NetBSD/sys/net/if_spppsubr.c
christos c52ff7f9d5 Fixes from David Boggs; in his words:
/sys/net/if_spppvar.h says:

	"Lower layer drivers that are always ready to communicate
	(like hardware HDLC) can shortcut pp_up from pp_tls,
	and pp_down from pp_tlf."

	When I follow those instructions, I get a kernel stack
	overflow as soon as I open the HDLC device.

	Here is the loop:
	 sppp_ioctl calls sppp_lcp_open
	 sppp_lcp_open calls sppp_open_event
	 sppp_open_event calls sppp_lcp_tls
	 sppp_lcp_tls calls pp_tls
	 pp_tls is the SHORTCUT to sppp_lcp_up
	 sppp_lcp_up calls spp_lcp_open
	 ...and around we go until the stack overflows.

	The fix is to reverse the order of the action (tls)
	and the state change (from INITIAL to STARTING) in
	sppp_open_event.

	There is a similar loop during closing:
	 sppp_ioctl calls sppp_lcp_close
	 sppp_lcp_close calls sppp_close_event
	 spp_close_event calls sppp_lcp_tlf
	 sppp_lcp_tlf calls pp_tlf
	 pp_tlf is the SHORTCUT to sppp_lcp_down
	 sppp_lcp_down calls sppp_lcp_close
	 ...and around we go until the stack overflows.

	The fix is to reverse the order of the action (tlf)
	and the state change (from STARTING to INITIAL) in
	sppp_close_event.

	Separately, while I was discovering this, I noticed
	that pp_tlf was being called unconditionally rather
	than first checking to see if it is NULL.  pp_tlf
	is a callout from sppp to the hdlc device driver.
	Elsewhere in sppp, this is always checked for NULL
	before calling it, and the comments in if_spppvar.h
	imply that filling it in is optional.

	From spppvar.h:
	"These functions need to be filled in by the lower layer
	(hardware) drivers if they request notification from the
	PPP layer whether the link is actually required."
	This clearly says that pp_tlf and pp_tls are optional
	and so sppp must check before calling them.
2006-05-21 05:09:13 +00:00

5453 lines
133 KiB
C

/* $NetBSD: if_spppsubr.c,v 1.91 2006/05/21 05:09:13 christos Exp $ */
/*
* Synchronous PPP/Cisco link level subroutines.
* Keepalive protocol implemented in both Cisco and PPP modes.
*
* Copyright (C) 1994-1996 Cronyx Engineering Ltd.
* Author: Serge Vakulenko, <vak@cronyx.ru>
*
* Heavily revamped to conform to RFC 1661.
* Copyright (C) 1997, Joerg Wunsch.
*
* RFC2472 IPv6CP support.
* Copyright (C) 2000, Jun-ichiro itojun Hagino <itojun@iijlab.net>.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997
*
* From: if_spppsubr.c,v 1.39 1998/04/04 13:26:03 phk Exp
*
* From: Id: if_spppsubr.c,v 1.23 1999/02/23 14:47:50 hm Exp
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.91 2006/05/21 05:09:13 christos Exp $");
#include "opt_inet.h"
#include "opt_ipx.h"
#include "opt_iso.h"
#include "opt_ns.h"
#include "opt_pfil_hooks.h"
#include <sys/param.h>
#include <sys/proc.h>
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/sockio.h>
#include <sys/socket.h>
#include <sys/syslog.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/callout.h>
#include <sys/md5.h>
#include <sys/inttypes.h>
#include <sys/kauth.h>
#include <net/if.h>
#include <net/netisr.h>
#include <net/if_types.h>
#include <net/route.h>
#include <net/ppp_defs.h>
#include <machine/stdarg.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/in_var.h>
#ifdef INET
#include <netinet/ip.h>
#include <netinet/tcp.h>
#endif
#include <net/ethertypes.h>
#ifdef INET6
#include <netinet6/scope6_var.h>
#endif
#ifdef IPX
#include <netipx/ipx.h>
#include <netipx/ipx_if.h>
#endif
#ifdef NS
#include <netns/ns.h>
#include <netns/ns_if.h>
#endif
#ifdef ISO
#include <netiso/argo_debug.h>
#include <netiso/iso.h>
#include <netiso/iso_var.h>
#include <netiso/iso_snpac.h>
#endif
#include <net/if_sppp.h>
#include <net/if_spppvar.h>
#define LCP_KEEPALIVE_INTERVAL 10 /* seconds between checks */
#define LOOPALIVECNT 3 /* loopback detection tries */
#define DEFAULT_MAXALIVECNT 3 /* max. missed alive packets */
#define DEFAULT_NORECV_TIME 15 /* before we get worried */
#define DEFAULT_MAX_AUTH_FAILURES 5 /* max. auth. failures */
/*
* Interface flags that can be set in an ifconfig command.
*
* Setting link0 will make the link passive, i.e. it will be marked
* as being administrative openable, but won't be opened to begin
* with. Incoming calls will be answered, or subsequent calls with
* -link1 will cause the administrative open of the LCP layer.
*
* Setting link1 will cause the link to auto-dial only as packets
* arrive to be sent.
*
* Setting IFF_DEBUG will syslog the option negotiation and state
* transitions at level kern.debug. Note: all logs consistently look
* like
*
* <if-name><unit>: <proto-name> <additional info...>
*
* with <if-name><unit> being something like "bppp0", and <proto-name>
* being one of "lcp", "ipcp", "cisco", "chap", "pap", etc.
*/
#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */
#define IFF_AUTO IFF_LINK1 /* auto-dial on output */
#define CONF_REQ 1 /* PPP configure request */
#define CONF_ACK 2 /* PPP configure acknowledge */
#define CONF_NAK 3 /* PPP configure negative ack */
#define CONF_REJ 4 /* PPP configure reject */
#define TERM_REQ 5 /* PPP terminate request */
#define TERM_ACK 6 /* PPP terminate acknowledge */
#define CODE_REJ 7 /* PPP code reject */
#define PROTO_REJ 8 /* PPP protocol reject */
#define ECHO_REQ 9 /* PPP echo request */
#define ECHO_REPLY 10 /* PPP echo reply */
#define DISC_REQ 11 /* PPP discard request */
#define LCP_OPT_MRU 1 /* maximum receive unit */
#define LCP_OPT_ASYNC_MAP 2 /* async control character map */
#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */
#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */
#define LCP_OPT_MAGIC 5 /* magic number */
#define LCP_OPT_RESERVED 6 /* reserved */
#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */
#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */
#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */
#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol */
#define IPCP_OPT_ADDRESS 3 /* local IP address */
#define IPCP_OPT_PRIMDNS 129 /* primary remote dns address */
#define IPCP_OPT_SECDNS 131 /* secondary remote dns address */
#define IPV6CP_OPT_IFID 1 /* interface identifier */
#define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */
#define PAP_REQ 1 /* PAP name/password request */
#define PAP_ACK 2 /* PAP acknowledge */
#define PAP_NAK 3 /* PAP fail */
#define CHAP_CHALLENGE 1 /* CHAP challenge request */
#define CHAP_RESPONSE 2 /* CHAP challenge response */
#define CHAP_SUCCESS 3 /* CHAP response ok */
#define CHAP_FAILURE 4 /* CHAP response failed */
#define CHAP_MD5 5 /* hash algorithm - MD5 */
#define CISCO_MULTICAST 0x8f /* Cisco multicast address */
#define CISCO_UNICAST 0x0f /* Cisco unicast address */
#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */
#define CISCO_ADDR_REQ 0 /* Cisco address request */
#define CISCO_ADDR_REPLY 1 /* Cisco address reply */
#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */
/* states are named and numbered according to RFC 1661 */
#define STATE_INITIAL 0
#define STATE_STARTING 1
#define STATE_CLOSED 2
#define STATE_STOPPED 3
#define STATE_CLOSING 4
#define STATE_STOPPING 5
#define STATE_REQ_SENT 6
#define STATE_ACK_RCVD 7
#define STATE_ACK_SENT 8
#define STATE_OPENED 9
struct ppp_header {
u_int8_t address;
u_int8_t control;
u_int16_t protocol;
} __attribute__((__packed__));
#define PPP_HEADER_LEN sizeof (struct ppp_header)
struct lcp_header {
u_int8_t type;
u_int8_t ident;
u_int16_t len;
} __attribute__((__packed__));
#define LCP_HEADER_LEN sizeof (struct lcp_header)
struct cisco_packet {
u_int32_t type;
u_int32_t par1;
u_int32_t par2;
u_int16_t rel;
u_int16_t time0;
u_int16_t time1;
} __attribute__((__packed__));
#define CISCO_PACKET_LEN 18
/*
* We follow the spelling and capitalization of RFC 1661 here, to make
* it easier comparing with the standard. Please refer to this RFC in
* case you can't make sense out of these abbreviation; it will also
* explain the semantics related to the various events and actions.
*/
struct cp {
u_short proto; /* PPP control protocol number */
u_char protoidx; /* index into state table in struct sppp */
u_char flags;
#define CP_LCP 0x01 /* this is the LCP */
#define CP_AUTH 0x02 /* this is an authentication protocol */
#define CP_NCP 0x04 /* this is a NCP */
#define CP_QUAL 0x08 /* this is a quality reporting protocol */
const char *name; /* name of this control protocol */
/* event handlers */
void (*Up)(struct sppp *sp);
void (*Down)(struct sppp *sp);
void (*Open)(struct sppp *sp);
void (*Close)(struct sppp *sp);
void (*TO)(void *sp);
int (*RCR)(struct sppp *sp, struct lcp_header *h, int len);
void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len);
void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len);
/* actions */
void (*tlu)(struct sppp *sp);
void (*tld)(struct sppp *sp);
void (*tls)(struct sppp *sp);
void (*tlf)(struct sppp *sp);
void (*scr)(struct sppp *sp);
};
static struct sppp *spppq;
static struct callout keepalive_ch;
#ifdef INET
/*
* The following disgusting hack gets around the problem that IP TOS
* can't be set yet. We want to put "interactive" traffic on a high
* priority queue. To decide if traffic is interactive, we check that
* a) it is TCP and b) one of its ports is telnet, rlogin or ftp control.
*
* XXX is this really still necessary? - joerg -
*/
static u_short interactive_ports[8] = {
0, 513, 0, 0,
0, 21, 0, 23,
};
#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p))
#endif
/* almost every function needs these */
#define STDDCL \
struct ifnet *ifp = &sp->pp_if; \
int debug = ifp->if_flags & IFF_DEBUG
static int sppp_output(struct ifnet *ifp, struct mbuf *m,
struct sockaddr *dst, struct rtentry *rt);
static void sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2);
static void sppp_cisco_input(struct sppp *sp, struct mbuf *m);
static void sppp_cp_input(const struct cp *cp, struct sppp *sp,
struct mbuf *m);
static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
u_char ident, u_short len, void *data);
/* static void sppp_cp_timeout(void *arg); */
static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp,
int newstate);
static void sppp_auth_send(const struct cp *cp,
struct sppp *sp, unsigned int type, unsigned int id,
...);
static void sppp_up_event(const struct cp *cp, struct sppp *sp);
static void sppp_down_event(const struct cp *cp, struct sppp *sp);
static void sppp_open_event(const struct cp *cp, struct sppp *sp);
static void sppp_close_event(const struct cp *cp, struct sppp *sp);
static void sppp_to_event(const struct cp *cp, struct sppp *sp);
static void sppp_null(struct sppp *sp);
static void sppp_lcp_init(struct sppp *sp);
static void sppp_lcp_up(struct sppp *sp);
static void sppp_lcp_down(struct sppp *sp);
static void sppp_lcp_open(struct sppp *sp);
static void sppp_lcp_close(struct sppp *sp);
static void sppp_lcp_TO(void *sp);
static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
static void sppp_lcp_tlu(struct sppp *sp);
static void sppp_lcp_tld(struct sppp *sp);
static void sppp_lcp_tls(struct sppp *sp);
static void sppp_lcp_tlf(struct sppp *sp);
static void sppp_lcp_scr(struct sppp *sp);
static void sppp_lcp_check_and_close(struct sppp *sp);
static int sppp_ncp_check(struct sppp *sp);
static void sppp_ipcp_init(struct sppp *sp);
static void sppp_ipcp_up(struct sppp *sp);
static void sppp_ipcp_down(struct sppp *sp);
static void sppp_ipcp_open(struct sppp *sp);
static void sppp_ipcp_close(struct sppp *sp);
static void sppp_ipcp_TO(void *sp);
static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
static void sppp_ipcp_tlu(struct sppp *sp);
static void sppp_ipcp_tld(struct sppp *sp);
static void sppp_ipcp_tls(struct sppp *sp);
static void sppp_ipcp_tlf(struct sppp *sp);
static void sppp_ipcp_scr(struct sppp *sp);
static void sppp_ipv6cp_init(struct sppp *sp);
static void sppp_ipv6cp_up(struct sppp *sp);
static void sppp_ipv6cp_down(struct sppp *sp);
static void sppp_ipv6cp_open(struct sppp *sp);
static void sppp_ipv6cp_close(struct sppp *sp);
static void sppp_ipv6cp_TO(void *sp);
static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len);
static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
static void sppp_ipv6cp_tlu(struct sppp *sp);
static void sppp_ipv6cp_tld(struct sppp *sp);
static void sppp_ipv6cp_tls(struct sppp *sp);
static void sppp_ipv6cp_tlf(struct sppp *sp);
static void sppp_ipv6cp_scr(struct sppp *sp);
static void sppp_pap_input(struct sppp *sp, struct mbuf *m);
static void sppp_pap_init(struct sppp *sp);
static void sppp_pap_open(struct sppp *sp);
static void sppp_pap_close(struct sppp *sp);
static void sppp_pap_TO(void *sp);
static void sppp_pap_my_TO(void *sp);
static void sppp_pap_tlu(struct sppp *sp);
static void sppp_pap_tld(struct sppp *sp);
static void sppp_pap_scr(struct sppp *sp);
static void sppp_chap_input(struct sppp *sp, struct mbuf *m);
static void sppp_chap_init(struct sppp *sp);
static void sppp_chap_open(struct sppp *sp);
static void sppp_chap_close(struct sppp *sp);
static void sppp_chap_TO(void *sp);
static void sppp_chap_tlu(struct sppp *sp);
static void sppp_chap_tld(struct sppp *sp);
static void sppp_chap_scr(struct sppp *sp);
static const char *sppp_auth_type_name(u_short proto, u_char type);
static const char *sppp_cp_type_name(u_char type);
static const char *sppp_dotted_quad(u_int32_t addr);
static const char *sppp_ipcp_opt_name(u_char opt);
#ifdef INET6
static const char *sppp_ipv6cp_opt_name(u_char opt);
#endif
static const char *sppp_lcp_opt_name(u_char opt);
static const char *sppp_phase_name(int phase);
static const char *sppp_proto_name(u_short proto);
static const char *sppp_state_name(int state);
static int sppp_params(struct sppp *sp, int cmd, void *data);
#ifdef INET
static void sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst,
u_int32_t *srcmask);
static void sppp_set_ip_addrs(struct sppp *sp, u_int32_t myaddr, u_int32_t hisaddr);
static void sppp_clear_ip_addrs(struct sppp *sp);
#endif
static void sppp_keepalive(void *dummy);
static void sppp_phase_network(struct sppp *sp);
static void sppp_print_bytes(const u_char *p, u_short len);
static void sppp_print_string(const char *p, u_short len);
#ifdef INET6
static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src,
struct in6_addr *dst, struct in6_addr *srcmask);
#ifdef IPV6CP_MYIFID_DYN
static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src);
static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src);
#endif
static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src);
#endif
/* our control protocol descriptors */
static const struct cp lcp = {
PPP_LCP, IDX_LCP, CP_LCP, "lcp",
sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close,
sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak,
sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf,
sppp_lcp_scr
};
static const struct cp ipcp = {
PPP_IPCP, IDX_IPCP,
#ifdef INET
CP_NCP, /*don't run IPCP if there's no IPv4 support*/
#else
0,
#endif
"ipcp",
sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close,
sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak,
sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf,
sppp_ipcp_scr
};
static const struct cp ipv6cp = {
PPP_IPV6CP, IDX_IPV6CP,
#ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/
CP_NCP,
#else
0,
#endif
"ipv6cp",
sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close,
sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak,
sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf,
sppp_ipv6cp_scr
};
static const struct cp pap = {
PPP_PAP, IDX_PAP, CP_AUTH, "pap",
sppp_null, sppp_null, sppp_pap_open, sppp_pap_close,
sppp_pap_TO, 0, 0, 0,
sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null,
sppp_pap_scr
};
static const struct cp chap = {
PPP_CHAP, IDX_CHAP, CP_AUTH, "chap",
sppp_null, sppp_null, sppp_chap_open, sppp_chap_close,
sppp_chap_TO, 0, 0, 0,
sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null,
sppp_chap_scr
};
static const struct cp *cps[IDX_COUNT] = {
&lcp, /* IDX_LCP */
&ipcp, /* IDX_IPCP */
&ipv6cp, /* IDX_IPV6CP */
&pap, /* IDX_PAP */
&chap, /* IDX_CHAP */
};
void spppattach(int);
void
/*ARGSUSED*/
spppattach(int count)
{
}
/*
* Exported functions, comprising our interface to the lower layer.
*/
/*
* Process the received packet.
