timeout/untimeout ==> callout_*
[dragonfly.git] / sys / net / sppp / if_spppsubr.c
1 /*
2  * Synchronous PPP/Cisco link level subroutines.
3  * Keepalive protocol implemented in both Cisco and PPP modes.
4  *
5  * Copyright (C) 1994-1996 Cronyx Engineering Ltd.
6  * Author: Serge Vakulenko, <vak@cronyx.ru>
7  *
8  * Heavily revamped to conform to RFC 1661.
9  * Copyright (C) 1997, 2001 Joerg Wunsch.
10  *
11  * This software is distributed with NO WARRANTIES, not even the implied
12  * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
13  *
14  * Authors grant any other persons or organisations permission to use
15  * or modify this software as long as this message is kept with the software,
16  * all derivative works or modified versions.
17  *
18  * From: Version 2.4, Thu Apr 30 17:17:21 MSD 1997
19  *
20  * $FreeBSD: src/sys/net/if_spppsubr.c,v 1.59.2.13 2002/07/03 15:44:41 joerg Exp $
21  * $DragonFly: src/sys/net/sppp/if_spppsubr.c,v 1.17 2004/09/16 03:54:37 dillon Exp $
22  */
23
24 #include <sys/param.h>
25
26 #if defined(__DragonFly__) 
27 #include "opt_inet.h"
28 #include "opt_inet6.h"
29 #include "opt_ipx.h"
30 #endif
31
32 #ifdef NetBSD1_3
33 #  if NetBSD1_3 > 6
34 #      include "opt_inet.h"
35 #      include "opt_inet6.h"
36 #      include "opt_iso.h"
37 #  endif
38 #endif
39
40 #include <sys/systm.h>
41 #include <sys/kernel.h>
42 #include <sys/module.h>
43 #include <sys/sockio.h>
44 #include <sys/socket.h>
45 #include <sys/syslog.h>
46 #if defined(__DragonFly__)
47 #include <sys/random.h>
48 #endif
49 #include <sys/malloc.h>
50 #include <sys/mbuf.h>
51
52 #if defined (__OpenBSD__)
53 #include <sys/md5k.h>
54 #else
55 #include <sys/md5.h>
56 #endif
57
58 #include <net/if.h>
59 #include <net/netisr.h>
60 #include <net/if_types.h>
61 #include <net/route.h>
62 #include <netinet/in.h>
63 #include <netinet/in_systm.h>
64 #include <netinet/ip.h>
65 #include <net/slcompress.h>
66
67 #if defined (__NetBSD__) || defined (__OpenBSD__)
68 #include <machine/cpu.h> /* XXX for softnet */
69 #endif
70
71 #include <machine/stdarg.h>
72
73 #include <netinet/in.h>
74 #include <netinet/in_systm.h>
75 #include <netinet/in_var.h>
76
77 #ifdef INET
78 #include <netinet/ip.h>
79 #include <netinet/tcp.h>
80 #endif
81
82 #if defined (__DragonFly__) || defined (__OpenBSD__)
83 # include <netinet/if_ether.h>
84 #else
85 # include <net/ethertypes.h>
86 #endif
87
88 #ifdef IPX
89 #include <netproto/ipx/ipx.h>
90 #include <netproto/ipx/ipx_if.h>
91 #endif
92
93 #ifdef NS
94 #include <netns/ns.h>
95 #include <netns/ns_if.h>
96 #endif
97
98 #include "if_sppp.h"
99
100 #if defined(__DragonFly__)
101 # define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg, handle)
102 # define TIMEOUT(fun, arg1, arg2, handle) handle = timeout(fun, arg1, arg2)
103 # define IOCTL_CMD_T    u_long
104 #else
105 # define UNTIMEOUT(fun, arg, handle) untimeout(fun, arg)
106 # define TIMEOUT(fun, arg1, arg2, handle) timeout(fun, arg1, arg2)
107 # define IOCTL_CMD_T    int
108 #endif
109
110 #define MAXALIVECNT     3               /* max. alive packets */
111
112 /*
113  * Interface flags that can be set in an ifconfig command.
114  *
115  * Setting link0 will make the link passive, i.e. it will be marked
116  * as being administrative openable, but won't be opened to begin
117  * with.  Incoming calls will be answered, or subsequent calls with
118  * -link1 will cause the administrative open of the LCP layer.
119  *
120  * Setting link1 will cause the link to auto-dial only as packets
121  * arrive to be sent.
122  *
123  * Setting IFF_DEBUG will syslog the option negotiation and state
124  * transitions at level kern.debug.  Note: all logs consistently look
125  * like
126  *
127  *   <if-name><unit>: <proto-name> <additional info...>
128  *
129  * with <if-name><unit> being something like "bppp0", and <proto-name>
130  * being one of "lcp", "ipcp", "cisco", "chap", "pap", etc.
131  */
132
133 #define IFF_PASSIVE     IFF_LINK0       /* wait passively for connection */
134 #define IFF_AUTO        IFF_LINK1       /* auto-dial on output */
135 #define IFF_CISCO       IFF_LINK2       /* auto-dial on output */
136
137 #define PPP_ALLSTATIONS 0xff            /* All-Stations broadcast address */
138 #define PPP_UI          0x03            /* Unnumbered Information */
139 #define PPP_IP          0x0021          /* Internet Protocol */
140 #define PPP_ISO         0x0023          /* ISO OSI Protocol */
141 #define PPP_XNS         0x0025          /* Xerox NS Protocol */
142 #define PPP_IPX         0x002b          /* Novell IPX Protocol */
143 #define PPP_VJ_COMP     0x002d          /* VJ compressed TCP/IP */
144 #define PPP_VJ_UCOMP    0x002f          /* VJ uncompressed TCP/IP */
145 #define PPP_IPV6        0x0057          /* Internet Protocol Version 6 */
146 #define PPP_LCP         0xc021          /* Link Control Protocol */
147 #define PPP_PAP         0xc023          /* Password Authentication Protocol */
148 #define PPP_CHAP        0xc223          /* Challenge-Handshake Auth Protocol */
149 #define PPP_IPCP        0x8021          /* Internet Protocol Control Protocol */
150 #define PPP_IPV6CP      0x8057          /* IPv6 Control Protocol */
151
152 #define CONF_REQ        1               /* PPP configure request */
153 #define CONF_ACK        2               /* PPP configure acknowledge */
154 #define CONF_NAK        3               /* PPP configure negative ack */
155 #define CONF_REJ        4               /* PPP configure reject */
156 #define TERM_REQ        5               /* PPP terminate request */
157 #define TERM_ACK        6               /* PPP terminate acknowledge */
158 #define CODE_REJ        7               /* PPP code reject */
159 #define PROTO_REJ       8               /* PPP protocol reject */
160 #define ECHO_REQ        9               /* PPP echo request */
161 #define ECHO_REPLY      10              /* PPP echo reply */
162 #define DISC_REQ        11              /* PPP discard request */
163
164 #define LCP_OPT_MRU             1       /* maximum receive unit */
165 #define LCP_OPT_ASYNC_MAP       2       /* async control character map */
166 #define LCP_OPT_AUTH_PROTO      3       /* authentication protocol */
167 #define LCP_OPT_QUAL_PROTO      4       /* quality protocol */
168 #define LCP_OPT_MAGIC           5       /* magic number */
169 #define LCP_OPT_RESERVED        6       /* reserved */
170 #define LCP_OPT_PROTO_COMP      7       /* protocol field compression */
171 #define LCP_OPT_ADDR_COMP       8       /* address/control field compression */
172
173 #define IPCP_OPT_ADDRESSES      1       /* both IP addresses; deprecated */
174 #define IPCP_OPT_COMPRESSION    2       /* IP compression protocol (VJ) */
175 #define IPCP_OPT_ADDRESS        3       /* local IP address */
176
177 #define IPV6CP_OPT_IFID 1       /* interface identifier */
178 #define IPV6CP_OPT_COMPRESSION  2       /* IPv6 compression protocol */
179
180 #define IPCP_COMP_VJ            0x2d    /* Code for VJ compression */
181
182 #define PAP_REQ                 1       /* PAP name/password request */
183 #define PAP_ACK                 2       /* PAP acknowledge */
184 #define PAP_NAK                 3       /* PAP fail */
185
186 #define CHAP_CHALLENGE          1       /* CHAP challenge request */
187 #define CHAP_RESPONSE           2       /* CHAP challenge response */
188 #define CHAP_SUCCESS            3       /* CHAP response ok */
189 #define CHAP_FAILURE            4       /* CHAP response failed */
190
191 #define CHAP_MD5                5       /* hash algorithm - MD5 */
192
193 #define CISCO_MULTICAST         0x8f    /* Cisco multicast address */
194 #define CISCO_UNICAST           0x0f    /* Cisco unicast address */
195 #define CISCO_KEEPALIVE         0x8035  /* Cisco keepalive protocol */
196 #define CISCO_ADDR_REQ          0       /* Cisco address request */
197 #define CISCO_ADDR_REPLY        1       /* Cisco address reply */
198 #define CISCO_KEEPALIVE_REQ     2       /* Cisco keepalive request */
199
200 /* states are named and numbered according to RFC 1661 */
201 #define STATE_INITIAL   0
202 #define STATE_STARTING  1
203 #define STATE_CLOSED    2
204 #define STATE_STOPPED   3
205 #define STATE_CLOSING   4
206 #define STATE_STOPPING  5
207 #define STATE_REQ_SENT  6
208 #define STATE_ACK_RCVD  7
209 #define STATE_ACK_SENT  8
210 #define STATE_OPENED    9
211
212 struct ppp_header {
213         u_char address;
214         u_char control;
215         u_short protocol;
216 } __attribute__((__packed__));
217 #define PPP_HEADER_LEN          sizeof (struct ppp_header)
218
219 struct lcp_header {
220         u_char type;
221         u_char ident;
222         u_short len;
223 } __attribute__((__packed__));
224 #define LCP_HEADER_LEN          sizeof (struct lcp_header)
225
226 struct cisco_packet {
227         u_long type;
228         u_long par1;
229         u_long par2;
230         u_short rel;
231         u_short time0;
232         u_short time1;
233 } __attribute__((__packed__));
234 #define CISCO_PACKET_LEN        sizeof (struct cisco_packet)
235
236 /*
237  * We follow the spelling and capitalization of RFC 1661 here, to make
238  * it easier comparing with the standard.  Please refer to this RFC in
239  * case you can't make sense out of these abbreviation; it will also
240  * explain the semantics related to the various events and actions.
241  */
242 struct cp {
243         u_short proto;          /* PPP control protocol number */
244         u_char protoidx;        /* index into state table in struct sppp */
245         u_char flags;
246 #define CP_LCP          0x01    /* this is the LCP */
247 #define CP_AUTH         0x02    /* this is an authentication protocol */
248 #define CP_NCP          0x04    /* this is a NCP */
249 #define CP_QUAL         0x08    /* this is a quality reporting protocol */
250         const char *name;       /* name of this control protocol */
251         /* event handlers */
252         void    (*Up)(struct sppp *sp);
253         void    (*Down)(struct sppp *sp);
254         void    (*Open)(struct sppp *sp);
255         void    (*Close)(struct sppp *sp);
256         void    (*TO)(void *sp);
257         int     (*RCR)(struct sppp *sp, struct lcp_header *h, int len);
258         void    (*RCN_rej)(struct sppp *sp, struct lcp_header *h, int len);
259         void    (*RCN_nak)(struct sppp *sp, struct lcp_header *h, int len);
260         /* actions */
261         void    (*tlu)(struct sppp *sp);
262         void    (*tld)(struct sppp *sp);
263         void    (*tls)(struct sppp *sp);
264         void    (*tlf)(struct sppp *sp);
265         void    (*scr)(struct sppp *sp);
266 };
267
268 static struct sppp *spppq;
269 #if defined(__DragonFly__)
270 static struct callout keepalive_timeout;
271 #endif
272
273 #if defined(__FreeBSD__) && __FreeBSD__ >= 3 && !defined(__DragonFly__)
274 #define SPP_FMT         "%s%d: "
275 #define SPP_ARGS(ifp)   (ifp)->if_name, (ifp)->if_unit
276 #else
277 #define SPP_FMT         "%s: "
278 #define SPP_ARGS(ifp)   (ifp)->if_xname
279 #endif
280
281 #ifdef INET
282 /*
283  * The following disgusting hack gets around the problem that IP TOS
284  * can't be set yet.  We want to put "interactive" traffic on a high
285  * priority queue.  To decide if traffic is interactive, we check that
286  * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control.
287  *
288  * XXX is this really still necessary?  - joerg -
289  */
290 static u_short interactive_ports[8] = {
291         0,      513,    0,      0,
292         0,      21,     0,      23,
293 };
294 #define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p))
295 #endif
296
297 /* almost every function needs these */
298 #define STDDCL                                                  \
299         struct ifnet *ifp = &sp->pp_if;                         \
300         int debug = ifp->if_flags & IFF_DEBUG
301
302 static int sppp_output(struct ifnet *ifp, struct mbuf *m,
303                        struct sockaddr *dst, struct rtentry *rt);
304
305 static void sppp_cisco_send(struct sppp *sp, int type, long par1, long par2);
306 static void sppp_cisco_input(struct sppp *sp, struct mbuf *m);
307
308 static void sppp_cp_input(const struct cp *cp, struct sppp *sp,
309                           struct mbuf *m);
310 static void sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
311                          u_char ident, u_short len, void *data);
312 /* static void sppp_cp_timeout(void *arg); */
313 static void sppp_cp_change_state(const struct cp *cp, struct sppp *sp,
314                                  int newstate);
315 static void sppp_auth_send(const struct cp *cp,
316                            struct sppp *sp, unsigned int type, unsigned int id,
317                            ...);
318
319 static void sppp_up_event(const struct cp *cp, struct sppp *sp);
320 static void sppp_down_event(const struct cp *cp, struct sppp *sp);
321 static void sppp_open_event(const struct cp *cp, struct sppp *sp);
322 static void sppp_close_event(const struct cp *cp, struct sppp *sp);
323 static void sppp_to_event(const struct cp *cp, struct sppp *sp);
324
325 static void sppp_null(struct sppp *sp);
326
327 static void sppp_lcp_init(struct sppp *sp);
328 static void sppp_lcp_up(struct sppp *sp);
329 static void sppp_lcp_down(struct sppp *sp);
330 static void sppp_lcp_open(struct sppp *sp);
331 static void sppp_lcp_close(struct sppp *sp);
332 static void sppp_lcp_TO(void *sp);
333 static int sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
334 static void sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
335 static void sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
336 static void sppp_lcp_tlu(struct sppp *sp);
337 static void sppp_lcp_tld(struct sppp *sp);
338 static void sppp_lcp_tls(struct sppp *sp);
339 static void sppp_lcp_tlf(struct sppp *sp);
340 static void sppp_lcp_scr(struct sppp *sp);
341 static void sppp_lcp_check_and_close(struct sppp *sp);
342 static int sppp_ncp_check(struct sppp *sp);
343
344 static void sppp_ipcp_init(struct sppp *sp);
345 static void sppp_ipcp_up(struct sppp *sp);
346 static void sppp_ipcp_down(struct sppp *sp);
347 static void sppp_ipcp_open(struct sppp *sp);
348 static void sppp_ipcp_close(struct sppp *sp);
349 static void sppp_ipcp_TO(void *sp);
350 static int sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len);
351 static void sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
352 static void sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
353 static void sppp_ipcp_tlu(struct sppp *sp);
354 static void sppp_ipcp_tld(struct sppp *sp);
355 static void sppp_ipcp_tls(struct sppp *sp);
356 static void sppp_ipcp_tlf(struct sppp *sp);
357 static void sppp_ipcp_scr(struct sppp *sp);
358
359 static void sppp_ipv6cp_init(struct sppp *sp);
360 static void sppp_ipv6cp_up(struct sppp *sp);
361 static void sppp_ipv6cp_down(struct sppp *sp);
362 static void sppp_ipv6cp_open(struct sppp *sp);
363 static void sppp_ipv6cp_close(struct sppp *sp);
364 static void sppp_ipv6cp_TO(void *sp);
365 static int sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len);
366 static void sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len);
367 static void sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len);
368 static void sppp_ipv6cp_tlu(struct sppp *sp);
369 static void sppp_ipv6cp_tld(struct sppp *sp);
370 static void sppp_ipv6cp_tls(struct sppp *sp);
371 static void sppp_ipv6cp_tlf(struct sppp *sp);
372 static void sppp_ipv6cp_scr(struct sppp *sp);
373
374 static void sppp_pap_input(struct sppp *sp, struct mbuf *m);
375 static void sppp_pap_init(struct sppp *sp);
376 static void sppp_pap_open(struct sppp *sp);
377 static void sppp_pap_close(struct sppp *sp);
378 static void sppp_pap_TO(void *sp);
379 static void sppp_pap_my_TO(void *sp);
380 static void sppp_pap_tlu(struct sppp *sp);
381 static void sppp_pap_tld(struct sppp *sp);
382 static void sppp_pap_scr(struct sppp *sp);
383
384 static void sppp_chap_input(struct sppp *sp, struct mbuf *m);
385 static void sppp_chap_init(struct sppp *sp);
386 static void sppp_chap_open(struct sppp *sp);
387 static void sppp_chap_close(struct sppp *sp);
388 static void sppp_chap_TO(void *sp);
389 static void sppp_chap_tlu(struct sppp *sp);
390 static void sppp_chap_tld(struct sppp *sp);
391 static void sppp_chap_scr(struct sppp *sp);
392
393 static const char *sppp_auth_type_name(u_short proto, u_char type);
394 static const char *sppp_cp_type_name(u_char type);
395 static const char *sppp_dotted_quad(u_long addr);
396 static const char *sppp_ipcp_opt_name(u_char opt);
397 #ifdef INET6
398 static const char *sppp_ipv6cp_opt_name(u_char opt);
399 #endif
400 static const char *sppp_lcp_opt_name(u_char opt);
401 static const char *sppp_phase_name(enum ppp_phase phase);
402 static const char *sppp_proto_name(u_short proto);
403 static const char *sppp_state_name(int state);
404 static int sppp_params(struct sppp *sp, u_long cmd, void *data);
405 static int sppp_strnlen(u_char *p, int max);
406 static void sppp_get_ip_addrs(struct sppp *sp, u_long *src, u_long *dst,
407                               u_long *srcmask);
408 static void sppp_keepalive(void *dummy);
409 static void sppp_phase_network(struct sppp *sp);
410 static void sppp_print_bytes(const u_char *p, u_short len);
411 static void sppp_print_string(const char *p, u_short len);
412 static void sppp_qflush(struct ifqueue *ifq);
413 static void sppp_set_ip_addr(struct sppp *sp, u_long src);
414 #ifdef INET6
415 static void sppp_get_ip6_addrs(struct sppp *sp, struct in6_addr *src,
416                                struct in6_addr *dst, struct in6_addr *srcmask);
417 #ifdef IPV6CP_MYIFID_DYN
418 static void sppp_set_ip6_addr(struct sppp *sp, const struct in6_addr *src);
419 static void sppp_gen_ip6_addr(struct sppp *sp, const struct in6_addr *src);
420 #endif
421 static void sppp_suggest_ip6_addr(struct sppp *sp, struct in6_addr *src);
422 #endif
423
424 /* our control protocol descriptors */
425 static const struct cp lcp = {
426         PPP_LCP, IDX_LCP, CP_LCP, "lcp",
427         sppp_lcp_up, sppp_lcp_down, sppp_lcp_open, sppp_lcp_close,
428         sppp_lcp_TO, sppp_lcp_RCR, sppp_lcp_RCN_rej, sppp_lcp_RCN_nak,
429         sppp_lcp_tlu, sppp_lcp_tld, sppp_lcp_tls, sppp_lcp_tlf,
430         sppp_lcp_scr
431 };
432
433 static const struct cp ipcp = {
434         PPP_IPCP, IDX_IPCP, CP_NCP, "ipcp",
435         sppp_ipcp_up, sppp_ipcp_down, sppp_ipcp_open, sppp_ipcp_close,
436         sppp_ipcp_TO, sppp_ipcp_RCR, sppp_ipcp_RCN_rej, sppp_ipcp_RCN_nak,
437         sppp_ipcp_tlu, sppp_ipcp_tld, sppp_ipcp_tls, sppp_ipcp_tlf,
438         sppp_ipcp_scr
439 };
440
441 static const struct cp ipv6cp = {
442         PPP_IPV6CP, IDX_IPV6CP,
443 #ifdef INET6    /*don't run IPv6CP if there's no IPv6 support*/
444         CP_NCP,
445 #else
446         0,
447 #endif
448         "ipv6cp",
449         sppp_ipv6cp_up, sppp_ipv6cp_down, sppp_ipv6cp_open, sppp_ipv6cp_close,
450         sppp_ipv6cp_TO, sppp_ipv6cp_RCR, sppp_ipv6cp_RCN_rej, sppp_ipv6cp_RCN_nak,
451         sppp_ipv6cp_tlu, sppp_ipv6cp_tld, sppp_ipv6cp_tls, sppp_ipv6cp_tlf,
452         sppp_ipv6cp_scr
453 };
454
455 static const struct cp pap = {
456         PPP_PAP, IDX_PAP, CP_AUTH, "pap",
457         sppp_null, sppp_null, sppp_pap_open, sppp_pap_close,
458         sppp_pap_TO, 0, 0, 0,
459         sppp_pap_tlu, sppp_pap_tld, sppp_null, sppp_null,
460         sppp_pap_scr
461 };
462
463 static const struct cp chap = {
464         PPP_CHAP, IDX_CHAP, CP_AUTH, "chap",
465         sppp_null, sppp_null, sppp_chap_open, sppp_chap_close,
466         sppp_chap_TO, 0, 0, 0,
467         sppp_chap_tlu, sppp_chap_tld, sppp_null, sppp_null,
468         sppp_chap_scr
469 };
470
471 static const struct cp *cps[IDX_COUNT] = {
472         &lcp,                   /* IDX_LCP */
473         &ipcp,                  /* IDX_IPCP */
474         &ipv6cp,                /* IDX_IPV6CP */
475         &pap,                   /* IDX_PAP */
476         &chap,                  /* IDX_CHAP */
477 };
478
479 static int
480 sppp_modevent(module_t mod, int type, void *unused)
481 {
482         switch (type) {
483         case MOD_LOAD:
484                 break;
485         case MOD_UNLOAD:
486                 return EACCES;
487                 break;
488         default:
489                 break;
490         }
491         return 0;
492 }
493 static moduledata_t spppmod = {
494         "sppp",
495         sppp_modevent,
496         0
497 };
498 MODULE_VERSION(sppp, 1);
499 DECLARE_MODULE(sppp, spppmod, SI_SUB_DRIVERS, SI_ORDER_ANY);
500
501 /*
502  * Exported functions, comprising our interface to the lower layer.
