if_spppsubr.c revision 1.5.8.1
1 /* $NetBSD: if_spppsubr.c,v 1.5.8.1 1999/12/27 18:36:10 wrstuden Exp $ */ 2 3 /* 4 * Synchronous PPP/Cisco link level subroutines. 5 * Keepalive protocol implemented in both Cisco and PPP modes. 6 * 7 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 8 * Author: Serge Vakulenko, <vak (at) cronyx.ru> 9 * 10 * Heavily revamped to conform to RFC 1661. 11 * Copyright (C) 1997, Joerg Wunsch. 12 * 13 * This software is distributed with NO WARRANTIES, not even the implied 14 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 15 * 16 * Authors grant any other persons or organisations permission to use 17 * or modify this software as long as this message is kept with the software, 18 * all derivative works or modified versions. 19 * 20 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 21 * 22 * From: if_spppsubr.c,v 1.39 1998/04/04 13:26:03 phk Exp 23 * 24 * From: Id: if_spppsubr.c,v 1.23 1999/02/23 14:47:50 hm Exp 25 */ 26 27 #if defined(__NetBSD__) || (defined(__FreeBSD__) && __FreeBSD__ >= 3) 28 #include "opt_inet.h" 29 #include "opt_ipx.h" 30 #include "opt_iso.h" 31 #include "opt_ns.h" 32 #endif 33 34 #include <sys/param.h> 35 36 #include <sys/systm.h> 37 #include <sys/kernel.h> 38 #include <sys/sockio.h> 39 #include <sys/socket.h> 40 #include <sys/syslog.h> 41 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 42 #include <machine/random.h> 43 #endif 44 #include <sys/malloc.h> 45 #include <sys/mbuf.h> 46 47 #if defined (__OpenBSD__) 48 #include <sys/md5k.h> 49 #else 50 #include <sys/md5.h> 51 #endif 52 53 #include <net/if.h> 54 #include <net/netisr.h> 55 #include <net/if_types.h> 56 #include <net/route.h> 57 58 #include <machine/stdarg.h> 59 60 #ifdef INET 61 #include <netinet/in.h> 62 #include <netinet/in_systm.h> 63 #include <netinet/in_var.h> 64 #include <netinet/ip.h> 65 #include <netinet/tcp.h> 66 #if defined (__FreeBSD__) || defined (__OpenBSD__) 67 #include <netinet/if_ether.h> 68 #else 69 #include <net/ethertypes.h> 70 #endif 71 #else 72 #error Huh? sppp without INET? 73 #endif 74 75 #ifdef IPX 76 #include <netipx/ipx.h> 77 #include <netipx/ipx_if.h> 78 #endif 79 80 #ifdef NS 81 #include <netns/ns.h> 82 #include <netns/ns_if.h> 83 #endif 84 85 #ifdef ISO 86 #include <netiso/argo_debug.h> 87 #include <netiso/iso.h> 88 #include <netiso/iso_var.h> 89 #include <netiso/iso_snpac.h> 90 #endif 91 92 #if defined(__FreeBSD__) || defined(__NetBSD__) 93 #include <net/if_sppp.h> 94 #else 95 #include <i4b/sppp/if_sppp.h> 96 #endif 97 #if defined(__NetBSD__) || defined (__OpenBSD__) 98 #include <machine/cpu.h> /* XXX for softnet */ 99 #endif 100 101 #define MAXALIVECNT 3 /* max. alive packets */ 102 103 /* 104 * Interface flags that can be set in an ifconfig command. 105 * 106 * Setting link0 will make the link passive, i.e. it will be marked 107 * as being administrative openable, but won't be opened to begin 108 * with. Incoming calls will be answered, or subsequent calls with 109 * -link1 will cause the administrative open of the LCP layer. 110 * 111 * Setting link1 will cause the link to auto-dial only as packets 112 * arrive to be sent. 113 * 114 * Setting IFF_DEBUG will syslog the option negotiation and state 115 * transitions at level kern.debug. Note: all logs consistently look 116 * like 117 * 118 * <if-name><unit>: <proto-name> <additional info...> 119 * 120 * with <if-name><unit> being something like "bppp0", and <proto-name> 121 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 122 */ 123 124 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 125 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 126 127 #define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 128 #define PPP_UI 0x03 /* Unnumbered Information */ 129 #define PPP_IP 0x0021 /* Internet Protocol */ 130 #define PPP_ISO 0x0023 /* ISO OSI Protocol */ 131 #define PPP_XNS 0x0025 /* Xerox NS Protocol */ 132 #define PPP_IPX 0x002b /* Novell IPX Protocol */ 133 #define PPP_IPV6 0x0057 /* Internet Protocol version 6 */ 134 #define PPP_LCP 0xc021 /* Link Control Protocol */ 135 #define PPP_PAP 0xc023 /* Password Authentication Protocol */ 136 #define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 137 #define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 138 139 #define CONF_REQ 1 /* PPP configure request */ 140 #define CONF_ACK 2 /* PPP configure acknowledge */ 141 #define CONF_NAK 3 /* PPP configure negative ack */ 142 #define CONF_REJ 4 /* PPP configure reject */ 143 #define TERM_REQ 5 /* PPP terminate request */ 144 #define TERM_ACK 6 /* PPP terminate acknowledge */ 145 #define CODE_REJ 7 /* PPP code reject */ 146 #define PROTO_REJ 8 /* PPP protocol reject */ 147 #define ECHO_REQ 9 /* PPP echo request */ 148 #define ECHO_REPLY 10 /* PPP echo reply */ 149 #define DISC_REQ 11 /* PPP discard request */ 150 151 #define LCP_OPT_MRU 1 /* maximum receive unit */ 152 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 153 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 154 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 155 #define LCP_OPT_MAGIC 5 /* magic number */ 156 #define LCP_OPT_RESERVED 6 /* reserved */ 157 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 158 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 159 160 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 161 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 162 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 163 164 #define PAP_REQ 1 /* PAP name/password request */ 165 #define PAP_ACK 2 /* PAP acknowledge */ 166 #define PAP_NAK 3 /* PAP fail */ 167 168 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 169 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 170 #define CHAP_SUCCESS 3 /* CHAP response ok */ 171 #define CHAP_FAILURE 4 /* CHAP response failed */ 172 173 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 174 175 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 176 #define CISCO_UNICAST 0x0f /* Cisco unicast address */ 177 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 178 #define CISCO_ADDR_REQ 0 /* Cisco address request */ 179 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 180 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 181 182 /* states are named and numbered according to RFC 1661 */ 183 #define STATE_INITIAL 0 184 #define STATE_STARTING 1 185 #define STATE_CLOSED 2 186 #define STATE_STOPPED 3 187 #define STATE_CLOSING 4 188 #define STATE_STOPPING 5 189 #define STATE_REQ_SENT 6 190 #define STATE_ACK_RCVD 7 191 #define STATE_ACK_SENT 8 192 #define STATE_OPENED 9 193 194 struct ppp_header { 195 u_char address; 196 u_char control; 197 u_short protocol; 198 } __attribute__((__packed__)); 199 #define PPP_HEADER_LEN sizeof (struct ppp_header) 200 201 struct lcp_header { 202 u_char type; 203 u_char ident; 204 u_short len; 205 } __attribute__((__packed__)); 206 #define LCP_HEADER_LEN sizeof (struct lcp_header) 207 208 struct cisco_packet { 209 u_long type; 210 u_long par1; 211 u_long par2; 212 u_short rel; 213 u_short time0; 214 u_short time1; 215 } __attribute__((__packed__)); 216 #define CISCO_PACKET_LEN 18 217 218 /* 219 * We follow the spelling and capitalization of RFC 1661 here, to make 220 * it easier comparing with the standard. Please refer to this RFC in 221 * case you can't make sense out of these abbreviation; it will also 222 * explain the semantics related to the various events and actions. 223 */ 224 struct cp { 225 u_short proto; /* PPP control protocol number */ 226 u_char protoidx; /* index into state table in struct sppp */ 227 u_char flags; 228 #define CP_LCP 0x01 /* this is the LCP */ 229 #define CP_AUTH 0x02 /* this is an authentication protocol */ 230 #define CP_NCP 0x04 /* this is a NCP */ 231 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 232 const char *name; /* name of this control protocol */ 233 /* event handlers */ 234 void (*Up)(struct sppp *sp); 235 void (*Down)(struct sppp *sp); 236 void (*Open)(struct sppp *sp); 237 void (*Close)(struct sppp *sp); 238 void (*TO)(void *sp); 239 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 240 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 241 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 242 /* actions */ 243 void (*tlu)(struct sppp *sp); 244 void (*tld)(struct sppp *sp); 245 void (*tls)(struct sppp *sp); 246 void (*tlf)(struct sppp *sp); 247 void (*scr)(struct sppp *sp); 248 }; 249 250 static struct sppp *spppq; 251 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 252 static struct callout_handle keepalive_ch; 253 #endif 254 255 #ifdef __FreeBSD__ 256 #define SPP_FMT "%s%d: " 257 #define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 258 #else 259 #define SPP_FMT "%s: " 260 #define SPP_ARGS(ifp) (ifp)->if_xname 261 #endif 262 263 /* 264 * The following disgusting hack gets around the problem that IP TOS 265 * can't be set yet. We want to put "interactive" traffic on a high 266 * priority queue. To decide if traffic is interactive, we check that 267 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 268 * 269 * XXX is this really still necessary? - joerg - 270 */ 271 static u_short interactive_ports[8] = { 272 0, 513, 0, 0, 273 0, 21, 0, 23, 274 }; 275 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 276 277 /* almost every function needs these */ 278 #define STDDCL \ 279 struct ifnet *ifp = &sp->pp_if; \ 280 int debug = ifp->if_flags & IFF_DEBUG 281 282 static int sppp_output(struct ifnet *ifp, struct mbuf *m, 283 struct sockaddr *dst, struct rtentry *rt); 284 285 static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 286 static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 287 288 static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 289 struct mbuf *m); 290 static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 291 u_char ident, u_short len, void *data); 292 /* static void sppp_cp_timeout(void *arg); */ 293 static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 294 int newstate); 295 static void sppp_auth_send(const struct cp *cp, 296 struct sppp *sp, unsigned int type, unsigned int id, 297 ...); 298 299 static void sppp_up_event(const struct cp *cp, struct sppp *sp); 300 static void sppp_down_event(const struct cp *cp, struct sppp *sp); 301 static void sppp_open_event(const struct cp *cp, struct sppp *sp); 302 static void sppp_close_event(const struct cp *cp, struct sppp *sp); 303 static void sppp_to_event(const struct cp *cp, struct sppp *sp); 304 305 static void sppp_null(struct sppp *sp); 306 307 static void sppp_lcp_init(struct sppp *sp); 308 static void sppp_lcp_up(struct sppp *sp); 309 static void sppp_lcp_down(struct sppp *sp); 310 static void sppp_lcp_open(struct sppp *sp); 311 static void sppp_lcp_close(struct sppp *sp); 312 static void sppp_lcp_TO(void *sp); 313 static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 314 static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 315 static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 316 static void sppp_lcp_tlu(struct sppp *sp); 317 static void sppp_lcp_tld(struct sppp *sp); 318 static void sppp_lcp_tls(struct sppp *sp); 319 static void sppp_lcp_tlf(struct sppp *sp); 320 static void sppp_lcp_scr(struct sppp *sp); 321 static void sppp_lcp_check_and_close(struct sppp *sp); 322 static int sppp_ncp_check(struct sppp *sp); 323 324 static void sppp_ipcp_init(struct sppp *sp); 325 static void sppp_ipcp_up(struct sppp *sp); 326 static void sppp_ipcp_down(struct sppp *sp); 327 static void sppp_ipcp_open(struct sppp *sp); 328 static void sppp_ipcp_close(struct sppp *sp); 329 static void sppp_ipcp_TO(void *sp); 330 static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 331 static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 332 static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 333 static void sppp_ipcp_tlu(struct sppp *sp); 334 static void sppp_ipcp_tld(struct sppp *sp); 335 static void sppp_ipcp_tls(struct sppp *sp); 336 static void sppp_ipcp_tlf(struct sppp *sp); 337 static void sppp_ipcp_scr(struct sppp *sp); 338 339 static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 340 static void sppp_pap_init(struct sppp *sp); 341 static void sppp_pap_open(struct sppp *sp); 342 static void sppp_pap_close(struct sppp *sp); 343 static void sppp_pap_TO(void *sp); 344 static void sppp_pap_my_TO(void *sp); 345 static void sppp_pap_tlu(struct sppp *sp); 346 static void sppp_pap_tld(struct sppp *sp); 347 static void sppp_pap_scr(struct sppp *sp); 348 349 static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 350 static void sppp_chap_init(struct sppp *sp); 351 static void sppp_chap_open(struct sppp *sp); 352 static void sppp_chap_close(struct sppp *sp); 353 static void sppp_chap_TO(void *sp); 354 static void sppp_chap_tlu(struct sppp *sp); 355 static void sppp_chap_tld(struct sppp *sp); 356 static void sppp_chap_scr(struct sppp *sp); 357 358 static const char *sppp_auth_type_name(u_short proto, u_char type); 359 static const char *sppp_cp_type_name(u_char type); 360 static const char *sppp_dotted_quad(u_long addr); 361 static const char *sppp_ipcp_opt_name(u_char opt); 362 static const char *sppp_lcp_opt_name(u_char opt); 363 static const char *sppp_phase_name(enum ppp_phase phase); 364 static const char *sppp_proto_name(u_short proto); 365 static const char *sppp_state_name(int state); 366 static int sppp_params(struct sppp *sp, int cmd, void *data); 367 static int sppp_strnlen(u_char *p, int max); 368 static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 369 u_long *srcmask); 370 static void sppp_keepalive(void *dummy); 371 static void sppp_phase_network(struct sppp *sp); 372 static void sppp_print_bytes(const u_char *p, u_short len); 373 static void sppp_print_string(const char *p, u_short len); 374 static void sppp_qflush(struct ifqueue *ifq); 375 static void sppp_set_ip_addr(struct sppp *sp, u_long src); 376 377 /* our control protocol descriptors */ 378 static const struct cp lcp = { 379 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 380 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 381 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 382 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 383 sppp_lcp_scr 384 }; 385 386 static const struct cp ipcp = { 387 PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp", 388 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 389 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 390 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 391 sppp_ipcp_scr 392 }; 393 394 static const struct cp pap = { 395 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 396 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 397 sppp_pap_TO, 0, 0, 0, 398 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 399 sppp_pap_scr 400 }; 401 402 static const struct cp chap = { 403 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 404 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 405 sppp_chap_TO, 0, 0, 0, 406 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 407 sppp_chap_scr 408 }; 409 410 static const struct cp *cps[IDX_COUNT] = { 411 &lcp, /* IDX_LCP */ 412 &ipcp, /* IDX_IPCP */ 413 &pap, /* IDX_PAP */ 414 &chap, /* IDX_CHAP */ 415 }; 416 417 418 /* 420 * Exported functions, comprising our interface to the lower layer. 