if_spppsubr.c revision 1.3
1 /* 2 * Synchronous PPP/Cisco link level subroutines. 3 * Keepalive protocol implemented in both Cisco and PPP modes. 4 * 5 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 6 * Author: Serge Vakulenko, <vak (at) cronyx.ru> 7 * 8 * Heavily revamped to conform to RFC 1661. 9 * Copyright (C) 1997, Joerg Wunsch. 10 * 11 * This software is distributed with NO WARRANTIES, not even the implied 12 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 13 * 14 * Authors grant any other persons or organisations permission to use 15 * or modify this software as long as this message is kept with the software, 16 * all derivative works or modified versions. 17 * 18 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 19 * 20 * From: if_spppsubr.c,v 1.39 1998/04/04 13:26:03 phk Exp 21 * 22 * $Id: if_spppsubr.c,v 1.3 1999/04/04 06:07:57 explorer Exp $ 23 */ 24 25 #if defined(__NetBSD__) || (defined(__FreeBSD__) && __FreeBSD__ >= 3) 26 #include "opt_inet.h" 27 #include "opt_ipx.h" 28 #include "opt_iso.h" 29 #include "opt_ns.h" 30 #endif 31 32 #include <sys/param.h> 33 34 #include <sys/systm.h> 35 #include <sys/kernel.h> 36 #include <sys/sockio.h> 37 #include <sys/socket.h> 38 #include <sys/syslog.h> 39 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 40 #include <machine/random.h> 41 #endif 42 #include <sys/malloc.h> 43 #include <sys/mbuf.h> 44 45 #if defined (__OpenBSD__) 46 #include <sys/md5k.h> 47 #else 48 #include <sys/md5.h> 49 #endif 50 51 #include <net/if.h> 52 #include <net/netisr.h> 53 #include <net/if_types.h> 54 #include <net/route.h> 55 56 #include <machine/stdarg.h> 57 58 #ifdef INET 59 #include <netinet/in.h> 60 #include <netinet/in_systm.h> 61 #include <netinet/in_var.h> 62 #include <netinet/ip.h> 63 #include <netinet/tcp.h> 64 #if defined (__FreeBSD__) || defined (__OpenBSD__) 65 #include <netinet/if_ether.h> 66 #else 67 #include <net/ethertypes.h> 68 #endif 69 #else 70 #error Huh? sppp without INET? 71 #endif 72 73 #ifdef IPX 74 #include <netipx/ipx.h> 75 #include <netipx/ipx_if.h> 76 #endif 77 78 #ifdef NS 79 #include <netns/ns.h> 80 #include <netns/ns_if.h> 81 #endif 82 83 #ifdef ISO 84 #include <netiso/argo_debug.h> 85 #include <netiso/iso.h> 86 #include <netiso/iso_var.h> 87 #include <netiso/iso_snpac.h> 88 #endif 89 90 #if defined(__FreeBSD__) || defined(__NetBSD__) 91 #include <net/if_sppp.h> 92 #else 93 #include <i4b/sppp/if_sppp.h> 94 #endif 95 #if defined(__NetBSD__) || defined (__OpenBSD__) 96 #include <machine/cpu.h> /* XXX for softnet */ 97 #endif 98 99 #define MAXALIVECNT 3 /* max. alive packets */ 100 101 /* 102 * Interface flags that can be set in an ifconfig command. 103 * 104 * Setting link0 will make the link passive, i.e. it will be marked 105 * as being administrative openable, but won't be opened to begin 106 * with. Incoming calls will be answered, or subsequent calls with 107 * -link1 will cause the administrative open of the LCP layer. 108 * 109 * Setting link1 will cause the link to auto-dial only as packets 110 * arrive to be sent. 111 * 112 * Setting IFF_DEBUG will syslog the option negotiation and state 113 * transitions at level kern.debug. Note: all logs consistently look 114 * like 115 * 116 * <if-name><unit>: <proto-name> <additional info...> 117 * 118 * with <if-name><unit> being something like "bppp0", and <proto-name> 119 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 120 */ 121 122 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 123 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 124 125 #define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 126 #define PPP_UI 0x03 /* Unnumbered Information */ 127 #define PPP_IP 0x0021 /* Internet Protocol */ 128 #define PPP_ISO 0x0023 /* ISO OSI Protocol */ 129 #define PPP_XNS 0x0025 /* Xerox NS Protocol */ 130 #define PPP_IPX 0x002b /* Novell IPX Protocol */ 131 #define PPP_LCP 0xc021 /* Link Control Protocol */ 132 #define PPP_PAP 0xc023 /* Password Authentication Protocol */ 133 #define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 134 #define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 135 136 #define CONF_REQ 1 /* PPP configure request */ 137 #define CONF_ACK 2 /* PPP configure acknowledge */ 138 #define CONF_NAK 3 /* PPP configure negative ack */ 139 #define CONF_REJ 4 /* PPP configure reject */ 140 #define TERM_REQ 5 /* PPP terminate request */ 141 #define TERM_ACK 6 /* PPP terminate acknowledge */ 142 #define CODE_REJ 7 /* PPP code reject */ 143 #define PROTO_REJ 8 /* PPP protocol reject */ 144 #define ECHO_REQ 9 /* PPP echo request */ 145 #define ECHO_REPLY 10 /* PPP echo reply */ 146 #define DISC_REQ 11 /* PPP discard request */ 147 148 #define LCP_OPT_MRU 1 /* maximum receive unit */ 149 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 150 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 151 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 152 #define LCP_OPT_MAGIC 5 /* magic number */ 153 #define LCP_OPT_RESERVED 6 /* reserved */ 154 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 155 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 156 157 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 158 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 159 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 160 161 #define PAP_REQ 1 /* PAP name/password request */ 162 #define PAP_ACK 2 /* PAP acknowledge */ 163 #define PAP_NAK 3 /* PAP fail */ 164 165 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 166 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 167 #define CHAP_SUCCESS 3 /* CHAP response ok */ 168 #define CHAP_FAILURE 4 /* CHAP response failed */ 169 170 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 171 172 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 173 #define CISCO_UNICAST 0x0f /* Cisco unicast address */ 174 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 175 #define CISCO_ADDR_REQ 0 /* Cisco address request */ 176 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 177 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 178 179 /* states are named and numbered according to RFC 1661 */ 180 #define STATE_INITIAL 0 181 #define STATE_STARTING 1 182 #define STATE_CLOSED 2 183 #define STATE_STOPPED 3 184 #define STATE_CLOSING 4 185 #define STATE_STOPPING 5 186 #define STATE_REQ_SENT 6 187 #define STATE_ACK_RCVD 7 188 #define STATE_ACK_SENT 8 189 #define STATE_OPENED 9 190 191 struct ppp_header { 192 u_char address; 193 u_char control; 194 u_short protocol; 195 }; 196 #define PPP_HEADER_LEN sizeof (struct ppp_header) 197 198 struct lcp_header { 199 u_char type; 200 u_char ident; 201 u_short len; 202 }; 203 #define LCP_HEADER_LEN sizeof (struct lcp_header) 204 205 struct cisco_packet { 206 u_long type; 207 u_long par1; 208 u_long par2; 209 u_short rel; 210 u_short time0; 211 u_short time1; 212 }; 213 #define CISCO_PACKET_LEN 18 214 215 /* 216 * We follow the spelling and capitalization of RFC 1661 here, to make 217 * it easier comparing with the standard. Please refer to this RFC in 218 * case you can't make sense out of these abbreviation; it will also 219 * explain the semantics related to the various events and actions. 220 */ 221 struct cp { 222 u_short proto; /* PPP control protocol number */ 223 u_char protoidx; /* index into state table in struct sppp */ 224 u_char flags; 225 #define CP_LCP 0x01 /* this is the LCP */ 226 #define CP_AUTH 0x02 /* this is an authentication protocol */ 227 #define CP_NCP 0x04 /* this is a NCP */ 228 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 229 const char *name; /* name of this control protocol */ 230 /* event handlers */ 231 void (*Up)(struct sppp *sp); 232 void (*Down)(struct sppp *sp); 233 void (*Open)(struct sppp *sp); 234 void (*Close)(struct sppp *sp); 235 void (*TO)(void *sp); 236 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 237 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 238 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 239 /* actions */ 240 void (*tlu)(struct sppp *sp); 241 void (*tld)(struct sppp *sp); 242 void (*tls)(struct sppp *sp); 243 void (*tlf)(struct sppp *sp); 244 void (*scr)(struct sppp *sp); 245 }; 246 247 static struct sppp *spppq; 248 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 249 static struct callout_handle keepalive_ch; 250 #endif 251 252 #ifdef __FreeBSD__ 253 #define SPP_FMT "%s%d: " 254 #define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 255 #else 256 #define SPP_FMT "%s: " 257 #define SPP_ARGS(ifp) (ifp)->if_xname 258 #endif 259 260 /* 261 * The following disgusting hack gets around the problem that IP TOS 262 * can't be set yet. We want to put "interactive" traffic on a high 263 * priority queue. To decide if traffic is interactive, we check that 264 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 265 * 266 * XXX is this really still necessary? - joerg - 267 */ 268 static u_short interactive_ports[8] = { 269 0, 513, 0, 0, 270 0, 21, 0, 23, 271 }; 272 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 273 274 /* almost every function needs these */ 275 #define STDDCL \ 276 struct ifnet *ifp = &sp->pp_if; \ 277 int debug = ifp->if_flags & IFF_DEBUG 278 279 static int sppp_output(struct ifnet *ifp, struct mbuf *m, 280 struct sockaddr *dst, struct rtentry *rt); 281 282 static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 283 static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 284 285 static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 286 struct mbuf *m); 287 static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 288 u_char ident, u_short len, void *data); 289 /* static void sppp_cp_timeout(void *arg); */ 290 static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 291 int newstate); 292 static void sppp_auth_send(const struct cp *cp, 293 struct sppp *sp, unsigned int type, unsigned int id, 294 ...); 295 296 static void sppp_up_event(const struct cp *cp, struct sppp *sp); 297 static void sppp_down_event(const struct cp *cp, struct sppp *sp); 298 static void sppp_open_event(const struct cp *cp, struct sppp *sp); 299 static void sppp_close_event(const struct cp *cp, struct sppp *sp); 300 static void sppp_to_event(const struct cp *cp, struct sppp *sp); 301 302 static void sppp_null(struct sppp *sp); 303 304 static void sppp_lcp_init(struct sppp *sp); 305 static void sppp_lcp_up(struct sppp *sp); 306 static void sppp_lcp_down(struct sppp *sp); 307 static void sppp_lcp_open(struct sppp *sp); 308 static void sppp_lcp_close(struct sppp *sp); 309 static void sppp_lcp_TO(void *sp); 310 static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 311 static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 312 static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 313 static void sppp_lcp_tlu(struct sppp *sp); 314 static void sppp_lcp_tld(struct sppp *sp); 315 static void sppp_lcp_tls(struct sppp *sp); 316 static void sppp_lcp_tlf(struct sppp *sp); 317 static void sppp_lcp_scr(struct sppp *sp); 318 static void sppp_lcp_check_and_close(struct sppp *sp); 319 static int sppp_ncp_check(struct sppp *sp); 320 321 static void sppp_ipcp_init(struct sppp *sp); 322 static void sppp_ipcp_up(struct sppp *sp); 323 static void sppp_ipcp_down(struct sppp *sp); 324 static void sppp_ipcp_open(struct sppp *sp); 325 static void sppp_ipcp_close(struct sppp *sp); 326 static void sppp_ipcp_TO(void *sp); 327 static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 328 static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 329 static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 330 static void sppp_ipcp_tlu(struct sppp *sp); 331 static void sppp_ipcp_tld(struct sppp *sp); 332 static void sppp_ipcp_tls(struct sppp *sp); 333 static void sppp_ipcp_tlf(struct sppp *sp); 334 static void sppp_ipcp_scr(struct sppp *sp); 335 336 static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 337 static void sppp_pap_init(struct sppp *sp); 338 static void sppp_pap_open(struct sppp *sp); 339 static void sppp_pap_close(struct sppp *sp); 340 static void sppp_pap_TO(void *sp); 341 static void sppp_pap_my_TO(void *sp); 342 static void sppp_pap_tlu(struct sppp *sp); 343 static void sppp_pap_tld(struct sppp *sp); 344 static void sppp_pap_scr(struct sppp *sp); 345 346 static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 347 static void sppp_chap_init(struct sppp *sp); 348 static void sppp_chap_open(struct sppp *sp); 349 static void sppp_chap_close(struct sppp *sp); 350 static void sppp_chap_TO(void *sp); 351 static void sppp_chap_tlu(struct sppp *sp); 352 static void sppp_chap_tld(struct sppp *sp); 353 static void sppp_chap_scr(struct sppp *sp); 354 355 static const char *sppp_auth_type_name(u_short proto, u_char type); 356 static const char *sppp_cp_type_name(u_char type); 357 static const char *sppp_dotted_quad(u_long addr); 358 static const char *sppp_ipcp_opt_name(u_char opt); 359 static const char *sppp_lcp_opt_name(u_char opt); 360 static const char *sppp_phase_name(enum ppp_phase phase); 361 static const char *sppp_proto_name(u_short proto); 362 static const char *sppp_state_name(int state); 363 static int sppp_params(struct sppp *sp, int cmd, void *data); 364 static int sppp_strnlen(u_char *p, int max); 365 static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 366 u_long *srcmask); 367 static void sppp_keepalive(void *dummy); 368 static void sppp_phase_network(struct sppp *sp); 369 static void sppp_print_bytes(const u_char *p, u_short len); 370 static void sppp_print_string(const char *p, u_short len); 371 static void sppp_qflush(struct ifqueue *ifq); 372 static void sppp_set_ip_addr(struct sppp *sp, u_long src); 373 374 /* our control protocol descriptors */ 375 static const struct cp lcp = { 376 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 377 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 378 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 379 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 380 sppp_lcp_scr 381 }; 382 383 static const struct cp ipcp = { 384 PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp", 385 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 386 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 387 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 388 sppp_ipcp_scr 389 }; 390 391 static const struct cp pap = { 392 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 393 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 394 sppp_pap_TO, 0, 0, 0, 395 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 396 sppp_pap_scr 397 }; 398 399 static const struct cp chap = { 400 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 401 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 402 sppp_chap_TO, 0, 0, 0, 403 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 404 sppp_chap_scr 405 }; 406 407 static const struct cp *cps[IDX_COUNT] = { 408 &lcp, /* IDX_LCP */ 409 &ipcp, /* IDX_IPCP */ 410 &pap, /* IDX_PAP */ 411 &chap, /* IDX_CHAP */ 412 }; 413 414 415 /* 417 * Exported functions, comprising our interface to the lower layer. 