2 * Synchronous PPP/Cisco link level subroutines.
3 * Keepalive protocol implemented in both Cisco and PPP modes.
5 * Copyright (C) 1994-1996 Cronyx Engineering Ltd.
6 * Author: Serge Vakulenko, <vak@cronyx.ru>
8 * Heavily revamped to conform to RFC 1661.
9 * Copyright (C) 1997, 2001 Joerg Wunsch.
11 * This software is distributed with NO WARRANTIES, not even the implied
12 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
14 * Authors grant any other persons or organisations permission to use
15 * or modify this software as long as this message is kept with the software,
16 * all derivative works or modified versions.
18 * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997
20 * $FreeBSD: src/sys/net/if_spppsubr.c,v 1.59.2.13 2002/07/03 15:44:41 joerg Exp $
21 * $DragonFly: src/sys/net/sppp/if_spppsubr.c,v 1.33 2008/04/20 13:44:25 swildner Exp $
24 #include <sys/param.h>
26 #if defined(__DragonFly__)
28 #include "opt_inet6.h"
34 # include "opt_inet.h"
35 # include "opt_inet6.h"
40 #include <sys/systm.h>
41 #include <sys/kernel.h>
42 #include <sys/module.h>
43 #include <sys/sockio.h>
44 #include <sys/socket.h>
45 #include <sys/syslog.h>
46 #if defined(__DragonFly__)
47 #include <sys/random.h>
48 #include <sys/thread2.h>
50 #include <sys/malloc.h>
53 #if defined (__OpenBSD__)
60 #include <net/ifq_var.h>
61 #include <net/netisr.h>
62 #include <net/if_types.h>
63 #include <net/route.h>
64 #include <netinet/in.h>
65 #include <netinet/in_systm.h>
66 #include <netinet/ip.h>
67 #include <net/slcompress.h>
69 #if defined (__NetBSD__) || defined (__OpenBSD__)
70 #include <machine/cpu.h> /* XXX for softnet */
73 #include <machine/stdarg.h>
75 #include <netinet/in.h>
76 #include <netinet/in_systm.h>
77 #include <netinet/in_var.h>
80 #include <netinet/ip.h>
81 #include <netinet/tcp.h>
84 #if defined (__DragonFly__) || defined (__OpenBSD__)
85 # include <netinet/if_ether.h>
87 # include <net/ethertypes.h>
91 #include <netproto/ipx/ipx.h>
92 #include <netproto/ipx/ipx_if.h>
97 #include <netns/ns_if.h>
102 #define IOCTL_CMD_T u_long
103 #define MAXALIVECNT 3 /* max. alive packets */
106 * Interface flags that can be set in an ifconfig command.
108 * Setting link0 will make the link passive, i.e. it will be marked
109 * as being administrative openable, but won't be opened to begin
110 * with. Incoming calls will be answered, or subsequent calls with
111 * -link1 will cause the administrative open of the LCP layer.
113 * Setting link1 will cause the link to auto-dial only as packets
116 * Setting IFF_DEBUG will syslog the option negotiation and state
117 * transitions at level kern.debug. Note: all logs consistently look
120 * <if-name><unit>: <proto-name> <additional info...>
122 * with <if-name><unit> being something like "bppp0", and <proto-name>
123 * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc.
126 #define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */
127 #define IFF_AUTO IFF_LINK1 /* auto-dial on output */
128 #define IFF_CISCO IFF_LINK2 /* auto-dial on output */
130 #define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */
131 #define PPP_UI 0x03 /* Unnumbered Information */
132 #define PPP_IP 0x0021 /* Internet Protocol */
133 #define PPP_ISO 0x0023 /* ISO OSI Protocol */
134 #define PPP_XNS 0x0025 /* Xerox NS Protocol */
135 #define PPP_IPX 0x002b /* Novell IPX Protocol */
136 #define PPP_VJ_COMP 0x002d /* VJ compressed TCP/IP */
137 #define PPP_VJ_UCOMP 0x002f /* VJ uncompressed TCP/IP */
138 #define PPP_IPV6 0x0057 /* Internet Protocol Version 6 */
139 #define PPP_LCP 0xc021 /* Link Control Protocol */
140 #define PPP_PAP 0xc023 /* Password Authentication Protocol */
141 #define PPP_CHAP 0xc223 /* Challenge-Handshake Auth Protocol */
142 #define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */
143 #define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */
145 #define CONF_REQ 1 /* PPP configure request */
146 #define CONF_ACK 2 /* PPP configure acknowledge */
147 #define CONF_NAK 3 /* PPP configure negative ack */
148 #define CONF_REJ 4 /* PPP configure reject */
149 #define TERM_REQ 5 /* PPP terminate request */
150 #define TERM_ACK 6 /* PPP terminate acknowledge */
151 #define CODE_REJ 7 /* PPP code reject */
152 #define PROTO_REJ 8 /* PPP protocol reject */
153 #define ECHO_REQ 9 /* PPP echo request */
154 #define ECHO_REPLY 10 /* PPP echo reply */
155 #define DISC_REQ 11 /* PPP discard request */
157 #define LCP_OPT_MRU 1 /* maximum receive unit */
158 #define LCP_OPT_ASYNC_MAP 2 /* async control character map */
159 #define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */
160 #define LCP_OPT_QUAL_PROTO 4 /* quality protocol */
161 #define LCP_OPT_MAGIC 5 /* magic number */
162 #define LCP_OPT_RESERVED 6 /* reserved */
163 #define LCP_OPT_PROTO_COMP 7 /* protocol field compression */
164 #define LCP_OPT_ADDR_COMP 8 /* address/control field compression */
166 #define IPCP_OPT_ADDRESSES 1 /* both IP addresses; deprecated */
167 #define IPCP_OPT_COMPRESSION 2 /* IP compression protocol (VJ) */
168 #define IPCP_OPT_ADDRESS 3 /* local IP address */
170 #define IPV6CP_OPT_IFID 1 /* interface identifier */
171 #define IPV6CP_OPT_COMPRESSION 2 /* IPv6 compression protocol */
173 #define IPCP_COMP_VJ 0x2d /* Code for VJ compression */
175 #define PAP_REQ 1 /* PAP name/password request */
176 #define PAP_ACK 2 /* PAP acknowledge */
177 #define PAP_NAK 3 /* PAP fail */
179 #define CHAP_CHALLENGE 1 /* CHAP challenge request */
180 #define CHAP_RESPONSE 2 /* CHAP challenge response */
181 #define CHAP_SUCCESS 3 /* CHAP response ok */
182 #define CHAP_FAILURE 4 /* CHAP response failed */
184 #define CHAP_MD5 5 /* hash algorithm - MD5 */
186 #define CISCO_MULTICAST 0x8f /* Cisco multicast address */
187 #define CISCO_UNICAST 0x0f /* Cisco unicast address */
188 #define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */
189 #define CISCO_ADDR_REQ 0 /* Cisco address request */
190 #define CISCO_ADDR_REPLY 1 /* Cisco address reply */
191 #define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */
193 /* states are named and numbered according to RFC 1661 */
194 #define STATE_INITIAL 0
195 #define STATE_STARTING 1
196 #define STATE_CLOSED 2
197 #define STATE_STOPPED 3
198 #define STATE_CLOSING 4
199 #define STATE_STOPPING 5
200 #define STATE_REQ_SENT 6
201 #define STATE_ACK_RCVD 7
202 #define STATE_ACK_SENT 8
203 #define STATE_OPENED 9
209 } __attribute__((__packed__));
210 #define PPP_HEADER_LEN sizeof (struct ppp_header)
216 } __attribute__((__packed__));
217 #define LCP_HEADER_LEN sizeof (struct lcp_header)
219 struct cisco_packet {
226 } __attribute__((__packed__));
227 #define CISCO_PACKET_LEN sizeof (struct cisco_packet)
230 * We follow the spelling and capitalization of RFC 1661 here, to make
231 * it easier comparing with the standard. Please refer to this RFC in
232 * case you can't make sense out of these abbreviation; it will also
233 * explain the semantics related to the various events and actions.
236 u_short proto; /* PPP control protocol number */
237 u_char protoidx; /* index into state table in struct sppp */
239 #define CP_LCP 0x01 /* this is the LCP */
240 #define CP_AUTH 0x02 /* this is an authentication protocol */
241 #define CP_NCP 0x04 /* this is a NCP */
242 #define CP_QUAL 0x08 /* this is a quality reporting protocol */
243 const char *name; /* name of this control protocol */
245 void (*Up)(struct sppp *sp);
246 void (*Down)(struct sppp *sp);
247 void (*Open)(struct sppp *sp);
248 void (*Close)(struct sppp *sp);
249 void (*TO)(void *sp);
250 int (*RCR)(struct sppp *sp, struct lcp_header *h, int len);
251 void (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len);
252 void (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len);
254 void (*tlu)(struct sppp *sp);
255 void (*tld)(struct sppp *sp);
256 void (*tls)(struct sppp *sp);
257 void (*tlf)(struct sppp *sp);
258 void (*scr)(struct sppp *sp);
261 static struct sppp *spppq;
262 #if defined(__DragonFly__)
263 static struct callout keepalive_timeout;
266 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 && !defined(__DragonFly__)
267 #define SPP_FMT "%s%d: "
268 #define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit
270 #define SPP_FMT "%s: "
271 #define SPP_ARGS(ifp) (ifp)->if_xname
276 * The following disgusting hack gets around the problem that IP TOS
277 * can't be set yet. We want to put "interactive" traffic on a high
278 * priority queue. To decide if traffic is interactive, we check that
279 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control.
281 * XXX is this really still necessary? - joerg -
283 static u_short interactive_ports[8] = {
287 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p))
290 /* almost every function needs these */
292 struct ifnet *ifp = &sp->pp_if; \
293 int debug = ifp->if_flags & IFF_DEBUG
295 static int sppp_output(struct ifnet *ifp, struct mbuf *m,
296 struct sockaddr *dst, struct rtentry *rt);
298 static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2);
299 static void sppp_cisco_input(struct sppp *sp, struct mbuf *m);
301 static void sppp_cp_input(const struct cp *cp, struct sppp *sp,
303 static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
304 u_char ident, u_short len, void *data);
305 /* static void sppp_cp_timeout(void *arg); */
306 static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp,
308 static void sppp_auth_send(const struct cp *cp,
309 struct sppp *sp, unsigned int type, unsigned int id,
312 static void sppp_up_event(const struct cp *cp, struct sppp *sp);
313 static void sppp_down_event(const struct cp *cp, struct sppp *sp);
314 static void sppp_open_event(const struct cp *cp, struct sppp *sp);
315 static void sppp_close_event(const struct cp *cp, struct sppp *sp);
316 static void sppp_to_event(const struct cp *cp, struct sppp *sp);
318 static void sppp_null(struct sppp *sp);
320 static void sppp_lcp_init(struct sppp *sp);
321 static void sppp_lcp_up(struct sppp *sp);
322 static void sppp_lcp_down(struct sppp *sp);
323 static void sppp_lcp_open(struct sppp *sp);
324 static void sppp_lcp_close(struct sppp *sp);
325 static void sppp_lcp_TO(void *sp);
326 static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
327 static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
328 static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
329 static void sppp_lcp_tlu(struct sppp *sp);
330 static void sppp_lcp_tld(struct sppp *sp);
331 static void sppp_lcp_tls(struct sppp *sp);
332 static void sppp_lcp_tlf(struct sppp *sp);
333 static void sppp_lcp_scr(struct sppp *sp);
334 static void sppp_lcp_check_and_close(struct sppp *sp);
335 static int sppp_ncp_check(struct sppp *sp);
337 static void sppp_ipcp_init(struct sppp *sp);
338 static void sppp_ipcp_up(struct sppp *sp);
339 static void sppp_ipcp_down(struct sppp *sp);
340 static void sppp_ipcp_open(struct sppp *sp);
341 static void sppp_ipcp_close(struct sppp *sp);
342 static void sppp_ipcp_TO(void *sp);
343 static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
344 static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
345 static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
346 static void sppp_ipcp_tlu(struct sppp *sp);
347 static void sppp_ipcp_tld(struct sppp *sp);
348 static void sppp_ipcp_tls(struct sppp *sp);
349 static void sppp_ipcp_tlf(struct sppp *sp);
350 static void sppp_ipcp_scr(struct sppp *sp);
352 static void sppp_ipv6cp_init(struct sppp *sp);
353 static void sppp_ipv6cp_up(struct sppp *sp);
354 static void sppp_ipv6cp_down(struct sppp *sp);
355 static void sppp_ipv6cp_open(struct sppp *sp);
356 static void sppp_ipv6cp_close(struct sppp *sp);
357 static void sppp_ipv6cp_TO(void *sp);
358 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len);
359 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
360 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
361 static void sppp_ipv6cp_tlu(struct sppp *sp);
362 static void sppp_ipv6cp_tld(struct sppp *sp);
363 static void sppp_ipv6cp_tls(struct sppp *sp);
364 static void sppp_ipv6cp_tlf(struct sppp *sp);
365 static void sppp_ipv6cp_scr(struct sppp *sp);
367 static void sppp_pap_input(struct sppp *sp, struct mbuf *m);
368 static void sppp_pap_init(struct sppp *sp);
369 static void sppp_pap_open(struct sppp *sp);
370 static void sppp_pap_close(struct sppp *sp);
371 static void sppp_pap_TO(void *sp);
372 static void sppp_pap_my_TO(void *sp);
373 static void sppp_pap_tlu(struct sppp *sp);
374 static void sppp_pap_tld(struct sppp *sp);
375 static void sppp_pap_scr(struct sppp *sp);
377 static void sppp_chap_input(struct sppp *sp, struct mbuf *m);
378 static void sppp_chap_init(struct sppp *sp);
379 static void sppp_chap_open(struct sppp *sp);
380 static void sppp_chap_close(struct sppp *sp);
381 static void sppp_chap_TO(void *sp);
382 static void sppp_chap_tlu(struct sppp *sp);
383 static void sppp_chap_tld(struct sppp *sp);
384 static void sppp_chap_scr(struct sppp *sp);
386 static const char *sppp_auth_type_name(u_short proto, u_char type);
387 static const char *sppp_cp_type_name(u_char type);
388 static const char *sppp_dotted_quad(u_long addr);
389 static const char *sppp_ipcp_opt_name(u_char opt);
391 static const char *sppp_ipv6cp_opt_name(u_char opt);
393 static const char *sppp_lcp_opt_name(u_char opt);
394 static const char *sppp_phase_name(enum ppp_phase phase);
395 static const char *sppp_proto_name(u_short proto);
396 static const char *sppp_state_name(int state);
397 static int sppp_params(struct sppp *sp, u_long cmd, void *data);
398 static int sppp_strnlen(u_char *p, int max);
399 static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst,
401 static void sppp_keepalive(void *dummy);
402 static void sppp_phase_network(struct sppp *sp);
403 static void sppp_print_bytes(const u_char *p, u_short len);
404 static void sppp_print_string(const char *p, u_short len);
405 static void sppp_set_ip_addr(struct sppp *sp, u_long src);
407 static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src,
408 struct in6_addr *dst, struct in6_addr *srcmask);
409 #ifdef IPV6CP_MYIFID_DYN
410 static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src);
411 static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src);
413 static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src);
416 /* our control protocol descriptors */
417 static const struct cp lcp = {
418 PPP_LCP, IDX_LCP, CP_LCP, "lcp",
419 sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close,
420 sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak,
421 sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf,
425 static const struct cp ipcp = {
426 PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp",
427 sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close,
428 sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak,
429 sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf,
433 static const struct cp ipv6cp = {
434 PPP_IPV6CP, IDX_IPV6CP,
435 #ifdef INET6 /*don't run IPv6CP if there's no IPv6 support*/
441 sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close,
442 sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak,
443 sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf,
447 static const struct cp pap = {
448 PPP_PAP, IDX_PAP, CP_AUTH, "pap",
449 sppp_null, sppp_null, sppp_pap_open, sppp_pap_close,
450 sppp_pap_TO, 0, 0, 0,
451 sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null,
455 static const struct cp chap = {
456 PPP_CHAP, IDX_CHAP, CP_AUTH, "chap",
457 sppp_null, sppp_null, sppp_chap_open, sppp_chap_close,
458 sppp_chap_TO, 0, 0, 0,
459 sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null,
463 static const struct cp *cps[IDX_COUNT] = {
465 &ipcp, /* IDX_IPCP */
466 &ipv6cp, /* IDX_IPV6CP */
468 &chap, /* IDX_CHAP */
472 sppp_modevent(module_t mod, int type, void *unused)
485 static moduledata_t spppmod = {
490 MODULE_VERSION(sppp, 1);
491 DECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY);
494 * Exported functions, comprising our interface to the lower layer.
498 * Process the received packet.