503  */
504
505 /*
506  * Process the received packet.
507  */
508 void
509 sppp_input(struct ifnet *ifp, struct mbuf *m)
510 {
511         struct ppp_header *h;
512         int isr = -1;
513         struct sppp *sp = (struct sppp *)ifp;
514         u_char *iphdr;
515         int hlen, vjlen, do_account = 0;
516         int debug = ifp->if_flags & IFF_DEBUG;
517
518         if (ifp->if_flags & IFF_UP)
519                 /* Count received bytes, add FCS and one flag */
520                 ifp->if_ibytes += m->m_pkthdr.len + 3;
521
522         if (m->m_pkthdr.len <= PPP_HEADER_LEN) {
523                 /* Too small packet, drop it. */
524                 if (debug)
525                         log(LOG_DEBUG,
526                             SPP_FMT "input packet is too small, %d bytes\n",
527                             SPP_ARGS(ifp), m->m_pkthdr.len);
528           drop:
529                 m_freem (m);
530           drop2:
531                 ++ifp->if_ierrors;
532                 ++ifp->if_iqdrops;
533                 return;
534         }
535
536         /* Get PPP header. */
537         h = mtod (m, struct ppp_header*);
538         m_adj (m, PPP_HEADER_LEN);
539
540         switch (h->address) {
541         case PPP_ALLSTATIONS:
542                 if (h->control != PPP_UI)
543                         goto invalid;
544                 if (sp->pp_mode == IFF_CISCO) {
545                         if (debug)
546                                 log(LOG_DEBUG,
547                                     SPP_FMT "PPP packet in Cisco mode "
548                                     "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
549                                     SPP_ARGS(ifp),
550                                     h->address, h->control, ntohs(h->protocol));
551                         goto drop;
552                 }
553                 switch (ntohs (h->protocol)) {
554                 default:
555                         if (debug)
556                                 log(LOG_DEBUG,
557                                     SPP_FMT "rejecting protocol "
558                                     "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
559                                     SPP_ARGS(ifp),
560                                     h->address, h->control, ntohs(h->protocol));
561                         if (sp->state[IDX_LCP] == STATE_OPENED)
562                                 sppp_cp_send (sp, PPP_LCP, PROTO_REJ,
563                                         ++sp->pp_seq[IDX_LCP], m->m_pkthdr.len + 2,
564                                         &h->protocol);
565                         ++ifp->if_noproto;
566                         goto drop;
567                 case PPP_LCP:
568                         sppp_cp_input(&lcp, sp, m);
569                         m_freem (m);
570                         return;
571                 case PPP_PAP:
572                         if (sp->pp_phase >= PHASE_AUTHENTICATE)
573                                 sppp_pap_input(sp, m);
574                         m_freem (m);
575                         return;
576                 case PPP_CHAP:
577                         if (sp->pp_phase >= PHASE_AUTHENTICATE)
578                                 sppp_chap_input(sp, m);
579                         m_freem (m);
580                         return;
581 #ifdef INET
582                 case PPP_IPCP:
583                         if (sp->pp_phase == PHASE_NETWORK)
584                                 sppp_cp_input(&ipcp, sp, m);
585                         m_freem (m);
586                         return;
587                 case PPP_IP:
588                         if (sp->state[IDX_IPCP] == STATE_OPENED) {
589                                 isr = NETISR_IP;
590                         }
591                         do_account++;
592                         break;
593                 case PPP_VJ_COMP:
594                         if (sp->state[IDX_IPCP] == STATE_OPENED) {
595                                 if ((vjlen =
596                                      sl_uncompress_tcp_core(mtod(m, u_char *),
597                                                             m->m_len, m->m_len,
598                                                             TYPE_COMPRESSED_TCP,
599                                                             sp->pp_comp,
600                                                             &iphdr, &hlen)) <= 0) {
601                                         if (debug)
602                                                 log(LOG_INFO,
603                             SPP_FMT "VJ uncompress failed on compressed packet\n",
604                                                     SPP_ARGS(ifp));
605                                         goto drop;
606                                 }
607
608                                 /*
609                                  * Trim the VJ header off the packet, and prepend
610                                  * the uncompressed IP header (which will usually
611                                  * end up in two chained mbufs since there's not
612                                  * enough leading space in the existing mbuf).
613                                  */
614                                 m_adj(m, vjlen);
615                                 M_PREPEND(m, hlen, MB_DONTWAIT);
616                                 if (m == NULL)
617                                         goto drop2;
618                                 bcopy(iphdr, mtod(m, u_char *), hlen);
619
620                                 isr = NETISR_IP;
621                         }
622                         do_account++;
623                         break;
624                 case PPP_VJ_UCOMP:
625                         if (sp->state[IDX_IPCP] == STATE_OPENED) {
626                                 if (sl_uncompress_tcp_core(mtod(m, u_char *),
627                                                            m->m_len, m->m_len,
628                                                            TYPE_UNCOMPRESSED_TCP,
629                                                            sp->pp_comp,
630                                                            &iphdr, &hlen) != 0) {
631                                         if (debug)
632                                                 log(LOG_INFO,
633                             SPP_FMT "VJ uncompress failed on uncompressed packet\n",
634                                                     SPP_ARGS(ifp));
635                                         goto drop;
636                                 }
637                                 isr = NETISR_IP;
638                         }
639                         do_account++;
640                         break;
641 #endif
642 #ifdef INET6
643                 case PPP_IPV6CP:
644                         if (sp->pp_phase == PHASE_NETWORK)
645                             sppp_cp_input(&ipv6cp, sp, m);
646                         m_freem (m);
647                         return;
648
649                 case PPP_IPV6:
650                         if (sp->state[IDX_IPV6CP] == STATE_OPENED) {
651                                 isr = NETISR_IPV6;
652                         }
653                         do_account++;
654                         break;
655 #endif
656 #ifdef IPX
657                 case PPP_IPX:
658                         /* IPX IPXCP not implemented yet */
659                         if (sp->pp_phase == PHASE_NETWORK) {
660                                 isr = NETISR_IPX;
661                         }
662                         do_account++;
663                         break;
664 #endif
665 #ifdef NS
666                 case PPP_XNS:
667                         /* XNS IDPCP not implemented yet */
668                         if (sp->pp_phase == PHASE_NETWORK) {
669                                 isr = NETISR_NS;
670                         }
671                         do_account++;
672                         break;
673 #endif
674                 }
675                 break;
676         case CISCO_MULTICAST:
677         case CISCO_UNICAST:
678                 /* Don't check the control field here (RFC 1547). */
679                 if (sp->pp_mode != IFF_CISCO) {
680                         if (debug)
681                                 log(LOG_DEBUG,
682                                     SPP_FMT "Cisco packet in PPP mode "
683                                     "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
684                                     SPP_ARGS(ifp),
685                                     h->address, h->control, ntohs(h->protocol));
686                         goto drop;
687                 }
688                 switch (ntohs (h->protocol)) {
689                 default:
690                         ++ifp->if_noproto;
691                         goto invalid;
692                 case CISCO_KEEPALIVE:
693                         sppp_cisco_input ((struct sppp*) ifp, m);
694                         m_freem (m);
695                         return;
696 #ifdef INET
697                 case ETHERTYPE_IP:
698                         isr = NETISR_IP;
699                         do_account++;
700                         break;
701 #endif
702 #ifdef INET6
703                 case ETHERTYPE_IPV6:
704                         isr = NETISR_IPV6;
705                         do_account++;
706                         break;
707 #endif
708 #ifdef IPX
709                 case ETHERTYPE_IPX:
710                         isr = NETISR_IPX;
711                         do_account++;
712                         break;
713 #endif
714 #ifdef NS
715                 case ETHERTYPE_NS:
716                         isr = NETISR_NS
717                         do_account++;
718                         break;
719 #endif
720                 }
721                 break;
722         default:        /* Invalid PPP packet. */
723           invalid:
724                 if (debug)
725                         log(LOG_DEBUG,
726                             SPP_FMT "invalid input packet "
727                             "<addr=0x%x ctrl=0x%x proto=0x%x>\n",
728                             SPP_ARGS(ifp),
729                             h->address, h->control, ntohs(h->protocol));
730                 goto drop;
731         }
732
733         if (! (ifp->if_flags & IFF_UP) || isr < 0)
734                 goto drop;
735
736         /* Check queue. */
737
738         netisr_dispatch(isr, m);
739         if (do_account)
740                 /*
741                  * Do only account for network packets, not for control
742                  * packets.  This is used by some subsystems to detect
743                  * idle lines.
744                  */
745                 sp->pp_last_recv = time_second;
746 }
747
748 /*
749  * Enqueue transmit packet.
750  */
751 static int
752 sppp_output(struct ifnet *ifp, struct mbuf *m,
753             struct sockaddr *dst, struct rtentry *rt)
754 {
755         struct sppp *sp = (struct sppp*) ifp;
756         struct ppp_header *h;
757         struct ifqueue *ifq = NULL;
758         int s, rv = 0;
759         int ipproto = PPP_IP;
760         int debug = ifp->if_flags & IFF_DEBUG;
761
762         s = splimp();
763
764         if ((ifp->if_flags & IFF_UP) == 0 ||
765             (ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == 0) {
766 #ifdef INET6
767           drop:
768 #endif
769                 m_freem (m);
770                 splx (s);
771                 return (ENETDOWN);
772         }
773
774         if ((ifp->if_flags & (IFF_RUNNING | IFF_AUTO)) == IFF_AUTO) {
775 #ifdef INET6
776                 /*
777                  * XXX
778                  *
779                  * Hack to prevent the initialization-time generated
780                  * IPv6 multicast packet to erroneously cause a
781                  * dialout event in case IPv6 has been
782                  * administratively disabled on that interface.
783                  */
784                 if (dst->sa_family == AF_INET6 &&
785                     !(sp->confflags & CONF_ENABLE_IPV6))
786                         goto drop;
787 #endif
788                 /*
789                  * Interface is not yet running, but auto-dial.  Need
790                  * to start LCP for it.
791                  */
792                 ifp->if_flags |= IFF_RUNNING;
793                 splx(s);
794                 lcp.Open(sp);
795                 s = splimp();
796         }
797
798         ifq = &ifp->if_snd;
799 #ifdef INET
800         if (dst->sa_family == AF_INET) {
801                 /* XXX Check mbuf length here? */
802                 struct ip *ip = mtod (m, struct ip*);
803                 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl);
804
805                 /*
806                  * When using dynamic local IP address assignment by using
807                  * 0.0.0.0 as a local address, the first TCP session will
808                  * not connect because the local TCP checksum is computed
809                  * using 0.0.0.0 which will later become our real IP address
810                  * so the TCP checksum computed at the remote end will
811                  * become invalid. So we
812                  * - don't let packets with src ip addr 0 thru
813                  * - we flag TCP packets with src ip 0 as an error
814                  */
815
816                 if(ip->ip_src.s_addr == INADDR_ANY)     /* -hm */
817                 {
818                         m_freem(m);
819                         splx(s);
820                         if(ip->ip_p == IPPROTO_TCP)
821                                 return(EADDRNOTAVAIL);
822                         else
823                                 return(0);
824                 }
825
826                 /*
827                  * Put low delay, telnet, rlogin and ftp control packets
828                  * in front of the queue.
829                  */
830                 if (IF_QFULL (&sp->pp_fastq))
831                         ;
832                 else if (ip->ip_tos & IPTOS_LOWDELAY)
833                         ifq = &sp->pp_fastq;
834                 else if (m->m_len < sizeof *ip + sizeof *tcp)
835                         ;
836                 else if (ip->ip_p != IPPROTO_TCP)
837                         ;
838                 else if (INTERACTIVE (ntohs (tcp->th_sport)))
839                         ifq = &sp->pp_fastq;
840                 else if (INTERACTIVE (ntohs (tcp->th_dport)))
841                         ifq = &sp->pp_fastq;
842
843                 /*
844                  * Do IP Header compression
845                  */
846                 if (sp->pp_mode != IFF_CISCO && (sp->ipcp.flags & IPCP_VJ) &&
847                     ip->ip_p == IPPROTO_TCP)
848                         switch (sl_compress_tcp(m, ip, sp->pp_comp,
849                                                 sp->ipcp.compress_cid)) {
850                         case TYPE_COMPRESSED_TCP:
851                                 ipproto = PPP_VJ_COMP;
852                                 break;
853                         case TYPE_UNCOMPRESSED_TCP:
854                                 ipproto = PPP_VJ_UCOMP;
855                                 break;
856                         case TYPE_IP:
857                                 ipproto = PPP_IP;
858                                 break;
859                         default:
860                                 m_freem(m);
861                                 splx(s);
862                                 return (EINVAL);
863                         }
864         }
865 #endif
866
867 #ifdef INET6
868         if (dst->sa_family == AF_INET6) {
869                 /* XXX do something tricky here? */
870         }
871 #endif
872
873         /*
874          * Prepend general data packet PPP header. For now, IP only.