418 */ 419 420 /* 421 * Process the received packet. 422 */ 423 void 424 sppp_input(struct ifnet *ifp, struct mbuf *m) 425 { 426 struct ppp_header *h; 427 struct ifqueue *inq = 0; 428 int s; 429 struct sppp *sp = (struct sppp *)ifp; 430 int debug = ifp->if_flags & IFF_DEBUG; 431 432 if (ifp->if_flags & IFF_UP) 433 /* Count received bytes, add FCS and one flag */ 434 ifp->if_ibytes += m->m_pkthdr.len + 3; 435 436 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 437 /* Too small packet, drop it. */ 438 if (debug) 439 log(LOG_DEBUG, 440 SPP_FMT "input packet is too small, %d bytes\n", 441 SPP_ARGS(ifp), m->m_pkthdr.len); 442 drop: 443 ++ifp->if_ierrors; 444 ++ifp->if_iqdrops; 445 m_freem (m); 446 return; 447 } 448 449 /* Get PPP header. */ 450 h = mtod (m, struct ppp_header*); 451 m_adj (m, PPP_HEADER_LEN); 452 453 switch (h->address) { 454 case PPP_ALLSTATIONS: 455 if (h->control != PPP_UI) 456 goto invalid; 457 if (sp->pp_flags & PP_CISCO) { 458 if (debug) 459 log(LOG_DEBUG, 460 SPP_FMT "PPP packet in Cisco mode " 461 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 462 SPP_ARGS(ifp), 463 h->address, h->control, ntohs(h->protocol)); 464 goto drop; 465 } 466 switch (ntohs (h->protocol)) { 467 default: 468 if (sp->state[IDX_LCP] == STATE_OPENED) 469 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 470 ++sp->pp_seq, m->m_pkthdr.len + 2, 471 &h->protocol); 472 if (debug) 473 log(LOG_DEBUG, 474 SPP_FMT "invalid input protocol " 475 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 476 SPP_ARGS(ifp), 477 h->address, h->control, ntohs(h->protocol)); 478 ++ifp->if_noproto; 479 goto drop; 480 case PPP_LCP: 481 sppp_cp_input(&lcp, sp, m); 482 m_freem (m); 483 return; 484 case PPP_PAP: 485 if (sp->pp_phase >= PHASE_AUTHENTICATE) 486 sppp_pap_input(sp, m); 487 m_freem (m); 488 return; 489 case PPP_CHAP: 490 if (sp->pp_phase >= PHASE_AUTHENTICATE) 491 sppp_chap_input(sp, m); 492 m_freem (m); 493 return; 494 #ifdef INET 495 case PPP_IPCP: 496 if (sp->pp_phase == PHASE_NETWORK) 497 sppp_cp_input(&ipcp, sp, m); 498 m_freem (m); 499 return; 500 case PPP_IP: 501 if (sp->state[IDX_IPCP] == STATE_OPENED) { 502 schednetisr (NETISR_IP); 503 inq = &ipintrq; 504 } 505 break; 506 #endif 507 #ifdef IPX 508 case PPP_IPX: 509 /* IPX IPXCP not implemented yet */ 510 if (sp->pp_phase == PHASE_NETWORK) { 511 schednetisr (NETISR_IPX); 512 inq = &ipxintrq; 513 } 514 break; 515 #endif 516 #ifdef NS 517 case PPP_XNS: 518 /* XNS IDPCP not implemented yet */ 519 if (sp->pp_phase == PHASE_NETWORK) { 520 schednetisr (NETISR_NS); 521 inq = &nsintrq; 522 } 523 break; 524 #endif 525 #ifdef ISO 526 case PPP_ISO: 527 /* OSI NLCP not implemented yet */ 528 if (sp->pp_phase == PHASE_NETWORK) { 529 schednetisr (NETISR_ISO); 530 inq = &clnlintrq; 531 } 532 break; 533 #endif 534 } 535 break; 536 case CISCO_MULTICAST: 537 case CISCO_UNICAST: 538 /* Don't check the control field here (RFC 1547). */ 539 if (! (sp->pp_flags & PP_CISCO)) { 540 if (debug) 541 log(LOG_DEBUG, 542 SPP_FMT "Cisco packet in PPP mode " 543 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 544 SPP_ARGS(ifp), 545 h->address, h->control, ntohs(h->protocol)); 546 goto drop; 547 } 548 switch (ntohs (h->protocol)) { 549 default: 550 ++ifp->if_noproto; 551 goto invalid; 552 case CISCO_KEEPALIVE: 553 sppp_cisco_input ((struct sppp*) ifp, m); 554 m_freem (m); 555 return; 556 #ifdef INET 557 case ETHERTYPE_IP: 558 schednetisr (NETISR_IP); 559 inq = &ipintrq; 560 break; 561 #endif 562 #ifdef IPX 563 case ETHERTYPE_IPX: 564 schednetisr (NETISR_IPX); 565 inq = &ipxintrq; 566 break; 567 #endif 568 #ifdef NS 569 case ETHERTYPE_NS: 570 schednetisr (NETISR_NS); 571 inq = &nsintrq; 572 break; 573 #endif 574 } 575 break; 576 default: /* Invalid PPP packet. */ 577 invalid: 578 if (debug) 579 log(LOG_DEBUG, 580 SPP_FMT "invalid input packet " 581 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 582 SPP_ARGS(ifp), 583 h->address, h->control, ntohs(h->protocol)); 584 goto drop; 585 } 586 587 if (! (ifp->if_flags & IFF_UP) || ! inq) 588 goto drop; 589 590 /* Check queue. */ 591 s = splimp(); 592 if (IF_QFULL (inq)) { 593 /* Queue overflow. */ 594 IF_DROP(inq); 595 splx(s); 596 if (debug) 597 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 598 SPP_ARGS(ifp)); 599 goto drop; 600 } 601 IF_ENQUEUE(inq, m); 602 splx(s); 603 } 604 605 /* 606 * Enqueue transmit packet. 607 */ 608 static int 609 sppp_output(struct ifnet *ifp, struct mbuf *m, 610 struct sockaddr *dst, struct rtentry *rt) 611 { 612 struct sppp *sp = (struct sppp*) ifp; 613 struct ppp_header *h; 614 struct ifqueue *ifq; 615 int s, rv = 0; 616 617 s = splimp(); 618 619 if ((ifp->if_flags & IFF_UP) == 0 || 620 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 621 m_freem (m); 622 splx (s); 623 return (ENETDOWN); 624 } 625 626 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 627 /* 628 * Interface is not yet running, but auto-dial. Need 629 * to start LCP for it. 630 */ 631 ifp->if_flags |= IFF_RUNNING; 632 splx(s); 633 lcp.Open(sp); 634 s = splimp(); 635 } 636 637 ifq = &ifp->if_snd; 638 639 #ifdef INET 640 if (dst->sa_family == AF_INET) 641 { 642 /* Check mbuf length here??? */ 643 struct ip *ip = mtod (m, struct ip*); 644 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 645 646 /* 647 * When using dynamic local IP address assignment by using 648 * 0.0.0.0 as a local address, the first TCP session will 649 * not connect because the local TCP checksum is computed 650 * using 0.0.0.0 which will later become our real IP address 651 * so the TCP checksum computed at the remote end will 652 * become invalid. So we 653 * - don't let packets with src ip addr 0 thru 654 * - we flag TCP packets with src ip 0 as an error 655 */ 656 657 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 658 { 659 m_freem(m); 660 splx(s); 661 if(ip->ip_p == IPPROTO_TCP) 662 return(EADDRNOTAVAIL); 663 else 664 return(0); 665 } 666 667 /* 668 * Put low delay, telnet, rlogin and ftp control packets 669 * in front of the queue. 670 */ 671 672 if (! IF_QFULL (&sp->pp_fastq) && 673 ((ip->ip_tos & IPTOS_LOWDELAY) || 674 ((ip->ip_p == IPPROTO_TCP && 675 m->m_len >= sizeof (struct ip) + sizeof (struct tcphdr) && 676 (INTERACTIVE (ntohs (tcp->th_sport)))) || 677 INTERACTIVE (ntohs (tcp->th_dport))))) 678 ifq = &sp->pp_fastq; 679 } 680 #endif 681 682 /* 683 * Prepend general data packet PPP header. For now, IP only. 684 */ 685 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 686 if (! m) { 687 if (ifp->if_flags & IFF_DEBUG) 688 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 689 SPP_ARGS(ifp)); 690 ++ifp->if_oerrors; 691 splx (s); 692 return (ENOBUFS); 693 } 694 /* 695 * May want to check size of packet 696 * (albeit due to the implementation it's always enough) 697 */ 698 h = mtod (m, struct ppp_header*); 699 if (sp->pp_flags & PP_CISCO) { 700 h->address = CISCO_UNICAST; /* unicast address */ 701 h->control = 0; 702 } else { 703 h->address = PPP_ALLSTATIONS; /* broadcast address */ 704 h->control = PPP_UI; /* Unnumbered Info */ 705 } 706 707 switch (dst->sa_family) { 708 #ifdef INET 709 case AF_INET: /* Internet Protocol */ 710 if (sp->pp_flags & PP_CISCO) 711 h->protocol = htons (ETHERTYPE_IP); 712 else { 713 /* 714 * Don't choke with an ENETDOWN early. It's 715 * possible that we just started dialing out, 716 * so don't drop the packet immediately. If 717 * we notice that we run out of buffer space 718 * below, we will however remember that we are 719 * not ready to carry IP packets, and return 720 * ENETDOWN, as opposed to ENOBUFS. 721 */ 722 h->protocol = htons(PPP_IP); 723 if (sp->state[IDX_IPCP] != STATE_OPENED) 724 rv = ENETDOWN; 725 } 726 break; 727 #endif 728 #ifdef NS 729 case AF_NS: /* Xerox NS Protocol */ 730 h->protocol = htons ((sp->pp_flags & PP_CISCO) ? 731 ETHERTYPE_NS : PPP_XNS); 732 break; 733 #endif 734 #ifdef IPX 735 case AF_IPX: /* Novell IPX Protocol */ 736 h->protocol = htons ((sp->pp_flags & PP_CISCO) ? 737 ETHERTYPE_IPX : PPP_IPX); 738 break; 739 #endif 740 #ifdef ISO 741 case AF_ISO: /* ISO OSI Protocol */ 742 if (sp->pp_flags & PP_CISCO) 743 goto nosupport; 744 h->protocol = htons (PPP_ISO); 745 break; 746 nosupport: 747 #endif 748 default: 749 m_freem (m); 750 ++ifp->if_oerrors; 751 splx (s); 752 return (EAFNOSUPPORT); 753 } 754 755 /* 756 * Queue message on interface, and start output if interface 757 * not yet active. 758 */ 759 if (IF_QFULL (ifq)) { 760 IF_DROP (&ifp->if_snd); 761 m_freem (m); 762 ++ifp->if_oerrors; 763 splx (s); 764 return (rv? rv: ENOBUFS); 765 } 766 IF_ENQUEUE (ifq, m); 767 if (! (ifp->if_flags & IFF_OACTIVE)) 768 (*ifp->if_start) (ifp); 769 770 /* 771 * Count output packets and bytes. 772 * The packet length includes header, FCS and 1 flag, 773 * according to RFC 1333. 774 */ 775 ifp->if_obytes += m->m_pkthdr.len + 3; 776 splx (s); 777 return (0); 778 } 779 780 void 781 sppp_attach(struct ifnet *ifp) 782 { 783 struct sppp *sp = (struct sppp*) ifp; 784 785 /* Initialize keepalive handler. */ 786 if (! spppq) 787 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 788 keepalive_ch = 789 #endif 790 timeout(sppp_keepalive, 0, hz * 10); 791 792 /* Insert new entry into the keepalive list. */ 793 sp->pp_next = spppq; 794 spppq = sp; 795 796 sp->pp_if.if_type = IFT_PPP; 797 sp->pp_if.if_output = sppp_output; 798 sp->pp_fastq.ifq_maxlen = 32; 799 sp->pp_cpq.ifq_maxlen = 20; 800 sp->pp_loopcnt = 0; 801 sp->pp_alivecnt = 0; 802 sp->pp_seq = 0; 803 sp->pp_rseq = 0; 804 sp->pp_phase = PHASE_DEAD; 805 sp->pp_up = lcp.Up; 806 sp->pp_down = lcp.Down; 807 808 sppp_lcp_init(sp); 809 sppp_ipcp_init(sp); 810 sppp_pap_init(sp); 811 sppp_chap_init(sp); 812 } 813 814 void 815 sppp_detach(struct ifnet *ifp) 816 { 817 struct sppp **q, *p, *sp = (struct sppp*) ifp; 818 int i; 819 820 /* Remove the entry from the keepalive list. */ 821 for (q = &spppq; (p = *q); q = &p->pp_next) 822 if (p == sp) { 823 *q = p->pp_next; 824 break; 825 } 826 827 /* Stop keepalive handler. */ 828 if (! spppq) 829 untimeout(sppp_keepalive, 0 830 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 831 ,keepalive_ch 832 #endif 833 ); 834 835 for (i = 0; i < IDX_COUNT; i++) 836 untimeout((cps[i])->TO, (void *)sp 837 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 838 , sp->ch[i] 839 #endif 840 ); 841 untimeout(sppp_pap_my_TO, (void *)sp 842 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 843 , sp->pap_my_to_ch 844 #endif 845 ); 846 } 847 848 /* 849 * Flush the interface output queue. 850 */ 851 void 852 sppp_flush(struct ifnet *ifp) 853 { 854 struct sppp *sp = (struct sppp*) ifp; 855 856 sppp_qflush (&sp->pp_if.if_snd); 857 sppp_qflush (&sp->pp_fastq); 858 sppp_qflush (&sp->pp_cpq); 859 } 860 861 /* 862 * Check if the output queue is empty. 863 */ 864 int 865 sppp_isempty(struct ifnet *ifp) 866 { 867 struct sppp *sp = (struct sppp*) ifp; 868 int empty, s; 869 870 s = splimp(); 871 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 872 !sp->pp_if.if_snd.ifq_head; 873 splx(s); 874 return (empty); 875 } 876 877 /* 878 * Get next packet to send. 879 */ 880 struct mbuf * 881 sppp_dequeue(struct ifnet *ifp) 882 { 883 struct sppp *sp = (struct sppp*) ifp; 884 struct mbuf *m; 885 int s; 886 887 s = splimp(); 888 /* 889 * Process only the control protocol queue until we have at 890 * least one NCP open. 891 * 892 * Do always serve all three queues in Cisco mode. 893 */ 894 IF_DEQUEUE(&sp->pp_cpq, m); 895 if (m == NULL && 896 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) { 897 IF_DEQUEUE(&sp->pp_fastq, m); 898 if (m == NULL) 899 IF_DEQUEUE (&sp->pp_if.if_snd, m); 900 } 901 splx(s); 902 return m; 903 } 904 905 /* 906 * Pick the next packet, do not remove it from the queue. 907 */ 908 struct mbuf * 909 sppp_pick(struct ifnet *ifp) 910 { 911 struct sppp *sp = (struct sppp*)ifp; 912 struct mbuf *m; 913 int s; 914 915 s= splimp (); 916 917 m = sp->pp_cpq.ifq_head; 918 if (m == NULL && 919 (sp->pp_phase == PHASE_NETWORK || 920 (sp->pp_flags & PP_CISCO) != 0)) 921 if ((m = sp->pp_fastq.ifq_head) == NULL) 922 m = sp->pp_if.if_snd.ifq_head; 923 splx (s); 924 return (m); 925 } 926 927 /* 928 * Process an ioctl request. Called on low priority level. 929 */ 930 int 931 #if defined(__FreeBSD_version) && __FreeBSD_version >= 300003 932 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) 933 #else 934 sppp_ioctl(struct ifnet *ifp, int cmd, void *data) 935 #endif 936 { 937 struct ifreq *ifr = (struct ifreq*) data; 938 struct sppp *sp = (struct sppp*) ifp; 939 int s, rv, going_up, going_down, newmode; 940 941 s = splimp(); 942 rv = 0; 943 switch (cmd) { 944 case SIOCAIFADDR: 945 case SIOCSIFDSTADDR: 946 break; 947 948 case SIOCSIFADDR: 949 if_up(ifp); 950 /* fall through... */ 951 952 case SIOCSIFFLAGS: 953 going_up = ifp->if_flags & IFF_UP && 954 (ifp->if_flags & IFF_RUNNING) == 0; 955 going_down = (ifp->if_flags & IFF_UP) == 0 && 956 ifp->if_flags & IFF_RUNNING; 957 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 958 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 959 /* sanity */ 960 newmode = IFF_PASSIVE; 961 ifp->if_flags &= ~IFF_AUTO; 962 } 963 964 if (going_up || going_down) 965 lcp.Close(sp); 966 if (going_up && newmode == 0) { 967 /* neither auto-dial nor passive */ 968 ifp->if_flags |= IFF_RUNNING; 969 if (!(sp->pp_flags & PP_CISCO)) 970 lcp.Open(sp); 971 } else if (going_down) { 972 sppp_flush(ifp); 973 ifp->if_flags &= ~IFF_RUNNING; 974 } 975 976 break; 977 978 #ifdef SIOCSIFMTU 979 #ifndef ifr_mtu 980 #define ifr_mtu ifr_metric 981 #endif 982 case SIOCSIFMTU: 983 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 984 return (EINVAL); 985 ifp->if_mtu = ifr->ifr_mtu; 986 break; 987 #endif 988 #ifdef SLIOCSETMTU 989 case SLIOCSETMTU: 990 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 991 return (EINVAL); 992 ifp->if_mtu = *(short*)data; 993 break; 994 #endif 995 #ifdef SIOCGIFMTU 996 case SIOCGIFMTU: 997 ifr->ifr_mtu = ifp->if_mtu; 998 break; 999 #endif 1000 #ifdef SLIOCGETMTU 1001 case SLIOCGETMTU: 1002 *(short*)data = ifp->if_mtu; 1003 break; 1004 #endif 1005 case SIOCADDMULTI: 1006 case SIOCDELMULTI: 1007 break; 1008 1009 case SIOCGIFGENERIC: 1010 case SIOCSIFGENERIC: 1011 rv = sppp_params(sp, cmd, data); 1012 break; 1013 1014 default: 1015 rv = ENOTTY; 1016 } 1017 splx(s); 1018 return rv; 1019 } 1020 1021 1022 /* 1024 * Cisco framing implementation. 1025 */ 1026 1027 /* 1028 * Handle incoming Cisco keepalive protocol packets. 