppp_notify_con_wlocked(sp); 4244 } 4245 4246 static void 4247 sppp_ipv6cp_scr(struct sppp *sp) 4248 { 4249 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 4250 struct in6_addr ouraddr; 4251 int i = 0; 4252 4253 KASSERT(SPPP_WLOCKED(sp)); 4254 4255 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 4256 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 4257 opt[i++] = IPV6CP_OPT_IFID; 4258 opt[i++] = 10; 4259 memcpy(&opt[i], &ouraddr.s6_addr[8], 8); 4260 i += 8; 4261 } 4262 4263 #ifdef notyet 4264 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 4265 opt[i++] = IPV6CP_OPT_COMPRESSION; 4266 opt[i++] = 4; 4267 opt[i++] = 0; /* TBD */ 4268 opt[i++] = 0; /* TBD */ 4269 /* variable length data may follow */ 4270 } 4271 #endif 4272 4273 sp->scp[IDX_IPV6CP].confid = ++sp->scp[IDX_IPV6CP].seq; 4274 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->scp[IDX_IPV6CP].confid, i, &opt); 4275 } 4276 #else /*INET6*/ 4277 static void 4278 sppp_ipv6cp_init(struct sppp *sp) 4279 { 4280 4281 KASSERT(SPPP_WLOCKED(sp)); 4282 } 4283 4284 static void 4285 sppp_ipv6cp_open(struct sppp *sp, void *xcp) 4286 { 4287 4288 KASSERT(SPPP_WLOCKED(sp)); 4289 } 4290 4291 static enum cp_rcr_type 4292 sppp_ipv6cp_confreq(struct sppp *sp, struct lcp_header *h, 4293 int len, uint8_t **msgbuf, size_t *buflen, size_t *msglen) 4294 { 4295 4296 KASSERT(SPPP_WLOCKED(sp)); 4297 return 0; 4298 } 4299 4300 static void 4301 sppp_ipv6cp_confrej(struct sppp *sp, struct lcp_header *h, 4302 int len) 4303 { 4304 4305 KASSERT(SPPP_WLOCKED(sp)); 4306 } 4307 4308 static void 4309 sppp_ipv6cp_confnak(struct sppp *sp, struct lcp_header *h, 4310 int len) 4311 { 4312 4313 KASSERT(SPPP_WLOCKED(sp)); 4314 } 4315 4316 static void 4317 sppp_ipv6cp_tlu(struct sppp *sp) 4318 { 4319 4320 KASSERT(SPPP_WLOCKED(sp)); 4321 } 4322 4323 static void 4324 sppp_ipv6cp_scr(struct sppp *sp) 4325 { 4326 4327 KASSERT(SPPP_WLOCKED(sp)); 4328 } 4329 #endif /*INET6*/ 4330 4331 /* 4332 *--------------------------------------------------------------------------* 4333 * * 4334 * The CHAP implementation. * 4335 * * 4336 *--------------------------------------------------------------------------* 4337 */ 4338 /* 4339 * The authentication protocols is implemented on the state machine for 4340 * control protocols. And it uses following actions and events. 4341 * 4342 * Actions: 4343 * - scr: send CHAP_CHALLENGE and CHAP_RESPONSE 4344 * - sca: send CHAP_SUCCESS 4345 * - scn: send CHAP_FAILURE and shutdown lcp 4346 * Events: 4347 * - RCR+: receive CHAP_RESPONSE containing correct digest 4348 * - RCR-: receive CHAP_RESPONSE containing wrong digest 4349 * - RCA: receive CHAP_SUCCESS 4350 * - RCN: (this event is unused) 4351 * - TO+: re-send CHAP_CHALLENGE and CHAP_RESPONSE 4352 * - TO-: this layer finish 4353 */ 4354 4355 /* 4356 * Handle incoming CHAP packets. 4357 */ 4358 void 4359 sppp_chap_input(struct sppp *sp, struct mbuf *m) 4360 { 4361 STDDCL; 4362 struct lcp_header *h; 4363 int len, x; 4364 u_char *value, *name, digest[sizeof(sp->chap.challenge)]; 4365 int value_len, name_len; 4366 MD5_CTX ctx; 4367 4368 len = m->m_pkthdr.len; 4369 if (len < 4) { 4370 if (debug) 4371 log(LOG_DEBUG, 4372 "%s: chap invalid packet length: %d bytes\n", 4373 ifp->if_xname, len); 4374 return; 4375 } 4376 h = mtod(m, struct lcp_header *); 4377 if (len > ntohs(h->len)) 4378 len = ntohs(h->len); 4379 4380 SPPP_LOCK(sp, RW_WRITER); 4381 4382 switch (h->type) { 4383 /* challenge, failure and success are his authproto */ 4384 case CHAP_CHALLENGE: 4385 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 4386 /* can't do anything useful */ 4387 sp->pp_auth_failures++; 4388 printf("%s: chap input without my name and my secret being set\n", 4389 ifp->if_xname); 4390 break; 4391 } 4392 value = 1 + (u_char *)(h + 1); 4393 value_len = value[-1]; 4394 name = value + value_len; 4395 name_len = len - value_len - 5; 4396 if (name_len < 0) { 4397 if (debug) { 4398 log(LOG_DEBUG, 4399 "%s: chap corrupted challenge " 4400 "<%s id=0x%x len=%d", 4401 ifp->if_xname, 4402 sppp_auth_type_name(PPP_CHAP, h->type), 4403 h->ident, ntohs(h->len)); 4404 if (len > 4) 4405 sppp_print_bytes((u_char *)(h + 1), 4406 len - 4); 4407 addlog(">\n"); 4408 } 4409 break; 4410 } 4411 4412 if (debug) { 4413 log(LOG_DEBUG, 4414 "%s: chap input <%s id=0x%x len=%d name=", 4415 ifp->if_xname, 4416 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 4417 ntohs(h->len)); 4418 sppp_print_string((char *) name, name_len); 4419 addlog(" value-size=%d value=", value_len); 4420 sppp_print_bytes(value, value_len); 4421 addlog(">\n"); 4422 } 4423 4424 /* Compute reply value. */ 4425 MD5Init(&ctx); 4426 MD5Update(&ctx, &h->ident, 1); 4427 MD5Update(&ctx, sp->myauth.secret, sp->myauth.secret_len); 4428 MD5Update(&ctx, value, value_len); 4429 MD5Final(sp->chap.digest, &ctx); 4430 sp->chap.digest_len = sizeof(sp->chap.digest); 4431 sp->scp[IDX_CHAP].rconfid = h->ident; 4432 4433 sppp_wq_add(sp->wq_cp, &sp->chap.work_challenge_rcvd); 4434 break; 4435 4436 case CHAP_SUCCESS: 4437 if (debug) { 4438 log(LOG_DEBUG, "%s: chap success", 4439 ifp->if_xname); 4440 if (len > 4) { 4441 addlog(": "); 4442 sppp_print_string((char *)(h + 1), len - 4); 4443 } 4444 addlog("\n"); 4445 } 4446 4447 if (h->ident != sp->scp[IDX_CHAP].rconfid) { 4448 if (debug) { 4449 log(LOG_DEBUG, "%s: %s id mismatch 0x%x != 0x%x\n", 4450 ifp->if_xname, chap.name, 4451 h->ident, sp->scp[IDX_CHAP].rconfid); 4452 } 4453 if_statinc(ifp, if_ierrors); 4454 break; 4455 } 4456 4457 if (sp->chap.digest_len == 0) { 4458 if (debug) { 4459 log(LOG_DEBUG, 4460 "%s: receive CHAP success without challenge\n", 4461 ifp->if_xname); 4462 } 4463 if_statinc(ifp, if_ierrors); 4464 break; 4465 } 4466 4467 x = splnet(); 4468 sp->pp_auth_failures = 0; 4469 sp->pp_flags &= ~PP_NEEDAUTH; 4470 splx(x); 4471 memset(sp->chap.digest, 0, sizeof(sp->chap.digest)); 4472 sp->chap.digest_len = 0; 4473 4474 if (!ISSET(sppp_auth_role(&chap, sp), SPPP_AUTH_SERV)) { 4475 /* 4476 * we are not authenticator for CHAP, 4477 * generate a dummy RCR+ event without CHAP_RESPONSE 4478 */ 4479 sp->scp[IDX_CHAP].rcr_type = CP_RCR_ACK; 4480 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rcr); 4481 } 4482 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rca); 4483 break; 4484 4485 case CHAP_FAILURE: 4486 if (h->ident != sp->scp[IDX_CHAP].rconfid) { 4487 if (debug) { 4488 log(LOG_DEBUG, "%s: %s id mismatch 0x%x != 0x%x\n", 4489 ifp->if_xname, chap.name, 4490 h->ident, sp->scp[IDX_CHAP].rconfid); 4491 } 4492 if_statinc(ifp, if_ierrors); 4493 break; 4494 } 4495 4496 if (sp->chap.digest_len == 0) { 4497 if (debug) { 4498 log(LOG_DEBUG, 4499 "%s: receive CHAP failure without challenge\n", 4500 ifp->if_xname); 4501 } 4502 if_statinc(ifp, if_ierrors); 4503 break; 4504 } 4505 4506 x = splnet(); 4507 sp->pp_auth_failures++; 4508 splx(x); 4509 if (debug) { 4510 log(LOG_INFO, "%s: chap failure", 4511 ifp->if_xname); 4512 if (len > 4) { 4513 addlog(": "); 4514 sppp_print_string((char *)(h + 1), len - 4); 4515 } 4516 addlog("\n"); 4517 } else 4518 log(LOG_INFO, "%s: chap failure\n", 4519 ifp->if_xname); 4520 4521 memset(sp->chap.digest, 0, sizeof(sp->chap.digest)); 4522 sp->chap.digest_len = 0; 4523 /* 4524 * await LCP shutdown by authenticator, 4525 * so we don't have to enqueue sc->scp[IDX_CHAP].work_rcn 4526 */ 4527 break; 4528 4529 /* response is my authproto */ 4530 case CHAP_RESPONSE: 4531 