if_spppsubr.c revision 1.91
1 /* $NetBSD: if_spppsubr.c,v 1.91 2006/05/21 05:09:13 christos Exp $ */ 2 3 /* 4 * Synchronous PPP/Cisco link level subroutines. 5 * Keepalive protocol implemented in both Cisco and PPP modes. 6 * 7 * Copyright (C) 1994-1996 Cronyx Engineering Ltd. 8 * Author: Serge Vakulenko, <vak (at) cronyx.ru> 9 * 10 * Heavily revamped to conform to RFC 1661. 11 * Copyright (C) 1997, Joerg Wunsch. 12 * 13 * RFC2472 IPv6CP support. 14 * Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun (at) iijlab.net>. 15 * 16 * Redistribution and use in source and binary forms, with or without 17 * modification, are permitted provided that the following conditions are met: 18 * 1. Redistributions of source code must retain the above copyright notice, 19 * this list of conditions and the following disclaimer. 20 * 2. Redistributions in binary form must reproduce the above copyright notice, 21 * this list of conditions and the following disclaimer in the documentation 22 * and/or other materials provided with the distribution. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY 25 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE 28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 32 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 34 * POSSIBILITY OF SUCH DAMAGE. 35 * 36 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 37 * 38 * From: if_spppsubr.c,v 1.39 1998/04/04 13:26:03 phk Exp 39 * 40 * From: Id: if_spppsubr.c,v 1.23 1999/02/23 14:47:50 hm Exp 41 */ 42 43 #include <sys/cdefs.h> 44 __KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.91 2006/05/21 05:09:13 christos Exp $"); 45 46 #include "opt_inet.h" 47 #include "opt_ipx.h" 48 #include "opt_iso.h" 49 #include "opt_ns.h" 50 #include "opt_pfil_hooks.h" 51 52 #include <sys/param.h> 53 #include <sys/proc.h> 54 #include <sys/systm.h> 55 #include <sys/kernel.h> 56 #include <sys/sockio.h> 57 #include <sys/socket.h> 58 #include <sys/syslog.h> 59 #include <sys/malloc.h> 60 #include <sys/mbuf.h> 61 #include <sys/callout.h> 62 #include <sys/md5.h> 63 #include <sys/inttypes.h> 64 #include <sys/kauth.h> 65 66 #include <net/if.h> 67 #include <net/netisr.h> 68 #include <net/if_types.h> 69 #include <net/route.h> 70 #include <net/ppp_defs.h> 71 72 #include <machine/stdarg.h> 73 74 #include <netinet/in.h> 75 #include <netinet/in_systm.h> 76 #include <netinet/in_var.h> 77 #ifdef INET 78 #include <netinet/ip.h> 79 #include <netinet/tcp.h> 80 #endif 81 #include <net/ethertypes.h> 82 83 #ifdef INET6 84 #include <netinet6/scope6_var.h> 85 #endif 86 87 #ifdef IPX 88 #include <netipx/ipx.h> 89 #include <netipx/ipx_if.h> 90 #endif 91 92 #ifdef NS 93 #include <netns/ns.h> 94 #include <netns/ns_if.h> 95 #endif 96 97 #ifdef ISO 98 #include <netiso/argo_debug.h> 99 #include <netiso/iso.h> 100 #include <netiso/iso_var.h> 101 #include <netiso/iso_snpac.h> 102 #endif 103 104 #include <net/if_sppp.h> 105 #include <net/if_spppvar.h> 106 107 #define LCP_KEEPALIVE_INTERVAL 10 /* seconds between checks */ 108 #define LOOPALIVECNT 3 /* loopback detection tries */ 109 #define DEFAULT_MAXALIVECNT 3 /* max. missed alive packets */ 110 #define DEFAULT_NORECV_TIME 15 /* before we get worried */ 111 #define DEFAULT_MAX_AUTH_FAILURES 5 /* max. auth. failures */ 112 113 /* 114 * Interface flags that can be set in an ifconfig command. 115 * 116 * Setting link0 will make the link passive, i.e. it will be marked 117 * as being administrative openable, but won't be opened to begin 118 * with. Incoming calls will be answered, or subsequent calls with 119 * -link1 will cause the administrative open of the LCP layer. 120 * 121 * Setting link1 will cause the link to auto-dial only as packets 122 * arrive to be sent. 123 * 124 * Setting IFF_DEBUG will syslog the option negotiation and state 125 * transitions at level kern.debug. Note: all logs consistently look 126 * like 127 * 128 * <if-name><unit>: <proto-name> <additional info...> 129 * 130 * with <if-name><unit> being something like "bppp0", and <proto-name> 131 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. 132 */ 133 134 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ 135 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ 136 137 #define CONF_REQ 1 /* PPP configure request */ 138 #define CONF_ACK 2 /* PPP configure acknowledge */ 139 #define CONF_NAK 3 /* PPP configure negative ack */ 140 #define CONF_REJ 4 /* PPP configure reject */ 141 #define TERM_REQ 5 /* PPP terminate request */ 142 #define TERM_ACK 6 /* PPP terminate acknowledge */ 143 #define CODE_REJ 7 /* PPP code reject */ 144 #define PROTO_REJ 8 /* PPP protocol reject */ 145 #define ECHO_REQ 9 /* PPP echo request */ 146 #define ECHO_REPLY 10 /* PPP echo reply */ 147 #define DISC_REQ 11 /* PPP discard request */ 148 149 #define LCP_OPT_MRU 1 /* maximum receive unit */ 150 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 151 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 152 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 153 #define LCP_OPT_MAGIC 5 /* magic number */ 154 #define LCP_OPT_RESERVED 6 /* reserved */ 155 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 156 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 157 158 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ 159 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol */ 160 #define IPCP_OPT_ADDRESS 3 /* local IP address */ 161 #define IPCP_OPT_PRIMDNS 129 /* primary remote dns address */ 162 #define IPCP_OPT_SECDNS 131 /* secondary remote dns address */ 163 164 #define IPV6CP_OPT_IFID 1 /* interface identifier */ 165 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ 166 167 #define PAP_REQ 1 /* PAP name/password request */ 168 #define PAP_ACK 2 /* PAP acknowledge */ 169 #define PAP_NAK 3 /* PAP fail */ 170 171 #define CHAP_CHALLENGE 1 /* CHAP challenge request */ 172 #define CHAP_RESPONSE 2 /* CHAP challenge response */ 173 #define CHAP_SUCCESS 3 /* CHAP response ok */ 174 #define CHAP_FAILURE 4 /* CHAP response failed */ 175 176 #define CHAP_MD5 5 /* hash algorithm - MD5 */ 177 178 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 179 #define CISCO_UNICAST 0x0f /* Cisco unicast address */ 180 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 181 #define CISCO_ADDR_REQ 0 /* Cisco address request */ 182 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 183 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 184 185 /* states are named and numbered according to RFC 1661 */ 186 #define STATE_INITIAL 0 187 #define STATE_STARTING 1 188 #define STATE_CLOSED 2 189 #define STATE_STOPPED 3 190 #define STATE_CLOSING 4 191 #define STATE_STOPPING 5 192 #define STATE_REQ_SENT 6 193 #define STATE_ACK_RCVD 7 194 #define STATE_ACK_SENT 8 195 #define STATE_OPENED 9 196 197 struct ppp_header { 198 u_int8_t address; 199 u_int8_t control; 200 u_int16_t protocol; 201 } __attribute__((__packed__)); 202 #define PPP_HEADER_LEN sizeof (struct ppp_header) 203 204 struct lcp_header { 205 u_int8_t type; 206 u_int8_t ident; 207 u_int16_t len; 208 } __attribute__((__packed__)); 209 #define LCP_HEADER_LEN sizeof (struct lcp_header) 210 211 struct cisco_packet { 212 u_int32_t type; 213 u_int32_t par1; 214 u_int32_t par2; 215 u_int16_t rel; 216 u_int16_t time0; 217 u_int16_t time1; 218 } __attribute__((__packed__)); 219 #define CISCO_PACKET_LEN 18 220 221 /* 222 * We follow the spelling and capitalization of RFC 1661 here, to make 223 * it easier comparing with the standard. Please refer to this RFC in 224 * case you can't make sense out of these abbreviation; it will also 225 * explain the semantics related to the various events and actions. 226 */ 227 struct cp { 228 u_short proto; /* PPP control protocol number */ 229 u_char protoidx; /* index into state table in struct sppp */ 230 u_char flags; 231 #define CP_LCP 0x01 /* this is the LCP */ 232 #define CP_AUTH 0x02 /* this is an authentication protocol */ 233 #define CP_NCP 0x04 /* this is a NCP */ 234 #define CP_QUAL 0x08 /* this is a quality reporting protocol */ 235 const char *name; /* name of this control protocol */ 236 /* event handlers */ 237 void (*Up)(struct sppp *sp); 238 void (*Down)(struct sppp *sp); 239 void (*Open)(struct sppp *sp); 240 void (*Close)(struct sppp *sp); 241 void (*TO)(void *sp); 242 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len); 243 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len); 244 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len); 245 /* actions */ 246 void (*tlu)(struct sppp *sp); 247 void (*tld)(struct sppp *sp); 248 void (*tls)(struct sppp *sp); 249 void (*tlf)(struct sppp *sp); 250 void (*scr)(struct sppp *sp); 251 }; 252 253 static struct sppp *spppq; 254 static struct callout keepalive_ch; 255 256 #ifdef INET 257 /* 258 * The following disgusting hack gets around the problem that IP TOS 259 * can't be set yet. We want to put "interactive" traffic on a high 260 * priority queue. To decide if traffic is interactive, we check that 261 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 262 * 263 * XXX is this really still necessary? - joerg - 264 */ 265 static u_short interactive_ports[8] = { 266 0, 513, 0, 0, 267 0, 21, 0, 23, 268 }; 269 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 270 #endif 271 272 /* almost every function needs these */ 273 #define STDDCL \ 274 struct ifnet *ifp = &sp->pp_if; \ 275 int debug = ifp->if_flags & IFF_DEBUG 276 277 static int sppp_output(struct ifnet *ifp, struct mbuf *m, 278 struct sockaddr *dst, struct rtentry *rt); 279 280 static void sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2); 281 static void sppp_cisco_input(struct sppp *sp, struct mbuf *m); 282 283 static void sppp_cp_input(const struct cp *cp, struct sppp *sp, 284 struct mbuf *m); 285 static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 286 u_char ident, u_short len, void *data); 287 /* static void sppp_cp_timeout(void *arg); */ 288 static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, 289 int newstate); 290 static void sppp_auth_send(const struct cp *cp, 291 struct sppp *sp, unsigned int type, unsigned int id, 292 ...); 293 294 static void sppp_up_event(const struct cp *cp, struct sppp *sp); 295 static void sppp_down_event(const struct cp *cp, struct sppp *sp); 296 static void sppp_open_event(const struct cp *cp, struct sppp *sp); 297 static void sppp_close_event(const struct cp *cp, struct sppp *sp); 298 static void sppp_to_event(const struct cp *cp, struct sppp *sp); 299 300 static void sppp_null(struct sppp *sp); 301 302 static void sppp_lcp_init(struct sppp *sp); 303 static void sppp_lcp_up(struct sppp *sp); 304 static void sppp_lcp_down(struct sppp *sp); 305 static void sppp_lcp_open(struct sppp *sp); 306 static void sppp_lcp_close(struct sppp *sp); 307 static void sppp_lcp_TO(void *sp); 308 static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 309 static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 310 static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 311 static void sppp_lcp_tlu(struct sppp *sp); 312 static void sppp_lcp_tld(struct sppp *sp); 313 static void sppp_lcp_tls(struct sppp *sp); 314 static void sppp_lcp_tlf(struct sppp *sp); 315 static void sppp_lcp_scr(struct sppp *sp); 316 static void sppp_lcp_check_and_close(struct sppp *sp); 317 static int sppp_ncp_check(struct sppp *sp); 318 319 static void sppp_ipcp_init(struct sppp *sp); 320 static void sppp_ipcp_up(struct sppp *sp); 321 static void sppp_ipcp_down(struct sppp *sp); 322 static void sppp_ipcp_open(struct sppp *sp); 323 static void sppp_ipcp_close(struct sppp *sp); 324 static void sppp_ipcp_TO(void *sp); 325 static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len); 326 static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 327 static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 328 static void sppp_ipcp_tlu(struct sppp *sp); 329 static void sppp_ipcp_tld(struct sppp *sp); 330 static void sppp_ipcp_tls(struct sppp *sp); 331 static void sppp_ipcp_tlf(struct sppp *sp); 332 static void sppp_ipcp_scr(struct sppp *sp); 333 334 static void sppp_ipv6cp_init(struct sppp *sp); 335 static void sppp_ipv6cp_up(struct sppp *sp); 336 static void sppp_ipv6cp_down(struct sppp *sp); 337 static void sppp_ipv6cp_open(struct sppp *sp); 338 static void sppp_ipv6cp_close(struct sppp *sp); 339 static void sppp_ipv6cp_TO(void *sp); 340 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len); 341 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len); 342 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len); 343 static void sppp_ipv6cp_tlu(struct sppp *sp); 344 static void sppp_ipv6cp_tld(struct sppp *sp); 345 static void sppp_ipv6cp_tls(struct sppp *sp); 346 static void sppp_ipv6cp_tlf(struct sppp *sp); 347 static void sppp_ipv6cp_scr(struct sppp *sp); 348 349 static void sppp_pap_input(struct sppp *sp, struct mbuf *m); 350 static void sppp_pap_init(struct sppp *sp); 351 static void sppp_pap_open(struct sppp *sp); 352 static void sppp_pap_close(struct sppp *sp); 353 static void sppp_pap_TO(void *sp); 354 static void sppp_pap_my_TO(void *sp); 355 static void sppp_pap_tlu(struct sppp *sp); 356 static void sppp_pap_tld(struct sppp *sp); 357 static void sppp_pap_scr(struct sppp *sp); 358 359 static void sppp_chap_input(struct sppp *sp, struct mbuf *m); 360 static void sppp_chap_init(struct sppp *sp); 361 static void sppp_chap_open(struct sppp *sp); 362 static void sppp_chap_close(struct sppp *sp); 363 static void sppp_chap_TO(void *sp); 364 static void sppp_chap_tlu(struct sppp *sp); 365 static void sppp_chap_tld(struct sppp *sp); 366 static void sppp_chap_scr(struct sppp *sp); 367 368 static const char *sppp_auth_type_name(u_short proto, u_char type); 369 static const char *sppp_cp_type_name(u_char type); 370 static const char *sppp_dotted_quad(u_int32_t addr); 371 static const char *sppp_ipcp_opt_name(u_char opt); 372 #ifdef INET6 373 static const char *sppp_ipv6cp_opt_name(u_char opt); 374 #endif 375 static const char *sppp_lcp_opt_name(u_char opt); 376 static const char *sppp_phase_name(int phase); 377 static const char *sppp_proto_name(u_short proto); 378 static const char *sppp_state_name(int state); 379 static int sppp_params(struct sppp *sp, int cmd, void *data); 380 #ifdef INET 381 static void sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, 382 u_int32_t *srcmask); 383 static void sppp_set_ip_addrs(struct sppp *sp, u_int32_t myaddr, u_int32_t hisaddr); 384 static void sppp_clear_ip_addrs(struct sppp *sp); 385 #endif 386 static void sppp_keepalive(void *dummy); 387 static void sppp_phase_network(struct sppp *sp); 388 static void sppp_print_bytes(const u_char *p, u_short len); 389 static void sppp_print_string(const char *p, u_short len); 390 #ifdef INET6 391 static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, 392 struct in6_addr *dst, struct in6_addr *srcmask); 393 #ifdef IPV6CP_MYIFID_DYN 394 static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src); 395 static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src); 396 #endif 397 static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src); 398 #endif 399 400 /* our control protocol descriptors */ 401 static const struct cp lcp = { 402 PPP_LCP, IDX_LCP, CP_LCP, "lcp", 403 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close, 404 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, 405 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, 406 sppp_lcp_scr 407 }; 408 409 static const struct cp ipcp = { 410 PPP_IPCP, IDX_IPCP, 411 #ifdef INET 412 CP_NCP, /*don't run IPCP if there's no IPv4 support*/ 413 #else 414 0, 415 #endif 416 "ipcp", 417 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close, 418 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, 419 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf, 420 sppp_ipcp_scr 421 }; 422 423 static const struct cp ipv6cp = { 424 PPP_IPV6CP, IDX_IPV6CP, 425 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ 426 CP_NCP, 427 #else 428 0, 429 #endif 430 "ipv6cp", 431 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close, 432 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, 433 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf, 434 sppp_ipv6cp_scr 435 }; 436 437 static const struct cp pap = { 438 PPP_PAP, IDX_PAP, CP_AUTH, "pap", 439 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close, 440 sppp_pap_TO, 0, 0, 0, 441 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null, 442 sppp_pap_scr 443 }; 444 445 static const struct cp chap = { 446 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", 447 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close, 448 sppp_chap_TO, 0, 0, 0, 449 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null, 450 sppp_chap_scr 451 }; 452 453 static const struct cp *cps[IDX_COUNT] = { 454 &lcp, /* IDX_LCP */ 455 &ipcp, /* IDX_IPCP */ 456 &ipv6cp, /* IDX_IPV6CP */ 457 &pap, /* IDX_PAP */ 458 &chap, /* IDX_CHAP */ 459 }; 460 461 462 void spppattach(int); 463 void 464 /*ARGSUSED*/ 465 spppattach(int count) 466 { 467 } 468 469 /* 470 * Exported functions, comprising our interface to the lower layer. 471 */ 472 473 /* 474 * Process the received packet. 