1029 */ 1030 static void 1031 sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1032 { 1033 STDDCL; 1034 struct cisco_packet *h; 1035 u_long me, mymask; 1036 1037 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1038 if (debug) 1039 log(LOG_DEBUG, 1040 SPP_FMT "cisco invalid packet length: %d bytes\n", 1041 SPP_ARGS(ifp), m->m_pkthdr.len); 1042 return; 1043 } 1044 h = mtod (m, struct cisco_packet*); 1045 if (debug) 1046 log(LOG_DEBUG, 1047 SPP_FMT "cisco input: %d bytes " 1048 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1049 SPP_ARGS(ifp), m->m_pkthdr.len, 1050 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1051 (u_int)h->time0, (u_int)h->time1); 1052 switch (ntohl (h->type)) { 1053 default: 1054 if (debug) 1055 addlog(SPP_FMT "cisco unknown packet type: 0x%lx\n", 1056 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1057 break; 1058 case CISCO_ADDR_REPLY: 1059 /* Reply on address request, ignore */ 1060 break; 1061 case CISCO_KEEPALIVE_REQ: 1062 sp->pp_alivecnt = 0; 1063 sp->pp_rseq = ntohl (h->par1); 1064 if (sp->pp_seq == sp->pp_rseq) { 1065 /* Local and remote sequence numbers are equal. 1066 * Probably, the line is in loopback mode. */ 1067 if (sp->pp_loopcnt >= MAXALIVECNT) { 1068 printf (SPP_FMT "loopback\n", 1069 SPP_ARGS(ifp)); 1070 sp->pp_loopcnt = 0; 1071 if (ifp->if_flags & IFF_UP) { 1072 if_down (ifp); 1073 sppp_qflush (&sp->pp_cpq); 1074 } 1075 } 1076 ++sp->pp_loopcnt; 1077 1078 /* Generate new local sequence number */ 1079 #if defined(__NetBSD__) || (defined(__FreeBSD__) && __FreeBSD__ >= 3) 1080 sp->pp_seq = random(); 1081 #else 1082 sp->pp_seq ^= time.tv_sec ^ time.tv_usec; 1083 #endif 1084 break; 1085 } 1086 sp->pp_loopcnt = 0; 1087 if (! (ifp->if_flags & IFF_UP) && 1088 (ifp->if_flags & IFF_RUNNING)) { 1089 if_up(ifp); 1090 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1091 } 1092 break; 1093 case CISCO_ADDR_REQ: 1094 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1095 if (me != 0L) 1096 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1097 break; 1098 } 1099 } 1100 1101 /* 1102 * Send Cisco keepalive packet. 1103 */ 1104 static void 1105 sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1106 { 1107 STDDCL; 1108 struct ppp_header *h; 1109 struct cisco_packet *ch; 1110 struct mbuf *m; 1111 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1112 struct timeval tv; 1113 #else 1114 u_long t = (time.tv_sec - boottime.tv_sec) * 1000; 1115 #endif 1116 1117 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1118 getmicrouptime(&tv); 1119 #endif 1120 1121 MGETHDR (m, M_DONTWAIT, MT_DATA); 1122 if (! m) 1123 return; 1124 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1125 m->m_pkthdr.rcvif = 0; 1126 1127 h = mtod (m, struct ppp_header*); 1128 h->address = CISCO_MULTICAST; 1129 h->control = 0; 1130 h->protocol = htons (CISCO_KEEPALIVE); 1131 1132 ch = (struct cisco_packet*) (h + 1); 1133 ch->type = htonl (type); 1134 ch->par1 = htonl (par1); 1135 ch->par2 = htonl (par2); 1136 ch->rel = -1; 1137 1138 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1139 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1140 ch->time1 = htons ((u_short) tv.tv_sec); 1141 #else 1142 ch->time0 = htons ((u_short) (t >> 16)); 1143 ch->time1 = htons ((u_short) t); 1144 #endif 1145 1146 if (debug) 1147 log(LOG_DEBUG, 1148 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1149 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1150 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1151 1152 if (IF_QFULL (&sp->pp_cpq)) { 1153 IF_DROP (&sp->pp_fastq); 1154 IF_DROP (&ifp->if_snd); 1155 m_freem (m); 1156 } else 1157 IF_ENQUEUE (&sp->pp_cpq, m); 1158 if (! (ifp->if_flags & IFF_OACTIVE)) 1159 (*ifp->if_start) (ifp); 1160 ifp->if_obytes += m->m_pkthdr.len + 3; 1161 } 1162 1163 /* 1165 * PPP protocol implementation. 1166 */ 1167 1168 /* 1169 * Send PPP control protocol packet. 1170 */ 1171 static void 1172 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1173 u_char ident, u_short len, void *data) 1174 { 1175 STDDCL; 1176 struct ppp_header *h; 1177 struct lcp_header *lh; 1178 struct mbuf *m; 1179 1180 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1181 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1182 MGETHDR (m, M_DONTWAIT, MT_DATA); 1183 if (! m) 1184 return; 1185 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1186 m->m_pkthdr.rcvif = 0; 1187 1188 h = mtod (m, struct ppp_header*); 1189 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1190 h->control = PPP_UI; /* Unnumbered Info */ 1191 h->protocol = htons (proto); /* Link Control Protocol */ 1192 1193 lh = (struct lcp_header*) (h + 1); 1194 lh->type = type; 1195 lh->ident = ident; 1196 lh->len = htons (LCP_HEADER_LEN + len); 1197 if (len) 1198 bcopy (data, lh+1, len); 1199 1200 if (debug) { 1201 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1202 SPP_ARGS(ifp), 1203 sppp_proto_name(proto), 1204 sppp_cp_type_name (lh->type), lh->ident, 1205 ntohs (lh->len)); 1206 if (len) 1207 sppp_print_bytes ((u_char*) (lh+1), len); 1208 addlog(">\n"); 1209 } 1210 if (IF_QFULL (&sp->pp_cpq)) { 1211 IF_DROP (&sp->pp_fastq); 1212 IF_DROP (&ifp->if_snd); 1213 m_freem (m); 1214 ++ifp->if_oerrors; 1215 } else 1216 IF_ENQUEUE (&sp->pp_cpq, m); 1217 if (! (ifp->if_flags & IFF_OACTIVE)) 1218 (*ifp->if_start) (ifp); 1219 ifp->if_obytes += m->m_pkthdr.len + 3; 1220 } 1221 1222 /* 1223 * Handle incoming PPP control protocol packets. 1224 */ 1225 static void 1226 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1227 { 1228 STDDCL; 1229 struct lcp_header *h; 1230 int len = m->m_pkthdr.len; 1231 int rv; 1232 u_char *p; 1233 1234 if (len < 4) { 1235 if (debug) 1236 log(LOG_DEBUG, 1237 SPP_FMT "%s invalid packet length: %d bytes\n", 1238 SPP_ARGS(ifp), cp->name, len); 1239 return; 1240 } 1241 h = mtod (m, struct lcp_header*); 1242 if (debug) { 1243 log(LOG_DEBUG, 1244 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1245 SPP_ARGS(ifp), cp->name, 1246 sppp_state_name(sp->state[cp->protoidx]), 1247 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1248 if (len > 4) 1249 sppp_print_bytes ((u_char*) (h+1), len-4); 1250 addlog(">\n"); 1251 } 1252 if (len > ntohs (h->len)) 1253 len = ntohs (h->len); 1254 p = (u_char *)(h + 1); 1255 switch (h->type) { 1256 case CONF_REQ: 1257 if (len < 4) { 1258 if (debug) 1259 addlog(SPP_FMT "%s invalid conf-req length %d\n", 1260 SPP_ARGS(ifp), cp->name, 1261 len); 1262 ++ifp->if_ierrors; 1263 break; 1264 } 1265 /* handle states where RCR doesn't get a SCA/SCN */ 1266 switch (sp->state[cp->protoidx]) { 1267 case STATE_CLOSING: 1268 case STATE_STOPPING: 1269 return; 1270 case STATE_CLOSED: 1271 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1272 0, 0); 1273 return; 1274 } 1275 rv = (cp->RCR)(sp, h, len); 1276 switch (sp->state[cp->protoidx]) { 1277 case STATE_OPENED: 1278 (cp->tld)(sp); 1279 (cp->scr)(sp); 1280 /* fall through... */ 1281 case STATE_ACK_SENT: 1282 case STATE_REQ_SENT: 1283 sppp_cp_change_state(cp, sp, rv? 1284 STATE_ACK_SENT: STATE_REQ_SENT); 1285 break; 1286 case STATE_STOPPED: 1287 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1288 (cp->scr)(sp); 1289 sppp_cp_change_state(cp, sp, rv? 1290 STATE_ACK_SENT: STATE_REQ_SENT); 1291 break; 1292 case STATE_ACK_RCVD: 1293 if (rv) { 1294 sppp_cp_change_state(cp, sp, STATE_OPENED); 1295 if (debug) 1296 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1297 SPP_ARGS(ifp), 1298 cp->name); 1299 (cp->tlu)(sp); 1300 } else 1301 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1302 break; 1303 default: 1304 printf(SPP_FMT "%s illegal %s in state %s\n", 1305 SPP_ARGS(ifp), cp->name, 1306 sppp_cp_type_name(h->type), 1307 sppp_state_name(sp->state[cp->protoidx])); 1308 ++ifp->if_ierrors; 1309 } 1310 break; 1311 case CONF_ACK: 1312 if (h->ident != sp->confid[cp->protoidx]) { 1313 if (debug) 1314 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1315 SPP_ARGS(ifp), cp->name, 1316 h->ident, sp->confid[cp->protoidx]); 1317 ++ifp->if_ierrors; 1318 break; 1319 } 1320 switch (sp->state[cp->protoidx]) { 1321 case STATE_CLOSED: 1322 case STATE_STOPPED: 1323 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1324 break; 1325 case STATE_CLOSING: 1326 case STATE_STOPPING: 1327 break; 1328 case STATE_REQ_SENT: 1329 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1330 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1331 break; 1332 case STATE_OPENED: 1333 (cp->tld)(sp); 1334 /* fall through */ 1335 case STATE_ACK_RCVD: 1336 (cp->scr)(sp); 1337 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1338 break; 1339 case STATE_ACK_SENT: 1340 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1341 sppp_cp_change_state(cp, sp, STATE_OPENED); 1342 if (debug) 1343 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1344 SPP_ARGS(ifp), cp->name); 1345 (cp->tlu)(sp); 1346 break; 1347 default: 1348 printf(SPP_FMT "%s illegal %s in state %s\n", 1349 SPP_ARGS(ifp), cp->name, 1350 sppp_cp_type_name(h->type), 1351 sppp_state_name(sp->state[cp->protoidx])); 1352 ++ifp->if_ierrors; 1353 } 1354 break; 1355 case CONF_NAK: 1356 case CONF_REJ: 1357 if (h->ident != sp->confid[cp->protoidx]) { 1358 if (debug) 1359 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1360 SPP_ARGS(ifp), cp->name, 1361 h->ident, sp->confid[cp->protoidx]); 1362 ++ifp->if_ierrors; 1363 break; 1364 } 1365 if (h->type == CONF_NAK) 1366 (cp->RCN_nak)(sp, h, len); 1367 else /* CONF_REJ */ 1368 (cp->RCN_rej)(sp, h, len); 1369 1370 switch (sp->state[cp->protoidx]) { 1371 case STATE_CLOSED: 1372 case STATE_STOPPED: 1373 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1374 break; 1375 case STATE_REQ_SENT: 1376 case STATE_ACK_SENT: 1377 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1378 (cp->scr)(sp); 1379 break; 1380 case STATE_OPENED: 1381 (cp->tld)(sp); 1382 /* fall through */ 1383 case STATE_ACK_RCVD: 1384 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1385 (cp->scr)(sp); 1386 break; 1387 case STATE_CLOSING: 1388 case STATE_STOPPING: 1389 break; 1390 default: 1391 printf(SPP_FMT "%s illegal %s in state %s\n", 1392 SPP_ARGS(ifp), cp->name, 1393 sppp_cp_type_name(h->type), 1394 sppp_state_name(sp->state[cp->protoidx])); 1395 ++ifp->if_ierrors; 1396 } 1397 break; 1398 1399 case TERM_REQ: 1400 switch (sp->state[cp->protoidx]) { 1401 case STATE_ACK_RCVD: 1402 case STATE_ACK_SENT: 1403 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1404 /* fall through */ 1405 case STATE_CLOSED: 1406 case STATE_STOPPED: 1407 case STATE_CLOSING: 1408 case STATE_STOPPING: 1409 case STATE_REQ_SENT: 1410 sta: 1411 /* Send Terminate-Ack packet. */ 1412 if (debug) 1413 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1414 SPP_ARGS(ifp), cp->name); 1415 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1416 break; 1417 case STATE_OPENED: 1418 (cp->tld)(sp); 1419 sp->rst_counter[cp->protoidx] = 0; 1420 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1421 goto sta; 1422 break; 1423 default: 1424 printf(SPP_FMT "%s illegal %s in state %s\n", 1425 SPP_ARGS(ifp), cp->name, 1426 sppp_cp_type_name(h->type), 1427 sppp_state_name(sp->state[cp->protoidx])); 1428 ++ifp->if_ierrors; 1429 } 1430 break; 1431 case TERM_ACK: 1432 switch (sp->state[cp->protoidx]) { 1433 case STATE_CLOSED: 1434 case STATE_STOPPED: 1435 case STATE_REQ_SENT: 1436 case STATE_ACK_SENT: 1437 break; 1438 case STATE_CLOSING: 1439 (cp->tlf)(sp); 1440 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1441 break; 1442 case STATE_STOPPING: 1443 (cp->tlf)(sp); 1444 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1445 break; 1446 case STATE_ACK_RCVD: 1447 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1448 break; 1449 case STATE_OPENED: 1450 (cp->tld)(sp); 1451 (cp->scr)(sp); 1452 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1453 break; 1454 default: 1455 printf(SPP_FMT "%s illegal %s in state %s\n", 1456 SPP_ARGS(ifp), cp->name, 1457 sppp_cp_type_name(h->type), 1458 sppp_state_name(sp->state[cp->protoidx])); 1459 ++ifp->if_ierrors; 1460 } 1461 break; 1462 case CODE_REJ: 1463 case PROTO_REJ: 1464 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1465 log(LOG_INFO, 1466 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1467 "danger will robinson\n", 1468 SPP_ARGS(ifp), cp->name, 1469 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1470 switch (sp->state[cp->protoidx]) { 1471 case STATE_CLOSED: 1472 case STATE_STOPPED: 1473 case STATE_REQ_SENT: 1474 case STATE_ACK_SENT: 1475 case STATE_CLOSING: 1476 case STATE_STOPPING: 1477 case STATE_OPENED: 1478 break; 1479 case STATE_ACK_RCVD: 1480 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1481 break; 1482 default: 1483 printf(SPP_FMT "%s illegal %s in state %s\n", 1484 SPP_ARGS(ifp), cp->name, 1485 sppp_cp_type_name(h->type), 1486 sppp_state_name(sp->state[cp->protoidx])); 1487 ++ifp->if_ierrors; 1488 } 1489 break; 1490 case DISC_REQ: 1491 if (cp->proto != PPP_LCP) 1492 goto illegal; 1493 /* Discard the packet. */ 1494 break; 1495 case ECHO_REQ: 1496 if (cp->proto != PPP_LCP) 1497 goto illegal; 1498 if (sp->state[cp->protoidx] != STATE_OPENED) { 1499 if (debug) 1500 addlog(SPP_FMT "lcp echo req but lcp closed\n", 1501 SPP_ARGS(ifp)); 1502 ++ifp->if_ierrors; 1503 break; 1504 } 1505 if (len < 8) { 1506 if (debug) 1507 addlog(SPP_FMT "invalid lcp echo request " 1508 "packet length: %d bytes\n", 1509 SPP_ARGS(ifp), len); 1510 break; 1511 } 1512 if (ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1513 /* Line loopback mode detected. */ 1514 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1515 if_down (ifp); 1516 sppp_qflush (&sp->pp_cpq); 1517 1518 /* Shut down the PPP link. */ 1519 /* XXX */ 1520 lcp.Down(sp); 1521 lcp.Up(sp); 1522 break; 1523 } 1524 *(long*)(h+1) = htonl (sp->lcp.magic); 1525 if (debug) 1526 addlog(SPP_FMT "got lcp echo req, sending echo rep\n", 1527 SPP_ARGS(ifp)); 1528 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1529 break; 1530 case ECHO_REPLY: 1531 if (cp->proto != PPP_LCP) 1532 goto illegal; 1533 if (h->ident != sp->lcp.echoid) { 1534 ++ifp->if_ierrors; 1535 break; 1536 } 1537 if (len < 8) { 1538 if (debug) 1539 addlog(SPP_FMT "lcp invalid echo reply " 1540 "packet length: %d bytes\n", 1541 SPP_ARGS(ifp), len); 1542 break; 1543 } 1544 if (debug) 1545 addlog(SPP_FMT "lcp got echo rep\n", 1546 SPP_ARGS(ifp)); 1547 if (ntohl (*(long*)(h+1)) != sp->lcp.magic) 1548 sp->pp_alivecnt = 0; 1549 break; 1550 default: 1551 /* Unknown packet type -- send Code-Reject packet. */ 1552 illegal: 1553 if (debug) 1554 addlog(SPP_FMT "%s send code-rej for 0x%x\n", 1555 SPP_ARGS(ifp), cp->name, h->type); 1556 sppp_cp_send(sp, cp->proto, CODE_REJ, ++sp->pp_seq, 1557 m->m_pkthdr.len, h); 1558 ++ifp->if_ierrors; 1559 } 1560 } 1561 1562 1563 /* 1564 * The generic part of all Up/Down/Open/Close/TO event handlers. 1565 * Basically, the state transition handling in the automaton. 