![[BACK]](/icons/back.gif){kind=icon}
Return to if_spppsubr.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / sys / net|
Return to if_spppsubr.c CVS log | Up to [local] / sys / net |
1.1 nbrk 1: /* $OpenBSD: if_spppsubr.c,v 1.56 2007/08/28 15:59:18 canacar Exp $ */
2: /*
3: * Synchronous PPP/Cisco link level subroutines.
4: * Keepalive protocol implemented in both Cisco and PPP modes.
5: *
6: * Copyright (C) 1994-1996 Cronyx Engineering Ltd.
7: * Author: Serge Vakulenko, <vak@cronyx.ru>
8: *
9: * Heavily revamped to conform to RFC 1661.
10: * Copyright (C) 1997, Joerg Wunsch.
11: *
12: * Redistribution and use in source and binary forms, with or without
13: * modification, are permitted provided that the following conditions are met:
14: * 1. Redistributions of source code must retain the above copyright notice,
15: * this list of conditions and the following disclaimer.
16: * 2. Redistributions in binary form must reproduce the above copyright notice,
17: * this list of conditions and the following disclaimer in the documentation
18: * and/or other materials provided with the distribution.
19: *
20: * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY
21: * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23: * ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE
24: * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25: * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26: * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27: * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28: * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29: * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30: * POSSIBILITY OF SUCH DAMAGE.
31: *
32: * From: Version 2.6, Tue May 12 17:10:39 MSD 1998
33: */
34:
35: #include <sys/param.h>
36:
37: #define HIDE
38:
39: #include <sys/systm.h>
40: #include <sys/kernel.h>
41: #include <sys/sockio.h>
42: #include <sys/socket.h>
43: #include <sys/syslog.h>
44: #include <sys/malloc.h>
45: #include <sys/mbuf.h>
46:
47: #if defined (__OpenBSD__)
48: #include <sys/timeout.h>
49: #include <crypto/md5.h>
50: #else
51: #include <sys/md5.h>
52: #endif
53:
54: #include <net/if.h>
55: #include <net/netisr.h>
56: #include <net/if_types.h>
57: #include <net/route.h>
58:
59: /* for arc4random() */
60: #include <dev/rndvar.h>
61:
62: #if defined (__FreeBSD__) || defined(__OpenBSD_) || defined(__NetBSD__)
63: #include <machine/random.h>
64: #endif
65: #if defined (__NetBSD__) || defined (__OpenBSD__)
66: #include <machine/cpu.h> /* XXX for softnet */
67: #endif
68: #include <sys/stdarg.h>
69:
70: #ifdef INET
71: #include <netinet/in.h>
72: #include <netinet/in_systm.h>
73: #include <netinet/in_var.h>
74: #include <netinet/ip.h>
75: #include <netinet/tcp.h>
76: # if defined (__FreeBSD__) || defined (__OpenBSD__)
77: # include <netinet/if_ether.h>
78: # else
79: # include <net/ethertypes.h>
80: # endif
81: #else
82: # error Huh? sppp without INET?
83: #endif
84:
85: #include <net/if_sppp.h>
86:
87: #if defined (__FreeBSD__)
88: # define UNTIMEOUT(fun, arg, handle) \
89: untimeout(fun, arg, handle)
90: #elif defined(__OpenBSD__)
91: # define UNTIMEOUT(fun, arg, handle) \
92: timeout_del(&(handle))
93: #else
94: # define UNTIMEOUT(fun, arg, handle) \
95: untimeout(fun, arg)
96: #endif
97:
98: #define LOOPALIVECNT 3 /* loopback detection tries */
99: #define MAXALIVECNT 3 /* max. missed alive packets */
100: #define NORECV_TIME 15 /* before we get worried */
101:
102: /*
103: * Interface flags that can be set in an ifconfig command.
104: *
105: * Setting link0 will make the link passive, i.e. it will be marked
106: * as being administrative openable, but won't be opened to begin
107: * with. Incoming calls will be answered, or subsequent calls with
108: * -link1 will cause the administrative open of the LCP layer.
109: *
110: * Setting link1 will cause the link to auto-dial only as packets
111: * arrive to be sent.
112: *
113: * Setting IFF_DEBUG will syslog the option negotiation and state
114: * transitions at level kern.debug. Note: all logs consistently look
115: * like
116: *
117: * <if-name><unit>: <proto-name> <additional info...>
118: *
119: * with <if-name><unit> being something like "bppp0", and <proto-name>
120: * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc.
121: */
122:
123: #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */
124: #define IFF_AUTO IFF_LINK1 /* auto-dial on output */
125:
126: #define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */
127: #define PPP_UI 0x03 /* Unnumbered Information */
128: #define PPP_IP 0x0021 /* Internet Protocol */
129: #define PPP_ISO 0x0023 /* ISO OSI Protocol */
130: #define PPP_XNS 0x0025 /* Xerox NS Protocol */
131: #define PPP_IPX 0x002b /* Novell IPX Protocol */
132: #define PPP_LCP 0xc021 /* Link Control Protocol */
133: #define PPP_PAP 0xc023 /* Password Authentication Protocol */
134: #define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */
135: #define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */
136:
137: #define CONF_REQ 1 /* PPP configure request */
138: #define CONF_ACK 2 /* PPP configure acknowledge */
139: #define CONF_NAK 3 /* PPP configure negative ack */
140: #define CONF_REJ 4 /* PPP configure reject */
141: #define TERM_REQ 5 /* PPP terminate request */
142: #define TERM_ACK 6 /* PPP terminate acknowledge */
143: #define CODE_REJ 7 /* PPP code reject */
144: #define PROTO_REJ 8 /* PPP protocol reject */
145: #define ECHO_REQ 9 /* PPP echo request */
146: #define ECHO_REPLY 10 /* PPP echo reply */
147: #define DISC_REQ 11 /* PPP discard request */
148:
149: #define LCP_OPT_MRU 1 /* maximum receive unit */
150: #define LCP_OPT_ASYNC_MAP 2 /* async control character map */
151: #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */
152: #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */
153: #define LCP_OPT_MAGIC 5 /* magic number */
154: #define LCP_OPT_RESERVED 6 /* reserved */
155: #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */
156: #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */
157:
158: #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */
159: #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */
160: #define IPCP_OPT_ADDRESS 3 /* local IP address */
161:
162: #define PAP_REQ 1 /* PAP name/password request */
163: #define PAP_ACK 2 /* PAP acknowledge */
164: #define PAP_NAK 3 /* PAP fail */
165:
166: #define CHAP_CHALLENGE 1 /* CHAP challenge request */
167: #define CHAP_RESPONSE 2 /* CHAP challenge response */
168: #define CHAP_SUCCESS 3 /* CHAP response ok */
169: #define CHAP_FAILURE 4 /* CHAP response failed */
170:
171: #define CHAP_MD5 5 /* hash algorithm - MD5 */
172:
173: #define CISCO_MULTICAST 0x8f /* Cisco multicast address */
174: #define CISCO_UNICAST 0x0f /* Cisco unicast address */
175: #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */
176: #define CISCO_ADDR_REQ 0 /* Cisco address request */
177: #define CISCO_ADDR_REPLY 1 /* Cisco address reply */
178: #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */
179:
180: /* states are named and numbered according to RFC 1661 */
181: #define STATE_INITIAL 0
182: #define STATE_STARTING 1
183: #define STATE_CLOSED 2
184: #define STATE_STOPPED 3
185: #define STATE_CLOSING 4
186: #define STATE_STOPPING 5
187: #define STATE_REQ_SENT 6
188: #define STATE_ACK_RCVD 7
189: #define STATE_ACK_SENT 8
190: #define STATE_OPENED 9
191:
192: struct ppp_header {
193: u_char address;
194: u_char control;
195: u_short protocol;
196: };
197: #define PPP_HEADER_LEN sizeof (struct ppp_header)
198:
199: struct lcp_header {
200: u_char type;
201: u_char ident;
202: u_short len;
203: };
204: #define LCP_HEADER_LEN sizeof (struct lcp_header)
205:
206: struct cisco_packet {
207: u_int32_t type;
208: u_int32_t par1;
209: u_int32_t par2;
210: u_short rel;
211: u_short time0;
212: u_short time1;
213: };
214: #define CISCO_PACKET_LEN 18
215:
216: /*
217: * We follow the spelling and capitalization of RFC 1661 here, to make
218: * it easier comparing with the standard. Please refer to this RFC in
219: * case you can't make sense out of these abbreviation; it will also
220: * explain the semantics related to the various events and actions.
221: */
222: struct cp {
223: u_short proto; /* PPP control protocol number */
224: u_char protoidx; /* index into state table in struct sppp */
225: u_char flags;
226: #define CP_LCP 0x01 /* this is the LCP */
227: #define CP_AUTH 0x02 /* this is an authentication protocol */
228: #define CP_NCP 0x04 /* this is a NCP */
229: #define CP_QUAL 0x08 /* this is a quality reporting protocol */
230: const char *name; /* name of this control protocol */
231: /* event handlers */
232: void (*Up)(struct sppp *sp);
233: void (*Down)(struct sppp *sp);
234: void (*Open)(struct sppp *sp);
235: void (*Close)(struct sppp *sp);
236: void (*TO)(void *sp);
237: int (*RCR)(struct sppp *sp, struct lcp_header *h, int len);
238: void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len);
239: void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len);
240: /* actions */
241: void (*tlu)(struct sppp *sp);
242: void (*tld)(struct sppp *sp);
243: void (*tls)(struct sppp *sp);
244: void (*tlf)(struct sppp *sp);
245: void (*scr)(struct sppp *sp);
246: };
247:
248: static struct sppp *spppq;
249: #if defined (__OpenBSD__)
250: static struct timeout keepalive_ch;
251: #endif
252: #if defined (__FreeBSD__)
253: static struct callout_handle keepalive_ch;
254: #endif
255:
256: #if defined (__FreeBSD__)
257: #define SPP_FMT "%s%d: "
258: #define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit
259: #else
260: #define SPP_FMT "%s: "
261: #define SPP_ARGS(ifp) (ifp)->if_xname
262: #endif
263:
264: /*
265: * The following disgusting hack gets around the problem that IP TOS
266: * can't be set yet. We want to put "interactive" traffic on a high
267: * priority queue. To decide if traffic is interactive, we check that
268: * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control.
269: *
270: * XXX is this really still necessary? - joerg -
271: */
272: static u_short interactive_ports[8] = {
273: 0, 513, 0, 0,
274: 0, 21, 0, 23,
275: };
276: #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p))
277:
278: /* almost every function needs these */
279: #define STDDCL \
280: struct ifnet *ifp = &sp->pp_if; \
281: int debug = ifp->if_flags & IFF_DEBUG
282:
283: HIDE int sppp_output(struct ifnet *ifp, struct mbuf *m,
284: struct sockaddr *dst, struct rtentry *rt);
285:
286: HIDE void sppp_cisco_send(struct sppp *sp, u_int32_t type, u_int32_t par1, u_int32_t par2);
287: HIDE void sppp_cisco_input(struct sppp *sp, struct mbuf *m);
288:
289: HIDE void sppp_cp_input(const struct cp *cp, struct sppp *sp,
290: struct mbuf *m);
291: HIDE void sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
292: u_char ident, u_short len, void *data);
293: #ifdef notyet
294: HIDE void sppp_cp_timeout(void *arg);
295: #endif
296: HIDE void sppp_cp_change_state(const struct cp *cp, struct sppp *sp,
297: int newstate);
298: HIDE void sppp_auth_send(const struct cp *cp,
299: struct sppp *sp, unsigned int type, u_char id,
300: ...);
301:
302: HIDE void sppp_up_event(const struct cp *cp, struct sppp *sp);
303: HIDE void sppp_down_event(const struct cp *cp, struct sppp *sp);
304: HIDE void sppp_open_event(const struct cp *cp, struct sppp *sp);
305: HIDE void sppp_close_event(const struct cp *cp, struct sppp *sp);
306: HIDE void sppp_increasing_timeout(const struct cp *cp, struct sppp *sp);
307: HIDE void sppp_to_event(const struct cp *cp, struct sppp *sp);
308:
309: HIDE void sppp_null(struct sppp *sp);
310:
311: HIDE void sppp_lcp_init(struct sppp *sp);
312: HIDE void sppp_lcp_up(struct sppp *sp);
313: HIDE void sppp_lcp_down(struct sppp *sp);
314: HIDE void sppp_lcp_open(struct sppp *sp);
315: HIDE void sppp_lcp_close(struct sppp *sp);
316: HIDE void sppp_lcp_TO(void *sp);
317: HIDE int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
318: HIDE void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
319: HIDE void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
320: HIDE void sppp_lcp_tlu(struct sppp *sp);
321: HIDE void sppp_lcp_tld(struct sppp *sp);
322: HIDE void sppp_lcp_tls(struct sppp *sp);
323: HIDE void sppp_lcp_tlf(struct sppp *sp);
324: HIDE void sppp_lcp_scr(struct sppp *sp);
325: HIDE void sppp_lcp_check_and_close(struct sppp *sp);
326: HIDE int sppp_ncp_check(struct sppp *sp);
327:
328: HIDE void sppp_ipcp_init(struct sppp *sp);
329: HIDE void sppp_ipcp_up(struct sppp *sp);
330: HIDE void sppp_ipcp_down(struct sppp *sp);
331: HIDE void sppp_ipcp_open(struct sppp *sp);
332: HIDE void sppp_ipcp_close(struct sppp *sp);
333: HIDE void sppp_ipcp_TO(void *sp);
334: HIDE int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
335: HIDE void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
336: HIDE void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
337: HIDE void sppp_ipcp_tlu(struct sppp *sp);
338: HIDE void sppp_ipcp_tld(struct sppp *sp);
339: HIDE void sppp_ipcp_tls(struct sppp *sp);
340: HIDE void sppp_ipcp_tlf(struct sppp *sp);
341: HIDE void sppp_ipcp_scr(struct sppp *sp);
342:
343: HIDE void sppp_pap_input(struct sppp *sp, struct mbuf *m);
344: HIDE void sppp_pap_init(struct sppp *sp);
345: HIDE void sppp_pap_open(struct sppp *sp);
346: HIDE void sppp_pap_close(struct sppp *sp);
347: HIDE void sppp_pap_TO(void *sp);
348: HIDE void sppp_pap_my_TO(void *sp);
349: HIDE void sppp_pap_tlu(struct sppp *sp);
350: HIDE void sppp_pap_tld(struct sppp *sp);
351: HIDE void sppp_pap_scr(struct sppp *sp);
352:
353: HIDE void sppp_chap_input(struct sppp *sp, struct mbuf *m);
354: HIDE void sppp_chap_init(struct sppp *sp);
355: HIDE void sppp_chap_open(struct sppp *sp);
356: HIDE void sppp_chap_close(struct sppp *sp);
357: HIDE void sppp_chap_TO(void *sp);
358: HIDE void sppp_chap_tlu(struct sppp *sp);
359: HIDE void sppp_chap_tld(struct sppp *sp);
360: HIDE void sppp_chap_scr(struct sppp *sp);
361:
362: HIDE const char *sppp_auth_type_name(u_short proto, u_char type);
363: HIDE const char *sppp_cp_type_name(u_char type);
364: HIDE const char *sppp_dotted_quad(u_int32_t addr);
365: HIDE const char *sppp_ipcp_opt_name(u_char opt);
366: HIDE const char *sppp_lcp_opt_name(u_char opt);
367: HIDE const char *sppp_phase_name(enum ppp_phase phase);
368: HIDE const char *sppp_proto_name(u_short proto);
369: HIDE const char *sppp_state_name(int state);
370: HIDE int sppp_params(struct sppp *sp, u_long cmd, void *data);
371: HIDE int sppp_strnlen(u_char *p, int max);
372: HIDE void sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst,
373: u_int32_t *srcmask);
374: HIDE void sppp_keepalive(void *dummy);
375: HIDE void sppp_phase_network(struct sppp *sp);
376: HIDE void sppp_print_bytes(const u_char *p, u_short len);
377: HIDE void sppp_print_string(const char *p, u_short len);
378: HIDE void sppp_qflush(struct ifqueue *ifq);
379: HIDE void sppp_set_ip_addrs(struct sppp *sp, u_int32_t myaddr,
380: u_int32_t hisaddr);
381: HIDE void sppp_clear_ip_addrs(struct sppp *sp);
382: HIDE void sppp_set_phase(struct sppp *sp);
383:
384: /* our control protocol descriptors */
385: static const struct cp lcp = {
386: PPP_LCP, IDX_LCP, CP_LCP, "lcp",
387: sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close,
388: sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak,
389: sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf,
390: sppp_lcp_scr
391: };
392:
393: static const struct cp ipcp = {
394: PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp",
395: sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close,
396: sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak,
397: sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf,
398: sppp_ipcp_scr
399: };
400:
401: static const struct cp pap = {
402: PPP_PAP, IDX_PAP, CP_AUTH, "pap",
403: sppp_null, sppp_null, sppp_pap_open, sppp_pap_close,
404: sppp_pap_TO, 0, 0, 0,
405: sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null,
406: sppp_pap_scr
407: };
408:
409: static const struct cp chap = {
410: PPP_CHAP, IDX_CHAP, CP_AUTH, "chap",
411: sppp_null, sppp_null, sppp_chap_open, sppp_chap_close,
412: sppp_chap_TO, 0, 0, 0,
413: sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null,
414: sppp_chap_scr
415: };
416:
417: static const struct cp *cps[IDX_COUNT] = {
418: &lcp, /* IDX_LCP */
419: &ipcp, /* IDX_IPCP */
420: &pap, /* IDX_PAP */
421: &chap, /* IDX_CHAP */
422: };
423:
424:
425:
/*
426: * Exported functions, comprising our interface to the lower layer.
427: */
428:
429: #if defined(__OpenBSD__)
430: /* Workaround */
431: void
432: spppattach(struct ifnet *ifp)
433: {
434: }
435: #endif
436:
437: /*
438: * Process the received packet.
