mirror/lwip
1
0
Fork 0
mirror of https://github.com/lwip-tcpip/lwip.git synced 2024-07-02 19:08:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ppp-new'

Browse Source 
Based from pppd 2.4.5, released 2009-11-17, with huge changes to match
code size and memory requirements for embedded devices, including:
- Gluing together the previous low-level PPP code in lwIP to pppd 2.4.5, which
  is more or less what pppd sys-* files are, so that we get something working
  using the unix port.
- Merged some patchs from lwIP Git repository which add interesting features
  or fix bugs.
- Merged some patchs from Debian pppd package which add interesting features
  or fix bugs.
- Ported PPP timeout handling to the lwIP timers system
- Disabled all the PPP code using filesystem access, replaced in necessary cases
  to configuration variables.
- Disabled all the PPP code forking processes.
- Removed IPX support, lwIP does not support IPX.
- Ported and improved random module from the previous PPP port.
- Removed samba TDB (file-driven database) usage, because it needs a filesystem.
- MS-CHAP required a DES implementation, we added the latest PolarSSL DES
  implementation which is under a BSD-ish license.
- Also switched to PolarSSL MD4,MD5,SHA1 implementations, which are meant to be
  used in embedded devices with reduced memory footprint.
- Removed PPP configuration file parsing support.
- Added macro definition EAP_SUPPORT to make EAP support optional.
- Added macro definition CHAP_SUPPORT to make CHAP support optional.
- Added macro definition MSCHAP_SUPPORT to make MSCHAP support optional.
- Added macro definition PAP_SUPPORT to make PAP support optional.
- Cleared all Linux syscall calls.
- Disabled demand support using a macro, so that it can be ported later.
- Disabled ECP support using a macro, so that it can be ported later.
- Disabled CCP support using a macro, so that it can be ported later.
- Disabled CBCP support using a macro, so that it can be ported later.
- Disabled LQR support using a macro, so that it can be ported later.
- Print packet debug feature optional, through PRINTPKT_SUPPORT
- Removed POSIX signal usage.
- Fully ported PPPoS code from the previous port.
- Fully ported PPPoE code from the previous port.
- Fully ported VJ compression protocol code from the previous port.
- Removed all malloc()/free() use from PPP, replaced by stack usage or PBUF.
- Disabled PPP server support using a macro, so that it can be ported later.
- Switched all PPP debug to lwIP debug system.
- Created PPP Control Block (PPP PCB), removed PPP unit integer everywhere,
  removed all global variables everywhere, did everything necessary for
  the PPP stack to support more than one PPP session (pppd only support
  one session per process).
- Removed the statically allocated output buffer, now using PBUF.
- Improved structure size of all PPP modules, deep analyze of code to reduce
  variables size to the bare minimum. Switched all boolean type (char type in
  most architecture) to compiler generated bitfields.
- Added PPP IPv6 support, glued lwIP IPv6 support to PPP.
- Now using a persistent netif interface which can then be used in lwIP
  functions requiring a netif.
- Now initializing PPP in lwip_init() function.
- Reworked completely the PPP state machine, so that we don't end up in
  anymore in inconsistent state, especially with PPPoE.
- Improved the way we handle PPP reconnection after disconnect, cleaning
  everything required so that we start the PPP connection again from a
  clean state.
- Added PPP holdoff support, allow the lwIP user to wait a little bit before
  reconnecting, prevents connection flood, especially when using PPPoL2TP.
- Added PPPoL2TP LAC support (a.k.a. UDP tunnels), adding a VPN client
  feature to lwIP, L2TP being a widely used tunnel protocol.
- Switched all used PPP types to lwIP types (u8t, u16t, u32t, ...)
- Added PPP API "sequential" thread-safe API, based from NETIFAPI.
This commit is contained in:
Sylvain Rochet 2014-05-22 21:25:58 +02:00
commit 7fe7e1e984
81 changed files with 26937 additions and 10517 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
CHANGELOG
View File

@ -26,6 +26,71 @@ HISTORY
* icmp, icmp6, opt.h: patch #8027: Completed HW checksuming for IPv4 and
IPv6 ICMP's
2012-08-22: Sylvain Rochet
* New PPP stack for lwIP, developed in ppp-new branch.
Based from pppd 2.4.5, released 2009-11-17, with huge changes to match
code size and memory requirements for embedded devices, including:
- Gluing together the previous low-level PPP code in lwIP to pppd 2.4.5, which
is more or less what pppd sys-* files are, so that we get something working
using the unix port.
- Merged some patchs from lwIP Git repository which add interesting features
or fix bugs.
- Merged some patchs from Debian pppd package which add interesting features
or fix bugs.
- Ported PPP timeout handling to the lwIP timers system
- Disabled all the PPP code using filesystem access, replaced in necessary cases
to configuration variables.
- Disabled all the PPP code forking processes.
- Removed IPX support, lwIP does not support IPX.
- Ported and improved random module from the previous PPP port.
- Removed samba TDB (file-driven database) usage, because it needs a filesystem.
- MS-CHAP required a DES implementation, we added the latest PolarSSL DES
implementation which is under a BSD-ish license.
- Also switched to PolarSSL MD4,MD5,SHA1 implementations, which are meant to be
used in embedded devices with reduced memory footprint.
- Removed PPP configuration file parsing support.
- Added macro definition EAP_SUPPORT to make EAP support optional.
- Added macro definition CHAP_SUPPORT to make CHAP support optional.
- Added macro definition MSCHAP_SUPPORT to make MSCHAP support optional.
- Added macro definition PAP_SUPPORT to make PAP support optional.
- Cleared all Linux syscall calls.
- Disabled demand support using a macro, so that it can be ported later.
- Disabled ECP support using a macro, so that it can be ported later.
- Disabled CCP support using a macro, so that it can be ported later.
- Disabled CBCP support using a macro, so that it can be ported later.
- Disabled LQR support using a macro, so that it can be ported later.
- Print packet debug feature optional, through PRINTPKT_SUPPORT
- Removed POSIX signal usage.
- Fully ported PPPoS code from the previous port.
- Fully ported PPPoE code from the previous port.
- Fully ported VJ compression protocol code from the previous port.
- Removed all malloc()/free() use from PPP, replaced by stack usage or PBUF.
- Disabled PPP server support using a macro, so that it can be ported later.
- Switched all PPP debug to lwIP debug system.
- Created PPP Control Block (PPP PCB), removed PPP unit integer everywhere,
removed all global variables everywhere, did everything necessary for
the PPP stack to support more than one PPP session (pppd only support
one session per process).
- Removed the statically allocated output buffer, now using PBUF.
- Improved structure size of all PPP modules, deep analyze of code to reduce
variables size to the bare minimum. Switched all boolean type (char type in
most architecture) to compiler generated bitfields.
- Added PPP IPv6 support, glued lwIP IPv6 support to PPP.
- Now using a persistent netif interface which can then be used in lwIP
functions requiring a netif.
- Now initializing PPP in lwip_init() function.
- Reworked completely the PPP state machine, so that we don't end up in
anymore in inconsistent state, especially with PPPoE.
- Improved the way we handle PPP reconnection after disconnect, cleaning
everything required so that we start the PPP connection again from a
clean state.
- Added PPP holdoff support, allow the lwIP user to wait a little bit before
reconnecting, prevents connection flood, especially when using PPPoL2TP.
- Added PPPoL2TP LAC support (a.k.a. UDP tunnels), adding a VPN client
feature to lwIP, L2TP being a widely used tunnel protocol.
- Switched all used PPP types to lwIP types (u8t, u16t, u32t, ...)
- Added PPP API "sequential" thread-safe API, based from NETIFAPI.
2012-03-25: Simon Goldschmidt (idea by Mason)
* posix/*: added posix-compatibility include files posix/netdb.h and posix/sys/socket.h
which are a simple wrapper to the correct lwIP include files.

383
src/api/pppapi.c Normal file
View File

@ -0,0 +1,383 @@
/**
* @file
* Point To Point Protocol Sequential API module
*
*/
/*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
* SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
* OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
* OF SUCH DAMAGE.
*
* This file is part of the lwIP TCP/IP stack.
*
*/
#include "lwip/opt.h"
#if LWIP_PPP_API /* don't build if not configured for use in lwipopts.h */
#include "lwip/pppapi.h"
#include "lwip/tcpip.h"
/**
* Call ppp_new() inside the tcpip_thread context.
*/
static void pppapi_do_ppp_new(struct pppapi_msg_msg *msg) {
msg->ppp = ppp_new();
TCPIP_PPPAPI_ACK(msg);
}
/**
* Call ppp_new() in a thread-safe way by running that function inside the
* tcpip_thread context.
*/
ppp_pcb *pppapi_new(void) {
struct pppapi_msg msg;
msg.function = pppapi_do_ppp_new;
TCPIP_PPPAPI(&msg);
return msg.msg.ppp;
}
/**
* Call ppp_set_default() inside the tcpip_thread context.
*/
static void pppapi_do_ppp_set_default(struct pppapi_msg_msg *msg) {
ppp_set_default(msg->ppp);
TCPIP_PPPAPI_ACK(msg);
}
/**
* Call ppp_set_default() in a thread-safe way by running that function inside the
* tcpip_thread context.
*/
void pppapi_set_default(ppp_pcb *pcb) {
struct pppapi_msg msg;
msg.function = pppapi_do_ppp_set_default;
msg.msg.ppp = pcb;
TCPIP_PPPAPI(&msg);
}
/**
* Call ppp_set_auth() inside the tcpip_thread context.
*/
static void pppapi_do_ppp_set_auth(struct pppapi_msg_msg *msg) {
ppp_set_auth(msg->ppp, msg->msg.setauth.authtype,
msg->msg.setauth.user, msg->msg.setauth.passwd);
TCPIP_PPPAPI_ACK(msg);
}
/**
* Call ppp_set_auth() in a thread-safe way by running that function inside the
* tcpip_thread context.
*/
void pppapi_set_auth(ppp_pcb *pcb, u8_t authtype, char *user, char *passwd) {
struct pppapi_msg msg;
msg.function = pppapi_do_ppp_set_auth;
msg.msg.ppp = pcb;
msg.msg.msg.setauth.authtype = authtype;
msg.msg.msg.setauth.user = user;
msg.msg.msg.setauth.passwd = passwd;
TCPIP_PPPAPI(&msg);
}
#if PPP_NOTIFY_PHASE
/**
* Call ppp_set_notify_phase_callback() inside the tcpip_thread context.
*/
static void pppapi_do_ppp_set_notify_phase_callback(struct pppapi_msg_msg *msg) {
ppp_set_notify_phase_callback(msg->ppp, msg->msg.setnotifyphasecb.notify_phase_cb);
TCPIP_PPPAPI_ACK(msg);
}
/**
* Call ppp_set_notify_phase_callback() in a thread-safe way by running that function inside the
* tcpip_thread context.
*/
void pppapi_set_notify_phase_callback(ppp_pcb *pcb, ppp_notify_phase_cb_fn notify_phase_cb) {
struct pppapi_msg msg;
msg.function = pppapi_do_ppp_set_notify_phase_callback;
msg.msg.ppp = pcb;
msg.msg.msg.setnotifyphasecb.notify_phase_cb = notify_phase_cb;
TCPIP_PPPAPI(&msg);
}
#endif /* PPP_NOTIFY_PHASE */
#if PPPOS_SUPPORT
/**
* Call ppp_over_serial_create() inside the tcpip_thread context.
*/
static void pppapi_do_ppp_over_serial_create(struct pppapi_msg_msg *msg) {
msg->err = ppp_over_serial_create(msg->ppp, msg->msg.serialcreate.fd,
msg->msg.serialcreate.link_status_cb, msg->msg.serialcreate.ctx_cb);
TCPIP_PPPAPI_ACK(msg);
}
/**
* Call ppp_over_serial_create() in a thread-safe way by running that function inside the
* tcpip_thread context.
*/
int pppapi_over_serial_create(ppp_pcb *pcb, sio_fd_t fd, ppp_link_status_cb_fn link_status_cb, void *ctx_cb) {
struct pppapi_msg msg;
msg.function = pppapi_do_ppp_over_serial_create;
msg.msg.ppp = pcb;
msg.msg.msg.serialcreate.fd = fd;
msg.msg.msg.serialcreate.link_status_cb = link_status_cb;
msg.msg.msg.serialcreate.ctx_cb = ctx_cb;
TCPIP_PPPAPI(&msg);
return msg.msg.err;
}
#endif /* PPPOS_SUPPORT */
#if PPPOE_SUPPORT
/**
* Call ppp_over_ethernet_create() inside the tcpip_thread context.
*/
static void pppapi_do_ppp_over_ethernet_create(struct pppapi_msg_msg *msg) {
msg->err = ppp_over_ethernet_create(msg->ppp, msg->msg.ethernetcreate.ethif,
msg->msg.ethernetcreate.service_name, msg->msg.ethernetcreate.concentrator_name,
msg->msg.ethernetcreate.link_status_cb, msg->msg.ethernetcreate.ctx_cb);
TCPIP_PPPAPI_ACK(msg);
}
/**
* Call ppp_over_ethernet_create() in a thread-safe way by running that function inside the
* tcpip_thread context.
*/
int pppapi_over_ethernet_create(ppp_pcb *pcb, struct netif *ethif, const char *service_name,
const char *concentrator_name, ppp_link_status_cb_fn link_status_cb,
void *ctx_cb) {
struct pppapi_msg msg;
msg.function = pppapi_do_ppp_over_ethernet_create;
msg.msg.ppp = pcb;
msg.msg.msg.ethernetcreate.ethif = ethif;
msg.msg.msg.ethernetcreate.service_name = service_name;
msg.msg.msg.ethernetcreate.concentrator_name = concentrator_name;
msg.msg.msg.ethernetcreate.link_status_cb = link_status_cb;
msg.msg.msg.ethernetcreate.ctx_cb = ctx_cb;
TCPIP_PPPAPI(&msg);
return msg.msg.err;
}
#endif /* PPPOE_SUPPORT */
#if PPPOL2TP_SUPPORT
/**
* Call ppp_over_l2tp_create() inside the tcpip_thread context.
*/
static void pppapi_do_ppp_over_l2tp_create(struct pppapi_msg_msg *msg) {
msg->err = ppp_over_l2tp_create(msg->ppp,
msg->msg.l2tpcreate.netif, msg->msg.l2tpcreate.ipaddr, msg->msg.l2tpcreate.port,
#if PPPOL2TP_AUTH_SUPPORT
msg->msg.l2tpcreate.secret,
msg->msg.l2tpcreate.secret_len,
#else /* PPPOL2TP_AUTH_SUPPORT */
NULL,
#endif /* PPPOL2TP_AUTH_SUPPORT */
msg->msg.l2tpcreate.link_status_cb, msg->msg.l2tpcreate.ctx_cb);
TCPIP_PPPAPI_ACK(msg);
}
/**
* Call ppp_over_l2tp_create() in a thread-safe way by running that function inside the
* tcpip_thread context.
*/
int pppapi_over_l2tp_create(ppp_pcb *pcb, struct netif *netif, ip_addr_t *ipaddr, u16_t port,
u8_t *secret, u8_t secret_len,
ppp_link_status_cb_fn link_status_cb, void *ctx_cb) {
struct pppapi_msg msg;
msg.function = pppapi_do_ppp_over_l2tp_create;
msg.msg.ppp = pcb;
msg.msg.msg.l2tpcreate.netif = netif;
msg.msg.msg.l2tpcreate.ipaddr = ipaddr;
msg.msg.msg.l2tpcreate.port = port;
#if PPPOL2TP_AUTH_SUPPORT
msg.msg.msg.l2tpcreate.secret = secret;
msg.msg.msg.l2tpcreate.secret_len = secret_len;
#endif /* PPPOL2TP_AUTH_SUPPORT */
msg.msg.msg.l2tpcreate.link_status_cb = link_status_cb;
msg.msg.msg.l2tpcreate.ctx_cb = ctx_cb;
TCPIP_PPPAPI(&msg);
return msg.msg.err;
}
#endif /* PPPOL2TP_SUPPORT */
/**
* Call ppp_open() inside the tcpip_thread context.
*/
static void pppapi_do_ppp_open(struct pppapi_msg_msg *msg) {
msg->err = ppp_open(msg->ppp, msg->msg.open.holdoff);
TCPIP_PPPAPI_ACK(msg);
}
/**
* Call ppp_open() in a thread-safe way by running that function inside the
* tcpip_thread context.
*/
int pppapi_open(ppp_pcb *pcb, u16_t holdoff) {
struct pppapi_msg msg;
msg.function = pppapi_do_ppp_open;
msg.msg.ppp = pcb;
msg.msg.msg.open.holdoff = holdoff;
TCPIP_PPPAPI(&msg);
return msg.msg.err;
}
/**
* Call ppp_close() inside the tcpip_thread context.
*/
static void pppapi_do_ppp_close(struct pppapi_msg_msg *msg) {
msg->err = ppp_close(msg->ppp);
TCPIP_PPPAPI_ACK(msg);
}
/**
* Call ppp_close() in a thread-safe way by running that function inside the
* tcpip_thread context.
*/
int pppapi_close(ppp_pcb *pcb) {
struct pppapi_msg msg;
msg.function = pppapi_do_ppp_close;
msg.msg.ppp = pcb;
TCPIP_PPPAPI(&msg);
return msg.msg.err;
}
/**
* Call ppp_sighup() inside the tcpip_thread context.
*/
static void pppapi_do_ppp_sighup(struct pppapi_msg_msg *msg) {
ppp_sighup(msg->ppp);
TCPIP_PPPAPI_ACK(msg);
}
/**
* Call ppp_sighup() in a thread-safe way by running that function inside the
* tcpip_thread context.
*/
void pppapi_sighup(ppp_pcb *pcb) {
struct pppapi_msg msg;
msg.function = pppapi_do_ppp_sighup;
msg.msg.ppp = pcb;
TCPIP_PPPAPI(&msg);
}
/**
* Call ppp_delete() inside the tcpip_thread context.
*/
static void pppapi_do_ppp_delete(struct pppapi_msg_msg *msg) {
msg->err = ppp_delete(msg->ppp);
TCPIP_PPPAPI_ACK(msg);
}
/**
* Call ppp_delete() in a thread-safe way by running that function inside the
* tcpip_thread context.
*/
int pppapi_delete(ppp_pcb *pcb) {
struct pppapi_msg msg;
msg.function = pppapi_do_ppp_delete;
msg.msg.ppp = pcb;
TCPIP_PPPAPI(&msg);
return msg.msg.err;
}
/**
* Call ppp_ioctl() inside the tcpip_thread context.
*/
static void pppapi_do_ppp_ioctl(struct pppapi_msg_msg *msg) {
msg->err = ppp_ioctl(msg->ppp, msg->msg.ioctl.cmd, msg->msg.ioctl.arg);
TCPIP_PPPAPI_ACK(msg);
}
/**
* Call ppp_ioctl() in a thread-safe way by running that function inside the
* tcpip_thread context.
*/
int pppapi_ioctl(ppp_pcb *pcb, int cmd, void *arg) {
struct pppapi_msg msg;
msg.function = pppapi_do_ppp_ioctl;
msg.msg.ppp = pcb;
msg.msg.msg.ioctl.cmd = cmd;
msg.msg.msg.ioctl.arg = arg;
TCPIP_PPPAPI(&msg);
return msg.msg.err;
}
#if LWIP_NETIF_STATUS_CALLBACK
/**
* Call ppp_set_netif_statuscallback() inside the tcpip_thread context.
*/
static void pppapi_do_ppp_set_netif_statuscallback(struct pppapi_msg_msg *msg) {
ppp_set_netif_statuscallback(msg->ppp, msg->msg.netifstatuscallback.status_callback);
TCPIP_PPPAPI_ACK(msg);
}
/**
* Call ppp_set_netif_statuscallback() in a thread-safe way by running that function inside the
* tcpip_thread context.
*/
void pppapi_set_netif_statuscallback(ppp_pcb *pcb, netif_status_callback_fn status_callback) {
struct pppapi_msg msg;
msg.function = pppapi_do_ppp_set_netif_statuscallback;
msg.msg.ppp = pcb;
msg.msg.msg.netifstatuscallback.status_callback = status_callback;
TCPIP_PPPAPI(&msg);
}
#endif /* LWIP_NETIF_STATUS_CALLBACK */
#if LWIP_NETIF_LINK_CALLBACK
/**
* Call ppp_set_netif_linkcallback() inside the tcpip_thread context.
*/
static void pppapi_do_ppp_set_netif_linkcallback(struct pppapi_msg_msg *msg) {
ppp_set_netif_linkcallback(msg->ppp, msg->msg.netiflinkcallback.link_callback);
TCPIP_PPPAPI_ACK(msg);
}
/**
* Call ppp_set_netif_linkcallback() in a thread-safe way by running that function inside the
* tcpip_thread context.
*/
void pppapi_set_netif_linkcallback(ppp_pcb *pcb, netif_status_callback_fn link_callback) {
struct pppapi_msg msg;
msg.function = pppapi_do_ppp_set_netif_linkcallback;
msg.msg.ppp = pcb;
msg.msg.msg.netiflinkcallback.link_callback = link_callback;
TCPIP_PPPAPI(&msg);
}
#endif /* LWIP_NETIF_LINK_CALLBACK */
#endif /* LWIP_PPP_API */

59
src/api/tcpip.c
View File

@ -48,7 +48,7 @@
#include "lwip/init.h"
#include "lwip/ip.h"
#include "netif/etharp.h"
#include "netif/ppp_oe.h"
#include "netif/ppp/pppoe.h"
#define TCPIP_MSG_VAR_REF(name) API_VAR_REF(name)
#define TCPIP_MSG_VAR_DECLARE(name) API_VAR_DECLARE(struct tcpip_msg, name)
@ -133,6 +133,13 @@ tcpip_thread(void *arg)
break;
#endif /* LWIP_NETIF_API */
#if LWIP_PPP_API
case TCPIP_MSG_PPPAPI:
LWIP_DEBUGF(TCPIP_DEBUG, ("tcpip_thread: PPP API message %p\n", (void *)msg));
msg->msg.pppapimsg->function(&(msg->msg.pppapimsg->msg));
break;
#endif /* LWIP_PPP_API */
#if LWIP_TCPIP_TIMEOUT
case TCPIP_MSG_TIMEOUT:
LWIP_DEBUGF(TCPIP_DEBUG, ("tcpip_thread: TIMEOUT %p\n", (void *)msg));
@ -395,6 +402,56 @@ tcpip_netifapi_lock(struct netifapi_msg* netifapimsg)
#endif /* !LWIP_TCPIP_CORE_LOCKING */
#endif /* LWIP_NETIF_API */
#if LWIP_PPP_API
#if !LWIP_TCPIP_CORE_LOCKING
/**
* Much like tcpip_apimsg, but calls the lower part of a pppapi_*
* function.
*
* @param pppapimsg a struct containing the function to call and its parameters
* @return error code given back by the function that was called
*/
err_t
tcpip_pppapi(struct pppapi_msg* pppapimsg)
{
struct tcpip_msg msg;
if (sys_mbox_valid(&mbox)) {
err_t err = sys_sem_new(&pppapimsg->msg.sem, 0);
if (err != ERR_OK) {
pppapimsg->msg.err = err;
return err;
}
msg.type = TCPIP_MSG_PPPAPI;
msg.msg.pppapimsg = pppapimsg;
sys_mbox_post(&mbox, &msg);
sys_sem_wait(&pppapimsg->msg.sem);
sys_sem_free(&pppapimsg->msg.sem);
return pppapimsg->msg.err;
}
return ERR_VAL;
}
#else /* !LWIP_TCPIP_CORE_LOCKING */
/**
* Call the lower part of a pppapi_* function
* This function has exclusive access to lwIP core code by locking it
* before the function is called.
*
* @param pppapimsg a struct containing the function to call and its parameters
* @return ERR_OK (only for compatibility fo tcpip_pppapi())
*/
err_t
tcpip_pppapi_lock(struct pppapi_msg* pppapimsg)
{
LOCK_TCPIP_CORE();
pppapimsg->function(&(pppapimsg->msg));
UNLOCK_TCPIP_CORE();
return pppapimsg->msg.err;
}
#endif /* !LWIP_TCPIP_CORE_LOCKING */
#endif /* LWIP_PPP_API */
/**
* Allocate a structure for a static callback message and initialize it.
* This is intended to be used to send "static" messages from interrupt context.

4
src/core/init.c
View File

@ -60,6 +60,7 @@
#include "lwip/nd6.h"
#include "lwip/mld6.h"
#include "lwip/api.h"
#include "netif/ppp/ppp.h"
/* Compile-time sanity checks for configuration errors.
* These can be done independently of LWIP_DEBUG, without penalty.
@ -347,6 +348,9 @@ lwip_init(void)
mld6_init();
#endif /* LWIP_IPV6_MLD */
#endif /* LWIP_IPV6 */
#if PPP_SUPPORT
ppp_init();
#endif
#if LWIP_TIMERS
sys_timeouts_init();

4
src/core/memp.c
View File

@ -58,7 +58,9 @@
#include "lwip/snmp_structs.h"
#include "lwip/snmp_msg.h"
#include "lwip/dns.h"
#include "netif/ppp_oe.h"
#include "netif/ppp/ppp.h"
#include "netif/ppp/pppoe.h"
#include "netif/ppp/pppol2tp.h"
#include "lwip/nd6.h"
#include "lwip/ip6_frag.h"
#include "lwip/mld6.h"

13
src/include/lwip/memp_std.h
View File

@ -99,9 +99,16 @@ LWIP_MEMPOOL(NETDB, MEMP_NUM_NETDB, NETDB_ELEM_SIZE,
#if LWIP_DNS && DNS_LOCAL_HOSTLIST && DNS_LOCAL_HOSTLIST_IS_DYNAMIC
LWIP_MEMPOOL(LOCALHOSTLIST, MEMP_NUM_LOCALHOSTLIST, LOCALHOSTLIST_ELEM_SIZE, "LOCALHOSTLIST")
#endif /* LWIP_DNS && DNS_LOCAL_HOSTLIST && DNS_LOCAL_HOSTLIST_IS_DYNAMIC */
#if PPP_SUPPORT && PPPOE_SUPPORT
LWIP_MEMPOOL(PPPOE_IF, MEMP_NUM_PPPOE_INTERFACES, sizeof(struct pppoe_softc), "PPPOE_IF")
#endif /* PPP_SUPPORT && PPPOE_SUPPORT */
#if PPP_SUPPORT
LWIP_MEMPOOL(PPP_PCB, MEMP_NUM_PPP_PCB, sizeof(ppp_pcb), "PPP_PCB")
#if PPPOE_SUPPORT
LWIP_MEMPOOL(PPPOE_IF, MEMP_NUM_PPPOE_INTERFACES, sizeof(struct pppoe_softc), "PPPOE_IF")
#endif /* PPPOE_SUPPORT */
#if PPPOL2TP_SUPPORT
LWIP_MEMPOOL(PPPOL2TP_PCB, MEMP_NUM_PPPOL2TP_INTERFACES, sizeof(pppol2tp_pcb), "PPPOL2TP_PCB")
#endif /* PPPOL2TP_SUPPORT */
#endif /* PPP_SUPPORT */
#if LWIP_IPV6 && LWIP_ND6_QUEUEING
LWIP_MEMPOOL(ND6_QUEUE, MEMP_NUM_ND6_QUEUE, sizeof(struct nd6_q_entry), "ND6_QUEUE")

222
src/include/lwip/opt.h
View File

@ -323,7 +323,7 @@
* The formula expects settings to be either '0' or '1'.
*/
#ifndef MEMP_NUM_SYS_TIMEOUT
#define MEMP_NUM_SYS_TIMEOUT (LWIP_TCP + IP_REASSEMBLY + LWIP_ARP + (2*LWIP_DHCP) + LWIP_AUTOIP + LWIP_IGMP + LWIP_DNS + PPP_SUPPORT + (LWIP_IPV6 ? (1 + LWIP_IPV6_REASS + LWIP_IPV6_MLD) : 0))
#define MEMP_NUM_SYS_TIMEOUT (LWIP_TCP + IP_REASSEMBLY + LWIP_ARP + (2*LWIP_DHCP) + LWIP_AUTOIP + LWIP_IGMP + LWIP_DNS + (PPP_SUPPORT*6*MEMP_NUM_PPP_PCB) + (LWIP_IPV6 ? (1 + LWIP_IPV6_REASS + LWIP_IPV6_MLD) : 0))
#endif
/**
@ -409,6 +409,14 @@
#define MEMP_NUM_LOCALHOSTLIST 1
#endif
/**
* MEMP_NUM_PPP_PCB: the number of simultaneously active PPP
* connections (requires the PPP_SUPPORT option)
*/
#ifndef MEMP_NUM_PPP_PCB
#define MEMP_NUM_PPP_PCB 1
#endif
/**
* MEMP_NUM_PPPOE_INTERFACES: the number of concurrently active PPPoE
* interfaces (only used with PPPOE_SUPPORT==1)
@ -417,6 +425,14 @@
#define MEMP_NUM_PPPOE_INTERFACES 1
#endif
/**
* MEMP_NUM_PPPOL2TP_INTERFACES: the number of concurrently active PPPoL2TP
* interfaces (only used with PPPOL2TP_SUPPORT==1)
*/
#ifndef MEMP_NUM_PPPOL2TP_INTERFACES
#define MEMP_NUM_PPPOL2TP_INTERFACES 1
#endif
/**
* PBUF_POOL_SIZE: the number of buffers in the pbuf pool.
*/
@ -1360,31 +1376,6 @@
#define SLIPIF_THREAD_PRIO 1
#endif
/**
* PPP_THREAD_NAME: The name assigned to the pppInputThread.
*/
#ifndef PPP_THREAD_NAME
#define PPP_THREAD_NAME "pppInputThread"
#endif
/**
* PPP_THREAD_STACKSIZE: The stack size used by the pppInputThread.
* The stack size value itself is platform-dependent, but is passed to
* sys_thread_new() when the thread is created.
*/
#ifndef PPP_THREAD_STACKSIZE
#define PPP_THREAD_STACKSIZE 0
#endif
/**
* PPP_THREAD_PRIO: The priority assigned to the pppInputThread.
* The priority value itself is platform-dependent, but is passed to
* sys_thread_new() when the thread is created.
*/
#ifndef PPP_THREAD_PRIO
#define PPP_THREAD_PRIO 1
#endif
/**
* DEFAULT_THREAD_NAME: The name assigned to any other lwIP thread.
*/
@ -1761,6 +1752,20 @@
#define PPPOE_SUPPORT 0
#endif
/**
* PPPOL2TP_SUPPORT==1: Enable PPP Over L2TP
*/
#ifndef PPPOL2TP_SUPPORT
#define PPPOL2TP_SUPPORT 0
#endif
/**
* PPPOL2TP_AUTH_SUPPORT==1: Enable PPP Over L2TP Auth (enable MD5 support)
*/
#ifndef PPPOL2TP_AUTH_SUPPORT
#define PPPOL2TP_AUTH_SUPPORT PPPOL2TP_SUPPORT
#endif
/**
* PPPOS_SUPPORT==1: Enable PPP Over Serial
*/
@ -1771,10 +1776,40 @@
#if PPP_SUPPORT
/**
* NUM_PPP: Max PPP sessions.
* PPP_INPROC_MULTITHREADED==1 call ppp_input() using tcpip_callback().
* Set this to 0 if pppos_input() is called inside tcpip_thread or with NO_SYS==1.
* Default is 1 for NO_SYS==0 (multithreaded) and 0 for NO_SYS==1 (single-threaded).
*/
#ifndef NUM_PPP
#define NUM_PPP 1
#ifndef PPP_INPROC_MULTITHREADED
#define PPP_INPROC_MULTITHREADED (NO_SYS==0)
#endif
/**
* LWIP_PPP_API==1: Support PPP API (in pppapi.c)
*/
#ifndef LWIP_PPP_API
#define LWIP_PPP_API 0
#endif
/**
* pbuf_type PPP is using for LCP, PAP, CHAP, EAP, IPCP and IP6CP packets.
*
* Memory allocated must be single buffered for PPP to works, it requires pbuf
* that are not going to be chained when allocated. This requires setting
* PBUF_POOL_BUFSIZE to at least 512 bytes, which is quite huge for small systems.
*
* Setting PPP_USE_PBUF_RAM to 1 makes PPP use memory from heap where continuous
* buffers are required, allowing you to use a smaller PBUF_POOL_BUFSIZE.
*/
#ifndef PPP_USE_PBUF_RAM
#define PPP_USE_PBUF_RAM 0
#endif
/**
* PPP_FCS_TABLE: Keep a 256*2 byte table to speed up FCS calculation
*/
#ifndef PPP_FCS_TABLE
#define PPP_FCS_TABLE 1
#endif
/**
@ -1792,11 +1827,15 @@
#endif
/**
* MSCHAP_SUPPORT==1: Support MSCHAP. CURRENTLY NOT SUPPORTED! DO NOT SET!
* MSCHAP_SUPPORT==1: Support MSCHAP.
*/
#ifndef MSCHAP_SUPPORT
#define MSCHAP_SUPPORT 0
#endif
#if MSCHAP_SUPPORT
#undef CHAP_SUPPORT
#define CHAP_SUPPORT 1 /* MSCHAP require CHAP support */
#endif /* MSCHAP_SUPPORT */
/**
* CBCP_SUPPORT==1: Support CBCP. CURRENTLY NOT SUPPORTED! DO NOT SET!
@ -1813,19 +1852,92 @@
#endif
/**
* VJ_SUPPORT==1: Support VJ header compression.
* ECP_SUPPORT==1: Support ECP. CURRENTLY NOT SUPPORTED! DO NOT SET!
*/
#ifndef VJ_SUPPORT
#define VJ_SUPPORT 0
#ifndef ECP_SUPPORT
#define ECP_SUPPORT 0
#endif
/**
* MD5_SUPPORT==1: Support MD5 (see also CHAP).
* LQR_SUPPORT==1: Support Link Quality Report. Do nothing except exchanging some LCP packets.
*/
#ifndef MD5_SUPPORT
#define MD5_SUPPORT 0
#ifndef LQR_SUPPORT
#define LQR_SUPPORT 0
#endif
/**
* VJ_SUPPORT==1: Support VJ header compression.
*/
#ifndef VJ_SUPPORT
#define VJ_SUPPORT 1
#endif
#if !PPPOS_SUPPORT
#undef VJ_SUPPORT
#define VJ_SUPPORT 0 /* Only PPPoS may need VJ compression */
#endif /* !PPPOS_SUPPORT */
/**
* PPP_MD5_RANDM==1: Use MD5 for better randomness. Automatically enabled if CHAP or L2TP AUTH support is enabled.
*/
#ifndef PPP_MD5_RANDM
#define PPP_MD5_RANDM 0
#endif
#if CHAP_SUPPORT || PPPOL2TP_AUTH_SUPPORT
#undef PPP_MD5_RANDM
#define PPP_MD5_RANDM 1 /* MD5 Random is required for CHAP and L2TP AUTH */
#endif /* CHAP_SUPPORT || PPPOL2TP_AUTH_SUPPORT */
/**
* PolarSSL library, used if necessary and not previously disabled
*
*
* lwIP contains some files fetched from the latest BSD release of
* the PolarSSL project for ciphers and encryption methods we need for lwIP
* PPP support.
*
* The PolarSSL files were cleaned to contain only the necessary struct
* fields and functions needed for lwIP.
*
* The PolarSSL API was not changed at all, so if you are already using
* PolarSSL you can choose to skip the compilation of the included PolarSSL
* library into lwIP:
*
* The following defines are available for flexibility:
*
* LWIP_INCLUDED_POLARSSL_MD4 ; Use lwIP internal PolarSSL for MD4
* LWIP_INCLUDED_POLARSSL_MD5 ; Use lwIP internal PolarSSL for MD5
* LWIP_INCLUDED_POLARSSL_SHA1 ; Use lwIP internal PolarSSL for SHA1
* LWIP_INCLUDED_POLARSSL_DES ; Use lwIP internal PolarSSL for DES
*
* If set (=1), the default if required by another enabled PPP feature unless
* explicitly set to 0, using included lwIP PolarSSL.
*
* If clear (=0), using external PolarSSL.
*
* Undefined if not needed.
*
* Beware of the stack requirements which can be a lot larger if you are not
* using our cleaned PolarSSL library.
*/
#if CHAP_SUPPORT || EAP_SUPPORT || PPPOL2TP_AUTH_SUPPORT || PPP_MD5_RANDM
#ifndef LWIP_INCLUDED_POLARSSL_MD5
#define LWIP_INCLUDED_POLARSSL_MD5 1 /* CHAP, EAP, L2TP AUTH and MD5 Random require MD5 support */
#endif /* LWIP_INCLUDED_POLARSSL_MD5 */
#endif /* CHAP_SUPPORT || EAP_SUPPORT || PPPOL2TP_AUTH_SUPPORT || PPP_MD5_RANDM */
#if MSCHAP_SUPPORT
#ifndef LWIP_INCLUDED_POLARSSL_MD4
#define LWIP_INCLUDED_POLARSSL_MD4 1 /* MSCHAP require MD4 support */
#endif /* LWIP_INCLUDED_POLARSSL_MD4 */
#ifndef LWIP_INCLUDED_POLARSSL_SHA1
#define LWIP_INCLUDED_POLARSSL_SHA1 1 /* MSCHAP require SHA1 support */
#endif /* LWIP_INCLUDED_POLARSSL_SHA1 */
#ifndef LWIP_INCLUDED_POLARSSL_DES
#define LWIP_INCLUDED_POLARSSL_DES 1 /* MSCHAP require DES support */
#endif /* LWIP_INCLUDED_POLARSSL_DES */
#endif /* MSCHAP_SUPPORT */
/*
* Timeouts
*/
@ -1849,18 +1961,54 @@
#define UPAP_DEFTIMEOUT 6 /* Timeout (seconds) for retransmitting req */
#endif
#ifndef UPAP_DEFTRANSMITS
#define UPAP_DEFTRANSMITS 10 /* Maximum number of auth-reqs to send */
#endif
#if PPP_SERVER
#ifndef UPAP_DEFREQTIME
#define UPAP_DEFREQTIME 30 /* Time to wait for auth-req from peer */
#endif
#endif /* PPP_SERVER */
#ifndef CHAP_DEFTIMEOUT
#define CHAP_DEFTIMEOUT 6 /* Timeout time in seconds */
#define CHAP_DEFTIMEOUT 6 /* Timeout (seconds) for retransmitting req */
#endif
#ifndef CHAP_DEFTRANSMITS
#define CHAP_DEFTRANSMITS 10 /* max # times to send challenge */
#endif
#if PPP_SERVER
#ifndef CHAP_DEFREQTIME
#define CHAP_DEFREQTIME 30 /* Time to wait for auth-req from peer */
#endif
#endif /* PPP_SERVER */
#ifndef EAP_DEFREQTIME
#define EAP_DEFREQTIME 6 /* Time to wait for peer request */
#endif
#ifndef EAP_DEFALLOWREQ
#define EAP_DEFALLOWREQ 10 /* max # times to accept requests */
#endif
#if PPP_SERVER
#ifndef EAP_DEFTIMEOUT
#define EAP_DEFTIMEOUT 6 /* Timeout (seconds) for rexmit */
#endif
#ifndef EAP_DEFTRANSMITS
#define EAP_DEFTRANSMITS 10 /* max # times to transmit */
#endif
#endif /* PPP_SERVER */
/* Default number of times we receive our magic number from the peer
before deciding the link is looped-back. */
#ifndef LCP_DEFLOOPBACKFAIL
#define LCP_DEFLOOPBACKFAIL 10
#endif
/* Interval in seconds between keepalive echo requests, 0 to disable. */
#ifndef LCP_ECHOINTERVAL
#define LCP_ECHOINTERVAL 0

151
src/include/lwip/pppapi.h Normal file
View File

@ -0,0 +1,151 @@
/*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
* SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
* OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
* OF SUCH DAMAGE.
*
* This file is part of the lwIP TCP/IP stack.
*
*/
#ifndef __LWIP_PPPAPI_H__
#define __LWIP_PPPAPI_H__
#include "lwip/opt.h"
#if LWIP_PPP_API /* don't build if not configured for use in lwipopts.h */
#include "lwip/sys.h"
#include "netif/ppp/ppp.h"
#ifdef __cplusplus
extern "C" {
#endif
struct pppapi_msg_msg {
#if !LWIP_TCPIP_CORE_LOCKING
sys_sem_t sem;
#endif /* !LWIP_TCPIP_CORE_LOCKING */
int err;
ppp_pcb *ppp;
union {
struct {
u8_t authtype;
char *user;
char *passwd;
} setauth;
#if PPP_NOTIFY_PHASE
struct {
ppp_notify_phase_cb_fn notify_phase_cb;
} setnotifyphasecb;
#endif /* PPP_NOTIFY_PHASE */
#if PPPOS_SUPPORT
struct {
sio_fd_t fd;
ppp_link_status_cb_fn link_status_cb;
void *ctx_cb;
} serialcreate;
#endif /* PPPOS_SUPPORT */
#if PPPOE_SUPPORT
struct {
struct netif *ethif;
const char *service_name;
const char *concentrator_name;
ppp_link_status_cb_fn link_status_cb;
void *ctx_cb;
} ethernetcreate;
#endif /* PPPOE_SUPPORT */
#if PPPOL2TP_SUPPORT
struct {
struct netif *netif;
ip_addr_t *ipaddr;
u16_t port;
#if PPPOL2TP_AUTH_SUPPORT
u8_t *secret;
u8_t secret_len;
#endif /* PPPOL2TP_AUTH_SUPPORT */
ppp_link_status_cb_fn link_status_cb;
void *ctx_cb;
} l2tpcreate;
#endif /* PPPOL2TP_SUPPORT */
struct {
u16_t holdoff;
} open;
struct {
int cmd;
void *arg;
} ioctl;
#if LWIP_NETIF_STATUS_CALLBACK
struct {
netif_status_callback_fn status_callback;
} netifstatuscallback;
#endif /* LWIP_NETIF_STATUS_CALLBACK */
#if LWIP_NETIF_LINK_CALLBACK
struct {
netif_status_callback_fn link_callback;
} netiflinkcallback;
#endif /* LWIP_NETIF_LINK_CALLBACK */
} msg;
};
struct pppapi_msg {
void (* function)(struct pppapi_msg_msg *msg);
struct pppapi_msg_msg msg;
};
/* API for application */
ppp_pcb *pppapi_new(void);
void pppapi_set_default(ppp_pcb *pcb);
void pppapi_set_auth(ppp_pcb *pcb, u8_t authtype, char *user, char *passwd);
#if PPP_NOTIFY_PHASE
void pppapi_set_notify_phase_callback(ppp_pcb *pcb, ppp_notify_phase_cb_fn notify_phase_cb);
#endif /* PPP_NOTIFY_PHASE */
#if PPPOS_SUPPORT
int pppapi_over_serial_create(ppp_pcb *pcb, sio_fd_t fd, ppp_link_status_cb_fn link_status_cb, void *ctx_cb);
#endif /* PPPOS_SUPPORT */
#if PPPOE_SUPPORT
int pppapi_over_ethernet_create(ppp_pcb *pcb, struct netif *ethif, const char *service_name,
const char *concentrator_name, ppp_link_status_cb_fn link_status_cb,
void *ctx_cb);
#endif /* PPPOE_SUPPORT */
#if PPPOL2TP_SUPPORT
int pppapi_over_l2tp_create(ppp_pcb *pcb, struct netif *netif, ip_addr_t *ipaddr, u16_t port,
u8_t *secret, u8_t secret_len,
ppp_link_status_cb_fn link_status_cb, void *ctx_cb);
#endif /* PPPOL2TP_SUPPORT */
int pppapi_open(ppp_pcb *pcb, u16_t holdoff);
int pppapi_close(ppp_pcb *pcb);
void pppapi_sighup(ppp_pcb *pcb);
int pppapi_delete(ppp_pcb *pcb);
int pppapi_ioctl(ppp_pcb *pcb, int cmd, void *arg);
#if LWIP_NETIF_STATUS_CALLBACK
void pppapi_set_netif_statuscallback(ppp_pcb *pcb, netif_status_callback_fn status_callback);
#endif /* LWIP_NETIF_STATUS_CALLBACK */
#if LWIP_NETIF_LINK_CALLBACK
void pppapi_set_netif_linkcallback(ppp_pcb *pcb, netif_status_callback_fn link_callback);
#endif /* LWIP_NETIF_LINK_CALLBACK */
#ifdef __cplusplus
}
#endif
#endif /* LWIP_PPP_API */
#endif /* __LWIP_PPPAPI_H__ */

18
src/include/lwip/tcpip.h
View File

@ -38,6 +38,7 @@
#include "lwip/api_msg.h"
#include "lwip/netifapi.h"
#include "lwip/pppapi.h"
#include "lwip/pbuf.h"
#include "lwip/api.h"
#include "lwip/sys.h"
@ -77,6 +78,8 @@ extern sys_mutex_t lock_tcpip_core;
#define TCPIP_APIMSG_ACK(m)
#define TCPIP_NETIFAPI(m) tcpip_netifapi_lock(m)
#define TCPIP_NETIFAPI_ACK(m)
#define TCPIP_PPPAPI(m) tcpip_pppapi_lock(m)
#define TCPIP_PPPAPI_ACK(m)
#else /* LWIP_TCPIP_CORE_LOCKING */
#define LOCK_TCPIP_CORE()
#define UNLOCK_TCPIP_CORE()
@ -85,6 +88,8 @@ extern sys_mutex_t lock_tcpip_core;
#define TCPIP_APIMSG_ACK(m) sys_sem_signal(&m->conn->op_completed)
#define TCPIP_NETIFAPI(m) tcpip_netifapi(m)
#define TCPIP_NETIFAPI_ACK(m) sys_sem_signal(&m->sem)
#define TCPIP_PPPAPI(m) tcpip_pppapi(m)
#define TCPIP_PPPAPI_ACK(m) sys_sem_signal(&m->sem)
#endif /* LWIP_TCPIP_CORE_LOCKING */
@ -139,6 +144,13 @@ err_t tcpip_netifapi_lock(struct netifapi_msg *netifapimsg);
#endif /* LWIP_TCPIP_CORE_LOCKING */
#endif /* LWIP_NETIF_API */
#if LWIP_PPP_API
err_t tcpip_pppapi(struct pppapi_msg *pppapimsg);
#if LWIP_TCPIP_CORE_LOCKING
err_t tcpip_pppapi_lock(struct pppapi_msg *pppapimsg);
#endif /* LWIP_TCPIP_CORE_LOCKING */
#endif /* LWIP_PPP_API */
err_t tcpip_callback_with_block(tcpip_callback_fn function, void *ctx, u8_t block);
#define tcpip_callback(f, ctx) tcpip_callback_with_block(f, ctx, 1)
@ -163,6 +175,9 @@ enum tcpip_msg_type {
#if LWIP_NETIF_API
TCPIP_MSG_NETIFAPI,
#endif /* LWIP_NETIF_API */
#if LWIP_PPP_API
TCPIP_MSG_PPPAPI,
#endif /* LWIP_PPP_API */
#if LWIP_TCPIP_TIMEOUT
TCPIP_MSG_TIMEOUT,
TCPIP_MSG_UNTIMEOUT,
@ -181,6 +196,9 @@ struct tcpip_msg {
#if LWIP_NETIF_API
struct netifapi_msg *netifapimsg;
#endif /* LWIP_NETIF_API */
#if LWIP_PPP_API
struct pppapi_msg *pppapimsg;
#endif /* LWIP_PPP_API */
struct {
struct pbuf *p;
struct netif *netif;

57
src/include/netif/ppp/ccp.h Normal file
View File

@ -0,0 +1,57 @@
/*
* ccp.h - Definitions for PPP Compression Control Protocol.
*
* Copyright (c) 1994-2002 Paul Mackerras. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. The name(s) of the authors of this software must not be used to
* endorse or promote products derived from this software without
* prior written permission.
*
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
* <paulus@samba.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
* SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* $Id: ccp.h,v 1.12 2004/11/04 10:02:26 paulus Exp $
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && CCP_SUPPORT /* don't build if not configured for use in lwipopts.h */
typedef struct ccp_options {
bool bsd_compress; /* do BSD Compress? */
bool deflate; /* do Deflate? */
bool predictor_1; /* do Predictor-1? */
bool predictor_2; /* do Predictor-2? */
bool deflate_correct; /* use correct code for deflate? */
bool deflate_draft; /* use draft RFC code for deflate? */
bool mppe; /* do MPPE? */
u_short bsd_bits; /* # bits/code for BSD Compress */
u_short deflate_size; /* lg(window size) for Deflate */
short method; /* code for chosen compression method */
} ccp_options;
extern fsm ccp_fsm[];
extern ccp_options ccp_wantoptions[];
extern ccp_options ccp_gotoptions[];
extern ccp_options ccp_allowoptions[];
extern ccp_options ccp_hisoptions[];
extern const struct protent ccp_protent;
#endif /* PPP_SUPPORT && CCP_SUPPORT */

36
src/include/netif/ppp/chap-md5.h Normal file
View File

@ -0,0 +1,36 @@
/*
* chap-md5.h - New CHAP/MD5 implementation.
*
* Copyright (c) 2003 Paul Mackerras. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. The name(s) of the authors of this software must not be used to
* endorse or promote products derived from this software without
* prior written permission.
*
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
* <paulus@samba.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
* SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && CHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
extern const struct chap_digest_type md5_digest;
#endif /* PPP_SUPPORT && CHAP_SUPPORT */

193
src/include/netif/ppp/chap-new.h Normal file
View File

@ -0,0 +1,193 @@
/*
* chap-new.c - New CHAP implementation.
*
* Copyright (c) 2003 Paul Mackerras. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. The name(s) of the authors of this software must not be used to
* endorse or promote products derived from this software without
* prior written permission.
*
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
* <paulus@samba.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
* SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && CHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#ifndef CHAP_H
#define CHAP_H
#include "ppp.h"
/*
* CHAP packets begin with a standard header with code, id, len (2 bytes).
*/
#define CHAP_HDRLEN 4
/*
* Values for the code field.
*/
#define CHAP_CHALLENGE 1
#define CHAP_RESPONSE 2
#define CHAP_SUCCESS 3
#define CHAP_FAILURE 4
/*
* CHAP digest codes.
*/
#define CHAP_MD5 5
#if MSCHAP_SUPPORT
#define CHAP_MICROSOFT 0x80
#define CHAP_MICROSOFT_V2 0x81
#endif /* MSCHAP_SUPPORT */
/*
* Semi-arbitrary limits on challenge and response fields.
*/
#define MAX_CHALLENGE_LEN 64
#define MAX_RESPONSE_LEN 64
/*
* These limits apply to challenge and response packets we send.
* The +4 is the +1 that we actually need rounded up.
*/
#define CHAL_MAX_PKTLEN (PPP_HDRLEN + CHAP_HDRLEN + 4 + MAX_CHALLENGE_LEN + MAXNAMELEN)
#define RESP_MAX_PKTLEN (PPP_HDRLEN + CHAP_HDRLEN + 4 + MAX_RESPONSE_LEN + MAXNAMELEN)
/* bitmask of supported algorithms */
#if MSCHAP_SUPPORT
#define MDTYPE_MICROSOFT_V2 0x1
#define MDTYPE_MICROSOFT 0x2
#endif /* MSCHAP_SUPPORT */
#define MDTYPE_MD5 0x4
#define MDTYPE_NONE 0
#if MSCHAP_SUPPORT
/* Return the digest alg. ID for the most preferred digest type. */
#define CHAP_DIGEST(mdtype) \
((mdtype) & MDTYPE_MD5)? CHAP_MD5: \
((mdtype) & MDTYPE_MICROSOFT_V2)? CHAP_MICROSOFT_V2: \
((mdtype) & MDTYPE_MICROSOFT)? CHAP_MICROSOFT: \
0
#else /* !MSCHAP_SUPPORT */
#define CHAP_DIGEST(mdtype) \
((mdtype) & MDTYPE_MD5)? CHAP_MD5: \
0
#endif /* MSCHAP_SUPPORT */
/* Return the bit flag (lsb set) for our most preferred digest type. */
#define CHAP_MDTYPE(mdtype) ((mdtype) ^ ((mdtype) - 1)) & (mdtype)
/* Return the bit flag for a given digest algorithm ID. */
#if MSCHAP_SUPPORT
#define CHAP_MDTYPE_D(digest) \
((digest) == CHAP_MICROSOFT_V2)? MDTYPE_MICROSOFT_V2: \
((digest) == CHAP_MICROSOFT)? MDTYPE_MICROSOFT: \
((digest) == CHAP_MD5)? MDTYPE_MD5: \
0
#else /* !MSCHAP_SUPPORT */
#define CHAP_MDTYPE_D(digest) \
((digest) == CHAP_MD5)? MDTYPE_MD5: \
0
#endif /* MSCHAP_SUPPORT */
/* Can we do the requested digest? */
#if MSCHAP_SUPPORT
#define CHAP_CANDIGEST(mdtype, digest) \
((digest) == CHAP_MICROSOFT_V2)? (mdtype) & MDTYPE_MICROSOFT_V2: \
((digest) == CHAP_MICROSOFT)? (mdtype) & MDTYPE_MICROSOFT: \
((digest) == CHAP_MD5)? (mdtype) & MDTYPE_MD5: \
0
#else /* !MSCHAP_SUPPORT */
#define CHAP_CANDIGEST(mdtype, digest) \
((digest) == CHAP_MD5)? (mdtype) & MDTYPE_MD5: \
0
#endif /* MSCHAP_SUPPORT */
/*
* The code for each digest type has to supply one of these.
*/
struct chap_digest_type {
int code;
#if PPP_SERVER
/*
* Note: challenge and response arguments below are formatted as
* a length byte followed by the actual challenge/response data.
*/
void (*generate_challenge)(unsigned char *challenge);
int (*verify_response)(int id, char *name,
unsigned char *secret, int secret_len,
unsigned char *challenge, unsigned char *response,
char *message, int message_space);
#endif /* PPP_SERVER */
void (*make_response)(unsigned char *response, int id, char *our_name,
unsigned char *challenge, char *secret, int secret_len,
unsigned char *priv);
int (*check_success)(unsigned char *pkt, int len, unsigned char *priv);
void (*handle_failure)(unsigned char *pkt, int len);
};
/*
* Each interface is described by chap structure.
*/
#if CHAP_SUPPORT
typedef struct chap_client_state {
u8_t flags;
char *name;
const struct chap_digest_type *digest;
unsigned char priv[64]; /* private area for digest's use */
} chap_client_state;
#if PPP_SERVER
typedef struct chap_server_state {
u8_t flags;
int id;
char *name;
const struct chap_digest_type *digest;
int challenge_xmits;
int challenge_pktlen;
unsigned char challenge[CHAL_MAX_PKTLEN];
char message[256];
} chap_server_state;
#endif /* PPP_SERVER */
#endif /* CHAP_SUPPORT */
#if 0 /* UNUSED */
/* Hook for a plugin to validate CHAP challenge */
extern int (*chap_verify_hook)(char *name, char *ourname, int id,
const struct chap_digest_type *digest,
unsigned char *challenge, unsigned char *response,
char *message, int message_space);
#endif /* UNUSED */
#if PPP_SERVER
/* Called by authentication code to start authenticating the peer. */
extern void chap_auth_peer(ppp_pcb *pcb, char *our_name, int digest_code);
#endif /* PPP_SERVER */
/* Called by auth. code to start authenticating us to the peer. */
extern void chap_auth_with_peer(ppp_pcb *pcb, char *our_name, int digest_code);
/* Represents the CHAP protocol to the main pppd code */
extern const struct protent chap_protent;
#endif /* CHAP_H */
#endif /* PPP_SUPPORT && CHAP_SUPPORT */

115
src/include/netif/ppp/chap_ms.h Normal file
View File

@ -0,0 +1,115 @@
/*
* chap_ms.h - Challenge Handshake Authentication Protocol definitions.
*
* Copyright (c) 1995 Eric Rosenquist. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The name(s) of the authors of this software must not be used to
* endorse or promote products derived from this software without
* prior written permission.
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
* SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* $Id: chap_ms.h,v 1.13 2004/11/15 22:13:26 paulus Exp $
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && MSCHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#ifndef __CHAPMS_INCLUDE__
#define MD4_SIGNATURE_SIZE 16 /* 16 bytes in a MD4 message digest */
#define MAX_NT_PASSWORD 256 /* Max (Unicode) chars in an NT pass */
#define MS_CHAP_RESPONSE_LEN 49 /* Response length for MS-CHAP */
#define MS_CHAP2_RESPONSE_LEN 49 /* Response length for MS-CHAPv2 */
#define MS_AUTH_RESPONSE_LENGTH 40 /* MS-CHAPv2 authenticator response, */
/* as ASCII */
/* Error codes for MS-CHAP failure messages. */
#define MS_CHAP_ERROR_RESTRICTED_LOGON_HOURS 646
#define MS_CHAP_ERROR_ACCT_DISABLED 647
#define MS_CHAP_ERROR_PASSWD_EXPIRED 648
#define MS_CHAP_ERROR_NO_DIALIN_PERMISSION 649
#define MS_CHAP_ERROR_AUTHENTICATION_FAILURE 691
#define MS_CHAP_ERROR_CHANGING_PASSWORD 709
/*
* Offsets within the response field for MS-CHAP
*/
#define MS_CHAP_LANMANRESP 0
#define MS_CHAP_LANMANRESP_LEN 24
#define MS_CHAP_NTRESP 24
#define MS_CHAP_NTRESP_LEN 24
#define MS_CHAP_USENT 48
/*
* Offsets within the response field for MS-CHAP2
*/
#define MS_CHAP2_PEER_CHALLENGE 0
#define MS_CHAP2_PEER_CHAL_LEN 16
#define MS_CHAP2_RESERVED_LEN 8
#define MS_CHAP2_NTRESP 24
#define MS_CHAP2_NTRESP_LEN 24
#define MS_CHAP2_FLAGS 48
#ifdef MPPE
#include "mppe.h" /* MPPE_MAX_KEY_LEN */
extern u_char mppe_send_key[MPPE_MAX_KEY_LEN];
extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN];
extern int mppe_keys_set;
/* These values are the RADIUS attribute values--see RFC 2548. */
#define MPPE_ENC_POL_ENC_ALLOWED 1
#define MPPE_ENC_POL_ENC_REQUIRED 2
#define MPPE_ENC_TYPES_RC4_40 2
#define MPPE_ENC_TYPES_RC4_128 4
/* used by plugins (using above values) */
extern void set_mppe_enc_types(int, int);
#endif
/* Are we the authenticator or authenticatee? For MS-CHAPv2 key derivation. */
#define MS_CHAP2_AUTHENTICATEE 0
#define MS_CHAP2_AUTHENTICATOR 1
void ChapMS (u_char *, char *, int, u_char *);
void ChapMS2 (u_char *, u_char *, char *, char *, int,
u_char *, u_char[MS_AUTH_RESPONSE_LENGTH+1], int);
#ifdef MPPE
void mppe_set_keys (u_char *, u_char[MD4_SIGNATURE_SIZE]);
void mppe_set_keys2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
u_char NTResponse[24], int IsServer);
#endif
void ChallengeHash (u_char[16], u_char *, char *, u_char[8]);
void GenerateAuthenticatorResponse(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
u_char NTResponse[24], u_char PeerChallenge[16],
u_char *rchallenge, char *username,
u_char authResponse[MS_AUTH_RESPONSE_LENGTH+1]);
extern const struct chap_digest_type chapms_digest;
extern const struct chap_digest_type chapms2_digest;
#define __CHAPMS_INCLUDE__
#endif /* __CHAPMS_INCLUDE__ */
#endif /* PPP_SUPPORT && MSCHAP_SUPPORT */

168
src/include/netif/ppp/eap.h Normal file
View File

@ -0,0 +1,168 @@
/*
* eap.h - Extensible Authentication Protocol for PPP (RFC 2284)
*
* Copyright (c) 2001 by Sun Microsystems, Inc.
* All rights reserved.
*
* Non-exclusive rights to redistribute, modify, translate, and use
* this software in source and binary forms, in whole or in part, is
* hereby granted, provided that the above copyright notice is
* duplicated in any source form, and that neither the name of the
* copyright holder nor the author is used to endorse or promote
* products derived from this software.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* Original version by James Carlson
*
* $Id: eap.h,v 1.2 2003/06/11 23:56:26 paulus Exp $
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && EAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#ifndef PPP_EAP_H
#define PPP_EAP_H
#include "ppp.h"
#ifdef __cplusplus
extern "C" {
#endif
/*
* Packet header = Code, id, length.
*/
#define EAP_HEADERLEN 4
/* EAP message codes. */
#define EAP_REQUEST 1
#define EAP_RESPONSE 2
#define EAP_SUCCESS 3
#define EAP_FAILURE 4
/* EAP types */
#define EAPT_IDENTITY 1
#define EAPT_NOTIFICATION 2
#define EAPT_NAK 3 /* (response only) */
#define EAPT_MD5CHAP 4
#define EAPT_OTP 5 /* One-Time Password; RFC 1938 */
#define EAPT_TOKEN 6 /* Generic Token Card */
/* 7 and 8 are unassigned. */
#define EAPT_RSA 9 /* RSA Public Key Authentication */
#define EAPT_DSS 10 /* DSS Unilateral */
#define EAPT_KEA 11 /* KEA */
#define EAPT_KEA_VALIDATE 12 /* KEA-VALIDATE */
#define EAPT_TLS 13 /* EAP-TLS */
#define EAPT_DEFENDER 14 /* Defender Token (AXENT) */
#define EAPT_W2K 15 /* Windows 2000 EAP */
#define EAPT_ARCOT 16 /* Arcot Systems */
#define EAPT_CISCOWIRELESS 17 /* Cisco Wireless */
#define EAPT_NOKIACARD 18 /* Nokia IP smart card */
#define EAPT_SRP 19 /* Secure Remote Password */
/* 20 is deprecated */
/* EAP SRP-SHA1 Subtypes */
#define EAPSRP_CHALLENGE 1 /* Request 1 - Challenge */
#define EAPSRP_CKEY 1 /* Response 1 - Client Key */
#define EAPSRP_SKEY 2 /* Request 2 - Server Key */
#define EAPSRP_CVALIDATOR 2 /* Response 2 - Client Validator */
#define EAPSRP_SVALIDATOR 3 /* Request 3 - Server Validator */
#define EAPSRP_ACK 3 /* Response 3 - final ack */
#define EAPSRP_LWRECHALLENGE 4 /* Req/resp 4 - Lightweight rechal */
#define SRPVAL_EBIT 0x00000001 /* Use shared key for ECP */
#define SRP_PSEUDO_ID "pseudo_"
#define SRP_PSEUDO_LEN 7
#define MD5_SIGNATURE_SIZE 16
#define EAP_MIN_CHALLENGE_LENGTH 16
#define EAP_MAX_CHALLENGE_LENGTH 24
#define EAP_STATES \
"Initial", "Pending", "Closed", "Listen", "Identify", \
"SRP1", "SRP2", "SRP3", "MD5Chall", "Open", "SRP4", "BadAuth"
#define eap_client_active(pcb) ((pcb)->eap.es_client.ea_state == eapListen)
#if PPP_SERVER
#define eap_server_active(pcb) \
((pcb)->eap.es_server.ea_state >= eapIdentify && \
(pcb)->eap.es_server.ea_state <= eapMD5Chall)
#endif /* PPP_SERVER */
/*
* Complete EAP state for one PPP session.
*/
enum eap_state_code {
eapInitial = 0, /* No EAP authentication yet requested */
eapPending, /* Waiting for LCP (no timer) */
eapClosed, /* Authentication not in use */
eapListen, /* Client ready (and timer running) */
eapIdentify, /* EAP Identify sent */
eapSRP1, /* Sent EAP SRP-SHA1 Subtype 1 */
eapSRP2, /* Sent EAP SRP-SHA1 Subtype 2 */
eapSRP3, /* Sent EAP SRP-SHA1 Subtype 3 */
eapMD5Chall, /* Sent MD5-Challenge */
eapOpen, /* Completed authentication */
eapSRP4, /* Sent EAP SRP-SHA1 Subtype 4 */
eapBadAuth /* Failed authentication */
};
struct eap_auth {
char *ea_name; /* Our name */
char *ea_peer; /* Peer's name */
void *ea_session; /* Authentication library linkage */
u_char *ea_skey; /* Shared encryption key */
u_short ea_namelen; /* Length of our name */
u_short ea_peerlen; /* Length of peer's name */
enum eap_state_code ea_state;
u_char ea_id; /* Current id */
u_char ea_requests; /* Number of Requests sent/received */
u_char ea_responses; /* Number of Responses */
u_char ea_type; /* One of EAPT_* */
u32_t ea_keyflags; /* SRP shared key usage flags */
};
#ifndef EAP_MAX_CHALLENGE_LENGTH
#define EAP_MAX_CHALLENGE_LENGTH 24
#endif
typedef struct eap_state {
struct eap_auth es_client; /* Client (authenticatee) data */
#if PPP_SERVER
struct eap_auth es_server; /* Server (authenticator) data */
#endif /* PPP_SERVER */
int es_savedtime; /* Saved timeout */
int es_rechallenge; /* EAP rechallenge interval */
int es_lwrechallenge; /* SRP lightweight rechallenge inter */
u8_t es_usepseudo; /* Use SRP Pseudonym if offered one */
int es_usedpseudo; /* Set if we already sent PN */
int es_challen; /* Length of challenge string */
u_char es_challenge[EAP_MAX_CHALLENGE_LENGTH];
} eap_state;
/*
* Timeouts.
*/
#if 0 /* moved to opt.h */
#define EAP_DEFTIMEOUT 3 /* Timeout (seconds) for rexmit */
#define EAP_DEFTRANSMITS 10 /* max # times to transmit */
#define EAP_DEFREQTIME 20 /* Time to wait for peer request */
#define EAP_DEFALLOWREQ 20 /* max # times to accept requests */
#endif /* moved to opt.h */
void eap_authwithpeer(ppp_pcb *pcb, char *localname);
void eap_authpeer(ppp_pcb *pcb, char *localname);
extern const struct protent eap_protent;
#ifdef __cplusplus
}
#endif
#endif /* PPP_EAP_H */
#endif /* PPP_SUPPORT && EAP_SUPPORT */