1566 */ 1567 static void 1568 sppp_up_event(const struct cp *cp, struct sppp *sp) 1569 { 1570 STDDCL; 1571 1572 if (debug) 1573 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1574 SPP_ARGS(ifp), cp->name, 1575 sppp_state_name(sp->state[cp->protoidx])); 1576 1577 switch (sp->state[cp->protoidx]) { 1578 case STATE_INITIAL: 1579 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1580 break; 1581 case STATE_STARTING: 1582 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1583 (cp->scr)(sp); 1584 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1585 break; 1586 default: 1587 printf(SPP_FMT "%s illegal up in state %s\n", 1588 SPP_ARGS(ifp), cp->name, 1589 sppp_state_name(sp->state[cp->protoidx])); 1590 } 1591 } 1592 1593 static void 1594 sppp_down_event(const struct cp *cp, struct sppp *sp) 1595 { 1596 STDDCL; 1597 1598 if (debug) 1599 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1600 SPP_ARGS(ifp), cp->name, 1601 sppp_state_name(sp->state[cp->protoidx])); 1602 1603 switch (sp->state[cp->protoidx]) { 1604 case STATE_CLOSED: 1605 case STATE_CLOSING: 1606 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1607 break; 1608 case STATE_STOPPED: 1609 (cp->tls)(sp); 1610 /* fall through */ 1611 case STATE_STOPPING: 1612 case STATE_REQ_SENT: 1613 case STATE_ACK_RCVD: 1614 case STATE_ACK_SENT: 1615 sppp_cp_change_state(cp, sp, STATE_STARTING); 1616 break; 1617 case STATE_OPENED: 1618 (cp->tld)(sp); 1619 sppp_cp_change_state(cp, sp, STATE_STARTING); 1620 break; 1621 default: 1622 printf(SPP_FMT "%s illegal down in state %s\n", 1623 SPP_ARGS(ifp), cp->name, 1624 sppp_state_name(sp->state[cp->protoidx])); 1625 } 1626 } 1627 1628 1629 static void 1630 sppp_open_event(const struct cp *cp, struct sppp *sp) 1631 { 1632 STDDCL; 1633 1634 if (debug) 1635 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1636 SPP_ARGS(ifp), cp->name, 1637 sppp_state_name(sp->state[cp->protoidx])); 1638 1639 switch (sp->state[cp->protoidx]) { 1640 case STATE_INITIAL: 1641 (cp->tls)(sp); 1642 sppp_cp_change_state(cp, sp, STATE_STARTING); 1643 break; 1644 case STATE_STARTING: 1645 break; 1646 case STATE_CLOSED: 1647 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1648 (cp->scr)(sp); 1649 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1650 break; 1651 case STATE_STOPPED: 1652 case STATE_STOPPING: 1653 case STATE_REQ_SENT: 1654 case STATE_ACK_RCVD: 1655 case STATE_ACK_SENT: 1656 case STATE_OPENED: 1657 break; 1658 case STATE_CLOSING: 1659 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1660 break; 1661 } 1662 } 1663 1664 1665 static void 1666 sppp_close_event(const struct cp *cp, struct sppp *sp) 1667 { 1668 STDDCL; 1669 1670 if (debug) 1671 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1672 SPP_ARGS(ifp), cp->name, 1673 sppp_state_name(sp->state[cp->protoidx])); 1674 1675 switch (sp->state[cp->protoidx]) { 1676 case STATE_INITIAL: 1677 case STATE_CLOSED: 1678 case STATE_CLOSING: 1679 break; 1680 case STATE_STARTING: 1681 (cp->tlf)(sp); 1682 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1683 break; 1684 case STATE_STOPPED: 1685 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1686 break; 1687 case STATE_STOPPING: 1688 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1689 break; 1690 case STATE_OPENED: 1691 (cp->tld)(sp); 1692 /* fall through */ 1693 case STATE_REQ_SENT: 1694 case STATE_ACK_RCVD: 1695 case STATE_ACK_SENT: 1696 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1697 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0); 1698 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1699 break; 1700 } 1701 } 1702 1703 static void 1704 sppp_to_event(const struct cp *cp, struct sppp *sp) 1705 { 1706 STDDCL; 1707 int s; 1708 1709 s = splimp(); 1710 if (debug) 1711 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 1712 SPP_ARGS(ifp), cp->name, 1713 sppp_state_name(sp->state[cp->protoidx]), 1714 sp->rst_counter[cp->protoidx]); 1715 1716 if (--sp->rst_counter[cp->protoidx] < 0) 1717 /* TO- event */ 1718 switch (sp->state[cp->protoidx]) { 1719 case STATE_CLOSING: 1720 (cp->tlf)(sp); 1721 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1722 break; 1723 case STATE_STOPPING: 1724 (cp->tlf)(sp); 1725 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1726 break; 1727 case STATE_REQ_SENT: 1728 case STATE_ACK_RCVD: 1729 case STATE_ACK_SENT: 1730 (cp->tlf)(sp); 1731 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1732 break; 1733 } 1734 else 1735 /* TO+ event */ 1736 switch (sp->state[cp->protoidx]) { 1737 case STATE_CLOSING: 1738 case STATE_STOPPING: 1739 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 1740 0, 0); 1741 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1742 sp->ch[cp->protoidx] = 1743 #endif 1744 timeout(cp->TO, (void *)sp, sp->lcp.timeout); 1745 break; 1746 case STATE_REQ_SENT: 1747 case STATE_ACK_RCVD: 1748 (cp->scr)(sp); 1749 /* sppp_cp_change_state() will restart the timer */ 1750 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1751 break; 1752 case STATE_ACK_SENT: 1753 (cp->scr)(sp); 1754 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1755 sp->ch[cp->protoidx] = 1756 #endif 1757 timeout(cp->TO, (void *)sp, sp->lcp.timeout); 1758 break; 1759 } 1760 1761 splx(s); 1762 } 1763 1764 /* 1765 * Change the state of a control protocol in the state automaton. 1766 * Takes care of starting/stopping the restart timer. 1767 */ 1768 void 1769 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1770 { 1771 sp->state[cp->protoidx] = newstate; 1772 1773 untimeout(cp->TO, (void *)sp 1774 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1775 , sp->ch[cp->protoidx] 1776 #endif 1777 ); 1778 switch (newstate) { 1779 case STATE_INITIAL: 1780 case STATE_STARTING: 1781 case STATE_CLOSED: 1782 case STATE_STOPPED: 1783 case STATE_OPENED: 1784 break; 1785 case STATE_CLOSING: 1786 case STATE_STOPPING: 1787 case STATE_REQ_SENT: 1788 case STATE_ACK_RCVD: 1789 case STATE_ACK_SENT: 1790 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1791 sp->ch[cp->protoidx] = 1792 #endif 1793 timeout(cp->TO, (void *)sp, sp->lcp.timeout); 1794 break; 1795 } 1796 } 1797 /* 1799 *--------------------------------------------------------------------------* 1800 * * 1801 * The LCP implementation. * 1802 * * 1803 *--------------------------------------------------------------------------* 1804 */ 1805 static void 1806 sppp_lcp_init(struct sppp *sp) 1807 { 1808 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1809 sp->lcp.magic = 0; 1810 sp->state[IDX_LCP] = STATE_INITIAL; 1811 sp->fail_counter[IDX_LCP] = 0; 1812 sp->lcp.protos = 0; 1813 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 1814 1815 /* 1816 * Initialize counters and timeout values. Note that we don't 1817 * use the 3 seconds suggested in RFC 1661 since we are likely 1818 * running on a fast link. XXX We should probably implement 1819 * the exponential backoff option. Note that these values are 1820 * relevant for all control protocols, not just LCP only. 1821 */ 1822 sp->lcp.timeout = 1 * hz; 1823 sp->lcp.max_terminate = 2; 1824 sp->lcp.max_configure = 10; 1825 sp->lcp.max_failure = 10; 1826 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1827 callout_handle_init(&sp->ch[IDX_LCP]); 1828 #endif 1829 } 1830 1831 static void 1832 sppp_lcp_up(struct sppp *sp) 1833 { 1834 STDDCL; 1835 1836 /* 1837 * If this interface is passive or dial-on-demand, and we are 1838 * still in Initial state, it means we've got an incoming 1839 * call. Activate the interface. 1840 */ 1841 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 1842 if (debug) 1843 log(LOG_DEBUG, 1844 SPP_FMT "Up event", SPP_ARGS(ifp)); 1845 ifp->if_flags |= IFF_RUNNING; 1846 if (sp->state[IDX_LCP] == STATE_INITIAL) { 1847 if (debug) 1848 addlog("(incoming call)\n"); 1849 sp->pp_flags |= PP_CALLIN; 1850 lcp.Open(sp); 1851 } else if (debug) 1852 addlog("\n"); 1853 } 1854 1855 sppp_up_event(&lcp, sp); 1856 } 1857 1858 static void 1859 sppp_lcp_down(struct sppp *sp) 1860 { 1861 STDDCL; 1862 1863 sppp_down_event(&lcp, sp); 1864 1865 /* 1866 * If this is neither a dial-on-demand nor a passive 1867 * interface, simulate an ``ifconfig down'' action, so the 1868 * administrator can force a redial by another ``ifconfig 1869 * up''. XXX For leased line operation, should we immediately 1870 * try to reopen the connection here? 1871 */ 1872 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 1873 log(LOG_INFO, 1874 SPP_FMT "Down event (carrier loss), taking interface down.\n", 1875 SPP_ARGS(ifp)); 1876 if_down(ifp); 1877 } else { 1878 if (debug) 1879 log(LOG_DEBUG, 1880 SPP_FMT "Down event (carrier loss)\n", 1881 SPP_ARGS(ifp)); 1882 } 1883 sp->pp_flags &= ~PP_CALLIN; 1884 if (sp->state[IDX_LCP] != STATE_INITIAL) 1885 lcp.Close(sp); 1886 ifp->if_flags &= ~IFF_RUNNING; 1887 } 1888 1889 static void 1890 sppp_lcp_open(struct sppp *sp) 1891 { 1892 /* 1893 * If we are authenticator, negotiate LCP_AUTH 1894 */ 1895 if (sp->hisauth.proto != 0) 1896 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 1897 else 1898 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 1899 sp->pp_flags &= ~PP_NEEDAUTH; 1900 sppp_open_event(&lcp, sp); 1901 } 1902 1903 static void 1904 sppp_lcp_close(struct sppp *sp) 1905 { 1906 sppp_close_event(&lcp, sp); 1907 } 1908 1909 static void 1910 sppp_lcp_TO(void *cookie) 1911 { 1912 sppp_to_event(&lcp, (struct sppp *)cookie); 1913 } 1914 1915 /* 1916 * Analyze a configure request. Return true if it was agreeable, and 1917 * caused action sca, false if it has been rejected or nak'ed, and 1918 * caused action scn. (The return value is used to make the state 1919 * transition decision in the state automaton.) 1920 */ 1921 static int 1922 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 1923 { 1924 STDDCL; 1925 u_char *buf, *r, *p; 1926 int origlen, rlen; 1927 u_long nmagic; 1928 u_short authproto; 1929 1930 len -= 4; 1931 origlen = len; 1932 buf = r = malloc (len, M_TEMP, M_NOWAIT); 1933 if (! buf) 1934 return (0); 1935 1936 if (debug) 1937 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 1938 SPP_ARGS(ifp)); 1939 1940 /* pass 1: check for things that need to be rejected */ 1941 p = (void*) (h+1); 1942 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 1943 if (debug) 1944 addlog(" %s ", sppp_lcp_opt_name(*p)); 1945 switch (*p) { 1946 case LCP_OPT_MAGIC: 1947 /* Magic number. */ 1948 /* fall through, both are same length */ 1949 case LCP_OPT_ASYNC_MAP: 1950 /* Async control character map. */ 1951 if (len >= 6 || p[1] == 6) 1952 continue; 1953 if (debug) 1954 addlog("[invalid] "); 1955 break; 1956 case LCP_OPT_MRU: 1957 /* Maximum receive unit. */ 1958 if (len >= 4 && p[1] == 4) 1959 continue; 1960 if (debug) 1961 addlog("[invalid] "); 1962 break; 1963 case LCP_OPT_AUTH_PROTO: 1964 if (len < 4) { 1965 if (debug) 1966 addlog("[invalid] "); 1967 break; 1968 } 1969 authproto = (p[2] << 8) + p[3]; 1970 if (authproto == PPP_CHAP && p[1] != 5) { 1971 if (debug) 1972 addlog("[invalid chap len] "); 1973 break; 1974 } 1975 if (sp->myauth.proto == 0) { 1976 /* we are not configured to do auth */ 1977 if (debug) 1978 addlog("[not configured] "); 1979 break; 1980 } 1981 /* 1982 * Remote want us to authenticate, remember this, 1983 * so we stay in PHASE_AUTHENTICATE after LCP got 1984 * up. 1985 */ 1986 sp->pp_flags |= PP_NEEDAUTH; 1987 continue; 1988 default: 1989 /* Others not supported. */ 1990 if (debug) 1991 addlog("[rej] "); 1992 break; 1993 } 1994 /* Add the option to rejected list. */ 1995 bcopy (p, r, p[1]); 1996 r += p[1]; 1997 rlen += p[1]; 1998 } 1999 if (rlen) { 2000 if (debug) 2001 addlog(" send conf-rej\n"); 2002 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2003 return 0; 2004 } else if (debug) 2005 addlog("\n"); 2006 2007 /* 2008 * pass 2: check for option values that are unacceptable and 2009 * thus require to be nak'ed. 2010 */ 2011 if (debug) 2012 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2013 SPP_ARGS(ifp)); 2014 2015 p = (void*) (h+1); 2016 len = origlen; 2017 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2018 if (debug) 2019 addlog(" %s ", sppp_lcp_opt_name(*p)); 2020 switch (*p) { 2021 case LCP_OPT_MAGIC: 2022 /* Magic number -- extract. */ 2023 nmagic = (u_long)p[2] << 24 | 2024 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2025 if (nmagic != sp->lcp.magic) { 2026 if (debug) 2027 addlog("0x%lx ", nmagic); 2028 continue; 2029 } 2030 /* 2031 * Local and remote magics equal -- loopback? 2032 */ 2033 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2034 printf (SPP_FMT "loopback\n", 2035 SPP_ARGS(ifp)); 2036 sp->pp_loopcnt = 0; 2037 if (ifp->if_flags & IFF_UP) { 2038 if_down(ifp); 2039 sppp_qflush(&sp->pp_cpq); 2040 /* XXX ? */ 2041 lcp.Down(sp); 2042 lcp.Up(sp); 2043 } 2044 } else if (debug) 2045 addlog("[glitch] "); 2046 ++sp->pp_loopcnt; 2047 /* 2048 * We negate our magic here, and NAK it. If 2049 * we see it later in an NAK packet, we 2050 * suggest a new one. 2051 */ 2052 nmagic = ~sp->lcp.magic; 2053 /* Gonna NAK it. */ 2054 p[2] = nmagic >> 24; 2055 p[3] = nmagic >> 16; 2056 p[4] = nmagic >> 8; 2057 p[5] = nmagic; 2058 break; 2059 2060 case LCP_OPT_ASYNC_MAP: 2061 /* Async control character map -- check to be zero. */ 2062 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) { 2063 if (debug) 2064 addlog("[empty] "); 2065 continue; 2066 } 2067 if (debug) 2068 addlog("[non-empty] "); 2069 /* suggest a zero one */ 2070 p[2] = p[3] = p[4] = p[5] = 0; 2071 break; 2072 2073 case LCP_OPT_MRU: 2074 /* 2075 * Maximum receive unit. Always agreeable, 2076 * but ignored by now. 2077 */ 2078 sp->lcp.their_mru = p[2] * 256 + p[3]; 2079 if (debug) 2080 addlog("%ld ", sp->lcp.their_mru); 2081 continue; 2082 2083 case LCP_OPT_AUTH_PROTO: 2084 authproto = (p[2] << 8) + p[3]; 2085 if (sp->myauth.proto != authproto) { 2086 /* not agreed, nak */ 2087 if (debug) 2088 addlog("[mine %s != his %s] ", 2089 sppp_proto_name(sp->hisauth.proto), 2090 sppp_proto_name(authproto)); 2091 p[2] = sp->myauth.proto >> 8; 2092 p[3] = sp->myauth.proto; 2093 break; 2094 } 2095 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2096 if (debug) 2097 addlog("[chap not MD5] "); 2098 p[4] = CHAP_MD5; 2099 break; 2100 } 2101 continue; 2102 } 2103 /* Add the option to nak'ed list. */ 2104 bcopy (p, r, p[1]); 2105 r += p[1]; 2106 rlen += p[1]; 2107 } 2108 if (rlen) { 2109 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2110 if (debug) 2111 addlog(" max_failure (%d) exceeded, " 2112 "send conf-rej\n", 2113 sp->lcp.max_failure); 2114 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2115 } else { 2116 if (debug) 2117 addlog(" send conf-nak\n"); 2118 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2119 } 2120 return 0; 2121 } else { 2122 if (debug) 2123 addlog(" send conf-ack\n"); 2124 sp->fail_counter[IDX_LCP] = 0; 2125 sp->pp_loopcnt = 0; 2126 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2127 h->ident, origlen, h+1); 2128 } 2129 2130 free (buf, M_TEMP); 2131 return (rlen == 0); 2132 } 2133 2134 /* 2135 * Analyze the LCP Configure-Reject option list, and adjust our 2136 * negotiation. 