439: */
440: void
441: sppp_input(struct ifnet *ifp, struct mbuf *m)
442: {
443: struct ppp_header *h, ht;
444: struct ifqueue *inq = 0;
445: struct sppp *sp = (struct sppp *)ifp;
446: struct timeval tv;
447: int debug = ifp->if_flags & IFF_DEBUG;
448: int s;
449:
450: if (ifp->if_flags & IFF_UP) {
451: /* Count received bytes, add hardware framing */
452: ifp->if_ibytes += m->m_pkthdr.len + sp->pp_framebytes;
453: /* Note time of last receive */
454: getmicrouptime(&tv);
455: sp->pp_last_receive = tv.tv_sec;
456: }
457:
458: if (m->m_pkthdr.len <= PPP_HEADER_LEN) {
459: /* Too small packet, drop it. */
460: if (debug)
461: log(LOG_DEBUG,
462: SPP_FMT "input packet is too small, %d bytes\n",
463: SPP_ARGS(ifp), m->m_pkthdr.len);
464: drop:
465: ++ifp->if_ierrors;
466: ++ifp->if_iqdrops;
467: m_freem (m);
468: return;
469: }
470:
471: if (sp->pp_flags & PP_NOFRAMING) {
472: memcpy(&ht.protocol, mtod(m, char *), sizeof(ht.protocol));
473: m_adj(m, 2);
474: ht.control = PPP_UI;
475: ht.address = PPP_ALLSTATIONS;
476: h = &ht;
477: } else {
478: /* Get PPP header. */
479: h = mtod (m, struct ppp_header*);
480: m_adj (m, PPP_HEADER_LEN);
481: }
482:
483: /* preserve the alignment */
484: if (m->m_len < m->m_pkthdr.len) {
485: m = m_pullup2(m, m->m_pkthdr.len);
486: if (m == NULL) {
487: if (debug)
488: log(LOG_DEBUG,
489: SPP_FMT "Failed to align packet!\n", SPP_ARGS(ifp));
490: ++ifp->if_ierrors;
491: ++ifp->if_iqdrops;
492: return;
493: }
494: }
495:
496: switch (h->address) {
497: case PPP_ALLSTATIONS:
498: if (h->control != PPP_UI)
499: goto invalid;
500: if (sp->pp_flags & PP_CISCO) {
501: if (debug)
502: log(LOG_DEBUG,
503: SPP_FMT "PPP packet in Cisco mode "
504: "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
505: SPP_ARGS(ifp),
506: h->address, h->control, ntohs(h->protocol));
507: goto drop;
508: }
509: switch (ntohs (h->protocol)) {
510: default:
511: if (sp->state[IDX_LCP] == STATE_OPENED)
512: sppp_cp_send (sp, PPP_LCP, PROTO_REJ,
513: ++sp->pp_seq, 2, &h->protocol);
514: if (debug)
515: log(LOG_DEBUG,
516: SPP_FMT "invalid input protocol "
517: "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
518: SPP_ARGS(ifp),
519: h->address, h->control, ntohs(h->protocol));
520: ++ifp->if_noproto;
521: goto drop;
522: case PPP_LCP:
523: sppp_cp_input(&lcp, sp, m);
524: m_freem (m);
525: return;
526: case PPP_PAP:
527: if (sp->pp_phase >= PHASE_AUTHENTICATE)
528: sppp_pap_input(sp, m);
529: m_freem (m);
530: return;
531: case PPP_CHAP:
532: if (sp->pp_phase >= PHASE_AUTHENTICATE)
533: sppp_chap_input(sp, m);
534: m_freem (m);
535: return;
536: #ifdef INET
537: case PPP_IPCP:
538: if (sp->pp_phase == PHASE_NETWORK)
539: sppp_cp_input(&ipcp, sp, m);
540: m_freem (m);
541: return;
542: case PPP_IP:
543: if (sp->state[IDX_IPCP] == STATE_OPENED) {
544: schednetisr (NETISR_IP);
545: inq = &ipintrq;
546: sp->pp_last_activity = tv.tv_sec;
547: }
548: break;
549: #endif
550: }
551: break;
552: case CISCO_MULTICAST:
553: case CISCO_UNICAST:
554: /* Don't check the control field here (RFC 1547). */
555: if (! (sp->pp_flags & PP_CISCO)) {
556: if (debug)
557: log(LOG_DEBUG,
558: SPP_FMT "Cisco packet in PPP mode "
559: "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
560: SPP_ARGS(ifp),
561: h->address, h->control, ntohs(h->protocol));
562: goto drop;
563: }
564: switch (ntohs (h->protocol)) {
565: default:
566: ++ifp->if_noproto;
567: goto invalid;
568: case CISCO_KEEPALIVE:
569: sppp_cisco_input ((struct sppp*) ifp, m);
570: m_freem (m);
571: return;
572: #ifdef INET
573: case ETHERTYPE_IP:
574: schednetisr (NETISR_IP);
575: inq = &ipintrq;
576: break;
577: #endif
578: }
579: break;
580: default: /* Invalid PPP packet. */
581: invalid:
582: if (debug)
583: log(LOG_DEBUG,
584: SPP_FMT "invalid input packet "
585: "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
586: SPP_ARGS(ifp),
587: h->address, h->control, ntohs(h->protocol));
588: goto drop;
589: }
590:
591: if (! (ifp->if_flags & IFF_UP) || ! inq)
592: goto drop;
593:
594: /* Check queue. */
595: s = splnet();
596: if (IF_QFULL (inq)) {
597: /* Queue overflow. */
598: IF_DROP(inq);
599: splx(s);
600: if (debug)
601: log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n",
602: SPP_ARGS(ifp));
603: if (!inq->ifq_congestion)
604: if_congestion(inq);
605: goto drop;
606: }
607: IF_ENQUEUE(inq, m);
608: splx(s);
609: }
610:
611: /*
612: * Enqueue transmit packet.
613: */
614: HIDE int
615: sppp_output(struct ifnet *ifp, struct mbuf *m,
616: struct sockaddr *dst, struct rtentry *rt)
617: {
618: struct sppp *sp = (struct sppp*) ifp;
619: struct ppp_header *h;
620: struct ifqueue *ifq = NULL;
621: struct timeval tv;
622: int s, len, rv = 0;
623: u_int16_t protocol;
624:
625: s = splnet();
626:
627: getmicrouptime(&tv);
628: sp->pp_last_activity = tv.tv_sec;
629:
630: if ((ifp->if_flags & IFF_UP) == 0 ||
631: (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) {
632: m_freem (m);
633: splx (s);
634: return (ENETDOWN);
635: }
636:
637: if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) {
638: /*
639: * Interface is not yet running, but auto-dial. Need
640: * to start LCP for it.
641: */
642: ifp->if_flags |= IFF_RUNNING;
643: splx(s);
644: lcp.Open(sp);
645: s = splnet();
646: }
647:
648: #ifdef INET
649: /*
650: * Put low delay, telnet, rlogin and ftp control packets
651: * in front of the queue.
652: */
653: if (dst->sa_family == AF_INET) {
654: struct ip *ip = NULL;
655: struct tcphdr *th = NULL;
656:
657: if (m->m_len >= sizeof(struct ip)) {
658: ip = mtod(m, struct ip *);
659: if (ip->ip_p == IPPROTO_TCP &&
660: m->m_len >= sizeof(struct ip) + (ip->ip_hl << 2) +
661: sizeof(struct tcphdr)) {
662: th = (struct tcphdr *)
663: ((caddr_t)ip + (ip->ip_hl << 2));
664: }
665: }
666: /*
667: * When using dynamic local IP address assignment by using
668: * 0.0.0.0 as a local address, the first TCP session will
669: * not connect because the local TCP checksum is computed
670: * using 0.0.0.0 which will later become our real IP address
671: * so the TCP checksum computed at the remote end will
672: * become invalid. So we
673: * - don't let packets with src ip addr 0 thru
674: * - we flag TCP packets with src ip 0 as an error
675: */
676:
677: if(ip && ip->ip_src.s_addr == INADDR_ANY) {
678: u_int8_t proto = ip->ip_p;
679:
680: m_freem(m);
681: splx(s);
682: if(proto == IPPROTO_TCP)
683: return (EADDRNOTAVAIL);
684: else
685: return (0);
686: }
687:
688: if (!IF_QFULL(&sp->pp_fastq) &&
689: ((ip && (ip->ip_tos & IPTOS_LOWDELAY)) ||
690: (th && (INTERACTIVE(ntohs(th->th_sport)) ||
691: INTERACTIVE(ntohs(th->th_dport))))))
692: ifq = &sp->pp_fastq;
693: }
694: #endif
695:
696: if (sp->pp_flags & PP_NOFRAMING)
697: goto skip_header;
698: /*
699: * Prepend general data packet PPP header. For now, IP only.
700: */
701: M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT);
702: if (!m) {
703: if (ifp->if_flags & IFF_DEBUG)
704: log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n",
705: SPP_ARGS(ifp));
706: ++ifp->if_oerrors;
707: splx (s);
708: return (ENOBUFS);
709: }
710: /*
711: * May want to check size of packet
712: * (albeit due to the implementation it's always enough)
713: */
714: h = mtod (m, struct ppp_header*);
715: if (sp->pp_flags & PP_CISCO) {
716: h->address = CISCO_UNICAST; /* unicast address */
717: h->control = 0;
718: } else {
719: h->address = PPP_ALLSTATIONS; /* broadcast address */
720: h->control = PPP_UI; /* Unnumbered Info */
721: }
722:
723: skip_header:
724: switch (dst->sa_family) {
725: #ifdef INET
726: case AF_INET: /* Internet Protocol */
727: if (sp->pp_flags & PP_CISCO)
728: protocol = htons (ETHERTYPE_IP);
729: else {
730: /*
731: * Don't choke with an ENETDOWN early. It's
732: * possible that we just started dialing out,
733: * so don't drop the packet immediately. If
734: * we notice that we run out of buffer space
735: * below, we will however remember that we are
736: * not ready to carry IP packets, and return
737: * ENETDOWN, as opposed to ENOBUFS.
738: */
739: protocol = htons(PPP_IP);
740: if (sp->state[IDX_IPCP] != STATE_OPENED)
741: rv = ENETDOWN;
742: }
743: break;
744: #endif
745: default:
746: m_freem(m);
747: ++ifp->if_oerrors;
748: splx(s);
749: return (EAFNOSUPPORT);
750: }
751:
752: if (sp->pp_flags & PP_NOFRAMING) {
753: M_PREPEND(m, 2, M_DONTWAIT);
754: if (m == NULL) {
755: if (ifp->if_flags & IFF_DEBUG)
756: log(LOG_DEBUG, SPP_FMT
757: "no memory for transmit header\n",
758: SPP_ARGS(ifp));
759: ++ifp->if_oerrors;
760: splx(s);
761: return (ENOBUFS);
762: }
763: *mtod(m, u_int16_t *) = protocol;
764: } else
765: h->protocol = protocol;
766:
767: /*
768: * Queue message on interface, and start output if interface
769: * not yet active.
770: */
771: len = m->m_pkthdr.len;
772: if (ifq != NULL
773: #ifdef ALTQ
774: && ALTQ_IS_ENABLED(&ifp->if_snd) == 0
775: #endif
776: ) {
777: if (IF_QFULL (ifq)) {
778: IF_DROP (&ifp->if_snd);
779: m_freem (m);
780: if (rv == 0)
781: rv = ENOBUFS;
782: } else
783: IF_ENQUEUE (ifq, m);
784: } else
785: IFQ_ENQUEUE(&ifp->if_snd, m, NULL, rv);
786:
787: if (rv != 0) {
788: ++ifp->if_oerrors;
789: splx (s);
790: return (rv);
791: }
792:
793: if (!(ifp->if_flags & IFF_OACTIVE))
794: (*ifp->if_start) (ifp);
795:
796: /*
797: * Count output packets and bytes.
798: * The packet length includes header, FCS and 1 flag,
799: * according to RFC 1333.
800: */
801: ifp->if_obytes += len + sp->pp_framebytes;
802: splx (s);
803: return (0);
804: }
805:
806: void
807: sppp_attach(struct ifnet *ifp)
808: {
809: struct sppp *sp = (struct sppp*) ifp;
810:
811: /* Initialize keepalive handler. */
812: if (! spppq) {
813: #if defined (__FreeBSD__)
814: keepalive_ch = timeout(sppp_keepalive, 0, hz * 10);
815: #elif defined(__OpenBSD__)
816: timeout_set(&keepalive_ch, sppp_keepalive, NULL);
817: timeout_add(&keepalive_ch, hz * 10);
818: #endif
819: }
820:
821: /* Insert new entry into the keepalive list. */
822: sp->pp_next = spppq;
823: spppq = sp;
824:
825: sp->pp_if.if_type = IFT_PPP;
826: sp->pp_if.if_output = sppp_output;
827: IFQ_SET_MAXLEN(&sp->pp_if.if_snd, 50);
828: sp->pp_fastq.ifq_maxlen = 50;
829: sp->pp_cpq.ifq_maxlen = 50;
830: sp->pp_loopcnt = 0;
831: sp->pp_alivecnt = 0;
832: sp->pp_last_activity = 0;
833: sp->pp_last_receive = 0;
834: sp->pp_seq = 0;
835: sp->pp_rseq = 0;
836: sp->pp_phase = PHASE_DEAD;
837: sp->pp_up = lcp.Up;
838: sp->pp_down = lcp.Down;
839:
840: sppp_lcp_init(sp);
841: sppp_ipcp_init(sp);
842: sppp_pap_init(sp);
843: sppp_chap_init(sp);
844: }
845:
846: void
847: sppp_detach(struct ifnet *ifp)
848: {
849: struct sppp **q, *p, *sp = (struct sppp*) ifp;
850: int i;
851:
852: /* Remove the entry from the keepalive list. */
853: for (q = &spppq; (p = *q); q = &p->pp_next)
854: if (p == sp) {
855: *q = p->pp_next;
856: break;
857: }
858:
859: /* Stop keepalive handler. */
860: if (! spppq)
861: UNTIMEOUT(sppp_keepalive, 0, keepalive_ch);
862:
863: for (i = 0; i < IDX_COUNT; i++)
864: UNTIMEOUT((cps[i])->TO, (void *)sp, sp->ch[i]);
865: UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
866: }
867:
868: /*
869: * Flush the interface output queue.
870: */
871: void
872: sppp_flush(struct ifnet *ifp)
873: {
874: struct sppp *sp = (struct sppp*) ifp;
875:
876: IFQ_PURGE(&sp->pp_if.if_snd);
877: sppp_qflush (&sp->pp_fastq);
878: sppp_qflush (&sp->pp_cpq);
879: }
880:
881: /*
882: * Check if the output queue is empty.
883: */
884: int
885: sppp_isempty(struct ifnet *ifp)
886: {
887: struct sppp *sp = (struct sppp*) ifp;
888: int empty, s;
889:
890: s = splnet();
891: empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head &&
892: IFQ_IS_EMPTY(&sp->pp_if.if_snd);
893: splx(s);
894: return (empty);
895: }
896:
897: /*
898: * Get next packet to send.
899: */
900: struct mbuf *
901: sppp_dequeue(struct ifnet *ifp)
902: {
903: struct sppp *sp = (struct sppp*) ifp;
904: struct mbuf *m;
905: int s;
906:
907: s = splnet();
908: /*
909: * Process only the control protocol queue until we have at
910: * least one NCP open.
911: *
912: * Do always serve all three queues in Cisco mode.
913: */
914: IF_DEQUEUE(&sp->pp_cpq, m);
915: if (m == NULL &&
916: (sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) {
917: IF_DEQUEUE(&sp->pp_fastq, m);
918: if (m == NULL)
919: IFQ_DEQUEUE (&sp->pp_if.if_snd, m);
920: }
921: splx(s);
922: return m;
923: }
924:
925: /*
926: * Pick the next packet, do not remove it from the queue.
927: */
928: struct mbuf *
929: sppp_pick(struct ifnet *ifp)
930: {
931: struct sppp *sp = (struct sppp*)ifp;
932: struct mbuf *m;
933: int s;
934:
935: s = splnet();
936: m = sp->pp_cpq.ifq_head;
937: if (m == NULL &&
938: (sp->pp_phase == PHASE_NETWORK ||
939: (sp->pp_flags & PP_CISCO) != 0))
940: if ((m = sp->pp_fastq.ifq_head) == NULL)
941: IFQ_POLL(&sp->pp_if.if_snd, m);
942: splx (s);
943: return (m);
944: }
945:
946: /*
947: * Process an ioctl request. Called on low priority level.
948: */
949: int
950: sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data)
951: {
952: struct ifreq *ifr = (struct ifreq*) data;
953: struct sppp *sp = (struct sppp*) ifp;
954: int s, rv, going_up, going_down, newmode;
955:
956: s = splnet();
957: rv = 0;
958: switch (cmd) {
959: case SIOCAIFADDR:
960: case SIOCSIFDSTADDR:
961: break;
962:
963: case SIOCSIFADDR:
964: if_up(ifp);
965: /* FALLTHROUGH */
966:
967: case SIOCSIFFLAGS:
968: going_up = (ifp->if_flags & IFF_UP) &&
969: (ifp->if_flags & IFF_RUNNING) == 0;
970: going_down = (ifp->if_flags & IFF_UP) == 0 &&
971: (ifp->if_flags & IFF_RUNNING);
972: newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE);
973: if (newmode == (IFF_AUTO | IFF_PASSIVE)) {
974: /* sanity */
975: newmode = IFF_PASSIVE;
976: ifp->if_flags &= ~IFF_AUTO;
977: }
978:
979: if (going_up || going_down)
980: if (!(sp->pp_flags & PP_CISCO))
981: lcp.Close(sp);
982:
983: if (going_up && newmode == 0) {
984: /* neither auto-dial nor passive */
985: ifp->if_flags |= IFF_RUNNING;
986: if (!(sp->pp_flags & PP_CISCO))
987: lcp.Open(sp);
988: } else if (going_down) {
989: sppp_flush(ifp);
990: ifp->if_flags &= ~IFF_RUNNING;
991: }
992: break;
993:
994: #ifdef SIOCSIFMTU
995: case SIOCSIFMTU:
996: if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) {
997: splx(s);
998: return (EINVAL);
999: }
1000: ifp->if_mtu = ifr->ifr_mtu;
1001: break;
1002: #endif
1003: #ifdef SLIOCSETMTU
1004: case SLIOCSETMTU:
1005: if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru) {
1006: splx(s);
1007: return (EINVAL);
1008: }
1009: ifp->if_mtu = *(short*)data;
1010: break;
1011: #endif
1012: #ifdef SIOCGIFMTU
1013: case SIOCGIFMTU:
1014: ifr->ifr_mtu = ifp->if_mtu;
1015: break;
1016: #endif
1017: #ifdef SLIOCGETMTU
1018: case SLIOCGETMTU:
1019: *(short*)data = ifp->if_mtu;
1020: break;
1021: #endif
1022: case SIOCADDMULTI:
1023: case SIOCDELMULTI:
1024: break;
1025:
1026: case SIOCGIFGENERIC:
1027: case SIOCSIFGENERIC:
1028: rv = sppp_params(sp, cmd, data);
1029: break;
1030:
1031: default:
1032: rv = ENOTTY;
1033: }
1034: splx(s);
1035: return rv;
1036: }
1037:
1038:
1039:
/*
1040: * Cisco framing implementation.
1041: */
1042:
1043: /*
1044: * Handle incoming Cisco keepalive protocol packets.
1045: */
1046: HIDE void
1047: sppp_cisco_input(struct sppp *sp, struct mbuf *m)
1048: {
1049: STDDCL;
1050: struct cisco_packet *h;
1051: u_int32_t me, mymask;
1052:
1053: if (m->m_pkthdr.len < CISCO_PACKET_LEN) {
1054: if (debug)
1055: log(LOG_DEBUG,
1056: SPP_FMT "cisco invalid packet length: %d bytes\n",
1057: SPP_ARGS(ifp), m->m_pkthdr.len);
1058: return;
1059: }
1060: h = mtod (m, struct cisco_packet*);
1061: if (debug)
1062: log(LOG_DEBUG,
1063: SPP_FMT "cisco input: %d bytes "
1064: "<0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n",
1065: SPP_ARGS(ifp), m->m_pkthdr.len,
1066: ntohl(h->type), h->par1, h->par2, (u_int)h->rel,
1067: (u_int)h->time0, (u_int)h->time1);
1068: switch (ntohl (h->type)) {
1069: default:
1070: if (debug)
1071: addlog(SPP_FMT "cisco unknown packet type: 0x%x\n",
1072: SPP_ARGS(ifp), ntohl(h->type));
1073: break;
1074: case CISCO_ADDR_REPLY:
1075: /* Reply on address request, ignore */
1076: break;
1077: case CISCO_KEEPALIVE_REQ:
1078: sp->pp_alivecnt = 0;
1079: sp->pp_rseq = ntohl (h->par1);
1080: if (sp->pp_seq == sp->pp_rseq) {
1081: /* Local and remote sequence numbers are equal.