50
src/include/netif/ppp/ecp.h Normal file
View File

@ -0,0 +1,50 @@
/*
* ecp.h - Definitions for PPP Encryption Control Protocol.
*
* Copyright (c) 2002 Google, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The name(s) of the authors of this software must not be used to
* endorse or promote products derived from this software without
* prior written permission.
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
* SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* $Id: ecp.h,v 1.2 2003/01/10 07:12:36 fcusack Exp $
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && ECP_SUPPORT /* don't build if not configured for use in lwipopts.h */
typedef struct ecp_options {
bool required; /* Is ECP required? */
unsigned enctype; /* Encryption type */
} ecp_options;
extern fsm ecp_fsm[];
extern ecp_options ecp_wantoptions[];
extern ecp_options ecp_gotoptions[];
extern ecp_options ecp_allowoptions[];
extern ecp_options ecp_hisoptions[];
extern const struct protent ecp_protent;
#endif /* PPP_SUPPORT && ECP_SUPPORT */

94
src/include/netif/ppp/eui64.h Normal file
View File

@ -0,0 +1,94 @@
/*
* eui64.h - EUI64 routines for IPv6CP.
*
* Copyright (c) 1999 Tommi Komulainen. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The name(s) of the authors of this software must not be used to
* endorse or promote products derived from this software without
* prior written permission.
*
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Tommi Komulainen
* <Tommi.Komulainen@iki.fi>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
* SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* $Id: eui64.h,v 1.6 2002/12/04 23:03:32 paulus Exp $
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && PPP_IPV6_SUPPORT /* don't build if not configured for use in lwipopts.h */
#ifndef __EUI64_H__
#define __EUI64_H__
/*
* TODO:
*
* Maybe this should be done by processing struct in6_addr directly...
*/
typedef union
{
u8_t e8[8];
u16_t e16[4];
u32_t e32[2];
} eui64_t;
#define eui64_iszero(e) (((e).e32[0] | (e).e32[1]) == 0)
#define eui64_equals(e, o) (((e).e32[0] == (o).e32[0]) && \
((e).e32[1] == (o).e32[1]))
#define eui64_zero(e) (e).e32[0] = (e).e32[1] = 0;
#define eui64_copy(s, d) memcpy(&(d), &(s), sizeof(eui64_t))
#define eui64_magic(e) do { \
(e).e32[0] = magic(); \
(e).e32[1] = magic(); \
(e).e8[0] &= ~2; \
} while (0)
#define eui64_magic_nz(x) do { \
eui64_magic(x); \
} while (eui64_iszero(x))
#define eui64_magic_ne(x, y) do { \
eui64_magic(x); \
} while (eui64_equals(x, y))
#define eui64_get(ll, cp) do { \
eui64_copy((*cp), (ll)); \
(cp) += sizeof(eui64_t); \
} while (0)
#define eui64_put(ll, cp) do { \
eui64_copy((ll), (*cp)); \
(cp) += sizeof(eui64_t); \
} while (0)
#define eui64_set32(e, l) do { \
(e).e32[0] = 0; \
(e).e32[1] = htonl(l); \
} while (0)
#define eui64_setlo32(e, l) eui64_set32(e, l)
char *eui64_ntoa(eui64_t); /* Returns ascii representation of id */
#endif /* __EUI64_H__ */
#endif /* PPP_SUPPORT && PPP_IPV6_SUPPORT */

175
src/include/netif/ppp/fsm.h Normal file
View File

@ -0,0 +1,175 @@
/*
* fsm.h - {Link, IP} Control Protocol Finite State Machine definitions.
*
* Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The name "Carnegie Mellon University" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For permission or any legal
* details, please contact
* Office of Technology Transfer
* Carnegie Mellon University
* 5000 Forbes Avenue
* Pittsburgh, PA 15213-3890
* (412) 268-4387, fax: (412) 268-7395
* tech-transfer@andrew.cmu.edu
*
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Computing Services
* at Carnegie Mellon University (http://www.cmu.edu/computing/)."
*
* CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
* FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* $Id: fsm.h,v 1.10 2004/11/13 02:28:15 paulus Exp $
*/
#include "lwip/opt.h"
#if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#ifndef FSM_H
#define FSM_H
#include "ppp.h"
/*
* Packet header = Code, id, length.
*/
#define HEADERLEN 4
/*
* CP (LCP, IPCP, etc.) codes.
*/
#define CONFREQ 1 /* Configuration Request */
#define CONFACK 2 /* Configuration Ack */
#define CONFNAK 3 /* Configuration Nak */
#define CONFREJ 4 /* Configuration Reject */
#define TERMREQ 5 /* Termination Request */
#define TERMACK 6 /* Termination Ack */
#define CODEREJ 7 /* Code Reject */
/*
* Each FSM is described by an fsm structure and fsm callbacks.
*/
typedef struct fsm {
ppp_pcb *pcb; /* PPP Interface */
const struct fsm_callbacks *callbacks; /* Callback routines */
char *term_reason; /* Reason for closing protocol */
u8_t seen_ack; /* Have received valid Ack/Nak/Rej to Req */
/* -- This is our only flag, we might use u_int :1 if we have more flags */
u16_t protocol; /* Data Link Layer Protocol field value */
u8_t state; /* State */
u8_t flags; /* Contains option bits */
u8_t id; /* Current id */
u8_t reqid; /* Current request id */
u8_t retransmits; /* Number of retransmissions left */
u8_t nakloops; /* Number of nak loops since last ack */
u8_t rnakloops; /* Number of naks received */
u8_t maxnakloops; /* Maximum number of nak loops tolerated
(necessary because IPCP require a custom large max nak loops value) */
u8_t term_reason_len; /* Length of term_reason */
} fsm;
typedef struct fsm_callbacks {
void (*resetci) /* Reset our Configuration Information */
(fsm *);
int (*cilen) /* Length of our Configuration Information */
(fsm *);
void (*addci) /* Add our Configuration Information */
(fsm *, u_char *, int *);
int (*ackci) /* ACK our Configuration Information */
(fsm *, u_char *, int);
int (*nakci) /* NAK our Configuration Information */
(fsm *, u_char *, int, int);
int (*rejci) /* Reject our Configuration Information */
(fsm *, u_char *, int);
int (*reqci) /* Request peer's Configuration Information */
(fsm *, u_char *, int *, int);
void (*up) /* Called when fsm reaches PPP_FSM_OPENED state */
(fsm *);
void (*down) /* Called when fsm leaves PPP_FSM_OPENED state */
(fsm *);
void (*starting) /* Called when we want the lower layer */
(fsm *);
void (*finished) /* Called when we don't want the lower layer */
(fsm *);
void (*protreject) /* Called when Protocol-Reject received */
(int);
void (*retransmit) /* Retransmission is necessary */
(fsm *);
int (*extcode) /* Called when unknown code received */
(fsm *, int, int, u_char *, int);
char *proto_name; /* String name for protocol (for messages) */
} fsm_callbacks;
/*
* Link states.
*/
#define PPP_FSM_INITIAL 0 /* Down, hasn't been opened */
#define PPP_FSM_STARTING 1 /* Down, been opened */
#define PPP_FSM_CLOSED 2 /* Up, hasn't been opened */
#define PPP_FSM_STOPPED 3 /* Open, waiting for down event */
#define PPP_FSM_CLOSING 4 /* Terminating the connection, not open */
#define PPP_FSM_STOPPING 5 /* Terminating, but open */
#define PPP_FSM_REQSENT 6 /* We've sent a Config Request */
#define PPP_FSM_ACKRCVD 7 /* We've received a Config Ack */
#define PPP_FSM_ACKSENT 8 /* We've sent a Config Ack */
#define PPP_FSM_OPENED 9 /* Connection available */
/*
* Flags - indicate options controlling FSM operation
*/
#define OPT_PASSIVE 1 /* Don't die if we don't get a response */
#define OPT_RESTART 2 /* Treat 2nd OPEN as DOWN, UP */
#define OPT_SILENT 4 /* Wait for peer to speak first */
/*
* Timeouts.
*/
#if 0 /* moved to opt.h */
#define DEFTIMEOUT 3 /* Timeout time in seconds */
#define DEFMAXTERMREQS 2 /* Maximum Terminate-Request transmissions */
#define DEFMAXCONFREQS 10 /* Maximum Configure-Request transmissions */
#define DEFMAXNAKLOOPS 5 /* Maximum number of nak loops */
#endif /* moved to opt.h */
/*
* Prototypes
*/
void fsm_init(fsm *f);
void fsm_lowerup(fsm *f);
void fsm_lowerdown(fsm *f);
void fsm_open(fsm *f);
void fsm_close(fsm *f, char *reason);
void fsm_input(fsm *f, u_char *inpacket, int l);
void fsm_protreject(fsm *f);
void fsm_sdata(fsm *f, u_char code, u_char id, u_char *data, int datalen);
#endif /* FSM_H */
#endif /* PPP_SUPPORT */

107
src/include/netif/ppp/ipcp.h Normal file
View File

@ -0,0 +1,107 @@
/*
* ipcp.h - IP Control Protocol definitions.
*
* Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The name "Carnegie Mellon University" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For permission or any legal
* details, please contact
* Office of Technology Transfer
* Carnegie Mellon University
* 5000 Forbes Avenue
* Pittsburgh, PA 15213-3890
* (412) 268-4387, fax: (412) 268-7395
* tech-transfer@andrew.cmu.edu
*
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Computing Services
* at Carnegie Mellon University (http://www.cmu.edu/computing/)."
*
* CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
* FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* $Id: ipcp.h,v 1.14 2002/12/04 23:03:32 paulus Exp $
*/
#include "lwip/opt.h"
#if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#ifndef IPCP_H
#define IPCP_H
/*
* Options.
*/
#define CI_ADDRS 1 /* IP Addresses */
#define CI_COMPRESSTYPE 2 /* Compression Type */
#define CI_ADDR 3
#define CI_MS_DNS1 129 /* Primary DNS value */
#define CI_MS_WINS1 130 /* Primary WINS value */
#define CI_MS_DNS2 131 /* Secondary DNS value */
#define CI_MS_WINS2 132 /* Secondary WINS value */
#define MAX_STATES 16 /* from slcompress.h */
#define IPCP_VJMODE_OLD 1 /* "old" mode (option # = 0x0037) */
#define IPCP_VJMODE_RFC1172 2 /* "old-rfc"mode (option # = 0x002d) */
#define IPCP_VJMODE_RFC1332 3 /* "new-rfc"mode (option # = 0x002d, */
/* maxslot and slot number compression) */
#define IPCP_VJ_COMP 0x002d /* current value for VJ compression option*/
#define IPCP_VJ_COMP_OLD 0x0037 /* "old" (i.e, broken) value for VJ */
/* compression option*/
typedef struct ipcp_options {
unsigned int neg_addr :1; /* Negotiate IP Address? */
unsigned int old_addrs :1; /* Use old (IP-Addresses) option? */
unsigned int req_addr :1; /* Ask peer to send IP address? */
#if 0 /* UNUSED */
unsigned int default_route :1; /* Assign default route through interface? */
unsigned int replace_default_route :1; /* Replace default route through interface? */
#endif /* UNUSED */
unsigned int proxy_arp :1; /* Make proxy ARP entry for peer? */
unsigned int neg_vj :1; /* Van Jacobson Compression? */
unsigned int old_vj :1; /* use old (short) form of VJ option? */
unsigned int accept_local :1; /* accept peer's value for ouraddr */
unsigned int accept_remote :1; /* accept peer's value for hisaddr */
unsigned int req_dns1 :1; /* Ask peer to send primary DNS address? */
unsigned int req_dns2 :1; /* Ask peer to send secondary DNS address? */
unsigned int cflag :1;
unsigned int :5; /* 3 bits of padding to round out to 16 bits */
u32_t ouraddr, hisaddr; /* Addresses in NETWORK BYTE ORDER */
u32_t dnsaddr[2]; /* Primary and secondary MS DNS entries */
u32_t winsaddr[2]; /* Primary and secondary MS WINS entries */
u16_t vj_protocol; /* protocol value to use in VJ option */
u8_t maxslotindex; /* values for RFC1332 VJ compression neg. */
} ipcp_options;
#if 0 /* UNUSED, already defined by lwIP */
char *ip_ntoa (u32_t);
#endif /* UNUSED, already defined by lwIP */
extern const struct protent ipcp_protent;
#endif /* IPCP_H */
#endif /* PPP_SUPPORT */

179
src/include/netif/ppp/ipv6cp.h Normal file
View File

@ -0,0 +1,179 @@
/*
* ipv6cp.h - PPP IPV6 Control Protocol.
*
* Copyright (c) 1999 Tommi Komulainen. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The name(s) of the authors of this software must not be used to
* endorse or promote products derived from this software without
* prior written permission.
*
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Tommi Komulainen
* <Tommi.Komulainen@iki.fi>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
* SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
*/
/* Original version, based on RFC2023 :
Copyright (c) 1995, 1996, 1997 Francis.Dupont@inria.fr, INRIA Rocquencourt,
Alain.Durand@imag.fr, IMAG,
Jean-Luc.Richier@imag.fr, IMAG-LSR.
Copyright (c) 1998, 1999 Francis.Dupont@inria.fr, GIE DYADE,
Alain.Durand@imag.fr, IMAG,
Jean-Luc.Richier@imag.fr, IMAG-LSR.
Ce travail a é fait au sein du GIE DYADE (Groupement d'Intérêt
Économique ayant pour membres BULL S.A. et l'INRIA).
Ce logiciel informatique est disponible aux conditions
usuelles dans la recherche, c'est-à-dire qu'il peut
être utilisé, copié, modifié, distribué à l'unique
condition que ce texte soit conservé afin que
l'origine de ce logiciel soit reconnue.
Le nom de l'Institut National de Recherche en Informatique
et en Automatique (INRIA), de l'IMAG, ou d'une personne morale
ou physique ayant participé à l'élaboration de ce logiciel ne peut
être utilisé sans son accord préalable explicite.
Ce logiciel est fourni tel quel sans aucune garantie,
support ou responsabilité d'aucune sorte.
Ce logiciel est dérivé de sources d'origine
"University of California at Berkeley" et
"Digital Equipment Corporation" couvertes par des copyrights.
L'Institut d'Informatique et de Mathématiques Appliquées de Grenoble (IMAG)
est une fédération d'unités mixtes de recherche du CNRS, de l'Institut National
Polytechnique de Grenoble et de l'Université Joseph Fourier regroupant
sept laboratoires dont le laboratoire Logiciels, Systèmes, Réseaux (LSR).
This work has been done in the context of GIE DYADE (joint R & D venture
between BULL S.A. and INRIA).
This software is available with usual "research" terms
with the aim of retain credits of the software.
Permission to use, copy, modify and distribute this software for any
purpose and without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies,
and the name of INRIA, IMAG, or any contributor not be used in advertising
or publicity pertaining to this material without the prior explicit
permission. The software is provided "as is" without any
warranties, support or liabilities of any kind.
This software is derived from source code from
"University of California at Berkeley" and
"Digital Equipment Corporation" protected by copyrights.
Grenoble's Institute of Computer Science and Applied Mathematics (IMAG)
is a federation of seven research units funded by the CNRS, National
Polytechnic Institute of Grenoble and University Joseph Fourier.
The research unit in Software, Systems, Networks (LSR) is member of IMAG.
*/
/*
* Derived from :
*
*
* ipcp.h - IP Control Protocol definitions.
*
* Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The name "Carnegie Mellon University" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For permission or any legal
* details, please contact
* Office of Technology Transfer
* Carnegie Mellon University
* 5000 Forbes Avenue
* Pittsburgh, PA 15213-3890
* (412) 268-4387, fax: (412) 268-7395
* tech-transfer@andrew.cmu.edu
*
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Computing Services
* at Carnegie Mellon University (http://www.cmu.edu/computing/)."
*
* CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
* FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* $Id: ipv6cp.h,v 1.7 2002/12/04 23:03:32 paulus Exp $
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && PPP_IPV6_SUPPORT /* don't build if not configured for use in lwipopts.h */
#ifndef IPV6CP_H
#define IPV6CP_H
#include "eui64.h"
/*
* Options.
*/
#define CI_IFACEID 1 /* Interface Identifier */
#define CI_COMPRESSTYPE 2 /* Compression Type */
/* No compression types yet defined.
*#define IPV6CP_COMP 0x004f
*/
typedef struct ipv6cp_options {
unsigned int neg_ifaceid :1; /* Negotiate interface identifier? */
unsigned int req_ifaceid :1; /* Ask peer to send interface identifier? */
unsigned int accept_local :1; /* accept peer's value for iface id? */
unsigned int opt_local :1; /* ourtoken set by option */
unsigned int opt_remote :1; /* histoken set by option */
unsigned int use_ip :1; /* use IP as interface identifier */
#if 0
#if defined(SOL2) || defined(__linux__)
unsigned int use_persistent :1; /* use uniquely persistent value for address */
#endif /* defined(SOL2) */
#endif
unsigned int neg_vj :1; /* Van Jacobson Compression? */
unsigned int :1; /* 1 bit of padding to round out to 8 bits */
u_short vj_protocol; /* protocol value to use in VJ option */
eui64_t ourid, hisid; /* Interface identifiers */
} ipv6cp_options;
extern const struct protent ipv6cp_protent;
#endif /* IPV6CP_H */
#endif /* PPP_SUPPORT && PPP_IPV6_SUPPORT */

176
src/include/netif/ppp/lcp.h Normal file
View File

@ -0,0 +1,176 @@
/*
* lcp.h - Link Control Protocol definitions.
*
* Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The name "Carnegie Mellon University" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For permission or any legal
* details, please contact
* Office of Technology Transfer
* Carnegie Mellon University
* 5000 Forbes Avenue
* Pittsburgh, PA 15213-3890
* (412) 268-4387, fax: (412) 268-7395
* tech-transfer@andrew.cmu.edu
*
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Computing Services
* at Carnegie Mellon University (http://www.cmu.edu/computing/)."
*
* CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
* FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* $Id: lcp.h,v 1.20 2004/11/14 22:53:42 carlsonj Exp $
*/
#include "lwip/opt.h"
#if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#ifndef LCP_H
#define LCP_H
#include "ppp.h"
/*
* Options.
*/
#define CI_VENDOR 0 /* Vendor Specific */
#define CI_MRU 1 /* Maximum Receive Unit */
#define CI_ASYNCMAP 2 /* Async Control Character Map */
#define CI_AUTHTYPE 3 /* Authentication Type */
#define CI_QUALITY 4 /* Quality Protocol */
#define CI_MAGICNUMBER 5 /* Magic Number */
#define CI_PCOMPRESSION 7 /* Protocol Field Compression */
#define CI_ACCOMPRESSION 8 /* Address/Control Field Compression */
#define CI_FCSALTERN 9 /* FCS-Alternatives */
#define CI_SDP 10 /* Self-Describing-Pad */
#define CI_NUMBERED 11 /* Numbered-Mode */
#define CI_CALLBACK 13 /* callback */
#define CI_MRRU 17 /* max reconstructed receive unit; multilink */
#define CI_SSNHF 18 /* short sequence numbers for multilink */
#define CI_EPDISC 19 /* endpoint discriminator */
#define CI_MPPLUS 22 /* Multi-Link-Plus-Procedure */
#define CI_LDISC 23 /* Link-Discriminator */
#define CI_LCPAUTH 24 /* LCP Authentication */
#define CI_COBS 25 /* Consistent Overhead Byte Stuffing */
#define CI_PREFELIS 26 /* Prefix Elision */
#define CI_MPHDRFMT 27 /* MP Header Format */
#define CI_I18N 28 /* Internationalization */
#define CI_SDL 29 /* Simple Data Link */
/*
* LCP-specific packet types (code numbers).
*/
#define PROTREJ 8 /* Protocol Reject */
#define ECHOREQ 9 /* Echo Request */
#define ECHOREP 10 /* Echo Reply */
#define DISCREQ 11 /* Discard Request */
#define IDENTIF 12 /* Identification */
#define TIMEREM 13 /* Time Remaining */
/* Value used as data for CI_CALLBACK option */
#define CBCP_OPT 6 /* Use callback control protocol */
#define DEFMRU 1500 /* Try for this */
#define MINMRU 128 /* No MRUs below this */
#define MAXMRU 16384 /* Normally limit MRU to this */
/* An endpoint discriminator, used with multilink. */
#define MAX_ENDP_LEN 20 /* maximum length of discriminator value */
struct epdisc {
unsigned char class_; /* -- The word "class" is reserved in C++. */
unsigned char length;
unsigned char value[MAX_ENDP_LEN];
};
/*
* The state of options is described by an lcp_options structure.
*/
typedef struct lcp_options {
unsigned int passive :1; /* Don't die if we don't get a response */
unsigned int silent :1; /* Wait for the other end to start first */
unsigned int restart :1; /* Restart vs. exit after close */
unsigned int neg_mru :1; /* Negotiate the MRU? */
unsigned int neg_asyncmap :1; /* Negotiate the async map? */
#if PAP_SUPPORT
unsigned int neg_upap :1; /* Ask for UPAP authentication? */
#else
unsigned int :1; /* 1 bit of padding */
#endif /* PAP_SUPPORT */
#if CHAP_SUPPORT
unsigned int neg_chap :1; /* Ask for CHAP authentication? */
#else
unsigned int :1; /* 1 bit of padding */
#endif /* CHAP_SUPPORT */
#if EAP_SUPPORT
unsigned int neg_eap :1; /* Ask for EAP authentication? */
#else
unsigned int :1; /* 1 bit of padding */
#endif /* EAP_SUPPORT */
unsigned int neg_magicnumber :1; /* Ask for magic number? */
unsigned int neg_pcompression :1; /* HDLC Protocol Field Compression? */
unsigned int neg_accompression :1; /* HDLC Address/Control Field Compression? */
#if LQR_SUPPORT
unsigned int neg_lqr :1; /* Negotiate use of Link Quality Reports */
#else
unsigned int :1; /* 1 bit of padding */
#endif /* LQR_SUPPORT */
unsigned int neg_cbcp :1; /* Negotiate use of CBCP */
#ifdef HAVE_MULTILINK
unsigned int neg_mrru :1; /* negotiate multilink MRRU */
#else
unsigned int :1; /* 1 bit of padding */
#endif /* HAVE_MULTILINK */
unsigned int neg_ssnhf :1; /* negotiate short sequence numbers */
unsigned int neg_endpoint :1; /* negotiate endpoint discriminator */
u16_t mru; /* Value of MRU */
#ifdef HAVE_MULTILINK
u16_t mrru; /* Value of MRRU, and multilink enable */
#endif /* MULTILINK */
#if CHAP_SUPPORT
u8_t chap_mdtype; /* which MD types (hashing algorithm) */
#endif /* CHAP_SUPPORT */
u32_t asyncmap; /* Value of async map */
u32_t magicnumber;
u8_t numloops; /* Number of loops during magic number neg. */
#if LQR_SUPPORT
u32_t lqr_period; /* Reporting period for LQR 1/100ths second */
#endif /* LQR_SUPPORT */
struct epdisc endpoint; /* endpoint discriminator */
} lcp_options;
void lcp_open(ppp_pcb *pcb);
void lcp_close(ppp_pcb *pcb, char *reason);
void lcp_lowerup(ppp_pcb *pcb);
void lcp_lowerdown(ppp_pcb *pcb);
void lcp_sprotrej(ppp_pcb *pcb, u_char *p, int len); /* send protocol reject */
extern const struct protent lcp_protent;
#if 0 /* moved to opt.h */
/* Default number of times we receive our magic number from the peer
before deciding the link is looped-back. */
#define DEFLOOPBACKFAIL 10
#endif /* moved to opt.h */
#endif /* LCP_H */
#endif /* PPP_SUPPORT */

119
src/include/netif/ppp/magic.h Normal file
View File

@ -0,0 +1,119 @@
/*
* magic.h - PPP Magic Number definitions.
*
* Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The name "Carnegie Mellon University" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For permission or any legal
* details, please contact
* Office of Technology Transfer
* Carnegie Mellon University
* 5000 Forbes Avenue
* Pittsburgh, PA 15213-3890
* (412) 268-4387, fax: (412) 268-7395
* tech-transfer@andrew.cmu.edu
*
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Computing Services
* at Carnegie Mellon University (http://www.cmu.edu/computing/)."
*
* CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
* FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* $Id: magic.h,v 1.5 2003/06/11 23:56:26 paulus Exp $
*/
/*****************************************************************************
* randm.h - Random number generator header file.
*
* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
* Copyright (c) 1998 Global Election Systems Inc.
*
* The authors hereby grant permission to use, copy, modify, distribute,
* and license this software and its documentation for any purpose, provided
* that existing copyright notices are retained in all copies and that this
* notice and the following disclaimer are included verbatim in any
* distributions. No written agreement, license, or royalty fee is required
* for any of the authorized uses.
*
* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
******************************************************************************
* REVISION HISTORY
*
* 03-01-01 Marc Boucher <marc@mbsi.ca>
* Ported to lwIP.
* 98-05-29 Guy Lancaster <glanca@gesn.com>, Global Election Systems Inc.
* Extracted from avos.
*****************************************************************************/
#include "lwip/opt.h"
#if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#ifndef MAGIC_H
#define MAGIC_H
/***********************
*** PUBLIC FUNCTIONS ***
***********************/
/*
* Initialize the random number generator.
*/
void magic_init(void);
/*
* Randomize our random seed value. To be called for truely random events
* such as user operations and network traffic.
*/
void magic_randomize(void);
/*
* Return a new random number.
*/
u32_t magic(void); /* Returns the next magic number */
#if PPP_MD5_RANDM
/*
* Fill buffer with random bytes
*
* Use the random pool to generate random data. This degrades to pseudo
* random when used faster than randomness is supplied using magic_churnrand().
* Thus it's important to make sure that the results of this are not
* published directly because one could predict the next result to at
* least some degree. Also, it's important to get a good seed before
* the first use.
*/
void random_bytes(unsigned char *buf, u32_t len);
#endif /* PPP_MD5_RANDM */
#endif /* MAGIC_H */
#endif /* PPP_SUPPORT */

92
src/include/netif/ppp/polarssl/des.h Normal file
View File

@ -0,0 +1,92 @@
/**
* \file des.h
*
* Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
*
* Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* * Neither the names of PolarSSL or XySSL nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "lwip/opt.h"
#if LWIP_INCLUDED_POLARSSL_DES
#ifndef LWIP_INCLUDED_POLARSSL_DES_H
#define LWIP_INCLUDED_POLARSSL_DES_H
#define DES_ENCRYPT 1
#define DES_DECRYPT 0
/**
* \brief DES context structure
*/
typedef struct
{
int mode; /*!< encrypt/decrypt */
unsigned long sk[32]; /*!< DES subkeys */
}
des_context;
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief DES key schedule (56-bit, encryption)
*
* \param ctx DES context to be initialized
* \param key 8-byte secret key
*/
void des_setkey_enc( des_context *ctx, unsigned char key[8] );
/**
* \brief DES key schedule (56-bit, decryption)
*
* \param ctx DES context to be initialized
* \param key 8-byte secret key
*/
void des_setkey_dec( des_context *ctx, unsigned char key[8] );
/**
* \brief DES-ECB block encryption/decryption
*
* \param ctx DES context
* \param input 64-bit input block
* \param output 64-bit output block
*/
void des_crypt_ecb( des_context *ctx,
unsigned char input[8],
unsigned char output[8] );
#ifdef __cplusplus
}
#endif
#endif /* LWIP_INCLUDED_POLARSSL_DES_H */
#endif /* LWIP_INCLUDED_POLARSSL_DES */

97
src/include/netif/ppp/polarssl/md4.h Normal file
View File

@ -0,0 +1,97 @@
/**
* \file md4.h
*
* Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
*
* Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* * Neither the names of PolarSSL or XySSL nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "lwip/opt.h"
#if LWIP_INCLUDED_POLARSSL_MD4
#ifndef LWIP_INCLUDED_POLARSSL_MD4_H
#define LWIP_INCLUDED_POLARSSL_MD4_H
/**
* \brief MD4 context structure
*/
typedef struct
{
unsigned long total[2]; /*!< number of bytes processed */
unsigned long state[4]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */
}
md4_context;
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief MD4 context setup
*
* \param ctx context to be initialized
*/
void md4_starts( md4_context *ctx );
/**
* \brief MD4 process buffer
*
* \param ctx MD4 context
* \param input buffer holding the data
* \param ilen length of the input data
*/
void md4_update( md4_context *ctx, unsigned char *input, int ilen );
/**
* \brief MD4 final digest
*
* \param ctx MD4 context
* \param output MD4 checksum result
*/
void md4_finish( md4_context *ctx, unsigned char output[16] );
/**
* \brief Output = MD4( input buffer )
*
* \param input buffer holding the data
* \param ilen length of the input data
* \param output MD4 checksum result
*/
void md4( unsigned char *input, int ilen, unsigned char output[16] );
#ifdef __cplusplus
}
#endif
#endif /* LWIP_INCLUDED_POLARSSL_MD4_H */
#endif /* LWIP_INCLUDED_POLARSSL_MD4 */

96
src/include/netif/ppp/polarssl/md5.h Normal file
View File

@ -0,0 +1,96 @@
/**
* \file md5.h
*
* Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
*
* Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* * Neither the names of PolarSSL or XySSL nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "lwip/opt.h"
#if LWIP_INCLUDED_POLARSSL_MD5
#ifndef LWIP_INCLUDED_POLARSSL_MD5_H
#define LWIP_INCLUDED_POLARSSL_MD5_H
/**
* \brief MD5 context structure
*/
typedef struct
{
unsigned long total[2]; /*!< number of bytes processed */
unsigned long state[4]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */
}
md5_context;
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief MD5 context setup
*
* \param ctx context to be initialized
*/
void md5_starts( md5_context *ctx );
/**
* \brief MD5 process buffer
*
* \param ctx MD5 context
* \param input buffer holding the data
* \param ilen length of the input data
*/
void md5_update( md5_context *ctx, unsigned char *input, int ilen );
/**
* \brief MD5 final digest
*
* \param ctx MD5 context
* \param output MD5 checksum result
*/
void md5_finish( md5_context *ctx, unsigned char output[16] );
/**
* \brief Output = MD5( input buffer )
*
* \param input buffer holding the data
* \param ilen length of the input data
* \param output MD5 checksum result
*/
void md5( unsigned char *input, int ilen, unsigned char output[16] );
#ifdef __cplusplus
}
#endif
#endif /* LWIP_INCLUDED_POLARSSL_MD5_H */
#endif /* LWIP_INCLUDED_POLARSSL_MD5 */

96
src/include/netif/ppp/polarssl/sha1.h Normal file
View File

@ -0,0 +1,96 @@
/**
* \file sha1.h
*
* Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
*
* Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* * Neither the names of PolarSSL or XySSL nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "lwip/opt.h"
#if LWIP_INCLUDED_POLARSSL_SHA1
#ifndef LWIP_INCLUDED_POLARSSL_SHA1_H
#define LWIP_INCLUDED_POLARSSL_SHA1_H
/**
* \brief SHA-1 context structure
*/
typedef struct
{
unsigned long total[2]; /*!< number of bytes processed */
unsigned long state[5]; /*!< intermediate digest state */
unsigned char buffer[64]; /*!< data block being processed */
}
sha1_context;
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief SHA-1 context setup
*
* \param ctx context to be initialized
*/
void sha1_starts( sha1_context *ctx );
/**
* \brief SHA-1 process buffer
*
* \param ctx SHA-1 context
* \param input buffer holding the data
* \param ilen length of the input data
*/
void sha1_update( sha1_context *ctx, unsigned char *input, int ilen );
/**
* \brief SHA-1 final digest
*
* \param ctx SHA-1 context
* \param output SHA-1 checksum result
*/
void sha1_finish( sha1_context *ctx, unsigned char output[20] );
/**
* \brief Output = SHA-1( input buffer )
*
* \param input buffer holding the data
* \param ilen length of the input data
* \param output SHA-1 checksum result
*/
void sha1( unsigned char *input, int ilen, unsigned char output[20] );
#ifdef __cplusplus
}
#endif
#endif /* LWIP_INCLUDED_POLARSSL_SHA1_H */
#endif /* LWIP_INCLUDED_POLARSSL_SHA1 */

608
src/include/netif/ppp/ppp.h Normal file
View File

@ -0,0 +1,608 @@
/*****************************************************************************
* ppp.h - Network Point to Point Protocol header file.
*
* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
* portions Copyright (c) 1997 Global Election Systems Inc.
*
* The authors hereby grant permission to use, copy, modify, distribute,
* and license this software and its documentation for any purpose, provided
* that existing copyright notices are retained in all copies and that this
* notice and the following disclaimer are included verbatim in any
* distributions. No written agreement, license, or royalty fee is required
* for any of the authorized uses.
*
* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
******************************************************************************
* REVISION HISTORY
*
* 03-01-01 Marc Boucher <marc@mbsi.ca>
* Ported to lwIP.
* 97-11-05 Guy Lancaster <glanca@gesn.com>, Global Election Systems Inc.
* Original derived from BSD codes.
*****************************************************************************/
#include "lwip/opt.h"
#if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#ifndef PPP_H
#define PPP_H
#include "lwip/def.h"
#include "lwip/sio.h"
#include "lwip/stats.h"
#include "lwip/mem.h"
#include "lwip/netif.h"
#include "lwip/sys.h"
#include "lwip/timers.h"
#if PPP_IPV6_SUPPORT
#include "lwip/ip6_addr.h"
#endif /* PPP_IPV6_SUPPORT */
/*************************
*** PUBLIC DEFINITIONS ***
*************************/
/*
* The basic PPP frame.
*/
#define PPP_HDRLEN 4 /* octets for standard ppp header */
#define PPP_FCSLEN 2 /* octets for FCS */
/*
* Values for phase.
*/
#define PPP_PHASE_DEAD 0
#define PPP_PHASE_INITIALIZE 1
#define PPP_PHASE_SERIALCONN 2
#define PPP_PHASE_DORMANT 3
#define PPP_PHASE_ESTABLISH 4
#define PPP_PHASE_AUTHENTICATE 5
#define PPP_PHASE_CALLBACK 6
#define PPP_PHASE_NETWORK 7
#define PPP_PHASE_RUNNING 8
#define PPP_PHASE_TERMINATE 9
#define PPP_PHASE_DISCONNECT 10
#define PPP_PHASE_HOLDOFF 11
#define PPP_PHASE_MASTER 12
/* Error codes. */
#define PPPERR_NONE 0 /* No error. */
#define PPPERR_PARAM 1 /* Invalid parameter. */
#define PPPERR_OPEN 2 /* Unable to open PPP session. */
#define PPPERR_DEVICE 3 /* Invalid I/O device for PPP. */
#define PPPERR_ALLOC 4 /* Unable to allocate resources. */
#define PPPERR_USER 5 /* User interrupt. */
#define PPPERR_CONNECT 6 /* Connection lost. */
#define PPPERR_AUTHFAIL 7 /* Failed authentication challenge. */
#define PPPERR_PROTOCOL 8 /* Failed to meet protocol. */
#define PPPERR_PEERDEAD 9 /* Connection timeout */
#define PPPERR_IDLETIMEOUT 10 /* Idle Timeout */
#define PPPERR_CONNECTTIME 11 /* Max connect time reached */
#define PPPERR_LOOPBACK 12 /* Loopback detected */
/*
* PPP IOCTL commands.
*/
/*
* Get the up status - 0 for down, non-zero for up. The argument must
* point to an int.
*/
#define PPPCTLG_UPSTATUS 100 /* Get the up status - 0 down else up */
#define PPPCTLS_ERRCODE 101 /* Set the error code */
#define PPPCTLG_ERRCODE 102 /* Get the error code */
#define PPPCTLG_FD 103 /* Get the fd associated with the ppp */
/************************
*** PUBLIC DATA TYPES ***
************************/
/*
* Other headers require ppp_pcb definition for prototypes, but ppp_pcb
* require some structure definition from other headers as well, we are
* fixing the dependency loop here by declaring the ppp_pcb type then
* by including headers containing necessary struct definition for ppp_pcb
*/
typedef struct ppp_pcb_s ppp_pcb;
/* Type definitions for BSD code. */
#ifndef __u_char_defined
typedef unsigned long u_long;
typedef unsigned int u_int;
typedef unsigned short u_short;
typedef unsigned char u_char;
#endif
#include "fsm.h"
#include "lcp.h"
#include "ipcp.h"
#if PPP_IPV6_SUPPORT
#include "ipv6cp.h"
#endif /* PPP_IPV6_SUPPORT */
#if PAP_SUPPORT
#include "upap.h"
#endif /* PAP_SUPPORT */
#if CHAP_SUPPORT
#include "chap-new.h"
#endif /* CHAP_SUPPORT */
#if EAP_SUPPORT
#include "eap.h"
#endif /* EAP_SUPPORT */
#if VJ_SUPPORT
#include "vj.h"
#endif /* VJ_SUPPORT */
#if PPPOE_SUPPORT
#include "netif/ppp/pppoe.h"
#endif /* PPPOE_SUPPORT */
#if PPPOL2TP_SUPPORT
#include "netif/ppp/pppol2tp.h"
#endif /* PPPOL2TP_SUPPORT */
/*
* PPP configuration.
*/
typedef struct ppp_settings_s {
#if PPP_SERVER
unsigned int auth_required : 1; /* Peer is required to authenticate */
unsigned int null_login : 1; /* Username of "" and a password of "" are acceptable */
#else
unsigned int :2; /* 2 bits of padding */
#endif /* PPP_SERVER */
#if PPP_REMOTENAME
unsigned int explicit_remote : 1; /* remote_name specified with remotename opt */
#else
unsigned int :1; /* 1 bit of padding */
#endif /* PPP_REMOTENAME */
#if PAP_SUPPORT
unsigned int refuse_pap : 1; /* Don't wanna auth. ourselves with PAP */
#else
unsigned int :1; /* 1 bit of padding */
#endif /* PAP_SUPPORT */
#if CHAP_SUPPORT
unsigned int refuse_chap : 1; /* Don't wanna auth. ourselves with CHAP */
#else
unsigned int :1; /* 1 bit of padding */
#endif /* CHAP_SUPPORT */
#if MSCHAP_SUPPORT
unsigned int refuse_mschap : 1; /* Don't wanna auth. ourselves with MS-CHAP */
unsigned int refuse_mschap_v2 : 1; /* Don't wanna auth. ourselves with MS-CHAPv2 */
#else
unsigned int :2; /* 2 bits of padding */
#endif /* MSCHAP_SUPPORT */
#if EAP_SUPPORT
unsigned int refuse_eap : 1; /* Don't wanna auth. ourselves with EAP */
#else
unsigned int :1; /* 1 bit of padding */
#endif /* EAP_SUPPORT */
unsigned int usepeerdns : 1; /* Ask peer for DNS adds */
unsigned int persist : 1; /* Persist mode, always try to reopen the connection */
#if PRINTPKT_SUPPORT
unsigned int hide_password : 1; /* Hide password in dumped packets */
#else
unsigned int :1; /* 1 bit of padding */
#endif /* PRINTPKT_SUPPORT */
unsigned int noremoteip : 1; /* Let him have no IP address */
unsigned int lax_recv : 1; /* accept control chars in asyncmap */
unsigned int noendpoint : 1; /* don't send/accept endpoint discriminator */
#if PPP_LCP_ADAPTIVE
unsigned int lcp_echo_adaptive : 1; /* request echo only if the link was idle */
#else
unsigned int :1; /* 1 bit of padding */
#endif
unsigned int :1; /* 1 bit of padding to round out to 16 bits */
u16_t listen_time; /* time to listen first (ms), waiting for peer to send LCP packet */
#if PPP_IDLETIMELIMIT
u16_t idle_time_limit; /* Disconnect if idle for this many seconds */
#endif /* PPP_IDLETIMELIMIT */
#if PPP_MAXCONNECT
u32_t maxconnect; /* Maximum connect time (seconds) */
#endif /* PPP_MAXCONNECT */
/* auth data */
char *user; /* Username for PAP */
char *passwd; /* Password for PAP, secret for CHAP */
#if PPP_SERVER
char our_name [MAXNAMELEN + 1]; /* Our name for authentication purposes */
#endif /* PPP_SERVER */
#if PPP_REMOTENAME
char remote_name[MAXNAMELEN + 1]; /* Peer's name for authentication */
#endif /* PPP_REMOTENAME */
#if PAP_SUPPORT
u8_t pap_timeout_time; /* Timeout (seconds) for auth-req retrans. */
u8_t pap_max_transmits; /* Number of auth-reqs sent */
#if PPP_SERVER
u8_t pap_req_timeout; /* Time to wait for auth-req from peer */
#endif /* PPP_SERVER */
#endif /* PAP_SUPPPORT */
#if CHAP_SUPPORT
u8_t chap_timeout_time; /* Timeout (seconds) for retransmitting req */
u8_t chap_max_transmits; /* max # times to send challenge */
#if PPP_SERVER
u8_t chap_rechallenge_time; /* Time to wait for auth-req from peer */
#endif /* PPP_SERVER */
#endif /* CHAP_SUPPPORT */
#if EAP_SUPPORT
u8_t eap_req_time; /* Time to wait (for retransmit/fail) */
u8_t eap_allow_req; /* Max Requests allowed */
#if PPP_SERVER
u8_t eap_timeout_time; /* Time to wait (for retransmit/fail) */
u8_t eap_max_transmits; /* Max Requests allowed */
#endif /* PPP_SERVER */
#endif /* EAP_SUPPORT */
u8_t fsm_timeout_time; /* Timeout time in seconds */
u8_t fsm_max_conf_req_transmits; /* Maximum Configure-Request transmissions */
u8_t fsm_max_term_transmits; /* Maximum Terminate-Request transmissions */
u8_t fsm_max_nak_loops; /* Maximum number of nak loops tolerated */
u8_t lcp_loopbackfail; /* Number of times we receive our magic number from the peer
before deciding the link is looped-back. */
u8_t lcp_echo_interval; /* Interval between LCP echo-requests */
u8_t lcp_echo_fails; /* Tolerance to unanswered echo-requests */
} ppp_settings;
struct ppp_addrs {
ip_addr_t our_ipaddr, his_ipaddr, netmask;
ip_addr_t dns1, dns2;
#if PPP_IPV6_SUPPORT
ip6_addr_t our6_ipaddr, his6_ipaddr;
#endif /* PPP_IPV6_SUPPORT */
};
/* FIXME: find a way to move ppp_dev_states and ppp_pcb_rx_s to ppp_impl.h */
#if PPPOS_SUPPORT
/*
* Extended asyncmap - allows any character to be escaped.
*/
typedef u_char ext_accm[32];
/* PPP packet parser states. Current state indicates operation yet to be
* completed. */
typedef enum {
PDIDLE = 0, /* Idle state - waiting. */
PDSTART, /* Process start flag. */
PDADDRESS, /* Process address field. */
PDCONTROL, /* Process control field. */
PDPROTOCOL1, /* Process protocol field 1. */
PDPROTOCOL2, /* Process protocol field 2. */
PDDATA /* Process data byte. */
} ppp_dev_states;
/*
* PPP interface RX control block.
*/
typedef struct ppp_pcb_rx_s {
/** ppp descriptor */
ppp_pcb *pcb;
/** the rx file descriptor */
sio_fd_t fd;
/* The input packet. */
struct pbuf *in_head, *in_tail;
u16_t in_protocol; /* The input protocol code. */
u16_t in_fcs; /* Input Frame Check Sequence value. */
ppp_dev_states in_state; /* The input process state. */
char in_escaped; /* Escape next character. */
ext_accm in_accm; /* Async-Ctl-Char-Map for input. */
} ppp_pcb_rx;
#endif /* PPPOS_SUPPORT */
/*
* PPP interface control block.
*/
struct ppp_pcb_s {
/* -- below are data that will NOT be cleared between two sessions */
#if PPP_DEBUG
u8_t num; /* Interface number - only useful for debugging */
#endif /* PPP_DEBUG */
ppp_settings settings;
#if PPPOS_SUPPORT
sio_fd_t fd; /* File device ID of port. */
#endif /* PPPOS_SUPPORT */
#if PPPOE_SUPPORT
struct pppoe_softc *pppoe_sc;
#endif /* PPPOE_SUPPORT */
#if PPPOL2TP_SUPPORT
pppol2tp_pcb *l2tp_pcb;
#endif /* PPPOL2TP_SUPPORT */
void (*link_status_cb)(ppp_pcb *pcb, int err_code, void *ctx); /* Status change callback */
#if PPP_NOTIFY_PHASE
void (*notify_phase_cb)(ppp_pcb *pcb, u8_t phase, void *ctx); /* Notify phase callback */
#endif /* PPP_NOTIFY_PHASE */
void *ctx_cb; /* Callbacks optional pointer */
struct netif netif; /* PPP interface */
/* -- below are data that will be cleared between two sessions */
/*
* phase must be the first member of cleared members, because it is used to know
* which part must not be cleared.
*/
u8_t phase; /* where the link is at */
u8_t err_code; /* Code indicating why interface is down. */
/* flags */
unsigned int if_up :1; /* True when the interface is up. */
unsigned int pcomp :1; /* Does peer accept protocol compression? */
unsigned int accomp :1; /* Does peer accept addr/ctl compression? */
unsigned int proxy_arp_set :1; /* Have created proxy arp entry */
unsigned int ipcp_is_open :1; /* haven't called np_finished() */
unsigned int ipcp_is_up :1; /* have called ipcp_up() */
#if PPP_IPV6_SUPPORT
unsigned int ipv6cp_is_up :1; /* have called ip6cp_up() */
#else
unsigned int :1; /* 1 bit of padding */
#endif /* PPP_IPV6_SUPPORT */
unsigned int ask_for_local :1; /* request our address from peer */
unsigned int lcp_echo_timer_running :1; /* set if a timer is running */
#if PPPOS_SUPPORT && VJ_SUPPORT
unsigned int vj_enabled :1; /* Flag indicating VJ compression enabled. */
#else
unsigned int :1; /* 1 bit of padding */
#endif /* PPPOS_SUPPORT && VJ_SUPPORT */
unsigned int :6; /* 5 bits of padding to round out to 16 bits */
#if PPPOS_SUPPORT
/* FIXME: there is probably one superfluous */
ext_accm out_accm; /* Async-Ctl-Char-Map for output. */
ext_accm xmit_accm; /* extended transmit ACCM */
ppp_pcb_rx rx;
#if VJ_SUPPORT
struct vjcompress vj_comp; /* Van Jacobson compression header. */
#endif /* VJ_SUPPORT */
#endif /* PPPOS_SUPPORT */
u32_t last_xmit; /* Time of last transmission. */
struct ppp_addrs addrs; /* PPP addresses */
/* auth data */
#if PPP_SERVER
char peer_authname[MAXNAMELEN + 1]; /* The name by which the peer authenticated itself to us. */
#endif /* PPP_SERVER */
u16_t auth_pending; /* Records which authentication operations haven't completed yet. */
u16_t auth_done; /* Records which authentication operations have been completed. */
u8_t num_np_open; /* Number of network protocols which we have opened. */
u8_t num_np_up; /* Number of network protocols which have come up. */
#if PAP_SUPPORT
upap_state upap; /* PAP data */
#endif /* PAP_SUPPORT */
#if CHAP_SUPPORT
chap_client_state chap_client; /* CHAP client data */
#if PPP_SERVER
chap_server_state chap_server; /* CHAP server data */
#endif /* PPP_SERVER */
#endif /* CHAP_SUPPORT */
#if EAP_SUPPORT
eap_state eap; /* EAP data */
#endif /* EAP_SUPPORT */
fsm lcp_fsm; /* LCP fsm structure */
lcp_options lcp_wantoptions; /* Options that we want to request */
lcp_options lcp_gotoptions; /* Options that peer ack'd */
lcp_options lcp_allowoptions; /* Options we allow peer to request */
lcp_options lcp_hisoptions; /* Options that we ack'd */
u8_t lcp_echos_pending; /* Number of outstanding echo msgs */
u8_t lcp_echo_number; /* ID number of next echo frame */
u16_t peer_mru; /* currently negotiated peer MRU */
fsm ipcp_fsm; /* IPCP fsm structure */
ipcp_options ipcp_wantoptions; /* Options that we want to request */
ipcp_options ipcp_gotoptions; /* Options that peer ack'd */
ipcp_options ipcp_allowoptions; /* Options we allow peer to request */
ipcp_options ipcp_hisoptions; /* Options that we ack'd */
#if PPP_IPV6_SUPPORT
fsm ipv6cp_fsm; /* IPV6CP fsm structure */
ipv6cp_options ipv6cp_wantoptions; /* Options that we want to request */
ipv6cp_options ipv6cp_gotoptions; /* Options that peer ack'd */
ipv6cp_options ipv6cp_allowoptions; /* Options we allow peer to request */
ipv6cp_options ipv6cp_hisoptions; /* Options that we ack'd */
#endif /* PPP_IPV6_SUPPORT */
};
/************************
*** PUBLIC FUNCTIONS ***
************************/
/*
* Initialize the PPP subsystem.
*/
int ppp_init(void);
/*
* Create a new PPP session.
*
* This initializes the PPP control block but does not
* attempt to negotiate the LCP session.
*
* Return a new PPP connection control block pointer
* on success or a null pointer on failure.
*/
ppp_pcb *ppp_new(void);
/*
* Set a PPP interface as the default network interface
* (used to output all packets for which no specific route is found).
*/
void ppp_set_default(ppp_pcb *pcb);
/*
* Set auth helper, optional, you can either fill ppp_pcb->settings.
*
* Warning: Using PPPAUTHTYPE_ANY might have security consequences.
* RFC 1994 says:
*
* In practice, within or associated with each PPP server, there is a
* database which associates "user" names with authentication
* information ("secrets"). It is not anticipated that a particular
* named user would be authenticated by multiple methods. This would
* make the user vulnerable to attacks which negotiate the least secure
* method from among a set (such as PAP rather than CHAP). If the same
* secret was used, PAP would reveal the secret to be used later with
* CHAP.
*
* Instead, for each user name there should be an indication of exactly
* one method used to authenticate that user name. If a user needs to
* make use of different authentication methods under different
* circumstances, then distinct user names SHOULD be employed, each of
* which identifies exactly one authentication method.
*
*/
#define PPPAUTHTYPE_NONE 0x00
#define PPPAUTHTYPE_PAP 0x01
#define PPPAUTHTYPE_CHAP 0x02
#define PPPAUTHTYPE_MSCHAP 0x04
#define PPPAUTHTYPE_EAP 0x08
#define PPPAUTHTYPE_ANY 0xff
void ppp_set_auth(ppp_pcb *pcb, u8_t authtype, char *user, char *passwd);
#if PPP_NOTIFY_PHASE
/*
* Set a PPP notify phase callback.
*
* This can be used for example to set a LED pattern depending on the
* current phase of the PPP session.
*/
typedef void (*ppp_notify_phase_cb_fn)(ppp_pcb *pcb, u8_t phase, void *ctx);
void ppp_set_notify_phase_callback(ppp_pcb *pcb, ppp_notify_phase_cb_fn notify_phase_cb);
#endif /* PPP_NOTIFY_PHASE */
/* Link status callback function prototype */
typedef void (*ppp_link_status_cb_fn)(ppp_pcb *pcb, int err_code, void *ctx);
#if PPPOS_SUPPORT
/*
* Create a new PPP connection using the given serial I/O device.
*
* If this port connects to a modem, the modem connection must be
* established before calling this.
*
* Return 0 on success, an error code on failure.
*/
int ppp_over_serial_create(ppp_pcb *pcb, sio_fd_t fd, ppp_link_status_cb_fn link_status_cb, void *ctx_cb);
#endif /* PPPOS_SUPPORT */
#if PPPOE_SUPPORT
/*
* Create a new PPP Over Ethernet (PPPoE) connection.
*
* Return 0 on success, an error code on failure.
*/
int ppp_over_ethernet_create(ppp_pcb *pcb, struct netif *ethif, const char *service_name, const char *concentrator_name,
ppp_link_status_cb_fn link_status_cb, void *ctx_cb);
#endif /* PPPOE_SUPPORT */
#if PPPOL2TP_SUPPORT
/*
* Create a new PPP Over L2TP (PPPoL2TP) connection.
*/
int ppp_over_l2tp_create(ppp_pcb *pcb, struct netif *netif, ip_addr_t *ipaddr, u16_t port,
u8_t *secret, u8_t secret_len,
ppp_link_status_cb_fn link_status_cb, void *ctx_cb);
#endif /* PPPOL2TP_SUPPORT */
/*
* Open a PPP connection.
*
* This can only be called if PPP is in the dead phase.
*
* Holdoff is the time to wait (in seconds) before initiating
* the connection.
*/
int ppp_open(ppp_pcb *pcb, u16_t holdoff);
/*
* Initiate the end of a PPP connection.
* Any outstanding packets in the queues are dropped.
* Return 0 on success, an error code on failure.
*/
int ppp_close(ppp_pcb *pcb);
/*
* Indicate to the PPP stack that the line has disconnected.
*/
void ppp_sighup(ppp_pcb *pcb);
/*
* Free the control block, clean everything except the PPP PCB itself
* and the netif, it allows you to change the underlying PPP protocol
* (eg. from PPPoE to PPPoS to switch from DSL to GPRS) without losing
* your PPP and netif handlers.
*
* This can only be called if PPP is in the dead phase.
*
* You must use ppp_close() before if you wish to terminate
* an established PPP session.
*
* Return 0 on success, an error code on failure.
*/
int ppp_free(ppp_pcb *pcb);
/*
* Release the control block.
*
* This can only be called if PPP is in the dead phase.
*
* You must use ppp_close() before if you wish to terminate
* an established PPP session.
*
* Return 0 on success, an error code on failure.
*/
int ppp_delete(ppp_pcb *pcb);
/*
* Get and set parameters for the given connection.
* Return 0 on success, an error code on failure.
*/
int ppp_ioctl(ppp_pcb *pcb, int cmd, void *arg);
#if PPPOS_SUPPORT
/*
* PPP over Serial: this is the input function to be called for received data.
*/
void pppos_input(ppp_pcb *pcb, u_char* data, int len);
#endif /* PPPOS_SUPPORT */
/* Get the PPP netif interface */
#define ppp_netif(ppp) (&(ppp)->netif)
/* Get the PPP addresses */
#define ppp_addrs(ppp) (&(ppp)->addrs)
#if LWIP_NETIF_STATUS_CALLBACK
/* Set an lwIP-style status-callback for the selected PPP device */
void ppp_set_netif_statuscallback(ppp_pcb *pcb, netif_status_callback_fn status_callback);
#endif /* LWIP_NETIF_STATUS_CALLBACK */
#if LWIP_NETIF_LINK_CALLBACK
/* Set an lwIP-style link-callback for the selected PPP device */
void ppp_set_netif_linkcallback(ppp_pcb *pcb, netif_status_callback_fn link_callback);
#endif /* LWIP_NETIF_LINK_CALLBACK */
#endif /* PPP_H */
#endif /* PPP_SUPPORT */