2137 */ 2138 static void 2139 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2140 { 2141 STDDCL; 2142 u_char *buf, *p; 2143 2144 len -= 4; 2145 buf = malloc (len, M_TEMP, M_NOWAIT); 2146 if (!buf) 2147 return; 2148 2149 if (debug) 2150 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2151 SPP_ARGS(ifp)); 2152 2153 p = (void*) (h+1); 2154 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2155 if (debug) 2156 addlog(" %s ", sppp_lcp_opt_name(*p)); 2157 switch (*p) { 2158 case LCP_OPT_MAGIC: 2159 /* Magic number -- can't use it, use 0 */ 2160 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2161 sp->lcp.magic = 0; 2162 break; 2163 case LCP_OPT_MRU: 2164 /* 2165 * Should not be rejected anyway, since we only 2166 * negotiate a MRU if explicitly requested by 2167 * peer. 2168 */ 2169 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2170 break; 2171 case LCP_OPT_AUTH_PROTO: 2172 /* 2173 * Peer doesn't want to authenticate himself, 2174 * deny unless this is a dialout call, and 2175 * AUTHFLAG_NOCALLOUT is set. 2176 */ 2177 if ((sp->pp_flags & PP_CALLIN) == 0 && 2178 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2179 if (debug) 2180 addlog("[don't insist on auth " 2181 "for callout]"); 2182 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2183 break; 2184 } 2185 if (debug) 2186 addlog("[access denied]\n"); 2187 lcp.Close(sp); 2188 break; 2189 } 2190 } 2191 if (debug) 2192 addlog("\n"); 2193 free (buf, M_TEMP); 2194 return; 2195 } 2196 2197 /* 2198 * Analyze the LCP Configure-NAK option list, and adjust our 2199 * negotiation. 2200 */ 2201 static void 2202 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2203 { 2204 STDDCL; 2205 u_char *buf, *p; 2206 u_long magic; 2207 2208 len -= 4; 2209 buf = malloc (len, M_TEMP, M_NOWAIT); 2210 if (!buf) 2211 return; 2212 2213 if (debug) 2214 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2215 SPP_ARGS(ifp)); 2216 2217 p = (void*) (h+1); 2218 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2219 if (debug) 2220 addlog(" %s ", sppp_lcp_opt_name(*p)); 2221 switch (*p) { 2222 case LCP_OPT_MAGIC: 2223 /* Magic number -- renegotiate */ 2224 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2225 len >= 6 && p[1] == 6) { 2226 magic = (u_long)p[2] << 24 | 2227 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2228 /* 2229 * If the remote magic is our negated one, 2230 * this looks like a loopback problem. 2231 * Suggest a new magic to make sure. 2232 */ 2233 if (magic == ~sp->lcp.magic) { 2234 if (debug) 2235 addlog("magic glitch "); 2236 #if defined(__NetBSD__) || (defined(__FreeBSD__) && __FreeBSD__ >= 3) 2237 sp->lcp.magic = random(); 2238 #else 2239 sp->lcp.magic = time.tv_sec + time.tv_usec; 2240 #endif 2241 } else { 2242 sp->lcp.magic = magic; 2243 if (debug) 2244 addlog("%ld ", magic); 2245 } 2246 } 2247 break; 2248 case LCP_OPT_MRU: 2249 /* 2250 * Peer wants to advise us to negotiate an MRU. 2251 * Agree on it if it's reasonable, or use 2252 * default otherwise. 2253 */ 2254 if (len >= 4 && p[1] == 4) { 2255 u_int mru = p[2] * 256 + p[3]; 2256 if (debug) 2257 addlog("%d ", mru); 2258 if (mru < PP_MTU || mru > PP_MAX_MRU) 2259 mru = PP_MTU; 2260 sp->lcp.mru = mru; 2261 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2262 } 2263 break; 2264 case LCP_OPT_AUTH_PROTO: 2265 /* 2266 * Peer doesn't like our authentication method, 2267 * deny. 2268 */ 2269 if (debug) 2270 addlog("[access denied]\n"); 2271 lcp.Close(sp); 2272 break; 2273 } 2274 } 2275 if (debug) 2276 addlog("\n"); 2277 free (buf, M_TEMP); 2278 return; 2279 } 2280 2281 static void 2282 sppp_lcp_tlu(struct sppp *sp) 2283 { 2284 STDDCL; 2285 int i; 2286 u_long mask; 2287 2288 /* XXX ? */ 2289 if (! (ifp->if_flags & IFF_UP) && 2290 (ifp->if_flags & IFF_RUNNING)) { 2291 /* Coming out of loopback mode. */ 2292 if_up(ifp); 2293 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2294 } 2295 2296 for (i = 0; i < IDX_COUNT; i++) 2297 if ((cps[i])->flags & CP_QUAL) 2298 (cps[i])->Open(sp); 2299 2300 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2301 (sp->pp_flags & PP_NEEDAUTH) != 0) 2302 sp->pp_phase = PHASE_AUTHENTICATE; 2303 else 2304 sp->pp_phase = PHASE_NETWORK; 2305 2306 if(debug) 2307 { 2308 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2309 sppp_phase_name(sp->pp_phase)); 2310 } 2311 2312 /* 2313 * Open all authentication protocols. This is even required 2314 * if we already proceeded to network phase, since it might be 2315 * that remote wants us to authenticate, so we might have to 2316 * send a PAP request. Undesired authentication protocols 2317 * don't do anything when they get an Open event. 2318 */ 2319 for (i = 0; i < IDX_COUNT; i++) 2320 if ((cps[i])->flags & CP_AUTH) 2321 (cps[i])->Open(sp); 2322 2323 if (sp->pp_phase == PHASE_NETWORK) { 2324 /* Notify all NCPs. */ 2325 for (i = 0; i < IDX_COUNT; i++) 2326 if ((cps[i])->flags & CP_NCP) 2327 (cps[i])->Open(sp); 2328 } 2329 2330 /* Send Up events to all started protos. */ 2331 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2332 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) 2333 (cps[i])->Up(sp); 2334 2335 /* notify low-level driver of state change */ 2336 if (sp->pp_chg) 2337 sp->pp_chg(sp, (int)sp->pp_phase); 2338 2339 if (sp->pp_phase == PHASE_NETWORK) 2340 /* if no NCP is starting, close down */ 2341 sppp_lcp_check_and_close(sp); 2342 } 2343 2344 static void 2345 sppp_lcp_tld(struct sppp *sp) 2346 { 2347 STDDCL; 2348 int i; 2349 u_long mask; 2350 2351 sp->pp_phase = PHASE_TERMINATE; 2352 2353 if(debug) 2354 { 2355 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2356 sppp_phase_name(sp->pp_phase)); 2357 } 2358 2359 /* 2360 * Take upper layers down. We send the Down event first and 2361 * the Close second to prevent the upper layers from sending 2362 * ``a flurry of terminate-request packets'', as the RFC 2363 * describes it. 2364 */ 2365 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2366 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) { 2367 (cps[i])->Down(sp); 2368 (cps[i])->Close(sp); 2369 } 2370 } 2371 2372 static void 2373 sppp_lcp_tls(struct sppp *sp) 2374 { 2375 STDDCL; 2376 2377 sp->pp_phase = PHASE_ESTABLISH; 2378 2379 if(debug) 2380 { 2381 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2382 sppp_phase_name(sp->pp_phase)); 2383 } 2384 2385 /* Notify lower layer if desired. */ 2386 if (sp->pp_tls) 2387 (sp->pp_tls)(sp); 2388 } 2389 2390 static void 2391 sppp_lcp_tlf(struct sppp *sp) 2392 { 2393 STDDCL; 2394 2395 sp->pp_phase = PHASE_DEAD; 2396 2397 if(debug) 2398 { 2399 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2400 sppp_phase_name(sp->pp_phase)); 2401 } 2402 2403 /* Notify lower layer if desired. */ 2404 if (sp->pp_tlf) 2405 (sp->pp_tlf)(sp); 2406 } 2407 2408 static void 2409 sppp_lcp_scr(struct sppp *sp) 2410 { 2411 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2412 int i = 0; 2413 u_short authproto; 2414 2415 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2416 if (! sp->lcp.magic) 2417 #if defined(__NetBSD__) || (defined(__FreeBSD__) && __FreeBSD__ >= 3) 2418 sp->lcp.magic = random(); 2419 #else 2420 sp->lcp.magic = time.tv_sec + time.tv_usec; 2421 #endif 2422 opt[i++] = LCP_OPT_MAGIC; 2423 opt[i++] = 6; 2424 opt[i++] = sp->lcp.magic >> 24; 2425 opt[i++] = sp->lcp.magic >> 16; 2426 opt[i++] = sp->lcp.magic >> 8; 2427 opt[i++] = sp->lcp.magic; 2428 } 2429 2430 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2431 opt[i++] = LCP_OPT_MRU; 2432 opt[i++] = 4; 2433 opt[i++] = sp->lcp.mru >> 8; 2434 opt[i++] = sp->lcp.mru; 2435 } 2436 2437 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2438 authproto = sp->hisauth.proto; 2439 opt[i++] = LCP_OPT_AUTH_PROTO; 2440 opt[i++] = authproto == PPP_CHAP? 5: 4; 2441 opt[i++] = authproto >> 8; 2442 opt[i++] = authproto; 2443 if (authproto == PPP_CHAP) 2444 opt[i++] = CHAP_MD5; 2445 } 2446 2447 sp->confid[IDX_LCP] = ++sp->pp_seq; 2448 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2449 } 2450 2451 /* 2452 * Check the open NCPs, return true if at least one NCP is open. 2453 */ 2454 static int 2455 sppp_ncp_check(struct sppp *sp) 2456 { 2457 int i, mask; 2458 2459 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2460 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP) 2461 return 1; 2462 return 0; 2463 } 2464 2465 /* 2466 * Re-check the open NCPs and see if we should terminate the link. 2467 * Called by the NCPs during their tlf action handling. 2468 */ 2469 static void 2470 sppp_lcp_check_and_close(struct sppp *sp) 2471 { 2472 2473 if (sp->pp_phase < PHASE_NETWORK) 2474 /* don't bother, we are already going down */ 2475 return; 2476 2477 if (sppp_ncp_check(sp)) 2478 return; 2479 2480 lcp.Close(sp); 2481 } 2482 /* 2484 *--------------------------------------------------------------------------* 2485 * * 2486 * The IPCP implementation. * 2487 * * 2488 *--------------------------------------------------------------------------* 2489 */ 2490 2491 static void 2492 sppp_ipcp_init(struct sppp *sp) 2493 { 2494 sp->ipcp.opts = 0; 2495 sp->ipcp.flags = 0; 2496 sp->state[IDX_IPCP] = STATE_INITIAL; 2497 sp->fail_counter[IDX_IPCP] = 0; 2498 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 2499 callout_handle_init(&sp->ch[IDX_IPCP]); 2500 #endif 2501 } 2502 2503 static void 2504 sppp_ipcp_up(struct sppp *sp) 2505 { 2506 sppp_up_event(&ipcp, sp); 2507 } 2508 2509 static void 2510 sppp_ipcp_down(struct sppp *sp) 2511 { 2512 sppp_down_event(&ipcp, sp); 2513 } 2514 2515 static void 2516 sppp_ipcp_open(struct sppp *sp) 2517 { 2518 STDDCL; 2519 u_long myaddr, hisaddr; 2520 2521 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN); 2522 2523 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2524 /* 2525 * If we don't have his address, this probably means our 2526 * interface doesn't want to talk IP at all. (This could 2527 * be the case if somebody wants to speak only IPX, for 2528 * example.) Don't open IPCP in this case. 2529 */ 2530 if (hisaddr == 0L) { 2531 /* XXX this message should go away */ 2532 if (debug) 2533 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2534 SPP_ARGS(ifp)); 2535 return; 2536 } 2537 2538 if (myaddr == 0L) { 2539 /* 2540 * I don't have an assigned address, so i need to 2541 * negotiate my address. 2542 */ 2543 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2544 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2545 } else 2546 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2547 sppp_open_event(&ipcp, sp); 2548 } 2549 2550 static void 2551 sppp_ipcp_close(struct sppp *sp) 2552 { 2553 sppp_close_event(&ipcp, sp); 2554 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2555 /* 2556 * My address was dynamic, clear it again. 2557 */ 2558 sppp_set_ip_addr(sp, 0L); 2559 } 2560 2561 static void 2562 sppp_ipcp_TO(void *cookie) 2563 { 2564 sppp_to_event(&ipcp, (struct sppp *)cookie); 2565 } 2566 2567 /* 2568 * Analyze a configure request. Return true if it was agreeable, and 2569 * caused action sca, false if it has been rejected or nak'ed, and 2570 * caused action scn. (The return value is used to make the state 2571 * transition decision in the state automaton.) 2572 */ 2573 static int 2574 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2575 { 2576 u_char *buf, *r, *p; 2577 struct ifnet *ifp = &sp->pp_if; 2578 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2579 u_long hisaddr, desiredaddr; 2580 int gotmyaddr = 0; 2581 2582 len -= 4; 2583 origlen = len; 2584 /* 2585 * Make sure to allocate a buf that can at least hold a 2586 * conf-nak with an `address' option. We might need it below. 2587 */ 2588 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2589 if (! buf) 2590 return (0); 2591 2592 /* pass 1: see if we can recognize them */ 2593 if (debug) 2594 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2595 SPP_ARGS(ifp)); 2596 p = (void*) (h+1); 2597 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2598 if (debug) 2599 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2600 switch (*p) { 2601 #ifdef notyet 2602 case IPCP_OPT_COMPRESSION: 2603 if (len >= 6 && p[1] >= 6) { 2604 /* correctly formed compress option */ 2605 continue; 2606 } 2607 if (debug) 2608 addlog("[invalid] "); 2609 break; 2610 #endif 2611 case IPCP_OPT_ADDRESS: 2612 if (len >= 6 && p[1] == 6) { 2613 /* correctly formed address option */ 2614 continue; 2615 } 2616 if (debug) 2617 addlog("[invalid] "); 2618 break; 2619 default: 2620 /* Others not supported. */ 2621 if (debug) 2622 addlog("[rej] "); 2623 break; 2624 } 2625 /* Add the option to rejected list. */ 2626 bcopy (p, r, p[1]); 2627 r += p[1]; 2628 rlen += p[1]; 2629 } 2630 if (rlen) { 2631 if (debug) 2632 addlog(" send conf-rej\n"); 2633 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2634 return 0; 2635 } else if (debug) 2636 addlog("\n"); 2637 2638 /* pass 2: parse option values */ 2639 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 2640 if (debug) 2641 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2642 SPP_ARGS(ifp)); 2643 p = (void*) (h+1); 2644 len = origlen; 2645 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2646 if (debug) 2647 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2648 switch (*p) { 2649 #ifdef notyet 2650 case IPCP_OPT_COMPRESSION: 2651 continue; 2652 #endif 2653 case IPCP_OPT_ADDRESS: 2654 desiredaddr = p[2] << 24 | p[3] << 16 | 2655 p[4] << 8 | p[5]; 2656 if (!(sp->ipcp.flags & IPCP_MYADDR_SEEN) && 2657 (sp->ipcp.flags & IPCP_MYADDR_DYN)) { 2658 /* 2659 * hopefully this is our address !! 2660 */ 2661 if (debug) 2662 addlog("[wantmyaddr %s] ", 2663 sppp_dotted_quad(desiredaddr)); 2664 /* 2665 * When doing dynamic address assignment, 2666 * we accept his offer. Otherwise, we 2667 * ignore it and thus continue to negotiate 2668 * our already existing value. 2669 */ 2670 sppp_set_ip_addr(sp, desiredaddr); 2671 if (debug) 2672 addlog("[agree] "); 2673 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2674 gotmyaddr++; 2675 continue; 2676 } else { 2677 if (desiredaddr == hisaddr || 2678 (hisaddr == 1 && desiredaddr != 0)) { 2679 /* 2680 * Peer's address is same as our value, 2681 * this is agreeable. Gonna conf-ack 2682 * it. 2683 */ 2684 if (debug) 2685 addlog("%s [ack] ", 2686 sppp_dotted_quad(hisaddr)); 2687 /* record that we've seen it already */ 2688 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2689 continue; 2690 } 2691 /* 2692 * The address wasn't agreeable. This is either 2693 * he sent us 0.0.0.0, asking to assign him an 2694 * address, or he send us another address not 2695 * matching our value. Either case, we gonna 2696 * conf-nak it with our value. 2697 */ 2698 if (debug) { 2699 if (desiredaddr == 0) 2700 addlog("[addr requested] "); 2701 else 2702 addlog("%s [not agreed] ", 2703 sppp_dotted_quad(desiredaddr)); 2704 } 2705 2706 p[2] = hisaddr >> 24; 2707 p[3] = hisaddr >> 16; 2708 p[4] = hisaddr >> 8; 2709 p[5] = hisaddr; 2710 break; 2711 } 2712 } 2713 /* Add the option to nak'ed list. */ 2714 bcopy (p, r, p[1]); 2715 r += p[1]; 2716 rlen += p[1]; 2717 } 2718 2719 /* 2720 * If we are about to conf-ack the request, but haven't seen 2721 * his address so far, gonna conf-nak it instead, with the 2722 * `address' option present and our idea of his address being 2723 * filled in there, to request negotiation of both addresses. 