if_spppsubr.c revision 1.237
1 /* $NetBSD: if_spppsubr.c,v 1.237 2021/05/11 06:42:42 yamaguchi Exp $ */ 2 3 /* 4 * Synchronous PPP/Cisco link level subroutines. 5 * Keepalive protocol implemented in both Cisco and PPP modes. 6 * 7 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 8 * Author: Serge Vakulenko, <vak (at) cronyx.ru> 9 * 10 * Heavily revamped to conform to RFC 1661. 11 * Copyright (C) 1997, Joerg Wunsch. 12 * 13 * RFC2472 IPv6CP support. 14 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun (at) iijlab.net>. 15 * 16 * Redistribution and use in source and binary forms, with or without 17 * modification, are permitted provided that the following conditions are met: 18 * 1. Redistributions of source code must retain the above copyright notice, 19 * this list of conditions and the following disclaimer. 20 * 2. Redistributions in binary form must reproduce the above copyright notice, 21 * this list of conditions and the following disclaimer in the documentation 22 * and/or other materials provided with the distribution. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY 25 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE 28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 32 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 34 * POSSIBILITY OF SUCH DAMAGE. 35 * 36 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 37 * 38 * From: if_spppsubr.c,v 1.39 1998/04/04 13:26:03 phk Exp 39 * 40 * From: Id: if_spppsubr.c,v 1.23 1999/02/23 14:47:50 hm Exp 41 */ 42 43 #include <sys/cdefs.h> 44 __KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.237 2021/05/11 06:42:42 yamaguchi Exp $"); 45 46 #if defined(_KERNEL_OPT) 47 #include "opt_inet.h" 48 #include "opt_modular.h" 49 #include "opt_compat_netbsd.h" 50 #include "opt_net_mpsafe.h" 51 #endif 52 53 #include <sys/param.h> 54 #include <sys/proc.h> 55 #include <sys/systm.h> 56 #include <sys/kernel.h> 57 #include <sys/sockio.h> 58 #include <sys/socket.h> 59 #include <sys/syslog.h> 60 #include <sys/malloc.h> 61 #include <sys/mbuf.h> 62 #include <sys/callout.h> 63 #include <sys/md5.h> 64 #include <sys/inttypes.h> 65 #include <sys/kauth.h> 66 #include <sys/cprng.h> 67 #include <sys/module.h> 68 #include <sys/workqueue.h> 69 #include <sys/atomic.h> 70 #include <sys/compat_stub.h> 71 #include <sys/cpu.h> 72 73 #include <net/if.h> 74 #include <net/netisr.h> 75 #include <net/if_types.h> 76 #include <net/route.h> 77 #include <net/ppp_defs.h> 78 79 #include <netinet/in.h> 80 #include <netinet/in_systm.h> 81 #include <netinet/in_var.h> 82 #ifdef INET 83 #include <netinet/ip.h> 84 #include <netinet/tcp.h> 85 #endif 86 #include <net/ethertypes.h> 87 88 #ifdef INET6 89 #include <netinet6/scope6_var.h> 90 #endif 91 92 #include <net/if_sppp.h> 93 #include <net/if_spppvar.h> 94 95 #ifdef NET_MPSAFE 96 #define SPPPSUBR_MPSAFE 1 97 #endif 98 99 #define LCP_KEEPALIVE_INTERVAL 10 /* seconds between checks */ 100 #define LOOPALIVECNT 3 /* loopback detection tries */ 101 #define DEFAULT_MAXALIVECNT 3 /* max. missed alive packets */ 102 #define DEFAULT_NORECV_TIME 15 /* before we get worried */ 103 #define DEFAULT_MAX_AUTH_FAILURES 5 /* max. auth. failures */ 104 105 /* 106 * Interface flags that can be set in an ifconfig command. 107 * 108 * Setting link0 will make the link passive, i.e. it will be marked 109 * as being administrative openable, but won't be opened to begin 110 * with. Incoming calls will be answered, or subsequent calls with 111 * -link1 will cause the administrative open of the LCP layer. 112 * 113 * Setting link1 will cause the link to auto-dial only as packets 114 * arrive to be sent. 115 * 116 * Setting IFF_DEBUG will syslog the option negotiation and state 117 * transitions at level kern.debug. Note: all logs consistently look 118 * like 119 * 120 * <if-name><unit>: <proto-name> <additional info...> 121 * 122 * with <if-name><unit> being something like "bppp0", and <proto-name> 123 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 124 */ 125 126 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 127 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 128 129 #define CONF_REQ 1 /* PPP configure request */ 130 #define CONF_ACK 2 /* PPP configure acknowledge */ 131 #define CONF_NAK 3 /* PPP configure negative ack */ 132 #define CONF_REJ 4 /* PPP configure reject */ 133 #define TERM_REQ 5 /* PPP terminate request */ 134 #define TERM_ACK 6 /* PPP terminate acknowledge */ 135 #define CODE_REJ 7 /* PPP code reject */ 136 #define PROTO_REJ 8 /* PPP protocol reject */ 137 #define ECHO_REQ 9 /* PPP echo request */ 138 #define ECHO_REPLY 10 /* PPP echo reply */ 139 #define DISC_REQ 11 /* PPP discard request */ 140 141 #define LCP_OPT_MRU 1 /* maximum receive unit */ 142 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 143 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 144 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 145 #define LCP_OPT_MAGIC 5 /* magic number */ 146 #define LCP_OPT_RESERVED 6 /* reserved */ 147 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 148 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 149 #define LCP_OPT_FCS_ALTS 9 /* FCS alternatives */ 150 #define LCP_OPT_SELF_DESC_PAD 10 /* self-describing padding */ 151 #define LCP_OPT_CALL_BACK 13 /* callback */ 152 #define LCP_OPT_COMPOUND_FRMS 15 /* compound frames */ 153 #define LCP_OPT_MP_MRRU 17 /* multilink MRRU */ 154 #define LCP_OPT_MP_SSNHF 18 /* multilink short seq. numbers */ 155 #define LCP_OPT_MP_EID 19 /* multilink endpoint discriminator */ 156 157 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 158 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol */ 159 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 160 #define IPCP_OPT_PRIMDNS 129 /* primary remote dns address */ 161 #define IPCP_OPT_SECDNS 131 /* secondary remote dns address */ 162 163 #define IPCP_UPDATE_LIMIT 8 /* limit of pending IP updating job */ 164 #define IPCP_SET_ADDRS 1 /* marker for IP address setting job */ 165 #define IPCP_CLEAR_ADDRS 2 /* marker for IP address clearing job */ 166 167 #define IPV6CP_OPT_IFID 1 /* interface identifier */ 168 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 169 170 #define PAP_REQ 1 /* PAP name/password request */ 171 #define PAP_ACK 2 /* PAP acknowledge */ 172 #define PAP_NAK 3 /* PAP fail */ 173 174 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 175 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 176 #define CHAP_SUCCESS 3 /* CHAP response ok */ 177 #define CHAP_FAILURE 4 /* CHAP response failed */ 178 179 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 180 181 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 182 #define CISCO_UNICAST 0x0f /* Cisco unicast address */ 183 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 184 #define CISCO_ADDR_REQ 0 /* Cisco address request */ 185 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 186 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 187 188 #define PPP_NOPROTO 0 /* no authentication protocol */ 189 190 enum { 191 STATE_INITIAL = SPPP_STATE_INITIAL, 192 STATE_STARTING = SPPP_STATE_STARTING, 193 STATE_CLOSED = SPPP_STATE_CLOSED, 194 STATE_STOPPED = SPPP_STATE_STOPPED, 195 STATE_CLOSING = SPPP_STATE_CLOSING, 196 STATE_STOPPING = SPPP_STATE_STOPPING, 197 STATE_REQ_SENT = SPPP_STATE_REQ_SENT, 198 STATE_ACK_RCVD = SPPP_STATE_ACK_RCVD, 199 STATE_ACK_SENT = SPPP_STATE_ACK_SENT, 200 STATE_OPENED = SPPP_STATE_OPENED, 201 }; 202 203 enum cp_rcr_type { 204 CP_RCR_NONE = 0, /* initial value */ 205 CP_RCR_ACK, /* RCR+ */ 206 CP_RCR_NAK, /* RCR- */ 207 CP_RCR_REJ, /* RCR- */ 208 CP_RCR_DROP, /* DROP message */ 209 CP_RCR_ERR, /* internal error */ 210 }; 211 212 struct ppp_header { 213 uint8_t address; 214 uint8_t control; 215 uint16_t protocol; 216 } __packed; 217 #define PPP_HEADER_LEN sizeof (struct ppp_header) 218 219 struct lcp_header { 220 uint8_t type; 221 uint8_t ident; 222 uint16_t len; 223 } __packed; 224 #define LCP_HEADER_LEN sizeof (struct lcp_header) 225 226 struct cisco_packet { 227 uint32_t type; 228 uint32_t par1; 229 uint32_t par2; 230 uint16_t rel; 231 uint16_t time0; 232 uint16_t time1; 233 } __packed; 234 #define CISCO_PACKET_LEN 18 235 236 /* 237 * We follow the spelling and capitalization of RFC 1661 here, to make 238 * it easier comparing with the standard. Please refer to this RFC in 239 * case you can't make sense out of these abbreviation; it will also 240 * explain the semantics related to the various events and actions. 241 */ 242 struct cp { 243 u_short proto; /* PPP control protocol number */ 244 u_char protoidx; /* index into state table in struct sppp */ 245 u_char flags; 246 #define CP_LCP 0x01 /* this is the LCP */ 247 #define CP_AUTH 0x02 /* this is an authentication protocol */ 248 #define CP_NCP 0x04 /* this is a NCP */ 249 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 250 const char *name; /* name of this control protocol */ 251 /* event handlers */ 252 void (*Up)(struct sppp *, void *); 253 void (*Down)(struct sppp *, void *); 254 void (*Open)(struct sppp *, void *); 255 void (*Close)(struct sppp *, void *); 256 void (*TO)(struct sppp *, void *); 257 /* actions */ 258 void (*tlu)(struct sppp *); 259 void (*tld)(struct sppp *); 260 void (*tls)(const struct cp *, struct sppp *); 261 void (*tlf)(const struct cp *, struct sppp *); 262 void (*scr)(struct sppp *); 263 void (*screply)(const struct cp *, struct sppp *, u_char, 264 uint8_t, size_t, void *); 265 266 /* message parser */ 267 enum cp_rcr_type 268 (*parse_confreq)(struct sppp *, struct lcp_header *, int, 269 uint8_t **, size_t *, size_t *); 270 void (*parse_confrej)(struct sppp *, struct lcp_header *, int); 271 void (*parse_confnak)(struct sppp *, struct lcp_header *, int); 272 }; 273 274 enum auth_role { 275 SPPP_AUTH_NOROLE = 0, 276 SPPP_AUTH_SERV = __BIT(0), 277 SPPP_AUTH_PEER = __BIT(1), 278 }; 279 280 static struct sppp *spppq; 281 static kmutex_t *spppq_lock = NULL; 282 static callout_t keepalive_ch; 283 284 #define SPPPQ_LOCK() if (spppq_lock) \ 285 mutex_enter(spppq_lock); 286 #define SPPPQ_UNLOCK() if (spppq_lock) \ 287 mutex_exit(spppq_lock); 288 289 #define SPPP_LOCK(_sp, _op) rw_enter(&(_sp)->pp_lock, (_op)) 290 #define SPPP_UNLOCK(_sp) rw_exit(&(_sp)->pp_lock) 291 #define SPPP_WLOCKED(_sp) rw_write_held(&(_sp)->pp_lock) 292 #define SPPP_UPGRADE(_sp) do{ \ 293 SPPP_UNLOCK(_sp); \ 294 SPPP_LOCK(_sp, RW_WRITER); \ 295 }while (0) 296 #define SPPP_DOWNGRADE(_sp) rw_downgrade(&(_sp)->pp_lock) 297 #define SPPP_WQ_SET(_wk, _func, _arg) \ 298 sppp_wq_set((_wk), (_func), __UNCONST((_arg))) 299 300 #ifdef INET 301 #ifndef SPPPSUBR_MPSAFE 302 /* 303 * The following disgusting hack gets around the problem that IP TOS 304 * can't be set yet. We want to put "interactive" traffic on a high 305 * priority queue. To decide if traffic is interactive, we check that 306 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 307 * 308 * XXX is this really still necessary? - joerg - 309 */ 310 static u_short interactive_ports[8] = { 311 0, 513, 0, 0, 312 0, 21, 0, 23, 313 }; 314 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 315 #endif /* SPPPSUBR_MPSAFE */ 316 #endif 317 318 /* almost every function needs these */ 319 #define STDDCL \ 320 struct ifnet *ifp = &sp->pp_if; \ 321 int debug = ifp->if_flags & IFF_DEBUG 322 323 static int sppp_output(struct ifnet *, struct mbuf *, 324 const struct sockaddr *, const struct rtentry *); 325 326 static void sppp_cisco_send(struct sppp *, int, int32_t, int32_t); 327 static void sppp_cisco_input(struct sppp *, struct mbuf *); 328 329 static void sppp_cp_init(const struct cp *, struct sppp *); 330 static void sppp_cp_fini(const struct cp *, struct sppp *); 331 static void sppp_cp_input(const struct cp *, struct sppp *, 332 struct mbuf *); 333 static void sppp_cp_input(const struct cp *, struct sppp *, 334 struct mbuf *); 335 static void sppp_cp_send(struct sppp *, u_short, u_char, 336 u_char, u_short, void *); 337 /* static void sppp_cp_timeout(void *arg); */ 338 static void sppp_cp_change_state(const struct cp *, struct sppp *, int); 339 static struct workqueue * 340 sppp_wq_create(struct sppp *, const char *, pri_t, int, int); 341 static void sppp_wq_destroy(struct sppp *, struct workqueue *); 342 static void sppp_wq_set(struct sppp_work *, 343 void (*)(struct sppp *, void *), void *); 344 static void sppp_wq_add(struct workqueue *, struct sppp_work *); 345 static void sppp_wq_wait(struct workqueue *, struct sppp_work *); 346 static void sppp_cp_to_lcp(void *); 347 static void sppp_cp_to_ipcp(void *); 348 static void sppp_cp_to_ipv6cp(void *); 349 static void sppp_auth_send(const struct cp *, struct sppp *, 350 unsigned int, unsigned int, ...); 351 static int sppp_auth_role(const struct cp *, struct sppp *); 352 static void sppp_auth_to_event(struct sppp *, void *); 353 static void sppp_auth_screply(const struct cp *, struct sppp *, 354 u_char, uint8_t, size_t, void *); 355 static void sppp_up_event(struct sppp *, void *); 356 static void sppp_down_event(struct sppp *, void *); 357 static void sppp_open_event(struct sppp *, void *); 358 static void sppp_close_event(struct sppp *, void *); 359 static void sppp_to_event(struct sppp *, void *); 360 static void sppp_rcr_event(struct sppp *, void *); 361 static void sppp_rca_event(struct sppp *, void *); 362 static void sppp_rcn_event(struct sppp *, void *); 363 static void sppp_rtr_event(struct sppp *, void *); 364 static void sppp_rta_event(struct sppp *, void *); 365 static void sppp_rxj_event(struct sppp *, void *); 366 367 static void sppp_null(struct sppp *); 368 static void sppp_tls(const struct cp *, struct sppp *); 369 static void sppp_tlf(const struct cp *, struct sppp *); 370 static void sppp_screply(const struct cp *, struct sppp *, 371 u_char, uint8_t, size_t, void *); 372 static void sppp_ifdown(struct sppp *, void *); 373 374 static void sppp_lcp_init(struct sppp *); 375 static void sppp_lcp_up(struct sppp *, void *); 376 static void sppp_lcp_down(struct sppp *, void *); 377 static void sppp_lcp_open(struct sppp *, void *); 378 static enum cp_rcr_type 379 sppp_lcp_confreq(struct sppp *, struct lcp_header *, int, 380 uint8_t **, size_t *, size_t *); 381 static void sppp_lcp_confrej(struct sppp *, struct lcp_header *, int); 382 static void sppp_lcp_confnak(struct sppp *, struct lcp_header *, int); 383 static void sppp_lcp_tlu(struct sppp *); 384 static void sppp_lcp_tld(struct sppp *); 385 static void sppp_lcp_tls(const struct cp *, struct sppp *); 386 static void sppp_lcp_tlf(const struct cp *, struct sppp *); 387 static void sppp_lcp_scr(struct sppp *); 388 static void sppp_lcp_check_and_close(struct sppp *); 389 static int sppp_cp_check(struct sppp *, u_char); 390 391 static void sppp_ipcp_init(struct sppp *); 392 static void sppp_ipcp_open(struct sppp *, void *); 393 static void sppp_ipcp_close(struct sppp *, void *); 394 static enum cp_rcr_type 395 sppp_ipcp_confreq(struct sppp *, struct lcp_header *, int, 396 uint8_t **, size_t *, size_t *); 397 static void sppp_ipcp_confrej(struct sppp *, struct lcp_header *, int); 398 static void sppp_ipcp_confnak(struct sppp *, struct lcp_header *, int); 399 static void sppp_ipcp_tlu(struct sppp *); 400 static void sppp_ipcp_scr(struct sppp *); 401 402 static void sppp_ipv6cp_init(struct sppp *); 403 static void sppp_ipv6cp_open(struct sppp *, void *); 404 static enum cp_rcr_type 405 sppp_ipv6cp_confreq(struct sppp *, struct lcp_header *, int, 406 uint8_t **, size_t *, size_t *); 407 static void sppp_ipv6cp_confrej(struct sppp *, struct lcp_header *, int); 408 static void sppp_ipv6cp_confnak(struct sppp *, struct lcp_header *, int); 409 static void sppp_ipv6cp_tlu(struct sppp *); 410 static void sppp_ipv6cp_scr(struct sppp *); 411 412 static void sppp_pap_input(struct sppp *, struct mbuf *); 413 static void sppp_pap_init(struct sppp *); 414 static void sppp_pap_tlu(struct sppp *); 415 static void sppp_pap_scr(struct sppp *); 416 static void sppp_pap_scr(struct sppp *); 417 418 static void sppp_chap_input(struct sppp *, struct mbuf *); 419 static void sppp_chap_init(struct sppp *); 420 static void sppp_chap_open(struct sppp *, void *); 421 static void sppp_chap_tlu(struct sppp *); 422 static void sppp_chap_scr(struct sppp *); 423 static void sppp_chap_rcv_challenge_event(struct sppp *, void *); 424 425 static const char *sppp_auth_type_name(u_short, u_char); 426 static const char *sppp_cp_type_name(u_char); 427 static const char *sppp_dotted_quad(uint32_t); 428 static const char *sppp_ipcp_opt_name(u_char); 429 #ifdef INET6 430 static const char *sppp_ipv6cp_opt_name(u_char); 431 #endif 432 static const char *sppp_lcp_opt_name(u_char); 433 static const char *sppp_phase_name(int); 434 static const char *sppp_proto_name(u_short); 435 static const char *sppp_state_name(int); 436 static int sppp_params(struct sppp *, u_long, void *); 437 #ifdef INET 438 static void sppp_get_ip_addrs(struct sppp *, uint32_t *, uint32_t *, uint32_t *); 439 static void sppp_set_ip_addrs(struct sppp *); 440 static void sppp_clear_ip_addrs(struct sppp *); 441 #endif 442 static void sppp_keepalive(void *); 443 static void sppp_phase_network(struct sppp *); 444 static void sppp_print_bytes(const u_char *, u_short); 445 static void sppp_print_string(const char *, u_short); 446 #ifdef INET6 447 static void sppp_get_ip6_addrs(struct sppp *, struct in6_addr *, 448 struct in6_addr *, struct in6_addr *); 449 #ifdef IPV6CP_MYIFID_DYN 450 static void sppp_set_ip6_addr(struct sppp *, const struct in6_addr *); 451 static void sppp_gen_ip6_addr(struct sppp *, const struct in6_addr *); 452 #endif 453 static void sppp_suggest_ip6_addr(struct sppp *, struct in6_addr *); 454 #endif 455 456 static void sppp_notify_up(struct sppp *); 457 static void sppp_notify_down(struct sppp *); 458 static void sppp_notify_tls_wlocked(struct sppp *); 459 static void sppp_notify_tlf_wlocked(struct sppp *); 460 #ifdef INET6 461 static void sppp_notify_con_wlocked(struct sppp *); 462 #endif 463 static void sppp_notify_con(struct sppp *); 464 465 static void sppp_notify_chg_wlocked(struct sppp *); 466 467 /* our control protocol descriptors */ 468 static const struct cp lcp = { 469 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 470 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, 471 sppp_close_event, sppp_to_event, 472 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, 473 sppp_lcp_tlf, sppp_lcp_scr, sppp_screply, 474 sppp_lcp_confreq, sppp_lcp_confrej, sppp_lcp_confnak 475 }; 476 477 static const struct cp ipcp = { 478 PPP_IPCP, IDX_IPCP, 479 #ifdef INET 480 CP_NCP, /*don't run IPCP if there's no IPv4 support*/ 481 #else 482 0, 483 #endif 484 "ipcp", 485 sppp_up_event, sppp_down_event, sppp_ipcp_open, 486 sppp_ipcp_close, sppp_to_event, 487 sppp_ipcp_tlu, sppp_null, sppp_tls, 488 sppp_tlf, sppp_ipcp_scr, sppp_screply, 489 sppp_ipcp_confreq, sppp_ipcp_confrej, sppp_ipcp_confnak, 490 }; 491 492 static const struct cp ipv6cp = { 493 PPP_IPV6CP, IDX_IPV6CP, 494 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 495 CP_NCP, 496 #else 497 0, 498 #endif 499 "ipv6cp", 500 sppp_up_event, sppp_down_event, sppp_ipv6cp_open, 501 sppp_close_event, sppp_to_event, 502 sppp_ipv6cp_tlu, sppp_null, sppp_tls, 503 sppp_tlf, sppp_ipv6cp_scr, sppp_screply, 504 sppp_ipv6cp_confreq, sppp_ipv6cp_confrej, sppp_ipv6cp_confnak, 505 }; 506 507 static const struct cp pap = { 508 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 509 sppp_up_event, sppp_down_event, sppp_open_event, 510 sppp_close_event, sppp_to_event, 511 sppp_pap_tlu, sppp_null, sppp_tls, sppp_tlf, 512 sppp_pap_scr, sppp_auth_screply, 513 NULL, NULL, NULL 514 }; 515 516 static const struct cp chap = { 517 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 518 sppp_up_event, sppp_down_event, sppp_chap_open, 519 sppp_close_event, sppp_auth_to_event, 520 sppp_chap_tlu, sppp_null, sppp_tls, sppp_tlf, 521 sppp_chap_scr, sppp_auth_screply, 522 NULL, NULL, NULL 523 }; 524 525 static const struct cp *cps[IDX_COUNT] = { 526 &lcp, /* IDX_LCP */ 527 &ipcp, /* IDX_IPCP */ 528 &ipv6cp, /* IDX_IPV6CP */ 529 &pap, /* IDX_PAP */ 530 &chap, /* IDX_CHAP */ 531 }; 532 533 static inline u_int 534 sppp_proto2authproto(u_short proto) 535 { 536 537 switch (proto) { 538 case PPP_PAP: 539 return SPPP_AUTHPROTO_PAP; 540 case PPP_CHAP: 541 return SPPP_AUTHPROTO_CHAP; 542 } 543 544 return SPPP_AUTHPROTO_NONE; 545 } 546 547 static inline u_short 548 sppp_authproto2proto(u_int authproto) 549 { 550 551 switch (authproto) { 552 case SPPP_AUTHPROTO_PAP: 553 return PPP_PAP; 554 case SPPP_AUTHPROTO_CHAP: 555 return PPP_CHAP; 556 } 557 558 return PPP_NOPROTO; 559 } 560 561 static void 562 sppp_change_phase(struct sppp *sp, int phase) 563 { 564 STDDCL; 565 566 KASSERT(SPPP_WLOCKED(sp)); 567 568 if (sp->pp_phase == phase) 569 return; 570 571 sp->pp_phase = phase; 572 573 if (phase == SPPP_PHASE_NETWORK) 574 if_link_state_change(ifp, LINK_STATE_UP); 575 else 576 if_link_state_change(ifp, LINK_STATE_DOWN); 577 578 if (debug) 579 { 580 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 581 sppp_phase_name(sp->pp_phase)); 582 } 583 } 584 585 /* 586 * Exported functions, comprising our interface to the lower layer. 587 */ 588 589 /* 590 * Process the received packet. 