574
src/include/netif/ppp/ppp_impl.h Normal file
View File

@ -0,0 +1,574 @@
/*****************************************************************************
* ppp.h - Network Point to Point Protocol header file.
*
* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
* portions Copyright (c) 1997 Global Election Systems Inc.
*
* The authors hereby grant permission to use, copy, modify, distribute,
* and license this software and its documentation for any purpose, provided
* that existing copyright notices are retained in all copies and that this
* notice and the following disclaimer are included verbatim in any
* distributions. No written agreement, license, or royalty fee is required
* for any of the authorized uses.
*
* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
******************************************************************************
* REVISION HISTORY
*
* 03-01-01 Marc Boucher <marc@mbsi.ca>
* Ported to lwIP.
* 97-11-05 Guy Lancaster <glanca@gesn.com>, Global Election Systems Inc.
* Original derived from BSD codes.
*****************************************************************************/
#include "lwip/opt.h"
#if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#ifndef PPP_IMP_H_
#define PPP_IMP_H_
#include <stdio.h> /* formats */
#include <stdarg.h>
#include <string.h>
#include <stdlib.h> /* strtol() */
#include "lwip/netif.h"
#include "lwip/def.h"
#include "lwip/timers.h"
#include "lwip/sio.h"
#include "ppp.h"
#include "pppdebug.h"
/*
* Memory used for control packets.
*
* PPP_CTRL_PBUF_MAX_SIZE is the amount of memory we allocate when we
* cannot figure out how much we are going to use before filling the buffer.
*/
#if PPP_USE_PBUF_RAM
#define PPP_CTRL_PBUF_TYPE PBUF_RAM
#define PPP_CTRL_PBUF_MAX_SIZE 512
#else /* PPP_USE_PBUF_RAM */
#define PPP_CTRL_PBUF_TYPE PBUF_POOL
#define PPP_CTRL_PBUF_MAX_SIZE PBUF_POOL_BUFSIZE
#endif /* PPP_USE_PBUF_RAM */
/*
* Limits.
*/
#define MAXWORDLEN 1024 /* max length of word in file (incl null) */
#define MAXARGS 1 /* max # args to a command */
#define MAXNAMELEN 256 /* max length of hostname or name for auth */
#define MAXSECRETLEN 256 /* max length of password or secret */
/*
* The basic PPP frame.
*/
#define PPP_ADDRESS(p) (((u_char *)(p))[0])
#define PPP_CONTROL(p) (((u_char *)(p))[1])
#define PPP_PROTOCOL(p) ((((u_char *)(p))[2] << 8) + ((u_char *)(p))[3])
/*
* Significant octet values.
*/
#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */
#define PPP_UI 0x03 /* Unnumbered Information */
#define PPP_FLAG 0x7e /* Flag Sequence */
#define PPP_ESCAPE 0x7d /* Asynchronous Control Escape */
#define PPP_TRANS 0x20 /* Asynchronous transparency modifier */
/*
* Protocol field values.
*/
#define PPP_IP 0x21 /* Internet Protocol */
#if 0 /* UNUSED */
#define PPP_AT 0x29 /* AppleTalk Protocol */
#define PPP_IPX 0x2b /* IPX protocol */
#endif /* UNUSED */
#if VJ_SUPPORT
#define PPP_VJC_COMP 0x2d /* VJ compressed TCP */
#define PPP_VJC_UNCOMP 0x2f /* VJ uncompressed TCP */
#endif /* VJ_SUPPORT */
#if PPP_IPV6_SUPPORT
#define PPP_IPV6 0x57 /* Internet Protocol Version 6 */
#endif /* PPP_IPV6_SUPPORT */
#if CCP_SUPPORT
#define PPP_COMP 0xfd /* compressed packet */
#endif /* CCP_SUPPORT */
#define PPP_IPCP 0x8021 /* IP Control Protocol */
#if 0 /* UNUSED */
#define PPP_ATCP 0x8029 /* AppleTalk Control Protocol */
#define PPP_IPXCP 0x802b /* IPX Control Protocol */
#endif /* UNUSED */
#if PPP_IPV6_SUPPORT
#define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */
#endif /* PPP_IPV6_SUPPORT */
#if CCP_SUPPORT
#define PPP_CCP 0x80fd /* Compression Control Protocol */
#endif /* CCP_SUPPORT */
#if ECP_SUPPORT
#define PPP_ECP 0x8053 /* Encryption Control Protocol */
#endif /* ECP_SUPPORT */
#define PPP_LCP 0xc021 /* Link Control Protocol */
#if PAP_SUPPORT
#define PPP_PAP 0xc023 /* Password Authentication Protocol */
#endif /* PAP_SUPPORT */
#if LQR_SUPPORT
#define PPP_LQR 0xc025 /* Link Quality Report protocol */
#endif /* LQR_SUPPORT */
#if CHAP_SUPPORT
#define PPP_CHAP 0xc223 /* Cryptographic Handshake Auth. Protocol */
#endif /* CHAP_SUPPORT */
#if CBCP_SUPPORT
#define PPP_CBCP 0xc029 /* Callback Control Protocol */
#endif /* CBCP_SUPPORT */
#if EAP_SUPPORT
#define PPP_EAP 0xc227 /* Extensible Authentication Protocol */
#endif /* EAP_SUPPORT */
/*
* Values for FCS calculations.
*/
#define PPP_INITFCS 0xffff /* Initial FCS value */
#define PPP_GOODFCS 0xf0b8 /* Good final FCS value */
#if PPP_FCS_TABLE
#define PPP_FCS(fcs, c) (((fcs) >> 8) ^ fcstab[((fcs) ^ (c)) & 0xff])
#else
u16_t ppp_get_fcs(u8_t byte);
#define PPP_FCS(fcs, c) (((fcs) >> 8) ^ ppp_get_fcs(((fcs) ^ (c)) & 0xff))
#endif
/*
* What to do with network protocol (NP) packets.
*/
enum NPmode {
NPMODE_PASS, /* pass the packet through */
NPMODE_DROP, /* silently drop the packet */
NPMODE_ERROR, /* return an error */
NPMODE_QUEUE /* save it up for later. */
};
/*
* Statistics.
*/
#if PPP_STATS_SUPPORT
struct pppstat {
unsigned int ppp_ibytes; /* bytes received */
unsigned int ppp_ipackets; /* packets received */
unsigned int ppp_ierrors; /* receive errors */
unsigned int ppp_obytes; /* bytes sent */
unsigned int ppp_opackets; /* packets sent */
unsigned int ppp_oerrors; /* transmit errors */
};
#if VJ_SUPPORT
struct vjstat {
unsigned int vjs_packets; /* outbound packets */
unsigned int vjs_compressed; /* outbound compressed packets */
unsigned int vjs_searches; /* searches for connection state */
unsigned int vjs_misses; /* times couldn't find conn. state */
unsigned int vjs_uncompressedin; /* inbound uncompressed packets */
unsigned int vjs_compressedin; /* inbound compressed packets */
unsigned int vjs_errorin; /* inbound unknown type packets */
unsigned int vjs_tossed; /* inbound packets tossed because of error */
};
#endif /* VJ_SUPPORT */
struct ppp_stats {
struct pppstat p; /* basic PPP statistics */
#if VJ_SUPPORT
struct vjstat vj; /* VJ header compression statistics */
#endif /* VJ_SUPPORT */
};
#if CCP_SUPPORT
struct compstat {
unsigned int unc_bytes; /* total uncompressed bytes */
unsigned int unc_packets; /* total uncompressed packets */
unsigned int comp_bytes; /* compressed bytes */
unsigned int comp_packets; /* compressed packets */
unsigned int inc_bytes; /* incompressible bytes */
unsigned int inc_packets; /* incompressible packets */
unsigned int ratio; /* recent compression ratio << 8 */
};
struct ppp_comp_stats {
struct compstat c; /* packet compression statistics */
struct compstat d; /* packet decompression statistics */
};
#endif /* CCP_SUPPORT */
#endif /* PPP_STATS_SUPPORT */
#if PPP_IDLETIMELIMIT
/*
* The following structure records the time in seconds since
* the last NP packet was sent or received.
*/
struct ppp_idle {
time_t xmit_idle; /* time since last NP packet sent */
time_t recv_idle; /* time since last NP packet received */
};
#endif /* PPP_IDLETIMELIMIT */
/* values for epdisc.class */
#define EPD_NULL 0 /* null discriminator, no data */
#define EPD_LOCAL 1
#define EPD_IP 2
#define EPD_MAC 3
#define EPD_MAGIC 4
#define EPD_PHONENUM 5
/*
* Global variables.
*/
#ifdef HAVE_MULTILINK
extern u8_t multilink; /* enable multilink operation */
extern u8_t doing_multilink;
extern u8_t multilink_master;
extern u8_t bundle_eof;
extern u8_t bundle_terminating;
#endif
#ifdef MAXOCTETS
extern unsigned int maxoctets; /* Maximum octetes per session (in bytes) */
extern int maxoctets_dir; /* Direction :
0 - in+out (default)
1 - in
2 - out
3 - max(in,out) */
extern int maxoctets_timeout; /* Timeout for check of octets limit */
#define PPP_OCTETS_DIRECTION_SUM 0
#define PPP_OCTETS_DIRECTION_IN 1
#define PPP_OCTETS_DIRECTION_OUT 2
#define PPP_OCTETS_DIRECTION_MAXOVERAL 3
/* same as previos, but little different on RADIUS side */
#define PPP_OCTETS_DIRECTION_MAXSESSION 4
#endif
/*
* The following struct gives the addresses of procedures to call
* for a particular protocol.
*/
struct protent {
u_short protocol; /* PPP protocol number */
/* Initialization procedure */
void (*init) (ppp_pcb *pcb);
/* Process a received packet */
void (*input) (ppp_pcb *pcb, u_char *pkt, int len);
/* Process a received protocol-reject */
void (*protrej) (ppp_pcb *pcb);
/* Lower layer has come up */
void (*lowerup) (ppp_pcb *pcb);
/* Lower layer has gone down */
void (*lowerdown) (ppp_pcb *pcb);
/* Open the protocol */
void (*open) (ppp_pcb *pcb);
/* Close the protocol */
void (*close) (ppp_pcb *pcb, char *reason);
#if PRINTPKT_SUPPORT
/* Print a packet in readable form */
int (*printpkt) (u_char *pkt, int len,
void (*printer) (void *, char *, ...),
void *arg);
#endif /* PRINTPKT_SUPPORT */
/* FIXME: data input is only used by CCP, which is not supported at this time,
* should we remove this entry and save some flash ?
*/
/* Process a received data packet */
void (*datainput) (ppp_pcb *pcb, u_char *pkt, int len);
u8_t enabled_flag; /* 0 if protocol is disabled */
#if PRINTPKT_SUPPORT
char *name; /* Text name of protocol */
char *data_name; /* Text name of corresponding data protocol */
#endif /* PRINTPKT_SUPPORT */
#if PPP_OPTIONS
option_t *options; /* List of command-line options */
/* Check requested options, assign defaults */
void (*check_options) (void);
#endif /* PPP_OPTIONS */
#if DEMAND_SUPPORT
/* Configure interface for demand-dial */
int (*demand_conf) (int unit);
/* Say whether to bring up link for this pkt */
int (*active_pkt) (u_char *pkt, int len);
#endif /* DEMAND_SUPPORT */
};
/* Table of pointers to supported protocols */
extern const struct protent* const protocols[];
/* Values for auth_pending, auth_done */
#if PAP_SUPPORT
#define PAP_WITHPEER 0x1
#define PAP_PEER 0x2
#endif /* PAP_SUPPORT */
#if CHAP_SUPPORT
#define CHAP_WITHPEER 0x4
#define CHAP_PEER 0x8
#endif /* CHAP_SUPPORT */
#if EAP_SUPPORT
#define EAP_WITHPEER 0x10
#define EAP_PEER 0x20
#endif /* EAP_SUPPORT */
/* Values for auth_done only */
#if CHAP_SUPPORT
#define CHAP_MD5_WITHPEER 0x40
#define CHAP_MD5_PEER 0x80
#if MSCHAP_SUPPORT
#define CHAP_MS_SHIFT 8 /* LSB position for MS auths */
#define CHAP_MS_WITHPEER 0x100
#define CHAP_MS_PEER 0x200
#define CHAP_MS2_WITHPEER 0x400
#define CHAP_MS2_PEER 0x800
#endif /* MSCHAP_SUPPORT */
#endif /* CHAP_SUPPORT */
/* Supported CHAP protocols */
#if CHAP_SUPPORT
#include "chap-new.h"
#if MSCHAP_SUPPORT
#define CHAP_MDTYPE_SUPPORTED (MDTYPE_MICROSOFT_V2 | MDTYPE_MICROSOFT | MDTYPE_MD5)
#else
#define CHAP_MDTYPE_SUPPORTED (MDTYPE_MD5)
#endif
#else
#define CHAP_MDTYPE_SUPPORTED (MDTYPE_NONE)
#endif
#if PPP_STATS_SUPPORT
/*
* PPP statistics structure
*/
struct pppd_stats {
unsigned int bytes_in;
unsigned int bytes_out;
unsigned int pkts_in;
unsigned int pkts_out;
};
#endif /* PPP_STATS_SUPPORT */
/* PPP flow functions
*/
/* function called by pppoe.c */
void ppp_input(ppp_pcb *pcb, struct pbuf *pb);
/* function called by all PPP subsystems to send packets */
int ppp_write(ppp_pcb *pcb, struct pbuf *p);
/* functions called by auth.c link_terminated() */
void ppp_link_down(ppp_pcb *pcb);
void ppp_link_terminated(ppp_pcb *pcb);
/* merge a pbuf chain into one pbuf */
struct pbuf * ppp_singlebuf(struct pbuf *p);
/* Functions called by various PPP subsystems to configure
* the PPP interface or change the PPP phase.
*/
void new_phase(ppp_pcb *pcb, int p);
#if PPPOS_SUPPORT
void ppp_set_xaccm(ppp_pcb *pcb, ext_accm *accm);
#endif /* PPPOS_SUPPORT */
int ppp_send_config(ppp_pcb *pcb, int mtu, u32_t accm, int pcomp, int accomp);
int ppp_recv_config(ppp_pcb *pcb, int mru, u32_t accm, int pcomp, int accomp);
int sifaddr(ppp_pcb *pcb, u32_t our_adr, u32_t his_adr, u32_t net_mask);
int cifaddr(ppp_pcb *pcb, u32_t our_adr, u32_t his_adr);
#if PPP_IPV6_SUPPORT
int sif6addr(ppp_pcb *pcb, eui64_t our_eui64, eui64_t his_eui64);
int cif6addr(ppp_pcb *pcb, eui64_t our_eui64, eui64_t his_eui64);
#endif /* PPP_IPV6_SUPPORT */
int sdns(ppp_pcb *pcb, u32_t ns1, u32_t ns2);
int cdns(ppp_pcb *pcb, u32_t ns1, u32_t ns2);
int sifup(ppp_pcb *pcb);
int sifdown (ppp_pcb *pcb);
int sifnpmode(ppp_pcb *pcb, int proto, enum NPmode mode);
void netif_set_mtu(ppp_pcb *pcb, int mtu);
int netif_get_mtu(ppp_pcb *pcb);
int sifproxyarp(ppp_pcb *pcb, u32_t his_adr);
int cifproxyarp(ppp_pcb *pcb, u32_t his_adr);
int sifvjcomp(ppp_pcb *pcb, int vjcomp, int cidcomp, int maxcid);
#if PPP_IDLETIMELIMIT
int get_idle_time(ppp_pcb *pcb, struct ppp_idle *ip);
#endif /* PPP_IDLETIMELIMIT */
int get_loop_output(void);
u32_t get_mask (u32_t addr);
/* Optional protocol names list, to make our messages a little more informative. */
#if PPP_PROTOCOLNAME
const char * protocol_name(int proto);
#endif /* PPP_PROTOCOLNAME */
/* Optional stats support, to get some statistics on the PPP interface */
#if PPP_STATS_SUPPORT
void print_link_stats(void); /* Print stats, if available */
void reset_link_stats(int u); /* Reset (init) stats when link goes up */
void update_link_stats(int u); /* Get stats at link termination */
#endif /* PPP_STATS_SUPPORT */
/*
* Inline versions of get/put char/short/long.
* Pointer is advanced; we assume that both arguments
* are lvalues and will already be in registers.
* cp MUST be u_char *.
*/
#define GETCHAR(c, cp) { \
(c) = *(cp)++; \
}
#define PUTCHAR(c, cp) { \
*(cp)++ = (u_char) (c); \
}
#define GETSHORT(s, cp) { \
(s) = *(cp)++ << 8; \
(s) |= *(cp)++; \
}
#define PUTSHORT(s, cp) { \
*(cp)++ = (u_char) ((s) >> 8); \
*(cp)++ = (u_char) (s); \
}
#define GETLONG(l, cp) { \
(l) = *(cp)++ << 8; \
(l) |= *(cp)++; (l) <<= 8; \
(l) |= *(cp)++; (l) <<= 8; \
(l) |= *(cp)++; \
}
#define PUTLONG(l, cp) { \
*(cp)++ = (u_char) ((l) >> 24); \
*(cp)++ = (u_char) ((l) >> 16); \
*(cp)++ = (u_char) ((l) >> 8); \
*(cp)++ = (u_char) (l); \
}
#define INCPTR(n, cp) ((cp) += (n))
#define DECPTR(n, cp) ((cp) -= (n))
/*
* System dependent definitions for user-level 4.3BSD UNIX implementation.
*/
#define TIMEOUT(f, a, t) do { sys_untimeout((f), (a)); sys_timeout((t)*1000, (f), (a)); } while(0)
#define TIMEOUTMS(f, a, t) do { sys_untimeout((f), (a)); sys_timeout((t), (f), (a)); } while(0)
#define UNTIMEOUT(f, a) sys_untimeout((f), (a))
#define BZERO(s, n) memset(s, 0, n)
#define BCMP(s1, s2, l) memcmp(s1, s2, l)
#define PRINTMSG(m, l) { ppp_info("Remote message: %0.*v", l, m); }
/*
* MAKEHEADER - Add Header fields to a packet.
*/
#define MAKEHEADER(p, t) { \
PUTCHAR(PPP_ALLSTATIONS, p); \
PUTCHAR(PPP_UI, p); \
PUTSHORT(t, p); }
/* Procedures exported from auth.c */
void link_required(ppp_pcb *pcb); /* we are starting to use the link */
void link_terminated(ppp_pcb *pcb); /* we are finished with the link */
void link_down(ppp_pcb *pcb); /* the LCP layer has left the Opened state */
void upper_layers_down(ppp_pcb *pcb); /* take all NCPs down */
void link_established(ppp_pcb *pcb); /* the link is up; authenticate now */
void start_networks(ppp_pcb *pcb); /* start all the network control protos */
void continue_networks(ppp_pcb *pcb); /* start network [ip, etc] control protos */
#if PPP_SERVER
void auth_peer_fail(ppp_pcb *pcb, int protocol);
/* peer failed to authenticate itself */
void auth_peer_success(ppp_pcb *pcb, int protocol, int prot_flavor, char *name, int namelen);
/* peer successfully authenticated itself */
#endif /* PPP_SERVER */
void auth_withpeer_fail(ppp_pcb *pcb, int protocol);
/* we failed to authenticate ourselves */
void auth_withpeer_success(ppp_pcb *pcb, int protocol, int prot_flavor);
/* we successfully authenticated ourselves */
void np_up(ppp_pcb *pcb, int proto); /* a network protocol has come up */
void np_down(ppp_pcb *pcb, int proto); /* a network protocol has gone down */
void np_finished(ppp_pcb *pcb, int proto); /* a network protocol no longer needs link */
void auth_reset(ppp_pcb *pcb); /* check what secrets we have */
int get_secret(ppp_pcb *pcb, char *client, char *server, char *secret, int *secret_len, int am_server);
/* get "secret" for chap */
/* Procedures exported from ipcp.c */
/* int parse_dotted_ip (char *, u32_t *); */
/* Procedures exported from demand.c */
#if DEMAND_SUPPORT
void demand_conf (void); /* config interface(s) for demand-dial */
void demand_block (void); /* set all NPs to queue up packets */
void demand_unblock (void); /* set all NPs to pass packets */
void demand_discard (void); /* set all NPs to discard packets */
void demand_rexmit (int, u32_t); /* retransmit saved frames for an NP*/
int loop_chars (unsigned char *, int); /* process chars from loopback */
int loop_frame (unsigned char *, int); /* should we bring link up? */
#endif /* DEMAND_SUPPORT */
/* Procedures exported from multilink.c */
#ifdef HAVE_MULTILINK
void mp_check_options (void); /* Check multilink-related options */
int mp_join_bundle (void); /* join our link to an appropriate bundle */
void mp_exit_bundle (void); /* have disconnected our link from bundle */
void mp_bundle_terminated (void);
char *epdisc_to_str (struct epdisc *); /* string from endpoint discrim. */
int str_to_epdisc (struct epdisc *, char *); /* endpt disc. from str */
#else
#define mp_bundle_terminated() /* nothing */
#define mp_exit_bundle() /* nothing */
#define doing_multilink 0
#define multilink_master 0
#endif
/* Procedures exported from utils.c. */
void ppp_print_string(char *p, int len, void (*printer) (void *, char *, ...), void *arg); /* Format a string for output */
int ppp_slprintf(char *buf, int buflen, char *fmt, ...); /* sprintf++ */
int ppp_vslprintf(char *buf, int buflen, char *fmt, va_list args); /* vsprintf++ */
size_t ppp_strlcpy(char *dest, const char *src, size_t len); /* safe strcpy */
size_t ppp_strlcat(char *dest, const char *src, size_t len); /* safe strncpy */
void ppp_dbglog(char *fmt, ...); /* log a debug message */
void ppp_info(char *fmt, ...); /* log an informational message */
void ppp_notice(char *fmt, ...); /* log a notice-level message */
void ppp_warn(char *fmt, ...); /* log a warning message */
void ppp_error(char *fmt, ...); /* log an error message */
void ppp_fatal(char *fmt, ...); /* log an error message and die(1) */
#if PRINTPKT_SUPPORT
void ppp_dump_packet(const char *tag, unsigned char *p, int len);
/* dump packet to debug log if interesting */
#endif /* PRINTPKT_SUPPORT */
#endif /* PPP_IMP_H_ */
#endif /* PPP_SUPPORT */

43
src/include/netif/ppp/pppcrypt.h Normal file
View File

@ -0,0 +1,43 @@
/*
* pppcrypt.c - PPP/DES linkage for MS-CHAP and EAP SRP-SHA1
*
* Extracted from chap_ms.c by James Carlson.
*
* Copyright (c) 1995 Eric Rosenquist. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The name(s) of the authors of this software must not be used to
* endorse or promote products derived from this software without
* prior written permission.
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
* SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && MSCHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#ifndef PPPCRYPT_H
#define PPPCRYPT_H
void pppcrypt_56_to_64_bit_key(u_char *key, u_char *des_key);
#endif /* PPPCRYPT_H */
#endif /* PPP_SUPPORT && MSCHAP_SUPPORT */

37
src/netif/ppp/pppdebug.h → src/include/netif/ppp/pppdebug.h
View File

@ -33,6 +33,10 @@
*
*****************************************************************************
*/
#include "lwip/opt.h"
#if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#ifndef PPPDEBUG_H
#define PPPDEBUG_H
@ -45,29 +49,32 @@
#define LOG_DETAIL (PPP_DEBUG)
#define LOG_DEBUG (PPP_DEBUG)
#define TRACELCP PPP_DEBUG
#if PPP_DEBUG
#define AUTHDEBUG(a, b) LWIP_DEBUGF(a, b)
#define IPCPDEBUG(a, b) LWIP_DEBUGF(a, b)
#define UPAPDEBUG(a, b) LWIP_DEBUGF(a, b)
#define LCPDEBUG(a, b) LWIP_DEBUGF(a, b)
#define FSMDEBUG(a, b) LWIP_DEBUGF(a, b)
#define CHAPDEBUG(a, b) LWIP_DEBUGF(a, b)
#define MAINDEBUG(a) LWIP_DEBUGF(LWIP_DBG_LEVEL_WARNING, a)
#define SYSDEBUG(a) LWIP_DEBUGF(LWIP_DBG_LEVEL_WARNING, a)
#define FSMDEBUG(a) LWIP_DEBUGF(LWIP_DBG_LEVEL_WARNING, a)
#define LCPDEBUG(a) LWIP_DEBUGF(LWIP_DBG_LEVEL_WARNING, a)
#define IPCPDEBUG(a) LWIP_DEBUGF(LWIP_DBG_LEVEL_WARNING, a)
#define IPV6CPDEBUG(a) LWIP_DEBUGF(LWIP_DBG_LEVEL_WARNING, a)
#define UPAPDEBUG(a) LWIP_DEBUGF(LWIP_DBG_LEVEL_WARNING, a)
#define CHAPDEBUG(a) LWIP_DEBUGF(LWIP_DBG_LEVEL_WARNING, a)
#define PPPDEBUG(a, b) LWIP_DEBUGF(a, b)
#else /* PPP_DEBUG */
#define AUTHDEBUG(a, b)
#define IPCPDEBUG(a, b)
#define UPAPDEBUG(a, b)
#define LCPDEBUG(a, b)
#define FSMDEBUG(a, b)
#define CHAPDEBUG(a, b)
#define MAINDEBUG(a)
#define SYSDEBUG(a)
#define FSMDEBUG(a)
#define LCPDEBUG(a)
#define IPCPDEBUG(a)
#define IPV6CPDEBUG(a)
#define UPAPDEBUG(a)
#define CHAPDEBUG(a)
#define PPPDEBUG(a, b)
#endif /* PPP_DEBUG */
#endif /* PPPDEBUG_H */
#endif /* PPP_SUPPORT */

51
src/include/netif/ppp_oe.h → src/include/netif/ppp/pppoe.h
View File

@ -1,5 +1,5 @@
/*****************************************************************************
* ppp_oe.h - PPP Over Ethernet implementation for lwIP.
* pppoe.h - PPP Over Ethernet implementation for lwIP.
*
* Copyright (c) 2006 by Marc Boucher, Services Informatiques (MBSI) inc.
*
@ -67,13 +67,13 @@
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && PPPOE_SUPPORT /* don't build if not configured for use in lwipopts.h */
#ifndef PPP_OE_H
#define PPP_OE_H
#include "lwip/opt.h"
#if PPPOE_SUPPORT > 0
#include "ppp.h"
#include "netif/etharp.h"
#ifdef PACK_STRUCT_USE_INCLUDES
@ -109,10 +109,13 @@ PACK_STRUCT_END
#define PPPOE_STATE_PADI_SENT 1
#define PPPOE_STATE_PADR_SENT 2
#define PPPOE_STATE_SESSION 3
#define PPPOE_STATE_CLOSING 4
/* passive */
#define PPPOE_STATE_PADO_SENT 1
#define PPPOE_CB_STATE_UP 0 /* PPPoE link is UP */
#define PPPOE_CB_STATE_DOWN 1 /* PPPoE link is DOWN - normal condition */
#define PPPOE_CB_STATE_FAILED 2 /* Failed to setup PPPoE link */
#define PPPOE_HEADERLEN sizeof(struct pppoehdr)
#define PPPOE_VERTYPE 0x11 /* VER=1, TYPE = 1 */
@ -133,13 +136,6 @@ PACK_STRUCT_END
#define PPPOE_CODE_PADS 0x65 /* Active Discovery Session confirmation */
#define PPPOE_CODE_PADT 0xA7 /* Active Discovery Terminate */
#ifndef ETHERMTU
#define ETHERMTU 1500
#endif
/* two byte PPP protocol discriminator, then IP data */
#define PPPOE_MAXMTU (ETHERMTU-PPPOE_HEADERLEN-2)
#ifndef PPPOE_MAX_AC_COOKIE_LEN
#define PPPOE_MAX_AC_COOKIE_LEN 64
#endif
@ -147,32 +143,32 @@ PACK_STRUCT_END
struct pppoe_softc {
struct pppoe_softc *next;
struct netif *sc_ethif; /* ethernet interface we are using */
int sc_pd; /* ppp unit number */
void (*sc_linkStatusCB)(int pd, int up);
ppp_pcb *pcb; /* PPP PCB */
void (*sc_link_status_cb)(ppp_pcb *pcb, int up);
int sc_state; /* discovery phase or session connected */
struct eth_addr sc_dest; /* hardware address of concentrator */
u16_t sc_session; /* PPPoE session id */
u8_t sc_state; /* discovery phase or session connected */
#ifdef PPPOE_TODO
char *sc_service_name; /* if != NULL: requested name of service */
char *sc_concentrator_name; /* if != NULL: requested concentrator id */
u8_t *sc_service_name; /* if != NULL: requested name of service */
u8_t *sc_concentrator_name; /* if != NULL: requested concentrator id */
#endif /* PPPOE_TODO */
u8_t sc_ac_cookie[PPPOE_MAX_AC_COOKIE_LEN]; /* content of AC cookie we must echo back */
size_t sc_ac_cookie_len; /* length of cookie data */
u8_t sc_ac_cookie_len; /* length of cookie data */
#ifdef PPPOE_SERVER
u8_t *sc_hunique; /* content of host unique we must echo back */
size_t sc_hunique_len; /* length of host unique */
u8_t sc_hunique_len; /* length of host unique */
#endif
int sc_padi_retried; /* number of PADI retries already done */
int sc_padr_retried; /* number of PADR retries already done */
u8_t sc_padi_retried; /* number of PADI retries already done */
u8_t sc_padr_retried; /* number of PADR retries already done */
};
#define pppoe_init() /* compatibility define, no initialization needed */
err_t pppoe_create(struct netif *ethif, int pd, void (*linkStatusCB)(int pd, int up), struct pppoe_softc **scptr);
err_t pppoe_destroy(struct netif *ifp);
err_t pppoe_create(struct netif *ethif, ppp_pcb *pcb, void (*link_status_cb)(ppp_pcb *pcb, int up), struct pppoe_softc **scptr);
err_t pppoe_destroy(struct pppoe_softc *sc);
int pppoe_connect(struct pppoe_softc *sc);
void pppoe_disconnect(struct pppoe_softc *sc);
@ -182,9 +178,6 @@ void pppoe_data_input(struct netif *netif, struct pbuf *p);
err_t pppoe_xmit(struct pppoe_softc *sc, struct pbuf *pb);
/** used in ppp.c */
#define PPPOE_HDRLEN (sizeof(struct eth_hdr) + PPPOE_HEADERLEN)
#endif /* PPPOE_SUPPORT */
#endif /* PPP_OE_H */
#endif /* PPP_SUPPORT && PPPOE_SUPPORT */

217
src/include/netif/ppp/pppol2tp.h Normal file
View File

@ -0,0 +1,217 @@
/**
* @file
* Network Point to Point Protocol over Layer 2 Tunneling Protocol header file.
*
*/
/*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
* SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
* OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
* OF SUCH DAMAGE.
*
* This file is part of the lwIP TCP/IP stack.
*
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && PPPOL2TP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#ifndef PPPOL2TP_H_
#define PPPOL2TP_H_
#include "ppp.h"
/* Timeout */
#define PPPOL2TP_CONTROL_TIMEOUT (5*1000) /* base for quick timeout calculation */
#define PPPOL2TP_SLOW_RETRY (60*1000) /* persistent retry interval */
#define PPPOL2TP_MAXSCCRQ 4 /* retry SCCRQ four times (quickly) */
#define PPPOL2TP_MAXICRQ 4 /* retry IRCQ four times */
#define PPPOL2TP_MAXICCN 4 /* retry ICCN four times */
/* L2TP header flags */
#define PPPOL2TP_HEADERFLAG_CONTROL 0x8000
#define PPPOL2TP_HEADERFLAG_LENGTH 0x4000
#define PPPOL2TP_HEADERFLAG_SEQUENCE 0x0800
#define PPPOL2TP_HEADERFLAG_OFFSET 0x0200
#define PPPOL2TP_HEADERFLAG_PRIORITY 0x0100
#define PPPOL2TP_HEADERFLAG_VERSION 0x0002
/* Mandatory bits for control: Control, Length, Sequence, Version 2 */
#define PPPOL2TP_HEADERFLAG_CONTROL_MANDATORY (PPPOL2TP_HEADERFLAG_CONTROL|PPPOL2TP_HEADERFLAG_LENGTH|PPPOL2TP_HEADERFLAG_SEQUENCE|PPPOL2TP_HEADERFLAG_VERSION)
/* Forbidden bits for control: Offset, Priority */
#define PPPOL2TP_HEADERFLAG_CONTROL_FORBIDDEN (PPPOL2TP_HEADERFLAG_OFFSET|PPPOL2TP_HEADERFLAG_PRIORITY)
/* Mandatory bits for data: Version 2 */
#define PPPOL2TP_HEADERFLAG_DATA_MANDATORY (PPPOL2TP_HEADERFLAG_VERSION)
/* AVP (Attribute Value Pair) header */
#define PPPOL2TP_AVPHEADERFLAG_MANDATORY 0x8000
#define PPPOL2TP_AVPHEADERFLAG_HIDDEN 0x4000
#define PPPOL2TP_AVPHEADERFLAG_LENGTHMASK 0x03ff
/* -- AVP - Message type */
#define PPPOL2TP_AVPTYPE_MESSAGE 0 /* Message type */
/* Control Connection Management */
#define PPPOL2TP_MESSAGETYPE_SCCRQ 1 /* Start Control Connection Request */
#define PPPOL2TP_MESSAGETYPE_SCCRP 2 /* Start Control Connection Reply */
#define PPPOL2TP_MESSAGETYPE_SCCCN 3 /* Start Control Connection Connected */
#define PPPOL2TP_MESSAGETYPE_STOPCCN 4 /* Stop Control Connection Notification */
#define PPPOL2TP_MESSAGETYPE_HELLO 6 /* Hello */
/* Call Management */
#define PPPOL2TP_MESSAGETYPE_OCRQ 7 /* Outgoing Call Request */
#define PPPOL2TP_MESSAGETYPE_OCRP 8 /* Outgoing Call Reply */
#define PPPOL2TP_MESSAGETYPE_OCCN 9 /* Outgoing Call Connected */
#define PPPOL2TP_MESSAGETYPE_ICRQ 10 /* Incoming Call Request */
#define PPPOL2TP_MESSAGETYPE_ICRP 11 /* Incoming Call Reply */
#define PPPOL2TP_MESSAGETYPE_ICCN 12 /* Incoming Call Connected */
#define PPPOL2TP_MESSAGETYPE_CDN 14 /* Call Disconnect Notify */
/* Error reporting */
#define PPPOL2TP_MESSAGETYPE_WEN 15 /* WAN Error Notify */
/* PPP Session Control */
#define PPPOL2TP_MESSAGETYPE_SLI 16 /* Set Link Info */
/* -- AVP - Result code */
#define PPPOL2TP_AVPTYPE_RESULTCODE 1 /* Result code */
#define PPPOL2TP_RESULTCODE 1 /* General request to clear control connection */
/* -- AVP - Protocol version (!= L2TP Header version) */
#define PPPOL2TP_AVPTYPE_VERSION 2
#define PPPOL2TP_VERSION 0x0100 /* L2TP Protocol version 1, revision 0 */
/* -- AVP - Framing capabilities */
#define PPPOL2TP_AVPTYPE_FRAMINGCAPABILITIES 3 /* Bearer capabilities */
#define PPPOL2TP_FRAMINGCAPABILITIES 0x00000003 /* Async + Sync framing */
/* -- AVP - Bearer capabilities */
#define PPPOL2TP_AVPTYPE_BEARERCAPABILITIES 4 /* Bearer capabilities */
#define PPPOL2TP_BEARERCAPABILITIES 0x00000003 /* Analog + Digital Access */
/* -- AVP - Tie breaker */
#define PPPOL2TP_AVPTYPE_TIEBREAKER 5
/* -- AVP - Host name */
#define PPPOL2TP_AVPTYPE_HOSTNAME 7 /* Host name */
#define PPPOL2TP_HOSTNAME "lwIP" /* FIXME: make it configurable */
/* -- AVP - Vendor name */
#define PPPOL2TP_AVPTYPE_VENDORNAME 8 /* Vendor name */
#define PPPOL2TP_VENDORNAME "lwIP" /* FIXME: make it configurable */
/* -- AVP - Assign tunnel ID */
#define PPPOL2TP_AVPTYPE_TUNNELID 9 /* Assign Tunnel ID */
/* -- AVP - Receive window size */
#define PPPOL2TP_AVPTYPE_RECEIVEWINDOWSIZE 10 /* Receive window size */
#define PPPOL2TP_RECEIVEWINDOWSIZE 8 /* FIXME: make it configurable */
/* -- AVP - Challenge */
#define PPPOL2TP_AVPTYPE_CHALLENGE 11 /* Challenge */
/* -- AVP - Cause code */
#define PPPOL2TP_AVPTYPE_CAUSECODE 12 /* Cause code*/
/* -- AVP - Challenge response */
#define PPPOL2TP_AVPTYPE_CHALLENGERESPONSE 13 /* Challenge response */
#define PPPOL2TP_AVPTYPE_CHALLENGERESPONSE_SIZE 16
/* -- AVP - Assign session ID */
#define PPPOL2TP_AVPTYPE_SESSIONID 14 /* Assign Session ID */
/* -- AVP - Call serial number */
#define PPPOL2TP_AVPTYPE_CALLSERIALNUMBER 15 /* Call Serial Number */
/* -- AVP - Framing type */
#define PPPOL2TP_AVPTYPE_FRAMINGTYPE 19 /* Framing Type */
#define PPPOL2TP_FRAMINGTYPE 0x00000001 /* Sync framing */
/* -- AVP - TX Connect Speed */
#define PPPOL2TP_AVPTYPE_TXCONNECTSPEED 24 /* TX Connect Speed */
#define PPPOL2TP_TXCONNECTSPEED 100000000 /* Connect speed: 100 Mbits/s */
/* L2TP Session state */
#define PPPOL2TP_STATE_INITIAL 0
#define PPPOL2TP_STATE_SCCRQ_SENT 1
#define PPPOL2TP_STATE_ICRQ_SENT 2
#define PPPOL2TP_STATE_ICCN_SENT 3
#define PPPOL2TP_STATE_DATA 4
#define PPPOL2TP_CB_STATE_UP 0 /* PPPoL2TP link is UP */
#define PPPOL2TP_CB_STATE_DOWN 1 /* PPPo2TP link is DOWN - normal condition */
#define PPPOL2TP_CB_STATE_FAILED 2 /* Failed to setup PPPo2TP link */
#define PPPOL2TP_OUTPUT_DATA_HEADER_LEN 6 /* Our data header len */
/*
* PPPoL2TP interface control block.
*/
typedef struct pppol2tp_pcb_s pppol2tp_pcb;
struct pppol2tp_pcb_s {
ppp_pcb *ppp; /* PPP PCB */
u8_t phase; /* L2TP phase */
void (*link_status_cb)(ppp_pcb *pcb, int status);
struct udp_pcb *udp; /* UDP L2TP Socket */
struct netif *netif; /* Output interface, used as a default route */
ip_addr_t remote_ip; /* LNS IP Address */
u16_t remote_port; /* LNS port */
#if PPPOL2TP_AUTH_SUPPORT
u8_t *secret; /* Secret string */
u8_t secret_len; /* Secret string length */
u8_t secret_rv[16]; /* Random vector */
u8_t challenge_hash[16]; /* Challenge response */
u8_t send_challenge; /* Boolean whether the next sent packet should contains a challenge response */
#endif /* PPPOL2TP_AUTH_SUPPORT */
u16_t tunnel_port; /* Tunnel port */
u16_t our_ns; /* NS to peer */
u16_t peer_nr; /* NR from peer */
u16_t peer_ns; /* NS from peer */
u16_t source_tunnel_id; /* Tunnel ID assigned by peer */
u16_t remote_tunnel_id; /* Tunnel ID assigned to peer */
u16_t source_session_id; /* Session ID assigned by peer */
u16_t remote_session_id; /* Session ID assigned to peer */
u8_t sccrq_retried; /* number of SCCRQ retries already done */
u8_t icrq_retried; /* number of ICRQ retries already done */
u8_t iccn_retried; /* number of ICCN retries already done */
};
/* Create a new L2TP session. */
err_t pppol2tp_create(ppp_pcb *ppp, void (*link_status_cb)(ppp_pcb *pcb, int status), pppol2tp_pcb **l2tpptr,
struct netif *netif, ip_addr_t *ipaddr, u16_t port,
u8_t *secret, u8_t secret_len);
/* Destroy a L2TP control block */
err_t pppol2tp_destroy(pppol2tp_pcb *l2tp);
/* Be a LAC, connect to a LNS. */
err_t pppol2tp_connect(pppol2tp_pcb *l2tp);
/* Disconnect */
void pppol2tp_disconnect(pppol2tp_pcb *l2tp);
/* Data packet from PPP to L2TP */
err_t pppol2tp_xmit(pppol2tp_pcb *l2tp, struct pbuf *pb);
#endif /* PPPOL2TP_H_ */
#endif /* PPP_SUPPORT && PPPOL2TP_SUPPORT */

123
src/include/netif/ppp/upap.h Normal file
View File

@ -0,0 +1,123 @@
/*
* upap.h - User/Password Authentication Protocol definitions.
*
* Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The name "Carnegie Mellon University" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For permission or any legal
* details, please contact
* Office of Technology Transfer
* Carnegie Mellon University
* 5000 Forbes Avenue
* Pittsburgh, PA 15213-3890
* (412) 268-4387, fax: (412) 268-7395
* tech-transfer@andrew.cmu.edu
*
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Computing Services
* at Carnegie Mellon University (http://www.cmu.edu/computing/)."
*
* CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
* FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* $Id: upap.h,v 1.8 2002/12/04 23:03:33 paulus Exp $
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && PAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#ifndef UPAP_H
#define UPAP_H
#include "ppp.h"
/*
* Packet header = Code, id, length.
*/
#define UPAP_HEADERLEN 4
/*
* UPAP codes.
*/
#define UPAP_AUTHREQ 1 /* Authenticate-Request */
#define UPAP_AUTHACK 2 /* Authenticate-Ack */
#define UPAP_AUTHNAK 3 /* Authenticate-Nak */
/*
* Client states.
*/
#define UPAPCS_INITIAL 0 /* Connection down */
#define UPAPCS_CLOSED 1 /* Connection up, haven't requested auth */
#define UPAPCS_PENDING 2 /* Connection down, have requested auth */
#define UPAPCS_AUTHREQ 3 /* We've sent an Authenticate-Request */
#define UPAPCS_OPEN 4 /* We've received an Ack */
#define UPAPCS_BADAUTH 5 /* We've received a Nak */
/*
* Server states.
*/
#define UPAPSS_INITIAL 0 /* Connection down */
#define UPAPSS_CLOSED 1 /* Connection up, haven't requested auth */
#define UPAPSS_PENDING 2 /* Connection down, have requested auth */
#define UPAPSS_LISTEN 3 /* Listening for an Authenticate */
#define UPAPSS_OPEN 4 /* We've sent an Ack */
#define UPAPSS_BADAUTH 5 /* We've sent a Nak */
/*
* Timeouts.
*/
#if 0 /* moved to opt.h */
#define UPAP_DEFTIMEOUT 3 /* Timeout (seconds) for retransmitting req */
#define UPAP_DEFREQTIME 30 /* Time to wait for auth-req from peer */
#endif /* moved to opt.h */
/*
* Each interface is described by upap structure.
*/
#if PAP_SUPPORT
typedef struct upap_state {
char *us_user; /* User */
u8_t us_userlen; /* User length */
char *us_passwd; /* Password */
u8_t us_passwdlen; /* Password length */
u8_t us_clientstate; /* Client state */
#if PPP_SERVER
u8_t us_serverstate; /* Server state */
#endif /* PPP_SERVER */
u8_t us_id; /* Current id */
u8_t us_transmits; /* Number of auth-reqs sent */
} upap_state;
#endif /* PAP_SUPPORT */
void upap_authwithpeer(ppp_pcb *pcb, char *user, char *password);
#if PPP_SERVER
void upap_authpeer(ppp_pcb *pcb);
#endif /* PPP_SERVER */
extern const struct protent pap_protent;
#endif /* UPAP_H */
#endif /* PPP_SUPPORT && PAP_SUPPORT */

5
src/netif/ppp/vj.h → src/include/netif/ppp/vj.h
View File

@ -22,6 +22,9 @@
* - Initial distribution.
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && VJ_SUPPORT /* don't build if not configured for use in lwipopts.h */
#ifndef VJ_H
#define VJ_H
@ -154,3 +157,5 @@ extern int vj_uncompress_uncomp(struct pbuf *nb, struct vjcompress *comp);
extern int vj_uncompress_tcp (struct pbuf **nb, struct vjcompress *comp);
#endif /* VJ_H */
#endif /* PPP_SUPPORT && VJ_SUPPORT */

2
src/netif/etharp.c
View File

@ -58,7 +58,7 @@
#include "lwip/ip6.h"
#if PPPOE_SUPPORT
#include "netif/ppp_oe.h"
#include "netif/ppp/pppoe.h"
#endif /* PPPOE_SUPPORT */
#include <string.h>

2
src/netif/ethernetif.c
View File

@ -54,7 +54,7 @@
#include "lwip/snmp.h"
#include "lwip/ethip6.h"
#include "netif/etharp.h"
#include "netif/ppp_oe.h"
#include "netif/ppp/pppoe.h"
/* Define those to better describe your network interface. */
#define IFNAME0 'e'

314
src/netif/ppp/PPPD_FOLLOWUP Normal file
View File

@ -0,0 +1,314 @@
The lwIP PPP support is based from pppd 2.4.5 (http://ppp.samba.org) with
huge changes to match code size and memory requirements for embedded devices.
Anyway, pppd has a mature codebase for years and the average commit count
is getting low on their Git repositories, meaning that we can follow what
is happening on their side and merge what is relevant for lwIP.
So, here is the pppd follow up, so that we don't get away too far from pppd.
== Patch fetched from from pppd Debian packages ==
This has nothing to do with pppd, but we merged some good patch from
Debian and this is a good place to be.
- LCP adaptive echo, so that we don't send LCP echo request if we
are receiving data from peer, can be enabled by setting PPP_LCP_ADAPTIVE
to true.
- IPCP no/replace default route option, were added in the early stage of
the ppp port, but it wasn't really helpful and was disabled when adding
the new API ppp_set_default() call, which gives the lwIP user control over
which one is the default interface, it was actually a requirement if you
are doing PPP over PPP (i.e. PPPoL2TP, VPN link, over PPPoE, ADSL link).
- using rp-pppoe pppd exits with EXIT_OK after receiving a timeout waiting
for PADO due to no modem attached, bug reported to pppd bug tracker, fixed
in Debian but not in the latest (at the time when the port were started)
pppd release.
== Commits on pppd ==
2010-03-06 - Document +ipv6 and ipv6cp-accept-local
e7537958aee79b3f653c601e903cb31d78fb7dcc
Don't care.
2010-03-06 - Install pppol2tp plugins with sane permissions
406215672cfadc03017341fe03802d1c7294b903
Don't care.
2010-03-07 - pppd: Terminate correctly if lcp_lowerup delayed calling
fsm_lowerup
3eb9e810cfa515543655659b72dde30c54fea0a5
Merged 2012-05-17.
2010-03-07 - rp_pppoe: Copy acName and pppd_pppoe_service after option parsing
cab58617fd9d328029fffabc788020264b4fa91f
Don't care, is a patch for pppd/plugins/rp-pppoe/plugin.c which is not part
of the port.
2010-08-23 - set and reset options to control environment variables
for scripts.
2b6310fd24dba8e0fca8999916a162f0a1842a84
We can't fork processes in embedded, therefore all the pppd process run
feature is disabled in the port, so we don't care about the new
"environment variables" pppd feature.
2010-08-23 - Nit: use _exit when exec fails and restrict values to 0-255
per POSIX.
2b4ea140432eeba5a007c0d4e6236bd0e0c12ba4
Again, we are not running as a heavy process, so all exit() or _exit() calls
were removed.
2010-08-23 - Fix quote handling in configuration files to be more like shell
quoting.
3089132cdf5b58dbdfc2daf08ec5c08eb47f8aca
We are not parsing config file, all the filesystem I/O stuff were disabled
in our port.
2010-08-24 - rp-pppoe: allow MTU to be increased up to 1500
fd1dcdf758418f040da3ed801ab001b5e46854e7
Only concern changes on RP-PPPoE plugin, which we don't use.
2010-09-11 - chat: Allow TIMEOUT value to come from environment variable
ae80bf833e48a6202f44a935a68083ae52ad3824
See 2b6310fd24dba8e0fca8999916a162f0a1842a84.
2011-03-05 - pppdump: Fix printfs with insufficient arguments
7b8db569642c83ba3283745034f2e2c95e459423
pppdump is a ppp tool outside pppd source tree.
2012-05-06 - pppd: Don't unconditionally disable VJ compression under Linux
d8a66adf98a0e525cf38031b42098d539da6eeb6
Patch for sys-linux.c, which we don't use.
2012-05-20 - Remove old version of Linux if_pppol2tp.h
c41092dd4c49267f232f6cba3d31c6c68bfdf68d
Not in the port.
2012-05-20 - pppd: Make MSCHAP-v2 cope better with packet loss
08ef47ca532294eb428238c831616748940e24a2
This is an interesting patch. However it consumes much more memory for
MSCHAP and I am not sure if the benefit worth it. The PPP client can
always start the authentication again if it failed for whatever reason.
2012-05-20 - scripts: Make poff ignore extra arguments to pppd
18f515f32c9f5723a9c2c912601e04335106534b
Again, we are not running scripts.
2012-05-20 - rp-pppoe plugin: Print leading zeros in MAC address
f5dda0cfc220c4b52e26144096d729e27b30f0f7
Again, we are not using the RP-PPPoE plugin.
2012-05-20 - pppd: Notify IPv6 up/down as we do for IPv4
845cda8fa18939cf56e60b073f63a7efa65336fc
This is just a patch that adds plugins hooks for IPv6, the plugin interface
was disabled because we don't have .so plugins in embedded.
2012-05-20 - pppd: Enable IPV6 by default and fix some warnings
0b6118239615e98959f7e0b4e746bdd197533248
Change on Makefile for IPv6, warnings were already cleared during port.
2012-05-20 - contrib: Fix pppgetpass.gtk compilation
80a8e2ce257ca12cce723519a0f20ea1d663b14a
Change on Makefile, don't care.
2012-05-20 - pppd: Don't crash if crypt() returns NULL
04c4348108d847e034dd91066cc6843f60d71731
We are using the PolarSSL DES implementation that does not return NULL.
2012-05-20 - pppd: Eliminate some warnings
c44ae5e6a7338c96eb463881fe709b2dfaffe568
Again, we are handling compilation warnings on our own.
2012-05-20 - rp-pppoe plugin: Import some fixes from rp-pppoe-3.10
1817d83e51a411044e730ba89ebdb0480e1c8cd4
Once more, we are not using the RP-PPPoE plugin.
2013-01-23 - pppd: Clarify circumstances where DNS1/DNS2 environment variables are set
cf2f5c9538b9400ade23446a194729b0a4113b3a
Documentation only.
2013-02-03 - ppp: ignore unrecognised radiusclient configuration directives
7f736dde0da3c19855997d9e67370e351e15e923
Radius plugin, not in the port.
2013-02-03 - pppd: Take out unused %r conversion completely
356d8d558d844412119aa18c8e5a113bc6459c7b
Merged 2014-04-15.
2013-02-03 - pppd: Arrange to use logwtmp from libutil on Linux
9617a7eb137f4fee62799a677a9ecf8d834db3f5
Patch for sys-linux.c, which we don't use.
2013-02-03 - pppdump: Eliminate some compiler warnings
3e3acf1ba2b3046c072a42c19164788a9e419bd1
pppdump is a ppp tool outside pppd source tree.
2013-02-03 - chat: Correct spelling errors in the man page
8dea1b969d266ccbf6f3a8c5474eb6dcd8838e3b
Documentation only.
2013-02-03 - pppd: Fix spelling errors in man page
9e05a25d76b3f83096c661678010320df673df6b
Documentation only.
2013-02-03 - plugins/passprompt: Fix potential out-of-bounds array reference
8edb889b753056a691a3e4b217a110a35f9fdedb
Plugin patch, we do not have plugins.
2013-02-03 - chat: Fix *roff errors in the man page
a7c3489eeaf44e83ce592143c7c8a5b5c29f4c48
Documentation only.
2013-03-02 - pppd: Fix man page description of case when remote IP address isn't known
224841f4799f4f1e2e71bc490c54448d66740f4f
Documentation only.
2013-03-02 - pppd: Add master_detach option
398ed2585640d198c53e736ee5bbd67f7ce8168e
Option for multilink support, we do not support multilink and this option
is about detaching from the terminal, which is out of the embedded scope.
2013-03-11 - pppd: Default exit status to EXIT_CONNECT_FAILED during connection phase
225361d64ae737afdc8cb57579a2f33525461bc9
Commented out in our port, and already fixed by a previously applied Debian patch.
2013-03-11 - pppstats: Fix undefined macro in man page
d16a3985eade5280b8e171f5dd0670a91cba0d39
Documentation only.
2013-05-11 - plugins/radius: Handle bindaddr keyword in radiusclient.conf
d883b2dbafeed3ebd9d7a56ab1469373bd001a3b
Radius plugin, not in the port.
2013-06-09 - pppoatm: Remove explicit loading of pppoatm kernel module
52cd43a84bea524033b918b603698104f221bbb7
PPPoATM plugin, not in the port.
2013-06-09 - pppd: Fix segfault in update_db_entry()
37476164f15a45015310b9d4b197c2d7db1f7f8f
We do not use the samba db.
2013-06-09 - chat: Fix some text that was intended to be literal
cd9683676618adcee8add2c3cfa3382341b5a1f6
Documentation only.
2013-06-09 - README.pppoe: Minor semantic fix
b5b8898af6fd3d44e873cfc66810ace5f1f47e17
Documentation only.
2013-06-10 - radius: Handle additional attributes
2f581cd986a56f2ec4a95abad4f8297a1b10d7e2
Radius plugin, not in the port.
2013-06-10 - chat, pppd: Use \e instead of \\ in man pages
8d6942415d22f6ca4377340ca26e345c3f5fa5db
Documentation only.
2014-01-02 - pppd: Don't crash if NULL pointer passed to vslprintf for %q or %v
906814431bddeb2061825fa1ebad1a967b6d87a9
Merged 2014-04-15.
2014-01-02 - pppd: Accept IPCP ConfAck packets containing MS-WINS options
a243f217f1c6ac1aa7793806bc88590d077f490a
Merged 2014-04-15.
2014-01-02 - config: Update Solaris compiler options and enable CHAPMS and IPV6
99c46caaed01b7edba87962aa52b77fad61bfd7b
Solaris port, don't care.
2014-01-02 - Update README and patchlevel for 2.4.6 release
4043750fca36e7e0eb90d702e048ad1da4929418
Just release stuff.

3041
src/netif/ppp/auth.c
View File

File diff suppressed because it is too large Load Diff

111
src/netif/ppp/auth.h
View File

@ -1,111 +0,0 @@
/*****************************************************************************
* auth.h - PPP Authentication and phase control header file.
*
* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
* portions Copyright (c) 1998 Global Election Systems Inc.
*
* The authors hereby grant permission to use, copy, modify, distribute,
* and license this software and its documentation for any purpose, provided
* that existing copyright notices are retained in all copies and that this
* notice and the following disclaimer are included verbatim in any
* distributions. No written agreement, license, or royalty fee is required
* for any of the authorized uses.
*
* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
******************************************************************************
* REVISION HISTORY
*
* 03-01-01 Marc Boucher <marc@mbsi.ca>
* Ported to lwIP.
* 97-12-04 Guy Lancaster <lancasterg@acm.org>, Global Election Systems Inc.
* Original derived from BSD pppd.h.
*****************************************************************************/
/*
* pppd.h - PPP daemon global declarations.
*
* Copyright (c) 1989 Carnegie Mellon University.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that the above copyright notice and this paragraph are
* duplicated in all such forms and that any documentation,
* advertising materials, and other materials related to such
* distribution and use acknowledge that the software was developed
* by Carnegie Mellon University. The name of the
* University may not be used to endorse or promote products derived
* from this software without specific prior written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
*/
#ifndef AUTH_H
#define AUTH_H
/***********************
*** PUBLIC FUNCTIONS ***
***********************/
/* we are starting to use the link */
void link_required (int);
/* we are finished with the link */
void link_terminated (int);
/* the LCP layer has left the Opened state */
void link_down (int);
/* the link is up; authenticate now */
void link_established (int);
/* a network protocol has come up */
void np_up (int, u16_t);
/* a network protocol has gone down */
void np_down (int, u16_t);
/* a network protocol no longer needs link */
void np_finished (int, u16_t);
/* peer failed to authenticate itself */
void auth_peer_fail (int, u16_t);
/* peer successfully authenticated itself */
void auth_peer_success (int, u16_t, char *, int);
/* we failed to authenticate ourselves */
void auth_withpeer_fail (int, u16_t);
/* we successfully authenticated ourselves */
void auth_withpeer_success (int, u16_t);
/* check authentication options supplied */
void auth_check_options (void);
/* check what secrets we have */
void auth_reset (int);
/* Check peer-supplied username/password */
u_char check_passwd (int, char *, int, char *, int, char **, int *);
/* get "secret" for chap */
int get_secret (int, char *, char *, char *, int *, int);
/* check if IP address is authorized */
int auth_ip_addr (int, u32_t);
/* check if IP address is unreasonable */
int bad_ip_adrs (u32_t);
#endif /* AUTH_H */

1694
src/netif/ppp/ccp.c Normal file
View File

File diff suppressed because it is too large Load Diff

121
src/netif/ppp/chap-md5.c Normal file
View File

@ -0,0 +1,121 @@
/*
* chap-md5.c - New CHAP/MD5 implementation.
*
* Copyright (c) 2003 Paul Mackerras. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. The name(s) of the authors of this software must not be used to
* endorse or promote products derived from this software without
* prior written permission.
*
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
* <paulus@samba.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
* SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && CHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#if 0 /* UNUSED */
#include <stdlib.h>
#include <string.h>
#endif /* UNUSED */
#include "netif/ppp/ppp_impl.h"
#include "netif/ppp/chap-new.h"
#include "netif/ppp/chap-md5.h"
#include "netif/ppp/magic.h"
#if LWIP_INCLUDED_POLARSSL_MD5
#include "netif/ppp/polarssl/md5.h"
#else
#include "polarssl/md5.h"
#endif
#define MD5_HASH_SIZE 16
#define MD5_MIN_CHALLENGE 16
#define MD5_MAX_CHALLENGE 24
#if PPP_SERVER
static void chap_md5_generate_challenge(unsigned char *cp) {
int clen;
clen = (int)(drand48() * (MD5_MAX_CHALLENGE - MD5_MIN_CHALLENGE))
+ MD5_MIN_CHALLENGE;
*cp++ = clen;
random_bytes(cp, clen);
}
static int chap_md5_verify_response(int id, char *name,
unsigned char *secret, int secret_len,
unsigned char *challenge, unsigned char *response,
char *message, int message_space) {
md5_context ctx;
unsigned char idbyte = id;
unsigned char hash[MD5_HASH_SIZE];
int challenge_len, response_len;
challenge_len = *challenge++;
response_len = *response++;
if (response_len == MD5_HASH_SIZE) {
/* Generate hash of ID, secret, challenge */
md5_starts(&ctx);
md5_update(&ctx, &idbyte, 1);
md5_update(&ctx, secret, secret_len);
md5_update(&ctx, challenge, challenge_len);
md5_finish(&ctx, hash);
/* Test if our hash matches the peer's response */
if (memcmp(hash, response, MD5_HASH_SIZE) == 0) {
ppp_slprintf(message, message_space, "Access granted");
return 1;
}
}
ppp_slprintf(message, message_space, "Access denied");
return 0;
}
#endif /* PPP_SERVER */
static void chap_md5_make_response(unsigned char *response, int id, char *our_name,
unsigned char *challenge, char *secret, int secret_len,
unsigned char *private) {
md5_context ctx;
unsigned char idbyte = id;
int challenge_len = *challenge++;
md5_starts(&ctx);
md5_update(&ctx, &idbyte, 1);
md5_update(&ctx, (u_char *)secret, secret_len);
md5_update(&ctx, challenge, challenge_len);
md5_finish(&ctx, &response[1]);
response[0] = MD5_HASH_SIZE;
}
const struct chap_digest_type md5_digest = {
CHAP_MD5, /* code */
#if PPP_SERVER
chap_md5_generate_challenge,
chap_md5_verify_response,
#endif /* PPP_SERVER */
chap_md5_make_response,
NULL, /* check_success */
NULL, /* handle_failure */
};
#endif /* PPP_SUPPORT && CHAP_SUPPORT */

662
src/netif/ppp/chap-new.c Normal file
View File

@ -0,0 +1,662 @@
/*
* chap-new.c - New CHAP implementation.
*
* Copyright (c) 2003 Paul Mackerras. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. The name(s) of the authors of this software must not be used to
* endorse or promote products derived from this software without
* prior written permission.
*
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
* <paulus@samba.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
* SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && CHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#if 0 /* UNUSED */
#include <stdlib.h>
#include <string.h>
#endif /* UNUSED */
#include "netif/ppp/ppp_impl.h"
#if 0 /* UNUSED */
#include "session.h"
#endif /* UNUSED */
#include "netif/ppp/chap-new.h"
#include "netif/ppp/chap-md5.h"
#if MSCHAP_SUPPORT
#include "netif/ppp/chap_ms.h"
#endif
/* Hook for a plugin to validate CHAP challenge */
int (*chap_verify_hook)(char *name, char *ourname, int id,
const struct chap_digest_type *digest,
unsigned char *challenge, unsigned char *response,
char *message, int message_space) = NULL;
#if PPP_OPTIONS
/*
* Command-line options.
*/
static option_t chap_option_list[] = {
{ "chap-restart", o_int, &chap_timeout_time,
"Set timeout for CHAP", OPT_PRIO },
{ "chap-max-challenge", o_int, &pcb->settings.chap_max_transmits,
"Set max #xmits for challenge", OPT_PRIO },
{ "chap-interval", o_int, &pcb->settings.chap_rechallenge_time,
"Set interval for rechallenge", OPT_PRIO },
{ NULL }
};
#endif /* PPP_OPTIONS */
/* Values for flags in chap_client_state and chap_server_state */
#define LOWERUP 1
#define AUTH_STARTED 2
#define AUTH_DONE 4
#define AUTH_FAILED 8
#define TIMEOUT_PENDING 0x10
#define CHALLENGE_VALID 0x20
/*
* Prototypes.
*/
static void chap_init(ppp_pcb *pcb);
static void chap_lowerup(ppp_pcb *pcb);
static void chap_lowerdown(ppp_pcb *pcb);
#if PPP_SERVER
static void chap_timeout(void *arg);
static void chap_generate_challenge(ppp_pcb *pcb);
static void chap_handle_response(ppp_pcb *pcb, int code,
unsigned char *pkt, int len);
static int chap_verify_response(char *name, char *ourname, int id,
const struct chap_digest_type *digest,
unsigned char *challenge, unsigned char *response,
char *message, int message_space);
#endif /* PPP_SERVER */
static void chap_respond(ppp_pcb *pcb, int id,
unsigned char *pkt, int len);
static void chap_handle_status(ppp_pcb *pcb, int code, int id,
unsigned char *pkt, int len);
static void chap_protrej(ppp_pcb *pcb);
static void chap_input(ppp_pcb *pcb, unsigned char *pkt, int pktlen);
#if PRINTPKT_SUPPORT
static int chap_print_pkt(unsigned char *p, int plen,
void (*printer) (void *, char *, ...), void *arg);
#endif /* PRINTPKT_SUPPORT */
/* List of digest types that we know about */
const static struct chap_digest_type* const chap_digests[] = {
&md5_digest,
#if MSCHAP_SUPPORT
&chapms_digest,
&chapms2_digest,
#endif /* MSCHAP_SUPPORT */
NULL
};
/*
* chap_init - reset to initial state.
*/
static void chap_init(ppp_pcb *pcb) {
memset(&pcb->chap_client, 0, sizeof(chap_client_state));
#if PPP_SERVER
memset(&pcb->chap_server, 0, sizeof(chap_server_state));
#endif /* PPP_SERVER */
}
/*
* chap_lowerup - we can start doing stuff now.
*/
static void chap_lowerup(ppp_pcb *pcb) {
pcb->chap_client.flags |= LOWERUP;
#if PPP_SERVER
pcb->chap_server.flags |= LOWERUP;
if (pcb->chap_server.flags & AUTH_STARTED)
chap_timeout(pcb);
#endif /* PPP_SERVER */
}
static void chap_lowerdown(ppp_pcb *pcb) {
pcb->chap_client.flags = 0;
#if PPP_SERVER
if (pcb->chap_server.flags & TIMEOUT_PENDING)
UNTIMEOUT(chap_timeout, pcb);
pcb->chap_server.flags = 0;
#endif /* PPP_SERVER */
}
#if PPP_SERVER
/*
* chap_auth_peer - Start authenticating the peer.
* If the lower layer is already up, we start sending challenges,
* otherwise we wait for the lower layer to come up.
*/
void chap_auth_peer(ppp_pcb *pcb, char *our_name, int digest_code) {
struct chap_server_state *ss = &pcb->chap_server;
const struct chap_digest_type *dp;
int i;
if (pcb->chap_server.flags & AUTH_STARTED) {
ppp_error("CHAP: peer authentication already started!");
return;
}
for (i = 0; (dp = chap_digests[i]) != NULL; ++i)
if (dp->code == digest_code)
break;
if (dp == NULL)
ppp_fatal("CHAP digest 0x%x requested but not available",
digest_code);
pcb->chap_server.digest = dp;
pcb->chap_server.name = our_name;
/* Start with a random ID value */
pcb->chap_server.id = (unsigned char)(drand48() * 256);
pcb->chap_server.flags |= AUTH_STARTED;
if (pcb->chap_server.flags & LOWERUP)
chap_timeout(ss);
}
#endif /* PPP_SERVER */
/*
* chap_auth_with_peer - Prepare to authenticate ourselves to the peer.
* There isn't much to do until we receive a challenge.
*/
void chap_auth_with_peer(ppp_pcb *pcb, char *our_name, int digest_code) {
const struct chap_digest_type *dp;
int i;
if(NULL == our_name)
return;
if (pcb->chap_client.flags & AUTH_STARTED) {
ppp_error("CHAP: authentication with peer already started!");
return;
}
for (i = 0; (dp = chap_digests[i]) != NULL; ++i)
if (dp->code == digest_code)
break;
if (dp == NULL)
ppp_fatal("CHAP digest 0x%x requested but not available",
digest_code);
pcb->chap_client.digest = dp;
pcb->chap_client.name = our_name;
pcb->chap_client.flags |= AUTH_STARTED;
}
#if PPP_SERVER
/*
* chap_timeout - It's time to send another challenge to the peer.
* This could be either a retransmission of a previous challenge,
* or a new challenge to start re-authentication.
*/
static void chap_timeout(void *arg) {
ppp_pcb *pcb = (ppp_pcb*)arg;
struct pbuf *p;
pcb->chap_server.flags &= ~TIMEOUT_PENDING;
if ((pcb->chap_server.flags & CHALLENGE_VALID) == 0) {
pcb->chap_server.challenge_xmits = 0;
chap_generate_challenge(pcb);
pcb->chap_server.flags |= CHALLENGE_VALID;
} else if (pcb->chap_server.challenge_xmits >= pcb->settings.chap_max_transmits) {
pcb->chap_server.flags &= ~CHALLENGE_VALID;
pcb->chap_server.flags |= AUTH_DONE | AUTH_FAILED;
auth_peer_fail(pcb, PPP_CHAP);
return;
}
p = pbuf_alloc(PBUF_RAW, (u16_t)(pcb->chap_server.challenge_pktlen), PPP_CTRL_PBUF_TYPE);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
MEMCPY(p->payload, pcb->chap_server.challenge, pcb->chap_server.challenge_pktlen);
ppp_write(pcb, p);
++pcb->chap_server.challenge_xmits;
pcb->chap_server.flags |= TIMEOUT_PENDING;
TIMEOUT(chap_timeout, arg, pcb->settings.chap_timeout_time);
}
/*
* chap_generate_challenge - generate a challenge string and format
* the challenge packet in pcb->chap_server.challenge_pkt.
*/
static void chap_generate_challenge(ppp_pcb *pcb) {
int clen = 1, nlen, len;
unsigned char *p;
p = pcb->chap_server.challenge;
MAKEHEADER(p, PPP_CHAP);
p += CHAP_HDRLEN;
pcb->chap_server.digest->generate_challenge(p);
clen = *p;
nlen = strlen(pcb->chap_server.name);
memcpy(p + 1 + clen, pcb->chap_server.name, nlen);
len = CHAP_HDRLEN + 1 + clen + nlen;
pcb->chap_server.challenge_pktlen = PPP_HDRLEN + len;
p = pcb->chap_server.challenge + PPP_HDRLEN;
p[0] = CHAP_CHALLENGE;
p[1] = ++pcb->chap_server.id;
p[2] = len >> 8;
p[3] = len;
}
/*
* chap_handle_response - check the response to our challenge.
*/
static void chap_handle_response(ppp_pcb *pcb, int id,
unsigned char *pkt, int len) {
int response_len, ok, mlen;
unsigned char *response, *outp;
struct pbuf *p;
char *name = NULL; /* initialized to shut gcc up */
int (*verifier)(char *, char *, int, const struct chap_digest_type *,
unsigned char *, unsigned char *, char *, int);
char rname[MAXNAMELEN+1];
if ((pcb->chap_server.flags & LOWERUP) == 0)
return;
if (id != pcb->chap_server.challenge[PPP_HDRLEN+1] || len < 2)
return;
if (pcb->chap_server.flags & CHALLENGE_VALID) {
response = pkt;
GETCHAR(response_len, pkt);
len -= response_len + 1; /* length of name */
name = (char *)pkt + response_len;
if (len < 0)
return;
if (pcb->chap_server.flags & TIMEOUT_PENDING) {
pcb->chap_server.flags &= ~TIMEOUT_PENDING;
UNTIMEOUT(chap_timeout, pcb);
}
#if PPP_REMOTENAME
if (pcb->settings.explicit_remote) {
name = pcb->remote_name;
} else
#endif /* PPP_REMOTENAME */
{
/* Null terminate and clean remote name. */
ppp_slprintf(rname, sizeof(rname), "%.*v", len, name);
name = rname;
}
if (chap_verify_hook)
verifier = chap_verify_hook;
else
verifier = chap_verify_response;
ok = (*verifier)(name, pcb->chap_server.name, id, pcb->chap_server.digest,
pcb->chap_server.challenge + PPP_HDRLEN + CHAP_HDRLEN,
response, pcb->chap_server.message, sizeof(pcb->chap_server.message));
#if 0 /* UNUSED */
if (!ok || !auth_number()) {
#endif /* UNUSED */
if (!ok) {
pcb->chap_server.flags |= AUTH_FAILED;
ppp_warn("Peer %q failed CHAP authentication", name);
}
} else if ((pcb->chap_server.flags & AUTH_DONE) == 0)
return;
/* send the response */
mlen = strlen(pcb->chap_server.message);
len = CHAP_HDRLEN + mlen;
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN +len), PPP_CTRL_PBUF_TYPE);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
outp = p->payload;
MAKEHEADER(outp, PPP_CHAP);
outp[0] = (pcb->chap_server.flags & AUTH_FAILED)? CHAP_FAILURE: CHAP_SUCCESS;
outp[1] = id;
outp[2] = len >> 8;
outp[3] = len;
if (mlen > 0)
memcpy(outp + CHAP_HDRLEN, pcb->chap_server.message, mlen);
ppp_write(pcb, p);
if (pcb->chap_server.flags & CHALLENGE_VALID) {
pcb->chap_server.flags &= ~CHALLENGE_VALID;
if (!(pcb->chap_server.flags & AUTH_DONE) && !(pcb->chap_server.flags & AUTH_FAILED)) {
#if 0 /* UNUSED */
/*
* Auth is OK, so now we need to check session restrictions
* to ensure everything is OK, but only if we used a
* plugin, and only if we're configured to check. This
* allows us to do PAM checks on PPP servers that
* authenticate against ActiveDirectory, and use AD for
* account info (like when using Winbind integrated with
* PAM).
*/
if (session_mgmt &&
session_check(name, NULL, devnam, NULL) == 0) {
pcb->chap_server.flags |= AUTH_FAILED;
ppp_warn("Peer %q failed CHAP Session verification", name);
}
#endif /* UNUSED */
}
if (pcb->chap_server.flags & AUTH_FAILED) {
auth_peer_fail(pcb, PPP_CHAP);
} else {
if ((pcb->chap_server.flags & AUTH_DONE) == 0)
auth_peer_success(pcb, PPP_CHAP,
pcb->chap_server.digest->code,
name, strlen(name));
if (pcb->settings.chap_rechallenge_time) {
pcb->chap_server.flags |= TIMEOUT_PENDING;
TIMEOUT(chap_timeout, pcb,
pcb->settings.chap_rechallenge_time);
}
}
pcb->chap_server.flags |= AUTH_DONE;
}
}
/*
* chap_verify_response - check whether the peer's response matches
* what we think it should be. Returns 1 if it does (authentication
* succeeded), or 0 if it doesn't.
*/
static int chap_verify_response(char *name, char *ourname, int id,
const struct chap_digest_type *digest,
unsigned char *challenge, unsigned char *response,
char *message, int message_space) {
int ok;
unsigned char secret[MAXSECRETLEN];
int secret_len;
/* FIXME: we need a way to check peer secret */
#if 0
/* Get the secret that the peer is supposed to know */
if (!get_secret(pcb, name, ourname, (char *)secret, &secret_len, 1)) {
ppp_error("No CHAP secret found for authenticating %q", name);
return 0;
}
#endif
ok = digest->verify_response(id, name, secret, secret_len, challenge,
response, message, message_space);
memset(secret, 0, sizeof(secret));
return ok;
}
#endif /* PPP_SERVER */
/*
* chap_respond - Generate and send a response to a challenge.
*/
static void chap_respond(ppp_pcb *pcb, int id,
unsigned char *pkt, int len) {
int clen, nlen;
int secret_len;
struct pbuf *p;
u_char *outp;
char rname[MAXNAMELEN+1];
char secret[MAXSECRETLEN+1];
p = pbuf_alloc(PBUF_RAW, (u16_t)(RESP_MAX_PKTLEN), PPP_CTRL_PBUF_TYPE);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
if ((pcb->chap_client.flags & (LOWERUP | AUTH_STARTED)) != (LOWERUP | AUTH_STARTED))
return; /* not ready */
if (len < 2 || len < pkt[0] + 1)
return; /* too short */
clen = pkt[0];
nlen = len - (clen + 1);
/* Null terminate and clean remote name. */
ppp_slprintf(rname, sizeof(rname), "%.*v", nlen, pkt + clen + 1);
#if PPP_REMOTENAME
/* Microsoft doesn't send their name back in the PPP packet */
if (pcb->settings.explicit_remote || (pcb->settings.remote_name[0] != 0 && rname[0] == 0))
strlcpy(rname, pcb->settings.remote_name, sizeof(rname));
#endif /* PPP_REMOTENAME */
/* get secret for authenticating ourselves with the specified host */
if (!get_secret(pcb, pcb->chap_client.name, rname, secret, &secret_len, 0)) {
secret_len = 0; /* assume null secret if can't find one */
ppp_warn("No CHAP secret found for authenticating us to %q", rname);
}
outp = p->payload;
MAKEHEADER(outp, PPP_CHAP);
outp += CHAP_HDRLEN;
pcb->chap_client.digest->make_response(outp, id, pcb->chap_client.name, pkt,
secret, secret_len, pcb->chap_client.priv);
memset(secret, 0, secret_len);
clen = *outp;
nlen = strlen(pcb->chap_client.name);
memcpy(outp + clen + 1, pcb->chap_client.name, nlen);
outp = (u_char*)p->payload + PPP_HDRLEN;
len = CHAP_HDRLEN + clen + 1 + nlen;
outp[0] = CHAP_RESPONSE;
outp[1] = id;
outp[2] = len >> 8;
outp[3] = len;
pbuf_realloc(p, PPP_HDRLEN + len);
ppp_write(pcb, p);
}
static void chap_handle_status(ppp_pcb *pcb, int code, int id,
unsigned char *pkt, int len) {
const char *msg = NULL;
if ((pcb->chap_client.flags & (AUTH_DONE|AUTH_STARTED|LOWERUP))
!= (AUTH_STARTED|LOWERUP))
return;
pcb->chap_client.flags |= AUTH_DONE;
if (code == CHAP_SUCCESS) {
/* used for MS-CHAP v2 mutual auth, yuck */
if (pcb->chap_client.digest->check_success != NULL) {
if (!(*pcb->chap_client.digest->check_success)(pkt, len, pcb->chap_client.priv))
code = CHAP_FAILURE;
} else
msg = "CHAP authentication succeeded";
} else {
if (pcb->chap_client.digest->handle_failure != NULL)
(*pcb->chap_client.digest->handle_failure)(pkt, len);
else
msg = "CHAP authentication failed";
}
if (msg) {
if (len > 0)
ppp_info("%s: %.*v", msg, len, pkt);
else
ppp_info("%s", msg);
}
if (code == CHAP_SUCCESS)
auth_withpeer_success(pcb, PPP_CHAP, pcb->chap_client.digest->code);
else {
pcb->chap_client.flags |= AUTH_FAILED;
ppp_error("CHAP authentication failed");
auth_withpeer_fail(pcb, PPP_CHAP);
}
}
static void chap_input(ppp_pcb *pcb, unsigned char *pkt, int pktlen) {
unsigned char code, id;
int len;
if (pktlen < CHAP_HDRLEN)
return;
GETCHAR(code, pkt);
GETCHAR(id, pkt);
GETSHORT(len, pkt);
if (len < CHAP_HDRLEN || len > pktlen)
return;
len -= CHAP_HDRLEN;
switch (code) {
case CHAP_CHALLENGE:
chap_respond(pcb, id, pkt, len);
break;
#if PPP_SERVER
case CHAP_RESPONSE:
chap_handle_response(pcb, id, pkt, len);
break;
#endif /* PPP_SERVER */
case CHAP_FAILURE:
case CHAP_SUCCESS:
chap_handle_status(pcb, code, id, pkt, len);
break;
}
}
static void chap_protrej(ppp_pcb *pcb) {
#if PPP_SERVER
if (pcb->chap_server.flags & TIMEOUT_PENDING) {
pcb->chap_server.flags &= ~TIMEOUT_PENDING;
UNTIMEOUT(chap_timeout, pcb);
}
if (pcb->chap_server.flags & AUTH_STARTED) {
pcb->chap_server.flags = 0;
auth_peer_fail(pcb, PPP_CHAP);
}
#endif /* PPP_SERVER */
if ((pcb->chap_client.flags & (AUTH_STARTED|AUTH_DONE)) == AUTH_STARTED) {
pcb->chap_client.flags &= ~AUTH_STARTED;
ppp_error("CHAP authentication failed due to protocol-reject");
auth_withpeer_fail(pcb, PPP_CHAP);
}
}
#if PRINTPKT_SUPPORT
/*
* chap_print_pkt - print the contents of a CHAP packet.
*/
static char *chap_code_names[] = {
"Challenge", "Response", "Success", "Failure"
};
static int chap_print_pkt(unsigned char *p, int plen,
void (*printer) (void *, char *, ...), void *arg) {
int code, id, len;
int clen, nlen;
unsigned char x;
if (plen < CHAP_HDRLEN)
return 0;
GETCHAR(code, p);
GETCHAR(id, p);
GETSHORT(len, p);
if (len < CHAP_HDRLEN || len > plen)
return 0;
if (code >= 1 && code <= sizeof(chap_code_names) / sizeof(char *))
printer(arg, " %s", chap_code_names[code-1]);
else
printer(arg, " code=0x%x", code);
printer(arg, " id=0x%x", id);
len -= CHAP_HDRLEN;
switch (code) {
case CHAP_CHALLENGE:
case CHAP_RESPONSE:
if (len < 1)
break;
clen = p[0];
if (len < clen + 1)
break;
++p;
nlen = len - clen - 1;
printer(arg, " <");
for (; clen > 0; --clen) {
GETCHAR(x, p);
printer(arg, "%.2x", x);
}
printer(arg, ">, name = ");
ppp_print_string((char *)p, nlen, printer, arg);
break;
case CHAP_FAILURE:
case CHAP_SUCCESS:
printer(arg, " ");
ppp_print_string((char *)p, len, printer, arg);
break;
default:
for (clen = len; clen > 0; --clen) {
GETCHAR(x, p);
printer(arg, " %.2x", x);
}
/* no break */
}
return len + CHAP_HDRLEN;
}
#endif /* PRINTPKT_SUPPORT */
const struct protent chap_protent = {
PPP_CHAP,
chap_init,
chap_input,
chap_protrej,
chap_lowerup,
chap_lowerdown,
NULL, /* open */
NULL, /* close */
#if PRINTPKT_SUPPORT
chap_print_pkt,
#endif /* PRINTPKT_SUPPORT */
NULL, /* datainput */
1, /* enabled_flag */
#if PRINTPKT_SUPPORT
"CHAP", /* name */
NULL, /* data_name */
#endif /* PRINTPKT_SUPPORT */
#if PPP_OPTIONS
chap_option_list,
NULL, /* check_options */
#endif /* PPP_OPTIONS */
#if DEMAND_SUPPORT
NULL,
NULL
#endif /* DEMAND_SUPPORT */
};
#endif /* PPP_SUPPORT && CHAP_SUPPORT */

