rev 1.8

made ppp compliant to RFC 2472 (based on a patch from another
contributor)

rev 1.10

Once ppp session is over, the route to ff02::tun0/32 was
deleted, and never came back.  Now, the route to
ff02::tun0/32 is installed at the end of IPV6CP negitiaton.

From FreeBSD

Tested by aanriot@ and a few end-users

2 files changed, 165 insertions, 52 deletions

diff --git a/usr.sbin/ppp/ppp/ipv6cp.c b/usr.sbin/ppp/ppp/ipv6cp.c
index 5b2ca57cf0c..274a01f38d9 100644
--- a/usr.sbin/ppp/ppp/ipv6cp.c
+++ b/usr.sbin/ppp/ppp/ipv6cp.c
@@ -23,7 +23,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $OpenBSD: ipv6cp.c,v 1.4 2005/07/17 19:13:24 brad Exp $
+ * $OpenBSD: ipv6cp.c,v 1.5 2005/09/19 18:55:32 brad Exp $
  */
 
 #include <sys/param.h>
@@ -33,6 +33,8 @@
 #include <sys/socket.h>
 #include <net/route.h>
 #include <net/if.h>
+#include <net/if_types.h>
+#include <net/if_dl.h>
 #include <sys/un.h>
 
 #include <stdarg.h>
@@ -40,6 +42,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <termios.h>
+#include <ifaddrs.h>
 
 #include "layer.h"
 #include "defs.h"
@@ -79,6 +82,12 @@
 
 
 #ifndef NOINET6
+#define IN6ADDR_LINKLOCAL_MCAST_INIT \
+	{{{ 0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
+	    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }}}
+static const struct in6_addr in6addr_linklocal_mcast =
+	IN6ADDR_LINKLOCAL_MCAST_INIT;
+
 static int ipv6cp_LayerUp(struct fsm *);
 static void ipv6cp_LayerDown(struct fsm *);
 static void ipv6cp_LayerStart(struct fsm *);
@@ -104,21 +113,92 @@ static struct fsm_callbacks ipv6cp_Callbacks = {
   fsm_NullRecvResetAck
 };
 
-static u_int32_t
-GenerateToken(void)
+static void
+SetInterfaceID(u_char *ifid, int userandom)
 {
-  /* Generate random number which will be used as negotiation token */
-  randinit();
+  struct ifaddrs *ifa, *ifap = NULL;
+  struct sockaddr_dl *sdl;
+  const u_long i32_max = 0xffffffff;
+  u_long r1, r2;
+
+  /* configure an interface ID based on Section 4.1 of RFC 2472 */
+  memset(ifid, 0, IPV6CP_IFIDLEN);
 
-  return random() + 1;
+  /*
+   * 1) If an IEEE global identifier (EUI-48 or EUI-64) is
+   * available anywhere on the node, it should be used to construct
+   * the tentative Interface-Identifier due to its uniqueness
+   * properties.
+   */
+  if (userandom)
+    goto randomid;
+  if (getifaddrs(&ifap) < 0)
+    goto randomid;
+	
+  for (ifa = ifap; ifa; ifa = ifa->ifa_next) {
+    char *cp;
+
+    if (ifa->ifa_addr->sa_family != AF_LINK)
+      continue;
+
+    sdl = (struct sockaddr_dl *)ifa->ifa_addr;
+    if (sdl->sdl_alen < 6)
+      continue;
+    /* we're only interested in IEEE hardware addresses */
+    switch(sdl->sdl_type) {
+    case IFT_ETHER:
+    case IFT_FDDI:
+      /* XXX need more cases? */
+      break;
+    default:
+      continue;
+    }
+
+    cp = (char *)(sdl->sdl_data + sdl->sdl_nlen);
+    ifid[0] = cp[0];
+    ifid[0] ^= 0x02; /* reverse the u/l bit*/
+    ifid[1] = cp[1];
+    ifid[2] = cp[2];
+    ifid[3] = 0xff;
+    ifid[4] = 0xfe;
+    ifid[5] = cp[3];
+    ifid[6] = cp[4];
+    ifid[7] = cp[5];
+
+    freeifaddrs(ifap);
+    return;
+  }
+
+  freeifaddrs(ifap);
+ 
+  /*
+   * 2) If an IEEE global identifier is not available a different source
+   * of uniqueness should be used.
+   * XXX: we skip this case.
+   */
+
+  /*
+   * 3) If a good source of uniqueness cannot be found, it is
+   * recommended that a random number be generated.  In this case the
+   * "u" bit of the interface identifier MUST be set to zero (0).
+   */
+ randomid:
+  randinit();
+  r1 = (((u_long)random()) % i32_max) + 1;
+  r2 = (((u_long)random()) % i32_max) + 1;
+  memcpy(ifid, &r1, sizeof(r1));
+  memcpy(ifid + 4, &r2, sizeof(r2));
+  ifid[0] &= 0xfd;
+  return;
 }
 
