if_spppsubr.c revision 1.4
1 /* $NetBSD: if_spppsubr.c,v 1.4 1999/04/04 06:57:03 explorer Exp $ */ 2 3 /* 4 * Synchronous PPP/Cisco link level subroutines. 5 * Keepalive protocol implemented in both Cisco and PPP modes. 6 * 7 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 8 * Author: Serge Vakulenko, <vak (at) cronyx.ru> 9 * 10 * Heavily revamped to conform to RFC 1661. 11 * Copyright (C) 1997, Joerg Wunsch. 12 * 13 * This software is distributed with NO WARRANTIES, not even the implied 14 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 15 * 16 * Authors grant any other persons or organisations permission to use 17 * or modify this software as long as this message is kept with the software, 18 * all derivative works or modified versions. 19 * 20 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 21 * 22 * From: if_spppsubr.c,v 1.39 1998/04/04 13:26:03 phk Exp 23 * 24 * From: Id: if_spppsubr.c,v 1.23 1999/02/23 14:47:50 hm Exp 25 */ 26 27 #if defined(__NetBSD__) || (defined(__FreeBSD__) && __FreeBSD__ >= 3) 28 #include "opt_inet.h" 29 #include "opt_ipx.h" 30 #include "opt_iso.h" 31 #include "opt_ns.h" 32 #endif 33 34 #include <sys/param.h> 35 36 #include <sys/systm.h> 37 #include <sys/kernel.h> 38 #include <sys/sockio.h> 39 #include <sys/socket.h> 40 #include <sys/syslog.h> 41 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 42 #include <machine/random.h> 43 #endif 44 #include <sys/malloc.h> 45 #include <sys/mbuf.h> 46 47 #if defined (__OpenBSD__) 48 #include <sys/md5k.h> 49 #else 50 #include <sys/md5.h> 51 #endif 52 53 #include <net/if.h> 54 #include <net/netisr.h> 55 #include <net/if_types.h> 56 #include <net/route.h> 57 58 #include <machine/stdarg.h> 59 60 #ifdef INET 61 #include <netinet/in.h> 62 #include <netinet/in_systm.h> 63 #include <netinet/in_var.h> 64 #include <netinet/ip.h> 65 #include <netinet/tcp.h> 66 #if defined (__FreeBSD__) || defined (__OpenBSD__) 67 #include <netinet/if_ether.h> 68 #else 69 #include <net/ethertypes.h> 70 #endif 71 #else 72 #error Huh? sppp without INET? 73 #endif 74 75 #ifdef IPX 76 #include <netipx/ipx.h> 77 #include <netipx/ipx_if.h> 78 #endif 79 80 #ifdef NS 81 #include <netns/ns.h> 82 #include <netns/ns_if.h> 83 #endif 84 85 #ifdef ISO 86 #include <netiso/argo_debug.h> 87 #include <netiso/iso.h> 88 #include <netiso/iso_var.h> 89 #include <netiso/iso_snpac.h> 90 #endif 91 92 #if defined(__FreeBSD__) || defined(__NetBSD__) 93 #include <net/if_sppp.h> 94 #else 95 #include <i4b/sppp/if_sppp.h> 96 #endif 97 #if defined(__NetBSD__) || defined (__OpenBSD__) 98 #include <machine/cpu.h> /* XXX for softnet */ 99 #endif 100 101 #define MAXALIVECNT 3 /* max. alive packets */ 102 103 /* 104 * Interface flags that can be set in an ifconfig command. 105 * 106 * Setting link0 will make the link passive, i.e. it will be marked 107 * as being administrative openable, but won't be opened to begin 108 * with. Incoming calls will be answered, or subsequent calls with 109 * -link1 will cause the administrative open of the LCP layer. 110 * 111 * Setting link1 will cause the link to auto-dial only as packets 112 * arrive to be sent. 113 * 114 * Setting IFF_DEBUG will syslog the option negotiation and state 115 * transitions at level kern.debug. Note: all logs consistently look 116 * like 117 * 118 * <if-name><unit>: <proto-name> <additional info...> 119 * 120 * with <if-name><unit> being something like "bppp0", and <proto-name> 121 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 122 */ 123 124 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 125 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 126 127 #define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 128 #define PPP_UI 0x03 /* Unnumbered Information */ 129 #define PPP_IP 0x0021 /* Internet Protocol */ 130 #define PPP_ISO 0x0023 /* ISO OSI Protocol */ 131 #define PPP_XNS 0x0025 /* Xerox NS Protocol */ 132 #define PPP_IPX 0x002b /* Novell IPX Protocol */ 133 #define PPP_LCP 0xc021 /* Link Control Protocol */ 134 #define PPP_PAP 0xc023 /* Password Authentication Protocol */ 135 #define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 136 #define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 137 138 #define CONF_REQ 1 /* PPP configure request */ 139 #define CONF_ACK 2 /* PPP configure acknowledge */ 140 #define CONF_NAK 3 /* PPP configure negative ack */ 141 #define CONF_REJ 4 /* PPP configure reject */ 142 #define TERM_REQ 5 /* PPP terminate request */ 143 #define TERM_ACK 6 /* PPP terminate acknowledge */ 144 #define CODE_REJ 7 /* PPP code reject */ 145 #define PROTO_REJ 8 /* PPP protocol reject */ 146 #define ECHO_REQ 9 /* PPP echo request */ 147 #define ECHO_REPLY 10 /* PPP echo reply */ 148 #define DISC_REQ 11 /* PPP discard request */ 149 150 #define LCP_OPT_MRU 1 /* maximum receive unit */ 151 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 152 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 153 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 154 #define LCP_OPT_MAGIC 5 /* magic number */ 155 #define LCP_OPT_RESERVED 6 /* reserved */ 156 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 157 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 158 159 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 160 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 161 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 162 163 #define PAP_REQ 1 /* PAP name/password request */ 164 #define PAP_ACK 2 /* PAP acknowledge */ 165 #define PAP_NAK 3 /* PAP fail */ 166 167 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 168 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 169 #define CHAP_SUCCESS 3 /* CHAP response ok */ 170 #define CHAP_FAILURE 4 /* CHAP response failed */ 171 172 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 173 174 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 175 #define CISCO_UNICAST 0x0f /* Cisco unicast address */ 176 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 177 #define CISCO_ADDR_REQ 0 /* Cisco address request */ 178 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 179 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 180 181 /* states are named and numbered according to RFC 1661 */ 182 #define STATE_INITIAL 0 183 #define STATE_STARTING 1 184 #define STATE_CLOSED 2 185 #define STATE_STOPPED 3 186 #define STATE_CLOSING 4 187 #define STATE_STOPPING 5 188 #define STATE_REQ_SENT 6 189 #define STATE_ACK_RCVD 7 190 #define STATE_ACK_SENT 8 191 #define STATE_OPENED 9 192 193 struct ppp_header { 194 u_char address; 195 u_char control; 196 u_short protocol; 197 }; 198 #define PPP_HEADER_LEN sizeof (struct ppp_header) 199 200 struct lcp_header { 201 u_char type; 202 u_char ident; 203 u_short len; 204 }; 205 #define LCP_HEADER_LEN sizeof (struct lcp_header) 206 207 struct cisco_packet { 208 u_long type; 209 u_long par1; 210 u_long par2; 211 u_short rel; 212 u_short time0; 213 u_short time1; 214 }; 215 #define CISCO_PACKET_LEN 18 216 217 /* 218 * We follow the spelling and capitalization of RFC 1661 here, to make 219 * it easier comparing with the standard. Please refer to this RFC in 220 * case you can't make sense out of these abbreviation; it will also 221 * explain the semantics related to the various events and actions. 222 */ 223 struct cp { 224 u_short proto; /* PPP control protocol number */ 225 u_char protoidx; /* index into state table in struct sppp */ 226 u_char flags; 227 #define CP_LCP 0x01 /* this is the LCP */ 228 #define CP_AUTH 0x02 /* this is an authentication protocol */ 229 #define CP_NCP 0x04 /* this is a NCP */ 230 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 231 const char *name; /* name of this control protocol */ 232 /* event handlers */ 233 void (*Up)(struct sppp *sp); 234 void (*Down)(struct sppp *sp); 235 void (*Open)(struct sppp *sp); 236 void (*Close)(struct sppp *sp); 237 void (*TO)(void *sp); 238 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 239 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 240 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 241 /* actions */ 242 void (*tlu)(struct sppp *sp); 243 void (*tld)(struct sppp *sp); 244 void (*tls)(struct sppp *sp); 245 void (*tlf)(struct sppp *sp); 246 void (*scr)(struct sppp *sp); 247 }; 248 249 static struct sppp *spppq; 250 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 251 static struct callout_handle keepalive_ch; 252 #endif 253 254 #ifdef __FreeBSD__ 255 #define SPP_FMT "%s%d: " 256 #define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 257 #else 258 #define SPP_FMT "%s: " 259 #define SPP_ARGS(ifp) (ifp)->if_xname 260 #endif 261 262 /* 263 * The following disgusting hack gets around the problem that IP TOS 264 * can't be set yet. We want to put "interactive" traffic on a high 265 * priority queue. To decide if traffic is interactive, we check that 266 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 267 * 268 * XXX is this really still necessary? - joerg - 269 */ 270 static u_short interactive_ports[8] = { 271 0, 513, 0, 0, 272 0, 21, 0, 23, 273 }; 274 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 275 276 /* almost every function needs these */ 277 #define STDDCL \ 278 struct ifnet *ifp = &sp->pp_if; \ 279 int debug = ifp->if_flags & IFF_DEBUG 280 281 static int sppp_output(struct ifnet *ifp, struct mbuf *m, 282 struct sockaddr *dst, struct rtentry *rt); 283 284 static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 285 static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 286 287 static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 288 struct mbuf *m); 289 static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 290 u_char ident, u_short len, void *data); 291 /* static void sppp_cp_timeout(void *arg); */ 292 static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 293 int newstate); 294 static void sppp_auth_send(const struct cp *cp, 295 struct sppp *sp, unsigned int type, unsigned int id, 296 ...); 297 298 static void sppp_up_event(const struct cp *cp, struct sppp *sp); 299 static void sppp_down_event(const struct cp *cp, struct sppp *sp); 300 static void sppp_open_event(const struct cp *cp, struct sppp *sp); 301 static void sppp_close_event(const struct cp *cp, struct sppp *sp); 302 static void sppp_to_event(const struct cp *cp, struct sppp *sp); 303 304 static void sppp_null(struct sppp *sp); 305 306 static void sppp_lcp_init(struct sppp *sp); 307 static void sppp_lcp_up(struct sppp *sp); 308 static void sppp_lcp_down(struct sppp *sp); 309 static void sppp_lcp_open(struct sppp *sp); 310 static void sppp_lcp_close(struct sppp *sp); 311 static void sppp_lcp_TO(void *sp); 312 static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 313 static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 314 static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 315 static void sppp_lcp_tlu(struct sppp *sp); 316 static void sppp_lcp_tld(struct sppp *sp); 317 static void sppp_lcp_tls(struct sppp *sp); 318 static void sppp_lcp_tlf(struct sppp *sp); 319 static void sppp_lcp_scr(struct sppp *sp); 320 static void sppp_lcp_check_and_close(struct sppp *sp); 321 static int sppp_ncp_check(struct sppp *sp); 322 323 static void sppp_ipcp_init(struct sppp *sp); 324 static void sppp_ipcp_up(struct sppp *sp); 325 static void sppp_ipcp_down(struct sppp *sp); 326 static void sppp_ipcp_open(struct sppp *sp); 327 static void sppp_ipcp_close(struct sppp *sp); 328 static void sppp_ipcp_TO(void *sp); 329 static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 330 static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 331 static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 332 static void sppp_ipcp_tlu(struct sppp *sp); 333 static void sppp_ipcp_tld(struct sppp *sp); 334 static void sppp_ipcp_tls(struct sppp *sp); 335 static void sppp_ipcp_tlf(struct sppp *sp); 336 static void sppp_ipcp_scr(struct sppp *sp); 337 338 static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 339 static void sppp_pap_init(struct sppp *sp); 340 static void sppp_pap_open(struct sppp *sp); 341 static void sppp_pap_close(struct sppp *sp); 342 static void sppp_pap_TO(void *sp); 343 static void sppp_pap_my_TO(void *sp); 344 static void sppp_pap_tlu(struct sppp *sp); 345 static void sppp_pap_tld(struct sppp *sp); 346 static void sppp_pap_scr(struct sppp *sp); 347 348 static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 349 static void sppp_chap_init(struct sppp *sp); 350 static void sppp_chap_open(struct sppp *sp); 351 static void sppp_chap_close(struct sppp *sp); 352 static void sppp_chap_TO(void *sp); 353 static void sppp_chap_tlu(struct sppp *sp); 354 static void sppp_chap_tld(struct sppp *sp); 355 static void sppp_chap_scr(struct sppp *sp); 356 357 static const char *sppp_auth_type_name(u_short proto, u_char type); 358 static const char *sppp_cp_type_name(u_char type); 359 static const char *sppp_dotted_quad(u_long addr); 360 static const char *sppp_ipcp_opt_name(u_char opt); 361 static const char *sppp_lcp_opt_name(u_char opt); 362 static const char *sppp_phase_name(enum ppp_phase phase); 363 static const char *sppp_proto_name(u_short proto); 364 static const char *sppp_state_name(int state); 365 static int sppp_params(struct sppp *sp, int cmd, void *data); 366 static int sppp_strnlen(u_char *p, int max); 367 static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 368 u_long *srcmask); 369 static void sppp_keepalive(void *dummy); 370 static void sppp_phase_network(struct sppp *sp); 371 static void sppp_print_bytes(const u_char *p, u_short len); 372 static void sppp_print_string(const char *p, u_short len); 373 static void sppp_qflush(struct ifqueue *ifq); 374 static void sppp_set_ip_addr(struct sppp *sp, u_long src); 375 376 /* our control protocol descriptors */ 377 static const struct cp lcp = { 378 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 379 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 380 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 381 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 382 sppp_lcp_scr 383 }; 384 385 static const struct cp ipcp = { 386 PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp", 387 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 388 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 389 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 390 sppp_ipcp_scr 391 }; 392 393 static const struct cp pap = { 394 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 395 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 396 sppp_pap_TO, 0, 0, 0, 397 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 398 sppp_pap_scr 399 }; 400 401 static const struct cp chap = { 402 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 403 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 404 sppp_chap_TO, 0, 0, 0, 405 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 406 sppp_chap_scr 407 }; 408 409 static const struct cp *cps[IDX_COUNT] = { 410 &lcp, /* IDX_LCP */ 411 &ipcp, /* IDX_IPCP */ 412 &pap, /* IDX_PAP */ 413 &chap, /* IDX_CHAP */ 414 }; 415 416 417 /* 419 * Exported functions, comprising our interface to the lower layer. 