591 */ 592 void 593 sppp_input(struct ifnet *ifp, struct mbuf *m) 594 { 595 struct ppp_header *h = NULL; 596 pktqueue_t *pktq = NULL; 597 struct ifqueue *inq = NULL; 598 uint16_t protocol; 599 struct sppp *sp = (struct sppp *)ifp; 600 int debug = ifp->if_flags & IFF_DEBUG; 601 int isr = 0; 602 603 SPPP_LOCK(sp, RW_READER); 604 605 if (ifp->if_flags & IFF_UP) { 606 /* Count received bytes, add hardware framing */ 607 if_statadd(ifp, if_ibytes, m->m_pkthdr.len + sp->pp_framebytes); 608 /* Note time of last receive */ 609 sp->pp_last_receive = time_uptime; 610 } 611 612 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 613 /* Too small packet, drop it. */ 614 if (debug) 615 log(LOG_DEBUG, 616 "%s: input packet is too small, %d bytes\n", 617 ifp->if_xname, m->m_pkthdr.len); 618 goto drop; 619 } 620 621 if (sp->pp_flags & PP_NOFRAMING) { 622 memcpy(&protocol, mtod(m, void *), 2); 623 protocol = ntohs(protocol); 624 m_adj(m, 2); 625 } else { 626 627 /* Get PPP header. */ 628 h = mtod(m, struct ppp_header *); 629 m_adj(m, PPP_HEADER_LEN); 630 631 switch (h->address) { 632 case PPP_ALLSTATIONS: 633 if (h->control != PPP_UI) 634 goto invalid; 635 if (sp->pp_flags & PP_CISCO) { 636 if (debug) 637 log(LOG_DEBUG, 638 "%s: PPP packet in Cisco mode " 639 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 640 ifp->if_xname, 641 h->address, h->control, ntohs(h->protocol)); 642 goto drop; 643 } 644 break; 645 case CISCO_MULTICAST: 646 case CISCO_UNICAST: 647 /* Don't check the control field here (RFC 1547). */ 648 if (! (sp->pp_flags & PP_CISCO)) { 649 if (debug) 650 log(LOG_DEBUG, 651 "%s: Cisco packet in PPP mode " 652 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 653 ifp->if_xname, 654 h->address, h->control, ntohs(h->protocol)); 655 goto drop; 656 } 657 switch (ntohs(h->protocol)) { 658 default: 659 if_statinc(ifp, if_noproto); 660 goto invalid; 661 case CISCO_KEEPALIVE: 662 SPPP_UNLOCK(sp); 663 sppp_cisco_input((struct sppp *) ifp, m); 664 m_freem(m); 665 return; 666 #ifdef INET 667 case ETHERTYPE_IP: 668 pktq = ip_pktq; 669 break; 670 #endif 671 #ifdef INET6 672 case ETHERTYPE_IPV6: 673 pktq = ip6_pktq; 674 break; 675 #endif 676 } 677 goto queue_pkt; 678 default: /* Invalid PPP packet. */ 679 invalid: 680 if (debug) 681 log(LOG_DEBUG, 682 "%s: invalid input packet " 683 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 684 ifp->if_xname, 685 h->address, h->control, ntohs(h->protocol)); 686 goto drop; 687 } 688 protocol = ntohs(h->protocol); 689 } 690 691 switch (protocol) { 692 reject_protocol: 693 if (sp->scp[IDX_LCP].state == STATE_OPENED) { 694 uint16_t prot = htons(protocol); 695 696 SPPP_UPGRADE(sp); 697 sppp_cp_send(sp, PPP_LCP, PROTO_REJ, 698 ++sp->scp[IDX_LCP].seq, m->m_pkthdr.len + 2, 699 &prot); 700 SPPP_DOWNGRADE(sp); 701 } 702 if (debug) 703 log(LOG_DEBUG, 704 "%s: invalid input protocol " 705 "<proto=0x%x>\n", ifp->if_xname, ntohs(protocol)); 706 if_statinc(ifp, if_noproto); 707 goto drop; 708 default: 709 goto reject_protocol; 710 case PPP_LCP: 711 SPPP_UNLOCK(sp); 712 sppp_cp_input(&lcp, sp, m); 713 /* already m_freem(m) */ 714 return; 715 case PPP_PAP: 716 SPPP_UNLOCK(sp); 717 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 718 sppp_pap_input(sp, m); 719 } 720 m_freem(m); 721 return; 722 case PPP_CHAP: 723 SPPP_UNLOCK(sp); 724 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 725 sppp_chap_input(sp, m); 726 } 727 m_freem(m); 728 return; 729 #ifdef INET 730 case PPP_IPCP: 731 if (!ISSET(sp->pp_ncpflags, SPPP_NCP_IPCP)) 732 goto reject_protocol; 733 SPPP_UNLOCK(sp); 734 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 735 sppp_cp_input(&ipcp, sp, m); 736 /* already m_freem(m) */ 737 } else { 738 m_freem(m); 739 } 740 return; 741 case PPP_IP: 742 if (sp->scp[IDX_IPCP].state == STATE_OPENED) { 743 sp->pp_last_activity = time_uptime; 744 pktq = ip_pktq; 745 } 746 break; 747 #endif 748 #ifdef INET6 749 case PPP_IPV6CP: 750 if (!ISSET(sp->pp_ncpflags, SPPP_NCP_IPV6CP)) 751 goto reject_protocol; 752 SPPP_UNLOCK(sp); 753 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 754 sppp_cp_input(&ipv6cp, sp, m); 755 /* already m_freem(m) */ 756 } else { 757 m_freem(m); 758 } 759 return; 760 761 case PPP_IPV6: 762 if (sp->scp[IDX_IPV6CP].state == STATE_OPENED) { 763 sp->pp_last_activity = time_uptime; 764 pktq = ip6_pktq; 765 } 766 break; 767 #endif 768 } 769 770 queue_pkt: 771 if ((ifp->if_flags & IFF_UP) == 0 || (!inq && !pktq)) { 772 goto drop; 773 } 774 775 /* Check queue. */ 776 if (__predict_true(pktq)) { 777 if (__predict_false(!pktq_enqueue(pktq, m, 0))) { 778 goto drop; 779 } 780 SPPP_UNLOCK(sp); 781 return; 782 } 783 784 SPPP_UNLOCK(sp); 785 786 IFQ_LOCK(inq); 787 if (IF_QFULL(inq)) { 788 /* Queue overflow. */ 789 IF_DROP(inq); 790 IFQ_UNLOCK(inq); 791 if (debug) 792 log(LOG_DEBUG, "%s: protocol queue overflow\n", 793 ifp->if_xname); 794 795 SPPP_LOCK(sp, RW_READER); 796 goto drop; 797 } 798 IF_ENQUEUE(inq, m); 799 IFQ_UNLOCK(inq); 800 schednetisr(isr); 801 return; 802 803 drop: 804 if_statadd2(ifp, if_ierrors, 1, if_iqdrops, 1); 805 m_freem(m); 806 SPPP_UNLOCK(sp); 807 return; 808 } 809 810 /* 811 * Enqueue transmit packet. 812 */ 813 static int 814 sppp_output(struct ifnet *ifp, struct mbuf *m, 815 const struct sockaddr *dst, const struct rtentry *rt) 816 { 817 struct sppp *sp = (struct sppp *) ifp; 818 struct ppp_header *h = NULL; 819 #ifndef SPPPSUBR_MPSAFE 820 struct ifqueue *ifq = NULL; /* XXX */ 821 #endif 822 int s, error = 0; 823 uint16_t protocol; 824 size_t pktlen; 825 826 s = splnet(); 827 SPPP_LOCK(sp, RW_READER); 828 829 sp->pp_last_activity = time_uptime; 830 831 if ((ifp->if_flags & IFF_UP) == 0 || 832 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 833 SPPP_UNLOCK(sp); 834 splx(s); 835 836 m_freem(m); 837 if_statinc(ifp, if_oerrors); 838 return (ENETDOWN); 839 } 840 841 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 842 /* ignore packets that have no enabled NCP */ 843 if ((dst->sa_family == AF_INET && 844 !ISSET(sp->pp_ncpflags, SPPP_NCP_IPCP)) || 845 (dst->sa_family == AF_INET6 && 846 !ISSET(sp->pp_ncpflags, SPPP_NCP_IPV6CP))) { 847 SPPP_UNLOCK(sp); 848 splx(s); 849 850 m_freem(m); 851 if_statinc(ifp, if_oerrors); 852 return (ENETDOWN); 853 } 854 /* 855 * Interface is not yet running, but auto-dial. Need 856 * to start LCP for it. 857 */ 858 ifp->if_flags |= IFF_RUNNING; 859 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); 860 } 861 862 /* 863 * If the queueing discipline needs packet classification, 864 * do it before prepending link headers. 865 */ 866 IFQ_CLASSIFY(&ifp->if_snd, m, dst->sa_family); 867 868 #ifdef INET 869 if (dst->sa_family == AF_INET) { 870 struct ip *ip = NULL; 871 #ifndef SPPPSUBR_MPSAFE 872 struct tcphdr *th = NULL; 873 #endif 874 875 if (m->m_len >= sizeof(struct ip)) { 876 ip = mtod(m, struct ip *); 877 #ifndef SPPPSUBR_MPSAFE 878 if (ip->ip_p == IPPROTO_TCP && 879 m->m_len >= sizeof(struct ip) + (ip->ip_hl << 2) + 880 sizeof(struct tcphdr)) { 881 th = (struct tcphdr *) 882 ((char *)ip + (ip->ip_hl << 2)); 883 } 884 #endif 885 } else 886 ip = NULL; 887 888 /* 889 * When using dynamic local IP address assignment by using 890 * 0.0.0.0 as a local address, the first TCP session will 891 * not connect because the local TCP checksum is computed 892 * using 0.0.0.0 which will later become our real IP address 893 * so the TCP checksum computed at the remote end will 894 * become invalid. So we 895 * - don't let packets with src ip addr 0 thru 896 * - we flag TCP packets with src ip 0 as an error 897 */ 898 if (ip && ip->ip_src.s_addr == INADDR_ANY) { 899 uint8_t proto = ip->ip_p; 900 901 SPPP_UNLOCK(sp); 902 splx(s); 903 904 m_freem(m); 905 if (proto == IPPROTO_TCP) 906 return (EADDRNOTAVAIL); 907 else 908 return (0); 909 } 910 911 #ifndef SPPPSUBR_MPSAFE 912 /* 913 * Put low delay, telnet, rlogin and ftp control packets 914 * in front of the queue. 915 */ 916 if (!IF_QFULL(&sp->pp_fastq) && 917 ((ip && (ip->ip_tos & IPTOS_LOWDELAY)) || 918 (th && (INTERACTIVE(ntohs(th->th_sport)) || 919 INTERACTIVE(ntohs(th->th_dport)))))) 920 ifq = &sp->pp_fastq; 921 #endif /* !SPPPSUBR_MPSAFE */ 922 } 923 #endif 924 925 #ifdef INET6 926 if (dst->sa_family == AF_INET6) { 927 /* XXX do something tricky here? */ 928 } 929 #endif 930 931 if ((sp->pp_flags & PP_NOFRAMING) == 0) { 932 /* 933 * Prepend general data packet PPP header. For now, IP only. 934 */ 935 M_PREPEND(m, PPP_HEADER_LEN, M_DONTWAIT); 936 if (! m) { 937 if (ifp->if_flags & IFF_DEBUG) 938 log(LOG_DEBUG, "%s: no memory for transmit header\n", 939 ifp->if_xname); 940 if_statinc(ifp, if_oerrors); 941 SPPP_UNLOCK(sp); 942 splx(s); 943 return (ENOBUFS); 944 } 945 /* 946 * May want to check size of packet 947 * (albeit due to the implementation it's always enough) 948 */ 949 h = mtod(m, struct ppp_header *); 950 if (sp->pp_flags & PP_CISCO) { 951 h->address = CISCO_UNICAST; /* unicast address */ 952 h->control = 0; 953 } else { 954 h->address = PPP_ALLSTATIONS; /* broadcast address */ 955 h->control = PPP_UI; /* Unnumbered Info */ 956 } 957 } 958 959 switch (dst->sa_family) { 960 #ifdef INET 961 case AF_INET: /* Internet Protocol */ 962 if (sp->pp_flags & PP_CISCO) 963 protocol = htons(ETHERTYPE_IP); 964 else { 965 /* 966 * Don't choke with an ENETDOWN early. It's 967 * possible that we just started dialing out, 968 * so don't drop the packet immediately. If 969 * we notice that we run out of buffer space 970 * below, we will however remember that we are 971 * not ready to carry IP packets, and return 972 * ENETDOWN, as opposed to ENOBUFS. 973 */ 974 protocol = htons(PPP_IP); 975 if (sp->scp[IDX_IPCP].state != STATE_OPENED) { 976 if (ifp->if_flags & IFF_AUTO) { 977 error = ENETDOWN; 978 } else { 979 IF_DROP(&ifp->if_snd); 980 SPPP_UNLOCK(sp); 981 splx(s); 982 983 m_freem(m); 984 if_statinc(ifp, if_oerrors); 985 return (ENETDOWN); 986 } 987 } 988 } 989 break; 990 #endif 991 #ifdef INET6 992 case AF_INET6: /* Internet Protocol version 6 */ 993 if (sp->pp_flags & PP_CISCO) 994 protocol = htons(ETHERTYPE_IPV6); 995 else { 996 /* 997 * Don't choke with an ENETDOWN early. It's 998 * possible that we just started dialing out, 999 * so don't drop the packet immediately. If 1000 * we notice that we run out of buffer space 1001 * below, we will however remember that we are 1002 * not ready to carry IP packets, and return 1003 * ENETDOWN, as opposed to ENOBUFS. 1004 */ 1005 protocol = htons(PPP_IPV6); 1006 if (sp->scp[IDX_IPV6CP].state != STATE_OPENED) { 1007 if (ifp->if_flags & IFF_AUTO) { 1008 error = ENETDOWN; 1009 } else { 1010 IF_DROP(&ifp->if_snd); 1011 SPPP_UNLOCK(sp); 1012 splx(s); 1013 1014 m_freem(m); 1015 if_statinc(ifp, if_oerrors); 1016 return (ENETDOWN); 1017 } 1018 } 1019 } 1020 break; 1021 #endif 1022 default: 1023 m_freem(m); 1024 if_statinc(ifp, if_oerrors); 1025 SPPP_UNLOCK(sp); 1026 splx(s); 1027 return (EAFNOSUPPORT); 1028 } 1029 1030 if (sp->pp_flags & PP_NOFRAMING) { 1031 M_PREPEND(m, 2, M_DONTWAIT); 1032 if (m == NULL) { 1033 if (ifp->if_flags & IFF_DEBUG) 1034 log(LOG_DEBUG, "%s: no memory for transmit header\n", 1035 ifp->if_xname); 1036 if_statinc(ifp, if_oerrors); 1037 SPPP_UNLOCK(sp); 1038 splx(s); 1039 return (ENOBUFS); 1040 } 1041 *mtod(m, uint16_t *) = protocol; 1042 } else { 1043 h->protocol = protocol; 1044 } 1045 1046 pktlen = m->m_pkthdr.len; 1047 #ifdef SPPPSUBR_MPSAFE 1048 SPPP_UNLOCK(sp); 1049 error = if_transmit_lock(ifp, m); 1050 SPPP_LOCK(sp, RW_READER); 1051 if (error == 0) 1052 if_statadd(ifp, if_obytes, pktlen + sp->pp_framebytes); 1053 #else /* !SPPPSUBR_MPSAFE */ 1054 error = ifq_enqueue2(ifp, ifq, m); 1055 1056 if (error == 0) { 1057 /* 1058 * Count output packets and bytes. 1059 * The packet length includes header + additional hardware 1060 * framing according to RFC 1333. 1061 */ 1062 if (!(ifp->if_flags & IFF_OACTIVE)) { 1063 SPPP_UNLOCK(sp); 1064 if_start_lock(ifp); 1065 SPPP_LOCK(sp, RW_READER); 1066 } 1067 if_statadd(ifp, if_obytes, pktlen + sp->pp_framebytes); 1068 } 1069 #endif /* !SPPPSUBR_MPSAFE */ 1070 SPPP_UNLOCK(sp); 1071 splx(s); 1072 return error; 1073 } 1074 1075 void 1076 sppp_attach(struct ifnet *ifp) 1077 { 1078 struct sppp *sp = (struct sppp *) ifp; 1079 char xnamebuf[MAXCOMLEN]; 1080 1081 /* Initialize keepalive handler. */ 1082 if (! spppq) { 1083 callout_init(&keepalive_ch, CALLOUT_MPSAFE); 1084 callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 1085 } 1086 1087 if (! spppq_lock) 1088 spppq_lock = mutex_obj_alloc(MUTEX_DEFAULT, IPL_SOFTNET); 1089 1090 sp->pp_if.if_type = IFT_PPP; 1091 sp->pp_if.if_output = sppp_output; 1092 sp->pp_fastq.ifq_maxlen = 32; 1093 sp->pp_cpq.ifq_maxlen = 20; 1094 sp->pp_loopcnt = 0; 1095 sp->pp_alivecnt = 0; 1096 sp->pp_last_activity = 0; 1097 sp->pp_last_receive = 0; 1098 sp->pp_maxalive = DEFAULT_MAXALIVECNT; 1099 sp->pp_max_noreceive = DEFAULT_NORECV_TIME; 1100 sp->pp_idle_timeout = 0; 1101 sp->pp_max_auth_fail = DEFAULT_MAX_AUTH_FAILURES; 1102 sp->pp_phase = SPPP_PHASE_DEAD; 1103 sp->pp_up = sppp_notify_up; 1104 sp->pp_down = sppp_notify_down; 1105 sp->pp_ncpflags = SPPP_NCP_IPCP | SPPP_NCP_IPV6CP; 1106 sppp_wq_set(&sp->work_ifdown, sppp_ifdown, NULL); 1107 memset(sp->scp, 0, sizeof(sp->scp)); 1108 rw_init(&sp->pp_lock); 1109 1110 if_alloc_sadl(ifp); 1111 1112 /* Lets not beat about the bush, we know we're down. */ 1113 ifp->if_link_state = LINK_STATE_DOWN; 1114 1115 snprintf(xnamebuf, sizeof(xnamebuf), "%s.wq_cp", ifp->if_xname); 1116 sp->wq_cp = sppp_wq_create(sp, xnamebuf, 1117 PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE); 1118 1119 memset(&sp->myauth, 0, sizeof sp->myauth); 1120 memset(&sp->hisauth, 0, sizeof sp->hisauth); 1121 SPPP_LOCK(sp, RW_WRITER); 1122 sppp_lcp_init(sp); 1123 sppp_ipcp_init(sp); 1124 sppp_ipv6cp_init(sp); 1125 sppp_pap_init(sp); 1126 sppp_chap_init(sp); 1127 SPPP_UNLOCK(sp); 1128 1129 SPPPQ_LOCK(); 1130 /* Insert new entry into the keepalive list. */ 1131 sp->pp_next = spppq; 1132 spppq = sp; 1133 SPPPQ_UNLOCK(); 1134 } 1135 1136 void 1137 sppp_detach(struct ifnet *ifp) 1138 { 1139 struct sppp **q, *p, *sp = (struct sppp *) ifp; 1140 1141 /* Remove the entry from the keepalive list. */ 1142 SPPPQ_LOCK(); 1143 for (q = &spppq; (p = *q); q = &p->pp_next) 1144 if (p == sp) { 1145 *q = p->pp_next; 1146 break; 1147 } 1148 SPPPQ_UNLOCK(); 1149 1150 if (! spppq) { 1151 /* Stop keepalive handler. */ 1152 callout_stop(&keepalive_ch); 1153 mutex_obj_free(spppq_lock); 1154 spppq_lock = NULL; 1155 } 1156 1157 sppp_cp_fini(&lcp, sp); 1158 sppp_cp_fini(&ipcp, sp); 1159 sppp_cp_fini(&pap, sp); 1160 sppp_cp_fini(&chap, sp); 1161 #ifdef INET6 1162 sppp_cp_fini(&ipv6cp, sp); 1163 #endif 1164 sppp_wq_destroy(sp, sp->wq_cp); 1165 1166 /* free authentication info */ 1167 if (sp->myauth.name) free(sp->myauth.name, M_DEVBUF); 1168 if (sp->myauth.secret) free(sp->myauth.secret, M_DEVBUF); 1169 if (sp->hisauth.name) free(sp->hisauth.name, M_DEVBUF); 1170 if (sp->hisauth.secret) free(sp->hisauth.secret, M_DEVBUF); 1171 rw_destroy(&sp->pp_lock); 1172 } 1173 1174 /* 1175 * Flush the interface output queue. 1176 */ 1177 void 1178 sppp_flush(struct ifnet *ifp) 1179 { 1180 struct sppp *sp = (struct sppp *) ifp; 1181 1182 SPPP_LOCK(sp, RW_WRITER); 1183 IFQ_PURGE(&sp->pp_if.if_snd); 1184 IF_PURGE(&sp->pp_fastq); 1185 IF_PURGE(&sp->pp_cpq); 1186 SPPP_UNLOCK(sp); 1187 } 1188 1189 /* 1190 * Check if the output queue is empty. 1191 */ 1192 int 1193 sppp_isempty(struct ifnet *ifp) 1194 { 1195 struct sppp *sp = (struct sppp *) ifp; 1196 int empty, s; 1197 1198 s = splnet(); 1199 SPPP_LOCK(sp, RW_READER); 1200 empty = IF_IS_EMPTY(&sp->pp_fastq) && IF_IS_EMPTY(&sp->pp_cpq) && 1201 IFQ_IS_EMPTY(&sp->pp_if.if_snd); 1202 SPPP_UNLOCK(sp); 1203 splx(s); 1204 return (empty); 1205 } 1206 1207 /* 1208 * Get next packet to send. 1209 */ 1210 struct mbuf * 1211 sppp_dequeue(struct ifnet *ifp) 1212 { 1213 struct sppp *sp = (struct sppp *) ifp; 1214 struct mbuf *m; 1215 int s; 1216 1217 s = splnet(); 1218 SPPP_LOCK(sp, RW_WRITER); 1219 /* 1220 * Process only the control protocol queue until we have at 1221 * least one NCP open. 1222 * 1223 * Do always serve all three queues in Cisco mode. 1224 */ 1225 IF_DEQUEUE(&sp->pp_cpq, m); 1226 if (m == NULL && 1227 (sppp_cp_check(sp, CP_NCP) || (sp->pp_flags & PP_CISCO) != 0)) { 1228 IF_DEQUEUE(&sp->pp_fastq, m); 1229 if (m == NULL) 1230 IFQ_DEQUEUE(&sp->pp_if.if_snd, m); 1231 } 1232 SPPP_UNLOCK(sp); 1233 splx(s); 1234 return m; 1235 } 1236 1237 /* 1238 * Process an ioctl request. Called on low priority level. 1239 */ 1240 int 1241 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) 1242 { 1243 struct lwp *l = curlwp; /* XXX */ 1244 struct ifreq *ifr = (struct ifreq *) data; 1245 struct ifaddr *ifa = (struct ifaddr *) data; 1246 struct sppp *sp = (struct sppp *) ifp; 1247 int s, error=0, going_up, going_down; 1248 u_short newmode; 1249 u_long lcp_mru; 1250 1251 s = splnet(); 1252 switch (cmd) { 1253 case SIOCINITIFADDR: 1254 ifa->ifa_rtrequest = p2p_rtrequest; 1255 break; 1256 1257 case SIOCSIFFLAGS: 1258 if ((error = ifioctl_common(ifp, cmd, data)) != 0) 1259 break; 1260 1261 SPPP_LOCK(sp, RW_WRITER); 1262 going_up = ifp->if_flags & IFF_UP && 1263 (ifp->if_flags & IFF_RUNNING) == 0; 1264 going_down = (ifp->if_flags & IFF_UP) == 0 && 1265 ifp->if_flags & IFF_RUNNING; 1266 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 1267 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 1268 /* sanity */ 1269 newmode = IFF_PASSIVE; 1270 ifp->if_flags &= ~IFF_AUTO; 1271 } 1272 1273 if (going_up || going_down) { 1274 sp->lcp.reestablish = false; 1275 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 1276 } 1277 if (going_up && newmode == 0) { 1278 /* neither auto-dial nor passive */ 1279 ifp->if_flags |= IFF_RUNNING; 1280 if (!(sp->pp_flags & PP_CISCO)) { 1281 sppp_wq_add(sp->wq_cp, 1282 &sp->scp[IDX_LCP].work_open); 1283 } 1284 } else if (going_down) { 1285 SPPP_UNLOCK(sp); 1286 sppp_flush(ifp); 1287 SPPP_LOCK(sp, RW_WRITER); 1288 1289 ifp->if_flags &= ~IFF_RUNNING; 1290 } 1291 SPPP_UNLOCK(sp); 1292 break; 1293 1294 case SIOCSIFMTU: 1295 if (ifr->ifr_mtu < PPP_MINMRU || 1296 ifr->ifr_mtu > PP_MTU) { 1297 error = EINVAL; 1298 break; 1299 } 1300 1301 error = ifioctl_common(ifp, cmd, data); 1302 if (error == ENETRESET) 1303 error = 0; 1304 1305 SPPP_LOCK(sp, RW_WRITER); 1306 lcp_mru = sp->lcp.mru; 1307 if (ifp->if_mtu < PP_MTU) { 1308 sp->lcp.mru = ifp->if_mtu; 1309 } else { 1310 sp->lcp.mru = PP_MTU; 1311 } 1312 if (lcp_mru != sp->lcp.mru) 1313 SET(sp->lcp.opts, SPPP_LCP_OPT_MRU); 1314 1315 if (sp->scp[IDX_LCP].state == STATE_OPENED && 1316 ifp->if_mtu > sp->lcp.their_mru) { 1317 sp->pp_saved_mtu = ifp->if_mtu; 1318 ifp->if_mtu = sp->lcp.their_mru; 1319 1320 if (ifp->if_flags & IFF_DEBUG) { 1321 log(LOG_DEBUG, 1322 "%s: setting MTU " 1323 "from %"PRIu64" bytes " 1324 "to %"PRIu64" bytes\n", 1325 ifp->if_xname, sp->pp_saved_mtu, 1326 ifp->if_mtu); 1327 } 1328 } 1329 SPPP_UNLOCK(sp); 1330 break; 1331 1332 case SIOCGIFMTU: 1333 if ((error = ifioctl_common(ifp, cmd, data)) == ENETRESET) 1334 error = 0; 1335 break; 1336 case SIOCADDMULTI: 1337 case SIOCDELMULTI: 1338 break; 1339 1340 case SPPPSETAUTHCFG: 1341 case SPPPSETLCPCFG: 1342 case SPPPSETNCPCFG: 1343 case SPPPSETIDLETO: 1344 case SPPPSETAUTHFAILURE: 1345 case SPPPSETDNSOPTS: 1346 case SPPPSETKEEPALIVE: 1347 #if defined(COMPAT_50) || defined(MODULAR) 1348 case __SPPPSETIDLETO50: 1349 case __SPPPSETKEEPALIVE50: 1350 #endif /* COMPAT_50 || MODULAR */ 1351 error = kauth_authorize_network(l->l_cred, 1352 KAUTH_NETWORK_INTERFACE, 1353 KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd, 1354 NULL); 1355 if (error) 1356 break; 1357 error = sppp_params(sp, cmd, data); 1358 break; 1359 1360 case SPPPGETAUTHCFG: 1361 case SPPPGETLCPCFG: 1362 case SPPPGETNCPCFG: 1363 case SPPPGETAUTHFAILURES: 1364 error = kauth_authorize_network(l->l_cred, 1365 KAUTH_NETWORK_INTERFACE, 1366 KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, ifp, (void *)cmd, 1367 NULL); 1368 if (error) 1369 break; 1370 error = sppp_params(sp, cmd, data); 1371 break; 1372 1373 case SPPPGETSTATUS: 1374 case SPPPGETSTATUSNCP: 1375 case SPPPGETIDLETO: 1376 case SPPPGETDNSOPTS: 1377 case SPPPGETDNSADDRS: 1378 case SPPPGETKEEPALIVE: 1379 #if defined(COMPAT_50) || defined(MODULAR) 1380 case __SPPPGETIDLETO50: 1381 case __SPPPGETKEEPALIVE50: 1382 #endif /* COMPAT_50 || MODULAR */ 1383 case SPPPGETLCPSTATUS: 1384 case SPPPGETIPCPSTATUS: 1385 case SPPPGETIPV6CPSTATUS: 1386 error = sppp_params(sp, cmd, data); 1387 break; 1388 1389 default: 1390 error = ifioctl_common(ifp, cmd, data); 1391 break; 1392 } 1393 splx(s); 1394 return (error); 1395 } 1396 1397 /* 1398 * Cisco framing implementation. 1399 */ 1400 1401 /* 1402 * Handle incoming Cisco keepalive protocol packets. 1403 */ 1404 static void 1405 sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1406 { 1407 STDDCL; 1408 struct cisco_packet *h; 1409 #ifdef INET 1410 uint32_t me, mymask = 0; /* XXX: GCC */ 1411 #endif 1412 1413 SPPP_LOCK(sp, RW_WRITER); 1414 1415 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1416 if (debug) 1417 log(LOG_DEBUG, 1418 "%s: cisco invalid packet length: %d bytes\n", 1419 ifp->if_xname, m->m_pkthdr.len); 1420 SPPP_UNLOCK(sp); 1421 return; 1422 } 1423 h = mtod(m, struct cisco_packet *); 1424 if (debug) 1425 log(LOG_DEBUG, 1426 "%s: cisco input: %d bytes " 1427 "<0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", 1428 ifp->if_xname, m->m_pkthdr.len, 1429 ntohl(h->type), h->par1, h->par2, (u_int)h->rel, 1430 (u_int)h->time0, (u_int)h->time1); 1431 switch (ntohl(h->type)) { 1432 default: 1433 if (debug) 1434 addlog("%s: cisco unknown packet type: 0x%x\n", 1435 ifp->if_xname, ntohl(h->type)); 1436 break; 1437 case CISCO_ADDR_REPLY: 1438 /* Reply on address request, ignore */ 1439 break; 1440 case CISCO_KEEPALIVE_REQ: 1441 sp->pp_alivecnt = 0; 1442 sp->scp[IDX_LCP].rseq = ntohl(h->par1); 1443 if (sp->scp[IDX_LCP].seq == sp->scp[IDX_LCP].rseq) { 1444 /* Local and remote sequence numbers are equal. 1445 * Probably, the line is in loopback mode. */ 1446 if (sp->pp_loopcnt >= LOOPALIVECNT) { 1447 printf ("%s: loopback\n", 1448 ifp->if_xname); 1449 sp->pp_loopcnt = 0; 1450 if (ifp->if_flags & IFF_UP) { 1451 SPPP_UNLOCK(sp); 1452 if_down(ifp); 1453 SPPP_LOCK(sp, RW_WRITER); 1454 1455 IF_PURGE(&sp->pp_cpq); 1456 } 1457 } 1458 ++sp->pp_loopcnt; 1459 1460 /* Generate new local sequence number */ 1461 sp->scp[IDX_LCP].seq = cprng_fast32(); 1462 break; 1463 } 1464 sp->pp_loopcnt = 0; 1465 if (! (ifp->if_flags & IFF_UP) && 1466 (ifp->if_flags & IFF_RUNNING)) { 1467 SPPP_UNLOCK(sp); 1468 if_up(ifp); 1469 SPPP_LOCK(sp, RW_WRITER); 1470 } 1471 break; 1472 case CISCO_ADDR_REQ: 1473 #ifdef INET 1474 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1475 if (me != 0L) 1476 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1477 #endif 1478 break; 1479 } 1480 SPPP_UNLOCK(sp); 1481 } 1482 1483 /* 1484 * Send Cisco keepalive packet. 1485 */ 1486 static void 1487 sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2) 1488 { 1489 STDDCL; 1490 struct ppp_header *h; 1491 struct cisco_packet *ch; 1492 struct mbuf *m; 1493 uint32_t t; 1494 1495 KASSERT(SPPP_WLOCKED(sp)); 1496 1497 t = time_uptime * 1000; 1498 MGETHDR(m, M_DONTWAIT, MT_DATA); 1499 if (! m) 1500 return; 1501 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1502 m_reset_rcvif(m); 1503 1504 h = mtod(m, struct ppp_header *); 1505 h->address = CISCO_MULTICAST; 1506 h->control = 0; 1507 h->protocol = htons(CISCO_KEEPALIVE); 1508 1509 ch = (struct cisco_packet *)(h + 1); 1510 ch->type = htonl(type); 1511 ch->par1 = htonl(par1); 1512 ch->par2 = htonl(par2); 1513 ch->rel = -1; 1514 1515 ch->time0 = htons((u_short)(t >> 16)); 1516 ch->time1 = htons((u_short) t); 1517 1518 if (debug) 1519 log(LOG_DEBUG, 1520 "%s: cisco output: <0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", 1521 ifp->if_xname, ntohl(ch->type), ch->par1, 1522 ch->par2, (u_int)ch->rel, (u_int)ch->time0, 1523 (u_int)ch->time1); 1524 1525 if (IF_QFULL(&sp->pp_cpq)) { 1526 IF_DROP(&sp->pp_fastq); 1527 IF_DROP(&ifp->if_snd); 1528 m_freem(m); 1529 if_statinc(ifp, if_oerrors); 1530 return; 1531 } 1532 1533 if_statadd(ifp, if_obytes, m->m_pkthdr.len + sp->pp_framebytes); 1534 IF_ENQUEUE(&sp->pp_cpq, m); 1535 1536 if (! (ifp->if_flags & IFF_OACTIVE)) { 1537 SPPP_UNLOCK(sp); 1538 if_start_lock(ifp); 1539 SPPP_LOCK(sp, RW_WRITER); 1540 } 1541 } 1542 1543 /* 1544 * PPP protocol implementation. 1545 */ 1546 1547 /* 1548 * Send PPP control protocol packet. 