475 */ 476 void 477 sppp_input(struct ifnet *ifp, struct mbuf *m) 478 { 479 struct ppp_header *h = NULL; 480 struct ifqueue *inq = 0; 481 u_int16_t protocol; 482 int s; 483 struct sppp *sp = (struct sppp *)ifp; 484 int debug = ifp->if_flags & IFF_DEBUG; 485 486 if (ifp->if_flags & IFF_UP) { 487 /* Count received bytes, add hardware framing */ 488 ifp->if_ibytes += m->m_pkthdr.len + sp->pp_framebytes; 489 /* Note time of last receive */ 490 sp->pp_last_receive = mono_time.tv_sec; 491 } 492 493 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 494 /* Too small packet, drop it. */ 495 if (debug) 496 log(LOG_DEBUG, 497 "%s: input packet is too small, %d bytes\n", 498 ifp->if_xname, m->m_pkthdr.len); 499 drop: 500 ++ifp->if_ierrors; 501 ++ifp->if_iqdrops; 502 m_freem(m); 503 return; 504 } 505 506 if (sp->pp_flags & PP_NOFRAMING) { 507 memcpy(&protocol, mtod(m, void *), 2); 508 protocol = ntohs(protocol); 509 m_adj(m, 2); 510 } else { 511 512 /* Get PPP header. */ 513 h = mtod(m, struct ppp_header *); 514 m_adj(m, PPP_HEADER_LEN); 515 516 switch (h->address) { 517 case PPP_ALLSTATIONS: 518 if (h->control != PPP_UI) 519 goto invalid; 520 if (sp->pp_flags & PP_CISCO) { 521 if (debug) 522 log(LOG_DEBUG, 523 "%s: PPP packet in Cisco mode " 524 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 525 ifp->if_xname, 526 h->address, h->control, ntohs(h->protocol)); 527 goto drop; 528 } 529 break; 530 case CISCO_MULTICAST: 531 case CISCO_UNICAST: 532 /* Don't check the control field here (RFC 1547). */ 533 if (! (sp->pp_flags & PP_CISCO)) { 534 if (debug) 535 log(LOG_DEBUG, 536 "%s: Cisco packet in PPP mode " 537 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 538 ifp->if_xname, 539 h->address, h->control, ntohs(h->protocol)); 540 goto drop; 541 } 542 switch (ntohs(h->protocol)) { 543 default: 544 ++ifp->if_noproto; 545 goto invalid; 546 case CISCO_KEEPALIVE: 547 sppp_cisco_input((struct sppp *) ifp, m); 548 m_freem(m); 549 return; 550 #ifdef INET 551 case ETHERTYPE_IP: 552 schednetisr(NETISR_IP); 553 inq = &ipintrq; 554 break; 555 #endif 556 #ifdef INET6 557 case ETHERTYPE_IPV6: 558 schednetisr(NETISR_IPV6); 559 inq = &ip6intrq; 560 break; 561 #endif 562 #ifdef IPX 563 case ETHERTYPE_IPX: 564 schednetisr(NETISR_IPX); 565 inq = &ipxintrq; 566 break; 567 #endif 568 #ifdef NS 569 case ETHERTYPE_NS: 570 schednetisr(NETISR_NS); 571 inq = &nsintrq; 572 break; 573 #endif 574 } 575 goto queue_pkt; 576 default: /* Invalid PPP packet. */ 577 invalid: 578 if (debug) 579 log(LOG_DEBUG, 580 "%s: invalid input packet " 581 "<addr=0x%x ctrl=0x%x proto=0x%x>\n", 582 ifp->if_xname, 583 h->address, h->control, ntohs(h->protocol)); 584 goto drop; 585 } 586 protocol = ntohs(h->protocol); 587 } 588 589 switch (protocol) { 590 default: 591 if (sp->state[IDX_LCP] == STATE_OPENED) { 592 u_int16_t prot = htons(protocol); 593 sppp_cp_send(sp, PPP_LCP, PROTO_REJ, 594 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2, 595 &prot); 596 } 597 if (debug) 598 log(LOG_DEBUG, 599 "%s: invalid input protocol " 600 "<proto=0x%x>\n", ifp->if_xname, ntohs(protocol)); 601 ++ifp->if_noproto; 602 goto drop; 603 case PPP_LCP: 604 sppp_cp_input(&lcp, sp, m); 605 m_freem(m); 606 return; 607 case PPP_PAP: 608 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) 609 sppp_pap_input(sp, m); 610 m_freem(m); 611 return; 612 case PPP_CHAP: 613 if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) 614 sppp_chap_input(sp, m); 615 m_freem(m); 616 return; 617 #ifdef INET 618 case PPP_IPCP: 619 if (sp->pp_phase == SPPP_PHASE_NETWORK) 620 sppp_cp_input(&ipcp, sp, m); 621 m_freem(m); 622 return; 623 case PPP_IP: 624 if (sp->state[IDX_IPCP] == STATE_OPENED) { 625 schednetisr(NETISR_IP); 626 inq = &ipintrq; 627 sp->pp_last_activity = mono_time.tv_sec; 628 } 629 break; 630 #endif 631 #ifdef INET6 632 case PPP_IPV6CP: 633 if (sp->pp_phase == SPPP_PHASE_NETWORK) 634 sppp_cp_input(&ipv6cp, sp, m); 635 m_freem(m); 636 return; 637 638 case PPP_IPV6: 639 if (sp->state[IDX_IPV6CP] == STATE_OPENED) { 640 schednetisr(NETISR_IPV6); 641 inq = &ip6intrq; 642 sp->pp_last_activity = mono_time.tv_sec; 643 } 644 break; 645 #endif 646 #ifdef IPX 647 case PPP_IPX: 648 /* IPX IPXCP not implemented yet */ 649 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 650 schednetisr(NETISR_IPX); 651 inq = &ipxintrq; 652 } 653 break; 654 #endif 655 #ifdef NS 656 case PPP_XNS: 657 /* XNS IDPCP not implemented yet */ 658 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 659 schednetisr(NETISR_NS); 660 inq = &nsintrq; 661 } 662 break; 663 #endif 664 #ifdef ISO 665 case PPP_ISO: 666 /* OSI NLCP not implemented yet */ 667 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 668 schednetisr(NETISR_ISO); 669 inq = &clnlintrq; 670 } 671 break; 672 #endif 673 } 674 675 queue_pkt: 676 if (! (ifp->if_flags & IFF_UP) || ! inq) 677 goto drop; 678 679 /* Check queue. */ 680 s = splnet(); 681 if (IF_QFULL(inq)) { 682 /* Queue overflow. */ 683 IF_DROP(inq); 684 splx(s); 685 if (debug) 686 log(LOG_DEBUG, "%s: protocol queue overflow\n", 687 ifp->if_xname); 688 goto drop; 689 } 690 IF_ENQUEUE(inq, m); 691 splx(s); 692 } 693 694 /* 695 * Enqueue transmit packet. 696 */ 697 static int 698 sppp_output(struct ifnet *ifp, struct mbuf *m, 699 struct sockaddr *dst, struct rtentry *rt) 700 { 701 struct sppp *sp = (struct sppp *) ifp; 702 struct ppp_header *h = NULL; 703 struct ifqueue *ifq = NULL; /* XXX */ 704 int s, error = 0; 705 u_int16_t protocol; 706 ALTQ_DECL(struct altq_pktattr pktattr;) 707 708 s = splnet(); 709 710 sp->pp_last_activity = mono_time.tv_sec; 711 712 if ((ifp->if_flags & IFF_UP) == 0 || 713 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { 714 m_freem(m); 715 splx(s); 716 return (ENETDOWN); 717 } 718 719 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { 720 /* 721 * Interface is not yet running, but auto-dial. Need 722 * to start LCP for it. 723 */ 724 ifp->if_flags |= IFF_RUNNING; 725 splx(s); 726 lcp.Open(sp); 727 s = splnet(); 728 } 729 730 /* 731 * If the queueing discipline needs packet classification, 732 * do it before prepending link headers. 733 */ 734 IFQ_CLASSIFY(&ifp->if_snd, m, dst->sa_family, &pktattr); 735 736 #ifdef INET 737 if (dst->sa_family == AF_INET) { 738 struct ip *ip = NULL; 739 struct tcphdr *th = NULL; 740 741 if (m->m_len >= sizeof(struct ip)) { 742 ip = mtod(m, struct ip *); 743 if (ip->ip_p == IPPROTO_TCP && 744 m->m_len >= sizeof(struct ip) + (ip->ip_hl << 2) + 745 sizeof(struct tcphdr)) { 746 th = (struct tcphdr *) 747 ((caddr_t)ip + (ip->ip_hl << 2)); 748 } 749 } else 750 ip = NULL; 751 752 /* 753 * When using dynamic local IP address assignment by using 754 * 0.0.0.0 as a local address, the first TCP session will 755 * not connect because the local TCP checksum is computed 756 * using 0.0.0.0 which will later become our real IP address 757 * so the TCP checksum computed at the remote end will 758 * become invalid. So we 759 * - don't let packets with src ip addr 0 thru 760 * - we flag TCP packets with src ip 0 as an error 761 */ 762 if (ip && ip->ip_src.s_addr == INADDR_ANY) { 763 u_int8_t proto = ip->ip_p; 764 765 m_freem(m); 766 splx(s); 767 if (proto == IPPROTO_TCP) 768 return (EADDRNOTAVAIL); 769 else 770 return (0); 771 } 772 773 /* 774 * Put low delay, telnet, rlogin and ftp control packets 775 * in front of the queue. 776 */ 777 778 if (!IF_QFULL(&sp->pp_fastq) && 779 ((ip && (ip->ip_tos & IPTOS_LOWDELAY)) || 780 (th && (INTERACTIVE(ntohs(th->th_sport)) || 781 INTERACTIVE(ntohs(th->th_dport)))))) 782 ifq = &sp->pp_fastq; 783 } 784 #endif 785 786 #ifdef INET6 787 if (dst->sa_family == AF_INET6) { 788 /* XXX do something tricky here? */ 789 } 790 #endif 791 792 if ((sp->pp_flags & PP_NOFRAMING) == 0) { 793 /* 794 * Prepend general data packet PPP header. For now, IP only. 795 */ 796 M_PREPEND(m, PPP_HEADER_LEN, M_DONTWAIT); 797 if (! m) { 798 if (ifp->if_flags & IFF_DEBUG) 799 log(LOG_DEBUG, "%s: no memory for transmit header\n", 800 ifp->if_xname); 801 ++ifp->if_oerrors; 802 splx(s); 803 return (ENOBUFS); 804 } 805 /* 806 * May want to check size of packet 807 * (albeit due to the implementation it's always enough) 808 */ 809 h = mtod(m, struct ppp_header *); 810 if (sp->pp_flags & PP_CISCO) { 811 h->address = CISCO_UNICAST; /* unicast address */ 812 h->control = 0; 813 } else { 814 h->address = PPP_ALLSTATIONS; /* broadcast address */ 815 h->control = PPP_UI; /* Unnumbered Info */ 816 } 817 } 818 819 switch (dst->sa_family) { 820 #ifdef INET 821 case AF_INET: /* Internet Protocol */ 822 if (sp->pp_flags & PP_CISCO) 823 protocol = htons(ETHERTYPE_IP); 824 else { 825 /* 826 * Don't choke with an ENETDOWN early. It's 827 * possible that we just started dialing out, 828 * so don't drop the packet immediately. If 829 * we notice that we run out of buffer space 830 * below, we will however remember that we are 831 * not ready to carry IP packets, and return 832 * ENETDOWN, as opposed to ENOBUFS. 833 */ 834 protocol = htons(PPP_IP); 835 if (sp->state[IDX_IPCP] != STATE_OPENED) 836 error = ENETDOWN; 837 } 838 break; 839 #endif 840 #ifdef INET6 841 case AF_INET6: /* Internet Protocol version 6 */ 842 if (sp->pp_flags & PP_CISCO) 843 protocol = htons(ETHERTYPE_IPV6); 844 else { 845 /* 846 * Don't choke with an ENETDOWN early. It's 847 * possible that we just started dialing out, 848 * so don't drop the packet immediately. If 849 * we notice that we run out of buffer space 850 * below, we will however remember that we are 851 * not ready to carry IP packets, and return 852 * ENETDOWN, as opposed to ENOBUFS. 853 */ 854 protocol = htons(PPP_IPV6); 855 if (sp->state[IDX_IPV6CP] != STATE_OPENED) 856 error = ENETDOWN; 857 } 858 break; 859 #endif 860 #ifdef NS 861 case AF_NS: /* Xerox NS Protocol */ 862 protocol = htons((sp->pp_flags & PP_CISCO) ? 863 ETHERTYPE_NS : PPP_XNS); 864 break; 865 #endif 866 #ifdef IPX 867 case AF_IPX: /* Novell IPX Protocol */ 868 protocol = htons((sp->pp_flags & PP_CISCO) ? 869 ETHERTYPE_IPX : PPP_IPX); 870 break; 871 #endif 872 #ifdef ISO 873 case AF_ISO: /* ISO OSI Protocol */ 874 if (sp->pp_flags & PP_CISCO) 875 goto nosupport; 876 protocol = htons(PPP_ISO); 877 break; 878 nosupport: 879 #endif 880 default: 881 m_freem(m); 882 ++ifp->if_oerrors; 883 splx(s); 884 return (EAFNOSUPPORT); 885 } 886 887 if (sp->pp_flags & PP_NOFRAMING) { 888 M_PREPEND(m, 2, M_DONTWAIT); 889 if (m == NULL) { 890 if (ifp->if_flags & IFF_DEBUG) 891 log(LOG_DEBUG, "%s: no memory for transmit header\n", 892 ifp->if_xname); 893 ++ifp->if_oerrors; 894 splx(s); 895 return (ENOBUFS); 896 } 897 *mtod(m, u_int16_t *) = protocol; 898 } else { 899 h->protocol = protocol; 900 } 901 902 903 error = ifq_enqueue2(ifp, ifq, m ALTQ_COMMA ALTQ_DECL(&pktattr)); 904 905 if (error == 0) { 906 /* 907 * Count output packets and bytes. 908 * The packet length includes header + additional hardware 909 * framing according to RFC 1333. 910 */ 911 if (!(ifp->if_flags & IFF_OACTIVE)) 912 (*ifp->if_start)(ifp); 913 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes; 914 } 915 splx(s); 916 return error; 917 } 918 919 void 920 sppp_attach(struct ifnet *ifp) 921 { 922 struct sppp *sp = (struct sppp *) ifp; 923 924 /* Initialize keepalive handler. */ 925 if (! spppq) { 926 callout_init(&keepalive_ch); 927 callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 928 } 929 930 /* Insert new entry into the keepalive list. */ 931 sp->pp_next = spppq; 932 spppq = sp; 933 934 sp->pp_if.if_type = IFT_PPP; 935 sp->pp_if.if_output = sppp_output; 936 sp->pp_fastq.ifq_maxlen = 32; 937 sp->pp_cpq.ifq_maxlen = 20; 938 sp->pp_loopcnt = 0; 939 sp->pp_alivecnt = 0; 940 sp->pp_last_activity = 0; 941 sp->pp_last_receive = 0; 942 sp->pp_maxalive = DEFAULT_MAXALIVECNT; 943 sp->pp_max_noreceive = DEFAULT_NORECV_TIME; 944 sp->pp_idle_timeout = 0; 945 memset(&sp->pp_seq[0], 0, sizeof(sp->pp_seq)); 946 memset(&sp->pp_rseq[0], 0, sizeof(sp->pp_rseq)); 947 sp->pp_auth_failures = 0; 948 sp->pp_max_auth_fail = DEFAULT_MAX_AUTH_FAILURES; 949 sp->pp_phase = SPPP_PHASE_DEAD; 950 sp->pp_up = lcp.Up; 951 sp->pp_down = lcp.Down; 952 953 if_alloc_sadl(ifp); 954 955 memset(&sp->myauth, 0, sizeof sp->myauth); 956 memset(&sp->hisauth, 0, sizeof sp->hisauth); 957 sppp_lcp_init(sp); 958 sppp_ipcp_init(sp); 959 sppp_ipv6cp_init(sp); 960 sppp_pap_init(sp); 961 sppp_chap_init(sp); 962 } 963 964 void 965 sppp_detach(struct ifnet *ifp) 966 { 967 struct sppp **q, *p, *sp = (struct sppp *) ifp; 968 int i; 969 970 /* Remove the entry from the keepalive list. */ 971 for (q = &spppq; (p = *q); q = &p->pp_next) 972 if (p == sp) { 973 *q = p->pp_next; 974 break; 975 } 976 977 /* Stop keepalive handler. */ 978 if (! spppq) { 979 callout_stop(&keepalive_ch); 980 } 981 982 for (i = 0; i < IDX_COUNT; i++) { 983 callout_stop(&sp->ch[i]); 984 } 985 callout_stop(&sp->pap_my_to_ch); 986 987 /* free authentication info */ 988 if (sp->myauth.name) free(sp->myauth.name, M_DEVBUF); 989 if (sp->myauth.secret) free(sp->myauth.secret, M_DEVBUF); 990 if (sp->hisauth.name) free(sp->hisauth.name, M_DEVBUF); 991 if (sp->hisauth.secret) free(sp->hisauth.secret, M_DEVBUF); 992 993 #if 0 /* done in if_detach() */ 994 if_free_sadl(ifp); 995 #endif 996 } 997 998 /* 999 * Flush the interface output queue. 1000 */ 1001 void 1002 sppp_flush(struct ifnet *ifp) 1003 { 1004 struct sppp *sp = (struct sppp *) ifp; 1005 1006 IFQ_PURGE(&sp->pp_if.if_snd); 1007 IF_PURGE(&sp->pp_fastq); 1008 IF_PURGE(&sp->pp_cpq); 1009 } 1010 1011 /* 1012 * Check if the output queue is empty. 1013 */ 1014 int 1015 sppp_isempty(struct ifnet *ifp) 1016 { 1017 struct sppp *sp = (struct sppp *) ifp; 1018 int empty, s; 1019 1020 s = splnet(); 1021 empty = IF_IS_EMPTY(&sp->pp_fastq) && IF_IS_EMPTY(&sp->pp_cpq) && 1022 IFQ_IS_EMPTY(&sp->pp_if.if_snd); 1023 splx(s); 1024 return (empty); 1025 } 1026 1027 /* 1028 * Get next packet to send. 1029 */ 1030 struct mbuf * 1031 sppp_dequeue(struct ifnet *ifp) 1032 { 1033 struct sppp *sp = (struct sppp *) ifp; 1034 struct mbuf *m; 1035 int s; 1036 1037 s = splnet(); 1038 /* 1039 * Process only the control protocol queue until we have at 1040 * least one NCP open. 1041 * 1042 * Do always serve all three queues in Cisco mode. 1043 */ 1044 IF_DEQUEUE(&sp->pp_cpq, m); 1045 if (m == NULL && 1046 (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) { 1047 IF_DEQUEUE(&sp->pp_fastq, m); 1048 if (m == NULL) 1049 IFQ_DEQUEUE(&sp->pp_if.if_snd, m); 1050 } 1051 splx(s); 1052 return m; 1053 } 1054 1055 /* 1056 * Process an ioctl request. Called on low priority level. 1057 */ 1058 int 1059 sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) 1060 { 1061 struct ifreq *ifr = (struct ifreq *) data; 1062 struct sppp *sp = (struct sppp *) ifp; 1063 int s, error=0, going_up, going_down, newmode; 1064 1065 s = splnet(); 1066 switch (cmd) { 1067 case SIOCAIFADDR: 1068 case SIOCSIFDSTADDR: 1069 break; 1070 1071 case SIOCSIFADDR: 1072 if_up(ifp); 1073 /* fall through... */ 1074 1075 case SIOCSIFFLAGS: 1076 going_up = ifp->if_flags & IFF_UP && 1077 (ifp->if_flags & IFF_RUNNING) == 0; 1078 going_down = (ifp->if_flags & IFF_UP) == 0 && 1079 ifp->if_flags & IFF_RUNNING; 1080 newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); 1081 if (newmode == (IFF_AUTO | IFF_PASSIVE)) { 1082 /* sanity */ 1083 newmode = IFF_PASSIVE; 1084 ifp->if_flags &= ~IFF_AUTO; 1085 } 1086 1087 if (going_up || going_down) 1088 lcp.Close(sp); 1089 if (going_up && newmode == 0) { 1090 /* neither auto-dial nor passive */ 1091 ifp->if_flags |= IFF_RUNNING; 1092 if (!(sp->pp_flags & PP_CISCO)) 1093 lcp.Open(sp); 1094 } else if (going_down) { 1095 sppp_flush(ifp); 1096 ifp->if_flags &= ~IFF_RUNNING; 1097 } 1098 1099 break; 1100 1101 #ifdef SIOCSIFMTU 1102 #ifndef ifr_mtu 1103 #define ifr_mtu ifr_metric 1104 #endif 1105 case SIOCSIFMTU: 1106 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) { 1107 error = EINVAL; 1108 break; 1109 } 1110 1111 ifp->if_mtu = ifr->ifr_mtu; 1112 break; 1113 #endif 1114 #ifdef SLIOCSETMTU 1115 case SLIOCSETMTU: 1116 if (*(short *)data < 128 || *(short *)data > sp->lcp.their_mru) 1117 { 1118 error = EINVAL; 1119 break; 1120 } 1121 1122 ifp->if_mtu = *(short *)data; 1123 break; 1124 #endif 1125 #ifdef SIOCGIFMTU 1126 case SIOCGIFMTU: 1127 ifr->ifr_mtu = ifp->if_mtu; 1128 break; 1129 #endif 1130 #ifdef SLIOCGETMTU 1131 case SLIOCGETMTU: 1132 *(short *)data = ifp->if_mtu; 1133 break; 1134 #endif 1135 case SIOCADDMULTI: 1136 case SIOCDELMULTI: 1137 break; 1138 1139 case SPPPSETAUTHCFG: 1140 case SPPPGETAUTHCFG: 1141 case SPPPSETLCPCFG: 1142 case SPPPGETLCPCFG: 1143 case SPPPSETIDLETO: 1144 case SPPPSETAUTHFAILURE: 1145 case SPPPGETAUTHFAILURES: 1146 case SPPPSETDNSOPTS: 1147 case SPPPSETKEEPALIVE: 1148 { 1149 struct proc *p = curproc; /* XXX */ 1150 1151 if ((error = kauth_authorize_generic(p->p_cred, KAUTH_GENERIC_ISSUSER, &p->p_acflag)) != 0) 1152 break; 1153 } 1154 /* FALLTHROUGH */ 1155 case SPPPGETSTATUS: 1156 case SPPPGETSTATUSNCP: 1157 case SPPPGETIDLETO: 1158 case SPPPGETDNSOPTS: 1159 case SPPPGETDNSADDRS: 1160 case SPPPGETKEEPALIVE: 1161 error = sppp_params(sp, cmd, data); 1162 break; 1163 1164 default: 1165 error = ENOTTY; 1166 } 1167 splx(s); 1168 return (error); 1169 } 1170 1171 1172 /* 1173 * Cisco framing implementation. 1174 */ 1175 1176 /* 1177 * Handle incoming Cisco keepalive protocol packets. 1178 */ 1179 static void 1180 sppp_cisco_input(struct sppp *sp, struct mbuf *m) 1181 { 1182 STDDCL; 1183 struct cisco_packet *h; 1184 #ifdef INET 1185 u_int32_t me, mymask = 0; /* XXX: GCC */ 1186 #endif 1187 1188 if (m->m_pkthdr.len < CISCO_PACKET_LEN) { 1189 if (debug) 1190 log(LOG_DEBUG, 1191 "%s: cisco invalid packet length: %d bytes\n", 1192 ifp->if_xname, m->m_pkthdr.len); 1193 return; 1194 } 1195 h = mtod(m, struct cisco_packet *); 1196 if (debug) 1197 log(LOG_DEBUG, 1198 "%s: cisco input: %d bytes " 1199 "<0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", 1200 ifp->if_xname, m->m_pkthdr.len, 1201 ntohl(h->type), h->par1, h->par2, (u_int)h->rel, 1202 (u_int)h->time0, (u_int)h->time1); 1203 switch (ntohl(h->type)) { 1204 default: 1205 if (debug) 1206 addlog("%s: cisco unknown packet type: 0x%x\n", 1207 ifp->if_xname, ntohl(h->type)); 1208 break; 1209 case CISCO_ADDR_REPLY: 1210 /* Reply on address request, ignore */ 1211 break; 1212 case CISCO_KEEPALIVE_REQ: 1213 sp->pp_alivecnt = 0; 1214 sp->pp_rseq[IDX_LCP] = ntohl(h->par1); 1215 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) { 1216 /* Local and remote sequence numbers are equal. 1217 * Probably, the line is in loopback mode. */ 1218 if (sp->pp_loopcnt >= LOOPALIVECNT) { 1219 printf ("%s: loopback\n", 1220 ifp->if_xname); 1221 sp->pp_loopcnt = 0; 1222 if (ifp->if_flags & IFF_UP) { 1223 if_down(ifp); 1224 IF_PURGE(&sp->pp_cpq); 1225 } 1226 } 1227 ++sp->pp_loopcnt; 1228 1229 /* Generate new local sequence number */ 1230 sp->pp_seq[IDX_LCP] = arc4random(); 1231 break; 1232 } 1233 sp->pp_loopcnt = 0; 1234 if (! (ifp->if_flags & IFF_UP) && 1235 (ifp->if_flags & IFF_RUNNING)) { 1236 if_up(ifp); 1237 } 1238 break; 1239 case CISCO_ADDR_REQ: 1240 #ifdef INET 1241 sppp_get_ip_addrs(sp, &me, 0, &mymask); 1242 if (me != 0L) 1243 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); 1244 #endif 1245 break; 1246 } 1247 } 1248 1249 /* 1250 * Send Cisco keepalive packet. 1251 */ 1252 static void 1253 sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2) 1254 { 1255 STDDCL; 1256 struct ppp_header *h; 1257 struct cisco_packet *ch; 1258 struct mbuf *m; 1259 u_int32_t t = (time.tv_sec - boottime.tv_sec) * 1000; 1260 1261 MGETHDR(m, M_DONTWAIT, MT_DATA); 1262 if (! m) 1263 return; 1264 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 1265 m->m_pkthdr.rcvif = 0; 1266 1267 h = mtod(m, struct ppp_header *); 1268 h->address = CISCO_MULTICAST; 1269 h->control = 0; 1270 h->protocol = htons(CISCO_KEEPALIVE); 1271 1272 ch = (struct cisco_packet *)(h + 1); 1273 ch->type = htonl(type); 1274 ch->par1 = htonl(par1); 1275 ch->par2 = htonl(par2); 1276 ch->rel = -1; 1277 1278 ch->time0 = htons((u_short)(t >> 16)); 1279 ch->time1 = htons((u_short) t); 1280 1281 if (debug) 1282 log(LOG_DEBUG, 1283 "%s: cisco output: <0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", 1284 ifp->if_xname, ntohl(ch->type), ch->par1, 1285 ch->par2, (u_int)ch->rel, (u_int)ch->time0, 1286 (u_int)ch->time1); 1287 1288 if (IF_QFULL(&sp->pp_cpq)) { 1289 IF_DROP(&sp->pp_fastq); 1290 IF_DROP(&ifp->if_snd); 1291 m_freem(m); 1292 ++ifp->if_oerrors; 1293 return; 1294 } else 1295 IF_ENQUEUE(&sp->pp_cpq, m); 1296 if (! (ifp->if_flags & IFF_OACTIVE)) 1297 (*ifp->if_start)(ifp); 1298 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes; 1299 } 1300 1301 /* 1302 * PPP protocol implementation. 