2724 * 2725 * XXX This can result in an endless req - nak loop if peer 2726 * doesn't want to send us his address. Q: What should we do 2727 * about it? XXX A: implement the max-failure counter. 2728 */ 2729 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 2730 buf[0] = IPCP_OPT_ADDRESS; 2731 buf[1] = 6; 2732 buf[2] = hisaddr >> 24; 2733 buf[3] = hisaddr >> 16; 2734 buf[4] = hisaddr >> 8; 2735 buf[5] = hisaddr; 2736 rlen = 6; 2737 if (debug) 2738 addlog("still need hisaddr "); 2739 } 2740 2741 if (rlen) { 2742 if (debug) 2743 addlog(" send conf-nak\n"); 2744 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2745 } else { 2746 if (debug) 2747 addlog(" send conf-ack\n"); 2748 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 2749 h->ident, origlen, h+1); 2750 } 2751 2752 free (buf, M_TEMP); 2753 return (rlen == 0); 2754 } 2755 2756 /* 2757 * Analyze the IPCP Configure-Reject option list, and adjust our 2758 * negotiation. 2759 */ 2760 static void 2761 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2762 { 2763 u_char *buf, *p; 2764 struct ifnet *ifp = &sp->pp_if; 2765 int debug = ifp->if_flags & IFF_DEBUG; 2766 2767 len -= 4; 2768 buf = malloc (len, M_TEMP, M_NOWAIT); 2769 if (!buf) 2770 return; 2771 2772 if (debug) 2773 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 2774 SPP_ARGS(ifp)); 2775 2776 p = (void*) (h+1); 2777 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2778 if (debug) 2779 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2780 switch (*p) { 2781 case IPCP_OPT_ADDRESS: 2782 /* 2783 * Peer doesn't grok address option. This is 2784 * bad. XXX Should we better give up here? 2785 */ 2786 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 2787 break; 2788 #ifdef notyet 2789 case IPCP_OPT_COMPRESS: 2790 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS); 2791 break; 2792 #endif 2793 } 2794 } 2795 if (debug) 2796 addlog("\n"); 2797 free (buf, M_TEMP); 2798 return; 2799 } 2800 2801 /* 2802 * Analyze the IPCP Configure-NAK option list, and adjust our 2803 * negotiation. 2804 */ 2805 static void 2806 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2807 { 2808 u_char *buf, *p; 2809 struct ifnet *ifp = &sp->pp_if; 2810 int debug = ifp->if_flags & IFF_DEBUG; 2811 u_long wantaddr; 2812 2813 len -= 4; 2814 buf = malloc (len, M_TEMP, M_NOWAIT); 2815 if (!buf) 2816 return; 2817 2818 if (debug) 2819 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 2820 SPP_ARGS(ifp)); 2821 2822 p = (void*) (h+1); 2823 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2824 if (debug) 2825 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2826 switch (*p) { 2827 case IPCP_OPT_ADDRESS: 2828 /* 2829 * Peer doesn't like our local IP address. See 2830 * if we can do something for him. We'll drop 2831 * him our address then. 2832 */ 2833 if (len >= 6 && p[1] == 6) { 2834 wantaddr = p[2] << 24 | p[3] << 16 | 2835 p[4] << 8 | p[5]; 2836 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2837 if (debug) 2838 addlog("[wantaddr %s] ", 2839 sppp_dotted_quad(wantaddr)); 2840 /* 2841 * When doing dynamic address assignment, 2842 * we accept his offer. Otherwise, we 2843 * ignore it and thus continue to negotiate 2844 * our already existing value. 2845 */ 2846 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 2847 sppp_set_ip_addr(sp, wantaddr); 2848 if (debug) 2849 addlog("[agree] "); 2850 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2851 } 2852 } 2853 break; 2854 #ifdef notyet 2855 case IPCP_OPT_COMPRESS: 2856 /* 2857 * Peer wants different compression parameters. 2858 */ 2859 break; 2860 #endif 2861 } 2862 } 2863 if (debug) 2864 addlog("\n"); 2865 free (buf, M_TEMP); 2866 return; 2867 } 2868 2869 static void 2870 sppp_ipcp_tlu(struct sppp *sp) 2871 { 2872 /* we are up - notify isdn daemon */ 2873 if (sp->pp_con) 2874 sp->pp_con(sp); 2875 } 2876 2877 static void 2878 sppp_ipcp_tld(struct sppp *sp) 2879 { 2880 } 2881 2882 static void 2883 sppp_ipcp_tls(struct sppp *sp) 2884 { 2885 /* indicate to LCP that it must stay alive */ 2886 sp->lcp.protos |= (1 << IDX_IPCP); 2887 } 2888 2889 static void 2890 sppp_ipcp_tlf(struct sppp *sp) 2891 { 2892 /* we no longer need LCP */ 2893 sp->lcp.protos &= ~(1 << IDX_IPCP); 2894 sppp_lcp_check_and_close(sp); 2895 } 2896 2897 static void 2898 sppp_ipcp_scr(struct sppp *sp) 2899 { 2900 char opt[6 /* compression */ + 6 /* address */]; 2901 u_long ouraddr; 2902 int i = 0; 2903 2904 #ifdef notyet 2905 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 2906 opt[i++] = IPCP_OPT_COMPRESSION; 2907 opt[i++] = 6; 2908 opt[i++] = 0; /* VJ header compression */ 2909 opt[i++] = 0x2d; /* VJ header compression */ 2910 opt[i++] = max_slot_id; 2911 opt[i++] = comp_slot_id; 2912 } 2913 #endif 2914 2915 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 2916 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 2917 opt[i++] = IPCP_OPT_ADDRESS; 2918 opt[i++] = 6; 2919 opt[i++] = ouraddr >> 24; 2920 opt[i++] = ouraddr >> 16; 2921 opt[i++] = ouraddr >> 8; 2922 opt[i++] = ouraddr; 2923 } 2924 2925 sp->confid[IDX_IPCP] = ++sp->pp_seq; 2926 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 2927 } 2928 2929 2930 /* 2932 *--------------------------------------------------------------------------* 2933 * * 2934 * The CHAP implementation. * 2935 * * 2936 *--------------------------------------------------------------------------* 2937 */ 2938 2939 /* 2940 * The authentication protocols don't employ a full-fledged state machine as 2941 * the control protocols do, since they do have Open and Close events, but 2942 * not Up and Down, nor are they explicitly terminated. Also, use of the 2943 * authentication protocols may be different in both directions (this makes 2944 * sense, think of a machine that never accepts incoming calls but only 2945 * calls out, it doesn't require the called party to authenticate itself). 2946 * 2947 * Our state machine for the local authentication protocol (we are requesting 2948 * the peer to authenticate) looks like: 2949 * 2950 * RCA- 2951 * +--------------------------------------------+ 2952 * V scn,tld| 2953 * +--------+ Close +---------+ RCA+ 2954 * | |<----------------------------------| |------+ 2955 * +--->| Closed | TO* | Opened | sca | 2956 * | | |-----+ +-------| |<-----+ 2957 * | +--------+ irc | | +---------+ 2958 * | ^ | | ^ 2959 * | | | | | 2960 * | | | | | 2961 * | TO-| | | | 2962 * | |tld TO+ V | | 2963 * | | +------->+ | | 2964 * | | | | | | 2965 * | +--------+ V | | 2966 * | | |<----+<--------------------+ | 2967 * | | Req- | scr | 2968 * | | Sent | | 2969 * | | | | 2970 * | +--------+ | 2971 * | RCA- | | RCA+ | 2972 * +------+ +------------------------------------------+ 2973 * scn,tld sca,irc,ict,tlu 2974 * 2975 * 2976 * with: 2977 * 2978 * Open: LCP reached authentication phase 2979 * Close: LCP reached terminate phase 2980 * 2981 * RCA+: received reply (pap-req, chap-response), acceptable 2982 * RCN: received reply (pap-req, chap-response), not acceptable 2983 * TO+: timeout with restart counter >= 0 2984 * TO-: timeout with restart counter < 0 2985 * TO*: reschedule timeout for CHAP 2986 * 2987 * scr: send request packet (none for PAP, chap-challenge) 2988 * sca: send ack packet (pap-ack, chap-success) 2989 * scn: send nak packet (pap-nak, chap-failure) 2990 * ict: initialize re-challenge timer (CHAP only) 2991 * 2992 * tlu: this-layer-up, LCP reaches network phase 2993 * tld: this-layer-down, LCP enters terminate phase 2994 * 2995 * Note that in CHAP mode, after sending a new challenge, while the state 2996 * automaton falls back into Req-Sent state, it doesn't signal a tld 2997 * event to LCP, so LCP remains in network phase. Only after not getting 2998 * any response (or after getting an unacceptable response), CHAP closes, 2999 * causing LCP to enter terminate phase. 3000 * 3001 * With PAP, there is no initial request that can be sent. The peer is 3002 * expected to send one based on the successful negotiation of PAP as 3003 * the authentication protocol during the LCP option negotiation. 3004 * 3005 * Incoming authentication protocol requests (remote requests 3006 * authentication, we are peer) don't employ a state machine at all, 3007 * they are simply answered. Some peers [Ascend P50 firmware rev 3008 * 4.50] react allergically when sending IPCP requests while they are 3009 * still in authentication phase (thereby violating the standard that 3010 * demands that these NCP packets are to be discarded), so we keep 3011 * track of the peer demanding us to authenticate, and only proceed to 3012 * phase network once we've seen a positive acknowledge for the 3013 * authentication. 3014 */ 3015 3016 /* 3017 * Handle incoming CHAP packets. 3018 */ 3019 void 3020 sppp_chap_input(struct sppp *sp, struct mbuf *m) 3021 { 3022 STDDCL; 3023 struct lcp_header *h; 3024 int len, x; 3025 u_char *value, *name, digest[AUTHKEYLEN], dsize; 3026 int value_len, name_len; 3027 MD5_CTX ctx; 3028 3029 len = m->m_pkthdr.len; 3030 if (len < 4) { 3031 if (debug) 3032 log(LOG_DEBUG, 3033 SPP_FMT "chap invalid packet length: %d bytes\n", 3034 SPP_ARGS(ifp), len); 3035 return; 3036 } 3037 h = mtod (m, struct lcp_header*); 3038 if (len > ntohs (h->len)) 3039 len = ntohs (h->len); 3040 3041 switch (h->type) { 3042 /* challenge, failure and success are his authproto */ 3043 case CHAP_CHALLENGE: 3044 value = 1 + (u_char*)(h+1); 3045 value_len = value[-1]; 3046 name = value + value_len; 3047 name_len = len - value_len - 5; 3048 if (name_len < 0) { 3049 if (debug) { 3050 log(LOG_DEBUG, 3051 SPP_FMT "chap corrupted challenge " 3052 "<%s id=0x%x len=%d", 3053 SPP_ARGS(ifp), 3054 sppp_auth_type_name(PPP_CHAP, h->type), 3055 h->ident, ntohs(h->len)); 3056 if (len > 4) 3057 sppp_print_bytes((u_char*) (h+1), len-4); 3058 addlog(">\n"); 3059 } 3060 break; 3061 } 3062 3063 if (debug) { 3064 log(LOG_DEBUG, 3065 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3066 SPP_ARGS(ifp), 3067 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3068 ntohs(h->len)); 3069 sppp_print_string((char*) name, name_len); 3070 addlog(" value-size=%d value=", value_len); 3071 sppp_print_bytes(value, value_len); 3072 addlog(">\n"); 3073 } 3074 3075 /* Compute reply value. */ 3076 MD5Init(&ctx); 3077 MD5Update(&ctx, &h->ident, 1); 3078 MD5Update(&ctx, sp->myauth.secret, 3079 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 3080 MD5Update(&ctx, value, value_len); 3081 MD5Final(digest, &ctx); 3082 dsize = sizeof digest; 3083 3084 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3085 sizeof dsize, (const char *)&dsize, 3086 sizeof digest, digest, 3087 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3088 sp->myauth.name, 3089 0); 3090 break; 3091 3092 case CHAP_SUCCESS: 3093 if (debug) { 3094 log(LOG_DEBUG, SPP_FMT "chap success", 3095 SPP_ARGS(ifp)); 3096 if (len > 4) { 3097 addlog(": "); 3098 sppp_print_string((char*)(h + 1), len - 4); 3099 } 3100 addlog("\n"); 3101 } 3102 x = splimp(); 3103 sp->pp_flags &= ~PP_NEEDAUTH; 3104 if (sp->myauth.proto == PPP_CHAP && 3105 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3106 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3107 /* 3108 * We are authenticator for CHAP but didn't 3109 * complete yet. Leave it to tlu to proceed 3110 * to network phase. 3111 */ 3112 splx(x); 3113 break; 3114 } 3115 splx(x); 3116 sppp_phase_network(sp); 3117 break; 3118 3119 case CHAP_FAILURE: 3120 if (debug) { 3121 log(LOG_INFO, SPP_FMT "chap failure", 3122 SPP_ARGS(ifp)); 3123 if (len > 4) { 3124 addlog(": "); 3125 sppp_print_string((char*)(h + 1), len - 4); 3126 } 3127 addlog("\n"); 3128 } else 3129 log(LOG_INFO, SPP_FMT "chap failure\n", 3130 SPP_ARGS(ifp)); 3131 /* await LCP shutdown by authenticator */ 3132 break; 3133 3134 /* response is my authproto */ 3135 case CHAP_RESPONSE: 3136 value = 1 + (u_char*)(h+1); 3137 value_len = value[-1]; 3138 name = value + value_len; 3139 name_len = len - value_len - 5; 3140 if (name_len < 0) { 3141 if (debug) { 3142 log(LOG_DEBUG, 3143 SPP_FMT "chap corrupted response " 3144 "<%s id=0x%x len=%d", 3145 SPP_ARGS(ifp), 3146 sppp_auth_type_name(PPP_CHAP, h->type), 3147 h->ident, ntohs(h->len)); 3148 if (len > 4) 3149 sppp_print_bytes((u_char*)(h+1), len-4); 3150 addlog(">\n"); 3151 } 3152 break; 3153 } 3154 if (h->ident != sp->confid[IDX_CHAP]) { 3155 if (debug) 3156 log(LOG_DEBUG, 3157 SPP_FMT "chap dropping response for old ID " 3158 "(got %d, expected %d)\n", 3159 SPP_ARGS(ifp), 3160 h->ident, sp->confid[IDX_CHAP]); 3161 break; 3162 } 3163 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 3164 || bcmp(name, sp->hisauth.name, name_len) != 0) { 3165 log(LOG_INFO, SPP_FMT "chap response, his name ", 3166 SPP_ARGS(ifp)); 3167 sppp_print_string(name, name_len); 3168 addlog(" != expected "); 3169 sppp_print_string(sp->hisauth.name, 3170 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 3171 addlog("\n"); 3172 } 3173 if (debug) { 3174 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 3175 "<%s id=0x%x len=%d name=", 3176 SPP_ARGS(ifp), 3177 sppp_state_name(sp->state[IDX_CHAP]), 3178 sppp_auth_type_name(PPP_CHAP, h->type), 3179 h->ident, ntohs (h->len)); 3180 sppp_print_string((char*)name, name_len); 3181 addlog(" value-size=%d value=", value_len); 3182 sppp_print_bytes(value, value_len); 3183 addlog(">\n"); 3184 } 3185 if (value_len != AUTHKEYLEN) { 3186 if (debug) 3187 log(LOG_DEBUG, 3188 SPP_FMT "chap bad hash value length: " 3189 "%d bytes, should be %d\n", 3190 SPP_ARGS(ifp), value_len, 3191 AUTHKEYLEN); 3192 break; 3193 } 3194 3195 MD5Init(&ctx); 3196 MD5Update(&ctx, &h->ident, 1); 3197 MD5Update(&ctx, sp->hisauth.secret, 3198 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 3199 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 3200 MD5Final(digest, &ctx); 3201 3202 #define FAILMSG "Failed..." 3203 #define SUCCMSG "Welcome!" 