908
src/netif/ppp/chap.c
View File

@ -1,908 +0,0 @@
/*** WARNING - THIS HAS NEVER BEEN FINISHED ***/
/*****************************************************************************
* chap.c - Network Challenge Handshake Authentication Protocol program file.
*
* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
* portions Copyright (c) 1997 by Global Election Systems Inc.
*
* The authors hereby grant permission to use, copy, modify, distribute,
* and license this software and its documentation for any purpose, provided
* that existing copyright notices are retained in all copies and that this
* notice and the following disclaimer are included verbatim in any
* distributions. No written agreement, license, or royalty fee is required
* for any of the authorized uses.
*
* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
******************************************************************************
* REVISION HISTORY
*
* 03-01-01 Marc Boucher <marc@mbsi.ca>
* Ported to lwIP.
* 97-12-04 Guy Lancaster <lancasterg@acm.org>, Global Election Systems Inc.
* Original based on BSD chap.c.
*****************************************************************************/
/*
* chap.c - Challenge Handshake Authentication Protocol.
*
* Copyright (c) 1993 The Australian National University.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that the above copyright notice and this paragraph are
* duplicated in all such forms and that any documentation,
* advertising materials, and other materials related to such
* distribution and use acknowledge that the software was developed
* by the Australian National University. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* Copyright (c) 1991 Gregory M. Christy.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that the above copyright notice and this paragraph are
* duplicated in all such forms and that any documentation,
* advertising materials, and other materials related to such
* distribution and use acknowledge that the software was developed
* by Gregory M. Christy. The name of the author may not be used to
* endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
#include "lwip/opt.h"
#if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#if CHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#include "ppp_impl.h"
#include "pppdebug.h"
#include "magic.h"
#include "randm.h"
#include "auth.h"
#include "md5.h"
#include "chap.h"
#include "chpms.h"
#include <string.h>
#if 0 /* UNUSED */
/*
* Command-line options.
*/
static option_t chap_option_list[] = {
{ "chap-restart", o_int, &chap[0].timeouttime,
"Set timeout for CHAP" },
{ "chap-max-challenge", o_int, &chap[0].max_transmits,
"Set max #xmits for challenge" },
{ "chap-interval", o_int, &chap[0].chal_interval,
"Set interval for rechallenge" },
#ifdef MSLANMAN
{ "ms-lanman", o_bool, &ms_lanman,
"Use LanMan passwd when using MS-CHAP", 1 },
#endif
{ NULL }
};
#endif /* UNUSED */
/*
* Protocol entry points.
*/
static void ChapInit (int);
static void ChapLowerUp (int);
static void ChapLowerDown (int);
static void ChapInput (int, u_char *, int);
static void ChapProtocolReject (int);
#if PPP_ADDITIONAL_CALLBACKS
static int ChapPrintPkt (u_char *, int, void (*) (void *, char *, ...), void *);
#endif
struct protent chap_protent = {
PPP_CHAP,
ChapInit,
ChapInput,
ChapProtocolReject,
ChapLowerUp,
ChapLowerDown,
NULL,
NULL,
#if PPP_ADDITIONAL_CALLBACKS
ChapPrintPkt,
NULL,
#endif /* PPP_ADDITIONAL_CALLBACKS */
1,
"CHAP",
#if PPP_ADDITIONAL_CALLBACKS
NULL,
NULL,
NULL
#endif /* PPP_ADDITIONAL_CALLBACKS */
};
chap_state chap[NUM_PPP]; /* CHAP state; one for each unit */
static void ChapChallengeTimeout (void *);
static void ChapResponseTimeout (void *);
static void ChapReceiveChallenge (chap_state *, u_char *, u_char, int);
static void ChapRechallenge (void *);
static void ChapReceiveResponse (chap_state *, u_char *, int, int);
static void ChapReceiveSuccess(chap_state *cstate, u_char *inp, u_char id, int len);
static void ChapReceiveFailure(chap_state *cstate, u_char *inp, u_char id, int len);
static void ChapSendStatus (chap_state *, int);
static void ChapSendChallenge (chap_state *);
static void ChapSendResponse (chap_state *);
static void ChapGenChallenge (chap_state *);
/*
* ChapInit - Initialize a CHAP unit.
*/
static void
ChapInit(int unit)
{
chap_state *cstate = &chap[unit];
BZERO(cstate, sizeof(*cstate));
cstate->unit = unit;
cstate->clientstate = CHAPCS_INITIAL;
cstate->serverstate = CHAPSS_INITIAL;
cstate->timeouttime = CHAP_DEFTIMEOUT;
cstate->max_transmits = CHAP_DEFTRANSMITS;
/* random number generator is initialized in magic_init */
}
/*
* ChapAuthWithPeer - Authenticate us with our peer (start client).
*
*/
void
ChapAuthWithPeer(int unit, char *our_name, u_char digest)
{
chap_state *cstate = &chap[unit];
cstate->resp_name = our_name;
cstate->resp_type = digest;
if (cstate->clientstate == CHAPCS_INITIAL ||
cstate->clientstate == CHAPCS_PENDING) {
/* lower layer isn't up - wait until later */
cstate->clientstate = CHAPCS_PENDING;
return;
}
/*
* We get here as a result of LCP coming up.
* So even if CHAP was open before, we will
* have to re-authenticate ourselves.
*/
cstate->clientstate = CHAPCS_LISTEN;
}
/*
* ChapAuthPeer - Authenticate our peer (start server).
*/
void
ChapAuthPeer(int unit, char *our_name, u_char digest)
{
chap_state *cstate = &chap[unit];
cstate->chal_name = our_name;
cstate->chal_type = digest;
if (cstate->serverstate == CHAPSS_INITIAL ||
cstate->serverstate == CHAPSS_PENDING) {
/* lower layer isn't up - wait until later */
cstate->serverstate = CHAPSS_PENDING;
return;
}
ChapGenChallenge(cstate);
ChapSendChallenge(cstate); /* crank it up dude! */
cstate->serverstate = CHAPSS_INITIAL_CHAL;
}
/*
* ChapChallengeTimeout - Timeout expired on sending challenge.
*/
static void
ChapChallengeTimeout(void *arg)
{
chap_state *cstate = (chap_state *) arg;
/* if we aren't sending challenges, don't worry. then again we */
/* probably shouldn't be here either */
if (cstate->serverstate != CHAPSS_INITIAL_CHAL &&
cstate->serverstate != CHAPSS_RECHALLENGE) {
return;
}
if (cstate->chal_transmits >= cstate->max_transmits) {
/* give up on peer */
CHAPDEBUG(LOG_ERR, ("Peer failed to respond to CHAP challenge\n"));
cstate->serverstate = CHAPSS_BADAUTH;
auth_peer_fail(cstate->unit, PPP_CHAP);
return;
}
ChapSendChallenge(cstate); /* Re-send challenge */
}
/*
* ChapResponseTimeout - Timeout expired on sending response.
*/
static void
ChapResponseTimeout(void *arg)
{
chap_state *cstate = (chap_state *) arg;
/* if we aren't sending a response, don't worry. */
if (cstate->clientstate != CHAPCS_RESPONSE) {
return;
}
ChapSendResponse(cstate); /* re-send response */
}
/*
* ChapRechallenge - Time to challenge the peer again.
*/
static void
ChapRechallenge(void *arg)
{
chap_state *cstate = (chap_state *) arg;
/* if we aren't sending a response, don't worry. */
if (cstate->serverstate != CHAPSS_OPEN) {
return;
}
ChapGenChallenge(cstate);
ChapSendChallenge(cstate);
cstate->serverstate = CHAPSS_RECHALLENGE;
}
/*
* ChapLowerUp - The lower layer is up.
*
* Start up if we have pending requests.
*/
static void
ChapLowerUp(int unit)
{
chap_state *cstate = &chap[unit];
if (cstate->clientstate == CHAPCS_INITIAL) {
cstate->clientstate = CHAPCS_CLOSED;
} else if (cstate->clientstate == CHAPCS_PENDING) {
cstate->clientstate = CHAPCS_LISTEN;
}
if (cstate->serverstate == CHAPSS_INITIAL) {
cstate->serverstate = CHAPSS_CLOSED;
} else if (cstate->serverstate == CHAPSS_PENDING) {
ChapGenChallenge(cstate);
ChapSendChallenge(cstate);
cstate->serverstate = CHAPSS_INITIAL_CHAL;
}
}
/*
* ChapLowerDown - The lower layer is down.
*
* Cancel all timeouts.
*/
static void
ChapLowerDown(int unit)
{
chap_state *cstate = &chap[unit];
/* Timeout(s) pending? Cancel if so. */
if (cstate->serverstate == CHAPSS_INITIAL_CHAL ||
cstate->serverstate == CHAPSS_RECHALLENGE) {
UNTIMEOUT(ChapChallengeTimeout, cstate);
} else if (cstate->serverstate == CHAPSS_OPEN
&& cstate->chal_interval != 0) {
UNTIMEOUT(ChapRechallenge, cstate);
}
if (cstate->clientstate == CHAPCS_RESPONSE) {
UNTIMEOUT(ChapResponseTimeout, cstate);
}
cstate->clientstate = CHAPCS_INITIAL;
cstate->serverstate = CHAPSS_INITIAL;
}
/*
* ChapProtocolReject - Peer doesn't grok CHAP.
*/
static void
ChapProtocolReject(int unit)
{
chap_state *cstate = &chap[unit];
if (cstate->serverstate != CHAPSS_INITIAL &&
cstate->serverstate != CHAPSS_CLOSED) {
auth_peer_fail(unit, PPP_CHAP);
}
if (cstate->clientstate != CHAPCS_INITIAL &&
cstate->clientstate != CHAPCS_CLOSED) {
auth_withpeer_fail(unit, PPP_CHAP); /* lwip: just sets the PPP error code on this unit to PPPERR_AUTHFAIL */
}
ChapLowerDown(unit); /* shutdown chap */
}
/*
* ChapInput - Input CHAP packet.
*/
static void
ChapInput(int unit, u_char *inpacket, int packet_len)
{
chap_state *cstate = &chap[unit];
u_char *inp;
u_char code, id;
int len;
/*
* Parse header (code, id and length).
* If packet too short, drop it.
*/
inp = inpacket;
if (packet_len < CHAP_HEADERLEN) {
CHAPDEBUG(LOG_INFO, ("ChapInput: rcvd short header.\n"));
return;
}
GETCHAR(code, inp);
GETCHAR(id, inp);
GETSHORT(len, inp);
if (len < CHAP_HEADERLEN) {
CHAPDEBUG(LOG_INFO, ("ChapInput: rcvd illegal length.\n"));
return;
}
if (len > packet_len) {
CHAPDEBUG(LOG_INFO, ("ChapInput: rcvd short packet.\n"));
return;
}
len -= CHAP_HEADERLEN;
/*
* Action depends on code (as in fact it usually does :-).
*/
switch (code) {
case CHAP_CHALLENGE:
ChapReceiveChallenge(cstate, inp, id, len);
break;
case CHAP_RESPONSE:
ChapReceiveResponse(cstate, inp, id, len);
break;
case CHAP_FAILURE:
ChapReceiveFailure(cstate, inp, id, len);
break;
case CHAP_SUCCESS:
ChapReceiveSuccess(cstate, inp, id, len);
break;
default: /* Need code reject? */
CHAPDEBUG(LOG_WARNING, ("Unknown CHAP code (%d) received.\n", code));
break;
}
}
/*
* ChapReceiveChallenge - Receive Challenge and send Response.
*/
static void
ChapReceiveChallenge(chap_state *cstate, u_char *inp, u_char id, int len)
{
int rchallenge_len;
u_char *rchallenge;
int secret_len;
char secret[MAXSECRETLEN];
char rhostname[256];
MD5_CTX mdContext;
u_char hash[MD5_SIGNATURE_SIZE];
CHAPDEBUG(LOG_INFO, ("ChapReceiveChallenge: Rcvd id %d.\n", id));
if (cstate->clientstate == CHAPCS_CLOSED ||
cstate->clientstate == CHAPCS_PENDING) {
CHAPDEBUG(LOG_INFO, ("ChapReceiveChallenge: in state %d\n",
cstate->clientstate));
return;
}
if (len < 2) {
CHAPDEBUG(LOG_INFO, ("ChapReceiveChallenge: rcvd short packet.\n"));
return;
}
GETCHAR(rchallenge_len, inp);
len -= sizeof (u_char) + rchallenge_len; /* now name field length */
if (len < 0) {
CHAPDEBUG(LOG_INFO, ("ChapReceiveChallenge: rcvd short packet.\n"));
return;
}
rchallenge = inp;
INCPTR(rchallenge_len, inp);
if (len >= (int)sizeof(rhostname)) {
len = sizeof(rhostname) - 1;
}
BCOPY(inp, rhostname, len);
rhostname[len] = '\000';
CHAPDEBUG(LOG_INFO, ("ChapReceiveChallenge: received name field '%s'\n",
rhostname));
/* Microsoft doesn't send their name back in the PPP packet */
if (ppp_settings.remote_name[0] != 0 && (ppp_settings.explicit_remote || rhostname[0] == 0)) {
strncpy(rhostname, ppp_settings.remote_name, sizeof(rhostname));
rhostname[sizeof(rhostname) - 1] = 0;
CHAPDEBUG(LOG_INFO, ("ChapReceiveChallenge: using '%s' as remote name\n",
rhostname));
}
/* get secret for authenticating ourselves with the specified host */
if (!get_secret(cstate->unit, cstate->resp_name, rhostname,
secret, &secret_len, 0)) {
secret_len = 0; /* assume null secret if can't find one */
CHAPDEBUG(LOG_WARNING, ("No CHAP secret found for authenticating us to %s\n",
rhostname));
}
/* cancel response send timeout if necessary */
if (cstate->clientstate == CHAPCS_RESPONSE) {
UNTIMEOUT(ChapResponseTimeout, cstate);
}
cstate->resp_id = id;
cstate->resp_transmits = 0;
/* generate MD based on negotiated type */
switch (cstate->resp_type) {
case CHAP_DIGEST_MD5:
MD5Init(&mdContext);
MD5Update(&mdContext, &cstate->resp_id, 1);
MD5Update(&mdContext, (u_char*)secret, secret_len);
MD5Update(&mdContext, rchallenge, rchallenge_len);
MD5Final(hash, &mdContext);
BCOPY(hash, cstate->response, MD5_SIGNATURE_SIZE);
cstate->resp_length = MD5_SIGNATURE_SIZE;
break;
#if MSCHAP_SUPPORT
case CHAP_MICROSOFT:
ChapMS(cstate, rchallenge, rchallenge_len, secret, secret_len);
break;
#endif
default:
CHAPDEBUG(LOG_INFO, ("unknown digest type %d\n", cstate->resp_type));
return;
}
BZERO(secret, sizeof(secret));
ChapSendResponse(cstate);
}
/*
* ChapReceiveResponse - Receive and process response.
*/
static void
ChapReceiveResponse(chap_state *cstate, u_char *inp, int id, int len)
{
u_char *remmd, remmd_len;
int secret_len, old_state;
int code;
char rhostname[256];
MD5_CTX mdContext;
char secret[MAXSECRETLEN];
u_char hash[MD5_SIGNATURE_SIZE];
CHAPDEBUG(LOG_INFO, ("ChapReceiveResponse: Rcvd id %d.\n", id));
if (cstate->serverstate == CHAPSS_CLOSED ||
cstate->serverstate == CHAPSS_PENDING) {
CHAPDEBUG(LOG_INFO, ("ChapReceiveResponse: in state %d\n",
cstate->serverstate));
return;
}
if (id != cstate->chal_id) {
return; /* doesn't match ID of last challenge */
}
/*
* If we have received a duplicate or bogus Response,
* we have to send the same answer (Success/Failure)
* as we did for the first Response we saw.
*/
if (cstate->serverstate == CHAPSS_OPEN) {
ChapSendStatus(cstate, CHAP_SUCCESS);
return;
}
if (cstate->serverstate == CHAPSS_BADAUTH) {
ChapSendStatus(cstate, CHAP_FAILURE);
return;
}
if (len < 2) {
CHAPDEBUG(LOG_INFO, ("ChapReceiveResponse: rcvd short packet.\n"));
return;
}
GETCHAR(remmd_len, inp); /* get length of MD */
remmd = inp; /* get pointer to MD */
INCPTR(remmd_len, inp);
len -= sizeof (u_char) + remmd_len;
if (len < 0) {
CHAPDEBUG(LOG_INFO, ("ChapReceiveResponse: rcvd short packet.\n"));
return;
}
UNTIMEOUT(ChapChallengeTimeout, cstate);
if (len >= (int)sizeof(rhostname)) {
len = sizeof(rhostname) - 1;
}
BCOPY(inp, rhostname, len);
rhostname[len] = '\000';
CHAPDEBUG(LOG_INFO, ("ChapReceiveResponse: received name field: %s\n",
rhostname));
/*
* Get secret for authenticating them with us,
* do the hash ourselves, and compare the result.
*/
code = CHAP_FAILURE;
if (!get_secret(cstate->unit, rhostname, cstate->chal_name,
secret, &secret_len, 1)) {
CHAPDEBUG(LOG_WARNING, ("No CHAP secret found for authenticating %s\n",
rhostname));
} else {
/* generate MD based on negotiated type */
switch (cstate->chal_type) {
case CHAP_DIGEST_MD5: /* only MD5 is defined for now */
if (remmd_len != MD5_SIGNATURE_SIZE) {
break; /* it's not even the right length */
}
MD5Init(&mdContext);
MD5Update(&mdContext, &cstate->chal_id, 1);
MD5Update(&mdContext, (u_char*)secret, secret_len);
MD5Update(&mdContext, cstate->challenge, cstate->chal_len);
MD5Final(hash, &mdContext);
/* compare local and remote MDs and send the appropriate status */
if (memcmp (hash, remmd, MD5_SIGNATURE_SIZE) == 0) {
code = CHAP_SUCCESS; /* they are the same! */
}
break;
default:
CHAPDEBUG(LOG_INFO, ("unknown digest type %d\n", cstate->chal_type));
}
}
BZERO(secret, sizeof(secret));
ChapSendStatus(cstate, code);
if (code == CHAP_SUCCESS) {
old_state = cstate->serverstate;
cstate->serverstate = CHAPSS_OPEN;
if (old_state == CHAPSS_INITIAL_CHAL) {
auth_peer_success(cstate->unit, PPP_CHAP, rhostname, len);
}
if (cstate->chal_interval != 0) {
TIMEOUT(ChapRechallenge, cstate, cstate->chal_interval);
}
} else {
CHAPDEBUG(LOG_ERR, ("CHAP peer authentication failed\n"));
cstate->serverstate = CHAPSS_BADAUTH;
auth_peer_fail(cstate->unit, PPP_CHAP);
}
}
/*
* ChapReceiveSuccess - Receive Success
*/
static void
ChapReceiveSuccess(chap_state *cstate, u_char *inp, u_char id, int len)
{
LWIP_UNUSED_ARG(id);
LWIP_UNUSED_ARG(inp);
CHAPDEBUG(LOG_INFO, ("ChapReceiveSuccess: Rcvd id %d.\n", id));
if (cstate->clientstate == CHAPCS_OPEN) {
/* presumably an answer to a duplicate response */
return;
}
if (cstate->clientstate != CHAPCS_RESPONSE) {
/* don't know what this is */
CHAPDEBUG(LOG_INFO, ("ChapReceiveSuccess: in state %d\n",
cstate->clientstate));
return;
}
UNTIMEOUT(ChapResponseTimeout, cstate);
/*
* Print message.
*/
if (len > 0) {
PRINTMSG(inp, len);
}
cstate->clientstate = CHAPCS_OPEN;
auth_withpeer_success(cstate->unit, PPP_CHAP);
}
/*
* ChapReceiveFailure - Receive failure.
*/
static void
ChapReceiveFailure(chap_state *cstate, u_char *inp, u_char id, int len)
{
LWIP_UNUSED_ARG(id);
LWIP_UNUSED_ARG(inp);
CHAPDEBUG(LOG_INFO, ("ChapReceiveFailure: Rcvd id %d.\n", id));
if (cstate->clientstate != CHAPCS_RESPONSE) {
/* don't know what this is */
CHAPDEBUG(LOG_INFO, ("ChapReceiveFailure: in state %d\n",
cstate->clientstate));
return;
}
UNTIMEOUT(ChapResponseTimeout, cstate);
/*
* Print message.
*/
if (len > 0) {
PRINTMSG(inp, len);
}
CHAPDEBUG(LOG_ERR, ("CHAP authentication failed\n"));
auth_withpeer_fail(cstate->unit, PPP_CHAP); /* lwip: just sets the PPP error code on this unit to PPPERR_AUTHFAIL */
}
/*
* ChapSendChallenge - Send an Authenticate challenge.
*/
static void
ChapSendChallenge(chap_state *cstate)
{
u_char *outp;
int chal_len, name_len;
int outlen;
chal_len = cstate->chal_len;
name_len = (int)strlen(cstate->chal_name);
outlen = CHAP_HEADERLEN + sizeof (u_char) + chal_len + name_len;
outp = outpacket_buf[cstate->unit];
MAKEHEADER(outp, PPP_CHAP); /* paste in a CHAP header */
PUTCHAR(CHAP_CHALLENGE, outp);
PUTCHAR(cstate->chal_id, outp);
PUTSHORT(outlen, outp);
PUTCHAR(chal_len, outp); /* put length of challenge */
BCOPY(cstate->challenge, outp, chal_len);
INCPTR(chal_len, outp);
BCOPY(cstate->chal_name, outp, name_len); /* append hostname */
pppWrite(cstate->unit, outpacket_buf[cstate->unit], outlen + PPP_HDRLEN);
CHAPDEBUG(LOG_INFO, ("ChapSendChallenge: Sent id %d.\n", cstate->chal_id));
TIMEOUT(ChapChallengeTimeout, cstate, cstate->timeouttime);
++cstate->chal_transmits;
}
/*
* ChapSendStatus - Send a status response (ack or nak).
*/
static void
ChapSendStatus(chap_state *cstate, int code)
{
u_char *outp;
int outlen, msglen;
char msg[256]; /* @todo: this can be a char*, no strcpy needed */
if (code == CHAP_SUCCESS) {
strcpy(msg, "Welcome!");
} else {
strcpy(msg, "I don't like you. Go 'way.");
}
msglen = (int)strlen(msg);
outlen = CHAP_HEADERLEN + msglen;
outp = outpacket_buf[cstate->unit];
MAKEHEADER(outp, PPP_CHAP); /* paste in a header */
PUTCHAR(code, outp);
PUTCHAR(cstate->chal_id, outp);
PUTSHORT(outlen, outp);
BCOPY(msg, outp, msglen);
pppWrite(cstate->unit, outpacket_buf[cstate->unit], outlen + PPP_HDRLEN);
CHAPDEBUG(LOG_INFO, ("ChapSendStatus: Sent code %d, id %d.\n", code,
cstate->chal_id));
}
/*
* ChapGenChallenge is used to generate a pseudo-random challenge string of
* a pseudo-random length between min_len and max_len. The challenge
* string and its length are stored in *cstate, and various other fields of
* *cstate are initialized.
*/
static void
ChapGenChallenge(chap_state *cstate)
{
int chal_len;
u_char *ptr = cstate->challenge;
int i;
/* pick a random challenge length between MIN_CHALLENGE_LENGTH and
MAX_CHALLENGE_LENGTH */
chal_len = (unsigned)
((((magic() >> 16) *
(MAX_CHALLENGE_LENGTH - MIN_CHALLENGE_LENGTH)) >> 16)
+ MIN_CHALLENGE_LENGTH);
LWIP_ASSERT("chal_len <= 0xff", chal_len <= 0xffff);
cstate->chal_len = (u_char)chal_len;
cstate->chal_id = ++cstate->id;
cstate->chal_transmits = 0;
/* generate a random string */
for (i = 0; i < chal_len; i++ ) {
*ptr++ = (char) (magic() & 0xff);
}
}
/*
* ChapSendResponse - send a response packet with values as specified
* in *cstate.
*/
/* ARGSUSED */
static void
ChapSendResponse(chap_state *cstate)
{
u_char *outp;
int outlen, md_len, name_len;
md_len = cstate->resp_length;
name_len = (int)strlen(cstate->resp_name);
outlen = CHAP_HEADERLEN + sizeof (u_char) + md_len + name_len;
outp = outpacket_buf[cstate->unit];
MAKEHEADER(outp, PPP_CHAP);
PUTCHAR(CHAP_RESPONSE, outp); /* we are a response */
PUTCHAR(cstate->resp_id, outp); /* copy id from challenge packet */
PUTSHORT(outlen, outp); /* packet length */
PUTCHAR(md_len, outp); /* length of MD */
BCOPY(cstate->response, outp, md_len); /* copy MD to buffer */
INCPTR(md_len, outp);
BCOPY(cstate->resp_name, outp, name_len); /* append our name */
/* send the packet */
pppWrite(cstate->unit, outpacket_buf[cstate->unit], outlen + PPP_HDRLEN);
cstate->clientstate = CHAPCS_RESPONSE;
TIMEOUT(ChapResponseTimeout, cstate, cstate->timeouttime);
++cstate->resp_transmits;
}
#if PPP_ADDITIONAL_CALLBACKS
static char *ChapCodenames[] = {
"Challenge", "Response", "Success", "Failure"
};
/*
* ChapPrintPkt - print the contents of a CHAP packet.
*/
static int
ChapPrintPkt( u_char *p, int plen, void (*printer) (void *, char *, ...), void *arg)
{
int code, id, len;
int clen, nlen;
u_char x;
if (plen < CHAP_HEADERLEN) {
return 0;
}
GETCHAR(code, p);
GETCHAR(id, p);
GETSHORT(len, p);
if (len < CHAP_HEADERLEN || len > plen) {
return 0;
}
if (code >= 1 && code <= sizeof(ChapCodenames) / sizeof(char *)) {
printer(arg, " %s", ChapCodenames[code-1]);
} else {
printer(arg, " code=0x%x", code);
}
printer(arg, " id=0x%x", id);
len -= CHAP_HEADERLEN;
switch (code) {
case CHAP_CHALLENGE:
case CHAP_RESPONSE:
if (len < 1) {
break;
}
clen = p[0];
if (len < clen + 1) {
break;
}
++p;
nlen = len - clen - 1;
printer(arg, " <");
for (; clen > 0; --clen) {
GETCHAR(x, p);
printer(arg, "%.2x", x);
}
printer(arg, ">, name = %.*Z", nlen, p);
break;
case CHAP_FAILURE:
case CHAP_SUCCESS:
printer(arg, " %.*Z", len, p);
break;
default:
for (clen = len; clen > 0; --clen) {
GETCHAR(x, p);
printer(arg, " %.2x", x);
}
}
return len + CHAP_HEADERLEN;
}
#endif /* PPP_ADDITIONAL_CALLBACKS */
#endif /* CHAP_SUPPORT */
#endif /* PPP_SUPPORT */

150
src/netif/ppp/chap.h
View File

@ -1,150 +0,0 @@
/*****************************************************************************
* chap.h - Network Challenge Handshake Authentication Protocol header file.
*
* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
* portions Copyright (c) 1998 Global Election Systems Inc.
*
* The authors hereby grant permission to use, copy, modify, distribute,
* and license this software and its documentation for any purpose, provided
* that existing copyright notices are retained in all copies and that this
* notice and the following disclaimer are included verbatim in any
* distributions. No written agreement, license, or royalty fee is required
* for any of the authorized uses.
*
* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
******************************************************************************
* REVISION HISTORY
*
* 03-01-01 Marc Boucher <marc@mbsi.ca>
* Ported to lwIP.
* 97-12-03 Guy Lancaster <lancasterg@acm.org>, Global Election Systems Inc.
* Original built from BSD network code.
******************************************************************************/
/*
* chap.h - Challenge Handshake Authentication Protocol definitions.
*
* Copyright (c) 1993 The Australian National University.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that the above copyright notice and this paragraph are
* duplicated in all such forms and that any documentation,
* advertising materials, and other materials related to such
* distribution and use acknowledge that the software was developed
* by the Australian National University. The name of the University
* may not be used to endorse or promote products derived from this
* software without specific prior written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* Copyright (c) 1991 Gregory M. Christy
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that the above copyright notice and this paragraph are
* duplicated in all such forms and that any documentation,
* advertising materials, and other materials related to such
* distribution and use acknowledge that the software was developed
* by the author.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: chap.h,v 1.6 2010/01/24 13:19:34 goldsimon Exp $
*/
#ifndef CHAP_H
#define CHAP_H
/* Code + ID + length */
#define CHAP_HEADERLEN 4
/*
* CHAP codes.
*/
#define CHAP_DIGEST_MD5 5 /* use MD5 algorithm */
#define MD5_SIGNATURE_SIZE 16 /* 16 bytes in a MD5 message digest */
#define CHAP_MICROSOFT 0x80 /* use Microsoft-compatible alg. */
#define MS_CHAP_RESPONSE_LEN 49 /* Response length for MS-CHAP */
#define CHAP_CHALLENGE 1
#define CHAP_RESPONSE 2
#define CHAP_SUCCESS 3
#define CHAP_FAILURE 4
/*
* Challenge lengths (for challenges we send) and other limits.
*/
#define MIN_CHALLENGE_LENGTH 32
#define MAX_CHALLENGE_LENGTH 64
#define MAX_RESPONSE_LENGTH 64 /* sufficient for MD5 or MS-CHAP */
/*
* Each interface is described by a chap structure.
*/
typedef struct chap_state {
int unit; /* Interface unit number */
int clientstate; /* Client state */
int serverstate; /* Server state */
u_char challenge[MAX_CHALLENGE_LENGTH]; /* last challenge string sent */
u_char chal_len; /* challenge length */
u_char chal_id; /* ID of last challenge */
u_char chal_type; /* hash algorithm for challenges */
u_char id; /* Current id */
char *chal_name; /* Our name to use with challenge */
int chal_interval; /* Time until we challenge peer again */
int timeouttime; /* Timeout time in seconds */
int max_transmits; /* Maximum # of challenge transmissions */
int chal_transmits; /* Number of transmissions of challenge */
int resp_transmits; /* Number of transmissions of response */
u_char response[MAX_RESPONSE_LENGTH]; /* Response to send */
u_char resp_length; /* length of response */
u_char resp_id; /* ID for response messages */
u_char resp_type; /* hash algorithm for responses */
char *resp_name; /* Our name to send with response */
} chap_state;
/*
* Client (peer) states.
*/
#define CHAPCS_INITIAL 0 /* Lower layer down, not opened */
#define CHAPCS_CLOSED 1 /* Lower layer up, not opened */
#define CHAPCS_PENDING 2 /* Auth us to peer when lower up */
#define CHAPCS_LISTEN 3 /* Listening for a challenge */
#define CHAPCS_RESPONSE 4 /* Sent response, waiting for status */
#define CHAPCS_OPEN 5 /* We've received Success */
/*
* Server (authenticator) states.
*/
#define CHAPSS_INITIAL 0 /* Lower layer down, not opened */
#define CHAPSS_CLOSED 1 /* Lower layer up, not opened */
#define CHAPSS_PENDING 2 /* Auth peer when lower up */
#define CHAPSS_INITIAL_CHAL 3 /* We've sent the first challenge */
#define CHAPSS_OPEN 4 /* We've sent a Success msg */
#define CHAPSS_RECHALLENGE 5 /* We've sent another challenge */
#define CHAPSS_BADAUTH 6 /* We've sent a Failure msg */
extern chap_state chap[];
void ChapAuthWithPeer (int, char *, u_char);
void ChapAuthPeer (int, char *, u_char);
extern struct protent chap_protent;
#endif /* CHAP_H */

904
src/netif/ppp/chap_ms.c Normal file
View File

@ -0,0 +1,904 @@
/*
* chap_ms.c - Microsoft MS-CHAP compatible implementation.
*
* Copyright (c) 1995 Eric Rosenquist. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The name(s) of the authors of this software must not be used to
* endorse or promote products derived from this software without
* prior written permission.
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
* SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/*
* Modifications by Lauri Pesonen / lpesonen@clinet.fi, april 1997
*
* Implemented LANManager type password response to MS-CHAP challenges.
* Now pppd provides both NT style and LANMan style blocks, and the
* prefered is set by option "ms-lanman". Default is to use NT.
* The hash text (StdText) was taken from Win95 RASAPI32.DLL.
*
* You should also use DOMAIN\\USERNAME as described in README.MSCHAP80
*/
/*
* Modifications by Frank Cusack, frank@google.com, March 2002.
*
* Implemented MS-CHAPv2 functionality, heavily based on sample
* implementation in RFC 2759. Implemented MPPE functionality,
* heavily based on sample implementation in RFC 3079.
*
* Copyright (c) 2002 Google, Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The name(s) of the authors of this software must not be used to
* endorse or promote products derived from this software without
* prior written permission.
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
* SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && MSCHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#if 0 /* UNUSED */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <sys/types.h>
#include <sys/time.h>
#include <unistd.h>
#endif /* UNUSED */
#include "netif/ppp/ppp_impl.h"
#include "netif/ppp/chap-new.h"
#include "netif/ppp/chap_ms.h"
#include "netif/ppp/pppcrypt.h"
#include "netif/ppp/magic.h"
#if LWIP_INCLUDED_POLARSSL_MD4
#include "netif/ppp/polarssl/md4.h"
#else
#include "polarssl/md4.h"
#endif
#if LWIP_INCLUDED_POLARSSL_SHA1
#include "netif/ppp/polarssl/sha1.h"
#else
#include "polarssl/sha1.h"
#endif
#if LWIP_INCLUDED_POLARSSL_DES
#include "netif/ppp/polarssl/des.h"
#else
#include "polarssl/des.h"
#endif
#define SHA1_SIGNATURE_SIZE 20
static void ascii2unicode (char[], int, u_char[]);
static void NTPasswordHash (u_char *, int, u_char[MD4_SIGNATURE_SIZE]);
static void ChallengeResponse (u_char *, u_char *, u_char[24]);
static void ChapMS_NT (u_char *, char *, int, u_char[24]);
static void ChapMS2_NT (u_char *, u_char[16], char *, char *, int,
u_char[24]);
static void GenerateAuthenticatorResponsePlain
(char*, int, u_char[24], u_char[16], u_char *,
char *, u_char[41]);
#ifdef MSLANMAN
static void ChapMS_LANMan (u_char *, char *, int, u_char *);
#endif
#ifdef MPPE
static void Set_Start_Key (u_char *, char *, int);
static void SetMasterKeys (char *, int, u_char[24], int);
#endif
#ifdef MSLANMAN
bool ms_lanman = 0; /* Use LanMan password instead of NT */
/* Has meaning only with MS-CHAP challenges */
#endif
#ifdef MPPE
u_char mppe_send_key[MPPE_MAX_KEY_LEN];
u_char mppe_recv_key[MPPE_MAX_KEY_LEN];
int mppe_keys_set = 0; /* Have the MPPE keys been set? */
#ifdef DEBUGMPPEKEY
/* For MPPE debug */
/* Use "[]|}{?/><,`!2&&(" (sans quotes) for RFC 3079 MS-CHAPv2 test value */
static char *mschap_challenge = NULL;
/* Use "!@\#$%^&*()_+:3|~" (sans quotes, backslash is to escape #) for ... */
static char *mschap2_peer_challenge = NULL;
#endif
#include "netif/ppp/fsm.h" /* Need to poke MPPE options */
#include "netif/ppp/ccp.h"
#include <net/ppp-comp.h>
#endif
#if PPP_OPTIONS
/*
* Command-line options.
*/
static option_t chapms_option_list[] = {
#ifdef MSLANMAN
{ "ms-lanman", o_bool, &ms_lanman,
"Use LanMan passwd when using MS-CHAP", 1 },
#endif
#ifdef DEBUGMPPEKEY
{ "mschap-challenge", o_string, &mschap_challenge,
"specify CHAP challenge" },
{ "mschap2-peer-challenge", o_string, &mschap2_peer_challenge,
"specify CHAP peer challenge" },
#endif
{ NULL }
};
#endif /* PPP_OPTIONS */
#if PPP_SERVER
/*
* chapms_generate_challenge - generate a challenge for MS-CHAP.
* For MS-CHAP the challenge length is fixed at 8 bytes.
* The length goes in challenge[0] and the actual challenge starts
* at challenge[1].
*/
static void chapms_generate_challenge(unsigned char *challenge) {
*challenge++ = 8;
#ifdef DEBUGMPPEKEY
if (mschap_challenge && strlen(mschap_challenge) == 8)
memcpy(challenge, mschap_challenge, 8);
else
#endif
random_bytes(challenge, 8);
}
static void chapms2_generate_challenge(unsigned char *challenge) {
*challenge++ = 16;
#ifdef DEBUGMPPEKEY
if (mschap_challenge && strlen(mschap_challenge) == 16)
memcpy(challenge, mschap_challenge, 16);
else
#endif
random_bytes(challenge, 16);
}
static int chapms_verify_response(int id, char *name,
unsigned char *secret, int secret_len,
unsigned char *challenge, unsigned char *response,
char *message, int message_space) {
unsigned char md[MS_CHAP_RESPONSE_LEN];
int diff;
int challenge_len, response_len;
challenge_len = *challenge++; /* skip length, is 8 */
response_len = *response++;
if (response_len != MS_CHAP_RESPONSE_LEN)
goto bad;
#ifndef MSLANMAN
if (!response[MS_CHAP_USENT]) {
/* Should really propagate this into the error packet. */
ppp_notice("Peer request for LANMAN auth not supported");
goto bad;
}
#endif
/* Generate the expected response. */
ChapMS(challenge, (char *)secret, secret_len, md);
#ifdef MSLANMAN
/* Determine which part of response to verify against */
if (!response[MS_CHAP_USENT])
diff = memcmp(&response[MS_CHAP_LANMANRESP],
&md[MS_CHAP_LANMANRESP], MS_CHAP_LANMANRESP_LEN);
else
#endif
diff = memcmp(&response[MS_CHAP_NTRESP], &md[MS_CHAP_NTRESP],
MS_CHAP_NTRESP_LEN);
if (diff == 0) {
ppp_slprintf(message, message_space, "Access granted");
return 1;
}
bad:
/* See comments below for MS-CHAP V2 */
ppp_slprintf(message, message_space, "E=691 R=1 C=%0.*B V=0",
challenge_len, challenge);
return 0;
}
static int chapms2_verify_response(int id, char *name,
unsigned char *secret, int secret_len,
unsigned char *challenge, unsigned char *response,
char *message, int message_space) {
unsigned char md[MS_CHAP2_RESPONSE_LEN];
char saresponse[MS_AUTH_RESPONSE_LENGTH+1];
int challenge_len, response_len;
challenge_len = *challenge++; /* skip length, is 16 */
response_len = *response++;
if (response_len != MS_CHAP2_RESPONSE_LEN)
goto bad; /* not even the right length */
/* Generate the expected response and our mutual auth. */
ChapMS2(challenge, &response[MS_CHAP2_PEER_CHALLENGE], name,
(char *)secret, secret_len, md,
(unsigned char *)saresponse, MS_CHAP2_AUTHENTICATOR);
/* compare MDs and send the appropriate status */
/*
* Per RFC 2759, success message must be formatted as
* "S=<auth_string> M=<message>"
* where
* <auth_string> is the Authenticator Response (mutual auth)
* <message> is a text message
*
* However, some versions of Windows (win98 tested) do not know
* about the M=<message> part (required per RFC 2759) and flag
* it as an error (reported incorrectly as an encryption error
* to the user). Since the RFC requires it, and it can be
* useful information, we supply it if the peer is a conforming
* system. Luckily (?), win98 sets the Flags field to 0x04
* (contrary to RFC requirements) so we can use that to
* distinguish between conforming and non-conforming systems.
*
* Special thanks to Alex Swiridov <say@real.kharkov.ua> for
* help debugging this.
*/
if (memcmp(&md[MS_CHAP2_NTRESP], &response[MS_CHAP2_NTRESP],
MS_CHAP2_NTRESP_LEN) == 0) {
if (response[MS_CHAP2_FLAGS])
ppp_slprintf(message, message_space, "S=%s", saresponse);
else
ppp_slprintf(message, message_space, "S=%s M=%s",
saresponse, "Access granted");
return 1;
}
bad:
/*
* Failure message must be formatted as
* "E=e R=r C=c V=v M=m"
* where
* e = error code (we use 691, ERROR_AUTHENTICATION_FAILURE)
* r = retry (we use 1, ok to retry)
* c = challenge to use for next response, we reuse previous
* v = Change Password version supported, we use 0
* m = text message
*
* The M=m part is only for MS-CHAPv2. Neither win2k nor
* win98 (others untested) display the message to the user anyway.
* They also both ignore the E=e code.
*
* Note that it's safe to reuse the same challenge as we don't
* actually accept another response based on the error message
* (and no clients try to resend a response anyway).
*
* Basically, this whole bit is useless code, even the small
* implementation here is only because of overspecification.
*/
ppp_slprintf(message, message_space, "E=691 R=1 C=%0.*B V=0 M=%s",
challenge_len, challenge, "Access denied");
return 0;
}
#endif /* PPP_SERVER */
static void chapms_make_response(unsigned char *response, int id, char *our_name,
unsigned char *challenge, char *secret, int secret_len,
unsigned char *private) {
challenge++; /* skip length, should be 8 */
*response++ = MS_CHAP_RESPONSE_LEN;
ChapMS(challenge, secret, secret_len, response);
}
static void chapms2_make_response(unsigned char *response, int id, char *our_name,
unsigned char *challenge, char *secret, int secret_len,
unsigned char *private) {
challenge++; /* skip length, should be 16 */
*response++ = MS_CHAP2_RESPONSE_LEN;
ChapMS2(challenge,
#ifdef DEBUGMPPEKEY
mschap2_peer_challenge,
#else
NULL,
#endif
our_name, secret, secret_len, response, private,
MS_CHAP2_AUTHENTICATEE);
}
static int chapms2_check_success(unsigned char *msg, int len, unsigned char *private) {
if ((len < MS_AUTH_RESPONSE_LENGTH + 2) ||
strncmp((char *)msg, "S=", 2) != 0) {
/* Packet does not start with "S=" */
ppp_error("MS-CHAPv2 Success packet is badly formed.");
return 0;
}
msg += 2;
len -= 2;
if (len < MS_AUTH_RESPONSE_LENGTH
|| memcmp(msg, private, MS_AUTH_RESPONSE_LENGTH)) {
/* Authenticator Response did not match expected. */
ppp_error("MS-CHAPv2 mutual authentication failed.");
return 0;
}
/* Authenticator Response matches. */
msg += MS_AUTH_RESPONSE_LENGTH; /* Eat it */
len -= MS_AUTH_RESPONSE_LENGTH;
if ((len >= 3) && !strncmp((char *)msg, " M=", 3)) {
msg += 3; /* Eat the delimiter */
} else if (len) {
/* Packet has extra text which does not begin " M=" */
ppp_error("MS-CHAPv2 Success packet is badly formed.");
return 0;
}
return 1;
}
static void chapms_handle_failure(unsigned char *inp, int len) {
int err;
char *p, msg[64];
/* We want a null-terminated string for strxxx(). */
len = LWIP_MIN(len, 63);
MEMCPY(msg, inp, len);
msg[len] = 0;
p = msg;
/*
* Deal with MS-CHAP formatted failure messages; just print the
* M=<message> part (if any). For MS-CHAP we're not really supposed
* to use M=<message>, but it shouldn't hurt. See
* chapms[2]_verify_response.
*/
if (!strncmp(p, "E=", 2))
err = strtol(p+2, NULL, 10); /* Remember the error code. */
else
goto print_msg; /* Message is badly formatted. */
if (len && ((p = strstr(p, " M=")) != NULL)) {
/* M=<message> field found. */
p += 3;
} else {
/* No M=<message>; use the error code. */
switch (err) {
case MS_CHAP_ERROR_RESTRICTED_LOGON_HOURS:
p = "E=646 Restricted logon hours";
break;
case MS_CHAP_ERROR_ACCT_DISABLED:
p = "E=647 Account disabled";
break;
case MS_CHAP_ERROR_PASSWD_EXPIRED:
p = "E=648 Password expired";
break;
case MS_CHAP_ERROR_NO_DIALIN_PERMISSION:
p = "E=649 No dialin permission";
break;
case MS_CHAP_ERROR_AUTHENTICATION_FAILURE:
p = "E=691 Authentication failure";
break;
case MS_CHAP_ERROR_CHANGING_PASSWORD:
/* Should never see this, we don't support Change Password. */
p = "E=709 Error changing password";
break;
default:
ppp_error("Unknown MS-CHAP authentication failure: %.*v",
len, inp);
return;
}
}
print_msg:
if (p != NULL)
ppp_error("MS-CHAP authentication failed: %v", p);
}
static void ChallengeResponse(u_char *challenge,
u_char PasswordHash[MD4_SIGNATURE_SIZE],
u_char response[24]) {
u_char ZPasswordHash[21];
des_context des;
u_char des_key[8];
BZERO(ZPasswordHash, sizeof(ZPasswordHash));
MEMCPY(ZPasswordHash, PasswordHash, MD4_SIGNATURE_SIZE);
#if 0
dbglog("ChallengeResponse - ZPasswordHash %.*B",
sizeof(ZPasswordHash), ZPasswordHash);
#endif
pppcrypt_56_to_64_bit_key(ZPasswordHash + 0, des_key);
des_setkey_enc(&des, des_key);
des_crypt_ecb(&des, challenge, response +0);
pppcrypt_56_to_64_bit_key(ZPasswordHash + 7, des_key);
des_setkey_enc(&des, des_key);
des_crypt_ecb(&des, challenge, response +8);
pppcrypt_56_to_64_bit_key(ZPasswordHash + 14, des_key);
des_setkey_enc(&des, des_key);
des_crypt_ecb(&des, challenge, response +16);
#if 0
dbglog("ChallengeResponse - response %.24B", response);
#endif
}
void ChallengeHash(u_char PeerChallenge[16], u_char *rchallenge,
char *username, u_char Challenge[8]) {
sha1_context sha1Context;
u_char sha1Hash[SHA1_SIGNATURE_SIZE];
char *user;
/* remove domain from "domain\username" */
if ((user = strrchr(username, '\\')) != NULL)
++user;
else
user = username;
sha1_starts(&sha1Context);
sha1_update(&sha1Context, PeerChallenge, 16);
sha1_update(&sha1Context, rchallenge, 16);
sha1_update(&sha1Context, (unsigned char *)user, strlen(user));
sha1_finish(&sha1Context, sha1Hash);
MEMCPY(Challenge, sha1Hash, 8);
}
/*
* Convert the ASCII version of the password to Unicode.
* This implicitly supports 8-bit ISO8859/1 characters.
* This gives us the little-endian representation, which
* is assumed by all M$ CHAP RFCs. (Unicode byte ordering
* is machine-dependent.)
*/
static void ascii2unicode(char ascii[], int ascii_len, u_char unicode[]) {
int i;
BZERO(unicode, ascii_len * 2);
for (i = 0; i < ascii_len; i++)
unicode[i * 2] = (u_char) ascii[i];
}
static void NTPasswordHash(u_char *secret, int secret_len, u_char hash[MD4_SIGNATURE_SIZE]) {
md4_context md4Context;
md4_starts(&md4Context);
md4_update(&md4Context, secret, secret_len);
md4_finish(&md4Context, hash);
}
static void ChapMS_NT(u_char *rchallenge, char *secret, int secret_len,
u_char NTResponse[24]) {
u_char unicodePassword[MAX_NT_PASSWORD * 2];
u_char PasswordHash[MD4_SIGNATURE_SIZE];
/* Hash the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash);
ChallengeResponse(rchallenge, PasswordHash, NTResponse);
}
static void ChapMS2_NT(u_char *rchallenge, u_char PeerChallenge[16], char *username,
char *secret, int secret_len, u_char NTResponse[24]) {
u_char unicodePassword[MAX_NT_PASSWORD * 2];
u_char PasswordHash[MD4_SIGNATURE_SIZE];
u_char Challenge[8];
ChallengeHash(PeerChallenge, rchallenge, username, Challenge);
/* Hash the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash);
ChallengeResponse(Challenge, PasswordHash, NTResponse);
}
#ifdef MSLANMAN
static u_char *StdText = (u_char *)"KGS!@#$%"; /* key from rasapi32.dll */
static void ChapMS_LANMan(u_char *rchallenge, char *secret, int secret_len,
unsigned char *response) {
int i;
u_char UcasePassword[MAX_NT_PASSWORD]; /* max is actually 14 */
u_char PasswordHash[MD4_SIGNATURE_SIZE];
des_context des;
u_char des_key[8];
/* LANMan password is case insensitive */
BZERO(UcasePassword, sizeof(UcasePassword));
for (i = 0; i < secret_len; i++)
UcasePassword[i] = (u_char)toupper(secret[i]);
pppcrypt_56_to_64_bit_key(UcasePassword +0, des_key);
des_setkey_enc(&des, des_key);
des_crypt_ecb(&des, StdText, PasswordHash +0);
pppcrypt_56_to_64_bit_key(UcasePassword +7, des_key);
des_setkey_enc(&des, des_key);
des_crypt_ecb(&des, StdText, PasswordHash +8);
ChallengeResponse(rchallenge, PasswordHash, &response[MS_CHAP_LANMANRESP]);
}
#endif
void GenerateAuthenticatorResponse(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
u_char NTResponse[24], u_char PeerChallenge[16],
u_char *rchallenge, char *username,
u_char authResponse[MS_AUTH_RESPONSE_LENGTH+1]) {
/*
* "Magic" constants used in response generation, from RFC 2759.
*/
u_char Magic1[39] = /* "Magic server to client signing constant" */
{ 0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76,
0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65,
0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67,
0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74 };
u_char Magic2[41] = /* "Pad to make it do more than one iteration" */
{ 0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B,
0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F,
0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E,
0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F,
0x6E };
int i;
sha1_context sha1Context;
u_char Digest[SHA1_SIGNATURE_SIZE];
u_char Challenge[8];
sha1_starts(&sha1Context);
sha1_update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
sha1_update(&sha1Context, NTResponse, 24);
sha1_update(&sha1Context, Magic1, sizeof(Magic1));
sha1_finish(&sha1Context, Digest);
ChallengeHash(PeerChallenge, rchallenge, username, Challenge);
sha1_starts(&sha1Context);
sha1_update(&sha1Context, Digest, sizeof(Digest));
sha1_update(&sha1Context, Challenge, sizeof(Challenge));
sha1_update(&sha1Context, Magic2, sizeof(Magic2));
sha1_finish(&sha1Context, Digest);
/* Convert to ASCII hex string. */
for (i = 0; i < LWIP_MAX((MS_AUTH_RESPONSE_LENGTH / 2), sizeof(Digest)); i++)
sprintf((char *)&authResponse[i * 2], "%02X", Digest[i]);
}
static void GenerateAuthenticatorResponsePlain
(char *secret, int secret_len,
u_char NTResponse[24], u_char PeerChallenge[16],
u_char *rchallenge, char *username,
u_char authResponse[MS_AUTH_RESPONSE_LENGTH+1]) {
u_char unicodePassword[MAX_NT_PASSWORD * 2];
u_char PasswordHash[MD4_SIGNATURE_SIZE];
u_char PasswordHashHash[MD4_SIGNATURE_SIZE];
/* Hash (x2) the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash);
NTPasswordHash(PasswordHash, sizeof(PasswordHash),
PasswordHashHash);
GenerateAuthenticatorResponse(PasswordHashHash, NTResponse, PeerChallenge,
rchallenge, username, authResponse);
}
#ifdef MPPE
/*
* Set mppe_xxxx_key from the NTPasswordHashHash.
* RFC 2548 (RADIUS support) requires us to export this function (ugh).
*/
void mppe_set_keys(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE]) {
sha1_context sha1Context;
u_char Digest[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */
sha1_starts(&sha1Context);
sha1_update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
sha1_update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
sha1_update(&sha1Context, rchallenge, 8);
sha1_finish(&sha1Context, Digest);
/* Same key in both directions. */
MEMCPY(mppe_send_key, Digest, sizeof(mppe_send_key));
MEMCPY(mppe_recv_key, Digest, sizeof(mppe_recv_key));
mppe_keys_set = 1;
}
/*
* Set mppe_xxxx_key from MS-CHAP credentials. (see RFC 3079)
*/
static void Set_Start_Key(u_char *rchallenge, char *secret, int secret_len) {
u_char unicodePassword[MAX_NT_PASSWORD * 2];
u_char PasswordHash[MD4_SIGNATURE_SIZE];
u_char PasswordHashHash[MD4_SIGNATURE_SIZE];
/* Hash (x2) the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash);
NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash);
mppe_set_keys(rchallenge, PasswordHashHash);
}
/*
* Set mppe_xxxx_key from MS-CHAPv2 credentials. (see RFC 3079)
*
* This helper function used in the Winbind module, which gets the
* NTHashHash from the server.
*/
void mppe_set_keys2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
u_char NTResponse[24], int IsServer) {
sha1_context sha1Context;
u_char MasterKey[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */
u_char Digest[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */
u_char SHApad1[40] =
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
u_char SHApad2[40] =
{ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 };
/* "This is the MPPE Master Key" */
u_char Magic1[27] =
{ 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 };
/* "On the client side, this is the send key; "
"on the server side, it is the receive key." */
u_char Magic2[84] =
{ 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73,
0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65,
0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
0x6b, 0x65, 0x79, 0x2e };
/* "On the client side, this is the receive key; "
"on the server side, it is the send key." */
u_char Magic3[84] =
{ 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68,
0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73,
0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73,
0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20,
0x6b, 0x65, 0x79, 0x2e };
u_char *s;
sha1_starts(&sha1Context);
sha1_update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
sha1_update(&sha1Context, NTResponse, 24);
sha1_update(&sha1Context, Magic1, sizeof(Magic1));
sha1_finish(&sha1Context, MasterKey);
/*
* generate send key
*/
if (IsServer)
s = Magic3;
else
s = Magic2;
sha1_starts(&sha1Context);
sha1_update(&sha1Context, MasterKey, 16);
sha1_update(&sha1Context, SHApad1, sizeof(SHApad1));
sha1_update(&sha1Context, s, 84);
sha1_update(&sha1Context, SHApad2, sizeof(SHApad2));
sha1_finish(&sha1Context, Digest);
MEMCPY(mppe_send_key, Digest, sizeof(mppe_send_key));
/*
* generate recv key
*/
if (IsServer)
s = Magic2;
else
s = Magic3;
sha1_starts(&sha1Context);
sha1_update(&sha1Context, MasterKey, 16);
sha1_update(&sha1Context, SHApad1, sizeof(SHApad1));
sha1_update(&sha1Context, s, 84);
sha1_update(&sha1Context, SHApad2, sizeof(SHApad2));
sha1_finish(&sha1Context, Digest);
MEMCPY(mppe_recv_key, Digest, sizeof(mppe_recv_key));
mppe_keys_set = 1;
}
/*
* Set mppe_xxxx_key from MS-CHAPv2 credentials. (see RFC 3079)
*/
static void SetMasterKeys(char *secret, int secret_len, u_char NTResponse[24], int IsServer) {
u_char unicodePassword[MAX_NT_PASSWORD * 2];
u_char PasswordHash[MD4_SIGNATURE_SIZE];
u_char PasswordHashHash[MD4_SIGNATURE_SIZE];
/* Hash (x2) the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash);
NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash);
mppe_set_keys2(PasswordHashHash, NTResponse, IsServer);
}
#endif /* MPPE */
void ChapMS(u_char *rchallenge, char *secret, int secret_len,
unsigned char *response) {
BZERO(response, MS_CHAP_RESPONSE_LEN);
ChapMS_NT(rchallenge, secret, secret_len, &response[MS_CHAP_NTRESP]);
#ifdef MSLANMAN
ChapMS_LANMan(rchallenge, secret, secret_len,
&response[MS_CHAP_LANMANRESP]);
/* preferred method is set by option */
response[MS_CHAP_USENT] = !ms_lanman;
#else
response[MS_CHAP_USENT] = 1;
#endif
#ifdef MPPE
Set_Start_Key(rchallenge, secret, secret_len);
#endif
}
/*
* If PeerChallenge is NULL, one is generated and the PeerChallenge
* field of response is filled in. Call this way when generating a response.
* If PeerChallenge is supplied, it is copied into the PeerChallenge field.
* Call this way when verifying a response (or debugging).
* Do not call with PeerChallenge = response.
*
* The PeerChallenge field of response is then used for calculation of the
* Authenticator Response.
*/
void ChapMS2(u_char *rchallenge, u_char *PeerChallenge,
char *user, char *secret, int secret_len, unsigned char *response,
u_char authResponse[], int authenticator) {
/* ARGSUSED */
u_char *p = &response[MS_CHAP2_PEER_CHALLENGE];
int i;
BZERO(response, MS_CHAP2_RESPONSE_LEN);
/* Generate the Peer-Challenge if requested, or copy it if supplied. */
if (!PeerChallenge)
for (i = 0; i < MS_CHAP2_PEER_CHAL_LEN; i++)
*p++ = (u_char) (drand48() * 0xff);
else
MEMCPY(&response[MS_CHAP2_PEER_CHALLENGE], PeerChallenge,
MS_CHAP2_PEER_CHAL_LEN);
/* Generate the NT-Response */
ChapMS2_NT(rchallenge, &response[MS_CHAP2_PEER_CHALLENGE], user,
secret, secret_len, &response[MS_CHAP2_NTRESP]);
/* Generate the Authenticator Response. */
GenerateAuthenticatorResponsePlain(secret, secret_len,
&response[MS_CHAP2_NTRESP],
&response[MS_CHAP2_PEER_CHALLENGE],
rchallenge, user, authResponse);
#ifdef MPPE
SetMasterKeys(secret, secret_len,
&response[MS_CHAP2_NTRESP], authenticator);
#endif
}
#ifdef MPPE
/*
* Set MPPE options from plugins.
*/
void set_mppe_enc_types(int policy, int types) {
/* Early exit for unknown policies. */
if (policy != MPPE_ENC_POL_ENC_ALLOWED ||
policy != MPPE_ENC_POL_ENC_REQUIRED)
return;
/* Don't modify MPPE if it's optional and wasn't already configured. */
if (policy == MPPE_ENC_POL_ENC_ALLOWED && !ccp_wantoptions[0].mppe)
return;
/*
* Disable undesirable encryption types. Note that we don't ENABLE
* any encryption types, to avoid overriding manual configuration.
*/
switch(types) {
case MPPE_ENC_TYPES_RC4_40:
ccp_wantoptions[0].mppe &= ~MPPE_OPT_128; /* disable 128-bit */
break;
case MPPE_ENC_TYPES_RC4_128:
ccp_wantoptions[0].mppe &= ~MPPE_OPT_40; /* disable 40-bit */
break;
default:
break;
}
}
#endif /* MPPE */
const struct chap_digest_type chapms_digest = {
CHAP_MICROSOFT, /* code */
#if PPP_SERVER
chapms_generate_challenge,
chapms_verify_response,
#endif /* PPP_SERVER */
chapms_make_response,
NULL, /* check_success */
chapms_handle_failure,
};
const struct chap_digest_type chapms2_digest = {
CHAP_MICROSOFT_V2, /* code */
#if PPP_SERVER
chapms2_generate_challenge,
chapms2_verify_response,
#endif /* PPP_SERVER */
chapms2_make_response,
chapms2_check_success,
chapms_handle_failure,
};
#endif /* PPP_SUPPORT && MSCHAP_SUPPORT */