if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) { 4532 /* can't do anything useful */ 4533 printf("%s: chap response" 4534 " without his name and his secret being set\n", 4535 ifp->if_xname); 4536 break; 4537 } 4538 value = 1 + (u_char *)(h + 1); 4539 value_len = value[-1]; 4540 name = value + value_len; 4541 name_len = len - value_len - 5; 4542 if (name_len < 0) { 4543 if (debug) { 4544 log(LOG_DEBUG, 4545 "%s: chap corrupted response " 4546 "<%s id=0x%x len=%d", 4547 ifp->if_xname, 4548 sppp_auth_type_name(PPP_CHAP, h->type), 4549 h->ident, ntohs(h->len)); 4550 if (len > 4) 4551 sppp_print_bytes((u_char *)(h + 1), 4552 len - 4); 4553 addlog(">\n"); 4554 } 4555 break; 4556 } 4557 if (h->ident != sp->scp[IDX_CHAP].confid) { 4558 if (debug) 4559 log(LOG_DEBUG, 4560 "%s: chap dropping response for old ID " 4561 "(got %d, expected %d)\n", 4562 ifp->if_xname, 4563 h->ident, sp->scp[IDX_CHAP].confid); 4564 break; 4565 } else { 4566 sp->scp[IDX_CHAP].rconfid = h->ident; 4567 } 4568 4569 if (sp->hisauth.name != NULL && 4570 (name_len != sp->hisauth.name_len 4571 || memcmp(name, sp->hisauth.name, name_len) != 0)) { 4572 log(LOG_INFO, "%s: chap response, his name ", 4573 ifp->if_xname); 4574 sppp_print_string(name, name_len); 4575 addlog(" != expected "); 4576 sppp_print_string(sp->hisauth.name, 4577 sp->hisauth.name_len); 4578 addlog("\n"); 4579 4580 /* generate RCR- event */ 4581 sp->scp[IDX_CHAP].rcr_type = CP_RCR_NAK; 4582 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rcr); 4583 break; 4584 } 4585 4586 if (debug) { 4587 log(LOG_DEBUG, "%s: chap input(%s) " 4588 "<%s id=0x%x len=%d name=", 4589 ifp->if_xname, 4590 sppp_state_name(sp->scp[IDX_CHAP].state), 4591 sppp_auth_type_name(PPP_CHAP, h->type), 4592 h->ident, ntohs(h->len)); 4593 sppp_print_string((char *)name, name_len); 4594 addlog(" value-size=%d value=", value_len); 4595 sppp_print_bytes(value, value_len); 4596 addlog(">\n"); 4597 } 4598 4599 if (value_len == sizeof(sp->chap.challenge) && 4600 value_len == sizeof(sp->chap.digest)) { 4601 MD5Init(&ctx); 4602 MD5Update(&ctx, &h->ident, 1); 4603 MD5Update(&ctx, sp->hisauth.secret, sp->hisauth.secret_len); 4604 MD5Update(&ctx, sp->chap.challenge, sizeof(sp->chap.challenge)); 4605 MD5Final(digest, &ctx); 4606 4607 if (memcmp(digest, value, value_len) == 0) { 4608 sp->scp[IDX_CHAP].rcr_type = CP_RCR_ACK; 4609 if (!ISSET(sppp_auth_role(&chap, sp), SPPP_AUTH_PEER) || 4610 sp->chap.rechallenging) { 4611 /* generate a dummy RCA event*/ 4612 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rca); 4613 } 4614 } else { 4615 sp->scp[IDX_CHAP].rcr_type = CP_RCR_NAK; 4616 } 4617 } else { 4618 if (debug) 4619 log(LOG_DEBUG, 4620 "%s: chap bad hash value length: " 4621 "%d bytes, should be %zu\n", 4622 ifp->if_xname, value_len, 4623 sizeof(sp->chap.challenge)); 4624 4625 sp->scp[IDX_CHAP].rcr_type = CP_RCR_NAK; 4626 } 4627 4628 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rcr); 4629 break; 4630 4631 default: 4632 /* Unknown CHAP packet type -- ignore. */ 4633 if (debug) { 4634 log(LOG_DEBUG, "%s: chap unknown input(%s) " 4635 "<0x%x id=0x%xh len=%d", 4636 ifp->if_xname, 4637 sppp_state_name(sp->scp[IDX_CHAP].state), 4638 h->type, h->ident, ntohs(h->len)); 4639 if (len > 4) 4640 sppp_print_bytes((u_char *)(h + 1), len - 4); 4641 addlog(">\n"); 4642 } 4643 break; 4644 4645 } 4646 4647 SPPP_UNLOCK(sp); 4648 } 4649 4650 static void 4651 sppp_chap_init(struct sppp *sp) 4652 { 4653 4654 KASSERT(SPPP_WLOCKED(sp)); 4655 4656 sppp_cp_init(&chap, sp); 4657 4658 SPPP_WQ_SET(&sp->chap.work_challenge_rcvd, 4659 sppp_chap_rcv_challenge_event, &chap); 4660 } 4661 4662 static void 4663 sppp_chap_open(struct sppp *sp, void *xcp) 4664 { 4665 4666 KASSERT(SPPP_WLOCKED(sp)); 4667 4668 memset(sp->chap.digest, 0, sizeof(sp->chap.digest)); 4669 sp->chap.digest_len = 0; 4670 sp->chap.rechallenging = false; 4671 sp->chap.response_rcvd = false; 4672 sppp_open_event(sp, xcp); 4673 } 4674 4675 static void 4676 sppp_chap_tlu(struct sppp *sp) 4677 { 4678 STDDCL; 4679 int i, x; 4680 4681 KASSERT(SPPP_WLOCKED(sp)); 4682 4683 i = 0; 4684 sp->scp[IDX_CHAP].rst_counter = sp->lcp.max_configure; 4685 x = splnet(); 4686 sp->pp_auth_failures = 0; 4687 splx(x); 4688 4689 log(LOG_DEBUG, "%s: chap %s", ifp->if_xname, 4690 sp->pp_phase == SPPP_PHASE_NETWORK ? "reconfirmed" : "tlu"); 4691 4692 /* 4693 * Some broken CHAP implementations (Conware CoNet, firmware 4694 * 4.0.?) don't want to re-authenticate their CHAP once the 4695 * initial challenge-response exchange has taken place. 4696 * Provide for an option to avoid rechallenges. 4697 */ 4698 if (ISSET(sppp_auth_role(&chap, sp), SPPP_AUTH_SERV) && 4699 (sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) { 4700 /* 4701 * Compute the re-challenge timeout. This will yield 4702 * a number between 300 and 810 seconds. 4703 */ 4704 i = 300 + ((unsigned)(cprng_fast32() & 0xff00) >> 7); 4705 callout_schedule(&sp->scp[IDX_CHAP].ch, i * hz); 4706 4707 if (debug) { 4708 addlog(", next rechallenge in %d seconds", i); 4709 } 4710 } 4711 4712 addlog("\n"); 4713 4714 /* 4715 * If we are already in phase network, we are done here. This 4716 * is the case if this is a dummy tlu event after a re-challenge. 4717 */ 4718 if (sp->pp_phase != SPPP_PHASE_NETWORK) 4719 sppp_phase_network(sp); 4720 } 4721 4722 static void 4723 sppp_chap_scr(struct sppp *sp) 4724 { 4725 uint32_t *ch; 4726 u_char clen, dsize; 4727 int role; 4728 4729 KASSERT(SPPP_WLOCKED(sp)); 4730 4731 role = sppp_auth_role(&chap, sp); 4732 4733 if (ISSET(role, SPPP_AUTH_SERV) && 4734 !sp->chap.response_rcvd) { 4735 /* we are authenticator for CHAP, send challenge */ 4736 ch = (uint32_t *)sp->chap.challenge; 4737 clen = sizeof(sp->chap.challenge); 4738 /* Compute random challenge. */ 4739 cprng_strong(kern_cprng, ch, clen, 0); 4740 4741 sp->scp[IDX_CHAP].confid = ++sp->scp[IDX_CHAP].seq; 4742 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->scp[IDX_CHAP].confid, 4743 sizeof(clen), (const char *)&clen, 4744 sizeof(sp->chap.challenge), sp->chap.challenge, 4745 0); 4746 } 4747 4748 if (ISSET(role, SPPP_AUTH_PEER) && 4749 sp->chap.digest_len > 0) { 4750 /* we are peer for CHAP, send response */ 4751 dsize = sp->chap.digest_len; 4752 4753 sppp_auth_send(&chap, sp, CHAP_RESPONSE, sp->scp[IDX_CHAP].rconfid, 4754 sizeof(dsize), (const char *)&dsize, 4755 sp->chap.digest_len, sp->chap.digest, 4756 sp->myauth.name_len, sp->myauth.name, 0); 4757 } 4758 } 4759 4760 static void 4761 sppp_chap_rcv_challenge_event(struct sppp *sp, void *xcp) 4762 { 4763 const struct cp *cp = xcp; 4764 4765 sp->chap.rechallenging = false; 4766 4767 switch (sp->scp[IDX_CHAP].state) { 4768 case STATE_REQ_SENT: 4769 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 4770 cp->scr(sp); 4771 break; 4772 case STATE_OPENED: 4773 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 4774 cp->scr(sp); 4775 break; 4776 } 4777 } 4778 4779 /* 4780 *--------------------------------------------------------------------------* 4781 * * 4782 * The PAP implementation. * 4783 * * 4784 *--------------------------------------------------------------------------* 4785 */ 4786 /* 4787 * PAP uses following actions and events. 