projects / dragonfly.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | history | HEAD
Fix more wrong sizeof() usages, part 1/x
[dragonfly.git] / sys / net / sppp / if_spppsubr.c
CommitLineData
984263bc
MD		 1/*
2 * Synchronous PPP/Cisco link level subroutines.
3 * Keepalive protocol implemented in both Cisco and PPP modes.
4 *
5 * Copyright (C) 1994-1996 Cronyx Engineering Ltd.
6 * Author: Serge Vakulenko, <vak@cronyx.ru>
7 *
8 * Heavily revamped to conform to RFC 1661.
9 * Copyright (C) 1997, 2001 Joerg Wunsch.
10 *
11 * This software is distributed with NO WARRANTIES, not even the implied
12 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
13 *
14 * Authors grant any other persons or organisations permission to use
15 * or modify this software as long as this message is kept with the software,
16 * all derivative works or modified versions.
17 *
18 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997
19 *
20 * $FreeBSD: src/sys/net/if_spppsubr.c,v 1.59.2.13 2002/07/03 15:44:41 joerg Exp $
21 */
22
23#include <sys/param.h>
24
ced1da93 25#if defined(__DragonFly__)
984263bc
MD		 26#include "opt_inet.h"
27#include "opt_inet6.h"
28#include "opt_ipx.h"
29#endif
30
31#ifdef NetBSD1_3
32# if NetBSD1_3 > 6
33# include "opt_inet.h"
34# include "opt_inet6.h"
35# include "opt_iso.h"
36# endif
37#endif
38
39#include <sys/systm.h>
40#include <sys/kernel.h>
41#include <sys/module.h>
42#include <sys/sockio.h>
43#include <sys/socket.h>
44#include <sys/syslog.h>
7135f971 45#if defined(__DragonFly__)
984263bc 46#include <sys/random.h>
e07612f9 47#include <sys/thread2.h>
984263bc
MD		 48#endif
49#include <sys/malloc.h>
50#include <sys/mbuf.h>
51
52#if defined (__OpenBSD__)
53#include <sys/md5k.h>
54#else
55#include <sys/md5.h>
56#endif
57
58#include <net/if.h>
4d723e5a 59#include <net/ifq_var.h>
984263bc
MD		 60#include <net/netisr.h>
61#include <net/if_types.h>
62#include <net/route.h>
63#include <netinet/in.h>
64#include <netinet/in_systm.h>
65#include <netinet/ip.h>
66#include <net/slcompress.h>
67
68#if defined (__NetBSD__) || defined (__OpenBSD__)
69#include <machine/cpu.h> /* XXX for softnet */
70#endif
71
72#include <machine/stdarg.h>
73
74#include <netinet/in.h>
75#include <netinet/in_systm.h>
76#include <netinet/in_var.h>
77
78#ifdef INET
79#include <netinet/ip.h>
80#include <netinet/tcp.h>
81#endif
82
e73aa4c7 83#if defined (__DragonFly__) || defined (__OpenBSD__)
984263bc
MD		 84# include <netinet/if_ether.h>
85#else
86# include <net/ethertypes.h>
87#endif
88
89#ifdef IPX
d2438d69
MD		 90#include <netproto/ipx/ipx.h>
91#include <netproto/ipx/ipx_if.h>
984263bc
MD		 92#endif
93
1f2de5d4 94#include "if_sppp.h"
984263bc 95
f40902e1 96#define IOCTL_CMD_T u_long
984263bc
MD		 97#define MAXALIVECNT 3 /* max. alive packets */
98
99/*
100 * Interface flags that can be set in an ifconfig command.
101 *
102 * Setting link0 will make the link passive, i.e. it will be marked
103 * as being administrative openable, but won't be opened to begin
104 * with. Incoming calls will be answered, or subsequent calls with
105 * -link1 will cause the administrative open of the LCP layer.
106 *
107 * Setting link1 will cause the link to auto-dial only as packets
108 * arrive to be sent.
109 *
110 * Setting IFF_DEBUG will syslog the option negotiation and state
111 * transitions at level kern.debug. Note: all logs consistently look
112 * like
113 *
114 * <if-name><unit>: <proto-name> <additional info...>
115 *
116 * with <if-name><unit> being something like "bppp0", and <proto-name>
117 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc.
118 */
119
120#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */
121#define IFF_AUTO IFF_LINK1 /* auto-dial on output */
122#define IFF_CISCO IFF_LINK2 /* auto-dial on output */
123
124#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */
125#define PPP_UI 0x03 /* Unnumbered Information */
126#define PPP_IP 0x0021 /* Internet Protocol */
127#define PPP_ISO 0x0023 /* ISO OSI Protocol */
128#define PPP_XNS 0x0025 /* Xerox NS Protocol */
129#define PPP_IPX 0x002b /* Novell IPX Protocol */
130#define PPP_VJ_COMP 0x002d /* VJ compressed TCP/IP */
131#define PPP_VJ_UCOMP 0x002f /* VJ uncompressed TCP/IP */
132#define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */
133#define PPP_LCP 0xc021 /* Link Control Protocol */
134#define PPP_PAP 0xc023 /* Password Authentication Protocol */
135#define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */
136#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */
137#define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */
138
139#define CONF_REQ 1 /* PPP configure request */
140#define CONF_ACK 2 /* PPP configure acknowledge */
141#define CONF_NAK 3 /* PPP configure negative ack */
142#define CONF_REJ 4 /* PPP configure reject */
143#define TERM_REQ 5 /* PPP terminate request */
144#define TERM_ACK 6 /* PPP terminate acknowledge */
145#define CODE_REJ 7 /* PPP code reject */
146#define PROTO_REJ 8 /* PPP protocol reject */
147#define ECHO_REQ 9 /* PPP echo request */
148#define ECHO_REPLY 10 /* PPP echo reply */
149#define DISC_REQ 11 /* PPP discard request */
150
151#define LCP_OPT_MRU 1 /* maximum receive unit */
152#define LCP_OPT_ASYNC_MAP 2 /* async control character map */
153#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */
154#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */
155#define LCP_OPT_MAGIC 5 /* magic number */
156#define LCP_OPT_RESERVED 6 /* reserved */
157#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */
158#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */
159
160#define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */
161#define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */
162#define IPCP_OPT_ADDRESS 3 /* local IP address */
163
164#define IPV6CP_OPT_IFID 1 /* interface identifier */
165#define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */
166
167#define IPCP_COMP_VJ 0x2d /* Code for VJ compression */
168
169#define PAP_REQ 1 /* PAP name/password request */
170#define PAP_ACK 2 /* PAP acknowledge */
171#define PAP_NAK 3 /* PAP fail */
172
173#define CHAP_CHALLENGE 1 /* CHAP challenge request */
174#define CHAP_RESPONSE 2 /* CHAP challenge response */
175#define CHAP_SUCCESS 3 /* CHAP response ok */
176#define CHAP_FAILURE 4 /* CHAP response failed */
177
178#define CHAP_MD5 5 /* hash algorithm - MD5 */
179
180#define CISCO_MULTICAST 0x8f /* Cisco multicast address */
181#define CISCO_UNICAST 0x0f /* Cisco unicast address */
182#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */
183#define CISCO_ADDR_REQ 0 /* Cisco address request */
184#define CISCO_ADDR_REPLY 1 /* Cisco address reply */
185#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */
186
187/* states are named and numbered according to RFC 1661 */
188#define STATE_INITIAL 0
189#define STATE_STARTING 1
190#define STATE_CLOSED 2
191#define STATE_STOPPED 3
192#define STATE_CLOSING 4
193#define STATE_STOPPING 5
194#define STATE_REQ_SENT 6
195#define STATE_ACK_RCVD 7
196#define STATE_ACK_SENT 8
197#define STATE_OPENED 9
198
199struct ppp_header {
200 u_char address;
201 u_char control;
202 u_short protocol;
203} __attribute__((__packed__));
204#define PPP_HEADER_LEN sizeof (struct ppp_header)
205
206struct lcp_header {
207 u_char type;
208 u_char ident;
209 u_short len;
210} __attribute__((__packed__));
211#define LCP_HEADER_LEN sizeof (struct lcp_header)
212
213struct cisco_packet {
214 u_long type;
215 u_long par1;
216 u_long par2;
217 u_short rel;
218 u_short time0;
219 u_short time1;
220} __attribute__((__packed__));
221#define CISCO_PACKET_LEN sizeof (struct cisco_packet)
222
223/*
224 * We follow the spelling and capitalization of RFC 1661 here, to make
225 * it easier comparing with the standard. Please refer to this RFC in
226 * case you can't make sense out of these abbreviation; it will also
227 * explain the semantics related to the various events and actions.
228 */
229struct cp {
230 u_short proto; /* PPP control protocol number */
231 u_char protoidx; /* index into state table in struct sppp */
232 u_char flags;
233#define CP_LCP 0x01 /* this is the LCP */
234#define CP_AUTH 0x02 /* this is an authentication protocol */
235#define CP_NCP 0x04 /* this is a NCP */
236#define CP_QUAL 0x08 /* this is a quality reporting protocol */
237 const char *name; /* name of this control protocol */
238 /* event handlers */
239 void (*Up)(struct sppp *sp);
240 void (*Down)(struct sppp *sp);
241 void (*Open)(struct sppp *sp);
242 void (*Close)(struct sppp *sp);
243 void (*TO)(void *sp);
244 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len);
245 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len);
246 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len);
247 /* actions */
248 void (*tlu)(struct sppp *sp);
249 void (*tld)(struct sppp *sp);
250 void (*tls)(struct sppp *sp);
251 void (*tlf)(struct sppp *sp);
252 void (*scr)(struct sppp *sp);
253};
254
255static struct sppp *spppq;
ced1da93 256#if defined(__DragonFly__)
ffb75675 257static struct callout keepalive_timeout;
984263bc
MD		 258#endif
259
3e4a09e7 260#if defined(__FreeBSD__) && __FreeBSD__ >= 3 && !defined(__DragonFly__)
984263bc
MD		 261#define SPP_FMT "%s%d: "
262#define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit
263#else
264#define SPP_FMT "%s: "
265#define SPP_ARGS(ifp) (ifp)->if_xname
266#endif
267
268#ifdef INET
269/*
270 * The following disgusting hack gets around the problem that IP TOS
271 * can't be set yet. We want to put "interactive" traffic on a high
272 * priority queue. To decide if traffic is interactive, we check that
273 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control.
274 *
275 * XXX is this really still necessary? - joerg -
276 */
277static u_short interactive_ports[8] = {
278 0, 513, 0, 0,
279 0, 21, 0, 23,
280};
281#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p))
282#endif
283
284/* almost every function needs these */
285#define STDDCL \
286 struct ifnet *ifp = &sp->pp_if; \
287 int debug = ifp->if_flags & IFF_DEBUG
288
289static int sppp_output(struct ifnet *ifp, struct mbuf *m,
290 struct sockaddr *dst, struct rtentry *rt);
291
292static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2);
293static void sppp_cisco_input(struct sppp *sp, struct mbuf *m);
294
295static void sppp_cp_input(const struct cp *cp, struct sppp *sp,
296 struct mbuf *m);
297static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
298 u_char ident, u_short len, void *data);
299/* static void sppp_cp_timeout(void *arg); */
300static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp,
301 int newstate);
302static void sppp_auth_send(const struct cp *cp,
303 struct sppp *sp, unsigned int type, unsigned int id,
304 ...);
305
306static void sppp_up_event(const struct cp *cp, struct sppp *sp);
307static void sppp_down_event(const struct cp *cp, struct sppp *sp);
308static void sppp_open_event(const struct cp *cp, struct sppp *sp);
309static void sppp_close_event(const struct cp *cp, struct sppp *sp);
310static void sppp_to_event(const struct cp *cp, struct sppp *sp);
311
312static void sppp_null(struct sppp *sp);
313
314static void sppp_lcp_init(struct sppp *sp);
315static void sppp_lcp_up(struct sppp *sp);
316static void sppp_lcp_down(struct sppp *sp);
317static void sppp_lcp_open(struct sppp *sp);
318static void sppp_lcp_close(struct sppp *sp);
319static void sppp_lcp_TO(void *sp);
320static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
321static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
322static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
323static void sppp_lcp_tlu(struct sppp *sp);
324static void sppp_lcp_tld(struct sppp *sp);
325static void sppp_lcp_tls(struct sppp *sp);
326static void sppp_lcp_tlf(struct sppp *sp);
327static void sppp_lcp_scr(struct sppp *sp);
328static void sppp_lcp_check_and_close(struct sppp *sp);
329static int sppp_ncp_check(struct sppp *sp);
330
331static void sppp_ipcp_init(struct sppp *sp);
332static void sppp_ipcp_up(struct sppp *sp);
333static void sppp_ipcp_down(struct sppp *sp);
334static void sppp_ipcp_open(struct sppp *sp);
335static void sppp_ipcp_close(struct sppp *sp);
336static void sppp_ipcp_TO(void *sp);
337static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
338static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
339static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
340static void sppp_ipcp_tlu(struct sppp *sp);
341static void sppp_ipcp_tld(struct sppp *sp);
342static void sppp_ipcp_tls(struct sppp *sp);
343static void sppp_ipcp_tlf(struct sppp *sp);
344static void sppp_ipcp_scr(struct sppp *sp);
345
346static void sppp_ipv6cp_init(struct sppp *sp);
347static void sppp_ipv6cp_up(struct sppp *sp);
348static void sppp_ipv6cp_down(struct sppp *sp);
349static void sppp_ipv6cp_open(struct sppp *sp);
350static void sppp_ipv6cp_close(struct sppp *sp);
351static void sppp_ipv6cp_TO(void *sp);
352static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len);
353static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
354static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
355static void sppp_ipv6cp_tlu(struct sppp *sp);
356static void sppp_ipv6cp_tld(struct sppp *sp);
357static void sppp_ipv6cp_tls(struct sppp *sp);
358static void sppp_ipv6cp_tlf(struct sppp *sp);
359static void sppp_ipv6cp_scr(struct sppp *sp);
360
361static void sppp_pap_input(struct sppp *sp, struct mbuf *m);
362static void sppp_pap_init(struct sppp *sp);
363static void sppp_pap_open(struct sppp *sp);
364static void sppp_pap_close(struct sppp *sp);
365static void sppp_pap_TO(void *sp);
366static void sppp_pap_my_TO(void *sp);
367static void sppp_pap_tlu(struct sppp *sp);
368static void sppp_pap_tld(struct sppp *sp);
369static void sppp_pap_scr(struct sppp *sp);
370
371static void sppp_chap_input(struct sppp *sp, struct mbuf *m);
372static void sppp_chap_init(struct sppp *sp);
373static void sppp_chap_open(struct sppp *sp);
374static void sppp_chap_close(struct sppp *sp);
375static void sppp_chap_TO(void *sp);
376static void sppp_chap_tlu(struct sppp *sp);
377static void sppp_chap_tld(struct sppp *sp);
378static void sppp_chap_scr(struct sppp *sp);
379
380static const char *sppp_auth_type_name(u_short proto, u_char type);
381static const char *sppp_cp_type_name(u_char type);
382static const char *sppp_dotted_quad(u_long addr);
383static const char *sppp_ipcp_opt_name(u_char opt);
384#ifdef INET6
385static const char *sppp_ipv6cp_opt_name(u_char opt);
386#endif
387static const char *sppp_lcp_opt_name(u_char opt);
388static const char *sppp_phase_name(enum ppp_phase phase);
389static const char *sppp_proto_name(u_short proto);
390static const char *sppp_state_name(int state);
391static int sppp_params(struct sppp *sp, u_long cmd, void *data);
392static int sppp_strnlen(u_char *p, int max);
393static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst,
394 u_long *srcmask);
395static void sppp_keepalive(void *dummy);
396static void sppp_phase_network(struct sppp *sp);
397static void sppp_print_bytes(const u_char *p, u_short len);
398static void sppp_print_string(const char *p, u_short len);
984263bc
MD		 399static void sppp_set_ip_addr(struct sppp *sp, u_long src);
400#ifdef INET6
401static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src,
402 struct in6_addr *dst, struct in6_addr *srcmask);
403#ifdef IPV6CP_MYIFID_DYN
404static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src);
405static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src);
406#endif
407static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src);
408#endif
409
410/* our control protocol descriptors */
411static const struct cp lcp = {
412 PPP_LCP, IDX_LCP, CP_LCP, "lcp",
413 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close,
414 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak,
415 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf,
416 sppp_lcp_scr
417};
418
419static const struct cp ipcp = {
420 PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp",
421 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close,
422 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak,
423 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf,
424 sppp_ipcp_scr
425};
426
427static const struct cp ipv6cp = {
428 PPP_IPV6CP, IDX_IPV6CP,
429#ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/
430 CP_NCP,
431#else
432 0,
433#endif
434 "ipv6cp",
435 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close,
436 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak,
437 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf,
438 sppp_ipv6cp_scr
439};
440
441static const struct cp pap = {
442 PPP_PAP, IDX_PAP, CP_AUTH, "pap",
443 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close,
444 sppp_pap_TO, 0, 0, 0,
445 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null,
446 sppp_pap_scr
447};
448
449static const struct cp chap = {
450 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap",
451 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close,
452 sppp_chap_TO, 0, 0, 0,
453 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null,
454 sppp_chap_scr
455};
456
457static const struct cp *cps[IDX_COUNT] = {
458 &lcp, /* IDX_LCP */
459 &ipcp, /* IDX_IPCP */
460 &ipv6cp, /* IDX_IPV6CP */
461 &pap, /* IDX_PAP */
462 &chap, /* IDX_CHAP */
463};
464
465static int
466sppp_modevent(module_t mod, int type, void *unused)
467{
468 switch (type) {
469 case MOD_LOAD:
d8b331db 470 callout_init(&keepalive_timeout);
984263bc
MD		 471 break;
472 case MOD_UNLOAD:
473 return EACCES;
474 break;
475 default:
476 break;
477 }
478 return 0;
479}
480static moduledata_t spppmod = {
481 "sppp",
482 sppp_modevent,
483 0
484};
485MODULE_VERSION(sppp, 1);
486DECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY);
487
488/*
489 * Exported functions, comprising our interface to the lower layer.