*/
void
sppp_input(struct ifnet *ifp, struct mbuf *m)
{
struct ppp_header *h = NULL;
struct ifqueue *inq = 0;
u_int16_t protocol;
int s;
struct sppp *sp = (struct sppp *)ifp;
int debug = ifp->if_flags & IFF_DEBUG;
if (ifp->if_flags & IFF_UP) {
/* Count received bytes, add hardware framing */
ifp->if_ibytes += m->m_pkthdr.len + sp->pp_framebytes;
/* Note time of last receive */
sp->pp_last_receive = mono_time.tv_sec;
}
if (m->m_pkthdr.len <= PPP_HEADER_LEN) {
/* Too small packet, drop it. */
if (debug)
log(LOG_DEBUG,
"%s: input packet is too small, %d bytes\n",
ifp->if_xname, m->m_pkthdr.len);
drop:
++ifp->if_ierrors;
++ifp->if_iqdrops;
m_freem(m);
return;
}
if (sp->pp_flags & PP_NOFRAMING) {
memcpy(&protocol, mtod(m, void *), 2);
protocol = ntohs(protocol);
m_adj(m, 2);
} else {
/* Get PPP header. */
h = mtod(m, struct ppp_header *);
m_adj(m, PPP_HEADER_LEN);
switch (h->address) {
case PPP_ALLSTATIONS:
if (h->control != PPP_UI)
goto invalid;
if (sp->pp_flags & PP_CISCO) {
if (debug)
log(LOG_DEBUG,
"%s: PPP packet in Cisco mode "
"<addr=0x%x ctrl=0x%x proto=0x%x>\n",
ifp->if_xname,
h->address, h->control, ntohs(h->protocol));
goto drop;
}
break;
case CISCO_MULTICAST:
case CISCO_UNICAST:
/* Don't check the control field here (RFC 1547). */
if (! (sp->pp_flags & PP_CISCO)) {
if (debug)
log(LOG_DEBUG,
"%s: Cisco packet in PPP mode "
"<addr=0x%x ctrl=0x%x proto=0x%x>\n",
ifp->if_xname,
h->address, h->control, ntohs(h->protocol));
goto drop;
}
switch (ntohs(h->protocol)) {
default:
++ifp->if_noproto;
goto invalid;
case CISCO_KEEPALIVE:
sppp_cisco_input((struct sppp *) ifp, m);
m_freem(m);
return;
#ifdef INET
case ETHERTYPE_IP:
schednetisr(NETISR_IP);
inq = &ipintrq;
break;
#endif
#ifdef INET6
case ETHERTYPE_IPV6:
schednetisr(NETISR_IPV6);
inq = &ip6intrq;
break;
#endif
#ifdef IPX
case ETHERTYPE_IPX:
schednetisr(NETISR_IPX);
inq = &ipxintrq;
break;
#endif
#ifdef NS
case ETHERTYPE_NS:
schednetisr(NETISR_NS);
inq = &nsintrq;
break;
#endif
}
goto queue_pkt;
default: /* Invalid PPP packet. */
invalid:
if (debug)
log(LOG_DEBUG,
"%s: invalid input packet "
"<addr=0x%x ctrl=0x%x proto=0x%x>\n",
ifp->if_xname,
h->address, h->control, ntohs(h->protocol));
goto drop;
}
protocol = ntohs(h->protocol);
}
switch (protocol) {
default:
if (sp->state[IDX_LCP] == STATE_OPENED) {
u_int16_t prot = htons(protocol);
sppp_cp_send(sp, PPP_LCP, PROTO_REJ,
++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2,
&prot);
}
if (debug)
log(LOG_DEBUG,
"%s: invalid input protocol "
"<proto=0x%x>\n", ifp->if_xname, ntohs(protocol));
++ifp->if_noproto;
goto drop;
case PPP_LCP:
sppp_cp_input(&lcp, sp, m);
m_freem(m);
return;
case PPP_PAP:
if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE)
sppp_pap_input(sp, m);
m_freem(m);
return;
case PPP_CHAP:
if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE)
sppp_chap_input(sp, m);
m_freem(m);
return;
#ifdef INET
case PPP_IPCP:
if (sp->pp_phase == SPPP_PHASE_NETWORK)
sppp_cp_input(&ipcp, sp, m);
m_freem(m);
return;
case PPP_IP:
if (sp->state[IDX_IPCP] == STATE_OPENED) {
schednetisr(NETISR_IP);
inq = &ipintrq;
sp->pp_last_activity = mono_time.tv_sec;
}
break;
#endif
#ifdef INET6
case PPP_IPV6CP:
if (sp->pp_phase == SPPP_PHASE_NETWORK)
sppp_cp_input(&ipv6cp, sp, m);
m_freem(m);
return;
case PPP_IPV6:
if (sp->state[IDX_IPV6CP] == STATE_OPENED) {
schednetisr(NETISR_IPV6);
inq = &ip6intrq;
sp->pp_last_activity = mono_time.tv_sec;
}
break;
#endif
#ifdef IPX
case PPP_IPX:
/* IPX IPXCP not implemented yet */
if (sp->pp_phase == SPPP_PHASE_NETWORK) {
schednetisr(NETISR_IPX);
inq = &ipxintrq;
}
break;
#endif
#ifdef NS
case PPP_XNS:
/* XNS IDPCP not implemented yet */
if (sp->pp_phase == SPPP_PHASE_NETWORK) {
schednetisr(NETISR_NS);
inq = &nsintrq;
}
break;
#endif
#ifdef ISO
case PPP_ISO:
/* OSI NLCP not implemented yet */
if (sp->pp_phase == SPPP_PHASE_NETWORK) {
schednetisr(NETISR_ISO);
inq = &clnlintrq;
}
break;
#endif
}
queue_pkt:
if (! (ifp->if_flags & IFF_UP) || ! inq)
goto drop;
/* Check queue. */
s = splnet();
if (IF_QFULL(inq)) {
/* Queue overflow. */
IF_DROP(inq);
splx(s);
if (debug)
log(LOG_DEBUG, "%s: protocol queue overflow\n",
ifp->if_xname);
goto drop;
}
IF_ENQUEUE(inq, m);
splx(s);
}
/*
* Enqueue transmit packet.
*/
static int
sppp_output(struct ifnet *ifp, struct mbuf *m,
struct sockaddr *dst, struct rtentry *rt)
{
struct sppp *sp = (struct sppp *) ifp;
struct ppp_header *h = NULL;
struct ifqueue *ifq = NULL; /* XXX */
int s, error = 0;
u_int16_t protocol;
ALTQ_DECL(struct altq_pktattr pktattr;)
s = splnet();
sp->pp_last_activity = mono_time.tv_sec;
if ((ifp->if_flags & IFF_UP) == 0 ||
(ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) {
m_freem(m);
splx(s);
return (ENETDOWN);
}
if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) {
/*
* Interface is not yet running, but auto-dial. Need
* to start LCP for it.
*/
ifp->if_flags |= IFF_RUNNING;
splx(s);
lcp.Open(sp);
s = splnet();
}
/*
* If the queueing discipline needs packet classification,
* do it before prepending link headers.
*/
IFQ_CLASSIFY(&ifp->if_snd, m, dst->sa_family, &pktattr);
#ifdef INET
if (dst->sa_family == AF_INET) {
struct ip *ip = NULL;
struct tcphdr *th = NULL;
if (m->m_len >= sizeof(struct ip)) {
ip = mtod(m, struct ip *);
if (ip->ip_p == IPPROTO_TCP &&
m->m_len >= sizeof(struct ip) + (ip->ip_hl << 2) +
sizeof(struct tcphdr)) {
th = (struct tcphdr *)
((caddr_t)ip + (ip->ip_hl << 2));
}
} else
ip = NULL;
/*
* When using dynamic local IP address assignment by using
* 0.0.0.0 as a local address, the first TCP session will
* not connect because the local TCP checksum is computed
* using 0.0.0.0 which will later become our real IP address
* so the TCP checksum computed at the remote end will
* become invalid. So we
* - don't let packets with src ip addr 0 thru
* - we flag TCP packets with src ip 0 as an error
*/
if (ip && ip->ip_src.s_addr == INADDR_ANY) {
u_int8_t proto = ip->ip_p;
m_freem(m);
splx(s);
if (proto == IPPROTO_TCP)
return (EADDRNOTAVAIL);
else
return (0);
}
/*
* Put low delay, telnet, rlogin and ftp control packets
* in front of the queue.
*/
if (!IF_QFULL(&sp->pp_fastq) &&
((ip && (ip->ip_tos & IPTOS_LOWDELAY)) ||
(th && (INTERACTIVE(ntohs(th->th_sport)) ||
INTERACTIVE(ntohs(th->th_dport))))))
ifq = &sp->pp_fastq;
}
#endif
#ifdef INET6
if (dst->sa_family == AF_INET6) {
/* XXX do something tricky here? */
}
#endif
if ((sp->pp_flags & PP_NOFRAMING) == 0) {
/*
* Prepend general data packet PPP header. For now, IP only.
*/
M_PREPEND(m, PPP_HEADER_LEN, M_DONTWAIT);
if (! m) {
if (ifp->if_flags & IFF_DEBUG)
log(LOG_DEBUG, "%s: no memory for transmit header\n",
ifp->if_xname);
++ifp->if_oerrors;
splx(s);
return (ENOBUFS);
}
/*
* May want to check size of packet
* (albeit due to the implementation it's always enough)
*/
h = mtod(m, struct ppp_header *);
if (sp->pp_flags & PP_CISCO) {
h->address = CISCO_UNICAST; /* unicast address */
h->control = 0;
} else {
h->address = PPP_ALLSTATIONS; /* broadcast address */
h->control = PPP_UI; /* Unnumbered Info */
}
}
switch (dst->sa_family) {
#ifdef INET
case AF_INET: /* Internet Protocol */
if (sp->pp_flags & PP_CISCO)
protocol = htons(ETHERTYPE_IP);
else {
/*
* Don't choke with an ENETDOWN early. It's
* possible that we just started dialing out,
* so don't drop the packet immediately. If
* we notice that we run out of buffer space
* below, we will however remember that we are
* not ready to carry IP packets, and return
* ENETDOWN, as opposed to ENOBUFS.
*/
protocol = htons(PPP_IP);
if (sp->state[IDX_IPCP] != STATE_OPENED)
error = ENETDOWN;
}
break;
#endif
#ifdef INET6
case AF_INET6: /* Internet Protocol version 6 */
if (sp->pp_flags & PP_CISCO)
protocol = htons(ETHERTYPE_IPV6);
else {
/*
* Don't choke with an ENETDOWN early. It's
* possible that we just started dialing out,
* so don't drop the packet immediately. If
* we notice that we run out of buffer space
* below, we will however remember that we are
* not ready to carry IP packets, and return
* ENETDOWN, as opposed to ENOBUFS.
*/
protocol = htons(PPP_IPV6);
if (sp->state[IDX_IPV6CP] != STATE_OPENED)
error = ENETDOWN;
}
break;
#endif
#ifdef NS
case AF_NS: /* Xerox NS Protocol */
protocol = htons((sp->pp_flags & PP_CISCO) ?
ETHERTYPE_NS : PPP_XNS);
break;
#endif
#ifdef IPX
case AF_IPX: /* Novell IPX Protocol */
protocol = htons((sp->pp_flags & PP_CISCO) ?
ETHERTYPE_IPX : PPP_IPX);
break;
#endif
#ifdef ISO
case AF_ISO: /* ISO OSI Protocol */
if (sp->pp_flags & PP_CISCO)
goto nosupport;
protocol = htons(PPP_ISO);
break;
nosupport:
#endif
default:
m_freem(m);
++ifp->if_oerrors;
splx(s);
return (EAFNOSUPPORT);
}
if (sp->pp_flags & PP_NOFRAMING) {
M_PREPEND(m, 2, M_DONTWAIT);
if (m == NULL) {
if (ifp->if_flags & IFF_DEBUG)
log(LOG_DEBUG, "%s: no memory for transmit header\n",
ifp->if_xname);
++ifp->if_oerrors;
splx(s);
return (ENOBUFS);
}
*mtod(m, u_int16_t *) = protocol;
} else {
h->protocol = protocol;
}
error = ifq_enqueue2(ifp, ifq, m ALTQ_COMMA ALTQ_DECL(&pktattr));
if (error == 0) {
/*
* Count output packets and bytes.
* The packet length includes header + additional hardware
* framing according to RFC 1333.
*/
if (!(ifp->if_flags & IFF_OACTIVE))
(*ifp->if_start)(ifp);
ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes;
}
splx(s);
return error;
}
void
sppp_attach(struct ifnet *ifp)
{
struct sppp *sp = (struct sppp *) ifp;
/* Initialize keepalive handler. */
if (! spppq) {
callout_init(&keepalive_ch);
callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL);
}
/* Insert new entry into the keepalive list. */
sp->pp_next = spppq;
spppq = sp;
sp->pp_if.if_type = IFT_PPP;
sp->pp_if.if_output = sppp_output;
sp->pp_fastq.ifq_maxlen = 32;
sp->pp_cpq.ifq_maxlen = 20;
sp->pp_loopcnt = 0;
sp->pp_alivecnt = 0;
sp->pp_last_activity = 0;
sp->pp_last_receive = 0;
sp->pp_maxalive = DEFAULT_MAXALIVECNT;
sp->pp_max_noreceive = DEFAULT_NORECV_TIME;
sp->pp_idle_timeout = 0;
memset(&sp->pp_seq[0], 0, sizeof(sp->pp_seq));
memset(&sp->pp_rseq[0], 0, sizeof(sp->pp_rseq));
sp->pp_auth_failures = 0;
sp->pp_max_auth_fail = DEFAULT_MAX_AUTH_FAILURES;
sp->pp_phase = SPPP_PHASE_DEAD;
sp->pp_up = lcp.Up;
sp->pp_down = lcp.Down;
if_alloc_sadl(ifp);
memset(&sp->myauth, 0, sizeof sp->myauth);
memset(&sp->hisauth, 0, sizeof sp->hisauth);
sppp_lcp_init(sp);
sppp_ipcp_init(sp);
sppp_ipv6cp_init(sp);
sppp_pap_init(sp);
sppp_chap_init(sp);
}
void
sppp_detach(struct ifnet *ifp)
{
struct sppp **q, *p, *sp = (struct sppp *) ifp;
int i;
/* Remove the entry from the keepalive list. */
for (q = &spppq; (p = *q); q = &p->pp_next)
if (p == sp) {
*q = p->pp_next;
break;
}
/* Stop keepalive handler. */
if (! spppq) {
callout_stop(&keepalive_ch);
}
for (i = 0; i < IDX_COUNT; i++) {
callout_stop(&sp->ch[i]);
}
callout_stop(&sp->pap_my_to_ch);
/* free authentication info */
if (sp->myauth.name) free(sp->myauth.name, M_DEVBUF);
if (sp->myauth.secret) free(sp->myauth.secret, M_DEVBUF);
if (sp->hisauth.name) free(sp->hisauth.name, M_DEVBUF);
if (sp->hisauth.secret) free(sp->hisauth.secret, M_DEVBUF);
#if 0 /* done in if_detach() */
if_free_sadl(ifp);
#endif
}
/*
* Flush the interface output queue.
*/
void
sppp_flush(struct ifnet *ifp)
{
struct sppp *sp = (struct sppp *) ifp;
IFQ_PURGE(&sp->pp_if.if_snd);
IF_PURGE(&sp->pp_fastq);
IF_PURGE(&sp->pp_cpq);
}
/*
* Check if the output queue is empty.
*/
int
sppp_isempty(struct ifnet *ifp)
{
struct sppp *sp = (struct sppp *) ifp;
int empty, s;
s = splnet();
empty = IF_IS_EMPTY(&sp->pp_fastq) && IF_IS_EMPTY(&sp->pp_cpq) &&
IFQ_IS_EMPTY(&sp->pp_if.if_snd);
splx(s);
return (empty);
}
/*
* Get next packet to send.
*/
struct mbuf *
sppp_dequeue(struct ifnet *ifp)
{
struct sppp *sp = (struct sppp *) ifp;
struct mbuf *m;
int s;
s = splnet();
/*
* Process only the control protocol queue until we have at
* least one NCP open.
*
* Do always serve all three queues in Cisco mode.
*/
IF_DEQUEUE(&sp->pp_cpq, m);
if (m == NULL &&
(sppp_ncp_check(sp) || (sp->pp_flags & PP_CISCO) != 0)) {
IF_DEQUEUE(&sp->pp_fastq, m);
if (m == NULL)
IFQ_DEQUEUE(&sp->pp_if.if_snd, m);
}
splx(s);
return m;
}
/*
* Process an ioctl request. Called on low priority level.
*/
int
sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data)
{
struct ifreq *ifr = (struct ifreq *) data;
struct sppp *sp = (struct sppp *) ifp;
int s, error=0, going_up, going_down, newmode;
s = splnet();
switch (cmd) {
case SIOCAIFADDR:
case SIOCSIFDSTADDR:
break;
case SIOCSIFADDR:
if_up(ifp);
/* fall through... */
case SIOCSIFFLAGS:
going_up = ifp->if_flags & IFF_UP &&
(ifp->if_flags & IFF_RUNNING) == 0;
going_down = (ifp->if_flags & IFF_UP) == 0 &&
ifp->if_flags & IFF_RUNNING;
newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE);
if (newmode == (IFF_AUTO | IFF_PASSIVE)) {
/* sanity */
newmode = IFF_PASSIVE;
ifp->if_flags &= ~IFF_AUTO;
}
if (going_up || going_down)
lcp.Close(sp);
if (going_up && newmode == 0) {
/* neither auto-dial nor passive */
ifp->if_flags |= IFF_RUNNING;
if (!(sp->pp_flags & PP_CISCO))
lcp.Open(sp);
} else if (going_down) {
sppp_flush(ifp);
ifp->if_flags &= ~IFF_RUNNING;
}
break;
#ifdef SIOCSIFMTU
#ifndef ifr_mtu
#define ifr_mtu ifr_metric
#endif
case SIOCSIFMTU:
if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru) {
error = EINVAL;
break;
}
ifp->if_mtu = ifr->ifr_mtu;
break;
#endif
#ifdef SLIOCSETMTU
case SLIOCSETMTU:
if (*(short *)data < 128 || *(short *)data > sp->lcp.their_mru)
{
error = EINVAL;
break;
}
ifp->if_mtu = *(short *)data;
break;
#endif
#ifdef SIOCGIFMTU
case SIOCGIFMTU:
ifr->ifr_mtu = ifp->if_mtu;
break;
#endif
#ifdef SLIOCGETMTU
case SLIOCGETMTU:
*(short *)data = ifp->if_mtu;
break;
#endif
case SIOCADDMULTI:
case SIOCDELMULTI:
break;
case SPPPSETAUTHCFG:
case SPPPGETAUTHCFG:
case SPPPSETLCPCFG:
case SPPPGETLCPCFG:
case SPPPSETIDLETO:
case SPPPSETAUTHFAILURE:
case SPPPGETAUTHFAILURES:
case SPPPSETDNSOPTS:
case SPPPSETKEEPALIVE:
{
struct proc *p = curproc; /* XXX */
if ((error = kauth_authorize_generic(p->p_cred, KAUTH_GENERIC_ISSUSER, &p->p_acflag)) != 0)
break;
}
/* FALLTHROUGH */
case SPPPGETSTATUS:
case SPPPGETSTATUSNCP:
case SPPPGETIDLETO:
case SPPPGETDNSOPTS:
case SPPPGETDNSADDRS:
case SPPPGETKEEPALIVE:
error = sppp_params(sp, cmd, data);
break;
default:
error = ENOTTY;
}
splx(s);
return (error);
}
/*
* Cisco framing implementation.
*/
/*
* Handle incoming Cisco keepalive protocol packets.
*/
static void
sppp_cisco_input(struct sppp *sp, struct mbuf *m)
{
STDDCL;
struct cisco_packet *h;
#ifdef INET
u_int32_t me, mymask = 0; /* XXX: GCC */
#endif
if (m->m_pkthdr.len < CISCO_PACKET_LEN) {
if (debug)
log(LOG_DEBUG,
"%s: cisco invalid packet length: %d bytes\n",
ifp->if_xname, m->m_pkthdr.len);
return;
}
h = mtod(m, struct cisco_packet *);
if (debug)
log(LOG_DEBUG,
"%s: cisco input: %d bytes "
"<0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n",
ifp->if_xname, m->m_pkthdr.len,
ntohl(h->type), h->par1, h->par2, (u_int)h->rel,
(u_int)h->time0, (u_int)h->time1);
switch (ntohl(h->type)) {
default:
if (debug)
addlog("%s: cisco unknown packet type: 0x%x\n",
ifp->if_xname, ntohl(h->type));
break;
case CISCO_ADDR_REPLY:
/* Reply on address request, ignore */
break;
case CISCO_KEEPALIVE_REQ:
sp->pp_alivecnt = 0;
sp->pp_rseq[IDX_LCP] = ntohl(h->par1);
if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) {
/* Local and remote sequence numbers are equal.