875          */
876         M_PREPEND (m, PPP_HEADER_LEN, MB_DONTWAIT);
877         if (! m) {
878                 if (debug)
879                         log(LOG_DEBUG, SPP_FMT "no memory for transmit header\n",
880                                 SPP_ARGS(ifp));
881                 ++ifp->if_oerrors;
882                 splx (s);
883                 return (ENOBUFS);
884         }
885         /*
886          * May want to check size of packet
887          * (albeit due to the implementation it's always enough)
888          */
889         h = mtod (m, struct ppp_header*);
890         if (sp->pp_mode == IFF_CISCO) {
891                 h->address = CISCO_UNICAST;        /* unicast address */
892                 h->control = 0;
893         } else {
894                 h->address = PPP_ALLSTATIONS;        /* broadcast address */
895                 h->control = PPP_UI;                 /* Unnumbered Info */
896         }
897
898         switch (dst->sa_family) {
899 #ifdef INET
900         case AF_INET:   /* Internet Protocol */
901                 if (sp->pp_mode == IFF_CISCO)
902                         h->protocol = htons (ETHERTYPE_IP);
903                 else {
904                         /*
905                          * Don't choke with an ENETDOWN early.  It's
906                          * possible that we just started dialing out,
907                          * so don't drop the packet immediately.  If
908                          * we notice that we run out of buffer space
909                          * below, we will however remember that we are
910                          * not ready to carry IP packets, and return
911                          * ENETDOWN, as opposed to ENOBUFS.
912                          */
913                         h->protocol = htons(ipproto);
914                         if (sp->state[IDX_IPCP] != STATE_OPENED)
915                                 rv = ENETDOWN;
916                 }
917                 break;
918 #endif
919 #ifdef INET6
920         case AF_INET6:   /* Internet Protocol */
921                 if (sp->pp_mode == IFF_CISCO)
922                         h->protocol = htons (ETHERTYPE_IPV6);
923                 else {
924                         /*
925                          * Don't choke with an ENETDOWN early.  It's
926                          * possible that we just started dialing out,
927                          * so don't drop the packet immediately.  If
928                          * we notice that we run out of buffer space
929                          * below, we will however remember that we are
930                          * not ready to carry IP packets, and return
931                          * ENETDOWN, as opposed to ENOBUFS.
932                          */
933                         h->protocol = htons(PPP_IPV6);
934                         if (sp->state[IDX_IPV6CP] != STATE_OPENED)
935                                 rv = ENETDOWN;
936                 }
937                 break;
938 #endif
939 #ifdef NS
940         case AF_NS:     /* Xerox NS Protocol */
941                 h->protocol = htons (sp->pp_mode == IFF_CISCO ?
942                         ETHERTYPE_NS : PPP_XNS);
943                 break;
944 #endif
945 #ifdef IPX
946         case AF_IPX:     /* Novell IPX Protocol */
947                 h->protocol = htons (sp->pp_mode == IFF_CISCO ?
948                         ETHERTYPE_IPX : PPP_IPX);
949                 break;
950 #endif
951         default:
952                 m_freem (m);
953                 ++ifp->if_oerrors;
954                 splx (s);
955                 return (EAFNOSUPPORT);
956         }
957
958         /*
959          * Queue message on interface, and start output if interface
960          * not yet active.
961          */
962         if (IF_QFULL (ifq)) {
963                 IF_DROP (&ifp->if_snd);
964                 m_freem (m);
965                 ++ifp->if_oerrors;
966                 splx (s);
967                 return (rv? rv: ENOBUFS);
968         }
969         IF_ENQUEUE (ifq, m);
970         if (! (ifp->if_flags & IFF_OACTIVE))
971                 (*ifp->if_start) (ifp);
972
973         /*
974          * Count output packets and bytes.
975          * The packet length includes header, FCS and 1 flag,
976          * according to RFC 1333.
977          */
978         ifp->if_obytes += m->m_pkthdr.len + 3;
979         splx (s);
980         /*
981          * Unlike in sppp_input(), we can always bump the timestamp
982          * here since sppp_output() is only called on behalf of
983          * network-layer traffic; control-layer traffic is handled
984          * by sppp_cp_send().
985          */
986         sp->pp_last_sent = time_second;
987         return (0);
988 }
989
990 void
991 sppp_attach(struct ifnet *ifp)
992 {
993         struct sppp *sp = (struct sppp*) ifp;
994
995         /* Initialize keepalive handler. */
996         if (!spppq) {
997                 callout_reset(&keepalive_timeout, hz * 10,
998                                 sppp_keepalive, NULL);
999         }
1000         /* Insert new entry into the keepalive list. */
1001         sp->pp_next = spppq;
1002         spppq = sp;
1003
1004         sp->pp_if.if_mtu = PP_MTU;
1005         sp->pp_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST;
1006         sp->pp_if.if_type = IFT_PPP;
1007         sp->pp_if.if_output = sppp_output;
1008 #if 0
1009         sp->pp_flags = PP_KEEPALIVE;
1010 #endif
1011         sp->pp_if.if_snd.ifq_maxlen = 32;
1012         sp->pp_fastq.ifq_maxlen = 32;
1013         sp->pp_cpq.ifq_maxlen = 20;
1014         sp->pp_loopcnt = 0;
1015         sp->pp_alivecnt = 0;
1016         bzero(&sp->pp_seq[0], sizeof(sp->pp_seq));
1017         bzero(&sp->pp_rseq[0], sizeof(sp->pp_rseq));
1018         sp->pp_phase = PHASE_DEAD;
1019         sp->pp_up = lcp.Up;
1020         sp->pp_down = lcp.Down;
1021         sp->pp_last_recv = sp->pp_last_sent = time_second;
1022         sp->confflags = 0;
1023 #ifdef INET
1024         sp->confflags |= CONF_ENABLE_VJ;
1025 #endif
1026 #ifdef INET6
1027         sp->confflags |= CONF_ENABLE_IPV6;
1028 #endif
1029         sp->pp_comp = malloc(sizeof(struct slcompress), M_TEMP, M_WAITOK);
1030         sl_compress_init(sp->pp_comp, -1);
1031         sppp_lcp_init(sp);
1032         sppp_ipcp_init(sp);
1033         sppp_ipv6cp_init(sp);
1034         sppp_pap_init(sp);
1035         sppp_chap_init(sp);
1036 }
1037
1038 void
1039 sppp_detach(struct ifnet *ifp)
1040 {
1041         struct sppp **q, *p, *sp = (struct sppp*) ifp;
1042         int i;
1043
1044         /* Remove the entry from the keepalive list. */
1045         for (q = &spppq; (p = *q); q = &p->pp_next)
1046                 if (p == sp) {
1047                         *q = p->pp_next;
1048                         break;
1049                 }
1050
1051         /* Stop keepalive handler. */
1052         if (!spppq)
1053                 callout_stop(&keepalive_timeout);
1054
1055         for (i = 0; i < IDX_COUNT; i++)
1056                 callout_stop(&sp->timeout[i]);
1057         callout_stop(&sp->pap_my_to);
1058 }
1059
1060 /*
1061  * Flush the interface output queue.
1062  */
1063 void
1064 sppp_flush(struct ifnet *ifp)
1065 {
1066         struct sppp *sp = (struct sppp*) ifp;
1067
1068         sppp_qflush (&sp->pp_if.if_snd);
1069         sppp_qflush (&sp->pp_fastq);
1070         sppp_qflush (&sp->pp_cpq);
1071 }
1072
1073 /*
1074  * Check if the output queue is empty.
1075  */
1076 int
1077 sppp_isempty(struct ifnet *ifp)
1078 {
1079         struct sppp *sp = (struct sppp*) ifp;
1080         int empty, s;
1081
1082         s = splimp();
1083         empty = !sp->pp_fastq.ifq_head && !sp->pp_cpq.ifq_head &&
1084                 !sp->pp_if.if_snd.ifq_head;
1085         splx(s);
1086         return (empty);
1087 }
1088
1089 /*
1090  * Get next packet to send.
1091  */
1092 struct mbuf *
1093 sppp_dequeue(struct ifnet *ifp)
1094 {
1095         struct sppp *sp = (struct sppp*) ifp;
1096         struct mbuf *m;
1097         int s;
1098
1099         s = splimp();
1100         /*
1101          * Process only the control protocol queue until we have at
1102          * least one NCP open.
1103          *
1104          * Do always serve all three queues in Cisco mode.
1105          */
1106         IF_DEQUEUE(&sp->pp_cpq, m);
1107         if (m == NULL &&
1108             (sppp_ncp_check(sp) || sp->pp_mode == IFF_CISCO)) {
1109                 IF_DEQUEUE(&sp->pp_fastq, m);
1110                 if (m == NULL)
1111                         IF_DEQUEUE (&sp->pp_if.if_snd, m);
1112         }
1113         splx(s);
1114         return m;
1115 }
1116
1117 /*
1118  * Pick the next packet, do not remove it from the queue.
1119  */
1120 struct mbuf *
1121 sppp_pick(struct ifnet *ifp)
1122 {
1123         struct sppp *sp = (struct sppp*)ifp;
1124         struct mbuf *m;
1125         int s;
1126
1127         s= splimp ();
1128
1129         m = sp->pp_cpq.ifq_head;
1130         if (m == NULL &&
1131             (sp->pp_phase == PHASE_NETWORK || sp->pp_mode == IFF_CISCO))
1132                 if ((m = sp->pp_fastq.ifq_head) == NULL)
1133                         m = sp->pp_if.if_snd.ifq_head;
1134         splx (s);
1135         return (m);
1136 }
1137
1138 /*
1139  * Process an ioctl request.  Called on low priority level.
1140  */
1141 int
1142 sppp_ioctl(struct ifnet *ifp, IOCTL_CMD_T cmd, void *data)
1143 {
1144         struct ifreq *ifr = (struct ifreq*) data;
1145         struct sppp *sp = (struct sppp*) ifp;
1146         int s, rv, going_up, going_down, newmode;
1147
1148         s = splimp();
1149         rv = 0;
1150         switch (cmd) {
1151         case SIOCAIFADDR:
1152         case SIOCSIFDSTADDR:
1153                 break;
1154
1155         case SIOCSIFADDR:
1156                 /* set the interface "up" when assigning an IP address */
1157                 ifp->if_flags |= IFF_UP;
1158                 /* fall through... */
1159
1160         case SIOCSIFFLAGS:
1161                 going_up = ifp->if_flags & IFF_UP &&
1162                         (ifp->if_flags & IFF_RUNNING) == 0;
1163                 going_down = (ifp->if_flags & IFF_UP) == 0 &&
1164                         ifp->if_flags & IFF_RUNNING;
1165
1166                 newmode = ifp->if_flags & IFF_PASSIVE;
1167                 if (!newmode)
1168                         newmode = ifp->if_flags & IFF_AUTO;
1169                 if (!newmode)
1170                         newmode = ifp->if_flags & IFF_CISCO;
1171                 ifp->if_flags &= ~(IFF_PASSIVE | IFF_AUTO | IFF_CISCO);
1172                 ifp->if_flags |= newmode;
1173
1174                 if (newmode != sp->pp_mode) {
1175                         going_down = 1;
1176                         if (!going_up)
1177                                 going_up = ifp->if_flags & IFF_RUNNING;
1178                 }
1179
1180                 if (going_down) {
1181                         if (sp->pp_mode != IFF_CISCO)
1182                                 lcp.Close(sp);
1183                         else if (sp->pp_tlf)
1184                                 (sp->pp_tlf)(sp);
1185                         sppp_flush(ifp);
1186                         ifp->if_flags &= ~IFF_RUNNING;
1187                         sp->pp_mode = newmode;
1188                 }
1189
1190                 if (going_up) {
1191                         if (sp->pp_mode != IFF_CISCO)
1192                                 lcp.Close(sp);
1193                         sp->pp_mode = newmode;
1194                         if (sp->pp_mode == 0) {
1195                                 ifp->if_flags |= IFF_RUNNING;
1196                                 lcp.Open(sp);
1197                         }
1198                         if (sp->pp_mode == IFF_CISCO) {
1199                                 if (sp->pp_tls)
1200                                         (sp->pp_tls)(sp);
1201                                 ifp->if_flags |= IFF_RUNNING;
1202                         }
1203                 }
1204
1205                 break;
1206
1207 #ifdef SIOCSIFMTU
1208 #ifndef ifr_mtu
1209 #define ifr_mtu ifr_metric
1210 #endif
1211         case SIOCSIFMTU:
1212                 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > sp->lcp.their_mru)
1213                         return (EINVAL);
1214                 ifp->if_mtu = ifr->ifr_mtu;
1215                 break;
1216 #endif
1217 #ifdef SLIOCSETMTU
1218         case SLIOCSETMTU:
1219                 if (*(short*)data < 128 || *(short*)data > sp->lcp.their_mru)
1220                         return (EINVAL);
1221                 ifp->if_mtu = *(short*)data;
1222                 break;
1223 #endif
1224 #ifdef SIOCGIFMTU
1225         case SIOCGIFMTU:
1226                 ifr->ifr_mtu = ifp->if_mtu;
1227                 break;
1228 #endif
1229 #ifdef SLIOCGETMTU
1230         case SLIOCGETMTU:
1231                 *(short*)data = ifp->if_mtu;
1232                 break;
1233 #endif
1234         case SIOCADDMULTI:
1235         case SIOCDELMULTI:
1236                 break;
1237
1238         case SIOCGIFGENERIC:
1239         case SIOCSIFGENERIC:
1240                 rv = sppp_params(sp, cmd, data);
1241                 break;
1242
1243         default:
1244                 rv = ENOTTY;
1245         }
1246         splx(s);
1247         return rv;
1248 }
1249
1250 /*
1251  * Cisco framing implementation.
1252  */
1253
1254 /*
1255  * Handle incoming Cisco keepalive protocol packets.
1256  */
1257 static void
1258 sppp_cisco_input(struct sppp *sp, struct mbuf *m)
1259 {
1260         STDDCL;
1261         struct cisco_packet *h;
1262         u_long me, mymask;
1263
1264         if (m->m_pkthdr.len < CISCO_PACKET_LEN) {
1265                 if (debug)
1266                         log(LOG_DEBUG,
1267                             SPP_FMT "cisco invalid packet length: %d bytes\n",
1268                             SPP_ARGS(ifp), m->m_pkthdr.len);
1269                 return;
1270         }
1271         h = mtod (m, struct cisco_packet*);
1272         if (debug)
1273                 log(LOG_DEBUG,
1274                     SPP_FMT "cisco input: %d bytes "
1275                     "<0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n",
1276                     SPP_ARGS(ifp), m->m_pkthdr.len,
1277                     (u_long)ntohl (h->type), (u_long)h->par1, (u_long)h->par2, (u_int)h->rel,
1278                     (u_int)h->time0, (u_int)h->time1);
1279         switch (ntohl (h->type)) {
1280         default:
1281                 if (debug)
1282                         addlog(SPP_FMT "cisco unknown packet type: 0x%lx\n",
1283                                SPP_ARGS(ifp), (u_long)ntohl (h->type));
1284                 break;
1285         case CISCO_ADDR_REPLY:
1286                 /* Reply on address request, ignore */
1287                 break;
1288         case CISCO_KEEPALIVE_REQ:
1289                 sp->pp_alivecnt = 0;
1290                 sp->pp_rseq[IDX_LCP] = ntohl (h->par1);
1291                 if (sp->pp_seq[IDX_LCP] == sp->pp_rseq[IDX_LCP]) {
1292                         /* Local and remote sequence numbers are equal.
1293                          * Probably, the line is in loopback mode. */
1294                         if (sp->pp_loopcnt >= MAXALIVECNT) {
1295                                 printf (SPP_FMT "loopback\n",
1296                                         SPP_ARGS(ifp));
1297                                 sp->pp_loopcnt = 0;
1298                                 if (ifp->if_flags & IFF_UP) {
1299                                         if_down (ifp);
1300                                         sppp_qflush (&sp->pp_cpq);
1301                                 }
1302                         }
1303                         ++sp->pp_loopcnt;
1304
1305                         /* Generate new local sequence number */
1306 #if defined(__DragonFly__)
1307                         sp->pp_seq[IDX_LCP] = random();
1308 #else
1309                         sp->pp_seq[IDX_LCP] ^= time.tv_sec ^ time.tv_usec;
1310 #endif
1311                         break;
1312                 }
1313                 sp->pp_loopcnt = 0;
1314                 if (! (ifp->if_flags & IFF_UP) &&
1315                     (ifp->if_flags & IFF_RUNNING)) {
1316                         if_up(ifp);
1317                         printf (SPP_FMT "up\n", SPP_ARGS(ifp));
1318                 }
1319                 break;
1320         case CISCO_ADDR_REQ:
1321                 sppp_get_ip_addrs(sp, &me, 0, &mymask);
1322                 if (me != 0L)
1323                         sppp_cisco_send(sp, CISCO_ADDR_REPLY, me, mymask);
1324                 break;
1325         }
1326 }
1327
1328 /*
1329  * Send Cisco keepalive packet.
1330  */
1331 static void
1332 sppp_cisco_send(struct sppp *sp, int type, long par1, long par2)
1333 {
1334         STDDCL;
1335         struct ppp_header *h;
1336         struct cisco_packet *ch;
1337         struct mbuf *m;
1338 #if defined(__DragonFly__)
1339         struct timeval tv;
1340 #else
1341         u_long t = (time.tv_sec - boottime.tv_sec) * 1000;
1342 #endif
1343
1344 #if defined(__DragonFly__)
1345         getmicrouptime(&tv);
1346 #endif
1347
1348         MGETHDR (m, MB_DONTWAIT, MT_DATA);
1349         if (! m)
1350                 return;
1351         m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN;
1352         m->m_pkthdr.rcvif = 0;
1353
1354         h = mtod (m, struct ppp_header*);
1355         h->address = CISCO_MULTICAST;
1356         h->control = 0;
1357         h->protocol = htons (CISCO_KEEPALIVE);
1358
1359         ch = (struct cisco_packet*) (h + 1);
1360         ch->type = htonl (type);
1361         ch->par1 = htonl (par1);
1362         ch->par2 = htonl (par2);
1363         ch->rel = -1;
1364
1365 #if defined(__DragonFly__)
1366         ch->time0 = htons ((u_short) (tv.tv_sec >> 16));
1367         ch->time1 = htons ((u_short) tv.tv_sec);
1368 #else
1369         ch->time0 = htons ((u_short) (t >> 16));
1370         ch->time1 = htons ((u_short) t);
1371 #endif
1372
1373         if (debug)
1374                 log(LOG_DEBUG,
1375                     SPP_FMT "cisco output: <0x%lx 0x%lx 0x%lx 0x%x 0x%x-0x%x>\n",
1376                         SPP_ARGS(ifp), (u_long)ntohl (ch->type), (u_long)ch->par1,
1377                         (u_long)ch->par2, (u_int)ch->rel, (u_int)ch->time0, (u_int)ch->time1);
1378
1379         if (IF_QFULL (&sp->pp_cpq)) {
1380                 IF_DROP (&sp->pp_fastq);
1381                 IF_DROP (&ifp->if_snd);
1382                 m_freem (m);
1383         } else
1384                 IF_ENQUEUE (&sp->pp_cpq, m);
1385         if (! (ifp->if_flags & IFF_OACTIVE))
1386                 (*ifp->if_start) (ifp);
1387         ifp->if_obytes += m->m_pkthdr.len + 3;
1388 }
1389
1390 /*
1391  * PPP protocol implementation.