1549 */ 1550 static void 1551 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1552 u_char ident, u_short len, void *data) 1553 { 1554 STDDCL; 1555 struct lcp_header *lh; 1556 struct mbuf *m; 1557 size_t pkthdrlen; 1558 1559 KASSERT(SPPP_WLOCKED(sp)); 1560 1561 pkthdrlen = (sp->pp_flags & PP_NOFRAMING) ? 2 : PPP_HEADER_LEN; 1562 1563 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) 1564 len = MHLEN - pkthdrlen - LCP_HEADER_LEN; 1565 MGETHDR(m, M_DONTWAIT, MT_DATA); 1566 if (! m) { 1567 return; 1568 } 1569 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 1570 m_reset_rcvif(m); 1571 1572 if (sp->pp_flags & PP_NOFRAMING) { 1573 *mtod(m, uint16_t *) = htons(proto); 1574 lh = (struct lcp_header *)(mtod(m, uint8_t *) + 2); 1575 } else { 1576 struct ppp_header *h; 1577 h = mtod(m, struct ppp_header *); 1578 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1579 h->control = PPP_UI; /* Unnumbered Info */ 1580 h->protocol = htons(proto); /* Link Control Protocol */ 1581 lh = (struct lcp_header *)(h + 1); 1582 } 1583 lh->type = type; 1584 lh->ident = ident; 1585 lh->len = htons(LCP_HEADER_LEN + len); 1586 if (len) 1587 memcpy(lh + 1, data, len); 1588 1589 if (debug) { 1590 log(LOG_DEBUG, "%s: %s output <%s id=0x%x len=%d", 1591 ifp->if_xname, 1592 sppp_proto_name(proto), 1593 sppp_cp_type_name(lh->type), lh->ident, ntohs(lh->len)); 1594 if (len) 1595 sppp_print_bytes((u_char *)(lh + 1), len); 1596 addlog(">\n"); 1597 } 1598 if (IF_QFULL(&sp->pp_cpq)) { 1599 IF_DROP(&sp->pp_fastq); 1600 IF_DROP(&ifp->if_snd); 1601 m_freem(m); 1602 if_statinc(ifp, if_oerrors); 1603 return; 1604 } 1605 1606 if_statadd(ifp, if_obytes, m->m_pkthdr.len + sp->pp_framebytes); 1607 IF_ENQUEUE(&sp->pp_cpq, m); 1608 1609 if (! (ifp->if_flags & IFF_OACTIVE)) { 1610 SPPP_UNLOCK(sp); 1611 if_start_lock(ifp); 1612 SPPP_LOCK(sp, RW_WRITER); 1613 } 1614 } 1615 1616 static void 1617 sppp_cp_to_lcp(void *xsp) 1618 { 1619 struct sppp *sp = xsp; 1620 1621 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_to); 1622 } 1623 1624 static void 1625 sppp_cp_to_ipcp(void *xsp) 1626 { 1627 struct sppp *sp = xsp; 1628 1629 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_IPCP].work_to); 1630 } 1631 1632 static void 1633 sppp_cp_to_ipv6cp(void *xsp) 1634 { 1635 struct sppp *sp = xsp; 1636 1637 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_IPV6CP].work_to); 1638 } 1639 1640 static void 1641 sppp_cp_to_pap(void *xsp) 1642 { 1643 struct sppp *sp = xsp; 1644 1645 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_to); 1646 } 1647 1648 static void 1649 sppp_cp_to_chap(void *xsp) 1650 { 1651 struct sppp *sp = xsp; 1652 1653 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_to); 1654 } 1655 1656 static void 1657 sppp_cp_init(const struct cp *cp, struct sppp *sp) 1658 { 1659 struct sppp_cp *scp; 1660 typedef void (*sppp_co_cb_t)(void *); 1661 static const sppp_co_cb_t to_cb[IDX_COUNT] = { 1662 [IDX_LCP] = sppp_cp_to_lcp, 1663 [IDX_IPCP] = sppp_cp_to_ipcp, 1664 [IDX_IPV6CP] = sppp_cp_to_ipv6cp, 1665 [IDX_PAP] = sppp_cp_to_pap, 1666 [IDX_CHAP] = sppp_cp_to_chap, 1667 }; 1668 1669 scp = &sp->scp[cp->protoidx]; 1670 scp->state = STATE_INITIAL; 1671 scp->fail_counter = 0; 1672 scp->seq = 0; 1673 scp->rseq = 0; 1674 1675 SPPP_WQ_SET(&scp->work_up, cp->Up, cp); 1676 SPPP_WQ_SET(&scp->work_down, cp->Down, cp); 1677 SPPP_WQ_SET(&scp->work_open, cp->Open, cp); 1678 SPPP_WQ_SET(&scp->work_close, cp->Close, cp); 1679 SPPP_WQ_SET(&scp->work_to, cp->TO, cp); 1680 SPPP_WQ_SET(&scp->work_rcr, sppp_rcr_event, cp); 1681 SPPP_WQ_SET(&scp->work_rca, sppp_rca_event, cp); 1682 SPPP_WQ_SET(&scp->work_rcn, sppp_rcn_event, cp); 1683 SPPP_WQ_SET(&scp->work_rtr, sppp_rtr_event, cp); 1684 SPPP_WQ_SET(&scp->work_rta, sppp_rta_event, cp); 1685 SPPP_WQ_SET(&scp->work_rxj, sppp_rxj_event, cp); 1686 1687 callout_init(&scp->ch, CALLOUT_MPSAFE); 1688 callout_setfunc(&scp->ch, to_cb[cp->protoidx], sp); 1689 } 1690 1691 static void 1692 sppp_cp_fini(const struct cp *cp, struct sppp *sp) 1693 { 1694 struct sppp_cp *scp; 1695 scp = &sp->scp[cp->protoidx]; 1696 1697 sppp_wq_wait(sp->wq_cp, &scp->work_up); 1698 sppp_wq_wait(sp->wq_cp, &scp->work_down); 1699 sppp_wq_wait(sp->wq_cp, &scp->work_open); 1700 sppp_wq_wait(sp->wq_cp, &scp->work_close); 1701 sppp_wq_wait(sp->wq_cp, &scp->work_to); 1702 sppp_wq_wait(sp->wq_cp, &scp->work_rcr); 1703 sppp_wq_wait(sp->wq_cp, &scp->work_rca); 1704 sppp_wq_wait(sp->wq_cp, &scp->work_rcn); 1705 sppp_wq_wait(sp->wq_cp, &scp->work_rtr); 1706 sppp_wq_wait(sp->wq_cp, &scp->work_rta); 1707 sppp_wq_wait(sp->wq_cp, &scp->work_rxj); 1708 1709 callout_halt(&scp->ch, NULL); 1710 callout_destroy(&scp->ch); 1711 1712 if (scp->mbuf_confreq != NULL) { 1713 m_freem(scp->mbuf_confreq); 1714 scp->mbuf_confreq = NULL; 1715 } 1716 if (scp->mbuf_confnak != NULL) { 1717 m_freem(scp->mbuf_confnak); 1718 scp->mbuf_confnak = NULL; 1719 } 1720 } 1721 1722 /* 1723 * Handle incoming PPP control protocol packets. 1724 */ 1725 static void 1726 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1727 { 1728 STDDCL; 1729 struct lcp_header *h; 1730 struct sppp_cp *scp; 1731 int printlen, len = m->m_pkthdr.len; 1732 u_char *p; 1733 uint32_t u32; 1734 1735 SPPP_LOCK(sp, RW_WRITER); 1736 1737 scp = &sp->scp[cp->protoidx]; 1738 1739 if (len < 4) { 1740 if (debug) 1741 log(LOG_DEBUG, 1742 "%s: %s invalid packet length: %d bytes\n", 1743 ifp->if_xname, cp->name, len); 1744 goto out; 1745 } 1746 h = mtod(m, struct lcp_header *); 1747 if (debug) { 1748 printlen = ntohs(h->len); 1749 log(LOG_DEBUG, 1750 "%s: %s input(%s): <%s id=0x%x len=%d", 1751 ifp->if_xname, cp->name, 1752 sppp_state_name(scp->state), 1753 sppp_cp_type_name(h->type), h->ident, printlen); 1754 if (len < printlen) 1755 printlen = len; 1756 if (printlen > 4) 1757 sppp_print_bytes((u_char *)(h + 1), printlen - 4); 1758 addlog(">\n"); 1759 } 1760 if (len > ntohs(h->len)) 1761 len = ntohs(h->len); 1762 p = (u_char *)(h + 1); 1763 switch (h->type) { 1764 case CONF_REQ: 1765 if (len < 4) { 1766 if (debug) 1767 addlog("%s: %s invalid conf-req length %d\n", 1768 ifp->if_xname, cp->name, 1769 len); 1770 if_statinc(ifp, if_ierrors); 1771 break; 1772 } 1773 1774 scp->rcr_type = CP_RCR_NONE; 1775 scp->rconfid = h->ident; 1776 if (scp->mbuf_confreq != NULL) { 1777 m_freem(scp->mbuf_confreq); 1778 } 1779 scp->mbuf_confreq = m; 1780 m = NULL; 1781 sppp_wq_add(sp->wq_cp, &scp->work_rcr); 1782 break; 1783 case CONF_ACK: 1784 if (h->ident != scp->confid) { 1785 if (debug) 1786 addlog("%s: %s id mismatch 0x%x != 0x%x\n", 1787 ifp->if_xname, cp->name, 1788 h->ident, scp->confid); 1789 if_statinc(ifp, if_ierrors); 1790 break; 1791 } 1792 sppp_wq_add(sp->wq_cp, &scp->work_rca); 1793 break; 1794 case CONF_NAK: 1795 case CONF_REJ: 1796 if (h->ident != scp->confid) { 1797 if (debug) 1798 addlog("%s: %s id mismatch 0x%x != 0x%x\n", 1799 ifp->if_xname, cp->name, 1800 h->ident, scp->confid); 1801 if_statinc(ifp, if_ierrors); 1802 break; 1803 } 1804 1805 if (scp->mbuf_confnak) { 1806 m_freem(scp->mbuf_confnak); 1807 } 1808 scp->mbuf_confnak = m; 1809 m = NULL; 1810 sppp_wq_add(sp->wq_cp, &scp->work_rcn); 1811 break; 1812 case TERM_REQ: 1813 scp->rseq = h->ident; 1814 sppp_wq_add(sp->wq_cp, &scp->work_rtr); 1815 break; 1816 case TERM_ACK: 1817 if (h->ident != scp->confid && 1818 h->ident != scp->seq) { 1819 if (debug) 1820 addlog("%s: %s id mismatch " 1821 "0x%x != 0x%x and 0x%x != %0lx\n", 1822 ifp->if_xname, cp->name, 1823 h->ident, scp->confid, 1824 h->ident, scp->seq); 1825 if_statinc(ifp, if_ierrors); 1826 break; 1827 } 1828 1829 sppp_wq_add(sp->wq_cp, &scp->work_rta); 1830 break; 1831 case CODE_REJ: 1832 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1833 log(LOG_INFO, 1834 "%s: %s: ignoring RXJ (%s) for code ?, " 1835 "danger will robinson\n", 1836 ifp->if_xname, cp->name, 1837 sppp_cp_type_name(h->type)); 1838 sppp_wq_add(sp->wq_cp, &scp->work_rxj); 1839 break; 1840 case PROTO_REJ: 1841 { 1842 int catastrophic; 1843 const struct cp *upper; 1844 int i; 1845 uint16_t proto; 1846 1847 catastrophic = 0; 1848 upper = NULL; 1849 proto = p[0] << 8 | p[1]; 1850 for (i = 0; i < IDX_COUNT; i++) { 1851 if (cps[i]->proto == proto) { 1852 upper = cps[i]; 1853 break; 1854 } 1855 } 1856 if (upper == NULL) 1857 catastrophic++; 1858 1859 if (debug) 1860 log(LOG_INFO, 1861 "%s: %s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1862 ifp->if_xname, cp->name, catastrophic ? '-' : '+', 1863 sppp_cp_type_name(h->type), proto, 1864 upper ? upper->name : "unknown", 1865 upper ? sppp_state_name(sp->scp[upper->protoidx].state) : "?"); 1866 1867 /* 1868 * if we got RXJ+ against conf-req, the peer does not implement 1869 * this particular protocol type. terminate the protocol. 1870 */ 1871 if (upper && !catastrophic) { 1872 if (sp->scp[upper->protoidx].state == STATE_REQ_SENT) { 1873 sppp_wq_add(sp->wq_cp, 1874 &sp->scp[upper->protoidx].work_close); 1875 break; 1876 } 1877 } 1878 sppp_wq_add(sp->wq_cp, &scp->work_rxj); 1879 break; 1880 } 1881 case DISC_REQ: 1882 if (cp->proto != PPP_LCP) 1883 goto illegal; 1884 /* Discard the packet. */ 1885 break; 1886 case ECHO_REQ: 1887 if (cp->proto != PPP_LCP) 1888 goto illegal; 1889 if (scp->state != STATE_OPENED) { 1890 if (debug) 1891 addlog("%s: lcp echo req but lcp closed\n", 1892 ifp->if_xname); 1893 if_statinc(ifp, if_ierrors); 1894 break; 1895 } 1896 if (len < 8) { 1897 if (debug) 1898 addlog("%s: invalid lcp echo request " 1899 "packet length: %d bytes\n", 1900 ifp->if_xname, len); 1901 break; 1902 } 1903 memcpy(&u32, h + 1, sizeof u32); 1904 if (ntohl(u32) == sp->lcp.magic) { 1905 /* Line loopback mode detected. */ 1906 printf("%s: loopback\n", ifp->if_xname); 1907 /* 1908 * There is no change for items of sp->scp[cp->protoidx] 1909 * while if_down() even without SPPP_LOCK 1910 */ 1911 SPPP_UNLOCK(sp); 1912 if_down(ifp); 1913 SPPP_LOCK(sp, RW_WRITER); 1914 1915 IF_PURGE(&sp->pp_cpq); 1916 1917 /* Shut down the PPP link. */ 1918 /* XXX */ 1919 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_down); 1920 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_up); 1921 break; 1922 } 1923 u32 = htonl(sp->lcp.magic); 1924 memcpy(h + 1, &u32, sizeof u32); 1925 if (debug) 1926 addlog("%s: got lcp echo req, sending echo rep\n", 1927 ifp->if_xname); 1928 sppp_cp_send(sp, PPP_LCP, ECHO_REPLY, h->ident, len - 4, 1929 h + 1); 1930 break; 1931 case ECHO_REPLY: 1932 if (cp->proto != PPP_LCP) 1933 goto illegal; 1934 if (h->ident != sp->lcp.echoid) { 1935 if_statinc(ifp, if_ierrors); 1936 break; 1937 } 1938 if (len < 8) { 1939 if (debug) 1940 addlog("%s: lcp invalid echo reply " 1941 "packet length: %d bytes\n", 1942 ifp->if_xname, len); 1943 break; 1944 } 1945 if (debug) 1946 addlog("%s: lcp got echo rep\n", 1947 ifp->if_xname); 1948 memcpy(&u32, h + 1, sizeof u32); 1949 if (ntohl(u32) != sp->lcp.magic) 1950 sp->pp_alivecnt = 0; 1951 break; 1952 default: 1953 /* Unknown packet type -- send Code-Reject packet. */ 1954 illegal: 1955 if (debug) 1956 addlog("%s: %s send code-rej for 0x%x\n", 1957 ifp->if_xname, cp->name, h->type); 1958 sppp_cp_send(sp, cp->proto, CODE_REJ, 1959 ++scp->seq, m->m_pkthdr.len, h); 1960 if_statinc(ifp, if_ierrors); 1961 } 1962 1963 out: 1964 SPPP_UNLOCK(sp); 1965 if (m != NULL) 1966 m_freem(m); 1967 } 1968 1969 /* 1970 * The generic part of all Up/Down/Open/Close/TO event handlers. 1971 * Basically, the state transition handling in the automaton. 1972 */ 1973 static void 1974 sppp_up_event(struct sppp *sp, void *xcp) 1975 { 1976 const struct cp *cp = xcp; 1977 STDDCL; 1978 1979 KASSERT(SPPP_WLOCKED(sp)); 1980 KASSERT(!cpu_softintr_p()); 1981 1982 if ((cp->flags & CP_AUTH) != 0 && 1983 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) 1984 return; 1985 1986 if (debug) 1987 log(LOG_DEBUG, "%s: %s up(%s)\n", 1988 ifp->if_xname, cp->name, 1989 sppp_state_name(sp->scp[cp->protoidx].state)); 1990 1991 switch (sp->scp[cp->protoidx].state) { 1992 case STATE_INITIAL: 1993 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1994 break; 1995 case STATE_STARTING: 1996 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 1997 (cp->scr)(sp); 1998 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1999 break; 2000 default: 2001 printf("%s: %s illegal up in state %s\n", 2002 ifp->if_xname, cp->name, 2003 sppp_state_name(sp->scp[cp->protoidx].state)); 2004 } 2005 } 2006 2007 static void 2008 sppp_down_event(struct sppp *sp, void *xcp) 2009 { 2010 const struct cp *cp = xcp; 2011 STDDCL; 2012 2013 KASSERT(SPPP_WLOCKED(sp)); 2014 KASSERT(!cpu_softintr_p()); 2015 2016 if ((cp->flags & CP_AUTH) != 0 && 2017 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) 2018 return; 2019 2020 if (debug) 2021 log(LOG_DEBUG, "%s: %s down(%s)\n", 2022 ifp->if_xname, cp->name, 2023 sppp_state_name(sp->scp[cp->protoidx].state)); 2024 2025 switch (sp->scp[cp->protoidx].state) { 2026 case STATE_CLOSED: 2027 case STATE_CLOSING: 2028 sppp_cp_change_state(cp, sp, STATE_INITIAL); 2029 break; 2030 case STATE_STOPPED: 2031 (cp->tls)(cp, sp); 2032 /* fall through */ 2033 case STATE_STOPPING: 2034 case STATE_REQ_SENT: 2035 case STATE_ACK_RCVD: 2036 case STATE_ACK_SENT: 2037 sppp_cp_change_state(cp, sp, STATE_STARTING); 2038 break; 2039 case STATE_OPENED: 2040 (cp->tld)(sp); 2041 sppp_cp_change_state(cp, sp, STATE_STARTING); 2042 break; 2043 default: 2044 /* 2045 * a down event may be caused regardless 2046 * of state just in LCP case. 2047 */ 2048 if (cp->proto == PPP_LCP) 2049 break; 2050 2051 printf("%s: %s illegal down in state %s\n", 2052 ifp->if_xname, cp->name, 2053 sppp_state_name(sp->scp[cp->protoidx].state)); 2054 } 2055 } 2056 2057 static void 2058 sppp_open_event(struct sppp *sp, void *xcp) 2059 { 2060 const struct cp *cp = xcp; 2061 STDDCL; 2062 2063 KASSERT(SPPP_WLOCKED(sp)); 2064 KASSERT(!cpu_softintr_p()); 2065 2066 if ((cp->flags & CP_AUTH) != 0 && 2067 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) 2068 return; 2069 2070 if (debug) 2071 log(LOG_DEBUG, "%s: %s open(%s)\n", 2072 ifp->if_xname, cp->name, 2073 sppp_state_name(sp->scp[cp->protoidx].state)); 2074 2075 switch (sp->scp[cp->protoidx].state) { 2076 case STATE_INITIAL: 2077 sppp_cp_change_state(cp, sp, STATE_STARTING); 2078 (cp->tls)(cp, sp); 2079 break; 2080 case STATE_STARTING: 2081 break; 2082 case STATE_CLOSED: 2083 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 2084 (cp->scr)(sp); 2085 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2086 break; 2087 case STATE_STOPPED: 2088 case STATE_STOPPING: 2089 case STATE_REQ_SENT: 2090 case STATE_ACK_RCVD: 2091 case STATE_ACK_SENT: 2092 case STATE_OPENED: 2093 break; 2094 case STATE_CLOSING: 2095 sppp_cp_change_state(cp, sp, STATE_STOPPING); 2096 break; 2097 } 2098 } 2099 2100 static void 2101 sppp_close_event(struct sppp *sp, void *xcp) 2102 { 2103 const struct cp *cp = xcp; 2104 STDDCL; 2105 2106 KASSERT(SPPP_WLOCKED(sp)); 2107 KASSERT(!cpu_softintr_p()); 2108 2109 if ((cp->flags & CP_AUTH) != 0 && 2110 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) 2111 return; 2112 2113 if (debug) 2114 log(LOG_DEBUG, "%s: %s close(%s)\n", 2115 ifp->if_xname, cp->name, 2116 sppp_state_name(sp->scp[cp->protoidx].state)); 2117 2118 switch (sp->scp[cp->protoidx].state) { 2119 case STATE_INITIAL: 2120 case STATE_CLOSED: 2121 case STATE_CLOSING: 2122 break; 2123 case STATE_STARTING: 2124 sppp_cp_change_state(cp, sp, STATE_INITIAL); 2125 (cp->tlf)(cp, sp); 2126 break; 2127 case STATE_STOPPED: 2128 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2129 break; 2130 case STATE_STOPPING: 2131 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2132 break; 2133 case STATE_OPENED: 2134 (cp->tld)(sp); 2135 /* fall through */ 2136 case STATE_REQ_SENT: 2137 case STATE_ACK_RCVD: 2138 case STATE_ACK_SENT: 2139 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_terminate; 2140 if ((cp->flags & CP_AUTH) == 0) { 2141 sppp_cp_send(sp, cp->proto, TERM_REQ, 2142 ++sp->scp[cp->protoidx].seq, 0, 0); 2143 } 2144 sppp_cp_change_state(cp, sp, STATE_CLOSING); 2145 break; 2146 } 2147 } 2148 2149 static void 2150 sppp_to_event(struct sppp *sp, void *xcp) 2151 { 2152 const struct cp *cp = xcp; 2153 int s; 2154 STDDCL; 2155 2156 KASSERT(SPPP_WLOCKED(sp)); 2157 KASSERT(!cpu_softintr_p()); 2158 2159 s = splnet(); 2160 2161 if (debug) 2162 log(LOG_DEBUG, "%s: %s TO(%s) rst_counter = %d\n", 2163 ifp->if_xname, cp->name, 2164 sppp_state_name(sp->scp[cp->protoidx].state), 2165 sp->scp[cp->protoidx].rst_counter); 2166 2167 if (--sp->scp[cp->protoidx].rst_counter < 0) 2168 /* TO- event */ 2169 switch (sp->scp[cp->protoidx].state) { 2170 case STATE_CLOSING: 2171 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2172 (cp->tlf)(cp, sp); 2173 break; 2174 case STATE_STOPPING: 2175 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2176 (cp->tlf)(cp, sp); 2177 break; 2178 case STATE_REQ_SENT: 2179 case STATE_ACK_RCVD: 2180 case STATE_ACK_SENT: 2181 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2182 (cp->tlf)(cp, sp); 2183 break; 2184 } 2185 else 2186 /* TO+ event */ 2187 switch (sp->scp[cp->protoidx].state) { 2188 case STATE_CLOSING: 2189 case STATE_STOPPING: 2190 if ((cp->flags & CP_AUTH) == 0) { 2191 sppp_cp_send(sp, cp->proto, TERM_REQ, 2192 ++sp->scp[cp->protoidx].seq, 0, 0); 2193 } 2194 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 2195 break; 2196 case STATE_REQ_SENT: 2197 case STATE_ACK_RCVD: 2198 (cp->scr)(sp); 2199 /* sppp_cp_change_state() will restart the timer */ 2200 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2201 break; 2202 case STATE_ACK_SENT: 2203 (cp->scr)(sp); 2204 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 2205 break; 2206 } 2207 2208 splx(s); 2209 } 2210 static void 2211 sppp_rcr_update_state(const struct cp *cp, struct sppp *sp, 2212 enum cp_rcr_type type, uint8_t ident, size_t msglen, void *msg) 2213 { 2214 STDDCL; 2215 u_char ctype; 2216 2217 if (type == CP_RCR_ERR) { 2218 /* parse error, shut down */ 2219 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 2220 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); 2221 } else if (type == CP_RCR_ACK) { 2222 /* RCR+ event */ 2223 ctype = CONF_ACK; 2224 switch (sp->scp[cp->protoidx].state) { 2225 case STATE_OPENED: 2226 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2227 cp->tld(sp); 2228 cp->scr(sp); 2229 cp->screply(cp, sp, ctype, ident, msglen, msg); 2230 break; 2231 case STATE_REQ_SENT: 2232 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2233 /* fall through */ 2234 case STATE_ACK_SENT: 2235 cp->screply(cp, sp, ctype, ident, msglen, msg); 2236 break; 2237 case STATE_STOPPED: 2238 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2239 cp->scr(sp); 2240 cp->screply(cp, sp, ctype, ident, msglen, msg); 2241 break; 2242 case STATE_ACK_RCVD: 2243 sppp_cp_change_state(cp, sp, STATE_OPENED); 2244 if (debug) 2245 log(LOG_DEBUG, "%s: %s tlu\n", 2246 ifp->if_xname, 2247 cp->name); 2248 cp->tlu(sp); 2249 cp->screply(cp, sp, ctype, ident, msglen, msg); 2250 break; 2251 case STATE_CLOSING: 2252 case STATE_STOPPING: 2253 break; 2254 case STATE_CLOSED: 2255 if ((cp->flags & CP_AUTH) == 0) { 2256 sppp_cp_send(sp, cp->proto, TERM_ACK, 2257 ident, 0, 0); 2258 } 2259 break; 2260 default: 2261 printf("%s: %s illegal RCR+ in state %s\n", 2262 ifp->if_xname, cp->name, 2263 sppp_state_name(sp->scp[cp->protoidx].state)); 2264 if_statinc(ifp, if_ierrors); 2265 } 2266 } else if (type == CP_RCR_NAK || type == CP_RCR_REJ) { 2267 ctype = type == CP_RCR_NAK ? CONF_NAK : CONF_REJ; 2268 /* RCR- event */ 2269 switch (sp->scp[cp->protoidx].state) { 2270 case STATE_OPENED: 2271 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2272 cp->tld(sp); 2273 cp->scr(sp); 2274 cp->screply(cp, sp, ctype, ident, msglen, msg); 2275 break; 2276 case STATE_ACK_SENT: 2277 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2278 /* fall through */ 2279 case STATE_REQ_SENT: 2280 cp->screply(cp, sp, ctype, ident, msglen, msg); 2281 break; 2282 case STATE_STOPPED: 2283 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2284 cp->scr(sp); 2285 cp->screply(cp, sp, ctype, ident, msglen, msg); 2286 break; 2287 case STATE_ACK_RCVD: 2288 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 2289 cp->screply(cp, sp, ctype, ident, msglen, msg); 2290 break; 2291 case STATE_CLOSING: 2292 case STATE_STOPPING: 2293 break; 2294 case STATE_CLOSED: 2295 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2296 if ((cp->flags & CP_AUTH) == 0) { 2297 sppp_cp_send(sp, cp->proto, TERM_ACK, 2298 ident, 0, 0); 2299 } 2300 break; 2301 default: 2302 printf("%s: %s illegal RCR- in state %s\n", 2303 ifp->if_xname, cp->name, 2304 sppp_state_name(sp->scp[cp->protoidx].state)); 2305 if_statinc(ifp, if_ierrors); 2306 } 2307 } 2308 } 2309 2310 static void 2311 sppp_rcr_event(struct sppp *sp, void *xcp) 2312 { 2313 const struct cp *cp = xcp; 2314 struct sppp_cp *scp; 2315 struct lcp_header *h; 2316 struct mbuf *m; 2317 enum cp_rcr_type type; 2318 size_t len; 2319 uint8_t *buf; 2320 size_t blen, rlen; 2321 uint8_t ident; 2322 2323 KASSERT(!cpu_softintr_p()); 2324 2325 scp = &sp->scp[cp->protoidx]; 2326 2327 if (cp->parse_confreq != NULL) { 2328 m = scp->mbuf_confreq; 2329 if (m == NULL) 2330 return; 2331 scp->mbuf_confreq = NULL; 2332 2333 h = mtod(m, struct lcp_header *); 2334 if (h->type != CONF_REQ) { 2335 m_freem(m); 2336 return; 2337 } 2338 2339 ident = h->ident; 2340 len = MIN(m->m_pkthdr.len, ntohs(h->len)); 2341 2342 type = (cp->parse_confreq)(sp, h, len, 2343 &buf, &blen, &rlen); 2344 m_freem(m); 2345 } else { 2346 /* mbuf_cofreq is already parsed and freed */ 2347 type = scp->rcr_type; 2348 ident = scp->rconfid; 2349 buf = NULL; 2350 blen = rlen = 0; 2351 } 2352 2353 sppp_rcr_update_state(cp, sp, type, ident, rlen, (void *)buf); 2354 2355 if (buf != NULL) 2356 kmem_free(buf, blen); 2357 } 2358 2359 static void 2360 sppp_rca_event(struct sppp *sp, void *xcp) 2361 { 2362 const struct cp *cp = xcp; 2363 STDDCL; 2364 2365 KASSERT(!cpu_softintr_p()); 2366 2367 switch (sp->scp[cp->protoidx].state) { 2368 case STATE_CLOSED: 2369 case STATE_STOPPED: 2370 if ((cp->flags & CP_AUTH) == 0) { 2371 sppp_cp_send(sp, cp->proto, TERM_ACK, 2372 sp->scp[cp->protoidx].rconfid, 0, 0); 2373 } 2374 break; 2375 case STATE_CLOSING: 2376 case STATE_STOPPING: 2377 break; 2378 case STATE_REQ_SENT: 2379 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 2380 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 2381 break; 2382 case STATE_OPENED: 2383 (cp->tld)(sp); 2384 /* fall through */ 2385 case STATE_ACK_RCVD: 2386 (cp->scr)(sp); 2387 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2388 break; 2389 case STATE_ACK_SENT: 2390 sppp_cp_change_state(cp, sp, STATE_OPENED); 2391 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 2392 if (debug) 2393 log(LOG_DEBUG, "%s: %s tlu\n", 2394 ifp->if_xname, cp->name); 2395 (cp->tlu)(sp); 2396 break; 2397 default: 2398 printf("%s: %s illegal RCA in state %s\n", 2399 ifp->if_xname, cp->name, 2400 sppp_state_name(sp->scp[cp->protoidx].state)); 