396
src/netif/ppp/chpms.c
View File

@ -1,396 +0,0 @@
/*** WARNING - THIS CODE HAS NOT BEEN FINISHED! ***/
/*** The original PPPD code is written in a way to require either the UNIX DES
encryption functions encrypt(3) and setkey(3) or the DES library libdes.
Since both is not included in lwIP, MSCHAP currently does not work! */
/*****************************************************************************
* chpms.c - Network MicroSoft Challenge Handshake Authentication Protocol program file.
*
* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
* Copyright (c) 1997 by Global Election Systems Inc. All rights reserved.
*
* The authors hereby grant permission to use, copy, modify, distribute,
* and license this software and its documentation for any purpose, provided
* that existing copyright notices are retained in all copies and that this
* notice and the following disclaimer are included verbatim in any
* distributions. No written agreement, license, or royalty fee is required
* for any of the authorized uses.
*
* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
******************************************************************************
* REVISION HISTORY
*
* 03-01-01 Marc Boucher <marc@mbsi.ca>
* Ported to lwIP.
* 97-12-08 Guy Lancaster <lancasterg@acm.org>, Global Election Systems Inc.
* Original based on BSD chap_ms.c.
*****************************************************************************/
/*
* chap_ms.c - Microsoft MS-CHAP compatible implementation.
*
* Copyright (c) 1995 Eric Rosenquist, Strata Software Limited.
* http://www.strataware.com/
*
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that the above copyright notice and this paragraph are
* duplicated in all such forms and that any documentation,
* advertising materials, and other materials related to such
* distribution and use acknowledge that the software was developed
* by Eric Rosenquist. The name of the author may not be used to
* endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
/*
* Modifications by Lauri Pesonen / lpesonen@clinet.fi, april 1997
*
* Implemented LANManager type password response to MS-CHAP challenges.
* Now pppd provides both NT style and LANMan style blocks, and the
* prefered is set by option "ms-lanman". Default is to use NT.
* The hash text (StdText) was taken from Win95 RASAPI32.DLL.
*
* You should also use DOMAIN\\USERNAME as described in README.MSCHAP80
*/
#define USE_CRYPT
#include "lwip/opt.h"
#if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#if MSCHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#include "ppp_impl.h"
#include "pppdebug.h"
#include "md4.h"
#ifndef USE_CRYPT
#include "des.h"
#endif
#include "chap.h"
#include "chpms.h"
#include <string.h>
/*************************/
/*** LOCAL DEFINITIONS ***/
/*************************/
/************************/
/*** LOCAL DATA TYPES ***/
/************************/
typedef struct {
u_char LANManResp[24];
u_char NTResp[24];
u_char UseNT; /* If 1, ignore the LANMan response field */
} MS_ChapResponse;
/* We use MS_CHAP_RESPONSE_LEN, rather than sizeof(MS_ChapResponse),
in case this struct gets padded. */
/***********************************/
/*** LOCAL FUNCTION DECLARATIONS ***/
/***********************************/
/* XXX Don't know what to do with these. */
extern void setkey(const char *);
extern void encrypt(char *, int);
static void DesEncrypt (u_char *, u_char *, u_char *);
static void MakeKey (u_char *, u_char *);
#ifdef USE_CRYPT
static void Expand (u_char *, u_char *);
static void Collapse (u_char *, u_char *);
#endif
static void ChallengeResponse(
u_char *challenge, /* IN 8 octets */
u_char *pwHash, /* IN 16 octets */
u_char *response /* OUT 24 octets */
);
static void ChapMS_NT(
char *rchallenge,
int rchallenge_len,
char *secret,
int secret_len,
MS_ChapResponse *response
);
static u_char Get7Bits(
u_char *input,
int startBit
);
static void
ChallengeResponse( u_char *challenge, /* IN 8 octets */
u_char *pwHash, /* IN 16 octets */
u_char *response /* OUT 24 octets */)
{
u_char ZPasswordHash[21];
BZERO(ZPasswordHash, sizeof(ZPasswordHash));
BCOPY(pwHash, ZPasswordHash, 16);
#if 0
log_packet(ZPasswordHash, sizeof(ZPasswordHash), "ChallengeResponse - ZPasswordHash", LOG_DEBUG);
#endif
DesEncrypt(challenge, ZPasswordHash + 0, response + 0);
DesEncrypt(challenge, ZPasswordHash + 7, response + 8);
DesEncrypt(challenge, ZPasswordHash + 14, response + 16);
#if 0
log_packet(response, 24, "ChallengeResponse - response", LOG_DEBUG);
#endif
}
#ifdef USE_CRYPT
static void
DesEncrypt( u_char *clear, /* IN 8 octets */
u_char *key, /* IN 7 octets */
u_char *cipher /* OUT 8 octets */)
{
u_char des_key[8];
u_char crypt_key[66];
u_char des_input[66];
MakeKey(key, des_key);
Expand(des_key, crypt_key);
setkey((char*)crypt_key);
#if 0
CHAPDEBUG(LOG_INFO, ("DesEncrypt: 8 octet input : %02X%02X%02X%02X%02X%02X%02X%02X\n",
clear[0], clear[1], clear[2], clear[3], clear[4], clear[5], clear[6], clear[7]));
#endif
Expand(clear, des_input);
encrypt((char*)des_input, 0);
Collapse(des_input, cipher);
#if 0
CHAPDEBUG(LOG_INFO, ("DesEncrypt: 8 octet output: %02X%02X%02X%02X%02X%02X%02X%02X\n",
cipher[0], cipher[1], cipher[2], cipher[3], cipher[4], cipher[5], cipher[6], cipher[7]));
#endif
}
#else /* USE_CRYPT */
static void
DesEncrypt( u_char *clear, /* IN 8 octets */
u_char *key, /* IN 7 octets */
u_char *cipher /* OUT 8 octets */)
{
des_cblock des_key;
des_key_schedule key_schedule;
MakeKey(key, des_key);
des_set_key(&des_key, key_schedule);
#if 0
CHAPDEBUG(LOG_INFO, ("DesEncrypt: 8 octet input : %02X%02X%02X%02X%02X%02X%02X%02X\n",
clear[0], clear[1], clear[2], clear[3], clear[4], clear[5], clear[6], clear[7]));
#endif
des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher, key_schedule, 1);
#if 0
CHAPDEBUG(LOG_INFO, ("DesEncrypt: 8 octet output: %02X%02X%02X%02X%02X%02X%02X%02X\n",
cipher[0], cipher[1], cipher[2], cipher[3], cipher[4], cipher[5], cipher[6], cipher[7]));
#endif
}
#endif /* USE_CRYPT */
static u_char
Get7Bits( u_char *input, int startBit)
{
register unsigned int word;
word = (unsigned)input[startBit / 8] << 8;
word |= (unsigned)input[startBit / 8 + 1];
word >>= 15 - (startBit % 8 + 7);
return word & 0xFE;
}
#ifdef USE_CRYPT
/* in == 8-byte string (expanded version of the 56-bit key)
* out == 64-byte string where each byte is either 1 or 0
* Note that the low-order "bit" is always ignored by by setkey()
*/
static void
Expand(u_char *in, u_char *out)
{
int j, c;
int i;
for(i = 0; i < 64; in++){
c = *in;
for(j = 7; j >= 0; j--) {
*out++ = (c >> j) & 01;
}
i += 8;
}
}
/* The inverse of Expand
*/
static void
Collapse(u_char *in, u_char *out)
{
int j;
int i;
unsigned int c;
for (i = 0; i < 64; i += 8, out++) {
c = 0;
for (j = 7; j >= 0; j--, in++) {
c |= *in << j;
}
*out = c & 0xff;
}
}
#endif
static void
MakeKey( u_char *key, /* IN 56 bit DES key missing parity bits */
u_char *des_key /* OUT 64 bit DES key with parity bits added */)
{
des_key[0] = Get7Bits(key, 0);
des_key[1] = Get7Bits(key, 7);
des_key[2] = Get7Bits(key, 14);
des_key[3] = Get7Bits(key, 21);
des_key[4] = Get7Bits(key, 28);
des_key[5] = Get7Bits(key, 35);
des_key[6] = Get7Bits(key, 42);
des_key[7] = Get7Bits(key, 49);
#ifndef USE_CRYPT
des_set_odd_parity((des_cblock *)des_key);
#endif
#if 0
CHAPDEBUG(LOG_INFO, ("MakeKey: 56-bit input : %02X%02X%02X%02X%02X%02X%02X\n",
key[0], key[1], key[2], key[3], key[4], key[5], key[6]));
CHAPDEBUG(LOG_INFO, ("MakeKey: 64-bit output: %02X%02X%02X%02X%02X%02X%02X%02X\n",
des_key[0], des_key[1], des_key[2], des_key[3], des_key[4], des_key[5], des_key[6], des_key[7]));
#endif
}
static void
ChapMS_NT( char *rchallenge,
int rchallenge_len,
char *secret,
int secret_len,
MS_ChapResponse *response)
{
int i;
MDstruct md4Context;
u_char unicodePassword[MAX_NT_PASSWORD * 2];
static int low_byte_first = -1;
LWIP_UNUSED_ARG(rchallenge_len);
/* Initialize the Unicode version of the secret (== password). */
/* This implicitly supports 8-bit ISO8859/1 characters. */
BZERO(unicodePassword, sizeof(unicodePassword));
for (i = 0; i < secret_len; i++) {
unicodePassword[i * 2] = (u_char)secret[i];
}
MDbegin(&md4Context);
MDupdate(&md4Context, unicodePassword, secret_len * 2 * 8); /* Unicode is 2 bytes/char, *8 for bit count */
if (low_byte_first == -1) {
low_byte_first = (PP_HTONS((unsigned short int)1) != 1);
}
if (low_byte_first == 0) {
/* @todo: arg type - u_long* or u_int* ? */
MDreverse((unsigned int*)&md4Context); /* sfb 961105 */
}
MDupdate(&md4Context, NULL, 0); /* Tell MD4 we're done */
ChallengeResponse((u_char*)rchallenge, (u_char*)md4Context.buffer, response->NTResp);
}
#ifdef MSLANMAN
static u_char *StdText = (u_char *)"KGS!@#$%"; /* key from rasapi32.dll */
static void
ChapMS_LANMan( char *rchallenge,
int rchallenge_len,
char *secret,
int secret_len,
MS_ChapResponse *response)
{
int i;
u_char UcasePassword[MAX_NT_PASSWORD]; /* max is actually 14 */
u_char PasswordHash[16];
/* LANMan password is case insensitive */
BZERO(UcasePassword, sizeof(UcasePassword));
for (i = 0; i < secret_len; i++) {
UcasePassword[i] = (u_char)toupper(secret[i]);
}
DesEncrypt( StdText, UcasePassword + 0, PasswordHash + 0 );
DesEncrypt( StdText, UcasePassword + 7, PasswordHash + 8 );
ChallengeResponse(rchallenge, PasswordHash, response->LANManResp);
}
#endif
void
ChapMS( chap_state *cstate, char *rchallenge, int rchallenge_len, char *secret, int secret_len)
{
MS_ChapResponse response;
#ifdef MSLANMAN
extern int ms_lanman;
#endif
#if 0
CHAPDEBUG(LOG_INFO, ("ChapMS: secret is '%.*s'\n", secret_len, secret));
#endif
BZERO(&response, sizeof(response));
/* Calculate both always */
ChapMS_NT(rchallenge, rchallenge_len, secret, secret_len, &response);
#ifdef MSLANMAN
ChapMS_LANMan(rchallenge, rchallenge_len, secret, secret_len, &response);
/* prefered method is set by option */
response.UseNT = !ms_lanman;
#else
response.UseNT = 1;
#endif
BCOPY(&response, cstate->response, MS_CHAP_RESPONSE_LEN);
cstate->resp_length = MS_CHAP_RESPONSE_LEN;
}
#endif /* MSCHAP_SUPPORT */
#endif /* PPP_SUPPORT */

64
src/netif/ppp/chpms.h
View File

@ -1,64 +0,0 @@
/*****************************************************************************
* chpms.h - Network Microsoft Challenge Handshake Protocol header file.
*
* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
* portions Copyright (c) 1998 Global Election Systems Inc.
*
* The authors hereby grant permission to use, copy, modify, distribute,
* and license this software and its documentation for any purpose, provided
* that existing copyright notices are retained in all copies and that this
* notice and the following disclaimer are included verbatim in any
* distributions. No written agreement, license, or royalty fee is required
* for any of the authorized uses.
*
* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
******************************************************************************
* REVISION HISTORY
*
* 03-01-01 Marc Boucher <marc@mbsi.ca>
* Ported to lwIP.
* 98-01-30 Guy Lancaster <lancasterg@acm.org>, Global Election Systems Inc.
* Original built from BSD network code.
******************************************************************************/
/*
* chap.h - Challenge Handshake Authentication Protocol definitions.
*
* Copyright (c) 1995 Eric Rosenquist, Strata Software Limited.
* http://www.strataware.com/
*
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that the above copyright notice and this paragraph are
* duplicated in all such forms and that any documentation,
* advertising materials, and other materials related to such
* distribution and use acknowledge that the software was developed
* by Eric Rosenquist. The name of the author may not be used to
* endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: chpms.h,v 1.5 2007/12/19 20:47:23 fbernon Exp $
*/
#ifndef CHPMS_H
#define CHPMS_H
#define MAX_NT_PASSWORD 256 /* Maximum number of (Unicode) chars in an NT password */
void ChapMS (chap_state *, char *, int, char *, int);
#endif /* CHPMS_H */

467
src/netif/ppp/demand.c Normal file
View File

@ -0,0 +1,467 @@
/*
* demand.c - Support routines for demand-dialling.
*
* Copyright (c) 1996-2002 Paul Mackerras. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. The name(s) of the authors of this software must not be used to
* endorse or promote products derived from this software without
* prior written permission.
*
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
* <paulus@samba.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
* SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && DEMAND_SUPPORT /* don't build if not configured for use in lwipopts.h */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <fcntl.h>
#include <netdb.h>
#include <unistd.h>
#include <syslog.h>
#include <sys/param.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <sys/stat.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#ifdef PPP_FILTER
#include <pcap-bpf.h>
#endif
#include "netif/ppp/ppp_impl.h"
#include "netif/ppp/fsm.h"
#include "netif/ppp/ipcp.h"
#include "netif/ppp/lcp.h"
char *frame;
int framelen;
int framemax;
int escape_flag;
int flush_flag;
int fcs;
struct packet {
int length;
struct packet *next;
unsigned char data[1];
};
struct packet *pend_q;
struct packet *pend_qtail;
static int active_packet (unsigned char *, int);
/*
* demand_conf - configure the interface for doing dial-on-demand.
*/
void
demand_conf()
{
int i;
const struct protent *protp;
/* framemax = lcp_allowoptions[0].mru;
if (framemax < PPP_MRU) */
framemax = PPP_MRU;
framemax += PPP_HDRLEN + PPP_FCSLEN;
frame = malloc(framemax);
if (frame == NULL)
novm("demand frame");
framelen = 0;
pend_q = NULL;
escape_flag = 0;
flush_flag = 0;
fcs = PPP_INITFCS;
netif_set_mtu(pcb, LWIP_MIN(lcp_allowoptions[0].mru, PPP_MRU));
if (ppp_send_config(pcb, PPP_MRU, (u32_t) 0, 0, 0) < 0
|| ppp_recv_config(pcb, PPP_MRU, (u32_t) 0, 0, 0) < 0)
fatal("Couldn't set up demand-dialled PPP interface: %m");
#ifdef PPP_FILTER
set_filters(&pass_filter, &active_filter);
#endif
/*
* Call the demand_conf procedure for each protocol that's got one.
*/
for (i = 0; (protp = protocols[i]) != NULL; ++i)
if (protp->enabled_flag && protp->demand_conf != NULL)
((*protp->demand_conf)(pcb));
/* FIXME: find a way to die() here */
#if 0
if (!((*protp->demand_conf)(pcb)))
die(1);
#endif
}
/*
* demand_block - set each network protocol to block further packets.
*/
void
demand_block()
{
int i;
const struct protent *protp;
for (i = 0; (protp = protocols[i]) != NULL; ++i)
if (protp->enabled_flag && protp->demand_conf != NULL)
sifnpmode(pcb, protp->protocol & ~0x8000, NPMODE_QUEUE);
get_loop_output();
}
/*
* demand_discard - set each network protocol to discard packets
* with an error.
*/
void
demand_discard()
{
struct packet *pkt, *nextpkt;
int i;
const struct protent *protp;
for (i = 0; (protp = protocols[i]) != NULL; ++i)
if (protp->enabled_flag && protp->demand_conf != NULL)
sifnpmode(pcb, protp->protocol & ~0x8000, NPMODE_ERROR);
get_loop_output();
/* discard all saved packets */
for (pkt = pend_q; pkt != NULL; pkt = nextpkt) {
nextpkt = pkt->next;
free(pkt);
}
pend_q = NULL;
framelen = 0;
flush_flag = 0;
escape_flag = 0;
fcs = PPP_INITFCS;
}
/*
* demand_unblock - set each enabled network protocol to pass packets.
*/
void
demand_unblock()
{
int i;
const struct protent *protp;
for (i = 0; (protp = protocols[i]) != NULL; ++i)
if (protp->enabled_flag && protp->demand_conf != NULL)
sifnpmode(pcb, protp->protocol & ~0x8000, NPMODE_PASS);
}
/*
* FCS lookup table as calculated by genfcstab.
*/
static u_short fcstab[256] = {
0x0000, 0x1189, 0x2312, 0x329b, 0x4624, 0x57ad, 0x6536, 0x74bf,
0x8c48, 0x9dc1, 0xaf5a, 0xbed3, 0xca6c, 0xdbe5, 0xe97e, 0xf8f7,
0x1081, 0x0108, 0x3393, 0x221a, 0x56a5, 0x472c, 0x75b7, 0x643e,
0x9cc9, 0x8d40, 0xbfdb, 0xae52, 0xdaed, 0xcb64, 0xf9ff, 0xe876,
0x2102, 0x308b, 0x0210, 0x1399, 0x6726, 0x76af, 0x4434, 0x55bd,
0xad4a, 0xbcc3, 0x8e58, 0x9fd1, 0xeb6e, 0xfae7, 0xc87c, 0xd9f5,
0x3183, 0x200a, 0x1291, 0x0318, 0x77a7, 0x662e, 0x54b5, 0x453c,
0xbdcb, 0xac42, 0x9ed9, 0x8f50, 0xfbef, 0xea66, 0xd8fd, 0xc974,
0x4204, 0x538d, 0x6116, 0x709f, 0x0420, 0x15a9, 0x2732, 0x36bb,
0xce4c, 0xdfc5, 0xed5e, 0xfcd7, 0x8868, 0x99e1, 0xab7a, 0xbaf3,
0x5285, 0x430c, 0x7197, 0x601e, 0x14a1, 0x0528, 0x37b3, 0x263a,
0xdecd, 0xcf44, 0xfddf, 0xec56, 0x98e9, 0x8960, 0xbbfb, 0xaa72,
0x6306, 0x728f, 0x4014, 0x519d, 0x2522, 0x34ab, 0x0630, 0x17b9,
0xef4e, 0xfec7, 0xcc5c, 0xddd5, 0xa96a, 0xb8e3, 0x8a78, 0x9bf1,
0x7387, 0x620e, 0x5095, 0x411c, 0x35a3, 0x242a, 0x16b1, 0x0738,
0xffcf, 0xee46, 0xdcdd, 0xcd54, 0xb9eb, 0xa862, 0x9af9, 0x8b70,
0x8408, 0x9581, 0xa71a, 0xb693, 0xc22c, 0xd3a5, 0xe13e, 0xf0b7,
0x0840, 0x19c9, 0x2b52, 0x3adb, 0x4e64, 0x5fed, 0x6d76, 0x7cff,
0x9489, 0x8500, 0xb79b, 0xa612, 0xd2ad, 0xc324, 0xf1bf, 0xe036,
0x18c1, 0x0948, 0x3bd3, 0x2a5a, 0x5ee5, 0x4f6c, 0x7df7, 0x6c7e,
0xa50a, 0xb483, 0x8618, 0x9791, 0xe32e, 0xf2a7, 0xc03c, 0xd1b5,
0x2942, 0x38cb, 0x0a50, 0x1bd9, 0x6f66, 0x7eef, 0x4c74, 0x5dfd,
0xb58b, 0xa402, 0x9699, 0x8710, 0xf3af, 0xe226, 0xd0bd, 0xc134,
0x39c3, 0x284a, 0x1ad1, 0x0b58, 0x7fe7, 0x6e6e, 0x5cf5, 0x4d7c,
0xc60c, 0xd785, 0xe51e, 0xf497, 0x8028, 0x91a1, 0xa33a, 0xb2b3,
0x4a44, 0x5bcd, 0x6956, 0x78df, 0x0c60, 0x1de9, 0x2f72, 0x3efb,
0xd68d, 0xc704, 0xf59f, 0xe416, 0x90a9, 0x8120, 0xb3bb, 0xa232,
0x5ac5, 0x4b4c, 0x79d7, 0x685e, 0x1ce1, 0x0d68, 0x3ff3, 0x2e7a,
0xe70e, 0xf687, 0xc41c, 0xd595, 0xa12a, 0xb0a3, 0x8238, 0x93b1,
0x6b46, 0x7acf, 0x4854, 0x59dd, 0x2d62, 0x3ceb, 0x0e70, 0x1ff9,
0xf78f, 0xe606, 0xd49d, 0xc514, 0xb1ab, 0xa022, 0x92b9, 0x8330,
0x7bc7, 0x6a4e, 0x58d5, 0x495c, 0x3de3, 0x2c6a, 0x1ef1, 0x0f78
};
/*
* loop_chars - process characters received from the loopback.
* Calls loop_frame when a complete frame has been accumulated.
* Return value is 1 if we need to bring up the link, 0 otherwise.
*/
int
loop_chars(p, n)
unsigned char *p;
int n;
{
int c, rv;
rv = 0;
/* check for synchronous connection... */
if ( (p[0] == 0xFF) && (p[1] == 0x03) ) {
rv = loop_frame(p,n);
return rv;
}
for (; n > 0; --n) {
c = *p++;
if (c == PPP_FLAG) {
if (!escape_flag && !flush_flag
&& framelen > 2 && fcs == PPP_GOODFCS) {
framelen -= 2;
if (loop_frame((unsigned char *)frame, framelen))
rv = 1;
}
framelen = 0;
flush_flag = 0;
escape_flag = 0;
fcs = PPP_INITFCS;
continue;
}
if (flush_flag)
continue;
if (escape_flag) {
c ^= PPP_TRANS;
escape_flag = 0;
} else if (c == PPP_ESCAPE) {
escape_flag = 1;
continue;
}
if (framelen >= framemax) {
flush_flag = 1;
continue;
}
frame[framelen++] = c;
fcs = PPP_FCS(fcs, c);
}
return rv;
}
/*
* loop_frame - given a frame obtained from the loopback,
* decide whether to bring up the link or not, and, if we want
* to transmit this frame later, put it on the pending queue.
* Return value is 1 if we need to bring up the link, 0 otherwise.
* We assume that the kernel driver has already applied the
* pass_filter, so we won't get packets it rejected.
* We apply the active_filter to see if we want this packet to
* bring up the link.
*/
int
loop_frame(frame, len)
unsigned char *frame;
int len;
{
struct packet *pkt;
/* dbglog("from loop: %P", frame, len); */
if (len < PPP_HDRLEN)
return 0;
if ((PPP_PROTOCOL(frame) & 0x8000) != 0)
return 0; /* shouldn't get any of these anyway */
if (!active_packet(frame, len))
return 0;
pkt = (struct packet *) malloc(sizeof(struct packet) + len);
if (pkt != NULL) {
pkt->length = len;
pkt->next = NULL;
memcpy(pkt->data, frame, len);
if (pend_q == NULL)
pend_q = pkt;
else
pend_qtail->next = pkt;
pend_qtail = pkt;
}
return 1;
}
/*
* demand_rexmit - Resend all those frames which we got via the
* loopback, now that the real serial link is up.
*/
void
demand_rexmit(proto, newip)
int proto;
u32_t newip;
{
struct packet *pkt, *prev, *nextpkt;
unsigned short checksum;
unsigned short pkt_checksum = 0;
unsigned iphdr;
struct timeval tv;
char cv = 0;
char ipstr[16];
prev = NULL;
pkt = pend_q;
pend_q = NULL;
tv.tv_sec = 1;
tv.tv_usec = 0;
select(0,NULL,NULL,NULL,&tv); /* Sleep for 1 Seconds */
for (; pkt != NULL; pkt = nextpkt) {
nextpkt = pkt->next;
if (PPP_PROTOCOL(pkt->data) == proto) {
if ( (proto == PPP_IP) && newip ) {
/* Get old checksum */
iphdr = (pkt->data[4] & 15) << 2;
checksum = *((unsigned short *) (pkt->data+14));
if (checksum == 0xFFFF) {
checksum = 0;
}
if (pkt->data[13] == 17) {
pkt_checksum = *((unsigned short *) (pkt->data+10+iphdr));
if (pkt_checksum) {
cv = 1;
if (pkt_checksum == 0xFFFF) {
pkt_checksum = 0;
}
}
else {
cv = 0;
}
}
if (pkt->data[13] == 6) {
pkt_checksum = *((unsigned short *) (pkt->data+20+iphdr));
cv = 1;
if (pkt_checksum == 0xFFFF) {
pkt_checksum = 0;
}
}
/* Delete old Source-IP-Address */
checksum -= *((unsigned short *) (pkt->data+16)) ^ 0xFFFF;
checksum -= *((unsigned short *) (pkt->data+18)) ^ 0xFFFF;
pkt_checksum -= *((unsigned short *) (pkt->data+16)) ^ 0xFFFF;
pkt_checksum -= *((unsigned short *) (pkt->data+18)) ^ 0xFFFF;
/* Change Source-IP-Address */
* ((u32_t *) (pkt->data + 16)) = newip;
/* Add new Source-IP-Address */
checksum += *((unsigned short *) (pkt->data+16)) ^ 0xFFFF;
checksum += *((unsigned short *) (pkt->data+18)) ^ 0xFFFF;
pkt_checksum += *((unsigned short *) (pkt->data+16)) ^ 0xFFFF;
pkt_checksum += *((unsigned short *) (pkt->data+18)) ^ 0xFFFF;
/* Write new checksum */
if (!checksum) {
checksum = 0xFFFF;
}
*((unsigned short *) (pkt->data+14)) = checksum;
if (pkt->data[13] == 6) {
*((unsigned short *) (pkt->data+20+iphdr)) = pkt_checksum;
}
if (cv && (pkt->data[13] == 17) ) {
*((unsigned short *) (pkt->data+10+iphdr)) = pkt_checksum;
}
/* Log Packet */
strcpy(ipstr,inet_ntoa(*( (struct in_addr *) (pkt->data+16))));
if (pkt->data[13] == 1) {
syslog(LOG_INFO,"Open ICMP %s -> %s\n",
ipstr,
inet_ntoa(*( (struct in_addr *) (pkt->data+20))));
} else {
syslog(LOG_INFO,"Open %s %s:%d -> %s:%d\n",
pkt->data[13] == 6 ? "TCP" : "UDP",
ipstr,
ntohs(*( (short *) (pkt->data+iphdr+4))),
inet_ntoa(*( (struct in_addr *) (pkt->data+20))),
ntohs(*( (short *) (pkt->data+iphdr+6))));
}
}
output(pcb, pkt->data, pkt->length);
free(pkt);
} else {
if (prev == NULL)
pend_q = pkt;
else
prev->next = pkt;
prev = pkt;
}
}
pend_qtail = prev;
if (prev != NULL)
prev->next = NULL;
}
/*
* Scan a packet to decide whether it is an "active" packet,
* that is, whether it is worth bringing up the link for.
*/
static int
active_packet(p, len)
unsigned char *p;
int len;
{
int proto, i;
const struct protent *protp;
if (len < PPP_HDRLEN)
return 0;
proto = PPP_PROTOCOL(p);
#ifdef PPP_FILTER
p[0] = 1; /* outbound packet indicator */
if ((pass_filter.bf_len != 0
&& bpf_filter(pass_filter.bf_insns, p, len, len) == 0)
|| (active_filter.bf_len != 0
&& bpf_filter(active_filter.bf_insns, p, len, len) == 0)) {
p[0] = 0xff;
return 0;
}
p[0] = 0xff;
#endif
for (i = 0; (protp = protocols[i]) != NULL; ++i) {
if (protp->protocol < 0xC000 && (protp->protocol & ~0x8000) == proto) {
if (!protp->enabled_flag)
return 0;
if (protp->active_pkt == NULL)
return 1;
return (*protp->active_pkt)(p, len);
}
}
return 0; /* not a supported protocol !!?? */
}
#endif /* PPP_SUPPORT && DEMAND_SUPPORT */

2444
src/netif/ppp/eap.c Normal file
View File

File diff suppressed because it is too large Load Diff

188
src/netif/ppp/ecp.c Normal file
View File

@ -0,0 +1,188 @@
/*
* ecp.c - PPP Encryption Control Protocol.
*
* Copyright (c) 2002 Google, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The name(s) of the authors of this software must not be used to
* endorse or promote products derived from this software without
* prior written permission.
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
* SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* Derived from ccp.c, which is:
*
* Copyright (c) 1994-2002 Paul Mackerras. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. The name(s) of the authors of this software must not be used to
* endorse or promote products derived from this software without
* prior written permission.
*
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
* <paulus@samba.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
* SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && ECP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#include <string.h>
#include "netif/ppp/ppp_impl.h"
#include "netif/ppp/fsm.h"
#include "netif/ppp/ecp.h"
#if PPP_OPTIONS
static option_t ecp_option_list[] = {
{ "noecp", o_bool, &ecp_protent.enabled_flag,
"Disable ECP negotiation" },
{ "-ecp", o_bool, &ecp_protent.enabled_flag,
"Disable ECP negotiation", OPT_ALIAS },
{ NULL }
};
#endif /* PPP_OPTIONS */
/*
* Protocol entry points from main code.
*/
static void ecp_init (int unit);
/*
static void ecp_open (int unit);
static void ecp_close (int unit, char *);
static void ecp_lowerup (int unit);
static void ecp_lowerdown (int);
static void ecp_input (int unit, u_char *pkt, int len);
static void ecp_protrej (int unit);
*/
#if PRINTPKT_SUPPORT
static int ecp_printpkt (u_char *pkt, int len,
void (*printer) (void *, char *, ...),
void *arg);
#endif /* PRINTPKT_SUPPORT */
/*
static void ecp_datainput (int unit, u_char *pkt, int len);
*/
const struct protent ecp_protent = {
PPP_ECP,
ecp_init,
NULL, /* ecp_input, */
NULL, /* ecp_protrej, */
NULL, /* ecp_lowerup, */
NULL, /* ecp_lowerdown, */
NULL, /* ecp_open, */
NULL, /* ecp_close, */
#if PRINTPKT_SUPPORT
ecp_printpkt,
#endif /* PRINTPKT_SUPPORT */
NULL, /* ecp_datainput, */
0,
#if PRINTPKT_SUPPORT
"ECP",
"Encrypted",
#endif /* PRINTPKT_SUPPORT */
#if PPP_OPTIONS
ecp_option_list,
NULL,
#endif /* PPP_OPTIONS */
#if DEMAND_SUPPORT
NULL,
NULL
#endif /* DEMAND_SUPPORT */
};
fsm ecp_fsm[NUM_PPP];
ecp_options ecp_wantoptions[NUM_PPP]; /* what to request the peer to use */
ecp_options ecp_gotoptions[NUM_PPP]; /* what the peer agreed to do */
ecp_options ecp_allowoptions[NUM_PPP]; /* what we'll agree to do */
ecp_options ecp_hisoptions[NUM_PPP]; /* what we agreed to do */
static const fsm_callbacks ecp_callbacks = {
NULL, /* ecp_resetci, */
NULL, /* ecp_cilen, */
NULL, /* ecp_addci, */
NULL, /* ecp_ackci, */
NULL, /* ecp_nakci, */
NULL, /* ecp_rejci, */
NULL, /* ecp_reqci, */
NULL, /* ecp_up, */
NULL, /* ecp_down, */
NULL,
NULL,
NULL,
NULL,
NULL, /* ecp_extcode, */
"ECP"
};
/*
* ecp_init - initialize ECP.
*/
static void
ecp_init(unit)
int unit;
{
fsm *f = &ecp_fsm[unit];
f->unit = unit;
f->protocol = PPP_ECP;
f->callbacks = &ecp_callbacks;
fsm_init(f);
memset(&ecp_wantoptions[unit], 0, sizeof(ecp_options));
memset(&ecp_gotoptions[unit], 0, sizeof(ecp_options));
memset(&ecp_allowoptions[unit], 0, sizeof(ecp_options));
memset(&ecp_hisoptions[unit], 0, sizeof(ecp_options));
}
#if PRINTPKT_SUPPORT
static int
ecp_printpkt(p, plen, printer, arg)
u_char *p;
int plen;
void (*printer) (void *, char *, ...);
void *arg;
{
return 0;
}
#endif /* PRINTPKT_SUPPORT */
#endif /* PPP_SUPPORT && ECP_SUPPORT */

56
src/netif/ppp/eui64.c Normal file
View File

@ -0,0 +1,56 @@
/*
* eui64.c - EUI64 routines for IPv6CP.
*
* Copyright (c) 1999 Tommi Komulainen. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The name(s) of the authors of this software must not be used to
* endorse or promote products derived from this software without
* prior written permission.
*
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Tommi Komulainen
* <Tommi.Komulainen@iki.fi>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
* SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* $Id: eui64.c,v 1.6 2002/12/04 23:03:32 paulus Exp $
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && PPP_IPV6_SUPPORT /* don't build if not configured for use in lwipopts.h */
#include "netif/ppp/ppp_impl.h"
#include "netif/ppp/eui64.h"
/*
* eui64_ntoa - Make an ascii representation of an interface identifier
*/
char *eui64_ntoa(eui64_t e) {
static char buf[32];
snprintf(buf, 32, "%02x%02x:%02x%02x:%02x%02x:%02x%02x",
e.e8[0], e.e8[1], e.e8[2], e.e8[3],
e.e8[4], e.e8[5], e.e8[6], e.e8[7]);
return buf;
}
#endif /* PPP_SUPPORT && PPP_IPV6_SUPPORT */

1312
src/netif/ppp/fsm.c
View File

File diff suppressed because it is too large Load Diff

157
src/netif/ppp/fsm.h
View File

@ -1,157 +0,0 @@
/*****************************************************************************
* fsm.h - Network Control Protocol Finite State Machine header file.
*
* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
* Copyright (c) 1997 Global Election Systems Inc.
*
* The authors hereby grant permission to use, copy, modify, distribute,
* and license this software and its documentation for any purpose, provided
* that existing copyright notices are retained in all copies and that this
* notice and the following disclaimer are included verbatim in any
* distributions. No written agreement, license, or royalty fee is required
* for any of the authorized uses.
*
* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
******************************************************************************
* REVISION HISTORY
*
* 03-01-01 Marc Boucher <marc@mbsi.ca>
* Ported to lwIP.
* 97-11-05 Guy Lancaster <glanca@gesn.com>, Global Election Systems Inc.
* Original based on BSD code.
*****************************************************************************/
/*
* fsm.h - {Link, IP} Control Protocol Finite State Machine definitions.
*
* Copyright (c) 1989 Carnegie Mellon University.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that the above copyright notice and this paragraph are
* duplicated in all such forms and that any documentation,
* advertising materials, and other materials related to such
* distribution and use acknowledge that the software was developed
* by Carnegie Mellon University. The name of the
* University may not be used to endorse or promote products derived
* from this software without specific prior written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: fsm.h,v 1.5 2009/12/31 17:08:08 goldsimon Exp $
*/
#ifndef FSM_H
#define FSM_H
/*
* LCP Packet header = Code, id, length.
*/
#define HEADERLEN (sizeof (u_char) + sizeof (u_char) + sizeof (u_short))
/*
* CP (LCP, IPCP, etc.) codes.
*/
#define CONFREQ 1 /* Configuration Request */
#define CONFACK 2 /* Configuration Ack */
#define CONFNAK 3 /* Configuration Nak */
#define CONFREJ 4 /* Configuration Reject */
#define TERMREQ 5 /* Termination Request */
#define TERMACK 6 /* Termination Ack */
#define CODEREJ 7 /* Code Reject */
/*
* Each FSM is described by an fsm structure and fsm callbacks.
*/
typedef struct fsm {
int unit; /* Interface unit number */
u_short protocol; /* Data Link Layer Protocol field value */
int state; /* State */
int flags; /* Contains option bits */
u_char id; /* Current id */
u_char reqid; /* Current request id */
u_char seen_ack; /* Have received valid Ack/Nak/Rej to Req */
int timeouttime; /* Timeout time in milliseconds */
int maxconfreqtransmits; /* Maximum Configure-Request transmissions */
int retransmits; /* Number of retransmissions left */
int maxtermtransmits; /* Maximum Terminate-Request transmissions */
int nakloops; /* Number of nak loops since last ack */
int maxnakloops; /* Maximum number of nak loops tolerated */
struct fsm_callbacks* callbacks; /* Callback routines */
char* term_reason; /* Reason for closing protocol */
int term_reason_len; /* Length of term_reason */
} fsm;
typedef struct fsm_callbacks {
void (*resetci)(fsm*); /* Reset our Configuration Information */
int (*cilen)(fsm*); /* Length of our Configuration Information */
void (*addci)(fsm*, u_char*, int*); /* Add our Configuration Information */
int (*ackci)(fsm*, u_char*, int); /* ACK our Configuration Information */
int (*nakci)(fsm*, u_char*, int); /* NAK our Configuration Information */
int (*rejci)(fsm*, u_char*, int); /* Reject our Configuration Information */
int (*reqci)(fsm*, u_char*, int*, int); /* Request peer's Configuration Information */
void (*up)(fsm*); /* Called when fsm reaches LS_OPENED state */
void (*down)(fsm*); /* Called when fsm leaves LS_OPENED state */
void (*starting)(fsm*); /* Called when we want the lower layer */
void (*finished)(fsm*); /* Called when we don't want the lower layer */
void (*protreject)(int); /* Called when Protocol-Reject received */
void (*retransmit)(fsm*); /* Retransmission is necessary */
int (*extcode)(fsm*, int, u_char, u_char*, int); /* Called when unknown code received */
char *proto_name; /* String name for protocol (for messages) */
} fsm_callbacks;
/*
* Link states.
*/
#define LS_INITIAL 0 /* Down, hasn't been opened */
#define LS_STARTING 1 /* Down, been opened */
#define LS_CLOSED 2 /* Up, hasn't been opened */
#define LS_STOPPED 3 /* Open, waiting for down event */
#define LS_CLOSING 4 /* Terminating the connection, not open */
#define LS_STOPPING 5 /* Terminating, but open */
#define LS_REQSENT 6 /* We've sent a Config Request */
#define LS_ACKRCVD 7 /* We've received a Config Ack */
#define LS_ACKSENT 8 /* We've sent a Config Ack */
#define LS_OPENED 9 /* Connection available */
/*
* Flags - indicate options controlling FSM operation
*/
#define OPT_PASSIVE 1 /* Don't die if we don't get a response */
#define OPT_RESTART 2 /* Treat 2nd OPEN as DOWN, UP */
#define OPT_SILENT 4 /* Wait for peer to speak first */
/*
* Prototypes
*/
void fsm_init (fsm*);
void fsm_lowerup (fsm*);
void fsm_lowerdown (fsm*);
void fsm_open (fsm*);
void fsm_close (fsm*, char*);
void fsm_input (fsm*, u_char*, int);
void fsm_protreject (fsm*);
void fsm_sdata (fsm*, u_char, u_char, u_char*, int);
/*
* Variables
*/
extern int peer_mru[]; /* currently negotiated peer MRU (per unit) */
#endif /* FSM_H */

3166
src/netif/ppp/ipcp.c
View File

File diff suppressed because it is too large Load Diff

106
src/netif/ppp/ipcp.h
View File

@ -1,106 +0,0 @@
/*****************************************************************************
* ipcp.h - PPP IP NCP: Internet Protocol Network Control Protocol header file.
*
* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
* portions Copyright (c) 1997 Global Election Systems Inc.
*
* The authors hereby grant permission to use, copy, modify, distribute,
* and license this software and its documentation for any purpose, provided
* that existing copyright notices are retained in all copies and that this
* notice and the following disclaimer are included verbatim in any
* distributions. No written agreement, license, or royalty fee is required
* for any of the authorized uses.
*
* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
******************************************************************************
* REVISION HISTORY
*
* 03-01-01 Marc Boucher <marc@mbsi.ca>
* Ported to lwIP.
* 97-12-04 Guy Lancaster <glanca@gesn.com>, Global Election Systems Inc.
* Original derived from BSD codes.
*****************************************************************************/
/*
* ipcp.h - IP Control Protocol definitions.
*
* Copyright (c) 1989 Carnegie Mellon University.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that the above copyright notice and this paragraph are
* duplicated in all such forms and that any documentation,
* advertising materials, and other materials related to such
* distribution and use acknowledge that the software was developed
* by Carnegie Mellon University. The name of the
* University may not be used to endorse or promote products derived
* from this software without specific prior written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: ipcp.h,v 1.4 2010/01/18 20:49:43 goldsimon Exp $
*/
#ifndef IPCP_H
#define IPCP_H
/*
* Options.
*/
#define CI_ADDRS 1 /* IP Addresses */
#define CI_COMPRESSTYPE 2 /* Compression Type */
#define CI_ADDR 3
#define CI_MS_DNS1 129 /* Primary DNS value */
#define CI_MS_WINS1 128 /* Primary WINS value */
#define CI_MS_DNS2 131 /* Secondary DNS value */
#define CI_MS_WINS2 130 /* Secondary WINS value */
#define IPCP_VJMODE_OLD 1 /* "old" mode (option # = 0x0037) */
#define IPCP_VJMODE_RFC1172 2 /* "old-rfc"mode (option # = 0x002d) */
#define IPCP_VJMODE_RFC1332 3 /* "new-rfc"mode (option # = 0x002d, */
/* maxslot and slot number compression) */
#define IPCP_VJ_COMP 0x002d /* current value for VJ compression option */
#define IPCP_VJ_COMP_OLD 0x0037 /* "old" (i.e, broken) value for VJ */
/* compression option */
typedef struct ipcp_options {
u_int neg_addr : 1; /* Negotiate IP Address? */
u_int old_addrs : 1; /* Use old (IP-Addresses) option? */
u_int req_addr : 1; /* Ask peer to send IP address? */
u_int default_route : 1; /* Assign default route through interface? */
u_int proxy_arp : 1; /* Make proxy ARP entry for peer? */
u_int neg_vj : 1; /* Van Jacobson Compression? */
u_int old_vj : 1; /* use old (short) form of VJ option? */
u_int accept_local : 1; /* accept peer's value for ouraddr */
u_int accept_remote : 1; /* accept peer's value for hisaddr */
u_int req_dns1 : 1; /* Ask peer to send primary DNS address? */
u_int req_dns2 : 1; /* Ask peer to send secondary DNS address? */
u_short vj_protocol; /* protocol value to use in VJ option */
u_char maxslotindex; /* VJ slots - 1. */
u_char cflag; /* VJ slot compression flag. */
u32_t ouraddr, hisaddr; /* Addresses in NETWORK BYTE ORDER */
u32_t dnsaddr[2]; /* Primary and secondary MS DNS entries */
u32_t winsaddr[2]; /* Primary and secondary MS WINS entries */
} ipcp_options;
extern fsm ipcp_fsm[];
extern ipcp_options ipcp_wantoptions[];
extern ipcp_options ipcp_gotoptions[];
extern ipcp_options ipcp_allowoptions[];
extern ipcp_options ipcp_hisoptions[];
extern struct protent ipcp_protent;
#endif /* IPCP_H */

1507
src/netif/ppp/ipv6cp.c Normal file
View File

File diff suppressed because it is too large Load Diff

4051
src/netif/ppp/lcp.c
View File

File diff suppressed because it is too large Load Diff

151
src/netif/ppp/lcp.h
View File

@ -1,151 +0,0 @@
/*****************************************************************************
* lcp.h - Network Link Control Protocol header file.
*
* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
* portions Copyright (c) 1997 Global Election Systems Inc.
*
* The authors hereby grant permission to use, copy, modify, distribute,
* and license this software and its documentation for any purpose, provided
* that existing copyright notices are retained in all copies and that this
* notice and the following disclaimer are included verbatim in any
* distributions. No written agreement, license, or royalty fee is required
* for any of the authorized uses.
*
* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
******************************************************************************
* REVISION HISTORY
*
* 03-01-01 Marc Boucher <marc@mbsi.ca>
* Ported to lwIP.
* 97-11-05 Guy Lancaster <glanca@gesn.com>, Global Election Systems Inc.
* Original derived from BSD codes.
*****************************************************************************/
/*
* lcp.h - Link Control Protocol definitions.
*
* Copyright (c) 1989 Carnegie Mellon University.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that the above copyright notice and this paragraph are
* duplicated in all such forms and that any documentation,
* advertising materials, and other materials related to such
* distribution and use acknowledge that the software was developed
* by Carnegie Mellon University. The name of the
* University may not be used to endorse or promote products derived
* from this software without specific prior written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: lcp.h,v 1.4 2010/01/18 20:49:43 goldsimon Exp $
*/
#ifndef LCP_H
#define LCP_H
/*
* Options.
*/
#define CI_MRU 1 /* Maximum Receive Unit */
#define CI_ASYNCMAP 2 /* Async Control Character Map */
#define CI_AUTHTYPE 3 /* Authentication Type */
#define CI_QUALITY 4 /* Quality Protocol */
#define CI_MAGICNUMBER 5 /* Magic Number */
#define CI_PCOMPRESSION 7 /* Protocol Field Compression */
#define CI_ACCOMPRESSION 8 /* Address/Control Field Compression */
#define CI_CALLBACK 13 /* callback */
#define CI_MRRU 17 /* max reconstructed receive unit; multilink */
#define CI_SSNHF 18 /* short sequence numbers for multilink */
#define CI_EPDISC 19 /* endpoint discriminator */
/*
* LCP-specific packet types (code numbers).
*/
#define PROTREJ 8 /* Protocol Reject */
#define ECHOREQ 9 /* Echo Request */
#define ECHOREP 10 /* Echo Reply */
#define DISCREQ 11 /* Discard Request */
#define CBCP_OPT 6 /* Use callback control protocol */
/*
* The state of options is described by an lcp_options structure.
*/
typedef struct lcp_options {
u_int passive : 1; /* Don't die if we don't get a response */
u_int silent : 1; /* Wait for the other end to start first */
u_int restart : 1; /* Restart vs. exit after close */
u_int neg_mru : 1; /* Negotiate the MRU? */
u_int neg_asyncmap : 1; /* Negotiate the async map? */
u_int neg_upap : 1; /* Ask for UPAP authentication? */
u_int neg_chap : 1; /* Ask for CHAP authentication? */
u_int neg_magicnumber : 1; /* Ask for magic number? */
u_int neg_pcompression : 1; /* HDLC Protocol Field Compression? */
u_int neg_accompression : 1; /* HDLC Address/Control Field Compression? */
u_int neg_lqr : 1; /* Negotiate use of Link Quality Reports */
u_int neg_cbcp : 1; /* Negotiate use of CBCP */
#ifdef PPP_MULTILINK
u_int neg_mrru : 1; /* Negotiate multilink MRRU */
u_int neg_ssnhf : 1; /* Negotiate short sequence numbers */
u_int neg_endpoint : 1; /* Negotiate endpoint discriminator */
#endif
u_short mru; /* Value of MRU */
#ifdef PPP_MULTILINK
u_short mrru; /* Value of MRRU, and multilink enable */
#endif
u_char chap_mdtype; /* which MD type (hashing algorithm) */
u32_t asyncmap; /* Value of async map */
u32_t magicnumber;
int numloops; /* Number of loops during magic number neg. */
u32_t lqr_period; /* Reporting period for LQR 1/100ths second */
#ifdef PPP_MULTILINK
struct epdisc endpoint; /* endpoint discriminator */
#endif
} lcp_options;
/*
* Values for phase from BSD pppd.h based on RFC 1661.
*/
typedef enum {
PHASE_DEAD = 0,
PHASE_INITIALIZE,
PHASE_ESTABLISH,
PHASE_AUTHENTICATE,
PHASE_CALLBACK,
PHASE_NETWORK,
PHASE_TERMINATE
} LinkPhase;
extern LinkPhase lcp_phase[NUM_PPP]; /* Phase of link session (RFC 1661) */
extern lcp_options lcp_wantoptions[];
extern lcp_options lcp_gotoptions[];
extern lcp_options lcp_allowoptions[];
extern lcp_options lcp_hisoptions[];
extern ext_accm xmit_accm[];
void lcp_init (int);
void lcp_open (int);
void lcp_close (int, char *);
void lcp_lowerup (int);
void lcp_lowerdown(int);
void lcp_sprotrej (int, u_char *, int); /* send protocol reject */
extern struct protent lcp_protent;
/* Default number of times we receive our magic number from the peer
before deciding the link is looped-back. */
#define DEFLOOPBACKFAIL 10
#endif /* LCP_H */

263
src/netif/ppp/magic.c
View File

@ -1,19 +1,60 @@
/*
* magic.c - PPP Magic Number routines.
*
* Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The name "Carnegie Mellon University" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For permission or any legal
* details, please contact
* Office of Technology Transfer
* Carnegie Mellon University
* 5000 Forbes Avenue
* Pittsburgh, PA 15213-3890
* (412) 268-4387, fax: (412) 268-7395
* tech-transfer@andrew.cmu.edu
*
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Computing Services
* at Carnegie Mellon University (http://www.cmu.edu/computing/)."
*
* CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
* FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/*****************************************************************************
* magic.c - Network Random Number Generator program file.
* randm.c - Random number generator program file.
*
* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
* portions Copyright (c) 1997 by Global Election Systems Inc.
* Copyright (c) 1998 by Global Election Systems Inc.
*
* The authors hereby grant permission to use, copy, modify, distribute,
* and license this software and its documentation for any purpose, provided
* that existing copyright notices are retained in all copies and that this
* notice and the following disclaimer are included verbatim in any
* notice and the following disclaimer are included verbatim in any
* distributions. No written agreement, license, or royalty fee is required
* for any of the authorized uses.
*
* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
@ -27,54 +68,200 @@
*
* 03-01-01 Marc Boucher <marc@mbsi.ca>
* Ported to lwIP.
* 97-12-04 Guy Lancaster <lancasterg@acm.org>, Global Election Systems Inc.
* Original based on BSD magic.c.
* 98-06-03 Guy Lancaster <lancasterg@acm.org>, Global Election Systems Inc.
* Extracted from avos.
*****************************************************************************/
/*
* magic.c - PPP Magic Number routines.
*
* Copyright (c) 1989 Carnegie Mellon University.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that the above copyright notice and this paragraph are
* duplicated in all such forms and that any documentation,
* advertising materials, and other materials related to such
* distribution and use acknowledge that the software was developed
* by Carnegie Mellon University. The name of the
* University may not be used to endorse or promote products derived
* from this software without specific prior written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
#include "lwip/opt.h"
#if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#if PPP_SUPPORT
#include "netif/ppp/ppp_impl.h"
#include "netif/ppp/magic.h"
#include "ppp_impl.h"
#include "randm.h"
#include "magic.h"
#if PPP_MD5_RANDM /* Using MD5 for better randomness if enabled */
#if LWIP_INCLUDED_POLARSSL_MD5
#include "netif/ppp/polarssl/md5.h"
#else
#include "polarssl/md5.h"
#endif
#define MAGIC_RANDPOOLSIZE 16 /* Bytes stored in the pool of randomness. */
/*****************************/
/*** LOCAL DATA STRUCTURES ***/
/*****************************/
static char magic_randpool[MAGIC_RANDPOOLSIZE]; /* Pool of randomness. */
static long magic_randcount = 0; /* Pseudo-random incrementer */
/***********************************/
/*** PUBLIC FUNCTION DEFINITIONS ***/
/***********************************/
/*
* magicInit - Initialize the magic number generator.
* Churn the randomness pool on a random event. Call this early and often
* on random and semi-random system events to build randomness in time for
* usage. For randomly timed events, pass a null pointer and a zero length
* and this will use the system timer and other sources to add randomness.
* If new random data is available, pass a pointer to that and it will be
* included.
*
* Since we use another random number generator that has its own
* initialization, we do nothing here.
* Ref: Applied Cryptography 2nd Ed. by Bruce Schneier p. 427
*/
void magicInit()
{
return;
void magic_churnrand(char *rand_data, u32_t rand_len) {
md5_context md5;
/* LWIP_DEBUGF(LOG_INFO, ("magic_churnrand: %u@%P\n", rand_len, rand_data)); */
md5_starts(&md5);
md5_update(&md5, (u_char *)magic_randpool, sizeof(magic_randpool));
if (rand_data) {
md5_update(&md5, (u_char *)rand_data, rand_len);
} else {
struct {
/* INCLUDE fields for any system sources of randomness */
u32_t jiffies;
} sys_data;
sys_data.jiffies = sys_jiffies();
/* Load sys_data fields here. */
md5_update(&md5, (u_char *)&sys_data, sizeof(sys_data));
}
md5_finish(&md5, (u_char *)magic_randpool);
/* LWIP_DEBUGF(LOG_INFO, ("magic_churnrand: -> 0\n")); */
}
/*
* magic - Returns the next magic number.
* Initialize the random number generator.
*/
u32_t magic()
{
return avRandom();
void magic_init() {
magic_churnrand(NULL, 0);
}
/*
* Randomize our random seed value.
*/
void magic_randomize(void) {
magic_churnrand(NULL, 0);
}
/*
* random_bytes - Fill a buffer with random bytes.
*
* Use the random pool to generate random data. This degrades to pseudo
* random when used faster than randomness is supplied using magic_churnrand().
* Note: It's important that there be sufficient randomness in magic_randpool
* before this is called for otherwise the range of the result may be
* narrow enough to make a search feasible.
*
* Ref: Applied Cryptography 2nd Ed. by Bruce Schneier p. 427
*
* XXX Why does he not just call magic_churnrand() for each block? Probably
* so that you don't ever publish the seed which could possibly help
* predict future values.
* XXX Why don't we preserve md5 between blocks and just update it with
* magic_randcount each time? Probably there is a weakness but I wish that
* it was documented.
*/
void random_bytes(unsigned char *buf, u32_t buf_len) {
md5_context md5;
u_char tmp[16];
u32_t n;
while (buf_len > 0) {
n = LWIP_MIN(buf_len, MAGIC_RANDPOOLSIZE);
md5_starts(&md5);
md5_update(&md5, (u_char *)magic_randpool, sizeof(magic_randpool));
md5_update(&md5, (u_char *)&magic_randcount, sizeof(magic_randcount));
md5_finish(&md5, tmp);
magic_randcount++;
MEMCPY(buf, tmp, n);
buf += n;
buf_len -= n;
}
}
/*
* Return a new random number.
*/
u32_t magic() {
u32_t new_rand;
random_bytes((unsigned char *)&new_rand, sizeof(new_rand));
return new_rand;
}
#else /* PPP_MD5_RANDM */
/*****************************/
/*** LOCAL DATA STRUCTURES ***/
/*****************************/
static int magic_randomized = 0; /* Set when truely randomized. */
static u32_t magic_randomseed = 0; /* Seed used for random number generation. */
/***********************************/
/*** PUBLIC FUNCTION DEFINITIONS ***/
/***********************************/
/*
* Initialize the random number generator.
*
* Here we attempt to compute a random number seed but even if
* it isn't random, we'll randomize it later.
*
* The current method uses the fields from the real time clock,
* the idle process counter, the millisecond counter, and the
* hardware timer tick counter. When this is invoked
* in startup(), then the idle counter and timer values may
* repeat after each boot and the real time clock may not be
* operational. Thus we call it again on the first random
* event.
*/
void magic_init() {
magic_randomseed += sys_jiffies();
/* Initialize the Borland random number generator. */
srand((unsigned)magic_randomseed);
}
/*
* magic_init - Initialize the magic number generator.
*
* Randomize our random seed value. Here we use the fact that
* this function is called at *truely random* times by the polling
* and network functions. Here we only get 16 bits of new random
* value but we use the previous value to randomize the other 16
* bits.
*/
void magic_randomize(void) {
static u32_t last_jiffies;
if (!magic_randomized) {
magic_randomized = !0;
magic_init();
/* The initialization function also updates the seed. */
} else {
/* magic_randomseed += (magic_randomseed << 16) + TM1; */
magic_randomseed += (sys_jiffies() - last_jiffies); /* XXX */
}
last_jiffies = sys_jiffies();
}
/*
* Return a new random number.
*
* Here we use the Borland rand() function to supply a pseudo random
* number which we make truely random by combining it with our own
* seed which is randomized by truely random events.
* Thus the numbers will be truely random unless there have been no
* operator or network events in which case it will be pseudo random
* seeded by the real time clock.
*/
u32_t magic() {
return ((((u32_t)rand() << 16) + rand()) + magic_randomseed);
}
#endif /* PPP_MD5_RANDM */
#endif /* PPP_SUPPORT */

63
src/netif/ppp/magic.h
View File

@ -1,63 +0,0 @@
/*****************************************************************************
* magic.h - Network Random Number Generator header file.
*
* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
* portions Copyright (c) 1997 Global Election Systems Inc.
*
* The authors hereby grant permission to use, copy, modify, distribute,
* and license this software and its documentation for any purpose, provided
* that existing copyright notices are retained in all copies and that this
* notice and the following disclaimer are included verbatim in any
* distributions. No written agreement, license, or royalty fee is required
* for any of the authorized uses.
*
* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
******************************************************************************
* REVISION HISTORY
*
* 03-01-01 Marc Boucher <marc@mbsi.ca>
* Ported to lwIP.
* 97-12-04 Guy Lancaster <glanca@gesn.com>, Global Election Systems Inc.
* Original derived from BSD codes.
*****************************************************************************/
/*
* magic.h - PPP Magic Number definitions.
*
* Copyright (c) 1989 Carnegie Mellon University.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that the above copyright notice and this paragraph are
* duplicated in all such forms and that any documentation,
* advertising materials, and other materials related to such
* distribution and use acknowledge that the software was developed
* by Carnegie Mellon University. The name of the
* University may not be used to endorse or promote products derived
* from this software without specific prior written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: magic.h,v 1.3 2010/01/18 20:49:43 goldsimon Exp $
*/
#ifndef MAGIC_H
#define MAGIC_H
/* Initialize the magic number generator */
void magicInit(void);
/* Returns the next magic number */
u32_t magic(void);
#endif /* MAGIC_H */

320
src/netif/ppp/md5.c
View File

@ -1,320 +0,0 @@
/*
***********************************************************************
** md5.c -- the source code for MD5 routines **
** RSA Data Security, Inc. MD5 Message-Digest Algorithm **
** Created: 2/17/90 RLR **
** Revised: 1/91 SRD,AJ,BSK,JT Reference C ver., 7/10 constant corr. **
***********************************************************************
*/
/*
***********************************************************************
** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. **
** **
** License to copy and use this software is granted provided that **
** it is identified as the "RSA Data Security, Inc. MD5 Message- **
** Digest Algorithm" in all material mentioning or referencing this **
** software or this function. **
** **
** License is also granted to make and use derivative works **
** provided that such works are identified as "derived from the RSA **
** Data Security, Inc. MD5 Message-Digest Algorithm" in all **
** material mentioning or referencing the derived work. **
** **
** RSA Data Security, Inc. makes no representations concerning **
** either the merchantability of this software or the suitability **
** of this software for any particular purpose. It is provided "as **
** is" without express or implied warranty of any kind. **
** **
** These notices must be retained in any copies of any part of this **
** documentation and/or software. **
***********************************************************************
*/
#include "lwip/opt.h"
#if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#if CHAP_SUPPORT || MD5_SUPPORT
#include "ppp_impl.h"
#include "pppdebug.h"
#include "md5.h"
#include <string.h>
/*
***********************************************************************
** Message-digest routines: **
** To form the message digest for a message M **
** (1) Initialize a context buffer mdContext using MD5Init **
** (2) Call MD5Update on mdContext and M **
** (3) Call MD5Final on mdContext **
** The message digest is now in mdContext->digest[0...15] **
***********************************************************************
*/
/* forward declaration */
static void Transform (u32_t *buf, u32_t *in);
static unsigned char PADDING[64] = {
0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
/* F, G, H and I are basic MD5 functions */
#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
#define H(x, y, z) ((x) ^ (y) ^ (z))
#define I(x, y, z) ((y) ^ ((x) | (~z)))
/* ROTATE_LEFT rotates x left n bits */
#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4 */
/* Rotation is separate from addition to prevent recomputation */
#define FF(a, b, c, d, x, s, ac) \
{(a) += F ((b), (c), (d)) + (x) + (u32_t)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
#define GG(a, b, c, d, x, s, ac) \
{(a) += G ((b), (c), (d)) + (x) + (u32_t)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
#define HH(a, b, c, d, x, s, ac) \
{(a) += H ((b), (c), (d)) + (x) + (u32_t)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
#define II(a, b, c, d, x, s, ac) \
{(a) += I ((b), (c), (d)) + (x) + (u32_t)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
#ifdef __STDC__
#define UL(x) x##UL
#else
#ifdef WIN32
#define UL(x) x##UL
#else
#define UL(x) x
#endif
#endif
/* The routine MD5Init initializes the message-digest context
mdContext. All fields are set to zero.
*/
void
MD5Init (MD5_CTX *mdContext)
{
mdContext->i[0] = mdContext->i[1] = (u32_t)0;
/* Load magic initialization constants. */
mdContext->buf[0] = (u32_t)0x67452301UL;
mdContext->buf[1] = (u32_t)0xefcdab89UL;
mdContext->buf[2] = (u32_t)0x98badcfeUL;
mdContext->buf[3] = (u32_t)0x10325476UL;
}
/* The routine MD5Update updates the message-digest context to
account for the presence of each of the characters inBuf[0..inLen-1]
in the message whose digest is being computed.
*/
void
MD5Update(MD5_CTX *mdContext, unsigned char *inBuf, unsigned int inLen)
{
u32_t in[16];
int mdi;
unsigned int i, ii;
#if 0
PPPDEBUG(LOG_INFO, ("MD5Update: %u:%.*H\n", inLen, LWIP_MIN(inLen, 20) * 2, inBuf));
PPPDEBUG(LOG_INFO, ("MD5Update: %u:%s\n", inLen, inBuf));
#endif
/* compute number of bytes mod 64 */
mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
/* update number of bits */
if ((mdContext->i[0] + ((u32_t)inLen << 3)) < mdContext->i[0]) {
mdContext->i[1]++;
}
mdContext->i[0] += ((u32_t)inLen << 3);
mdContext->i[1] += ((u32_t)inLen >> 29);
while (inLen--) {
/* add new character to buffer, increment mdi */
mdContext->in[mdi++] = *inBuf++;
/* transform if necessary */
if (mdi == 0x40) {
for (i = 0, ii = 0; i < 16; i++, ii += 4) {
in[i] = (((u32_t)mdContext->in[ii+3]) << 24) |
(((u32_t)mdContext->in[ii+2]) << 16) |
(((u32_t)mdContext->in[ii+1]) << 8) |
((u32_t)mdContext->in[ii]);
}
Transform (mdContext->buf, in);
mdi = 0;
}
}
}
/* The routine MD5Final terminates the message-digest computation and
ends with the desired message digest in mdContext->digest[0...15].
*/
void
MD5Final (unsigned char hash[], MD5_CTX *mdContext)
{
u32_t in[16];
int mdi;
unsigned int i, ii;
unsigned int padLen;
/* save number of bits */
in[14] = mdContext->i[0];
in[15] = mdContext->i[1];
/* compute number of bytes mod 64 */
mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
/* pad out to 56 mod 64 */
padLen = (mdi < 56) ? (56 - mdi) : (120 - mdi);
MD5Update (mdContext, PADDING, padLen);
/* append length in bits and transform */
for (i = 0, ii = 0; i < 14; i++, ii += 4) {
in[i] = (((u32_t)mdContext->in[ii+3]) << 24) |
(((u32_t)mdContext->in[ii+2]) << 16) |
(((u32_t)mdContext->in[ii+1]) << 8) |
((u32_t)mdContext->in[ii]);
}
Transform (mdContext->buf, in);
/* store buffer in digest */
for (i = 0, ii = 0; i < 4; i++, ii += 4) {
mdContext->digest[ii] = (unsigned char)(mdContext->buf[i] & 0xFF);
mdContext->digest[ii+1] =
(unsigned char)((mdContext->buf[i] >> 8) & 0xFF);
mdContext->digest[ii+2] =
(unsigned char)((mdContext->buf[i] >> 16) & 0xFF);
mdContext->digest[ii+3] =
(unsigned char)((mdContext->buf[i] >> 24) & 0xFF);
}
SMEMCPY(hash, mdContext->digest, 16);
}
/* Basic MD5 step. Transforms buf based on in.
*/
static void
Transform (u32_t *buf, u32_t *in)
{
u32_t a = buf[0], b = buf[1], c = buf[2], d = buf[3];
/* Round 1 */
#define S11 7
#define S12 12
#define S13 17
#define S14 22
FF ( a, b, c, d, in[ 0], S11, UL(3614090360)); /* 1 */
FF ( d, a, b, c, in[ 1], S12, UL(3905402710)); /* 2 */
FF ( c, d, a, b, in[ 2], S13, UL( 606105819)); /* 3 */
FF ( b, c, d, a, in[ 3], S14, UL(3250441966)); /* 4 */
FF ( a, b, c, d, in[ 4], S11, UL(4118548399)); /* 5 */
FF ( d, a, b, c, in[ 5], S12, UL(1200080426)); /* 6 */
FF ( c, d, a, b, in[ 6], S13, UL(2821735955)); /* 7 */
FF ( b, c, d, a, in[ 7], S14, UL(4249261313)); /* 8 */
FF ( a, b, c, d, in[ 8], S11, UL(1770035416)); /* 9 */
FF ( d, a, b, c, in[ 9], S12, UL(2336552879)); /* 10 */
FF ( c, d, a, b, in[10], S13, UL(4294925233)); /* 11 */
FF ( b, c, d, a, in[11], S14, UL(2304563134)); /* 12 */
FF ( a, b, c, d, in[12], S11, UL(1804603682)); /* 13 */
FF ( d, a, b, c, in[13], S12, UL(4254626195)); /* 14 */
FF ( c, d, a, b, in[14], S13, UL(2792965006)); /* 15 */
FF ( b, c, d, a, in[15], S14, UL(1236535329)); /* 16 */
/* Round 2 */
#define S21 5
#define S22 9
#define S23 14
#define S24 20
GG ( a, b, c, d, in[ 1], S21, UL(4129170786)); /* 17 */
GG ( d, a, b, c, in[ 6], S22, UL(3225465664)); /* 18 */
GG ( c, d, a, b, in[11], S23, UL( 643717713)); /* 19 */
GG ( b, c, d, a, in[ 0], S24, UL(3921069994)); /* 20 */
GG ( a, b, c, d, in[ 5], S21, UL(3593408605)); /* 21 */
GG ( d, a, b, c, in[10], S22, UL( 38016083)); /* 22 */
GG ( c, d, a, b, in[15], S23, UL(3634488961)); /* 23 */
GG ( b, c, d, a, in[ 4], S24, UL(3889429448)); /* 24 */
GG ( a, b, c, d, in[ 9], S21, UL( 568446438)); /* 25 */
GG ( d, a, b, c, in[14], S22, UL(3275163606)); /* 26 */
GG ( c, d, a, b, in[ 3], S23, UL(4107603335)); /* 27 */
GG ( b, c, d, a, in[ 8], S24, UL(1163531501)); /* 28 */
GG ( a, b, c, d, in[13], S21, UL(2850285829)); /* 29 */
GG ( d, a, b, c, in[ 2], S22, UL(4243563512)); /* 30 */
GG ( c, d, a, b, in[ 7], S23, UL(1735328473)); /* 31 */
GG ( b, c, d, a, in[12], S24, UL(2368359562)); /* 32 */
/* Round 3 */
#define S31 4
#define S32 11
#define S33 16
#define S34 23
HH ( a, b, c, d, in[ 5], S31, UL(4294588738)); /* 33 */
HH ( d, a, b, c, in[ 8], S32, UL(2272392833)); /* 34 */
HH ( c, d, a, b, in[11], S33, UL(1839030562)); /* 35 */
HH ( b, c, d, a, in[14], S34, UL(4259657740)); /* 36 */
HH ( a, b, c, d, in[ 1], S31, UL(2763975236)); /* 37 */
HH ( d, a, b, c, in[ 4], S32, UL(1272893353)); /* 38 */
HH ( c, d, a, b, in[ 7], S33, UL(4139469664)); /* 39 */
HH ( b, c, d, a, in[10], S34, UL(3200236656)); /* 40 */
HH ( a, b, c, d, in[13], S31, UL( 681279174)); /* 41 */
HH ( d, a, b, c, in[ 0], S32, UL(3936430074)); /* 42 */
HH ( c, d, a, b, in[ 3], S33, UL(3572445317)); /* 43 */
HH ( b, c, d, a, in[ 6], S34, UL( 76029189)); /* 44 */
HH ( a, b, c, d, in[ 9], S31, UL(3654602809)); /* 45 */
HH ( d, a, b, c, in[12], S32, UL(3873151461)); /* 46 */
HH ( c, d, a, b, in[15], S33, UL( 530742520)); /* 47 */
HH ( b, c, d, a, in[ 2], S34, UL(3299628645)); /* 48 */
/* Round 4 */
#define S41 6
#define S42 10
#define S43 15
#define S44 21
II ( a, b, c, d, in[ 0], S41, UL(4096336452)); /* 49 */
II ( d, a, b, c, in[ 7], S42, UL(1126891415)); /* 50 */
II ( c, d, a, b, in[14], S43, UL(2878612391)); /* 51 */
II ( b, c, d, a, in[ 5], S44, UL(4237533241)); /* 52 */
II ( a, b, c, d, in[12], S41, UL(1700485571)); /* 53 */
II ( d, a, b, c, in[ 3], S42, UL(2399980690)); /* 54 */
II ( c, d, a, b, in[10], S43, UL(4293915773)); /* 55 */
II ( b, c, d, a, in[ 1], S44, UL(2240044497)); /* 56 */
II ( a, b, c, d, in[ 8], S41, UL(1873313359)); /* 57 */
II ( d, a, b, c, in[15], S42, UL(4264355552)); /* 58 */
II ( c, d, a, b, in[ 6], S43, UL(2734768916)); /* 59 */
II ( b, c, d, a, in[13], S44, UL(1309151649)); /* 60 */
II ( a, b, c, d, in[ 4], S41, UL(4149444226)); /* 61 */
II ( d, a, b, c, in[11], S42, UL(3174756917)); /* 62 */
II ( c, d, a, b, in[ 2], S43, UL( 718787259)); /* 63 */
II ( b, c, d, a, in[ 9], S44, UL(3951481745)); /* 64 */
buf[0] += a;
buf[1] += b;
buf[2] += c;
buf[3] += d;
}
#endif /* CHAP_SUPPORT || MD5_SUPPORT */
#endif /* PPP_SUPPORT */