1392  */
1393
1394 /*
1395  * Send PPP control protocol packet.
1396  */
1397 static void
1398 sppp_cp_send(struct sppp *sp, u_short proto, u_char type,
1399              u_char ident, u_short len, void *data)
1400 {
1401         STDDCL;
1402         struct ppp_header *h;
1403         struct lcp_header *lh;
1404         struct mbuf *m;
1405
1406         if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN)
1407                 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN;
1408         MGETHDR (m, MB_DONTWAIT, MT_DATA);
1409         if (! m)
1410                 return;
1411         m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len;
1412         m->m_pkthdr.rcvif = 0;
1413
1414         h = mtod (m, struct ppp_header*);
1415         h->address = PPP_ALLSTATIONS;        /* broadcast address */
1416         h->control = PPP_UI;                 /* Unnumbered Info */
1417         h->protocol = htons (proto);         /* Link Control Protocol */
1418
1419         lh = (struct lcp_header*) (h + 1);
1420         lh->type = type;
1421         lh->ident = ident;
1422         lh->len = htons (LCP_HEADER_LEN + len);
1423         if (len)
1424                 bcopy (data, lh+1, len);
1425
1426         if (debug) {
1427                 log(LOG_DEBUG, SPP_FMT "%s output <%s id=0x%x len=%d",
1428                     SPP_ARGS(ifp),
1429                     sppp_proto_name(proto),
1430                     sppp_cp_type_name (lh->type), lh->ident,
1431                     ntohs (lh->len));
1432                 sppp_print_bytes ((u_char*) (lh+1), len);
1433                 addlog(">\n");
1434         }
1435         if (IF_QFULL (&sp->pp_cpq)) {
1436                 IF_DROP (&sp->pp_fastq);
1437                 IF_DROP (&ifp->if_snd);
1438                 m_freem (m);
1439                 ++ifp->if_oerrors;
1440         } else
1441                 IF_ENQUEUE (&sp->pp_cpq, m);
1442         if (! (ifp->if_flags & IFF_OACTIVE))
1443                 (*ifp->if_start) (ifp);
1444         ifp->if_obytes += m->m_pkthdr.len + 3;
1445 }
1446
1447 /*
1448  * Handle incoming PPP control protocol packets.
1449  */
1450 static void
1451 sppp_cp_input(const struct cp *cp, struct sppp *sp, struct mbuf *m)
1452 {
1453         STDDCL;
1454         struct lcp_header *h;
1455         int len = m->m_pkthdr.len;
1456         int rv;
1457         u_char *p;
1458
1459         if (len < 4) {
1460                 if (debug)
1461                         log(LOG_DEBUG,
1462                             SPP_FMT "%s invalid packet length: %d bytes\n",
1463                             SPP_ARGS(ifp), cp->name, len);
1464                 return;
1465         }
1466         h = mtod (m, struct lcp_header*);
1467         if (debug) {
1468                 log(LOG_DEBUG,
1469                     SPP_FMT "%s input(%s): <%s id=0x%x len=%d",
1470                     SPP_ARGS(ifp), cp->name,
1471                     sppp_state_name(sp->state[cp->protoidx]),
1472                     sppp_cp_type_name (h->type), h->ident, ntohs (h->len));
1473                 sppp_print_bytes ((u_char*) (h+1), len-4);
1474                 addlog(">\n");
1475         }
1476         if (len > ntohs (h->len))
1477                 len = ntohs (h->len);
1478         p = (u_char *)(h + 1);
1479         switch (h->type) {
1480         case CONF_REQ:
1481                 if (len < 4) {
1482                         if (debug)
1483                                 addlog(SPP_FMT "%s invalid conf-req length %d\n",
1484                                        SPP_ARGS(ifp), cp->name,
1485                                        len);
1486                         ++ifp->if_ierrors;
1487                         break;
1488                 }
1489                 /* handle states where RCR doesn't get a SCA/SCN */
1490                 switch (sp->state[cp->protoidx]) {
1491                 case STATE_CLOSING:
1492                 case STATE_STOPPING:
1493                         return;
1494                 case STATE_CLOSED:
1495                         sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident,
1496                                      0, 0);
1497                         return;
1498                 }
1499                 rv = (cp->RCR)(sp, h, len);
1500                 switch (sp->state[cp->protoidx]) {
1501                 case STATE_OPENED:
1502                         (cp->tld)(sp);
1503                         (cp->scr)(sp);
1504                         /* fall through... */
1505                 case STATE_ACK_SENT:
1506                 case STATE_REQ_SENT:
1507                         /*
1508                          * sppp_cp_change_state() have the side effect of
1509                          * restarting the timeouts. We want to avoid that
1510                          * if the state don't change, otherwise we won't
1511                          * ever timeout and resend a configuration request
1512                          * that got lost.
1513                          */
1514                         if (sp->state[cp->protoidx] == (rv ? STATE_ACK_SENT:
1515                             STATE_REQ_SENT))
1516                                 break;
1517                         sppp_cp_change_state(cp, sp, rv?
1518                                              STATE_ACK_SENT: STATE_REQ_SENT);
1519                         break;
1520                 case STATE_STOPPED:
1521                         sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1522                         (cp->scr)(sp);
1523                         sppp_cp_change_state(cp, sp, rv?
1524                                              STATE_ACK_SENT: STATE_REQ_SENT);
1525                         break;
1526                 case STATE_ACK_RCVD:
1527                         if (rv) {
1528                                 sppp_cp_change_state(cp, sp, STATE_OPENED);
1529                                 if (debug)
1530                                         log(LOG_DEBUG, SPP_FMT "%s tlu\n",
1531                                             SPP_ARGS(ifp),
1532                                             cp->name);
1533                                 (cp->tlu)(sp);
1534                         } else
1535                                 sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1536                         break;
1537                 default:
1538                         printf(SPP_FMT "%s illegal %s in state %s\n",
1539                                SPP_ARGS(ifp), cp->name,
1540                                sppp_cp_type_name(h->type),
1541                                sppp_state_name(sp->state[cp->protoidx]));
1542                         ++ifp->if_ierrors;
1543                 }
1544                 break;
1545         case CONF_ACK:
1546                 if (h->ident != sp->confid[cp->protoidx]) {
1547                         if (debug)
1548                                 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n",
1549                                        SPP_ARGS(ifp), cp->name,
1550                                        h->ident, sp->confid[cp->protoidx]);
1551                         ++ifp->if_ierrors;
1552                         break;
1553                 }
1554                 switch (sp->state[cp->protoidx]) {
1555                 case STATE_CLOSED:
1556                 case STATE_STOPPED:
1557                         sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1558                         break;
1559                 case STATE_CLOSING:
1560                 case STATE_STOPPING:
1561                         break;
1562                 case STATE_REQ_SENT:
1563                         sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1564                         sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1565                         break;
1566                 case STATE_OPENED:
1567                         (cp->tld)(sp);
1568                         /* fall through */
1569                 case STATE_ACK_RCVD:
1570                         (cp->scr)(sp);
1571                         sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1572                         break;
1573                 case STATE_ACK_SENT:
1574                         sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1575                         sppp_cp_change_state(cp, sp, STATE_OPENED);
1576                         if (debug)
1577                                 log(LOG_DEBUG, SPP_FMT "%s tlu\n",
1578                                        SPP_ARGS(ifp), cp->name);
1579                         (cp->tlu)(sp);
1580                         break;
1581                 default:
1582                         printf(SPP_FMT "%s illegal %s in state %s\n",
1583                                SPP_ARGS(ifp), cp->name,
1584                                sppp_cp_type_name(h->type),
1585                                sppp_state_name(sp->state[cp->protoidx]));
1586                         ++ifp->if_ierrors;
1587                 }
1588                 break;
1589         case CONF_NAK:
1590         case CONF_REJ:
1591                 if (h->ident != sp->confid[cp->protoidx]) {
1592                         if (debug)
1593                                 addlog(SPP_FMT "%s id mismatch 0x%x != 0x%x\n",
1594                                        SPP_ARGS(ifp), cp->name,
1595                                        h->ident, sp->confid[cp->protoidx]);
1596                         ++ifp->if_ierrors;
1597                         break;
1598                 }
1599                 if (h->type == CONF_NAK)
1600                         (cp->RCN_nak)(sp, h, len);
1601                 else /* CONF_REJ */
1602                         (cp->RCN_rej)(sp, h, len);
1603
1604                 switch (sp->state[cp->protoidx]) {
1605                 case STATE_CLOSED:
1606                 case STATE_STOPPED:
1607                         sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1608                         break;
1609                 case STATE_REQ_SENT:
1610                 case STATE_ACK_SENT:
1611                         sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1612                         /*
1613                          * Slow things down a bit if we think we might be
1614                          * in loopback. Depend on the timeout to send the
1615                          * next configuration request.
1616                          */
1617                         if (sp->pp_loopcnt)
1618                                 break;
1619                         (cp->scr)(sp);
1620                         break;
1621                 case STATE_OPENED:
1622                         (cp->tld)(sp);
1623                         /* fall through */
1624                 case STATE_ACK_RCVD:
1625                         sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1626                         (cp->scr)(sp);
1627                         break;
1628                 case STATE_CLOSING:
1629                 case STATE_STOPPING:
1630                         break;
1631                 default:
1632                         printf(SPP_FMT "%s illegal %s in state %s\n",
1633                                SPP_ARGS(ifp), cp->name,
1634                                sppp_cp_type_name(h->type),
1635                                sppp_state_name(sp->state[cp->protoidx]));
1636                         ++ifp->if_ierrors;
1637                 }
1638                 break;
1639
1640         case TERM_REQ:
1641                 switch (sp->state[cp->protoidx]) {
1642                 case STATE_ACK_RCVD:
1643                 case STATE_ACK_SENT:
1644                         sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1645                         /* fall through */
1646                 case STATE_CLOSED:
1647                 case STATE_STOPPED:
1648                 case STATE_CLOSING:
1649                 case STATE_STOPPING:
1650                 case STATE_REQ_SENT:
1651                   sta:
1652                         /* Send Terminate-Ack packet. */
1653                         if (debug)
1654                                 log(LOG_DEBUG, SPP_FMT "%s send terminate-ack\n",
1655                                     SPP_ARGS(ifp), cp->name);
1656                         sppp_cp_send(sp, cp->proto, TERM_ACK, h->ident, 0, 0);
1657                         break;
1658                 case STATE_OPENED:
1659                         (cp->tld)(sp);
1660                         sp->rst_counter[cp->protoidx] = 0;
1661                         sppp_cp_change_state(cp, sp, STATE_STOPPING);
1662                         goto sta;
1663                         break;
1664                 default:
1665                         printf(SPP_FMT "%s illegal %s in state %s\n",
1666                                SPP_ARGS(ifp), cp->name,
1667                                sppp_cp_type_name(h->type),
1668                                sppp_state_name(sp->state[cp->protoidx]));
1669                         ++ifp->if_ierrors;
1670                 }
1671                 break;
1672         case TERM_ACK:
1673                 switch (sp->state[cp->protoidx]) {
1674                 case STATE_CLOSED:
1675                 case STATE_STOPPED:
1676                 case STATE_REQ_SENT:
1677                 case STATE_ACK_SENT:
1678                         break;
1679                 case STATE_CLOSING:
1680                         sppp_cp_change_state(cp, sp, STATE_CLOSED);
1681                         (cp->tlf)(sp);
1682                         break;
1683                 case STATE_STOPPING:
1684                         sppp_cp_change_state(cp, sp, STATE_STOPPED);
1685                         (cp->tlf)(sp);
1686                         break;
1687                 case STATE_ACK_RCVD:
1688                         sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1689                         break;
1690                 case STATE_OPENED:
1691                         (cp->tld)(sp);
1692                         (cp->scr)(sp);
1693                         sppp_cp_change_state(cp, sp, STATE_ACK_RCVD);
1694                         break;
1695                 default:
1696                         printf(SPP_FMT "%s illegal %s in state %s\n",
1697                                SPP_ARGS(ifp), cp->name,
1698                                sppp_cp_type_name(h->type),
1699                                sppp_state_name(sp->state[cp->protoidx]));
1700                         ++ifp->if_ierrors;
1701                 }
1702                 break;
1703         case CODE_REJ:
1704                 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */
1705                 log(LOG_INFO,
1706                     SPP_FMT "%s: ignoring RXJ (%s) for proto 0x%x, "
1707                     "danger will robinson\n",
1708                     SPP_ARGS(ifp), cp->name,
1709                     sppp_cp_type_name(h->type), ntohs(*((u_short *)p)));
1710                 switch (sp->state[cp->protoidx]) {
1711                 case STATE_CLOSED:
1712                 case STATE_STOPPED:
1713                 case STATE_REQ_SENT:
1714                 case STATE_ACK_SENT:
1715                 case STATE_CLOSING:
1716                 case STATE_STOPPING:
1717                 case STATE_OPENED:
1718                         break;
1719                 case STATE_ACK_RCVD:
1720                         sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1721                         break;
1722                 default:
1723                         printf(SPP_FMT "%s illegal %s in state %s\n",
1724                                SPP_ARGS(ifp), cp->name,
1725                                sppp_cp_type_name(h->type),
1726                                sppp_state_name(sp->state[cp->protoidx]));
1727                         ++ifp->if_ierrors;
1728                 }
1729                 break;
1730         case PROTO_REJ:
1731             {
1732                 int catastrophic;
1733                 const struct cp *upper;
1734                 int i;
1735                 u_int16_t proto;
1736
1737                 catastrophic = 0;
1738                 upper = NULL;
1739                 proto = ntohs(*((u_int16_t *)p));
1740                 for (i = 0; i < IDX_COUNT; i++) {
1741                         if (cps[i]->proto == proto) {
1742                                 upper = cps[i];
1743                                 break;
1744                         }
1745                 }
1746                 if (upper == NULL)
1747                         catastrophic++;
1748
1749                 if (catastrophic || debug)
1750                         log(catastrophic? LOG_INFO: LOG_DEBUG,
1751                             SPP_FMT "%s: RXJ%c (%s) for proto 0x%x (%s/%s)\n",
1752                             SPP_ARGS(ifp), cp->name, catastrophic ? '-' : '+',
1753                             sppp_cp_type_name(h->type), proto,
1754                             upper ? upper->name : "unknown",
1755                             upper ? sppp_state_name(sp->state[upper->protoidx]) : "?");
1756
1757                 /*
1758                  * if we got RXJ+ against conf-req, the peer does not implement
1759                  * this particular protocol type.  terminate the protocol.
1760                  */
1761                 if (upper && !catastrophic) {
1762                         if (sp->state[upper->protoidx] == STATE_REQ_SENT) {
1763                                 upper->Close(sp);
1764                                 break;
1765                         }
1766                 }
1767
1768                 /* XXX catastrophic rejects (RXJ-) aren't handled yet. */
1769                 switch (sp->state[cp->protoidx]) {
1770                 case STATE_CLOSED:
1771                 case STATE_STOPPED:
1772                 case STATE_REQ_SENT:
1773                 case STATE_ACK_SENT:
1774                 case STATE_CLOSING:
1775                 case STATE_STOPPING:
1776                 case STATE_OPENED:
1777                         break;
1778                 case STATE_ACK_RCVD:
1779                         sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1780                         break;
1781                 default:
1782                         printf(SPP_FMT "%s illegal %s in state %s\n",
1783                                SPP_ARGS(ifp), cp->name,
1784                                sppp_cp_type_name(h->type),
1785                                sppp_state_name(sp->state[cp->protoidx]));
1786                         ++ifp->if_ierrors;
1787                 }
1788                 break;
1789             }
1790         case DISC_REQ:
1791                 if (cp->proto != PPP_LCP)
1792                         goto illegal;
1793                 /* Discard the packet. */
1794                 break;
1795         case ECHO_REQ:
1796                 if (cp->proto != PPP_LCP)
1797                         goto illegal;
1798                 if (sp->state[cp->protoidx] != STATE_OPENED) {
1799                         if (debug)
1800                                 addlog(SPP_FMT "lcp echo req but lcp closed\n",
1801                                        SPP_ARGS(ifp));
1802                         ++ifp->if_ierrors;
1803                         break;
1804                 }
1805                 if (len < 8) {
1806                         if (debug)
1807                                 addlog(SPP_FMT "invalid lcp echo request "
1808                                        "packet length: %d bytes\n",
1809                                        SPP_ARGS(ifp), len);
1810                         break;
1811                 }
1812                 if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) &&
1813                     ntohl (*(long*)(h+1)) == sp->lcp.magic) {
1814                         /* Line loopback mode detected. */
1815                         printf(SPP_FMT "loopback\n", SPP_ARGS(ifp));
1816                         sp->pp_loopcnt = MAXALIVECNT * 5;
1817                         if_down (ifp);
1818                         sppp_qflush (&sp->pp_cpq);
1819
1820                         /* Shut down the PPP link. */
1821                         /* XXX */
1822                         lcp.Down(sp);
1823                         lcp.Up(sp);
1824                         break;
1825                 }
1826                 *(long*)(h+1) = htonl (sp->lcp.magic);
1827                 if (debug)
1828                         addlog(SPP_FMT "got lcp echo req, sending echo rep\n",
1829                                SPP_ARGS(ifp));
1830                 sppp_cp_send (sp, PPP_LCP, ECHO_REPLY, h->ident, len-4, h+1);
1831                 break;
1832         case ECHO_REPLY:
1833                 if (cp->proto != PPP_LCP)
1834                         goto illegal;
1835                 if (h->ident != sp->lcp.echoid) {
1836                         ++ifp->if_ierrors;
1837                         break;
1838                 }
1839                 if (len < 8) {
1840                         if (debug)
1841                                 addlog(SPP_FMT "lcp invalid echo reply "
1842                                        "packet length: %d bytes\n",
1843                                        SPP_ARGS(ifp), len);
1844                         break;
1845                 }
1846                 if (debug)
1847                         addlog(SPP_FMT "lcp got echo rep\n",
1848                                SPP_ARGS(ifp));
1849                 if (!(sp->lcp.opts & (1 << LCP_OPT_MAGIC)) ||
1850                     ntohl (*(long*)(h+1)) != sp->lcp.magic)
1851                         sp->pp_alivecnt = 0;
1852                 break;
1853         default:
1854                 /* Unknown packet type -- send Code-Reject packet. */
1855           illegal:
1856                 if (debug)
1857                         addlog(SPP_FMT "%s send code-rej for 0x%x\n",
1858                                SPP_ARGS(ifp), cp->name, h->type);
1859                 sppp_cp_send(sp, cp->proto, CODE_REJ,
1860                              ++sp->pp_seq[cp->protoidx], m->m_pkthdr.len, h);
1861                 ++ifp->if_ierrors;
1862         }
1863 }
1864
1865
1866 /*
1867  * The generic part of all Up/Down/Open/Close/TO event handlers.