1082: * Probably, the line is in loopback mode. */
1083: if (sp->pp_loopcnt >= LOOPALIVECNT) {
1084: printf (SPP_FMT "loopback\n",
1085: SPP_ARGS(ifp));
1086: sp->pp_loopcnt = 0;
1087: if (ifp->if_flags & IFF_UP) {
1088: if_down (ifp);
1089: sppp_qflush (&sp->pp_cpq);
1090: }
1091: }
1092: ++sp->pp_loopcnt;
1093:
1094: /* Generate new local sequence number */
1095: #if defined (__FreeBSD__) || defined (__NetBSD__) || defined(__OpenBSD__)
1096: sp->pp_seq = arc4random();
1097: #else
1098: sp->pp_seq ^= time.tv_sec ^ time.tv_usec;
1099: #endif
1100: break;
1101: }
1102: sp->pp_loopcnt = 0;
1103: if (! (ifp->if_flags & IFF_UP) &&
1104: (ifp->if_flags & IFF_RUNNING)) {
1105: if_up(ifp);
1106: if (debug)
1107: log(LOG_INFO, SPP_FMT "up\n", SPP_ARGS(ifp));
1108: }
1109: break;
1110: case CISCO_ADDR_REQ:
1111: sppp_get_ip_addrs(sp, &me, 0, &mymask);
1112: if (me != 0)
1113: sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask);
1114: break;
1115: }
1116: }
1117:
1118: /*
1119: * Send Cisco keepalive packet.
1120: */
1121: HIDE void
1122: sppp_cisco_send(struct sppp *sp, u_int32_t type, u_int32_t par1, u_int32_t par2)
1123: {
1124: STDDCL;
1125: struct ppp_header *h;
1126: struct cisco_packet *ch;
1127: struct mbuf *m;
1128: struct timeval tv;
1129:
1130: getmicrouptime(&tv);
1131:
1132: MGETHDR (m, M_DONTWAIT, MT_DATA);
1133: if (! m)
1134: return;
1135: m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN;
1136: m->m_pkthdr.rcvif = 0;
1137:
1138: h = mtod (m, struct ppp_header*);
1139: h->address = CISCO_MULTICAST;
1140: h->control = 0;
1141: h->protocol = htons (CISCO_KEEPALIVE);
1142:
1143: ch = (struct cisco_packet*) (h + 1);
1144: ch->type = htonl (type);
1145: ch->par1 = htonl (par1);
1146: ch->par2 = htonl (par2);
1147: ch->rel = -1;
1148:
1149: ch->time0 = htons ((u_short) (tv.tv_sec >> 16));
1150: ch->time1 = htons ((u_short) tv.tv_sec);
1151:
1152: if (debug)
1153: log(LOG_DEBUG, SPP_FMT
1154: "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n",
1155: SPP_ARGS(ifp), ntohl(ch->type), ch->par1, ch->par2,
1156: (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1);
1157:
1158: if (IF_QFULL (&sp->pp_cpq)) {
1159: IF_DROP (&sp->pp_fastq);
1160: IF_DROP (&ifp->if_snd);
1161: m_freem (m);
1162: m = NULL;
1163: } else
1164: IF_ENQUEUE (&sp->pp_cpq, m);
1165: if (! (ifp->if_flags & IFF_OACTIVE))
1166: (*ifp->if_start) (ifp);
1167: if (m != NULL)
1168: ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes;
1169: }
1170:
1171:
/*
1172: * PPP protocol implementation.
1173: */
1174:
1175: /*
1176: * Send PPP control protocol packet.
1177: */
1178: HIDE void
1179: sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
1180: u_char ident, u_short len, void *data)
1181: {
1182: STDDCL;
1183: struct ppp_header *h;
1184: struct lcp_header *lh;
1185: struct mbuf *m;
1186: size_t pkthdrlen;
1187:
1188: pkthdrlen = (sp->pp_flags & PP_NOFRAMING) ? 2 : PPP_HEADER_LEN;
1189:
1190: if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN)
1191: len = MHLEN - pkthdrlen - LCP_HEADER_LEN;
1192: MGETHDR (m, M_DONTWAIT, MT_DATA);
1193: if (! m)
1194: return;
1195: m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len;
1196: m->m_pkthdr.rcvif = 0;
1197:
1198: if (sp->pp_flags & PP_NOFRAMING) {
1199: *mtod(m, u_int16_t *) = htons(proto);
1200: lh = (struct lcp_header *)(mtod(m, u_int8_t *) + 2);
1201: } else {
1202: h = mtod (m, struct ppp_header*);
1203: h->address = PPP_ALLSTATIONS; /* broadcast address */
1204: h->control = PPP_UI; /* Unnumbered Info */
1205: h->protocol = htons (proto); /* Link Control Protocol */
1206: lh = (struct lcp_header*) (h + 1);
1207: }
1208: lh->type = type;
1209: lh->ident = ident;
1210: lh->len = htons (LCP_HEADER_LEN + len);
1211: if (len)
1212: bcopy (data, lh+1, len);
1213:
1214: if (debug) {
1215: log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d",
1216: SPP_ARGS(ifp),
1217: sppp_proto_name(proto),
1218: sppp_cp_type_name (lh->type), lh->ident,
1219: ntohs (lh->len));
1220: if (len)
1221: sppp_print_bytes ((u_char*) (lh+1), len);
1222: addlog(">\n");
1223: }
1224: if (IF_QFULL (&sp->pp_cpq)) {
1225: IF_DROP (&sp->pp_fastq);
1226: IF_DROP (&ifp->if_snd);
1227: m_freem (m);
1228: ++ifp->if_oerrors;
1229: m = NULL;
1230: } else
1231: IF_ENQUEUE (&sp->pp_cpq, m);
1232: if (!(ifp->if_flags & IFF_OACTIVE))
1233: (*ifp->if_start) (ifp);
1234: if (m != NULL)
1235: ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes;
1236: }
1237:
1238: /*
1239: * Handle incoming PPP control protocol packets.
1240: */
1241: HIDE void
1242: sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m)
1243: {
1244: STDDCL;
1245: struct lcp_header *h;
1246: int len = m->m_pkthdr.len;
1247: int rv;
1248: u_char *p;
1249: u_long nmagic;
1250:
1251: if (len < 4) {
1252: if (debug)
1253: log(LOG_DEBUG,
1254: SPP_FMT "%s invalid packet length: %d bytes\n",
1255: SPP_ARGS(ifp), cp->name, len);
1256: return;
1257: }
1258: h = mtod (m, struct lcp_header*);
1259: if (debug) {
1260: log(LOG_DEBUG,
1261: SPP_FMT "%s input(%s): <%s id=0x%x len=%d",
1262: SPP_ARGS(ifp), cp->name,
1263: sppp_state_name(sp->state[cp->protoidx]),
1264: sppp_cp_type_name (h->type), h->ident, ntohs (h->len));
1265: if (len > 4)
1266: sppp_print_bytes ((u_char*) (h+1), len-4);
1267: addlog(">\n");
1268: }
1269: if (len > ntohs (h->len))
1270: len = ntohs (h->len);
1271: p = (u_char *)(h + 1);
1272: switch (h->type) {
1273: case CONF_REQ:
1274: if (len < 4) {
1275: if (debug)
1276: addlog(SPP_FMT "%s invalid conf-req length %d\n",
1277: SPP_ARGS(ifp), cp->name,
1278: len);
1279: ++ifp->if_ierrors;
1280: break;
1281: }
1282: /* handle states where RCR doesn't get a SCA/SCN */
1283: switch (sp->state[cp->protoidx]) {
1284: case STATE_CLOSING:
1285: case STATE_STOPPING:
1286: return;
1287: case STATE_CLOSED:
1288: sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident,
1289: 0, 0);
1290: return;
1291: }
1292: rv = (cp->RCR)(sp, h, len);
1293: /* silently drop illegal packets */
1294: if (rv == -1)
1295: return;
1296: switch (sp->state[cp->protoidx]) {
1297: case STATE_OPENED:
1298: sppp_cp_change_state(cp, sp, rv?
1299: STATE_ACK_SENT: STATE_REQ_SENT);
1300: (cp->tld)(sp);
1301: (cp->scr)(sp);
1302: break;
1303: case STATE_ACK_SENT:
1304: case STATE_REQ_SENT:
1305: sppp_cp_change_state(cp, sp, rv?
1306: STATE_ACK_SENT: STATE_REQ_SENT);
1307: break;
1308: case STATE_STOPPED:
1309: sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1310: sppp_cp_change_state(cp, sp, rv?
1311: STATE_ACK_SENT: STATE_REQ_SENT);
1312: (cp->scr)(sp);
1313: break;
1314: case STATE_ACK_RCVD:
1315: if (rv) {
1316: sppp_cp_change_state(cp, sp, STATE_OPENED);
1317: if (debug)
1318: log(LOG_DEBUG, SPP_FMT "%s tlu\n",
1319: SPP_ARGS(ifp),
1320: cp->name);
1321: (cp->tlu)(sp);
1322: } else
1323: sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1324: break;
1325: default:
1326: /* printf(SPP_FMT "%s illegal %s in state %s\n",
1327: SPP_ARGS(ifp), cp->name,
1328: sppp_cp_type_name(h->type),
1329: sppp_state_name(sp->state[cp->protoidx])); */
1330: ++ifp->if_ierrors;
1331: }
1332: break;
1333: case CONF_ACK:
1334: if (h->ident != sp->confid[cp->protoidx]) {
1335: if (debug)
1336: addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n",
1337: SPP_ARGS(ifp), cp->name,
1338: h->ident, sp->confid[cp->protoidx]);
1339: ++ifp->if_ierrors;
1340: break;
1341: }
1342: switch (sp->state[cp->protoidx]) {
1343: case STATE_CLOSED:
1344: case STATE_STOPPED:
1345: sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1346: break;
1347: case STATE_CLOSING:
1348: case STATE_STOPPING:
1349: break;
1350: case STATE_REQ_SENT:
1351: sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1352: sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1353: break;
1354: case STATE_OPENED:
1355: sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1356: (cp->tld)(sp);
1357: (cp->scr)(sp);
1358: break;
1359: case STATE_ACK_RCVD:
1360: sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1361: (cp->scr)(sp);
1362: break;
1363: case STATE_ACK_SENT:
1364: sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1365: sppp_cp_change_state(cp, sp, STATE_OPENED);
1366: if (debug)
1367: log(LOG_DEBUG, SPP_FMT "%s tlu\n",
1368: SPP_ARGS(ifp), cp->name);
1369: (cp->tlu)(sp);
1370: break;
1371: default:
1372: /* printf(SPP_FMT "%s illegal %s in state %s\n",
1373: SPP_ARGS(ifp), cp->name,
1374: sppp_cp_type_name(h->type),
1375: sppp_state_name(sp->state[cp->protoidx])); */
1376: ++ifp->if_ierrors;
1377: }
1378: break;
1379: case CONF_NAK:
1380: case CONF_REJ:
1381: if (h->ident != sp->confid[cp->protoidx]) {
1382: if (debug)
1383: addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n",
1384: SPP_ARGS(ifp), cp->name,
1385: h->ident, sp->confid[cp->protoidx]);
1386: ++ifp->if_ierrors;
1387: break;
1388: }
1389: if (h->type == CONF_NAK)
1390: (cp->RCN_nak)(sp, h, len);
1391: else /* CONF_REJ */
1392: (cp->RCN_rej)(sp, h, len);
1393:
1394: switch (sp->state[cp->protoidx]) {
1395: case STATE_CLOSED:
1396: case STATE_STOPPED:
1397: sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1398: break;
1399: case STATE_REQ_SENT:
1400: case STATE_ACK_SENT:
1401: sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1402: (cp->scr)(sp);
1403: break;
1404: case STATE_OPENED:
1405: sppp_cp_change_state(cp, sp, STATE_ACK_SENT);
1406: (cp->tld)(sp);
1407: (cp->scr)(sp);
1408: break;
1409: case STATE_ACK_RCVD:
1410: sppp_cp_change_state(cp, sp, STATE_ACK_SENT);
1411: (cp->scr)(sp);
1412: break;
1413: case STATE_CLOSING:
1414: case STATE_STOPPING:
1415: break;
1416: default:
1417: /* printf(SPP_FMT "%s illegal %s in state %s\n",
1418: SPP_ARGS(ifp), cp->name,
1419: sppp_cp_type_name(h->type),
1420: sppp_state_name(sp->state[cp->protoidx])); */
1421: ++ifp->if_ierrors;
1422: }
1423: break;
1424:
1425: case TERM_REQ:
1426: switch (sp->state[cp->protoidx]) {
1427: case STATE_ACK_RCVD:
1428: case STATE_ACK_SENT:
1429: sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1430: /* FALLTHROUGH */
1431: case STATE_CLOSED:
1432: case STATE_STOPPED:
1433: case STATE_CLOSING:
1434: case STATE_STOPPING:
1435: case STATE_REQ_SENT:
1436: sta:
1437: /* Send Terminate-Ack packet. */
1438: if (debug)
1439: log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n",
1440: SPP_ARGS(ifp), cp->name);
1441: sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1442: break;
1443: case STATE_OPENED:
1444: sp->rst_counter[cp->protoidx] = 0;
1445: sppp_cp_change_state(cp, sp, STATE_STOPPING);
1446: (cp->tld)(sp);
1447: goto sta;
1448: break;
1449: default:
1450: /* printf(SPP_FMT "%s illegal %s in state %s\n",
1451: SPP_ARGS(ifp), cp->name,
1452: sppp_cp_type_name(h->type),
1453: sppp_state_name(sp->state[cp->protoidx])); */
1454: ++ifp->if_ierrors;
1455: }
1456: break;
1457: case TERM_ACK:
1458: switch (sp->state[cp->protoidx]) {
1459: case STATE_CLOSED:
1460: case STATE_STOPPED:
1461: case STATE_REQ_SENT:
1462: case STATE_ACK_SENT:
1463: break;
1464: case STATE_CLOSING:
1465: sppp_cp_change_state(cp, sp, STATE_CLOSED);
1466: (cp->tlf)(sp);
1467: break;
1468: case STATE_STOPPING:
1469: sppp_cp_change_state(cp, sp, STATE_STOPPED);
1470: (cp->tlf)(sp);
1471: break;
1472: case STATE_ACK_RCVD:
1473: sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1474: break;
1475: case STATE_OPENED:
1476: sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1477: (cp->tld)(sp);
1478: (cp->scr)(sp);
1479: break;
1480: default:
1481: /* printf(SPP_FMT "%s illegal %s in state %s\n",
1482: SPP_ARGS(ifp), cp->name,
1483: sppp_cp_type_name(h->type),
1484: sppp_state_name(sp->state[cp->protoidx])); */
1485: ++ifp->if_ierrors;
1486: }
1487: break;
1488: case CODE_REJ:
1489: case PROTO_REJ:
1490: /* XXX catastrophic rejects (RXJ-) aren't handled yet. */
1491: log(LOG_INFO,
1492: SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, "
1493: "danger will robinson\n",
1494: SPP_ARGS(ifp), cp->name,
1495: sppp_cp_type_name(h->type), ntohs(*((u_short *)p)));
1496: switch (sp->state[cp->protoidx]) {
1497: case STATE_CLOSED:
1498: case STATE_STOPPED:
1499: case STATE_REQ_SENT:
1500: case STATE_ACK_SENT:
1501: case STATE_CLOSING:
1502: case STATE_STOPPING:
1503: case STATE_OPENED:
1504: break;
1505: case STATE_ACK_RCVD:
1506: sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1507: break;
1508: default:
1509: /* printf(SPP_FMT "%s illegal %s in state %s\n",
1510: SPP_ARGS(ifp), cp->name,
1511: sppp_cp_type_name(h->type),
1512: sppp_state_name(sp->state[cp->protoidx])); */
1513: ++ifp->if_ierrors;
1514: }
1515: break;
1516: case DISC_REQ:
1517: if (cp->proto != PPP_LCP)
1518: goto illegal;
1519: /* Discard the packet. */
1520: break;
1521: case ECHO_REQ:
1522: if (cp->proto != PPP_LCP)
1523: goto illegal;
1524: if (sp->state[cp->protoidx] != STATE_OPENED) {
1525: if (debug)
1526: addlog(SPP_FMT "lcp echo req but lcp closed\n",
1527: SPP_ARGS(ifp));
1528: ++ifp->if_ierrors;
1529: break;
1530: }
1531: if (len < 8) {
1532: if (debug)
1533: addlog(SPP_FMT "invalid lcp echo request "
1534: "packet length: %d bytes\n",
1535: SPP_ARGS(ifp), len);
1536: break;
1537: }
1538:
1539: nmagic = (u_long)p[0] << 24 |
1540: (u_long)p[1] << 16 | p[2] << 8 | p[3];
1541:
1542: if (nmagic == sp->lcp.magic) {
1543: /* Line loopback mode detected. */
1544: printf(SPP_FMT "loopback\n", SPP_ARGS(ifp));
1545: /* Shut down the PPP link. */
1546: lcp.Close(sp);
1547: break;
1548: }
1549:
1550: p[0] = sp->lcp.magic >> 24;
1551: p[1] = sp->lcp.magic >> 16;
1552: p[2] = sp->lcp.magic >> 8;
1553: p[3] = sp->lcp.magic;
1554:
1555: if (debug)
1556: addlog(SPP_FMT "got lcp echo req, sending echo rep\n",
1557: SPP_ARGS(ifp));
1558: sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1);
1559: break;
1560: case ECHO_REPLY:
1561: if (cp->proto != PPP_LCP)
1562: goto illegal;
1563: if (h->ident != sp->lcp.echoid) {
1564: ++ifp->if_ierrors;
1565: break;
1566: }
1567: if (len < 8) {
1568: if (debug)
1569: addlog(SPP_FMT "lcp invalid echo reply "
1570: "packet length: %d bytes\n",
1571: SPP_ARGS(ifp), len);
1572: break;
1573: }
1574: if (debug)
1575: addlog(SPP_FMT "lcp got echo rep\n",
1576: SPP_ARGS(ifp));
1577:
1578: nmagic = (u_long)p[0] << 24 |
1579: (u_long)p[1] << 16 | p[2] << 8 | p[3];
1580:
1581: if (nmagic != sp->lcp.magic)
1582: sp->pp_alivecnt = 0;
1583: break;
1584: default:
1585: /* Unknown packet type -- send Code-Reject packet. */
1586: illegal:
1587: if (debug)
1588: addlog(SPP_FMT "%s send code-rej for 0x%x\n",
1589: SPP_ARGS(ifp), cp->name, h->type);
1590: sppp_cp_send(sp, cp->proto, CODE_REJ, ++sp->pp_seq,
1591: m->m_pkthdr.len, h);
1592: ++ifp->if_ierrors;
1593: }
1594: }
1595:
1596:
1597: /*
1598: * The generic part of all Up/Down/Open/Close/TO event handlers.
1599: * Basically, the state transition handling in the automaton.