490 */
491
492/*
493 * Process the received packet.
494 */
495void
496sppp_input(struct ifnet *ifp, struct mbuf *m)
497{
498 struct ppp_header *h;
8bde602d 499 int isr = -1;
984263bc
MD		 500 struct sppp *sp = (struct sppp *)ifp;
501 u_char *iphdr;
502 int hlen, vjlen, do_account = 0;
503 int debug = ifp->if_flags & IFF_DEBUG;
504
505 if (ifp->if_flags & IFF_UP)
506 /* Count received bytes, add FCS and one flag */
507 ifp->if_ibytes += m->m_pkthdr.len + 3;
508
509 if (m->m_pkthdr.len <= PPP_HEADER_LEN) {
510 /* Too small packet, drop it. */
511 if (debug)
512 log(LOG_DEBUG,
513 SPP_FMT "input packet is too small, %d bytes\n",
514 SPP_ARGS(ifp), m->m_pkthdr.len);
8f706258 515drop:
984263bc 516 m_freem (m);
8f706258 517drop2:
984263bc
MD		 518 ++ifp->if_ierrors;
519 ++ifp->if_iqdrops;
520 return;
521 }
522
523 /* Get PPP header. */
524 h = mtod (m, struct ppp_header*);
525 m_adj (m, PPP_HEADER_LEN);
526
527 switch (h->address) {
528 case PPP_ALLSTATIONS:
529 if (h->control != PPP_UI)
530 goto invalid;
531 if (sp->pp_mode == IFF_CISCO) {
532 if (debug)
533 log(LOG_DEBUG,
534 SPP_FMT "PPP packet in Cisco mode "
535 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
536 SPP_ARGS(ifp),
537 h->address, h->control, ntohs(h->protocol));
538 goto drop;
539 }
540 switch (ntohs (h->protocol)) {
541 default:
542 if (debug)
543 log(LOG_DEBUG,
544 SPP_FMT "rejecting protocol "
545 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
546 SPP_ARGS(ifp),
547 h->address, h->control, ntohs(h->protocol));
548 if (sp->state[IDX_LCP] == STATE_OPENED)
549 sppp_cp_send (sp, PPP_LCP, PROTO_REJ,
550 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2,
551 &h->protocol);
552 ++ifp->if_noproto;
553 goto drop;
554 case PPP_LCP:
555 sppp_cp_input(&lcp, sp, m);
556 m_freem (m);
557 return;
558 case PPP_PAP:
559 if (sp->pp_phase >= PHASE_AUTHENTICATE)
560 sppp_pap_input(sp, m);
561 m_freem (m);
562 return;
563 case PPP_CHAP:
564 if (sp->pp_phase >= PHASE_AUTHENTICATE)
565 sppp_chap_input(sp, m);
566 m_freem (m);
567 return;
568#ifdef INET
569 case PPP_IPCP:
570 if (sp->pp_phase == PHASE_NETWORK)
571 sppp_cp_input(&ipcp, sp, m);
572 m_freem (m);
573 return;
574 case PPP_IP:
575 if (sp->state[IDX_IPCP] == STATE_OPENED) {
8bde602d 576 isr = NETISR_IP;
984263bc
MD		 577 }
578 do_account++;
579 break;
580 case PPP_VJ_COMP:
581 if (sp->state[IDX_IPCP] == STATE_OPENED) {
582 if ((vjlen =
583 sl_uncompress_tcp_core(mtod(m, u_char *),
584 m->m_len, m->m_len,
585 TYPE_COMPRESSED_TCP,
586 sp->pp_comp,
587 &iphdr, &hlen)) <= 0) {
588 if (debug)
589 log(LOG_INFO,
590 SPP_FMT "VJ uncompress failed on compressed packet\n",
591 SPP_ARGS(ifp));
592 goto drop;
593 }
594
595 /*
596 * Trim the VJ header off the packet, and prepend
597 * the uncompressed IP header (which will usually
598 * end up in two chained mbufs since there's not
599 * enough leading space in the existing mbuf).
600 */
601 m_adj(m, vjlen);
74f1caca 602 M_PREPEND(m, hlen, MB_DONTWAIT);
984263bc
MD		 603 if (m == NULL)
604 goto drop2;
605 bcopy(iphdr, mtod(m, u_char *), hlen);
606
8bde602d 607 isr = NETISR_IP;
984263bc
MD		 608 }
609 do_account++;
610 break;
611 case PPP_VJ_UCOMP:
612 if (sp->state[IDX_IPCP] == STATE_OPENED) {
613 if (sl_uncompress_tcp_core(mtod(m, u_char *),
614 m->m_len, m->m_len,
615 TYPE_UNCOMPRESSED_TCP,
616 sp->pp_comp,
617 &iphdr, &hlen) != 0) {
618 if (debug)
619 log(LOG_INFO,
620 SPP_FMT "VJ uncompress failed on uncompressed packet\n",
621 SPP_ARGS(ifp));
622 goto drop;
623 }
8bde602d 624 isr = NETISR_IP;
984263bc
MD		 625 }
626 do_account++;
627 break;
628#endif
629#ifdef INET6
630 case PPP_IPV6CP:
631 if (sp->pp_phase == PHASE_NETWORK)
632 sppp_cp_input(&ipv6cp, sp, m);
633 m_freem (m);
634 return;
635
636 case PPP_IPV6:
637 if (sp->state[IDX_IPV6CP] == STATE_OPENED) {
8bde602d 638 isr = NETISR_IPV6;
984263bc
MD		 639 }
640 do_account++;
641 break;
642#endif
643#ifdef IPX
644 case PPP_IPX:
645 /* IPX IPXCP not implemented yet */
646 if (sp->pp_phase == PHASE_NETWORK) {
8bde602d 647 isr = NETISR_IPX;
984263bc
MD		 648 }
649 do_account++;
650 break;
651#endif
984263bc
MD		 652 }
653 break;
654 case CISCO_MULTICAST:
655 case CISCO_UNICAST:
656 /* Don't check the control field here (RFC 1547). */
657 if (sp->pp_mode != IFF_CISCO) {
658 if (debug)
659 log(LOG_DEBUG,
660 SPP_FMT "Cisco packet in PPP mode "
661 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
662 SPP_ARGS(ifp),
663 h->address, h->control, ntohs(h->protocol));
664 goto drop;
665 }
666 switch (ntohs (h->protocol)) {
667 default:
668 ++ifp->if_noproto;
669 goto invalid;
670 case CISCO_KEEPALIVE:
671 sppp_cisco_input ((struct sppp*) ifp, m);
672 m_freem (m);
673 return;
674#ifdef INET
675 case ETHERTYPE_IP:
8bde602d 676 isr = NETISR_IP;
984263bc
MD		 677 do_account++;
678 break;
679#endif
680#ifdef INET6
681 case ETHERTYPE_IPV6:
8bde602d 682 isr = NETISR_IPV6;
984263bc
MD		 683 do_account++;
684 break;
685#endif
686#ifdef IPX
687 case ETHERTYPE_IPX:
8bde602d 688 isr = NETISR_IPX;
984263bc
MD		 689 do_account++;
690 break;
691#endif
984263bc
MD		 692 }
693 break;
694 default: /* Invalid PPP packet. */
695 invalid:
696 if (debug)
697 log(LOG_DEBUG,
698 SPP_FMT "invalid input packet "
699 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
700 SPP_ARGS(ifp),
701 h->address, h->control, ntohs(h->protocol));
702 goto drop;
703 }
704
8bde602d 705 if (! (ifp->if_flags & IFF_UP) || isr < 0)
984263bc
MD		 706 goto drop;
707
708 /* Check queue. */
8bde602d 709
c3c96e44
MD		 710 netisr_queue(isr, m);
711
712 /*
713 * Do only account for network packets, not for control
714 * packets. This is used by some subsystems to detect
715 * idle lines.
716 */
984263bc 717 if (do_account)
984263bc
MD		 718 sp->pp_last_recv = time_second;
719}
720
721/*
722 * Enqueue transmit packet.
723 */
724static int
9db4b353
SZ		 725sppp_output_serialized(struct ifnet *ifp, struct mbuf *m,
726 struct sockaddr *dst, struct rtentry *rt)
984263bc
MD		 727{
728 struct sppp *sp = (struct sppp*) ifp;
729 struct ppp_header *h;
730 struct ifqueue *ifq = NULL;
e07612f9 731 int rv = 0;
984263bc
MD		 732 int ipproto = PPP_IP;
733 int debug = ifp->if_flags & IFF_DEBUG;
4d723e5a 734 struct altq_pktattr pktattr;
984263bc 735
e07612f9 736 crit_enter();
984263bc
MD		 737
738 if ((ifp->if_flags & IFF_UP) == 0 ||
739 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) {
740#ifdef INET6
741 drop:
742#endif
743 m_freem (m);
e07612f9 744 crit_exit();
984263bc
MD		 745 return (ENETDOWN);
746 }
747
748 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) {
749#ifdef INET6
750 /*
751 * XXX
752 *
753 * Hack to prevent the initialization-time generated
754 * IPv6 multicast packet to erroneously cause a
755 * dialout event in case IPv6 has been
756 * administratively disabled on that interface.
757 */
758 if (dst->sa_family == AF_INET6 &&
759 !(sp->confflags & CONF_ENABLE_IPV6))
760 goto drop;
761#endif
762 /*
763 * Interface is not yet running, but auto-dial. Need
764 * to start LCP for it.
765 */
766 ifp->if_flags |= IFF_RUNNING;
e07612f9 767 crit_exit();
984263bc 768 lcp.Open(sp);
e07612f9 769 crit_enter();
984263bc
MD		 770 }
771
4d723e5a
JS		 772 /*
773 * if the queueing discipline needs packet classification,
774 * do it before prepending link headers.
775 */
776 ifq_classify(&ifp->if_snd, m, dst->sa_family, &pktattr);
777
984263bc
MD		 778#ifdef INET
779 if (dst->sa_family == AF_INET) {
780 /* XXX Check mbuf length here? */
781 struct ip *ip = mtod (m, struct ip*);
782 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl);
783
784 /*
785 * When using dynamic local IP address assignment by using
786 * 0.0.0.0 as a local address, the first TCP session will
787 * not connect because the local TCP checksum is computed
788 * using 0.0.0.0 which will later become our real IP address
789 * so the TCP checksum computed at the remote end will
790 * become invalid. So we
791 * - don't let packets with src ip addr 0 thru
792 * - we flag TCP packets with src ip 0 as an error
793 */
794
795 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */
796 {
797 m_freem(m);
e07612f9 798 crit_exit();
984263bc
MD		 799 if(ip->ip_p == IPPROTO_TCP)
800 return(EADDRNOTAVAIL);
801 else
802 return(0);
803 }
804
805 /*
806 * Put low delay, telnet, rlogin and ftp control packets
807 * in front of the queue.
808 */
809 if (IF_QFULL (&sp->pp_fastq))
810 ;
811 else if (ip->ip_tos & IPTOS_LOWDELAY)
812 ifq = &sp->pp_fastq;
813 else if (m->m_len < sizeof *ip + sizeof *tcp)
814 ;
815 else if (ip->ip_p != IPPROTO_TCP)
816 ;
817 else if (INTERACTIVE (ntohs (tcp->th_sport)))
818 ifq = &sp->pp_fastq;
819 else if (INTERACTIVE (ntohs (tcp->th_dport)))
820 ifq = &sp->pp_fastq;
821
822 /*
823 * Do IP Header compression
824 */
825 if (sp->pp_mode != IFF_CISCO && (sp->ipcp.flags & IPCP_VJ) &&
826 ip->ip_p == IPPROTO_TCP)
827 switch (sl_compress_tcp(m, ip, sp->pp_comp,
828 sp->ipcp.compress_cid)) {
829 case TYPE_COMPRESSED_TCP:
830 ipproto = PPP_VJ_COMP;
831 break;
832 case TYPE_UNCOMPRESSED_TCP:
833 ipproto = PPP_VJ_UCOMP;
834 break;
835 case TYPE_IP:
836 ipproto = PPP_IP;
837 break;
838 default:
839 m_freem(m);
e07612f9 840 crit_exit();
984263bc
MD		 841 return (EINVAL);
842 }
843 }
844#endif
845
846#ifdef INET6
847 if (dst->sa_family == AF_INET6) {
848 /* XXX do something tricky here? */
849 }
850#endif
851
852 /*
853 * Prepend general data packet PPP header. For now, IP only.
854 */
74f1caca 855 M_PREPEND (m, PPP_HEADER_LEN, MB_DONTWAIT);
984263bc
MD		 856 if (! m) {
857 if (debug)
858 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n",
859 SPP_ARGS(ifp));
860 ++ifp->if_oerrors;
e07612f9 861 crit_exit();
984263bc
MD		 862 return (ENOBUFS);
863 }
864 /*
865 * May want to check size of packet
866 * (albeit due to the implementation it's always enough)
867 */
868 h = mtod (m, struct ppp_header*);
869 if (sp->pp_mode == IFF_CISCO) {
870 h->address = CISCO_UNICAST; /* unicast address */
871 h->control = 0;
872 } else {
873 h->address = PPP_ALLSTATIONS; /* broadcast address */
874 h->control = PPP_UI; /* Unnumbered Info */
875 }
876
877 switch (dst->sa_family) {
878#ifdef INET
879 case AF_INET: /* Internet Protocol */
880 if (sp->pp_mode == IFF_CISCO)
881 h->protocol = htons (ETHERTYPE_IP);
882 else {
883 /*
884 * Don't choke with an ENETDOWN early. It's
885 * possible that we just started dialing out,
886 * so don't drop the packet immediately. If
887 * we notice that we run out of buffer space
888 * below, we will however remember that we are
889 * not ready to carry IP packets, and return
890 * ENETDOWN, as opposed to ENOBUFS.
891 */
892 h->protocol = htons(ipproto);
893 if (sp->state[IDX_IPCP] != STATE_OPENED)
894 rv = ENETDOWN;
895 }
896 break;
897#endif
898#ifdef INET6
899 case AF_INET6: /* Internet Protocol */
900 if (sp->pp_mode == IFF_CISCO)
901 h->protocol = htons (ETHERTYPE_IPV6);
902 else {
903 /*
904 * Don't choke with an ENETDOWN early. It's
905 * possible that we just started dialing out,
906 * so don't drop the packet immediately. If
907 * we notice that we run out of buffer space
908 * below, we will however remember that we are
909 * not ready to carry IP packets, and return
910 * ENETDOWN, as opposed to ENOBUFS.
911 */
912 h->protocol = htons(PPP_IPV6);
913 if (sp->state[IDX_IPV6CP] != STATE_OPENED)
914 rv = ENETDOWN;
915 }
916 break;
917#endif
984263bc
MD		 918#ifdef IPX
919 case AF_IPX: /* Novell IPX Protocol */
920 h->protocol = htons (sp->pp_mode == IFF_CISCO ?
921 ETHERTYPE_IPX : PPP_IPX);
922 break;
923#endif
924 default:
925 m_freem (m);
926 ++ifp->if_oerrors;
e07612f9 927 crit_exit();
984263bc
MD		 928 return (EAFNOSUPPORT);
929 }
930
931 /*
932 * Queue message on interface, and start output if interface
933 * not yet active.