4788 * Actions: 4789 * - scr: send PAP_REQ 4790 * - sca: send PAP_ACK 4791 * - scn: send PAP_NAK 4792 * Events: 4793 * - RCR+: receive PAP_REQ containing correct username and password 4794 * - RCR-: receive PAP_REQ containing wrong username and password 4795 * - RCA: receive PAP_ACK 4796 * - RCN: (this event is unused) 4797 * - TO+: re-send PAP_REQ 4798 * - TO-: this layer finish 4799 */ 4800 4801 /* 4802 * Handle incoming PAP packets. */ 4803 static void 4804 sppp_pap_input(struct sppp *sp, struct mbuf *m) 4805 { 4806 STDDCL; 4807 struct lcp_header *h; 4808 int len, x; 4809 char *name, *secret; 4810 int name_len, secret_len; 4811 4812 /* 4813 * Malicious input might leave this uninitialized, so 4814 * init to an impossible value. 4815 */ 4816 secret_len = -1; 4817 4818 len = m->m_pkthdr.len; 4819 if (len < 5) { 4820 if (debug) 4821 log(LOG_DEBUG, 4822 "%s: pap invalid packet length: %d bytes\n", 4823 ifp->if_xname, len); 4824 return; 4825 } 4826 h = mtod(m, struct lcp_header *); 4827 if (len > ntohs(h->len)) 4828 len = ntohs(h->len); 4829 4830 SPPP_LOCK(sp, RW_WRITER); 4831 4832 switch (h->type) { 4833 /* PAP request is my authproto */ 4834 case PAP_REQ: 4835 if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) { 4836 /* can't do anything useful */ 4837 printf("%s: pap request" 4838 " without his name and his secret being set\n", 4839 ifp->if_xname); 4840 break; 4841 } 4842 name = 1 + (u_char *)(h + 1); 4843 name_len = name[-1]; 4844 secret = name + name_len + 1; 4845 if (name_len > len - 6 || 4846 (secret_len = secret[-1]) > len - 6 - name_len) { 4847 if (debug) { 4848 log(LOG_DEBUG, "%s: pap corrupted input " 4849 "<%s id=0x%x len=%d", 4850 ifp->if_xname, 4851 sppp_auth_type_name(PPP_PAP, h->type), 4852 h->ident, ntohs(h->len)); 4853 if (len > 4) 4854 sppp_print_bytes((u_char *)(h + 1), 4855 len - 4); 4856 addlog(">\n"); 4857 } 4858 break; 4859 } 4860 if (debug) { 4861 log(LOG_DEBUG, "%s: pap input(%s) " 4862 "<%s id=0x%x len=%d name=", 4863 ifp->if_xname, 4864 sppp_state_name(sp->scp[IDX_PAP].state), 4865 sppp_auth_type_name(PPP_PAP, h->type), 4866 h->ident, ntohs(h->len)); 4867 sppp_print_string((char *)name, name_len); 4868 addlog(" secret="); 4869 sppp_print_string((char *)secret, secret_len); 4870 addlog(">\n"); 4871 } 4872 4873 sp->scp[IDX_PAP].rconfid = h->ident; 4874 4875 if (name_len == sp->hisauth.name_len && 4876 memcmp(name, sp->hisauth.name, name_len) == 0 && 4877 secret_len == sp->hisauth.secret_len && 4878 memcmp(secret, sp->hisauth.secret, secret_len) == 0) { 4879 sp->scp[IDX_PAP].rcr_type = CP_RCR_ACK; 4880 if (!ISSET(sppp_auth_role(&pap, sp), SPPP_AUTH_PEER)) { 4881 /* generate a dummy RCA event*/ 4882 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rca); 4883 } 4884 } else { 4885 sp->scp[IDX_PAP].rcr_type = CP_RCR_NAK; 4886 } 4887 4888 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rcr); 4889 break; 4890 4891 /* ack and nak are his authproto */ 4892 case PAP_ACK: 4893 if (debug) { 4894 log(LOG_DEBUG, "%s: pap success", 4895 ifp->if_xname); 4896 name = 1 + (u_char *)(h + 1); 4897 name_len = name[-1]; 4898 if (len > 5 && name_len < len+4) { 4899 addlog(": "); 4900 sppp_print_string(name, name_len); 4901 } 4902 addlog("\n"); 4903 } 4904 4905 if (h->ident != sp->scp[IDX_PAP].confid) { 4906 if (debug) { 4907 log(LOG_DEBUG, "%s: %s id mismatch 0x%x != 0x%x\n", 4908 ifp->if_xname, pap.name, 4909 h->ident, sp->scp[IDX_PAP].rconfid); 4910 } 4911 if_statinc(ifp, if_ierrors); 4912 break; 4913 } 4914 4915 x = splnet(); 4916 sp->pp_auth_failures = 0; 4917 sp->pp_flags &= ~PP_NEEDAUTH; 4918 splx(x); 4919 4920 /* we are not authenticator, generate a dummy RCR+ event */ 4921 if (!ISSET(sppp_auth_role(&pap, sp), SPPP_AUTH_SERV)) { 4922 sp->scp[IDX_PAP].rcr_type = CP_RCR_ACK; 4923 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rcr); 4924 } 4925 4926 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rca); 4927 break; 4928 4929 case PAP_NAK: 4930 if (debug) { 4931 log(LOG_INFO, "%s: pap failure", 4932 ifp->if_xname); 4933 name = 1 + (u_char *)(h + 1); 4934 name_len = name[-1]; 4935 if (len > 5 && name_len < len+4) { 4936 addlog(": "); 4937 sppp_print_string(name, name_len); 4938 } 4939 addlog("\n"); 4940 } else 4941 log(LOG_INFO, "%s: pap failure\n", 4942 ifp->if_xname); 4943 4944 if (h->ident != sp->scp[IDX_PAP].confid) { 4945 if (debug) { 4946 log(LOG_DEBUG, "%s: %s id mismatch 0x%x != 0x%x\n", 4947 ifp->if_xname, pap.name, 4948 h->ident, sp->scp[IDX_PAP].rconfid); 4949 } 4950 if_statinc(ifp, if_ierrors); 4951 break; 4952 } 4953 4954 sp->pp_auth_failures++; 4955 /* 4956 * await LCP shutdown by authenticator, 4957 * so we don't have to enqueue sc->scp[IDX_PAP].work_rcn 4958 */ 4959 break; 4960 4961 default: 4962 /* Unknown PAP packet type -- ignore. */ 4963 if (debug) { 4964 log(LOG_DEBUG, "%s: pap corrupted input " 4965 "<0x%x id=0x%x len=%d", 4966 ifp->if_xname, 4967 h->type, h->ident, ntohs(h->len)); 4968 if (len > 4) 4969 sppp_print_bytes((u_char *)(h + 1), len - 4); 4970 addlog(">\n"); 4971 } 4972 break; 4973 } 4974 4975 SPPP_UNLOCK(sp); 4976 } 4977 4978 static void 4979 sppp_pap_init(struct sppp *sp) 4980 { 4981 4982 KASSERT(SPPP_WLOCKED(sp)); 4983 sppp_cp_init(&pap, sp); 4984 } 4985 4986 static void 4987 sppp_pap_tlu(struct sppp *sp) 4988 { 4989 STDDCL; 4990 int x; 4991 4992 sp->scp[IDX_PAP].rst_counter = sp->lcp.max_configure; 4993 4994 if (debug) 4995 log(LOG_DEBUG, "%s: %s tlu\n", 4996 ifp->if_xname, pap.name); 4997 4998 x = splnet(); 4999 sp->pp_auth_failures = 0; 5000 splx(x); 5001 5002 if (sp->pp_phase < SPPP_PHASE_NETWORK) 5003 sppp_phase_network(sp); 5004 } 5005 5006 static void 5007 sppp_pap_scr(struct sppp *sp) 5008 { 5009 u_char idlen, pwdlen; 5010 5011 KASSERT(SPPP_WLOCKED(sp)); 5012 5013 if (ISSET(sppp_auth_role(&pap, sp), SPPP_AUTH_PEER) && 5014 sp->scp[IDX_PAP].state != STATE_ACK_RCVD) { 5015 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 5016 log(LOG_DEBUG, "%s: couldn't send PAP_REQ " 5017 "because of no name or no secret\n", 5018 sp->pp_if.if_xname); 5019 } else { 5020 sp->scp[IDX_PAP].confid = ++sp->scp[IDX_PAP].seq; 5021 pwdlen = sp->myauth.secret_len; 5022 idlen = sp->myauth.name_len; 5023 5024 sppp_auth_send(&pap, sp, PAP_REQ, sp->scp[IDX_PAP].confid, 5025 sizeof idlen, (const char *)&idlen, 5026 idlen, sp->myauth.name, 5027 sizeof pwdlen, (const char *)&pwdlen, 5028 pwdlen, sp->myauth.secret, 5029 0); 5030 } 5031 } 5032 } 5033 5034 /* 5035 * Random miscellaneous functions. 5036 */ 5037 5038 /* 5039 * Send a PAP or CHAP proto packet. 5040 * 5041 * Varadic function, each of the elements for the ellipsis is of type 5042 * ``size_t mlen, const u_char *msg''. Processing will stop iff 5043 * mlen == 0. 5044 * NOTE: never declare variadic functions with types subject to type 5045 * promotion (i.e. u_char). This is asking for big trouble depending 5046 * on the architecture you are on... 5047 */ 5048 5049 static void 5050 sppp_auth_send(const struct cp *cp, struct sppp *sp, 5051 unsigned int type, unsigned int id, 5052 ...) 