1600: */
1601: HIDE void
1602: sppp_up_event(const struct cp *cp, struct sppp *sp)
1603: {
1604: STDDCL;
1605:
1606: if (debug)
1607: log(LOG_DEBUG, SPP_FMT "%s up(%s)\n",
1608: SPP_ARGS(ifp), cp->name,
1609: sppp_state_name(sp->state[cp->protoidx]));
1610:
1611: switch (sp->state[cp->protoidx]) {
1612: case STATE_INITIAL:
1613: sppp_cp_change_state(cp, sp, STATE_CLOSED);
1614: break;
1615: case STATE_STARTING:
1616: sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1617: sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1618: (cp->scr)(sp);
1619: break;
1620: default:
1621: /* printf(SPP_FMT "%s illegal up in state %s\n",
1622: SPP_ARGS(ifp), cp->name,
1623: sppp_state_name(sp->state[cp->protoidx])); */
1624: break;
1625: }
1626: }
1627:
1628: HIDE void
1629: sppp_down_event(const struct cp *cp, struct sppp *sp)
1630: {
1631: STDDCL;
1632:
1633: if (debug)
1634: log(LOG_DEBUG, SPP_FMT "%s down(%s)\n",
1635: SPP_ARGS(ifp), cp->name,
1636: sppp_state_name(sp->state[cp->protoidx]));
1637:
1638: switch (sp->state[cp->protoidx]) {
1639: case STATE_CLOSED:
1640: case STATE_CLOSING:
1641: sppp_cp_change_state(cp, sp, STATE_INITIAL);
1642: break;
1643: case STATE_STOPPED:
1644: sppp_cp_change_state(cp, sp, STATE_STARTING);
1645: (cp->tls)(sp);
1646: break;
1647: case STATE_STOPPING:
1648: case STATE_REQ_SENT:
1649: case STATE_ACK_RCVD:
1650: case STATE_ACK_SENT:
1651: sppp_cp_change_state(cp, sp, STATE_STARTING);
1652: break;
1653: case STATE_OPENED:
1654: sppp_cp_change_state(cp, sp, STATE_STARTING);
1655: (cp->tld)(sp);
1656: break;
1657: default:
1658: /* printf(SPP_FMT "%s illegal down in state %s\n",
1659: SPP_ARGS(ifp), cp->name,
1660: sppp_state_name(sp->state[cp->protoidx])); */
1661: break;
1662: }
1663: }
1664:
1665:
1666: HIDE void
1667: sppp_open_event(const struct cp *cp, struct sppp *sp)
1668: {
1669: STDDCL;
1670:
1671: if (debug)
1672: log(LOG_DEBUG, SPP_FMT "%s open(%s)\n",
1673: SPP_ARGS(ifp), cp->name,
1674: sppp_state_name(sp->state[cp->protoidx]));
1675:
1676: switch (sp->state[cp->protoidx]) {
1677: case STATE_INITIAL:
1678: sppp_cp_change_state(cp, sp, STATE_STARTING);
1679: (cp->tls)(sp);
1680: break;
1681: case STATE_STARTING:
1682: break;
1683: case STATE_CLOSED:
1684: sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1685: sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1686: (cp->scr)(sp);
1687: break;
1688: case STATE_STOPPED:
1689: case STATE_STOPPING:
1690: case STATE_REQ_SENT:
1691: case STATE_ACK_RCVD:
1692: case STATE_ACK_SENT:
1693: case STATE_OPENED:
1694: break;
1695: case STATE_CLOSING:
1696: sppp_cp_change_state(cp, sp, STATE_STOPPING);
1697: break;
1698: }
1699: }
1700:
1701:
1702: HIDE void
1703: sppp_close_event(const struct cp *cp, struct sppp *sp)
1704: {
1705: STDDCL;
1706:
1707: if (debug)
1708: log(LOG_DEBUG, SPP_FMT "%s close(%s)\n",
1709: SPP_ARGS(ifp), cp->name,
1710: sppp_state_name(sp->state[cp->protoidx]));
1711:
1712: switch (sp->state[cp->protoidx]) {
1713: case STATE_INITIAL:
1714: case STATE_CLOSED:
1715: case STATE_CLOSING:
1716: break;
1717: case STATE_STARTING:
1718: sppp_cp_change_state(cp, sp, STATE_INITIAL);
1719: (cp->tlf)(sp);
1720: break;
1721: case STATE_STOPPED:
1722: sppp_cp_change_state(cp, sp, STATE_CLOSED);
1723: break;
1724: case STATE_STOPPING:
1725: sppp_cp_change_state(cp, sp, STATE_CLOSING);
1726: break;
1727: case STATE_OPENED:
1728: sppp_cp_change_state(cp, sp, STATE_CLOSING);
1729: sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate;
1730: sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0);
1731: (cp->tld)(sp);
1732: break;
1733: case STATE_REQ_SENT:
1734: case STATE_ACK_RCVD:
1735: case STATE_ACK_SENT:
1736: sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate;
1737: sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq, 0, 0);
1738: sppp_cp_change_state(cp, sp, STATE_CLOSING);
1739: break;
1740: }
1741: }
1742:
1743: HIDE void
1744: sppp_increasing_timeout (const struct cp *cp, struct sppp *sp)
1745: {
1746: int timo;
1747:
1748: timo = sp->lcp.max_configure - sp->rst_counter[cp->protoidx];
1749: if (timo < 1)
1750: timo = 1;
1751: #if defined(__FreeBSD__) && __FreeBSD__ >= 3
1752: sp->ch[cp->protoidx] =
1753: timeout(cp->TO, (void *)sp, timo * sp->lcp.timeout);
1754: #elif defined(__OpenBSD__)
1755: timeout_set(&sp->ch[cp->protoidx], cp->TO, (void *)sp);
1756: timeout_add(&sp->ch[cp->protoidx], timo * sp->lcp.timeout);
1757: #endif
1758: }
1759:
1760: HIDE void
1761: sppp_to_event(const struct cp *cp, struct sppp *sp)
1762: {
1763: STDDCL;
1764: int s;
1765:
1766: s = splnet();
1767: if (debug)
1768: log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n",
1769: SPP_ARGS(ifp), cp->name,
1770: sppp_state_name(sp->state[cp->protoidx]),
1771: sp->rst_counter[cp->protoidx]);
1772:
1773: if (--sp->rst_counter[cp->protoidx] < 0)
1774: /* TO- event */
1775: switch (sp->state[cp->protoidx]) {
1776: case STATE_CLOSING:
1777: sppp_cp_change_state(cp, sp, STATE_CLOSED);
1778: (cp->tlf)(sp);
1779: break;
1780: case STATE_STOPPING:
1781: sppp_cp_change_state(cp, sp, STATE_STOPPED);
1782: (cp->tlf)(sp);
1783: break;
1784: case STATE_REQ_SENT:
1785: case STATE_ACK_RCVD:
1786: case STATE_ACK_SENT:
1787: sppp_cp_change_state(cp, sp, STATE_STOPPED);
1788: (cp->tlf)(sp);
1789: break;
1790: }
1791: else
1792: /* TO+ event */
1793: switch (sp->state[cp->protoidx]) {
1794: case STATE_CLOSING:
1795: case STATE_STOPPING:
1796: sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->pp_seq,
1797: 0, 0);
1798: sppp_increasing_timeout (cp, sp);
1799: break;
1800: case STATE_REQ_SENT:
1801: case STATE_ACK_RCVD:
1802: /* sppp_cp_change_state() will restart the timer */
1803: sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1804: (cp->scr)(sp);
1805: break;
1806: case STATE_ACK_SENT:
1807: sppp_increasing_timeout (cp, sp);
1808: (cp->scr)(sp);
1809: break;
1810: }
1811:
1812: splx(s);
1813: }
1814:
1815: /*
1816: * Change the state of a control protocol in the state automaton.
1817: * Takes care of starting/stopping the restart timer.
1818: */
1819: void
1820: sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate)
1821: {
1822: STDDCL;
1823:
1824: if (debug && sp->state[cp->protoidx] != newstate)
1825: log(LOG_DEBUG, SPP_FMT "%s %s->%s\n",
1826: SPP_ARGS(ifp), cp->name,
1827: sppp_state_name(sp->state[cp->protoidx]),
1828: sppp_state_name(newstate));
1829: sp->state[cp->protoidx] = newstate;
1830:
1831: switch (newstate) {
1832: case STATE_INITIAL:
1833: case STATE_STARTING:
1834: case STATE_CLOSED:
1835: case STATE_STOPPED:
1836: case STATE_OPENED:
1837: UNTIMEOUT(cp->TO, (void *)sp, sp->ch[cp->protoidx]);
1838: break;
1839: case STATE_CLOSING:
1840: case STATE_STOPPING:
1841: case STATE_REQ_SENT:
1842: case STATE_ACK_RCVD:
1843: case STATE_ACK_SENT:
1844: if (!timeout_pending(&sp->ch[cp->protoidx]))
1845: sppp_increasing_timeout (cp, sp);
1846: break;
1847: }
1848: }
1849:
/*
1850: *--------------------------------------------------------------------------*
1851: * *
1852: * The LCP implementation. *
1853: * *
1854: *--------------------------------------------------------------------------*
1855: */
1856: HIDE void
1857: sppp_lcp_init(struct sppp *sp)
1858: {
1859: sp->lcp.opts = (1 << LCP_OPT_MAGIC);
1860: sp->lcp.magic = 0;
1861: sp->state[IDX_LCP] = STATE_INITIAL;
1862: sp->fail_counter[IDX_LCP] = 0;
1863: sp->lcp.protos = 0;
1864: sp->lcp.mru = sp->lcp.their_mru = PP_MTU;
1865:
1866: /*
1867: * Initialize counters and timeout values. Note that we don't
1868: * use the 3 seconds suggested in RFC 1661 since we are likely
1869: * running on a fast link. XXX We should probably implement
1870: * the exponential backoff option. Note that these values are
1871: * relevant for all control protocols, not just LCP only.
1872: */
1873: sp->lcp.timeout = 1 * hz;
1874: sp->lcp.max_terminate = 2;
1875: sp->lcp.max_configure = 10;
1876: sp->lcp.max_failure = 10;
1877: #if defined (__FreeBSD__)
1878: callout_handle_init(&sp->ch[IDX_LCP]);
1879: #endif
1880: }
1881:
1882: HIDE void
1883: sppp_lcp_up(struct sppp *sp)
1884: {
1885: STDDCL;
1886: struct timeval tv;
1887:
1888: if (sp->pp_flags & PP_CISCO) {
1889: int s = splsoftnet();
1890: sp->pp_if.if_link_state = LINK_STATE_UP;
1891: if_link_state_change(&sp->pp_if);
1892: splx(s);
1893: return;
1894: }
1895:
1896: sp->pp_alivecnt = 0;
1897: sp->lcp.opts = (1 << LCP_OPT_MAGIC);
1898: sp->lcp.magic = 0;
1899: sp->lcp.protos = 0;
1900: sp->lcp.mru = sp->lcp.their_mru = PP_MTU;
1901:
1902: getmicrouptime(&tv);
1903: sp->pp_last_receive = sp->pp_last_activity = tv.tv_sec;
1904:
1905: /*
1906: * If this interface is passive or dial-on-demand, and we are
1907: * still in Initial state, it means we've got an incoming
1908: * call. Activate the interface.
1909: */
1910: if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) {
1911: if (debug)
1912: log(LOG_DEBUG,
1913: SPP_FMT "Up event", SPP_ARGS(ifp));
1914: ifp->if_flags |= IFF_RUNNING;
1915: if (sp->state[IDX_LCP] == STATE_INITIAL) {
1916: if (debug)
1917: addlog("(incoming call)\n");
1918: sp->pp_flags |= PP_CALLIN;
1919: lcp.Open(sp);
1920: } else if (debug)
1921: addlog("\n");
1922: } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 &&
1923: (sp->state[IDX_LCP] == STATE_INITIAL)) {
1924: ifp->if_flags |= IFF_RUNNING;
1925: lcp.Open(sp);
1926: }
1927:
1928: sppp_up_event(&lcp, sp);
1929: }
1930:
1931: HIDE void
1932: sppp_lcp_down(struct sppp *sp)
1933: {
1934: STDDCL;
1935:
1936: if (sp->pp_flags & PP_CISCO) {
1937: int s = splsoftnet();
1938: sp->pp_if.if_link_state = LINK_STATE_DOWN;
1939: if_link_state_change(&sp->pp_if);
1940: splx(s);
1941: return;
1942: }
1943:
1944: sppp_down_event(&lcp, sp);
1945:
1946: /*
1947: * If this is neither a dial-on-demand nor a passive
1948: * interface, simulate an ``ifconfig down'' action, so the
1949: * administrator can force a redial by another ``ifconfig
1950: * up''. XXX For leased line operation, should we immediately
1951: * try to reopen the connection here?
1952: */
1953: if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) {
1954: if (debug)
1955: log(LOG_DEBUG, SPP_FMT "Down event (carrier loss), "
1956: "taking interface down.", SPP_ARGS(ifp));
1957: if_down(ifp);
1958: } else {
1959: if (debug)
1960: log(LOG_DEBUG, SPP_FMT "Down event (carrier loss)\n",
1961: SPP_ARGS(ifp));
1962: }
1963:
1964: if (sp->state[IDX_LCP] != STATE_INITIAL)
1965: lcp.Close(sp);
1966: sp->pp_flags &= ~PP_CALLIN;
1967: ifp->if_flags &= ~IFF_RUNNING;
1968: sppp_flush(ifp);
1969: }
1970:
1971: HIDE void
1972: sppp_lcp_open(struct sppp *sp)
1973: {
1974: /*
1975: * If we are authenticator, negotiate LCP_AUTH
1976: */
1977: if (sp->hisauth.proto != 0)
1978: sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO);
1979: else
1980: sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
1981: sp->pp_flags &= ~PP_NEEDAUTH;
1982: sppp_open_event(&lcp, sp);
1983: }
1984:
1985: HIDE void
1986: sppp_lcp_close(struct sppp *sp)
1987: {
1988: sppp_close_event(&lcp, sp);
1989: }
1990:
1991: HIDE void
1992: sppp_lcp_TO(void *cookie)
1993: {
1994: sppp_to_event(&lcp, (struct sppp *)cookie);
1995: }
1996:
1997: /*
1998: * Analyze a configure request. Return true if it was agreeable, and
1999: * caused action sca, false if it has been rejected or nak'ed, and
2000: * caused action scn. (The return value is used to make the state
2001: * transition decision in the state automaton.)
2002: */
2003: HIDE int
2004: sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
2005: {
2006: STDDCL;
2007: u_char *buf, *r, *p;
2008: int origlen, rlen;
2009: u_long nmagic;
2010: u_short authproto;
2011:
2012: len -= 4;
2013: origlen = len;
2014: buf = r = malloc (len, M_TEMP, M_NOWAIT);
2015: if (! buf)
2016: return (0);
2017:
2018: if (debug)
2019: log(LOG_DEBUG, SPP_FMT "lcp parse opts: ",
2020: SPP_ARGS(ifp));
2021:
2022: /* pass 1: check for things that need to be rejected */
2023: p = (void*) (h+1);
2024: for (rlen = 0; len > 1; len -= p[1], p += p[1]) {
2025: if (p[1] < 2 || p[1] > len) {
2026: free(buf, M_TEMP);
2027: return (-1);
2028: }
2029: if (debug)
2030: addlog("%s ", sppp_lcp_opt_name(*p));
2031: switch (*p) {
2032: case LCP_OPT_MAGIC:
2033: /* Magic number. */
2034: /* FALLTHROUGH, both are same length */
2035: case LCP_OPT_ASYNC_MAP:
2036: /* Async control character map. */
2037: if (len >= 6 && p[1] == 6)
2038: continue;
2039: if (debug)
2040: addlog("[invalid] ");
2041: break;
2042: case LCP_OPT_MRU:
2043: /* Maximum receive unit. */
2044: if (len >= 4 && p[1] == 4)
2045: continue;
2046: if (debug)
2047: addlog("[invalid] ");
2048: break;
2049: case LCP_OPT_AUTH_PROTO:
2050: if (len < 4) {
2051: if (debug)
2052: addlog("[invalid] ");
2053: break;
2054: }
2055: authproto = (p[2] << 8) + p[3];
2056: if (authproto == PPP_CHAP && p[1] != 5) {
2057: if (debug)
2058: addlog("[invalid chap len] ");
2059: break;
2060: }
2061: if (sp->myauth.proto == 0) {
2062: /* we are not configured to do auth */
2063: if (debug)
2064: addlog("[not configured] ");
2065: break;
2066: }
2067: /*
2068: * Remote want us to authenticate, remember this,
2069: * so we stay in PHASE_AUTHENTICATE after LCP got
2070: * up.
2071: */
2072: sp->pp_flags |= PP_NEEDAUTH;
2073: continue;
2074: default:
2075: /* Others not supported. */
2076: if (debug)
2077: addlog("[rej] ");
2078: break;
2079: }
2080: /* Add the option to rejected list. */
2081: bcopy (p, r, p[1]);
2082: r += p[1];
2083: rlen += p[1];
2084: }
2085: if (rlen) {
2086: if (debug)
2087: addlog(" send conf-rej\n");
2088: sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
2089: goto end;
2090: } else if (debug)
2091: addlog("\n");
2092:
2093: /*
2094: * pass 2: check for option values that are unacceptable and
2095: * thus require to be nak'ed.
2096: */
2097: if (debug)
2098: log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ",
2099: SPP_ARGS(ifp));
2100:
2101: p = (void*) (h+1);
2102: len = origlen;
2103: for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2104: if (debug)
2105: addlog("%s ", sppp_lcp_opt_name(*p));
2106: switch (*p) {
2107: case LCP_OPT_MAGIC:
2108: /* Magic number -- extract. */
2109: nmagic = (u_long)p[2] << 24 |
2110: (u_long)p[3] << 16 | p[4] << 8 | p[5];
2111: if (nmagic != sp->lcp.magic) {
2112: if (debug)
2113: addlog("0x%lx ", nmagic);
2114: continue;
2115: }
2116: if (debug)
2117: addlog("[glitch] ");
2118: ++sp->pp_loopcnt;
2119: /*
2120: * We negate our magic here, and NAK it. If
2121: * we see it later in an NAK packet, we
2122: * suggest a new one.
2123: */
2124: nmagic = ~sp->lcp.magic;
2125: /* Gonna NAK it. */
2126: p[2] = nmagic >> 24;
2127: p[3] = nmagic >> 16;
2128: p[4] = nmagic >> 8;
2129: p[5] = nmagic;
2130: break;
2131:
2132: case LCP_OPT_ASYNC_MAP:
2133: /* Async control character map -- check to be zero. */
2134: if (! p[2] && ! p[3] && ! p[4] && ! p[5]) {
2135: if (debug)
2136: addlog("[empty] ");
2137: continue;
2138: }
2139: if (debug)
2140: addlog("[non-empty] ");
2141: /* suggest a zero one */
2142: p[2] = p[3] = p[4] = p[5] = 0;
2143: break;
2144:
2145: case LCP_OPT_MRU:
2146: /*
2147: * Maximum receive unit. Always agreeable,
2148: * but ignored by now.
2149: */
2150: sp->lcp.their_mru = p[2] * 256 + p[3];
2151: if (debug)
2152: addlog("%lu ", sp->lcp.their_mru);
2153: continue;
2154:
2155: case LCP_OPT_AUTH_PROTO:
2156: authproto = (p[2] << 8) + p[3];
2157: if (sp->myauth.proto != authproto) {
2158: /* not agreed, nak */
2159: if (debug)
2160: addlog("[mine %s != his %s] ",
2161: sppp_proto_name(sp->hisauth.proto),
2162: sppp_proto_name(authproto));
2163: p[2] = sp->myauth.proto >> 8;
2164: p[3] = sp->myauth.proto;
2165: break;
2166: }
2167: if (authproto == PPP_CHAP && p[4] != CHAP_MD5) {
2168: if (debug)
2169: addlog("[chap not MD5] ");
2170: p[4] = CHAP_MD5;
2171: break;
2172: }
2173: continue;
2174: }
2175: /* Add the option to nak'ed list. */
2176: bcopy (p, r, p[1]);
2177: r += p[1];
2178: rlen += p[1];
2179: }
2180: if (rlen) {
2181: if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) {
2182: if (debug)
2183: addlog(" max_failure (%d) exceeded, "
2184: "send conf-rej\n",
2185: sp->lcp.max_failure);
2186: sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
2187: } else {
2188: if (debug)
2189: addlog(" send conf-nak\n");
2190: sppp_cp_send(sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf);
2191: }
2192: goto end;
2193: } else {
2194: if (debug)
2195: addlog("send conf-ack\n");
2196: sp->fail_counter[IDX_LCP] = 0;
2197: sp->pp_loopcnt = 0;
2198: sppp_cp_send (sp, PPP_LCP, CONF_ACK,
2199: h->ident, origlen, h+1);
2200: }
2201:
2202: end:
2203: free(buf, M_TEMP);
2204: return (rlen == 0);
2205: }
2206:
2207: /*
2208: * Analyze the LCP Configure-Reject option list, and adjust our
2209: * negotiation.
