if_spppsubr.c revision 1.46.4.6
1 /* $NetBSD: if_spppsubr.c,v 1.46.4.6 2003/01/28 18:28:12 jmc Exp $ */ 2 3 /* 4 * Synchronous PPP/Cisco link level subroutines. 5 * Keepalive protocol implemented in both Cisco and PPP modes. 6 * 7 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 8 * Author: Serge Vakulenko, <vak (at) cronyx.ru> 9 * 10 * Heavily revamped to conform to RFC 1661. 11 * Copyright (C) 1997, Joerg Wunsch. 12 * 13 * RFC2472 IPv6CP support. 14 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun (at) iijlab.net>. 15 * 16 * This software is distributed with NO WARRANTIES, not even the implied 17 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 18 * 19 * Authors grant any other persons or organisations permission to use 20 * or modify this software as long as this message is kept with the software, 21 * all derivative works or modified versions. 22 * 23 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 24 * 25 * From: if_spppsubr.c,v 1.39 1998/04/04 13:26:03 phk Exp 26 * 27 * From: Id: if_spppsubr.c,v 1.23 1999/02/23 14:47:50 hm Exp 28 */ 29 30 #include <sys/cdefs.h> 31 __KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.46.4.6 2003/01/28 18:28:12 jmc Exp $"); 32 33 #include "opt_inet.h" 34 #include "opt_ipx.h" 35 #include "opt_iso.h" 36 #include "opt_ns.h" 37 38 #include <sys/param.h> 39 #include <sys/proc.h> 40 #include <sys/systm.h> 41 #include <sys/kernel.h> 42 #include <sys/sockio.h> 43 #include <sys/socket.h> 44 #include <sys/syslog.h> 45 #include <sys/malloc.h> 46 #include <sys/mbuf.h> 47 #include <sys/callout.h> 48 #include <sys/md5.h> 49 #include <sys/inttypes.h> 50 51 #include <net/if.h> 52 #include <net/netisr.h> 53 #include <net/if_types.h> 54 #include <net/route.h> 55 #include <net/ppp_defs.h> 56 57 #include <machine/stdarg.h> 58 59 #include <netinet/in.h> 60 #include <netinet/in_systm.h> 61 #include <netinet/in_var.h> 62 #ifdef INET 63 #include <netinet/ip.h> 64 #include <netinet/tcp.h> 65 #endif 66 #include <net/ethertypes.h> 67 68 #ifdef IPX 69 #include <netipx/ipx.h> 70 #include <netipx/ipx_if.h> 71 #endif 72 73 #ifdef NS 74 #include <netns/ns.h> 75 #include <netns/ns_if.h> 76 #endif 77 78 #ifdef ISO 79 #include <netiso/argo_debug.h> 80 #include <netiso/iso.h> 81 #include <netiso/iso_var.h> 82 #include <netiso/iso_snpac.h> 83 #endif 84 85 #include <net/if_sppp.h> 86 #include <net/if_spppvar.h> 87 88 #define MAXALIVECNT 3 /* max. alive packets */ 89 #define DEFAULT_MAX_AUTH_FAILURES 5 /* max. auth. failures */ 90 91 /* 92 * Interface flags that can be set in an ifconfig command. 93 * 94 * Setting link0 will make the link passive, i.e. it will be marked 95 * as being administrative openable, but won't be opened to begin 96 * with. Incoming calls will be answered, or subsequent calls with 97 * -link1 will cause the administrative open of the LCP layer. 98 * 99 * Setting link1 will cause the link to auto-dial only as packets 100 * arrive to be sent. 101 * 102 * Setting IFF_DEBUG will syslog the option negotiation and state 103 * transitions at level kern.debug. Note: all logs consistently look 104 * like 105 * 106 * <if-name><unit>: <proto-name> <additional info...> 107 * 108 * with <if-name><unit> being something like "bppp0", and <proto-name> 109 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 110 */ 111 112 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 113 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 114 115 #define CONF_REQ 1 /* PPP configure request */ 116 #define CONF_ACK 2 /* PPP configure acknowledge */ 117 #define CONF_NAK 3 /* PPP configure negative ack */ 118 #define CONF_REJ 4 /* PPP configure reject */ 119 #define TERM_REQ 5 /* PPP terminate request */ 120 #define TERM_ACK 6 /* PPP terminate acknowledge */ 121 #define CODE_REJ 7 /* PPP code reject */ 122 #define PROTO_REJ 8 /* PPP protocol reject */ 123 #define ECHO_REQ 9 /* PPP echo request */ 124 #define ECHO_REPLY 10 /* PPP echo reply */ 125 #define DISC_REQ 11 /* PPP discard request */ 126 127 #define LCP_OPT_MRU 1 /* maximum receive unit */ 128 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 129 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 130 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 131 #define LCP_OPT_MAGIC 5 /* magic number */ 132 #define LCP_OPT_RESERVED 6 /* reserved */ 133 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 134 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 135 136 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 137 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol */ 138 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 139 #define IPCP_OPT_PRIMDNS 129 /* primary remote dns address */ 140 #define IPCP_OPT_SECDNS 131 /* secondary remote dns address */ 141 142 #define IPV6CP_OPT_IFID 1 /* interface identifier */ 143 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 144 145 #define PAP_REQ 1 /* PAP name/password request */ 146 #define PAP_ACK 2 /* PAP acknowledge */ 147 #define PAP_NAK 3 /* PAP fail */ 148 149 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 150 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 151 #define CHAP_SUCCESS 3 /* CHAP response ok */ 152 #define CHAP_FAILURE 4 /* CHAP response failed */ 153 154 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 155 156 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 157 #define CISCO_UNICAST 0x0f /* Cisco unicast address */ 158 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 159 #define CISCO_ADDR_REQ 0 /* Cisco address request */ 160 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 161 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 162 163 /* states are named and numbered according to RFC 1661 */ 164 #define STATE_INITIAL 0 165 #define STATE_STARTING 1 166 #define STATE_CLOSED 2 167 #define STATE_STOPPED 3 168 #define STATE_CLOSING 4 169 #define STATE_STOPPING 5 170 #define STATE_REQ_SENT 6 171 #define STATE_ACK_RCVD 7 172 #define STATE_ACK_SENT 8 173 #define STATE_OPENED 9 174 175 struct ppp_header { 176 u_char address; 177 u_char control; 178 u_short protocol; 179 } __attribute__((__packed__)); 180 #define PPP_HEADER_LEN sizeof (struct ppp_header) 181 182 struct lcp_header { 183 u_char type; 184 u_char ident; 185 u_short len; 186 } __attribute__((__packed__)); 187 #define LCP_HEADER_LEN sizeof (struct lcp_header) 188 189 struct cisco_packet { 190 u_int32_t type; 191 u_int32_t par1; 192 u_int32_t par2; 193 u_short rel; 194 u_short time0; 195 u_short time1; 196 } __attribute__((__packed__)); 197 #define CISCO_PACKET_LEN 18 198 199 /* 200 * We follow the spelling and capitalization of RFC 1661 here, to make 201 * it easier comparing with the standard. Please refer to this RFC in 202 * case you can't make sense out of these abbreviation; it will also 203 * explain the semantics related to the various events and actions. 204 */ 205 struct cp { 206 u_short proto; /* PPP control protocol number */ 207 u_char protoidx; /* index into state table in struct sppp */ 208 u_char flags; 209 #define CP_LCP 0x01 /* this is the LCP */ 210 #define CP_AUTH 0x02 /* this is an authentication protocol */ 211 #define CP_NCP 0x04 /* this is a NCP */ 212 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 213 const char *name; /* name of this control protocol */ 214 /* event handlers */ 215 void (*Up)(struct sppp *sp); 216 void (*Down)(struct sppp *sp); 217 void (*Open)(struct sppp *sp); 218 void (*Close)(struct sppp *sp); 219 void (*TO)(void *sp); 220 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 221 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 222 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 223 /* actions */ 224 void (*tlu)(struct sppp *sp); 225 void (*tld)(struct sppp *sp); 226 void (*tls)(struct sppp *sp); 227 void (*tlf)(struct sppp *sp); 228 void (*scr)(struct sppp *sp); 229 }; 230 231 static struct sppp *spppq; 232 static struct callout keepalive_ch; 233 234 #ifdef __FreeBSD__ 235 #define SPP_FMT "%s%d: " 236 #define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 237 #else 238 #define SPP_FMT "%s: " 239 #define SPP_ARGS(ifp) (ifp)->if_xname 240 #endif 241 242 #ifdef INET 243 /* 244 * The following disgusting hack gets around the problem that IP TOS 245 * can't be set yet. We want to put "interactive" traffic on a high 246 * priority queue. To decide if traffic is interactive, we check that 247 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 248 * 249 * XXX is this really still necessary? - joerg - 250 */ 251 static u_short interactive_ports[8] = { 252 0, 513, 0, 0, 253 0, 21, 0, 23, 254 }; 255 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 256 #endif 257 258 /* almost every function needs these */ 259 #define STDDCL \ 260 struct ifnet *ifp = &sp->pp_if; \ 261 int debug = ifp->if_flags & IFF_DEBUG 262 263 static int sppp_output(struct ifnet *ifp, struct mbuf *m, 264 struct sockaddr *dst, struct rtentry *rt); 265 266 static void sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2); 267 static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 268 269 static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 270 struct mbuf *m); 271 static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 272 u_char ident, u_short len, void *data); 273 /* static void sppp_cp_timeout(void *arg); */ 274 static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 275 int newstate); 276 static void sppp_auth_send(const struct cp *cp, 277 struct sppp *sp, unsigned int type, unsigned int id, 278 ...); 279 280 static void sppp_up_event(const struct cp *cp, struct sppp *sp); 281 static void sppp_down_event(const struct cp *cp, struct sppp *sp); 282 static void sppp_open_event(const struct cp *cp, struct sppp *sp); 283 static void sppp_close_event(const struct cp *cp, struct sppp *sp); 284 static void sppp_to_event(const struct cp *cp, struct sppp *sp); 285 286 static void sppp_null(struct sppp *sp); 287 288 static void sppp_lcp_init(struct sppp *sp); 289 static void sppp_lcp_up(struct sppp *sp); 290 static void sppp_lcp_down(struct sppp *sp); 291 static void sppp_lcp_open(struct sppp *sp); 292 static void sppp_lcp_close(struct sppp *sp); 293 static void sppp_lcp_TO(void *sp); 294 static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 295 static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 296 static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 297 static void sppp_lcp_tlu(struct sppp *sp); 298 static void sppp_lcp_tld(struct sppp *sp); 299 static void sppp_lcp_tls(struct sppp *sp); 300 static void sppp_lcp_tlf(struct sppp *sp); 301 static void sppp_lcp_scr(struct sppp *sp); 302 static void sppp_lcp_check_and_close(struct sppp *sp); 303 static int sppp_ncp_check(struct sppp *sp); 304 305 static void sppp_ipcp_init(struct sppp *sp); 306 static void sppp_ipcp_up(struct sppp *sp); 307 static void sppp_ipcp_down(struct sppp *sp); 308 static void sppp_ipcp_open(struct sppp *sp); 309 static void sppp_ipcp_close(struct sppp *sp); 310 static void sppp_ipcp_TO(void *sp); 311 static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 312 static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 313 static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 314 static void sppp_ipcp_tlu(struct sppp *sp); 315 static void sppp_ipcp_tld(struct sppp *sp); 316 static void sppp_ipcp_tls(struct sppp *sp); 317 static void sppp_ipcp_tlf(struct sppp *sp); 318 static void sppp_ipcp_scr(struct sppp *sp); 319 320 static void sppp_ipv6cp_init(struct sppp *sp); 321 static void sppp_ipv6cp_up(struct sppp *sp); 322 static void sppp_ipv6cp_down(struct sppp *sp); 323 static void sppp_ipv6cp_open(struct sppp *sp); 324 static void sppp_ipv6cp_close(struct sppp *sp); 325 static void sppp_ipv6cp_TO(void *sp); 326 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 327 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 328 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 329 static void sppp_ipv6cp_tlu(struct sppp *sp); 330 static void sppp_ipv6cp_tld(struct sppp *sp); 331 static void sppp_ipv6cp_tls(struct sppp *sp); 332 static void sppp_ipv6cp_tlf(struct sppp *sp); 333 static void sppp_ipv6cp_scr(struct sppp *sp); 334 335 static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 336 static void sppp_pap_init(struct sppp *sp); 337 static void sppp_pap_open(struct sppp *sp); 338 static void sppp_pap_close(struct sppp *sp); 339 static void sppp_pap_TO(void *sp); 340 static void sppp_pap_my_TO(void *sp); 341 static void sppp_pap_tlu(struct sppp *sp); 342 static void sppp_pap_tld(struct sppp *sp); 343 static void sppp_pap_scr(struct sppp *sp); 344 345 static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 346 static void sppp_chap_init(struct sppp *sp); 347 static void sppp_chap_open(struct sppp *sp); 348 static void sppp_chap_close(struct sppp *sp); 349 static void sppp_chap_TO(void *sp); 350 static void sppp_chap_tlu(struct sppp *sp); 351 static void sppp_chap_tld(struct sppp *sp); 352 static void sppp_chap_scr(struct sppp *sp); 353 354 static const char *sppp_auth_type_name(u_short proto, u_char type); 355 static const char *sppp_cp_type_name(u_char type); 356 static const char *sppp_dotted_quad(u_int32_t addr); 357 static const char *sppp_ipcp_opt_name(u_char opt); 358 #ifdef INET6 359 static const char *sppp_ipv6cp_opt_name(u_char opt); 360 #endif 361 static const char *sppp_lcp_opt_name(u_char opt); 362 static const char *sppp_phase_name(int phase); 363 static const char *sppp_proto_name(u_short proto); 364 static const char *sppp_state_name(int state); 365 static int sppp_params(struct sppp *sp, int cmd, void *data); 366 static void sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, 367 u_int32_t *srcmask); 368 static void sppp_keepalive(void *dummy); 369 static void sppp_phase_network(struct sppp *sp); 370 static void sppp_print_bytes(const u_char *p, u_short len); 371 static void sppp_print_string(const char *p, u_short len); 372 static void sppp_set_ip_addrs(struct sppp *sp, u_int32_t myaddr, u_int32_t hisaddr); 373 static void sppp_clear_ip_addrs(struct sppp *sp); 374 #ifdef INET6 375 static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 376 struct in6_addr *dst, struct in6_addr *srcmask); 377 #ifdef IPV6CP_MYIFID_DYN 378 static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 379 static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 380 #endif 381 static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 382 #endif 383 384 /* our control protocol descriptors */ 385 static const struct cp lcp = { 386 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 387 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 388 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 389 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 390 sppp_lcp_scr 391 }; 392 393 static const struct cp ipcp = { 394 PPP_IPCP, IDX_IPCP, 395 #ifdef INET 396 CP_NCP, /*don't run IPCP if there's no IPv4 support*/ 397 #else 398 0, 399 #endif 400 "ipcp", 401 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 402 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 403 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 404 sppp_ipcp_scr 405 }; 406 407 static const struct cp ipv6cp = { 408 PPP_IPV6CP, IDX_IPV6CP, 409 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 410 CP_NCP, 411 #else 412 0, 413 #endif 414 "ipv6cp", 415 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 416 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 417 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 418 sppp_ipv6cp_scr 419 }; 420 421 static const struct cp pap = { 422 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 423 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 424 sppp_pap_TO, 0, 0, 0, 425 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 426 sppp_pap_scr 427 }; 428 429 static const struct cp chap = { 430 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 431 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 432 sppp_chap_TO, 0, 0, 0, 433 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 434 sppp_chap_scr 435 }; 436 437 static const struct cp *cps[IDX_COUNT] = { 438 &lcp, /* IDX_LCP */ 439 &ipcp, /* IDX_IPCP */ 440 &ipv6cp, /* IDX_IPV6CP */ 441 &pap, /* IDX_PAP */ 442 &chap, /* IDX_CHAP */ 443 }; 444 445 446 /* 447 * Exported functions, comprising our interface to the lower layer. 448 */ 449 450 /* 451 * Process the received packet. 