1303 */ 1304 1305 /* 1306 * Send PPP control protocol packet. 1307 */ 1308 static void 1309 sppp_cp_send(struct sppp *sp, u_short proto, u_char type, 1310 u_char ident, u_short len, void *data) 1311 { 1312 STDDCL; 1313 struct lcp_header *lh; 1314 struct mbuf *m; 1315 size_t pkthdrlen; 1316 1317 pkthdrlen = (sp->pp_flags & PP_NOFRAMING) ? 2 : PPP_HEADER_LEN; 1318 1319 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) 1320 len = MHLEN - pkthdrlen - LCP_HEADER_LEN; 1321 MGETHDR(m, M_DONTWAIT, MT_DATA); 1322 if (! m) 1323 return; 1324 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 1325 m->m_pkthdr.rcvif = 0; 1326 1327 if (sp->pp_flags & PP_NOFRAMING) { 1328 *mtod(m, u_int16_t *) = htons(proto); 1329 lh = (struct lcp_header *)(mtod(m, u_int8_t *) + 2); 1330 } else { 1331 struct ppp_header *h; 1332 h = mtod(m, struct ppp_header *); 1333 h->address = PPP_ALLSTATIONS; /* broadcast address */ 1334 h->control = PPP_UI; /* Unnumbered Info */ 1335 h->protocol = htons(proto); /* Link Control Protocol */ 1336 lh = (struct lcp_header *)(h + 1); 1337 } 1338 lh->type = type; 1339 lh->ident = ident; 1340 lh->len = htons(LCP_HEADER_LEN + len); 1341 if (len) 1342 bcopy (data, lh + 1, len); 1343 1344 if (debug) { 1345 log(LOG_DEBUG, "%s: %s output <%s id=0x%x len=%d", 1346 ifp->if_xname, 1347 sppp_proto_name(proto), 1348 sppp_cp_type_name(lh->type), lh->ident, ntohs(lh->len)); 1349 if (len) 1350 sppp_print_bytes((u_char *)(lh + 1), len); 1351 addlog(">\n"); 1352 } 1353 if (IF_QFULL(&sp->pp_cpq)) { 1354 IF_DROP(&sp->pp_fastq); 1355 IF_DROP(&ifp->if_snd); 1356 m_freem(m); 1357 ++ifp->if_oerrors; 1358 return; 1359 } else 1360 IF_ENQUEUE(&sp->pp_cpq, m); 1361 if (! (ifp->if_flags & IFF_OACTIVE)) 1362 (*ifp->if_start)(ifp); 1363 ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes; 1364 } 1365 1366 /* 1367 * Handle incoming PPP control protocol packets. 1368 */ 1369 static void 1370 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) 1371 { 1372 STDDCL; 1373 struct lcp_header *h; 1374 int len = m->m_pkthdr.len; 1375 int rv; 1376 u_char *p; 1377 u_int32_t u32; 1378 1379 if (len < 4) { 1380 if (debug) 1381 log(LOG_DEBUG, 1382 "%s: %s invalid packet length: %d bytes\n", 1383 ifp->if_xname, cp->name, len); 1384 return; 1385 } 1386 h = mtod(m, struct lcp_header *); 1387 if (debug) { 1388 log(LOG_DEBUG, 1389 "%s: %s input(%s): <%s id=0x%x len=%d", 1390 ifp->if_xname, cp->name, 1391 sppp_state_name(sp->state[cp->protoidx]), 1392 sppp_cp_type_name(h->type), h->ident, ntohs(h->len)); 1393 if (len > 4) 1394 sppp_print_bytes((u_char *)(h + 1), len - 4); 1395 addlog(">\n"); 1396 } 1397 if (len > ntohs(h->len)) 1398 len = ntohs(h->len); 1399 p = (u_char *)(h + 1); 1400 switch (h->type) { 1401 case CONF_REQ: 1402 if (len < 4) { 1403 if (debug) 1404 addlog("%s: %s invalid conf-req length %d\n", 1405 ifp->if_xname, cp->name, 1406 len); 1407 ++ifp->if_ierrors; 1408 break; 1409 } 1410 /* handle states where RCR doesn't get a SCA/SCN */ 1411 switch (sp->state[cp->protoidx]) { 1412 case STATE_CLOSING: 1413 case STATE_STOPPING: 1414 return; 1415 case STATE_CLOSED: 1416 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 1417 0, 0); 1418 return; 1419 } 1420 rv = (cp->RCR)(sp, h, len); 1421 switch (sp->state[cp->protoidx]) { 1422 case STATE_OPENED: 1423 (cp->tld)(sp); 1424 (cp->scr)(sp); 1425 /* fall through... */ 1426 case STATE_ACK_SENT: 1427 case STATE_REQ_SENT: 1428 sppp_cp_change_state(cp, sp, rv? 1429 STATE_ACK_SENT: STATE_REQ_SENT); 1430 break; 1431 case STATE_STOPPED: 1432 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1433 (cp->scr)(sp); 1434 sppp_cp_change_state(cp, sp, rv? 1435 STATE_ACK_SENT: STATE_REQ_SENT); 1436 break; 1437 case STATE_ACK_RCVD: 1438 if (rv) { 1439 sppp_cp_change_state(cp, sp, STATE_OPENED); 1440 if (debug) 1441 log(LOG_DEBUG, "%s: %s tlu\n", 1442 ifp->if_xname, 1443 cp->name); 1444 (cp->tlu)(sp); 1445 } else 1446 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1447 break; 1448 default: 1449 printf("%s: %s illegal %s in state %s\n", 1450 ifp->if_xname, cp->name, 1451 sppp_cp_type_name(h->type), 1452 sppp_state_name(sp->state[cp->protoidx])); 1453 ++ifp->if_ierrors; 1454 } 1455 break; 1456 case CONF_ACK: 1457 if (h->ident != sp->confid[cp->protoidx]) { 1458 if (debug) 1459 addlog("%s: %s id mismatch 0x%x != 0x%x\n", 1460 ifp->if_xname, cp->name, 1461 h->ident, sp->confid[cp->protoidx]); 1462 ++ifp->if_ierrors; 1463 break; 1464 } 1465 switch (sp->state[cp->protoidx]) { 1466 case STATE_CLOSED: 1467 case STATE_STOPPED: 1468 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1469 break; 1470 case STATE_CLOSING: 1471 case STATE_STOPPING: 1472 break; 1473 case STATE_REQ_SENT: 1474 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1475 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1476 break; 1477 case STATE_OPENED: 1478 (cp->tld)(sp); 1479 /* fall through */ 1480 case STATE_ACK_RCVD: 1481 (cp->scr)(sp); 1482 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1483 break; 1484 case STATE_ACK_SENT: 1485 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1486 sppp_cp_change_state(cp, sp, STATE_OPENED); 1487 if (debug) 1488 log(LOG_DEBUG, "%s: %s tlu\n", 1489 ifp->if_xname, cp->name); 1490 (cp->tlu)(sp); 1491 break; 1492 default: 1493 printf("%s: %s illegal %s in state %s\n", 1494 ifp->if_xname, cp->name, 1495 sppp_cp_type_name(h->type), 1496 sppp_state_name(sp->state[cp->protoidx])); 1497 ++ifp->if_ierrors; 1498 } 1499 break; 1500 case CONF_NAK: 1501 case CONF_REJ: 1502 if (h->ident != sp->confid[cp->protoidx]) { 1503 if (debug) 1504 addlog("%s: %s id mismatch 0x%x != 0x%x\n", 1505 ifp->if_xname, cp->name, 1506 h->ident, sp->confid[cp->protoidx]); 1507 ++ifp->if_ierrors; 1508 break; 1509 } 1510 if (h->type == CONF_NAK) 1511 (cp->RCN_nak)(sp, h, len); 1512 else /* CONF_REJ */ 1513 (cp->RCN_rej)(sp, h, len); 1514 1515 switch (sp->state[cp->protoidx]) { 1516 case STATE_CLOSED: 1517 case STATE_STOPPED: 1518 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1519 break; 1520 case STATE_REQ_SENT: 1521 case STATE_ACK_SENT: 1522 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1523 (cp->scr)(sp); 1524 break; 1525 case STATE_OPENED: 1526 (cp->tld)(sp); 1527 /* fall through */ 1528 case STATE_ACK_RCVD: 1529 sppp_cp_change_state(cp, sp, STATE_ACK_SENT); 1530 (cp->scr)(sp); 1531 break; 1532 case STATE_CLOSING: 1533 case STATE_STOPPING: 1534 break; 1535 default: 1536 printf("%s: %s illegal %s in state %s\n", 1537 ifp->if_xname, cp->name, 1538 sppp_cp_type_name(h->type), 1539 sppp_state_name(sp->state[cp->protoidx])); 1540 ++ifp->if_ierrors; 1541 } 1542 break; 1543 1544 case TERM_REQ: 1545 switch (sp->state[cp->protoidx]) { 1546 case STATE_ACK_RCVD: 1547 case STATE_ACK_SENT: 1548 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1549 /* fall through */ 1550 case STATE_CLOSED: 1551 case STATE_STOPPED: 1552 case STATE_CLOSING: 1553 case STATE_STOPPING: 1554 case STATE_REQ_SENT: 1555 sta: 1556 /* Send Terminate-Ack packet. */ 1557 if (debug) 1558 log(LOG_DEBUG, "%s: %s send terminate-ack\n", 1559 ifp->if_xname, cp->name); 1560 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0); 1561 break; 1562 case STATE_OPENED: 1563 (cp->tld)(sp); 1564 sp->rst_counter[cp->protoidx] = 0; 1565 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1566 goto sta; 1567 default: 1568 printf("%s: %s illegal %s in state %s\n", 1569 ifp->if_xname, cp->name, 1570 sppp_cp_type_name(h->type), 1571 sppp_state_name(sp->state[cp->protoidx])); 1572 ++ifp->if_ierrors; 1573 } 1574 break; 1575 case TERM_ACK: 1576 switch (sp->state[cp->protoidx]) { 1577 case STATE_CLOSED: 1578 case STATE_STOPPED: 1579 case STATE_REQ_SENT: 1580 case STATE_ACK_SENT: 1581 break; 1582 case STATE_CLOSING: 1583 (cp->tlf)(sp); 1584 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1585 sppp_lcp_check_and_close(sp); 1586 break; 1587 case STATE_STOPPING: 1588 (cp->tlf)(sp); 1589 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1590 sppp_lcp_check_and_close(sp); 1591 break; 1592 case STATE_ACK_RCVD: 1593 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1594 break; 1595 case STATE_OPENED: 1596 (cp->tld)(sp); 1597 (cp->scr)(sp); 1598 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); 1599 break; 1600 default: 1601 printf("%s: %s illegal %s in state %s\n", 1602 ifp->if_xname, cp->name, 1603 sppp_cp_type_name(h->type), 1604 sppp_state_name(sp->state[cp->protoidx])); 1605 ++ifp->if_ierrors; 1606 } 1607 break; 1608 case CODE_REJ: 1609 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1610 log(LOG_INFO, 1611 "%s: %s: ignoring RXJ (%s) for code ?, " 1612 "danger will robinson\n", 1613 ifp->if_xname, cp->name, 1614 sppp_cp_type_name(h->type)); 1615 switch (sp->state[cp->protoidx]) { 1616 case STATE_CLOSED: 1617 case STATE_STOPPED: 1618 case STATE_REQ_SENT: 1619 case STATE_ACK_SENT: 1620 case STATE_CLOSING: 1621 case STATE_STOPPING: 1622 case STATE_OPENED: 1623 break; 1624 case STATE_ACK_RCVD: 1625 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1626 break; 1627 default: 1628 printf("%s: %s illegal %s in state %s\n", 1629 ifp->if_xname, cp->name, 1630 sppp_cp_type_name(h->type), 1631 sppp_state_name(sp->state[cp->protoidx])); 1632 ++ifp->if_ierrors; 1633 } 1634 break; 1635 case PROTO_REJ: 1636 { 1637 int catastrophic; 1638 const struct cp *upper; 1639 int i; 1640 u_int16_t proto; 1641 1642 catastrophic = 0; 1643 upper = NULL; 1644 proto = p[0] << 8 | p[1]; 1645 for (i = 0; i < IDX_COUNT; i++) { 1646 if (cps[i]->proto == proto) { 1647 upper = cps[i]; 1648 break; 1649 } 1650 } 1651 if (upper == NULL) 1652 catastrophic++; 1653 1654 if (debug) 1655 log(LOG_INFO, 1656 "%s: %s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", 1657 ifp->if_xname, cp->name, catastrophic ? '-' : '+', 1658 sppp_cp_type_name(h->type), proto, 1659 upper ? upper->name : "unknown", 1660 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?"); 1661 1662 /* 1663 * if we got RXJ+ against conf-req, the peer does not implement 1664 * this particular protocol type. terminate the protocol. 1665 */ 1666 if (upper && !catastrophic) { 1667 if (sp->state[upper->protoidx] == STATE_REQ_SENT) { 1668 upper->Close(sp); 1669 break; 1670 } 1671 } 1672 1673 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ 1674 switch (sp->state[cp->protoidx]) { 1675 case STATE_CLOSED: 1676 case STATE_STOPPED: 1677 case STATE_REQ_SENT: 1678 case STATE_ACK_SENT: 1679 case STATE_CLOSING: 1680 case STATE_STOPPING: 1681 case STATE_OPENED: 1682 break; 1683 case STATE_ACK_RCVD: 1684 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1685 break; 1686 default: 1687 printf("%s: %s illegal %s in state %s\n", 1688 ifp->if_xname, cp->name, 1689 sppp_cp_type_name(h->type), 1690 sppp_state_name(sp->state[cp->protoidx])); 1691 ++ifp->if_ierrors; 1692 } 1693 break; 1694 } 1695 case DISC_REQ: 1696 if (cp->proto != PPP_LCP) 1697 goto illegal; 1698 /* Discard the packet. */ 1699 break; 1700 case ECHO_REQ: 1701 if (cp->proto != PPP_LCP) 1702 goto illegal; 1703 if (sp->state[cp->protoidx] != STATE_OPENED) { 1704 if (debug) 1705 addlog("%s: lcp echo req but lcp closed\n", 1706 ifp->if_xname); 1707 ++ifp->if_ierrors; 1708 break; 1709 } 1710 if (len < 8) { 1711 if (debug) 1712 addlog("%s: invalid lcp echo request " 1713 "packet length: %d bytes\n", 1714 ifp->if_xname, len); 1715 break; 1716 } 1717 memcpy(&u32, h + 1, sizeof u32); 1718 if (ntohl(u32) == sp->lcp.magic) { 1719 /* Line loopback mode detected. */ 1720 printf("%s: loopback\n", ifp->if_xname); 1721 if_down(ifp); 1722 IF_PURGE(&sp->pp_cpq); 1723 1724 /* Shut down the PPP link. */ 1725 /* XXX */ 1726 lcp.Down(sp); 1727 lcp.Up(sp); 1728 break; 1729 } 1730 u32 = htonl(sp->lcp.magic); 1731 memcpy(h + 1, &u32, sizeof u32); 1732 if (debug) 1733 addlog("%s: got lcp echo req, sending echo rep\n", 1734 ifp->if_xname); 1735 sppp_cp_send(sp, PPP_LCP, ECHO_REPLY, h->ident, len - 4, 1736 h + 1); 1737 break; 1738 case ECHO_REPLY: 1739 if (cp->proto != PPP_LCP) 1740 goto illegal; 1741 if (h->ident != sp->lcp.echoid) { 1742 ++ifp->if_ierrors; 1743 break; 1744 } 1745 if (len < 8) { 1746 if (debug) 1747 addlog("%s: lcp invalid echo reply " 1748 "packet length: %d bytes\n", 1749 ifp->if_xname, len); 1750 break; 1751 } 1752 if (debug) 1753 addlog("%s: lcp got echo rep\n", 1754 ifp->if_xname); 1755 memcpy(&u32, h + 1, sizeof u32); 1756 if (ntohl(u32) != sp->lcp.magic) 1757 sp->pp_alivecnt = 0; 1758 break; 1759 default: 1760 /* Unknown packet type -- send Code-Reject packet. */ 1761 illegal: 1762 if (debug) 1763 addlog("%s: %s send code-rej for 0x%x\n", 1764 ifp->if_xname, cp->name, h->type); 1765 sppp_cp_send(sp, cp->proto, CODE_REJ, 1766 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h); 1767 ++ifp->if_ierrors; 1768 } 1769 } 1770 1771 1772 /* 1773 * The generic part of all Up/Down/Open/Close/TO event handlers. 1774 * Basically, the state transition handling in the automaton. 1775 */ 1776 static void 1777 sppp_up_event(const struct cp *cp, struct sppp *sp) 1778 { 1779 STDDCL; 1780 1781 if (debug) 1782 log(LOG_DEBUG, "%s: %s up(%s)\n", 1783 ifp->if_xname, cp->name, 1784 sppp_state_name(sp->state[cp->protoidx])); 1785 1786 switch (sp->state[cp->protoidx]) { 1787 case STATE_INITIAL: 1788 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1789 break; 1790 case STATE_STARTING: 1791 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1792 (cp->scr)(sp); 1793 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1794 break; 1795 default: 1796 printf("%s: %s illegal up in state %s\n", 1797 ifp->if_xname, cp->name, 1798 sppp_state_name(sp->state[cp->protoidx])); 1799 } 1800 } 1801 1802 static void 1803 sppp_down_event(const struct cp *cp, struct sppp *sp) 1804 { 1805 STDDCL; 1806 1807 if (debug) 1808 log(LOG_DEBUG, "%s: %s down(%s)\n", 1809 ifp->if_xname, cp->name, 1810 sppp_state_name(sp->state[cp->protoidx])); 1811 1812 switch (sp->state[cp->protoidx]) { 1813 case STATE_CLOSED: 1814 case STATE_CLOSING: 1815 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1816 break; 1817 case STATE_STOPPED: 1818 (cp->tls)(sp); 1819 /* fall through */ 1820 case STATE_STOPPING: 1821 case STATE_REQ_SENT: 1822 case STATE_ACK_RCVD: 1823 case STATE_ACK_SENT: 1824 sppp_cp_change_state(cp, sp, STATE_STARTING); 1825 break; 1826 case STATE_OPENED: 1827 (cp->tld)(sp); 1828 sppp_cp_change_state(cp, sp, STATE_STARTING); 1829 break; 1830 default: 1831 printf("%s: %s illegal down in state %s\n", 1832 ifp->if_xname, cp->name, 1833 sppp_state_name(sp->state[cp->protoidx])); 1834 } 1835 } 1836 1837 1838 static void 1839 sppp_open_event(const struct cp *cp, struct sppp *sp) 1840 { 1841 STDDCL; 1842 1843 if (debug) 1844 log(LOG_DEBUG, "%s: %s open(%s)\n", 1845 ifp->if_xname, cp->name, 1846 sppp_state_name(sp->state[cp->protoidx])); 1847 1848 switch (sp->state[cp->protoidx]) { 1849 case STATE_INITIAL: 1850 sppp_cp_change_state(cp, sp, STATE_STARTING); 1851 (cp->tls)(sp); 1852 break; 1853 case STATE_STARTING: 1854 break; 1855 case STATE_CLOSED: 1856 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure; 1857 (cp->scr)(sp); 1858 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1859 break; 1860 case STATE_STOPPED: 1861 case STATE_STOPPING: 1862 case STATE_REQ_SENT: 1863 case STATE_ACK_RCVD: 1864 case STATE_ACK_SENT: 1865 case STATE_OPENED: 1866 break; 1867 case STATE_CLOSING: 1868 sppp_cp_change_state(cp, sp, STATE_STOPPING); 1869 break; 1870 } 1871 } 1872 1873 1874 static void 1875 sppp_close_event(const struct cp *cp, struct sppp *sp) 1876 { 1877 STDDCL; 1878 1879 if (debug) 1880 log(LOG_DEBUG, "%s: %s close(%s)\n", 1881 ifp->if_xname, cp->name, 1882 sppp_state_name(sp->state[cp->protoidx])); 1883 1884 switch (sp->state[cp->protoidx]) { 1885 case STATE_INITIAL: 1886 case STATE_CLOSED: 1887 case STATE_CLOSING: 1888 break; 1889 case STATE_STARTING: 1890 sppp_cp_change_state(cp, sp, STATE_INITIAL); 1891 (cp->tlf)(sp); 1892 break; 1893 case STATE_STOPPED: 1894 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1895 break; 1896 case STATE_STOPPING: 1897 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1898 break; 1899 case STATE_OPENED: 1900 (cp->tld)(sp); 1901 /* fall through */ 1902 case STATE_REQ_SENT: 1903 case STATE_ACK_RCVD: 1904 case STATE_ACK_SENT: 1905 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate; 1906 sppp_cp_send(sp, cp->proto, TERM_REQ, 1907 ++sp->pp_seq[cp->protoidx], 0, 0); 1908 sppp_cp_change_state(cp, sp, STATE_CLOSING); 1909 break; 1910 } 1911 } 1912 1913 static void 1914 sppp_to_event(const struct cp *cp, struct sppp *sp) 1915 { 1916 STDDCL; 1917 int s; 1918 1919 s = splnet(); 1920 if (debug) 1921 log(LOG_DEBUG, "%s: %s TO(%s) rst_counter = %d\n", 1922 ifp->if_xname, cp->name, 1923 sppp_state_name(sp->state[cp->protoidx]), 1924 sp->rst_counter[cp->protoidx]); 1925 1926 if (--sp->rst_counter[cp->protoidx] < 0) 1927 /* TO- event */ 1928 switch (sp->state[cp->protoidx]) { 1929 case STATE_CLOSING: 1930 (cp->tlf)(sp); 1931 sppp_cp_change_state(cp, sp, STATE_CLOSED); 1932 sppp_lcp_check_and_close(sp); 1933 break; 1934 case STATE_STOPPING: 1935 (cp->tlf)(sp); 1936 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1937 sppp_lcp_check_and_close(sp); 1938 break; 1939 case STATE_REQ_SENT: 1940 case STATE_ACK_RCVD: 1941 case STATE_ACK_SENT: 1942 (cp->tlf)(sp); 1943 sppp_cp_change_state(cp, sp, STATE_STOPPED); 1944 sppp_lcp_check_and_close(sp); 1945 break; 1946 } 1947 else 1948 /* TO+ event */ 1949 switch (sp->state[cp->protoidx]) { 1950 case STATE_CLOSING: 1951 case STATE_STOPPING: 1952 sppp_cp_send(sp, cp->proto, TERM_REQ, 1953 ++sp->pp_seq[cp->protoidx], 0, 0); 1954 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1955 cp->TO, sp); 1956 break; 1957 case STATE_REQ_SENT: 1958 case STATE_ACK_RCVD: 1959 (cp->scr)(sp); 1960 /* sppp_cp_change_state() will restart the timer */ 1961 sppp_cp_change_state(cp, sp, STATE_REQ_SENT); 1962 break; 1963 case STATE_ACK_SENT: 1964 (cp->scr)(sp); 1965 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1966 cp->TO, sp); 1967 break; 1968 } 1969 1970 splx(s); 1971 } 1972 1973 /* 1974 * Change the state of a control protocol in the state automaton. 1975 * Takes care of starting/stopping the restart timer. 