* Probably, the line is in loopback mode. */
if (sp->pp_loopcnt >= LOOPALIVECNT) {
printf ("%s: loopback\n",
ifp->if_xname);
sp->pp_loopcnt = 0;
if (ifp->if_flags & IFF_UP) {
if_down(ifp);
IF_PURGE(&sp->pp_cpq);
}
}
++sp->pp_loopcnt;
/* Generate new local sequence number */
sp->pp_seq[IDX_LCP] = arc4random();
break;
}
sp->pp_loopcnt = 0;
if (! (ifp->if_flags & IFF_UP) &&
(ifp->if_flags & IFF_RUNNING)) {
if_up(ifp);
}
break;
case CISCO_ADDR_REQ:
#ifdef INET
sppp_get_ip_addrs(sp, &me, 0, &mymask);
if (me != 0L)
sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask);
#endif
break;
}
}
/*
* Send Cisco keepalive packet.
*/
static void
sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2)
{
STDDCL;
struct ppp_header *h;
struct cisco_packet *ch;
struct mbuf *m;
u_int32_t t = (time.tv_sec - boottime.tv_sec) * 1000;
MGETHDR(m, M_DONTWAIT, MT_DATA);
if (! m)
return;
m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN;
m->m_pkthdr.rcvif = 0;
h = mtod(m, struct ppp_header *);
h->address = CISCO_MULTICAST;
h->control = 0;
h->protocol = htons(CISCO_KEEPALIVE);
ch = (struct cisco_packet *)(h + 1);
ch->type = htonl(type);
ch->par1 = htonl(par1);
ch->par2 = htonl(par2);
ch->rel = -1;
ch->time0 = htons((u_short)(t >> 16));
ch->time1 = htons((u_short) t);
if (debug)
log(LOG_DEBUG,
"%s: cisco output: <0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n",
ifp->if_xname, ntohl(ch->type), ch->par1,
ch->par2, (u_int)ch->rel, (u_int)ch->time0,
(u_int)ch->time1);
if (IF_QFULL(&sp->pp_cpq)) {
IF_DROP(&sp->pp_fastq);
IF_DROP(&ifp->if_snd);
m_freem(m);
++ifp->if_oerrors;
return;
} else
IF_ENQUEUE(&sp->pp_cpq, m);
if (! (ifp->if_flags & IFF_OACTIVE))
(*ifp->if_start)(ifp);
ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes;
}
/*
* PPP protocol implementation.
*/
/*
* Send PPP control protocol packet.
*/
static void
sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
u_char ident, u_short len, void *data)
{
STDDCL;
struct lcp_header *lh;
struct mbuf *m;
size_t pkthdrlen;
pkthdrlen = (sp->pp_flags & PP_NOFRAMING) ? 2 : PPP_HEADER_LEN;
if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN)
len = MHLEN - pkthdrlen - LCP_HEADER_LEN;
MGETHDR(m, M_DONTWAIT, MT_DATA);
if (! m)
return;
m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len;
m->m_pkthdr.rcvif = 0;
if (sp->pp_flags & PP_NOFRAMING) {
*mtod(m, u_int16_t *) = htons(proto);
lh = (struct lcp_header *)(mtod(m, u_int8_t *) + 2);
} else {
struct ppp_header *h;
h = mtod(m, struct ppp_header *);
h->address = PPP_ALLSTATIONS; /* broadcast address */
h->control = PPP_UI; /* Unnumbered Info */
h->protocol = htons(proto); /* Link Control Protocol */
lh = (struct lcp_header *)(h + 1);
}
lh->type = type;
lh->ident = ident;
lh->len = htons(LCP_HEADER_LEN + len);
if (len)
bcopy (data, lh + 1, len);
if (debug) {
log(LOG_DEBUG, "%s: %s output <%s id=0x%x len=%d",
ifp->if_xname,
sppp_proto_name(proto),
sppp_cp_type_name(lh->type), lh->ident, ntohs(lh->len));
if (len)
sppp_print_bytes((u_char *)(lh + 1), len);
addlog(">\n");
}
if (IF_QFULL(&sp->pp_cpq)) {
IF_DROP(&sp->pp_fastq);
IF_DROP(&ifp->if_snd);
m_freem(m);
++ifp->if_oerrors;
return;
} else
IF_ENQUEUE(&sp->pp_cpq, m);
if (! (ifp->if_flags & IFF_OACTIVE))
(*ifp->if_start)(ifp);
ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes;
}
/*
* Handle incoming PPP control protocol packets.
*/
static void
sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m)
{
STDDCL;
struct lcp_header *h;
int len = m->m_pkthdr.len;
int rv;
u_char *p;
u_int32_t u32;
if (len < 4) {
if (debug)
log(LOG_DEBUG,
"%s: %s invalid packet length: %d bytes\n",
ifp->if_xname, cp->name, len);
return;
}
h = mtod(m, struct lcp_header *);
if (debug) {
log(LOG_DEBUG,
"%s: %s input(%s): <%s id=0x%x len=%d",
ifp->if_xname, cp->name,
sppp_state_name(sp->state[cp->protoidx]),
sppp_cp_type_name(h->type), h->ident, ntohs(h->len));
if (len > 4)
sppp_print_bytes((u_char *)(h + 1), len - 4);
addlog(">\n");
}
if (len > ntohs(h->len))
len = ntohs(h->len);
p = (u_char *)(h + 1);
switch (h->type) {
case CONF_REQ:
if (len < 4) {
if (debug)
addlog("%s: %s invalid conf-req length %d\n",
ifp->if_xname, cp->name,
len);
++ifp->if_ierrors;
break;
}
/* handle states where RCR doesn't get a SCA/SCN */
switch (sp->state[cp->protoidx]) {
case STATE_CLOSING:
case STATE_STOPPING:
return;
case STATE_CLOSED:
sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident,
0, 0);
return;
}
rv = (cp->RCR)(sp, h, len);
switch (sp->state[cp->protoidx]) {
case STATE_OPENED:
(cp->tld)(sp);
(cp->scr)(sp);
/* fall through... */
case STATE_ACK_SENT:
case STATE_REQ_SENT:
sppp_cp_change_state(cp, sp, rv?
STATE_ACK_SENT: STATE_REQ_SENT);
break;
case STATE_STOPPED:
sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
(cp->scr)(sp);
sppp_cp_change_state(cp, sp, rv?
STATE_ACK_SENT: STATE_REQ_SENT);
break;
case STATE_ACK_RCVD:
if (rv) {
sppp_cp_change_state(cp, sp, STATE_OPENED);
if (debug)
log(LOG_DEBUG, "%s: %s tlu\n",
ifp->if_xname,
cp->name);
(cp->tlu)(sp);
} else
sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
break;
default:
printf("%s: %s illegal %s in state %s\n",
ifp->if_xname, cp->name,
sppp_cp_type_name(h->type),
sppp_state_name(sp->state[cp->protoidx]));
++ifp->if_ierrors;
}
break;
case CONF_ACK:
if (h->ident != sp->confid[cp->protoidx]) {
if (debug)
addlog("%s: %s id mismatch 0x%x != 0x%x\n",
ifp->if_xname, cp->name,
h->ident, sp->confid[cp->protoidx]);
++ifp->if_ierrors;
break;
}
switch (sp->state[cp->protoidx]) {
case STATE_CLOSED:
case STATE_STOPPED:
sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
break;
case STATE_CLOSING:
case STATE_STOPPING:
break;
case STATE_REQ_SENT:
sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
break;
case STATE_OPENED:
(cp->tld)(sp);
/* fall through */
case STATE_ACK_RCVD:
(cp->scr)(sp);
sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
break;
case STATE_ACK_SENT:
sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
sppp_cp_change_state(cp, sp, STATE_OPENED);
if (debug)
log(LOG_DEBUG, "%s: %s tlu\n",
ifp->if_xname, cp->name);
(cp->tlu)(sp);
break;
default:
printf("%s: %s illegal %s in state %s\n",
ifp->if_xname, cp->name,
sppp_cp_type_name(h->type),
sppp_state_name(sp->state[cp->protoidx]));
++ifp->if_ierrors;
}
break;
case CONF_NAK:
case CONF_REJ:
if (h->ident != sp->confid[cp->protoidx]) {
if (debug)
addlog("%s: %s id mismatch 0x%x != 0x%x\n",
ifp->if_xname, cp->name,
h->ident, sp->confid[cp->protoidx]);
++ifp->if_ierrors;
break;
}
if (h->type == CONF_NAK)
(cp->RCN_nak)(sp, h, len);
else /* CONF_REJ */
(cp->RCN_rej)(sp, h, len);
switch (sp->state[cp->protoidx]) {
case STATE_CLOSED:
case STATE_STOPPED:
sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
break;
case STATE_REQ_SENT:
case STATE_ACK_SENT:
sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
(cp->scr)(sp);
break;
case STATE_OPENED:
(cp->tld)(sp);
/* fall through */
case STATE_ACK_RCVD:
sppp_cp_change_state(cp, sp, STATE_ACK_SENT);
(cp->scr)(sp);
break;
case STATE_CLOSING:
case STATE_STOPPING:
break;
default:
printf("%s: %s illegal %s in state %s\n",
ifp->if_xname, cp->name,
sppp_cp_type_name(h->type),
sppp_state_name(sp->state[cp->protoidx]));
++ifp->if_ierrors;
}
break;
case TERM_REQ:
switch (sp->state[cp->protoidx]) {
case STATE_ACK_RCVD:
case STATE_ACK_SENT:
sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
/* fall through */
case STATE_CLOSED:
case STATE_STOPPED:
case STATE_CLOSING:
case STATE_STOPPING:
case STATE_REQ_SENT:
sta:
/* Send Terminate-Ack packet. */
if (debug)
log(LOG_DEBUG, "%s: %s send terminate-ack\n",
ifp->if_xname, cp->name);
sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
break;
case STATE_OPENED:
(cp->tld)(sp);
sp->rst_counter[cp->protoidx] = 0;
sppp_cp_change_state(cp, sp, STATE_STOPPING);
goto sta;
default:
printf("%s: %s illegal %s in state %s\n",
ifp->if_xname, cp->name,
sppp_cp_type_name(h->type),
sppp_state_name(sp->state[cp->protoidx]));
++ifp->if_ierrors;
}
break;
case TERM_ACK:
switch (sp->state[cp->protoidx]) {
case STATE_CLOSED:
case STATE_STOPPED:
case STATE_REQ_SENT:
case STATE_ACK_SENT:
break;
case STATE_CLOSING:
(cp->tlf)(sp);
sppp_cp_change_state(cp, sp, STATE_CLOSED);
sppp_lcp_check_and_close(sp);
break;
case STATE_STOPPING:
(cp->tlf)(sp);
sppp_cp_change_state(cp, sp, STATE_STOPPED);
sppp_lcp_check_and_close(sp);
break;
case STATE_ACK_RCVD:
sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
break;
case STATE_OPENED:
(cp->tld)(sp);
(cp->scr)(sp);
sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
break;
default:
printf("%s: %s illegal %s in state %s\n",
ifp->if_xname, cp->name,
sppp_cp_type_name(h->type),
sppp_state_name(sp->state[cp->protoidx]));
++ifp->if_ierrors;
}
break;
case CODE_REJ:
/* XXX catastrophic rejects (RXJ-) aren't handled yet. */
log(LOG_INFO,
"%s: %s: ignoring RXJ (%s) for code ?, "
"danger will robinson\n",
ifp->if_xname, cp->name,
sppp_cp_type_name(h->type));
switch (sp->state[cp->protoidx]) {
case STATE_CLOSED:
case STATE_STOPPED:
case STATE_REQ_SENT:
case STATE_ACK_SENT:
case STATE_CLOSING:
case STATE_STOPPING:
case STATE_OPENED:
break;
case STATE_ACK_RCVD:
sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
break;
default:
printf("%s: %s illegal %s in state %s\n",
ifp->if_xname, cp->name,
sppp_cp_type_name(h->type),
sppp_state_name(sp->state[cp->protoidx]));
++ifp->if_ierrors;
}
break;
case PROTO_REJ:
{
int catastrophic;
const struct cp *upper;
int i;
u_int16_t proto;
catastrophic = 0;
upper = NULL;
proto = p[0] << 8 | p[1];
for (i = 0; i < IDX_COUNT; i++) {
if (cps[i]->proto == proto) {
upper = cps[i];
break;
}
}
if (upper == NULL)
catastrophic++;
if (debug)
log(LOG_INFO,
"%s: %s: RXJ%c (%s) for proto 0x%x (%s/%s)\n",
ifp->if_xname, cp->name, catastrophic ? '-' : '+',
sppp_cp_type_name(h->type), proto,
upper ? upper->name : "unknown",
upper ? sppp_state_name(sp->state[upper->protoidx]) : "?");
/*
* if we got RXJ+ against conf-req, the peer does not implement
* this particular protocol type. terminate the protocol.
*/
if (upper && !catastrophic) {
if (sp->state[upper->protoidx] == STATE_REQ_SENT) {
upper->Close(sp);
break;
}
}
/* XXX catastrophic rejects (RXJ-) aren't handled yet. */
switch (sp->state[cp->protoidx]) {
case STATE_CLOSED:
case STATE_STOPPED:
case STATE_REQ_SENT:
case STATE_ACK_SENT:
case STATE_CLOSING:
case STATE_STOPPING:
case STATE_OPENED:
break;
case STATE_ACK_RCVD:
sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
break;
default:
printf("%s: %s illegal %s in state %s\n",
ifp->if_xname, cp->name,
sppp_cp_type_name(h->type),
sppp_state_name(sp->state[cp->protoidx]));
++ifp->if_ierrors;
}
break;
}
case DISC_REQ:
if (cp->proto != PPP_LCP)
goto illegal;
/* Discard the packet. */
break;
case ECHO_REQ:
if (cp->proto != PPP_LCP)
goto illegal;
if (sp->state[cp->protoidx] != STATE_OPENED) {
if (debug)
addlog("%s: lcp echo req but lcp closed\n",
ifp->if_xname);
++ifp->if_ierrors;
break;
}
if (len < 8) {
if (debug)
addlog("%s: invalid lcp echo request "
"packet length: %d bytes\n",
ifp->if_xname, len);
break;
}
memcpy(&u32, h + 1, sizeof u32);
if (ntohl(u32) == sp->lcp.magic) {
/* Line loopback mode detected. */
printf("%s: loopback\n", ifp->if_xname);
if_down(ifp);
IF_PURGE(&sp->pp_cpq);
/* Shut down the PPP link. */
/* XXX */
lcp.Down(sp);
lcp.Up(sp);
break;
}
u32 = htonl(sp->lcp.magic);
memcpy(h + 1, &u32, sizeof u32);
if (debug)
addlog("%s: got lcp echo req, sending echo rep\n",
ifp->if_xname);
sppp_cp_send(sp, PPP_LCP, ECHO_REPLY, h->ident, len - 4,
h + 1);
break;
case ECHO_REPLY:
if (cp->proto != PPP_LCP)
goto illegal;
if (h->ident != sp->lcp.echoid) {
++ifp->if_ierrors;
break;
}
if (len < 8) {
if (debug)
addlog("%s: lcp invalid echo reply "
"packet length: %d bytes\n",
ifp->if_xname, len);
break;
}
if (debug)
addlog("%s: lcp got echo rep\n",
ifp->if_xname);
memcpy(&u32, h + 1, sizeof u32);
if (ntohl(u32) != sp->lcp.magic)
sp->pp_alivecnt = 0;
break;
default:
/* Unknown packet type -- send Code-Reject packet. */
illegal:
if (debug)
addlog("%s: %s send code-rej for 0x%x\n",
ifp->if_xname, cp->name, h->type);
sppp_cp_send(sp, cp->proto, CODE_REJ,
++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h);
++ifp->if_ierrors;
}
}
/*
* The generic part of all Up/Down/Open/Close/TO event handlers.
* Basically, the state transition handling in the automaton.
*/
static void
sppp_up_event(const struct cp *cp, struct sppp *sp)
{
STDDCL;
if (debug)
log(LOG_DEBUG, "%s: %s up(%s)\n",
ifp->if_xname, cp->name,
sppp_state_name(sp->state[cp->protoidx]));
switch (sp->state[cp->protoidx]) {
case STATE_INITIAL:
sppp_cp_change_state(cp, sp, STATE_CLOSED);
break;
case STATE_STARTING:
sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
(cp->scr)(sp);
sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
break;
default:
printf("%s: %s illegal up in state %s\n",
ifp->if_xname, cp->name,
sppp_state_name(sp->state[cp->protoidx]));
}
}
static void
sppp_down_event(const struct cp *cp, struct sppp *sp)
{
STDDCL;
if (debug)
log(LOG_DEBUG, "%s: %s down(%s)\n",
ifp->if_xname, cp->name,
sppp_state_name(sp->state[cp->protoidx]));
switch (sp->state[cp->protoidx]) {
case STATE_CLOSED:
case STATE_CLOSING:
sppp_cp_change_state(cp, sp, STATE_INITIAL);
break;
case STATE_STOPPED:
(cp->tls)(sp);
/* fall through */
case STATE_STOPPING:
case STATE_REQ_SENT:
case STATE_ACK_RCVD:
case STATE_ACK_SENT:
sppp_cp_change_state(cp, sp, STATE_STARTING);
break;
case STATE_OPENED:
(cp->tld)(sp);
sppp_cp_change_state(cp, sp, STATE_STARTING);
break;
default:
printf("%s: %s illegal down in state %s\n",
ifp->if_xname, cp->name,
sppp_state_name(sp->state[cp->protoidx]));
}
}
static void
sppp_open_event(const struct cp *cp, struct sppp *sp)
{
STDDCL;
if (debug)
log(LOG_DEBUG, "%s: %s open(%s)\n",
ifp->if_xname, cp->name,
sppp_state_name(sp->state[cp->protoidx]));
switch (sp->state[cp->protoidx]) {
case STATE_INITIAL:
sppp_cp_change_state(cp, sp, STATE_STARTING);
(cp->tls)(sp);
break;
case STATE_STARTING:
break;
case STATE_CLOSED:
sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
(cp->scr)(sp);
sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
break;
case STATE_STOPPED:
case STATE_STOPPING:
case STATE_REQ_SENT:
case STATE_ACK_RCVD:
case STATE_ACK_SENT:
case STATE_OPENED:
break;
case STATE_CLOSING:
sppp_cp_change_state(cp, sp, STATE_STOPPING);
break;
}
}
static void
sppp_close_event(const struct cp *cp, struct sppp *sp)
{
STDDCL;
if (debug)
log(LOG_DEBUG, "%s: %s close(%s)\n",
ifp->if_xname, cp->name,
sppp_state_name(sp->state[cp->protoidx]));
switch (sp->state[cp->protoidx]) {
case STATE_INITIAL:
case STATE_CLOSED:
case STATE_CLOSING:
break;
case STATE_STARTING:
sppp_cp_change_state(cp, sp, STATE_INITIAL);
(cp->tlf)(sp);
break;
case STATE_STOPPED:
sppp_cp_change_state(cp, sp, STATE_CLOSED);
break;
case STATE_STOPPING:
sppp_cp_change_state(cp, sp, STATE_CLOSING);
break;
case STATE_OPENED:
(cp->tld)(sp);
/* fall through */
case STATE_REQ_SENT:
case STATE_ACK_RCVD:
case STATE_ACK_SENT:
sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate;
sppp_cp_send(sp, cp->proto, TERM_REQ,
++sp->pp_seq[cp->protoidx], 0, 0);
sppp_cp_change_state(cp, sp, STATE_CLOSING);
break;
}
}
static void
sppp_to_event(const struct cp *cp, struct sppp *sp)
{
STDDCL;
int s;
s = splnet();
if (debug)
log(LOG_DEBUG, "%s: %s TO(%s) rst_counter = %d\n",
ifp->if_xname, cp->name,
sppp_state_name(sp->state[cp->protoidx]),
sp->rst_counter[cp->protoidx]);
if (--sp->rst_counter[cp->protoidx] < 0)
/* TO- event */
switch (sp->state[cp->protoidx]) {
case STATE_CLOSING:
(cp->tlf)(sp);
sppp_cp_change_state(cp, sp, STATE_CLOSED);
sppp_lcp_check_and_close(sp);
break;
case STATE_STOPPING:
(cp->tlf)(sp);
sppp_cp_change_state(cp, sp, STATE_STOPPED);
sppp_lcp_check_and_close(sp);
break;
case STATE_REQ_SENT:
case STATE_ACK_RCVD:
case STATE_ACK_SENT:
(cp->tlf)(sp);
sppp_cp_change_state(cp, sp, STATE_STOPPED);
sppp_lcp_check_and_close(sp);
break;
}
else
/* TO+ event */
switch (sp->state[cp->protoidx]) {
case STATE_CLOSING:
case STATE_STOPPING:
sppp_cp_send(sp, cp->proto, TERM_REQ,
++sp->pp_seq[cp->protoidx], 0, 0);
callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout,
cp->TO, sp);
break;
case STATE_REQ_SENT:
case STATE_ACK_RCVD:
(cp->scr)(sp);
/* sppp_cp_change_state() will restart the timer */
sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
break;
case STATE_ACK_SENT:
(cp->scr)(sp);
callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout,
cp->TO, sp);
break;
}
splx(s);
}
/*
* Change the state of a control protocol in the state automaton.