2210: */
2211: HIDE void
2212: sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
2213: {
2214: STDDCL;
2215: u_char *p;
2216:
2217: len -= 4;
2218:
2219: if (debug)
2220: log(LOG_DEBUG, SPP_FMT "lcp rej opts: ",
2221: SPP_ARGS(ifp));
2222:
2223: p = (void*) (h+1);
2224: for (; len > 1; len -= p[1], p += p[1]) {
2225: if (p[1] < 2 || p[1] > len)
2226: return;
2227: if (debug)
2228: addlog("%s ", sppp_lcp_opt_name(*p));
2229: switch (*p) {
2230: case LCP_OPT_MAGIC:
2231: /* Magic number -- can't use it, use 0 */
2232: sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC);
2233: sp->lcp.magic = 0;
2234: break;
2235: case LCP_OPT_MRU:
2236: /*
2237: * Should not be rejected anyway, since we only
2238: * negotiate a MRU if explicitly requested by
2239: * peer.
2240: */
2241: sp->lcp.opts &= ~(1 << LCP_OPT_MRU);
2242: break;
2243: case LCP_OPT_AUTH_PROTO:
2244: /*
2245: * Peer doesn't want to authenticate himself,
2246: * deny unless this is a dialout call, and
2247: * AUTHFLAG_NOCALLOUT is set.
2248: */
2249: if ((sp->pp_flags & PP_CALLIN) == 0 &&
2250: (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) {
2251: if (debug)
2252: addlog("[don't insist on auth "
2253: "for callout]");
2254: sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
2255: break;
2256: }
2257: if (debug)
2258: addlog("[access denied]\n");
2259: lcp.Close(sp);
2260: break;
2261: }
2262: }
2263: if (debug)
2264: addlog("\n");
2265: }
2266:
2267: /*
2268: * Analyze the LCP Configure-NAK option list, and adjust our
2269: * negotiation.
2270: */
2271: HIDE void
2272: sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
2273: {
2274: STDDCL;
2275: u_char *p;
2276: u_long magic;
2277:
2278: len -= 4;
2279:
2280: if (debug)
2281: log(LOG_DEBUG, SPP_FMT "lcp nak opts: ",
2282: SPP_ARGS(ifp));
2283:
2284: p = (void*) (h+1);
2285: for (; len > 1; len -= p[1], p += p[1]) {
2286: if (p[1] < 2 || p[1] > len)
2287: return;
2288: if (debug)
2289: addlog("%s ", sppp_lcp_opt_name(*p));
2290: switch (*p) {
2291: case LCP_OPT_MAGIC:
2292: /* Magic number -- renegotiate */
2293: if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) &&
2294: len >= 6 && p[1] == 6) {
2295: magic = (u_long)p[2] << 24 |
2296: (u_long)p[3] << 16 | p[4] << 8 | p[5];
2297: /*
2298: * If the remote magic is our negated one,
2299: * this looks like a loopback problem.
2300: * Suggest a new magic to make sure.
2301: */
2302: if (magic == ~sp->lcp.magic) {
2303: if (debug)
2304: addlog("magic glitch ");
2305: sp->lcp.magic = arc4random();
2306: } else {
2307: sp->lcp.magic = magic;
2308: if (debug)
2309: addlog("%lu ", magic);
2310: }
2311: }
2312: break;
2313: case LCP_OPT_MRU:
2314: /*
2315: * Peer wants to advise us to negotiate an MRU.
2316: * Agree on it if it's reasonable, or use
2317: * default otherwise.
2318: */
2319: if (len >= 4 && p[1] == 4) {
2320: u_int mru = p[2] * 256 + p[3];
2321: if (debug)
2322: addlog("%d ", mru);
2323: if (mru < PP_MTU || mru > PP_MAX_MRU)
2324: mru = PP_MTU;
2325: sp->lcp.mru = mru;
2326: sp->lcp.opts |= (1 << LCP_OPT_MRU);
2327: }
2328: break;
2329: case LCP_OPT_AUTH_PROTO:
2330: /*
2331: * Peer doesn't like our authentication method,
2332: * deny.
2333: */
2334: if (debug)
2335: addlog("[access denied]\n");
2336: lcp.Close(sp);
2337: break;
2338: }
2339: }
2340: if (debug)
2341: addlog("\n");
2342: }
2343:
2344: HIDE void
2345: sppp_lcp_tlu(struct sppp *sp)
2346: {
2347: struct ifnet *ifp = &sp->pp_if;
2348: int i;
2349: u_long mask;
2350:
2351: /* XXX ? */
2352: if (! (ifp->if_flags & IFF_UP) &&
2353: (ifp->if_flags & IFF_RUNNING)) {
2354: /* Coming out of loopback mode. */
2355: if_up(ifp);
2356: if (ifp->if_flags & IFF_DEBUG)
2357: log(LOG_INFO, SPP_FMT "up\n", SPP_ARGS(ifp));
2358: }
2359:
2360: for (i = 0; i < IDX_COUNT; i++)
2361: if ((cps[i])->flags & CP_QUAL)
2362: (cps[i])->Open(sp);
2363:
2364: if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 ||
2365: (sp->pp_flags & PP_NEEDAUTH) != 0)
2366: sp->pp_phase = PHASE_AUTHENTICATE;
2367: else
2368: sp->pp_phase = PHASE_NETWORK;
2369:
2370: sppp_set_phase(sp);
2371:
2372: /*
2373: * Open all authentication protocols. This is even required
2374: * if we already proceeded to network phase, since it might be
2375: * that remote wants us to authenticate, so we might have to
2376: * send a PAP request. Undesired authentication protocols
2377: * don't do anything when they get an Open event.
2378: */
2379: for (i = 0; i < IDX_COUNT; i++)
2380: if ((cps[i])->flags & CP_AUTH)
2381: (cps[i])->Open(sp);
2382:
2383: if (sp->pp_phase == PHASE_NETWORK) {
2384: /* Notify all NCPs. */
2385: for (i = 0; i < IDX_COUNT; i++)
2386: if ((cps[i])->flags & CP_NCP)
2387: (cps[i])->Open(sp);
2388: }
2389:
2390: /* Send Up events to all started protos. */
2391: for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2392: if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0)
2393: (cps[i])->Up(sp);
2394:
2395: /* notify low-level driver of state change */
2396: if (sp->pp_chg)
2397: sp->pp_chg(sp, (int)sp->pp_phase);
2398:
2399: if (sp->pp_phase == PHASE_NETWORK)
2400: /* if no NCP is starting, close down */
2401: sppp_lcp_check_and_close(sp);
2402: }
2403:
2404: HIDE void
2405: sppp_lcp_tld(struct sppp *sp)
2406: {
2407: int i;
2408: u_long mask;
2409:
2410: sp->pp_phase = PHASE_TERMINATE;
2411:
2412: sppp_set_phase(sp);
2413:
2414: /*
2415: * Take upper layers down. We send the Down event first and
2416: * the Close second to prevent the upper layers from sending
2417: * ``a flurry of terminate-request packets'', as the RFC
2418: * describes it.
2419: */
2420: for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2421: if (sp->lcp.protos & mask && ((cps[i])->flags & CP_LCP) == 0) {
2422: (cps[i])->Down(sp);
2423: (cps[i])->Close(sp);
2424: }
2425: }
2426:
2427: HIDE void
2428: sppp_lcp_tls(struct sppp *sp)
2429: {
2430: sp->pp_phase = PHASE_ESTABLISH;
2431:
2432: sppp_set_phase(sp);
2433:
2434: /* Notify lower layer if desired. */
2435: if (sp->pp_tls)
2436: (sp->pp_tls)(sp);
2437: }
2438:
2439: HIDE void
2440: sppp_lcp_tlf(struct sppp *sp)
2441: {
2442: sp->pp_phase = PHASE_DEAD;
2443: sppp_set_phase(sp);
2444:
2445: /* Notify lower layer if desired. */
2446: if (sp->pp_tlf)
2447: (sp->pp_tlf)(sp);
2448: }
2449:
2450: HIDE void
2451: sppp_lcp_scr(struct sppp *sp)
2452: {
2453: char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */];
2454: int i = 0;
2455: u_short authproto;
2456:
2457: if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) {
2458: if (! sp->lcp.magic)
2459: #if defined (__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
2460: sp->lcp.magic = arc4random();
2461: #else
2462: sp->lcp.magic = time.tv_sec + time.tv_usec;
2463: #endif
2464: opt[i++] = LCP_OPT_MAGIC;
2465: opt[i++] = 6;
2466: opt[i++] = sp->lcp.magic >> 24;
2467: opt[i++] = sp->lcp.magic >> 16;
2468: opt[i++] = sp->lcp.magic >> 8;
2469: opt[i++] = sp->lcp.magic;
2470: }
2471:
2472: if (sp->lcp.opts & (1 << LCP_OPT_MRU)) {
2473: opt[i++] = LCP_OPT_MRU;
2474: opt[i++] = 4;
2475: opt[i++] = sp->lcp.mru >> 8;
2476: opt[i++] = sp->lcp.mru;
2477: }
2478:
2479: if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) {
2480: authproto = sp->hisauth.proto;
2481: opt[i++] = LCP_OPT_AUTH_PROTO;
2482: opt[i++] = authproto == PPP_CHAP? 5: 4;
2483: opt[i++] = authproto >> 8;
2484: opt[i++] = authproto;
2485: if (authproto == PPP_CHAP)
2486: opt[i++] = CHAP_MD5;
2487: }
2488:
2489: sp->confid[IDX_LCP] = ++sp->pp_seq;
2490: sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt);
2491: }
2492:
2493: /*
2494: * Check the open NCPs, return true if at least one NCP is open.
2495: */
2496: HIDE int
2497: sppp_ncp_check(struct sppp *sp)
2498: {
2499: int i, mask;
2500:
2501: for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2502: if (sp->lcp.protos & mask && (cps[i])->flags & CP_NCP)
2503: return 1;
2504: return 0;
2505: }
2506:
2507: /*
2508: * Re-check the open NCPs and see if we should terminate the link.
2509: * Called by the NCPs during their tlf action handling.
2510: */
2511: HIDE void
2512: sppp_lcp_check_and_close(struct sppp *sp)
2513: {
2514:
2515: if (sp->pp_phase < PHASE_NETWORK)
2516: /* don't bother, we are already going down */
2517: return;
2518:
2519: if (sppp_ncp_check(sp))
2520: return;
2521:
2522: lcp.Close(sp);
2523: }
2524:
/*
2525: *--------------------------------------------------------------------------*
2526: * *
2527: * The IPCP implementation. *
2528: * *
2529: *--------------------------------------------------------------------------*
2530: */
2531:
2532: HIDE void
2533: sppp_ipcp_init(struct sppp *sp)
2534: {
2535: sp->ipcp.opts = 0;
2536: sp->ipcp.flags = 0;
2537: sp->state[IDX_IPCP] = STATE_INITIAL;
2538: sp->fail_counter[IDX_IPCP] = 0;
2539: #if defined (__FreeBSD__)
2540: callout_handle_init(&sp->ch[IDX_IPCP]);
2541: #endif
2542: }
2543:
2544: HIDE void
2545: sppp_ipcp_up(struct sppp *sp)
2546: {
2547: sppp_up_event(&ipcp, sp);
2548: }
2549:
2550: HIDE void
2551: sppp_ipcp_down(struct sppp *sp)
2552: {
2553: sppp_down_event(&ipcp, sp);
2554: }
2555:
2556: HIDE void
2557: sppp_ipcp_open(struct sppp *sp)
2558: {
2559: sppp_open_event(&ipcp, sp);
2560: }
2561:
2562: HIDE void
2563: sppp_ipcp_close(struct sppp *sp)
2564: {
2565: sppp_close_event(&ipcp, sp);
2566: }
2567:
2568: HIDE void
2569: sppp_ipcp_TO(void *cookie)
2570: {
2571: sppp_to_event(&ipcp, (struct sppp *)cookie);
2572: }
2573:
2574: /*
2575: * Analyze a configure request. Return true if it was agreeable, and
2576: * caused action sca, false if it has been rejected or nak'ed, and
2577: * caused action scn. (The return value is used to make the state
2578: * transition decision in the state automaton.)
2579: */
2580: HIDE int
2581: sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
2582: {
2583: u_char *buf, *r, *p;
2584: struct ifnet *ifp = &sp->pp_if;
2585: int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG;
2586: u_int32_t hisaddr, desiredaddr;
2587:
2588: len -= 4;
2589: origlen = len;
2590: /*
2591: * Make sure to allocate a buf that can at least hold a
2592: * conf-nak with an `address' option. We might need it below.
2593: */
2594: buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT);
2595: if (! buf)
2596: return (0);
2597:
2598: /* pass 1: see if we can recognize them */
2599: if (debug)
2600: log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ",
2601: SPP_ARGS(ifp));
2602: p = (void*) (h+1);
2603: for (rlen = 0; len > 1; len -= p[1], p += p[1]) {
2604: if (p[1] < 2 || p[1] > len) {
2605: free(buf, M_TEMP);
2606: return (-1);
2607: }
2608: if (debug)
2609: addlog("%s ", sppp_ipcp_opt_name(*p));
2610: switch (*p) {
2611: #ifdef notyet
2612: case IPCP_OPT_COMPRESSION:
2613: if (len >= 6 && p[1] >= 6) {
2614: /* correctly formed compress option */
2615: continue;
2616: }
2617: if (debug)
2618: addlog("[invalid] ");
2619: break;
2620: #endif
2621: case IPCP_OPT_ADDRESS:
2622: if (len >= 6 && p[1] == 6) {
2623: /* correctly formed address option */
2624: continue;
2625: }
2626: if (debug)
2627: addlog("[invalid] ");
2628: break;
2629: default:
2630: /* Others not supported. */
2631: if (debug)
2632: addlog("[rej] ");
2633: break;
2634: }
2635: /* Add the option to rejected list. */
2636: bcopy (p, r, p[1]);
2637: r += p[1];
2638: rlen += p[1];
2639: }
2640: if (rlen) {
2641: if (debug)
2642: addlog(" send conf-rej\n");
2643: sppp_cp_send(sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf);
2644: goto end;
2645: } else if (debug)
2646: addlog("\n");
2647:
2648: /* pass 2: parse option values */
2649: if (sp->ipcp.flags & IPCP_HISADDR_SEEN)
2650: hisaddr = sp->ipcp.req_hisaddr; /* we already agreed on that */
2651: else
2652: sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */
2653: if (debug)
2654: log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ",
2655: SPP_ARGS(ifp));
2656: p = (void*) (h+1);
2657: len = origlen;
2658: for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2659: if (debug)
2660: addlog(" %s ", sppp_ipcp_opt_name(*p));
2661: switch (*p) {
2662: #ifdef notyet
2663: case IPCP_OPT_COMPRESSION:
2664: continue;
2665: #endif
2666: case IPCP_OPT_ADDRESS:
2667: desiredaddr = p[2] << 24 | p[3] << 16 |
2668: p[4] << 8 | p[5];
2669: if (desiredaddr == hisaddr ||
2670: ((sp->ipcp.flags & IPCP_HISADDR_DYN) &&
2671: desiredaddr != 0)) {
2672: /*
2673: * Peer's address is same as our value,
2674: * or we have set it to 0.0.0.1 to
2675: * indicate that we do not really care,
2676: * this is agreeable. Gonna conf-ack
2677: * it.
2678: */
2679: if (debug)
2680: addlog("%s [ack] ",
2681: sppp_dotted_quad(desiredaddr));
2682: /* record that we've seen it already */
2683: sp->ipcp.flags |= IPCP_HISADDR_SEEN;
2684: sp->ipcp.req_hisaddr = desiredaddr;
2685: hisaddr = desiredaddr;
2686: continue;
2687: }
2688: /*
2689: * The address wasn't agreeable. This is either
2690: * he sent us 0.0.0.0, asking to assign him an
2691: * address, or he send us another address not
2692: * matching our value. Either case, we gonna
2693: * conf-nak it with our value.
2694: */
2695: if (debug) {
2696: if (desiredaddr == 0)
2697: addlog("[addr requested] ");
2698: else
2699: addlog("%s [not agreed] ",
2700: sppp_dotted_quad(desiredaddr));
2701: }
2702:
2703: p[2] = hisaddr >> 24;
2704: p[3] = hisaddr >> 16;
2705: p[4] = hisaddr >> 8;
2706: p[5] = hisaddr;
2707: break;
2708: }
2709: /* Add the option to nak'ed list. */
2710: bcopy (p, r, p[1]);
2711: r += p[1];
2712: rlen += p[1];
2713: }
2714:
2715: /*
2716: * If we are about to conf-ack the request, but haven't seen
2717: * his address so far, gonna conf-nak it instead, with the
2718: * `address' option present and our idea of his address being
2719: * filled in there, to request negotiation of both addresses.
2720: *
2721: * XXX This can result in an endless req - nak loop if peer
2722: * doesn't want to send us his address. Q: What should we do
2723: * about it? XXX A: implement the max-failure counter.
2724: */
2725: if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) {
2726: buf[0] = IPCP_OPT_ADDRESS;
2727: buf[1] = 6;
2728: buf[2] = hisaddr >> 24;
2729: buf[3] = hisaddr >> 16;
2730: buf[4] = hisaddr >> 8;
2731: buf[5] = hisaddr;
2732: rlen = 6;
2733: if (debug)
2734: addlog("still need hisaddr ");
2735: }
2736:
2737: if (rlen) {
2738: if (debug)
2739: addlog(" send conf-nak\n");
2740: sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf);
2741: } else {
2742: if (debug)
2743: addlog(" send conf-ack\n");
2744: sppp_cp_send (sp, PPP_IPCP, CONF_ACK,
2745: h->ident, origlen, h+1);
2746: }
2747:
2748: end:
2749: free(buf, M_TEMP);
2750: return (rlen == 0);
2751: }
2752:
2753: /*
2754: * Analyze the IPCP Configure-Reject option list, and adjust our
2755: * negotiation.
2756: */
2757: HIDE void
2758: sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
2759: {
2760: u_char *p;
2761: struct ifnet *ifp = &sp->pp_if;
2762: int debug = ifp->if_flags & IFF_DEBUG;
2763:
2764: len -= 4;
2765:
2766: if (debug)
2767: log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ",
2768: SPP_ARGS(ifp));
2769:
2770: p = (void*) (h+1);
2771: for (; len > 1; len -= p[1], p += p[1]) {
2772: if (p[1] < 2 || p[1] > len)
2773: return;
2774: if (debug)
2775: addlog("%s ", sppp_ipcp_opt_name(*p));
2776: switch (*p) {
2777: case IPCP_OPT_ADDRESS:
2778: /*
2779: * Peer doesn't grok address option. This is
2780: * bad. XXX Should we better give up here?