1976 */ 1977 void 1978 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) 1979 { 1980 sp->state[cp->protoidx] = newstate; 1981 callout_stop(&sp->ch[cp->protoidx]); 1982 switch (newstate) { 1983 case STATE_INITIAL: 1984 case STATE_STARTING: 1985 case STATE_CLOSED: 1986 case STATE_STOPPED: 1987 case STATE_OPENED: 1988 break; 1989 case STATE_CLOSING: 1990 case STATE_STOPPING: 1991 case STATE_REQ_SENT: 1992 case STATE_ACK_RCVD: 1993 case STATE_ACK_SENT: 1994 callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout, 1995 cp->TO, sp); 1996 break; 1997 } 1998 } 1999 2000 /* 2001 *--------------------------------------------------------------------------* 2002 * * 2003 * The LCP implementation. * 2004 * * 2005 *--------------------------------------------------------------------------* 2006 */ 2007 static void 2008 sppp_lcp_init(struct sppp *sp) 2009 { 2010 sp->lcp.opts = (1 << LCP_OPT_MAGIC); 2011 sp->lcp.magic = 0; 2012 sp->state[IDX_LCP] = STATE_INITIAL; 2013 sp->fail_counter[IDX_LCP] = 0; 2014 sp->pp_seq[IDX_LCP] = 0; 2015 sp->pp_rseq[IDX_LCP] = 0; 2016 sp->lcp.protos = 0; 2017 sp->lcp.mru = sp->lcp.their_mru = PP_MTU; 2018 2019 /* 2020 * Initialize counters and timeout values. Note that we don't 2021 * use the 3 seconds suggested in RFC 1661 since we are likely 2022 * running on a fast link. XXX We should probably implement 2023 * the exponential backoff option. Note that these values are 2024 * relevant for all control protocols, not just LCP only. 2025 */ 2026 sp->lcp.timeout = 1 * hz; 2027 sp->lcp.max_terminate = 2; 2028 sp->lcp.max_configure = 10; 2029 sp->lcp.max_failure = 10; 2030 callout_init(&sp->ch[IDX_LCP]); 2031 } 2032 2033 static void 2034 sppp_lcp_up(struct sppp *sp) 2035 { 2036 STDDCL; 2037 2038 /* Initialize activity timestamp: opening a connection is an activity */ 2039 sp->pp_last_receive = sp->pp_last_activity = mono_time.tv_sec; 2040 2041 /* 2042 * If this interface is passive or dial-on-demand, and we are 2043 * still in Initial state, it means we've got an incoming 2044 * call. Activate the interface. 2045 */ 2046 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { 2047 if (debug) 2048 log(LOG_DEBUG, 2049 "%s: Up event", ifp->if_xname); 2050 ifp->if_flags |= IFF_RUNNING; 2051 if (sp->state[IDX_LCP] == STATE_INITIAL) { 2052 if (debug) 2053 addlog("(incoming call)\n"); 2054 sp->pp_flags |= PP_CALLIN; 2055 lcp.Open(sp); 2056 } else if (debug) 2057 addlog("\n"); 2058 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && 2059 (sp->state[IDX_LCP] == STATE_INITIAL)) { 2060 ifp->if_flags |= IFF_RUNNING; 2061 lcp.Open(sp); 2062 } 2063 2064 sppp_up_event(&lcp, sp); 2065 } 2066 2067 static void 2068 sppp_lcp_down(struct sppp *sp) 2069 { 2070 STDDCL; 2071 2072 sppp_down_event(&lcp, sp); 2073 2074 /* 2075 * If this is neither a dial-on-demand nor a passive 2076 * interface, simulate an ``ifconfig down'' action, so the 2077 * administrator can force a redial by another ``ifconfig 2078 * up''. XXX For leased line operation, should we immediately 2079 * try to reopen the connection here? 2080 */ 2081 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { 2082 if (debug) 2083 log(LOG_INFO, 2084 "%s: Down event (carrier loss), taking interface down.\n", 2085 ifp->if_xname); 2086 if_down(ifp); 2087 } else { 2088 if (debug) 2089 log(LOG_DEBUG, 2090 "%s: Down event (carrier loss)\n", 2091 ifp->if_xname); 2092 } 2093 sp->pp_flags &= ~PP_CALLIN; 2094 if (sp->state[IDX_LCP] != STATE_INITIAL) 2095 lcp.Close(sp); 2096 ifp->if_flags &= ~IFF_RUNNING; 2097 } 2098 2099 static void 2100 sppp_lcp_open(struct sppp *sp) 2101 { 2102 /* 2103 * If we are authenticator, negotiate LCP_AUTH 2104 */ 2105 if (sp->hisauth.proto != 0) 2106 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 2107 else 2108 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2109 sp->pp_flags &= ~PP_NEEDAUTH; 2110 sppp_open_event(&lcp, sp); 2111 } 2112 2113 static void 2114 sppp_lcp_close(struct sppp *sp) 2115 { 2116 sppp_close_event(&lcp, sp); 2117 } 2118 2119 static void 2120 sppp_lcp_TO(void *cookie) 2121 { 2122 sppp_to_event(&lcp, (struct sppp *)cookie); 2123 } 2124 2125 /* 2126 * Analyze a configure request. Return true if it was agreeable, and 2127 * caused action sca, false if it has been rejected or nak'ed, and 2128 * caused action scn. (The return value is used to make the state 2129 * transition decision in the state automaton.) 2130 */ 2131 static int 2132 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2133 { 2134 STDDCL; 2135 u_char *buf, *r, *p; 2136 int origlen, rlen; 2137 u_int32_t nmagic; 2138 u_short authproto; 2139 2140 len -= 4; 2141 origlen = len; 2142 buf = r = malloc (len, M_TEMP, M_NOWAIT); 2143 if (! buf) 2144 return (0); 2145 2146 if (debug) 2147 log(LOG_DEBUG, "%s: lcp parse opts:", 2148 ifp->if_xname); 2149 2150 /* pass 1: check for things that need to be rejected */ 2151 p = (void *)(h + 1); 2152 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2153 if (debug) 2154 addlog(" %s", sppp_lcp_opt_name(*p)); 2155 switch (*p) { 2156 case LCP_OPT_MAGIC: 2157 /* Magic number. */ 2158 /* fall through, both are same length */ 2159 case LCP_OPT_ASYNC_MAP: 2160 /* Async control character map. */ 2161 if (len >= 6 || p[1] == 6) 2162 continue; 2163 if (debug) 2164 addlog(" [invalid]"); 2165 break; 2166 case LCP_OPT_MRU: 2167 /* Maximum receive unit. */ 2168 if (len >= 4 && p[1] == 4) 2169 continue; 2170 if (debug) 2171 addlog(" [invalid]"); 2172 break; 2173 case LCP_OPT_AUTH_PROTO: 2174 if (len < 4) { 2175 if (debug) 2176 addlog(" [invalid]"); 2177 break; 2178 } 2179 authproto = (p[2] << 8) + p[3]; 2180 if (authproto == PPP_CHAP && p[1] != 5) { 2181 if (debug) 2182 addlog(" [invalid chap len]"); 2183 break; 2184 } 2185 if (sp->myauth.proto == 0) { 2186 /* we are not configured to do auth */ 2187 if (debug) 2188 addlog(" [not configured]"); 2189 break; 2190 } 2191 /* 2192 * Remote want us to authenticate, remember this, 2193 * so we stay in SPPP_PHASE_AUTHENTICATE after LCP got 2194 * up. 2195 */ 2196 sp->pp_flags |= PP_NEEDAUTH; 2197 continue; 2198 default: 2199 /* Others not supported. */ 2200 if (debug) 2201 addlog(" [rej]"); 2202 break; 2203 } 2204 /* Add the option to rejected list. */ 2205 bcopy (p, r, p[1]); 2206 r += p[1]; 2207 rlen += p[1]; 2208 } 2209 if (rlen) { 2210 if (debug) 2211 addlog(" send conf-rej\n"); 2212 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2213 goto end; 2214 } else if (debug) 2215 addlog("\n"); 2216 2217 /* 2218 * pass 2: check for option values that are unacceptable and 2219 * thus require to be nak'ed. 2220 */ 2221 if (debug) 2222 log(LOG_DEBUG, "%s: lcp parse opt values: ", 2223 ifp->if_xname); 2224 2225 p = (void *)(h + 1); 2226 len = origlen; 2227 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2228 if (debug) 2229 addlog(" %s", sppp_lcp_opt_name(*p)); 2230 switch (*p) { 2231 case LCP_OPT_MAGIC: 2232 /* Magic number -- extract. */ 2233 nmagic = (u_int32_t)p[2] << 24 | 2234 (u_int32_t)p[3] << 16 | p[4] << 8 | p[5]; 2235 if (nmagic != sp->lcp.magic) { 2236 if (debug) 2237 addlog(" 0x%x", nmagic); 2238 continue; 2239 } 2240 /* 2241 * Local and remote magics equal -- loopback? 2242 */ 2243 if (sp->pp_loopcnt >= LOOPALIVECNT*5) { 2244 printf ("%s: loopback\n", 2245 ifp->if_xname); 2246 sp->pp_loopcnt = 0; 2247 if (ifp->if_flags & IFF_UP) { 2248 if_down(ifp); 2249 IF_PURGE(&sp->pp_cpq); 2250 /* XXX ? */ 2251 lcp.Down(sp); 2252 lcp.Up(sp); 2253 } 2254 } else if (debug) 2255 addlog(" [glitch]"); 2256 ++sp->pp_loopcnt; 2257 /* 2258 * We negate our magic here, and NAK it. If 2259 * we see it later in an NAK packet, we 2260 * suggest a new one. 2261 */ 2262 nmagic = ~sp->lcp.magic; 2263 /* Gonna NAK it. */ 2264 p[2] = nmagic >> 24; 2265 p[3] = nmagic >> 16; 2266 p[4] = nmagic >> 8; 2267 p[5] = nmagic; 2268 break; 2269 2270 case LCP_OPT_ASYNC_MAP: 2271 /* 2272 * Async control character map -- just ignore it. 2273 * 2274 * Quote from RFC 1662, chapter 6: 2275 * To enable this functionality, synchronous PPP 2276 * implementations MUST always respond to the 2277 * Async-Control-Character-Map Configuration 2278 * Option with the LCP Configure-Ack. However, 2279 * acceptance of the Configuration Option does 2280 * not imply that the synchronous implementation 2281 * will do any ACCM mapping. Instead, all such 2282 * octet mapping will be performed by the 2283 * asynchronous-to-synchronous converter. 2284 */ 2285 continue; 2286 2287 case LCP_OPT_MRU: 2288 /* 2289 * Maximum receive unit. Always agreeable, 2290 * but ignored by now. 2291 */ 2292 sp->lcp.their_mru = p[2] * 256 + p[3]; 2293 if (debug) 2294 addlog(" %ld", sp->lcp.their_mru); 2295 continue; 2296 2297 case LCP_OPT_AUTH_PROTO: 2298 authproto = (p[2] << 8) + p[3]; 2299 if (sp->myauth.proto != authproto) { 2300 /* not agreed, nak */ 2301 if (debug) 2302 addlog(" [mine %s != his %s]", 2303 sppp_proto_name(sp->myauth.proto), 2304 sppp_proto_name(authproto)); 2305 p[2] = sp->myauth.proto >> 8; 2306 p[3] = sp->myauth.proto; 2307 break; 2308 } 2309 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { 2310 if (debug) 2311 addlog(" [chap not MD5]"); 2312 p[4] = CHAP_MD5; 2313 break; 2314 } 2315 continue; 2316 } 2317 /* Add the option to nak'ed list. */ 2318 bcopy (p, r, p[1]); 2319 r += p[1]; 2320 rlen += p[1]; 2321 } 2322 if (rlen) { 2323 if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) { 2324 if (debug) 2325 addlog(" max_failure (%d) exceeded, " 2326 "send conf-rej\n", 2327 sp->lcp.max_failure); 2328 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf); 2329 } else { 2330 if (debug) 2331 addlog(" send conf-nak\n"); 2332 sppp_cp_send(sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf); 2333 } 2334 goto end; 2335 } else { 2336 if (debug) 2337 addlog(" send conf-ack\n"); 2338 sp->fail_counter[IDX_LCP] = 0; 2339 sp->pp_loopcnt = 0; 2340 sppp_cp_send(sp, PPP_LCP, CONF_ACK, h->ident, origlen, h + 1); 2341 } 2342 2343 end: 2344 free(buf, M_TEMP); 2345 return (rlen == 0); 2346 } 2347 2348 /* 2349 * Analyze the LCP Configure-Reject option list, and adjust our 2350 * negotiation. 2351 */ 2352 static void 2353 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2354 { 2355 STDDCL; 2356 u_char *buf, *p; 2357 2358 len -= 4; 2359 buf = malloc (len, M_TEMP, M_NOWAIT); 2360 if (!buf) 2361 return; 2362 2363 if (debug) 2364 log(LOG_DEBUG, "%s: lcp rej opts:", 2365 ifp->if_xname); 2366 2367 p = (void *)(h + 1); 2368 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2369 if (debug) 2370 addlog(" %s", sppp_lcp_opt_name(*p)); 2371 switch (*p) { 2372 case LCP_OPT_MAGIC: 2373 /* Magic number -- can't use it, use 0 */ 2374 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); 2375 sp->lcp.magic = 0; 2376 break; 2377 case LCP_OPT_MRU: 2378 /* 2379 * Should not be rejected anyway, since we only 2380 * negotiate a MRU if explicitly requested by 2381 * peer. 2382 */ 2383 sp->lcp.opts &= ~(1 << LCP_OPT_MRU); 2384 break; 2385 case LCP_OPT_AUTH_PROTO: 2386 /* 2387 * Peer doesn't want to authenticate himself, 2388 * deny unless this is a dialout call, and 2389 * SPPP_AUTHFLAG_NOCALLOUT is set. 2390 */ 2391 if ((sp->pp_flags & PP_CALLIN) == 0 && 2392 (sp->hisauth.flags & SPPP_AUTHFLAG_NOCALLOUT) != 0) { 2393 if (debug) 2394 addlog(" [don't insist on auth " 2395 "for callout]"); 2396 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 2397 break; 2398 } 2399 if (debug) 2400 addlog("[access denied]\n"); 2401 lcp.Close(sp); 2402 break; 2403 } 2404 } 2405 if (debug) 2406 addlog("\n"); 2407 free(buf, M_TEMP); 2408 return; 2409 } 2410 2411 /* 2412 * Analyze the LCP Configure-NAK option list, and adjust our 2413 * negotiation. 2414 */ 2415 static void 2416 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 2417 { 2418 STDDCL; 2419 u_char *buf, *p; 2420 u_int32_t magic; 2421 2422 len -= 4; 2423 buf = malloc (len, M_TEMP, M_NOWAIT); 2424 if (!buf) 2425 return; 2426 2427 if (debug) 2428 log(LOG_DEBUG, "%s: lcp nak opts:", 2429 ifp->if_xname); 2430 2431 p = (void *)(h + 1); 2432 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 2433 if (debug) 2434 addlog(" %s", sppp_lcp_opt_name(*p)); 2435 switch (*p) { 2436 case LCP_OPT_MAGIC: 2437 /* Magic number -- renegotiate */ 2438 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && 2439 len >= 6 && p[1] == 6) { 2440 magic = (u_int32_t)p[2] << 24 | 2441 (u_int32_t)p[3] << 16 | p[4] << 8 | p[5]; 2442 /* 2443 * If the remote magic is our negated one, 2444 * this looks like a loopback problem. 2445 * Suggest a new magic to make sure. 2446 */ 2447 if (magic == ~sp->lcp.magic) { 2448 if (debug) 2449 addlog(" magic glitch"); 2450 sp->lcp.magic = arc4random(); 2451 } else { 2452 sp->lcp.magic = magic; 2453 if (debug) 2454 addlog(" %d", magic); 2455 } 2456 } 2457 break; 2458 case LCP_OPT_MRU: 2459 /* 2460 * Peer wants to advise us to negotiate an MRU. 2461 * Agree on it if it's reasonable, or use 2462 * default otherwise. 2463 */ 2464 if (len >= 4 && p[1] == 4) { 2465 u_int mru = p[2] * 256 + p[3]; 2466 if (debug) 2467 addlog(" %d", mru); 2468 if (mru < PP_MTU || mru > PP_MAX_MRU) 2469 mru = PP_MTU; 2470 sp->lcp.mru = mru; 2471 sp->lcp.opts |= (1 << LCP_OPT_MRU); 2472 } 2473 break; 2474 case LCP_OPT_AUTH_PROTO: 2475 /* 2476 * Peer doesn't like our authentication method, 2477 * deny. 2478 */ 2479 if (debug) 2480 addlog("[access denied]\n"); 2481 lcp.Close(sp); 2482 break; 2483 } 2484 } 2485 if (debug) 2486 addlog("\n"); 2487 free(buf, M_TEMP); 2488 return; 2489 } 2490 2491 static void 2492 sppp_lcp_tlu(struct sppp *sp) 2493 { 2494 STDDCL; 2495 int i; 2496 u_int32_t mask; 2497 2498 /* XXX ? */ 2499 if (! (ifp->if_flags & IFF_UP) && 2500 (ifp->if_flags & IFF_RUNNING)) { 2501 /* Coming out of loopback mode. */ 2502 if_up(ifp); 2503 } 2504 2505 for (i = 0; i < IDX_COUNT; i++) 2506 if ((cps[i])->flags & CP_QUAL) 2507 (cps[i])->Open(sp); 2508 2509 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || 2510 (sp->pp_flags & PP_NEEDAUTH) != 0) 2511 sp->pp_phase = SPPP_PHASE_AUTHENTICATE; 2512 else 2513 sp->pp_phase = SPPP_PHASE_NETWORK; 2514 2515 if (debug) 2516 { 2517 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 2518 sppp_phase_name(sp->pp_phase)); 2519 } 2520 2521 /* 2522 * Open all authentication protocols. This is even required 2523 * if we already proceeded to network phase, since it might be 2524 * that remote wants us to authenticate, so we might have to 2525 * send a PAP request. Undesired authentication protocols 2526 * don't do anything when they get an Open event. 2527 */ 2528 for (i = 0; i < IDX_COUNT; i++) 2529 if ((cps[i])->flags & CP_AUTH) 2530 (cps[i])->Open(sp); 2531 2532 if (sp->pp_phase == SPPP_PHASE_NETWORK) { 2533 /* Notify all NCPs. */ 2534 for (i = 0; i < IDX_COUNT; i++) 2535 if ((cps[i])->flags & CP_NCP) 2536 (cps[i])->Open(sp); 2537 } 2538 2539 /* Send Up events to all started protos. */ 2540 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2541 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) 2542 (cps[i])->Up(sp); 2543 2544 /* notify low-level driver of state change */ 2545 if (sp->pp_chg) 2546 sp->pp_chg(sp, (int)sp->pp_phase); 2547 2548 if (sp->pp_phase == SPPP_PHASE_NETWORK) 2549 /* if no NCP is starting, close down */ 2550 sppp_lcp_check_and_close(sp); 2551 } 2552 2553 static void 2554 sppp_lcp_tld(struct sppp *sp) 2555 { 2556 STDDCL; 2557 int i; 2558 u_int32_t mask; 2559 2560 sp->pp_phase = SPPP_PHASE_TERMINATE; 2561 2562 if (debug) 2563 { 2564 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 2565 sppp_phase_name(sp->pp_phase)); 2566 } 2567 2568 /* 2569 * Take upper layers down. We send the Down event first and 2570 * the Close second to prevent the upper layers from sending 2571 * ``a flurry of terminate-request packets'', as the RFC 2572 * describes it. 2573 */ 2574 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2575 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) { 2576 (cps[i])->Down(sp); 2577 (cps[i])->Close(sp); 2578 } 2579 } 2580 2581 static void 2582 sppp_lcp_tls(struct sppp *sp) 2583 { 2584 STDDCL; 2585 2586 if (sp->pp_max_auth_fail != 0 && sp->pp_auth_failures >= sp->pp_max_auth_fail) { 2587 printf("%s: authentication failed %d times, not retrying again\n", 2588 sp->pp_if.if_xname, sp->pp_auth_failures); 2589 if_down(&sp->pp_if); 2590 return; 2591 } 2592 2593 sp->pp_phase = SPPP_PHASE_ESTABLISH; 2594 2595 if (debug) 2596 { 2597 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 2598 sppp_phase_name(sp->pp_phase)); 2599 } 2600 2601 /* Notify lower layer if desired. */ 2602 if (sp->pp_tls) 2603 (sp->pp_tls)(sp); 2604 } 2605 2606 static void 2607 sppp_lcp_tlf(struct sppp *sp) 2608 { 2609 STDDCL; 2610 2611 sp->pp_phase = SPPP_PHASE_DEAD; 2612 2613 if (debug) 2614 { 2615 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 2616 sppp_phase_name(sp->pp_phase)); 2617 } 2618 2619 /* Notify lower layer if desired. */ 2620 if (sp->pp_tlf) 2621 (sp->pp_tlf)(sp); 2622 } 2623 2624 static void 2625 sppp_lcp_scr(struct sppp *sp) 2626 { 2627 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; 2628 int i = 0; 2629 u_short authproto; 2630 2631 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { 2632 if (! sp->lcp.magic) 2633 sp->lcp.magic = arc4random(); 2634 opt[i++] = LCP_OPT_MAGIC; 2635 opt[i++] = 6; 2636 opt[i++] = sp->lcp.magic >> 24; 2637 opt[i++] = sp->lcp.magic >> 16; 2638 opt[i++] = sp->lcp.magic >> 8; 2639 opt[i++] = sp->lcp.magic; 2640 } 2641 2642 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { 2643 opt[i++] = LCP_OPT_MRU; 2644 opt[i++] = 4; 2645 opt[i++] = sp->lcp.mru >> 8; 2646 opt[i++] = sp->lcp.mru; 2647 } 2648 2649 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { 2650 authproto = sp->hisauth.proto; 2651 opt[i++] = LCP_OPT_AUTH_PROTO; 2652 opt[i++] = authproto == PPP_CHAP? 5: 4; 2653 opt[i++] = authproto >> 8; 2654 opt[i++] = authproto; 2655 if (authproto == PPP_CHAP) 2656 opt[i++] = CHAP_MD5; 2657 } 2658 2659 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP]; 2660 sppp_cp_send(sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt); 2661 } 2662 2663 /* 2664 * Check the open NCPs, return true if at least one NCP is open. 2665 */ 2666 static int 2667 sppp_ncp_check(struct sppp *sp) 2668 { 2669 int i, mask; 2670 2671 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 2672 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP) 2673 return 1; 2674 return 0; 2675 } 2676 2677 /* 2678 * Re-check the open NCPs and see if we should terminate the link. 2679 * Called by the NCPs during their tlf action handling. 