420 */ 421 422 /* 423 * Process the received packet. 424 */ 425 void 426 sppp_input(struct ifnet *ifp, struct mbuf *m) 427 { 428 struct ppp_header *h; 429 struct ifqueue *inq = 0; 430 int s; 431 struct sppp *sp = (struct sppp *)ifp; 432 int debug = ifp->if_flags & IFF_DEBUG; 433 434 if (ifp->if_flags & IFF_UP) 435 /* Count received bytes, add FCS and one flag */ 436 ifp->if_ibytes += m->m_pkthdr.len + 3; 437 438 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 439 /* Too small packet, drop it. */ 440 if (debug) 441 log(LOG_DEBUG, 442 SPP_FMT "input packet is too small, %d bytes\n", 443 SPP_ARGS(ifp), m->m_pkthdr.len); 444 drop: 445 ++ifp->if_ierrors; 446 ++ifp->if_iqdrops; 447 m_freem (m); 448 return; 449 } 450 451 /* Get PPP header. */ 452 h = mtod (m, struct ppp_header*); 453 m_adj (m, PPP_HEADER_LEN); 454 455 switch (h->address) { 456 case PPP_ALLSTATIONS: 457 if (h->control != PPP_UI) 458 goto invalid; 459 if (sp->pp_flags & PP_CISCO) { 460 if (debug) 461 log(LOG_DEBUG, 462 SPP_FMT "PPP packet in Cisco mode " 463 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 464 SPP_ARGS(ifp), 465 h->address, h->control, ntohs(h->protocol)); 466 goto drop; 467 } 468 switch (ntohs (h->protocol)) { 469 default: 470 if (sp->state[IDX_LCP] == STATE_OPENED) 471 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 472 ++sp->pp_seq, m->m_pkthdr.len + 2, 473 &h->protocol); 474 if (debug) 475 log(LOG_DEBUG, 476 SPP_FMT "invalid input protocol " 477 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 478 SPP_ARGS(ifp), 479 h->address, h->control, ntohs(h->protocol)); 480 ++ifp->if_noproto; 481 goto drop; 482 case PPP_LCP: 483 sppp_cp_input(&lcp, sp, m); 484 m_freem (m); 485 return; 486 case PPP_PAP: 487 if (sp->pp_phase >= PHASE_AUTHENTICATE) 488 sppp_pap_input(sp, m); 489 m_freem (m); 490 return; 491 case PPP_CHAP: 492 if (sp->pp_phase >= PHASE_AUTHENTICATE) 493 sppp_chap_input(sp, m); 494 m_freem (m); 495 return; 496 #ifdef INET 497 case PPP_IPCP: 498 if (sp->pp_phase == PHASE_NETWORK) 499 sppp_cp_input(&ipcp, sp, m); 500 m_freem (m); 501 return; 502 case PPP_IP: 503 if (sp->state[IDX_IPCP] == STATE_OPENED) { 504 schednetisr (NETISR_IP); 505 inq = &ipintrq; 506 } 507 break; 508 #endif 509 #ifdef IPX 510 case PPP_IPX: 511 /* IPX IPXCP not implemented yet */ 512 if (sp->pp_phase == PHASE_NETWORK) { 513 schednetisr (NETISR_IPX); 514 inq = &ipxintrq; 515 } 516 break; 517 #endif 518 #ifdef NS 519 case PPP_XNS: 520 /* XNS IDPCP not implemented yet */ 521 if (sp->pp_phase == PHASE_NETWORK) { 522 schednetisr (NETISR_NS); 523 inq = &nsintrq; 524 } 525 break; 526 #endif 527 #ifdef ISO 528 case PPP_ISO: 529 /* OSI NLCP not implemented yet */ 530 if (sp->pp_phase == PHASE_NETWORK) { 531 schednetisr (NETISR_ISO); 532 inq = &clnlintrq; 533 } 534 break; 535 #endif 536 } 537 break; 538 case CISCO_MULTICAST: 539 case CISCO_UNICAST: 540 /* Don't check the control field here (RFC 1547). */ 541 if (! (sp->pp_flags & PP_CISCO)) { 542 if (debug) 543 log(LOG_DEBUG, 544 SPP_FMT "Cisco packet in PPP mode " 545 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 546 SPP_ARGS(ifp), 547 h->address, h->control, ntohs(h->protocol)); 548 goto drop; 549 } 550 switch (ntohs (h->protocol)) { 551 default: 552 ++ifp->if_noproto; 553 goto invalid; 554 case CISCO_KEEPALIVE: 555 sppp_cisco_input ((struct sppp*) ifp, m); 556 m_freem (m); 557 return; 558 #ifdef INET 559 case ETHERTYPE_IP: 560 schednetisr (NETISR_IP); 561 inq = &ipintrq; 562 break; 563 #endif 564 #ifdef IPX 565 case ETHERTYPE_IPX: 566 schednetisr (NETISR_IPX); 567 inq = &ipxintrq; 568 break; 569 #endif 570 #ifdef NS 571 case ETHERTYPE_NS: 572 schednetisr (NETISR_NS); 573 inq = &nsintrq; 574 break; 575 #endif 576 } 577 break; 578 default: /* Invalid PPP packet. */ 579 invalid: 580 if (debug) 581 log(LOG_DEBUG, 582 SPP_FMT "invalid input packet " 583 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 584 SPP_ARGS(ifp), 585 h->address, h->control, ntohs(h->protocol)); 586 goto drop; 587 } 588 589 if (! (ifp->if_flags & IFF_UP) || ! inq) 590 goto drop; 591 592 /* Check queue. */ 593 s = splimp(); 594 if (IF_QFULL (inq)) { 595 /* Queue overflow. */ 596 IF_DROP(inq); 597 splx(s); 598 if (debug) 599 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 600 SPP_ARGS(ifp)); 601 goto drop; 602 } 603 IF_ENQUEUE(inq, m); 604 splx(s); 605 } 606 607 /* 608 * Enqueue transmit packet. 609 */ 610 static int 611 sppp_output(struct ifnet *ifp, struct mbuf *m, 612 struct sockaddr *dst, struct rtentry *rt) 613 { 614 struct sppp *sp = (struct sppp*) ifp; 615 struct ppp_header *h; 616 struct ifqueue *ifq; 617 int s, rv = 0; 618 619 s = splimp(); 620 621 if ((ifp->if_flags & IFF_UP) == 0 || 622 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 623 m_freem (m); 624 splx (s); 625 return (ENETDOWN); 626 } 627 628 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 629 /* 630 * Interface is not yet running, but auto-dial. Need 631 * to start LCP for it. 632 */ 633 ifp->if_flags |= IFF_RUNNING; 634 splx(s); 635 lcp.Open(sp); 636 s = splimp(); 637 } 638 639 ifq = &ifp->if_snd; 640 641 #ifdef INET 642 if (dst->sa_family == AF_INET) 643 { 644 /* Check mbuf length here??? */ 645 struct ip *ip = mtod (m, struct ip*); 646 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 647 648 /* 649 * When using dynamic local IP address assignment by using 650 * 0.0.0.0 as a local address, the first TCP session will 651 * not connect because the local TCP checksum is computed 652 * using 0.0.0.0 which will later become our real IP address 653 * so the TCP checksum computed at the remote end will 654 * become invalid. So we 655 * - don't let packets with src ip addr 0 thru 656 * - we flag TCP packets with src ip 0 as an error 657 */ 658 659 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 660 { 661 m_freem(m); 662 splx(s); 663 if(ip->ip_p == IPPROTO_TCP) 664 return(EADDRNOTAVAIL); 665 else 666 return(0); 667 } 668 669 /* 670 * Put low delay, telnet, rlogin and ftp control packets 671 * in front of the queue. 672 */ 673 674 if (! IF_QFULL (&sp->pp_fastq) && 675 ((ip->ip_tos & IPTOS_LOWDELAY) || 676 ((ip->ip_p == IPPROTO_TCP && 677 m->m_len >= sizeof (struct ip) + sizeof (struct tcphdr) && 678 (INTERACTIVE (ntohs (tcp->th_sport)))) || 679 INTERACTIVE (ntohs (tcp->th_dport))))) 680 ifq = &sp->pp_fastq; 681 } 682 #endif 683 684 /* 685 * Prepend general data packet PPP header. For now, IP only. 686 */ 687 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 688 if (! m) { 689 if (ifp->if_flags & IFF_DEBUG) 690 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 691 SPP_ARGS(ifp)); 692 ++ifp->if_oerrors; 693 splx (s); 694 return (ENOBUFS); 695 } 696 /* 697 * May want to check size of packet 698 * (albeit due to the implementation it's always enough) 699 */ 700 h = mtod (m, struct ppp_header*); 701 if (sp->pp_flags & PP_CISCO) { 702 h->address = CISCO_UNICAST; /* unicast address */ 703 h->control = 0; 704 } else { 705 h->address = PPP_ALLSTATIONS; /* broadcast address */ 706 h->control = PPP_UI; /* Unnumbered Info */ 707 } 708 709 switch (dst->sa_family) { 710 #ifdef INET 711 case AF_INET: /* Internet Protocol */ 712 if (sp->pp_flags & PP_CISCO) 713 h->protocol = htons (ETHERTYPE_IP); 714 else { 715 /* 716 * Don't choke with an ENETDOWN early. It's 717 * possible that we just started dialing out, 718 * so don't drop the packet immediately. If 719 * we notice that we run out of buffer space 720 * below, we will however remember that we are 721 * not ready to carry IP packets, and return 722 * ENETDOWN, as opposed to ENOBUFS. 723 */ 724 h->protocol = htons(PPP_IP); 725 if (sp->state[IDX_IPCP] != STATE_OPENED) 726 rv = ENETDOWN; 727 } 728 break; 729 #endif 730 #ifdef NS 731 case AF_NS: /* Xerox NS Protocol */ 732 h->protocol = htons ((sp->pp_flags & PP_CISCO) ? 733 ETHERTYPE_NS : PPP_XNS); 734 break; 735 #endif 736 #ifdef IPX 737 case AF_IPX: /* Novell IPX Protocol */ 738 h->protocol = htons ((sp->pp_flags & PP_CISCO) ? 739 ETHERTYPE_IPX : PPP_IPX); 740 break; 741 #endif 742 #ifdef ISO 743 case AF_ISO: /* ISO OSI Protocol */ 744 if (sp->pp_flags & PP_CISCO) 745 goto nosupport; 746 h->protocol = htons (PPP_ISO); 747 break; 748 nosupport: 749 #endif 750 default: 751 m_freem (m); 752 ++ifp->if_oerrors; 753 splx (s); 754 return (EAFNOSUPPORT); 755 } 756 757 /* 758 * Queue message on interface, and start output if interface 759 * not yet active. 760 */ 761 if (IF_QFULL (ifq)) { 762 IF_DROP (&ifp->if_snd); 763 m_freem (m); 764 ++ifp->if_oerrors; 765 splx (s); 766 return (rv? rv: ENOBUFS); 767 } 768 IF_ENQUEUE (ifq, m); 769 if (! (ifp->if_flags & IFF_OACTIVE)) 770 (*ifp->if_start) (ifp); 771 772 /* 773 * Count output packets and bytes. 774 * The packet length includes header, FCS and 1 flag, 775 * according to RFC 1333. 776 */ 777 ifp->if_obytes += m->m_pkthdr.len + 3; 778 splx (s); 779 return (0); 780 } 781 782 void 783 sppp_attach(struct ifnet *ifp) 784 { 785 struct sppp *sp = (struct sppp*) ifp; 786 787 /* Initialize keepalive handler. */ 788 if (! spppq) 789 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 790 keepalive_ch = 791 #endif 792 timeout(sppp_keepalive, 0, hz * 10); 793 794 /* Insert new entry into the keepalive list. */ 795 sp->pp_next = spppq; 796 spppq = sp; 797 798 sp->pp_if.if_type = IFT_PPP; 799 sp->pp_if.if_output = sppp_output; 800 sp->pp_fastq.ifq_maxlen = 32; 801 sp->pp_cpq.ifq_maxlen = 20; 802 sp->pp_loopcnt = 0; 803 sp->pp_alivecnt = 0; 804 sp->pp_seq = 0; 805 sp->pp_rseq = 0; 806 sp->pp_phase = PHASE_DEAD; 807 sp->pp_up = lcp.Up; 808 sp->pp_down = lcp.Down; 809 810 sppp_lcp_init(sp); 811 sppp_ipcp_init(sp); 812 sppp_pap_init(sp); 813 sppp_chap_init(sp); 814 } 815 816 void 817 sppp_detach(struct ifnet *ifp) 818 { 819 struct sppp **q, *p, *sp = (struct sppp*) ifp; 820 int i; 821 822 /* Remove the entry from the keepalive list. */ 823 for (q = &spppq; (p = *q); q = &p->pp_next) 824 if (p == sp) { 825 *q = p->pp_next; 826 break; 827 } 828 829 /* Stop keepalive handler. */ 830 if (! spppq) 831 untimeout(sppp_keepalive, 0 832 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 833 ,keepalive_ch 834 #endif 835 ); 836 837 for (i = 0; i < IDX_COUNT; i++) 838 untimeout((cps[i])->TO, (void *)sp 839 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 840 , sp->ch[i] 841 #endif 842 ); 843 untimeout(sppp_pap_my_TO, (void *)sp 844 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 845 , sp->pap_my_to_ch 846 #endif 847 ); 848 } 849 850 /* 851 * Flush the interface output queue. 852 */ 853 void 854 sppp_flush(struct ifnet *ifp) 855 { 856 struct sppp *sp = (struct sppp*) ifp; 857 858 sppp_qflush (&sp->pp_if.if_snd); 859 sppp_qflush (&sp->pp_fastq); 860 sppp_qflush (&sp->pp_cpq); 861 } 862 863 /* 864 * Check if the output queue is empty. 865 */ 866 int 867 sppp_isempty(struct ifnet *ifp) 868 { 869 struct sppp *sp = (struct sppp*) ifp; 870 int empty, s; 871 872 s = splimp(); 873 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 874 !sp->pp_if.if_snd.ifq_head; 875 splx(s); 876 return (empty); 877 } 878 879 /* 880 * Get next packet to send. 881 */ 882 struct mbuf * 883 sppp_dequeue(struct ifnet *ifp) 884 { 885 struct sppp *sp = (struct sppp*) ifp; 886 struct mbuf *m; 887 int s; 888 889 s = splimp(); 890 /* 891 * Process only the control protocol queue until we have at 892 * least one NCP open. 893 * 894 * Do always serve all three queues in Cisco mode. 895 */ 896 IF_DEQUEUE(&sp->pp_cpq, m); 897 if (m == NULL && 898 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) { 899 IF_DEQUEUE(&sp->pp_fastq, m); 900 if (m == NULL) 901 IF_DEQUEUE (&sp->pp_if.if_snd, m); 902 } 903 splx(s); 904 return m; 905 } 906 907 /* 908 * Pick the next packet, do not remove it from the queue. 909 */ 910 struct mbuf * 911 sppp_pick(struct ifnet *ifp) 912 { 913 struct sppp *sp = (struct sppp*)ifp; 914 struct mbuf *m; 915 int s; 916 917 s= splimp (); 918 919 m = sp->pp_cpq.ifq_head; 920 if (m == NULL && 921 (sp->pp_phase == PHASE_NETWORK || 922 (sp->pp_flags & PP_CISCO) != 0)) 923 if ((m = sp->pp_fastq.ifq_head) == NULL) 924 m = sp->pp_if.if_snd.ifq_head; 925 splx (s); 926 return (m); 927 } 928 929 /* 930 * Process an ioctl request. Called on low priority level. 931 */ 932 int 933 #if defined(__FreeBSD_version) && __FreeBSD_version >= 300003 934 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) 935 #else 936 sppp_ioctl(struct ifnet *ifp, int cmd, void *data) 937 #endif 938 { 939 struct ifreq *ifr = (struct ifreq*) data; 940 struct sppp *sp = (struct sppp*) ifp; 941 int s, rv, going_up, going_down, newmode; 942 943 s = splimp(); 944 rv = 0; 945 switch (cmd) { 946 case SIOCAIFADDR: 947 case SIOCSIFDSTADDR: 948 break; 949 950 case SIOCSIFADDR: 951 if_up(ifp); 952 /* fall through... */ 953 954 case SIOCSIFFLAGS: 955 going_up = ifp->if_flags & IFF_UP && 956 (ifp->if_flags & IFF_RUNNING) == 0; 957 going_down = (ifp->if_flags & IFF_UP) == 0 && 958 ifp->if_flags & IFF_RUNNING; 959 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 960 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 961 /* sanity */ 962 newmode = IFF_PASSIVE; 963 ifp->if_flags &= ~IFF_AUTO; 964 } 965 966 if (going_up || going_down) 967 lcp.Close(sp); 968 if (going_up && newmode == 0) { 969 /* neither auto-dial nor passive */ 970 ifp->if_flags |= IFF_RUNNING; 971 if (!(sp->pp_flags & PP_CISCO)) 972 lcp.Open(sp); 973 } else if (going_down) { 974 sppp_flush(ifp); 975 ifp->if_flags &= ~IFF_RUNNING; 976 } 977 978 break; 979 980 #ifdef SIOCSIFMTU 981 #ifndef ifr_mtu 982 #define ifr_mtu ifr_metric 983 #endif 984 case SIOCSIFMTU: 985 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 986 return (EINVAL); 987 ifp->if_mtu = ifr->ifr_mtu; 988 break; 989 #endif 990 #ifdef SLIOCSETMTU 991 case SLIOCSETMTU: 992 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 993 return (EINVAL); 994 ifp->if_mtu = *(short*)data; 995 break; 996 #endif 997 #ifdef SIOCGIFMTU 998 case SIOCGIFMTU: 999 ifr->ifr_mtu = ifp->if_mtu; 1000 break; 1001 #endif 1002 #ifdef SLIOCGETMTU 1003 case SLIOCGETMTU: 1004 *(short*)data = ifp->if_mtu; 1005 break; 1006 #endif 1007 case SIOCADDMULTI: 1008 case SIOCDELMULTI: 1009 break; 1010 1011 case SIOCGIFGENERIC: 1012 case SIOCSIFGENERIC: 1013 rv = sppp_params(sp, cmd, data); 1014 break; 1015 1016 default: 1017 rv = ENOTTY; 1018 } 1019 splx(s); 1020 return rv; 1021 } 1022 1023 1024 /* 1026 * Cisco framing implementation. 1027 */ 1028 1029 /* 1030 * Handle incoming Cisco keepalive protocol packets. 