452 */ 453 void 454 sppp_input(struct ifnet *ifp, struct mbuf *m) 455 { 456 struct ppp_header *h = NULL; 457 struct ifqueue *inq = 0; 458 u_int16_t protocol; 459 int s; 460 struct sppp *sp = (struct sppp *)ifp; 461 int debug = ifp->if_flags & IFF_DEBUG; 462 463 if (ifp->if_flags & IFF_UP) 464 /* Count received bytes, add hardware framing */ 465 ifp->if_ibytes += m->m_pkthdr.len + sp->pp_framebytes; 466 467 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 468 /* Too small packet, drop it. */ 469 if (debug) 470 log(LOG_DEBUG, 471 SPP_FMT "input packet is too small, %d bytes\n", 472 SPP_ARGS(ifp), m->m_pkthdr.len); 473 drop: 474 ++ifp->if_ierrors; 475 ++ifp->if_iqdrops; 476 m_freem (m); 477 return; 478 } 479 480 if (sp->pp_flags & PP_NOFRAMING) { 481 memcpy(&protocol, mtod(m, void *), 2); 482 protocol = ntohs(protocol); 483 m_adj(m, 2); 484 } else { 485 486 /* Get PPP header. */ 487 h = mtod (m, struct ppp_header*); 488 m_adj (m, PPP_HEADER_LEN); 489 490 switch (h->address) { 491 case PPP_ALLSTATIONS: 492 if (h->control != PPP_UI) 493 goto invalid; 494 if (sp->pp_flags & PP_CISCO) { 495 if (debug) 496 log(LOG_DEBUG, 497 SPP_FMT "PPP packet in Cisco mode " 498 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 499 SPP_ARGS(ifp), 500 h->address, h->control, ntohs(h->protocol)); 501 goto drop; 502 } 503 break; 504 case CISCO_MULTICAST: 505 case CISCO_UNICAST: 506 /* Don't check the control field here (RFC 1547). */ 507 if (! (sp->pp_flags & PP_CISCO)) { 508 if (debug) 509 log(LOG_DEBUG, 510 SPP_FMT "Cisco packet in PPP mode " 511 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 512 SPP_ARGS(ifp), 513 h->address, h->control, ntohs(h->protocol)); 514 goto drop; 515 } 516 switch (ntohs (h->protocol)) { 517 default: 518 ++ifp->if_noproto; 519 goto invalid; 520 case CISCO_KEEPALIVE: 521 sppp_cisco_input ((struct sppp*) ifp, m); 522 m_freem (m); 523 return; 524 #ifdef INET 525 case ETHERTYPE_IP: 526 schednetisr (NETISR_IP); 527 inq = &ipintrq; 528 break; 529 #endif 530 #ifdef INET6 531 case ETHERTYPE_IPV6: 532 schednetisr (NETISR_IPV6); 533 inq = &ip6intrq; 534 break; 535 #endif 536 #ifdef IPX 537 case ETHERTYPE_IPX: 538 schednetisr (NETISR_IPX); 539 inq = &ipxintrq; 540 break; 541 #endif 542 #ifdef NS 543 case ETHERTYPE_NS: 544 schednetisr (NETISR_NS); 545 inq = &nsintrq; 546 break; 547 #endif 548 } 549 goto queue_pkt; 550 default: /* Invalid PPP packet. */ 551 invalid: 552 if (debug) 553 log(LOG_DEBUG, 554 SPP_FMT "invalid input packet " 555 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 556 SPP_ARGS(ifp), 557 h->address, h->control, ntohs(h->protocol)); 558 goto drop; 559 } 560 protocol = ntohs (h->protocol); 561 } 562 563 switch (protocol) { 564 default: 565 if (sp->state[IDX_LCP] == STATE_OPENED) { 566 u_int16_t prot = htons(protocol); 567 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 568 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 569 &prot); 570 } 571 if (debug) 572 log(LOG_DEBUG, 573 SPP_FMT "invalid input protocol " 574 "<proto=0x%x>\n", SPP_ARGS(ifp), ntohs(protocol)); 575 ++ifp->if_noproto; 576 goto drop; 577 case PPP_LCP: 578 sppp_cp_input(&lcp, sp, m); 579 m_freem (m); 580 return; 581 case PPP_PAP: 582 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) 583 sppp_pap_input(sp, m); 584 m_freem (m); 585 return; 586 case PPP_CHAP: 587 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) 588 sppp_chap_input(sp, m); 589 m_freem (m); 590 return; 591 #ifdef INET 592 case PPP_IPCP: 593 if (sp->pp_phase == SPPP_PHASE_NETWORK) 594 sppp_cp_input(&ipcp, sp, m); 595 m_freem (m); 596 return; 597 case PPP_IP: 598 if (sp->state[IDX_IPCP] == STATE_OPENED) { 599 schednetisr (NETISR_IP); 600 inq = &ipintrq; 601 sp->pp_last_activity = time.tv_sec; 602 } 603 break; 604 #endif 605 #ifdef INET6 606 case PPP_IPV6CP: 607 if (sp->pp_phase == SPPP_PHASE_NETWORK) 608 sppp_cp_input(&ipv6cp, sp, m); 609 m_freem (m); 610 return; 611 612 case PPP_IPV6: 613 if (sp->state[IDX_IPV6CP] == STATE_OPENED) { 614 schednetisr (NETISR_IPV6); 615 inq = &ip6intrq; 616 sp->pp_last_activity = time.tv_sec; 617 } 618 break; 619 #endif 620 #ifdef IPX 621 case PPP_IPX: 622 /* IPX IPXCP not implemented yet */ 623 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 624 schednetisr (NETISR_IPX); 625 inq = &ipxintrq; 626 } 627 break; 628 #endif 629 #ifdef NS 630 case PPP_XNS: 631 /* XNS IDPCP not implemented yet */ 632 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 633 schednetisr (NETISR_NS); 634 inq = &nsintrq; 635 } 636 break; 637 #endif 638 #ifdef ISO 639 case PPP_ISO: 640 /* OSI NLCP not implemented yet */ 641 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 642 schednetisr (NETISR_ISO); 643 inq = &clnlintrq; 644 } 645 break; 646 #endif 647 } 648 649 queue_pkt: 650 if (! (ifp->if_flags & IFF_UP) || ! inq) 651 goto drop; 652 653 /* Check queue. */ 654 s = splnet(); 655 if (IF_QFULL (inq)) { 656 /* Queue overflow. */ 657 IF_DROP(inq); 658 splx(s); 659 if (debug) 660 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 661 SPP_ARGS(ifp)); 662 goto drop; 663 } 664 IF_ENQUEUE(inq, m); 665 splx(s); 666 } 667 668 /* 669 * Enqueue transmit packet. 670 */ 671 static int 672 sppp_output(struct ifnet *ifp, struct mbuf *m, 673 struct sockaddr *dst, struct rtentry *rt) 674 { 675 struct sppp *sp = (struct sppp*) ifp; 676 struct ppp_header *h = NULL; 677 struct ifqueue *ifq = NULL; /* XXX */ 678 int s, len, rv = 0; 679 u_int16_t protocol; 680 ALTQ_DECL(struct altq_pktattr pktattr;) 681 682 s = splnet(); 683 684 sp->pp_last_activity = time.tv_sec; 685 686 if ((ifp->if_flags & IFF_UP) == 0 || 687 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 688 m_freem (m); 689 splx (s); 690 return (ENETDOWN); 691 } 692 693 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 694 /* 695 * Interface is not yet running, but auto-dial. Need 696 * to start LCP for it. 697 */ 698 ifp->if_flags |= IFF_RUNNING; 699 splx(s); 700 lcp.Open(sp); 701 s = splnet(); 702 } 703 704 /* 705 * If the queueing discipline needs packet classification, 706 * do it before prepending link headers. 707 */ 708 IFQ_CLASSIFY(&ifp->if_snd, m, dst->sa_family, &pktattr); 709 710 #ifdef INET 711 if (dst->sa_family == AF_INET) { 712 struct ip *ip = NULL; 713 struct tcphdr *th = NULL; 714 715 if (m->m_len >= sizeof(struct ip)) { 716 ip = mtod (m, struct ip*); 717 if (ip->ip_p == IPPROTO_TCP && 718 m->m_len >= sizeof(struct ip) + (ip->ip_hl << 2) + 719 sizeof(struct tcphdr)) { 720 th = (struct tcphdr *) 721 ((caddr_t)ip + (ip->ip_hl << 2)); 722 } 723 } else 724 ip = NULL; 725 726 /* 727 * When using dynamic local IP address assignment by using 728 * 0.0.0.0 as a local address, the first TCP session will 729 * not connect because the local TCP checksum is computed 730 * using 0.0.0.0 which will later become our real IP address 731 * so the TCP checksum computed at the remote end will 732 * become invalid. So we 733 * - don't let packets with src ip addr 0 thru 734 * - we flag TCP packets with src ip 0 as an error 735 */ 736 if (ip && ip->ip_src.s_addr == INADDR_ANY) { 737 m_freem(m); 738 splx(s); 739 if (ip->ip_p == IPPROTO_TCP) 740 return(EADDRNOTAVAIL); 741 else 742 return(0); 743 } 744 745 /* 746 * Put low delay, telnet, rlogin and ftp control packets 747 * in front of the queue. 748 */ 749 750 if (!IF_QFULL(&sp->pp_fastq) && 751 ((ip && (ip->ip_tos & IPTOS_LOWDELAY)) || 752 (th && (INTERACTIVE(ntohs(th->th_sport)) || 753 INTERACTIVE(ntohs(th->th_dport)))))) 754 ifq = &sp->pp_fastq; 755 } 756 #endif 757 758 #ifdef INET6 759 if (dst->sa_family == AF_INET6) { 760 /* XXX do something tricky here? */ 761 } 762 #endif 763 764 if ((sp->pp_flags & PP_NOFRAMING) == 0) { 765 /* 766 * Prepend general data packet PPP header. For now, IP only. 767 */ 768 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 769 if (! m) { 770 if (ifp->if_flags & IFF_DEBUG) 771 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 772 SPP_ARGS(ifp)); 773 ++ifp->if_oerrors; 774 splx (s); 775 return (ENOBUFS); 776 } 777 /* 778 * May want to check size of packet 779 * (albeit due to the implementation it's always enough) 780 */ 781 h = mtod (m, struct ppp_header*); 782 if (sp->pp_flags & PP_CISCO) { 783 h->address = CISCO_UNICAST; /* unicast address */ 784 h->control = 0; 785 } else { 786 h->address = PPP_ALLSTATIONS; /* broadcast address */ 787 h->control = PPP_UI; /* Unnumbered Info */ 788 } 789 } 790 791 switch (dst->sa_family) { 792 #ifdef INET 793 case AF_INET: /* Internet Protocol */ 794 if (sp->pp_flags & PP_CISCO) 795 protocol = htons (ETHERTYPE_IP); 796 else { 797 /* 798 * Don't choke with an ENETDOWN early. It's 799 * possible that we just started dialing out, 800 * so don't drop the packet immediately. If 801 * we notice that we run out of buffer space 802 * below, we will however remember that we are 803 * not ready to carry IP packets, and return 804 * ENETDOWN, as opposed to ENOBUFS. 805 */ 806 protocol = htons(PPP_IP); 807 if (sp->state[IDX_IPCP] != STATE_OPENED) 808 rv = ENETDOWN; 809 } 810 break; 811 #endif 812 #ifdef INET6 813 case AF_INET6: /* Internet Protocol version 6 */ 814 if (sp->pp_flags & PP_CISCO) 815 protocol = htons (ETHERTYPE_IPV6); 816 else { 817 /* 818 * Don't choke with an ENETDOWN early. It's 819 * possible that we just started dialing out, 820 * so don't drop the packet immediately. If 821 * we notice that we run out of buffer space 822 * below, we will however remember that we are 823 * not ready to carry IP packets, and return 824 * ENETDOWN, as opposed to ENOBUFS. 825 */ 826 protocol = htons(PPP_IPV6); 827 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 828 rv = ENETDOWN; 829 } 830 break; 831 #endif 832 #ifdef NS 833 case AF_NS: /* Xerox NS Protocol */ 834 protocol = htons ((sp->pp_flags & PP_CISCO) ? 835 ETHERTYPE_NS : PPP_XNS); 836 break; 837 #endif 838 #ifdef IPX 839 case AF_IPX: /* Novell IPX Protocol */ 840 protocol = htons ((sp->pp_flags & PP_CISCO) ? 841 ETHERTYPE_IPX : PPP_IPX); 842 break; 843 #endif 844 #ifdef ISO 845 case AF_ISO: /* ISO OSI Protocol */ 846 if (sp->pp_flags & PP_CISCO) 847 goto nosupport; 848 protocol = htons (PPP_ISO); 849 break; 850 nosupport: 851 #endif 852 default: 853 m_freem (m); 854 ++ifp->if_oerrors; 855 splx (s); 856 return (EAFNOSUPPORT); 857 } 858 859 if (sp->pp_flags & PP_NOFRAMING) { 860 M_PREPEND (m, 2, M_DONTWAIT); 861 if (m == NULL) { 862 if (ifp->if_flags & IFF_DEBUG) 863 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 864 SPP_ARGS(ifp)); 865 ++ifp->if_oerrors; 866 splx (s); 867 return (ENOBUFS); 868 } 869 *mtod(m, u_int16_t*) = protocol; 870 } else { 871 h->protocol = protocol; 872 } 873 874 /* 875 * Queue message on interface, and start output if interface 876 * not yet active. 877 */ 878 len = m->m_pkthdr.len; 879 if (ifq != NULL 880 #ifdef ALTQ 881 && ALTQ_IS_ENABLED(&ifp->if_snd) == 0 882 #endif 883 ) { 884 if (IF_QFULL (ifq)) { 885 IF_DROP (&ifp->if_snd); 886 m_freem (m); 887 if (rv == 0) 888 rv = ENOBUFS; 889 } 890 IF_ENQUEUE(ifq, m); 891 } else 892 IFQ_ENQUEUE(&ifp->if_snd, m, &pktattr, rv); 893 if (rv != 0) { 894 ++ifp->if_oerrors; 895 splx(s); 896 return (rv); 897 } 898 899 if (! (ifp->if_flags & IFF_OACTIVE)) 900 (*ifp->if_start) (ifp); 901 902 /* 903 * Count output packets and bytes. 904 * The packet length includes header + additional hardware framing 905 * according to RFC 1333. 906 */ 907 ifp->if_obytes += len + sp->pp_framebytes; 908 splx (s); 909 return (0); 910 } 911 912 void 913 sppp_attach(struct ifnet *ifp) 914 { 915 struct sppp *sp = (struct sppp*) ifp; 916 917 /* Initialize keepalive handler. */ 918 if (! spppq) { 919 callout_init(&keepalive_ch); 920 callout_reset(&keepalive_ch, hz * 10, sppp_keepalive, NULL); 921 } 922 923 /* Insert new entry into the keepalive list. */ 924 sp->pp_next = spppq; 925 spppq = sp; 926 927 sp->pp_if.if_type = IFT_PPP; 928 sp->pp_if.if_output = sppp_output; 929 sp->pp_fastq.ifq_maxlen = 32; 930 sp->pp_cpq.ifq_maxlen = 20; 931 sp->pp_loopcnt = 0; 932 sp->pp_alivecnt = 0; 933 sp->pp_last_activity = 0; 934 sp->pp_idle_timeout = 0; 935 memset(&sp->pp_seq[0], 0, sizeof(sp->pp_seq)); 936 memset(&sp->pp_rseq[0], 0, sizeof(sp->pp_rseq)); 937 sp->pp_auth_failures = 0; 938 sp->pp_max_auth_fail = DEFAULT_MAX_AUTH_FAILURES; 939 sp->pp_phase = SPPP_PHASE_DEAD; 940 sp->pp_up = lcp.Up; 941 sp->pp_down = lcp.Down; 942 943 if_alloc_sadl(ifp); 944 945 memset(&sp->myauth, 0, sizeof sp->myauth); 946 memset(&sp->hisauth, 0, sizeof sp->hisauth); 947 sppp_lcp_init(sp); 948 sppp_ipcp_init(sp); 949 sppp_ipv6cp_init(sp); 950 sppp_pap_init(sp); 951 sppp_chap_init(sp); 952 } 953 954 void 955 sppp_detach(struct ifnet *ifp) 956 { 957 struct sppp **q, *p, *sp = (struct sppp*) ifp; 958 int i; 959 960 /* Remove the entry from the keepalive list. */ 961 for (q = &spppq; (p = *q); q = &p->pp_next) 962 if (p == sp) { 963 *q = p->pp_next; 964 break; 965 } 966 967 /* Stop keepalive handler. */ 968 if (! spppq) { 969 callout_stop(&keepalive_ch); 970 } 971 972 for (i = 0; i < IDX_COUNT; i++) { 973 callout_stop(&sp->ch[i]); 974 } 975 callout_stop(&sp->pap_my_to_ch); 976 977 /* free authentication info */ 978 if (sp->myauth.name) free(sp->myauth.name, M_DEVBUF); 979 if (sp->myauth.secret) free(sp->myauth.secret, M_DEVBUF); 980 if (sp->hisauth.name) free(sp->hisauth.name, M_DEVBUF); 981 if (sp->hisauth.secret) free(sp->hisauth.secret, M_DEVBUF); 982 983 if_free_sadl(ifp); 984 } 985 986 /* 987 * Flush the interface output queue. 988 */ 989 void 990 sppp_flush(struct ifnet *ifp) 991 { 992 struct sppp *sp = (struct sppp*) ifp; 993 994 IFQ_PURGE (&sp->pp_if.if_snd); 995 IF_PURGE (&sp->pp_fastq); 996 IF_PURGE (&sp->pp_cpq); 997 } 998 999 /* 1000 * Check if the output queue is empty. 1001 */ 1002 int 1003 sppp_isempty(struct ifnet *ifp) 1004 { 1005 struct sppp *sp = (struct sppp*) ifp; 1006 int empty, s; 1007 1008 s = splnet(); 1009 empty = IF_IS_EMPTY(&sp->pp_fastq) && IF_IS_EMPTY(&sp->pp_cpq) && 1010 IFQ_IS_EMPTY(&sp->pp_if.if_snd); 1011 splx(s); 1012 return (empty); 1013 } 1014 1015 /* 1016 * Get next packet to send. 1017 */ 1018 struct mbuf * 1019 sppp_dequeue(struct ifnet *ifp) 1020 { 1021 struct sppp *sp = (struct sppp*) ifp; 1022 struct mbuf *m; 1023 int s; 1024 1025 s = splnet(); 1026 /* 1027 * Process only the control protocol queue until we have at 1028 * least one NCP open. 1029 * 1030 * Do always serve all three queues in Cisco mode. 1031 */ 1032 IF_DEQUEUE(&sp->pp_cpq, m); 1033 if (m == NULL && 1034 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) { 1035 IF_DEQUEUE(&sp->pp_fastq, m); 1036 if (m == NULL) 1037 IF_DEQUEUE (&sp->pp_if.if_snd, m); 1038 } 1039 splx(s); 1040 return m; 1041 } 1042 1043 /* 1044 * Pick the next packet, do not remove it from the queue. 1045 */ 1046 struct mbuf * 1047 sppp_pick(struct ifnet *ifp) 1048 { 1049 struct sppp *sp = (struct sppp*)ifp; 1050 struct mbuf *m; 1051 int s; 1052 1053 s= splnet (); 1054 1055 m = sp->pp_cpq.ifq_head; 1056 if (m == NULL && 1057 (sp->pp_phase == SPPP_PHASE_NETWORK || 1058 (sp->pp_flags & PP_CISCO) != 0)) 1059 if ((m = sp->pp_fastq.ifq_head) == NULL) 1060 m = sp->pp_if.if_snd.ifq_head; 1061 splx (s); 1062 return (m); 1063 } 1064 1065 /* 1066 * Process an ioctl request. Called on low priority level. 1067 */ 1068 int 1069 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) 1070 { 1071 struct ifreq *ifr = (struct ifreq*) data; 1072 struct sppp *sp = (struct sppp*) ifp; 1073 int s, error=0, going_up, going_down, newmode; 1074 1075 s = splnet(); 1076 switch (cmd) { 1077 case SIOCAIFADDR: 1078 case SIOCSIFDSTADDR: 1079 break; 1080 1081 case SIOCSIFADDR: 1082 if_up(ifp); 1083 /* fall through... */ 1084 1085 case SIOCSIFFLAGS: 1086 going_up = ifp->if_flags & IFF_UP && 1087 (ifp->if_flags & IFF_RUNNING) == 0; 1088 going_down = (ifp->if_flags & IFF_UP) == 0 && 1089 ifp->if_flags & IFF_RUNNING; 1090 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 1091 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 1092 /* sanity */ 1093 newmode = IFF_PASSIVE; 1094 ifp->if_flags &= ~IFF_AUTO; 1095 } 1096 1097 if (going_up || going_down) 1098 lcp.Close(sp); 1099 if (going_up && newmode == 0) { 1100 /* neither auto-dial nor passive */ 1101 ifp->if_flags |= IFF_RUNNING; 1102 if (!(sp->pp_flags & PP_CISCO)) 1103 lcp.Open(sp); 1104 } else if (going_down) { 1105 sppp_flush(ifp); 1106 ifp->if_flags &= ~IFF_RUNNING; 1107 } 1108 1109 break; 1110 1111 #ifdef SIOCSIFMTU 1112 #ifndef ifr_mtu 1113 #define ifr_mtu ifr_metric 1114 #endif 1115 case SIOCSIFMTU: 1116 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1117 return (EINVAL); 1118 ifp->if_mtu = ifr->ifr_mtu; 1119 break; 1120 #endif 1121 #ifdef SLIOCSETMTU 1122 case SLIOCSETMTU: 1123 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1124 return (EINVAL); 1125 ifp->if_mtu = *(short*)data; 1126 break; 1127 #endif 1128 #ifdef SIOCGIFMTU 1129 case SIOCGIFMTU: 1130 ifr->ifr_mtu = ifp->if_mtu; 1131 break; 1132 #endif 1133 #ifdef SLIOCGETMTU 1134 case SLIOCGETMTU: 1135 *(short*)data = ifp->if_mtu; 1136 break; 1137 #endif 1138 case SIOCADDMULTI: 1139 case SIOCDELMULTI: 1140 break; 1141 1142 case SPPPSETAUTHCFG: 1143 case SPPPSETLCPCFG: 1144 case SPPPSETIDLETO: 1145 case SPPPSETAUTHFAILURE: 1146 case SPPPSETDNSOPTS: 1147 { 1148 struct proc *p = curproc; /* XXX */ 1149 1150 if ((error = suser(p->p_ucred, &p->p_acflag)) != 0) 1151 break; 1152 } 1153 /* FALLTHROUGH */ 1154 case SPPPGETAUTHCFG: 1155 case SPPPGETLCPCFG: 1156 case SPPPGETSTATUS: 1157 case SPPPGETIDLETO: 1158 case SPPPGETAUTHFAILURES: 1159 case SPPPGETDNSOPTS: 1160 case SPPPGETDNSADDRS: 1161 error = sppp_params(sp, cmd, data); 1162 break; 1163 1164 default: 1165 error = ENOTTY; 1166 } 1167 splx(s); 1168 return (error); 1169 } 1170 1171 1172 /* 1173 * Cisco framing implementation. 1174 */ 1175 1176 /* 1177 * Handle incoming Cisco keepalive protocol packets. 1178 */ 1179 static void 1180 sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1181 { 1182 STDDCL; 1183 struct cisco_packet *h; 1184 u_int32_t me, mymask; 1185 1186 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1187 if (debug) 1188 log(LOG_DEBUG, 1189 SPP_FMT "cisco invalid packet length: %d bytes\n", 1190 SPP_ARGS(ifp), m->m_pkthdr.len); 1191 return; 1192 } 1193 h = mtod (m, struct cisco_packet*); 1194 if (debug) 1195 log(LOG_DEBUG, 1196 SPP_FMT "cisco input: %d bytes " 1197 "<0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", 1198 SPP_ARGS(ifp), m->m_pkthdr.len, 1199 ntohl (h->type), h->par1, h->par2, (u_int)h->rel, 1200 (u_int)h->time0, (u_int)h->time1); 1201 switch (ntohl (h->type)) { 1202 default: 1203 if (debug) 1204 addlog(SPP_FMT "cisco unknown packet type: 0x%x\n", 1205 SPP_ARGS(ifp), ntohl (h->type)); 1206 break; 1207 case CISCO_ADDR_REPLY: 1208 /* Reply on address request, ignore */ 1209 break; 1210 case CISCO_KEEPALIVE_REQ: 1211 sp->pp_alivecnt = 0; 1212 sp->pp_rseq[IDX_LCP] = ntohl (h->par1); 1213 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1214 /* Local and remote sequence numbers are equal. 1215 * Probably, the line is in loopback mode. */ 1216 if (sp->pp_loopcnt >= MAXALIVECNT) { 1217 printf (SPP_FMT "loopback\n", 1218 SPP_ARGS(ifp)); 1219 sp->pp_loopcnt = 0; 1220 if (ifp->if_flags & IFF_UP) { 1221 if_down (ifp); 1222 IF_PURGE (&sp->pp_cpq); 1223 } 1224 } 1225 ++sp->pp_loopcnt; 1226 1227 /* Generate new local sequence number */ 1228 sp->pp_seq[IDX_LCP] = random(); 1229 break; 1230 } 1231 sp->pp_loopcnt = 0; 1232 if (! (ifp->if_flags & IFF_UP) && 1233 (ifp->if_flags & IFF_RUNNING)) { 1234 if_up(ifp); 1235 } 1236 break; 1237 case CISCO_ADDR_REQ: 1238 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1239 if (me != 0L) 1240 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1241 break; 1242 } 1243 } 1244 1245 /* 1246 * Send Cisco keepalive packet. 1247 */ 1248 static void 1249 sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2) 1250 { 1251 STDDCL; 1252 struct ppp_header *h; 1253 struct cisco_packet *ch; 1254 struct mbuf *m; 1255 u_int32_t t = (time.tv_sec - boottime.tv_sec) * 1000; 1256 1257 MGETHDR (m, M_DONTWAIT, MT_DATA); 1258 if (! m) 1259 return; 1260 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1261 m->m_pkthdr.rcvif = 0; 1262 1263 h = mtod (m, struct ppp_header*); 1264 h->address = CISCO_MULTICAST; 1265 h->control = 0; 1266 h->protocol = htons (CISCO_KEEPALIVE); 1267 1268 ch = (struct cisco_packet*) (h + 1); 1269 ch->type = htonl (type); 1270 ch->par1 = htonl (par1); 1271 ch->par2 = htonl (par2); 1272 ch->rel = -1; 1273 1274 ch->time0 = htons ((u_short) (t >> 16)); 1275 ch->time1 = htons ((u_short) t); 1276 1277 if (debug) 1278 log(LOG_DEBUG, 1279 SPP_FMT "cisco output: <0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", 1280 SPP_ARGS(ifp), ntohl (ch->type), ch->par1, 1281 ch->par2, (u_int)ch->rel, (u_int)ch->time0, 1282 (u_int)ch->time1); 1283 1284 if (IF_QFULL (&sp->pp_cpq)) { 1285 IF_DROP (&sp->pp_fastq); 1286 IF_DROP (&ifp->if_snd); 1287 m_freem (m); 1288 } else 1289 IF_ENQUEUE (&sp->pp_cpq, m); 1290 if (! (ifp->if_flags & IFF_OACTIVE)) 1291 (*ifp->if_start) (ifp); 1292 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes; 1293 } 1294 1295 /* 1296 * PPP protocol implementation. 