if_spppsubr.c revision 1.8
1 /* $NetBSD: if_spppsubr.c,v 1.8 2000/04/12 10:51:15 itojun Exp $ */ 2 3 /* 4 * Synchronous PPP/Cisco link level subroutines. 5 * Keepalive protocol implemented in both Cisco and PPP modes. 6 * 7 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 8 * Author: Serge Vakulenko, <vak (at) cronyx.ru> 9 * 10 * Heavily revamped to conform to RFC 1661. 11 * Copyright (C) 1997, Joerg Wunsch. 12 * 13 * This software is distributed with NO WARRANTIES, not even the implied 14 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 15 * 16 * Authors grant any other persons or organisations permission to use 17 * or modify this software as long as this message is kept with the software, 18 * all derivative works or modified versions. 19 * 20 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 21 * 22 * From: if_spppsubr.c,v 1.39 1998/04/04 13:26:03 phk Exp 23 * 24 * From: Id: if_spppsubr.c,v 1.23 1999/02/23 14:47:50 hm Exp 25 */ 26 27 #if defined(__NetBSD__) || (defined(__FreeBSD__) && __FreeBSD__ >= 3) 28 #include "opt_inet.h" 29 #include "opt_ipx.h" 30 #include "opt_iso.h" 31 #include "opt_ns.h" 32 #endif 33 34 #include <sys/param.h> 35 36 #include <sys/systm.h> 37 #include <sys/kernel.h> 38 #include <sys/sockio.h> 39 #include <sys/socket.h> 40 #include <sys/syslog.h> 41 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 42 #include <machine/random.h> 43 #endif 44 #include <sys/malloc.h> 45 #include <sys/mbuf.h> 46 47 #if defined (__OpenBSD__) 48 #include <sys/md5k.h> 49 #else 50 #include <sys/md5.h> 51 #endif 52 53 #include <net/if.h> 54 #include <net/netisr.h> 55 #include <net/if_types.h> 56 #include <net/route.h> 57 58 #include <machine/stdarg.h> 59 60 #ifdef INET 61 #include <netinet/in.h> 62 #include <netinet/in_systm.h> 63 #include <netinet/in_var.h> 64 #include <netinet/ip.h> 65 #include <netinet/tcp.h> 66 #if defined (__FreeBSD__) || defined (__OpenBSD__) 67 #include <netinet/if_ether.h> 68 #else 69 #include <net/ethertypes.h> 70 #endif 71 #else 72 #error Huh? sppp without INET? 73 #endif 74 75 #ifdef IPX 76 #include <netipx/ipx.h> 77 #include <netipx/ipx_if.h> 78 #endif 79 80 #ifdef NS 81 #include <netns/ns.h> 82 #include <netns/ns_if.h> 83 #endif 84 85 #ifdef ISO 86 #include <netiso/argo_debug.h> 87 #include <netiso/iso.h> 88 #include <netiso/iso_var.h> 89 #include <netiso/iso_snpac.h> 90 #endif 91 92 #if defined(__FreeBSD__) || defined(__NetBSD__) 93 #include <net/if_sppp.h> 94 #else 95 #include <i4b/sppp/if_sppp.h> 96 #endif 97 #if defined(__NetBSD__) || defined (__OpenBSD__) 98 #include <machine/cpu.h> /* XXX for softnet */ 99 #endif 100 101 #define MAXALIVECNT 3 /* max. alive packets */ 102 103 /* 104 * Interface flags that can be set in an ifconfig command. 105 * 106 * Setting link0 will make the link passive, i.e. it will be marked 107 * as being administrative openable, but won't be opened to begin 108 * with. Incoming calls will be answered, or subsequent calls with 109 * -link1 will cause the administrative open of the LCP layer. 110 * 111 * Setting link1 will cause the link to auto-dial only as packets 112 * arrive to be sent. 113 * 114 * Setting IFF_DEBUG will syslog the option negotiation and state 115 * transitions at level kern.debug. Note: all logs consistently look 116 * like 117 * 118 * <if-name><unit>: <proto-name> <additional info...> 119 * 120 * with <if-name><unit> being something like "bppp0", and <proto-name> 121 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 122 */ 123 124 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 125 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 126 127 #define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 128 #define PPP_UI 0x03 /* Unnumbered Information */ 129 #define PPP_IP 0x0021 /* Internet Protocol */ 130 #define PPP_ISO 0x0023 /* ISO OSI Protocol */ 131 #define PPP_XNS 0x0025 /* Xerox NS Protocol */ 132 #define PPP_IPX 0x002b /* Novell IPX Protocol */ 133 #define PPP_IPV6 0x0057 /* Internet Protocol version 6 */ 134 #define PPP_LCP 0xc021 /* Link Control Protocol */ 135 #define PPP_PAP 0xc023 /* Password Authentication Protocol */ 136 #define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */ 137 #define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 138 #define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */ 139 140 #define CONF_REQ 1 /* PPP configure request */ 141 #define CONF_ACK 2 /* PPP configure acknowledge */ 142 #define CONF_NAK 3 /* PPP configure negative ack */ 143 #define CONF_REJ 4 /* PPP configure reject */ 144 #define TERM_REQ 5 /* PPP terminate request */ 145 #define TERM_ACK 6 /* PPP terminate acknowledge */ 146 #define CODE_REJ 7 /* PPP code reject */ 147 #define PROTO_REJ 8 /* PPP protocol reject */ 148 #define ECHO_REQ 9 /* PPP echo request */ 149 #define ECHO_REPLY 10 /* PPP echo reply */ 150 #define DISC_REQ 11 /* PPP discard request */ 151 152 #define LCP_OPT_MRU 1 /* maximum receive unit */ 153 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 154 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 155 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 156 #define LCP_OPT_MAGIC 5 /* magic number */ 157 #define LCP_OPT_RESERVED 6 /* reserved */ 158 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 159 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 160 161 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 162 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */ 163 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 164 165 #define PAP_REQ 1 /* PAP name/password request */ 166 #define PAP_ACK 2 /* PAP acknowledge */ 167 #define PAP_NAK 3 /* PAP fail */ 168 169 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 170 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 171 #define CHAP_SUCCESS 3 /* CHAP response ok */ 172 #define CHAP_FAILURE 4 /* CHAP response failed */ 173 174 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 175 176 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 177 #define CISCO_UNICAST 0x0f /* Cisco unicast address */ 178 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 179 #define CISCO_ADDR_REQ 0 /* Cisco address request */ 180 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 181 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 182 183 /* states are named and numbered according to RFC 1661 */ 184 #define STATE_INITIAL 0 185 #define STATE_STARTING 1 186 #define STATE_CLOSED 2 187 #define STATE_STOPPED 3 188 #define STATE_CLOSING 4 189 #define STATE_STOPPING 5 190 #define STATE_REQ_SENT 6 191 #define STATE_ACK_RCVD 7 192 #define STATE_ACK_SENT 8 193 #define STATE_OPENED 9 194 195 struct ppp_header { 196 u_char address; 197 u_char control; 198 u_short protocol; 199 } __attribute__((__packed__)); 200 #define PPP_HEADER_LEN sizeof (struct ppp_header) 201 202 struct lcp_header { 203 u_char type; 204 u_char ident; 205 u_short len; 206 } __attribute__((__packed__)); 207 #define LCP_HEADER_LEN sizeof (struct lcp_header) 208 209 struct cisco_packet { 210 u_long type; 211 u_long par1; 212 u_long par2; 213 u_short rel; 214 u_short time0; 215 u_short time1; 216 } __attribute__((__packed__)); 217 #define CISCO_PACKET_LEN 18 218 219 /* 220 * We follow the spelling and capitalization of RFC 1661 here, to make 221 * it easier comparing with the standard. Please refer to this RFC in 222 * case you can't make sense out of these abbreviation; it will also 223 * explain the semantics related to the various events and actions. 224 */ 225 struct cp { 226 u_short proto; /* PPP control protocol number */ 227 u_char protoidx; /* index into state table in struct sppp */ 228 u_char flags; 229 #define CP_LCP 0x01 /* this is the LCP */ 230 #define CP_AUTH 0x02 /* this is an authentication protocol */ 231 #define CP_NCP 0x04 /* this is a NCP */ 232 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 233 const char *name; /* name of this control protocol */ 234 /* event handlers */ 235 void (*Up)(struct sppp *sp); 236 void (*Down)(struct sppp *sp); 237 void (*Open)(struct sppp *sp); 238 void (*Close)(struct sppp *sp); 239 void (*TO)(void *sp); 240 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 241 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 242 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 243 /* actions */ 244 void (*tlu)(struct sppp *sp); 245 void (*tld)(struct sppp *sp); 246 void (*tls)(struct sppp *sp); 247 void (*tlf)(struct sppp *sp); 248 void (*scr)(struct sppp *sp); 249 }; 250 251 static struct sppp *spppq; 252 #if defined(__NetBSD__) 253 static struct callout keepalive_ch; 254 #endif 255 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 256 static struct callout_handle keepalive_ch; 257 #endif 258 259 #ifdef __FreeBSD__ 260 #define SPP_FMT "%s%d: " 261 #define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit 262 #else 263 #define SPP_FMT "%s: " 264 #define SPP_ARGS(ifp) (ifp)->if_xname 265 #endif 266 267 /* 268 * The following disgusting hack gets around the problem that IP TOS 269 * can't be set yet. We want to put "interactive" traffic on a high 270 * priority queue. To decide if traffic is interactive, we check that 271 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 272 * 273 * XXX is this really still necessary? - joerg - 274 */ 275 static u_short interactive_ports[8] = { 276 0, 513, 0, 0, 277 0, 21, 0, 23, 278 }; 279 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 280 281 /* almost every function needs these */ 282 #define STDDCL \ 283 struct ifnet *ifp = &sp->pp_if; \ 284 int debug = ifp->if_flags & IFF_DEBUG 285 286 static int sppp_output(struct ifnet *ifp, struct mbuf *m, 287 struct sockaddr *dst, struct rtentry *rt); 288 289 static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2); 290 static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 291 292 static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 293 struct mbuf *m); 294 static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 295 u_char ident, u_short len, void *data); 296 /* static void sppp_cp_timeout(void *arg); */ 297 static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 298 int newstate); 299 static void sppp_auth_send(const struct cp *cp, 300 struct sppp *sp, unsigned int type, unsigned int id, 301 ...); 302 303 static void sppp_up_event(const struct cp *cp, struct sppp *sp); 304 static void sppp_down_event(const struct cp *cp, struct sppp *sp); 305 static void sppp_open_event(const struct cp *cp, struct sppp *sp); 306 static void sppp_close_event(const struct cp *cp, struct sppp *sp); 307 static void sppp_to_event(const struct cp *cp, struct sppp *sp); 308 309 static void sppp_null(struct sppp *sp); 310 311 static void sppp_lcp_init(struct sppp *sp); 312 static void sppp_lcp_up(struct sppp *sp); 313 static void sppp_lcp_down(struct sppp *sp); 314 static void sppp_lcp_open(struct sppp *sp); 315 static void sppp_lcp_close(struct sppp *sp); 316 static void sppp_lcp_TO(void *sp); 317 static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 318 static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 319 static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 320 static void sppp_lcp_tlu(struct sppp *sp); 321 static void sppp_lcp_tld(struct sppp *sp); 322 static void sppp_lcp_tls(struct sppp *sp); 323 static void sppp_lcp_tlf(struct sppp *sp); 324 static void sppp_lcp_scr(struct sppp *sp); 325 static void sppp_lcp_check_and_close(struct sppp *sp); 326 static int sppp_ncp_check(struct sppp *sp); 327 328 static void sppp_ipcp_init(struct sppp *sp); 329 static void sppp_ipcp_up(struct sppp *sp); 330 static void sppp_ipcp_down(struct sppp *sp); 331 static void sppp_ipcp_open(struct sppp *sp); 332 static void sppp_ipcp_close(struct sppp *sp); 333 static void sppp_ipcp_TO(void *sp); 334 static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 335 static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 336 static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 337 static void sppp_ipcp_tlu(struct sppp *sp); 338 static void sppp_ipcp_tld(struct sppp *sp); 339 static void sppp_ipcp_tls(struct sppp *sp); 340 static void sppp_ipcp_tlf(struct sppp *sp); 341 static void sppp_ipcp_scr(struct sppp *sp); 342 343 static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 344 static void sppp_pap_init(struct sppp *sp); 345 static void sppp_pap_open(struct sppp *sp); 346 static void sppp_pap_close(struct sppp *sp); 347 static void sppp_pap_TO(void *sp); 348 static void sppp_pap_my_TO(void *sp); 349 static void sppp_pap_tlu(struct sppp *sp); 350 static void sppp_pap_tld(struct sppp *sp); 351 static void sppp_pap_scr(struct sppp *sp); 352 353 static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 354 static void sppp_chap_init(struct sppp *sp); 355 static void sppp_chap_open(struct sppp *sp); 356 static void sppp_chap_close(struct sppp *sp); 357 static void sppp_chap_TO(void *sp); 358 static void sppp_chap_tlu(struct sppp *sp); 359 static void sppp_chap_tld(struct sppp *sp); 360 static void sppp_chap_scr(struct sppp *sp); 361 362 static const char *sppp_auth_type_name(u_short proto, u_char type); 363 static const char *sppp_cp_type_name(u_char type); 364 static const char *sppp_dotted_quad(u_long addr); 365 static const char *sppp_ipcp_opt_name(u_char opt); 366 static const char *sppp_lcp_opt_name(u_char opt); 367 static const char *sppp_phase_name(enum ppp_phase phase); 368 static const char *sppp_proto_name(u_short proto); 369 static const char *sppp_state_name(int state); 370 static int sppp_params(struct sppp *sp, int cmd, void *data); 371 static int sppp_strnlen(u_char *p, int max); 372 static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, 373 u_long *srcmask); 374 static void sppp_keepalive(void *dummy); 375 static void sppp_phase_network(struct sppp *sp); 376 static void sppp_print_bytes(const u_char *p, u_short len); 377 static void sppp_print_string(const char *p, u_short len); 378 static void sppp_qflush(struct ifqueue *ifq); 379 static void sppp_set_ip_addr(struct sppp *sp, u_long src); 380 381 /* our control protocol descriptors */ 382 static const struct cp lcp = { 383 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 384 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 385 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 386 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 387 sppp_lcp_scr 388 }; 389 390 static const struct cp ipcp = { 391 PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp", 392 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 393 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 394 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 395 sppp_ipcp_scr 396 }; 397 398 static const struct cp pap = { 399 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 400 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 401 sppp_pap_TO, 0, 0, 0, 402 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 403 sppp_pap_scr 404 }; 405 406 static const struct cp chap = { 407 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 408 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 409 sppp_chap_TO, 0, 0, 0, 410 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 411 sppp_chap_scr 412 }; 413 414 static const struct cp *cps[IDX_COUNT] = { 415 &lcp, /* IDX_LCP */ 416 &ipcp, /* IDX_IPCP */ 417 &pap, /* IDX_PAP */ 418 &chap, /* IDX_CHAP */ 419 }; 420 421 422 /* 424 * Exported functions, comprising our interface to the lower layer. 