1868  * Basically, the state transition handling in the automaton.
1869  */
1870 static void
1871 sppp_up_event(const struct cp *cp, struct sppp *sp)
1872 {
1873         STDDCL;
1874
1875         if (debug)
1876                 log(LOG_DEBUG, SPP_FMT "%s up(%s)\n",
1877                     SPP_ARGS(ifp), cp->name,
1878                     sppp_state_name(sp->state[cp->protoidx]));
1879
1880         switch (sp->state[cp->protoidx]) {
1881         case STATE_INITIAL:
1882                 sppp_cp_change_state(cp, sp, STATE_CLOSED);
1883                 break;
1884         case STATE_STARTING:
1885                 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1886                 (cp->scr)(sp);
1887                 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1888                 break;
1889         default:
1890                 printf(SPP_FMT "%s illegal up in state %s\n",
1891                        SPP_ARGS(ifp), cp->name,
1892                        sppp_state_name(sp->state[cp->protoidx]));
1893         }
1894 }
1895
1896 static void
1897 sppp_down_event(const struct cp *cp, struct sppp *sp)
1898 {
1899         STDDCL;
1900
1901         if (debug)
1902                 log(LOG_DEBUG, SPP_FMT "%s down(%s)\n",
1903                     SPP_ARGS(ifp), cp->name,
1904                     sppp_state_name(sp->state[cp->protoidx]));
1905
1906         switch (sp->state[cp->protoidx]) {
1907         case STATE_CLOSED:
1908         case STATE_CLOSING:
1909                 sppp_cp_change_state(cp, sp, STATE_INITIAL);
1910                 break;
1911         case STATE_STOPPED:
1912                 sppp_cp_change_state(cp, sp, STATE_STARTING);
1913                 (cp->tls)(sp);
1914                 break;
1915         case STATE_STOPPING:
1916         case STATE_REQ_SENT:
1917         case STATE_ACK_RCVD:
1918         case STATE_ACK_SENT:
1919                 sppp_cp_change_state(cp, sp, STATE_STARTING);
1920                 break;
1921         case STATE_OPENED:
1922                 (cp->tld)(sp);
1923                 sppp_cp_change_state(cp, sp, STATE_STARTING);
1924                 break;
1925         default:
1926                 printf(SPP_FMT "%s illegal down in state %s\n",
1927                        SPP_ARGS(ifp), cp->name,
1928                        sppp_state_name(sp->state[cp->protoidx]));
1929         }
1930 }
1931
1932
1933 static void
1934 sppp_open_event(const struct cp *cp, struct sppp *sp)
1935 {
1936         STDDCL;
1937
1938         if (debug)
1939                 log(LOG_DEBUG, SPP_FMT "%s open(%s)\n",
1940                     SPP_ARGS(ifp), cp->name,
1941                     sppp_state_name(sp->state[cp->protoidx]));
1942
1943         switch (sp->state[cp->protoidx]) {
1944         case STATE_INITIAL:
1945                 sppp_cp_change_state(cp, sp, STATE_STARTING);
1946                 (cp->tls)(sp);
1947                 break;
1948         case STATE_STARTING:
1949                 break;
1950         case STATE_CLOSED:
1951                 sp->rst_counter[cp->protoidx] = sp->lcp.max_configure;
1952                 (cp->scr)(sp);
1953                 sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
1954                 break;
1955         case STATE_STOPPED:
1956                 /*
1957                  * Try escaping stopped state.  This seems to bite
1958                  * people occasionally, in particular for IPCP,
1959                  * presumably following previous IPCP negotiation
1960                  * aborts.  Somehow, we must have missed a Down event
1961                  * which would have caused a transition into starting
1962                  * state, so as a bandaid we force the Down event now.
1963                  * This effectively implements (something like the)
1964                  * `restart' option mentioned in the state transition
1965                  * table of RFC 1661.
1966                  */
1967                 sppp_cp_change_state(cp, sp, STATE_STARTING);
1968                 (cp->tls)(sp);
1969                 break;
1970         case STATE_STOPPING:
1971         case STATE_REQ_SENT:
1972         case STATE_ACK_RCVD:
1973         case STATE_ACK_SENT:
1974         case STATE_OPENED:
1975                 break;
1976         case STATE_CLOSING:
1977                 sppp_cp_change_state(cp, sp, STATE_STOPPING);
1978                 break;
1979         }
1980 }
1981
1982
1983 static void
1984 sppp_close_event(const struct cp *cp, struct sppp *sp)
1985 {
1986         STDDCL;
1987
1988         if (debug)
1989                 log(LOG_DEBUG, SPP_FMT "%s close(%s)\n",
1990                     SPP_ARGS(ifp), cp->name,
1991                     sppp_state_name(sp->state[cp->protoidx]));
1992
1993         switch (sp->state[cp->protoidx]) {
1994         case STATE_INITIAL:
1995         case STATE_CLOSED:
1996         case STATE_CLOSING:
1997                 break;
1998         case STATE_STARTING:
1999                 sppp_cp_change_state(cp, sp, STATE_INITIAL);
2000                 (cp->tlf)(sp);
2001                 break;
2002         case STATE_STOPPED:
2003                 sppp_cp_change_state(cp, sp, STATE_CLOSED);
2004                 break;
2005         case STATE_STOPPING:
2006                 sppp_cp_change_state(cp, sp, STATE_CLOSING);
2007                 break;
2008         case STATE_OPENED:
2009                 (cp->tld)(sp);
2010                 /* fall through */
2011         case STATE_REQ_SENT:
2012         case STATE_ACK_RCVD:
2013         case STATE_ACK_SENT:
2014                 sp->rst_counter[cp->protoidx] = sp->lcp.max_terminate;
2015                 sppp_cp_send(sp, cp->proto, TERM_REQ,
2016                              ++sp->pp_seq[cp->protoidx], 0, 0);
2017                 sppp_cp_change_state(cp, sp, STATE_CLOSING);
2018                 break;
2019         }
2020 }
2021
2022 static void
2023 sppp_to_event(const struct cp *cp, struct sppp *sp)
2024 {
2025         STDDCL;
2026         int s;
2027
2028         s = splimp();
2029         if (debug)
2030                 log(LOG_DEBUG, SPP_FMT "%s TO(%s) rst_counter = %d\n",
2031                     SPP_ARGS(ifp), cp->name,
2032                     sppp_state_name(sp->state[cp->protoidx]),
2033                     sp->rst_counter[cp->protoidx]);
2034
2035         if (--sp->rst_counter[cp->protoidx] < 0)
2036                 /* TO- event */
2037                 switch (sp->state[cp->protoidx]) {
2038                 case STATE_CLOSING:
2039                         sppp_cp_change_state(cp, sp, STATE_CLOSED);
2040                         (cp->tlf)(sp);
2041                         break;
2042                 case STATE_STOPPING:
2043                         sppp_cp_change_state(cp, sp, STATE_STOPPED);
2044                         (cp->tlf)(sp);
2045                         break;
2046                 case STATE_REQ_SENT:
2047                 case STATE_ACK_RCVD:
2048                 case STATE_ACK_SENT:
2049                         sppp_cp_change_state(cp, sp, STATE_STOPPED);
2050                         (cp->tlf)(sp);
2051                         break;
2052                 }
2053         else
2054                 /* TO+ event */
2055                 switch (sp->state[cp->protoidx]) {
2056                 case STATE_CLOSING:
2057                 case STATE_STOPPING:
2058                         sppp_cp_send(sp, cp->proto, TERM_REQ,
2059                                      ++sp->pp_seq[cp->protoidx], 0, 0);
2060                         callout_reset(&sp->timeout[cp->protoidx],
2061                                         sp->lcp.timeout, cp->TO, sp);
2062                         break;
2063                 case STATE_REQ_SENT:
2064                 case STATE_ACK_RCVD:
2065                         (cp->scr)(sp);
2066                         /* sppp_cp_change_state() will restart the timer */
2067                         sppp_cp_change_state(cp, sp, STATE_REQ_SENT);
2068                         break;
2069                 case STATE_ACK_SENT:
2070                         (cp->scr)(sp);
2071                         callout_reset(&sp->timeout[cp->protoidx],
2072                                         sp->lcp.timeout, cp->TO, sp);
2073                         break;
2074                 }
2075
2076         splx(s);
2077 }
2078
2079 /*
2080  * Change the state of a control protocol in the state automaton.
2081  * Takes care of starting/stopping the restart timer.
2082  */
2083 void
2084 sppp_cp_change_state(const struct cp *cp, struct sppp *sp, int newstate)
2085 {
2086         sp->state[cp->protoidx] = newstate;
2087         callout_stop(&sp->timeout[cp->protoidx]);
2088
2089         switch (newstate) {
2090         case STATE_INITIAL:
2091         case STATE_STARTING:
2092         case STATE_CLOSED:
2093         case STATE_STOPPED:
2094         case STATE_OPENED:
2095                 break;
2096         case STATE_CLOSING:
2097         case STATE_STOPPING:
2098         case STATE_REQ_SENT:
2099         case STATE_ACK_RCVD:
2100         case STATE_ACK_SENT:
2101                 callout_reset(&sp->timeout[cp->protoidx], 
2102                                 sp->lcp.timeout, cp->TO, sp);
2103                 break;
2104         }
2105 }
2106
2107 /*
2108  *--------------------------------------------------------------------------*
2109  *                                                                          *
2110  *                         The LCP implementation.                          *
2111  *                                                                          *
2112  *--------------------------------------------------------------------------*
2113  */
2114 static void
2115 sppp_lcp_init(struct sppp *sp)
2116 {
2117         sp->lcp.opts = (1 << LCP_OPT_MAGIC);
2118         sp->lcp.magic = 0;
2119         sp->state[IDX_LCP] = STATE_INITIAL;
2120         sp->fail_counter[IDX_LCP] = 0;
2121         sp->pp_seq[IDX_LCP] = 0;
2122         sp->pp_rseq[IDX_LCP] = 0;
2123         sp->lcp.protos = 0;
2124         sp->lcp.mru = sp->lcp.their_mru = PP_MTU;
2125
2126         /* Note that these values are  relevant for all control protocols */
2127         sp->lcp.timeout = 3 * hz;
2128         sp->lcp.max_terminate = 2;
2129         sp->lcp.max_configure = 10;
2130         sp->lcp.max_failure = 10;
2131 #if defined(__DragonFly__)
2132         callout_init(&sp->timeout[IDX_LCP]);
2133 #endif
2134 }
2135
2136 static void
2137 sppp_lcp_up(struct sppp *sp)
2138 {
2139         STDDCL;
2140
2141         sp->pp_alivecnt = 0;
2142         sp->lcp.opts = (1 << LCP_OPT_MAGIC);
2143         sp->lcp.magic = 0;
2144         sp->lcp.protos = 0;
2145         sp->lcp.mru = sp->lcp.their_mru = PP_MTU;
2146         /*
2147          * If this interface is passive or dial-on-demand, and we are
2148          * still in Initial state, it means we've got an incoming
2149          * call.  Activate the interface.
2150          */
2151         if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) != 0) {
2152                 if (debug)
2153                         log(LOG_DEBUG,
2154                             SPP_FMT "Up event", SPP_ARGS(ifp));
2155                 ifp->if_flags |= IFF_RUNNING;
2156                 if (sp->state[IDX_LCP] == STATE_INITIAL) {
2157                         if (debug)
2158                                 addlog("(incoming call)\n");
2159                         sp->pp_flags |= PP_CALLIN;
2160                         lcp.Open(sp);
2161                 } else if (debug)
2162                         addlog("\n");
2163         } else if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0 &&
2164                    (sp->state[IDX_LCP] == STATE_INITIAL)) {
2165                 ifp->if_flags |= IFF_RUNNING;
2166                 lcp.Open(sp);
2167         }
2168
2169         sppp_up_event(&lcp, sp);
2170 }
2171
2172 static void
2173 sppp_lcp_down(struct sppp *sp)
2174 {
2175         STDDCL;
2176
2177         sppp_down_event(&lcp, sp);
2178
2179         /*
2180          * If this is neither a dial-on-demand nor a passive
2181          * interface, simulate an ``ifconfig down'' action, so the
2182          * administrator can force a redial by another ``ifconfig
2183          * up''.  XXX For leased line operation, should we immediately
2184          * try to reopen the connection here?
2185          */
2186         if ((ifp->if_flags & (IFF_AUTO | IFF_PASSIVE)) == 0) {
2187                 log(LOG_INFO,
2188                     SPP_FMT "Down event, taking interface down.\n",
2189                     SPP_ARGS(ifp));
2190                 if_down(ifp);
2191         } else {
2192                 if (debug)
2193                         log(LOG_DEBUG,
2194                             SPP_FMT "Down event (carrier loss)\n",
2195                             SPP_ARGS(ifp));
2196                 sp->pp_flags &= ~PP_CALLIN;
2197                 if (sp->state[IDX_LCP] != STATE_INITIAL)
2198                         lcp.Close(sp);
2199                 ifp->if_flags &= ~IFF_RUNNING;
2200         }
2201 }
2202
2203 static void
2204 sppp_lcp_open(struct sppp *sp)
2205 {
2206         /*
2207          * If we are authenticator, negotiate LCP_AUTH
2208          */
2209         if (sp->hisauth.proto != 0)
2210                 sp->lcp.opts |= (1 << LCP_OPT_AUTH_PROTO);
2211         else
2212                 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
2213         sp->pp_flags &= ~PP_NEEDAUTH;
2214         sppp_open_event(&lcp, sp);
2215 }
2216
2217 static void
2218 sppp_lcp_close(struct sppp *sp)
2219 {
2220         sppp_close_event(&lcp, sp);
2221 }
2222
2223 static void
2224 sppp_lcp_TO(void *cookie)
2225 {
2226         sppp_to_event(&lcp, (struct sppp *)cookie);
2227 }
2228
2229 /*
2230  * Analyze a configure request.  Return true if it was agreeable, and
2231  * caused action sca, false if it has been rejected or nak'ed, and
2232  * caused action scn.  (The return value is used to make the state
2233  * transition decision in the state automaton.)
2234  */
2235 static int
2236 sppp_lcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
2237 {
2238         STDDCL;
2239         u_char *buf, *r, *p;
2240         int origlen, rlen;
2241         u_long nmagic;
2242         u_short authproto;
2243
2244         len -= 4;
2245         origlen = len;
2246         buf = r = malloc (len, M_TEMP, M_INTWAIT);
2247
2248         if (debug)
2249                 log(LOG_DEBUG, SPP_FMT "lcp parse opts: ",
2250                     SPP_ARGS(ifp));
2251
2252         /* pass 1: check for things that need to be rejected */
2253         p = (void*) (h+1);
2254         for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2255                 if (debug)
2256                         addlog(" %s ", sppp_lcp_opt_name(*p));
2257                 switch (*p) {
2258                 case LCP_OPT_MAGIC:
2259                         /* Magic number. */
2260                         if (len >= 6 && p[1] == 6)
2261                                 continue;
2262                         if (debug)
2263                                 addlog("[invalid] ");
2264                         break;
2265                 case LCP_OPT_ASYNC_MAP:
2266                         /* Async control character map. */
2267                         if (len >= 6 && p[1] == 6)
2268                                 continue;
2269                         if (debug)
2270                                 addlog("[invalid] ");
2271                         break;
2272                 case LCP_OPT_MRU:
2273                         /* Maximum receive unit. */
2274                         if (len >= 4 && p[1] == 4)
2275                                 continue;
2276                         if (debug)
2277                                 addlog("[invalid] ");
2278                         break;
2279                 case LCP_OPT_AUTH_PROTO:
2280                         if (len < 4) {
2281                                 if (debug)
2282                                         addlog("[invalid] ");
2283                                 break;
2284                         }
2285                         authproto = (p[2] << 8) + p[3];
2286                         if (authproto == PPP_CHAP && p[1] != 5) {
2287                                 if (debug)
2288                                         addlog("[invalid chap len] ");
2289                                 break;
2290                         }
2291                         if (sp->myauth.proto == 0) {
2292                                 /* we are not configured to do auth */
2293                                 if (debug)
2294                                         addlog("[not configured] ");
2295                                 break;
2296                         }
2297                         /*
2298                          * Remote want us to authenticate, remember this,
2299                          * so we stay in PHASE_AUTHENTICATE after LCP got
2300                          * up.