1297 */ 1298 1299 /* 1300 * Send PPP control protocol packet. 1301 */ 1302 static void 1303 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1304 u_char ident, u_short len, void *data) 1305 { 1306 STDDCL; 1307 struct lcp_header *lh; 1308 struct mbuf *m; 1309 size_t pkthdrlen; 1310 1311 pkthdrlen = (sp->pp_flags & PP_NOFRAMING) ? 2 : PPP_HEADER_LEN; 1312 1313 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) 1314 len = MHLEN - pkthdrlen - LCP_HEADER_LEN; 1315 MGETHDR (m, M_DONTWAIT, MT_DATA); 1316 if (! m) 1317 return; 1318 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 1319 m->m_pkthdr.rcvif = 0; 1320 1321 if (sp->pp_flags & PP_NOFRAMING) { 1322 *mtod(m, u_int16_t*) = htons(proto); 1323 lh = (struct lcp_header*)(mtod(m, u_int8_t*) + 2); 1324 } else { 1325 struct ppp_header *h; 1326 h = mtod (m, struct ppp_header*); 1327 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1328 h->control = PPP_UI; /* Unnumbered Info */ 1329 h->protocol = htons (proto); /* Link Control Protocol */ 1330 lh = (struct lcp_header*) (h + 1); 1331 } 1332 lh->type = type; 1333 lh->ident = ident; 1334 lh->len = htons (LCP_HEADER_LEN + len); 1335 if (len) 1336 bcopy (data, lh+1, len); 1337 1338 if (debug) { 1339 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1340 SPP_ARGS(ifp), 1341 sppp_proto_name(proto), 1342 sppp_cp_type_name (lh->type), lh->ident, 1343 ntohs (lh->len)); 1344 if (len) 1345 sppp_print_bytes ((u_char*) (lh+1), len); 1346 addlog(">\n"); 1347 } 1348 if (IF_QFULL (&sp->pp_cpq)) { 1349 IF_DROP (&sp->pp_fastq); 1350 IF_DROP (&ifp->if_snd); 1351 m_freem (m); 1352 ++ifp->if_oerrors; 1353 } else 1354 IF_ENQUEUE (&sp->pp_cpq, m); 1355 if (! (ifp->if_flags & IFF_OACTIVE)) 1356 (*ifp->if_start) (ifp); 1357 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes; 1358 } 1359 1360 /* 1361 * Handle incoming PPP control protocol packets. 1362 */ 1363 static void 1364 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1365 { 1366 STDDCL; 1367 struct lcp_header *h; 1368 int len = m->m_pkthdr.len; 1369 int rv; 1370 u_char *p; 1371 u_int32_t u32; 1372 1373 if (len < 4) { 1374 if (debug) 1375 log(LOG_DEBUG, 1376 SPP_FMT "%s invalid packet length: %d bytes\n", 1377 SPP_ARGS(ifp), cp->name, len); 1378 return; 1379 } 1380 h = mtod (m, struct lcp_header*); 1381 if (debug) { 1382 log(LOG_DEBUG, 1383 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1384 SPP_ARGS(ifp), cp->name, 1385 sppp_state_name(sp->state[cp->protoidx]), 1386 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1387 if (len > 4) 1388 sppp_print_bytes ((u_char*) (h+1), len-4); 1389 addlog(">\n"); 1390 } 1391 if (len > ntohs (h->len)) 1392 len = ntohs (h->len); 1393 p = (u_char *)(h + 1); 1394 switch (h->type) { 1395 case CONF_REQ: 1396 if (len < 4) { 1397 if (debug) 1398 addlog(SPP_FMT "%s invalid conf-req length %d\n", 1399 SPP_ARGS(ifp), cp->name, 1400 len); 1401 ++ifp->if_ierrors; 1402 break; 1403 } 1404 /* handle states where RCR doesn't get a SCA/SCN */ 1405 switch (sp->state[cp->protoidx]) { 1406 case STATE_CLOSING: 1407 case STATE_STOPPING: 1408 return; 1409 case STATE_CLOSED: 1410 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1411 0, 0); 1412 return; 1413 } 1414 rv = (cp->RCR)(sp, h, len); 1415 switch (sp->state[cp->protoidx]) { 1416 case STATE_OPENED: 1417 (cp->tld)(sp); 1418 (cp->scr)(sp); 1419 /* fall through... */ 1420 case STATE_ACK_SENT: 1421 case STATE_REQ_SENT: 1422 sppp_cp_change_state(cp, sp, rv? 1423 STATE_ACK_SENT: STATE_REQ_SENT); 1424 break; 1425 case STATE_STOPPED: 1426 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1427 (cp->scr)(sp); 1428 sppp_cp_change_state(cp, sp, rv? 1429 STATE_ACK_SENT: STATE_REQ_SENT); 1430 break; 1431 case STATE_ACK_RCVD: 1432 if (rv) { 1433 sppp_cp_change_state(cp, sp, STATE_OPENED); 1434 if (debug) 1435 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1436 SPP_ARGS(ifp), 1437 cp->name); 1438 (cp->tlu)(sp); 1439 } else 1440 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1441 break; 1442 default: 1443 printf(SPP_FMT "%s illegal %s in state %s\n", 1444 SPP_ARGS(ifp), cp->name, 1445 sppp_cp_type_name(h->type), 1446 sppp_state_name(sp->state[cp->protoidx])); 1447 ++ifp->if_ierrors; 1448 } 1449 break; 1450 case CONF_ACK: 1451 if (h->ident != sp->confid[cp->protoidx]) { 1452 if (debug) 1453 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1454 SPP_ARGS(ifp), cp->name, 1455 h->ident, sp->confid[cp->protoidx]); 1456 ++ifp->if_ierrors; 1457 break; 1458 } 1459 switch (sp->state[cp->protoidx]) { 1460 case STATE_CLOSED: 1461 case STATE_STOPPED: 1462 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1463 break; 1464 case STATE_CLOSING: 1465 case STATE_STOPPING: 1466 break; 1467 case STATE_REQ_SENT: 1468 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1469 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1470 break; 1471 case STATE_OPENED: 1472 (cp->tld)(sp); 1473 /* fall through */ 1474 case STATE_ACK_RCVD: 1475 (cp->scr)(sp); 1476 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1477 break; 1478 case STATE_ACK_SENT: 1479 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1480 sppp_cp_change_state(cp, sp, STATE_OPENED); 1481 if (debug) 1482 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1483 SPP_ARGS(ifp), cp->name); 1484 (cp->tlu)(sp); 1485 break; 1486 default: 1487 printf(SPP_FMT "%s illegal %s in state %s\n", 1488 SPP_ARGS(ifp), cp->name, 1489 sppp_cp_type_name(h->type), 1490 sppp_state_name(sp->state[cp->protoidx])); 1491 ++ifp->if_ierrors; 1492 } 1493 break; 1494 case CONF_NAK: 1495 case CONF_REJ: 1496 if (h->ident != sp->confid[cp->protoidx]) { 1497 if (debug) 1498 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1499 SPP_ARGS(ifp), cp->name, 1500 h->ident, sp->confid[cp->protoidx]); 1501 ++ifp->if_ierrors; 1502 break; 1503 } 1504 if (h->type == CONF_NAK) 1505 (cp->RCN_nak)(sp, h, len); 1506 else /* CONF_REJ */ 1507 (cp->RCN_rej)(sp, h, len); 1508 1509 switch (sp->state[cp->protoidx]) { 1510 case STATE_CLOSED: 1511 case STATE_STOPPED: 1512 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1513 break; 1514 case STATE_REQ_SENT: 1515 case STATE_ACK_SENT: 1516 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1517 (cp->scr)(sp); 1518 break; 1519 case STATE_OPENED: 1520 (cp->tld)(sp); 1521 /* fall through */ 1522 case STATE_ACK_RCVD: 1523 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1524 (cp->scr)(sp); 1525 break; 1526 case STATE_CLOSING: 1527 case STATE_STOPPING: 1528 break; 1529 default: 1530 printf(SPP_FMT "%s illegal %s in state %s\n", 1531 SPP_ARGS(ifp), cp->name, 1532 sppp_cp_type_name(h->type), 1533 sppp_state_name(sp->state[cp->protoidx])); 1534 ++ifp->if_ierrors; 1535 } 1536 break; 1537 1538 case TERM_REQ: 1539 switch (sp->state[cp->protoidx]) { 1540 case STATE_ACK_RCVD: 1541 case STATE_ACK_SENT: 1542 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1543 /* fall through */ 1544 case STATE_CLOSED: 1545 case STATE_STOPPED: 1546 case STATE_CLOSING: 1547 case STATE_STOPPING: 1548 case STATE_REQ_SENT: 1549 sta: 1550 /* Send Terminate-Ack packet. */ 1551 if (debug) 1552 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1553 SPP_ARGS(ifp), cp->name); 1554 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1555 break; 1556 case STATE_OPENED: 1557 (cp->tld)(sp); 1558 sp->rst_counter[cp->protoidx] = 0; 1559 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1560 goto sta; 1561 break; 1562 default: 1563 printf(SPP_FMT "%s illegal %s in state %s\n", 1564 SPP_ARGS(ifp), cp->name, 1565 sppp_cp_type_name(h->type), 1566 sppp_state_name(sp->state[cp->protoidx])); 1567 ++ifp->if_ierrors; 1568 } 1569 break; 1570 case TERM_ACK: 1571 switch (sp->state[cp->protoidx]) { 1572 case STATE_CLOSED: 1573 case STATE_STOPPED: 1574 case STATE_REQ_SENT: 1575 case STATE_ACK_SENT: 1576 break; 1577 case STATE_CLOSING: 1578 (cp->tlf)(sp); 1579 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1580 sppp_lcp_check_and_close(sp); 1581 break; 1582 case STATE_STOPPING: 1583 (cp->tlf)(sp); 1584 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1585 sppp_lcp_check_and_close(sp); 1586 break; 1587 case STATE_ACK_RCVD: 1588 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1589 break; 1590 case STATE_OPENED: 1591 (cp->tld)(sp); 1592 (cp->scr)(sp); 1593 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1594 break; 1595 default: 1596 printf(SPP_FMT "%s illegal %s in state %s\n", 1597 SPP_ARGS(ifp), cp->name, 1598 sppp_cp_type_name(h->type), 1599 sppp_state_name(sp->state[cp->protoidx])); 1600 ++ifp->if_ierrors; 1601 } 1602 break; 1603 case CODE_REJ: 1604 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1605 log(LOG_INFO, 1606 SPP_FMT "%s: ignoring RXJ (%s) for code ?, " 1607 "danger will robinson\n", 1608 SPP_ARGS(ifp), cp->name, 1609 sppp_cp_type_name(h->type)); 1610 switch (sp->state[cp->protoidx]) { 1611 case STATE_CLOSED: 1612 case STATE_STOPPED: 1613 case STATE_REQ_SENT: 1614 case STATE_ACK_SENT: 1615 case STATE_CLOSING: 1616 case STATE_STOPPING: 1617 case STATE_OPENED: 1618 break; 1619 case STATE_ACK_RCVD: 1620 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1621 break; 1622 default: 1623 printf(SPP_FMT "%s illegal %s in state %s\n", 1624 SPP_ARGS(ifp), cp->name, 1625 sppp_cp_type_name(h->type), 1626 sppp_state_name(sp->state[cp->protoidx])); 1627 ++ifp->if_ierrors; 1628 } 1629 break; 1630 case PROTO_REJ: 1631 { 1632 int catastrophic; 1633 const struct cp *upper; 1634 int i; 1635 u_int16_t proto; 1636 1637 catastrophic = 0; 1638 upper = NULL; 1639 proto = p[0] << 8 | p[1]; 1640 for (i = 0; i < IDX_COUNT; i++) { 1641 if (cps[i]->proto == proto) { 1642 upper = cps[i]; 1643 break; 1644 } 1645 } 1646 if (upper == NULL) 1647 catastrophic++; 1648 1649 if (debug) 1650 log(LOG_INFO, 1651 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1652 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+', 1653 sppp_cp_type_name(h->type), proto, 1654 upper ? upper->name : "unknown", 1655 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1656 1657 /* 1658 * if we got RXJ+ against conf-req, the peer does not implement 1659 * this particular protocol type. terminate the protocol. 1660 */ 1661 if (upper && !catastrophic) { 1662 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1663 upper->Close(sp); 1664 break; 1665 } 1666 } 1667 1668 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1669 switch (sp->state[cp->protoidx]) { 1670 case STATE_CLOSED: 1671 case STATE_STOPPED: 1672 case STATE_REQ_SENT: 1673 case STATE_ACK_SENT: 1674 case STATE_CLOSING: 1675 case STATE_STOPPING: 1676 case STATE_OPENED: 1677 break; 1678 case STATE_ACK_RCVD: 1679 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1680 break; 1681 default: 1682 printf(SPP_FMT "%s illegal %s in state %s\n", 1683 SPP_ARGS(ifp), cp->name, 1684 sppp_cp_type_name(h->type), 1685 sppp_state_name(sp->state[cp->protoidx])); 1686 ++ifp->if_ierrors; 1687 } 1688 break; 1689 } 1690 case DISC_REQ: 1691 if (cp->proto != PPP_LCP) 1692 goto illegal; 1693 /* Discard the packet. */ 1694 break; 1695 case ECHO_REQ: 1696 if (cp->proto != PPP_LCP) 1697 goto illegal; 1698 if (sp->state[cp->protoidx] != STATE_OPENED) { 1699 if (debug) 1700 addlog(SPP_FMT "lcp echo req but lcp closed\n", 1701 SPP_ARGS(ifp)); 1702 ++ifp->if_ierrors; 1703 break; 1704 } 1705 if (len < 8) { 1706 if (debug) 1707 addlog(SPP_FMT "invalid lcp echo request " 1708 "packet length: %d bytes\n", 1709 SPP_ARGS(ifp), len); 1710 break; 1711 } 1712 memcpy(&u32, h + 1, sizeof u32); 1713 if (ntohl(u32) == sp->lcp.magic) { 1714 /* Line loopback mode detected. */ 1715 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1716 if_down (ifp); 1717 IF_PURGE (&sp->pp_cpq); 1718 1719 /* Shut down the PPP link. */ 1720 /* XXX */ 1721 lcp.Down(sp); 1722 lcp.Up(sp); 1723 break; 1724 } 1725 u32 = htonl(sp->lcp.magic); 1726 memcpy(h + 1, &u32, sizeof u32); 1727 if (debug) 1728 addlog(SPP_FMT "got lcp echo req, sending echo rep\n", 1729 SPP_ARGS(ifp)); 1730 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1731 break; 1732 case ECHO_REPLY: 1733 if (cp->proto != PPP_LCP) 1734 goto illegal; 1735 if (h->ident != sp->lcp.echoid) { 1736 ++ifp->if_ierrors; 1737 break; 1738 } 1739 if (len < 8) { 1740 if (debug) 1741 addlog(SPP_FMT "lcp invalid echo reply " 1742 "packet length: %d bytes\n", 1743 SPP_ARGS(ifp), len); 1744 break; 1745 } 1746 if (debug) 1747 addlog(SPP_FMT "lcp got echo rep\n", 1748 SPP_ARGS(ifp)); 1749 memcpy(&u32, h + 1, sizeof u32); 1750 if (ntohl(u32) != sp->lcp.magic) 1751 sp->pp_alivecnt = 0; 1752 break; 1753 default: 1754 /* Unknown packet type -- send Code-Reject packet. */ 1755 illegal: 1756 if (debug) 1757 addlog(SPP_FMT "%s send code-rej for 0x%x\n", 1758 SPP_ARGS(ifp), cp->name, h->type); 1759 sppp_cp_send(sp, cp->proto, CODE_REJ, 1760 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1761 ++ifp->if_ierrors; 1762 } 1763 } 1764 1765 1766 /* 1767 * The generic part of all Up/Down/Open/Close/TO event handlers. 1768 * Basically, the state transition handling in the automaton. 1769 */ 1770 static void 1771 sppp_up_event(const struct cp *cp, struct sppp *sp) 1772 { 1773 STDDCL; 1774 1775 if (debug) 1776 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1777 SPP_ARGS(ifp), cp->name, 1778 sppp_state_name(sp->state[cp->protoidx])); 1779 1780 switch (sp->state[cp->protoidx]) { 1781 case STATE_INITIAL: 1782 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1783 break; 1784 case STATE_STARTING: 1785 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1786 (cp->scr)(sp); 1787 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1788 break; 1789 default: 1790 printf(SPP_FMT "%s illegal up in state %s\n", 1791 SPP_ARGS(ifp), cp->name, 1792 sppp_state_name(sp->state[cp->protoidx])); 1793 } 1794 } 1795 1796 static void 1797 sppp_down_event(const struct cp *cp, struct sppp *sp) 1798 { 1799 STDDCL; 1800 1801 if (debug) 1802 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1803 SPP_ARGS(ifp), cp->name, 1804 sppp_state_name(sp->state[cp->protoidx])); 1805 1806 switch (sp->state[cp->protoidx]) { 1807 case STATE_CLOSED: 1808 case STATE_CLOSING: 1809 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1810 break; 1811 case STATE_STOPPED: 1812 (cp->tls)(sp); 1813 /* fall through */ 1814 case STATE_STOPPING: 1815 case STATE_REQ_SENT: 1816 case STATE_ACK_RCVD: 1817 case STATE_ACK_SENT: 1818 sppp_cp_change_state(cp, sp, STATE_STARTING); 1819 break; 1820 case STATE_OPENED: 1821 (cp->tld)(sp); 1822 sppp_cp_change_state(cp, sp, STATE_STARTING); 1823 break; 1824 default: 1825 printf(SPP_FMT "%s illegal down in state %s\n", 1826 SPP_ARGS(ifp), cp->name, 1827 sppp_state_name(sp->state[cp->protoidx])); 1828 } 1829 } 1830 1831 1832 static void 1833 sppp_open_event(const struct cp *cp, struct sppp *sp) 1834 { 1835 STDDCL; 1836 1837 if (debug) 1838 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1839 SPP_ARGS(ifp), cp->name, 1840 sppp_state_name(sp->state[cp->protoidx])); 1841 1842 switch (sp->state[cp->protoidx]) { 1843 case STATE_INITIAL: 1844 (cp->tls)(sp); 1845 sppp_cp_change_state(cp, sp, STATE_STARTING); 1846 break; 1847 case STATE_STARTING: 1848 break; 1849 case STATE_CLOSED: 1850 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1851 (cp->scr)(sp); 1852 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1853 break; 1854 case STATE_STOPPED: 1855 case STATE_STOPPING: 1856 case STATE_REQ_SENT: 1857 case STATE_ACK_RCVD: 1858 case STATE_ACK_SENT: 1859 case STATE_OPENED: 1860 break; 1861 case STATE_CLOSING: 1862 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1863 break; 1864 } 1865 } 1866 1867 1868 static void 1869 sppp_close_event(const struct cp *cp, struct sppp *sp) 1870 { 1871 STDDCL; 1872 1873 if (debug) 1874 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1875 SPP_ARGS(ifp), cp->name, 1876 sppp_state_name(sp->state[cp->protoidx])); 1877 1878 switch (sp->state[cp->protoidx]) { 1879 case STATE_INITIAL: 1880 case STATE_CLOSED: 1881 case STATE_CLOSING: 1882 break; 1883 case STATE_STARTING: 1884 (cp->tlf)(sp); 1885 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1886 break; 1887 case STATE_STOPPED: 1888 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1889 break; 1890 case STATE_STOPPING: 1891 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1892 break; 1893 case STATE_OPENED: 1894 (cp->tld)(sp); 1895 /* fall through */ 1896 case STATE_REQ_SENT: 1897 case STATE_ACK_RCVD: 1898 case STATE_ACK_SENT: 1899 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1900 sppp_cp_send(sp, cp->proto, TERM_REQ, 1901 ++sp->pp_seq[cp->protoidx], 0, 0); 1902 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1903 break; 1904 } 1905 } 1906 1907 static void 1908 sppp_to_event(const struct cp *cp, struct sppp *sp) 1909 { 1910 STDDCL; 1911 int s; 1912 1913 s = splnet(); 1914 if (debug) 1915 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 1916 SPP_ARGS(ifp), cp->name, 1917 sppp_state_name(sp->state[cp->protoidx]), 1918 sp->rst_counter[cp->protoidx]); 1919 1920 if (--sp->rst_counter[cp->protoidx] < 0) 1921 /* TO- event */ 1922 switch (sp->state[cp->protoidx]) { 1923 case STATE_CLOSING: 1924 (cp->tlf)(sp); 1925 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1926 sppp_lcp_check_and_close(sp); 1927 break; 1928 case STATE_STOPPING: 1929 (cp->tlf)(sp); 1930 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1931 sppp_lcp_check_and_close(sp); 1932 break; 1933 case STATE_REQ_SENT: 1934 case STATE_ACK_RCVD: 1935 case STATE_ACK_SENT: 1936 (cp->tlf)(sp); 1937 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1938 sppp_lcp_check_and_close(sp); 1939 break; 1940 } 1941 else 1942 /* TO+ event */ 1943 switch (sp->state[cp->protoidx]) { 1944 case STATE_CLOSING: 1945 case STATE_STOPPING: 1946 sppp_cp_send(sp, cp->proto, TERM_REQ, 1947 ++sp->pp_seq[cp->protoidx], 0, 0); 1948 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1949 cp->TO, sp); 1950 break; 1951 case STATE_REQ_SENT: 1952 case STATE_ACK_RCVD: 1953 (cp->scr)(sp); 1954 /* sppp_cp_change_state() will restart the timer */ 1955 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1956 break; 1957 case STATE_ACK_SENT: 1958 (cp->scr)(sp); 1959 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1960 cp->TO, sp); 1961 break; 1962 } 1963 1964 splx(s); 1965 } 1966 1967 /* 1968 * Change the state of a control protocol in the state automaton. 1969 * Takes care of starting/stopping the restart timer. 