66 Commits

Author SHA1 Message Date
Joerg Wunsch
728eb83bf2 This is another MFC candidate.
Fix a serious bug in sppp where anyone could obtain a successful PAP
authentication by supplying a null password.  I've only stumpled across
the PR while browsing for all sppp-related PRs.

Should we also file a security advisory for this?

PR:		21592
Submitted by:	<dli@3bc.de> Dirk Liebke
2001-03-25 09:53:07 +00:00
Joerg Wunsch
8d21ca78d9 (MFC candidate, see below).
When we get an Open event in stopped state, experience shows that this
is usually means we've somehow missed a previous Down event.  This has
occasionally bitten people for the IPCP layer with ISDN, apparently a
previously aborted IPCP negotiation must have caused this.  As a
bandaid, we quickly pretent a Down event by advancing to starting
state; this effectively implements the `restart' option mentioned in
RFC 1663.

While i'm not yet fully convinced this is the best thing to do (and is
fully compliant with RFC 1661), i've seen a number of reports here on
the German mailing lists where people have been bitten by the previous
behaviour which usually causes quickly looping ISDN reconnects (thus
loss of money...), and where just this patch fixes the problem.

For this, i'd even like to see it MFC'd if possible.

Submitted by:	Helmut Kreft <kreft@zeus.ai-lab.fh-furtwangen.de>
2001-03-23 19:51:12 +00:00
Poul-Henning Kamp
22f2982675 Use <sys/queue.h> macro api rather than fondle its implementation detals.
Created with:	/usr/bin/sed
Reviewed by:	/sbin/md5
2001-02-03 11:46:35 +00:00
John Hay
b4fbe18794 Various fixes to make leased line operation more robust. On lcp_up, start
to negotiate from scratch. Make leased lines survive being put into
loopback mode. Bits and pieces and ideas taken from PRs 11238 and 21771.
Make it a module so that it can be kldloaded. Whitespace cleanup. (Can be
ignored with "cvs diff -b".)

PR:		11238 and 21771 (bits and pieces)
2000-12-19 19:08:11 +00:00
Poul-Henning Kamp
4d88c4598f Make log(-1, ...) do what addlog(...) did.
Replace all uses of addlog(...) with log(-1, ...)

Remove bogus "register" keywords in subr_prf.c

Make log() return void.
2000-11-26 19:34:06 +00:00
Jonathan Lemon
df5e198723 Lock down the network interface queues. The queue mutex must be obtained
before adding/removing packets from the queue.  Also, the if_obytes and
if_omcasts fields should only be manipulated under protection of the mutex.

IF_ENQUEUE, IF_PREPEND, and IF_DEQUEUE perform all necessary locking on
the queue.  An IF_LOCK macro is provided, as well as the old (mutex-less)
versions of the macros in the form _IF_ENQUEUE, _IF_QFULL, for code which
needs them, but their use is discouraged.

Two new macros are introduced: IF_DRAIN() to drain a queue, and IF_HANDOFF,
which takes care of locking/enqueue, and also statistics updating/start
if necessary.
2000-11-25 07:35:38 +00:00
David E. O'Brien
b0e56cde37 * Use sys/sys/random.h rather than a i386 specific one.
* There was nothing that should be machine dependant about
  i386/isa/random_machdep.c, so it is now sys/kern/kern_random.c.
2000-04-24 17:30:08 +00:00
Peter Wemm
242c5536ea Clean up some loose ends in the network code, including the X.25 and ISO
#ifdefs.  Clean out unused netisr's and leftover netisr linker set gunk.
Tested on x86 and alpha, including world.

Approved by:	jkh
2000-02-13 03:32:07 +00:00
Yoshinobu Inoue
cfa1ca9dfa udp IPv6 support, IPv6/IPv4 tunneling support in kernel,
packet divert at kernel for IPv6/IPv4 translater daemon

This includes queue related patch submitted by jburkhol@home.com.

Submitted by: queue related patch from jburkhol@home.com
Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
1999-12-07 17:39:16 +00:00
Joerg Wunsch
83cc7ae865 When getting a RCN event in state ACK_RCVD, RFC 1661 demands that we
go to REQ_SENT (and we probably should also log this since it should
only happen in a cross-linked connection).