425 */ 426 427 /* 428 * Process the received packet. 429 */ 430 void 431 sppp_input(struct ifnet *ifp, struct mbuf *m) 432 { 433 struct ppp_header *h; 434 struct ifqueue *inq = 0; 435 int s; 436 struct sppp *sp = (struct sppp *)ifp; 437 int debug = ifp->if_flags & IFF_DEBUG; 438 439 if (ifp->if_flags & IFF_UP) 440 /* Count received bytes, add FCS and one flag */ 441 ifp->if_ibytes += m->m_pkthdr.len + 3; 442 443 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 444 /* Too small packet, drop it. */ 445 if (debug) 446 log(LOG_DEBUG, 447 SPP_FMT "input packet is too small, %d bytes\n", 448 SPP_ARGS(ifp), m->m_pkthdr.len); 449 drop: 450 ++ifp->if_ierrors; 451 ++ifp->if_iqdrops; 452 m_freem (m); 453 return; 454 } 455 456 /* Get PPP header. */ 457 h = mtod (m, struct ppp_header*); 458 m_adj (m, PPP_HEADER_LEN); 459 460 switch (h->address) { 461 case PPP_ALLSTATIONS: 462 if (h->control != PPP_UI) 463 goto invalid; 464 if (sp->pp_flags & PP_CISCO) { 465 if (debug) 466 log(LOG_DEBUG, 467 SPP_FMT "PPP packet in Cisco mode " 468 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 469 SPP_ARGS(ifp), 470 h->address, h->control, ntohs(h->protocol)); 471 goto drop; 472 } 473 switch (ntohs (h->protocol)) { 474 default: 475 if (sp->state[IDX_LCP] == STATE_OPENED) 476 sppp_cp_send (sp, PPP_LCP, PROTO_REJ, 477 ++sp->pp_seq, m->m_pkthdr.len + 2, 478 &h->protocol); 479 if (debug) 480 log(LOG_DEBUG, 481 SPP_FMT "invalid input protocol " 482 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 483 SPP_ARGS(ifp), 484 h->address, h->control, ntohs(h->protocol)); 485 ++ifp->if_noproto; 486 goto drop; 487 case PPP_LCP: 488 sppp_cp_input(&lcp, sp, m); 489 m_freem (m); 490 return; 491 case PPP_PAP: 492 if (sp->pp_phase >= PHASE_AUTHENTICATE) 493 sppp_pap_input(sp, m); 494 m_freem (m); 495 return; 496 case PPP_CHAP: 497 if (sp->pp_phase >= PHASE_AUTHENTICATE) 498 sppp_chap_input(sp, m); 499 m_freem (m); 500 return; 501 #ifdef INET 502 case PPP_IPCP: 503 if (sp->pp_phase == PHASE_NETWORK) 504 sppp_cp_input(&ipcp, sp, m); 505 m_freem (m); 506 return; 507 case PPP_IP: 508 if (sp->state[IDX_IPCP] == STATE_OPENED) { 509 schednetisr (NETISR_IP); 510 inq = &ipintrq; 511 } 512 break; 513 #endif 514 #ifdef INET6 515 case PPP_IPV6CP: 516 /* TBD */ 517 m_freem (m); 518 return; 519 case PPP_IPV6: 520 /* XXX should check IPv6CP */ 521 if (sp->pp_phase == PHASE_NETWORK) { 522 schednetisr (NETISR_IPV6); 523 inq = &ip6intrq; 524 } 525 break; 526 #endif 527 #ifdef IPX 528 case PPP_IPX: 529 /* IPX IPXCP not implemented yet */ 530 if (sp->pp_phase == PHASE_NETWORK) { 531 schednetisr (NETISR_IPX); 532 inq = &ipxintrq; 533 } 534 break; 535 #endif 536 #ifdef NS 537 case PPP_XNS: 538 /* XNS IDPCP not implemented yet */ 539 if (sp->pp_phase == PHASE_NETWORK) { 540 schednetisr (NETISR_NS); 541 inq = &nsintrq; 542 } 543 break; 544 #endif 545 #ifdef ISO 546 case PPP_ISO: 547 /* OSI NLCP not implemented yet */ 548 if (sp->pp_phase == PHASE_NETWORK) { 549 schednetisr (NETISR_ISO); 550 inq = &clnlintrq; 551 } 552 break; 553 #endif 554 } 555 break; 556 case CISCO_MULTICAST: 557 case CISCO_UNICAST: 558 /* Don't check the control field here (RFC 1547). */ 559 if (! (sp->pp_flags & PP_CISCO)) { 560 if (debug) 561 log(LOG_DEBUG, 562 SPP_FMT "Cisco packet in PPP mode " 563 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 564 SPP_ARGS(ifp), 565 h->address, h->control, ntohs(h->protocol)); 566 goto drop; 567 } 568 switch (ntohs (h->protocol)) { 569 default: 570 ++ifp->if_noproto; 571 goto invalid; 572 case CISCO_KEEPALIVE: 573 sppp_cisco_input ((struct sppp*) ifp, m); 574 m_freem (m); 575 return; 576 #ifdef INET 577 case ETHERTYPE_IP: 578 schednetisr (NETISR_IP); 579 inq = &ipintrq; 580 break; 581 #endif 582 #ifdef INET6 583 case ETHERTYPE_IPV6: 584 schednetisr (NETISR_IPV6); 585 inq = &ip6intrq; 586 break; 587 #endif 588 #ifdef IPX 589 case ETHERTYPE_IPX: 590 schednetisr (NETISR_IPX); 591 inq = &ipxintrq; 592 break; 593 #endif 594 #ifdef NS 595 case ETHERTYPE_NS: 596 schednetisr (NETISR_NS); 597 inq = &nsintrq; 598 break; 599 #endif 600 } 601 break; 602 default: /* Invalid PPP packet. */ 603 invalid: 604 if (debug) 605 log(LOG_DEBUG, 606 SPP_FMT "invalid input packet " 607 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 608 SPP_ARGS(ifp), 609 h->address, h->control, ntohs(h->protocol)); 610 goto drop; 611 } 612 613 if (! (ifp->if_flags & IFF_UP) || ! inq) 614 goto drop; 615 616 /* Check queue. */ 617 s = splimp(); 618 if (IF_QFULL (inq)) { 619 /* Queue overflow. */ 620 IF_DROP(inq); 621 splx(s); 622 if (debug) 623 log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n", 624 SPP_ARGS(ifp)); 625 goto drop; 626 } 627 IF_ENQUEUE(inq, m); 628 splx(s); 629 } 630 631 /* 632 * Enqueue transmit packet. 633 */ 634 static int 635 sppp_output(struct ifnet *ifp, struct mbuf *m, 636 struct sockaddr *dst, struct rtentry *rt) 637 { 638 struct sppp *sp = (struct sppp*) ifp; 639 struct ppp_header *h; 640 struct ifqueue *ifq; 641 int s, rv = 0; 642 643 s = splimp(); 644 645 if ((ifp->if_flags & IFF_UP) == 0 || 646 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 647 m_freem (m); 648 splx (s); 649 return (ENETDOWN); 650 } 651 652 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 653 /* 654 * Interface is not yet running, but auto-dial. Need 655 * to start LCP for it. 656 */ 657 ifp->if_flags |= IFF_RUNNING; 658 splx(s); 659 lcp.Open(sp); 660 s = splimp(); 661 } 662 663 ifq = &ifp->if_snd; 664 665 #ifdef INET 666 if (dst->sa_family == AF_INET) 667 { 668 /* Check mbuf length here??? */ 669 struct ip *ip = mtod (m, struct ip*); 670 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 671 672 /* 673 * When using dynamic local IP address assignment by using 674 * 0.0.0.0 as a local address, the first TCP session will 675 * not connect because the local TCP checksum is computed 676 * using 0.0.0.0 which will later become our real IP address 677 * so the TCP checksum computed at the remote end will 678 * become invalid. So we 679 * - don't let packets with src ip addr 0 thru 680 * - we flag TCP packets with src ip 0 as an error 681 */ 682 683 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */ 684 { 685 m_freem(m); 686 splx(s); 687 if(ip->ip_p == IPPROTO_TCP) 688 return(EADDRNOTAVAIL); 689 else 690 return(0); 691 } 692 693 /* 694 * Put low delay, telnet, rlogin and ftp control packets 695 * in front of the queue. 696 */ 697 698 if (! IF_QFULL (&sp->pp_fastq) && 699 ((ip->ip_tos & IPTOS_LOWDELAY) || 700 ((ip->ip_p == IPPROTO_TCP && 701 m->m_len >= sizeof (struct ip) + sizeof (struct tcphdr) && 702 (INTERACTIVE (ntohs (tcp->th_sport)))) || 703 INTERACTIVE (ntohs (tcp->th_dport))))) 704 ifq = &sp->pp_fastq; 705 } 706 #endif 707 708 #ifdef INET6 709 if (dst->sa_family == AF_INET6) { 710 /* XXX do something tricky here? */ 711 } 712 #endif 713 714 /* 715 * Prepend general data packet PPP header. For now, IP only. 716 */ 717 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 718 if (! m) { 719 if (ifp->if_flags & IFF_DEBUG) 720 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n", 721 SPP_ARGS(ifp)); 722 ++ifp->if_oerrors; 723 splx (s); 724 return (ENOBUFS); 725 } 726 /* 727 * May want to check size of packet 728 * (albeit due to the implementation it's always enough) 729 */ 730 h = mtod (m, struct ppp_header*); 731 if (sp->pp_flags & PP_CISCO) { 732 h->address = CISCO_UNICAST; /* unicast address */ 733 h->control = 0; 734 } else { 735 h->address = PPP_ALLSTATIONS; /* broadcast address */ 736 h->control = PPP_UI; /* Unnumbered Info */ 737 } 738 739 switch (dst->sa_family) { 740 #ifdef INET 741 case AF_INET: /* Internet Protocol */ 742 if (sp->pp_flags & PP_CISCO) 743 h->protocol = htons (ETHERTYPE_IP); 744 else { 745 /* 746 * Don't choke with an ENETDOWN early. It's 747 * possible that we just started dialing out, 748 * so don't drop the packet immediately. If 749 * we notice that we run out of buffer space 750 * below, we will however remember that we are 751 * not ready to carry IP packets, and return 752 * ENETDOWN, as opposed to ENOBUFS. 753 */ 754 h->protocol = htons(PPP_IP); 755 if (sp->state[IDX_IPCP] != STATE_OPENED) 756 rv = ENETDOWN; 757 } 758 break; 759 #endif 760 #ifdef INET6 761 case AF_INET6: /* Internet Protocol version 6 */ 762 if (sp->pp_flags & PP_CISCO) 763 h->protocol = htons (ETHERTYPE_IPV6); 764 else { 765 /* 766 * Don't choke with an ENETDOWN early. It's 767 * possible that we just started dialing out, 768 * so don't drop the packet immediately. If 769 * we notice that we run out of buffer space 770 * below, we will however remember that we are 771 * not ready to carry IP packets, and return 772 * ENETDOWN, as opposed to ENOBUFS. 773 */ 774 h->protocol = htons(PPP_IPV6); 775 /* XXX should check IPv6CP */ 776 if (sp->pp_phase != PHASE_NETWORK) 777 rv = ENETDOWN; 778 } 779 break; 780 #endif 781 #ifdef NS 782 case AF_NS: /* Xerox NS Protocol */ 783 h->protocol = htons ((sp->pp_flags & PP_CISCO) ? 784 ETHERTYPE_NS : PPP_XNS); 785 break; 786 #endif 787 #ifdef IPX 788 case AF_IPX: /* Novell IPX Protocol */ 789 h->protocol = htons ((sp->pp_flags & PP_CISCO) ? 790 ETHERTYPE_IPX : PPP_IPX); 791 break; 792 #endif 793 #ifdef ISO 794 case AF_ISO: /* ISO OSI Protocol */ 795 if (sp->pp_flags & PP_CISCO) 796 goto nosupport; 797 h->protocol = htons (PPP_ISO); 798 break; 799 nosupport: 800 #endif 801 default: 802 m_freem (m); 803 ++ifp->if_oerrors; 804 splx (s); 805 return (EAFNOSUPPORT); 806 } 807 808 /* 809 * Queue message on interface, and start output if interface 810 * not yet active. 811 */ 812 if (IF_QFULL (ifq)) { 813 IF_DROP (&ifp->if_snd); 814 m_freem (m); 815 ++ifp->if_oerrors; 816 splx (s); 817 return (rv? rv: ENOBUFS); 818 } 819 IF_ENQUEUE (ifq, m); 820 if (! (ifp->if_flags & IFF_OACTIVE)) 821 (*ifp->if_start) (ifp); 822 823 /* 824 * Count output packets and bytes. 825 * The packet length includes header, FCS and 1 flag, 826 * according to RFC 1333. 827 */ 828 ifp->if_obytes += m->m_pkthdr.len + 3; 829 splx (s); 830 return (0); 831 } 832 833 void 834 sppp_attach(struct ifnet *ifp) 835 { 836 struct sppp *sp = (struct sppp*) ifp; 837 838 /* Initialize keepalive handler. */ 839 if (! spppq) { 840 #if defined(__NetBSD__) 841 callout_init(&keepalive_ch); 842 callout_reset(&keepalive_ch, hz * 10, sppp_keepalive, NULL); 843 #else 844 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 845 keepalive_ch = 846 #endif 847 timeout(sppp_keepalive, 0, hz * 10); 848 #endif /* __NetBSD__ */ 849 } 850 851 /* Insert new entry into the keepalive list. */ 852 sp->pp_next = spppq; 853 spppq = sp; 854 855 sp->pp_if.if_type = IFT_PPP; 856 sp->pp_if.if_output = sppp_output; 857 sp->pp_fastq.ifq_maxlen = 32; 858 sp->pp_cpq.ifq_maxlen = 20; 859 sp->pp_loopcnt = 0; 860 sp->pp_alivecnt = 0; 861 sp->pp_seq = 0; 862 sp->pp_rseq = 0; 863 sp->pp_phase = PHASE_DEAD; 864 sp->pp_up = lcp.Up; 865 sp->pp_down = lcp.Down; 866 867 sppp_lcp_init(sp); 868 sppp_ipcp_init(sp); 869 sppp_pap_init(sp); 870 sppp_chap_init(sp); 871 } 872 873 void 874 sppp_detach(struct ifnet *ifp) 875 { 876 struct sppp **q, *p, *sp = (struct sppp*) ifp; 877 int i; 878 879 /* Remove the entry from the keepalive list. */ 880 for (q = &spppq; (p = *q); q = &p->pp_next) 881 if (p == sp) { 882 *q = p->pp_next; 883 break; 884 } 885 886 /* Stop keepalive handler. */ 887 if (! spppq) { 888 #if defined(__NetBSD__) 889 callout_stop(&keepalive_ch); 890 #else 891 untimeout(sppp_keepalive, 0 892 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 893 ,keepalive_ch 894 #endif 895 ); 896 #endif /* __NetBSD__ */ 897 } 898 899 for (i = 0; i < IDX_COUNT; i++) { 900 #if defined(__NetBSD__) 901 callout_stop(&sp->ch[i]); 902 #else 903 untimeout((cps[i])->TO, (void *)sp 904 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 905 , sp->ch[i] 906 #endif 907 ); 908 #endif /* __NetBSD__ */ 909 } 910 #if defined(__NetBSD__) 911 callout_stop(&sp->pap_my_to_ch); 912 #else 913 untimeout(sppp_pap_my_TO, (void *)sp 914 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 915 , sp->pap_my_to_ch 916 #endif 917 ); 918 #endif /* __NetBSD__ */ 919 } 920 921 /* 922 * Flush the interface output queue. 923 */ 924 void 925 sppp_flush(struct ifnet *ifp) 926 { 927 struct sppp *sp = (struct sppp*) ifp; 928 929 sppp_qflush (&sp->pp_if.if_snd); 930 sppp_qflush (&sp->pp_fastq); 931 sppp_qflush (&sp->pp_cpq); 932 } 933 934 /* 935 * Check if the output queue is empty. 936 */ 937 int 938 sppp_isempty(struct ifnet *ifp) 939 { 940 struct sppp *sp = (struct sppp*) ifp; 941 int empty, s; 942 943 s = splimp(); 944 empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head && 945 !sp->pp_if.if_snd.ifq_head; 946 splx(s); 947 return (empty); 948 } 949 950 /* 951 * Get next packet to send. 952 */ 953 struct mbuf * 954 sppp_dequeue(struct ifnet *ifp) 955 { 956 struct sppp *sp = (struct sppp*) ifp; 957 struct mbuf *m; 958 int s; 959 960 s = splimp(); 961 /* 962 * Process only the control protocol queue until we have at 963 * least one NCP open. 964 * 965 * Do always serve all three queues in Cisco mode. 966 */ 967 IF_DEQUEUE(&sp->pp_cpq, m); 968 if (m == NULL && 969 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) { 970 IF_DEQUEUE(&sp->pp_fastq, m); 971 if (m == NULL) 972 IF_DEQUEUE (&sp->pp_if.if_snd, m); 973 } 974 splx(s); 975 return m; 976 } 977 978 /* 979 * Pick the next packet, do not remove it from the queue. 980 */ 981 struct mbuf * 982 sppp_pick(struct ifnet *ifp) 983 { 984 struct sppp *sp = (struct sppp*)ifp; 985 struct mbuf *m; 986 int s; 987 988 s= splimp (); 989 990 m = sp->pp_cpq.ifq_head; 991 if (m == NULL && 992 (sp->pp_phase == PHASE_NETWORK || 993 (sp->pp_flags & PP_CISCO) != 0)) 994 if ((m = sp->pp_fastq.ifq_head) == NULL) 995 m = sp->pp_if.if_snd.ifq_head; 996 splx (s); 997 return (m); 998 } 999 1000 /* 1001 * Process an ioctl request. Called on low priority level. 1002 */ 1003 int 1004 #if defined(__FreeBSD_version) && __FreeBSD_version >= 300003 1005 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) 1006 #else 1007 sppp_ioctl(struct ifnet *ifp, int cmd, void *data) 1008 #endif 1009 { 1010 struct ifreq *ifr = (struct ifreq*) data; 1011 struct sppp *sp = (struct sppp*) ifp; 1012 int s, rv, going_up, going_down, newmode; 1013 1014 s = splimp(); 1015 rv = 0; 1016 switch (cmd) { 1017 case SIOCAIFADDR: 1018 case SIOCSIFDSTADDR: 1019 break; 1020 1021 case SIOCSIFADDR: 1022 if_up(ifp); 1023 /* fall through... */ 1024 1025 case SIOCSIFFLAGS: 1026 going_up = ifp->if_flags & IFF_UP && 1027 (ifp->if_flags & IFF_RUNNING) == 0; 1028 going_down = (ifp->if_flags & IFF_UP) == 0 && 1029 ifp->if_flags & IFF_RUNNING; 1030 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 1031 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 1032 /* sanity */ 1033 newmode = IFF_PASSIVE; 1034 ifp->if_flags &= ~IFF_AUTO; 1035 } 1036 1037 if (going_up || going_down) 1038 lcp.Close(sp); 1039 if (going_up && newmode == 0) { 1040 /* neither auto-dial nor passive */ 1041 ifp->if_flags |= IFF_RUNNING; 1042 if (!