501 sppp_input(struct ifnet *ifp, struct mbuf *m)
503 struct ppp_header *h;
505 struct sppp *sp = (struct sppp *)ifp;
507 int hlen, vjlen, do_account = 0;
508 int debug = ifp->if_flags & IFF_DEBUG;
510 if (ifp->if_flags & IFF_UP)
511 /* Count received bytes, add FCS and one flag */
512 ifp->if_ibytes += m->m_pkthdr.len + 3;
514 if (m->m_pkthdr.len <= PPP_HEADER_LEN) {
515 /* Too small packet, drop it. */
518 SPP_FMT "input packet is too small, %d bytes\n",
519 SPP_ARGS(ifp), m->m_pkthdr.len);
528 /* Get PPP header. */
529 h = mtod (m, struct ppp_header*);
530 m_adj (m, PPP_HEADER_LEN);
532 switch (h->address) {
533 case PPP_ALLSTATIONS:
534 if (h->control != PPP_UI)
536 if (sp->pp_mode == IFF_CISCO) {
539 SPP_FMT "PPP packet in Cisco mode "
540 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
542 h->address, h->control, ntohs(h->protocol));
545 switch (ntohs (h->protocol)) {
549 SPP_FMT "rejecting protocol "
550 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
552 h->address, h->control, ntohs(h->protocol));
553 if (sp->state[IDX_LCP] == STATE_OPENED)
554 sppp_cp_send (sp, PPP_LCP, PROTO_REJ,
555 ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2,
560 sppp_cp_input(&lcp, sp, m);
564 if (sp->pp_phase >= PHASE_AUTHENTICATE)
565 sppp_pap_input(sp, m);
569 if (sp->pp_phase >= PHASE_AUTHENTICATE)
570 sppp_chap_input(sp, m);
575 if (sp->pp_phase == PHASE_NETWORK)
576 sppp_cp_input(&ipcp, sp, m);
580 if (sp->state[IDX_IPCP] == STATE_OPENED) {
586 if (sp->state[IDX_IPCP] == STATE_OPENED) {
588 sl_uncompress_tcp_core(mtod(m, u_char *),
592 &iphdr, &hlen)) <= 0) {
595 SPP_FMT "VJ uncompress failed on compressed packet\n",
601 * Trim the VJ header off the packet, and prepend
602 * the uncompressed IP header (which will usually
603 * end up in two chained mbufs since there's not
604 * enough leading space in the existing mbuf).
607 M_PREPEND(m, hlen, MB_DONTWAIT);
610 bcopy(iphdr, mtod(m, u_char *), hlen);
617 if (sp->state[IDX_IPCP] == STATE_OPENED) {
618 if (sl_uncompress_tcp_core(mtod(m, u_char *),
620 TYPE_UNCOMPRESSED_TCP,
622 &iphdr, &hlen) != 0) {
625 SPP_FMT "VJ uncompress failed on uncompressed packet\n",
636 if (sp->pp_phase == PHASE_NETWORK)
637 sppp_cp_input(&ipv6cp, sp, m);
642 if (sp->state[IDX_IPV6CP] == STATE_OPENED) {
650 /* IPX IPXCP not implemented yet */
651 if (sp->pp_phase == PHASE_NETWORK) {
659 /* XNS IDPCP not implemented yet */
660 if (sp->pp_phase == PHASE_NETWORK) {
668 case CISCO_MULTICAST:
670 /* Don't check the control field here (RFC 1547). */
671 if (sp->pp_mode != IFF_CISCO) {
674 SPP_FMT "Cisco packet in PPP mode "
675 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
677 h->address, h->control, ntohs(h->protocol));
680 switch (ntohs (h->protocol)) {
684 case CISCO_KEEPALIVE:
685 sppp_cisco_input ((struct sppp*) ifp, m);
714 default: /* Invalid PPP packet. */
718 SPP_FMT "invalid input packet "
719 "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
721 h->address, h->control, ntohs(h->protocol));
725 if (! (ifp->if_flags & IFF_UP) || isr < 0)
730 netisr_dispatch(isr, m);
733 * Do only account for network packets, not for control
734 * packets. This is used by some subsystems to detect
737 sp->pp_last_recv = time_second;
741 * Enqueue transmit packet.
744 sppp_output(struct ifnet *ifp, struct mbuf *m,
745 struct sockaddr *dst, struct rtentry *rt)
747 struct sppp *sp = (struct sppp*) ifp;
748 struct ppp_header *h;
749 struct ifqueue *ifq = NULL;
751 int ipproto = PPP_IP;
752 int debug = ifp->if_flags & IFF_DEBUG;
753 struct altq_pktattr pktattr;
757 if ((ifp->if_flags & IFF_UP) == 0 ||
758 (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) {
767 if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) {
772 * Hack to prevent the initialization-time generated
773 * IPv6 multicast packet to erroneously cause a
774 * dialout event in case IPv6 has been
775 * administratively disabled on that interface.
777 if (dst->sa_family == AF_INET6 &&
778 !(sp->confflags & CONF_ENABLE_IPV6))
782 * Interface is not yet running, but auto-dial. Need
783 * to start LCP for it.
785 ifp->if_flags |= IFF_RUNNING;
792 * if the queueing discipline needs packet classification,
793 * do it before prepending link headers.
795 ifq_classify(&ifp->if_snd, m, dst->sa_family, &pktattr);
798 if (dst->sa_family == AF_INET) {
799 /* XXX Check mbuf length here? */
800 struct ip *ip = mtod (m, struct ip*);
801 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl);
804 * When using dynamic local IP address assignment by using
805 * 0.0.0.0 as a local address, the first TCP session will
806 * not connect because the local TCP checksum is computed
807 * using 0.0.0.0 which will later become our real IP address
808 * so the TCP checksum computed at the remote end will
809 * become invalid. So we
810 * - don't let packets with src ip addr 0 thru
811 * - we flag TCP packets with src ip 0 as an error
814 if(ip->ip_src.s_addr == INADDR_ANY) /* -hm */
818 if(ip->ip_p == IPPROTO_TCP)
819 return(EADDRNOTAVAIL);
825 * Put low delay, telnet, rlogin and ftp control packets
826 * in front of the queue.
828 if (IF_QFULL (&sp->pp_fastq))
830 else if (ip->ip_tos & IPTOS_LOWDELAY)
832 else if (m->m_len < sizeof *ip + sizeof *tcp)
834 else if (ip->ip_p != IPPROTO_TCP)
836 else if (INTERACTIVE (ntohs (tcp->th_sport)))
838 else if (INTERACTIVE (ntohs (tcp->th_dport)))
842 * Do IP Header compression
844 if (sp->pp_mode != IFF_CISCO && (sp->ipcp.flags & IPCP_VJ) &&
845 ip->ip_p == IPPROTO_TCP)
846 switch (sl_compress_tcp(m, ip, sp->pp_comp,
847 sp->ipcp.compress_cid)) {
848 case TYPE_COMPRESSED_TCP:
849 ipproto = PPP_VJ_COMP;
851 case TYPE_UNCOMPRESSED_TCP:
852 ipproto = PPP_VJ_UCOMP;
866 if (dst->sa_family == AF_INET6) {
867 /* XXX do something tricky here? */
872 * Prepend general data packet PPP header. For now, IP only.
874 M_PREPEND (m, PPP_HEADER_LEN, MB_DONTWAIT);
877 log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n",
884 * May want to check size of packet
885 * (albeit due to the implementation it's always enough)
887 h = mtod (m, struct ppp_header*);
888 if (sp->pp_mode == IFF_CISCO) {
889 h->address = CISCO_UNICAST; /* unicast address */
892 h->address = PPP_ALLSTATIONS; /* broadcast address */
893 h->control = PPP_UI; /* Unnumbered Info */
896 switch (dst->sa_family) {
898 case AF_INET: /* Internet Protocol */
899 if (sp->pp_mode == IFF_CISCO)
900 h->protocol = htons (ETHERTYPE_IP);
903 * Don't choke with an ENETDOWN early. It's
904 * possible that we just started dialing out,
905 * so don't drop the packet immediately. If
906 * we notice that we run out of buffer space
907 * below, we will however remember that we are
908 * not ready to carry IP packets, and return
909 * ENETDOWN, as opposed to ENOBUFS.
911 h->protocol = htons(ipproto);
912 if (sp->state[IDX_IPCP] != STATE_OPENED)
918 case AF_INET6: /* Internet Protocol */
919 if (sp->pp_mode == IFF_CISCO)
920 h->protocol = htons (ETHERTYPE_IPV6);
923 * Don't choke with an ENETDOWN early. It's
924 * possible that we just started dialing out,
925 * so don't drop the packet immediately. If
926 * we notice that we run out of buffer space
927 * below, we will however remember that we are
928 * not ready to carry IP packets, and return
929 * ENETDOWN, as opposed to ENOBUFS.
931 h->protocol = htons(PPP_IPV6);
932 if (sp->state[IDX_IPV6CP] != STATE_OPENED)
938 case AF_NS: /* Xerox NS Protocol */
939 h->protocol = htons (sp->pp_mode == IFF_CISCO ?
940 ETHERTYPE_NS : PPP_XNS);
944 case AF_IPX: /* Novell IPX Protocol */
945 h->protocol = htons (sp->pp_mode == IFF_CISCO ?
946 ETHERTYPE_IPX : PPP_IPX);
953 return (EAFNOSUPPORT);
957 * Queue message on interface, and start output if interface
971 rv = ifq_enqueue(&ifp->if_snd, m, &pktattr);
978 if (! (ifp->if_flags & IFF_OACTIVE))
979 (*ifp->if_start) (ifp);
982 * Count output packets and bytes.
983 * The packet length includes header, FCS and 1 flag,
984 * according to RFC 1333.
986 ifp->if_obytes += m->m_pkthdr.len + 3;
989 * Unlike in sppp_input(), we can always bump the timestamp
990 * here since sppp_output() is only called on behalf of
991 * network-layer traffic; control-layer traffic is handled
994 sp->pp_last_sent = time_second;
1001 sppp_attach(struct ifnet *ifp)
1003 struct sppp *sp = (struct sppp*) ifp;
1005 /* Initialize keepalive handler. */
1007 callout_reset(&keepalive_timeout, hz * 10,
1008 sppp_keepalive, NULL);
1010 /* Insert new entry into the keepalive list. */
1011 sp->pp_next = spppq;
1014 sp->pp_if.if_mtu = PP_MTU;
1015 sp->pp_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST;
1016 sp->pp_if.if_type = IFT_PPP;
1017 sp->pp_if.if_output = sppp_output;
1019 sp->pp_flags = PP_KEEPALIVE;
1021 sp->pp_if.if_snd.ifq_maxlen = 32;
1022 sp->pp_fastq.ifq_maxlen = 32;
1023 sp->pp_cpq.ifq_maxlen = 20;
1025 sp->pp_alivecnt = 0;
1026 bzero(&sp->pp_seq[0], sizeof(sp->pp_seq));
1027 bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq));
1028 sp->pp_phase = PHASE_DEAD;
1030 sp->pp_down = lcp.Down;
1031 sp->pp_last_recv = sp->pp_last_sent = time_second;
1034 sp->confflags |= CONF_ENABLE_VJ;
1037 sp->confflags |= CONF_ENABLE_IPV6;
1039 sp->pp_comp = kmalloc(sizeof(struct slcompress), M_TEMP, M_WAITOK);
1040 sl_compress_init(sp->pp_comp, -1);
1043 sppp_ipv6cp_init(sp);
1049 sppp_detach(struct ifnet *ifp)
1051 struct sppp **q, *p, *sp = (struct sppp*) ifp;
1054 /* Remove the entry from the keepalive list. */
1055 for (q = &spppq; (p = *q); q = &p->pp_next)
1061 /* Stop keepalive handler. */
1063 callout_stop(&keepalive_timeout);
1065 for (i = 0; i < IDX_COUNT; i++)
1066 callout_stop(&sp->timeout[i]);
1067 callout_stop(&sp->pap_my_to);
1071 * Flush the interface output queue.
1074 sppp_flush(struct ifnet *ifp)
1076 struct sppp *sp = (struct sppp*) ifp;
1078 ifq_purge(&sp->pp_if.if_snd);
1079 IF_DRAIN(&sp->pp_fastq);
1080 IF_DRAIN(&sp->pp_cpq);
1084 * Check if the output queue is empty.
1087 sppp_isempty(struct ifnet *ifp)
1089 struct sppp *sp = (struct sppp*) ifp;
1093 empty = IF_QEMPTY(&sp->pp_fastq) && IF_QEMPTY(&sp->pp_cpq) &&
1094 ifq_is_empty(&sp->pp_if.if_snd);
1100 * Get next packet to send.
1103 sppp_dequeue(struct ifnet *ifp)
1105 struct sppp *sp = (struct sppp*) ifp;
1111 * Process only the control protocol queue until we have at
1112 * least one NCP open.
1114 * Do always serve all three queues in Cisco mode.
1116 IF_DEQUEUE(&sp->pp_cpq, m);
1118 (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO)) {
1119 IF_DEQUEUE(&sp->pp_fastq, m);
1121 m = ifq_dequeue(&sp->pp_if.if_snd, NULL);
1129 * Pick the next packet, do not remove it from the queue.
1132 sppp_pick(struct ifnet *ifp)
1134 struct sppp *sp = (struct sppp*)ifp;
1139 m = sp->pp_cpq.ifq_head;
1141 (sp->pp_phase == PHASE_NETWORK || sp->pp_mode == IFF_CISCO)) {
1142 if ((m = sp->pp_fastq.ifq_head) == NULL)
1143 m = ifq_poll(&sp->pp_if.if_snd);
1151 * Process an ioctl request. Called on low priority level.
1154 sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data)
1156 struct ifreq *ifr = (struct ifreq*) data;
1157 struct sppp *sp = (struct sppp*) ifp;
1158 int rv, going_up, going_down, newmode;
1165 case SIOCSIFDSTADDR:
1169 /* set the interface "up" when assigning an IP address */
1170 ifp->if_flags |= IFF_UP;
1171 /* fall through... */
1174 going_up = ifp->if_flags & IFF_UP &&
1175 (ifp->if_flags & IFF_RUNNING) == 0;
1176 going_down = (ifp->if_flags & IFF_UP) == 0 &&
1177 ifp->if_flags & IFF_RUNNING;
1179 newmode = ifp->if_flags & IFF_PASSIVE;
1181 newmode = ifp->if_flags & IFF_AUTO;
1183 newmode = ifp->if_flags & IFF_CISCO;
1184 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO);
1185 ifp->if_flags |= newmode;
1187 if (newmode != sp->pp_mode) {
1190 going_up = ifp->if_flags & IFF_RUNNING;
1194 if (sp->pp_mode != IFF_CISCO)
1196 else if (sp->pp_tlf)
1199 ifp->if_flags &= ~IFF_RUNNING;
1200 sp->pp_mode = newmode;
1204 if (sp->pp_mode != IFF_CISCO)
1206 sp->pp_mode = newmode;
1207 if (sp->pp_mode == 0) {
1208 ifp->if_flags |= IFF_RUNNING;
1211 if (sp->pp_mode == IFF_CISCO) {
1214 ifp->if_flags |= IFF_RUNNING;
1222 #define ifr_mtu ifr_metric
1225 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru)
1227 ifp->if_mtu = ifr->ifr_mtu;
1232 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru)
1234 ifp->if_mtu = *(short*)data;
1239 ifr->ifr_mtu = ifp->if_mtu;
1244 *(short*)data = ifp->if_mtu;
1251 case SIOCGIFGENERIC:
1252 case SIOCSIFGENERIC:
1253 rv = sppp_params(sp, cmd, data);
1265 * Cisco framing implementation.
1269 * Handle incoming Cisco keepalive protocol packets.
1272 sppp_cisco_input(struct sppp *sp, struct mbuf *m)
1275 struct cisco_packet *h;
1278 if (m->m_pkthdr.len < CISCO_PACKET_LEN) {
1281 SPP_FMT "cisco invalid packet length: %d bytes\n",
1282 SPP_ARGS(ifp), m->m_pkthdr.len);
1285 h = mtod (m, struct cisco_packet*);
1288 SPP_FMT "cisco input: %d bytes "
1289 "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n",
1290 SPP_ARGS(ifp), m->m_pkthdr.len,
1291 (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel,
1292 (u_int)h->time0, (u_int)h->time1);
1293 switch (ntohl (h->type)) {
1296 log(-1, SPP_FMT "cisco unknown packet type: 0x%lx\n",
1297 SPP_ARGS(ifp), (u_long)ntohl (h->type));
1299 case CISCO_ADDR_REPLY:
1300 /* Reply on address request, ignore */
1302 case CISCO_KEEPALIVE_REQ:
1303 sp->pp_alivecnt = 0;
1304 sp->pp_rseq[IDX_LCP] = ntohl (h->par1);
1305 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) {
1306 /* Local and remote sequence numbers are equal.