421 */ 422 423 /* 424 * Process the received packet. 425 */ 426 void 427 sppp_input(struct ifnet *ifp, struct mbuf *m) 428 { 429 struct ppp_header *h; 430 struct ifqueue *inq = 0; 431 int s; 432 struct sppp *sp = (struct sppp *)ifp; 433 int debug = ifp->if_flags & IFF_DEBUG; 434 435 if (ifp->if_flags & IFF_UP) 436 /* Count received bytes, add FCS and one flag */ 437 ifp->if_ibytes += m->m_pkthdr.len + 3; 438 439 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 440 /* Too small packet, drop it. */ 441 if (debug) 442 log(LOG_DEBUG, 443 SPP_FMT "input packet is too small, %d bytes\n", 444 SPP_ARGS(ifp), m->m_pkthdr.len); 445 drop: 446 ++ifp->if_ierrors; 447 ++ifp->if_iqdrops; 448 m_freem (m); 449 return; 450 } 451 452 /* Get PPP header. */ 453 h = mtod (m, struct ppp_header*); 454 m_adj (m, PPP_HEADER_LEN); 455 456 switch (h->address) { 457 case PPP_ALLSTATIONS: 458 if (h->control != PPP_UI) 459 goto invalid; 460 if (sp->pp_flags & PP_CISCO) { 461 if (debug) 462 log(LOG_DEBUG, 463 SPP_FMT "PPP packet in Cisco mode " 464 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 465 SPP_ARGS(ifp), 466 h->address, h->control, ntohs(h->protocol)); 467 goto drop; 468 } 469 switch (ntohs (h->protocol)) { 470 default: 471 if (sp->state[IDX_LCP] == STATE_OPENED) 472 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 473 ++sp->pp_seq, m->m_pkthdr.len + 2, 474 &h->protocol); 475 if (debug) 476 log(LOG_DEBUG, 477 SPP_FMT "invalid input protocol " 478 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 479 SPP_ARGS(ifp), 480 h->address, h->control, ntohs(h->protocol)); 481 ++ifp->if_noproto; 482 goto drop; 483 case PPP_LCP: 484 sppp_cp_input(&lcp, sp, m); 485 m_freem (m); 486 return; 487 case PPP_PAP: 488 if (sp->pp_phase >= PHASE_AUTHENTICATE) 489 sppp_pap_input(sp, m); 490 m_freem (m); 491 return; 492 case PPP_CHAP: 493 if (sp->pp_phase >= PHASE_AUTHENTICATE) 494 sppp_chap_input(sp, m); 495 m_freem (m); 496 return; 497 #ifdef INET 498 case PPP_IPCP: 499 if (sp->pp_phase == PHASE_NETWORK) 500 sppp_cp_input(&ipcp, sp, m); 501 m_freem (m); 502 return; 503 case PPP_IP: 504 if (sp->state[IDX_IPCP] == STATE_OPENED) { 505 schednetisr (NETISR_IP); 506 inq = &ipintrq; 507 } 508 break; 509 #endif 510 #ifdef IPX 511 case PPP_IPX: 512 /* IPX IPXCP not implemented yet */ 513 if (sp->pp_phase == PHASE_NETWORK) { 514 schednetisr (NETISR_IPX); 515 inq = &ipxintrq; 516 } 517 break; 518 #endif 519 #ifdef NS 520 case PPP_XNS: 521 /* XNS IDPCP not implemented yet */ 522 if (sp->pp_phase == PHASE_NETWORK) { 523 schednetisr (NETISR_NS); 524 inq = &nsintrq; 525 } 526 break; 527 #endif 528 #ifdef ISO 529 case PPP_ISO: 530 /* OSI NLCP not implemented yet */ 531 if (sp->pp_phase == PHASE_NETWORK) { 532 schednetisr (NETISR_ISO); 533 inq = &clnlintrq; 534 } 535 break; 536 #endif 537 } 538 break; 539 case CISCO_MULTICAST: 540 case CISCO_UNICAST: 541 /* Don't check the control field here (RFC 1547). */ 542 if (! (sp->pp_flags & PP_CISCO)) { 543 if (debug) 544 log(LOG_DEBUG, 545 SPP_FMT "Cisco packet in PPP mode " 546 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 547 SPP_ARGS(ifp), 548 h->address, h->control, ntohs(h->protocol)); 549 goto drop; 550 } 551 switch (ntohs (h->protocol)) { 552 default: 553 ++ifp->if_noproto; 554 goto invalid; 555 case CISCO_KEEPALIVE: 556 sppp_cisco_input ((struct sppp*) ifp, m); 557 m_freem (m); 558 return; 559 #ifdef INET 560 case ETHERTYPE_IP: 561 schednetisr (NETISR_IP); 562 inq = &ipintrq; 563 break; 564 #endif 565 #ifdef IPX 566 case ETHERTYPE_IPX: 567 schednetisr (NETISR_IPX); 568 inq = &ipxintrq; 569 break; 570 #endif 571 #ifdef NS 572 case ETHERTYPE_NS: 573 schednetisr (NETISR_NS); 574 inq = &nsintrq; 575 break; 576 #endif 577 } 578 break; 579 default: /* Invalid PPP packet. */ 580 invalid: 581 if (debug) 582 log(LOG_DEBUG, 583 SPP_FMT "invalid input packet " 584 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 585 SPP_ARGS(ifp), 586 h->address, h->control, ntohs(h->protocol)); 587 goto drop; 588 } 589 590 if (! (ifp->if_flags & IFF_UP) || ! inq) 591 goto drop; 592 593 /* Check queue. */ 594 s = splimp(); 595 if (IF_QFULL (inq)) { 596 /* Queue overflow. */ 597 IF_DROP(inq); 598 splx(s); 599 if (debug) 600 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 601 SPP_ARGS(ifp)); 602 goto drop; 603 } 604 IF_ENQUEUE(inq, m); 605 splx(s); 606 } 607 608 /* 609 * Enqueue transmit packet. 610 */ 611 static int 612 sppp_output(struct ifnet *ifp, struct mbuf *m, 613 struct sockaddr *dst, struct rtentry *rt) 614 { 615 struct sppp *sp = (struct sppp*) ifp; 616 struct ppp_header *h; 617 struct ifqueue *ifq; 618 int s, rv = 0; 619 620 s = splimp(); 621 622 if ((ifp->if_flags & IFF_UP) == 0 || 623 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 624 m_freem (m); 625 splx (s); 626 return (ENETDOWN); 627 } 628 629 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 630 /* 631 * Interface is not yet running, but auto-dial. Need 632 * to start LCP for it. 633 */ 634 ifp->if_flags |= IFF_RUNNING; 635 splx(s); 636 lcp.Open(sp); 637 s = splimp(); 638 } 639 640 ifq = &ifp->if_snd; 641 642 #ifdef INET 643 if (dst->sa_family == AF_INET) 644 { 645 /* Check mbuf length here??? */ 646 struct ip *ip = mtod (m, struct ip*); 647 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 648 649 /* 650 * When using dynamic local IP address assignment by using 651 * 0.0.0.0 as a local address, the first TCP session will 652 * not connect because the local TCP checksum is computed 653 * using 0.0.0.0 which will later become our real IP address 654 * so the TCP checksum computed at the remote end will 655 * become invalid. So we 656 * - don't let packets with src ip addr 0 thru 657 * - we flag TCP packets with src ip 0 as an error 658 */ 659 660 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 661 { 662 m_freem(m); 663 splx(s); 664 if(ip->ip_p == IPPROTO_TCP) 665 return(EADDRNOTAVAIL); 666 else 667 return(0); 668 } 669 670 /* 671 * Put low delay, telnet, rlogin and ftp control packets 672 * in front of the queue. 673 */ 674 675 if (! IF_QFULL (&sp->pp_fastq) && 676 ((ip->ip_tos & IPTOS_LOWDELAY) || 677 ((ip->ip_p == IPPROTO_TCP && 678 m->m_len >= sizeof (struct ip) + sizeof (struct tcphdr) && 679 (INTERACTIVE (ntohs (tcp->th_sport)))) || 680 INTERACTIVE (ntohs (tcp->th_dport))))) 681 ifq = &sp->pp_fastq; 682 } 683 #endif 684 685 #ifdef INET6 686 if (dst->sa_family == AF_INET6) { 687 /* XXX do something tricky here? */ 688 } 689 #endif 690 691 /* 692 * Prepend general data packet PPP header. For now, IP only. 693 */ 694 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 695 if (! m) { 696 if (ifp->if_flags & IFF_DEBUG) 697 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 698 SPP_ARGS(ifp)); 699 ++ifp->if_oerrors; 700 splx (s); 701 return (ENOBUFS); 702 } 703 /* 704 * May want to check size of packet 705 * (albeit due to the implementation it's always enough) 706 */ 707 h = mtod (m, struct ppp_header*); 708 if (sp->pp_flags & PP_CISCO) { 709 h->address = CISCO_UNICAST; /* unicast address */ 710 h->control = 0; 711 } else { 712 h->address = PPP_ALLSTATIONS; /* broadcast address */ 713 h->control = PPP_UI; /* Unnumbered Info */ 714 } 715 716 switch (dst->sa_family) { 717 #ifdef INET 718 case AF_INET: /* Internet Protocol */ 719 if (sp->pp_flags & PP_CISCO) 720 h->protocol = htons (ETHERTYPE_IP); 721 else { 722 /* 723 * Don't choke with an ENETDOWN early. It's 724 * possible that we just started dialing out, 725 * so don't drop the packet immediately. If 726 * we notice that we run out of buffer space 727 * below, we will however remember that we are 728 * not ready to carry IP packets, and return 729 * ENETDOWN, as opposed to ENOBUFS. 730 */ 731 h->protocol = htons(PPP_IP); 732 if (sp->state[IDX_IPCP] != STATE_OPENED) 733 rv = ENETDOWN; 734 } 735 break; 736 #endif 737 #ifdef INET6 738 case AF_INET6: /* Internet Protocol version 6 */ 739 if (sp->pp_flags & PP_CISCO) 740 h->protocol = htons (ETHERTYPE_IPV6); 741 else { 742 /* 743 * Don't choke with an ENETDOWN early. It's 744 * possible that we just started dialing out, 745 * so don't drop the packet immediately. If 746 * we notice that we run out of buffer space 747 * below, we will however remember that we are 748 * not ready to carry IP packets, and return 749 * ENETDOWN, as opposed to ENOBUFS. 750 */ 751 h->protocol = htons(PPP_IPV6); 752 if (sp->state[IDX_IPCP] != STATE_OPENED) 753 rv = ENETDOWN; 754 } 755 break; 756 #endif 757 #ifdef NS 758 case AF_NS: /* Xerox NS Protocol */ 759 h->protocol = htons ((sp->pp_flags & PP_CISCO) ? 760 ETHERTYPE_NS : PPP_XNS); 761 break; 762 #endif 763 #ifdef IPX 764 case AF_IPX: /* Novell IPX Protocol */ 765 h->protocol = htons ((sp->pp_flags & PP_CISCO) ? 766 ETHERTYPE_IPX : PPP_IPX); 767 break; 768 #endif 769 #ifdef ISO 770 case AF_ISO: /* ISO OSI Protocol */ 771 if (sp->pp_flags & PP_CISCO) 772 goto nosupport; 773 h->protocol = htons (PPP_ISO); 774 break; 775 nosupport: 776 #endif 777 default: 778 m_freem (m); 779 ++ifp->if_oerrors; 780 splx (s); 781 return (EAFNOSUPPORT); 782 } 783 784 /* 785 * Queue message on interface, and start output if interface 786 * not yet active. 787 */ 788 if (IF_QFULL (ifq)) { 789 IF_DROP (&ifp->if_snd); 790 m_freem (m); 791 ++ifp->if_oerrors; 792 splx (s); 793 return (rv? rv: ENOBUFS); 794 } 795 IF_ENQUEUE (ifq, m); 796 if (! (ifp->if_flags & IFF_OACTIVE)) 797 (*ifp->if_start) (ifp); 798 799 /* 800 * Count output packets and bytes. 801 * The packet length includes header, FCS and 1 flag, 802 * according to RFC 1333. 803 */ 804 ifp->if_obytes += m->m_pkthdr.len + 3; 805 splx (s); 806 return (0); 807 } 808 809 void 810 sppp_attach(struct ifnet *ifp) 811 { 812 struct sppp *sp = (struct sppp*) ifp; 813 814 /* Initialize keepalive handler. */ 815 if (! spppq) 816 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 817 keepalive_ch = 818 #endif 819 timeout(sppp_keepalive, 0, hz * 10); 820 821 /* Insert new entry into the keepalive list. */ 822 sp->pp_next = spppq; 823 spppq = sp; 824 825 sp->pp_if.if_type = IFT_PPP; 826 sp->pp_if.if_output = sppp_output; 827 sp->pp_fastq.ifq_maxlen = 32; 828 sp->pp_cpq.ifq_maxlen = 20; 829 sp->pp_loopcnt = 0; 830 sp->pp_alivecnt = 0; 831 sp->pp_seq = 0; 832 sp->pp_rseq = 0; 833 sp->pp_phase = PHASE_DEAD; 834 sp->pp_up = lcp.Up; 835 sp->pp_down = lcp.Down; 836 837 sppp_lcp_init(sp); 838 sppp_ipcp_init(sp); 839 sppp_pap_init(sp); 840 sppp_chap_init(sp); 841 } 842 843 void 844 sppp_detach(struct ifnet *ifp) 845 { 846 struct sppp **q, *p, *sp = (struct sppp*) ifp; 847 int i; 848 849 /* Remove the entry from the keepalive list. */ 850 for (q = &spppq; (p = *q); q = &p->pp_next) 851 if (p == sp) { 852 *q = p->pp_next; 853 break; 854 } 855 856 /* Stop keepalive handler. */ 857 if (! spppq) 858 untimeout(sppp_keepalive, 0 859 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 860 ,keepalive_ch 861 #endif 862 ); 863 864 for (i = 0; i < IDX_COUNT; i++) 865 untimeout((cps[i])->TO, (void *)sp 866 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 867 , sp->ch[i] 868 #endif 869 ); 870 untimeout(sppp_pap_my_TO, (void *)sp 871 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 872 , sp->pap_my_to_ch 873 #endif 874 ); 875 } 876 877 /* 878 * Flush the interface output queue. 879 */ 880 void 881 sppp_flush(struct ifnet *ifp) 882 { 883 struct sppp *sp = (struct sppp*) ifp; 884 885 sppp_qflush (&sp->pp_if.if_snd); 886 sppp_qflush (&sp->pp_fastq); 887 sppp_qflush (&sp->pp_cpq); 888 } 889 890 /* 891 * Check if the output queue is empty. 892 */ 893 int 894 sppp_isempty(struct ifnet *ifp) 895 { 896 struct sppp *sp = (struct sppp*) ifp; 897 int empty, s; 898 899 s = splimp(); 900 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 901 !sp->pp_if.if_snd.ifq_head; 902 splx(s); 903 return (empty); 904 } 905 906 /* 907 * Get next packet to send. 908 */ 909 struct mbuf * 910 sppp_dequeue(struct ifnet *ifp) 911 { 912 struct sppp *sp = (struct sppp*) ifp; 913 struct mbuf *m; 914 int s; 915 916 s = splimp(); 917 /* 918 * Process only the control protocol queue until we have at 919 * least one NCP open. 920 * 921 * Do always serve all three queues in Cisco mode. 922 */ 923 IF_DEQUEUE(&sp->pp_cpq, m); 924 if (m == NULL && 925 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) { 926 IF_DEQUEUE(&sp->pp_fastq, m); 927 if (m == NULL) 928 IF_DEQUEUE (&sp->pp_if.if_snd, m); 929 } 930 splx(s); 931 return m; 932 } 933 934 /* 935 * Pick the next packet, do not remove it from the queue. 936 */ 937 struct mbuf * 938 sppp_pick(struct ifnet *ifp) 939 { 940 struct sppp *sp = (struct sppp*)ifp; 941 struct mbuf *m; 942 int s; 943 944 s= splimp (); 945 946 m = sp->pp_cpq.ifq_head; 947 if (m == NULL && 948 (sp->pp_phase == PHASE_NETWORK || 949 (sp->pp_flags & PP_CISCO) != 0)) 950 if ((m = sp->pp_fastq.ifq_head) == NULL) 951 m = sp->pp_if.if_snd.ifq_head; 952 splx (s); 953 return (m); 954 } 955 956 /* 957 * Process an ioctl request. Called on low priority level. 958 */ 959 int 960 #if defined(__FreeBSD_version) && __FreeBSD_version >= 300003 961 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) 962 #else 963 sppp_ioctl(struct ifnet *ifp, int cmd, void *data) 964 #endif 965 { 966 struct ifreq *ifr = (struct ifreq*) data; 967 struct sppp *sp = (struct sppp*) ifp; 968 int s, rv, going_up, going_down, newmode; 969 970 s = splimp(); 971 rv = 0; 972 switch (cmd) { 973 case SIOCAIFADDR: 974 case SIOCSIFDSTADDR: 975 break; 976 977 case SIOCSIFADDR: 978 if_up(ifp); 979 /* fall through... */ 980 981 case SIOCSIFFLAGS: 982 going_up = ifp->if_flags & IFF_UP && 983 (ifp->if_flags & IFF_RUNNING) == 0; 984 going_down = (ifp->if_flags & IFF_UP) == 0 && 985 ifp->if_flags & IFF_RUNNING; 986 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 987 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 988 /* sanity */ 989 newmode = IFF_PASSIVE; 990 ifp->if_flags &= ~IFF_AUTO; 991 } 992 993 if (going_up || going_down) 994 lcp.Close(sp); 995 if (going_up && newmode == 0) { 996 /* neither auto-dial nor passive */ 997 ifp->if_flags |= IFF_RUNNING; 998 if (!(sp->pp_flags & PP_CISCO)) 999 lcp.Open(sp); 1000 } else if (going_down) { 1001 sppp_flush(ifp); 1002 ifp->if_flags &= ~IFF_RUNNING; 1003 } 1004 1005 break; 1006 1007 #ifdef SIOCSIFMTU 1008 #ifndef ifr_mtu 1009 #define ifr_mtu ifr_metric 1010 #endif 1011 case SIOCSIFMTU: 1012 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1013 return (EINVAL); 1014 ifp->if_mtu = ifr->ifr_mtu; 1015 break; 1016 #endif 1017 #ifdef SLIOCSETMTU 1018 case SLIOCSETMTU: 1019 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1020 return (EINVAL); 1021 ifp->if_mtu = *(short*)data; 1022 break; 1023 #endif 1024 #ifdef SIOCGIFMTU 1025 case SIOCGIFMTU: 1026 ifr->ifr_mtu = ifp->if_mtu; 1027 break; 1028 #endif 1029 #ifdef SLIOCGETMTU 1030 case SLIOCGETMTU: 1031 *(short*)data = ifp->if_mtu; 1032 break; 1033 #endif 1034 case SIOCADDMULTI: 1035 case SIOCDELMULTI: 1036 break; 1037 1038 case SIOCGIFGENERIC: 1039 case SIOCSIFGENERIC: 1040 rv = sppp_params(sp, cmd, data); 1041 break; 1042 1043 default: 1044 rv = ENOTTY; 1045 } 1046 splx(s); 1047 return rv; 1048 } 1049 1050 1051 /* 1053 * Cisco framing implementation. 