(sp->pp_flags & PP_CISCO)) 1043 lcp.Open(sp); 1044 } else if (going_down) { 1045 sppp_flush(ifp); 1046 ifp->if_flags &= ~IFF_RUNNING; 1047 } 1048 1049 break; 1050 1051 #ifdef SIOCSIFMTU 1052 #ifndef ifr_mtu 1053 #define ifr_mtu ifr_metric 1054 #endif 1055 case SIOCSIFMTU: 1056 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) 1057 return (EINVAL); 1058 ifp->if_mtu = ifr->ifr_mtu; 1059 break; 1060 #endif 1061 #ifdef SLIOCSETMTU 1062 case SLIOCSETMTU: 1063 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) 1064 return (EINVAL); 1065 ifp->if_mtu = *(short*)data; 1066 break; 1067 #endif 1068 #ifdef SIOCGIFMTU 1069 case SIOCGIFMTU: 1070 ifr->ifr_mtu = ifp->if_mtu; 1071 break; 1072 #endif 1073 #ifdef SLIOCGETMTU 1074 case SLIOCGETMTU: 1075 *(short*)data = ifp->if_mtu; 1076 break; 1077 #endif 1078 case SIOCADDMULTI: 1079 case SIOCDELMULTI: 1080 break; 1081 1082 case SIOCGIFGENERIC: 1083 case SIOCSIFGENERIC: 1084 rv = sppp_params(sp, cmd, data); 1085 break; 1086 1087 default: 1088 rv = ENOTTY; 1089 } 1090 splx(s); 1091 return rv; 1092 } 1093 1094 1095 /* 1097 * Cisco framing implementation. 1098 */ 1099 1100 /* 1101 * Handle incoming Cisco keepalive protocol packets. 1102 */ 1103 static void 1104 sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1105 { 1106 STDDCL; 1107 struct cisco_packet *h; 1108 u_long me, mymask; 1109 1110 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1111 if (debug) 1112 log(LOG_DEBUG, 1113 SPP_FMT "cisco invalid packet length: %d bytes\n", 1114 SPP_ARGS(ifp), m->m_pkthdr.len); 1115 return; 1116 } 1117 h = mtod (m, struct cisco_packet*); 1118 if (debug) 1119 log(LOG_DEBUG, 1120 SPP_FMT "cisco input: %d bytes " 1121 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1122 SPP_ARGS(ifp), m->m_pkthdr.len, 1123 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel, 1124 (u_int)h->time0, (u_int)h->time1); 1125 switch (ntohl (h->type)) { 1126 default: 1127 if (debug) 1128 addlog(SPP_FMT "cisco unknown packet type: 0x%lx\n", 1129 SPP_ARGS(ifp), (u_long)ntohl (h->type)); 1130 break; 1131 case CISCO_ADDR_REPLY: 1132 /* Reply on address request, ignore */ 1133 break; 1134 case CISCO_KEEPALIVE_REQ: 1135 sp->pp_alivecnt = 0; 1136 sp->pp_rseq = ntohl (h->par1); 1137 if (sp->pp_seq == sp->pp_rseq) { 1138 /* Local and remote sequence numbers are equal. 1139 * Probably, the line is in loopback mode. */ 1140 if (sp->pp_loopcnt >= MAXALIVECNT) { 1141 printf (SPP_FMT "loopback\n", 1142 SPP_ARGS(ifp)); 1143 sp->pp_loopcnt = 0; 1144 if (ifp->if_flags & IFF_UP) { 1145 if_down (ifp); 1146 sppp_qflush (&sp->pp_cpq); 1147 } 1148 } 1149 ++sp->pp_loopcnt; 1150 1151 /* Generate new local sequence number */ 1152 #if defined(__NetBSD__) || (defined(__FreeBSD__) && __FreeBSD__ >= 3) 1153 sp->pp_seq = random(); 1154 #else 1155 sp->pp_seq ^= time.tv_sec ^ time.tv_usec; 1156 #endif 1157 break; 1158 } 1159 sp->pp_loopcnt = 0; 1160 if (! (ifp->if_flags & IFF_UP) && 1161 (ifp->if_flags & IFF_RUNNING)) { 1162 if_up(ifp); 1163 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 1164 } 1165 break; 1166 case CISCO_ADDR_REQ: 1167 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1168 if (me != 0L) 1169 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1170 break; 1171 } 1172 } 1173 1174 /* 1175 * Send Cisco keepalive packet. 1176 */ 1177 static void 1178 sppp_cisco_send(struct sppp *sp, int type, long par1, long par2) 1179 { 1180 STDDCL; 1181 struct ppp_header *h; 1182 struct cisco_packet *ch; 1183 struct mbuf *m; 1184 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1185 struct timeval tv; 1186 #else 1187 u_long t = (time.tv_sec - boottime.tv_sec) * 1000; 1188 #endif 1189 1190 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1191 getmicrouptime(&tv); 1192 #endif 1193 1194 MGETHDR (m, M_DONTWAIT, MT_DATA); 1195 if (! m) 1196 return; 1197 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1198 m->m_pkthdr.rcvif = 0; 1199 1200 h = mtod (m, struct ppp_header*); 1201 h->address = CISCO_MULTICAST; 1202 h->control = 0; 1203 h->protocol = htons (CISCO_KEEPALIVE); 1204 1205 ch = (struct cisco_packet*) (h + 1); 1206 ch->type = htonl (type); 1207 ch->par1 = htonl (par1); 1208 ch->par2 = htonl (par2); 1209 ch->rel = -1; 1210 1211 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1212 ch->time0 = htons ((u_short) (tv.tv_sec >> 16)); 1213 ch->time1 = htons ((u_short) tv.tv_sec); 1214 #else 1215 ch->time0 = htons ((u_short) (t >> 16)); 1216 ch->time1 = htons ((u_short) t); 1217 #endif 1218 1219 if (debug) 1220 log(LOG_DEBUG, 1221 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n", 1222 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1, 1223 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); 1224 1225 if (IF_QFULL (&sp->pp_cpq)) { 1226 IF_DROP (&sp->pp_fastq); 1227 IF_DROP (&ifp->if_snd); 1228 m_freem (m); 1229 } else 1230 IF_ENQUEUE (&sp->pp_cpq, m); 1231 if (! (ifp->if_flags & IFF_OACTIVE)) 1232 (*ifp->if_start) (ifp); 1233 ifp->if_obytes += m->m_pkthdr.len + 3; 1234 } 1235 1236 /* 1238 * PPP protocol implementation. 1239 */ 1240 1241 /* 1242 * Send PPP control protocol packet. 1243 */ 1244 static void 1245 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1246 u_char ident, u_short len, void *data) 1247 { 1248 STDDCL; 1249 struct ppp_header *h; 1250 struct lcp_header *lh; 1251 struct mbuf *m; 1252 1253 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 1254 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 1255 MGETHDR (m, M_DONTWAIT, MT_DATA); 1256 if (! m) 1257 return; 1258 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 1259 m->m_pkthdr.rcvif = 0; 1260 1261 h = mtod (m, struct ppp_header*); 1262 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1263 h->control = PPP_UI; /* Unnumbered Info */ 1264 h->protocol = htons (proto); /* Link Control Protocol */ 1265 1266 lh = (struct lcp_header*) (h + 1); 1267 lh->type = type; 1268 lh->ident = ident; 1269 lh->len = htons (LCP_HEADER_LEN + len); 1270 if (len) 1271 bcopy (data, lh+1, len); 1272 1273 if (debug) { 1274 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 1275 SPP_ARGS(ifp), 1276 sppp_proto_name(proto), 1277 sppp_cp_type_name (lh->type), lh->ident, 1278 ntohs (lh->len)); 1279 if (len) 1280 sppp_print_bytes ((u_char*) (lh+1), len); 1281 addlog(">\n"); 1282 } 1283 if (IF_QFULL (&sp->pp_cpq)) { 1284 IF_DROP (&sp->pp_fastq); 1285 IF_DROP (&ifp->if_snd); 1286 m_freem (m); 1287 ++ifp->if_oerrors; 1288 } else 1289 IF_ENQUEUE (&sp->pp_cpq, m); 1290 if (! (ifp->if_flags & IFF_OACTIVE)) 1291 (*ifp->if_start) (ifp); 1292 ifp->if_obytes += m->m_pkthdr.len + 3; 1293 } 1294 1295 /* 1296 * Handle incoming PPP control protocol packets. 1297 */ 1298 static void 1299 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1300 { 1301 STDDCL; 1302 struct lcp_header *h; 1303 int len = m->m_pkthdr.len; 1304 int rv; 1305 u_char *p; 1306 1307 if (len < 4) { 1308 if (debug) 1309 log(LOG_DEBUG, 1310 SPP_FMT "%s invalid packet length: %d bytes\n", 1311 SPP_ARGS(ifp), cp->name, len); 1312 return; 1313 } 1314 h = mtod (m, struct lcp_header*); 1315 if (debug) { 1316 log(LOG_DEBUG, 1317 SPP_FMT "%s input(%s): <%s id=0x%x len=%d", 1318 SPP_ARGS(ifp), cp->name, 1319 sppp_state_name(sp->state[cp->protoidx]), 1320 sppp_cp_type_name (h->type), h->ident, ntohs (h->len)); 1321 if (len > 4) 1322 sppp_print_bytes ((u_char*) (h+1), len-4); 1323 addlog(">\n"); 1324 } 1325 if (len > ntohs (h->len)) 1326 len = ntohs (h->len); 1327 p = (u_char *)(h + 1); 1328 switch (h->type) { 1329 case CONF_REQ: 1330 if (len < 4) { 1331 if (debug) 1332 addlog(SPP_FMT "%s invalid conf-req length %d\n", 1333 SPP_ARGS(ifp), cp->name, 1334 len); 1335 ++ifp->if_ierrors; 1336 break; 1337 } 1338 /* handle states where RCR doesn't get a SCA/SCN */ 1339 switch (sp->state[cp->protoidx]) { 1340 case STATE_CLOSING: 1341 case STATE_STOPPING: 1342 return; 1343 case STATE_CLOSED: 1344 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1345 0, 0); 1346 return; 1347 } 1348 rv = (cp->RCR)(sp, h, len); 1349 switch (sp->state[cp->protoidx]) { 1350 case STATE_OPENED: 1351 (cp->tld)(sp); 1352 (cp->scr)(sp); 1353 /* fall through... */ 1354 case STATE_ACK_SENT: 1355 case STATE_REQ_SENT: 1356 sppp_cp_change_state(cp, sp, rv? 1357 STATE_ACK_SENT: STATE_REQ_SENT); 1358 break; 1359 case STATE_STOPPED: 1360 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1361 (cp->scr)(sp); 1362 sppp_cp_change_state(cp, sp, rv? 1363 STATE_ACK_SENT: STATE_REQ_SENT); 1364 break; 1365 case STATE_ACK_RCVD: 1366 if (rv) { 1367 sppp_cp_change_state(cp, sp, STATE_OPENED); 1368 if (debug) 1369 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1370 SPP_ARGS(ifp), 1371 cp->name); 1372 (cp->tlu)(sp); 1373 } else 1374 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1375 break; 1376 default: 1377 printf(SPP_FMT "%s illegal %s in state %s\n", 1378 SPP_ARGS(ifp), cp->name, 1379 sppp_cp_type_name(h->type), 1380 sppp_state_name(sp->state[cp->protoidx])); 1381 ++ifp->if_ierrors; 1382 } 1383 break; 1384 case CONF_ACK: 1385 if (h->ident != sp->confid[cp->protoidx]) { 1386 if (debug) 1387 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1388 SPP_ARGS(ifp), cp->name, 1389 h->ident, sp->confid[cp->protoidx]); 1390 ++ifp->if_ierrors; 1391 break; 1392 } 1393 switch (sp->state[cp->protoidx]) { 1394 case STATE_CLOSED: 1395 case STATE_STOPPED: 1396 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1397 break; 1398 case STATE_CLOSING: 1399 case STATE_STOPPING: 1400 break; 1401 case STATE_REQ_SENT: 1402 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1403 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1404 break; 1405 case STATE_OPENED: 1406 (cp->tld)(sp); 1407 /* fall through */ 1408 case STATE_ACK_RCVD: 1409 (cp->scr)(sp); 1410 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1411 break; 1412 case STATE_ACK_SENT: 1413 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1414 sppp_cp_change_state(cp, sp, STATE_OPENED); 1415 if (debug) 1416 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 1417 SPP_ARGS(ifp), cp->name); 1418 (cp->tlu)(sp); 1419 break; 1420 default: 1421 printf(SPP_FMT "%s illegal %s in state %s\n", 1422 SPP_ARGS(ifp), cp->name, 1423 sppp_cp_type_name(h->type), 1424 sppp_state_name(sp->state[cp->protoidx])); 1425 ++ifp->if_ierrors; 1426 } 1427 break; 1428 case CONF_NAK: 1429 case CONF_REJ: 1430 if (h->ident != sp->confid[cp->protoidx]) { 1431 if (debug) 1432 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n", 1433 SPP_ARGS(ifp), cp->name, 1434 h->ident, sp->confid[cp->protoidx]); 1435 ++ifp->if_ierrors; 1436 break; 1437 } 1438 if (h->type == CONF_NAK) 1439 (cp->RCN_nak)(sp, h, len); 1440 else /* CONF_REJ */ 1441 (cp->RCN_rej)(sp, h, len); 1442 1443 switch (sp->state[cp->protoidx]) { 1444 case STATE_CLOSED: 1445 case STATE_STOPPED: 1446 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1447 break; 1448 case STATE_REQ_SENT: 1449 case STATE_ACK_SENT: 1450 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1451 (cp->scr)(sp); 1452 break; 1453 case STATE_OPENED: 1454 (cp->tld)(sp); 1455 /* fall through */ 1456 case STATE_ACK_RCVD: 1457 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1458 (cp->scr)(sp); 1459 break; 1460 case STATE_CLOSING: 1461 case STATE_STOPPING: 1462 break; 1463 default: 1464 printf(SPP_FMT "%s illegal %s in state %s\n", 1465 SPP_ARGS(ifp), cp->name, 1466 sppp_cp_type_name(h->type), 1467 sppp_state_name(sp->state[cp->protoidx])); 1468 ++ifp->if_ierrors; 1469 } 1470 break; 1471 1472 case TERM_REQ: 1473 switch (sp->state[cp->protoidx]) { 1474 case STATE_ACK_RCVD: 1475 case STATE_ACK_SENT: 1476 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1477 /* fall through */ 1478 case STATE_CLOSED: 1479 case STATE_STOPPED: 1480 case STATE_CLOSING: 1481 case STATE_STOPPING: 1482 case STATE_REQ_SENT: 1483 sta: 1484 /* Send Terminate-Ack packet. */ 1485 if (debug) 1486 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n", 1487 SPP_ARGS(ifp), cp->name); 1488 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1489 break; 1490 case STATE_OPENED: 1491 (cp->tld)(sp); 1492 sp->rst_counter[cp->protoidx] = 0; 1493 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1494 goto sta; 1495 break; 1496 default: 1497 printf(SPP_FMT "%s illegal %s in state %s\n", 1498 SPP_ARGS(ifp), cp->name, 1499 sppp_cp_type_name(h->type), 1500 sppp_state_name(sp->state[cp->protoidx])); 1501 ++ifp->if_ierrors; 1502 } 1503 break; 1504 case TERM_ACK: 1505 switch (sp->state[cp->protoidx]) { 1506 case STATE_CLOSED: 1507 case STATE_STOPPED: 1508 case STATE_REQ_SENT: 1509 case STATE_ACK_SENT: 1510 break; 1511 case STATE_CLOSING: 1512 (cp->tlf)(sp); 1513 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1514 break; 1515 case STATE_STOPPING: 1516 (cp->tlf)(sp); 1517 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1518 break; 1519 case STATE_ACK_RCVD: 1520 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1521 break; 1522 case STATE_OPENED: 1523 (cp->tld)(sp); 1524 (cp->scr)(sp); 1525 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1526 break; 1527 default: 1528 printf(SPP_FMT "%s illegal %s in state %s\n", 1529 SPP_ARGS(ifp), cp->name, 1530 sppp_cp_type_name(h->type), 1531 sppp_state_name(sp->state[cp->protoidx])); 1532 ++ifp->if_ierrors; 1533 } 1534 break; 1535 case CODE_REJ: 1536 case PROTO_REJ: 1537 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1538 log(LOG_INFO, 1539 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, " 1540 "danger will robinson\n", 1541 SPP_ARGS(ifp), cp->name, 1542 sppp_cp_type_name(h->type), ntohs(*((u_short *)p))); 1543 switch (sp->state[cp->protoidx]) { 1544 case STATE_CLOSED: 1545 case STATE_STOPPED: 1546 case STATE_REQ_SENT: 1547 case STATE_ACK_SENT: 1548 case STATE_CLOSING: 1549 case STATE_STOPPING: 1550 case STATE_OPENED: 1551 break; 1552 case STATE_ACK_RCVD: 1553 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1554 break; 1555 default: 1556 printf(SPP_FMT "%s illegal %s in state %s\n", 1557 SPP_ARGS(ifp), cp->name, 1558 sppp_cp_type_name(h->type), 1559 sppp_state_name(sp->state[cp->protoidx])); 1560 ++ifp->if_ierrors; 1561 } 1562 break; 1563 case DISC_REQ: 1564 if (cp->proto != PPP_LCP) 1565 goto illegal; 1566 /* Discard the packet. */ 1567 break; 1568 case ECHO_REQ: 1569 if (cp->proto != PPP_LCP) 1570 goto illegal; 1571 if (sp->state[cp->protoidx] != STATE_OPENED) { 1572 if (debug) 1573 addlog(SPP_FMT "lcp echo req but lcp closed\n", 1574 SPP_ARGS(ifp)); 1575 ++ifp->if_ierrors; 1576 break; 1577 } 1578 if (len < 8) { 1579 if (debug) 1580 addlog(SPP_FMT "invalid lcp echo request " 1581 "packet length: %d bytes\n", 1582 SPP_ARGS(ifp), len); 1583 break; 1584 } 1585 if (ntohl (*(long*)(h+1)) == sp->lcp.magic) { 1586 /* Line loopback mode detected. */ 1587 printf(SPP_FMT "loopback\n", SPP_ARGS(ifp)); 1588 if_down (ifp); 1589 sppp_qflush (&sp->pp_cpq); 1590 1591 /* Shut down the PPP link. */ 1592 /* XXX */ 1593 lcp.Down(sp); 1594 lcp.Up(sp); 1595 break; 1596 } 1597 *(long*)(h+1) = htonl (sp->lcp.magic); 1598 if (debug) 1599 addlog(SPP_FMT "got lcp echo req, sending echo rep\n", 1600 SPP_ARGS(ifp)); 1601 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1); 1602 break; 1603 case ECHO_REPLY: 1604 if (cp->proto != PPP_LCP) 1605 goto illegal; 1606 if (h->ident != sp->lcp.echoid) { 1607 ++ifp->if_ierrors; 1608 break; 1609 } 1610 if (len < 8) { 1611 if (debug) 1612 addlog(SPP_FMT "lcp invalid echo reply " 1613 "packet length: %d bytes\n", 1614 SPP_ARGS(ifp), len); 1615 break; 1616 } 1617 if (debug) 1618 addlog(SPP_FMT "lcp got echo rep\n", 1619 SPP_ARGS(ifp)); 1620 if (ntohl (*(long*)(h+1)) != sp->lcp.magic) 1621 sp->pp_alivecnt = 0; 1622 break; 1623 default: 1624 /* Unknown packet type -- send Code-Reject packet. */ 1625 illegal: 1626 if (debug) 1627 addlog(SPP_FMT "%s send code-rej for 0x%x\n", 1628 SPP_ARGS(ifp), cp->name, h->type); 1629 sppp_cp_send(sp, cp->proto, CODE_REJ, ++sp->pp_seq, 1630 m->m_pkthdr.len, h); 1631 ++ifp->if_ierrors; 1632 } 1633 } 1634 1635 1636 /* 1637 * The generic part of all Up/Down/Open/Close/TO event handlers. 