1031 */ 1032 static void 1033 sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1034 { 1035 STDDCL; 1036 struct cisco_packet *h; 1037 u_long me, mymask; 1038 1039 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1040 if (debug) 1041 log(LOG_DEBUG, 1042 SPP_FMT "cisco invalid packet length: %d bytes\n", 1043 SPP_ARGS(ifp), m->m_pkthdr.len); 1044 return; 1045 } 1046 h = mtod (m, struct cisco_packet*); 1047 if (debug) 1048 log(LOG_DEBUG, 1049 SPP_FMT "cisco input: %d bytes " 1050 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1051 SPP_ARGS(ifp), m->m_pkthdr.len, 1052 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1053 (u_int)h->time0, (u_int)h->time1); 1054 switch (ntohl (h->type)) { 1055 default: 1056 if (debug) 1057 addlog(SPP_FMT "cisco unknown packet type: 0x%lx\n", 1058 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1059 break; 1060 case CISCO_ADDR_REPLY: 1061 /* Reply on address request, ignore */ 1062 break; 1063 case CISCO_KEEPALIVE_REQ: 1064 sp->pp_alivecnt = 0; 1065 sp->pp_rseq = ntohl (h->par1); 1066 if (sp->pp_seq == sp->pp_rseq) { 1067 /* Local and remote sequence numbers are equal. 1068 * Probably, the line is in loopback mode. */ 1069 if (sp->pp_loopcnt >= MAXALIVECNT) { 1070 printf (SPP_FMT "loopback\n", 1071 SPP_ARGS(ifp)); 1072 sp->pp_loopcnt = 0; 1073 if (ifp->if_flags & IFF_UP) { 1074 if_down (ifp); 1075 sppp_qflush (&sp->pp_cpq); 1076 } 1077 } 1078 ++sp->pp_loopcnt; 1079 1080 /* Generate new local sequence number */ 1081 #if defined(__NetBSD__) || (defined(__FreeBSD__) && __FreeBSD__ >= 3) 1082 sp->pp_seq = random(); 1083 #else 1084 sp->pp_seq ^= time.tv_sec ^ time.tv_usec; 1085 #endif 1086 break; 1087 } 1088 sp->pp_loopcnt = 0; 1089 if (! (ifp->if_flags & IFF_UP) && 1090 (ifp->if_flags & IFF_RUNNING)) { 1091 if_up(ifp); 1092 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1093 } 1094 break; 1095 case CISCO_ADDR_REQ: 1096 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1097 if (me != 0L) 1098 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1099 break; 1100 } 1101 } 1102 1103 /* 1104 * Send Cisco keepalive packet. 1105 */ 1106 static void 1107 sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1108 { 1109 STDDCL; 1110 struct ppp_header *h; 1111 struct cisco_packet *ch; 1112 struct mbuf *m; 1113 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1114 struct timeval tv; 1115 #else 1116 u_long t = (time.tv_sec - boottime.tv_sec) * 1000; 1117 #endif 1118 1119 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1120 getmicrouptime(&tv); 1121 #endif 1122 1123 MGETHDR (m, M_DONTWAIT, MT_DATA); 1124 if (! m) 1125 return; 1126 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1127 m->m_pkthdr.rcvif = 0; 1128 1129 h = mtod (m, struct ppp_header*); 1130 h->address = CISCO_MULTICAST; 1131 h->control = 0; 1132 h->protocol = htons (CISCO_KEEPALIVE); 1133 1134 ch = (struct cisco_packet*) (h + 1); 1135 ch->type = htonl (type); 1136 ch->par1 = htonl (par1); 1137 ch->par2 = htonl (par2); 1138 ch->rel = -1; 1139 1140 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1141 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1142 ch->time1 = htons ((u_short) tv.tv_sec); 1143 #else 1144 ch->time0 = htons ((u_short) (t >> 16)); 1145 ch->time1 = htons ((u_short) t); 1146 #endif 1147 1148 if (debug) 1149 log(LOG_DEBUG, 1150 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1151 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1152 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1153 1154 if (IF_QFULL (&sp->pp_cpq)) { 1155 IF_DROP (&sp->pp_fastq); 1156 IF_DROP (&ifp->if_snd); 1157 m_freem (m); 1158 } else 1159 IF_ENQUEUE (&sp->pp_cpq, m); 1160 if (! (ifp->if_flags & IFF_OACTIVE)) 1161 (*ifp->if_start) (ifp); 1162 ifp->if_obytes += m->m_pkthdr.len + 3; 1163 } 1164 1165 /* 1167 * PPP protocol implementation. 1168 */ 1169 1170 /* 1171 * Send PPP control protocol packet. 1172 */ 1173 static void 1174 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1175 u_char ident, u_short len, void *data) 1176 { 1177 STDDCL; 1178 struct ppp_header *h; 1179 struct lcp_header *lh; 1180 struct mbuf *m; 1181 1182 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1183 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1184 MGETHDR (m, M_DONTWAIT, MT_DATA); 1185 if (! m) 1186 return; 1187 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1188 m->m_pkthdr.rcvif = 0; 1189 1190 h = mtod (m, struct ppp_header*); 1191 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1192 h->control = PPP_UI; /* Unnumbered Info */ 1193 h->protocol = htons (proto); /* Link Control Protocol */ 1194 1195 lh = (struct lcp_header*) (h + 1); 1196 lh->type = type; 1197 lh->ident = ident; 1198 lh->len = htons (LCP_HEADER_LEN + len); 1199 if (len) 1200 bcopy (data, lh+1, len); 1201 1202 if (debug) { 1203 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1204 SPP_ARGS(ifp), 1205 sppp_proto_name(proto), 1206 sppp_cp_type_name (lh->type), lh->ident, 1207 ntohs (lh->len)); 1208 if (len) 1209 sppp_print_bytes ((u_char*) (lh+1), len); 1210 addlog(">\n"); 1211 } 1212 if (IF_QFULL (&sp->pp_cpq)) { 1213 IF_DROP (&sp->pp_fastq); 1214 IF_DROP (&ifp->if_snd); 1215 m_freem (m); 1216 ++ifp->if_oerrors; 1217 } else 1218 IF_ENQUEUE (&sp->pp_cpq, m); 1219 if (! (ifp->if_flags & IFF_OACTIVE)) 1220 (*ifp->if_start) (ifp); 1221 ifp->if_obytes += m->m_pkthdr.len + 3; 1222 } 1223 1224 /* 1225 * Handle incoming PPP control protocol packets. 1226 */ 1227 static void 1228 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1229 { 1230 STDDCL; 1231 struct lcp_header *h; 1232 int len = m->m_pkthdr.len; 1233 int rv; 1234 u_char *p; 1235 1236 if (len < 4) { 1237 if (debug) 1238 log(LOG_DEBUG, 1239 SPP_FMT "%s invalid packet length: %d bytes\n", 1240 SPP_ARGS(ifp), cp->name, len); 1241 return; 1242 } 1243 h = mtod (m, struct lcp_header*); 1244 if (debug) { 1245 log(LOG_DEBUG, 1246 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1247 SPP_ARGS(ifp), cp->name, 1248 sppp_state_name(sp->state[cp->protoidx]), 1249 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1250 if (len > 4) 1251 sppp_print_bytes ((u_char*) (h+1), len-4); 1252 addlog(">\n"); 1253 } 1254 if (len > ntohs (h->len)) 1255 len = ntohs (h->len); 1256 p = (u_char *)(h + 1); 1257 switch (h->type) { 1258 case CONF_REQ: 1259 if (len < 4) { 1260 if (debug) 1261 addlog(SPP_FMT "%s invalid conf-req length %d\n", 1262 SPP_ARGS(ifp), cp->name, 1263 len); 1264 ++ifp->if_ierrors; 1265 break; 1266 } 1267 /* handle states where RCR doesn't get a SCA/SCN */ 1268 switch (sp->state[cp->protoidx]) { 1269 case STATE_CLOSING: 1270 case STATE_STOPPING: 1271 return; 1272 case STATE_CLOSED: 1273 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1274 0, 0); 1275 return; 1276 } 1277 rv = (cp->RCR)(sp, h, len); 1278 switch (sp->state[cp->protoidx]) { 1279 case STATE_OPENED: 1280 (cp->tld)(sp); 1281 (cp->scr)(sp); 1282 /* fall through... */ 1283 case STATE_ACK_SENT: 1284 case STATE_REQ_SENT: 1285 sppp_cp_change_state(cp, sp, rv? 1286 STATE_ACK_SENT: STATE_REQ_SENT); 1287 break; 1288 case STATE_STOPPED: 1289 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1290 (cp->scr)(sp); 1291 sppp_cp_change_state(cp, sp, rv? 1292 STATE_ACK_SENT: STATE_REQ_SENT); 1293 break; 1294 case STATE_ACK_RCVD: 1295 if (rv) { 1296 sppp_cp_change_state(cp, sp, STATE_OPENED); 1297 if (debug) 1298 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1299 SPP_ARGS(ifp), 1300 cp->name); 1301 (cp->tlu)(sp); 1302 } else 1303 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1304 break; 1305 default: 1306 printf(SPP_FMT "%s illegal %s in state %s\n", 1307 SPP_ARGS(ifp), cp->name, 1308 sppp_cp_type_name(h->type), 1309 sppp_state_name(sp->state[cp->protoidx])); 1310 ++ifp->if_ierrors; 1311 } 1312 break; 1313 case CONF_ACK: 1314 if (h->ident != sp->confid[cp->protoidx]) { 1315 if (debug) 1316 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1317 SPP_ARGS(ifp), cp->name, 1318 h->ident, sp->confid[cp->protoidx]); 1319 ++ifp->if_ierrors; 1320 break; 1321 } 1322 switch (sp->state[cp->protoidx]) { 1323 case STATE_CLOSED: 1324 case STATE_STOPPED: 1325 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1326 break; 1327 case STATE_CLOSING: 1328 case STATE_STOPPING: 1329 break; 1330 case STATE_REQ_SENT: 1331 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1332 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1333 break; 1334 case STATE_OPENED: 1335 (cp->tld)(sp); 1336 /* fall through */ 1337 case STATE_ACK_RCVD: 1338 (cp->scr)(sp); 1339 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1340 break; 1341 case STATE_ACK_SENT: 1342 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1343 sppp_cp_change_state(cp, sp, STATE_OPENED); 1344 if (debug) 1345 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1346 SPP_ARGS(ifp), cp->name); 1347 (cp->tlu)(sp); 1348 break; 1349 default: 1350 printf(SPP_FMT "%s illegal %s in state %s\n", 1351 SPP_ARGS(ifp), cp->name, 1352 sppp_cp_type_name(h->type), 1353 sppp_state_name(sp->state[cp->protoidx])); 1354 ++ifp->if_ierrors; 1355 } 1356 break; 1357 case CONF_NAK: 1358 case CONF_REJ: 1359 if (h->ident != sp->confid[cp->protoidx]) { 1360 if (debug) 1361 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1362 SPP_ARGS(ifp), cp->name, 1363 h->ident, sp->confid[cp->protoidx]); 1364 ++ifp->if_ierrors; 1365 break; 1366 } 1367 if (h->type == CONF_NAK) 1368 (cp->RCN_nak)(sp, h, len); 1369 else /* CONF_REJ */ 1370 (cp->RCN_rej)(sp, h, len); 1371 1372 switch (sp->state[cp->protoidx]) { 1373 case STATE_CLOSED: 1374 case STATE_STOPPED: 1375 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1376 break; 1377 case STATE_REQ_SENT: 1378 case STATE_ACK_SENT: 1379 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1380 (cp->scr)(sp); 1381 break; 1382 case STATE_OPENED: 1383 (cp->tld)(sp); 1384 /* fall through */ 1385 case STATE_ACK_RCVD: 1386 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1387 (cp->scr)(sp); 1388 break; 1389 case STATE_CLOSING: 1390 case STATE_STOPPING: 1391 break; 1392 default: 1393 printf(SPP_FMT "%s illegal %s in state %s\n", 1394 SPP_ARGS(ifp), cp->name, 1395 sppp_cp_type_name(h->type), 1396 sppp_state_name(sp->state[cp->protoidx])); 1397 ++ifp->if_ierrors; 1398 } 1399 break; 1400 1401 case TERM_REQ: 1402 switch (sp->state[cp->protoidx]) { 1403 case STATE_ACK_RCVD: 1404 case STATE_ACK_SENT: 1405 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1406 /* fall through */ 1407 case STATE_CLOSED: 1408 case STATE_STOPPED: 1409 case STATE_CLOSING: 1410 case STATE_STOPPING: 1411 case STATE_REQ_SENT: 1412 sta: 1413 /* Send Terminate-Ack packet. */ 1414 if (debug) 1415 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1416 SPP_ARGS(ifp), cp->name); 1417 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1418 break; 1419 case STATE_OPENED: 1420 (cp->tld)(sp); 1421 sp->rst_counter[cp->protoidx] = 0; 1422 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1423 goto sta; 1424 break; 1425 default: 1426 printf(SPP_FMT "%s illegal %s in state %s\n", 1427 SPP_ARGS(ifp), cp->name, 1428 sppp_cp_type_name(h->type), 1429 sppp_state_name(sp->state[cp->protoidx])); 1430 ++ifp->if_ierrors; 1431 } 1432 break; 1433 case TERM_ACK: 1434 switch (sp->state[cp->protoidx]) { 1435 case STATE_CLOSED: 1436 case STATE_STOPPED: 1437 case STATE_REQ_SENT: 1438 case STATE_ACK_SENT: 1439 break; 1440 case STATE_CLOSING: 1441 (cp->tlf)(sp); 1442 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1443 break; 1444 case STATE_STOPPING: 1445 (cp->tlf)(sp); 1446 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1447 break; 1448 case STATE_ACK_RCVD: 1449 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1450 break; 1451 case STATE_OPENED: 1452 (cp->tld)(sp); 1453 (cp->scr)(sp); 1454 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1455 break; 1456 default: 1457 printf(SPP_FMT "%s illegal %s in state %s\n", 1458 SPP_ARGS(ifp), cp->name, 1459 sppp_cp_type_name(h->type), 1460 sppp_state_name(sp->state[cp->protoidx])); 1461 ++ifp->if_ierrors; 1462 } 1463 break; 1464 case CODE_REJ: 1465 case PROTO_REJ: 1466 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1467 log(LOG_INFO, 1468 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1469 "danger will robinson\n", 1470 SPP_ARGS(ifp), cp->name, 1471 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1472 switch (sp->state[cp->protoidx]) { 1473 case STATE_CLOSED: 1474 case STATE_STOPPED: 1475 case STATE_REQ_SENT: 1476 case STATE_ACK_SENT: 1477 case STATE_CLOSING: 1478 case STATE_STOPPING: 1479 case STATE_OPENED: 1480 break; 1481 case STATE_ACK_RCVD: 1482 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1483 break; 1484 default: 1485 printf(SPP_FMT "%s illegal %s in state %s\n", 1486 SPP_ARGS(ifp), cp->name, 1487 sppp_cp_type_name(h->type), 1488 sppp_state_name(sp->state[cp->protoidx])); 1489 ++ifp->if_ierrors; 1490 } 1491 break; 1492 case DISC_REQ: 1493 if (cp->proto != PPP_LCP) 1494 goto illegal; 1495 /* Discard the packet. */ 1496 break; 1497 case ECHO_REQ: 1498 if (cp->proto != PPP_LCP) 1499 goto illegal; 1500 if (sp->state[cp->protoidx] != STATE_OPENED) { 1501 if (debug) 1502 addlog(SPP_FMT "lcp echo req but lcp closed\n", 1503 SPP_ARGS(ifp)); 1504 ++ifp->if_ierrors; 1505 break; 1506 } 1507 if (len < 8) { 1508 if (debug) 1509 addlog(SPP_FMT "invalid lcp echo request " 1510 "packet length: %d bytes\n", 1511 SPP_ARGS(ifp), len); 1512 break; 1513 } 1514 if (ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1515 /* Line loopback mode detected. */ 1516 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1517 if_down (ifp); 1518 sppp_qflush (&sp->pp_cpq); 1519 1520 /* Shut down the PPP link. */ 1521 /* XXX */ 1522 lcp.Down(sp); 1523 lcp.Up(sp); 1524 break; 1525 } 1526 *(long*)(h+1) = htonl (sp->lcp.magic); 1527 if (debug) 1528 addlog(SPP_FMT "got lcp echo req, sending echo rep\n", 1529 SPP_ARGS(ifp)); 1530 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1531 break; 1532 case ECHO_REPLY: 1533 if (cp->proto != PPP_LCP) 1534 goto illegal; 1535 if (h->ident != sp->lcp.echoid) { 1536 ++ifp->if_ierrors; 1537 break; 1538 } 1539 if (len < 8) { 1540 if (debug) 1541 addlog(SPP_FMT "lcp invalid echo reply " 1542 "packet length: %d bytes\n", 1543 SPP_ARGS(ifp), len); 1544 break; 1545 } 1546 if (debug) 1547 addlog(SPP_FMT "lcp got echo rep\n", 1548 SPP_ARGS(ifp)); 1549 if (ntohl (*(long*)(h+1)) != sp->lcp.magic) 1550 sp->pp_alivecnt = 0; 1551 break; 1552 default: 1553 /* Unknown packet type -- send Code-Reject packet. */ 1554 illegal: 1555 if (debug) 1556 addlog(SPP_FMT "%s send code-rej for 0x%x\n", 1557 SPP_ARGS(ifp), cp->name, h->type); 1558 sppp_cp_send(sp, cp->proto, CODE_REJ, ++sp->pp_seq, 1559 m->m_pkthdr.len, h); 1560 ++ifp->if_ierrors; 1561 } 1562 } 1563 1564 1565 /* 1566 * The generic part of all Up/Down/Open/Close/TO event handlers. 1567 * Basically, the state transition handling in the automaton. 