1054 */ 1055 1056 /* 1057 * Handle incoming Cisco keepalive protocol packets. 1058 */ 1059 static void 1060 sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1061 { 1062 STDDCL; 1063 struct cisco_packet *h; 1064 u_long me, mymask; 1065 1066 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1067 if (debug) 1068 log(LOG_DEBUG, 1069 SPP_FMT "cisco invalid packet length: %d bytes\n", 1070 SPP_ARGS(ifp), m->m_pkthdr.len); 1071 return; 1072 } 1073 h = mtod (m, struct cisco_packet*); 1074 if (debug) 1075 log(LOG_DEBUG, 1076 SPP_FMT "cisco input: %d bytes " 1077 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1078 SPP_ARGS(ifp), m->m_pkthdr.len, 1079 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1080 (u_int)h->time0, (u_int)h->time1); 1081 switch (ntohl (h->type)) { 1082 default: 1083 if (debug) 1084 addlog(SPP_FMT "cisco unknown packet type: 0x%lx\n", 1085 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1086 break; 1087 case CISCO_ADDR_REPLY: 1088 /* Reply on address request, ignore */ 1089 break; 1090 case CISCO_KEEPALIVE_REQ: 1091 sp->pp_alivecnt = 0; 1092 sp->pp_rseq = ntohl (h->par1); 1093 if (sp->pp_seq == sp->pp_rseq) { 1094 /* Local and remote sequence numbers are equal. 1095 * Probably, the line is in loopback mode. */ 1096 if (sp->pp_loopcnt >= MAXALIVECNT) { 1097 printf (SPP_FMT "loopback\n", 1098 SPP_ARGS(ifp)); 1099 sp->pp_loopcnt = 0; 1100 if (ifp->if_flags & IFF_UP) { 1101 if_down (ifp); 1102 sppp_qflush (&sp->pp_cpq); 1103 } 1104 } 1105 ++sp->pp_loopcnt; 1106 1107 /* Generate new local sequence number */ 1108 #if defined(__NetBSD__) || (defined(__FreeBSD__) && __FreeBSD__ >= 3) 1109 sp->pp_seq = random(); 1110 #else 1111 sp->pp_seq ^= time.tv_sec ^ time.tv_usec; 1112 #endif 1113 break; 1114 } 1115 sp->pp_loopcnt = 0; 1116 if (! (ifp->if_flags & IFF_UP) && 1117 (ifp->if_flags & IFF_RUNNING)) { 1118 if_up(ifp); 1119 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1120 } 1121 break; 1122 case CISCO_ADDR_REQ: 1123 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1124 if (me != 0L) 1125 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1126 break; 1127 } 1128 } 1129 1130 /* 1131 * Send Cisco keepalive packet. 1132 */ 1133 static void 1134 sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1135 { 1136 STDDCL; 1137 struct ppp_header *h; 1138 struct cisco_packet *ch; 1139 struct mbuf *m; 1140 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1141 struct timeval tv; 1142 #else 1143 u_long t = (time.tv_sec - boottime.tv_sec) * 1000; 1144 #endif 1145 1146 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1147 getmicrouptime(&tv); 1148 #endif 1149 1150 MGETHDR (m, M_DONTWAIT, MT_DATA); 1151 if (! m) 1152 return; 1153 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1154 m->m_pkthdr.rcvif = 0; 1155 1156 h = mtod (m, struct ppp_header*); 1157 h->address = CISCO_MULTICAST; 1158 h->control = 0; 1159 h->protocol = htons (CISCO_KEEPALIVE); 1160 1161 ch = (struct cisco_packet*) (h + 1); 1162 ch->type = htonl (type); 1163 ch->par1 = htonl (par1); 1164 ch->par2 = htonl (par2); 1165 ch->rel = -1; 1166 1167 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1168 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1169 ch->time1 = htons ((u_short) tv.tv_sec); 1170 #else 1171 ch->time0 = htons ((u_short) (t >> 16)); 1172 ch->time1 = htons ((u_short) t); 1173 #endif 1174 1175 if (debug) 1176 log(LOG_DEBUG, 1177 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1178 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1179 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1180 1181 if (IF_QFULL (&sp->pp_cpq)) { 1182 IF_DROP (&sp->pp_fastq); 1183 IF_DROP (&ifp->if_snd); 1184 m_freem (m); 1185 } else 1186 IF_ENQUEUE (&sp->pp_cpq, m); 1187 if (! (ifp->if_flags & IFF_OACTIVE)) 1188 (*ifp->if_start) (ifp); 1189 ifp->if_obytes += m->m_pkthdr.len + 3; 1190 } 1191 1192 /* 1194 * PPP protocol implementation. 1195 */ 1196 1197 /* 1198 * Send PPP control protocol packet. 1199 */ 1200 static void 1201 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1202 u_char ident, u_short len, void *data) 1203 { 1204 STDDCL; 1205 struct ppp_header *h; 1206 struct lcp_header *lh; 1207 struct mbuf *m; 1208 1209 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1210 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1211 MGETHDR (m, M_DONTWAIT, MT_DATA); 1212 if (! m) 1213 return; 1214 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1215 m->m_pkthdr.rcvif = 0; 1216 1217 h = mtod (m, struct ppp_header*); 1218 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1219 h->control = PPP_UI; /* Unnumbered Info */ 1220 h->protocol = htons (proto); /* Link Control Protocol */ 1221 1222 lh = (struct lcp_header*) (h + 1); 1223 lh->type = type; 1224 lh->ident = ident; 1225 lh->len = htons (LCP_HEADER_LEN + len); 1226 if (len) 1227 bcopy (data, lh+1, len); 1228 1229 if (debug) { 1230 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1231 SPP_ARGS(ifp), 1232 sppp_proto_name(proto), 1233 sppp_cp_type_name (lh->type), lh->ident, 1234 ntohs (lh->len)); 1235 if (len) 1236 sppp_print_bytes ((u_char*) (lh+1), len); 1237 addlog(">\n"); 1238 } 1239 if (IF_QFULL (&sp->pp_cpq)) { 1240 IF_DROP (&sp->pp_fastq); 1241 IF_DROP (&ifp->if_snd); 1242 m_freem (m); 1243 ++ifp->if_oerrors; 1244 } else 1245 IF_ENQUEUE (&sp->pp_cpq, m); 1246 if (! (ifp->if_flags & IFF_OACTIVE)) 1247 (*ifp->if_start) (ifp); 1248 ifp->if_obytes += m->m_pkthdr.len + 3; 1249 } 1250 1251 /* 1252 * Handle incoming PPP control protocol packets. 1253 */ 1254 static void 1255 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1256 { 1257 STDDCL; 1258 struct lcp_header *h; 1259 int len = m->m_pkthdr.len; 1260 int rv; 1261 u_char *p; 1262 1263 if (len < 4) { 1264 if (debug) 1265 log(LOG_DEBUG, 1266 SPP_FMT "%s invalid packet length: %d bytes\n", 1267 SPP_ARGS(ifp), cp->name, len); 1268 return; 1269 } 1270 h = mtod (m, struct lcp_header*); 1271 if (debug) { 1272 log(LOG_DEBUG, 1273 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1274 SPP_ARGS(ifp), cp->name, 1275 sppp_state_name(sp->state[cp->protoidx]), 1276 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1277 if (len > 4) 1278 sppp_print_bytes ((u_char*) (h+1), len-4); 1279 addlog(">\n"); 1280 } 1281 if (len > ntohs (h->len)) 1282 len = ntohs (h->len); 1283 p = (u_char *)(h + 1); 1284 switch (h->type) { 1285 case CONF_REQ: 1286 if (len < 4) { 1287 if (debug) 1288 addlog(SPP_FMT "%s invalid conf-req length %d\n", 1289 SPP_ARGS(ifp), cp->name, 1290 len); 1291 ++ifp->if_ierrors; 1292 break; 1293 } 1294 /* handle states where RCR doesn't get a SCA/SCN */ 1295 switch (sp->state[cp->protoidx]) { 1296 case STATE_CLOSING: 1297 case STATE_STOPPING: 1298 return; 1299 case STATE_CLOSED: 1300 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1301 0, 0); 1302 return; 1303 } 1304 rv = (cp->RCR)(sp, h, len); 1305 switch (sp->state[cp->protoidx]) { 1306 case STATE_OPENED: 1307 (cp->tld)(sp); 1308 (cp->scr)(sp); 1309 /* fall through... */ 1310 case STATE_ACK_SENT: 1311 case STATE_REQ_SENT: 1312 sppp_cp_change_state(cp, sp, rv? 1313 STATE_ACK_SENT: STATE_REQ_SENT); 1314 break; 1315 case STATE_STOPPED: 1316 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1317 (cp->scr)(sp); 1318 sppp_cp_change_state(cp, sp, rv? 1319 STATE_ACK_SENT: STATE_REQ_SENT); 1320 break; 1321 case STATE_ACK_RCVD: 1322 if (rv) { 1323 sppp_cp_change_state(cp, sp, STATE_OPENED); 1324 if (debug) 1325 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1326 SPP_ARGS(ifp), 1327 cp->name); 1328 (cp->tlu)(sp); 1329 } else 1330 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1331 break; 1332 default: 1333 printf(SPP_FMT "%s illegal %s in state %s\n", 1334 SPP_ARGS(ifp), cp->name, 1335 sppp_cp_type_name(h->type), 1336 sppp_state_name(sp->state[cp->protoidx])); 1337 ++ifp->if_ierrors; 1338 } 1339 break; 1340 case CONF_ACK: 1341 if (h->ident != sp->confid[cp->protoidx]) { 1342 if (debug) 1343 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1344 SPP_ARGS(ifp), cp->name, 1345 h->ident, sp->confid[cp->protoidx]); 1346 ++ifp->if_ierrors; 1347 break; 1348 } 1349 switch (sp->state[cp->protoidx]) { 1350 case STATE_CLOSED: 1351 case STATE_STOPPED: 1352 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1353 break; 1354 case STATE_CLOSING: 1355 case STATE_STOPPING: 1356 break; 1357 case STATE_REQ_SENT: 1358 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1359 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1360 break; 1361 case STATE_OPENED: 1362 (cp->tld)(sp); 1363 /* fall through */ 1364 case STATE_ACK_RCVD: 1365 (cp->scr)(sp); 1366 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1367 break; 1368 case STATE_ACK_SENT: 1369 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1370 sppp_cp_change_state(cp, sp, STATE_OPENED); 1371 if (debug) 1372 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1373 SPP_ARGS(ifp), cp->name); 1374 (cp->tlu)(sp); 1375 break; 1376 default: 1377 printf(SPP_FMT "%s illegal %s in state %s\n", 1378 SPP_ARGS(ifp), cp->name, 1379 sppp_cp_type_name(h->type), 1380 sppp_state_name(sp->state[cp->protoidx])); 1381 ++ifp->if_ierrors; 1382 } 1383 break; 1384 case CONF_NAK: 1385 case CONF_REJ: 1386 if (h->ident != sp->confid[cp->protoidx]) { 1387 if (debug) 1388 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1389 SPP_ARGS(ifp), cp->name, 1390 h->ident, sp->confid[cp->protoidx]); 1391 ++ifp->if_ierrors; 1392 break; 1393 } 1394 if (h->type == CONF_NAK) 1395 (cp->RCN_nak)(sp, h, len); 1396 else /* CONF_REJ */ 1397 (cp->RCN_rej)(sp, h, len); 1398 1399 switch (sp->state[cp->protoidx]) { 1400 case STATE_CLOSED: 1401 case STATE_STOPPED: 1402 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1403 break; 1404 case STATE_REQ_SENT: 1405 case STATE_ACK_SENT: 1406 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1407 (cp->scr)(sp); 1408 break; 1409 case STATE_OPENED: 1410 (cp->tld)(sp); 1411 /* fall through */ 1412 case STATE_ACK_RCVD: 1413 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1414 (cp->scr)(sp); 1415 break; 1416 case STATE_CLOSING: 1417 case STATE_STOPPING: 1418 break; 1419 default: 1420 printf(SPP_FMT "%s illegal %s in state %s\n", 1421 SPP_ARGS(ifp), cp->name, 1422 sppp_cp_type_name(h->type), 1423 sppp_state_name(sp->state[cp->protoidx])); 1424 ++ifp->if_ierrors; 1425 } 1426 break; 1427 1428 case TERM_REQ: 1429 switch (sp->state[cp->protoidx]) { 1430 case STATE_ACK_RCVD: 1431 case STATE_ACK_SENT: 1432 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1433 /* fall through */ 1434 case STATE_CLOSED: 1435 case STATE_STOPPED: 1436 case STATE_CLOSING: 1437 case STATE_STOPPING: 1438 case STATE_REQ_SENT: 1439 sta: 1440 /* Send Terminate-Ack packet. */ 1441 if (debug) 1442 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1443 SPP_ARGS(ifp), cp->name); 1444 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1445 break; 1446 case STATE_OPENED: 1447 (cp->tld)(sp); 1448 sp->rst_counter[cp->protoidx] = 0; 1449 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1450 goto sta; 1451 break; 1452 default: 1453 printf(SPP_FMT "%s illegal %s in state %s\n", 1454 SPP_ARGS(ifp), cp->name, 1455 sppp_cp_type_name(h->type), 1456 sppp_state_name(sp->state[cp->protoidx])); 1457 ++ifp->if_ierrors; 1458 } 1459 break; 1460 case TERM_ACK: 1461 switch (sp->state[cp->protoidx]) { 1462 case STATE_CLOSED: 1463 case STATE_STOPPED: 1464 case STATE_REQ_SENT: 1465 case STATE_ACK_SENT: 1466 break; 1467 case STATE_CLOSING: 1468 (cp->tlf)(sp); 1469 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1470 break; 1471 case STATE_STOPPING: 1472 (cp->tlf)(sp); 1473 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1474 break; 1475 case STATE_ACK_RCVD: 1476 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1477 break; 1478 case STATE_OPENED: 1479 (cp->tld)(sp); 1480 (cp->scr)(sp); 1481 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1482 break; 1483 default: 1484 printf(SPP_FMT "%s illegal %s in state %s\n", 1485 SPP_ARGS(ifp), cp->name, 1486 sppp_cp_type_name(h->type), 1487 sppp_state_name(sp->state[cp->protoidx])); 1488 ++ifp->if_ierrors; 1489 } 1490 break; 1491 case CODE_REJ: 1492 case PROTO_REJ: 1493 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1494 log(LOG_INFO, 1495 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1496 "danger will robinson\n", 1497 SPP_ARGS(ifp), cp->name, 1498 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1499 switch (sp->state[cp->protoidx]) { 1500 case STATE_CLOSED: 1501 case STATE_STOPPED: 1502 case STATE_REQ_SENT: 1503 case STATE_ACK_SENT: 1504 case STATE_CLOSING: 1505 case STATE_STOPPING: 1506 case STATE_OPENED: 1507 break; 1508 case STATE_ACK_RCVD: 1509 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1510 break; 1511 default: 1512 printf(SPP_FMT "%s illegal %s in state %s\n", 1513 SPP_ARGS(ifp), cp->name, 1514 sppp_cp_type_name(h->type), 1515 sppp_state_name(sp->state[cp->protoidx])); 1516 ++ifp->if_ierrors; 1517 } 1518 break; 1519 case DISC_REQ: 1520 if (cp->proto != PPP_LCP) 1521 goto illegal; 1522 /* Discard the packet. */ 1523 break; 1524 case ECHO_REQ: 1525 if (cp->proto != PPP_LCP) 1526 goto illegal; 1527 if (sp->state[cp->protoidx] != STATE_OPENED) { 1528 if (debug) 1529 addlog(SPP_FMT "lcp echo req but lcp closed\n", 1530 SPP_ARGS(ifp)); 1531 ++ifp->if_ierrors; 1532 break; 1533 } 1534 if (len < 8) { 1535 if (debug) 1536 addlog(SPP_FMT "invalid lcp echo request " 1537 "packet length: %d bytes\n", 1538 SPP_ARGS(ifp), len); 1539 break; 1540 } 1541 if (ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1542 /* Line loopback mode detected. */ 1543 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1544 if_down (ifp); 1545 sppp_qflush (&sp->pp_cpq); 1546 1547 /* Shut down the PPP link. */ 1548 /* XXX */ 1549 lcp.Down(sp); 1550 lcp.Up(sp); 1551 break; 1552 } 1553 *(long*)(h+1) = htonl (sp->lcp.magic); 1554 if (debug) 1555 addlog(SPP_FMT "got lcp echo req, sending echo rep\n", 1556 SPP_ARGS(ifp)); 1557 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1558 break; 1559 case ECHO_REPLY: 1560 if (cp->proto != PPP_LCP) 1561 goto illegal; 1562 if (h->ident != sp->lcp.echoid) { 1563 ++ifp->if_ierrors; 1564 break; 1565 } 1566 if (len < 8) { 1567 if (debug) 1568 addlog(SPP_FMT "lcp invalid echo reply " 1569 "packet length: %d bytes\n", 1570 SPP_ARGS(ifp), len); 1571 break; 1572 } 1573 if (debug) 1574 addlog(SPP_FMT "lcp got echo rep\n", 1575 SPP_ARGS(ifp)); 1576 if (ntohl (*(long*)(h+1)) != sp->lcp.magic) 1577 sp->pp_alivecnt = 0; 1578 break; 1579 default: 1580 /* Unknown packet type -- send Code-Reject packet. */ 1581 illegal: 1582 if (debug) 1583 addlog(SPP_FMT "%s send code-rej for 0x%x\n", 1584 SPP_ARGS(ifp), cp->name, h->type); 1585 sppp_cp_send(sp, cp->proto, CODE_REJ, ++sp->pp_seq, 1586 m->m_pkthdr.len, h); 1587 ++ifp->if_ierrors; 1588 } 1589 } 1590 1591 1592 /* 1593 * The generic part of all Up/Down/Open/Close/TO event handlers. 