1638 * Basically, the state transition handling in the automaton. 1639 */ 1640 static void 1641 sppp_up_event(const struct cp *cp, struct sppp *sp) 1642 { 1643 STDDCL; 1644 1645 if (debug) 1646 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n", 1647 SPP_ARGS(ifp), cp->name, 1648 sppp_state_name(sp->state[cp->protoidx])); 1649 1650 switch (sp->state[cp->protoidx]) { 1651 case STATE_INITIAL: 1652 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1653 break; 1654 case STATE_STARTING: 1655 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1656 (cp->scr)(sp); 1657 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1658 break; 1659 default: 1660 printf(SPP_FMT "%s illegal up in state %s\n", 1661 SPP_ARGS(ifp), cp->name, 1662 sppp_state_name(sp->state[cp->protoidx])); 1663 } 1664 } 1665 1666 static void 1667 sppp_down_event(const struct cp *cp, struct sppp *sp) 1668 { 1669 STDDCL; 1670 1671 if (debug) 1672 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n", 1673 SPP_ARGS(ifp), cp->name, 1674 sppp_state_name(sp->state[cp->protoidx])); 1675 1676 switch (sp->state[cp->protoidx]) { 1677 case STATE_CLOSED: 1678 case STATE_CLOSING: 1679 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1680 break; 1681 case STATE_STOPPED: 1682 (cp->tls)(sp); 1683 /* fall through */ 1684 case STATE_STOPPING: 1685 case STATE_REQ_SENT: 1686 case STATE_ACK_RCVD: 1687 case STATE_ACK_SENT: 1688 sppp_cp_change_state(cp, sp, STATE_STARTING); 1689 break; 1690 case STATE_OPENED: 1691 (cp->tld)(sp); 1692 sppp_cp_change_state(cp, sp, STATE_STARTING); 1693 break; 1694 default: 1695 printf(SPP_FMT "%s illegal down in state %s\n", 1696 SPP_ARGS(ifp), cp->name, 1697 sppp_state_name(sp->state[cp->protoidx])); 1698 } 1699 } 1700 1701 1702 static void 1703 sppp_open_event(const struct cp *cp, struct sppp *sp) 1704 { 1705 STDDCL; 1706 1707 if (debug) 1708 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n", 1709 SPP_ARGS(ifp), cp->name, 1710 sppp_state_name(sp->state[cp->protoidx])); 1711 1712 switch (sp->state[cp->protoidx]) { 1713 case STATE_INITIAL: 1714 (cp->tls)(sp); 1715 sppp_cp_change_state(cp, sp, STATE_STARTING); 1716 break; 1717 case STATE_STARTING: 1718 break; 1719 case STATE_CLOSED: 1720 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1721 (cp->scr)(sp); 1722 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1723 break; 1724 case STATE_STOPPED: 1725 case STATE_STOPPING: 1726 case STATE_REQ_SENT: 1727 case STATE_ACK_RCVD: 1728 case STATE_ACK_SENT: 1729 case STATE_OPENED: 1730 break; 1731 case STATE_CLOSING: 1732 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1733 break; 1734 } 1735 } 1736 1737 1738 static void 1739 sppp_close_event(const struct cp *cp, struct sppp *sp) 1740 { 1741 STDDCL; 1742 1743 if (debug) 1744 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n", 1745 SPP_ARGS(ifp), cp->name, 1746 sppp_state_name(sp->state[cp->protoidx])); 1747 1748 switch (sp->state[cp->protoidx]) { 1749 case STATE_INITIAL: 1750 case STATE_CLOSED: 1751 case STATE_CLOSING: 1752 break; 1753 case STATE_STARTING: 1754 (cp->tlf)(sp); 1755 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1756 break; 1757 case STATE_STOPPED: 1758 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1759 break; 1760 case STATE_STOPPING: 1761 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1762 break; 1763 case STATE_OPENED: 1764 (cp->tld)(sp); 1765 /* fall through */ 1766 case STATE_REQ_SENT: 1767 case STATE_ACK_RCVD: 1768 case STATE_ACK_SENT: 1769 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1770 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0); 1771 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1772 break; 1773 } 1774 } 1775 1776 static void 1777 sppp_to_event(const struct cp *cp, struct sppp *sp) 1778 { 1779 STDDCL; 1780 int s; 1781 1782 s = splimp(); 1783 if (debug) 1784 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n", 1785 SPP_ARGS(ifp), cp->name, 1786 sppp_state_name(sp->state[cp->protoidx]), 1787 sp->rst_counter[cp->protoidx]); 1788 1789 if (--sp->rst_counter[cp->protoidx] < 0) 1790 /* TO- event */ 1791 switch (sp->state[cp->protoidx]) { 1792 case STATE_CLOSING: 1793 (cp->tlf)(sp); 1794 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1795 break; 1796 case STATE_STOPPING: 1797 (cp->tlf)(sp); 1798 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1799 break; 1800 case STATE_REQ_SENT: 1801 case STATE_ACK_RCVD: 1802 case STATE_ACK_SENT: 1803 (cp->tlf)(sp); 1804 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1805 break; 1806 } 1807 else 1808 /* TO+ event */ 1809 switch (sp->state[cp->protoidx]) { 1810 case STATE_CLOSING: 1811 case STATE_STOPPING: 1812 sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 1813 0, 0); 1814 #if defined(__NetBSD__) 1815 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1816 cp->TO, sp); 1817 #else 1818 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1819 sp->ch[cp->protoidx] = 1820 #endif 1821 timeout(cp->TO, (void *)sp, sp->lcp.timeout); 1822 #endif /* __NetBSD__ */ 1823 break; 1824 case STATE_REQ_SENT: 1825 case STATE_ACK_RCVD: 1826 (cp->scr)(sp); 1827 /* sppp_cp_change_state() will restart the timer */ 1828 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1829 break; 1830 case STATE_ACK_SENT: 1831 (cp->scr)(sp); 1832 #if defined(__NetBSD__) 1833 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1834 cp->TO, sp); 1835 #else 1836 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1837 sp->ch[cp->protoidx] = 1838 #endif 1839 timeout(cp->TO, (void *)sp, sp->lcp.timeout); 1840 #endif /* __NetBSD__ */ 1841 break; 1842 } 1843 1844 splx(s); 1845 } 1846 1847 /* 1848 * Change the state of a control protocol in the state automaton. 1849 * Takes care of starting/stopping the restart timer. 1850 */ 1851 void 1852 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1853 { 1854 sp->state[cp->protoidx] = newstate; 1855 1856 #if defined(__NetBSD__) 1857 callout_stop(&sp->ch[cp->protoidx]); 1858 #else 1859 untimeout(cp->TO, (void *)sp 1860 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1861 , sp->ch[cp->protoidx] 1862 #endif 1863 ); 1864 #endif /* __NetBSD__ */ 1865 switch (newstate) { 1866 case STATE_INITIAL: 1867 case STATE_STARTING: 1868 case STATE_CLOSED: 1869 case STATE_STOPPED: 1870 case STATE_OPENED: 1871 break; 1872 case STATE_CLOSING: 1873 case STATE_STOPPING: 1874 case STATE_REQ_SENT: 1875 case STATE_ACK_RCVD: 1876 case STATE_ACK_SENT: 1877 #if defined(__NetBSD__) 1878 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1879 cp->TO, sp); 1880 #else 1881 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1882 sp->ch[cp->protoidx] = 1883 #endif 1884 timeout(cp->TO, (void *)sp, sp->lcp.timeout); 1885 #endif /* __NetBSD__ */ 1886 break; 1887 } 1888 } 1889 /* 1891 *--------------------------------------------------------------------------* 1892 * * 1893 * The LCP implementation. * 1894 * * 1895 *--------------------------------------------------------------------------* 1896 */ 1897 static void 1898 sppp_lcp_init(struct sppp *sp) 1899 { 1900 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 1901 sp->lcp.magic = 0; 1902 sp->state[IDX_LCP] = STATE_INITIAL; 1903 sp->fail_counter[IDX_LCP] = 0; 1904 sp->lcp.protos = 0; 1905 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 1906 1907 /* 1908 * Initialize counters and timeout values. Note that we don't 1909 * use the 3 seconds suggested in RFC 1661 since we are likely 1910 * running on a fast link. XXX We should probably implement 1911 * the exponential backoff option. Note that these values are 1912 * relevant for all control protocols, not just LCP only. 1913 */ 1914 sp->lcp.timeout = 1 * hz; 1915 sp->lcp.max_terminate = 2; 1916 sp->lcp.max_configure = 10; 1917 sp->lcp.max_failure = 10; 1918 #if defined(__NetBSD__) 1919 callout_init(&sp->ch[IDX_LCP]); 1920 #endif 1921 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 1922 callout_handle_init(&sp->ch[IDX_LCP]); 1923 #endif 1924 } 1925 1926 static void 1927 sppp_lcp_up(struct sppp *sp) 1928 { 1929 STDDCL; 1930 1931 /* 1932 * If this interface is passive or dial-on-demand, and we are 1933 * still in Initial state, it means we've got an incoming 1934 * call. Activate the interface. 1935 */ 1936 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 1937 if (debug) 1938 log(LOG_DEBUG, 1939 SPP_FMT "Up event", SPP_ARGS(ifp)); 1940 ifp->if_flags |= IFF_RUNNING; 1941 if (sp->state[IDX_LCP] == STATE_INITIAL) { 1942 if (debug) 1943 addlog("(incoming call)\n"); 1944 sp->pp_flags |= PP_CALLIN; 1945 lcp.Open(sp); 1946 } else if (debug) 1947 addlog("\n"); 1948 } 1949 1950 sppp_up_event(&lcp, sp); 1951 } 1952 1953 static void 1954 sppp_lcp_down(struct sppp *sp) 1955 { 1956 STDDCL; 1957 1958 sppp_down_event(&lcp, sp); 1959 1960 /* 1961 * If this is neither a dial-on-demand nor a passive 1962 * interface, simulate an ``ifconfig down'' action, so the 1963 * administrator can force a redial by another ``ifconfig 1964 * up''. XXX For leased line operation, should we immediately 1965 * try to reopen the connection here? 1966 */ 1967 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 1968 log(LOG_INFO, 1969 SPP_FMT "Down event (carrier loss), taking interface down.\n", 1970 SPP_ARGS(ifp)); 1971 if_down(ifp); 1972 } else { 1973 if (debug) 1974 log(LOG_DEBUG, 1975 SPP_FMT "Down event (carrier loss)\n", 1976 SPP_ARGS(ifp)); 1977 } 1978 sp->pp_flags &= ~PP_CALLIN; 1979 if (sp->state[IDX_LCP] != STATE_INITIAL) 1980 lcp.Close(sp); 1981 ifp->if_flags &= ~IFF_RUNNING; 1982 } 1983 1984 static void 1985 sppp_lcp_open(struct sppp *sp) 1986 { 1987 /* 1988 * If we are authenticator, negotiate LCP_AUTH 1989 */ 1990 if (sp->hisauth.proto != 0) 1991 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 1992 else 1993 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 1994 sp->pp_flags &= ~PP_NEEDAUTH; 1995 sppp_open_event(&lcp, sp); 1996 } 1997 1998 static void 1999 sppp_lcp_close(struct sppp *sp) 2000 { 2001 sppp_close_event(&lcp, sp); 2002 } 2003 2004 static void 2005 sppp_lcp_TO(void *cookie) 2006 { 2007 sppp_to_event(&lcp, (struct sppp *)cookie); 2008 } 2009 2010 /* 2011 * Analyze a configure request. Return true if it was agreeable, and 2012 * caused action sca, false if it has been rejected or nak'ed, and 2013 * caused action scn. (The return value is used to make the state 2014 * transition decision in the state automaton.) 2015 */ 2016 static int 2017 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2018 { 2019 STDDCL; 2020 u_char *buf, *r, *p; 2021 int origlen, rlen; 2022 u_long nmagic; 2023 u_short authproto; 2024 2025 len -= 4; 2026 origlen = len; 2027 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2028 if (! buf) 2029 return (0); 2030 2031 if (debug) 2032 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ", 2033 SPP_ARGS(ifp)); 2034 2035 /* pass 1: check for things that need to be rejected */ 2036 p = (void*) (h+1); 2037 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2038 if (debug) 2039 addlog(" %s ", sppp_lcp_opt_name(*p)); 2040 switch (*p) { 2041 case LCP_OPT_MAGIC: 2042 /* Magic number. */ 2043 /* fall through, both are same length */ 2044 case LCP_OPT_ASYNC_MAP: 2045 /* Async control character map. */ 2046 if (len >= 6 || p[1] == 6) 2047 continue; 2048 if (debug) 2049 addlog("[invalid] "); 2050 break; 2051 case LCP_OPT_MRU: 2052 /* Maximum receive unit. */ 2053 if (len >= 4 && p[1] == 4) 2054 continue; 2055 if (debug) 2056 addlog("[invalid] "); 2057 break; 2058 case LCP_OPT_AUTH_PROTO: 2059 if (len < 4) { 2060 if (debug) 2061 addlog("[invalid] "); 2062 break; 2063 } 2064 authproto = (p[2] << 8) + p[3]; 2065 if (authproto == PPP_CHAP && p[1] != 5) { 2066 if (debug) 2067 addlog("[invalid chap len] "); 2068 break; 2069 } 2070 if (sp->myauth.proto == 0) { 2071 /* we are not configured to do auth */ 2072 if (debug) 2073 addlog("[not configured] "); 2074 break; 2075 } 2076 /* 2077 * Remote want us to authenticate, remember this, 2078 * so we stay in PHASE_AUTHENTICATE after LCP got 2079 * up. 2080 */ 2081 sp->pp_flags |= PP_NEEDAUTH; 2082 continue; 2083 default: 2084 /* Others not supported. */ 2085 if (debug) 2086 addlog("[rej] "); 2087 break; 2088 } 2089 /* Add the option to rejected list. */ 2090 bcopy (p, r, p[1]); 2091 r += p[1]; 2092 rlen += p[1]; 2093 } 2094 if (rlen) { 2095 if (debug) 2096 addlog(" send conf-rej\n"); 2097 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2098 return 0; 2099 } else if (debug) 2100 addlog("\n"); 2101 2102 /* 2103 * pass 2: check for option values that are unacceptable and 2104 * thus require to be nak'ed. 2105 */ 2106 if (debug) 2107 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ", 2108 SPP_ARGS(ifp)); 2109 2110 p = (void*) (h+1); 2111 len = origlen; 2112 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2113 if (debug) 2114 addlog(" %s ", sppp_lcp_opt_name(*p)); 2115 switch (*p) { 2116 case LCP_OPT_MAGIC: 2117 /* Magic number -- extract. */ 2118 nmagic = (u_long)p[2] << 24 | 2119 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2120 if (nmagic != sp->lcp.magic) { 2121 if (debug) 2122 addlog("0x%lx ", nmagic); 2123 continue; 2124 } 2125 /* 2126 * Local and remote magics equal -- loopback? 2127 */ 2128 if (sp->pp_loopcnt >= MAXALIVECNT*5) { 2129 printf (SPP_FMT "loopback\n", 2130 SPP_ARGS(ifp)); 2131 sp->pp_loopcnt = 0; 2132 if (ifp->if_flags & IFF_UP) { 2133 if_down(ifp); 2134 sppp_qflush(&sp->pp_cpq); 2135 /* XXX ? */ 2136 lcp.Down(sp); 2137 lcp.Up(sp); 2138 } 2139 } else if (debug) 2140 addlog("[glitch] "); 2141 ++sp->pp_loopcnt; 2142 /* 2143 * We negate our magic here, and NAK it. If 2144 * we see it later in an NAK packet, we 2145 * suggest a new one. 2146 */ 2147 nmagic = ~sp->lcp.magic; 2148 /* Gonna NAK it. */ 2149 p[2] = nmagic >> 24; 2150 p[3] = nmagic >> 16; 2151 p[4] = nmagic >> 8; 2152 p[5] = nmagic; 2153 break; 2154 2155 case LCP_OPT_ASYNC_MAP: 2156 /* Async control character map -- check to be zero. */ 2157 if (! p[2] && ! p[3] && ! p[4] && ! p[5]) { 2158 if (debug) 2159 addlog("[empty] "); 2160 continue; 2161 } 2162 if (debug) 2163 addlog("[non-empty] "); 2164 /* suggest a zero one */ 2165 p[2] = p[3] = p[4] = p[5] = 0; 2166 break; 2167 2168 case LCP_OPT_MRU: 2169 /* 2170 * Maximum receive unit. Always agreeable, 2171 * but ignored by now. 2172 */ 2173 sp->lcp.their_mru = p[2] * 256 + p[3]; 2174 if (debug) 2175 addlog("%ld ", sp->lcp.their_mru); 2176 continue; 2177 2178 case LCP_OPT_AUTH_PROTO: 2179 authproto = (p[2] << 8) + p[3]; 2180 if (sp->myauth.proto != authproto) { 2181 /* not agreed, nak */ 2182 if (debug) 2183 addlog("[mine %s != his %s] ", 2184 sppp_proto_name(sp->hisauth.proto), 2185 sppp_proto_name(authproto)); 2186 p[2] = sp->myauth.proto >> 8; 2187 p[3] = sp->myauth.proto; 2188 break; 2189 } 2190 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2191 if (debug) 2192 addlog("[chap not MD5] "); 2193 p[4] = CHAP_MD5; 2194 break; 2195 } 2196 continue; 2197 } 2198 /* Add the option to nak'ed list. */ 2199 bcopy (p, r, p[1]); 2200 r += p[1]; 2201 rlen += p[1]; 2202 } 2203 if (rlen) { 2204 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2205 if (debug) 2206 addlog(" max_failure (%d) exceeded, " 2207 "send conf-rej\n", 2208 sp->lcp.max_failure); 2209 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2210 } else { 2211 if (debug) 2212 addlog(" send conf-nak\n"); 2213 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2214 } 2215 return 0; 2216 } else { 2217 if (debug) 2218 addlog(" send conf-ack\n"); 2219 sp->fail_counter[IDX_LCP] = 0; 2220 sp->pp_loopcnt = 0; 2221 sppp_cp_send (sp, PPP_LCP, CONF_ACK, 2222 h->ident, origlen, h+1); 2223 } 2224 2225 free (buf, M_TEMP); 2226 return (rlen == 0); 2227 } 2228 2229 /* 2230 * Analyze the LCP Configure-Reject option list, and adjust our 2231 * negotiation. 