if_spppsubr.c revision 1.262
1 /* $NetBSD: if_spppsubr.c,v 1.262 2022/03/07 04:06:20 knakahara Exp $ */ 2 3 /* 4 * Synchronous PPP/Cisco link level subroutines. 5 * Keepalive protocol implemented in both Cisco and PPP modes. 6 * 7 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 8 * Author: Serge Vakulenko, <vak (at) cronyx.ru> 9 * 10 * Heavily revamped to conform to RFC 1661. 11 * Copyright (C) 1997, Joerg Wunsch. 12 * 13 * RFC2472 IPv6CP support. 14 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun (at) iijlab.net>. 15 * 16 * Redistribution and use in source and binary forms, with or without 17 * modification, are permitted provided that the following conditions are met: 18 * 1. Redistributions of source code must retain the above copyright notice, 19 * this list of conditions and the following disclaimer. 20 * 2. Redistributions in binary form must reproduce the above copyright notice, 21 * this list of conditions and the following disclaimer in the documentation 22 * and/or other materials provided with the distribution. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY 25 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE 28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 32 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 34 * POSSIBILITY OF SUCH DAMAGE. 35 * 36 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 37 * 38 * From: if_spppsubr.c,v 1.39 1998/04/04 13:26:03 phk Exp 39 * 40 * From: Id: if_spppsubr.c,v 1.23 1999/02/23 14:47:50 hm Exp 41 */ 42 43 #include <sys/cdefs.h> 44 __KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.262 2022/03/07 04:06:20 knakahara Exp $"); 45 46 #if defined(_KERNEL_OPT) 47 #include "opt_inet.h" 48 #include "opt_modular.h" 49 #include "opt_compat_netbsd.h" 50 #include "opt_net_mpsafe.h" 51 #include "opt_sppp.h" 52 #endif 53 54 #include <sys/param.h> 55 #include <sys/proc.h> 56 #include <sys/systm.h> 57 #include <sys/kernel.h> 58 #include <sys/sockio.h> 59 #include <sys/socket.h> 60 #include <sys/syslog.h> 61 #include <sys/malloc.h> 62 #include <sys/mbuf.h> 63 #include <sys/callout.h> 64 #include <sys/md5.h> 65 #include <sys/inttypes.h> 66 #include <sys/kauth.h> 67 #include <sys/cprng.h> 68 #include <sys/module.h> 69 #include <sys/workqueue.h> 70 #include <sys/atomic.h> 71 #include <sys/compat_stub.h> 72 #include <sys/cpu.h> 73 74 #include <net/if.h> 75 #include <net/netisr.h> 76 #include <net/if_types.h> 77 #include <net/route.h> 78 #include <net/ppp_defs.h> 79 80 #include <netinet/in.h> 81 #include <netinet/in_systm.h> 82 #include <netinet/in_var.h> 83 #ifdef INET 84 #include <netinet/ip.h> 85 #include <netinet/tcp.h> 86 #endif 87 #include <net/ethertypes.h> 88 89 #ifdef INET6 90 #include <netinet6/scope6_var.h> 91 #endif 92 93 #include <net/if_sppp.h> 94 #include <net/if_spppvar.h> 95 96 #ifdef NET_MPSAFE 97 #define SPPPSUBR_MPSAFE 1 98 #endif 99 100 #define DEFAULT_KEEPALIVE_INTERVAL 10 /* seconds between checks */ 101 #define DEFAULT_ALIVE_INTERVAL 1 /* count of sppp_keepalive */ 102 #define LOOPALIVECNT 3 /* loopback detection tries */ 103 #define DEFAULT_MAXALIVECNT 3 /* max. missed alive packets */ 104 #define DEFAULT_NORECV_TIME 15 /* before we get worried */ 105 #define DEFAULT_MAX_AUTH_FAILURES 5 /* max. auth. failures */ 106 107 #ifndef SPPP_KEEPALIVE_INTERVAL 108 #define SPPP_KEEPALIVE_INTERVAL DEFAULT_KEEPALIVE_INTERVAL 109 #endif 110 111 #ifndef SPPP_NORECV_TIME 112 #define SPPP_NORECV_TIME DEFAULT_NORECV_TIME 113 #endif 114 115 #ifndef SPPP_ALIVE_INTERVAL 116 #define SPPP_ALIVE_INTERVAL DEFAULT_ALIVE_INTERVAL 117 #endif 118 119 #define SPPP_CPTYPE_NAMELEN 5 /* buf size of cp type name */ 120 #define SPPP_AUTHTYPE_NAMELEN 32 /* buf size of auth type name */ 121 #define SPPP_LCPOPT_NAMELEN 5 /* buf size of lcp option name */ 122 #define SPPP_IPCPOPT_NAMELEN 5 /* buf size of ipcp option name */ 123 #define SPPP_IPV6CPOPT_NAMELEN 5 /* buf size of ipv6cp option name */ 124 #define SPPP_PROTO_NAMELEN 7 /* buf size of protocol name */ 125 #define SPPP_DOTQUAD_BUFLEN 16 /* length of "aa.bb.cc.dd" */ 126 127 /* 128 * Interface flags that can be set in an ifconfig command. 129 * 130 * Setting link0 will make the link passive, i.e. it will be marked 131 * as being administrative openable, but won't be opened to begin 132 * with. Incoming calls will be answered, or subsequent calls with 133 * -link1 will cause the administrative open of the LCP layer. 134 * 135 * Setting link1 will cause the link to auto-dial only as packets 136 * arrive to be sent. 137 * 138 * Setting IFF_DEBUG will syslog the option negotiation and state 139 * transitions at level kern.debug. Note: all logs consistently look 140 * like 141 * 142 * <if-name><unit>: <proto-name> <additional info...> 143 * 144 * with <if-name><unit> being something like "bppp0", and <proto-name> 145 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 146 */ 147 148 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 149 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 150 151 #define CONF_REQ 1 /* PPP configure request */ 152 #define CONF_ACK 2 /* PPP configure acknowledge */ 153 #define CONF_NAK 3 /* PPP configure negative ack */ 154 #define CONF_REJ 4 /* PPP configure reject */ 155 #define TERM_REQ 5 /* PPP terminate request */ 156 #define TERM_ACK 6 /* PPP terminate acknowledge */ 157 #define CODE_REJ 7 /* PPP code reject */ 158 #define PROTO_REJ 8 /* PPP protocol reject */ 159 #define ECHO_REQ 9 /* PPP echo request */ 160 #define ECHO_REPLY 10 /* PPP echo reply */ 161 #define DISC_REQ 11 /* PPP discard request */ 162 163 #define LCP_OPT_MRU 1 /* maximum receive unit */ 164 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 165 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 166 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 167 #define LCP_OPT_MAGIC 5 /* magic number */ 168 #define LCP_OPT_RESERVED 6 /* reserved */ 169 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 170 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 171 #define LCP_OPT_FCS_ALTS 9 /* FCS alternatives */ 172 #define LCP_OPT_SELF_DESC_PAD 10 /* self-describing padding */ 173 #define LCP_OPT_CALL_BACK 13 /* callback */ 174 #define LCP_OPT_COMPOUND_FRMS 15 /* compound frames */ 175 #define LCP_OPT_MP_MRRU 17 /* multilink MRRU */ 176 #define LCP_OPT_MP_SSNHF 18 /* multilink short seq. numbers */ 177 #define LCP_OPT_MP_EID 19 /* multilink endpoint discriminator */ 178 179 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 180 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol */ 181 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 182 #define IPCP_OPT_PRIMDNS 129 /* primary remote dns address */ 183 #define IPCP_OPT_SECDNS 131 /* secondary remote dns address */ 184 185 #define IPCP_UPDATE_LIMIT 8 /* limit of pending IP updating job */ 186 #define IPCP_SET_ADDRS 1 /* marker for IP address setting job */ 187 #define IPCP_CLEAR_ADDRS 2 /* marker for IP address clearing job */ 188 189 #define IPV6CP_OPT_IFID 1 /* interface identifier */ 190 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 191 192 #define PAP_REQ 1 /* PAP name/password request */ 193 #define PAP_ACK 2 /* PAP acknowledge */ 194 #define PAP_NAK 3 /* PAP fail */ 195 196 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 197 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 198 #define CHAP_SUCCESS 3 /* CHAP response ok */ 199 #define CHAP_FAILURE 4 /* CHAP response failed */ 200 201 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 202 203 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 204 #define CISCO_UNICAST 0x0f /* Cisco unicast address */ 205 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 206 #define CISCO_ADDR_REQ 0 /* Cisco address request */ 207 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 208 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 209 210 #define PPP_NOPROTO 0 /* no authentication protocol */ 211 212 enum { 213 STATE_INITIAL = SPPP_STATE_INITIAL, 214 STATE_STARTING = SPPP_STATE_STARTING, 215 STATE_CLOSED = SPPP_STATE_CLOSED, 216 STATE_STOPPED = SPPP_STATE_STOPPED, 217 STATE_CLOSING = SPPP_STATE_CLOSING, 218 STATE_STOPPING = SPPP_STATE_STOPPING, 219 STATE_REQ_SENT = SPPP_STATE_REQ_SENT, 220 STATE_ACK_RCVD = SPPP_STATE_ACK_RCVD, 221 STATE_ACK_SENT = SPPP_STATE_ACK_SENT, 222 STATE_OPENED = SPPP_STATE_OPENED, 223 }; 224 225 enum cp_rcr_type { 226 CP_RCR_NONE = 0, /* initial value */ 227 CP_RCR_ACK, /* RCR+ */ 228 CP_RCR_NAK, /* RCR- */ 229 CP_RCR_REJ, /* RCR- */ 230 CP_RCR_DROP, /* DROP message */ 231 CP_RCR_ERR, /* internal error */ 232 }; 233 234 struct ppp_header { 235 uint8_t address; 236 uint8_t control; 237 uint16_t protocol; 238 } __packed; 239 #define PPP_HEADER_LEN sizeof (struct ppp_header) 240 241 struct lcp_header { 242 uint8_t type; 243 uint8_t ident; 244 uint16_t len; 245 } __packed; 246 #define LCP_HEADER_LEN sizeof (struct lcp_header) 247 248 struct cisco_packet { 249 uint32_t type; 250 uint32_t par1; 251 uint32_t par2; 252 uint16_t rel; 253 uint16_t time0; 254 uint16_t time1; 255 } __packed; 256 #define CISCO_PACKET_LEN 18 257 258 /* 259 * We follow the spelling and capitalization of RFC 1661 here, to make 260 * it easier comparing with the standard. Please refer to this RFC in 261 * case you can't make sense out of these abbreviation; it will also 262 * explain the semantics related to the various events and actions. 263 */ 264 struct cp { 265 u_short proto; /* PPP control protocol number */ 266 u_char protoidx; /* index into state table in struct sppp */ 267 u_char flags; 268 #define CP_LCP 0x01 /* this is the LCP */ 269 #define CP_AUTH 0x02 /* this is an authentication protocol */ 270 #define CP_NCP 0x04 /* this is a NCP */ 271 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 272 const char *name; /* name of this control protocol */ 273 /* event handlers */ 274 void (*Up)(struct sppp *, void *); 275 void (*Down)(struct sppp *, void *); 276 void (*Open)(struct sppp *, void *); 277 void (*Close)(struct sppp *, void *); 278 void (*TO)(struct sppp *, void *); 279 /* actions */ 280 void (*tlu)(struct sppp *); 281 void (*tld)(struct sppp *); 282 void (*tls)(const struct cp *, struct sppp *); 283 void (*tlf)(const struct cp *, struct sppp *); 284 void (*scr)(struct sppp *); 285 void (*screply)(const struct cp *, struct sppp *, u_char, 286 uint8_t, size_t, void *); 287 288 /* message parser */ 289 enum cp_rcr_type 290 (*parse_confreq)(struct sppp *, struct lcp_header *, int, 291 uint8_t **, size_t *, size_t *); 292 void (*parse_confrej)(struct sppp *, struct lcp_header *, int); 293 void (*parse_confnak)(struct sppp *, struct lcp_header *, int); 294 }; 295 296 enum auth_role { 297 SPPP_AUTH_NOROLE = 0, 298 SPPP_AUTH_SERV = __BIT(0), 299 SPPP_AUTH_PEER = __BIT(1), 300 }; 301 302 static struct sppp *spppq; 303 static kmutex_t *spppq_lock = NULL; 304 static callout_t keepalive_ch; 305 static unsigned int sppp_keepalive_cnt = 0; 306 307 pktq_rps_hash_func_t sppp_pktq_rps_hash_p; 308 309 #define SPPPQ_LOCK() if (spppq_lock) \ 310 mutex_enter(spppq_lock); 311 #define SPPPQ_UNLOCK() if (spppq_lock) \ 312 mutex_exit(spppq_lock); 313 314 #define SPPP_LOCK(_sp, _op) rw_enter(&(_sp)->pp_lock, (_op)) 315 #define SPPP_UNLOCK(_sp) rw_exit(&(_sp)->pp_lock) 316 #define SPPP_WLOCKED(_sp) rw_write_held(&(_sp)->pp_lock) 317 #define SPPP_UPGRADE(_sp) do{ \ 318 SPPP_UNLOCK(_sp); \ 319 SPPP_LOCK(_sp, RW_WRITER); \ 320 }while (0) 321 #define SPPP_DOWNGRADE(_sp) rw_downgrade(&(_sp)->pp_lock) 322 #define SPPP_WQ_SET(_wk, _func, _arg) \ 323 sppp_wq_set((_wk), (_func), __UNCONST((_arg))) 324 #define SPPP_LOG(_sp, _lvl, _fmt, _args...) do { \ 325 if (__predict_true((_sp) != NULL)) { \ 326 log((_lvl), "%s: ", (_sp)->pp_if.if_xname); \ 327 } \ 328 addlog((_fmt), ##_args); \ 329 } while (0) 330 #define SPPP_DLOG(_sp, _fmt, _args...) do { \ 331 if (!sppp_debug_enabled(_sp)) \ 332 break; \ 333 SPPP_LOG(_sp, LOG_DEBUG, _fmt, ##_args); \ 334 } while (0) 335 336 #ifdef INET 337 #ifndef SPPPSUBR_MPSAFE 338 /* 339 * The following disgusting hack gets around the problem that IP TOS 340 * can't be set yet. We want to put "interactive" traffic on a high 341 * priority queue. To decide if traffic is interactive, we check that 342 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 343 * 344 * XXX is this really still necessary? - joerg - 345 */ 346 static u_short interactive_ports[8] = { 347 0, 513, 0, 0, 348 0, 21, 0, 23, 349 }; 350 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 351 #endif /* SPPPSUBR_MPSAFE */ 352 #endif 353 354 /* almost every function needs these */ 355 356 static bool sppp_debug_enabled(struct sppp *sp); 357 static int sppp_output(struct ifnet *, struct mbuf *, 358 const struct sockaddr *, const struct rtentry *); 359 360 static void sppp_cp_init(const struct cp *, struct sppp *); 361 static void sppp_cp_fini(const struct cp *, struct sppp *); 362 static void sppp_cp_input(const struct cp *, struct sppp *, 363 struct mbuf *); 364 static void sppp_cp_input(const struct cp *, struct sppp *, 365 struct mbuf *); 366 static void sppp_cp_send(struct sppp *, u_short, u_char, 367 u_char, u_short, void *); 368 /* static void sppp_cp_timeout(void *arg); */ 369 static void sppp_cp_change_state(const struct cp *, struct sppp *, int); 370 static struct workqueue * 371 sppp_wq_create(struct sppp *, const char *, pri_t, int, int); 372 static void sppp_wq_destroy(struct sppp *, struct workqueue *); 373 static void sppp_wq_set(struct sppp_work *, 374 void (*)(struct sppp *, void *), void *); 375 static void sppp_wq_add(struct workqueue *, struct sppp_work *); 376 static void sppp_wq_wait(struct workqueue *, struct sppp_work *); 377 static void sppp_cp_to_lcp(void *); 378 static void sppp_cp_to_ipcp(void *); 379 static void sppp_cp_to_ipv6cp(void *); 380 static void sppp_auth_send(const struct cp *, struct sppp *, 381 unsigned int, unsigned int, ...); 382 static int sppp_auth_role(const struct cp *, struct sppp *); 383 static void sppp_auth_to_event(struct sppp *, void *); 384 static void sppp_auth_screply(const struct cp *, struct sppp *, 385 u_char, uint8_t, size_t, void *); 386 static void sppp_up_event(struct sppp *, void *); 387 static void sppp_down_event(struct sppp *, void *); 388 static void sppp_open_event(struct sppp *, void *); 389 static void sppp_close_event(struct sppp *, void *); 390 static void sppp_to_event(struct sppp *, void *); 391 static void sppp_rcr_event(struct sppp *, void *); 392 static void sppp_rca_event(struct sppp *, void *); 393 static void sppp_rcn_event(struct sppp *, void *); 394 static void sppp_rtr_event(struct sppp *, void *); 395 static void sppp_rta_event(struct sppp *, void *); 396 static void sppp_rxj_event(struct sppp *, void *); 397 398 static void sppp_null(struct sppp *); 399 static void sppp_tls(const struct cp *, struct sppp *); 400 static void sppp_tlf(const struct cp *, struct sppp *); 401 static void sppp_screply(const struct cp *, struct sppp *, 402 u_char, uint8_t, size_t, void *); 403 static void sppp_ifdown(struct sppp *, void *); 404 405 static void sppp_lcp_init(struct sppp *); 406 static void sppp_lcp_up(struct sppp *, void *); 407 static void sppp_lcp_down(struct sppp *, void *); 408 static void sppp_lcp_open(struct sppp *, void *); 409 static enum cp_rcr_type 410 sppp_lcp_confreq(struct sppp *, struct lcp_header *, int, 411 uint8_t **, size_t *, size_t *); 412 static void sppp_lcp_confrej(struct sppp *, struct lcp_header *, int); 413 static void sppp_lcp_confnak(struct sppp *, struct lcp_header *, int); 414 static void sppp_lcp_tlu(struct sppp *); 415 static void sppp_lcp_tld(struct sppp *); 416 static void sppp_lcp_tls(const struct cp *, struct sppp *); 417 static void sppp_lcp_tlf(const struct cp *, struct sppp *); 418 static void sppp_lcp_scr(struct sppp *); 419 static void sppp_lcp_check_and_close(struct sppp *); 420 static int sppp_cp_check(struct sppp *, u_char); 421 422 static void sppp_ipcp_init(struct sppp *); 423 static void sppp_ipcp_open(struct sppp *, void *); 424 static void sppp_ipcp_close(struct sppp *, void *); 425 static enum cp_rcr_type 426 sppp_ipcp_confreq(struct sppp *, struct lcp_header *, int, 427 uint8_t **, size_t *, size_t *); 428 static void sppp_ipcp_confrej(struct sppp *, struct lcp_header *, int); 429 static void sppp_ipcp_confnak(struct sppp *, struct lcp_header *, int); 430 static void sppp_ipcp_tlu(struct sppp *); 431 static void sppp_ipcp_tld(struct sppp *); 432 static void sppp_ipcp_scr(struct sppp *); 433 434 static void sppp_ipv6cp_init(struct sppp *); 435 static void sppp_ipv6cp_open(struct sppp *, void *); 436 static enum cp_rcr_type 437 sppp_ipv6cp_confreq(struct sppp *, struct lcp_header *, int, 438 uint8_t **, size_t *, size_t *); 439 static void sppp_ipv6cp_confrej(struct sppp *, struct lcp_header *, int); 440 static void sppp_ipv6cp_confnak(struct sppp *, struct lcp_header *, int); 441 static void sppp_ipv6cp_tlu(struct sppp *); 442 static void sppp_ipv6cp_tld(struct sppp *); 443 static void sppp_ipv6cp_scr(struct sppp *); 444 445 static void sppp_pap_input(struct sppp *, struct mbuf *); 446 static void sppp_pap_init(struct sppp *); 447 static void sppp_pap_tlu(struct sppp *); 448 static void sppp_pap_scr(struct sppp *); 449 static void sppp_pap_scr(struct sppp *); 450 451 static void sppp_chap_input(struct sppp *, struct mbuf *); 452 static void sppp_chap_init(struct sppp *); 453 static void sppp_chap_open(struct sppp *, void *); 454 static void sppp_chap_tlu(struct sppp *); 455 static void sppp_chap_scr(struct sppp *); 456 static void sppp_chap_rcv_challenge_event(struct sppp *, void *); 457 458 static const char *sppp_auth_type_name(char *, size_t, u_short, u_char); 459 static const char *sppp_cp_type_name(char *, size_t, u_char); 460 static const char *sppp_dotted_quad(char *, size_t, uint32_t); 461 static const char *sppp_ipcp_opt_name(char *, size_t, u_char); 462 #ifdef INET6 463 static const char *sppp_ipv6cp_opt_name(char *, size_t, u_char); 464 #endif 465 static const char *sppp_lcp_opt_name(char *, size_t, u_char); 466 static const char *sppp_phase_name(int); 467 static const char *sppp_proto_name(char *, size_t, u_short); 468 static const char *sppp_state_name(int); 469 static int sppp_params(struct sppp *, u_long, void *); 470 #ifdef INET 471 static void sppp_get_ip_addrs(struct sppp *, uint32_t *, uint32_t *, uint32_t *); 472 static void sppp_set_ip_addrs(struct sppp *); 473 static void sppp_clear_ip_addrs(struct sppp *); 474 #endif 475 static void sppp_keepalive(void *); 476 static void sppp_phase_network(struct sppp *); 477 static void sppp_print_bytes(const u_char *, u_short); 478 static void sppp_print_string(const char *, u_short); 479 #ifdef INET6 480 static void sppp_get_ip6_addrs(struct sppp *, struct in6_addr *, 481 struct in6_addr *, struct in6_addr *); 482 #ifdef IPV6CP_MYIFID_DYN 483 static void sppp_set_ip6_addr(struct sppp *, const struct in6_addr *); 484 static void sppp_gen_ip6_addr(struct sppp *, const struct in6_addr *); 485 #endif 486 static void sppp_suggest_ip6_addr(struct sppp *, struct in6_addr *); 487 #endif 488 489 static void sppp_notify_up(struct sppp *); 490 static void sppp_notify_down(struct sppp *); 491 static void sppp_notify_tls_wlocked(struct sppp *); 492 static void sppp_notify_tlf_wlocked(struct sppp *); 493 #ifdef INET6 494 static void sppp_notify_con_wlocked(struct sppp *); 495 #endif 496 static void sppp_notify_con(struct sppp *); 497 498 static void sppp_notify_chg_wlocked(struct sppp *); 499 500 /* our control protocol descriptors */ 501 static const struct cp lcp = { 502 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 503 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, 504 sppp_close_event, sppp_to_event, 505 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, 506 sppp_lcp_tlf, sppp_lcp_scr, sppp_screply, 507 sppp_lcp_confreq, sppp_lcp_confrej, sppp_lcp_confnak 508 }; 509 510 static const struct cp ipcp = { 511 PPP_IPCP, IDX_IPCP, 512 #ifdef INET 513 CP_NCP, /*don't run IPCP if there's no IPv4 support*/ 514 #else 515 0, 516 #endif 517 "ipcp", 518 sppp_up_event, sppp_down_event, sppp_ipcp_open, 519 sppp_ipcp_close, sppp_to_event, 520 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_tls, 521 sppp_tlf, sppp_ipcp_scr, sppp_screply, 522 sppp_ipcp_confreq, sppp_ipcp_confrej, sppp_ipcp_confnak, 523 }; 524 525 static const struct cp ipv6cp = { 526 PPP_IPV6CP, IDX_IPV6CP, 527 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 528 CP_NCP, 529 #else 530 0, 531 #endif 532 "ipv6cp", 533 sppp_up_event, sppp_down_event, sppp_ipv6cp_open, 534 sppp_close_event, sppp_to_event, 535 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_tls, 536 sppp_tlf, sppp_ipv6cp_scr, sppp_screply, 537 sppp_ipv6cp_confreq, sppp_ipv6cp_confrej, sppp_ipv6cp_confnak, 538 }; 539 540 static const struct cp pap = { 541 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 542 sppp_up_event, sppp_down_event, sppp_open_event, 543 sppp_close_event, sppp_auth_to_event, 544 sppp_pap_tlu, sppp_null, sppp_tls, sppp_tlf, 545 sppp_pap_scr, sppp_auth_screply, 546 NULL, NULL, NULL 547 }; 548 549 static const struct cp chap = { 550 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 551 sppp_up_event, sppp_down_event, sppp_chap_open, 552 sppp_close_event, sppp_auth_to_event, 553 sppp_chap_tlu, sppp_null, sppp_tls, sppp_tlf, 554 sppp_chap_scr, sppp_auth_screply, 555 NULL, NULL, NULL 556 }; 557 558 static const struct cp *cps[IDX_COUNT] = { 559 &lcp, /* IDX_LCP */ 560 &ipcp, /* IDX_IPCP */ 561 &ipv6cp, /* IDX_IPV6CP */ 562 &pap, /* IDX_PAP */ 563 &chap, /* IDX_CHAP */ 564 }; 565 566 static inline u_int 567 sppp_proto2authproto(u_short proto) 568 { 569 570 switch (proto) { 571 case PPP_PAP: 572 return SPPP_AUTHPROTO_PAP; 573 case PPP_CHAP: 574 return SPPP_AUTHPROTO_CHAP; 575 } 576 577 return SPPP_AUTHPROTO_NONE; 578 } 579 580 static inline u_short 581 sppp_authproto2proto(u_int authproto) 582 { 583 584 switch (authproto) { 585 case SPPP_AUTHPROTO_PAP: 586 return PPP_PAP; 587 case SPPP_AUTHPROTO_CHAP: 588 return PPP_CHAP; 589 } 590 591 return PPP_NOPROTO; 592 } 593 594 static inline bool 595 sppp_debug_enabled(struct sppp *sp) 596 { 597 598 if (__predict_false(sp == NULL)) 599 return false; 600 601 if ((sp->pp_if.if_flags & IFF_DEBUG) == 0) 602 return false; 603 604 return true; 605 } 606 607 static void 608 sppp_change_phase(struct sppp *sp, int phase) 609 { 610 struct ifnet *ifp; 611 612 KASSERT(SPPP_WLOCKED(sp)); 613 614 ifp = &sp->pp_if; 615 616 if (sp->pp_phase == phase) 617 return; 618 619 sp->pp_phase = phase; 620 621 if (phase == SPPP_PHASE_NETWORK) 622 if_link_state_change(ifp, LINK_STATE_UP); 623 else 624 if_link_state_change(ifp, LINK_STATE_DOWN); 625 626 SPPP_DLOG(sp, "phase %s\n", 627 sppp_phase_name(sp->pp_phase)); 628 } 629 630 /* 631 * Exported functions, comprising our interface to the lower layer. 