934 */
4d723e5a
JS		 935 if (ifq != NULL) {
936 if (IF_QFULL(ifq)) {
937 IF_DROP(ifq);
938 m_freem(m);
939 rv = ENOBUFS;
940 ifq->ifq_drops++;
941 } else {
942 IF_ENQUEUE(ifq, m);
943 rv = 0;
944 }
945 } else {
946 rv = ifq_enqueue(&ifp->if_snd, m, &pktattr);
947 }
948 if (rv) {
984263bc 949 ++ifp->if_oerrors;
e07612f9 950 crit_exit();
4d723e5a 951 return(rv);
984263bc 952 }
984263bc
MD		 953 if (! (ifp->if_flags & IFF_OACTIVE))
954 (*ifp->if_start) (ifp);
955
956 /*
957 * Count output packets and bytes.
958 * The packet length includes header, FCS and 1 flag,
959 * according to RFC 1333.
960 */
961 ifp->if_obytes += m->m_pkthdr.len + 3;
e07612f9 962
984263bc
MD		 963 /*
964 * Unlike in sppp_input(), we can always bump the timestamp
965 * here since sppp_output() is only called on behalf of
966 * network-layer traffic; control-layer traffic is handled
967 * by sppp_cp_send().
968 */
969 sp->pp_last_sent = time_second;
e07612f9
JS		 970
971 crit_exit();
984263bc
MD		 972 return (0);
973}
974
9db4b353
SZ		 975static int
976sppp_output(struct ifnet *ifp, struct mbuf *m,
977 struct sockaddr *dst, struct rtentry *rt)
978{
979 int error;
980
a3dd34d2 981 ifnet_serialize_tx(ifp);
9db4b353 982 error = sppp_output_serialized(ifp, m, dst, rt);
a3dd34d2 983 ifnet_deserialize_tx(ifp);
9db4b353
SZ		 984
985 return error;
986}
987
984263bc
MD		 988void
989sppp_attach(struct ifnet *ifp)
990{
991 struct sppp *sp = (struct sppp*) ifp;
992
993 /* Initialize keepalive handler. */
ffb75675
MD		 994 if (!spppq) {
995 callout_reset(&keepalive_timeout, hz * 10,
996 sppp_keepalive, NULL);
997 }
984263bc
MD		 998 /* Insert new entry into the keepalive list. */
999 sp->pp_next = spppq;
1000 spppq = sp;
1001
1002 sp->pp_if.if_mtu = PP_MTU;
1003 sp->pp_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST;
1004 sp->pp_if.if_type = IFT_PPP;
1005 sp->pp_if.if_output = sppp_output;
1006#if 0
1007 sp->pp_flags = PP_KEEPALIVE;
1008#endif
1009 sp->pp_if.if_snd.ifq_maxlen = 32;
1010 sp->pp_fastq.ifq_maxlen = 32;
1011 sp->pp_cpq.ifq_maxlen = 20;
1012 sp->pp_loopcnt = 0;
1013 sp->pp_alivecnt = 0;
1014 bzero(&sp->pp_seq[0], sizeof(sp->pp_seq));
1015 bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq));
1016 sp->pp_phase = PHASE_DEAD;
1017 sp->pp_up = lcp.Up;
1018 sp->pp_down = lcp.Down;
1019 sp->pp_last_recv = sp->pp_last_sent = time_second;
1020 sp->confflags = 0;
1021#ifdef INET
1022 sp->confflags |= CONF_ENABLE_VJ;
1023#endif
1024#ifdef INET6
1025 sp->confflags |= CONF_ENABLE_IPV6;
1026#endif
efda3bd0 1027 sp->pp_comp = kmalloc(sizeof(struct slcompress), M_TEMP, M_WAITOK);
984263bc
MD		 1028 sl_compress_init(sp->pp_comp, -1);
1029 sppp_lcp_init(sp);
1030 sppp_ipcp_init(sp);
1031 sppp_ipv6cp_init(sp);
1032 sppp_pap_init(sp);
1033 sppp_chap_init(sp);
1034}
1035
1036void
1037sppp_detach(struct ifnet *ifp)
1038{
1039 struct sppp **q, *p, *sp = (struct sppp*) ifp;
1040 int i;
1041
1042 /* Remove the entry from the keepalive list. */
1043 for (q = &spppq; (p = *q); q = &p->pp_next)
1044 if (p == sp) {
1045 *q = p->pp_next;
1046 break;
1047 }
1048
1049 /* Stop keepalive handler. */
ffb75675
MD		 1050 if (!spppq)
1051 callout_stop(&keepalive_timeout);
984263bc
MD		 1052
1053 for (i = 0; i < IDX_COUNT; i++)
ffb75675
MD		 1054 callout_stop(&sp->timeout[i]);
1055 callout_stop(&sp->pap_my_to);
984263bc
MD		 1056}
1057
1058/*
1059 * Flush the interface output queue.
1060 */
1061void
1062sppp_flush(struct ifnet *ifp)
1063{
1064 struct sppp *sp = (struct sppp*) ifp;
1065
4d723e5a
JS		 1066 ifq_purge(&sp->pp_if.if_snd);
1067 IF_DRAIN(&sp->pp_fastq);
1068 IF_DRAIN(&sp->pp_cpq);
984263bc
MD		 1069}
1070
1071/*
1072 * Check if the output queue is empty.
1073 */
1074int
1075sppp_isempty(struct ifnet *ifp)
1076{
1077 struct sppp *sp = (struct sppp*) ifp;
e07612f9 1078 int empty;
984263bc 1079
e07612f9 1080 crit_enter();
4d723e5a
JS		 1081 empty = IF_QEMPTY(&sp->pp_fastq) && IF_QEMPTY(&sp->pp_cpq) &&
1082 ifq_is_empty(&sp->pp_if.if_snd);
e07612f9 1083 crit_exit();
984263bc
MD		 1084 return (empty);
1085}
1086
1087/*
1088 * Get next packet to send.
1089 */
1090struct mbuf *
1091sppp_dequeue(struct ifnet *ifp)
1092{
1093 struct sppp *sp = (struct sppp*) ifp;
1094 struct mbuf *m;
984263bc 1095
e07612f9
JS		 1096 crit_enter();
1097
984263bc
MD		 1098 /*
1099 * Process only the control protocol queue until we have at
1100 * least one NCP open.
1101 *
1102 * Do always serve all three queues in Cisco mode.
1103 */
1104 IF_DEQUEUE(&sp->pp_cpq, m);
1105 if (m == NULL &&
1106 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO)) {
1107 IF_DEQUEUE(&sp->pp_fastq, m);
1108 if (m == NULL)
d2c71fa0 1109 m = ifq_dequeue(&sp->pp_if.if_snd, NULL);
984263bc 1110 }
e07612f9
JS		 1111
1112 crit_exit();
984263bc
MD		 1113 return m;
1114}
1115
1116/*
1117 * Pick the next packet, do not remove it from the queue.
1118 */
1119struct mbuf *
1120sppp_pick(struct ifnet *ifp)
1121{
1122 struct sppp *sp = (struct sppp*)ifp;
1123 struct mbuf *m;
984263bc 1124
e07612f9 1125 crit_enter();
984263bc
MD		 1126
1127 m = sp->pp_cpq.ifq_head;
1128 if (m == NULL &&
4d723e5a 1129 (sp->pp_phase == PHASE_NETWORK || sp->pp_mode == IFF_CISCO)) {
984263bc 1130 if ((m = sp->pp_fastq.ifq_head) == NULL)
4d723e5a
JS		 1131 m = ifq_poll(&sp->pp_if.if_snd);
1132 }
e07612f9
JS		 1133
1134 crit_exit();
984263bc
MD		 1135 return (m);
1136}
1137
1138/*
1139 * Process an ioctl request. Called on low priority level.
1140 */
1141int
1142sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data)
1143{
1144 struct ifreq *ifr = (struct ifreq*) data;
1145 struct sppp *sp = (struct sppp*) ifp;
e07612f9
JS		 1146 int rv, going_up, going_down, newmode;
1147
1148 crit_enter();
984263bc 1149
984263bc
MD		 1150 rv = 0;
1151 switch (cmd) {
1152 case SIOCAIFADDR:
1153 case SIOCSIFDSTADDR:
1154 break;
1155
1156 case SIOCSIFADDR:
1157 /* set the interface "up" when assigning an IP address */
1158 ifp->if_flags |= IFF_UP;
1159 /* fall through... */
1160
1161 case SIOCSIFFLAGS:
1162 going_up = ifp->if_flags & IFF_UP &&
1163 (ifp->if_flags & IFF_RUNNING) == 0;
1164 going_down = (ifp->if_flags & IFF_UP) == 0 &&
1165 ifp->if_flags & IFF_RUNNING;
1166
1167 newmode = ifp->if_flags & IFF_PASSIVE;
1168 if (!newmode)
1169 newmode = ifp->if_flags & IFF_AUTO;
1170 if (!newmode)
1171 newmode = ifp->if_flags & IFF_CISCO;
1172 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO);
1173 ifp->if_flags |= newmode;
1174
1175 if (newmode != sp->pp_mode) {
1176 going_down = 1;
1177 if (!going_up)
1178 going_up = ifp->if_flags & IFF_RUNNING;
1179 }
1180
1181 if (going_down) {
1182 if (sp->pp_mode != IFF_CISCO)
1183 lcp.Close(sp);
1184 else if (sp->pp_tlf)
1185 (sp->pp_tlf)(sp);
1186 sppp_flush(ifp);
1187 ifp->if_flags &= ~IFF_RUNNING;
1188 sp->pp_mode = newmode;
1189 }
1190
1191 if (going_up) {
1192 if (sp->pp_mode != IFF_CISCO)
1193 lcp.Close(sp);
1194 sp->pp_mode = newmode;
1195 if (sp->pp_mode == 0) {
1196 ifp->if_flags |= IFF_RUNNING;
1197 lcp.Open(sp);
1198 }
1199 if (sp->pp_mode == IFF_CISCO) {
1200 if (sp->pp_tls)
1201 (sp->pp_tls)(sp);
1202 ifp->if_flags |= IFF_RUNNING;
1203 }
1204 }
1205
1206 break;
1207
1208#ifdef SIOCSIFMTU
1209#ifndef ifr_mtu
1210#define ifr_mtu ifr_metric
1211#endif
1212 case SIOCSIFMTU:
1213 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru)
1214 return (EINVAL);
1215 ifp->if_mtu = ifr->ifr_mtu;
1216 break;
1217#endif
1218#ifdef SLIOCSETMTU
1219 case SLIOCSETMTU:
1220 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru)
1221 return (EINVAL);
1222 ifp->if_mtu = *(short*)data;
1223 break;
1224#endif
1225#ifdef SIOCGIFMTU
1226 case SIOCGIFMTU:
1227 ifr->ifr_mtu = ifp->if_mtu;
1228 break;
1229#endif
1230#ifdef SLIOCGETMTU
1231 case SLIOCGETMTU:
1232 *(short*)data = ifp->if_mtu;
1233 break;
1234#endif
1235 case SIOCADDMULTI:
1236 case SIOCDELMULTI:
1237 break;
1238
1239 case SIOCGIFGENERIC:
1240 case SIOCSIFGENERIC:
1241 rv = sppp_params(sp, cmd, data);
1242 break;
1243
1244 default:
1245 rv = ENOTTY;
1246 }
e07612f9
JS		 1247
1248 crit_exit();
984263bc
MD		 1249 return rv;
1250}
1251
1252/*
1253 * Cisco framing implementation.
1254 */
1255
1256/*
1257 * Handle incoming Cisco keepalive protocol packets.
1258 */
1259static void
1260sppp_cisco_input(struct sppp *sp, struct mbuf *m)
1261{
1262 STDDCL;
1263 struct cisco_packet *h;
1264 u_long me, mymask;
1265
1266 if (m->m_pkthdr.len < CISCO_PACKET_LEN) {
1267 if (debug)
1268 log(LOG_DEBUG,
1269 SPP_FMT "cisco invalid packet length: %d bytes\n",
1270 SPP_ARGS(ifp), m->m_pkthdr.len);
1271 return;
1272 }
1273 h = mtod (m, struct cisco_packet*);
1274 if (debug)
1275 log(LOG_DEBUG,
1276 SPP_FMT "cisco input: %d bytes "
1277 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n",
1278 SPP_ARGS(ifp), m->m_pkthdr.len,
eaa63fc9 1279 (u_long)ntohl (h->type), h->par1, h->par2, (u_int)h->rel,
984263bc
MD		 1280 (u_int)h->time0, (u_int)h->time1);
1281 switch (ntohl (h->type)) {
1282 default:
1283 if (debug)
a0a36cfd 1284 log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n",
984263bc
MD		 1285 SPP_ARGS(ifp), (u_long)ntohl (h->type));
1286 break;
1287 case CISCO_ADDR_REPLY:
1288 /* Reply on address request, ignore */
1289 break;
1290 case CISCO_KEEPALIVE_REQ:
1291 sp->pp_alivecnt = 0;
1292 sp->pp_rseq[IDX_LCP] = ntohl (h->par1);
1293 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) {
1294 /* Local and remote sequence numbers are equal.
1295 * Probably, the line is in loopback mode. */
1296 if (sp->pp_loopcnt >= MAXALIVECNT) {
4b1cf444 1297 kprintf (SPP_FMT "loopback\n",
984263bc
MD		 1298 SPP_ARGS(ifp));
1299 sp->pp_loopcnt = 0;
1300 if (ifp->if_flags & IFF_UP) {
1301 if_down (ifp);
4d723e5a 1302 IF_DRAIN(&sp->pp_cpq);
984263bc
MD		 1303 }
1304 }
1305 ++sp->pp_loopcnt;
1306
1307 /* Generate new local sequence number */
ced1da93 1308#if defined(__DragonFly__)
cddfb7bb 1309 sp->pp_seq[IDX_LCP] = krandom();
984263bc
MD		 1310#else
1311 sp->pp_seq[IDX_LCP] ^= time.tv_sec ^ time.tv_usec;
1312#endif
1313 break;
1314 }
1315 sp->pp_loopcnt = 0;
1316 if (! (ifp->if_flags & IFF_UP) &&
1317 (ifp->if_flags & IFF_RUNNING)) {
1318 if_up(ifp);
4b1cf444 1319 kprintf (SPP_FMT "up\n", SPP_ARGS(ifp));
984263bc
MD		 1320 }
1321 break;
1322 case CISCO_ADDR_REQ:
1323 sppp_get_ip_addrs(sp, &me, 0, &mymask);
1324 if (me != 0L)
1325 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask);
1326 break;
1327 }
1328}
1329
1330/*
1331 * Send Cisco keepalive packet.
1332 */
1333static void
1334sppp_cisco_send(struct sppp *sp, int type, long par1, long par2)
1335{
1336 STDDCL;
1337 struct ppp_header *h;
1338 struct cisco_packet *ch;
1339 struct mbuf *m;
ced1da93 1340#if defined(__DragonFly__)
984263bc
MD		 1341 struct timeval tv;
1342#else
1343 u_long t = (time.tv_sec - boottime.tv_sec) * 1000;
1344#endif
1345
ced1da93 1346#if defined(__DragonFly__)
984263bc
MD		 1347 getmicrouptime(&tv);
1348#endif
1349
74f1caca 1350 MGETHDR (m, MB_DONTWAIT, MT_DATA);
984263bc
MD		 1351 if (! m)
1352 return;
1353 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN;
1354 m->m_pkthdr.rcvif = 0;
1355
1356 h = mtod (m, struct ppp_header*);
1357 h->address = CISCO_MULTICAST;
1358 h->control = 0;
1359 h->protocol = htons (CISCO_KEEPALIVE);
1360
1361 ch = (struct cisco_packet*) (h + 1);
1362 ch->type = htonl (type);
1363 ch->par1 = htonl (par1);
1364 ch->par2 = htonl (par2);
1365 ch->rel = -1;
1366
ced1da93 1367#if defined(__DragonFly__)
984263bc
MD		 1368 ch->time0 = htons ((u_short) (tv.tv_sec >> 16));
1369 ch->time1 = htons ((u_short) tv.tv_sec);
1370#else
1371 ch->time0 = htons ((u_short) (t >> 16));
1372 ch->time1 = htons ((u_short) t);
1373#endif
1374
1375 if (debug)
1376 log(LOG_DEBUG,
1377 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n",
eaa63fc9
SW		 1378 SPP_ARGS(ifp), (u_long)ntohl (ch->type), ch->par1,
1379 ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1);
984263bc
MD		 1380
1381 if (IF_QFULL (&sp->pp_cpq)) {
1382 IF_DROP (&sp->pp_fastq);
1383 IF_DROP (&ifp->if_snd);
1384 m_freem (m);
1385 } else
1386 IF_ENQUEUE (&sp->pp_cpq, m);
1387 if (! (ifp->if_flags & IFF_OACTIVE))
1388 (*ifp->if_start) (ifp);
1389 ifp->if_obytes += m->m_pkthdr.len + 3;
1390}
1391
1392/*
1393 * PPP protocol implementation.