5053 { 5054 STDDCL; 5055 struct lcp_header *lh; 5056 struct mbuf *m; 5057 u_char *p; 5058 int len; 5059 size_t pkthdrlen; 5060 unsigned int mlen; 5061 const char *msg; 5062 va_list ap; 5063 5064 KASSERT(SPPP_WLOCKED(sp)); 5065 5066 MGETHDR(m, M_DONTWAIT, MT_DATA); 5067 if (! m) 5068 return; 5069 m_reset_rcvif(m); 5070 5071 if (sp->pp_flags & PP_NOFRAMING) { 5072 *mtod(m, uint16_t *) = htons(cp->proto); 5073 pkthdrlen = 2; 5074 lh = (struct lcp_header *)(mtod(m, uint8_t *)+2); 5075 } else { 5076 struct ppp_header *h; 5077 h = mtod(m, struct ppp_header *); 5078 h->address = PPP_ALLSTATIONS; /* broadcast address */ 5079 h->control = PPP_UI; /* Unnumbered Info */ 5080 h->protocol = htons(cp->proto); 5081 pkthdrlen = PPP_HEADER_LEN; 5082 5083 lh = (struct lcp_header *)(h + 1); 5084 } 5085 5086 lh->type = type; 5087 lh->ident = id; 5088 p = (u_char *)(lh + 1); 5089 5090 va_start(ap, id); 5091 len = 0; 5092 5093 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 5094 msg = va_arg(ap, const char *); 5095 len += mlen; 5096 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) { 5097 va_end(ap); 5098 m_freem(m); 5099 return; 5100 } 5101 5102 memcpy(p, msg, mlen); 5103 p += mlen; 5104 } 5105 va_end(ap); 5106 5107 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 5108 lh->len = htons(LCP_HEADER_LEN + len); 5109 5110 if (debug) { 5111 log(LOG_DEBUG, "%s: %s output <%s id=0x%x len=%d", 5112 ifp->if_xname, cp->name, 5113 sppp_auth_type_name(cp->proto, lh->type), 5114 lh->ident, ntohs(lh->len)); 5115 if (len) 5116 sppp_print_bytes((u_char *)(lh + 1), len); 5117 addlog(">\n"); 5118 } 5119 if (IF_QFULL(&sp->pp_cpq)) { 5120 IF_DROP(&sp->pp_fastq); 5121 IF_DROP(&ifp->if_snd); 5122 m_freem(m); 5123 if_statinc(ifp, if_oerrors); 5124 return; 5125 } 5126 5127 if_statadd(ifp, if_obytes, m->m_pkthdr.len + sp->pp_framebytes); 5128 IF_ENQUEUE(&sp->pp_cpq, m); 5129 5130 if (! (ifp->if_flags & IFF_OACTIVE)) { 5131 SPPP_UNLOCK(sp); 5132 if_start_lock(ifp); 5133 SPPP_LOCK(sp, RW_WRITER); 5134 } 5135 } 5136 5137 static int 5138 sppp_auth_role(const struct cp *cp, struct sppp *sp) 5139 { 5140 int role; 5141 5142 role = SPPP_AUTH_NOROLE; 5143 5144 if (sp->hisauth.proto == cp->proto && 5145 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) 5146 SET(role, SPPP_AUTH_SERV); 5147 5148 if (sp->myauth.proto == cp->proto) 5149 SET(role, SPPP_AUTH_PEER); 5150 5151 return role; 5152 } 5153 5154 static void 5155 sppp_auth_to_event(struct sppp *sp, void *xcp) 5156 { 5157 const struct cp *cp = xcp; 5158 bool override; 5159 int state; 5160 STDDCL; 5161 5162 KASSERT(SPPP_WLOCKED(sp)); 5163 5164 override = false; 5165 state = sp->scp[cp->protoidx].state; 5166 5167 if (sp->scp[cp->protoidx].rst_counter > 0) { 5168 /* override TO+ event */ 5169 switch (state) { 5170 case STATE_OPENED: 5171 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) { 5172 override = true; 5173 sp->chap.rechallenging = true; 5174 sp->chap.response_rcvd = false; 5175 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 5176 cp->scr(sp); 5177 } 5178 break; 5179 5180 case STATE_ACK_RCVD: 5181 override = true; 5182 cp->scr(sp); 5183 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 5184 break; 5185 } 5186 } 5187 5188 if (override) { 5189 if (debug) 5190 log(LOG_DEBUG, "%s: %s TO(%s) rst_counter = %d\n", 5191 ifp->if_xname, cp->name, 5192 sppp_state_name(state), 5193 sp->scp[cp->protoidx].rst_counter); 5194 sp->scp[cp->protoidx].rst_counter--; 5195 } else { 5196 sppp_to_event(sp, xcp); 5197 } 5198 } 5199 5200 static void 5201 sppp_auth_sca_scn(const struct cp *cp, struct sppp *sp) 5202 { 5203 static const char *succmsg = "Welcome!"; 5204 static const char *failmsg = "Failed..."; 5205 const char *msg; 5206 u_char type, rconfid, mlen; 5207 5208 KASSERT(SPPP_WLOCKED(sp)); 5209 5210 if (!ISSET(sppp_auth_role(cp, sp), SPPP_AUTH_SERV)) 5211 return; 5212 5213 rconfid = sp->scp[cp->protoidx].rconfid; 5214 5215 if (sp->scp[cp->protoidx].rcr_type == CP_RCR_ACK) { 5216 type = cp->proto == PPP_CHAP ? CHAP_SUCCESS : PAP_ACK; 5217 msg = succmsg; 5218 mlen = sizeof(succmsg) - 1; 5219 5220 sp->pp_auth_failures = 0; 5221 } else { 5222 type = cp->proto == PPP_CHAP ? CHAP_FAILURE : PAP_NAK; 5223 msg = failmsg; 5224 mlen = sizeof(failmsg) - 1; 5225 5226 /* shutdown LCP if auth failed */ 5227 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 5228 sp->pp_auth_failures++; 5229 } 5230 5231 sppp_auth_send(cp, sp, type, rconfid, 5232 mlen, (const u_char *)msg, 0); 5233 } 5234 5235 /* 5236 * Send keepalive packets, every 10 seconds. 5237 */ 5238 static void 5239 sppp_keepalive(void *dummy) 5240 { 5241 struct sppp *sp; 5242 int s; 5243 time_t now; 5244 5245 SPPPQ_LOCK(); 5246 5247 s = splnet(); 5248 now = time_uptime; 5249 for (sp=spppq; sp; sp=sp->pp_next) { 5250 struct ifnet *ifp = NULL; 5251 5252 SPPP_LOCK(sp, RW_WRITER); 5253 ifp = &sp->pp_if; 5254 5255 /* check idle timeout */ 5256 if ((sp->pp_idle_timeout != 0) && (ifp->if_flags & IFF_RUNNING) 5257 && (sp->pp_phase == SPPP_PHASE_NETWORK)) { 5258 /* idle timeout is enabled for this interface */ 5259 if ((now-sp->pp_last_activity) >= sp->pp_idle_timeout) { 5260 if (ifp->if_flags & IFF_DEBUG) 5261 printf("%s: no activity for %lu seconds\n", 5262 sp->pp_if.if_xname, 5263 (unsigned long)(now-sp->pp_last_activity)); 5264 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 5265 SPPP_UNLOCK(sp); 5266 continue; 5267 } 5268 } 5269 5270 /* Keepalive mode disabled or channel down? */ 5271 if (! (sp->pp_flags & PP_KEEPALIVE) || 5272 ! (ifp->if_flags & IFF_RUNNING)) { 5273 SPPP_UNLOCK(sp); 5274 continue; 5275 } 5276 5277 /* No keepalive in PPP mode if LCP not opened yet. */ 5278 if (! (sp->pp_flags & PP_CISCO) && 5279 sp->pp_phase < SPPP_PHASE_AUTHENTICATE) { 5280 SPPP_UNLOCK(sp); 5281 continue; 5282 } 5283 5284 /* No echo reply, but maybe user data passed through? */ 5285 if ((now - sp->pp_last_receive) < sp->pp_max_noreceive) { 5286 sp->pp_alivecnt = 0; 5287 SPPP_UNLOCK(sp); 5288 continue; 5289 } 5290 5291 if (sp->pp_alivecnt >= sp->pp_maxalive) { 5292 /* No keepalive packets got. Stop the interface. */ 5293 sppp_wq_add(sp->wq_cp, &sp->work_ifdown); 5294 5295 if (! (sp->pp_flags & PP_CISCO)) { 5296 printf("%s: LCP keepalive timed out, going to restart the connection\n", 5297 ifp->if_xname); 5298 sp->pp_alivecnt = 0; 5299 5300 /* we are down, close all open protocols */ 5301 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 5302 5303 /* And now prepare LCP to reestablish the link, if configured to do so. */ 5304 sp->lcp.reestablish = true; 5305 5306 SPPP_UNLOCK(sp); 5307 continue; 5308 } 5309 } 5310 if (sp->pp_alivecnt < sp->pp_maxalive) 5311 ++sp->pp_alivecnt; 5312 if (sp->pp_flags & PP_CISCO) 5313 sppp_cisco_send(sp, CISCO_KEEPALIVE_REQ, 5314 ++sp->scp[IDX_LCP].seq, sp->scp[IDX_LCP].rseq); 5315 else if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 5316 int32_t nmagic = htonl(sp->lcp.magic); 5317 sp->lcp.echoid = ++sp->scp[IDX_LCP].seq; 5318 sppp_cp_send(sp, PPP_LCP, ECHO_REQ, 5319 sp->lcp.echoid, 4, &nmagic); 5320 } 5321 5322 SPPP_UNLOCK(sp); 5323 } 5324 splx(s); 5325 callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 5326 5327 SPPPQ_UNLOCK(); 5328 } 5329 5330 #ifdef INET 5331 /* 5332 * Get both IP addresses. 5333 */ 5334 static void 5335 sppp_get_ip_addrs(struct sppp *sp, uint32_t *src, uint32_t *dst, uint32_t *srcmask) 5336 { 5337 struct ifnet *ifp = &sp->pp_if; 5338 struct ifaddr *ifa; 5339 struct sockaddr_in *si, *sm; 5340 uint32_t ssrc, ddst; 5341 int s; 5342 struct psref psref; 5343 5344 sm = NULL; 5345 ssrc = ddst = 0; 5346 /* 5347 * Pick the first AF_INET address from the list, 5348 * aliases don't make any sense on a p2p link anyway. 