2401 if_statinc(ifp, if_ierrors); 2402 } 2403 } 2404 2405 static void 2406 sppp_rcn_event(struct sppp *sp, void *xcp) 2407 { 2408 const struct cp *cp = xcp; 2409 struct sppp_cp *scp; 2410 struct lcp_header *h; 2411 struct mbuf *m; 2412 struct ifnet *ifp = &sp->pp_if; 2413 size_t len; 2414 2415 KASSERT(!cpu_softintr_p()); 2416 2417 scp = &sp->scp[cp->protoidx]; 2418 m = scp->mbuf_confnak; 2419 if (m == NULL) 2420 return; 2421 scp->mbuf_confnak = NULL; 2422 2423 h = mtod(m, struct lcp_header *); 2424 len = MIN(m->m_pkthdr.len, ntohs(h->len)); 2425 2426 switch (h->type) { 2427 case CONF_NAK: 2428 (cp->parse_confnak)(sp, h, len); 2429 break; 2430 case CONF_REJ: 2431 (cp->parse_confrej)(sp, h, len); 2432 break; 2433 default: 2434 m_freem(m); 2435 return; 2436 } 2437 2438 m_freem(m); 2439 2440 switch (scp->state) { 2441 case STATE_CLOSED: 2442 case STATE_STOPPED: 2443 if ((cp->flags & CP_AUTH) == 0) { 2444 sppp_cp_send(sp, cp->proto, TERM_ACK, 2445 scp->rconfid, 0, 0); 2446 } 2447 break; 2448 case STATE_REQ_SENT: 2449 case STATE_ACK_SENT: 2450 scp->rst_counter = sp->lcp.max_configure; 2451 (cp->scr)(sp); 2452 break; 2453 case STATE_OPENED: 2454 (cp->tld)(sp); 2455 /* fall through */ 2456 case STATE_ACK_RCVD: 2457 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2458 (cp->scr)(sp); 2459 break; 2460 case STATE_CLOSING: 2461 case STATE_STOPPING: 2462 break; 2463 default: 2464 printf("%s: %s illegal RCN in state %s\n", 2465 ifp->if_xname, cp->name, 2466 sppp_state_name(scp->state)); 2467 if_statinc(ifp, if_ierrors); 2468 } 2469 } 2470 2471 static void 2472 sppp_rtr_event(struct sppp *sp, void *xcp) 2473 { 2474 const struct cp *cp = xcp; 2475 STDDCL; 2476 2477 KASSERT(!cpu_softintr_p()); 2478 2479 switch (sp->scp[cp->protoidx].state) { 2480 case STATE_ACK_RCVD: 2481 case STATE_ACK_SENT: 2482 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2483 break; 2484 case STATE_CLOSED: 2485 case STATE_STOPPED: 2486 case STATE_CLOSING: 2487 case STATE_STOPPING: 2488 case STATE_REQ_SENT: 2489 break; 2490 case STATE_OPENED: 2491 (cp->tld)(sp); 2492 sp->scp[cp->protoidx].rst_counter = 0; 2493 sppp_cp_change_state(cp, sp, STATE_STOPPING); 2494 break; 2495 default: 2496 printf("%s: %s illegal RTR in state %s\n", 2497 ifp->if_xname, cp->name, 2498 sppp_state_name(sp->scp[cp->protoidx].state)); 2499 if_statinc(ifp, if_ierrors); 2500 return; 2501 } 2502 2503 /* Send Terminate-Ack packet. */ 2504 if (debug) 2505 log(LOG_DEBUG, "%s: %s send terminate-ack\n", 2506 ifp->if_xname, cp->name); 2507 if ((cp->flags & CP_AUTH) == 0) { 2508 sppp_cp_send(sp, cp->proto, TERM_ACK, 2509 sp->scp[cp->protoidx].rseq, 0, 0); 2510 } 2511 } 2512 2513 static void 2514 sppp_rta_event(struct sppp *sp, void *xcp) 2515 { 2516 const struct cp *cp = xcp; 2517 struct ifnet *ifp = &sp->pp_if; 2518 2519 KASSERT(!cpu_softintr_p()); 2520 2521 switch (sp->scp[cp->protoidx].state) { 2522 case STATE_CLOSED: 2523 case STATE_STOPPED: 2524 case STATE_REQ_SENT: 2525 case STATE_ACK_SENT: 2526 break; 2527 case STATE_CLOSING: 2528 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2529 (cp->tlf)(cp, sp); 2530 break; 2531 case STATE_STOPPING: 2532 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2533 (cp->tlf)(cp, sp); 2534 break; 2535 case STATE_ACK_RCVD: 2536 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2537 break; 2538 case STATE_OPENED: 2539 (cp->tld)(sp); 2540 (cp->scr)(sp); 2541 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 2542 break; 2543 default: 2544 printf("%s: %s illegal RTA in state %s\n", 2545 ifp->if_xname, cp->name, 2546 sppp_state_name(sp->scp[cp->protoidx].state)); 2547 if_statinc(ifp, if_ierrors); 2548 } 2549 } 2550 2551 static void 2552 sppp_rxj_event(struct sppp *sp, void *xcp) 2553 { 2554 const struct cp *cp = xcp; 2555 struct ifnet *ifp = &sp->pp_if; 2556 2557 KASSERT(!cpu_softintr_p()); 2558 2559 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 2560 switch (sp->scp[cp->protoidx].state) { 2561 case STATE_CLOSED: 2562 case STATE_STOPPED: 2563 case STATE_REQ_SENT: 2564 case STATE_ACK_SENT: 2565 case STATE_CLOSING: 2566 case STATE_STOPPING: 2567 case STATE_OPENED: 2568 break; 2569 case STATE_ACK_RCVD: 2570 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2571 break; 2572 default: 2573 printf("%s: %s illegal RXJ- in state %s\n", 2574 ifp->if_xname, cp->name, 2575 sppp_state_name(sp->scp[cp->protoidx].state)); 2576 if_statinc(ifp, if_ierrors); 2577 } 2578 } 2579 2580 /* 2581 * Change the state of a control protocol in the state automaton. 2582 * Takes care of starting/stopping the restart timer. 2583 */ 2584 void 2585 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2586 { 2587 2588 KASSERT(SPPP_WLOCKED(sp)); 2589 2590 sp->scp[cp->protoidx].state = newstate; 2591 callout_stop(&sp->scp[cp->protoidx].ch); 2592 switch (newstate) { 2593 case STATE_INITIAL: 2594 case STATE_STARTING: 2595 case STATE_CLOSED: 2596 case STATE_STOPPED: 2597 case STATE_OPENED: 2598 break; 2599 case STATE_CLOSING: 2600 case STATE_STOPPING: 2601 case STATE_REQ_SENT: 2602 case STATE_ACK_RCVD: 2603 case STATE_ACK_SENT: 2604 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 2605 break; 2606 } 2607 } 2608 2609 /* 2610 *--------------------------------------------------------------------------* 2611 * * 2612 * The LCP implementation. * 2613 * * 2614 *--------------------------------------------------------------------------* 2615 */ 2616 static void 2617 sppp_lcp_init(struct sppp *sp) 2618 { 2619 2620 KASSERT(SPPP_WLOCKED(sp)); 2621 2622 sppp_cp_init(&lcp, sp); 2623 2624 SET(sp->lcp.opts, SPPP_LCP_OPT_MAGIC); 2625 sp->lcp.magic = 0; 2626 sp->lcp.protos = 0; 2627 sp->lcp.max_terminate = 2; 2628 sp->lcp.max_configure = 10; 2629 sp->lcp.max_failure = 10; 2630 sp->lcp.tlf_sent = false; 2631 2632 /* 2633 * Initialize counters and timeout values. Note that we don't 2634 * use the 3 seconds suggested in RFC 1661 since we are likely 2635 * running on a fast link. XXX We should probably implement 2636 * the exponential backoff option. Note that these values are 2637 * relevant for all control protocols, not just LCP only. 2638 */ 2639 sp->lcp.timeout = 1 * hz; 2640 } 2641 2642 static void 2643 sppp_lcp_up(struct sppp *sp, void *xcp) 2644 { 2645 const struct cp *cp = xcp; 2646 int pidx; 2647 STDDCL; 2648 2649 KASSERT(SPPP_WLOCKED(sp)); 2650 2651 pidx = cp->protoidx; 2652 /* Initialize activity timestamp: opening a connection is an activity */ 2653 sp->pp_last_receive = sp->pp_last_activity = time_uptime; 2654 2655 /* 2656 * If this interface is passive or dial-on-demand, and we are 2657 * still in Initial state, it means we've got an incoming 2658 * call. Activate the interface. 2659 */ 2660 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2661 if (debug) 2662 log(LOG_DEBUG, 2663 "%s: Up event", ifp->if_xname); 2664 ifp->if_flags |= IFF_RUNNING; 2665 if (sp->scp[pidx].state == STATE_INITIAL) { 2666 if (debug) 2667 addlog("(incoming call)\n"); 2668 sp->pp_flags |= PP_CALLIN; 2669 sppp_wq_add(sp->wq_cp, &sp->scp[pidx].work_open); 2670 } else if (debug) 2671 addlog("\n"); 2672 } 2673 2674 sppp_up_event(sp, xcp); 2675 } 2676 2677 static void 2678 sppp_lcp_down(struct sppp *sp, void *xcp) 2679 { 2680 const struct cp *cp = xcp; 2681 int pidx; 2682 STDDCL; 2683 2684 KASSERT(SPPP_WLOCKED(sp)); 2685 KASSERT(!cpu_softintr_p()); 2686 2687 pidx = cp->protoidx; 2688 sppp_down_event(sp, xcp); 2689 2690 /* 2691 * We need to do tls to restart when a down event is caused 2692 * by the last tlf. 2693 */ 2694 if (sp->scp[pidx].state == STATE_STARTING && 2695 sp->lcp.tlf_sent) { 2696 cp->tls(cp, sp); 2697 sp->lcp.tlf_sent = false; 2698 } 2699 2700 /* 2701 * If this is neither a dial-on-demand nor a passive 2702 * interface, simulate an ``ifconfig down'' action, so the 2703 * administrator can force a redial by another ``ifconfig 2704 * up''. XXX For leased line operation, should we immediately 2705 * try to reopen the connection here? 2706 */ 2707 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2708 if (debug) 2709 log(LOG_INFO, 2710 "%s: Down event (carrier loss), taking interface down.\n", 2711 ifp->if_xname); 2712 SPPP_UNLOCK(sp); 2713 if_down(ifp); 2714 SPPP_LOCK(sp, RW_WRITER); 2715 2716 if (sp->lcp.reestablish) 2717 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); 2718 } else { 2719 if (debug) 2720 log(LOG_DEBUG, 2721 "%s: Down event (carrier loss)\n", 2722 ifp->if_xname); 2723 2724 sp->pp_flags &= ~PP_CALLIN; 2725 if (sp->scp[pidx].state != STATE_INITIAL) 2726 sppp_wq_add(sp->wq_cp, &sp->scp[pidx].work_close); 2727 ifp->if_flags &= ~IFF_RUNNING; 2728 } 2729 sp->scp[pidx].fail_counter = 0; 2730 } 2731 2732 static void 2733 sppp_lcp_open(struct sppp *sp, void *xcp) 2734 { 2735 2736 KASSERT(SPPP_WLOCKED(sp)); 2737 KASSERT(!cpu_softintr_p()); 2738 2739 sp->lcp.reestablish = false; 2740 sp->scp[IDX_LCP].fail_counter = 0; 2741 2742 if (sp->pp_if.if_mtu < PP_MTU) { 2743 sp->lcp.mru = sp->pp_if.if_mtu; 2744 SET(sp->lcp.opts, SPPP_LCP_OPT_MRU); 2745 } else { 2746 sp->lcp.mru = PP_MTU; 2747 } 2748 sp->lcp.their_mru = PP_MTU; 2749 2750 /* 2751 * If we are authenticator, negotiate LCP_AUTH 2752 */ 2753 if (sp->hisauth.proto != PPP_NOPROTO) 2754 SET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO); 2755 else 2756 CLR(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO); 2757 sp->pp_flags &= ~PP_NEEDAUTH; 2758 sppp_open_event(sp, xcp); 2759 } 2760 2761 2762 /* 2763 * Analyze a configure request. Return true if it was agreeable, and 2764 * caused action sca, false if it has been rejected or nak'ed, and 2765 * caused action scn. (The return value is used to make the state 2766 * transition decision in the state automaton.) 2767 */ 2768 static enum cp_rcr_type 2769 sppp_lcp_confreq(struct sppp *sp, struct lcp_header *h, int origlen, 2770 uint8_t **msgbuf, size_t *buflen, size_t *msglen) 2771 { 2772 STDDCL; 2773 u_char *buf, *r, *p, l, blen; 2774 enum cp_rcr_type type; 2775 int len, rlen; 2776 uint32_t nmagic; 2777 u_short authproto; 2778 2779 KASSERT(SPPP_WLOCKED(sp)); 2780 2781 if (origlen < sizeof(*h)) 2782 return CP_RCR_DROP; 2783 2784 origlen -= sizeof(*h); 2785 type = CP_RCR_NONE; 2786 type = 0; 2787 2788 if (origlen <= 0) 2789 return CP_RCR_DROP; 2790 else 2791 blen = origlen; 2792 2793 buf = kmem_intr_alloc(blen, KM_NOSLEEP); 2794 if (buf == NULL) 2795 return CP_RCR_DROP; 2796 2797 if (debug) 2798 log(LOG_DEBUG, "%s: lcp parse opts:", 2799 ifp->if_xname); 2800 2801 /* pass 1: check for things that need to be rejected */ 2802 p = (void *)(h + 1); 2803 r = buf; 2804 rlen = 0; 2805 for (len = origlen; len > 1; len-= l, p += l) { 2806 l = p[1]; 2807 if (l == 0) 2808 break; 2809 2810 /* Sanity check option length */ 2811 if (l > len) { 2812 /* 2813 * Malicious option - drop immediately. 2814 * XXX Maybe we should just RXJ it? 2815 */ 2816 addlog("%s: received malicious LCP option 0x%02x, " 2817 "length 0x%02x, (len: 0x%02x) dropping.\n", ifp->if_xname, 2818 p[0], l, len); 2819 type = CP_RCR_ERR; 2820 goto end; 2821 } 2822 if (debug) 2823 addlog(" %s", sppp_lcp_opt_name(*p)); 2824 switch (p[0]) { 2825 case LCP_OPT_MAGIC: 2826 /* Magic number. */ 2827 /* fall through, both are same length */ 2828 case LCP_OPT_ASYNC_MAP: 2829 /* Async control character map. */ 2830 if (len >= 6 || l == 6) 2831 continue; 2832 if (debug) 2833 addlog(" [invalid]"); 2834 break; 2835 case LCP_OPT_MP_EID: 2836 if (len >= l && l >= 3) { 2837 switch (p[2]) { 2838 case 0: if (l==3+ 0) continue;break; 2839 case 2: if (l==3+ 4) continue;break; 2840 case 3: if (l==3+ 6) continue;break; 2841 case 6: if (l==3+16) continue;break; 2842 case 1: /* FALLTHROUGH */ 2843 case 4: if (l<=3+20) continue;break; 2844 case 5: if (l<=3+15) continue;break; 2845 /* XXX should it be default: continue;? */ 2846 } 2847 } 2848 if (debug) 2849 addlog(" [invalid class %d len %d]", p[2], l); 2850 break; 2851 case LCP_OPT_MP_SSNHF: 2852 if (len >= 2 && l == 2) { 2853 if (debug) 2854 addlog(" [rej]"); 2855 break; 2856 } 2857 if (debug) 2858 addlog(" [invalid]"); 2859 break; 2860 case LCP_OPT_MP_MRRU: 2861 /* Multilink maximum received reconstructed unit */ 2862 /* should be fall through, both are same length */ 2863 /* FALLTHROUGH */ 2864 case LCP_OPT_MRU: 2865 /* Maximum receive unit. */ 2866 if (len >= 4 && l == 4) 2867 continue; 2868 if (debug) 2869 addlog(" [invalid]"); 2870 break; 2871 case LCP_OPT_AUTH_PROTO: 2872 if (len < 4) { 2873 if (debug) 2874 addlog(" [invalid]"); 2875 break; 2876 } 2877 authproto = (p[2] << 8) + p[3]; 2878 if (authproto == PPP_CHAP && l != 5) { 2879 if (debug) 2880 addlog(" [invalid chap len]"); 2881 break; 2882 } 2883 if (ISSET(sp->myauth.flags, SPPP_AUTHFLAG_PASSIVEAUTHPROTO)) { 2884 if (authproto == PPP_PAP || authproto == PPP_CHAP) 2885 sp->myauth.proto = authproto; 2886 } 2887 if (sp->myauth.proto == PPP_NOPROTO) { 2888 /* we are not configured to do auth */ 2889 if (debug) 2890 addlog(" [not configured]"); 2891 break; 2892 } 2893 /* 2894 * Remote want us to authenticate, remember this, 2895 * so we stay in SPPP_PHASE_AUTHENTICATE after LCP got 2896 * up. 2897 */ 2898 sp->pp_flags |= PP_NEEDAUTH; 2899 continue; 2900 default: 2901 /* Others not supported. */ 2902 if (debug) 2903 addlog(" [rej]"); 2904 break; 2905 } 2906 if (rlen + l > blen) { 2907 if (debug) 2908 addlog(" [overflow]"); 2909 continue; 2910 } 2911 /* Add the option to rejected list. */ 2912 memcpy(r, p, l); 2913 r += l; 2914 rlen += l; 2915 } 2916 2917 if (rlen > 0) { 2918 type = CP_RCR_REJ; 2919 goto end; 2920 } 2921 2922 if (debug) 2923 addlog("\n"); 2924 2925 /* 2926 * pass 2: check for option values that are unacceptable and 2927 * thus require to be nak'ed. 2928 */ 2929 if (debug) 2930 log(LOG_DEBUG, "%s: lcp parse opt values: ", 2931 ifp->if_xname); 2932 2933 p = (void *)(h + 1); 2934 r = buf; 2935 rlen = 0; 2936 for (len = origlen; len > 0; len -= l, p += l) { 2937 l = p[1]; 2938 if (l == 0) 2939 break; 2940 2941 if (debug) 2942 addlog(" %s", sppp_lcp_opt_name(*p)); 2943 switch (p[0]) { 2944 case LCP_OPT_MAGIC: 2945 /* Magic number -- extract. */ 2946 nmagic = (uint32_t)p[2] << 24 | 2947 (uint32_t)p[3] << 16 | p[4] << 8 | p[5]; 2948 if (nmagic != sp->lcp.magic) { 2949 if (debug) 2950 addlog(" 0x%x", nmagic); 2951 continue; 2952 } 2953 /* 2954 * Local and remote magics equal -- loopback? 2955 */ 2956 if (sp->pp_loopcnt >= LOOPALIVECNT*5) { 2957 printf ("%s: loopback\n", 2958 ifp->if_xname); 2959 sp->pp_loopcnt = 0; 2960 if (ifp->if_flags & IFF_UP) { 2961 SPPP_UNLOCK(sp); 2962 if_down(ifp); 2963 SPPP_LOCK(sp, RW_WRITER); 2964 2965 IF_PURGE(&sp->pp_cpq); 2966 /* XXX ? */ 2967 sppp_wq_add(sp->wq_cp, 2968 &sp->scp[IDX_LCP].work_down); 2969 sppp_wq_add(sp->wq_cp, 2970 &sp->scp[IDX_LCP].work_up); 2971 } 2972 } else if (debug) 2973 addlog(" [glitch]"); 2974 ++sp->pp_loopcnt; 2975 /* 2976 * We negate our magic here, and NAK it. If 2977 * we see it later in an NAK packet, we 2978 * suggest a new one. 2979 */ 2980 nmagic = ~sp->lcp.magic; 2981 /* Gonna NAK it. */ 2982 p[2] = nmagic >> 24; 2983 p[3] = nmagic >> 16; 2984 p[4] = nmagic >> 8; 2985 p[5] = nmagic; 2986 break; 2987 2988 case LCP_OPT_ASYNC_MAP: 2989 /* 2990 * Async control character map -- just ignore it. 2991 * 2992 * Quote from RFC 1662, chapter 6: 2993 * To enable this functionality, synchronous PPP 2994 * implementations MUST always respond to the 2995 * Async-Control-Character-Map Configuration 2996 * Option with the LCP Configure-Ack. However, 2997 * acceptance of the Configuration Option does 2998 * not imply that the synchronous implementation 2999 * will do any ACCM mapping. Instead, all such 3000 * octet mapping will be performed by the 3001 * asynchronous-to-synchronous converter. 3002 */ 3003 continue; 3004 3005 case LCP_OPT_MRU: 3006 /* 3007 * Maximum receive unit. Always agreeable, 3008 * but ignored by now. 3009 */ 3010 sp->lcp.their_mru = p[2] * 256 + p[3]; 3011 if (debug) 3012 addlog(" %ld", sp->lcp.their_mru); 3013 continue; 3014 3015 case LCP_OPT_AUTH_PROTO: 3016 authproto = (p[2] << 8) + p[3]; 3017 if (ISSET(sp->myauth.flags, SPPP_AUTHFLAG_PASSIVEAUTHPROTO)) { 3018 if (authproto == PPP_PAP || authproto == PPP_CHAP) 3019 sp->myauth.proto = authproto; 3020 } 3021 if (sp->myauth.proto == authproto) { 3022 if (authproto != PPP_CHAP || p[4] == CHAP_MD5) { 3023 continue; 3024 } 3025 if (debug) 3026 addlog(" [chap without MD5]"); 3027 } else { 3028 if (debug) 3029 addlog(" [mine %s != his %s]", 3030 sppp_proto_name(sp->myauth.proto), 3031 sppp_proto_name(authproto)); 3032 } 3033 /* not agreed, nak */ 3034 if (sp->myauth.proto == PPP_CHAP) { 3035 l = 5; 3036 } else { 3037 l = 4; 3038 } 3039 3040 if (rlen + l > blen) { 3041 if (debug) 3042 addlog(" [overflow]"); 3043 continue; 3044 } 3045 3046 r[0] = LCP_OPT_AUTH_PROTO; 3047 r[1] = l; 3048 r[2] = sp->myauth.proto >> 8; 3049 r[3] = sp->myauth.proto & 0xff; 3050 if (sp->myauth.proto == PPP_CHAP) 3051 r[4] = CHAP_MD5; 3052 rlen += l; 3053 r += l; 3054 continue; 3055 case LCP_OPT_MP_EID: 3056 /* 3057 * Endpoint identification. 3058 * Always agreeable, 3059 * but ignored by now. 3060 */ 3061 if (debug) { 3062 addlog(" type %d", p[2]); 3063 sppp_print_bytes(p+3, p[1]-3); 3064 } 3065 continue; 3066 case LCP_OPT_MP_MRRU: 3067 /* 3068 * Maximum received reconstructed unit. 3069 * Always agreeable, 3070 * but ignored by now. 3071 */ 3072 sp->lcp.their_mrru = p[2] * 256 + p[3]; 3073 if (debug) 3074 addlog(" %ld", sp->lcp.their_mrru); 3075 continue; 3076 } 3077 if (rlen + l > blen) { 3078 if (debug) 3079 addlog(" [overflow]"); 3080 continue; 3081 } 3082 /* Add the option to nak'ed list. */ 3083 memcpy(r, p, l); 3084 r += l; 3085 rlen += l; 3086 } 3087 3088 if (rlen > 0) { 3089 if (++sp->scp[IDX_LCP].fail_counter >= sp->lcp.max_failure) { 3090 if (debug) 3091 addlog(" max_failure (%d) exceeded, ", 3092 sp->lcp.max_failure); 3093 type = CP_RCR_REJ; 3094 } else { 3095 type = CP_RCR_NAK; 3096 } 3097 } else { 3098 type = CP_RCR_ACK; 3099 rlen = origlen; 3100 memcpy(r, h + 1, rlen); 3101 sp->scp[IDX_LCP].fail_counter = 0; 3102 sp->pp_loopcnt = 0; 3103 } 3104 3105 end: 3106 if (debug) 3107 addlog("\n"); 3108 3109 if (type == CP_RCR_ERR || type == CP_RCR_DROP) { 3110 if (buf != NULL) 3111 kmem_intr_free(buf, blen); 3112 } else { 3113 *msgbuf = buf; 3114 *buflen = blen; 3115 *msglen = rlen; 3116 } 3117 3118 return type; 3119 } 3120 3121 /* 3122 * Analyze the LCP Configure-Reject option list, and adjust our 3123 * negotiation. 3124 */ 3125 static void 3126 sppp_lcp_confrej(struct sppp *sp, struct lcp_header *h, int len) 3127 { 3128 STDDCL; 3129 u_char *p, l; 3130 3131 KASSERT(SPPP_WLOCKED(sp)); 3132 3133 if (len <= sizeof(*h)) 3134 return; 3135 3136 len -= sizeof(*h); 3137 3138 if (debug) 3139 log(LOG_DEBUG, "%s: lcp rej opts:", 3140 ifp->if_xname); 3141 3142 p = (void *)(h + 1); 3143 for (; len > 1 && (l = p[1]) != 0; len -= l, p += l) { 3144 /* Sanity check option length */ 3145 if (l > len) { 3146 /* 3147 * Malicious option - drop immediately. 3148 * XXX Maybe we should just RXJ it? 3149 */ 3150 addlog("%s: received malicious LCP option, " 3151 "dropping.\n", ifp->if_xname); 3152 goto end; 3153 } 3154 if (debug) 3155 addlog(" %s", sppp_lcp_opt_name(*p)); 3156 switch (p[0]) { 3157 case LCP_OPT_MAGIC: 3158 /* Magic number -- can't use it, use 0 */ 3159 CLR(sp->lcp.opts, SPPP_LCP_OPT_MAGIC); 3160 sp->lcp.magic = 0; 3161 break; 3162 case LCP_OPT_MRU: 3163 /* 3164 * We try to negotiate a lower MRU if the underlying 3165 * link's MTU is less than PP_MTU (e.g. PPPoE). If the 3166 * peer rejects this lower rate, fallback to the 3167 * default. 3168 */ 3169 if (debug) { 3170 addlog("%s: warning: peer rejected our MRU of " 3171 "%ld bytes. Defaulting to %d bytes\n", 3172 ifp->if_xname, sp->lcp.mru, PP_MTU); 3173 } 3174 CLR(sp->lcp.opts, SPPP_LCP_OPT_MRU); 3175 sp->lcp.mru = PP_MTU; 3176 break; 3177 case LCP_OPT_AUTH_PROTO: 3178 /* 3179 * Peer doesn't want to authenticate himself, 3180 * deny unless this is a dialout call, and 3181 * SPPP_AUTHFLAG_NOCALLOUT is set. 3182 */ 3183 if ((sp->pp_flags & PP_CALLIN) == 0 && 3184 (sp->hisauth.flags & SPPP_AUTHFLAG_NOCALLOUT) != 0) { 3185 if (debug) 3186 addlog(" [don't insist on auth " 3187 "for callout]"); 3188 CLR(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO); 3189 break; 3190 } 3191 if (debug) 3192 addlog("[access denied]\n"); 3193 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 3194 break; 3195 } 3196 } 3197 if (debug) 3198 addlog("\n"); 3199 end: 3200 return; 3201 } 3202 3203 /* 3204 * Analyze the LCP Configure-NAK option list, and adjust our 3205 * negotiation. 3206 */ 3207 static void 3208 sppp_lcp_confnak(struct sppp *sp, struct lcp_header *h, int len) 3209 { 3210 STDDCL; 3211 u_char *p, l; 3212 uint32_t magic; 3213 3214 KASSERT(SPPP_WLOCKED(sp)); 3215 3216 if (len <= sizeof(*h)) 3217 return; 3218 len -= sizeof(*h); 3219 3220 if (debug) 3221 log(LOG_DEBUG, "%s: lcp nak opts:", 3222 ifp->if_xname); 3223 3224 p = (void *)(h + 1); 3225 for (; len > 1 && (l = p[1]) != 0; len -= l, p += l) { 3226 /* Sanity check option length */ 3227 if (l > len) { 3228 /* 3229 * Malicious option - drop immediately. 3230 * XXX Maybe we should just RXJ it? 3231 */ 3232 addlog("%s: received malicious LCP option, " 3233 "dropping.\n", ifp->if_xname); 3234 goto end; 3235 } 3236 if (debug) 3237 addlog(" %s", sppp_lcp_opt_name(*p)); 3238 switch (p[0]) { 3239 case LCP_OPT_MAGIC: 3240 /* Magic number -- renegotiate */ 3241 if (ISSET(sp->lcp.opts, SPPP_LCP_OPT_MAGIC) && 3242 len >= 6 && l == 6) { 3243 magic = (uint32_t)p[2] << 24 | 3244 (uint32_t)p[3] << 16 | p[4] << 8 | p[5]; 3245 /* 3246 * If the remote magic is our negated one, 3247 * this looks like a loopback problem. 3248 * Suggest a new magic to make sure. 3249 */ 3250 if (magic == ~sp->lcp.magic) { 3251 if (debug) 3252 addlog(" magic glitch"); 3253 sp->lcp.magic = cprng_fast32(); 3254 } else { 3255 sp->lcp.magic = magic; 3256 if (debug) 3257 addlog(" %d", magic); 3258 } 3259 } 3260 break; 3261 case LCP_OPT_MRU: 3262 /* 3263 * Peer wants to advise us to negotiate an MRU. 3264 * Agree on it if it's reasonable, or use 3265 * default otherwise. 