55
src/netif/ppp/md5.h
View File

@ -1,55 +0,0 @@
/*
***********************************************************************
** md5.h -- header file for implementation of MD5 **
** RSA Data Security, Inc. MD5 Message-Digest Algorithm **
** Created: 2/17/90 RLR **
** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version **
** Revised (for MD5): RLR 4/27/91 **
** -- G modified to have y&~z instead of y&z **
** -- FF, GG, HH modified to add in last register done **
** -- Access pattern: round 2 works mod 5, round 3 works mod 3 **
** -- distinct additive constant for each step **
** -- round 4 added, working mod 7 **
***********************************************************************
*/
/*
***********************************************************************
** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. **
** **
** License to copy and use this software is granted provided that **
** it is identified as the "RSA Data Security, Inc. MD5 Message- **
** Digest Algorithm" in all material mentioning or referencing this **
** software or this function. **
** **
** License is also granted to make and use derivative works **
** provided that such works are identified as "derived from the RSA **
** Data Security, Inc. MD5 Message-Digest Algorithm" in all **
** material mentioning or referencing the derived work. **
** **
** RSA Data Security, Inc. makes no representations concerning **
** either the merchantability of this software or the suitability **
** of this software for any particular purpose. It is provided "as **
** is" without express or implied warranty of any kind. **
** **
** These notices must be retained in any copies of any part of this **
** documentation and/or software. **
***********************************************************************
*/
#ifndef MD5_H
#define MD5_H
/* Data structure for MD5 (Message-Digest) computation */
typedef struct {
u32_t i[2]; /* number of _bits_ handled mod 2^64 */
u32_t buf[4]; /* scratch buffer */
unsigned char in[64]; /* input buffer */
unsigned char digest[16]; /* actual digest after MD5Final call */
} MD5_CTX;
void MD5Init ( MD5_CTX *mdContext);
void MD5Update( MD5_CTX *mdContext, unsigned char *inBuf, unsigned int inLen);
void MD5Final ( unsigned char hash[], MD5_CTX *mdContext);
#endif /* MD5_H */

609
src/netif/ppp/multilink.c Normal file
View File

@ -0,0 +1,609 @@
/*
* multilink.c - support routines for multilink.
*
* Copyright (c) 2000-2002 Paul Mackerras. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. The name(s) of the authors of this software must not be used to
* endorse or promote products derived from this software without
* prior written permission.
*
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
* <paulus@samba.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
* SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && HAVE_MULTILINK /* don't build if not configured for use in lwipopts.h */
/* Multilink support
*
* Multilink uses Samba TDB (Trivial Database Library), which
* we cannot port, because it needs a filesystem.
*
* We have to choose between doing a memory-shared TDB-clone,
* or dropping multilink support at all.
*/
#include <string.h>
#include <ctype.h>
#include <stdlib.h>
#include <netdb.h>
#include <errno.h>
#include <signal.h>
#include <netinet/in.h>
#include <unistd.h>
#include "netif/ppp/ppp_impl.h"
#include "netif/ppp/fsm.h"
#include "netif/ppp/lcp.h"
#include "netif/ppp/tdb.h"
bool endpoint_specified; /* user gave explicit endpoint discriminator */
char *bundle_id; /* identifier for our bundle */
char *blinks_id; /* key for the list of links */
bool doing_multilink; /* multilink was enabled and agreed to */
bool multilink_master; /* we own the multilink bundle */
extern TDB_CONTEXT *pppdb;
extern char db_key[];
static void make_bundle_links (int append);
static void remove_bundle_link (void);
static void iterate_bundle_links (void (*func) (char *));
static int get_default_epdisc (struct epdisc *);
static int parse_num (char *str, const char *key, int *valp);
static int owns_unit (TDB_DATA pid, int unit);
#define set_ip_epdisc(ep, addr) do { \
ep->length = 4; \
ep->value[0] = addr >> 24; \
ep->value[1] = addr >> 16; \
ep->value[2] = addr >> 8; \
ep->value[3] = addr; \
} while (0)
#define LOCAL_IP_ADDR(addr) \
(((addr) & 0xff000000) == 0x0a000000 /* 10.x.x.x */ \
|| ((addr) & 0xfff00000) == 0xac100000 /* 172.16.x.x */ \
|| ((addr) & 0xffff0000) == 0xc0a80000) /* 192.168.x.x */
#define process_exists(n) (kill((n), 0) == 0 || errno != ESRCH)
void
mp_check_options()
{
lcp_options *wo = &lcp_wantoptions[0];
lcp_options *ao = &lcp_allowoptions[0];
doing_multilink = 0;
if (!multilink)
return;
/* if we're doing multilink, we have to negotiate MRRU */
if (!wo->neg_mrru) {
/* mrru not specified, default to mru */
wo->mrru = wo->mru;
wo->neg_mrru = 1;
}
ao->mrru = ao->mru;
ao->neg_mrru = 1;
if (!wo->neg_endpoint && !noendpoint) {
/* get a default endpoint value */
wo->neg_endpoint = get_default_epdisc(&wo->endpoint);
}
}
/*
* Make a new bundle or join us to an existing bundle
* if we are doing multilink.
*/
int
mp_join_bundle()
{
lcp_options *go = &lcp_gotoptions[0];
lcp_options *ho = &lcp_hisoptions[0];
lcp_options *ao = &lcp_allowoptions[0];
int unit, pppd_pid;
int l, mtu;
char *p;
TDB_DATA key, pid, rec;
if (doing_multilink) {
/* have previously joined a bundle */
if (!go->neg_mrru || !ho->neg_mrru) {
notice("oops, didn't get multilink on renegotiation");
lcp_close(pcb, "multilink required");
return 0;
}
/* XXX should check the peer_authname and ho->endpoint
are the same as previously */
return 0;
}
if (!go->neg_mrru || !ho->neg_mrru) {
/* not doing multilink */
if (go->neg_mrru)
notice("oops, multilink negotiated only for receive");
mtu = ho->neg_mru? ho->mru: PPP_MRU;
if (mtu > ao->mru)
mtu = ao->mru;
if (demand) {
/* already have a bundle */
cfg_bundle(0, 0, 0, 0);
netif_set_mtu(pcb, mtu);
return 0;
}
make_new_bundle(0, 0, 0, 0);
set_ifunit(1);
netif_set_mtu(pcb, mtu);
return 0;
}
doing_multilink = 1;
/*
* Find the appropriate bundle or join a new one.
* First we make up a name for the bundle.
* The length estimate is worst-case assuming every
* character has to be quoted.
*/
l = 4 * strlen(peer_authname) + 10;
if (ho->neg_endpoint)
l += 3 * ho->endpoint.length + 8;
if (bundle_name)
l += 3 * strlen(bundle_name) + 2;
bundle_id = malloc(l);
if (bundle_id == 0)
novm("bundle identifier");
p = bundle_id;
p += slprintf(p, l-1, "BUNDLE=\"%q\"", peer_authname);
if (ho->neg_endpoint || bundle_name)
*p++ = '/';
if (ho->neg_endpoint)
p += slprintf(p, bundle_id+l-p, "%s",
epdisc_to_str(&ho->endpoint));
if (bundle_name)
p += slprintf(p, bundle_id+l-p, "/%v", bundle_name);
/* Make the key for the list of links belonging to the bundle */
l = p - bundle_id;
blinks_id = malloc(l + 7);
if (blinks_id == NULL)
novm("bundle links key");
slprintf(blinks_id, l + 7, "BUNDLE_LINKS=%s", bundle_id + 7);
/*
* For demand mode, we only need to configure the bundle
* and attach the link.
*/
mtu = LWIP_MIN(ho->mrru, ao->mru);
if (demand) {
cfg_bundle(go->mrru, ho->mrru, go->neg_ssnhf, ho->neg_ssnhf);
netif_set_mtu(pcb, mtu);
script_setenv("BUNDLE", bundle_id + 7, 1);
return 0;
}
/*
* Check if the bundle ID is already in the database.
*/
unit = -1;
lock_db();
key.dptr = bundle_id;
key.dsize = p - bundle_id;
pid = tdb_fetch(pppdb, key);
if (pid.dptr != NULL) {
/* bundle ID exists, see if the pppd record exists */
rec = tdb_fetch(pppdb, pid);
if (rec.dptr != NULL && rec.dsize > 0) {
/* make sure the string is null-terminated */
rec.dptr[rec.dsize-1] = 0;
/* parse the interface number */
parse_num(rec.dptr, "IFNAME=ppp", &unit);
/* check the pid value */
if (!parse_num(rec.dptr, "PPPD_PID=", &pppd_pid)
|| !process_exists(pppd_pid)
|| !owns_unit(pid, unit))
unit = -1;
free(rec.dptr);
}
free(pid.dptr);
}
if (unit >= 0) {
/* attach to existing unit */
if (bundle_attach(unit)) {
set_ifunit(0);
script_setenv("BUNDLE", bundle_id + 7, 0);
make_bundle_links(1);
unlock_db();
info("Link attached to %s", ifname);
return 1;
}
/* attach failed because bundle doesn't exist */
}
/* we have to make a new bundle */
make_new_bundle(go->mrru, ho->mrru, go->neg_ssnhf, ho->neg_ssnhf);
set_ifunit(1);
netif_set_mtu(pcb, mtu);
script_setenv("BUNDLE", bundle_id + 7, 1);
make_bundle_links(pcb);
unlock_db();
info("New bundle %s created", ifname);
multilink_master = 1;
return 0;
}
void mp_exit_bundle()
{
lock_db();
remove_bundle_link();
unlock_db();
}
static void sendhup(char *str)
{
int pid;
if (parse_num(str, "PPPD_PID=", &pid) && pid != getpid()) {
if (debug)
dbglog("sending SIGHUP to process %d", pid);
kill(pid, SIGHUP);
}
}
void mp_bundle_terminated()
{
TDB_DATA key;
bundle_terminating = 1;
upper_layers_down(pcb);
notice("Connection terminated.");
#if PPP_STATS_SUPPORT
print_link_stats();
#endif /* PPP_STATS_SUPPORT */
if (!demand) {
remove_pidfiles();
script_unsetenv("IFNAME");
}
lock_db();
destroy_bundle();
iterate_bundle_links(sendhup);
key.dptr = blinks_id;
key.dsize = strlen(blinks_id);
tdb_delete(pppdb, key);
unlock_db();
new_phase(PPP_PHASE_DEAD);
doing_multilink = 0;
multilink_master = 0;
}
static void make_bundle_links(int append)
{
TDB_DATA key, rec;
char *p;
char entry[32];
int l;
key.dptr = blinks_id;
key.dsize = strlen(blinks_id);
slprintf(entry, sizeof(entry), "%s;", db_key);
p = entry;
if (append) {
rec = tdb_fetch(pppdb, key);
if (rec.dptr != NULL && rec.dsize > 0) {
rec.dptr[rec.dsize-1] = 0;
if (strstr(rec.dptr, db_key) != NULL) {
/* already in there? strange */
warn("link entry already exists in tdb");
return;
}
l = rec.dsize + strlen(entry);
p = malloc(l);
if (p == NULL)
novm("bundle link list");
slprintf(p, l, "%s%s", rec.dptr, entry);
} else {
warn("bundle link list not found");
}
if (rec.dptr != NULL)
free(rec.dptr);
}
rec.dptr = p;
rec.dsize = strlen(p) + 1;
if (tdb_store(pppdb, key, rec, TDB_REPLACE))
error("couldn't %s bundle link list",
append? "update": "create");
if (p != entry)
free(p);
}
static void remove_bundle_link()
{
TDB_DATA key, rec;
char entry[32];
char *p, *q;
int l;
key.dptr = blinks_id;
key.dsize = strlen(blinks_id);
slprintf(entry, sizeof(entry), "%s;", db_key);
rec = tdb_fetch(pppdb, key);
if (rec.dptr == NULL || rec.dsize <= 0) {
if (rec.dptr != NULL)
free(rec.dptr);
return;
}
rec.dptr[rec.dsize-1] = 0;
p = strstr(rec.dptr, entry);
if (p != NULL) {
q = p + strlen(entry);
l = strlen(q) + 1;
memmove(p, q, l);
rec.dsize = p - rec.dptr + l;
if (tdb_store(pppdb, key, rec, TDB_REPLACE))
error("couldn't update bundle link list (removal)");
}
free(rec.dptr);
}
static void iterate_bundle_links(void (*func)(char *))
{
TDB_DATA key, rec, pp;
char *p, *q;
key.dptr = blinks_id;
key.dsize = strlen(blinks_id);
rec = tdb_fetch(pppdb, key);
if (rec.dptr == NULL || rec.dsize <= 0) {
error("bundle link list not found (iterating list)");
if (rec.dptr != NULL)
free(rec.dptr);
return;
}
p = rec.dptr;
p[rec.dsize-1] = 0;
while ((q = strchr(p, ';')) != NULL) {
*q = 0;
key.dptr = p;
key.dsize = q - p;
pp = tdb_fetch(pppdb, key);
if (pp.dptr != NULL && pp.dsize > 0) {
pp.dptr[pp.dsize-1] = 0;
func(pp.dptr);
}
if (pp.dptr != NULL)
free(pp.dptr);
p = q + 1;
}
free(rec.dptr);
}
static int
parse_num(str, key, valp)
char *str;
const char *key;
int *valp;
{
char *p, *endp;
int i;
p = strstr(str, key);
if (p != 0) {
p += strlen(key);
i = strtol(p, &endp, 10);
if (endp != p && (*endp == 0 || *endp == ';')) {
*valp = i;
return 1;
}
}
return 0;
}
/*
* Check whether the pppd identified by `key' still owns ppp unit `unit'.
*/
static int
owns_unit(key, unit)
TDB_DATA key;
int unit;
{
char ifkey[32];
TDB_DATA kd, vd;
int ret = 0;
slprintf(ifkey, sizeof(ifkey), "IFNAME=ppp%d", unit);
kd.dptr = ifkey;
kd.dsize = strlen(ifkey);
vd = tdb_fetch(pppdb, kd);
if (vd.dptr != NULL) {
ret = vd.dsize == key.dsize
&& memcmp(vd.dptr, key.dptr, vd.dsize) == 0;
free(vd.dptr);
}
return ret;
}
static int
get_default_epdisc(ep)
struct epdisc *ep;
{
char *p;
struct hostent *hp;
u32_t addr;
/* First try for an ethernet MAC address */
p = get_first_ethernet();
if (p != 0 && get_if_hwaddr(ep->value, p) >= 0) {
ep->class = EPD_MAC;
ep->length = 6;
return 1;
}
/* see if our hostname corresponds to a reasonable IP address */
hp = gethostbyname(hostname);
if (hp != NULL) {
addr = *(u32_t *)hp->h_addr;
if (!bad_ip_adrs(addr)) {
addr = ntohl(addr);
if (!LOCAL_IP_ADDR(addr)) {
ep->class = EPD_IP;
set_ip_epdisc(ep, addr);
return 1;
}
}
}
return 0;
}
/*
* epdisc_to_str - make a printable string from an endpoint discriminator.
*/
static char *endp_class_names[] = {
"null", "local", "IP", "MAC", "magic", "phone"
};
char *
epdisc_to_str(ep)
struct epdisc *ep;
{
static char str[MAX_ENDP_LEN*3+8];
u_char *p = ep->value;
int i, mask = 0;
char *q, c, c2;
if (ep->class == EPD_NULL && ep->length == 0)
return "null";
if (ep->class == EPD_IP && ep->length == 4) {
u32_t addr;
GETLONG(addr, p);
slprintf(str, sizeof(str), "IP:%I", htonl(addr));
return str;
}
c = ':';
c2 = '.';
if (ep->class == EPD_MAC && ep->length == 6)
c2 = ':';
else if (ep->class == EPD_MAGIC && (ep->length % 4) == 0)
mask = 3;
q = str;
if (ep->class <= EPD_PHONENUM)
q += slprintf(q, sizeof(str)-1, "%s",
endp_class_names[ep->class]);
else
q += slprintf(q, sizeof(str)-1, "%d", ep->class);
c = ':';
for (i = 0; i < ep->length && i < MAX_ENDP_LEN; ++i) {
if ((i & mask) == 0) {
*q++ = c;
c = c2;
}
q += slprintf(q, str + sizeof(str) - q, "%.2x", ep->value[i]);
}
return str;
}
static int hexc_val(int c)
{
if (c >= 'a')
return c - 'a' + 10;
if (c >= 'A')
return c - 'A' + 10;
return c - '0';
}
int
str_to_epdisc(ep, str)
struct epdisc *ep;
char *str;
{
int i, l;
char *p, *endp;
for (i = EPD_NULL; i <= EPD_PHONENUM; ++i) {
int sl = strlen(endp_class_names[i]);
if (strncasecmp(str, endp_class_names[i], sl) == 0) {
str += sl;
break;
}
}
if (i > EPD_PHONENUM) {
/* not a class name, try a decimal class number */
i = strtol(str, &endp, 10);
if (endp == str)
return 0; /* can't parse class number */
str = endp;
}
ep->class = i;
if (*str == 0) {
ep->length = 0;
return 1;
}
if (*str != ':' && *str != '.')
return 0;
++str;
if (i == EPD_IP) {
u32_t addr;
i = parse_dotted_ip(str, &addr);
if (i == 0 || str[i] != 0)
return 0;
set_ip_epdisc(ep, addr);
return 1;
}
if (i == EPD_MAC && get_if_hwaddr(ep->value, str) >= 0) {
ep->length = 6;
return 1;
}
p = str;
for (l = 0; l < MAX_ENDP_LEN; ++l) {
if (*str == 0)
break;
if (p <= str)
for (p = str; isxdigit(*p); ++p)
;
i = p - str;
if (i == 0)
return 0;
ep->value[l] = hexc_val(*str++);
if ((i & 1) == 0)
ep->value[l] = (ep->value[l] << 4) + hexc_val(*str++);
if (*str == ':' || *str == '.')
++str;
}
if (*str != 0 || (ep->class == EPD_MAC && l != 6))
return 0;
ep->length = l;
return 1;
}
#endif /* PPP_SUPPORT && HAVE_MULTILINK */

628
src/netif/ppp/pap.c
View File

@ -1,628 +0,0 @@
/*****************************************************************************
* pap.c - Network Password Authentication Protocol program file.
*
* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
* portions Copyright (c) 1997 by Global Election Systems Inc.
*
* The authors hereby grant permission to use, copy, modify, distribute,
* and license this software and its documentation for any purpose, provided
* that existing copyright notices are retained in all copies and that this
* notice and the following disclaimer are included verbatim in any
* distributions. No written agreement, license, or royalty fee is required
* for any of the authorized uses.
*
* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
******************************************************************************
* REVISION HISTORY
*
* 03-01-01 Marc Boucher <marc@mbsi.ca>
* Ported to lwIP.
* 97-12-12 Guy Lancaster <lancasterg@acm.org>, Global Election Systems Inc.
* Original.
*****************************************************************************/
/*
* upap.c - User/Password Authentication Protocol.
*
* Copyright (c) 1989 Carnegie Mellon University.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that the above copyright notice and this paragraph are
* duplicated in all such forms and that any documentation,
* advertising materials, and other materials related to such
* distribution and use acknowledge that the software was developed
* by Carnegie Mellon University. The name of the
* University may not be used to endorse or promote products derived
* from this software without specific prior written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
#include "lwip/opt.h"
#if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#if PAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#include "ppp_impl.h"
#include "pppdebug.h"
#include "auth.h"
#include "pap.h"
#include <string.h>
#if 0 /* UNUSED */
static bool hide_password = 1;
/*
* Command-line options.
*/
static option_t pap_option_list[] = {
{ "hide-password", o_bool, &hide_password,
"Don't output passwords to log", 1 },
{ "show-password", o_bool, &hide_password,
"Show password string in debug log messages", 0 },
{ "pap-restart", o_int, &upap[0].us_timeouttime,
"Set retransmit timeout for PAP" },
{ "pap-max-authreq", o_int, &upap[0].us_maxtransmits,
"Set max number of transmissions for auth-reqs" },
{ "pap-timeout", o_int, &upap[0].us_reqtimeout,
"Set time limit for peer PAP authentication" },
{ NULL }
};
#endif
/*
* Protocol entry points.
*/
static void upap_init (int);
static void upap_lowerup (int);
static void upap_lowerdown (int);
static void upap_input (int, u_char *, int);
static void upap_protrej (int);
#if PPP_ADDITIONAL_CALLBACKS
static int upap_printpkt (u_char *, int, void (*)(void *, char *, ...), void *);
#endif /* PPP_ADDITIONAL_CALLBACKS */
struct protent pap_protent = {
PPP_PAP,
upap_init,
upap_input,
upap_protrej,
upap_lowerup,
upap_lowerdown,
NULL,
NULL,
#if PPP_ADDITIONAL_CALLBACKS
upap_printpkt,
NULL,
#endif /* PPP_ADDITIONAL_CALLBACKS */
1,
"PAP",
#if PPP_ADDITIONAL_CALLBACKS
NULL,
NULL,
NULL
#endif /* PPP_ADDITIONAL_CALLBACKS */
};
upap_state upap[NUM_PPP]; /* UPAP state; one for each unit */
static void upap_timeout (void *);
static void upap_reqtimeout(void *);
static void upap_rauthreq (upap_state *, u_char *, u_char, int);
static void upap_rauthack (upap_state *, u_char *, int, int);
static void upap_rauthnak (upap_state *, u_char *, int, int);
static void upap_sauthreq (upap_state *);
static void upap_sresp (upap_state *, u_char, u_char, char *, int);
/*
* upap_init - Initialize a UPAP unit.
*/
static void
upap_init(int unit)
{
upap_state *u = &upap[unit];
UPAPDEBUG(LOG_INFO, ("upap_init: %d\n", unit));
u->us_unit = unit;
u->us_user = NULL;
u->us_userlen = 0;
u->us_passwd = NULL;
u->us_passwdlen = 0;
u->us_clientstate = UPAPCS_INITIAL;
u->us_serverstate = UPAPSS_INITIAL;
u->us_id = 0;
u->us_timeouttime = UPAP_DEFTIMEOUT;
u->us_maxtransmits = 10;
u->us_reqtimeout = UPAP_DEFREQTIME;
}
/*
* upap_authwithpeer - Authenticate us with our peer (start client).
*
* Set new state and send authenticate's.
*/
void
upap_authwithpeer(int unit, char *user, char *password)
{
upap_state *u = &upap[unit];
UPAPDEBUG(LOG_INFO, ("upap_authwithpeer: %d user=%s password=%s s=%d\n",
unit, user, password, u->us_clientstate));
/* Save the username and password we're given */
u->us_user = user;
u->us_userlen = (int)strlen(user);
u->us_passwd = password;
u->us_passwdlen = (int)strlen(password);
u->us_transmits = 0;
/* Lower layer up yet? */
if (u->us_clientstate == UPAPCS_INITIAL ||
u->us_clientstate == UPAPCS_PENDING) {
u->us_clientstate = UPAPCS_PENDING;
return;
}
upap_sauthreq(u); /* Start protocol */
}
/*
* upap_authpeer - Authenticate our peer (start server).
*
* Set new state.
*/
void
upap_authpeer(int unit)
{
upap_state *u = &upap[unit];
/* Lower layer up yet? */
if (u->us_serverstate == UPAPSS_INITIAL ||
u->us_serverstate == UPAPSS_PENDING) {
u->us_serverstate = UPAPSS_PENDING;
return;
}
u->us_serverstate = UPAPSS_LISTEN;
if (u->us_reqtimeout > 0) {
TIMEOUT(upap_reqtimeout, u, u->us_reqtimeout);
}
}
/*
* upap_timeout - Retransmission timer for sending auth-reqs expired.
*/
static void
upap_timeout(void *arg)
{
upap_state *u = (upap_state *) arg;
UPAPDEBUG(LOG_INFO, ("upap_timeout: %d timeout %d expired s=%d\n",
u->us_unit, u->us_timeouttime, u->us_clientstate));
if (u->us_clientstate != UPAPCS_AUTHREQ) {
UPAPDEBUG(LOG_INFO, ("upap_timeout: not in AUTHREQ state!\n"));
return;
}
if (u->us_transmits >= u->us_maxtransmits) {
/* give up in disgust */
UPAPDEBUG(LOG_ERR, ("No response to PAP authenticate-requests\n"));
u->us_clientstate = UPAPCS_BADAUTH;
auth_withpeer_fail(u->us_unit, PPP_PAP);
return;
}
upap_sauthreq(u); /* Send Authenticate-Request and set upap timeout*/
}
/*
* upap_reqtimeout - Give up waiting for the peer to send an auth-req.
*/
static void
upap_reqtimeout(void *arg)
{
upap_state *u = (upap_state *) arg;
if (u->us_serverstate != UPAPSS_LISTEN) {
return; /* huh?? */
}
auth_peer_fail(u->us_unit, PPP_PAP);
u->us_serverstate = UPAPSS_BADAUTH;
}
/*
* upap_lowerup - The lower layer is up.
*
* Start authenticating if pending.
*/
static void
upap_lowerup(int unit)
{
upap_state *u = &upap[unit];
UPAPDEBUG(LOG_INFO, ("upap_lowerup: init %d clientstate s=%d\n", unit, u->us_clientstate));
if (u->us_clientstate == UPAPCS_INITIAL) {
u->us_clientstate = UPAPCS_CLOSED;
} else if (u->us_clientstate == UPAPCS_PENDING) {
upap_sauthreq(u); /* send an auth-request */
/* now client state is UPAPCS__AUTHREQ */
}
if (u->us_serverstate == UPAPSS_INITIAL) {
u->us_serverstate = UPAPSS_CLOSED;
} else if (u->us_serverstate == UPAPSS_PENDING) {
u->us_serverstate = UPAPSS_LISTEN;
if (u->us_reqtimeout > 0) {
TIMEOUT(upap_reqtimeout, u, u->us_reqtimeout);
}
}
}
/*
* upap_lowerdown - The lower layer is down.
*
* Cancel all timeouts.
*/
static void
upap_lowerdown(int unit)
{
upap_state *u = &upap[unit];
UPAPDEBUG(LOG_INFO, ("upap_lowerdown: %d s=%d\n", unit, u->us_clientstate));
if (u->us_clientstate == UPAPCS_AUTHREQ) { /* Timeout pending? */
UNTIMEOUT(upap_timeout, u); /* Cancel timeout */
}
if (u->us_serverstate == UPAPSS_LISTEN && u->us_reqtimeout > 0) {
UNTIMEOUT(upap_reqtimeout, u);
}
u->us_clientstate = UPAPCS_INITIAL;
u->us_serverstate = UPAPSS_INITIAL;
}
/*
* upap_protrej - Peer doesn't speak this protocol.
*
* This shouldn't happen. In any case, pretend lower layer went down.
*/
static void
upap_protrej(int unit)
{
upap_state *u = &upap[unit];
if (u->us_clientstate == UPAPCS_AUTHREQ) {
UPAPDEBUG(LOG_ERR, ("PAP authentication failed due to protocol-reject\n"));
auth_withpeer_fail(unit, PPP_PAP);
}
if (u->us_serverstate == UPAPSS_LISTEN) {
UPAPDEBUG(LOG_ERR, ("PAP authentication of peer failed (protocol-reject)\n"));
auth_peer_fail(unit, PPP_PAP);
}
upap_lowerdown(unit);
}
/*
* upap_input - Input UPAP packet.
*/
static void
upap_input(int unit, u_char *inpacket, int l)
{
upap_state *u = &upap[unit];
u_char *inp;
u_char code, id;
int len;
/*
* Parse header (code, id and length).
* If packet too short, drop it.
*/
inp = inpacket;
if (l < (int)UPAP_HEADERLEN) {
UPAPDEBUG(LOG_INFO, ("pap_input: rcvd short header.\n"));
return;
}
GETCHAR(code, inp);
GETCHAR(id, inp);
GETSHORT(len, inp);
if (len < (int)UPAP_HEADERLEN) {
UPAPDEBUG(LOG_INFO, ("pap_input: rcvd illegal length.\n"));
return;
}
if (len > l) {
UPAPDEBUG(LOG_INFO, ("pap_input: rcvd short packet.\n"));
return;
}
len -= UPAP_HEADERLEN;
/*
* Action depends on code.
*/
switch (code) {
case UPAP_AUTHREQ:
upap_rauthreq(u, inp, id, len);
break;
case UPAP_AUTHACK:
upap_rauthack(u, inp, id, len);
break;
case UPAP_AUTHNAK:
upap_rauthnak(u, inp, id, len);
break;
default: /* XXX Need code reject */
UPAPDEBUG(LOG_INFO, ("pap_input: UNHANDLED default: code: %d, id: %d, len: %d.\n", code, id, len));
break;
}
}
/*
* upap_rauth - Receive Authenticate.
*/
static void
upap_rauthreq(upap_state *u, u_char *inp, u_char id, int len)
{
u_char ruserlen, rpasswdlen;
char *ruser, *rpasswd;
u_char retcode;
char *msg;
int msglen;
UPAPDEBUG(LOG_INFO, ("pap_rauth: Rcvd id %d.\n", id));
if (u->us_serverstate < UPAPSS_LISTEN) {
return;
}
/*
* If we receive a duplicate authenticate-request, we are
* supposed to return the same status as for the first request.
*/
if (u->us_serverstate == UPAPSS_OPEN) {
upap_sresp(u, UPAP_AUTHACK, id, "", 0); /* return auth-ack */
return;
}
if (u->us_serverstate == UPAPSS_BADAUTH) {
upap_sresp(u, UPAP_AUTHNAK, id, "", 0); /* return auth-nak */
return;
}
/*
* Parse user/passwd.
*/
if (len < (int)sizeof (u_char)) {
UPAPDEBUG(LOG_INFO, ("pap_rauth: rcvd short packet.\n"));
return;
}
GETCHAR(ruserlen, inp);
len -= sizeof (u_char) + ruserlen + sizeof (u_char);
if (len < 0) {
UPAPDEBUG(LOG_INFO, ("pap_rauth: rcvd short packet.\n"));
return;
}
ruser = (char *) inp;
INCPTR(ruserlen, inp);
GETCHAR(rpasswdlen, inp);
if (len < rpasswdlen) {
UPAPDEBUG(LOG_INFO, ("pap_rauth: rcvd short packet.\n"));
return;
}
rpasswd = (char *) inp;
/*
* Check the username and password given.
*/
retcode = check_passwd(u->us_unit, ruser, ruserlen, rpasswd, rpasswdlen, &msg, &msglen);
/* lwip: currently retcode is always UPAP_AUTHACK */
BZERO(rpasswd, rpasswdlen);
upap_sresp(u, retcode, id, msg, msglen);
if (retcode == UPAP_AUTHACK) {
u->us_serverstate = UPAPSS_OPEN;
auth_peer_success(u->us_unit, PPP_PAP, ruser, ruserlen);
} else {
u->us_serverstate = UPAPSS_BADAUTH;
auth_peer_fail(u->us_unit, PPP_PAP);
}
if (u->us_reqtimeout > 0) {
UNTIMEOUT(upap_reqtimeout, u);
}
}
/*
* upap_rauthack - Receive Authenticate-Ack.
*/
static void
upap_rauthack(upap_state *u, u_char *inp, int id, int len)
{
u_char msglen;
char *msg;
LWIP_UNUSED_ARG(id);
UPAPDEBUG(LOG_INFO, ("pap_rauthack: Rcvd id %d s=%d\n", id, u->us_clientstate));
if (u->us_clientstate != UPAPCS_AUTHREQ) { /* XXX */
UPAPDEBUG(LOG_INFO, ("pap_rauthack: us_clientstate != UPAPCS_AUTHREQ\n"));
return;
}
/*
* Parse message.
*/
if (len < (int)sizeof (u_char)) {
UPAPDEBUG(LOG_INFO, ("pap_rauthack: ignoring missing msg-length.\n"));
} else {
GETCHAR(msglen, inp);
if (msglen > 0) {
len -= sizeof (u_char);
if (len < msglen) {
UPAPDEBUG(LOG_INFO, ("pap_rauthack: rcvd short packet.\n"));
return;
}
msg = (char *) inp;
PRINTMSG(msg, msglen);
}
}
UNTIMEOUT(upap_timeout, u); /* Cancel timeout */
u->us_clientstate = UPAPCS_OPEN;
auth_withpeer_success(u->us_unit, PPP_PAP);
}
/*
* upap_rauthnak - Receive Authenticate-Nak.
*/
static void
upap_rauthnak(upap_state *u, u_char *inp, int id, int len)
{
u_char msglen;
char *msg;
LWIP_UNUSED_ARG(id);
UPAPDEBUG(LOG_INFO, ("pap_rauthnak: Rcvd id %d s=%d\n", id, u->us_clientstate));
if (u->us_clientstate != UPAPCS_AUTHREQ) { /* XXX */
return;
}
/*
* Parse message.
*/
if (len < sizeof (u_char)) {
UPAPDEBUG(LOG_INFO, ("pap_rauthnak: ignoring missing msg-length.\n"));
} else {
GETCHAR(msglen, inp);
if(msglen > 0) {
len -= sizeof (u_char);
if (len < msglen) {
UPAPDEBUG(LOG_INFO, ("pap_rauthnak: rcvd short packet.\n"));
return;
}
msg = (char *) inp;
PRINTMSG(msg, msglen);
}
}
u->us_clientstate = UPAPCS_BADAUTH;
UPAPDEBUG(LOG_ERR, ("PAP authentication failed\n"));
auth_withpeer_fail(u->us_unit, PPP_PAP);
}
/*
* upap_sauthreq - Send an Authenticate-Request.
*/
static void
upap_sauthreq(upap_state *u)
{
u_char *outp;
int outlen;
outlen = UPAP_HEADERLEN + 2 * sizeof (u_char)
+ u->us_userlen + u->us_passwdlen;
outp = outpacket_buf[u->us_unit];
MAKEHEADER(outp, PPP_PAP);
PUTCHAR(UPAP_AUTHREQ, outp);
PUTCHAR(++u->us_id, outp);
PUTSHORT(outlen, outp);
PUTCHAR(u->us_userlen, outp);
BCOPY(u->us_user, outp, u->us_userlen);
INCPTR(u->us_userlen, outp);
PUTCHAR(u->us_passwdlen, outp);
BCOPY(u->us_passwd, outp, u->us_passwdlen);
pppWrite(u->us_unit, outpacket_buf[u->us_unit], outlen + PPP_HDRLEN);
UPAPDEBUG(LOG_INFO, ("pap_sauth: Sent id %d\n", u->us_id));
TIMEOUT(upap_timeout, u, u->us_timeouttime);
++u->us_transmits;
u->us_clientstate = UPAPCS_AUTHREQ;
}
/*
* upap_sresp - Send a response (ack or nak).
*/
static void
upap_sresp(upap_state *u, u_char code, u_char id, char *msg, int msglen)
{
u_char *outp;
int outlen;
outlen = UPAP_HEADERLEN + sizeof (u_char) + msglen;
outp = outpacket_buf[u->us_unit];
MAKEHEADER(outp, PPP_PAP);
PUTCHAR(code, outp);
PUTCHAR(id, outp);
PUTSHORT(outlen, outp);
PUTCHAR(msglen, outp);
BCOPY(msg, outp, msglen);
pppWrite(u->us_unit, outpacket_buf[u->us_unit], outlen + PPP_HDRLEN);
UPAPDEBUG(LOG_INFO, ("pap_sresp: Sent code %d, id %d s=%d\n", code, id, u->us_clientstate));
}
#if PPP_ADDITIONAL_CALLBACKS
static char *upap_codenames[] = {
"AuthReq", "AuthAck", "AuthNak"
};
/*
* upap_printpkt - print the contents of a PAP packet.
*/
static int upap_printpkt(
u_char *p,
int plen,
void (*printer) (void *, char *, ...),
void *arg
)
{
LWIP_UNUSED_ARG(p);
LWIP_UNUSED_ARG(plen);
LWIP_UNUSED_ARG(printer);
LWIP_UNUSED_ARG(arg);
return 0;
}
#endif /* PPP_ADDITIONAL_CALLBACKS */
#endif /* PAP_SUPPORT */
#endif /* PPP_SUPPORT */

118
src/netif/ppp/pap.h
View File

@ -1,118 +0,0 @@
/*****************************************************************************
* pap.h - PPP Password Authentication Protocol header file.
*
* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
* portions Copyright (c) 1997 Global Election Systems Inc.
*
* The authors hereby grant permission to use, copy, modify, distribute,
* and license this software and its documentation for any purpose, provided
* that existing copyright notices are retained in all copies and that this
* notice and the following disclaimer are included verbatim in any
* distributions. No written agreement, license, or royalty fee is required
* for any of the authorized uses.
*
* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
******************************************************************************
* REVISION HISTORY
*
* 03-01-01 Marc Boucher <marc@mbsi.ca>
* Ported to lwIP.
* 97-12-04 Guy Lancaster <glanca@gesn.com>, Global Election Systems Inc.
* Original derived from BSD codes.
*****************************************************************************/
/*
* upap.h - User/Password Authentication Protocol definitions.
*
* Copyright (c) 1989 Carnegie Mellon University.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that the above copyright notice and this paragraph are
* duplicated in all such forms and that any documentation,
* advertising materials, and other materials related to such
* distribution and use acknowledge that the software was developed
* by Carnegie Mellon University. The name of the
* University may not be used to endorse or promote products derived
* from this software without specific prior written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
#ifndef PAP_H
#define PAP_H
#if PAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
/*
* Packet header = Code, id, length.
*/
#define UPAP_HEADERLEN (sizeof (u_char) + sizeof (u_char) + sizeof (u_short))
/*
* UPAP codes.
*/
#define UPAP_AUTHREQ 1 /* Authenticate-Request */
#define UPAP_AUTHACK 2 /* Authenticate-Ack */
#define UPAP_AUTHNAK 3 /* Authenticate-Nak */
/*
* Each interface is described by upap structure.
*/
typedef struct upap_state {
int us_unit; /* Interface unit number */
const char *us_user; /* User */
int us_userlen; /* User length */
const char *us_passwd; /* Password */
int us_passwdlen; /* Password length */
int us_clientstate; /* Client state */
int us_serverstate; /* Server state */
u_char us_id; /* Current id */
int us_timeouttime; /* Timeout (seconds) for auth-req retrans. */
int us_transmits; /* Number of auth-reqs sent */
int us_maxtransmits; /* Maximum number of auth-reqs to send */
int us_reqtimeout; /* Time to wait for auth-req from peer */
} upap_state;
/*
* Client states.
*/
#define UPAPCS_INITIAL 0 /* Connection down */
#define UPAPCS_CLOSED 1 /* Connection up, haven't requested auth */
#define UPAPCS_PENDING 2 /* Connection down, have requested auth */
#define UPAPCS_AUTHREQ 3 /* We've sent an Authenticate-Request */
#define UPAPCS_OPEN 4 /* We've received an Ack */
#define UPAPCS_BADAUTH 5 /* We've received a Nak */
/*
* Server states.
*/
#define UPAPSS_INITIAL 0 /* Connection down */
#define UPAPSS_CLOSED 1 /* Connection up, haven't requested auth */
#define UPAPSS_PENDING 2 /* Connection down, have requested auth */
#define UPAPSS_LISTEN 3 /* Listening for an Authenticate */
#define UPAPSS_OPEN 4 /* We've sent an Ack */
#define UPAPSS_BADAUTH 5 /* We've sent a Nak */
extern upap_state upap[];
void upap_authwithpeer (int, char *, char *);
void upap_authpeer (int);
extern struct protent pap_protent;
#endif /* PAP_SUPPORT */
#endif /* PAP_H */

34
src/netif/ppp/polarssl/README Normal file
View File

@ -0,0 +1,34 @@
About PolarSSL files into lwIP PPP support
------------------------------------------
This folder contains some files fetched from the latest BSD release of
the PolarSSL project for ciphers and encryption methods we need for lwIP
PPP support.
The PolarSSL files were cleaned to contain only the necessary struct
fields and functions needed for lwIP.
The PolarSSL API was not changed at all, so if you are already using
PolarSSL you can choose to skip the compilation of the included PolarSSL
library into lwIP:
The following defines are available for flexibility:
LWIP_INCLUDED_POLARSSL_MD4 ; Use lwIP internal PolarSSL for MD4
LWIP_INCLUDED_POLARSSL_MD5 ; Use lwIP internal PolarSSL for MD5
LWIP_INCLUDED_POLARSSL_SHA1 ; Use lwIP internal PolarSSL for SHA1
LWIP_INCLUDED_POLARSSL_DES ; Use lwIP internal PolarSSL for DES
If set (=1), the default if required by another enabled PPP feature unless
explicitly set to 0, using included lwIP PolarSSL.
If clear (=0), using external PolarSSL.
Undefined if not needed.
Beware of the stack requirements which can be a lot larger if you are not
using our cleaned PolarSSL library.
PolarSSL project website: http://polarssl.org/

422
src/netif/ppp/polarssl/des.c Normal file
View File

@ -0,0 +1,422 @@
/*
* FIPS-46-3 compliant Triple-DES implementation
*
* Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
*
* Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* * Neither the names of PolarSSL or XySSL nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* DES, on which TDES is based, was originally designed by Horst Feistel
* at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
*
* http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
*/
#include "lwip/opt.h"
#if LWIP_INCLUDED_POLARSSL_DES
#include "netif/ppp/polarssl/des.h"
/*
* 32-bit integer manipulation macros (big endian)
*/
#ifndef GET_ULONG_BE
#define GET_ULONG_BE(n,b,i) \
{ \
(n) = ( (unsigned long) (b)[(i) ] << 24 ) \
| ( (unsigned long) (b)[(i) + 1] << 16 ) \
| ( (unsigned long) (b)[(i) + 2] << 8 ) \
| ( (unsigned long) (b)[(i) + 3] ); \
}
#endif
#ifndef PUT_ULONG_BE
#define PUT_ULONG_BE(n,b,i) \
{ \
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
(b)[(i) + 3] = (unsigned char) ( (n) ); \
}
#endif
/*
* Expanded DES S-boxes
*/
static const unsigned long SB1[64] =
{
0x01010400, 0x00000000, 0x00010000, 0x01010404,
0x01010004, 0x00010404, 0x00000004, 0x00010000,
0x00000400, 0x01010400, 0x01010404, 0x00000400,
0x01000404, 0x01010004, 0x01000000, 0x00000004,
0x00000404, 0x01000400, 0x01000400, 0x00010400,
0x00010400, 0x01010000, 0x01010000, 0x01000404,
0x00010004, 0x01000004, 0x01000004, 0x00010004,
0x00000000, 0x00000404, 0x00010404, 0x01000000,
0x00010000, 0x01010404, 0x00000004, 0x01010000,
0x01010400, 0x01000000, 0x01000000, 0x00000400,
0x01010004, 0x00010000, 0x00010400, 0x01000004,
0x00000400, 0x00000004, 0x01000404, 0x00010404,
0x01010404, 0x00010004, 0x01010000, 0x01000404,
0x01000004, 0x00000404, 0x00010404, 0x01010400,
0x00000404, 0x01000400, 0x01000400, 0x00000000,
0x00010004, 0x00010400, 0x00000000, 0x01010004
};
static const unsigned long SB2[64] =
{
0x80108020, 0x80008000, 0x00008000, 0x00108020,
0x00100000, 0x00000020, 0x80100020, 0x80008020,
0x80000020, 0x80108020, 0x80108000, 0x80000000,
0x80008000, 0x00100000, 0x00000020, 0x80100020,
0x00108000, 0x00100020, 0x80008020, 0x00000000,
0x80000000, 0x00008000, 0x00108020, 0x80100000,
0x00100020, 0x80000020, 0x00000000, 0x00108000,
0x00008020, 0x80108000, 0x80100000, 0x00008020,
0x00000000, 0x00108020, 0x80100020, 0x00100000,
0x80008020, 0x80100000, 0x80108000, 0x00008000,
0x80100000, 0x80008000, 0x00000020, 0x80108020,
0x00108020, 0x00000020, 0x00008000, 0x80000000,
0x00008020, 0x80108000, 0x00100000, 0x80000020,
0x00100020, 0x80008020, 0x80000020, 0x00100020,
0x00108000, 0x00000000, 0x80008000, 0x00008020,
0x80000000, 0x80100020, 0x80108020, 0x00108000
};
static const unsigned long SB3[64] =
{
0x00000208, 0x08020200, 0x00000000, 0x08020008,
0x08000200, 0x00000000, 0x00020208, 0x08000200,
0x00020008, 0x08000008, 0x08000008, 0x00020000,
0x08020208, 0x00020008, 0x08020000, 0x00000208,
0x08000000, 0x00000008, 0x08020200, 0x00000200,
0x00020200, 0x08020000, 0x08020008, 0x00020208,
0x08000208, 0x00020200, 0x00020000, 0x08000208,
0x00000008, 0x08020208, 0x00000200, 0x08000000,
0x08020200, 0x08000000, 0x00020008, 0x00000208,
0x00020000, 0x08020200, 0x08000200, 0x00000000,
0x00000200, 0x00020008, 0x08020208, 0x08000200,
0x08000008, 0x00000200, 0x00000000, 0x08020008,
0x08000208, 0x00020000, 0x08000000, 0x08020208,
0x00000008, 0x00020208, 0x00020200, 0x08000008,
0x08020000, 0x08000208, 0x00000208, 0x08020000,
0x00020208, 0x00000008, 0x08020008, 0x00020200
};
static const unsigned long SB4[64] =
{
0x00802001, 0x00002081, 0x00002081, 0x00000080,
0x00802080, 0x00800081, 0x00800001, 0x00002001,
0x00000000, 0x00802000, 0x00802000, 0x00802081,
0x00000081, 0x00000000, 0x00800080, 0x00800001,
0x00000001, 0x00002000, 0x00800000, 0x00802001,
0x00000080, 0x00800000, 0x00002001, 0x00002080,
0x00800081, 0x00000001, 0x00002080, 0x00800080,
0x00002000, 0x00802080, 0x00802081, 0x00000081,
0x00800080, 0x00800001, 0x00802000, 0x00802081,
0x00000081, 0x00000000, 0x00000000, 0x00802000,
0x00002080, 0x00800080, 0x00800081, 0x00000001,
0x00802001, 0x00002081, 0x00002081, 0x00000080,
0x00802081, 0x00000081, 0x00000001, 0x00002000,
0x00800001, 0x00002001, 0x00802080, 0x00800081,
0x00002001, 0x00002080, 0x00800000, 0x00802001,
0x00000080, 0x00800000, 0x00002000, 0x00802080
};
static const unsigned long SB5[64] =
{
0x00000100, 0x02080100, 0x02080000, 0x42000100,
0x00080000, 0x00000100, 0x40000000, 0x02080000,
0x40080100, 0x00080000, 0x02000100, 0x40080100,
0x42000100, 0x42080000, 0x00080100, 0x40000000,
0x02000000, 0x40080000, 0x40080000, 0x00000000,
0x40000100, 0x42080100, 0x42080100, 0x02000100,
0x42080000, 0x40000100, 0x00000000, 0x42000000,
0x02080100, 0x02000000, 0x42000000, 0x00080100,
0x00080000, 0x42000100, 0x00000100, 0x02000000,
0x40000000, 0x02080000, 0x42000100, 0x40080100,
0x02000100, 0x40000000, 0x42080000, 0x02080100,
0x40080100, 0x00000100, 0x02000000, 0x42080000,
0x42080100, 0x00080100, 0x42000000, 0x42080100,
0x02080000, 0x00000000, 0x40080000, 0x42000000,
0x00080100, 0x02000100, 0x40000100, 0x00080000,
0x00000000, 0x40080000, 0x02080100, 0x40000100
};
static const unsigned long SB6[64] =
{
0x20000010, 0x20400000, 0x00004000, 0x20404010,
0x20400000, 0x00000010, 0x20404010, 0x00400000,
0x20004000, 0x00404010, 0x00400000, 0x20000010,
0x00400010, 0x20004000, 0x20000000, 0x00004010,
0x00000000, 0x00400010, 0x20004010, 0x00004000,
0x00404000, 0x20004010, 0x00000010, 0x20400010,
0x20400010, 0x00000000, 0x00404010, 0x20404000,
0x00004010, 0x00404000, 0x20404000, 0x20000000,
0x20004000, 0x00000010, 0x20400010, 0x00404000,
0x20404010, 0x00400000, 0x00004010, 0x20000010,
0x00400000, 0x20004000, 0x20000000, 0x00004010,
0x20000010, 0x20404010, 0x00404000, 0x20400000,
0x00404010, 0x20404000, 0x00000000, 0x20400010,
0x00000010, 0x00004000, 0x20400000, 0x00404010,
0x00004000, 0x00400010, 0x20004010, 0x00000000,
0x20404000, 0x20000000, 0x00400010, 0x20004010
};
static const unsigned long SB7[64] =
{
0x00200000, 0x04200002, 0x04000802, 0x00000000,
0x00000800, 0x04000802, 0x00200802, 0x04200800,
0x04200802, 0x00200000, 0x00000000, 0x04000002,
0x00000002, 0x04000000, 0x04200002, 0x00000802,
0x04000800, 0x00200802, 0x00200002, 0x04000800,
0x04000002, 0x04200000, 0x04200800, 0x00200002,
0x04200000, 0x00000800, 0x00000802, 0x04200802,
0x00200800, 0x00000002, 0x04000000, 0x00200800,
0x04000000, 0x00200800, 0x00200000, 0x04000802,
0x04000802, 0x04200002, 0x04200002, 0x00000002,
0x00200002, 0x04000000, 0x04000800, 0x00200000,
0x04200800, 0x00000802, 0x00200802, 0x04200800,
0x00000802, 0x04000002, 0x04200802, 0x04200000,
0x00200800, 0x00000000, 0x00000002, 0x04200802,
0x00000000, 0x00200802, 0x04200000, 0x00000800,
0x04000002, 0x04000800, 0x00000800, 0x00200002
};
static const unsigned long SB8[64] =
{
0x10001040, 0x00001000, 0x00040000, 0x10041040,
0x10000000, 0x10001040, 0x00000040, 0x10000000,
0x00040040, 0x10040000, 0x10041040, 0x00041000,
0x10041000, 0x00041040, 0x00001000, 0x00000040,
0x10040000, 0x10000040, 0x10001000, 0x00001040,
0x00041000, 0x00040040, 0x10040040, 0x10041000,
0x00001040, 0x00000000, 0x00000000, 0x10040040,
0x10000040, 0x10001000, 0x00041040, 0x00040000,
0x00041040, 0x00040000, 0x10041000, 0x00001000,
0x00000040, 0x10040040, 0x00001000, 0x00041040,
0x10001000, 0x00000040, 0x10000040, 0x10040000,
0x10040040, 0x10000000, 0x00040000, 0x10001040,
0x00000000, 0x10041040, 0x00040040, 0x10000040,
0x10040000, 0x10001000, 0x10001040, 0x00000000,
0x10041040, 0x00041000, 0x00041000, 0x00001040,
0x00001040, 0x00040040, 0x10000000, 0x10041000
};
/*
* PC1: left and right halves bit-swap
*/
static const unsigned long LHs[16] =
{
0x00000000, 0x00000001, 0x00000100, 0x00000101,
0x00010000, 0x00010001, 0x00010100, 0x00010101,
0x01000000, 0x01000001, 0x01000100, 0x01000101,
0x01010000, 0x01010001, 0x01010100, 0x01010101
};
static const unsigned long RHs[16] =
{
0x00000000, 0x01000000, 0x00010000, 0x01010000,
0x00000100, 0x01000100, 0x00010100, 0x01010100,
0x00000001, 0x01000001, 0x00010001, 0x01010001,
0x00000101, 0x01000101, 0x00010101, 0x01010101,
};
/*
* Initial Permutation macro
*/
#define DES_IP(X,Y) \
{ \
T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
Y = ((Y << 1) | (Y >> 31)) & 0xFFFFFFFF; \
T = (X ^ Y) & 0xAAAAAAAA; Y ^= T; X ^= T; \
X = ((X << 1) | (X >> 31)) & 0xFFFFFFFF; \
}
/*
* Final Permutation macro
*/
#define DES_FP(X,Y) \
{ \
X = ((X << 31) | (X >> 1)) & 0xFFFFFFFF; \
T = (X ^ Y) & 0xAAAAAAAA; X ^= T; Y ^= T; \
Y = ((Y << 31) | (Y >> 1)) & 0xFFFFFFFF; \
T = ((Y >> 8) ^ X) & 0x00FF00FF; X ^= T; Y ^= (T << 8); \
T = ((Y >> 2) ^ X) & 0x33333333; X ^= T; Y ^= (T << 2); \
T = ((X >> 16) ^ Y) & 0x0000FFFF; Y ^= T; X ^= (T << 16); \
T = ((X >> 4) ^ Y) & 0x0F0F0F0F; Y ^= T; X ^= (T << 4); \
}
/*
* DES round macro
*/
#define DES_ROUND(X,Y) \
{ \
T = *SK++ ^ X; \
Y ^= SB8[ (T ) & 0x3F ] ^ \
SB6[ (T >> 8) & 0x3F ] ^ \
SB4[ (T >> 16) & 0x3F ] ^ \
SB2[ (T >> 24) & 0x3F ]; \
\
T = *SK++ ^ ((X << 28) | (X >> 4)); \
Y ^= SB7[ (T ) & 0x3F ] ^ \
SB5[ (T >> 8) & 0x3F ] ^ \
SB3[ (T >> 16) & 0x3F ] ^ \
SB1[ (T >> 24) & 0x3F ]; \
}
#define SWAP(a,b) { unsigned long t = a; a = b; b = t; t = 0; }
static void des_setkey( unsigned long SK[32], unsigned char key[8] )
{
int i;
unsigned long X, Y, T;
GET_ULONG_BE( X, key, 0 );
GET_ULONG_BE( Y, key, 4 );
/*
* Permuted Choice 1
*/
T = ((Y >> 4) ^ X) & 0x0F0F0F0F; X ^= T; Y ^= (T << 4);
T = ((Y ) ^ X) & 0x10101010; X ^= T; Y ^= (T );
X = (LHs[ (X ) & 0xF] << 3) | (LHs[ (X >> 8) & 0xF ] << 2)
| (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ] )
| (LHs[ (X >> 5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
| (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
Y = (RHs[ (Y >> 1) & 0xF] << 3) | (RHs[ (Y >> 9) & 0xF ] << 2)
| (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ] )
| (RHs[ (Y >> 4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
| (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
X &= 0x0FFFFFFF;
Y &= 0x0FFFFFFF;
/*
* calculate subkeys
*/
for( i = 0; i < 16; i++ )
{
if( i < 2 || i == 8 || i == 15 )
{
X = ((X << 1) | (X >> 27)) & 0x0FFFFFFF;
Y = ((Y << 1) | (Y >> 27)) & 0x0FFFFFFF;
}
else
{
X = ((X << 2) | (X >> 26)) & 0x0FFFFFFF;
Y = ((Y << 2) | (Y >> 26)) & 0x0FFFFFFF;
}
*SK++ = ((X << 4) & 0x24000000) | ((X << 28) & 0x10000000)
| ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
| ((X << 6) & 0x01000000) | ((X << 9) & 0x00200000)
| ((X >> 1) & 0x00100000) | ((X << 10) & 0x00040000)
| ((X << 2) & 0x00020000) | ((X >> 10) & 0x00010000)
| ((Y >> 13) & 0x00002000) | ((Y >> 4) & 0x00001000)
| ((Y << 6) & 0x00000800) | ((Y >> 1) & 0x00000400)
| ((Y >> 14) & 0x00000200) | ((Y ) & 0x00000100)
| ((Y >> 5) & 0x00000020) | ((Y >> 10) & 0x00000010)
| ((Y >> 3) & 0x00000008) | ((Y >> 18) & 0x00000004)
| ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
*SK++ = ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
| ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
| ((X >> 2) & 0x02000000) | ((X << 1) & 0x01000000)
| ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
| ((X << 3) & 0x00080000) | ((X >> 6) & 0x00040000)
| ((X << 15) & 0x00020000) | ((X >> 4) & 0x00010000)
| ((Y >> 2) & 0x00002000) | ((Y << 8) & 0x00001000)
| ((Y >> 14) & 0x00000808) | ((Y >> 9) & 0x00000400)
| ((Y ) & 0x00000200) | ((Y << 7) & 0x00000100)
| ((Y >> 7) & 0x00000020) | ((Y >> 3) & 0x00000011)
| ((Y << 2) & 0x00000004) | ((Y >> 21) & 0x00000002);
}
}
/*
* DES key schedule (56-bit, encryption)
*/
void des_setkey_enc( des_context *ctx, unsigned char key[8] )
{
des_setkey( ctx->sk, key );
}
/*
* DES key schedule (56-bit, decryption)
*/
void des_setkey_dec( des_context *ctx, unsigned char key[8] )
{
int i;
des_setkey( ctx->sk, key );
for( i = 0; i < 16; i += 2 )
{
SWAP( ctx->sk[i ], ctx->sk[30 - i] );
SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
}
}
/*
* DES-ECB block encryption/decryption
*/
void des_crypt_ecb( des_context *ctx,
unsigned char input[8],
unsigned char output[8] )
{
int i;
unsigned long X, Y, T, *SK;
SK = ctx->sk;
GET_ULONG_BE( X, input, 0 );
GET_ULONG_BE( Y, input, 4 );
DES_IP( X, Y );
for( i = 0; i < 8; i++ )
{
DES_ROUND( Y, X );
DES_ROUND( X, Y );
}
DES_FP( Y, X );
PUT_ULONG_BE( Y, output, 0 );
PUT_ULONG_BE( X, output, 4 );
}
#endif /* LWIP_INCLUDED_POLARSSL_DES */

279
src/netif/ppp/polarssl/md4.c Normal file
View File

@ -0,0 +1,279 @@
/*
* RFC 1186/1320 compliant MD4 implementation
*
* Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
*
* Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* * Neither the names of PolarSSL or XySSL nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* The MD4 algorithm was designed by Ron Rivest in 1990.
*
* http://www.ietf.org/rfc/rfc1186.txt
* http://www.ietf.org/rfc/rfc1320.txt
*/
#include "lwip/opt.h"
#if LWIP_INCLUDED_POLARSSL_MD4
#include "netif/ppp/polarssl/md4.h"
/*
* 32-bit integer manipulation macros (little endian)
*/
#ifndef GET_ULONG_LE
#define GET_ULONG_LE(n,b,i) \
{ \
(n) = ( (unsigned long) (b)[(i) ] ) \
| ( (unsigned long) (b)[(i) + 1] << 8 ) \
| ( (unsigned long) (b)[(i) + 2] << 16 ) \
| ( (unsigned long) (b)[(i) + 3] << 24 ); \
}
#endif
#ifndef PUT_ULONG_LE
#define PUT_ULONG_LE(n,b,i) \
{ \
(b)[(i) ] = (unsigned char) ( (n) ); \
(b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \
(b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \
(b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \
}
#endif
/*
* MD4 context setup
*/
void md4_starts( md4_context *ctx )
{
ctx->total[0] = 0;
ctx->total[1] = 0;
ctx->state[0] = 0x67452301;
ctx->state[1] = 0xEFCDAB89;
ctx->state[2] = 0x98BADCFE;
ctx->state[3] = 0x10325476;
}
static void md4_process( md4_context *ctx, unsigned char data[64] )
{
unsigned long X[16], A, B, C, D;
GET_ULONG_LE( X[ 0], data, 0 );
GET_ULONG_LE( X[ 1], data, 4 );
GET_ULONG_LE( X[ 2], data, 8 );
GET_ULONG_LE( X[ 3], data, 12 );
GET_ULONG_LE( X[ 4], data, 16 );
GET_ULONG_LE( X[ 5], data, 20 );
GET_ULONG_LE( X[ 6], data, 24 );
GET_ULONG_LE( X[ 7], data, 28 );
GET_ULONG_LE( X[ 8], data, 32 );
GET_ULONG_LE( X[ 9], data, 36 );
GET_ULONG_LE( X[10], data, 40 );
GET_ULONG_LE( X[11], data, 44 );
GET_ULONG_LE( X[12], data, 48 );
GET_ULONG_LE( X[13], data, 52 );
GET_ULONG_LE( X[14], data, 56 );
GET_ULONG_LE( X[15], data, 60 );
#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
A = ctx->state[0];
B = ctx->state[1];
C = ctx->state[2];
D = ctx->state[3];
#define F(x, y, z) ((x & y) | ((~x) & z))
#define P(a,b,c,d,x,s) { a += F(b,c,d) + x; a = S(a,s); }
P( A, B, C, D, X[ 0], 3 );
P( D, A, B, C, X[ 1], 7 );
P( C, D, A, B, X[ 2], 11 );
P( B, C, D, A, X[ 3], 19 );
P( A, B, C, D, X[ 4], 3 );
P( D, A, B, C, X[ 5], 7 );
P( C, D, A, B, X[ 6], 11 );
P( B, C, D, A, X[ 7], 19 );
P( A, B, C, D, X[ 8], 3 );
P( D, A, B, C, X[ 9], 7 );
P( C, D, A, B, X[10], 11 );
P( B, C, D, A, X[11], 19 );
P( A, B, C, D, X[12], 3 );
P( D, A, B, C, X[13], 7 );
P( C, D, A, B, X[14], 11 );
P( B, C, D, A, X[15], 19 );
#undef P
#undef F
#define F(x,y,z) ((x & y) | (x & z) | (y & z))
#define P(a,b,c,d,x,s) { a += F(b,c,d) + x + 0x5A827999; a = S(a,s); }
P( A, B, C, D, X[ 0], 3 );
P( D, A, B, C, X[ 4], 5 );
P( C, D, A, B, X[ 8], 9 );
P( B, C, D, A, X[12], 13 );
P( A, B, C, D, X[ 1], 3 );
P( D, A, B, C, X[ 5], 5 );
P( C, D, A, B, X[ 9], 9 );
P( B, C, D, A, X[13], 13 );
P( A, B, C, D, X[ 2], 3 );
P( D, A, B, C, X[ 6], 5 );
P( C, D, A, B, X[10], 9 );
P( B, C, D, A, X[14], 13 );
P( A, B, C, D, X[ 3], 3 );
P( D, A, B, C, X[ 7], 5 );
P( C, D, A, B, X[11], 9 );
P( B, C, D, A, X[15], 13 );
#undef P
#undef F
#define F(x,y,z) (x ^ y ^ z)
#define P(a,b,c,d,x,s) { a += F(b,c,d) + x + 0x6ED9EBA1; a = S(a,s); }
P( A, B, C, D, X[ 0], 3 );
P( D, A, B, C, X[ 8], 9 );
P( C, D, A, B, X[ 4], 11 );
P( B, C, D, A, X[12], 15 );
P( A, B, C, D, X[ 2], 3 );
P( D, A, B, C, X[10], 9 );
P( C, D, A, B, X[ 6], 11 );
P( B, C, D, A, X[14], 15 );
P( A, B, C, D, X[ 1], 3 );
P( D, A, B, C, X[ 9], 9 );
P( C, D, A, B, X[ 5], 11 );
P( B, C, D, A, X[13], 15 );
P( A, B, C, D, X[ 3], 3 );
P( D, A, B, C, X[11], 9 );
P( C, D, A, B, X[ 7], 11 );
P( B, C, D, A, X[15], 15 );
#undef F
#undef P
ctx->state[0] += A;
ctx->state[1] += B;
ctx->state[2] += C;
ctx->state[3] += D;
}
/*
* MD4 process buffer
*/
void md4_update( md4_context *ctx, unsigned char *input, int ilen )
{
int fill;
unsigned long left;
if( ilen <= 0 )
return;
left = ctx->total[0] & 0x3F;
fill = 64 - left;
ctx->total[0] += ilen;
ctx->total[0] &= 0xFFFFFFFF;
if( ctx->total[0] < (unsigned long) ilen )
ctx->total[1]++;
if( left && ilen >= fill )
{
MEMCPY( (void *) (ctx->buffer + left),
(void *) input, fill );
md4_process( ctx, ctx->buffer );
input += fill;
ilen -= fill;
left = 0;
}
while( ilen >= 64 )
{
md4_process( ctx, input );
input += 64;
ilen -= 64;
}
if( ilen > 0 )
{
MEMCPY( (void *) (ctx->buffer + left),
(void *) input, ilen );
}
}
static const unsigned char md4_padding[64] =
{
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
/*
* MD4 final digest
*/
void md4_finish( md4_context *ctx, unsigned char output[16] )
{
unsigned long last, padn;
unsigned long high, low;
unsigned char msglen[8];
high = ( ctx->total[0] >> 29 )
| ( ctx->total[1] << 3 );
low = ( ctx->total[0] << 3 );
PUT_ULONG_LE( low, msglen, 0 );
PUT_ULONG_LE( high, msglen, 4 );
last = ctx->total[0] & 0x3F;
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
md4_update( ctx, (unsigned char *) md4_padding, padn );
md4_update( ctx, msglen, 8 );
PUT_ULONG_LE( ctx->state[0], output, 0 );
PUT_ULONG_LE( ctx->state[1], output, 4 );
PUT_ULONG_LE( ctx->state[2], output, 8 );
PUT_ULONG_LE( ctx->state[3], output, 12 );
}
/*
* output = MD4( input buffer )
*/
void md4( unsigned char *input, int ilen, unsigned char output[16] )
{
md4_context ctx;
md4_starts( &ctx );
md4_update( &ctx, input, ilen );
md4_finish( &ctx, output );
}
#endif /* LWIP_INCLUDED_POLARSSL_MD4 */