5349 */ 5350 si = 0; 5351 s = pserialize_read_enter(); 5352 IFADDR_READER_FOREACH(ifa, ifp) { 5353 if (ifa->ifa_addr->sa_family == AF_INET) { 5354 si = (struct sockaddr_in *)ifa->ifa_addr; 5355 sm = (struct sockaddr_in *)ifa->ifa_netmask; 5356 if (si) { 5357 ifa_acquire(ifa, &psref); 5358 break; 5359 } 5360 } 5361 } 5362 pserialize_read_exit(s); 5363 if (ifa) { 5364 if (si && si->sin_addr.s_addr) { 5365 ssrc = si->sin_addr.s_addr; 5366 if (srcmask) 5367 *srcmask = ntohl(sm->sin_addr.s_addr); 5368 } 5369 5370 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 5371 if (si && si->sin_addr.s_addr) 5372 ddst = si->sin_addr.s_addr; 5373 ifa_release(ifa, &psref); 5374 } 5375 5376 if (dst) *dst = ntohl(ddst); 5377 if (src) *src = ntohl(ssrc); 5378 } 5379 5380 /* 5381 * Set IP addresses. Must be called at splnet. 5382 * If an address is 0, leave it the way it is. 5383 */ 5384 static void 5385 sppp_set_ip_addrs_work(struct work *wk, struct sppp *sp) 5386 { 5387 STDDCL; 5388 struct ifaddr *ifa; 5389 struct sockaddr_in *si, *dest; 5390 uint32_t myaddr = 0, hisaddr = 0; 5391 int s; 5392 5393 IFNET_LOCK(ifp); 5394 5395 /* 5396 * Pick the first AF_INET address from the list, 5397 * aliases don't make any sense on a p2p link anyway. 5398 */ 5399 si = dest = NULL; 5400 s = pserialize_read_enter(); 5401 IFADDR_READER_FOREACH(ifa, ifp) { 5402 if (ifa->ifa_addr->sa_family == AF_INET) { 5403 si = (struct sockaddr_in *)ifa->ifa_addr; 5404 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 5405 break; 5406 } 5407 } 5408 pserialize_read_exit(s); 5409 5410 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && (sp->ipcp.flags & IPCP_MYADDR_SEEN)) 5411 myaddr = sp->ipcp.req_myaddr; 5412 else if (si != NULL) 5413 myaddr = ntohl(si->sin_addr.s_addr); 5414 5415 if ((sp->ipcp.flags & IPCP_HISADDR_DYN) && (sp->ipcp.flags & IPCP_HISADDR_SEEN)) 5416 hisaddr = sp->ipcp.req_hisaddr; 5417 else if (dest != NULL) 5418 hisaddr = ntohl(dest->sin_addr.s_addr); 5419 5420 if (si != NULL && dest != NULL) { 5421 int error; 5422 struct sockaddr_in new_sin = *si; 5423 struct sockaddr_in new_dst = *dest; 5424 5425 if (myaddr != 0) 5426 new_sin.sin_addr.s_addr = htonl(myaddr); 5427 if (hisaddr != 0) { 5428 new_dst.sin_addr.s_addr = htonl(hisaddr); 5429 if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) 5430 sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr; 5431 } 5432 5433 in_addrhash_remove(ifatoia(ifa)); 5434 5435 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, &new_dst, 0); 5436 5437 in_addrhash_insert(ifatoia(ifa)); 5438 5439 if (debug && error) 5440 { 5441 log(LOG_DEBUG, "%s: %s: in_ifinit failed, error=%d\n", 5442 ifp->if_xname, __func__, error); 5443 } 5444 if (!error) { 5445 pfil_run_addrhooks(if_pfil, SIOCAIFADDR, ifa); 5446 } 5447 } 5448 5449 if (ifp->if_mtu > sp->lcp.their_mru) { 5450 sp->pp_saved_mtu = ifp->if_mtu; 5451 ifp->if_mtu = sp->lcp.their_mru; 5452 if (debug) 5453 log(LOG_DEBUG, 5454 "%s: setting MTU to %" PRIu64 " bytes\n", 5455 ifp->if_xname, ifp->if_mtu); 5456 } 5457 5458 IFNET_UNLOCK(ifp); 5459 5460 sppp_notify_con(sp); 5461 } 5462 5463 static void 5464 sppp_set_ip_addrs(struct sppp *sp) 5465 { 5466 struct ifnet *ifp = &sp->pp_if; 5467 5468 if (!pcq_put(sp->ipcp.update_addrs_q, (void *)IPCP_SET_ADDRS)) { 5469 log(LOG_WARNING, "%s: cannot enqueued, ignore sppp_clear_ip_addrs\n", 5470 ifp->if_xname); 5471 return; 5472 } 5473 5474 if (atomic_swap_uint(&sp->ipcp.update_addrs_enqueued, 1) == 1) 5475 return; 5476 5477 workqueue_enqueue(sp->ipcp.update_addrs_wq, &sp->ipcp.update_addrs_wk, NULL); 5478 } 5479 5480 /* 5481 * Clear IP addresses. Must be called at splnet. 5482 */ 5483 static void 5484 sppp_clear_ip_addrs_work(struct work *wk, struct sppp *sp) 5485 { 5486 STDDCL; 5487 struct ifaddr *ifa; 5488 struct sockaddr_in *si, *dest; 5489 int s; 5490 5491 IFNET_LOCK(ifp); 5492 5493 /* 5494 * Pick the first AF_INET address from the list, 5495 * aliases don't make any sense on a p2p link anyway. 5496 */ 5497 si = dest = NULL; 5498 s = pserialize_read_enter(); 5499 IFADDR_READER_FOREACH(ifa, ifp) { 5500 if (ifa->ifa_addr->sa_family == AF_INET) { 5501 si = (struct sockaddr_in *)ifa->ifa_addr; 5502 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 5503 break; 5504 } 5505 } 5506 pserialize_read_exit(s); 5507 5508 if (si != NULL) { 5509 struct sockaddr_in new_sin = *si; 5510 struct sockaddr_in new_dst = *dest; 5511 int error; 5512 5513 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 5514 new_sin.sin_addr.s_addr = 0; 5515 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 5516 new_dst.sin_addr.s_addr = sp->ipcp.saved_hisaddr; 5517 5518 in_addrhash_remove(ifatoia(ifa)); 5519 5520 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, &new_dst, 0); 5521 5522 in_addrhash_insert(ifatoia(ifa)); 5523 5524 if (debug && error) 5525 { 5526 log(LOG_DEBUG, "%s: %s: in_ifinit failed, error=%d\n", 5527 ifp->if_xname, __func__, error); 5528 } 5529 if (!error) { 5530 pfil_run_addrhooks(if_pfil, SIOCAIFADDR, ifa); 5531 } 5532 } 5533 5534 if (sp->pp_saved_mtu > 0) { 5535 ifp->if_mtu = sp->pp_saved_mtu; 5536 sp->pp_saved_mtu = 0; 5537 if (debug) 5538 log(LOG_DEBUG, 5539 "%s: resetting MTU to %" PRIu64 " bytes\n", 5540 ifp->if_xname, ifp->if_mtu); 5541 } 5542 5543 IFNET_UNLOCK(ifp); 5544 } 5545 5546 static void 5547 sppp_clear_ip_addrs(struct sppp *sp) 5548 { 5549 struct ifnet *ifp = &sp->pp_if; 5550 5551 if (!pcq_put(sp->ipcp.update_addrs_q, (void *)IPCP_CLEAR_ADDRS)) { 5552 log(LOG_WARNING, "%s: cannot enqueued, ignore sppp_clear_ip_addrs\n", 5553 ifp->if_xname); 5554 return; 5555 } 5556 5557 if (atomic_swap_uint(&sp->ipcp.update_addrs_enqueued, 1) == 1) 5558 return; 5559 5560 workqueue_enqueue(sp->ipcp.update_addrs_wq, &sp->ipcp.update_addrs_wk, NULL); 5561 } 5562 5563 static void 5564 sppp_update_ip_addrs_work(struct work *wk, void *arg) 5565 { 5566 struct sppp *sp = arg; 5567 void *work; 5568 5569 atomic_swap_uint(&sp->ipcp.update_addrs_enqueued, 0); 5570 5571 while ((work = pcq_get(sp->ipcp.update_addrs_q)) != NULL) { 5572 int update = (intptr_t)work; 5573 5574 if (update == IPCP_SET_ADDRS) 5575 sppp_set_ip_addrs_work(wk, sp); 5576 else if (update == IPCP_CLEAR_ADDRS) 5577 sppp_clear_ip_addrs_work(wk, sp); 5578 } 5579 } 5580 #endif 5581 5582 #ifdef INET6 5583 /* 5584 * Get both IPv6 addresses. 5585 */ 5586 static void 5587 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 5588 struct in6_addr *srcmask) 5589 { 5590 struct ifnet *ifp = &sp->pp_if; 5591 struct ifaddr *ifa; 5592 struct sockaddr_in6 *si, *sm; 5593 struct in6_addr ssrc, ddst; 5594 int s; 5595 struct psref psref; 5596 5597 sm = NULL; 5598 memset(&ssrc, 0, sizeof(ssrc)); 5599 memset(&ddst, 0, sizeof(ddst)); 5600 /* 5601 * Pick the first link-local AF_INET6 address from the list, 5602 * aliases don't make any sense on a p2p link anyway. 5603 */ 5604 si = 0; 5605 s = pserialize_read_enter(); 5606 IFADDR_READER_FOREACH(ifa, ifp) { 5607 if (ifa->ifa_addr->sa_family == AF_INET6) { 5608 si = (struct sockaddr_in6 *)ifa->ifa_addr; 5609 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 5610 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) { 5611 ifa_acquire(ifa, &psref); 5612 break; 5613 } 5614 } 5615 } 5616 pserialize_read_exit(s); 5617 5618 if (ifa) { 5619 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 5620 memcpy(&ssrc, &si->sin6_addr, sizeof(ssrc)); 5621 if (srcmask) { 5622 memcpy(srcmask, &sm->sin6_addr, 5623 sizeof(*srcmask)); 5624 } 5625 } 5626 5627 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 5628 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 5629 memcpy(&ddst, &si->sin6_addr, sizeof(ddst)); 5630 ifa_release(ifa, &psref); 5631 } 5632 5633 if (dst) 5634 memcpy(dst, &ddst, sizeof(*dst)); 5635 if (src) 5636 memcpy(src, &ssrc, sizeof(*src)); 5637 } 5638 5639 #ifdef IPV6CP_MYIFID_DYN 5640 /* 5641 * Generate random ifid. 5642 */ 5643 static void 5644 sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 5645 { 5646 /* TBD */ 5647 } 5648 5649 /* 5650 * Set my IPv6 address. Must be called at splnet. 