3266 */ 3267 if (len >= 4 && l == 4) { 3268 u_int mru = p[2] * 256 + p[3]; 3269 if (debug) 3270 addlog(" %d", mru); 3271 if (mru < PPP_MINMRU || mru > sp->pp_if.if_mtu) 3272 mru = sp->pp_if.if_mtu; 3273 sp->lcp.mru = mru; 3274 SET(sp->lcp.opts, SPPP_LCP_OPT_MRU); 3275 } 3276 break; 3277 case LCP_OPT_AUTH_PROTO: 3278 /* 3279 * Peer doesn't like our authentication method, 3280 * deny. 3281 */ 3282 if (debug) 3283 addlog("[access denied]\n"); 3284 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 3285 break; 3286 } 3287 } 3288 if (debug) 3289 addlog("\n"); 3290 end: 3291 return; 3292 } 3293 3294 static void 3295 sppp_lcp_tlu(struct sppp *sp) 3296 { 3297 STDDCL; 3298 int i; 3299 3300 KASSERT(SPPP_WLOCKED(sp)); 3301 3302 /* unlock for IFNET_LOCK and if_up() */ 3303 SPPP_UNLOCK(sp); 3304 3305 /* XXX ? */ 3306 if (! (ifp->if_flags & IFF_UP) && 3307 (ifp->if_flags & IFF_RUNNING)) { 3308 /* Coming out of loopback mode. */ 3309 if_up(ifp); 3310 } 3311 3312 IFNET_LOCK(ifp); 3313 SPPP_LOCK(sp, RW_WRITER); 3314 3315 if (ifp->if_mtu > sp->lcp.their_mru) { 3316 sp->pp_saved_mtu = ifp->if_mtu; 3317 ifp->if_mtu = sp->lcp.their_mru; 3318 if (debug) { 3319 log(LOG_DEBUG, 3320 "%s: setting MTU " 3321 "from %"PRIu64" bytes " 3322 "to %"PRIu64" bytes\n", 3323 ifp->if_xname, sp->pp_saved_mtu, 3324 ifp->if_mtu); 3325 } 3326 } 3327 IFNET_UNLOCK(ifp); 3328 3329 if (ISSET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO) || 3330 (sp->pp_flags & PP_NEEDAUTH) != 0) 3331 sppp_change_phase(sp, SPPP_PHASE_AUTHENTICATE); 3332 else 3333 sppp_change_phase(sp, SPPP_PHASE_NETWORK); 3334 3335 /* 3336 * Open all authentication protocols. This is even required 3337 * if we already proceeded to network phase, since it might be 3338 * that remote wants us to authenticate, so we might have to 3339 * send a PAP request. Undesired authentication protocols 3340 * don't do anything when they get an Open event. 3341 */ 3342 for (i = 0; i < IDX_COUNT; i++) 3343 if ((cps[i])->flags & CP_AUTH) { 3344 sppp_wq_add(sp->wq_cp, 3345 &sp->scp[(cps[i])->protoidx].work_open); 3346 } 3347 3348 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 3349 /* Notify all NCPs. */ 3350 for (i = 0; i < IDX_COUNT; i++) 3351 if ((cps[i])->flags & CP_NCP) { 3352 sppp_wq_add(sp->wq_cp, 3353 &sp->scp[(cps[i])->protoidx].work_open); 3354 } 3355 } 3356 3357 /* notify low-level driver of state change */ 3358 sppp_notify_chg_wlocked(sp); 3359 } 3360 3361 static void 3362 sppp_lcp_tld(struct sppp *sp) 3363 { 3364 STDDCL; 3365 int i, pi, phase; 3366 3367 KASSERT(SPPP_WLOCKED(sp)); 3368 3369 phase = sp->pp_phase; 3370 3371 sppp_change_phase(sp, SPPP_PHASE_TERMINATE); 3372 3373 if (sp->pp_saved_mtu > 0) { 3374 SPPP_UNLOCK(sp); 3375 IFNET_LOCK(ifp); 3376 SPPP_LOCK(sp, RW_WRITER); 3377 3378 if (debug) { 3379 log(LOG_DEBUG, 3380 "%s: setting MTU " 3381 "from %"PRIu64" bytes " 3382 "to %"PRIu64" bytes\n", 3383 ifp->if_xname, ifp->if_mtu, 3384 sp->pp_saved_mtu); 3385 } 3386 3387 ifp->if_mtu = sp->pp_saved_mtu; 3388 sp->pp_saved_mtu = 0; 3389 IFNET_UNLOCK(ifp); 3390 } 3391 3392 /* 3393 * Take upper layers down. We send the Down event first and 3394 * the Close second to prevent the upper layers from sending 3395 * ``a flurry of terminate-request packets'', as the RFC 3396 * describes it. 3397 */ 3398 for (i = 0; i < IDX_COUNT; i++) { 3399 pi = (cps[i])->protoidx; 3400 if (((cps[i])->flags & CP_LCP) == 0) { 3401 /* skip if ncp was not started */ 3402 if (phase != SPPP_PHASE_NETWORK && 3403 ((cps[i])->flags & CP_NCP) != 0) 3404 continue; 3405 3406 sppp_wq_add(sp->wq_cp, &sp->scp[pi].work_down); 3407 sppp_wq_add(sp->wq_cp, &sp->scp[pi].work_close); 3408 } 3409 } 3410 } 3411 3412 static void 3413 sppp_lcp_tls(const struct cp *cp __unused, struct sppp *sp) 3414 { 3415 3416 KASSERT(SPPP_WLOCKED(sp)); 3417 3418 if (sp->pp_max_auth_fail != 0 && sp->pp_auth_failures >= sp->pp_max_auth_fail) { 3419 printf("%s: authentication failed %d times, not retrying again\n", 3420 sp->pp_if.if_xname, sp->pp_auth_failures); 3421 3422 SPPP_UNLOCK(sp); 3423 if_down(&sp->pp_if); 3424 SPPP_LOCK(sp, RW_WRITER); 3425 return; 3426 } 3427 3428 sppp_change_phase(sp, SPPP_PHASE_ESTABLISH); 3429 3430 /* Notify lower layer if desired. */ 3431 sppp_notify_tls_wlocked(sp); 3432 sp->lcp.tlf_sent = false; 3433 } 3434 3435 static void 3436 sppp_lcp_tlf(const struct cp *cp __unused, struct sppp *sp) 3437 { 3438 3439 KASSERT(SPPP_WLOCKED(sp)); 3440 3441 sppp_change_phase(sp, SPPP_PHASE_DEAD); 3442 3443 /* Notify lower layer if desired. */ 3444 sppp_notify_tlf_wlocked(sp); 3445 3446 switch (sp->scp[IDX_LCP].state) { 3447 case STATE_CLOSED: 3448 case STATE_STOPPED: 3449 sp->lcp.tlf_sent = true; 3450 break; 3451 case STATE_INITIAL: 3452 default: 3453 /* just in case */ 3454 sp->lcp.tlf_sent = false; 3455 } 3456 } 3457 3458 static void 3459 sppp_lcp_scr(struct sppp *sp) 3460 { 3461 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 3462 int i = 0; 3463 u_short authproto; 3464 3465 KASSERT(SPPP_WLOCKED(sp)); 3466 3467 if (ISSET(sp->lcp.opts, SPPP_LCP_OPT_MAGIC)) { 3468 if (! sp->lcp.magic) 3469 sp->lcp.magic = cprng_fast32(); 3470 opt[i++] = LCP_OPT_MAGIC; 3471 opt[i++] = 6; 3472 opt[i++] = sp->lcp.magic >> 24; 3473 opt[i++] = sp->lcp.magic >> 16; 3474 opt[i++] = sp->lcp.magic >> 8; 3475 opt[i++] = sp->lcp.magic; 3476 } 3477 3478 if (ISSET(sp->lcp.opts,SPPP_LCP_OPT_MRU)) { 3479 opt[i++] = LCP_OPT_MRU; 3480 opt[i++] = 4; 3481 opt[i++] = sp->lcp.mru >> 8; 3482 opt[i++] = sp->lcp.mru; 3483 } 3484 3485 if (ISSET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO)) { 3486 authproto = sp->hisauth.proto; 3487 opt[i++] = LCP_OPT_AUTH_PROTO; 3488 opt[i++] = authproto == PPP_CHAP? 5: 4; 3489 opt[i++] = authproto >> 8; 3490 opt[i++] = authproto; 3491 if (authproto == PPP_CHAP) 3492 opt[i++] = CHAP_MD5; 3493 } 3494 3495 sp->scp[IDX_LCP].confid = ++sp->scp[IDX_LCP].seq; 3496 sppp_cp_send(sp, PPP_LCP, CONF_REQ, sp->scp[IDX_LCP].confid, i, &opt); 3497 } 3498 3499 /* 3500 * Check the open NCPs, return true if at least one NCP is open. 3501 */ 3502 3503 static int 3504 sppp_cp_check(struct sppp *sp, u_char cp_flags) 3505 { 3506 int i, mask; 3507 3508 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 3509 if ((sp->lcp.protos & mask) && (cps[i])->flags & cp_flags) 3510 return 1; 3511 return 0; 3512 } 3513 3514 /* 3515 * Re-check the open NCPs and see if we should terminate the link. 3516 * Called by the NCPs during their tlf action handling. 3517 */ 3518 static void 3519 sppp_lcp_check_and_close(struct sppp *sp) 3520 { 3521 3522 KASSERT(SPPP_WLOCKED(sp)); 3523 3524 if (sp->pp_phase < SPPP_PHASE_AUTHENTICATE) { 3525 /* don't bother, we are already going down */ 3526 return; 3527 } 3528 3529 if (sp->pp_phase == SPPP_PHASE_AUTHENTICATE && 3530 sppp_cp_check(sp, CP_AUTH)) 3531 return; 3532 3533 if (sp->pp_phase >= SPPP_PHASE_NETWORK && 3534 sppp_cp_check(sp, CP_NCP)) 3535 return; 3536 3537 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 3538 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); 3539 } 3540 3541 /* 3542 *--------------------------------------------------------------------------* 3543 * * 3544 * The IPCP implementation. * 3545 * * 3546 *--------------------------------------------------------------------------* 3547 */ 3548 3549 static void 3550 sppp_ipcp_init(struct sppp *sp) 3551 { 3552 3553 KASSERT(SPPP_WLOCKED(sp)); 3554 3555 sppp_cp_init(&ipcp, sp); 3556 3557 sp->ipcp.opts = 0; 3558 sp->ipcp.flags = 0; 3559 } 3560 3561 static void 3562 sppp_ipcp_open(struct sppp *sp, void *xcp) 3563 { 3564 STDDCL; 3565 uint32_t myaddr, hisaddr; 3566 3567 KASSERT(SPPP_WLOCKED(sp)); 3568 KASSERT(!cpu_softintr_p()); 3569 3570 if (!ISSET(sp->pp_ncpflags, SPPP_NCP_IPCP)) 3571 return; 3572 3573 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN|IPCP_HISADDR_DYN); 3574 sp->ipcp.req_myaddr = 0; 3575 sp->ipcp.req_hisaddr = 0; 3576 memset(&sp->dns_addrs, 0, sizeof sp->dns_addrs); 3577 3578 #ifdef INET 3579 kpreempt_disable(); 3580 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 3581 kpreempt_enable(); 3582 #else 3583 myaddr = hisaddr = 0; 3584 #endif 3585 /* 3586 * If we don't have his address, this probably means our 3587 * interface doesn't want to talk IP at all. (This could 3588 * be the case if somebody wants to speak only IPX, for 3589 * example.) Don't open IPCP in this case. 3590 */ 3591 if (hisaddr == 0) { 3592 /* XXX this message should go away */ 3593 if (debug) 3594 log(LOG_DEBUG, "%s: ipcp_open(): no IP interface\n", 3595 ifp->if_xname); 3596 return; 3597 } 3598 3599 if (myaddr == 0) { 3600 /* 3601 * I don't have an assigned address, so i need to 3602 * negotiate my address. 3603 */ 3604 sp->ipcp.flags |= IPCP_MYADDR_DYN; 3605 SET(sp->ipcp.opts, SPPP_IPCP_OPT_ADDRESS); 3606 } 3607 if (hisaddr == 1) { 3608 /* 3609 * XXX - remove this hack! 3610 * remote has no valid address, we need to get one assigned. 3611 */ 3612 sp->ipcp.flags |= IPCP_HISADDR_DYN; 3613 sp->ipcp.saved_hisaddr = htonl(hisaddr); 3614 } 3615 3616 if (sp->query_dns & 1) { 3617 SET(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS); 3618 } else { 3619 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS); 3620 } 3621 3622 if (sp->query_dns & 2) { 3623 SET(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS); 3624 } else { 3625 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS); 3626 } 3627 sppp_open_event(sp, xcp); 3628 } 3629 3630 static void 3631 sppp_ipcp_close(struct sppp *sp, void *xcp) 3632 { 3633 3634 KASSERT(SPPP_WLOCKED(sp)); 3635 KASSERT(!cpu_softintr_p()); 3636 3637 sppp_close_event(sp, xcp); 3638 3639 #ifdef INET 3640 if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN)) 3641 /* 3642 * Some address was dynamic, clear it again. 3643 */ 3644 sppp_clear_ip_addrs(sp); 3645 #endif 3646 } 3647 3648 /* 3649 * Analyze a configure request. Return true if it was agreeable, and 3650 * caused action sca, false if it has been rejected or nak'ed, and 3651 * caused action scn. (The return value is used to make the state 3652 * transition decision in the state automaton.) 3653 */ 3654 static enum cp_rcr_type 3655 sppp_ipcp_confreq(struct sppp *sp, struct lcp_header *h, int origlen, 3656 uint8_t **msgbuf, size_t *buflen, size_t *msglen) 3657 { 3658 u_char *buf, *r, *p, l, blen; 3659 enum cp_rcr_type type; 3660 struct ifnet *ifp = &sp->pp_if; 3661 int rlen, len, debug = ifp->if_flags & IFF_DEBUG; 3662 uint32_t hisaddr, desiredaddr; 3663 3664 KASSERT(SPPP_WLOCKED(sp)); 3665 3666 type = CP_RCR_NONE; 3667 origlen -= sizeof(*h); 3668 3669 if (origlen < 0) 3670 return CP_RCR_DROP; 3671 3672 /* 3673 * Make sure to allocate a buf that can at least hold a 3674 * conf-nak with an `address' option. We might need it below. 3675 */ 3676 blen = MAX(6, origlen); 3677 3678 buf = kmem_intr_alloc(blen, KM_NOSLEEP); 3679 if (buf == NULL) 3680 return CP_RCR_DROP; 3681 3682 /* pass 1: see if we can recognize them */ 3683 if (debug) 3684 log(LOG_DEBUG, "%s: ipcp parse opts:", 3685 ifp->if_xname); 3686 p = (void *)(h + 1); 3687 r = buf; 3688 rlen = 0; 3689 for (len = origlen; len > 1; len -= l, p += l) { 3690 l = p[1]; 3691 if (l == 0) 3692 break; 3693 3694 /* Sanity check option length */ 3695 if (l > len) { 3696 /* XXX should we just RXJ? */ 3697 addlog("%s: malicious IPCP option received, dropping\n", 3698 ifp->if_xname); 3699 type = CP_RCR_ERR; 3700 goto end; 3701 } 3702 if (debug) 3703 addlog(" %s", sppp_ipcp_opt_name(*p)); 3704 switch (p[0]) { 3705 #ifdef notyet 3706 case IPCP_OPT_COMPRESSION: 3707 if (len >= 6 && l >= 6) { 3708 /* correctly formed compress option */ 3709 continue; 3710 } 3711 if (debug) 3712 addlog(" [invalid]"); 3713 break; 3714 #endif 3715 case IPCP_OPT_ADDRESS: 3716 if (len >= 6 && l == 6) { 3717 /* correctly formed address option */ 3718 continue; 3719 } 3720 if (debug) 3721 addlog(" [invalid]"); 3722 break; 3723 default: 3724 /* Others not supported. */ 3725 if (debug) 3726 addlog(" [rej]"); 3727 break; 3728 } 3729 /* Add the option to rejected list. */ 3730 if (rlen + l > blen) { 3731 if (debug) 3732 addlog(" [overflow]"); 3733 continue; 3734 } 3735 memcpy(r, p, l); 3736 r += l; 3737 rlen += l; 3738 } 3739 3740 if (rlen > 0) { 3741 type = CP_RCR_REJ; 3742 goto end; 3743 } 3744 3745 if (debug) 3746 addlog("\n"); 3747 3748 /* pass 2: parse option values */ 3749 if (sp->ipcp.flags & IPCP_HISADDR_SEEN) 3750 hisaddr = sp->ipcp.req_hisaddr; /* we already aggreed on that */ 3751 else 3752 #ifdef INET 3753 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */ 3754 #else 3755 hisaddr = 0; 3756 #endif 3757 if (debug) 3758 log(LOG_DEBUG, "%s: ipcp parse opt values: ", 3759 ifp->if_xname); 3760 p = (void *)(h + 1); 3761 r = buf; 3762 rlen = 0; 3763 for (len = origlen; len > 1; len -= l, p += l) { 3764 l = p[1]; 3765 if (l == 0) 3766 break; 3767 3768 if (debug) 3769 addlog(" %s", sppp_ipcp_opt_name(*p)); 3770 switch (p[0]) { 3771 #ifdef notyet 3772 case IPCP_OPT_COMPRESSION: 3773 continue; 3774 #endif 3775 case IPCP_OPT_ADDRESS: 3776 desiredaddr = p[2] << 24 | p[3] << 16 | 3777 p[4] << 8 | p[5]; 3778 if (desiredaddr == hisaddr || 3779 ((sp->ipcp.flags & IPCP_HISADDR_DYN) && desiredaddr != 0)) { 3780 /* 3781 * Peer's address is same as our value, 3782 * this is agreeable. Gonna conf-ack 3783 * it. 3784 */ 3785 if (debug) 3786 addlog(" %s [ack]", 3787 sppp_dotted_quad(hisaddr)); 3788 /* record that we've seen it already */ 3789 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 3790 sp->ipcp.req_hisaddr = desiredaddr; 3791 hisaddr = desiredaddr; 3792 continue; 3793 } 3794 /* 3795 * The address wasn't agreeable. This is either 3796 * he sent us 0.0.0.0, asking to assign him an 3797 * address, or he send us another address not 3798 * matching our value. Either case, we gonna 3799 * conf-nak it with our value. 3800 */ 3801 if (debug) { 3802 if (desiredaddr == 0) 3803 addlog(" [addr requested]"); 3804 else 3805 addlog(" %s [not agreed]", 3806 sppp_dotted_quad(desiredaddr)); 3807 } 3808 3809 p[2] = hisaddr >> 24; 3810 p[3] = hisaddr >> 16; 3811 p[4] = hisaddr >> 8; 3812 p[5] = hisaddr; 3813 break; 3814 } 3815 if (rlen + l > blen) { 3816 if (debug) 3817 addlog(" [overflow]"); 3818 continue; 3819 } 3820 /* Add the option to nak'ed list. */ 3821 memcpy(r, p, l); 3822 r += l; 3823 rlen += l; 3824 } 3825 3826 if (rlen > 0) { 3827 type = CP_RCR_NAK; 3828 } else { 3829 if ((sp->ipcp.flags & IPCP_HISADDR_SEEN) == 0) { 3830 /* 3831 * If we are about to conf-ack the request, but haven't seen 3832 * his address so far, gonna conf-nak it instead, with the 3833 * `address' option present and our idea of his address being 3834 * filled in there, to request negotiation of both addresses. 3835 * 3836 * XXX This can result in an endless req - nak loop if peer 3837 * doesn't want to send us his address. Q: What should we do 3838 * about it? XXX A: implement the max-failure counter. 3839 */ 3840 buf[0] = IPCP_OPT_ADDRESS; 3841 buf[1] = 6; 3842 buf[2] = hisaddr >> 24; 3843 buf[3] = hisaddr >> 16; 3844 buf[4] = hisaddr >> 8; 3845 buf[5] = hisaddr; 3846 rlen = 6; 3847 if (debug) 3848 addlog(" still need hisaddr"); 3849 type = CP_RCR_NAK; 3850 } else { 3851 type = CP_RCR_ACK; 3852 rlen = origlen; 3853 memcpy(r, h + 1, rlen); 3854 } 3855 } 3856 3857 end: 3858 if (debug) 3859 addlog("\n"); 3860 3861 if (type == CP_RCR_ERR || type == CP_RCR_DROP) { 3862 if (buf != NULL) 3863 kmem_intr_free(buf, blen); 3864 } else { 3865 *msgbuf = buf; 3866 *buflen = blen; 3867 *msglen = rlen; 3868 } 3869 3870 return type; 3871 } 3872 3873 /* 3874 * Analyze the IPCP Configure-Reject option list, and adjust our 3875 * negotiation. 3876 */ 3877 static void 3878 sppp_ipcp_confrej(struct sppp *sp, struct lcp_header *h, int len) 3879 { 3880 u_char *p, l; 3881 struct ifnet *ifp = &sp->pp_if; 3882 int debug = ifp->if_flags & IFF_DEBUG; 3883 3884 KASSERT(SPPP_WLOCKED(sp)); 3885 3886 if (len <= sizeof(*h)) 3887 return; 3888 3889 len -= sizeof(*h); 3890 3891 if (debug) 3892 log(LOG_DEBUG, "%s: ipcp rej opts:", 3893 ifp->if_xname); 3894 3895 p = (void *)(h + 1); 3896 for (; len > 1; len -= l, p += l) { 3897 l = p[1]; 3898 if (l == 0) 3899 break; 3900 3901 /* Sanity check option length */ 3902 if (l > len) { 3903 /* XXX should we just RXJ? */ 3904 addlog("%s: malicious IPCP option received, dropping\n", 3905 ifp->if_xname); 3906 goto end; 3907 } 3908 if (debug) 3909 addlog(" %s", sppp_ipcp_opt_name(*p)); 3910 switch (p[0]) { 3911 case IPCP_OPT_ADDRESS: 3912 /* 3913 * Peer doesn't grok address option. This is 3914 * bad. XXX Should we better give up here? 3915 */ 3916 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_ADDRESS); 3917 break; 3918 #ifdef notyet 3919 case IPCP_OPT_COMPRESS: 3920 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_COMPRESS); 3921 break; 3922 #endif 3923 case IPCP_OPT_PRIMDNS: 3924 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS); 3925 break; 3926 3927 case IPCP_OPT_SECDNS: 3928 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS); 3929 break; 3930 } 3931 } 3932 if (debug) 3933 addlog("\n"); 3934 end: 3935 return; 3936 } 3937 3938 /* 3939 * Analyze the IPCP Configure-NAK option list, and adjust our 3940 * negotiation. 3941 */ 3942 static void 3943 sppp_ipcp_confnak(struct sppp *sp, struct lcp_header *h, int len) 3944 { 3945 u_char *p, l; 3946 struct ifnet *ifp = &sp->pp_if; 3947 int debug = ifp->if_flags & IFF_DEBUG; 3948 uint32_t wantaddr; 3949 3950 KASSERT(SPPP_WLOCKED(sp)); 3951 3952 len -= sizeof(*h); 3953 3954 if (debug) 3955 log(LOG_DEBUG, "%s: ipcp nak opts:", 3956 ifp->if_xname); 3957 3958 p = (void *)(h + 1); 3959 for (; len > 1; len -= l, p += l) { 3960 l = p[1]; 3961 if (l == 0) 3962 break; 3963 3964 /* Sanity check option length */ 3965 if (l > len) { 3966 /* XXX should we just RXJ? */ 3967 addlog("%s: malicious IPCP option received, dropping\n", 3968 ifp->if_xname); 3969 return; 3970 } 3971 if (debug) 3972 addlog(" %s", sppp_ipcp_opt_name(*p)); 3973 switch (*p) { 3974 case IPCP_OPT_ADDRESS: 3975 /* 3976 * Peer doesn't like our local IP address. See 3977 * if we can do something for him. We'll drop 3978 * him our address then. 3979 */ 3980 if (len >= 6 && l == 6) { 3981 wantaddr = p[2] << 24 | p[3] << 16 | 3982 p[4] << 8 | p[5]; 3983 SET(sp->ipcp.opts, SPPP_IPCP_OPT_ADDRESS); 3984 if (debug) 3985 addlog(" [wantaddr %s]", 3986 sppp_dotted_quad(wantaddr)); 3987 /* 3988 * When doing dynamic address assignment, 3989 * we accept his offer. Otherwise, we 3990 * ignore it and thus continue to negotiate 3991 * our already existing value. 3992 */ 3993 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3994 if (ntohl(wantaddr) != INADDR_ANY) { 3995 if (debug) 3996 addlog(" [agree]"); 3997 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3998 sp->ipcp.req_myaddr = wantaddr; 3999 } else { 4000 if (debug) 4001 addlog(" [not agreed]"); 4002 } 4003 } 4004 } 4005 break; 4006 4007 case IPCP_OPT_PRIMDNS: 4008 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS) && 4009 len >= 6 && l == 6) { 4010 sp->dns_addrs[0] = p[2] << 24 | p[3] << 16 | 4011 p[4] << 8 | p[5]; 4012 } 4013 break; 4014 4015 case IPCP_OPT_SECDNS: 4016 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS) && 4017 len >= 6 && l == 6) { 4018 sp->dns_addrs[1] = p[2] << 24 | p[3] << 16 | 4019 p[4] << 8 | p[5]; 4020 } 4021 break; 4022 #ifdef notyet 4023 case IPCP_OPT_COMPRESS: 4024 /* 4025 * Peer wants different compression parameters. 4026 */ 4027 break; 4028 #endif 4029 } 4030 } 4031 if (debug) 4032 addlog("\n"); 4033 } 4034 4035 static void 4036 sppp_ipcp_tlu(struct sppp *sp) 4037 { 4038 #ifdef INET 4039 struct ifnet *ifp; 4040 4041 ifp = &sp->pp_if; 4042 KASSERT(SPPP_WLOCKED(sp)); 4043 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && 4044 ((sp->ipcp.flags & IPCP_MYADDR_SEEN) == 0)) { 4045 log(LOG_WARNING, "%s: no IP address, closing IPCP\n", 4046 ifp->if_xname); 4047 sppp_wq_add(sp->wq_cp, 4048 &sp->scp[IDX_IPCP].work_close); 4049 } else { 4050 /* we are up. Set addresses and notify anyone interested */ 4051 sppp_set_ip_addrs(sp); 4052 } 4053 #endif 4054 } 4055 4056 static void 4057 sppp_ipcp_scr(struct sppp *sp) 4058 { 4059 uint8_t opt[6 /* compression */ + 6 /* address */ + 12 /* dns addresses */]; 4060 #ifdef INET 4061 uint32_t ouraddr; 4062 #endif 4063 int i = 0; 4064 4065 KASSERT(SPPP_WLOCKED(sp)); 4066 4067 #ifdef notyet 4068 if (ISSET(sp->ipcp.opts,SPPP_IPCP_OPT_COMPRESSION)) { 4069 opt[i++] = IPCP_OPT_COMPRESSION; 4070 opt[i++] = 6; 4071 opt[i++] = 0; /* VJ header compression */ 4072 opt[i++] = 0x2d; /* VJ header compression */ 4073 opt[i++] = max_slot_id; 4074 opt[i++] = comp_slot_id; 4075 } 4076 #endif 4077 4078 #ifdef INET 4079 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_ADDRESS)) { 4080 if (sp->ipcp.flags & IPCP_MYADDR_SEEN) { 4081 ouraddr = sp->ipcp.req_myaddr; /* not sure if this can ever happen */ 4082 } else { 4083 kpreempt_disable(); 4084 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 4085 kpreempt_enable(); 4086 } 4087 opt[i++] = IPCP_OPT_ADDRESS; 4088 opt[i++] = 6; 4089 opt[i++] = ouraddr >> 24; 4090 opt[i++] = ouraddr >> 16; 4091 opt[i++] = ouraddr >> 8; 4092 opt[i++] = ouraddr; 4093 } 4094 #endif 4095 4096 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS)) { 4097 opt[i++] = IPCP_OPT_PRIMDNS; 4098 opt[i++] = 6; 4099 opt[i++] = sp->dns_addrs[0] >> 24; 4100 opt[i++] = sp->dns_addrs[0] >> 16; 4101 opt[i++] = sp->dns_addrs[0] >> 8; 4102 opt[i++] = sp->dns_addrs[0]; 4103 } 4104 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS)) { 4105 opt[i++] = IPCP_OPT_SECDNS; 4106 opt[i++] = 6; 4107 opt[i++] = sp->dns_addrs[1] >> 24; 4108 opt[i++] = sp->dns_addrs[1] >> 16; 4109 opt[i++] = sp->dns_addrs[1] >> 8; 4110 opt[i++] = sp->dns_addrs[1]; 4111 } 4112 4113 sp->scp[IDX_IPCP].confid = ++sp->scp[IDX_IPCP].seq; 4114 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->scp[IDX_IPCP].confid, i, &opt); 4115 } 4116 4117 /* 4118 *--------------------------------------------------------------------------* 4119 * * 4120 * The IPv6CP implementation. * 4121 * * 4122 *--------------------------------------------------------------------------* 4123 */ 4124 4125 #ifdef INET6 4126 static void 4127 sppp_ipv6cp_init(struct sppp *sp) 4128 { 4129 4130 KASSERT(SPPP_WLOCKED(sp)); 4131 4132 sppp_cp_init(&ipv6cp, sp); 4133 4134 sp->ipv6cp.opts = 0; 4135 sp->ipv6cp.flags = 0; 4136 } 4137 4138 static void 4139 sppp_ipv6cp_open(struct sppp *sp, void *xcp) 4140 { 4141 STDDCL; 4142 struct in6_addr myaddr, hisaddr; 4143 4144 KASSERT(SPPP_WLOCKED(sp)); 4145 KASSERT(!cpu_softintr_p()); 4146 4147 if (!ISSET(sp->pp_ncpflags, SPPP_NCP_IPV6CP)) 4148 return; 4149 4150 #ifdef IPV6CP_MYIFID_DYN 4151 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 4152 #else 4153 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 4154 #endif 4155 4156 kpreempt_disable(); 4157 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 4158 kpreempt_enable(); 4159 /* 4160 * If we don't have our address, this probably means our 4161 * interface doesn't want to talk IPv6 at all. (This could 4162 * be the case if somebody wants to speak only IPX, for 4163 * example.) Don't open IPv6CP in this case. 4164 */ 4165 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 4166 /* XXX this message should go away */ 4167 if (debug) 4168 log(LOG_DEBUG, "%s: ipv6cp_open(): no IPv6 interface\n", 4169 ifp->if_xname); 4170 return; 4171 } 4172 4173 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 4174 SET(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_IFID); 4175 sppp_open_event(sp, xcp); 4176 } 4177 4178 /* 4179 * Analyze a configure request. Return true if it was agreeable, and 4180 * caused action sca, false if it has been rejected or nak'ed, and 4181 * caused action scn. (The return value is used to make the state 4182 * transition decision in the state automaton.) 