1394 */
1395
1396/*
1397 * Send PPP control protocol packet.
1398 */
1399static void
1400sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
1401 u_char ident, u_short len, void *data)
1402{
1403 STDDCL;
1404 struct ppp_header *h;
1405 struct lcp_header *lh;
1406 struct mbuf *m;
1407
1408 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN)
1409 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN;
74f1caca 1410 MGETHDR (m, MB_DONTWAIT, MT_DATA);
984263bc
MD		 1411 if (! m)
1412 return;
1413 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len;
1414 m->m_pkthdr.rcvif = 0;
1415
1416 h = mtod (m, struct ppp_header*);
1417 h->address = PPP_ALLSTATIONS; /* broadcast address */
1418 h->control = PPP_UI; /* Unnumbered Info */
1419 h->protocol = htons (proto); /* Link Control Protocol */
1420
1421 lh = (struct lcp_header*) (h + 1);
1422 lh->type = type;
1423 lh->ident = ident;
1424 lh->len = htons (LCP_HEADER_LEN + len);
1425 if (len)
1426 bcopy (data, lh+1, len);
1427
1428 if (debug) {
1429 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d",
1430 SPP_ARGS(ifp),
1431 sppp_proto_name(proto),
1432 sppp_cp_type_name (lh->type), lh->ident,
1433 ntohs (lh->len));
1434 sppp_print_bytes ((u_char*) (lh+1), len);
a0a36cfd 1435 log(-1, ">\n");
984263bc
MD		 1436 }
1437 if (IF_QFULL (&sp->pp_cpq)) {
1438 IF_DROP (&sp->pp_fastq);
1439 IF_DROP (&ifp->if_snd);
1440 m_freem (m);
1441 ++ifp->if_oerrors;
1442 } else
1443 IF_ENQUEUE (&sp->pp_cpq, m);
1444 if (! (ifp->if_flags & IFF_OACTIVE))
1445 (*ifp->if_start) (ifp);
1446 ifp->if_obytes += m->m_pkthdr.len + 3;
1447}
1448
1449/*
1450 * Handle incoming PPP control protocol packets.
1451 */
1452static void
1453sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m)
1454{
1455 STDDCL;
1456 struct lcp_header *h;
4a4748de 1457 int printlen, len = m->m_pkthdr.len;
984263bc
MD		 1458 int rv;
1459 u_char *p;
1460
1461 if (len < 4) {
1462 if (debug)
1463 log(LOG_DEBUG,
1464 SPP_FMT "%s invalid packet length: %d bytes\n",
1465 SPP_ARGS(ifp), cp->name, len);
1466 return;
1467 }
1468 h = mtod (m, struct lcp_header*);
1469 if (debug) {
4a4748de 1470 printlen = ntohs(h->len);
984263bc
MD		 1471 log(LOG_DEBUG,
1472 SPP_FMT "%s input(%s): <%s id=0x%x len=%d",
1473 SPP_ARGS(ifp), cp->name,
1474 sppp_state_name(sp->state[cp->protoidx]),
4a4748de
JS		 1475 sppp_cp_type_name (h->type), h->ident, printlen);
1476 if (len < printlen)
1477 printlen = len;
1478 if (printlen > 4)
1479 sppp_print_bytes ((u_char*) (h+1), printlen - 4);
a0a36cfd 1480 log(-1, ">\n");
984263bc
MD		 1481 }
1482 if (len > ntohs (h->len))
1483 len = ntohs (h->len);
1484 p = (u_char *)(h + 1);
1485 switch (h->type) {
1486 case CONF_REQ:
1487 if (len < 4) {
1488 if (debug)
a0a36cfd 1489 log(-1, SPP_FMT "%s invalid conf-req length %d\n",
984263bc
MD		 1490 SPP_ARGS(ifp), cp->name,
1491 len);
1492 ++ifp->if_ierrors;
1493 break;
1494 }
1495 /* handle states where RCR doesn't get a SCA/SCN */
1496 switch (sp->state[cp->protoidx]) {
1497 case STATE_CLOSING:
1498 case STATE_STOPPING:
1499 return;
1500 case STATE_CLOSED:
1501 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident,
1502 0, 0);
1503 return;
1504 }
1505 rv = (cp->RCR)(sp, h, len);
4a4748de
JS		 1506 if (rv < 0) {
1507 /* fatal error, shut down */
1508 (cp->tld)(sp);
1509 sppp_lcp_tlf(sp);
1510 return;
1511 }
984263bc
MD		 1512 switch (sp->state[cp->protoidx]) {
1513 case STATE_OPENED:
1514 (cp->tld)(sp);
1515 (cp->scr)(sp);
1516 /* fall through... */
1517 case STATE_ACK_SENT:
1518 case STATE_REQ_SENT:
1519 /*
1520 * sppp_cp_change_state() have the side effect of
1521 * restarting the timeouts. We want to avoid that
1522 * if the state don't change, otherwise we won't
1523 * ever timeout and resend a configuration request
1524 * that got lost.
1525 */
1526 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT:
1527 STATE_REQ_SENT))
1528 break;
1529 sppp_cp_change_state(cp, sp, rv?
1530 STATE_ACK_SENT: STATE_REQ_SENT);
1531 break;
1532 case STATE_STOPPED:
1533 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1534 (cp->scr)(sp);
1535 sppp_cp_change_state(cp, sp, rv?
1536 STATE_ACK_SENT: STATE_REQ_SENT);
1537 break;
1538 case STATE_ACK_RCVD:
1539 if (rv) {
1540 sppp_cp_change_state(cp, sp, STATE_OPENED);
1541 if (debug)
1542 log(LOG_DEBUG, SPP_FMT "%s tlu\n",
1543 SPP_ARGS(ifp),
1544 cp->name);
1545 (cp->tlu)(sp);
1546 } else
1547 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1548 break;
1549 default:
4b1cf444 1550 kprintf(SPP_FMT "%s illegal %s in state %s\n",
984263bc
MD		 1551 SPP_ARGS(ifp), cp->name,
1552 sppp_cp_type_name(h->type),
1553 sppp_state_name(sp->state[cp->protoidx]));
1554 ++ifp->if_ierrors;
1555 }
1556 break;
1557 case CONF_ACK:
1558 if (h->ident != sp->confid[cp->protoidx]) {
1559 if (debug)
a0a36cfd 1560 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n",
984263bc
MD		 1561 SPP_ARGS(ifp), cp->name,
1562 h->ident, sp->confid[cp->protoidx]);
1563 ++ifp->if_ierrors;
1564 break;
1565 }
1566 switch (sp->state[cp->protoidx]) {
1567 case STATE_CLOSED:
1568 case STATE_STOPPED:
1569 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1570 break;
1571 case STATE_CLOSING:
1572 case STATE_STOPPING:
1573 break;
1574 case STATE_REQ_SENT:
1575 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1576 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1577 break;
1578 case STATE_OPENED:
1579 (cp->tld)(sp);
1580 /* fall through */
1581 case STATE_ACK_RCVD:
1582 (cp->scr)(sp);
1583 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1584 break;
1585 case STATE_ACK_SENT:
1586 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1587 sppp_cp_change_state(cp, sp, STATE_OPENED);
1588 if (debug)
1589 log(LOG_DEBUG, SPP_FMT "%s tlu\n",
1590 SPP_ARGS(ifp), cp->name);
1591 (cp->tlu)(sp);
1592 break;
1593 default:
4b1cf444 1594 kprintf(SPP_FMT "%s illegal %s in state %s\n",
984263bc
MD		 1595 SPP_ARGS(ifp), cp->name,
1596 sppp_cp_type_name(h->type),
1597 sppp_state_name(sp->state[cp->protoidx]));
1598 ++ifp->if_ierrors;
1599 }
1600 break;
1601 case CONF_NAK:
1602 case CONF_REJ:
1603 if (h->ident != sp->confid[cp->protoidx]) {
1604 if (debug)
a0a36cfd 1605 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n",
984263bc
MD		 1606 SPP_ARGS(ifp), cp->name,
1607 h->ident, sp->confid[cp->protoidx]);
1608 ++ifp->if_ierrors;
1609 break;
1610 }
1611 if (h->type == CONF_NAK)
1612 (cp->RCN_nak)(sp, h, len);
1613 else /* CONF_REJ */
1614 (cp->RCN_rej)(sp, h, len);
1615
1616 switch (sp->state[cp->protoidx]) {
1617 case STATE_CLOSED:
1618 case STATE_STOPPED:
1619 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1620 break;
1621 case STATE_REQ_SENT:
1622 case STATE_ACK_SENT:
1623 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1624 /*
1625 * Slow things down a bit if we think we might be
1626 * in loopback. Depend on the timeout to send the
1627 * next configuration request.
1628 */
1629 if (sp->pp_loopcnt)
1630 break;
1631 (cp->scr)(sp);
1632 break;
1633 case STATE_OPENED:
1634 (cp->tld)(sp);
1635 /* fall through */
1636 case STATE_ACK_RCVD:
1637 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1638 (cp->scr)(sp);
1639 break;
1640 case STATE_CLOSING:
1641 case STATE_STOPPING:
1642 break;
1643 default:
4b1cf444 1644 kprintf(SPP_FMT "%s illegal %s in state %s\n",
984263bc
MD		 1645 SPP_ARGS(ifp), cp->name,
1646 sppp_cp_type_name(h->type),
1647 sppp_state_name(sp->state[cp->protoidx]));
1648 ++ifp->if_ierrors;
1649 }
1650 break;
1651
1652 case TERM_REQ:
1653 switch (sp->state[cp->protoidx]) {
1654 case STATE_ACK_RCVD:
1655 case STATE_ACK_SENT:
1656 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1657 /* fall through */
1658 case STATE_CLOSED:
1659 case STATE_STOPPED:
1660 case STATE_CLOSING:
1661 case STATE_STOPPING:
1662 case STATE_REQ_SENT:
1663 sta:
1664 /* Send Terminate-Ack packet. */
1665 if (debug)
1666 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n",
1667 SPP_ARGS(ifp), cp->name);
1668 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1669 break;
1670 case STATE_OPENED:
1671 (cp->tld)(sp);
1672 sp->rst_counter[cp->protoidx] = 0;
1673 sppp_cp_change_state(cp, sp, STATE_STOPPING);
1674 goto sta;
1675 break;
1676 default:
4b1cf444 1677 kprintf(SPP_FMT "%s illegal %s in state %s\n",
984263bc
MD		 1678 SPP_ARGS(ifp), cp->name,
1679 sppp_cp_type_name(h->type),
1680 sppp_state_name(sp->state[cp->protoidx]));
1681 ++ifp->if_ierrors;
1682 }
1683 break;
1684 case TERM_ACK:
1685 switch (sp->state[cp->protoidx]) {
1686 case STATE_CLOSED:
1687 case STATE_STOPPED:
1688 case STATE_REQ_SENT:
1689 case STATE_ACK_SENT:
1690 break;
1691 case STATE_CLOSING:
1692 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1693 (cp->tlf)(sp);
1694 break;
1695 case STATE_STOPPING:
1696 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1697 (cp->tlf)(sp);
1698 break;
1699 case STATE_ACK_RCVD:
1700 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1701 break;
1702 case STATE_OPENED:
1703 (cp->tld)(sp);
1704 (cp->scr)(sp);
1705 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1706 break;
1707 default:
4b1cf444 1708 kprintf(SPP_FMT "%s illegal %s in state %s\n",
984263bc
MD		 1709 SPP_ARGS(ifp), cp->name,
1710 sppp_cp_type_name(h->type),
1711 sppp_state_name(sp->state[cp->protoidx]));
1712 ++ifp->if_ierrors;
1713 }
1714 break;
1715 case CODE_REJ:
1716 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */
1717 log(LOG_INFO,
1718 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, "
1719 "danger will robinson\n",
1720 SPP_ARGS(ifp), cp->name,
1721 sppp_cp_type_name(h->type), ntohs(*((u_short *)p)));
1722 switch (sp->state[cp->protoidx]) {
1723 case STATE_CLOSED:
1724 case STATE_STOPPED:
1725 case STATE_REQ_SENT:
1726 case STATE_ACK_SENT:
1727 case STATE_CLOSING:
1728 case STATE_STOPPING:
1729 case STATE_OPENED:
1730 break;
1731 case STATE_ACK_RCVD:
1732 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1733 break;
1734 default:
4b1cf444 1735 kprintf(SPP_FMT "%s illegal %s in state %s\n",
984263bc
MD		 1736 SPP_ARGS(ifp), cp->name,
1737 sppp_cp_type_name(h->type),
1738 sppp_state_name(sp->state[cp->protoidx]));
1739 ++ifp->if_ierrors;
1740 }
1741 break;
1742 case PROTO_REJ:
1743 {
1744 int catastrophic;
1745 const struct cp *upper;
1746 int i;
1747 u_int16_t proto;
1748
1749 catastrophic = 0;
1750 upper = NULL;
1751 proto = ntohs(*((u_int16_t *)p));
1752 for (i = 0; i < IDX_COUNT; i++) {
1753 if (cps[i]->proto == proto) {
1754 upper = cps[i];
1755 break;
1756 }
1757 }
1758 if (upper == NULL)
1759 catastrophic++;
1760
1761 if (catastrophic || debug)
1762 log(catastrophic? LOG_INFO: LOG_DEBUG,
1763 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n",
1764 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+',
1765 sppp_cp_type_name(h->type), proto,
1766 upper ? upper->name : "unknown",
1767 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?");
1768
1769 /*
1770 * if we got RXJ+ against conf-req, the peer does not implement
1771 * this particular protocol type. terminate the protocol.
1772 */
1773 if (upper && !catastrophic) {
1774 if (sp->state[upper->protoidx] == STATE_REQ_SENT) {
1775 upper->Close(sp);
1776 break;
1777 }
1778 }
1779
1780 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */
1781 switch (sp->state[cp->protoidx]) {
1782 case STATE_CLOSED:
1783 case STATE_STOPPED:
1784 case STATE_REQ_SENT:
1785 case STATE_ACK_SENT:
1786 case STATE_CLOSING:
1787 case STATE_STOPPING:
1788 case STATE_OPENED:
1789 break;
1790 case STATE_ACK_RCVD:
1791 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1792 break;
1793 default:
4b1cf444 1794 kprintf(SPP_FMT "%s illegal %s in state %s\n",
984263bc
MD		 1795 SPP_ARGS(ifp), cp->name,
1796 sppp_cp_type_name(h->type),
1797 sppp_state_name(sp->state[cp->protoidx]));
1798 ++ifp->if_ierrors;
1799 }
1800 break;
1801 }
1802 case DISC_REQ:
1803 if (cp->proto != PPP_LCP)
1804 goto illegal;
1805 /* Discard the packet. */
1806 break;
1807 case ECHO_REQ:
1808 if (cp->proto != PPP_LCP)
1809 goto illegal;
1810 if (sp->state[cp->protoidx] != STATE_OPENED) {
1811 if (debug)
a0a36cfd 1812 log(-1, SPP_FMT "lcp echo req but lcp closed\n",
984263bc
MD		 1813 SPP_ARGS(ifp));
1814 ++ifp->if_ierrors;
1815 break;
1816 }
1817 if (len < 8) {
1818 if (debug)
a0a36cfd 1819 log(-1, SPP_FMT "invalid lcp echo request "
984263bc
MD		 1820 "packet length: %d bytes\n",
1821 SPP_ARGS(ifp), len);
1822 break;
1823 }
1824 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) &&
1825 ntohl (*(long*)(h+1)) == sp->lcp.magic) {
1826 /* Line loopback mode detected. */
4b1cf444 1827 kprintf(SPP_FMT "loopback\n", SPP_ARGS(ifp));
984263bc
MD		 1828 sp->pp_loopcnt = MAXALIVECNT * 5;
1829 if_down (ifp);
4d723e5a 1830 IF_DRAIN(&sp->pp_cpq);
984263bc
MD		 1831
1832 /* Shut down the PPP link. */
1833 /* XXX */
1834 lcp.Down(sp);
1835 lcp.Up(sp);
1836 break;
1837 }
1838 *(long*)(h+1) = htonl (sp->lcp.magic);
1839 if (debug)
a0a36cfd 1840 log(-1, SPP_FMT "got lcp echo req, sending echo rep\n",
984263bc
MD		 1841 SPP_ARGS(ifp));
1842 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1);
1843 break;
1844 case ECHO_REPLY:
1845 if (cp->proto != PPP_LCP)
1846 goto illegal;
1847 if (h->ident != sp->lcp.echoid) {
1848 ++ifp->if_ierrors;
1849 break;
1850 }
1851 if (len < 8) {
1852 if (debug)
a0a36cfd 1853 log(-1, SPP_FMT "lcp invalid echo reply "
984263bc
MD		 1854 "packet length: %d bytes\n",
1855 SPP_ARGS(ifp), len);
1856 break;
1857 }
1858 if (debug)
a0a36cfd 1859 log(-1, SPP_FMT "lcp got echo rep\n",
984263bc
MD		 1860 SPP_ARGS(ifp));
1861 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) ||
1862 ntohl (*(long*)(h+1)) != sp->lcp.magic)
1863 sp->pp_alivecnt = 0;
1864 break;
1865 default:
1866 /* Unknown packet type -- send Code-Reject packet. */
1867 illegal:
1868 if (debug)
a0a36cfd 1869 log(-1, SPP_FMT "%s send code-rej for 0x%x\n",
984263bc
MD		 1870 SPP_ARGS(ifp), cp->name, h->type);
1871 sppp_cp_send(sp, cp->proto, CODE_REJ,
1872 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h);
1873 ++ifp->if_ierrors;
1874 }
1875}
1876
1877
1878/*
1879 * The generic part of all Up/Down/Open/Close/TO event handlers.