5651 */ 5652 static void 5653 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 5654 { 5655 STDDCL; 5656 struct ifaddr *ifa; 5657 struct sockaddr_in6 *sin6; 5658 int s; 5659 struct psref psref; 5660 5661 IFNET_LOCK(ifp); 5662 5663 /* 5664 * Pick the first link-local AF_INET6 address from the list, 5665 * aliases don't make any sense on a p2p link anyway. 5666 */ 5667 5668 sin6 = NULL; 5669 s = pserialize_read_enter(); 5670 IFADDR_READER_FOREACH(ifa, ifp) 5671 { 5672 if (ifa->ifa_addr->sa_family == AF_INET6) 5673 { 5674 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 5675 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 5676 ifa_acquire(ifa, &psref); 5677 break; 5678 } 5679 } 5680 } 5681 pserialize_read_exit(s); 5682 5683 if (ifa && sin6) 5684 { 5685 int error; 5686 struct sockaddr_in6 new_sin6 = *sin6; 5687 5688 memcpy(&new_sin6.sin6_addr, src, sizeof(new_sin6.sin6_addr)); 5689 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 5690 if (debug && error) 5691 { 5692 log(LOG_DEBUG, "%s: %s: in6_ifinit failed, error=%d\n", 5693 ifp->if_xname, __func__, error); 5694 } 5695 if (!error) { 5696 pfil_run_addrhooks(if_pfil, SIOCAIFADDR_IN6, ifa); 5697 } 5698 ifa_release(ifa, &psref); 5699 } 5700 5701 IFNET_UNLOCK(ifp); 5702 } 5703 #endif 5704 5705 /* 5706 * Suggest a candidate address to be used by peer. 5707 */ 5708 static void 5709 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 5710 { 5711 struct in6_addr myaddr; 5712 struct timeval tv; 5713 5714 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 5715 5716 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 5717 microtime(&tv); 5718 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 5719 myaddr.s6_addr[14] ^= 0xff; 5720 myaddr.s6_addr[15] ^= 0xff; 5721 } else { 5722 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 5723 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 5724 } 5725 if (suggest) 5726 memcpy(suggest, &myaddr, sizeof(myaddr)); 5727 } 5728 #endif /*INET6*/ 5729 5730 /* 5731 * Process ioctl requests specific to the PPP interface. 5732 * Permissions have already been checked. 5733 */ 5734 static int 5735 sppp_params(struct sppp *sp, u_long cmd, void *data) 5736 { 5737 switch (cmd) { 5738 case SPPPGETAUTHCFG: 5739 { 5740 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 5741 int error; 5742 size_t len; 5743 5744 SPPP_LOCK(sp, RW_READER); 5745 5746 cfg->myauthflags = sp->myauth.flags; 5747 cfg->hisauthflags = sp->hisauth.flags; 5748 strlcpy(cfg->ifname, sp->pp_if.if_xname, sizeof(cfg->ifname)); 5749 cfg->hisauth = 0; 5750 if (sp->hisauth.proto) 5751 cfg->hisauth = (sp->hisauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP; 5752 cfg->myauth = 0; 5753 if (sp->myauth.proto) 5754 cfg->myauth = (sp->myauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP; 5755 if (cfg->myname_length == 0) { 5756 if (sp->myauth.name != NULL) 5757 cfg->myname_length = sp->myauth.name_len + 1; 5758 } else { 5759 if (sp->myauth.name == NULL) { 5760 cfg->myname_length = 0; 5761 } else { 5762 len = sp->myauth.name_len + 1; 5763 5764 if (cfg->myname_length < len) { 5765 SPPP_UNLOCK(sp); 5766 return (ENAMETOOLONG); 5767 } 5768 error = copyout(sp->myauth.name, cfg->myname, len); 5769 if (error) { 5770 SPPP_UNLOCK(sp); 5771 return error; 5772 } 5773 } 5774 } 5775 if (cfg->hisname_length == 0) { 5776 if (sp->hisauth.name != NULL) 5777 cfg->hisname_length = sp->hisauth.name_len + 1; 5778 } else { 5779 if (sp->hisauth.name == NULL) { 5780 cfg->hisname_length = 0; 5781 } else { 5782 len = sp->hisauth.name_len + 1; 5783 5784 if (cfg->hisname_length < len) { 5785 SPPP_UNLOCK(sp); 5786 return (ENAMETOOLONG); 5787 } 5788 error = copyout(sp->hisauth.name, cfg->hisname, len); 5789 if (error) { 5790 SPPP_UNLOCK(sp); 5791 return error; 5792 } 5793 } 5794 } 5795 SPPP_UNLOCK(sp); 5796 } 5797 break; 5798 case SPPPSETAUTHCFG: 5799 { 5800 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 5801 int error; 5802 5803 SPPP_LOCK(sp, RW_WRITER); 5804 5805 if (sp->myauth.name) { 5806 free(sp->myauth.name, M_DEVBUF); 5807 sp->myauth.name = NULL; 5808 } 5809 if (sp->myauth.secret) { 5810 free(sp->myauth.secret, M_DEVBUF); 5811 sp->myauth.secret = NULL; 5812 } 5813 if (sp->hisauth.name) { 5814 free(sp->hisauth.name, M_DEVBUF); 5815 sp->hisauth.name = NULL; 5816 } 5817 if (sp->hisauth.secret) { 5818 free(sp->hisauth.secret, M_DEVBUF); 5819 sp->hisauth.secret = NULL; 5820 } 5821 5822 if (cfg->hisname != NULL && cfg->hisname_length > 0) { 5823 if (cfg->hisname_length >= MCLBYTES) { 5824 SPPP_UNLOCK(sp); 5825 return (ENAMETOOLONG); 5826 } 5827 sp->hisauth.name = malloc(cfg->hisname_length, M_DEVBUF, M_WAITOK); 5828 error = copyin(cfg->hisname, sp->hisauth.name, cfg->hisname_length); 5829 if (error) { 5830 free(sp->hisauth.name, M_DEVBUF); 5831 sp->hisauth.name = NULL; 5832 SPPP_UNLOCK(sp); 5833 return error; 5834 } 5835 sp->hisauth.name_len = cfg->hisname_length - 1; 5836 sp->hisauth.name[sp->hisauth.name_len] = 0; 5837 } 5838 if (cfg->hissecret != NULL && cfg->hissecret_length > 0) { 5839 if (cfg->hissecret_length >= MCLBYTES) { 5840 SPPP_UNLOCK(sp); 5841 return (ENAMETOOLONG); 5842 } 5843 sp->hisauth.secret = malloc(cfg->hissecret_length, 5844 M_DEVBUF, M_WAITOK); 5845 error = copyin(cfg->hissecret, sp->hisauth.secret, 5846 cfg->hissecret_length); 5847 if (error) { 5848 free(sp->hisauth.secret, M_DEVBUF); 5849 sp->hisauth.secret = NULL; 5850 SPPP_UNLOCK(sp); 5851 return error; 5852 } 5853 sp->hisauth.secret_len = cfg->hissecret_length - 1; 5854 sp->hisauth.secret[sp->hisauth.secret_len] = 0; 5855 } 5856 if (cfg->myname != NULL && cfg->myname_length > 0) { 5857 if (cfg->myname_length >= MCLBYTES) { 5858 SPPP_UNLOCK(sp); 5859 return (ENAMETOOLONG); 5860 } 5861 sp->myauth.name = malloc(cfg->myname_length, M_DEVBUF, M_WAITOK); 5862 error = copyin(cfg->myname, sp->myauth.name, cfg->myname_length); 5863 if (error) { 5864 free(sp->myauth.name, M_DEVBUF); 5865 sp->myauth.name = NULL; 5866 SPPP_UNLOCK(sp); 5867 return error; 5868 } 5869 sp->myauth.name_len = cfg->myname_length - 1; 5870 sp->myauth.name[sp->myauth.name_len] = 0; 5871 } 5872 if (cfg->mysecret != NULL && cfg->mysecret_length > 0) { 5873 if (cfg->mysecret_length >= MCLBYTES) { 5874 SPPP_UNLOCK(sp); 5875 return (ENAMETOOLONG); 5876 } 5877 sp->myauth.secret = malloc(cfg->mysecret_length, 5878 M_DEVBUF, M_WAITOK); 5879 error = copyin(cfg->mysecret, sp->myauth.secret, 5880 cfg->mysecret_length); 5881 if (error) { 5882 free(sp->myauth.secret, M_DEVBUF); 5883 sp->myauth.secret = NULL; 5884 SPPP_UNLOCK(sp); 5885 return error; 5886 } 5887 sp->myauth.secret_len = cfg->mysecret_length - 1; 5888 sp->myauth.secret[sp->myauth.secret_len] = 0; 5889 } 5890 sp->myauth.flags = cfg->myauthflags; 5891 if (cfg->myauth) 5892 sp->myauth.proto = (cfg->myauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP; 5893 sp->hisauth.flags = cfg->hisauthflags; 5894 if (cfg->hisauth) 5895 sp->hisauth.proto = (cfg->hisauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP; 5896 sp->pp_auth_failures = 0; 5897 if (sp->hisauth.proto != 0) 5898 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 5899 else 5900 