1970 */ 1971 void 1972 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1973 { 1974 sp->state[cp->protoidx] = newstate; 1975 callout_stop(&sp->ch[cp->protoidx]); 1976 switch (newstate) { 1977 case STATE_INITIAL: 1978 case STATE_STARTING: 1979 case STATE_CLOSED: 1980 case STATE_STOPPED: 1981 case STATE_OPENED: 1982 break; 1983 case STATE_CLOSING: 1984 case STATE_STOPPING: 1985 case STATE_REQ_SENT: 1986 case STATE_ACK_RCVD: 1987 case STATE_ACK_SENT: 1988 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1989 cp->TO, sp); 1990 break; 1991 } 1992 } 1993 1994 /* 1995 *--------------------------------------------------------------------------* 1996 * * 1997 * The LCP implementation. * 1998 * * 1999 *--------------------------------------------------------------------------* 2000 */ 2001 static void 2002 sppp_lcp_init(struct sppp *sp) 2003 { 2004 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2005 sp->lcp.magic = 0; 2006 sp->state[IDX_LCP] = STATE_INITIAL; 2007 sp->fail_counter[IDX_LCP] = 0; 2008 sp->pp_seq[IDX_LCP] = 0; 2009 sp->pp_rseq[IDX_LCP] = 0; 2010 sp->lcp.protos = 0; 2011 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2012 2013 /* 2014 * Initialize counters and timeout values. Note that we don't 2015 * use the 3 seconds suggested in RFC 1661 since we are likely 2016 * running on a fast link. XXX We should probably implement 2017 * the exponential backoff option. Note that these values are 2018 * relevant for all control protocols, not just LCP only. 2019 */ 2020 sp->lcp.timeout = 1 * hz; 2021 sp->lcp.max_terminate = 2; 2022 sp->lcp.max_configure = 10; 2023 sp->lcp.max_failure = 10; 2024 callout_init(&sp->ch[IDX_LCP]); 2025 } 2026 2027 static void 2028 sppp_lcp_up(struct sppp *sp) 2029 { 2030 STDDCL; 2031 2032 /* Initialize activity timestamp: opening a connection is an activity */ 2033 sp->pp_last_activity = time.tv_sec; 2034 2035 /* 2036 * If this interface is passive or dial-on-demand, and we are 2037 * still in Initial state, it means we've got an incoming 2038 * call. Activate the interface. 2039 */ 2040 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2041 if (debug) 2042 log(LOG_DEBUG, 2043 SPP_FMT "Up event", SPP_ARGS(ifp)); 2044 ifp->if_flags |= IFF_RUNNING; 2045 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2046 if (debug) 2047 addlog("(incoming call)\n"); 2048 sp->pp_flags |= PP_CALLIN; 2049 lcp.Open(sp); 2050 } else if (debug) 2051 addlog("\n"); 2052 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2053 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2054 ifp->if_flags |= IFF_RUNNING; 2055 lcp.Open(sp); 2056 } 2057 2058 sppp_up_event(&lcp, sp); 2059 } 2060 2061 static void 2062 sppp_lcp_down(struct sppp *sp) 2063 { 2064 STDDCL; 2065 2066 sppp_down_event(&lcp, sp); 2067 2068 /* 2069 * If this is neither a dial-on-demand nor a passive 2070 * interface, simulate an ``ifconfig down'' action, so the 2071 * administrator can force a redial by another ``ifconfig 2072 * up''. XXX For leased line operation, should we immediately 2073 * try to reopen the connection here? 2074 */ 2075 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2076 if (debug) 2077 log(LOG_INFO, 2078 SPP_FMT "Down event (carrier loss), taking interface down.\n", 2079 SPP_ARGS(ifp)); 2080 if_down(ifp); 2081 } else { 2082 if (debug) 2083 log(LOG_DEBUG, 2084 SPP_FMT "Down event (carrier loss)\n", 2085 SPP_ARGS(ifp)); 2086 } 2087 sp->pp_flags &= ~PP_CALLIN; 2088 if (sp->state[IDX_LCP] != STATE_INITIAL) 2089 lcp.Close(sp); 2090 ifp->if_flags &= ~IFF_RUNNING; 2091 } 2092 2093 static void 2094 sppp_lcp_open(struct sppp *sp) 2095 { 2096 /* 2097 * If we are authenticator, negotiate LCP_AUTH 2098 */ 2099 if (sp->hisauth.proto != 0) 2100 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2101 else 2102 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2103 sp->pp_flags &= ~PP_NEEDAUTH; 2104 sppp_open_event(&lcp, sp); 2105 } 2106 2107 static void 2108 sppp_lcp_close(struct sppp *sp) 2109 { 2110 sppp_close_event(&lcp, sp); 2111 } 2112 2113 static void 2114 sppp_lcp_TO(void *cookie) 2115 { 2116 sppp_to_event(&lcp, (struct sppp *)cookie); 2117 } 2118 2119 /* 2120 * Analyze a configure request. Return true if it was agreeable, and 2121 * caused action sca, false if it has been rejected or nak'ed, and 2122 * caused action scn. (The return value is used to make the state 2123 * transition decision in the state automaton.) 2124 */ 2125 static int 2126 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2127 { 2128 STDDCL; 2129 u_char *buf, *r, *p; 2130 int origlen, rlen; 2131 u_int32_t nmagic; 2132 u_short authproto; 2133 2134 len -= 4; 2135 origlen = len; 2136 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2137 if (! buf) 2138 return (0); 2139 2140 if (debug) 2141 log(LOG_DEBUG, SPP_FMT "lcp parse opts:", 2142 SPP_ARGS(ifp)); 2143 2144 /* pass 1: check for things that need to be rejected */ 2145 p = (void*) (h+1); 2146 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2147 if (debug) 2148 addlog(" %s", sppp_lcp_opt_name(*p)); 2149 switch (*p) { 2150 case LCP_OPT_MAGIC: 2151 /* Magic number. */ 2152 /* fall through, both are same length */ 2153 case LCP_OPT_ASYNC_MAP: 2154 /* Async control character map. */ 2155 if (len >= 6 || p[1] == 6) 2156 continue; 2157 if (debug) 2158 addlog(" [invalid]"); 2159 break; 2160 case LCP_OPT_MRU: 2161 /* Maximum receive unit. */ 2162 if (len >= 4 && p[1] == 4) 2163 continue; 2164 if (debug) 2165 addlog(" [invalid]"); 2166 break; 2167 case LCP_OPT_AUTH_PROTO: 2168 if (len < 4) { 2169 if (debug) 2170 addlog(" [invalid]"); 2171 break; 2172 } 2173 authproto = (p[2] << 8) + p[3]; 2174 if (authproto == PPP_CHAP && p[1] != 5) { 2175 if (debug) 2176 addlog(" [invalid chap len]"); 2177 break; 2178 } 2179 if (sp->myauth.proto == 0) { 2180 /* we are not configured to do auth */ 2181 if (debug) 2182 addlog(" [not configured]"); 2183 break; 2184 } 2185 /* 2186 * Remote want us to authenticate, remember this, 2187 * so we stay in SPPP_PHASE_AUTHENTICATE after LCP got 2188 * up. 2189 */ 2190 sp->pp_flags |= PP_NEEDAUTH; 2191 continue; 2192 default: 2193 /* Others not supported. */ 2194 if (debug) 2195 addlog(" [rej]"); 2196 break; 2197 } 2198 /* Add the option to rejected list. */ 2199 bcopy (p, r, p[1]); 2200 r += p[1]; 2201 rlen += p[1]; 2202 } 2203 if (rlen) { 2204 if (debug) 2205 addlog(" send conf-rej\n"); 2206 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2207 goto end; 2208 } else if (debug) 2209 addlog("\n"); 2210 2211 /* 2212 * pass 2: check for option values that are unacceptable and 2213 * thus require to be nak'ed. 2214 */ 2215 if (debug) 2216 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2217 SPP_ARGS(ifp)); 2218 2219 p = (void*) (h+1); 2220 len = origlen; 2221 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2222 if (debug) 2223 addlog(" %s", sppp_lcp_opt_name(*p)); 2224 switch (*p) { 2225 case LCP_OPT_MAGIC: 2226 /* Magic number -- extract. */ 2227 nmagic = (u_int32_t)p[2] << 24 | 2228 (u_int32_t)p[3] << 16 | p[4] << 8 | p[5]; 2229 if (nmagic != sp->lcp.magic) { 2230 if (debug) 2231 addlog(" 0x%x", nmagic); 2232 continue; 2233 } 2234 /* 2235 * Local and remote magics equal -- loopback? 2236 */ 2237 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2238 printf (SPP_FMT "loopback\n", 2239 SPP_ARGS(ifp)); 2240 sp->pp_loopcnt = 0; 2241 if (ifp->if_flags & IFF_UP) { 2242 if_down(ifp); 2243 IF_PURGE(&sp->pp_cpq); 2244 /* XXX ? */ 2245 lcp.Down(sp); 2246 lcp.Up(sp); 2247 } 2248 } else if (debug) 2249 addlog(" [glitch]"); 2250 ++sp->pp_loopcnt; 2251 /* 2252 * We negate our magic here, and NAK it. If 2253 * we see it later in an NAK packet, we 2254 * suggest a new one. 2255 */ 2256 nmagic = ~sp->lcp.magic; 2257 /* Gonna NAK it. */ 2258 p[2] = nmagic >> 24; 2259 p[3] = nmagic >> 16; 2260 p[4] = nmagic >> 8; 2261 p[5] = nmagic; 2262 break; 2263 2264 case LCP_OPT_ASYNC_MAP: 2265 /* Async control character map -- check to be zero. */ 2266 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) { 2267 if (debug) 2268 addlog(" [empty]"); 2269 continue; 2270 } 2271 if (debug) 2272 addlog(" [non-empty]"); 2273 /* suggest a zero one */ 2274 #ifndef BROKEN_98 /* XXX - broken Win98 drivers INSIST on having an ASYNC_MAP */ 2275 p[2] = p[3] = p[4] = p[5] = 0; 2276 break; 2277 #else 2278 continue; 2279 #endif 2280 2281 case LCP_OPT_MRU: 2282 /* 2283 * Maximum receive unit. Always agreeable, 2284 * but ignored by now. 2285 */ 2286 sp->lcp.their_mru = p[2] * 256 + p[3]; 2287 if (debug) 2288 addlog(" %ld", sp->lcp.their_mru); 2289 continue; 2290 2291 case LCP_OPT_AUTH_PROTO: 2292 authproto = (p[2] << 8) + p[3]; 2293 if (sp->myauth.proto != authproto) { 2294 /* not agreed, nak */ 2295 if (debug) 2296 addlog(" [mine %s != his %s]", 2297 sppp_proto_name(sp->hisauth.proto), 2298 sppp_proto_name(authproto)); 2299 p[2] = sp->myauth.proto >> 8; 2300 p[3] = sp->myauth.proto; 2301 break; 2302 } 2303 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2304 if (debug) 2305 addlog(" [chap not MD5]"); 2306 p[4] = CHAP_MD5; 2307 break; 2308 } 2309 continue; 2310 } 2311 /* Add the option to nak'ed list. */ 2312 bcopy (p, r, p[1]); 2313 r += p[1]; 2314 rlen += p[1]; 2315 } 2316 if (rlen) { 2317 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2318 if (debug) 2319 addlog(" max_failure (%d) exceeded, " 2320 "send conf-rej\n", 2321 sp->lcp.max_failure); 2322 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2323 } else { 2324 if (debug) 2325 addlog(" send conf-nak\n"); 2326 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2327 } 2328 goto end; 2329 } else { 2330 if (debug) 2331 addlog(" send conf-ack\n"); 2332 sp->fail_counter[IDX_LCP] = 0; 2333 sp->pp_loopcnt = 0; 2334 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2335 h->ident, origlen, h+1); 2336 } 2337 2338 end: 2339 free (buf, M_TEMP); 2340 return (rlen == 0); 2341 } 2342 2343 /* 2344 * Analyze the LCP Configure-Reject option list, and adjust our 2345 * negotiation. 2346 */ 2347 static void 2348 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2349 { 2350 STDDCL; 2351 u_char *buf, *p; 2352 2353 len -= 4; 2354 buf = malloc (len, M_TEMP, M_NOWAIT); 2355 if (!buf) 2356 return; 2357 2358 if (debug) 2359 log(LOG_DEBUG, SPP_FMT "lcp rej opts:", 2360 SPP_ARGS(ifp)); 2361 2362 p = (void*) (h+1); 2363 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2364 if (debug) 2365 addlog(" %s", sppp_lcp_opt_name(*p)); 2366 switch (*p) { 2367 case LCP_OPT_MAGIC: 2368 /* Magic number -- can't use it, use 0 */ 2369 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2370 sp->lcp.magic = 0; 2371 break; 2372 case LCP_OPT_MRU: 2373 /* 2374 * Should not be rejected anyway, since we only 2375 * negotiate a MRU if explicitly requested by 2376 * peer. 2377 */ 2378 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2379 break; 2380 case LCP_OPT_AUTH_PROTO: 2381 /* 2382 * Peer doesn't want to authenticate himself, 2383 * deny unless this is a dialout call, and 2384 * SPPP_AUTHFLAG_NOCALLOUT is set. 2385 */ 2386 if ((sp->pp_flags & PP_CALLIN) == 0 && 2387 (sp->hisauth.flags & SPPP_AUTHFLAG_NOCALLOUT) != 0) { 2388 if (debug) 2389 addlog(" [don't insist on auth " 2390 "for callout]"); 2391 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2392 break; 2393 } 2394 if (debug) 2395 addlog("[access denied]\n"); 2396 lcp.Close(sp); 2397 break; 2398 } 2399 } 2400 if (debug) 2401 addlog("\n"); 2402 free (buf, M_TEMP); 2403 return; 2404 } 2405 2406 /* 2407 * Analyze the LCP Configure-NAK option list, and adjust our 2408 * negotiation. 2409 */ 2410 static void 2411 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2412 { 2413 STDDCL; 2414 u_char *buf, *p; 2415 u_int32_t magic; 2416 2417 len -= 4; 2418 buf = malloc (len, M_TEMP, M_NOWAIT); 2419 if (!buf) 2420 return; 2421 2422 if (debug) 2423 log(LOG_DEBUG, SPP_FMT "lcp nak opts:", 2424 SPP_ARGS(ifp)); 2425 2426 p = (void*) (h+1); 2427 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2428 if (debug) 2429 addlog(" %s", sppp_lcp_opt_name(*p)); 2430 switch (*p) { 2431 case LCP_OPT_MAGIC: 2432 /* Magic number -- renegotiate */ 2433 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2434 len >= 6 && p[1] == 6) { 2435 magic = (u_int32_t)p[2] << 24 | 2436 (u_int32_t)p[3] << 16 | p[4] << 8 | p[5]; 2437 /* 2438 * If the remote magic is our negated one, 2439 * this looks like a loopback problem. 2440 * Suggest a new magic to make sure. 2441 */ 2442 if (magic == ~sp->lcp.magic) { 2443 if (debug) 2444 addlog(" magic glitch"); 2445 sp->lcp.magic = random(); 2446 } else { 2447 sp->lcp.magic = magic; 2448 if (debug) 2449 addlog(" %d", magic); 2450 } 2451 } 2452 break; 2453 case LCP_OPT_MRU: 2454 /* 2455 * Peer wants to advise us to negotiate an MRU. 2456 * Agree on it if it's reasonable, or use 2457 * default otherwise. 2458 */ 2459 if (len >= 4 && p[1] == 4) { 2460 u_int mru = p[2] * 256 + p[3]; 2461 if (debug) 2462 addlog(" %d", mru); 2463 if (mru < PP_MTU || mru > PP_MAX_MRU) 2464 mru = PP_MTU; 2465 sp->lcp.mru = mru; 2466 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2467 } 2468 break; 2469 case LCP_OPT_AUTH_PROTO: 2470 /* 2471 * Peer doesn't like our authentication method, 2472 * deny. 2473 */ 2474 if (debug) 2475 addlog("[access denied]\n"); 2476 lcp.Close(sp); 2477 break; 2478 } 2479 } 2480 if (debug) 2481 addlog("\n"); 2482 free (buf, M_TEMP); 2483 return; 2484 } 2485 2486 static void 2487 sppp_lcp_tlu(struct sppp *sp) 2488 { 2489 STDDCL; 2490 int i; 2491 u_int32_t mask; 2492 2493 /* XXX ? */ 2494 if (! (ifp->if_flags & IFF_UP) && 2495 (ifp->if_flags & IFF_RUNNING)) { 2496 /* Coming out of loopback mode. */ 2497 if_up(ifp); 2498 } 2499 2500 for (i = 0; i < IDX_COUNT; i++) 2501 if ((cps[i])->flags & CP_QUAL) 2502 (cps[i])->Open(sp); 2503 2504 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2505 (sp->pp_flags & PP_NEEDAUTH) != 0) 2506 sp->pp_phase = SPPP_PHASE_AUTHENTICATE; 2507 else 2508 sp->pp_phase = SPPP_PHASE_NETWORK; 2509 2510 if(debug) 2511 { 2512 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2513 sppp_phase_name(sp->pp_phase)); 2514 } 2515 2516 /* 2517 * Open all authentication protocols. This is even required 2518 * if we already proceeded to network phase, since it might be 2519 * that remote wants us to authenticate, so we might have to 2520 * send a PAP request. Undesired authentication protocols 2521 * don't do anything when they get an Open event. 2522 */ 2523 for (i = 0; i < IDX_COUNT; i++) 2524 if ((cps[i])->flags & CP_AUTH) 2525 (cps[i])->Open(sp); 2526 2527 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 2528 /* Notify all NCPs. */ 2529 for (i = 0; i < IDX_COUNT; i++) 2530 if ((cps[i])->flags & CP_NCP) 2531 (cps[i])->Open(sp); 2532 } 2533 2534 /* Send Up events to all started protos. */ 2535 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2536 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2537 (cps[i])->Up(sp); 2538 2539 /* notify low-level driver of state change */ 2540 if (sp->pp_chg) 2541 sp->pp_chg(sp, (int)sp->pp_phase); 2542 2543 if (sp->pp_phase == SPPP_PHASE_NETWORK) 2544 /* if no NCP is starting, close down */ 2545 sppp_lcp_check_and_close(sp); 2546 } 2547 2548 static void 2549 sppp_lcp_tld(struct sppp *sp) 2550 { 2551 STDDCL; 2552 int i; 2553 u_int32_t mask; 2554 2555 sp->pp_phase = SPPP_PHASE_TERMINATE; 2556 2557 if(debug) 2558 { 2559 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2560 sppp_phase_name(sp->pp_phase)); 2561 } 2562 2563 /* 2564 * Take upper layers down. We send the Down event first and 2565 * the Close second to prevent the upper layers from sending 2566 * ``a flurry of terminate-request packets'', as the RFC 2567 * describes it. 2568 */ 2569 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2570 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2571 (cps[i])->Down(sp); 2572 (cps[i])->Close(sp); 2573 } 2574 } 2575 2576 static void 2577 sppp_lcp_tls(struct sppp *sp) 2578 { 2579 STDDCL; 2580 2581 if (sp->pp_max_auth_fail != 0 && sp->pp_auth_failures >= sp->pp_max_auth_fail) { 2582 printf("%s: authentication failed %d times, not retrying again\n", 2583 sp->pp_if.if_xname, sp->pp_auth_failures); 2584 if_down(&sp->pp_if); 2585 return; 2586 } 2587 2588 sp->pp_phase = SPPP_PHASE_ESTABLISH; 2589 2590 if(debug) 2591 { 2592 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2593 sppp_phase_name(sp->pp_phase)); 2594 } 2595 2596 /* Notify lower layer if desired. */ 2597 if (sp->pp_tls) 2598 (sp->pp_tls)(sp); 2599 } 2600 2601 static void 2602 sppp_lcp_tlf(struct sppp *sp) 2603 { 2604 STDDCL; 2605 2606 sp->pp_phase = SPPP_PHASE_DEAD; 2607 2608 if(debug) 2609 { 2610 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2611 sppp_phase_name(sp->pp_phase)); 2612 } 2613 2614 /* Notify lower layer if desired. */ 2615 if (sp->pp_tlf) 2616 (sp->pp_tlf)(sp); 2617 } 2618 2619 static void 2620 sppp_lcp_scr(struct sppp *sp) 2621 { 2622 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2623 int i = 0; 2624 u_short authproto; 2625 2626 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2627 if (! sp->lcp.magic) 2628 sp->lcp.magic = random(); 2629 opt[i++] = LCP_OPT_MAGIC; 2630 opt[i++] = 6; 2631 opt[i++] = sp->lcp.magic >> 24; 2632 opt[i++] = sp->lcp.magic >> 16; 2633 opt[i++] = sp->lcp.magic >> 8; 2634 opt[i++] = sp->lcp.magic; 2635 } 2636 2637 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2638 opt[i++] = LCP_OPT_MRU; 2639 opt[i++] = 4; 2640 opt[i++] = sp->lcp.mru >> 8; 2641 opt[i++] = sp->lcp.mru; 2642 } 2643 2644 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2645 authproto = sp->hisauth.proto; 2646 opt[i++] = LCP_OPT_AUTH_PROTO; 2647 opt[i++] = authproto == PPP_CHAP? 5: 4; 2648 opt[i++] = authproto >> 8; 2649 opt[i++] = authproto; 2650 if (authproto == PPP_CHAP) 2651 opt[i++] = CHAP_MD5; 2652 } 2653 2654 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2655 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2656 } 2657 2658 /* 2659 * Check the open NCPs, return true if at least one NCP is open. 2660 */ 2661 static int 2662 sppp_ncp_check(struct sppp *sp) 2663 { 2664 int i, mask; 2665 2666 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2667 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2668 return 1; 2669 return 0; 2670 } 2671 2672 /* 2673 * Re-check the open NCPs and see if we should terminate the link. 2674 * Called by the NCPs during their tlf action handling. 