/* $NetBSD: if_spppsubr.c,v 1.204 2020/11/25 09:59:52 yamaguchi Exp $ */ /* * Synchronous PPP/Cisco link level subroutines. * Keepalive protocol implemented in both Cisco and PPP modes. * * Copyright (C) 1994-1996 Cronyx Engineering Ltd. * Author: Serge Vakulenko, * * Heavily revamped to conform to RFC 1661. * Copyright (C) 1997, Joerg Wunsch. * * RFC2472 IPv6CP support. * Copyright (C) 2000, Jun-ichiro itojun Hagino . * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997 * * From: if_spppsubr.c,v 1.39 1998/04/04 13:26:03 phk Exp * * From: Id: if_spppsubr.c,v 1.23 1999/02/23 14:47:50 hm Exp */ #include __KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.204 2020/11/25 09:59:52 yamaguchi Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" #include "opt_modular.h" #include "opt_compat_netbsd.h" #include "opt_net_mpsafe.h" #endif #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef INET #include #include #endif #include #ifdef INET6 #include #endif #include #include #ifdef NET_MPSAFE #define SPPPSUBR_MPSAFE 1 #endif #define LCP_KEEPALIVE_INTERVAL 10 /* seconds between checks */ #define LOOPALIVECNT 3 /* loopback detection tries */ #define DEFAULT_MAXALIVECNT 3 /* max. missed alive packets */ #define DEFAULT_NORECV_TIME 15 /* before we get worried */ #define DEFAULT_MAX_AUTH_FAILURES 5 /* max. auth. failures */ /* * Interface flags that can be set in an ifconfig command. * * Setting link0 will make the link passive, i.e. it will be marked * as being administrative openable, but won't be opened to begin * with. Incoming calls will be answered, or subsequent calls with * -link1 will cause the administrative open of the LCP layer. * * Setting link1 will cause the link to auto-dial only as packets * arrive to be sent. * * Setting IFF_DEBUG will syslog the option negotiation and state * transitions at level kern.debug. Note: all logs consistently look * like * * : * * with being something like "bppp0", and * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc. */ #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */ #define IFF_AUTO IFF_LINK1 /* auto-dial on output */ #define CONF_REQ 1 /* PPP configure request */ #define CONF_ACK 2 /* PPP configure acknowledge */ #define CONF_NAK 3 /* PPP configure negative ack */ #define CONF_REJ 4 /* PPP configure reject */ #define TERM_REQ 5 /* PPP terminate request */ #define TERM_ACK 6 /* PPP terminate acknowledge */ #define CODE_REJ 7 /* PPP code reject */ #define PROTO_REJ 8 /* PPP protocol reject */ #define ECHO_REQ 9 /* PPP echo request */ #define ECHO_REPLY 10 /* PPP echo reply */ #define DISC_REQ 11 /* PPP discard request */ #define LCP_OPT_MRU 1 /* maximum receive unit */ #define LCP_OPT_ASYNC_MAP 2 /* async control character map */ #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ #define LCP_OPT_MAGIC 5 /* magic number */ #define LCP_OPT_RESERVED 6 /* reserved */ #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ #define LCP_OPT_FCS_ALTS 9 /* FCS alternatives */ #define LCP_OPT_SELF_DESC_PAD 10 /* self-describing padding */ #define LCP_OPT_CALL_BACK 13 /* callback */ #define LCP_OPT_COMPOUND_FRMS 15 /* compound frames */ #define LCP_OPT_MP_MRRU 17 /* multilink MRRU */ #define LCP_OPT_MP_SSNHF 18 /* multilink short seq. numbers */ #define LCP_OPT_MP_EID 19 /* multilink endpoint discriminator */ #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */ #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol */ #define IPCP_OPT_ADDRESS 3 /* local IP address */ #define IPCP_OPT_PRIMDNS 129 /* primary remote dns address */ #define IPCP_OPT_SECDNS 131 /* secondary remote dns address */ #define IPCP_UPDATE_LIMIT 8 /* limit of pending IP updating job */ #define IPCP_SET_ADDRS 1 /* marker for IP address setting job */ #define IPCP_CLEAR_ADDRS 2 /* marker for IP address clearing job */ #define IPV6CP_OPT_IFID 1 /* interface identifier */ #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */ #define PAP_REQ 1 /* PAP name/password request */ #define PAP_ACK 2 /* PAP acknowledge */ #define PAP_NAK 3 /* PAP fail */ #define CHAP_CHALLENGE 1 /* CHAP challenge request */ #define CHAP_RESPONSE 2 /* CHAP challenge response */ #define CHAP_SUCCESS 3 /* CHAP response ok */ #define CHAP_FAILURE 4 /* CHAP response failed */ #define CHAP_MD5 5 /* hash algorithm - MD5 */ #define CISCO_MULTICAST 0x8f /* Cisco multicast address */ #define CISCO_UNICAST 0x0f /* Cisco unicast address */ #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ #define CISCO_ADDR_REQ 0 /* Cisco address request */ #define CISCO_ADDR_REPLY 1 /* Cisco address reply */ #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ /* states are named and numbered according to RFC 1661 */ #define STATE_INITIAL 0 #define STATE_STARTING 1 #define STATE_CLOSED 2 #define STATE_STOPPED 3 #define STATE_CLOSING 4 #define STATE_STOPPING 5 #define STATE_REQ_SENT 6 #define STATE_ACK_RCVD 7 #define STATE_ACK_SENT 8 #define STATE_OPENED 9 struct ppp_header { uint8_t address; uint8_t control; uint16_t protocol; } __packed; #define PPP_HEADER_LEN sizeof (struct ppp_header) struct lcp_header { uint8_t type; uint8_t ident; uint16_t len; } __packed; #define LCP_HEADER_LEN sizeof (struct lcp_header) struct cisco_packet { uint32_t type; uint32_t par1; uint32_t par2; uint16_t rel; uint16_t time0; uint16_t time1; } __packed; #define CISCO_PACKET_LEN 18 /* * We follow the spelling and capitalization of RFC 1661 here, to make * it easier comparing with the standard. Please refer to this RFC in * case you can't make sense out of these abbreviation; it will also * explain the semantics related to the various events and actions. */ struct cp { u_short proto; /* PPP control protocol number */ u_char protoidx; /* index into state table in struct sppp */ u_char flags; #define CP_LCP 0x01 /* this is the LCP */ #define CP_AUTH 0x02 /* this is an authentication protocol */ #define CP_NCP 0x04 /* this is a NCP */ #define CP_QUAL 0x08 /* this is a quality reporting protocol */ const char *name; /* name of this control protocol */ /* event handlers */ void (*Up)(struct sppp *, void *); void (*Down)(struct sppp *, void *); void (*Open)(struct sppp *, void *); void (*Close)(struct sppp *, void *); void (*TO)(struct sppp *, void *); int (*RCR)(struct sppp *, struct lcp_header *, int); void (*RCN_rej)(struct sppp *, struct lcp_header *, int); void (*RCN_nak)(struct sppp *, struct lcp_header *, int); /* actions */ void (*tlu)(struct sppp *); void (*tld)(struct sppp *); void (*tls)(const struct cp *, struct sppp *); void (*tlf)(const struct cp *, struct sppp *); void (*scr)(struct sppp *); void (*scan)(const struct cp *, struct sppp *); }; enum auth_role { SPPP_AUTH_NOROLE = 0, SPPP_AUTH_SERV = __BIT(0), SPPP_AUTH_PEER = __BIT(1), }; static struct sppp *spppq; static kmutex_t *spppq_lock = NULL; static callout_t keepalive_ch; #define SPPPQ_LOCK() if (spppq_lock) \ mutex_enter(spppq_lock); #define SPPPQ_UNLOCK() if (spppq_lock) \ mutex_exit(spppq_lock); #define SPPP_LOCK(_sp, _op) rw_enter(&(_sp)->pp_lock, (_op)) #define SPPP_UNLOCK(_sp) rw_exit(&(_sp)->pp_lock) #define SPPP_WLOCKED(_sp) rw_write_held(&(_sp)->pp_lock) #define SPPP_UPGRADE(_sp) do{ \ SPPP_UNLOCK(_sp); \ SPPP_LOCK(_sp, RW_WRITER); \ }while (0) #define SPPP_DOWNGRADE(_sp) rw_downgrade(&(_sp)->pp_lock) #define SPPP_WQ_SET(_wk, _func, _arg) \ sppp_wq_set((_wk), (_func), __UNCONST((_arg))) #ifdef INET #ifndef SPPPSUBR_MPSAFE /* * The following disgusting hack gets around the problem that IP TOS * can't be set yet. We want to put "interactive" traffic on a high * priority queue. To decide if traffic is interactive, we check that * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. * * XXX is this really still necessary? - joerg - */ static u_short interactive_ports[8] = { 0, 513, 0, 0, 0, 21, 0, 23, }; #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) #endif /* SPPPSUBR_MPSAFE */ #endif /* almost every function needs these */ #define STDDCL \ struct ifnet *ifp = &sp->pp_if; \ int debug = ifp->if_flags & IFF_DEBUG static int sppp_output(struct ifnet *, struct mbuf *, const struct sockaddr *, const struct rtentry *); static void sppp_cisco_send(struct sppp *, int, int32_t, int32_t); static void sppp_cisco_input(struct sppp *, struct mbuf *); static void sppp_cp_init(const struct cp *, struct sppp *); static void sppp_cp_fini(const struct cp *, struct sppp *); static void sppp_cp_input(const struct cp *, struct sppp *, struct mbuf *); static void sppp_cp_input(const struct cp *, struct sppp *, struct mbuf *); static void sppp_cp_send(struct sppp *, u_short, u_char, u_char, u_short, void *); /* static void sppp_cp_timeout(void *arg); */ static void sppp_cp_change_state(const struct cp *, struct sppp *, int); static struct workqueue * sppp_wq_create(struct sppp *, const char *, pri_t, int, int); static void sppp_wq_destroy(struct sppp *, struct workqueue *); static void sppp_wq_set(struct sppp_work *, void (*)(struct sppp *, void *), void *); static void sppp_wq_add(struct workqueue *, struct sppp_work *); static void sppp_wq_wait(struct workqueue *, struct sppp_work *); static void sppp_cp_to_lcp(void *); static void sppp_cp_to_ipcp(void *); static void sppp_cp_to_ipv6cp(void *); static void sppp_auth_send(const struct cp *, struct sppp *, unsigned int, unsigned int, ...); static int sppp_auth_role(const struct cp *, struct sppp *); static void sppp_auth_to_event(struct sppp *, void *); static void sppp_auth_sca_scn(const struct cp *, struct sppp *); static void sppp_up_event(struct sppp *, void *); static void sppp_down_event(struct sppp *, void *); static void sppp_open_event(struct sppp *, void *); static void sppp_close_event(struct sppp *, void *); static void sppp_to_event(struct sppp *, void *); static void sppp_rcr_event(struct sppp *, void *); static void sppp_rca_event(struct sppp *, void *); static void sppp_rcn_event(struct sppp *, void *); static void sppp_rtr_event(struct sppp *, void *); static void sppp_rta_event(struct sppp *, void *); static void sppp_rxj_event(struct sppp *, void *); static void sppp_null(struct sppp *); static void sppp_tls(const struct cp *, struct sppp *); static void sppp_tlf(const struct cp *, struct sppp *); static void sppp_sca_scn(const struct cp *, struct sppp *); static void sppp_ifdown(struct sppp *, void *); static void sppp_lcp_init(struct sppp *); static void sppp_lcp_up(struct sppp *, void *); static void sppp_lcp_down(struct sppp *, void *); static void sppp_lcp_open(struct sppp *, void *); static int sppp_lcp_RCR(struct sppp *, struct lcp_header *, int); static void sppp_lcp_RCN_rej(struct sppp *, struct lcp_header *, int); static void sppp_lcp_RCN_nak(struct sppp *, struct lcp_header *, int); static void sppp_lcp_tlu(struct sppp *); static void sppp_lcp_tld(struct sppp *); static void sppp_lcp_tls(const struct cp *, struct sppp *); static void sppp_lcp_tlf(const struct cp *, struct sppp *); static void sppp_lcp_scr(struct sppp *); static void sppp_lcp_check_and_close(struct sppp *); static int sppp_cp_check(struct sppp *, u_char); static void sppp_ipcp_init(struct sppp *); static void sppp_ipcp_open(struct sppp *, void *); static void sppp_ipcp_close(struct sppp *, void *); static int sppp_ipcp_RCR(struct sppp *, struct lcp_header *, int); static void sppp_ipcp_RCN_rej(struct sppp *, struct lcp_header *, int); static void sppp_ipcp_RCN_nak(struct sppp *, struct lcp_header *, int); static void sppp_ipcp_tlu(struct sppp *); static void sppp_ipcp_scr(struct sppp *); static void sppp_ipv6cp_init(struct sppp *); static void sppp_ipv6cp_open(struct sppp *, void *); static int sppp_ipv6cp_RCR(struct sppp *, struct lcp_header *, int); static void sppp_ipv6cp_RCN_rej(struct sppp *, struct lcp_header *, int); static void sppp_ipv6cp_RCN_nak(struct sppp *, struct lcp_header *, int); static void sppp_ipv6cp_tlu(struct sppp *); static void sppp_ipv6cp_scr(struct sppp *); static void sppp_pap_input(struct sppp *, struct mbuf *); static void sppp_pap_init(struct sppp *); static void sppp_pap_tlu(struct sppp *); static void sppp_pap_scr(struct sppp *); static void sppp_pap_scr(struct sppp *); static void sppp_chap_input(struct sppp *, struct mbuf *); static void sppp_chap_init(struct sppp *); static void sppp_chap_open(struct sppp *, void *); static void sppp_chap_tlu(struct sppp *); static void sppp_chap_scr(struct sppp *); static void sppp_chap_rcv_challenge_event(struct sppp *, void *); static const char *sppp_auth_type_name(u_short, u_char); static const char *sppp_cp_type_name(u_char); static const char *sppp_dotted_quad(uint32_t); static const char *sppp_ipcp_opt_name(u_char); #ifdef INET6 static const char *sppp_ipv6cp_opt_name(u_char); #endif static const char *sppp_lcp_opt_name(u_char); static const char *sppp_phase_name(int); static const char *sppp_proto_name(u_short); static const char *sppp_state_name(int); static int sppp_params(struct sppp *, u_long, void *); #ifdef INET static void sppp_get_ip_addrs(struct sppp *, uint32_t *, uint32_t *, uint32_t *); static void sppp_set_ip_addrs_work(struct work *, struct sppp *); static void sppp_set_ip_addrs(struct sppp *); static void sppp_clear_ip_addrs_work(struct work *, struct sppp *); static void sppp_clear_ip_addrs(struct sppp *); static void sppp_update_ip_addrs_work(struct work *, void *); #endif static void sppp_keepalive(void *); static void sppp_phase_network(struct sppp *); static void sppp_print_bytes(const u_char *, u_short); static void sppp_print_string(const char *, u_short); #ifdef INET6 static void sppp_get_ip6_addrs(struct sppp *, struct in6_addr *, struct in6_addr *, struct in6_addr *); #ifdef IPV6CP_MYIFID_DYN static void sppp_set_ip6_addr(struct sppp *, const struct in6_addr *); static void sppp_gen_ip6_addr(struct sppp *, const struct in6_addr *); #endif static void sppp_suggest_ip6_addr(struct sppp *, struct in6_addr *); #endif static void sppp_notify_up(struct sppp *); static void sppp_notify_down(struct sppp *); static void sppp_notify_tls_wlocked(struct sppp *); static void sppp_notify_tlf_wlocked(struct sppp *); #ifdef INET6 static void sppp_notify_con_wlocked(struct sppp *); #endif static void sppp_notify_con(struct sppp *); static void sppp_notify_chg_wlocked(struct sppp *); /* our control protocol descriptors */ static const struct cp lcp = { PPP_LCP, IDX_LCP, CP_LCP, "lcp", sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_close_event, sppp_to_event, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak, sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf, sppp_lcp_scr, sppp_sca_scn }; static const struct cp ipcp = { PPP_IPCP, IDX_IPCP, #ifdef INET CP_NCP, /*don't run IPCP if there's no IPv4 support*/ #else 0, #endif "ipcp", sppp_up_event, sppp_down_event, sppp_ipcp_open, sppp_ipcp_close, sppp_to_event, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak, sppp_ipcp_tlu, sppp_null, sppp_tls, sppp_tlf, sppp_ipcp_scr, sppp_sca_scn }; static const struct cp ipv6cp = { PPP_IPV6CP, IDX_IPV6CP, #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/ CP_NCP, #else 0, #endif "ipv6cp", sppp_up_event, sppp_down_event, sppp_ipv6cp_open, sppp_close_event, sppp_to_event, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak, sppp_ipv6cp_tlu, sppp_null, sppp_tls, sppp_tlf, sppp_ipv6cp_scr, sppp_sca_scn }; static const struct cp pap = { PPP_PAP, IDX_PAP, CP_AUTH, "pap", sppp_up_event, sppp_down_event, sppp_open_event, sppp_close_event, sppp_to_event, 0, 0, 0, sppp_pap_tlu, sppp_null, sppp_tls, sppp_tlf, sppp_pap_scr, sppp_auth_sca_scn }; static const struct cp chap = { PPP_CHAP, IDX_CHAP, CP_AUTH, "chap", sppp_up_event, sppp_down_event, sppp_chap_open, sppp_close_event, sppp_auth_to_event, 0, 0, 0, sppp_chap_tlu, sppp_null, sppp_tls, sppp_tlf, sppp_chap_scr, sppp_auth_sca_scn }; static const struct cp *cps[IDX_COUNT] = { &lcp, /* IDX_LCP */ &ipcp, /* IDX_IPCP */ &ipv6cp, /* IDX_IPV6CP */ &pap, /* IDX_PAP */ &chap, /* IDX_CHAP */ }; static void sppp_change_phase(struct sppp *sp, int phase) { STDDCL; KASSERT(SPPP_WLOCKED(sp)); if (sp->pp_phase == phase) return; sp->pp_phase = phase; if (phase == SPPP_PHASE_NETWORK) if_link_state_change(ifp, LINK_STATE_UP); else if_link_state_change(ifp, LINK_STATE_DOWN); if (debug) { log(LOG_INFO, "%s: phase %s\n", ifp->if_xname, sppp_phase_name(sp->pp_phase)); } } /* * Exported functions, comprising our interface to the lower layer. */ /* * Process the received packet. */ void sppp_input(struct ifnet *ifp, struct mbuf *m) { struct ppp_header *h = NULL; pktqueue_t *pktq = NULL; struct ifqueue *inq = NULL; uint16_t protocol; struct sppp *sp = (struct sppp *)ifp; int debug = ifp->if_flags & IFF_DEBUG; int isr = 0; SPPP_LOCK(sp, RW_READER); if (ifp->if_flags & IFF_UP) { /* Count received bytes, add hardware framing */ if_statadd(ifp, if_ibytes, m->m_pkthdr.len + sp->pp_framebytes); /* Note time of last receive */ sp->pp_last_receive = time_uptime; } if (m->m_pkthdr.len <= PPP_HEADER_LEN) { /* Too small packet, drop it. */ if (debug) log(LOG_DEBUG, "%s: input packet is too small, %d bytes\n", ifp->if_xname, m->m_pkthdr.len); drop: if_statadd2(ifp, if_ierrors, 1, if_iqdrops, 1); m_freem(m); SPPP_UNLOCK(sp); return; } if (sp->pp_flags & PP_NOFRAMING) { memcpy(&protocol, mtod(m, void *), 2); protocol = ntohs(protocol); m_adj(m, 2); } else { /* Get PPP header. */ h = mtod(m, struct ppp_header *); m_adj(m, PPP_HEADER_LEN); switch (h->address) { case PPP_ALLSTATIONS: if (h->control != PPP_UI) goto invalid; if (sp->pp_flags & PP_CISCO) { if (debug) log(LOG_DEBUG, "%s: PPP packet in Cisco mode " "\n", ifp->if_xname, h->address, h->control, ntohs(h->protocol)); goto drop; } break; case CISCO_MULTICAST: case CISCO_UNICAST: /* Don't check the control field here (RFC 1547). */ if (! (sp->pp_flags & PP_CISCO)) { if (debug) log(LOG_DEBUG, "%s: Cisco packet in PPP mode " "\n", ifp->if_xname, h->address, h->control, ntohs(h->protocol)); goto drop; } switch (ntohs(h->protocol)) { default: if_statinc(ifp, if_noproto); goto invalid; case CISCO_KEEPALIVE: SPPP_UNLOCK(sp); sppp_cisco_input((struct sppp *) ifp, m); m_freem(m); return; #ifdef INET case ETHERTYPE_IP: pktq = ip_pktq; break; #endif #ifdef INET6 case ETHERTYPE_IPV6: pktq = ip6_pktq; break; #endif } goto queue_pkt; default: /* Invalid PPP packet. */ invalid: if (debug) log(LOG_DEBUG, "%s: invalid input packet " "\n", ifp->if_xname, h->address, h->control, ntohs(h->protocol)); goto drop; } protocol = ntohs(h->protocol); } switch (protocol) { default: if (sp->scp[IDX_LCP].state == STATE_OPENED) { uint16_t prot = htons(protocol); SPPP_UPGRADE(sp); sppp_cp_send(sp, PPP_LCP, PROTO_REJ, ++sp->scp[IDX_LCP].seq, m->m_pkthdr.len + 2, &prot); SPPP_DOWNGRADE(sp); } if (debug) log(LOG_DEBUG, "%s: invalid input protocol " "\n", ifp->if_xname, ntohs(protocol)); if_statinc(ifp, if_noproto); goto drop; case PPP_LCP: SPPP_UNLOCK(sp); sppp_cp_input(&lcp, sp, m); m_freem(m); return; case PPP_PAP: SPPP_UNLOCK(sp); if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { sppp_pap_input(sp, m); } m_freem(m); return; case PPP_CHAP: SPPP_UNLOCK(sp); if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { sppp_chap_input(sp, m); } m_freem(m); return; #ifdef INET case PPP_IPCP: SPPP_UNLOCK(sp); if (sp->pp_phase == SPPP_PHASE_NETWORK) { sppp_cp_input(&ipcp, sp, m); } m_freem(m); return; case PPP_IP: if (sp->scp[IDX_IPCP].state == STATE_OPENED) { sp->pp_last_activity = time_uptime; pktq = ip_pktq; } break; #endif #ifdef INET6 case PPP_IPV6CP: SPPP_UNLOCK(sp); if (sp->pp_phase == SPPP_PHASE_NETWORK) { sppp_cp_input(&ipv6cp, sp, m); } m_freem(m); return; case PPP_IPV6: if (sp->scp[IDX_IPV6CP].state == STATE_OPENED) { sp->pp_last_activity = time_uptime; pktq = ip6_pktq; } break; #endif } queue_pkt: if ((ifp->if_flags & IFF_UP) == 0 || (!inq && !pktq)) { goto drop; } /* Check queue. */ if (__predict_true(pktq)) { if (__predict_false(!pktq_enqueue(pktq, m, 0))) { goto drop; } SPPP_UNLOCK(sp); return; } SPPP_UNLOCK(sp); IFQ_LOCK(inq); if (IF_QFULL(inq)) { /* Queue overflow. */ IF_DROP(inq); IFQ_UNLOCK(inq); if (debug) log(LOG_DEBUG, "%s: protocol queue overflow\n", ifp->if_xname); SPPP_LOCK(sp, RW_READER); goto drop; } IF_ENQUEUE(inq, m); IFQ_UNLOCK(inq); schednetisr(isr); } /* * Enqueue transmit packet. */ static int sppp_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, const struct rtentry *rt) { struct sppp *sp = (struct sppp *) ifp; struct ppp_header *h = NULL; #ifndef SPPPSUBR_MPSAFE struct ifqueue *ifq = NULL; /* XXX */ #endif int s, error = 0; uint16_t protocol; size_t pktlen; s = splnet(); SPPP_LOCK(sp, RW_READER); sp->pp_last_activity = time_uptime; if ((ifp->if_flags & IFF_UP) == 0 || (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) { SPPP_UNLOCK(sp); splx(s); m_freem(m); return (ENETDOWN); } if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) { /* * Interface is not yet running, but auto-dial. Need * to start LCP for it. */ ifp->if_flags |= IFF_RUNNING; sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); } /* * If the queueing discipline needs packet classification, * do it before prepending link headers. */ IFQ_CLASSIFY(&ifp->if_snd, m, dst->sa_family); #ifdef INET if (dst->sa_family == AF_INET) { struct ip *ip = NULL; #ifndef SPPPSUBR_MPSAFE struct tcphdr *th = NULL; #endif if (m->m_len >= sizeof(struct ip)) { ip = mtod(m, struct ip *); #ifndef SPPPSUBR_MPSAFE if (ip->ip_p == IPPROTO_TCP && m->m_len >= sizeof(struct ip) + (ip->ip_hl << 2) + sizeof(struct tcphdr)) { th = (struct tcphdr *) ((char *)ip + (ip->ip_hl << 2)); } #endif } else ip = NULL; /* * When using dynamic local IP address assignment by using * 0.0.0.0 as a local address, the first TCP session will * not connect because the local TCP checksum is computed * using 0.0.0.0 which will later become our real IP address * so the TCP checksum computed at the remote end will * become invalid. So we * - don't let packets with src ip addr 0 thru * - we flag TCP packets with src ip 0 as an error */ if (ip && ip->ip_src.s_addr == INADDR_ANY) { uint8_t proto = ip->ip_p; SPPP_UNLOCK(sp); splx(s); m_freem(m); if (proto == IPPROTO_TCP) return (EADDRNOTAVAIL); else return (0); } #ifndef SPPPSUBR_MPSAFE /* * Put low delay, telnet, rlogin and ftp control packets * in front of the queue. */ if (!IF_QFULL(&sp->pp_fastq) && ((ip && (ip->ip_tos & IPTOS_LOWDELAY)) || (th && (INTERACTIVE(ntohs(th->th_sport)) || INTERACTIVE(ntohs(th->th_dport)))))) ifq = &sp->pp_fastq; #endif /* !SPPPSUBR_MPSAFE */ } #endif #ifdef INET6 if (dst->sa_family == AF_INET6) { /* XXX do something tricky here? */ } #endif if ((sp->pp_flags & PP_NOFRAMING) == 0) { /* * Prepend general data packet PPP header. For now, IP only. */ M_PREPEND(m, PPP_HEADER_LEN, M_DONTWAIT); if (! m) { if (ifp->if_flags & IFF_DEBUG) log(LOG_DEBUG, "%s: no memory for transmit header\n", ifp->if_xname); if_statinc(ifp, if_oerrors); SPPP_UNLOCK(sp); splx(s); return (ENOBUFS); } /* * May want to check size of packet * (albeit due to the implementation it's always enough) */ h = mtod(m, struct ppp_header *); if (sp->pp_flags & PP_CISCO) { h->address = CISCO_UNICAST; /* unicast address */ h->control = 0; } else { h->address = PPP_ALLSTATIONS; /* broadcast address */ h->control = PPP_UI; /* Unnumbered Info */ } } switch (dst->sa_family) { #ifdef INET case AF_INET: /* Internet Protocol */ if (sp->pp_flags & PP_CISCO) protocol = htons(ETHERTYPE_IP); else { /* * Don't choke with an ENETDOWN early. It's * possible that we just started dialing out, * so don't drop the packet immediately. If * we notice that we run out of buffer space * below, we will however remember that we are * not ready to carry IP packets, and return * ENETDOWN, as opposed to ENOBUFS. */ protocol = htons(PPP_IP); if (sp->scp[IDX_IPCP].state != STATE_OPENED) error = ENETDOWN; } break; #endif #ifdef INET6 case AF_INET6: /* Internet Protocol version 6 */ if (sp->pp_flags & PP_CISCO) protocol = htons(ETHERTYPE_IPV6); else { /* * Don't choke with an ENETDOWN early. It's * possible that we just started dialing out, * so don't drop the packet immediately. If * we notice that we run out of buffer space * below, we will however remember that we are * not ready to carry IP packets, and return * ENETDOWN, as opposed to ENOBUFS. */ protocol = htons(PPP_IPV6); if (sp->scp[IDX_IPV6CP].state != STATE_OPENED) error = ENETDOWN; } break; #endif default: m_freem(m); if_statinc(ifp, if_oerrors); SPPP_UNLOCK(sp); splx(s); return (EAFNOSUPPORT); } if (sp->pp_flags & PP_NOFRAMING) { M_PREPEND(m, 2, M_DONTWAIT); if (m == NULL) { if (ifp->if_flags & IFF_DEBUG) log(LOG_DEBUG, "%s: no memory for transmit header\n", ifp->if_xname); if_statinc(ifp, if_oerrors); SPPP_UNLOCK(sp); splx(s); return (ENOBUFS); } *mtod(m, uint16_t *) = protocol; } else { h->protocol = protocol; } pktlen = m->m_pkthdr.len; #ifdef SPPPSUBR_MPSAFE SPPP_UNLOCK(sp); error = if_transmit_lock(ifp, m); SPPP_LOCK(sp, RW_READER); if (error == 0) if_statadd(ifp, if_obytes, pktlen + sp->pp_framebytes); #else /* !SPPPSUBR_MPSAFE */ error = ifq_enqueue2(ifp, ifq, m); if (error == 0) { /* * Count output packets and bytes. * The packet length includes header + additional hardware * framing according to RFC 1333. */ if (!(ifp->if_flags & IFF_OACTIVE)) { SPPP_UNLOCK(sp); if_start_lock(ifp); SPPP_LOCK(sp, RW_READER); } if_statadd(ifp, if_obytes, pktlen + sp->pp_framebytes); } #endif /* !SPPPSUBR_MPSAFE */ SPPP_UNLOCK(sp); splx(s); return error; } void sppp_attach(struct ifnet *ifp) { struct sppp *sp = (struct sppp *) ifp; char xnamebuf[MAXCOMLEN]; /* Initialize keepalive handler. */ if (! spppq) { callout_init(&keepalive_ch, CALLOUT_MPSAFE); callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); } if (! spppq_lock) spppq_lock = mutex_obj_alloc(MUTEX_DEFAULT, IPL_SOFTNET); sp->pp_if.if_type = IFT_PPP; sp->pp_if.if_output = sppp_output; sp->pp_fastq.ifq_maxlen = 32; sp->pp_cpq.ifq_maxlen = 20; sp->pp_loopcnt = 0; sp->pp_alivecnt = 0; sp->pp_last_activity = 0; sp->pp_last_receive = 0; sp->pp_maxalive = DEFAULT_MAXALIVECNT; sp->pp_max_noreceive = DEFAULT_NORECV_TIME; sp->pp_idle_timeout = 0; sp->pp_max_auth_fail = DEFAULT_MAX_AUTH_FAILURES; sp->pp_phase = SPPP_PHASE_DEAD; sp->pp_up = sppp_notify_up; sp->pp_down = sppp_notify_down; sppp_wq_set(&sp->work_ifdown, sppp_ifdown, NULL); memset(sp->scp, 0, sizeof(sp->scp)); rw_init(&sp->pp_lock); if_alloc_sadl(ifp); /* Lets not beat about the bush, we know we're down. */ ifp->if_link_state = LINK_STATE_DOWN; snprintf(xnamebuf, sizeof(xnamebuf), "%s.wq_cp", ifp->if_xname); sp->wq_cp = sppp_wq_create(sp, xnamebuf, PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE); memset(&sp->myauth, 0, sizeof sp->myauth); memset(&sp->hisauth, 0, sizeof sp->hisauth); SPPP_LOCK(sp, RW_WRITER); sppp_lcp_init(sp); sppp_ipcp_init(sp); sppp_ipv6cp_init(sp); sppp_pap_init(sp); sppp_chap_init(sp); SPPP_UNLOCK(sp); SPPPQ_LOCK(); /* Insert new entry into the keepalive list. */ sp->pp_next = spppq; spppq = sp; SPPPQ_UNLOCK(); } void sppp_detach(struct ifnet *ifp) { struct sppp **q, *p, *sp = (struct sppp *) ifp; /* Remove the entry from the keepalive list. */ SPPPQ_LOCK(); for (q = &spppq; (p = *q); q = &p->pp_next) if (p == sp) { *q = p->pp_next; break; } SPPPQ_UNLOCK(); if (! spppq) { /* Stop keepalive handler. */ callout_stop(&keepalive_ch); mutex_obj_free(spppq_lock); spppq_lock = NULL; } SPPP_LOCK(sp, RW_WRITER); /* to avoid workqueue enqueued */ atomic_swap_uint(&sp->ipcp.update_addrs_enqueued, 1); workqueue_wait(sp->ipcp.update_addrs_wq, &sp->ipcp.update_addrs_wk); workqueue_destroy(sp->ipcp.update_addrs_wq); pcq_destroy(sp->ipcp.update_addrs_q); sppp_cp_fini(&lcp, sp); sppp_cp_fini(&ipcp, sp); sppp_cp_fini(&pap, sp); sppp_cp_fini(&chap, sp); #ifdef INET6 sppp_cp_fini(&ipv6cp, sp); #endif sppp_wq_destroy(sp, sp->wq_cp); /* free authentication info */ if (sp->myauth.name) free(sp->myauth.name, M_DEVBUF); if (sp->myauth.secret) free(sp->myauth.secret, M_DEVBUF); if (sp->hisauth.name) free(sp->hisauth.name, M_DEVBUF); if (sp->hisauth.secret) free(sp->hisauth.secret, M_DEVBUF); SPPP_UNLOCK(sp); rw_destroy(&sp->pp_lock); } /* * Flush the interface output queue. */ void sppp_flush(struct ifnet *ifp) { struct sppp *sp = (struct sppp *) ifp; SPPP_LOCK(sp, RW_WRITER); IFQ_PURGE(&sp->pp_if.if_snd); IF_PURGE(&sp->pp_fastq); IF_PURGE(&sp->pp_cpq); SPPP_UNLOCK(sp); } /* * Check if the output queue is empty. */ int sppp_isempty(struct ifnet *ifp) { struct sppp *sp = (struct sppp *) ifp; int empty, s; s = splnet(); SPPP_LOCK(sp, RW_READER); empty = IF_IS_EMPTY(&sp->pp_fastq) && IF_IS_EMPTY(&sp->pp_cpq) && IFQ_IS_EMPTY(&sp->pp_if.if_snd); SPPP_UNLOCK(sp); splx(s); return (empty); } /* * Get next packet to send. */ struct mbuf * sppp_dequeue(struct ifnet *ifp) { struct sppp *sp = (struct sppp *) ifp; struct mbuf *m; int s; s = splnet(); SPPP_LOCK(sp, RW_WRITER); /* * Process only the control protocol queue until we have at * least one NCP open. * * Do always serve all three queues in Cisco mode. */ IF_DEQUEUE(&sp->pp_cpq, m); if (m == NULL && (sppp_cp_check(sp, CP_NCP) || (sp->pp_flags & PP_CISCO) != 0)) { IF_DEQUEUE(&sp->pp_fastq, m); if (m == NULL) IFQ_DEQUEUE(&sp->pp_if.if_snd, m); } SPPP_UNLOCK(sp); splx(s); return m; } /* * Process an ioctl request. Called on low priority level. */ int sppp_ioctl(struct ifnet *ifp, u_long cmd, void *data) { struct lwp *l = curlwp; /* XXX */ struct ifreq *ifr = (struct ifreq *) data; struct ifaddr *ifa = (struct ifaddr *) data; struct sppp *sp = (struct sppp *) ifp; int s, error=0, going_up, going_down; u_short newmode; s = splnet(); switch (cmd) { case SIOCINITIFADDR: ifa->ifa_rtrequest = p2p_rtrequest; break; case SIOCSIFFLAGS: if ((error = ifioctl_common(ifp, cmd, data)) != 0) break; SPPP_LOCK(sp, RW_WRITER); going_up = ifp->if_flags & IFF_UP && (ifp->if_flags & IFF_RUNNING) == 0; going_down = (ifp->if_flags & IFF_UP) == 0 && ifp->if_flags & IFF_RUNNING; newmode = ifp->if_flags & (IFF_AUTO | IFF_PASSIVE); if (newmode == (IFF_AUTO | IFF_PASSIVE)) { /* sanity */ newmode = IFF_PASSIVE; ifp->if_flags &= ~IFF_AUTO; } if (going_up || going_down) { sp->lcp.reestablish = false; sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); } if (going_up && newmode == 0) { /* neither auto-dial nor passive */ ifp->if_flags |= IFF_RUNNING; if (!(sp->pp_flags & PP_CISCO)) { sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); } } else if (going_down) { SPPP_UNLOCK(sp); sppp_flush(ifp); SPPP_LOCK(sp, RW_WRITER); ifp->if_flags &= ~IFF_RUNNING; } SPPP_UNLOCK(sp); break; case SIOCSIFMTU: if (ifr->ifr_mtu < PPP_MINMRU || ifr->ifr_mtu > sp->lcp.their_mru) { error = EINVAL; break; } /*FALLTHROUGH*/ case SIOCGIFMTU: if ((error = ifioctl_common(ifp, cmd, data)) == ENETRESET) error = 0; break; case SIOCADDMULTI: case SIOCDELMULTI: break; case SPPPSETAUTHCFG: case SPPPSETLCPCFG: case SPPPSETIDLETO: case SPPPSETAUTHFAILURE: case SPPPSETDNSOPTS: case SPPPSETKEEPALIVE: #if defined(COMPAT_50) || defined(MODULAR) case __SPPPSETIDLETO50: case __SPPPSETKEEPALIVE50: #endif /* COMPAT_50 || MODULAR */ error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE, KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd, NULL); if (error) break; error = sppp_params(sp, cmd, data); break; case SPPPGETAUTHCFG: case SPPPGETLCPCFG: case SPPPGETAUTHFAILURES: error = kauth_authorize_network(l->l_cred, KAUTH_NETWORK_INTERFACE, KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, ifp, (void *)cmd, NULL); if (error) break; error = sppp_params(sp, cmd, data); break; case SPPPGETSTATUS: case SPPPGETSTATUSNCP: case SPPPGETIDLETO: case SPPPGETDNSOPTS: case SPPPGETDNSADDRS: case SPPPGETKEEPALIVE: #if defined(COMPAT_50) || defined(MODULAR) case __SPPPGETIDLETO50: case __SPPPGETKEEPALIVE50: #endif /* COMPAT_50 || MODULAR */ error = sppp_params(sp, cmd, data); break; default: error = ifioctl_common(ifp, cmd, data); break; } splx(s); return (error); } /* * Cisco framing implementation. */ /* * Handle incoming Cisco keepalive protocol packets. */ static void sppp_cisco_input(struct sppp *sp, struct mbuf *m) { STDDCL; struct cisco_packet *h; #ifdef INET uint32_t me, mymask = 0; /* XXX: GCC */ #endif SPPP_LOCK(sp, RW_WRITER); if (m->m_pkthdr.len < CISCO_PACKET_LEN) { if (debug) log(LOG_DEBUG, "%s: cisco invalid packet length: %d bytes\n", ifp->if_xname, m->m_pkthdr.len); SPPP_UNLOCK(sp); return; } h = mtod(m, struct cisco_packet *); if (debug) log(LOG_DEBUG, "%s: cisco input: %d bytes " "<0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", ifp->if_xname, m->m_pkthdr.len, ntohl(h->type), h->par1, h->par2, (u_int)h->rel, (u_int)h->time0, (u_int)h->time1); switch (ntohl(h->type)) { default: if (debug) addlog("%s: cisco unknown packet type: 0x%x\n", ifp->if_xname, ntohl(h->type)); break; case CISCO_ADDR_REPLY: /* Reply on address request, ignore */ break; case CISCO_KEEPALIVE_REQ: sp->pp_alivecnt = 0; sp->scp[IDX_LCP].rseq = ntohl(h->par1); if (sp->scp[IDX_LCP].seq == sp->scp[IDX_LCP].rseq) { /* Local and remote sequence numbers are equal. * Probably, the line is in loopback mode. */ if (sp->pp_loopcnt >= LOOPALIVECNT) { printf ("%s: loopback\n", ifp->if_xname); sp->pp_loopcnt = 0; if (ifp->if_flags & IFF_UP) { SPPP_UNLOCK(sp); if_down(ifp); SPPP_LOCK(sp, RW_WRITER); IF_PURGE(&sp->pp_cpq); } } ++sp->pp_loopcnt; /* Generate new local sequence number */ sp->scp[IDX_LCP].seq = cprng_fast32(); break; } sp->pp_loopcnt = 0; if (! (ifp->if_flags & IFF_UP) && (ifp->if_flags & IFF_RUNNING)) { SPPP_UNLOCK(sp); if_up(ifp); SPPP_LOCK(sp, RW_WRITER); } break; case CISCO_ADDR_REQ: #ifdef INET sppp_get_ip_addrs(sp, &me, 0, &mymask); if (me != 0L) sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask); #endif break; } SPPP_UNLOCK(sp); } /* * Send Cisco keepalive packet. */ static void sppp_cisco_send(struct sppp *sp, int type, int32_t par1, int32_t par2) { STDDCL; struct ppp_header *h; struct cisco_packet *ch; struct mbuf *m; uint32_t t; KASSERT(SPPP_WLOCKED(sp)); t = time_uptime * 1000; MGETHDR(m, M_DONTWAIT, MT_DATA); if (! m) return; m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; m_reset_rcvif(m); h = mtod(m, struct ppp_header *); h->address = CISCO_MULTICAST; h->control = 0; h->protocol = htons(CISCO_KEEPALIVE); ch = (struct cisco_packet *)(h + 1); ch->type = htonl(type); ch->par1 = htonl(par1); ch->par2 = htonl(par2); ch->rel = -1; ch->time0 = htons((u_short)(t >> 16)); ch->time1 = htons((u_short) t); if (debug) log(LOG_DEBUG, "%s: cisco output: <0x%x 0x%x 0x%x 0x%x 0x%x-0x%x>\n", ifp->if_xname, ntohl(ch->type), ch->par1, ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1); if (IF_QFULL(&sp->pp_cpq)) { IF_DROP(&sp->pp_fastq); IF_DROP(&ifp->if_snd); m_freem(m); if_statinc(ifp, if_oerrors); return; } if_statadd(ifp, if_obytes, m->m_pkthdr.len + sp->pp_framebytes); IF_ENQUEUE(&sp->pp_cpq, m); if (! (ifp->if_flags & IFF_OACTIVE)) { SPPP_UNLOCK(sp); if_start_lock(ifp); SPPP_LOCK(sp, RW_WRITER); } } /* * PPP protocol implementation. */ /* * Send PPP control protocol packet. */ static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type, u_char ident, u_short len, void *data) { STDDCL; struct lcp_header *lh; struct mbuf *m; size_t pkthdrlen; KASSERT(SPPP_WLOCKED(sp)); pkthdrlen = (sp->pp_flags & PP_NOFRAMING) ? 