2680 */ 2681 static void 2682 sppp_lcp_check_and_close(struct sppp *sp) 2683 { 2684 2685 if (sp->pp_phase < SPPP_PHASE_NETWORK) 2686 /* don't bother, we are already going down */ 2687 return; 2688 2689 if (sppp_ncp_check(sp)) 2690 return; 2691 2692 lcp.Close(sp); 2693 } 2694 2695 2696 /* 2697 *--------------------------------------------------------------------------* 2698 * * 2699 * The IPCP implementation. * 2700 * * 2701 *--------------------------------------------------------------------------* 2702 */ 2703 2704 static void 2705 sppp_ipcp_init(struct sppp *sp) 2706 { 2707 sp->ipcp.opts = 0; 2708 sp->ipcp.flags = 0; 2709 sp->state[IDX_IPCP] = STATE_INITIAL; 2710 sp->fail_counter[IDX_IPCP] = 0; 2711 sp->pp_seq[IDX_IPCP] = 0; 2712 sp->pp_rseq[IDX_IPCP] = 0; 2713 callout_init(&sp->ch[IDX_IPCP]); 2714 } 2715 2716 static void 2717 sppp_ipcp_up(struct sppp *sp) 2718 { 2719 sppp_up_event(&ipcp, sp); 2720 } 2721 2722 static void 2723 sppp_ipcp_down(struct sppp *sp) 2724 { 2725 sppp_down_event(&ipcp, sp); 2726 } 2727 2728 static void 2729 sppp_ipcp_open(struct sppp *sp) 2730 { 2731 STDDCL; 2732 u_int32_t myaddr, hisaddr; 2733 2734 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN|IPCP_HISADDR_DYN); 2735 sp->ipcp.req_myaddr = 0; 2736 sp->ipcp.req_hisaddr = 0; 2737 memset(&sp->dns_addrs, 0, sizeof sp->dns_addrs); 2738 2739 #ifdef INET 2740 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 2741 #else 2742 myaddr = hisaddr = 0; 2743 #endif 2744 /* 2745 * If we don't have his address, this probably means our 2746 * interface doesn't want to talk IP at all. (This could 2747 * be the case if somebody wants to speak only IPX, for 2748 * example.) Don't open IPCP in this case. 2749 */ 2750 if (hisaddr == 0) { 2751 /* XXX this message should go away */ 2752 if (debug) 2753 log(LOG_DEBUG, "%s: ipcp_open(): no IP interface\n", 2754 ifp->if_xname); 2755 return; 2756 } 2757 2758 if (myaddr == 0) { 2759 /* 2760 * I don't have an assigned address, so i need to 2761 * negotiate my address. 2762 */ 2763 sp->ipcp.flags |= IPCP_MYADDR_DYN; 2764 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 2765 } 2766 if (hisaddr == 1) { 2767 /* 2768 * XXX - remove this hack! 2769 * remote has no valid address, we need to get one assigned. 2770 */ 2771 sp->ipcp.flags |= IPCP_HISADDR_DYN; 2772 } 2773 sppp_open_event(&ipcp, sp); 2774 } 2775 2776 static void 2777 sppp_ipcp_close(struct sppp *sp) 2778 { 2779 STDDCL; 2780 2781 sppp_close_event(&ipcp, sp); 2782 #ifdef INET 2783 if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN)) 2784 /* 2785 * Some address was dynamic, clear it again. 2786 */ 2787 sppp_clear_ip_addrs(sp); 2788 #endif 2789 2790 if (sp->pp_saved_mtu > 0) { 2791 ifp->if_mtu = sp->pp_saved_mtu; 2792 sp->pp_saved_mtu = 0; 2793 if (debug) 2794 log(LOG_DEBUG, 2795 "%s: resetting MTU to %" PRIu64 " bytes\n", 2796 ifp->if_xname, ifp->if_mtu); 2797 } 2798 } 2799 2800 static void 2801 sppp_ipcp_TO(void *cookie) 2802 { 2803 sppp_to_event(&ipcp, (struct sppp *)cookie); 2804 } 2805 2806 /* 2807 * Analyze a configure request. Return true if it was agreeable, and 2808 * caused action sca, false if it has been rejected or nak'ed, and 2809 * caused action scn. (The return value is used to make the state 2810 * transition decision in the state automaton.) 2811 */ 2812 static int 2813 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len) 2814 { 2815 u_char *buf, *r, *p; 2816 struct ifnet *ifp = &sp->pp_if; 2817 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 2818 u_int32_t hisaddr, desiredaddr; 2819 2820 len -= 4; 2821 origlen = len; 2822 /* 2823 * Make sure to allocate a buf that can at least hold a 2824 * conf-nak with an `address' option. We might need it below. 2825 */ 2826 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 2827 if (! buf) 2828 return (0); 2829 2830 /* pass 1: see if we can recognize them */ 2831 if (debug) 2832 log(LOG_DEBUG, "%s: ipcp parse opts:", 2833 ifp->if_xname); 2834 p = (void *)(h + 1); 2835 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2836 if (debug) 2837 addlog(" %s", sppp_ipcp_opt_name(*p)); 2838 switch (*p) { 2839 #ifdef notyet 2840 case IPCP_OPT_COMPRESSION: 2841 if (len >= 6 && p[1] >= 6) { 2842 /* correctly formed compress option */ 2843 continue; 2844 } 2845 if (debug) 2846 addlog(" [invalid]"); 2847 break; 2848 #endif 2849 case IPCP_OPT_ADDRESS: 2850 if (len >= 6 && p[1] == 6) { 2851 /* correctly formed address option */ 2852 continue; 2853 } 2854 if (debug) 2855 addlog(" [invalid]"); 2856 break; 2857 default: 2858 /* Others not supported. */ 2859 if (debug) 2860 addlog(" [rej]"); 2861 break; 2862 } 2863 /* Add the option to rejected list. */ 2864 bcopy (p, r, p[1]); 2865 r += p[1]; 2866 rlen += p[1]; 2867 } 2868 if (rlen) { 2869 if (debug) 2870 addlog(" send conf-rej\n"); 2871 sppp_cp_send(sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf); 2872 goto end; 2873 } else if (debug) 2874 addlog("\n"); 2875 2876 /* pass 2: parse option values */ 2877 if (sp->ipcp.flags & IPCP_HISADDR_SEEN) 2878 hisaddr = sp->ipcp.req_hisaddr; /* we already aggreed on that */ 2879 else 2880 #ifdef INET 2881 sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */ 2882 #else 2883 hisaddr = 0; 2884 #endif 2885 if (debug) 2886 log(LOG_DEBUG, "%s: ipcp parse opt values: ", 2887 ifp->if_xname); 2888 p = (void *)(h + 1); 2889 len = origlen; 2890 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 2891 if (debug) 2892 addlog(" %s", sppp_ipcp_opt_name(*p)); 2893 switch (*p) { 2894 #ifdef notyet 2895 case IPCP_OPT_COMPRESSION: 2896 continue; 2897 #endif 2898 case IPCP_OPT_ADDRESS: 2899 desiredaddr = p[2] << 24 | p[3] << 16 | 2900 p[4] << 8 | p[5]; 2901 if (desiredaddr == hisaddr || 2902 ((sp->ipcp.flags & IPCP_HISADDR_DYN) && desiredaddr != 0)) { 2903 /* 2904 * Peer's address is same as our value, 2905 * this is agreeable. Gonna conf-ack 2906 * it. 2907 */ 2908 if (debug) 2909 addlog(" %s [ack]", 2910 sppp_dotted_quad(hisaddr)); 2911 /* record that we've seen it already */ 2912 sp->ipcp.flags |= IPCP_HISADDR_SEEN; 2913 sp->ipcp.req_hisaddr = desiredaddr; 2914 hisaddr = desiredaddr; 2915 continue; 2916 } 2917 /* 2918 * The address wasn't agreeable. This is either 2919 * he sent us 0.0.0.0, asking to assign him an 2920 * address, or he send us another address not 2921 * matching our value. Either case, we gonna 2922 * conf-nak it with our value. 2923 */ 2924 if (debug) { 2925 if (desiredaddr == 0) 2926 addlog(" [addr requested]"); 2927 else 2928 addlog(" %s [not agreed]", 2929 sppp_dotted_quad(desiredaddr)); 2930 } 2931 2932 p[2] = hisaddr >> 24; 2933 p[3] = hisaddr >> 16; 2934 p[4] = hisaddr >> 8; 2935 p[5] = hisaddr; 2936 break; 2937 } 2938 /* Add the option to nak'ed list. */ 2939 bcopy (p, r, p[1]); 2940 r += p[1]; 2941 rlen += p[1]; 2942 } 2943 2944 /* 2945 * If we are about to conf-ack the request, but haven't seen 2946 * his address so far, gonna conf-nak it instead, with the 2947 * `address' option present and our idea of his address being 2948 * filled in there, to request negotiation of both addresses. 2949 * 2950 * XXX This can result in an endless req - nak loop if peer 2951 * doesn't want to send us his address. Q: What should we do 2952 * about it? XXX A: implement the max-failure counter. 2953 */ 2954 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) { 2955 buf[0] = IPCP_OPT_ADDRESS; 2956 buf[1] = 6; 2957 buf[2] = hisaddr >> 24; 2958 buf[3] = hisaddr >> 16; 2959 buf[4] = hisaddr >> 8; 2960 buf[5] = hisaddr; 2961 rlen = 6; 2962 if (debug) 2963 addlog(" still need hisaddr"); 2964 } 2965 2966 if (rlen) { 2967 if (debug) 2968 addlog(" send conf-nak\n"); 2969 sppp_cp_send(sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf); 2970 } else { 2971 if (debug) 2972 addlog(" send conf-ack\n"); 2973 sppp_cp_send(sp, PPP_IPCP, CONF_ACK, h->ident, origlen, h + 1); 2974 } 2975 2976 end: 2977 free(buf, M_TEMP); 2978 return (rlen == 0); 2979 } 2980 2981 /* 2982 * Analyze the IPCP Configure-Reject option list, and adjust our 2983 * negotiation. 2984 */ 2985 static void 2986 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 2987 { 2988 u_char *buf, *p; 2989 struct ifnet *ifp = &sp->pp_if; 2990 int debug = ifp->if_flags & IFF_DEBUG; 2991 2992 len -= 4; 2993 buf = malloc (len, M_TEMP, M_NOWAIT); 2994 if (!buf) 2995 return; 2996 2997 if (debug) 2998 log(LOG_DEBUG, "%s: ipcp rej opts:", 2999 ifp->if_xname); 3000 3001 p = (void *)(h + 1); 3002 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3003 if (debug) 3004 addlog(" %s", sppp_ipcp_opt_name(*p)); 3005 switch (*p) { 3006 case IPCP_OPT_ADDRESS: 3007 /* 3008 * Peer doesn't grok address option. This is 3009 * bad. XXX Should we better give up here? 3010 */ 3011 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); 3012 break; 3013 #ifdef notyet 3014 case IPCP_OPT_COMPRESS: 3015 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS); 3016 break; 3017 #endif 3018 } 3019 } 3020 if (debug) 3021 addlog("\n"); 3022 free(buf, M_TEMP); 3023 return; 3024 } 3025 3026 /* 3027 * Analyze the IPCP Configure-NAK option list, and adjust our 3028 * negotiation. 3029 */ 3030 static void 3031 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3032 { 3033 u_char *p; 3034 struct ifnet *ifp = &sp->pp_if; 3035 int debug = ifp->if_flags & IFF_DEBUG; 3036 u_int32_t wantaddr; 3037 3038 len -= 4; 3039 3040 if (debug) 3041 log(LOG_DEBUG, "%s: ipcp nak opts:", 3042 ifp->if_xname); 3043 3044 p = (void *)(h + 1); 3045 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3046 if (debug) 3047 addlog(" %s", sppp_ipcp_opt_name(*p)); 3048 switch (*p) { 3049 case IPCP_OPT_ADDRESS: 3050 /* 3051 * Peer doesn't like our local IP address. See 3052 * if we can do something for him. We'll drop 3053 * him our address then. 3054 */ 3055 if (len >= 6 && p[1] == 6) { 3056 wantaddr = p[2] << 24 | p[3] << 16 | 3057 p[4] << 8 | p[5]; 3058 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); 3059 if (debug) 3060 addlog(" [wantaddr %s]", 3061 sppp_dotted_quad(wantaddr)); 3062 /* 3063 * When doing dynamic address assignment, 3064 * we accept his offer. Otherwise, we 3065 * ignore it and thus continue to negotiate 3066 * our already existing value. 3067 */ 3068 if (sp->ipcp.flags & IPCP_MYADDR_DYN) { 3069 if (debug) 3070 addlog(" [agree]"); 3071 sp->ipcp.flags |= IPCP_MYADDR_SEEN; 3072 sp->ipcp.req_myaddr = wantaddr; 3073 } 3074 } 3075 break; 3076 3077 case IPCP_OPT_PRIMDNS: 3078 if (len >= 6 && p[1] == 6) { 3079 sp->dns_addrs[0] = p[2] << 24 | p[3] << 16 | 3080 p[4] << 8 | p[5]; 3081 } 3082 break; 3083 3084 case IPCP_OPT_SECDNS: 3085 if (len >= 6 && p[1] == 6) { 3086 sp->dns_addrs[1] = p[2] << 24 | p[3] << 16 | 3087 p[4] << 8 | p[5]; 3088 } 3089 break; 3090 #ifdef notyet 3091 case IPCP_OPT_COMPRESS: 3092 /* 3093 * Peer wants different compression parameters. 3094 */ 3095 break; 3096 #endif 3097 } 3098 } 3099 if (debug) 3100 addlog("\n"); 3101 return; 3102 } 3103 3104 static void 3105 sppp_ipcp_tlu(struct sppp *sp) 3106 { 3107 #ifdef INET 3108 /* we are up. Set addresses and notify anyone interested */ 3109 STDDCL; 3110 u_int32_t myaddr, hisaddr; 3111 3112 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); 3113 if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && (sp->ipcp.flags & IPCP_MYADDR_SEEN)) 3114 myaddr = sp->ipcp.req_myaddr; 3115 if ((sp->ipcp.flags & IPCP_HISADDR_DYN) && (sp->ipcp.flags & IPCP_HISADDR_SEEN)) 3116 hisaddr = sp->ipcp.req_hisaddr; 3117 sppp_set_ip_addrs(sp, myaddr, hisaddr); 3118 3119 if (ifp->if_mtu > sp->lcp.their_mru) { 3120 sp->pp_saved_mtu = ifp->if_mtu; 3121 ifp->if_mtu = sp->lcp.their_mru; 3122 if (debug) 3123 log(LOG_DEBUG, 3124 "%s: setting MTU to %" PRIu64 " bytes\n", 3125 ifp->if_xname, ifp->if_mtu); 3126 } 3127 3128 if (sp->pp_con) 3129 sp->pp_con(sp); 3130 #endif 3131 } 3132 3133 static void 3134 sppp_ipcp_tld(struct sppp *sp) 3135 { 3136 } 3137 3138 static void 3139 sppp_ipcp_tls(struct sppp *sp) 3140 { 3141 /* indicate to LCP that it must stay alive */ 3142 sp->lcp.protos |= (1 << IDX_IPCP); 3143 } 3144 3145 static void 3146 sppp_ipcp_tlf(struct sppp *sp) 3147 { 3148 /* we no longer need LCP */ 3149 sp->lcp.protos &= ~(1 << IDX_IPCP); 3150 } 3151 3152 static void 3153 sppp_ipcp_scr(struct sppp *sp) 3154 { 3155 char opt[6 /* compression */ + 6 /* address */ + 12 /* dns addresses */]; 3156 #ifdef INET 3157 u_int32_t ouraddr; 3158 #endif 3159 int i = 0; 3160 3161 #ifdef notyet 3162 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { 3163 opt[i++] = IPCP_OPT_COMPRESSION; 3164 opt[i++] = 6; 3165 opt[i++] = 0; /* VJ header compression */ 3166 opt[i++] = 0x2d; /* VJ header compression */ 3167 opt[i++] = max_slot_id; 3168 opt[i++] = comp_slot_id; 3169 } 3170 #endif 3171 3172 #ifdef INET 3173 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { 3174 if (sp->ipcp.flags & IPCP_MYADDR_SEEN) 3175 ouraddr = sp->ipcp.req_myaddr; /* not sure if this can ever happen */ 3176 else 3177 sppp_get_ip_addrs(sp, &ouraddr, 0, 0); 3178 opt[i++] = IPCP_OPT_ADDRESS; 3179 opt[i++] = 6; 3180 opt[i++] = ouraddr >> 24; 3181 opt[i++] = ouraddr >> 16; 3182 opt[i++] = ouraddr >> 8; 3183 opt[i++] = ouraddr; 3184 } 3185 #endif 3186 3187 if (sp->query_dns & 1) { 3188 opt[i++] = IPCP_OPT_PRIMDNS; 3189 opt[i++] = 6; 3190 opt[i++] = sp->dns_addrs[0] >> 24; 3191 opt[i++] = sp->dns_addrs[0] >> 16; 3192 opt[i++] = sp->dns_addrs[0] >> 8; 3193 opt[i++] = sp->dns_addrs[0]; 3194 } 3195 if (sp->query_dns & 2) { 3196 opt[i++] = IPCP_OPT_SECDNS; 3197 opt[i++] = 6; 3198 opt[i++] = sp->dns_addrs[1] >> 24; 3199 opt[i++] = sp->dns_addrs[1] >> 16; 3200 opt[i++] = sp->dns_addrs[1] >> 8; 3201 opt[i++] = sp->dns_addrs[1]; 3202 } 3203 3204 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP]; 3205 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt); 3206 } 3207 3208 3209 /* 3210 *--------------------------------------------------------------------------* 3211 * * 3212 * The IPv6CP implementation. * 3213 * * 3214 *--------------------------------------------------------------------------* 3215 */ 3216 3217 #ifdef INET6 3218 static void 3219 sppp_ipv6cp_init(struct sppp *sp) 3220 { 3221 sp->ipv6cp.opts = 0; 3222 sp->ipv6cp.flags = 0; 3223 sp->state[IDX_IPV6CP] = STATE_INITIAL; 3224 sp->fail_counter[IDX_IPV6CP] = 0; 3225 sp->pp_seq[IDX_IPV6CP] = 0; 3226 sp->pp_rseq[IDX_IPV6CP] = 0; 3227 callout_init(&sp->ch[IDX_IPV6CP]); 3228 } 3229 3230 static void 3231 sppp_ipv6cp_up(struct sppp *sp) 3232 { 3233 sppp_up_event(&ipv6cp, sp); 3234 } 3235 3236 static void 3237 sppp_ipv6cp_down(struct sppp *sp) 3238 { 3239 sppp_down_event(&ipv6cp, sp); 3240 } 3241 3242 static void 3243 sppp_ipv6cp_open(struct sppp *sp) 3244 { 3245 STDDCL; 3246 struct in6_addr myaddr, hisaddr; 3247 3248 #ifdef IPV6CP_MYIFID_DYN 3249 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); 3250 #else 3251 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; 3252 #endif 3253 3254 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); 3255 /* 3256 * If we don't have our address, this probably means our 3257 * interface doesn't want to talk IPv6 at all. (This could 3258 * be the case if somebody wants to speak only IPX, for 3259 * example.) Don't open IPv6CP in this case. 3260 */ 3261 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { 3262 /* XXX this message should go away */ 3263 if (debug) 3264 log(LOG_DEBUG, "%s: ipv6cp_open(): no IPv6 interface\n", 3265 ifp->if_xname); 3266 return; 3267 } 3268 3269 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3270 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3271 sppp_open_event(&ipv6cp, sp); 3272 } 3273 3274 static void 3275 sppp_ipv6cp_close(struct sppp *sp) 3276 { 3277 sppp_close_event(&ipv6cp, sp); 3278 } 3279 3280 static void 3281 sppp_ipv6cp_TO(void *cookie) 3282 { 3283 sppp_to_event(&ipv6cp, (struct sppp *)cookie); 3284 } 3285 3286 /* 3287 * Analyze a configure request. Return true if it was agreeable, and 3288 * caused action sca, false if it has been rejected or nak'ed, and 3289 * caused action scn. (The return value is used to make the state 3290 * transition decision in the state automaton.) 3291 */ 3292 static int 3293 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3294 { 3295 u_char *buf, *r, *p; 3296 struct ifnet *ifp = &sp->pp_if; 3297 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG; 3298 struct in6_addr myaddr, desiredaddr, suggestaddr; 3299 int ifidcount; 3300 int type; 3301 int collision, nohisaddr; 3302 3303 len -= 4; 3304 origlen = len; 3305 /* 3306 * Make sure to allocate a buf that can at least hold a 3307 * conf-nak with an `address' option. We might need it below. 3308 */ 3309 buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT); 3310 if (! buf) 3311 return (0); 3312 3313 /* pass 1: see if we can recognize them */ 3314 if (debug) 3315 log(LOG_DEBUG, "%s: ipv6cp parse opts:", 3316 ifp->if_xname); 3317 p = (void *)(h + 1); 3318 ifidcount = 0; 3319 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3320 if (debug) 3321 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3322 switch (*p) { 3323 case IPV6CP_OPT_IFID: 3324 if (len >= 10 && p[1] == 10 && ifidcount == 0) { 3325 /* correctly formed address option */ 3326 ifidcount++; 3327 continue; 3328 } 3329 if (debug) 3330 addlog(" [invalid]"); 3331 break; 3332 #ifdef notyet 3333 case IPV6CP_OPT_COMPRESSION: 3334 if (len >= 4 && p[1] >= 4) { 3335 /* correctly formed compress option */ 3336 continue; 3337 } 3338 if (debug) 3339 addlog(" [invalid]"); 3340 break; 3341 #endif 3342 default: 3343 /* Others not supported. */ 3344 if (debug) 3345 addlog(" [rej]"); 3346 break; 3347 } 3348 /* Add the option to rejected list. */ 3349 bcopy (p, r, p[1]); 3350 r += p[1]; 3351 rlen += p[1]; 3352 } 3353 if (rlen) { 3354 if (debug) 3355 addlog(" send conf-rej\n"); 3356 sppp_cp_send(sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf); 3357 goto end; 3358 } else if (debug) 3359 addlog("\n"); 3360 3361 /* pass 2: parse option values */ 3362 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 3363 if (debug) 3364 log(LOG_DEBUG, "%s: ipv6cp parse opt values: ", 3365 ifp->if_xname); 3366 p = (void *)(h + 1); 3367 len = origlen; 3368 type = CONF_ACK; 3369 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) { 3370 if (debug) 3371 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3372 switch (*p) { 3373 #ifdef notyet 3374 case IPV6CP_OPT_COMPRESSION: 3375 continue; 3376 #endif 3377 case IPV6CP_OPT_IFID: 3378 memset(&desiredaddr, 0, sizeof(desiredaddr)); 3379 bcopy(&p[2], &desiredaddr.s6_addr[8], 8); 3380 collision = (memcmp(&desiredaddr.s6_addr[8], 3381 &myaddr.s6_addr[8], 8) == 0); 3382 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); 3383 3384 desiredaddr.s6_addr16[0] = htons(0xfe80); 3385 (void)in6_setscope(&desiredaddr, &sp->pp_if, NULL); 3386 3387 if (!collision && !nohisaddr) { 3388 /* no collision, hisaddr known - Conf-Ack */ 3389 type = CONF_ACK; 3390 3391 if (debug) { 3392 addlog(" %s [%s]", 3393 ip6_sprintf(&desiredaddr), 3394 sppp_cp_type_name(type)); 3395 } 3396 continue; 3397 } 3398 3399 memset(&suggestaddr, 0, sizeof(&suggestaddr)); 3400 if (collision && nohisaddr) { 3401 /* collision, hisaddr unknown - Conf-Rej */ 3402 type = CONF_REJ; 3403 memset(&p[2], 0, 8); 3404 } else { 3405 /* 3406 * - no collision, hisaddr unknown, or 3407 * - collision, hisaddr known 3408 * Conf-Nak, suggest hisaddr 3409 */ 3410 type = CONF_NAK; 3411 sppp_suggest_ip6_addr(sp, &suggestaddr); 3412 bcopy(&suggestaddr.s6_addr[8], &p[2], 8); 3413 } 3414 if (debug) 3415 addlog(" %s [%s]", ip6_sprintf(&desiredaddr), 3416 sppp_cp_type_name(type)); 3417 break; 3418 } 3419 /* Add the option to nak'ed list. */ 3420 bcopy (p, r, p[1]); 3421 r += p[1]; 3422 rlen += p[1]; 3423 } 3424 3425 if (rlen == 0 && type == CONF_ACK) { 3426 if (debug) 3427 addlog(" send %s\n", sppp_cp_type_name(type)); 3428 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, origlen, h + 1); 3429 } else { 3430 #ifdef notdef 3431 if (type == CONF_ACK) 3432 panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); 3433 #endif 3434 3435 if (debug) { 3436 addlog(" send %s suggest %s\n", 3437 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr)); 3438 } 3439 sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, rlen, buf); 3440 } 3441 3442 end: 3443 free(buf, M_TEMP); 3444 return (rlen == 0); 3445 } 3446 3447 /* 3448 * Analyze the IPv6CP Configure-Reject option list, and adjust our 3449 * negotiation. 