1307 * Probably, the line is in loopback mode. */
1308 if (sp->pp_loopcnt >= MAXALIVECNT) {
1309 kprintf (SPP_FMT "loopback\n",
1312 if (ifp->if_flags & IFF_UP) {
1314 IF_DRAIN(&sp->pp_cpq);
1319 /* Generate new local sequence number */
1320 #if defined(__DragonFly__)
1321 sp->pp_seq[IDX_LCP] = krandom();
1323 sp->pp_seq[IDX_LCP] ^= time.tv_sec ^ time.tv_usec;
1328 if (! (ifp->if_flags & IFF_UP) &&
1329 (ifp->if_flags & IFF_RUNNING)) {
1331 kprintf (SPP_FMT "up\n", SPP_ARGS(ifp));
1334 case CISCO_ADDR_REQ:
1335 sppp_get_ip_addrs(sp, &me, 0, &mymask);
1337 sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask);
1343 * Send Cisco keepalive packet.
1346 sppp_cisco_send(struct sppp *sp, int type, long par1, long par2)
1349 struct ppp_header *h;
1350 struct cisco_packet *ch;
1352 #if defined(__DragonFly__)
1355 u_long t = (time.tv_sec - boottime.tv_sec) * 1000;
1358 #if defined(__DragonFly__)
1359 getmicrouptime(&tv);
1362 MGETHDR (m, MB_DONTWAIT, MT_DATA);
1365 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN;
1366 m->m_pkthdr.rcvif = 0;
1368 h = mtod (m, struct ppp_header*);
1369 h->address = CISCO_MULTICAST;
1371 h->protocol = htons (CISCO_KEEPALIVE);
1373 ch = (struct cisco_packet*) (h + 1);
1374 ch->type = htonl (type);
1375 ch->par1 = htonl (par1);
1376 ch->par2 = htonl (par2);
1379 #if defined(__DragonFly__)
1380 ch->time0 = htons ((u_short) (tv.tv_sec >> 16));
1381 ch->time1 = htons ((u_short) tv.tv_sec);
1383 ch->time0 = htons ((u_short) (t >> 16));
1384 ch->time1 = htons ((u_short) t);
1389 SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n",
1390 SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1,
1391 (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1);
1393 if (IF_QFULL (&sp->pp_cpq)) {
1394 IF_DROP (&sp->pp_fastq);
1395 IF_DROP (&ifp->if_snd);
1398 IF_ENQUEUE (&sp->pp_cpq, m);
1399 if (! (ifp->if_flags & IFF_OACTIVE))
1400 (*ifp->if_start) (ifp);
1401 ifp->if_obytes += m->m_pkthdr.len + 3;
1405 * PPP protocol implementation.
1409 * Send PPP control protocol packet.
1412 sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
1413 u_char ident, u_short len, void *data)
1416 struct ppp_header *h;
1417 struct lcp_header *lh;
1420 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN)
1421 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN;
1422 MGETHDR (m, MB_DONTWAIT, MT_DATA);
1425 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len;
1426 m->m_pkthdr.rcvif = 0;
1428 h = mtod (m, struct ppp_header*);
1429 h->address = PPP_ALLSTATIONS; /* broadcast address */
1430 h->control = PPP_UI; /* Unnumbered Info */
1431 h->protocol = htons (proto); /* Link Control Protocol */
1433 lh = (struct lcp_header*) (h + 1);
1436 lh->len = htons (LCP_HEADER_LEN + len);
1438 bcopy (data, lh+1, len);
1441 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d",
1443 sppp_proto_name(proto),
1444 sppp_cp_type_name (lh->type), lh->ident,
1446 sppp_print_bytes ((u_char*) (lh+1), len);
1449 if (IF_QFULL (&sp->pp_cpq)) {
1450 IF_DROP (&sp->pp_fastq);
1451 IF_DROP (&ifp->if_snd);
1455 IF_ENQUEUE (&sp->pp_cpq, m);
1456 if (! (ifp->if_flags & IFF_OACTIVE))
1457 (*ifp->if_start) (ifp);
1458 ifp->if_obytes += m->m_pkthdr.len + 3;
1462 * Handle incoming PPP control protocol packets.
1465 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m)
1468 struct lcp_header *h;
1469 int printlen, len = m->m_pkthdr.len;
1476 SPP_FMT "%s invalid packet length: %d bytes\n",
1477 SPP_ARGS(ifp), cp->name, len);
1480 h = mtod (m, struct lcp_header*);
1482 printlen = ntohs(h->len);
1484 SPP_FMT "%s input(%s): <%s id=0x%x len=%d",
1485 SPP_ARGS(ifp), cp->name,
1486 sppp_state_name(sp->state[cp->protoidx]),
1487 sppp_cp_type_name (h->type), h->ident, printlen);
1491 sppp_print_bytes ((u_char*) (h+1), printlen - 4);
1494 if (len > ntohs (h->len))
1495 len = ntohs (h->len);
1496 p = (u_char *)(h + 1);
1501 log(-1, SPP_FMT "%s invalid conf-req length %d\n",
1502 SPP_ARGS(ifp), cp->name,
1507 /* handle states where RCR doesn't get a SCA/SCN */
1508 switch (sp->state[cp->protoidx]) {
1510 case STATE_STOPPING:
1513 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident,
1517 rv = (cp->RCR)(sp, h, len);
1519 /* fatal error, shut down */
1524 switch (sp->state[cp->protoidx]) {
1528 /* fall through... */
1529 case STATE_ACK_SENT:
1530 case STATE_REQ_SENT:
1532 * sppp_cp_change_state() have the side effect of
1533 * restarting the timeouts. We want to avoid that
1534 * if the state don't change, otherwise we won't
1535 * ever timeout and resend a configuration request
1538 if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT:
1541 sppp_cp_change_state(cp, sp, rv?
1542 STATE_ACK_SENT: STATE_REQ_SENT);
1545 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1547 sppp_cp_change_state(cp, sp, rv?
1548 STATE_ACK_SENT: STATE_REQ_SENT);
1550 case STATE_ACK_RCVD:
1552 sppp_cp_change_state(cp, sp, STATE_OPENED);
1554 log(LOG_DEBUG, SPP_FMT "%s tlu\n",
1559 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1562 kprintf(SPP_FMT "%s illegal %s in state %s\n",
1563 SPP_ARGS(ifp), cp->name,
1564 sppp_cp_type_name(h->type),
1565 sppp_state_name(sp->state[cp->protoidx]));
1570 if (h->ident != sp->confid[cp->protoidx]) {
1572 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n",
1573 SPP_ARGS(ifp), cp->name,
1574 h->ident, sp->confid[cp->protoidx]);
1578 switch (sp->state[cp->protoidx]) {
1581 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1584 case STATE_STOPPING:
1586 case STATE_REQ_SENT:
1587 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1588 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1593 case STATE_ACK_RCVD:
1595 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1597 case STATE_ACK_SENT:
1598 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1599 sppp_cp_change_state(cp, sp, STATE_OPENED);
1601 log(LOG_DEBUG, SPP_FMT "%s tlu\n",
1602 SPP_ARGS(ifp), cp->name);
1606 kprintf(SPP_FMT "%s illegal %s in state %s\n",
1607 SPP_ARGS(ifp), cp->name,
1608 sppp_cp_type_name(h->type),
1609 sppp_state_name(sp->state[cp->protoidx]));
1615 if (h->ident != sp->confid[cp->protoidx]) {
1617 log(-1, SPP_FMT "%s id mismatch 0x%x != 0x%x\n",
1618 SPP_ARGS(ifp), cp->name,
1619 h->ident, sp->confid[cp->protoidx]);
1623 if (h->type == CONF_NAK)
1624 (cp->RCN_nak)(sp, h, len);
1626 (cp->RCN_rej)(sp, h, len);
1628 switch (sp->state[cp->protoidx]) {
1631 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1633 case STATE_REQ_SENT:
1634 case STATE_ACK_SENT:
1635 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1637 * Slow things down a bit if we think we might be
1638 * in loopback. Depend on the timeout to send the
1639 * next configuration request.
1648 case STATE_ACK_RCVD:
1649 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1653 case STATE_STOPPING:
1656 kprintf(SPP_FMT "%s illegal %s in state %s\n",
1657 SPP_ARGS(ifp), cp->name,
1658 sppp_cp_type_name(h->type),
1659 sppp_state_name(sp->state[cp->protoidx]));
1665 switch (sp->state[cp->protoidx]) {
1666 case STATE_ACK_RCVD:
1667 case STATE_ACK_SENT:
1668 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1673 case STATE_STOPPING:
1674 case STATE_REQ_SENT:
1676 /* Send Terminate-Ack packet. */
1678 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n",
1679 SPP_ARGS(ifp), cp->name);
1680 sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1684 sp->rst_counter[cp->protoidx] = 0;
1685 sppp_cp_change_state(cp, sp, STATE_STOPPING);
1689 kprintf(SPP_FMT "%s illegal %s in state %s\n",
1690 SPP_ARGS(ifp), cp->name,
1691 sppp_cp_type_name(h->type),
1692 sppp_state_name(sp->state[cp->protoidx]));
1697 switch (sp->state[cp->protoidx]) {
1700 case STATE_REQ_SENT:
1701 case STATE_ACK_SENT:
1704 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1707 case STATE_STOPPING:
1708 sppp_cp_change_state(cp, sp, STATE_STOPPED);
1711 case STATE_ACK_RCVD:
1712 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1717 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1720 kprintf(SPP_FMT "%s illegal %s in state %s\n",
1721 SPP_ARGS(ifp), cp->name,
1722 sppp_cp_type_name(h->type),
1723 sppp_state_name(sp->state[cp->protoidx]));
1728 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */
1730 SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, "
1731 "danger will robinson\n",
1732 SPP_ARGS(ifp), cp->name,
1733 sppp_cp_type_name(h->type), ntohs(*((u_short *)p)));
1734 switch (sp->state[cp->protoidx]) {
1737 case STATE_REQ_SENT:
1738 case STATE_ACK_SENT:
1740 case STATE_STOPPING:
1743 case STATE_ACK_RCVD:
1744 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1747 kprintf(SPP_FMT "%s illegal %s in state %s\n",
1748 SPP_ARGS(ifp), cp->name,
1749 sppp_cp_type_name(h->type),
1750 sppp_state_name(sp->state[cp->protoidx]));
1757 const struct cp *upper;
1763 proto = ntohs(*((u_int16_t *)p));
1764 for (i = 0; i < IDX_COUNT; i++) {
1765 if (cps[i]->proto == proto) {
1773 if (catastrophic || debug)
1774 log(catastrophic? LOG_INFO: LOG_DEBUG,
1775 SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n",
1776 SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+',
1777 sppp_cp_type_name(h->type), proto,
1778 upper ? upper->name : "unknown",
1779 upper ? sppp_state_name(sp->state[upper->protoidx]) : "?");
1782 * if we got RXJ+ against conf-req, the peer does not implement
1783 * this particular protocol type. terminate the protocol.
1785 if (upper && !catastrophic) {
1786 if (sp->state[upper->protoidx] == STATE_REQ_SENT) {
1792 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */
1793 switch (sp->state[cp->protoidx]) {
1796 case STATE_REQ_SENT:
1797 case STATE_ACK_SENT:
1799 case STATE_STOPPING:
1802 case STATE_ACK_RCVD:
1803 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1806 kprintf(SPP_FMT "%s illegal %s in state %s\n",
1807 SPP_ARGS(ifp), cp->name,
1808 sppp_cp_type_name(h->type),
1809 sppp_state_name(sp->state[cp->protoidx]));
1815 if (cp->proto != PPP_LCP)
1817 /* Discard the packet. */
1820 if (cp->proto != PPP_LCP)
1822 if (sp->state[cp->protoidx] != STATE_OPENED) {
1824 log(-1, SPP_FMT "lcp echo req but lcp closed\n",
1831 log(-1, SPP_FMT "invalid lcp echo request "
1832 "packet length: %d bytes\n",
1833 SPP_ARGS(ifp), len);
1836 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) &&
1837 ntohl (*(long*)(h+1)) == sp->lcp.magic) {
1838 /* Line loopback mode detected. */
1839 kprintf(SPP_FMT "loopback\n", SPP_ARGS(ifp));
1840 sp->pp_loopcnt = MAXALIVECNT * 5;
1842 IF_DRAIN(&sp->pp_cpq);
1844 /* Shut down the PPP link. */
1850 *(long*)(h+1) = htonl (sp->lcp.magic);
1852 log(-1, SPP_FMT "got lcp echo req, sending echo rep\n",
1854 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1);
1857 if (cp->proto != PPP_LCP)
1859 if (h->ident != sp->lcp.echoid) {
1865 log(-1, SPP_FMT "lcp invalid echo reply "
1866 "packet length: %d bytes\n",
1867 SPP_ARGS(ifp), len);
1871 log(-1, SPP_FMT "lcp got echo rep\n",
1873 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) ||
1874 ntohl (*(long*)(h+1)) != sp->lcp.magic)
1875 sp->pp_alivecnt = 0;
1878 /* Unknown packet type -- send Code-Reject packet. */
1881 log(-1, SPP_FMT "%s send code-rej for 0x%x\n",
1882 SPP_ARGS(ifp), cp->name, h->type);
1883 sppp_cp_send(sp, cp->proto, CODE_REJ,
1884 ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h);
1891 * The generic part of all Up/Down/Open/Close/TO event handlers.
1892 * Basically, the state transition handling in the automaton.
1895 sppp_up_event(const struct cp *cp, struct sppp *sp)
1900 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n",
1901 SPP_ARGS(ifp), cp->name,
1902 sppp_state_name(sp->state[cp->protoidx]));
1904 switch (sp->state[cp->protoidx]) {
1906 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1908 case STATE_STARTING:
1909 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1911 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1914 kprintf(SPP_FMT "%s illegal up in state %s\n",
1915 SPP_ARGS(ifp), cp->name,
1916 sppp_state_name(sp->state[cp->protoidx]));
1921 sppp_down_event(const struct cp *cp, struct sppp *sp)
1926 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n",
1927 SPP_ARGS(ifp), cp->name,
1928 sppp_state_name(sp->state[cp->protoidx]));
1930 switch (sp->state[cp->protoidx]) {
1933 sppp_cp_change_state(cp, sp, STATE_INITIAL);
1936 sppp_cp_change_state(cp, sp, STATE_STARTING);
1939 case STATE_STOPPING:
1940 case STATE_REQ_SENT:
1941 case STATE_ACK_RCVD:
1942 case STATE_ACK_SENT:
1943 sppp_cp_change_state(cp, sp, STATE_STARTING);
1947 sppp_cp_change_state(cp, sp, STATE_STARTING);
1950 kprintf(SPP_FMT "%s illegal down in state %s\n",
1951 SPP_ARGS(ifp), cp->name,
1952 sppp_state_name(sp->state[cp->protoidx]));
1958 sppp_open_event(const struct cp *cp, struct sppp *sp)
1963 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n",
1964 SPP_ARGS(ifp), cp->name,
1965 sppp_state_name(sp->state[cp->protoidx]));
1967 switch (sp->state[cp->protoidx]) {
1969 sppp_cp_change_state(cp, sp, STATE_STARTING);
1972 case STATE_STARTING:
1975 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1977 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1981 * Try escaping stopped state. This seems to bite
1982 * people occasionally, in particular for IPCP,
1983 * presumably following previous IPCP negotiation
1984 * aborts. Somehow, we must have missed a Down event
1985 * which would have caused a transition into starting
1986 * state, so as a bandaid we force the Down event now.
1987 * This effectively implements (something like the)
1988 * `restart' option mentioned in the state transition
1989 * table of RFC 1661.