1568 */ 1569 static void 1570 sppp_up_event(const struct cp *cp, struct sppp *sp) 1571 { 1572 STDDCL; 1573 1574 if (debug) 1575 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1576 SPP_ARGS(ifp), cp->name, 1577 sppp_state_name(sp->state[cp->protoidx])); 1578 1579 switch (sp->state[cp->protoidx]) { 1580 case STATE_INITIAL: 1581 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1582 break; 1583 case STATE_STARTING: 1584 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1585 (cp->scr)(sp); 1586 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1587 break; 1588 default: 1589 printf(SPP_FMT "%s illegal up in state %s\n", 1590 SPP_ARGS(ifp), cp->name, 1591 sppp_state_name(sp->state[cp->protoidx])); 1592 } 1593 } 1594 1595 static void 1596 sppp_down_event(const struct cp *cp, struct sppp *sp) 1597 { 1598 STDDCL; 1599 1600 if (debug) 1601 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1602 SPP_ARGS(ifp), cp->name, 1603 sppp_state_name(sp->state[cp->protoidx])); 1604 1605 switch (sp->state[cp->protoidx]) { 1606 case STATE_CLOSED: 1607 case STATE_CLOSING: 1608 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1609 break; 1610 case STATE_STOPPED: 1611 (cp->tls)(sp); 1612 /* fall through */ 1613 case STATE_STOPPING: 1614 case STATE_REQ_SENT: 1615 case STATE_ACK_RCVD: 1616 case STATE_ACK_SENT: 1617 sppp_cp_change_state(cp, sp, STATE_STARTING); 1618 break; 1619 case STATE_OPENED: 1620 (cp->tld)(sp); 1621 sppp_cp_change_state(cp, sp, STATE_STARTING); 1622 break; 1623 default: 1624 printf(SPP_FMT "%s illegal down in state %s\n", 1625 SPP_ARGS(ifp), cp->name, 1626 sppp_state_name(sp->state[cp->protoidx])); 1627 } 1628 } 1629 1630 1631 static void 1632 sppp_open_event(const struct cp *cp, struct sppp *sp) 1633 { 1634 STDDCL; 1635 1636 if (debug) 1637 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1638 SPP_ARGS(ifp), cp->name, 1639 sppp_state_name(sp->state[cp->protoidx])); 1640 1641 switch (sp->state[cp->protoidx]) { 1642 case STATE_INITIAL: 1643 (cp->tls)(sp); 1644 sppp_cp_change_state(cp, sp, STATE_STARTING); 1645 break; 1646 case STATE_STARTING: 1647 break; 1648 case STATE_CLOSED: 1649 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1650 (cp->scr)(sp); 1651 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1652 break; 1653 case STATE_STOPPED: 1654 case STATE_STOPPING: 1655 case STATE_REQ_SENT: 1656 case STATE_ACK_RCVD: 1657 case STATE_ACK_SENT: 1658 case STATE_OPENED: 1659 break; 1660 case STATE_CLOSING: 1661 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1662 break; 1663 } 1664 } 1665 1666 1667 static void 1668 sppp_close_event(const struct cp *cp, struct sppp *sp) 1669 { 1670 STDDCL; 1671 1672 if (debug) 1673 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1674 SPP_ARGS(ifp), cp->name, 1675 sppp_state_name(sp->state[cp->protoidx])); 1676 1677 switch (sp->state[cp->protoidx]) { 1678 case STATE_INITIAL: 1679 case STATE_CLOSED: 1680 case STATE_CLOSING: 1681 break; 1682 case STATE_STARTING: 1683 (cp->tlf)(sp); 1684 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1685 break; 1686 case STATE_STOPPED: 1687 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1688 break; 1689 case STATE_STOPPING: 1690 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1691 break; 1692 case STATE_OPENED: 1693 (cp->tld)(sp); 1694 /* fall through */ 1695 case STATE_REQ_SENT: 1696 case STATE_ACK_RCVD: 1697 case STATE_ACK_SENT: 1698 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1699 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0); 1700 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1701 break; 1702 } 1703 } 1704 1705 static void 1706 sppp_to_event(const struct cp *cp, struct sppp *sp) 1707 { 1708 STDDCL; 1709 int s; 1710 1711 s = splimp(); 1712 if (debug) 1713 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 1714 SPP_ARGS(ifp), cp->name, 1715 sppp_state_name(sp->state[cp->protoidx]), 1716 sp->rst_counter[cp->protoidx]); 1717 1718 if (--sp->rst_counter[cp->protoidx] < 0) 1719 /* TO- event */ 1720 switch (sp->state[cp->protoidx]) { 1721 case STATE_CLOSING: 1722 (cp->tlf)(sp); 1723 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1724 break; 1725 case STATE_STOPPING: 1726 (cp->tlf)(sp); 1727 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1728 break; 1729 case STATE_REQ_SENT: 1730 case STATE_ACK_RCVD: 1731 case STATE_ACK_SENT: 1732 (cp->tlf)(sp); 1733 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1734 break; 1735 } 1736 else 1737 /* TO+ event */ 1738 switch (sp->state[cp->protoidx]) { 1739 case STATE_CLOSING: 1740 case STATE_STOPPING: 1741 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 1742 0, 0); 1743 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1744 sp->ch[cp->protoidx] = 1745 #endif 1746 timeout(cp->TO, (void *)sp, sp->lcp.timeout); 1747 break; 1748 case STATE_REQ_SENT: 1749 case STATE_ACK_RCVD: 1750 (cp->scr)(sp); 1751 /* sppp_cp_change_state() will restart the timer */ 1752 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1753 break; 1754 case STATE_ACK_SENT: 1755 (cp->scr)(sp); 1756 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1757 sp->ch[cp->protoidx] = 1758 #endif 1759 timeout(cp->TO, (void *)sp, sp->lcp.timeout); 1760 break; 1761 } 1762 1763 splx(s); 1764 } 1765 1766 /* 1767 * Change the state of a control protocol in the state automaton. 1768 * Takes care of starting/stopping the restart timer. 1769 */ 1770 void 1771 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1772 { 1773 sp->state[cp->protoidx] = newstate; 1774 1775 untimeout(cp->TO, (void *)sp 1776 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1777 , sp->ch[cp->protoidx] 1778 #endif 1779 ); 1780 switch (newstate) { 1781 case STATE_INITIAL: 1782 case STATE_STARTING: 1783 case STATE_CLOSED: 1784 case STATE_STOPPED: 1785 case STATE_OPENED: 1786 break; 1787 case STATE_CLOSING: 1788 case STATE_STOPPING: 1789 case STATE_REQ_SENT: 1790 case STATE_ACK_RCVD: 1791 case STATE_ACK_SENT: 1792 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1793 sp->ch[cp->protoidx] = 1794 #endif 1795 timeout(cp->TO, (void *)sp, sp->lcp.timeout); 1796 break; 1797 } 1798 } 1799 /* 1801 *--------------------------------------------------------------------------* 1802 * * 1803 * The LCP implementation. * 1804 * * 1805 *--------------------------------------------------------------------------* 1806 */ 1807 static void 1808 sppp_lcp_init(struct sppp *sp) 1809 { 1810 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1811 sp->lcp.magic = 0; 1812 sp->state[IDX_LCP] = STATE_INITIAL; 1813 sp->fail_counter[IDX_LCP] = 0; 1814 sp->lcp.protos = 0; 1815 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 1816 1817 /* 1818 * Initialize counters and timeout values. Note that we don't 1819 * use the 3 seconds suggested in RFC 1661 since we are likely 1820 * running on a fast link. XXX We should probably implement 1821 * the exponential backoff option. Note that these values are 1822 * relevant for all control protocols, not just LCP only. 1823 */ 1824 sp->lcp.timeout = 1 * hz; 1825 sp->lcp.max_terminate = 2; 1826 sp->lcp.max_configure = 10; 1827 sp->lcp.max_failure = 10; 1828 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1829 callout_handle_init(&sp->ch[IDX_LCP]); 1830 #endif 1831 } 1832 1833 static void 1834 sppp_lcp_up(struct sppp *sp) 1835 { 1836 STDDCL; 1837 1838 /* 1839 * If this interface is passive or dial-on-demand, and we are 1840 * still in Initial state, it means we've got an incoming 1841 * call. Activate the interface. 1842 */ 1843 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 1844 if (debug) 1845 log(LOG_DEBUG, 1846 SPP_FMT "Up event", SPP_ARGS(ifp)); 1847 ifp->if_flags |= IFF_RUNNING; 1848 if (sp->state[IDX_LCP] == STATE_INITIAL) { 1849 if (debug) 1850 addlog("(incoming call)\n"); 1851 sp->pp_flags |= PP_CALLIN; 1852 lcp.Open(sp); 1853 } else if (debug) 1854 addlog("\n"); 1855 } 1856 1857 sppp_up_event(&lcp, sp); 1858 } 1859 1860 static void 1861 sppp_lcp_down(struct sppp *sp) 1862 { 1863 STDDCL; 1864 1865 sppp_down_event(&lcp, sp); 1866 1867 /* 1868 * If this is neither a dial-on-demand nor a passive 1869 * interface, simulate an ``ifconfig down'' action, so the 1870 * administrator can force a redial by another ``ifconfig 1871 * up''. XXX For leased line operation, should we immediately 1872 * try to reopen the connection here? 1873 */ 1874 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 1875 log(LOG_INFO, 1876 SPP_FMT "Down event (carrier loss), taking interface down.\n", 1877 SPP_ARGS(ifp)); 1878 if_down(ifp); 1879 } else { 1880 if (debug) 1881 log(LOG_DEBUG, 1882 SPP_FMT "Down event (carrier loss)\n", 1883 SPP_ARGS(ifp)); 1884 } 1885 sp->pp_flags &= ~PP_CALLIN; 1886 if (sp->state[IDX_LCP] != STATE_INITIAL) 1887 lcp.Close(sp); 1888 ifp->if_flags &= ~IFF_RUNNING; 1889 } 1890 1891 static void 1892 sppp_lcp_open(struct sppp *sp) 1893 { 1894 /* 1895 * If we are authenticator, negotiate LCP_AUTH 1896 */ 1897 if (sp->hisauth.proto != 0) 1898 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 1899 else 1900 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 1901 sp->pp_flags &= ~PP_NEEDAUTH; 1902 sppp_open_event(&lcp, sp); 1903 } 1904 1905 static void 1906 sppp_lcp_close(struct sppp *sp) 1907 { 1908 sppp_close_event(&lcp, sp); 1909 } 1910 1911 static void 1912 sppp_lcp_TO(void *cookie) 1913 { 1914 sppp_to_event(&lcp, (struct sppp *)cookie); 1915 } 1916 1917 /* 1918 * Analyze a configure request. Return true if it was agreeable, and 1919 * caused action sca, false if it has been rejected or nak'ed, and 1920 * caused action scn. (The return value is used to make the state 1921 * transition decision in the state automaton.) 1922 */ 1923 static int 1924 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 1925 { 1926 STDDCL; 1927 u_char *buf, *r, *p; 1928 int origlen, rlen; 1929 u_long nmagic; 1930 u_short authproto; 1931 1932 len -= 4; 1933 origlen = len; 1934 buf = r = malloc (len, M_TEMP, M_NOWAIT); 1935 if (! buf) 1936 return (0); 1937 1938 if (debug) 1939 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 1940 SPP_ARGS(ifp)); 1941 1942 /* pass 1: check for things that need to be rejected */ 1943 p = (void*) (h+1); 1944 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 1945 if (debug) 1946 addlog(" %s ", sppp_lcp_opt_name(*p)); 1947 switch (*p) { 1948 case LCP_OPT_MAGIC: 1949 /* Magic number. */ 1950 /* fall through, both are same length */ 1951 case LCP_OPT_ASYNC_MAP: 1952 /* Async control character map. */ 1953 if (len >= 6 || p[1] == 6) 1954 continue; 1955 if (debug) 1956 addlog("[invalid] "); 1957 break; 1958 case LCP_OPT_MRU: 1959 /* Maximum receive unit. */ 1960 if (len >= 4 && p[1] == 4) 1961 continue; 1962 if (debug) 1963 addlog("[invalid] "); 1964 break; 1965 case LCP_OPT_AUTH_PROTO: 1966 if (len < 4) { 1967 if (debug) 1968 addlog("[invalid] "); 1969 break; 1970 } 1971 authproto = (p[2] << 8) + p[3]; 1972 if (authproto == PPP_CHAP && p[1] != 5) { 1973 if (debug) 1974 addlog("[invalid chap len] "); 1975 break; 1976 } 1977 if (sp->myauth.proto == 0) { 1978 /* we are not configured to do auth */ 1979 if (debug) 1980 addlog("[not configured] "); 1981 break; 1982 } 1983 /* 1984 * Remote want us to authenticate, remember this, 1985 * so we stay in PHASE_AUTHENTICATE after LCP got 1986 * up. 1987 */ 1988 sp->pp_flags |= PP_NEEDAUTH; 1989 continue; 1990 default: 1991 /* Others not supported. */ 1992 if (debug) 1993 addlog("[rej] "); 1994 break; 1995 } 1996 /* Add the option to rejected list. */ 1997 bcopy (p, r, p[1]); 1998 r += p[1]; 1999 rlen += p[1]; 2000 } 2001 if (rlen) { 2002 if (debug) 2003 addlog(" send conf-rej\n"); 2004 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2005 return 0; 2006 } else if (debug) 2007 addlog("\n"); 2008 2009 /* 2010 * pass 2: check for option values that are unacceptable and 2011 * thus require to be nak'ed. 2012 */ 2013 if (debug) 2014 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2015 SPP_ARGS(ifp)); 2016 2017 p = (void*) (h+1); 2018 len = origlen; 2019 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2020 if (debug) 2021 addlog(" %s ", sppp_lcp_opt_name(*p)); 2022 switch (*p) { 2023 case LCP_OPT_MAGIC: 2024 /* Magic number -- extract. */ 2025 nmagic = (u_long)p[2] << 24 | 2026 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2027 if (nmagic != sp->lcp.magic) { 2028 if (debug) 2029 addlog("0x%lx ", nmagic); 2030 continue; 2031 } 2032 /* 2033 * Local and remote magics equal -- loopback? 2034 */ 2035 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2036 printf (SPP_FMT "loopback\n", 2037 SPP_ARGS(ifp)); 2038 sp->pp_loopcnt = 0; 2039 if (ifp->if_flags & IFF_UP) { 2040 if_down(ifp); 2041 sppp_qflush(&sp->pp_cpq); 2042 /* XXX ? */ 2043 lcp.Down(sp); 2044 lcp.Up(sp); 2045 } 2046 } else if (debug) 2047 addlog("[glitch] "); 2048 ++sp->pp_loopcnt; 2049 /* 2050 * We negate our magic here, and NAK it. If 2051 * we see it later in an NAK packet, we 2052 * suggest a new one. 2053 */ 2054 nmagic = ~sp->lcp.magic; 2055 /* Gonna NAK it. */ 2056 p[2] = nmagic >> 24; 2057 p[3] = nmagic >> 16; 2058 p[4] = nmagic >> 8; 2059 p[5] = nmagic; 2060 break; 2061 2062 case LCP_OPT_ASYNC_MAP: 2063 /* Async control character map -- check to be zero. */ 2064 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) { 2065 if (debug) 2066 addlog("[empty] "); 2067 continue; 2068 } 2069 if (debug) 2070 addlog("[non-empty] "); 2071 /* suggest a zero one */ 2072 p[2] = p[3] = p[4] = p[5] = 0; 2073 break; 2074 2075 case LCP_OPT_MRU: 2076 /* 2077 * Maximum receive unit. Always agreeable, 2078 * but ignored by now. 2079 */ 2080 sp->lcp.their_mru = p[2] * 256 + p[3]; 2081 if (debug) 2082 addlog("%ld ", sp->lcp.their_mru); 2083 continue; 2084 2085 case LCP_OPT_AUTH_PROTO: 2086 authproto = (p[2] << 8) + p[3]; 2087 if (sp->myauth.proto != authproto) { 2088 /* not agreed, nak */ 2089 if (debug) 2090 addlog("[mine %s != his %s] ", 2091 sppp_proto_name(sp->hisauth.proto), 2092 sppp_proto_name(authproto)); 2093 p[2] = sp->myauth.proto >> 8; 2094 p[3] = sp->myauth.proto; 2095 break; 2096 } 2097 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2098 if (debug) 2099 addlog("[chap not MD5] "); 2100 p[4] = CHAP_MD5; 2101 break; 2102 } 2103 continue; 2104 } 2105 /* Add the option to nak'ed list. */ 2106 bcopy (p, r, p[1]); 2107 r += p[1]; 2108 rlen += p[1]; 2109 } 2110 if (rlen) { 2111 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2112 if (debug) 2113 addlog(" max_failure (%d) exceeded, " 2114 "send conf-rej\n", 2115 sp->lcp.max_failure); 2116 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2117 } else { 2118 if (debug) 2119 addlog(" send conf-nak\n"); 2120 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2121 } 2122 return 0; 2123 } else { 2124 if (debug) 2125 addlog(" send conf-ack\n"); 2126 sp->fail_counter[IDX_LCP] = 0; 2127 sp->pp_loopcnt = 0; 2128 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2129 h->ident, origlen, h+1); 2130 } 2131 2132 free (buf, M_TEMP); 2133 return (rlen == 0); 2134 } 2135 2136 /* 2137 * Analyze the LCP Configure-Reject option list, and adjust our 2138 * negotiation. 