2 : PPP_HEADER_LEN; if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) len = MHLEN - pkthdrlen - LCP_HEADER_LEN; MGETHDR(m, M_DONTWAIT, MT_DATA); if (! m) { return; } m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; m_reset_rcvif(m); if (sp->pp_flags & PP_NOFRAMING) { *mtod(m, uint16_t *) = htons(proto); lh = (struct lcp_header *)(mtod(m, uint8_t *) + 2); } else { struct ppp_header *h; h = mtod(m, struct ppp_header *); h->address = PPP_ALLSTATIONS; /* broadcast address */ h->control = PPP_UI; /* Unnumbered Info */ h->protocol = htons(proto); /* Link Control Protocol */ lh = (struct lcp_header *)(h + 1); } lh->type = type; lh->ident = ident; lh->len = htons(LCP_HEADER_LEN + len); if (len) memcpy(lh + 1, data, len); if (debug) { log(LOG_DEBUG, "%s: %s output <%s id=0x%x len=%d", ifp->if_xname, sppp_proto_name(proto), sppp_cp_type_name(lh->type), lh->ident, ntohs(lh->len)); if (len) sppp_print_bytes((u_char *)(lh + 1), len); addlog(">\n"); } if (IF_QFULL(&sp->pp_cpq)) { IF_DROP(&sp->pp_fastq); IF_DROP(&ifp->if_snd); m_freem(m); if_statinc(ifp, if_oerrors); return; } if_statadd(ifp, if_obytes, m->m_pkthdr.len + sp->pp_framebytes); IF_ENQUEUE(&sp->pp_cpq, m); if (! (ifp->if_flags & IFF_OACTIVE)) { SPPP_UNLOCK(sp); if_start_lock(ifp); SPPP_LOCK(sp, RW_WRITER); } } static void sppp_cp_to_lcp(void *xsp) { struct sppp *sp = xsp; sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_to); } static void sppp_cp_to_ipcp(void *xsp) { struct sppp *sp = xsp; sppp_wq_add(sp->wq_cp, &sp->scp[IDX_IPCP].work_to); } static void sppp_cp_to_ipv6cp(void *xsp) { struct sppp *sp = xsp; sppp_wq_add(sp->wq_cp, &sp->scp[IDX_IPV6CP].work_to); } static void sppp_cp_to_pap(void *xsp) { struct sppp *sp = xsp; sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_to); } static void sppp_cp_to_chap(void *xsp) { struct sppp *sp = xsp; sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_to); } static void sppp_cp_init(const struct cp *cp, struct sppp *sp) { struct sppp_cp *scp; typedef void (*sppp_co_cb_t)(void *); static const sppp_co_cb_t to_cb[IDX_COUNT] = { [IDX_LCP] = sppp_cp_to_lcp, [IDX_IPCP] = sppp_cp_to_ipcp, [IDX_IPV6CP] = sppp_cp_to_ipv6cp, [IDX_PAP] = sppp_cp_to_pap, [IDX_CHAP] = sppp_cp_to_chap, }; scp = &sp->scp[cp->protoidx]; scp->state = STATE_INITIAL; scp->fail_counter = 0; scp->seq = 0; scp->rseq = 0; SPPP_WQ_SET(&scp->work_up, cp->Up, cp); SPPP_WQ_SET(&scp->work_down, cp->Down, cp); SPPP_WQ_SET(&scp->work_open, cp->Open, cp); SPPP_WQ_SET(&scp->work_close, cp->Close, cp); SPPP_WQ_SET(&scp->work_to, cp->TO, cp); SPPP_WQ_SET(&scp->work_rcr, sppp_rcr_event, cp); SPPP_WQ_SET(&scp->work_rca, sppp_rca_event, cp); SPPP_WQ_SET(&scp->work_rcn, sppp_rcn_event, cp); SPPP_WQ_SET(&scp->work_rtr, sppp_rtr_event, cp); SPPP_WQ_SET(&scp->work_rta, sppp_rta_event, cp); SPPP_WQ_SET(&scp->work_rxj, sppp_rxj_event, cp); callout_init(&scp->ch, CALLOUT_MPSAFE); callout_setfunc(&scp->ch, to_cb[cp->protoidx], sp); } static void sppp_cp_fini(const struct cp *cp, struct sppp *sp) { struct sppp_cp *scp; scp = &sp->scp[cp->protoidx]; sppp_wq_wait(sp->wq_cp, &scp->work_up); sppp_wq_wait(sp->wq_cp, &scp->work_down); sppp_wq_wait(sp->wq_cp, &scp->work_open); sppp_wq_wait(sp->wq_cp, &scp->work_close); sppp_wq_wait(sp->wq_cp, &scp->work_to); sppp_wq_wait(sp->wq_cp, &scp->work_rcr); sppp_wq_wait(sp->wq_cp, &scp->work_rca); sppp_wq_wait(sp->wq_cp, &scp->work_rcn); sppp_wq_wait(sp->wq_cp, &scp->work_rtr); sppp_wq_wait(sp->wq_cp, &scp->work_rta); sppp_wq_wait(sp->wq_cp, &scp->work_rxj); callout_halt(&scp->ch, NULL); callout_destroy(&scp->ch); } /* * Handle incoming PPP control protocol packets. */ static void sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m) { STDDCL; struct lcp_header *h; int printlen, len = m->m_pkthdr.len; int rv; u_char *p; uint32_t u32; SPPP_LOCK(sp, RW_WRITER); if (len < 4) { if (debug) log(LOG_DEBUG, "%s: %s invalid packet length: %d bytes\n", ifp->if_xname, cp->name, len); SPPP_UNLOCK(sp); return; } h = mtod(m, struct lcp_header *); if (debug) { printlen = ntohs(h->len); log(LOG_DEBUG, "%s: %s input(%s): <%s id=0x%x len=%d", ifp->if_xname, cp->name, sppp_state_name(sp->scp[cp->protoidx].state), sppp_cp_type_name(h->type), h->ident, printlen); if (len < printlen) printlen = len; if (printlen > 4) sppp_print_bytes((u_char *)(h + 1), printlen - 4); addlog(">\n"); } if (len > ntohs(h->len)) len = ntohs(h->len); p = (u_char *)(h + 1); switch (h->type) { case CONF_REQ: if (len < 4) { if (debug) addlog("%s: %s invalid conf-req length %d\n", ifp->if_xname, cp->name, len); if_statinc(ifp, if_ierrors); break; } rv = (cp->RCR)(sp, h, len); if (rv < 0) { /* fatal error, shut down */ (cp->tld)(sp); lcp.tlf(&lcp, sp); SPPP_UNLOCK(sp); return; } sp->scp[cp->protoidx].rconfid = h->ident; sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rcr); break; case CONF_ACK: if (h->ident != sp->scp[cp->protoidx].confid) { if (debug) addlog("%s: %s id mismatch 0x%x != 0x%x\n", ifp->if_xname, cp->name, h->ident, sp->scp[cp->protoidx].confid); if_statinc(ifp, if_ierrors); break; } sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rca); break; case CONF_NAK: case CONF_REJ: if (h->ident != sp->scp[cp->protoidx].confid) { if (debug) addlog("%s: %s id mismatch 0x%x != 0x%x\n", ifp->if_xname, cp->name, h->ident, sp->scp[cp->protoidx].confid); if_statinc(ifp, if_ierrors); break; } if (h->type == CONF_NAK) (cp->RCN_nak)(sp, h, len); else /* CONF_REJ */ (cp->RCN_rej)(sp, h, len); sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rcn); break; case TERM_REQ: sp->scp[cp->protoidx].rseq = h->ident; sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rtr); break; case TERM_ACK: sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rta); break; case CODE_REJ: /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ log(LOG_INFO, "%s: %s: ignoring RXJ (%s) for code ?, " "danger will robinson\n", ifp->if_xname, cp->name, sppp_cp_type_name(h->type)); sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rxj); break; case PROTO_REJ: { int catastrophic; const struct cp *upper; int i; uint16_t proto; catastrophic = 0; upper = NULL; proto = p[0] << 8 | p[1]; for (i = 0; i < IDX_COUNT; i++) { if (cps[i]->proto == proto) { upper = cps[i]; break; } } if (upper == NULL) catastrophic++; if (debug) log(LOG_INFO, "%s: %s: RXJ%c (%s) for proto 0x%x (%s/%s)\n", ifp->if_xname, cp->name, catastrophic ? '-' : '+', sppp_cp_type_name(h->type), proto, upper ? upper->name : "unknown", upper ? sppp_state_name(sp->scp[upper->protoidx].state) : "?"); /* * if we got RXJ+ against conf-req, the peer does not implement * this particular protocol type. terminate the protocol. */ if (upper && !catastrophic) { if (sp->scp[upper->protoidx].state == STATE_REQ_SENT) { sppp_wq_add(sp->wq_cp, &sp->scp[upper->protoidx].work_close); break; } } sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_rxj); break; } case DISC_REQ: if (cp->proto != PPP_LCP) goto illegal; /* Discard the packet. */ break; case ECHO_REQ: if (cp->proto != PPP_LCP) goto illegal; if (sp->scp[cp->protoidx].state != STATE_OPENED) { if (debug) addlog("%s: lcp echo req but lcp closed\n", ifp->if_xname); if_statinc(ifp, if_ierrors); break; } if (len < 8) { if (debug) addlog("%s: invalid lcp echo request " "packet length: %d bytes\n", ifp->if_xname, len); break; } memcpy(&u32, h + 1, sizeof u32); if (ntohl(u32) == sp->lcp.magic) { /* Line loopback mode detected. */ printf("%s: loopback\n", ifp->if_xname); SPPP_UNLOCK(sp); if_down(ifp); SPPP_LOCK(sp, RW_WRITER); IF_PURGE(&sp->pp_cpq); /* Shut down the PPP link. */ /* XXX */ sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_down); sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_up); break; } u32 = htonl(sp->lcp.magic); memcpy(h + 1, &u32, sizeof u32); if (debug) addlog("%s: got lcp echo req, sending echo rep\n", ifp->if_xname); sppp_cp_send(sp, PPP_LCP, ECHO_REPLY, h->ident, len - 4, h + 1); break; case ECHO_REPLY: if (cp->proto != PPP_LCP) goto illegal; if (h->ident != sp->lcp.echoid) { if_statinc(ifp, if_ierrors); break; } if (len < 8) { if (debug) addlog("%s: lcp invalid echo reply " "packet length: %d bytes\n", ifp->if_xname, len); break; } if (debug) addlog("%s: lcp got echo rep\n", ifp->if_xname); memcpy(&u32, h + 1, sizeof u32); if (ntohl(u32) != sp->lcp.magic) sp->pp_alivecnt = 0; break; default: /* Unknown packet type -- send Code-Reject packet. */ illegal: if (debug) addlog("%s: %s send code-rej for 0x%x\n", ifp->if_xname, cp->name, h->type); sppp_cp_send(sp, cp->proto, CODE_REJ, ++sp->scp[cp->protoidx].seq, m->m_pkthdr.len, h); if_statinc(ifp, if_ierrors); } SPPP_UNLOCK(sp); } /* * The generic part of all Up/Down/Open/Close/TO event handlers. * Basically, the state transition handling in the automaton. */ static void sppp_up_event(struct sppp *sp, void *xcp) { const struct cp *cp = xcp; STDDCL; KASSERT(SPPP_WLOCKED(sp)); if ((cp->flags & CP_AUTH) != 0 && sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) return; if (debug) log(LOG_DEBUG, "%s: %s up(%s)\n", ifp->if_xname, cp->name, sppp_state_name(sp->scp[cp->protoidx].state)); switch (sp->scp[cp->protoidx].state) { case STATE_INITIAL: sppp_cp_change_state(cp, sp, STATE_CLOSED); break; case STATE_STARTING: sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; (cp->scr)(sp); sppp_cp_change_state(cp, sp, STATE_REQ_SENT); break; default: printf("%s: %s illegal up in state %s\n", ifp->if_xname, cp->name, sppp_state_name(sp->scp[cp->protoidx].state)); } } static void sppp_down_event(struct sppp *sp, void *xcp) { const struct cp *cp = xcp; STDDCL; KASSERT(SPPP_WLOCKED(sp)); if ((cp->flags & CP_AUTH) != 0 && sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) return; if (debug) log(LOG_DEBUG, "%s: %s down(%s)\n", ifp->if_xname, cp->name, sppp_state_name(sp->scp[cp->protoidx].state)); switch (sp->scp[cp->protoidx].state) { case STATE_CLOSED: case STATE_CLOSING: sppp_cp_change_state(cp, sp, STATE_INITIAL); break; case STATE_STOPPED: (cp->tls)(cp, sp); /* fall through */ case STATE_STOPPING: case STATE_REQ_SENT: case STATE_ACK_RCVD: case STATE_ACK_SENT: sppp_cp_change_state(cp, sp, STATE_STARTING); break; case STATE_OPENED: (cp->tld)(sp); sppp_cp_change_state(cp, sp, STATE_STARTING); break; default: printf("%s: %s illegal down in state %s\n", ifp->if_xname, cp->name, sppp_state_name(sp->scp[cp->protoidx].state)); } } static void sppp_open_event(struct sppp *sp, void *xcp) { const struct cp *cp = xcp; STDDCL; KASSERT(SPPP_WLOCKED(sp)); if ((cp->flags & CP_AUTH) != 0 && sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) return; if (debug) log(LOG_DEBUG, "%s: %s open(%s)\n", ifp->if_xname, cp->name, sppp_state_name(sp->scp[cp->protoidx].state)); switch (sp->scp[cp->protoidx].state) { case STATE_INITIAL: sppp_cp_change_state(cp, sp, STATE_STARTING); (cp->tls)(cp, sp); break; case STATE_STARTING: break; case STATE_CLOSED: sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; (cp->scr)(sp); sppp_cp_change_state(cp, sp, STATE_REQ_SENT); break; case STATE_STOPPED: case STATE_STOPPING: case STATE_REQ_SENT: case STATE_ACK_RCVD: case STATE_ACK_SENT: case STATE_OPENED: break; case STATE_CLOSING: sppp_cp_change_state(cp, sp, STATE_STOPPING); break; } } static void sppp_close_event(struct sppp *sp, void *xcp) { const struct cp *cp = xcp; STDDCL; KASSERT(SPPP_WLOCKED(sp)); if ((cp->flags & CP_AUTH) != 0 && sppp_auth_role(cp, sp) == SPPP_AUTH_NOROLE) return; if (debug) log(LOG_DEBUG, "%s: %s close(%s)\n", ifp->if_xname, cp->name, sppp_state_name(sp->scp[cp->protoidx].state)); switch (sp->scp[cp->protoidx].state) { case STATE_INITIAL: case STATE_CLOSED: case STATE_CLOSING: break; case STATE_STARTING: sppp_cp_change_state(cp, sp, STATE_INITIAL); (cp->tlf)(cp, sp); break; case STATE_STOPPED: sppp_cp_change_state(cp, sp, STATE_CLOSED); break; case STATE_STOPPING: sppp_cp_change_state(cp, sp, STATE_CLOSING); break; case STATE_OPENED: (cp->tld)(sp); /* fall through */ case STATE_REQ_SENT: case STATE_ACK_RCVD: case STATE_ACK_SENT: sp->scp[cp->protoidx].rst_counter = sp->lcp.max_terminate; if ((cp->flags & CP_AUTH) == 0) { sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->scp[cp->protoidx].seq, 0, 0); } sppp_cp_change_state(cp, sp, STATE_CLOSING); break; } } static void sppp_to_event(struct sppp *sp, void *xcp) { const struct cp *cp = xcp; int s; STDDCL; KASSERT(SPPP_WLOCKED(sp)); s = splnet(); if (debug) log(LOG_DEBUG, "%s: %s TO(%s) rst_counter = %d\n", ifp->if_xname, cp->name, sppp_state_name(sp->scp[cp->protoidx].state), sp->scp[cp->protoidx].rst_counter); if (--sp->scp[cp->protoidx].rst_counter < 0) /* TO- event */ switch (sp->scp[cp->protoidx].state) { case STATE_CLOSING: sppp_cp_change_state(cp, sp, STATE_CLOSED); (cp->tlf)(cp, sp); break; case STATE_STOPPING: sppp_cp_change_state(cp, sp, STATE_STOPPED); (cp->tlf)(cp, sp); break; case STATE_REQ_SENT: case STATE_ACK_RCVD: case STATE_ACK_SENT: sppp_cp_change_state(cp, sp, STATE_STOPPED); (cp->tlf)(cp, sp); break; } else /* TO+ event */ switch (sp->scp[cp->protoidx].state) { case STATE_CLOSING: case STATE_STOPPING: if ((cp->flags & CP_AUTH) == 0) { sppp_cp_send(sp, cp->proto, TERM_REQ, ++sp->scp[cp->protoidx].seq, 0, 0); } callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); break; case STATE_REQ_SENT: case STATE_ACK_RCVD: (cp->scr)(sp); /* sppp_cp_change_state() will restart the timer */ sppp_cp_change_state(cp, sp, STATE_REQ_SENT); break; case STATE_ACK_SENT: (cp->scr)(sp); callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); break; } splx(s); } static void sppp_rcr_event(struct sppp *sp, void *xcp) { const struct cp *cp = xcp; u_char type; void *buf; size_t blen; STDDCL; type = sp->scp[cp->protoidx].rcr_type; buf = sp->scp[cp->protoidx].rcr_buf; blen = sp->scp[cp->protoidx].rcr_blen; if (type == CONF_ACK) { /* RCR+ event */ switch (sp->scp[cp->protoidx].state) { case STATE_OPENED: sppp_cp_change_state(cp, sp, STATE_ACK_SENT); cp->tld(sp); cp->scr(sp); cp->scan(cp, sp); break; case STATE_ACK_SENT: case STATE_REQ_SENT: sppp_cp_change_state(cp, sp, STATE_ACK_SENT); cp->scan(cp, sp); break; case STATE_STOPPED: sppp_cp_change_state(cp, sp, STATE_ACK_SENT); cp->scr(sp); cp->scan(cp, sp); break; case STATE_ACK_RCVD: sppp_cp_change_state(cp, sp, STATE_OPENED); if (debug) log(LOG_DEBUG, "%s: %s tlu\n", ifp->if_xname, cp->name); cp->tlu(sp); cp->scan(cp, sp); break; case STATE_CLOSING: case STATE_STOPPING: if (buf != NULL) { sp->scp[cp->protoidx].rcr_buf = NULL; sp->scp[cp->protoidx].rcr_blen = 0; kmem_free(buf, blen); } break; case STATE_CLOSED: if ((cp->flags & CP_AUTH) == 0) { sppp_cp_send(sp, cp->proto, TERM_ACK, sp->scp[cp->protoidx].rconfid, 0, 0); } break; default: printf("%s: %s illegal RCR+ in state %s\n", ifp->if_xname, cp->name, sppp_state_name(sp->scp[cp->protoidx].state)); if_statinc(ifp, if_ierrors); } } else { /* RCR- event */ switch (sp->scp[cp->protoidx].state) { case STATE_OPENED: sppp_cp_change_state(cp, sp, STATE_REQ_SENT); cp->tld(sp); cp->scr(sp); cp->scan(cp, sp); break; case STATE_ACK_SENT: case STATE_REQ_SENT: sppp_cp_change_state(cp, sp, STATE_REQ_SENT); cp->scan(cp, sp); break; case STATE_STOPPED: sppp_cp_change_state(cp, sp, STATE_REQ_SENT); cp->scr(sp); cp->scan(cp, sp); break; case STATE_ACK_RCVD: sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); cp->scan(cp, sp); break; case STATE_CLOSING: case STATE_STOPPING: if (buf != NULL) { sp->scp[cp->protoidx].rcr_buf = NULL; sp->scp[cp->protoidx].rcr_blen = 0; kmem_free(buf, blen); } break; case STATE_CLOSED: sppp_cp_change_state(cp, sp, STATE_CLOSED); if ((cp->flags & CP_AUTH) == 0) { sppp_cp_send(sp, cp->proto, TERM_ACK, sp->scp[cp->protoidx].rconfid, 0, 0); } break; default: printf("%s: %s illegal RCR- in state %s\n", ifp->if_xname, cp->name, sppp_state_name(sp->scp[cp->protoidx].state)); if_statinc(ifp, if_ierrors); } } } static void sppp_rca_event(struct sppp *sp, void *xcp) { const struct cp *cp = xcp; STDDCL; switch (sp->scp[cp->protoidx].state) { case STATE_CLOSED: case STATE_STOPPED: if ((cp->flags & CP_AUTH) == 0) { sppp_cp_send(sp, cp->proto, TERM_ACK, sp->scp[cp->protoidx].rconfid, 0, 0); } break; case STATE_CLOSING: case STATE_STOPPING: break; case STATE_REQ_SENT: sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); break; case STATE_OPENED: (cp->tld)(sp); /* fall through */ case STATE_ACK_RCVD: (cp->scr)(sp); sppp_cp_change_state(cp, sp, STATE_REQ_SENT); break; case STATE_ACK_SENT: sppp_cp_change_state(cp, sp, STATE_OPENED); sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; if (debug) log(LOG_DEBUG, "%s: %s tlu\n", ifp->if_xname, cp->name); (cp->tlu)(sp); break; default: printf("%s: %s illegal RCA in state %s\n", ifp->if_xname, cp->name, sppp_state_name(sp->scp[cp->protoidx].state)); if_statinc(ifp, if_ierrors); } } static void sppp_rcn_event(struct sppp *sp, void *xcp) { const struct cp *cp = xcp; struct ifnet *ifp = &sp->pp_if; switch (sp->scp[cp->protoidx].state) { case STATE_CLOSED: case STATE_STOPPED: if ((cp->flags & CP_AUTH) == 0) { sppp_cp_send(sp, cp->proto, TERM_ACK, sp->scp[cp->protoidx].rconfid, 0, 0); } break; case STATE_REQ_SENT: case STATE_ACK_SENT: sp->scp[cp->protoidx].rst_counter = sp->lcp.max_configure; (cp->scr)(sp); break; case STATE_OPENED: (cp->tld)(sp); /* fall through */ case STATE_ACK_RCVD: sppp_cp_change_state(cp, sp, STATE_ACK_SENT); (cp->scr)(sp); break; case STATE_CLOSING: case STATE_STOPPING: break; default: printf("%s: %s illegal RCN in state %s\n", ifp->if_xname, cp->name, sppp_state_name(sp->scp[cp->protoidx].state)); if_statinc(ifp, if_ierrors); } } static void sppp_rtr_event(struct