2232 */ 2233 static void 2234 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2235 { 2236 STDDCL; 2237 u_char *buf, *p; 2238 2239 len -= 4; 2240 buf = malloc (len, M_TEMP, M_NOWAIT); 2241 if (!buf) 2242 return; 2243 2244 if (debug) 2245 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ", 2246 SPP_ARGS(ifp)); 2247 2248 p = (void*) (h+1); 2249 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2250 if (debug) 2251 addlog(" %s ", sppp_lcp_opt_name(*p)); 2252 switch (*p) { 2253 case LCP_OPT_MAGIC: 2254 /* Magic number -- can't use it, use 0 */ 2255 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2256 sp->lcp.magic = 0; 2257 break; 2258 case LCP_OPT_MRU: 2259 /* 2260 * Should not be rejected anyway, since we only 2261 * negotiate a MRU if explicitly requested by 2262 * peer. 2263 */ 2264 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2265 break; 2266 case LCP_OPT_AUTH_PROTO: 2267 /* 2268 * Peer doesn't want to authenticate himself, 2269 * deny unless this is a dialout call, and 2270 * AUTHFLAG_NOCALLOUT is set. 2271 */ 2272 if ((sp->pp_flags & PP_CALLIN) == 0 && 2273 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) { 2274 if (debug) 2275 addlog("[don't insist on auth " 2276 "for callout]"); 2277 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2278 break; 2279 } 2280 if (debug) 2281 addlog("[access denied]\n"); 2282 lcp.Close(sp); 2283 break; 2284 } 2285 } 2286 if (debug) 2287 addlog("\n"); 2288 free (buf, M_TEMP); 2289 return; 2290 } 2291 2292 /* 2293 * Analyze the LCP Configure-NAK option list, and adjust our 2294 * negotiation. 2295 */ 2296 static void 2297 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2298 { 2299 STDDCL; 2300 u_char *buf, *p; 2301 u_long magic; 2302 2303 len -= 4; 2304 buf = malloc (len, M_TEMP, M_NOWAIT); 2305 if (!buf) 2306 return; 2307 2308 if (debug) 2309 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ", 2310 SPP_ARGS(ifp)); 2311 2312 p = (void*) (h+1); 2313 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2314 if (debug) 2315 addlog(" %s ", sppp_lcp_opt_name(*p)); 2316 switch (*p) { 2317 case LCP_OPT_MAGIC: 2318 /* Magic number -- renegotiate */ 2319 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2320 len >= 6 && p[1] == 6) { 2321 magic = (u_long)p[2] << 24 | 2322 (u_long)p[3] << 16 | p[4] << 8 | p[5]; 2323 /* 2324 * If the remote magic is our negated one, 2325 * this looks like a loopback problem. 2326 * Suggest a new magic to make sure. 2327 */ 2328 if (magic == ~sp->lcp.magic) { 2329 if (debug) 2330 addlog("magic glitch "); 2331 #if defined(__NetBSD__) || (defined(__FreeBSD__) && __FreeBSD__ >= 3) 2332 sp->lcp.magic = random(); 2333 #else 2334 sp->lcp.magic = time.tv_sec + time.tv_usec; 2335 #endif 2336 } else { 2337 sp->lcp.magic = magic; 2338 if (debug) 2339 addlog("%ld ", magic); 2340 } 2341 } 2342 break; 2343 case LCP_OPT_MRU: 2344 /* 2345 * Peer wants to advise us to negotiate an MRU. 2346 * Agree on it if it's reasonable, or use 2347 * default otherwise. 2348 */ 2349 if (len >= 4 && p[1] == 4) { 2350 u_int mru = p[2] * 256 + p[3]; 2351 if (debug) 2352 addlog("%d ", mru); 2353 if (mru < PP_MTU || mru > PP_MAX_MRU) 2354 mru = PP_MTU; 2355 sp->lcp.mru = mru; 2356 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2357 } 2358 break; 2359 case LCP_OPT_AUTH_PROTO: 2360 /* 2361 * Peer doesn't like our authentication method, 2362 * deny. 2363 */ 2364 if (debug) 2365 addlog("[access denied]\n"); 2366 lcp.Close(sp); 2367 break; 2368 } 2369 } 2370 if (debug) 2371 addlog("\n"); 2372 free (buf, M_TEMP); 2373 return; 2374 } 2375 2376 static void 2377 sppp_lcp_tlu(struct sppp *sp) 2378 { 2379 STDDCL; 2380 int i; 2381 u_long mask; 2382 2383 /* XXX ? */ 2384 if (! (ifp->if_flags & IFF_UP) && 2385 (ifp->if_flags & IFF_RUNNING)) { 2386 /* Coming out of loopback mode. */ 2387 if_up(ifp); 2388 printf (SPP_FMT "up\n", SPP_ARGS(ifp)); 2389 } 2390 2391 for (i = 0; i < IDX_COUNT; i++) 2392 if ((cps[i])->flags & CP_QUAL) 2393 (cps[i])->Open(sp); 2394 2395 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2396 (sp->pp_flags & PP_NEEDAUTH) != 0) 2397 sp->pp_phase = PHASE_AUTHENTICATE; 2398 else 2399 sp->pp_phase = PHASE_NETWORK; 2400 2401 if(debug) 2402 { 2403 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2404 sppp_phase_name(sp->pp_phase)); 2405 } 2406 2407 /* 2408 * Open all authentication protocols. This is even required 2409 * if we already proceeded to network phase, since it might be 2410 * that remote wants us to authenticate, so we might have to 2411 * send a PAP request. Undesired authentication protocols 2412 * don't do anything when they get an Open event. 2413 */ 2414 for (i = 0; i < IDX_COUNT; i++) 2415 if ((cps[i])->flags & CP_AUTH) 2416 (cps[i])->Open(sp); 2417 2418 if (sp->pp_phase == PHASE_NETWORK) { 2419 /* Notify all NCPs. */ 2420 for (i = 0; i < IDX_COUNT; i++) 2421 if ((cps[i])->flags & CP_NCP) 2422 (cps[i])->Open(sp); 2423 } 2424 2425 /* Send Up events to all started protos. */ 2426 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2427 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) 2428 (cps[i])->Up(sp); 2429 2430 /* notify low-level driver of state change */ 2431 if (sp->pp_chg) 2432 sp->pp_chg(sp, (int)sp->pp_phase); 2433 2434 if (sp->pp_phase == PHASE_NETWORK) 2435 /* if no NCP is starting, close down */ 2436 sppp_lcp_check_and_close(sp); 2437 } 2438 2439 static void 2440 sppp_lcp_tld(struct sppp *sp) 2441 { 2442 STDDCL; 2443 int i; 2444 u_long mask; 2445 2446 sp->pp_phase = PHASE_TERMINATE; 2447 2448 if(debug) 2449 { 2450 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2451 sppp_phase_name(sp->pp_phase)); 2452 } 2453 2454 /* 2455 * Take upper layers down. We send the Down event first and 2456 * the Close second to prevent the upper layers from sending 2457 * ``a flurry of terminate-request packets'', as the RFC 2458 * describes it. 2459 */ 2460 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2461 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) { 2462 (cps[i])->Down(sp); 2463 (cps[i])->Close(sp); 2464 } 2465 } 2466 2467 static void 2468 sppp_lcp_tls(struct sppp *sp) 2469 { 2470 STDDCL; 2471 2472 sp->pp_phase = PHASE_ESTABLISH; 2473 2474 if(debug) 2475 { 2476 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2477 sppp_phase_name(sp->pp_phase)); 2478 } 2479 2480 /* Notify lower layer if desired. */ 2481 if (sp->pp_tls) 2482 (sp->pp_tls)(sp); 2483 } 2484 2485 static void 2486 sppp_lcp_tlf(struct sppp *sp) 2487 { 2488 STDDCL; 2489 2490 sp->pp_phase = PHASE_DEAD; 2491 2492 if(debug) 2493 { 2494 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 2495 sppp_phase_name(sp->pp_phase)); 2496 } 2497 2498 /* Notify lower layer if desired. */ 2499 if (sp->pp_tlf) 2500 (sp->pp_tlf)(sp); 2501 } 2502 2503 static void 2504 sppp_lcp_scr(struct sppp *sp) 2505 { 2506 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2507 int i = 0; 2508 u_short authproto; 2509 2510 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2511 if (! sp->lcp.magic) 2512 #if defined(__NetBSD__) || (defined(__FreeBSD__) && __FreeBSD__ >= 3) 2513 sp->lcp.magic = random(); 2514 #else 2515 sp->lcp.magic = time.tv_sec + time.tv_usec; 2516 #endif 2517 opt[i++] = LCP_OPT_MAGIC; 2518 opt[i++] = 6; 2519 opt[i++] = sp->lcp.magic >> 24; 2520 opt[i++] = sp->lcp.magic >> 16; 2521 opt[i++] = sp->lcp.magic >> 8; 2522 opt[i++] = sp->lcp.magic; 2523 } 2524 2525 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2526 opt[i++] = LCP_OPT_MRU; 2527 opt[i++] = 4; 2528 opt[i++] = sp->lcp.mru >> 8; 2529 opt[i++] = sp->lcp.mru; 2530 } 2531 2532 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2533 authproto = sp->hisauth.proto; 2534 opt[i++] = LCP_OPT_AUTH_PROTO; 2535 opt[i++] = authproto == PPP_CHAP? 5: 4; 2536 opt[i++] = authproto >> 8; 2537 opt[i++] = authproto; 2538 if (authproto == PPP_CHAP) 2539 opt[i++] = CHAP_MD5; 2540 } 2541 2542 sp->confid[IDX_LCP] = ++sp->pp_seq; 2543 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2544 } 2545 2546 /* 2547 * Check the open NCPs, return true if at least one NCP is open. 2548 */ 2549 static int 2550 sppp_ncp_check(struct sppp *sp) 2551 { 2552 int i, mask; 2553 2554 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2555 if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP) 2556 return 1; 2557 return 0; 2558 } 2559 2560 /* 2561 * Re-check the open NCPs and see if we should terminate the link. 2562 * Called by the NCPs during their tlf action handling. 2563 */ 2564 static void 2565 sppp_lcp_check_and_close(struct sppp *sp) 2566 { 2567 2568 if (sp->pp_phase < PHASE_NETWORK) 2569 /* don't bother, we are already going down */ 2570 return; 2571 2572 if (sppp_ncp_check(sp)) 2573 return; 2574 2575 lcp.Close(sp); 2576 } 2577 /* 2579 *--------------------------------------------------------------------------* 2580 * * 2581 * The IPCP implementation. * 2582 * * 2583 *--------------------------------------------------------------------------* 2584 */ 2585 2586 static void 2587 sppp_ipcp_init(struct sppp *sp) 2588 { 2589 sp->ipcp.opts = 0; 2590 sp->ipcp.flags = 0; 2591 sp->state[IDX_IPCP] = STATE_INITIAL; 2592 sp->fail_counter[IDX_IPCP] = 0; 2593 #if defined(__NetBSD__) 2594 callout_init(&sp->ch[IDX_IPCP]); 2595 #endif 2596 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 2597 callout_handle_init(&sp->ch[IDX_IPCP]); 2598 #endif 2599 } 2600 2601 static void 2602 sppp_ipcp_up(struct sppp *sp) 2603 { 2604 sppp_up_event(&ipcp, sp); 2605 } 2606 2607 static void 2608 sppp_ipcp_down(struct sppp *sp) 2609 { 2610 sppp_down_event(&ipcp, sp); 2611 } 2612 2613 static void 2614 sppp_ipcp_open(struct sppp *sp) 2615 { 2616 STDDCL; 2617 u_long myaddr, hisaddr; 2618 2619 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN); 2620 2621 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2622 /* 2623 * If we don't have his address, this probably means our 2624 * interface doesn't want to talk IP at all. (This could 2625 * be the case if somebody wants to speak only IPX, for 2626 * example.) Don't open IPCP in this case. 2627 */ 2628 if (hisaddr == 0L) { 2629 /* XXX this message should go away */ 2630 if (debug) 2631 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n", 2632 SPP_ARGS(ifp)); 2633 return; 2634 } 2635 2636 if (myaddr == 0L) { 2637 /* 2638 * I don't have an assigned address, so i need to 2639 * negotiate my address. 2640 */ 2641 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2642 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2643 } else 2644 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2645 sppp_open_event(&ipcp, sp); 2646 } 2647 2648 static void 2649 sppp_ipcp_close(struct sppp *sp) 2650 { 2651 sppp_close_event(&ipcp, sp); 2652 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 2653 /* 2654 * My address was dynamic, clear it again. 2655 */ 2656 sppp_set_ip_addr(sp, 0L); 2657 } 2658 2659 static void 2660 sppp_ipcp_TO(void *cookie) 2661 { 2662 sppp_to_event(&ipcp, (struct sppp *)cookie); 2663 } 2664 2665 /* 2666 * Analyze a configure request. Return true if it was agreeable, and 2667 * caused action sca, false if it has been rejected or nak'ed, and 2668 * caused action scn. (The return value is used to make the state 2669 * transition decision in the state automaton.) 2670 */ 2671 static int 2672 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2673 { 2674 u_char *buf, *r, *p; 2675 struct ifnet *ifp = &sp->pp_if; 2676 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2677 u_long hisaddr, desiredaddr; 2678 int gotmyaddr = 0; 2679 2680 len -= 4; 2681 origlen = len; 2682 /* 2683 * Make sure to allocate a buf that can at least hold a 2684 * conf-nak with an `address' option. We might need it below. 2685 */ 2686 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2687 if (! buf) 2688 return (0); 2689 2690 /* pass 1: see if we can recognize them */ 2691 if (debug) 2692 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ", 2693 SPP_ARGS(ifp)); 2694 p = (void*) (h+1); 2695 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2696 if (debug) 2697 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2698 switch (*p) { 2699 #ifdef notyet 2700 case IPCP_OPT_COMPRESSION: 2701 if (len >= 6 && p[1] >= 6) { 2702 /* correctly formed compress option */ 2703 continue; 2704 } 2705 if (debug) 2706 addlog("[invalid] "); 2707 break; 2708 #endif 2709 case IPCP_OPT_ADDRESS: 2710 if (len >= 6 && p[1] == 6) { 2711 /* correctly formed address option */ 2712 continue; 2713 } 2714 if (debug) 2715 addlog("[invalid] "); 2716 break; 2717 default: 2718 /* Others not supported. */ 2719 if (debug) 2720 addlog("[rej] "); 2721 break; 2722 } 2723 /* Add the option to rejected list. */ 2724 bcopy (p, r, p[1]); 2725 r += p[1]; 2726 rlen += p[1]; 2727 } 2728 if (rlen) { 2729 if (debug) 2730 addlog(" send conf-rej\n"); 2731 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2732 return 0; 2733 } else if (debug) 2734 addlog("\n"); 2735 2736 /* pass 2: parse option values */ 2737 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); 2738 if (debug) 2739 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ", 2740 SPP_ARGS(ifp)); 2741 p = (void*) (h+1); 2742 len = origlen; 2743 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2744 if (debug) 2745 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2746 switch (*p) { 2747 #ifdef notyet 2748 case IPCP_OPT_COMPRESSION: 2749 continue; 2750 #endif 2751 case IPCP_OPT_ADDRESS: 2752 desiredaddr = p[2] << 24 | p[3] << 16 | 2753 p[4] << 8 | p[5]; 2754 if (!(sp->ipcp.flags & IPCP_MYADDR_SEEN) && 2755 (sp->ipcp.flags & IPCP_MYADDR_DYN)) { 2756 /* 2757 * hopefully this is our address !! 2758 */ 2759 if (debug) 2760 addlog("[wantmyaddr %s] ", 2761 sppp_dotted_quad(desiredaddr)); 2762 /* 2763 * When doing dynamic address assignment, 2764 * we accept his offer. Otherwise, we 2765 * ignore it and thus continue to negotiate 2766 * our already existing value. 2767 */ 2768 sppp_set_ip_addr(sp, desiredaddr); 2769 if (debug) 2770 addlog("[agree] "); 2771 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2772 gotmyaddr++; 2773 continue; 2774 } else { 2775 if (desiredaddr == hisaddr || 2776 (hisaddr == 1 && desiredaddr != 0)) { 2777 /* 2778 * Peer's address is same as our value, 2779 * this is agreeable. Gonna conf-ack 2780 * it. 2781 */ 2782 if (debug) 2783 addlog("%s [ack] ", 2784 sppp_dotted_quad(hisaddr)); 2785 /* record that we've seen it already */ 2786 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2787 continue; 2788 } 2789 /* 2790 * The address wasn't agreeable. This is either 2791 * he sent us 0.0.0.0, asking to assign him an 2792 * address, or he send us another address not 2793 * matching our value. Either case, we gonna 2794 * conf-nak it with our value. 2795 */ 2796 if (debug) { 2797 if (desiredaddr == 0) 2798 addlog("[addr requested] "); 2799 else 2800 addlog("%s [not agreed] ", 2801 sppp_dotted_quad(desiredaddr)); 2802 } 2803 2804 p[2] = hisaddr >> 24; 2805 p[3] = hisaddr >> 16; 2806 p[4] = hisaddr >> 8; 2807 p[5] = hisaddr; 2808 break; 2809 } 2810 } 2811 /* Add the option to nak'ed list. */ 2812 bcopy (p, r, p[1]); 2813 r += p[1]; 2814 rlen += p[1]; 2815 } 2816 2817 /* 2818 * If we are about to conf-ack the request, but haven't seen 2819 * his address so far, gonna conf-nak it instead, with the 2820 * `address' option present and our idea of his address being 2821 * filled in there, to request negotiation of both addresses. 