632 */ 633 634 /* 635 * Process the received packet. 636 */ 637 void 638 sppp_input(struct ifnet *ifp, struct mbuf *m) 639 { 640 struct ppp_header *h = NULL; 641 pktqueue_t *pktq = NULL; 642 struct ifqueue *inq = NULL; 643 uint16_t protocol; 644 struct sppp *sp = (struct sppp *)ifp; 645 int isr = 0; 646 647 SPPP_LOCK(sp, RW_READER); 648 649 if (ifp->if_flags & IFF_UP) { 650 /* Count received bytes, add hardware framing */ 651 if_statadd(ifp, if_ibytes, m->m_pkthdr.len + sp->pp_framebytes); 652 /* Note time of last receive */ 653 sp->pp_last_receive = time_uptime; 654 } 655 656 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 657 /* Too small packet, drop it. */ 658 SPPP_DLOG(sp, "input packet is too small, " 659 "%d bytes\n", m->m_pkthdr.len); 660 goto drop; 661 } 662 663 if (sp->pp_flags & PP_NOFRAMING) { 664 memcpy(&protocol, mtod(m, void *), 2); 665 protocol = ntohs(protocol); 666 m_adj(m, 2); 667 } else { 668 669 /* Get PPP header. */ 670 h = mtod(m, struct ppp_header *); 671 m_adj(m, PPP_HEADER_LEN); 672 673 switch (h->address) { 674 case PPP_ALLSTATIONS: 675 if (h->control != PPP_UI) 676 goto invalid; 677 break; 678 case CISCO_MULTICAST: 679 case CISCO_UNICAST: 680 /* Don't check the control field here (RFC 1547). */ 681 SPPP_DLOG(sp, "Cisco packet in PPP mode " 682 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 683 h->address, h->control, ntohs(h->protocol)); 684 goto drop; 685 default: /* Invalid PPP packet. */ 686 invalid: 687 SPPP_DLOG(sp, "invalid input packet " 688 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 689 h->address, h->control, ntohs(h->protocol)); 690 goto drop; 691 } 692 protocol = ntohs(h->protocol); 693 } 694 695 switch (protocol) { 696 reject_protocol: 697 if (sp->scp[IDX_LCP].state == STATE_OPENED) { 698 uint16_t prot = htons(protocol); 699 700 SPPP_UPGRADE(sp); 701 sppp_cp_send(sp, PPP_LCP, PROTO_REJ, 702 ++sp->scp[IDX_LCP].seq, m->m_pkthdr.len + 2, 703 &prot); 704 SPPP_DOWNGRADE(sp); 705 } 706 if_statinc(ifp, if_noproto); 707 goto drop; 708 default: 709 SPPP_DLOG(sp, "invalid input protocol " 710 "<proto=0x%x>\n", protocol); 711 goto reject_protocol; 712 case PPP_LCP: 713 SPPP_UNLOCK(sp); 714 sppp_cp_input(&lcp, sp, m); 715 /* already m_freem(m) */ 716 return; 717 case PPP_PAP: 718 SPPP_UNLOCK(sp); 719 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 720 sppp_pap_input(sp, m); 721 } 722 m_freem(m); 723 return; 724 case PPP_CHAP: 725 SPPP_UNLOCK(sp); 726 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 727 sppp_chap_input(sp, m); 728 } 729 m_freem(m); 730 return; 731 #ifdef INET 732 case PPP_IPCP: 733 if (!ISSET(sp->pp_ncpflags, SPPP_NCP_IPCP)) { 734 SPPP_LOG(sp, LOG_INFO, "reject IPCP packet " 735 "because IPCP is disabled\n"); 736 goto reject_protocol; 737 } 738 SPPP_UNLOCK(sp); 739 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 740 sppp_cp_input(&ipcp, sp, m); 741 /* already m_freem(m) */ 742 } else { 743 m_freem(m); 744 } 745 return; 746 case PPP_IP: 747 if (sp->scp[IDX_IPCP].state == STATE_OPENED) { 748 sp->pp_last_activity = time_uptime; 749 pktq = ip_pktq; 750 } 751 break; 752 #endif 753 #ifdef INET6 754 case PPP_IPV6CP: 755 if (!ISSET(sp->pp_ncpflags, SPPP_NCP_IPV6CP)) { 756 SPPP_LOG(sp, LOG_INFO, "reject IPv6CP packet " 757 "because IPv6CP is disabled\n"); 758 goto reject_protocol; 759 } 760 SPPP_UNLOCK(sp); 761 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 762 sppp_cp_input(&ipv6cp, sp, m); 763 /* already m_freem(m) */ 764 } else { 765 m_freem(m); 766 } 767 return; 768 769 case PPP_IPV6: 770 if (sp->scp[IDX_IPV6CP].state == STATE_OPENED) { 771 sp->pp_last_activity = time_uptime; 772 pktq = ip6_pktq; 773 } 774 break; 775 #endif 776 } 777 778 if ((ifp->if_flags & IFF_UP) == 0 || (!inq && !pktq)) { 779 goto drop; 780 } 781 782 /* Check queue. */ 783 if (__predict_true(pktq)) { 784 uint32_t hash = pktq_rps_hash(&sppp_pktq_rps_hash_p, m); 785 786 if (__predict_false(!pktq_enqueue(pktq, m, hash))) { 787 goto drop; 788 } 789 SPPP_UNLOCK(sp); 790 return; 791 } 792 793 SPPP_UNLOCK(sp); 794 795 IFQ_LOCK(inq); 796 if (IF_QFULL(inq)) { 797 /* Queue overflow. */ 798 IF_DROP(inq); 799 IFQ_UNLOCK(inq); 800 SPPP_DLOG(sp,"protocol queue overflow\n"); 801 SPPP_LOCK(sp, RW_READER); 802 goto drop; 803 } 804 IF_ENQUEUE(inq, m); 805 IFQ_UNLOCK(inq); 806 schednetisr(isr); 807 return; 808 809 drop: 810 if_statadd2(ifp, if_ierrors, 1, if_iqdrops, 1); 811 m_freem(m); 812 SPPP_UNLOCK(sp); 813 return; 814 } 815 816 /* 817 * Enqueue transmit packet. 818 */ 819 static int 820 sppp_output(struct ifnet *ifp, struct mbuf *m, 821 const struct sockaddr *dst, const struct rtentry *rt) 822 { 823 struct sppp *sp = (struct sppp *) ifp; 824 struct ppp_header *h = NULL; 825 #ifndef SPPPSUBR_MPSAFE 826 struct ifqueue *ifq = NULL; /* XXX */ 827 #endif 828 int s, error = 0; 829 uint16_t protocol; 830 size_t pktlen; 831 832 s = splnet(); 833 SPPP_LOCK(sp, RW_READER); 834 835 sp->pp_last_activity = time_uptime; 836 837 if ((ifp->if_flags & IFF_UP) == 0 || 838 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 839 SPPP_UNLOCK(sp); 840 splx(s); 841 842 m_freem(m); 843 if_statinc(ifp, if_oerrors); 844 return (ENETDOWN); 845 } 846 847 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 848 /* ignore packets that have no enabled NCP */ 849 if ((dst->sa_family == AF_INET && 850 !ISSET(sp->pp_ncpflags, SPPP_NCP_IPCP)) || 851 (dst->sa_family == AF_INET6 && 852 !ISSET(sp->pp_ncpflags, SPPP_NCP_IPV6CP))) { 853 SPPP_UNLOCK(sp); 854 splx(s); 855 856 m_freem(m); 857 if_statinc(ifp, if_oerrors); 858 return (ENETDOWN); 859 } 860 /* 861 * Interface is not yet running, but auto-dial. Need 862 * to start LCP for it. 863 */ 864 ifp->if_flags |= IFF_RUNNING; 865 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); 866 } 867 868 /* 869 * If the queueing discipline needs packet classification, 870 * do it before prepending link headers. 871 */ 872 IFQ_CLASSIFY(&ifp->if_snd, m, dst->sa_family); 873 874 #ifdef INET 875 if (dst->sa_family == AF_INET) { 876 struct ip *ip = NULL; 877 #ifndef SPPPSUBR_MPSAFE 878 struct tcphdr *th = NULL; 879 #endif 880 881 if (m->m_len >= sizeof(struct ip)) { 882 ip = mtod(m, struct ip *); 883 #ifndef SPPPSUBR_MPSAFE 884 if (ip->ip_p == IPPROTO_TCP && 885 m->m_len >= sizeof(struct ip) + (ip->ip_hl << 2) + 886 sizeof(struct tcphdr)) { 887 th = (struct tcphdr *) 888 ((char *)ip + (ip->ip_hl << 2)); 889 } 890 #endif 891 } else 892 ip = NULL; 893 894 /* 895 * When using dynamic local IP address assignment by using 896 * 0.0.0.0 as a local address, the first TCP session will 897 * not connect because the local TCP checksum is computed 898 * using 0.0.0.0 which will later become our real IP address 899 * so the TCP checksum computed at the remote end will 900 * become invalid. So we 901 * - don't let packets with src ip addr 0 thru 902 * - we flag TCP packets with src ip 0 as an error 903 */ 904 if (ip && ip->ip_src.s_addr == INADDR_ANY) { 905 uint8_t proto = ip->ip_p; 906 907 SPPP_UNLOCK(sp); 908 splx(s); 909 910 m_freem(m); 911 if (proto == IPPROTO_TCP) 912 return (EADDRNOTAVAIL); 913 else 914 return (0); 915 } 916 917 #ifndef SPPPSUBR_MPSAFE 918 /* 919 * Put low delay, telnet, rlogin and ftp control packets 920 * in front of the queue. 921 */ 922 if (!IF_QFULL(&sp->pp_fastq) && 923 ((ip && (ip->ip_tos & IPTOS_LOWDELAY)) || 924 (th && (INTERACTIVE(ntohs(th->th_sport)) || 925 INTERACTIVE(ntohs(th->th_dport)))))) 926 ifq = &sp->pp_fastq; 927 #endif /* !SPPPSUBR_MPSAFE */ 928 } 929 #endif 930 931 #ifdef INET6 932 if (dst->sa_family == AF_INET6) { 933 /* XXX do something tricky here? */ 934 } 935 #endif 936 937 if ((sp->pp_flags & PP_NOFRAMING) == 0) { 938 /* 939 * Prepend general data packet PPP header. For now, IP only. 940 */ 941 M_PREPEND(m, PPP_HEADER_LEN, M_DONTWAIT); 942 if (! m) { 943 SPPP_DLOG(sp, "no memory for transmit header\n"); 944 if_statinc(ifp, if_oerrors); 945 SPPP_UNLOCK(sp); 946 splx(s); 947 return (ENOBUFS); 948 } 949 /* 950 * May want to check size of packet 951 * (albeit due to the implementation it's always enough) 952 */ 953 h = mtod(m, struct ppp_header *); 954 h->address = PPP_ALLSTATIONS; /* broadcast address */ 955 h->control = PPP_UI; /* Unnumbered Info */ 956 } 957 958 switch (dst->sa_family) { 959 #ifdef INET 960 case AF_INET: /* Internet Protocol */ 961 /* 962 * Don't choke with an ENETDOWN early. It's 963 * possible that we just started dialing out, 964 * so don't drop the packet immediately. If 965 * we notice that we run out of buffer space 966 * below, we will however remember that we are 967 * not ready to carry IP packets, and return 968 * ENETDOWN, as opposed to ENOBUFS. 969 */ 970 protocol = htons(PPP_IP); 971 if (sp->scp[IDX_IPCP].state != STATE_OPENED) { 972 if (ifp->if_flags & IFF_AUTO) { 973 error = ENETDOWN; 974 } else { 975 IF_DROP(&ifp->if_snd); 976 SPPP_UNLOCK(sp); 977 splx(s); 978 979 m_freem(m); 980 if_statinc(ifp, if_oerrors); 981 return (ENETDOWN); 982 } 983 } 984 break; 985 #endif 986 #ifdef INET6 987 case AF_INET6: /* Internet Protocol version 6 */ 988 /* 989 * Don't choke with an ENETDOWN early. It's 990 * possible that we just started dialing out, 991 * so don't drop the packet immediately. If 992 * we notice that we run out of buffer space 993 * below, we will however remember that we are 994 * not ready to carry IP packets, and return 995 * ENETDOWN, as opposed to ENOBUFS. 996 */ 997 protocol = htons(PPP_IPV6); 998 if (sp->scp[IDX_IPV6CP].state != STATE_OPENED) { 999 if (ifp->if_flags & IFF_AUTO) { 1000 error = ENETDOWN; 1001 } else { 1002 IF_DROP(&ifp->if_snd); 1003 SPPP_UNLOCK(sp); 1004 splx(s); 1005 1006 m_freem(m); 1007 if_statinc(ifp, if_oerrors); 1008 return (ENETDOWN); 1009 } 1010 } 1011 break; 1012 #endif 1013 default: 1014 m_freem(m); 1015 if_statinc(ifp, if_oerrors); 1016 SPPP_UNLOCK(sp); 1017 splx(s); 1018 return (EAFNOSUPPORT); 1019 } 1020 1021 if (sp->pp_flags & PP_NOFRAMING) { 1022 M_PREPEND(m, 2, M_DONTWAIT); 1023 if (m == NULL) { 1024 SPPP_DLOG(sp, "no memory for transmit header\n"); 1025 if_statinc(ifp, if_oerrors); 1026 SPPP_UNLOCK(sp); 1027 splx(s); 1028 return (ENOBUFS); 1029 } 1030 *mtod(m, uint16_t *) = protocol; 1031 } else { 1032 h->protocol = protocol; 1033 } 1034 1035 pktlen = m->m_pkthdr.len; 1036 #ifdef SPPPSUBR_MPSAFE 1037 SPPP_UNLOCK(sp); 1038 error = if_transmit_lock(ifp, m); 1039 SPPP_LOCK(sp, RW_READER); 1040 if (error == 0) 1041 if_statadd(ifp, if_obytes, pktlen + sp->pp_framebytes); 1042 #else /* !SPPPSUBR_MPSAFE */ 1043 error = ifq_enqueue2(ifp, ifq, m); 1044 1045 if (error == 0) { 1046 /* 1047 * Count output packets and bytes. 1048 * The packet length includes header + additional hardware 1049 * framing according to RFC 1333. 1050 */ 1051 if (!(ifp->if_flags & IFF_OACTIVE)) { 1052 SPPP_UNLOCK(sp); 1053 if_start_lock(ifp); 1054 SPPP_LOCK(sp, RW_READER); 1055 } 1056 if_statadd(ifp, if_obytes, pktlen + sp->pp_framebytes); 1057 } 1058 #endif /* !SPPPSUBR_MPSAFE */ 1059 SPPP_UNLOCK(sp); 1060 splx(s); 1061 return error; 1062 } 1063 1064 void 1065 sppp_attach(struct ifnet *ifp) 1066 { 1067 struct sppp *sp = (struct sppp *) ifp; 1068 char xnamebuf[MAXCOMLEN]; 1069 1070 /* Initialize keepalive handler. */ 1071 if (! spppq) { 1072 callout_init(&keepalive_ch, CALLOUT_MPSAFE); 1073 callout_reset(&keepalive_ch, hz * SPPP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 1074 } 1075 1076 if (! spppq_lock) 1077 spppq_lock = mutex_obj_alloc(MUTEX_DEFAULT, IPL_SOFTNET); 1078 1079 sp->pp_if.if_type = IFT_PPP; 1080 sp->pp_if.if_output = sppp_output; 1081 sp->pp_fastq.ifq_maxlen = 32; 1082 sp->pp_cpq.ifq_maxlen = 20; 1083 sp->pp_loopcnt = 0; 1084 sp->pp_alivecnt = 0; 1085 sp->pp_alive_interval = SPPP_ALIVE_INTERVAL; 1086 sp->pp_last_activity = 0; 1087 sp->pp_last_receive = 0; 1088 sp->pp_maxalive = DEFAULT_MAXALIVECNT; 1089 sp->pp_max_noreceive = SPPP_NORECV_TIME; 1090 sp->pp_idle_timeout = 0; 1091 sp->pp_max_auth_fail = DEFAULT_MAX_AUTH_FAILURES; 1092 sp->pp_phase = SPPP_PHASE_DEAD; 1093 sp->pp_up = sppp_notify_up; 1094 sp->pp_down = sppp_notify_down; 1095 sp->pp_ncpflags = SPPP_NCP_IPCP | SPPP_NCP_IPV6CP; 1096 #ifdef SPPP_IFDOWN_RECONNECT 1097 sp->pp_flags |= PP_LOOPBACK_IFDOWN | PP_KEEPALIVE_IFDOWN; 1098 #endif 1099 sppp_wq_set(&sp->work_ifdown, sppp_ifdown, NULL); 1100 memset(sp->scp, 0, sizeof(sp->scp)); 1101 rw_init(&sp->pp_lock); 1102 1103 if_alloc_sadl(ifp); 1104 1105 /* Lets not beat about the bush, we know we're down. */ 1106 if_link_state_change(ifp, LINK_STATE_DOWN); 1107 1108 snprintf(xnamebuf, sizeof(xnamebuf), "%s.wq_cp", ifp->if_xname); 1109 sp->wq_cp = sppp_wq_create(sp, xnamebuf, 1110 PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE); 1111 1112 memset(&sp->myauth, 0, sizeof sp->myauth); 1113 memset(&sp->hisauth, 0, sizeof sp->hisauth); 1114 SPPP_LOCK(sp, RW_WRITER); 1115 sppp_lcp_init(sp); 1116 sppp_ipcp_init(sp); 1117 sppp_ipv6cp_init(sp); 1118 sppp_pap_init(sp); 1119 sppp_chap_init(sp); 1120 SPPP_UNLOCK(sp); 1121 1122 SPPPQ_LOCK(); 1123 /* Insert new entry into the keepalive list. */ 1124 sp->pp_next = spppq; 1125 spppq = sp; 1126 SPPPQ_UNLOCK(); 1127 } 1128 1129 void 1130 sppp_detach(struct ifnet *ifp) 1131 { 1132 struct sppp **q, *p, *sp = (struct sppp *) ifp; 1133 1134 /* Remove the entry from the keepalive list. */ 1135 SPPPQ_LOCK(); 1136 for (q = &spppq; (p = *q); q = &p->pp_next) 1137 if (p == sp) { 1138 *q = p->pp_next; 1139 break; 1140 } 1141 SPPPQ_UNLOCK(); 1142 1143 if (! spppq) { 1144 /* Stop keepalive handler. */ 1145 callout_stop(&keepalive_ch); 1146 mutex_obj_free(spppq_lock); 1147 spppq_lock = NULL; 1148 } 1149 1150 sppp_cp_fini(&lcp, sp); 1151 sppp_cp_fini(&ipcp, sp); 1152 sppp_cp_fini(&pap, sp); 1153 sppp_cp_fini(&chap, sp); 1154 #ifdef INET6 1155 sppp_cp_fini(&ipv6cp, sp); 1156 #endif 1157 sppp_wq_destroy(sp, sp->wq_cp); 1158 1159 /* free authentication info */ 1160 if (sp->myauth.name) free(sp->myauth.name, M_DEVBUF); 1161 if (sp->myauth.secret) free(sp->myauth.secret, M_DEVBUF); 1162 if (sp->hisauth.name) free(sp->hisauth.name, M_DEVBUF); 1163 if (sp->hisauth.secret) free(sp->hisauth.secret, M_DEVBUF); 1164 rw_destroy(&sp->pp_lock); 1165 } 1166 1167 /* 1168 * Flush the interface output queue. 1169 */ 1170 void 1171 sppp_flush(struct ifnet *ifp) 1172 { 1173 struct sppp *sp = (struct sppp *) ifp; 1174 1175 SPPP_LOCK(sp, RW_WRITER); 1176 IFQ_PURGE(&sp->pp_if.if_snd); 1177 IF_PURGE(&sp->pp_fastq); 1178 IF_PURGE(&sp->pp_cpq); 1179 SPPP_UNLOCK(sp); 1180 } 1181 1182 /* 1183 * Check if the output queue is empty. 1184 */ 1185 int 1186 sppp_isempty(struct ifnet *ifp) 1187 { 1188 struct sppp *sp = (struct sppp *) ifp; 1189 int empty, s; 1190 1191 s = splnet(); 1192 SPPP_LOCK(sp, RW_READER); 1193 empty = IF_IS_EMPTY(&sp->pp_fastq) && IF_IS_EMPTY(&sp->pp_cpq) && 1194 IFQ_IS_EMPTY(&sp->pp_if.if_snd); 1195 SPPP_UNLOCK(sp); 1196 splx(s); 1197 return (empty); 1198 } 1199 1200 /* 1201 * Get next packet to send. 1202 */ 1203 struct mbuf * 1204 sppp_dequeue(struct ifnet *ifp) 1205 { 1206 struct sppp *sp = (struct sppp *) ifp; 1207 struct mbuf *m; 1208 int s; 1209 1210 s = splnet(); 1211 SPPP_LOCK(sp, RW_WRITER); 1212 /* 1213 * Process only the control protocol queue until we have at 1214 * least one NCP open. 1215 * 1216 * Do always serve all three queues in Cisco mode. 1217 */ 1218 IF_DEQUEUE(&sp->pp_cpq, m); 1219 if (m == NULL && sppp_cp_check(sp, CP_NCP)) { 1220 IF_DEQUEUE(&sp->pp_fastq, m); 1221 if (m == NULL) 1222 IFQ_DEQUEUE(&sp->pp_if.if_snd, m); 1223 } 1224 SPPP_UNLOCK(sp); 1225 splx(s); 1226 return m; 1227 } 1228 1229 /* 1230 * Process an ioctl request. Called on low priority level. 1231 */ 1232 int 1233 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) 1234 { 1235 struct lwp *l = curlwp; /* XXX */ 1236 struct ifreq *ifr = (struct ifreq *) data; 1237 struct ifaddr *ifa = (struct ifaddr *) data; 1238 struct sppp *sp = (struct sppp *) ifp; 1239 int s, error=0, going_up, going_down; 1240 u_short newmode; 1241 u_long lcp_mru; 1242 1243 s = splnet(); 1244 switch (cmd) { 1245 case SIOCINITIFADDR: 1246 ifa->ifa_rtrequest = p2p_rtrequest; 1247 break; 1248 1249 case SIOCSIFFLAGS: 1250 if ((error = ifioctl_common(ifp, cmd, data)) != 0) 1251 break; 1252 1253 SPPP_LOCK(sp, RW_WRITER); 1254 going_up = ifp->if_flags & IFF_UP && 1255 (ifp->if_flags & IFF_RUNNING) == 0; 1256 going_down = (ifp->if_flags & IFF_UP) == 0 && 1257 ifp->if_flags & IFF_RUNNING; 1258 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 1259 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 1260 /* sanity */ 1261 newmode = IFF_PASSIVE; 1262 ifp->if_flags &= ~IFF_AUTO; 1263 } 1264 1265 if (ifp->if_flags & IFF_UP) { 1266 sp->pp_flags |= PP_ADMIN_UP; 1267 } else { 1268 sp->pp_flags &= ~PP_ADMIN_UP; 1269 } 1270 1271 if (going_up || going_down) { 1272 sp->lcp.reestablish = false; 1273 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 1274 } 1275 if (going_up && newmode == 0) { 1276 /* neither auto-dial nor passive */ 1277 ifp->if_flags |= IFF_RUNNING; 1278 sppp_wq_add(sp->wq_cp, 1279 &sp->scp[IDX_LCP].work_open); 1280 } else if (going_down) { 1281 SPPP_UNLOCK(sp); 1282 sppp_flush(ifp); 1283 SPPP_LOCK(sp, RW_WRITER); 1284 1285 ifp->if_flags &= ~IFF_RUNNING; 1286 } 1287 SPPP_UNLOCK(sp); 1288 break; 1289 1290 case SIOCSIFMTU: 1291 if (ifr->ifr_mtu < PPP_MINMRU || 1292 ifr->ifr_mtu > PP_MTU) { 1293 error = EINVAL; 1294 break; 1295 } 1296 1297 error = ifioctl_common(ifp, cmd, data); 1298 if (error == ENETRESET) 1299 error = 0; 1300 1301 SPPP_LOCK(sp, RW_WRITER); 1302 lcp_mru = sp->lcp.mru; 1303 if (ifp->if_mtu < PP_MTU) { 1304 sp->lcp.mru = ifp->if_mtu; 1305 } else { 1306 sp->lcp.mru = PP_MTU; 1307 } 1308 if (lcp_mru != sp->lcp.mru) 1309 SET(sp->lcp.opts, SPPP_LCP_OPT_MRU); 1310 1311 if (sp->scp[IDX_LCP].state == STATE_OPENED && 1312 ifp->if_mtu > sp->lcp.their_mru) { 1313 sp->pp_saved_mtu = ifp->if_mtu; 1314 ifp->if_mtu = sp->lcp.their_mru; 1315 1316 SPPP_DLOG(sp, "setting MTU " 1317 "from %"PRIu64" bytes to %"PRIu64" bytes\n", 1318 sp->pp_saved_mtu, ifp->if_mtu); 1319 } 1320 SPPP_UNLOCK(sp); 1321 break; 1322 1323 case SIOCGIFMTU: 1324 if ((error = ifioctl_common(ifp, cmd, data)) == ENETRESET) 1325 error = 0; 1326 break; 1327 case SIOCADDMULTI: 1328 case SIOCDELMULTI: 1329 break; 1330 1331 case SPPPSETAUTHCFG: 1332 case SPPPSETLCPCFG: 1333 case SPPPSETNCPCFG: 1334 case SPPPSETIDLETO: 1335 case SPPPSETAUTHFAILURE: 1336 case SPPPSETDNSOPTS: 1337 case SPPPSETKEEPALIVE: 1338 #if defined(COMPAT_50) || defined(MODULAR) 1339 case __SPPPSETIDLETO50: 1340 case __SPPPSETKEEPALIVE50: 1341 #endif /* COMPAT_50 || MODULAR */ 1342 error = kauth_authorize_network(l->l_cred, 1343 KAUTH_NETWORK_INTERFACE, 1344 KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd, 1345 NULL); 1346 if (error) 1347 break; 1348 error = sppp_params(sp, cmd, data); 1349 break; 1350 1351 case SPPPGETAUTHCFG: 1352 case SPPPGETLCPCFG: 1353 case SPPPGETNCPCFG: 1354 case SPPPGETAUTHFAILURES: 1355 error = kauth_authorize_network(l->l_cred, 1356 KAUTH_NETWORK_INTERFACE, 1357 KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, ifp, (void *)cmd, 1358 NULL); 1359 if (error) 1360 break; 1361 error = sppp_params(sp, cmd, data); 1362 break; 1363 1364 case SPPPGETSTATUS: 1365 case SPPPGETSTATUSNCP: 1366 case SPPPGETIDLETO: 1367 case SPPPGETDNSOPTS: 1368 case SPPPGETDNSADDRS: 1369 case SPPPGETKEEPALIVE: 1370 #if defined(COMPAT_50) || defined(MODULAR) 1371 case __SPPPGETIDLETO50: 1372 case __SPPPGETKEEPALIVE50: 1373 #endif /* COMPAT_50 || MODULAR */ 1374 case SPPPGETLCPSTATUS: 1375 case SPPPGETIPCPSTATUS: 1376 case SPPPGETIPV6CPSTATUS: 1377 error = sppp_params(sp, cmd, data); 1378 break; 1379 1380 default: 1381 error = ifioctl_common(ifp, cmd, data); 1382 break; 1383 } 1384 splx(s); 1385 return (error); 1386 } 1387 1388 /* 1389 * PPP protocol implementation. 1390 */ 1391 1392 /* 1393 * Send PPP control protocol packet. 1394 */ 1395 static void 1396 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1397 u_char ident, u_short len, void *data) 1398 { 1399 struct ifnet *ifp; 1400 struct lcp_header *lh; 1401 struct mbuf *m; 1402 size_t pkthdrlen; 1403 1404 KASSERT(SPPP_WLOCKED(sp)); 1405 1406 ifp = &sp->pp_if; 1407 pkthdrlen = (sp->pp_flags & PP_NOFRAMING) ? 2 : PPP_HEADER_LEN; 1408 1409 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) 1410 len = MHLEN - pkthdrlen - LCP_HEADER_LEN; 1411 MGETHDR(m, M_DONTWAIT, MT_DATA); 1412 if (! m) { 1413 return; 1414 } 1415 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 1416 m_reset_rcvif(m); 1417 1418 if (sp->pp_flags & PP_NOFRAMING) { 1419 *mtod(m, uint16_t *) = htons(proto); 1420 lh = (struct lcp_header *)(mtod(m, uint8_t *) + 2); 1421 } else { 1422 struct ppp_header *h; 1423 h = mtod(m, struct ppp_header *); 1424 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1425 h->control = PPP_UI; /* Unnumbered Info */ 1426 h->protocol = htons(proto); /* Link Control Protocol */ 1427 lh = (struct lcp_header *)(h + 1); 1428 } 1429 lh->type = type; 1430 lh->ident = ident; 1431 lh->len = htons(LCP_HEADER_LEN + len); 1432 if (len) 1433 memcpy(lh + 1, data, len); 1434 1435 if (sppp_debug_enabled(sp)) { 1436 char pbuf[SPPP_PROTO_NAMELEN]; 1437 char tbuf[SPPP_CPTYPE_NAMELEN]; 1438 const char *pname, *cpname; 1439 1440 pname = sppp_proto_name(pbuf, sizeof(pbuf), proto); 1441 cpname = sppp_cp_type_name(tbuf, sizeof(tbuf), lh->type); 1442 SPPP_LOG(sp, LOG_DEBUG, "%s output <%s id=0x%x len=%d", 1443 pname, cpname, lh->ident, ntohs(lh->len)); 1444 if (len) 1445 sppp_print_bytes((u_char *)(lh + 1), len); 1446 addlog(">\n"); 1447 } 1448 if (IF_QFULL(&sp->pp_cpq)) { 1449 IF_DROP(&sp->pp_fastq); 1450 IF_DROP(&ifp->if_snd); 1451 m_freem(m); 1452 if_statinc(ifp, if_oerrors); 1453 return; 1454 } 1455 1456 if_statadd(ifp, if_obytes, m->m_pkthdr.len + sp->pp_framebytes); 1457 IF_ENQUEUE(&sp->pp_cpq, m); 1458 1459 if (! (ifp->if_flags & IFF_OACTIVE)) { 1460 SPPP_UNLOCK(sp); 1461 if_start_lock(ifp); 1462 SPPP_LOCK(sp, RW_WRITER); 1463 } 1464 } 1465 1466 static void 1467 sppp_cp_to_lcp(void *xsp) 1468 { 1469 struct sppp *sp = xsp; 1470 1471 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_to); 1472 } 1473 1474 static void 1475 sppp_cp_to_ipcp(void *xsp) 1476 { 1477 struct sppp *sp = xsp; 1478 1479 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_IPCP].work_to); 1480 } 1481 1482 static void 1483 sppp_cp_to_ipv6cp(void *xsp) 1484 { 1485 struct sppp *sp = xsp; 1486 1487 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_IPV6CP].work_to); 1488 } 1489 1490 static void 1491 sppp_cp_to_pap(void *xsp) 1492 { 1493 struct sppp *sp = xsp; 1494 1495 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_to); 1496 } 1497 1498 static void 1499 sppp_cp_to_chap(void *xsp) 1500 { 1501 struct sppp *sp = xsp; 1502 1503 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_to); 1504 } 1505 1506 static void 1507 sppp_cp_init(const struct cp *cp, struct sppp *sp) 1508 { 1509 struct sppp_cp *scp; 1510 typedef void (*sppp_co_cb_t)(void *); 1511 static const sppp_co_cb_t to_cb[IDX_COUNT] = { 1512 [IDX_LCP] = sppp_cp_to_lcp, 1513 [IDX_IPCP] = sppp_cp_to_ipcp, 1514 [IDX_IPV6CP] = sppp_cp_to_ipv6cp, 1515 [IDX_PAP] = sppp_cp_to_pap, 1516 [IDX_CHAP] = sppp_cp_to_chap, 1517 }; 1518 1519 scp = &sp->scp[cp->protoidx]; 1520 scp->state = STATE_INITIAL; 1521 scp->fail_counter = 0; 1522 scp->seq = 0; 1523 scp->rseq = 0; 1524 1525 SPPP_WQ_SET(&scp->work_up, cp->Up, cp); 1526 SPPP_WQ_SET(&scp->work_down, cp->Down, cp); 1527 SPPP_WQ_SET(&scp->work_open, cp->Open, cp); 1528 SPPP_WQ_SET(&scp->work_close, cp->Close, cp); 1529 SPPP_WQ_SET(&scp->work_to, cp->TO, cp); 1530 SPPP_WQ_SET(&scp->work_rcr, sppp_rcr_event, cp); 1531 SPPP_WQ_SET(&scp->work_rca, sppp_rca_event, cp); 1532 SPPP_WQ_SET(&scp->work_rcn, sppp_rcn_event, cp); 1533 SPPP_WQ_SET(&scp->work_rtr, sppp_rtr_event, cp); 1534 SPPP_WQ_SET(&scp->work_rta, sppp_rta_event, cp); 1535 SPPP_WQ_SET(&scp->work_rxj, sppp_rxj_event, cp); 1536 1537 callout_init(&scp->ch, CALLOUT_MPSAFE); 1538 callout_setfunc(&scp->ch, to_cb[cp->protoidx], sp); 1539 } 1540 1541 static void 1542 sppp_cp_fini(const struct cp *cp, struct sppp *sp) 1543 { 1544 struct sppp_cp *scp; 1545 scp = &sp->scp[cp->protoidx]; 1546 1547 sppp_wq_wait(sp->wq_cp, &scp->work_up); 1548 sppp_wq_wait(sp->wq_cp, &scp->work_down); 1549 sppp_wq_wait(sp->wq_cp, &scp->work_open); 1550 sppp_wq_wait(sp->wq_cp, &scp->work_close); 1551 sppp_wq_wait(sp->wq_cp, &scp->work_to); 1552 sppp_wq_wait(sp->wq_cp, &scp->work_rcr); 1553 sppp_wq_wait(sp->wq_cp, &scp->work_rca); 1554 sppp_wq_wait(sp->wq_cp, &scp->work_rcn); 1555 sppp_wq_wait(sp->wq_cp, &scp->work_rtr); 1556 sppp_wq_wait(sp->wq_cp, &scp->work_rta); 1557 sppp_wq_wait(sp->wq_cp, &scp->work_rxj); 1558 1559 callout_halt(&scp->ch, NULL); 1560 callout_destroy(&scp->ch); 1561 1562 if (scp->mbuf_confreq != NULL) { 1563 m_freem(scp->mbuf_confreq); 1564 scp->mbuf_confreq = NULL; 1565 } 1566 if (scp->mbuf_confnak != NULL) { 1567 m_freem(scp->mbuf_confnak); 1568 scp->mbuf_confnak = NULL; 1569 } 1570 } 1571 1572 /* 1573 * Handle incoming PPP control protocol packets. 