1594 * Basically, the state transition handling in the automaton. 1595 */ 1596 static void 1597 sppp_up_event(const struct cp *cp, struct sppp *sp) 1598 { 1599 STDDCL; 1600 1601 if (debug) 1602 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1603 SPP_ARGS(ifp), cp->name, 1604 sppp_state_name(sp->state[cp->protoidx])); 1605 1606 switch (sp->state[cp->protoidx]) { 1607 case STATE_INITIAL: 1608 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1609 break; 1610 case STATE_STARTING: 1611 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1612 (cp->scr)(sp); 1613 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1614 break; 1615 default: 1616 printf(SPP_FMT "%s illegal up in state %s\n", 1617 SPP_ARGS(ifp), cp->name, 1618 sppp_state_name(sp->state[cp->protoidx])); 1619 } 1620 } 1621 1622 static void 1623 sppp_down_event(const struct cp *cp, struct sppp *sp) 1624 { 1625 STDDCL; 1626 1627 if (debug) 1628 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1629 SPP_ARGS(ifp), cp->name, 1630 sppp_state_name(sp->state[cp->protoidx])); 1631 1632 switch (sp->state[cp->protoidx]) { 1633 case STATE_CLOSED: 1634 case STATE_CLOSING: 1635 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1636 break; 1637 case STATE_STOPPED: 1638 (cp->tls)(sp); 1639 /* fall through */ 1640 case STATE_STOPPING: 1641 case STATE_REQ_SENT: 1642 case STATE_ACK_RCVD: 1643 case STATE_ACK_SENT: 1644 sppp_cp_change_state(cp, sp, STATE_STARTING); 1645 break; 1646 case STATE_OPENED: 1647 (cp->tld)(sp); 1648 sppp_cp_change_state(cp, sp, STATE_STARTING); 1649 break; 1650 default: 1651 printf(SPP_FMT "%s illegal down in state %s\n", 1652 SPP_ARGS(ifp), cp->name, 1653 sppp_state_name(sp->state[cp->protoidx])); 1654 } 1655 } 1656 1657 1658 static void 1659 sppp_open_event(const struct cp *cp, struct sppp *sp) 1660 { 1661 STDDCL; 1662 1663 if (debug) 1664 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1665 SPP_ARGS(ifp), cp->name, 1666 sppp_state_name(sp->state[cp->protoidx])); 1667 1668 switch (sp->state[cp->protoidx]) { 1669 case STATE_INITIAL: 1670 (cp->tls)(sp); 1671 sppp_cp_change_state(cp, sp, STATE_STARTING); 1672 break; 1673 case STATE_STARTING: 1674 break; 1675 case STATE_CLOSED: 1676 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1677 (cp->scr)(sp); 1678 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1679 break; 1680 case STATE_STOPPED: 1681 case STATE_STOPPING: 1682 case STATE_REQ_SENT: 1683 case STATE_ACK_RCVD: 1684 case STATE_ACK_SENT: 1685 case STATE_OPENED: 1686 break; 1687 case STATE_CLOSING: 1688 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1689 break; 1690 } 1691 } 1692 1693 1694 static void 1695 sppp_close_event(const struct cp *cp, struct sppp *sp) 1696 { 1697 STDDCL; 1698 1699 if (debug) 1700 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1701 SPP_ARGS(ifp), cp->name, 1702 sppp_state_name(sp->state[cp->protoidx])); 1703 1704 switch (sp->state[cp->protoidx]) { 1705 case STATE_INITIAL: 1706 case STATE_CLOSED: 1707 case STATE_CLOSING: 1708 break; 1709 case STATE_STARTING: 1710 (cp->tlf)(sp); 1711 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1712 break; 1713 case STATE_STOPPED: 1714 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1715 break; 1716 case STATE_STOPPING: 1717 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1718 break; 1719 case STATE_OPENED: 1720 (cp->tld)(sp); 1721 /* fall through */ 1722 case STATE_REQ_SENT: 1723 case STATE_ACK_RCVD: 1724 case STATE_ACK_SENT: 1725 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1726 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0); 1727 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1728 break; 1729 } 1730 } 1731 1732 static void 1733 sppp_to_event(const struct cp *cp, struct sppp *sp) 1734 { 1735 STDDCL; 1736 int s; 1737 1738 s = splimp(); 1739 if (debug) 1740 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 1741 SPP_ARGS(ifp), cp->name, 1742 sppp_state_name(sp->state[cp->protoidx]), 1743 sp->rst_counter[cp->protoidx]); 1744 1745 if (--sp->rst_counter[cp->protoidx] < 0) 1746 /* TO- event */ 1747 switch (sp->state[cp->protoidx]) { 1748 case STATE_CLOSING: 1749 (cp->tlf)(sp); 1750 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1751 break; 1752 case STATE_STOPPING: 1753 (cp->tlf)(sp); 1754 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1755 break; 1756 case STATE_REQ_SENT: 1757 case STATE_ACK_RCVD: 1758 case STATE_ACK_SENT: 1759 (cp->tlf)(sp); 1760 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1761 break; 1762 } 1763 else 1764 /* TO+ event */ 1765 switch (sp->state[cp->protoidx]) { 1766 case STATE_CLOSING: 1767 case STATE_STOPPING: 1768 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 1769 0, 0); 1770 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1771 sp->ch[cp->protoidx] = 1772 #endif 1773 timeout(cp->TO, (void *)sp, sp->lcp.timeout); 1774 break; 1775 case STATE_REQ_SENT: 1776 case STATE_ACK_RCVD: 1777 (cp->scr)(sp); 1778 /* sppp_cp_change_state() will restart the timer */ 1779 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1780 break; 1781 case STATE_ACK_SENT: 1782 (cp->scr)(sp); 1783 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1784 sp->ch[cp->protoidx] = 1785 #endif 1786 timeout(cp->TO, (void *)sp, sp->lcp.timeout); 1787 break; 1788 } 1789 1790 splx(s); 1791 } 1792 1793 /* 1794 * Change the state of a control protocol in the state automaton. 1795 * Takes care of starting/stopping the restart timer. 1796 */ 1797 void 1798 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1799 { 1800 sp->state[cp->protoidx] = newstate; 1801 1802 untimeout(cp->TO, (void *)sp 1803 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1804 , sp->ch[cp->protoidx] 1805 #endif 1806 ); 1807 switch (newstate) { 1808 case STATE_INITIAL: 1809 case STATE_STARTING: 1810 case STATE_CLOSED: 1811 case STATE_STOPPED: 1812 case STATE_OPENED: 1813 break; 1814 case STATE_CLOSING: 1815 case STATE_STOPPING: 1816 case STATE_REQ_SENT: 1817 case STATE_ACK_RCVD: 1818 case STATE_ACK_SENT: 1819 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1820 sp->ch[cp->protoidx] = 1821 #endif 1822 timeout(cp->TO, (void *)sp, sp->lcp.timeout); 1823 break; 1824 } 1825 } 1826 /* 1828 *--------------------------------------------------------------------------* 1829 * * 1830 * The LCP implementation. * 1831 * * 1832 *--------------------------------------------------------------------------* 1833 */ 1834 static void 1835 sppp_lcp_init(struct sppp *sp) 1836 { 1837 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1838 sp->lcp.magic = 0; 1839 sp->state[IDX_LCP] = STATE_INITIAL; 1840 sp->fail_counter[IDX_LCP] = 0; 1841 sp->lcp.protos = 0; 1842 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 1843 1844 /* 1845 * Initialize counters and timeout values. Note that we don't 1846 * use the 3 seconds suggested in RFC 1661 since we are likely 1847 * running on a fast link. XXX We should probably implement 1848 * the exponential backoff option. Note that these values are 1849 * relevant for all control protocols, not just LCP only. 1850 */ 1851 sp->lcp.timeout = 1 * hz; 1852 sp->lcp.max_terminate = 2; 1853 sp->lcp.max_configure = 10; 1854 sp->lcp.max_failure = 10; 1855 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1856 callout_handle_init(&sp->ch[IDX_LCP]); 1857 #endif 1858 } 1859 1860 static void 1861 sppp_lcp_up(struct sppp *sp) 1862 { 1863 STDDCL; 1864 1865 /* 1866 * If this interface is passive or dial-on-demand, and we are 1867 * still in Initial state, it means we've got an incoming 1868 * call. Activate the interface. 1869 */ 1870 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 1871 if (debug) 1872 log(LOG_DEBUG, 1873 SPP_FMT "Up event", SPP_ARGS(ifp)); 1874 ifp->if_flags |= IFF_RUNNING; 1875 if (sp->state[IDX_LCP] == STATE_INITIAL) { 1876 if (debug) 1877 addlog("(incoming call)\n"); 1878 sp->pp_flags |= PP_CALLIN; 1879 lcp.Open(sp); 1880 } else if (debug) 1881 addlog("\n"); 1882 } 1883 1884 sppp_up_event(&lcp, sp); 1885 } 1886 1887 static void 1888 sppp_lcp_down(struct sppp *sp) 1889 { 1890 STDDCL; 1891 1892 sppp_down_event(&lcp, sp); 1893 1894 /* 1895 * If this is neither a dial-on-demand nor a passive 1896 * interface, simulate an ``ifconfig down'' action, so the 1897 * administrator can force a redial by another ``ifconfig 1898 * up''. XXX For leased line operation, should we immediately 1899 * try to reopen the connection here? 1900 */ 1901 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 1902 log(LOG_INFO, 1903 SPP_FMT "Down event (carrier loss), taking interface down.\n", 1904 SPP_ARGS(ifp)); 1905 if_down(ifp); 1906 } else { 1907 if (debug) 1908 log(LOG_DEBUG, 1909 SPP_FMT "Down event (carrier loss)\n", 1910 SPP_ARGS(ifp)); 1911 } 1912 sp->pp_flags &= ~PP_CALLIN; 1913 if (sp->state[IDX_LCP] != STATE_INITIAL) 1914 lcp.Close(sp); 1915 ifp->if_flags &= ~IFF_RUNNING; 1916 } 1917 1918 static void 1919 sppp_lcp_open(struct sppp *sp) 1920 { 1921 /* 1922 * If we are authenticator, negotiate LCP_AUTH 1923 */ 1924 if (sp->hisauth.proto != 0) 1925 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 1926 else 1927 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 1928 sp->pp_flags &= ~PP_NEEDAUTH; 1929 sppp_open_event(&lcp, sp); 1930 } 1931 1932 static void 1933 sppp_lcp_close(struct sppp *sp) 1934 { 1935 sppp_close_event(&lcp, sp); 1936 } 1937 1938 static void 1939 sppp_lcp_TO(void *cookie) 1940 { 1941 sppp_to_event(&lcp, (struct sppp *)cookie); 1942 } 1943 1944 /* 1945 * Analyze a configure request. Return true if it was agreeable, and 1946 * caused action sca, false if it has been rejected or nak'ed, and 1947 * caused action scn. (The return value is used to make the state 1948 * transition decision in the state automaton.) 1949 */ 1950 static int 1951 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 1952 { 1953 STDDCL; 1954 u_char *buf, *r, *p; 1955 int origlen, rlen; 1956 u_long nmagic; 1957 u_short authproto; 1958 1959 len -= 4; 1960 origlen = len; 1961 buf = r = malloc (len, M_TEMP, M_NOWAIT); 1962 if (! buf) 1963 return (0); 1964 1965 if (debug) 1966 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 1967 SPP_ARGS(ifp)); 1968 1969 /* pass 1: check for things that need to be rejected */ 1970 p = (void*) (h+1); 1971 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 1972 if (debug) 1973 addlog(" %s ", sppp_lcp_opt_name(*p)); 1974 switch (*p) { 1975 case LCP_OPT_MAGIC: 1976 /* Magic number. */ 1977 /* fall through, both are same length */ 1978 case LCP_OPT_ASYNC_MAP: 1979 /* Async control character map. */ 1980 if (len >= 6 || p[1] == 6) 1981 continue; 1982 if (debug) 1983 addlog("[invalid] "); 1984 break; 1985 case LCP_OPT_MRU: 1986 /* Maximum receive unit. */ 1987 if (len >= 4 && p[1] == 4) 1988 continue; 1989 if (debug) 1990 addlog("[invalid] "); 1991 break; 1992 case LCP_OPT_AUTH_PROTO: 1993 if (len < 4) { 1994 if (debug) 1995 addlog("[invalid] "); 1996 break; 1997 } 1998 authproto = (p[2] << 8) + p[3]; 1999 if (authproto == PPP_CHAP && p[1] != 5) { 2000 if (debug) 2001 addlog("[invalid chap len] "); 2002 break; 2003 } 2004 if (sp->myauth.proto == 0) { 2005 /* we are not configured to do auth */ 2006 if (debug) 2007 addlog("[not configured] "); 2008 break; 2009 } 2010 /* 2011 * Remote want us to authenticate, remember this, 2012 * so we stay in PHASE_AUTHENTICATE after LCP got 2013 * up. 2014 */ 2015 sp->pp_flags |= PP_NEEDAUTH; 2016 continue; 2017 default: 2018 /* Others not supported. */ 2019 if (debug) 2020 addlog("[rej] "); 2021 break; 2022 } 2023 /* Add the option to rejected list. */ 2024 bcopy (p, r, p[1]); 2025 r += p[1]; 2026 rlen += p[1]; 2027 } 2028 if (rlen) { 2029 if (debug) 2030 addlog(" send conf-rej\n"); 2031 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2032 return 0; 2033 } else if (debug) 2034 addlog("\n"); 2035 2036 /* 2037 * pass 2: check for option values that are unacceptable and 2038 * thus require to be nak'ed. 2039 */ 2040 if (debug) 2041 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2042 SPP_ARGS(ifp)); 2043 2044 p = (void*) (h+1); 2045 len = origlen; 2046 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2047 if (debug) 2048 addlog(" %s ", sppp_lcp_opt_name(*p)); 2049 switch (*p) { 2050 case LCP_OPT_MAGIC: 2051 /* Magic number -- extract. */ 2052 nmagic = (u_long)p[2] << 24 | 2053 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2054 if (nmagic != sp->lcp.magic) { 2055 if (debug) 2056 addlog("0x%lx ", nmagic); 2057 continue; 2058 } 2059 /* 2060 * Local and remote magics equal -- loopback? 2061 */ 2062 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2063 printf (SPP_FMT "loopback\n", 2064 SPP_ARGS(ifp)); 2065 sp->pp_loopcnt = 0; 2066 if (ifp->if_flags & IFF_UP) { 2067 if_down(ifp); 2068 sppp_qflush(&sp->pp_cpq); 2069 /* XXX ? */ 2070 lcp.Down(sp); 2071 lcp.Up(sp); 2072 } 2073 } else if (debug) 2074 addlog("[glitch] "); 2075 ++sp->pp_loopcnt; 2076 /* 2077 * We negate our magic here, and NAK it. If 2078 * we see it later in an NAK packet, we 2079 * suggest a new one. 2080 */ 2081 nmagic = ~sp->lcp.magic; 2082 /* Gonna NAK it. */ 2083 p[2] = nmagic >> 24; 2084 p[3] = nmagic >> 16; 2085 p[4] = nmagic >> 8; 2086 p[5] = nmagic; 2087 break; 2088 2089 case LCP_OPT_ASYNC_MAP: 2090 /* Async control character map -- check to be zero. */ 2091 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) { 2092 if (debug) 2093 addlog("[empty] "); 2094 continue; 2095 } 2096 if (debug) 2097 addlog("[non-empty] "); 2098 /* suggest a zero one */ 2099 p[2] = p[3] = p[4] = p[5] = 0; 2100 break; 2101 2102 case LCP_OPT_MRU: 2103 /* 2104 * Maximum receive unit. Always agreeable, 2105 * but ignored by now. 2106 */ 2107 sp->lcp.their_mru = p[2] * 256 + p[3]; 2108 if (debug) 2109 addlog("%ld ", sp->lcp.their_mru); 2110 continue; 2111 2112 case LCP_OPT_AUTH_PROTO: 2113 authproto = (p[2] << 8) + p[3]; 2114 if (sp->myauth.proto != authproto) { 2115 /* not agreed, nak */ 2116 if (debug) 2117 addlog("[mine %s != his %s] ", 2118 sppp_proto_name(sp->hisauth.proto), 2119 sppp_proto_name(authproto)); 2120 p[2] = sp->myauth.proto >> 8; 2121 p[3] = sp->myauth.proto; 2122 break; 2123 } 2124 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2125 if (debug) 2126 addlog("[chap not MD5] "); 2127 p[4] = CHAP_MD5; 2128 break; 2129 } 2130 continue; 2131 } 2132 /* Add the option to nak'ed list. */ 2133 bcopy (p, r, p[1]); 2134 r += p[1]; 2135 rlen += p[1]; 2136 } 2137 if (rlen) { 2138 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2139 if (debug) 2140 addlog(" max_failure (%d) exceeded, " 2141 "send conf-rej\n", 2142 sp->lcp.max_failure); 2143 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2144 } else { 2145 if (debug) 2146 addlog(" send conf-nak\n"); 2147 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2148 } 2149 return 0; 2150 } else { 2151 if (debug) 2152 addlog(" send conf-ack\n"); 2153 sp->fail_counter[IDX_LCP] = 0; 2154 sp->pp_loopcnt = 0; 2155 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2156 h->ident, origlen, h+1); 2157 } 2158 2159 free (buf, M_TEMP); 2160 return (rlen == 0); 2161 } 2162 2163 /* 2164 * Analyze the LCP Configure-Reject option list, and adjust our 2165 * negotiation. 