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 5901 5902 SPPP_UNLOCK(sp); 5903 } 5904 break; 5905 case SPPPGETLCPCFG: 5906 { 5907 struct sppplcpcfg *lcpp = (struct sppplcpcfg *)data; 5908 5909 SPPP_LOCK(sp, RW_READER); 5910 lcpp->lcp_timeout = sp->lcp.timeout; 5911 SPPP_UNLOCK(sp); 5912 } 5913 break; 5914 case SPPPSETLCPCFG: 5915 { 5916 struct sppplcpcfg *lcpp = (struct sppplcpcfg *)data; 5917 5918 SPPP_LOCK(sp, RW_WRITER); 5919 sp->lcp.timeout = lcpp->lcp_timeout; 5920 SPPP_UNLOCK(sp); 5921 } 5922 break; 5923 case SPPPGETSTATUS: 5924 { 5925 struct spppstatus *status = (struct spppstatus *)data; 5926 5927 SPPP_LOCK(sp, RW_READER); 5928 status->phase = sp->pp_phase; 5929 SPPP_UNLOCK(sp); 5930 } 5931 break; 5932 case SPPPGETSTATUSNCP: 5933 { 5934 struct spppstatusncp *status = (struct spppstatusncp *)data; 5935 5936 SPPP_LOCK(sp, RW_READER); 5937 status->phase = sp->pp_phase; 5938 status->ncpup = sppp_cp_check(sp, CP_NCP); 5939 SPPP_UNLOCK(sp); 5940 } 5941 break; 5942 case SPPPGETIDLETO: 5943 { 5944 struct spppidletimeout *to = (struct spppidletimeout *)data; 5945 5946 SPPP_LOCK(sp, RW_READER); 5947 to->idle_seconds = sp->pp_idle_timeout; 5948 SPPP_UNLOCK(sp); 5949 } 5950 break; 5951 case SPPPSETIDLETO: 5952 { 5953 struct spppidletimeout *to = (struct spppidletimeout *)data; 5954 5955 SPPP_LOCK(sp, RW_WRITER); 5956 sp->pp_idle_timeout = to->idle_seconds; 5957 SPPP_UNLOCK(sp); 5958 } 5959 break; 5960 case SPPPSETAUTHFAILURE: 5961 { 5962 struct spppauthfailuresettings *afsettings = 5963 (struct spppauthfailuresettings *)data; 5964 5965 SPPP_LOCK(sp, RW_WRITER); 5966 sp->pp_max_auth_fail = afsettings->max_failures; 5967 sp->pp_auth_failures = 0; 5968 SPPP_UNLOCK(sp); 5969 } 5970 break; 5971 case SPPPGETAUTHFAILURES: 5972 { 5973 struct spppauthfailurestats *stats = (struct spppauthfailurestats *)data; 5974 5975 SPPP_LOCK(sp, RW_READER); 5976 stats->auth_failures = sp->pp_auth_failures; 5977 stats->max_failures = sp->pp_max_auth_fail; 5978 SPPP_UNLOCK(sp); 5979 } 5980 break; 5981 case SPPPSETDNSOPTS: 5982 { 5983 struct spppdnssettings *req = (struct spppdnssettings *)data; 5984 5985 SPPP_LOCK(sp, RW_WRITER); 5986 sp->query_dns = req->query_dns & 3; 5987 SPPP_UNLOCK(sp); 5988 } 5989 break; 5990 case SPPPGETDNSOPTS: 5991 { 5992 struct spppdnssettings *req = (struct spppdnssettings *)data; 5993 5994 SPPP_LOCK(sp, RW_READER); 5995 req->query_dns = sp->query_dns; 5996 SPPP_UNLOCK(sp); 5997 } 5998 break; 5999 case SPPPGETDNSADDRS: 6000 { 6001 struct spppdnsaddrs *addrs = (struct spppdnsaddrs *)data; 6002 6003 SPPP_LOCK(sp, RW_READER); 6004 memcpy(&addrs->dns, &sp->dns_addrs, sizeof addrs->dns); 6005 SPPP_UNLOCK(sp); 6006 } 6007 break; 6008 case SPPPGETKEEPALIVE: 6009 { 6010 struct spppkeepalivesettings *settings = 6011 (struct spppkeepalivesettings*)data; 6012 6013 SPPP_LOCK(sp, RW_READER); 6014 settings->maxalive = sp->pp_maxalive; 6015 settings->max_noreceive = sp->pp_max_noreceive; 6016 SPPP_UNLOCK(sp); 6017 } 6018 break; 6019 case SPPPSETKEEPALIVE: 6020 { 6021 struct spppkeepalivesettings *settings = 6022 (struct spppkeepalivesettings*)data; 6023 6024 SPPP_LOCK(sp, RW_WRITER); 6025 sp->pp_maxalive = settings->maxalive; 6026 sp->pp_max_noreceive = settings->max_noreceive; 6027 SPPP_UNLOCK(sp); 6028 } 6029 break; 6030 default: 6031 { 6032 int ret; 6033 6034 MODULE_HOOK_CALL(sppp_params_50_hook, (sp, cmd, data), 6035 enosys(), ret); 6036 if (ret != ENOSYS) 6037 return ret; 6038 return (EINVAL); 6039 } 6040 } 6041 return (0); 6042 } 6043 6044 static void 6045 sppp_phase_network(struct sppp *sp) 6046 { 6047 int i; 6048 6049 KASSERT(SPPP_WLOCKED(sp)); 6050 6051 sppp_change_phase(sp, SPPP_PHASE_NETWORK); 6052 6053 /* Notify NCPs now. */ 6054 for (i = 0; i < IDX_COUNT; i++) 6055 if ((cps[i])->flags & CP_NCP) 6056 sppp_wq_add(sp->wq_cp, &sp->scp[i].work_open); 6057 } 6058 6059 static const char * 6060 sppp_cp_type_name(u_char type) 6061 { 6062 static char buf[12]; 6063 switch (type) { 6064 case CONF_REQ: return "conf-req"; 6065 case CONF_ACK: return "conf-ack"; 6066 case CONF_NAK: return "conf-nak"; 6067 case CONF_REJ: return "conf-rej"; 6068 case TERM_REQ: return "term-req"; 6069 case TERM_ACK: return "term-ack"; 6070 case CODE_REJ: return "code-rej"; 6071 case PROTO_REJ: return "proto-rej"; 6072 case ECHO_REQ: return "echo-req"; 6073 case ECHO_REPLY: return "echo-reply"; 6074 case DISC_REQ: return "discard-req"; 6075 } 6076 snprintf(buf, sizeof(buf), "0x%x", type); 6077 return buf; 6078 } 6079 6080 static const char * 6081 sppp_auth_type_name(u_short proto, u_char type) 6082 { 6083 static char buf[32]; 6084 const char *name; 6085 6086 switch (proto) { 6087 case PPP_CHAP: 6088 switch (type) { 6089 case CHAP_CHALLENGE: return "challenge"; 6090 case CHAP_RESPONSE: return "response"; 6091 case CHAP_SUCCESS: return "success"; 6092 case CHAP_FAILURE: return "failure"; 6093 default: name = "chap"; break; 6094 } 6095 break; 6096 6097 case PPP_PAP: 6098 switch (type) { 6099 case PAP_REQ: return "req"; 6100 case PAP_ACK: return "ack"; 6101 case PAP_NAK: return "nak"; 6102 default: name = "pap"; break; 6103 } 6104 break; 6105 6106 default: 6107 name = "bad"; 6108 break; 6109 } 6110 6111 snprintf(buf, sizeof(buf), "%s(%#x) %#x", name, proto, type); 6112 return buf; 6113 } 6114 6115 static const char * 6116 sppp_lcp_opt_name(u_char opt) 6117 { 6118 static char buf[12]; 6119 switch (opt) { 6120 case LCP_OPT_MRU: return "mru"; 6121 case LCP_OPT_ASYNC_MAP: return "async-map"; 6122 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 6123 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 6124 case LCP_OPT_MAGIC: return "magic"; 6125 case LCP_OPT_PROTO_COMP: return "proto-comp"; 6126 case LCP_OPT_ADDR_COMP: return "addr-comp"; 6127 case LCP_OPT_SELF_DESC_PAD: return "sdpad"; 6128 case LCP_OPT_CALL_BACK: return "callback"; 6129 case LCP_OPT_COMPOUND_FRMS: return "cmpd-frms"; 6130 case LCP_OPT_MP_MRRU: return "mrru"; 6131 case LCP_OPT_MP_SSNHF: return "mp-ssnhf"; 6132 case LCP_OPT_MP_EID: return "mp-eid"; 6133 } 6134 snprintf(buf, sizeof(buf), "0x%x", opt); 6135 return buf; 6136 } 6137 6138 static const char * 6139 sppp_ipcp_opt_name(u_char opt) 6140 { 6141 static char buf[12]; 6142 switch (opt) { 6143 case IPCP_OPT_ADDRESSES: return "addresses"; 6144 case IPCP_OPT_COMPRESSION: return "compression"; 6145 case IPCP_OPT_ADDRESS: return "address"; 6146 } 6147 snprintf(buf, sizeof(buf), "0x%x", opt); 6148 return buf; 6149 } 6150 6151 #ifdef INET6 6152 static const char * 6153 sppp_ipv6cp_opt_name(u_char opt) 6154 { 6155 static char buf[12]; 6156 switch (opt) { 6157 case IPV6CP_OPT_IFID: return "ifid"; 6158 case IPV6CP_OPT_COMPRESSION: return "compression"; 6159 } 6160 snprintf(buf, sizeof(buf), "0x%x", opt); 6161 return buf; 6162 } 6163 #endif 6164 6165 static const char * 6166 sppp_state_name(int state) 6167 { 6168 switch (state) { 6169 case STATE_INITIAL: return "initial"; 6170 case STATE_STARTING: return "starting"; 6171 case STATE_CLOSED: return "closed"; 6172 case STATE_STOPPED: return "stopped"; 6173 case STATE_CLOSING: return "closing"; 6174 case STATE_STOPPING: return "stopping"; 6175 case STATE_REQ_SENT: return "req-sent"; 6176 case STATE_ACK_RCVD: return "ack-rcvd"; 6177 case STATE_ACK_SENT: return "ack-sent"; 6178 case STATE_OPENED: return "opened"; 6179 } 6180 return "illegal"; 6181 } 6182 6183 static const char * 6184 sppp_phase_name(int phase) 6185 { 6186 switch (phase) { 6187 case