1574 */ 1575 static void 1576 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1577 { 1578 struct ifnet *ifp; 1579 struct lcp_header *h; 1580 struct sppp_cp *scp; 1581 int printlen, len = m->m_pkthdr.len; 1582 u_char *p; 1583 uint32_t u32; 1584 char tbuf[SPPP_CPTYPE_NAMELEN]; 1585 const char *cpname; 1586 bool debug; 1587 1588 SPPP_LOCK(sp, RW_WRITER); 1589 1590 ifp = &sp->pp_if; 1591 debug = sppp_debug_enabled(sp); 1592 scp = &sp->scp[cp->protoidx]; 1593 1594 if (len < 4) { 1595 SPPP_DLOG(sp, "%s invalid packet length: %d bytes\n", 1596 cp->name, len); 1597 goto out; 1598 } 1599 h = mtod(m, struct lcp_header *); 1600 if (debug) { 1601 printlen = ntohs(h->len); 1602 cpname = sppp_cp_type_name(tbuf, sizeof(tbuf), h->type); 1603 SPPP_LOG(sp, LOG_DEBUG, "%s input(%s): <%s id=0x%x len=%d", 1604 cp->name, sppp_state_name(scp->state), 1605 cpname, h->ident, printlen); 1606 if (len < printlen) 1607 printlen = len; 1608 if (printlen > 4) 1609 sppp_print_bytes((u_char *)(h + 1), printlen - 4); 1610 addlog(">\n"); 1611 } 1612 if (len > ntohs(h->len)) 1613 len = ntohs(h->len); 1614 p = (u_char *)(h + 1); 1615 switch (h->type) { 1616 case CONF_REQ: 1617 if (len < 4) { 1618 SPPP_DLOG(sp,"%s invalid conf-req length %d\n", 1619 cp->name, len); 1620 if_statinc(ifp, if_ierrors); 1621 break; 1622 } 1623 1624 scp->rcr_type = CP_RCR_NONE; 1625 scp->rconfid = h->ident; 1626 if (scp->mbuf_confreq != NULL) { 1627 m_freem(scp->mbuf_confreq); 1628 } 1629 scp->mbuf_confreq = m; 1630 m = NULL; 1631 sppp_wq_add(sp->wq_cp, &scp->work_rcr); 1632 break; 1633 case CONF_ACK: 1634 if (h->ident != scp->confid) { 1635 SPPP_DLOG(sp, "%s id mismatch 0x%x != 0x%x\n", 1636 cp->name, h->ident, scp->confid); 1637 if_statinc(ifp, if_ierrors); 1638 break; 1639 } 1640 sppp_wq_add(sp->wq_cp, &scp->work_rca); 1641 break; 1642 case CONF_NAK: 1643 case CONF_REJ: 1644 if (h->ident != scp->confid) { 1645 SPPP_DLOG(sp, "%s id mismatch 0x%x != 0x%x\n", 1646 cp->name, h->ident, scp->confid); 1647 if_statinc(ifp, if_ierrors); 1648 break; 1649 } 1650 1651 if (scp->mbuf_confnak) { 1652 m_freem(scp->mbuf_confnak); 1653 } 1654 scp->mbuf_confnak = m; 1655 m = NULL; 1656 sppp_wq_add(sp->wq_cp, &scp->work_rcn); 1657 break; 1658 case TERM_REQ: 1659 scp->rseq = h->ident; 1660 sppp_wq_add(sp->wq_cp, &scp->work_rtr); 1661 break; 1662 case TERM_ACK: 1663 if (h->ident != scp->confid && 1664 h->ident != scp->seq) { 1665 SPPP_DLOG(sp, "%s id mismatch " 1666 "0x%x != 0x%x and 0x%x != %0lx\n", 1667 cp->name, h->ident, scp->confid, 1668 h->ident, scp->seq); 1669 if_statinc(ifp, if_ierrors); 1670 break; 1671 } 1672 1673 sppp_wq_add(sp->wq_cp, &scp->work_rta); 1674 break; 1675 case CODE_REJ: 1676 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1677 cpname = sppp_cp_type_name(tbuf, sizeof(tbuf), h->type); 1678 SPPP_LOG(sp, LOG_INFO, "%s: ignoring RXJ (%s) for code ?, " 1679 "danger will robinson\n", cp->name, cpname); 1680 sppp_wq_add(sp->wq_cp, &scp->work_rxj); 1681 break; 1682 case PROTO_REJ: 1683 { 1684 int catastrophic; 1685 const struct cp *upper; 1686 int i; 1687 uint16_t proto; 1688 1689 catastrophic = 0; 1690 upper = NULL; 1691 proto = p[0] << 8 | p[1]; 1692 for (i = 0; i < IDX_COUNT; i++) { 1693 if (cps[i]->proto == proto) { 1694 upper = cps[i]; 1695 break; 1696 } 1697 } 1698 if (upper == NULL) 1699 catastrophic++; 1700 1701 if (debug) { 1702 cpname = sppp_cp_type_name(tbuf, sizeof(tbuf), h->type); 1703 SPPP_LOG(sp, LOG_INFO, 1704 "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1705 cp->name, catastrophic ? '-' : '+', 1706 cpname, proto, upper ? upper->name : "unknown", 1707 upper ? sppp_state_name(sp->scp[upper->protoidx].state) : "?"); 1708 } 1709 1710 /* 1711 * if we got RXJ+ against conf-req, the peer does not implement 1712 * this particular protocol type. terminate the protocol. 1713 */ 1714 if (upper && !catastrophic) { 1715 if (sp->scp[upper->protoidx].state == STATE_REQ_SENT) { 1716 sppp_wq_add(sp->wq_cp, 1717 &sp->scp[upper->protoidx].work_close); 1718 break; 1719 } 1720 } 1721 sppp_wq_add(sp->wq_cp, &scp->work_rxj); 1722 break; 1723 } 1724 case DISC_REQ: 1725 if (cp->proto != PPP_LCP) 1726 goto illegal; 1727 /* Discard the packet. */ 1728 break; 1729 case ECHO_REQ: 1730 if (cp->proto != PPP_LCP) 1731 goto illegal; 1732 if (scp->state != STATE_OPENED) { 1733 SPPP_DLOG(sp, "lcp echo req but lcp closed\n"); 1734 if_statinc(ifp, if_ierrors); 1735 break; 1736 } 1737 if (len < 8) { 1738 SPPP_DLOG(sp, "invalid lcp echo request " 1739 "packet length: %d bytes\n", len); 1740 break; 1741 } 1742 memcpy(&u32, h + 1, sizeof u32); 1743 if (ntohl(u32) == sp->lcp.magic) { 1744 /* Line loopback mode detected. */ 1745 SPPP_DLOG(sp, "loopback\n"); 1746 1747 if (sp->pp_flags & PP_LOOPBACK_IFDOWN) { 1748 sp->pp_flags |= PP_LOOPBACK; 1749 sppp_wq_add(sp->wq_cp, 1750 &sp->work_ifdown); 1751 } 1752 1753 /* Shut down the PPP link. */ 1754 sppp_wq_add(sp->wq_cp, 1755 &sp->scp[IDX_LCP].work_close); 1756 sppp_wq_add(sp->wq_cp, 1757 &sp->scp[IDX_LCP].work_open); 1758 break; 1759 } 1760 u32 = htonl(sp->lcp.magic); 1761 memcpy(h + 1, &u32, sizeof u32); 1762 SPPP_DLOG(sp, "got lcp echo req, sending echo rep\n"); 1763 sppp_cp_send(sp, PPP_LCP, ECHO_REPLY, h->ident, len - 4, 1764 h + 1); 1765 break; 1766 case ECHO_REPLY: 1767 if (cp->proto != PPP_LCP) 1768 goto illegal; 1769 if (h->ident != sp->lcp.echoid) { 1770 if_statinc(ifp, if_ierrors); 1771 break; 1772 } 1773 if (len < 8) { 1774 SPPP_DLOG(sp, "lcp invalid echo reply " 1775 "packet length: %d bytes\n", len); 1776 break; 1777 } 1778 SPPP_DLOG(sp, "lcp got echo rep\n"); 1779 memcpy(&u32, h + 1, sizeof u32); 1780 if (ntohl(u32) != sp->lcp.magic) 1781 sp->pp_alivecnt = 0; 1782 break; 1783 default: 1784 /* Unknown packet type -- send Code-Reject packet. */ 1785 illegal: 1786 SPPP_DLOG(sp, "%s send code-rej for 0x%x\n", 1787 cp->name, h->type); 1788 sppp_cp_send(sp, cp->proto, CODE_REJ, 1789 ++scp->seq, m->m_pkthdr.len, h); 1790 if_statinc(ifp, if_ierrors); 1791 } 1792 1793 out: 1794 SPPP_UNLOCK(sp); 1795 if (m != NULL) 1796 m_freem(m); 1797 } 1798 1799 /* 1800 * The generic part of all Up/Down/Open/Close/TO event handlers. 1801 * Basically, the state transition handling in the automaton. 1802 */ 1803 static void 1804 sppp_up_event(struct sppp *sp, void *xcp) 1805 { 1806 const struct cp *cp = xcp; 1807 1808 KASSERT(SPPP_WLOCKED(sp)); 1809 KASSERT(!cpu_softintr_p()); 1810 1811 if ((cp->flags & CP_AUTH) != 0 && 1812 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) 1813 return; 1814 1815 SPPP_DLOG(sp, "%s up(%s)\n", cp->name, 1816 sppp_state_name(sp->scp[cp->protoidx].state)); 1817 1818 switch (sp->scp[cp->protoidx].state) { 1819 case STATE_INITIAL: 1820 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1821 break; 1822 case STATE_STARTING: 1823 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 1824 (cp->scr)(sp); 1825 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1826 break; 1827 default: 1828 SPPP_LOG(sp, LOG_DEBUG, 1829 "%s illegal up in state %s\n", cp->name, 1830 sppp_state_name(sp->scp[cp->protoidx].state)); 1831 } 1832 } 1833 1834 static void 1835 sppp_down_event(struct sppp *sp, void *xcp) 1836 { 1837 const struct cp *cp = xcp; 1838 1839 KASSERT(SPPP_WLOCKED(sp)); 1840 KASSERT(!cpu_softintr_p()); 1841 1842 if ((cp->flags & CP_AUTH) != 0 && 1843 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) 1844 return; 1845 1846 SPPP_DLOG(sp, "%s down(%s)\n", cp->name, 1847 sppp_state_name(sp->scp[cp->protoidx].state)); 1848 1849 switch (sp->scp[cp->protoidx].state) { 1850 case STATE_CLOSED: 1851 case STATE_CLOSING: 1852 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1853 break; 1854 case STATE_STOPPED: 1855 (cp->tls)(cp, sp); 1856 /* fall through */ 1857 case STATE_STOPPING: 1858 case STATE_REQ_SENT: 1859 case STATE_ACK_RCVD: 1860 case STATE_ACK_SENT: 1861 sppp_cp_change_state(cp, sp, STATE_STARTING); 1862 break; 1863 case STATE_OPENED: 1864 (cp->tld)(sp); 1865 sppp_cp_change_state(cp, sp, STATE_STARTING); 1866 break; 1867 default: 1868 /* 1869 * a down event may be caused regardless 1870 * of state just in LCP case. 1871 */ 1872 if (cp->proto == PPP_LCP) 1873 break; 1874 1875 SPPP_LOG(sp, LOG_DEBUG, 1876 "%s illegal down in state %s\n", cp->name, 1877 sppp_state_name(sp->scp[cp->protoidx].state)); 1878 } 1879 } 1880 1881 static void 1882 sppp_open_event(struct sppp *sp, void *xcp) 1883 { 1884 const struct cp *cp = xcp; 1885 1886 KASSERT(SPPP_WLOCKED(sp)); 1887 KASSERT(!cpu_softintr_p()); 1888 1889 if ((cp->flags & CP_AUTH) != 0 && 1890 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) 1891 return; 1892 1893 SPPP_DLOG(sp, "%s open(%s)\n", cp->name, 1894 sppp_state_name(sp->scp[cp->protoidx].state)); 1895 1896 switch (sp->scp[cp->protoidx].state) { 1897 case STATE_INITIAL: 1898 sppp_cp_change_state(cp, sp, STATE_STARTING); 1899 (cp->tls)(cp, sp); 1900 break; 1901 case STATE_STARTING: 1902 break; 1903 case STATE_CLOSED: 1904 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 1905 sp->lcp.protos |= (1 << cp->protoidx); 1906 (cp->scr)(sp); 1907 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1908 break; 1909 case STATE_STOPPED: 1910 case STATE_STOPPING: 1911 case STATE_REQ_SENT: 1912 case STATE_ACK_RCVD: 1913 case STATE_ACK_SENT: 1914 case STATE_OPENED: 1915 break; 1916 case STATE_CLOSING: 1917 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1918 break; 1919 } 1920 } 1921 1922 static void 1923 sppp_close_event(struct sppp *sp, void *xcp) 1924 { 1925 const struct cp *cp = xcp; 1926 1927 KASSERT(SPPP_WLOCKED(sp)); 1928 KASSERT(!cpu_softintr_p()); 1929 1930 if ((cp->flags & CP_AUTH) != 0 && 1931 sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) 1932 return; 1933 1934 SPPP_DLOG(sp, "%s close(%s)\n", cp->name, 1935 sppp_state_name(sp->scp[cp->protoidx].state)); 1936 1937 switch (sp->scp[cp->protoidx].state) { 1938 case STATE_INITIAL: 1939 case STATE_CLOSED: 1940 case STATE_CLOSING: 1941 break; 1942 case STATE_STARTING: 1943 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1944 (cp->tlf)(cp, sp); 1945 break; 1946 case STATE_STOPPED: 1947 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1948 break; 1949 case STATE_STOPPING: 1950 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1951 break; 1952 case STATE_OPENED: 1953 (cp->tld)(sp); 1954 /* fall through */ 1955 case STATE_REQ_SENT: 1956 case STATE_ACK_RCVD: 1957 case STATE_ACK_SENT: 1958 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_terminate; 1959 if ((cp->flags & CP_AUTH) == 0) { 1960 sppp_cp_send(sp, cp->proto, TERM_REQ, 1961 ++sp->scp[cp->protoidx].seq, 0, 0); 1962 } 1963 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1964 break; 1965 } 1966 } 1967 1968 static void 1969 sppp_to_event(struct sppp *sp, void *xcp) 1970 { 1971 const struct cp *cp = xcp; 1972 int s; 1973 1974 KASSERT(SPPP_WLOCKED(sp)); 1975 KASSERT(!cpu_softintr_p()); 1976 1977 s = splnet(); 1978 1979 SPPP_DLOG(sp, "%s TO(%s) rst_counter = %d\n", cp->name, 1980 sppp_state_name(sp->scp[cp->protoidx].state), 1981 sp->scp[cp->protoidx].rst_counter); 1982 1983 if (--sp->scp[cp->protoidx].rst_counter < 0) 1984 /* TO- event */ 1985 switch (sp->scp[cp->protoidx].state) { 1986 case STATE_CLOSING: 1987 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1988 (cp->tlf)(cp, sp); 1989 break; 1990 case STATE_STOPPING: 1991 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1992 (cp->tlf)(cp, sp); 1993 break; 1994 case STATE_REQ_SENT: 1995 case STATE_ACK_RCVD: 1996 case STATE_ACK_SENT: 1997 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1998 (cp->tlf)(cp, sp); 1999 break; 2000 } 2001 else 2002 /* TO+ event */ 2003 switch (sp->scp[cp->protoidx].state) { 2004 case STATE_CLOSING: 2005 case STATE_STOPPING: 2006 if ((cp->flags & CP_AUTH) == 0) { 2007 sppp_cp_send(sp, cp->proto, TERM_REQ, 2008 ++sp->scp[cp->protoidx].seq, 0, 0); 2009 } 2010 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 2011 break; 2012 case STATE_REQ_SENT: 2013 case STATE_ACK_RCVD: 2014 (cp->scr)(sp); 2015 /* sppp_cp_change_state() will restart the timer */ 2016 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2017 break; 2018 case STATE_ACK_SENT: 2019 (cp->scr)(sp); 2020 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 2021 break; 2022 } 2023 2024 splx(s); 2025 } 2026 static void 2027 sppp_rcr_update_state(const struct cp *cp, struct sppp *sp, 2028 enum cp_rcr_type type, uint8_t ident, size_t msglen, void *msg) 2029 { 2030 struct ifnet *ifp; 2031 u_char ctype; 2032 2033 ifp = &sp->pp_if; 2034 2035 if (type == CP_RCR_ERR) { 2036 /* parse error, shut down */ 2037 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 2038 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); 2039 } else if (type == CP_RCR_ACK) { 2040 /* RCR+ event */ 2041 ctype = CONF_ACK; 2042 switch (sp->scp[cp->protoidx].state) { 2043 case STATE_OPENED: 2044 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2045 cp->tld(sp); 2046 cp->scr(sp); 2047 cp->screply(cp, sp, ctype, ident, msglen, msg); 2048 break; 2049 case STATE_REQ_SENT: 2050 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2051 /* fall through */ 2052 case STATE_ACK_SENT: 2053 cp->screply(cp, sp, ctype, ident, msglen, msg); 2054 break; 2055 case STATE_STOPPED: 2056 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2057 cp->scr(sp); 2058 cp->screply(cp, sp, ctype, ident, msglen, msg); 2059 break; 2060 case STATE_ACK_RCVD: 2061 sppp_cp_change_state(cp, sp, STATE_OPENED); 2062 SPPP_DLOG(sp, "%s tlu\n", cp->name); 2063 cp->tlu(sp); 2064 cp->screply(cp, sp, ctype, ident, msglen, msg); 2065 break; 2066 case STATE_CLOSING: 2067 case STATE_STOPPING: 2068 break; 2069 case STATE_CLOSED: 2070 if ((cp->flags & CP_AUTH) == 0) { 2071 sppp_cp_send(sp, cp->proto, TERM_ACK, 2072 ident, 0, 0); 2073 } 2074 break; 2075 default: 2076 SPPP_LOG(sp, LOG_DEBUG, 2077 "%s illegal RCR+ in state %s\n", cp->name, 2078 sppp_state_name(sp->scp[cp->protoidx].state)); 2079 if_statinc(ifp, if_ierrors); 2080 } 2081 } else if (type == CP_RCR_NAK || type == CP_RCR_REJ) { 2082 ctype = type == CP_RCR_NAK ? CONF_NAK : CONF_REJ; 2083 /* RCR- event */ 2084 switch (sp->scp[cp->protoidx].state) { 2085 case STATE_OPENED: 2086 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2087 cp->tld(sp); 2088 cp->scr(sp); 2089 cp->screply(cp, sp, ctype, ident, msglen, msg); 2090 break; 2091 case STATE_ACK_SENT: 2092 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2093 /* fall through */ 2094 case STATE_REQ_SENT: 2095 cp->screply(cp, sp, ctype, ident, msglen, msg); 2096 break; 2097 case STATE_STOPPED: 2098 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2099 cp->scr(sp); 2100 cp->screply(cp, sp, ctype, ident, msglen, msg); 2101 break; 2102 case STATE_ACK_RCVD: 2103 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 2104 cp->screply(cp, sp, ctype, ident, msglen, msg); 2105 break; 2106 case STATE_CLOSING: 2107 case STATE_STOPPING: 2108 break; 2109 case STATE_CLOSED: 2110 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2111 if ((cp->flags & CP_AUTH) == 0) { 2112 sppp_cp_send(sp, cp->proto, TERM_ACK, 2113 ident, 0, 0); 2114 } 2115 break; 2116 default: 2117 SPPP_LOG(sp, LOG_DEBUG, 2118 "%s illegal RCR- in state %s\n", cp->name, 2119 sppp_state_name(sp->scp[cp->protoidx].state)); 2120 if_statinc(ifp, if_ierrors); 2121 } 2122 } 2123 } 2124 2125 static void 2126 sppp_rcr_event(struct sppp *sp, void *xcp) 2127 { 2128 const struct cp *cp = xcp; 2129 struct sppp_cp *scp; 2130 struct lcp_header *h; 2131 struct mbuf *m; 2132 enum cp_rcr_type type; 2133 size_t len; 2134 uint8_t *buf; 2135 size_t blen, rlen; 2136 uint8_t ident; 2137 2138 KASSERT(!cpu_softintr_p()); 2139 2140 scp = &sp->scp[cp->protoidx]; 2141 2142 if (cp->parse_confreq != NULL) { 2143 m = scp->mbuf_confreq; 2144 if (m == NULL) 2145 return; 2146 scp->mbuf_confreq = NULL; 2147 2148 h = mtod(m, struct lcp_header *); 2149 if (h->type != CONF_REQ) { 2150 m_freem(m); 2151 return; 2152 } 2153 2154 ident = h->ident; 2155 len = MIN(m->m_pkthdr.len, ntohs(h->len)); 2156 2157 type = (cp->parse_confreq)(sp, h, len, 2158 &buf, &blen, &rlen); 2159 m_freem(m); 2160 } else { 2161 /* mbuf_cofreq is already parsed and freed */ 2162 type = scp->rcr_type; 2163 ident = scp->rconfid; 2164 buf = NULL; 2165 blen = rlen = 0; 2166 } 2167 2168 sppp_rcr_update_state(cp, sp, type, ident, rlen, (void *)buf); 2169 2170 if (buf != NULL) 2171 kmem_free(buf, blen); 2172 } 2173 2174 static void 2175 sppp_rca_event(struct sppp *sp, void *xcp) 2176 { 2177 struct ifnet *ifp; 2178 const struct cp *cp = xcp; 2179 2180 KASSERT(!cpu_softintr_p()); 2181 2182 ifp = &sp->pp_if; 2183 2184 switch (sp->scp[cp->protoidx].state) { 2185 case STATE_CLOSED: 2186 case STATE_STOPPED: 2187 if ((cp->flags & CP_AUTH) == 0) { 2188 sppp_cp_send(sp, cp->proto, TERM_ACK, 2189 sp->scp[cp->protoidx].rconfid, 0, 0); 2190 } 2191 break; 2192 case STATE_CLOSING: 2193 case STATE_STOPPING: 2194 break; 2195 case STATE_REQ_SENT: 2196 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 2197 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 2198 break; 2199 case STATE_OPENED: 2200 (cp->tld)(sp); 2201 /* fall through */ 2202 case STATE_ACK_RCVD: 2203 (cp->scr)(sp); 2204 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2205 break; 2206 case STATE_ACK_SENT: 2207 sppp_cp_change_state(cp, sp, STATE_OPENED); 2208 sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; 2209 SPPP_DLOG(sp, "%s tlu\n", cp->name); 2210 (cp->tlu)(sp); 2211 break; 2212 default: 2213 SPPP_LOG(sp, LOG_DEBUG, 2214 "%s illegal RCA in state %s\n", cp->name, 2215 sppp_state_name(sp->scp[cp->protoidx].state)); 2216 if_statinc(ifp, if_ierrors); 2217 } 2218 } 2219 2220 static void 2221 sppp_rcn_event(struct sppp *sp, void *xcp) 2222 { 2223 const struct cp *cp = xcp; 2224 struct sppp_cp *scp; 2225 struct lcp_header *h; 2226 struct mbuf *m; 2227 struct ifnet *ifp = &sp->pp_if; 2228 size_t len; 2229 2230 KASSERT(!cpu_softintr_p()); 2231 2232 scp = &sp->scp[cp->protoidx]; 2233 m = scp->mbuf_confnak; 2234 if (m == NULL) 2235 return; 2236 scp->mbuf_confnak = NULL; 2237 2238 h = mtod(m, struct lcp_header *); 2239 len = MIN(m->m_pkthdr.len, ntohs(h->len)); 2240 2241 switch (h->type) { 2242 case CONF_NAK: 2243 (cp->parse_confnak)(sp, h, len); 2244 break; 2245 case CONF_REJ: 2246 (cp->parse_confrej)(sp, h, len); 2247 break; 2248 default: 2249 m_freem(m); 2250 return; 2251 } 2252 2253 m_freem(m); 2254 2255 switch (scp->state) { 2256 case STATE_CLOSED: 2257 case STATE_STOPPED: 2258 if ((cp->flags & CP_AUTH) == 0) { 2259 sppp_cp_send(sp, cp->proto, TERM_ACK, 2260 scp->rconfid, 0, 0); 2261 } 2262 break; 2263 case STATE_REQ_SENT: 2264 case STATE_ACK_SENT: 2265 scp->rst_counter = sp->lcp.max_configure; 2266 (cp->scr)(sp); 2267 break; 2268 case STATE_OPENED: 2269 (cp->tld)(sp); 2270 /* fall through */ 2271 case STATE_ACK_RCVD: 2272 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 2273 (cp->scr)(sp); 2274 break; 2275 case STATE_CLOSING: 2276 case STATE_STOPPING: 2277 break; 2278 default: 2279 SPPP_LOG(sp, LOG_DEBUG, "%s illegal RCN in state %s\n", 2280 cp->name, sppp_state_name(scp->state)); 2281 if_statinc(ifp, if_ierrors); 2282 } 2283 } 2284 2285 static void 2286 sppp_rtr_event(struct sppp *sp, void *xcp) 2287 { 2288 struct ifnet *ifp; 2289 const struct cp *cp = xcp; 2290 2291 KASSERT(!cpu_softintr_p()); 2292 2293 ifp = &sp->pp_if; 2294 2295 switch (sp->scp[cp->protoidx].state) { 2296 case STATE_ACK_RCVD: 2297 case STATE_ACK_SENT: 2298 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2299 break; 2300 case STATE_CLOSED: 2301 case STATE_STOPPED: 2302 case STATE_CLOSING: 2303 case STATE_STOPPING: 2304 case STATE_REQ_SENT: 2305 break; 2306 case STATE_OPENED: 2307 (cp->tld)(sp); 2308 sp->scp[cp->protoidx].rst_counter = 0; 2309 sppp_cp_change_state(cp, sp, STATE_STOPPING); 2310 break; 2311 default: 2312 SPPP_LOG(sp, LOG_DEBUG, "%s illegal RTR in state %s\n", 2313 cp->name, 2314 sppp_state_name(sp->scp[cp->protoidx].state)); 2315 if_statinc(ifp, if_ierrors); 2316 return; 2317 } 2318 2319 /* Send Terminate-Ack packet. */ 2320 SPPP_DLOG(sp, "%s send terminate-ack\n", cp->name); 2321 if ((cp->flags & CP_AUTH) == 0) { 2322 sppp_cp_send(sp, cp->proto, TERM_ACK, 2323 sp->scp[cp->protoidx].rseq, 0, 0); 2324 } 2325 } 2326 2327 static void 2328 sppp_rta_event(struct sppp *sp, void *xcp) 2329 { 2330 const struct cp *cp = xcp; 2331 struct ifnet *ifp = &sp->pp_if; 2332 2333 KASSERT(!cpu_softintr_p()); 2334 2335 switch (sp->scp[cp->protoidx].state) { 2336 case STATE_CLOSED: 2337 case STATE_STOPPED: 2338 case STATE_REQ_SENT: 2339 case STATE_ACK_SENT: 2340 break; 2341 case STATE_CLOSING: 2342 sppp_cp_change_state(cp, sp, STATE_CLOSED); 2343 (cp->tlf)(cp, sp); 2344 break; 2345 case STATE_STOPPING: 2346 sppp_cp_change_state(cp, sp, STATE_STOPPED); 2347 (cp->tlf)(cp, sp); 2348 break; 2349 case STATE_ACK_RCVD: 2350 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2351 break; 2352 case STATE_OPENED: 2353 (cp->tld)(sp); 2354 (cp->scr)(sp); 2355 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 2356 break; 2357 default: 2358 SPPP_LOG(sp, LOG_DEBUG, "%s illegal RTA in state %s\n", 2359 cp->name, sppp_state_name(sp->scp[cp->protoidx].state)); 2360 if_statinc(ifp, if_ierrors); 2361 } 2362 } 2363 2364 static void 2365 sppp_rxj_event(struct sppp *sp, void *xcp) 2366 { 2367 const struct cp *cp = xcp; 2368 struct ifnet *ifp = &sp->pp_if; 2369 2370 KASSERT(!cpu_softintr_p()); 2371 2372 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 2373 switch (sp->scp[cp->protoidx].state) { 2374 case STATE_CLOSED: 2375 case STATE_STOPPED: 2376 case STATE_REQ_SENT: 2377 case STATE_ACK_SENT: 2378 case STATE_CLOSING: 2379 case STATE_STOPPING: 2380 case STATE_OPENED: 2381 break; 2382 case STATE_ACK_RCVD: 2383 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 2384 break; 2385 default: 2386 SPPP_LOG(sp, LOG_DEBUG, "%s illegal RXJ- in state %s\n", 2387 cp->name, sppp_state_name(sp->scp[cp->protoidx].state)); 2388 if_statinc(ifp, if_ierrors); 2389 } 2390 } 2391 2392 /* 2393 * Change the state of a control protocol in the state automaton. 