2166 */ 2167 static void 2168 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2169 { 2170 STDDCL; 2171 u_char *buf, *p; 2172 2173 len -= 4; 2174 buf = malloc (len, M_TEMP, M_NOWAIT); 2175 if (!buf) 2176 return; 2177 2178 if (debug) 2179 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2180 SPP_ARGS(ifp)); 2181 2182 p = (void*) (h+1); 2183 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2184 if (debug) 2185 addlog(" %s ", sppp_lcp_opt_name(*p)); 2186 switch (*p) { 2187 case LCP_OPT_MAGIC: 2188 /* Magic number -- can't use it, use 0 */ 2189 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2190 sp->lcp.magic = 0; 2191 break; 2192 case LCP_OPT_MRU: 2193 /* 2194 * Should not be rejected anyway, since we only 2195 * negotiate a MRU if explicitly requested by 2196 * peer. 2197 */ 2198 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2199 break; 2200 case LCP_OPT_AUTH_PROTO: 2201 /* 2202 * Peer doesn't want to authenticate himself, 2203 * deny unless this is a dialout call, and 2204 * AUTHFLAG_NOCALLOUT is set. 2205 */ 2206 if ((sp->pp_flags & PP_CALLIN) == 0 && 2207 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2208 if (debug) 2209 addlog("[don't insist on auth " 2210 "for callout]"); 2211 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2212 break; 2213 } 2214 if (debug) 2215 addlog("[access denied]\n"); 2216 lcp.Close(sp); 2217 break; 2218 } 2219 } 2220 if (debug) 2221 addlog("\n"); 2222 free (buf, M_TEMP); 2223 return; 2224 } 2225 2226 /* 2227 * Analyze the LCP Configure-NAK option list, and adjust our 2228 * negotiation. 2229 */ 2230 static void 2231 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2232 { 2233 STDDCL; 2234 u_char *buf, *p; 2235 u_long magic; 2236 2237 len -= 4; 2238 buf = malloc (len, M_TEMP, M_NOWAIT); 2239 if (!buf) 2240 return; 2241 2242 if (debug) 2243 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2244 SPP_ARGS(ifp)); 2245 2246 p = (void*) (h+1); 2247 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2248 if (debug) 2249 addlog(" %s ", sppp_lcp_opt_name(*p)); 2250 switch (*p) { 2251 case LCP_OPT_MAGIC: 2252 /* Magic number -- renegotiate */ 2253 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2254 len >= 6 && p[1] == 6) { 2255 magic = (u_long)p[2] << 24 | 2256 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2257 /* 2258 * If the remote magic is our negated one, 2259 * this looks like a loopback problem. 2260 * Suggest a new magic to make sure. 2261 */ 2262 if (magic == ~sp->lcp.magic) { 2263 if (debug) 2264 addlog("magic glitch "); 2265 #if defined(__NetBSD__) || (defined(__FreeBSD__) && __FreeBSD__ >= 3) 2266 sp->lcp.magic = random(); 2267 #else 2268 sp->lcp.magic = time.tv_sec + time.tv_usec; 2269 #endif 2270 } else { 2271 sp->lcp.magic = magic; 2272 if (debug) 2273 addlog("%ld ", magic); 2274 } 2275 } 2276 break; 2277 case LCP_OPT_MRU: 2278 /* 2279 * Peer wants to advise us to negotiate an MRU. 2280 * Agree on it if it's reasonable, or use 2281 * default otherwise. 2282 */ 2283 if (len >= 4 && p[1] == 4) { 2284 u_int mru = p[2] * 256 + p[3]; 2285 if (debug) 2286 addlog("%d ", mru); 2287 if (mru < PP_MTU || mru > PP_MAX_MRU) 2288 mru = PP_MTU; 2289 sp->lcp.mru = mru; 2290 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2291 } 2292 break; 2293 case LCP_OPT_AUTH_PROTO: 2294 /* 2295 * Peer doesn't like our authentication method, 2296 * deny. 2297 */ 2298 if (debug) 2299 addlog("[access denied]\n"); 2300 lcp.Close(sp); 2301 break; 2302 } 2303 } 2304 if (debug) 2305 addlog("\n"); 2306 free (buf, M_TEMP); 2307 return; 2308 } 2309 2310 static void 2311 sppp_lcp_tlu(struct sppp *sp) 2312 { 2313 STDDCL; 2314 int i; 2315 u_long mask; 2316 2317 /* XXX ? */ 2318 if (! (ifp->if_flags & IFF_UP) && 2319 (ifp->if_flags & IFF_RUNNING)) { 2320 /* Coming out of loopback mode. */ 2321 if_up(ifp); 2322 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2323 } 2324 2325 for (i = 0; i < IDX_COUNT; i++) 2326 if ((cps[i])->flags & CP_QUAL) 2327 (cps[i])->Open(sp); 2328 2329 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2330 (sp->pp_flags & PP_NEEDAUTH) != 0) 2331 sp->pp_phase = PHASE_AUTHENTICATE; 2332 else 2333 sp->pp_phase = PHASE_NETWORK; 2334 2335 if(debug) 2336 { 2337 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2338 sppp_phase_name(sp->pp_phase)); 2339 } 2340 2341 /* 2342 * Open all authentication protocols. This is even required 2343 * if we already proceeded to network phase, since it might be 2344 * that remote wants us to authenticate, so we might have to 2345 * send a PAP request. Undesired authentication protocols 2346 * don't do anything when they get an Open event. 2347 */ 2348 for (i = 0; i < IDX_COUNT; i++) 2349 if ((cps[i])->flags & CP_AUTH) 2350 (cps[i])->Open(sp); 2351 2352 if (sp->pp_phase == PHASE_NETWORK) { 2353 /* Notify all NCPs. */ 2354 for (i = 0; i < IDX_COUNT; i++) 2355 if ((cps[i])->flags & CP_NCP) 2356 (cps[i])->Open(sp); 2357 } 2358 2359 /* Send Up events to all started protos. */ 2360 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2361 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) 2362 (cps[i])->Up(sp); 2363 2364 /* notify low-level driver of state change */ 2365 if (sp->pp_chg) 2366 sp->pp_chg(sp, (int)sp->pp_phase); 2367 2368 if (sp->pp_phase == PHASE_NETWORK) 2369 /* if no NCP is starting, close down */ 2370 sppp_lcp_check_and_close(sp); 2371 } 2372 2373 static void 2374 sppp_lcp_tld(struct sppp *sp) 2375 { 2376 STDDCL; 2377 int i; 2378 u_long mask; 2379 2380 sp->pp_phase = PHASE_TERMINATE; 2381 2382 if(debug) 2383 { 2384 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2385 sppp_phase_name(sp->pp_phase)); 2386 } 2387 2388 /* 2389 * Take upper layers down. We send the Down event first and 2390 * the Close second to prevent the upper layers from sending 2391 * ``a flurry of terminate-request packets'', as the RFC 2392 * describes it. 2393 */ 2394 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2395 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) { 2396 (cps[i])->Down(sp); 2397 (cps[i])->Close(sp); 2398 } 2399 } 2400 2401 static void 2402 sppp_lcp_tls(struct sppp *sp) 2403 { 2404 STDDCL; 2405 2406 sp->pp_phase = PHASE_ESTABLISH; 2407 2408 if(debug) 2409 { 2410 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2411 sppp_phase_name(sp->pp_phase)); 2412 } 2413 2414 /* Notify lower layer if desired. */ 2415 if (sp->pp_tls) 2416 (sp->pp_tls)(sp); 2417 } 2418 2419 static void 2420 sppp_lcp_tlf(struct sppp *sp) 2421 { 2422 STDDCL; 2423 2424 sp->pp_phase = PHASE_DEAD; 2425 2426 if(debug) 2427 { 2428 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2429 sppp_phase_name(sp->pp_phase)); 2430 } 2431 2432 /* Notify lower layer if desired. */ 2433 if (sp->pp_tlf) 2434 (sp->pp_tlf)(sp); 2435 } 2436 2437 static void 2438 sppp_lcp_scr(struct sppp *sp) 2439 { 2440 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2441 int i = 0; 2442 u_short authproto; 2443 2444 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2445 if (! sp->lcp.magic) 2446 #if defined(__NetBSD__) || (defined(__FreeBSD__) && __FreeBSD__ >= 3) 2447 sp->lcp.magic = random(); 2448 #else 2449 sp->lcp.magic = time.tv_sec + time.tv_usec; 2450 #endif 2451 opt[i++] = LCP_OPT_MAGIC; 2452 opt[i++] = 6; 2453 opt[i++] = sp->lcp.magic >> 24; 2454 opt[i++] = sp->lcp.magic >> 16; 2455 opt[i++] = sp->lcp.magic >> 8; 2456 opt[i++] = sp->lcp.magic; 2457 } 2458 2459 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2460 opt[i++] = LCP_OPT_MRU; 2461 opt[i++] = 4; 2462 opt[i++] = sp->lcp.mru >> 8; 2463 opt[i++] = sp->lcp.mru; 2464 } 2465 2466 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2467 authproto = sp->hisauth.proto; 2468 opt[i++] = LCP_OPT_AUTH_PROTO; 2469 opt[i++] = authproto == PPP_CHAP? 5: 4; 2470 opt[i++] = authproto >> 8; 2471 opt[i++] = authproto; 2472 if (authproto == PPP_CHAP) 2473 opt[i++] = CHAP_MD5; 2474 } 2475 2476 sp->confid[IDX_LCP] = ++sp->pp_seq; 2477 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2478 } 2479 2480 /* 2481 * Check the open NCPs, return true if at least one NCP is open. 2482 */ 2483 static int 2484 sppp_ncp_check(struct sppp *sp) 2485 { 2486 int i, mask; 2487 2488 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2489 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP) 2490 return 1; 2491 return 0; 2492 } 2493 2494 /* 2495 * Re-check the open NCPs and see if we should terminate the link. 2496 * Called by the NCPs during their tlf action handling. 2497 */ 2498 static void 2499 sppp_lcp_check_and_close(struct sppp *sp) 2500 { 2501 2502 if (sp->pp_phase < PHASE_NETWORK) 2503 /* don't bother, we are already going down */ 2504 return; 2505 2506 if (sppp_ncp_check(sp)) 2507 return; 2508 2509 lcp.Close(sp); 2510 } 2511 /* 2513 *--------------------------------------------------------------------------* 2514 * * 2515 * The IPCP implementation. * 2516 * * 2517 *--------------------------------------------------------------------------* 2518 */ 2519 2520 static void 2521 sppp_ipcp_init(struct sppp *sp) 2522 { 2523 sp->ipcp.opts = 0; 2524 sp->ipcp.flags = 0; 2525 sp->state[IDX_IPCP] = STATE_INITIAL; 2526 sp->fail_counter[IDX_IPCP] = 0; 2527 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 2528 callout_handle_init(&sp->ch[IDX_IPCP]); 2529 #endif 2530 } 2531 2532 static void 2533 sppp_ipcp_up(struct sppp *sp) 2534 { 2535 sppp_up_event(&ipcp, sp); 2536 } 2537 2538 static void 2539 sppp_ipcp_down(struct sppp *sp) 2540 { 2541 sppp_down_event(&ipcp, sp); 2542 } 2543 2544 static void 2545 sppp_ipcp_open(struct sppp *sp) 2546 { 2547 STDDCL; 2548 u_long myaddr, hisaddr; 2549 2550 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN); 2551 2552 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2553 /* 2554 * If we don't have his address, this probably means our 2555 * interface doesn't want to talk IP at all. (This could 2556 * be the case if somebody wants to speak only IPX, for 2557 * example.) Don't open IPCP in this case. 2558 */ 2559 if (hisaddr == 0L) { 2560 /* XXX this message should go away */ 2561 if (debug) 2562 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2563 SPP_ARGS(ifp)); 2564 return; 2565 } 2566 2567 if (myaddr == 0L) { 2568 /* 2569 * I don't have an assigned address, so i need to 2570 * negotiate my address. 2571 */ 2572 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2573 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2574 } else 2575 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2576 sppp_open_event(&ipcp, sp); 2577 } 2578 2579 static void 2580 sppp_ipcp_close(struct sppp *sp) 2581 { 2582 sppp_close_event(&ipcp, sp); 2583 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2584 /* 2585 * My address was dynamic, clear it again. 2586 */ 2587 sppp_set_ip_addr(sp, 0L); 2588 } 2589 2590 static void 2591 sppp_ipcp_TO(void *cookie) 2592 { 2593 sppp_to_event(&ipcp, (struct sppp *)cookie); 2594 } 2595 2596 /* 2597 * Analyze a configure request. Return true if it was agreeable, and 2598 * caused action sca, false if it has been rejected or nak'ed, and 2599 * caused action scn. (The return value is used to make the state 2600 * transition decision in the state automaton.) 2601 */ 2602 static int 2603 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2604 { 2605 u_char *buf, *r, *p; 2606 struct ifnet *ifp = &sp->pp_if; 2607 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2608 u_long hisaddr, desiredaddr; 2609 int gotmyaddr = 0; 2610 2611 len -= 4; 2612 origlen = len; 2613 /* 2614 * Make sure to allocate a buf that can at least hold a 2615 * conf-nak with an `address' option. We might need it below. 2616 */ 2617 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2618 if (! buf) 2619 return (0); 2620 2621 /* pass 1: see if we can recognize them */ 2622 if (debug) 2623 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2624 SPP_ARGS(ifp)); 2625 p = (void*) (h+1); 2626 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2627 if (debug) 2628 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2629 switch (*p) { 2630 #ifdef notyet 2631 case IPCP_OPT_COMPRESSION: 2632 if (len >= 6 && p[1] >= 6) { 2633 /* correctly formed compress option */ 2634 continue; 2635 } 2636 if (debug) 2637 addlog("[invalid] "); 2638 break; 2639 #endif 2640 case IPCP_OPT_ADDRESS: 2641 if (len >= 6 && p[1] == 6) { 2642 /* correctly formed address option */ 2643 continue; 2644 } 2645 if (debug) 2646 addlog("[invalid] "); 2647 break; 2648 default: 2649 /* Others not supported. */ 2650 if (debug) 2651 addlog("[rej] "); 2652 break; 2653 } 2654 /* Add the option to rejected list. */ 2655 bcopy (p, r, p[1]); 2656 r += p[1]; 2657 rlen += p[1]; 2658 } 2659 if (rlen) { 2660 if (debug) 2661 addlog(" send conf-rej\n"); 2662 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2663 return 0; 2664 } else if (debug) 2665 addlog("\n"); 2666 2667 /* pass 2: parse option values */ 2668 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 2669 if (debug) 2670 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2671 SPP_ARGS(ifp)); 2672 p = (void*) (h+1); 2673 len = origlen; 2674 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2675 if (debug) 2676 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2677 switch (*p) { 2678 #ifdef notyet 2679 case IPCP_OPT_COMPRESSION: 2680 continue; 2681 #endif 2682 case IPCP_OPT_ADDRESS: 2683 desiredaddr = p[2] << 24 | p[3] << 16 | 2684 p[4] << 8 | p[5]; 2685 if (!(sp->ipcp.flags & IPCP_MYADDR_SEEN) && 2686 (sp->ipcp.flags & IPCP_MYADDR_DYN)) { 2687 /* 2688 * hopefully this is our address !! 2689 */ 2690 if (debug) 2691 addlog("[wantmyaddr %s] ", 2692 sppp_dotted_quad(desiredaddr)); 2693 /* 2694 * When doing dynamic address assignment, 2695 * we accept his offer. Otherwise, we 2696 * ignore it and thus continue to negotiate 2697 * our already existing value. 2698 */ 2699 sppp_set_ip_addr(sp, desiredaddr); 2700 if (debug) 2701 addlog("[agree] "); 2702 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2703 gotmyaddr++; 2704 continue; 2705 } else { 2706 if (desiredaddr == hisaddr || 2707 (hisaddr == 1 && desiredaddr != 0)) { 2708 /* 2709 * Peer's address is same as our value, 2710 * this is agreeable. Gonna conf-ack 2711 * it. 2712 */ 2713 if (debug) 2714 addlog("%s [ack] ", 2715 sppp_dotted_quad(hisaddr)); 2716 /* record that we've seen it already */ 2717 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2718 continue; 2719 } 2720 /* 2721 * The address wasn't agreeable. This is either 2722 * he sent us 0.0.0.0, asking to assign him an 2723 * address, or he send us another address not 2724 * matching our value. Either case, we gonna 2725 * conf-nak it with our value. 2726 */ 2727 if (debug) { 2728 if (desiredaddr == 0) 2729 addlog("[addr requested] "); 2730 else 2731 addlog("%s [not agreed] ", 2732 sppp_dotted_quad(desiredaddr)); 2733 } 2734 2735 p[2] = hisaddr >> 24; 2736 p[3] = hisaddr >> 16; 2737 p[4] = hisaddr >> 8; 2738 p[5] = hisaddr; 2739 break; 2740 } 2741 } 2742 /* Add the option to nak'ed list. */ 2743 bcopy (p, r, p[1]); 2744 r += p[1]; 2745 rlen += p[1]; 2746 } 2747 2748 /* 2749 * If we are about to conf-ack the request, but haven't seen 2750 * his address so far, gonna conf-nak it instead, with the 2751 * `address' option present and our idea of his address being 2752 * filled in there, to request negotiation of both addresses. 