Submitted by:	Mark Tinguely <tinguely@plains.NoDak.edu>
1999-10-29 17:57:42 +00:00
Peter Wemm
c3aac50f28 $Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00
Poul-Henning Kamp
da3b4fb7ee rganize the various modes (CISCO/AUTO/DEMAND/LEASED) a little bit better,
centralize the code.

Remember to call TLF/TLS on the hardware in CISCO mode.
1999-03-30 13:28:26 +00:00
Poul-Henning Kamp
81f7312bfa Misplaces brace puts important code into debug section.
Reviewed by:	phk
Submitted by:	Stefan Bethke <stefan.bethke@hanse.de>
1999-02-23 15:08:44 +00:00
Poul-Henning Kamp
f19dd898a1 Remove all the #ifdef notyet stuff, it is probably never going to happen
in the first place.

Use 3sec timeout as recommended.

Reorder some debug messages.

Label som of the 0x%x in debug messages

Make sppp_print_bytes() use %*D and handle zero length.

If we don't have MAGIC numbers, don't yell loopback if 0 == 0
1999-02-19 13:45:09 +00:00
Poul-Henning Kamp
57814d04d4 Update sppp support to i4b level. This includes the new spppcontrol
program to set PPP options like authentication with.
1998-12-27 21:30:44 +00:00
Poul-Henning Kamp
cee7234916 More isdn4bsd convergence: cleanup log messages. 1998-12-26 13:14:45 +00:00
Poul-Henning Kamp
b2648215c6 Converge further on the isdn4bsd version of this file. 1998-12-26 12:43:26 +00:00
Poul-Henning Kamp
54f8640b04 clean up more timeout/untimeout portability stuff.
make sure flags and stuff are set sensibly.
1998-12-26 12:14:31 +00:00
Poul-Henning Kamp
11749a2453 Straigthen out the use of the tls and tlf callbacks.
Not tested on the if_sr, if_cx and if_ar drivers, but
expected to work just the same as it used to.

Any users of these drivers (or even better: donors
of hardware for them) please contact phk@freebsd.org
so we can test the next batch of changes to if_sppp.
1998-12-16 18:42:38 +00:00
Poul-Henning Kamp
34d528017b *** empty log message *** 1998-12-11 21:40:13 +00:00
Archie Cobbs
2127f26023 Examine all occurrences of sprintf(), strcat(), and str[n]cpy()
for possible buffer overflow problems. Replaced most sprintf()'s
with snprintf(); for others cases, added terminating NUL bytes where
appropriate, replaced constants like "16" with sizeof(), etc.

These changes include several bug fixes, but most changes are for
maintainability's sake. Any instance where it wasn't "immediately
obvious" that a buffer overflow could not occur was made safer.

Reviewed by:	Bruce Evans <bde@zeta.org.au>
Reviewed by:	Matthew Dillon <dillon@apollo.backplane.com>
Reviewed by:	Mike Spengler <mks@networkcs.com>
1998-12-04 22:54:57 +00:00
Joerg Wunsch
825d77e5f0 Minor cleanup: kill a couple of unused variables, and a couple of
uninitialized variables.

Obtained from:	The isdn4bsd project (partially)
1998-10-06 21:12:45 +00:00
Joerg Wunsch
5158516f4e In an attempt to reduce the huge number of differences between the
FreeBSD repository version of this file and the isdn4bsd version,
adopt those changes from the i4b version that make this file
BSD-version independent.  I attempted to avoid uglifying this file too
much, thus deviated a little from the i4b version (and hope they will
adopt the changes, too).

The diffs mostly concentrate on:

. #include differences between the systems
. different callout handling between FreeBSD vs. Net/OpenBSD
. interface naming (Net/OpenBSD store the ASCII name including the
  unit # in struct ifnet, FreeBSD only the name)
. use of random() in FreeBSD vs. time-based pseudo-randomization in
  Net/OpenBSD (for loopback detection ad CHAP challenges -- i
  assume at least OpenBSD could also benefit from random(), but that's
  the way i've got this file)
. interface address list elements are named a little differently
  between FreeBSD and Net/OpenBSD

I attempted to segregate those compat fixes from other code fixes and
enhancements.

Obtained from:	The isdn4bsd project
1998-10-06 20:47:53 +00:00
Joerg Wunsch
f07c3e6c06 Fix a =/== confusion that caused the CHAP type renegotiation to
completely fail.