2394 * Takes care of starting/stopping the restart timer. 2395 */ 2396 void 2397 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 2398 { 2399 2400 KASSERT(SPPP_WLOCKED(sp)); 2401 2402 sp->scp[cp->protoidx].state = newstate; 2403 callout_stop(&sp->scp[cp->protoidx].ch); 2404 switch (newstate) { 2405 case STATE_INITIAL: 2406 case STATE_STARTING: 2407 case STATE_CLOSED: 2408 case STATE_STOPPED: 2409 case STATE_OPENED: 2410 break; 2411 case STATE_CLOSING: 2412 case STATE_STOPPING: 2413 case STATE_REQ_SENT: 2414 case STATE_ACK_RCVD: 2415 case STATE_ACK_SENT: 2416 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 2417 break; 2418 } 2419 } 2420 2421 /* 2422 *--------------------------------------------------------------------------* 2423 * * 2424 * The LCP implementation. * 2425 * * 2426 *--------------------------------------------------------------------------* 2427 */ 2428 static void 2429 sppp_lcp_init(struct sppp *sp) 2430 { 2431 2432 KASSERT(SPPP_WLOCKED(sp)); 2433 2434 sppp_cp_init(&lcp, sp); 2435 2436 SET(sp->lcp.opts, SPPP_LCP_OPT_MAGIC); 2437 sp->lcp.magic = 0; 2438 sp->lcp.protos = 0; 2439 sp->lcp.max_terminate = 2; 2440 sp->lcp.max_configure = 10; 2441 sp->lcp.max_failure = 10; 2442 sp->lcp.tlf_sent = false; 2443 2444 /* 2445 * Initialize counters and timeout values. Note that we don't 2446 * use the 3 seconds suggested in RFC 1661 since we are likely 2447 * running on a fast link. XXX We should probably implement 2448 * the exponential backoff option. Note that these values are 2449 * relevant for all control protocols, not just LCP only. 2450 */ 2451 sp->lcp.timeout = 1 * hz; 2452 } 2453 2454 static void 2455 sppp_lcp_up(struct sppp *sp, void *xcp) 2456 { 2457 struct ifnet *ifp; 2458 const struct cp *cp = xcp; 2459 int pidx; 2460 2461 KASSERT(SPPP_WLOCKED(sp)); 2462 ifp = &sp->pp_if; 2463 2464 pidx = cp->protoidx; 2465 /* Initialize activity timestamp: opening a connection is an activity */ 2466 sp->pp_last_receive = sp->pp_last_activity = time_uptime; 2467 2468 /* 2469 * If this interface is passive or dial-on-demand, and we are 2470 * still in Initial state, it means we've got an incoming 2471 * call. Activate the interface. 2472 */ 2473 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2474 ifp->if_flags |= IFF_RUNNING; 2475 if (sp->scp[pidx].state == STATE_INITIAL) { 2476 SPPP_DLOG(sp, "Up event (incoming call)\n"); 2477 sp->pp_flags |= PP_CALLIN; 2478 sppp_wq_add(sp->wq_cp, &sp->scp[pidx].work_open); 2479 } else { 2480 SPPP_DLOG(sp, "Up event\n"); 2481 } 2482 } 2483 2484 sppp_up_event(sp, xcp); 2485 } 2486 2487 static void 2488 sppp_lcp_down(struct sppp *sp, void *xcp) 2489 { 2490 const struct cp *cp = xcp; 2491 struct ifnet *ifp; 2492 int pidx; 2493 2494 KASSERT(SPPP_WLOCKED(sp)); 2495 KASSERT(!cpu_softintr_p()); 2496 2497 ifp = &sp->pp_if; 2498 pidx = cp->protoidx; 2499 sppp_down_event(sp, xcp); 2500 2501 /* 2502 * We need to do tls to restart when a down event is caused 2503 * by the last tlf. 2504 */ 2505 if (sp->scp[pidx].state == STATE_STARTING && 2506 sp->lcp.tlf_sent) { 2507 cp->tls(cp, sp); 2508 sp->lcp.tlf_sent = false; 2509 } 2510 2511 SPPP_DLOG(sp, "Down event (carrier loss)\n"); 2512 2513 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2514 if (sp->lcp.reestablish) 2515 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); 2516 } else { 2517 sp->pp_flags &= ~PP_CALLIN; 2518 if (sp->scp[pidx].state != STATE_INITIAL) 2519 sppp_wq_add(sp->wq_cp, &sp->scp[pidx].work_close); 2520 ifp->if_flags &= ~IFF_RUNNING; 2521 } 2522 sp->scp[pidx].fail_counter = 0; 2523 } 2524 2525 static void 2526 sppp_lcp_open(struct sppp *sp, void *xcp) 2527 { 2528 2529 KASSERT(SPPP_WLOCKED(sp)); 2530 KASSERT(!cpu_softintr_p()); 2531 2532 sp->lcp.reestablish = false; 2533 sp->scp[IDX_LCP].fail_counter = 0; 2534 2535 /* the interface was down while waiting for reconnection */ 2536 if ((sp->pp_flags & PP_ADMIN_UP) == 0) 2537 return; 2538 2539 if (sp->pp_if.if_mtu < PP_MTU) { 2540 sp->lcp.mru = sp->pp_if.if_mtu; 2541 SET(sp->lcp.opts, SPPP_LCP_OPT_MRU); 2542 } else { 2543 sp->lcp.mru = PP_MTU; 2544 } 2545 sp->lcp.their_mru = PP_MTU; 2546 2547 /* 2548 * If we are authenticator, negotiate LCP_AUTH 2549 */ 2550 if (sp->hisauth.proto != PPP_NOPROTO) 2551 SET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO); 2552 else 2553 CLR(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO); 2554 sp->pp_flags &= ~PP_NEEDAUTH; 2555 sppp_open_event(sp, xcp); 2556 } 2557 2558 2559 /* 2560 * Analyze a configure request. Return true if it was agreeable, and 2561 * caused action sca, false if it has been rejected or nak'ed, and 2562 * caused action scn. (The return value is used to make the state 2563 * transition decision in the state automaton.) 2564 */ 2565 static enum cp_rcr_type 2566 sppp_lcp_confreq(struct sppp *sp, struct lcp_header *h, int origlen, 2567 uint8_t **msgbuf, size_t *buflen, size_t *msglen) 2568 { 2569 u_char *buf, *r, *p, l, blen; 2570 enum cp_rcr_type type; 2571 int len, rlen; 2572 uint32_t nmagic; 2573 u_short authproto; 2574 char lbuf[SPPP_LCPOPT_NAMELEN]; 2575 bool debug; 2576 2577 KASSERT(SPPP_WLOCKED(sp)); 2578 2579 debug = sppp_debug_enabled(sp); 2580 2581 if (origlen < sizeof(*h)) 2582 return CP_RCR_DROP; 2583 2584 origlen -= sizeof(*h); 2585 type = CP_RCR_NONE; 2586 type = 0; 2587 2588 if (origlen <= 0) 2589 return CP_RCR_DROP; 2590 else 2591 blen = origlen; 2592 2593 buf = kmem_intr_alloc(blen, KM_NOSLEEP); 2594 if (buf == NULL) 2595 return CP_RCR_DROP; 2596 2597 if (debug) 2598 SPPP_LOG(sp, LOG_DEBUG, "lcp parse opts:"); 2599 2600 /* pass 1: check for things that need to be rejected */ 2601 p = (void *)(h + 1); 2602 r = buf; 2603 rlen = 0; 2604 for (len = origlen; len > 1; len-= l, p += l) { 2605 l = p[1]; 2606 if (l == 0) 2607 break; 2608 2609 /* Sanity check option length */ 2610 if (l > len) { 2611 /* 2612 * Malicious option - drop immediately. 2613 * XXX Maybe we should just RXJ it? 2614 */ 2615 if (debug) 2616 addlog("\n"); 2617 2618 SPPP_LOG(sp, LOG_DEBUG, 2619 "received malicious LCP option 0x%02x, " 2620 "length 0x%02x, (len: 0x%02x) dropping.\n", 2621 p[0], l, len); 2622 type = CP_RCR_ERR; 2623 goto end; 2624 } 2625 if (debug) 2626 addlog(" %s", sppp_lcp_opt_name(lbuf, sizeof(lbuf), *p)); 2627 switch (p[0]) { 2628 case LCP_OPT_MAGIC: 2629 /* Magic number. */ 2630 /* fall through, both are same length */ 2631 case LCP_OPT_ASYNC_MAP: 2632 /* Async control character map. */ 2633 if (len >= 6 || l == 6) 2634 continue; 2635 if (debug) 2636 addlog(" [invalid]"); 2637 break; 2638 case LCP_OPT_MP_EID: 2639 if (len >= l && l >= 3) { 2640 switch (p[2]) { 2641 case 0: if (l==3+ 0) continue;break; 2642 case 2: if (l==3+ 4) continue;break; 2643 case 3: if (l==3+ 6) continue;break; 2644 case 6: if (l==3+16) continue;break; 2645 case 1: /* FALLTHROUGH */ 2646 case 4: if (l<=3+20) continue;break; 2647 case 5: if (l<=3+15) continue;break; 2648 /* XXX should it be default: continue;? */ 2649 } 2650 } 2651 if (debug) 2652 addlog(" [invalid class %d len %d]", p[2], l); 2653 break; 2654 case LCP_OPT_MP_SSNHF: 2655 if (len >= 2 && l == 2) { 2656 if (debug) 2657 addlog(" [rej]"); 2658 break; 2659 } 2660 if (debug) 2661 addlog(" [invalid]"); 2662 break; 2663 case LCP_OPT_MP_MRRU: 2664 /* Multilink maximum received reconstructed unit */ 2665 /* should be fall through, both are same length */ 2666 /* FALLTHROUGH */ 2667 case LCP_OPT_MRU: 2668 /* Maximum receive unit. */ 2669 if (len >= 4 && l == 4) 2670 continue; 2671 if (debug) 2672 addlog(" [invalid]"); 2673 break; 2674 case LCP_OPT_AUTH_PROTO: 2675 if (len < 4) { 2676 if (debug) 2677 addlog(" [invalid]"); 2678 break; 2679 } 2680 authproto = (p[2] << 8) + p[3]; 2681 if (authproto == PPP_CHAP && l != 5) { 2682 if (debug) 2683 addlog(" [invalid chap len]"); 2684 break; 2685 } 2686 if (ISSET(sp->myauth.flags, SPPP_AUTHFLAG_PASSIVEAUTHPROTO)) { 2687 if (authproto == PPP_PAP || authproto == PPP_CHAP) 2688 sp->myauth.proto = authproto; 2689 } 2690 if (sp->myauth.proto == PPP_NOPROTO) { 2691 /* we are not configured to do auth */ 2692 if (debug) 2693 addlog(" [not configured]"); 2694 break; 2695 } 2696 /* 2697 * Remote want us to authenticate, remember this, 2698 * so we stay in SPPP_PHASE_AUTHENTICATE after LCP got 2699 * up. 2700 */ 2701 sp->pp_flags |= PP_NEEDAUTH; 2702 continue; 2703 default: 2704 /* Others not supported. */ 2705 if (debug) 2706 addlog(" [rej]"); 2707 break; 2708 } 2709 if (rlen + l > blen) { 2710 if (debug) 2711 addlog(" [overflow]"); 2712 continue; 2713 } 2714 /* Add the option to rejected list. */ 2715 memcpy(r, p, l); 2716 r += l; 2717 rlen += l; 2718 } 2719 2720 if (rlen > 0) { 2721 type = CP_RCR_REJ; 2722 goto end; 2723 } 2724 2725 if (debug) 2726 addlog("\n"); 2727 2728 /* 2729 * pass 2: check for option values that are unacceptable and 2730 * thus require to be nak'ed. 2731 */ 2732 if (debug) 2733 SPPP_LOG(sp, LOG_DEBUG, "lcp parse opt values:"); 2734 2735 p = (void *)(h + 1); 2736 r = buf; 2737 rlen = 0; 2738 for (len = origlen; len > 0; len -= l, p += l) { 2739 l = p[1]; 2740 if (l == 0) 2741 break; 2742 2743 if (debug) 2744 addlog(" %s", sppp_lcp_opt_name(lbuf, sizeof(lbuf), *p)); 2745 switch (p[0]) { 2746 case LCP_OPT_MAGIC: 2747 /* Magic number -- extract. */ 2748 nmagic = (uint32_t)p[2] << 24 | 2749 (uint32_t)p[3] << 16 | p[4] << 8 | p[5]; 2750 if (nmagic != sp->lcp.magic) { 2751 if (debug) 2752 addlog(" 0x%x", nmagic); 2753 continue; 2754 } 2755 /* 2756 * Local and remote magics equal -- loopback? 2757 */ 2758 if (sp->pp_loopcnt >= LOOPALIVECNT*5) { 2759 SPPP_DLOG(sp, "loopback\n"); 2760 sp->pp_loopcnt = 0; 2761 2762 if (sp->pp_flags & PP_LOOPBACK_IFDOWN) { 2763 sp->pp_flags |= PP_LOOPBACK; 2764 sppp_wq_add(sp->wq_cp, 2765 &sp->work_ifdown); 2766 } 2767 2768 sppp_wq_add(sp->wq_cp, 2769 &sp->scp[IDX_LCP].work_close); 2770 sppp_wq_add(sp->wq_cp, 2771 &sp->scp[IDX_LCP].work_open); 2772 } else { 2773 if (debug) 2774 addlog(" [glitch]"); 2775 ++sp->pp_loopcnt; 2776 } 2777 /* 2778 * We negate our magic here, and NAK it. If 2779 * we see it later in an NAK packet, we 2780 * suggest a new one. 2781 */ 2782 nmagic = ~sp->lcp.magic; 2783 /* Gonna NAK it. */ 2784 p[2] = nmagic >> 24; 2785 p[3] = nmagic >> 16; 2786 p[4] = nmagic >> 8; 2787 p[5] = nmagic; 2788 break; 2789 2790 case LCP_OPT_ASYNC_MAP: 2791 /* 2792 * Async control character map -- just ignore it. 2793 * 2794 * Quote from RFC 1662, chapter 6: 2795 * To enable this functionality, synchronous PPP 2796 * implementations MUST always respond to the 2797 * Async-Control-Character-Map Configuration 2798 * Option with the LCP Configure-Ack. However, 2799 * acceptance of the Configuration Option does 2800 * not imply that the synchronous implementation 2801 * will do any ACCM mapping. Instead, all such 2802 * octet mapping will be performed by the 2803 * asynchronous-to-synchronous converter. 2804 */ 2805 continue; 2806 2807 case LCP_OPT_MRU: 2808 /* 2809 * Maximum receive unit. Always agreeable, 2810 * but ignored by now. 2811 */ 2812 sp->lcp.their_mru = p[2] * 256 + p[3]; 2813 if (debug) 2814 addlog(" %ld", sp->lcp.their_mru); 2815 continue; 2816 2817 case LCP_OPT_AUTH_PROTO: 2818 authproto = (p[2] << 8) + p[3]; 2819 if (ISSET(sp->myauth.flags, SPPP_AUTHFLAG_PASSIVEAUTHPROTO)) { 2820 if (authproto == PPP_PAP || authproto == PPP_CHAP) 2821 sp->myauth.proto = authproto; 2822 } 2823 if (sp->myauth.proto == authproto) { 2824 if (authproto != PPP_CHAP || p[4] == CHAP_MD5) { 2825 continue; 2826 } 2827 if (debug) 2828 addlog(" [chap without MD5]"); 2829 } else { 2830 if (debug) { 2831 char pbuf1[SPPP_PROTO_NAMELEN]; 2832 char pbuf2[SPPP_PROTO_NAMELEN]; 2833 const char *pname1, *pname2; 2834 2835 pname1 = sppp_proto_name(pbuf1, 2836 sizeof(pbuf1), sp->myauth.proto); 2837 pname2 = sppp_proto_name(pbuf2, 2838 sizeof(pbuf2), authproto); 2839 addlog(" [mine %s != his %s]", 2840 pname1, pname2); 2841 } 2842 } 2843 /* not agreed, nak */ 2844 if (sp->myauth.proto == PPP_CHAP) { 2845 l = 5; 2846 } else { 2847 l = 4; 2848 } 2849 2850 if (rlen + l > blen) { 2851 if (debug) 2852 addlog(" [overflow]"); 2853 continue; 2854 } 2855 2856 r[0] = LCP_OPT_AUTH_PROTO; 2857 r[1] = l; 2858 r[2] = sp->myauth.proto >> 8; 2859 r[3] = sp->myauth.proto & 0xff; 2860 if (sp->myauth.proto == PPP_CHAP) 2861 r[4] = CHAP_MD5; 2862 rlen += l; 2863 r += l; 2864 continue; 2865 case LCP_OPT_MP_EID: 2866 /* 2867 * Endpoint identification. 2868 * Always agreeable, 2869 * but ignored by now. 2870 */ 2871 if (debug) { 2872 addlog(" type %d", p[2]); 2873 sppp_print_bytes(p+3, p[1]-3); 2874 } 2875 continue; 2876 case LCP_OPT_MP_MRRU: 2877 /* 2878 * Maximum received reconstructed unit. 2879 * Always agreeable, 2880 * but ignored by now. 2881 */ 2882 sp->lcp.their_mrru = p[2] * 256 + p[3]; 2883 if (debug) 2884 addlog(" %ld", sp->lcp.their_mrru); 2885 continue; 2886 } 2887 if (rlen + l > blen) { 2888 if (debug) 2889 addlog(" [overflow]"); 2890 continue; 2891 } 2892 /* Add the option to nak'ed list. */ 2893 memcpy(r, p, l); 2894 r += l; 2895 rlen += l; 2896 } 2897 2898 if (rlen > 0) { 2899 if (++sp->scp[IDX_LCP].fail_counter >= sp->lcp.max_failure) { 2900 if (debug) 2901 addlog(" max_failure (%d) exceeded, ", 2902 sp->lcp.max_failure); 2903 type = CP_RCR_REJ; 2904 } else { 2905 type = CP_RCR_NAK; 2906 } 2907 } else { 2908 type = CP_RCR_ACK; 2909 rlen = origlen; 2910 memcpy(r, h + 1, rlen); 2911 sp->scp[IDX_LCP].fail_counter = 0; 2912 sp->pp_loopcnt = 0; 2913 } 2914 2915 end: 2916 if (debug) 2917 addlog("\n"); 2918 2919 if (type == CP_RCR_ERR || type == CP_RCR_DROP) { 2920 if (buf != NULL) 2921 kmem_intr_free(buf, blen); 2922 } else { 2923 *msgbuf = buf; 2924 *buflen = blen; 2925 *msglen = rlen; 2926 } 2927 2928 return type; 2929 } 2930 2931 /* 2932 * Analyze the LCP Configure-Reject option list, and adjust our 2933 * negotiation. 2934 */ 2935 static void 2936 sppp_lcp_confrej(struct sppp *sp, struct lcp_header *h, int len) 2937 { 2938 u_char *p, l; 2939 bool debug; 2940 2941 KASSERT(SPPP_WLOCKED(sp)); 2942 2943 debug = sppp_debug_enabled(sp); 2944 2945 if (len <= sizeof(*h)) 2946 return; 2947 2948 len -= sizeof(*h); 2949 2950 if (debug) 2951 SPPP_LOG(sp, LOG_DEBUG, "lcp rej opts:"); 2952 2953 p = (void *)(h + 1); 2954 for (; len > 1 && (l = p[1]) != 0; len -= l, p += l) { 2955 /* Sanity check option length */ 2956 if (l > len) { 2957 /* 2958 * Malicious option - drop immediately. 2959 * XXX Maybe we should just RXJ it? 2960 */ 2961 if (debug) 2962 addlog("\n"); 2963 2964 SPPP_LOG(sp, LOG_DEBUG, 2965 "received malicious LCP option, dropping.\n"); 2966 goto end; 2967 } 2968 if (debug) { 2969 char lbuf[SPPP_LCPOPT_NAMELEN]; 2970 addlog(" %s", sppp_lcp_opt_name(lbuf, sizeof(lbuf), *p)); 2971 } 2972 switch (p[0]) { 2973 case LCP_OPT_MAGIC: 2974 /* Magic number -- can't use it, use 0 */ 2975 CLR(sp->lcp.opts, SPPP_LCP_OPT_MAGIC); 2976 sp->lcp.magic = 0; 2977 break; 2978 case LCP_OPT_MRU: 2979 /* 2980 * We try to negotiate a lower MRU if the underlying 2981 * link's MTU is less than PP_MTU (e.g. PPPoE). If the 2982 * peer rejects this lower rate, fallback to the 2983 * default. 2984 */ 2985 if (!debug) { 2986 SPPP_LOG(sp, LOG_INFO, 2987 "peer rejected our MRU of " 2988 "%ld bytes. Defaulting to %d bytes\n", 2989 sp->lcp.mru, PP_MTU); 2990 } 2991 CLR(sp->lcp.opts, SPPP_LCP_OPT_MRU); 2992 sp->lcp.mru = PP_MTU; 2993 break; 2994 case LCP_OPT_AUTH_PROTO: 2995 /* 2996 * Peer doesn't want to authenticate himself, 2997 * deny unless this is a dialout call, and 2998 * SPPP_AUTHFLAG_NOCALLOUT is set. 2999 */ 3000 if ((sp->pp_flags & PP_CALLIN) == 0 && 3001 (sp->hisauth.flags & SPPP_AUTHFLAG_NOCALLOUT) != 0) { 3002 if (debug) { 3003 addlog(" [don't insist on auth " 3004 "for callout]"); 3005 } 3006 CLR(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO); 3007 break; 3008 } 3009 if (debug) 3010 addlog("[access denied]\n"); 3011 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 3012 break; 3013 } 3014 } 3015 if (debug) 3016 addlog("\n"); 3017 end: 3018 return; 3019 } 3020 3021 /* 3022 * Analyze the LCP Configure-NAK option list, and adjust our 3023 * negotiation. 3024 */ 3025 static void 3026 sppp_lcp_confnak(struct sppp *sp, struct lcp_header *h, int len) 3027 { 3028 u_char *p, l; 3029 uint32_t magic; 3030 bool debug; 3031 3032 KASSERT(SPPP_WLOCKED(sp)); 3033 3034 if (len <= sizeof(*h)) 3035 return; 3036 3037 debug = sppp_debug_enabled(sp); 3038 len -= sizeof(*h); 3039 3040 if (debug) 3041 SPPP_LOG(sp, LOG_DEBUG, "lcp nak opts:"); 3042 3043 p = (void *)(h + 1); 3044 for (; len > 1 && (l = p[1]) != 0; len -= l, p += l) { 3045 /* Sanity check option length */ 3046 if (l > len) { 3047 /* 3048 * Malicious option - drop immediately. 3049 * XXX Maybe we should just RXJ it? 3050 */ 3051 if (debug) 3052 addlog("\n"); 3053 3054 SPPP_LOG(sp, LOG_DEBUG, 3055 "received malicious LCP option, dropping.\n"); 3056 goto end; 3057 } 3058 if (debug) { 3059 char lbuf[SPPP_LCPOPT_NAMELEN]; 3060 addlog(" %s", sppp_lcp_opt_name(lbuf, sizeof(lbuf),*p)); 3061 } 3062 switch (p[0]) { 3063 case LCP_OPT_MAGIC: 3064 /* Magic number -- renegotiate */ 3065 if (ISSET(sp->lcp.opts, SPPP_LCP_OPT_MAGIC) && 3066 len >= 6 && l == 6) { 3067 magic = (uint32_t)p[2] << 24 | 3068 (uint32_t)p[3] << 16 | p[4] << 8 | p[5]; 3069 /* 3070 * If the remote magic is our negated one, 3071 * this looks like a loopback problem. 3072 * Suggest a new magic to make sure. 3073 */ 3074 if (magic == ~sp->lcp.magic) { 3075 if (debug) 3076 addlog(" magic glitch"); 3077 sp->lcp.magic = cprng_fast32(); 3078 } else { 3079 sp->lcp.magic = magic; 3080 if (debug) 3081 addlog(" %d", magic); 3082 } 3083 } 3084 break; 3085 case LCP_OPT_MRU: 3086 /* 3087 * Peer wants to advise us to negotiate an MRU. 3088 * Agree on it if it's reasonable, or use 3089 * default otherwise. 3090 */ 3091 if (len >= 4 && l == 4) { 3092 u_int mru = p[2] * 256 + p[3]; 3093 if (debug) 3094 addlog(" %d", mru); 3095 if (mru < PPP_MINMRU || mru > sp->pp_if.if_mtu) 3096 mru = sp->pp_if.if_mtu; 3097 sp->lcp.mru = mru; 3098 SET(sp->lcp.opts, SPPP_LCP_OPT_MRU); 3099 } 3100 break; 3101 case LCP_OPT_AUTH_PROTO: 3102 /* 3103 * Peer doesn't like our authentication method, 3104 * deny. 3105 */ 3106 if (debug) 3107 addlog("[access denied]\n"); 3108 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 3109 break; 3110 } 3111 } 3112 if (debug) 3113 addlog("\n"); 3114 end: 3115 return; 3116 } 3117 3118 static void 3119 sppp_lcp_tlu(struct sppp *sp) 3120 { 3121 struct ifnet *ifp; 3122 struct sppp_cp *scp; 3123 int i; 3124 bool going_up; 3125 3126 KASSERT(SPPP_WLOCKED(sp)); 3127 3128 ifp = &sp->pp_if; 3129 3130 /* unlock for IFNET_LOCK and if_up() */ 3131 SPPP_UNLOCK(sp); 3132 3133 if (! (ifp->if_flags & IFF_UP) && 3134 (ifp->if_flags & IFF_RUNNING)) { 3135 /* Coming out of loopback mode. */ 3136 going_up = true; 3137 if_up(ifp); 3138 } else { 3139 going_up = false; 3140 } 3141 3142 IFNET_LOCK(ifp); 3143 SPPP_LOCK(sp, RW_WRITER); 3144 3145 if (going_up) { 3146 if ((sp->pp_flags & PP_LOOPBACK) == 0) { 3147 SPPP_LOG(sp, LOG_DEBUG, 3148 "interface is going up, " 3149 "but no loopback packet is deteted\n"); 3150 } 3151 sp->pp_flags &= ~PP_LOOPBACK; 3152 } 3153 3154 if (ifp->if_mtu > sp->lcp.their_mru) { 3155 sp->pp_saved_mtu = ifp->if_mtu; 3156 ifp->if_mtu = sp->lcp.their_mru; 3157 SPPP_DLOG(sp, "setting MTU " 3158 "from %"PRIu64" bytes to %"PRIu64" bytes\n", 3159 sp->pp_saved_mtu, ifp->if_mtu); 3160 } 3161 IFNET_UNLOCK(ifp); 3162 3163 if (ISSET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO) || 3164 (sp->pp_flags & PP_NEEDAUTH) != 0) 3165 sppp_change_phase(sp, SPPP_PHASE_AUTHENTICATE); 3166 else 3167 sppp_change_phase(sp, SPPP_PHASE_NETWORK); 3168 3169 3170 for (i = 0; i < IDX_COUNT; i++) { 3171 scp = &sp->scp[(cps[i])->protoidx]; 3172 3173 if (((cps[i])->flags & CP_LCP) == 0) 3174 sppp_wq_add(sp->wq_cp, &scp->work_up); 3175 3176 /* 3177 * Open all authentication protocols. This is even required 3178 * if we already proceeded to network phase, since it might be 3179 * that remote wants us to authenticate, so we might have to 3180 * send a PAP request. Undesired authentication protocols 3181 * don't do anything when they get an Open event. 