sppp *sp, void *xcp) { const struct cp *cp = xcp; STDDCL; switch (sp->scp[cp->protoidx].state) { case STATE_ACK_RCVD: case STATE_ACK_SENT: sppp_cp_change_state(cp, sp, STATE_REQ_SENT); break; case STATE_CLOSED: case STATE_STOPPED: case STATE_CLOSING: case STATE_STOPPING: case STATE_REQ_SENT: break; case STATE_OPENED: (cp->tld)(sp); sp->scp[cp->protoidx].rst_counter = 0; sppp_cp_change_state(cp, sp, STATE_STOPPING); break; default: printf("%s: %s illegal RTR in state %s\n", ifp->if_xname, cp->name, sppp_state_name(sp->scp[cp->protoidx].state)); if_statinc(ifp, if_ierrors); return; } /* Send Terminate-Ack packet. */ if (debug) log(LOG_DEBUG, "%s: %s send terminate-ack\n", ifp->if_xname, cp->name); if ((cp->flags & CP_AUTH) == 0) { sppp_cp_send(sp, cp->proto, TERM_ACK, sp->scp[cp->protoidx].rseq, 0, 0); } } static void sppp_rta_event(struct sppp *sp, void *xcp) { const struct cp *cp = xcp; struct ifnet *ifp = &sp->pp_if; switch (sp->scp[cp->protoidx].state) { case STATE_CLOSED: case STATE_STOPPED: case STATE_REQ_SENT: case STATE_ACK_SENT: break; case STATE_CLOSING: sppp_cp_change_state(cp, sp, STATE_CLOSED); (cp->tlf)(cp, sp); break; case STATE_STOPPING: sppp_cp_change_state(cp, sp, STATE_STOPPED); (cp->tlf)(cp, sp); break; case STATE_ACK_RCVD: sppp_cp_change_state(cp, sp, STATE_REQ_SENT); break; case STATE_OPENED: (cp->tld)(sp); (cp->scr)(sp); sppp_cp_change_state(cp, sp, STATE_ACK_RCVD); break; default: printf("%s: %s illegal RTA in state %s\n", ifp->if_xname, cp->name, sppp_state_name(sp->scp[cp->protoidx].state)); if_statinc(ifp, if_ierrors); } } static void sppp_rxj_event(struct sppp *sp, void *xcp) { const struct cp *cp = xcp; struct ifnet *ifp = &sp->pp_if; /* XXX catastrophic rejects (RXJ-) aren't handled yet. */ switch (sp->scp[cp->protoidx].state) { case STATE_CLOSED: case STATE_STOPPED: case STATE_REQ_SENT: case STATE_ACK_SENT: case STATE_CLOSING: case STATE_STOPPING: case STATE_OPENED: break; case STATE_ACK_RCVD: sppp_cp_change_state(cp, sp, STATE_REQ_SENT); break; default: printf("%s: %s illegal RXJ- in state %s\n", ifp->if_xname, cp->name, sppp_state_name(sp->scp[cp->protoidx].state)); if_statinc(ifp, if_ierrors); } } /* * Change the state of a control protocol in the state automaton. * Takes care of starting/stopping the restart timer. */ void sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate) { KASSERT(SPPP_WLOCKED(sp)); sp->scp[cp->protoidx].state = newstate; callout_stop(&sp->scp[cp->protoidx].ch); switch (newstate) { case STATE_INITIAL: case STATE_STARTING: case STATE_CLOSED: case STATE_STOPPED: case STATE_OPENED: break; case STATE_CLOSING: case STATE_STOPPING: case STATE_REQ_SENT: case STATE_ACK_RCVD: case STATE_ACK_SENT: callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); break; } } /* *--------------------------------------------------------------------------* * * * The LCP implementation. * * * *--------------------------------------------------------------------------* */ static void sppp_lcp_init(struct sppp *sp) { KASSERT(SPPP_WLOCKED(sp)); sppp_cp_init(&lcp, sp); sp->lcp.opts = (1 << LCP_OPT_MAGIC); sp->lcp.magic = 0; sp->lcp.protos = 0; sp->lcp.max_terminate = 2; sp->lcp.max_configure = 10; sp->lcp.max_failure = 10; /* * Initialize counters and timeout values. Note that we don't * use the 3 seconds suggested in RFC 1661 since we are likely * running on a fast link. XXX We should probably implement * the exponential backoff option. Note that these values are * relevant for all control protocols, not just LCP only. */ sp->lcp.timeout = 1 * hz; } static void sppp_lcp_up(struct sppp *sp, void *xcp) { const struct cp *cp = xcp; int pidx; STDDCL; KASSERT(SPPP_WLOCKED(sp)); pidx = cp->protoidx; /* Initialize activity timestamp: opening a connection is an activity */ sp->pp_last_receive = sp->pp_last_activity = time_uptime; /* * If this interface is passive or dial-on-demand, and we are * still in Initial state, it means we've got an incoming * call. Activate the interface. */ if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) { if (debug) log(LOG_DEBUG, "%s: Up event", ifp->if_xname); ifp->if_flags |= IFF_RUNNING; if (sp->scp[pidx].state == STATE_INITIAL) { if (debug) addlog("(incoming call)\n"); sp->pp_flags |= PP_CALLIN; sppp_wq_add(sp->wq_cp, &sp->scp[pidx].work_open); } else if (debug) addlog("\n"); } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 && (sp->scp[IDX_LCP].state == STATE_INITIAL)) { ifp->if_flags |= IFF_RUNNING; sppp_wq_add(sp->wq_cp, &sp->scp[pidx].work_open); } sppp_up_event(sp, xcp); } static void sppp_lcp_down(struct sppp *sp, void *xcp) { const struct cp *cp = xcp; int pidx; STDDCL; KASSERT(SPPP_WLOCKED(sp)); pidx = cp->protoidx; sppp_down_event(sp, xcp); /* * If this is neither a dial-on-demand nor a passive * interface, simulate an ``ifconfig down'' action, so the * administrator can force a redial by another ``ifconfig * up''. XXX For leased line operation, should we immediately * try to reopen the connection here? */ if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) { if (debug) log(LOG_INFO, "%s: Down event (carrier loss), taking interface down.\n", ifp->if_xname); SPPP_UNLOCK(sp); if_down(ifp); SPPP_LOCK(sp, RW_WRITER); if (sp->lcp.reestablish) sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_open); } else { if (debug) log(LOG_DEBUG, "%s: Down event (carrier loss)\n", ifp->if_xname); } sp->scp[pidx].fail_counter = 0; sp->pp_flags &= ~PP_CALLIN; if (sp->scp[pidx].state != STATE_INITIAL) sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); ifp->if_flags &= ~IFF_RUNNING; } static void sppp_lcp_open(struct sppp *sp, void *xcp) { KASSERT(SPPP_WLOCKED(sp)); sp->lcp.reestablish = false; if (sp->pp_if.if_mtu < PP_MTU) { sp->lcp.mru = sp->pp_if.if_mtu; sp->lcp.opts |= (1 << LCP_OPT_MRU); } else sp->lcp.mru = PP_MTU; sp->lcp.their_mru = PP_MTU; /* * If we are authenticator, negotiate LCP_AUTH */ if (sp->hisauth.proto != 0) sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); else sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); sp->pp_flags &= ~PP_NEEDAUTH; sppp_open_event(sp, xcp); } /* * Analyze a configure request. Return true if it was agreeable, and * caused action sca, false if it has been rejected or nak'ed, and * caused action scn. (The return value is used to make the state * transition decision in the state automaton.) */ static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int origlen) { STDDCL; u_char *buf, *r, *p, l, blen, type; int len, rlen; uint32_t nmagic; u_short authproto; KASSERT(SPPP_WLOCKED(sp)); if (origlen < sizeof(*h)) return 0; origlen -= sizeof(*h); type = 0; if (origlen <= 0) return 0; else blen = origlen; buf = kmem_intr_alloc(blen, KM_NOSLEEP); if (buf == NULL) return 0; if (debug) log(LOG_DEBUG, "%s: lcp parse opts:", ifp->if_xname); /* pass 1: check for things that need to be rejected */ p = (void *)(h + 1); r = buf; rlen = 0; for (len = origlen; len > 1; len-= l, p += l) { l = p[1]; if (l == 0) break; /* Sanity check option length */ if (l > len) { /* * Malicious option - drop immediately. * XXX Maybe we should just RXJ it? */ addlog("%s: received malicious LCP option 0x%02x, " "length 0x%02x, (len: 0x%02x) dropping.\n", ifp->if_xname, p[0], l, len); rlen = -1; goto end; } if (debug) addlog(" %s", sppp_lcp_opt_name(*p)); switch (p[0]) { case LCP_OPT_MAGIC: /* Magic number. */ /* fall through, both are same length */ case LCP_OPT_ASYNC_MAP: /* Async control character map. */ if (len >= 6 || l == 6) continue; if (debug) addlog(" [invalid]"); break; case LCP_OPT_MP_EID: if (len >= l && l >= 3) { switch (p[2]) { case 0: if (l==3+ 0) continue;break; case 2: if (l==3+ 4) continue;break; case 3: if (l==3+ 6) continue;break; case 6: if (l==3+16) continue;break; case 1: /* FALLTHROUGH */ case 4: if (l<=3+20) continue;break; case 5: if (l<=3+15) continue;break; /* XXX should it be default: continue;? */ } } if (debug) addlog(" [invalid class %d len %d]", p[2], l); break; case LCP_OPT_MP_SSNHF: if (len >= 2 && l == 2) { if (debug) addlog(" [rej]"); break; } if (debug) addlog(" [invalid]"); break; case LCP_OPT_MP_MRRU: /* Multilink maximum received reconstructed unit */ /* should be fall through, both are same length */ /* FALLTHROUGH */ case LCP_OPT_MRU: /* Maximum receive unit. */ if (len >= 4 && l == 4) continue; if (debug) addlog(" [invalid]"); break; case LCP_OPT_AUTH_PROTO: if (len < 4) { if (debug) addlog(" [invalid]"); break; } authproto = (p[2] << 8) + p[3]; if (authproto == PPP_CHAP && l != 5) { if (debug) addlog(" [invalid chap len]"); break; } if (sp->myauth.proto == 0) { /* we are not configured to do auth */ if (debug) addlog(" [not configured]"); break; } /* * Remote want us to authenticate, remember this, * so we stay in SPPP_PHASE_AUTHENTICATE after LCP got * up. */ sp->pp_flags |= PP_NEEDAUTH; continue; default: /* Others not supported. */ if (debug) addlog(" [rej]"); break; } if (rlen + l > blen) { if (debug) addlog(" [overflow]"); continue; } /* Add the option to rejected list. */ memcpy(r, p, l); r += l; rlen += l; } if (rlen > 0) { type = CONF_REJ; goto end; } if (debug) addlog("\n"); /* * pass 2: check for option values that are unacceptable and * thus require to be nak'ed. */ if (debug) log(LOG_DEBUG, "%s: lcp parse opt values: ", ifp->if_xname); p = (void *)(h + 1); r = buf; rlen = 0; for (len = origlen; len > 0; len -= l, p += l) { l = p[1]; if (l == 0) break; if (debug) addlog(" %s", sppp_lcp_opt_name(*p)); switch (p[0]) { case LCP_OPT_MAGIC: /* Magic number -- extract. */ nmagic = (uint32_t)p[2] << 24 | (uint32_t)p[3] << 16 | p[4] << 8 | p[5]; if (nmagic != sp->lcp.magic) { if (debug) addlog(" 0x%x", nmagic); continue; } /* * Local and remote magics equal -- loopback? */ if (sp->pp_loopcnt >= LOOPALIVECNT*5) { printf ("%s: loopback\n", ifp->if_xname); sp->pp_loopcnt = 0; if (ifp->if_flags & IFF_UP) { SPPP_UNLOCK(sp); if_down(ifp); SPPP_LOCK(sp, RW_WRITER); IF_PURGE(&sp->pp_cpq); /* XXX ? */ sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_down); sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_up); } } else if (debug) addlog(" [glitch]"); ++sp->pp_loopcnt; /* * We negate our magic here, and NAK it. If * we see it later in an NAK packet, we * suggest a new one. */ nmagic = ~sp->lcp.magic; /* Gonna NAK it. */ p[2] = nmagic >> 24; p[3] = nmagic >> 16; p[4] = nmagic >> 8; p[5] = nmagic; break; case LCP_OPT_ASYNC_MAP: /* * Async control character map -- just ignore it. * * Quote from RFC 1662, chapter 6: * To enable this functionality, synchronous PPP * implementations MUST always respond to the * Async-Control-Character-Map Configuration * Option with the LCP Configure-Ack. However, * acceptance of the Configuration Option does * not imply that the synchronous implementation * will do any ACCM mapping. Instead, all such * octet mapping will be performed by the * asynchronous-to-synchronous converter. */ continue; case LCP_OPT_MRU: /* * Maximum receive unit. Always agreeable, * but ignored by now. */ sp->lcp.their_mru = p[2] * 256 + p[3]; if (debug) addlog(" %ld", sp->lcp.their_mru); continue; case LCP_OPT_AUTH_PROTO: authproto = (p[2] << 8) + p[3]; if (sp->myauth.proto != authproto) { /* not agreed, nak */ if (debug) addlog(" [mine %s != his %s]", sppp_proto_name(sp->myauth.proto), sppp_proto_name(authproto)); p[2] = sp->myauth.proto >> 8; p[3] = sp->myauth.proto; break; } if (authproto == PPP_CHAP && p[4] != CHAP_MD5) { if (debug) addlog(" [chap not MD5]"); p[4] = CHAP_MD5; break; } continue; case LCP_OPT_MP_EID: /* * Endpoint identification. * Always agreeable, * but ignored by now. */ if (debug) { addlog(" type %d", p[2]); sppp_print_bytes(p+3, p[1]-3); } continue; case LCP_OPT_MP_MRRU: /* * Maximum received reconstructed unit. * Always agreeable, * but ignored by now. */ sp->lcp.their_mrru = p[2] * 256 + p[3]; if (debug) addlog(" %ld", sp->lcp.their_mrru); continue; } if (rlen + l > blen) { if (debug) addlog(" [overflow]"); continue; } /* Add the option to nak'ed list. */ memcpy(r, p, l); r += l; rlen += l; } if (rlen > 0) { if (++sp->scp[IDX_LCP].fail_counter >= sp->lcp.max_failure) { if (debug) addlog(" max_failure (%d) exceeded, ", sp->lcp.max_failure); type = CONF_REJ; } else { type = CONF_NAK; } } else { type = CONF_ACK; rlen = origlen; memcpy(r, h + 1, rlen); sp->scp[IDX_LCP].fail_counter = 0; sp->pp_loopcnt = 0; } end: if (debug) addlog("\n"); if (sp->scp[IDX_LCP].rcr_buf != NULL) { kmem_intr_free(sp->scp[IDX_LCP].rcr_buf, sp->scp[IDX_LCP].rcr_blen); } if (rlen < 0) { kmem_intr_free(buf, blen); sp->scp[IDX_IPCP].rcr_buf = NULL; sp->scp[IDX_IPCP].rcr_rlen = 0; return -1; } sp->scp[IDX_LCP].rcr_type = type; sp->scp[IDX_LCP].rcr_buf = buf; sp->scp[IDX_LCP].rcr_blen = blen; sp->scp[IDX_LCP].rcr_rlen = rlen; if (type != CONF_ACK) return 0; return 1; } /* * Analyze the LCP Configure-Reject option list, and adjust our * negotiation. */ static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) { STDDCL; u_char *p, l; KASSERT(SPPP_WLOCKED(sp)); if (len <= sizeof(*h)) return; len -= sizeof(*h); if (debug) log(LOG_DEBUG, "%s: lcp rej opts:", ifp->if_xname); p = (void *)(h + 1); for (; len > 1 && (l = p[1]) != 0; len -= l, p += l) { /* Sanity check option length */ if (l > len) { /* * Malicious option - drop immediately. * XXX Maybe we should just RXJ it? */ addlog("%s: received malicious LCP option, " "dropping.\n", ifp->if_xname); goto end; } if (debug) addlog(" %s", sppp_lcp_opt_name(*p)); switch (p[0]) { case LCP_OPT_MAGIC: /* Magic number -- can't use it, use 0 */ sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC); sp->lcp.magic = 0; break; case LCP_OPT_MRU: /* * We try to negotiate a lower MRU if the underlying * link's MTU is less than PP_MTU (e.g. PPPoE). If the * peer rejects this lower rate, fallback to the * default. */ if (debug) { addlog("%s: warning: peer rejected our MRU of " "%ld bytes. Defaulting to %d bytes\n", ifp->if_xname, sp->lcp.mru, PP_MTU); } sp->lcp.opts &= ~(1 << LCP_OPT_MRU); sp->lcp.mru = PP_MTU; break; case LCP_OPT_AUTH_PROTO: /* * Peer doesn't want to authenticate himself, * deny unless this is a dialout call, and * SPPP_AUTHFLAG_NOCALLOUT is set. */ if ((sp->pp_flags & PP_CALLIN) == 0 && (sp->hisauth.flags & SPPP_AUTHFLAG_NOCALLOUT) != 0) { if (debug) addlog(" [don't insist on auth " "for callout]"); sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); break; } if (debug) addlog("[access denied]\n"); sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); break; } } if (debug) addlog("\n"); end: return; } /* * Analyze the LCP Configure-NAK option list, and adjust our * negotiation. */ static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) { STDDCL; u_char *p, l; uint32_t magic; KASSERT(SPPP_WLOCKED(sp)); if (len <= sizeof(*h)) return; len -= sizeof(*h); if (debug) log(LOG_DEBUG, "%s: lcp nak opts:", ifp->if_xname); p = (void *)(h + 1); for (; len > 1 && (l = p[1]) != 0; len -= l, p += l) { /* Sanity check option length */ if (l > len) { /* * Malicious option - drop immediately. * XXX Maybe we should just RXJ it? */ addlog("%s: received malicious LCP option, " "dropping.