Obtained from:	The isdn4bsd project (original author unknown right now)
1998-10-05 21:02:30 +00:00
Bruce Evans
138d060a6e Fixed printf format errors. sppp_dotted_quad() was yet another private,
broken, version of inet_ntoa().  It should go away.
1998-08-17 00:29:34 +00:00
Bruce Evans
f9d8181868 Fixed yet more ioctl breakage due to the type of the `cmd' arg changing
from int to u_long but not changing here.
1998-08-15 21:58:09 +00:00
Bruce Evans
e5b19842ef Removed unused includes. 1998-06-21 14:53:44 +00:00
Poul-Henning Kamp
c21410e119 s/nanoruntime/nanouptime/g
s/microruntime/microuptime/g

Reviewed by:	bde
1998-05-17 11:53:46 +00:00
Poul-Henning Kamp
33b0bb6af7 Use random() for seq numbers and read_random for CHAP challenge. 1998-04-06 11:40:17 +00:00
Poul-Henning Kamp
2eeb0e2ea0 Make read_random() take a (void *) argument instead of (char *) 1998-04-06 09:30:42 +00:00
Poul-Henning Kamp
00af9731c9 Time changes mark 2:
* Figure out UTC relative to boottime.  Four new functions provide
      time relative to boottime.

    * move "runtime" into struct proc.  This helps fix the calcru()
      problem in SMP.

    * kill mono_time.

    * add timespec{add|sub|cmp} macros to time.h.  (XXX: These may change!)

    * nanosleep, select & poll takes long sleeps one day at a time

Reviewed by:    bde
Tested by:      ache and others
1998-04-04 13:26:20 +00:00
Poul-Henning Kamp
227ee8a188 Eradicate the variable "time" from the kernel, using various measures.
"time" wasn't a atomic variable, so splfoo() protection were needed
around any access to it, unless you just wanted the seconds part.

Most uses of time.tv_sec now uses the new variable time_second instead.

gettime() changed to getmicrotime(0.

Remove a couple of unneeded splfoo() protections, the new getmicrotime()
is atomic, (until Bruce sets a breakpoint in it).

A couple of places needed random data, so use read_random() instead
of mucking about with time which isn't random.

Add a new nfs_curusec() function.

Mark a couple of bogosities involving the now disappeard time variable.

Update ffs_update() to avoid the weird "== &time" checks, by fixing the
one remaining call that passwd &time as args.

Change profiling in ncr.c to use ticks instead of time.  Resolution is
the same.

Add new function "tvtohz()" to avoid the bogus "splfoo(), add time, call
hzto() which subtracts time" sequences.

Reviewed by:	bde
1998-03-30 09:56:58 +00:00
Bruce Evans
ddf6208225 Fixed syntax error in previous commit. 1998-03-01 06:01:33 +00:00
Poul-Henning Kamp
c544ff8a5e Make it possible to indicate that we don't care about the remote
sides IP address, as long as it isn't 0.0.0.0
1998-02-28 21:01:09 +00:00
Eivind Eklund
303b270b0a Staticize. 1998-02-09 06:11:36 +00:00
Eivind Eklund
1d5e9e2255 Make INET a proper option.
This will not make any of object files that LINT create change; there
might be differences with INET disabled, but hardly anything compiled
before without INET anyway.  Now the 'obvious' things will give a
proper error if compiled without inet - ipx_ip, ipfw, tcp_debug.  The
only thing that _should_ work (but can't be made to compile reasonably
easily) is sppp :-(

This commit move struct arpcom from <netinet/if_ether.h> to
<net/if_arp.h>.
1998-01-08 23:42:31 +00:00
Gary Jennejohn
d3341aa5db Reviewed by: Joerg Wunsch
In sppp_chap_input:
1) in the CHAP_CHALLENGE case don't output the peer's name if it is not
what we expected (DEBUG) since it will be printed out in the course
of events anyway.
2) in the CHAP_SUCCESS case test whether the peer is required to
authenticate himself [(sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO))],
otherwise the state machine may never switch into the network state.
I saw this case against 2 different ISPs; they never bothered to
authenticate themselves to me.

In sppp_pap_input:
in the PAP_ACK case do the same as in 2) above for the same reason.
1998-01-01 21:27:18 +00:00
Eivind Eklund
430df5f4b7 Throw options IPX, IPXIP and IPTUNNEL into opt_ipx.h.
The #ifdef IPXIP in netipx/ipx_if.h is OK (used from ipx_usrreq.c and
ifconfig.c only).