1991 sppp_cp_change_state(cp, sp, STATE_STARTING);
1994 case STATE_STOPPING:
1995 case STATE_REQ_SENT:
1996 case STATE_ACK_RCVD:
1997 case STATE_ACK_SENT:
2001 sppp_cp_change_state(cp, sp, STATE_STOPPING);
2008 sppp_close_event(const struct cp *cp, struct sppp *sp)
2013 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n",
2014 SPP_ARGS(ifp), cp->name,
2015 sppp_state_name(sp->state[cp->protoidx]));
2017 switch (sp->state[cp->protoidx]) {
2022 case STATE_STARTING:
2023 sppp_cp_change_state(cp, sp, STATE_INITIAL);
2027 sppp_cp_change_state(cp, sp, STATE_CLOSED);
2029 case STATE_STOPPING:
2030 sppp_cp_change_state(cp, sp, STATE_CLOSING);
2035 case STATE_REQ_SENT:
2036 case STATE_ACK_RCVD:
2037 case STATE_ACK_SENT:
2038 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate;
2039 sppp_cp_send(sp, cp->proto, TERM_REQ,
2040 ++sp->pp_seq[cp->protoidx], 0, 0);
2041 sppp_cp_change_state(cp, sp, STATE_CLOSING);
2047 sppp_to_event(const struct cp *cp, struct sppp *sp)
2054 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n",
2055 SPP_ARGS(ifp), cp->name,
2056 sppp_state_name(sp->state[cp->protoidx]),
2057 sp->rst_counter[cp->protoidx]);
2059 if (--sp->rst_counter[cp->protoidx] < 0)
2061 switch (sp->state[cp->protoidx]) {
2063 sppp_cp_change_state(cp, sp, STATE_CLOSED);
2066 case STATE_STOPPING:
2067 sppp_cp_change_state(cp, sp, STATE_STOPPED);
2070 case STATE_REQ_SENT:
2071 case STATE_ACK_RCVD:
2072 case STATE_ACK_SENT:
2073 sppp_cp_change_state(cp, sp, STATE_STOPPED);
2079 switch (sp->state[cp->protoidx]) {
2081 case STATE_STOPPING:
2082 sppp_cp_send(sp, cp->proto, TERM_REQ,
2083 ++sp->pp_seq[cp->protoidx], 0, 0);
2084 callout_reset(&sp->timeout[cp->protoidx],
2085 sp->lcp.timeout, cp->TO, sp);
2087 case STATE_REQ_SENT:
2088 case STATE_ACK_RCVD:
2090 /* sppp_cp_change_state() will restart the timer */
2091 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
2093 case STATE_ACK_SENT:
2095 callout_reset(&sp->timeout[cp->protoidx],
2096 sp->lcp.timeout, cp->TO, sp);
2104 * Change the state of a control protocol in the state automaton.
2105 * Takes care of starting/stopping the restart timer.
2108 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate)
2110 sp->state[cp->protoidx] = newstate;
2111 callout_stop(&sp->timeout[cp->protoidx]);
2115 case STATE_STARTING:
2121 case STATE_STOPPING:
2122 case STATE_REQ_SENT:
2123 case STATE_ACK_RCVD:
2124 case STATE_ACK_SENT:
2125 callout_reset(&sp->timeout[cp->protoidx],
2126 sp->lcp.timeout, cp->TO, sp);
2132 *--------------------------------------------------------------------------*
2134 * The LCP implementation. *
2136 *--------------------------------------------------------------------------*
2139 sppp_lcp_init(struct sppp *sp)
2141 sp->lcp.opts = (1 << LCP_OPT_MAGIC);
2143 sp->state[IDX_LCP] = STATE_INITIAL;
2144 sp->fail_counter[IDX_LCP] = 0;
2145 sp->pp_seq[IDX_LCP] = 0;
2146 sp->pp_rseq[IDX_LCP] = 0;
2148 sp->lcp.mru = sp->lcp.their_mru = PP_MTU;
2150 /* Note that these values are relevant for all control protocols */
2151 sp->lcp.timeout = 3 * hz;
2152 sp->lcp.max_terminate = 2;
2153 sp->lcp.max_configure = 10;
2154 sp->lcp.max_failure = 10;
2155 #if defined(__DragonFly__)
2156 callout_init(&sp->timeout[IDX_LCP]);
2161 sppp_lcp_up(struct sppp *sp)
2165 sp->pp_alivecnt = 0;
2166 sp->lcp.opts = (1 << LCP_OPT_MAGIC);
2169 sp->lcp.mru = sp->lcp.their_mru = PP_MTU;
2171 * If this interface is passive or dial-on-demand, and we are
2172 * still in Initial state, it means we've got an incoming
2173 * call. Activate the interface.
2175 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) {
2178 SPP_FMT "Up event", SPP_ARGS(ifp));
2179 ifp->if_flags |= IFF_RUNNING;
2180 if (sp->state[IDX_LCP] == STATE_INITIAL) {
2182 log(-1, "(incoming call)\n");
2183 sp->pp_flags |= PP_CALLIN;
2187 } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 &&
2188 (sp->state[IDX_LCP] == STATE_INITIAL)) {
2189 ifp->if_flags |= IFF_RUNNING;
2193 sppp_up_event(&lcp, sp);
2197 sppp_lcp_down(struct sppp *sp)
2201 sppp_down_event(&lcp, sp);
2204 * If this is neither a dial-on-demand nor a passive
2205 * interface, simulate an ``ifconfig down'' action, so the
2206 * administrator can force a redial by another ``ifconfig
2207 * up''. XXX For leased line operation, should we immediately
2208 * try to reopen the connection here?
2210 if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) {
2212 SPP_FMT "Down event, taking interface down.\n",
2218 SPP_FMT "Down event (carrier loss)\n",
2220 sp->pp_flags &= ~PP_CALLIN;
2221 if (sp->state[IDX_LCP] != STATE_INITIAL)
2223 ifp->if_flags &= ~IFF_RUNNING;
2228 sppp_lcp_open(struct sppp *sp)
2231 * If we are authenticator, negotiate LCP_AUTH
2233 if (sp->hisauth.proto != 0)
2234 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO);
2236 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
2237 sp->pp_flags &= ~PP_NEEDAUTH;
2238 sppp_open_event(&lcp, sp);
2242 sppp_lcp_close(struct sppp *sp)
2244 sppp_close_event(&lcp, sp);
2248 sppp_lcp_TO(void *cookie)
2250 sppp_to_event(&lcp, (struct sppp *)cookie);
2254 * Analyze a configure request. Return true if it was agreeable, and
2255 * caused action sca, false if it has been rejected or nak'ed, and
2256 * caused action scn. (The return value is used to make the state
2257 * transition decision in the state automaton.)
2260 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
2263 u_char *buf, *r, *p;
2270 buf = r = kmalloc (len, M_TEMP, M_INTWAIT);
2273 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ",
2276 /* pass 1: check for things that need to be rejected */
2278 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2279 /* Sanity check option length */
2281 /* Malicious option - drop immediately.
2282 * XXX Maybe we should just RXJ it?
2284 log(-1, "%s: received malicious LCP option 0x%02x, "
2285 "length 0x%02x, (len: 0x%02x) dropping.\n", ifp->if_xname,
2290 log(-1, " %s ", sppp_lcp_opt_name(*p));
2294 if (len >= 6 && p[1] == 6)
2297 log(-1, "[invalid] ");
2299 case LCP_OPT_ASYNC_MAP:
2300 /* Async control character map. */
2301 if (len >= 6 && p[1] == 6)
2304 log(-1, "[invalid] ");
2307 /* Maximum receive unit. */
2308 if (len >= 4 && p[1] == 4)
2311 log(-1, "[invalid] ");
2313 case LCP_OPT_AUTH_PROTO:
2316 log(-1, "[invalid] ");
2319 authproto = (p[2] << 8) + p[3];
2320 if (authproto == PPP_CHAP && p[1] != 5) {
2322 log(-1, "[invalid chap len] ");
2325 if (sp->myauth.proto == 0) {
2326 /* we are not configured to do auth */
2328 log(-1, "[not configured] ");
2332 * Remote want us to authenticate, remember this,
2333 * so we stay in PHASE_AUTHENTICATE after LCP got
2336 sp->pp_flags |= PP_NEEDAUTH;
2339 /* Others not supported. */
2344 /* Add the option to rejected list. */
2351 log(-1, " send conf-rej\n");
2352 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
2358 * pass 2: check for option values that are unacceptable and
2359 * thus require to be nak'ed.
2362 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ",
2367 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2369 log(-1, " %s ", sppp_lcp_opt_name(*p));
2372 /* Magic number -- extract. */
2373 nmagic = (u_long)p[2] << 24 |
2374 (u_long)p[3] << 16 | p[4] << 8 | p[5];
2375 if (nmagic != sp->lcp.magic) {
2378 log(-1, "0x%lx ", nmagic);
2381 if (debug && sp->pp_loopcnt < MAXALIVECNT*5)
2382 log(-1, "[glitch] ");
2385 * We negate our magic here, and NAK it. If
2386 * we see it later in an NAK packet, we
2387 * suggest a new one.
2389 nmagic = ~sp->lcp.magic;
2391 p[2] = nmagic >> 24;
2392 p[3] = nmagic >> 16;
2397 case LCP_OPT_ASYNC_MAP:
2399 * Async control character map -- just ignore it.
2401 * Quote from RFC 1662, chapter 6:
2402 * To enable this functionality, synchronous PPP
2403 * implementations MUST always respond to the
2404 * Async-Control-Character-Map Configuration
2405 * Option with the LCP Configure-Ack. However,
2406 * acceptance of the Configuration Option does
2407 * not imply that the synchronous implementation
2408 * will do any ACCM mapping. Instead, all such
2409 * octet mapping will be performed by the
2410 * asynchronous-to-synchronous converter.
2416 * Maximum receive unit. Always agreeable,
2417 * but ignored by now.
2419 sp->lcp.their_mru = p[2] * 256 + p[3];
2421 log(-1, "%lu ", sp->lcp.their_mru);
2424 case LCP_OPT_AUTH_PROTO:
2425 authproto = (p[2] << 8) + p[3];
2426 if (sp->myauth.proto != authproto) {
2427 /* not agreed, nak */
2429 log(-1, "[mine %s != his %s] ",
2430 sppp_proto_name(sp->hisauth.proto),
2431 sppp_proto_name(authproto));
2432 p[2] = sp->myauth.proto >> 8;
2433 p[3] = sp->myauth.proto;
2436 if (authproto == PPP_CHAP && p[4] != CHAP_MD5) {
2438 log(-1, "[chap not MD5] ");
2444 /* Add the option to nak'ed list. */
2451 * Local and remote magics equal -- loopback?
2453 if (sp->pp_loopcnt >= MAXALIVECNT*5) {
2454 if (sp->pp_loopcnt == MAXALIVECNT*5)
2455 kprintf (SPP_FMT "loopback\n",
2457 if (ifp->if_flags & IFF_UP) {
2459 IF_DRAIN(&sp->pp_cpq);
2464 } else if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) {
2466 log(-1, " max_failure (%d) exceeded, "
2468 sp->lcp.max_failure);
2469 sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
2472 log(-1, " send conf-nak\n");
2473 sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf);
2477 log(-1, " send conf-ack\n");
2478 sp->fail_counter[IDX_LCP] = 0;
2480 sppp_cp_send (sp, PPP_LCP, CONF_ACK,
2481 h->ident, origlen, h+1);
2484 kfree (buf, M_TEMP);
2493 * Analyze the LCP Configure-Reject option list, and adjust our
2497 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
2503 buf = kmalloc (len, M_TEMP, M_INTWAIT);
2506 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ",
2510 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
2511 /* Sanity check option length */
2514 * Malicious option - drop immediately.
2515 * XXX Maybe we should just RXJ it?
2517 log(-1, "%s: received malicious LCP option, "
2518 "dropping.\n", ifp->if_xname);
2522 log(-1, " %s ", sppp_lcp_opt_name(*p));
2525 /* Magic number -- can't use it, use 0 */
2526 sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC);
2531 * Should not be rejected anyway, since we only
2532 * negotiate a MRU if explicitly requested by
2535 sp->lcp.opts &= ~(1 << LCP_OPT_MRU);
2537 case LCP_OPT_AUTH_PROTO:
2539 * Peer doesn't want to authenticate himself,
2540 * deny unless this is a dialout call, and
2541 * AUTHFLAG_NOCALLOUT is set.
2543 if ((sp->pp_flags & PP_CALLIN) == 0 &&
2544 (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) {
2546 log(-1, "[don't insist on auth "
2548 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
2552 log(-1, "[access denied]\n");
2560 kfree (buf, M_TEMP);
2565 * Analyze the LCP Configure-NAK option list, and adjust our
2569 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
2576 buf = kmalloc (len, M_TEMP, M_INTWAIT);
2579 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ",
2583 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
2584 /* Sanity check option length */
2587 * Malicious option - drop immediately.
2588 * XXX Maybe we should just RXJ it?
2590 log(-1, "%s: received malicious LCP option, "
2591 "dropping.\n", ifp->if_xname);
2595 log(-1, " %s ", sppp_lcp_opt_name(*p));
2598 /* Magic number -- renegotiate */
2599 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) &&
2600 len >= 6 && p[1] == 6) {
2601 magic = (u_long)p[2] << 24 |
2602 (u_long)p[3] << 16 | p[4] << 8 | p[5];
2604 * If the remote magic is our negated one,
2605 * this looks like a loopback problem.
2606 * Suggest a new magic to make sure.
2608 if (magic == ~sp->lcp.magic) {
2610 log(-1, "magic glitch ");
2611 #if defined(__DragonFly__)
2612 sp->lcp.magic = krandom();
2614 sp->lcp.magic = time.tv_sec + time.tv_usec;
2617 sp->lcp.magic = magic;
2619 log(-1, "%lu ", magic);
2625 * Peer wants to advise us to negotiate an MRU.
2626 * Agree on it if it's reasonable, or use
2627 * default otherwise.
2629 if (len >= 4 && p[1] == 4) {
2630 u_int mru = p[2] * 256 + p[3];
2632 log(-1, "%d ", mru);
2633 if (mru < PP_MTU || mru > PP_MAX_MRU)
2636 sp->lcp.opts |= (1 << LCP_OPT_MRU);
2639 case LCP_OPT_AUTH_PROTO:
2641 * Peer doesn't like our authentication method,
2645 log(-1, "[access denied]\n");
2653 kfree (buf, M_TEMP);
2658 sppp_lcp_tlu(struct sppp *sp)
2665 if (! (ifp->if_flags & IFF_UP) &&
2666 (ifp->if_flags & IFF_RUNNING)) {
2667 /* Coming out of loopback mode. */
2669 kprintf (SPP_FMT "up\n", SPP_ARGS(ifp));
2672 for (i = 0; i < IDX_COUNT; i++)
2673 if ((cps[i])->flags & CP_QUAL)
2676 if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 ||
2677 (sp->pp_flags & PP_NEEDAUTH) != 0)
2678 sp->pp_phase = PHASE_AUTHENTICATE;
2680 sp->pp_phase = PHASE_NETWORK;
2683 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
2684 sppp_phase_name(sp->pp_phase));
2687 * Open all authentication protocols. This is even required
2688 * if we already proceeded to network phase, since it might be
2689 * that remote wants us to authenticate, so we might have to
2690 * send a PAP request. Undesired authentication protocols
2691 * don't do anything when they get an Open event.
2693 for (i = 0; i < IDX_COUNT; i++)
2694 if ((cps[i])->flags & CP_AUTH)
2697 if (sp->pp_phase == PHASE_NETWORK) {
2698 /* Notify all NCPs. */
2699 for (i = 0; i < IDX_COUNT; i++)
2700 if (((cps[i])->flags & CP_NCP) &&
2703 * Hack to administratively disable IPv6 if
2704 * not desired. Perhaps we should have another
2705 * flag for this, but right now, we can make
2706 * all struct cp's read/only.
2708 (cps[i] != &ipv6cp ||
2709 (sp->confflags & CONF_ENABLE_IPV6)))
2713 /* Send Up events to all started protos. */
2714 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2715 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0)
2718 /* notify low-level driver of state change */
2720 sp->pp_chg(sp, (int)sp->pp_phase);
2722 if (sp->pp_phase == PHASE_NETWORK)
2723 /* if no NCP is starting, close down */
2724 sppp_lcp_check_and_close(sp);
2728 sppp_lcp_tld(struct sppp *sp)
2734 sp->pp_phase = PHASE_TERMINATE;
2737 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
2738 sppp_phase_name(sp->pp_phase));
2741 * Take upper layers down. We send the Down event first and
2742 * the Close second to prevent the upper layers from sending
2743 * ``a flurry of terminate-request packets'', as the RFC
2746 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2747 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) {
2749 (cps[i])->Close(sp);
2754 sppp_lcp_tls(struct sppp *sp)
2758 sp->pp_phase = PHASE_ESTABLISH;
2761 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
2762 sppp_phase_name(sp->pp_phase));
2764 /* Notify lower layer if desired. */
2772 sppp_lcp_tlf(struct sppp *sp)
2776 sp->pp_phase = PHASE_DEAD;
2778 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
2779 sppp_phase_name(sp->pp_phase));
2781 /* Notify lower layer if desired. */
2789 sppp_lcp_scr(struct sppp *sp)
2791 char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */];
2795 if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) {
2796 if (! sp->lcp.magic)
2797 #if defined(__DragonFly__)
2798 sp->lcp.magic = krandom();
2800 sp->lcp.magic = time.tv_sec + time.tv_usec;
2802 opt[i++] = LCP_OPT_MAGIC;
2804 opt[i++] = sp->lcp.magic >> 24;
2805 opt[i++] = sp->lcp.magic >> 16;
2806 opt[i++] = sp->lcp.magic >> 8;
2807 opt[i++] = sp->lcp.magic;
2810 if (sp->lcp.opts & (1 << LCP_OPT_MRU)) {
2811 opt[i++] = LCP_OPT_MRU;
2813 opt[i++] = sp->lcp.mru >> 8;
2814 opt[i++] = sp->lcp.mru;
2817 if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) {
2818 authproto = sp->hisauth.proto;
2819 opt[i++] = LCP_OPT_AUTH_PROTO;
2820 opt[i++] = authproto == PPP_CHAP? 5: 4;
2821 opt[i++] = authproto >> 8;
2822 opt[i++] = authproto;
2823 if (authproto == PPP_CHAP)
2824 opt[i++] = CHAP_MD5;
2827 sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP];
2828 sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt);
2832 * Check the open NCPs, return true if at least one NCP is open.