\n", ifp->if_xname); goto end; } if (debug) addlog(" %s", sppp_lcp_opt_name(*p)); switch (p[0]) { case LCP_OPT_MAGIC: /* Magic number -- renegotiate */ if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) && len >= 6 && l == 6) { magic = (uint32_t)p[2] << 24 | (uint32_t)p[3] << 16 | p[4] << 8 | p[5]; /* * If the remote magic is our negated one, * this looks like a loopback problem. * Suggest a new magic to make sure. */ if (magic == ~sp->lcp.magic) { if (debug) addlog(" magic glitch"); sp->lcp.magic = cprng_fast32(); } else { sp->lcp.magic = magic; if (debug) addlog(" %d", magic); } } break; case LCP_OPT_MRU: /* * Peer wants to advise us to negotiate an MRU. * Agree on it if it's reasonable, or use * default otherwise. */ if (len >= 4 && l == 4) { u_int mru = p[2] * 256 + p[3]; if (debug) addlog(" %d", mru); if (mru < PPP_MINMRU || mru > sp->pp_if.if_mtu) mru = sp->pp_if.if_mtu; sp->lcp.mru = mru; sp->lcp.opts |= (1 << LCP_OPT_MRU); } break; case LCP_OPT_AUTH_PROTO: /* * Peer doesn't like our authentication method, * deny. */ if (debug) addlog("[access denied]\n"); sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); break; } } if (debug) addlog("\n"); end: return; } static void sppp_lcp_tlu(struct sppp *sp) { struct ifnet *ifp = &sp->pp_if; int i; KASSERT(SPPP_WLOCKED(sp)); /* XXX ? */ if (! (ifp->if_flags & IFF_UP) && (ifp->if_flags & IFF_RUNNING)) { /* Coming out of loopback mode. */ SPPP_UNLOCK(sp); if_up(ifp); SPPP_LOCK(sp, RW_WRITER); } if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 || (sp->pp_flags & PP_NEEDAUTH) != 0) sppp_change_phase(sp, SPPP_PHASE_AUTHENTICATE); else sppp_change_phase(sp, SPPP_PHASE_NETWORK); /* * Open all authentication protocols. This is even required * if we already proceeded to network phase, since it might be * that remote wants us to authenticate, so we might have to * send a PAP request. Undesired authentication protocols * don't do anything when they get an Open event. */ for (i = 0; i < IDX_COUNT; i++) if ((cps[i])->flags & CP_AUTH) { sppp_wq_add(sp->wq_cp, &sp->scp[(cps[i])->protoidx].work_open); } if (sp->pp_phase == SPPP_PHASE_NETWORK) { /* Notify all NCPs. */ for (i = 0; i < IDX_COUNT; i++) if ((cps[i])->flags & CP_NCP) { sppp_wq_add(sp->wq_cp, &sp->scp[(cps[i])->protoidx].work_open); } } /* notify low-level driver of state change */ sppp_notify_chg_wlocked(sp); } static void sppp_lcp_tld(struct sppp *sp) { int i, pi, phase; KASSERT(SPPP_WLOCKED(sp)); phase = sp->pp_phase; sppp_change_phase(sp, SPPP_PHASE_TERMINATE); /* * Take upper layers down. We send the Down event first and * the Close second to prevent the upper layers from sending * ``a flurry of terminate-request packets'', as the RFC * describes it. */ for (i = 0; i < IDX_COUNT; i++) { pi = (cps[i])->protoidx; if (((cps[i])->flags & CP_LCP) == 0) { /* skip if ncp was not started */ if (phase != SPPP_PHASE_NETWORK && ((cps[i])->flags & CP_NCP) != 0) continue; sppp_wq_add(sp->wq_cp, &sp->scp[pi].work_down); sppp_wq_add(sp->wq_cp, &sp->scp[pi].work_close); } } } static void sppp_lcp_tls(const struct cp *cp __unused, struct sppp *sp) { KASSERT(SPPP_WLOCKED(sp)); if (sp->pp_max_auth_fail != 0 && sp->pp_auth_failures >= sp->pp_max_auth_fail) { printf("%s: authentication failed %d times, not retrying again\n", sp->pp_if.if_xname, sp->pp_auth_failures); SPPP_UNLOCK(sp); if_down(&sp->pp_if); SPPP_LOCK(sp, RW_WRITER); return; } sppp_change_phase(sp, SPPP_PHASE_ESTABLISH); /* Notify lower layer if desired. */ sppp_notify_tls_wlocked(sp); } static void sppp_lcp_tlf(const struct cp *cp __unused, struct sppp *sp) { KASSERT(SPPP_WLOCKED(sp)); sppp_change_phase(sp, SPPP_PHASE_DEAD); /* Notify lower layer if desired. */ sppp_notify_tlf_wlocked(sp); } static void sppp_lcp_scr(struct sppp *sp) { char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */]; int i = 0; u_short authproto; KASSERT(SPPP_WLOCKED(sp)); if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) { if (! sp->lcp.magic) sp->lcp.magic = cprng_fast32(); opt[i++] = LCP_OPT_MAGIC; opt[i++] = 6; opt[i++] = sp->lcp.magic >> 24; opt[i++] = sp->lcp.magic >> 16; opt[i++] = sp->lcp.magic >> 8; opt[i++] = sp->lcp.magic; } if (sp->lcp.opts & (1 << LCP_OPT_MRU)) { opt[i++] = LCP_OPT_MRU; opt[i++] = 4; opt[i++] = sp->lcp.mru >> 8; opt[i++] = sp->lcp.mru; } if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) { authproto = sp->hisauth.proto; opt[i++] = LCP_OPT_AUTH_PROTO; opt[i++] = authproto == PPP_CHAP? 5: 4; opt[i++] = authproto >> 8; opt[i++] = authproto; if (authproto == PPP_CHAP) opt[i++] = CHAP_MD5; } sp->scp[IDX_LCP].confid = ++sp->scp[IDX_LCP].seq; sppp_cp_send(sp, PPP_LCP, CONF_REQ, sp->scp[IDX_LCP].confid, i, &opt); } /* * Check the open NCPs, return true if at least one NCP is open. */ static int sppp_cp_check(struct sppp *sp, u_char cp_flags) { int i, mask; for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1) if ((sp->lcp.protos & mask) && (cps[i])->flags & cp_flags) return 1; return 0; } /* * Re-check the open NCPs and see if we should terminate the link. * Called by the NCPs during their tlf action handling. */ static void sppp_lcp_check_and_close(struct sppp *sp) { KASSERT(SPPP_WLOCKED(sp)); if (sp->pp_phase < SPPP_PHASE_AUTHENTICATE) { /* don't bother, we are already going down */ return; } if (sp->pp_phase == SPPP_PHASE_AUTHENTICATE && sppp_cp_check(sp, CP_AUTH)) return; if (sp->pp_phase >= SPPP_PHASE_NETWORK && sppp_cp_check(sp, CP_NCP)) return; sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); } /* *--------------------------------------------------------------------------* * * * The IPCP implementation. * * * *--------------------------------------------------------------------------* */ static void sppp_ipcp_init(struct sppp *sp) { int error; KASSERT(SPPP_WLOCKED(sp)); sppp_cp_init(&ipcp, sp); sp->ipcp.opts = 0; sp->ipcp.flags = 0; error = workqueue_create(&sp->ipcp.update_addrs_wq, "ipcp_addr", sppp_update_ip_addrs_work, sp, PRI_SOFTNET, IPL_NET, 0); if (error) panic("%s: update_addrs workqueue_create failed (%d)\n", __func__, error); sp->ipcp.update_addrs_q = pcq_create(IPCP_UPDATE_LIMIT, KM_SLEEP); sp->ipcp.update_addrs_enqueued = 0; } static void sppp_ipcp_open(struct sppp *sp, void *xcp) { STDDCL; uint32_t myaddr, hisaddr; KASSERT(SPPP_WLOCKED(sp)); sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN|IPCP_MYADDR_SEEN|IPCP_MYADDR_DYN|IPCP_HISADDR_DYN); sp->ipcp.req_myaddr = 0; sp->ipcp.req_hisaddr = 0; memset(&sp->dns_addrs, 0, sizeof sp->dns_addrs); #ifdef INET sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0); #else myaddr = hisaddr = 0; #endif /* * If we don't have his address, this probably means our * interface doesn't want to talk IP at all. (This could * be the case if somebody wants to speak only IPX, for * example.) Don't open IPCP in this case. */ if (hisaddr == 0) { /* XXX this message should go away */ if (debug) log(LOG_DEBUG, "%s: ipcp_open(): no IP interface\n", ifp->if_xname); return; } if (myaddr == 0) { /* * I don't have an assigned address, so i need to * negotiate my address. */ sp->ipcp.flags |= IPCP_MYADDR_DYN; sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); } if (hisaddr == 1) { /* * XXX - remove this hack! * remote has no valid address, we need to get one assigned. */ sp->ipcp.flags |= IPCP_HISADDR_DYN; } sppp_open_event(sp, xcp); } static void sppp_ipcp_close(struct sppp *sp, void *xcp) { KASSERT(SPPP_WLOCKED(sp)); sppp_close_event(sp, xcp); #ifdef INET if (sp->ipcp.flags & (IPCP_MYADDR_DYN|IPCP_HISADDR_DYN)) /* * Some address was dynamic, clear it again. */ sppp_clear_ip_addrs(sp); #endif } /* * Analyze a configure request. Return true if it was agreeable, and * caused action sca, false if it has been rejected or nak'ed, and * caused action scn. (The return value is used to make the state * transition decision in the state automaton.) */ static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int origlen) { u_char *buf, *r, *p, l, blen, type; struct ifnet *ifp = &sp->pp_if; int rlen, len, debug = ifp->if_flags & IFF_DEBUG; uint32_t hisaddr, desiredaddr; KASSERT(SPPP_WLOCKED(sp)); if (origlen < sizeof(*h)) return 0; origlen -= sizeof(*h); type = 0; /* * Make sure to allocate a buf that can at least hold a * conf-nak with an `address' option. We might need it below. */ blen = MAX(6, origlen); buf = kmem_intr_alloc(blen, KM_NOSLEEP); if (buf == NULL) return 0; /* pass 1: see if we can recognize them */ if (debug) log(LOG_DEBUG, "%s: ipcp parse opts:", ifp->if_xname); p = (void *)(h + 1); r = buf; rlen = 0; for (len = origlen; len > 1; len -= l, p += l) { l = p[1]; if (l == 0) break; /* Sanity check option length */ if (l > len) { /* XXX should we just RXJ? */ addlog("%s: malicious IPCP option received, dropping\n", ifp->if_xname); rlen = -1; goto end; } if (debug) addlog(" %s", sppp_ipcp_opt_name(*p)); switch (p[0]) { #ifdef notyet case IPCP_OPT_COMPRESSION: if (len >= 6 && l >= 6) { /* correctly formed compress option */ continue; } if (debug) addlog(" [invalid]"); break; #endif case IPCP_OPT_ADDRESS: if (len >= 6 && l == 6) { /* correctly formed address option */ continue; } if (debug) addlog(" [invalid]"); break; default: /* Others not supported. */ if (debug) addlog(" [rej]"); break; } /* Add the option to rejected list. */ if (rlen + l > blen) { if (debug) addlog(" [overflow]"); continue; } memcpy(r, p, l); r += l; rlen += l; } if (rlen > 0) { type = CONF_REJ; goto end; } if (debug) addlog("\n"); /* pass 2: parse option values */ if (sp->ipcp.flags & IPCP_HISADDR_SEEN) hisaddr = sp->ipcp.req_hisaddr; /* we already aggreed on that */ else #ifdef INET sppp_get_ip_addrs(sp, 0, &hisaddr, 0); /* user configuration */ #else hisaddr = 0; #endif if (debug) log(LOG_DEBUG, "%s: ipcp parse opt values: ", ifp->if_xname); p = (void *)(h + 1); r = buf; rlen = 0; for (len = origlen; len > 1; len -= l, p += l) { l = p[1]; if (l == 0) break; if (debug) addlog(" %s", sppp_ipcp_opt_name(*p)); switch (p[0]) { #ifdef notyet case IPCP_OPT_COMPRESSION: continue; #endif case IPCP_OPT_ADDRESS: desiredaddr = p[2] << 24 | p[3] << 16 | p[4] << 8 | p[5]; if (desiredaddr == hisaddr || ((sp->ipcp.flags & IPCP_HISADDR_DYN) && desiredaddr != 0)) { /* * Peer's address is same as our value, * this is agreeable. Gonna conf-ack * it. */ if (debug) addlog(" %s [ack]", sppp_dotted_quad(hisaddr)); /* record that we've seen it already */ sp->ipcp.flags |= IPCP_HISADDR_SEEN; sp->ipcp.req_hisaddr = desiredaddr; hisaddr = desiredaddr; continue; } /* * The address wasn't agreeable. This is either * he sent us 0.0.0.0, asking to assign him an * address, or he send us another address not * matching our value. Either case, we gonna * conf-nak it with our value. */ if (debug) { if (desiredaddr == 0) addlog(" [addr requested]"); else addlog(" %s [not agreed]", sppp_dotted_quad(desiredaddr)); } p[2] = hisaddr >> 24; p[3] = hisaddr >> 16; p[4] = hisaddr >> 8; p[5] = hisaddr; break; } if (rlen + l > blen) { if (debug) addlog(" [overflow]"); continue; } /* Add the option to nak'ed list. */ memcpy(r, p, l); r += l; rlen += l; } if (rlen > 0) { type = CONF_NAK; } else { if ((sp->ipcp.flags & IPCP_HISADDR_SEEN) == 0) { /* * If we are about to conf-ack the request, but haven't seen * his address so far, gonna conf-nak it instead, with the * `address' option present and our idea of his address being * filled in there, to request negotiation of both addresses. * * XXX This can result in an endless req - nak loop if peer * doesn't want to send us his address. Q: What should we do * about it? XXX A: implement the max-failure counter. */ buf[0] = IPCP_OPT_ADDRESS; buf[1] = 6; buf[2] = hisaddr >> 24; buf[3] = hisaddr >> 16; buf[4] = hisaddr >> 8; buf[5] = hisaddr; rlen = 6; if (debug) addlog(" still need hisaddr"); type = CONF_NAK; } else { type = CONF_ACK; rlen = origlen; memcpy(r, h + 1, rlen); } } end: if (debug) addlog("\n"); if (rlen < 0) { kmem_intr_free(buf, blen); return -1; } if (sp->scp[IDX_IPCP].rcr_buf != NULL) { kmem_intr_free(sp->scp[IDX_IPCP].rcr_buf, sp->scp[IDX_IPCP].rcr_blen); } sp->scp[IDX_IPCP].rcr_type = type; sp->scp[IDX_IPCP].rcr_buf = buf; sp->scp[IDX_IPCP].rcr_blen = blen; sp->scp[IDX_IPCP].rcr_rlen = rlen; if (type != CONF_ACK) return 0; return 1; } /* * Analyze the IPCP Configure-Reject option list, and adjust our * negotiation. */ static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) { u_char *p, l; struct ifnet *ifp = &sp->pp_if; int debug = ifp->if_flags & IFF_DEBUG; KASSERT(SPPP_WLOCKED(sp)); if (len <= sizeof(*h)) return; len -= sizeof(*h); if (debug) log(LOG_DEBUG, "%s: ipcp rej opts:", ifp->if_xname); p = (void *)(h + 1); for (; len > 1; len -= l, p += l) { l = p[1]; if (l == 0) break; /* Sanity check option length */ if (l > len) { /* XXX should we just RXJ? */ addlog("%s: malicious IPCP option received, dropping\n", ifp->if_xname); goto end; } if (debug) addlog(" %s", sppp_ipcp_opt_name(*p)); switch (p[0]) { case IPCP_OPT_ADDRESS: /* * Peer doesn't grok address option. This is * bad. XXX Should we better give up here? */ sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS); break; #ifdef notyet case IPCP_OPT_COMPRESS: sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESS); break; #endif } } if (debug) addlog("\n"); end: return; } /* * Analyze the IPCP Configure-NAK option list, and adjust our * negotiation. */ static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) { u_char *p, l; struct ifnet *ifp = &sp->pp_if; int debug = ifp->if_flags & IFF_DEBUG; uint32_t wantaddr; KASSERT(SPPP_WLOCKED(sp)); len -= sizeof(*h); if (debug) log(LOG_DEBUG, "%s: ipcp nak opts:", ifp->if_xname); p = (void *)(h + 1); for (; len > 1; len -= l, p += l) { l = p[1]; if (l == 0) break; /* Sanity check option length */ if (l > len) { /* XXX should we just RXJ? */ addlog("%s: malicious IPCP option received, dropping\n", ifp->if_xname); return; } if (debug) addlog(" %s", sppp_ipcp_opt_name(*p)); switch (*p) { case IPCP_OPT_ADDRESS: /* * Peer doesn't like our local IP address. See * if we can do something for him. We'll drop * him our address then. */ if (len >= 6 && l == 6) { wantaddr = p[2] << 24 | p[3] << 16 | p[4] << 8 | p[5]; sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS); if (debug) addlog(" [wantaddr %s]", sppp_dotted_quad(wantaddr)); /* * When doing dynamic address assignment, * we accept his offer. Otherwise, we * ignore it and thus continue to negotiate * our already existing value. */ if (sp->ipcp.flags & IPCP_MYADDR_DYN) { if (debug) addlog(" [agree]"); sp->ipcp.flags |= IPCP_MYADDR_SEEN; sp->ipcp.req_myaddr = wantaddr; } } break; case IPCP_OPT_PRIMDNS: if (len >= 6 && l == 6) { sp->dns_addrs[0] = p[2] << 24 | p[3] << 16 | p[4] << 8 | p[5]; } break; case IPCP_OPT_SECDNS: if (len >= 6 && l == 6) { sp->dns_addrs[1] = p[2] << 24 | p[3] << 16 | p[4] << 8 | p[5]; } break; #ifdef notyet case IPCP_OPT_COMPRESS: /* * Peer wants different compression parameters. */ break; #endif } } if (debug) addlog("\n"); } static void sppp_ipcp_tlu(struct sppp *sp) { #ifdef INET KASSERT(SPPP_WLOCKED(sp)); /* we are up. Set addresses and notify anyone interested */ sppp_set_ip_addrs(sp); #endif } static void sppp_ipcp_scr(struct sppp *sp) { uint8_t opt[6 /* compression */ + 6 /* address */ + 12 /* dns addresses */]; #ifdef INET uint32_t ouraddr; #endif int i = 0; KASSERT(SPPP_WLOCKED(sp)); #ifdef notyet if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) { opt[i++] = IPCP_OPT_COMPRESSION; opt[i++] = 6; opt[i++] = 0; /* VJ header compression */ opt[i++] = 0x2d; /* VJ header compression */ opt[i++] = max_slot_id; opt[i++] = comp_slot_id; } #endif #ifdef INET if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) { if (sp->ipcp.flags & IPCP_MYADDR_SEEN) ouraddr = sp->ipcp.req_myaddr; /* not sure if this can ever happen */ else sppp_get_ip_addrs(sp, &ouraddr, 0, 0); opt[i++] = IPCP_OPT_ADDRESS; opt[i++] = 6; opt[i++] = ouraddr >> 24; opt[i++] = ouraddr >> 16; opt[i++] = ouraddr >> 8; opt[i++] = ouraddr; } #endif if (sp->query_dns & 1) { opt[i++] = IPCP_OPT_PRIMDNS; opt[i++] = 6; opt[i++] = sp->dns_addrs[0] >> 24; opt[i++] = sp->dns_addrs[0] >> 16; opt[i++] = sp->dns_addrs[0] >> 8; opt[i++] = sp->dns_addrs[0]; } if (sp->query_dns & 2) { opt[i++] = IPCP_OPT_SECDNS; opt[i++] = 6; opt[i++] = sp->dns_addrs[1] >> 24; opt[i++] = sp->dns_addrs[1] >> 16; opt[i++] = sp->dns_addrs[1] >> 8; opt[i++] = sp->dns_addrs[1]; } sp->scp[IDX_IPCP].confid = ++sp->scp[IDX_IPCP].seq; sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->scp[IDX_IPCP].confid, i, &opt); } /* *--------------------------------------------------------------------------* * * * The IPv6CP implementation. * * * *--------------------------------------------------------------------------* */ #ifdef INET6 static void sppp_ipv6cp_init(struct sppp *sp) { KASSERT(SPPP_WLOCKED(sp)); sppp_cp_init(&ipv6cp, sp); sp->ipv6cp.opts = 0; sp->ipv6cp.flags = 0; } static void sppp_ipv6cp_open(struct sppp *sp, void *xcp) { STDDCL; struct in6_addr myaddr, hisaddr; KASSERT(SPPP_WLOCKED(sp)); #ifdef IPV6CP_MYIFID_DYN sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN); #else sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN; #endif sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0); /* * If we don't have our address, this probably means our * interface doesn't want to talk IPv6 at all. (This could * be the case if somebody wants to speak only IPX, for * example.) Don't open IPv6CP in this case. */ if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) { /* XXX this message should go away */ if (debug) log(LOG_DEBUG, "%s: ipv6cp_open(): no IPv6 interface\n", ifp->if_xname); return; } sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); sppp_open_event(sp, xcp); } /* * Analyze a configure request. Return true if it was agreeable, and * caused action sca, false if it has been rejected or nak'ed, and * caused action scn. (The return value is used to make the state * transition decision in the state automaton.) */ static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int origlen) { u_char *buf, *r, *p, l, blen; struct ifnet *ifp = &sp->pp_if; int rlen, len, debug = ifp->if_flags & IFF_DEBUG; struct in6_addr myaddr, desiredaddr, suggestaddr; int ifidcount; int type; int collision, nohisaddr; char ip6buf[INET6_ADDRSTRLEN]; KASSERT(SPPP_WLOCKED(sp)); if (origlen < sizeof(*h)) return 0; origlen -= sizeof(*h); type = 0; /* * Make sure to allocate a buf that can at least hold a * conf-nak with an `address' option. We might need it below. */ blen = MAX(6, origlen); buf = kmem_intr_alloc(blen, KM_NOSLEEP); if (buf == NULL) return 0; /* pass 1: see if we can recognize them */ if (debug) log(LOG_DEBUG, "%s: ipv6cp parse opts:", ifp->if_xname); p = (void *)(h + 1); r = buf; rlen = 0; ifidcount = 0; for (len = origlen; len > 1; len -= l, p += l) { l = p[1]; if (l == 0) break; /* Sanity check option length */ if (l > len) { /* XXX just RXJ? */ addlog("%s: received malicious IPCPv6 option, " "dropping\n", ifp->if_xname); rlen = -1; goto end; } if (debug) addlog(" %s", sppp_ipv6cp_opt_name(*p)); switch (p[0]) { case IPV6CP_OPT_IFID: if (len >= 10 && l == 10 && ifidcount == 0) { /* correctly formed address option */ ifidcount++; continue; } if (debug) addlog(" [invalid]"); break; #ifdef notyet case IPV6CP_OPT_COMPRESSION: if (len >= 4 && l >= 4) { /* correctly formed compress option */ continue; } if (debug) addlog(" [invalid]"); break; #endif default: /* Others not supported. */ if (debug) addlog(" [rej]"); break; } if (rlen + l > blen) { if (debug) addlog(" [overflow]"); continue; } /* Add the option to rejected list. */ memcpy(r, p, l); r += l; rlen += l; } if (rlen > 0) { type = CONF_REJ; goto end; } if (debug) addlog("\n"); /* pass 2: parse option values */ sppp_get_ip6_addrs(sp, &myaddr, 0, 0); if (debug) log(LOG_DEBUG, "%s: ipv6cp parse opt values: ", ifp->if_xname); p = (void *)(h + 1); r = buf; rlen = 0; type = CONF_ACK; for (len = origlen; len > 1; len -= l, p += l) { l = p[1]; if (l == 0) break; if (debug) addlog(" %s", sppp_ipv6cp_opt_name(*p)); switch (p[0]) { #ifdef