4183 */ 4184 static enum cp_rcr_type 4185 sppp_ipv6cp_confreq(struct sppp *sp, struct lcp_header *h, int origlen, 4186 uint8_t **msgbuf, size_t *buflen, size_t *msglen) 4187 { 4188 u_char *buf, *r, *p, l, blen; 4189 struct ifnet *ifp = &sp->pp_if; 4190 int rlen, len, debug = ifp->if_flags & IFF_DEBUG; 4191 struct in6_addr myaddr, desiredaddr, suggestaddr; 4192 enum cp_rcr_type type; 4193 int ifidcount; 4194 int collision, nohisaddr; 4195 char ip6buf[INET6_ADDRSTRLEN]; 4196 4197 KASSERT(SPPP_WLOCKED(sp)); 4198 4199 type = CP_RCR_NONE; 4200 origlen -= sizeof(*h); 4201 4202 if (origlen < 0) 4203 return CP_RCR_DROP; 4204 4205 /* 4206 * Make sure to allocate a buf that can at least hold a 4207 * conf-nak with an `address' option. We might need it below. 4208 */ 4209 blen = MAX(6, origlen); 4210 4211 buf = kmem_intr_alloc(blen, KM_NOSLEEP); 4212 if (buf == NULL) 4213 return CP_RCR_DROP; 4214 4215 /* pass 1: see if we can recognize them */ 4216 if (debug) 4217 log(LOG_DEBUG, "%s: ipv6cp parse opts:", 4218 ifp->if_xname); 4219 p = (void *)(h + 1); 4220 r = buf; 4221 rlen = 0; 4222 ifidcount = 0; 4223 for (len = origlen; len > 1; len -= l, p += l) { 4224 l = p[1]; 4225 if (l == 0) 4226 break; 4227 4228 /* Sanity check option length */ 4229 if (l > len) { 4230 /* XXX just RXJ? */ 4231 addlog("%s: received malicious IPCPv6 option, " 4232 "dropping\n", ifp->if_xname); 4233 type = CP_RCR_ERR; 4234 goto end; 4235 } 4236 if (debug) 4237 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 4238 switch (p[0]) { 4239 case IPV6CP_OPT_IFID: 4240 if (len >= 10 && l == 10 && ifidcount == 0) { 4241 /* correctly formed address option */ 4242 ifidcount++; 4243 continue; 4244 } 4245 if (debug) 4246 addlog(" [invalid]"); 4247 break; 4248 #ifdef notyet 4249 case IPV6CP_OPT_COMPRESSION: 4250 if (len >= 4 && l >= 4) { 4251 /* correctly formed compress option */ 4252 continue; 4253 } 4254 if (debug) 4255 addlog(" [invalid]"); 4256 break; 4257 #endif 4258 default: 4259 /* Others not supported. */ 4260 if (debug) 4261 addlog(" [rej]"); 4262 break; 4263 } 4264 if (rlen + l > blen) { 4265 if (debug) 4266 addlog(" [overflow]"); 4267 continue; 4268 } 4269 /* Add the option to rejected list. */ 4270 memcpy(r, p, l); 4271 r += l; 4272 rlen += l; 4273 } 4274 4275 if (rlen > 0) { 4276 type = CP_RCR_REJ; 4277 goto end; 4278 } 4279 4280 if (debug) 4281 addlog("\n"); 4282 4283 /* pass 2: parse option values */ 4284 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 4285 if (debug) 4286 log(LOG_DEBUG, "%s: ipv6cp parse opt values: ", 4287 ifp->if_xname); 4288 p = (void *)(h + 1); 4289 r = buf; 4290 rlen = 0; 4291 type = CP_RCR_ACK; 4292 for (len = origlen; len > 1; len -= l, p += l) { 4293 l = p[1]; 4294 if (l == 0) 4295 break; 4296 4297 if (debug) 4298 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 4299 switch (p[0]) { 4300 #ifdef notyet 4301 case IPV6CP_OPT_COMPRESSION: 4302 continue; 4303 #endif 4304 case IPV6CP_OPT_IFID: 4305 memset(&desiredaddr, 0, sizeof(desiredaddr)); 4306 memcpy(&desiredaddr.s6_addr[8], &p[2], 8); 4307 collision = (memcmp(&desiredaddr.s6_addr[8], 4308 &myaddr.s6_addr[8], 8) == 0); 4309 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 4310 4311 desiredaddr.s6_addr16[0] = htons(0xfe80); 4312 (void)in6_setscope(&desiredaddr, &sp->pp_if, NULL); 4313 4314 if (!collision && !nohisaddr) { 4315 /* no collision, hisaddr known - Conf-Ack */ 4316 type = CP_RCR_ACK; 4317 memcpy(sp->ipv6cp.my_ifid, &myaddr.s6_addr[8], 4318 sizeof(sp->ipv6cp.my_ifid)); 4319 memcpy(sp->ipv6cp.his_ifid, 4320 &desiredaddr.s6_addr[8], 4321 sizeof(sp->ipv6cp.my_ifid)); 4322 4323 if (debug) { 4324 addlog(" %s [%s]", 4325 IN6_PRINT(ip6buf, &desiredaddr), 4326 sppp_cp_type_name(CONF_ACK)); 4327 } 4328 continue; 4329 } 4330 4331 memset(&suggestaddr, 0, sizeof(suggestaddr)); 4332 if (collision && nohisaddr) { 4333 /* collision, hisaddr unknown - Conf-Rej */ 4334 type = CP_RCR_REJ; 4335 memset(&p[2], 0, 8); 4336 } else { 4337 /* 4338 * - no collision, hisaddr unknown, or 4339 * - collision, hisaddr known 4340 * Conf-Nak, suggest hisaddr 4341 */ 4342 type = CP_RCR_NAK; 4343 sppp_suggest_ip6_addr(sp, &suggestaddr); 4344 memcpy(&p[2], &suggestaddr.s6_addr[8], 8); 4345 } 4346 if (debug) { 4347 int ctype = type == CP_RCR_REJ ? CONF_REJ : CONF_NAK; 4348 addlog(" %s [%s]", IN6_PRINT(ip6buf, &desiredaddr), 4349 sppp_cp_type_name(ctype)); 4350 } 4351 break; 4352 } 4353 if (rlen + l > blen) { 4354 if (debug) 4355 addlog(" [overflow]"); 4356 continue; 4357 } 4358 /* Add the option to nak'ed list. */ 4359 memcpy(r, p, l); 4360 r += l; 4361 rlen += l; 4362 } 4363 4364 if (rlen > 0) { 4365 if (type != CP_RCR_ACK) { 4366 if (debug) { 4367 int ctype ; 4368 ctype = type == CP_RCR_REJ ? 4369 CONF_REJ : CONF_NAK; 4370 addlog(" send %s suggest %s\n", 4371 sppp_cp_type_name(ctype), 4372 IN6_PRINT(ip6buf, &suggestaddr)); 4373 } 4374 } 4375 #ifdef notdef 4376 if (type == CP_RCR_ACK) 4377 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 4378 #endif 4379 } else { 4380 if (type == CP_RCR_ACK) { 4381 rlen = origlen; 4382 memcpy(r, h + 1, rlen); 4383 } 4384 } 4385 end: 4386 if (debug) 4387 addlog("\n"); 4388 4389 if (type == CP_RCR_ERR || type == CP_RCR_DROP) { 4390 if (buf != NULL) 4391 kmem_intr_free(buf, blen); 4392 } else { 4393 *msgbuf = buf; 4394 *buflen = blen; 4395 *msglen = rlen; 4396 } 4397 4398 return type; 4399 } 4400 4401 /* 4402 * Analyze the IPv6CP Configure-Reject option list, and adjust our 4403 * negotiation. 4404 */ 4405 static void 4406 sppp_ipv6cp_confrej(struct sppp *sp, struct lcp_header *h, int len) 4407 { 4408 u_char *p, l; 4409 struct ifnet *ifp = &sp->pp_if; 4410 int debug = ifp->if_flags & IFF_DEBUG; 4411 4412 KASSERT(SPPP_WLOCKED(sp)); 4413 4414 if (len <= sizeof(*h)) 4415 return; 4416 4417 len -= sizeof(*h); 4418 4419 if (debug) 4420 log(LOG_DEBUG, "%s: ipv6cp rej opts:", 4421 ifp->if_xname); 4422 4423 p = (void *)(h + 1); 4424 for (; len > 1; len -= l, p += l) { 4425 l = p[1]; 4426 if (l == 0) 4427 break; 4428 4429 if (l > len) { 4430 /* XXX just RXJ? */ 4431 addlog("%s: received malicious IPCPv6 option, " 4432 "dropping\n", ifp->if_xname); 4433 goto end; 4434 } 4435 if (debug) 4436 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 4437 switch (p[0]) { 4438 case IPV6CP_OPT_IFID: 4439 /* 4440 * Peer doesn't grok address option. This is 4441 * bad. XXX Should we better give up here? 4442 */ 4443 CLR(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_IFID); 4444 break; 4445 #ifdef notyet 4446 case IPV6CP_OPT_COMPRESS: 4447 CLR(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_COMPRESS); 4448 break; 4449 #endif 4450 } 4451 } 4452 if (debug) 4453 addlog("\n"); 4454 end: 4455 return; 4456 } 4457 4458 /* 4459 * Analyze the IPv6CP Configure-NAK option list, and adjust our 4460 * negotiation. 4461 */ 4462 static void 4463 sppp_ipv6cp_confnak(struct sppp *sp, struct lcp_header *h, int len) 4464 { 4465 u_char *p, l; 4466 struct ifnet *ifp = &sp->pp_if; 4467 int debug = ifp->if_flags & IFF_DEBUG; 4468 struct in6_addr suggestaddr; 4469 char ip6buf[INET6_ADDRSTRLEN]; 4470 4471 KASSERT(SPPP_WLOCKED(sp)); 4472 4473 if (len <= sizeof(*h)) 4474 return; 4475 4476 len -= sizeof(*h); 4477 4478 if (debug) 4479 log(LOG_DEBUG, "%s: ipv6cp nak opts:", 4480 ifp->if_xname); 4481 4482 p = (void *)(h + 1); 4483 for (; len > 1; len -= l, p += l) { 4484 l = p[1]; 4485 if (l == 0) 4486 break; 4487 4488 if (l > len) { 4489 /* XXX just RXJ? */ 4490 addlog("%s: received malicious IPCPv6 option, " 4491 "dropping\n", ifp->if_xname); 4492 goto end; 4493 } 4494 if (debug) 4495 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 4496 switch (p[0]) { 4497 case IPV6CP_OPT_IFID: 4498 /* 4499 * Peer doesn't like our local ifid. See 4500 * if we can do something for him. We'll drop 4501 * him our address then. 4502 */ 4503 if (len < 10 || l != 10) 4504 break; 4505 memset(&suggestaddr, 0, sizeof(suggestaddr)); 4506 suggestaddr.s6_addr16[0] = htons(0xfe80); 4507 (void)in6_setscope(&suggestaddr, &sp->pp_if, NULL); 4508 memcpy(&suggestaddr.s6_addr[8], &p[2], 8); 4509 4510 SET(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_IFID); 4511 if (debug) 4512 addlog(" [suggestaddr %s]", 4513 IN6_PRINT(ip6buf, &suggestaddr)); 4514 #ifdef IPV6CP_MYIFID_DYN 4515 /* 4516 * When doing dynamic address assignment, 4517 * we accept his offer. 4518 */ 4519 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 4520 struct in6_addr lastsuggest; 4521 /* 4522 * If <suggested myaddr from peer> equals to 4523 * <hisaddr we have suggested last time>, 4524 * we have a collision. generate new random 4525 * ifid. 4526 */ 4527 sppp_suggest_ip6_addr(&lastsuggest); 4528 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 4529 lastsuggest)) { 4530 if (debug) 4531 addlog(" [random]"); 4532 sppp_gen_ip6_addr(sp, &suggestaddr); 4533 } 4534 sppp_set_ip6_addr(sp, &suggestaddr, 0); 4535 if (debug) 4536 addlog(" [agree]"); 4537 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 4538 } 4539 #else 4540 /* 4541 * Since we do not do dynamic address assignment, 4542 * we ignore it and thus continue to negotiate 4543 * our already existing value. This can possibly 4544 * go into infinite request-reject loop. 4545 * 4546 * This is not likely because we normally use 4547 * ifid based on MAC-address. 4548 * If you have no ethernet card on the node, too bad. 4549 * XXX should we use fail_counter? 4550 */ 4551 #endif 4552 break; 4553 #ifdef notyet 4554 case IPV6CP_OPT_COMPRESS: 4555 /* 4556 * Peer wants different compression parameters. 4557 */ 4558 break; 4559 #endif 4560 } 4561 } 4562 if (debug) 4563 addlog("\n"); 4564 end: 4565 return; 4566 } 4567 4568 static void 4569 sppp_ipv6cp_tlu(struct sppp *sp) 4570 { 4571 4572 KASSERT(SPPP_WLOCKED(sp)); 4573 /* we are up - notify isdn daemon */ 4574 sppp_notify_con_wlocked(sp); 4575 } 4576 4577 static void 4578 sppp_ipv6cp_scr(struct sppp *sp) 4579 { 4580 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 4581 struct in6_addr ouraddr; 4582 int i = 0; 4583 4584 KASSERT(SPPP_WLOCKED(sp)); 4585 4586 if (ISSET(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_IFID)) { 4587 kpreempt_disable(); 4588 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 4589 kpreempt_enable(); 4590 4591 opt[i++] = IPV6CP_OPT_IFID; 4592 opt[i++] = 10; 4593 memcpy(&opt[i], &ouraddr.s6_addr[8], 8); 4594 i += 8; 4595 } 4596 4597 #ifdef notyet 4598 if (ISSET(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_COMPRESSION)) { 4599 opt[i++] = IPV6CP_OPT_COMPRESSION; 4600 opt[i++] = 4; 4601 opt[i++] = 0; /* TBD */ 4602 opt[i++] = 0; /* TBD */ 4603 /* variable length data may follow */ 4604 } 4605 #endif 4606 4607 sp->scp[IDX_IPV6CP].confid = ++sp->scp[IDX_IPV6CP].seq; 4608 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->scp[IDX_IPV6CP].confid, i, &opt); 4609 } 4610 #else /*INET6*/ 4611 static void 4612 sppp_ipv6cp_init(struct sppp *sp) 4613 { 4614 4615 KASSERT(SPPP_WLOCKED(sp)); 4616 } 4617 4618 static void 4619 sppp_ipv6cp_open(struct sppp *sp, void *xcp) 4620 { 4621 4622 KASSERT(SPPP_WLOCKED(sp)); 4623 } 4624 4625 static enum cp_rcr_type 4626 sppp_ipv6cp_confreq(struct sppp *sp, struct lcp_header *h, 4627 int len, uint8_t **msgbuf, size_t *buflen, size_t *msglen) 4628 { 4629 4630 KASSERT(SPPP_WLOCKED(sp)); 4631 return 0; 4632 } 4633 4634 static void 4635 sppp_ipv6cp_confrej(struct sppp *sp, struct lcp_header *h, 4636 int len) 4637 { 4638 4639 KASSERT(SPPP_WLOCKED(sp)); 4640 } 4641 4642 static void 4643 sppp_ipv6cp_confnak(struct sppp *sp, struct lcp_header *h, 4644 int len) 4645 { 4646 4647 KASSERT(SPPP_WLOCKED(sp)); 4648 } 4649 4650 static void 4651 sppp_ipv6cp_tlu(struct sppp *sp) 4652 { 4653 4654 KASSERT(SPPP_WLOCKED(sp)); 4655 } 4656 4657 static void 4658 sppp_ipv6cp_scr(struct sppp *sp) 4659 { 4660 4661 KASSERT(SPPP_WLOCKED(sp)); 4662 } 4663 #endif /*INET6*/ 4664 4665 /* 4666 *--------------------------------------------------------------------------* 4667 * * 4668 * The CHAP implementation. * 4669 * * 4670 *--------------------------------------------------------------------------* 4671 */ 4672 /* 4673 * The authentication protocols is implemented on the state machine for 4674 * control protocols. And it uses following actions and events. 4675 * 4676 * Actions: 4677 * - scr: send CHAP_CHALLENGE and CHAP_RESPONSE 4678 * - sca: send CHAP_SUCCESS 4679 * - scn: send CHAP_FAILURE and shutdown lcp 4680 * Events: 4681 * - RCR+: receive CHAP_RESPONSE containing correct digest 4682 * - RCR-: receive CHAP_RESPONSE containing wrong digest 4683 * - RCA: receive CHAP_SUCCESS 4684 * - RCN: (this event is unused) 4685 * - TO+: re-send CHAP_CHALLENGE and CHAP_RESPONSE 4686 * - TO-: this layer finish 4687 */ 4688 4689 /* 4690 * Handle incoming CHAP packets. 4691 */ 4692 void 4693 sppp_chap_input(struct sppp *sp, struct mbuf *m) 4694 { 4695 STDDCL; 4696 struct lcp_header *h; 4697 int len, x; 4698 u_char *value, *name, digest[sizeof(sp->chap.challenge)]; 4699 int value_len, name_len; 4700 MD5_CTX ctx; 4701 4702 len = m->m_pkthdr.len; 4703 if (len < 4) { 4704 if (debug) 4705 log(LOG_DEBUG, 4706 "%s: chap invalid packet length: %d bytes\n", 4707 ifp->if_xname, len); 4708 return; 4709 } 4710 h = mtod(m, struct lcp_header *); 4711 if (len > ntohs(h->len)) 4712 len = ntohs(h->len); 4713 4714 SPPP_LOCK(sp, RW_WRITER); 4715 4716 switch (h->type) { 4717 /* challenge, failure and success are his authproto */ 4718 case CHAP_CHALLENGE: 4719 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 4720 /* can't do anything useful */ 4721 sp->pp_auth_failures++; 4722 printf("%s: chap input without my name and my secret being set\n", 4723 ifp->if_xname); 4724 break; 4725 } 4726 value = 1 + (u_char *)(h + 1); 4727 value_len = value[-1]; 4728 name = value + value_len; 4729 name_len = len - value_len - 5; 4730 if (name_len < 0) { 4731 if (debug) { 4732 log(LOG_DEBUG, 4733 "%s: chap corrupted challenge " 4734 "<%s id=0x%x len=%d", 4735 ifp->if_xname, 4736 sppp_auth_type_name(PPP_CHAP, h->type), 4737 h->ident, ntohs(h->len)); 4738 if (len > 4) 4739 sppp_print_bytes((u_char *)(h + 1), 4740 len - 4); 4741 addlog(">\n"); 4742 } 4743 break; 4744 } 4745 4746 if (debug) { 4747 log(LOG_DEBUG, 4748 "%s: chap input <%s id=0x%x len=%d name=", 4749 ifp->if_xname, 4750 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 4751 ntohs(h->len)); 4752 sppp_print_string((char *) name, name_len); 4753 addlog(" value-size=%d value=", value_len); 4754 sppp_print_bytes(value, value_len); 4755 addlog(">\n"); 4756 } 4757 4758 /* Compute reply value. */ 4759 MD5Init(&ctx); 4760 MD5Update(&ctx, &h->ident, 1); 4761 MD5Update(&ctx, sp->myauth.secret, sp->myauth.secret_len); 4762 MD5Update(&ctx, value, value_len); 4763 MD5Final(sp->chap.digest, &ctx); 4764 sp->chap.digest_len = sizeof(sp->chap.digest); 4765 sp->scp[IDX_CHAP].rconfid = h->ident; 4766 4767 sppp_wq_add(sp->wq_cp, &sp->chap.work_challenge_rcvd); 4768 break; 4769 4770 case CHAP_SUCCESS: 4771 if (debug) { 4772 log(LOG_DEBUG, "%s: chap success", 4773 ifp->if_xname); 4774 if (len > 4) { 4775 addlog(": "); 4776 sppp_print_string((char *)(h + 1), len - 4); 4777 } 4778 addlog("\n"); 4779 } 4780 4781 if (h->ident != sp->scp[IDX_CHAP].rconfid) { 4782 if (debug) { 4783 log(LOG_DEBUG, "%s: %s id mismatch 0x%x != 0x%x\n", 4784 ifp->if_xname, chap.name, 4785 h->ident, sp->scp[IDX_CHAP].rconfid); 4786 } 4787 if_statinc(ifp, if_ierrors); 4788 break; 4789 } 4790 4791 if (sp->chap.digest_len == 0) { 4792 if (debug) { 4793 log(LOG_DEBUG, 4794 "%s: receive CHAP success without challenge\n", 4795 ifp->if_xname); 4796 } 4797 if_statinc(ifp, if_ierrors); 4798 break; 4799 } 4800 4801 x = splnet(); 4802 sp->pp_auth_failures = 0; 4803 sp->pp_flags &= ~PP_NEEDAUTH; 4804 splx(x); 4805 memset(sp->chap.digest, 0, sizeof(sp->chap.digest)); 4806 sp->chap.digest_len = 0; 4807 4808 if (!ISSET(sppp_auth_role(&chap, sp), SPPP_AUTH_SERV)) { 4809 /* 4810 * we are not authenticator for CHAP, 4811 * generate a dummy RCR+ event without CHAP_RESPONSE 4812 */ 4813 sp->scp[IDX_CHAP].rcr_type = CP_RCR_ACK; 4814 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rcr); 4815 } 4816 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rca); 4817 break; 4818 4819 case CHAP_FAILURE: 4820 if (h->ident != sp->scp[IDX_CHAP].rconfid) { 4821 if (debug) { 4822 log(LOG_DEBUG, "%s: %s id mismatch 0x%x != 0x%x\n", 4823 ifp->if_xname, chap.name, 4824 h->ident, sp->scp[IDX_CHAP].rconfid); 4825 } 4826 if_statinc(ifp, if_ierrors); 4827 break; 4828 } 4829 4830 if (sp->chap.digest_len == 0) { 4831 if (debug) { 4832 log(LOG_DEBUG, 4833 "%s: receive CHAP failure without challenge\n", 4834 ifp->if_xname); 4835 } 4836 if_statinc(ifp, if_ierrors); 4837 break; 4838 } 4839 4840 x = splnet(); 4841 sp->pp_auth_failures++; 4842 splx(x); 4843 if (debug) { 4844 log(LOG_INFO, "%s: chap failure", 4845 ifp->if_xname); 4846 if (len > 4) { 4847 addlog(": "); 4848 sppp_print_string((char *)(h + 1), len - 4); 4849 } 4850 addlog("\n"); 4851 } else 4852 log(LOG_INFO, "%s: chap failure\n", 4853 ifp->if_xname); 4854 4855 memset(sp->chap.digest, 0, sizeof(sp->chap.digest)); 4856 sp->chap.digest_len = 0; 4857 /* 4858 * await LCP shutdown by authenticator, 4859 * so we don't have to enqueue sc->scp[IDX_CHAP].work_rcn 4860 */ 4861 break; 4862 4863 /* response is my authproto */ 4864 case CHAP_RESPONSE: 4865 if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) { 4866 /* can't do anything useful */ 4867 printf("%s: chap response" 4868 " without his name and his secret being set\n", 4869 ifp->if_xname); 4870 break; 4871 } 4872 value = 1 + (u_char *)(h + 1); 4873 value_len = value[-1]; 4874 name = value + value_len; 4875 name_len = len - value_len - 5; 4876 if (name_len < 0) { 4877 if (debug) { 4878 log(LOG_DEBUG, 4879 "%s: chap corrupted response " 4880 "<%s id=0x%x len=%d", 4881 ifp->if_xname, 4882 sppp_auth_type_name(PPP_CHAP, h->type), 4883 h->ident, ntohs(h->len)); 4884 if (len > 4) 4885 sppp_print_bytes((u_char *)(h + 1), 4886 len - 4); 4887 addlog(">\n"); 4888 } 4889 break; 4890 } 4891 if (h->ident != sp->scp[IDX_CHAP].confid) { 4892 if (debug) 4893 log(LOG_DEBUG, 4894 "%s: chap dropping response for old ID " 4895 "(got %d, expected %d)\n", 4896 ifp->if_xname, 4897 h->ident, sp->scp[IDX_CHAP].confid); 4898 break; 4899 } else { 4900 sp->scp[IDX_CHAP].rconfid = h->ident; 4901 } 4902 4903 if (sp->hisauth.name != NULL && 4904 (name_len != sp->hisauth.name_len 4905 || memcmp(name, sp->hisauth.name, name_len) != 0)) { 4906 log(LOG_INFO, "%s: chap response, his name ", 4907 ifp->if_xname); 4908 sppp_print_string(name, name_len); 4909 addlog(" != expected "); 4910 sppp_print_string(sp->hisauth.name, 4911 sp->hisauth.name_len); 4912 addlog("\n"); 4913 4914 /* generate RCR- event */ 4915 sp->scp[IDX_CHAP].rcr_type = CP_RCR_NAK; 4916 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rcr); 4917 break; 4918 } 4919 4920 if (debug) { 4921 log(LOG_DEBUG, "%s: chap input(%s) " 4922 "<%s id=0x%x len=%d name=", 4923 ifp->if_xname, 4924 sppp_state_name(sp->scp[IDX_CHAP].state), 4925 sppp_auth_type_name(PPP_CHAP, h->type), 4926 h->ident, ntohs(h->len)); 4927 sppp_print_string((char *)name, name_len); 4928 addlog(" value-size=%d value=", value_len); 4929 sppp_print_bytes(value, value_len); 4930 addlog(">\n"); 4931 } 4932 4933 if (value_len == sizeof(sp->chap.challenge) && 4934 value_len == sizeof(sp->chap.digest)) { 4935 MD5Init(&ctx); 4936 MD5Update(&ctx, &h->ident, 1); 4937 MD5Update(&ctx, sp->hisauth.secret, sp->hisauth.secret_len); 4938 MD5Update(&ctx, sp->chap.challenge, sizeof(sp->chap.challenge)); 4939 MD5Final(digest, &ctx); 4940 4941 if (memcmp(digest, value, value_len) == 0) { 4942 sp->scp[IDX_CHAP].rcr_type = CP_RCR_ACK; 4943 } else { 4944 sp->scp[IDX_CHAP].rcr_type = CP_RCR_NAK; 4945 } 4946 } else { 4947 if (debug) 4948 log(LOG_DEBUG, 4949 "%s: chap bad hash value length: " 4950 "%d bytes, should be %zu\n", 4951 ifp->if_xname, value_len, 4952 sizeof(sp->chap.challenge)); 4953 4954 sp->scp[IDX_CHAP].rcr_type = CP_RCR_NAK; 4955 } 4956 4957 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rcr); 4958 4959 /* generate a dummy RCA event */ 4960 if (sp->scp[IDX_CHAP].rcr_type == CP_RCR_ACK && 4961 (!ISSET(sppp_auth_role(&chap, sp), SPPP_AUTH_PEER) || 4962 sp->chap.rechallenging)) { 4963 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rca); 4964 } 4965 break; 4966 4967 default: 4968 /* Unknown CHAP packet type -- ignore. */ 4969 if (debug) { 4970 log(LOG_DEBUG, "%s: chap unknown input(%s) " 4971 "<0x%x id=0x%xh len=%d", 4972 ifp->if_xname, 4973 sppp_state_name(sp->scp[IDX_CHAP].state), 4974 h->type, h->ident, ntohs(h->len)); 4975 if (len > 4) 4976 sppp_print_bytes((u_char *)(h + 1), len - 4); 4977 addlog(">\n"); 4978 } 4979 break; 4980 4981 } 4982 4983 SPPP_UNLOCK(sp); 4984 } 4985 4986 static void 4987 sppp_chap_init(struct sppp *sp) 4988 { 4989 4990 KASSERT(SPPP_WLOCKED(sp)); 4991 4992 sppp_cp_init(&chap, sp); 4993 4994 SPPP_WQ_SET(&sp->chap.work_challenge_rcvd, 4995 sppp_chap_rcv_challenge_event, &chap); 4996 } 4997 4998 static void 4999 sppp_chap_open(struct sppp *sp, void *xcp) 5000 { 5001 5002 KASSERT(SPPP_WLOCKED(sp)); 5003 5004 memset(sp->chap.digest, 0, sizeof(sp->chap.digest)); 5005 sp->chap.digest_len = 0; 5006 sp->chap.rechallenging = false; 5007 sp->chap.response_rcvd = false; 5008 sppp_open_event(sp, xcp); 5009 } 5010 5011 static void 5012 sppp_chap_tlu(struct sppp *sp) 5013 { 5014 STDDCL; 5015 int i, x; 5016 5017 KASSERT(SPPP_WLOCKED(sp)); 5018 5019 i = 0; 5020 sp->scp[IDX_CHAP].rst_counter = sp->lcp.max_configure; 5021 x = splnet(); 5022 sp->pp_auth_failures = 0; 5023 splx(x); 5024 5025 log(LOG_DEBUG, "%s: chap %s", ifp->if_xname, 5026 sp->pp_phase == SPPP_PHASE_NETWORK ? "reconfirmed" : "tlu"); 5027 5028 /* 5029 * Some broken CHAP implementations (Conware CoNet, firmware 5030 * 4.0.?) don't want to re-authenticate their CHAP once the 5031 * initial challenge-response exchange has taken place. 5032 * Provide for an option to avoid rechallenges. 5033 */ 5034 if (ISSET(sppp_auth_role(&chap, sp), SPPP_AUTH_SERV) && 5035 (sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) { 5036 /* 5037 * Compute the re-challenge timeout. This will yield 5038 * a number between 300 and 810 seconds. 5039 */ 5040 i = 300 + ((unsigned)(cprng_fast32() & 0xff00) >> 7); 5041 callout_schedule(&sp->scp[IDX_CHAP].ch, i * hz); 5042 5043 if (debug) { 5044 addlog(", next rechallenge in %d seconds", i); 5045 } 5046 } 5047 5048 addlog("\n"); 5049 5050 /* 5051 * If we are already in phase network, we are done here. This 5052 * is the case if this is a dummy tlu event after a re-challenge. 