2781: */
2782: sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS);
2783: break;
2784: #ifdef notyet
2785: case IPCP_OPT_COMPRESS:
2786: sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS);
2787: break;
2788: #endif
2789: }
2790: }
2791: if (debug)
2792: addlog("\n");
2793: }
2794:
2795: /*
2796: * Analyze the IPCP Configure-NAK option list, and adjust our
2797: * negotiation.
2798: */
2799: HIDE void
2800: sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
2801: {
2802: u_char *p;
2803: struct ifnet *ifp = &sp->pp_if;
2804: int debug = ifp->if_flags & IFF_DEBUG;
2805: u_int32_t wantaddr;
2806:
2807: len -= 4;
2808:
2809: if (debug)
2810: log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ",
2811: SPP_ARGS(ifp));
2812:
2813: p = (void*) (h+1);
2814: for (; len > 1; len -= p[1], p += p[1]) {
2815: if (p[1] < 2 || p[1] > len)
2816: return;
2817: if (debug)
2818: addlog("%s ", sppp_ipcp_opt_name(*p));
2819: switch (*p) {
2820: case IPCP_OPT_ADDRESS:
2821: /*
2822: * Peer doesn't like our local IP address. See
2823: * if we can do something for him. We'll drop
2824: * him our address then.
2825: */
2826: if (len >= 6 && p[1] == 6) {
2827: wantaddr = p[2] << 24 | p[3] << 16 |
2828: p[4] << 8 | p[5];
2829: sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
2830: if (debug)
2831: addlog("[wantaddr %s] ",
2832: sppp_dotted_quad(wantaddr));
2833: /*
2834: * When doing dynamic address assignment,
2835: * we accept his offer. Otherwise, we
2836: * ignore it and thus continue to negotiate
2837: * our already existing value.
2838: */
2839: if (sp->ipcp.flags & IPCP_MYADDR_DYN) {
2840: if (debug)
2841: addlog("[agree] ");
2842: sp->ipcp.flags |= IPCP_MYADDR_SEEN;
2843: sp->ipcp.req_myaddr = wantaddr;
2844: }
2845: }
2846: break;
2847: #ifdef notyet
2848: case IPCP_OPT_COMPRESS:
2849: /*
2850: * Peer wants different compression parameters.
2851: */
2852: break;
2853: #endif
2854: }
2855: }
2856: if (debug)
2857: addlog("\n");
2858: }
2859:
2860: HIDE void
2861: sppp_ipcp_tlu(struct sppp *sp)
2862: {
2863: /* we are up. Set addresses and notify anyone interested */
2864: u_int32_t myaddr, hisaddr;
2865: sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0);
2866: if ((sp->ipcp.flags & IPCP_MYADDR_DYN) &&
2867: (sp->ipcp.flags & IPCP_MYADDR_SEEN))
2868: myaddr = sp->ipcp.req_myaddr;
2869: if ((sp->ipcp.flags & IPCP_HISADDR_DYN) &&
2870: (sp->ipcp.flags & IPCP_HISADDR_SEEN))
2871: hisaddr = sp->ipcp.req_hisaddr;
2872: sppp_set_ip_addrs(sp, myaddr, hisaddr);
2873: }
2874:
2875: HIDE void
2876: sppp_ipcp_tld(struct sppp *sp)
2877: {
2878: }
2879:
2880: HIDE void
2881: sppp_ipcp_tls(struct sppp *sp)
2882: {
2883: STDDCL;
2884: u_int32_t myaddr, hisaddr;
2885:
2886: sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|
2887: IPCP_MYADDR_DYN|IPCP_HISADDR_DYN);
2888: sp->ipcp.req_myaddr = 0;
2889: sp->ipcp.req_hisaddr = 0;
2890:
2891: sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0);
2892: /*
2893: * If we don't have his address, this probably means our
2894: * interface doesn't want to talk IP at all. (This could
2895: * be the case if somebody wants to speak only IPX, for
2896: * example.) Don't open IPCP in this case.
2897: */
2898: if (hisaddr == 0) {
2899: /* XXX this message should go away */
2900: if (debug)
2901: log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n",
2902: SPP_ARGS(ifp));
2903: return;
2904: }
2905:
2906: if (myaddr == 0) {
2907: /*
2908: * I don't have an assigned address, so i need to
2909: * negotiate my address.
2910: */
2911: sp->ipcp.flags |= IPCP_MYADDR_DYN;
2912: sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
2913: }
2914: if (hisaddr == 1) {
2915: /*
2916: * XXX - remove this hack!
2917: * remote has no valid address, we need to get one assigned.
2918: */
2919: sp->ipcp.flags |= IPCP_HISADDR_DYN;
2920: }
2921:
2922: /* indicate to LCP that it must stay alive */
2923: sp->lcp.protos |= (1 << IDX_IPCP);
2924: }
2925:
2926: HIDE void
2927: sppp_ipcp_tlf(struct sppp *sp)
2928: {
2929: if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN))
2930: /* Some address was dynamic, clear it again. */
2931: sppp_clear_ip_addrs(sp);
2932:
2933: /* we no longer need LCP */
2934: sp->lcp.protos &= ~(1 << IDX_IPCP);
2935: sppp_lcp_check_and_close(sp);
2936: }
2937:
2938: HIDE void
2939: sppp_ipcp_scr(struct sppp *sp)
2940: {
2941: char opt[6 /* compression */ + 6 /* address */];
2942: u_int32_t ouraddr;
2943: int i = 0;
2944:
2945: #ifdef notyet
2946: if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) {
2947: opt[i++] = IPCP_OPT_COMPRESSION;
2948: opt[i++] = 6;
2949: opt[i++] = 0; /* VJ header compression */
2950: opt[i++] = 0x2d; /* VJ header compression */
2951: opt[i++] = max_slot_id;
2952: opt[i++] = comp_slot_id;
2953: }
2954: #endif
2955:
2956: if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) {
2957: if (sp->ipcp.flags & IPCP_MYADDR_SEEN)
2958: /* not sure if this can ever happen */
2959: ouraddr = sp->ipcp.req_myaddr;
2960: else
2961: sppp_get_ip_addrs(sp, &ouraddr, 0, 0);
2962: opt[i++] = IPCP_OPT_ADDRESS;
2963: opt[i++] = 6;
2964: opt[i++] = ouraddr >> 24;
2965: opt[i++] = ouraddr >> 16;
2966: opt[i++] = ouraddr >> 8;
2967: opt[i++] = ouraddr;
2968: }
2969:
2970: sp->confid[IDX_IPCP] = ++sp->pp_seq;
2971: sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt);
2972: }
2973:
2974:
2975:
/*
2976: *--------------------------------------------------------------------------*
2977: * *
2978: * The CHAP implementation. *
2979: * *
2980: *--------------------------------------------------------------------------*
2981: */
2982:
2983: /*
2984: * The authentication protocols don't employ a full-fledged state machine as
2985: * the control protocols do, since they do have Open and Close events, but
2986: * not Up and Down, nor are they explicitly terminated. Also, use of the
2987: * authentication protocols may be different in both directions (this makes
2988: * sense, think of a machine that never accepts incoming calls but only
2989: * calls out, it doesn't require the called party to authenticate itself).
2990: *
2991: * Our state machine for the local authentication protocol (we are requesting
2992: * the peer to authenticate) looks like:
2993: *
2994: * RCA-
2995: * +--------------------------------------------+
2996: * V scn,tld|
2997: * +--------+ Close +---------+ RCA+
2998: * | |<----------------------------------| |------+
2999: * +--->| Closed | TO* | Opened | sca |
3000: * | | |-----+ +-------| |<-----+
3001: * | +--------+ irc | | +---------+
3002: * | ^ | | ^
3003: * | | | | |
3004: * | | | | |
3005: * | TO-| | | |
3006: * | |tld TO+ V | |
3007: * | | +------->+ | |
3008: * | | | | | |
3009: * | +--------+ V | |
3010: * | | |<----+<--------------------+ |
3011: * | | Req- | scr |
3012: * | | Sent | |
3013: * | | | |
3014: * | +--------+ |
3015: * | RCA- | | RCA+ |
3016: * +------+ +------------------------------------------+
3017: * scn,tld sca,irc,ict,tlu
3018: *
3019: *
3020: * with:
3021: *
3022: * Open: LCP reached authentication phase
3023: * Close: LCP reached terminate phase
3024: *
3025: * RCA+: received reply (pap-req, chap-response), acceptable
3026: * RCN: received reply (pap-req, chap-response), not acceptable
3027: * TO+: timeout with restart counter >= 0
3028: * TO-: timeout with restart counter < 0
3029: * TO*: reschedule timeout for CHAP
3030: *
3031: * scr: send request packet (none for PAP, chap-challenge)
3032: * sca: send ack packet (pap-ack, chap-success)
3033: * scn: send nak packet (pap-nak, chap-failure)
3034: * ict: initialize re-challenge timer (CHAP only)
3035: *
3036: * tlu: this-layer-up, LCP reaches network phase
3037: * tld: this-layer-down, LCP enters terminate phase
3038: *
3039: * Note that in CHAP mode, after sending a new challenge, while the state
3040: * automaton falls back into Req-Sent state, it doesn't signal a tld
3041: * event to LCP, so LCP remains in network phase. Only after not getting
3042: * any response (or after getting an unacceptable response), CHAP closes,
3043: * causing LCP to enter terminate phase.
3044: *
3045: * With PAP, there is no initial request that can be sent. The peer is
3046: * expected to send one based on the successful negotiation of PAP as
3047: * the authentication protocol during the LCP option negotiation.
3048: *
3049: * Incoming authentication protocol requests (remote requests
3050: * authentication, we are peer) don't employ a state machine at all,
3051: * they are simply answered. Some peers [Ascend P50 firmware rev
3052: * 4.50] react allergically when sending IPCP requests while they are
3053: * still in authentication phase (thereby violating the standard that
3054: * demands that these NCP packets are to be discarded), so we keep
3055: * track of the peer demanding us to authenticate, and only proceed to
3056: * phase network once we've seen a positive acknowledge for the
3057: * authentication.
3058: */
3059:
3060: /*
3061: * Handle incoming CHAP packets.
3062: */
3063: void
3064: sppp_chap_input(struct sppp *sp, struct mbuf *m)
3065: {
3066: STDDCL;
3067: struct lcp_header *h;
3068: int len, x;
3069: u_char *value, *name, digest[AUTHKEYLEN], dsize;
3070: int value_len, name_len;
3071: MD5_CTX ctx;
3072:
3073: len = m->m_pkthdr.len;
3074: if (len < 4) {
3075: if (debug)
3076: log(LOG_DEBUG,
3077: SPP_FMT "chap invalid packet length: %d bytes\n",
3078: SPP_ARGS(ifp), len);
3079: return;
3080: }
3081: h = mtod (m, struct lcp_header*);
3082: if (len > ntohs (h->len))
3083: len = ntohs (h->len);
3084:
3085: switch (h->type) {
3086: /* challenge, failure and success are his authproto */
3087: case CHAP_CHALLENGE:
3088: value = 1 + (u_char*)(h+1);
3089: value_len = value[-1];
3090: name = value + value_len;
3091: name_len = len - value_len - 5;
3092: if (name_len < 0) {
3093: if (debug) {
3094: log(LOG_DEBUG,
3095: SPP_FMT "chap corrupted challenge "
3096: "<%s id=0x%x len=%d",
3097: SPP_ARGS(ifp),
3098: sppp_auth_type_name(PPP_CHAP, h->type),
3099: h->ident, ntohs(h->len));
3100: if (len > 4)
3101: sppp_print_bytes((u_char*) (h+1), len-4);
3102: addlog(">\n");
3103: }
3104: break;
3105: }
3106:
3107: if (debug) {
3108: log(LOG_DEBUG,
3109: SPP_FMT "chap input <%s id=0x%x len=%d name=",
3110: SPP_ARGS(ifp),
3111: sppp_auth_type_name(PPP_CHAP, h->type), h->ident,
3112: ntohs(h->len));
3113: sppp_print_string((char*) name, name_len);
3114: addlog(" value-size=%d value=", value_len);
3115: sppp_print_bytes(value, value_len);
3116: addlog(">\n");
3117: }
3118:
3119: /* Compute reply value. */
3120: MD5Init(&ctx);
3121: MD5Update(&ctx, &h->ident, 1);
3122: MD5Update(&ctx, sp->myauth.secret,
3123: sppp_strnlen(sp->myauth.secret, AUTHKEYLEN));
3124: MD5Update(&ctx, value, value_len);
3125: MD5Final(digest, &ctx);
3126: dsize = sizeof digest;
3127:
3128: sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident,
3129: sizeof dsize, (const char *)&dsize,
3130: sizeof digest, digest,
3131: (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN),
3132: sp->myauth.name,
3133: 0);
3134: break;
3135:
3136: case CHAP_SUCCESS:
3137: if (debug) {
3138: log(LOG_DEBUG, SPP_FMT "chap success",
3139: SPP_ARGS(ifp));
3140: if (len > 4) {
3141: addlog(": ");
3142: sppp_print_string((char*)(h + 1), len - 4);
3143: }
3144: addlog("\n");
3145: }
3146: x = splnet();
3147: sp->pp_flags &= ~PP_NEEDAUTH;
3148: if (sp->myauth.proto == PPP_CHAP &&
3149: (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) &&
3150: (sp->lcp.protos & (1 << IDX_CHAP)) == 0) {
3151: /*
3152: * We are authenticator for CHAP but didn't
3153: * complete yet. Leave it to tlu to proceed
3154: * to network phase.
3155: */
3156: splx(x);
3157: break;
3158: }
3159: splx(x);
3160: sppp_phase_network(sp);
3161: break;
3162:
3163: case CHAP_FAILURE:
3164: if (debug) {
3165: log(LOG_INFO, SPP_FMT "chap failure",
3166: SPP_ARGS(ifp));
3167: if (len > 4) {
3168: addlog(": ");
3169: sppp_print_string((char*)(h + 1), len - 4);
3170: }
3171: addlog("\n");
3172: } else
3173: log(LOG_INFO, SPP_FMT "chap failure\n",
3174: SPP_ARGS(ifp));
3175: /* await LCP shutdown by authenticator */
3176: break;
3177:
3178: /* response is my authproto */
3179: case CHAP_RESPONSE:
3180: value = 1 + (u_char*)(h+1);
3181: value_len = value[-1];
3182: name = value + value_len;
3183: name_len = len - value_len - 5;
3184: if (name_len < 0) {
3185: if (debug) {
3186: log(LOG_DEBUG,
3187: SPP_FMT "chap corrupted response "
3188: "<%s id=0x%x len=%d",
3189: SPP_ARGS(ifp),
3190: sppp_auth_type_name(PPP_CHAP, h->type),
3191: h->ident, ntohs(h->len));
3192: if (len > 4)
3193: sppp_print_bytes((u_char*)(h+1), len-4);
3194: addlog(">\n");
3195: }
3196: break;
3197: }
3198: if (h->ident != sp->confid[IDX_CHAP]) {
3199: if (debug)
3200: log(LOG_DEBUG,
3201: SPP_FMT "chap dropping response for old ID "
3202: "(got %d, expected %d)\n",
3203: SPP_ARGS(ifp),
3204: h->ident, sp->confid[IDX_CHAP]);
3205: break;
3206: }
3207: if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)
3208: || bcmp(name, sp->hisauth.name, name_len) != 0) {
3209: log(LOG_INFO, SPP_FMT "chap response, his name ",
3210: SPP_ARGS(ifp));
3211: sppp_print_string(name, name_len);
3212: addlog(" != expected ");
3213: sppp_print_string(sp->hisauth.name,
3214: sppp_strnlen(sp->hisauth.name, AUTHNAMELEN));
3215: addlog("\n");
3216: }
3217: if (debug) {
3218: log(LOG_DEBUG, SPP_FMT "chap input(%s) "
3219: "<%s id=0x%x len=%d name=",
3220: SPP_ARGS(ifp),
3221: sppp_state_name(sp->state[IDX_CHAP]),
3222: sppp_auth_type_name(PPP_CHAP, h->type),
3223: h->ident, ntohs (h->len));
3224: sppp_print_string((char*)name, name_len);
3225: addlog(" value-size=%d value=", value_len);
3226: sppp_print_bytes(value, value_len);
3227: addlog(">\n");
3228: }
3229: if (value_len != AUTHKEYLEN) {
3230: if (debug)
3231: log(LOG_DEBUG,
3232: SPP_FMT "chap bad hash value length: "
3233: "%d bytes, should be %d\n",
3234: SPP_ARGS(ifp), value_len,
3235: AUTHKEYLEN);
3236: break;
3237: }
3238:
3239: MD5Init(&ctx);
3240: MD5Update(&ctx, &h->ident, 1);
3241: MD5Update(&ctx, sp->hisauth.secret,
3242: sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN));
3243: MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN);
3244: MD5Final(digest, &ctx);
3245:
3246: #define FAILMSG "Failed..."
3247: #define SUCCMSG "Welcome!"
3248:
3249: if (value_len != sizeof digest ||
3250: bcmp(digest, value, value_len) != 0) {
3251: /* action scn, tld */
3252: sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident,
3253: sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
3254: 0);
3255: chap.tld(sp);
3256: break;
3257: }
3258: /* action sca, perhaps tlu */
3259: if (sp->state[IDX_CHAP] == STATE_REQ_SENT ||
3260: sp->state[IDX_CHAP] == STATE_OPENED)
3261: sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident,
3262: sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
3263: 0);
3264: if (sp->state[IDX_CHAP] == STATE_REQ_SENT) {
3265: sppp_cp_change_state(&chap, sp, STATE_OPENED);
3266: chap.tlu(sp);
3267: }
3268: break;
3269:
3270: default:
3271: /* Unknown CHAP packet type -- ignore. */
3272: if (debug) {
3273: log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) "
3274: "<0x%x id=0x%xh len=%d",
3275: SPP_ARGS(ifp),
3276: sppp_state_name(sp->state[IDX_CHAP]),
3277: h->type, h->ident, ntohs(h->len));
3278: if (len > 4)
3279: sppp_print_bytes((u_char*)(h+1), len-4);
3280: addlog(">\n");
3281: }
3282: break;
3283:
3284: }
3285: }
3286:
3287: HIDE void
3288: sppp_chap_init(struct sppp *sp)
3289: {
3290: /* Chap doesn't have STATE_INITIAL at all. */
3291: sp->state[IDX_CHAP] = STATE_CLOSED;
3292: sp->fail_counter[IDX_CHAP] = 0;
3293: #if defined (__FreeBSD__)
3294: callout_handle_init(&sp->ch[IDX_CHAP]);
3295: #endif
3296: }
3297:
3298: HIDE void
3299: sppp_chap_open(struct sppp *sp)
3300: {
3301: if (sp->myauth.proto == PPP_CHAP &&
3302: (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
3303: /* we are authenticator for CHAP, start it */
3304: chap.scr(sp);
3305: sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
3306: sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
3307: }
3308: /* nothing to be done if we are peer, await a challenge */
3309: }
3310:
3311: HIDE void
3312: sppp_chap_close(struct sppp *sp)
3313: {
3314: if (sp->state[IDX_CHAP] != STATE_CLOSED)
3315: sppp_cp_change_state(&chap, sp, STATE_CLOSED);
3316: }
3317:
3318: HIDE void
3319: sppp_chap_TO(void *cookie)
3320: {
3321: struct sppp *sp = (struct sppp *)cookie;
3322: STDDCL;
3323: int s;
3324:
3325: s = splnet();
3326: if (debug)
3327: log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n",
3328: SPP_ARGS(ifp),
3329: sppp_state_name(sp->state[IDX_CHAP]),
3330: sp->rst_counter[IDX_CHAP]);
3331:
3332: if (--sp->rst_counter[IDX_CHAP] < 0)
3333: /* TO- event */
3334: switch (sp->state[IDX_CHAP]) {
3335: case STATE_REQ_SENT:
3336: chap.tld(sp);
3337: sppp_cp_change_state(&chap, sp, STATE_CLOSED);
3338: break;
3339: }
3340: else
3341: /* TO+ (or TO*) event */
3342: switch (sp->state[IDX_CHAP]) {
3343: case STATE_OPENED:
3344: /* TO* event */
3345: sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
3346: /* FALLTHROUGH */
3347: case STATE_REQ_SENT:
3348: chap.scr(sp);
3349: /* sppp_cp_change_state() will restart the timer */
3350: sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
3351: break;
3352: }
3353:
3354: splx(s);
3355: }
3356:
3357: HIDE void
3358: sppp_chap_tlu(struct sppp *sp)
3359: {
3360: STDDCL;
3361: int i = 0, x;
3362:
3363: i = 0;
3364: sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
3365:
3366: /*
3367: * Some broken CHAP implementations (Conware CoNet, firmware
3368: * 4.0.?) don't want to re-authenticate their CHAP once the
3369: * initial challenge-response exchange has taken place.