1880 * Basically, the state transition handling in the automaton.
1881 */
1882static void
1883sppp_up_event(const struct cp *cp, struct sppp *sp)
1884{
1885 STDDCL;
1886
1887 if (debug)
1888 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n",
1889 SPP_ARGS(ifp), cp->name,
1890 sppp_state_name(sp->state[cp->protoidx]));
1891
1892 switch (sp->state[cp->protoidx]) {
1893 case STATE_INITIAL:
1894 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1895 break;
1896 case STATE_STARTING:
1897 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1898 (cp->scr)(sp);
1899 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1900 break;
1901 default:
4b1cf444 1902 kprintf(SPP_FMT "%s illegal up in state %s\n",
984263bc
MD		 1903 SPP_ARGS(ifp), cp->name,
1904 sppp_state_name(sp->state[cp->protoidx]));
1905 }
1906}
1907
1908static void
1909sppp_down_event(const struct cp *cp, struct sppp *sp)
1910{
1911 STDDCL;
1912
1913 if (debug)
1914 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n",
1915 SPP_ARGS(ifp), cp->name,
1916 sppp_state_name(sp->state[cp->protoidx]));
1917
1918 switch (sp->state[cp->protoidx]) {
1919 case STATE_CLOSED:
1920 case STATE_CLOSING:
1921 sppp_cp_change_state(cp, sp, STATE_INITIAL);
1922 break;
1923 case STATE_STOPPED:
1924 sppp_cp_change_state(cp, sp, STATE_STARTING);
1925 (cp->tls)(sp);
1926 break;
1927 case STATE_STOPPING:
1928 case STATE_REQ_SENT:
1929 case STATE_ACK_RCVD:
1930 case STATE_ACK_SENT:
1931 sppp_cp_change_state(cp, sp, STATE_STARTING);
1932 break;
1933 case STATE_OPENED:
1934 (cp->tld)(sp);
1935 sppp_cp_change_state(cp, sp, STATE_STARTING);
1936 break;
1937 default:
4b1cf444 1938 kprintf(SPP_FMT "%s illegal down in state %s\n",
984263bc
MD		 1939 SPP_ARGS(ifp), cp->name,
1940 sppp_state_name(sp->state[cp->protoidx]));
1941 }
1942}
1943
1944
1945static void
1946sppp_open_event(const struct cp *cp, struct sppp *sp)
1947{
1948 STDDCL;
1949
1950 if (debug)
1951 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n",
1952 SPP_ARGS(ifp), cp->name,
1953 sppp_state_name(sp->state[cp->protoidx]));
1954
1955 switch (sp->state[cp->protoidx]) {
1956 case STATE_INITIAL:
1957 sppp_cp_change_state(cp, sp, STATE_STARTING);
1958 (cp->tls)(sp);
1959 break;
1960 case STATE_STARTING:
1961 break;
1962 case STATE_CLOSED:
1963 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1964 (cp->scr)(sp);
1965 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1966 break;
1967 case STATE_STOPPED:
1968 /*
1969 * Try escaping stopped state. This seems to bite
1970 * people occasionally, in particular for IPCP,
1971 * presumably following previous IPCP negotiation
1972 * aborts. Somehow, we must have missed a Down event
1973 * which would have caused a transition into starting
1974 * state, so as a bandaid we force the Down event now.
1975 * This effectively implements (something like the)
1976 * `restart' option mentioned in the state transition
1977 * table of RFC 1661.
1978 */
1979 sppp_cp_change_state(cp, sp, STATE_STARTING);
1980 (cp->tls)(sp);
1981 break;
1982 case STATE_STOPPING:
1983 case STATE_REQ_SENT:
1984 case STATE_ACK_RCVD:
1985 case STATE_ACK_SENT:
1986 case STATE_OPENED:
1987 break;
1988 case STATE_CLOSING:
1989 sppp_cp_change_state(cp, sp, STATE_STOPPING);
1990 break;
1991 }
1992}
1993
1994
1995static void
1996sppp_close_event(const struct cp *cp, struct sppp *sp)
1997{
1998 STDDCL;
1999
2000 if (debug)
2001 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n",
2002 SPP_ARGS(ifp), cp->name,
2003 sppp_state_name(sp->state[cp->protoidx]));
2004
2005 switch (sp->state[cp->protoidx]) {
2006 case STATE_INITIAL:
2007 case STATE_CLOSED:
2008 case STATE_CLOSING:
2009 break;
2010 case STATE_STARTING:
2011 sppp_cp_change_state(cp, sp, STATE_INITIAL);
2012 (cp->tlf)(sp);
2013 break;
2014 case STATE_STOPPED:
2015 sppp_cp_change_state(cp, sp, STATE_CLOSED);
2016 break;
2017 case STATE_STOPPING:
2018 sppp_cp_change_state(cp, sp, STATE_CLOSING);
2019 break;
2020 case STATE_OPENED:
2021 (cp->tld)(sp);
2022 /* fall through */
2023 case STATE_REQ_SENT:
2024 case STATE_ACK_RCVD:
2025 case STATE_ACK_SENT:
2026 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate;
2027 sppp_cp_send(sp, cp->proto, TERM_REQ,
2028 ++sp->pp_seq[cp->protoidx], 0, 0);
2029 sppp_cp_change_state(cp, sp, STATE_CLOSING);
2030 break;
2031 }
2032}
2033
2034static void
2035sppp_to_event(const struct cp *cp, struct sppp *sp)
2036{
2037 STDDCL;
984263bc 2038
e07612f9
JS		 2039 crit_enter();
2040
984263bc
MD		 2041 if (debug)
2042 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n",
2043 SPP_ARGS(ifp), cp->name,
2044 sppp_state_name(sp->state[cp->protoidx]),
2045 sp->rst_counter[cp->protoidx]);
2046
2047 if (--sp->rst_counter[cp->protoidx] < 0)
2048 /* TO- event */
2049 switch (sp->state[cp->protoidx]) {
2050 case STATE_CLOSING:
2051 sppp_cp_change_state(cp, sp, STATE_CLOSED);
2052 (cp->tlf)(sp);
2053 break;
2054 case STATE_STOPPING:
2055 sppp_cp_change_state(cp, sp, STATE_STOPPED);
2056 (cp->tlf)(sp);
2057 break;
2058 case STATE_REQ_SENT:
2059 case STATE_ACK_RCVD:
2060 case STATE_ACK_SENT:
2061 sppp_cp_change_state(cp, sp, STATE_STOPPED);
2062 (cp->tlf)(sp);
2063 break;
2064 }
2065 else
2066 /* TO+ event */
2067 switch (sp->state[cp->protoidx]) {
2068 case STATE_CLOSING:
2069 case STATE_STOPPING:
2070 sppp_cp_send(sp, cp->proto, TERM_REQ,
2071 ++sp->pp_seq[cp->protoidx], 0, 0);
ffb75675
MD		 2072 callout_reset(&sp->timeout[cp->protoidx],
2073 sp->lcp.timeout, cp->TO, sp);
984263bc
MD		 2074 break;
2075 case STATE_REQ_SENT:
2076 case STATE_ACK_RCVD:
2077 (cp->scr)(sp);
2078 /* sppp_cp_change_state() will restart the timer */
2079 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
2080 break;
2081 case STATE_ACK_SENT:
2082 (cp->scr)(sp);
ffb75675
MD		 2083 callout_reset(&sp->timeout[cp->protoidx],
2084 sp->lcp.timeout, cp->TO, sp);
984263bc
MD		 2085 break;
2086 }
2087
e07612f9 2088 crit_exit();
984263bc
MD		 2089}
2090
2091/*
2092 * Change the state of a control protocol in the state automaton.
2093 * Takes care of starting/stopping the restart timer.
2094 */
2095void
2096sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate)
2097{
2098 sp->state[cp->protoidx] = newstate;
ffb75675 2099 callout_stop(&sp->timeout[cp->protoidx]);
984263bc 2100
984263bc
MD		 2101 switch (newstate) {
2102 case STATE_INITIAL:
2103 case STATE_STARTING:
2104 case STATE_CLOSED:
2105 case STATE_STOPPED:
2106 case STATE_OPENED:
2107 break;
2108 case STATE_CLOSING:
2109 case STATE_STOPPING:
2110 case STATE_REQ_SENT:
2111 case STATE_ACK_RCVD:
2112 case STATE_ACK_SENT:
ffb75675
MD		 2113 callout_reset(&sp->timeout[cp->protoidx],
2114 sp->lcp.timeout, cp->TO, sp);
984263bc
MD		 2115 break;
2116 }
2117}
2118
2119/*
2120 *--------------------------------------------------------------------------*
2121 * *
2122 * The LCP implementation. *
2123 * *
2124 *--------------------------------------------------------------------------*
2125 */
2126static void
2127sppp_lcp_init(struct sppp *sp)
2128{
2129 sp->lcp.opts = (1 << LCP_OPT_MAGIC);
2130 sp->lcp.magic = 0;
2131 sp->state[IDX_LCP] = STATE_INITIAL;
2132 sp->fail_counter[IDX_LCP] = 0;
2133 sp->pp_seq[IDX_LCP] = 0;
2134 sp->pp_rseq[IDX_LCP] = 0;
2135 sp->lcp.protos = 0;
2136 sp->lcp.mru = sp->lcp.their_mru = PP_MTU;
2137
2138 /* Note that these values are relevant for all control protocols */
2139 sp->lcp.timeout = 3 * hz;
2140 sp->lcp.max_terminate = 2;
2141 sp->lcp.max_configure = 10;
2142 sp->lcp.max_failure = 10;
ced1da93 2143#if defined(__DragonFly__)
ffb75675 2144 callout_init(&sp->timeout[IDX_LCP]);
984263bc
MD		 2145#endif
2146}
2147
2148static void
2149sppp_lcp_up(struct sppp *sp)
2150{
2151 STDDCL;
2152
2153 sp->pp_alivecnt = 0;
2154 sp->lcp.opts = (1 << LCP_OPT_MAGIC);
2155 sp->lcp.magic = 0;
2156 sp->lcp.protos = 0;
2157 sp->lcp.mru = sp->lcp.their_mru = PP_MTU;
2158 /*
2159 * If this interface is passive or dial-on-demand, and we are
2160 * still in Initial state, it means we've got an incoming
2161 * call. Activate the interface.
2162 */
2163 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) {
2164 if (debug)
2165 log(LOG_DEBUG,
2166 SPP_FMT "Up event", SPP_ARGS(ifp));
2167 ifp->if_flags |= IFF_RUNNING;
2168 if (sp->state[IDX_LCP] == STATE_INITIAL) {
2169 if (debug)
a0a36cfd 2170 log(-1, "(incoming call)\n");
984263bc
MD		 2171 sp->pp_flags |= PP_CALLIN;
2172 lcp.Open(sp);
2173 } else if (debug)
a0a36cfd 2174 log(-1, "\n");
984263bc
MD		 2175 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 &&
2176 (sp->state[IDX_LCP] == STATE_INITIAL)) {
2177 ifp->if_flags |= IFF_RUNNING;
2178 lcp.Open(sp);
2179 }
2180
2181 sppp_up_event(&lcp, sp);
2182}
2183
2184static void
2185sppp_lcp_down(struct sppp *sp)
2186{
2187 STDDCL;
2188
2189 sppp_down_event(&lcp, sp);
2190
2191 /*
2192 * If this is neither a dial-on-demand nor a passive
2193 * interface, simulate an ``ifconfig down'' action, so the
2194 * administrator can force a redial by another ``ifconfig
2195 * up''. XXX For leased line operation, should we immediately
2196 * try to reopen the connection here?
2197 */
2198 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) {
2199 log(LOG_INFO,
2200 SPP_FMT "Down event, taking interface down.\n",
2201 SPP_ARGS(ifp));
2202 if_down(ifp);
2203 } else {
2204 if (debug)
2205 log(LOG_DEBUG,
2206 SPP_FMT "Down event (carrier loss)\n",
2207 SPP_ARGS(ifp));
2208 sp->pp_flags &= ~PP_CALLIN;
2209 if (sp->state[IDX_LCP] != STATE_INITIAL)
2210 lcp.Close(sp);
2211 ifp->if_flags &= ~IFF_RUNNING;
2212 }
2213}
2214
2215static void
2216sppp_lcp_open(struct sppp *sp)
2217{
2218 /*
2219 * If we are authenticator, negotiate LCP_AUTH
2220 */
2221 if (sp->hisauth.proto != 0)
2222 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO);
2223 else
2224 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
2225 sp->pp_flags &= ~PP_NEEDAUTH;
2226 sppp_open_event(&lcp, sp);
2227}
2228
2229static void
2230sppp_lcp_close(struct sppp *sp)
2231{
2232 sppp_close_event(&lcp, sp);
2233}
2234
2235static void
2236sppp_lcp_TO(void *cookie)
2237{
2238 sppp_to_event(&lcp, (struct sppp *)cookie);
2239}
2240
2241/*
2242 * Analyze a configure request. Return true if it was agreeable, and
2243 * caused action sca, false if it has been rejected or nak'ed, and
2244 * caused action scn. (The return value is used to make the state
2245 * transition decision in the state automaton.)
2246 */
2247static int
2248sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
2249{
2250 STDDCL;
2251 u_char *buf, *r, *p;
2252 int origlen, rlen;
2253 u_long nmagic;
2254 u_short authproto;
2255
2256 len -= 4;
2257 origlen = len;
efda3bd0 2258 buf = r = kmalloc (len, M_TEMP, M_INTWAIT);
984263bc
MD		 2259
2260 if (debug)
2261 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ",
2262 SPP_ARGS(ifp));
2263
2264 /* pass 1: check for things that need to be rejected */
2265 p = (void*) (h+1);
2266 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
4a4748de
JS		 2267 /* Sanity check option length */
2268 if (p[1] > len) {
2269 /* Malicious option - drop immediately.
2270 * XXX Maybe we should just RXJ it?
2271 */
a0a36cfd 2272 log(-1, "%s: received malicious LCP option 0x%02x, "
4a4748de
JS		 2273 "length 0x%02x, (len: 0x%02x) dropping.\n", ifp->if_xname,
2274 p[0], p[1], len);
2275 goto drop;
2276 }
984263bc 2277 if (debug)
a0a36cfd 2278 log(-1, " %s ", sppp_lcp_opt_name(*p));
984263bc
MD		 2279 switch (*p) {
2280 case LCP_OPT_MAGIC:
2281 /* Magic number. */
2282 if (len >= 6 && p[1] == 6)
2283 continue;
2284 if (debug)
a0a36cfd 2285 log(-1, "[invalid] ");
984263bc
MD		 2286 break;
2287 case LCP_OPT_ASYNC_MAP:
2288 /* Async control character map. */
2289 if (len >= 6 && p[1] == 6)
2290 continue;
2291 if (debug)
a0a36cfd 2292 log(-1, "[invalid] ");
984263bc
MD		 2293 break;
2294 case LCP_OPT_MRU:
2295 /* Maximum receive unit. */
2296 if (len >= 4 && p[1] == 4)
2297 continue;
2298 if (debug)
a0a36cfd 2299 log(-1, "[invalid] ");
984263bc
MD		 2300 break;
2301 case LCP_OPT_AUTH_PROTO:
2302 if (len < 4) {
2303 if (debug)
a0a36cfd 2304 log(-1, "[invalid] ");
984263bc
MD		 2305 break;
2306 }
2307 authproto = (p[2] << 8) + p[3];
2308 if (authproto == PPP_CHAP && p[1] != 5) {
2309 if (debug)
a0a36cfd 2310 log(-1, "[invalid chap len] ");
984263bc
MD		 2311 break;
2312 }
2313 if (sp->myauth.proto == 0) {
2314 /* we are not configured to do auth */
2315 if (debug)
a0a36cfd 2316 log(-1, "[not configured] ");
984263bc
MD		 2317 break;
2318 }
2319 /*
2320 * Remote want us to authenticate, remember this,
2321 * so we stay in PHASE_AUTHENTICATE after LCP got
2322 * up.