3204 3205 if (value_len != sizeof digest || 3206 bcmp(digest, value, value_len) != 0) { 3207 /* action scn, tld */ 3208 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3209 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3210 0); 3211 chap.tld(sp); 3212 break; 3213 } 3214 /* action sca, perhaps tlu */ 3215 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 3216 sp->state[IDX_CHAP] == STATE_OPENED) 3217 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 3218 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3219 0); 3220 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 3221 sppp_cp_change_state(&chap, sp, STATE_OPENED); 3222 chap.tlu(sp); 3223 } 3224 break; 3225 3226 default: 3227 /* Unknown CHAP packet type -- ignore. */ 3228 if (debug) { 3229 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 3230 "<0x%x id=0x%xh len=%d", 3231 SPP_ARGS(ifp), 3232 sppp_state_name(sp->state[IDX_CHAP]), 3233 h->type, h->ident, ntohs(h->len)); 3234 if (len > 4) 3235 sppp_print_bytes((u_char*)(h+1), len-4); 3236 addlog(">\n"); 3237 } 3238 break; 3239 3240 } 3241 } 3242 3243 static void 3244 sppp_chap_init(struct sppp *sp) 3245 { 3246 /* Chap doesn't have STATE_INITIAL at all. */ 3247 sp->state[IDX_CHAP] = STATE_CLOSED; 3248 sp->fail_counter[IDX_CHAP] = 0; 3249 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3250 callout_handle_init(&sp->ch[IDX_CHAP]); 3251 #endif 3252 } 3253 3254 static void 3255 sppp_chap_open(struct sppp *sp) 3256 { 3257 if (sp->myauth.proto == PPP_CHAP && 3258 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3259 /* we are authenticator for CHAP, start it */ 3260 chap.scr(sp); 3261 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3262 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3263 } 3264 /* nothing to be done if we are peer, await a challenge */ 3265 } 3266 3267 static void 3268 sppp_chap_close(struct sppp *sp) 3269 { 3270 if (sp->state[IDX_CHAP] != STATE_CLOSED) 3271 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3272 } 3273 3274 static void 3275 sppp_chap_TO(void *cookie) 3276 { 3277 struct sppp *sp = (struct sppp *)cookie; 3278 STDDCL; 3279 int s; 3280 3281 s = splimp(); 3282 if (debug) 3283 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 3284 SPP_ARGS(ifp), 3285 sppp_state_name(sp->state[IDX_CHAP]), 3286 sp->rst_counter[IDX_CHAP]); 3287 3288 if (--sp->rst_counter[IDX_CHAP] < 0) 3289 /* TO- event */ 3290 switch (sp->state[IDX_CHAP]) { 3291 case STATE_REQ_SENT: 3292 chap.tld(sp); 3293 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3294 break; 3295 } 3296 else 3297 /* TO+ (or TO*) event */ 3298 switch (sp->state[IDX_CHAP]) { 3299 case STATE_OPENED: 3300 /* TO* event */ 3301 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3302 /* fall through */ 3303 case STATE_REQ_SENT: 3304 chap.scr(sp); 3305 /* sppp_cp_change_state() will restart the timer */ 3306 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3307 break; 3308 } 3309 3310 splx(s); 3311 } 3312 3313 static void 3314 sppp_chap_tlu(struct sppp *sp) 3315 { 3316 STDDCL; 3317 int i, x; 3318 3319 i = 0; 3320 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3321 3322 /* 3323 * Some broken CHAP implementations (Conware CoNet, firmware 3324 * 4.0.?) don't want to re-authenticate their CHAP once the 3325 * initial challenge-response exchange has taken place. 3326 * Provide for an option to avoid rechallenges. 3327 */ 3328 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 3329 /* 3330 * Compute the re-challenge timeout. This will yield 3331 * a number between 300 and 810 seconds. 3332 */ 3333 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 3334 3335 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3336 sp->ch[IDX_CHAP] = 3337 #endif 3338 timeout(chap.TO, (void *)sp, i * hz); 3339 } 3340 3341 if (debug) { 3342 log(LOG_DEBUG, 3343 SPP_FMT "chap %s, ", 3344 SPP_ARGS(ifp), 3345 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 3346 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 3347 addlog("next re-challenge in %d seconds\n", i); 3348 else 3349 addlog("re-challenging supressed\n"); 3350 } 3351 3352 x = splimp(); 3353 /* indicate to LCP that we need to be closed down */ 3354 sp->lcp.protos |= (1 << IDX_CHAP); 3355 3356 if (sp->pp_flags & PP_NEEDAUTH) { 3357 /* 3358 * Remote is authenticator, but his auth proto didn't 3359 * complete yet. Defer the transition to network 3360 * phase. 3361 */ 3362 splx(x); 3363 return; 3364 } 3365 splx(x); 3366 3367 /* 3368 * If we are already in phase network, we are done here. This 3369 * is the case if this is a dummy tlu event after a re-challenge. 3370 */ 3371 if (sp->pp_phase != PHASE_NETWORK) 3372 sppp_phase_network(sp); 3373 } 3374 3375 static void 3376 sppp_chap_tld(struct sppp *sp) 3377 { 3378 STDDCL; 3379 3380 if (debug) 3381 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 3382 untimeout(chap.TO, (void *)sp 3383 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3384 , sp->ch[IDX_CHAP] 3385 #endif 3386 ); 3387 sp->lcp.protos &= ~(1 << IDX_CHAP); 3388 3389 lcp.Close(sp); 3390 } 3391 3392 static void 3393 sppp_chap_scr(struct sppp *sp) 3394 { 3395 struct timeval tv; 3396 u_long *ch, seed; 3397 u_char clen; 3398 3399 /* Compute random challenge. */ 3400 ch = (u_long *)sp->myauth.challenge; 3401 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3402 read_random(&seed, sizeof seed); 3403 #else 3404 microtime(&tv); 3405 seed = tv.tv_sec ^ tv.tv_usec; 3406 #endif 3407 ch[0] = seed ^ random(); 3408 ch[1] = seed ^ random(); 3409 ch[2] = seed ^ random(); 3410 ch[3] = seed ^ random(); 3411 clen = AUTHKEYLEN; 3412 3413 sp->confid[IDX_CHAP] = ++sp->pp_seq; 3414 3415 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 3416 sizeof clen, (const char *)&clen, 3417 (size_t)AUTHKEYLEN, sp->myauth.challenge, 3418 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3419 sp->myauth.name, 3420 0); 3421 } 3422 /* 3424 *--------------------------------------------------------------------------* 3425 * * 3426 * The PAP implementation. * 3427 * * 3428 *--------------------------------------------------------------------------* 3429 */ 3430 /* 3431 * For PAP, we need to keep a little state also if we are the peer, not the 3432 * authenticator. This is since we don't get a request to authenticate, but 3433 * have to repeatedly authenticate ourself until we got a response (or the 3434 * retry counter is expired). 3435 */ 3436 3437 /* 3438 * Handle incoming PAP packets. */ 3439 static void 3440 sppp_pap_input(struct sppp *sp, struct mbuf *m) 3441 { 3442 STDDCL; 3443 struct lcp_header *h; 3444 int len, x; 3445 u_char *name, *passwd, mlen; 3446 int name_len, passwd_len; 3447 3448 len = m->m_pkthdr.len; 3449 if (len < 5) { 3450 if (debug) 3451 log(LOG_DEBUG, 3452 SPP_FMT "pap invalid packet length: %d bytes\n", 3453 SPP_ARGS(ifp), len); 3454 return; 3455 } 3456 h = mtod (m, struct lcp_header*); 3457 if (len > ntohs (h->len)) 3458 len = ntohs (h->len); 3459 switch (h->type) { 3460 /* PAP request is my authproto */ 3461 case PAP_REQ: 3462 name = 1 + (u_char*)(h+1); 3463 name_len = name[-1]; 3464 passwd = name + name_len + 1; 3465 if (name_len > len - 6 || 3466 (passwd_len = passwd[-1]) > len - 6 - name_len) { 3467 if (debug) { 3468 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3469 "<%s id=0x%x len=%d", 3470 SPP_ARGS(ifp), 3471 sppp_auth_type_name(PPP_PAP, h->type), 3472 h->ident, ntohs(h->len)); 3473 if (len > 4) 3474 sppp_print_bytes((u_char*)(h+1), len-4); 3475 addlog(">\n"); 3476 } 3477 break; 3478 } 3479 if (debug) { 3480 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 3481 "<%s id=0x%x len=%d name=", 3482 SPP_ARGS(ifp), 3483 sppp_state_name(sp->state[IDX_PAP]), 3484 sppp_auth_type_name(PPP_PAP, h->type), 3485 h->ident, ntohs(h->len)); 3486 sppp_print_string((char*)name, name_len); 3487 addlog(" passwd="); 3488 sppp_print_string((char*)passwd, passwd_len); 3489 addlog(">\n"); 3490 } 3491 if (name_len > AUTHNAMELEN || 3492 passwd_len > AUTHKEYLEN || 3493 bcmp(name, sp->hisauth.name, name_len) != 0 || 3494 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 3495 /* action scn, tld */ 3496 mlen = sizeof(FAILMSG) - 1; 3497 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 3498 sizeof mlen, (const char *)&mlen, 3499 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3500 0); 3501 pap.tld(sp); 3502 break; 3503 } 3504 /* action sca, perhaps tlu */ 3505 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 3506 sp->state[IDX_PAP] == STATE_OPENED) { 3507 mlen = sizeof(SUCCMSG) - 1; 3508 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 3509 sizeof mlen, (const char *)&mlen, 3510 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3511 0); 3512 } 3513 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 3514 sppp_cp_change_state(&pap, sp, STATE_OPENED); 3515 pap.tlu(sp); 3516 } 3517 break; 3518 3519 /* ack and nak are his authproto */ 3520 case PAP_ACK: 3521 untimeout(sppp_pap_my_TO, (void *)sp 3522 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3523 , sp->pap_my_to_ch 3524 #endif 3525 ); 3526 if (debug) { 3527 log(LOG_DEBUG, SPP_FMT "pap success", 3528 SPP_ARGS(ifp)); 3529 name_len = *((char *)h); 3530 if (len > 5 && name_len) { 3531 addlog(": "); 3532 sppp_print_string((char*)(h+1), name_len); 3533 } 3534 addlog("\n"); 3535 } 3536 x = splimp(); 3537 sp->pp_flags &= ~PP_NEEDAUTH; 3538 if (sp->myauth.proto == PPP_PAP && 3539 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3540 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 3541 /* 3542 * We are authenticator for PAP but didn't 3543 * complete yet. Leave it to tlu to proceed 3544 * to network phase. 3545 */ 3546 splx(x); 3547 break; 3548 } 3549 splx(x); 3550 sppp_phase_network(sp); 3551 break; 3552 3553 case PAP_NAK: 3554 untimeout(sppp_pap_my_TO, (void *)sp 3555 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3556 , sp->pap_my_to_ch 3557 #endif 3558 ); 3559 if (debug) { 3560 log(LOG_INFO, SPP_FMT "pap failure", 3561 SPP_ARGS(ifp)); 3562 name_len = *((char *)h); 3563 if (len > 5 && name_len) { 3564 addlog(": "); 3565 sppp_print_string((char*)(h+1), name_len); 3566 } 3567 addlog("\n"); 3568 } else 3569 log(LOG_INFO, SPP_FMT "pap failure\n", 3570 SPP_ARGS(ifp)); 3571 /* await LCP shutdown by authenticator */ 3572 break; 3573 3574 default: 3575 /* Unknown PAP packet type -- ignore. */ 3576 if (debug) { 3577 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3578 "<0x%x id=0x%x len=%d", 3579 SPP_ARGS(ifp), 3580 h->type, h->ident, ntohs(h->len)); 3581 if (len > 4) 3582 sppp_print_bytes((u_char*)(h+1), len-4); 3583 addlog(">\n"); 3584 } 3585 break; 3586 3587 } 3588 } 3589 3590 static void 3591 sppp_pap_init(struct sppp *sp) 3592 { 3593 /* PAP doesn't have STATE_INITIAL at all. */ 3594 sp->state[IDX_PAP] = STATE_CLOSED; 3595 sp->fail_counter[IDX_PAP] = 0; 3596 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3597 callout_handle_init(&sp->ch[IDX_PAP]); 3598 callout_handle_init(&sp->pap_my_to_ch); 3599 #endif 3600 } 3601 3602 static void 3603 sppp_pap_open(struct sppp *sp) 3604 { 3605 if (sp->hisauth.proto == PPP_PAP && 3606 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3607 /* we are authenticator for PAP, start our timer */ 3608 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3609 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3610 } 3611 if (sp->myauth.proto == PPP_PAP) { 3612 /* we are peer, send a request, and start a timer */ 3613 pap.scr(sp); 3614 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3615 sp->pap_my_to_ch = 3616 #endif 3617 timeout(sppp_pap_my_TO, (void *)sp, sp->lcp.timeout); 3618 } 3619 } 3620 3621 static void 3622 sppp_pap_close(struct sppp *sp) 3623 { 3624 if (sp->state[IDX_PAP] != STATE_CLOSED) 3625 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3626 } 3627 3628 /* 3629 * That's the timeout routine if we are authenticator. Since the 3630 * authenticator is basically passive in PAP, we can't do much here. 3631 */ 3632 static void 3633 sppp_pap_TO(void *cookie) 3634 { 3635 struct sppp *sp = (struct sppp *)cookie; 3636 STDDCL; 3637 int s; 3638 3639 s = splimp(); 3640 if (debug) 3641 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 3642 SPP_ARGS(ifp), 3643 sppp_state_name(sp->state[IDX_PAP]), 3644 sp->rst_counter[IDX_PAP]); 3645 3646 if (--sp->rst_counter[IDX_PAP] < 0) 3647 /* TO- event */ 3648 switch (sp->state[IDX_PAP]) { 3649 case STATE_REQ_SENT: 3650 pap.tld(sp); 3651 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3652 break; 3653 } 3654 else 3655 /* TO+ event, not very much we could do */ 3656 switch (sp->state[IDX_PAP]) { 3657 case STATE_REQ_SENT: 3658 /* sppp_cp_change_state() will restart the timer */ 3659 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3660 break; 3661 } 3662 3663 splx(s); 3664 } 3665 3666 /* 3667 * That's the timeout handler if we are peer. Since the peer is active, 3668 * we need to retransmit our PAP request since it is apparently lost. 3669 * XXX We should impose a max counter. 3670 */ 3671 static void 3672 sppp_pap_my_TO(void *cookie) 3673 { 3674 struct sppp *sp = (struct sppp *)cookie; 3675 STDDCL; 3676 3677 if (debug) 3678 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 3679 SPP_ARGS(ifp)); 3680 3681 pap.scr(sp); 3682 } 3683 3684 static void 3685 sppp_pap_tlu(struct sppp *sp) 3686 { 3687 STDDCL; 3688 int x; 3689 3690 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3691 3692 if (debug) 3693 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 3694 SPP_ARGS(ifp), pap.name); 3695 3696 x = splimp(); 3697 /* indicate to LCP that we need to be closed down */ 3698 sp->lcp.protos |= (1 << IDX_PAP); 3699 3700 if (sp->pp_flags & PP_NEEDAUTH) { 3701 /* 3702 * Remote is authenticator, but his auth proto didn't 3703 * complete yet. Defer the transition to network 3704 * phase. 3705 */ 3706 splx(x); 3707 return; 3708 } 3709 splx(x); 3710 sppp_phase_network(sp); 3711 } 3712 3713 static void 3714 sppp_pap_tld(struct sppp *sp) 3715 { 3716 STDDCL; 3717 3718 if (debug) 3719 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 3720 untimeout(pap.TO, (void *)sp 3721 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3722 , sp->ch[IDX_PAP] 3723 #endif 3724 ); 3725 untimeout(sppp_pap_my_TO, (void *)sp 3726 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3727 , sp->pap_my_to_ch 3728 #endif 3729 ); 3730 sp->lcp.protos &= ~(1 << IDX_PAP); 3731 3732 lcp.Close(sp); 3733 } 3734 3735 static void 3736 sppp_pap_scr(struct sppp *sp) 3737 { 3738 u_char idlen, pwdlen; 3739 3740 sp->confid[IDX_PAP] = ++sp->pp_seq; 3741 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 3742 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 3743 3744 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 3745 sizeof idlen, (const char *)&idlen, 3746 (size_t)idlen, sp->myauth.name, 3747 sizeof pwdlen, (const char *)&pwdlen, 3748 (size_t)pwdlen, sp->myauth.secret, 3749 0); 3750 } 3751 /* 3753 * Random miscellaneous functions. 3754 */ 3755 3756 /* 3757 * Send a PAP or CHAP proto packet. 3758 * 3759 * Varadic function, each of the elements for the ellipsis is of type 3760 * ``size_t mlen, const u_char *msg''. Processing will stop iff 3761 * mlen == 0. 3762 * NOTE: never declare variadic functions with types subject to type 3763 * promotion (i.e. u_char). This is asking for big trouble depending 3764 * on the architecture you are on... 3765 */ 3766 3767 static void 3768 sppp_auth_send(const struct cp *cp, struct sppp *sp, 3769 unsigned int type, unsigned int id, 3770 ...) 