3450 */ 3451 static void 3452 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3453 { 3454 u_char *buf, *p; 3455 struct ifnet *ifp = &sp->pp_if; 3456 int debug = ifp->if_flags & IFF_DEBUG; 3457 3458 len -= 4; 3459 buf = malloc (len, M_TEMP, M_NOWAIT); 3460 if (!buf) 3461 return; 3462 3463 if (debug) 3464 log(LOG_DEBUG, "%s: ipv6cp rej opts:", 3465 ifp->if_xname); 3466 3467 p = (void *)(h + 1); 3468 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3469 if (debug) 3470 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3471 switch (*p) { 3472 case IPV6CP_OPT_IFID: 3473 /* 3474 * Peer doesn't grok address option. This is 3475 * bad. XXX Should we better give up here? 3476 */ 3477 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); 3478 break; 3479 #ifdef notyet 3480 case IPV6CP_OPT_COMPRESS: 3481 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); 3482 break; 3483 #endif 3484 } 3485 } 3486 if (debug) 3487 addlog("\n"); 3488 free(buf, M_TEMP); 3489 return; 3490 } 3491 3492 /* 3493 * Analyze the IPv6CP Configure-NAK option list, and adjust our 3494 * negotiation. 3495 */ 3496 static void 3497 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3498 { 3499 u_char *buf, *p; 3500 struct ifnet *ifp = &sp->pp_if; 3501 int debug = ifp->if_flags & IFF_DEBUG; 3502 struct in6_addr suggestaddr; 3503 3504 len -= 4; 3505 buf = malloc (len, M_TEMP, M_NOWAIT); 3506 if (!buf) 3507 return; 3508 3509 if (debug) 3510 log(LOG_DEBUG, "%s: ipv6cp nak opts:", 3511 ifp->if_xname); 3512 3513 p = (void *)(h + 1); 3514 for (; len > 1 && p[1]; len -= p[1], p += p[1]) { 3515 if (debug) 3516 addlog(" %s", sppp_ipv6cp_opt_name(*p)); 3517 switch (*p) { 3518 case IPV6CP_OPT_IFID: 3519 /* 3520 * Peer doesn't like our local ifid. See 3521 * if we can do something for him. We'll drop 3522 * him our address then. 3523 */ 3524 if (len < 10 || p[1] != 10) 3525 break; 3526 memset(&suggestaddr, 0, sizeof(suggestaddr)); 3527 suggestaddr.s6_addr16[0] = htons(0xfe80); 3528 (void)in6_setscope(&suggestaddr, &sp->pp_if, NULL); 3529 bcopy(&p[2], &suggestaddr.s6_addr[8], 8); 3530 3531 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); 3532 if (debug) 3533 addlog(" [suggestaddr %s]", 3534 ip6_sprintf(&suggestaddr)); 3535 #ifdef IPV6CP_MYIFID_DYN 3536 /* 3537 * When doing dynamic address assignment, 3538 * we accept his offer. 3539 */ 3540 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { 3541 struct in6_addr lastsuggest; 3542 /* 3543 * If <suggested myaddr from peer> equals to 3544 * <hisaddr we have suggested last time>, 3545 * we have a collision. generate new random 3546 * ifid. 3547 */ 3548 sppp_suggest_ip6_addr(&lastsuggest); 3549 if (IN6_ARE_ADDR_EQUAL(&suggestaddr, 3550 lastsuggest)) { 3551 if (debug) 3552 addlog(" [random]"); 3553 sppp_gen_ip6_addr(sp, &suggestaddr); 3554 } 3555 sppp_set_ip6_addr(sp, &suggestaddr, 0); 3556 if (debug) 3557 addlog(" [agree]"); 3558 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; 3559 } 3560 #else 3561 /* 3562 * Since we do not do dynamic address assignment, 3563 * we ignore it and thus continue to negotiate 3564 * our already existing value. This can possibly 3565 * go into infinite request-reject loop. 3566 * 3567 * This is not likely because we normally use 3568 * ifid based on MAC-address. 3569 * If you have no ethernet card on the node, too bad. 3570 * XXX should we use fail_counter? 3571 */ 3572 #endif 3573 break; 3574 #ifdef notyet 3575 case IPV6CP_OPT_COMPRESS: 3576 /* 3577 * Peer wants different compression parameters. 3578 */ 3579 break; 3580 #endif 3581 } 3582 } 3583 if (debug) 3584 addlog("\n"); 3585 free(buf, M_TEMP); 3586 return; 3587 } 3588 3589 static void 3590 sppp_ipv6cp_tlu(struct sppp *sp) 3591 { 3592 /* we are up - notify isdn daemon */ 3593 if (sp->pp_con) 3594 sp->pp_con(sp); 3595 } 3596 3597 static void 3598 sppp_ipv6cp_tld(struct sppp *sp) 3599 { 3600 } 3601 3602 static void 3603 sppp_ipv6cp_tls(struct sppp *sp) 3604 { 3605 /* indicate to LCP that it must stay alive */ 3606 sp->lcp.protos |= (1 << IDX_IPV6CP); 3607 } 3608 3609 static void 3610 sppp_ipv6cp_tlf(struct sppp *sp) 3611 { 3612 /* we no longer need LCP */ 3613 sp->lcp.protos &= ~(1 << IDX_IPV6CP); 3614 } 3615 3616 static void 3617 sppp_ipv6cp_scr(struct sppp *sp) 3618 { 3619 char opt[10 /* ifid */ + 4 /* compression, minimum */]; 3620 struct in6_addr ouraddr; 3621 int i = 0; 3622 3623 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { 3624 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); 3625 opt[i++] = IPV6CP_OPT_IFID; 3626 opt[i++] = 10; 3627 bcopy(&ouraddr.s6_addr[8], &opt[i], 8); 3628 i += 8; 3629 } 3630 3631 #ifdef notyet 3632 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { 3633 opt[i++] = IPV6CP_OPT_COMPRESSION; 3634 opt[i++] = 4; 3635 opt[i++] = 0; /* TBD */ 3636 opt[i++] = 0; /* TBD */ 3637 /* variable length data may follow */ 3638 } 3639 #endif 3640 3641 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP]; 3642 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt); 3643 } 3644 #else /*INET6*/ 3645 static void sppp_ipv6cp_init(struct sppp *sp) 3646 { 3647 } 3648 3649 static void sppp_ipv6cp_up(struct sppp *sp) 3650 { 3651 } 3652 3653 static void sppp_ipv6cp_down(struct sppp *sp) 3654 { 3655 } 3656 3657 3658 static void sppp_ipv6cp_open(struct sppp *sp) 3659 { 3660 } 3661 3662 static void sppp_ipv6cp_close(struct sppp *sp) 3663 { 3664 } 3665 3666 static void sppp_ipv6cp_TO(void *sp) 3667 { 3668 } 3669 3670 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) 3671 { 3672 return 0; 3673 } 3674 3675 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) 3676 { 3677 } 3678 3679 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) 3680 { 3681 } 3682 3683 static void sppp_ipv6cp_tlu(struct sppp *sp) 3684 { 3685 } 3686 3687 static void sppp_ipv6cp_tld(struct sppp *sp) 3688 { 3689 } 3690 3691 static void sppp_ipv6cp_tls(struct sppp *sp) 3692 { 3693 } 3694 3695 static void sppp_ipv6cp_tlf(struct sppp *sp) 3696 { 3697 } 3698 3699 static void sppp_ipv6cp_scr(struct sppp *sp) 3700 { 3701 } 3702 #endif /*INET6*/ 3703 3704 3705 /* 3706 *--------------------------------------------------------------------------* 3707 * * 3708 * The CHAP implementation. * 3709 * * 3710 *--------------------------------------------------------------------------* 3711 */ 3712 3713 /* 3714 * The authentication protocols don't employ a full-fledged state machine as 3715 * the control protocols do, since they do have Open and Close events, but 3716 * not Up and Down, nor are they explicitly terminated. Also, use of the 3717 * authentication protocols may be different in both directions (this makes 3718 * sense, think of a machine that never accepts incoming calls but only 3719 * calls out, it doesn't require the called party to authenticate itself). 3720 * 3721 * Our state machine for the local authentication protocol (we are requesting 3722 * the peer to authenticate) looks like: 3723 * 3724 * RCA- 3725 * +--------------------------------------------+ 3726 * V scn,tld| 3727 * +--------+ Close +---------+ RCA+ 3728 * | |<----------------------------------| |------+ 3729 * +--->| Closed | TO* | Opened | sca | 3730 * | | |-----+ +-------| |<-----+ 3731 * | +--------+ irc | | +---------+ 3732 * | ^ | | ^ 3733 * | | | | | 3734 * | | | | | 3735 * | TO-| | | | 3736 * | |tld TO+ V | | 3737 * | | +------->+ | | 3738 * | | | | | | 3739 * | +--------+ V | | 3740 * | | |<----+<--------------------+ | 3741 * | | Req- | scr | 3742 * | | Sent | | 3743 * | | | | 3744 * | +--------+ | 3745 * | RCA- | | RCA+ | 3746 * +------+ +------------------------------------------+ 3747 * scn,tld sca,irc,ict,tlu 3748 * 3749 * 3750 * with: 3751 * 3752 * Open: LCP reached authentication phase 3753 * Close: LCP reached terminate phase 3754 * 3755 * RCA+: received reply (pap-req, chap-response), acceptable 3756 * RCN: received reply (pap-req, chap-response), not acceptable 3757 * TO+: timeout with restart counter >= 0 3758 * TO-: timeout with restart counter < 0 3759 * TO*: reschedule timeout for CHAP 3760 * 3761 * scr: send request packet (none for PAP, chap-challenge) 3762 * sca: send ack packet (pap-ack, chap-success) 3763 * scn: send nak packet (pap-nak, chap-failure) 3764 * ict: initialize re-challenge timer (CHAP only) 3765 * 3766 * tlu: this-layer-up, LCP reaches network phase 3767 * tld: this-layer-down, LCP enters terminate phase 3768 * 3769 * Note that in CHAP mode, after sending a new challenge, while the state 3770 * automaton falls back into Req-Sent state, it doesn't signal a tld 3771 * event to LCP, so LCP remains in network phase. Only after not getting 3772 * any response (or after getting an unacceptable response), CHAP closes, 3773 * causing LCP to enter terminate phase. 3774 * 3775 * With PAP, there is no initial request that can be sent. The peer is 3776 * expected to send one based on the successful negotiation of PAP as 3777 * the authentication protocol during the LCP option negotiation. 3778 * 3779 * Incoming authentication protocol requests (remote requests 3780 * authentication, we are peer) don't employ a state machine at all, 3781 * they are simply answered. Some peers [Ascend P50 firmware rev 3782 * 4.50] react allergically when sending IPCP/IPv6CP requests while they are 3783 * still in authentication phase (thereby violating the standard that 3784 * demands that these NCP packets are to be discarded), so we keep 3785 * track of the peer demanding us to authenticate, and only proceed to 3786 * phase network once we've seen a positive acknowledge for the 3787 * authentication. 3788 */ 3789 3790 /* 3791 * Handle incoming CHAP packets. 3792 */ 3793 void 3794 sppp_chap_input(struct sppp *sp, struct mbuf *m) 3795 { 3796 STDDCL; 3797 struct lcp_header *h; 3798 int len, x; 3799 u_char *value, *name, digest[sizeof(sp->myauth.challenge)], dsize; 3800 int value_len, name_len; 3801 MD5_CTX ctx; 3802 3803 len = m->m_pkthdr.len; 3804 if (len < 4) { 3805 if (debug) 3806 log(LOG_DEBUG, 3807 "%s: chap invalid packet length: %d bytes\n", 3808 ifp->if_xname, len); 3809 return; 3810 } 3811 h = mtod(m, struct lcp_header *); 3812 if (len > ntohs(h->len)) 3813 len = ntohs(h->len); 3814 3815 switch (h->type) { 3816 /* challenge, failure and success are his authproto */ 3817 case CHAP_CHALLENGE: 3818 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 3819 /* can't do anything usefull */ 3820 sp->pp_auth_failures++; 3821 printf("%s: chap input without my name and my secret being set\n", 3822 ifp->if_xname); 3823 break; 3824 } 3825 value = 1 + (u_char *)(h + 1); 3826 value_len = value[-1]; 3827 name = value + value_len; 3828 name_len = len - value_len - 5; 3829 if (name_len < 0) { 3830 if (debug) { 3831 log(LOG_DEBUG, 3832 "%s: chap corrupted challenge " 3833 "<%s id=0x%x len=%d", 3834 ifp->if_xname, 3835 sppp_auth_type_name(PPP_CHAP, h->type), 3836 h->ident, ntohs(h->len)); 3837 if (len > 4) 3838 sppp_print_bytes((u_char *)(h + 1), 3839 len - 4); 3840 addlog(">\n"); 3841 } 3842 break; 3843 } 3844 3845 if (debug) { 3846 log(LOG_DEBUG, 3847 "%s: chap input <%s id=0x%x len=%d name=", 3848 ifp->if_xname, 3849 sppp_auth_type_name(PPP_CHAP, h->type), h->ident, 3850 ntohs(h->len)); 3851 sppp_print_string((char *) name, name_len); 3852 addlog(" value-size=%d value=", value_len); 3853 sppp_print_bytes(value, value_len); 3854 addlog(">\n"); 3855 } 3856 3857 /* Compute reply value. */ 3858 MD5Init(&ctx); 3859 MD5Update(&ctx, &h->ident, 1); 3860 MD5Update(&ctx, sp->myauth.secret, sp->myauth.secret_len); 3861 MD5Update(&ctx, value, value_len); 3862 MD5Final(digest, &ctx); 3863 dsize = sizeof digest; 3864 3865 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident, 3866 sizeof dsize, (const char *)&dsize, 3867 sizeof digest, digest, 3868 sp->myauth.name_len, 3869 sp->myauth.name, 3870 0); 3871 break; 3872 3873 case CHAP_SUCCESS: 3874 if (debug) { 3875 log(LOG_DEBUG, "%s: chap success", 3876 ifp->if_xname); 3877 if (len > 4) { 3878 addlog(": "); 3879 sppp_print_string((char *)(h + 1), len - 4); 3880 } 3881 addlog("\n"); 3882 } 3883 x = splnet(); 3884 sp->pp_auth_failures = 0; 3885 sp->pp_flags &= ~PP_NEEDAUTH; 3886 if (sp->myauth.proto == PPP_CHAP && 3887 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 3888 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) { 3889 /* 3890 * We are authenticator for CHAP but didn't 3891 * complete yet. Leave it to tlu to proceed 3892 * to network phase. 3893 */ 3894 splx(x); 3895 break; 3896 } 3897 splx(x); 3898 sppp_phase_network(sp); 3899 break; 3900 3901 case CHAP_FAILURE: 3902 x = splnet(); 3903 sp->pp_auth_failures++; 3904 splx(x); 3905 if (debug) { 3906 log(LOG_INFO, "%s: chap failure", 3907 ifp->if_xname); 3908 if (len > 4) { 3909 addlog(": "); 3910 sppp_print_string((char *)(h + 1), len - 4); 3911 } 3912 addlog("\n"); 3913 } else 3914 log(LOG_INFO, "%s: chap failure\n", 3915 ifp->if_xname); 3916 /* await LCP shutdown by authenticator */ 3917 break; 3918 3919 /* response is my authproto */ 3920 case CHAP_RESPONSE: 3921 if (sp->hisauth.secret == NULL) { 3922 /* can't do anything usefull */ 3923 printf("%s: chap input without his secret being set\n", 3924 ifp->if_xname); 3925 break; 3926 } 3927 value = 1 + (u_char *)(h + 1); 3928 value_len = value[-1]; 3929 name = value + value_len; 3930 name_len = len - value_len - 5; 3931 if (name_len < 0) { 3932 if (debug) { 3933 log(LOG_DEBUG, 3934 "%s: chap corrupted response " 3935 "<%s id=0x%x len=%d", 3936 ifp->if_xname, 3937 sppp_auth_type_name(PPP_CHAP, h->type), 3938 h->ident, ntohs(h->len)); 3939 if (len > 4) 3940 sppp_print_bytes((u_char *)(h + 1), 3941 len - 4); 3942 addlog(">\n"); 3943 } 3944 break; 3945 } 3946 if (h->ident != sp->confid[IDX_CHAP]) { 3947 if (debug) 3948 log(LOG_DEBUG, 3949 "%s: chap dropping response for old ID " 3950 "(got %d, expected %d)\n", 3951 ifp->if_xname, 3952 h->ident, sp->confid[IDX_CHAP]); 3953 break; 3954 } 3955 if (sp->hisauth.name != NULL && 3956 (name_len != sp->hisauth.name_len 3957 || memcmp(name, sp->hisauth.name, name_len) != 0)) { 3958 log(LOG_INFO, "%s: chap response, his name ", 3959 ifp->if_xname); 3960 sppp_print_string(name, name_len); 3961 addlog(" != expected "); 3962 sppp_print_string(sp->hisauth.name, 3963 sp->hisauth.name_len); 3964 addlog("\n"); 3965 goto chap_failure; 3966 } 3967 if (debug) { 3968 log(LOG_DEBUG, "%s: chap input(%s) " 3969 "<%s id=0x%x len=%d name=", 3970 ifp->if_xname, 3971 sppp_state_name(sp->state[IDX_CHAP]), 3972 sppp_auth_type_name(PPP_CHAP, h->type), 3973 h->ident, ntohs(h->len)); 3974 sppp_print_string((char *)name, name_len); 3975 addlog(" value-size=%d value=", value_len); 3976 sppp_print_bytes(value, value_len); 3977 addlog(">\n"); 3978 } 3979 if (value_len != sizeof(sp->myauth.challenge)) { 3980 if (debug) 3981 log(LOG_DEBUG, 3982 "%s: chap bad hash value length: " 3983 "%d bytes, should be %ld\n", 3984 ifp->if_xname, value_len, 3985 (long) sizeof(sp->myauth.challenge)); 3986 goto chap_failure; 3987 } 3988 3989 MD5Init(&ctx); 3990 MD5Update(&ctx, &h->ident, 1); 3991 MD5Update(&ctx, sp->hisauth.secret, sp->hisauth.secret_len); 3992 MD5Update(&ctx, sp->myauth.challenge, sizeof(sp->myauth.challenge)); 3993 MD5Final(digest, &ctx); 3994 3995 #define FAILMSG "Failed..." 3996 #define SUCCMSG "Welcome!" 3997 3998 if (value_len != sizeof digest || 3999 memcmp(digest, value, value_len) != 0) { 4000 chap_failure: 4001 /* action scn, tld */ 4002 x = splnet(); 4003 sp->pp_auth_failures++; 4004 splx(x); 4005 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident, 4006 sizeof(FAILMSG) - 1, (const u_char *)FAILMSG, 4007 0); 4008 chap.tld(sp); 4009 break; 4010 } 4011 sp->pp_auth_failures = 0; 4012 /* action sca, perhaps tlu */ 4013 if (sp->state[IDX_CHAP] == STATE_REQ_SENT || 4014 sp->state[IDX_CHAP] == STATE_OPENED) 4015 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident, 4016 sizeof(SUCCMSG) - 1, (const u_char *)SUCCMSG, 4017 0); 4018 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) { 4019 sppp_cp_change_state(&chap, sp, STATE_OPENED); 4020 chap.tlu(sp); 4021 } 4022 break; 4023 4024 default: 4025 /* Unknown CHAP packet type -- ignore. */ 4026 if (debug) { 4027 log(LOG_DEBUG, "%s: chap unknown input(%s) " 4028 "<0x%x id=0x%xh len=%d", 4029 ifp->if_xname, 4030 sppp_state_name(sp->state[IDX_CHAP]), 4031 h->type, h->ident, ntohs(h->len)); 4032 if (len > 4) 4033 sppp_print_bytes((u_char *)(h + 1), len - 4); 4034 addlog(">\n"); 4035 } 4036 break; 4037 4038 } 4039 } 4040 4041 static void 4042 sppp_chap_init(struct sppp *sp) 4043 { 4044 /* Chap doesn't have STATE_INITIAL at all. */ 4045 sp->state[IDX_CHAP] = STATE_CLOSED; 4046 sp->fail_counter[IDX_CHAP] = 0; 4047 sp->pp_seq[IDX_CHAP] = 0; 4048 sp->pp_rseq[IDX_CHAP] = 0; 4049 callout_init(&sp->ch[IDX_CHAP]); 4050 } 4051 4052 static void 4053 sppp_chap_open(struct sppp *sp) 4054 { 4055 if (sp->myauth.proto == PPP_CHAP && 4056 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4057 /* we are authenticator for CHAP, start it */ 4058 chap.scr(sp); 4059 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4060 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4061 } 4062 /* nothing to be done if we are peer, await a challenge */ 4063 } 4064 4065 static void 4066 sppp_chap_close(struct sppp *sp) 4067 { 4068 if (sp->state[IDX_CHAP] != STATE_CLOSED) 4069 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4070 } 4071 4072 static void 4073 sppp_chap_TO(void *cookie) 4074 { 4075 struct sppp *sp = (struct sppp *)cookie; 4076 STDDCL; 4077 int s; 4078 4079 s = splnet(); 4080 if (debug) 4081 log(LOG_DEBUG, "%s: chap TO(%s) rst_counter = %d\n", 4082 ifp->if_xname, 4083 sppp_state_name(sp->state[IDX_CHAP]), 4084 sp->rst_counter[IDX_CHAP]); 4085 4086 if (--sp->rst_counter[IDX_CHAP] < 0) 4087 /* TO- event */ 4088 switch (sp->state[IDX_CHAP]) { 4089 case STATE_REQ_SENT: 4090 chap.tld(sp); 4091 sppp_cp_change_state(&chap, sp, STATE_CLOSED); 4092 break; 4093 } 4094 else 4095 /* TO+ (or TO*) event */ 4096 switch (sp->state[IDX_CHAP]) { 4097 case STATE_OPENED: 4098 /* TO* event */ 4099 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4100 /* fall through */ 4101 case STATE_REQ_SENT: 4102 chap.scr(sp); 4103 /* sppp_cp_change_state() will restart the timer */ 4104 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT); 4105 break; 4106 } 4107 4108 splx(s); 4109 } 4110 4111 static void 4112 sppp_chap_tlu(struct sppp *sp) 4113 { 4114 STDDCL; 4115 int i, x; 4116 4117 i = 0; 4118 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure; 4119 4120 /* 4121 * Some broken CHAP implementations (Conware CoNet, firmware 4122 * 4.0.?) don't want to re-authenticate their CHAP once the 4123 * initial challenge-response exchange has taken place. 