notyet case IPV6CP_OPT_COMPRESSION: continue; #endif case IPV6CP_OPT_IFID: memset(&desiredaddr, 0, sizeof(desiredaddr)); memcpy(&desiredaddr.s6_addr[8], &p[2], 8); collision = (memcmp(&desiredaddr.s6_addr[8], &myaddr.s6_addr[8], 8) == 0); nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr); desiredaddr.s6_addr16[0] = htons(0xfe80); (void)in6_setscope(&desiredaddr, &sp->pp_if, NULL); if (!collision && !nohisaddr) { /* no collision, hisaddr known - Conf-Ack */ type = CONF_ACK; if (debug) { addlog(" %s [%s]", IN6_PRINT(ip6buf, &desiredaddr), sppp_cp_type_name(type)); } continue; } memset(&suggestaddr, 0, sizeof(suggestaddr)); if (collision && nohisaddr) { /* collision, hisaddr unknown - Conf-Rej */ type = CONF_REJ; memset(&p[2], 0, 8); } else { /* * - no collision, hisaddr unknown, or * - collision, hisaddr known * Conf-Nak, suggest hisaddr */ type = CONF_NAK; sppp_suggest_ip6_addr(sp, &suggestaddr); memcpy(&p[2], &suggestaddr.s6_addr[8], 8); } if (debug) addlog(" %s [%s]", IN6_PRINT(ip6buf, &desiredaddr), sppp_cp_type_name(type)); break; } if (rlen + l > blen) { if (debug) addlog(" [overflow]"); continue; } /* Add the option to nak'ed list. */ memcpy(r, p, l); r += l; rlen += l; } if (rlen > 0) { if (type != CONF_ACK) { if (debug) { addlog(" send %s suggest %s\n", sppp_cp_type_name(type), IN6_PRINT(ip6buf, &suggestaddr)); } } #ifdef notdef if (type == CONF_ACK) panic("IPv6CP RCR: CONF_ACK with non-zero rlen"); #endif } else { if (type == CONF_ACK) { rlen = origlen; memcpy(r, h + 1, rlen); } } end: if (debug) addlog("\n"); if (rlen < 0) { kmem_intr_free(buf, blen); return -1; } if (sp->scp[IDX_IPV6CP].rcr_buf != NULL) { kmem_intr_free(sp->scp[IDX_IPV6CP].rcr_buf, sp->scp[IDX_IPV6CP].rcr_blen); } sp->scp[IDX_IPV6CP].rcr_type = type; sp->scp[IDX_IPV6CP].rcr_buf = buf; sp->scp[IDX_IPV6CP].rcr_blen = blen; sp->scp[IDX_IPV6CP].rcr_rlen = rlen; if (type != CONF_ACK) return 0; return 0; } /* * Analyze the IPv6CP Configure-Reject option list, and adjust our * negotiation. */ static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) { u_char *p, l; struct ifnet *ifp = &sp->pp_if; int debug = ifp->if_flags & IFF_DEBUG; KASSERT(SPPP_WLOCKED(sp)); if (len <= sizeof(*h)) return; len -= sizeof(*h); if (debug) log(LOG_DEBUG, "%s: ipv6cp rej opts:", ifp->if_xname); p = (void *)(h + 1); for (; len > 1; len -= l, p += l) { l = p[1]; if (l == 0) break; if (l > len) { /* XXX just RXJ? */ addlog("%s: received malicious IPCPv6 option, " "dropping\n", ifp->if_xname); goto end; } if (debug) addlog(" %s", sppp_ipv6cp_opt_name(*p)); switch (p[0]) { case IPV6CP_OPT_IFID: /* * Peer doesn't grok address option. This is * bad. XXX Should we better give up here? */ sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID); break; #ifdef notyet case IPV6CP_OPT_COMPRESS: sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS); break; #endif } } if (debug) addlog("\n"); end: return; } /* * Analyze the IPv6CP Configure-NAK option list, and adjust our * negotiation. */ static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) { u_char *p, l; struct ifnet *ifp = &sp->pp_if; int debug = ifp->if_flags & IFF_DEBUG; struct in6_addr suggestaddr; char ip6buf[INET6_ADDRSTRLEN]; KASSERT(SPPP_WLOCKED(sp)); if (len <= sizeof(*h)) return; len -= sizeof(*h); if (debug) log(LOG_DEBUG, "%s: ipv6cp nak opts:", ifp->if_xname); p = (void *)(h + 1); for (; len > 1; len -= l, p += l) { l = p[1]; if (l == 0) break; if (l > len) { /* XXX just RXJ? */ addlog("%s: received malicious IPCPv6 option, " "dropping\n", ifp->if_xname); goto end; } if (debug) addlog(" %s", sppp_ipv6cp_opt_name(*p)); switch (p[0]) { case IPV6CP_OPT_IFID: /* * Peer doesn't like our local ifid. See * if we can do something for him. We'll drop * him our address then. */ if (len < 10 || l != 10) break; memset(&suggestaddr, 0, sizeof(suggestaddr)); suggestaddr.s6_addr16[0] = htons(0xfe80); (void)in6_setscope(&suggestaddr, &sp->pp_if, NULL); memcpy(&suggestaddr.s6_addr[8], &p[2], 8); sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID); if (debug) addlog(" [suggestaddr %s]", IN6_PRINT(ip6buf, &suggestaddr)); #ifdef IPV6CP_MYIFID_DYN /* * When doing dynamic address assignment, * we accept his offer. */ if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) { struct in6_addr lastsuggest; /* * If equals to * , * we have a collision. generate new random * ifid. */ sppp_suggest_ip6_addr(&lastsuggest); if (IN6_ARE_ADDR_EQUAL(&suggestaddr, lastsuggest)) { if (debug) addlog(" [random]"); sppp_gen_ip6_addr(sp, &suggestaddr); } sppp_set_ip6_addr(sp, &suggestaddr, 0); if (debug) addlog(" [agree]"); sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN; } #else /* * Since we do not do dynamic address assignment, * we ignore it and thus continue to negotiate * our already existing value. This can possibly * go into infinite request-reject loop. * * This is not likely because we normally use * ifid based on MAC-address. * If you have no ethernet card on the node, too bad. * XXX should we use fail_counter? */ #endif break; #ifdef notyet case IPV6CP_OPT_COMPRESS: /* * Peer wants different compression parameters. */ break; #endif } } if (debug) addlog("\n"); end: return; } static void sppp_ipv6cp_tlu(struct sppp *sp) { KASSERT(SPPP_WLOCKED(sp)); /* we are up - notify isdn daemon */ sppp_notify_con_wlocked(sp); } static void sppp_ipv6cp_scr(struct sppp *sp) { char opt[10 /* ifid */ + 4 /* compression, minimum */]; struct in6_addr ouraddr; int i = 0; KASSERT(SPPP_WLOCKED(sp)); if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) { sppp_get_ip6_addrs(sp, &ouraddr, 0, 0); opt[i++] = IPV6CP_OPT_IFID; opt[i++] = 10; memcpy(&opt[i], &ouraddr.s6_addr[8], 8); i += 8; } #ifdef notyet if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) { opt[i++] = IPV6CP_OPT_COMPRESSION; opt[i++] = 4; opt[i++] = 0; /* TBD */ opt[i++] = 0; /* TBD */ /* variable length data may follow */ } #endif sp->scp[IDX_IPV6CP].confid = ++sp->scp[IDX_IPV6CP].seq; sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->scp[IDX_IPV6CP].confid, i, &opt); } #else /*INET6*/ static void sppp_ipv6cp_init(struct sppp *sp) { KASSERT(SPPP_WLOCKED(sp)); } static void sppp_ipv6cp_open(struct sppp *sp, void *xcp) { KASSERT(SPPP_WLOCKED(sp)); } static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len) { KASSERT(SPPP_WLOCKED(sp)); return 0; } static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len) { KASSERT(SPPP_WLOCKED(sp)); } static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len) { KASSERT(SPPP_WLOCKED(sp)); } static void sppp_ipv6cp_tlu(struct sppp *sp) { KASSERT(SPPP_WLOCKED(sp)); } static void sppp_ipv6cp_scr(struct sppp *sp) { KASSERT(SPPP_WLOCKED(sp)); } #endif /*INET6*/ /* *--------------------------------------------------------------------------* * * * The CHAP implementation. * * * *--------------------------------------------------------------------------* */ /* * The authentication protocols is implemented on the state machine for * control protocols. And it uses following actions and events. * * Actions: * - scr: send CHAP_CHALLENGE and CHAP_RESPONSE * - sca: send CHAP_SUCCESS * - scn: send CHAP_FAILURE and shutdown lcp * Events: * - RCR+: receive CHAP_RESPONSE containing correct digest * - RCR-: receive CHAP_RESPONSE containing wrong digest * - RCA: receive CHAP_SUCCESS * - RCN: (this event is unused) * - TO+: re-send CHAP_CHALLENGE and CHAP_RESPONSE * - TO-: this layer finish */ /* * Handle incoming CHAP packets. */ void sppp_chap_input(struct sppp *sp, struct mbuf *m) { STDDCL; struct lcp_header *h; int len, x; u_char *value, *name, digest[sizeof(sp->chap.challenge)]; int value_len, name_len; MD5_CTX ctx; len = m->m_pkthdr.len; if (len < 4) { if (debug) log(LOG_DEBUG, "%s: chap invalid packet length: %d bytes\n", ifp->if_xname, len); return; } h = mtod(m, struct lcp_header *); if (len > ntohs(h->len)) len = ntohs(h->len); SPPP_LOCK(sp, RW_WRITER); switch (h->type) { /* challenge, failure and success are his authproto */ case CHAP_CHALLENGE: if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { /* can't do anything useful */ sp->pp_auth_failures++; printf("%s: chap input without my name and my secret being set\n", ifp->if_xname); break; } value = 1 + (u_char *)(h + 1); value_len = value[-1]; name = value + value_len; name_len = len - value_len - 5; if (name_len < 0) { if (debug) { log(LOG_DEBUG, "%s: chap corrupted challenge " "<%s id=0x%x len=%d", ifp->if_xname, sppp_auth_type_name(PPP_CHAP, h->type), h->ident, ntohs(h->len)); if (len > 4) sppp_print_bytes((u_char *)(h + 1), len - 4); addlog(">\n"); } break; } if (debug) { log(LOG_DEBUG, "%s: chap input <%s id=0x%x len=%d name=", ifp->if_xname, sppp_auth_type_name(PPP_CHAP, h->type), h->ident, ntohs(h->len)); sppp_print_string((char *) name, name_len); addlog(" value-size=%d value=", value_len); sppp_print_bytes(value, value_len); addlog(">\n"); } /* Compute reply value. */ MD5Init(&ctx); MD5Update(&ctx, &h->ident, 1); MD5Update(&ctx, sp->myauth.secret, sp->myauth.secret_len); MD5Update(&ctx, value, value_len); MD5Final(sp->chap.digest, &ctx); sp->chap.digest_len = sizeof(sp->chap.digest); sp->scp[IDX_CHAP].rconfid = h->ident; sppp_wq_add(sp->wq_cp, &sp->chap.work_challenge_rcvd); break; case CHAP_SUCCESS: if (debug) { log(LOG_DEBUG, "%s: chap success", ifp->if_xname); if (len > 4) { addlog(": "); sppp_print_string((char *)(h + 1), len - 4); } addlog("\n"); } if (h->ident != sp->scp[IDX_CHAP].rconfid) { if (debug) { log(LOG_DEBUG, "%s: %s id mismatch 0x%x != 0x%x\n", ifp->if_xname, chap.name, h->ident, sp->scp[IDX_CHAP].rconfid); } if_statinc(ifp, if_ierrors); break; } if (sp->chap.digest_len == 0) { if (debug) { log(LOG_DEBUG, "%s: receive CHAP success without challenge\n", ifp->if_xname); } if_statinc(ifp, if_ierrors); break; } x = splnet(); sp->pp_auth_failures = 0; sp->pp_flags &= ~PP_NEEDAUTH; splx(x); memset(sp->chap.digest, 0, sizeof(sp->chap.digest)); sp->chap.digest_len = 0; if (!ISSET(sppp_auth_role(&chap, sp), SPPP_AUTH_SERV)) { /* * we are not authenticator for CHAP, * generate a dummy RCR+ event without CHAP_RESPONSE */ sp->scp[IDX_CHAP].rcr_type = CONF_ACK; sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rcr); } sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rca); break; case CHAP_FAILURE: if (h->ident != sp->scp[IDX_CHAP].rconfid) { if (debug) { log(LOG_DEBUG, "%s: %s id mismatch 0x%x != 0x%x\n", ifp->if_xname, chap.name, h->ident, sp->scp[IDX_CHAP].rconfid); } if_statinc(ifp, if_ierrors); break; } if (sp->chap.digest_len == 0) { if (debug) { log(LOG_DEBUG, "%s: receive CHAP failure without challenge\n", ifp->if_xname); } if_statinc(ifp, if_ierrors); break; } x = splnet(); sp->pp_auth_failures++; splx(x); if (debug) { log(LOG_INFO, "%s: chap failure", ifp->if_xname); if (len > 4) { addlog(": "); sppp_print_string((char *)(h + 1), len - 4); } addlog("\n"); } else log(LOG_INFO, "%s: chap failure\n", ifp->if_xname); memset(sp->chap.digest, 0, sizeof(sp->chap.digest)); sp->chap.digest_len = 0; /* * await LCP shutdown by authenticator, * so we don't have to enqueue sc->scp[IDX_CHAP].work_rcn */ break; /* response is my authproto */ case CHAP_RESPONSE: if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) { /* can't do anything useful */ printf("%s: chap response" " without his name and his secret being set\n", ifp->if_xname); break; } value = 1 + (u_char *)(h + 1); value_len = value[-1]; name = value + value_len; name_len = len - value_len - 5; if (name_len < 0) { if (debug) { log(LOG_DEBUG, "%s: chap corrupted response " "<%s id=0x%x len=%d", ifp->if_xname, sppp_auth_type_name(PPP_CHAP, h->type), h->ident, ntohs(h->len)); if (len > 4) sppp_print_bytes((u_char *)(h + 1), len - 4); addlog(">\n"); } break; } if (h->ident != sp->scp[IDX_CHAP].confid) { if (debug) log(LOG_DEBUG, "%s: chap dropping response for old ID " "(got %d, expected %d)\n", ifp->if_xname, h->ident, sp->scp[IDX_CHAP].confid); break; } else { sp->scp[IDX_CHAP].rconfid = h->ident; } if (sp->hisauth.name != NULL && (name_len != sp->hisauth.name_len || memcmp(name, sp->hisauth.name, name_len) != 0)) { log(LOG_INFO, "%s: chap response, his name ", ifp->if_xname); sppp_print_string(name, name_len); addlog(" != expected "); sppp_print_string(sp->hisauth.name, sp->hisauth.name_len); addlog("\n"); /* generate RCR- event */ sp->scp[IDX_CHAP].rcr_type = CONF_NAK; sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rcr); break; } if (debug) { log(LOG_DEBUG, "%s: chap input(%s) " "<%s id=0x%x len=%d name=", ifp->if_xname, sppp_state_name(sp->scp[IDX_CHAP].state), sppp_auth_type_name(PPP_CHAP, h->type), h->ident, ntohs(h->len)); sppp_print_string((char *)name, name_len); addlog(" value-size=%d value=", value_len); sppp_print_bytes(value, value_len); addlog(">\n"); } if (value_len == sizeof(sp->chap.challenge) && value_len == sizeof(sp->chap.digest)) { MD5Init(&ctx); MD5Update(&ctx, &h->ident, 1); MD5Update(&ctx, sp->hisauth.secret, sp->hisauth.secret_len); MD5Update(&ctx, sp->chap.challenge, sizeof(sp->chap.challenge)); MD5Final(digest, &ctx); if (memcmp(digest, value, value_len) == 0) { sp->scp[IDX_CHAP].rcr_type = CONF_ACK; if (!ISSET(sppp_auth_role(&chap, sp), SPPP_AUTH_PEER) || sp->chap.rechallenging) { /* generate a dummy RCA event*/ sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rca); } } else { sp->scp[IDX_CHAP].rcr_type = CONF_NAK; } } else { if (debug) log(LOG_DEBUG, "%s: chap bad hash value length: " "%d bytes, should be %zu\n", ifp->if_xname, value_len, sizeof(sp->chap.challenge)); sp->scp[IDX_CHAP].rcr_type = CONF_NAK; } sppp_wq_add(sp->wq_cp, &sp->scp[IDX_CHAP].work_rcr); break; default: /* Unknown CHAP packet type -- ignore. */ if (debug) { log(LOG_DEBUG, "%s: chap unknown input(%s) " "<0x%x id=0x%xh len=%d", ifp->if_xname, sppp_state_name(sp->scp[IDX_CHAP].state), h->type, h->ident, ntohs(h->len)); if (len > 4) sppp_print_bytes((u_char *)(h + 1), len - 4); addlog(">\n"); } break; } SPPP_UNLOCK(sp); } static void sppp_chap_init(struct sppp *sp) { KASSERT(SPPP_WLOCKED(sp)); sppp_cp_init(&chap, sp); SPPP_WQ_SET(&sp->chap.work_challenge_rcvd, sppp_chap_rcv_challenge_event, &chap); } static void sppp_chap_open(struct sppp *sp, void *xcp) { KASSERT(SPPP_WLOCKED(sp)); memset(sp->chap.digest, 0, sizeof(sp->chap.digest)); sp->chap.digest_len = 0; sp->chap.rechallenging = false; sp->chap.response_rcvd = false; sppp_open_event(sp, xcp); } static void sppp_chap_tlu(struct sppp *sp) { STDDCL; int i, x; KASSERT(SPPP_WLOCKED(sp)); i = 0; sp->scp[IDX_CHAP].rst_counter = sp->lcp.max_configure; x = splnet(); sp->pp_auth_failures = 0; splx(x); log(LOG_DEBUG, "%s: chap %s", ifp->if_xname, sp->pp_phase == SPPP_PHASE_NETWORK ? "reconfirmed" : "tlu"); /* * Some broken CHAP implementations (Conware CoNet, firmware * 4.0.?) don't want to re-authenticate their CHAP once the * initial challenge-response exchange has taken place. * Provide for an option to avoid rechallenges. */ if (ISSET(sppp_auth_role(&chap, sp), SPPP_AUTH_SERV) && (sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) { /* * Compute the re-challenge timeout. This will yield * a number between 300 and 810 seconds. */ i = 300 + ((unsigned)(cprng_fast32() & 0xff00) >> 7); callout_schedule(&sp->scp[IDX_CHAP].ch, i * hz); if (debug) { addlog(", next rechallenge in %d seconds", i); } } addlog("\n"); /* * If we are already in phase network, we are done here. This * is the case if this is a dummy tlu event after a re-challenge. */ if (sp->pp_phase != SPPP_PHASE_NETWORK) sppp_phase_network(sp); } static void sppp_chap_scr(struct sppp *sp) { uint32_t *ch; u_char clen, dsize; int role; KASSERT(SPPP_WLOCKED(sp)); role = sppp_auth_role(&chap, sp); if (ISSET(role, SPPP_AUTH_SERV) && !sp->chap.response_rcvd) { /* we are authenticator for CHAP, send challenge */ ch = (uint32_t *)sp->chap.challenge; clen = sizeof(sp->chap.challenge); /* Compute random challenge. */ cprng_strong(kern_cprng, ch, clen, 0); sp->scp[IDX_CHAP].confid = ++sp->scp[IDX_CHAP].seq; sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->scp[IDX_CHAP].confid, sizeof(clen), (const char *)&clen, sizeof(sp->chap.challenge), sp->chap.challenge, 0); } if (ISSET(role, SPPP_AUTH_PEER) && sp->chap.digest_len > 0) { /* we are peer for CHAP, send response */ dsize = sp->chap.digest_len; sppp_auth_send(&chap, sp, CHAP_RESPONSE, sp->scp[IDX_CHAP].rconfid, sizeof(dsize), (const char *)&dsize, sp->chap.digest_len, sp->chap.digest, sp->myauth.name_len, sp->myauth.name, 0); } } static void sppp_chap_rcv_challenge_event(struct sppp *sp, void *xcp) { const struct cp *cp = xcp; sp->chap.rechallenging = false; switch (sp->scp[IDX_CHAP].state) { case STATE_REQ_SENT: sppp_cp_change_state(cp, sp, STATE_REQ_SENT); cp->scr(sp); break; case STATE_OPENED: sppp_cp_change_state(cp, sp, STATE_ACK_SENT); cp->scr(sp); break; } } /* *--------------------------------------------------------------------------* * * * The PAP implementation. * * * *--------------------------------------------------------------------------* */ /* * PAP uses following actions and events. * Actions: * - scr: send PAP_REQ * - sca: send PAP_ACK * - scn: send PAP_NAK * Events: * - RCR+: receive PAP_REQ containing correct username and password * - RCR-: receive PAP_REQ containing wrong username and password * - RCA: receive PAP_ACK * - RCN: (this event is unused) * - TO+: re-send PAP_REQ * - TO-: this layer finish */ /* * Handle incoming PAP packets. */ static void sppp_pap_input(struct sppp *sp, struct mbuf *m) { STDDCL; struct lcp_header *h; int len, x; char *name, *secret; int