2323 */
2324 sp->pp_flags |= PP_NEEDAUTH;
2325 continue;
2326 default:
2327 /* Others not supported. */
2328 if (debug)
a0a36cfd 2329 log(-1, "[rej] ");
984263bc
MD		 2330 break;
2331 }
2332 /* Add the option to rejected list. */
2333 bcopy (p, r, p[1]);
2334 r += p[1];
2335 rlen += p[1];
2336 }
2337 if (rlen) {
2338 if (debug)
a0a36cfd 2339 log(-1, " send conf-rej\n");
984263bc
MD		 2340 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
2341 return 0;
2342 } else if (debug)
a0a36cfd 2343 log(-1, "\n");
984263bc
MD		 2344
2345 /*
2346 * pass 2: check for option values that are unacceptable and
2347 * thus require to be nak'ed.
2348 */
2349 if (debug)
2350 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ",
2351 SPP_ARGS(ifp));
2352
2353 p = (void*) (h+1);
2354 len = origlen;
2355 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2356 if (debug)
a0a36cfd 2357 log(-1, " %s ", sppp_lcp_opt_name(*p));
984263bc
MD		 2358 switch (*p) {
2359 case LCP_OPT_MAGIC:
2360 /* Magic number -- extract. */
2361 nmagic = (u_long)p[2] << 24 |
2362 (u_long)p[3] << 16 | p[4] << 8 | p[5];
2363 if (nmagic != sp->lcp.magic) {
2364 sp->pp_loopcnt = 0;
2365 if (debug)
a0a36cfd 2366 log(-1, "0x%lx ", nmagic);
984263bc
MD		 2367 continue;
2368 }
2369 if (debug && sp->pp_loopcnt < MAXALIVECNT*5)
a0a36cfd 2370 log(-1, "[glitch] ");
984263bc
MD		 2371 ++sp->pp_loopcnt;
2372 /*
2373 * We negate our magic here, and NAK it. If
2374 * we see it later in an NAK packet, we
2375 * suggest a new one.
2376 */
2377 nmagic = ~sp->lcp.magic;
2378 /* Gonna NAK it. */
2379 p[2] = nmagic >> 24;
2380 p[3] = nmagic >> 16;
2381 p[4] = nmagic >> 8;
2382 p[5] = nmagic;
2383 break;
2384
2385 case LCP_OPT_ASYNC_MAP:
2386 /*
2387 * Async control character map -- just ignore it.
2388 *
2389 * Quote from RFC 1662, chapter 6:
2390 * To enable this functionality, synchronous PPP
2391 * implementations MUST always respond to the
2392 * Async-Control-Character-Map Configuration
2393 * Option with the LCP Configure-Ack. However,
2394 * acceptance of the Configuration Option does
2395 * not imply that the synchronous implementation
2396 * will do any ACCM mapping. Instead, all such
2397 * octet mapping will be performed by the
2398 * asynchronous-to-synchronous converter.
2399 */
2400 continue;
2401
2402 case LCP_OPT_MRU:
2403 /*
2404 * Maximum receive unit. Always agreeable,
2405 * but ignored by now.
2406 */
2407 sp->lcp.their_mru = p[2] * 256 + p[3];
2408 if (debug)
a0a36cfd 2409 log(-1, "%lu ", sp->lcp.their_mru);
984263bc
MD		 2410 continue;
2411
2412 case LCP_OPT_AUTH_PROTO:
2413 authproto = (p[2] << 8) + p[3];
2414 if (sp->myauth.proto != authproto) {
2415 /* not agreed, nak */
2416 if (debug)
a0a36cfd 2417 log(-1, "[mine %s != his %s] ",
984263bc
MD		 2418 sppp_proto_name(sp->hisauth.proto),
2419 sppp_proto_name(authproto));
2420 p[2] = sp->myauth.proto >> 8;
2421 p[3] = sp->myauth.proto;
2422 break;
2423 }
2424 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) {
2425 if (debug)
a0a36cfd 2426 log(-1, "[chap not MD5] ");
984263bc
MD		 2427 p[4] = CHAP_MD5;
2428 break;
2429 }
2430 continue;
2431 }
2432 /* Add the option to nak'ed list. */
2433 bcopy (p, r, p[1]);
2434 r += p[1];
2435 rlen += p[1];
2436 }
2437 if (rlen) {
2438 /*
2439 * Local and remote magics equal -- loopback?
2440 */
2441 if (sp->pp_loopcnt >= MAXALIVECNT*5) {
2442 if (sp->pp_loopcnt == MAXALIVECNT*5)
4b1cf444 2443 kprintf (SPP_FMT "loopback\n",
984263bc
MD		 2444 SPP_ARGS(ifp));
2445 if (ifp->if_flags & IFF_UP) {
2446 if_down(ifp);
4d723e5a 2447 IF_DRAIN(&sp->pp_cpq);
984263bc
MD		 2448 /* XXX ? */
2449 lcp.Down(sp);
2450 lcp.Up(sp);
2451 }
2452 } else if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) {
2453 if (debug)
a0a36cfd 2454 log(-1, " max_failure (%d) exceeded, "
984263bc
MD		 2455 "send conf-rej\n",
2456 sp->lcp.max_failure);
2457 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
2458 } else {
2459 if (debug)
a0a36cfd 2460 log(-1, " send conf-nak\n");
984263bc
MD		 2461 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf);
2462 }
2463 } else {
2464 if (debug)
a0a36cfd 2465 log(-1, " send conf-ack\n");
984263bc
MD		 2466 sp->fail_counter[IDX_LCP] = 0;
2467 sp->pp_loopcnt = 0;
2468 sppp_cp_send (sp, PPP_LCP, CONF_ACK,
2469 h->ident, origlen, h+1);
2470 }
2471
efda3bd0 2472 kfree (buf, M_TEMP);
984263bc 2473 return (rlen == 0);
4a4748de
JS		 2474
2475drop:
efda3bd0 2476 kfree(buf, M_TEMP);
4a4748de 2477 return (-1);
984263bc
MD		 2478}
2479
2480/*
2481 * Analyze the LCP Configure-Reject option list, and adjust our
2482 * negotiation.
2483 */
2484static void
2485sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
2486{
2487 STDDCL;
2488 u_char *buf, *p;
2489
2490 len -= 4;
efda3bd0 2491 buf = kmalloc (len, M_TEMP, M_INTWAIT);
984263bc
MD		 2492
2493 if (debug)
2494 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ",
2495 SPP_ARGS(ifp));
2496
2497 p = (void*) (h+1);
2498 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
4a4748de
JS		 2499 /* Sanity check option length */
2500 if (p[1] > len) {
2501 /*
2502 * Malicious option - drop immediately.
2503 * XXX Maybe we should just RXJ it?
2504 */
a0a36cfd 2505 log(-1, "%s: received malicious LCP option, "
4a4748de
JS		 2506 "dropping.\n", ifp->if_xname);
2507 goto drop;
2508 }
984263bc 2509 if (debug)
a0a36cfd 2510 log(-1, " %s ", sppp_lcp_opt_name(*p));
984263bc
MD		 2511 switch (*p) {
2512 case LCP_OPT_MAGIC:
2513 /* Magic number -- can't use it, use 0 */
2514 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC);
2515 sp->lcp.magic = 0;
2516 break;
2517 case LCP_OPT_MRU:
2518 /*
2519 * Should not be rejected anyway, since we only
2520 * negotiate a MRU if explicitly requested by
2521 * peer.
2522 */
2523 sp->lcp.opts &= ~(1 << LCP_OPT_MRU);
2524 break;
2525 case LCP_OPT_AUTH_PROTO:
2526 /*
2527 * Peer doesn't want to authenticate himself,
2528 * deny unless this is a dialout call, and
2529 * AUTHFLAG_NOCALLOUT is set.
2530 */
2531 if ((sp->pp_flags & PP_CALLIN) == 0 &&
2532 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) {
2533 if (debug)
a0a36cfd 2534 log(-1, "[don't insist on auth "
984263bc
MD		 2535 "for callout]");
2536 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
2537 break;
2538 }
2539 if (debug)
a0a36cfd 2540 log(-1, "[access denied]\n");
984263bc
MD		 2541 lcp.Close(sp);
2542 break;
2543 }
2544 }
2545 if (debug)
a0a36cfd 2546 log(-1, "\n");
4a4748de 2547drop:
efda3bd0 2548 kfree (buf, M_TEMP);
984263bc
MD		 2549 return;
2550}
2551
2552/*
2553 * Analyze the LCP Configure-NAK option list, and adjust our
2554 * negotiation.
2555 */
2556static void
2557sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
2558{
2559 STDDCL;
2560 u_char *buf, *p;
2561 u_long magic;
2562
2563 len -= 4;
efda3bd0 2564 buf = kmalloc (len, M_TEMP, M_INTWAIT);
984263bc
MD		 2565
2566 if (debug)
2567 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ",
2568 SPP_ARGS(ifp));
2569
2570 p = (void*) (h+1);
2571 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
4a4748de
JS		 2572 /* Sanity check option length */
2573 if (p[1] > len) {
2574 /*
2575 * Malicious option - drop immediately.
2576 * XXX Maybe we should just RXJ it?
2577 */
a0a36cfd 2578 log(-1, "%s: received malicious LCP option, "
4a4748de
JS		 2579 "dropping.\n", ifp->if_xname);
2580 goto drop;
2581 }
984263bc 2582 if (debug)
a0a36cfd 2583 log(-1, " %s ", sppp_lcp_opt_name(*p));
984263bc
MD		 2584 switch (*p) {
2585 case LCP_OPT_MAGIC:
2586 /* Magic number -- renegotiate */
2587 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) &&
2588 len >= 6 && p[1] == 6) {
2589 magic = (u_long)p[2] << 24 |
2590 (u_long)p[3] << 16 | p[4] << 8 | p[5];
2591 /*
2592 * If the remote magic is our negated one,
2593 * this looks like a loopback problem.
2594 * Suggest a new magic to make sure.
2595 */
2596 if (magic == ~sp->lcp.magic) {
2597 if (debug)
a0a36cfd 2598 log(-1, "magic glitch ");
ced1da93 2599#if defined(__DragonFly__)
cddfb7bb 2600 sp->lcp.magic = krandom();
984263bc
MD		 2601#else
2602 sp->lcp.magic = time.tv_sec + time.tv_usec;
2603#endif
2604 } else {
2605 sp->lcp.magic = magic;
2606 if (debug)
a0a36cfd 2607 log(-1, "%lu ", magic);
984263bc
MD		 2608 }
2609 }
2610 break;
2611 case LCP_OPT_MRU:
2612 /*
2613 * Peer wants to advise us to negotiate an MRU.
2614 * Agree on it if it's reasonable, or use
2615 * default otherwise.
2616 */
2617 if (len >= 4 && p[1] == 4) {
2618 u_int mru = p[2] * 256 + p[3];
2619 if (debug)
a0a36cfd 2620 log(-1, "%d ", mru);
984263bc
MD		 2621 if (mru < PP_MTU || mru > PP_MAX_MRU)
2622 mru = PP_MTU;
2623 sp->lcp.mru = mru;
2624 sp->lcp.opts |= (1 << LCP_OPT_MRU);
2625 }
2626 break;
2627 case LCP_OPT_AUTH_PROTO:
2628 /*
2629 * Peer doesn't like our authentication method,
2630 * deny.
2631 */
2632 if (debug)
a0a36cfd 2633 log(-1, "[access denied]\n");
984263bc
MD		 2634 lcp.Close(sp);
2635 break;
2636 }
2637 }
2638 if (debug)
a0a36cfd 2639 log(-1, "\n");
4a4748de 2640drop:
efda3bd0 2641 kfree (buf, M_TEMP);
984263bc
MD		 2642 return;
2643}
2644
2645static void
2646sppp_lcp_tlu(struct sppp *sp)
2647{
2648 STDDCL;
2649 int i;
2650 u_long mask;
2651
2652 /* XXX ? */
2653 if (! (ifp->if_flags & IFF_UP) &&
2654 (ifp->if_flags & IFF_RUNNING)) {
2655 /* Coming out of loopback mode. */
2656 if_up(ifp);
4b1cf444 2657 kprintf (SPP_FMT "up\n", SPP_ARGS(ifp));
984263bc
MD		 2658 }
2659
2660 for (i = 0; i < IDX_COUNT; i++)
2661 if ((cps[i])->flags & CP_QUAL)
2662 (cps[i])->Open(sp);
2663
2664 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 ||
2665 (sp->pp_flags & PP_NEEDAUTH) != 0)
2666 sp->pp_phase = PHASE_AUTHENTICATE;
2667 else
2668 sp->pp_phase = PHASE_NETWORK;
2669
2670 if (debug)
2671 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
2672 sppp_phase_name(sp->pp_phase));
2673
2674 /*
2675 * Open all authentication protocols. This is even required
2676 * if we already proceeded to network phase, since it might be
2677 * that remote wants us to authenticate, so we might have to
2678 * send a PAP request. Undesired authentication protocols
2679 * don't do anything when they get an Open event.
2680 */
2681 for (i = 0; i < IDX_COUNT; i++)
2682 if ((cps[i])->flags & CP_AUTH)
2683 (cps[i])->Open(sp);
2684
2685 if (sp->pp_phase == PHASE_NETWORK) {
2686 /* Notify all NCPs. */
2687 for (i = 0; i < IDX_COUNT; i++)
2688 if (((cps[i])->flags & CP_NCP) &&
2689 /*
2690 * XXX
2691 * Hack to administratively disable IPv6 if
2692 * not desired. Perhaps we should have another
2693 * flag for this, but right now, we can make
2694 * all struct cp's read/only.
2695 */
2696 (cps[i] != &ipv6cp ||
2697 (sp->confflags & CONF_ENABLE_IPV6)))
2698 (cps[i])->Open(sp);
2699 }
2700
2701 /* Send Up events to all started protos. */
2702 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2703 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0)
2704 (cps[i])->Up(sp);
2705
2706 /* notify low-level driver of state change */
2707 if (sp->pp_chg)
2708 sp->pp_chg(sp, (int)sp->pp_phase);
2709
2710 if (sp->pp_phase == PHASE_NETWORK)
2711 /* if no NCP is starting, close down */
2712 sppp_lcp_check_and_close(sp);
2713}
2714
2715static void
2716sppp_lcp_tld(struct sppp *sp)
2717{
2718 STDDCL;
2719 int i;
2720 u_long mask;
2721
2722 sp->pp_phase = PHASE_TERMINATE;
2723
2724 if (debug)
2725 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
2726 sppp_phase_name(sp->pp_phase));
2727
2728 /*
2729 * Take upper layers down. We send the Down event first and
2730 * the Close second to prevent the upper layers from sending
2731 * ``a flurry of terminate-request packets'', as the RFC
2732 * describes it.