2835 sppp_ncp_check(struct sppp *sp)
2839 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2840 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP)
2846 * Re-check the open NCPs and see if we should terminate the link.
2847 * Called by the NCPs during their tlf action handling.
2850 sppp_lcp_check_and_close(struct sppp *sp)
2853 if (sp->pp_phase < PHASE_NETWORK)
2854 /* don't bother, we are already going down */
2857 if (sppp_ncp_check(sp))
2864 *--------------------------------------------------------------------------*
2866 * The IPCP implementation. *
2868 *--------------------------------------------------------------------------*
2872 sppp_ipcp_init(struct sppp *sp)
2876 sp->state[IDX_IPCP] = STATE_INITIAL;
2877 sp->fail_counter[IDX_IPCP] = 0;
2878 sp->pp_seq[IDX_IPCP] = 0;
2879 sp->pp_rseq[IDX_IPCP] = 0;
2880 #if defined(__DragonFly__)
2881 callout_init(&sp->timeout[IDX_IPCP]);
2886 sppp_ipcp_up(struct sppp *sp)
2888 sppp_up_event(&ipcp, sp);
2892 sppp_ipcp_down(struct sppp *sp)
2894 sppp_down_event(&ipcp, sp);
2898 sppp_ipcp_open(struct sppp *sp)
2901 u_long myaddr, hisaddr;
2903 sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN | IPCP_MYADDR_SEEN |
2904 IPCP_MYADDR_DYN | IPCP_VJ);
2907 sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0);
2909 * If we don't have his address, this probably means our
2910 * interface doesn't want to talk IP at all. (This could
2911 * be the case if somebody wants to speak only IPX, for
2912 * example.) Don't open IPCP in this case.
2914 if (hisaddr == 0L) {
2915 /* XXX this message should go away */
2917 log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n",
2923 * I don't have an assigned address, so i need to
2924 * negotiate my address.
2926 sp->ipcp.flags |= IPCP_MYADDR_DYN;
2927 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
2929 sp->ipcp.flags |= IPCP_MYADDR_SEEN;
2930 if (sp->confflags & CONF_ENABLE_VJ) {
2931 sp->ipcp.opts |= (1 << IPCP_OPT_COMPRESSION);
2932 sp->ipcp.max_state = MAX_STATES - 1;
2933 sp->ipcp.compress_cid = 1;
2935 sppp_open_event(&ipcp, sp);
2939 sppp_ipcp_close(struct sppp *sp)
2941 sppp_close_event(&ipcp, sp);
2942 if (sp->ipcp.flags & IPCP_MYADDR_DYN)
2944 * My address was dynamic, clear it again.
2946 sppp_set_ip_addr(sp, 0L);
2950 sppp_ipcp_TO(void *cookie)
2952 sppp_to_event(&ipcp, (struct sppp *)cookie);
2956 * Analyze a configure request. Return true if it was agreeable, and
2957 * caused action sca, false if it has been rejected or nak'ed, and
2958 * caused action scn. (The return value is used to make the state
2959 * transition decision in the state automaton.)
2962 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
2964 u_char *buf, *r, *p;
2965 struct ifnet *ifp = &sp->pp_if;
2966 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG;
2967 u_long hisaddr, desiredaddr;
2974 * Make sure to allocate a buf that can at least hold a
2975 * conf-nak with an `address' option. We might need it below.
2977 buf = r = kmalloc ((len < 6? 6: len), M_TEMP, M_INTWAIT);
2979 /* pass 1: see if we can recognize them */
2981 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ",
2984 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2985 /* Sanity check option length */
2987 /* XXX should we just RXJ? */
2988 log(-1, "%s: malicious IPCP option received, dropping\n",
2993 log(-1, " %s ", sppp_ipcp_opt_name(*p));
2995 case IPCP_OPT_COMPRESSION:
2996 if (!(sp->confflags & CONF_ENABLE_VJ)) {
2997 /* VJ compression administratively disabled */
2999 log(-1, "[locally disabled] ");
3003 * In theory, we should only conf-rej an
3004 * option that is shorter than RFC 1618
3005 * requires (i.e. < 4), and should conf-nak
3006 * anything else that is not VJ. However,
3007 * since our algorithm always uses the
3008 * original option to NAK it with new values,
3009 * things would become more complicated. In
3010 * pratice, the only commonly implemented IP
3011 * compression option is VJ anyway, so the
3012 * difference is negligible.
3014 if (len >= 6 && p[1] == 6) {
3016 * correctly formed compression option
3017 * that could be VJ compression
3022 log(-1, "optlen %d [invalid/unsupported] ",
3025 case IPCP_OPT_ADDRESS:
3026 if (len >= 6 && p[1] == 6) {
3027 /* correctly formed address option */
3031 log(-1, "[invalid] ");
3034 /* Others not supported. */
3039 /* Add the option to rejected list. */
3046 log(-1, " send conf-rej\n");
3047 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf);
3052 /* pass 2: parse option values */
3053 sppp_get_ip_addrs(sp, 0, &hisaddr, 0);
3055 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ",
3059 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
3061 log(-1, " %s ", sppp_ipcp_opt_name(*p));
3063 case IPCP_OPT_COMPRESSION:
3064 desiredcomp = p[2] << 8 | p[3];
3065 /* We only support VJ */
3066 if (desiredcomp == IPCP_COMP_VJ) {
3068 log(-1, "VJ [ack] ");
3069 sp->ipcp.flags |= IPCP_VJ;
3070 sl_compress_init(sp->pp_comp, p[4]);
3071 sp->ipcp.max_state = p[4];
3072 sp->ipcp.compress_cid = p[5];
3076 log(-1, "compproto %#04x [not supported] ",
3078 p[2] = IPCP_COMP_VJ >> 8;
3079 p[3] = IPCP_COMP_VJ;
3080 p[4] = sp->ipcp.max_state;
3081 p[5] = sp->ipcp.compress_cid;
3083 case IPCP_OPT_ADDRESS:
3084 /* This is the address he wants in his end */
3085 desiredaddr = p[2] << 24 | p[3] << 16 |
3087 if (desiredaddr == hisaddr ||
3088 (hisaddr >= 1 && hisaddr <= 254 && desiredaddr != 0)) {
3090 * Peer's address is same as our value,
3091 * or we have set it to 0.0.0.* to
3092 * indicate that we do not really care,
3093 * this is agreeable. Gonna conf-ack
3097 log(-1, "%s [ack] ",
3098 sppp_dotted_quad(hisaddr));
3099 /* record that we've seen it already */
3100 sp->ipcp.flags |= IPCP_HISADDR_SEEN;
3104 * The address wasn't agreeable. This is either
3105 * he sent us 0.0.0.0, asking to assign him an
3106 * address, or he send us another address not
3107 * matching our value. Either case, we gonna
3108 * conf-nak it with our value.
3109 * XXX: we should "rej" if hisaddr == 0
3112 if (desiredaddr == 0)
3113 log(-1, "[addr requested] ");
3115 log(-1, "%s [not agreed] ",
3116 sppp_dotted_quad(desiredaddr));
3119 p[2] = hisaddr >> 24;
3120 p[3] = hisaddr >> 16;
3121 p[4] = hisaddr >> 8;
3125 /* Add the option to nak'ed list. */
3132 * If we are about to conf-ack the request, but haven't seen
3133 * his address so far, gonna conf-nak it instead, with the
3134 * `address' option present and our idea of his address being
3135 * filled in there, to request negotiation of both addresses.
3137 * XXX This can result in an endless req - nak loop if peer
3138 * doesn't want to send us his address. Q: What should we do
3139 * about it? XXX A: implement the max-failure counter.
3141 if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) {
3142 buf[0] = IPCP_OPT_ADDRESS;
3144 buf[2] = hisaddr >> 24;
3145 buf[3] = hisaddr >> 16;
3146 buf[4] = hisaddr >> 8;
3150 log(-1, "still need hisaddr ");
3155 log(-1, " send conf-nak\n");
3156 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf);
3159 log(-1, " send conf-ack\n");
3160 sppp_cp_send (sp, PPP_IPCP, CONF_ACK,
3161 h->ident, origlen, h+1);
3164 kfree (buf, M_TEMP);
3173 * Analyze the IPCP Configure-Reject option list, and adjust our
3177 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
3180 struct ifnet *ifp = &sp->pp_if;
3181 int debug = ifp->if_flags & IFF_DEBUG;
3184 buf = kmalloc (len, M_TEMP, M_INTWAIT);
3187 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ",
3191 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
3192 /* Sanity check option length */
3194 /* XXX should we just RXJ? */
3195 log(-1, "%s: malicious IPCP option received, dropping\n",
3200 log(-1, " %s ", sppp_ipcp_opt_name(*p));
3202 case IPCP_OPT_COMPRESSION:
3203 sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESSION);
3205 case IPCP_OPT_ADDRESS:
3207 * Peer doesn't grok address option. This is
3208 * bad. XXX Should we better give up here?
3209 * XXX We could try old "addresses" option...
3211 sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS);
3218 kfree (buf, M_TEMP);
3223 * Analyze the IPCP Configure-NAK option list, and adjust our
3227 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
3230 struct ifnet *ifp = &sp->pp_if;
3231 int debug = ifp->if_flags & IFF_DEBUG;
3236 buf = kmalloc (len, M_TEMP, M_INTWAIT);
3239 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ",
3243 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
3244 /* Sanity check option length */
3246 /* XXX should we just RXJ? */
3247 log(-1, "%s: malicious IPCP option received, dropping\n",
3252 log(-1, " %s ", sppp_ipcp_opt_name(*p));
3254 case IPCP_OPT_COMPRESSION:
3255 if (len >= 6 && p[1] == 6) {
3256 desiredcomp = p[2] << 8 | p[3];
3258 log(-1, "[wantcomp %#04x] ",
3260 if (desiredcomp == IPCP_COMP_VJ) {
3261 sl_compress_init(sp->pp_comp, p[4]);
3262 sp->ipcp.max_state = p[4];
3263 sp->ipcp.compress_cid = p[5];
3265 log(-1, "[agree] ");
3268 ~(1 << IPCP_OPT_COMPRESSION);
3271 case IPCP_OPT_ADDRESS:
3273 * Peer doesn't like our local IP address. See
3274 * if we can do something for him. We'll drop
3275 * him our address then.
3277 if (len >= 6 && p[1] == 6) {
3278 wantaddr = p[2] << 24 | p[3] << 16 |
3280 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
3282 log(-1, "[wantaddr %s] ",
3283 sppp_dotted_quad(wantaddr));
3285 * When doing dynamic address assignment,
3286 * we accept his offer. Otherwise, we
3287 * ignore it and thus continue to negotiate
3288 * our already existing value.
3289 * XXX: Bogus, if he said no once, he'll
3290 * just say no again, might as well die.
3292 if (sp->ipcp.flags & IPCP_MYADDR_DYN) {
3293 sppp_set_ip_addr(sp, wantaddr);
3295 log(-1, "[agree] ");
3296 sp->ipcp.flags |= IPCP_MYADDR_SEEN;
3304 kfree (buf, M_TEMP);
3309 sppp_ipcp_tlu(struct sppp *sp)
3311 /* we are up - notify isdn daemon */
3317 sppp_ipcp_tld(struct sppp *sp)
3322 sppp_ipcp_tls(struct sppp *sp)
3324 /* indicate to LCP that it must stay alive */
3325 sp->lcp.protos |= (1 << IDX_IPCP);
3329 sppp_ipcp_tlf(struct sppp *sp)
3331 /* we no longer need LCP */
3332 sp->lcp.protos &= ~(1 << IDX_IPCP);
3333 sppp_lcp_check_and_close(sp);
3337 sppp_ipcp_scr(struct sppp *sp)
3339 char opt[6 /* compression */ + 6 /* address */];
3343 if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) {
3344 opt[i++] = IPCP_OPT_COMPRESSION;
3346 opt[i++] = IPCP_COMP_VJ >> 8;
3347 opt[i++] = IPCP_COMP_VJ;
3348 opt[i++] = sp->ipcp.max_state;
3349 opt[i++] = sp->ipcp.compress_cid;
3351 if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) {
3352 sppp_get_ip_addrs(sp, &ouraddr, 0, 0);
3353 opt[i++] = IPCP_OPT_ADDRESS;
3355 opt[i++] = ouraddr >> 24;
3356 opt[i++] = ouraddr >> 16;
3357 opt[i++] = ouraddr >> 8;
3361 sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP];
3362 sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt);
3366 *--------------------------------------------------------------------------*
3368 * The IPv6CP implementation. *
3370 *--------------------------------------------------------------------------*
3375 sppp_ipv6cp_init(struct sppp *sp)
3377 sp->ipv6cp.opts = 0;
3378 sp->ipv6cp.flags = 0;
3379 sp->state[IDX_IPV6CP] = STATE_INITIAL;
3380 sp->fail_counter[IDX_IPV6CP] = 0;
3381 sp->pp_seq[IDX_IPV6CP] = 0;
3382 sp->pp_rseq[IDX_IPV6CP] = 0;
3383 #if defined(__NetBSD__)
3384 callout_init(&sp->ch[IDX_IPV6CP]);
3386 #if defined(__DragonFly__)
3387 callout_init(&sp->timeout[IDX_IPV6CP]);
3392 sppp_ipv6cp_up(struct sppp *sp)
3394 sppp_up_event(&ipv6cp, sp);
3398 sppp_ipv6cp_down(struct sppp *sp)
3400 sppp_down_event(&ipv6cp, sp);
3404 sppp_ipv6cp_open(struct sppp *sp)
3407 struct in6_addr myaddr, hisaddr;
3409 #ifdef IPV6CP_MYIFID_DYN
3410 sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN);
3412 sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN;
3415 sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0);
3417 * If we don't have our address, this probably means our
3418 * interface doesn't want to talk IPv6 at all. (This could
3419 * be the case if somebody wants to speak only IPX, for
3420 * example.) Don't open IPv6CP in this case.
3422 if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) {
3423 /* XXX this message should go away */
3425 log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n",
3430 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN;
3431 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID);
3432 sppp_open_event(&ipv6cp, sp);
3436 sppp_ipv6cp_close(struct sppp *sp)
3438 sppp_close_event(&ipv6cp, sp);
3442 sppp_ipv6cp_TO(void *cookie)
3444 sppp_to_event(&ipv6cp, (struct sppp *)cookie);
3448 * Analyze a configure request. Return true if it was agreeable, and
3449 * caused action sca, false if it has been rejected or nak'ed, and
3450 * caused action scn. (The return value is used to make the state
3451 * transition decision in the state automaton.)
3454 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len)
3456 u_char *buf, *r, *p;
3457 struct ifnet *ifp = &sp->pp_if;
3458 int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG;
3459 struct in6_addr myaddr, desiredaddr, suggestaddr;
3462 int collision, nohisaddr;
3467 * Make sure to allocate a buf that can at least hold a
3468 * conf-nak with an `address' option. We might need it below.