* Takes care of starting/stopping the restart timer.
*/
void
sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate)
{
sp->state[cp->protoidx] = newstate;
callout_stop(&sp->ch[cp->protoidx]);
switch (newstate) {
case STATE_INITIAL:
case STATE_STARTING:
case STATE_CLOSED:
case STATE_STOPPED:
case STATE_OPENED:
break;
case STATE_CLOSING:
case STATE_STOPPING:
case STATE_REQ_SENT:
case STATE_ACK_RCVD:
case STATE_ACK_SENT:
callout_reset(&sp->ch[cp->protoidx], sp->lcp.timeout,
cp->TO, sp);
break;
}
}
/*
*--------------------------------------------------------------------------*
* *
* The LCP implementation. *
* *
*--------------------------------------------------------------------------*
*/
static void
sppp_lcp_init(struct sppp *sp)
{
sp->lcp.opts = (1 << LCP_OPT_MAGIC);
sp->lcp.magic = 0;
sp->state[IDX_LCP] = STATE_INITIAL;
sp->fail_counter[IDX_LCP] = 0;
sp->pp_seq[IDX_LCP] = 0;
sp->pp_rseq[IDX_LCP] = 0;
sp->lcp.protos = 0;
sp->lcp.mru = sp->lcp.their_mru = PP_MTU;
/*
* Initialize counters and timeout values. Note that we don't
* use the 3 seconds suggested in RFC 1661 since we are likely
* running on a fast link. XXX We should probably implement
* the exponential backoff option. Note that these values are
* relevant for all control protocols, not just LCP only.
*/
sp->lcp.timeout = 1 * hz;
sp->lcp.max_terminate = 2;
sp->lcp.max_configure = 10;
sp->lcp.max_failure = 10;
callout_init(&sp->ch[IDX_LCP]);
}
static void
sppp_lcp_up(struct sppp *sp)
{
STDDCL;
/* Initialize activity timestamp: opening a connection is an activity */
sp->pp_last_receive = sp->pp_last_activity = mono_time.tv_sec;
/*
* If this interface is passive or dial-on-demand, and we are
* still in Initial state, it means we've got an incoming
* call. Activate the interface.
*/
if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) {
if (debug)
log(LOG_DEBUG,
"%s: Up event", ifp->if_xname);
ifp->if_flags |= IFF_RUNNING;
if (sp->state[IDX_LCP] == STATE_INITIAL) {
if (debug)
addlog("(incoming call)\n");
sp->pp_flags |= PP_CALLIN;
lcp.Open(sp);
} else if (debug)
addlog("\n");
} else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 &&
(sp->state[IDX_LCP] == STATE_INITIAL)) {
ifp->if_flags |= IFF_RUNNING;
lcp.Open(sp);
}
sppp_up_event(&lcp, sp);
}
static void
sppp_lcp_down(struct sppp *sp)
{
STDDCL;
sppp_down_event(&lcp, sp);
/*
* If this is neither a dial-on-demand nor a passive
* interface, simulate an ``ifconfig down'' action, so the
* administrator can force a redial by another ``ifconfig
* up''. XXX For leased line operation, should we immediately
* try to reopen the connection here?
*/
if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) {
if (debug)
log(LOG_INFO,
"%s: Down event (carrier loss), taking interface down.\n",
ifp->if_xname);
if_down(ifp);
} else {
if (debug)
log(LOG_DEBUG,
"%s: Down event (carrier loss)\n",
ifp->if_xname);
}
sp->pp_flags &= ~PP_CALLIN;
if (sp->state[IDX_LCP] != STATE_INITIAL)
lcp.Close(sp);
ifp->if_flags &= ~IFF_RUNNING;
}
static void
sppp_lcp_open(struct sppp *sp)
{
/*
* If we are authenticator, negotiate LCP_AUTH
*/
if (sp->hisauth.proto != 0)
sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO);
else
sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
sp->pp_flags &= ~PP_NEEDAUTH;
sppp_open_event(&lcp, sp);
}
static void
sppp_lcp_close(struct sppp *sp)
{
sppp_close_event(&lcp, sp);
}
static void
sppp_lcp_TO(void *cookie)
{
sppp_to_event(&lcp, (struct sppp *)cookie);
}
/*
* Analyze a configure request. Return true if it was agreeable, and
* caused action sca, false if it has been rejected or nak'ed, and
* caused action scn. (The return value is used to make the state
* transition decision in the state automaton.)
*/
static int
sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
{
STDDCL;
u_char *buf, *r, *p;
int origlen, rlen;
u_int32_t nmagic;
u_short authproto;
len -= 4;
origlen = len;
buf = r = malloc (len, M_TEMP, M_NOWAIT);
if (! buf)
return (0);
if (debug)
log(LOG_DEBUG, "%s: lcp parse opts:",
ifp->if_xname);
/* pass 1: check for things that need to be rejected */
p = (void *)(h + 1);
for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
if (debug)
addlog(" %s", sppp_lcp_opt_name(*p));
switch (*p) {
case LCP_OPT_MAGIC:
/* Magic number. */
/* fall through, both are same length */
case LCP_OPT_ASYNC_MAP:
/* Async control character map. */
if (len >= 6 || p[1] == 6)
continue;
if (debug)
addlog(" [invalid]");
break;
case LCP_OPT_MRU:
/* Maximum receive unit. */
if (len >= 4 && p[1] == 4)
continue;
if (debug)
addlog(" [invalid]");
break;
case LCP_OPT_AUTH_PROTO:
if (len < 4) {
if (debug)
addlog(" [invalid]");
break;
}
authproto = (p[2] << 8) + p[3];
if (authproto == PPP_CHAP && p[1] != 5) {
if (debug)
addlog(" [invalid chap len]");
break;
}
if (sp->myauth.proto == 0) {
/* we are not configured to do auth */
if (debug)
addlog(" [not configured]");
break;
}
/*
* Remote want us to authenticate, remember this,
* so we stay in SPPP_PHASE_AUTHENTICATE after LCP got
* up.
*/
sp->pp_flags |= PP_NEEDAUTH;
continue;
default:
/* Others not supported. */
if (debug)
addlog(" [rej]");
break;
}
/* Add the option to rejected list. */
bcopy (p, r, p[1]);
r += p[1];
rlen += p[1];
}
if (rlen) {
if (debug)
addlog(" send conf-rej\n");
sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
goto end;
} else if (debug)
addlog("\n");
/*
* pass 2: check for option values that are unacceptable and
* thus require to be nak'ed.
*/
if (debug)
log(LOG_DEBUG, "%s: lcp parse opt values: ",
ifp->if_xname);
p = (void *)(h + 1);
len = origlen;
for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
if (debug)
addlog(" %s", sppp_lcp_opt_name(*p));
switch (*p) {
case LCP_OPT_MAGIC:
/* Magic number -- extract. */
nmagic = (u_int32_t)p[2] << 24 |
(u_int32_t)p[3] << 16 | p[4] << 8 | p[5];
if (nmagic != sp->lcp.magic) {
if (debug)
addlog(" 0x%x", nmagic);
continue;
}
/*
* Local and remote magics equal -- loopback?
*/
if (sp->pp_loopcnt >= LOOPALIVECNT*5) {
printf ("%s: loopback\n",
ifp->if_xname);
sp->pp_loopcnt = 0;
if (ifp->if_flags & IFF_UP) {
if_down(ifp);
IF_PURGE(&sp->pp_cpq);
/* XXX ? */
lcp.Down(sp);
lcp.Up(sp);
}
} else if (debug)
addlog(" [glitch]");
++sp->pp_loopcnt;
/*
* We negate our magic here, and NAK it. If
* we see it later in an NAK packet, we
* suggest a new one.
*/
nmagic = ~sp->lcp.magic;
/* Gonna NAK it. */
p[2] = nmagic >> 24;
p[3] = nmagic >> 16;
p[4] = nmagic >> 8;
p[5] = nmagic;
break;
case LCP_OPT_ASYNC_MAP:
/*
* Async control character map -- just ignore it.
*
* Quote from RFC 1662, chapter 6:
* To enable this functionality, synchronous PPP
* implementations MUST always respond to the
* Async-Control-Character-Map Configuration
* Option with the LCP Configure-Ack. However,
* acceptance of the Configuration Option does
* not imply that the synchronous implementation
* will do any ACCM mapping. Instead, all such
* octet mapping will be performed by the
* asynchronous-to-synchronous converter.
*/
continue;
case LCP_OPT_MRU:
/*
* Maximum receive unit. Always agreeable,
* but ignored by now.
*/
sp->lcp.their_mru = p[2] * 256 + p[3];
if (debug)
addlog(" %ld", sp->lcp.their_mru);
continue;
case LCP_OPT_AUTH_PROTO:
authproto = (p[2] << 8) + p[3];
if (sp->myauth.proto != authproto) {
/* not agreed, nak */
if (debug)
addlog(" [mine %s != his %s]",
sppp_proto_name(sp->myauth.proto),
sppp_proto_name(authproto));
p[2] = sp->myauth.proto >> 8;
p[3] = sp->myauth.proto;
break;
}
if (authproto == PPP_CHAP && p[4] != CHAP_MD5) {
if (debug)
addlog(" [chap not MD5]");
p[4] = CHAP_MD5;
break;
}
continue;
}
/* Add the option to nak'ed list. */
bcopy (p, r, p[1]);
r += p[1];
rlen += p[1];
}
if (rlen) {
if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) {
if (debug)
addlog(" max_failure (%d) exceeded, "
"send conf-rej\n",
sp->lcp.max_failure);
sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
} else {
if (debug)
addlog(" send conf-nak\n");
sppp_cp_send(sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf);
}
goto end;
} else {
if (debug)
addlog(" send conf-ack\n");
sp->fail_counter[IDX_LCP] = 0;
sp->pp_loopcnt = 0;
sppp_cp_send(sp, PPP_LCP, CONF_ACK, h->ident, origlen, h + 1);
}
end:
free(buf, M_TEMP);
return (rlen == 0);
}
/*
* Analyze the LCP Configure-Reject option list, and adjust our
* negotiation.
*/
static void
sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
{
STDDCL;
u_char *buf, *p;
len -= 4;
buf = malloc (len, M_TEMP, M_NOWAIT);
if (!buf)
return;
if (debug)
log(LOG_DEBUG, "%s: lcp rej opts:",
ifp->if_xname);
p = (void *)(h + 1);
for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
if (debug)
addlog(" %s", sppp_lcp_opt_name(*p));
switch (*p) {
case LCP_OPT_MAGIC:
/* Magic number -- can't use it, use 0 */
sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC);
sp->lcp.magic = 0;
break;
case LCP_OPT_MRU:
/*
* Should not be rejected anyway, since we only
* negotiate a MRU if explicitly requested by
* peer.
*/
sp->lcp.opts &= ~(1 << LCP_OPT_MRU);
break;
case LCP_OPT_AUTH_PROTO:
/*
* Peer doesn't want to authenticate himself,
* deny unless this is a dialout call, and
* SPPP_AUTHFLAG_NOCALLOUT is set.
*/
if ((sp->pp_flags & PP_CALLIN) == 0 &&
(sp->hisauth.flags & SPPP_AUTHFLAG_NOCALLOUT) != 0) {
if (debug)
addlog(" [don't insist on auth "
"for callout]");
sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
break;
}
if (debug)
addlog("[access denied]\n");
lcp.Close(sp);
break;
}
}
if (debug)
addlog("\n");
free(buf, M_TEMP);
return;
}
/*
* Analyze the LCP Configure-NAK option list, and adjust our
* negotiation.
*/
static void
sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
{
STDDCL;
u_char *buf, *p;
u_int32_t magic;
len -= 4;
buf = malloc (len, M_TEMP, M_NOWAIT);
if (!buf)
return;
if (debug)
log(LOG_DEBUG, "%s: lcp nak opts:",
ifp->if_xname);
p = (void *)(h + 1);
for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
if (debug)
addlog(" %s", sppp_lcp_opt_name(*p));
switch (*p) {
case LCP_OPT_MAGIC:
/* Magic number -- renegotiate */
if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) &&
len >= 6 && p[1] == 6) {
magic = (u_int32_t)p[2] << 24 |
(u_int32_t)p[3] << 16 | p[4] << 8 | p[5];
/*
* If the remote magic is our negated one,
* this looks like a loopback problem.
* Suggest a new magic to make sure.
*/
if (magic == ~sp->lcp.magic) {
if (debug)
addlog(" magic glitch");
sp->lcp.magic = arc4random();
} else {
sp->lcp.magic = magic;
if (debug)
addlog(" %d", magic);
}
}
break;
case LCP_OPT_MRU:
/*
* Peer wants to advise us to negotiate an MRU.
* Agree on it if it's reasonable, or use
* default otherwise.
*/
if (len >= 4 && p[1] == 4) {
u_int mru = p[2] * 256 + p[3];
if (debug)
addlog(" %d", mru);
if (mru < PP_MTU || mru > PP_MAX_MRU)
mru = PP_MTU;
sp->lcp.mru = mru;
sp->lcp.opts |= (1 << LCP_OPT_MRU);
}
break;
case LCP_OPT_AUTH_PROTO:
/*
* Peer doesn't like our authentication method,
* deny.
*/
if (debug)
addlog("[access denied]\n");
lcp.Close(sp);
break;
}
}
if (debug)
addlog("\n");
free(buf, M_TEMP);
return;
}
static void
sppp_lcp_tlu(struct sppp *sp)
{
STDDCL;
int i;
u_int32_t mask;
/* XXX ? */
if (! (ifp->if_flags & IFF_UP) &&
(ifp->if_flags & IFF_RUNNING)) {
/* Coming out of loopback mode. */
if_up(ifp);
}
for (i = 0; i < IDX_COUNT; i++)
if ((cps[i])->flags & CP_QUAL)
(cps[i])->Open(sp);
if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 ||
(sp->pp_flags & PP_NEEDAUTH) != 0)
sp->pp_phase = SPPP_PHASE_AUTHENTICATE;
else
sp->pp_phase = SPPP_PHASE_NETWORK;
if (debug)
{
log(LOG_INFO, "%s: phase %s\n", ifp->if_xname,
sppp_phase_name(sp->pp_phase));
}
/*
* Open all authentication protocols. This is even required
* if we already proceeded to network phase, since it might be
* that remote wants us to authenticate, so we might have to
* send a PAP request. Undesired authentication protocols
* don't do anything when they get an Open event.
*/
for (i = 0; i < IDX_COUNT; i++)
if ((cps[i])->flags & CP_AUTH)
(cps[i])->Open(sp);
if (sp->pp_phase == SPPP_PHASE_NETWORK) {
/* Notify all NCPs. */
for (i = 0; i < IDX_COUNT; i++)
if ((cps[i])->flags & CP_NCP)
(cps[i])->Open(sp);
}
/* Send Up events to all started protos. */
for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0)
(cps[i])->Up(sp);
/* notify low-level driver of state change */
if (sp->pp_chg)
sp->pp_chg(sp, (int)sp->pp_phase);
if (sp->pp_phase == SPPP_PHASE_NETWORK)
/* if no NCP is starting, close down */
sppp_lcp_check_and_close(sp);
}
static void
sppp_lcp_tld(struct sppp *sp)
{
STDDCL;
int i;
u_int32_t mask;
sp->pp_phase = SPPP_PHASE_TERMINATE;
if (debug)
{
log(LOG_INFO, "%s: phase %s\n", ifp->if_xname,
sppp_phase_name(sp->pp_phase));
}
/*
* Take upper layers down. We send the Down event first and
* the Close second to prevent the upper layers from sending
* ``a flurry of terminate-request packets'', as the RFC
* describes it.
*/
for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) {
(cps[i])->Down(sp);
(cps[i])->Close(sp);
}
}
static void
sppp_lcp_tls(struct sppp *sp)
{
STDDCL;
if (sp->pp_max_auth_fail != 0 && sp->pp_auth_failures >= sp->pp_max_auth_fail) {
printf("%s: authentication failed %d times, not retrying again\n",
sp->pp_if.if_xname, sp->pp_auth_failures);
if_down(&sp->pp_if);
return;
}
sp->pp_phase = SPPP_PHASE_ESTABLISH;
if (debug)
{
log(LOG_INFO, "%s: phase %s\n", ifp->if_xname,
sppp_phase_name(sp->pp_phase));
}
/* Notify lower layer if desired. */
if (sp->pp_tls)
(sp->pp_tls)(sp);
}
static void
sppp_lcp_tlf(struct sppp *sp)
{
STDDCL;
sp->pp_phase = SPPP_PHASE_DEAD;
if (debug)
{
log(LOG_INFO, "%s: phase %s\n", ifp->if_xname,
sppp_phase_name(sp->pp_phase));
}
/* Notify lower layer if desired. */
if (sp->pp_tlf)
(sp->pp_tlf)(sp);
}
static void
sppp_lcp_scr(struct sppp *sp)
{
char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */];
int i = 0;
u_short authproto;
if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) {
if (! sp->lcp.magic)
sp->lcp.magic = arc4random();
opt[i++] = LCP_OPT_MAGIC;
opt[i++] = 6;
opt[i++] = sp->lcp.magic >> 24;
opt[i++] = sp->lcp.magic >> 16;
opt[i++] = sp->lcp.magic >> 8;
opt[i++] = sp->lcp.magic;
}
if (sp->lcp.opts & (1 << LCP_OPT_MRU)) {
opt[i++] = LCP_OPT_MRU;
opt[i++] = 4;
opt[i++] = sp->lcp.mru >> 8;
opt[i++] = sp->lcp.mru;
}
if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) {
authproto = sp->hisauth.proto;
opt[i++] = LCP_OPT_AUTH_PROTO;
opt[i++] = authproto == PPP_CHAP? 5: 4;
opt[i++] = authproto >> 8;
opt[i++] = authproto;
if (authproto == PPP_CHAP)
opt[i++] = CHAP_MD5;
}
sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP];
sppp_cp_send(sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt);
}
/*
* Check the open NCPs, return true if at least one NCP is open.