2733 */
2734 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2735 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) {
2736 (cps[i])->Down(sp);
2737 (cps[i])->Close(sp);
2738 }
2739}
2740
2741static void
2742sppp_lcp_tls(struct sppp *sp)
2743{
2744 STDDCL;
2745
2746 sp->pp_phase = PHASE_ESTABLISH;
2747
2748 if (debug)
2749 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
2750 sppp_phase_name(sp->pp_phase));
2751
2752 /* Notify lower layer if desired. */
2753 if (sp->pp_tls)
2754 (sp->pp_tls)(sp);
2755 else
2756 (sp->pp_up)(sp);
2757}
2758
2759static void
2760sppp_lcp_tlf(struct sppp *sp)
2761{
2762 STDDCL;
2763
2764 sp->pp_phase = PHASE_DEAD;
2765 if (debug)
2766 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
2767 sppp_phase_name(sp->pp_phase));
2768
2769 /* Notify lower layer if desired. */
2770 if (sp->pp_tlf)
2771 (sp->pp_tlf)(sp);
2772 else
2773 (sp->pp_down)(sp);
2774}
2775
2776static void
2777sppp_lcp_scr(struct sppp *sp)
2778{
2779 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */];
2780 int i = 0;
2781 u_short authproto;
2782
2783 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) {
2784 if (! sp->lcp.magic)
ced1da93 2785#if defined(__DragonFly__)
cddfb7bb 2786 sp->lcp.magic = krandom();
984263bc
MD		 2787#else
2788 sp->lcp.magic = time.tv_sec + time.tv_usec;
2789#endif
2790 opt[i++] = LCP_OPT_MAGIC;
2791 opt[i++] = 6;
2792 opt[i++] = sp->lcp.magic >> 24;
2793 opt[i++] = sp->lcp.magic >> 16;
2794 opt[i++] = sp->lcp.magic >> 8;
2795 opt[i++] = sp->lcp.magic;
2796 }
2797
2798 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) {
2799 opt[i++] = LCP_OPT_MRU;
2800 opt[i++] = 4;
2801 opt[i++] = sp->lcp.mru >> 8;
2802 opt[i++] = sp->lcp.mru;
2803 }
2804
2805 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) {
2806 authproto = sp->hisauth.proto;
2807 opt[i++] = LCP_OPT_AUTH_PROTO;
2808 opt[i++] = authproto == PPP_CHAP? 5: 4;
2809 opt[i++] = authproto >> 8;
2810 opt[i++] = authproto;
2811 if (authproto == PPP_CHAP)
2812 opt[i++] = CHAP_MD5;
2813 }
2814
2815 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP];
2816 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt);
2817}
2818
2819/*
2820 * Check the open NCPs, return true if at least one NCP is open.
2821 */
2822static int
2823sppp_ncp_check(struct sppp *sp)
2824{
2825 int i, mask;
2826
2827 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2828 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP)
2829 return 1;
2830 return 0;
2831}
2832
2833/*
2834 * Re-check the open NCPs and see if we should terminate the link.
2835 * Called by the NCPs during their tlf action handling.
2836 */
2837static void
2838sppp_lcp_check_and_close(struct sppp *sp)
2839{
2840
2841 if (sp->pp_phase < PHASE_NETWORK)
2842 /* don't bother, we are already going down */
2843 return;
2844
2845 if (sppp_ncp_check(sp))
2846 return;
2847
2848 lcp.Close(sp);
2849}
2850
2851/*
2852 *--------------------------------------------------------------------------*
2853 * *
2854 * The IPCP implementation. *
2855 * *
2856 *--------------------------------------------------------------------------*
2857 */
2858
2859static void
2860sppp_ipcp_init(struct sppp *sp)
2861{
2862 sp->ipcp.opts = 0;
2863 sp->ipcp.flags = 0;
2864 sp->state[IDX_IPCP] = STATE_INITIAL;
2865 sp->fail_counter[IDX_IPCP] = 0;
2866 sp->pp_seq[IDX_IPCP] = 0;
2867 sp->pp_rseq[IDX_IPCP] = 0;
ced1da93 2868#if defined(__DragonFly__)
ffb75675 2869 callout_init(&sp->timeout[IDX_IPCP]);
984263bc
MD		 2870#endif
2871}
2872
2873static void
2874sppp_ipcp_up(struct sppp *sp)
2875{
2876 sppp_up_event(&ipcp, sp);
2877}
2878
2879static void
2880sppp_ipcp_down(struct sppp *sp)
2881{
2882 sppp_down_event(&ipcp, sp);
2883}
2884
2885static void
2886sppp_ipcp_open(struct sppp *sp)
2887{
2888 STDDCL;
2889 u_long myaddr, hisaddr;
2890
2891 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN | IPCP_MYADDR_SEEN |
2892 IPCP_MYADDR_DYN | IPCP_VJ);
2893 sp->ipcp.opts = 0;
2894
2895 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0);
2896 /*
2897 * If we don't have his address, this probably means our
2898 * interface doesn't want to talk IP at all. (This could
2899 * be the case if somebody wants to speak only IPX, for
2900 * example.) Don't open IPCP in this case.
2901 */
2902 if (hisaddr == 0L) {
2903 /* XXX this message should go away */
2904 if (debug)
2905 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n",
2906 SPP_ARGS(ifp));
2907 return;
2908 }
2909 if (myaddr == 0L) {
2910 /*
2911 * I don't have an assigned address, so i need to
2912 * negotiate my address.
2913 */
2914 sp->ipcp.flags |= IPCP_MYADDR_DYN;
2915 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
2916 } else
2917 sp->ipcp.flags |= IPCP_MYADDR_SEEN;
2918 if (sp->confflags & CONF_ENABLE_VJ) {
2919 sp->ipcp.opts |= (1 << IPCP_OPT_COMPRESSION);
2920 sp->ipcp.max_state = MAX_STATES - 1;
2921 sp->ipcp.compress_cid = 1;
2922 }
2923 sppp_open_event(&ipcp, sp);
2924}
2925
2926static void
2927sppp_ipcp_close(struct sppp *sp)
2928{
2929 sppp_close_event(&ipcp, sp);
2930 if (sp->ipcp.flags & IPCP_MYADDR_DYN)
2931 /*
2932 * My address was dynamic, clear it again.
2933 */
2934 sppp_set_ip_addr(sp, 0L);
2935}
2936
2937static void
2938sppp_ipcp_TO(void *cookie)
2939{
2940 sppp_to_event(&ipcp, (struct sppp *)cookie);
2941}
2942
2943/*
2944 * Analyze a configure request. Return true if it was agreeable, and
2945 * caused action sca, false if it has been rejected or nak'ed, and
2946 * caused action scn. (The return value is used to make the state
2947 * transition decision in the state automaton.)
2948 */
2949static int
2950sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
2951{
2952 u_char *buf, *r, *p;
2953 struct ifnet *ifp = &sp->pp_if;
2954 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG;
2955 u_long hisaddr, desiredaddr;
2956 int gotmyaddr = 0;
2957 int desiredcomp;
2958
2959 len -= 4;
2960 origlen = len;
2961 /*
2962 * Make sure to allocate a buf that can at least hold a
2963 * conf-nak with an `address' option. We might need it below.
2964 */
efda3bd0 2965 buf = r = kmalloc ((len < 6? 6: len), M_TEMP, M_INTWAIT);
984263bc
MD		 2966
2967 /* pass 1: see if we can recognize them */
2968 if (debug)
2969 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ",
2970 SPP_ARGS(ifp));
2971 p = (void*) (h+1);
2972 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
4a4748de
JS		 2973 /* Sanity check option length */
2974 if (p[1] > len) {
2975 /* XXX should we just RXJ? */
a0a36cfd 2976 log(-1, "%s: malicious IPCP option received, dropping\n",
4a4748de
JS		 2977 ifp->if_xname);
2978 goto drop;
2979 }
984263bc 2980 if (debug)
a0a36cfd 2981 log(-1, " %s ", sppp_ipcp_opt_name(*p));
984263bc
MD		 2982 switch (*p) {
2983 case IPCP_OPT_COMPRESSION:
2984 if (!(sp->confflags & CONF_ENABLE_VJ)) {
2985 /* VJ compression administratively disabled */
2986 if (debug)
a0a36cfd 2987 log(-1, "[locally disabled] ");
984263bc
MD		 2988 break;
2989 }
2990 /*
2991 * In theory, we should only conf-rej an
2992 * option that is shorter than RFC 1618
2993 * requires (i.e. < 4), and should conf-nak
2994 * anything else that is not VJ. However,
2995 * since our algorithm always uses the
2996 * original option to NAK it with new values,
2997 * things would become more complicated. In
2998 * pratice, the only commonly implemented IP
2999 * compression option is VJ anyway, so the
3000 * difference is negligible.
3001 */
3002 if (len >= 6 && p[1] == 6) {
3003 /*
3004 * correctly formed compression option
3005 * that could be VJ compression
3006 */
3007 continue;
3008 }
3009 if (debug)
a0a36cfd 3010 log(-1, "optlen %d [invalid/unsupported] ",
984263bc
MD		 3011 p[1]);
3012 break;
3013 case IPCP_OPT_ADDRESS:
3014 if (len >= 6 && p[1] == 6) {
3015 /* correctly formed address option */
3016 continue;
3017 }
3018 if (debug)
a0a36cfd 3019 log(-1, "[invalid] ");
984263bc
MD		 3020 break;
3021 default:
3022 /* Others not supported. */
3023 if (debug)
a0a36cfd 3024 log(-1, "[rej] ");
984263bc
MD		 3025 break;
3026 }
3027 /* Add the option to rejected list. */
3028 bcopy (p, r, p[1]);
3029 r += p[1];
3030 rlen += p[1];
3031 }
3032 if (rlen) {
3033 if (debug)
a0a36cfd 3034 log(-1, " send conf-rej\n");
984263bc
MD		 3035 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf);
3036 return 0;
3037 } else if (debug)
a0a36cfd 3038 log(-1, "\n");
984263bc
MD		 3039
3040 /* pass 2: parse option values */
3041 sppp_get_ip_addrs(sp, 0, &hisaddr, 0);
3042 if (debug)
3043 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ",
3044 SPP_ARGS(ifp));
3045 p = (void*) (h+1);
3046 len = origlen;
3047 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
3048 if (debug)
a0a36cfd 3049 log(-1, " %s ", sppp_ipcp_opt_name(*p));
984263bc
MD		 3050 switch (*p) {
3051 case IPCP_OPT_COMPRESSION:
3052 desiredcomp = p[2] << 8 | p[3];
3053 /* We only support VJ */
3054 if (desiredcomp == IPCP_COMP_VJ) {
3055 if (debug)
a0a36cfd 3056 log(-1, "VJ [ack] ");
984263bc
MD		 3057 sp->ipcp.flags |= IPCP_VJ;
3058 sl_compress_init(sp->pp_comp, p[4]);
3059 sp->ipcp.max_state = p[4];
3060 sp->ipcp.compress_cid = p[5];
3061 continue;
3062 }
3063 if (debug)
a0a36cfd 3064 log(-1, "compproto %#04x [not supported] ",
984263bc
MD		 3065 desiredcomp);
3066 p[2] = IPCP_COMP_VJ >> 8;
3067 p[3] = IPCP_COMP_VJ;
3068 p[4] = sp->ipcp.max_state;
3069 p[5] = sp->ipcp.compress_cid;
3070 break;
3071 case IPCP_OPT_ADDRESS:
3072 /* This is the address he wants in his end */
3073 desiredaddr = p[2] << 24 | p[3] << 16 |
3074 p[4] << 8 | p[5];
3075 if (desiredaddr == hisaddr ||
3076 (hisaddr >= 1 && hisaddr <= 254 && desiredaddr != 0)) {
3077 /*
3078 * Peer's address is same as our value,
3079 * or we have set it to 0.0.0.* to
3080 * indicate that we do not really care,
3081 * this is agreeable. Gonna conf-ack
3082 * it.
3083 */
3084 if (debug)
a0a36cfd 3085 log(-1, "%s [ack] ",
984263bc
MD		 3086 sppp_dotted_quad(hisaddr));
3087 /* record that we've seen it already */
3088 sp->ipcp.flags |= IPCP_HISADDR_SEEN;
3089 continue;
3090 }
3091 /*
3092 * The address wasn't agreeable. This is either
3093 * he sent us 0.0.0.0, asking to assign him an
3094 * address, or he send us another address not
3095 * matching our value. Either case, we gonna
3096 * conf-nak it with our value.
3097 * XXX: we should "rej" if hisaddr == 0
3098 */
3099 if (debug) {
3100 if (desiredaddr == 0)
a0a36cfd 3101 log(-1, "[addr requested] ");
984263bc 3102 else
a0a36cfd 3103 log(-1, "%s [not agreed] ",
984263bc
MD		 3104 sppp_dotted_quad(desiredaddr));
3105
3106 }
3107 p[2] = hisaddr >> 24;
3108 p[3] = hisaddr >> 16;
3109 p[4] = hisaddr >> 8;
3110 p[5] = hisaddr;
3111 break;
3112 }
3113 /* Add the option to nak'ed list. */
3114 bcopy (p, r, p[1]);
3115 r += p[1];
3116 rlen += p[1];
3117 }
3118
3119 /*
3120 * If we are about to conf-ack the request, but haven't seen
3121 * his address so far, gonna conf-nak it instead, with the
3122 * `address' option present and our idea of his address being
3123 * filled in there, to request negotiation of both addresses.
3124 *
3125 * XXX This can result in an endless req - nak loop if peer
3126 * doesn't want to send us his address. Q: What should we do
3127 * about it? XXX A: implement the max-failure counter.
3128 */
3129 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) {
3130 buf[0] = IPCP_OPT_ADDRESS;
3131 buf[1] = 6;
3132 buf[2] = hisaddr >> 24;
3133 buf[3] = hisaddr >> 16;
3134 buf[4] = hisaddr >> 8;
3135 buf[5] = hisaddr;
3136 rlen = 6;
3137 if (debug)
a0a36cfd 3138 log(-1, "still need hisaddr ");
984263bc
MD		 3139 }
3140
3141 if (rlen) {
3142 if (debug)
a0a36cfd 3143 log(-1, " send conf-nak\n");
984263bc
MD		 3144 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf);
3145 } else {
3146 if (debug)
a0a36cfd 3147 log(-1, " send conf-ack\n");
984263bc
MD		 3148 sppp_cp_send (sp, PPP_IPCP, CONF_ACK,
3149 h->ident, origlen, h+1);
3150 }
3151
efda3bd0 3152 kfree (buf, M_TEMP);
984263bc 3153 return (rlen == 0);
4a4748de
JS		 3154
3155drop:
efda3bd0 3156 kfree(buf, M_TEMP);
4a4748de 3157 return (-1);
984263bc
MD		 3158}
3159
3160/*
3161 * Analyze the IPCP Configure-Reject option list, and adjust our
3162 * negotiation.
3163 */
3164static void
3165sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
3166{
3167 u_char *buf, *p;
3168 struct ifnet *ifp = &sp->pp_if;
3169 int debug = ifp->if_flags & IFF_DEBUG;
3170
3171 len -= 4;
efda3bd0 3172 buf = kmalloc (len, M_TEMP, M_INTWAIT);
984263bc
MD		 3173
3174 if (debug)
3175 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ",
3176 SPP_ARGS(ifp));
3177
3178 p = (void*) (h+1);
3179 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
4a4748de
JS		 3180 /* Sanity check option length */
3181 if (p[1] > len) {
3182 /* XXX should we just RXJ? */
a0a36cfd 3183 log(-1, "%s: malicious IPCP option received, dropping\n",
4a4748de
JS		 3184 ifp->if_xname);
3185 goto drop;
3186 }
984263bc 3187 if (debug)
a0a36cfd 3188 log(-1, " %s ", sppp_ipcp_opt_name(*p));
984263bc
MD		 3189 switch (*p) {
3190 case IPCP_OPT_COMPRESSION:
3191 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESSION);
3192 break;
3193 case IPCP_OPT_ADDRESS:
3194 /*
3195 * Peer doesn't grok address option. This is
3196 * bad. XXX Should we better give up here?
3197 * XXX We could try old "addresses" option...
3198 */
3199 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS);
3200 break;
3201 }
3202 }
3203 if (debug)
a0a36cfd 3204 log(-1, "\n");
4a4748de 3205drop:
efda3bd0 3206 kfree (buf, M_TEMP);
984263bc
MD		 3207 return;
3208}
3209
3210/*
3211 * Analyze the IPCP Configure-NAK option list, and adjust our
3212 * negotiation.
3213 */
3214static void
3215sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
3216{
3217 u_char *buf, *p;
3218 struct ifnet *ifp = &sp->pp_if;
3219 int debug = ifp->if_flags & IFF_DEBUG;
3220 int desiredcomp;
3221 u_long wantaddr;
3222
3223 len -= 4;
efda3bd0 3224 buf = kmalloc (len, M_TEMP, M_INTWAIT);
984263bc
MD		 3225
3226 if (debug)
3227 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ",
3228 SPP_ARGS(ifp));
3229
3230 p = (void*) (h+1);
3231 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
4a4748de
JS		 3232 /* Sanity check option length */
3233 if (p[1] > len) {
3234 /* XXX should we just RXJ? */
a0a36cfd 3235 log(-1, "%s: malicious IPCP option received, dropping\n",
4a4748de
JS		 3236 ifp->if_xname);
3237 return;
3238 }
984263bc 3239 if (debug)
a0a36cfd 3240 log(-1, " %s ", sppp_ipcp_opt_name(*p));
984263bc
MD		 3241 switch (*p) {
3242 case IPCP_OPT_COMPRESSION:
3243 if (len >= 6 && p[1] == 6) {
3244 desiredcomp = p[2] << 8 | p[3];
3245 if (debug)
a0a36cfd 3246 log(-1, "[wantcomp %#04x] ",
984263bc
MD		 3247 desiredcomp);
3248 if (desiredcomp == IPCP_COMP_VJ) {
3249 sl_compress_init(sp->pp_comp, p[4]);
3250 sp->ipcp.max_state = p[4];
3251 sp->ipcp.compress_cid = p[5];
3252 if (debug)
a0a36cfd 3253 log(-1, "[agree] ");
984263bc
MD		 3254 } else
3255 sp->ipcp.opts &=
3256 ~(1 << IPCP_OPT_COMPRESSION);
3257 }
3258 break;
3259 case IPCP_OPT_ADDRESS:
3260 /*
3261 * Peer doesn't like our local IP address. See
3262 * if we can do something for him. We'll drop
3263 * him our address then.