2675 */ 2676 static void 2677 sppp_lcp_check_and_close(struct sppp *sp) 2678 { 2679 2680 if (sp->pp_phase < SPPP_PHASE_NETWORK) 2681 /* don't bother, we are already going down */ 2682 return; 2683 2684 if (sppp_ncp_check(sp)) 2685 return; 2686 2687 lcp.Close(sp); 2688 } 2689 2690 2691 /* 2692 *--------------------------------------------------------------------------* 2693 * * 2694 * The IPCP implementation. * 2695 * * 2696 *--------------------------------------------------------------------------* 2697 */ 2698 2699 static void 2700 sppp_ipcp_init(struct sppp *sp) 2701 { 2702 sp->ipcp.opts = 0; 2703 sp->ipcp.flags = 0; 2704 sp->state[IDX_IPCP] = STATE_INITIAL; 2705 sp->fail_counter[IDX_IPCP] = 0; 2706 sp->pp_seq[IDX_IPCP] = 0; 2707 sp->pp_rseq[IDX_IPCP] = 0; 2708 callout_init(&sp->ch[IDX_IPCP]); 2709 } 2710 2711 static void 2712 sppp_ipcp_up(struct sppp *sp) 2713 { 2714 sppp_up_event(&ipcp, sp); 2715 } 2716 2717 static void 2718 sppp_ipcp_down(struct sppp *sp) 2719 { 2720 sppp_down_event(&ipcp, sp); 2721 } 2722 2723 static void 2724 sppp_ipcp_open(struct sppp *sp) 2725 { 2726 STDDCL; 2727 u_int32_t myaddr, hisaddr; 2728 2729 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN|IPCP_HISADDR_DYN); 2730 sp->ipcp.req_myaddr = 0; 2731 sp->ipcp.req_hisaddr = 0; 2732 memset(&sp->dns_addrs, 0, sizeof sp->dns_addrs); 2733 2734 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2735 /* 2736 * If we don't have his address, this probably means our 2737 * interface doesn't want to talk IP at all. (This could 2738 * be the case if somebody wants to speak only IPX, for 2739 * example.) Don't open IPCP in this case. 2740 */ 2741 if (hisaddr == 0L) { 2742 /* XXX this message should go away */ 2743 if (debug) 2744 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2745 SPP_ARGS(ifp)); 2746 return; 2747 } 2748 2749 if (myaddr == 0) { 2750 /* 2751 * I don't have an assigned address, so i need to 2752 * negotiate my address. 2753 */ 2754 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2755 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2756 } 2757 if (hisaddr == 1) { 2758 /* 2759 * XXX - remove this hack! 2760 * remote has no valid adress, we need to get one assigned. 2761 */ 2762 sp->ipcp.flags |= IPCP_HISADDR_DYN; 2763 } 2764 sppp_open_event(&ipcp, sp); 2765 } 2766 2767 static void 2768 sppp_ipcp_close(struct sppp *sp) 2769 { 2770 STDDCL; 2771 2772 sppp_close_event(&ipcp, sp); 2773 if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN)) 2774 /* 2775 * Some address was dynamic, clear it again. 2776 */ 2777 sppp_clear_ip_addrs(sp); 2778 2779 if (sp->pp_saved_mtu > 0) { 2780 ifp->if_mtu = sp->pp_saved_mtu; 2781 sp->pp_saved_mtu = 0; 2782 if (debug) 2783 log(LOG_DEBUG, 2784 SPP_FMT "resetting MTU to %" PRIu64 " bytes\n", 2785 SPP_ARGS(ifp), ifp->if_mtu); 2786 } 2787 } 2788 2789 static void 2790 sppp_ipcp_TO(void *cookie) 2791 { 2792 sppp_to_event(&ipcp, (struct sppp *)cookie); 2793 } 2794 2795 /* 2796 * Analyze a configure request. Return true if it was agreeable, and 2797 * caused action sca, false if it has been rejected or nak'ed, and 2798 * caused action scn. (The return value is used to make the state 2799 * transition decision in the state automaton.) 2800 */ 2801 static int 2802 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2803 { 2804 u_char *buf, *r, *p; 2805 struct ifnet *ifp = &sp->pp_if; 2806 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2807 u_int32_t hisaddr, desiredaddr; 2808 2809 len -= 4; 2810 origlen = len; 2811 /* 2812 * Make sure to allocate a buf that can at least hold a 2813 * conf-nak with an `address' option. We might need it below. 2814 */ 2815 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2816 if (! buf) 2817 return (0); 2818 2819 /* pass 1: see if we can recognize them */ 2820 if (debug) 2821 log(LOG_DEBUG, SPP_FMT "ipcp parse opts:", 2822 SPP_ARGS(ifp)); 2823 p = (void*) (h+1); 2824 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2825 if (debug) 2826 addlog(" %s", sppp_ipcp_opt_name(*p)); 2827 switch (*p) { 2828 #ifdef notyet 2829 case IPCP_OPT_COMPRESSION: 2830 if (len >= 6 && p[1] >= 6) { 2831 /* correctly formed compress option */ 2832 continue; 2833 } 2834 if (debug) 2835 addlog(" [invalid]"); 2836 break; 2837 #endif 2838 case IPCP_OPT_ADDRESS: 2839 if (len >= 6 && p[1] == 6) { 2840 /* correctly formed address option */ 2841 continue; 2842 } 2843 if (debug) 2844 addlog(" [invalid]"); 2845 break; 2846 default: 2847 /* Others not supported. */ 2848 if (debug) 2849 addlog(" [rej]"); 2850 break; 2851 } 2852 /* Add the option to rejected list. */ 2853 bcopy (p, r, p[1]); 2854 r += p[1]; 2855 rlen += p[1]; 2856 } 2857 if (rlen) { 2858 if (debug) 2859 addlog(" send conf-rej\n"); 2860 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2861 goto end; 2862 } else if (debug) 2863 addlog("\n"); 2864 2865 /* pass 2: parse option values */ 2866 if (sp->ipcp.flags & IPCP_HISADDR_SEEN) 2867 hisaddr = sp->ipcp.req_hisaddr; /* we already aggreed on that */ 2868 else 2869 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */ 2870 if (debug) 2871 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2872 SPP_ARGS(ifp)); 2873 p = (void*) (h+1); 2874 len = origlen; 2875 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2876 if (debug) 2877 addlog(" %s", sppp_ipcp_opt_name(*p)); 2878 switch (*p) { 2879 #ifdef notyet 2880 case IPCP_OPT_COMPRESSION: 2881 continue; 2882 #endif 2883 case IPCP_OPT_ADDRESS: 2884 desiredaddr = p[2] << 24 | p[3] << 16 | 2885 p[4] << 8 | p[5]; 2886 if (desiredaddr == hisaddr || 2887 ((sp->ipcp.flags & IPCP_HISADDR_DYN) && desiredaddr != 0)) { 2888 /* 2889 * Peer's address is same as our value, 2890 * this is agreeable. Gonna conf-ack 2891 * it. 2892 */ 2893 if (debug) 2894 addlog(" %s [ack]", 2895 sppp_dotted_quad(hisaddr)); 2896 /* record that we've seen it already */ 2897 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2898 sp->ipcp.req_hisaddr = desiredaddr; 2899 hisaddr = desiredaddr; 2900 continue; 2901 } 2902 /* 2903 * The address wasn't agreeable. This is either 2904 * he sent us 0.0.0.0, asking to assign him an 2905 * address, or he send us another address not 2906 * matching our value. Either case, we gonna 2907 * conf-nak it with our value. 2908 */ 2909 if (debug) { 2910 if (desiredaddr == 0) 2911 addlog(" [addr requested]"); 2912 else 2913 addlog(" %s [not agreed]", 2914 sppp_dotted_quad(desiredaddr)); 2915 } 2916 2917 p[2] = hisaddr >> 24; 2918 p[3] = hisaddr >> 16; 2919 p[4] = hisaddr >> 8; 2920 p[5] = hisaddr; 2921 break; 2922 } 2923 /* Add the option to nak'ed list. */ 2924 bcopy (p, r, p[1]); 2925 r += p[1]; 2926 rlen += p[1]; 2927 } 2928 2929 /* 2930 * If we are about to conf-ack the request, but haven't seen 2931 * his address so far, gonna conf-nak it instead, with the 2932 * `address' option present and our idea of his address being 2933 * filled in there, to request negotiation of both addresses. 2934 * 2935 * XXX This can result in an endless req - nak loop if peer 2936 * doesn't want to send us his address. Q: What should we do 2937 * about it? XXX A: implement the max-failure counter. 2938 */ 2939 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) { 2940 buf[0] = IPCP_OPT_ADDRESS; 2941 buf[1] = 6; 2942 buf[2] = hisaddr >> 24; 2943 buf[3] = hisaddr >> 16; 2944 buf[4] = hisaddr >> 8; 2945 buf[5] = hisaddr; 2946 rlen = 6; 2947 if (debug) 2948 addlog(" still need hisaddr"); 2949 } 2950 2951 if (rlen) { 2952 if (debug) 2953 addlog(" send conf-nak\n"); 2954 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2955 } else { 2956 if (debug) 2957 addlog(" send conf-ack\n"); 2958 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 2959 h->ident, origlen, h+1); 2960 } 2961 2962 end: 2963 free (buf, M_TEMP); 2964 return (rlen == 0); 2965 } 2966 2967 /* 2968 * Analyze the IPCP Configure-Reject option list, and adjust our 2969 * negotiation. 2970 */ 2971 static void 2972 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2973 { 2974 u_char *buf, *p; 2975 struct ifnet *ifp = &sp->pp_if; 2976 int debug = ifp->if_flags & IFF_DEBUG; 2977 2978 len -= 4; 2979 buf = malloc (len, M_TEMP, M_NOWAIT); 2980 if (!buf) 2981 return; 2982 2983 if (debug) 2984 log(LOG_DEBUG, SPP_FMT "ipcp rej opts:", 2985 SPP_ARGS(ifp)); 2986 2987 p = (void*) (h+1); 2988 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2989 if (debug) 2990 addlog(" %s", sppp_ipcp_opt_name(*p)); 2991 switch (*p) { 2992 case IPCP_OPT_ADDRESS: 2993 /* 2994 * Peer doesn't grok address option. This is 2995 * bad. XXX Should we better give up here? 2996 */ 2997 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 2998 break; 2999 #ifdef notyet 3000 case IPCP_OPT_COMPRESS: 3001 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS); 3002 break; 3003 #endif 3004 } 3005 } 3006 if (debug) 3007 addlog("\n"); 3008 free (buf, M_TEMP); 3009 return; 3010 } 3011 3012 /* 3013 * Analyze the IPCP Configure-NAK option list, and adjust our 3014 * negotiation. 3015 */ 3016 static void 3017 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3018 { 3019 u_char *p; 3020 struct ifnet *ifp = &sp->pp_if; 3021 int debug = ifp->if_flags & IFF_DEBUG; 3022 u_int32_t wantaddr; 3023 3024 len -= 4; 3025 3026 if (debug) 3027 log(LOG_DEBUG, SPP_FMT "ipcp nak opts:", 3028 SPP_ARGS(ifp)); 3029 3030 p = (void*) (h+1); 3031 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3032 if (debug) 3033 addlog(" %s", sppp_ipcp_opt_name(*p)); 3034 switch (*p) { 3035 case IPCP_OPT_ADDRESS: 3036 /* 3037 * Peer doesn't like our local IP address. See 3038 * if we can do something for him. We'll drop 3039 * him our address then. 3040 */ 3041 if (len >= 6 && p[1] == 6) { 3042 wantaddr = p[2] << 24 | p[3] << 16 | 3043 p[4] << 8 | p[5]; 3044 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3045 if (debug) 3046 addlog(" [wantaddr %s]", 3047 sppp_dotted_quad(wantaddr)); 3048 /* 3049 * When doing dynamic address assignment, 3050 * we accept his offer. Otherwise, we 3051 * ignore it and thus continue to negotiate 3052 * our already existing value. 3053 */ 3054 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3055 if (debug) 3056 addlog(" [agree]"); 3057 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3058 sp->ipcp.req_myaddr = wantaddr; 3059 } 3060 } 3061 break; 3062 3063 case IPCP_OPT_PRIMDNS: 3064 if (len >= 6 && p[1] == 6) { 3065 sp->dns_addrs[0] = p[2] << 24 | p[3] << 16 | 3066 p[4] << 8 | p[5]; 3067 } 3068 break; 3069 3070 case IPCP_OPT_SECDNS: 3071 if (len >= 6 && p[1] == 6) { 3072 sp->dns_addrs[1] = p[2] << 24 | p[3] << 16 | 3073 p[4] << 8 | p[5]; 3074 } 3075 break; 3076 #ifdef notyet 3077 case IPCP_OPT_COMPRESS: 3078 /* 3079 * Peer wants different compression parameters. 3080 */ 3081 break; 3082 #endif 3083 } 3084 } 3085 if (debug) 3086 addlog("\n"); 3087 return; 3088 } 3089 3090 static void 3091 sppp_ipcp_tlu(struct sppp *sp) 3092 { 3093 /* we are up. Set addresses and notify anyone interested */ 3094 STDDCL; 3095 u_int32_t myaddr, hisaddr; 3096 3097 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 3098 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && (sp->ipcp.flags & IPCP_MYADDR_SEEN)) 3099 myaddr = sp->ipcp.req_myaddr; 3100 if ((sp->ipcp.flags & IPCP_HISADDR_DYN) && (sp->ipcp.flags & IPCP_HISADDR_SEEN)) 3101 hisaddr = sp->ipcp.req_hisaddr; 3102 sppp_set_ip_addrs(sp, myaddr, hisaddr); 3103 3104 if (ifp->if_mtu > sp->lcp.their_mru) { 3105 sp->pp_saved_mtu = ifp->if_mtu; 3106 ifp->if_mtu = sp->lcp.their_mru; 3107 if (debug) 3108 log(LOG_DEBUG, 3109 SPP_FMT "setting MTU to %" PRIu64 " bytes\n", 3110 SPP_ARGS(ifp), ifp->if_mtu); 3111 } 3112 3113 if (sp->pp_con) 3114 sp->pp_con(sp); 3115 } 3116 3117 static void 3118 sppp_ipcp_tld(struct sppp *sp) 3119 { 3120 } 3121 3122 static void 3123 sppp_ipcp_tls(struct sppp *sp) 3124 { 3125 /* indicate to LCP that it must stay alive */ 3126 sp->lcp.protos |= (1 << IDX_IPCP); 3127 } 3128 3129 static void 3130 sppp_ipcp_tlf(struct sppp *sp) 3131 { 3132 /* we no longer need LCP */ 3133 sp->lcp.protos &= ~(1 << IDX_IPCP); 3134 } 3135 3136 static void 3137 sppp_ipcp_scr(struct sppp *sp) 3138 { 3139 char opt[6 /* compression */ + 6 /* address */ + 12 /* dns addresses */]; 3140 u_int32_t ouraddr; 3141 int i = 0; 3142 3143 #ifdef notyet 3144 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3145 opt[i++] = IPCP_OPT_COMPRESSION; 3146 opt[i++] = 6; 3147 opt[i++] = 0; /* VJ header compression */ 3148 opt[i++] = 0x2d; /* VJ header compression */ 3149 opt[i++] = max_slot_id; 3150 opt[i++] = comp_slot_id; 3151 } 3152 #endif 3153 3154 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3155 if (sp->ipcp.flags & IPCP_MYADDR_SEEN) 3156 ouraddr = sp->ipcp.req_myaddr; /* not sure if this can ever happen */ 3157 else 3158 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3159 opt[i++] = IPCP_OPT_ADDRESS; 3160 opt[i++] = 6; 3161 opt[i++] = ouraddr >> 24; 3162 opt[i++] = ouraddr >> 16; 3163 opt[i++] = ouraddr >> 8; 3164 opt[i++] = ouraddr; 3165 } 3166 3167 if (sp->query_dns & 1) { 3168 opt[i++] = IPCP_OPT_PRIMDNS; 3169 opt[i++] = 6; 3170 opt[i++] = sp->dns_addrs[0] >> 24; 3171 opt[i++] = sp->dns_addrs[0] >> 16; 3172 opt[i++] = sp->dns_addrs[0] >> 8; 3173 opt[i++] = sp->dns_addrs[0]; 3174 } 3175 if (sp->query_dns & 2) { 3176 opt[i++] = IPCP_OPT_SECDNS; 3177 opt[i++] = 6; 3178 opt[i++] = sp->dns_addrs[1] >> 24; 3179 opt[i++] = sp->dns_addrs[1] >> 16; 3180 opt[i++] = sp->dns_addrs[1] >> 8; 3181 opt[i++] = sp->dns_addrs[1]; 3182 } 3183 3184 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3185 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3186 } 3187 3188 3189 /* 3190 *--------------------------------------------------------------------------* 3191 * * 3192 * The IPv6CP implementation. * 3193 * * 3194 *--------------------------------------------------------------------------* 3195 */ 3196 3197 #ifdef INET6 3198 static void 3199 sppp_ipv6cp_init(struct sppp *sp) 3200 { 3201 sp->ipv6cp.opts = 0; 3202 sp->ipv6cp.flags = 0; 3203 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3204 sp->fail_counter[IDX_IPV6CP] = 0; 3205 sp->pp_seq[IDX_IPV6CP] = 0; 3206 sp->pp_rseq[IDX_IPV6CP] = 0; 3207 callout_init(&sp->ch[IDX_IPV6CP]); 3208 } 3209 3210 static void 3211 sppp_ipv6cp_up(struct sppp *sp) 3212 { 3213 sppp_up_event(&ipv6cp, sp); 3214 } 3215 3216 static void 3217 sppp_ipv6cp_down(struct sppp *sp) 3218 { 3219 sppp_down_event(&ipv6cp, sp); 3220 } 3221 3222 static void 3223 sppp_ipv6cp_open(struct sppp *sp) 3224 { 3225 STDDCL; 3226 struct in6_addr myaddr, hisaddr; 3227 3228 #ifdef IPV6CP_MYIFID_DYN 3229 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3230 #else 3231 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3232 #endif 3233 3234 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3235 /* 3236 * If we don't have our address, this probably means our 3237 * interface doesn't want to talk IPv6 at all. (This could 3238 * be the case if somebody wants to speak only IPX, for 3239 * example.) Don't open IPv6CP in this case. 3240 */ 3241 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3242 /* XXX this message should go away */ 3243 if (debug) 3244 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n", 3245 SPP_ARGS(ifp)); 3246 return; 3247 } 3248 3249 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3250 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3251 sppp_open_event(&ipv6cp, sp); 3252 } 3253 3254 static void 3255 sppp_ipv6cp_close(struct sppp *sp) 3256 { 3257 sppp_close_event(&ipv6cp, sp); 3258 } 3259 3260 static void 3261 sppp_ipv6cp_TO(void *cookie) 3262 { 3263 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3264 } 3265 3266 /* 3267 * Analyze a configure request. Return true if it was agreeable, and 3268 * caused action sca, false if it has been rejected or nak'ed, and 3269 * caused action scn. (The return value is used to make the state 3270 * transition decision in the state automaton.) 3271 */ 3272 static int 3273 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3274 { 3275 u_char *buf, *r, *p; 3276 struct ifnet *ifp = &sp->pp_if; 3277 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3278 struct in6_addr myaddr, desiredaddr, suggestaddr; 3279 int ifidcount; 3280 int type; 3281 int collision, nohisaddr; 3282 3283 len -= 4; 3284 origlen = len; 3285 /* 3286 * Make sure to allocate a buf that can at least hold a 3287 * conf-nak with an `address' option. We might need it below. 3288 */ 3289 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3290 if (! buf) 3291 return (0); 3292 3293 /* pass 1: see if we can recognize them */ 3294 if (debug) 3295 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:", 3296 SPP_ARGS(ifp)); 3297 p = (void*) (h+1); 3298 ifidcount = 0; 3299 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3300 if (debug) 3301 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3302 switch (*p) { 3303 case IPV6CP_OPT_IFID: 3304 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3305 /* correctly formed address option */ 3306 ifidcount++; 3307 continue; 3308 } 3309 if (debug) 3310 addlog(" [invalid]"); 3311 break; 3312 #ifdef notyet 3313 case IPV6CP_OPT_COMPRESSION: 3314 if (len >= 4 && p[1] >= 4) { 3315 /* correctly formed compress option */ 3316 continue; 3317 } 3318 if (debug) 3319 addlog(" [invalid]"); 3320 break; 3321 #endif 3322 default: 3323 /* Others not supported. */ 3324 if (debug) 3325 addlog(" [rej]"); 3326 break; 3327 } 3328 /* Add the option to rejected list. */ 3329 bcopy (p, r, p[1]); 3330 r += p[1]; 3331 rlen += p[1]; 3332 } 3333 if (rlen) { 3334 if (debug) 3335 addlog(" send conf-rej\n"); 3336 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3337 goto end; 3338 } else if (debug) 3339 addlog("\n"); 3340 3341 /* pass 2: parse option values */ 3342 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3343 if (debug) 3344 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ", 3345 SPP_ARGS(ifp)); 3346 p = (void*) (h+1); 3347 len = origlen; 3348 type = CONF_ACK; 3349 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3350 if (debug) 3351 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3352 switch (*p) { 3353 #ifdef notyet 3354 case IPV6CP_OPT_COMPRESSION: 3355 continue; 3356 #endif 3357 case IPV6CP_OPT_IFID: 3358 memset(&desiredaddr, 0, sizeof(desiredaddr)); 3359 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3360 collision = (memcmp(&desiredaddr.s6_addr[8], 3361 &myaddr.s6_addr[8], 8) == 0); 3362 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3363 3364 desiredaddr.s6_addr16[0] = htons(0xfe80); 3365 desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3366 3367 if (!collision && !nohisaddr) { 3368 /* no collision, hisaddr known - Conf-Ack */ 3369 type = CONF_ACK; 3370 3371 if (debug) { 3372 addlog(" %s [%s]", 3373 ip6_sprintf(&desiredaddr), 3374 sppp_cp_type_name(type)); 3375 } 3376 continue; 3377 } 3378 3379 memset(&suggestaddr, 0, sizeof(&suggestaddr)); 3380 if (collision && nohisaddr) { 3381 /* collision, hisaddr unknown - Conf-Rej */ 3382 type = CONF_REJ; 3383 memset(&p[2], 0, 8); 3384 } else { 3385 /* 3386 * - no collision, hisaddr unknown, or 3387 * - collision, hisaddr known 3388 * Conf-Nak, suggest hisaddr 3389 */ 3390 type = CONF_NAK; 3391 sppp_suggest_ip6_addr(sp, &suggestaddr); 3392 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3393 } 3394 if (debug) 3395 addlog(" %s [%s]", ip6_sprintf(&desiredaddr), 3396 sppp_cp_type_name(type)); 3397 break; 3398 } 3399 /* Add the option to nak'ed list. */ 3400 bcopy (p, r, p[1]); 3401 r += p[1]; 3402 rlen += p[1]; 3403 } 3404 3405 if (rlen == 0 && type == CONF_ACK) { 3406 if (debug) 3407 addlog(" send %s\n", sppp_cp_type_name(type)); 3408 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1); 3409 } else { 3410 #ifdef DIAGNOSTIC 3411 if (type == CONF_ACK) 3412 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3413 #endif 3414 3415 if (debug) { 3416 addlog(" send %s suggest %s\n", 3417 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr)); 3418 } 3419 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3420 } 3421 3422 end: 3423 free (buf, M_TEMP); 3424 return (rlen == 0); 3425 } 3426 3427 /* 3428 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3429 * negotiation. 