3182 */ 3183 if ((cps[i])->flags & CP_AUTH) 3184 sppp_wq_add(sp->wq_cp, &scp->work_open); 3185 3186 /* Open all NCPs. */ 3187 if (sp->pp_phase == SPPP_PHASE_NETWORK && 3188 ((cps[i])->flags & CP_NCP) != 0) { 3189 sppp_wq_add(sp->wq_cp, &scp->work_open); 3190 } 3191 } 3192 3193 /* notify low-level driver of state change */ 3194 sppp_notify_chg_wlocked(sp); 3195 } 3196 3197 static void 3198 sppp_lcp_tld(struct sppp *sp) 3199 { 3200 struct ifnet *ifp; 3201 struct sppp_cp *scp; 3202 int i, phase; 3203 3204 KASSERT(SPPP_WLOCKED(sp)); 3205 3206 phase = sp->pp_phase; 3207 3208 sppp_change_phase(sp, SPPP_PHASE_TERMINATE); 3209 3210 if (sp->pp_saved_mtu > 0) { 3211 ifp = &sp->pp_if; 3212 3213 SPPP_UNLOCK(sp); 3214 IFNET_LOCK(ifp); 3215 SPPP_LOCK(sp, RW_WRITER); 3216 3217 SPPP_DLOG(sp, "setting MTU " 3218 "from %"PRIu64" bytes to %"PRIu64" bytes\n", 3219 ifp->if_mtu, sp->pp_saved_mtu); 3220 3221 ifp->if_mtu = sp->pp_saved_mtu; 3222 sp->pp_saved_mtu = 0; 3223 IFNET_UNLOCK(ifp); 3224 } 3225 3226 /* 3227 * Take upper layers down. We send the Down event first and 3228 * the Close second to prevent the upper layers from sending 3229 * ``a flurry of terminate-request packets'', as the RFC 3230 * describes it. 3231 */ 3232 for (i = 0; i < IDX_COUNT; i++) { 3233 scp = &sp->scp[(cps[i])->protoidx]; 3234 3235 if (((cps[i])->flags & CP_LCP) == 0) 3236 sppp_wq_add(sp->wq_cp, &scp->work_down); 3237 3238 if ((cps[i])->flags & CP_AUTH) { 3239 sppp_wq_add(sp->wq_cp, &scp->work_close); 3240 } 3241 3242 /* Close all NCPs. */ 3243 if (phase == SPPP_PHASE_NETWORK && 3244 ((cps[i])->flags & CP_NCP) != 0) { 3245 sppp_wq_add(sp->wq_cp, &scp->work_close); 3246 } 3247 } 3248 } 3249 3250 static void 3251 sppp_lcp_tls(const struct cp *cp __unused, struct sppp *sp) 3252 { 3253 3254 KASSERT(SPPP_WLOCKED(sp)); 3255 3256 sppp_change_phase(sp, SPPP_PHASE_ESTABLISH); 3257 3258 /* Notify lower layer if desired. */ 3259 sppp_notify_tls_wlocked(sp); 3260 sp->lcp.tlf_sent = false; 3261 } 3262 3263 static void 3264 sppp_lcp_tlf(const struct cp *cp __unused, struct sppp *sp) 3265 { 3266 3267 KASSERT(SPPP_WLOCKED(sp)); 3268 3269 sppp_change_phase(sp, SPPP_PHASE_DEAD); 3270 3271 /* Notify lower layer if desired. */ 3272 sppp_notify_tlf_wlocked(sp); 3273 3274 switch (sp->scp[IDX_LCP].state) { 3275 case STATE_CLOSED: 3276 case STATE_STOPPED: 3277 sp->lcp.tlf_sent = true; 3278 break; 3279 case STATE_INITIAL: 3280 default: 3281 /* just in case */ 3282 sp->lcp.tlf_sent = false; 3283 } 3284 } 3285 3286 static void 3287 sppp_lcp_scr(struct sppp *sp) 3288 { 3289 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 3290 int i = 0; 3291 u_short authproto; 3292 3293 KASSERT(SPPP_WLOCKED(sp)); 3294 3295 if (ISSET(sp->lcp.opts, SPPP_LCP_OPT_MAGIC)) { 3296 if (! sp->lcp.magic) 3297 sp->lcp.magic = cprng_fast32(); 3298 opt[i++] = LCP_OPT_MAGIC; 3299 opt[i++] = 6; 3300 opt[i++] = sp->lcp.magic >> 24; 3301 opt[i++] = sp->lcp.magic >> 16; 3302 opt[i++] = sp->lcp.magic >> 8; 3303 opt[i++] = sp->lcp.magic; 3304 } 3305 3306 if (ISSET(sp->lcp.opts,SPPP_LCP_OPT_MRU)) { 3307 opt[i++] = LCP_OPT_MRU; 3308 opt[i++] = 4; 3309 opt[i++] = sp->lcp.mru >> 8; 3310 opt[i++] = sp->lcp.mru; 3311 } 3312 3313 if (ISSET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO)) { 3314 authproto = sp->hisauth.proto; 3315 opt[i++] = LCP_OPT_AUTH_PROTO; 3316 opt[i++] = authproto == PPP_CHAP? 5: 4; 3317 opt[i++] = authproto >> 8; 3318 opt[i++] = authproto; 3319 if (authproto == PPP_CHAP) 3320 opt[i++] = CHAP_MD5; 3321 } 3322 3323 sp->scp[IDX_LCP].confid = ++sp->scp[IDX_LCP].seq; 3324 sppp_cp_send(sp, PPP_LCP, CONF_REQ, sp->scp[IDX_LCP].confid, i, &opt); 3325 } 3326 3327 /* 3328 * Check the open NCPs, return true if at least one NCP is open. 3329 */ 3330 3331 static int 3332 sppp_cp_check(struct sppp *sp, u_char cp_flags) 3333 { 3334 int i, mask; 3335 3336 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 3337 if ((sp->lcp.protos & mask) && (cps[i])->flags & cp_flags) 3338 return 1; 3339 return 0; 3340 } 3341 3342 /* 3343 * Re-check the open NCPs and see if we should terminate the link. 3344 * Called by the NCPs during their tlf action handling. 3345 */ 3346 static void 3347 sppp_lcp_check_and_close(struct sppp *sp) 3348 { 3349 3350 KASSERT(SPPP_WLOCKED(sp)); 3351 3352 if (sp->pp_phase < SPPP_PHASE_AUTHENTICATE) { 3353 /* don't bother, we are already going down */ 3354 return; 3355 } 3356 3357 if (sp->pp_phase == SPPP_PHASE_AUTHENTICATE && 3358 sppp_cp_check(sp, CP_AUTH)) 3359 return; 3360 3361 if (sp->pp_phase >= SPPP_PHASE_NETWORK && 3362 sppp_cp_check(sp, CP_NCP)) 3363 return; 3364 3365 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 3366 3367 if (sp->pp_max_auth_fail != 0 && 3368 sp->pp_auth_failures >= sp->pp_max_auth_fail) { 3369 SPPP_LOG(sp, LOG_INFO, "authentication failed %d times, " 3370 "not retrying again\n", sp->pp_auth_failures); 3371 3372 sppp_wq_add(sp->wq_cp, &sp->work_ifdown); 3373 sp->pp_if.if_flags &= ~IFF_RUNNING; 3374 } else { 3375 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); 3376 } 3377 } 3378 3379 /* 3380 *--------------------------------------------------------------------------* 3381 * * 3382 * The IPCP implementation. * 3383 * * 3384 *--------------------------------------------------------------------------* 3385 */ 3386 3387 static void 3388 sppp_ipcp_init(struct sppp *sp) 3389 { 3390 3391 KASSERT(SPPP_WLOCKED(sp)); 3392 3393 sppp_cp_init(&ipcp, sp); 3394 3395 sp->ipcp.opts = 0; 3396 sp->ipcp.flags = 0; 3397 } 3398 3399 static void 3400 sppp_ipcp_open(struct sppp *sp, void *xcp) 3401 { 3402 uint32_t myaddr, hisaddr; 3403 3404 KASSERT(SPPP_WLOCKED(sp)); 3405 KASSERT(!cpu_softintr_p()); 3406 3407 if (!ISSET(sp->pp_ncpflags, SPPP_NCP_IPCP)) 3408 return; 3409 3410 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN|IPCP_HISADDR_DYN); 3411 sp->ipcp.req_myaddr = 0; 3412 sp->ipcp.req_hisaddr = 0; 3413 memset(&sp->dns_addrs, 0, sizeof sp->dns_addrs); 3414 3415 #ifdef INET 3416 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 3417 #else 3418 myaddr = hisaddr = 0; 3419 #endif 3420 /* 3421 * If we don't have his address, this probably means our 3422 * interface doesn't want to talk IP at all. (This could 3423 * be the case if somebody wants to speak only IPX, for 3424 * example.) Don't open IPCP in this case. 3425 */ 3426 if (hisaddr == 0) { 3427 /* XXX this message should go away */ 3428 SPPP_DLOG(sp, "ipcp_open(): no IP interface\n"); 3429 return; 3430 } 3431 3432 if (myaddr == 0) { 3433 /* 3434 * I don't have an assigned address, so i need to 3435 * negotiate my address. 3436 */ 3437 sp->ipcp.flags |= IPCP_MYADDR_DYN; 3438 SET(sp->ipcp.opts, SPPP_IPCP_OPT_ADDRESS); 3439 } 3440 if (hisaddr == 1) { 3441 /* 3442 * XXX - remove this hack! 3443 * remote has no valid address, we need to get one assigned. 3444 */ 3445 sp->ipcp.flags |= IPCP_HISADDR_DYN; 3446 sp->ipcp.saved_hisaddr = htonl(hisaddr); 3447 } 3448 3449 if (sp->query_dns & 1) { 3450 SET(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS); 3451 } else { 3452 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS); 3453 } 3454 3455 if (sp->query_dns & 2) { 3456 SET(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS); 3457 } else { 3458 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS); 3459 } 3460 sppp_open_event(sp, xcp); 3461 } 3462 3463 static void 3464 sppp_ipcp_close(struct sppp *sp, void *xcp) 3465 { 3466 3467 KASSERT(SPPP_WLOCKED(sp)); 3468 KASSERT(!cpu_softintr_p()); 3469 3470 sppp_close_event(sp, xcp); 3471 3472 #ifdef INET 3473 if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN)) { 3474 /* 3475 * Some address was dynamic, clear it again. 3476 */ 3477 sppp_clear_ip_addrs(sp); 3478 } 3479 #endif 3480 memset(&sp->dns_addrs, 0, sizeof sp->dns_addrs); 3481 } 3482 3483 /* 3484 * Analyze a configure request. Return true if it was agreeable, and 3485 * caused action sca, false if it has been rejected or nak'ed, and 3486 * caused action scn. (The return value is used to make the state 3487 * transition decision in the state automaton.) 3488 */ 3489 static enum cp_rcr_type 3490 sppp_ipcp_confreq(struct sppp *sp, struct lcp_header *h, int origlen, 3491 uint8_t **msgbuf, size_t *buflen, size_t *msglen) 3492 { 3493 u_char *buf, *r, *p, l, blen; 3494 enum cp_rcr_type type; 3495 int rlen, len; 3496 uint32_t hisaddr, desiredaddr; 3497 char ipbuf[SPPP_IPCPOPT_NAMELEN]; 3498 char dqbuf[SPPP_DOTQUAD_BUFLEN]; 3499 const char *dq; 3500 bool debug; 3501 3502 KASSERT(SPPP_WLOCKED(sp)); 3503 3504 type = CP_RCR_NONE; 3505 origlen -= sizeof(*h); 3506 3507 if (origlen < 0) 3508 return CP_RCR_DROP; 3509 3510 debug = sppp_debug_enabled(sp); 3511 3512 /* 3513 * Make sure to allocate a buf that can at least hold a 3514 * conf-nak with an `address' option. We might need it below. 3515 */ 3516 blen = MAX(6, origlen); 3517 3518 buf = kmem_intr_alloc(blen, KM_NOSLEEP); 3519 if (buf == NULL) 3520 return CP_RCR_DROP; 3521 3522 /* pass 1: see if we can recognize them */ 3523 if (debug) 3524 SPPP_LOG(sp, LOG_DEBUG, "ipcp parse opts:"); 3525 p = (void *)(h + 1); 3526 r = buf; 3527 rlen = 0; 3528 for (len = origlen; len > 1; len -= l, p += l) { 3529 l = p[1]; 3530 if (l == 0) 3531 break; 3532 3533 /* Sanity check option length */ 3534 if (l > len) { 3535 /* XXX should we just RXJ? */ 3536 if (debug) 3537 addlog("\n"); 3538 3539 SPPP_LOG(sp, LOG_DEBUG, 3540 " malicious IPCP option received, dropping\n"); 3541 type = CP_RCR_ERR; 3542 goto end; 3543 } 3544 if (debug) { 3545 addlog(" %s", 3546 sppp_ipcp_opt_name(ipbuf, sizeof(ipbuf), *p)); 3547 } 3548 switch (p[0]) { 3549 #ifdef notyet 3550 case IPCP_OPT_COMPRESSION: 3551 if (len >= 6 && l >= 6) { 3552 /* correctly formed compress option */ 3553 continue; 3554 } 3555 if (debug) 3556 addlog(" [invalid]"); 3557 break; 3558 #endif 3559 case IPCP_OPT_ADDRESS: 3560 if (len >= 6 && l == 6) { 3561 /* correctly formed address option */ 3562 continue; 3563 } 3564 if (debug) 3565 addlog(" [invalid]"); 3566 break; 3567 default: 3568 /* Others not supported. */ 3569 if (debug) 3570 addlog(" [rej]"); 3571 break; 3572 } 3573 /* Add the option to rejected list. */ 3574 if (rlen + l > blen) { 3575 if (debug) 3576 addlog(" [overflow]"); 3577 continue; 3578 } 3579 memcpy(r, p, l); 3580 r += l; 3581 rlen += l; 3582 } 3583 3584 if (rlen > 0) { 3585 type = CP_RCR_REJ; 3586 goto end; 3587 } 3588 3589 if (debug) 3590 addlog("\n"); 3591 3592 /* pass 2: parse option values */ 3593 if (sp->ipcp.flags & IPCP_HISADDR_SEEN) 3594 hisaddr = sp->ipcp.req_hisaddr; /* we already aggreed on that */ 3595 else 3596 #ifdef INET 3597 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */ 3598 #else 3599 hisaddr = 0; 3600 #endif 3601 if (debug) 3602 SPPP_LOG(sp, LOG_DEBUG, "ipcp parse opt values:"); 3603 p = (void *)(h + 1); 3604 r = buf; 3605 rlen = 0; 3606 for (len = origlen; len > 1; len -= l, p += l) { 3607 l = p[1]; 3608 if (l == 0) 3609 break; 3610 3611 if (debug) { 3612 addlog(" %s", 3613 sppp_ipcp_opt_name(ipbuf, sizeof(ipbuf), *p)); 3614 } 3615 switch (p[0]) { 3616 #ifdef notyet 3617 case IPCP_OPT_COMPRESSION: 3618 continue; 3619 #endif 3620 case IPCP_OPT_ADDRESS: 3621 desiredaddr = p[2] << 24 | p[3] << 16 | 3622 p[4] << 8 | p[5]; 3623 if (desiredaddr == hisaddr || 3624 ((sp->ipcp.flags & IPCP_HISADDR_DYN) && desiredaddr != 0)) { 3625 /* 3626 * Peer's address is same as our value, 3627 * this is agreeable. Gonna conf-ack 3628 * it. 3629 */ 3630 if (debug) { 3631 dq = sppp_dotted_quad(dqbuf, 3632 sizeof(dqbuf), hisaddr); 3633 addlog(" %s [ack]", dq); 3634 } 3635 /* record that we've seen it already */ 3636 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 3637 sp->ipcp.req_hisaddr = desiredaddr; 3638 hisaddr = desiredaddr; 3639 continue; 3640 } 3641 /* 3642 * The address wasn't agreeable. This is either 3643 * he sent us 0.0.0.0, asking to assign him an 3644 * address, or he send us another address not 3645 * matching our value. Either case, we gonna 3646 * conf-nak it with our value. 3647 */ 3648 if (debug) { 3649 if (desiredaddr == 0) { 3650 addlog(" [addr requested]"); 3651 } else { 3652 dq = sppp_dotted_quad(dqbuf, 3653 sizeof(dqbuf), desiredaddr); 3654 addlog(" %s [not agreed]", dq); 3655 } 3656 } 3657 3658 p[2] = hisaddr >> 24; 3659 p[3] = hisaddr >> 16; 3660 p[4] = hisaddr >> 8; 3661 p[5] = hisaddr; 3662 break; 3663 } 3664 if (rlen + l > blen) { 3665 if (debug) 3666 addlog(" [overflow]"); 3667 continue; 3668 } 3669 /* Add the option to nak'ed list. */ 3670 memcpy(r, p, l); 3671 r += l; 3672 rlen += l; 3673 } 3674 3675 if (rlen > 0) { 3676 type = CP_RCR_NAK; 3677 } else { 3678 if ((sp->ipcp.flags & IPCP_HISADDR_SEEN) == 0) { 3679 /* 3680 * If we are about to conf-ack the request, but haven't seen 3681 * his address so far, gonna conf-nak it instead, with the 3682 * `address' option present and our idea of his address being 3683 * filled in there, to request negotiation of both addresses. 3684 * 3685 * XXX This can result in an endless req - nak loop if peer 3686 * doesn't want to send us his address. Q: What should we do 3687 * about it? XXX A: implement the max-failure counter. 3688 */ 3689 buf[0] = IPCP_OPT_ADDRESS; 3690 buf[1] = 6; 3691 buf[2] = hisaddr >> 24; 3692 buf[3] = hisaddr >> 16; 3693 buf[4] = hisaddr >> 8; 3694 buf[5] = hisaddr; 3695 rlen = 6; 3696 if (debug) 3697 addlog(" still need hisaddr"); 3698 type = CP_RCR_NAK; 3699 } else { 3700 type = CP_RCR_ACK; 3701 rlen = origlen; 3702 memcpy(r, h + 1, rlen); 3703 } 3704 } 3705 3706 end: 3707 if (debug) 3708 addlog("\n"); 3709 3710 if (type == CP_RCR_ERR || type == CP_RCR_DROP) { 3711 if (buf != NULL) 3712 kmem_intr_free(buf, blen); 3713 } else { 3714 *msgbuf = buf; 3715 *buflen = blen; 3716 *msglen = rlen; 3717 } 3718 3719 return type; 3720 } 3721 3722 /* 3723 * Analyze the IPCP Configure-Reject option list, and adjust our 3724 * negotiation. 3725 */ 3726 static void 3727 sppp_ipcp_confrej(struct sppp *sp, struct lcp_header *h, int len) 3728 { 3729 u_char *p, l; 3730 bool debug; 3731 3732 KASSERT(SPPP_WLOCKED(sp)); 3733 3734 if (len <= sizeof(*h)) 3735 return; 3736 3737 len -= sizeof(*h); 3738 debug = sppp_debug_enabled(sp); 3739 3740 if (debug) 3741 SPPP_LOG(sp, LOG_DEBUG, "ipcp rej opts:"); 3742 3743 p = (void *)(h + 1); 3744 for (; len > 1; len -= l, p += l) { 3745 l = p[1]; 3746 if (l == 0) 3747 break; 3748 3749 /* Sanity check option length */ 3750 if (l > len) { 3751 /* XXX should we just RXJ? */ 3752 if (debug) 3753 addlog("\n"); 3754 SPPP_LOG(sp, LOG_DEBUG, 3755 "malicious IPCP option received, dropping\n"); 3756 goto end; 3757 } 3758 if (debug) { 3759 char ipbuf[SPPP_IPCPOPT_NAMELEN]; 3760 addlog(" %s", 3761 sppp_ipcp_opt_name(ipbuf, sizeof(ipbuf), *p)); 3762 } 3763 switch (p[0]) { 3764 case IPCP_OPT_ADDRESS: 3765 /* 3766 * Peer doesn't grok address option. This is 3767 * bad. XXX Should we better give up here? 3768 */ 3769 if (!debug) { 3770 SPPP_LOG(sp, LOG_ERR, 3771 "IPCP address option rejected\n"); 3772 } 3773 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_ADDRESS); 3774 break; 3775 #ifdef notyet 3776 case IPCP_OPT_COMPRESS: 3777 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_COMPRESS); 3778 break; 3779 #endif 3780 case IPCP_OPT_PRIMDNS: 3781 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS); 3782 break; 3783 3784 case IPCP_OPT_SECDNS: 3785 CLR(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS); 3786 break; 3787 } 3788 } 3789 if (debug) 3790 addlog("\n"); 3791 end: 3792 return; 3793 } 3794 3795 /* 3796 * Analyze the IPCP Configure-NAK option list, and adjust our 3797 * negotiation. 3798 */ 3799 static void 3800 sppp_ipcp_confnak(struct sppp *sp, struct lcp_header *h, int len) 3801 { 3802 u_char *p, l; 3803 struct ifnet *ifp = &sp->pp_if; 3804 int debug = ifp->if_flags & IFF_DEBUG; 3805 uint32_t wantaddr; 3806 3807 KASSERT(SPPP_WLOCKED(sp)); 3808 3809 len -= sizeof(*h); 3810 3811 debug = sppp_debug_enabled(sp); 3812 3813 if (debug) 3814 SPPP_LOG(sp, LOG_DEBUG, "ipcp nak opts:"); 3815 3816 p = (void *)(h + 1); 3817 for (; len > 1; len -= l, p += l) { 3818 l = p[1]; 3819 if (l == 0) 3820 break; 3821 3822 /* Sanity check option length */ 3823 if (l > len) { 3824 /* XXX should we just RXJ? */ 3825 if (debug) 3826 addlog("\n"); 3827 SPPP_LOG(sp, LOG_DEBUG, 3828 "malicious IPCP option received, dropping\n"); 3829 return; 3830 } 3831 if (debug) { 3832 char ipbuf[SPPP_IPCPOPT_NAMELEN]; 3833 addlog(" %s", 3834 sppp_ipcp_opt_name(ipbuf, sizeof(ipbuf), *p)); 3835 } 3836 switch (*p) { 3837 case IPCP_OPT_ADDRESS: 3838 /* 3839 * Peer doesn't like our local IP address. See 3840 * if we can do something for him. We'll drop 3841 * him our address then. 3842 */ 3843 if (len >= 6 && l == 6) { 3844 wantaddr = p[2] << 24 | p[3] << 16 | 3845 p[4] << 8 | p[5]; 3846 SET(sp->ipcp.opts, SPPP_IPCP_OPT_ADDRESS); 3847 if (debug) { 3848 char dqbuf[SPPP_DOTQUAD_BUFLEN]; 3849 const char *dq; 3850 3851 dq = sppp_dotted_quad(dqbuf, 3852 sizeof(dqbuf), wantaddr); 3853 addlog(" [wantaddr %s]", dq); 3854 } 3855 /* 3856 * When doing dynamic address assignment, 3857 * we accept his offer. Otherwise, we 3858 * ignore it and thus continue to negotiate 3859 * our already existing value. 3860 */ 3861 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3862 if (ntohl(wantaddr) != INADDR_ANY) { 3863 if (debug) 3864 addlog(" [agree]"); 3865 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3866 sp->ipcp.req_myaddr = wantaddr; 3867 } else { 3868 if (debug) 3869 addlog(" [not agreed]"); 3870 } 3871 } 3872 } 3873 break; 3874 3875 case IPCP_OPT_PRIMDNS: 3876 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS) && 3877 len >= 6 && l == 6) { 3878 sp->dns_addrs[0] = p[2] << 24 | p[3] << 16 | 3879 p[4] << 8 | p[5]; 3880 } 3881 break; 3882 3883 case IPCP_OPT_SECDNS: 3884 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS) && 3885 len >= 6 && l == 6) { 3886 sp->dns_addrs[1] = p[2] << 24 | p[3] << 16 | 3887 p[4] << 8 | p[5]; 3888 } 3889 break; 3890 #ifdef notyet 3891 case IPCP_OPT_COMPRESS: 3892 /* 3893 * Peer wants different compression parameters. 3894 */ 3895 break; 3896 #endif 3897 } 3898 } 3899 if (debug) 3900 addlog("\n"); 3901 } 3902 3903 static void 3904 sppp_ipcp_tlu(struct sppp *sp) 3905 { 3906 #ifdef INET 3907 struct ifnet *ifp; 3908 3909 KASSERT(SPPP_WLOCKED(sp)); 3910 3911 SPPP_LOG(sp, LOG_INFO, "IPCP layer up\n"); 3912 ifp = &sp->pp_if; 3913 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && 3914 ((sp->ipcp.flags & IPCP_MYADDR_SEEN) == 0)) { 3915 SPPP_LOG(sp, LOG_WARNING, 3916 "no IP address, closing IPCP\n"); 3917 sppp_wq_add(sp->wq_cp, 3918 &sp->scp[IDX_IPCP].work_close); 3919 } else { 3920 /* we are up. Set addresses and notify anyone interested */ 3921 sppp_set_ip_addrs(sp); 3922 rt_ifmsg(ifp); 3923 } 3924 #endif 3925 } 3926 3927 static void 3928 sppp_ipcp_tld(struct sppp *sp) 3929 { 3930 #ifdef INET 3931 struct ifnet *ifp; 3932 3933 KASSERT(SPPP_WLOCKED(sp)); 3934 3935 SPPP_LOG(sp, LOG_INFO, "IPCP layer down\n"); 3936 ifp = &sp->pp_if; 3937 rt_ifmsg(ifp); 3938 #endif 3939 } 3940 3941 static void 3942 sppp_ipcp_scr(struct sppp *sp) 3943 { 3944 uint8_t opt[6 /* compression */ + 6 /* address */ + 12 /* dns addresses */]; 3945 #ifdef INET 3946 uint32_t ouraddr; 3947 #endif 3948 int i = 0; 3949 3950 KASSERT(SPPP_WLOCKED(sp)); 3951 3952 #ifdef notyet 3953 if (ISSET(sp->ipcp.opts,SPPP_IPCP_OPT_COMPRESSION)) { 3954 opt[i++] = IPCP_OPT_COMPRESSION; 3955 opt[i++] = 6; 3956 opt[i++] = 0; /* VJ header compression */ 3957 opt[i++] = 0x2d; /* VJ header compression */ 3958 opt[i++] = max_slot_id; 3959 opt[i++] = comp_slot_id; 3960 } 3961 #endif 3962 3963 #ifdef INET 3964 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_ADDRESS)) { 3965 if (sp->ipcp.flags & IPCP_MYADDR_SEEN) { 3966 ouraddr = sp->ipcp.req_myaddr; /* not sure if this can ever happen */ 3967 } else { 3968 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3969 } 3970 opt[i++] = IPCP_OPT_ADDRESS; 3971 opt[i++] = 6; 3972 opt[i++] = ouraddr >> 24; 3973 opt[i++] = ouraddr >> 16; 3974 opt[i++] = ouraddr >> 8; 3975 opt[i++] = ouraddr; 3976 } 3977 #endif 3978 3979 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_PRIMDNS)) { 3980 opt[i++] = IPCP_OPT_PRIMDNS; 3981 opt[i++] = 6; 3982 opt[i++] = sp->dns_addrs[0] >> 24; 3983 opt[i++] = sp->dns_addrs[0] >> 16; 3984 opt[i++] = sp->dns_addrs[0] >> 8; 3985 opt[i++] = sp->dns_addrs[0]; 3986 } 3987 if (ISSET(sp->ipcp.opts, SPPP_IPCP_OPT_SECDNS)) { 3988 opt[i++] = IPCP_OPT_SECDNS; 3989 opt[i++] = 6; 3990 opt[i++] = sp->dns_addrs[1] >> 24; 3991 opt[i++] = sp->dns_addrs[1] >> 16; 3992 opt[i++] = sp->dns_addrs[1] >> 8; 3993 opt[i++] = sp->dns_addrs[1]; 3994 } 3995 3996 sp->scp[IDX_IPCP].confid = ++sp->scp[IDX_IPCP].seq; 3997 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->scp[IDX_IPCP].confid, i, &opt); 3998 } 3999 4000 /* 4001 *--------------------------------------------------------------------------* 4002 * * 4003 * The IPv6CP implementation. * 4004 * * 4005 *--------------------------------------------------------------------------* 4006 */ 4007 4008 #ifdef INET6 4009 static void 4010 sppp_ipv6cp_init(struct sppp *sp) 4011 { 4012 4013 KASSERT(SPPP_WLOCKED(sp)); 4014 4015 sppp_cp_init(&ipv6cp, sp); 4016 4017 sp->ipv6cp.opts = 0; 4018 sp->ipv6cp.flags = 0; 4019 } 4020 4021 static void 4022 sppp_ipv6cp_open(struct sppp *sp, void *xcp) 4023 { 4024 struct in6_addr myaddr, hisaddr; 4025 4026 KASSERT(SPPP_WLOCKED(sp)); 4027 KASSERT(!cpu_softintr_p()); 4028 4029 if (!ISSET(sp->pp_ncpflags, SPPP_NCP_IPV6CP)) 4030 return; 4031 4032 #ifdef IPV6CP_MYIFID_DYN 4033 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 4034 #else 4035 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 4036 #endif 4037 4038 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 4039 /* 4040 * If we don't have our address, this probably means our 4041 * interface doesn't want to talk IPv6 at all. (This could 4042 * be the case if somebody wants to speak only IPX, for 4043 * example.) Don't open IPv6CP in this case. 4044 */ 4045 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 4046 /* XXX this message should go away */ 4047 SPPP_DLOG(sp, "ipv6cp_open(): no IPv6 interface\n"); 4048 return; 4049 } 4050 4051 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 4052 SET(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_IFID); 4053 sppp_open_event(sp, xcp); 4054 } 4055 4056 /* 4057 * Analyze a configure request. Return true if it was agreeable, and 4058 * caused action sca, false if it has been rejected or nak'ed, and 4059 * caused action scn. (The return value is used to make the state 4060 * transition decision in the state automaton.) 4061 */ 4062 static enum cp_rcr_type 4063 sppp_ipv6cp_confreq(struct sppp *sp, struct lcp_header *h, int origlen, 4064 uint8_t **msgbuf, size_t *buflen, size_t *msglen) 4065 { 4066 u_char *buf, *r, *p, l, blen; 4067 int rlen, len; 4068 struct in6_addr myaddr, desiredaddr, suggestaddr; 4069 enum cp_rcr_type type; 4070 int ifidcount; 4071 int collision, nohisaddr; 4072 char ip6buf[INET6_ADDRSTRLEN]; 4073 char tbuf[SPPP_CPTYPE_NAMELEN]; 4074 char ipv6buf[SPPP_IPV6CPOPT_NAMELEN]; 4075 const char *cpname; 4076 bool debug; 4077 4078 KASSERT(SPPP_WLOCKED(sp)); 4079 4080 debug = sppp_debug_enabled(sp); 4081 type = CP_RCR_NONE; 4082 origlen -= sizeof(*h); 4083 4084 if (origlen < 0) 4085 return CP_RCR_DROP; 4086 4087 /* 4088 * Make sure to allocate a buf that can at least hold a 4089 * conf-nak with an `address' option. We might need it below. 