I also fixed a typo IPXTUNNEL -> IPTUNNEL (and #ifdef'ed out the code
inside, as it never could have compiled - doh.)
1997-12-15 20:31:25 +00:00
Joerg Wunsch
1f6b09ad8b Jumbo patch to implement PAP and CHAP for sppp(4). Partially based on
Serge's (Cronyx's) code in the vendor branch.  (FR support not yet
merged.)
1997-10-11 11:25:28 +00:00
Justin T. Gibbs
6c951b4441 Update for new callout interface. 1997-09-21 22:02:25 +00:00
Bruce Evans
4d1d4912ae Added used #include - don't depend on <sys/mbuf.h> including
<sys/malloc.h> (unless we only use the bogusly shared M*WAIT flags).
1997-09-02 01:19:47 +00:00
Kenjiro Cho
2c060c765a Fix a traceroute problem in the CISCO HDLC mode. (cisco routers not
returning ICMP_TIMXCEED)

use CISCO_UNICAST instead of CISCO_MULTICAST to send normal packets.
this is needed for packets to get processed by a cisco router,
but doesn't matter if a packet is just forwarded.

Reviewed by:itojun@itojun.org
1997-08-12 05:22:54 +00:00
Joerg Wunsch
16e2a68bff Implement the LCP fail_counter: if an option has been NAK'ed for more
than max_failures attempts, we are going to REJ it, to prevent endless
NAK loops.

(This is actually part of a larger local set of modifications i'm
running with, but the remainder (PAP & CHAP) ain't ready for prime-
time yet.)
1997-08-10 14:28:16 +00:00
Jun-ichiro itojun Hagino
16050303bd PR: kern/4117
Reviewed by:	ishii@csl.sony.co.jp, kjc@csl.sony.co.jp

checked with FreeBSD+Riscom - cisco4500 configuration.
1997-08-06 01:43:09 +00:00
Joerg Wunsch
75eeeb9273 Fix a couple of log()'s that came out with the wrong (default)
log level, as opposed to LOG_DEBUG.
1997-05-23 20:40:15 +00:00
Joerg Wunsch
32ef6b86b5 Introduce a third queue per interface, serving only PPP control
protocol packets.  This queue is the only one being enabled until
network phase has been reached.
1997-05-22 22:15:39 +00:00
Joerg Wunsch
07f0846feb Major nit: i've confused link0 and link1 in my brain and/or in either
the man page or the source file.  Fix this.

Minor problem: don't choke with ENETDOWN early.  As long as our output
queue has space, put the IP packets there even if IPCP ain't up yet.
We will eventually be able delivering them once the PPP state machine
came up.
1997-05-20 22:54:04 +00:00
Joerg Wunsch
00081cc989 Major overhaul of the SyncPPP layer. Basically, this comprises now a
full implementation of the sate machine as described in RFC1661, and
provides support for plugging in various control protocols.  I needed
this to provide PPP support for the BISDN project (right now).

Unfortunatley, while the existing API was almost up to the point, i
needed one minor API change in order to decouple the this-layer-
started and this-layer-finished actions from the respective Up and
Down events of the lower layer.  This requires two additional lines in
the attach routines of all existing lower layer interface drivers that
are using syncPPP (shortcutting these actions and events).  Apart from
this, i believe i didn't change the API of all this, so everything
should plug in without too many hassles.  Please report if i broke
something in the existing drivers.

For a list of features (including new ones like dial-on-demand), and
things still to be done, please refer to the man page i'll commit asap.

Encouraged by:	Serge Vakulenko <vak@cronyx.ru>
1997-05-19 22:03:09 +00:00
Joerg Wunsch
db99d43f6f Make sppp's logging human-readable. Also, use log(9), as opposed to
printf(9), so the log output doesn't clutter the console.

While i was at it, KNFified some function definitions.  This file was
very inconsistent in this respect.
1997-05-11 10:04:24 +00:00
Bruce Evans
51a534883a Don't include <sys/ioctl.h> in the kernel. Stage 2: include
<sys/sockio.h> instead of <sys/ioctl.h> in network files.
1997-03-24 11:33:46 +00:00