3430 */ 3431 static void 3432 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3433 { 3434 u_char *buf, *p; 3435 struct ifnet *ifp = &sp->pp_if; 3436 int debug = ifp->if_flags & IFF_DEBUG; 3437 3438 len -= 4; 3439 buf = malloc (len, M_TEMP, M_NOWAIT); 3440 if (!buf) 3441 return; 3442 3443 if (debug) 3444 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:", 3445 SPP_ARGS(ifp)); 3446 3447 p = (void*) (h+1); 3448 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3449 if (debug) 3450 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3451 switch (*p) { 3452 case IPV6CP_OPT_IFID: 3453 /* 3454 * Peer doesn't grok address option. This is 3455 * bad. XXX Should we better give up here? 3456 */ 3457 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3458 break; 3459 #ifdef notyet 3460 case IPV6CP_OPT_COMPRESS: 3461 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3462 break; 3463 #endif 3464 } 3465 } 3466 if (debug) 3467 addlog("\n"); 3468 free (buf, M_TEMP); 3469 return; 3470 } 3471 3472 /* 3473 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3474 * negotiation. 3475 */ 3476 static void 3477 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3478 { 3479 u_char *buf, *p; 3480 struct ifnet *ifp = &sp->pp_if; 3481 int debug = ifp->if_flags & IFF_DEBUG; 3482 struct in6_addr suggestaddr; 3483 3484 len -= 4; 3485 buf = malloc (len, M_TEMP, M_NOWAIT); 3486 if (!buf) 3487 return; 3488 3489 if (debug) 3490 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:", 3491 SPP_ARGS(ifp)); 3492 3493 p = (void*) (h+1); 3494 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3495 if (debug) 3496 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3497 switch (*p) { 3498 case IPV6CP_OPT_IFID: 3499 /* 3500 * Peer doesn't like our local ifid. See 3501 * if we can do something for him. We'll drop 3502 * him our address then. 3503 */ 3504 if (len < 10 || p[1] != 10) 3505 break; 3506 memset(&suggestaddr, 0, sizeof(suggestaddr)); 3507 suggestaddr.s6_addr16[0] = htons(0xfe80); 3508 suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index); 3509 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3510 3511 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3512 if (debug) 3513 addlog(" [suggestaddr %s]", 3514 ip6_sprintf(&suggestaddr)); 3515 #ifdef IPV6CP_MYIFID_DYN 3516 /* 3517 * When doing dynamic address assignment, 3518 * we accept his offer. 3519 */ 3520 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3521 struct in6_addr lastsuggest; 3522 /* 3523 * If <suggested myaddr from peer> equals to 3524 * <hisaddr we have suggested last time>, 3525 * we have a collision. generate new random 3526 * ifid. 3527 */ 3528 sppp_suggest_ip6_addr(&lastsuggest); 3529 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3530 lastsuggest)) { 3531 if (debug) 3532 addlog(" [random]"); 3533 sppp_gen_ip6_addr(sp, &suggestaddr); 3534 } 3535 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3536 if (debug) 3537 addlog(" [agree]"); 3538 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3539 } 3540 #else 3541 /* 3542 * Since we do not do dynamic address assignment, 3543 * we ignore it and thus continue to negotiate 3544 * our already existing value. This can possibly 3545 * go into infinite request-reject loop. 3546 * 3547 * This is not likely because we normally use 3548 * ifid based on MAC-address. 3549 * If you have no ethernet card on the node, too bad. 3550 * XXX should we use fail_counter? 3551 */ 3552 #endif 3553 break; 3554 #ifdef notyet 3555 case IPV6CP_OPT_COMPRESS: 3556 /* 3557 * Peer wants different compression parameters. 3558 */ 3559 break; 3560 #endif 3561 } 3562 } 3563 if (debug) 3564 addlog("\n"); 3565 free (buf, M_TEMP); 3566 return; 3567 } 3568 3569 static void 3570 sppp_ipv6cp_tlu(struct sppp *sp) 3571 { 3572 /* we are up - notify isdn daemon */ 3573 if (sp->pp_con) 3574 sp->pp_con(sp); 3575 } 3576 3577 static void 3578 sppp_ipv6cp_tld(struct sppp *sp) 3579 { 3580 } 3581 3582 static void 3583 sppp_ipv6cp_tls(struct sppp *sp) 3584 { 3585 /* indicate to LCP that it must stay alive */ 3586 sp->lcp.protos |= (1 << IDX_IPV6CP); 3587 } 3588 3589 static void 3590 sppp_ipv6cp_tlf(struct sppp *sp) 3591 { 3592 /* we no longer need LCP */ 3593 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3594 } 3595 3596 static void 3597 sppp_ipv6cp_scr(struct sppp *sp) 3598 { 3599 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3600 struct in6_addr ouraddr; 3601 int i = 0; 3602 3603 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3604 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3605 opt[i++] = IPV6CP_OPT_IFID; 3606 opt[i++] = 10; 3607 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3608 i += 8; 3609 } 3610 3611 #ifdef notyet 3612 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3613 opt[i++] = IPV6CP_OPT_COMPRESSION; 3614 opt[i++] = 4; 3615 opt[i++] = 0; /* TBD */ 3616 opt[i++] = 0; /* TBD */ 3617 /* variable length data may follow */ 3618 } 3619 #endif 3620 3621 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3622 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3623 } 3624 #else /*INET6*/ 3625 static void sppp_ipv6cp_init(struct sppp *sp) 3626 { 3627 } 3628 3629 static void sppp_ipv6cp_up(struct sppp *sp) 3630 { 3631 } 3632 3633 static void sppp_ipv6cp_down(struct sppp *sp) 3634 { 3635 } 3636 3637 3638 static void sppp_ipv6cp_open(struct sppp *sp) 3639 { 3640 } 3641 3642 static void sppp_ipv6cp_close(struct sppp *sp) 3643 { 3644 } 3645 3646 static void sppp_ipv6cp_TO(void *sp) 3647 { 3648 } 3649 3650 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3651 { 3652 return 0; 3653 } 3654 3655 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3656 { 3657 } 3658 3659 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3660 { 3661 } 3662 3663 static void sppp_ipv6cp_tlu(struct sppp *sp) 3664 { 3665 } 3666 3667 static void sppp_ipv6cp_tld(struct sppp *sp) 3668 { 3669 } 3670 3671 static void sppp_ipv6cp_tls(struct sppp *sp) 3672 { 3673 } 3674 3675 static void sppp_ipv6cp_tlf(struct sppp *sp) 3676 { 3677 } 3678 3679 static void sppp_ipv6cp_scr(struct sppp *sp) 3680 { 3681 } 3682 #endif /*INET6*/ 3683 3684 3685 /* 3686 *--------------------------------------------------------------------------* 3687 * * 3688 * The CHAP implementation. * 3689 * * 3690 *--------------------------------------------------------------------------* 3691 */ 3692 3693 /* 3694 * The authentication protocols don't employ a full-fledged state machine as 3695 * the control protocols do, since they do have Open and Close events, but 3696 * not Up and Down, nor are they explicitly terminated. Also, use of the 3697 * authentication protocols may be different in both directions (this makes 3698 * sense, think of a machine that never accepts incoming calls but only 3699 * calls out, it doesn't require the called party to authenticate itself). 3700 * 3701 * Our state machine for the local authentication protocol (we are requesting 3702 * the peer to authenticate) looks like: 3703 * 3704 * RCA- 3705 * +--------------------------------------------+ 3706 * V scn,tld| 3707 * +--------+ Close +---------+ RCA+ 3708 * | |<----------------------------------| |------+ 3709 * +--->| Closed | TO* | Opened | sca | 3710 * | | |-----+ +-------| |<-----+ 3711 * | +--------+ irc | | +---------+ 3712 * | ^ | | ^ 3713 * | | | | | 3714 * | | | | | 3715 * | TO-| | | | 3716 * | |tld TO+ V | | 3717 * | | +------->+ | | 3718 * | | | | | | 3719 * | +--------+ V | | 3720 * | | |<----+<--------------------+ | 3721 * | | Req- | scr | 3722 * | | Sent | | 3723 * | | | | 3724 * | +--------+ | 3725 * | RCA- | | RCA+ | 3726 * +------+ +------------------------------------------+ 3727 * scn,tld sca,irc,ict,tlu 3728 * 3729 * 3730 * with: 3731 * 3732 * Open: LCP reached authentication phase 3733 * Close: LCP reached terminate phase 3734 * 3735 * RCA+: received reply (pap-req, chap-response), acceptable 3736 * RCN: received reply (pap-req, chap-response), not acceptable 3737 * TO+: timeout with restart counter >= 0 3738 * TO-: timeout with restart counter < 0 3739 * TO*: reschedule timeout for CHAP 3740 * 3741 * scr: send request packet (none for PAP, chap-challenge) 3742 * sca: send ack packet (pap-ack, chap-success) 3743 * scn: send nak packet (pap-nak, chap-failure) 3744 * ict: initialize re-challenge timer (CHAP only) 3745 * 3746 * tlu: this-layer-up, LCP reaches network phase 3747 * tld: this-layer-down, LCP enters terminate phase 3748 * 3749 * Note that in CHAP mode, after sending a new challenge, while the state 3750 * automaton falls back into Req-Sent state, it doesn't signal a tld 3751 * event to LCP, so LCP remains in network phase. Only after not getting 3752 * any response (or after getting an unacceptable response), CHAP closes, 3753 * causing LCP to enter terminate phase. 3754 * 3755 * With PAP, there is no initial request that can be sent. The peer is 3756 * expected to send one based on the successful negotiation of PAP as 3757 * the authentication protocol during the LCP option negotiation. 3758 * 3759 * Incoming authentication protocol requests (remote requests 3760 * authentication, we are peer) don't employ a state machine at all, 3761 * they are simply answered. Some peers [Ascend P50 firmware rev 3762 * 4.50] react allergically when sending IPCP/IPv6CP requests while they are 3763 * still in authentication phase (thereby violating the standard that 3764 * demands that these NCP packets are to be discarded), so we keep 3765 * track of the peer demanding us to authenticate, and only proceed to 3766 * phase network once we've seen a positive acknowledge for the 3767 * authentication. 3768 */ 3769 3770 /* 3771 * Handle incoming CHAP packets. 3772 */ 3773 void 3774 sppp_chap_input(struct sppp *sp, struct mbuf *m) 3775 { 3776 STDDCL; 3777 struct lcp_header *h; 3778 int len, x; 3779 u_char *value, *name, digest[sizeof(sp->myauth.challenge)], dsize; 3780 int value_len, name_len; 3781 MD5_CTX ctx; 3782 3783 len = m->m_pkthdr.len; 3784 if (len < 4) { 3785 if (debug) 3786 log(LOG_DEBUG, 3787 SPP_FMT "chap invalid packet length: %d bytes\n", 3788 SPP_ARGS(ifp), len); 3789 return; 3790 } 3791 h = mtod (m, struct lcp_header*); 3792 if (len > ntohs (h->len)) 3793 len = ntohs (h->len); 3794 3795 switch (h->type) { 3796 /* challenge, failure and success are his authproto */ 3797 case CHAP_CHALLENGE: 3798 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 3799 /* can't do anything usefull */ 3800 sp->pp_auth_failures++; 3801 printf(SPP_FMT "chap input without my name and my secret being set\n", 3802 SPP_ARGS(ifp)); 3803 break; 3804 } 3805 value = 1 + (u_char*)(h+1); 3806 value_len = value[-1]; 3807 name = value + value_len; 3808 name_len = len - value_len - 5; 3809 if (name_len < 0) { 3810 if (debug) { 3811 log(LOG_DEBUG, 3812 SPP_FMT "chap corrupted challenge " 3813 "<%s id=0x%x len=%d", 3814 SPP_ARGS(ifp), 3815 sppp_auth_type_name(PPP_CHAP, h->type), 3816 h->ident, ntohs(h->len)); 3817 if (len > 4) 3818 sppp_print_bytes((u_char*) (h+1), len-4); 3819 addlog(">\n"); 3820 } 3821 break; 3822 } 3823 3824 if (debug) { 3825 log(LOG_DEBUG, 3826 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3827 SPP_ARGS(ifp), 3828 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3829 ntohs(h->len)); 3830 sppp_print_string((char*) name, name_len); 3831 addlog(" value-size=%d value=", value_len); 3832 sppp_print_bytes(value, value_len); 3833 addlog(">\n"); 3834 } 3835 3836 /* Compute reply value. */ 3837 MD5Init(&ctx); 3838 MD5Update(&ctx, &h->ident, 1); 3839 MD5Update(&ctx, sp->myauth.secret, sp->myauth.secret_len); 3840 MD5Update(&ctx, value, value_len); 3841 MD5Final(digest, &ctx); 3842 dsize = sizeof digest; 3843 3844 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3845 sizeof dsize, (const char *)&dsize, 3846 sizeof digest, digest, 3847 sp->myauth.name_len, 3848 sp->myauth.name, 3849 0); 3850 break; 3851 3852 case CHAP_SUCCESS: 3853 if (debug) { 3854 log(LOG_DEBUG, SPP_FMT "chap success", 3855 SPP_ARGS(ifp)); 3856 if (len > 4) { 3857 addlog(": "); 3858 sppp_print_string((char*)(h + 1), len - 4); 3859 } 3860 addlog("\n"); 3861 } 3862 x = splnet(); 3863 sp->pp_auth_failures = 0; 3864 sp->pp_flags &= ~PP_NEEDAUTH; 3865 if (sp->myauth.proto == PPP_CHAP && 3866 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3867 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3868 /* 3869 * We are authenticator for CHAP but didn't 3870 * complete yet. Leave it to tlu to proceed 3871 * to network phase. 3872 */ 3873 splx(x); 3874 break; 3875 } 3876 splx(x); 3877 sppp_phase_network(sp); 3878 break; 3879 3880 case CHAP_FAILURE: 3881 x = splnet(); 3882 sp->pp_auth_failures++; 3883 splx(x); 3884 if (debug) { 3885 log(LOG_INFO, SPP_FMT "chap failure", 3886 SPP_ARGS(ifp)); 3887 if (len > 4) { 3888 addlog(": "); 3889 sppp_print_string((char*)(h + 1), len - 4); 3890 } 3891 addlog("\n"); 3892 } else 3893 log(LOG_INFO, SPP_FMT "chap failure\n", 3894 SPP_ARGS(ifp)); 3895 /* await LCP shutdown by authenticator */ 3896 break; 3897 3898 /* response is my authproto */ 3899 case CHAP_RESPONSE: 3900 if (sp->hisauth.secret == NULL) { 3901 /* can't do anything usefull */ 3902 printf(SPP_FMT "chap input without his secret being set\n", 3903 SPP_ARGS(ifp)); 3904 break; 3905 } 3906 value = 1 + (u_char*)(h+1); 3907 value_len = value[-1]; 3908 name = value + value_len; 3909 name_len = len - value_len - 5; 3910 if (name_len < 0) { 3911 if (debug) { 3912 log(LOG_DEBUG, 3913 SPP_FMT "chap corrupted response " 3914 "<%s id=0x%x len=%d", 3915 SPP_ARGS(ifp), 3916 sppp_auth_type_name(PPP_CHAP, h->type), 3917 h->ident, ntohs(h->len)); 3918 if (len > 4) 3919 sppp_print_bytes((u_char*)(h+1), len-4); 3920 addlog(">\n"); 3921 } 3922 break; 3923 } 3924 if (h->ident != sp->confid[IDX_CHAP]) { 3925 if (debug) 3926 log(LOG_DEBUG, 3927 SPP_FMT "chap dropping response for old ID " 3928 "(got %d, expected %d)\n", 3929 SPP_ARGS(ifp), 3930 h->ident, sp->confid[IDX_CHAP]); 3931 break; 3932 } 3933 if (sp->hisauth.name != NULL && 3934 (name_len != sp->hisauth.name_len 3935 || memcmp(name, sp->hisauth.name, name_len) != 0)) { 3936 log(LOG_INFO, SPP_FMT "chap response, his name ", 3937 SPP_ARGS(ifp)); 3938 sppp_print_string(name, name_len); 3939 addlog(" != expected "); 3940 sppp_print_string(sp->hisauth.name, 3941 sp->hisauth.name_len); 3942 addlog("\n"); 3943 goto chap_failure; 3944 } 3945 if (debug) { 3946 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 3947 "<%s id=0x%x len=%d name=", 3948 SPP_ARGS(ifp), 3949 sppp_state_name(sp->state[IDX_CHAP]), 3950 sppp_auth_type_name(PPP_CHAP, h->type), 3951 h->ident, ntohs (h->len)); 3952 sppp_print_string((char*)name, name_len); 3953 addlog(" value-size=%d value=", value_len); 3954 sppp_print_bytes(value, value_len); 3955 addlog(">\n"); 3956 } 3957 if (value_len != sizeof(sp->myauth.challenge)) { 3958 if (debug) 3959 log(LOG_DEBUG, 3960 SPP_FMT "chap bad hash value length: " 3961 "%d bytes, should be %ld\n", 3962 SPP_ARGS(ifp), value_len, 3963 (long) sizeof(sp->myauth.challenge)); 3964 goto chap_failure; 3965 } 3966 3967 MD5Init(&ctx); 3968 MD5Update(&ctx, &h->ident, 1); 3969 MD5Update(&ctx, sp->hisauth.secret, sp->hisauth.secret_len); 3970 MD5Update(&ctx, sp->myauth.challenge, sizeof(sp->myauth.challenge)); 3971 MD5Final(digest, &ctx); 3972 3973 #define FAILMSG "Failed..." 3974 #define SUCCMSG "Welcome!" 3975 3976 if (value_len != sizeof digest || 3977 memcmp(digest, value, value_len) != 0) { 3978 chap_failure: 3979 /* action scn, tld */ 3980 x = splnet(); 3981 sp->pp_auth_failures++; 3982 splx(x); 3983 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3984 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3985 0); 3986 chap.tld(sp); 3987 break; 3988 } 3989 sp->pp_auth_failures = 0; 3990 /* action sca, perhaps tlu */ 3991 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 3992 sp->state[IDX_CHAP] == STATE_OPENED) 3993 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 3994 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3995 0); 3996 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 3997 sppp_cp_change_state(&chap, sp, STATE_OPENED); 3998 chap.tlu(sp); 3999 } 4000 break; 4001 4002 default: 4003 /* Unknown CHAP packet type -- ignore. */ 4004 if (debug) { 4005 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 4006 "<0x%x id=0x%xh len=%d", 4007 SPP_ARGS(ifp), 4008 sppp_state_name(sp->state[IDX_CHAP]), 4009 h->type, h->ident, ntohs(h->len)); 4010 if (len > 4) 4011 sppp_print_bytes((u_char*)(h+1), len-4); 4012 addlog(">\n"); 4013 } 4014 break; 4015 4016 } 4017 } 4018 4019 static void 4020 sppp_chap_init(struct sppp *sp) 4021 { 4022 /* Chap doesn't have STATE_INITIAL at all. */ 4023 sp->state[IDX_CHAP] = STATE_CLOSED; 4024 sp->fail_counter[IDX_CHAP] = 0; 4025 sp->pp_seq[IDX_CHAP] = 0; 4026 sp->pp_rseq[IDX_CHAP] = 0; 4027 callout_init(&sp->ch[IDX_CHAP]); 4028 } 4029 4030 static void 4031 sppp_chap_open(struct sppp *sp) 4032 { 4033 if (sp->myauth.proto == PPP_CHAP && 4034 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4035 /* we are authenticator for CHAP, start it */ 4036 chap.scr(sp); 4037 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4038 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4039 } 4040 /* nothing to be done if we are peer, await a challenge */ 4041 } 4042 4043 static void 4044 sppp_chap_close(struct sppp *sp) 4045 { 4046 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4047 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4048 } 4049 4050 static void 4051 sppp_chap_TO(void *cookie) 4052 { 4053 struct sppp *sp = (struct sppp *)cookie; 4054 STDDCL; 4055 int s; 4056 4057 s = splnet(); 4058 if (debug) 4059 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 4060 SPP_ARGS(ifp), 4061 sppp_state_name(sp->state[IDX_CHAP]), 4062 sp->rst_counter[IDX_CHAP]); 4063 4064 if (--sp->rst_counter[IDX_CHAP] < 0) 4065 /* TO- event */ 4066 switch (sp->state[IDX_CHAP]) { 4067 case STATE_REQ_SENT: 4068 chap.tld(sp); 4069 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4070 break; 4071 } 4072 else 4073 /* TO+ (or TO*) event */ 4074 switch (sp->state[IDX_CHAP]) { 4075 case STATE_OPENED: 4076 /* TO* event */ 4077 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4078 /* fall through */ 4079 case STATE_REQ_SENT: 4080 chap.scr(sp); 4081 /* sppp_cp_change_state() will restart the timer */ 4082 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4083 break; 4084 } 4085 4086 splx(s); 4087 } 4088 4089 static void 4090 sppp_chap_tlu(struct sppp *sp) 4091 { 4092 STDDCL; 4093 int i, x; 4094 4095 i = 0; 4096 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4097 4098 /* 4099 * Some broken CHAP implementations (Conware CoNet, firmware 4100 * 4.0.?) don't want to re-authenticate their CHAP once the 4101 * initial challenge-response exchange has taken place. 