2139 */ 2140 static void 2141 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2142 { 2143 STDDCL; 2144 u_char *buf, *p; 2145 2146 len -= 4; 2147 buf = malloc (len, M_TEMP, M_NOWAIT); 2148 if (!buf) 2149 return; 2150 2151 if (debug) 2152 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2153 SPP_ARGS(ifp)); 2154 2155 p = (void*) (h+1); 2156 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2157 if (debug) 2158 addlog(" %s ", sppp_lcp_opt_name(*p)); 2159 switch (*p) { 2160 case LCP_OPT_MAGIC: 2161 /* Magic number -- can't use it, use 0 */ 2162 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2163 sp->lcp.magic = 0; 2164 break; 2165 case LCP_OPT_MRU: 2166 /* 2167 * Should not be rejected anyway, since we only 2168 * negotiate a MRU if explicitly requested by 2169 * peer. 2170 */ 2171 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2172 break; 2173 case LCP_OPT_AUTH_PROTO: 2174 /* 2175 * Peer doesn't want to authenticate himself, 2176 * deny unless this is a dialout call, and 2177 * AUTHFLAG_NOCALLOUT is set. 2178 */ 2179 if ((sp->pp_flags & PP_CALLIN) == 0 && 2180 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2181 if (debug) 2182 addlog("[don't insist on auth " 2183 "for callout]"); 2184 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2185 break; 2186 } 2187 if (debug) 2188 addlog("[access denied]\n"); 2189 lcp.Close(sp); 2190 break; 2191 } 2192 } 2193 if (debug) 2194 addlog("\n"); 2195 free (buf, M_TEMP); 2196 return; 2197 } 2198 2199 /* 2200 * Analyze the LCP Configure-NAK option list, and adjust our 2201 * negotiation. 2202 */ 2203 static void 2204 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2205 { 2206 STDDCL; 2207 u_char *buf, *p; 2208 u_long magic; 2209 2210 len -= 4; 2211 buf = malloc (len, M_TEMP, M_NOWAIT); 2212 if (!buf) 2213 return; 2214 2215 if (debug) 2216 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2217 SPP_ARGS(ifp)); 2218 2219 p = (void*) (h+1); 2220 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2221 if (debug) 2222 addlog(" %s ", sppp_lcp_opt_name(*p)); 2223 switch (*p) { 2224 case LCP_OPT_MAGIC: 2225 /* Magic number -- renegotiate */ 2226 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2227 len >= 6 && p[1] == 6) { 2228 magic = (u_long)p[2] << 24 | 2229 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2230 /* 2231 * If the remote magic is our negated one, 2232 * this looks like a loopback problem. 2233 * Suggest a new magic to make sure. 2234 */ 2235 if (magic == ~sp->lcp.magic) { 2236 if (debug) 2237 addlog("magic glitch "); 2238 #if defined(__NetBSD__) || (defined(__FreeBSD__) && __FreeBSD__ >= 3) 2239 sp->lcp.magic = random(); 2240 #else 2241 sp->lcp.magic = time.tv_sec + time.tv_usec; 2242 #endif 2243 } else { 2244 sp->lcp.magic = magic; 2245 if (debug) 2246 addlog("%ld ", magic); 2247 } 2248 } 2249 break; 2250 case LCP_OPT_MRU: 2251 /* 2252 * Peer wants to advise us to negotiate an MRU. 2253 * Agree on it if it's reasonable, or use 2254 * default otherwise. 2255 */ 2256 if (len >= 4 && p[1] == 4) { 2257 u_int mru = p[2] * 256 + p[3]; 2258 if (debug) 2259 addlog("%d ", mru); 2260 if (mru < PP_MTU || mru > PP_MAX_MRU) 2261 mru = PP_MTU; 2262 sp->lcp.mru = mru; 2263 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2264 } 2265 break; 2266 case LCP_OPT_AUTH_PROTO: 2267 /* 2268 * Peer doesn't like our authentication method, 2269 * deny. 2270 */ 2271 if (debug) 2272 addlog("[access denied]\n"); 2273 lcp.Close(sp); 2274 break; 2275 } 2276 } 2277 if (debug) 2278 addlog("\n"); 2279 free (buf, M_TEMP); 2280 return; 2281 } 2282 2283 static void 2284 sppp_lcp_tlu(struct sppp *sp) 2285 { 2286 STDDCL; 2287 int i; 2288 u_long mask; 2289 2290 /* XXX ? */ 2291 if (! (ifp->if_flags & IFF_UP) && 2292 (ifp->if_flags & IFF_RUNNING)) { 2293 /* Coming out of loopback mode. */ 2294 if_up(ifp); 2295 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2296 } 2297 2298 for (i = 0; i < IDX_COUNT; i++) 2299 if ((cps[i])->flags & CP_QUAL) 2300 (cps[i])->Open(sp); 2301 2302 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2303 (sp->pp_flags & PP_NEEDAUTH) != 0) 2304 sp->pp_phase = PHASE_AUTHENTICATE; 2305 else 2306 sp->pp_phase = PHASE_NETWORK; 2307 2308 if(debug) 2309 { 2310 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2311 sppp_phase_name(sp->pp_phase)); 2312 } 2313 2314 /* 2315 * Open all authentication protocols. This is even required 2316 * if we already proceeded to network phase, since it might be 2317 * that remote wants us to authenticate, so we might have to 2318 * send a PAP request. Undesired authentication protocols 2319 * don't do anything when they get an Open event. 2320 */ 2321 for (i = 0; i < IDX_COUNT; i++) 2322 if ((cps[i])->flags & CP_AUTH) 2323 (cps[i])->Open(sp); 2324 2325 if (sp->pp_phase == PHASE_NETWORK) { 2326 /* Notify all NCPs. */ 2327 for (i = 0; i < IDX_COUNT; i++) 2328 if ((cps[i])->flags & CP_NCP) 2329 (cps[i])->Open(sp); 2330 } 2331 2332 /* Send Up events to all started protos. */ 2333 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2334 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) 2335 (cps[i])->Up(sp); 2336 2337 /* notify low-level driver of state change */ 2338 if (sp->pp_chg) 2339 sp->pp_chg(sp, (int)sp->pp_phase); 2340 2341 if (sp->pp_phase == PHASE_NETWORK) 2342 /* if no NCP is starting, close down */ 2343 sppp_lcp_check_and_close(sp); 2344 } 2345 2346 static void 2347 sppp_lcp_tld(struct sppp *sp) 2348 { 2349 STDDCL; 2350 int i; 2351 u_long mask; 2352 2353 sp->pp_phase = PHASE_TERMINATE; 2354 2355 if(debug) 2356 { 2357 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2358 sppp_phase_name(sp->pp_phase)); 2359 } 2360 2361 /* 2362 * Take upper layers down. We send the Down event first and 2363 * the Close second to prevent the upper layers from sending 2364 * ``a flurry of terminate-request packets'', as the RFC 2365 * describes it. 2366 */ 2367 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2368 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) { 2369 (cps[i])->Down(sp); 2370 (cps[i])->Close(sp); 2371 } 2372 } 2373 2374 static void 2375 sppp_lcp_tls(struct sppp *sp) 2376 { 2377 STDDCL; 2378 2379 sp->pp_phase = PHASE_ESTABLISH; 2380 2381 if(debug) 2382 { 2383 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2384 sppp_phase_name(sp->pp_phase)); 2385 } 2386 2387 /* Notify lower layer if desired. */ 2388 if (sp->pp_tls) 2389 (sp->pp_tls)(sp); 2390 } 2391 2392 static void 2393 sppp_lcp_tlf(struct sppp *sp) 2394 { 2395 STDDCL; 2396 2397 sp->pp_phase = PHASE_DEAD; 2398 2399 if(debug) 2400 { 2401 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2402 sppp_phase_name(sp->pp_phase)); 2403 } 2404 2405 /* Notify lower layer if desired. */ 2406 if (sp->pp_tlf) 2407 (sp->pp_tlf)(sp); 2408 } 2409 2410 static void 2411 sppp_lcp_scr(struct sppp *sp) 2412 { 2413 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2414 int i = 0; 2415 u_short authproto; 2416 2417 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2418 if (! sp->lcp.magic) 2419 #if defined(__NetBSD__) || (defined(__FreeBSD__) && __FreeBSD__ >= 3) 2420 sp->lcp.magic = random(); 2421 #else 2422 sp->lcp.magic = time.tv_sec + time.tv_usec; 2423 #endif 2424 opt[i++] = LCP_OPT_MAGIC; 2425 opt[i++] = 6; 2426 opt[i++] = sp->lcp.magic >> 24; 2427 opt[i++] = sp->lcp.magic >> 16; 2428 opt[i++] = sp->lcp.magic >> 8; 2429 opt[i++] = sp->lcp.magic; 2430 } 2431 2432 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2433 opt[i++] = LCP_OPT_MRU; 2434 opt[i++] = 4; 2435 opt[i++] = sp->lcp.mru >> 8; 2436 opt[i++] = sp->lcp.mru; 2437 } 2438 2439 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2440 authproto = sp->hisauth.proto; 2441 opt[i++] = LCP_OPT_AUTH_PROTO; 2442 opt[i++] = authproto == PPP_CHAP? 5: 4; 2443 opt[i++] = authproto >> 8; 2444 opt[i++] = authproto; 2445 if (authproto == PPP_CHAP) 2446 opt[i++] = CHAP_MD5; 2447 } 2448 2449 sp->confid[IDX_LCP] = ++sp->pp_seq; 2450 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2451 } 2452 2453 /* 2454 * Check the open NCPs, return true if at least one NCP is open. 2455 */ 2456 static int 2457 sppp_ncp_check(struct sppp *sp) 2458 { 2459 int i, mask; 2460 2461 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2462 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP) 2463 return 1; 2464 return 0; 2465 } 2466 2467 /* 2468 * Re-check the open NCPs and see if we should terminate the link. 2469 * Called by the NCPs during their tlf action handling. 2470 */ 2471 static void 2472 sppp_lcp_check_and_close(struct sppp *sp) 2473 { 2474 2475 if (sp->pp_phase < PHASE_NETWORK) 2476 /* don't bother, we are already going down */ 2477 return; 2478 2479 if (sppp_ncp_check(sp)) 2480 return; 2481 2482 lcp.Close(sp); 2483 } 2484 /* 2486 *--------------------------------------------------------------------------* 2487 * * 2488 * The IPCP implementation. * 2489 * * 2490 *--------------------------------------------------------------------------* 2491 */ 2492 2493 static void 2494 sppp_ipcp_init(struct sppp *sp) 2495 { 2496 sp->ipcp.opts = 0; 2497 sp->ipcp.flags = 0; 2498 sp->state[IDX_IPCP] = STATE_INITIAL; 2499 sp->fail_counter[IDX_IPCP] = 0; 2500 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 2501 callout_handle_init(&sp->ch[IDX_IPCP]); 2502 #endif 2503 } 2504 2505 static void 2506 sppp_ipcp_up(struct sppp *sp) 2507 { 2508 sppp_up_event(&ipcp, sp); 2509 } 2510 2511 static void 2512 sppp_ipcp_down(struct sppp *sp) 2513 { 2514 sppp_down_event(&ipcp, sp); 2515 } 2516 2517 static void 2518 sppp_ipcp_open(struct sppp *sp) 2519 { 2520 STDDCL; 2521 u_long myaddr, hisaddr; 2522 2523 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN); 2524 2525 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2526 /* 2527 * If we don't have his address, this probably means our 2528 * interface doesn't want to talk IP at all. (This could 2529 * be the case if somebody wants to speak only IPX, for 2530 * example.) Don't open IPCP in this case. 2531 */ 2532 if (hisaddr == 0L) { 2533 /* XXX this message should go away */ 2534 if (debug) 2535 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2536 SPP_ARGS(ifp)); 2537 return; 2538 } 2539 2540 if (myaddr == 0L) { 2541 /* 2542 * I don't have an assigned address, so i need to 2543 * negotiate my address. 2544 */ 2545 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2546 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2547 } else 2548 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2549 sppp_open_event(&ipcp, sp); 2550 } 2551 2552 static void 2553 sppp_ipcp_close(struct sppp *sp) 2554 { 2555 sppp_close_event(&ipcp, sp); 2556 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2557 /* 2558 * My address was dynamic, clear it again. 2559 */ 2560 sppp_set_ip_addr(sp, 0L); 2561 } 2562 2563 static void 2564 sppp_ipcp_TO(void *cookie) 2565 { 2566 sppp_to_event(&ipcp, (struct sppp *)cookie); 2567 } 2568 2569 /* 2570 * Analyze a configure request. Return true if it was agreeable, and 2571 * caused action sca, false if it has been rejected or nak'ed, and 2572 * caused action scn. (The return value is used to make the state 2573 * transition decision in the state automaton.) 2574 */ 2575 static int 2576 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2577 { 2578 u_char *buf, *r, *p; 2579 struct ifnet *ifp = &sp->pp_if; 2580 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2581 u_long hisaddr, desiredaddr; 2582 int gotmyaddr = 0; 2583 2584 len -= 4; 2585 origlen = len; 2586 /* 2587 * Make sure to allocate a buf that can at least hold a 2588 * conf-nak with an `address' option. We might need it below. 2589 */ 2590 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2591 if (! buf) 2592 return (0); 2593 2594 /* pass 1: see if we can recognize them */ 2595 if (debug) 2596 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2597 SPP_ARGS(ifp)); 2598 p = (void*) (h+1); 2599 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2600 if (debug) 2601 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2602 switch (*p) { 2603 #ifdef notyet 2604 case IPCP_OPT_COMPRESSION: 2605 if (len >= 6 && p[1] >= 6) { 2606 /* correctly formed compress option */ 2607 continue; 2608 } 2609 if (debug) 2610 addlog("[invalid] "); 2611 break; 2612 #endif 2613 case IPCP_OPT_ADDRESS: 2614 if (len >= 6 && p[1] == 6) { 2615 /* correctly formed address option */ 2616 continue; 2617 } 2618 if (debug) 2619 addlog("[invalid] "); 2620 break; 2621 default: 2622 /* Others not supported. */ 2623 if (debug) 2624 addlog("[rej] "); 2625 break; 2626 } 2627 /* Add the option to rejected list. */ 2628 bcopy (p, r, p[1]); 2629 r += p[1]; 2630 rlen += p[1]; 2631 } 2632 if (rlen) { 2633 if (debug) 2634 addlog(" send conf-rej\n"); 2635 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2636 return 0; 2637 } else if (debug) 2638 addlog("\n"); 2639 2640 /* pass 2: parse option values */ 2641 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 2642 if (debug) 2643 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2644 SPP_ARGS(ifp)); 2645 p = (void*) (h+1); 2646 len = origlen; 2647 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2648 if (debug) 2649 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2650 switch (*p) { 2651 #ifdef notyet 2652 case IPCP_OPT_COMPRESSION: 2653 continue; 2654 #endif 2655 case IPCP_OPT_ADDRESS: 2656 desiredaddr = p[2] << 24 | p[3] << 16 | 2657 p[4] << 8 | p[5]; 2658 if (!(sp->ipcp.flags & IPCP_MYADDR_SEEN) && 2659 (sp->ipcp.flags & IPCP_MYADDR_DYN)) { 2660 /* 2661 * hopefully this is our address !! 2662 */ 2663 if (debug) 2664 addlog("[wantmyaddr %s] ", 2665 sppp_dotted_quad(desiredaddr)); 2666 /* 2667 * When doing dynamic address assignment, 2668 * we accept his offer. Otherwise, we 2669 * ignore it and thus continue to negotiate 2670 * our already existing value. 2671 */ 2672 sppp_set_ip_addr(sp, desiredaddr); 2673 if (debug) 2674 addlog("[agree] "); 2675 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2676 gotmyaddr++; 2677 continue; 2678 } else { 2679 if (desiredaddr == hisaddr || 2680 (hisaddr == 1 && desiredaddr != 0)) { 2681 /* 2682 * Peer's address is same as our value, 2683 * this is agreeable. Gonna conf-ack 2684 * it. 2685 */ 2686 if (debug) 2687 addlog("%s [ack] ", 2688 sppp_dotted_quad(hisaddr)); 2689 /* record that we've seen it already */ 2690 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2691 continue; 2692 } 2693 /* 2694 * The address wasn't agreeable. This is either 2695 * he sent us 0.0.0.0, asking to assign him an 2696 * address, or he send us another address not 2697 * matching our value. Either case, we gonna 2698 * conf-nak it with our value. 2699 */ 2700 if (debug) { 2701 if (desiredaddr == 0) 2702 addlog("[addr requested] "); 2703 else 2704 addlog("%s [not agreed] ", 2705 sppp_dotted_quad(desiredaddr)); 2706 } 2707 2708 p[2] = hisaddr >> 24; 2709 p[3] = hisaddr >> 16; 2710 p[4] = hisaddr >> 8; 2711 p[5] = hisaddr; 2712 break; 2713 } 2714 } 2715 /* Add the option to nak'ed list. */ 2716 bcopy (p, r, p[1]); 2717 r += p[1]; 2718 rlen += p[1]; 2719 } 2720 2721 /* 2722 * If we are about to conf-ack the request, but haven't seen 2723 * his address so far, gonna conf-nak it instead, with the 2724 * `address' option present and our idea of his address being 2725 * filled in there, to request negotiation of both addresses. 