name_len, secret_len; /* * Malicious input might leave this uninitialized, so * init to an impossible value. */ secret_len = -1; len = m->m_pkthdr.len; if (len < 5) { if (debug) log(LOG_DEBUG, "%s: pap invalid packet length: %d bytes\n", ifp->if_xname, len); return; } h = mtod(m, struct lcp_header *); if (len > ntohs(h->len)) len = ntohs(h->len); SPPP_LOCK(sp, RW_WRITER); switch (h->type) { /* PAP request is my authproto */ case PAP_REQ: if (sp->hisauth.name == NULL || sp->hisauth.secret == NULL) { /* can't do anything useful */ printf("%s: pap request" " without his name and his secret being set\n", ifp->if_xname); break; } name = 1 + (u_char *)(h + 1); name_len = name[-1]; secret = name + name_len + 1; if (name_len > len - 6 || (secret_len = secret[-1]) > len - 6 - name_len) { if (debug) { log(LOG_DEBUG, "%s: pap corrupted input " "<%s id=0x%x len=%d", ifp->if_xname, sppp_auth_type_name(PPP_PAP, h->type), h->ident, ntohs(h->len)); if (len > 4) sppp_print_bytes((u_char *)(h + 1), len - 4); addlog(">\n"); } break; } if (debug) { log(LOG_DEBUG, "%s: pap input(%s) " "<%s id=0x%x len=%d name=", ifp->if_xname, sppp_state_name(sp->scp[IDX_PAP].state), sppp_auth_type_name(PPP_PAP, h->type), h->ident, ntohs(h->len)); sppp_print_string((char *)name, name_len); addlog(" secret="); sppp_print_string((char *)secret, secret_len); addlog(">\n"); } sp->scp[IDX_PAP].rconfid = h->ident; if (name_len == sp->hisauth.name_len && memcmp(name, sp->hisauth.name, name_len) == 0 && secret_len == sp->hisauth.secret_len && memcmp(secret, sp->hisauth.secret, secret_len) == 0) { sp->scp[IDX_PAP].rcr_type = CONF_ACK; if (!ISSET(sppp_auth_role(&pap, sp), SPPP_AUTH_PEER)) { /* generate a dummy RCA event*/ sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rca); } } else { sp->scp[IDX_PAP].rcr_type = CONF_NAK; } sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rcr); break; /* ack and nak are his authproto */ case PAP_ACK: if (debug) { log(LOG_DEBUG, "%s: pap success", ifp->if_xname); name = 1 + (u_char *)(h + 1); name_len = name[-1]; if (len > 5 && name_len < len+4) { addlog(": "); sppp_print_string(name, name_len); } addlog("\n"); } if (h->ident != sp->scp[IDX_PAP].confid) { if (debug) { log(LOG_DEBUG, "%s: %s id mismatch 0x%x != 0x%x\n", ifp->if_xname, pap.name, h->ident, sp->scp[IDX_PAP].rconfid); } if_statinc(ifp, if_ierrors); break; } x = splnet(); sp->pp_auth_failures = 0; sp->pp_flags &= ~PP_NEEDAUTH; splx(x); /* we are not authenticator, generate a dummy RCR+ event */ if (!ISSET(sppp_auth_role(&pap, sp), SPPP_AUTH_SERV)) { sp->scp[IDX_PAP].rcr_type = CONF_ACK; sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rcr); } sppp_wq_add(sp->wq_cp, &sp->scp[IDX_PAP].work_rca); break; case PAP_NAK: if (debug) { log(LOG_INFO, "%s: pap failure", ifp->if_xname); name = 1 + (u_char *)(h + 1); name_len = name[-1]; if (len > 5 && name_len < len+4) { addlog(": "); sppp_print_string(name, name_len); } addlog("\n"); } else log(LOG_INFO, "%s: pap failure\n", ifp->if_xname); if (h->ident != sp->scp[IDX_PAP].confid) { if (debug) { log(LOG_DEBUG, "%s: %s id mismatch 0x%x != 0x%x\n", ifp->if_xname, pap.name, h->ident, sp->scp[IDX_PAP].rconfid); } if_statinc(ifp, if_ierrors); break; } sp->pp_auth_failures++; /* * await LCP shutdown by authenticator, * so we don't have to enqueue sc->scp[IDX_PAP].work_rcn */ break; default: /* Unknown PAP packet type -- ignore. */ if (debug) { log(LOG_DEBUG, "%s: pap corrupted input " "<0x%x id=0x%x len=%d", ifp->if_xname, h->type, h->ident, ntohs(h->len)); if (len > 4) sppp_print_bytes((u_char *)(h + 1), len - 4); addlog(">\n"); } break; } SPPP_UNLOCK(sp); } static void sppp_pap_init(struct sppp *sp) { KASSERT(SPPP_WLOCKED(sp)); sppp_cp_init(&pap, sp); } static void sppp_pap_tlu(struct sppp *sp) { STDDCL; int x; sp->scp[IDX_PAP].rst_counter = sp->lcp.max_configure; if (debug) log(LOG_DEBUG, "%s: %s tlu\n", ifp->if_xname, pap.name); x = splnet(); sp->pp_auth_failures = 0; splx(x); if (sp->pp_phase < SPPP_PHASE_NETWORK) sppp_phase_network(sp); } static void sppp_pap_scr(struct sppp *sp) { u_char idlen, pwdlen; KASSERT(SPPP_WLOCKED(sp)); if (ISSET(sppp_auth_role(&pap, sp), SPPP_AUTH_PEER) && sp->scp[IDX_PAP].state != STATE_ACK_RCVD) { if (sp->myauth.secret == NULL || sp->myauth.name == NULL) { log(LOG_DEBUG, "%s: couldn't send PAP_REQ " "because of no name or no secret\n", sp->pp_if.if_xname); } else { sp->scp[IDX_PAP].confid = ++sp->scp[IDX_PAP].seq; pwdlen = sp->myauth.secret_len; idlen = sp->myauth.name_len; sppp_auth_send(&pap, sp, PAP_REQ, sp->scp[IDX_PAP].confid, sizeof idlen, (const char *)&idlen, idlen, sp->myauth.name, sizeof pwdlen, (const char *)&pwdlen, pwdlen, sp->myauth.secret, 0); } } } /* * Random miscellaneous functions. */ /* * Send a PAP or CHAP proto packet. * * Varadic function, each of the elements for the ellipsis is of type * ``size_t mlen, const u_char *msg''. Processing will stop iff * mlen == 0. * NOTE: never declare variadic functions with types subject to type * promotion (i.e. u_char). This is asking for big trouble depending * on the architecture you are on... */ static void sppp_auth_send(const struct cp *cp, struct sppp *sp, unsigned int type, unsigned int id, ...) { STDDCL; struct lcp_header *lh; struct mbuf *m; u_char *p; int len; size_t pkthdrlen; unsigned int mlen; const char *msg; va_list ap; KASSERT(SPPP_WLOCKED(sp)); MGETHDR(m, M_DONTWAIT, MT_DATA); if (! m) return; m_reset_rcvif(m); if (sp->pp_flags & PP_NOFRAMING) { *mtod(m, uint16_t *) = htons(cp->proto); pkthdrlen = 2; lh = (struct lcp_header *)(mtod(m, uint8_t *)+2); } else { struct ppp_header *h; h = mtod(m, struct ppp_header *); h->address = PPP_ALLSTATIONS; /* broadcast address */ h->control = PPP_UI; /* Unnumbered Info */ h->protocol = htons(cp->proto); pkthdrlen = PPP_HEADER_LEN; lh = (struct lcp_header *)(h + 1); } lh->type = type; lh->ident = id; p = (u_char *)(lh + 1); va_start(ap, id); len = 0; while ((mlen = (unsigned int)va_arg(ap, size_t)) != 0) { msg = va_arg(ap, const char *); len += mlen; if (len > MHLEN - pkthdrlen - LCP_HEADER_LEN) { va_end(ap); m_freem(m); return; } memcpy(p, msg, mlen); p += mlen; } va_end(ap); m->m_pkthdr.len = m->m_len = pkthdrlen + LCP_HEADER_LEN + len; lh->len = htons(LCP_HEADER_LEN + len); if (debug) { log(LOG_DEBUG, "%s: %s output <%s id=0x%x len=%d", ifp->if_xname, cp->name, sppp_auth_type_name(cp->proto, lh->type), lh->ident, ntohs(lh->len)); if (len) sppp_print_bytes((u_char *)(lh + 1), len); addlog(">\n"); } if (IF_QFULL(&sp->pp_cpq)) { IF_DROP(&sp->pp_fastq); IF_DROP(&ifp->if_snd); m_freem(m); if_statinc(ifp, if_oerrors); return; } if_statadd(ifp, if_obytes, m->m_pkthdr.len + sp->pp_framebytes); IF_ENQUEUE(&sp->pp_cpq, m); if (! (ifp->if_flags & IFF_OACTIVE)) { SPPP_UNLOCK(sp); if_start_lock(ifp); SPPP_LOCK(sp, RW_WRITER); } } static int sppp_auth_role(const struct cp *cp, struct sppp *sp) { int role; role = SPPP_AUTH_NOROLE; if (sp->hisauth.proto == cp->proto && (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) SET(role, SPPP_AUTH_SERV); if (sp->myauth.proto == cp->proto) SET(role, SPPP_AUTH_PEER); return role; } static void sppp_auth_to_event(struct sppp *sp, void *xcp) { const struct cp *cp = xcp; bool override; int state; STDDCL; KASSERT(SPPP_WLOCKED(sp)); override = false; state = sp->scp[cp->protoidx].state; if (sp->scp[cp->protoidx].rst_counter > 0) { /* override TO+ event */ switch (state) { case STATE_OPENED: if ((sp->hisauth.flags & SPPP_AUTHFLAG_NORECHALLENGE) == 0) { override = true; sp->chap.rechallenging = true; sp->chap.response_rcvd = false; sppp_cp_change_state(cp, sp, STATE_REQ_SENT); cp->scr(sp); } break; case STATE_ACK_RCVD: override = true; cp->scr(sp); callout_schedule(&sp->scp[cp->protoidx].ch, sp->lcp.timeout); break; } } if (override) { if (debug) log(LOG_DEBUG, "%s: %s TO(%s) rst_counter = %d\n", ifp->if_xname, cp->name, sppp_state_name(state), sp->scp[cp->protoidx].rst_counter); sp->scp[cp->protoidx].rst_counter--; } else { sppp_to_event(sp, xcp); } } static void sppp_auth_sca_scn(const struct cp *cp, struct sppp *sp) { static const char *succmsg = "Welcome!"; static const char *failmsg = "Failed..."; const char *msg; u_char type, rconfid, mlen; KASSERT(SPPP_WLOCKED(sp)); if (!ISSET(sppp_auth_role(cp, sp), SPPP_AUTH_SERV)) return; rconfid = sp->scp[cp->protoidx].rconfid; if (sp->scp[cp->protoidx].rcr_type == CONF_ACK) { type = cp->proto == PPP_CHAP ? CHAP_SUCCESS : PAP_ACK; msg = succmsg; mlen = sizeof(succmsg) - 1; sp->pp_auth_failures = 0; } else { type = cp->proto == PPP_CHAP ? CHAP_FAILURE : PAP_NAK; msg = failmsg; mlen = sizeof(failmsg) - 1; /* shutdown LCP if auth failed */ sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); sp->pp_auth_failures++; } sppp_auth_send(cp, sp, type, rconfid, mlen, (const u_char *)msg, 0); } /* * Send keepalive packets, every 10 seconds. */ static void sppp_keepalive(void *dummy) { struct sppp *sp; int s; time_t now; SPPPQ_LOCK(); s = splnet(); now = time_uptime; for (sp=spppq; sp; sp=sp->pp_next) { struct ifnet *ifp = NULL; SPPP_LOCK(sp, RW_WRITER); ifp = &sp->pp_if; /* check idle timeout */ if ((sp->pp_idle_timeout != 0) && (ifp->if_flags & IFF_RUNNING) && (sp->pp_phase == SPPP_PHASE_NETWORK)) { /* idle timeout is enabled for this interface */ if ((now-sp->pp_last_activity) >= sp->pp_idle_timeout) { if (ifp->if_flags & IFF_DEBUG) printf("%s: no activity for %lu seconds\n", sp->pp_if.if_xname, (unsigned long)(now-sp->pp_last_activity)); sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); SPPP_UNLOCK(sp); continue; } } /* Keepalive mode disabled or channel down? */ if (! (sp->pp_flags & PP_KEEPALIVE) || ! (ifp->if_flags & IFF_RUNNING)) { SPPP_UNLOCK(sp); continue; } /* No keepalive in PPP mode if LCP not opened yet. */ if (! (sp->pp_flags & PP_CISCO) && sp->pp_phase < SPPP_PHASE_AUTHENTICATE) { SPPP_UNLOCK(sp); continue; } /* No echo reply, but maybe user data passed through? */ if ((now - sp->pp_last_receive) < sp->pp_max_noreceive) { sp->pp_alivecnt = 0; SPPP_UNLOCK(sp); continue; } if (sp->pp_alivecnt >= sp->pp_maxalive) { /* No keepalive packets got. Stop the interface. */ sppp_wq_add(sp->wq_cp, &sp->work_ifdown); if (! (sp->pp_flags & PP_CISCO)) { printf("%s: LCP keepalive timed out, going to restart the connection\n", ifp->if_xname); sp->pp_alivecnt = 0; /* we are down, close all open protocols */ sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_close); /* And now prepare LCP to reestablish the link, if configured to do so. */ sp->lcp.reestablish = true; SPPP_UNLOCK(sp); continue; } } if (sp->pp_alivecnt < sp->pp_maxalive) ++sp->pp_alivecnt; if (sp->pp_flags & PP_CISCO) sppp_cisco_send(sp, CISCO_KEEPALIVE_REQ, ++sp->scp[IDX_LCP].seq, sp->scp[IDX_LCP].rseq); else if (sp->pp_phase >= SPPP_PHASE_AUTHENTICATE) { int32_t nmagic = htonl(sp->lcp.magic); sp->lcp.echoid = ++sp->scp[IDX_LCP].seq; sppp_cp_send(sp, PPP_LCP, ECHO_REQ, sp->lcp.echoid, 4, &nmagic); } SPPP_UNLOCK(sp); } splx(s); callout_reset(&keepalive_ch, hz * LCP_KEEPALIVE_INTERVAL, sppp_keepalive, NULL); SPPPQ_UNLOCK(); } #ifdef INET /* * Get both IP addresses. */ static void sppp_get_ip_addrs(struct sppp *sp, uint32_t *src, uint32_t *dst, uint32_t *srcmask) { struct ifnet *ifp = &sp->pp_if; struct ifaddr *ifa; struct sockaddr_in *si, *sm; uint32_t ssrc, ddst; int s; struct psref psref; sm = NULL; ssrc = ddst = 0; /* * Pick the first AF_INET address from the list, * aliases don't make any sense on a p2p link anyway. */ si = 0; s = pserialize_read_enter(); IFADDR_READER_FOREACH(ifa, ifp) { if (ifa->ifa_addr->sa_family == AF_INET) { si = (struct sockaddr_in *)ifa->ifa_addr; sm = (struct sockaddr_in *)ifa->ifa_netmask; if (si) { ifa_acquire(ifa, &psref); break; } } } pserialize_read_exit(s); if (ifa) { if (si && si->sin_addr.s_addr) { ssrc = si->sin_addr.s_addr; if (srcmask) *srcmask = ntohl(sm->sin_addr.s_addr); } si = (struct sockaddr_in *)ifa->ifa_dstaddr; if (si && si->sin_addr.s_addr) ddst = si->sin_addr.s_addr; ifa_release(ifa, &psref); } if (dst) *dst = ntohl(ddst); if (src) *src = ntohl(ssrc); } /* * Set IP addresses. Must be called at splnet. * If an address is 0, leave it the way it is. */ static void sppp_set_ip_addrs_work(struct work *wk, struct sppp *sp) { STDDCL; struct ifaddr *ifa; struct sockaddr_in *si, *dest; uint32_t myaddr = 0, hisaddr = 0; int s; IFNET_LOCK(ifp); /* * Pick the first AF_INET address from the list, * aliases don't make any sense on a p2p link anyway. */ si = dest = NULL; s = pserialize_read_enter(); IFADDR_READER_FOREACH(ifa, ifp) { if (ifa->ifa_addr->sa_family == AF_INET) { si = (struct sockaddr_in *)ifa->ifa_addr; dest = (struct sockaddr_in *)ifa->ifa_dstaddr; break; } } pserialize_read_exit(s); if ((sp->ipcp.flags & IPCP_MYADDR_DYN) && (sp->ipcp.flags & IPCP_MYADDR_SEEN)) myaddr = sp->ipcp.req_myaddr; else if (si != NULL) myaddr = ntohl(si->sin_addr.s_addr); if ((sp->ipcp.flags & IPCP_HISADDR_DYN) && (sp->ipcp.flags & IPCP_HISADDR_SEEN)) hisaddr = sp->ipcp.req_hisaddr; else if (dest != NULL) hisaddr = ntohl(dest->sin_addr.s_addr); if (si != NULL && dest != NULL) { int error; struct sockaddr_in new_sin = *si; struct sockaddr_in new_dst = *dest; if (myaddr != 0) new_sin.sin_addr.s_addr = htonl(myaddr); if (hisaddr != 0) { new_dst.sin_addr.s_addr = htonl(hisaddr); if (new_dst.sin_addr.s_addr != dest->sin_addr.s_addr) sp->ipcp.saved_hisaddr = dest->sin_addr.s_addr; } in_addrhash_remove(ifatoia(ifa)); error = in_ifinit(ifp, ifatoia(ifa), &new_sin, &new_dst, 0); in_addrhash_insert(ifatoia(ifa)); if (debug && error) { log(LOG_DEBUG, "%s: %s: in_ifinit failed, error=%d\n", ifp->if_xname, __func__, error); } if (!error) { pfil_run_addrhooks(if_pfil, SIOCAIFADDR, ifa); } } if (ifp->if_mtu > sp->lcp.their_mru) { sp->pp_saved_mtu = ifp->if_mtu; ifp->if_mtu = sp->lcp.their_mru; if (debug) log(LOG_DEBUG, "%s: setting MTU to %" PRIu64 " bytes\n", ifp->if_xname, ifp->if_mtu); } IFNET_UNLOCK(ifp); sppp_notify_con(sp); } static void sppp_set_ip_addrs(struct sppp *sp) { struct ifnet *ifp = &sp->pp_if; if (!pcq_put(sp->ipcp.update_addrs_q, (void *)IPCP_SET_ADDRS)) { log(LOG_WARNING, "%s: cannot enqueued, ignore sppp_clear_ip_addrs\n", ifp->if_xname); return; } if (atomic_swap_uint(&sp->ipcp.update_addrs_enqueued, 1) == 1) return; workqueue_enqueue(sp->ipcp.update_addrs_wq, &sp->ipcp.update_addrs_wk, NULL); } /* * Clear IP addresses. Must be called at splnet. */ static void sppp_clear_ip_addrs_work(struct work *wk, struct sppp *sp) { STDDCL; struct ifaddr *ifa; struct sockaddr_in *si, *dest; int s; IFNET_LOCK(ifp); /* * Pick the first AF_INET address from the list, * aliases don't make any sense on a p2p link anyway. */ si = dest = NULL; s = pserialize_read_enter(); IFADDR_READER_FOREACH(ifa, ifp) { if (ifa->ifa_addr->sa_family == AF_INET) { si = (struct sockaddr_in *)ifa->ifa_addr; dest = (struct sockaddr_in *)ifa->ifa_dstaddr; break; } } pserialize_read_exit(s); if (si != NULL) { struct sockaddr_in new_sin = *si; struct sockaddr_in new_dst = *dest; int error; if (sp->ipcp.flags & IPCP_MYADDR_DYN) new_sin.sin_addr.s_addr = 0; if (sp->ipcp.flags & IPCP_HISADDR_DYN) new_dst.sin_addr.s_addr = sp->ipcp.saved_hisaddr; in_addrhash_remove(ifatoia(ifa)); error = in_ifinit(ifp, ifatoia(ifa), &new_sin, &new_dst, 0); in_addrhash_insert(ifatoia(ifa)); if (debug && error) { log(LOG_DEBUG, "%s: %s: in_ifinit failed, error=%d\n", ifp->if_xname, __func__, error); } if (!error) { pfil_run_addrhooks(if_pfil, SIOCAIFADDR, ifa); } } if (sp->pp_saved_mtu > 0) { ifp->if_mtu = sp->pp_saved_mtu; sp->pp_saved_mtu = 0; if (debug) log(LOG_DEBUG, "%s: resetting MTU to %" PRIu64 " bytes\n", ifp->if_xname, ifp->if_mtu); } IFNET_UNLOCK(ifp); } static void sppp_clear_ip_addrs(struct sppp *sp) { struct ifnet *ifp = &sp->pp_if; if (!pcq_put(sp->ipcp.update_addrs_q, (void *)IPCP_CLEAR_ADDRS)) { log(LOG_WARNING, "%s: cannot enqueued, ignore sppp_clear_ip_addrs\n", ifp->if_xname); return; } if (atomic_swap_uint(&sp->ipcp.update_addrs_enqueued, 1) == 1) return; workqueue_enqueue(sp->ipcp.update_addrs_wq, &sp->ipcp.update_addrs_wk, NULL); } static void sppp_update_ip_addrs_work(struct work *wk, void *arg) { struct sppp *sp = arg; void *work; atomic_swap_uint(&sp->ipcp.update_addrs_enqueued, 0); while ((work = pcq_get(sp->ipcp.update_addrs_q)) != NULL) { int update = (intptr_t)work; if (update == IPCP_SET_ADDRS) sppp_set_ip_addrs_work(wk, sp); else if (update == IPCP_CLEAR_ADDRS) sppp_clear_ip_addrs_work(wk, sp); } } #endif #ifdef INET6 /* * Get both IPv6 addresses. */ static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst, struct in6_addr *srcmask) { struct ifnet *ifp = &sp->pp_if; struct ifaddr *ifa; struct sockaddr_in6 *si, *sm; struct in6_addr ssrc, ddst; int s; struct psref psref; sm = NULL; memset(&ssrc, 0, sizeof(ssrc)); memset(&ddst, 0, sizeof(ddst)); /* * Pick the first link-local AF_INET6 address from the list, * aliases don't make any sense on a p2p link anyway. */ si = 0; s = pserialize_read_enter(); IFADDR_READER_FOREACH(ifa, ifp) { if (ifa->ifa_addr->sa_family == AF_INET6) { si = (struct sockaddr_in6 *)ifa->ifa_addr; sm = (struct sockaddr_in6 *)ifa->ifa_netmask; if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr)) { ifa_acquire(ifa, &psref); break; } } } pserialize_read_exit(s); if (ifa) { if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) { memcpy(&ssrc, &si->sin6_addr, sizeof(ssrc)); if (srcmask) { memcpy(srcmask, &sm->sin6_addr, sizeof(*srcmask)); } } si = (struct sockaddr_in6 *)ifa->ifa_dstaddr; if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) memcpy(&ddst, &si->sin6_addr, sizeof(ddst)); ifa_release(ifa, &psref); } if (dst) memcpy(dst, &ddst, sizeof(*dst)); if (src) memcpy(src, &ssrc, sizeof(*src)); } #ifdef IPV6CP_MYIFID_DYN /* * Generate random ifid. */ static void sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr) { /* TBD */ } /* * Set my IPv6 address. Must be called at splnet. */ static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src) { STDDCL; struct ifaddr *ifa; struct sockaddr_in6 *sin6; int s; struct psref psref; IFNET_LOCK(ifp); /* * Pick the first link-local AF_INET6 address from the list, * aliases don't make any sense on a p2p link anyway. */ sin6 = NULL; s = pserialize_read_enter(); IFADDR_READER_FOREACH(ifa, ifp) { if (ifa->ifa_addr->sa_family == AF_INET6) { sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { ifa_acquire(ifa, &psref); break; } } } pserialize_read_exit(s); if (ifa && sin6) { int error; struct sockaddr_in6 new_sin6 = *sin6; memcpy(&new_sin6.sin6_addr, src, sizeof(new_sin6.sin6_addr)); error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1); if (debug && error) { log(LOG_DEBUG, "%s: %s: in6_ifinit failed, error=%d\n", ifp->if_xname, __func__, error); } if (!error) { pfil_run_addrhooks(if_pfil, SIOCAIFADDR_IN6, ifa); } ifa_release(ifa, &psref); } IFNET_UNLOCK(ifp); } #endif /* * Suggest a candidate address to be used by peer. */ static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest) { struct in6_addr myaddr; struct timeval tv; sppp_get_ip6_addrs(sp, &myaddr, 0, 0); myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */ microtime(&tv); if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) { myaddr.s6_addr[14] ^= 0xff; myaddr.s6_addr[15] ^= 0xff; } else { myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff); myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff); } if (suggest) memcpy(suggest, &myaddr, sizeof(myaddr)); } #endif /*INET6*/ /* * Process ioctl requests specific to the PPP interface. * Permissions have already been checked. */ static int sppp_params(struct sppp *sp, u_long cmd, void *data) { switch (cmd) { case SPPPGETAUTHCFG: { struct spppauthcfg *cfg = (struct spppauthcfg *)data; int error; size_t len; SPPP_LOCK(sp, RW_READER); cfg->myauthflags = sp->myauth.flags; cfg->hisauthflags = sp->hisauth.flags; strlcpy(cfg->ifname, sp->pp_if.if_xname, sizeof(cfg->ifname)); cfg->hisauth = 0; if (sp->hisauth.proto) cfg->hisauth = (sp->hisauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP; cfg->myauth = 0; if (sp->myauth.proto) cfg->myauth = (sp->myauth.proto == PPP_PAP) ? SPPP_AUTHPROTO_PAP : SPPP_AUTHPROTO_CHAP; if (cfg->myname_length == 0) { if (sp->myauth.name != NULL) cfg->myname_length = sp->myauth.name_len + 1; } else { if (sp->myauth.name == NULL) { cfg->myname_length = 0; } else { len = sp->myauth.name_len + 1; if (cfg->myname_length < len) { SPPP_UNLOCK(sp); return (ENAMETOOLONG); } error = copyout(sp->myauth.name, cfg->myname, len); if (error) { SPPP_UNLOCK(sp); return error; } } } if (cfg->hisname_length == 0) { if (sp->hisauth.name != NULL) cfg->hisname_length = sp->hisauth.name_len + 1; } else { if (sp->hisauth.name == NULL) { cfg->hisname_length = 0; } else { len = sp->hisauth.name_len + 1; if (cfg->hisname_length < len) { SPPP_UNLOCK(sp); return (ENAMETOOLONG); } error = copyout(sp->hisauth.name, cfg->hisname, len); if (error) { SPPP_UNLOCK(sp); return error; } } } SPPP_UNLOCK(sp); } break; case SPPPSETAUTHCFG: { struct spppauthcfg *cfg = (struct spppauthcfg *)data; int error; SPPP_LOCK(sp, RW_WRITER); if (sp->myauth.name) { free(sp->myauth.name, M_DEVBUF); sp->myauth.name = NULL; } if (sp->myauth.secret) { free(sp->myauth.secret, M_DEVBUF); sp->myauth.secret = NULL; } if (sp->hisauth.name) { free(sp->hisauth.name, M_DEVBUF); sp->hisauth.name = NULL; } if (sp->hisauth.secret) { free(sp->hisauth.secret, M_DEVBUF); sp->hisauth.secret = NULL; } if (cfg->hisname != NULL && cfg->hisname_length > 0) { if (cfg->hisname_length >= MCLBYTES) { SPPP_UNLOCK(sp); return (ENAMETOOLONG); } sp->hisauth.name = malloc(cfg->hisname_length, M_DEVBUF, M_WAITOK); error = copyin(cfg->hisname, sp->hisauth.name, cfg->hisname_length); if (error) { free(sp->hisauth.name, M_DEVBUF); sp->hisauth.name = NULL; SPPP_UNLOCK(sp); return error; } sp->hisauth.name_len = cfg->hisname_length - 1; sp->hisauth.name[sp->hisauth.name_len] = 0; } if (cfg->hissecret != NULL && cfg->hissecret_length > 0) { if (cfg->hissecret_length >= MCLBYTES) { SPPP_UNLOCK(sp); return (ENAMETOOLONG); } sp->hisauth.secret = malloc(cfg->hissecret_length, M_DEVBUF, M_WAITOK); error = copyin(cfg->hissecret, sp->hisauth.secret, cfg->hissecret_length); if (error) { free(sp->hisauth.secret, M_DEVBUF); sp->hisauth.secret = NULL; SPPP_UNLOCK(sp); return error; } sp->hisauth.secret_len = cfg->hissecret_length - 1; sp->hisauth.secret[sp->hisauth.secret_len] = 0; } if (cfg->myname != NULL && cfg->myname_length > 0) { if (cfg->myname_length >= MCLBYTES) { SPPP_UNLOCK(sp); return (ENAMETOOLONG); } sp->myauth.name = malloc(cfg->myname_length, M_DEVBUF, M_WAITOK); error = copyin(cfg->myname, sp->myauth.name, cfg->myname_length); if (error) { free(sp->myauth.name, M_DEVBUF); sp->myauth.name = NULL; SPPP_UNLOCK(sp); return error; } sp->myauth.name_len = cfg->myname_length - 1; sp->myauth.name[sp->myauth.name_len] = 0; } if (cfg->mysecret != NULL && cfg->mysecret_length > 0) { if (cfg->mysecret_length >= MCLBYTES) { SPPP_UNLOCK(sp); return (ENAMETOOLONG); } sp->myauth.secret = malloc(cfg->mysecret_length, M_DEVBUF, M_WAITOK); error = copyin(cfg->mysecret, sp->myauth.secret, cfg->mysecret_length); if (error) { free(sp->myauth.secret, M_DEVBUF); sp->myauth.secret = NULL; SPPP_UNLOCK(sp); return error; } sp->myauth.secret_len = cfg->mysecret_length - 1; sp->myauth.secret[sp->myauth.secret_len] = 0; } sp->myauth.flags = cfg->myauthflags; if (cfg->myauth) sp->myauth.proto = (cfg->myauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP; sp->hisauth.flags = cfg->hisauthflags; if (cfg->hisauth) sp->hisauth.proto = (cfg->hisauth == SPPP_AUTHPROTO_PAP) ? PPP_PAP : PPP_CHAP; sp->pp_auth_failures = 0; if (sp->hisauth.proto != 0) sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO); else sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO); SPPP_UNLOCK(sp); } break; case SPPPGETLCPCFG: { struct sppplcpcfg *lcpp = (struct sppplcpcfg *)data; SPPP_LOCK(sp, RW_READER); lcpp->lcp_timeout = sp->lcp.timeout; SPPP_UNLOCK(sp); } break; case SPPPSETLCPCFG: { struct sppplcpcfg *lcpp = (struct sppplcpcfg *)data; SPPP_LOCK(sp, RW_WRITER); sp->lcp.timeout = lcpp->lcp_timeout; SPPP_UNLOCK(sp); } break; case SPPPGETSTATUS: { struct spppstatus *status = (struct spppstatus *)data; SPPP_LOCK(sp, RW_READER); status->phase = sp->pp_phase; SPPP_UNLOCK(sp); } break; case SPPPGETSTATUSNCP: { struct spppstatusncp *status = (struct spppstatusncp *)data; SPPP_LOCK(sp, RW_READER); status->phase = sp->pp_phase; status->ncpup = sppp_cp_check(sp, CP_NCP); SPPP_UNLOCK(sp); } break; case SPPPGETIDLETO: { struct spppidletimeout *to = (struct spppidletimeout *)data; SPPP_LOCK(sp, RW_READER); to->idle_seconds = sp->pp_idle_timeout; SPPP_UNLOCK(sp); } break; case SPPPSETIDLETO: { struct spppidletimeout *to = (struct spppidletimeout *)data; SPPP_LOCK(sp, RW_WRITER); sp->pp_idle_timeout = to->idle_seconds; SPPP_UNLOCK(sp); } break; case SPPPSETAUTHFAILURE: { struct spppauthfailuresettings *afsettings = (struct spppauthfailuresettings *)data; SPPP_LOCK(sp, RW_WRITER); sp->pp_max_auth_fail = afsettings->max_failures; sp->pp_auth_failures = 0; SPPP_UNLOCK(sp); } break; case SPPPGETAUTHFAILURES: { struct spppauthfailurestats *stats = (struct spppauthfailurestats *)data; SPPP_LOCK(sp, RW_READER); stats->auth_failures = sp->pp_auth_failures; stats->max_failures = sp->pp_max_auth_fail; SPPP_UNLOCK(sp); } break; case SPPPSETDNSOPTS: { struct spppdnssettings *req = (struct spppdnssettings *)data; SPPP_LOCK(sp, RW_WRITER); sp->query_dns = req->query_dns & 3; SPPP_UNLOCK(sp); } break; case SPPPGETDNSOPTS: { struct spppdnssettings *req = (struct spppdnssettings *)data; SPPP_LOCK(sp, RW_READER); req->query_dns = sp->query_dns; SPPP_UNLOCK(sp); } break; case SPPPGETDNSADDRS: { struct spppdnsaddrs *addrs = (struct spppdnsaddrs *)data; SPPP_LOCK(sp, RW_READER); memcpy(&addrs->dns, &sp->dns_addrs, sizeof addrs->dns); SPPP_UNLOCK(sp); } break; case SPPPGETKEEPALIVE: { struct spppkeepalivesettings *settings = (struct spppkeepalivesettings*)data; SPPP_LOCK(sp, RW_READER); settings->maxalive = sp->pp_maxalive; settings->max_noreceive = sp->pp_max_noreceive; SPPP_UNLOCK(sp); } break; case SPPPSETKEEPALIVE: { struct spppkeepalivesettings *settings = (struct spppkeepalivesettings*)data; SPPP_LOCK(sp, RW_WRITER); sp->pp_maxalive = settings->maxalive; sp->pp_max_noreceive = settings->max_noreceive; SPPP_UNLOCK(sp); } break; default: { int ret; MODULE_HOOK_CALL(sppp_params_50_hook, (sp, cmd, data), enosys(), ret); if (ret != ENOSYS) return ret; return (EINVAL); } } return (0); } static void sppp_phase_network(struct sppp *sp) { int i; KASSERT(SPPP_WLOCKED(sp)); sppp_change_phase(sp, SPPP_PHASE_NETWORK); /* Notify NCPs now. */ for (i = 0; i < IDX_COUNT; i++) if ((cps[i])->flags & CP_NCP) sppp_wq_add(sp->wq_cp, &sp->scp[i].work_open); } static const char * sppp_cp_type_name(u_char type) { static char buf[12]; switch (type) { case CONF_REQ: return "conf-req"; case CONF_ACK: return "conf-ack"; case CONF_NAK: return "conf-nak"; case CONF_REJ: return "conf-rej"; case TERM_REQ: return "term-req"; case TERM_ACK: return "term-ack"; case CODE_REJ: return "code-rej"; case PROTO_REJ: return "proto-rej"; case ECHO_REQ: return "echo-req"; case ECHO_REPLY: return "echo-reply"; case DISC_REQ: return "discard-req"; } snprintf(buf, sizeof(buf), "0x%x", type); return buf; } static const char * sppp_auth_type_name(u_short proto, u_char type) { static char buf[32]; const char *name; switch (proto) { case PPP_CHAP: switch (type) { case CHAP_CHALLENGE: return "challenge"; case CHAP_RESPONSE: return "response"; case CHAP_SUCCESS: return "success"; case CHAP_FAILURE: return "failure"; default: name = "chap"; break; } break; case PPP_PAP: switch (type) { case PAP_REQ: return "req"; case PAP_ACK: return "ack"; case PAP_NAK: return "nak"; default: name = "pap"; break; } break; default: name = "bad"; break; } snprintf(buf, sizeof(buf), "%s(%#x) %#x", name, proto, type); return buf; } static const char * sppp_lcp_opt_name(u_char opt) { static char buf[12]; switch (opt) { case LCP_OPT_MRU: return "mru"; case LCP_OPT_ASYNC_MAP: return "async-map"; case LCP_OPT_AUTH_PROTO: return "auth-proto"; case LCP_OPT_QUAL_PROTO: return "qual-proto"; case LCP_OPT_MAGIC: return "magic"; case LCP_OPT_PROTO_COMP: return "proto-comp"; case LCP_OPT_ADDR_COMP: return "addr-comp"; case LCP_OPT_SELF_DESC_PAD: return "sdpad"; case LCP_OPT_CALL_BACK: return "callback"; case LCP_OPT_COMPOUND_FRMS: return "cmpd-frms"; case LCP_OPT_MP_MRRU: return "mrru"; case LCP_OPT_MP_SSNHF: return "mp-ssnhf"; case LCP_OPT_MP_EID: return "mp-eid"; } snprintf(buf, sizeof(buf), "0x%x", opt); return buf; } static const char * sppp_ipcp_opt_name(u_char opt) { static char buf[12]; switch (opt) { case IPCP_OPT_ADDRESSES: return "addresses"; case IPCP_OPT_COMPRESSION: return "compression"; case IPCP_OPT_ADDRESS: return "address"; } snprintf(buf, sizeof(buf), "0x%x", opt); return buf; } #ifdef INET6 static const char * sppp_ipv6cp_opt_name(u_char opt) { static char buf[12]; switch (opt) { case IPV6CP_OPT_IFID: return "ifid"; case IPV6CP_OPT_COMPRESSION: return "compression"; } snprintf(buf, sizeof(buf), "0x%x", opt); return buf; } #endif static const char * sppp_state_name(int state) { switch (state) { case STATE_INITIAL: return "initial"; case STATE_STARTING: return "starting"; case STATE_CLOSED: return "closed"; case STATE_STOPPED: return "stopped"; case STATE_CLOSING: return "closing"; case STATE_STOPPING: return "stopping"; case STATE_REQ_SENT: return "req-sent"; case STATE_ACK_RCVD: return "ack-rcvd"; case STATE_ACK_SENT: return "ack-sent"; case STATE_OPENED: return "opened"; } return "illegal"; } static const char * sppp_phase_name(int phase) { switch (phase) { case SPPP_PHASE_DEAD: return "dead"; case SPPP_PHASE_ESTABLISH: return "establish"; case SPPP_PHASE_TERMINATE: return "terminate"; case SPPP_PHASE_AUTHENTICATE: return "authenticate"; case SPPP_PHASE_NETWORK: return "network"; } return "illegal"; } static const char * sppp_proto_name(u_short proto) { static char buf[12]; switch (proto) { case PPP_LCP: return "lcp"; case PPP_IPCP: return "ipcp"; case PPP_PAP: return "pap"; case PPP_CHAP: return "chap"; case PPP_IPV6CP: return "ipv6cp"; } snprintf(buf, sizeof(buf), "0x%x", (unsigned)proto); return buf; } static void sppp_print_bytes(const u_char *p, u_short len) { addlog(" %02x", *p++); while (--len > 0) addlog("-%02x", *p++); } static void sppp_print_string(const char *p, u_short len) { u_char c; while (len-- > 0) { c = *p++; /* * Print only ASCII chars directly. RFC 1994 recommends * using only them, but we don't rely on it. */ if (c < ' ' || c > '~') addlog("\\x%x", c); else addlog("%c", c); } } static const char * sppp_dotted_quad(uint32_t addr) { static char s[16]; snprintf(s, sizeof(s), "%d.%d.%d.%d", (int)((addr >> 24) & 0xff), (int)((addr >> 16) & 0xff), (int)((addr >> 8) & 0xff), (int)(addr & 0xff)); return s; } /* a dummy, used to drop uninteresting events */ static void sppp_null(struct sppp *unused) { /* do just nothing */ } static void sppp_tls(const struct cp *cp, struct sppp *sp) { /* notify lcp that is lower layer */ sp->lcp.protos |= (1 << cp->protoidx); if (sp->scp[IDX_LCP].state == STATE_OPENED) sppp_wq_add(sp->wq_cp, &sp->scp[cp->protoidx].work_up); } static void sppp_tlf(const struct cp *cp, struct sppp *sp) { STDDCL; if (debug) log(LOG_DEBUG, "%s: %s tlf\n", ifp->if_xname, cp->name); /* notify lcp that is lower layer */ sp->lcp.protos &= ~(1 << cp->protoidx); /* cleanup */ if (sp->scp[cp->protoidx].rcr_buf != NULL) { kmem_free(sp->scp[cp->protoidx].rcr_buf, sp->scp[cp->protoidx].rcr_blen); } sp->scp[cp->protoidx].rcr_buf = NULL; sp->scp[cp->protoidx].rcr_blen = 0; sp->scp[cp->protoidx].rcr_rlen = 0; sppp_lcp_check_and_close(sp); } static void sppp_sca_scn(const struct cp *cp, struct sppp *sp) { STDDCL; u_char rconfid, type, rlen; void *buf; size_t blen; rconfid = sp->scp[cp->protoidx].rconfid; type = sp->scp[cp->protoidx].rcr_type; buf = sp->scp[cp->protoidx].rcr_buf; rlen = sp->scp[cp->protoidx].rcr_rlen; blen = sp->scp[cp->protoidx].rcr_blen; sp->scp[cp->protoidx].rcr_buf = NULL; sp->scp[cp->protoidx].rcr_blen = 0; if (buf != NULL) { if (rlen > 0) { if (debug) { log(LOG_DEBUG, "%s: send %s\n", ifp->if_xname, sppp_cp_type_name(type)); } sppp_cp_send(sp, cp->proto, type, rconfid, rlen, buf); } kmem_free(buf, blen); } } static void sppp_ifdown(struct sppp *sp, void *xcp __unused) { SPPP_UNLOCK(sp); if_down(&sp->pp_if); IF_PURGE(&sp->pp_cpq); SPPP_LOCK(sp, RW_WRITER); } /* * This file is large. Tell emacs to highlight it nevertheless. * * Local Variables: * hilit-auto-highlight-maxout: 120000 * End: */ /* * Module glue */ MODULE(MODULE_CLASS_MISC, sppp_subr, NULL); static int sppp_subr_modcmd(modcmd_t cmd, void *arg) { switch (cmd) { case MODULE_CMD_INIT: case MODULE_CMD_FINI: return 0; case MODULE_CMD_STAT: case MODULE_CMD_AUTOUNLOAD: default: return ENOTTY; } } static void sppp_notify_up(struct sppp *sp) { sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_up); } static void sppp_notify_down(struct sppp *sp) { sppp_wq_add(sp->wq_cp, &sp->scp[IDX_LCP].work_down); } static void sppp_notify_tls_wlocked(struct sppp *sp) { KASSERT(SPPP_WLOCKED(sp)); if (!sp->pp_tls) return; SPPP_UNLOCK(sp); sp->pp_tls(sp); SPPP_LOCK(sp, RW_WRITER); } static void sppp_notify_tlf_wlocked(struct sppp *sp) { KASSERT(SPPP_WLOCKED(sp)); if (!sp->pp_tlf) return; SPPP_UNLOCK(sp); sp->pp_tlf(sp); SPPP_LOCK(sp, RW_WRITER); } static void sppp_notify_con(struct sppp *sp) { if (!sp->pp_con) return; sp->pp_con(sp); } #ifdef INET6 static void sppp_notify_con_wlocked(struct sppp *sp) { KASSERT(SPPP_WLOCKED(sp)); SPPP_UNLOCK(sp); sppp_notify_con(sp); SPPP_LOCK(sp, RW_WRITER); } #endif static void sppp_notify_chg_wlocked(struct sppp *sp) { KASSERT(SPPP_WLOCKED(sp)); if (!sp->pp_chg) return; SPPP_UNLOCK(sp); sp->pp_chg(sp, sp->pp_phase); SPPP_LOCK(sp, RW_WRITER); } static void sppp_wq_work(struct work *wk, void *xsp) { struct sppp *sp; struct sppp_work *work; sp = xsp; work = container_of(wk, struct sppp_work, work); atomic_cas_uint(&work->state, SPPP_WK_BUSY, SPPP_WK_FREE); SPPP_LOCK(sp, RW_WRITER); work->func(sp, work->arg); SPPP_UNLOCK(sp); } static struct workqueue * sppp_wq_create(struct sppp *sp, const char *xnamebuf, pri_t prio, int ipl, int flags) { struct workqueue *wq; int error; error = workqueue_create(&wq, xnamebuf, sppp_wq_work, (void *)sp, prio, ipl, flags); if (error) { panic("%s: workqueue_create failed [%s, %d]\n", sp->pp_if.if_xname, xnamebuf, error); } return wq; } static void sppp_wq_destroy(struct sppp *sp __unused, struct workqueue *wq) { workqueue_destroy(wq); } static void sppp_wq_set(struct sppp_work *work, void (*func)(struct sppp *, void *), void *arg) { work->func = func; work->arg = arg; } static void sppp_wq_add(struct workqueue *wq, struct sppp_work *work) { if (atomic_cas_uint(&work->state, SPPP_WK_FREE, SPPP_WK_BUSY) != SPPP_WK_FREE) return; KASSERT(work->func != NULL); kpreempt_disable(); workqueue_enqueue(wq, &work->work, NULL); kpreempt_enable(); } static void sppp_wq_wait(struct workqueue *wq, struct sppp_work *work) { atomic_swap_uint(&work->state, SPPP_WK_UNAVAIL); workqueue_wait(wq, &work->work); }