2301                          */
2302                         sp->pp_flags |= PP_NEEDAUTH;
2303                         continue;
2304                 default:
2305                         /* Others not supported. */
2306                         if (debug)
2307                                 addlog("[rej] ");
2308                         break;
2309                 }
2310                 /* Add the option to rejected list. */
2311                 bcopy (p, r, p[1]);
2312                 r += p[1];
2313                 rlen += p[1];
2314         }
2315         if (rlen) {
2316                 if (debug)
2317                         addlog(" send conf-rej\n");
2318                 sppp_cp_send (sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
2319                 return 0;
2320         } else if (debug)
2321                 addlog("\n");
2322
2323         /*
2324          * pass 2: check for option values that are unacceptable and
2325          * thus require to be nak'ed.
2326          */
2327         if (debug)
2328                 log(LOG_DEBUG, SPP_FMT "lcp parse opt values: ",
2329                     SPP_ARGS(ifp));
2330
2331         p = (void*) (h+1);
2332         len = origlen;
2333         for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2334                 if (debug)
2335                         addlog(" %s ", sppp_lcp_opt_name(*p));
2336                 switch (*p) {
2337                 case LCP_OPT_MAGIC:
2338                         /* Magic number -- extract. */
2339                         nmagic = (u_long)p[2] << 24 |
2340                                 (u_long)p[3] << 16 | p[4] << 8 | p[5];
2341                         if (nmagic != sp->lcp.magic) {
2342                                 sp->pp_loopcnt = 0;
2343                                 if (debug)
2344                                         addlog("0x%lx ", nmagic);
2345                                 continue;
2346                         }
2347                         if (debug && sp->pp_loopcnt < MAXALIVECNT*5)
2348                                 addlog("[glitch] ");
2349                         ++sp->pp_loopcnt;
2350                         /*
2351                          * We negate our magic here, and NAK it.  If
2352                          * we see it later in an NAK packet, we
2353                          * suggest a new one.
2354                          */
2355                         nmagic = ~sp->lcp.magic;
2356                         /* Gonna NAK it. */
2357                         p[2] = nmagic >> 24;
2358                         p[3] = nmagic >> 16;
2359                         p[4] = nmagic >> 8;
2360                         p[5] = nmagic;
2361                         break;
2362
2363                 case LCP_OPT_ASYNC_MAP:
2364                         /*
2365                          * Async control character map -- just ignore it.
2366                          *
2367                          * Quote from RFC 1662, chapter 6:
2368                          * To enable this functionality, synchronous PPP
2369                          * implementations MUST always respond to the
2370                          * Async-Control-Character-Map Configuration
2371                          * Option with the LCP Configure-Ack.  However,
2372                          * acceptance of the Configuration Option does
2373                          * not imply that the synchronous implementation
2374                          * will do any ACCM mapping.  Instead, all such
2375                          * octet mapping will be performed by the
2376                          * asynchronous-to-synchronous converter.
2377                          */
2378                         continue;
2379
2380                 case LCP_OPT_MRU:
2381                         /*
2382                          * Maximum receive unit.  Always agreeable,
2383                          * but ignored by now.
2384                          */
2385                         sp->lcp.their_mru = p[2] * 256 + p[3];
2386                         if (debug)
2387                                 addlog("%lu ", sp->lcp.their_mru);
2388                         continue;
2389
2390                 case LCP_OPT_AUTH_PROTO:
2391                         authproto = (p[2] << 8) + p[3];
2392                         if (sp->myauth.proto != authproto) {
2393                                 /* not agreed, nak */
2394                                 if (debug)
2395                                         addlog("[mine %s != his %s] ",
2396                                                sppp_proto_name(sp->hisauth.proto),
2397                                                sppp_proto_name(authproto));
2398                                 p[2] = sp->myauth.proto >> 8;
2399                                 p[3] = sp->myauth.proto;
2400                                 break;
2401                         }
2402                         if (authproto == PPP_CHAP && p[4] != CHAP_MD5) {
2403                                 if (debug)
2404                                         addlog("[chap not MD5] ");
2405                                 p[4] = CHAP_MD5;
2406                                 break;
2407                         }
2408                         continue;
2409                 }
2410                 /* Add the option to nak'ed list. */
2411                 bcopy (p, r, p[1]);
2412                 r += p[1];
2413                 rlen += p[1];
2414         }
2415         if (rlen) {
2416                 /*
2417                  * Local and remote magics equal -- loopback?
2418                  */
2419                 if (sp->pp_loopcnt >= MAXALIVECNT*5) {
2420                         if (sp->pp_loopcnt == MAXALIVECNT*5)
2421                                 printf (SPP_FMT "loopback\n",
2422                                         SPP_ARGS(ifp));
2423                         if (ifp->if_flags & IFF_UP) {
2424                                 if_down(ifp);
2425                                 sppp_qflush(&sp->pp_cpq);
2426                                 /* XXX ? */
2427                                 lcp.Down(sp);
2428                                 lcp.Up(sp);
2429                         }
2430                 } else if (++sp->fail_counter[IDX_LCP] >= sp->lcp.max_failure) {
2431                         if (debug)
2432                                 addlog(" max_failure (%d) exceeded, "
2433                                        "send conf-rej\n",
2434                                        sp->lcp.max_failure);
2435                         sppp_cp_send(sp, PPP_LCP, CONF_REJ, h->ident, rlen, buf);
2436                 } else {
2437                         if (debug)
2438                                 addlog(" send conf-nak\n");
2439                         sppp_cp_send (sp, PPP_LCP, CONF_NAK, h->ident, rlen, buf);
2440                 }
2441         } else {
2442                 if (debug)
2443                         addlog(" send conf-ack\n");
2444                 sp->fail_counter[IDX_LCP] = 0;
2445                 sp->pp_loopcnt = 0;
2446                 sppp_cp_send (sp, PPP_LCP, CONF_ACK,
2447                               h->ident, origlen, h+1);
2448         }
2449
2450         free (buf, M_TEMP);
2451         return (rlen == 0);
2452 }
2453
2454 /*
2455  * Analyze the LCP Configure-Reject option list, and adjust our
2456  * negotiation.
2457  */
2458 static void
2459 sppp_lcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
2460 {
2461         STDDCL;
2462         u_char *buf, *p;
2463
2464         len -= 4;
2465         buf = malloc (len, M_TEMP, M_INTWAIT);
2466
2467         if (debug)
2468                 log(LOG_DEBUG, SPP_FMT "lcp rej opts: ",
2469                     SPP_ARGS(ifp));
2470
2471         p = (void*) (h+1);
2472         for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
2473                 if (debug)
2474                         addlog(" %s ", sppp_lcp_opt_name(*p));
2475                 switch (*p) {
2476                 case LCP_OPT_MAGIC:
2477                         /* Magic number -- can't use it, use 0 */
2478                         sp->lcp.opts &= ~(1 << LCP_OPT_MAGIC);
2479                         sp->lcp.magic = 0;
2480                         break;
2481                 case LCP_OPT_MRU:
2482                         /*
2483                          * Should not be rejected anyway, since we only
2484                          * negotiate a MRU if explicitly requested by
2485                          * peer.
2486                          */
2487                         sp->lcp.opts &= ~(1 << LCP_OPT_MRU);
2488                         break;
2489                 case LCP_OPT_AUTH_PROTO:
2490                         /*
2491                          * Peer doesn't want to authenticate himself,
2492                          * deny unless this is a dialout call, and
2493                          * AUTHFLAG_NOCALLOUT is set.
2494                          */
2495                         if ((sp->pp_flags & PP_CALLIN) == 0 &&
2496                             (sp->hisauth.flags & AUTHFLAG_NOCALLOUT) != 0) {
2497                                 if (debug)
2498                                         addlog("[don't insist on auth "
2499                                                "for callout]");
2500                                 sp->lcp.opts &= ~(1 << LCP_OPT_AUTH_PROTO);
2501                                 break;
2502                         }
2503                         if (debug)
2504                                 addlog("[access denied]\n");
2505                         lcp.Close(sp);
2506                         break;
2507                 }
2508         }
2509         if (debug)
2510                 addlog("\n");
2511         free (buf, M_TEMP);
2512         return;
2513 }
2514
2515 /*
2516  * Analyze the LCP Configure-NAK option list, and adjust our
2517  * negotiation.
2518  */
2519 static void
2520 sppp_lcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
2521 {
2522         STDDCL;
2523         u_char *buf, *p;
2524         u_long magic;
2525
2526         len -= 4;
2527         buf = malloc (len, M_TEMP, M_INTWAIT);
2528
2529         if (debug)
2530                 log(LOG_DEBUG, SPP_FMT "lcp nak opts: ",
2531                     SPP_ARGS(ifp));
2532
2533         p = (void*) (h+1);
2534         for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
2535                 if (debug)
2536                         addlog(" %s ", sppp_lcp_opt_name(*p));
2537                 switch (*p) {
2538                 case LCP_OPT_MAGIC:
2539                         /* Magic number -- renegotiate */
2540                         if ((sp->lcp.opts & (1 << LCP_OPT_MAGIC)) &&
2541                             len >= 6 && p[1] == 6) {
2542                                 magic = (u_long)p[2] << 24 |
2543                                         (u_long)p[3] << 16 | p[4] << 8 | p[5];
2544                                 /*
2545                                  * If the remote magic is our negated one,
2546                                  * this looks like a loopback problem.
2547                                  * Suggest a new magic to make sure.
2548                                  */
2549                                 if (magic == ~sp->lcp.magic) {
2550                                         if (debug)
2551                                                 addlog("magic glitch ");
2552 #if defined(__DragonFly__)
2553                                         sp->lcp.magic = random();
2554 #else
2555                                         sp->lcp.magic = time.tv_sec + time.tv_usec;
2556 #endif
2557                                 } else {
2558                                         sp->lcp.magic = magic;
2559                                         if (debug)
2560                                                 addlog("%lu ", magic);
2561                                 }
2562                         }
2563                         break;
2564                 case LCP_OPT_MRU:
2565                         /*
2566                          * Peer wants to advise us to negotiate an MRU.
2567                          * Agree on it if it's reasonable, or use
2568                          * default otherwise.
2569                          */
2570                         if (len >= 4 && p[1] == 4) {
2571                                 u_int mru = p[2] * 256 + p[3];
2572                                 if (debug)
2573                                         addlog("%d ", mru);
2574                                 if (mru < PP_MTU || mru > PP_MAX_MRU)
2575                                         mru = PP_MTU;
2576                                 sp->lcp.mru = mru;
2577                                 sp->lcp.opts |= (1 << LCP_OPT_MRU);
2578                         }
2579                         break;
2580                 case LCP_OPT_AUTH_PROTO:
2581                         /*
2582                          * Peer doesn't like our authentication method,
2583                          * deny.
2584                          */
2585                         if (debug)
2586                                 addlog("[access denied]\n");
2587                         lcp.Close(sp);
2588                         break;
2589                 }
2590         }
2591         if (debug)
2592                 addlog("\n");
2593         free (buf, M_TEMP);
2594         return;
2595 }
2596
2597 static void
2598 sppp_lcp_tlu(struct sppp *sp)
2599 {
2600         STDDCL;
2601         int i;
2602         u_long mask;
2603
2604         /* XXX ? */
2605         if (! (ifp->if_flags & IFF_UP) &&
2606             (ifp->if_flags & IFF_RUNNING)) {
2607                 /* Coming out of loopback mode. */
2608                 if_up(ifp);
2609                 printf (SPP_FMT "up\n", SPP_ARGS(ifp));
2610         }
2611
2612         for (i = 0; i < IDX_COUNT; i++)
2613                 if ((cps[i])->flags & CP_QUAL)
2614                         (cps[i])->Open(sp);
2615
2616         if ((sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) != 0 ||
2617             (sp->pp_flags & PP_NEEDAUTH) != 0)
2618                 sp->pp_phase = PHASE_AUTHENTICATE;
2619         else
2620                 sp->pp_phase = PHASE_NETWORK;
2621
2622         if (debug)
2623                 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
2624                     sppp_phase_name(sp->pp_phase));
2625
2626         /*
2627          * Open all authentication protocols.  This is even required
2628          * if we already proceeded to network phase, since it might be
2629          * that remote wants us to authenticate, so we might have to
2630          * send a PAP request.  Undesired authentication protocols
2631          * don't do anything when they get an Open event.
2632          */
2633         for (i = 0; i < IDX_COUNT; i++)
2634                 if ((cps[i])->flags & CP_AUTH)
2635                         (cps[i])->Open(sp);
2636
2637         if (sp->pp_phase == PHASE_NETWORK) {
2638                 /* Notify all NCPs. */
2639                 for (i = 0; i < IDX_COUNT; i++)
2640                         if (((cps[i])->flags & CP_NCP) &&
2641                             /*
2642                              * XXX
2643                              * Hack to administratively disable IPv6 if
2644                              * not desired.  Perhaps we should have another
2645                              * flag for this, but right now, we can make
2646                              * all struct cp's read/only.
2647                              */
2648                             (cps[i] != &ipv6cp ||
2649                              (sp->confflags & CONF_ENABLE_IPV6)))
2650                                 (cps[i])->Open(sp);
2651         }
2652
2653         /* Send Up events to all started protos. */
2654         for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2655                 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0)
2656                         (cps[i])->Up(sp);
2657
2658         /* notify low-level driver of state change */
2659         if (sp->pp_chg)
2660                 sp->pp_chg(sp, (int)sp->pp_phase);
2661         
2662         if (sp->pp_phase == PHASE_NETWORK)
2663                 /* if no NCP is starting, close down */
2664                 sppp_lcp_check_and_close(sp);
2665 }
2666
2667 static void
2668 sppp_lcp_tld(struct sppp *sp)
2669 {
2670         STDDCL;
2671         int i;
2672         u_long mask;
2673
2674         sp->pp_phase = PHASE_TERMINATE;
2675
2676         if (debug)
2677                 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
2678                     sppp_phase_name(sp->pp_phase));
2679
2680         /*
2681          * Take upper layers down.  We send the Down event first and
2682          * the Close second to prevent the upper layers from sending
2683          * ``a flurry of terminate-request packets'', as the RFC
2684          * describes it.
2685          */
2686         for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2687                 if ((sp->lcp.protos & mask) && ((cps[i])->flags & CP_LCP) == 0) {
2688                         (cps[i])->Down(sp);
2689                         (cps[i])->Close(sp);
2690                 }
2691 }
2692
2693 static void
2694 sppp_lcp_tls(struct sppp *sp)
2695 {
2696         STDDCL;
2697
2698         sp->pp_phase = PHASE_ESTABLISH;
2699
2700         if (debug)
2701                 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
2702                     sppp_phase_name(sp->pp_phase));
2703
2704         /* Notify lower layer if desired. */
2705         if (sp->pp_tls)
2706                 (sp->pp_tls)(sp);
2707         else
2708                 (sp->pp_up)(sp);
2709 }
2710
2711 static void
2712 sppp_lcp_tlf(struct sppp *sp)
2713 {
2714         STDDCL;
2715
2716         sp->pp_phase = PHASE_DEAD;
2717         if (debug)
2718                 log(LOG_DEBUG, SPP_FMT "phase %s\n", SPP_ARGS(ifp),
2719                     sppp_phase_name(sp->pp_phase));
2720
2721         /* Notify lower layer if desired. */
2722         if (sp->pp_tlf)
2723                 (sp->pp_tlf)(sp);
2724         else
2725                 (sp->pp_down)(sp);
2726 }
2727
2728 static void
2729 sppp_lcp_scr(struct sppp *sp)
2730 {
2731         char opt[6 /* magicnum */ + 4 /* mru */ + 5 /* chap */];
2732         int i = 0;
2733         u_short authproto;
2734
2735         if (sp->lcp.opts & (1 << LCP_OPT_MAGIC)) {
2736                 if (! sp->lcp.magic)
2737 #if defined(__DragonFly__)
2738                         sp->lcp.magic = random();
2739 #else
2740                         sp->lcp.magic = time.tv_sec + time.tv_usec;
2741 #endif
2742                 opt[i++] = LCP_OPT_MAGIC;
2743                 opt[i++] = 6;
2744                 opt[i++] = sp->lcp.magic >> 24;
2745                 opt[i++] = sp->lcp.magic >> 16;
2746                 opt[i++] = sp->lcp.magic >> 8;
2747                 opt[i++] = sp->lcp.magic;
2748         }
2749
2750         if (sp->lcp.opts & (1 << LCP_OPT_MRU)) {
2751                 opt[i++] = LCP_OPT_MRU;
2752                 opt[i++] = 4;
2753                 opt[i++] = sp->lcp.mru >> 8;
2754                 opt[i++] = sp->lcp.mru;
2755         }
2756
2757         if (sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO)) {
2758                 authproto = sp->hisauth.proto;
2759                 opt[i++] = LCP_OPT_AUTH_PROTO;
2760                 opt[i++] = authproto == PPP_CHAP? 5: 4;
2761                 opt[i++] = authproto >> 8;
2762                 opt[i++] = authproto;
2763                 if (authproto == PPP_CHAP)
2764                         opt[i++] = CHAP_MD5;
2765         }
2766
2767         sp->confid[IDX_LCP] = ++sp->pp_seq[IDX_LCP];
2768         sppp_cp_send (sp, PPP_LCP, CONF_REQ, sp->confid[IDX_LCP], i, &opt);
2769 }
2770
2771 /*
2772  * Check the open NCPs, return true if at least one NCP is open.
2773  */
2774 static int
2775 sppp_ncp_check(struct sppp *sp)
2776 {
2777         int i, mask;
2778
2779         for (i = 0, mask = 1; i < IDX_COUNT; i++, mask <<= 1)
2780                 if ((sp->lcp.protos & mask) && (cps[i])->flags & CP_NCP)
2781                         return 1;
2782         return 0;
2783 }
2784
2785 /*
2786  * Re-check the open NCPs and see if we should terminate the link.