2753 * 2754 * XXX This can result in an endless req - nak loop if peer 2755 * doesn't want to send us his address. Q: What should we do 2756 * about it? XXX A: implement the max-failure counter. 2757 */ 2758 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 2759 buf[0] = IPCP_OPT_ADDRESS; 2760 buf[1] = 6; 2761 buf[2] = hisaddr >> 24; 2762 buf[3] = hisaddr >> 16; 2763 buf[4] = hisaddr >> 8; 2764 buf[5] = hisaddr; 2765 rlen = 6; 2766 if (debug) 2767 addlog("still need hisaddr "); 2768 } 2769 2770 if (rlen) { 2771 if (debug) 2772 addlog(" send conf-nak\n"); 2773 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2774 } else { 2775 if (debug) 2776 addlog(" send conf-ack\n"); 2777 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 2778 h->ident, origlen, h+1); 2779 } 2780 2781 free (buf, M_TEMP); 2782 return (rlen == 0); 2783 } 2784 2785 /* 2786 * Analyze the IPCP Configure-Reject option list, and adjust our 2787 * negotiation. 2788 */ 2789 static void 2790 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2791 { 2792 u_char *buf, *p; 2793 struct ifnet *ifp = &sp->pp_if; 2794 int debug = ifp->if_flags & IFF_DEBUG; 2795 2796 len -= 4; 2797 buf = malloc (len, M_TEMP, M_NOWAIT); 2798 if (!buf) 2799 return; 2800 2801 if (debug) 2802 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 2803 SPP_ARGS(ifp)); 2804 2805 p = (void*) (h+1); 2806 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2807 if (debug) 2808 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2809 switch (*p) { 2810 case IPCP_OPT_ADDRESS: 2811 /* 2812 * Peer doesn't grok address option. This is 2813 * bad. XXX Should we better give up here? 2814 */ 2815 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 2816 break; 2817 #ifdef notyet 2818 case IPCP_OPT_COMPRESS: 2819 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS); 2820 break; 2821 #endif 2822 } 2823 } 2824 if (debug) 2825 addlog("\n"); 2826 free (buf, M_TEMP); 2827 return; 2828 } 2829 2830 /* 2831 * Analyze the IPCP Configure-NAK option list, and adjust our 2832 * negotiation. 2833 */ 2834 static void 2835 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2836 { 2837 u_char *buf, *p; 2838 struct ifnet *ifp = &sp->pp_if; 2839 int debug = ifp->if_flags & IFF_DEBUG; 2840 u_long wantaddr; 2841 2842 len -= 4; 2843 buf = malloc (len, M_TEMP, M_NOWAIT); 2844 if (!buf) 2845 return; 2846 2847 if (debug) 2848 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 2849 SPP_ARGS(ifp)); 2850 2851 p = (void*) (h+1); 2852 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2853 if (debug) 2854 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2855 switch (*p) { 2856 case IPCP_OPT_ADDRESS: 2857 /* 2858 * Peer doesn't like our local IP address. See 2859 * if we can do something for him. We'll drop 2860 * him our address then. 2861 */ 2862 if (len >= 6 && p[1] == 6) { 2863 wantaddr = p[2] << 24 | p[3] << 16 | 2864 p[4] << 8 | p[5]; 2865 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2866 if (debug) 2867 addlog("[wantaddr %s] ", 2868 sppp_dotted_quad(wantaddr)); 2869 /* 2870 * When doing dynamic address assignment, 2871 * we accept his offer. Otherwise, we 2872 * ignore it and thus continue to negotiate 2873 * our already existing value. 2874 */ 2875 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 2876 sppp_set_ip_addr(sp, wantaddr); 2877 if (debug) 2878 addlog("[agree] "); 2879 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2880 } 2881 } 2882 break; 2883 #ifdef notyet 2884 case IPCP_OPT_COMPRESS: 2885 /* 2886 * Peer wants different compression parameters. 2887 */ 2888 break; 2889 #endif 2890 } 2891 } 2892 if (debug) 2893 addlog("\n"); 2894 free (buf, M_TEMP); 2895 return; 2896 } 2897 2898 static void 2899 sppp_ipcp_tlu(struct sppp *sp) 2900 { 2901 /* we are up - notify isdn daemon */ 2902 if (sp->pp_con) 2903 sp->pp_con(sp); 2904 } 2905 2906 static void 2907 sppp_ipcp_tld(struct sppp *sp) 2908 { 2909 } 2910 2911 static void 2912 sppp_ipcp_tls(struct sppp *sp) 2913 { 2914 /* indicate to LCP that it must stay alive */ 2915 sp->lcp.protos |= (1 << IDX_IPCP); 2916 } 2917 2918 static void 2919 sppp_ipcp_tlf(struct sppp *sp) 2920 { 2921 /* we no longer need LCP */ 2922 sp->lcp.protos &= ~(1 << IDX_IPCP); 2923 sppp_lcp_check_and_close(sp); 2924 } 2925 2926 static void 2927 sppp_ipcp_scr(struct sppp *sp) 2928 { 2929 char opt[6 /* compression */ + 6 /* address */]; 2930 u_long ouraddr; 2931 int i = 0; 2932 2933 #ifdef notyet 2934 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 2935 opt[i++] = IPCP_OPT_COMPRESSION; 2936 opt[i++] = 6; 2937 opt[i++] = 0; /* VJ header compression */ 2938 opt[i++] = 0x2d; /* VJ header compression */ 2939 opt[i++] = max_slot_id; 2940 opt[i++] = comp_slot_id; 2941 } 2942 #endif 2943 2944 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 2945 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 2946 opt[i++] = IPCP_OPT_ADDRESS; 2947 opt[i++] = 6; 2948 opt[i++] = ouraddr >> 24; 2949 opt[i++] = ouraddr >> 16; 2950 opt[i++] = ouraddr >> 8; 2951 opt[i++] = ouraddr; 2952 } 2953 2954 sp->confid[IDX_IPCP] = ++sp->pp_seq; 2955 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 2956 } 2957 2958 2959 /* 2961 *--------------------------------------------------------------------------* 2962 * * 2963 * The CHAP implementation. * 2964 * * 2965 *--------------------------------------------------------------------------* 2966 */ 2967 2968 /* 2969 * The authentication protocols don't employ a full-fledged state machine as 2970 * the control protocols do, since they do have Open and Close events, but 2971 * not Up and Down, nor are they explicitly terminated. Also, use of the 2972 * authentication protocols may be different in both directions (this makes 2973 * sense, think of a machine that never accepts incoming calls but only 2974 * calls out, it doesn't require the called party to authenticate itself). 2975 * 2976 * Our state machine for the local authentication protocol (we are requesting 2977 * the peer to authenticate) looks like: 2978 * 2979 * RCA- 2980 * +--------------------------------------------+ 2981 * V scn,tld| 2982 * +--------+ Close +---------+ RCA+ 2983 * | |<----------------------------------| |------+ 2984 * +--->| Closed | TO* | Opened | sca | 2985 * | | |-----+ +-------| |<-----+ 2986 * | +--------+ irc | | +---------+ 2987 * | ^ | | ^ 2988 * | | | | | 2989 * | | | | | 2990 * | TO-| | | | 2991 * | |tld TO+ V | | 2992 * | | +------->+ | | 2993 * | | | | | | 2994 * | +--------+ V | | 2995 * | | |<----+<--------------------+ | 2996 * | | Req- | scr | 2997 * | | Sent | | 2998 * | | | | 2999 * | +--------+ | 3000 * | RCA- | | RCA+ | 3001 * +------+ +------------------------------------------+ 3002 * scn,tld sca,irc,ict,tlu 3003 * 3004 * 3005 * with: 3006 * 3007 * Open: LCP reached authentication phase 3008 * Close: LCP reached terminate phase 3009 * 3010 * RCA+: received reply (pap-req, chap-response), acceptable 3011 * RCN: received reply (pap-req, chap-response), not acceptable 3012 * TO+: timeout with restart counter >= 0 3013 * TO-: timeout with restart counter < 0 3014 * TO*: reschedule timeout for CHAP 3015 * 3016 * scr: send request packet (none for PAP, chap-challenge) 3017 * sca: send ack packet (pap-ack, chap-success) 3018 * scn: send nak packet (pap-nak, chap-failure) 3019 * ict: initialize re-challenge timer (CHAP only) 3020 * 3021 * tlu: this-layer-up, LCP reaches network phase 3022 * tld: this-layer-down, LCP enters terminate phase 3023 * 3024 * Note that in CHAP mode, after sending a new challenge, while the state 3025 * automaton falls back into Req-Sent state, it doesn't signal a tld 3026 * event to LCP, so LCP remains in network phase. Only after not getting 3027 * any response (or after getting an unacceptable response), CHAP closes, 3028 * causing LCP to enter terminate phase. 3029 * 3030 * With PAP, there is no initial request that can be sent. The peer is 3031 * expected to send one based on the successful negotiation of PAP as 3032 * the authentication protocol during the LCP option negotiation. 3033 * 3034 * Incoming authentication protocol requests (remote requests 3035 * authentication, we are peer) don't employ a state machine at all, 3036 * they are simply answered. Some peers [Ascend P50 firmware rev 3037 * 4.50] react allergically when sending IPCP requests while they are 3038 * still in authentication phase (thereby violating the standard that 3039 * demands that these NCP packets are to be discarded), so we keep 3040 * track of the peer demanding us to authenticate, and only proceed to 3041 * phase network once we've seen a positive acknowledge for the 3042 * authentication. 3043 */ 3044 3045 /* 3046 * Handle incoming CHAP packets. 3047 */ 3048 void 3049 sppp_chap_input(struct sppp *sp, struct mbuf *m) 3050 { 3051 STDDCL; 3052 struct lcp_header *h; 3053 int len, x; 3054 u_char *value, *name, digest[AUTHKEYLEN], dsize; 3055 int value_len, name_len; 3056 MD5_CTX ctx; 3057 3058 len = m->m_pkthdr.len; 3059 if (len < 4) { 3060 if (debug) 3061 log(LOG_DEBUG, 3062 SPP_FMT "chap invalid packet length: %d bytes\n", 3063 SPP_ARGS(ifp), len); 3064 return; 3065 } 3066 h = mtod (m, struct lcp_header*); 3067 if (len > ntohs (h->len)) 3068 len = ntohs (h->len); 3069 3070 switch (h->type) { 3071 /* challenge, failure and success are his authproto */ 3072 case CHAP_CHALLENGE: 3073 value = 1 + (u_char*)(h+1); 3074 value_len = value[-1]; 3075 name = value + value_len; 3076 name_len = len - value_len - 5; 3077 if (name_len < 0) { 3078 if (debug) { 3079 log(LOG_DEBUG, 3080 SPP_FMT "chap corrupted challenge " 3081 "<%s id=0x%x len=%d", 3082 SPP_ARGS(ifp), 3083 sppp_auth_type_name(PPP_CHAP, h->type), 3084 h->ident, ntohs(h->len)); 3085 if (len > 4) 3086 sppp_print_bytes((u_char*) (h+1), len-4); 3087 addlog(">\n"); 3088 } 3089 break; 3090 } 3091 3092 if (debug) { 3093 log(LOG_DEBUG, 3094 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3095 SPP_ARGS(ifp), 3096 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3097 ntohs(h->len)); 3098 sppp_print_string((char*) name, name_len); 3099 addlog(" value-size=%d value=", value_len); 3100 sppp_print_bytes(value, value_len); 3101 addlog(">\n"); 3102 } 3103 3104 /* Compute reply value. */ 3105 MD5Init(&ctx); 3106 MD5Update(&ctx, &h->ident, 1); 3107 MD5Update(&ctx, sp->myauth.secret, 3108 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 3109 MD5Update(&ctx, value, value_len); 3110 MD5Final(digest, &ctx); 3111 dsize = sizeof digest; 3112 3113 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3114 sizeof dsize, (const char *)&dsize, 3115 sizeof digest, digest, 3116 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3117 sp->myauth.name, 3118 0); 3119 break; 3120 3121 case CHAP_SUCCESS: 3122 if (debug) { 3123 log(LOG_DEBUG, SPP_FMT "chap success", 3124 SPP_ARGS(ifp)); 3125 if (len > 4) { 3126 addlog(": "); 3127 sppp_print_string((char*)(h + 1), len - 4); 3128 } 3129 addlog("\n"); 3130 } 3131 x = splimp(); 3132 sp->pp_flags &= ~PP_NEEDAUTH; 3133 if (sp->myauth.proto == PPP_CHAP && 3134 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3135 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3136 /* 3137 * We are authenticator for CHAP but didn't 3138 * complete yet. Leave it to tlu to proceed 3139 * to network phase. 3140 */ 3141 splx(x); 3142 break; 3143 } 3144 splx(x); 3145 sppp_phase_network(sp); 3146 break; 3147 3148 case CHAP_FAILURE: 3149 if (debug) { 3150 log(LOG_INFO, SPP_FMT "chap failure", 3151 SPP_ARGS(ifp)); 3152 if (len > 4) { 3153 addlog(": "); 3154 sppp_print_string((char*)(h + 1), len - 4); 3155 } 3156 addlog("\n"); 3157 } else 3158 log(LOG_INFO, SPP_FMT "chap failure\n", 3159 SPP_ARGS(ifp)); 3160 /* await LCP shutdown by authenticator */ 3161 break; 3162 3163 /* response is my authproto */ 3164 case CHAP_RESPONSE: 3165 value = 1 + (u_char*)(h+1); 3166 value_len = value[-1]; 3167 name = value + value_len; 3168 name_len = len - value_len - 5; 3169 if (name_len < 0) { 3170 if (debug) { 3171 log(LOG_DEBUG, 3172 SPP_FMT "chap corrupted response " 3173 "<%s id=0x%x len=%d", 3174 SPP_ARGS(ifp), 3175 sppp_auth_type_name(PPP_CHAP, h->type), 3176 h->ident, ntohs(h->len)); 3177 if (len > 4) 3178 sppp_print_bytes((u_char*)(h+1), len-4); 3179 addlog(">\n"); 3180 } 3181 break; 3182 } 3183 if (h->ident != sp->confid[IDX_CHAP]) { 3184 if (debug) 3185 log(LOG_DEBUG, 3186 SPP_FMT "chap dropping response for old ID " 3187 "(got %d, expected %d)\n", 3188 SPP_ARGS(ifp), 3189 h->ident, sp->confid[IDX_CHAP]); 3190 break; 3191 } 3192 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 3193 || bcmp(name, sp->hisauth.name, name_len) != 0) { 3194 log(LOG_INFO, SPP_FMT "chap response, his name ", 3195 SPP_ARGS(ifp)); 3196 sppp_print_string(name, name_len); 3197 addlog(" != expected "); 3198 sppp_print_string(sp->hisauth.name, 3199 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 3200 addlog("\n"); 3201 } 3202 if (debug) { 3203 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 3204 "<%s id=0x%x len=%d name=", 3205 SPP_ARGS(ifp), 3206 sppp_state_name(sp->state[IDX_CHAP]), 3207 sppp_auth_type_name(PPP_CHAP, h->type), 3208 h->ident, ntohs (h->len)); 3209 sppp_print_string((char*)name, name_len); 3210 addlog(" value-size=%d value=", value_len); 3211 sppp_print_bytes(value, value_len); 3212 addlog(">\n"); 3213 } 3214 if (value_len != AUTHKEYLEN) { 3215 if (debug) 3216 log(LOG_DEBUG, 3217 SPP_FMT "chap bad hash value length: " 3218 "%d bytes, should be %d\n", 3219 SPP_ARGS(ifp), value_len, 3220 AUTHKEYLEN); 3221 break; 3222 } 3223 3224 MD5Init(&ctx); 3225 MD5Update(&ctx, &h->ident, 1); 3226 MD5Update(&ctx, sp->hisauth.secret, 3227 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 3228 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 3229 MD5Final(digest, &ctx); 3230 3231 #define FAILMSG "Failed..." 3232 #define SUCCMSG "Welcome!" 