 static int
-ipcp_SetIPv6address(struct ipv6cp *ipv6cp, u_int32_t mytok, u_int32_t histok)
+ipcp_SetIPv6address(struct ipv6cp *ipv6cp, u_char *myifid, u_char *hisifid)
 {
   struct bundle *bundle = ipv6cp->fsm.bundle;
   struct in6_addr myaddr, hisaddr;
-  struct ncprange myrange;
+  struct ncprange myrange, range;
+  struct ncpaddr addr;
   struct sockaddr_storage ssdst, ssgw, ssmask;
   struct sockaddr *sadst, *sagw, *samask;
 
@@ -131,11 +211,17 @@ ipcp_SetIPv6address(struct ipv6cp *ipv6cp, u_int32_t mytok, u_int32_t histok)
 
   myaddr.s6_addr[0] = 0xfe;
   myaddr.s6_addr[1] = 0x80;
-  *(u_int32_t *)(myaddr.s6_addr + 12) = htonl(mytok);
+  memcpy(&myaddr.s6_addr[8], myifid, IPV6CP_IFIDLEN);
+#if 0
+  myaddr.s6_addr[8] |= 0x02;	/* set 'universal' bit */
+#endif
 
   hisaddr.s6_addr[0] = 0xfe;
   hisaddr.s6_addr[1] = 0x80;
-  *(u_int32_t *)(hisaddr.s6_addr + 12) = htonl(histok);
+  memcpy(&hisaddr.s6_addr[8], hisifid, IPV6CP_IFIDLEN);
+#if 0
+  hisaddr.s6_addr[8] |= 0x02;	/* set 'universal' bit */
+#endif
 
   ncpaddr_setip6(&ipv6cp->myaddr, &myaddr);
   ncpaddr_setip6(&ipv6cp->hisaddr, &hisaddr);
@@ -149,6 +235,10 @@ ipcp_SetIPv6address(struct ipv6cp *ipv6cp, u_int32_t mytok, u_int32_t histok)
     iface_Clear(bundle->iface, &bundle->ncp, AF_INET6,
                 IFACE_CLEAR_ALIASES|IFACE_SYSTEM);
 
+  ncpaddr_setip6(&addr, &in6addr_linklocal_mcast);
+  ncprange_set(&range, &addr, 32);
+  rt_Set(bundle, RTM_ADD, &range, &ipv6cp->myaddr, 1, 0);
+
   if (bundle->ncp.cfg.sendpipe > 0 || bundle->ncp.cfg.recvpipe > 0) {
     ncprange_getsa(&myrange, &ssgw, &ssmask);
     if (ncpaddr_isset(&ipv6cp->hisaddr))
@@ -185,17 +275,20 @@ ipv6cp_Init(struct ipv6cp *ipv6cp, struct bundle *bundle, struct link *l,
   ipv6cp->cfg.fsm.maxreq = DEF_FSMTRIES;
   ipv6cp->cfg.fsm.maxtrm = DEF_FSMTRIES;
 
-  ipv6cp->my_token = GenerateToken();
-  while ((ipv6cp->peer_token = GenerateToken()) == ipv6cp->my_token)
-    ;
+  SetInterfaceID(ipv6cp->my_ifid, 0);
+  do {
+    SetInterfaceID(ipv6cp->his_ifid, 1);
+  } while (memcmp(ipv6cp->his_ifid, ipv6cp->my_ifid, IPV6CP_IFIDLEN) == 0);
 
   if (probe.ipv6_available) {
     n = 100;
     while (n &&
-           !ipcp_SetIPv6address(ipv6cp, ipv6cp->my_token, ipv6cp->peer_token)) {
-      n--;
-      while (n && (ipv6cp->my_token = GenerateToken()) == ipv6cp->peer_token)
-        n--;
+           !ipcp_SetIPv6address(ipv6cp, ipv6cp->my_ifid, ipv6cp->his_ifid)) {
+      do {
+	n--;
+    	SetInterfaceID(ipv6cp->my_ifid, 1);
+      } while (n
+	&& memcmp(ipv6cp->his_ifid, ipv6cp->my_ifid, IPV6CP_IFIDLEN) == 0);
     }
   }
 