2787  * Called by the NCPs during their tlf action handling.
2788  */
2789 static void
2790 sppp_lcp_check_and_close(struct sppp *sp)
2791 {
2792
2793         if (sp->pp_phase < PHASE_NETWORK)
2794                 /* don't bother, we are already going down */
2795                 return;
2796
2797         if (sppp_ncp_check(sp))
2798                 return;
2799
2800         lcp.Close(sp);
2801 }
2802
2803 /*
2804  *--------------------------------------------------------------------------*
2805  *                                                                          *
2806  *                        The IPCP implementation.                          *
2807  *                                                                          *
2808  *--------------------------------------------------------------------------*
2809  */
2810
2811 static void
2812 sppp_ipcp_init(struct sppp *sp)
2813 {
2814         sp->ipcp.opts = 0;
2815         sp->ipcp.flags = 0;
2816         sp->state[IDX_IPCP] = STATE_INITIAL;
2817         sp->fail_counter[IDX_IPCP] = 0;
2818         sp->pp_seq[IDX_IPCP] = 0;
2819         sp->pp_rseq[IDX_IPCP] = 0;
2820 #if defined(__DragonFly__)
2821         callout_init(&sp->timeout[IDX_IPCP]);
2822 #endif
2823 }
2824
2825 static void
2826 sppp_ipcp_up(struct sppp *sp)
2827 {
2828         sppp_up_event(&ipcp, sp);
2829 }
2830
2831 static void
2832 sppp_ipcp_down(struct sppp *sp)
2833 {
2834         sppp_down_event(&ipcp, sp);
2835 }
2836
2837 static void
2838 sppp_ipcp_open(struct sppp *sp)
2839 {
2840         STDDCL;
2841         u_long myaddr, hisaddr;
2842
2843         sp->ipcp.flags &= ~(IPCP_HISADDR_SEEN | IPCP_MYADDR_SEEN |
2844                             IPCP_MYADDR_DYN | IPCP_VJ);
2845         sp->ipcp.opts = 0;
2846
2847         sppp_get_ip_addrs(sp, &myaddr, &hisaddr, 0);
2848         /*
2849          * If we don't have his address, this probably means our
2850          * interface doesn't want to talk IP at all.  (This could
2851          * be the case if somebody wants to speak only IPX, for
2852          * example.)  Don't open IPCP in this case.
2853          */
2854         if (hisaddr == 0L) {
2855                 /* XXX this message should go away */
2856                 if (debug)
2857                         log(LOG_DEBUG, SPP_FMT "ipcp_open(): no IP interface\n",
2858                             SPP_ARGS(ifp));
2859                 return;
2860         }
2861         if (myaddr == 0L) {
2862                 /*
2863                  * I don't have an assigned address, so i need to
2864                  * negotiate my address.
2865                  */
2866                 sp->ipcp.flags |= IPCP_MYADDR_DYN;
2867                 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
2868         } else
2869                 sp->ipcp.flags |= IPCP_MYADDR_SEEN;
2870         if (sp->confflags & CONF_ENABLE_VJ) {
2871                 sp->ipcp.opts |= (1 << IPCP_OPT_COMPRESSION);
2872                 sp->ipcp.max_state = MAX_STATES - 1;
2873                 sp->ipcp.compress_cid = 1;
2874         }
2875         sppp_open_event(&ipcp, sp);
2876 }
2877
2878 static void
2879 sppp_ipcp_close(struct sppp *sp)
2880 {
2881         sppp_close_event(&ipcp, sp);
2882         if (sp->ipcp.flags & IPCP_MYADDR_DYN)
2883                 /*
2884                  * My address was dynamic, clear it again.
2885                  */
2886                 sppp_set_ip_addr(sp, 0L);
2887 }
2888
2889 static void
2890 sppp_ipcp_TO(void *cookie)
2891 {
2892         sppp_to_event(&ipcp, (struct sppp *)cookie);
2893 }
2894
2895 /*
2896  * Analyze a configure request.  Return true if it was agreeable, and
2897  * caused action sca, false if it has been rejected or nak'ed, and
2898  * caused action scn.  (The return value is used to make the state
2899  * transition decision in the state automaton.)
2900  */
2901 static int
2902 sppp_ipcp_RCR(struct sppp *sp, struct lcp_header *h, int len)
2903 {
2904         u_char *buf, *r, *p;
2905         struct ifnet *ifp = &sp->pp_if;
2906         int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG;
2907         u_long hisaddr, desiredaddr;
2908         int gotmyaddr = 0;
2909         int desiredcomp;
2910
2911         len -= 4;
2912         origlen = len;
2913         /*
2914          * Make sure to allocate a buf that can at least hold a
2915          * conf-nak with an `address' option.  We might need it below.
2916          */
2917         buf = r = malloc ((len < 6? 6: len), M_TEMP, M_INTWAIT);
2918
2919         /* pass 1: see if we can recognize them */
2920         if (debug)
2921                 log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ",
2922                     SPP_ARGS(ifp));
2923         p = (void*) (h+1);
2924         for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2925                 if (debug)
2926                         addlog(" %s ", sppp_ipcp_opt_name(*p));
2927                 switch (*p) {
2928                 case IPCP_OPT_COMPRESSION:
2929                         if (!(sp->confflags & CONF_ENABLE_VJ)) {
2930                                 /* VJ compression administratively disabled */
2931                                 if (debug)
2932                                         addlog("[locally disabled] ");
2933                                 break;
2934                         }
2935                         /*
2936                          * In theory, we should only conf-rej an
2937                          * option that is shorter than RFC 1618
2938                          * requires (i.e. < 4), and should conf-nak
2939                          * anything else that is not VJ.  However,
2940                          * since our algorithm always uses the
2941                          * original option to NAK it with new values,
2942                          * things would become more complicated.  In
2943                          * pratice, the only commonly implemented IP
2944                          * compression option is VJ anyway, so the
2945                          * difference is negligible.
2946                          */
2947                         if (len >= 6 && p[1] == 6) {
2948                                 /*
2949                                  * correctly formed compression option
2950                                  * that could be VJ compression
2951                                  */
2952                                 continue;
2953                         }
2954                         if (debug)
2955                                 addlog("optlen %d [invalid/unsupported] ",
2956                                     p[1]);
2957                         break;
2958                 case IPCP_OPT_ADDRESS:
2959                         if (len >= 6 && p[1] == 6) {
2960                                 /* correctly formed address option */
2961                                 continue;
2962                         }
2963                         if (debug)
2964                                 addlog("[invalid] ");
2965                         break;
2966                 default:
2967                         /* Others not supported. */
2968                         if (debug)
2969                                 addlog("[rej] ");
2970                         break;
2971                 }
2972                 /* Add the option to rejected list. */
2973                 bcopy (p, r, p[1]);
2974                 r += p[1];
2975                 rlen += p[1];
2976         }
2977         if (rlen) {
2978                 if (debug)
2979                         addlog(" send conf-rej\n");
2980                 sppp_cp_send (sp, PPP_IPCP, CONF_REJ, h->ident, rlen, buf);
2981                 return 0;
2982         } else if (debug)
2983                 addlog("\n");
2984
2985         /* pass 2: parse option values */
2986         sppp_get_ip_addrs(sp, 0, &hisaddr, 0);
2987         if (debug)
2988                 log(LOG_DEBUG, SPP_FMT "ipcp parse opt values: ",
2989                        SPP_ARGS(ifp));
2990         p = (void*) (h+1);
2991         len = origlen;
2992         for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
2993                 if (debug)
2994                         addlog(" %s ", sppp_ipcp_opt_name(*p));
2995                 switch (*p) {
2996                 case IPCP_OPT_COMPRESSION:
2997                         desiredcomp = p[2] << 8 | p[3];
2998                         /* We only support VJ */
2999                         if (desiredcomp == IPCP_COMP_VJ) {
3000                                 if (debug)
3001                                         addlog("VJ [ack] ");
3002                                 sp->ipcp.flags |= IPCP_VJ;
3003                                 sl_compress_init(sp->pp_comp, p[4]);
3004                                 sp->ipcp.max_state = p[4];
3005                                 sp->ipcp.compress_cid = p[5];
3006                                 continue;
3007                         }
3008                         if (debug)
3009                                 addlog("compproto %#04x [not supported] ",
3010                                     desiredcomp);
3011                         p[2] = IPCP_COMP_VJ >> 8;
3012                         p[3] = IPCP_COMP_VJ;
3013                         p[4] = sp->ipcp.max_state;
3014                         p[5] = sp->ipcp.compress_cid;
3015                         break;
3016                 case IPCP_OPT_ADDRESS:
3017                         /* This is the address he wants in his end */
3018                         desiredaddr = p[2] << 24 | p[3] << 16 |
3019                                 p[4] << 8 | p[5];
3020                         if (desiredaddr == hisaddr ||
3021                             (hisaddr >= 1 && hisaddr <= 254 && desiredaddr != 0)) {
3022                                 /*
3023                                  * Peer's address is same as our value,
3024                                  * or we have set it to 0.0.0.* to
3025                                  * indicate that we do not really care,
3026                                  * this is agreeable.  Gonna conf-ack
3027                                  * it.
3028                                  */
3029                                 if (debug)
3030                                         addlog("%s [ack] ",
3031                                                 sppp_dotted_quad(hisaddr));
3032                                 /* record that we've seen it already */
3033                                 sp->ipcp.flags |= IPCP_HISADDR_SEEN;
3034                                 continue;
3035                         }
3036                         /*
3037                          * The address wasn't agreeable.  This is either
3038                          * he sent us 0.0.0.0, asking to assign him an
3039                          * address, or he send us another address not
3040                          * matching our value.  Either case, we gonna
3041                          * conf-nak it with our value.
3042                          * XXX: we should "rej" if hisaddr == 0
3043                          */
3044                         if (debug) {
3045                                 if (desiredaddr == 0)
3046                                         addlog("[addr requested] ");
3047                                 else
3048                                         addlog("%s [not agreed] ",
3049                                                 sppp_dotted_quad(desiredaddr));
3050
3051                         }
3052                         p[2] = hisaddr >> 24;
3053                         p[3] = hisaddr >> 16;
3054                         p[4] = hisaddr >> 8;
3055                         p[5] = hisaddr;
3056                         break;
3057                 }
3058                 /* Add the option to nak'ed list. */
3059                 bcopy (p, r, p[1]);
3060                 r += p[1];
3061                 rlen += p[1];
3062         }
3063
3064         /*
3065          * If we are about to conf-ack the request, but haven't seen
3066          * his address so far, gonna conf-nak it instead, with the
3067          * `address' option present and our idea of his address being
3068          * filled in there, to request negotiation of both addresses.
3069          *
3070          * XXX This can result in an endless req - nak loop if peer
3071          * doesn't want to send us his address.  Q: What should we do
3072          * about it?  XXX  A: implement the max-failure counter.
3073          */
3074         if (rlen == 0 && !(sp->ipcp.flags & IPCP_HISADDR_SEEN) && !gotmyaddr) {
3075                 buf[0] = IPCP_OPT_ADDRESS;
3076                 buf[1] = 6;
3077                 buf[2] = hisaddr >> 24;
3078                 buf[3] = hisaddr >> 16;
3079                 buf[4] = hisaddr >> 8;
3080                 buf[5] = hisaddr;
3081                 rlen = 6;
3082                 if (debug)
3083                         addlog("still need hisaddr ");
3084         }
3085
3086         if (rlen) {
3087                 if (debug)
3088                         addlog(" send conf-nak\n");
3089                 sppp_cp_send (sp, PPP_IPCP, CONF_NAK, h->ident, rlen, buf);
3090         } else {
3091                 if (debug)
3092                         addlog(" send conf-ack\n");
3093                 sppp_cp_send (sp, PPP_IPCP, CONF_ACK,
3094                               h->ident, origlen, h+1);
3095         }
3096
3097         free (buf, M_TEMP);
3098         return (rlen == 0);
3099 }
3100
3101 /*
3102  * Analyze the IPCP Configure-Reject option list, and adjust our
3103  * negotiation.
3104  */
3105 static void
3106 sppp_ipcp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
3107 {
3108         u_char *buf, *p;
3109         struct ifnet *ifp = &sp->pp_if;
3110         int debug = ifp->if_flags & IFF_DEBUG;
3111
3112         len -= 4;
3113         buf = malloc (len, M_TEMP, M_INTWAIT);
3114
3115         if (debug)
3116                 log(LOG_DEBUG, SPP_FMT "ipcp rej opts: ",
3117                     SPP_ARGS(ifp));
3118
3119         p = (void*) (h+1);
3120         for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
3121                 if (debug)
3122                         addlog(" %s ", sppp_ipcp_opt_name(*p));
3123                 switch (*p) {
3124                 case IPCP_OPT_COMPRESSION:
3125                         sp->ipcp.opts &= ~(1 << IPCP_OPT_COMPRESSION);
3126                         break;
3127                 case IPCP_OPT_ADDRESS:
3128                         /*
3129                          * Peer doesn't grok address option.  This is
3130                          * bad.  XXX  Should we better give up here?
3131                          * XXX We could try old "addresses" option...
3132                          */
3133                         sp->ipcp.opts &= ~(1 << IPCP_OPT_ADDRESS);
3134                         break;
3135                 }
3136         }
3137         if (debug)
3138                 addlog("\n");
3139         free (buf, M_TEMP);
3140         return;
3141 }
3142
3143 /*
3144  * Analyze the IPCP Configure-NAK option list, and adjust our
3145  * negotiation.
3146  */
3147 static void
3148 sppp_ipcp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
3149 {
3150         u_char *buf, *p;
3151         struct ifnet *ifp = &sp->pp_if;
3152         int debug = ifp->if_flags & IFF_DEBUG;
3153         int desiredcomp;
3154         u_long wantaddr;
3155
3156         len -= 4;
3157         buf = malloc (len, M_TEMP, M_INTWAIT);
3158
3159         if (debug)
3160                 log(LOG_DEBUG, SPP_FMT "ipcp nak opts: ",
3161                     SPP_ARGS(ifp));
3162
3163         p = (void*) (h+1);
3164         for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
3165                 if (debug)
3166                         addlog(" %s ", sppp_ipcp_opt_name(*p));
3167                 switch (*p) {
3168                 case IPCP_OPT_COMPRESSION:
3169                         if (len >= 6 && p[1] == 6) {
3170                                 desiredcomp = p[2] << 8 | p[3];
3171                                 if (debug)
3172                                         addlog("[wantcomp %#04x] ",
3173                                                 desiredcomp);
3174                                 if (desiredcomp == IPCP_COMP_VJ) {
3175                                         sl_compress_init(sp->pp_comp, p[4]);
3176                                         sp->ipcp.max_state = p[4];
3177                                         sp->ipcp.compress_cid = p[5];
3178                                         if (debug)
3179                                                 addlog("[agree] ");
3180                                 } else
3181                                         sp->ipcp.opts &=
3182                                                 ~(1 << IPCP_OPT_COMPRESSION);
3183                         }
3184                         break;
3185                 case IPCP_OPT_ADDRESS:
3186                         /*
3187                          * Peer doesn't like our local IP address.  See
3188                          * if we can do something for him.  We'll drop
3189                          * him our address then.
3190                          */
3191                         if (len >= 6 && p[1] == 6) {
3192                                 wantaddr = p[2] << 24 | p[3] << 16 |
3193                                         p[4] << 8 | p[5];
3194                                 sp->ipcp.opts |= (1 << IPCP_OPT_ADDRESS);
3195                                 if (debug)
3196                                         addlog("[wantaddr %s] ",
3197                                                sppp_dotted_quad(wantaddr));
3198                                 /*
3199                                  * When doing dynamic address assignment,
3200                                  * we accept his offer.  Otherwise, we
3201                                  * ignore it and thus continue to negotiate
3202                                  * our already existing value.
3203                                  * XXX: Bogus, if he said no once, he'll
3204                                  * just say no again, might as well die.