2726 * 2727 * XXX This can result in an endless req - nak loop if peer 2728 * doesn't want to send us his address. Q: What should we do 2729 * about it? XXX A: implement the max-failure counter. 2730 */ 2731 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 2732 buf[0] = IPCP_OPT_ADDRESS; 2733 buf[1] = 6; 2734 buf[2] = hisaddr >> 24; 2735 buf[3] = hisaddr >> 16; 2736 buf[4] = hisaddr >> 8; 2737 buf[5] = hisaddr; 2738 rlen = 6; 2739 if (debug) 2740 addlog("still need hisaddr "); 2741 } 2742 2743 if (rlen) { 2744 if (debug) 2745 addlog(" send conf-nak\n"); 2746 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2747 } else { 2748 if (debug) 2749 addlog(" send conf-ack\n"); 2750 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 2751 h->ident, origlen, h+1); 2752 } 2753 2754 free (buf, M_TEMP); 2755 return (rlen == 0); 2756 } 2757 2758 /* 2759 * Analyze the IPCP Configure-Reject option list, and adjust our 2760 * negotiation. 2761 */ 2762 static void 2763 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2764 { 2765 u_char *buf, *p; 2766 struct ifnet *ifp = &sp->pp_if; 2767 int debug = ifp->if_flags & IFF_DEBUG; 2768 2769 len -= 4; 2770 buf = malloc (len, M_TEMP, M_NOWAIT); 2771 if (!buf) 2772 return; 2773 2774 if (debug) 2775 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 2776 SPP_ARGS(ifp)); 2777 2778 p = (void*) (h+1); 2779 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2780 if (debug) 2781 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2782 switch (*p) { 2783 case IPCP_OPT_ADDRESS: 2784 /* 2785 * Peer doesn't grok address option. This is 2786 * bad. XXX Should we better give up here? 2787 */ 2788 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 2789 break; 2790 #ifdef notyet 2791 case IPCP_OPT_COMPRESS: 2792 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS); 2793 break; 2794 #endif 2795 } 2796 } 2797 if (debug) 2798 addlog("\n"); 2799 free (buf, M_TEMP); 2800 return; 2801 } 2802 2803 /* 2804 * Analyze the IPCP Configure-NAK option list, and adjust our 2805 * negotiation. 2806 */ 2807 static void 2808 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2809 { 2810 u_char *buf, *p; 2811 struct ifnet *ifp = &sp->pp_if; 2812 int debug = ifp->if_flags & IFF_DEBUG; 2813 u_long wantaddr; 2814 2815 len -= 4; 2816 buf = malloc (len, M_TEMP, M_NOWAIT); 2817 if (!buf) 2818 return; 2819 2820 if (debug) 2821 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 2822 SPP_ARGS(ifp)); 2823 2824 p = (void*) (h+1); 2825 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2826 if (debug) 2827 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2828 switch (*p) { 2829 case IPCP_OPT_ADDRESS: 2830 /* 2831 * Peer doesn't like our local IP address. See 2832 * if we can do something for him. We'll drop 2833 * him our address then. 2834 */ 2835 if (len >= 6 && p[1] == 6) { 2836 wantaddr = p[2] << 24 | p[3] << 16 | 2837 p[4] << 8 | p[5]; 2838 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2839 if (debug) 2840 addlog("[wantaddr %s] ", 2841 sppp_dotted_quad(wantaddr)); 2842 /* 2843 * When doing dynamic address assignment, 2844 * we accept his offer. Otherwise, we 2845 * ignore it and thus continue to negotiate 2846 * our already existing value. 2847 */ 2848 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 2849 sppp_set_ip_addr(sp, wantaddr); 2850 if (debug) 2851 addlog("[agree] "); 2852 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2853 } 2854 } 2855 break; 2856 #ifdef notyet 2857 case IPCP_OPT_COMPRESS: 2858 /* 2859 * Peer wants different compression parameters. 2860 */ 2861 break; 2862 #endif 2863 } 2864 } 2865 if (debug) 2866 addlog("\n"); 2867 free (buf, M_TEMP); 2868 return; 2869 } 2870 2871 static void 2872 sppp_ipcp_tlu(struct sppp *sp) 2873 { 2874 /* we are up - notify isdn daemon */ 2875 if (sp->pp_con) 2876 sp->pp_con(sp); 2877 } 2878 2879 static void 2880 sppp_ipcp_tld(struct sppp *sp) 2881 { 2882 } 2883 2884 static void 2885 sppp_ipcp_tls(struct sppp *sp) 2886 { 2887 /* indicate to LCP that it must stay alive */ 2888 sp->lcp.protos |= (1 << IDX_IPCP); 2889 } 2890 2891 static void 2892 sppp_ipcp_tlf(struct sppp *sp) 2893 { 2894 /* we no longer need LCP */ 2895 sp->lcp.protos &= ~(1 << IDX_IPCP); 2896 sppp_lcp_check_and_close(sp); 2897 } 2898 2899 static void 2900 sppp_ipcp_scr(struct sppp *sp) 2901 { 2902 char opt[6 /* compression */ + 6 /* address */]; 2903 u_long ouraddr; 2904 int i = 0; 2905 2906 #ifdef notyet 2907 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 2908 opt[i++] = IPCP_OPT_COMPRESSION; 2909 opt[i++] = 6; 2910 opt[i++] = 0; /* VJ header compression */ 2911 opt[i++] = 0x2d; /* VJ header compression */ 2912 opt[i++] = max_slot_id; 2913 opt[i++] = comp_slot_id; 2914 } 2915 #endif 2916 2917 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 2918 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 2919 opt[i++] = IPCP_OPT_ADDRESS; 2920 opt[i++] = 6; 2921 opt[i++] = ouraddr >> 24; 2922 opt[i++] = ouraddr >> 16; 2923 opt[i++] = ouraddr >> 8; 2924 opt[i++] = ouraddr; 2925 } 2926 2927 sp->confid[IDX_IPCP] = ++sp->pp_seq; 2928 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 2929 } 2930 2931 2932 /* 2934 *--------------------------------------------------------------------------* 2935 * * 2936 * The CHAP implementation. * 2937 * * 2938 *--------------------------------------------------------------------------* 2939 */ 2940 2941 /* 2942 * The authentication protocols don't employ a full-fledged state machine as 2943 * the control protocols do, since they do have Open and Close events, but 2944 * not Up and Down, nor are they explicitly terminated. Also, use of the 2945 * authentication protocols may be different in both directions (this makes 2946 * sense, think of a machine that never accepts incoming calls but only 2947 * calls out, it doesn't require the called party to authenticate itself). 2948 * 2949 * Our state machine for the local authentication protocol (we are requesting 2950 * the peer to authenticate) looks like: 2951 * 2952 * RCA- 2953 * +--------------------------------------------+ 2954 * V scn,tld| 2955 * +--------+ Close +---------+ RCA+ 2956 * | |<----------------------------------| |------+ 2957 * +--->| Closed | TO* | Opened | sca | 2958 * | | |-----+ +-------| |<-----+ 2959 * | +--------+ irc | | +---------+ 2960 * | ^ | | ^ 2961 * | | | | | 2962 * | | | | | 2963 * | TO-| | | | 2964 * | |tld TO+ V | | 2965 * | | +------->+ | | 2966 * | | | | | | 2967 * | +--------+ V | | 2968 * | | |<----+<--------------------+ | 2969 * | | Req- | scr | 2970 * | | Sent | | 2971 * | | | | 2972 * | +--------+ | 2973 * | RCA- | | RCA+ | 2974 * +------+ +------------------------------------------+ 2975 * scn,tld sca,irc,ict,tlu 2976 * 2977 * 2978 * with: 2979 * 2980 * Open: LCP reached authentication phase 2981 * Close: LCP reached terminate phase 2982 * 2983 * RCA+: received reply (pap-req, chap-response), acceptable 2984 * RCN: received reply (pap-req, chap-response), not acceptable 2985 * TO+: timeout with restart counter >= 0 2986 * TO-: timeout with restart counter < 0 2987 * TO*: reschedule timeout for CHAP 2988 * 2989 * scr: send request packet (none for PAP, chap-challenge) 2990 * sca: send ack packet (pap-ack, chap-success) 2991 * scn: send nak packet (pap-nak, chap-failure) 2992 * ict: initialize re-challenge timer (CHAP only) 2993 * 2994 * tlu: this-layer-up, LCP reaches network phase 2995 * tld: this-layer-down, LCP enters terminate phase 2996 * 2997 * Note that in CHAP mode, after sending a new challenge, while the state 2998 * automaton falls back into Req-Sent state, it doesn't signal a tld 2999 * event to LCP, so LCP remains in network phase. Only after not getting 3000 * any response (or after getting an unacceptable response), CHAP closes, 3001 * causing LCP to enter terminate phase. 3002 * 3003 * With PAP, there is no initial request that can be sent. The peer is 3004 * expected to send one based on the successful negotiation of PAP as 3005 * the authentication protocol during the LCP option negotiation. 3006 * 3007 * Incoming authentication protocol requests (remote requests 3008 * authentication, we are peer) don't employ a state machine at all, 3009 * they are simply answered. Some peers [Ascend P50 firmware rev 3010 * 4.50] react allergically when sending IPCP requests while they are 3011 * still in authentication phase (thereby violating the standard that 3012 * demands that these NCP packets are to be discarded), so we keep 3013 * track of the peer demanding us to authenticate, and only proceed to 3014 * phase network once we've seen a positive acknowledge for the 3015 * authentication. 3016 */ 3017 3018 /* 3019 * Handle incoming CHAP packets. 3020 */ 3021 void 3022 sppp_chap_input(struct sppp *sp, struct mbuf *m) 3023 { 3024 STDDCL; 3025 struct lcp_header *h; 3026 int len, x; 3027 u_char *value, *name, digest[AUTHKEYLEN], dsize; 3028 int value_len, name_len; 3029 MD5_CTX ctx; 3030 3031 len = m->m_pkthdr.len; 3032 if (len < 4) { 3033 if (debug) 3034 log(LOG_DEBUG, 3035 SPP_FMT "chap invalid packet length: %d bytes\n", 3036 SPP_ARGS(ifp), len); 3037 return; 3038 } 3039 h = mtod (m, struct lcp_header*); 3040 if (len > ntohs (h->len)) 3041 len = ntohs (h->len); 3042 3043 switch (h->type) { 3044 /* challenge, failure and success are his authproto */ 3045 case CHAP_CHALLENGE: 3046 value = 1 + (u_char*)(h+1); 3047 value_len = value[-1]; 3048 name = value + value_len; 3049 name_len = len - value_len - 5; 3050 if (name_len < 0) { 3051 if (debug) { 3052 log(LOG_DEBUG, 3053 SPP_FMT "chap corrupted challenge " 3054 "<%s id=0x%x len=%d", 3055 SPP_ARGS(ifp), 3056 sppp_auth_type_name(PPP_CHAP, h->type), 3057 h->ident, ntohs(h->len)); 3058 if (len > 4) 3059 sppp_print_bytes((u_char*) (h+1), len-4); 3060 addlog(">\n"); 3061 } 3062 break; 3063 } 3064 3065 if (debug) { 3066 log(LOG_DEBUG, 3067 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3068 SPP_ARGS(ifp), 3069 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3070 ntohs(h->len)); 3071 sppp_print_string((char*) name, name_len); 3072 addlog(" value-size=%d value=", value_len); 3073 sppp_print_bytes(value, value_len); 3074 addlog(">\n"); 3075 } 3076 3077 /* Compute reply value. */ 3078 MD5Init(&ctx); 3079 MD5Update(&ctx, &h->ident, 1); 3080 MD5Update(&ctx, sp->myauth.secret, 3081 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 3082 MD5Update(&ctx, value, value_len); 3083 MD5Final(digest, &ctx); 3084 dsize = sizeof digest; 3085 3086 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3087 sizeof dsize, (const char *)&dsize, 3088 sizeof digest, digest, 3089 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3090 sp->myauth.name, 3091 0); 3092 break; 3093 3094 case CHAP_SUCCESS: 3095 if (debug) { 3096 log(LOG_DEBUG, SPP_FMT "chap success", 3097 SPP_ARGS(ifp)); 3098 if (len > 4) { 3099 addlog(": "); 3100 sppp_print_string((char*)(h + 1), len - 4); 3101 } 3102 addlog("\n"); 3103 } 3104 x = splimp(); 3105 sp->pp_flags &= ~PP_NEEDAUTH; 3106 if (sp->myauth.proto == PPP_CHAP && 3107 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3108 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3109 /* 3110 * We are authenticator for CHAP but didn't 3111 * complete yet. Leave it to tlu to proceed 3112 * to network phase. 3113 */ 3114 splx(x); 3115 break; 3116 } 3117 splx(x); 3118 sppp_phase_network(sp); 3119 break; 3120 3121 case CHAP_FAILURE: 3122 if (debug) { 3123 log(LOG_INFO, SPP_FMT "chap failure", 3124 SPP_ARGS(ifp)); 3125 if (len > 4) { 3126 addlog(": "); 3127 sppp_print_string((char*)(h + 1), len - 4); 3128 } 3129 addlog("\n"); 3130 } else 3131 log(LOG_INFO, SPP_FMT "chap failure\n", 3132 SPP_ARGS(ifp)); 3133 /* await LCP shutdown by authenticator */ 3134 break; 3135 3136 /* response is my authproto */ 3137 case CHAP_RESPONSE: 3138 value = 1 + (u_char*)(h+1); 3139 value_len = value[-1]; 3140 name = value + value_len; 3141 name_len = len - value_len - 5; 3142 if (name_len < 0) { 3143 if (debug) { 3144 log(LOG_DEBUG, 3145 SPP_FMT "chap corrupted response " 3146 "<%s id=0x%x len=%d", 3147 SPP_ARGS(ifp), 3148 sppp_auth_type_name(PPP_CHAP, h->type), 3149 h->ident, ntohs(h->len)); 3150 if (len > 4) 3151 sppp_print_bytes((u_char*)(h+1), len-4); 3152 addlog(">\n"); 3153 } 3154 break; 3155 } 3156 if (h->ident != sp->confid[IDX_CHAP]) { 3157 if (debug) 3158 log(LOG_DEBUG, 3159 SPP_FMT "chap dropping response for old ID " 3160 "(got %d, expected %d)\n", 3161 SPP_ARGS(ifp), 3162 h->ident, sp->confid[IDX_CHAP]); 3163 break; 3164 } 3165 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 3166 || bcmp(name, sp->hisauth.name, name_len) != 0) { 3167 log(LOG_INFO, SPP_FMT "chap response, his name ", 3168 SPP_ARGS(ifp)); 3169 sppp_print_string(name, name_len); 3170 addlog(" != expected "); 3171 sppp_print_string(sp->hisauth.name, 3172 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 3173 addlog("\n"); 3174 } 3175 if (debug) { 3176 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 3177 "<%s id=0x%x len=%d name=", 3178 SPP_ARGS(ifp), 3179 sppp_state_name(sp->state[IDX_CHAP]), 3180 sppp_auth_type_name(PPP_CHAP, h->type), 3181 h->ident, ntohs (h->len)); 3182 sppp_print_string((char*)name, name_len); 3183 addlog(" value-size=%d value=", value_len); 3184 sppp_print_bytes(value, value_len); 3185 addlog(">\n"); 3186 } 3187 if (value_len != AUTHKEYLEN) { 3188 if (debug) 3189 log(LOG_DEBUG, 3190 SPP_FMT "chap bad hash value length: " 3191 "%d bytes, should be %d\n", 3192 SPP_ARGS(ifp), value_len, 3193 AUTHKEYLEN); 3194 break; 3195 } 3196 3197 MD5Init(&ctx); 3198 MD5Update(&ctx, &h->ident, 1); 3199 MD5Update(&ctx, sp->hisauth.secret, 3200 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 3201 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 3202 MD5Final(digest, &ctx); 3203 3204 #define FAILMSG "Failed..." 3205 #define SUCCMSG "Welcome!" 