4102 * Provide for an option to avoid rechallenges. 4103 */ 4104 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) { 4105 /* 4106 * Compute the re-challenge timeout. This will yield 4107 * a number between 300 and 810 seconds. 4108 */ 4109 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 4110 4111 callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, sp); 4112 } 4113 4114 if (debug) { 4115 log(LOG_DEBUG, 4116 SPP_FMT "chap %s, ", 4117 SPP_ARGS(ifp), 4118 sp->pp_phase == SPPP_PHASE_NETWORK? "reconfirmed": "tlu"); 4119 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) 4120 addlog("next re-challenge in %d seconds\n", i); 4121 else 4122 addlog("re-challenging supressed\n"); 4123 } 4124 4125 x = splnet(); 4126 sp->pp_auth_failures = 0; 4127 /* indicate to LCP that we need to be closed down */ 4128 sp->lcp.protos |= (1 << IDX_CHAP); 4129 4130 if (sp->pp_flags & PP_NEEDAUTH) { 4131 /* 4132 * Remote is authenticator, but his auth proto didn't 4133 * complete yet. Defer the transition to network 4134 * phase. 4135 */ 4136 splx(x); 4137 return; 4138 } 4139 splx(x); 4140 4141 /* 4142 * If we are already in phase network, we are done here. This 4143 * is the case if this is a dummy tlu event after a re-challenge. 4144 */ 4145 if (sp->pp_phase != SPPP_PHASE_NETWORK) 4146 sppp_phase_network(sp); 4147 } 4148 4149 static void 4150 sppp_chap_tld(struct sppp *sp) 4151 { 4152 STDDCL; 4153 4154 if (debug) 4155 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 4156 callout_stop(&sp->ch[IDX_CHAP]); 4157 sp->lcp.protos &= ~(1 << IDX_CHAP); 4158 4159 lcp.Close(sp); 4160 } 4161 4162 static void 4163 sppp_chap_scr(struct sppp *sp) 4164 { 4165 struct timeval tv; 4166 u_int32_t *ch, seed; 4167 u_char clen; 4168 4169 if (sp->myauth.name == NULL) { 4170 /* can't do anything usefull */ 4171 printf(SPP_FMT "chap starting without my name being set\n", 4172 SPP_ARGS(&sp->pp_if)); 4173 return; 4174 } 4175 4176 /* Compute random challenge. */ 4177 ch = (u_int32_t *)sp->myauth.challenge; 4178 microtime(&tv); 4179 seed = tv.tv_sec ^ tv.tv_usec; 4180 ch[0] = seed ^ random(); 4181 ch[1] = seed ^ random(); 4182 ch[2] = seed ^ random(); 4183 ch[3] = seed ^ random(); 4184 clen = 16; /* 4 * sizeof(u_int32_t) */ 4185 4186 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4187 4188 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4189 sizeof clen, (const char *)&clen, 4190 sizeof(sp->myauth.challenge), sp->myauth.challenge, 4191 sp->myauth.name_len, 4192 sp->myauth.name, 4193 0); 4194 } 4195 4196 /* 4197 *--------------------------------------------------------------------------* 4198 * * 4199 * The PAP implementation. * 4200 * * 4201 *--------------------------------------------------------------------------* 4202 */ 4203 /* 4204 * For PAP, we need to keep a little state also if we are the peer, not the 4205 * authenticator. This is since we don't get a request to authenticate, but 4206 * have to repeatedly authenticate ourself until we got a response (or the 4207 * retry counter is expired). 4208 */ 4209 4210 /* 4211 * Handle incoming PAP packets. */ 4212 static void 4213 sppp_pap_input(struct sppp *sp, struct mbuf *m) 4214 { 4215 STDDCL; 4216 struct lcp_header *h; 4217 int len, x; 4218 u_char mlen; 4219 char *name, *secret; 4220 int name_len, secret_len; 4221 4222 len = m->m_pkthdr.len; 4223 if (len < 5) { 4224 if (debug) 4225 log(LOG_DEBUG, 4226 SPP_FMT "pap invalid packet length: %d bytes\n", 4227 SPP_ARGS(ifp), len); 4228 return; 4229 } 4230 h = mtod (m, struct lcp_header*); 4231 if (len > ntohs (h->len)) 4232 len = ntohs (h->len); 4233 switch (h->type) { 4234 /* PAP request is my authproto */ 4235 case PAP_REQ: 4236 if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) { 4237 /* can't do anything usefull */ 4238 printf(SPP_FMT "pap request without his name and his secret being set\n", 4239 SPP_ARGS(ifp)); 4240 break; 4241 } 4242 name = 1 + (u_char*)(h+1); 4243 name_len = name[-1]; 4244 secret = name + name_len + 1; 4245 if (name_len > len - 6 || 4246 (secret_len = secret[-1]) > len - 6 - name_len) { 4247 if (debug) { 4248 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4249 "<%s id=0x%x len=%d", 4250 SPP_ARGS(ifp), 4251 sppp_auth_type_name(PPP_PAP, h->type), 4252 h->ident, ntohs(h->len)); 4253 if (len > 4) 4254 sppp_print_bytes((u_char*)(h+1), len-4); 4255 addlog(">\n"); 4256 } 4257 break; 4258 } 4259 if (debug) { 4260 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 4261 "<%s id=0x%x len=%d name=", 4262 SPP_ARGS(ifp), 4263 sppp_state_name(sp->state[IDX_PAP]), 4264 sppp_auth_type_name(PPP_PAP, h->type), 4265 h->ident, ntohs(h->len)); 4266 sppp_print_string((char*)name, name_len); 4267 addlog(" secret="); 4268 sppp_print_string((char*)secret, secret_len); 4269 addlog(">\n"); 4270 } 4271 if (name_len != sp->hisauth.name_len || 4272 secret_len != sp->hisauth.secret_len || 4273 memcmp(name, sp->hisauth.name, name_len) != 0 || 4274 memcmp(secret, sp->hisauth.secret, secret_len) != 0) { 4275 /* action scn, tld */ 4276 sp->pp_auth_failures++; 4277 mlen = sizeof(FAILMSG) - 1; 4278 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4279 sizeof mlen, (const char *)&mlen, 4280 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 4281 0); 4282 pap.tld(sp); 4283 break; 4284 } 4285 /* action sca, perhaps tlu */ 4286 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4287 sp->state[IDX_PAP] == STATE_OPENED) { 4288 mlen = sizeof(SUCCMSG) - 1; 4289 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4290 sizeof mlen, (const char *)&mlen, 4291 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 4292 0); 4293 } 4294 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4295 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4296 pap.tlu(sp); 4297 } 4298 break; 4299 4300 /* ack and nak are his authproto */ 4301 case PAP_ACK: 4302 callout_stop(&sp->pap_my_to_ch); 4303 if (debug) { 4304 log(LOG_DEBUG, SPP_FMT "pap success", 4305 SPP_ARGS(ifp)); 4306 name_len = *(char *)h; 4307 if (len > 5 && name_len) { 4308 addlog(": "); 4309 sppp_print_string((char*)(h+1), name_len); 4310 } 4311 addlog("\n"); 4312 } 4313 x = splnet(); 4314 sp->pp_auth_failures = 0; 4315 sp->pp_flags &= ~PP_NEEDAUTH; 4316 if (sp->myauth.proto == PPP_PAP && 4317 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4318 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4319 /* 4320 * We are authenticator for PAP but didn't 4321 * complete yet. Leave it to tlu to proceed 4322 * to network phase. 4323 */ 4324 splx(x); 4325 break; 4326 } 4327 splx(x); 4328 sppp_phase_network(sp); 4329 break; 4330 4331 case PAP_NAK: 4332 callout_stop(&sp->pap_my_to_ch); 4333 sp->pp_auth_failures++; 4334 if (debug) { 4335 log(LOG_INFO, SPP_FMT "pap failure", 4336 SPP_ARGS(ifp)); 4337 name_len = *(char *)h; 4338 if (len > 5 && name_len) { 4339 addlog(": "); 4340 sppp_print_string((char*)(h+1), name_len); 4341 } 4342 addlog("\n"); 4343 } else 4344 log(LOG_INFO, SPP_FMT "pap failure\n", 4345 SPP_ARGS(ifp)); 4346 /* await LCP shutdown by authenticator */ 4347 break; 4348 4349 default: 4350 /* Unknown PAP packet type -- ignore. */ 4351 if (debug) { 4352 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 4353 "<0x%x id=0x%x len=%d", 4354 SPP_ARGS(ifp), 4355 h->type, h->ident, ntohs(h->len)); 4356 if (len > 4) 4357 sppp_print_bytes((u_char*)(h+1), len-4); 4358 addlog(">\n"); 4359 } 4360 break; 4361 4362 } 4363 } 4364 4365 static void 4366 sppp_pap_init(struct sppp *sp) 4367 { 4368 /* PAP doesn't have STATE_INITIAL at all. */ 4369 sp->state[IDX_PAP] = STATE_CLOSED; 4370 sp->fail_counter[IDX_PAP] = 0; 4371 sp->pp_seq[IDX_PAP] = 0; 4372 sp->pp_rseq[IDX_PAP] = 0; 4373 callout_init(&sp->ch[IDX_PAP]); 4374 callout_init(&sp->pap_my_to_ch); 4375 } 4376 4377 static void 4378 sppp_pap_open(struct sppp *sp) 4379 { 4380 if (sp->hisauth.proto == PPP_PAP && 4381 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4382 /* we are authenticator for PAP, start our timer */ 4383 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4384 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4385 } 4386 if (sp->myauth.proto == PPP_PAP) { 4387 /* we are peer, send a request, and start a timer */ 4388 pap.scr(sp); 4389 callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout, 4390 sppp_pap_my_TO, sp); 4391 } 4392 } 4393 4394 static void 4395 sppp_pap_close(struct sppp *sp) 4396 { 4397 if (sp->state[IDX_PAP] != STATE_CLOSED) 4398 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4399 } 4400 4401 /* 4402 * That's the timeout routine if we are authenticator. Since the 4403 * authenticator is basically passive in PAP, we can't do much here. 4404 */ 4405 static void 4406 sppp_pap_TO(void *cookie) 4407 { 4408 struct sppp *sp = (struct sppp *)cookie; 4409 STDDCL; 4410 int s; 4411 4412 s = splnet(); 4413 if (debug) 4414 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 4415 SPP_ARGS(ifp), 4416 sppp_state_name(sp->state[IDX_PAP]), 4417 sp->rst_counter[IDX_PAP]); 4418 4419 if (--sp->rst_counter[IDX_PAP] < 0) 4420 /* TO- event */ 4421 switch (sp->state[IDX_PAP]) { 4422 case STATE_REQ_SENT: 4423 pap.tld(sp); 4424 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4425 break; 4426 } 4427 else 4428 /* TO+ event, not very much we could do */ 4429 switch (sp->state[IDX_PAP]) { 4430 case STATE_REQ_SENT: 4431 /* sppp_cp_change_state() will restart the timer */ 4432 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4433 break; 4434 } 4435 4436 splx(s); 4437 } 4438 4439 /* 4440 * That's the timeout handler if we are peer. Since the peer is active, 4441 * we need to retransmit our PAP request since it is apparently lost. 4442 * XXX We should impose a max counter. 4443 */ 4444 static void 4445 sppp_pap_my_TO(void *cookie) 4446 { 4447 struct sppp *sp = (struct sppp *)cookie; 4448 STDDCL; 4449 4450 if (debug) 4451 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 4452 SPP_ARGS(ifp)); 4453 4454 pap.scr(sp); 4455 } 4456 4457 static void 4458 sppp_pap_tlu(struct sppp *sp) 4459 { 4460 STDDCL; 4461 int x; 4462 4463 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4464 4465 if (debug) 4466 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 4467 SPP_ARGS(ifp), pap.name); 4468 4469 x = splnet(); 4470 sp->pp_auth_failures = 0; 4471 /* indicate to LCP that we need to be closed down */ 4472 sp->lcp.protos |= (1 << IDX_PAP); 4473 4474 if (sp->pp_flags & PP_NEEDAUTH) { 4475 /* 4476 * Remote is authenticator, but his auth proto didn't 4477 * complete yet. Defer the transition to network 4478 * phase. 4479 */ 4480 splx(x); 4481 return; 4482 } 4483 splx(x); 4484 sppp_phase_network(sp); 4485 } 4486 4487 static void 4488 sppp_pap_tld(struct sppp *sp) 4489 { 4490 STDDCL; 4491 4492 if (debug) 4493 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 4494 callout_stop(&sp->ch[IDX_PAP]); 4495 callout_stop(&sp->pap_my_to_ch); 4496 sp->lcp.protos &= ~(1 << IDX_PAP); 4497 4498 lcp.Close(sp); 4499 } 4500 4501 static void 4502 sppp_pap_scr(struct sppp *sp) 4503 { 4504 u_char idlen, pwdlen; 4505 4506 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 4507 /* can't do anything usefull */ 4508 printf(SPP_FMT "pap starting without my name and secret being set\n", 4509 SPP_ARGS(&sp->pp_if)); 4510 return; 4511 } 4512 4513 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4514 pwdlen = sp->myauth.secret_len; 4515 idlen = sp->myauth.name_len; 4516 4517 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4518 sizeof idlen, (const char *)&idlen, 4519 idlen, sp->myauth.name, 4520 sizeof pwdlen, (const char *)&pwdlen, 4521 pwdlen, sp->myauth.secret, 4522 0); 4523 } 4524 4525 /* 4526 * Random miscellaneous functions. 4527 */ 4528 4529 /* 4530 * Send a PAP or CHAP proto packet. 4531 * 4532 * Varadic function, each of the elements for the ellipsis is of type 4533 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4534 * mlen == 0. 4535 * NOTE: never declare variadic functions with types subject to type 4536 * promotion (i.e. u_char). This is asking for big trouble depending 4537 * on the architecture you are on... 4538 */ 4539 4540 static void 4541 sppp_auth_send(const struct cp *cp, struct sppp *sp, 4542 unsigned int type, unsigned int id, 4543 ...) 4544 { 4545 STDDCL; 4546 struct lcp_header *lh; 4547 struct mbuf *m; 4548 u_char *p; 4549 int len; 4550 size_t pkthdrlen; 4551 unsigned int mlen; 4552 const char *msg; 4553 va_list ap; 4554 4555 MGETHDR (m, M_DONTWAIT, MT_DATA); 4556 if (! m) 4557 return; 4558 m->m_pkthdr.rcvif = 0; 4559 4560 if (sp->pp_flags & PP_NOFRAMING) { 4561 *mtod(m, u_int16_t*) = htons(cp->proto); 4562 pkthdrlen = 2; 4563 lh = (struct lcp_header*)(mtod(m, u_int8_t*)+2); 4564 } else { 4565 struct ppp_header *h; 4566 h = mtod (m, struct ppp_header*); 4567 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4568 h->control = PPP_UI; /* Unnumbered Info */ 4569 h->protocol = htons(cp->proto); 4570 pkthdrlen = PPP_HEADER_LEN; 4571 4572 lh = (struct lcp_header*)(h + 1); 4573 } 4574 4575 lh->type = type; 4576 lh->ident = id; 4577 p = (u_char*) (lh+1); 4578 4579 va_start(ap, id); 4580 len = 0; 4581 4582 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4583 msg = va_arg(ap, const char *); 4584 len += mlen; 4585 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) { 4586 va_end(ap); 4587 m_freem(m); 4588 return; 4589 } 4590 4591 bcopy(msg, p, mlen); 4592 p += mlen; 4593 } 4594 va_end(ap); 4595 4596 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 4597 lh->len = htons (LCP_HEADER_LEN + len); 4598 4599 if (debug) { 4600 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 4601 SPP_ARGS(ifp), cp->name, 4602 sppp_auth_type_name(cp->proto, lh->type), 4603 lh->ident, ntohs(lh->len)); 4604 if (len) 4605 sppp_print_bytes((u_char*) (lh+1), len); 4606 addlog(">\n"); 4607 } 4608 if (IF_QFULL (&sp->pp_cpq)) { 4609 IF_DROP (&sp->pp_fastq); 4610 IF_DROP (&ifp->if_snd); 4611 m_freem (m); 4612 ++ifp->if_oerrors; 4613 } else 4614 IF_ENQUEUE (&sp->pp_cpq, m); 4615 if (! (ifp->if_flags & IFF_OACTIVE)) 4616 (*ifp->if_start) (ifp); 4617 ifp->if_obytes += m->m_pkthdr.len + 3; 4618 } 4619 4620 /* 4621 * Send keepalive packets, every 10 seconds. 4622 */ 4623 static void 4624 sppp_keepalive(void *dummy) 4625 { 4626 struct sppp *sp; 4627 int s; 4628 time_t now; 4629 4630 s = splnet(); 4631 now = time.tv_sec; 4632 for (sp=spppq; sp; sp=sp->pp_next) { 4633 struct ifnet *ifp = &sp->pp_if; 4634 4635 /* check idle timeout */ 4636 if ((sp->pp_idle_timeout != 0) && (ifp->if_flags & IFF_RUNNING) 4637 && (sp->pp_phase == SPPP_PHASE_NETWORK)) { 4638 /* idle timeout is enabled for this interface */ 4639 if ((now-sp->pp_last_activity) >= sp->pp_idle_timeout) { 4640 if (ifp->if_flags & IFF_DEBUG) 4641 printf("%s: no activitiy for %lu seconds\n", 4642 sp->pp_if.if_xname, 4643 (unsigned long)(now-sp->pp_last_activity)); 4644 lcp.Close(sp); 4645 continue; 4646 } 4647 } 4648 4649 /* Keepalive mode disabled or channel down? */ 4650 if (! (sp->pp_flags & PP_KEEPALIVE) || 4651 ! (ifp->if_flags & IFF_RUNNING)) 4652 continue; 4653 4654 /* No keepalive in PPP mode if LCP not opened yet. */ 4655 if (! (sp->pp_flags & PP_CISCO) && 4656 sp->pp_phase < SPPP_PHASE_AUTHENTICATE) 4657 continue; 4658 4659 if (sp->pp_alivecnt == MAXALIVECNT) { 4660 /* No keepalive packets got. Stop the interface. */ 4661 if_down (ifp); 4662 IF_PURGE (&sp->pp_cpq); 4663 if (! (sp->pp_flags & PP_CISCO)) { 4664 printf("%s: LCP keepalive timed out, going to restart the connection\n", 4665 ifp->if_xname); 4666 sp->pp_alivecnt = 0; 4667 4668 /* we are down, close all open protocols */ 4669 lcp.Close(sp); 4670 4671 /* And now prepare LCP to reestablish the link, if configured to do so. */ 4672 sppp_cp_change_state(&lcp, sp, STATE_STOPPED); 4673 4674 /* Close connection imediatly, completition of this 4675 * will summon the magic needed to reestablish it. */ 4676 sp->pp_tlf(sp); 4677 continue; 4678 } 4679 } 4680 if (sp->pp_alivecnt <= MAXALIVECNT) 4681 ++sp->pp_alivecnt; 4682 if (sp->pp_flags & PP_CISCO) 4683 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, 4684 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4685 else if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 4686 int32_t nmagic = htonl (sp->lcp.magic); 4687 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4688 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4689 sp->lcp.echoid, 4, &nmagic); 4690 } 4691 } 4692 splx(s); 4693 callout_reset(&keepalive_ch, hz * 10, sppp_keepalive, NULL); 4694 } 4695 4696 /* 4697 * Get both IP addresses. 4698 */ 4699 static void 4700 sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, u_int32_t *srcmask) 4701 { 4702 struct ifnet *ifp = &sp->pp_if; 4703 struct ifaddr *ifa; 4704 struct sockaddr_in *si, *sm; 4705 u_int32_t ssrc, ddst; 4706 4707 sm = NULL; 4708 ssrc = ddst = 0; 4709 /* 4710 * Pick the first AF_INET address from the list, 4711 * aliases don't make any sense on a p2p link anyway. 4712 */ 4713 si = 0; 4714 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 4715 if (ifa->ifa_addr->sa_family == AF_INET) { 4716 si = (struct sockaddr_in *)ifa->ifa_addr; 4717 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4718 if (si) 4719 break; 4720 } 4721 } 4722 if (ifa) { 4723 if (si && si->sin_addr.s_addr) { 4724 ssrc = si->sin_addr.s_addr; 4725 if (srcmask) 4726 *srcmask = ntohl(sm->sin_addr.s_addr); 4727 } 4728 4729 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4730 if (si && si->sin_addr.s_addr) 4731 ddst = si->sin_addr.s_addr; 4732 } 4733 4734 if (dst) *dst = ntohl(ddst); 4735 if (src) *src = ntohl(ssrc); 4736 } 4737 4738 /* 4739 * Set IP addresses. Must be called at splnet. 