3370: * Provide for an option to avoid rechallenges.
3371: */
3372: if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) {
3373: /*
3374: * Compute the re-challenge timeout. This will yield
3375: * a number between 300 and 810 seconds.
3376: */
3377: i = 300 + (arc4random() & 0x01fe);
3378:
3379: #if defined (__FreeBSD__)
3380: sp->ch[IDX_CHAP] = timeout(chap.TO, (void *)sp, i * hz);
3381: #elif defined(__OpenBSD__)
3382: timeout_set(&sp->ch[IDX_CHAP], chap.TO, (void *)sp);
3383: timeout_add(&sp->ch[IDX_CHAP], i * hz);
3384: #endif
3385: }
3386:
3387: if (debug) {
3388: log(LOG_DEBUG,
3389: SPP_FMT "chap %s, ",
3390: SPP_ARGS(ifp),
3391: sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu");
3392: if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0)
3393: addlog("next re-challenge in %d seconds\n", i);
3394: else
3395: addlog("re-challenging supressed\n");
3396: }
3397:
3398: x = splnet();
3399: /* indicate to LCP that we need to be closed down */
3400: sp->lcp.protos |= (1 << IDX_CHAP);
3401:
3402: if (sp->pp_flags & PP_NEEDAUTH) {
3403: /*
3404: * Remote is authenticator, but his auth proto didn't
3405: * complete yet. Defer the transition to network
3406: * phase.
3407: */
3408: splx(x);
3409: return;
3410: }
3411: splx(x);
3412:
3413: /*
3414: * If we are already in phase network, we are done here. This
3415: * is the case if this is a dummy tlu event after a re-challenge.
3416: */
3417: if (sp->pp_phase != PHASE_NETWORK)
3418: sppp_phase_network(sp);
3419: }
3420:
3421: HIDE void
3422: sppp_chap_tld(struct sppp *sp)
3423: {
3424: STDDCL;
3425:
3426: if (debug)
3427: log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp));
3428: UNTIMEOUT(chap.TO, (void *)sp, sp->ch[IDX_CHAP]);
3429: sp->lcp.protos &= ~(1 << IDX_CHAP);
3430:
3431: lcp.Close(sp);
3432: }
3433:
3434: HIDE void
3435: sppp_chap_scr(struct sppp *sp)
3436: {
3437: u_int32_t *ch;
3438: u_char clen;
3439:
3440: /* Compute random challenge. */
3441: ch = (u_int32_t *)sp->myauth.challenge;
3442: ch[0] = arc4random();
3443: ch[1] = arc4random();
3444: ch[2] = arc4random();
3445: ch[3] = arc4random();
3446: clen = AUTHKEYLEN;
3447:
3448: sp->confid[IDX_CHAP] = ++sp->pp_seq;
3449:
3450: sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP],
3451: sizeof clen, (const char *)&clen,
3452: (size_t)AUTHKEYLEN, sp->myauth.challenge,
3453: (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN),
3454: sp->myauth.name,
3455: 0);
3456: }
3457:
/*
3458: *--------------------------------------------------------------------------*
3459: * *
3460: * The PAP implementation. *
3461: * *
3462: *--------------------------------------------------------------------------*
3463: */
3464: /*
3465: * For PAP, we need to keep a little state also if we are the peer, not the
3466: * authenticator. This is since we don't get a request to authenticate, but
3467: * have to repeatedly authenticate ourself until we got a response (or the
3468: * retry counter is expired).
3469: */
3470:
3471: /*
3472: * Handle incoming PAP packets. */
3473: HIDE void
3474: sppp_pap_input(struct sppp *sp, struct mbuf *m)
3475: {
3476: STDDCL;
3477: struct lcp_header *h;
3478: int len, x;
3479: u_char *name, *passwd, mlen;
3480: int name_len, passwd_len;
3481:
3482: len = m->m_pkthdr.len;
3483: if (len < 5) {
3484: if (debug)
3485: log(LOG_DEBUG,
3486: SPP_FMT "pap invalid packet length: %d bytes\n",
3487: SPP_ARGS(ifp), len);
3488: return;
3489: }
3490: h = mtod (m, struct lcp_header*);
3491: if (len > ntohs (h->len))
3492: len = ntohs (h->len);
3493: switch (h->type) {
3494: /* PAP request is my authproto */
3495: case PAP_REQ:
3496: name = 1 + (u_char*)(h+1);
3497: name_len = name[-1];
3498: passwd = name + name_len + 1;
3499: if (name_len > len - 6 ||
3500: (passwd_len = passwd[-1]) > len - 6 - name_len) {
3501: if (debug) {
3502: log(LOG_DEBUG, SPP_FMT "pap corrupted input "
3503: "<%s id=0x%x len=%d",
3504: SPP_ARGS(ifp),
3505: sppp_auth_type_name(PPP_PAP, h->type),
3506: h->ident, ntohs(h->len));
3507: if (len > 4)
3508: sppp_print_bytes((u_char*)(h+1), len-4);
3509: addlog(">\n");
3510: }
3511: break;
3512: }
3513: if (debug) {
3514: log(LOG_DEBUG, SPP_FMT "pap input(%s) "
3515: "<%s id=0x%x len=%d name=",
3516: SPP_ARGS(ifp),
3517: sppp_state_name(sp->state[IDX_PAP]),
3518: sppp_auth_type_name(PPP_PAP, h->type),
3519: h->ident, ntohs(h->len));
3520: sppp_print_string((char*)name, name_len);
3521: addlog(" passwd=");
3522: sppp_print_string((char*)passwd, passwd_len);
3523: addlog(">\n");
3524: }
3525: if (name_len > AUTHNAMELEN ||
3526: passwd_len > AUTHKEYLEN ||
3527: bcmp(name, sp->hisauth.name, name_len) != 0 ||
3528: bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) {
3529: /* action scn, tld */
3530: mlen = sizeof(FAILMSG) - 1;
3531: sppp_auth_send(&pap, sp, PAP_NAK, h->ident,
3532: sizeof mlen, (const char *)&mlen,
3533: sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
3534: 0);
3535: pap.tld(sp);
3536: break;
3537: }
3538: /* action sca, perhaps tlu */
3539: if (sp->state[IDX_PAP] == STATE_REQ_SENT ||
3540: sp->state[IDX_PAP] == STATE_OPENED) {
3541: mlen = sizeof(SUCCMSG) - 1;
3542: sppp_auth_send(&pap, sp, PAP_ACK, h->ident,
3543: sizeof mlen, (const char *)&mlen,
3544: sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
3545: 0);
3546: }
3547: if (sp->state[IDX_PAP] == STATE_REQ_SENT) {
3548: sppp_cp_change_state(&pap, sp, STATE_OPENED);
3549: pap.tlu(sp);
3550: }
3551: break;
3552:
3553: /* ack and nak are his authproto */
3554: case PAP_ACK:
3555: UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
3556: if (debug) {
3557: log(LOG_DEBUG, SPP_FMT "pap success",
3558: SPP_ARGS(ifp));
3559: name_len = *((char *)h);
3560: if (len > 5 && name_len) {
3561: addlog(": ");
3562: sppp_print_string((char*)(h+1), name_len);
3563: }
3564: addlog("\n");
3565: }
3566: x = splnet();
3567: sp->pp_flags &= ~PP_NEEDAUTH;
3568: if (sp->myauth.proto == PPP_PAP &&
3569: (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) &&
3570: (sp->lcp.protos & (1 << IDX_PAP)) == 0) {
3571: /*
3572: * We are authenticator for PAP but didn't
3573: * complete yet. Leave it to tlu to proceed
3574: * to network phase.
3575: */
3576: splx(x);
3577: break;
3578: }
3579: splx(x);
3580: sppp_phase_network(sp);
3581: break;
3582:
3583: case PAP_NAK:
3584: UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
3585: if (debug) {
3586: log(LOG_INFO, SPP_FMT "pap failure",
3587: SPP_ARGS(ifp));
3588: name_len = *((char *)h);
3589: if (len > 5 && name_len) {
3590: addlog(": ");
3591: sppp_print_string((char*)(h+1), name_len);
3592: }
3593: addlog("\n");
3594: } else
3595: log(LOG_INFO, SPP_FMT "pap failure\n",
3596: SPP_ARGS(ifp));
3597: /* await LCP shutdown by authenticator */
3598: break;
3599:
3600: default:
3601: /* Unknown PAP packet type -- ignore. */
3602: if (debug) {
3603: log(LOG_DEBUG, SPP_FMT "pap corrupted input "
3604: "<0x%x id=0x%x len=%d",
3605: SPP_ARGS(ifp),
3606: h->type, h->ident, ntohs(h->len));
3607: if (len > 4)
3608: sppp_print_bytes((u_char*)(h+1), len-4);
3609: addlog(">\n");
3610: }
3611: break;
3612:
3613: }
3614: }
3615:
3616: HIDE void
3617: sppp_pap_init(struct sppp *sp)
3618: {
3619: /* PAP doesn't have STATE_INITIAL at all. */
3620: sp->state[IDX_PAP] = STATE_CLOSED;
3621: sp->fail_counter[IDX_PAP] = 0;
3622: #if defined (__FreeBSD__)
3623: callout_handle_init(&sp->ch[IDX_PAP]);
3624: callout_handle_init(&sp->pap_my_to_ch);
3625: #endif
3626: }
3627:
3628: HIDE void
3629: sppp_pap_open(struct sppp *sp)
3630: {
3631: if (sp->hisauth.proto == PPP_PAP &&
3632: (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
3633: /* we are authenticator for PAP, start our timer */
3634: sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
3635: sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
3636: }
3637: if (sp->myauth.proto == PPP_PAP) {
3638: /* we are peer, send a request, and start a timer */
3639: pap.scr(sp);
3640: #if defined (__FreeBSD__)
3641: sp->pap_my_to_ch =
3642: timeout(sppp_pap_my_TO, (void *)sp, sp->lcp.timeout);
3643: #elif defined (__OpenBSD__)
3644: timeout_set(&sp->pap_my_to_ch, sppp_pap_my_TO, (void *)sp);
3645: timeout_add(&sp->pap_my_to_ch, sp->lcp.timeout);
3646: #endif
3647: }
3648: }
3649:
3650: HIDE void
3651: sppp_pap_close(struct sppp *sp)
3652: {
3653: if (sp->state[IDX_PAP] != STATE_CLOSED)
3654: sppp_cp_change_state(&pap, sp, STATE_CLOSED);
3655: }
3656:
3657: /*
3658: * That's the timeout routine if we are authenticator. Since the
3659: * authenticator is basically passive in PAP, we can't do much here.
3660: */
3661: HIDE void
3662: sppp_pap_TO(void *cookie)
3663: {
3664: struct sppp *sp = (struct sppp *)cookie;
3665: STDDCL;
3666: int s;
3667:
3668: s = splnet();
3669: if (debug)
3670: log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n",
3671: SPP_ARGS(ifp),
3672: sppp_state_name(sp->state[IDX_PAP]),
3673: sp->rst_counter[IDX_PAP]);
3674:
3675: if (--sp->rst_counter[IDX_PAP] < 0)
3676: /* TO- event */
3677: switch (sp->state[IDX_PAP]) {
3678: case STATE_REQ_SENT:
3679: pap.tld(sp);
3680: sppp_cp_change_state(&pap, sp, STATE_CLOSED);
3681: break;
3682: }
3683: else
3684: /* TO+ event, not very much we could do */
3685: switch (sp->state[IDX_PAP]) {
3686: case STATE_REQ_SENT:
3687: /* sppp_cp_change_state() will restart the timer */
3688: sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
3689: break;
3690: }
3691:
3692: splx(s);
3693: }
3694:
3695: /*
3696: * That's the timeout handler if we are peer. Since the peer is active,
3697: * we need to retransmit our PAP request since it is apparently lost.
3698: * XXX We should impose a max counter.
3699: */
3700: HIDE void
3701: sppp_pap_my_TO(void *cookie)
3702: {
3703: struct sppp *sp = (struct sppp *)cookie;
3704: STDDCL;
3705:
3706: if (debug)
3707: log(LOG_DEBUG, SPP_FMT "pap peer TO\n",
3708: SPP_ARGS(ifp));
3709:
3710: pap.scr(sp);
3711: }
3712:
3713: HIDE void
3714: sppp_pap_tlu(struct sppp *sp)
3715: {
3716: STDDCL;
3717: int x;
3718:
3719: sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
3720:
3721: if (debug)
3722: log(LOG_DEBUG, SPP_FMT "%s tlu\n",
3723: SPP_ARGS(ifp), pap.name);
3724:
3725: x = splnet();
3726: /* indicate to LCP that we need to be closed down */
3727: sp->lcp.protos |= (1 << IDX_PAP);
3728:
3729: if (sp->pp_flags & PP_NEEDAUTH) {
3730: /*
3731: * Remote is authenticator, but his auth proto didn't
3732: * complete yet. Defer the transition to network
3733: * phase.
3734: */
3735: splx(x);
3736: return;
3737: }
3738: splx(x);
3739: sppp_phase_network(sp);
3740: }
3741:
3742: HIDE void
3743: sppp_pap_tld(struct sppp *sp)
3744: {
3745: STDDCL;
3746:
3747: if (debug)
3748: log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp));
3749: UNTIMEOUT(pap.TO, (void *)sp, sp->ch[IDX_PAP]);
3750: UNTIMEOUT(sppp_pap_my_TO, (void *)sp, sp->pap_my_to_ch);
3751: sp->lcp.protos &= ~(1 << IDX_PAP);
3752:
3753: lcp.Close(sp);
3754: }
3755:
3756: HIDE void
3757: sppp_pap_scr(struct sppp *sp)
3758: {
3759: u_char idlen, pwdlen;
3760:
3761: sp->confid[IDX_PAP] = ++sp->pp_seq;
3762: pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN);
3763: idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN);
3764:
3765: sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP],
3766: sizeof idlen, (const char *)&idlen,
3767: (size_t)idlen, sp->myauth.name,
3768: sizeof pwdlen, (const char *)&pwdlen,
3769: (size_t)pwdlen, sp->myauth.secret,
3770: 0);
3771: }
3772:
/*
3773: * Random miscellaneous functions.
3774: */
3775:
3776: /*
3777: * Send a PAP or CHAP proto packet.
3778: *
3779: * Varadic function, each of the elements for the ellipsis is of type
3780: * ``size_t mlen, const u_char *msg''. Processing will stop iff
3781: * mlen == 0.
3782: */
3783:
3784: HIDE void
3785: sppp_auth_send(const struct cp *cp, struct sppp *sp,
3786: unsigned int type, u_char id, ...)
3787: {
3788: STDDCL;
3789: struct ppp_header *h;
3790: struct lcp_header *lh;
3791: struct mbuf *m;
3792: u_char *p;
3793: int len;
3794: size_t pkthdrlen;
3795: unsigned int mlen;
3796: const char *msg;
3797: va_list ap;
3798:
3799: MGETHDR (m, M_DONTWAIT, MT_DATA);
3800: if (! m)
3801: return;
3802: m->m_pkthdr.rcvif = 0;
3803:
3804: if (sp->pp_flags & PP_NOFRAMING) {
3805: *mtod(m, u_int16_t *) = htons(cp->proto);
3806: pkthdrlen = 2;
3807: lh = (struct lcp_header *)(mtod(m, u_int8_t *) + 2);
3808: } else {
3809: h = mtod (m, struct ppp_header*);
3810: h->address = PPP_ALLSTATIONS; /* broadcast address */
3811: h->control = PPP_UI; /* Unnumbered Info */
3812: h->protocol = htons(cp->proto);
3813: pkthdrlen = PPP_HEADER_LEN;
3814: lh = (struct lcp_header*)(h + 1);
3815: }
3816:
3817: lh->type = type;
3818: lh->ident = id;
3819: p = (u_char*) (lh+1);
3820:
3821: va_start(ap, id);
3822: len = 0;
3823:
3824: while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) {
3825: msg = va_arg(ap, const char *);
3826: len += mlen;
3827: if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) {
3828: va_end(ap);
3829: m_freem(m);
3830: return;
3831: }
3832:
3833: bcopy(msg, p, mlen);
3834: p += mlen;
3835: }
3836: va_end(ap);
3837:
3838: m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len;
3839: lh->len = htons (LCP_HEADER_LEN + len);
3840:
3841: if (debug) {
3842: log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d",
3843: SPP_ARGS(ifp), cp->name,
3844: sppp_auth_type_name(cp->proto, lh->type),
3845: lh->ident, ntohs(lh->len));
3846: if (len)
3847: sppp_print_bytes((u_char*) (lh+1), len);
3848: addlog(">\n");
3849: }
3850: if (IF_QFULL (&sp->pp_cpq)) {
3851: IF_DROP (&sp->pp_fastq);
3852: IF_DROP (&ifp->if_snd);
3853: m_freem (m);
3854: ++ifp->if_oerrors;
3855: m = NULL;
3856: } else
3857: IF_ENQUEUE (&sp->pp_cpq, m);
3858: if (! (ifp->if_flags & IFF_OACTIVE))
3859: (*ifp->if_start) (ifp);
3860: if (m != NULL)
3861: ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes;
3862: }
3863:
3864: /*
3865: * Flush interface queue.
3866: */
3867: HIDE void
3868: sppp_qflush(struct ifqueue *ifq)
3869: {
3870: struct mbuf *m, *n;
3871:
3872: n = ifq->ifq_head;
3873: while ((m = n)) {
3874: n = m->m_act;
3875: m_freem (m);
3876: }
3877: ifq->ifq_head = 0;
3878: ifq->ifq_tail = 0;
3879: ifq->ifq_len = 0;
3880: }
3881:
3882: /*
3883: * Send keepalive packets, every 10 seconds.