3206 3207 if (value_len != sizeof digest || 3208 bcmp(digest, value, value_len) != 0) { 3209 /* action scn, tld */ 3210 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3211 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3212 0); 3213 chap.tld(sp); 3214 break; 3215 } 3216 /* action sca, perhaps tlu */ 3217 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 3218 sp->state[IDX_CHAP] == STATE_OPENED) 3219 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 3220 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3221 0); 3222 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 3223 sppp_cp_change_state(&chap, sp, STATE_OPENED); 3224 chap.tlu(sp); 3225 } 3226 break; 3227 3228 default: 3229 /* Unknown CHAP packet type -- ignore. */ 3230 if (debug) { 3231 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 3232 "<0x%x id=0x%xh len=%d", 3233 SPP_ARGS(ifp), 3234 sppp_state_name(sp->state[IDX_CHAP]), 3235 h->type, h->ident, ntohs(h->len)); 3236 if (len > 4) 3237 sppp_print_bytes((u_char*)(h+1), len-4); 3238 addlog(">\n"); 3239 } 3240 break; 3241 3242 } 3243 } 3244 3245 static void 3246 sppp_chap_init(struct sppp *sp) 3247 { 3248 /* Chap doesn't have STATE_INITIAL at all. */ 3249 sp->state[IDX_CHAP] = STATE_CLOSED; 3250 sp->fail_counter[IDX_CHAP] = 0; 3251 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3252 callout_handle_init(&sp->ch[IDX_CHAP]); 3253 #endif 3254 } 3255 3256 static void 3257 sppp_chap_open(struct sppp *sp) 3258 { 3259 if (sp->myauth.proto == PPP_CHAP && 3260 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3261 /* we are authenticator for CHAP, start it */ 3262 chap.scr(sp); 3263 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3264 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3265 } 3266 /* nothing to be done if we are peer, await a challenge */ 3267 } 3268 3269 static void 3270 sppp_chap_close(struct sppp *sp) 3271 { 3272 if (sp->state[IDX_CHAP] != STATE_CLOSED) 3273 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3274 } 3275 3276 static void 3277 sppp_chap_TO(void *cookie) 3278 { 3279 struct sppp *sp = (struct sppp *)cookie; 3280 STDDCL; 3281 int s; 3282 3283 s = splimp(); 3284 if (debug) 3285 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 3286 SPP_ARGS(ifp), 3287 sppp_state_name(sp->state[IDX_CHAP]), 3288 sp->rst_counter[IDX_CHAP]); 3289 3290 if (--sp->rst_counter[IDX_CHAP] < 0) 3291 /* TO- event */ 3292 switch (sp->state[IDX_CHAP]) { 3293 case STATE_REQ_SENT: 3294 chap.tld(sp); 3295 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3296 break; 3297 } 3298 else 3299 /* TO+ (or TO*) event */ 3300 switch (sp->state[IDX_CHAP]) { 3301 case STATE_OPENED: 3302 /* TO* event */ 3303 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3304 /* fall through */ 3305 case STATE_REQ_SENT: 3306 chap.scr(sp); 3307 /* sppp_cp_change_state() will restart the timer */ 3308 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3309 break; 3310 } 3311 3312 splx(s); 3313 } 3314 3315 static void 3316 sppp_chap_tlu(struct sppp *sp) 3317 { 3318 STDDCL; 3319 int i, x; 3320 3321 i = 0; 3322 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3323 3324 /* 3325 * Some broken CHAP implementations (Conware CoNet, firmware 3326 * 4.0.?) don't want to re-authenticate their CHAP once the 3327 * initial challenge-response exchange has taken place. 3328 * Provide for an option to avoid rechallenges. 3329 */ 3330 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 3331 /* 3332 * Compute the re-challenge timeout. This will yield 3333 * a number between 300 and 810 seconds. 3334 */ 3335 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 3336 3337 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3338 sp->ch[IDX_CHAP] = 3339 #endif 3340 timeout(chap.TO, (void *)sp, i * hz); 3341 } 3342 3343 if (debug) { 3344 log(LOG_DEBUG, 3345 SPP_FMT "chap %s, ", 3346 SPP_ARGS(ifp), 3347 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 3348 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 3349 addlog("next re-challenge in %d seconds\n", i); 3350 else 3351 addlog("re-challenging supressed\n"); 3352 } 3353 3354 x = splimp(); 3355 /* indicate to LCP that we need to be closed down */ 3356 sp->lcp.protos |= (1 << IDX_CHAP); 3357 3358 if (sp->pp_flags & PP_NEEDAUTH) { 3359 /* 3360 * Remote is authenticator, but his auth proto didn't 3361 * complete yet. Defer the transition to network 3362 * phase. 3363 */ 3364 splx(x); 3365 return; 3366 } 3367 splx(x); 3368 3369 /* 3370 * If we are already in phase network, we are done here. This 3371 * is the case if this is a dummy tlu event after a re-challenge. 3372 */ 3373 if (sp->pp_phase != PHASE_NETWORK) 3374 sppp_phase_network(sp); 3375 } 3376 3377 static void 3378 sppp_chap_tld(struct sppp *sp) 3379 { 3380 STDDCL; 3381 3382 if (debug) 3383 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 3384 untimeout(chap.TO, (void *)sp 3385 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3386 , sp->ch[IDX_CHAP] 3387 #endif 3388 ); 3389 sp->lcp.protos &= ~(1 << IDX_CHAP); 3390 3391 lcp.Close(sp); 3392 } 3393 3394 static void 3395 sppp_chap_scr(struct sppp *sp) 3396 { 3397 struct timeval tv; 3398 u_long *ch, seed; 3399 u_char clen; 3400 3401 /* Compute random challenge. */ 3402 ch = (u_long *)sp->myauth.challenge; 3403 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3404 read_random(&seed, sizeof seed); 3405 #else 3406 microtime(&tv); 3407 seed = tv.tv_sec ^ tv.tv_usec; 3408 #endif 3409 ch[0] = seed ^ random(); 3410 ch[1] = seed ^ random(); 3411 ch[2] = seed ^ random(); 3412 ch[3] = seed ^ random(); 3413 clen = AUTHKEYLEN; 3414 3415 sp->confid[IDX_CHAP] = ++sp->pp_seq; 3416 3417 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 3418 sizeof clen, (const char *)&clen, 3419 (size_t)AUTHKEYLEN, sp->myauth.challenge, 3420 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3421 sp->myauth.name, 3422 0); 3423 } 3424 /* 3426 *--------------------------------------------------------------------------* 3427 * * 3428 * The PAP implementation. * 3429 * * 3430 *--------------------------------------------------------------------------* 3431 */ 3432 /* 3433 * For PAP, we need to keep a little state also if we are the peer, not the 3434 * authenticator. This is since we don't get a request to authenticate, but 3435 * have to repeatedly authenticate ourself until we got a response (or the 3436 * retry counter is expired). 3437 */ 3438 3439 /* 3440 * Handle incoming PAP packets. */ 3441 static void 3442 sppp_pap_input(struct sppp *sp, struct mbuf *m) 3443 { 3444 STDDCL; 3445 struct lcp_header *h; 3446 int len, x; 3447 u_char *name, *passwd, mlen; 3448 int name_len, passwd_len; 3449 3450 len = m->m_pkthdr.len; 3451 if (len < 5) { 3452 if (debug) 3453 log(LOG_DEBUG, 3454 SPP_FMT "pap invalid packet length: %d bytes\n", 3455 SPP_ARGS(ifp), len); 3456 return; 3457 } 3458 h = mtod (m, struct lcp_header*); 3459 if (len > ntohs (h->len)) 3460 len = ntohs (h->len); 3461 switch (h->type) { 3462 /* PAP request is my authproto */ 3463 case PAP_REQ: 3464 name = 1 + (u_char*)(h+1); 3465 name_len = name[-1]; 3466 passwd = name + name_len + 1; 3467 if (name_len > len - 6 || 3468 (passwd_len = passwd[-1]) > len - 6 - name_len) { 3469 if (debug) { 3470 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3471 "<%s id=0x%x len=%d", 3472 SPP_ARGS(ifp), 3473 sppp_auth_type_name(PPP_PAP, h->type), 3474 h->ident, ntohs(h->len)); 3475 if (len > 4) 3476 sppp_print_bytes((u_char*)(h+1), len-4); 3477 addlog(">\n"); 3478 } 3479 break; 3480 } 3481 if (debug) { 3482 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 3483 "<%s id=0x%x len=%d name=", 3484 SPP_ARGS(ifp), 3485 sppp_state_name(sp->state[IDX_PAP]), 3486 sppp_auth_type_name(PPP_PAP, h->type), 3487 h->ident, ntohs(h->len)); 3488 sppp_print_string((char*)name, name_len); 3489 addlog(" passwd="); 3490 sppp_print_string((char*)passwd, passwd_len); 3491 addlog(">\n"); 3492 } 3493 if (name_len > AUTHNAMELEN || 3494 passwd_len > AUTHKEYLEN || 3495 bcmp(name, sp->hisauth.name, name_len) != 0 || 3496 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 3497 /* action scn, tld */ 3498 mlen = sizeof(FAILMSG) - 1; 3499 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 3500 sizeof mlen, (const char *)&mlen, 3501 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3502 0); 3503 pap.tld(sp); 3504 break; 3505 } 3506 /* action sca, perhaps tlu */ 3507 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 3508 sp->state[IDX_PAP] == STATE_OPENED) { 3509 mlen = sizeof(SUCCMSG) - 1; 3510 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 3511 sizeof mlen, (const char *)&mlen, 3512 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3513 0); 3514 } 3515 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 3516 sppp_cp_change_state(&pap, sp, STATE_OPENED); 3517 pap.tlu(sp); 3518 } 3519 break; 3520 3521 /* ack and nak are his authproto */ 3522 case PAP_ACK: 3523 untimeout(sppp_pap_my_TO, (void *)sp 3524 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3525 , sp->pap_my_to_ch 3526 #endif 3527 ); 3528 if (debug) { 3529 log(LOG_DEBUG, SPP_FMT "pap success", 3530 SPP_ARGS(ifp)); 3531 name_len = *((char *)h); 3532 if (len > 5 && name_len) { 3533 addlog(": "); 3534 sppp_print_string((char*)(h+1), name_len); 3535 } 3536 addlog("\n"); 3537 } 3538 x = splimp(); 3539 sp->pp_flags &= ~PP_NEEDAUTH; 3540 if (sp->myauth.proto == PPP_PAP && 3541 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3542 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 3543 /* 3544 * We are authenticator for PAP but didn't 3545 * complete yet. Leave it to tlu to proceed 3546 * to network phase. 3547 */ 3548 splx(x); 3549 break; 3550 } 3551 splx(x); 3552 sppp_phase_network(sp); 3553 break; 3554 3555 case PAP_NAK: 3556 untimeout(sppp_pap_my_TO, (void *)sp 3557 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3558 , sp->pap_my_to_ch 3559 #endif 3560 ); 3561 if (debug) { 3562 log(LOG_INFO, SPP_FMT "pap failure", 3563 SPP_ARGS(ifp)); 3564 name_len = *((char *)h); 3565 if (len > 5 && name_len) { 3566 addlog(": "); 3567 sppp_print_string((char*)(h+1), name_len); 3568 } 3569 addlog("\n"); 3570 } else 3571 log(LOG_INFO, SPP_FMT "pap failure\n", 3572 SPP_ARGS(ifp)); 3573 /* await LCP shutdown by authenticator */ 3574 break; 3575 3576 default: 3577 /* Unknown PAP packet type -- ignore. */ 3578 if (debug) { 3579 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3580 "<0x%x id=0x%x len=%d", 3581 SPP_ARGS(ifp), 3582 h->type, h->ident, ntohs(h->len)); 3583 if (len > 4) 3584 sppp_print_bytes((u_char*)(h+1), len-4); 3585 addlog(">\n"); 3586 } 3587 break; 3588 3589 } 3590 } 3591 3592 static void 3593 sppp_pap_init(struct sppp *sp) 3594 { 3595 /* PAP doesn't have STATE_INITIAL at all. */ 3596 sp->state[IDX_PAP] = STATE_CLOSED; 3597 sp->fail_counter[IDX_PAP] = 0; 3598 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3599 callout_handle_init(&sp->ch[IDX_PAP]); 3600 callout_handle_init(&sp->pap_my_to_ch); 3601 #endif 3602 } 3603 3604 static void 3605 sppp_pap_open(struct sppp *sp) 3606 { 3607 if (sp->hisauth.proto == PPP_PAP && 3608 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3609 /* we are authenticator for PAP, start our timer */ 3610 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3611 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3612 } 3613 if (sp->myauth.proto == PPP_PAP) { 3614 /* we are peer, send a request, and start a timer */ 3615 pap.scr(sp); 3616 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3617 sp->pap_my_to_ch = 3618 #endif 3619 timeout(sppp_pap_my_TO, (void *)sp, sp->lcp.timeout); 3620 } 3621 } 3622 3623 static void 3624 sppp_pap_close(struct sppp *sp) 3625 { 3626 if (sp->state[IDX_PAP] != STATE_CLOSED) 3627 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3628 } 3629 3630 /* 3631 * That's the timeout routine if we are authenticator. Since the 3632 * authenticator is basically passive in PAP, we can't do much here. 3633 */ 3634 static void 3635 sppp_pap_TO(void *cookie) 3636 { 3637 struct sppp *sp = (struct sppp *)cookie; 3638 STDDCL; 3639 int s; 3640 3641 s = splimp(); 3642 if (debug) 3643 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 3644 SPP_ARGS(ifp), 3645 sppp_state_name(sp->state[IDX_PAP]), 3646 sp->rst_counter[IDX_PAP]); 3647 3648 if (--sp->rst_counter[IDX_PAP] < 0) 3649 /* TO- event */ 3650 switch (sp->state[IDX_PAP]) { 3651 case STATE_REQ_SENT: 3652 pap.tld(sp); 3653 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3654 break; 3655 } 3656 else 3657 /* TO+ event, not very much we could do */ 3658 switch (sp->state[IDX_PAP]) { 3659 case STATE_REQ_SENT: 3660 /* sppp_cp_change_state() will restart the timer */ 3661 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3662 break; 3663 } 3664 3665 splx(s); 3666 } 3667 3668 /* 3669 * That's the timeout handler if we are peer. Since the peer is active, 3670 * we need to retransmit our PAP request since it is apparently lost. 3671 * XXX We should impose a max counter. 3672 */ 3673 static void 3674 sppp_pap_my_TO(void *cookie) 3675 { 3676 struct sppp *sp = (struct sppp *)cookie; 3677 STDDCL; 3678 3679 if (debug) 3680 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 3681 SPP_ARGS(ifp)); 3682 3683 pap.scr(sp); 3684 } 3685 3686 static void 3687 sppp_pap_tlu(struct sppp *sp) 3688 { 3689 STDDCL; 3690 int x; 3691 3692 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3693 3694 if (debug) 3695 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 3696 SPP_ARGS(ifp), pap.name); 3697 3698 x = splimp(); 3699 /* indicate to LCP that we need to be closed down */ 3700 sp->lcp.protos |= (1 << IDX_PAP); 3701 3702 if (sp->pp_flags & PP_NEEDAUTH) { 3703 /* 3704 * Remote is authenticator, but his auth proto didn't 3705 * complete yet. Defer the transition to network 3706 * phase. 3707 */ 3708 splx(x); 3709 return; 3710 } 3711 splx(x); 3712 sppp_phase_network(sp); 3713 } 3714 3715 static void 3716 sppp_pap_tld(struct sppp *sp) 3717 { 3718 STDDCL; 3719 3720 if (debug) 3721 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 3722 untimeout(pap.TO, (void *)sp 3723 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3724 , sp->ch[IDX_PAP] 3725 #endif 3726 ); 3727 untimeout(sppp_pap_my_TO, (void *)sp 3728 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3729 , sp->pap_my_to_ch 3730 #endif 3731 ); 3732 sp->lcp.protos &= ~(1 << IDX_PAP); 3733 3734 lcp.Close(sp); 3735 } 3736 3737 static void 3738 sppp_pap_scr(struct sppp *sp) 3739 { 3740 u_char idlen, pwdlen; 3741 3742 sp->confid[IDX_PAP] = ++sp->pp_seq; 3743 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 3744 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 3745 3746 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 3747 sizeof idlen, (const char *)&idlen, 3748 (size_t)idlen, sp->myauth.name, 3749 sizeof pwdlen, (const char *)&pwdlen, 3750 (size_t)pwdlen, sp->myauth.secret, 3751 0); 3752 } 3753 /* 3755 * Random miscellaneous functions. 3756 */ 3757 3758 /* 3759 * Send a PAP or CHAP proto packet. 3760 * 3761 * Varadic function, each of the elements for the ellipsis is of type 3762 * ``size_t mlen, const u_char *msg''. Processing will stop iff 3763 * mlen == 0. 3764 * NOTE: never declare variadic functions with types subject to type 3765 * promotion (i.e. u_char). This is asking for big trouble depending 3766 * on the architecture you are on... 3767 */ 3768 3769 static void 3770 sppp_auth_send(const struct cp *cp, struct sppp *sp, 3771 unsigned int type, unsigned int id, 3772 ...) 