*/
static int
sppp_ncp_check(struct sppp *sp)
{
int i, mask;
for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP)
return 1;
return 0;
}
/*
* Re-check the open NCPs and see if we should terminate the link.
* Called by the NCPs during their tlf action handling.
*/
static void
sppp_lcp_check_and_close(struct sppp *sp)
{
if (sp->pp_phase < SPPP_PHASE_NETWORK)
/* don't bother, we are already going down */
return;
if (sppp_ncp_check(sp))
return;
lcp.Close(sp);
}
/*
*--------------------------------------------------------------------------*
* *
* The IPCP implementation. *
* *
*--------------------------------------------------------------------------*
*/
static void
sppp_ipcp_init(struct sppp *sp)
{
sp->ipcp.opts = 0;
sp->ipcp.flags = 0;
sp->state[IDX_IPCP] = STATE_INITIAL;
sp->fail_counter[IDX_IPCP] = 0;
sp->pp_seq[IDX_IPCP] = 0;
sp->pp_rseq[IDX_IPCP] = 0;
callout_init(&sp->ch[IDX_IPCP]);
}
static void
sppp_ipcp_up(struct sppp *sp)
{
sppp_up_event(&ipcp, sp);
}
static void
sppp_ipcp_down(struct sppp *sp)
{
sppp_down_event(&ipcp, sp);
}
static void
sppp_ipcp_open(struct sppp *sp)
{
STDDCL;
u_int32_t myaddr, hisaddr;
sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN|IPCP_HISADDR_DYN);
sp->ipcp.req_myaddr = 0;
sp->ipcp.req_hisaddr = 0;
memset(&sp->dns_addrs, 0, sizeof sp->dns_addrs);
#ifdef INET
sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0);
#else
myaddr = hisaddr = 0;
#endif
/*
* If we don't have his address, this probably means our
* interface doesn't want to talk IP at all. (This could
* be the case if somebody wants to speak only IPX, for
* example.) Don't open IPCP in this case.
*/
if (hisaddr == 0) {
/* XXX this message should go away */
if (debug)
log(LOG_DEBUG, "%s: ipcp_open(): no IP interface\n",
ifp->if_xname);
return;
}
if (myaddr == 0) {
/*
* I don't have an assigned address, so i need to
* negotiate my address.
*/
sp->ipcp.flags |= IPCP_MYADDR_DYN;
sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
}
if (hisaddr == 1) {
/*
* XXX - remove this hack!
* remote has no valid address, we need to get one assigned.
*/
sp->ipcp.flags |= IPCP_HISADDR_DYN;
}
sppp_open_event(&ipcp, sp);
}
static void
sppp_ipcp_close(struct sppp *sp)
{
STDDCL;
sppp_close_event(&ipcp, sp);
#ifdef INET
if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN))
/*
* Some address was dynamic, clear it again.
*/
sppp_clear_ip_addrs(sp);
#endif
if (sp->pp_saved_mtu > 0) {
ifp->if_mtu = sp->pp_saved_mtu;
sp->pp_saved_mtu = 0;
if (debug)
log(LOG_DEBUG,
"%s: resetting MTU to %" PRIu64 " bytes\n",
ifp->if_xname, ifp->if_mtu);
}
}
static void
sppp_ipcp_TO(void *cookie)
{
sppp_to_event(&ipcp, (struct sppp *)cookie);
}
/*
* Analyze a configure request. Return true if it was agreeable, and
* caused action sca, false if it has been rejected or nak'ed, and
* caused action scn. (The return value is used to make the state
* transition decision in the state automaton.)
*/
static int
sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
{
u_char *buf, *r, *p;
struct ifnet *ifp = &sp->pp_if;
int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG;
u_int32_t hisaddr, desiredaddr;
len -= 4;
origlen = len;
/*
* Make sure to allocate a buf that can at least hold a
* conf-nak with an `address' option. We might need it below.
*/
buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT);
if (! buf)
return (0);
/* pass 1: see if we can recognize them */
if (debug)
log(LOG_DEBUG, "%s: ipcp parse opts:",
ifp->if_xname);
p = (void *)(h + 1);
for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
if (debug)
addlog(" %s", sppp_ipcp_opt_name(*p));
switch (*p) {
#ifdef notyet
case IPCP_OPT_COMPRESSION:
if (len >= 6 && p[1] >= 6) {
/* correctly formed compress option */
continue;
}
if (debug)
addlog(" [invalid]");
break;
#endif
case IPCP_OPT_ADDRESS:
if (len >= 6 && p[1] == 6) {
/* correctly formed address option */
continue;
}
if (debug)
addlog(" [invalid]");
break;
default:
/* Others not supported. */
if (debug)
addlog(" [rej]");
break;
}
/* Add the option to rejected list. */
bcopy (p, r, p[1]);
r += p[1];
rlen += p[1];
}
if (rlen) {
if (debug)
addlog(" send conf-rej\n");
sppp_cp_send(sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf);
goto end;
} else if (debug)
addlog("\n");
/* pass 2: parse option values */
if (sp->ipcp.flags & IPCP_HISADDR_SEEN)
hisaddr = sp->ipcp.req_hisaddr; /* we already aggreed on that */
else
#ifdef INET
sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */
#else
hisaddr = 0;
#endif
if (debug)
log(LOG_DEBUG, "%s: ipcp parse opt values: ",
ifp->if_xname);
p = (void *)(h + 1);
len = origlen;
for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
if (debug)
addlog(" %s", sppp_ipcp_opt_name(*p));
switch (*p) {
#ifdef notyet
case IPCP_OPT_COMPRESSION:
continue;
#endif
case IPCP_OPT_ADDRESS:
desiredaddr = p[2] << 24 | p[3] << 16 |
p[4] << 8 | p[5];
if (desiredaddr == hisaddr ||
((sp->ipcp.flags & IPCP_HISADDR_DYN) && desiredaddr != 0)) {
/*
* Peer's address is same as our value,
* this is agreeable. Gonna conf-ack
* it.
*/
if (debug)
addlog(" %s [ack]",
sppp_dotted_quad(hisaddr));
/* record that we've seen it already */
sp->ipcp.flags |= IPCP_HISADDR_SEEN;
sp->ipcp.req_hisaddr = desiredaddr;
hisaddr = desiredaddr;
continue;
}
/*
* The address wasn't agreeable. This is either
* he sent us 0.0.0.0, asking to assign him an
* address, or he send us another address not
* matching our value. Either case, we gonna
* conf-nak it with our value.
*/
if (debug) {
if (desiredaddr == 0)
addlog(" [addr requested]");
else
addlog(" %s [not agreed]",
sppp_dotted_quad(desiredaddr));
}
p[2] = hisaddr >> 24;
p[3] = hisaddr >> 16;
p[4] = hisaddr >> 8;
p[5] = hisaddr;
break;
}
/* Add the option to nak'ed list. */
bcopy (p, r, p[1]);
r += p[1];
rlen += p[1];
}
/*
* If we are about to conf-ack the request, but haven't seen
* his address so far, gonna conf-nak it instead, with the
* `address' option present and our idea of his address being
* filled in there, to request negotiation of both addresses.
*
* XXX This can result in an endless req - nak loop if peer
* doesn't want to send us his address. Q: What should we do
* about it? XXX A: implement the max-failure counter.
*/
if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN)) {
buf[0] = IPCP_OPT_ADDRESS;
buf[1] = 6;
buf[2] = hisaddr >> 24;
buf[3] = hisaddr >> 16;
buf[4] = hisaddr >> 8;
buf[5] = hisaddr;
rlen = 6;
if (debug)
addlog(" still need hisaddr");
}
if (rlen) {
if (debug)
addlog(" send conf-nak\n");
sppp_cp_send(sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf);
} else {
if (debug)
addlog(" send conf-ack\n");
sppp_cp_send(sp, PPP_IPCP, CONF_ACK, h->ident, origlen, h + 1);
}
end:
free(buf, M_TEMP);
return (rlen == 0);
}
/*
* Analyze the IPCP Configure-Reject option list, and adjust our
* negotiation.
*/
static void
sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
{
u_char *buf, *p;
struct ifnet *ifp = &sp->pp_if;
int debug = ifp->if_flags & IFF_DEBUG;
len -= 4;
buf = malloc (len, M_TEMP, M_NOWAIT);
if (!buf)
return;
if (debug)
log(LOG_DEBUG, "%s: ipcp rej opts:",
ifp->if_xname);
p = (void *)(h + 1);
for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
if (debug)
addlog(" %s", sppp_ipcp_opt_name(*p));
switch (*p) {
case IPCP_OPT_ADDRESS:
/*
* Peer doesn't grok address option. This is
* bad. XXX Should we better give up here?
*/
sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS);
break;
#ifdef notyet
case IPCP_OPT_COMPRESS:
sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS);
break;
#endif
}
}
if (debug)
addlog("\n");
free(buf, M_TEMP);
return;
}
/*
* Analyze the IPCP Configure-NAK option list, and adjust our
* negotiation.
*/
static void
sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
{
u_char *p;
struct ifnet *ifp = &sp->pp_if;
int debug = ifp->if_flags & IFF_DEBUG;
u_int32_t wantaddr;
len -= 4;
if (debug)
log(LOG_DEBUG, "%s: ipcp nak opts:",
ifp->if_xname);
p = (void *)(h + 1);
for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
if (debug)
addlog(" %s", sppp_ipcp_opt_name(*p));
switch (*p) {
case IPCP_OPT_ADDRESS:
/*
* Peer doesn't like our local IP address. See
* if we can do something for him. We'll drop
* him our address then.
*/
if (len >= 6 && p[1] == 6) {
wantaddr = p[2] << 24 | p[3] << 16 |
p[4] << 8 | p[5];
sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
if (debug)
addlog(" [wantaddr %s]",
sppp_dotted_quad(wantaddr));
/*
* When doing dynamic address assignment,
* we accept his offer. Otherwise, we
* ignore it and thus continue to negotiate
* our already existing value.
*/
if (sp->ipcp.flags & IPCP_MYADDR_DYN) {
if (debug)
addlog(" [agree]");
sp->ipcp.flags |= IPCP_MYADDR_SEEN;
sp->ipcp.req_myaddr = wantaddr;
}
}
break;
case IPCP_OPT_PRIMDNS:
if (len >= 6 && p[1] == 6) {
sp->dns_addrs[0] = p[2] << 24 | p[3] << 16 |
p[4] << 8 | p[5];
}
break;
case IPCP_OPT_SECDNS:
if (len >= 6 && p[1] == 6) {
sp->dns_addrs[1] = p[2] << 24 | p[3] << 16 |
p[4] << 8 | p[5];
}
break;
#ifdef notyet
case IPCP_OPT_COMPRESS:
/*
* Peer wants different compression parameters.
*/
break;
#endif
}
}
if (debug)
addlog("\n");
return;
}
static void
sppp_ipcp_tlu(struct sppp *sp)
{
#ifdef INET
/* we are up. Set addresses and notify anyone interested */
STDDCL;
u_int32_t myaddr, hisaddr;
sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0);
if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && (sp->ipcp.flags & IPCP_MYADDR_SEEN))
myaddr = sp->ipcp.req_myaddr;
if ((sp->ipcp.flags & IPCP_HISADDR_DYN) && (sp->ipcp.flags & IPCP_HISADDR_SEEN))
hisaddr = sp->ipcp.req_hisaddr;
sppp_set_ip_addrs(sp, myaddr, hisaddr);
if (ifp->if_mtu > sp->lcp.their_mru) {
sp->pp_saved_mtu = ifp->if_mtu;
ifp->if_mtu = sp->lcp.their_mru;
if (debug)
log(LOG_DEBUG,
"%s: setting MTU to %" PRIu64 " bytes\n",
ifp->if_xname, ifp->if_mtu);
}
if (sp->pp_con)
sp->pp_con(sp);
#endif
}
static void
sppp_ipcp_tld(struct sppp *sp)
{
}
static void
sppp_ipcp_tls(struct sppp *sp)
{
/* indicate to LCP that it must stay alive */
sp->lcp.protos |= (1 << IDX_IPCP);
}
static void
sppp_ipcp_tlf(struct sppp *sp)
{
/* we no longer need LCP */
sp->lcp.protos &= ~(1 << IDX_IPCP);
}
static void
sppp_ipcp_scr(struct sppp *sp)
{
char opt[6 /* compression */ + 6 /* address */ + 12 /* dns addresses */];
#ifdef INET
u_int32_t ouraddr;
#endif
int i = 0;
#ifdef notyet
if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) {
opt[i++] = IPCP_OPT_COMPRESSION;
opt[i++] = 6;
opt[i++] = 0; /* VJ header compression */
opt[i++] = 0x2d; /* VJ header compression */
opt[i++] = max_slot_id;
opt[i++] = comp_slot_id;
}
#endif
#ifdef INET
if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) {
if (sp->ipcp.flags & IPCP_MYADDR_SEEN)
ouraddr = sp->ipcp.req_myaddr; /* not sure if this can ever happen */
else
sppp_get_ip_addrs(sp, &ouraddr, 0, 0);
opt[i++] = IPCP_OPT_ADDRESS;
opt[i++] = 6;
opt[i++] = ouraddr >> 24;
opt[i++] = ouraddr >> 16;
opt[i++] = ouraddr >> 8;
opt[i++] = ouraddr;
}
#endif
if (sp->query_dns & 1) {
opt[i++] = IPCP_OPT_PRIMDNS;
opt[i++] = 6;
opt[i++] = sp->dns_addrs[0] >> 24;
opt[i++] = sp->dns_addrs[0] >> 16;
opt[i++] = sp->dns_addrs[0] >> 8;
opt[i++] = sp->dns_addrs[0];
}
if (sp->query_dns & 2) {
opt[i++] = IPCP_OPT_SECDNS;
opt[i++] = 6;
opt[i++] = sp->dns_addrs[1] >> 24;
opt[i++] = sp->dns_addrs[1] >> 16;
opt[i++] = sp->dns_addrs[1] >> 8;
opt[i++] = sp->dns_addrs[1];
}
sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP];
sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt);
}
/*
*--------------------------------------------------------------------------*
* *
* The IPv6CP implementation. *
* *
*--------------------------------------------------------------------------*
*/
#ifdef INET6
static void
sppp_ipv6cp_init(struct sppp *sp)
{
sp->ipv6cp.opts = 0;
sp->ipv6cp.flags = 0;
sp->state[IDX_IPV6CP] = STATE_INITIAL;
sp->fail_counter[IDX_IPV6CP] = 0;
sp->pp_seq[IDX_IPV6CP] = 0;
sp->pp_rseq[IDX_IPV6CP] = 0;
callout_init(&sp->ch[IDX_IPV6CP]);
}
static void
sppp_ipv6cp_up(struct sppp *sp)
{
sppp_up_event(&ipv6cp, sp);
}
static void
sppp_ipv6cp_down(struct sppp *sp)
{
sppp_down_event(&ipv6cp, sp);
}
static void
sppp_ipv6cp_open(struct sppp *sp)
{
STDDCL;
struct in6_addr myaddr, hisaddr;
#ifdef IPV6CP_MYIFID_DYN
sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN);
#else
sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN;
#endif
sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0);
/*
* If we don't have our address, this probably means our
* interface doesn't want to talk IPv6 at all. (This could
* be the case if somebody wants to speak only IPX, for
* example.) Don't open IPv6CP in this case.
*/
if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) {
/* XXX this message should go away */
if (debug)
log(LOG_DEBUG, "%s: ipv6cp_open(): no IPv6 interface\n",
ifp->if_xname);
return;
}
sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN;
sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID);
sppp_open_event(&ipv6cp, sp);
}
static void
sppp_ipv6cp_close(struct sppp *sp)
{
sppp_close_event(&ipv6cp, sp);
}
static void
sppp_ipv6cp_TO(void *cookie)
{
sppp_to_event(&ipv6cp, (struct sppp *)cookie);
}
/*
* Analyze a configure request. Return true if it was agreeable, and
* caused action sca, false if it has been rejected or nak'ed, and
* caused action scn. (The return value is used to make the state
* transition decision in the state automaton.)
*/
static int
sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len)
{
u_char *buf, *r, *p;
struct ifnet *ifp = &sp->pp_if;
int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG;
struct in6_addr myaddr, desiredaddr, suggestaddr;
int ifidcount;
int type;
int collision, nohisaddr;
len -= 4;
origlen = len;
/*
* Make sure to allocate a buf that can at least hold a
* conf-nak with an `address' option. We might need it below.
*/
buf = r = malloc ((len < 6? 6: len), M_TEMP, M_NOWAIT);
if (! buf)
return (0);
/* pass 1: see if we can recognize them */
if (debug)
log(LOG_DEBUG, "%s: ipv6cp parse opts:",
ifp->if_xname);
p = (void *)(h + 1);
ifidcount = 0;
for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
if (debug)
addlog(" %s", sppp_ipv6cp_opt_name(*p));
switch (*p) {
case IPV6CP_OPT_IFID:
if (len >= 10 && p[1] == 10 && ifidcount == 0) {
/* correctly formed address option */
ifidcount++;
continue;
}
if (debug)
addlog(" [invalid]");
break;
#ifdef notyet
case IPV6CP_OPT_COMPRESSION:
if (len >= 4 && p[1] >= 4) {
/* correctly formed compress option */
continue;
}
if (debug)
addlog(" [invalid]");
break;
#endif
default:
/* Others not supported. */
if (debug)
addlog(" [rej]");
break;
}
/* Add the option to rejected list. */
bcopy (p, r, p[1]);
r += p[1];
rlen += p[1];
}
if (rlen) {
if (debug)
addlog(" send conf-rej\n");
sppp_cp_send(sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf);
goto end;
} else if (debug)
addlog("\n");
/* pass 2: parse option values */
sppp_get_ip6_addrs(sp, &myaddr, 0, 0);
if (debug)
log(LOG_DEBUG, "%s: ipv6cp parse opt values: ",
ifp->if_xname);
p = (void *)(h + 1);
len = origlen;
type = CONF_ACK;
for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
if (debug)
addlog(" %s", sppp_ipv6cp_opt_name(*p));
switch (*p) {
#ifdef notyet
case IPV6CP_OPT_COMPRESSION:
continue;
#endif
case IPV6CP_OPT_IFID:
memset(&desiredaddr, 0, sizeof(desiredaddr));
bcopy(&p[2], &desiredaddr.s6_addr[8], 8);
collision = (memcmp(&desiredaddr.s6_addr[8],
&myaddr.s6_addr[8], 8) == 0);
nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr);
desiredaddr.s6_addr16[0] = htons(0xfe80);
(void)in6_setscope(&desiredaddr, &sp->pp_if, NULL);
if (!collision && !nohisaddr) {
/* no collision, hisaddr known - Conf-Ack */
type = CONF_ACK;
if (debug) {
addlog(" %s [%s]",
ip6_sprintf(&desiredaddr),
sppp_cp_type_name(type));
}
continue;
}
memset(&suggestaddr, 0, sizeof(&suggestaddr));
if (collision && nohisaddr) {
/* collision, hisaddr unknown - Conf-Rej */
type = CONF_REJ;
memset(&p[2], 0, 8);
} else {
/*
* - no collision, hisaddr unknown, or
* - collision, hisaddr known
* Conf-Nak, suggest hisaddr
*/
type = CONF_NAK;
sppp_suggest_ip6_addr(sp, &suggestaddr);
bcopy(&suggestaddr.s6_addr[8], &p[2], 8);
}
if (debug)
addlog(" %s [%s]", ip6_sprintf(&desiredaddr),
sppp_cp_type_name(type));
break;
}
/* Add the option to nak'ed list. */
bcopy (p, r, p[1]);
r += p[1];
rlen += p[1];
}
if (rlen == 0 && type == CONF_ACK) {
if (debug)
addlog(" send %s\n", sppp_cp_type_name(type));
sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, origlen, h + 1);
} else {
#ifdef notdef
if (type == CONF_ACK)
panic("IPv6CP RCR: CONF_ACK with non-zero rlen");
#endif
if (debug) {
addlog(" send %s suggest %s\n",
sppp_cp_type_name(type), ip6_sprintf(&suggestaddr));
}
sppp_cp_send(sp, PPP_IPV6CP, type, h->ident, rlen, buf);
}
end:
free(buf, M_TEMP);
return (rlen == 0);
}
/*
* Analyze the IPv6CP Configure-Reject option list, and adjust our
* negotiation.