3205                                  */
3206                                 if (sp->ipcp.flags & IPCP_MYADDR_DYN) {
3207                                         sppp_set_ip_addr(sp, wantaddr);
3208                                         if (debug)
3209                                                 addlog("[agree] ");
3210                                         sp->ipcp.flags |= IPCP_MYADDR_SEEN;
3211                                 }
3212                         }
3213                         break;
3214                 }
3215         }
3216         if (debug)
3217                 addlog("\n");
3218         free (buf, M_TEMP);
3219         return;
3220 }
3221
3222 static void
3223 sppp_ipcp_tlu(struct sppp *sp)
3224 {
3225         /* we are up - notify isdn daemon */
3226         if (sp->pp_con)
3227                 sp->pp_con(sp);
3228 }
3229
3230 static void
3231 sppp_ipcp_tld(struct sppp *sp)
3232 {
3233 }
3234
3235 static void
3236 sppp_ipcp_tls(struct sppp *sp)
3237 {
3238         /* indicate to LCP that it must stay alive */
3239         sp->lcp.protos |= (1 << IDX_IPCP);
3240 }
3241
3242 static void
3243 sppp_ipcp_tlf(struct sppp *sp)
3244 {
3245         /* we no longer need LCP */
3246         sp->lcp.protos &= ~(1 << IDX_IPCP);
3247         sppp_lcp_check_and_close(sp);
3248 }
3249
3250 static void
3251 sppp_ipcp_scr(struct sppp *sp)
3252 {
3253         char opt[6 /* compression */ + 6 /* address */];
3254         u_long ouraddr;
3255         int i = 0;
3256
3257         if (sp->ipcp.opts & (1 << IPCP_OPT_COMPRESSION)) {
3258                 opt[i++] = IPCP_OPT_COMPRESSION;
3259                 opt[i++] = 6;
3260                 opt[i++] = IPCP_COMP_VJ >> 8;
3261                 opt[i++] = IPCP_COMP_VJ;
3262                 opt[i++] = sp->ipcp.max_state;
3263                 opt[i++] = sp->ipcp.compress_cid;
3264         }
3265         if (sp->ipcp.opts & (1 << IPCP_OPT_ADDRESS)) {
3266                 sppp_get_ip_addrs(sp, &ouraddr, 0, 0);
3267                 opt[i++] = IPCP_OPT_ADDRESS;
3268                 opt[i++] = 6;
3269                 opt[i++] = ouraddr >> 24;
3270                 opt[i++] = ouraddr >> 16;
3271                 opt[i++] = ouraddr >> 8;
3272                 opt[i++] = ouraddr;
3273         }
3274
3275         sp->confid[IDX_IPCP] = ++sp->pp_seq[IDX_IPCP];
3276         sppp_cp_send(sp, PPP_IPCP, CONF_REQ, sp->confid[IDX_IPCP], i, &opt);
3277 }
3278
3279 /*
3280  *--------------------------------------------------------------------------*
3281  *                                                                          *
3282  *                      The IPv6CP implementation.                          *
3283  *                                                                          *
3284  *--------------------------------------------------------------------------*
3285  */
3286
3287 #ifdef INET6
3288 static void
3289 sppp_ipv6cp_init(struct sppp *sp)
3290 {
3291         sp->ipv6cp.opts = 0;
3292         sp->ipv6cp.flags = 0;
3293         sp->state[IDX_IPV6CP] = STATE_INITIAL;
3294         sp->fail_counter[IDX_IPV6CP] = 0;
3295         sp->pp_seq[IDX_IPV6CP] = 0;
3296         sp->pp_rseq[IDX_IPV6CP] = 0;
3297 #if defined(__NetBSD__)
3298         callout_init(&sp->ch[IDX_IPV6CP]);
3299 #endif
3300 #if defined(__DragonFly__)
3301         callout_init(&sp->timeout[IDX_IPV6CP]);
3302 #endif
3303 }
3304
3305 static void
3306 sppp_ipv6cp_up(struct sppp *sp)
3307 {
3308         sppp_up_event(&ipv6cp, sp);
3309 }
3310
3311 static void
3312 sppp_ipv6cp_down(struct sppp *sp)
3313 {
3314         sppp_down_event(&ipv6cp, sp);
3315 }
3316
3317 static void
3318 sppp_ipv6cp_open(struct sppp *sp)
3319 {
3320         STDDCL;
3321         struct in6_addr myaddr, hisaddr;
3322
3323 #ifdef IPV6CP_MYIFID_DYN
3324         sp->ipv6cp.flags &= ~(IPV6CP_MYIFID_SEEN|IPV6CP_MYIFID_DYN);
3325 #else
3326         sp->ipv6cp.flags &= ~IPV6CP_MYIFID_SEEN;
3327 #endif
3328
3329         sppp_get_ip6_addrs(sp, &myaddr, &hisaddr, 0);
3330         /*
3331          * If we don't have our address, this probably means our
3332          * interface doesn't want to talk IPv6 at all.  (This could
3333          * be the case if somebody wants to speak only IPX, for
3334          * example.)  Don't open IPv6CP in this case.
3335          */
3336         if (IN6_IS_ADDR_UNSPECIFIED(&myaddr)) {
3337                 /* XXX this message should go away */
3338                 if (debug)
3339                         log(LOG_DEBUG, SPP_FMT "ipv6cp_open(): no IPv6 interface\n",
3340                             SPP_ARGS(ifp));
3341                 return;
3342         }
3343
3344         sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN;
3345         sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID);
3346         sppp_open_event(&ipv6cp, sp);
3347 }
3348
3349 static void
3350 sppp_ipv6cp_close(struct sppp *sp)
3351 {
3352         sppp_close_event(&ipv6cp, sp);
3353 }
3354
3355 static void
3356 sppp_ipv6cp_TO(void *cookie)
3357 {
3358         sppp_to_event(&ipv6cp, (struct sppp *)cookie);
3359 }
3360
3361 /*
3362  * Analyze a configure request.  Return true if it was agreeable, and
3363  * caused action sca, false if it has been rejected or nak'ed, and
3364  * caused action scn.  (The return value is used to make the state
3365  * transition decision in the state automaton.)
3366  */
3367 static int
3368 sppp_ipv6cp_RCR(struct sppp *sp, struct lcp_header *h, int len)
3369 {
3370         u_char *buf, *r, *p;
3371         struct ifnet *ifp = &sp->pp_if;
3372         int rlen, origlen, debug = ifp->if_flags & IFF_DEBUG;
3373         struct in6_addr myaddr, desiredaddr, suggestaddr;
3374         int ifidcount;
3375         int type;
3376         int collision, nohisaddr;
3377
3378         len -= 4;
3379         origlen = len;
3380         /*
3381          * Make sure to allocate a buf that can at least hold a
3382          * conf-nak with an `address' option.  We might need it below.
3383          */
3384         buf = r = malloc ((len < 6? 6: len), M_TEMP, M_INTWAIT);
3385
3386         /* pass 1: see if we can recognize them */
3387         if (debug)
3388                 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opts:",
3389                     SPP_ARGS(ifp));
3390         p = (void*) (h+1);
3391         ifidcount = 0;
3392         for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
3393                 if (debug)
3394                         addlog(" %s", sppp_ipv6cp_opt_name(*p));
3395                 switch (*p) {
3396                 case IPV6CP_OPT_IFID:
3397                         if (len >= 10 && p[1] == 10 && ifidcount == 0) {
3398                                 /* correctly formed address option */
3399                                 ifidcount++;
3400                                 continue;
3401                         }
3402                         if (debug)
3403                                 addlog(" [invalid]");
3404                         break;
3405 #ifdef notyet
3406                 case IPV6CP_OPT_COMPRESSION:
3407                         if (len >= 4 && p[1] >= 4) {
3408                                 /* correctly formed compress option */
3409                                 continue;
3410                         }
3411                         if (debug)
3412                                 addlog(" [invalid]");
3413                         break;
3414 #endif
3415                 default:
3416                         /* Others not supported. */
3417                         if (debug)
3418                                 addlog(" [rej]");
3419                         break;
3420                 }
3421                 /* Add the option to rejected list. */
3422                 bcopy (p, r, p[1]);
3423                 r += p[1];
3424                 rlen += p[1];
3425         }
3426         if (rlen) {
3427                 if (debug)
3428                         addlog(" send conf-rej\n");
3429                 sppp_cp_send (sp, PPP_IPV6CP, CONF_REJ, h->ident, rlen, buf);
3430                 goto end;
3431         } else if (debug)
3432                 addlog("\n");
3433
3434         /* pass 2: parse option values */
3435         sppp_get_ip6_addrs(sp, &myaddr, 0, 0);
3436         if (debug)
3437                 log(LOG_DEBUG, SPP_FMT "ipv6cp parse opt values: ",
3438                     SPP_ARGS(ifp));
3439         p = (void*) (h+1);
3440         len = origlen;
3441         type = CONF_ACK;
3442         for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
3443                 if (debug)
3444                         addlog(" %s", sppp_ipv6cp_opt_name(*p));
3445                 switch (*p) {
3446 #ifdef notyet
3447                 case IPV6CP_OPT_COMPRESSION:
3448                         continue;
3449 #endif
3450                 case IPV6CP_OPT_IFID:
3451                         bzero(&desiredaddr, sizeof(desiredaddr));
3452                         bcopy(&p[2], &desiredaddr.s6_addr[8], 8);
3453                         collision = (bcmp(&desiredaddr.s6_addr[8],
3454                                           &myaddr.s6_addr[8], 8) == 0);
3455                         nohisaddr = IN6_IS_ADDR_UNSPECIFIED(&desiredaddr);
3456
3457                         desiredaddr.s6_addr16[0] = htons(0xfe80);
3458                         desiredaddr.s6_addr16[1] = htons(sp->pp_if.if_index);
3459
3460                         if (!collision && !nohisaddr) {
3461                                 /* no collision, hisaddr known - Conf-Ack */
3462                                 type = CONF_ACK;
3463
3464                                 if (debug) {
3465                                         addlog(" %s [%s]",
3466                                                ip6_sprintf(&desiredaddr),
3467                                                sppp_cp_type_name(type));
3468                                 }
3469                                 continue;
3470                         }
3471
3472                         bzero(&suggestaddr, sizeof(&suggestaddr));
3473                         if (collision && nohisaddr) {
3474                                 /* collision, hisaddr unknown - Conf-Rej */
3475                                 type = CONF_REJ;
3476                                 bzero(&p[2], 8);
3477                         } else {
3478                                 /*
3479                                  * - no collision, hisaddr unknown, or
3480                                  * - collision, hisaddr known
3481                                  * Conf-Nak, suggest hisaddr
3482                                  */
3483                                 type = CONF_NAK;
3484                                 sppp_suggest_ip6_addr(sp, &suggestaddr);
3485                                 bcopy(&suggestaddr.s6_addr[8], &p[2], 8);
3486                         }
3487                         if (debug)
3488                                 addlog(" %s [%s]", ip6_sprintf(&desiredaddr),
3489                                        sppp_cp_type_name(type));
3490                         break;
3491                 }
3492                 /* Add the option to nak'ed list. */
3493                 bcopy (p, r, p[1]);
3494                 r += p[1];
3495                 rlen += p[1];
3496         }
3497
3498         if (rlen == 0 && type == CONF_ACK) {
3499                 if (debug)
3500                         addlog(" send %s\n", sppp_cp_type_name(type));
3501                 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, origlen, h+1);
3502         } else {
3503 #ifdef DIAGNOSTIC
3504                 if (type == CONF_ACK)
3505                         panic("IPv6CP RCR: CONF_ACK with non-zero rlen");
3506 #endif
3507
3508                 if (debug) {
3509                         addlog(" send %s suggest %s\n",
3510                                sppp_cp_type_name(type), ip6_sprintf(&suggestaddr));
3511                 }
3512                 sppp_cp_send (sp, PPP_IPV6CP, type, h->ident, rlen, buf);
3513         }
3514
3515  end:
3516         free (buf, M_TEMP);
3517         return (rlen == 0);
3518 }
3519
3520 /*
3521  * Analyze the IPv6CP Configure-Reject option list, and adjust our
3522  * negotiation.
3523  */
3524 static void
3525 sppp_ipv6cp_RCN_rej(struct sppp *sp, struct lcp_header *h, int len)
3526 {
3527         u_char *buf, *p;
3528         struct ifnet *ifp = &sp->pp_if;
3529         int debug = ifp->if_flags & IFF_DEBUG;
3530
3531         len -= 4;
3532         buf = malloc (len, M_TEMP, M_INTWAIT);
3533
3534         if (debug)
3535                 log(LOG_DEBUG, SPP_FMT "ipv6cp rej opts:",
3536                     SPP_ARGS(ifp));
3537
3538         p = (void*) (h+1);
3539         for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
3540                 if (debug)
3541                         addlog(" %s", sppp_ipv6cp_opt_name(*p));
3542                 switch (*p) {
3543                 case IPV6CP_OPT_IFID:
3544                         /*
3545                          * Peer doesn't grok address option.  This is
3546                          * bad.  XXX  Should we better give up here?
3547                          */
3548                         sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_IFID);
3549                         break;
3550 #ifdef notyet
3551                 case IPV6CP_OPT_COMPRESS:
3552                         sp->ipv6cp.opts &= ~(1 << IPV6CP_OPT_COMPRESS);
3553                         break;
3554 #endif
3555                 }
3556         }
3557         if (debug)
3558                 addlog("\n");
3559         free (buf, M_TEMP);
3560         return;
3561 }
3562
3563 /*
3564  * Analyze the IPv6CP Configure-NAK option list, and adjust our
3565  * negotiation.
3566  */
3567 static void
3568 sppp_ipv6cp_RCN_nak(struct sppp *sp, struct lcp_header *h, int len)
3569 {
3570         u_char *buf, *p;
3571         struct ifnet *ifp = &sp->pp_if;
3572         int debug = ifp->if_flags & IFF_DEBUG;
3573         struct in6_addr suggestaddr;
3574
3575         len -= 4;
3576         buf = malloc (len, M_TEMP, M_INTWAIT);
3577
3578         if (debug)
3579                 log(LOG_DEBUG, SPP_FMT "ipv6cp nak opts:",
3580                     SPP_ARGS(ifp));
3581
3582         p = (void*) (h+1);
3583         for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
3584                 if (debug)
3585                         addlog(" %s", sppp_ipv6cp_opt_name(*p));
3586                 switch (*p) {
3587                 case IPV6CP_OPT_IFID:
3588                         /*
3589                          * Peer doesn't like our local ifid.  See
3590                          * if we can do something for him.  We'll drop
3591                          * him our address then.
3592                          */
3593                         if (len < 10 || p[1] != 10)
3594                                 break;
3595                         bzero(&suggestaddr, sizeof(suggestaddr));
3596                         suggestaddr.s6_addr16[0] = htons(0xfe80);
3597                         suggestaddr.s6_addr16[1] = htons(sp->pp_if.if_index);
3598                         bcopy(&p[2], &suggestaddr.s6_addr[8], 8);
3599
3600                         sp->ipv6cp.opts |= (1 << IPV6CP_OPT_IFID);
3601                         if (debug)
3602                                 addlog(" [suggestaddr %s]",
3603                                        ip6_sprintf(&suggestaddr));
3604 #ifdef IPV6CP_MYIFID_DYN
3605                         /*
3606                          * When doing dynamic address assignment,
3607                          * we accept his offer.
3608                          */
3609                         if (sp->ipv6cp.flags & IPV6CP_MYIFID_DYN) {
3610                                 struct in6_addr lastsuggest;
3611                                 /*
3612                                  * If <suggested myaddr from peer> equals to
3613                                  * <hisaddr we have suggested last time>,
3614                                  * we have a collision.  generate new random
3615                                  * ifid.
3616                                  */
3617                                 sppp_suggest_ip6_addr(&lastsuggest);
3618                                 if (IN6_ARE_ADDR_EQUAL(&suggestaddr,
3619                                                        lastsuggest)) {
3620                                         if (debug)
3621                                                 addlog(" [random]");
3622                                         sppp_gen_ip6_addr(sp, &suggestaddr);
3623                                 }
3624                                 sppp_set_ip6_addr(sp, &suggestaddr, 0);
3625                                 if (debug)
3626                                         addlog(" [agree]");
3627                                 sp->ipv6cp.flags |= IPV6CP_MYIFID_SEEN;
3628                         }
3629 #else
3630                         /*
3631                          * Since we do not do dynamic address assignment,
3632                          * we ignore it and thus continue to negotiate
3633                          * our already existing value.  This can possibly
3634                          * go into infinite request-reject loop.
3635                          *
3636                          * This is not likely because we normally use
3637                          * ifid based on MAC-address.
3638                          * If you have no ethernet card on the node, too bad.
3639                          * XXX should we use fail_counter?
3640                          */
3641 #endif
3642                         break;
3643 #ifdef notyet
3644                 case IPV6CP_OPT_COMPRESS:
3645                         /*
3646                          * Peer wants different compression parameters.
3647                          */
3648                         break;
3649 #endif
3650                 }
3651         }
3652         if (debug)
3653                 addlog("\n");
3654         free (buf, M_TEMP);
3655         return;
3656 }
3657 static void
3658 sppp_ipv6cp_tlu(struct sppp *sp)
3659 {
3660         /* we are up - notify isdn daemon */
3661         if (sp->pp_con)
3662                 sp->pp_con(sp);
3663 }
3664
3665 static void
3666 sppp_ipv6cp_tld(struct sppp *sp)
3667 {
3668 }
3669
3670 static void
3671 sppp_ipv6cp_tls(struct sppp *sp)
3672 {
3673         /* indicate to LCP that it must stay alive */
3674         sp->lcp.protos |= (1 << IDX_IPV6CP);
3675 }
3676
3677 static void
3678 sppp_ipv6cp_tlf(struct sppp *sp)
3679 {
3680
3681 #if 0   /* need #if 0 to close IPv6CP properly */
3682         /* we no longer need LCP */
3683         sp->lcp.protos &= ~(1 << IDX_IPV6CP);
3684         sppp_lcp_check_and_close(sp);
3685 #endif
3686 }
3687
3688 static void
3689 sppp_ipv6cp_scr(struct sppp *sp)
3690 {
3691         char opt[10 /* ifid */ + 4 /* compression, minimum */];
3692         struct in6_addr ouraddr;
3693         int i = 0;
3694
3695         if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_IFID)) {
3696                 sppp_get_ip6_addrs(sp, &ouraddr, 0, 0);
3697                 opt[i++] = IPV6CP_OPT_IFID;
3698                 opt[i++] = 10;
3699                 bcopy(&ouraddr.s6_addr[8], &opt[i], 8);
3700                 i += 8;
3701         }
3702
3703 #ifdef notyet
3704         if (sp->ipv6cp.opts & (1 << IPV6CP_OPT_COMPRESSION)) {
3705                 opt[i++] = IPV6CP_OPT_COMPRESSION;
3706                 opt[i++] = 4;
3707                 opt[i++] = 0;   /* TBD */
3708                 opt[i++] = 0;   /* TBD */
3709                 /* variable length data may follow */
3710         }
3711 #endif
3712
3713         sp->confid[IDX_IPV6CP] = ++sp->pp_seq[IDX_IPV6CP];
3714         sppp_cp_send(sp, PPP_IPV6CP, CONF_REQ, sp->confid[IDX_IPV6CP], i, &opt);
3715 }
3716 #else /*INET6*/
3717 static void sppp_ipv6cp_init(struct sppp *sp)
3718 {
3719 }
3720
3721 static void sppp_ipv6cp_up(struct sppp *sp)
3722 {
3723 }
3724
3725 static void sppp_ipv6cp_down(struct sppp *sp)
3726 {
3727 }
3728
3729
3730 static void sppp_ipv6cp_open(struct sppp *sp)
3731 {
3732 }
3733
3734 static void sppp_ipv6cp_close(struct sppp *sp)
3735 {
3736 }
3737
3738 static void sppp_ipv6cp_TO(void *sp)
3739 {
<