3884: */
3885: HIDE void
3886: sppp_keepalive(void *dummy)
3887: {
3888: struct sppp *sp;
3889: int s;
3890: struct timeval tv;
3891:
3892: s = splnet();
3893: getmicrouptime(&tv);
3894: for (sp=spppq; sp; sp=sp->pp_next) {
3895: struct ifnet *ifp = &sp->pp_if;
3896:
3897: /* Keepalive mode disabled or channel down? */
3898: if (! (sp->pp_flags & PP_KEEPALIVE) ||
3899: ! (ifp->if_flags & IFF_RUNNING))
3900: continue;
3901:
3902: /* No keepalive in PPP mode if LCP not opened yet. */
3903: if (! (sp->pp_flags & PP_CISCO) &&
3904: sp->pp_phase < PHASE_AUTHENTICATE)
3905: continue;
3906:
3907: /* No echo reply, but maybe user data passed through? */
3908: if (!(sp->pp_flags & PP_CISCO) &&
3909: (tv.tv_sec - sp->pp_last_receive) < NORECV_TIME) {
3910: sp->pp_alivecnt = 0;
3911: continue;
3912: }
3913:
3914: if (sp->pp_alivecnt >= MAXALIVECNT) {
3915: /* No keepalive packets got. Stop the interface. */
3916: if_down (ifp);
3917: sppp_qflush (&sp->pp_cpq);
3918: if (! (sp->pp_flags & PP_CISCO)) {
3919: printf (SPP_FMT "LCP keepalive timeout\n",
3920: SPP_ARGS(ifp));
3921: sp->pp_alivecnt = 0;
3922:
3923: /* we are down, close all open protocols */
3924: lcp.Close(sp);
3925:
3926: /* And now prepare LCP to reestablish the link, if configured to do so. */
3927: sppp_cp_change_state(&lcp, sp, STATE_STOPPED);
3928:
3929: /* Close connection imediatly, completition of this
3930: * will summon the magic needed to reestablish it. */
3931: sp->pp_tlf(sp);
3932: continue;
3933: }
3934: }
3935: if (sp->pp_alivecnt < MAXALIVECNT)
3936: ++sp->pp_alivecnt;
3937: if (sp->pp_flags & PP_CISCO)
3938: sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, ++sp->pp_seq,
3939: sp->pp_rseq);
3940: else if (sp->pp_phase >= PHASE_AUTHENTICATE) {
3941: unsigned long nmagic = htonl (sp->lcp.magic);
3942: sp->lcp.echoid = ++sp->pp_seq;
3943: sppp_cp_send (sp, PPP_LCP, ECHO_REQ,
3944: sp->lcp.echoid, 4, &nmagic);
3945: }
3946: }
3947: splx(s);
3948: #if defined (__FreeBSD__)
3949: keepalive_ch = timeout(sppp_keepalive, 0, hz * 10);
3950: #endif
3951: #if defined (__OpenBSD__)
3952: timeout_add(&keepalive_ch, hz * 10);
3953: #endif
3954: }
3955:
3956: /*
3957: * Get both IP addresses.
3958: */
3959: HIDE void
3960: sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst,
3961: u_int32_t *srcmask)
3962: {
3963: struct ifnet *ifp = &sp->pp_if;
3964: struct ifaddr *ifa;
3965: struct sockaddr_in *si, *sm = 0;
3966: u_int32_t ssrc, ddst;
3967:
3968: sm = NULL;
3969: ssrc = ddst = 0;
3970: /*
3971: * Pick the first AF_INET address from the list,
3972: * aliases don't make any sense on a p2p link anyway.
3973: */
3974: #if defined (__FreeBSD__)
3975: for (ifa = ifp->if_addrhead.tqh_first, si = 0;
3976: ifa;
3977: ifa = ifa->ifa_link.tqe_next)
3978: #else
3979: si = 0;
3980: TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
3981: #endif
3982: {
3983: if (ifa->ifa_addr->sa_family == AF_INET) {
3984: si = (struct sockaddr_in *)ifa->ifa_addr;
3985: sm = (struct sockaddr_in *)ifa->ifa_netmask;
3986: if (si)
3987: break;
3988: }
3989: }
3990: if (ifa) {
3991: if (si && si->sin_addr.s_addr) {
3992: ssrc = si->sin_addr.s_addr;
3993: if (srcmask)
3994: *srcmask = ntohl(sm->sin_addr.s_addr);
3995: }
3996:
3997: si = (struct sockaddr_in *)ifa->ifa_dstaddr;
3998: if (si && si->sin_addr.s_addr)
3999: ddst = si->sin_addr.s_addr;
4000: }
4001:
4002: if (dst) *dst = ntohl(ddst);
4003: if (src) *src = ntohl(ssrc);
4004: }
4005:
4006: /*
4007: * If an address is 0, leave it the way it is.
4008: */
4009: HIDE void
4010: sppp_set_ip_addrs(struct sppp *sp, u_int32_t myaddr, u_int32_t hisaddr)
4011: {
4012: STDDCL;
4013: struct ifaddr *ifa;
4014: struct sockaddr_in *si;
4015: struct sockaddr_in *dest;
4016:
4017: /*
4018: * Pick the first AF_INET address from the list,
4019: * aliases don't make any sense on a p2p link anyway.
4020: */
4021:
4022: #if defined (__FreeBSD__)
4023: for (ifa = ifp->if_addrhead.tqh_first, si = 0;
4024: ifa;
4025: ifa = ifa->ifa_link.tqe_next)
4026: #else
4027: si = 0;
4028: TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
4029: #endif
4030: {
4031: if (ifa->ifa_addr->sa_family == AF_INET)
4032: {
4033: si = (struct sockaddr_in *)ifa->ifa_addr;
4034: dest = (struct sockaddr_in *)ifa->ifa_dstaddr;
4035: if (si)
4036: break;
4037: }
4038: }
4039:
4040: if (ifa && si) {
4041: int error;
4042: struct sockaddr_in new_sin = *si;
4043: struct sockaddr_in new_dst = *dest;
4044:
4045: /*
4046: * Scrub old routes now instead of calling in_ifinit with
4047: * scrub=1, because we may change the dstaddr
4048: * before the call to in_ifinit.
4049: */
4050: in_ifscrub(ifp, ifatoia(ifa));
4051:
4052: if (myaddr != 0)
4053: new_sin.sin_addr.s_addr = htonl(myaddr);
4054: if (hisaddr != 0) {
4055: new_dst.sin_addr.s_addr = htonl(hisaddr);
4056: if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) {
4057: sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr;
4058: *dest = new_dst; /* fix dstaddr in place */
4059: }
4060: }
4061: if (!(error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 0)))
4062: dohooks(ifp->if_addrhooks, 0);
4063: if (debug && error) {
4064: log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addrs: in_ifinit "
4065: " failed, error=%d\n", SPP_ARGS(ifp), error);
4066: }
4067: }
4068: }
4069:
4070: /*
4071: * Clear IP addresses. Must be called at splnet.
4072: */
4073: HIDE void
4074: sppp_clear_ip_addrs(struct sppp *sp)
4075: {
4076: struct ifnet *ifp = &sp->pp_if;
4077: struct ifaddr *ifa;
4078: struct sockaddr_in *si;
4079: struct sockaddr_in *dest;
4080:
4081: u_int32_t remote;
4082: if (sp->ipcp.flags & IPCP_HISADDR_DYN)
4083: remote = sp->ipcp.saved_hisaddr;
4084: else
4085: sppp_get_ip_addrs(sp, 0, &remote, 0);
4086:
4087: /*
4088: * Pick the first AF_INET address from the list,
4089: * aliases don't make any sense on a p2p link anyway.
4090: */
4091:
4092: si = 0;
4093: TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
4094: if (ifa->ifa_addr->sa_family == AF_INET) {
4095: si = (struct sockaddr_in *)ifa->ifa_addr;
4096: dest = (struct sockaddr_in *)ifa->ifa_dstaddr;
4097: if (si)
4098: break;
4099: }
4100: }
4101:
4102: if (ifa && si) {
4103: struct sockaddr_in new_sin = *si;
4104:
4105: in_ifscrub(ifp, ifatoia(ifa));
4106: if (sp->ipcp.flags & IPCP_MYADDR_DYN)
4107: new_sin.sin_addr.s_addr = 0;
4108: if (sp->ipcp.flags & IPCP_HISADDR_DYN)
4109: /* replace peer addr in place */
4110: dest->sin_addr.s_addr = sp->ipcp.saved_hisaddr;
4111: if (!in_ifinit(ifp, ifatoia(ifa), &new_sin, 0))
4112: dohooks(ifp->if_addrhooks, 0);
4113: }
4114: }
4115:
4116: HIDE int
4117: sppp_params(struct sppp *sp, u_long cmd, void *data)
4118: {
4119: struct ifreq *ifr = (struct ifreq *)data;
4120: struct spppreq spr;
4121:
4122: if (copyin((caddr_t)ifr->ifr_data, &spr, sizeof spr) != 0)
4123: return EFAULT;
4124:
4125: switch (spr.cmd) {
4126: case (int)SPPPIOGDEFS:
4127: if (cmd != SIOCGIFGENERIC)
4128: return EINVAL;
4129: /*
4130: * We copy over the entire current state, but clean
4131: * out some of the stuff we don't wanna pass up.
4132: * Remember, SIOCGIFGENERIC is unprotected, and can be
4133: * called by any user. No need to ever get PAP or
4134: * CHAP secrets back to userland anyway.
4135: */
4136: bcopy(sp, &spr.defs, sizeof(struct sppp));
4137: bzero(spr.defs.myauth.secret, AUTHKEYLEN);
4138: bzero(spr.defs.myauth.challenge, AUTHKEYLEN);
4139: bzero(spr.defs.hisauth.secret, AUTHKEYLEN);
4140: bzero(spr.defs.hisauth.challenge, AUTHKEYLEN);
4141: return copyout(&spr, (caddr_t)ifr->ifr_data, sizeof spr);
4142:
4143: case (int)SPPPIOSDEFS:
4144: if (cmd != SIOCSIFGENERIC)
4145: return EINVAL;
4146: /*
4147: * We have a very specific idea of which fields we allow
4148: * being passed back from userland, so to not clobber our
4149: * current state. For one, we only allow setting
4150: * anything if LCP is in dead phase. Once the LCP
4151: * negotiations started, the authentication settings must
4152: * not be changed again. (The administrator can force an
4153: * ifconfig down in order to get LCP back into dead
4154: * phase.)
4155: *
4156: * Also, we only allow for authentication parameters to be
4157: * specified.
4158: *
4159: * XXX Should allow to set or clear pp_flags.
4160: *
4161: * Finally, if the respective authentication protocol to
4162: * be used is set differently than 0, but the secret is
4163: * passed as all zeros, we don't trash the existing secret.
4164: * This allows an administrator to change the system name
4165: * only without clobbering the secret (which he didn't get
4166: * back in a previous SPPPIOGDEFS call). However, the
4167: * secrets are cleared if the authentication protocol is
4168: * reset to 0.
4169: */
4170: if (sp->pp_phase != PHASE_DEAD)
4171: return EBUSY;
4172:
4173: if ((spr.defs.myauth.proto != 0 && spr.defs.myauth.proto != PPP_PAP &&
4174: spr.defs.myauth.proto != PPP_CHAP) ||
4175: (spr.defs.hisauth.proto != 0 && spr.defs.hisauth.proto != PPP_PAP &&
4176: spr.defs.hisauth.proto != PPP_CHAP))
4177: return EINVAL;
4178:
4179: if (spr.defs.myauth.proto == 0)
4180: /* resetting myauth */
4181: bzero(&sp->myauth, sizeof sp->myauth);
4182: else {
4183: /* setting/changing myauth */
4184: sp->myauth.proto = spr.defs.myauth.proto;
4185: bcopy(spr.defs.myauth.name, sp->myauth.name, AUTHNAMELEN);
4186: if (spr.defs.myauth.secret[0] != '\0')
4187: bcopy(spr.defs.myauth.secret, sp->myauth.secret,
4188: AUTHKEYLEN);
4189: }
4190: if (spr.defs.hisauth.proto == 0)
4191: /* resetting hisauth */
4192: bzero(&sp->hisauth, sizeof sp->hisauth);
4193: else {
4194: /* setting/changing hisauth */
4195: sp->hisauth.proto = spr.defs.hisauth.proto;
4196: sp->hisauth.flags = spr.defs.hisauth.flags;
4197: bcopy(spr.defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN);
4198: if (spr.defs.hisauth.secret[0] != '\0')
4199: bcopy(spr.defs.hisauth.secret, sp->hisauth.secret,
4200: AUTHKEYLEN);
4201: }
4202: break;
4203:
4204: default:
4205: return EINVAL;
4206: }
4207:
4208: return 0;
4209: }
4210:
4211: HIDE void
4212: sppp_phase_network(struct sppp *sp)
4213: {
4214: int i;
4215: u_long mask;
4216:
4217: sp->pp_phase = PHASE_NETWORK;
4218:
4219: sppp_set_phase(sp);
4220:
4221: /* Notify NCPs now. */
4222: for (i = 0; i < IDX_COUNT; i++)
4223: if ((cps[i])->flags & CP_NCP)
4224: (cps[i])->Open(sp);
4225:
4226: /* Send Up events to all NCPs. */
4227: for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
4228: if (sp->lcp.protos & mask && ((cps[i])->flags & CP_NCP))
4229: (cps[i])->Up(sp);
4230:
4231: /* if no NCP is starting, all this was in vain, close down */
4232: sppp_lcp_check_and_close(sp);
4233: }
4234:
4235:
4236: HIDE const char *
4237: sppp_cp_type_name(u_char type)
4238: {
4239: static char buf[12];
4240: switch (type) {
4241: case CONF_REQ: return "conf-req";
4242: case CONF_ACK: return "conf-ack";
4243: case CONF_NAK: return "conf-nak";
4244: case CONF_REJ: return "conf-rej";
4245: case TERM_REQ: return "term-req";
4246: case TERM_ACK: return "term-ack";
4247: case CODE_REJ: return "code-rej";
4248: case PROTO_REJ: return "proto-rej";
4249: case ECHO_REQ: return "echo-req";
4250: case ECHO_REPLY: return "echo-reply";
4251: case DISC_REQ: return "discard-req";
4252: }
4253: snprintf (buf, sizeof buf, "0x%x", type);
4254: return buf;
4255: }
4256:
4257: HIDE const char *
4258: sppp_auth_type_name(u_short proto, u_char type)
4259: {
4260: static char buf[12];
4261: switch (proto) {
4262: case PPP_CHAP:
4263: switch (type) {
4264: case CHAP_CHALLENGE: return "challenge";
4265: case CHAP_RESPONSE: return "response";
4266: case CHAP_SUCCESS: return "success";
4267: case CHAP_FAILURE: return "failure";
4268: }
4269: case PPP_PAP:
4270: switch (type) {
4271: case PAP_REQ: return "req";
4272: case PAP_ACK: return "ack";
4273: case PAP_NAK: return "nak";
4274: }
4275: }
4276: snprintf (buf, sizeof buf, "0x%x", type);
4277: return buf;
4278: }
4279:
4280: HIDE const char *
4281: sppp_lcp_opt_name(u_char opt)
4282: {
4283: static char buf[12];
4284: switch (opt) {
4285: case LCP_OPT_MRU: return "mru";
4286: case LCP_OPT_ASYNC_MAP: return "async-map";
4287: case LCP_OPT_AUTH_PROTO: return "auth-proto";
4288: case LCP_OPT_QUAL_PROTO: return "qual-proto";
4289: case LCP_OPT_MAGIC: return "magic";
4290: case LCP_OPT_PROTO_COMP: return "proto-comp";
4291: case LCP_OPT_ADDR_COMP: return "addr-comp";
4292: }
4293: snprintf (buf, sizeof buf, "0x%x", opt);
4294: return buf;
4295: }
4296:
4297: HIDE const char *
4298: sppp_ipcp_opt_name(u_char opt)
4299: {
4300: static char buf[12];
4301: switch (opt) {
4302: case IPCP_OPT_ADDRESSES: return "addresses";
4303: case IPCP_OPT_COMPRESSION: return "compression";
4304: case IPCP_OPT_ADDRESS: return "address";
4305: }
4306: snprintf (buf, sizeof buf, "0x%x", opt);
4307: return buf;
4308: }
4309:
4310: HIDE const char *
4311: sppp_state_name(int state)
4312: {
4313: switch (state) {
4314: case STATE_INITIAL: return "initial";
4315: case STATE_STARTING: return "starting";
4316: case STATE_CLOSED: return "closed";
4317: case STATE_STOPPED: return "stopped";
4318: case STATE_CLOSING: return "closing";
4319: case STATE_STOPPING: return "stopping";
4320: case STATE_REQ_SENT: return "req-sent";
4321: case STATE_ACK_RCVD: return "ack-rcvd";
4322: case STATE_ACK_SENT: return "ack-sent";
4323: case STATE_OPENED: return "opened";
4324: }
4325: return "illegal";
4326: }
4327:
4328: HIDE const char *
4329: sppp_phase_name(enum ppp_phase phase)
4330: {
4331: switch (phase) {
4332: case PHASE_DEAD: return "dead";
4333: case PHASE_ESTABLISH: return "establish";
4334: case PHASE_TERMINATE: return "terminate";
4335: case PHASE_AUTHENTICATE: return "authenticate";
4336: case PHASE_NETWORK: return "network";
4337: }
4338: return "illegal";
4339: }
4340:
4341: HIDE const char *
4342: sppp_proto_name(u_short proto)
4343: {
4344: static char buf[12];
4345: switch (proto) {
4346: case PPP_LCP: return "lcp";
4347: case PPP_IPCP: return "ipcp";
4348: case PPP_PAP: return "pap";
4349: case PPP_CHAP: return "chap";
4350: }
4351: snprintf(buf, sizeof buf, "0x%x", (unsigned)proto);
4352: return buf;
4353: }
4354:
4355: HIDE void
4356: sppp_print_bytes(const u_char *p, u_short len)
4357: {
4358: addlog(" %02x", *p++);
4359: while (--len > 0)
4360: addlog("-%02x", *p++);
4361: }
4362:
4363: HIDE void
4364: sppp_print_string(const char *p, u_short len)
4365: {
4366: u_char c;
4367:
4368: while (len-- > 0) {
4369: c = *p++;
4370: /*
4371: * Print only ASCII chars directly. RFC 1994 recommends
4372: * using only them, but we don't rely on it. */
4373: if (c < ' ' || c > '~')
4374: addlog("\\x%x", c);
4375: else
4376: addlog("%c", c);
4377: }
4378: }
4379:
4380: HIDE const char *
4381: sppp_dotted_quad(u_int32_t addr)
4382: {
4383: static char s[16];
4384: snprintf(s, sizeof s, "%d.%d.%d.%d",
4385: (int)((addr >> 24) & 0xff),
4386: (int)((addr >> 16) & 0xff),
4387: (int)((addr >> 8) & 0xff),
4388: (int)(addr & 0xff));
4389: return s;
4390: }
4391:
4392: HIDE int
4393: sppp_strnlen(u_char *p, int max)
4394: {
4395: int len;
4396:
4397: for (len = 0; len < max && *p; ++p)
4398: ++len;
4399: return len;
4400: }
4401:
4402: /* a dummy, used to drop uninteresting events */
4403: HIDE void
4404: sppp_null(struct sppp *unused)
4405: {
4406: /* do just nothing */
4407: }
4408: /*
4409: * This file is large. Tell emacs to highlight it nevertheless.
4410: *
4411: * Local Variables:
4412: * hilit-auto-highlight-maxout: 120000
4413: * End:
4414: */
4415:
4416: HIDE void
4417: sppp_set_phase(struct sppp *sp)
4418: {
4419: STDDCL;
4420: int lstate, s;
4421:
4422: if (debug)
4423: log(LOG_INFO, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
4424: sppp_phase_name(sp->pp_phase));
4425:
4426: /* set link state */
4427: if (sp->pp_phase == PHASE_NETWORK)
4428: lstate = LINK_STATE_UP;
4429: else
4430: lstate = LINK_STATE_DOWN;
4431:
4432: if (ifp->if_link_state != lstate) {
4433: ifp->if_link_state = lstate;
4434: s = splsoftnet();
4435: if_link_state_change(ifp);
4436: splx(s);
4437: }
4438: }