*/
static void
sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
{
u_char *buf, *p;
struct ifnet *ifp = &sp->pp_if;
int debug = ifp->if_flags & IFF_DEBUG;
len -= 4;
buf = malloc (len, M_TEMP, M_NOWAIT);
if (!buf)
return;
if (debug)
log(LOG_DEBUG, "%s: ipv6cp rej opts:",
ifp->if_xname);
p = (void *)(h + 1);
for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
if (debug)
addlog(" %s", sppp_ipv6cp_opt_name(*p));
switch (*p) {
case IPV6CP_OPT_IFID:
/*
* Peer doesn't grok address option. This is
* bad. XXX Should we better give up here?
*/
sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID);
break;
#ifdef notyet
case IPV6CP_OPT_COMPRESS:
sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS);
break;
#endif
}
}
if (debug)
addlog("\n");
free(buf, M_TEMP);
return;
}
/*
* Analyze the IPv6CP Configure-NAK option list, and adjust our
* negotiation.
*/
static void
sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
{
u_char *buf, *p;
struct ifnet *ifp = &sp->pp_if;
int debug = ifp->if_flags & IFF_DEBUG;
struct in6_addr suggestaddr;
len -= 4;
buf = malloc (len, M_TEMP, M_NOWAIT);
if (!buf)
return;
if (debug)
log(LOG_DEBUG, "%s: ipv6cp nak opts:",
ifp->if_xname);
p = (void *)(h + 1);
for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
if (debug)
addlog(" %s", sppp_ipv6cp_opt_name(*p));
switch (*p) {
case IPV6CP_OPT_IFID:
/*
* Peer doesn't like our local ifid. See
* if we can do something for him. We'll drop
* him our address then.
*/
if (len < 10 || p[1] != 10)
break;
memset(&suggestaddr, 0, sizeof(suggestaddr));
suggestaddr.s6_addr16[0] = htons(0xfe80);
(void)in6_setscope(&suggestaddr, &sp->pp_if, NULL);
bcopy(&p[2], &suggestaddr.s6_addr[8], 8);
sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID);
if (debug)
addlog(" [suggestaddr %s]",
ip6_sprintf(&suggestaddr));
#ifdef IPV6CP_MYIFID_DYN
/*
* When doing dynamic address assignment,
* we accept his offer.
*/
if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) {
struct in6_addr lastsuggest;
/*
* If <suggested myaddr from peer> equals to
* <hisaddr we have suggested last time>,
* we have a collision. generate new random
* ifid.
*/
sppp_suggest_ip6_addr(&lastsuggest);
if (IN6_ARE_ADDR_EQUAL(&suggestaddr,
lastsuggest)) {
if (debug)
addlog(" [random]");
sppp_gen_ip6_addr(sp, &suggestaddr);
}
sppp_set_ip6_addr(sp, &suggestaddr, 0);
if (debug)
addlog(" [agree]");
sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN;
}
#else
/*
* Since we do not do dynamic address assignment,
* we ignore it and thus continue to negotiate
* our already existing value. This can possibly
* go into infinite request-reject loop.
*
* This is not likely because we normally use
* ifid based on MAC-address.
* If you have no ethernet card on the node, too bad.
* XXX should we use fail_counter?
*/
#endif
break;
#ifdef notyet
case IPV6CP_OPT_COMPRESS:
/*
* Peer wants different compression parameters.
*/
break;
#endif
}
}
if (debug)
addlog("\n");
free(buf, M_TEMP);
return;
}
static void
sppp_ipv6cp_tlu(struct sppp *sp)
{
/* we are up - notify isdn daemon */
if (sp->pp_con)
sp->pp_con(sp);
}
static void
sppp_ipv6cp_tld(struct sppp *sp)
{
}
static void
sppp_ipv6cp_tls(struct sppp *sp)
{
/* indicate to LCP that it must stay alive */
sp->lcp.protos |= (1 << IDX_IPV6CP);
}
static void
sppp_ipv6cp_tlf(struct sppp *sp)
{
/* we no longer need LCP */
sp->lcp.protos &= ~(1 << IDX_IPV6CP);
}
static void
sppp_ipv6cp_scr(struct sppp *sp)
{
char opt[10 /* ifid */ + 4 /* compression, minimum */];
struct in6_addr ouraddr;
int i = 0;
if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) {
sppp_get_ip6_addrs(sp, &ouraddr, 0, 0);
opt[i++] = IPV6CP_OPT_IFID;
opt[i++] = 10;
bcopy(&ouraddr.s6_addr[8], &opt[i], 8);
i += 8;
}
#ifdef notyet
if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) {
opt[i++] = IPV6CP_OPT_COMPRESSION;
opt[i++] = 4;
opt[i++] = 0; /* TBD */
opt[i++] = 0; /* TBD */
/* variable length data may follow */
}
#endif
sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP];
sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt);
}
#else /*INET6*/
static void sppp_ipv6cp_init(struct sppp *sp)
{
}
static void sppp_ipv6cp_up(struct sppp *sp)
{
}
static void sppp_ipv6cp_down(struct sppp *sp)
{
}
static void sppp_ipv6cp_open(struct sppp *sp)
{
}
static void sppp_ipv6cp_close(struct sppp *sp)
{
}
static void sppp_ipv6cp_TO(void *sp)
{
}
static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len)
{
return 0;
}
static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
{
}
static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
{
}
static void sppp_ipv6cp_tlu(struct sppp *sp)
{
}
static void sppp_ipv6cp_tld(struct sppp *sp)
{
}
static void sppp_ipv6cp_tls(struct sppp *sp)
{
}
static void sppp_ipv6cp_tlf(struct sppp *sp)
{
}
static void sppp_ipv6cp_scr(struct sppp *sp)
{
}
#endif /*INET6*/
/*
*--------------------------------------------------------------------------*
* *
* The CHAP implementation. *
* *
*--------------------------------------------------------------------------*
*/
/*
* The authentication protocols don't employ a full-fledged state machine as
* the control protocols do, since they do have Open and Close events, but
* not Up and Down, nor are they explicitly terminated. Also, use of the
* authentication protocols may be different in both directions (this makes
* sense, think of a machine that never accepts incoming calls but only
* calls out, it doesn't require the called party to authenticate itself).
*
* Our state machine for the local authentication protocol (we are requesting
* the peer to authenticate) looks like:
*
* RCA-
* +--------------------------------------------+
* V scn,tld|
* +--------+ Close +---------+ RCA+
* | |<----------------------------------| |------+
* +--->| Closed | TO* | Opened | sca |
* | | |-----+ +-------| |<-----+
* | +--------+ irc | | +---------+
* | ^ | | ^
* | | | | |
* | | | | |
* | TO-| | | |
* | |tld TO+ V | |
* | | +------->+ | |
* | | | | | |
* | +--------+ V | |
* | | |<----+<--------------------+ |
* | | Req- | scr |
* | | Sent | |
* | | | |
* | +--------+ |
* | RCA- | | RCA+ |
* +------+ +------------------------------------------+
* scn,tld sca,irc,ict,tlu
*
*
* with:
*
* Open: LCP reached authentication phase
* Close: LCP reached terminate phase
*
* RCA+: received reply (pap-req, chap-response), acceptable
* RCN: received reply (pap-req, chap-response), not acceptable
* TO+: timeout with restart counter >= 0
* TO-: timeout with restart counter < 0
* TO*: reschedule timeout for CHAP
*
* scr: send request packet (none for PAP, chap-challenge)
* sca: send ack packet (pap-ack, chap-success)
* scn: send nak packet (pap-nak, chap-failure)
* ict: initialize re-challenge timer (CHAP only)
*
* tlu: this-layer-up, LCP reaches network phase
* tld: this-layer-down, LCP enters terminate phase
*
* Note that in CHAP mode, after sending a new challenge, while the state
* automaton falls back into Req-Sent state, it doesn't signal a tld
* event to LCP, so LCP remains in network phase. Only after not getting
* any response (or after getting an unacceptable response), CHAP closes,
* causing LCP to enter terminate phase.
*
* With PAP, there is no initial request that can be sent. The peer is
* expected to send one based on the successful negotiation of PAP as
* the authentication protocol during the LCP option negotiation.
*
* Incoming authentication protocol requests (remote requests
* authentication, we are peer) don't employ a state machine at all,
* they are simply answered. Some peers [Ascend P50 firmware rev
* 4.50] react allergically when sending IPCP/IPv6CP requests while they are
* still in authentication phase (thereby violating the standard that
* demands that these NCP packets are to be discarded), so we keep
* track of the peer demanding us to authenticate, and only proceed to
* phase network once we've seen a positive acknowledge for the
* authentication.
*/
/*
* Handle incoming CHAP packets.
*/
void
sppp_chap_input(struct sppp *sp, struct mbuf *m)
{
STDDCL;
struct lcp_header *h;
int len, x;
u_char *value, *name, digest[sizeof(sp->myauth.challenge)], dsize;
int value_len, name_len;
MD5_CTX ctx;
len = m->m_pkthdr.len;
if (len < 4) {
if (debug)
log(LOG_DEBUG,
"%s: chap invalid packet length: %d bytes\n",
ifp->if_xname, len);
return;
}
h = mtod(m, struct lcp_header *);
if (len > ntohs(h->len))
len = ntohs(h->len);
switch (h->type) {
/* challenge, failure and success are his authproto */
case CHAP_CHALLENGE:
if (sp->myauth.secret == NULL || sp->myauth.name == NULL) {
/* can't do anything usefull */
sp->pp_auth_failures++;
printf("%s: chap input without my name and my secret being set\n",
ifp->if_xname);
break;
}
value = 1 + (u_char *)(h + 1);
value_len = value[-1];
name = value + value_len;
name_len = len - value_len - 5;
if (name_len < 0) {
if (debug) {
log(LOG_DEBUG,
"%s: chap corrupted challenge "
"<%s id=0x%x len=%d",
ifp->if_xname,
sppp_auth_type_name(PPP_CHAP, h->type),
h->ident, ntohs(h->len));
if (len > 4)
sppp_print_bytes((u_char *)(h + 1),
len - 4);
addlog(">\n");
}
break;
}
if (debug) {
log(LOG_DEBUG,
"%s: chap input <%s id=0x%x len=%d name=",
ifp->if_xname,
sppp_auth_type_name(PPP_CHAP, h->type), h->ident,
ntohs(h->len));
sppp_print_string((char *) name, name_len);
addlog(" value-size=%d value=", value_len);
sppp_print_bytes(value, value_len);
addlog(">\n");
}
/* Compute reply value. */
MD5Init(&ctx);
MD5Update(&ctx, &h->ident, 1);
MD5Update(&ctx, sp->myauth.secret, sp->myauth.secret_len);
MD5Update(&ctx, value, value_len);
MD5Final(digest, &ctx);
dsize = sizeof digest;
sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident,
sizeof dsize, (const char *)&dsize,
sizeof digest, digest,
sp->myauth.name_len,
sp->myauth.name,
0);
break;
case CHAP_SUCCESS:
if (debug) {
log(LOG_DEBUG, "%s: chap success",
ifp->if_xname);
if (len > 4) {
addlog(": ");
sppp_print_string((char *)(h + 1), len - 4);
}
addlog("\n");
}
x = splnet();
sp->pp_auth_failures = 0;
sp->pp_flags &= ~PP_NEEDAUTH;
if (sp->myauth.proto == PPP_CHAP &&
(sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) &&
(sp->lcp.protos & (1 << IDX_CHAP)) == 0) {
/*
* We are authenticator for CHAP but didn't
* complete yet. Leave it to tlu to proceed
* to network phase.
*/
splx(x);
break;
}
splx(x);
sppp_phase_network(sp);
break;
case CHAP_FAILURE:
x = splnet();
sp->pp_auth_failures++;
splx(x);
if (debug) {
log(LOG_INFO, "%s: chap failure",
ifp->if_xname);
if (len > 4) {
addlog(": ");
sppp_print_string((char *)(h + 1), len - 4);
}
addlog("\n");
} else
log(LOG_INFO, "%s: chap failure\n",
ifp->if_xname);
/* await LCP shutdown by authenticator */
break;
/* response is my authproto */
case CHAP_RESPONSE:
if (sp->hisauth.secret == NULL) {
/* can't do anything usefull */
printf("%s: chap input without his secret being set\n",
ifp->if_xname);
break;
}
value = 1 + (u_char *)(h + 1);
value_len = value[-1];
name = value + value_len;
name_len = len - value_len - 5;
if (name_len < 0) {
if (debug) {
log(LOG_DEBUG,
"%s: chap corrupted response "
"<%s id=0x%x len=%d",
ifp->if_xname,
sppp_auth_type_name(PPP_CHAP, h->type),
h->ident, ntohs(h->len));
if (len > 4)
sppp_print_bytes((u_char *)(h + 1),
len - 4);
addlog(">\n");
}
break;
}
if (h->ident != sp->confid[IDX_CHAP]) {
if (debug)
log(LOG_DEBUG,
"%s: chap dropping response for old ID "
"(got %d, expected %d)\n",
ifp->if_xname,
h->ident, sp->confid[IDX_CHAP]);
break;
}
if (sp->hisauth.name != NULL &&
(name_len != sp->hisauth.name_len
|| memcmp(name, sp->hisauth.name, name_len) != 0)) {
log(LOG_INFO, "%s: chap response, his name ",
ifp->if_xname);
sppp_print_string(name, name_len);
addlog(" != expected ");
sppp_print_string(sp->hisauth.name,
sp->hisauth.name_len);
addlog("\n");
goto chap_failure;
}
if (debug) {
log(LOG_DEBUG, "%s: chap input(%s) "
"<%s id=0x%x len=%d name=",
ifp->if_xname,
sppp_state_name(sp->state[IDX_CHAP]),
sppp_auth_type_name(PPP_CHAP, h->type),
h->ident, ntohs(h->len));
sppp_print_string((char *)name, name_len);
addlog(" value-size=%d value=", value_len);
sppp_print_bytes(value, value_len);
addlog(">\n");
}
if (value_len != sizeof(sp->myauth.challenge)) {
if (debug)
log(LOG_DEBUG,
"%s: chap bad hash value length: "
"%d bytes, should be %ld\n",
ifp->if_xname, value_len,
(long) sizeof(sp->myauth.challenge));
goto chap_failure;
}
MD5Init(&ctx);
MD5Update(&ctx, &h->ident, 1);
MD5Update(&ctx, sp->hisauth.secret, sp->hisauth.secret_len);
MD5Update(&ctx, sp->myauth.challenge, sizeof(sp->myauth.challenge));
MD5Final(digest, &ctx);
#define FAILMSG "Failed..."
#define SUCCMSG "Welcome!"
if (value_len != sizeof digest ||
memcmp(digest, value, value_len) != 0) {
chap_failure:
/* action scn, tld */
x = splnet();
sp->pp_auth_failures++;
splx(x);
sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident,
sizeof(FAILMSG) - 1, (const u_char *)FAILMSG,
0);
chap.tld(sp);
break;
}
sp->pp_auth_failures = 0;
/* action sca, perhaps tlu */
if (sp->state[IDX_CHAP] == STATE_REQ_SENT ||
sp->state[IDX_CHAP] == STATE_OPENED)
sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident,
sizeof(SUCCMSG) - 1, (const u_char *)SUCCMSG,
0);
if (sp->state[IDX_CHAP] == STATE_REQ_SENT) {
sppp_cp_change_state(&chap, sp, STATE_OPENED);
chap.tlu(sp);
}
break;
default:
/* Unknown CHAP packet type -- ignore. */
if (debug) {
log(LOG_DEBUG, "%s: chap unknown input(%s) "
"<0x%x id=0x%xh len=%d",
ifp->if_xname,
sppp_state_name(sp->state[IDX_CHAP]),
h->type, h->ident, ntohs(h->len));
if (len > 4)
sppp_print_bytes((u_char *)(h + 1), len - 4);
addlog(">\n");
}
break;
}
}
static void
sppp_chap_init(struct sppp *sp)
{
/* Chap doesn't have STATE_INITIAL at all. */
sp->state[IDX_CHAP] = STATE_CLOSED;
sp->fail_counter[IDX_CHAP] = 0;
sp->pp_seq[IDX_CHAP] = 0;
sp->pp_rseq[IDX_CHAP] = 0;
callout_init(&sp->ch[IDX_CHAP]);
}
static void
sppp_chap_open(struct sppp *sp)
{
if (sp->myauth.proto == PPP_CHAP &&
(sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
/* we are authenticator for CHAP, start it */
chap.scr(sp);
sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
}
/* nothing to be done if we are peer, await a challenge */
}
static void
sppp_chap_close(struct sppp *sp)
{
if (sp->state[IDX_CHAP] != STATE_CLOSED)
sppp_cp_change_state(&chap, sp, STATE_CLOSED);
}
static void
sppp_chap_TO(void *cookie)
{
struct sppp *sp = (struct sppp *)cookie;
STDDCL;
int s;
s = splnet();
if (debug)
log(LOG_DEBUG, "%s: chap TO(%s) rst_counter = %d\n",
ifp->if_xname,
sppp_state_name(sp->state[IDX_CHAP]),
sp->rst_counter[IDX_CHAP]);
if (--sp->rst_counter[IDX_CHAP] < 0)
/* TO- event */
switch (sp->state[IDX_CHAP]) {
case STATE_REQ_SENT:
chap.tld(sp);
sppp_cp_change_state(&chap, sp, STATE_CLOSED);
break;
}
else
/* TO+ (or TO*) event */
switch (sp->state[IDX_CHAP]) {
case STATE_OPENED:
/* TO* event */
sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
/* fall through */
case STATE_REQ_SENT:
chap.scr(sp);
/* sppp_cp_change_state() will restart the timer */
sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
break;
}
splx(s);
}
static void
sppp_chap_tlu(struct sppp *sp)
{
STDDCL;
int i, x;
i = 0;
sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
/*
* Some broken CHAP implementations (Conware CoNet, firmware
* 4.0.?) don't want to re-authenticate their CHAP once the
* initial challenge-response exchange has taken place.