3233 3234 if (value_len != sizeof digest || 3235 bcmp(digest, value, value_len) != 0) { 3236 /* action scn, tld */ 3237 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3238 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3239 0); 3240 chap.tld(sp); 3241 break; 3242 } 3243 /* action sca, perhaps tlu */ 3244 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 3245 sp->state[IDX_CHAP] == STATE_OPENED) 3246 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 3247 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3248 0); 3249 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 3250 sppp_cp_change_state(&chap, sp, STATE_OPENED); 3251 chap.tlu(sp); 3252 } 3253 break; 3254 3255 default: 3256 /* Unknown CHAP packet type -- ignore. */ 3257 if (debug) { 3258 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 3259 "<0x%x id=0x%xh len=%d", 3260 SPP_ARGS(ifp), 3261 sppp_state_name(sp->state[IDX_CHAP]), 3262 h->type, h->ident, ntohs(h->len)); 3263 if (len > 4) 3264 sppp_print_bytes((u_char*)(h+1), len-4); 3265 addlog(">\n"); 3266 } 3267 break; 3268 3269 } 3270 } 3271 3272 static void 3273 sppp_chap_init(struct sppp *sp) 3274 { 3275 /* Chap doesn't have STATE_INITIAL at all. */ 3276 sp->state[IDX_CHAP] = STATE_CLOSED; 3277 sp->fail_counter[IDX_CHAP] = 0; 3278 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3279 callout_handle_init(&sp->ch[IDX_CHAP]); 3280 #endif 3281 } 3282 3283 static void 3284 sppp_chap_open(struct sppp *sp) 3285 { 3286 if (sp->myauth.proto == PPP_CHAP && 3287 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3288 /* we are authenticator for CHAP, start it */ 3289 chap.scr(sp); 3290 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3291 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3292 } 3293 /* nothing to be done if we are peer, await a challenge */ 3294 } 3295 3296 static void 3297 sppp_chap_close(struct sppp *sp) 3298 { 3299 if (sp->state[IDX_CHAP] != STATE_CLOSED) 3300 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3301 } 3302 3303 static void 3304 sppp_chap_TO(void *cookie) 3305 { 3306 struct sppp *sp = (struct sppp *)cookie; 3307 STDDCL; 3308 int s; 3309 3310 s = splimp(); 3311 if (debug) 3312 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 3313 SPP_ARGS(ifp), 3314 sppp_state_name(sp->state[IDX_CHAP]), 3315 sp->rst_counter[IDX_CHAP]); 3316 3317 if (--sp->rst_counter[IDX_CHAP] < 0) 3318 /* TO- event */ 3319 switch (sp->state[IDX_CHAP]) { 3320 case STATE_REQ_SENT: 3321 chap.tld(sp); 3322 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3323 break; 3324 } 3325 else 3326 /* TO+ (or TO*) event */ 3327 switch (sp->state[IDX_CHAP]) { 3328 case STATE_OPENED: 3329 /* TO* event */ 3330 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3331 /* fall through */ 3332 case STATE_REQ_SENT: 3333 chap.scr(sp); 3334 /* sppp_cp_change_state() will restart the timer */ 3335 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3336 break; 3337 } 3338 3339 splx(s); 3340 } 3341 3342 static void 3343 sppp_chap_tlu(struct sppp *sp) 3344 { 3345 STDDCL; 3346 int i, x; 3347 3348 i = 0; 3349 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3350 3351 /* 3352 * Some broken CHAP implementations (Conware CoNet, firmware 3353 * 4.0.?) don't want to re-authenticate their CHAP once the 3354 * initial challenge-response exchange has taken place. 3355 * Provide for an option to avoid rechallenges. 3356 */ 3357 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 3358 /* 3359 * Compute the re-challenge timeout. This will yield 3360 * a number between 300 and 810 seconds. 3361 */ 3362 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 3363 3364 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3365 sp->ch[IDX_CHAP] = 3366 #endif 3367 timeout(chap.TO, (void *)sp, i * hz); 3368 } 3369 3370 if (debug) { 3371 log(LOG_DEBUG, 3372 SPP_FMT "chap %s, ", 3373 SPP_ARGS(ifp), 3374 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 3375 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 3376 addlog("next re-challenge in %d seconds\n", i); 3377 else 3378 addlog("re-challenging supressed\n"); 3379 } 3380 3381 x = splimp(); 3382 /* indicate to LCP that we need to be closed down */ 3383 sp->lcp.protos |= (1 << IDX_CHAP); 3384 3385 if (sp->pp_flags & PP_NEEDAUTH) { 3386 /* 3387 * Remote is authenticator, but his auth proto didn't 3388 * complete yet. Defer the transition to network 3389 * phase. 3390 */ 3391 splx(x); 3392 return; 3393 } 3394 splx(x); 3395 3396 /* 3397 * If we are already in phase network, we are done here. This 3398 * is the case if this is a dummy tlu event after a re-challenge. 3399 */ 3400 if (sp->pp_phase != PHASE_NETWORK) 3401 sppp_phase_network(sp); 3402 } 3403 3404 static void 3405 sppp_chap_tld(struct sppp *sp) 3406 { 3407 STDDCL; 3408 3409 if (debug) 3410 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 3411 untimeout(chap.TO, (void *)sp 3412 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3413 , sp->ch[IDX_CHAP] 3414 #endif 3415 ); 3416 sp->lcp.protos &= ~(1 << IDX_CHAP); 3417 3418 lcp.Close(sp); 3419 } 3420 3421 static void 3422 sppp_chap_scr(struct sppp *sp) 3423 { 3424 struct timeval tv; 3425 u_long *ch, seed; 3426 u_char clen; 3427 3428 /* Compute random challenge. */ 3429 ch = (u_long *)sp->myauth.challenge; 3430 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3431 read_random(&seed, sizeof seed); 3432 #else 3433 microtime(&tv); 3434 seed = tv.tv_sec ^ tv.tv_usec; 3435 #endif 3436 ch[0] = seed ^ random(); 3437 ch[1] = seed ^ random(); 3438 ch[2] = seed ^ random(); 3439 ch[3] = seed ^ random(); 3440 clen = AUTHKEYLEN; 3441 3442 sp->confid[IDX_CHAP] = ++sp->pp_seq; 3443 3444 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 3445 sizeof clen, (const char *)&clen, 3446 (size_t)AUTHKEYLEN, sp->myauth.challenge, 3447 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3448 sp->myauth.name, 3449 0); 3450 } 3451 /* 3453 *--------------------------------------------------------------------------* 3454 * * 3455 * The PAP implementation. * 3456 * * 3457 *--------------------------------------------------------------------------* 3458 */ 3459 /* 3460 * For PAP, we need to keep a little state also if we are the peer, not the 3461 * authenticator. This is since we don't get a request to authenticate, but 3462 * have to repeatedly authenticate ourself until we got a response (or the 3463 * retry counter is expired). 3464 */ 3465 3466 /* 3467 * Handle incoming PAP packets. */ 3468 static void 3469 sppp_pap_input(struct sppp *sp, struct mbuf *m) 3470 { 3471 STDDCL; 3472 struct lcp_header *h; 3473 int len, x; 3474 u_char *name, *passwd, mlen; 3475 int name_len, passwd_len; 3476 3477 len = m->m_pkthdr.len; 3478 if (len < 5) { 3479 if (debug) 3480 log(LOG_DEBUG, 3481 SPP_FMT "pap invalid packet length: %d bytes\n", 3482 SPP_ARGS(ifp), len); 3483 return; 3484 } 3485 h = mtod (m, struct lcp_header*); 3486 if (len > ntohs (h->len)) 3487 len = ntohs (h->len); 3488 switch (h->type) { 3489 /* PAP request is my authproto */ 3490 case PAP_REQ: 3491 name = 1 + (u_char*)(h+1); 3492 name_len = name[-1]; 3493 passwd = name + name_len + 1; 3494 if (name_len > len - 6 || 3495 (passwd_len = passwd[-1]) > len - 6 - name_len) { 3496 if (debug) { 3497 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3498 "<%s id=0x%x len=%d", 3499 SPP_ARGS(ifp), 3500 sppp_auth_type_name(PPP_PAP, h->type), 3501 h->ident, ntohs(h->len)); 3502 if (len > 4) 3503 sppp_print_bytes((u_char*)(h+1), len-4); 3504 addlog(">\n"); 3505 } 3506 break; 3507 } 3508 if (debug) { 3509 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 3510 "<%s id=0x%x len=%d name=", 3511 SPP_ARGS(ifp), 3512 sppp_state_name(sp->state[IDX_PAP]), 3513 sppp_auth_type_name(PPP_PAP, h->type), 3514 h->ident, ntohs(h->len)); 3515 sppp_print_string((char*)name, name_len); 3516 addlog(" passwd="); 3517 sppp_print_string((char*)passwd, passwd_len); 3518 addlog(">\n"); 3519 } 3520 if (name_len > AUTHNAMELEN || 3521 passwd_len > AUTHKEYLEN || 3522 bcmp(name, sp->hisauth.name, name_len) != 0 || 3523 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 3524 /* action scn, tld */ 3525 mlen = sizeof(FAILMSG) - 1; 3526 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 3527 sizeof mlen, (const char *)&mlen, 3528 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3529 0); 3530 pap.tld(sp); 3531 break; 3532 } 3533 /* action sca, perhaps tlu */ 3534 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 3535 sp->state[IDX_PAP] == STATE_OPENED) { 3536 mlen = sizeof(SUCCMSG) - 1; 3537 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 3538 sizeof mlen, (const char *)&mlen, 3539 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3540 0); 3541 } 3542 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 3543 sppp_cp_change_state(&pap, sp, STATE_OPENED); 3544 pap.tlu(sp); 3545 } 3546 break; 3547 3548 /* ack and nak are his authproto */ 3549 case PAP_ACK: 3550 untimeout(sppp_pap_my_TO, (void *)sp 3551 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3552 , sp->pap_my_to_ch 3553 #endif 3554 ); 3555 if (debug) { 3556 log(LOG_DEBUG, SPP_FMT "pap success", 3557 SPP_ARGS(ifp)); 3558 name_len = *((char *)h); 3559 if (len > 5 && name_len) { 3560 addlog(": "); 3561 sppp_print_string((char*)(h+1), name_len); 3562 } 3563 addlog("\n"); 3564 } 3565 x = splimp(); 3566 sp->pp_flags &= ~PP_NEEDAUTH; 3567 if (sp->myauth.proto == PPP_PAP && 3568 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3569 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 3570 /* 3571 * We are authenticator for PAP but didn't 3572 * complete yet. Leave it to tlu to proceed 3573 * to network phase. 3574 */ 3575 splx(x); 3576 break; 3577 } 3578 splx(x); 3579 sppp_phase_network(sp); 3580 break; 3581 3582 case PAP_NAK: 3583 untimeout(sppp_pap_my_TO, (void *)sp 3584 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3585 , sp->pap_my_to_ch 3586 #endif 3587 ); 3588 if (debug) { 3589 log(LOG_INFO, SPP_FMT "pap failure", 3590 SPP_ARGS(ifp)); 3591 name_len = *((char *)h); 3592 if (len > 5 && name_len) { 3593 addlog(": "); 3594 sppp_print_string((char*)(h+1), name_len); 3595 } 3596 addlog("\n"); 3597 } else 3598 log(LOG_INFO, SPP_FMT "pap failure\n", 3599 SPP_ARGS(ifp)); 3600 /* await LCP shutdown by authenticator */ 3601 break; 3602 3603 default: 3604 /* Unknown PAP packet type -- ignore. */ 3605 if (debug) { 3606 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3607 "<0x%x id=0x%x len=%d", 3608 SPP_ARGS(ifp), 3609 h->type, h->ident, ntohs(h->len)); 3610 if (len > 4) 3611 sppp_print_bytes((u_char*)(h+1), len-4); 3612 addlog(">\n"); 3613 } 3614 break; 3615 3616 } 3617 } 3618 3619 static void 3620 sppp_pap_init(struct sppp *sp) 3621 { 3622 /* PAP doesn't have STATE_INITIAL at all. */ 3623 sp->state[IDX_PAP] = STATE_CLOSED; 3624 sp->fail_counter[IDX_PAP] = 0; 3625 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3626 callout_handle_init(&sp->ch[IDX_PAP]); 3627 callout_handle_init(&sp->pap_my_to_ch); 3628 #endif 3629 } 3630 3631 static void 3632 sppp_pap_open(struct sppp *sp) 3633 { 3634 if (sp->hisauth.proto == PPP_PAP && 3635 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3636 /* we are authenticator for PAP, start our timer */ 3637 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3638 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3639 } 3640 if (sp->myauth.proto == PPP_PAP) { 3641 /* we are peer, send a request, and start a timer */ 3642 pap.scr(sp); 3643 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3644 sp->pap_my_to_ch = 3645 #endif 3646 timeout(sppp_pap_my_TO, (void *)sp, sp->lcp.timeout); 3647 } 3648 } 3649 3650 static void 3651 sppp_pap_close(struct sppp *sp) 3652 { 3653 if (sp->state[IDX_PAP] != STATE_CLOSED) 3654 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3655 } 3656 3657 /* 3658 * That's the timeout routine if we are authenticator. Since the 3659 * authenticator is basically passive in PAP, we can't do much here. 3660 */ 3661 static void 3662 sppp_pap_TO(void *cookie) 3663 { 3664 struct sppp *sp = (struct sppp *)cookie; 3665 STDDCL; 3666 int s; 3667 3668 s = splimp(); 3669 if (debug) 3670 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 3671 SPP_ARGS(ifp), 3672 sppp_state_name(sp->state[IDX_PAP]), 3673 sp->rst_counter[IDX_PAP]); 3674 3675 if (--sp->rst_counter[IDX_PAP] < 0) 3676 /* TO- event */ 3677 switch (sp->state[IDX_PAP]) { 3678 case STATE_REQ_SENT: 3679 pap.tld(sp); 3680 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3681 break; 3682 } 3683 else 3684 /* TO+ event, not very much we could do */ 3685 switch (sp->state[IDX_PAP]) { 3686 case STATE_REQ_SENT: 3687 /* sppp_cp_change_state() will restart the timer */ 3688 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3689 break; 3690 } 3691 3692 splx(s); 3693 } 3694 3695 /* 3696 * That's the timeout handler if we are peer. Since the peer is active, 3697 * we need to retransmit our PAP request since it is apparently lost. 3698 * XXX We should impose a max counter. 3699 */ 3700 static void 3701 sppp_pap_my_TO(void *cookie) 3702 { 3703 struct sppp *sp = (struct sppp *)cookie; 3704 STDDCL; 3705 3706 if (debug) 3707 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 3708 SPP_ARGS(ifp)); 3709 3710 pap.scr(sp); 3711 } 3712 3713 static void 3714 sppp_pap_tlu(struct sppp *sp) 3715 { 3716 STDDCL; 3717 int x; 3718 3719 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3720 3721 if (debug) 3722 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 3723 SPP_ARGS(ifp), pap.name); 3724 3725 x = splimp(); 3726 /* indicate to LCP that we need to be closed down */ 3727 sp->lcp.protos |= (1 << IDX_PAP); 3728 3729 if (sp->pp_flags & PP_NEEDAUTH) { 3730 /* 3731 * Remote is authenticator, but his auth proto didn't 3732 * complete yet. Defer the transition to network 3733 * phase. 3734 */ 3735 splx(x); 3736 return; 3737 } 3738 splx(x); 3739 sppp_phase_network(sp); 3740 } 3741 3742 static void 3743 sppp_pap_tld(struct sppp *sp) 3744 { 3745 STDDCL; 3746 3747 if (debug) 3748 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 3749 untimeout(pap.TO, (void *)sp 3750 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3751 , sp->ch[IDX_PAP] 3752 #endif 3753 ); 3754 untimeout(sppp_pap_my_TO, (void *)sp 3755 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3756 , sp->pap_my_to_ch 3757 #endif 3758 ); 3759 sp->lcp.protos &= ~(1 << IDX_PAP); 3760 3761 lcp.Close(sp); 3762 } 3763 3764 static void 3765 sppp_pap_scr(struct sppp *sp) 3766 { 3767 u_char idlen, pwdlen; 3768 3769 sp->confid[IDX_PAP] = ++sp->pp_seq; 3770 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 3771 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 3772 3773 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 3774 sizeof idlen, (const char *)&idlen, 3775 (size_t)idlen, sp->myauth.name, 3776 sizeof pwdlen, (const char *)&pwdlen, 3777 (size_t)pwdlen, sp->myauth.secret, 3778 0); 3779 } 3780 /* 3782 * Random miscellaneous functions. 3783 */ 3784 3785 /* 3786 * Send a PAP or CHAP proto packet. 3787 * 3788 * Varadic function, each of the elements for the ellipsis is of type 3789 * ``size_t mlen, const u_char *msg''. Processing will stop iff 3790 * mlen == 0. 3791 * NOTE: never declare variadic functions with types subject to type 3792 * promotion (i.e. u_char). This is asking for big trouble depending 3793 * on the architecture you are on... 3794 */ 3795 3796 static void 3797 sppp_auth_send(const struct cp *cp, struct sppp *sp, 3798 unsigned int type, unsigned int id, 3799 ...) 