3264 */
3265 if (len >= 6 && p[1] == 6) {
3266 wantaddr = p[2] << 24 | p[3] << 16 |
3267 p[4] << 8 | p[5];
3268 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
3269 if (debug)
a0a36cfd 3270 log(-1, "[wantaddr %s] ",
984263bc
MD		 3271 sppp_dotted_quad(wantaddr));
3272 /*
3273 * When doing dynamic address assignment,
3274 * we accept his offer. Otherwise, we
3275 * ignore it and thus continue to negotiate
3276 * our already existing value.
3277 * XXX: Bogus, if he said no once, he'll
3278 * just say no again, might as well die.
3279 */
3280 if (sp->ipcp.flags & IPCP_MYADDR_DYN) {
3281 sppp_set_ip_addr(sp, wantaddr);
3282 if (debug)
a0a36cfd 3283 log(-1, "[agree] ");
984263bc
MD		 3284 sp->ipcp.flags |= IPCP_MYADDR_SEEN;
3285 }
3286 }
3287 break;
3288 }
3289 }
3290 if (debug)
a0a36cfd 3291 log(-1, "\n");
efda3bd0 3292 kfree (buf, M_TEMP);
984263bc
MD		 3293 return;
3294}
3295
3296static void
3297sppp_ipcp_tlu(struct sppp *sp)
3298{
3299 /* we are up - notify isdn daemon */
3300 if (sp->pp_con)
3301 sp->pp_con(sp);
3302}
3303
3304static void
3305sppp_ipcp_tld(struct sppp *sp)
3306{
3307}
3308
3309static void
3310sppp_ipcp_tls(struct sppp *sp)
3311{
3312 /* indicate to LCP that it must stay alive */
3313 sp->lcp.protos |= (1 << IDX_IPCP);
3314}
3315
3316static void
3317sppp_ipcp_tlf(struct sppp *sp)
3318{
3319 /* we no longer need LCP */
3320 sp->lcp.protos &= ~(1 << IDX_IPCP);
3321 sppp_lcp_check_and_close(sp);
3322}
3323
3324static void
3325sppp_ipcp_scr(struct sppp *sp)
3326{
3327 char opt[6 /* compression */ + 6 /* address */];
3328 u_long ouraddr;
3329 int i = 0;
3330
3331 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) {
3332 opt[i++] = IPCP_OPT_COMPRESSION;
3333 opt[i++] = 6;
3334 opt[i++] = IPCP_COMP_VJ >> 8;
3335 opt[i++] = IPCP_COMP_VJ;
3336 opt[i++] = sp->ipcp.max_state;
3337 opt[i++] = sp->ipcp.compress_cid;
3338 }
3339 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) {
3340 sppp_get_ip_addrs(sp, &ouraddr, 0, 0);
3341 opt[i++] = IPCP_OPT_ADDRESS;
3342 opt[i++] = 6;
3343 opt[i++] = ouraddr >> 24;
3344 opt[i++] = ouraddr >> 16;
3345 opt[i++] = ouraddr >> 8;
3346 opt[i++] = ouraddr;
3347 }
3348
3349 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP];
3350 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt);
3351}
3352
3353/*
3354 *--------------------------------------------------------------------------*
3355 * *
3356 * The IPv6CP implementation. *
3357 * *
3358 *--------------------------------------------------------------------------*
3359 */
3360
3361#ifdef INET6
3362static void
3363sppp_ipv6cp_init(struct sppp *sp)
3364{
3365 sp->ipv6cp.opts = 0;
3366 sp->ipv6cp.flags = 0;
3367 sp->state[IDX_IPV6CP] = STATE_INITIAL;
3368 sp->fail_counter[IDX_IPV6CP] = 0;
3369 sp->pp_seq[IDX_IPV6CP] = 0;
3370 sp->pp_rseq[IDX_IPV6CP] = 0;
3371#if defined(__NetBSD__)
3372 callout_init(&sp->ch[IDX_IPV6CP]);
3373#endif
ced1da93 3374#if defined(__DragonFly__)
ffb75675 3375 callout_init(&sp->timeout[IDX_IPV6CP]);
984263bc
MD		 3376#endif
3377}
3378
3379static void
3380sppp_ipv6cp_up(struct sppp *sp)
3381{
3382 sppp_up_event(&ipv6cp, sp);
3383}
3384
3385static void
3386sppp_ipv6cp_down(struct sppp *sp)
3387{
3388 sppp_down_event(&ipv6cp, sp);
3389}
3390
3391static void
3392sppp_ipv6cp_open(struct sppp *sp)
3393{
3394 STDDCL;
3395 struct in6_addr myaddr, hisaddr;
3396
3397#ifdef IPV6CP_MYIFID_DYN
3398 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN);
3399#else
3400 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN;
3401#endif
3402
3403 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0);
3404 /*
3405 * If we don't have our address, this probably means our
3406 * interface doesn't want to talk IPv6 at all. (This could
3407 * be the case if somebody wants to speak only IPX, for
3408 * example.) Don't open IPv6CP in this case.
3409 */
3410 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) {
3411 /* XXX this message should go away */
3412 if (debug)
3413 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n",
3414 SPP_ARGS(ifp));
3415 return;
3416 }
3417
3418 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN;
3419 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID);
3420 sppp_open_event(&ipv6cp, sp);
3421}
3422
3423static void
3424sppp_ipv6cp_close(struct sppp *sp)
3425{
3426 sppp_close_event(&ipv6cp, sp);
3427}
3428
3429static void
3430sppp_ipv6cp_TO(void *cookie)
3431{
3432 sppp_to_event(&ipv6cp, (struct sppp *)cookie);
3433}
3434
3435/*
3436 * Analyze a configure request. Return true if it was agreeable, and
3437 * caused action sca, false if it has been rejected or nak'ed, and
3438 * caused action scn. (The return value is used to make the state
3439 * transition decision in the state automaton.)
3440 */
3441static int
3442sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len)
3443{
3444 u_char *buf, *r, *p;
3445 struct ifnet *ifp = &sp->pp_if;
3446 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG;
3447 struct in6_addr myaddr, desiredaddr, suggestaddr;
3448 int ifidcount;
3449 int type;
3450 int collision, nohisaddr;
3451
3452 len -= 4;
3453 origlen = len;
3454 /*
3455 * Make sure to allocate a buf that can at least hold a
3456 * conf-nak with an `address' option. We might need it below.
3457 */
efda3bd0 3458 buf = r = kmalloc ((len < 6? 6: len), M_TEMP, M_INTWAIT);
984263bc
MD		 3459
3460 /* pass 1: see if we can recognize them */
3461 if (debug)
3462 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:",
3463 SPP_ARGS(ifp));
3464 p = (void*) (h+1);
3465 ifidcount = 0;
3466 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
4a4748de
JS		 3467 /* Sanity check option length */
3468 if (p[1] > len) {
3469 /* XXX just RXJ? */
a0a36cfd 3470 log(-1, "%s: received malicious IPCPv6 option, "
4a4748de
JS		 3471 "dropping\n", ifp->if_xname);
3472 goto drop;
3473 }
984263bc 3474 if (debug)
a0a36cfd 3475 log(-1, " %s", sppp_ipv6cp_opt_name(*p));
984263bc
MD		 3476 switch (*p) {
3477 case IPV6CP_OPT_IFID:
3478 if (len >= 10 && p[1] == 10 && ifidcount == 0) {
3479 /* correctly formed address option */
3480 ifidcount++;
3481 continue;
3482 }
3483 if (debug)
a0a36cfd 3484 log(-1, " [invalid]");
984263bc
MD		 3485 break;
3486#ifdef notyet
3487 case IPV6CP_OPT_COMPRESSION:
3488 if (len >= 4 && p[1] >= 4) {
3489 /* correctly formed compress option */
3490 continue;
3491 }
3492 if (debug)
a0a36cfd 3493 log(-1, " [invalid]");
984263bc
MD		 3494 break;
3495#endif
3496 default:
3497 /* Others not supported. */
3498 if (debug)
a0a36cfd 3499 log(-1, " [rej]");
984263bc
MD		 3500 break;
3501 }
3502 /* Add the option to rejected list. */
3503 bcopy (p, r, p[1]);
3504 r += p[1];
3505 rlen += p[1];
3506 }
3507 if (rlen) {
3508 if (debug)
a0a36cfd 3509 log(-1, " send conf-rej\n");
984263bc
MD		 3510 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf);
3511 goto end;
3512 } else if (debug)
a0a36cfd 3513 log(-1, "\n");
984263bc
MD		 3514
3515 /* pass 2: parse option values */
3516 sppp_get_ip6_addrs(sp, &myaddr, 0, 0);
3517 if (debug)
3518 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ",
3519 SPP_ARGS(ifp));
3520 p = (void*) (h+1);
3521 len = origlen;
3522 type = CONF_ACK;
3523 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
3524 if (debug)
a0a36cfd 3525 log(-1, " %s", sppp_ipv6cp_opt_name(*p));
984263bc
MD		 3526 switch (*p) {
3527#ifdef notyet
3528 case IPV6CP_OPT_COMPRESSION:
3529 continue;
3530#endif
3531 case IPV6CP_OPT_IFID:
3532 bzero(&desiredaddr, sizeof(desiredaddr));
3533 bcopy(&p[2], &desiredaddr.s6_addr[8], 8);
3534 collision = (bcmp(&desiredaddr.s6_addr[8],
3535 &myaddr.s6_addr[8], 8) == 0);
3536 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr);
3537
3538 desiredaddr.s6_addr16[0] = htons(0xfe80);
3539 desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index);
3540
3541 if (!collision && !nohisaddr) {
3542 /* no collision, hisaddr known - Conf-Ack */
3543 type = CONF_ACK;
3544
3545 if (debug) {
a0a36cfd 3546 log(-1, " %s [%s]",
984263bc
MD		 3547 ip6_sprintf(&desiredaddr),
3548 sppp_cp_type_name(type));
3549 }
3550 continue;
3551 }
3552
8075c3b8 3553 bzero(&suggestaddr, sizeof(suggestaddr));
984263bc
MD		 3554 if (collision && nohisaddr) {
3555 /* collision, hisaddr unknown - Conf-Rej */
3556 type = CONF_REJ;
3557 bzero(&p[2], 8);
3558 } else {
3559 /*
3560 * - no collision, hisaddr unknown, or
3561 * - collision, hisaddr known
3562 * Conf-Nak, suggest hisaddr
3563 */
3564 type = CONF_NAK;
3565 sppp_suggest_ip6_addr(sp, &suggestaddr);
3566 bcopy(&suggestaddr.s6_addr[8], &p[2], 8);
3567 }
3568 if (debug)
a0a36cfd 3569 log(-1, " %s [%s]", ip6_sprintf(&desiredaddr),
984263bc
MD		 3570 sppp_cp_type_name(type));
3571 break;
3572 }
3573 /* Add the option to nak'ed list. */
3574 bcopy (p, r, p[1]);
3575 r += p[1];
3576 rlen += p[1];
3577 }
3578
3579 if (rlen == 0 && type == CONF_ACK) {
3580 if (debug)
a0a36cfd 3581 log(-1, " send %s\n", sppp_cp_type_name(type));
984263bc
MD		 3582 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1);
3583 } else {
3584#ifdef DIAGNOSTIC
3585 if (type == CONF_ACK)
3586 panic("IPv6CP RCR: CONF_ACK with non-zero rlen");
3587#endif
3588
3589 if (debug) {
a0a36cfd 3590 log(-1, " send %s suggest %s\n",
984263bc
MD		 3591 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr));
3592 }
3593 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf);
3594 }
3595
3596 end:
efda3bd0 3597 kfree (buf, M_TEMP);
984263bc 3598 return (rlen == 0);
4a4748de
JS		 3599
3600drop:
efda3bd0 3601 kfree(buf, M_TEMP);
4a4748de 3602 return (-1);
984263bc
MD		 3603}
3604
3605/*
3606 * Analyze the IPv6CP Configure-Reject option list, and adjust our
3607 * negotiation.
3608 */
3609static void
3610sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
3611{
3612 u_char *buf, *p;
3613 struct ifnet *ifp = &sp->pp_if;
3614 int debug = ifp->if_flags & IFF_DEBUG;
3615
3616 len -= 4;
efda3bd0 3617 buf = kmalloc (len, M_TEMP, M_INTWAIT);
984263bc
MD		 3618
3619 if (debug)
3620 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:",
3621 SPP_ARGS(ifp));
3622
3623 p = (void*) (h+1);
3624 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
4a4748de
JS		 3625 if (p[1] > len) {
3626 /* XXX just RXJ? */
a0a36cfd 3627 log(-1, "%s: received malicious IPCPv6 option, "
4a4748de
JS		 3628 "dropping\n", ifp->if_xname);
3629 goto drop;
3630 }
984263bc 3631 if (debug)
a0a36cfd 3632 log(-1, " %s", sppp_ipv6cp_opt_name(*p));
984263bc
MD		 3633 switch (*p) {
3634 case IPV6CP_OPT_IFID:
3635 /*
3636 * Peer doesn't grok address option. This is
3637 * bad. XXX Should we better give up here?
3638 */
3639 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID);
3640 break;
3641#ifdef notyet
3642 case IPV6CP_OPT_COMPRESS:
3643 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS);
3644 break;
3645#endif
3646 }
3647 }
3648 if (debug)
a0a36cfd 3649 log(-1, "\n");
4a4748de 3650drop:
efda3bd0 3651 kfree (buf, M_TEMP);
984263bc
MD		 3652 return;
3653}
3654
3655/*
3656 * Analyze the IPv6CP Configure-NAK option list, and adjust our
3657 * negotiation.
3658 */
3659static void
3660sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
3661{
3662 u_char *buf, *p;
3663 struct ifnet *ifp = &sp->pp_if;
3664 int debug = ifp->if_flags & IFF_DEBUG;
3665 struct in6_addr suggestaddr;
3666
3667 len -= 4;
efda3bd0 3668 buf = kmalloc (len, M_TEMP, M_INTWAIT);
984263bc
MD		 3669
3670 if (debug)
3671 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:",
3672 SPP_ARGS(ifp));
3673
3674 p = (void*) (h+1);
3675 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
4a4748de
JS		 3676 if (p[1] > len) {
3677 /* XXX just RXJ? */
a0a36cfd 3678 log(-1, "%s: received malicious IPCPv6 option, "
4a4748de
JS		 3679 "dropping\n", ifp->if_xname);
3680 goto drop;
3681 }
984263bc 3682 if (debug)
a0a36cfd 3683 log(-1, " %s", sppp_ipv6cp_opt_name(*p));
984263bc
MD		 3684 switch (*p) {
3685 case IPV6CP_OPT_IFID:
3686 /*
3687 * Peer doesn't like our local ifid. See
3688 * if we can do something for him. We'll drop
3689 * him our address then.
3690 */
3691 if (len < 10 || p[1] != 10)
3692 break;
3693 bzero(&suggestaddr, sizeof(suggestaddr));
3694 suggestaddr.s6_addr16[0] = htons(0xfe80);
3695 suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index);
3696 bcopy(&p[2], &suggestaddr.s6_addr[8], 8);
3697
3698 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID);
3699 if (debug)
a0a36cfd 3700 log(-1, " [suggestaddr %s]",
984263bc
MD		 3701 ip6_sprintf(&suggestaddr));
3702#ifdef IPV6CP_MYIFID_DYN
3703 /*
3704 * When doing dynamic address assignment,
3705 * we accept his offer.
3706 */
3707 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) {
3708 struct in6_addr lastsuggest;
3709 /*
3710 * If <suggested myaddr from peer> equals to
3711 * <hisaddr we have suggested last time>,
3712 * we have a collision. generate new random
3713 * ifid.
3714 */
3715 sppp_suggest_ip6_addr(&lastsuggest);
3716 if (IN6_ARE_ADDR_EQUAL(&suggestaddr,
3717 lastsuggest)) {
3718 if (debug)
a0a36cfd 3719 log(-1, " [random]");
984263bc
MD		 3720 sppp_gen_ip6_addr(sp, &suggestaddr);
3721 }