3470 buf = r = kmalloc ((len < 6? 6: len), M_TEMP, M_INTWAIT);
3472 /* pass 1: see if we can recognize them */
3474 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:",
3478 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
3479 /* Sanity check option length */
3482 log(-1, "%s: received malicious IPCPv6 option, "
3483 "dropping\n", ifp->if_xname);
3487 log(-1, " %s", sppp_ipv6cp_opt_name(*p));
3489 case IPV6CP_OPT_IFID:
3490 if (len >= 10 && p[1] == 10 && ifidcount == 0) {
3491 /* correctly formed address option */
3496 log(-1, " [invalid]");
3499 case IPV6CP_OPT_COMPRESSION:
3500 if (len >= 4 && p[1] >= 4) {
3501 /* correctly formed compress option */
3505 log(-1, " [invalid]");
3509 /* Others not supported. */
3514 /* Add the option to rejected list. */
3521 log(-1, " send conf-rej\n");
3522 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf);
3527 /* pass 2: parse option values */
3528 sppp_get_ip6_addrs(sp, &myaddr, 0, 0);
3530 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ",
3535 for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
3537 log(-1, " %s", sppp_ipv6cp_opt_name(*p));
3540 case IPV6CP_OPT_COMPRESSION:
3543 case IPV6CP_OPT_IFID:
3544 bzero(&desiredaddr, sizeof(desiredaddr));
3545 bcopy(&p[2], &desiredaddr.s6_addr[8], 8);
3546 collision = (bcmp(&desiredaddr.s6_addr[8],
3547 &myaddr.s6_addr[8], 8) == 0);
3548 nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr);
3550 desiredaddr.s6_addr16[0] = htons(0xfe80);
3551 desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index);
3553 if (!collision && !nohisaddr) {
3554 /* no collision, hisaddr known - Conf-Ack */
3559 ip6_sprintf(&desiredaddr),
3560 sppp_cp_type_name(type));
3565 bzero(&suggestaddr, sizeof(&suggestaddr));
3566 if (collision && nohisaddr) {
3567 /* collision, hisaddr unknown - Conf-Rej */
3572 * - no collision, hisaddr unknown, or
3573 * - collision, hisaddr known
3574 * Conf-Nak, suggest hisaddr
3577 sppp_suggest_ip6_addr(sp, &suggestaddr);
3578 bcopy(&suggestaddr.s6_addr[8], &p[2], 8);
3581 log(-1, " %s [%s]", ip6_sprintf(&desiredaddr),
3582 sppp_cp_type_name(type));
3585 /* Add the option to nak'ed list. */
3591 if (rlen == 0 && type == CONF_ACK) {
3593 log(-1, " send %s\n", sppp_cp_type_name(type));
3594 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1);
3597 if (type == CONF_ACK)
3598 panic("IPv6CP RCR: CONF_ACK with non-zero rlen");
3602 log(-1, " send %s suggest %s\n",
3603 sppp_cp_type_name(type), ip6_sprintf(&suggestaddr));
3605 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf);
3609 kfree (buf, M_TEMP);
3618 * Analyze the IPv6CP Configure-Reject option list, and adjust our
3622 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
3625 struct ifnet *ifp = &sp->pp_if;
3626 int debug = ifp->if_flags & IFF_DEBUG;
3629 buf = kmalloc (len, M_TEMP, M_INTWAIT);
3632 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:",
3636 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
3639 log(-1, "%s: received malicious IPCPv6 option, "
3640 "dropping\n", ifp->if_xname);
3644 log(-1, " %s", sppp_ipv6cp_opt_name(*p));
3646 case IPV6CP_OPT_IFID:
3648 * Peer doesn't grok address option. This is
3649 * bad. XXX Should we better give up here?
3651 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID);
3654 case IPV6CP_OPT_COMPRESS:
3655 sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS);
3663 kfree (buf, M_TEMP);
3668 * Analyze the IPv6CP Configure-NAK option list, and adjust our
3672 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
3675 struct ifnet *ifp = &sp->pp_if;
3676 int debug = ifp->if_flags & IFF_DEBUG;
3677 struct in6_addr suggestaddr;
3680 buf = kmalloc (len, M_TEMP, M_INTWAIT);
3683 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:",
3687 for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
3690 log(-1, "%s: received malicious IPCPv6 option, "
3691 "dropping\n", ifp->if_xname);
3695 log(-1, " %s", sppp_ipv6cp_opt_name(*p));
3697 case IPV6CP_OPT_IFID:
3699 * Peer doesn't like our local ifid. See
3700 * if we can do something for him. We'll drop
3701 * him our address then.
3703 if (len < 10 || p[1] != 10)
3705 bzero(&suggestaddr, sizeof(suggestaddr));
3706 suggestaddr.s6_addr16[0] = htons(0xfe80);
3707 suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index);
3708 bcopy(&p[2], &suggestaddr.s6_addr[8], 8);
3710 sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID);
3712 log(-1, " [suggestaddr %s]",
3713 ip6_sprintf(&suggestaddr));
3714 #ifdef IPV6CP_MYIFID_DYN
3716 * When doing dynamic address assignment,
3717 * we accept his offer.
3719 if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) {
3720 struct in6_addr lastsuggest;
3722 * If <suggested myaddr from peer> equals to
3723 * <hisaddr we have suggested last time>,
3724 * we have a collision. generate new random
3727 sppp_suggest_ip6_addr(&lastsuggest);
3728 if (IN6_ARE_ADDR_EQUAL(&suggestaddr,
3731 log(-1, " [random]");
3732 sppp_gen_ip6_addr(sp, &suggestaddr);
3734 sppp_set_ip6_addr(sp, &suggestaddr, 0);
3736 log(-1, " [agree]");
3737 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN;
3741 * Since we do not do dynamic address assignment,
3742 * we ignore it and thus continue to negotiate
3743 * our already existing value. This can possibly
3744 * go into infinite request-reject loop.
3746 * This is not likely because we normally use
3747 * ifid based on MAC-address.
3748 * If you have no ethernet card on the node, too bad.
3749 * XXX should we use fail_counter?
3754 case IPV6CP_OPT_COMPRESS:
3756 * Peer wants different compression parameters.
3765 kfree (buf, M_TEMP);
3769 sppp_ipv6cp_tlu(struct sppp *sp)
3771 /* we are up - notify isdn daemon */
3777 sppp_ipv6cp_tld(struct sppp *sp)
3782 sppp_ipv6cp_tls(struct sppp *sp)
3784 /* indicate to LCP that it must stay alive */
3785 sp->lcp.protos |= (1 << IDX_IPV6CP);
3789 sppp_ipv6cp_tlf(struct sppp *sp)
3792 #if 0 /* need #if 0 to close IPv6CP properly */
3793 /* we no longer need LCP */
3794 sp->lcp.protos &= ~(1 << IDX_IPV6CP);
3795 sppp_lcp_check_and_close(sp);
3800 sppp_ipv6cp_scr(struct sppp *sp)
3802 char opt[10 /* ifid */ + 4 /* compression, minimum */];
3803 struct in6_addr ouraddr;
3806 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) {
3807 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0);
3808 opt[i++] = IPV6CP_OPT_IFID;
3810 bcopy(&ouraddr.s6_addr[8], &opt[i], 8);
3815 if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) {
3816 opt[i++] = IPV6CP_OPT_COMPRESSION;
3818 opt[i++] = 0; /* TBD */
3819 opt[i++] = 0; /* TBD */
3820 /* variable length data may follow */
3824 sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP];
3825 sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt);
3829 sppp_ipv6cp_init(struct sppp *sp)
3834 sppp_ipv6cp_up(struct sppp *sp)
3839 sppp_ipv6cp_down(struct sppp *sp)
3845 sppp_ipv6cp_open(struct sppp *sp)
3850 sppp_ipv6cp_close(struct sppp *sp)
3855 sppp_ipv6cp_TO(void *sp)
3860 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len)
3866 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
3871 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
3876 sppp_ipv6cp_tlu(struct sppp *sp)
3881 sppp_ipv6cp_tld(struct sppp *sp)
3886 sppp_ipv6cp_tls(struct sppp *sp)
3891 sppp_ipv6cp_tlf(struct sppp *sp)
3896 sppp_ipv6cp_scr(struct sppp *sp)
3902 *--------------------------------------------------------------------------*
3904 * The CHAP implementation. *
3906 *--------------------------------------------------------------------------*
3910 * The authentication protocols don't employ a full-fledged state machine as
3911 * the control protocols do, since they do have Open and Close events, but
3912 * not Up and Down, nor are they explicitly terminated. Also, use of the
3913 * authentication protocols may be different in both directions (this makes
3914 * sense, think of a machine that never accepts incoming calls but only
3915 * calls out, it doesn't require the called party to authenticate itself).
3917 * Our state machine for the local authentication protocol (we are requesting
3918 * the peer to authenticate) looks like:
3921 * +--------------------------------------------+
3923 * +--------+ Close +---------+ RCA+
3924 * | |<----------------------------------| |------+
3925 * +--->| Closed | TO* | Opened | sca |
3926 * | | |-----+ +-------| |<-----+
3927 * | +--------+ irc | | +---------+
3933 * | | +------->+ | |
3935 * | +--------+ V | |
3936 * | | |<----+<--------------------+ |
3942 * +------+ +------------------------------------------+
3943 * scn,tld sca,irc,ict,tlu
3948 * Open: LCP reached authentication phase
3949 * Close: LCP reached terminate phase
3951 * RCA+: received reply (pap-req, chap-response), acceptable
3952 * RCN: received reply (pap-req, chap-response), not acceptable
3953 * TO+: timeout with restart counter >= 0
3954 * TO-: timeout with restart counter < 0
3955 * TO*: reschedule timeout for CHAP
3957 * scr: send request packet (none for PAP, chap-challenge)
3958 * sca: send ack packet (pap-ack, chap-success)
3959 * scn: send nak packet (pap-nak, chap-failure)
3960 * ict: initialize re-challenge timer (CHAP only)
3962 * tlu: this-layer-up, LCP reaches network phase
3963 * tld: this-layer-down, LCP enters terminate phase
3965 * Note that in CHAP mode, after sending a new challenge, while the state
3966 * automaton falls back into Req-Sent state, it doesn't signal a tld
3967 * event to LCP, so LCP remains in network phase. Only after not getting
3968 * any response (or after getting an unacceptable response), CHAP closes,
3969 * causing LCP to enter terminate phase.
3971 * With PAP, there is no initial request that can be sent. The peer is
3972 * expected to send one based on the successful negotiation of PAP as
3973 * the authentication protocol during the LCP option negotiation.
3975 * Incoming authentication protocol requests (remote requests
3976 * authentication, we are peer) don't employ a state machine at all,
3977 * they are simply answered. Some peers [Ascend P50 firmware rev
3978 * 4.50] react allergically when sending IPCP requests while they are
3979 * still in authentication phase (thereby violating the standard that
3980 * demands that these NCP packets are to be discarded), so we keep
3981 * track of the peer demanding us to authenticate, and only proceed to
3982 * phase network once we've seen a positive acknowledge for the
3987 * Handle incoming CHAP packets.
3990 sppp_chap_input(struct sppp *sp, struct mbuf *m)
3993 struct lcp_header *h;
3995 u_char *value, *name, digest[AUTHKEYLEN], dsize;
3996 int value_len, name_len;
3999 len = m->m_pkthdr.len;
4003 SPP_FMT "chap invalid packet length: %d bytes\n",
4004 SPP_ARGS(ifp), len);
4007 h = mtod (m, struct lcp_header*);
4008 if (len > ntohs (h->len))
4009 len = ntohs (h->len);
4012 /* challenge, failure and success are his authproto */
4013 case CHAP_CHALLENGE:
4014 value = 1 + (u_char*)(h+1);
4015 value_len = value[-1];
4016 name = value + value_len;
4017 name_len = len - value_len - 5;
4021 SPP_FMT "chap corrupted challenge "
4022 "<%s id=0x%x len=%d",
4024 sppp_auth_type_name(PPP_CHAP, h->type),
4025 h->ident, ntohs(h->len));
4026 sppp_print_bytes((u_char*) (h+1), len-4);
4034 SPP_FMT "chap input <%s id=0x%x len=%d name=",
4036 sppp_auth_type_name(PPP_CHAP, h->type), h->ident,
4038 sppp_print_string((char*) name, name_len);
4039 log(-1, " value-size=%d value=", value_len);
4040 sppp_print_bytes(value, value_len);
4044 /* Compute reply value. */
4046 MD5Update(&ctx, &h->ident, 1);
4047 MD5Update(&ctx, sp->myauth.secret,
4048 sppp_strnlen(sp->myauth.secret, AUTHKEYLEN));
4049 MD5Update(&ctx, value, value_len);
4050 MD5Final(digest, &ctx);
4051 dsize = sizeof digest;
4053 sppp_auth_send(&chap, sp, CHAP_RESPONSE, h->ident,
4054 sizeof dsize, (const char *)&dsize,
4055 sizeof digest, digest,
4056 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN),
4063 log(LOG_DEBUG, SPP_FMT "chap success",
4067 sppp_print_string((char*)(h + 1), len - 4);
4074 sp->pp_flags &= ~PP_NEEDAUTH;
4075 if (sp->myauth.proto == PPP_CHAP &&
4076 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) &&
4077 (sp->lcp.protos & (1 << IDX_CHAP)) == 0) {
4079 * We are authenticator for CHAP but didn't
4080 * complete yet. Leave it to tlu to proceed
4087 sppp_phase_network(sp);
4092 log(LOG_INFO, SPP_FMT "chap failure",
4096 sppp_print_string((char*)(h + 1), len - 4);
4100 log(LOG_INFO, SPP_FMT "chap failure\n",
4102 /* await LCP shutdown by authenticator */
4105 /* response is my authproto */
4107 value = 1 + (u_char*)(h+1);
4108 value_len = value[-1];
4109 name = value + value_len;
4110 name_len = len - value_len - 5;
4114 SPP_FMT "chap corrupted response "
4115 "<%s id=0x%x len=%d",
4117 sppp_auth_type_name(PPP_CHAP, h->type),
4118 h->ident, ntohs(h->len));
4119 sppp_print_bytes((u_char*)(h+1), len-4);
4124 if (h->ident != sp->confid[IDX_CHAP]) {
4127 SPP_FMT "chap dropping response for old ID "
4128 "(got %d, expected %d)\n",
4130 h->ident, sp->confid[IDX_CHAP]);
4133 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN)
4134 || bcmp(name, sp->hisauth.name, name_len) != 0) {
4135 log(LOG_INFO, SPP_FMT "chap response, his name ",
4137 sppp_print_string(name, name_len);
4138 log(-1, " != expected ");
4139 sppp_print_string(sp->hisauth.name,
4140 sppp_strnlen(sp->hisauth.name, AUTHNAMELEN));
4144 log(LOG_DEBUG, SPP_FMT "chap input(%s) "
4145 "<%s id=0x%x len=%d name=",
4147 sppp_state_name(sp->state[IDX_CHAP]),
4148 sppp_auth_type_name(PPP_CHAP, h->type),
4149 h->ident, ntohs (h->len));
4150 sppp_print_string((char*)name, name_len);
4151 log(-1, " value-size=%d value=", value_len);
4152 sppp_print_bytes(value, value_len);
4155 if (value_len != AUTHKEYLEN) {
4158 SPP_FMT "chap bad hash value length: "
4159 "%d bytes, should be %d\n",
4160 SPP_ARGS(ifp), value_len,
4166 MD5Update(&ctx, &h->ident, 1);
4167 MD5Update(&ctx, sp->hisauth.secret,
4168 sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN));
4169 MD5Update(&ctx, sp->myauth.challenge, AUTHKEYLEN);
4170 MD5Final(digest, &ctx);
4172 #define FAILMSG "Failed..."
4173 #define SUCCMSG "Welcome!"
4175 if (value_len != sizeof digest ||
4176 bcmp(digest, value, value_len) != 0) {
4177 /* action scn, tld */
4178 sppp_auth_send(&chap, sp, CHAP_FAILURE, h->ident,
4179 sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
4184 /* action sca, perhaps tlu */
4185 if (sp->state[IDX_CHAP] == STATE_REQ_SENT ||
4186 sp->state[IDX_CHAP] == STATE_OPENED)
4187 sppp_auth_send(&chap, sp, CHAP_SUCCESS, h->ident,
4188 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
4190 if (sp->state[IDX_CHAP] == STATE_REQ_SENT) {
4191 sppp_cp_change_state(&chap, sp, STATE_OPENED);
4197 /* Unknown CHAP packet type -- ignore. */
4199 log(LOG_DEBUG, SPP_FMT "chap unknown input(%s) "
4200 "<0x%x id=0x%xh len=%d",
4202 sppp_state_name(sp->state[IDX_CHAP]),
4203 h->type, h->ident, ntohs(h->len));
4204 sppp_print_bytes((u_char*)(h+1), len-4);
4213 sppp_chap_init(struct sppp *sp)
4215 /* Chap doesn't have STATE_INITIAL at all. */
4216 sp->state[IDX_CHAP] = STATE_CLOSED;
4217 sp->fail_counter[IDX_CHAP] = 0;
4218 sp->pp_seq[IDX_CHAP] = 0;
4219 sp->pp_rseq[IDX_CHAP] = 0;
4220 #if defined(__DragonFly__)
4221 callout_init(&sp->timeout[IDX_CHAP]);
4226 sppp_chap_open(struct sppp *sp)
4228 if (sp->myauth.proto == PPP_CHAP &&
4229 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
4230 /* we are authenticator for CHAP, start it */
4232 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
4233 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
4235 /* nothing to be done if we are peer, await a challenge */
4239 sppp_chap_close(struct sppp *sp)
4241 if (sp->state[IDX_CHAP] != STATE_CLOSED)
4242 sppp_cp_change_state(&chap, sp, STATE_CLOSED);
4246 sppp_chap_TO(void *cookie)
4248 struct sppp *sp = (struct sppp *)cookie;
4254 log(LOG_DEBUG, SPP_FMT "chap TO(%s) rst_counter = %d\n",
4256 sppp_state_name(sp->state[IDX_CHAP]),
4257 sp->rst_counter[IDX_CHAP]);
4259 if (--sp->rst_counter[IDX_CHAP] < 0)
4261 switch (sp->state[IDX_CHAP]) {
4262 case STATE_REQ_SENT:
4264 sppp_cp_change_state(&chap, sp, STATE_CLOSED);
4268 /* TO+ (or TO*) event */
4269 switch (sp->state[IDX_CHAP]) {
4272 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
4274 case STATE_REQ_SENT:
4276 /* sppp_cp_change_state() will restart the timer */
4277 sppp_cp_change_state(&chap, sp, STATE_REQ_SENT);
4285 sppp_chap_tlu(struct sppp *sp)
4291 sp->rst_counter[IDX_CHAP] = sp->lcp.max_configure;
4294 * Some broken CHAP implementations (Conware CoNet, firmware
4295 * 4.0.?) don't want to re-authenticate their CHAP once the
4296 * initial challenge-response exchange has taken place.