298
src/netif/ppp/polarssl/md5.c Normal file
View File

@ -0,0 +1,298 @@
/*
* RFC 1321 compliant MD5 implementation
*
* Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
*
* Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* * Neither the names of PolarSSL or XySSL nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* The MD5 algorithm was designed by Ron Rivest in 1991.
*
* http://www.ietf.org/rfc/rfc1321.txt
*/
#include "lwip/opt.h"
#if LWIP_INCLUDED_POLARSSL_MD5
#include "netif/ppp/polarssl/md5.h"
/*
* 32-bit integer manipulation macros (little endian)
*/
#ifndef GET_ULONG_LE
#define GET_ULONG_LE(n,b,i) \
{ \
(n) = ( (unsigned long) (b)[(i) ] ) \
| ( (unsigned long) (b)[(i) + 1] << 8 ) \
| ( (unsigned long) (b)[(i) + 2] << 16 ) \
| ( (unsigned long) (b)[(i) + 3] << 24 ); \
}
#endif
#ifndef PUT_ULONG_LE
#define PUT_ULONG_LE(n,b,i) \
{ \
(b)[(i) ] = (unsigned char) ( (n) ); \
(b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \
(b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \
(b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \
}
#endif
/*
* MD5 context setup
*/
void md5_starts( md5_context *ctx )
{
ctx->total[0] = 0;
ctx->total[1] = 0;
ctx->state[0] = 0x67452301;
ctx->state[1] = 0xEFCDAB89;
ctx->state[2] = 0x98BADCFE;
ctx->state[3] = 0x10325476;
}
static void md5_process( md5_context *ctx, unsigned char data[64] )
{
unsigned long X[16], A, B, C, D;
GET_ULONG_LE( X[ 0], data, 0 );
GET_ULONG_LE( X[ 1], data, 4 );
GET_ULONG_LE( X[ 2], data, 8 );
GET_ULONG_LE( X[ 3], data, 12 );
GET_ULONG_LE( X[ 4], data, 16 );
GET_ULONG_LE( X[ 5], data, 20 );
GET_ULONG_LE( X[ 6], data, 24 );
GET_ULONG_LE( X[ 7], data, 28 );
GET_ULONG_LE( X[ 8], data, 32 );
GET_ULONG_LE( X[ 9], data, 36 );
GET_ULONG_LE( X[10], data, 40 );
GET_ULONG_LE( X[11], data, 44 );
GET_ULONG_LE( X[12], data, 48 );
GET_ULONG_LE( X[13], data, 52 );
GET_ULONG_LE( X[14], data, 56 );
GET_ULONG_LE( X[15], data, 60 );
#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
#define P(a,b,c,d,k,s,t) \
{ \
a += F(b,c,d) + X[k] + t; a = S(a,s) + b; \
}
A = ctx->state[0];
B = ctx->state[1];
C = ctx->state[2];
D = ctx->state[3];
#define F(x,y,z) (z ^ (x & (y ^ z)))
P( A, B, C, D, 0, 7, 0xD76AA478 );
P( D, A, B, C, 1, 12, 0xE8C7B756 );
P( C, D, A, B, 2, 17, 0x242070DB );
P( B, C, D, A, 3, 22, 0xC1BDCEEE );
P( A, B, C, D, 4, 7, 0xF57C0FAF );
P( D, A, B, C, 5, 12, 0x4787C62A );
P( C, D, A, B, 6, 17, 0xA8304613 );
P( B, C, D, A, 7, 22, 0xFD469501 );
P( A, B, C, D, 8, 7, 0x698098D8 );
P( D, A, B, C, 9, 12, 0x8B44F7AF );
P( C, D, A, B, 10, 17, 0xFFFF5BB1 );
P( B, C, D, A, 11, 22, 0x895CD7BE );
P( A, B, C, D, 12, 7, 0x6B901122 );
P( D, A, B, C, 13, 12, 0xFD987193 );
P( C, D, A, B, 14, 17, 0xA679438E );
P( B, C, D, A, 15, 22, 0x49B40821 );
#undef F
#define F(x,y,z) (y ^ (z & (x ^ y)))
P( A, B, C, D, 1, 5, 0xF61E2562 );
P( D, A, B, C, 6, 9, 0xC040B340 );
P( C, D, A, B, 11, 14, 0x265E5A51 );
P( B, C, D, A, 0, 20, 0xE9B6C7AA );
P( A, B, C, D, 5, 5, 0xD62F105D );
P( D, A, B, C, 10, 9, 0x02441453 );
P( C, D, A, B, 15, 14, 0xD8A1E681 );
P( B, C, D, A, 4, 20, 0xE7D3FBC8 );
P( A, B, C, D, 9, 5, 0x21E1CDE6 );
P( D, A, B, C, 14, 9, 0xC33707D6 );
P( C, D, A, B, 3, 14, 0xF4D50D87 );
P( B, C, D, A, 8, 20, 0x455A14ED );
P( A, B, C, D, 13, 5, 0xA9E3E905 );
P( D, A, B, C, 2, 9, 0xFCEFA3F8 );
P( C, D, A, B, 7, 14, 0x676F02D9 );
P( B, C, D, A, 12, 20, 0x8D2A4C8A );
#undef F
#define F(x,y,z) (x ^ y ^ z)
P( A, B, C, D, 5, 4, 0xFFFA3942 );
P( D, A, B, C, 8, 11, 0x8771F681 );
P( C, D, A, B, 11, 16, 0x6D9D6122 );
P( B, C, D, A, 14, 23, 0xFDE5380C );
P( A, B, C, D, 1, 4, 0xA4BEEA44 );
P( D, A, B, C, 4, 11, 0x4BDECFA9 );
P( C, D, A, B, 7, 16, 0xF6BB4B60 );
P( B, C, D, A, 10, 23, 0xBEBFBC70 );
P( A, B, C, D, 13, 4, 0x289B7EC6 );
P( D, A, B, C, 0, 11, 0xEAA127FA );
P( C, D, A, B, 3, 16, 0xD4EF3085 );
P( B, C, D, A, 6, 23, 0x04881D05 );
P( A, B, C, D, 9, 4, 0xD9D4D039 );
P( D, A, B, C, 12, 11, 0xE6DB99E5 );
P( C, D, A, B, 15, 16, 0x1FA27CF8 );
P( B, C, D, A, 2, 23, 0xC4AC5665 );
#undef F
#define F(x,y,z) (y ^ (x | ~z))
P( A, B, C, D, 0, 6, 0xF4292244 );
P( D, A, B, C, 7, 10, 0x432AFF97 );
P( C, D, A, B, 14, 15, 0xAB9423A7 );
P( B, C, D, A, 5, 21, 0xFC93A039 );
P( A, B, C, D, 12, 6, 0x655B59C3 );
P( D, A, B, C, 3, 10, 0x8F0CCC92 );
P( C, D, A, B, 10, 15, 0xFFEFF47D );
P( B, C, D, A, 1, 21, 0x85845DD1 );
P( A, B, C, D, 8, 6, 0x6FA87E4F );
P( D, A, B, C, 15, 10, 0xFE2CE6E0 );
P( C, D, A, B, 6, 15, 0xA3014314 );
P( B, C, D, A, 13, 21, 0x4E0811A1 );
P( A, B, C, D, 4, 6, 0xF7537E82 );
P( D, A, B, C, 11, 10, 0xBD3AF235 );
P( C, D, A, B, 2, 15, 0x2AD7D2BB );
P( B, C, D, A, 9, 21, 0xEB86D391 );
#undef F
ctx->state[0] += A;
ctx->state[1] += B;
ctx->state[2] += C;
ctx->state[3] += D;
}
/*
* MD5 process buffer
*/
void md5_update( md5_context *ctx, unsigned char *input, int ilen )
{
int fill;
unsigned long left;
if( ilen <= 0 )
return;
left = ctx->total[0] & 0x3F;
fill = 64 - left;
ctx->total[0] += ilen;
ctx->total[0] &= 0xFFFFFFFF;
if( ctx->total[0] < (unsigned long) ilen )
ctx->total[1]++;
if( left && ilen >= fill )
{
MEMCPY( (void *) (ctx->buffer + left),
(void *) input, fill );
md5_process( ctx, ctx->buffer );
input += fill;
ilen -= fill;
left = 0;
}
while( ilen >= 64 )
{
md5_process( ctx, input );
input += 64;
ilen -= 64;
}
if( ilen > 0 )
{
MEMCPY( (void *) (ctx->buffer + left),
(void *) input, ilen );
}
}
static const unsigned char md5_padding[64] =
{
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
/*
* MD5 final digest
*/
void md5_finish( md5_context *ctx, unsigned char output[16] )
{
unsigned long last, padn;
unsigned long high, low;
unsigned char msglen[8];
high = ( ctx->total[0] >> 29 )
| ( ctx->total[1] << 3 );
low = ( ctx->total[0] << 3 );
PUT_ULONG_LE( low, msglen, 0 );
PUT_ULONG_LE( high, msglen, 4 );
last = ctx->total[0] & 0x3F;
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
md5_update( ctx, (unsigned char *) md5_padding, padn );
md5_update( ctx, msglen, 8 );
PUT_ULONG_LE( ctx->state[0], output, 0 );
PUT_ULONG_LE( ctx->state[1], output, 4 );
PUT_ULONG_LE( ctx->state[2], output, 8 );
PUT_ULONG_LE( ctx->state[3], output, 12 );
}
/*
* output = MD5( input buffer )
*/
void md5( unsigned char *input, int ilen, unsigned char output[16] )
{
md5_context ctx;
md5_starts( &ctx );
md5_update( &ctx, input, ilen );
md5_finish( &ctx, output );
}
#endif /* LWIP_INCLUDED_POLARSSL_MD5 */

333
src/netif/ppp/polarssl/sha1.c Normal file
View File

@ -0,0 +1,333 @@
/*
* FIPS-180-1 compliant SHA-1 implementation
*
* Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
*
* Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* * Neither the names of PolarSSL or XySSL nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* The SHA-1 standard was published by NIST in 1993.
*
* http://www.itl.nist.gov/fipspubs/fip180-1.htm
*/
#include "lwip/opt.h"
#if LWIP_INCLUDED_POLARSSL_SHA1
#include "netif/ppp/polarssl/sha1.h"
/*
* 32-bit integer manipulation macros (big endian)
*/
#ifndef GET_ULONG_BE
#define GET_ULONG_BE(n,b,i) \
{ \
(n) = ( (unsigned long) (b)[(i) ] << 24 ) \
| ( (unsigned long) (b)[(i) + 1] << 16 ) \
| ( (unsigned long) (b)[(i) + 2] << 8 ) \
| ( (unsigned long) (b)[(i) + 3] ); \
}
#endif
#ifndef PUT_ULONG_BE
#define PUT_ULONG_BE(n,b,i) \
{ \
(b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
(b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
(b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
(b)[(i) + 3] = (unsigned char) ( (n) ); \
}
#endif
/*
* SHA-1 context setup
*/
void sha1_starts( sha1_context *ctx )
{
ctx->total[0] = 0;
ctx->total[1] = 0;
ctx->state[0] = 0x67452301;
ctx->state[1] = 0xEFCDAB89;
ctx->state[2] = 0x98BADCFE;
ctx->state[3] = 0x10325476;
ctx->state[4] = 0xC3D2E1F0;
}
static void sha1_process( sha1_context *ctx, unsigned char data[64] )
{
unsigned long temp, W[16], A, B, C, D, E;
GET_ULONG_BE( W[ 0], data, 0 );
GET_ULONG_BE( W[ 1], data, 4 );
GET_ULONG_BE( W[ 2], data, 8 );
GET_ULONG_BE( W[ 3], data, 12 );
GET_ULONG_BE( W[ 4], data, 16 );
GET_ULONG_BE( W[ 5], data, 20 );
GET_ULONG_BE( W[ 6], data, 24 );
GET_ULONG_BE( W[ 7], data, 28 );
GET_ULONG_BE( W[ 8], data, 32 );
GET_ULONG_BE( W[ 9], data, 36 );
GET_ULONG_BE( W[10], data, 40 );
GET_ULONG_BE( W[11], data, 44 );
GET_ULONG_BE( W[12], data, 48 );
GET_ULONG_BE( W[13], data, 52 );
GET_ULONG_BE( W[14], data, 56 );
GET_ULONG_BE( W[15], data, 60 );
#define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n)))
#define R(t) \
( \
temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \
W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \
( W[t & 0x0F] = S(temp,1) ) \
)
#define P(a,b,c,d,e,x) \
{ \
e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \
}
A = ctx->state[0];
B = ctx->state[1];
C = ctx->state[2];
D = ctx->state[3];
E = ctx->state[4];
#define F(x,y,z) (z ^ (x & (y ^ z)))
#define K 0x5A827999
P( A, B, C, D, E, W[0] );
P( E, A, B, C, D, W[1] );
P( D, E, A, B, C, W[2] );
P( C, D, E, A, B, W[3] );
P( B, C, D, E, A, W[4] );
P( A, B, C, D, E, W[5] );
P( E, A, B, C, D, W[6] );
P( D, E, A, B, C, W[7] );
P( C, D, E, A, B, W[8] );
P( B, C, D, E, A, W[9] );
P( A, B, C, D, E, W[10] );
P( E, A, B, C, D, W[11] );
P( D, E, A, B, C, W[12] );
P( C, D, E, A, B, W[13] );
P( B, C, D, E, A, W[14] );
P( A, B, C, D, E, W[15] );
P( E, A, B, C, D, R(16) );
P( D, E, A, B, C, R(17) );
P( C, D, E, A, B, R(18) );
P( B, C, D, E, A, R(19) );
#undef K
#undef F
#define F(x,y,z) (x ^ y ^ z)
#define K 0x6ED9EBA1
P( A, B, C, D, E, R(20) );
P( E, A, B, C, D, R(21) );
P( D, E, A, B, C, R(22) );
P( C, D, E, A, B, R(23) );
P( B, C, D, E, A, R(24) );
P( A, B, C, D, E, R(25) );
P( E, A, B, C, D, R(26) );
P( D, E, A, B, C, R(27) );
P( C, D, E, A, B, R(28) );
P( B, C, D, E, A, R(29) );
P( A, B, C, D, E, R(30) );
P( E, A, B, C, D, R(31) );
P( D, E, A, B, C, R(32) );
P( C, D, E, A, B, R(33) );
P( B, C, D, E, A, R(34) );
P( A, B, C, D, E, R(35) );
P( E, A, B, C, D, R(36) );
P( D, E, A, B, C, R(37) );
P( C, D, E, A, B, R(38) );
P( B, C, D, E, A, R(39) );
#undef K
#undef F
#define F(x,y,z) ((x & y) | (z & (x | y)))
#define K 0x8F1BBCDC
P( A, B, C, D, E, R(40) );
P( E, A, B, C, D, R(41) );
P( D, E, A, B, C, R(42) );
P( C, D, E, A, B, R(43) );
P( B, C, D, E, A, R(44) );
P( A, B, C, D, E, R(45) );
P( E, A, B, C, D, R(46) );
P( D, E, A, B, C, R(47) );
P( C, D, E, A, B, R(48) );
P( B, C, D, E, A, R(49) );
P( A, B, C, D, E, R(50) );
P( E, A, B, C, D, R(51) );
P( D, E, A, B, C, R(52) );
P( C, D, E, A, B, R(53) );
P( B, C, D, E, A, R(54) );
P( A, B, C, D, E, R(55) );
P( E, A, B, C, D, R(56) );
P( D, E, A, B, C, R(57) );
P( C, D, E, A, B, R(58) );
P( B, C, D, E, A, R(59) );
#undef K
#undef F
#define F(x,y,z) (x ^ y ^ z)
#define K 0xCA62C1D6
P( A, B, C, D, E, R(60) );
P( E, A, B, C, D, R(61) );
P( D, E, A, B, C, R(62) );
P( C, D, E, A, B, R(63) );
P( B, C, D, E, A, R(64) );
P( A, B, C, D, E, R(65) );
P( E, A, B, C, D, R(66) );
P( D, E, A, B, C, R(67) );
P( C, D, E, A, B, R(68) );
P( B, C, D, E, A, R(69) );
P( A, B, C, D, E, R(70) );
P( E, A, B, C, D, R(71) );
P( D, E, A, B, C, R(72) );
P( C, D, E, A, B, R(73) );
P( B, C, D, E, A, R(74) );
P( A, B, C, D, E, R(75) );
P( E, A, B, C, D, R(76) );
P( D, E, A, B, C, R(77) );
P( C, D, E, A, B, R(78) );
P( B, C, D, E, A, R(79) );
#undef K
#undef F
ctx->state[0] += A;
ctx->state[1] += B;
ctx->state[2] += C;
ctx->state[3] += D;
ctx->state[4] += E;
}
/*
* SHA-1 process buffer
*/
void sha1_update( sha1_context *ctx, unsigned char *input, int ilen )
{
int fill;
unsigned long left;
if( ilen <= 0 )
return;
left = ctx->total[0] & 0x3F;
fill = 64 - left;
ctx->total[0] += ilen;
ctx->total[0] &= 0xFFFFFFFF;
if( ctx->total[0] < (unsigned long) ilen )
ctx->total[1]++;
if( left && ilen >= fill )
{
MEMCPY( (void *) (ctx->buffer + left),
(void *) input, fill );
sha1_process( ctx, ctx->buffer );
input += fill;
ilen -= fill;
left = 0;
}
while( ilen >= 64 )
{
sha1_process( ctx, input );
input += 64;
ilen -= 64;
}
if( ilen > 0 )
{
MEMCPY( (void *) (ctx->buffer + left),
(void *) input, ilen );
}
}
static const unsigned char sha1_padding[64] =
{
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
/*
* SHA-1 final digest
*/
void sha1_finish( sha1_context *ctx, unsigned char output[20] )
{
unsigned long last, padn;
unsigned long high, low;
unsigned char msglen[8];
high = ( ctx->total[0] >> 29 )
| ( ctx->total[1] << 3 );
low = ( ctx->total[0] << 3 );
PUT_ULONG_BE( high, msglen, 0 );
PUT_ULONG_BE( low, msglen, 4 );
last = ctx->total[0] & 0x3F;
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
sha1_update( ctx, (unsigned char *) sha1_padding, padn );
sha1_update( ctx, msglen, 8 );
PUT_ULONG_BE( ctx->state[0], output, 0 );
PUT_ULONG_BE( ctx->state[1], output, 4 );
PUT_ULONG_BE( ctx->state[2], output, 8 );
PUT_ULONG_BE( ctx->state[3], output, 12 );
PUT_ULONG_BE( ctx->state[4], output, 16 );
}
/*
* output = SHA-1( input buffer )
*/
void sha1( unsigned char *input, int ilen, unsigned char output[20] )
{
sha1_context ctx;
sha1_starts( &ctx );
sha1_update( &ctx, input, ilen );
sha1_finish( &ctx, output );
}
#endif /* LWIP_INCLUDED_POLARSSL_SHA1 */

3693
src/netif/ppp/ppp.c
View File

File diff suppressed because it is too large Load Diff

201
src/netif/ppp/ppp.h
View File

@ -1,201 +0,0 @@
/*****************************************************************************
* ppp.h - Network Point to Point Protocol header file.
*
* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
* portions Copyright (c) 1997 Global Election Systems Inc.
*
* The authors hereby grant permission to use, copy, modify, distribute,
* and license this software and its documentation for any purpose, provided
* that existing copyright notices are retained in all copies and that this
* notice and the following disclaimer are included verbatim in any
* distributions. No written agreement, license, or royalty fee is required
* for any of the authorized uses.
*
* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
******************************************************************************
* REVISION HISTORY
*
* 03-01-01 Marc Boucher <marc@mbsi.ca>
* Ported to lwIP.
* 97-11-05 Guy Lancaster <glanca@gesn.com>, Global Election Systems Inc.
* Original derived from BSD codes.
*****************************************************************************/
#ifndef PPP_H
#define PPP_H
#include "lwip/opt.h"
#if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#include "lwip/def.h"
#include "lwip/sio.h"
#include "lwip/stats.h"
#include "lwip/mem.h"
#include "lwip/netif.h"
#include "lwip/sys.h"
#include "lwip/timers.h"
#ifndef __u_char_defined
/* Type definitions for BSD code. */
typedef unsigned long u_long;
typedef unsigned int u_int;
typedef unsigned short u_short;
typedef unsigned char u_char;
#endif
/*************************
*** PUBLIC DEFINITIONS ***
*************************/
/* Error codes. */
#define PPPERR_NONE 0 /* No error. */
#define PPPERR_PARAM -1 /* Invalid parameter. */
#define PPPERR_OPEN -2 /* Unable to open PPP session. */
#define PPPERR_DEVICE -3 /* Invalid I/O device for PPP. */
#define PPPERR_ALLOC -4 /* Unable to allocate resources. */
#define PPPERR_USER -5 /* User interrupt. */
#define PPPERR_CONNECT -6 /* Connection lost. */
#define PPPERR_AUTHFAIL -7 /* Failed authentication challenge. */
#define PPPERR_PROTOCOL -8 /* Failed to meet protocol. */
/*
* PPP IOCTL commands.
*/
/*
* Get the up status - 0 for down, non-zero for up. The argument must
* point to an int.
*/
#define PPPCTLG_UPSTATUS 100 /* Get the up status - 0 down else up */
#define PPPCTLS_ERRCODE 101 /* Set the error code */
#define PPPCTLG_ERRCODE 102 /* Get the error code */
#define PPPCTLG_FD 103 /* Get the fd associated with the ppp */
/************************
*** PUBLIC DATA TYPES ***
************************/
struct ppp_addrs {
ip_addr_t our_ipaddr, his_ipaddr, netmask, dns1, dns2;
};
/***********************
*** PUBLIC FUNCTIONS ***
***********************/
/* Initialize the PPP subsystem. */
void pppInit(void);
/* Warning: Using PPPAUTHTYPE_ANY might have security consequences.
* RFC 1994 says:
*
* In practice, within or associated with each PPP server, there is a
* database which associates "user" names with authentication
* information ("secrets"). It is not anticipated that a particular
* named user would be authenticated by multiple methods. This would
* make the user vulnerable to attacks which negotiate the least secure
* method from among a set (such as PAP rather than CHAP). If the same
* secret was used, PAP would reveal the secret to be used later with
* CHAP.
*
* Instead, for each user name there should be an indication of exactly
* one method used to authenticate that user name. If a user needs to
* make use of different authentication methods under different
* circumstances, then distinct user names SHOULD be employed, each of
* which identifies exactly one authentication method.
*
*/
enum pppAuthType {
PPPAUTHTYPE_NONE,
PPPAUTHTYPE_ANY,
PPPAUTHTYPE_PAP,
PPPAUTHTYPE_CHAP
};
void pppSetAuth(enum pppAuthType authType, const char *user, const char *passwd);
/* Link status callback function prototype */
typedef void (*pppLinkStatusCB_fn)(void *ctx, int errCode, void *arg);
#if PPPOS_SUPPORT
/*
* Open a new PPP connection using the given serial I/O device.
* This initializes the PPP control block but does not
* attempt to negotiate the LCP session.
* Return a new PPP connection descriptor on success or
* an error code (negative) on failure.
*/
int pppOverSerialOpen(sio_fd_t fd, pppLinkStatusCB_fn linkStatusCB, void *linkStatusCtx);
#endif /* PPPOS_SUPPORT */
#if PPPOE_SUPPORT
/*
* Open a new PPP Over Ethernet (PPPOE) connection.
*/
int pppOverEthernetOpen(struct netif *ethif, const char *service_name, const char *concentrator_name,
pppLinkStatusCB_fn linkStatusCB, void *linkStatusCtx);
#endif /* PPPOE_SUPPORT */
/* for source code compatibility */
#define pppOpen(fd,cb,ls) pppOverSerialOpen(fd,cb,ls)
/*
* Close a PPP connection and release the descriptor.
* Any outstanding packets in the queues are dropped.
* Return 0 on success, an error code on failure.
*/
int pppClose(int pd);
/*
* Indicate to the PPP process that the line has disconnected.
*/
void pppSigHUP(int pd);
/*
* Get and set parameters for the given connection.
* Return 0 on success, an error code on failure.
*/
int pppIOCtl(int pd, int cmd, void *arg);
/*
* Return the Maximum Transmission Unit for the given PPP connection.
*/
u_short pppMTU(int pd);
#if PPPOS_SUPPORT && !PPP_INPROC_OWNTHREAD
/*
* PPP over Serial: this is the input function to be called for received data.
* If PPP_INPROC_OWNTHREAD==1, a seperate input thread using the blocking
* sio_read() is used, so this is deactivated.
*/
void pppos_input(int pd, u_char* data, int len);
#endif /* PPPOS_SUPPORT && !PPP_INPROC_OWNTHREAD */
#if LWIP_NETIF_STATUS_CALLBACK
/* Set an lwIP-style status-callback for the selected PPP device */
void ppp_set_netif_statuscallback(int pd, netif_status_callback_fn status_callback);
#endif /* LWIP_NETIF_STATUS_CALLBACK */
#if LWIP_NETIF_LINK_CALLBACK
/* Set an lwIP-style link-callback for the selected PPP device */
void ppp_set_netif_linkcallback(int pd, netif_status_callback_fn link_callback);
#endif /* LWIP_NETIF_LINK_CALLBACK */
#endif /* PPP_SUPPORT */
#endif /* PPP_H */

363
src/netif/ppp/ppp_impl.h
View File

@ -1,363 +0,0 @@
/*****************************************************************************
* ppp.h - Network Point to Point Protocol header file.
*
* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
* portions Copyright (c) 1997 Global Election Systems Inc.
*
* The authors hereby grant permission to use, copy, modify, distribute,
* and license this software and its documentation for any purpose, provided
* that existing copyright notices are retained in all copies and that this
* notice and the following disclaimer are included verbatim in any
* distributions. No written agreement, license, or royalty fee is required
* for any of the authorized uses.
*
* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
******************************************************************************
* REVISION HISTORY
*
* 03-01-01 Marc Boucher <marc@mbsi.ca>
* Ported to lwIP.
* 97-11-05 Guy Lancaster <glanca@gesn.com>, Global Election Systems Inc.
* Original derived from BSD codes.
*****************************************************************************/
#ifndef PPP_IMPL_H
#define PPP_IMPL_H
#include "lwip/opt.h"
#if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#include "ppp.h"
#include "lwip/def.h"
#include "lwip/sio.h"
#include "lwip/stats.h"
#include "lwip/mem.h"
#include "lwip/netif.h"
#include "lwip/sys.h"
#include "lwip/timers.h"
/** Some defines for code we skip compared to the original pppd.
* These are just here to minimise the use of the ugly "#if 0". */
#define PPP_ADDITIONAL_CALLBACKS 0
/** Some error checks to test for unsupported code */
#if CBCP_SUPPORT
#error "CBCP is not supported in lwIP PPP"
#endif
#if CCP_SUPPORT
#error "CCP is not supported in lwIP PPP"
#endif
/*
* pppd.h - PPP daemon global declarations.
*
* Copyright (c) 1989 Carnegie Mellon University.
* All rights reserved.
*
* Redistribution and use in source and binary forms are permitted
* provided that the above copyright notice and this paragraph are
* duplicated in all such forms and that any documentation,
* advertising materials, and other materials related to such
* distribution and use acknowledge that the software was developed
* by Carnegie Mellon University. The name of the
* University may not be used to endorse or promote products derived
* from this software without specific prior written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
*/
/*
* ppp_defs.h - PPP definitions.
*
* Copyright (c) 1994 The Australian National University.
* All rights reserved.
*
* Permission to use, copy, modify, and distribute this software and its
* documentation is hereby granted, provided that the above copyright
* notice appears in all copies. This software is provided without any
* warranty, express or implied. The Australian National University
* makes no representations about the suitability of this software for
* any purpose.
*
* IN NO EVENT SHALL THE AUSTRALIAN NATIONAL UNIVERSITY BE LIABLE TO ANY
* PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES
* ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF
* THE AUSTRALIAN NATIONAL UNIVERSITY HAVE BEEN ADVISED OF THE POSSIBILITY
* OF SUCH DAMAGE.
*
* THE AUSTRALIAN NATIONAL UNIVERSITY SPECIFICALLY DISCLAIMS ANY WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS
* ON AN "AS IS" BASIS, AND THE AUSTRALIAN NATIONAL UNIVERSITY HAS NO
* OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS,
* OR MODIFICATIONS.
*/
#define TIMEOUT(f, a, t) do { sys_untimeout((f), (a)); sys_timeout((t)*1000, (f), (a)); } while(0)
#define UNTIMEOUT(f, a) sys_untimeout((f), (a))
/*
* Constants and structures defined by the internet system,
* Per RFC 790, September 1981, and numerous additions.
*/
/*
* The basic PPP frame.
*/
#define PPP_HDRLEN 4 /* octets for standard ppp header */
#define PPP_FCSLEN 2 /* octets for FCS */
/*
* Significant octet values.
*/
#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */
#define PPP_UI 0x03 /* Unnumbered Information */
#define PPP_FLAG 0x7e /* Flag Sequence */
#define PPP_ESCAPE 0x7d /* Asynchronous Control Escape */
#define PPP_TRANS 0x20 /* Asynchronous transparency modifier */
/*
* Protocol field values.
*/
#define PPP_IP 0x21 /* Internet Protocol */
#define PPP_AT 0x29 /* AppleTalk Protocol */
#define PPP_VJC_COMP 0x2d /* VJ compressed TCP */
#define PPP_VJC_UNCOMP 0x2f /* VJ uncompressed TCP */
#define PPP_COMP 0xfd /* compressed packet */
#define PPP_IPCP 0x8021 /* IP Control Protocol */
#define PPP_ATCP 0x8029 /* AppleTalk Control Protocol */
#define PPP_CCP 0x80fd /* Compression Control Protocol */
#define PPP_LCP 0xc021 /* Link Control Protocol */
#define PPP_PAP 0xc023 /* Password Authentication Protocol */
#define PPP_LQR 0xc025 /* Link Quality Report protocol */
#define PPP_CHAP 0xc223 /* Cryptographic Handshake Auth. Protocol */
#define PPP_CBCP 0xc029 /* Callback Control Protocol */
/*
* Values for FCS calculations.
*/
#define PPP_INITFCS 0xffff /* Initial FCS value */
#define PPP_GOODFCS 0xf0b8 /* Good final FCS value */
#define PPP_FCS(fcs, c) (((fcs) >> 8) ^ fcstab[((fcs) ^ (c)) & 0xff])
/*
* Extended asyncmap - allows any character to be escaped.
*/
typedef u_char ext_accm[32];
/*
* What to do with network protocol (NP) packets.
*/
enum NPmode {
NPMODE_PASS, /* pass the packet through */
NPMODE_DROP, /* silently drop the packet */
NPMODE_ERROR, /* return an error */
NPMODE_QUEUE /* save it up for later. */
};
/*
* Inline versions of get/put char/short/long.
* Pointer is advanced; we assume that both arguments
* are lvalues and will already be in registers.
* cp MUST be u_char *.
*/
#define GETCHAR(c, cp) { \
(c) = *(cp)++; \
}
#define PUTCHAR(c, cp) { \
*(cp)++ = (u_char) (c); \
}
#define GETSHORT(s, cp) { \
(s) = *(cp); (cp)++; (s) <<= 8; \
(s) |= *(cp); (cp)++; \
}
#define PUTSHORT(s, cp) { \
*(cp)++ = (u_char) ((s) >> 8); \
*(cp)++ = (u_char) (s & 0xff); \
}
#define GETLONG(l, cp) { \
(l) = *(cp); (cp)++; (l) <<= 8; \
(l) |= *(cp); (cp)++; (l) <<= 8; \
(l) |= *(cp); (cp)++; (l) <<= 8; \
(l) |= *(cp); (cp)++; \
}
#define PUTLONG(l, cp) { \
*(cp)++ = (u_char) ((l) >> 24); \
*(cp)++ = (u_char) ((l) >> 16); \
*(cp)++ = (u_char) ((l) >> 8); \
*(cp)++ = (u_char) (l); \
}
#define INCPTR(n, cp) ((cp) += (n))
#define DECPTR(n, cp) ((cp) -= (n))
#define BCMP(s0, s1, l) memcmp((u_char *)(s0), (u_char *)(s1), (l))
#define BCOPY(s, d, l) MEMCPY((d), (s), (l))
#define BZERO(s, n) memset(s, 0, n)
#if PPP_DEBUG
#define PRINTMSG(m, l) { m[l] = '\0'; LWIP_DEBUGF(LOG_INFO, ("Remote message: %s\n", m)); }
#else /* PPP_DEBUG */
#define PRINTMSG(m, l)
#endif /* PPP_DEBUG */
/*
* MAKEHEADER - Add PPP Header fields to a packet.
*/
#define MAKEHEADER(p, t) { \
PUTCHAR(PPP_ALLSTATIONS, p); \
PUTCHAR(PPP_UI, p); \
PUTSHORT(t, p); }
/************************
*** PUBLIC DATA TYPES ***
************************/
/*
* The following struct gives the addresses of procedures to call
* for a particular protocol.
*/
struct protent {
u_short protocol; /* PPP protocol number */
/* Initialization procedure */
void (*init) (int unit);
/* Process a received packet */
void (*input) (int unit, u_char *pkt, int len);
/* Process a received protocol-reject */
void (*protrej) (int unit);
/* Lower layer has come up */
void (*lowerup) (int unit);
/* Lower layer has gone down */
void (*lowerdown) (int unit);
/* Open the protocol */
void (*open) (int unit);
/* Close the protocol */
void (*close) (int unit, char *reason);
#if PPP_ADDITIONAL_CALLBACKS
/* Print a packet in readable form */
int (*printpkt) (u_char *pkt, int len,
void (*printer) (void *, char *, ...),
void *arg);
/* Process a received data packet */
void (*datainput) (int unit, u_char *pkt, int len);
#endif /* PPP_ADDITIONAL_CALLBACKS */
int enabled_flag; /* 0 if protocol is disabled */
char *name; /* Text name of protocol */
#if PPP_ADDITIONAL_CALLBACKS
/* Check requested options, assign defaults */
void (*check_options) (u_long);
/* Configure interface for demand-dial */
int (*demand_conf) (int unit);
/* Say whether to bring up link for this pkt */
int (*active_pkt) (u_char *pkt, int len);
#endif /* PPP_ADDITIONAL_CALLBACKS */
};
/*
* The following structure records the time in seconds since
* the last NP packet was sent or received.
*/
struct ppp_idle {
u_short xmit_idle; /* seconds since last NP packet sent */
u_short recv_idle; /* seconds since last NP packet received */
};
struct ppp_settings {
u_int disable_defaultip : 1; /* Don't use hostname for default IP addrs */
u_int auth_required : 1; /* Peer is required to authenticate */
u_int explicit_remote : 1; /* remote_name specified with remotename opt */
u_int refuse_pap : 1; /* Don't wanna auth. ourselves with PAP */
u_int refuse_chap : 1; /* Don't wanna auth. ourselves with CHAP */
u_int usehostname : 1; /* Use hostname for our_name */
u_int usepeerdns : 1; /* Ask peer for DNS adds */
u_short idle_time_limit; /* Shut down link if idle for this long */
int maxconnect; /* Maximum connect time (seconds) */
char user [MAXNAMELEN + 1]; /* Username for PAP */
char passwd [MAXSECRETLEN + 1]; /* Password for PAP, secret for CHAP */
char our_name [MAXNAMELEN + 1]; /* Our name for authentication purposes */
char remote_name[MAXNAMELEN + 1]; /* Peer's name for authentication */
};
/*****************************
*** PUBLIC DATA STRUCTURES ***
*****************************/
/* Buffers for outgoing packets. */
extern u_char outpacket_buf[NUM_PPP][PPP_MRU+PPP_HDRLEN];
extern struct ppp_settings ppp_settings;
extern struct protent *ppp_protocols[]; /* Table of pointers to supported protocols */
/***********************
*** PUBLIC FUNCTIONS ***
***********************/
/*
* Write n characters to a ppp link.
* RETURN: >= 0 Number of characters written, -1 Failed to write to device.
*/
int pppWrite(int pd, const u_char *s, int n);
void pppInProcOverEthernet(int pd, struct pbuf *pb);
struct pbuf *pppSingleBuf(struct pbuf *p);
void pppLinkTerminated(int pd);
void pppLinkDown(int pd);
/* Configure i/f transmit parameters */
void ppp_send_config (int, u16_t, u32_t, int, int);
/* Set extended transmit ACCM */
void ppp_set_xaccm (int, ext_accm *);
/* Configure i/f receive parameters */
void ppp_recv_config (int, int, u32_t, int, int);
/* Find out how long link has been idle */
int get_idle_time (int, struct ppp_idle *);
/* Configure VJ TCP header compression */
int sifvjcomp (int, int, u8_t, u8_t);
/* Configure i/f down (for IP) */
int sifup (int);
/* Set mode for handling packets for proto */
int sifnpmode (int u, int proto, enum NPmode mode);
/* Configure i/f down (for IP) */
int sifdown (int);
/* Configure IP addresses for i/f */
int sifaddr (int, u32_t, u32_t, u32_t, u32_t, u32_t);
/* Reset i/f IP addresses */
int cifaddr (int, u32_t, u32_t);
/* Create default route through i/f */
int sifdefaultroute (int, u32_t, u32_t);
/* Delete default route through i/f */
int cifdefaultroute (int, u32_t, u32_t);
/* Get appropriate netmask for address */
u32_t GetMask (u32_t);
#endif /* PPP_SUPPORT */
#endif /* PPP_IMPL_H */

66
src/netif/ppp/pppcrypt.c Normal file
View File

@ -0,0 +1,66 @@
/*
* pppcrypt.c - PPP/DES linkage for MS-CHAP and EAP SRP-SHA1
*
* Extracted from chap_ms.c by James Carlson.
*
* Copyright (c) 1995 Eric Rosenquist. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The name(s) of the authors of this software must not be used to
* endorse or promote products derived from this software without
* prior written permission.
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
* SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && MSCHAP_SUPPORT /* don't build if not necessary */
#include "netif/ppp/ppp_impl.h"
#include "netif/ppp/pppcrypt.h"
static u_char pppcrypt_get_7bits(u_char *input, int startBit) {
unsigned int word;
word = (unsigned)input[startBit / 8] << 8;
word |= (unsigned)input[startBit / 8 + 1];
word >>= 15 - (startBit % 8 + 7);
return word & 0xFE;
}
/* IN 56 bit DES key missing parity bits
* OUT 64 bit DES key with parity bits added
*/
void pppcrypt_56_to_64_bit_key(u_char *key, u_char * des_key) {
des_key[0] = pppcrypt_get_7bits(key, 0);
des_key[1] = pppcrypt_get_7bits(key, 7);
des_key[2] = pppcrypt_get_7bits(key, 14);
des_key[3] = pppcrypt_get_7bits(key, 21);
des_key[4] = pppcrypt_get_7bits(key, 28);
des_key[5] = pppcrypt_get_7bits(key, 35);
des_key[6] = pppcrypt_get_7bits(key, 42);
des_key[7] = pppcrypt_get_7bits(key, 49);
}
#endif /* PPP_SUPPORT && MSCHAP_SUPPORT */

289
src/netif/ppp/ppp_oe.c → src/netif/ppp/pppoe.c
View File

@ -1,5 +1,5 @@
/*****************************************************************************
* ppp_oe.c - PPP Over Ethernet implementation for lwIP.
* pppoe.c - PPP Over Ethernet implementation for lwIP.
*
* Copyright (c) 2006 by Marc Boucher, Services Informatiques (MBSI) inc.
*
@ -69,20 +69,19 @@
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && PPPOE_SUPPORT /* don't build if not configured for use in lwipopts.h */
#if PPPOE_SUPPORT /* don't build if not configured for use in lwipopts.h */
#include "netif/ppp_oe.h"
#include "ppp_impl.h"
#include "pppdebug.h"
#if 0 /* UNUSED */
#include <string.h>
#include <stdio.h>
#endif /* UNUSED */
#include "lwip/timers.h"
#include "lwip/memp.h"
#include "lwip/stats.h"
#include <string.h>
#include <stdio.h>
#include "netif/ppp/ppp_impl.h"
#include "netif/ppp/pppoe.h"
/* Add a 16 bit unsigned value to a buffer pointed to by PTR */
#define PPPOE_ADD_16(PTR, VAL) \
@ -107,17 +106,14 @@
#define IFF_PASSIVE IFF_LINK0 /* wait passively for connection */
#endif
/* FIXME: we should probably remove that, this is only used for debug purposes */
#ifndef PPPOE_ERRORSTRING_LEN
#define PPPOE_ERRORSTRING_LEN 64
#endif
static char pppoe_error_tmp[PPPOE_ERRORSTRING_LEN];
/* input routines */
static void pppoe_dispatch_disc_pkt(struct netif *, struct pbuf *);
/* management routines */
static int pppoe_do_disconnect(struct pppoe_softc *);
static void pppoe_abort_connect(struct pppoe_softc *);
static void pppoe_clear_softc(struct pppoe_softc *, const char *);
@ -134,14 +130,14 @@ static err_t pppoe_send_pads(struct pppoe_softc *);
static err_t pppoe_send_padt(struct netif *, u_int, const u8_t *);
/* internal helper functions */
static struct pppoe_softc * pppoe_find_softc_by_session(u_int, struct netif *);
static struct pppoe_softc * pppoe_find_softc_by_hunique(u8_t *, size_t, struct netif *);
static struct pppoe_softc* pppoe_find_softc_by_session(u_int session, struct netif *rcvif);
static struct pppoe_softc* pppoe_find_softc_by_hunique(u8_t *token, size_t len, struct netif *rcvif);
/** linked list of created pppoe interfaces */
static struct pppoe_softc *pppoe_softc_list;
err_t
pppoe_create(struct netif *ethif, int pd, void (*linkStatusCB)(int pd, int up), struct pppoe_softc **scptr)
pppoe_create(struct netif *ethif, ppp_pcb *pcb, void (*link_status_cb)(ppp_pcb *pcb, int up), struct pppoe_softc **scptr)
{
struct pppoe_softc *sc;
@ -155,8 +151,8 @@ pppoe_create(struct netif *ethif, int pd, void (*linkStatusCB)(int pd, int up),
/* changed to real address later */
MEMCPY(&sc->sc_dest, ethbroadcast.addr, sizeof(sc->sc_dest));
sc->sc_pd = pd;
sc->sc_linkStatusCB = linkStatusCB;
sc->pcb = pcb;
sc->sc_link_status_cb = link_status_cb;
sc->sc_ethif = ethif;
/* put the new interface at the head of the list */
@ -169,17 +165,18 @@ pppoe_create(struct netif *ethif, int pd, void (*linkStatusCB)(int pd, int up),
}
err_t
pppoe_destroy(struct netif *ifp)
pppoe_destroy(struct pppoe_softc *sc)
{
struct pppoe_softc *sc, *prev = NULL;
struct pppoe_softc *cur, *prev = NULL;
for (sc = pppoe_softc_list; sc != NULL; prev = sc, sc = sc->next) {
if (sc->sc_ethif == ifp) {
/* find previous linked list entry */
for (cur = pppoe_softc_list; cur != NULL; prev = cur, cur = cur->next) {
if (sc == cur) {
break;
}
}
if(!(sc && (sc->sc_ethif == ifp))) {
if (cur != sc) {
return ERR_IF;
}
@ -211,9 +208,7 @@ pppoe_destroy(struct netif *ifp)
* and lean implementation, so number of open sessions typically should
* be 1.
*/
static struct pppoe_softc *
pppoe_find_softc_by_session(u_int session, struct netif *rcvif)
{
static struct pppoe_softc* pppoe_find_softc_by_session(u_int session, struct netif *rcvif) {
struct pppoe_softc *sc;
if (session == 0) {
@ -222,22 +217,17 @@ pppoe_find_softc_by_session(u_int session, struct netif *rcvif)
for (sc = pppoe_softc_list; sc != NULL; sc = sc->next) {
if (sc->sc_state == PPPOE_STATE_SESSION
&& sc->sc_session == session) {
if (sc->sc_ethif == rcvif) {
return sc;
} else {
return NULL;
&& sc->sc_session == session
&& sc->sc_ethif == rcvif) {
return sc;
}
}
}
return NULL;
}
/* Check host unique token passed and return appropriate softc pointer,
* or NULL if token is bogus. */
static struct pppoe_softc *
pppoe_find_softc_by_hunique(u8_t *token, size_t len, struct netif *rcvif)
{
static struct pppoe_softc* pppoe_find_softc_by_hunique(u8_t *token, size_t len, struct netif *rcvif) {
struct pppoe_softc *sc, *t;
if (pppoe_softc_list == NULL) {
@ -262,13 +252,13 @@ pppoe_find_softc_by_hunique(u8_t *token, size_t len, struct netif *rcvif)
/* should be safe to access *sc now */
if (sc->sc_state < PPPOE_STATE_PADI_SENT || sc->sc_state >= PPPOE_STATE_SESSION) {
printf("%c%c%"U16_F": host unique tag found, but it belongs to a connection in state %d\n",
sc->sc_ethif->name[0], sc->sc_ethif->name[1], sc->sc_ethif->num, sc->sc_state);
PPPDEBUG(LOG_DEBUG, ("%c%c%"U16_F": host unique tag found, but it belongs to a connection in state %d\n",
sc->sc_ethif->name[0], sc->sc_ethif->name[1], sc->sc_ethif->num, sc->sc_state));
return NULL;
}
if (sc->sc_ethif != rcvif) {
printf("%c%c%"U16_F": wrong interface, not accepting host unique\n",
sc->sc_ethif->name[0], sc->sc_ethif->name[1], sc->sc_ethif->num);
PPPDEBUG(LOG_DEBUG, ("%c%c%"U16_F": wrong interface, not accepting host unique\n",
sc->sc_ethif->name[0], sc->sc_ethif->name[1], sc->sc_ethif->num));
return NULL;
}
return sc;
@ -277,12 +267,12 @@ pppoe_find_softc_by_hunique(u8_t *token, size_t len, struct netif *rcvif)
static void
pppoe_linkstatus_up(struct pppoe_softc *sc)
{
sc->sc_linkStatusCB(sc->sc_pd, 1);
sc->sc_link_status_cb(sc->pcb, PPPOE_CB_STATE_UP);
}
/* analyze and handle a single received packet while not in session state */
static void
pppoe_dispatch_disc_pkt(struct netif *netif, struct pbuf *pb)
void
pppoe_disc_input(struct netif *netif, struct pbuf *pb)
{
u16_t tag, len;
u16_t session, plen;
@ -297,14 +287,19 @@ pppoe_dispatch_disc_pkt(struct netif *netif, struct pbuf *pb)
#endif
struct pppoehdr *ph;
struct pppoetag pt;
int off, err, errortag;
int off, err;
struct eth_hdr *ethhdr;
pb = pppSingleBuf(pb);
/* don't do anything if there is not a single PPPoE instance */
if (pppoe_softc_list == NULL) {
pbuf_free(pb);
return;
}
pb = ppp_singlebuf(pb);
strcpy(devname, "pppoe"); /* as long as we don't know which instance */
err_msg = NULL;
errortag = 0;
if (pb->len < sizeof(*ethhdr)) {
goto done;
}
@ -319,13 +314,13 @@ pppoe_dispatch_disc_pkt(struct netif *netif, struct pbuf *pb)
#endif
session = 0;
if (pb->len - off < PPPOE_HEADERLEN) {
printf("pppoe: packet too short: %d\n", pb->len);
PPPDEBUG(LOG_DEBUG, ("pppoe: packet too short: %d\n", pb->len));
goto done;
}
ph = (struct pppoehdr *) (ethhdr + 1);
if (ph->vertype != PPPOE_VERTYPE) {
printf("pppoe: unknown version/type packet: 0x%x\n", ph->vertype);
PPPDEBUG(LOG_DEBUG, ("pppoe: unknown version/type packet: 0x%x\n", ph->vertype));
goto done;
}
session = ntohs(ph->session);
@ -333,8 +328,8 @@ pppoe_dispatch_disc_pkt(struct netif *netif, struct pbuf *pb)
off += sizeof(*ph);
if (plen + off > pb->len) {
printf("pppoe: packet content does not fit: data available = %d, packet size = %u\n",
pb->len - off, plen);
PPPDEBUG(LOG_DEBUG, ("pppoe: packet content does not fit: data available = %d, packet size = %u\n",
pb->len - off, plen));
goto done;
}
if(pb->tot_len == pb->len) {
@ -348,7 +343,7 @@ pppoe_dispatch_disc_pkt(struct netif *netif, struct pbuf *pb)
tag = ntohs(pt.tag);
len = ntohs(pt.len);
if (off + sizeof(pt) + len > pb->len) {
printf("pppoe: tag 0x%x len 0x%x is too long\n", tag, len);
PPPDEBUG(LOG_DEBUG, ("pppoe: tag 0x%x len 0x%x is too long\n", tag, len));
goto done;
}
switch (tag) {
@ -368,7 +363,10 @@ pppoe_dispatch_disc_pkt(struct netif *netif, struct pbuf *pb)
#endif
sc = pppoe_find_softc_by_hunique((u8_t*)pb->payload + off + sizeof(pt), len, netif);
if (sc != NULL) {
snprintf(devname, sizeof(devname), "%c%c%"U16_F, sc->sc_ethif->name[0], sc->sc_ethif->name[1], sc->sc_ethif->num);
devname[0] = sc->sc_ethif->name[0];
devname[1] = sc->sc_ethif->name[1];
devname[2] = sc->sc_ethif->num;
devname[3] = '\0';
}
break;
case PPPOE_TAG_ACCOOKIE:
@ -379,28 +377,22 @@ pppoe_dispatch_disc_pkt(struct netif *netif, struct pbuf *pb)
break;
case PPPOE_TAG_SNAME_ERR:
err_msg = "SERVICE NAME ERROR";
errortag = 1;
break;
case PPPOE_TAG_ACSYS_ERR:
err_msg = "AC SYSTEM ERROR";
errortag = 1;
break;
case PPPOE_TAG_GENERIC_ERR:
err_msg = "GENERIC ERROR";
errortag = 1;
break;
}
if (err_msg) {
if (errortag && len) {
if (NULL != err_msg) {
if (len) {
u16_t error_len = LWIP_MIN(len, sizeof(pppoe_error_tmp)-1);
strncpy(pppoe_error_tmp, (char*)pb->payload + off + sizeof(pt), error_len);
pppoe_error_tmp[error_len-1] = '\0';
printf("%s: %s: %s\n", devname, err_msg, pppoe_error_tmp);
pppoe_error_tmp[error_len] = '\0';
PPPDEBUG(LOG_DEBUG, ("%s: %s: %s\n", devname, err_msg, pppoe_error_tmp));
} else {
printf("%s: %s\n", devname, err_msg);
}
if (errortag) {
goto done;
PPPDEBUG(LOG_DEBUG, ("%s: %s\n", devname, err_msg));
}
}
off += sizeof(pt) + len;
@ -429,7 +421,7 @@ breakbreak:;
}
}
if (sc == NULL) {
/* printf("pppoe: free passive interface is not found\n"); */
/* PPPDEBUG(LOG_DEBUG, ("pppoe: free passive interface is not found\n")); */
goto done;
}
if (hunique) {
@ -455,19 +447,19 @@ breakbreak:;
*/
if (ac_cookie == NULL) {
/* be quiet if there is not a single pppoe instance */
printf("pppoe: received PADR but not includes ac_cookie\n");
PPPDEBUG(LOG_DEBUG, ("pppoe: received PADR but not includes ac_cookie\n"));
goto done;
}
sc = pppoe_find_softc_by_hunique(ac_cookie, ac_cookie_len, netif);
if (sc == NULL) {
/* be quiet if there is not a single pppoe instance */
if (!LIST_EMPTY(&pppoe_softc_list)) {
printf("pppoe: received PADR but could not find request for it\n");
PPPDEBUG(LOG_DEBUG, ("pppoe: received PADR but could not find request for it\n"));
}
goto done;
}
if (sc->sc_state != PPPOE_STATE_PADO_SENT) {
printf("%c%c%"U16_F": received unexpected PADR\n", sc->sc_ethif->name[0], sc->sc_ethif->name[1], sc->sc_ethif->num);
PPPDEBUG(LOG_DEBUG, ("%c%c%"U16_F": received unexpected PADR\n", sc->sc_ethif->name[0], sc->sc_ethif->name[1], sc->sc_ethif->num));
goto done;
}
if (hunique) {
@ -493,12 +485,12 @@ breakbreak:;
if (sc == NULL) {
/* be quiet if there is not a single pppoe instance */
if (pppoe_softc_list != NULL) {
printf("pppoe: received PADO but could not find request for it\n");
PPPDEBUG(LOG_DEBUG, ("pppoe: received PADO but could not find request for it\n"));
}
goto done;
}
if (sc->sc_state != PPPOE_STATE_PADI_SENT) {
printf("%c%c%"U16_F": received unexpected PADO\n", sc->sc_ethif->name[0], sc->sc_ethif->name[1], sc->sc_ethif->num);
PPPDEBUG(LOG_DEBUG, ("%c%c%"U16_F": received unexpected PADO\n", sc->sc_ethif->name[0], sc->sc_ethif->name[1], sc->sc_ethif->num));
goto done;
}
if (ac_cookie) {
@ -532,11 +524,11 @@ breakbreak:;
break;
default:
if(sc) {
printf("%c%c%"U16_F": unknown code (0x%"X16_F") session = 0x%"X16_F"\n",
PPPDEBUG(LOG_DEBUG, ("%c%c%"U16_F": unknown code (0x%"X16_F") session = 0x%"X16_F"\n",
sc->sc_ethif->name[0], sc->sc_ethif->name[1], sc->sc_ethif->num,
(u16_t)ph->code, session);
(u16_t)ph->code, session));
} else {
printf("pppoe: unknown code (0x%"X16_F") session = 0x%"X16_F"\n", (u16_t)ph->code, session);
PPPDEBUG(LOG_DEBUG, ("pppoe: unknown code (0x%"X16_F") session = 0x%"X16_F"\n", (u16_t)ph->code, session));
}
break;
}
@ -546,17 +538,6 @@ done:
return;
}
void
pppoe_disc_input(struct netif *netif, struct pbuf *p)
{
/* avoid error messages if there is not a single pppoe instance */
if (pppoe_softc_list != NULL) {
pppoe_dispatch_disc_pkt(netif, p);
} else {
pbuf_free(p);
}
}
void
pppoe_data_input(struct netif *netif, struct pbuf *pb)
{
@ -577,21 +558,21 @@ pppoe_data_input(struct netif *netif, struct pbuf *pb)
goto drop;
}
pb = pppSingleBuf (pb);
pb = ppp_singlebuf (pb);
if (pb->len <= PPPOE_HEADERLEN) {
printf("pppoe (data): dropping too short packet: %d bytes\n", pb->len);
PPPDEBUG(LOG_DEBUG, ("pppoe (data): dropping too short packet: %d bytes\n", pb->len));
goto drop;
}
if (pb->len < sizeof(*ph)) {
printf("pppoe_data_input: could not get PPPoE header\n");
PPPDEBUG(LOG_DEBUG, ("pppoe_data_input: could not get PPPoE header\n"));
goto drop;
}
ph = (struct pppoehdr *)pb->payload;
if (ph->vertype != PPPOE_VERTYPE) {
printf("pppoe (data): unknown version/type packet: 0x%x\n", ph->vertype);
PPPDEBUG(LOG_DEBUG, ("pppoe (data): unknown version/type packet: 0x%x\n", ph->vertype));
goto drop;
}
if (ph->code != 0) {
@ -602,7 +583,7 @@ pppoe_data_input(struct netif *netif, struct pbuf *pb)
sc = pppoe_find_softc_by_session(session, netif);
if (sc == NULL) {
#ifdef PPPOE_TERM_UNKNOWN_SESSIONS
printf("pppoe: input for unknown session 0x%x, sending PADT\n", session);
PPPDEBUG(LOG_DEBUG, ("pppoe: input for unknown session 0x%x, sending PADT\n", session));
pppoe_send_padt(netif, session, shost);
#endif
goto drop;
@ -625,8 +606,8 @@ pppoe_data_input(struct netif *netif, struct pbuf *pb)
goto drop;
}
pppInProcOverEthernet(sc->sc_pd, pb);
/* Dispatch the packet thereby consuming it. */
ppp_input(sc->pcb, pb);
return;
drop:
@ -645,11 +626,19 @@ pppoe_output(struct pppoe_softc *sc, struct pbuf *pb)
return ERR_IF;
}
/* make room for Ethernet header - should not fail */
if (pbuf_header(pb, (u16_t)(sizeof(struct eth_hdr))) != 0) {
/* bail out */
PPPDEBUG(LOG_ERR, ("pppoe: %c%c%"U16_F": pppoe_output: could not allocate room for Ethernet header\n", sc->sc_ethif->name[0], sc->sc_ethif->name[1], sc->sc_ethif->num));
LINK_STATS_INC(link.lenerr);
pbuf_free(pb);
return ERR_BUF;
}
ethhdr = (struct eth_hdr *)pb->payload;
etype = sc->sc_state == PPPOE_STATE_SESSION ? ETHTYPE_PPPOE : ETHTYPE_PPPOEDISC;
ethhdr->type = htons(etype);
MEMCPY(ethhdr->dest.addr, sc->sc_dest.addr, sizeof(ethhdr->dest.addr));
MEMCPY(ethhdr->src.addr, ((struct eth_addr *)sc->sc_ethif->hwaddr)->addr, sizeof(ethhdr->src.addr));
MEMCPY(&ethhdr->dest.addr, &sc->sc_dest.addr, sizeof(ethhdr->dest.addr));
MEMCPY(&ethhdr->src.addr, &sc->sc_ethif->hwaddr, sizeof(ethhdr->src.addr));
PPPDEBUG(LOG_DEBUG, ("pppoe: %c%c%"U16_F" (%x) state=%d, session=0x%x output -> %02"X16_F":%02"X16_F":%02"X16_F":%02"X16_F":%02"X16_F":%02"X16_F", len=%d\n",
sc->sc_ethif->name[0], sc->sc_ethif->name[1], sc->sc_ethif->num, etype,
@ -694,13 +683,13 @@ pppoe_send_padi(struct pppoe_softc *sc)
sizeof(struct eth_hdr) + PPPOE_HEADERLEN + len <= 0xffff);
/* allocate a buffer */
pb = pbuf_alloc(PBUF_LINK, (u16_t)(sizeof(struct eth_hdr) + PPPOE_HEADERLEN + len), PBUF_RAM);
pb = pbuf_alloc(PBUF_LINK, (u16_t)(PPPOE_HEADERLEN + len), PBUF_RAM);
if (!pb) {
return ERR_MEM;
}
LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len);
p = (u8_t*)pb->payload + sizeof (struct eth_hdr);
p = (u8_t*)pb->payload;
/* fill in pkt */
PPPOE_ADD_HEADER(p, PPPOE_CODE_PADI, 0, (u16_t)len);
PPPOE_ADD_16(p, PPPOE_TAG_SNAME);
@ -733,7 +722,8 @@ pppoe_send_padi(struct pppoe_softc *sc)
static void
pppoe_timeout(void *arg)
{
int retry_wait, err;
u32_t retry_wait;
int err;
struct pppoe_softc *sc = (struct pppoe_softc*)arg;
PPPDEBUG(LOG_DEBUG, ("pppoe: %c%c%"U16_F": timeout\n", sc->sc_ethif->name[0], sc->sc_ethif->name[1], sc->sc_ethif->num));
@ -749,12 +739,10 @@ pppoe_timeout(void *arg)
* We only enter slow retry mode if IFF_LINK1 (aka autodial)
* is not set.
*/
/* initialize for quick retry mode */
retry_wait = PPPOE_DISC_TIMEOUT * (1 + sc->sc_padi_retried);
sc->sc_padi_retried++;
if (sc->sc_padi_retried >= PPPOE_DISC_MAXPADI) {
if (sc->sc_padi_retried < 0xff) {
sc->sc_padi_retried++;
}
if (!sc->pcb->settings.persist && sc->sc_padi_retried >= PPPOE_DISC_MAXPADI) {
#if 0
if ((sc->sc_sppp.pp_if.if_flags & IFF_LINK1) == 0) {
/* slow retry mode */
@ -766,6 +754,8 @@ pppoe_timeout(void *arg)
return;
}
}
/* initialize for quick retry mode */
retry_wait = LWIP_MIN(PPPOE_DISC_TIMEOUT * sc->sc_padi_retried, PPPOE_SLOW_RETRY);
if ((err = pppoe_send_padi(sc)) != 0) {
sc->sc_padi_retried--;
PPPDEBUG(LOG_DEBUG, ("pppoe: %c%c%"U16_F": failed to transmit PADI, error=%d\n", sc->sc_ethif->name[0], sc->sc_ethif->name[1], sc->sc_ethif->num, err));
@ -791,9 +781,6 @@ pppoe_timeout(void *arg)
}
sys_timeout(PPPOE_DISC_TIMEOUT * (1 + sc->sc_padr_retried), pppoe_timeout, sc);
break;
case PPPOE_STATE_CLOSING:
pppoe_do_disconnect(sc);
break;
default:
return; /* all done, work in peace */
}
@ -809,6 +796,11 @@ pppoe_connect(struct pppoe_softc *sc)
return EBUSY;
}
/* stop any timer */
sys_untimeout(pppoe_timeout, sc);
sc->sc_session = 0;
sc->sc_padi_retried = 0;
sc->sc_padr_retried = 0;
#ifdef PPPOE_SERVER
/* wait PADI if IFF_PASSIVE */
if ((sc->sc_sppp.pp_if.if_flags & IFF_PASSIVE)) {
@ -817,9 +809,9 @@ pppoe_connect(struct pppoe_softc *sc)
#endif
/* save state, in case we fail to send PADI */
sc->sc_state = PPPOE_STATE_PADI_SENT;
sc->sc_padr_retried = 0;
err = pppoe_send_padi(sc);
PPPDEBUG(LOG_DEBUG, ("pppoe: %c%c%"U16_F": failed to send PADI, error=%d\n", sc->sc_ethif->name[0], sc->sc_ethif->name[1], sc->sc_ethif->num, err));
if ((err = pppoe_send_padi(sc)) != 0) {
PPPDEBUG(LOG_DEBUG, ("pppoe: %c%c%"U16_F": failed to send PADI, error=%d\n", sc->sc_ethif->name[0], sc->sc_ethif->name[1], sc->sc_ethif->num, err));
}
sys_timeout(PPPOE_DISC_TIMEOUT, pppoe_timeout, sc);
return err;
}
@ -831,26 +823,9 @@ pppoe_disconnect(struct pppoe_softc *sc)
if (sc->sc_state < PPPOE_STATE_SESSION) {
return;
}
/*
* Do not call pppoe_disconnect here, the upper layer state
* machine gets confused by this. We must return from this
* function and defer disconnecting to the timeout handler.
*/
sc->sc_state = PPPOE_STATE_CLOSING;
sys_timeout(20, pppoe_timeout, sc);
}
static int
pppoe_do_disconnect(struct pppoe_softc *sc)
{
int err;
if (sc->sc_state < PPPOE_STATE_SESSION) {
err = EBUSY;
} else {
PPPDEBUG(LOG_DEBUG, ("pppoe: %c%c%"U16_F": disconnecting\n", sc->sc_ethif->name[0], sc->sc_ethif->name[1], sc->sc_ethif->num));
err = pppoe_send_padt(sc->sc_ethif, sc->sc_session, (const u8_t *)&sc->sc_dest);
}
PPPDEBUG(LOG_DEBUG, ("pppoe: %c%c%"U16_F": disconnecting\n", sc->sc_ethif->name[0], sc->sc_ethif->name[1], sc->sc_ethif->num));
pppoe_send_padt(sc->sc_ethif, sc->sc_session, (const u8_t *)&sc->sc_dest);
/* cleanup softc */
sc->sc_state = PPPOE_STATE_INITIAL;
@ -864,24 +839,28 @@ pppoe_do_disconnect(struct pppoe_softc *sc)
sc->sc_hunique_len = 0;
#endif
sc->sc_session = 0;
sc->sc_padi_retried = 0;
sc->sc_padr_retried = 0;
sc->sc_linkStatusCB(sc->sc_pd, 0); /* notify upper layers */
return err;
sc->sc_link_status_cb(sc->pcb, PPPOE_CB_STATE_DOWN); /* notify upper layers */
return;
}
/* Connection attempt aborted */
static void
pppoe_abort_connect(struct pppoe_softc *sc)
{
printf("%c%c%"U16_F": could not establish connection\n", sc->sc_ethif->name[0], sc->sc_ethif->name[1], sc->sc_ethif->num);
sc->sc_state = PPPOE_STATE_CLOSING;
sc->sc_linkStatusCB(sc->sc_pd, 0); /* notify upper layers */
PPPDEBUG(LOG_DEBUG, ("%c%c%"U16_F": could not establish connection\n", sc->sc_ethif->name[0], sc->sc_ethif->name[1], sc->sc_ethif->num));
/* clear connection state */
MEMCPY(&sc->sc_dest, ethbroadcast.addr, sizeof(sc->sc_dest));
sc->sc_state = PPPOE_STATE_INITIAL;
MEMCPY(&sc->sc_dest, ethbroadcast.addr, sizeof(sc->sc_dest));
sc->sc_ac_cookie_len = 0;
sc->sc_session = 0;
sc->sc_padi_retried = 0;
sc->sc_padr_retried = 0;
sc->sc_link_status_cb(sc->pcb, PPPOE_CB_STATE_FAILED); /* notify upper layers */
}
/* Send a PADR packet */
@ -911,12 +890,12 @@ pppoe_send_padr(struct pppoe_softc *sc)
}
LWIP_ASSERT("sizeof(struct eth_hdr) + PPPOE_HEADERLEN + len <= 0xffff",
sizeof(struct eth_hdr) + PPPOE_HEADERLEN + len <= 0xffff);
pb = pbuf_alloc(PBUF_LINK, (u16_t)(sizeof(struct eth_hdr) + PPPOE_HEADERLEN + len), PBUF_RAM);
pb = pbuf_alloc(PBUF_LINK, (u16_t)(PPPOE_HEADERLEN + len), PBUF_RAM);
if (!pb) {
return ERR_MEM;
}
LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len);
p = (u8_t*)pb->payload + sizeof (struct eth_hdr);
p = (u8_t*)pb->payload;
PPPOE_ADD_HEADER(p, PPPOE_CODE_PADR, 0, len);
PPPOE_ADD_16(p, PPPOE_TAG_SNAME);
#ifdef PPPOE_TODO
@ -951,16 +930,17 @@ pppoe_send_padt(struct netif *outgoing_if, u_int session, const u8_t *dest)
err_t res;
u8_t *p;
pb = pbuf_alloc(PBUF_LINK, sizeof(struct eth_hdr) + PPPOE_HEADERLEN, PBUF_RAM);
pb = pbuf_alloc(PBUF_LINK, (u16_t)(PPPOE_HEADERLEN), PBUF_RAM);
if (!pb) {
return ERR_MEM;
}
LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len);
pbuf_header(pb, sizeof(struct eth_hdr));
ethhdr = (struct eth_hdr *)pb->payload;
ethhdr->type = PP_HTONS(ETHTYPE_PPPOEDISC);
MEMCPY(ethhdr->dest.addr, dest, sizeof(ethhdr->dest.addr));
MEMCPY(ethhdr->src.addr, ((struct eth_addr *)outgoing_if->hwaddr)->addr, sizeof(ethhdr->src.addr));
MEMCPY(&ethhdr->dest.addr, dest, sizeof(ethhdr->dest.addr));
MEMCPY(&ethhdr->src.addr, &outgoing_if->hwaddr, sizeof(ethhdr->src.addr));
p = (u8_t*)(ethhdr + 1);
PPPOE_ADD_HEADER(p, PPPOE_CODE_PADT, session, 0);
@ -990,12 +970,12 @@ pppoe_send_pado(struct pppoe_softc *sc)
len += 2 + 2 + sizeof(sc);
/* include hunique */
len += 2 + 2 + sc->sc_hunique_len;
pb = pbuf_alloc(PBUF_LINK, sizeof(struct eth_hdr) + PPPOE_HEADERLEN + len, PBUF_RAM);
pb = pbuf_alloc(PBUF_LINK, (u16_t)(PPPOE_HEADERLEN + len), PBUF_RAM);
if (!pb) {
return ERR_MEM;
}
LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len);
p = (u8_t*)pb->payload + sizeof (struct eth_hdr);
p = (u8_t*)pb->payload;
PPPOE_ADD_HEADER(p, PPPOE_CODE_PADO, 0, len);
PPPOE_ADD_16(p, PPPOE_TAG_ACCOOKIE);
PPPOE_ADD_16(p, sizeof(sc));
@ -1027,12 +1007,12 @@ pppoe_send_pads(struct pppoe_softc *sc)
l1 = strlen(sc->sc_service_name);
len += l1;
}
pb = pbuf_alloc(PBUF_LINK, sizeof(struct eth_hdr) + PPPOE_HEADERLEN + len, PBUF_RAM);
pb = pbuf_alloc(PBUF_LINK, (u16_t)(PPPOE_HEADERLEN + len), PBUF_RAM);
if (!pb) {
return ERR_MEM;
}
LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len);
p = (u8_t*)pb->payload + sizeof (struct eth_hdr);
p = (u8_t*)pb->payload;
PPPOE_ADD_HEADER(p, PPPOE_CODE_PADS, sc->sc_session, len);
PPPOE_ADD_16(p, PPPOE_TAG_SNAME);
if (sc->sc_service_name != NULL) {
@ -1064,16 +1044,16 @@ pppoe_xmit(struct pppoe_softc *sc, struct pbuf *pb)
len = pb->tot_len;
/* make room for Ethernet header - should not fail */
if (pbuf_header(pb, sizeof(struct eth_hdr) + PPPOE_HEADERLEN) != 0) {
/* make room for PPPoE header - should not fail */
if (pbuf_header(pb, (u16_t)(PPPOE_HEADERLEN)) != 0) {
/* bail out */
PPPDEBUG(LOG_ERR, ("pppoe: %c%c%"U16_F": pppoe_xmit: could not allocate room for header\n", sc->sc_ethif->name[0], sc->sc_ethif->name[1], sc->sc_ethif->num));
PPPDEBUG(LOG_ERR, ("pppoe: %c%c%"U16_F": pppoe_xmit: could not allocate room for PPPoE header\n", sc->sc_ethif->name[0], sc->sc_ethif->name[1], sc->sc_ethif->num));
LINK_STATS_INC(link.lenerr);
pbuf_free(pb);
return ERR_BUF;
}
}
p = (u8_t*)pb->payload + sizeof(struct eth_hdr);
p = (u8_t*)pb->payload;
PPPOE_ADD_HEADER(p, 0, sc->sc_session, len);
return pppoe_output(sc, pb);
@ -1096,8 +1076,8 @@ pppoe_ifattach_hook(void *arg, struct pbuf **mp, struct netif *ifp, int dir)
}
if (sc->sc_sppp.pp_if.if_flags & IFF_UP) {
sc->sc_sppp.pp_if.if_flags &= ~(IFF_UP|IFF_RUNNING);
printf("%c%c%"U16_F": ethernet interface detached, going down\n",
sc->sc_ethif->name[0], sc->sc_ethif->name[1], sc->sc_ethif->num);
PPPDEBUG(LOG_DEBUG, ("%c%c%"U16_F": ethernet interface detached, going down\n",
sc->sc_ethif->name[0], sc->sc_ethif->name[1], sc->sc_ethif->num));
}
sc->sc_ethif = NULL;
pppoe_clear_softc(sc, "ethernet interface detached");
@ -1115,18 +1095,17 @@ pppoe_clear_softc(struct pppoe_softc *sc, const char *message)
/* stop timer */
sys_untimeout(pppoe_timeout, sc);
PPPDEBUG(LOG_DEBUG, ("pppoe: %c%c%"U16_F": session 0x%x terminated, %s\n", sc->sc_ethif->name[0], sc->sc_ethif->name[1], sc->sc_ethif->num, sc->sc_session, message));
/* fix our state */
sc->sc_state = PPPOE_STATE_INITIAL;
/* notify upper layers */
sc->sc_linkStatusCB(sc->sc_pd, 0);
sc->sc_link_status_cb(sc->pcb, PPPOE_CB_STATE_DOWN);
/* clean up softc */
MEMCPY(&sc->sc_dest, ethbroadcast.addr, sizeof(sc->sc_dest));
sc->sc_ac_cookie_len = 0;
sc->sc_session = 0;
sc->sc_padi_retried = 0;
sc->sc_padr_retried = 0;
}
#endif /* PPPOE_SUPPORT */
#endif /* PPP_SUPPORT && PPPOE_SUPPORT */