4090 */ 4091 blen = MAX(6, origlen); 4092 4093 buf = kmem_intr_alloc(blen, KM_NOSLEEP); 4094 if (buf == NULL) 4095 return CP_RCR_DROP; 4096 4097 /* pass 1: see if we can recognize them */ 4098 if (debug) 4099 SPPP_LOG(sp, LOG_DEBUG, "ipv6cp parse opts:"); 4100 p = (void *)(h + 1); 4101 r = buf; 4102 rlen = 0; 4103 ifidcount = 0; 4104 for (len = origlen; len > 1; len -= l, p += l) { 4105 l = p[1]; 4106 if (l == 0) 4107 break; 4108 4109 /* Sanity check option length */ 4110 if (l > len) { 4111 /* XXX just RXJ? */ 4112 if (debug) 4113 addlog("\n"); 4114 SPPP_LOG(sp, LOG_DEBUG, 4115 "received malicious IPCPv6 option, " 4116 "dropping\n"); 4117 type = CP_RCR_ERR; 4118 goto end; 4119 } 4120 if (debug) { 4121 addlog(" %s", sppp_ipv6cp_opt_name(ipv6buf, 4122 sizeof(ipv6buf),*p)); 4123 } 4124 switch (p[0]) { 4125 case IPV6CP_OPT_IFID: 4126 if (len >= 10 && l == 10 && ifidcount == 0) { 4127 /* correctly formed address option */ 4128 ifidcount++; 4129 continue; 4130 } 4131 if (debug) 4132 addlog(" [invalid]"); 4133 break; 4134 #ifdef notyet 4135 case IPV6CP_OPT_COMPRESSION: 4136 if (len >= 4 && l >= 4) { 4137 /* correctly formed compress option */ 4138 continue; 4139 } 4140 if (debug) 4141 addlog(" [invalid]"); 4142 break; 4143 #endif 4144 default: 4145 /* Others not supported. */ 4146 if (debug) 4147 addlog(" [rej]"); 4148 break; 4149 } 4150 if (rlen + l > blen) { 4151 if (debug) 4152 addlog(" [overflow]"); 4153 continue; 4154 } 4155 /* Add the option to rejected list. */ 4156 memcpy(r, p, l); 4157 r += l; 4158 rlen += l; 4159 } 4160 4161 if (rlen > 0) { 4162 type = CP_RCR_REJ; 4163 goto end; 4164 } 4165 4166 if (debug) 4167 addlog("\n"); 4168 4169 /* pass 2: parse option values */ 4170 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 4171 if (debug) 4172 SPPP_LOG(sp, LOG_DEBUG, "ipv6cp parse opt values:"); 4173 p = (void *)(h + 1); 4174 r = buf; 4175 rlen = 0; 4176 type = CP_RCR_ACK; 4177 for (len = origlen; len > 1; len -= l, p += l) { 4178 l = p[1]; 4179 if (l == 0) 4180 break; 4181 4182 if (debug) { 4183 addlog(" %s", sppp_ipv6cp_opt_name(ipv6buf, 4184 sizeof(ipv6buf), *p)); 4185 } 4186 switch (p[0]) { 4187 #ifdef notyet 4188 case IPV6CP_OPT_COMPRESSION: 4189 continue; 4190 #endif 4191 case IPV6CP_OPT_IFID: 4192 memset(&desiredaddr, 0, sizeof(desiredaddr)); 4193 memcpy(&desiredaddr.s6_addr[8], &p[2], 8); 4194 collision = (memcmp(&desiredaddr.s6_addr[8], 4195 &myaddr.s6_addr[8], 8) == 0); 4196 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 4197 4198 desiredaddr.s6_addr16[0] = htons(0xfe80); 4199 (void)in6_setscope(&desiredaddr, &sp->pp_if, NULL); 4200 4201 if (!collision && !nohisaddr) { 4202 /* no collision, hisaddr known - Conf-Ack */ 4203 type = CP_RCR_ACK; 4204 memcpy(sp->ipv6cp.my_ifid, &myaddr.s6_addr[8], 4205 sizeof(sp->ipv6cp.my_ifid)); 4206 memcpy(sp->ipv6cp.his_ifid, 4207 &desiredaddr.s6_addr[8], 4208 sizeof(sp->ipv6cp.my_ifid)); 4209 4210 if (debug) { 4211 cpname = sppp_cp_type_name(tbuf, 4212 sizeof(tbuf), CONF_ACK); 4213 addlog(" %s [%s]", 4214 IN6_PRINT(ip6buf, &desiredaddr), 4215 cpname); 4216 } 4217 continue; 4218 } 4219 4220 memset(&suggestaddr, 0, sizeof(suggestaddr)); 4221 if (collision && nohisaddr) { 4222 /* collision, hisaddr unknown - Conf-Rej */ 4223 type = CP_RCR_REJ; 4224 memset(&p[2], 0, 8); 4225 } else { 4226 /* 4227 * - no collision, hisaddr unknown, or 4228 * - collision, hisaddr known 4229 * Conf-Nak, suggest hisaddr 4230 */ 4231 type = CP_RCR_NAK; 4232 sppp_suggest_ip6_addr(sp, &suggestaddr); 4233 memcpy(&p[2], &suggestaddr.s6_addr[8], 8); 4234 } 4235 if (debug) { 4236 int ctype = type == CP_RCR_REJ ? CONF_REJ : CONF_NAK; 4237 4238 cpname = sppp_cp_type_name(tbuf, sizeof(tbuf), ctype); 4239 addlog(" %s [%s]", IN6_PRINT(ip6buf, &desiredaddr), 4240 cpname); 4241 } 4242 break; 4243 } 4244 if (rlen + l > blen) { 4245 if (debug) 4246 addlog(" [overflow]"); 4247 continue; 4248 } 4249 /* Add the option to nak'ed list. */ 4250 memcpy(r, p, l); 4251 r += l; 4252 rlen += l; 4253 } 4254 4255 if (rlen > 0) { 4256 if (type != CP_RCR_ACK) { 4257 if (debug) { 4258 int ctype ; 4259 ctype = type == CP_RCR_REJ ? 4260 CONF_REJ : CONF_NAK; 4261 cpname = sppp_cp_type_name(tbuf, sizeof(tbuf), ctype); 4262 addlog(" send %s suggest %s\n", 4263 cpname, IN6_PRINT(ip6buf, &suggestaddr)); 4264 } 4265 } 4266 #ifdef notdef 4267 if (type == CP_RCR_ACK) 4268 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 4269 #endif 4270 } else { 4271 if (type == CP_RCR_ACK) { 4272 rlen = origlen; 4273 memcpy(r, h + 1, rlen); 4274 } 4275 } 4276 end: 4277 if (debug) 4278 addlog("\n"); 4279 4280 if (type == CP_RCR_ERR || type == CP_RCR_DROP) { 4281 if (buf != NULL) 4282 kmem_intr_free(buf, blen); 4283 } else { 4284 *msgbuf = buf; 4285 *buflen = blen; 4286 *msglen = rlen; 4287 } 4288 4289 return type; 4290 } 4291 4292 /* 4293 * Analyze the IPv6CP Configure-Reject option list, and adjust our 4294 * negotiation. 4295 */ 4296 static void 4297 sppp_ipv6cp_confrej(struct sppp *sp, struct lcp_header *h, int len) 4298 { 4299 u_char *p, l; 4300 bool debug; 4301 4302 KASSERT(SPPP_WLOCKED(sp)); 4303 4304 if (len <= sizeof(*h)) 4305 return; 4306 4307 len -= sizeof(*h); 4308 debug = sppp_debug_enabled(sp); 4309 4310 if (debug) 4311 SPPP_LOG(sp, LOG_DEBUG, "ipv6cp rej opts:"); 4312 4313 p = (void *)(h + 1); 4314 for (; len > 1; len -= l, p += l) { 4315 l = p[1]; 4316 if (l == 0) 4317 break; 4318 4319 if (l > len) { 4320 /* XXX just RXJ? */ 4321 if (debug) 4322 addlog("\n"); 4323 SPPP_LOG(sp, LOG_DEBUG, 4324 "received malicious IPCPv6 option, " 4325 "dropping\n"); 4326 goto end; 4327 } 4328 if (debug) { 4329 char ipv6buf[SPPP_IPV6CPOPT_NAMELEN]; 4330 addlog(" %s", sppp_ipv6cp_opt_name(ipv6buf, 4331 sizeof(ipv6buf), *p)); 4332 } 4333 switch (p[0]) { 4334 case IPV6CP_OPT_IFID: 4335 /* 4336 * Peer doesn't grok address option. This is 4337 * bad. XXX Should we better give up here? 4338 */ 4339 CLR(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_IFID); 4340 break; 4341 #ifdef notyet 4342 case IPV6CP_OPT_COMPRESS: 4343 CLR(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_COMPRESS); 4344 break; 4345 #endif 4346 } 4347 } 4348 if (debug) 4349 addlog("\n"); 4350 end: 4351 return; 4352 } 4353 4354 /* 4355 * Analyze the IPv6CP Configure-NAK option list, and adjust our 4356 * negotiation. 4357 */ 4358 static void 4359 sppp_ipv6cp_confnak(struct sppp *sp, struct lcp_header *h, int len) 4360 { 4361 u_char *p, l; 4362 struct in6_addr suggestaddr; 4363 char ip6buf[INET6_ADDRSTRLEN]; 4364 bool debug; 4365 4366 KASSERT(SPPP_WLOCKED(sp)); 4367 4368 if (len <= sizeof(*h)) 4369 return; 4370 4371 len -= sizeof(*h); 4372 debug = sppp_debug_enabled(sp); 4373 4374 if (debug) 4375 SPPP_LOG(sp, LOG_DEBUG, "ipv6cp nak opts:"); 4376 4377 p = (void *)(h + 1); 4378 for (; len > 1; len -= l, p += l) { 4379 l = p[1]; 4380 if (l == 0) 4381 break; 4382 4383 if (l > len) { 4384 /* XXX just RXJ? */ 4385 if (debug) 4386 addlog("\n"); 4387 SPPP_LOG(sp, LOG_DEBUG, 4388 "received malicious IPCPv6 option, " 4389 "dropping\n"); 4390 goto end; 4391 } 4392 if (debug) { 4393 char ipv6buf[SPPP_IPV6CPOPT_NAMELEN]; 4394 addlog(" %s", sppp_ipv6cp_opt_name(ipv6buf, 4395 sizeof(ipv6buf), *p)); 4396 } 4397 switch (p[0]) { 4398 case IPV6CP_OPT_IFID: 4399 /* 4400 * Peer doesn't like our local ifid. See 4401 * if we can do something for him. We'll drop 4402 * him our address then. 4403 */ 4404 if (len < 10 || l != 10) 4405 break; 4406 memset(&suggestaddr, 0, sizeof(suggestaddr)); 4407 suggestaddr.s6_addr16[0] = htons(0xfe80); 4408 (void)in6_setscope(&suggestaddr, &sp->pp_if, NULL); 4409 memcpy(&suggestaddr.s6_addr[8], &p[2], 8); 4410 4411 SET(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_IFID); 4412 if (debug) 4413 addlog(" [suggestaddr %s]", 4414 IN6_PRINT(ip6buf, &suggestaddr)); 4415 #ifdef IPV6CP_MYIFID_DYN 4416 /* 4417 * When doing dynamic address assignment, 4418 * we accept his offer. 4419 */ 4420 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 4421 struct in6_addr lastsuggest; 4422 /* 4423 * If <suggested myaddr from peer> equals to 4424 * <hisaddr we have suggested last time>, 4425 * we have a collision. generate new random 4426 * ifid. 4427 */ 4428 sppp_suggest_ip6_addr(&lastsuggest); 4429 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 4430 lastsuggest)) { 4431 if (debug) 4432 addlog(" [random]"); 4433 sppp_gen_ip6_addr(sp, &suggestaddr); 4434 } 4435 sppp_set_ip6_addr(sp, &suggestaddr, 0); 4436 if (debug) 4437 addlog(" [agree]"); 4438 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 4439 } 4440 #else 4441 /* 4442 * Since we do not do dynamic address assignment, 4443 * we ignore it and thus continue to negotiate 4444 * our already existing value. This can possibly 4445 * go into infinite request-reject loop. 4446 * 4447 * This is not likely because we normally use 4448 * ifid based on MAC-address. 4449 * If you have no ethernet card on the node, too bad. 4450 * XXX should we use fail_counter? 4451 */ 4452 #endif 4453 break; 4454 #ifdef notyet 4455 case IPV6CP_OPT_COMPRESS: 4456 /* 4457 * Peer wants different compression parameters. 4458 */ 4459 break; 4460 #endif 4461 } 4462 } 4463 if (debug) 4464 addlog("\n"); 4465 end: 4466 return; 4467 } 4468 4469 static void 4470 sppp_ipv6cp_tlu(struct sppp *sp) 4471 { 4472 struct ifnet *ifp; 4473 4474 KASSERT(SPPP_WLOCKED(sp)); 4475 4476 SPPP_LOG(sp, LOG_INFO, "IPv6CP layer up\n"); 4477 ifp = &sp->pp_if; 4478 /* we are up - notify isdn daemon */ 4479 sppp_notify_con_wlocked(sp); 4480 rt_ifmsg(ifp); 4481 } 4482 4483 static void 4484 sppp_ipv6cp_tld(struct sppp *sp) 4485 { 4486 struct ifnet *ifp; 4487 4488 KASSERT(SPPP_WLOCKED(sp)); 4489 4490 SPPP_LOG(sp, LOG_INFO, "IPv6CP layer down\n"); 4491 ifp = &sp->pp_if; 4492 rt_ifmsg(ifp); 4493 } 4494 4495 static void 4496 sppp_ipv6cp_scr(struct sppp *sp) 4497 { 4498 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 4499 struct in6_addr ouraddr; 4500 int i = 0; 4501 4502 KASSERT(SPPP_WLOCKED(sp)); 4503 4504 if (ISSET(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_IFID)) { 4505 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 4506 4507 opt[i++] = IPV6CP_OPT_IFID; 4508 opt[i++] = 10; 4509 memcpy(&opt[i], &ouraddr.s6_addr[8], 8); 4510 i += 8; 4511 } 4512 4513 #ifdef notyet 4514 if (ISSET(sp->ipv6cp.opts, SPPP_IPV6CP_OPT_COMPRESSION)) { 4515 opt[i++] = IPV6CP_OPT_COMPRESSION; 4516 opt[i++] = 4; 4517 opt[i++] = 0; /* TBD */ 4518 opt[i++] = 0; /* TBD */ 4519 /* variable length data may follow */ 4520 } 4521 #endif 4522 4523 sp->scp[IDX_IPV6CP].confid = ++sp->scp[IDX_IPV6CP].seq; 4524 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->scp[IDX_IPV6CP].confid, i, &opt); 4525 } 4526 #else /*INET6*/ 4527 static void 4528 sppp_ipv6cp_init(struct sppp *sp) 4529 { 4530 4531 KASSERT(SPPP_WLOCKED(sp)); 4532 } 4533 4534 static void 4535 sppp_ipv6cp_open(struct sppp *sp, void *xcp) 4536 { 4537 4538 KASSERT(SPPP_WLOCKED(sp)); 4539 } 4540 4541 static enum cp_rcr_type 4542 sppp_ipv6cp_confreq(struct sppp *sp, struct lcp_header *h, 4543 int len, uint8_t **msgbuf, size_t *buflen, size_t *msglen) 4544 { 4545 4546 KASSERT(SPPP_WLOCKED(sp)); 4547 return 0; 4548 } 4549 4550 static void 4551 sppp_ipv6cp_confrej(struct sppp *sp, struct lcp_header *h, 4552 int len) 4553 { 4554 4555 KASSERT(SPPP_WLOCKED(sp)); 4556 } 4557 4558 static void 4559 sppp_ipv6cp_confnak(struct sppp *sp, struct lcp_header *h, 4560 int len) 4561 { 4562 4563 KASSERT(SPPP_WLOCKED(sp)); 4564 } 4565 4566 static void 4567 sppp_ipv6cp_tlu(struct sppp *sp) 4568 { 4569 4570 KASSERT(SPPP_WLOCKED(sp)); 4571 } 4572 4573 static void 4574 sppp_ipv6cp_tld(struct sppp *sp) 4575 { 4576 4577 KASSERT(SPPP_WLOCKED(sp)); 4578 } 4579 4580 static void 4581 sppp_ipv6cp_scr(struct sppp *sp) 4582 { 4583 4584 KASSERT(SPPP_WLOCKED(sp)); 4585 } 4586 #endif /*INET6*/ 4587 4588 /* 4589 *--------------------------------------------------------------------------* 4590 * * 4591 * The CHAP implementation. * 4592 * * 4593 *--------------------------------------------------------------------------* 4594 */ 4595 /* 4596 * The authentication protocols is implemented on the state machine for 4597 * control protocols. And it uses following actions and events. 4598 * 4599 * Actions: 4600 * - scr: send CHAP_CHALLENGE and CHAP_RESPONSE 4601 * - sca: send CHAP_SUCCESS 4602 * - scn: send CHAP_FAILURE and shutdown lcp 4603 * Events: 4604 * - RCR+: receive CHAP_RESPONSE containing correct digest 4605 * - RCR-: receive CHAP_RESPONSE containing wrong digest 4606 * - RCA: receive CHAP_SUCCESS 4607 * - RCN: (this event is unused) 4608 * - TO+: re-send CHAP_CHALLENGE and CHAP_RESPONSE 4609 * - TO-: this layer finish 4610 */ 4611 4612 /* 4613 * Handle incoming CHAP packets. 4614 */ 4615 void 4616 sppp_chap_input(struct sppp *sp, struct mbuf *m) 4617 { 4618 struct ifnet *ifp; 4619 struct lcp_header *h; 4620 int len, x; 4621 u_char *value, *name, digest[sizeof(sp->chap.challenge)]; 4622 int value_len, name_len; 4623 MD5_CTX ctx; 4624 char abuf[SPPP_AUTHTYPE_NAMELEN]; 4625 const char *authname; 4626 bool debug; 4627 4628 ifp = &sp->pp_if; 4629 debug = sppp_debug_enabled(sp); 4630 len = m->m_pkthdr.len; 4631 if (len < 4) { 4632 SPPP_DLOG(sp, "chap invalid packet length: " 4633 "%d bytes\n", len); 4634 return; 4635 } 4636 h = mtod(m, struct lcp_header *); 4637 if (len > ntohs(h->len)) 4638 len = ntohs(h->len); 4639 4640 SPPP_LOCK(sp, RW_WRITER); 4641 4642 switch (h->type) { 4643 /* challenge, failure and success are his authproto */ 4644 case CHAP_CHALLENGE: 4645 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 4646 /* can't do anything useful */ 4647 sp->pp_auth_failures++; 4648 SPPP_DLOG(sp, "chap input " 4649 "without my name and my secret being set\n"); 4650 break; 4651 } 4652 value = 1 + (u_char *)(h + 1); 4653 value_len = value[-1]; 4654 name = value + value_len; 4655 name_len = len - value_len - 5; 4656 if (name_len < 0) { 4657 if (debug) { 4658 authname = sppp_auth_type_name(abuf, 4659 sizeof(abuf), PPP_CHAP, h->type); 4660 SPPP_LOG(sp, LOG_DEBUG, 4661 "chap corrupted challenge " 4662 "<%s id=0x%x len=%d", 4663 authname, h->ident, ntohs(h->len)); 4664 if (len > 4) 4665 sppp_print_bytes((u_char *)(h + 1), 4666 len - 4); 4667 addlog(">\n"); 4668 } 4669 break; 4670 } 4671 4672 if (debug) { 4673 authname = sppp_auth_type_name(abuf, 4674 sizeof(abuf), PPP_CHAP, h->type); 4675 SPPP_LOG(sp, LOG_DEBUG, 4676 "chap input <%s id=0x%x len=%d name=", 4677 authname, h->ident, ntohs(h->len)); 4678 sppp_print_string((char *) name, name_len); 4679 addlog(" value-size=%d value=", value_len); 4680 sppp_print_bytes(value, value_len); 4681 addlog(">\n"); 4682 } 4683 4684 /* Compute reply value. */ 4685 MD5Init(&ctx); 4686 MD5Update(&ctx, &h->ident, 1); 4687 MD5Update(&ctx, sp->myauth.secret, sp->myauth.secret_len); 4688 MD5Update(&ctx, value, value_len); 4689 MD5Final(sp->chap.digest, &ctx); 4690 sp->chap.digest_len = sizeof(sp->chap.digest); 4691 sp->scp[IDX_CHAP].rconfid = h->ident; 4692 4693 sppp_wq_add(sp->wq_cp, &sp->chap.work_challenge_rcvd); 4694 break; 4695 4696 case CHAP_SUCCESS: 4697 if (debug) { 4698 SPPP_LOG(sp, LOG_DEBUG, "chap success"); 4699 if (len > 4) { 4700 addlog(": "); 4701 sppp_print_string((char *)(h + 1), len - 4); 4702 } 4703 addlog("\n"); 4704 } 4705 4706 if (h->ident != sp->scp[IDX_CHAP].rconfid) { 4707 SPPP_DLOG(sp, "%s id mismatch 0x%x != 0x%x\n", 4708 chap.name, h->ident, 4709 sp->scp[IDX_CHAP].rconfid); 4710 if_statinc(ifp, if_ierrors); 4711 break; 4712 } 4713 4714 if (sp->chap.digest_len == 0) { 4715 SPPP_DLOG(sp, "receive CHAP success" 4716 " without challenge\n"); 4717 if_statinc(ifp, if_ierrors); 4718 break; 4719 } 4720 4721 x = splnet(); 4722 sp->pp_auth_failures = 0; 4723 sp->pp_flags &= ~PP_NEEDAUTH; 4724 splx(x); 4725 memset(sp->chap.digest, 0, sizeof(sp->chap.digest)); 4726 sp->chap.digest_len = 0; 4727 4728 if (!ISSET(sppp_auth_role(&chap, sp), SPPP_AUTH_SERV)) { 4729 /* 4730 * we are not authenticator for CHAP, 4731 * generate a dummy RCR+ event without CHAP_RESPONSE 4732 */ 4733 sp->scp[IDX_CHAP].rcr_type = CP_RCR_ACK; 4734 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rcr); 4735 } 4736 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rca); 4737 break; 4738 4739 case CHAP_FAILURE: 4740 if (h->ident != sp->scp[IDX_CHAP].rconfid) { 4741 SPPP_DLOG(sp, "%s id mismatch 0x%x != 0x%x\n", 4742 chap.name, h->ident, sp->scp[IDX_CHAP].rconfid); 4743 if_statinc(ifp, if_ierrors); 4744 break; 4745 } 4746 4747 if (sp->chap.digest_len == 0) { 4748 SPPP_DLOG(sp, "receive CHAP failure " 4749 "without challenge\n"); 4750 if_statinc(ifp, if_ierrors); 4751 break; 4752 } 4753 4754 x = splnet(); 4755 sp->pp_auth_failures++; 4756 splx(x); 4757 SPPP_LOG(sp, LOG_INFO, "chap failure"); 4758 if (debug) { 4759 if (len > 4) { 4760 addlog(": "); 4761 sppp_print_string((char *)(h + 1), len - 4); 4762 } 4763 } 4764 addlog("\n"); 4765 4766 memset(sp->chap.digest, 0, sizeof(sp->chap.digest)); 4767 sp->chap.digest_len = 0; 4768 /* 4769 * await LCP shutdown by authenticator, 4770 * so we don't have to enqueue sc->scp[IDX_CHAP].work_rcn 4771 */ 4772 break; 4773 4774 /* response is my authproto */ 4775 case CHAP_RESPONSE: 4776 if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) { 4777 /* can't do anything useful */ 4778 SPPP_DLOG(sp, "chap response " 4779 "without his name and his secret being set\n"); 4780 break; 4781 } 4782 value = 1 + (u_char *)(h + 1); 4783 value_len = value[-1]; 4784 name = value + value_len; 4785 name_len = len - value_len - 5; 4786 if (name_len < 0) { 4787 if (debug) { 4788 authname = sppp_auth_type_name(abuf, 4789 sizeof(abuf), PPP_CHAP, h->type); 4790 SPPP_LOG(sp, LOG_DEBUG, 4791 "chap corrupted response " 4792 "<%s id=0x%x len=%d", 4793 authname, h->ident, ntohs(h->len)); 4794 if (len > 4) 4795 sppp_print_bytes((u_char *)(h + 1), 4796 len - 4); 4797 addlog(">\n"); 4798 } 4799 break; 4800 } 4801 if (h->ident != sp->scp[IDX_CHAP].confid) { 4802 SPPP_DLOG(sp, "chap dropping response for old ID " 4803 "(got %d, expected %d)\n", 4804 h->ident, sp->scp[IDX_CHAP].confid); 4805 break; 4806 } else { 4807 sp->scp[IDX_CHAP].rconfid = h->ident; 4808 } 4809 4810 if (sp->hisauth.name != NULL && 4811 (name_len != sp->hisauth.name_len 4812 || memcmp(name, sp->hisauth.name, name_len) != 0)) { 4813 SPPP_LOG(sp, LOG_INFO, 4814 "chap response, his name "); 4815 sppp_print_string(name, name_len); 4816 addlog(" != expected "); 4817 sppp_print_string(sp->hisauth.name, 4818 sp->hisauth.name_len); 4819 addlog("\n"); 4820 4821 /* generate RCR- event */ 4822 sp->scp[IDX_CHAP].rcr_type = CP_RCR_NAK; 4823 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rcr); 4824 break; 4825 } 4826 4827 if (debug) { 4828 authname = sppp_auth_type_name(abuf, 4829 sizeof(abuf), PPP_CHAP, h->type); 4830 SPPP_LOG(sp, LOG_DEBUG, "chap input(%s) " 4831 "<%s id=0x%x len=%d name=", 4832 sppp_state_name(sp->scp[IDX_CHAP].state), 4833 authname, h->ident, ntohs(h->len)); 4834 sppp_print_string((char *)name, name_len); 4835 addlog(" value-size=%d value=", value_len); 4836 sppp_print_bytes(value, value_len); 4837 addlog(">\n"); 4838 } 4839 4840 if (value_len == sizeof(sp->chap.challenge) && 4841 value_len == sizeof(sp->chap.digest)) { 4842 MD5Init(&ctx); 4843 MD5Update(&ctx, &h->ident, 1); 4844 MD5Update(&ctx, sp->hisauth.secret, sp->hisauth.secret_len); 4845 MD5Update(&ctx, sp->chap.challenge, sizeof(sp->chap.challenge)); 4846 MD5Final(digest, &ctx); 4847 4848 if (memcmp(digest, value, value_len) == 0) { 4849 sp->scp[IDX_CHAP].rcr_type = CP_RCR_ACK; 4850 } else { 4851 sp->scp[IDX_CHAP].rcr_type = CP_RCR_NAK; 4852 } 4853 } else { 4854 if (debug) { 4855 SPPP_LOG(sp, LOG_DEBUG, 4856 "chap bad hash value length: " 4857 "%d bytes, should be %zu\n", 4858 value_len, sizeof(sp->chap.challenge)); 4859 } 4860 4861 sp->scp[IDX_CHAP].rcr_type = CP_RCR_NAK; 4862 } 4863 4864 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rcr); 4865 4866 /* generate a dummy RCA event */ 4867 if (sp->scp[IDX_CHAP].rcr_type == CP_RCR_ACK && 4868 (!ISSET(sppp_auth_role(&chap, sp), SPPP_AUTH_PEER) || 4869 sp->chap.rechallenging)) { 4870 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rca); 4871 } 4872 break; 4873 4874 default: 4875 /* Unknown CHAP packet type -- ignore. */ 4876 if (debug) { 4877 SPPP_LOG(sp, LOG_DEBUG, "chap unknown input(%s) " 4878 "<0x%x id=0x%xh len=%d", 4879 sppp_state_name(sp->scp[IDX_CHAP].state), 4880 h->type, h->ident, ntohs(h->len)); 4881 if (len > 4) 4882 sppp_print_bytes((u_char *)(h + 1), len - 4); 4883 addlog(">\n"); 4884 } 4885 break; 4886 4887 } 4888 4889 SPPP_UNLOCK(sp); 4890 } 4891 4892 static void 4893 sppp_chap_init(struct sppp *sp) 4894 { 4895 4896 KASSERT(SPPP_WLOCKED(sp)); 4897 4898 sppp_cp_init(&chap, sp); 4899 4900 SPPP_WQ_SET(&sp->chap.work_challenge_rcvd, 4901 sppp_chap_rcv_challenge_event, &chap); 4902 } 4903 4904 static void 4905 sppp_chap_open(struct sppp *sp, void *xcp) 4906 { 4907 4908 KASSERT(SPPP_WLOCKED(sp)); 4909 4910 memset(sp->chap.digest, 0, sizeof(sp->chap.digest)); 4911 sp->chap.digest_len = 0; 4912 sp->chap.rechallenging = false; 4913 sp->chap.response_rcvd = false; 4914 sppp_open_event(sp, xcp); 4915 } 4916 4917 static void 4918 sppp_chap_tlu(struct sppp *sp) 4919 { 4920 int i, x; 4921 4922 KASSERT(SPPP_WLOCKED(sp)); 4923 4924 i = 0; 4925 sp->scp[IDX_CHAP].rst_counter = sp->lcp.max_configure; 4926 x = splnet(); 4927 sp->pp_auth_failures = 0; 4928 splx(x); 4929 4930 SPPP_LOG(sp, LOG_DEBUG, "chap %s", 4931 sp->pp_phase == SPPP_PHASE_NETWORK ? "reconfirmed" : "tlu"); 4932 4933 /* 4934 * Some broken CHAP implementations (Conware CoNet, firmware 4935 * 4.0.?) don't want to re-authenticate their CHAP once the 4936 * initial challenge-response exchange has taken place. 4937 * Provide for an option to avoid rechallenges. 4938 */ 4939 if (ISSET(sppp_auth_role(&chap, sp), SPPP_AUTH_SERV) && 4940 (sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) { 4941 /* 4942 * Compute the re-challenge timeout. This will yield 4943 * a number between 300 and 810 seconds. 4944 */ 4945 i = 300 + ((unsigned)(cprng_fast32() & 0xff00) >> 7); 4946 callout_schedule(&sp->scp[IDX_CHAP].ch, i * hz); 4947 4948 if (sppp_debug_enabled(sp)) { 4949 addlog(", next rechallenge in %d seconds", i); 4950 } 4951 } 4952 4953 addlog("\n"); 4954 4955 /* 4956 * If we are already in phase network, we are done here. This 4957 * is the case if this is a dummy tlu event after a re-challenge. 4958 */ 4959 if (sp->pp_phase != SPPP_PHASE_NETWORK) 4960 sppp_phase_network(sp); 4961 } 4962 4963 static void 4964 sppp_chap_scr(struct sppp *sp) 4965 { 4966 uint32_t *ch; 4967 u_char clen, dsize; 4968 int role; 4969 4970 KASSERT(SPPP_WLOCKED(sp)); 4971 4972 role = sppp_auth_role(&chap, sp); 4973 4974 if (ISSET(role, SPPP_AUTH_SERV) && 4975 !sp->chap.response_rcvd) { 4976 /* we are authenticator for CHAP, send challenge */ 4977 ch = (uint32_t *)sp->chap.challenge; 4978 clen = sizeof(sp->chap.challenge); 4979 /* Compute random challenge. */ 4980 cprng_strong(kern_cprng, ch, clen, 0); 4981 4982 sp->scp[IDX_CHAP].confid = ++sp->scp[IDX_CHAP].seq; 4983 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->scp[IDX_CHAP].confid, 4984 sizeof(clen), (const char *)&clen, 4985 sizeof(sp->chap.challenge), sp->chap.challenge, 4986 0); 4987 } 4988 4989 if (ISSET(role, SPPP_AUTH_PEER) && 4990 sp->chap.digest_len > 0) { 4991 /* we are peer for CHAP, send response */ 4992 dsize = sp->chap.digest_len; 4993 4994 sppp_auth_send(&chap, sp, CHAP_RESPONSE, sp->scp[IDX_CHAP].rconfid, 4995 sizeof(dsize), (const char *)&dsize, 4996 sp->chap.digest_len, sp->chap.digest, 4997 sp->myauth.name_len, sp->myauth.name, 0); 4998 } 4999 } 5000 5001 static void 5002 sppp_chap_rcv_challenge_event(struct sppp *sp, void *xcp) 5003 { 5004 const struct cp *cp = xcp; 5005 5006 KASSERT(!cpu_softintr_p()); 5007 5008 sp->chap.rechallenging = false; 5009 5010 switch (sp->scp[IDX_CHAP].state) { 5011 case STATE_REQ_SENT: 5012 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 5013 cp->scr(sp); 5014 break; 5015 case STATE_OPENED: 5016 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 5017 cp->scr(sp); 5018 break; 5019 } 5020 } 5021 5022 /* 5023 *--------------------------------------------------------------------------* 5024 * * 5025 * The PAP implementation. * 5026 * * 5027 *--------------------------------------------------------------------------* 5028 */ 5029 /* 5030 * PAP uses following actions and events. 