3800 { 3801 STDDCL; 3802 struct ppp_header *h; 3803 struct lcp_header *lh; 3804 struct mbuf *m; 3805 u_char *p; 3806 int len; 3807 unsigned int mlen; 3808 const char *msg; 3809 va_list ap; 3810 3811 MGETHDR (m, M_DONTWAIT, MT_DATA); 3812 if (! m) 3813 return; 3814 m->m_pkthdr.rcvif = 0; 3815 3816 h = mtod (m, struct ppp_header*); 3817 h->address = PPP_ALLSTATIONS; /* broadcast address */ 3818 h->control = PPP_UI; /* Unnumbered Info */ 3819 h->protocol = htons(cp->proto); 3820 3821 lh = (struct lcp_header*)(h + 1); 3822 lh->type = type; 3823 lh->ident = id; 3824 p = (u_char*) (lh+1); 3825 3826 va_start(ap, id); 3827 len = 0; 3828 3829 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 3830 msg = va_arg(ap, const char *); 3831 len += mlen; 3832 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 3833 va_end(ap); 3834 m_freem(m); 3835 return; 3836 } 3837 3838 bcopy(msg, p, mlen); 3839 p += mlen; 3840 } 3841 va_end(ap); 3842 3843 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 3844 lh->len = htons (LCP_HEADER_LEN + len); 3845 3846 if (debug) { 3847 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 3848 SPP_ARGS(ifp), cp->name, 3849 sppp_auth_type_name(cp->proto, lh->type), 3850 lh->ident, ntohs(lh->len)); 3851 if (len) 3852 sppp_print_bytes((u_char*) (lh+1), len); 3853 addlog(">\n"); 3854 } 3855 if (IF_QFULL (&sp->pp_cpq)) { 3856 IF_DROP (&sp->pp_fastq); 3857 IF_DROP (&ifp->if_snd); 3858 m_freem (m); 3859 ++ifp->if_oerrors; 3860 } else 3861 IF_ENQUEUE (&sp->pp_cpq, m); 3862 if (! (ifp->if_flags & IFF_OACTIVE)) 3863 (*ifp->if_start) (ifp); 3864 ifp->if_obytes += m->m_pkthdr.len + 3; 3865 } 3866 3867 /* 3868 * Flush interface queue. 3869 */ 3870 static void 3871 sppp_qflush(struct ifqueue *ifq) 3872 { 3873 struct mbuf *m, *n; 3874 3875 n = ifq->ifq_head; 3876 while ((m = n)) { 3877 n = m->m_act; 3878 m_freem (m); 3879 } 3880 ifq->ifq_head = 0; 3881 ifq->ifq_tail = 0; 3882 ifq->ifq_len = 0; 3883 } 3884 3885 /* 3886 * Send keepalive packets, every 10 seconds. 3887 */ 3888 static void 3889 sppp_keepalive(void *dummy) 3890 { 3891 struct sppp *sp; 3892 int s; 3893 3894 s = splimp(); 3895 for (sp=spppq; sp; sp=sp->pp_next) { 3896 struct ifnet *ifp = &sp->pp_if; 3897 3898 /* Keepalive mode disabled or channel down? */ 3899 if (! (sp->pp_flags & PP_KEEPALIVE) || 3900 ! (ifp->if_flags & IFF_RUNNING)) 3901 continue; 3902 3903 /* No keepalive in PPP mode if LCP not opened yet. */ 3904 if (! (sp->pp_flags & PP_CISCO) && 3905 sp->pp_phase < PHASE_AUTHENTICATE) 3906 continue; 3907 3908 if (sp->pp_alivecnt == MAXALIVECNT) { 3909 /* No keepalive packets got. Stop the interface. */ 3910 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 3911 if_down (ifp); 3912 sppp_qflush (&sp->pp_cpq); 3913 if (! (sp->pp_flags & PP_CISCO)) { 3914 /* XXX */ 3915 /* Shut down the PPP link. */ 3916 lcp.Down(sp); 3917 /* Initiate negotiation. XXX */ 3918 lcp.Up(sp); 3919 } 3920 } 3921 if (sp->pp_alivecnt <= MAXALIVECNT) 3922 ++sp->pp_alivecnt; 3923 if (sp->pp_flags & PP_CISCO) 3924 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, ++sp->pp_seq, 3925 sp->pp_rseq); 3926 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 3927 long nmagic = htonl (sp->lcp.magic); 3928 sp->lcp.echoid = ++sp->pp_seq; 3929 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 3930 sp->lcp.echoid, 4, &nmagic); 3931 } 3932 } 3933 splx(s); 3934 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3935 keepalive_ch = 3936 #endif 3937 timeout(sppp_keepalive, 0, hz * 10); 3938 } 3939 3940 /* 3941 * Get both IP addresses. 3942 */ 3943 static void 3944 sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 3945 { 3946 struct ifnet *ifp = &sp->pp_if; 3947 struct ifaddr *ifa; 3948 struct sockaddr_in *si, *sm; 3949 u_long ssrc, ddst; 3950 3951 sm = NULL; 3952 ssrc = ddst = 0L; 3953 /* 3954 * Pick the first AF_INET address from the list, 3955 * aliases don't make any sense on a p2p link anyway. 3956 */ 3957 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3958 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 3959 ifa; 3960 ifa = ifa->ifa_link.tqe_next) 3961 #elif defined(__NetBSD__) || defined (__OpenBSD__) 3962 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 3963 ifa; 3964 ifa = ifa->ifa_list.tqe_next) 3965 #else 3966 for (ifa = ifp->if_addrlist, si = 0; 3967 ifa; 3968 ifa = ifa->ifa_next) 3969 #endif 3970 if (ifa->ifa_addr->sa_family == AF_INET) { 3971 si = (struct sockaddr_in *)ifa->ifa_addr; 3972 sm = (struct sockaddr_in *)ifa->ifa_netmask; 3973 if (si) 3974 break; 3975 } 3976 if (ifa) { 3977 if (si && si->sin_addr.s_addr) { 3978 ssrc = si->sin_addr.s_addr; 3979 if (srcmask) 3980 *srcmask = ntohl(sm->sin_addr.s_addr); 3981 } 3982 3983 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 3984 if (si && si->sin_addr.s_addr) 3985 ddst = si->sin_addr.s_addr; 3986 } 3987 3988 if (dst) *dst = ntohl(ddst); 3989 if (src) *src = ntohl(ssrc); 3990 } 3991 3992 /* 3993 * Set my IP address. Must be called at splimp. 3994 */ 3995 static void 3996 sppp_set_ip_addr(struct sppp *sp, u_long src) 3997 { 3998 STDDCL; 3999 struct ifaddr *ifa; 4000 struct sockaddr_in *si; 4001 4002 /* 4003 * Pick the first AF_INET address from the list, 4004 * aliases don't make any sense on a p2p link anyway. 4005 */ 4006 4007 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 4008 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 4009 ifa; 4010 ifa = ifa->ifa_link.tqe_next) 4011 #elif defined(__NetBSD__) || defined (__OpenBSD__) 4012 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 4013 ifa; 4014 ifa = ifa->ifa_list.tqe_next) 4015 #else 4016 for (ifa = ifp->if_addrlist, si = 0; 4017 ifa; 4018 ifa = ifa->ifa_next) 4019 #endif 4020 { 4021 if (ifa->ifa_addr->sa_family == AF_INET) 4022 { 4023 si = (struct sockaddr_in *)ifa->ifa_addr; 4024 if (si) 4025 break; 4026 } 4027 } 4028 4029 if (ifa && si) 4030 { 4031 int error; 4032 #if __NetBSD_Version__ >= 103080000 4033 struct sockaddr_in new_sin = *si; 4034 4035 new_sin.sin_addr.s_addr = htonl(src); 4036 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 4037 if(debug && error) 4038 { 4039 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 4040 " failed, error=%d\n", SPP_ARGS(ifp), error); 4041 } 4042 #else 4043 /* delete old route */ 4044 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4045 if(debug && error) 4046 { 4047 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4048 SPP_ARGS(ifp), error); 4049 } 4050 4051 /* set new address */ 4052 si->sin_addr.s_addr = htonl(src); 4053 4054 /* add new route */ 4055 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4056 if (debug && error) 4057 { 4058 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4059 SPP_ARGS(ifp), error); 4060 } 4061 #endif 4062 } 4063 } 4064 4065 static int 4066 sppp_params(struct sppp *sp, int cmd, void *data) 4067 { 4068 int subcmd; 4069 struct ifreq *ifr = (struct ifreq *)data; 4070 struct spppreq spr; 4071 4072 /* 4073 * ifr->ifr_data is supposed to point to a struct spppreq. 4074 * Check the cmd word first before attempting to fetch all the 4075 * data. 4076 */ 4077 if ((subcmd = fuword(ifr->ifr_data)) == -1) 4078 return EFAULT; 4079 4080 if (copyin((caddr_t)ifr->ifr_data, &spr, sizeof spr) != 0) 4081 return EFAULT; 4082 4083 switch (subcmd) { 4084 case SPPPIOGDEFS: 4085 if (cmd != SIOCGIFGENERIC) 4086 return EINVAL; 4087 /* 4088 * We copy over the entire current state, but clean 4089 * out some of the stuff we don't wanna pass up. 4090 * Remember, SIOCGIFGENERIC is unprotected, and can be 4091 * called by any user. No need to ever get PAP or 4092 * CHAP secrets back to userland anyway. 4093 */ 4094 bcopy(sp, &spr.defs, sizeof(struct sppp)); 4095 bzero(spr.defs.myauth.secret, AUTHKEYLEN); 4096 bzero(spr.defs.myauth.challenge, AUTHKEYLEN); 4097 bzero(spr.defs.hisauth.secret, AUTHKEYLEN); 4098 bzero(spr.defs.hisauth.challenge, AUTHKEYLEN); 4099 return copyout(&spr, (caddr_t)ifr->ifr_data, sizeof spr); 4100 4101 case SPPPIOSDEFS: 4102 if (cmd != SIOCSIFGENERIC) 4103 return EINVAL; 4104 /* 4105 * We have a very specific idea of which fields we allow 4106 * being passed back from userland, so to not clobber our 4107 * current state. For one, we only allow setting 4108 * anything if LCP is in dead phase. Once the LCP 4109 * negotiations started, the authentication settings must 4110 * not be changed again. (The administrator can force an 4111 * ifconfig down in order to get LCP back into dead 4112 * phase.) 4113 * 4114 * Also, we only allow for authentication parameters to be 4115 * specified. 4116 * 4117 * XXX Should allow to set or clear pp_flags. 4118 * 4119 * Finally, if the respective authentication protocol to 4120 * be used is set differently than 0, but the secret is 4121 * passed as all zeros, we don't trash the existing secret. 4122 * This allows an administrator to change the system name 4123 * only without clobbering the secret (which he didn't get 4124 * back in a previous SPPPIOGDEFS call). However, the 4125 * secrets are cleared if the authentication protocol is 4126 * reset to 0. 4127 */ 4128 if (sp->pp_phase != PHASE_DEAD) 4129 return EBUSY; 4130 4131 if ((spr.defs.myauth.proto != 0 && spr.defs.myauth.proto != PPP_PAP && 4132 spr.defs.myauth.proto != PPP_CHAP) || 4133 (spr.defs.hisauth.proto != 0 && spr.defs.hisauth.proto != PPP_PAP && 4134 spr.defs.hisauth.proto != PPP_CHAP)) 4135 return EINVAL; 4136 4137 if (spr.defs.myauth.proto == 0) 4138 /* resetting myauth */ 4139 bzero(&sp->myauth, sizeof sp->myauth); 4140 else { 4141 /* setting/changing myauth */ 4142 sp->myauth.proto = spr.defs.myauth.proto; 4143 bcopy(spr.defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 4144 if (spr.defs.myauth.secret[0] != '\0') 4145 bcopy(spr.defs.myauth.secret, sp->myauth.secret, 4146 AUTHKEYLEN); 4147 } 4148 if (spr.defs.hisauth.proto == 0) 4149 /* resetting hisauth */ 4150 bzero(&sp->hisauth, sizeof sp->hisauth); 4151 else { 4152 /* setting/changing hisauth */ 4153 sp->hisauth.proto = spr.defs.hisauth.proto; 4154 sp->hisauth.flags = spr.defs.hisauth.flags; 4155 bcopy(spr.defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 4156 if (spr.defs.hisauth.secret[0] != '\0') 4157 bcopy(spr.defs.hisauth.secret, sp->hisauth.secret, 4158 AUTHKEYLEN); 4159 } 4160 break; 4161 4162 default: 4163 return EINVAL; 4164 } 4165 4166 return 0; 4167 } 4168 4169 static void 4170 sppp_phase_network(struct sppp *sp) 4171 { 4172 STDDCL; 4173 int i; 4174 u_long mask; 4175 4176 sp->pp_phase = PHASE_NETWORK; 4177 4178 if(debug) 4179 { 4180 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 4181 sppp_phase_name(sp->pp_phase)); 4182 } 4183 4184 /* Notify NCPs now. */ 4185 for (i = 0; i < IDX_COUNT; i++) 4186 if ((cps[i])->flags & CP_NCP) 4187 (cps[i])->Open(sp); 4188 4189 /* Send Up events to all NCPs. */ 4190 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 4191 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP)) 4192 (cps[i])->Up(sp); 4193 4194 /* if no NCP is starting, all this was in vain, close down */ 4195 sppp_lcp_check_and_close(sp); 4196 } 4197 4198 4199 static const char * 4200 sppp_cp_type_name(u_char type) 4201 { 4202 static char buf[12]; 4203 switch (type) { 4204 case CONF_REQ: return "conf-req"; 4205 case CONF_ACK: return "conf-ack"; 4206 case CONF_NAK: return "conf-nak"; 4207 case CONF_REJ: return "conf-rej"; 4208 case TERM_REQ: return "term-req"; 4209 case TERM_ACK: return "term-ack"; 4210 case CODE_REJ: return "code-rej"; 4211 case PROTO_REJ: return "proto-rej"; 4212 case ECHO_REQ: return "echo-req"; 4213 case ECHO_REPLY: return "echo-reply"; 4214 case DISC_REQ: return "discard-req"; 4215 } 4216 sprintf (buf, "0x%x", type); 4217 return buf; 4218 } 4219 4220 static const char * 4221 sppp_auth_type_name(u_short proto, u_char type) 4222 { 4223 static char buf[12]; 4224 switch (proto) { 4225 case PPP_CHAP: 4226 switch (type) { 4227 case CHAP_CHALLENGE: return "challenge"; 4228 case CHAP_RESPONSE: return "response"; 4229 case CHAP_SUCCESS: return "success"; 4230 case CHAP_FAILURE: return "failure"; 4231 } 4232 case PPP_PAP: 4233 switch (type) { 4234 case PAP_REQ: return "req"; 4235 case PAP_ACK: return "ack"; 4236 case PAP_NAK: return "nak"; 4237 } 4238 } 4239 sprintf (buf, "0x%x", type); 4240 return buf; 4241 } 4242 4243 static const char * 4244 sppp_lcp_opt_name(u_char opt) 4245 { 4246 static char buf[12]; 4247 switch (opt) { 4248 case LCP_OPT_MRU: return "mru"; 4249 case LCP_OPT_ASYNC_MAP: return "async-map"; 4250 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 4251 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 4252 case LCP_OPT_MAGIC: return "magic"; 4253 case LCP_OPT_PROTO_COMP: return "proto-comp"; 4254 case LCP_OPT_ADDR_COMP: return "addr-comp"; 4255 } 4256 sprintf (buf, "0x%x", opt); 4257 return buf; 4258 } 4259 4260 static const char * 4261 sppp_ipcp_opt_name(u_char opt) 4262 { 4263 static char buf[12]; 4264 switch (opt) { 4265 case IPCP_OPT_ADDRESSES: return "addresses"; 4266 case IPCP_OPT_COMPRESSION: return "compression"; 4267 case IPCP_OPT_ADDRESS: return "address"; 4268 } 4269 sprintf (buf, "0x%x", opt); 4270 return buf; 4271 } 4272 4273 static const char * 4274 sppp_state_name(int state) 4275 { 4276 switch (state) { 4277 case STATE_INITIAL: return "initial"; 4278 case STATE_STARTING: return "starting"; 4279 case STATE_CLOSED: return "closed"; 4280 case STATE_STOPPED: return "stopped"; 4281 case STATE_CLOSING: return "closing"; 4282 case STATE_STOPPING: return "stopping"; 4283 case STATE_REQ_SENT: return "req-sent"; 4284 case STATE_ACK_RCVD: return "ack-rcvd"; 4285 case STATE_ACK_SENT: return "ack-sent"; 4286 case STATE_OPENED: return "opened"; 4287 } 4288 return "illegal"; 4289 } 4290 4291 static const char * 4292 sppp_phase_name(enum ppp_phase phase) 4293 { 4294 switch (phase) { 4295 case PHASE_DEAD: return "dead"; 4296 case PHASE_ESTABLISH: return "establish"; 4297 case PHASE_TERMINATE: return "terminate"; 4298 case PHASE_AUTHENTICATE: return "authenticate"; 4299 case PHASE_NETWORK: return "network"; 4300 } 4301 return "illegal"; 4302 } 4303 4304 static const char * 4305 sppp_proto_name(u_short proto) 4306 { 4307 static char buf[12]; 4308 switch (proto) { 4309 case PPP_LCP: return "lcp"; 4310 case PPP_IPCP: return "ipcp"; 4311 case PPP_PAP: return "pap"; 4312 case PPP_CHAP: return "chap"; 4313 } 4314 sprintf(buf, "0x%x", (unsigned)proto); 4315 return buf; 4316 } 4317 4318 static void 4319 sppp_print_bytes(const u_char *p, u_short len) 4320 { 4321 addlog(" %02x", *p++); 4322 while (--len > 0) 4323 addlog("-%02x", *p++); 4324 } 4325 4326 static void 4327 sppp_print_string(const char *p, u_short len) 4328 { 4329 u_char c; 4330 4331 while (len-- > 0) { 4332 c = *p++; 4333 /* 4334 * Print only ASCII chars directly. RFC 1994 recommends 4335 * using only them, but we don't rely on it. */ 4336 if (c < ' ' || c > '~') 4337 addlog("\\x%x", c); 4338 else 4339 addlog("%c", c); 4340 } 4341 } 4342 4343 static const char * 4344 sppp_dotted_quad(u_long addr) 4345 { 4346 static char s[16]; 4347 sprintf(s, "%d.%d.%d.%d", 4348 (int)((addr >> 24) & 0xff), 4349 (int)((addr >> 16) & 0xff), 4350 (int)((addr >> 8) & 0xff), 4351 (int)(addr & 0xff)); 4352 return s; 4353 } 4354 4355 static int 4356 sppp_strnlen(u_char *p, int max) 4357 { 4358 int len; 4359 4360 for (len = 0; len < max && *p; ++p) 4361 ++len; 4362 return len; 4363 } 4364 4365 /* a dummy, used to drop uninteresting events */ 4366 static void 4367 sppp_null(struct sppp *unused) 4368 { 4369 /* do just nothing */ 4370 } 4371 /* 4372 * This file is large. Tell emacs to highlight it nevertheless. 4373 * 4374 * Local Variables: 4375 * hilit-auto-highlight-maxout: 120000 4376 * End: 4377 */ 4378
Indexes created Tue Oct 14 06:10:07 GMT 2025