* Provide for an option to avoid rechallenges.
*/
if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) {
/*
* Compute the re-challenge timeout. This will yield
* a number between 300 and 810 seconds.
*/
i = 300 + ((unsigned)(arc4random() & 0xff00) >> 7);
callout_reset(&sp->ch[IDX_CHAP], i * hz, chap.TO, sp);
}
if (debug) {
log(LOG_DEBUG,
"%s: chap %s, ",
ifp->if_xname,
sp->pp_phase == SPPP_PHASE_NETWORK? "reconfirmed": "tlu");
if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0)
addlog("next re-challenge in %d seconds\n", i);
else
addlog("re-challenging supressed\n");
}
x = splnet();
sp->pp_auth_failures = 0;
/* indicate to LCP that we need to be closed down */
sp->lcp.protos |= (1 << IDX_CHAP);
if (sp->pp_flags & PP_NEEDAUTH) {
/*
* Remote is authenticator, but his auth proto didn't
* complete yet. Defer the transition to network
* phase.
*/
splx(x);
return;
}
splx(x);
/*
* If we are already in phase network, we are done here. This
* is the case if this is a dummy tlu event after a re-challenge.
*/
if (sp->pp_phase != SPPP_PHASE_NETWORK)
sppp_phase_network(sp);
}
static void
sppp_chap_tld(struct sppp *sp)
{
STDDCL;
if (debug)
log(LOG_DEBUG, "%s: chap tld\n", ifp->if_xname);
callout_stop(&sp->ch[IDX_CHAP]);
sp->lcp.protos &= ~(1 << IDX_CHAP);
lcp.Close(sp);
}
static void
sppp_chap_scr(struct sppp *sp)
{
u_int32_t *ch;
u_char clen;
if (sp->myauth.name == NULL) {
/* can't do anything usefull */
printf("%s: chap starting without my name being set\n",
sp->pp_if.if_xname);
return;
}
/* Compute random challenge. */
ch = (u_int32_t *)sp->myauth.challenge;
ch[0] = arc4random();
ch[1] = arc4random();
ch[2] = arc4random();
ch[3] = arc4random();
clen = 16; /* 4 * sizeof(u_int32_t) */
sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP];
sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP],
sizeof clen, (const char *)&clen,
sizeof(sp->myauth.challenge), sp->myauth.challenge,
sp->myauth.name_len,
sp->myauth.name,
0);
}
/*
*--------------------------------------------------------------------------*
* *
* The PAP implementation. *
* *
*--------------------------------------------------------------------------*
*/
/*
* For PAP, we need to keep a little state also if we are the peer, not the
* authenticator. This is since we don't get a request to authenticate, but
* have to repeatedly authenticate ourself until we got a response (or the
* retry counter is expired).
*/
/*
* Handle incoming PAP packets. */
static void
sppp_pap_input(struct sppp *sp, struct mbuf *m)
{
STDDCL;
struct lcp_header *h;
int len, x;
u_char mlen;
char *name, *secret;
int name_len, secret_len;
len = m->m_pkthdr.len;
if (len < 5) {
if (debug)
log(LOG_DEBUG,
"%s: pap invalid packet length: %d bytes\n",
ifp->if_xname, len);
return;
}
h = mtod(m, struct lcp_header *);
if (len > ntohs(h->len))
len = ntohs(h->len);
switch (h->type) {
/* PAP request is my authproto */
case PAP_REQ:
if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) {
/* can't do anything usefull */
printf("%s: pap request without his name and his secret being set\n",
ifp->if_xname);
break;
}
name = 1 + (u_char *)(h + 1);
name_len = name[-1];
secret = name + name_len + 1;
if (name_len > len - 6 ||
(secret_len = secret[-1]) > len - 6 - name_len) {
if (debug) {
log(LOG_DEBUG, "%s: pap corrupted input "
"<%s id=0x%x len=%d",
ifp->if_xname,
sppp_auth_type_name(PPP_PAP, h->type),
h->ident, ntohs(h->len));
if (len > 4)
sppp_print_bytes((u_char *)(h + 1),
len - 4);
addlog(">\n");
}
break;
}
if (debug) {
log(LOG_DEBUG, "%s: pap input(%s) "
"<%s id=0x%x len=%d name=",
ifp->if_xname,
sppp_state_name(sp->state[IDX_PAP]),
sppp_auth_type_name(PPP_PAP, h->type),
h->ident, ntohs(h->len));
sppp_print_string((char *)name, name_len);
addlog(" secret=");
sppp_print_string((char *)secret, secret_len);
addlog(">\n");
}
if (name_len != sp->hisauth.name_len ||
secret_len != sp->hisauth.secret_len ||
memcmp(name, sp->hisauth.name, name_len) != 0 ||
memcmp(secret, sp->hisauth.secret, secret_len) != 0) {
/* action scn, tld */
sp->pp_auth_failures++;
mlen = sizeof(FAILMSG) - 1;
sppp_auth_send(&pap, sp, PAP_NAK, h->ident,
sizeof mlen, (const char *)&mlen,
sizeof(FAILMSG) - 1, (const u_char *)FAILMSG,
0);
pap.tld(sp);
break;
}
/* action sca, perhaps tlu */
if (sp->state[IDX_PAP] == STATE_REQ_SENT ||
sp->state[IDX_PAP] == STATE_OPENED) {
mlen = sizeof(SUCCMSG) - 1;
sppp_auth_send(&pap, sp, PAP_ACK, h->ident,
sizeof mlen, (const char *)&mlen,
sizeof(SUCCMSG) - 1, (const u_char *)SUCCMSG,
0);
}
if (sp->state[IDX_PAP] == STATE_REQ_SENT) {
sppp_cp_change_state(&pap, sp, STATE_OPENED);
pap.tlu(sp);
}
break;
/* ack and nak are his authproto */
case PAP_ACK:
callout_stop(&sp->pap_my_to_ch);
if (debug) {
log(LOG_DEBUG, "%s: pap success",
ifp->if_xname);
name_len = *(char *)h;
if (len > 5 && name_len) {
addlog(": ");
sppp_print_string((char *)(h + 1), name_len);
}
addlog("\n");
}
x = splnet();
sp->pp_auth_failures = 0;
sp->pp_flags &= ~PP_NEEDAUTH;
if (sp->myauth.proto == PPP_PAP &&
(sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) &&
(sp->lcp.protos & (1 << IDX_PAP)) == 0) {
/*
* We are authenticator for PAP but didn't
* complete yet. Leave it to tlu to proceed
* to network phase.
*/
splx(x);
break;
}
splx(x);
sppp_phase_network(sp);
break;
case PAP_NAK:
callout_stop(&sp->pap_my_to_ch);
sp->pp_auth_failures++;
if (debug) {
log(LOG_INFO, "%s: pap failure",
ifp->if_xname);
name_len = *(char *)h;
if (len > 5 && name_len) {
addlog(": ");
sppp_print_string((char *)(h + 1), name_len);
}
addlog("\n");
} else
log(LOG_INFO, "%s: pap failure\n",
ifp->if_xname);
/* await LCP shutdown by authenticator */
break;
default:
/* Unknown PAP packet type -- ignore. */
if (debug) {
log(LOG_DEBUG, "%s: pap corrupted input "
"<0x%x id=0x%x len=%d",
ifp->if_xname,
h->type, h->ident, ntohs(h->len));
if (len > 4)
sppp_print_bytes((u_char *)(h + 1), len - 4);
addlog(">\n");
}
break;
}
}
static void
sppp_pap_init(struct sppp *sp)
{
/* PAP doesn't have STATE_INITIAL at all. */
sp->state[IDX_PAP] = STATE_CLOSED;
sp->fail_counter[IDX_PAP] = 0;
sp->pp_seq[IDX_PAP] = 0;
sp->pp_rseq[IDX_PAP] = 0;
callout_init(&sp->ch[IDX_PAP]);
callout_init(&sp->pap_my_to_ch);
}
static void
sppp_pap_open(struct sppp *sp)
{
if (sp->hisauth.proto == PPP_PAP &&
(sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
/* we are authenticator for PAP, start our timer */
sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
}
if (sp->myauth.proto == PPP_PAP) {
/* we are peer, send a request, and start a timer */
pap.scr(sp);
callout_reset(&sp->pap_my_to_ch, sp->lcp.timeout,
sppp_pap_my_TO, sp);
}
}
static void
sppp_pap_close(struct sppp *sp)
{
if (sp->state[IDX_PAP] != STATE_CLOSED)
sppp_cp_change_state(&pap, sp, STATE_CLOSED);
}
/*
* That's the timeout routine if we are authenticator. Since the
* authenticator is basically passive in PAP, we can't do much here.
*/
static void
sppp_pap_TO(void *cookie)
{
struct sppp *sp = (struct sppp *)cookie;
STDDCL;
int s;
s = splnet();
if (debug)
log(LOG_DEBUG, "%s: pap TO(%s) rst_counter = %d\n",
ifp->if_xname,
sppp_state_name(sp->state[IDX_PAP]),
sp->rst_counter[IDX_PAP]);
if (--sp->rst_counter[IDX_PAP] < 0)
/* TO- event */
switch (sp->state[IDX_PAP]) {
case STATE_REQ_SENT:
pap.tld(sp);
sppp_cp_change_state(&pap, sp, STATE_CLOSED);
break;
}
else
/* TO+ event, not very much we could do */
switch (sp->state[IDX_PAP]) {
case STATE_REQ_SENT:
/* sppp_cp_change_state() will restart the timer */
sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
break;
}
splx(s);
}
/*
* That's the timeout handler if we are peer. Since the peer is active,
* we need to retransmit our PAP request since it is apparently lost.
* XXX We should impose a max counter.
*/
static void
sppp_pap_my_TO(void *cookie)
{
struct sppp *sp = (struct sppp *)cookie;
STDDCL;
if (debug)
log(LOG_DEBUG, "%s: pap peer TO\n",
ifp->if_xname);
pap.scr(sp);
}
static void
sppp_pap_tlu(struct sppp *sp)
{
STDDCL;
int x;
sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
if (debug)
log(LOG_DEBUG, "%s: %s tlu\n",
ifp->if_xname, pap.name);
x = splnet();
sp->pp_auth_failures = 0;
/* indicate to LCP that we need to be closed down */
sp->lcp.protos |= (1 << IDX_PAP);
if (sp->pp_flags & PP_NEEDAUTH) {
/*
* Remote is authenticator, but his auth proto didn't
* complete yet. Defer the transition to network
* phase.
*/
splx(x);
return;
}
splx(x);
sppp_phase_network(sp);
}
static void
sppp_pap_tld(struct sppp *sp)
{
STDDCL;
if (debug)
log(LOG_DEBUG, "%s: pap tld\n", ifp->if_xname);
callout_stop(&sp->ch[IDX_PAP]);
callout_stop(&sp->pap_my_to_ch);
sp->lcp.protos &= ~(1 << IDX_PAP);
lcp.Close(sp);
}
static void
sppp_pap_scr(struct sppp *sp)
{
u_char idlen, pwdlen;
if (sp->myauth.secret == NULL || sp->myauth.name == NULL) {
/* can't do anything usefull */
printf("%s: pap starting without my name and secret being set\n",
sp->pp_if.if_xname);
return;
}
sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP];
pwdlen = sp->myauth.secret_len;
idlen = sp->myauth.name_len;
sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP],
sizeof idlen, (const char *)&idlen,
idlen, sp->myauth.name,
sizeof pwdlen, (const char *)&pwdlen,
pwdlen, sp->myauth.secret,
0);
}
/*
* Random miscellaneous functions.
*/
/*
* Send a PAP or CHAP proto packet.
*
* Varadic function, each of the elements for the ellipsis is of type
* ``size_t mlen, const u_char *msg''. Processing will stop iff
* mlen == 0.
* NOTE: never declare variadic functions with types subject to type
* promotion (i.e. u_char). This is asking for big trouble depending
* on the architecture you are on...
*/
static void
sppp_auth_send(const struct cp *cp, struct sppp *sp,
unsigned int type, unsigned int id,
...)
{
STDDCL;
struct lcp_header *lh;
struct mbuf *m;
u_char *p;
int len;
size_t pkthdrlen;
unsigned int mlen;
const char *msg;
va_list ap;
MGETHDR(m, M_DONTWAIT, MT_DATA);
if (! m)
return;
m->m_pkthdr.rcvif = 0;
if (sp->pp_flags & PP_NOFRAMING) {
*mtod(m, u_int16_t *) = htons(cp->proto);
pkthdrlen = 2;
lh = (struct lcp_header *)(mtod(m, u_int8_t *)+2);
} else {
struct ppp_header *h;
h = mtod(m, struct ppp_header *);
h->address = PPP_ALLSTATIONS; /* broadcast address */
h->control = PPP_UI; /* Unnumbered Info */
h->protocol = htons(cp->proto);
pkthdrlen = PPP_HEADER_LEN;
lh = (struct lcp_header *)(h + 1);
}
lh->type = type;
lh->ident = id;
p = (u_char *)(lh + 1);
va_start(ap, id);
len = 0;
while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) {
msg = va_arg(ap, const char *);
len += mlen;
if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) {
va_end(ap);
m_freem(m);
return;
}
bcopy(msg, p, mlen);
p += mlen;
}
va_end(ap);
m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len;
lh->len = htons(LCP_HEADER_LEN + len);
if (debug) {
log(LOG_DEBUG, "%s: %s output <%s id=0x%x len=%d",
ifp->if_xname, cp->name,
sppp_auth_type_name(cp->proto, lh->type),
lh->ident, ntohs(lh->len));
if (len)
sppp_print_bytes((u_char *)(lh + 1), len);
addlog(">\n");
}
if (IF_QFULL(&sp->pp_cpq)) {
IF_DROP(&sp->pp_fastq);
IF_DROP(&ifp->if_snd);
m_freem(m);
++ifp->if_oerrors;
return;
} else
IF_ENQUEUE(&sp->pp_cpq, m);
if (! (ifp->if_flags & IFF_OACTIVE))
(*ifp->if_start)(ifp);
ifp->if_obytes += m->m_pkthdr.len + 3;
}
/*
* Send keepalive packets, every 10 seconds.
*/
static void
sppp_keepalive(void *dummy)
{
struct sppp *sp;
int s;
time_t now;
s = splnet();
now = mono_time.tv_sec;
for (sp=spppq; sp; sp=sp->pp_next) {
struct ifnet *ifp = &sp->pp_if;
/* check idle timeout */
if ((sp->pp_idle_timeout != 0) && (ifp->if_flags & IFF_RUNNING)
&& (sp->pp_phase == SPPP_PHASE_NETWORK)) {
/* idle timeout is enabled for this interface */
if ((now-sp->pp_last_activity) >= sp->pp_idle_timeout) {
if (ifp->if_flags & IFF_DEBUG)
printf("%s: no activity for %lu seconds\n",
sp->pp_if.if_xname,
(unsigned long)(now-sp->pp_last_activity));
lcp.Close(sp);
continue;
}
}
/* Keepalive mode disabled or channel down? */
if (! (sp->pp_flags & PP_KEEPALIVE) ||
! (ifp->if_flags & IFF_RUNNING))
continue;
/* No keepalive in PPP mode if LCP not opened yet. */
if (! (sp->pp_flags & PP_CISCO) &&
sp->pp_phase < SPPP_PHASE_AUTHENTICATE)
continue;
/* No echo reply, but maybe user data passed through? */
if ((now - sp->pp_last_receive) < sp->pp_max_noreceive) {
sp->pp_alivecnt = 0;
continue;
}
if (sp->pp_alivecnt >= sp->pp_maxalive) {
/* No keepalive packets got. Stop the interface. */
if_down (ifp);
IF_PURGE(&sp->pp_cpq);
if (! (sp->pp_flags & PP_CISCO)) {
printf("%s: LCP keepalive timed out, going to restart the connection\n",
ifp->if_xname);
sp->pp_alivecnt = 0;
/* we are down, close all open protocols */
lcp.Close(sp);
/* And now prepare LCP to reestablish the link, if configured to do so. */
sppp_cp_change_state(&lcp, sp, STATE_STOPPED);
/* Close connection imediatly, completition of this
* will summon the magic needed to reestablish it. */
if (sp->pp_tlf)
sp->pp_tlf(sp);
continue;
}
}
if (sp->pp_alivecnt < sp->pp_maxalive)
++sp->pp_alivecnt;
if (sp->pp_flags & PP_CISCO)
sppp_cisco_send(sp, CISCO_KEEPALIVE_REQ,
++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]);
else if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) {
int32_t nmagic = htonl(sp->lcp.magic);
sp->lcp.echoid = ++sp->pp_seq[IDX_LCP];
sppp_cp_send(sp, PPP_LCP, ECHO_REQ,
sp->lcp.echoid, 4, &nmagic);
}
}
splx(s);
callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL);
}
#ifdef INET
/*
* Get both IP addresses.
*/
static void
sppp_get_ip_addrs(struct sppp *sp, u_int32_t *src, u_int32_t *dst, u_int32_t *srcmask)
{
struct ifnet *ifp = &sp->pp_if;
struct ifaddr *ifa;
struct sockaddr_in *si, *sm;
u_int32_t ssrc, ddst;
sm = NULL;
ssrc = ddst = 0;
/*
* Pick the first AF_INET address from the list,
* aliases don't make any sense on a p2p link anyway.
*/
si = 0;
IFADDR_FOREACH(ifa, ifp) {
if (ifa->ifa_addr->sa_family == AF_INET) {
si = (struct sockaddr_in *)ifa->ifa_addr;
sm = (struct sockaddr_in *)ifa->ifa_netmask;
if (si)
break;
}
}
if (ifa) {
if (si && si->sin_addr.s_addr) {
ssrc = si->sin_addr.s_addr;
if (srcmask)
*srcmask = ntohl(sm->sin_addr.s_addr);
}
si = (struct sockaddr_in *)ifa->ifa_dstaddr;
if (si && si->sin_addr.s_addr)
ddst = si->sin_addr.s_addr;
}
if (dst) *dst = ntohl(ddst);
if (src) *src = ntohl(ssrc);
}
/*
* Set IP addresses. Must be called at splnet.
* If an address is 0, leave it the way it is.
*/
static void
sppp_set_ip_addrs(struct sppp *sp, u_int32_t myaddr, u_int32_t hisaddr)
{
STDDCL;
struct ifaddr *ifa;
struct sockaddr_in *si, *dest;
/*
* Pick the first AF_INET address from the list,
* aliases don't make any sense on a p2p link anyway.