5053 */ 5054 if (sp->pp_phase != SPPP_PHASE_NETWORK) 5055 sppp_phase_network(sp); 5056 } 5057 5058 static void 5059 sppp_chap_scr(struct sppp *sp) 5060 { 5061 uint32_t *ch; 5062 u_char clen, dsize; 5063 int role; 5064 5065 KASSERT(SPPP_WLOCKED(sp)); 5066 5067 role = sppp_auth_role(&chap, sp); 5068 5069 if (ISSET(role, SPPP_AUTH_SERV) && 5070 !sp->chap.response_rcvd) { 5071 /* we are authenticator for CHAP, send challenge */ 5072 ch = (uint32_t *)sp->chap.challenge; 5073 clen = sizeof(sp->chap.challenge); 5074 /* Compute random challenge. */ 5075 cprng_strong(kern_cprng, ch, clen, 0); 5076 5077 sp->scp[IDX_CHAP].confid = ++sp->scp[IDX_CHAP].seq; 5078 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->scp[IDX_CHAP].confid, 5079 sizeof(clen), (const char *)&clen, 5080 sizeof(sp->chap.challenge), sp->chap.challenge, 5081 0); 5082 } 5083 5084 if (ISSET(role, SPPP_AUTH_PEER) && 5085 sp->chap.digest_len > 0) { 5086 /* we are peer for CHAP, send response */ 5087 dsize = sp->chap.digest_len; 5088 5089 sppp_auth_send(&chap, sp, CHAP_RESPONSE, sp->scp[IDX_CHAP].rconfid, 5090 sizeof(dsize), (const char *)&dsize, 5091 sp->chap.digest_len, sp->chap.digest, 5092 sp->myauth.name_len, sp->myauth.name, 0); 5093 } 5094 } 5095 5096 static void 5097 sppp_chap_rcv_challenge_event(struct sppp *sp, void *xcp) 5098 { 5099 const struct cp *cp = xcp; 5100 5101 KASSERT(!cpu_softintr_p()); 5102 5103 sp->chap.rechallenging = false; 5104 5105 switch (sp->scp[IDX_CHAP].state) { 5106 case STATE_REQ_SENT: 5107 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 5108 cp->scr(sp); 5109 break; 5110 case STATE_OPENED: 5111 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 5112 cp->scr(sp); 5113 break; 5114 } 5115 } 5116 5117 /* 5118 *--------------------------------------------------------------------------* 5119 * * 5120 * The PAP implementation. * 5121 * * 5122 *--------------------------------------------------------------------------* 5123 */ 5124 /* 5125 * PAP uses following actions and events. 5126 * Actions: 5127 * - scr: send PAP_REQ 5128 * - sca: send PAP_ACK 5129 * - scn: send PAP_NAK 5130 * Events: 5131 * - RCR+: receive PAP_REQ containing correct username and password 5132 * - RCR-: receive PAP_REQ containing wrong username and password 5133 * - RCA: receive PAP_ACK 5134 * - RCN: (this event is unused) 5135 * - TO+: re-send PAP_REQ 5136 * - TO-: this layer finish 5137 */ 5138 5139 /* 5140 * Handle incoming PAP packets. */ 5141 static void 5142 sppp_pap_input(struct sppp *sp, struct mbuf *m) 5143 { 5144 STDDCL; 5145 struct lcp_header *h; 5146 int len, x; 5147 char *name, *secret; 5148 int name_len, secret_len; 5149 5150 /* 5151 * Malicious input might leave this uninitialized, so 5152 * init to an impossible value. 5153 */ 5154 secret_len = -1; 5155 5156 len = m->m_pkthdr.len; 5157 if (len < 5) { 5158 if (debug) 5159 log(LOG_DEBUG, 5160 "%s: pap invalid packet length: %d bytes\n", 5161 ifp->if_xname, len); 5162 return; 5163 } 5164 h = mtod(m, struct lcp_header *); 5165 if (len > ntohs(h->len)) 5166 len = ntohs(h->len); 5167 5168 SPPP_LOCK(sp, RW_WRITER); 5169 5170 switch (h->type) { 5171 /* PAP request is my authproto */ 5172 case PAP_REQ: 5173 if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) { 5174 /* can't do anything useful */ 5175 printf("%s: pap request" 5176 " without his name and his secret being set\n", 5177 ifp->if_xname); 5178 break; 5179 } 5180 name = 1 + (u_char *)(h + 1); 5181 name_len = name[-1]; 5182 secret = name + name_len + 1; 5183 if (name_len > len - 6 || 5184 (secret_len = secret[-1]) > len - 6 - name_len) { 5185 if (debug) { 5186 log(LOG_DEBUG, "%s: pap corrupted input " 5187 "<%s id=0x%x len=%d", 5188 ifp->if_xname, 5189 sppp_auth_type_name(PPP_PAP, h->type), 5190 h->ident, ntohs(h->len)); 5191 if (len > 4) 5192 sppp_print_bytes((u_char *)(h + 1), 5193 len - 4); 5194 addlog(">\n"); 5195 } 5196 break; 5197 } 5198 if (debug) { 5199 log(LOG_DEBUG, "%s: pap input(%s) " 5200 "<%s id=0x%x len=%d name=", 5201 ifp->if_xname, 5202 sppp_state_name(sp->scp[IDX_PAP].state), 5203 sppp_auth_type_name(PPP_PAP, h->type), 5204 h->ident, ntohs(h->len)); 5205 sppp_print_string((char *)name, name_len); 5206 addlog(" secret="); 5207 sppp_print_string((char *)secret, secret_len); 5208 addlog(">\n"); 5209 } 5210 5211 sp->scp[IDX_PAP].rconfid = h->ident; 5212 5213 if (name_len == sp->hisauth.name_len && 5214 memcmp(name, sp->hisauth.name, name_len) == 0 && 5215 secret_len == sp->hisauth.secret_len && 5216 memcmp(secret, sp->hisauth.secret, secret_len) == 0) { 5217 sp->scp[IDX_PAP].rcr_type = CP_RCR_ACK; 5218 } else { 5219 sp->scp[IDX_PAP].rcr_type = CP_RCR_NAK; 5220 } 5221 5222 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rcr); 5223 5224 /* generate a dummy RCA event */ 5225 if (sp->scp[IDX_PAP].rcr_type == CP_RCR_ACK && 5226 !ISSET(sppp_auth_role(&pap, sp), SPPP_AUTH_PEER)) { 5227 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rca); 5228 } 5229 break; 5230 5231 /* ack and nak are his authproto */ 5232 case PAP_ACK: 5233 if (debug) { 5234 log(LOG_DEBUG, "%s: pap success", 5235 ifp->if_xname); 5236 name = 1 + (u_char *)(h + 1); 5237 name_len = name[-1]; 5238 if (len > 5 && name_len < len+4) { 5239 addlog(": "); 5240 sppp_print_string(name, name_len); 5241 } 5242 addlog("\n"); 5243 } 5244 5245 if (h->ident != sp->scp[IDX_PAP].confid) { 5246 if (debug) { 5247 log(LOG_DEBUG, "%s: %s id mismatch 0x%x != 0x%x\n", 5248 ifp->if_xname, pap.name, 5249 h->ident, sp->scp[IDX_PAP].rconfid); 5250 } 5251 if_statinc(ifp, if_ierrors); 5252 break; 5253 } 5254 5255 x = splnet(); 5256 sp->pp_auth_failures = 0; 5257 sp->pp_flags &= ~PP_NEEDAUTH; 5258 splx(x); 5259 5260 /* we are not authenticator, generate a dummy RCR+ event */ 5261 if (!ISSET(sppp_auth_role(&pap, sp), SPPP_AUTH_SERV)) { 5262 sp->scp[IDX_PAP].rcr_type = CP_RCR_ACK; 5263 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rcr); 5264 } 5265 5266 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rca); 5267 break; 5268 5269 case PAP_NAK: 5270 if (debug) { 5271 log(LOG_INFO, "%s: pap failure", 5272 ifp->if_xname); 5273 name = 1 + (u_char *)(h + 1); 5274 name_len = name[-1]; 5275 if (len > 5 && name_len < len+4) { 5276 addlog(": "); 5277 sppp_print_string(name, name_len); 5278 } 5279 addlog("\n"); 5280 } else 5281 log(LOG_INFO, "%s: pap failure\n", 5282 ifp->if_xname); 5283 5284 if (h->ident != sp->scp[IDX_PAP].confid) { 5285 if (debug) { 5286 log(LOG_DEBUG, "%s: %s id mismatch 0x%x != 0x%x\n", 5287 ifp->if_xname, pap.name, 5288 h->ident, sp->scp[IDX_PAP].rconfid); 5289 } 5290 if_statinc(ifp, if_ierrors); 5291 break; 5292 } 5293 5294 sp->pp_auth_failures++; 5295 /* 5296 * await LCP shutdown by authenticator, 5297 * so we don't have to enqueue sc->scp[IDX_PAP].work_rcn 5298 */ 5299 break; 5300 5301 default: 5302 /* Unknown PAP packet type -- ignore. */ 5303 if (debug) { 5304 log(LOG_DEBUG, "%s: pap corrupted input " 5305 "<0x%x id=0x%x len=%d", 5306 ifp->if_xname, 5307 h->type, h->ident, ntohs(h->len)); 5308 if (len > 4) 5309 sppp_print_bytes((u_char *)(h + 1), len - 4); 5310 addlog(">\n"); 5311 } 5312 break; 5313 } 5314 5315 SPPP_UNLOCK(sp); 5316 } 5317 5318 static void 5319 sppp_pap_init(struct sppp *sp) 5320 { 5321 5322 KASSERT(SPPP_WLOCKED(sp)); 5323 sppp_cp_init(&pap, sp); 5324 } 5325 5326 static void 5327 sppp_pap_tlu(struct sppp *sp) 5328 { 5329 STDDCL; 5330 int x; 5331 5332 sp->scp[IDX_PAP].rst_counter = sp->lcp.max_configure; 5333 5334 if (debug) 5335 log(LOG_DEBUG, "%s: %s tlu\n", 5336 ifp->if_xname, pap.name); 5337 5338 x = splnet(); 5339 sp->pp_auth_failures = 0; 5340 splx(x); 5341 5342 if (sp->pp_phase < SPPP_PHASE_NETWORK) 5343 sppp_phase_network(sp); 5344 } 5345 5346 static void 5347 sppp_pap_scr(struct sppp *sp) 5348 { 5349 u_char idlen, pwdlen; 5350 5351 KASSERT(SPPP_WLOCKED(sp)); 5352 5353 if (ISSET(sppp_auth_role(&pap, sp), SPPP_AUTH_PEER) && 5354 sp->scp[IDX_PAP].state != STATE_ACK_RCVD) { 5355 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 5356 log(LOG_DEBUG, "%s: couldn't send PAP_REQ " 5357 "because of no name or no secret\n", 5358 sp->pp_if.if_xname); 5359 } else { 5360 sp->scp[IDX_PAP].confid = ++sp->scp[IDX_PAP].seq; 5361 pwdlen = sp->myauth.secret_len; 5362 idlen = sp->myauth.name_len; 5363 5364 sppp_auth_send(&pap, sp, PAP_REQ, sp->scp[IDX_PAP].confid, 5365 sizeof idlen, (const char *)&idlen, 5366 idlen, sp->myauth.name, 5367 sizeof pwdlen, (const char *)&pwdlen, 5368 pwdlen, sp->myauth.secret, 5369 0); 5370 } 5371 } 5372 } 5373 5374 /* 5375 * Random miscellaneous functions. 5376 */ 5377 5378 /* 5379 * Send a PAP or CHAP proto packet. 5380 * 5381 * Varadic function, each of the elements for the ellipsis is of type 5382 * ``size_t mlen, const u_char *msg''. Processing will stop iff 5383 * mlen == 0. 5384 * NOTE: never declare variadic functions with types subject to type 5385 * promotion (i.e. u_char). This is asking for big trouble depending 5386 * on the architecture you are on... 5387 */ 5388 5389 static void 5390 sppp_auth_send(const struct cp *cp, struct sppp *sp, 5391 unsigned int type, unsigned int id, 5392 ...) 5393 { 5394 STDDCL; 5395 struct lcp_header *lh; 5396 struct mbuf *m; 5397 u_char *p; 5398 int len; 5399 size_t pkthdrlen; 5400 unsigned int mlen; 5401 const char *msg; 5402 va_list ap; 5403 5404 KASSERT(SPPP_WLOCKED(sp)); 5405 5406 MGETHDR(m, M_DONTWAIT, MT_DATA); 5407 if (! m) 5408 return; 5409 m_reset_rcvif(m); 5410 5411 if (sp->pp_flags & PP_NOFRAMING) { 5412 *mtod(m, uint16_t *) = htons(cp->proto); 5413 pkthdrlen = 2; 5414 lh = (struct lcp_header *)(mtod(m, uint8_t *)+2); 5415 } else { 5416 struct ppp_header *h; 5417 h = mtod(m, struct ppp_header *); 5418 h->address = PPP_ALLSTATIONS; /* broadcast address */ 5419 h->control = PPP_UI; /* Unnumbered Info */ 5420 h->protocol = htons(cp->proto); 5421 pkthdrlen = PPP_HEADER_LEN; 5422 5423 lh = (struct lcp_header *)(h + 1); 5424 } 5425 5426 lh->type = type; 5427 lh->ident = id; 5428 p = (u_char *)(lh + 1); 5429 5430 va_start(ap, id); 5431 len = 0; 5432 5433 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 5434 msg = va_arg(ap, const char *); 5435 len += mlen; 5436 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) { 5437 va_end(ap); 5438 m_freem(m); 5439 return; 5440 } 5441 5442 memcpy(p, msg, mlen); 5443 p += mlen; 5444 } 5445 va_end(ap); 5446 5447 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 5448 lh->len = htons(LCP_HEADER_LEN + len); 5449 5450 if (debug) { 5451 log(LOG_DEBUG, "%s: %s output <%s id=0x%x len=%d", 5452 ifp->if_xname, cp->name, 5453 sppp_auth_type_name(cp->proto, lh->type), 5454 lh->ident, ntohs(lh->len)); 5455 if (len) 5456 sppp_print_bytes((u_char *)(lh + 1), len); 5457 addlog(">\n"); 5458 } 5459 if (IF_QFULL(&sp->pp_cpq)) { 5460 IF_DROP(&sp->pp_fastq); 5461 IF_DROP(&ifp->if_snd); 5462 m_freem(m); 5463 if_statinc(ifp, if_oerrors); 5464 return; 5465 } 5466 5467 if_statadd(ifp, if_obytes, m->m_pkthdr.len + sp->pp_framebytes); 5468 IF_ENQUEUE(&sp->pp_cpq, m); 5469 5470 if (! (ifp->if_flags & IFF_OACTIVE)) { 5471 SPPP_UNLOCK(sp); 5472 if_start_lock(ifp); 5473 SPPP_LOCK(sp, RW_WRITER); 5474 } 5475 } 5476 5477 static int 5478 sppp_auth_role(const struct cp *cp, struct sppp *sp) 5479 { 5480 int role; 5481 5482 role = SPPP_AUTH_NOROLE; 5483 5484 if (sp->hisauth.proto == cp->proto && 5485 ISSET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO)) 5486 SET(role, SPPP_AUTH_SERV); 5487 5488 if (sp->myauth.proto == cp->proto) 5489 SET(role, SPPP_AUTH_PEER); 5490 5491 return role; 5492 } 5493 5494 static void 5495 sppp_auth_to_event(struct sppp *sp, void *xcp) 5496 { 5497 const struct cp *cp = xcp; 5498 bool override; 5499 int state; 5500 STDDCL; 5501 5502 KASSERT(SPPP_WLOCKED(sp)); 5503 KASSERT(!cpu_softintr_p()); 5504 5505 override = false; 5506 state = sp->scp[cp->protoidx].state; 5507 5508 if (sp->scp[cp->protoidx].rst_counter > 0) { 5509 /* override TO+ event */ 5510 switch (state) { 5511 case STATE_OPENED: 5512 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) { 5513 override = true; 5514 sp->chap.rechallenging = true; 5515 sp->chap.response_rcvd = false; 5516 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 5517 cp->scr(sp); 5518 } 5519 break; 5520 5521 case STATE_ACK_RCVD: 5522 override = true; 5523 cp->scr(sp); 5524 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 5525 break; 5526 } 5527 } 5528 5529 if (override) { 5530 if (debug) 5531 log(LOG_DEBUG, "%s: %s TO(%s) rst_counter = %d\n", 5532 ifp->if_xname, cp->name, 5533 sppp_state_name(state), 5534 sp->scp[cp->protoidx].rst_counter); 5535 sp->scp[cp->protoidx].rst_counter--; 5536 } else { 5537 sppp_to_event(sp, xcp); 5538 } 5539 } 5540 5541 static void 5542 sppp_auth_screply(const struct cp *cp, struct sppp *sp, u_char ctype, 5543 uint8_t ident, size_t _mlen __unused, void *_msg __unused) 5544 { 5545 static const char *succmsg = "Welcome!"; 5546 static const char *failmsg = "Failed..."; 5547 const char *msg; 5548 u_char type, mlen; 5549 5550 KASSERT(SPPP_WLOCKED(sp)); 5551 5552 if (!ISSET(sppp_auth_role(cp, sp), SPPP_AUTH_SERV)) 5553 return; 5554 5555 if (ctype == CONF_ACK) { 5556 type = cp->proto == PPP_CHAP ? CHAP_SUCCESS : PAP_ACK; 5557 msg = succmsg; 5558 mlen = sizeof(succmsg) - 1; 5559 5560 sp->pp_auth_failures = 0; 5561 } else { 5562 type = cp->proto == PPP_CHAP ? CHAP_FAILURE : PAP_NAK; 5563 msg = failmsg; 5564 mlen = sizeof(failmsg) - 1; 5565 5566 /* shutdown LCP if auth failed */ 5567 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 5568 sp->pp_auth_failures++; 5569 } 5570 5571 sppp_auth_send(cp, sp, type, ident, mlen, (const u_char *)msg, 0); 5572 } 5573 5574 /* 5575 * Send keepalive packets, every 10 seconds. 5576 */ 5577 static void 5578 sppp_keepalive(void *dummy) 5579 { 5580 struct sppp *sp; 5581 int s; 5582 time_t now; 5583 5584 SPPPQ_LOCK(); 5585 5586 s = splnet(); 5587 now = time_uptime; 5588 for (sp=spppq; sp; sp=sp->pp_next) { 5589 struct ifnet *ifp = NULL; 5590 5591 SPPP_LOCK(sp, RW_WRITER); 5592 ifp = &sp->pp_if; 5593 5594 /* check idle timeout */ 5595 if ((sp->pp_idle_timeout != 0) && (ifp->if_flags & IFF_RUNNING) 5596 && (sp->pp_phase == SPPP_PHASE_NETWORK)) { 5597 /* idle timeout is enabled for this interface */ 5598 if ((now-sp->pp_last_activity) >= sp->pp_idle_timeout) { 5599 if (ifp->if_flags & IFF_DEBUG) 5600 printf("%s: no activity for %lu seconds\n", 5601 sp->pp_if.if_xname, 5602 (unsigned long)(now-sp->pp_last_activity)); 5603 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 5604 SPPP_UNLOCK(sp); 5605 continue; 5606 } 5607 } 5608 5609 /* Keepalive mode disabled or channel down? */ 5610 if (! (sp->pp_flags & PP_KEEPALIVE) || 5611 ! (ifp->if_flags & IFF_RUNNING)) { 5612 SPPP_UNLOCK(sp); 5613 continue; 5614 } 5615 5616 /* No keepalive in PPP mode if LCP not opened yet. */ 5617 if (! (sp->pp_flags & PP_CISCO) && 5618 sp->pp_phase < SPPP_PHASE_AUTHENTICATE) { 5619 SPPP_UNLOCK(sp); 5620 continue; 5621 } 5622 5623 /* No echo reply, but maybe user data passed through? */ 5624 if ((now - sp->pp_last_receive) < sp->pp_max_noreceive) { 5625 sp->pp_alivecnt = 0; 5626 SPPP_UNLOCK(sp); 5627 continue; 5628 } 5629 5630 if (sp->pp_alivecnt >= sp->pp_maxalive) { 5631 /* No keepalive packets got. Stop the interface. */ 5632 sppp_wq_add(sp->wq_cp, &sp->work_ifdown); 5633 5634 if (! (sp->pp_flags & PP_CISCO)) { 5635 printf("%s: LCP keepalive timed out, going to restart the connection\n", 5636 ifp->if_xname); 5637 sp->pp_alivecnt = 0; 5638 5639 /* we are down, close all open protocols */ 5640 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 5641 5642 /* And now prepare LCP to reestablish the link, if configured to do so. */ 5643 sp->lcp.reestablish = true; 5644 5645 SPPP_UNLOCK(sp); 5646 continue; 5647 } 5648 } 5649 if (sp->pp_alivecnt < sp->pp_maxalive) 5650 ++sp->pp_alivecnt; 5651 if (sp->pp_flags & PP_CISCO) 5652 sppp_cisco_send(sp, CISCO_KEEPALIVE_REQ, 5653 ++sp->scp[IDX_LCP].seq, sp->scp[IDX_LCP].rseq); 5654 else if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 5655 int32_t nmagic = htonl(sp->lcp.magic); 5656 sp->lcp.echoid = ++sp->scp[IDX_LCP].seq; 5657 sppp_cp_send(sp, PPP_LCP, ECHO_REQ, 5658 sp->lcp.echoid, 4, &nmagic); 5659 } 5660 5661 SPPP_UNLOCK(sp); 5662 } 5663 splx(s); 5664 callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 5665 5666 SPPPQ_UNLOCK(); 5667 } 5668 5669 #ifdef INET 5670 /* 5671 * Get both IP addresses. 5672 */ 5673 static void 5674 sppp_get_ip_addrs(struct sppp *sp, uint32_t *src, uint32_t *dst, uint32_t *srcmask) 5675 { 5676 struct ifnet *ifp = &sp->pp_if; 5677 struct ifaddr *ifa; 5678 struct sockaddr_in *si, *sm; 5679 uint32_t ssrc, ddst; 5680 int s; 5681 struct psref psref; 5682 5683 sm = NULL; 5684 ssrc = ddst = 0; 5685 /* 5686 * Pick the first AF_INET address from the list, 5687 * aliases don't make any sense on a p2p link anyway. 5688 */ 5689 si = 0; 5690 s = pserialize_read_enter(); 5691 IFADDR_READER_FOREACH(ifa, ifp) { 5692 if (ifa->ifa_addr->sa_family == AF_INET) { 5693 si = (struct sockaddr_in *)ifa->ifa_addr; 5694 sm = (struct sockaddr_in *)ifa->ifa_netmask; 5695 if (si) { 5696 ifa_acquire(ifa, &psref); 5697 break; 5698 } 5699 } 5700 } 5701 pserialize_read_exit(s); 5702 if (ifa) { 5703 if (si && si->sin_addr.s_addr) { 5704 ssrc = si->sin_addr.s_addr; 5705 if (srcmask) 5706 *srcmask = ntohl(sm->sin_addr.s_addr); 5707 } 5708 5709 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 5710 if (si && si->sin_addr.s_addr) 5711 ddst = si->sin_addr.s_addr; 5712 ifa_release(ifa, &psref); 5713 } 5714 5715 if (dst) *dst = ntohl(ddst); 5716 if (src) *src = ntohl(ssrc); 5717 } 5718 5719 /* 5720 * Set IP addresses. Must be called at splnet. 5721 * If an address is 0, leave it the way it is. 5722 */ 5723 static void 5724 sppp_set_ip_addrs(struct sppp *sp) 5725 { 5726 STDDCL; 5727 struct ifaddr *ifa; 5728 struct sockaddr_in *si, *dest; 5729 uint32_t myaddr = 0, hisaddr = 0; 5730 int s; 5731 5732 KASSERT(SPPP_WLOCKED(sp)); 5733 SPPP_UNLOCK(sp); 5734 IFNET_LOCK(ifp); 5735 SPPP_LOCK(sp, RW_WRITER); 5736 5737 /* 5738 * Pick the first AF_INET address from the list, 5739 * aliases don't make any sense on a p2p link anyway. 5740 */ 5741 si = dest = NULL; 5742 s = pserialize_read_enter(); 5743 IFADDR_READER_FOREACH(ifa, ifp) { 5744 if (ifa->ifa_addr->sa_family == AF_INET) { 5745 si = (struct sockaddr_in *)ifa->ifa_addr; 5746 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 5747 break; 5748 } 5749 } 5750 pserialize_read_exit(s); 5751 5752 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && (sp->ipcp.flags & IPCP_MYADDR_SEEN)) 5753 myaddr = sp->ipcp.req_myaddr; 5754 else if (si != NULL) 5755 myaddr = ntohl(si->sin_addr.s_addr); 5756 5757 if ((sp->ipcp.flags & IPCP_HISADDR_DYN) && (sp->ipcp.flags & IPCP_HISADDR_SEEN)) 5758 hisaddr = sp->ipcp.req_hisaddr; 5759 else if (dest != NULL) 5760 hisaddr = ntohl(dest->sin_addr.s_addr); 5761 5762 if (si != NULL && dest != NULL) { 5763 int error; 5764 struct sockaddr_in new_sin = *si; 5765 struct sockaddr_in new_dst = *dest; 5766 5767 if (myaddr != 0) 5768 new_sin.sin_addr.s_addr = htonl(myaddr); 5769 if (hisaddr != 0) { 5770 new_dst.sin_addr.s_addr = htonl(hisaddr); 5771 if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) 5772 sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr; 5773 } 5774 5775 in_addrhash_remove(ifatoia(ifa)); 5776 5777 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, &new_dst, 0); 5778 5779 in_addrhash_insert(ifatoia(ifa)); 5780 5781 if (debug && error) 5782 { 5783 log(LOG_DEBUG, "%s: %s: in_ifinit failed, error=%d\n", 5784 ifp->if_xname, __func__, error); 5785 } 5786 if (!error) { 5787 pfil_run_addrhooks(if_pfil, SIOCAIFADDR, ifa); 5788 } 5789 } 5790 5791 IFNET_UNLOCK(ifp); 5792 5793 sppp_notify_con(sp); 5794 } 5795 5796 /* 5797 * Clear IP addresses. Must be called at splnet. 5798 */ 5799 static void 5800 sppp_clear_ip_addrs(struct sppp *sp) 5801 { 5802 STDDCL; 5803 struct ifaddr *ifa; 5804 struct sockaddr_in *si, *dest; 5805 int s; 5806 5807 KASSERT(SPPP_WLOCKED(sp)); 5808 SPPP_UNLOCK(sp); 5809 IFNET_LOCK(ifp); 5810 SPPP_LOCK(sp, RW_WRITER); 5811 5812 /* 5813 * Pick the first AF_INET address from the list, 5814 * aliases don't make any sense on a p2p link anyway. 5815 */ 5816 si = dest = NULL; 5817 s = pserialize_read_enter(); 5818 IFADDR_READER_FOREACH(ifa, ifp) { 5819 if (ifa->ifa_addr->sa_family == AF_INET) { 5820 si = (struct sockaddr_in *)ifa->ifa_addr; 5821 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 5822 break; 5823 } 5824 } 5825 pserialize_read_exit(s); 5826 5827 if (si != NULL) { 5828 struct sockaddr_in new_sin = *si; 5829 struct sockaddr_in new_dst = *dest; 5830 int error; 5831 5832 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 5833 new_sin.sin_addr.s_addr = 0; 5834 if (sp->ipcp.flags & IPCP_HISADDR_DYN && 5835 ntohl(sp->ipcp.saved_hisaddr) != 0) 5836 new_dst.sin_addr.s_addr = sp->ipcp.saved_hisaddr; 5837 5838 in_addrhash_remove(ifatoia(ifa)); 5839 5840 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, &new_dst, 0); 5841 5842 in_addrhash_insert(ifatoia(ifa)); 5843 5844 if (debug && error) 5845 { 5846 log(LOG_DEBUG, "%s: %s: in_ifinit failed, error=%d\n", 5847 ifp->if_xname, __func__, error); 5848 } 5849 if (!error) { 5850 pfil_run_addrhooks(if_pfil, SIOCAIFADDR, ifa); 5851 } 5852 } 5853 5854 IFNET_UNLOCK(ifp); 5855 } 5856 #endif 5857 5858 #ifdef INET6 5859 /* 5860 * Get both IPv6 addresses. 5861 */ 5862 static void 5863 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 5864 struct in6_addr *srcmask) 5865 { 5866 struct ifnet *ifp = &sp->pp_if; 5867 struct ifaddr *ifa; 5868 struct sockaddr_in6 *si, *sm; 5869 struct in6_addr ssrc, ddst; 5870 int s; 5871 struct psref psref; 5872 5873 sm = NULL; 5874 memset(&ssrc, 0, sizeof(ssrc)); 5875 memset(&ddst, 0, sizeof(ddst)); 5876 /* 5877 * Pick the first link-local AF_INET6 address from the list, 5878 * aliases don't make any sense on a p2p link anyway. 5879 */ 5880 si = 0; 5881 s = pserialize_read_enter(); 5882 IFADDR_READER_FOREACH(ifa, ifp) { 5883 if (ifa->ifa_addr->sa_family == AF_INET6) { 5884 si = (struct sockaddr_in6 *)ifa->ifa_addr; 5885 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 5886 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) { 5887 ifa_acquire(ifa, &psref); 5888 break; 5889 } 5890 } 5891 } 5892 pserialize_read_exit(s); 5893 5894 if (ifa) { 5895 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 5896 memcpy(&ssrc, &si->sin6_addr, sizeof(ssrc)); 5897 if (srcmask) { 5898 memcpy(srcmask, &sm->sin6_addr, 5899 sizeof(*srcmask)); 5900 } 5901 } 5902 5903 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 5904 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 5905 memcpy(&ddst, &si->sin6_addr, sizeof(ddst)); 5906 ifa_release(ifa, &psref); 5907 } 5908 5909 if (dst) 5910 memcpy(dst, &ddst, sizeof(*dst)); 5911 if (src) 5912 memcpy(src, &ssrc, sizeof(*src)); 5913 } 5914 5915 #ifdef IPV6CP_MYIFID_DYN 5916 /* 5917 * Generate random ifid. 5918 */ 5919 static void 5920 sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 5921 { 5922 /* TBD */ 5923 } 5924 5925 /* 5926 * Set my IPv6 address. Must be called at splnet. 5927 */ 5928 static void 5929 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 5930 { 5931 STDDCL; 5932 struct ifaddr *ifa; 5933 struct sockaddr_in6 *sin6; 5934 int s; 5935 struct psref psref; 5936 5937 KASSERT(SPPP_WLOCKED(sp)); 5938 SPPP_UNLOCK(sp); 5939 IFNET_LOCK(ifp); 5940 SPPP_LOCK(sp, RW_WRITER); 5941 5942 /* 5943 * Pick the first link-local AF_INET6 address from the list, 5944 * aliases don't make any sense on a p2p link anyway. 