4740 * If an address is 0, leave it the way it is. 4741 */ 4742 static void 4743 sppp_set_ip_addrs(struct sppp *sp, u_int32_t myaddr, u_int32_t hisaddr) 4744 { 4745 STDDCL; 4746 struct ifaddr *ifa; 4747 struct sockaddr_in *si; 4748 struct sockaddr_in *dest; 4749 4750 /* 4751 * Pick the first AF_INET address from the list, 4752 * aliases don't make any sense on a p2p link anyway. 4753 */ 4754 4755 si = 0; 4756 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4757 { 4758 if (ifa->ifa_addr->sa_family == AF_INET) 4759 { 4760 si = (struct sockaddr_in *)ifa->ifa_addr; 4761 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 4762 if (si) 4763 break; 4764 } 4765 } 4766 4767 if (ifa && si) 4768 { 4769 int error; 4770 struct sockaddr_in new_sin = *si; 4771 struct sockaddr_in new_dst = *dest; 4772 4773 /* 4774 * Scrub old routes now instead of calling in_ifinit with 4775 * scrub=1, because we may change the dstaddr 4776 * before the call to in_ifinit. 4777 */ 4778 in_ifscrub(ifp, ifatoia(ifa)); 4779 4780 if (myaddr != 0) 4781 new_sin.sin_addr.s_addr = htonl(myaddr); 4782 if (hisaddr != 0) { 4783 new_dst.sin_addr.s_addr = htonl(hisaddr); 4784 if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) { 4785 sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr; 4786 *dest = new_dst; /* fix dstaddr in place */ 4787 } 4788 } 4789 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 0); 4790 if(debug && error) 4791 { 4792 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addrs: in_ifinit " 4793 " failed, error=%d\n", SPP_ARGS(ifp), error); 4794 } 4795 } 4796 } 4797 4798 /* 4799 * Clear IP addresses. Must be called at splnet. 4800 */ 4801 static void 4802 sppp_clear_ip_addrs(struct sppp *sp) 4803 { 4804 struct ifnet *ifp = &sp->pp_if; 4805 struct ifaddr *ifa; 4806 struct sockaddr_in *si; 4807 struct sockaddr_in *dest; 4808 4809 u_int32_t remote; 4810 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 4811 remote = sp->ipcp.saved_hisaddr; 4812 else 4813 sppp_get_ip_addrs(sp, 0, &remote, 0); 4814 4815 /* 4816 * Pick the first AF_INET address from the list, 4817 * aliases don't make any sense on a p2p link anyway. 4818 */ 4819 4820 si = 0; 4821 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4822 { 4823 if (ifa->ifa_addr->sa_family == AF_INET) 4824 { 4825 si = (struct sockaddr_in *)ifa->ifa_addr; 4826 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 4827 if (si) 4828 break; 4829 } 4830 } 4831 4832 if (ifa && si) 4833 { 4834 struct sockaddr_in new_sin = *si; 4835 4836 in_ifscrub(ifp, ifatoia(ifa)); 4837 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 4838 new_sin.sin_addr.s_addr = 0; 4839 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 4840 /* replace peer addr in place */ 4841 dest->sin_addr.s_addr = sp->ipcp.saved_hisaddr; 4842 in_ifinit(ifp, ifatoia(ifa), &new_sin, 0); 4843 } 4844 } 4845 4846 #ifdef INET6 4847 /* 4848 * Get both IPv6 addresses. 4849 */ 4850 static void 4851 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4852 struct in6_addr *srcmask) 4853 { 4854 struct ifnet *ifp = &sp->pp_if; 4855 struct ifaddr *ifa; 4856 struct sockaddr_in6 *si, *sm; 4857 struct in6_addr ssrc, ddst; 4858 4859 sm = NULL; 4860 memset(&ssrc, 0, sizeof(ssrc)); 4861 memset(&ddst, 0, sizeof(ddst)); 4862 /* 4863 * Pick the first link-local AF_INET6 address from the list, 4864 * aliases don't make any sense on a p2p link anyway. 4865 */ 4866 si = 0; 4867 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4868 if (ifa->ifa_addr->sa_family == AF_INET6) { 4869 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4870 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4871 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4872 break; 4873 } 4874 if (ifa) { 4875 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 4876 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 4877 if (srcmask) { 4878 bcopy(&sm->sin6_addr, srcmask, 4879 sizeof(*srcmask)); 4880 } 4881 } 4882 4883 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 4884 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 4885 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 4886 } 4887 4888 if (dst) 4889 bcopy(&ddst, dst, sizeof(*dst)); 4890 if (src) 4891 bcopy(&ssrc, src, sizeof(*src)); 4892 } 4893 4894 #ifdef IPV6CP_MYIFID_DYN 4895 /* 4896 * Generate random ifid. 4897 */ 4898 static void 4899 sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 4900 { 4901 /* TBD */ 4902 } 4903 4904 /* 4905 * Set my IPv6 address. Must be called at splnet. 4906 */ 4907 static void 4908 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 4909 { 4910 STDDCL; 4911 struct ifaddr *ifa; 4912 struct sockaddr_in6 *sin6; 4913 4914 /* 4915 * Pick the first link-local AF_INET6 address from the list, 4916 * aliases don't make any sense on a p2p link anyway. 4917 */ 4918 4919 sin6 = NULL; 4920 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 4921 { 4922 if (ifa->ifa_addr->sa_family == AF_INET6) 4923 { 4924 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 4925 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 4926 break; 4927 } 4928 } 4929 4930 if (ifa && sin6) 4931 { 4932 int error; 4933 struct sockaddr_in6 new_sin6 = *sin6; 4934 4935 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 4936 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 4937 if (debug && error) 4938 { 4939 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit " 4940 " failed, error=%d\n", SPP_ARGS(ifp), error); 4941 } 4942 } 4943 } 4944 #endif 4945 4946 /* 4947 * Suggest a candidate address to be used by peer. 4948 */ 4949 static void 4950 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 4951 { 4952 struct in6_addr myaddr; 4953 struct timeval tv; 4954 4955 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 4956 4957 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 4958 microtime(&tv); 4959 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 4960 myaddr.s6_addr[14] ^= 0xff; 4961 myaddr.s6_addr[15] ^= 0xff; 4962 } else { 4963 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 4964 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 4965 } 4966 if (suggest) 4967 bcopy(&myaddr, suggest, sizeof(myaddr)); 4968 } 4969 #endif /*INET6*/ 4970 4971 /* 4972 * Process ioctl requests specific to the PPP interface. 4973 * Permissions have already been checked. 4974 */ 4975 static int 4976 sppp_params(struct sppp *sp, int cmd, void *data) 4977 { 4978 switch (cmd) { 4979 case SPPPGETAUTHCFG: 4980 { 4981 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 4982 int error; 4983 size_t len; 4984 4985 cfg->myauthflags = sp->myauth.flags; 4986 cfg->hisauthflags = sp->hisauth.flags; 4987 strncpy(cfg->ifname, sp->pp_if.if_xname, IFNAMSIZ); 4988 cfg->hisauth = 0; 4989 if (sp->hisauth.proto) 4990 cfg->hisauth = (sp->hisauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP; 4991 cfg->myauth = 0; 4992 if (sp->myauth.proto) 4993 cfg->myauth = (sp->myauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP; 4994 if (cfg->myname_length == 0) { 4995 if (sp->myauth.name != NULL) 4996 cfg->myname_length = sp->myauth.name_len + 1; 4997 } else { 4998 if (sp->myauth.name == NULL) { 4999 cfg->myname_length = 0; 5000 } else { 5001 len = sp->myauth.name_len + 1; 5002 if (cfg->myname_length < len) 5003 return (ENAMETOOLONG); 5004 error = copyout(sp->myauth.name, cfg->myname, len); 5005 if (error) return error; 5006 } 5007 } 5008 if (cfg->hisname_length == 0) { 5009 if(sp->hisauth.name != NULL) 5010 cfg->hisname_length = sp->hisauth.name_len + 1; 5011 } else { 5012 if (sp->hisauth.name == NULL) { 5013 cfg->hisname_length = 0; 5014 } else { 5015 len = sp->hisauth.name_len + 1; 5016 if (cfg->hisname_length < len) 5017 return (ENAMETOOLONG); 5018 error = copyout(sp->hisauth.name, cfg->hisname, len); 5019 if (error) return error; 5020 } 5021 } 5022 } 5023 break; 5024 case SPPPSETAUTHCFG: 5025 { 5026 struct spppauthcfg *cfg = (struct spppauthcfg*)data; 5027 int error; 5028 5029 if (sp->myauth.name) { 5030 free(sp->myauth.name, M_DEVBUF); 5031 sp->myauth.name = NULL; 5032 } 5033 if (sp->myauth.secret) { 5034 free(sp->myauth.secret, M_DEVBUF); 5035 sp->myauth.secret = NULL; 5036 } 5037 if (sp->hisauth.name) { 5038 free(sp->hisauth.name, M_DEVBUF); 5039 sp->hisauth.name = NULL; 5040 } 5041 if (sp->hisauth.secret) { 5042 free(sp->hisauth.secret, M_DEVBUF); 5043 sp->hisauth.secret = NULL; 5044 } 5045 5046 if (cfg->hisname != NULL && cfg->hisname_length > 0) { 5047 if (cfg->hisname_length >= MCLBYTES) 5048 return (ENAMETOOLONG); 5049 sp->hisauth.name = malloc(cfg->hisname_length, M_DEVBUF, M_WAITOK); 5050 error = copyin(cfg->hisname, sp->hisauth.name, cfg->hisname_length); 5051 if (error) { 5052 free(sp->hisauth.name, M_DEVBUF); 5053 sp->hisauth.name = NULL; 5054 return error; 5055 } 5056 sp->hisauth.name_len = cfg->hisname_length - 1; 5057 sp->hisauth.name[sp->hisauth.name_len] = 0; 5058 } 5059 if (cfg->hissecret != NULL && cfg->hissecret_length > 0) { 5060 if (cfg->hissecret_length >= MCLBYTES) 5061 return (ENAMETOOLONG); 5062 sp->hisauth.secret = malloc(cfg->hissecret_length, M_DEVBUF, M_WAITOK); 5063 error = copyin(cfg->hissecret, sp->hisauth.secret, cfg->hissecret_length); 5064 if (error) { 5065 free(sp->hisauth.secret, M_DEVBUF); 5066 sp->hisauth.secret = NULL; 5067 return error; 5068 } 5069 sp->hisauth.secret_len = cfg->hissecret_length - 1; 5070 sp->hisauth.secret[sp->hisauth.secret_len] = 0; 5071 } 5072 if (cfg->myname != NULL && cfg->myname_length > 0) { 5073 if (cfg->myname_length >= MCLBYTES) 5074 return (ENAMETOOLONG); 5075 sp->myauth.name = malloc(cfg->myname_length, M_DEVBUF, M_WAITOK); 5076 error = copyin(cfg->myname, sp->myauth.name, cfg->myname_length); 5077 if (error) { 5078 free(sp->myauth.name, M_DEVBUF); 5079 sp->myauth.name = NULL; 5080 return error; 5081 } 5082 sp->myauth.name_len = cfg->myname_length - 1; 5083 sp->myauth.name[sp->myauth.name_len] = 0; 5084 } 5085 if (cfg->mysecret != NULL && cfg->mysecret_length > 0) { 5086 if (cfg->mysecret_length >= MCLBYTES) 5087 return (ENAMETOOLONG); 5088 sp->myauth.secret = malloc(cfg->mysecret_length, M_DEVBUF, M_WAITOK); 5089 error = copyin(cfg->mysecret, sp->myauth.secret, cfg->mysecret_length); 5090 if (error) { 5091 free(sp->myauth.secret, M_DEVBUF); 5092 sp->myauth.secret = NULL; 5093 return error; 5094 } 5095 sp->myauth.secret_len = cfg->mysecret_length - 1; 5096 sp->myauth.secret[sp->myauth.secret_len] = 0; 5097 } 5098 sp->myauth.flags = cfg->myauthflags; 5099 if (cfg->myauth) 5100 sp->myauth.proto = (cfg->myauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP; 5101 sp->hisauth.flags = cfg->hisauthflags; 5102 if (cfg->hisauth) 5103 sp->hisauth.proto = (cfg->hisauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP; 5104 sp->pp_auth_failures = 0; 5105 if (sp->hisauth.proto != 0) 5106 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 5107 else 5108 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 5109 } 5110 break; 5111 case SPPPGETLCPCFG: 5112 { 5113 struct sppplcpcfg *lcp = (struct sppplcpcfg *)data; 5114 lcp->lcp_timeout = sp->lcp.timeout; 5115 } 5116 break; 5117 case SPPPSETLCPCFG: 5118 { 5119 struct sppplcpcfg *lcp = (struct sppplcpcfg *)data; 5120 sp->lcp.timeout = lcp->lcp_timeout; 5121 } 5122 break; 5123 case SPPPGETSTATUS: 5124 { 5125 struct spppstatus *status = (struct spppstatus *)data; 5126 status->phase = sp->pp_phase; 5127 } 5128 break; 5129 case SPPPGETIDLETO: 5130 { 5131 struct spppidletimeout *to = (struct spppidletimeout *)data; 5132 to->idle_seconds = sp->pp_idle_timeout; 5133 } 5134 break; 5135 case SPPPSETIDLETO: 5136 { 5137 struct spppidletimeout *to = (struct spppidletimeout *)data; 5138 sp->pp_idle_timeout = to->idle_seconds; 5139 } 5140 break; 5141 case SPPPSETAUTHFAILURE: 5142 { 5143 struct spppauthfailuresettings *afsettings = (struct spppauthfailuresettings *)data; 5144 sp->pp_max_auth_fail = afsettings->max_failures; 5145 sp->pp_auth_failures = 0; 5146 } 5147 break; 5148 case SPPPGETAUTHFAILURES: 5149 { 5150 struct spppauthfailurestats *stats = (struct spppauthfailurestats *)data; 5151 stats->auth_failures = sp->pp_auth_failures; 5152 stats->max_failures = sp->pp_max_auth_fail; 5153 } 5154 break; 5155 case SPPPSETDNSOPTS: 5156 { 5157 struct spppdnssettings *req = (struct spppdnssettings*)data; 5158 sp->query_dns = req->query_dns & 3; 5159 } 5160 break; 5161 case SPPPGETDNSOPTS: 5162 { 5163 struct spppdnssettings *req = (struct spppdnssettings*)data; 5164 req->query_dns = sp->query_dns; 5165 } 5166 break; 5167 case SPPPGETDNSADDRS: 5168 { 5169 struct spppdnsaddrs *addrs = (struct spppdnsaddrs*)data; 5170 memcpy(&addrs->dns, &sp->dns_addrs, sizeof addrs->dns); 5171 } 5172 break; 5173 default: 5174 return (EINVAL); 5175 } 5176 5177 return (0); 5178 } 5179 5180 static void 5181 sppp_phase_network(struct sppp *sp) 5182 { 5183 STDDCL; 5184 int i; 5185 u_int32_t mask; 5186 5187 sp->pp_phase = SPPP_PHASE_NETWORK; 5188 5189 if(debug) 5190 { 5191 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 5192 sppp_phase_name(sp->pp_phase)); 5193 } 5194 5195 /* Notify NCPs now. */ 5196 for (i = 0; i < IDX_COUNT; i++) 5197 if ((cps[i])->flags & CP_NCP) 5198 (cps[i])->Open(sp); 5199 5200 /* Send Up events to all NCPs. */ 5201 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5202 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5203 (cps[i])->Up(sp); 5204 5205 /* if no NCP is starting, all this was in vain, close down */ 5206 sppp_lcp_check_and_close(sp); 5207 } 5208 5209 5210 static const char * 5211 sppp_cp_type_name(u_char type) 5212 { 5213 static char buf[12]; 5214 switch (type) { 5215 case CONF_REQ: return "conf-req"; 5216 case CONF_ACK: return "conf-ack"; 5217 case CONF_NAK: return "conf-nak"; 5218 case CONF_REJ: return "conf-rej"; 5219 case TERM_REQ: return "term-req"; 5220 case TERM_ACK: return "term-ack"; 5221 case CODE_REJ: return "code-rej"; 5222 case PROTO_REJ: return "proto-rej"; 5223 case ECHO_REQ: return "echo-req"; 5224 case ECHO_REPLY: return "echo-reply"; 5225 case DISC_REQ: return "discard-req"; 5226 } 5227 sprintf (buf, "0x%x", type); 5228 return buf; 5229 } 5230 5231 static const char * 5232 sppp_auth_type_name(u_short proto, u_char type) 5233 { 5234 static char buf[12]; 5235 switch (proto) { 5236 case PPP_CHAP: 5237 switch (type) { 5238 case CHAP_CHALLENGE: return "challenge"; 5239 case CHAP_RESPONSE: return "response"; 5240 case CHAP_SUCCESS: return "success"; 5241 case CHAP_FAILURE: return "failure"; 5242 } 5243 case PPP_PAP: 5244 switch (type) { 5245 case PAP_REQ: return "req"; 5246 case PAP_ACK: return "ack"; 5247 case PAP_NAK: return "nak"; 5248 } 5249 } 5250 sprintf (buf, "0x%x", type); 5251 return buf; 5252 } 5253 5254 static const char * 5255 sppp_lcp_opt_name(u_char opt) 5256 { 5257 static char buf[12]; 5258 switch (opt) { 5259 case LCP_OPT_MRU: return "mru"; 5260 case LCP_OPT_ASYNC_MAP: return "async-map"; 5261 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5262 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5263 case LCP_OPT_MAGIC: return "magic"; 5264 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5265 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5266 } 5267 sprintf (buf, "0x%x", opt); 5268 return buf; 5269 } 5270 5271 static const char * 5272 sppp_ipcp_opt_name(u_char opt) 5273 { 5274 static char buf[12]; 5275 switch (opt) { 5276 case IPCP_OPT_ADDRESSES: return "addresses"; 5277 case IPCP_OPT_COMPRESSION: return "compression"; 5278 case IPCP_OPT_ADDRESS: return "address"; 5279 } 5280 sprintf (buf, "0x%x", opt); 5281 return buf; 5282 } 5283 5284 #ifdef INET6 5285 static const char * 5286 sppp_ipv6cp_opt_name(u_char opt) 5287 { 5288 static char buf[12]; 5289 switch (opt) { 5290 case IPV6CP_OPT_IFID: return "ifid"; 5291 case IPV6CP_OPT_COMPRESSION: return "compression"; 5292 } 5293 sprintf (buf, "0x%x", opt); 5294 return buf; 5295 } 5296 #endif 5297 5298 static const char * 5299 sppp_state_name(int state) 5300 { 5301 switch (state) { 5302 case STATE_INITIAL: return "initial"; 5303 case STATE_STARTING: return "starting"; 5304 case STATE_CLOSED: return "closed"; 5305 case STATE_STOPPED: return "stopped"; 5306 case STATE_CLOSING: return "closing"; 5307 case STATE_STOPPING: return "stopping"; 5308 case STATE_REQ_SENT: return "req-sent"; 5309 case STATE_ACK_RCVD: return "ack-rcvd"; 5310 case STATE_ACK_SENT: return "ack-sent"; 5311 case STATE_OPENED: return "opened"; 5312 } 5313 return "illegal"; 5314 } 5315 5316 static const char * 5317 sppp_phase_name(int phase) 5318 { 5319 switch (phase) { 5320 case SPPP_PHASE_DEAD: return "dead"; 5321 case SPPP_PHASE_ESTABLISH: return "establish"; 5322 case SPPP_PHASE_TERMINATE: return "terminate"; 5323 case SPPP_PHASE_AUTHENTICATE: return "authenticate"; 5324 case SPPP_PHASE_NETWORK: return "network"; 5325 } 5326 return "illegal"; 5327 } 5328 5329 static const char * 5330 sppp_proto_name(u_short proto) 5331 { 5332 static char buf[12]; 5333 switch (proto) { 5334 case PPP_LCP: return "lcp"; 5335 case PPP_IPCP: return "ipcp"; 5336 case PPP_PAP: return "pap"; 5337 case PPP_CHAP: return "chap"; 5338 case PPP_IPV6CP: return "ipv6cp"; 5339 } 5340 sprintf(buf, "0x%x", (unsigned)proto); 5341 return buf; 5342 } 5343 5344 static void 5345 sppp_print_bytes(const u_char *p, u_short len) 5346 { 5347 addlog(" %02x", *p++); 5348 while (--len > 0) 5349 addlog("-%02x", *p++); 5350 } 5351 5352 static void 5353 sppp_print_string(const char *p, u_short len) 5354 { 5355 u_char c; 5356 5357 while (len-- > 0) { 5358 c = *p++; 5359 /* 5360 * Print only ASCII chars directly. RFC 1994 recommends 5361 * using only them, but we don't rely on it. */ 5362 if (c < ' ' || c > '~') 5363 addlog("\\x%x", c); 5364 else 5365 addlog("%c", c); 5366 } 5367 } 5368 5369 static const char * 5370 sppp_dotted_quad(u_int32_t addr) 5371 { 5372 static char s[16]; 5373 sprintf(s, "%d.%d.%d.%d", 5374 (int)((addr >> 24) & 0xff), 5375 (int)((addr >> 16) & 0xff), 5376 (int)((addr >> 8) & 0xff), 5377 (int)(addr & 0xff)); 5378 return s; 5379 } 5380 5381 /* a dummy, used to drop uninteresting events */ 5382 static void 5383 sppp_null(struct sppp *unused) 5384 { 5385 /* do just nothing */ 5386 } 5387 /* 5388 * This file is large. Tell emacs to highlight it nevertheless. 5389 * 5390 * Local Variables: 5391 * hilit-auto-highlight-maxout: 120000 5392 * End: 5393 */ 5394
Indexes created Tue Oct 14 06:10:07 GMT 2025