*/
IFADDR_FOREACH(ifa, ifp) {
if (ifa->ifa_addr->sa_family == AF_INET) {
si = (struct sockaddr_in *)ifa->ifa_addr;
dest = (struct sockaddr_in *)ifa->ifa_dstaddr;
goto found;
}
}
return;
found:
{
int error;
struct sockaddr_in new_sin = *si;
struct sockaddr_in new_dst = *dest;
/*
* Scrub old routes now instead of calling in_ifinit with
* scrub=1, because we may change the dstaddr
* before the call to in_ifinit.
*/
in_ifscrub(ifp, ifatoia(ifa));
if (myaddr != 0)
new_sin.sin_addr.s_addr = htonl(myaddr);
if (hisaddr != 0) {
new_dst.sin_addr.s_addr = htonl(hisaddr);
if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) {
sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr;
*dest = new_dst; /* fix dstaddr in place */
}
}
error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 0);
if (debug && error)
{
log(LOG_DEBUG, "%s: sppp_set_ip_addrs: in_ifinit "
" failed, error=%d\n", ifp->if_xname, error);
}
#ifdef PFIL_HOOKS
if (!error)
(void)pfil_run_hooks(&if_pfil,
(struct mbuf **)SIOCAIFADDR, ifp, PFIL_IFADDR);
#endif
}
}
/*
* Clear IP addresses. Must be called at splnet.
*/
static void
sppp_clear_ip_addrs(struct sppp *sp)
{
struct ifnet *ifp = &sp->pp_if;
struct ifaddr *ifa;
struct sockaddr_in *si, *dest;
u_int32_t remote;
if (sp->ipcp.flags & IPCP_HISADDR_DYN)
remote = sp->ipcp.saved_hisaddr;
else
sppp_get_ip_addrs(sp, 0, &remote, 0);
/*
* Pick the first AF_INET address from the list,
* aliases don't make any sense on a p2p link anyway.
*/
IFADDR_FOREACH(ifa, ifp) {
if (ifa->ifa_addr->sa_family == AF_INET) {
si = (struct sockaddr_in *)ifa->ifa_addr;
dest = (struct sockaddr_in *)ifa->ifa_dstaddr;
goto found;
}
}
return;
found:
{
struct sockaddr_in new_sin = *si;
in_ifscrub(ifp, ifatoia(ifa));
if (sp->ipcp.flags & IPCP_MYADDR_DYN)
new_sin.sin_addr.s_addr = 0;
if (sp->ipcp.flags & IPCP_HISADDR_DYN)
/* replace peer addr in place */
dest->sin_addr.s_addr = sp->ipcp.saved_hisaddr;
in_ifinit(ifp, ifatoia(ifa), &new_sin, 0);
#ifdef PFIL_HOOKS
(void)pfil_run_hooks(&if_pfil,
(struct mbuf **)SIOCDIFADDR, ifp, PFIL_IFADDR);
#endif
}
}
#endif
#ifdef INET6
/*
* Get both IPv6 addresses.
*/
static void
sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst,
struct in6_addr *srcmask)
{
struct ifnet *ifp = &sp->pp_if;
struct ifaddr *ifa;
struct sockaddr_in6 *si, *sm;
struct in6_addr ssrc, ddst;
sm = NULL;
memset(&ssrc, 0, sizeof(ssrc));
memset(&ddst, 0, sizeof(ddst));
/*
* Pick the first link-local AF_INET6 address from the list,
* aliases don't make any sense on a p2p link anyway.
*/
si = 0;
IFADDR_FOREACH(ifa, ifp)
if (ifa->ifa_addr->sa_family == AF_INET6) {
si = (struct sockaddr_in6 *)ifa->ifa_addr;
sm = (struct sockaddr_in6 *)ifa->ifa_netmask;
if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr))
break;
}
if (ifa) {
if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) {
bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc));
if (srcmask) {
bcopy(&sm->sin6_addr, srcmask,
sizeof(*srcmask));
}
}
si = (struct sockaddr_in6 *)ifa->ifa_dstaddr;
if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr))
bcopy(&si->sin6_addr, &ddst, sizeof(ddst));
}
if (dst)
bcopy(&ddst, dst, sizeof(*dst));
if (src)
bcopy(&ssrc, src, sizeof(*src));
}
#ifdef IPV6CP_MYIFID_DYN
/*
* Generate random ifid.
*/
static void
sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr)
{
/* TBD */
}
/*
* Set my IPv6 address. Must be called at splnet.
*/
static void
sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src)
{
STDDCL;
struct ifaddr *ifa;
struct sockaddr_in6 *sin6;
/*
* Pick the first link-local AF_INET6 address from the list,
* aliases don't make any sense on a p2p link anyway.
*/
sin6 = NULL;
IFADDR_FOREACH(ifa, ifp)
{
if (ifa->ifa_addr->sa_family == AF_INET6)
{
sin6 = (struct sockaddr_in6 *)ifa->ifa_addr;
if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))
break;
}
}
if (ifa && sin6)
{
int error;
struct sockaddr_in6 new_sin6 = *sin6;
bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr));
error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1);
if (debug && error)
{
log(LOG_DEBUG, "%s: sppp_set_ip6_addr: in6_ifinit "
" failed, error=%d\n", ifp->if_xname, error);
}
#ifdef PFIL_HOOKS
if (!error)
(void)pfil_run_hooks(&if_pfil,
(struct mbuf **)SIOCAIFADDR_IN6, ifp, PFIL_IFADDR);
#endif
}
}
#endif
/*
* Suggest a candidate address to be used by peer.
*/
static void
sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest)
{
struct in6_addr myaddr;
struct timeval tv;
sppp_get_ip6_addrs(sp, &myaddr, 0, 0);
myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */
microtime(&tv);
if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) {
myaddr.s6_addr[14] ^= 0xff;
myaddr.s6_addr[15] ^= 0xff;
} else {
myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff);
myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff);
}
if (suggest)
bcopy(&myaddr, suggest, sizeof(myaddr));
}
#endif /*INET6*/
/*
* Process ioctl requests specific to the PPP interface.
* Permissions have already been checked.
*/
static int
sppp_params(struct sppp *sp, int cmd, void *data)
{
switch (cmd) {
case SPPPGETAUTHCFG:
{
struct spppauthcfg *cfg = (struct spppauthcfg *)data;
int error;
size_t len;
cfg->myauthflags = sp->myauth.flags;
cfg->hisauthflags = sp->hisauth.flags;
strncpy(cfg->ifname, sp->pp_if.if_xname, IFNAMSIZ);
cfg->hisauth = 0;
if (sp->hisauth.proto)
cfg->hisauth = (sp->hisauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP;
cfg->myauth = 0;
if (sp->myauth.proto)
cfg->myauth = (sp->myauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP;
if (cfg->myname_length == 0) {
if (sp->myauth.name != NULL)
cfg->myname_length = sp->myauth.name_len + 1;
} else {
if (sp->myauth.name == NULL) {
cfg->myname_length = 0;
} else {
len = sp->myauth.name_len + 1;
if (cfg->myname_length < len)
return (ENAMETOOLONG);
error = copyout(sp->myauth.name, cfg->myname, len);
if (error) return error;
}
}
if (cfg->hisname_length == 0) {
if (sp->hisauth.name != NULL)
cfg->hisname_length = sp->hisauth.name_len + 1;
} else {
if (sp->hisauth.name == NULL) {
cfg->hisname_length = 0;
} else {
len = sp->hisauth.name_len + 1;
if (cfg->hisname_length < len)
return (ENAMETOOLONG);
error = copyout(sp->hisauth.name, cfg->hisname, len);
if (error) return error;
}
}
}
break;
case SPPPSETAUTHCFG:
{
struct spppauthcfg *cfg = (struct spppauthcfg *)data;
int error;
if (sp->myauth.name) {
free(sp->myauth.name, M_DEVBUF);
sp->myauth.name = NULL;
}
if (sp->myauth.secret) {
free(sp->myauth.secret, M_DEVBUF);
sp->myauth.secret = NULL;
}
if (sp->hisauth.name) {
free(sp->hisauth.name, M_DEVBUF);
sp->hisauth.name = NULL;
}
if (sp->hisauth.secret) {
free(sp->hisauth.secret, M_DEVBUF);
sp->hisauth.secret = NULL;
}
if (cfg->hisname != NULL && cfg->hisname_length > 0) {
if (cfg->hisname_length >= MCLBYTES)
return (ENAMETOOLONG);
sp->hisauth.name = malloc(cfg->hisname_length, M_DEVBUF, M_WAITOK);
error = copyin(cfg->hisname, sp->hisauth.name, cfg->hisname_length);
if (error) {
free(sp->hisauth.name, M_DEVBUF);
sp->hisauth.name = NULL;
return error;
}
sp->hisauth.name_len = cfg->hisname_length - 1;
sp->hisauth.name[sp->hisauth.name_len] = 0;
}
if (cfg->hissecret != NULL && cfg->hissecret_length > 0) {
if (cfg->hissecret_length >= MCLBYTES)
return (ENAMETOOLONG);
sp->hisauth.secret = malloc(cfg->hissecret_length, M_DEVBUF, M_WAITOK);
error = copyin(cfg->hissecret, sp->hisauth.secret, cfg->hissecret_length);
if (error) {
free(sp->hisauth.secret, M_DEVBUF);
sp->hisauth.secret = NULL;
return error;
}
sp->hisauth.secret_len = cfg->hissecret_length - 1;
sp->hisauth.secret[sp->hisauth.secret_len] = 0;
}
if (cfg->myname != NULL && cfg->myname_length > 0) {
if (cfg->myname_length >= MCLBYTES)
return (ENAMETOOLONG);
sp->myauth.name = malloc(cfg->myname_length, M_DEVBUF, M_WAITOK);
error = copyin(cfg->myname, sp->myauth.name, cfg->myname_length);
if (error) {
free(sp->myauth.name, M_DEVBUF);
sp->myauth.name = NULL;
return error;
}
sp->myauth.name_len = cfg->myname_length - 1;
sp->myauth.name[sp->myauth.name_len] = 0;
}
if (cfg->mysecret != NULL && cfg->mysecret_length > 0) {
if (cfg->mysecret_length >= MCLBYTES)
return (ENAMETOOLONG);
sp->myauth.secret = malloc(cfg->mysecret_length, M_DEVBUF, M_WAITOK);
error = copyin(cfg->mysecret, sp->myauth.secret, cfg->mysecret_length);
if (error) {
free(sp->myauth.secret, M_DEVBUF);
sp->myauth.secret = NULL;
return error;
}
sp->myauth.secret_len = cfg->mysecret_length - 1;
sp->myauth.secret[sp->myauth.secret_len] = 0;
}
sp->myauth.flags = cfg->myauthflags;
if (cfg->myauth)
sp->myauth.proto = (cfg->myauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP;
sp->hisauth.flags = cfg->hisauthflags;
if (cfg->hisauth)
sp->hisauth.proto = (cfg->hisauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP;
sp->pp_auth_failures = 0;
if (sp->hisauth.proto != 0)
sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO);
else
sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
}
break;
case SPPPGETLCPCFG:
{
struct sppplcpcfg *lcpp = (struct sppplcpcfg *)data;
lcpp->lcp_timeout = sp->lcp.timeout;
}
break;
case SPPPSETLCPCFG:
{
struct sppplcpcfg *lcpp = (struct sppplcpcfg *)data;
sp->lcp.timeout = lcpp->lcp_timeout;
}
break;
case SPPPGETSTATUS:
{
struct spppstatus *status = (struct spppstatus *)data;
status->phase = sp->pp_phase;
}
break;
case SPPPGETSTATUSNCP:
{
struct spppstatusncp *status = (struct spppstatusncp *)data;
status->phase = sp->pp_phase;
status->ncpup = sppp_ncp_check(sp);
}
break;
case SPPPGETIDLETO:
{
struct spppidletimeout *to = (struct spppidletimeout *)data;
to->idle_seconds = sp->pp_idle_timeout;
}
break;
case SPPPSETIDLETO:
{
struct spppidletimeout *to = (struct spppidletimeout *)data;
sp->pp_idle_timeout = to->idle_seconds;
}
break;
case SPPPSETAUTHFAILURE:
{
struct spppauthfailuresettings *afsettings = (struct spppauthfailuresettings *)data;
sp->pp_max_auth_fail = afsettings->max_failures;
sp->pp_auth_failures = 0;
}
break;
case SPPPGETAUTHFAILURES:
{
struct spppauthfailurestats *stats = (struct spppauthfailurestats *)data;
stats->auth_failures = sp->pp_auth_failures;
stats->max_failures = sp->pp_max_auth_fail;
}
break;
case SPPPSETDNSOPTS:
{
struct spppdnssettings *req = (struct spppdnssettings *)data;
sp->query_dns = req->query_dns & 3;
}
break;
case SPPPGETDNSOPTS:
{
struct spppdnssettings *req = (struct spppdnssettings *)data;
req->query_dns = sp->query_dns;
}
break;
case SPPPGETDNSADDRS:
{
struct spppdnsaddrs *addrs = (struct spppdnsaddrs *)data;
memcpy(&addrs->dns, &sp->dns_addrs, sizeof addrs->dns);
}
break;
case SPPPGETKEEPALIVE:
{
struct spppkeepalivesettings *settings =
(struct spppkeepalivesettings*)data;
settings->maxalive = sp->pp_maxalive;
settings->max_noreceive = sp->pp_max_noreceive;
}
break;
case SPPPSETKEEPALIVE:
{
struct spppkeepalivesettings *settings =
(struct spppkeepalivesettings*)data;
sp->pp_maxalive = settings->maxalive;
sp->pp_max_noreceive = settings->max_noreceive;
}
break;
default:
return (EINVAL);
}
return (0);
}
static void
sppp_phase_network(struct sppp *sp)
{
STDDCL;
int i;
u_int32_t mask;
sp->pp_phase = SPPP_PHASE_NETWORK;
if (debug)
{
log(LOG_INFO, "%s: phase %s\n", ifp->if_xname,
sppp_phase_name(sp->pp_phase));
}
/* Notify NCPs now. */
for (i = 0; i < IDX_COUNT; i++)
if ((cps[i])->flags & CP_NCP)
(cps[i])->Open(sp);
/* Send Up events to all NCPs. */
for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP))
(cps[i])->Up(sp);
/* if no NCP is starting, all this was in vain, close down */
sppp_lcp_check_and_close(sp);
}
static const char *
sppp_cp_type_name(u_char type)
{
static char buf[12];
switch (type) {
case CONF_REQ: return "conf-req";
case CONF_ACK: return "conf-ack";
case CONF_NAK: return "conf-nak";
case CONF_REJ: return "conf-rej";
case TERM_REQ: return "term-req";
case TERM_ACK: return "term-ack";
case CODE_REJ: return "code-rej";
case PROTO_REJ: return "proto-rej";
case ECHO_REQ: return "echo-req";
case ECHO_REPLY: return "echo-reply";
case DISC_REQ: return "discard-req";
}
snprintf(buf, sizeof(buf), "0x%x", type);
return buf;
}
static const char *
sppp_auth_type_name(u_short proto, u_char type)
{
static char buf[12];
switch (proto) {
case PPP_CHAP:
switch (type) {
case CHAP_CHALLENGE: return "challenge";
case CHAP_RESPONSE: return "response";
case CHAP_SUCCESS: return "success";
case CHAP_FAILURE: return "failure";
}
case PPP_PAP:
switch (type) {
case PAP_REQ: return "req";
case PAP_ACK: return "ack";
case PAP_NAK: return "nak";
}
}
snprintf(buf, sizeof(buf), "0x%x", type);
return buf;
}
static const char *
sppp_lcp_opt_name(u_char opt)
{
static char buf[12];
switch (opt) {
case LCP_OPT_MRU: return "mru";
case LCP_OPT_ASYNC_MAP: return "async-map";
case LCP_OPT_AUTH_PROTO: return "auth-proto";
case LCP_OPT_QUAL_PROTO: return "qual-proto";
case LCP_OPT_MAGIC: return "magic";
case LCP_OPT_PROTO_COMP: return "proto-comp";
case LCP_OPT_ADDR_COMP: return "addr-comp";
}
snprintf(buf, sizeof(buf), "0x%x", opt);
return buf;
}
static const char *
sppp_ipcp_opt_name(u_char opt)
{
static char buf[12];
switch (opt) {
case IPCP_OPT_ADDRESSES: return "addresses";
case IPCP_OPT_COMPRESSION: return "compression";
case IPCP_OPT_ADDRESS: return "address";
}
snprintf(buf, sizeof(buf), "0x%x", opt);
return buf;
}
#ifdef INET6
static const char *
sppp_ipv6cp_opt_name(u_char opt)
{
static char buf[12];
switch (opt) {
case IPV6CP_OPT_IFID: return "ifid";
case IPV6CP_OPT_COMPRESSION: return "compression";
}
snprintf(buf, sizeof(buf), "0x%x", opt);
return buf;
}
#endif
static const char *
sppp_state_name(int state)
{
switch (state) {
case STATE_INITIAL: return "initial";
case STATE_STARTING: return "starting";
case STATE_CLOSED: return "closed";
case STATE_STOPPED: return "stopped";
case STATE_CLOSING: return "closing";
case STATE_STOPPING: return "stopping";
case STATE_REQ_SENT: return "req-sent";
case STATE_ACK_RCVD: return "ack-rcvd";
case STATE_ACK_SENT: return "ack-sent";
case STATE_OPENED: return "opened";
}
return "illegal";
}
static const char *
sppp_phase_name(int phase)
{
switch (phase) {
case SPPP_PHASE_DEAD: return "dead";
case SPPP_PHASE_ESTABLISH: return "establish";
case SPPP_PHASE_TERMINATE: return "terminate";
case SPPP_PHASE_AUTHENTICATE: return "authenticate";
case SPPP_PHASE_NETWORK: return "network";
}
return "illegal";
}
static const char *
sppp_proto_name(u_short proto)
{
static char buf[12];
switch (proto) {
case PPP_LCP: return "lcp";
case PPP_IPCP: return "ipcp";
case PPP_PAP: return "pap";
case PPP_CHAP: return "chap";
case PPP_IPV6CP: return "ipv6cp";
}
snprintf(buf, sizeof(buf), "0x%x", (unsigned)proto);
return buf;
}
static void
sppp_print_bytes(const u_char *p, u_short len)
{
addlog(" %02x", *p++);
while (--len > 0)
addlog("-%02x", *p++);
}
static void
sppp_print_string(const char *p, u_short len)
{
u_char c;
while (len-- > 0) {
c = *p++;
/*
* Print only ASCII chars directly. RFC 1994 recommends
* using only them, but we don't rely on it. */
if (c < ' ' || c > '~')
addlog("\\x%x", c);
else
addlog("%c", c);
}
}
static const char *
sppp_dotted_quad(u_int32_t addr)
{
static char s[16];
snprintf(s, sizeof(s), "%d.%d.%d.%d",
(int)((addr >> 24) & 0xff),
(int)((addr >> 16) & 0xff),
(int)((addr >> 8) & 0xff),
(int)(addr & 0xff));
return s;
}
/* a dummy, used to drop uninteresting events */
static void
sppp_null(struct sppp *unused)
{
/* do just nothing */
}
/*
* This file is large. Tell emacs to highlight it nevertheless.
*
* Local Variables:
* hilit-auto-highlight-maxout: 120000
* End:
*/