4124 * Provide for an option to avoid rechallenges. 4125 */ 4126 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) { 4127 /* 4128 * Compute the re-challenge timeout. This will yield 4129 * a number between 300 and 810 seconds. 4130 */ 4131 i = 300 + ((unsigned)(arc4random() & 0xff00) >> 7); 4132 4133 callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, sp); 4134 } 4135 4136 if (debug) { 4137 log(LOG_DEBUG, 4138 "%s: chap %s, ", 4139 ifp->if_xname, 4140 sp->pp_phase == SPPP_PHASE_NETWORK? "reconfirmed": "tlu"); 4141 if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) 4142 addlog("next re-challenge in %d seconds\n", i); 4143 else 4144 addlog("re-challenging supressed\n"); 4145 } 4146 4147 x = splnet(); 4148 sp->pp_auth_failures = 0; 4149 /* indicate to LCP that we need to be closed down */ 4150 sp->lcp.protos |= (1 << IDX_CHAP); 4151 4152 if (sp->pp_flags & PP_NEEDAUTH) { 4153 /* 4154 * Remote is authenticator, but his auth proto didn't 4155 * complete yet. Defer the transition to network 4156 * phase. 4157 */ 4158 splx(x); 4159 return; 4160 } 4161 splx(x); 4162 4163 /* 4164 * If we are already in phase network, we are done here. This 4165 * is the case if this is a dummy tlu event after a re-challenge. 4166 */ 4167 if (sp->pp_phase != SPPP_PHASE_NETWORK) 4168 sppp_phase_network(sp); 4169 } 4170 4171 static void 4172 sppp_chap_tld(struct sppp *sp) 4173 { 4174 STDDCL; 4175 4176 if (debug) 4177 log(LOG_DEBUG, "%s: chap tld\n", ifp->if_xname); 4178 callout_stop(&sp->ch[IDX_CHAP]); 4179 sp->lcp.protos &= ~(1 << IDX_CHAP); 4180 4181 lcp.Close(sp); 4182 } 4183 4184 static void 4185 sppp_chap_scr(struct sppp *sp) 4186 { 4187 u_int32_t *ch; 4188 u_char clen; 4189 4190 if (sp->myauth.name == NULL) { 4191 /* can't do anything usefull */ 4192 printf("%s: chap starting without my name being set\n", 4193 sp->pp_if.if_xname); 4194 return; 4195 } 4196 4197 /* Compute random challenge. */ 4198 ch = (u_int32_t *)sp->myauth.challenge; 4199 ch[0] = arc4random(); 4200 ch[1] = arc4random(); 4201 ch[2] = arc4random(); 4202 ch[3] = arc4random(); 4203 clen = 16; /* 4 * sizeof(u_int32_t) */ 4204 4205 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; 4206 4207 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP], 4208 sizeof clen, (const char *)&clen, 4209 sizeof(sp->myauth.challenge), sp->myauth.challenge, 4210 sp->myauth.name_len, 4211 sp->myauth.name, 4212 0); 4213 } 4214 4215 /* 4216 *--------------------------------------------------------------------------* 4217 * * 4218 * The PAP implementation. * 4219 * * 4220 *--------------------------------------------------------------------------* 4221 */ 4222 /* 4223 * For PAP, we need to keep a little state also if we are the peer, not the 4224 * authenticator. This is since we don't get a request to authenticate, but 4225 * have to repeatedly authenticate ourself until we got a response (or the 4226 * retry counter is expired). 4227 */ 4228 4229 /* 4230 * Handle incoming PAP packets. */ 4231 static void 4232 sppp_pap_input(struct sppp *sp, struct mbuf *m) 4233 { 4234 STDDCL; 4235 struct lcp_header *h; 4236 int len, x; 4237 u_char mlen; 4238 char *name, *secret; 4239 int name_len, secret_len; 4240 4241 len = m->m_pkthdr.len; 4242 if (len < 5) { 4243 if (debug) 4244 log(LOG_DEBUG, 4245 "%s: pap invalid packet length: %d bytes\n", 4246 ifp->if_xname, len); 4247 return; 4248 } 4249 h = mtod(m, struct lcp_header *); 4250 if (len > ntohs(h->len)) 4251 len = ntohs(h->len); 4252 switch (h->type) { 4253 /* PAP request is my authproto */ 4254 case PAP_REQ: 4255 if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) { 4256 /* can't do anything usefull */ 4257 printf("%s: pap request without his name and his secret being set\n", 4258 ifp->if_xname); 4259 break; 4260 } 4261 name = 1 + (u_char *)(h + 1); 4262 name_len = name[-1]; 4263 secret = name + name_len + 1; 4264 if (name_len > len - 6 || 4265 (secret_len = secret[-1]) > len - 6 - name_len) { 4266 if (debug) { 4267 log(LOG_DEBUG, "%s: pap corrupted input " 4268 "<%s id=0x%x len=%d", 4269 ifp->if_xname, 4270 sppp_auth_type_name(PPP_PAP, h->type), 4271 h->ident, ntohs(h->len)); 4272 if (len > 4) 4273 sppp_print_bytes((u_char *)(h + 1), 4274 len - 4); 4275 addlog(">\n"); 4276 } 4277 break; 4278 } 4279 if (debug) { 4280 log(LOG_DEBUG, "%s: pap input(%s) " 4281 "<%s id=0x%x len=%d name=", 4282 ifp->if_xname, 4283 sppp_state_name(sp->state[IDX_PAP]), 4284 sppp_auth_type_name(PPP_PAP, h->type), 4285 h->ident, ntohs(h->len)); 4286 sppp_print_string((char *)name, name_len); 4287 addlog(" secret="); 4288 sppp_print_string((char *)secret, secret_len); 4289 addlog(">\n"); 4290 } 4291 if (name_len != sp->hisauth.name_len || 4292 secret_len != sp->hisauth.secret_len || 4293 memcmp(name, sp->hisauth.name, name_len) != 0 || 4294 memcmp(secret, sp->hisauth.secret, secret_len) != 0) { 4295 /* action scn, tld */ 4296 sp->pp_auth_failures++; 4297 mlen = sizeof(FAILMSG) - 1; 4298 sppp_auth_send(&pap, sp, PAP_NAK, h->ident, 4299 sizeof mlen, (const char *)&mlen, 4300 sizeof(FAILMSG) - 1, (const u_char *)FAILMSG, 4301 0); 4302 pap.tld(sp); 4303 break; 4304 } 4305 /* action sca, perhaps tlu */ 4306 if (sp->state[IDX_PAP] == STATE_REQ_SENT || 4307 sp->state[IDX_PAP] == STATE_OPENED) { 4308 mlen = sizeof(SUCCMSG) - 1; 4309 sppp_auth_send(&pap, sp, PAP_ACK, h->ident, 4310 sizeof mlen, (const char *)&mlen, 4311 sizeof(SUCCMSG) - 1, (const u_char *)SUCCMSG, 4312 0); 4313 } 4314 if (sp->state[IDX_PAP] == STATE_REQ_SENT) { 4315 sppp_cp_change_state(&pap, sp, STATE_OPENED); 4316 pap.tlu(sp); 4317 } 4318 break; 4319 4320 /* ack and nak are his authproto */ 4321 case PAP_ACK: 4322 callout_stop(&sp->pap_my_to_ch); 4323 if (debug) { 4324 log(LOG_DEBUG, "%s: pap success", 4325 ifp->if_xname); 4326 name_len = *(char *)h; 4327 if (len > 5 && name_len) { 4328 addlog(": "); 4329 sppp_print_string((char *)(h + 1), name_len); 4330 } 4331 addlog("\n"); 4332 } 4333 x = splnet(); 4334 sp->pp_auth_failures = 0; 4335 sp->pp_flags &= ~PP_NEEDAUTH; 4336 if (sp->myauth.proto == PPP_PAP && 4337 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) && 4338 (sp->lcp.protos & (1 << IDX_PAP)) == 0) { 4339 /* 4340 * We are authenticator for PAP but didn't 4341 * complete yet. Leave it to tlu to proceed 4342 * to network phase. 4343 */ 4344 splx(x); 4345 break; 4346 } 4347 splx(x); 4348 sppp_phase_network(sp); 4349 break; 4350 4351 case PAP_NAK: 4352 callout_stop(&sp->pap_my_to_ch); 4353 sp->pp_auth_failures++; 4354 if (debug) { 4355 log(LOG_INFO, "%s: pap failure", 4356 ifp->if_xname); 4357 name_len = *(char *)h; 4358 if (len > 5 && name_len) { 4359 addlog(": "); 4360 sppp_print_string((char *)(h + 1), name_len); 4361 } 4362 addlog("\n"); 4363 } else 4364 log(LOG_INFO, "%s: pap failure\n", 4365 ifp->if_xname); 4366 /* await LCP shutdown by authenticator */ 4367 break; 4368 4369 default: 4370 /* Unknown PAP packet type -- ignore. */ 4371 if (debug) { 4372 log(LOG_DEBUG, "%s: pap corrupted input " 4373 "<0x%x id=0x%x len=%d", 4374 ifp->if_xname, 4375 h->type, h->ident, ntohs(h->len)); 4376 if (len > 4) 4377 sppp_print_bytes((u_char *)(h + 1), len - 4); 4378 addlog(">\n"); 4379 } 4380 break; 4381 4382 } 4383 } 4384 4385 static void 4386 sppp_pap_init(struct sppp *sp) 4387 { 4388 /* PAP doesn't have STATE_INITIAL at all. */ 4389 sp->state[IDX_PAP] = STATE_CLOSED; 4390 sp->fail_counter[IDX_PAP] = 0; 4391 sp->pp_seq[IDX_PAP] = 0; 4392 sp->pp_rseq[IDX_PAP] = 0; 4393 callout_init(&sp->ch[IDX_PAP]); 4394 callout_init(&sp->pap_my_to_ch); 4395 } 4396 4397 static void 4398 sppp_pap_open(struct sppp *sp) 4399 { 4400 if (sp->hisauth.proto == PPP_PAP && 4401 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) { 4402 /* we are authenticator for PAP, start our timer */ 4403 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4404 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4405 } 4406 if (sp->myauth.proto == PPP_PAP) { 4407 /* we are peer, send a request, and start a timer */ 4408 pap.scr(sp); 4409 callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout, 4410 sppp_pap_my_TO, sp); 4411 } 4412 } 4413 4414 static void 4415 sppp_pap_close(struct sppp *sp) 4416 { 4417 if (sp->state[IDX_PAP] != STATE_CLOSED) 4418 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4419 } 4420 4421 /* 4422 * That's the timeout routine if we are authenticator. Since the 4423 * authenticator is basically passive in PAP, we can't do much here. 4424 */ 4425 static void 4426 sppp_pap_TO(void *cookie) 4427 { 4428 struct sppp *sp = (struct sppp *)cookie; 4429 STDDCL; 4430 int s; 4431 4432 s = splnet(); 4433 if (debug) 4434 log(LOG_DEBUG, "%s: pap TO(%s) rst_counter = %d\n", 4435 ifp->if_xname, 4436 sppp_state_name(sp->state[IDX_PAP]), 4437 sp->rst_counter[IDX_PAP]); 4438 4439 if (--sp->rst_counter[IDX_PAP] < 0) 4440 /* TO- event */ 4441 switch (sp->state[IDX_PAP]) { 4442 case STATE_REQ_SENT: 4443 pap.tld(sp); 4444 sppp_cp_change_state(&pap, sp, STATE_CLOSED); 4445 break; 4446 } 4447 else 4448 /* TO+ event, not very much we could do */ 4449 switch (sp->state[IDX_PAP]) { 4450 case STATE_REQ_SENT: 4451 /* sppp_cp_change_state() will restart the timer */ 4452 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT); 4453 break; 4454 } 4455 4456 splx(s); 4457 } 4458 4459 /* 4460 * That's the timeout handler if we are peer. Since the peer is active, 4461 * we need to retransmit our PAP request since it is apparently lost. 4462 * XXX We should impose a max counter. 4463 */ 4464 static void 4465 sppp_pap_my_TO(void *cookie) 4466 { 4467 struct sppp *sp = (struct sppp *)cookie; 4468 STDDCL; 4469 4470 if (debug) 4471 log(LOG_DEBUG, "%s: pap peer TO\n", 4472 ifp->if_xname); 4473 4474 pap.scr(sp); 4475 } 4476 4477 static void 4478 sppp_pap_tlu(struct sppp *sp) 4479 { 4480 STDDCL; 4481 int x; 4482 4483 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure; 4484 4485 if (debug) 4486 log(LOG_DEBUG, "%s: %s tlu\n", 4487 ifp->if_xname, pap.name); 4488 4489 x = splnet(); 4490 sp->pp_auth_failures = 0; 4491 /* indicate to LCP that we need to be closed down */ 4492 sp->lcp.protos |= (1 << IDX_PAP); 4493 4494 if (sp->pp_flags & PP_NEEDAUTH) { 4495 /* 4496 * Remote is authenticator, but his auth proto didn't 4497 * complete yet. Defer the transition to network 4498 * phase. 4499 */ 4500 splx(x); 4501 return; 4502 } 4503 splx(x); 4504 sppp_phase_network(sp); 4505 } 4506 4507 static void 4508 sppp_pap_tld(struct sppp *sp) 4509 { 4510 STDDCL; 4511 4512 if (debug) 4513 log(LOG_DEBUG, "%s: pap tld\n", ifp->if_xname); 4514 callout_stop(&sp->ch[IDX_PAP]); 4515 callout_stop(&sp->pap_my_to_ch); 4516 sp->lcp.protos &= ~(1 << IDX_PAP); 4517 4518 lcp.Close(sp); 4519 } 4520 4521 static void 4522 sppp_pap_scr(struct sppp *sp) 4523 { 4524 u_char idlen, pwdlen; 4525 4526 if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { 4527 /* can't do anything usefull */ 4528 printf("%s: pap starting without my name and secret being set\n", 4529 sp->pp_if.if_xname); 4530 return; 4531 } 4532 4533 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP]; 4534 pwdlen = sp->myauth.secret_len; 4535 idlen = sp->myauth.name_len; 4536 4537 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP], 4538 sizeof idlen, (const char *)&idlen, 4539 idlen, sp->myauth.name, 4540 sizeof pwdlen, (const char *)&pwdlen, 4541 pwdlen, sp->myauth.secret, 4542 0); 4543 } 4544 4545 /* 4546 * Random miscellaneous functions. 4547 */ 4548 4549 /* 4550 * Send a PAP or CHAP proto packet. 4551 * 4552 * Varadic function, each of the elements for the ellipsis is of type 4553 * ``size_t mlen, const u_char *msg''. Processing will stop iff 4554 * mlen == 0. 4555 * NOTE: never declare variadic functions with types subject to type 4556 * promotion (i.e. u_char). This is asking for big trouble depending 4557 * on the architecture you are on... 4558 */ 4559 4560 static void 4561 sppp_auth_send(const struct cp *cp, struct sppp *sp, 4562 unsigned int type, unsigned int id, 4563 ...) 4564 { 4565 STDDCL; 4566 struct lcp_header *lh; 4567 struct mbuf *m; 4568 u_char *p; 4569 int len; 4570 size_t pkthdrlen; 4571 unsigned int mlen; 4572 const char *msg; 4573 va_list ap; 4574 4575 MGETHDR(m, M_DONTWAIT, MT_DATA); 4576 if (! m) 4577 return; 4578 m->m_pkthdr.rcvif = 0; 4579 4580 if (sp->pp_flags & PP_NOFRAMING) { 4581 *mtod(m, u_int16_t *) = htons(cp->proto); 4582 pkthdrlen = 2; 4583 lh = (struct lcp_header *)(mtod(m, u_int8_t *)+2); 4584 } else { 4585 struct ppp_header *h; 4586 h = mtod(m, struct ppp_header *); 4587 h->address = PPP_ALLSTATIONS; /* broadcast address */ 4588 h->control = PPP_UI; /* Unnumbered Info */ 4589 h->protocol = htons(cp->proto); 4590 pkthdrlen = PPP_HEADER_LEN; 4591 4592 lh = (struct lcp_header *)(h + 1); 4593 } 4594 4595 lh->type = type; 4596 lh->ident = id; 4597 p = (u_char *)(lh + 1); 4598 4599 va_start(ap, id); 4600 len = 0; 4601 4602 while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { 4603 msg = va_arg(ap, const char *); 4604 len += mlen; 4605 if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) { 4606 va_end(ap); 4607 m_freem(m); 4608 return; 4609 } 4610 4611 bcopy(msg, p, mlen); 4612 p += mlen; 4613 } 4614 va_end(ap); 4615 4616 m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; 4617 lh->len = htons(LCP_HEADER_LEN + len); 4618 4619 if (debug) { 4620 log(LOG_DEBUG, "%s: %s output <%s id=0x%x len=%d", 4621 ifp->if_xname, cp->name, 4622 sppp_auth_type_name(cp->proto, lh->type), 4623 lh->ident, ntohs(lh->len)); 4624 if (len) 4625 sppp_print_bytes((u_char *)(lh + 1), len); 4626 addlog(">\n"); 4627 } 4628 if (IF_QFULL(&sp->pp_cpq)) { 4629 IF_DROP(&sp->pp_fastq); 4630 IF_DROP(&ifp->if_snd); 4631 m_freem(m); 4632 ++ifp->if_oerrors; 4633 return; 4634 } else 4635 IF_ENQUEUE(&sp->pp_cpq, m); 4636 if (! (ifp->if_flags & IFF_OACTIVE)) 4637 (*ifp->if_start)(ifp); 4638 ifp->if_obytes += m->m_pkthdr.len + 3; 4639 } 4640 4641 /* 4642 * Send keepalive packets, every 10 seconds. 4643 */ 4644 static void 4645 sppp_keepalive(void *dummy) 4646 { 4647 struct sppp *sp; 4648 int s; 4649 time_t now; 4650 4651 s = splnet(); 4652 now = mono_time.tv_sec; 4653 for (sp=spppq; sp; sp=sp->pp_next) { 4654 struct ifnet *ifp = &sp->pp_if; 4655 4656 /* check idle timeout */ 4657 if ((sp->pp_idle_timeout != 0) && (ifp->if_flags & IFF_RUNNING) 4658 && (sp->pp_phase == SPPP_PHASE_NETWORK)) { 4659 /* idle timeout is enabled for this interface */ 4660 if ((now-sp->pp_last_activity) >= sp->pp_idle_timeout) { 4661 if (ifp->if_flags & IFF_DEBUG) 4662 printf("%s: no activity for %lu seconds\n", 4663 sp->pp_if.if_xname, 4664 (unsigned long)(now-sp->pp_last_activity)); 4665 lcp.Close(sp); 4666 continue; 4667 } 4668 } 4669 4670 /* Keepalive mode disabled or channel down? */ 4671 if (! (sp->pp_flags & PP_KEEPALIVE) || 4672 ! (ifp->if_flags & IFF_RUNNING)) 4673 continue; 4674 4675 /* No keepalive in PPP mode if LCP not opened yet. */ 4676 if (! (sp->pp_flags & PP_CISCO) && 4677 sp->pp_phase < SPPP_PHASE_AUTHENTICATE) 4678 continue; 4679 4680 /* No echo reply, but maybe user data passed through? */ 4681 if ((now - sp->pp_last_receive) < sp->pp_max_noreceive) { 4682 sp->pp_alivecnt = 0; 4683 continue; 4684 } 4685 4686 if (sp->pp_alivecnt >= sp->pp_maxalive) { 4687 /* No keepalive packets got. Stop the interface. */ 4688 if_down (ifp); 4689 IF_PURGE(&sp->pp_cpq); 4690 if (! (sp->pp_flags & PP_CISCO)) { 4691 printf("%s: LCP keepalive timed out, going to restart the connection\n", 4692 ifp->if_xname); 4693 sp->pp_alivecnt = 0; 4694 4695 /* we are down, close all open protocols */ 4696 lcp.Close(sp); 4697 4698 /* And now prepare LCP to reestablish the link, if configured to do so. */ 4699 sppp_cp_change_state(&lcp, sp, STATE_STOPPED); 4700 4701 /* Close connection imediatly, completition of this 4702 * will summon the magic needed to reestablish it. */ 4703 if (sp->pp_tlf) 4704 sp->pp_tlf(sp); 4705 continue; 4706 } 4707 } 4708 if (sp->pp_alivecnt < sp->pp_maxalive) 4709 ++sp->pp_alivecnt; 4710 if (sp->pp_flags & PP_CISCO) 4711 sppp_cisco_send(sp, CISCO_KEEPALIVE_REQ, 4712 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]); 4713 else if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { 4714 int32_t nmagic = htonl(sp->lcp.magic); 4715 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP]; 4716 sppp_cp_send(sp, PPP_LCP, ECHO_REQ, 4717 sp->lcp.echoid, 4, &nmagic); 4718 } 4719 } 4720 splx(s); 4721 callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); 4722 } 4723 4724 #ifdef INET 4725 /* 4726 * Get both IP addresses. 4727 */ 4728 static void 4729 sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, u_int32_t *srcmask) 4730 { 4731 struct ifnet *ifp = &sp->pp_if; 4732 struct ifaddr *ifa; 4733 struct sockaddr_in *si, *sm; 4734 u_int32_t ssrc, ddst; 4735 4736 sm = NULL; 4737 ssrc = ddst = 0; 4738 /* 4739 * Pick the first AF_INET address from the list, 4740 * aliases don't make any sense on a p2p link anyway. 4741 */ 4742 si = 0; 4743 IFADDR_FOREACH(ifa, ifp) { 4744 if (ifa->ifa_addr->sa_family == AF_INET) { 4745 si = (struct sockaddr_in *)ifa->ifa_addr; 4746 sm = (struct sockaddr_in *)ifa->ifa_netmask; 4747 if (si) 4748 break; 4749 } 4750 } 4751 if (ifa) { 4752 if (si && si->sin_addr.s_addr) { 4753 ssrc = si->sin_addr.s_addr; 4754 if (srcmask) 4755 *srcmask = ntohl(sm->sin_addr.s_addr); 4756 } 4757 4758 si = (struct sockaddr_in *)ifa->ifa_dstaddr; 4759 if (si && si->sin_addr.s_addr) 4760 ddst = si->sin_addr.s_addr; 4761 } 4762 4763 if (dst) *dst = ntohl(ddst); 4764 if (src) *src = ntohl(ssrc); 4765 } 4766 4767 /* 4768 * Set IP addresses. Must be called at splnet. 4769 * If an address is 0, leave it the way it is. 4770 */ 4771 static void 4772 sppp_set_ip_addrs(struct sppp *sp, u_int32_t myaddr, u_int32_t hisaddr) 4773 { 4774 STDDCL; 4775 struct ifaddr *ifa; 4776 struct sockaddr_in *si, *dest; 4777 4778 /* 4779 * Pick the first AF_INET address from the list, 4780 * aliases don't make any sense on a p2p link anyway. 