4297 * Provide for an option to avoid rechallenges.
4299 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0) {
4301 * Compute the re-challenge timeout. This will yield
4302 * a number between 300 and 810 seconds.
4304 i = 300 + ((unsigned)(krandom() & 0xff00) >> 7);
4305 callout_reset(&sp->timeout[IDX_CHAP], i * hz, chap.TO, sp);
4310 SPP_FMT "chap %s, ",
4312 sp->pp_phase == PHASE_NETWORK? "reconfirmed": "tlu");
4313 if ((sp->hisauth.flags & AUTHFLAG_NORECHALLENGE) == 0)
4314 log(-1, "next re-challenge in %d seconds\n", i);
4316 log(-1, "re-challenging suppressed\n");
4321 /* indicate to LCP that we need to be closed down */
4322 sp->lcp.protos |= (1 << IDX_CHAP);
4324 if (sp->pp_flags & PP_NEEDAUTH) {
4326 * Remote is authenticator, but his auth proto didn't
4327 * complete yet. Defer the transition to network
4337 * If we are already in phase network, we are done here. This
4338 * is the case if this is a dummy tlu event after a re-challenge.
4340 if (sp->pp_phase != PHASE_NETWORK)
4341 sppp_phase_network(sp);
4345 sppp_chap_tld(struct sppp *sp)
4350 log(LOG_DEBUG, SPP_FMT "chap tld\n", SPP_ARGS(ifp));
4351 callout_stop(&sp->timeout[IDX_CHAP]);
4352 sp->lcp.protos &= ~(1 << IDX_CHAP);
4358 sppp_chap_scr(struct sppp *sp)
4363 /* Compute random challenge. */
4364 ch = (u_long *)sp->myauth.challenge;
4365 #if defined(__DragonFly__)
4366 read_random(&seed, sizeof seed);
4371 seed = tv.tv_sec ^ tv.tv_usec;
4374 ch[0] = seed ^ krandom();
4375 ch[1] = seed ^ krandom();
4376 ch[2] = seed ^ krandom();
4377 ch[3] = seed ^ krandom();
4380 sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP];
4382 sppp_auth_send(&chap, sp, CHAP_CHALLENGE, sp->confid[IDX_CHAP],
4383 sizeof clen, (const char *)&clen,
4384 (size_t)AUTHKEYLEN, sp->myauth.challenge,
4385 (size_t)sppp_strnlen(sp->myauth.name, AUTHNAMELEN),
4391 *--------------------------------------------------------------------------*
4393 * The PAP implementation. *
4395 *--------------------------------------------------------------------------*
4398 * For PAP, we need to keep a little state also if we are the peer, not the
4399 * authenticator. This is since we don't get a request to authenticate, but
4400 * have to repeatedly authenticate ourself until we got a response (or the
4401 * retry counter is expired).
4405 * Handle incoming PAP packets. */
4407 sppp_pap_input(struct sppp *sp, struct mbuf *m)
4410 struct lcp_header *h;
4412 u_char *name, *passwd, mlen;
4413 int name_len, passwd_len;
4416 * Malicious input might leave this uninitialized, so
4417 * init to an impossible value.
4421 len = m->m_pkthdr.len;
4425 SPP_FMT "pap invalid packet length: %d bytes\n",
4426 SPP_ARGS(ifp), len);
4429 h = mtod (m, struct lcp_header*);
4430 if (len > ntohs (h->len))
4431 len = ntohs (h->len);
4433 /* PAP request is my authproto */
4435 name = 1 + (u_char*)(h+1);
4436 name_len = name[-1];
4437 passwd = name + name_len + 1;
4438 if (name_len > len - 6 ||
4439 (passwd_len = passwd[-1]) > len - 6 - name_len) {
4441 log(LOG_DEBUG, SPP_FMT "pap corrupted input "
4442 "<%s id=0x%x len=%d",
4444 sppp_auth_type_name(PPP_PAP, h->type),
4445 h->ident, ntohs(h->len));
4446 sppp_print_bytes((u_char*)(h+1), len-4);
4452 log(LOG_DEBUG, SPP_FMT "pap input(%s) "
4453 "<%s id=0x%x len=%d name=",
4455 sppp_state_name(sp->state[IDX_PAP]),
4456 sppp_auth_type_name(PPP_PAP, h->type),
4457 h->ident, ntohs(h->len));
4458 sppp_print_string((char*)name, name_len);
4459 log(-1, " passwd=");
4460 sppp_print_string((char*)passwd, passwd_len);
4463 if (name_len != sppp_strnlen(sp->hisauth.name, AUTHNAMELEN) ||
4464 passwd_len != sppp_strnlen(sp->hisauth.secret, AUTHKEYLEN) ||
4465 bcmp(name, sp->hisauth.name, name_len) != 0 ||
4466 bcmp(passwd, sp->hisauth.secret, passwd_len) != 0) {
4467 /* action scn, tld */
4468 mlen = sizeof(FAILMSG) - 1;
4469 sppp_auth_send(&pap, sp, PAP_NAK, h->ident,
4470 sizeof mlen, (const char *)&mlen,
4471 sizeof(FAILMSG) - 1, (u_char *)FAILMSG,
4476 /* action sca, perhaps tlu */
4477 if (sp->state[IDX_PAP] == STATE_REQ_SENT ||
4478 sp->state[IDX_PAP] == STATE_OPENED) {
4479 mlen = sizeof(SUCCMSG) - 1;
4480 sppp_auth_send(&pap, sp, PAP_ACK, h->ident,
4481 sizeof mlen, (const char *)&mlen,
4482 sizeof(SUCCMSG) - 1, (u_char *)SUCCMSG,
4485 if (sp->state[IDX_PAP] == STATE_REQ_SENT) {
4486 sppp_cp_change_state(&pap, sp, STATE_OPENED);
4491 /* ack and nak are his authproto */
4493 callout_stop(&sp->pap_my_to);
4495 log(LOG_DEBUG, SPP_FMT "pap success",
4497 name = 1 + (u_char *)(h + 1);
4498 name_len = name[-1];
4499 if (len > 5 && name_len < len+4) {
4501 sppp_print_string(name, name_len);
4508 sp->pp_flags &= ~PP_NEEDAUTH;
4509 if (sp->myauth.proto == PPP_PAP &&
4510 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) &&
4511 (sp->lcp.protos & (1 << IDX_PAP)) == 0) {
4513 * We are authenticator for PAP but didn't
4514 * complete yet. Leave it to tlu to proceed
4525 sppp_phase_network(sp);
4529 callout_stop(&sp->pap_my_to);
4531 log(LOG_INFO, SPP_FMT "pap failure",
4533 name = 1 + (u_char *)(h + 1);
4534 name_len = name[-1];
4535 if (len > 5 && name_len < len+4) {
4537 sppp_print_string(name, name_len);
4541 log(LOG_INFO, SPP_FMT "pap failure\n",
4543 /* await LCP shutdown by authenticator */
4547 /* Unknown PAP packet type -- ignore. */
4549 log(LOG_DEBUG, SPP_FMT "pap corrupted input "
4550 "<0x%x id=0x%x len=%d",
4552 h->type, h->ident, ntohs(h->len));
4553 sppp_print_bytes((u_char*)(h+1), len-4);
4562 sppp_pap_init(struct sppp *sp)
4564 /* PAP doesn't have STATE_INITIAL at all. */
4565 sp->state[IDX_PAP] = STATE_CLOSED;
4566 sp->fail_counter[IDX_PAP] = 0;
4567 sp->pp_seq[IDX_PAP] = 0;
4568 sp->pp_rseq[IDX_PAP] = 0;
4569 #if defined(__DragonFly__)
4570 callout_init(&sp->timeout[IDX_PAP]);
4571 callout_init(&sp->pap_my_to);
4576 sppp_pap_open(struct sppp *sp)
4578 if (sp->hisauth.proto == PPP_PAP &&
4579 (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0) {
4580 /* we are authenticator for PAP, start our timer */
4581 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
4582 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
4584 if (sp->myauth.proto == PPP_PAP) {
4585 /* we are peer, send a request, and start a timer */
4587 callout_reset(&sp->pap_my_to, sp->lcp.timeout,
4588 sppp_pap_my_TO, sp);
4593 sppp_pap_close(struct sppp *sp)
4595 if (sp->state[IDX_PAP] != STATE_CLOSED)
4596 sppp_cp_change_state(&pap, sp, STATE_CLOSED);
4600 * That's the timeout routine if we are authenticator. Since the
4601 * authenticator is basically passive in PAP, we can't do much here.
4604 sppp_pap_TO(void *cookie)
4606 struct sppp *sp = (struct sppp *)cookie;
4612 log(LOG_DEBUG, SPP_FMT "pap TO(%s) rst_counter = %d\n",
4614 sppp_state_name(sp->state[IDX_PAP]),
4615 sp->rst_counter[IDX_PAP]);
4617 if (--sp->rst_counter[IDX_PAP] < 0)
4619 switch (sp->state[IDX_PAP]) {
4620 case STATE_REQ_SENT:
4622 sppp_cp_change_state(&pap, sp, STATE_CLOSED);
4626 /* TO+ event, not very much we could do */
4627 switch (sp->state[IDX_PAP]) {
4628 case STATE_REQ_SENT:
4629 /* sppp_cp_change_state() will restart the timer */
4630 sppp_cp_change_state(&pap, sp, STATE_REQ_SENT);
4638 * That's the timeout handler if we are peer. Since the peer is active,
4639 * we need to retransmit our PAP request since it is apparently lost.
4640 * XXX We should impose a max counter.
4643 sppp_pap_my_TO(void *cookie)
4645 struct sppp *sp = (struct sppp *)cookie;
4649 log(LOG_DEBUG, SPP_FMT "pap peer TO\n",
4656 sppp_pap_tlu(struct sppp *sp)
4660 sp->rst_counter[IDX_PAP] = sp->lcp.max_configure;
4663 log(LOG_DEBUG, SPP_FMT "%s tlu\n",
4664 SPP_ARGS(ifp), pap.name);
4668 /* indicate to LCP that we need to be closed down */
4669 sp->lcp.protos |= (1 << IDX_PAP);
4671 if (sp->pp_flags & PP_NEEDAUTH) {
4673 * Remote is authenticator, but his auth proto didn't
4674 * complete yet. Defer the transition to network
4681 sppp_phase_network(sp);
4685 sppp_pap_tld(struct sppp *sp)
4690 log(LOG_DEBUG, SPP_FMT "pap tld\n", SPP_ARGS(ifp));
4691 callout_stop(&sp->timeout[IDX_PAP]);
4692 callout_stop(&sp->pap_my_to);
4693 sp->lcp.protos &= ~(1 << IDX_PAP);
4699 sppp_pap_scr(struct sppp *sp)
4701 u_char idlen, pwdlen;
4703 sp->confid[IDX_PAP] = ++sp->pp_seq[IDX_PAP];
4704 pwdlen = sppp_strnlen(sp->myauth.secret, AUTHKEYLEN);
4705 idlen = sppp_strnlen(sp->myauth.name, AUTHNAMELEN);
4707 sppp_auth_send(&pap, sp, PAP_REQ, sp->confid[IDX_PAP],
4708 sizeof idlen, (const char *)&idlen,
4709 (size_t)idlen, sp->myauth.name,
4710 sizeof pwdlen, (const char *)&pwdlen,
4711 (size_t)pwdlen, sp->myauth.secret,
4716 * Random miscellaneous functions.
4720 * Send a PAP or CHAP proto packet.
4722 * Varadic function, each of the elements for the ellipsis is of type
4723 * ``size_t mlen, const u_char *msg''. Processing will stop iff
4725 * NOTE: never declare variadic functions with types subject to type
4726 * promotion (i.e. u_char). This is asking for big trouble depending
4727 * on the architecture you are on...
4731 sppp_auth_send(const struct cp *cp, struct sppp *sp,
4732 unsigned int type, unsigned int id,
4736 struct ppp_header *h;
4737 struct lcp_header *lh;
4745 MGETHDR (m, MB_DONTWAIT, MT_DATA);
4748 m->m_pkthdr.rcvif = 0;
4750 h = mtod (m, struct ppp_header*);
4751 h->address = PPP_ALLSTATIONS; /* broadcast address */
4752 h->control = PPP_UI; /* Unnumbered Info */
4753 h->protocol = htons(cp->proto);
4755 lh = (struct lcp_header*)(h + 1);
4758 p = (u_char*) (lh+1);
4763 while ((mlen = (unsigned int)__va_arg(ap, size_t)) != 0) {
4764 msg = __va_arg(ap, const char *);
4766 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) {
4772 bcopy(msg, p, mlen);
4777 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len;
4778 lh->len = htons (LCP_HEADER_LEN + len);
4781 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d",
4782 SPP_ARGS(ifp), cp->name,
4783 sppp_auth_type_name(cp->proto, lh->type),
4784 lh->ident, ntohs(lh->len));
4785 sppp_print_bytes((u_char*) (lh+1), len);
4788 if (IF_QFULL (&sp->pp_cpq)) {
4789 IF_DROP (&sp->pp_fastq);
4790 IF_DROP (&ifp->if_snd);
4794 IF_ENQUEUE (&sp->pp_cpq, m);
4795 if (! (ifp->if_flags & IFF_OACTIVE))
4796 (*ifp->if_start) (ifp);
4797 ifp->if_obytes += m->m_pkthdr.len + 3;
4801 * Send keepalive packets, every 10 seconds.
4804 sppp_keepalive(void *dummy)
4810 for (sp=spppq; sp; sp=sp->pp_next) {
4811 struct ifnet *ifp = &sp->pp_if;
4813 /* Keepalive mode disabled or channel down? */
4814 if (! (sp->pp_flags & PP_KEEPALIVE) ||
4815 ! (ifp->if_flags & IFF_RUNNING))
4818 /* No keepalive in PPP mode if LCP not opened yet. */
4819 if (sp->pp_mode != IFF_CISCO &&
4820 sp->pp_phase < PHASE_AUTHENTICATE)
4823 if (sp->pp_alivecnt == MAXALIVECNT) {
4824 /* No keepalive packets got. Stop the interface. */
4825 kprintf (SPP_FMT "down\n", SPP_ARGS(ifp));
4827 IF_DRAIN(&sp->pp_cpq);
4828 if (sp->pp_mode != IFF_CISCO) {
4830 /* Shut down the PPP link. */
4832 /* Initiate negotiation. XXX */
4836 lwkt_serialize_enter(ifp->if_serializer);
4837 if (sp->pp_alivecnt <= MAXALIVECNT)
4839 if (sp->pp_mode == IFF_CISCO)
4840 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ,
4841 ++sp->pp_seq[IDX_LCP], sp->pp_rseq[IDX_LCP]);
4842 else if (sp->pp_phase >= PHASE_AUTHENTICATE) {
4843 long nmagic = htonl (sp->lcp.magic);
4844 sp->lcp.echoid = ++sp->pp_seq[IDX_LCP];
4845 sppp_cp_send (sp, PPP_LCP, ECHO_REQ,
4846 sp->lcp.echoid, 4, &nmagic);
4848 lwkt_serialize_exit(ifp->if_serializer);
4850 callout_reset(&keepalive_timeout, hz * 10, sppp_keepalive, NULL);
4855 * Get both IP addresses.
4858 sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst, u_long *srcmask)
4860 struct ifnet *ifp = &sp->pp_if;
4861 struct ifaddr_container *ifac;
4863 struct sockaddr_in *si, *sm;
4869 * Pick the first AF_INET address from the list,
4870 * aliases don't make any sense on a p2p link anyway.