2822 * 2823 * XXX This can result in an endless req - nak loop if peer 2824 * doesn't want to send us his address. Q: What should we do 2825 * about it? XXX A: implement the max-failure counter. 2826 */ 2827 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) { 2828 buf[0] = IPCP_OPT_ADDRESS; 2829 buf[1] = 6; 2830 buf[2] = hisaddr >> 24; 2831 buf[3] = hisaddr >> 16; 2832 buf[4] = hisaddr >> 8; 2833 buf[5] = hisaddr; 2834 rlen = 6; 2835 if (debug) 2836 addlog("still need hisaddr "); 2837 } 2838 2839 if (rlen) { 2840 if (debug) 2841 addlog(" send conf-nak\n"); 2842 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2843 } else { 2844 if (debug) 2845 addlog(" send conf-ack\n"); 2846 sppp_cp_send (sp, PPP_IPCP, CONF_ACK, 2847 h->ident, origlen, h+1); 2848 } 2849 2850 free (buf, M_TEMP); 2851 return (rlen == 0); 2852 } 2853 2854 /* 2855 * Analyze the IPCP Configure-Reject option list, and adjust our 2856 * negotiation. 2857 */ 2858 static void 2859 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2860 { 2861 u_char *buf, *p; 2862 struct ifnet *ifp = &sp->pp_if; 2863 int debug = ifp->if_flags & IFF_DEBUG; 2864 2865 len -= 4; 2866 buf = malloc (len, M_TEMP, M_NOWAIT); 2867 if (!buf) 2868 return; 2869 2870 if (debug) 2871 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ", 2872 SPP_ARGS(ifp)); 2873 2874 p = (void*) (h+1); 2875 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2876 if (debug) 2877 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2878 switch (*p) { 2879 case IPCP_OPT_ADDRESS: 2880 /* 2881 * Peer doesn't grok address option. This is 2882 * bad. XXX Should we better give up here? 2883 */ 2884 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 2885 break; 2886 #ifdef notyet 2887 case IPCP_OPT_COMPRESS: 2888 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS); 2889 break; 2890 #endif 2891 } 2892 } 2893 if (debug) 2894 addlog("\n"); 2895 free (buf, M_TEMP); 2896 return; 2897 } 2898 2899 /* 2900 * Analyze the IPCP Configure-NAK option list, and adjust our 2901 * negotiation. 2902 */ 2903 static void 2904 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2905 { 2906 u_char *buf, *p; 2907 struct ifnet *ifp = &sp->pp_if; 2908 int debug = ifp->if_flags & IFF_DEBUG; 2909 u_long wantaddr; 2910 2911 len -= 4; 2912 buf = malloc (len, M_TEMP, M_NOWAIT); 2913 if (!buf) 2914 return; 2915 2916 if (debug) 2917 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ", 2918 SPP_ARGS(ifp)); 2919 2920 p = (void*) (h+1); 2921 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2922 if (debug) 2923 addlog(" %s ", sppp_ipcp_opt_name(*p)); 2924 switch (*p) { 2925 case IPCP_OPT_ADDRESS: 2926 /* 2927 * Peer doesn't like our local IP address. See 2928 * if we can do something for him. We'll drop 2929 * him our address then. 2930 */ 2931 if (len >= 6 && p[1] == 6) { 2932 wantaddr = p[2] << 24 | p[3] << 16 | 2933 p[4] << 8 | p[5]; 2934 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2935 if (debug) 2936 addlog("[wantaddr %s] ", 2937 sppp_dotted_quad(wantaddr)); 2938 /* 2939 * When doing dynamic address assignment, 2940 * we accept his offer. Otherwise, we 2941 * ignore it and thus continue to negotiate 2942 * our already existing value. 2943 */ 2944 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 2945 sppp_set_ip_addr(sp, wantaddr); 2946 if (debug) 2947 addlog("[agree] "); 2948 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 2949 } 2950 } 2951 break; 2952 #ifdef notyet 2953 case IPCP_OPT_COMPRESS: 2954 /* 2955 * Peer wants different compression parameters. 2956 */ 2957 break; 2958 #endif 2959 } 2960 } 2961 if (debug) 2962 addlog("\n"); 2963 free (buf, M_TEMP); 2964 return; 2965 } 2966 2967 static void 2968 sppp_ipcp_tlu(struct sppp *sp) 2969 { 2970 /* we are up - notify isdn daemon */ 2971 if (sp->pp_con) 2972 sp->pp_con(sp); 2973 } 2974 2975 static void 2976 sppp_ipcp_tld(struct sppp *sp) 2977 { 2978 } 2979 2980 static void 2981 sppp_ipcp_tls(struct sppp *sp) 2982 { 2983 /* indicate to LCP that it must stay alive */ 2984 sp->lcp.protos |= (1 << IDX_IPCP); 2985 } 2986 2987 static void 2988 sppp_ipcp_tlf(struct sppp *sp) 2989 { 2990 /* we no longer need LCP */ 2991 sp->lcp.protos &= ~(1 << IDX_IPCP); 2992 sppp_lcp_check_and_close(sp); 2993 } 2994 2995 static void 2996 sppp_ipcp_scr(struct sppp *sp) 2997 { 2998 char opt[6 /* compression */ + 6 /* address */]; 2999 u_long ouraddr; 3000 int i = 0; 3001 3002 #ifdef notyet 3003 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3004 opt[i++] = IPCP_OPT_COMPRESSION; 3005 opt[i++] = 6; 3006 opt[i++] = 0; /* VJ header compression */ 3007 opt[i++] = 0x2d; /* VJ header compression */ 3008 opt[i++] = max_slot_id; 3009 opt[i++] = comp_slot_id; 3010 } 3011 #endif 3012 3013 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3014 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3015 opt[i++] = IPCP_OPT_ADDRESS; 3016 opt[i++] = 6; 3017 opt[i++] = ouraddr >> 24; 3018 opt[i++] = ouraddr >> 16; 3019 opt[i++] = ouraddr >> 8; 3020 opt[i++] = ouraddr; 3021 } 3022 3023 sp->confid[IDX_IPCP] = ++sp->pp_seq; 3024 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3025 } 3026 3027 3028 /* 3030 *--------------------------------------------------------------------------* 3031 * * 3032 * The CHAP implementation. * 3033 * * 3034 *--------------------------------------------------------------------------* 3035 */ 3036 3037 /* 3038 * The authentication protocols don't employ a full-fledged state machine as 3039 * the control protocols do, since they do have Open and Close events, but 3040 * not Up and Down, nor are they explicitly terminated. Also, use of the 3041 * authentication protocols may be different in both directions (this makes 3042 * sense, think of a machine that never accepts incoming calls but only 3043 * calls out, it doesn't require the called party to authenticate itself). 3044 * 3045 * Our state machine for the local authentication protocol (we are requesting 3046 * the peer to authenticate) looks like: 3047 * 3048 * RCA- 3049 * +--------------------------------------------+ 3050 * V scn,tld| 3051 * +--------+ Close +---------+ RCA+ 3052 * | |<----------------------------------| |------+ 3053 * +--->| Closed | TO* | Opened | sca | 3054 * | | |-----+ +-------| |<-----+ 3055 * | +--------+ irc | | +---------+ 3056 * | ^ | | ^ 3057 * | | | | | 3058 * | | | | | 3059 * | TO-| | | | 3060 * | |tld TO+ V | | 3061 * | | +------->+ | | 3062 * | | | | | | 3063 * | +--------+ V | | 3064 * | | |<----+<--------------------+ | 3065 * | | Req- | scr | 3066 * | | Sent | | 3067 * | | | | 3068 * | +--------+ | 3069 * | RCA- | | RCA+ | 3070 * +------+ +------------------------------------------+ 3071 * scn,tld sca,irc,ict,tlu 3072 * 3073 * 3074 * with: 3075 * 3076 * Open: LCP reached authentication phase 3077 * Close: LCP reached terminate phase 3078 * 3079 * RCA+: received reply (pap-req, chap-response), acceptable 3080 * RCN: received reply (pap-req, chap-response), not acceptable 3081 * TO+: timeout with restart counter >= 0 3082 * TO-: timeout with restart counter < 0 3083 * TO*: reschedule timeout for CHAP 3084 * 3085 * scr: send request packet (none for PAP, chap-challenge) 3086 * sca: send ack packet (pap-ack, chap-success) 3087 * scn: send nak packet (pap-nak, chap-failure) 3088 * ict: initialize re-challenge timer (CHAP only) 3089 * 3090 * tlu: this-layer-up, LCP reaches network phase 3091 * tld: this-layer-down, LCP enters terminate phase 3092 * 3093 * Note that in CHAP mode, after sending a new challenge, while the state 3094 * automaton falls back into Req-Sent state, it doesn't signal a tld 3095 * event to LCP, so LCP remains in network phase. Only after not getting 3096 * any response (or after getting an unacceptable response), CHAP closes, 3097 * causing LCP to enter terminate phase. 3098 * 3099 * With PAP, there is no initial request that can be sent. The peer is 3100 * expected to send one based on the successful negotiation of PAP as 3101 * the authentication protocol during the LCP option negotiation. 3102 * 3103 * Incoming authentication protocol requests (remote requests 3104 * authentication, we are peer) don't employ a state machine at all, 3105 * they are simply answered. Some peers [Ascend P50 firmware rev 3106 * 4.50] react allergically when sending IPCP requests while they are 3107 * still in authentication phase (thereby violating the standard that 3108 * demands that these NCP packets are to be discarded), so we keep 3109 * track of the peer demanding us to authenticate, and only proceed to 3110 * phase network once we've seen a positive acknowledge for the 3111 * authentication. 3112 */ 3113 3114 /* 3115 * Handle incoming CHAP packets. 3116 */ 3117 void 3118 sppp_chap_input(struct sppp *sp, struct mbuf *m) 3119 { 3120 STDDCL; 3121 struct lcp_header *h; 3122 int len, x; 3123 u_char *value, *name, digest[AUTHKEYLEN], dsize; 3124 int value_len, name_len; 3125 MD5_CTX ctx; 3126 3127 len = m->m_pkthdr.len; 3128 if (len < 4) { 3129 if (debug) 3130 log(LOG_DEBUG, 3131 SPP_FMT "chap invalid packet length: %d bytes\n", 3132 SPP_ARGS(ifp), len); 3133 return; 3134 } 3135 h = mtod (m, struct lcp_header*); 3136 if (len > ntohs (h->len)) 3137 len = ntohs (h->len); 3138 3139 switch (h->type) { 3140 /* challenge, failure and success are his authproto */ 3141 case CHAP_CHALLENGE: 3142 value = 1 + (u_char*)(h+1); 3143 value_len = value[-1]; 3144 name = value + value_len; 3145 name_len = len - value_len - 5; 3146 if (name_len < 0) { 3147 if (debug) { 3148 log(LOG_DEBUG, 3149 SPP_FMT "chap corrupted challenge " 3150 "<%s id=0x%x len=%d", 3151 SPP_ARGS(ifp), 3152 sppp_auth_type_name(PPP_CHAP, h->type), 3153 h->ident, ntohs(h->len)); 3154 if (len > 4) 3155 sppp_print_bytes((u_char*) (h+1), len-4); 3156 addlog(">\n"); 3157 } 3158 break; 3159 } 3160 3161 if (debug) { 3162 log(LOG_DEBUG, 3163 SPP_FMT "chap input <%s id=0x%x len=%d name=", 3164 SPP_ARGS(ifp), 3165 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3166 ntohs(h->len)); 3167 sppp_print_string((char*) name, name_len); 3168 addlog(" value-size=%d value=", value_len); 3169 sppp_print_bytes(value, value_len); 3170 addlog(">\n"); 3171 } 3172 3173 /* Compute reply value. */ 3174 MD5Init(&ctx); 3175 MD5Update(&ctx, &h->ident, 1); 3176 MD5Update(&ctx, sp->myauth.secret, 3177 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN)); 3178 MD5Update(&ctx, value, value_len); 3179 MD5Final(digest, &ctx); 3180 dsize = sizeof digest; 3181 3182 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3183 sizeof dsize, (const char *)&dsize, 3184 sizeof digest, digest, 3185 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3186 sp->myauth.name, 3187 0); 3188 break; 3189 3190 case CHAP_SUCCESS: 3191 if (debug) { 3192 log(LOG_DEBUG, SPP_FMT "chap success", 3193 SPP_ARGS(ifp)); 3194 if (len > 4) { 3195 addlog(": "); 3196 sppp_print_string((char*)(h + 1), len - 4); 3197 } 3198 addlog("\n"); 3199 } 3200 x = splimp(); 3201 sp->pp_flags &= ~PP_NEEDAUTH; 3202 if (sp->myauth.proto == PPP_CHAP && 3203 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3204 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3205 /* 3206 * We are authenticator for CHAP but didn't 3207 * complete yet. Leave it to tlu to proceed 3208 * to network phase. 3209 */ 3210 splx(x); 3211 break; 3212 } 3213 splx(x); 3214 sppp_phase_network(sp); 3215 break; 3216 3217 case CHAP_FAILURE: 3218 if (debug) { 3219 log(LOG_INFO, SPP_FMT "chap failure", 3220 SPP_ARGS(ifp)); 3221 if (len > 4) { 3222 addlog(": "); 3223 sppp_print_string((char*)(h + 1), len - 4); 3224 } 3225 addlog("\n"); 3226 } else 3227 log(LOG_INFO, SPP_FMT "chap failure\n", 3228 SPP_ARGS(ifp)); 3229 /* await LCP shutdown by authenticator */ 3230 break; 3231 3232 /* response is my authproto */ 3233 case CHAP_RESPONSE: 3234 value = 1 + (u_char*)(h+1); 3235 value_len = value[-1]; 3236 name = value + value_len; 3237 name_len = len - value_len - 5; 3238 if (name_len < 0) { 3239 if (debug) { 3240 log(LOG_DEBUG, 3241 SPP_FMT "chap corrupted response " 3242 "<%s id=0x%x len=%d", 3243 SPP_ARGS(ifp), 3244 sppp_auth_type_name(PPP_CHAP, h->type), 3245 h->ident, ntohs(h->len)); 3246 if (len > 4) 3247 sppp_print_bytes((u_char*)(h+1), len-4); 3248 addlog(">\n"); 3249 } 3250 break; 3251 } 3252 if (h->ident != sp->confid[IDX_CHAP]) { 3253 if (debug) 3254 log(LOG_DEBUG, 3255 SPP_FMT "chap dropping response for old ID " 3256 "(got %d, expected %d)\n", 3257 SPP_ARGS(ifp), 3258 h->ident, sp->confid[IDX_CHAP]); 3259 break; 3260 } 3261 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) 3262 || bcmp(name, sp->hisauth.name, name_len) != 0) { 3263 log(LOG_INFO, SPP_FMT "chap response, his name ", 3264 SPP_ARGS(ifp)); 3265 sppp_print_string(name, name_len); 3266 addlog(" != expected "); 3267 sppp_print_string(sp->hisauth.name, 3268 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)); 3269 addlog("\n"); 3270 } 3271 if (debug) { 3272 log(LOG_DEBUG, SPP_FMT "chap input(%s) " 3273 "<%s id=0x%x len=%d name=", 3274 SPP_ARGS(ifp), 3275 sppp_state_name(sp->state[IDX_CHAP]), 3276 sppp_auth_type_name(PPP_CHAP, h->type), 3277 h->ident, ntohs (h->len)); 3278 sppp_print_string((char*)name, name_len); 3279 addlog(" value-size=%d value=", value_len); 3280 sppp_print_bytes(value, value_len); 3281 addlog(">\n"); 3282 } 3283 if (value_len != AUTHKEYLEN) { 3284 if (debug) 3285 log(LOG_DEBUG, 3286 SPP_FMT "chap bad hash value length: " 3287 "%d bytes, should be %d\n", 3288 SPP_ARGS(ifp), value_len, 3289 AUTHKEYLEN); 3290 break; 3291 } 3292 3293 MD5Init(&ctx); 3294 MD5Update(&ctx, &h->ident, 1); 3295 MD5Update(&ctx, sp->hisauth.secret, 3296 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN)); 3297 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN); 3298 MD5Final(digest, &ctx); 3299 3300 #define FAILMSG "Failed..." 3301 #define SUCCMSG "Welcome!" 