4781 */ 4782 4783 IFADDR_FOREACH(ifa, ifp) { 4784 if (ifa->ifa_addr->sa_family == AF_INET) { 4785 si = (struct sockaddr_in *)ifa->ifa_addr; 4786 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 4787 goto found; 4788 } 4789 } 4790 return; 4791 4792 found: 4793 { 4794 int error; 4795 struct sockaddr_in new_sin = *si; 4796 struct sockaddr_in new_dst = *dest; 4797 4798 /* 4799 * Scrub old routes now instead of calling in_ifinit with 4800 * scrub=1, because we may change the dstaddr 4801 * before the call to in_ifinit. 4802 */ 4803 in_ifscrub(ifp, ifatoia(ifa)); 4804 4805 if (myaddr != 0) 4806 new_sin.sin_addr.s_addr = htonl(myaddr); 4807 if (hisaddr != 0) { 4808 new_dst.sin_addr.s_addr = htonl(hisaddr); 4809 if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) { 4810 sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr; 4811 *dest = new_dst; /* fix dstaddr in place */ 4812 } 4813 } 4814 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 0); 4815 if (debug && error) 4816 { 4817 log(LOG_DEBUG, "%s: sppp_set_ip_addrs: in_ifinit " 4818 " failed, error=%d\n", ifp->if_xname, error); 4819 } 4820 #ifdef PFIL_HOOKS 4821 if (!error) 4822 (void)pfil_run_hooks(&if_pfil, 4823 (struct mbuf **)SIOCAIFADDR, ifp, PFIL_IFADDR); 4824 #endif 4825 } 4826 } 4827 4828 /* 4829 * Clear IP addresses. Must be called at splnet. 4830 */ 4831 static void 4832 sppp_clear_ip_addrs(struct sppp *sp) 4833 { 4834 struct ifnet *ifp = &sp->pp_if; 4835 struct ifaddr *ifa; 4836 struct sockaddr_in *si, *dest; 4837 4838 u_int32_t remote; 4839 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 4840 remote = sp->ipcp.saved_hisaddr; 4841 else 4842 sppp_get_ip_addrs(sp, 0, &remote, 0); 4843 4844 /* 4845 * Pick the first AF_INET address from the list, 4846 * aliases don't make any sense on a p2p link anyway. 4847 */ 4848 4849 IFADDR_FOREACH(ifa, ifp) { 4850 if (ifa->ifa_addr->sa_family == AF_INET) { 4851 si = (struct sockaddr_in *)ifa->ifa_addr; 4852 dest = (struct sockaddr_in *)ifa->ifa_dstaddr; 4853 goto found; 4854 } 4855 } 4856 return; 4857 4858 found: 4859 { 4860 struct sockaddr_in new_sin = *si; 4861 4862 in_ifscrub(ifp, ifatoia(ifa)); 4863 if (sp->ipcp.flags & IPCP_MYADDR_DYN) 4864 new_sin.sin_addr.s_addr = 0; 4865 if (sp->ipcp.flags & IPCP_HISADDR_DYN) 4866 /* replace peer addr in place */ 4867 dest->sin_addr.s_addr = sp->ipcp.saved_hisaddr; 4868 in_ifinit(ifp, ifatoia(ifa), &new_sin, 0); 4869 #ifdef PFIL_HOOKS 4870 (void)pfil_run_hooks(&if_pfil, 4871 (struct mbuf **)SIOCDIFADDR, ifp, PFIL_IFADDR); 4872 #endif 4873 } 4874 } 4875 #endif 4876 4877 #ifdef INET6 4878 /* 4879 * Get both IPv6 addresses. 4880 */ 4881 static void 4882 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, 4883 struct in6_addr *srcmask) 4884 { 4885 struct ifnet *ifp = &sp->pp_if; 4886 struct ifaddr *ifa; 4887 struct sockaddr_in6 *si, *sm; 4888 struct in6_addr ssrc, ddst; 4889 4890 sm = NULL; 4891 memset(&ssrc, 0, sizeof(ssrc)); 4892 memset(&ddst, 0, sizeof(ddst)); 4893 /* 4894 * Pick the first link-local AF_INET6 address from the list, 4895 * aliases don't make any sense on a p2p link anyway. 4896 */ 4897 si = 0; 4898 IFADDR_FOREACH(ifa, ifp) 4899 if (ifa->ifa_addr->sa_family == AF_INET6) { 4900 si = (struct sockaddr_in6 *)ifa->ifa_addr; 4901 sm = (struct sockaddr_in6 *)ifa->ifa_netmask; 4902 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) 4903 break; 4904 } 4905 if (ifa) { 4906 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { 4907 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc)); 4908 if (srcmask) { 4909 bcopy(&sm->sin6_addr, srcmask, 4910 sizeof(*srcmask)); 4911 } 4912 } 4913 4914 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; 4915 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) 4916 bcopy(&si->sin6_addr, &ddst, sizeof(ddst)); 4917 } 4918 4919 if (dst) 4920 bcopy(&ddst, dst, sizeof(*dst)); 4921 if (src) 4922 bcopy(&ssrc, src, sizeof(*src)); 4923 } 4924 4925 #ifdef IPV6CP_MYIFID_DYN 4926 /* 4927 * Generate random ifid. 4928 */ 4929 static void 4930 sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) 4931 { 4932 /* TBD */ 4933 } 4934 4935 /* 4936 * Set my IPv6 address. Must be called at splnet. 4937 */ 4938 static void 4939 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) 4940 { 4941 STDDCL; 4942 struct ifaddr *ifa; 4943 struct sockaddr_in6 *sin6; 4944 4945 /* 4946 * Pick the first link-local AF_INET6 address from the list, 4947 * aliases don't make any sense on a p2p link anyway. 4948 */ 4949 4950 sin6 = NULL; 4951 IFADDR_FOREACH(ifa, ifp) 4952 { 4953 if (ifa->ifa_addr->sa_family == AF_INET6) 4954 { 4955 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 4956 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) 4957 break; 4958 } 4959 } 4960 4961 if (ifa && sin6) 4962 { 4963 int error; 4964 struct sockaddr_in6 new_sin6 = *sin6; 4965 4966 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr)); 4967 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); 4968 if (debug && error) 4969 { 4970 log(LOG_DEBUG, "%s: sppp_set_ip6_addr: in6_ifinit " 4971 " failed, error=%d\n", ifp->if_xname, error); 4972 } 4973 #ifdef PFIL_HOOKS 4974 if (!error) 4975 (void)pfil_run_hooks(&if_pfil, 4976 (struct mbuf **)SIOCAIFADDR_IN6, ifp, PFIL_IFADDR); 4977 #endif 4978 } 4979 } 4980 #endif 4981 4982 /* 4983 * Suggest a candidate address to be used by peer. 4984 */ 4985 static void 4986 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) 4987 { 4988 struct in6_addr myaddr; 4989 struct timeval tv; 4990 4991 sppp_get_ip6_addrs(sp, &myaddr, 0, 0); 4992 4993 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ 4994 microtime(&tv); 4995 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { 4996 myaddr.s6_addr[14] ^= 0xff; 4997 myaddr.s6_addr[15] ^= 0xff; 4998 } else { 4999 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); 5000 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); 5001 } 5002 if (suggest) 5003 bcopy(&myaddr, suggest, sizeof(myaddr)); 5004 } 5005 #endif /*INET6*/ 5006 5007 /* 5008 * Process ioctl requests specific to the PPP interface. 5009 * Permissions have already been checked. 5010 */ 5011 static int 5012 sppp_params(struct sppp *sp, int cmd, void *data) 5013 { 5014 switch (cmd) { 5015 case SPPPGETAUTHCFG: 5016 { 5017 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 5018 int error; 5019 size_t len; 5020 5021 cfg->myauthflags = sp->myauth.flags; 5022 cfg->hisauthflags = sp->hisauth.flags; 5023 strncpy(cfg->ifname, sp->pp_if.if_xname, IFNAMSIZ); 5024 cfg->hisauth = 0; 5025 if (sp->hisauth.proto) 5026 cfg->hisauth = (sp->hisauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP; 5027 cfg->myauth = 0; 5028 if (sp->myauth.proto) 5029 cfg->myauth = (sp->myauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP; 5030 if (cfg->myname_length == 0) { 5031 if (sp->myauth.name != NULL) 5032 cfg->myname_length = sp->myauth.name_len + 1; 5033 } else { 5034 if (sp->myauth.name == NULL) { 5035 cfg->myname_length = 0; 5036 } else { 5037 len = sp->myauth.name_len + 1; 5038 if (cfg->myname_length < len) 5039 return (ENAMETOOLONG); 5040 error = copyout(sp->myauth.name, cfg->myname, len); 5041 if (error) return error; 5042 } 5043 } 5044 if (cfg->hisname_length == 0) { 5045 if (sp->hisauth.name != NULL) 5046 cfg->hisname_length = sp->hisauth.name_len + 1; 5047 } else { 5048 if (sp->hisauth.name == NULL) { 5049 cfg->hisname_length = 0; 5050 } else { 5051 len = sp->hisauth.name_len + 1; 5052 if (cfg->hisname_length < len) 5053 return (ENAMETOOLONG); 5054 error = copyout(sp->hisauth.name, cfg->hisname, len); 5055 if (error) return error; 5056 } 5057 } 5058 } 5059 break; 5060 case SPPPSETAUTHCFG: 5061 { 5062 struct spppauthcfg *cfg = (struct spppauthcfg *)data; 5063 int error; 5064 5065 if (sp->myauth.name) { 5066 free(sp->myauth.name, M_DEVBUF); 5067 sp->myauth.name = NULL; 5068 } 5069 if (sp->myauth.secret) { 5070 free(sp->myauth.secret, M_DEVBUF); 5071 sp->myauth.secret = NULL; 5072 } 5073 if (sp->hisauth.name) { 5074 free(sp->hisauth.name, M_DEVBUF); 5075 sp->hisauth.name = NULL; 5076 } 5077 if (sp->hisauth.secret) { 5078 free(sp->hisauth.secret, M_DEVBUF); 5079 sp->hisauth.secret = NULL; 5080 } 5081 5082 if (cfg->hisname != NULL && cfg->hisname_length > 0) { 5083 if (cfg->hisname_length >= MCLBYTES) 5084 return (ENAMETOOLONG); 5085 sp->hisauth.name = malloc(cfg->hisname_length, M_DEVBUF, M_WAITOK); 5086 error = copyin(cfg->hisname, sp->hisauth.name, cfg->hisname_length); 5087 if (error) { 5088 free(sp->hisauth.name, M_DEVBUF); 5089 sp->hisauth.name = NULL; 5090 return error; 5091 } 5092 sp->hisauth.name_len = cfg->hisname_length - 1; 5093 sp->hisauth.name[sp->hisauth.name_len] = 0; 5094 } 5095 if (cfg->hissecret != NULL && cfg->hissecret_length > 0) { 5096 if (cfg->hissecret_length >= MCLBYTES) 5097 return (ENAMETOOLONG); 5098 sp->hisauth.secret = malloc(cfg->hissecret_length, M_DEVBUF, M_WAITOK); 5099 error = copyin(cfg->hissecret, sp->hisauth.secret, cfg->hissecret_length); 5100 if (error) { 5101 free(sp->hisauth.secret, M_DEVBUF); 5102 sp->hisauth.secret = NULL; 5103 return error; 5104 } 5105 sp->hisauth.secret_len = cfg->hissecret_length - 1; 5106 sp->hisauth.secret[sp->hisauth.secret_len] = 0; 5107 } 5108 if (cfg->myname != NULL && cfg->myname_length > 0) { 5109 if (cfg->myname_length >= MCLBYTES) 5110 return (ENAMETOOLONG); 5111 sp->myauth.name = malloc(cfg->myname_length, M_DEVBUF, M_WAITOK); 5112 error = copyin(cfg->myname, sp->myauth.name, cfg->myname_length); 5113 if (error) { 5114 free(sp->myauth.name, M_DEVBUF); 5115 sp->myauth.name = NULL; 5116 return error; 5117 } 5118 sp->myauth.name_len = cfg->myname_length - 1; 5119 sp->myauth.name[sp->myauth.name_len] = 0; 5120 } 5121 if (cfg->mysecret != NULL && cfg->mysecret_length > 0) { 5122 if (cfg->mysecret_length >= MCLBYTES) 5123 return (ENAMETOOLONG); 5124 sp->myauth.secret = malloc(cfg->mysecret_length, M_DEVBUF, M_WAITOK); 5125 error = copyin(cfg->mysecret, sp->myauth.secret, cfg->mysecret_length); 5126 if (error) { 5127 free(sp->myauth.secret, M_DEVBUF); 5128 sp->myauth.secret = NULL; 5129 return error; 5130 } 5131 sp->myauth.secret_len = cfg->mysecret_length - 1; 5132 sp->myauth.secret[sp->myauth.secret_len] = 0; 5133 } 5134 sp->myauth.flags = cfg->myauthflags; 5135 if (cfg->myauth) 5136 sp->myauth.proto = (cfg->myauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP; 5137 sp->hisauth.flags = cfg->hisauthflags; 5138 if (cfg->hisauth) 5139 sp->hisauth.proto = (cfg->hisauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP; 5140 sp->pp_auth_failures = 0; 5141 if (sp->hisauth.proto != 0) 5142 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); 5143 else 5144 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); 5145 } 5146 break; 5147 case SPPPGETLCPCFG: 5148 { 5149 struct sppplcpcfg *lcpp = (struct sppplcpcfg *)data; 5150 lcpp->lcp_timeout = sp->lcp.timeout; 5151 } 5152 break; 5153 case SPPPSETLCPCFG: 5154 { 5155 struct sppplcpcfg *lcpp = (struct sppplcpcfg *)data; 5156 sp->lcp.timeout = lcpp->lcp_timeout; 5157 } 5158 break; 5159 case SPPPGETSTATUS: 5160 { 5161 struct spppstatus *status = (struct spppstatus *)data; 5162 status->phase = sp->pp_phase; 5163 } 5164 break; 5165 case SPPPGETSTATUSNCP: 5166 { 5167 struct spppstatusncp *status = (struct spppstatusncp *)data; 5168 status->phase = sp->pp_phase; 5169 status->ncpup = sppp_ncp_check(sp); 5170 } 5171 break; 5172 case SPPPGETIDLETO: 5173 { 5174 struct spppidletimeout *to = (struct spppidletimeout *)data; 5175 to->idle_seconds = sp->pp_idle_timeout; 5176 } 5177 break; 5178 case SPPPSETIDLETO: 5179 { 5180 struct spppidletimeout *to = (struct spppidletimeout *)data; 5181 sp->pp_idle_timeout = to->idle_seconds; 5182 } 5183 break; 5184 case SPPPSETAUTHFAILURE: 5185 { 5186 struct spppauthfailuresettings *afsettings = (struct spppauthfailuresettings *)data; 5187 sp->pp_max_auth_fail = afsettings->max_failures; 5188 sp->pp_auth_failures = 0; 5189 } 5190 break; 5191 case SPPPGETAUTHFAILURES: 5192 { 5193 struct spppauthfailurestats *stats = (struct spppauthfailurestats *)data; 5194 stats->auth_failures = sp->pp_auth_failures; 5195 stats->max_failures = sp->pp_max_auth_fail; 5196 } 5197 break; 5198 case SPPPSETDNSOPTS: 5199 { 5200 struct spppdnssettings *req = (struct spppdnssettings *)data; 5201 sp->query_dns = req->query_dns & 3; 5202 } 5203 break; 5204 case SPPPGETDNSOPTS: 5205 { 5206 struct spppdnssettings *req = (struct spppdnssettings *)data; 5207 req->query_dns = sp->query_dns; 5208 } 5209 break; 5210 case SPPPGETDNSADDRS: 5211 { 5212 struct spppdnsaddrs *addrs = (struct spppdnsaddrs *)data; 5213 memcpy(&addrs->dns, &sp->dns_addrs, sizeof addrs->dns); 5214 } 5215 break; 5216 case SPPPGETKEEPALIVE: 5217 { 5218 struct spppkeepalivesettings *settings = 5219 (struct spppkeepalivesettings*)data; 5220 settings->maxalive = sp->pp_maxalive; 5221 settings->max_noreceive = sp->pp_max_noreceive; 5222 } 5223 break; 5224 case SPPPSETKEEPALIVE: 5225 { 5226 struct spppkeepalivesettings *settings = 5227 (struct spppkeepalivesettings*)data; 5228 sp->pp_maxalive = settings->maxalive; 5229 sp->pp_max_noreceive = settings->max_noreceive; 5230 } 5231 break; 5232 default: 5233 return (EINVAL); 5234 } 5235 5236 return (0); 5237 } 5238 5239 static void 5240 sppp_phase_network(struct sppp *sp) 5241 { 5242 STDDCL; 5243 int i; 5244 u_int32_t mask; 5245 5246 sp->pp_phase = SPPP_PHASE_NETWORK; 5247 5248 if (debug) 5249 { 5250 log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, 5251 sppp_phase_name(sp->pp_phase)); 5252 } 5253 5254 /* Notify NCPs now. */ 5255 for (i = 0; i < IDX_COUNT; i++) 5256 if ((cps[i])->flags & CP_NCP) 5257 (cps[i])->Open(sp); 5258 5259 /* Send Up events to all NCPs. */ 5260 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) 5261 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP)) 5262 (cps[i])->Up(sp); 5263 5264 /* if no NCP is starting, all this was in vain, close down */ 5265 sppp_lcp_check_and_close(sp); 5266 } 5267 5268 5269 static const char * 5270 sppp_cp_type_name(u_char type) 5271 { 5272 static char buf[12]; 5273 switch (type) { 5274 case CONF_REQ: return "conf-req"; 5275 case CONF_ACK: return "conf-ack"; 5276 case CONF_NAK: return "conf-nak"; 5277 case CONF_REJ: return "conf-rej"; 5278 case TERM_REQ: return "term-req"; 5279 case TERM_ACK: return "term-ack"; 5280 case CODE_REJ: return "code-rej"; 5281 case PROTO_REJ: return "proto-rej"; 5282 case ECHO_REQ: return "echo-req"; 5283 case ECHO_REPLY: return "echo-reply"; 5284 case DISC_REQ: return "discard-req"; 5285 } 5286 snprintf(buf, sizeof(buf), "0x%x", type); 5287 return buf; 5288 } 5289 5290 static const char * 5291 sppp_auth_type_name(u_short proto, u_char type) 5292 { 5293 static char buf[12]; 5294 switch (proto) { 5295 case PPP_CHAP: 5296 switch (type) { 5297 case CHAP_CHALLENGE: return "challenge"; 5298 case CHAP_RESPONSE: return "response"; 5299 case CHAP_SUCCESS: return "success"; 5300 case CHAP_FAILURE: return "failure"; 5301 } 5302 case PPP_PAP: 5303 switch (type) { 5304 case PAP_REQ: return "req"; 5305 case PAP_ACK: return "ack"; 5306 case PAP_NAK: return "nak"; 5307 } 5308 } 5309 snprintf(buf, sizeof(buf), "0x%x", type); 5310 return buf; 5311 } 5312 5313 static const char * 5314 sppp_lcp_opt_name(u_char opt) 5315 { 5316 static char buf[12]; 5317 switch (opt) { 5318 case LCP_OPT_MRU: return "mru"; 5319 case LCP_OPT_ASYNC_MAP: return "async-map"; 5320 case LCP_OPT_AUTH_PROTO: return "auth-proto"; 5321 case LCP_OPT_QUAL_PROTO: return "qual-proto"; 5322 case LCP_OPT_MAGIC: return "magic"; 5323 case LCP_OPT_PROTO_COMP: return "proto-comp"; 5324 case LCP_OPT_ADDR_COMP: return "addr-comp"; 5325 } 5326 snprintf(buf, sizeof(buf), "0x%x", opt); 5327 return buf; 5328 } 5329 5330 static const char * 5331 sppp_ipcp_opt_name(u_char opt) 5332 { 5333 static char buf[12]; 5334 switch (opt) { 5335 case IPCP_OPT_ADDRESSES: return "addresses"; 5336 case IPCP_OPT_COMPRESSION: return "compression"; 5337 case IPCP_OPT_ADDRESS: return "address"; 5338 } 5339 snprintf(buf, sizeof(buf), "0x%x", opt); 5340 return buf; 5341 } 5342 5343 #ifdef INET6 5344 static const char * 5345 sppp_ipv6cp_opt_name(u_char opt) 5346 { 5347 static char buf[12]; 5348 switch (opt) { 5349 case IPV6CP_OPT_IFID: return "ifid"; 5350 case IPV6CP_OPT_COMPRESSION: return "compression"; 5351 } 5352 snprintf(buf, sizeof(buf), "0x%x", opt); 5353 return buf; 5354 } 5355 #endif 5356 5357 static const char * 5358 sppp_state_name(int state) 5359 { 5360 switch (state) { 5361 case STATE_INITIAL: return "initial"; 5362 case STATE_STARTING: return "starting"; 5363 case STATE_CLOSED: return "closed"; 5364 case STATE_STOPPED: return "stopped"; 5365 case STATE_CLOSING: return "closing"; 5366 case STATE_STOPPING: return "stopping"; 5367 case STATE_REQ_SENT: return "req-sent"; 5368 case STATE_ACK_RCVD: return "ack-rcvd"; 5369 case STATE_ACK_SENT: return "ack-sent"; 5370 case STATE_OPENED: return "opened"; 5371 } 5372 return "illegal"; 5373 } 5374 5375 static const char * 5376 sppp_phase_name(int phase) 5377 { 5378 switch (phase) { 5379 case SPPP_PHASE_DEAD: return "dead"; 5380 case SPPP_PHASE_ESTABLISH: return "establish"; 5381 case SPPP_PHASE_TERMINATE: return "terminate"; 5382 case SPPP_PHASE_AUTHENTICATE: return "authenticate"; 5383 case SPPP_PHASE_NETWORK: return "network"; 5384 } 5385 return "illegal"; 5386 } 5387 5388 static const char * 5389 sppp_proto_name(u_short proto) 5390 { 5391 static char buf[12]; 5392 switch (proto) { 5393 case PPP_LCP: return "lcp"; 5394 case PPP_IPCP: return "ipcp"; 5395 case PPP_PAP: return "pap"; 5396 case PPP_CHAP: return "chap"; 5397 case PPP_IPV6CP: return "ipv6cp"; 5398 } 5399 snprintf(buf, sizeof(buf), "0x%x", (unsigned)proto); 5400 return buf; 5401 } 5402 5403 static void 5404 sppp_print_bytes(const u_char *p, u_short len) 5405 { 5406 addlog(" %02x", *p++); 5407 while (--len > 0) 5408 addlog("-%02x", *p++); 5409 } 5410 5411 static void 5412 sppp_print_string(const char *p, u_short len) 5413 { 5414 u_char c; 5415 5416 while (len-- > 0) { 5417 c = *p++; 5418 /* 5419 * Print only ASCII chars directly. RFC 1994 recommends 5420 * using only them, but we don't rely on it. */ 5421 if (c < ' ' || c > '~') 5422 addlog("\\x%x", c); 5423 else 5424 addlog("%c", c); 5425 } 5426 } 5427 5428 static const char * 5429 sppp_dotted_quad(u_int32_t addr) 5430 { 5431 static char s[16]; 5432 snprintf(s, sizeof(s), "%d.%d.%d.%d", 5433 (int)((addr >> 24) & 0xff), 5434 (int)((addr >> 16) & 0xff), 5435 (int)((addr >> 8) & 0xff), 5436 (int)(addr & 0xff)); 5437 return s; 5438 } 5439 5440 /* a dummy, used to drop uninteresting events */ 5441 static void 5442 sppp_null(struct sppp *unused) 5443 { 5444 /* do just nothing */ 5445 } 5446 /* 5447 * This file is large. Tell emacs to highlight it nevertheless. 5448 * 5449 * Local Variables: 5450 * hilit-auto-highlight-maxout: 120000 5451 * End: 5452 */ 5453
Indexes created Sat Sep 27 22:09:54 GMT 2025