4873 TAILQ_FOREACH(ifac, &ifp->if_addrheads[mycpuid], ifa_link) {
4875 if (ifa->ifa_addr->sa_family == AF_INET) {
4876 si = (struct sockaddr_in *)ifa->ifa_addr;
4877 sm = (struct sockaddr_in *)ifa->ifa_netmask;
4883 if (si && si->sin_addr.s_addr) {
4884 ssrc = si->sin_addr.s_addr;
4886 *srcmask = ntohl(sm->sin_addr.s_addr);
4889 si = (struct sockaddr_in *)ifa->ifa_dstaddr;
4890 if (si && si->sin_addr.s_addr)
4891 ddst = si->sin_addr.s_addr;
4894 if (dst) *dst = ntohl(ddst);
4895 if (src) *src = ntohl(ssrc);
4899 * Set my IP address. Must be called at splimp.
4902 sppp_set_ip_addr(struct sppp *sp, u_long src)
4905 struct ifaddr_container *ifac;
4906 struct ifaddr *ifa = NULL;
4907 struct sockaddr_in *si;
4908 struct in_ifaddr *ia;
4911 * Pick the first AF_INET address from the list,
4912 * aliases don't make any sense on a p2p link anyway.
4915 TAILQ_FOREACH(ifac, &ifp->if_addrheads[mycpuid], ifa_link) {
4917 if (ifa->ifa_addr->sa_family == AF_INET) {
4918 si = (struct sockaddr_in *)ifa->ifa_addr;
4924 if (ifac != NULL && si != NULL) {
4926 #if __NetBSD_Version__ >= 103080000
4927 struct sockaddr_in new_sin = *si;
4929 new_sin.sin_addr.s_addr = htonl(src);
4930 error = in_ifinit(ifp, ifatoia(ifa), &new_sin, 1);
4933 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: in_ifinit "
4934 " failed, error=%d\n", SPP_ARGS(ifp), error);
4937 /* delete old route */
4938 error = rtinit(ifa, (int)RTM_DELETE, RTF_HOST);
4941 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit DEL failed, error=%d\n",
4942 SPP_ARGS(ifp), error);
4945 /* set new address */
4946 si->sin_addr.s_addr = htonl(src);
4948 LIST_REMOVE(ia, ia_hash);
4949 LIST_INSERT_HEAD(INADDR_HASH(si->sin_addr.s_addr), ia, ia_hash);
4952 error = rtinit(ifa, (int)RTM_ADD, RTF_HOST);
4955 log(LOG_DEBUG, SPP_FMT "sppp_set_ip_addr: rtinit ADD failed, error=%d",
4956 SPP_ARGS(ifp), error);
4964 * Get both IPv6 addresses.
4967 sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src, struct in6_addr *dst,
4968 struct in6_addr *srcmask)
4970 struct ifnet *ifp = &sp->pp_if;
4971 struct ifaddr_container *ifac;
4973 struct sockaddr_in6 *si, *sm;
4974 struct in6_addr ssrc, ddst;
4977 bzero(&ssrc, sizeof(ssrc));
4978 bzero(&ddst, sizeof(ddst));
4980 * Pick the first link-local AF_INET6 address from the list,
4981 * aliases don't make any sense on a p2p link anyway.
4984 TAILQ_FOREACH(ifac, &ifp->if_addrheads[mycpuid], ifa_link) {
4986 if (ifa->ifa_addr->sa_family == AF_INET6) {
4987 si = (struct sockaddr_in6 *)ifa->ifa_addr;
4988 sm = (struct sockaddr_in6 *)ifa->ifa_netmask;
4989 if (si && IN6_IS_ADDR_LINKLOCAL(&si->sin6_addr))
4994 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr)) {
4995 bcopy(&si->sin6_addr, &ssrc, sizeof(ssrc));
4997 bcopy(&sm->sin6_addr, srcmask,
5002 si = (struct sockaddr_in6 *)ifa->ifa_dstaddr;
5003 if (si && !IN6_IS_ADDR_UNSPECIFIED(&si->sin6_addr))
5004 bcopy(&si->sin6_addr, &ddst, sizeof(ddst));
5008 bcopy(&ddst, dst, sizeof(*dst));
5010 bcopy(&ssrc, src, sizeof(*src));
5013 #ifdef IPV6CP_MYIFID_DYN
5015 * Generate random ifid.
5018 sppp_gen_ip6_addr(struct sppp *sp, struct in6_addr *addr)
5024 * Set my IPv6 address. Must be called at splimp.
5027 sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src)
5030 struct ifaddr_container *ifac;
5032 struct sockaddr_in6 *sin6;
5035 * Pick the first link-local AF_INET6 address from the list,
5036 * aliases don't make any sense on a p2p link anyway.
5040 TAILQ_FOREACH(ifac, &ifp->if_addrheads[mycpuid], ifa_link) {
5042 if (ifa->ifa_addr->sa_family == AF_INET6) {
5043 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr;
5044 if (sin6 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))
5049 if (ifac != NULL && sin6 != NULL) {
5051 struct sockaddr_in6 new_sin6 = *sin6;
5053 bcopy(src, &new_sin6.sin6_addr, sizeof(new_sin6.sin6_addr));
5054 error = in6_ifinit(ifp, ifatoia6(ifa), &new_sin6, 1);
5055 if (debug && error) {
5056 log(LOG_DEBUG, SPP_FMT "sppp_set_ip6_addr: in6_ifinit "
5057 " failed, error=%d\n", SPP_ARGS(ifp), error);
5064 * Suggest a candidate address to be used by peer.
5067 sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *suggest)
5069 struct in6_addr myaddr;
5072 sppp_get_ip6_addrs(sp, &myaddr, 0, 0);
5074 myaddr.s6_addr[8] &= ~0x02; /* u bit to "local" */
5076 if ((tv.tv_usec & 0xff) == 0 && (tv.tv_sec & 0xff) == 0) {
5077 myaddr.s6_addr[14] ^= 0xff;
5078 myaddr.s6_addr[15] ^= 0xff;
5080 myaddr.s6_addr[14] ^= (tv.tv_usec & 0xff);
5081 myaddr.s6_addr[15] ^= (tv.tv_sec & 0xff);
5084 bcopy(&myaddr, suggest, sizeof(myaddr));
5089 sppp_params(struct sppp *sp, u_long cmd, void *data)
5092 struct ifreq *ifr = (struct ifreq *)data;
5093 struct spppreq *spr;
5096 spr = kmalloc(sizeof(struct spppreq), M_TEMP, M_INTWAIT);
5099 * ifr->ifr_data is supposed to point to a struct spppreq.
5100 * Check the cmd word first before attempting to fetch all the
5103 if ((subcmd = fuword(ifr->ifr_data)) == -1) {
5108 if (copyin((caddr_t)ifr->ifr_data, spr, sizeof(struct spppreq)) != 0) {
5114 case (int)SPPPIOGDEFS:
5115 if (cmd != SIOCGIFGENERIC) {
5120 * We copy over the entire current state, but clean
5121 * out some of the stuff we don't wanna pass up.
5122 * Remember, SIOCGIFGENERIC is unprotected, and can be
5123 * called by any user. No need to ever get PAP or
5124 * CHAP secrets back to userland anyway.
5126 spr->defs.pp_phase = sp->pp_phase;
5127 spr->defs.enable_vj = (sp->confflags & CONF_ENABLE_VJ) != 0;
5128 spr->defs.enable_ipv6 = (sp->confflags & CONF_ENABLE_IPV6) != 0;
5129 spr->defs.lcp = sp->lcp;
5130 spr->defs.ipcp = sp->ipcp;
5131 spr->defs.ipv6cp = sp->ipv6cp;
5132 spr->defs.myauth = sp->myauth;
5133 spr->defs.hisauth = sp->hisauth;
5134 bzero(spr->defs.myauth.secret, AUTHKEYLEN);
5135 bzero(spr->defs.myauth.challenge, AUTHKEYLEN);
5136 bzero(spr->defs.hisauth.secret, AUTHKEYLEN);
5137 bzero(spr->defs.hisauth.challenge, AUTHKEYLEN);
5139 * Fixup the LCP timeout value to milliseconds so
5140 * spppcontrol doesn't need to bother about the value
5141 * of "hz". We do the reverse calculation below when
5144 spr->defs.lcp.timeout = sp->lcp.timeout * 1000 / hz;
5145 rv = copyout(spr, (caddr_t)ifr->ifr_data,
5146 sizeof(struct spppreq));
5149 case (int)SPPPIOSDEFS:
5150 if (cmd != SIOCSIFGENERIC) {
5155 * We have a very specific idea of which fields we
5156 * allow being passed back from userland, so to not
5157 * clobber our current state. For one, we only allow
5158 * setting anything if LCP is in dead or establish
5159 * phase. Once the authentication negotiations
5160 * started, the authentication settings must not be
5161 * changed again. (The administrator can force an
5162 * ifconfig down in order to get LCP back into dead
5165 * Also, we only allow for authentication parameters to be
5168 * XXX Should allow to set or clear pp_flags.
5170 * Finally, if the respective authentication protocol to
5171 * be used is set differently than 0, but the secret is
5172 * passed as all zeros, we don't trash the existing secret.
5173 * This allows an administrator to change the system name
5174 * only without clobbering the secret (which he didn't get
5175 * back in a previous SPPPIOGDEFS call). However, the
5176 * secrets are cleared if the authentication protocol is
5178 if (sp->pp_phase != PHASE_DEAD &&
5179 sp->pp_phase != PHASE_ESTABLISH) {
5184 if ((spr->defs.myauth.proto != 0 && spr->defs.myauth.proto != PPP_PAP &&
5185 spr->defs.myauth.proto != PPP_CHAP) ||
5186 (spr->defs.hisauth.proto != 0 && spr->defs.hisauth.proto != PPP_PAP &&
5187 spr->defs.hisauth.proto != PPP_CHAP)) {
5192 if (spr->defs.myauth.proto == 0)
5193 /* resetting myauth */
5194 bzero(&sp->myauth, sizeof sp->myauth);
5196 /* setting/changing myauth */
5197 sp->myauth.proto = spr->defs.myauth.proto;
5198 bcopy(spr->defs.myauth.name, sp->myauth.name, AUTHNAMELEN);
5199 if (spr->defs.myauth.secret[0] != '\0')
5200 bcopy(spr->defs.myauth.secret, sp->myauth.secret,
5203 if (spr->defs.hisauth.proto == 0)
5204 /* resetting hisauth */
5205 bzero(&sp->hisauth, sizeof sp->hisauth);
5207 /* setting/changing hisauth */
5208 sp->hisauth.proto = spr->defs.hisauth.proto;
5209 sp->hisauth.flags = spr->defs.hisauth.flags;
5210 bcopy(spr->defs.hisauth.name, sp->hisauth.name, AUTHNAMELEN);
5211 if (spr->defs.hisauth.secret[0] != '\0')
5212 bcopy(spr->defs.hisauth.secret, sp->hisauth.secret,
5215 /* set LCP restart timer timeout */
5216 if (spr->defs.lcp.timeout != 0)
5217 sp->lcp.timeout = spr->defs.lcp.timeout * hz / 1000;
5218 /* set VJ enable and IPv6 disable flags */
5220 if (spr->defs.enable_vj)
5221 sp->confflags |= CONF_ENABLE_VJ;
5223 sp->confflags &= ~CONF_ENABLE_VJ;
5226 if (spr->defs.enable_ipv6)
5227 sp->confflags |= CONF_ENABLE_IPV6;
5229 sp->confflags &= ~CONF_ENABLE_IPV6;
5244 sppp_phase_network(struct sppp *sp)
5250 sp->pp_phase = PHASE_NETWORK;
5253 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
5254 sppp_phase_name(sp->pp_phase));
5256 /* Notify NCPs now. */
5257 for (i = 0; i < IDX_COUNT; i++)
5258 if ((cps[i])->flags & CP_NCP)
5261 /* Send Up events to all NCPs. */
5262 for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
5263 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_NCP))
5266 /* if no NCP is starting, all this was in vain, close down */
5267 sppp_lcp_check_and_close(sp);
5272 sppp_cp_type_name(u_char type)
5274 static char buf[12];
5276 case CONF_REQ: return "conf-req";
5277 case CONF_ACK: return "conf-ack";
5278 case CONF_NAK: return "conf-nak";
5279 case CONF_REJ: return "conf-rej";
5280 case TERM_REQ: return "term-req";
5281 case TERM_ACK: return "term-ack";
5282 case CODE_REJ: return "code-rej";
5283 case PROTO_REJ: return "proto-rej";
5284 case ECHO_REQ: return "echo-req";
5285 case ECHO_REPLY: return "echo-reply";
5286 case DISC_REQ: return "discard-req";
5288 ksnprintf (buf, sizeof(buf), "cp/0x%x", type);
5293 sppp_auth_type_name(u_short proto, u_char type)
5295 static char buf[12];
5299 case CHAP_CHALLENGE: return "challenge";
5300 case CHAP_RESPONSE: return "response";
5301 case CHAP_SUCCESS: return "success";
5302 case CHAP_FAILURE: return "failure";
5306 case PAP_REQ: return "req";
5307 case PAP_ACK: return "ack";
5308 case PAP_NAK: return "nak";
5311 ksnprintf (buf, sizeof(buf), "auth/0x%x", type);
5316 sppp_lcp_opt_name(u_char opt)
5318 static char buf[12];
5320 case LCP_OPT_MRU: return "mru";
5321 case LCP_OPT_ASYNC_MAP: return "async-map";
5322 case LCP_OPT_AUTH_PROTO: return "auth-proto";
5323 case LCP_OPT_QUAL_PROTO: return "qual-proto";
5324 case LCP_OPT_MAGIC: return "magic";
5325 case LCP_OPT_PROTO_COMP: return "proto-comp";
5326 case LCP_OPT_ADDR_COMP: return "addr-comp";
5328 ksnprintf (buf, sizeof(buf), "lcp/0x%x", opt);
5333 sppp_ipcp_opt_name(u_char opt)
5335 static char buf[12];
5337 case IPCP_OPT_ADDRESSES: return "addresses";
5338 case IPCP_OPT_COMPRESSION: return "compression";
5339 case IPCP_OPT_ADDRESS: return "address";
5341 ksnprintf (buf, sizeof(buf), "ipcp/0x%x", opt);
5347 sppp_ipv6cp_opt_name(u_char opt)
5349 static char buf[12];
5351 case IPV6CP_OPT_IFID: return "ifid";
5352 case IPV6CP_OPT_COMPRESSION: return "compression";
5354 ksprintf (buf, "0x%x", opt);
5360 sppp_state_name(int state)
5363 case STATE_INITIAL: return "initial";
5364 case STATE_STARTING: return "starting";
5365 case STATE_CLOSED: return "closed";
5366 case STATE_STOPPED: return "stopped";
5367 case STATE_CLOSING: return "closing";
5368 case STATE_STOPPING: return "stopping";
5369 case STATE_REQ_SENT: return "req-sent";
5370 case STATE_ACK_RCVD: return "ack-rcvd";
5371 case STATE_ACK_SENT: return "ack-sent";
5372 case STATE_OPENED: return "opened";
5378 sppp_phase_name(enum ppp_phase phase)
5381 case PHASE_DEAD: return "dead";
5382 case PHASE_ESTABLISH: return "establish";
5383 case PHASE_TERMINATE: return "terminate";
5384 case PHASE_AUTHENTICATE: return "authenticate";
5385 case PHASE_NETWORK: return "network";
5391 sppp_proto_name(u_short proto)
5393 static char buf[12];
5395 case PPP_LCP: return "lcp";
5396 case PPP_IPCP: return "ipcp";
5397 case PPP_PAP: return "pap";
5398 case PPP_CHAP: return "chap";
5399 case PPP_IPV6CP: return "ipv6cp";
5401 ksnprintf(buf, sizeof(buf), "proto/0x%x", (unsigned)proto);
5406 sppp_print_bytes(const u_char *p, u_short len)
5409 log(-1, " %*D", len, p, "-");
5413 sppp_print_string(const char *p, u_short len)
5420 * Print only ASCII chars directly. RFC 1994 recommends
5421 * using only them, but we don't rely on it. */
5422 if (c < ' ' || c > '~')
5423 log(-1, "\\x%x", c);
5430 sppp_dotted_quad(u_long addr)
5433 ksprintf(s, "%d.%d.%d.%d",
5434 (int)((addr >> 24) & 0xff),
5435 (int)((addr >> 16) & 0xff),
5436 (int)((addr >> 8) & 0xff),
5437 (int)(addr & 0xff));
5442 sppp_strnlen(u_char *p, int max)
5446 for (len = 0; len < max && *p; ++p)
5451 /* a dummy, used to drop uninteresting events */
5453 sppp_null(struct sppp *unused)
5455 /* do just nothing */
projects / dragonfly.git / blob