3771 { 3772 STDDCL; 3773 struct ppp_header *h; 3774 struct lcp_header *lh; 3775 struct mbuf *m; 3776 u_char *p; 3777 int len; 3778 unsigned int mlen; 3779 const char *msg; 3780 va_list ap; 3781 3782 MGETHDR (m, M_DONTWAIT, MT_DATA); 3783 if (! m) 3784 return; 3785 m->m_pkthdr.rcvif = 0; 3786 3787 h = mtod (m, struct ppp_header*); 3788 h->address = PPP_ALLSTATIONS; /* broadcast address */ 3789 h->control = PPP_UI; /* Unnumbered Info */ 3790 h->protocol = htons(cp->proto); 3791 3792 lh = (struct lcp_header*)(h + 1); 3793 lh->type = type; 3794 lh->ident = id; 3795 p = (u_char*) (lh+1); 3796 3797 va_start(ap, id); 3798 len = 0; 3799 3800 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 3801 msg = va_arg(ap, const char *); 3802 len += mlen; 3803 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 3804 va_end(ap); 3805 m_freem(m); 3806 return; 3807 } 3808 3809 bcopy(msg, p, mlen); 3810 p += mlen; 3811 } 3812 va_end(ap); 3813 3814 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 3815 lh->len = htons (LCP_HEADER_LEN + len); 3816 3817 if (debug) { 3818 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 3819 SPP_ARGS(ifp), cp->name, 3820 sppp_auth_type_name(cp->proto, lh->type), 3821 lh->ident, ntohs(lh->len)); 3822 if (len) 3823 sppp_print_bytes((u_char*) (lh+1), len); 3824 addlog(">\n"); 3825 } 3826 if (IF_QFULL (&sp->pp_cpq)) { 3827 IF_DROP (&sp->pp_fastq); 3828 IF_DROP (&ifp->if_snd); 3829 m_freem (m); 3830 ++ifp->if_oerrors; 3831 } else 3832 IF_ENQUEUE (&sp->pp_cpq, m); 3833 if (! (ifp->if_flags & IFF_OACTIVE)) 3834 (*ifp->if_start) (ifp); 3835 ifp->if_obytes += m->m_pkthdr.len + 3; 3836 } 3837 3838 /* 3839 * Flush interface queue. 3840 */ 3841 static void 3842 sppp_qflush(struct ifqueue *ifq) 3843 { 3844 struct mbuf *m, *n; 3845 3846 n = ifq->ifq_head; 3847 while ((m = n)) { 3848 n = m->m_act; 3849 m_freem (m); 3850 } 3851 ifq->ifq_head = 0; 3852 ifq->ifq_tail = 0; 3853 ifq->ifq_len = 0; 3854 } 3855 3856 /* 3857 * Send keepalive packets, every 10 seconds. 3858 */ 3859 static void 3860 sppp_keepalive(void *dummy) 3861 { 3862 struct sppp *sp; 3863 int s; 3864 3865 s = splimp(); 3866 for (sp=spppq; sp; sp=sp->pp_next) { 3867 struct ifnet *ifp = &sp->pp_if; 3868 3869 /* Keepalive mode disabled or channel down? */ 3870 if (! (sp->pp_flags & PP_KEEPALIVE) || 3871 ! (ifp->if_flags & IFF_RUNNING)) 3872 continue; 3873 3874 /* No keepalive in PPP mode if LCP not opened yet. */ 3875 if (! (sp->pp_flags & PP_CISCO) && 3876 sp->pp_phase < PHASE_AUTHENTICATE) 3877 continue; 3878 3879 if (sp->pp_alivecnt == MAXALIVECNT) { 3880 /* No keepalive packets got. Stop the interface. */ 3881 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 3882 if_down (ifp); 3883 sppp_qflush (&sp->pp_cpq); 3884 if (! (sp->pp_flags & PP_CISCO)) { 3885 /* XXX */ 3886 /* Shut down the PPP link. */ 3887 lcp.Down(sp); 3888 /* Initiate negotiation. XXX */ 3889 lcp.Up(sp); 3890 } 3891 } 3892 if (sp->pp_alivecnt <= MAXALIVECNT) 3893 ++sp->pp_alivecnt; 3894 if (sp->pp_flags & PP_CISCO) 3895 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, ++sp->pp_seq, 3896 sp->pp_rseq); 3897 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 3898 long nmagic = htonl (sp->lcp.magic); 3899 sp->lcp.echoid = ++sp->pp_seq; 3900 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 3901 sp->lcp.echoid, 4, &nmagic); 3902 } 3903 } 3904 splx(s); 3905 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3906 keepalive_ch = 3907 #endif 3908 timeout(sppp_keepalive, 0, hz * 10); 3909 } 3910 3911 /* 3912 * Get both IP addresses. 3913 */ 3914 static void 3915 sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 3916 { 3917 struct ifnet *ifp = &sp->pp_if; 3918 struct ifaddr *ifa; 3919 struct sockaddr_in *si, *sm; 3920 u_long ssrc, ddst; 3921 3922 sm = NULL; 3923 ssrc = ddst = 0L; 3924 /* 3925 * Pick the first AF_INET address from the list, 3926 * aliases don't make any sense on a p2p link anyway. 3927 */ 3928 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3929 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 3930 ifa; 3931 ifa = ifa->ifa_link.tqe_next) 3932 #elif defined(__NetBSD__) || defined (__OpenBSD__) 3933 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 3934 ifa; 3935 ifa = ifa->ifa_list.tqe_next) 3936 #else 3937 for (ifa = ifp->if_addrlist, si = 0; 3938 ifa; 3939 ifa = ifa->ifa_next) 3940 #endif 3941 if (ifa->ifa_addr->sa_family == AF_INET) { 3942 si = (struct sockaddr_in *)ifa->ifa_addr; 3943 sm = (struct sockaddr_in *)ifa->ifa_netmask; 3944 if (si) 3945 break; 3946 } 3947 if (ifa) { 3948 if (si && si->sin_addr.s_addr) { 3949 ssrc = si->sin_addr.s_addr; 3950 if (srcmask) 3951 *srcmask = ntohl(sm->sin_addr.s_addr); 3952 } 3953 3954 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 3955 if (si && si->sin_addr.s_addr) 3956 ddst = si->sin_addr.s_addr; 3957 } 3958 3959 if (dst) *dst = ntohl(ddst); 3960 if (src) *src = ntohl(ssrc); 3961 } 3962 3963 /* 3964 * Set my IP address. Must be called at splimp. 3965 */ 3966 static void 3967 sppp_set_ip_addr(struct sppp *sp, u_long src) 3968 { 3969 STDDCL; 3970 struct ifaddr *ifa; 3971 struct sockaddr_in *si; 3972 3973 /* 3974 * Pick the first AF_INET address from the list, 3975 * aliases don't make any sense on a p2p link anyway. 3976 */ 3977 3978 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3979 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 3980 ifa; 3981 ifa = ifa->ifa_link.tqe_next) 3982 #elif defined(__NetBSD__) || defined (__OpenBSD__) 3983 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 3984 ifa; 3985 ifa = ifa->ifa_list.tqe_next) 3986 #else 3987 for (ifa = ifp->if_addrlist, si = 0; 3988 ifa; 3989 ifa = ifa->ifa_next) 3990 #endif 3991 { 3992 if (ifa->ifa_addr->sa_family == AF_INET) 3993 { 3994 si = (struct sockaddr_in *)ifa->ifa_addr; 3995 if (si) 3996 break; 3997 } 3998 } 3999 4000 if (ifa && si) 4001 { 4002 int error; 4003 #if __NetBSD_Version__ >= 103080000 4004 struct sockaddr_in new_sin = *si; 4005 4006 new_sin.sin_addr.s_addr = htonl(src); 4007 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 4008 if(debug && error) 4009 { 4010 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 4011 " failed, error=%d\n", SPP_ARGS(ifp), error); 4012 } 4013 #else 4014 /* delete old route */ 4015 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4016 if(debug && error) 4017 { 4018 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4019 SPP_ARGS(ifp), error); 4020 } 4021 4022 /* set new address */ 4023 si->sin_addr.s_addr = htonl(src); 4024 4025 /* add new route */ 4026 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4027 if (debug && error) 4028 { 4029 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4030 SPP_ARGS(ifp), error); 4031 } 4032 #endif 4033 } 4034 } 4035 4036 static int 4037 sppp_params(struct sppp *sp, int cmd, void *data) 4038 { 4039 int subcmd; 4040 struct ifreq *ifr = (struct ifreq *)data; 4041 struct spppreq spr; 4042 4043 /* 4044 * ifr->ifr_data is supposed to point to a struct spppreq. 4045 * Check the cmd word first before attempting to fetch all the 4046 * data. 4047 */ 4048 if ((subcmd = fuword(ifr->ifr_data)) == -1) 4049 return EFAULT; 4050 4051 if (copyin((caddr_t)ifr->ifr_data, &spr, sizeof spr) != 0) 4052 return EFAULT; 4053 4054 switch (subcmd) { 4055 case SPPPIOGDEFS: 4056 if (cmd != SIOCGIFGENERIC) 4057 return EINVAL; 4058 /* 4059 * We copy over the entire current state, but clean 4060 * out some of the stuff we don't wanna pass up. 4061 * Remember, SIOCGIFGENERIC is unprotected, and can be 4062 * called by any user. No need to ever get PAP or 4063 * CHAP secrets back to userland anyway. 4064 */ 4065 bcopy(sp, &spr.defs, sizeof(struct sppp)); 4066 bzero(spr.defs.myauth.secret, AUTHKEYLEN); 4067 bzero(spr.defs.myauth.challenge, AUTHKEYLEN); 4068 bzero(spr.defs.hisauth.secret, AUTHKEYLEN); 4069 bzero(spr.defs.hisauth.challenge, AUTHKEYLEN); 4070 return copyout(&spr, (caddr_t)ifr->ifr_data, sizeof spr); 4071 4072 case SPPPIOSDEFS: 4073 if (cmd != SIOCSIFGENERIC) 4074 return EINVAL; 4075 /* 4076 * We have a very specific idea of which fields we allow 4077 * being passed back from userland, so to not clobber our 4078 * current state. For one, we only allow setting 4079 * anything if LCP is in dead phase. Once the LCP 4080 * negotiations started, the authentication settings must 4081 * not be changed again. (The administrator can force an 4082 * ifconfig down in order to get LCP back into dead 4083 * phase.) 4084 * 4085 * Also, we only allow for authentication parameters to be 4086 * specified. 4087 * 4088 * XXX Should allow to set or clear pp_flags. 4089 * 4090 * Finally, if the respective authentication protocol to 4091 * be used is set differently than 0, but the secret is 4092 * passed as all zeros, we don't trash the existing secret. 4093 * This allows an administrator to change the system name 4094 * only without clobbering the secret (which he didn't get 4095 * back in a previous SPPPIOGDEFS call). However, the 4096 * secrets are cleared if the authentication protocol is 4097 * reset to 0. 4098 */ 4099 if (sp->pp_phase != PHASE_DEAD) 4100 return EBUSY; 4101 4102 if ((spr.defs.myauth.proto != 0 && spr.defs.myauth.proto != PPP_PAP && 4103 spr.defs.myauth.proto != PPP_CHAP) || 4104 (spr.defs.hisauth.proto != 0 && spr.defs.hisauth.proto != PPP_PAP && 4105 spr.defs.hisauth.proto != PPP_CHAP)) 4106 return EINVAL; 4107 4108 if (spr.defs.myauth.proto == 0) 4109 /* resetting myauth */ 4110 bzero(&sp->myauth, sizeof sp->myauth); 4111 else { 4112 /* setting/changing myauth */ 4113 sp->myauth.proto = spr.defs.myauth.proto; 4114 bcopy(spr.defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 4115 if (spr.defs.myauth.secret[0] != '\0') 4116 bcopy(spr.defs.myauth.secret, sp->myauth.secret, 4117 AUTHKEYLEN); 4118 } 4119 if (spr.defs.hisauth.proto == 0) 4120 /* resetting hisauth */ 4121 bzero(&sp->hisauth, sizeof sp->hisauth); 4122 else { 4123 /* setting/changing hisauth */ 4124 sp->hisauth.proto = spr.defs.hisauth.proto; 4125 sp->hisauth.flags = spr.defs.hisauth.flags; 4126 bcopy(spr.defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 4127 if (spr.defs.hisauth.secret[0] != '\0') 4128 bcopy(spr.defs.hisauth.secret, sp->hisauth.secret, 4129 AUTHKEYLEN); 4130 } 4131 break; 4132 4133 default: 4134 return EINVAL; 4135 } 4136 4137 return 0; 4138 } 4139 4140 static void 4141 sppp_phase_network(struct sppp *sp) 4142 { 4143 STDDCL; 4144 int i; 4145 u_long mask; 4146 4147 sp->pp_phase = PHASE_NETWORK; 4148 4149 if(debug) 4150 { 4151 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 4152 sppp_phase_name(sp->pp_phase)); 4153 } 4154 4155 /* Notify NCPs now. */ 4156 for (i = 0; i < IDX_COUNT; i++) 4157 if ((cps[i])->flags & CP_NCP) 4158 (cps[i])->Open(sp); 4159 4160 /* Send Up events to all NCPs. */ 4161 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 4162 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP)) 4163 (cps[i])->Up(sp); 4164 4165 /* if no NCP is starting, all this was in vain, close down */ 4166 sppp_lcp_check_and_close(sp); 4167 } 4168 4169 4170 static const char * 4171 sppp_cp_type_name(u_char type) 4172 { 4173 static char buf[12]; 4174 switch (type) { 4175 case CONF_REQ: return "conf-req"; 4176 case CONF_ACK: return "conf-ack"; 4177 case CONF_NAK: return "conf-nak"; 4178 case CONF_REJ: return "conf-rej"; 4179 case TERM_REQ: return "term-req"; 4180 case TERM_ACK: return "term-ack"; 4181 case CODE_REJ: return "code-rej"; 4182 case PROTO_REJ: return "proto-rej"; 4183 case ECHO_REQ: return "echo-req"; 4184 case ECHO_REPLY: return "echo-reply"; 4185 case DISC_REQ: return "discard-req"; 4186 } 4187 sprintf (buf, "0x%x", type); 4188 return buf; 4189 } 4190 4191 static const char * 4192 sppp_auth_type_name(u_short proto, u_char type) 4193 { 4194 static char buf[12]; 4195 switch (proto) { 4196 case PPP_CHAP: 4197 switch (type) { 4198 case CHAP_CHALLENGE: return "challenge"; 4199 case CHAP_RESPONSE: return "response"; 4200 case CHAP_SUCCESS: return "success"; 4201 case CHAP_FAILURE: return "failure"; 4202 } 4203 case PPP_PAP: 4204 switch (type) { 4205 case PAP_REQ: return "req"; 4206 case PAP_ACK: return "ack"; 4207 case PAP_NAK: return "nak"; 4208 } 4209 } 4210 sprintf (buf, "0x%x", type); 4211 return buf; 4212 } 4213 4214 static const char * 4215 sppp_lcp_opt_name(u_char opt) 4216 { 4217 static char buf[12]; 4218 switch (opt) { 4219 case LCP_OPT_MRU: return "mru"; 4220 case LCP_OPT_ASYNC_MAP: return "async-map"; 4221 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 4222 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 4223 case LCP_OPT_MAGIC: return "magic"; 4224 case LCP_OPT_PROTO_COMP: return "proto-comp"; 4225 case LCP_OPT_ADDR_COMP: return "addr-comp"; 4226 } 4227 sprintf (buf, "0x%x", opt); 4228 return buf; 4229 } 4230 4231 static const char * 4232 sppp_ipcp_opt_name(u_char opt) 4233 { 4234 static char buf[12]; 4235 switch (opt) { 4236 case IPCP_OPT_ADDRESSES: return "addresses"; 4237 case IPCP_OPT_COMPRESSION: return "compression"; 4238 case IPCP_OPT_ADDRESS: return "address"; 4239 } 4240 sprintf (buf, "0x%x", opt); 4241 return buf; 4242 } 4243 4244 static const char * 4245 sppp_state_name(int state) 4246 { 4247 switch (state) { 4248 case STATE_INITIAL: return "initial"; 4249 case STATE_STARTING: return "starting"; 4250 case STATE_CLOSED: return "closed"; 4251 case STATE_STOPPED: return "stopped"; 4252 case STATE_CLOSING: return "closing"; 4253 case STATE_STOPPING: return "stopping"; 4254 case STATE_REQ_SENT: return "req-sent"; 4255 case STATE_ACK_RCVD: return "ack-rcvd"; 4256 case STATE_ACK_SENT: return "ack-sent"; 4257 case STATE_OPENED: return "opened"; 4258 } 4259 return "illegal"; 4260 } 4261 4262 static const char * 4263 sppp_phase_name(enum ppp_phase phase) 4264 { 4265 switch (phase) { 4266 case PHASE_DEAD: return "dead"; 4267 case PHASE_ESTABLISH: return "establish"; 4268 case PHASE_TERMINATE: return "terminate"; 4269 case PHASE_AUTHENTICATE: return "authenticate"; 4270 case PHASE_NETWORK: return "network"; 4271 } 4272 return "illegal"; 4273 } 4274 4275 static const char * 4276 sppp_proto_name(u_short proto) 4277 { 4278 static char buf[12]; 4279 switch (proto) { 4280 case PPP_LCP: return "lcp"; 4281 case PPP_IPCP: return "ipcp"; 4282 case PPP_PAP: return "pap"; 4283 case PPP_CHAP: return "chap"; 4284 } 4285 sprintf(buf, "0x%x", (unsigned)proto); 4286 return buf; 4287 } 4288 4289 static void 4290 sppp_print_bytes(const u_char *p, u_short len) 4291 { 4292 addlog(" %02x", *p++); 4293 while (--len > 0) 4294 addlog("-%02x", *p++); 4295 } 4296 4297 static void 4298 sppp_print_string(const char *p, u_short len) 4299 { 4300 u_char c; 4301 4302 while (len-- > 0) { 4303 c = *p++; 4304 /* 4305 * Print only ASCII chars directly. RFC 1994 recommends 4306 * using only them, but we don't rely on it. */ 4307 if (c < ' ' || c > '~') 4308 addlog("\\x%x", c); 4309 else 4310 addlog("%c", c); 4311 } 4312 } 4313 4314 static const char * 4315 sppp_dotted_quad(u_long addr) 4316 { 4317 static char s[16]; 4318 sprintf(s, "%d.%d.%d.%d", 4319 (int)((addr >> 24) & 0xff), 4320 (int)((addr >> 16) & 0xff), 4321 (int)((addr >> 8) & 0xff), 4322 (int)(addr & 0xff)); 4323 return s; 4324 } 4325 4326 static int 4327 sppp_strnlen(u_char *p, int max) 4328 { 4329 int len; 4330 4331 for (len = 0; len < max && *p; ++p) 4332 ++len; 4333 return len; 4334 } 4335 4336 /* a dummy, used to drop uninteresting events */ 4337 static void 4338 sppp_null(struct sppp *unused) 4339 { 4340 /* do just nothing */ 4341 } 4342 /* 4343 * This file is large. Tell emacs to highlight it nevertheless. 4344 * 4345 * Local Variables: 4346 * hilit-auto-highlight-maxout: 120000 4347 * End: 4348 */ 4349
Indexes created Fri Sep 26 08:10:20 GMT 2025