3302 3303 if (value_len != sizeof digest || 3304 bcmp(digest, value, value_len) != 0) { 3305 /* action scn, tld */ 3306 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 3307 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3308 0); 3309 chap.tld(sp); 3310 break; 3311 } 3312 /* action sca, perhaps tlu */ 3313 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 3314 sp->state[IDX_CHAP] == STATE_OPENED) 3315 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 3316 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3317 0); 3318 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 3319 sppp_cp_change_state(&chap, sp, STATE_OPENED); 3320 chap.tlu(sp); 3321 } 3322 break; 3323 3324 default: 3325 /* Unknown CHAP packet type -- ignore. */ 3326 if (debug) { 3327 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) " 3328 "<0x%x id=0x%xh len=%d", 3329 SPP_ARGS(ifp), 3330 sppp_state_name(sp->state[IDX_CHAP]), 3331 h->type, h->ident, ntohs(h->len)); 3332 if (len > 4) 3333 sppp_print_bytes((u_char*)(h+1), len-4); 3334 addlog(">\n"); 3335 } 3336 break; 3337 3338 } 3339 } 3340 3341 static void 3342 sppp_chap_init(struct sppp *sp) 3343 { 3344 /* Chap doesn't have STATE_INITIAL at all. */ 3345 sp->state[IDX_CHAP] = STATE_CLOSED; 3346 sp->fail_counter[IDX_CHAP] = 0; 3347 #if defined(__NetBSD__) 3348 callout_init(&sp->ch[IDX_CHAP]); 3349 #endif 3350 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3351 callout_handle_init(&sp->ch[IDX_CHAP]); 3352 #endif 3353 } 3354 3355 static void 3356 sppp_chap_open(struct sppp *sp) 3357 { 3358 if (sp->myauth.proto == PPP_CHAP && 3359 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3360 /* we are authenticator for CHAP, start it */ 3361 chap.scr(sp); 3362 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3363 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3364 } 3365 /* nothing to be done if we are peer, await a challenge */ 3366 } 3367 3368 static void 3369 sppp_chap_close(struct sppp *sp) 3370 { 3371 if (sp->state[IDX_CHAP] != STATE_CLOSED) 3372 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3373 } 3374 3375 static void 3376 sppp_chap_TO(void *cookie) 3377 { 3378 struct sppp *sp = (struct sppp *)cookie; 3379 STDDCL; 3380 int s; 3381 3382 s = splimp(); 3383 if (debug) 3384 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n", 3385 SPP_ARGS(ifp), 3386 sppp_state_name(sp->state[IDX_CHAP]), 3387 sp->rst_counter[IDX_CHAP]); 3388 3389 if (--sp->rst_counter[IDX_CHAP] < 0) 3390 /* TO- event */ 3391 switch (sp->state[IDX_CHAP]) { 3392 case STATE_REQ_SENT: 3393 chap.tld(sp); 3394 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 3395 break; 3396 } 3397 else 3398 /* TO+ (or TO*) event */ 3399 switch (sp->state[IDX_CHAP]) { 3400 case STATE_OPENED: 3401 /* TO* event */ 3402 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3403 /* fall through */ 3404 case STATE_REQ_SENT: 3405 chap.scr(sp); 3406 /* sppp_cp_change_state() will restart the timer */ 3407 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 3408 break; 3409 } 3410 3411 splx(s); 3412 } 3413 3414 static void 3415 sppp_chap_tlu(struct sppp *sp) 3416 { 3417 STDDCL; 3418 int i, x; 3419 3420 i = 0; 3421 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 3422 3423 /* 3424 * Some broken CHAP implementations (Conware CoNet, firmware 3425 * 4.0.?) don't want to re-authenticate their CHAP once the 3426 * initial challenge-response exchange has taken place. 3427 * Provide for an option to avoid rechallenges. 3428 */ 3429 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) { 3430 /* 3431 * Compute the re-challenge timeout. This will yield 3432 * a number between 300 and 810 seconds. 3433 */ 3434 i = 300 + ((unsigned)(random() & 0xff00) >> 7); 3435 3436 #if defined(__NetBSD__) 3437 callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, sp); 3438 #else 3439 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3440 sp->ch[IDX_CHAP] = 3441 #endif 3442 timeout(chap.TO, (void *)sp, i * hz); 3443 #endif /* __NetBSD__ */ 3444 } 3445 3446 if (debug) { 3447 log(LOG_DEBUG, 3448 SPP_FMT "chap %s, ", 3449 SPP_ARGS(ifp), 3450 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu"); 3451 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) 3452 addlog("next re-challenge in %d seconds\n", i); 3453 else 3454 addlog("re-challenging supressed\n"); 3455 } 3456 3457 x = splimp(); 3458 /* indicate to LCP that we need to be closed down */ 3459 sp->lcp.protos |= (1 << IDX_CHAP); 3460 3461 if (sp->pp_flags & PP_NEEDAUTH) { 3462 /* 3463 * Remote is authenticator, but his auth proto didn't 3464 * complete yet. Defer the transition to network 3465 * phase. 3466 */ 3467 splx(x); 3468 return; 3469 } 3470 splx(x); 3471 3472 /* 3473 * If we are already in phase network, we are done here. This 3474 * is the case if this is a dummy tlu event after a re-challenge. 3475 */ 3476 if (sp->pp_phase != PHASE_NETWORK) 3477 sppp_phase_network(sp); 3478 } 3479 3480 static void 3481 sppp_chap_tld(struct sppp *sp) 3482 { 3483 STDDCL; 3484 3485 if (debug) 3486 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp)); 3487 #if defined(__NetBSD__) 3488 callout_stop(&sp->ch[IDX_CHAP]); 3489 #else 3490 untimeout(chap.TO, (void *)sp 3491 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3492 , sp->ch[IDX_CHAP] 3493 #endif 3494 ); 3495 #endif /* __NetBSD__ */ 3496 sp->lcp.protos &= ~(1 << IDX_CHAP); 3497 3498 lcp.Close(sp); 3499 } 3500 3501 static void 3502 sppp_chap_scr(struct sppp *sp) 3503 { 3504 struct timeval tv; 3505 u_long *ch, seed; 3506 u_char clen; 3507 3508 /* Compute random challenge. */ 3509 ch = (u_long *)sp->myauth.challenge; 3510 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3511 read_random(&seed, sizeof seed); 3512 #else 3513 microtime(&tv); 3514 seed = tv.tv_sec ^ tv.tv_usec; 3515 #endif 3516 ch[0] = seed ^ random(); 3517 ch[1] = seed ^ random(); 3518 ch[2] = seed ^ random(); 3519 ch[3] = seed ^ random(); 3520 clen = AUTHKEYLEN; 3521 3522 sp->confid[IDX_CHAP] = ++sp->pp_seq; 3523 3524 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 3525 sizeof clen, (const char *)&clen, 3526 (size_t)AUTHKEYLEN, sp->myauth.challenge, 3527 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN), 3528 sp->myauth.name, 3529 0); 3530 } 3531 /* 3533 *--------------------------------------------------------------------------* 3534 * * 3535 * The PAP implementation. * 3536 * * 3537 *--------------------------------------------------------------------------* 3538 */ 3539 /* 3540 * For PAP, we need to keep a little state also if we are the peer, not the 3541 * authenticator. This is since we don't get a request to authenticate, but 3542 * have to repeatedly authenticate ourself until we got a response (or the 3543 * retry counter is expired). 3544 */ 3545 3546 /* 3547 * Handle incoming PAP packets. */ 3548 static void 3549 sppp_pap_input(struct sppp *sp, struct mbuf *m) 3550 { 3551 STDDCL; 3552 struct lcp_header *h; 3553 int len, x; 3554 u_char *name, *passwd, mlen; 3555 int name_len, passwd_len; 3556 3557 len = m->m_pkthdr.len; 3558 if (len < 5) { 3559 if (debug) 3560 log(LOG_DEBUG, 3561 SPP_FMT "pap invalid packet length: %d bytes\n", 3562 SPP_ARGS(ifp), len); 3563 return; 3564 } 3565 h = mtod (m, struct lcp_header*); 3566 if (len > ntohs (h->len)) 3567 len = ntohs (h->len); 3568 switch (h->type) { 3569 /* PAP request is my authproto */ 3570 case PAP_REQ: 3571 name = 1 + (u_char*)(h+1); 3572 name_len = name[-1]; 3573 passwd = name + name_len + 1; 3574 if (name_len > len - 6 || 3575 (passwd_len = passwd[-1]) > len - 6 - name_len) { 3576 if (debug) { 3577 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3578 "<%s id=0x%x len=%d", 3579 SPP_ARGS(ifp), 3580 sppp_auth_type_name(PPP_PAP, h->type), 3581 h->ident, ntohs(h->len)); 3582 if (len > 4) 3583 sppp_print_bytes((u_char*)(h+1), len-4); 3584 addlog(">\n"); 3585 } 3586 break; 3587 } 3588 if (debug) { 3589 log(LOG_DEBUG, SPP_FMT "pap input(%s) " 3590 "<%s id=0x%x len=%d name=", 3591 SPP_ARGS(ifp), 3592 sppp_state_name(sp->state[IDX_PAP]), 3593 sppp_auth_type_name(PPP_PAP, h->type), 3594 h->ident, ntohs(h->len)); 3595 sppp_print_string((char*)name, name_len); 3596 addlog(" passwd="); 3597 sppp_print_string((char*)passwd, passwd_len); 3598 addlog(">\n"); 3599 } 3600 if (name_len > AUTHNAMELEN || 3601 passwd_len > AUTHKEYLEN || 3602 bcmp(name, sp->hisauth.name, name_len) != 0 || 3603 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) { 3604 /* action scn, tld */ 3605 mlen = sizeof(FAILMSG) - 1; 3606 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 3607 sizeof mlen, (const char *)&mlen, 3608 sizeof(FAILMSG) - 1, (u_char *)FAILMSG, 3609 0); 3610 pap.tld(sp); 3611 break; 3612 } 3613 /* action sca, perhaps tlu */ 3614 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 3615 sp->state[IDX_PAP] == STATE_OPENED) { 3616 mlen = sizeof(SUCCMSG) - 1; 3617 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 3618 sizeof mlen, (const char *)&mlen, 3619 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG, 3620 0); 3621 } 3622 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 3623 sppp_cp_change_state(&pap, sp, STATE_OPENED); 3624 pap.tlu(sp); 3625 } 3626 break; 3627 3628 /* ack and nak are his authproto */ 3629 case PAP_ACK: 3630 #if defined(__NetBSD__) 3631 callout_stop(&sp->pap_my_to_ch); 3632 #else 3633 untimeout(sppp_pap_my_TO, (void *)sp 3634 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3635 , sp->pap_my_to_ch 3636 #endif 3637 ); 3638 #endif /* __NetBSD__ */ 3639 if (debug) { 3640 log(LOG_DEBUG, SPP_FMT "pap success", 3641 SPP_ARGS(ifp)); 3642 name_len = *((char *)h); 3643 if (len > 5 && name_len) { 3644 addlog(": "); 3645 sppp_print_string((char*)(h+1), name_len); 3646 } 3647 addlog("\n"); 3648 } 3649 x = splimp(); 3650 sp->pp_flags &= ~PP_NEEDAUTH; 3651 if (sp->myauth.proto == PPP_PAP && 3652 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3653 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 3654 /* 3655 * We are authenticator for PAP but didn't 3656 * complete yet. Leave it to tlu to proceed 3657 * to network phase. 3658 */ 3659 splx(x); 3660 break; 3661 } 3662 splx(x); 3663 sppp_phase_network(sp); 3664 break; 3665 3666 case PAP_NAK: 3667 #if defined(__NetBSD__) 3668 callout_stop(&sp->pap_my_to_ch); 3669 #else 3670 untimeout(sppp_pap_my_TO, (void *)sp 3671 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3672 , sp->pap_my_to_ch 3673 #endif 3674 ); 3675 #endif /* __NetBSD__ */ 3676 if (debug) { 3677 log(LOG_INFO, SPP_FMT "pap failure", 3678 SPP_ARGS(ifp)); 3679 name_len = *((char *)h); 3680 if (len > 5 && name_len) { 3681 addlog(": "); 3682 sppp_print_string((char*)(h+1), name_len); 3683 } 3684 addlog("\n"); 3685 } else 3686 log(LOG_INFO, SPP_FMT "pap failure\n", 3687 SPP_ARGS(ifp)); 3688 /* await LCP shutdown by authenticator */ 3689 break; 3690 3691 default: 3692 /* Unknown PAP packet type -- ignore. */ 3693 if (debug) { 3694 log(LOG_DEBUG, SPP_FMT "pap corrupted input " 3695 "<0x%x id=0x%x len=%d", 3696 SPP_ARGS(ifp), 3697 h->type, h->ident, ntohs(h->len)); 3698 if (len > 4) 3699 sppp_print_bytes((u_char*)(h+1), len-4); 3700 addlog(">\n"); 3701 } 3702 break; 3703 3704 } 3705 } 3706 3707 static void 3708 sppp_pap_init(struct sppp *sp) 3709 { 3710 /* PAP doesn't have STATE_INITIAL at all. */ 3711 sp->state[IDX_PAP] = STATE_CLOSED; 3712 sp->fail_counter[IDX_PAP] = 0; 3713 #if defined(__NetBSD__) 3714 callout_init(&sp->ch[IDX_PAP]); 3715 callout_init(&sp->pap_my_to_ch); 3716 #endif 3717 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3718 callout_handle_init(&sp->ch[IDX_PAP]); 3719 callout_handle_init(&sp->pap_my_to_ch); 3720 #endif 3721 } 3722 3723 static void 3724 sppp_pap_open(struct sppp *sp) 3725 { 3726 if (sp->hisauth.proto == PPP_PAP && 3727 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 3728 /* we are authenticator for PAP, start our timer */ 3729 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3730 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3731 } 3732 if (sp->myauth.proto == PPP_PAP) { 3733 /* we are peer, send a request, and start a timer */ 3734 pap.scr(sp); 3735 #if defined(__NetBSD__) 3736 callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout, 3737 sppp_pap_my_TO, sp); 3738 #else 3739 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3740 sp->pap_my_to_ch = 3741 #endif 3742 timeout(sppp_pap_my_TO, (void *)sp, sp->lcp.timeout); 3743 #endif /* __NetBSD__ */ 3744 } 3745 } 3746 3747 static void 3748 sppp_pap_close(struct sppp *sp) 3749 { 3750 if (sp->state[IDX_PAP] != STATE_CLOSED) 3751 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3752 } 3753 3754 /* 3755 * That's the timeout routine if we are authenticator. Since the 3756 * authenticator is basically passive in PAP, we can't do much here. 3757 */ 3758 static void 3759 sppp_pap_TO(void *cookie) 3760 { 3761 struct sppp *sp = (struct sppp *)cookie; 3762 STDDCL; 3763 int s; 3764 3765 s = splimp(); 3766 if (debug) 3767 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n", 3768 SPP_ARGS(ifp), 3769 sppp_state_name(sp->state[IDX_PAP]), 3770 sp->rst_counter[IDX_PAP]); 3771 3772 if (--sp->rst_counter[IDX_PAP] < 0) 3773 /* TO- event */ 3774 switch (sp->state[IDX_PAP]) { 3775 case STATE_REQ_SENT: 3776 pap.tld(sp); 3777 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 3778 break; 3779 } 3780 else 3781 /* TO+ event, not very much we could do */ 3782 switch (sp->state[IDX_PAP]) { 3783 case STATE_REQ_SENT: 3784 /* sppp_cp_change_state() will restart the timer */ 3785 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 3786 break; 3787 } 3788 3789 splx(s); 3790 } 3791 3792 /* 3793 * That's the timeout handler if we are peer. Since the peer is active, 3794 * we need to retransmit our PAP request since it is apparently lost. 3795 * XXX We should impose a max counter. 3796 */ 3797 static void 3798 sppp_pap_my_TO(void *cookie) 3799 { 3800 struct sppp *sp = (struct sppp *)cookie; 3801 STDDCL; 3802 3803 if (debug) 3804 log(LOG_DEBUG, SPP_FMT "pap peer TO\n", 3805 SPP_ARGS(ifp)); 3806 3807 pap.scr(sp); 3808 } 3809 3810 static void 3811 sppp_pap_tlu(struct sppp *sp) 3812 { 3813 STDDCL; 3814 int x; 3815 3816 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 3817 3818 if (debug) 3819 log(LOG_DEBUG, SPP_FMT "%s tlu\n", 3820 SPP_ARGS(ifp), pap.name); 3821 3822 x = splimp(); 3823 /* indicate to LCP that we need to be closed down */ 3824 sp->lcp.protos |= (1 << IDX_PAP); 3825 3826 if (sp->pp_flags & PP_NEEDAUTH) { 3827 /* 3828 * Remote is authenticator, but his auth proto didn't 3829 * complete yet. Defer the transition to network 3830 * phase. 3831 */ 3832 splx(x); 3833 return; 3834 } 3835 splx(x); 3836 sppp_phase_network(sp); 3837 } 3838 3839 static void 3840 sppp_pap_tld(struct sppp *sp) 3841 { 3842 STDDCL; 3843 3844 if (debug) 3845 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp)); 3846 #if defined(__NetBSD__) 3847 callout_stop(&sp->ch[IDX_PAP]); 3848 #else 3849 untimeout(pap.TO, (void *)sp 3850 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3851 , sp->ch[IDX_PAP] 3852 #endif 3853 ); 3854 #endif /* __NetBSD__ */ 3855 3856 #if defined(__NetBSD__) 3857 callout_stop(&sp->pap_my_to_ch); 3858 #else 3859 untimeout(sppp_pap_my_TO, (void *)sp 3860 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 3861 , sp->pap_my_to_ch 3862 #endif 3863 ); 3864 #endif /* __NetBSD__ */ 3865 sp->lcp.protos &= ~(1 << IDX_PAP); 3866 3867 lcp.Close(sp); 3868 } 3869 3870 static void 3871 sppp_pap_scr(struct sppp *sp) 3872 { 3873 u_char idlen, pwdlen; 3874 3875 sp->confid[IDX_PAP] = ++sp->pp_seq; 3876 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN); 3877 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN); 3878 3879 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 3880 sizeof idlen, (const char *)&idlen, 3881 (size_t)idlen, sp->myauth.name, 3882 sizeof pwdlen, (const char *)&pwdlen, 3883 (size_t)pwdlen, sp->myauth.secret, 3884 0); 3885 } 3886 /* 3888 * Random miscellaneous functions. 3889 */ 3890 3891 /* 3892 * Send a PAP or CHAP proto packet. 3893 * 3894 * Varadic function, each of the elements for the ellipsis is of type 3895 * ``size_t mlen, const u_char *msg''. Processing will stop iff 3896 * mlen == 0. 3897 * NOTE: never declare variadic functions with types subject to type 3898 * promotion (i.e. u_char). This is asking for big trouble depending 3899 * on the architecture you are on... 3900 */ 3901 3902 static void 3903 sppp_auth_send(const struct cp *cp, struct sppp *sp, 3904 unsigned int type, unsigned int id, 3905 ...) 