5031 * Actions: 5032 * - scr: send PAP_REQ 5033 * - sca: send PAP_ACK 5034 * - scn: send PAP_NAK 5035 * Events: 5036 * - RCR+: receive PAP_REQ containing correct username and password 5037 * - RCR-: receive PAP_REQ containing wrong username and password 5038 * - RCA: receive PAP_ACK 5039 * - RCN: (this event is unused) 5040 * - TO+: re-send PAP_REQ 5041 * - TO-: this layer finish 5042 */ 5043 5044 /* 5045 * Handle incoming PAP packets. */ 5046 static void 5047 sppp_pap_input(struct sppp *sp, struct mbuf *m) 5048 { 5049 struct ifnet *ifp; 5050 struct lcp_header *h; 5051 int len, x; 5052 char *name, *secret; 5053 int name_len, secret_len; 5054 char abuf[SPPP_AUTHTYPE_NAMELEN]; 5055 const char *authname; 5056 bool debug; 5057 5058 ifp = &sp->pp_if; 5059 debug = sppp_debug_enabled(sp); 5060 5061 /* 5062 * Malicious input might leave this uninitialized, so 5063 * init to an impossible value. 5064 */ 5065 secret_len = -1; 5066 5067 len = m->m_pkthdr.len; 5068 if (len < 5) { 5069 SPPP_DLOG(sp, "pap invalid packet length: " 5070 "%d bytes\n", len); 5071 return; 5072 } 5073 h = mtod(m, struct lcp_header *); 5074 if (len > ntohs(h->len)) 5075 len = ntohs(h->len); 5076 5077 SPPP_LOCK(sp, RW_WRITER); 5078 5079 switch (h->type) { 5080 /* PAP request is my authproto */ 5081 case PAP_REQ: 5082 if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) { 5083 /* can't do anything useful */ 5084 SPPP_DLOG(sp, "pap request" 5085 " without his name and his secret being set\n"); 5086 break; 5087 } 5088 name = 1 + (u_char *)(h + 1); 5089 name_len = name[-1]; 5090 secret = name + name_len + 1; 5091 if (name_len > len - 6 || 5092 (secret_len = secret[-1]) > len - 6 - name_len) { 5093 if (debug) { 5094 authname = sppp_auth_type_name(abuf, 5095 sizeof(abuf), PPP_PAP, h->type); 5096 SPPP_LOG(sp, LOG_DEBUG, "pap corrupted input " 5097 "<%s id=0x%x len=%d", 5098 authname, h->ident, ntohs(h->len)); 5099 if (len > 4) 5100 sppp_print_bytes((u_char *)(h + 1), 5101 len - 4); 5102 addlog(">\n"); 5103 } 5104 break; 5105 } 5106 if (debug) { 5107 authname = sppp_auth_type_name(abuf, 5108 sizeof(abuf), PPP_PAP, h->type); 5109 SPPP_LOG(sp, LOG_DEBUG, "pap input(%s) " 5110 "<%s id=0x%x len=%d name=", 5111 sppp_state_name(sp->scp[IDX_PAP].state), 5112 authname, h->ident, ntohs(h->len)); 5113 sppp_print_string((char *)name, name_len); 5114 addlog(" secret="); 5115 sppp_print_string((char *)secret, secret_len); 5116 addlog(">\n"); 5117 } 5118 5119 sp->scp[IDX_PAP].rconfid = h->ident; 5120 5121 if (name_len == sp->hisauth.name_len && 5122 memcmp(name, sp->hisauth.name, name_len) == 0 && 5123 secret_len == sp->hisauth.secret_len && 5124 memcmp(secret, sp->hisauth.secret, secret_len) == 0) { 5125 sp->scp[IDX_PAP].rcr_type = CP_RCR_ACK; 5126 } else { 5127 sp->scp[IDX_PAP].rcr_type = CP_RCR_NAK; 5128 } 5129 5130 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rcr); 5131 5132 /* generate a dummy RCA event */ 5133 if (sp->scp[IDX_PAP].rcr_type == CP_RCR_ACK && 5134 !ISSET(sppp_auth_role(&pap, sp), SPPP_AUTH_PEER)) { 5135 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rca); 5136 } 5137 break; 5138 5139 /* ack and nak are his authproto */ 5140 case PAP_ACK: 5141 if (debug) { 5142 SPPP_LOG(sp, LOG_DEBUG, "pap success"); 5143 name = 1 + (u_char *)(h + 1); 5144 name_len = name[-1]; 5145 if (len > 5 && name_len < len+4) { 5146 addlog(": "); 5147 sppp_print_string(name, name_len); 5148 } 5149 addlog("\n"); 5150 } 5151 5152 if (h->ident != sp->scp[IDX_PAP].confid) { 5153 SPPP_DLOG(sp, "%s id mismatch 0x%x != 0x%x\n", 5154 pap.name, h->ident, sp->scp[IDX_PAP].rconfid); 5155 if_statinc(ifp, if_ierrors); 5156 break; 5157 } 5158 5159 x = splnet(); 5160 sp->pp_auth_failures = 0; 5161 sp->pp_flags &= ~PP_NEEDAUTH; 5162 splx(x); 5163 5164 /* we are not authenticator, generate a dummy RCR+ event */ 5165 if (!ISSET(sppp_auth_role(&pap, sp), SPPP_AUTH_SERV)) { 5166 sp->scp[IDX_PAP].rcr_type = CP_RCR_ACK; 5167 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rcr); 5168 } 5169 5170 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rca); 5171 break; 5172 5173 case PAP_NAK: 5174 if (debug) { 5175 SPPP_LOG(sp, LOG_INFO, "pap failure"); 5176 name = 1 + (u_char *)(h + 1); 5177 name_len = name[-1]; 5178 if (len > 5 && name_len < len+4) { 5179 addlog(": "); 5180 sppp_print_string(name, name_len); 5181 } 5182 addlog("\n"); 5183 } else { 5184 SPPP_LOG(sp, LOG_INFO, "pap failure\n"); 5185 } 5186 5187 if (h->ident != sp->scp[IDX_PAP].confid) { 5188 SPPP_DLOG(sp, "%s id mismatch 0x%x != 0x%x\n", 5189 pap.name, h->ident, sp->scp[IDX_PAP].rconfid); 5190 if_statinc(ifp, if_ierrors); 5191 break; 5192 } 5193 5194 sp->pp_auth_failures++; 5195 /* 5196 * await LCP shutdown by authenticator, 5197 * so we don't have to enqueue sc->scp[IDX_PAP].work_rcn 5198 */ 5199 break; 5200 5201 default: 5202 /* Unknown PAP packet type -- ignore. */ 5203 if (debug) { 5204 SPPP_LOG(sp, LOG_DEBUG, "pap corrupted input " 5205 "<0x%x id=0x%x len=%d", 5206 h->type, h->ident, ntohs(h->len)); 5207 if (len > 4) 5208 sppp_print_bytes((u_char *)(h + 1), len - 4); 5209 addlog(">\n"); 5210 } 5211 break; 5212 } 5213 5214 SPPP_UNLOCK(sp); 5215 } 5216 5217 static void 5218 sppp_pap_init(struct sppp *sp) 5219 { 5220 5221 KASSERT(SPPP_WLOCKED(sp)); 5222 sppp_cp_init(&pap, sp); 5223 } 5224 5225 static void 5226 sppp_pap_tlu(struct sppp *sp) 5227 { 5228 int x; 5229 5230 SPPP_DLOG(sp, "%s tlu\n", pap.name); 5231 5232 sp->scp[IDX_PAP].rst_counter = sp->lcp.max_configure; 5233 x = splnet(); 5234 sp->pp_auth_failures = 0; 5235 splx(x); 5236 5237 if (sp->pp_phase < SPPP_PHASE_NETWORK) 5238 sppp_phase_network(sp); 5239 } 5240 5241 static void 5242 sppp_pap_scr(struct sppp *sp) 5243 { 5244 u_char idlen, pwdlen; 5245 5246 KASSERT(SPPP_WLOCKED(sp)); 5247 5248 if (ISSET(sppp_auth_role(&pap, sp), SPPP_AUTH_PEER) && 5249 sp->scp[IDX_PAP].state != STATE_ACK_RCVD) { 5250 if (sp->myauth.secret == NULL || 5251 sp->myauth.name == NULL) { 5252 SPPP_LOG(sp, LOG_DEBUG, 5253 "couldn't send PAP_REQ " 5254 "because of no name or no secret\n"); 5255 } else { 5256 sp->scp[IDX_PAP].confid = ++sp->scp[IDX_PAP].seq; 5257 pwdlen = sp->myauth.secret_len; 5258 idlen = sp->myauth.name_len; 5259 5260 sppp_auth_send(&pap, sp, PAP_REQ, sp->scp[IDX_PAP].confid, 5261 sizeof idlen, (const char *)&idlen, 5262 idlen, sp->myauth.name, 5263 sizeof pwdlen, (const char *)&pwdlen, 5264 pwdlen, sp->myauth.secret, 5265 0); 5266 } 5267 } 5268 } 5269 5270 /* 5271 * Random miscellaneous functions. 5272 */ 5273 5274 /* 5275 * Send a PAP or CHAP proto packet. 5276 * 5277 * Varadic function, each of the elements for the ellipsis is of type 5278 * ``size_t mlen, const u_char *msg''. Processing will stop iff 5279 * mlen == 0. 5280 * NOTE: never declare variadic functions with types subject to type 5281 * promotion (i.e. u_char). This is asking for big trouble depending 5282 * on the architecture you are on... 5283 */ 5284 5285 static void 5286 sppp_auth_send(const struct cp *cp, struct sppp *sp, 5287 unsigned int type, unsigned int id, 5288 ...) 5289 { 5290 struct ifnet *ifp; 5291 struct lcp_header *lh; 5292 struct mbuf *m; 5293 u_char *p; 5294 int len; 5295 size_t pkthdrlen; 5296 unsigned int mlen; 5297 const char *msg; 5298 va_list ap; 5299 5300 KASSERT(SPPP_WLOCKED(sp)); 5301 5302 ifp = &sp->pp_if; 5303 5304 MGETHDR(m, M_DONTWAIT, MT_DATA); 5305 if (! m) 5306 return; 5307 m_reset_rcvif(m); 5308 5309 if (sp->pp_flags & PP_NOFRAMING) { 5310 *mtod(m, uint16_t *) = htons(cp->proto); 5311 pkthdrlen = 2; 5312 lh = (struct lcp_header *)(mtod(m, uint8_t *)+2); 5313 } else { 5314 struct ppp_header *h; 5315 h = mtod(m, struct ppp_header *); 5316 h->address = PPP_ALLSTATIONS; /* broadcast address */ 5317 h->control = PPP_UI; /* Unnumbered Info */ 5318 h->protocol = htons(cp->proto); 5319 pkthdrlen = PPP_HEADER_LEN; 5320 5321 lh = (struct lcp_header *)(h + 1); 5322 } 5323 5324 lh->type = type; 5325 lh->ident = id; 5326 p = (u_char *)(lh + 1); 5327 5328 va_start(ap, id); 5329 len = 0; 5330 5331 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 5332 msg = va_arg(ap, const char *); 5333 len += mlen; 5334 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) { 5335 va_end(ap); 5336 m_freem(m); 5337 return; 5338 } 5339 5340 memcpy(p, msg, mlen); 5341 p += mlen; 5342 } 5343 va_end(ap); 5344 5345 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 5346 lh->len = htons(LCP_HEADER_LEN + len); 5347 5348 if (sppp_debug_enabled(sp)) { 5349 char abuf[SPPP_AUTHTYPE_NAMELEN]; 5350 const char *authname; 5351 5352 authname = sppp_auth_type_name(abuf, 5353 sizeof(abuf), cp->proto, lh->type); 5354 SPPP_LOG(sp, LOG_DEBUG, "%s output <%s id=0x%x len=%d", 5355 cp->name, authname, 5356 lh->ident, ntohs(lh->len)); 5357 if (len) 5358 sppp_print_bytes((u_char *)(lh + 1), len); 5359 addlog(">\n"); 5360 } 5361 if (IF_QFULL(&sp->pp_cpq)) { 5362 IF_DROP(&sp->pp_fastq); 5363 IF_DROP(&ifp->if_snd); 5364 m_freem(m); 5365 if_statinc(ifp, if_oerrors); 5366 return; 5367 } 5368 5369 if_statadd(ifp, if_obytes, m->m_pkthdr.len + sp->pp_framebytes); 5370 IF_ENQUEUE(&sp->pp_cpq, m); 5371 5372 if (! (ifp->if_flags & IFF_OACTIVE)) { 5373 SPPP_UNLOCK(sp); 5374 if_start_lock(ifp); 5375 SPPP_LOCK(sp, RW_WRITER); 5376 } 5377 } 5378 5379 static int 5380 sppp_auth_role(const struct cp *cp, struct sppp *sp) 5381 { 5382 int role; 5383 5384 role = SPPP_AUTH_NOROLE; 5385 5386 if (sp->hisauth.proto == cp->proto && 5387 ISSET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO)) 5388 SET(role, SPPP_AUTH_SERV); 5389 5390 if (sp->myauth.proto == cp->proto) 5391 SET(role, SPPP_AUTH_PEER); 5392 5393 return role; 5394 } 5395 5396 static void 5397 sppp_auth_to_event(struct sppp *sp, void *xcp) 5398 { 5399 const struct cp *cp = xcp; 5400 bool override; 5401 int state; 5402 5403 KASSERT(SPPP_WLOCKED(sp)); 5404 KASSERT(!cpu_softintr_p()); 5405 5406 override = false; 5407 state = sp->scp[cp->protoidx].state; 5408 5409 if (sp->scp[cp->protoidx].rst_counter > 0) { 5410 /* override TO+ event */ 5411 switch (state) { 5412 case STATE_OPENED: 5413 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) { 5414 override = true; 5415 sp->chap.rechallenging = true; 5416 sp->chap.response_rcvd = false; 5417 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 5418 cp->scr(sp); 5419 } 5420 break; 5421 5422 case STATE_ACK_RCVD: 5423 override = true; 5424 cp->scr(sp); 5425 callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); 5426 break; 5427 } 5428 } 5429 5430 if (override) { 5431 SPPP_DLOG(sp, "%s TO(%s) rst_counter = %d\n", 5432 cp->name, sppp_state_name(state), 5433 sp->scp[cp->protoidx].rst_counter); 5434 sp->scp[cp->protoidx].rst_counter--; 5435 } else { 5436 sppp_to_event(sp, xcp); 5437 } 5438 } 5439 5440 static void 5441 sppp_auth_screply(const struct cp *cp, struct sppp *sp, u_char ctype, 5442 uint8_t ident, size_t _mlen __unused, void *_msg __unused) 5443 { 5444 static const char *succmsg = "Welcome!"; 5445 static const char *failmsg = "Failed..."; 5446 const char *msg; 5447 u_char type, mlen; 5448 5449 KASSERT(SPPP_WLOCKED(sp)); 5450 5451 if (!ISSET(sppp_auth_role(cp, sp), SPPP_AUTH_SERV)) 5452 return; 5453 5454 if (ctype == CONF_ACK) { 5455 type = cp->proto == PPP_CHAP ? CHAP_SUCCESS : PAP_ACK; 5456 msg = succmsg; 5457 mlen = sizeof(succmsg) - 1; 5458 5459 sp->pp_auth_failures = 0; 5460 } else { 5461 type = cp->proto == PPP_CHAP ? CHAP_FAILURE : PAP_NAK; 5462 msg = failmsg; 5463 mlen = sizeof(failmsg) - 1; 5464 5465 /* shutdown LCP if auth failed */ 5466 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 5467 sp->pp_auth_failures++; 5468 } 5469 5470 sppp_auth_send(cp, sp, type, ident, mlen, (const u_char *)msg, 0); 5471 } 5472 5473 /* 5474 * Send keepalive packets, every 10 seconds. 5475 */ 5476 static void 5477 sppp_keepalive(void *dummy) 5478 { 5479 struct sppp *sp; 5480 int s; 5481 time_t now; 5482 5483 SPPPQ_LOCK(); 5484 5485 s = splnet(); 5486 now = time_uptime; 5487 for (sp=spppq; sp; sp=sp->pp_next) { 5488 struct ifnet *ifp = NULL; 5489 5490 SPPP_LOCK(sp, RW_WRITER); 5491 ifp = &sp->pp_if; 5492 5493 /* check idle timeout */ 5494 if ((sp->pp_idle_timeout != 0) && (ifp->if_flags & IFF_RUNNING) 5495 && (sp->pp_phase == SPPP_PHASE_NETWORK)) { 5496 /* idle timeout is enabled for this interface */ 5497 if ((now-sp->pp_last_activity) >= sp->pp_idle_timeout) { 5498 SPPP_DLOG(sp, "no activity for %lu seconds\n", 5499 (unsigned long)(now-sp->pp_last_activity)); 5500 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 5501 SPPP_UNLOCK(sp); 5502 continue; 5503 } 5504 } 5505 5506 /* Keepalive mode disabled or channel down? */ 5507 if (! (sp->pp_flags & PP_KEEPALIVE) || 5508 ! (ifp->if_flags & IFF_RUNNING)) { 5509 SPPP_UNLOCK(sp); 5510 continue; 5511 } 5512 5513 /* No keepalive in PPP mode if LCP not opened yet. */ 5514 if (sp->pp_phase < SPPP_PHASE_AUTHENTICATE) { 5515 SPPP_UNLOCK(sp); 5516 continue; 5517 } 5518 5519 /* No echo reply, but maybe user data passed through? */ 5520 if (sp->pp_max_noreceive != 0 && 5521 (now - sp->pp_last_receive) < sp->pp_max_noreceive) { 5522 sp->pp_alivecnt = 0; 5523 SPPP_UNLOCK(sp); 5524 continue; 5525 } 5526 5527 /* No echo request */ 5528 if (sp->pp_alive_interval == 0) { 5529 SPPP_UNLOCK(sp); 5530 continue; 5531 } 5532 5533 /* send a ECHO_REQ once in sp->pp_alive_interval times */ 5534 if ((sppp_keepalive_cnt % sp->pp_alive_interval) != 0) { 5535 SPPP_UNLOCK(sp); 5536 continue; 5537 } 5538 5539 if (sp->pp_alivecnt >= sp->pp_maxalive) { 5540 /* No keepalive packets got. Stop the interface. */ 5541 if (sp->pp_flags & PP_KEEPALIVE_IFDOWN) 5542 sppp_wq_add(sp->wq_cp, &sp->work_ifdown); 5543 5544 SPPP_LOG(sp, LOG_INFO,"LCP keepalive timed out, " 5545 "going to restart the connection\n"); 5546 sp->pp_alivecnt = 0; 5547 5548 /* we are down, close all open protocols */ 5549 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); 5550 5551 /* And now prepare LCP to reestablish the link, if configured to do so. */ 5552 sp->lcp.reestablish = true; 5553 5554 SPPP_UNLOCK(sp); 5555 continue; 5556 } 5557 if (sp->pp_alivecnt < sp->pp_maxalive) 5558 ++sp->pp_alivecnt; 5559 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 5560 int32_t nmagic = htonl(sp->lcp.magic); 5561 sp->lcp.echoid = ++sp->scp[IDX_LCP].seq; 5562 sppp_cp_send(sp, PPP_LCP, ECHO_REQ, 5563 sp->lcp.echoid, 4, &nmagic); 5564 } 5565 5566 SPPP_UNLOCK(sp); 5567 } 5568 splx(s); 5569 sppp_keepalive_cnt++; 5570 callout_reset(&keepalive_ch, hz * SPPP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 5571 5572 SPPPQ_UNLOCK(); 5573 } 5574 5575 #ifdef INET 5576 /* 5577 * Get both IP addresses. 5578 */ 5579 static void 5580 sppp_get_ip_addrs(struct sppp *sp, uint32_t *src, uint32_t *dst, uint32_t *srcmask) 5581 { 5582 struct ifnet *ifp = &sp->pp_if; 5583 struct ifaddr *ifa; 5584 struct sockaddr_in *si, *sm; 5585 uint32_t ssrc, ddst; 5586 int bound, s; 5587 struct psref psref; 5588 5589 sm = NULL; 5590 ssrc = ddst = 0; 5591 /* 5592 * Pick the first AF_INET address from the list, 5593 * aliases don't make any sense on a p2p link anyway. 5594 */ 5595 si = 0; 5596 bound = curlwp_bind(); 5597 s = pserialize_read_enter(); 5598 IFADDR_READER_FOREACH(ifa, ifp) { 5599 if (ifa->ifa_addr->sa_family == AF_INET) { 5600 si = (struct sockaddr_in *)ifa->ifa_addr; 5601 sm = (struct sockaddr_in *)ifa->ifa_netmask; 5602 if (si) { 5603 ifa_acquire(ifa, &psref); 5604 break; 5605 } 5606 } 5607 } 5608 pserialize_read_exit(s); 5609 if (ifa) { 5610 if (si && si->sin_addr.s_addr) { 5611 ssrc = si->sin_addr.s_addr; 5612 if (srcmask) 5613 *srcmask = ntohl(sm->sin_addr.s_addr); 5614 } 5615 5616 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 5617 if (si && si->sin_addr.s_addr) 5618 ddst = si->sin_addr.s_addr; 5619 ifa_release(ifa, &psref); 5620 } 5621 curlwp_bindx(bound); 5622 5623 if (dst) *dst = ntohl(ddst); 5624 if (src) *src = ntohl(ssrc); 5625 } 5626 5627 /* 5628 * Set IP addresses. Must be called at splnet. 5629 * If an address is 0, leave it the way it is. 5630 */ 5631 static void 5632 sppp_set_ip_addrs(struct sppp *sp) 5633 { 5634 struct ifnet *ifp; 5635 struct ifaddr *ifa; 5636 struct sockaddr_in *si, *dest; 5637 uint32_t myaddr = 0, hisaddr = 0; 5638 int s; 5639 5640 KASSERT(SPPP_WLOCKED(sp)); 5641 5642 ifp = &sp->pp_if; 5643 5644 SPPP_UNLOCK(sp); 5645 IFNET_LOCK(ifp); 5646 SPPP_LOCK(sp, RW_WRITER); 5647 5648 /* 5649 * Pick the first AF_INET address from the list, 5650 * aliases don't make any sense on a p2p link anyway. 5651 */ 5652 si = dest = NULL; 5653 s = pserialize_read_enter(); 5654 IFADDR_READER_FOREACH(ifa, ifp) { 5655 if (ifa->ifa_addr->sa_family == AF_INET) { 5656 si = (struct sockaddr_in *)ifa->ifa_addr; 5657 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 5658 break; 5659 } 5660 } 5661 pserialize_read_exit(s); 5662 5663 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && (sp->ipcp.flags & IPCP_MYADDR_SEEN)) 5664 myaddr = sp->ipcp.req_myaddr; 5665 else if (si != NULL) 5666 myaddr = ntohl(si->sin_addr.s_addr); 5667 5668 if ((sp->ipcp.flags & IPCP_HISADDR_DYN) && (sp->ipcp.flags & IPCP_HISADDR_SEEN)) 5669 hisaddr = sp->ipcp.req_hisaddr; 5670 else if (dest != NULL) 5671 hisaddr = ntohl(dest->sin_addr.s_addr); 5672 5673 if (si != NULL && dest != NULL) { 5674 int error; 5675 struct sockaddr_in new_sin = *si; 5676 struct sockaddr_in new_dst = *dest; 5677 5678 if (myaddr != 0) 5679 new_sin.sin_addr.s_addr = htonl(myaddr); 5680 if (hisaddr != 0) { 5681 new_dst.sin_addr.s_addr = htonl(hisaddr); 5682 if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) 5683 sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr; 5684 } 5685 5686 in_addrhash_remove(ifatoia(ifa)); 5687 5688 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, &new_dst, 0); 5689 5690 in_addrhash_insert(ifatoia(ifa)); 5691 5692 if (error) { 5693 SPPP_DLOG(sp, "%s: in_ifinit failed, error=%d\n", 5694 __func__, error); 5695 } else { 5696 pfil_run_addrhooks(if_pfil, SIOCAIFADDR, ifa); 5697 } 5698 } 5699 5700 IFNET_UNLOCK(ifp); 5701 5702 sppp_notify_con(sp); 5703 } 5704 5705 /* 5706 * Clear IP addresses. Must be called at splnet. 5707 */ 5708 static void 5709 sppp_clear_ip_addrs(struct sppp *sp) 5710 { 5711 struct ifnet *ifp; 5712 struct ifaddr *ifa; 5713 struct sockaddr_in *si, *dest; 5714 int s; 5715 5716 KASSERT(SPPP_WLOCKED(sp)); 5717 5718 ifp = &sp->pp_if; 5719 5720 SPPP_UNLOCK(sp); 5721 IFNET_LOCK(ifp); 5722 SPPP_LOCK(sp, RW_WRITER); 5723 5724 /* 5725 * Pick the first AF_INET address from the list, 5726 * aliases don't make any sense on a p2p link anyway. 5727 */ 5728 si = dest = NULL; 5729 s = pserialize_read_enter(); 5730 IFADDR_READER_FOREACH(ifa, ifp) { 5731 if (ifa->ifa_addr->sa_family == AF_INET) { 5732 si = (struct sockaddr_in *)ifa->ifa_addr; 5733 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 5734 break; 5735 } 5736 } 5737 pserialize_read_exit(s); 5738 5739 if (si != NULL) { 5740 struct sockaddr_in new_sin = *si; 5741 struct sockaddr_in new_dst = *dest; 5742 int error; 5743 5744 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 5745 new_sin.sin_addr.s_addr = 0; 5746 if (sp->ipcp.flags & IPCP_HISADDR_DYN && 5747 ntohl(sp->ipcp.saved_hisaddr) != 0) 5748 new_dst.sin_addr.s_addr = sp->ipcp.saved_hisaddr; 5749 5750 in_addrhash_remove(ifatoia(ifa)); 5751 5752 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, &new_dst, 0); 5753 5754 in_addrhash_insert(ifatoia(ifa)); 5755 5756 if (error) { 5757 SPPP_DLOG(sp, "%s: in_ifinit failed, error=%d\n", 5758 __func__, error); 5759 } else { 5760 pfil_run_addrhooks(if_pfil, SIOCAIFADDR, ifa); 5761 } 5762 } 5763 5764 IFNET_UNLOCK(ifp); 5765 } 5766 #endif 5767 5768 #ifdef INET6 5769 /* 5770 * Get both IPv6 addresses. 5771 */ 5772 static void 5773 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 5774 struct in6_addr *srcmask) 5775 { 5776 struct ifnet *ifp = &sp->pp_if; 5777 struct ifaddr *ifa; 5778 struct sockaddr_in6 *si, *sm; 5779 struct in6_addr ssrc, ddst; 5780 int bound, s; 5781 struct psref psref; 5782 5783 sm = NULL; 5784 memset(&ssrc, 0, sizeof(ssrc)); 5785 memset(&ddst, 0, sizeof(ddst)); 5786 /* 5787 * Pick the first link-local AF_INET6 address from the list, 5788 * aliases don't make any sense on a p2p link anyway. 5789 */ 5790 si = 0; 5791 bound = curlwp_bind(); 5792 s = pserialize_read_enter(); 5793 IFADDR_READER_FOREACH(ifa, ifp) { 5794 if (ifa->ifa_addr->sa_family == AF_INET6) { 5795 si = (struct sockaddr_in6 *)ifa->ifa_addr; 5796 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 5797 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) { 5798 ifa_acquire(ifa, &psref); 5799 break; 5800 } 5801 } 5802 } 5803 pserialize_read_exit(s); 5804 5805 if (ifa) { 5806 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 5807 memcpy(&ssrc, &si->sin6_addr, sizeof(ssrc)); 5808 if (srcmask) { 5809 memcpy(srcmask, &sm->sin6_addr, 5810 sizeof(*srcmask)); 5811 } 5812 } 5813 5814 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 5815 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 5816 memcpy(&ddst, &si->sin6_addr, sizeof(ddst)); 5817 ifa_release(ifa, &psref); 5818 } 5819 curlwp_bindx(bound); 5820 5821 if (dst) 5822 memcpy(dst, &ddst, sizeof(*dst)); 5823 if (src) 5824 memcpy(src, &ssrc, sizeof(*src)); 5825 } 5826 5827 #ifdef IPV6CP_MYIFID_DYN 5828 /* 5829 * Generate random ifid. 5830 */ 5831 static void 5832 sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 5833 { 5834 /* TBD */ 5835 } 5836 5837 /* 5838 * Set my IPv6 address. Must be called at splnet. 5839 */ 5840 static void 5841 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 5842 { 5843 struct ifnet *ifp; 5844 struct ifaddr *ifa; 5845 struct sockaddr_in6 *sin6; 5846 int s; 5847 struct psref psref; 5848 5849 KASSERT(SPPP_WLOCKED(sp)); 5850 5851 ifp = &sp->pp_if; 5852 5853 SPPP_UNLOCK(sp); 5854 IFNET_LOCK(ifp); 5855 SPPP_LOCK(sp, RW_WRITER); 5856 5857 /* 5858 * Pick the first link-local AF_INET6 address from the list, 5859 * aliases don't make any sense on a p2p link anyway. 