5945 */ 5946 5947 sin6 = NULL; 5948 s = pserialize_read_enter(); 5949 IFADDR_READER_FOREACH(ifa, ifp) 5950 { 5951 if (ifa->ifa_addr->sa_family == AF_INET6) 5952 { 5953 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 5954 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 5955 ifa_acquire(ifa, &psref); 5956 break; 5957 } 5958 } 5959 } 5960 pserialize_read_exit(s); 5961 5962 if (ifa && sin6) 5963 { 5964 int error; 5965 struct sockaddr_in6 new_sin6 = *sin6; 5966 5967 memcpy(&new_sin6.sin6_addr, src, sizeof(new_sin6.sin6_addr)); 5968 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 5969 if (debug && error) 5970 { 5971 log(LOG_DEBUG, "%s: %s: in6_ifinit failed, error=%d\n", 5972 ifp->if_xname, __func__, error); 5973 } 5974 if (!error) { 5975 pfil_run_addrhooks(if_pfil, SIOCAIFADDR_IN6, ifa); 5976 } 5977 ifa_release(ifa, &psref); 5978 } 5979 5980 IFNET_UNLOCK(ifp); 5981 } 5982 #endif 5983 5984 /* 5985 * Suggest a candidate address to be used by peer. 5986 */ 5987 static void 5988 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 5989 { 5990 struct in6_addr myaddr; 5991 struct timeval tv; 5992 5993 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 5994 5995 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 5996 microtime(&tv); 5997 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 5998 myaddr.s6_addr[14] ^= 0xff; 5999 myaddr.s6_addr[15] ^= 0xff; 6000 } else { 6001 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 6002 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 6003 } 6004 if (suggest) 6005 memcpy(suggest, &myaddr, sizeof(myaddr)); 6006 } 6007 #endif /*INET6*/ 6008 6009 /* 6010 * Process ioctl requests specific to the PPP interface. 6011 * Permissions have already been checked. 6012 */ 6013 static int 6014 sppp_params(struct sppp *sp, u_long cmd, void *data) 6015 { 6016 switch (cmd) { 6017 case SPPPGETAUTHCFG: 6018 { 6019 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 6020 int error; 6021 size_t len; 6022 6023 SPPP_LOCK(sp, RW_READER); 6024 6025 cfg->myauthflags = sp->myauth.flags; 6026 cfg->hisauthflags = sp->hisauth.flags; 6027 strlcpy(cfg->ifname, sp->pp_if.if_xname, sizeof(cfg->ifname)); 6028 cfg->hisauth = sppp_proto2authproto(sp->hisauth.proto); 6029 cfg->myauth = sppp_proto2authproto(sp->myauth.proto); 6030 if (cfg->myname_length == 0) { 6031 if (sp->myauth.name != NULL) 6032 cfg->myname_length = sp->myauth.name_len + 1; 6033 } else { 6034 if (sp->myauth.name == NULL) { 6035 cfg->myname_length = 0; 6036 } else { 6037 len = sp->myauth.name_len + 1; 6038 6039 if (cfg->myname_length < len) { 6040 SPPP_UNLOCK(sp); 6041 return (ENAMETOOLONG); 6042 } 6043 error = copyout(sp->myauth.name, cfg->myname, len); 6044 if (error) { 6045 SPPP_UNLOCK(sp); 6046 return error; 6047 } 6048 } 6049 } 6050 if (cfg->hisname_length == 0) { 6051 if (sp->hisauth.name != NULL) 6052 cfg->hisname_length = sp->hisauth.name_len + 1; 6053 } else { 6054 if (sp->hisauth.name == NULL) { 6055 cfg->hisname_length = 0; 6056 } else { 6057 len = sp->hisauth.name_len + 1; 6058 6059 if (cfg->hisname_length < len) { 6060 SPPP_UNLOCK(sp); 6061 return (ENAMETOOLONG); 6062 } 6063 error = copyout(sp->hisauth.name, cfg->hisname, len); 6064 if (error) { 6065 SPPP_UNLOCK(sp); 6066 return error; 6067 } 6068 } 6069 } 6070 SPPP_UNLOCK(sp); 6071 } 6072 break; 6073 case SPPPSETAUTHCFG: 6074 { 6075 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 6076 int error; 6077 6078 SPPP_LOCK(sp, RW_WRITER); 6079 6080 if (sp->myauth.name) { 6081 free(sp->myauth.name, M_DEVBUF); 6082 sp->myauth.name = NULL; 6083 } 6084 if (sp->myauth.secret) { 6085 free(sp->myauth.secret, M_DEVBUF); 6086 sp->myauth.secret = NULL; 6087 } 6088 if (sp->hisauth.name) { 6089 free(sp->hisauth.name, M_DEVBUF); 6090 sp->hisauth.name = NULL; 6091 } 6092 if (sp->hisauth.secret) { 6093 free(sp->hisauth.secret, M_DEVBUF); 6094 sp->hisauth.secret = NULL; 6095 } 6096 6097 if (cfg->hisname != NULL && cfg->hisname_length > 0) { 6098 if (cfg->hisname_length >= MCLBYTES) { 6099 SPPP_UNLOCK(sp); 6100 return (ENAMETOOLONG); 6101 } 6102 sp->hisauth.name = malloc(cfg->hisname_length, M_DEVBUF, M_WAITOK); 6103 error = copyin(cfg->hisname, sp->hisauth.name, cfg->hisname_length); 6104 if (error) { 6105 free(sp->hisauth.name, M_DEVBUF); 6106 sp->hisauth.name = NULL; 6107 SPPP_UNLOCK(sp); 6108 return error; 6109 } 6110 sp->hisauth.name_len = cfg->hisname_length - 1; 6111 sp->hisauth.name[sp->hisauth.name_len] = 0; 6112 } 6113 if (cfg->hissecret != NULL && cfg->hissecret_length > 0) { 6114 if (cfg->hissecret_length >= MCLBYTES) { 6115 SPPP_UNLOCK(sp); 6116 return (ENAMETOOLONG); 6117 } 6118 sp->hisauth.secret = malloc(cfg->hissecret_length, 6119 M_DEVBUF, M_WAITOK); 6120 error = copyin(cfg->hissecret, sp->hisauth.secret, 6121 cfg->hissecret_length); 6122 if (error) { 6123 free(sp->hisauth.secret, M_DEVBUF); 6124 sp->hisauth.secret = NULL; 6125 SPPP_UNLOCK(sp); 6126 return error; 6127 } 6128 sp->hisauth.secret_len = cfg->hissecret_length - 1; 6129 sp->hisauth.secret[sp->hisauth.secret_len] = 0; 6130 } 6131 if (cfg->myname != NULL && cfg->myname_length > 0) { 6132 if (cfg->myname_length >= MCLBYTES) { 6133 SPPP_UNLOCK(sp); 6134 return (ENAMETOOLONG); 6135 } 6136 sp->myauth.name = malloc(cfg->myname_length, M_DEVBUF, M_WAITOK); 6137 error = copyin(cfg->myname, sp->myauth.name, cfg->myname_length); 6138 if (error) { 6139 free(sp->myauth.name, M_DEVBUF); 6140 sp->myauth.name = NULL; 6141 SPPP_UNLOCK(sp); 6142 return error; 6143 } 6144 sp->myauth.name_len = cfg->myname_length - 1; 6145 sp->myauth.name[sp->myauth.name_len] = 0; 6146 } 6147 if (cfg->mysecret != NULL && cfg->mysecret_length > 0) { 6148 if (cfg->mysecret_length >= MCLBYTES) { 6149 SPPP_UNLOCK(sp); 6150 return (ENAMETOOLONG); 6151 } 6152 sp->myauth.secret = malloc(cfg->mysecret_length, 6153 M_DEVBUF, M_WAITOK); 6154 error = copyin(cfg->mysecret, sp->myauth.secret, 6155 cfg->mysecret_length); 6156 if (error) { 6157 free(sp->myauth.secret, M_DEVBUF); 6158 sp->myauth.secret = NULL; 6159 SPPP_UNLOCK(sp); 6160 return error; 6161 } 6162 sp->myauth.secret_len = cfg->mysecret_length - 1; 6163 sp->myauth.secret[sp->myauth.secret_len] = 0; 6164 } 6165 sp->myauth.flags = cfg->myauthflags; 6166 if (cfg->myauth != SPPP_AUTHPROTO_NOCHG) { 6167 sp->myauth.proto = sppp_authproto2proto(cfg->myauth); 6168 } 6169 sp->hisauth.flags = cfg->hisauthflags; 6170 if (cfg->hisauth != SPPP_AUTHPROTO_NOCHG) { 6171 sp->hisauth.proto = sppp_authproto2proto(cfg->hisauth); 6172 } 6173 sp->pp_auth_failures = 0; 6174 if (sp->hisauth.proto != PPP_NOPROTO) 6175 SET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO); 6176 else 6177 CLR(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO); 6178 6179 SPPP_UNLOCK(sp); 6180 } 6181 break; 6182 case SPPPGETLCPCFG: 6183 { 6184 struct sppplcpcfg *lcpp = (struct sppplcpcfg *)data; 6185 6186 SPPP_LOCK(sp, RW_READER); 6187 lcpp->lcp_timeout = sp->lcp.timeout; 6188 SPPP_UNLOCK(sp); 6189 } 6190 break; 6191 case SPPPSETLCPCFG: 6192 { 6193 struct sppplcpcfg *lcpp = (struct sppplcpcfg *)data; 6194 6195 SPPP_LOCK(sp, RW_WRITER); 6196 sp->lcp.timeout = lcpp->lcp_timeout; 6197 SPPP_UNLOCK(sp); 6198 } 6199 break; 6200 case SPPPGETNCPCFG: 6201 { 6202 struct spppncpcfg *ncpp = (struct spppncpcfg *) data; 6203 6204 SPPP_LOCK(sp, RW_READER); 6205 ncpp->ncp_flags = sp->pp_ncpflags; 6206 SPPP_UNLOCK(sp); 6207 } 6208 break; 6209 case SPPPSETNCPCFG: 6210 { 6211 struct spppncpcfg *ncpp = (struct spppncpcfg *) data; 6212 6213 SPPP_LOCK(sp, RW_WRITER); 6214 sp->pp_ncpflags = ncpp->ncp_flags; 6215 SPPP_UNLOCK(sp); 6216 } 6217 break; 6218 case SPPPGETSTATUS: 6219 { 6220 struct spppstatus *status = (struct spppstatus *)data; 6221 6222 SPPP_LOCK(sp, RW_READER); 6223 status->phase = sp->pp_phase; 6224 SPPP_UNLOCK(sp); 6225 } 6226 break; 6227 case SPPPGETSTATUSNCP: 6228 { 6229 struct spppstatusncp *status = (struct spppstatusncp *)data; 6230 6231 SPPP_LOCK(sp, RW_READER); 6232 status->phase = sp->pp_phase; 6233 status->ncpup = sppp_cp_check(sp, CP_NCP); 6234 SPPP_UNLOCK(sp); 6235 } 6236 break; 6237 case SPPPGETIDLETO: 6238 { 6239 struct spppidletimeout *to = (struct spppidletimeout *)data; 6240 6241 SPPP_LOCK(sp, RW_READER); 6242 to->idle_seconds = sp->pp_idle_timeout; 6243 SPPP_UNLOCK(sp); 6244 } 6245 break; 6246 case SPPPSETIDLETO: 6247 { 6248 struct spppidletimeout *to = (struct spppidletimeout *)data; 6249 6250 SPPP_LOCK(sp, RW_WRITER); 6251 sp->pp_idle_timeout = to->idle_seconds; 6252 SPPP_UNLOCK(sp); 6253 } 6254 break; 6255 case SPPPSETAUTHFAILURE: 6256 { 6257 struct spppauthfailuresettings *afsettings = 6258 (struct spppauthfailuresettings *)data; 6259 6260 SPPP_LOCK(sp, RW_WRITER); 6261 sp->pp_max_auth_fail = afsettings->max_failures; 6262 sp->pp_auth_failures = 0; 6263 SPPP_UNLOCK(sp); 6264 } 6265 break; 6266 case SPPPGETAUTHFAILURES: 6267 { 6268 struct spppauthfailurestats *stats = (struct spppauthfailurestats *)data; 6269 6270 SPPP_LOCK(sp, RW_READER); 6271 stats->auth_failures = sp->pp_auth_failures; 6272 stats->max_failures = sp->pp_max_auth_fail; 6273 SPPP_UNLOCK(sp); 6274 } 6275 break; 6276 case SPPPSETDNSOPTS: 6277 { 6278 struct spppdnssettings *req = (struct spppdnssettings *)data; 6279 6280 SPPP_LOCK(sp, RW_WRITER); 6281 sp->query_dns = req->query_dns & 3; 6282 SPPP_UNLOCK(sp); 6283 } 6284 break; 6285 case SPPPGETDNSOPTS: 6286 { 6287 struct spppdnssettings *req = (struct spppdnssettings *)data; 6288 6289 SPPP_LOCK(sp, RW_READER); 6290 req->query_dns = sp->query_dns; 6291 SPPP_UNLOCK(sp); 6292 } 6293 break; 6294 case SPPPGETDNSADDRS: 6295 { 6296 struct spppdnsaddrs *addrs = (struct spppdnsaddrs *)data; 6297 6298 SPPP_LOCK(sp, RW_READER); 6299 memcpy(&addrs->dns, &sp->dns_addrs, sizeof addrs->dns); 6300 SPPP_UNLOCK(sp); 6301 } 6302 break; 6303 case SPPPGETKEEPALIVE: 6304 { 6305 struct spppkeepalivesettings *settings = 6306 (struct spppkeepalivesettings*)data; 6307 6308 SPPP_LOCK(sp, RW_READER); 6309 settings->maxalive = sp->pp_maxalive; 6310 settings->max_noreceive = sp->pp_max_noreceive; 6311 SPPP_UNLOCK(sp); 6312 } 6313 break; 6314 case SPPPSETKEEPALIVE: 6315 { 6316 struct spppkeepalivesettings *settings = 6317 (struct spppkeepalivesettings*)data; 6318 6319 SPPP_LOCK(sp, RW_WRITER); 6320 sp->pp_maxalive = settings->maxalive; 6321 sp->pp_max_noreceive = settings->max_noreceive; 6322 SPPP_UNLOCK(sp); 6323 } 6324 break; 6325 case SPPPGETLCPSTATUS: 6326 { 6327 struct sppplcpstatus *status = 6328 (struct sppplcpstatus *)data; 6329 6330 SPPP_LOCK(sp, RW_READER); 6331 status->state = sp->scp[IDX_LCP].state; 6332 status->opts = sp->lcp.opts; 6333 status->magic = sp->lcp.magic; 6334 status->mru = sp->lcp.mru; 6335 SPPP_UNLOCK(sp); 6336 } 6337 break; 6338 case SPPPGETIPCPSTATUS: 6339 { 6340 struct spppipcpstatus *status = 6341 (struct spppipcpstatus *)data; 6342 u_int32_t myaddr; 6343 6344 SPPP_LOCK(sp, RW_READER); 6345 status->state = sp->scp[IDX_IPCP].state; 6346 status->opts = sp->ipcp.opts; 6347 #ifdef INET 6348 kpreempt_disable(); 6349 sppp_get_ip_addrs(sp, &myaddr, 0, 0); 6350 kpreempt_enable(); 6351 #else 6352 myaddr = 0; 6353 #endif 6354 status->myaddr = ntohl(myaddr); 6355 SPPP_UNLOCK(sp); 6356 } 6357 break; 6358 case SPPPGETIPV6CPSTATUS: 6359 { 6360 struct spppipv6cpstatus *status = 6361 (struct spppipv6cpstatus *)data; 6362 6363 SPPP_LOCK(sp, RW_READER); 6364 status->state = sp->scp[IDX_IPV6CP].state; 6365 memcpy(status->my_ifid, sp->ipv6cp.my_ifid, 6366 sizeof(status->my_ifid)); 6367 memcpy(status->his_ifid, sp->ipv6cp.his_ifid, 6368 sizeof(status->his_ifid)); 6369 SPPP_UNLOCK(sp); 6370 } 6371 break; 6372 default: 6373 { 6374 int ret; 6375 6376 MODULE_HOOK_CALL(sppp_params_50_hook, (sp, cmd, data), 6377 enosys(), ret); 6378 if (ret != ENOSYS) 6379 return ret; 6380 return (EINVAL); 6381 } 6382 } 6383 return (0); 6384 } 6385 6386 static void 6387 sppp_phase_network(struct sppp *sp) 6388 { 6389 int i; 6390 6391 KASSERT(SPPP_WLOCKED(sp)); 6392 6393 sppp_change_phase(sp, SPPP_PHASE_NETWORK); 6394 6395 /* Notify NCPs now. */ 6396 for (i = 0; i < IDX_COUNT; i++) 6397 if ((cps[i])->flags & CP_NCP) 6398 sppp_wq_add(sp->wq_cp, &sp->scp[i].work_open); 6399 } 6400 6401 static const char * 6402 sppp_cp_type_name(u_char type) 6403 { 6404 static char buf[12]; 6405 switch (type) { 6406 case CONF_REQ: return "conf-req"; 6407 case CONF_ACK: return "conf-ack"; 6408 case CONF_NAK: return "conf-nak"; 6409 case CONF_REJ: return "conf-rej"; 6410 case TERM_REQ: return "term-req"; 6411 case TERM_ACK: return "term-ack"; 6412 case CODE_REJ: return "code-rej"; 6413 case PROTO_REJ: return "proto-rej"; 6414 case ECHO_REQ: return "echo-req"; 6415 case ECHO_REPLY: return "echo-reply"; 6416 case DISC_REQ: return "discard-req"; 6417 } 6418 snprintf(buf, sizeof(buf), "0x%x", type); 6419 return buf; 6420 } 6421 6422 static const char * 6423 sppp_auth_type_name(u_short proto, u_char type) 6424 { 6425 static char buf[32]; 6426 const char *name; 6427 6428 switch (proto) { 6429 case PPP_CHAP: 6430 switch (type) { 6431 case CHAP_CHALLENGE: return "challenge"; 6432 case CHAP_RESPONSE: return "response"; 6433 case CHAP_SUCCESS: return "success"; 6434 case CHAP_FAILURE: return "failure"; 6435 default: name = "chap"; break; 6436 } 6437 break; 6438 6439 case PPP_PAP: 6440 switch (type) { 6441 case PAP_REQ: return "req"; 6442 case PAP_ACK: return "ack"; 6443 case PAP_NAK: return "nak"; 6444 default: name = "pap"; break; 6445 } 6446 break; 6447 6448 default: 6449 name = "bad"; 6450 break; 6451 } 6452 6453 snprintf(buf, sizeof(buf), "%s(%#x) %#x", name, proto, type); 6454 return buf; 6455 } 6456 6457 static const char * 6458 sppp_lcp_opt_name(u_char opt) 6459 { 6460 static char buf[12]; 6461 switch (opt) { 6462 case LCP_OPT_MRU: return "mru"; 6463 case LCP_OPT_ASYNC_MAP: return "async-map"; 6464 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 6465 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 6466 case LCP_OPT_MAGIC: return "magic"; 6467 case LCP_OPT_PROTO_COMP: return "proto-comp"; 6468 case LCP_OPT_ADDR_COMP: return "addr-comp"; 6469 case LCP_OPT_SELF_DESC_PAD: return "sdpad"; 6470 case LCP_OPT_CALL_BACK: return "callback"; 6471 case LCP_OPT_COMPOUND_FRMS: return "cmpd-frms"; 6472 case LCP_OPT_MP_MRRU: return "mrru"; 6473 case LCP_OPT_MP_SSNHF: return "mp-ssnhf"; 6474 case LCP_OPT_MP_EID: return "mp-eid"; 6475 } 6476 snprintf(buf, sizeof(buf), "0x%x", opt); 6477 return buf; 6478 } 6479 6480 static const char * 6481 sppp_ipcp_opt_name(u_char opt) 6482 { 6483 static char buf[12]; 6484 switch (opt) { 6485 case IPCP_OPT_ADDRESSES: return "addresses"; 6486 case IPCP_OPT_COMPRESSION: return "compression"; 6487 case IPCP_OPT_ADDRESS: return "address"; 6488 case IPCP_OPT_PRIMDNS: return "primdns"; 6489 case IPCP_OPT_SECDNS: return "secdns"; 6490 } 6491 snprintf(buf, sizeof(buf), "0x%x", opt); 6492 return buf; 6493 } 6494 6495 #ifdef INET6 6496 static const char * 6497 sppp_ipv6cp_opt_name(u_char opt) 6498 { 6499 static char buf[12]; 6500 switch (opt) { 6501 case IPV6CP_OPT_IFID: return "ifid"; 6502 case IPV6CP_OPT_COMPRESSION: return "compression"; 6503 } 6504 snprintf(buf, sizeof(buf), "0x%x", opt); 6505 return buf; 6506 } 6507 #endif 6508 6509 static const char * 6510 sppp_state_name(int state) 6511 { 6512 switch (state) { 6513 case STATE_INITIAL: return "initial"; 6514 case STATE_STARTING: return "starting"; 6515 case STATE_CLOSED: return "closed"; 6516 case STATE_STOPPED: return "stopped"; 6517 case STATE_CLOSING: return "closing"; 6518 case STATE_STOPPING: return "stopping"; 6519 case STATE_REQ_SENT: return "req-sent"; 6520 case STATE_ACK_RCVD: return "ack-rcvd"; 6521 case STATE_ACK_SENT: return "ack-sent"; 6522 case STATE_OPENED: return "opened"; 6523 } 6524 return "illegal"; 6525 } 6526 6527 static const char * 6528 sppp_phase_name(int phase) 6529 { 6530 switch (phase) { 6531 case SPPP_PHASE_DEAD: return "dead"; 6532 case SPPP_PHASE_ESTABLISH: return "establish"; 6533 case SPPP_PHASE_TERMINATE: return "terminate"; 6534 case SPPP_PHASE_AUTHENTICATE: return "authenticate"; 6535 case SPPP_PHASE_NETWORK: return "network"; 6536 } 6537 return "illegal"; 6538 } 6539 6540 static const char * 6541 sppp_proto_name(u_short proto) 6542 { 6543 static char buf[12]; 6544 switch (proto) { 6545 case PPP_LCP: return "lcp"; 6546 case PPP_IPCP: return "ipcp"; 6547 case PPP_PAP: return "pap"; 6548 case PPP_CHAP: return "chap"; 6549 case PPP_IPV6CP: return "ipv6cp"; 6550 } 6551 snprintf(buf, sizeof(buf), "0x%x", (unsigned)proto); 6552 return buf; 6553 } 6554 6555 static void 6556 sppp_print_bytes(const u_char *p, u_short len) 6557 { 6558 addlog(" %02x", *p++); 6559 while (--len > 0) 6560 addlog("-%02x", *p++); 6561 } 6562 6563 static void 6564 sppp_print_string(const char *p, u_short len) 6565 { 6566 u_char c; 6567 6568 while (len-- > 0) { 6569 c = *p++; 6570 /* 6571 * Print only ASCII chars directly. RFC 1994 recommends 6572 * using only them, but we don't rely on it. */ 6573 if (c < ' ' || c > '~') 6574 addlog("\\x%x", c); 6575 else 6576 addlog("%c", c); 6577 } 6578 } 6579 6580 static const char * 6581 sppp_dotted_quad(uint32_t addr) 6582 { 6583 static char s[16]; 6584 snprintf(s, sizeof(s), "%d.%d.%d.%d", 6585 (int)((addr >> 24) & 0xff), 6586 (int)((addr >> 16) & 0xff), 6587 (int)((addr >> 8) & 0xff), 6588 (int)(addr & 0xff)); 6589 return s; 6590 } 6591 6592 /* a dummy, used to drop uninteresting events */ 6593 static void 6594 sppp_null(struct sppp *unused) 6595 { 6596 /* do just nothing */ 6597 } 6598 6599 static void 6600 sppp_tls(const struct cp *cp, struct sppp *sp) 6601 { 6602 6603 /* notify lcp that is lower layer */ 6604 sp->lcp.protos |= (1 << cp->protoidx); 6605 6606 if (sp->scp[IDX_LCP].state == STATE_OPENED) 6607 sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_up); 6608 } 6609 6610 static void 6611 sppp_tlf(const struct cp *cp, struct sppp *sp) 6612 { 6613 STDDCL; 6614 6615 if (debug) 6616 log(LOG_DEBUG, "%s: %s tlf\n", ifp->if_xname, cp->name); 6617 6618 /* notify lcp that is lower layer */ 6619 sp->lcp.protos &= ~(1 << cp->protoidx); 6620 6621 /* cleanup */ 6622 if (sp->scp[cp->protoidx].mbuf_confreq != NULL) { 6623 m_freem(sp->scp[cp->protoidx].mbuf_confreq); 6624 sp->scp[cp->protoidx].mbuf_confreq = NULL; 6625 } 6626 if (sp->scp[cp->protoidx].mbuf_confnak != NULL) { 6627 m_freem(sp->scp[cp->protoidx].mbuf_confnak); 6628 sp->scp[cp->protoidx].mbuf_confnak = NULL; 6629 } 6630 6631 sppp_lcp_check_and_close(sp); 6632 } 6633 6634 static void 6635 sppp_screply(const struct cp *cp, struct sppp *sp, u_char type, 6636 uint8_t ident, size_t msglen, void *msg) 6637 { 6638 STDDCL; 6639 6640 if (msglen == 0) 6641 return; 6642 6643 switch (type) { 6644 case CONF_ACK: 6645 case CONF_NAK: 6646 case CONF_REJ: 6647 break; 6648 default: 6649 return; 6650 } 6651 6652 if (debug) { 6653 log(LOG_DEBUG, "%s: send %s\n", 6654 ifp->if_xname, sppp_cp_type_name(type)); 6655 } 6656 6657 sppp_cp_send(sp, cp->proto, type, ident, msglen, msg); 6658 } 6659 6660 static void 6661 sppp_ifdown(struct sppp *sp, void *xcp __unused) 6662 { 6663 6664 SPPP_UNLOCK(sp); 6665 if_down(&sp->pp_if); 6666 IF_PURGE(&sp->pp_cpq); 6667 SPPP_LOCK(sp, RW_WRITER); 6668 } 6669 6670 static void 6671 sppp_notify_up(struct sppp *sp) 6672 { 6673 6674 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_up); 6675 } 6676 6677 static void 6678 sppp_notify_down(struct sppp *sp) 6679 { 6680 6681 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_down); 6682 } 6683 6684 static void 6685 sppp_notify_tls_wlocked(struct sppp *sp) 6686 { 6687 6688 KASSERT(SPPP_WLOCKED(sp)); 6689 6690 if (!sp->pp_tls) 6691 return; 6692 6693 SPPP_UNLOCK(sp); 6694 sp->pp_tls(sp); 6695 SPPP_LOCK(sp, RW_WRITER); 6696 } 6697 6698 static void 6699 sppp_notify_tlf_wlocked(struct sppp *sp) 6700 { 6701 6702 KASSERT(SPPP_WLOCKED(sp)); 6703 6704 if (!sp->pp_tlf) 6705 return; 6706 6707 SPPP_UNLOCK(sp); 6708 sp->pp_tlf(sp); 6709 SPPP_LOCK(sp, RW_WRITER); 6710 } 6711 6712 static void 6713 sppp_notify_con(struct sppp *sp) 6714 { 6715 6716 if (!sp->pp_con) 6717 return; 6718 6719 sp->pp_con(sp); 6720 } 6721 6722 #ifdef INET6 6723 static void 6724 sppp_notify_con_wlocked(struct sppp *sp) 6725 { 6726 6727 KASSERT(SPPP_WLOCKED(sp)); 6728 6729 SPPP_UNLOCK(sp); 6730 sppp_notify_con(sp); 6731 SPPP_LOCK(sp, RW_WRITER); 6732 6733 } 6734 #endif 6735 6736 static void 6737 sppp_notify_chg_wlocked(struct sppp *sp) 6738 { 6739 6740 KASSERT(SPPP_WLOCKED(sp)); 6741 6742 if (!sp->pp_chg) 6743 return; 6744 6745 SPPP_UNLOCK(sp); 6746 sp->pp_chg(sp, sp->pp_phase); 6747 SPPP_LOCK(sp, RW_WRITER); 6748 } 6749 6750 static void 6751 sppp_wq_work(struct work *wk, void *xsp) 6752 { 6753 struct sppp *sp; 6754 struct sppp_work *work; 6755 6756 sp = xsp; 6757 work = container_of(wk, struct sppp_work, work); 6758 atomic_cas_uint(&work->state, SPPP_WK_BUSY, SPPP_WK_FREE); 6759 6760 SPPP_LOCK(sp, RW_WRITER); 6761 work->func(sp, work->arg); 6762 SPPP_UNLOCK(sp); 6763 } 6764 6765 static struct workqueue * 6766 sppp_wq_create(struct sppp *sp, const char *xnamebuf, pri_t prio, int ipl, int flags) 6767 { 6768 struct workqueue *wq; 6769 int error; 6770 6771 error = workqueue_create(&wq, xnamebuf, sppp_wq_work, 6772 (void *)sp, prio, ipl, flags); 6773 if (error) { 6774 panic("%s: workqueue_create failed [%s, %d]\n", 6775 sp->pp_if.if_xname, xnamebuf, error); 6776 } 6777 6778 return wq; 6779 } 6780 6781 static void 6782 sppp_wq_destroy(struct sppp *sp __unused, struct workqueue *wq) 6783 { 6784 6785 workqueue_destroy(wq); 6786 } 6787 6788 static void 6789 sppp_wq_set(struct sppp_work *work, 6790 void (*func)(struct sppp *, void *), void *arg) 6791 { 6792 6793 work->func = func; 6794 work->arg = arg; 6795 } 6796 6797 static void 6798 sppp_wq_add(struct workqueue *wq, struct sppp_work *work) 6799 { 6800 6801 if (atomic_cas_uint(&work->state, SPPP_WK_FREE, SPPP_WK_BUSY) 6802 != SPPP_WK_FREE) 6803 return; 6804 6805 KASSERT(work->func != NULL); 6806 kpreempt_disable(); 6807 workqueue_enqueue(wq, &work->work, NULL); 6808 kpreempt_enable(); 6809 } 6810 static void 6811 sppp_wq_wait(struct workqueue *wq, struct sppp_work *work) 6812 { 6813 6814 atomic_swap_uint(&work->state, SPPP_WK_UNAVAIL); 6815 workqueue_wait(wq, &work->work); 6816 } 6817 6818 /* 6819 * This file is large. Tell emacs to highlight it nevertheless. 6820 * 6821 * Local Variables: 6822 * hilit-auto-highlight-maxout: 120000 6823 * End: 6824 */ 6825 6826 /* 6827 * Module glue 6828 */ 6829 MODULE(MODULE_CLASS_MISC, sppp_subr, NULL); 6830 6831 static int 6832 sppp_subr_modcmd(modcmd_t cmd, void *arg) 6833 { 6834 6835 switch (cmd) { 6836 case MODULE_CMD_INIT: 6837 case MODULE_CMD_FINI: 6838 return 0; 6839 case MODULE_CMD_STAT: 6840 case MODULE_CMD_AUTOUNLOAD: 6841 default: 6842 return ENOTTY; 6843 } 6844 } 6845
Indexes created Fri Sep 26 20:09:58 GMT 2025