3906 { 3907 STDDCL; 3908 struct ppp_header *h; 3909 struct lcp_header *lh; 3910 struct mbuf *m; 3911 u_char *p; 3912 int len; 3913 unsigned int mlen; 3914 const char *msg; 3915 va_list ap; 3916 3917 MGETHDR (m, M_DONTWAIT, MT_DATA); 3918 if (! m) 3919 return; 3920 m->m_pkthdr.rcvif = 0; 3921 3922 h = mtod (m, struct ppp_header*); 3923 h->address = PPP_ALLSTATIONS; /* broadcast address */ 3924 h->control = PPP_UI; /* Unnumbered Info */ 3925 h->protocol = htons(cp->proto); 3926 3927 lh = (struct lcp_header*)(h + 1); 3928 lh->type = type; 3929 lh->ident = id; 3930 p = (u_char*) (lh+1); 3931 3932 va_start(ap, id); 3933 len = 0; 3934 3935 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 3936 msg = va_arg(ap, const char *); 3937 len += mlen; 3938 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) { 3939 va_end(ap); 3940 m_freem(m); 3941 return; 3942 } 3943 3944 bcopy(msg, p, mlen); 3945 p += mlen; 3946 } 3947 va_end(ap); 3948 3949 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 3950 lh->len = htons (LCP_HEADER_LEN + len); 3951 3952 if (debug) { 3953 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d", 3954 SPP_ARGS(ifp), cp->name, 3955 sppp_auth_type_name(cp->proto, lh->type), 3956 lh->ident, ntohs(lh->len)); 3957 if (len) 3958 sppp_print_bytes((u_char*) (lh+1), len); 3959 addlog(">\n"); 3960 } 3961 if (IF_QFULL (&sp->pp_cpq)) { 3962 IF_DROP (&sp->pp_fastq); 3963 IF_DROP (&ifp->if_snd); 3964 m_freem (m); 3965 ++ifp->if_oerrors; 3966 } else 3967 IF_ENQUEUE (&sp->pp_cpq, m); 3968 if (! (ifp->if_flags & IFF_OACTIVE)) 3969 (*ifp->if_start) (ifp); 3970 ifp->if_obytes += m->m_pkthdr.len + 3; 3971 } 3972 3973 /* 3974 * Flush interface queue. 3975 */ 3976 static void 3977 sppp_qflush(struct ifqueue *ifq) 3978 { 3979 struct mbuf *m, *n; 3980 3981 n = ifq->ifq_head; 3982 while ((m = n)) { 3983 n = m->m_act; 3984 m_freem (m); 3985 } 3986 ifq->ifq_head = 0; 3987 ifq->ifq_tail = 0; 3988 ifq->ifq_len = 0; 3989 } 3990 3991 /* 3992 * Send keepalive packets, every 10 seconds. 3993 */ 3994 static void 3995 sppp_keepalive(void *dummy) 3996 { 3997 struct sppp *sp; 3998 int s; 3999 4000 s = splimp(); 4001 for (sp=spppq; sp; sp=sp->pp_next) { 4002 struct ifnet *ifp = &sp->pp_if; 4003 4004 /* Keepalive mode disabled or channel down? */ 4005 if (! (sp->pp_flags & PP_KEEPALIVE) || 4006 ! (ifp->if_flags & IFF_RUNNING)) 4007 continue; 4008 4009 /* No keepalive in PPP mode if LCP not opened yet. */ 4010 if (! (sp->pp_flags & PP_CISCO) && 4011 sp->pp_phase < PHASE_AUTHENTICATE) 4012 continue; 4013 4014 if (sp->pp_alivecnt == MAXALIVECNT) { 4015 /* No keepalive packets got. Stop the interface. */ 4016 printf (SPP_FMT "down\n", SPP_ARGS(ifp)); 4017 if_down (ifp); 4018 sppp_qflush (&sp->pp_cpq); 4019 if (! (sp->pp_flags & PP_CISCO)) { 4020 /* XXX */ 4021 /* Shut down the PPP link. */ 4022 lcp.Down(sp); 4023 /* Initiate negotiation. XXX */ 4024 lcp.Up(sp); 4025 } 4026 } 4027 if (sp->pp_alivecnt <= MAXALIVECNT) 4028 ++sp->pp_alivecnt; 4029 if (sp->pp_flags & PP_CISCO) 4030 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, ++sp->pp_seq, 4031 sp->pp_rseq); 4032 else if (sp->pp_phase >= PHASE_AUTHENTICATE) { 4033 long nmagic = htonl (sp->lcp.magic); 4034 sp->lcp.echoid = ++sp->pp_seq; 4035 sppp_cp_send (sp, PPP_LCP, ECHO_REQ, 4036 sp->lcp.echoid, 4, &nmagic); 4037 } 4038 } 4039 splx(s); 4040 #if defined(__NetBSD__) 4041 callout_reset(&keepalive_ch, hz * 10, sppp_keepalive, NULL); 4042 #else 4043 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 4044 keepalive_ch = 4045 #endif 4046 timeout(sppp_keepalive, 0, hz * 10); 4047 #endif /* __NetBSD__ */ 4048 } 4049 4050 /* 4051 * Get both IP addresses. 4052 */ 4053 static void 4054 sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask) 4055 { 4056 struct ifnet *ifp = &sp->pp_if; 4057 struct ifaddr *ifa; 4058 struct sockaddr_in *si, *sm; 4059 u_long ssrc, ddst; 4060 4061 sm = NULL; 4062 ssrc = ddst = 0L; 4063 /* 4064 * Pick the first AF_INET address from the list, 4065 * aliases don't make any sense on a p2p link anyway. 4066 */ 4067 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 4068 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 4069 ifa; 4070 ifa = ifa->ifa_link.tqe_next) 4071 #elif defined(__NetBSD__) || defined (__OpenBSD__) 4072 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 4073 ifa; 4074 ifa = ifa->ifa_list.tqe_next) 4075 #else 4076 for (ifa = ifp->if_addrlist, si = 0; 4077 ifa; 4078 ifa = ifa->ifa_next) 4079 #endif 4080 if (ifa->ifa_addr->sa_family == AF_INET) { 4081 si = (struct sockaddr_in *)ifa->ifa_addr; 4082 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4083 if (si) 4084 break; 4085 } 4086 if (ifa) { 4087 if (si && si->sin_addr.s_addr) { 4088 ssrc = si->sin_addr.s_addr; 4089 if (srcmask) 4090 *srcmask = ntohl(sm->sin_addr.s_addr); 4091 } 4092 4093 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4094 if (si && si->sin_addr.s_addr) 4095 ddst = si->sin_addr.s_addr; 4096 } 4097 4098 if (dst) *dst = ntohl(ddst); 4099 if (src) *src = ntohl(ssrc); 4100 } 4101 4102 /* 4103 * Set my IP address. Must be called at splimp. 4104 */ 4105 static void 4106 sppp_set_ip_addr(struct sppp *sp, u_long src) 4107 { 4108 STDDCL; 4109 struct ifaddr *ifa; 4110 struct sockaddr_in *si; 4111 4112 /* 4113 * Pick the first AF_INET address from the list, 4114 * aliases don't make any sense on a p2p link anyway. 4115 */ 4116 4117 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 4118 for (ifa = ifp->if_addrhead.tqh_first, si = 0; 4119 ifa; 4120 ifa = ifa->ifa_link.tqe_next) 4121 #elif defined(__NetBSD__) || defined (__OpenBSD__) 4122 for (ifa = ifp->if_addrlist.tqh_first, si = 0; 4123 ifa; 4124 ifa = ifa->ifa_list.tqe_next) 4125 #else 4126 for (ifa = ifp->if_addrlist, si = 0; 4127 ifa; 4128 ifa = ifa->ifa_next) 4129 #endif 4130 { 4131 if (ifa->ifa_addr->sa_family == AF_INET) 4132 { 4133 si = (struct sockaddr_in *)ifa->ifa_addr; 4134 if (si) 4135 break; 4136 } 4137 } 4138 4139 if (ifa && si) 4140 { 4141 int error; 4142 #if __NetBSD_Version__ >= 103080000 4143 struct sockaddr_in new_sin = *si; 4144 4145 new_sin.sin_addr.s_addr = htonl(src); 4146 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1); 4147 if(debug && error) 4148 { 4149 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit " 4150 " failed, error=%d\n", SPP_ARGS(ifp), error); 4151 } 4152 #else 4153 /* delete old route */ 4154 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST); 4155 if(debug && error) 4156 { 4157 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n", 4158 SPP_ARGS(ifp), error); 4159 } 4160 4161 /* set new address */ 4162 si->sin_addr.s_addr = htonl(src); 4163 4164 /* add new route */ 4165 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST); 4166 if (debug && error) 4167 { 4168 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d", 4169 SPP_ARGS(ifp), error); 4170 } 4171 #endif 4172 } 4173 } 4174 4175 static int 4176 sppp_params(struct sppp *sp, int cmd, void *data) 4177 { 4178 int subcmd; 4179 struct ifreq *ifr = (struct ifreq *)data; 4180 struct spppreq spr; 4181 4182 /* 4183 * ifr->ifr_data is supposed to point to a struct spppreq. 4184 * Check the cmd word first before attempting to fetch all the 4185 * data. 4186 */ 4187 if ((subcmd = fuword(ifr->ifr_data)) == -1) 4188 return EFAULT; 4189 4190 if (copyin((caddr_t)ifr->ifr_data, &spr, sizeof spr) != 0) 4191 return EFAULT; 4192 4193 switch (subcmd) { 4194 case SPPPIOGDEFS: 4195 if (cmd != SIOCGIFGENERIC) 4196 return EINVAL; 4197 /* 4198 * We copy over the entire current state, but clean 4199 * out some of the stuff we don't wanna pass up. 4200 * Remember, SIOCGIFGENERIC is unprotected, and can be 4201 * called by any user. No need to ever get PAP or 4202 * CHAP secrets back to userland anyway. 4203 */ 4204 bcopy(sp, &spr.defs, sizeof(struct sppp)); 4205 bzero(spr.defs.myauth.secret, AUTHKEYLEN); 4206 bzero(spr.defs.myauth.challenge, AUTHKEYLEN); 4207 bzero(spr.defs.hisauth.secret, AUTHKEYLEN); 4208 bzero(spr.defs.hisauth.challenge, AUTHKEYLEN); 4209 return copyout(&spr, (caddr_t)ifr->ifr_data, sizeof spr); 4210 4211 case SPPPIOSDEFS: 4212 if (cmd != SIOCSIFGENERIC) 4213 return EINVAL; 4214 /* 4215 * We have a very specific idea of which fields we allow 4216 * being passed back from userland, so to not clobber our 4217 * current state. For one, we only allow setting 4218 * anything if LCP is in dead phase. Once the LCP 4219 * negotiations started, the authentication settings must 4220 * not be changed again. (The administrator can force an 4221 * ifconfig down in order to get LCP back into dead 4222 * phase.) 4223 * 4224 * Also, we only allow for authentication parameters to be 4225 * specified. 4226 * 4227 * XXX Should allow to set or clear pp_flags. 4228 * 4229 * Finally, if the respective authentication protocol to 4230 * be used is set differently than 0, but the secret is 4231 * passed as all zeros, we don't trash the existing secret. 4232 * This allows an administrator to change the system name 4233 * only without clobbering the secret (which he didn't get 4234 * back in a previous SPPPIOGDEFS call). However, the 4235 * secrets are cleared if the authentication protocol is 4236 * reset to 0. 4237 */ 4238 if (sp->pp_phase != PHASE_DEAD) 4239 return EBUSY; 4240 4241 if ((spr.defs.myauth.proto != 0 && spr.defs.myauth.proto != PPP_PAP && 4242 spr.defs.myauth.proto != PPP_CHAP) || 4243 (spr.defs.hisauth.proto != 0 && spr.defs.hisauth.proto != PPP_PAP && 4244 spr.defs.hisauth.proto != PPP_CHAP)) 4245 return EINVAL; 4246 4247 if (spr.defs.myauth.proto == 0) 4248 /* resetting myauth */ 4249 bzero(&sp->myauth, sizeof sp->myauth); 4250 else { 4251 /* setting/changing myauth */ 4252 sp->myauth.proto = spr.defs.myauth.proto; 4253 bcopy(spr.defs.myauth.name, sp->myauth.name, AUTHNAMELEN); 4254 if (spr.defs.myauth.secret[0] != '\0') 4255 bcopy(spr.defs.myauth.secret, sp->myauth.secret, 4256 AUTHKEYLEN); 4257 } 4258 if (spr.defs.hisauth.proto == 0) 4259 /* resetting hisauth */ 4260 bzero(&sp->hisauth, sizeof sp->hisauth); 4261 else { 4262 /* setting/changing hisauth */ 4263 sp->hisauth.proto = spr.defs.hisauth.proto; 4264 sp->hisauth.flags = spr.defs.hisauth.flags; 4265 bcopy(spr.defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN); 4266 if (spr.defs.hisauth.secret[0] != '\0') 4267 bcopy(spr.defs.hisauth.secret, sp->hisauth.secret, 4268 AUTHKEYLEN); 4269 } 4270 break; 4271 4272 default: 4273 return EINVAL; 4274 } 4275 4276 return 0; 4277 } 4278 4279 static void 4280 sppp_phase_network(struct sppp *sp) 4281 { 4282 STDDCL; 4283 int i; 4284 u_long mask; 4285 4286 sp->pp_phase = PHASE_NETWORK; 4287 4288 if(debug) 4289 { 4290 log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp), 4291 sppp_phase_name(sp->pp_phase)); 4292 } 4293 4294 /* Notify NCPs now. */ 4295 for (i = 0; i < IDX_COUNT; i++) 4296 if ((cps[i])->flags & CP_NCP) 4297 (cps[i])->Open(sp); 4298 4299 /* Send Up events to all NCPs. */ 4300 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 4301 if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP)) 4302 (cps[i])->Up(sp); 4303 4304 /* if no NCP is starting, all this was in vain, close down */ 4305 sppp_lcp_check_and_close(sp); 4306 } 4307 4308 4309 static const char * 4310 sppp_cp_type_name(u_char type) 4311 { 4312 static char buf[12]; 4313 switch (type) { 4314 case CONF_REQ: return "conf-req"; 4315 case CONF_ACK: return "conf-ack"; 4316 case CONF_NAK: return "conf-nak"; 4317 case CONF_REJ: return "conf-rej"; 4318 case TERM_REQ: return "term-req"; 4319 case TERM_ACK: return "term-ack"; 4320 case CODE_REJ: return "code-rej"; 4321 case PROTO_REJ: return "proto-rej"; 4322 case ECHO_REQ: return "echo-req"; 4323 case ECHO_REPLY: return "echo-reply"; 4324 case DISC_REQ: return "discard-req"; 4325 } 4326 sprintf (buf, "0x%x", type); 4327 return buf; 4328 } 4329 4330 static const char * 4331 sppp_auth_type_name(u_short proto, u_char type) 4332 { 4333 static char buf[12]; 4334 switch (proto) { 4335 case PPP_CHAP: 4336 switch (type) { 4337 case CHAP_CHALLENGE: return "challenge"; 4338 case CHAP_RESPONSE: return "response"; 4339 case CHAP_SUCCESS: return "success"; 4340 case CHAP_FAILURE: return "failure"; 4341 } 4342 case PPP_PAP: 4343 switch (type) { 4344 case PAP_REQ: return "req"; 4345 case PAP_ACK: return "ack"; 4346 case PAP_NAK: return "nak"; 4347 } 4348 } 4349 sprintf (buf, "0x%x", type); 4350 return buf; 4351 } 4352 4353 static const char * 4354 sppp_lcp_opt_name(u_char opt) 4355 { 4356 static char buf[12]; 4357 switch (opt) { 4358 case LCP_OPT_MRU: return "mru"; 4359 case LCP_OPT_ASYNC_MAP: return "async-map"; 4360 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 4361 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 4362 case LCP_OPT_MAGIC: return "magic"; 4363 case LCP_OPT_PROTO_COMP: return "proto-comp"; 4364 case LCP_OPT_ADDR_COMP: return "addr-comp"; 4365 } 4366 sprintf (buf, "0x%x", opt); 4367 return buf; 4368 } 4369 4370 static const char * 4371 sppp_ipcp_opt_name(u_char opt) 4372 { 4373 static char buf[12]; 4374 switch (opt) { 4375 case IPCP_OPT_ADDRESSES: return "addresses"; 4376 case IPCP_OPT_COMPRESSION: return "compression"; 4377 case IPCP_OPT_ADDRESS: return "address"; 4378 } 4379 sprintf (buf, "0x%x", opt); 4380 return buf; 4381 } 4382 4383 static const char * 4384 sppp_state_name(int state) 4385 { 4386 switch (state) { 4387 case STATE_INITIAL: return "initial"; 4388 case STATE_STARTING: return "starting"; 4389 case STATE_CLOSED: return "closed"; 4390 case STATE_STOPPED: return "stopped"; 4391 case STATE_CLOSING: return "closing"; 4392 case STATE_STOPPING: return "stopping"; 4393 case STATE_REQ_SENT: return "req-sent"; 4394 case STATE_ACK_RCVD: return "ack-rcvd"; 4395 case STATE_ACK_SENT: return "ack-sent"; 4396 case STATE_OPENED: return "opened"; 4397 } 4398 return "illegal"; 4399 } 4400 4401 static const char * 4402 sppp_phase_name(enum ppp_phase phase) 4403 { 4404 switch (phase) { 4405 case PHASE_DEAD: return "dead"; 4406 case PHASE_ESTABLISH: return "establish"; 4407 case PHASE_TERMINATE: return "terminate"; 4408 case PHASE_AUTHENTICATE: return "authenticate"; 4409 case PHASE_NETWORK: return "network"; 4410 } 4411 return "illegal"; 4412 } 4413 4414 static const char * 4415 sppp_proto_name(u_short proto) 4416 { 4417 static char buf[12]; 4418 switch (proto) { 4419 case PPP_LCP: return "lcp"; 4420 case PPP_IPCP: return "ipcp"; 4421 case PPP_PAP: return "pap"; 4422 case PPP_CHAP: return "chap"; 4423 } 4424 sprintf(buf, "0x%x", (unsigned)proto); 4425 return buf; 4426 } 4427 4428 static void 4429 sppp_print_bytes(const u_char *p, u_short len) 4430 { 4431 addlog(" %02x", *p++); 4432 while (--len > 0) 4433 addlog("-%02x", *p++); 4434 } 4435 4436 static void 4437 sppp_print_string(const char *p, u_short len) 4438 { 4439 u_char c; 4440 4441 while (len-- > 0) { 4442 c = *p++; 4443 /* 4444 * Print only ASCII chars directly. RFC 1994 recommends 4445 * using only them, but we don't rely on it. */ 4446 if (c < ' ' || c > '~') 4447 addlog("\\x%x", c); 4448 else 4449 addlog("%c", c); 4450 } 4451 } 4452 4453 static const char * 4454 sppp_dotted_quad(u_long addr) 4455 { 4456 static char s[16]; 4457 sprintf(s, "%d.%d.%d.%d", 4458 (int)((addr >> 24) & 0xff), 4459 (int)((addr >> 16) & 0xff), 4460 (int)((addr >> 8) & 0xff), 4461 (int)(addr & 0xff)); 4462 return s; 4463 } 4464 4465 static int 4466 sppp_strnlen(u_char *p, int max) 4467 { 4468 int len; 4469 4470 for (len = 0; len < max && *p; ++p) 4471 ++len; 4472 return len; 4473 } 4474 4475 /* a dummy, used to drop uninteresting events */ 4476 static void 4477 sppp_null(struct sppp *unused) 4478 { 4479 /* do just nothing */ 4480 } 4481 /* 4482 * This file is large. Tell emacs to highlight it nevertheless. 4483 * 4484 * Local Variables: 4485 * hilit-auto-highlight-maxout: 120000 4486 * End: 4487 */ 4488
Indexes created Fri Sep 26 20:09:58 GMT 2025