SPPP_PHASE_DEAD: return "dead"; 6188 case SPPP_PHASE_ESTABLISH: return "establish"; 6189 case SPPP_PHASE_TERMINATE: return "terminate"; 6190 case SPPP_PHASE_AUTHENTICATE: return "authenticate"; 6191 case SPPP_PHASE_NETWORK: return "network"; 6192 } 6193 return "illegal"; 6194 } 6195 6196 static const char * 6197 sppp_proto_name(u_short proto) 6198 { 6199 static char buf[12]; 6200 switch (proto) { 6201 case PPP_LCP: return "lcp"; 6202 case PPP_IPCP: return "ipcp"; 6203 case PPP_PAP: return "pap"; 6204 case PPP_CHAP: return "chap"; 6205 case PPP_IPV6CP: return "ipv6cp"; 6206 } 6207 snprintf(buf, sizeof(buf), "0x%x", (unsigned)proto); 6208 return buf; 6209 } 6210 6211 static void 6212 sppp_print_bytes(const u_char *p, u_short len) 6213 { 6214 addlog(" %02x", *p++); 6215 while (--len > 0) 6216 addlog("-%02x", *p++); 6217 } 6218 6219 static void 6220 sppp_print_string(const char *p, u_short len) 6221 { 6222 u_char c; 6223 6224 while (len-- > 0) { 6225 c = *p++; 6226 /* 6227 * Print only ASCII chars directly. RFC 1994 recommends 6228 * using only them, but we don't rely on it. */ 6229 if (c < ' ' || c > '~') 6230 addlog("\\x%x", c); 6231 else 6232 addlog("%c", c); 6233 } 6234 } 6235 6236 static const char * 6237 sppp_dotted_quad(uint32_t addr) 6238 { 6239 static char s[16]; 6240 snprintf(s, sizeof(s), "%d.%d.%d.%d", 6241 (int)((addr >> 24) & 0xff), 6242 (int)((addr >> 16) & 0xff), 6243 (int)((addr >> 8) & 0xff), 6244 (int)(addr & 0xff)); 6245 return s; 6246 } 6247 6248 /* a dummy, used to drop uninteresting events */ 6249 static void 6250 sppp_null(struct sppp *unused) 6251 { 6252 /* do just nothing */ 6253 } 6254 6255 static void 6256 sppp_tls(const struct cp *cp, struct sppp *sp) 6257 { 6258 6259 /* notify lcp that is lower layer */ 6260 sp->lcp.protos |= (1 << cp->protoidx); 6261 6262 if (sp->scp[IDX_LCP].state == STATE_OPENED) 6263 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_up); 6264 } 6265 6266 static void 6267 sppp_tlf(const struct cp *cp, struct sppp *sp) 6268 { 6269 STDDCL; 6270 6271 if (debug) 6272 log(LOG_DEBUG, "%s: %s tlf\n", ifp->if_xname, cp->name); 6273 6274 /* notify lcp that is lower layer */ 6275 sp->lcp.protos &= ~(1 << cp->protoidx); 6276 6277 /* cleanup */ 6278 if (sp->scp[cp->protoidx].rcr_buf != NULL) { 6279 kmem_free(sp->scp[cp->protoidx].rcr_buf, 6280 sp->scp[cp->protoidx].rcr_blen); 6281 } 6282 6283 sp->scp[cp->protoidx].rcr_buf = NULL; 6284 sp->scp[cp->protoidx].rcr_blen = 0; 6285 sp->scp[cp->protoidx].rcr_rlen = 0; 6286 6287 sppp_lcp_check_and_close(sp); 6288 } 6289 6290 static void 6291 sppp_sca_scn(const struct cp *cp, struct sppp *sp) 6292 { 6293 STDDCL; 6294 u_char rconfid, rlen; 6295 int type; 6296 void *buf; 6297 size_t blen; 6298 6299 rconfid = sp->scp[cp->protoidx].rconfid; 6300 buf = sp->scp[cp->protoidx].rcr_buf; 6301 rlen = sp->scp[cp->protoidx].rcr_rlen; 6302 blen = sp->scp[cp->protoidx].rcr_blen; 6303 6304 sp->scp[cp->protoidx].rcr_buf = NULL; 6305 sp->scp[cp->protoidx].rcr_blen = 0; 6306 6307 switch (sp->scp[cp->protoidx].rcr_type) { 6308 case CP_RCR_ACK: 6309 type = CONF_ACK; 6310 break; 6311 case CP_RCR_REJ: 6312 type = CONF_REJ; 6313 break; 6314 case CP_RCR_NAK: 6315 type = CONF_NAK; 6316 break; 6317 default: 6318 type = -1; 6319 break; 6320 } 6321 6322 sp->scp[cp->protoidx].rcr_type = CP_RCR_NONE; 6323 6324 if (buf != NULL) { 6325 if (rlen > 0 && type != -1) { 6326 if (debug) { 6327 log(LOG_DEBUG, "%s: send %s\n", 6328 ifp->if_xname, sppp_cp_type_name(type)); 6329 } 6330 sppp_cp_send(sp, cp->proto, type, rconfid, rlen, buf); 6331 } 6332 kmem_free(buf, blen); 6333 } 6334 } 6335 6336 static void 6337 sppp_ifdown(struct sppp *sp, void *xcp __unused) 6338 { 6339 6340 SPPP_UNLOCK(sp); 6341 if_down(&sp->pp_if); 6342 IF_PURGE(&sp->pp_cpq); 6343 SPPP_LOCK(sp, RW_WRITER); 6344 } 6345 6346 /* 6347 * This file is large. Tell emacs to highlight it nevertheless. 6348 * 6349 * Local Variables: 6350 * hilit-auto-highlight-maxout: 120000 6351 * End: 6352 */ 6353 6354 /* 6355 * Module glue 6356 */ 6357 MODULE(MODULE_CLASS_MISC, sppp_subr, NULL); 6358 6359 static int 6360 sppp_subr_modcmd(modcmd_t cmd, void *arg) 6361 { 6362 switch (cmd) { 6363 case MODULE_CMD_INIT: 6364 case MODULE_CMD_FINI: 6365 return 0; 6366 case MODULE_CMD_STAT: 6367 case MODULE_CMD_AUTOUNLOAD: 6368 default: 6369 return ENOTTY; 6370 } 6371 } 6372 6373 static void 6374 sppp_notify_up(struct sppp *sp) 6375 { 6376 6377 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_up); 6378 } 6379 6380 static void 6381 sppp_notify_down(struct sppp *sp) 6382 { 6383 6384 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_down); 6385 } 6386 6387 static void 6388 sppp_notify_tls_wlocked(struct sppp *sp) 6389 { 6390 6391 KASSERT(SPPP_WLOCKED(sp)); 6392 6393 if (!sp->pp_tls) 6394 return; 6395 6396 SPPP_UNLOCK(sp); 6397 sp->pp_tls(sp); 6398 SPPP_LOCK(sp, RW_WRITER); 6399 } 6400 6401 static void 6402 sppp_notify_tlf_wlocked(struct sppp *sp) 6403 { 6404 6405 KASSERT(SPPP_WLOCKED(sp)); 6406 6407 if (!sp->pp_tlf) 6408 return; 6409 6410 SPPP_UNLOCK(sp); 6411 sp->pp_tlf(sp); 6412 SPPP_LOCK(sp, RW_WRITER); 6413 } 6414 6415 static void 6416 sppp_notify_con(struct sppp *sp) 6417 { 6418 6419 if (!sp->pp_con) 6420 return; 6421 6422 sp->pp_con(sp); 6423 } 6424 6425 #ifdef INET6 6426 static void 6427 sppp_notify_con_wlocked(struct sppp *sp) 6428 { 6429 6430 KASSERT(SPPP_WLOCKED(sp)); 6431 6432 SPPP_UNLOCK(sp); 6433 sppp_notify_con(sp); 6434 SPPP_LOCK(sp, RW_WRITER); 6435 6436 } 6437 #endif 6438 6439 static void 6440 sppp_notify_chg_wlocked(struct sppp *sp) 6441 { 6442 6443 KASSERT(SPPP_WLOCKED(sp)); 6444 6445 if (!sp->pp_chg) 6446 return; 6447 6448 SPPP_UNLOCK(sp); 6449 sp->pp_chg(sp, sp->pp_phase); 6450 SPPP_LOCK(sp, RW_WRITER); 6451 } 6452 6453 static void 6454 sppp_wq_work(struct work *wk, void *xsp) 6455 { 6456 struct sppp *sp; 6457 struct sppp_work *work; 6458 6459 sp = xsp; 6460 work = container_of(wk, struct sppp_work, work); 6461 atomic_cas_uint(&work->state, SPPP_WK_BUSY, SPPP_WK_FREE); 6462 6463 SPPP_LOCK(sp, RW_WRITER); 6464 work->func(sp, work->arg); 6465 SPPP_UNLOCK(sp); 6466 } 6467 6468 static struct workqueue * 6469 sppp_wq_create(struct sppp *sp, const char *xnamebuf, pri_t prio, int ipl, int flags) 6470 { 6471 struct workqueue *wq; 6472 int error; 6473 6474 error = workqueue_create(&wq, xnamebuf, sppp_wq_work, 6475 (void *)sp, prio, ipl, flags); 6476 if (error) { 6477 panic("%s: workqueue_create failed [%s, %d]\n", 6478 sp->pp_if.if_xname, xnamebuf, error); 6479 } 6480 6481 return wq; 6482 } 6483 6484 static void 6485 sppp_wq_destroy(struct sppp *sp __unused, struct workqueue *wq) 6486 { 6487 6488 workqueue_destroy(wq); 6489 } 6490 6491 static void 6492 sppp_wq_set(struct sppp_work *work, 6493 void (*func)(struct sppp *, void *), void *arg) 6494 { 6495 6496 work->func = func; 6497 work->arg = arg; 6498 } 6499 6500 static void 6501 sppp_wq_add(struct workqueue *wq, struct sppp_work *work) 6502 { 6503 6504 if (atomic_cas_uint(&work->state, SPPP_WK_FREE, SPPP_WK_BUSY) 6505 != SPPP_WK_FREE) 6506 return; 6507 6508 KASSERT(work->func != NULL); 6509 kpreempt_disable(); 6510 workqueue_enqueue(wq, &work->work, NULL); 6511 kpreempt_enable(); 6512 } 6513 static void 6514 sppp_wq_wait(struct workqueue *wq, struct sppp_work *work) 6515 { 6516 6517 atomic_swap_uint(&work->state, SPPP_WK_UNAVAIL); 6518 workqueue_wait(wq, &work->work); 6519 } 6520
Indexes created Sat Sep 27 14:09:57 GMT 2025