3773 { 3774 STDDCL; 3775 struct ppp_header *h; 3776 struct lcp_header *lh; 3777 struct mbuf *m; 3778 u_char *p; 3779 int len; 3780 unsigned int mlen; 3781 const char *msg; 3782 va_list ap; 3783 3784 MGETHDR (m, M_DONTWAIT, MT_DATA); 3785 if (! m) 3786 return; 3787 m->m_pkthdr.rcvif = 0; 3788 3789 h = mtod (m, struct ppp_header*); 3790 h->address = PPP_ALLSTATIONS; /* broadcast address */ 3791 h->control = PPP_UI; /* Unnumbered Info */ 3792 h->protocol = htons(cp->proto); 3793 3794 lh = (struct lcp_header*)(h + 1); 3795 lh->type = type; 3796 lh->ident = id; 3797 p = (u_char*) (lh+1); 3798 3799 va_start(ap, id); 3800 len = 0; 3801 3802 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 3803 msg = va_arg(ap, const char *); 3804 len += mlen; 3805 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 3806 va_end(ap); 3807 m_freem(m); 3808 return; 3809 } 3810 3811 bcopy(msg, p, mlen); 3812 p += mlen; 3813 } 3814 va_end(ap); 3815 3816 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 3817 lh->len = htons (LCP_HEADER_LEN + len); 3818 3819 if (debug) { 3820 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 3821 SPP_ARGS(ifp), cp->name, 3822 sppp_auth_type_name(cp->proto, lh->type), 3823 lh->ident, ntohs(lh->len)); 3824 if (len) 3825 sppp_print_bytes((u_char*) (lh+1), len); 3826 addlog(">\n"); 3827 } 3828 if (IF_QFULL (&sp->pp_cpq)) { 3829 IF_DROP (&sp->pp_fastq); 3830 IF_DROP (&ifp->if_snd); 3831 m_freem (m); 3832 ++ifp->if_oerrors; 3833 } else 3834 IF_ENQUEUE (&sp->pp_cpq, m); 3835 if (! (ifp->if_flags & IFF_OACTIVE)) 3836 (*ifp->if_start) (ifp); 3837 ifp->if_obytes += m->m_pkthdr.len + 3; 3838 } 3839 3840 /* 3841 * Flush interface queue. 3842 */ 3843 static void 3844 sppp_qflush(struct ifqueue *ifq) 3845 { 3846 struct mbuf *m, *n; 3847 3848 n = ifq->ifq_head; 3849 while ((m = n)) { 3850 n = m->m_act; 3851 m_freem (m); 3852 } 3853 ifq->ifq_head = 0; 3854 ifq->ifq_tail = 0; 3855 ifq->ifq_len = 0; 3856 } 3857 3858 /* 3859 * Send keepalive packets, every 10 seconds. 3860 */ 3861 static void 3862 sppp_keepalive(void *dummy) 3863 { 3864 struct sppp *sp; 3865 int s; 3866 3867 s = splimp(); 3868 for (sp=spppq; sp; sp=sp->pp_next) { 3869 struct ifnet *ifp = &sp->pp_if; 3870 3871 /* Keepalive mode disabled or channel down? */ 3872 if (! (sp->pp_flags & PP_KEEPALIVE) || 3873 ! (ifp->if_flags & IFF_RUNNING)) 3874 continue; 3875 3876 /* No keepalive in PPP mode if LCP not opened yet. */ 3877 if (! (sp->pp_flags & PP_CISCO) && 3878 sp->pp_phase < PHASE_AUTHENTICATE) 3879 continue; 3880 3881 if (sp->pp_alivecnt == MAXALIVECNT) { 3882 /* No keepalive packets got. Stop the interface. */ 3883 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 3884 if_down (ifp); 3885 sppp_qflush (&sp->pp_cpq); 3886 if (! (sp->pp_flags & PP_CISCO)) { 3887 /* XXX */ 3888 /* Shut down the PPP link. */ 3889 lcp.Down(sp); 3890 /* Initiate negotiation. XXX */ 3891 lcp.Up(sp); 3892 } 3893 } 3894 if (sp->pp_alivecnt <= MAXALIVECNT) 3895 ++sp->pp_alivecnt; 3896 if (sp->pp_flags & PP_CISCO) 3897 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, ++sp->pp_seq, 3898 sp->pp_rseq); 3899 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 3900 long nmagic = htonl (sp->lcp.magic); 3901 sp->lcp.echoid = ++sp->pp_seq; 3902 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 3903 sp->lcp.echoid, 4, &nmagic); 3904 } 3905 } 3906 splx(s); 3907 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3908 keepalive_ch = 3909 #endif 3910 timeout(sppp_keepalive, 0, hz * 10); 3911 } 3912 3913 /* 3914 * Get both IP addresses. 3915 */ 3916 static void 3917 sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 3918 { 3919 struct ifnet *ifp = &sp->pp_if; 3920 struct ifaddr *ifa; 3921 struct sockaddr_in *si, *sm; 3922 u_long ssrc, ddst; 3923 3924 sm = NULL; 3925 ssrc = ddst = 0L; 3926 /* 3927 * Pick the first AF_INET address from the list, 3928 * aliases don't make any sense on a p2p link anyway. 3929 */ 3930 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3931 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 3932 ifa; 3933 ifa = ifa->ifa_link.tqe_next) 3934 #elif defined(__NetBSD__) || defined (__OpenBSD__) 3935 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 3936 ifa; 3937 ifa = ifa->ifa_list.tqe_next) 3938 #else 3939 for (ifa = ifp->if_addrlist, si = 0; 3940 ifa; 3941 ifa = ifa->ifa_next) 3942 #endif 3943 if (ifa->ifa_addr->sa_family == AF_INET) { 3944 si = (struct sockaddr_in *)ifa->ifa_addr; 3945 sm = (struct sockaddr_in *)ifa->ifa_netmask; 3946 if (si) 3947 break; 3948 } 3949 if (ifa) { 3950 if (si && si->sin_addr.s_addr) { 3951 ssrc = si->sin_addr.s_addr; 3952 if (srcmask) 3953 *srcmask = ntohl(sm->sin_addr.s_addr); 3954 } 3955 3956 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 3957 if (si && si->sin_addr.s_addr) 3958 ddst = si->sin_addr.s_addr; 3959 } 3960 3961 if (dst) *dst = ntohl(ddst); 3962 if (src) *src = ntohl(ssrc); 3963 } 3964 3965 /* 3966 * Set my IP address. Must be called at splimp. 3967 */ 3968 static void 3969 sppp_set_ip_addr(struct sppp *sp, u_long src) 3970 { 3971 STDDCL; 3972 struct ifaddr *ifa; 3973 struct sockaddr_in *si; 3974 3975 /* 3976 * Pick the first AF_INET address from the list, 3977 * aliases don't make any sense on a p2p link anyway. 3978 */ 3979 3980 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3981 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 3982 ifa; 3983 ifa = ifa->ifa_link.tqe_next) 3984 #elif defined(__NetBSD__) || defined (__OpenBSD__) 3985 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 3986 ifa; 3987 ifa = ifa->ifa_list.tqe_next) 3988 #else 3989 for (ifa = ifp->if_addrlist, si = 0; 3990 ifa; 3991 ifa = ifa->ifa_next) 3992 #endif 3993 { 3994 if (ifa->ifa_addr->sa_family == AF_INET) 3995 { 3996 si = (struct sockaddr_in *)ifa->ifa_addr; 3997 if (si) 3998 break; 3999 } 4000 } 4001 4002 if (ifa && si) 4003 { 4004 int error; 4005 #if __NetBSD_Version__ >= 103080000 4006 struct sockaddr_in new_sin = *si; 4007 4008 new_sin.sin_addr.s_addr = htonl(src); 4009 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 4010 if(debug && error) 4011 { 4012 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 4013 " failed, error=%d\n", SPP_ARGS(ifp), error); 4014 } 4015 #else 4016 /* delete old route */ 4017 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4018 if(debug && error) 4019 { 4020 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4021 SPP_ARGS(ifp), error); 4022 } 4023 4024 /* set new address */ 4025 si->sin_addr.s_addr = htonl(src); 4026 4027 /* add new route */ 4028 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4029 if (debug && error) 4030 { 4031 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4032 SPP_ARGS(ifp), error); 4033 } 4034 #endif 4035 } 4036 } 4037 4038 static int 4039 sppp_params(struct sppp *sp, int cmd, void *data) 4040 { 4041 int subcmd; 4042 struct ifreq *ifr = (struct ifreq *)data; 4043 struct spppreq spr; 4044 4045 /* 4046 * ifr->ifr_data is supposed to point to a struct spppreq. 4047 * Check the cmd word first before attempting to fetch all the 4048 * data. 4049 */ 4050 if ((subcmd = fuword(ifr->ifr_data)) == -1) 4051 return EFAULT; 4052 4053 if (copyin((caddr_t)ifr->ifr_data, &spr, sizeof spr) != 0) 4054 return EFAULT; 4055 4056 switch (subcmd) { 4057 case SPPPIOGDEFS: 4058 if (cmd != SIOCGIFGENERIC) 4059 return EINVAL; 4060 /* 4061 * We copy over the entire current state, but clean 4062 * out some of the stuff we don't wanna pass up. 4063 * Remember, SIOCGIFGENERIC is unprotected, and can be 4064 * called by any user. No need to ever get PAP or 4065 * CHAP secrets back to userland anyway. 4066 */ 4067 bcopy(sp, &spr.defs, sizeof(struct sppp)); 4068 bzero(spr.defs.myauth.secret, AUTHKEYLEN); 4069 bzero(spr.defs.myauth.challenge, AUTHKEYLEN); 4070 bzero(spr.defs.hisauth.secret, AUTHKEYLEN); 4071 bzero(spr.defs.hisauth.challenge, AUTHKEYLEN); 4072 return copyout(&spr, (caddr_t)ifr->ifr_data, sizeof spr); 4073 4074 case SPPPIOSDEFS: 4075 if (cmd != SIOCSIFGENERIC) 4076 return EINVAL; 4077 /* 4078 * We have a very specific idea of which fields we allow 4079 * being passed back from userland, so to not clobber our 4080 * current state. For one, we only allow setting 4081 * anything if LCP is in dead phase. Once the LCP 4082 * negotiations started, the authentication settings must 4083 * not be changed again. (The administrator can force an 4084 * ifconfig down in order to get LCP back into dead 4085 * phase.) 4086 * 4087 * Also, we only allow for authentication parameters to be 4088 * specified. 4089 * 4090 * XXX Should allow to set or clear pp_flags. 4091 * 4092 * Finally, if the respective authentication protocol to 4093 * be used is set differently than 0, but the secret is 4094 * passed as all zeros, we don't trash the existing secret. 4095 * This allows an administrator to change the system name 4096 * only without clobbering the secret (which he didn't get 4097 * back in a previous SPPPIOGDEFS call). However, the 4098 * secrets are cleared if the authentication protocol is 4099 * reset to 0. 4100 */ 4101 if (sp->pp_phase != PHASE_DEAD) 4102 return EBUSY; 4103 4104 if ((spr.defs.myauth.proto != 0 && spr.defs.myauth.proto != PPP_PAP && 4105 spr.defs.myauth.proto != PPP_CHAP) || 4106 (spr.defs.hisauth.proto != 0 && spr.defs.hisauth.proto != PPP_PAP && 4107 spr.defs.hisauth.proto != PPP_CHAP)) 4108 return EINVAL; 4109 4110 if (spr.defs.myauth.proto == 0) 4111 /* resetting myauth */ 4112 bzero(&sp->myauth, sizeof sp->myauth); 4113 else { 4114 /* setting/changing myauth */ 4115 sp->myauth.proto = spr.defs.myauth.proto; 4116 bcopy(spr.defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 4117 if (spr.defs.myauth.secret[0] != '\0') 4118 bcopy(spr.defs.myauth.secret, sp->myauth.secret, 4119 AUTHKEYLEN); 4120 } 4121 if (spr.defs.hisauth.proto == 0) 4122 /* resetting hisauth */ 4123 bzero(&sp->hisauth, sizeof sp->hisauth); 4124 else { 4125 /* setting/changing hisauth */ 4126 sp->hisauth.proto = spr.defs.hisauth.proto; 4127 sp->hisauth.flags = spr.defs.hisauth.flags; 4128 bcopy(spr.defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 4129 if (spr.defs.hisauth.secret[0] != '\0') 4130 bcopy(spr.defs.hisauth.secret, sp->hisauth.secret, 4131 AUTHKEYLEN); 4132 } 4133 break; 4134 4135 default: 4136 return EINVAL; 4137 } 4138 4139 return 0; 4140 } 4141 4142 static void 4143 sppp_phase_network(struct sppp *sp) 4144 { 4145 STDDCL; 4146 int i; 4147 u_long mask; 4148 4149 sp->pp_phase = PHASE_NETWORK; 4150 4151 if(debug) 4152 { 4153 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 4154 sppp_phase_name(sp->pp_phase)); 4155 } 4156 4157 /* Notify NCPs now. */ 4158 for (i = 0; i < IDX_COUNT; i++) 4159 if ((cps[i])->flags & CP_NCP) 4160 (cps[i])->Open(sp); 4161 4162 /* Send Up events to all NCPs. */ 4163 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 4164 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP)) 4165 (cps[i])->Up(sp); 4166 4167 /* if no NCP is starting, all this was in vain, close down */ 4168 sppp_lcp_check_and_close(sp); 4169 } 4170 4171 4172 static const char * 4173 sppp_cp_type_name(u_char type) 4174 { 4175 static char buf[12]; 4176 switch (type) { 4177 case CONF_REQ: return "conf-req"; 4178 case CONF_ACK: return "conf-ack"; 4179 case CONF_NAK: return "conf-nak"; 4180 case CONF_REJ: return "conf-rej"; 4181 case TERM_REQ: return "term-req"; 4182 case TERM_ACK: return "term-ack"; 4183 case CODE_REJ: return "code-rej"; 4184 case PROTO_REJ: return "proto-rej"; 4185 case ECHO_REQ: return "echo-req"; 4186 case ECHO_REPLY: return "echo-reply"; 4187 case DISC_REQ: return "discard-req"; 4188 } 4189 sprintf (buf, "0x%x", type); 4190 return buf; 4191 } 4192 4193 static const char * 4194 sppp_auth_type_name(u_short proto, u_char type) 4195 { 4196 static char buf[12]; 4197 switch (proto) { 4198 case PPP_CHAP: 4199 switch (type) { 4200 case CHAP_CHALLENGE: return "challenge"; 4201 case CHAP_RESPONSE: return "response"; 4202 case CHAP_SUCCESS: return "success"; 4203 case CHAP_FAILURE: return "failure"; 4204 } 4205 case PPP_PAP: 4206 switch (type) { 4207 case PAP_REQ: return "req"; 4208 case PAP_ACK: return "ack"; 4209 case PAP_NAK: return "nak"; 4210 } 4211 } 4212 sprintf (buf, "0x%x", type); 4213 return buf; 4214 } 4215 4216 static const char * 4217 sppp_lcp_opt_name(u_char opt) 4218 { 4219 static char buf[12]; 4220 switch (opt) { 4221 case LCP_OPT_MRU: return "mru"; 4222 case LCP_OPT_ASYNC_MAP: return "async-map"; 4223 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 4224 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 4225 case LCP_OPT_MAGIC: return "magic"; 4226 case LCP_OPT_PROTO_COMP: return "proto-comp"; 4227 case LCP_OPT_ADDR_COMP: return "addr-comp"; 4228 } 4229 sprintf (buf, "0x%x", opt); 4230 return buf; 4231 } 4232 4233 static const char * 4234 sppp_ipcp_opt_name(u_char opt) 4235 { 4236 static char buf[12]; 4237 switch (opt) { 4238 case IPCP_OPT_ADDRESSES: return "addresses"; 4239 case IPCP_OPT_COMPRESSION: return "compression"; 4240 case IPCP_OPT_ADDRESS: return "address"; 4241 } 4242 sprintf (buf, "0x%x", opt); 4243 return buf; 4244 } 4245 4246 static const char * 4247 sppp_state_name(int state) 4248 { 4249 switch (state) { 4250 case STATE_INITIAL: return "initial"; 4251 case STATE_STARTING: return "starting"; 4252 case STATE_CLOSED: return "closed"; 4253 case STATE_STOPPED: return "stopped"; 4254 case STATE_CLOSING: return "closing"; 4255 case STATE_STOPPING: return "stopping"; 4256 case STATE_REQ_SENT: return "req-sent"; 4257 case STATE_ACK_RCVD: return "ack-rcvd"; 4258 case STATE_ACK_SENT: return "ack-sent"; 4259 case STATE_OPENED: return "opened"; 4260 } 4261 return "illegal"; 4262 } 4263 4264 static const char * 4265 sppp_phase_name(enum ppp_phase phase) 4266 { 4267 switch (phase) { 4268 case PHASE_DEAD: return "dead"; 4269 case PHASE_ESTABLISH: return "establish"; 4270 case PHASE_TERMINATE: return "terminate"; 4271 case PHASE_AUTHENTICATE: return "authenticate"; 4272 case PHASE_NETWORK: return "network"; 4273 } 4274 return "illegal"; 4275 } 4276 4277 static const char * 4278 sppp_proto_name(u_short proto) 4279 { 4280 static char buf[12]; 4281 switch (proto) { 4282 case PPP_LCP: return "lcp"; 4283 case PPP_IPCP: return "ipcp"; 4284 case PPP_PAP: return "pap"; 4285 case PPP_CHAP: return "chap"; 4286 } 4287 sprintf(buf, "0x%x", (unsigned)proto); 4288 return buf; 4289 } 4290 4291 static void 4292 sppp_print_bytes(const u_char *p, u_short len) 4293 { 4294 addlog(" %02x", *p++); 4295 while (--len > 0) 4296 addlog("-%02x", *p++); 4297 } 4298 4299 static void 4300 sppp_print_string(const char *p, u_short len) 4301 { 4302 u_char c; 4303 4304 while (len-- > 0) { 4305 c = *p++; 4306 /* 4307 * Print only ASCII chars directly. RFC 1994 recommends 4308 * using only them, but we don't rely on it. */ 4309 if (c < ' ' || c > '~') 4310 addlog("\\x%x", c); 4311 else 4312 addlog("%c", c); 4313 } 4314 } 4315 4316 static const char * 4317 sppp_dotted_quad(u_long addr) 4318 { 4319 static char s[16]; 4320 sprintf(s, "%d.%d.%d.%d", 4321 (int)((addr >> 24) & 0xff), 4322 (int)((addr >> 16) & 0xff), 4323 (int)((addr >> 8) & 0xff), 4324 (int)(addr & 0xff)); 4325 return s; 4326 } 4327 4328 static int 4329 sppp_strnlen(u_char *p, int max) 4330 { 4331 int len; 4332 4333 for (len = 0; len < max && *p; ++p) 4334 ++len; 4335 return len; 4336 } 4337 4338 /* a dummy, used to drop uninteresting events */ 4339 static void 4340 sppp_null(struct sppp *unused) 4341 { 4342 /* do just nothing */ 4343 } 4344 /* 4345 * This file is large. Tell emacs to highlight it nevertheless. 4346 * 4347 * Local Variables: 4348 * hilit-auto-highlight-maxout: 120000 4349 * End: 4350 */ 4351
Indexes created Fri Sep 26 20:09:58 GMT 2025