1003
src/netif/ppp/pppol2tp.c Normal file
View File

File diff suppressed because it is too large Load Diff

249
src/netif/ppp/randm.c
View File

@ -1,249 +0,0 @@
/*****************************************************************************
* randm.c - Random number generator program file.
*
* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
* Copyright (c) 1998 by Global Election Systems Inc.
*
* The authors hereby grant permission to use, copy, modify, distribute,
* and license this software and its documentation for any purpose, provided
* that existing copyright notices are retained in all copies and that this
* notice and the following disclaimer are included verbatim in any
* distributions. No written agreement, license, or royalty fee is required
* for any of the authorized uses.
*
* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
******************************************************************************
* REVISION HISTORY
*
* 03-01-01 Marc Boucher <marc@mbsi.ca>
* Ported to lwIP.
* 98-06-03 Guy Lancaster <lancasterg@acm.org>, Global Election Systems Inc.
* Extracted from avos.
*****************************************************************************/
#include "lwip/opt.h"
#if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#include "md5.h"
#include "randm.h"
#include "ppp_impl.h"
#include "pppdebug.h"
#include <string.h>
#if MD5_SUPPORT /* this module depends on MD5 */
#define RANDPOOLSZ 16 /* Bytes stored in the pool of randomness. */
/*****************************/
/*** LOCAL DATA STRUCTURES ***/
/*****************************/
static char randPool[RANDPOOLSZ]; /* Pool of randomness. */
static long randCount = 0; /* Pseudo-random incrementer */
/***********************************/
/*** PUBLIC FUNCTION DEFINITIONS ***/
/***********************************/
/*
* Initialize the random number generator.
*
* Since this is to be called on power up, we don't have much
* system randomess to work with. Here all we use is the
* real-time clock. We'll accumulate more randomness as soon
* as things start happening.
*/
void
avRandomInit()
{
avChurnRand(NULL, 0);
}
/*
* Churn the randomness pool on a random event. Call this early and often
* on random and semi-random system events to build randomness in time for
* usage. For randomly timed events, pass a null pointer and a zero length
* and this will use the system timer and other sources to add randomness.
* If new random data is available, pass a pointer to that and it will be
* included.
*
* Ref: Applied Cryptography 2nd Ed. by Bruce Schneier p. 427
*/
void
avChurnRand(char *randData, u32_t randLen)
{
MD5_CTX md5;
/* LWIP_DEBUGF(LOG_INFO, ("churnRand: %u@%P\n", randLen, randData)); */
MD5Init(&md5);
MD5Update(&md5, (u_char *)randPool, sizeof(randPool));
if (randData) {
MD5Update(&md5, (u_char *)randData, randLen);
} else {
struct {
/* INCLUDE fields for any system sources of randomness */
char foobar;
} sysData;
/* Load sysData fields here. */
MD5Update(&md5, (u_char *)&sysData, sizeof(sysData));
}
MD5Final((u_char *)randPool, &md5);
/* LWIP_DEBUGF(LOG_INFO, ("churnRand: -> 0\n")); */
}
/*
* Use the random pool to generate random data. This degrades to pseudo
* random when used faster than randomness is supplied using churnRand().
* Note: It's important that there be sufficient randomness in randPool
* before this is called for otherwise the range of the result may be
* narrow enough to make a search feasible.
*
* Ref: Applied Cryptography 2nd Ed. by Bruce Schneier p. 427
*
* XXX Why does he not just call churnRand() for each block? Probably
* so that you don't ever publish the seed which could possibly help
* predict future values.
* XXX Why don't we preserve md5 between blocks and just update it with
* randCount each time? Probably there is a weakness but I wish that
* it was documented.
*/
void
avGenRand(char *buf, u32_t bufLen)
{
MD5_CTX md5;
u_char tmp[16];
u32_t n;
while (bufLen > 0) {
n = LWIP_MIN(bufLen, RANDPOOLSZ);
MD5Init(&md5);
MD5Update(&md5, (u_char *)randPool, sizeof(randPool));
MD5Update(&md5, (u_char *)&randCount, sizeof(randCount));
MD5Final(tmp, &md5);
randCount++;
MEMCPY(buf, tmp, n);
buf += n;
bufLen -= n;
}
}
/*
* Return a new random number.
*/
u32_t
avRandom()
{
u32_t newRand;
avGenRand((char *)&newRand, sizeof(newRand));
return newRand;
}
#else /* MD5_SUPPORT */
/*****************************/
/*** LOCAL DATA STRUCTURES ***/
/*****************************/
static int avRandomized = 0; /* Set when truely randomized. */
static u32_t avRandomSeed = 0; /* Seed used for random number generation. */
/***********************************/
/*** PUBLIC FUNCTION DEFINITIONS ***/
/***********************************/
/*
* Initialize the random number generator.
*
* Here we attempt to compute a random number seed but even if
* it isn't random, we'll randomize it later.
*
* The current method uses the fields from the real time clock,
* the idle process counter, the millisecond counter, and the
* hardware timer tick counter. When this is invoked
* in startup(), then the idle counter and timer values may
* repeat after each boot and the real time clock may not be
* operational. Thus we call it again on the first random
* event.
*/
void
avRandomInit()
{
#if 0
/* Get a pointer into the last 4 bytes of clockBuf. */
u32_t *lptr1 = (u32_t *)((char *)&clockBuf[3]);
/*
* Initialize our seed using the real-time clock, the idle
* counter, the millisecond timer, and the hardware timer
* tick counter. The real-time clock and the hardware
* tick counter are the best sources of randomness but
* since the tick counter is only 16 bit (and truncated
* at that), the idle counter and millisecond timer
* (which may be small values) are added to help
* randomize the lower 16 bits of the seed.
*/
readClk();
avRandomSeed += *(u32_t *)clockBuf + *lptr1 + OSIdleCtr
+ ppp_mtime() + ((u32_t)TM1 << 16) + TM1;
#else
avRandomSeed += sys_jiffies(); /* XXX */
#endif
/* Initialize the Borland random number generator. */
srand((unsigned)avRandomSeed);
}
/*
* Randomize our random seed value. Here we use the fact that
* this function is called at *truely random* times by the polling
* and network functions. Here we only get 16 bits of new random
* value but we use the previous value to randomize the other 16
* bits.
*/
void
avRandomize(void)
{
static u32_t last_jiffies;
if (!avRandomized) {
avRandomized = !0;
avRandomInit();
/* The initialization function also updates the seed. */
} else {
/* avRandomSeed += (avRandomSeed << 16) + TM1; */
avRandomSeed += (sys_jiffies() - last_jiffies); /* XXX */
}
last_jiffies = sys_jiffies();
}
/*
* Return a new random number.
* Here we use the Borland rand() function to supply a pseudo random
* number which we make truely random by combining it with our own
* seed which is randomized by truely random events.
* Thus the numbers will be truely random unless there have been no
* operator or network events in which case it will be pseudo random
* seeded by the real time clock.
*/
u32_t
avRandom()
{
return ((((u32_t)rand() << 16) + rand()) + avRandomSeed);
}
#endif /* MD5_SUPPORT */
#endif /* PPP_SUPPORT */

81
src/netif/ppp/randm.h
View File

@ -1,81 +0,0 @@
/*****************************************************************************
* randm.h - Random number generator header file.
*
* Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc.
* Copyright (c) 1998 Global Election Systems Inc.
*
* The authors hereby grant permission to use, copy, modify, distribute,
* and license this software and its documentation for any purpose, provided
* that existing copyright notices are retained in all copies and that this
* notice and the following disclaimer are included verbatim in any
* distributions. No written agreement, license, or royalty fee is required
* for any of the authorized uses.
*
* THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
******************************************************************************
* REVISION HISTORY
*
* 03-01-01 Marc Boucher <marc@mbsi.ca>
* Ported to lwIP.
* 98-05-29 Guy Lancaster <glanca@gesn.com>, Global Election Systems Inc.
* Extracted from avos.
*****************************************************************************/
#ifndef RANDM_H
#define RANDM_H
/***********************
*** PUBLIC FUNCTIONS ***
***********************/
/*
* Initialize the random number generator.
*/
void avRandomInit(void);
/*
* Churn the randomness pool on a random event. Call this early and often
* on random and semi-random system events to build randomness in time for
* usage. For randomly timed events, pass a null pointer and a zero length
* and this will use the system timer and other sources to add randomness.
* If new random data is available, pass a pointer to that and it will be
* included.
*/
void avChurnRand(char *randData, u32_t randLen);
/*
* Randomize our random seed value. To be called for truely random events
* such as user operations and network traffic.
*/
#if MD5_SUPPORT
#define avRandomize() avChurnRand(NULL, 0)
#else /* MD5_SUPPORT */
void avRandomize(void);
#endif /* MD5_SUPPORT */
/*
* Use the random pool to generate random data. This degrades to pseudo
* random when used faster than randomness is supplied using churnRand().
* Thus it's important to make sure that the results of this are not
* published directly because one could predict the next result to at
* least some degree. Also, it's important to get a good seed before
* the first use.
*/
void avGenRand(char *buf, u32_t bufLen);
/*
* Return a new random number.
*/
u32_t avRandom(void);
#endif /* RANDM_H */

21
src/netif/ppp/readme.txt
View File

@ -1,21 +0,0 @@
About the PPP code:
The PPP code is not our "own" code - we just copied it from pppd (http://ppp.samba.org/) and adapted it to lwIP.
Unfortunately, not many here know their way around it too well. Back in 2009, we took the effort to see which
version of pppd our code relates to and we're pretty much on 2.3.11 with some bugs from 2.4.x backported.
Aside from simple code adaptions, there are some files that are different, however:
- chpms.c/.h are named chap_ms.c/.h in the original pppd 2.3.11 sources
- pap.c/.h are named upap.c/.h in the original pppd 2.3.11 sources
- randm.c is a random generator not included in the original pppd
- magic.c does not use the C library's random functions, but uses randm.c instead
- vj.c/.h is an implementation of the Van Jacobson header compression algorithm adapted to lwIP pbufs,
probably copied from one of the vjcompress.c files from pppd.
- ppp.c, ppp.h and ppp_impl.h contain the adaption from pppd to lwIP. This is the "OS"-dependent part like there
is an implementation for linux, xBSD etc. in the pppd sources.
- ppp_oe.c is Marc Boucher's implementation based on NetBSD's if_pppoe.c
There is of course potential for bugs in it, but when analyzing of reporting bugs, it is strongly encouraged to
compare the code in question to pppd 2.3.11 (our basis) and newer versions (perhaps it's already fixed?) and to
share this knowledge with us when reporting a bug.

669
src/netif/ppp/upap.c Normal file
View File

@ -0,0 +1,669 @@
/*
* upap.c - User/Password Authentication Protocol.
*
* Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The name "Carnegie Mellon University" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For permission or any legal
* details, please contact
* Office of Technology Transfer
* Carnegie Mellon University
* 5000 Forbes Avenue
* Pittsburgh, PA 15213-3890
* (412) 268-4387, fax: (412) 268-7395
* tech-transfer@andrew.cmu.edu
*
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Computing Services
* at Carnegie Mellon University (http://www.cmu.edu/computing/)."
*
* CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
* FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && PAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
/*
* TODO:
*/
#if 0 /* UNUSED */
#include <stdio.h>
#include <string.h>
#endif /* UNUSED */
#include "netif/ppp/ppp_impl.h"
#include "netif/ppp/upap.h"
#if PPP_OPTIONS
/*
* Command-line options.
*/
static option_t pap_option_list[] = {
{ "hide-password", o_bool, &hide_password,
"Don't output passwords to log", OPT_PRIO | 1 },
{ "show-password", o_bool, &hide_password,
"Show password string in debug log messages", OPT_PRIOSUB | 0 },
{ "pap-restart", o_int, &upap[0].us_timeouttime,
"Set retransmit timeout for PAP", OPT_PRIO },
{ "pap-max-authreq", o_int, &upap[0].us_maxtransmits,
"Set max number of transmissions for auth-reqs", OPT_PRIO },
{ "pap-timeout", o_int, &upap[0].us_reqtimeout,
"Set time limit for peer PAP authentication", OPT_PRIO },
{ NULL }
};
#endif /* PPP_OPTIONS */
/*
* Protocol entry points.
*/
static void upap_init(ppp_pcb *pcb);
static void upap_lowerup(ppp_pcb *pcb);
static void upap_lowerdown(ppp_pcb *pcb);
static void upap_input(ppp_pcb *pcb, u_char *inpacket, int l);
static void upap_protrej(ppp_pcb *pcb);
#if PRINTPKT_SUPPORT
static int upap_printpkt(u_char *p, int plen, void (*printer) (void *, char *, ...), void *arg);
#endif /* PRINTPKT_SUPPORT */
const struct protent pap_protent = {
PPP_PAP,
upap_init,
upap_input,
upap_protrej,
upap_lowerup,
upap_lowerdown,
NULL,
NULL,
#if PRINTPKT_SUPPORT
upap_printpkt,
#endif /* PRINTPKT_SUPPORT */
NULL,
1,
#if PRINTPKT_SUPPORT
"PAP",
NULL,
#endif /* PRINTPKT_SUPPORT */
#if PPP_OPTIONS
pap_option_list,
NULL,
#endif /* PPP_OPTIONS */
#if DEMAND_SUPPORT
NULL,
NULL
#endif /* DEMAND_SUPPORT */
};
static void upap_timeout(void *arg);
#if PPP_SERVER
static void upap_reqtimeout(void *arg);
static void upap_rauthreq(ppp_pcb *pcb, u_char *inp, int id, int len);
#endif /* PPP_SERVER */
static void upap_rauthack(ppp_pcb *pcb, u_char *inp, int id, int len);
static void upap_rauthnak(ppp_pcb *pcb, u_char *inp, int id, int len);
static void upap_sauthreq(ppp_pcb *pcb);
#if PPP_SERVER
static void upap_sresp(ppp_pcb *pcb, u_char code, u_char id, char *msg, int msglen);
#endif /* PPP_SERVER */
/*
* upap_init - Initialize a UPAP unit.
*/
static void upap_init(ppp_pcb *pcb) {
pcb->upap.us_user = NULL;
pcb->upap.us_userlen = 0;
pcb->upap.us_passwd = NULL;
pcb->upap.us_passwdlen = 0;
pcb->upap.us_clientstate = UPAPCS_INITIAL;
#if PPP_SERVER
pcb->upap.us_serverstate = UPAPSS_INITIAL;
#endif /* PPP_SERVER */
pcb->upap.us_id = 0;
}
/*
* upap_authwithpeer - Authenticate us with our peer (start client).
*
* Set new state and send authenticate's.
*/
void upap_authwithpeer(ppp_pcb *pcb, char *user, char *password) {
if(!user || !password)
return;
/* Save the username and password we're given */
pcb->upap.us_user = user;
pcb->upap.us_userlen = LWIP_MIN(strlen(user), 0xff);
pcb->upap.us_passwd = password;
pcb->upap.us_passwdlen = LWIP_MIN(strlen(password), 0xff);
pcb->upap.us_transmits = 0;
/* Lower layer up yet? */
if (pcb->upap.us_clientstate == UPAPCS_INITIAL ||
pcb->upap.us_clientstate == UPAPCS_PENDING) {
pcb->upap.us_clientstate = UPAPCS_PENDING;
return;
}
upap_sauthreq(pcb); /* Start protocol */
}
#if PPP_SERVER
/*
* upap_authpeer - Authenticate our peer (start server).
*
* Set new state.
*/
void upap_authpeer(ppp_pcb *pcb) {
/* Lower layer up yet? */
if (pcb->upap.us_serverstate == UPAPSS_INITIAL ||
pcb->upap.us_serverstate == UPAPSS_PENDING) {
pcb->upap.us_serverstate = UPAPSS_PENDING;
return;
}
pcb->upap.us_serverstate = UPAPSS_LISTEN;
if (pcb->settings.pap_req_timeout > 0)
TIMEOUT(upap_reqtimeout, pcb, pcb->settings.pap_req_timeout);
}
#endif /* PPP_SERVER */
/*
* upap_timeout - Retransmission timer for sending auth-reqs expired.
*/
static void upap_timeout(void *arg) {
ppp_pcb *pcb = (ppp_pcb*)arg;
if (pcb->upap.us_clientstate != UPAPCS_AUTHREQ)
return;
if (pcb->upap.us_transmits >= pcb->settings.pap_max_transmits) {
/* give up in disgust */
ppp_error("No response to PAP authenticate-requests");
pcb->upap.us_clientstate = UPAPCS_BADAUTH;
auth_withpeer_fail(pcb, PPP_PAP);
return;
}
upap_sauthreq(pcb); /* Send Authenticate-Request */
}
#if PPP_SERVER
/*
* upap_reqtimeout - Give up waiting for the peer to send an auth-req.
*/
static void upap_reqtimeout(void *arg) {
ppp_pcb *pcb = (ppp_pcb*)arg;
if (pcb->upap.us_serverstate != UPAPSS_LISTEN)
return; /* huh?? */
auth_peer_fail(pcb, PPP_PAP);
pcb->upap.us_serverstate = UPAPSS_BADAUTH;
}
#endif /* PPP_SERVER */
/*
* upap_lowerup - The lower layer is up.
*
* Start authenticating if pending.
*/
static void upap_lowerup(ppp_pcb *pcb) {
if (pcb->upap.us_clientstate == UPAPCS_INITIAL)
pcb->upap.us_clientstate = UPAPCS_CLOSED;
else if (pcb->upap.us_clientstate == UPAPCS_PENDING) {
upap_sauthreq(pcb); /* send an auth-request */
}
#if PPP_SERVER
if (pcb->upap.us_serverstate == UPAPSS_INITIAL)
pcb->upap.us_serverstate = UPAPSS_CLOSED;
else if (pcb->upap.us_serverstate == UPAPSS_PENDING) {
pcb->upap.us_serverstate = UPAPSS_LISTEN;
if (pcb->settings.pap_req_timeout > 0)
TIMEOUT(upap_reqtimeout, pcb, pcb->settings.pap_req_timeout);
}
#endif /* PPP_SERVER */
}
/*
* upap_lowerdown - The lower layer is down.
*
* Cancel all timeouts.
*/
static void upap_lowerdown(ppp_pcb *pcb) {
if (pcb->upap.us_clientstate == UPAPCS_AUTHREQ) /* Timeout pending? */
UNTIMEOUT(upap_timeout, pcb); /* Cancel timeout */
#if PPP_SERVER
if (pcb->upap.us_serverstate == UPAPSS_LISTEN && pcb->settings.pap_req_timeout > 0)
UNTIMEOUT(upap_reqtimeout, pcb);
#endif /* PPP_SERVER */
pcb->upap.us_clientstate = UPAPCS_INITIAL;
#if PPP_SERVER
pcb->upap.us_serverstate = UPAPSS_INITIAL;
#endif /* PPP_SERVER */
}
/*
* upap_protrej - Peer doesn't speak this protocol.
*
* This shouldn't happen. In any case, pretend lower layer went down.
*/
static void upap_protrej(ppp_pcb *pcb) {
if (pcb->upap.us_clientstate == UPAPCS_AUTHREQ) {
ppp_error("PAP authentication failed due to protocol-reject");
auth_withpeer_fail(pcb, PPP_PAP);
}
#if PPP_SERVER
if (pcb->upap.us_serverstate == UPAPSS_LISTEN) {
ppp_error("PAP authentication of peer failed (protocol-reject)");
auth_peer_fail(pcb, PPP_PAP);
}
#endif /* PPP_SERVER */
upap_lowerdown(pcb);
}
/*
* upap_input - Input UPAP packet.
*/
static void upap_input(ppp_pcb *pcb, u_char *inpacket, int l) {
u_char *inp;
u_char code, id;
int len;
/*
* Parse header (code, id and length).
* If packet too short, drop it.
*/
inp = inpacket;
if (l < UPAP_HEADERLEN) {
UPAPDEBUG(("pap_input: rcvd short header."));
return;
}
GETCHAR(code, inp);
GETCHAR(id, inp);
GETSHORT(len, inp);
if (len < UPAP_HEADERLEN) {
UPAPDEBUG(("pap_input: rcvd illegal length."));
return;
}
if (len > l) {
UPAPDEBUG(("pap_input: rcvd short packet."));
return;
}
len -= UPAP_HEADERLEN;
/*
* Action depends on code.
*/
switch (code) {
case UPAP_AUTHREQ:
#if PPP_SERVER
upap_rauthreq(pcb, inp, id, len);
#endif /* PPP_SERVER */
break;
case UPAP_AUTHACK:
upap_rauthack(pcb, inp, id, len);
break;
case UPAP_AUTHNAK:
upap_rauthnak(pcb, inp, id, len);
break;
default: /* XXX Need code reject */
break;
}
}
#if PPP_SERVER
/*
* upap_rauth - Receive Authenticate.
*/
static void upap_rauthreq(ppp_pcb *pcb, u_char *inp, int id, int len) {
u_char ruserlen, rpasswdlen;
char *ruser, *rpasswd;
char rhostname[256];
int retcode;
char *msg;
int msglen;
if (pcb->upap.us_serverstate < UPAPSS_LISTEN)
return;
/*
* If we receive a duplicate authenticate-request, we are
* supposed to return the same status as for the first request.
*/
if (pcb->upap.us_serverstate == UPAPSS_OPEN) {
upap_sresp(pcb, UPAP_AUTHACK, id, "", 0); /* return auth-ack */
return;
}
if (pcb->upap.us_serverstate == UPAPSS_BADAUTH) {
upap_sresp(pcb, UPAP_AUTHNAK, id, "", 0); /* return auth-nak */
return;
}
/*
* Parse user/passwd.
*/
if (len < 1) {
UPAPDEBUG(("pap_rauth: rcvd short packet."));
return;
}
GETCHAR(ruserlen, inp);
len -= sizeof (u_char) + ruserlen + sizeof (u_char);
if (len < 0) {
UPAPDEBUG(("pap_rauth: rcvd short packet."));
return;
}
ruser = (char *) inp;
INCPTR(ruserlen, inp);
GETCHAR(rpasswdlen, inp);
if (len < rpasswdlen) {
UPAPDEBUG(("pap_rauth: rcvd short packet."));
return;
}
/* FIXME: we need a way to check peer secret */
rpasswd = (char *) inp;
/*
* Check the username and password given.
*/
#if 0
retcode = check_passwd(pcb->upap.us_unit, ruser, ruserlen, rpasswd,
rpasswdlen, &msg);
BZERO(rpasswd, rpasswdlen);
/*
* Check remote number authorization. A plugin may have filled in
* the remote number or added an allowed number, and rather than
* return an authenticate failure, is leaving it for us to verify.
*/
if (retcode == UPAP_AUTHACK) {
if (!auth_number()) {
/* We do not want to leak info about the pap result. */
retcode = UPAP_AUTHNAK; /* XXX exit value will be "wrong" */
warn("calling number %q is not authorized", remote_number);
}
}
#endif
msglen = strlen(msg);
if (msglen > 255)
msglen = 255;
upap_sresp(pcb, retcode, id, msg, msglen);
/* Null terminate and clean remote name. */
ppp_slprintf(rhostname, sizeof(rhostname), "%.*v", ruserlen, ruser);
if (retcode == UPAP_AUTHACK) {
pcb->upap.us_serverstate = UPAPSS_OPEN;
ppp_notice("PAP peer authentication succeeded for %q", rhostname);
auth_peer_success(pcb, PPP_PAP, 0, ruser, ruserlen);
} else {
pcb->upap.us_serverstate = UPAPSS_BADAUTH;
ppp_warn("PAP peer authentication failed for %q", rhostname);
auth_peer_fail(pcb, PPP_PAP);
}
if (pcb->settings.pap_req_timeout > 0)
UNTIMEOUT(upap_reqtimeout, pcb);
}
#endif /* PPP_SERVER */
/*
* upap_rauthack - Receive Authenticate-Ack.
*/
static void upap_rauthack(ppp_pcb *pcb, u_char *inp, int id, int len) {
u_char msglen;
char *msg;
if (pcb->upap.us_clientstate != UPAPCS_AUTHREQ) /* XXX */
return;
/*
* Parse message.
*/
if (len < 1) {
UPAPDEBUG(("pap_rauthack: ignoring missing msg-length."));
} else {
GETCHAR(msglen, inp);
if (msglen > 0) {
len -= sizeof (u_char);
if (len < msglen) {
UPAPDEBUG(("pap_rauthack: rcvd short packet."));
return;
}
msg = (char *) inp;
PRINTMSG(msg, msglen);
}
}
pcb->upap.us_clientstate = UPAPCS_OPEN;
auth_withpeer_success(pcb, PPP_PAP, 0);
}
/*
* upap_rauthnak - Receive Authenticate-Nak.
*/
static void upap_rauthnak(ppp_pcb *pcb, u_char *inp, int id, int len) {
u_char msglen;
char *msg;
if (pcb->upap.us_clientstate != UPAPCS_AUTHREQ) /* XXX */
return;
/*
* Parse message.
*/
if (len < 1) {
UPAPDEBUG(("pap_rauthnak: ignoring missing msg-length."));
} else {
GETCHAR(msglen, inp);
if (msglen > 0) {
len -= sizeof (u_char);
if (len < msglen) {
UPAPDEBUG(("pap_rauthnak: rcvd short packet."));
return;
}
msg = (char *) inp;
PRINTMSG(msg, msglen);
}
}
pcb->upap.us_clientstate = UPAPCS_BADAUTH;
ppp_error("PAP authentication failed");
auth_withpeer_fail(pcb, PPP_PAP);
}
/*
* upap_sauthreq - Send an Authenticate-Request.
*/
static void upap_sauthreq(ppp_pcb *pcb) {
struct pbuf *p;
u_char *outp;
int outlen;
outlen = UPAP_HEADERLEN + 2 * sizeof (u_char) +
pcb->upap.us_userlen + pcb->upap.us_passwdlen;
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN +outlen), PPP_CTRL_PBUF_TYPE);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
outp = p->payload;
MAKEHEADER(outp, PPP_PAP);
PUTCHAR(UPAP_AUTHREQ, outp);
PUTCHAR(++pcb->upap.us_id, outp);
PUTSHORT(outlen, outp);
PUTCHAR(pcb->upap.us_userlen, outp);
MEMCPY(outp, pcb->upap.us_user, pcb->upap.us_userlen);
INCPTR(pcb->upap.us_userlen, outp);
PUTCHAR(pcb->upap.us_passwdlen, outp);
MEMCPY(outp, pcb->upap.us_passwd, pcb->upap.us_passwdlen);
ppp_write(pcb, p);
TIMEOUT(upap_timeout, pcb, pcb->settings.pap_timeout_time);
++pcb->upap.us_transmits;
pcb->upap.us_clientstate = UPAPCS_AUTHREQ;
}
#if PPP_SERVER
/*
* upap_sresp - Send a response (ack or nak).
*/
static void upap_sresp(ppp_pcb *pcb, u_char code, u_char id, char *msg, int msglen) {
struct pbuf *p;
u_char *outp;
int outlen;
outlen = UPAP_HEADERLEN + sizeof (u_char) + msglen;
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN +outlen), PPP_CTRL_PBUF_TYPE);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
outp = p->payload;
MAKEHEADER(outp, PPP_PAP);
PUTCHAR(code, outp);
PUTCHAR(id, outp);
PUTSHORT(outlen, outp);
PUTCHAR(msglen, outp);
MEMCPY(outp, msg, msglen);
ppp_write(pcb, p);
}
#endif /* PPP_SERVER */
#if PRINTPKT_SUPPORT
/*
* upap_printpkt - print the contents of a PAP packet.
*/
static char *upap_codenames[] = {
"AuthReq", "AuthAck", "AuthNak"
};
static int upap_printpkt(u_char *p, int plen, void (*printer) (void *, char *, ...), void *arg) {
int code, id, len;
int mlen, ulen, wlen;
char *user, *pwd, *msg;
u_char *pstart;
if (plen < UPAP_HEADERLEN)
return 0;
pstart = p;
GETCHAR(code, p);
GETCHAR(id, p);
GETSHORT(len, p);
if (len < UPAP_HEADERLEN || len > plen)
return 0;
if (code >= 1 && code <= sizeof(upap_codenames) / sizeof(char *))
printer(arg, " %s", upap_codenames[code-1]);
else
printer(arg, " code=0x%x", code);
printer(arg, " id=0x%x", id);
len -= UPAP_HEADERLEN;
switch (code) {
case UPAP_AUTHREQ:
if (len < 1)
break;
ulen = p[0];
if (len < ulen + 2)
break;
wlen = p[ulen + 1];
if (len < ulen + wlen + 2)
break;
user = (char *) (p + 1);
pwd = (char *) (p + ulen + 2);
p += ulen + wlen + 2;
len -= ulen + wlen + 2;
printer(arg, " user=");
ppp_print_string(user, ulen, printer, arg);
printer(arg, " password=");
/* FIXME: require ppp_pcb struct as printpkt() argument */
#if 0
if (!pcb->settings.hide_password)
#endif
ppp_print_string(pwd, wlen, printer, arg);
#if 0
else
printer(arg, "<hidden>");
#endif
break;
case UPAP_AUTHACK:
case UPAP_AUTHNAK:
if (len < 1)
break;
mlen = p[0];
if (len < mlen + 1)
break;
msg = (char *) (p + 1);
p += mlen + 1;
len -= mlen + 1;
printer(arg, " ");
ppp_print_string(msg, mlen, printer, arg);
break;
}
/* print the rest of the bytes in the packet */
for (; len > 0; --len) {
GETCHAR(code, p);
printer(arg, " %.2x", code);
}
return p - pstart;
}
#endif /* PRINTPKT_SUPPORT */
#endif /* PPP_SUPPORT && PAP_SUPPORT */

959
src/netif/ppp/utils.c Normal file
View File

@ -0,0 +1,959 @@
/*
* utils.c - various utility functions used in pppd.
*
* Copyright (c) 1999-2002 Paul Mackerras. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. The name(s) of the authors of this software must not be used to
* endorse or promote products derived from this software without
* prior written permission.
*
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
* <paulus@samba.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
* SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "lwip/opt.h"
#if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#if 0 /* UNUSED */
#include <stdio.h>
#include <ctype.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <signal.h>
#include <errno.h>
#include <fcntl.h>
#include <syslog.h>
#include <netdb.h>
#include <time.h>
#include <utmp.h>
#include <pwd.h>
#include <sys/param.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <sys/stat.h>
#include <sys/socket.h>
#include <netinet/in.h>
#ifdef SVR4
#include <sys/mkdev.h>
#endif
#endif /* UNUSED */
#include <ctype.h> /* isdigit() */
#include "netif/ppp/ppp_impl.h"
#include "netif/ppp/fsm.h"
#include "netif/ppp/lcp.h"
#if defined(SUNOS4)
extern char *strerror();
#endif
static void ppp_logit(int level, char *fmt, va_list args);
static void ppp_log_write(int level, char *buf);
#if PRINTPKT_SUPPORT
static void ppp_vslp_printer(void *arg, char *fmt, ...);
static void ppp_format_packet(u_char *p, int len,
void (*printer) (void *, char *, ...), void *arg);
struct buffer_info {
char *ptr;
int len;
};
#endif /* PRINTPKT_SUPPORT */
/*
* ppp_strlcpy - like strcpy/strncpy, doesn't overflow destination buffer,
* always leaves destination null-terminated (for len > 0).
*/
size_t ppp_strlcpy(char *dest, const char *src, size_t len) {
size_t ret = strlen(src);
if (len != 0) {
if (ret < len)
strcpy(dest, src);
else {
strncpy(dest, src, len - 1);
dest[len-1] = 0;
}
}
return ret;
}
/*
* ppp_strlcat - like strcat/strncat, doesn't overflow destination buffer,
* always leaves destination null-terminated (for len > 0).
*/
size_t ppp_strlcat(char *dest, const char *src, size_t len) {
size_t dlen = strlen(dest);
return dlen + ppp_strlcpy(dest + dlen, src, (len > dlen? len - dlen: 0));
}
/*
* ppp_slprintf - format a message into a buffer. Like sprintf except we
* also specify the length of the output buffer, and we handle
* %m (error message), %v (visible string),
* %q (quoted string), %t (current time) and %I (IP address) formats.
* Doesn't do floating-point formats.
* Returns the number of chars put into buf.
*/
int ppp_slprintf(char *buf, int buflen, char *fmt, ...) {
va_list args;
int n;
va_start(args, fmt);
n = ppp_vslprintf(buf, buflen, fmt, args);
va_end(args);
return n;
}
/*
* ppp_vslprintf - like ppp_slprintf, takes a va_list instead of a list of args.
*/
#define OUTCHAR(c) (buflen > 0? (--buflen, *buf++ = (c)): 0)
int ppp_vslprintf(char *buf, int buflen, char *fmt, va_list args) {
int c, i, n;
int width, prec, fillch;
int base, len, neg, quoted;
unsigned long val = 0;
char *str, *f, *buf0;
unsigned char *p;
char num[32];
#if 0 /* need port */
time_t t;
#endif /* need port */
u32_t ip;
static char hexchars[] = "0123456789abcdef";
#if PRINTPKT_SUPPORT
struct buffer_info bufinfo;
#endif /* PRINTPKT_SUPPORT */
buf0 = buf;
--buflen;
while (buflen > 0) {
for (f = fmt; *f != '%' && *f != 0; ++f)
;
if (f > fmt) {
len = f - fmt;
if (len > buflen)
len = buflen;
memcpy(buf, fmt, len);
buf += len;
buflen -= len;
fmt = f;
}
if (*fmt == 0)
break;
c = *++fmt;
width = 0;
prec = -1;
fillch = ' ';
if (c == '0') {
fillch = '0';
c = *++fmt;
}
if (c == '*') {
width = va_arg(args, int);
c = *++fmt;
} else {
while (isdigit(c)) {
width = width * 10 + c - '0';
c = *++fmt;
}
}
if (c == '.') {
c = *++fmt;
if (c == '*') {
prec = va_arg(args, int);
c = *++fmt;
} else {
prec = 0;
while (isdigit(c)) {
prec = prec * 10 + c - '0';
c = *++fmt;
}
}
}
str = 0;
base = 0;
neg = 0;
++fmt;
switch (c) {
case 'l':
c = *fmt++;
switch (c) {
case 'd':
val = va_arg(args, long);
if ((long)val < 0) {
neg = 1;
val = -val;
}
base = 10;
break;
case 'u':
val = va_arg(args, unsigned long);
base = 10;
break;
default:
OUTCHAR('%');
OUTCHAR('l');
--fmt; /* so %lz outputs %lz etc. */
continue;
}
break;
case 'd':
i = va_arg(args, int);
if (i < 0) {
neg = 1;
val = -i;
} else
val = i;
base = 10;
break;
case 'u':
val = va_arg(args, unsigned int);
base = 10;
break;
case 'o':
val = va_arg(args, unsigned int);
base = 8;
break;
case 'x':
case 'X':
val = va_arg(args, unsigned int);
base = 16;
break;
case 'p':
val = (unsigned long) va_arg(args, void *);
base = 16;
neg = 2;
break;
case 's':
str = va_arg(args, char *);
break;
case 'c':
num[0] = va_arg(args, int);
num[1] = 0;
str = num;
break;
#if 0 /* do we always have strerror() in embedded ? */
case 'm':
str = strerror(errno);
break;
#endif /* do we always have strerror() in embedded ? */
case 'I':
ip = va_arg(args, u32_t);
ip = ntohl(ip);
ppp_slprintf(num, sizeof(num), "%d.%d.%d.%d", (ip >> 24) & 0xff,
(ip >> 16) & 0xff, (ip >> 8) & 0xff, ip & 0xff);
str = num;
break;
#if 0 /* need port */
case 't':
time(&t);
str = ctime(&t);
str += 4; /* chop off the day name */
str[15] = 0; /* chop off year and newline */
break;
#endif /* need port */
case 'v': /* "visible" string */
case 'q': /* quoted string */
quoted = c == 'q';
p = va_arg(args, unsigned char *);
if (p == NULL)
p = (unsigned char *)"<NULL>";
if (fillch == '0' && prec >= 0) {
n = prec;
} else {
n = strlen((char *)p);
if (prec >= 0 && n > prec)
n = prec;
}
while (n > 0 && buflen > 0) {
c = *p++;
--n;
if (!quoted && c >= 0x80) {
OUTCHAR('M');
OUTCHAR('-');
c -= 0x80;
}
if (quoted && (c == '"' || c == '\\'))
OUTCHAR('\\');
if (c < 0x20 || (0x7f <= c && c < 0xa0)) {
if (quoted) {
OUTCHAR('\\');
switch (c) {
case '\t': OUTCHAR('t'); break;
case '\n': OUTCHAR('n'); break;
case '\b': OUTCHAR('b'); break;
case '\f': OUTCHAR('f'); break;
default:
OUTCHAR('x');
OUTCHAR(hexchars[c >> 4]);
OUTCHAR(hexchars[c & 0xf]);
}
} else {
if (c == '\t')
OUTCHAR(c);
else {
OUTCHAR('^');
OUTCHAR(c ^ 0x40);
}
}
} else
OUTCHAR(c);
}
continue;
#if PRINTPKT_SUPPORT
case 'P': /* print PPP packet */
bufinfo.ptr = buf;
bufinfo.len = buflen + 1;
p = va_arg(args, unsigned char *);
n = va_arg(args, int);
ppp_format_packet(p, n, ppp_vslp_printer, &bufinfo);
buf = bufinfo.ptr;
buflen = bufinfo.len - 1;
continue;
#endif /* PRINTPKT_SUPPORT */
case 'B':
p = va_arg(args, unsigned char *);
for (n = prec; n > 0; --n) {
c = *p++;
if (fillch == ' ')
OUTCHAR(' ');
OUTCHAR(hexchars[(c >> 4) & 0xf]);
OUTCHAR(hexchars[c & 0xf]);
}
continue;
default:
*buf++ = '%';
if (c != '%')
--fmt; /* so %z outputs %z etc. */
--buflen;
continue;
}
if (base != 0) {
str = num + sizeof(num);
*--str = 0;
while (str > num + neg) {
*--str = hexchars[val % base];
val = val / base;
if (--prec <= 0 && val == 0)
break;
}
switch (neg) {
case 1:
*--str = '-';
break;
case 2:
*--str = 'x';
*--str = '0';
break;
}
len = num + sizeof(num) - 1 - str;
} else {
len = strlen(str);
if (prec >= 0 && len > prec)
len = prec;
}
if (width > 0) {
if (width > buflen)
width = buflen;
if ((n = width - len) > 0) {
buflen -= n;
for (; n > 0; --n)
*buf++ = fillch;
}
}
if (len > buflen)
len = buflen;
memcpy(buf, str, len);
buf += len;
buflen -= len;
}
*buf = 0;
return buf - buf0;
}
#if PRINTPKT_SUPPORT
/*
* vslp_printer - used in processing a %P format
*/
static void ppp_vslp_printer(void *arg, char *fmt, ...) {
int n;
va_list pvar;
struct buffer_info *bi;
va_start(pvar, fmt);
bi = (struct buffer_info *) arg;
n = ppp_vslprintf(bi->ptr, bi->len, fmt, pvar);
va_end(pvar);
bi->ptr += n;
bi->len -= n;
}
#endif /* PRINTPKT_SUPPORT */
#if 0 /* UNUSED */
/*
* log_packet - format a packet and log it.
*/
void
log_packet(p, len, prefix, level)
u_char *p;
int len;
char *prefix;
int level;
{
init_pr_log(prefix, level);
ppp_format_packet(p, len, pr_log, &level);
end_pr_log();
}
#endif /* UNUSED */
#if PRINTPKT_SUPPORT
/*
* ppp_format_packet - make a readable representation of a packet,
* calling `printer(arg, format, ...)' to output it.
*/
static void ppp_format_packet(u_char *p, int len,
void (*printer) (void *, char *, ...), void *arg) {
int i, n;
u_short proto;
const struct protent *protp;
if (len >= 2) {
GETSHORT(proto, p);
len -= 2;
for (i = 0; (protp = protocols[i]) != NULL; ++i)
if (proto == protp->protocol)
break;
if (protp != NULL) {
printer(arg, "[%s", protp->name);
n = (*protp->printpkt)(p, len, printer, arg);
printer(arg, "]");
p += n;
len -= n;
} else {
for (i = 0; (protp = protocols[i]) != NULL; ++i)
if (proto == (protp->protocol & ~0x8000))
break;
if (protp != 0 && protp->data_name != 0) {
printer(arg, "[%s data]", protp->data_name);
if (len > 8)
printer(arg, "%.8B ...", p);
else
printer(arg, "%.*B", len, p);
len = 0;
} else
printer(arg, "[proto=0x%x]", proto);
}
}
if (len > 32)
printer(arg, "%.32B ...", p);
else
printer(arg, "%.*B", len, p);
}
#endif /* PRINTPKT_SUPPORT */
#if 0 /* UNUSED */
/*
* init_pr_log, end_pr_log - initialize and finish use of pr_log.
*/
static char line[256]; /* line to be logged accumulated here */
static char *linep; /* current pointer within line */
static int llevel; /* level for logging */
void
init_pr_log(prefix, level)
const char *prefix;
int level;
{
linep = line;
if (prefix != NULL) {
ppp_strlcpy(line, prefix, sizeof(line));
linep = line + strlen(line);
}
llevel = level;
}
void
end_pr_log()
{
if (linep != line) {
*linep = 0;
ppp_log_write(llevel, line);
}
}
/*
* pr_log - printer routine for outputting to log
*/
void
pr_log (void *arg, char *fmt, ...)
{
int l, n;
va_list pvar;
char *p, *eol;
char buf[256];
va_start(pvar, fmt);
n = ppp_vslprintf(buf, sizeof(buf), fmt, pvar);
va_end(pvar);
p = buf;
eol = strchr(buf, '\n');
if (linep != line) {
l = (eol == NULL)? n: eol - buf;
if (linep + l < line + sizeof(line)) {
if (l > 0) {
memcpy(linep, buf, l);
linep += l;
}
if (eol == NULL)
return;
p = eol + 1;
eol = strchr(p, '\n');
}
*linep = 0;
ppp_log_write(llevel, line);
linep = line;
}
while (eol != NULL) {
*eol = 0;
ppp_log_write(llevel, p);
p = eol + 1;
eol = strchr(p, '\n');
}
/* assumes sizeof(buf) <= sizeof(line) */
l = buf + n - p;
if (l > 0) {
memcpy(line, p, n);
linep = line + l;
}
}
#endif /* UNUSED */
/*
* ppp_print_string - print a readable representation of a string using
* printer.
*/
void ppp_print_string(char *p, int len, void (*printer) (void *, char *, ...), void *arg) {
int c;
printer(arg, "\"");
for (; len > 0; --len) {
c = *p++;
if (' ' <= c && c <= '~') {
if (c == '\\' || c == '"')
printer(arg, "\\");
printer(arg, "%c", c);
} else {
switch (c) {
case '\n':
printer(arg, "\\n");
break;
case '\r':
printer(arg, "\\r");
break;
case '\t':
printer(arg, "\\t");
break;
default:
printer(arg, "\\%.3o", c);
/* no break */
}
}
}
printer(arg, "\"");
}
/*
* ppp_logit - does the hard work for fatal et al.
*/
static void ppp_logit(int level, char *fmt, va_list args) {
char buf[1024];
ppp_vslprintf(buf, sizeof(buf), fmt, args);
ppp_log_write(level, buf);
}
static void ppp_log_write(int level, char *buf) {
PPPDEBUG(level, ("%s\n", buf) );
#if 0
if (log_to_fd >= 0 && (level != LOG_DEBUG || debug)) {
int n = strlen(buf);
if (n > 0 && buf[n-1] == '\n')
--n;
if (write(log_to_fd, buf, n) != n
|| write(log_to_fd, "\n", 1) != 1)
log_to_fd = -1;
}
#endif
}
/*
* ppp_fatal - log an error message and die horribly.
*/
void ppp_fatal(char *fmt, ...) {
va_list pvar;
va_start(pvar, fmt);
ppp_logit(LOG_ERR, fmt, pvar);
va_end(pvar);
/* FIXME: find a way to die */
#if 0
die(1); /* as promised */
#endif
}
/*
* ppp_error - log an error message.
*/
void ppp_error(char *fmt, ...) {
va_list pvar;
va_start(pvar, fmt);
ppp_logit(LOG_ERR, fmt, pvar);
va_end(pvar);
#if 0 /* UNUSED */
++error_count;
#endif /* UNUSED */
}
/*
* ppp_warn - log a warning message.
*/
void ppp_warn(char *fmt, ...) {
va_list pvar;
va_start(pvar, fmt);
ppp_logit(LOG_WARNING, fmt, pvar);
va_end(pvar);
}
/*
* ppp_notice - log a notice-level message.
*/
void ppp_notice(char *fmt, ...) {
va_list pvar;
va_start(pvar, fmt);
ppp_logit(LOG_NOTICE, fmt, pvar);
va_end(pvar);
}
/*
* ppp_info - log an informational message.
*/
void ppp_info(char *fmt, ...) {
va_list pvar;
va_start(pvar, fmt);
ppp_logit(LOG_INFO, fmt, pvar);
va_end(pvar);
}
/*
* ppp_dbglog - log a debug message.
*/
void ppp_dbglog(char *fmt, ...) {
va_list pvar;
va_start(pvar, fmt);
ppp_logit(LOG_DEBUG, fmt, pvar);
va_end(pvar);
}
#if PRINTPKT_SUPPORT
/*
* ppp_dump_packet - print out a packet in readable form if it is interesting.
* Assumes len >= PPP_HDRLEN.
*/
void ppp_dump_packet(const char *tag, unsigned char *p, int len) {
int proto;
/*
* don't print IPv4 and IPv6 packets.
*/
proto = (p[0] << 8) + p[1];
if (proto == PPP_IP)
return;
#if PPP_IPV6_SUPPORT
if (proto == PPP_IPV6)
return;
#endif
/*
* don't print LCP echo request/reply packets if the link is up.
*/
if (proto == PPP_LCP && len >= 2 + HEADERLEN) {
unsigned char *lcp = p + 2;
int l = (lcp[2] << 8) + lcp[3];
if ((lcp[0] == ECHOREQ || lcp[0] == ECHOREP)
&& l >= HEADERLEN && l <= len - 2)
return;
}
ppp_dbglog("%s %P", tag, p, len);
}
#endif /* PRINTPKT_SUPPORT */
#if 0 /* Unused */
/*
* complete_read - read a full `count' bytes from fd,
* unless end-of-file or an error other than EINTR is encountered.
*/
ssize_t
complete_read(int fd, void *buf, size_t count)
{
size_t done;
ssize_t nb;
char *ptr = buf;
for (done = 0; done < count; ) {
nb = read(fd, ptr, count - done);
if (nb < 0) {
if (errno == EINTR)
continue;
return -1;
}
if (nb == 0)
break;
done += nb;
ptr += nb;
}
return done;
}
/* Procedures for locking the serial device using a lock file. */
#ifndef LOCK_DIR
#ifdef __linux__
#define LOCK_DIR "/var/lock"
#else
#ifdef SVR4
#define LOCK_DIR "/var/spool/locks"
#else
#define LOCK_DIR "/var/spool/lock"
#endif
#endif
#endif /* LOCK_DIR */
static char lock_file[MAXPATHLEN];
/*
* lock - create a lock file for the named device
*/
int
lock(dev)
char *dev;
{
#ifdef LOCKLIB
int result;
result = mklock (dev, (void *) 0);
if (result == 0) {
ppp_strlcpy(lock_file, dev, sizeof(lock_file));
return 0;
}
if (result > 0)
ppp_notice("Device %s is locked by pid %d", dev, result);
else
ppp_error("Can't create lock file %s", lock_file);
return -1;
#else /* LOCKLIB */
char lock_buffer[12];
int fd, pid, n;
#ifdef SVR4
struct stat sbuf;
if (stat(dev, &sbuf) < 0) {
ppp_error("Can't get device number for %s: %m", dev);
return -1;
}
if ((sbuf.st_mode & S_IFMT) != S_IFCHR) {
ppp_error("Can't lock %s: not a character device", dev);
return -1;
}
ppp_slprintf(lock_file, sizeof(lock_file), "%s/LK.%03d.%03d.%03d",
LOCK_DIR, major(sbuf.st_dev),
major(sbuf.st_rdev), minor(sbuf.st_rdev));
#else
char *p;
char lockdev[MAXPATHLEN];
if ((p = strstr(dev, "dev/")) != NULL) {
dev = p + 4;
strncpy(lockdev, dev, MAXPATHLEN-1);
lockdev[MAXPATHLEN-1] = 0;
while ((p = strrchr(lockdev, '/')) != NULL) {
*p = '_';
}
dev = lockdev;
} else
if ((p = strrchr(dev, '/')) != NULL)
dev = p + 1;
ppp_slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", LOCK_DIR, dev);
#endif
while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) {
if (errno != EEXIST) {
ppp_error("Can't create lock file %s: %m", lock_file);
break;
}
/* Read the lock file to find out who has the device locked. */
fd = open(lock_file, O_RDONLY, 0);
if (fd < 0) {
if (errno == ENOENT) /* This is just a timing problem. */
continue;
ppp_error("Can't open existing lock file %s: %m", lock_file);
break;
}
#ifndef LOCK_BINARY
n = read(fd, lock_buffer, 11);
#else
n = read(fd, &pid, sizeof(pid));
#endif /* LOCK_BINARY */
close(fd);
fd = -1;
if (n <= 0) {
ppp_error("Can't read pid from lock file %s", lock_file);
break;
}
/* See if the process still exists. */
#ifndef LOCK_BINARY
lock_buffer[n] = 0;
pid = atoi(lock_buffer);
#endif /* LOCK_BINARY */
if (pid == getpid())
return 1; /* somebody else locked it for us */
if (pid == 0
|| (kill(pid, 0) == -1 && errno == ESRCH)) {
if (unlink (lock_file) == 0) {
ppp_notice("Removed stale lock on %s (pid %d)", dev, pid);
continue;
}
ppp_warn("Couldn't remove stale lock on %s", dev);
} else
ppp_notice("Device %s is locked by pid %d", dev, pid);
break;
}
if (fd < 0) {
lock_file[0] = 0;
return -1;
}
pid = getpid();
#ifndef LOCK_BINARY
ppp_slprintf(lock_buffer, sizeof(lock_buffer), "%10d\n", pid);
write (fd, lock_buffer, 11);
#else
write(fd, &pid, sizeof (pid));
#endif
close(fd);
return 0;
#endif
}
/*
* relock - called to update our lockfile when we are about to detach,
* thus changing our pid (we fork, the child carries on, and the parent dies).
* Note that this is called by the parent, with pid equal to the pid
* of the child. This avoids a potential race which would exist if
* we had the child rewrite the lockfile (the parent might die first,
* and another process could think the lock was stale if it checked
* between when the parent died and the child rewrote the lockfile).
*/
int
relock(pid)
int pid;
{
#ifdef LOCKLIB
/* XXX is there a way to do this? */
return -1;
#else /* LOCKLIB */
int fd;
char lock_buffer[12];
if (lock_file[0] == 0)
return -1;
fd = open(lock_file, O_WRONLY, 0);
if (fd < 0) {
ppp_error("Couldn't reopen lock file %s: %m", lock_file);
lock_file[0] = 0;
return -1;
}
#ifndef LOCK_BINARY
ppp_slprintf(lock_buffer, sizeof(lock_buffer), "%10d\n", pid);
write (fd, lock_buffer, 11);
#else
write(fd, &pid, sizeof(pid));
#endif /* LOCK_BINARY */
close(fd);
return 0;
#endif /* LOCKLIB */
}
/*
* unlock - remove our lockfile
*/
void
unlock()
{
if (lock_file[0]) {
#ifdef LOCKLIB
(void) rmlock(lock_file, (void *) 0);
#else
unlink(lock_file);
#endif
lock_file[0] = 0;
}
}
#endif /* Unused */
#endif /* PPP_SUPPORT */

37
src/netif/ppp/vj.c
View File

@ -29,18 +29,15 @@
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && VJ_SUPPORT /* don't build if not configured for use in lwipopts.h */
#if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#include "netif/ppp/ppp_impl.h"
#include "netif/ppp/pppdebug.h"
#include "ppp_impl.h"
#include "pppdebug.h"
#include "vj.h"
#include "netif/ppp/vj.h"
#include <string.h>
#if VJ_SUPPORT
#if LINK_STATS
#define INCR(counter) ++comp->stats.counter
#else
@ -142,7 +139,7 @@ vj_compress_tcp(struct vjcompress *comp, struct pbuf *pb)
register u_short hlen = IPH_HL(ip);
register struct tcp_hdr *oth;
register struct tcp_hdr *th;
register u_short deltaS, deltaA;
register u_short deltaS, deltaA = 0;
register u_long deltaL;
register u_int changes = 0;
u_char new_seq[16];
@ -319,8 +316,8 @@ vj_compress_tcp(struct vjcompress *comp, struct pbuf *pb)
ntohs(IPH_LEN(&cs->cs_ip)) == hlen) {
break;
}
/* (fall through) */
/* no break */
/* fall through */
case SPECIAL_I:
case SPECIAL_D:
@ -360,7 +357,7 @@ vj_compress_tcp(struct vjcompress *comp, struct pbuf *pb)
* state with this packet's header.
*/
deltaA = ntohs(th->chksum);
BCOPY(ip, &cs->cs_ip, hlen);
MEMCPY(&cs->cs_ip, ip, hlen);
/*
* We want to use the original packet as our compressed packet.
@ -393,7 +390,7 @@ vj_compress_tcp(struct vjcompress *comp, struct pbuf *pb)
}
*cp++ = (u_char)(deltaA >> 8);
*cp++ = (u_char)deltaA;
BCOPY(new_seq, cp, deltaS);
MEMCPY(cp, new_seq, deltaS);
INCR(vjs_compressed);
return (TYPE_COMPRESSED_TCP);
@ -403,7 +400,7 @@ vj_compress_tcp(struct vjcompress *comp, struct pbuf *pb)
* to use on future compressed packets in the protocol field).
*/
uncompressed:
BCOPY(ip, &cs->cs_ip, hlen);
MEMCPY(&cs->cs_ip, ip, hlen);
IPH_PROTO_SET(ip, cs->cs_id);
comp->last_xmit = cs->cs_id;
return (TYPE_UNCOMPRESSED_TCP);
@ -446,7 +443,7 @@ vj_uncompress_uncomp(struct pbuf *nb, struct vjcompress *comp)
cs = &comp->rstate[comp->last_recv = IPH_PROTO(ip)];
comp->flags &=~ VJF_TOSS;
IPH_PROTO_SET(ip, IP_PROTO_TCP);
BCOPY(ip, &cs->cs_ip, hlen);
MEMCPY(&cs->cs_ip, ip, hlen);
cs->cs_hlen = (u_short)hlen;
INCR(vjs_uncompressedin);
return 0;
@ -596,7 +593,15 @@ vj_uncompress_tcp(struct pbuf **nb, struct vjcompress *comp)
struct pbuf *np, *q;
u8_t *bufptr;
#if IP_FORWARD
/* If IP forwarding is enabled we are using a PBUF_LINK packet type so
* the packet is being allocated with enough header space to be
* forwarded (to Ethernet for example).
*/
np = pbuf_alloc(PBUF_LINK, n0->len + cs->cs_hlen, PBUF_POOL);
#else /* IP_FORWARD */
np = pbuf_alloc(PBUF_RAW, n0->len + cs->cs_hlen, PBUF_POOL);
#endif /* IP_FORWARD */
if(!np) {
PPPDEBUG(LOG_WARNING, ("vj_uncompress_tcp: realign failed\n"));
goto bad;
@ -647,6 +652,4 @@ bad:
return (-1);
}
#endif /* VJ_SUPPORT */
#endif /* PPP_SUPPORT */
#endif /* PPP_SUPPORT && VJ_SUPPORT */