5860 */ 5861 5862 sin6 = NULL; 5863 s = pserialize_read_enter(); 5864 IFADDR_READER_FOREACH(ifa, ifp) 5865 { 5866 if (ifa->ifa_addr->sa_family == AF_INET6) 5867 { 5868 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 5869 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { 5870 ifa_acquire(ifa, &psref); 5871 break; 5872 } 5873 } 5874 } 5875 pserialize_read_exit(s); 5876 5877 if (ifa && sin6) 5878 { 5879 int error; 5880 struct sockaddr_in6 new_sin6 = *sin6; 5881 5882 memcpy(&new_sin6.sin6_addr, src, sizeof(new_sin6.sin6_addr)); 5883 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 5884 if (error) { 5885 SPPP_DLOG(sp, "%s: in6_ifinit failed, error=%d\n", 5886 __func__, error); 5887 } else { 5888 pfil_run_addrhooks(if_pfil, SIOCAIFADDR_IN6, ifa); 5889 } 5890 ifa_release(ifa, &psref); 5891 } 5892 5893 IFNET_UNLOCK(ifp); 5894 } 5895 #endif 5896 5897 /* 5898 * Suggest a candidate address to be used by peer. 5899 */ 5900 static void 5901 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 5902 { 5903 struct in6_addr myaddr; 5904 struct timeval tv; 5905 5906 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 5907 5908 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 5909 microtime(&tv); 5910 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 5911 myaddr.s6_addr[14] ^= 0xff; 5912 myaddr.s6_addr[15] ^= 0xff; 5913 } else { 5914 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 5915 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 5916 } 5917 if (suggest) 5918 memcpy(suggest, &myaddr, sizeof(myaddr)); 5919 } 5920 #endif /*INET6*/ 5921 5922 /* 5923 * Process ioctl requests specific to the PPP interface. 5924 * Permissions have already been checked. 5925 */ 5926 static int 5927 sppp_params(struct sppp *sp, u_long cmd, void *data) 5928 { 5929 switch (cmd) { 5930 case SPPPGETAUTHCFG: 5931 { 5932 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 5933 int error; 5934 size_t len; 5935 5936 SPPP_LOCK(sp, RW_READER); 5937 5938 cfg->myauthflags = sp->myauth.flags; 5939 cfg->hisauthflags = sp->hisauth.flags; 5940 strlcpy(cfg->ifname, sp->pp_if.if_xname, sizeof(cfg->ifname)); 5941 cfg->hisauth = sppp_proto2authproto(sp->hisauth.proto); 5942 cfg->myauth = sppp_proto2authproto(sp->myauth.proto); 5943 if (cfg->myname_length == 0) { 5944 if (sp->myauth.name != NULL) 5945 cfg->myname_length = sp->myauth.name_len + 1; 5946 } else { 5947 if (sp->myauth.name == NULL) { 5948 cfg->myname_length = 0; 5949 } else { 5950 len = sp->myauth.name_len + 1; 5951 5952 if (cfg->myname_length < len) { 5953 SPPP_UNLOCK(sp); 5954 return (ENAMETOOLONG); 5955 } 5956 error = copyout(sp->myauth.name, cfg->myname, len); 5957 if (error) { 5958 SPPP_UNLOCK(sp); 5959 return error; 5960 } 5961 } 5962 } 5963 if (cfg->hisname_length == 0) { 5964 if (sp->hisauth.name != NULL) 5965 cfg->hisname_length = sp->hisauth.name_len + 1; 5966 } else { 5967 if (sp->hisauth.name == NULL) { 5968 cfg->hisname_length = 0; 5969 } else { 5970 len = sp->hisauth.name_len + 1; 5971 5972 if (cfg->hisname_length < len) { 5973 SPPP_UNLOCK(sp); 5974 return (ENAMETOOLONG); 5975 } 5976 error = copyout(sp->hisauth.name, cfg->hisname, len); 5977 if (error) { 5978 SPPP_UNLOCK(sp); 5979 return error; 5980 } 5981 } 5982 } 5983 SPPP_UNLOCK(sp); 5984 } 5985 break; 5986 case SPPPSETAUTHCFG: 5987 { 5988 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 5989 int error; 5990 5991 SPPP_LOCK(sp, RW_WRITER); 5992 5993 if (sp->myauth.name) { 5994 free(sp->myauth.name, M_DEVBUF); 5995 sp->myauth.name = NULL; 5996 } 5997 if (sp->myauth.secret) { 5998 free(sp->myauth.secret, M_DEVBUF); 5999 sp->myauth.secret = NULL; 6000 } 6001 if (sp->hisauth.name) { 6002 free(sp->hisauth.name, M_DEVBUF); 6003 sp->hisauth.name = NULL; 6004 } 6005 if (sp->hisauth.secret) { 6006 free(sp->hisauth.secret, M_DEVBUF); 6007 sp->hisauth.secret = NULL; 6008 } 6009 6010 if (cfg->hisname != NULL && cfg->hisname_length > 0) { 6011 if (cfg->hisname_length >= MCLBYTES) { 6012 SPPP_UNLOCK(sp); 6013 return (ENAMETOOLONG); 6014 } 6015 sp->hisauth.name = malloc(cfg->hisname_length, M_DEVBUF, M_WAITOK); 6016 error = copyin(cfg->hisname, sp->hisauth.name, cfg->hisname_length); 6017 if (error) { 6018 free(sp->hisauth.name, M_DEVBUF); 6019 sp->hisauth.name = NULL; 6020 SPPP_UNLOCK(sp); 6021 return error; 6022 } 6023 sp->hisauth.name_len = cfg->hisname_length - 1; 6024 sp->hisauth.name[sp->hisauth.name_len] = 0; 6025 } 6026 if (cfg->hissecret != NULL && cfg->hissecret_length > 0) { 6027 if (cfg->hissecret_length >= MCLBYTES) { 6028 SPPP_UNLOCK(sp); 6029 return (ENAMETOOLONG); 6030 } 6031 sp->hisauth.secret = malloc(cfg->hissecret_length, 6032 M_DEVBUF, M_WAITOK); 6033 error = copyin(cfg->hissecret, sp->hisauth.secret, 6034 cfg->hissecret_length); 6035 if (error) { 6036 free(sp->hisauth.secret, M_DEVBUF); 6037 sp->hisauth.secret = NULL; 6038 SPPP_UNLOCK(sp); 6039 return error; 6040 } 6041 sp->hisauth.secret_len = cfg->hissecret_length - 1; 6042 sp->hisauth.secret[sp->hisauth.secret_len] = 0; 6043 } 6044 if (cfg->myname != NULL && cfg->myname_length > 0) { 6045 if (cfg->myname_length >= MCLBYTES) { 6046 SPPP_UNLOCK(sp); 6047 return (ENAMETOOLONG); 6048 } 6049 sp->myauth.name = malloc(cfg->myname_length, M_DEVBUF, M_WAITOK); 6050 error = copyin(cfg->myname, sp->myauth.name, cfg->myname_length); 6051 if (error) { 6052 free(sp->myauth.name, M_DEVBUF); 6053 sp->myauth.name = NULL; 6054 SPPP_UNLOCK(sp); 6055 return error; 6056 } 6057 sp->myauth.name_len = cfg->myname_length - 1; 6058 sp->myauth.name[sp->myauth.name_len] = 0; 6059 } 6060 if (cfg->mysecret != NULL && cfg->mysecret_length > 0) { 6061 if (cfg->mysecret_length >= MCLBYTES) { 6062 SPPP_UNLOCK(sp); 6063 return (ENAMETOOLONG); 6064 } 6065 sp->myauth.secret = malloc(cfg->mysecret_length, 6066 M_DEVBUF, M_WAITOK); 6067 error = copyin(cfg->mysecret, sp->myauth.secret, 6068 cfg->mysecret_length); 6069 if (error) { 6070 free(sp->myauth.secret, M_DEVBUF); 6071 sp->myauth.secret = NULL; 6072 SPPP_UNLOCK(sp); 6073 return error; 6074 } 6075 sp->myauth.secret_len = cfg->mysecret_length - 1; 6076 sp->myauth.secret[sp->myauth.secret_len] = 0; 6077 } 6078 sp->myauth.flags = cfg->myauthflags; 6079 if (cfg->myauth != SPPP_AUTHPROTO_NOCHG) { 6080 sp->myauth.proto = sppp_authproto2proto(cfg->myauth); 6081 } 6082 sp->hisauth.flags = cfg->hisauthflags; 6083 if (cfg->hisauth != SPPP_AUTHPROTO_NOCHG) { 6084 sp->hisauth.proto = sppp_authproto2proto(cfg->hisauth); 6085 } 6086 sp->pp_auth_failures = 0; 6087 if (sp->hisauth.proto != PPP_NOPROTO) 6088 SET(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO); 6089 else 6090 CLR(sp->lcp.opts, SPPP_LCP_OPT_AUTH_PROTO); 6091 6092 SPPP_UNLOCK(sp); 6093 } 6094 break; 6095 case SPPPGETLCPCFG: 6096 { 6097 struct sppplcpcfg *lcpp = (struct sppplcpcfg *)data; 6098 6099 SPPP_LOCK(sp, RW_READER); 6100 lcpp->lcp_timeout = sp->lcp.timeout; 6101 SPPP_UNLOCK(sp); 6102 } 6103 break; 6104 case SPPPSETLCPCFG: 6105 { 6106 struct sppplcpcfg *lcpp = (struct sppplcpcfg *)data; 6107 6108 SPPP_LOCK(sp, RW_WRITER); 6109 sp->lcp.timeout = lcpp->lcp_timeout; 6110 SPPP_UNLOCK(sp); 6111 } 6112 break; 6113 case SPPPGETNCPCFG: 6114 { 6115 struct spppncpcfg *ncpp = (struct spppncpcfg *) data; 6116 6117 SPPP_LOCK(sp, RW_READER); 6118 ncpp->ncp_flags = sp->pp_ncpflags; 6119 SPPP_UNLOCK(sp); 6120 } 6121 break; 6122 case SPPPSETNCPCFG: 6123 { 6124 struct spppncpcfg *ncpp = (struct spppncpcfg *) data; 6125 6126 SPPP_LOCK(sp, RW_WRITER); 6127 sp->pp_ncpflags = ncpp->ncp_flags; 6128 SPPP_UNLOCK(sp); 6129 } 6130 break; 6131 case SPPPGETSTATUS: 6132 { 6133 struct spppstatus *status = (struct spppstatus *)data; 6134 6135 SPPP_LOCK(sp, RW_READER); 6136 status->phase = sp->pp_phase; 6137 SPPP_UNLOCK(sp); 6138 } 6139 break; 6140 case SPPPGETSTATUSNCP: 6141 { 6142 struct spppstatusncp *status = (struct spppstatusncp *)data; 6143 6144 SPPP_LOCK(sp, RW_READER); 6145 status->phase = sp->pp_phase; 6146 status->ncpup = sppp_cp_check(sp, CP_NCP); 6147 SPPP_UNLOCK(sp); 6148 } 6149 break; 6150 case SPPPGETIDLETO: 6151 { 6152 struct spppidletimeout *to = (struct spppidletimeout *)data; 6153 6154 SPPP_LOCK(sp, RW_READER); 6155 to->idle_seconds = sp->pp_idle_timeout; 6156 SPPP_UNLOCK(sp); 6157 } 6158 break; 6159 case SPPPSETIDLETO: 6160 { 6161 struct spppidletimeout *to = (struct spppidletimeout *)data; 6162 6163 SPPP_LOCK(sp, RW_WRITER); 6164 sp->pp_idle_timeout = to->idle_seconds; 6165 SPPP_UNLOCK(sp); 6166 } 6167 break; 6168 case SPPPSETAUTHFAILURE: 6169 { 6170 struct spppauthfailuresettings *afsettings = 6171 (struct spppauthfailuresettings *)data; 6172 6173 SPPP_LOCK(sp, RW_WRITER); 6174 sp->pp_max_auth_fail = afsettings->max_failures; 6175 sp->pp_auth_failures = 0; 6176 SPPP_UNLOCK(sp); 6177 } 6178 break; 6179 case SPPPGETAUTHFAILURES: 6180 { 6181 struct spppauthfailurestats *stats = (struct spppauthfailurestats *)data; 6182 6183 SPPP_LOCK(sp, RW_READER); 6184 stats->auth_failures = sp->pp_auth_failures; 6185 stats->max_failures = sp->pp_max_auth_fail; 6186 SPPP_UNLOCK(sp); 6187 } 6188 break; 6189 case SPPPSETDNSOPTS: 6190 { 6191 struct spppdnssettings *req = (struct spppdnssettings *)data; 6192 6193 SPPP_LOCK(sp, RW_WRITER); 6194 sp->query_dns = req->query_dns & 3; 6195 SPPP_UNLOCK(sp); 6196 } 6197 break; 6198 case SPPPGETDNSOPTS: 6199 { 6200 struct spppdnssettings *req = (struct spppdnssettings *)data; 6201 6202 SPPP_LOCK(sp, RW_READER); 6203 req->query_dns = sp->query_dns; 6204 SPPP_UNLOCK(sp); 6205 } 6206 break; 6207 case SPPPGETDNSADDRS: 6208 { 6209 struct spppdnsaddrs *addrs = (struct spppdnsaddrs *)data; 6210 6211 SPPP_LOCK(sp, RW_READER); 6212 memcpy(&addrs->dns, &sp->dns_addrs, sizeof addrs->dns); 6213 SPPP_UNLOCK(sp); 6214 } 6215 break; 6216 case SPPPGETKEEPALIVE: 6217 { 6218 struct spppkeepalivesettings *settings = 6219 (struct spppkeepalivesettings*)data; 6220 6221 SPPP_LOCK(sp, RW_READER); 6222 settings->maxalive = sp->pp_maxalive; 6223 settings->max_noreceive = sp->pp_max_noreceive; 6224 settings->alive_interval = sp->pp_alive_interval; 6225 SPPP_UNLOCK(sp); 6226 } 6227 break; 6228 case SPPPSETKEEPALIVE: 6229 { 6230 struct spppkeepalivesettings *settings = 6231 (struct spppkeepalivesettings*)data; 6232 6233 SPPP_LOCK(sp, RW_WRITER); 6234 sp->pp_maxalive = settings->maxalive; 6235 sp->pp_max_noreceive = settings->max_noreceive; 6236 sp->pp_alive_interval = settings->alive_interval; 6237 SPPP_UNLOCK(sp); 6238 } 6239 break; 6240 case SPPPGETLCPSTATUS: 6241 { 6242 struct sppplcpstatus *status = 6243 (struct sppplcpstatus *)data; 6244 6245 SPPP_LOCK(sp, RW_READER); 6246 status->state = sp->scp[IDX_LCP].state; 6247 status->opts = sp->lcp.opts; 6248 status->magic = sp->lcp.magic; 6249 status->mru = sp->lcp.mru; 6250 SPPP_UNLOCK(sp); 6251 } 6252 break; 6253 case SPPPGETIPCPSTATUS: 6254 { 6255 struct spppipcpstatus *status = 6256 (struct spppipcpstatus *)data; 6257 u_int32_t myaddr; 6258 6259 SPPP_LOCK(sp, RW_READER); 6260 status->state = sp->scp[IDX_IPCP].state; 6261 status->opts = sp->ipcp.opts; 6262 #ifdef INET 6263 sppp_get_ip_addrs(sp, &myaddr, 0, 0); 6264 #else 6265 myaddr = 0; 6266 #endif 6267 status->myaddr = ntohl(myaddr); 6268 SPPP_UNLOCK(sp); 6269 } 6270 break; 6271 case SPPPGETIPV6CPSTATUS: 6272 { 6273 struct spppipv6cpstatus *status = 6274 (struct spppipv6cpstatus *)data; 6275 6276 SPPP_LOCK(sp, RW_READER); 6277 status->state = sp->scp[IDX_IPV6CP].state; 6278 memcpy(status->my_ifid, sp->ipv6cp.my_ifid, 6279 sizeof(status->my_ifid)); 6280 memcpy(status->his_ifid, sp->ipv6cp.his_ifid, 6281 sizeof(status->his_ifid)); 6282 SPPP_UNLOCK(sp); 6283 } 6284 break; 6285 default: 6286 { 6287 int ret; 6288 6289 MODULE_HOOK_CALL(sppp_params_50_hook, (sp, cmd, data), 6290 enosys(), ret); 6291 if (ret != ENOSYS) 6292 return ret; 6293 return (EINVAL); 6294 } 6295 } 6296 return (0); 6297 } 6298 6299 static void 6300 sppp_phase_network(struct sppp *sp) 6301 { 6302 int i; 6303 6304 KASSERT(SPPP_WLOCKED(sp)); 6305 6306 sppp_change_phase(sp, SPPP_PHASE_NETWORK); 6307 6308 /* Notify NCPs now. */ 6309 for (i = 0; i < IDX_COUNT; i++) 6310 if ((cps[i])->flags & CP_NCP) 6311 sppp_wq_add(sp->wq_cp, &sp->scp[i].work_open); 6312 } 6313 6314 static const char * 6315 sppp_cp_type_name(char *buf, size_t buflen, u_char type) 6316 { 6317 6318 switch (type) { 6319 case CONF_REQ: return "conf-req"; 6320 case CONF_ACK: return "conf-ack"; 6321 case CONF_NAK: return "conf-nak"; 6322 case CONF_REJ: return "conf-rej"; 6323 case TERM_REQ: return "term-req"; 6324 case TERM_ACK: return "term-ack"; 6325 case CODE_REJ: return "code-rej"; 6326 case PROTO_REJ: return "proto-rej"; 6327 case ECHO_REQ: return "echo-req"; 6328 case ECHO_REPLY: return "echo-reply"; 6329 case DISC_REQ: return "discard-req"; 6330 } 6331 if (buf != NULL) 6332 snprintf(buf, buflen, "0x%02x", type); 6333 return buf; 6334 } 6335 6336 static const char * 6337 sppp_auth_type_name(char *buf, size_t buflen, u_short proto, u_char type) 6338 { 6339 const char *name; 6340 6341 switch (proto) { 6342 case PPP_CHAP: 6343 switch (type) { 6344 case CHAP_CHALLENGE: return "challenge"; 6345 case CHAP_RESPONSE: return "response"; 6346 case CHAP_SUCCESS: return "success"; 6347 case CHAP_FAILURE: return "failure"; 6348 default: name = "chap"; break; 6349 } 6350 break; 6351 6352 case PPP_PAP: 6353 switch (type) { 6354 case PAP_REQ: return "req"; 6355 case PAP_ACK: return "ack"; 6356 case PAP_NAK: return "nak"; 6357 default: name = "pap"; break; 6358 } 6359 break; 6360 6361 default: 6362 name = "bad"; 6363 break; 6364 } 6365 6366 if (buf != NULL) 6367 snprintf(buf, buflen, "%s(%#x) 0x%02x", name, proto, type); 6368 return buf; 6369 } 6370 6371 static const char * 6372 sppp_lcp_opt_name(char *buf, size_t buflen, u_char opt) 6373 { 6374 6375 switch (opt) { 6376 case LCP_OPT_MRU: return "mru"; 6377 case LCP_OPT_ASYNC_MAP: return "async-map"; 6378 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 6379 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 6380 case LCP_OPT_MAGIC: return "magic"; 6381 case LCP_OPT_PROTO_COMP: return "proto-comp"; 6382 case LCP_OPT_ADDR_COMP: return "addr-comp"; 6383 case LCP_OPT_SELF_DESC_PAD: return "sdpad"; 6384 case LCP_OPT_CALL_BACK: return "callback"; 6385 case LCP_OPT_COMPOUND_FRMS: return "cmpd-frms"; 6386 case LCP_OPT_MP_MRRU: return "mrru"; 6387 case LCP_OPT_MP_SSNHF: return "mp-ssnhf"; 6388 case LCP_OPT_MP_EID: return "mp-eid"; 6389 } 6390 if (buf != NULL) 6391 snprintf(buf, buflen, "0x%02x", opt); 6392 return buf; 6393 } 6394 6395 static const char * 6396 sppp_ipcp_opt_name(char *buf, size_t buflen, u_char opt) 6397 { 6398 6399 switch (opt) { 6400 case IPCP_OPT_ADDRESSES: return "addresses"; 6401 case IPCP_OPT_COMPRESSION: return "compression"; 6402 case IPCP_OPT_ADDRESS: return "address"; 6403 case IPCP_OPT_PRIMDNS: return "primdns"; 6404 case IPCP_OPT_SECDNS: return "secdns"; 6405 } 6406 if (buf != NULL) 6407 snprintf(buf, buflen, "0x%02x", opt); 6408 return buf; 6409 } 6410 6411 #ifdef INET6 6412 static const char * 6413 sppp_ipv6cp_opt_name(char *buf, size_t buflen, u_char opt) 6414 { 6415 6416 switch (opt) { 6417 case IPV6CP_OPT_IFID: return "ifid"; 6418 case IPV6CP_OPT_COMPRESSION: return "compression"; 6419 } 6420 if (buf != NULL) 6421 snprintf(buf, buflen, "0x%02x", opt); 6422 return buf; 6423 } 6424 #endif 6425 6426 static const char * 6427 sppp_state_name(int state) 6428 { 6429 6430 switch (state) { 6431 case STATE_INITIAL: return "initial"; 6432 case STATE_STARTING: return "starting"; 6433 case STATE_CLOSED: return "closed"; 6434 case STATE_STOPPED: return "stopped"; 6435 case STATE_CLOSING: return "closing"; 6436 case STATE_STOPPING: return "stopping"; 6437 case STATE_REQ_SENT: return "req-sent"; 6438 case STATE_ACK_RCVD: return "ack-rcvd"; 6439 case STATE_ACK_SENT: return "ack-sent"; 6440 case STATE_OPENED: return "opened"; 6441 } 6442 return "illegal"; 6443 } 6444 6445 static const char * 6446 sppp_phase_name(int phase) 6447 { 6448 6449 switch (phase) { 6450 case SPPP_PHASE_DEAD: return "dead"; 6451 case SPPP_PHASE_ESTABLISH: return "establish"; 6452 case SPPP_PHASE_TERMINATE: return "terminate"; 6453 case SPPP_PHASE_AUTHENTICATE: return "authenticate"; 6454 case SPPP_PHASE_NETWORK: return "network"; 6455 } 6456 return "illegal"; 6457 } 6458 6459 static const char * 6460 sppp_proto_name(char *buf, size_t buflen, u_short proto) 6461 { 6462 6463 switch (proto) { 6464 case PPP_LCP: return "lcp"; 6465 case PPP_IPCP: return "ipcp"; 6466 case PPP_PAP: return "pap"; 6467 case PPP_CHAP: return "chap"; 6468 case PPP_IPV6CP: return "ipv6cp"; 6469 } 6470 if (buf != NULL) { 6471 snprintf(buf, sizeof(buf), "0x%04x", 6472 (unsigned)proto); 6473 } 6474 return buf; 6475 } 6476 6477 static void 6478 sppp_print_bytes(const u_char *p, u_short len) 6479 { 6480 addlog(" %02x", *p++); 6481 while (--len > 0) 6482 addlog("-%02x", *p++); 6483 } 6484 6485 static void 6486 sppp_print_string(const char *p, u_short len) 6487 { 6488 u_char c; 6489 6490 while (len-- > 0) { 6491 c = *p++; 6492 /* 6493 * Print only ASCII chars directly. RFC 1994 recommends 6494 * using only them, but we don't rely on it. */ 6495 if (c < ' ' || c > '~') 6496 addlog("\\x%x", c); 6497 else 6498 addlog("%c", c); 6499 } 6500 } 6501 6502 static const char * 6503 sppp_dotted_quad(char *buf, size_t buflen, uint32_t addr) 6504 { 6505 6506 if (buf != NULL) { 6507 snprintf(buf, buflen, "%u.%u.%u.%u", 6508 (unsigned int)((addr >> 24) & 0xff), 6509 (unsigned int)((addr >> 16) & 0xff), 6510 (unsigned int)((addr >> 8) & 0xff), 6511 (unsigned int)(addr & 0xff)); 6512 } 6513 return buf; 6514 } 6515 6516 /* a dummy, used to drop uninteresting events */ 6517 static void 6518 sppp_null(struct sppp *unused) 6519 { 6520 /* do just nothing */ 6521 } 6522 6523 static void 6524 sppp_tls(const struct cp *cp, struct sppp *sp) 6525 { 6526 6527 SPPP_DLOG(sp, "%s tls\n", cp->name); 6528 6529 /* notify lcp that is lower layer */ 6530 sp->lcp.protos |= (1 << cp->protoidx); 6531 } 6532 6533 static void 6534 sppp_tlf(const struct cp *cp, struct sppp *sp) 6535 { 6536 6537 SPPP_DLOG(sp, "%s tlf\n", cp->name); 6538 6539 /* notify lcp that is lower layer */ 6540 sp->lcp.protos &= ~(1 << cp->protoidx); 6541 6542 /* cleanup */ 6543 if (sp->scp[cp->protoidx].mbuf_confreq != NULL) { 6544 m_freem(sp->scp[cp->protoidx].mbuf_confreq); 6545 sp->scp[cp->protoidx].mbuf_confreq = NULL; 6546 } 6547 if (sp->scp[cp->protoidx].mbuf_confnak != NULL) { 6548 m_freem(sp->scp[cp->protoidx].mbuf_confnak); 6549 sp->scp[cp->protoidx].mbuf_confnak = NULL; 6550 } 6551 6552 sppp_lcp_check_and_close(sp); 6553 } 6554 6555 static void 6556 sppp_screply(const struct cp *cp, struct sppp *sp, u_char type, 6557 uint8_t ident, size_t msglen, void *msg) 6558 { 6559 6560 if (msglen == 0) 6561 return; 6562 6563 switch (type) { 6564 case CONF_ACK: 6565 case CONF_NAK: 6566 case CONF_REJ: 6567 break; 6568 default: 6569 return; 6570 } 6571 6572 if (sppp_debug_enabled(sp)) { 6573 char tbuf[SPPP_CPTYPE_NAMELEN]; 6574 const char *cpname; 6575 6576 cpname = sppp_cp_type_name(tbuf, sizeof(tbuf), type); 6577 SPPP_LOG(sp, LOG_DEBUG, "send %s\n", cpname); 6578 } 6579 6580 sppp_cp_send(sp, cp->proto, type, ident, msglen, msg); 6581 } 6582 6583 static void 6584 sppp_ifdown(struct sppp *sp, void *xcp __unused) 6585 { 6586 6587 SPPP_UNLOCK(sp); 6588 if_down(&sp->pp_if); 6589 IF_PURGE(&sp->pp_cpq); 6590 SPPP_LOCK(sp, RW_WRITER); 6591 } 6592 6593 static void 6594 sppp_notify_up(struct sppp *sp) 6595 { 6596 6597 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_up); 6598 } 6599 6600 static void 6601 sppp_notify_down(struct sppp *sp) 6602 { 6603 6604 sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_down); 6605 } 6606 6607 static void 6608 sppp_notify_tls_wlocked(struct sppp *sp) 6609 { 6610 6611 KASSERT(SPPP_WLOCKED(sp)); 6612 6613 if (!sp->pp_tls) 6614 return; 6615 6616 SPPP_UNLOCK(sp); 6617 sp->pp_tls(sp); 6618 SPPP_LOCK(sp, RW_WRITER); 6619 } 6620 6621 static void 6622 sppp_notify_tlf_wlocked(struct sppp *sp) 6623 { 6624 6625 KASSERT(SPPP_WLOCKED(sp)); 6626 6627 if (!sp->pp_tlf) 6628 return; 6629 6630 SPPP_UNLOCK(sp); 6631 sp->pp_tlf(sp); 6632 SPPP_LOCK(sp, RW_WRITER); 6633 } 6634 6635 static void 6636 sppp_notify_con(struct sppp *sp) 6637 { 6638 6639 if (!sp->pp_con) 6640 return; 6641 6642 sp->pp_con(sp); 6643 } 6644 6645 #ifdef INET6 6646 static void 6647 sppp_notify_con_wlocked(struct sppp *sp) 6648 { 6649 6650 KASSERT(SPPP_WLOCKED(sp)); 6651 6652 SPPP_UNLOCK(sp); 6653 sppp_notify_con(sp); 6654 SPPP_LOCK(sp, RW_WRITER); 6655 6656 } 6657 #endif 6658 6659 static void 6660 sppp_notify_chg_wlocked(struct sppp *sp) 6661 { 6662 6663 KASSERT(SPPP_WLOCKED(sp)); 6664 6665 if (!sp->pp_chg) 6666 return; 6667 6668 SPPP_UNLOCK(sp); 6669 sp->pp_chg(sp, sp->pp_phase); 6670 SPPP_LOCK(sp, RW_WRITER); 6671 } 6672 6673 static void 6674 sppp_wq_work(struct work *wk, void *xsp) 6675 { 6676 struct sppp *sp; 6677 struct sppp_work *work; 6678 6679 sp = xsp; 6680 work = container_of(wk, struct sppp_work, work); 6681 atomic_cas_uint(&work->state, SPPP_WK_BUSY, SPPP_WK_FREE); 6682 6683 SPPP_LOCK(sp, RW_WRITER); 6684 work->func(sp, work->arg); 6685 SPPP_UNLOCK(sp); 6686 } 6687 6688 static struct workqueue * 6689 sppp_wq_create(struct sppp *sp, const char *xnamebuf, pri_t prio, int ipl, int flags) 6690 { 6691 struct workqueue *wq; 6692 int error; 6693 6694 error = workqueue_create(&wq, xnamebuf, sppp_wq_work, 6695 (void *)sp, prio, ipl, flags); 6696 if (error) { 6697 panic("%s: workqueue_create failed [%s, %d]\n", 6698 sp->pp_if.if_xname, xnamebuf, error); 6699 } 6700 6701 return wq; 6702 } 6703 6704 static void 6705 sppp_wq_destroy(struct sppp *sp __unused, struct workqueue *wq) 6706 { 6707 6708 workqueue_destroy(wq); 6709 } 6710 6711 static void 6712 sppp_wq_set(struct sppp_work *work, 6713 void (*func)(struct sppp *, void *), void *arg) 6714 { 6715 6716 work->func = func; 6717 work->arg = arg; 6718 } 6719 6720 static void 6721 sppp_wq_add(struct workqueue *wq, struct sppp_work *work) 6722 { 6723 6724 if (atomic_cas_uint(&work->state, SPPP_WK_FREE, SPPP_WK_BUSY) 6725 != SPPP_WK_FREE) 6726 return; 6727 6728 KASSERT(work->func != NULL); 6729 kpreempt_disable(); 6730 workqueue_enqueue(wq, &work->work, NULL); 6731 kpreempt_enable(); 6732 } 6733 static void 6734 sppp_wq_wait(struct workqueue *wq, struct sppp_work *work) 6735 { 6736 6737 atomic_swap_uint(&work->state, SPPP_WK_UNAVAIL); 6738 workqueue_wait(wq, &work->work); 6739 } 6740 6741 /* 6742 * This file is large. Tell emacs to highlight it nevertheless. 6743 * 6744 * Local Variables: 6745 * hilit-auto-highlight-maxout: 120000 6746 * End: 6747 */ 6748 6749 /* 6750 * Module glue 6751 */ 6752 MODULE(MODULE_CLASS_MISC, sppp_subr, NULL); 6753 6754 static int 6755 sppp_subr_modcmd(modcmd_t cmd, void *arg) 6756 { 6757 6758 switch (cmd) { 6759 case MODULE_CMD_INIT: 6760 case MODULE_CMD_FINI: 6761 return 0; 6762 case MODULE_CMD_STAT: 6763 case MODULE_CMD_AUTOUNLOAD: 6764 default: 6765 return ENOTTY; 6766 } 6767 } 6768
Indexes created Fri Sep 26 20:09:58 GMT 2025