@@ -294,7 +387,7 @@ ipv6cp_IfaceAddrDeleted(struct ipv6cp *ipv6cp, const struct iface_addr *addr)
 int
 ipv6cp_InterfaceUp(struct ipv6cp *ipv6cp)
 {
-  if (!ipcp_SetIPv6address(ipv6cp, ipv6cp->my_token, ipv6cp->peer_token)) {
+  if (!ipcp_SetIPv6address(ipv6cp, ipv6cp->my_ifid, ipv6cp->his_ifid)) {
     log_Printf(LogERROR, "ipv6cp_InterfaceUp: unable to set ipv6 address\n");
     return 0;
   }
@@ -456,14 +549,14 @@ ipv6cp_SendConfigReq(struct fsm *fp)
   /* Send config REQ please */
   struct physical *p = link2physical(fp->link);
   struct ipv6cp *ipv6cp = fsm2ipv6cp(fp);
-  u_char buff[6];
+  u_char buff[IPV6CP_IFIDLEN+2];
   struct fsm_opt *o;
 
   o = (struct fsm_opt *)buff;
 
   if ((p && !physical_IsSync(p)) || !REJECTED(ipv6cp, TY_TOKEN)) {
-    memcpy(o->data, &ipv6cp->my_token, 4);
-    INC_FSM_OPT(TY_TOKEN, 6, o);
+    memcpy(o->data, ipv6cp->my_ifid, IPV6CP_IFIDLEN);
+    INC_FSM_OPT(TY_TOKEN, IPV6CP_IFIDLEN + 2, o);
   }
 
   fsm_Output(fp, CODE_CONFIGREQ, fp->reqid, buff, (u_char *)o - buff,
@@ -486,7 +579,7 @@ ipv6cp_SendTerminateAck(struct fsm *fp, u_char id)
 static const char *
 protoname(int proto)
 {
-  static const char *cftypes[] = { "TOKEN", "COMPPROTO" };
+  static const char *cftypes[] = { "IFACEID", "COMPPROTO" };
 
   if (proto > 0 && proto <= sizeof cftypes / sizeof *cftypes)
     return cftypes[proto - 1];
@@ -495,18 +588,22 @@ protoname(int proto)
 }
 
 static void
-ipv6cp_ValidateToken(struct ipv6cp *ipv6cp, u_int32_t token,
-                     struct fsm_decode *dec)
+ipv6cp_ValidateInterfaceID(struct ipv6cp *ipv6cp, u_char *ifid,
+			   struct fsm_decode *dec)
 {
   struct fsm_opt opt;
+  u_char zero[IPV6CP_IFIDLEN];
 
-  if (token != 0 && token != ipv6cp->my_token)
-    ipv6cp->peer_token = token;
+  memset(zero, 0, IPV6CP_IFIDLEN);
+
+  if (memcmp(ifid, zero, IPV6CP_IFIDLEN) != 0
+      && memcmp(ifid, ipv6cp->my_ifid, IPV6CP_IFIDLEN) != 0)
+    memcpy(ipv6cp->his_ifid, ifid, IPV6CP_IFIDLEN);
 
   opt.hdr.id = TY_TOKEN;
-  opt.hdr.len = 6;
-  memcpy(opt.data, &ipv6cp->peer_token, 4);
-  if (token == ipv6cp->peer_token)
+  opt.hdr.len = IPV6CP_IFIDLEN + 2;
+  memcpy(opt.data, &ipv6cp->his_ifid, IPV6CP_IFIDLEN);
+  if (memcmp(ifid, ipv6cp->his_ifid, IPV6CP_IFIDLEN) == 0)
     fsm_ack(dec, &opt);
   else
     fsm_nak(dec, &opt);
@@ -520,9 +617,11 @@ ipv6cp_DecodeConfig(struct fsm *fp, u_char *cp, u_char *end, int mode_type,
   struct ipv6cp *ipv6cp = fsm2ipv6cp(fp);
   int n;
   char tbuff[100];
-  u_int32_t token;
+  u_char ifid[IPV6CP_IFIDLEN], zero[IPV6CP_IFIDLEN];
   struct fsm_opt *opt;
 
+  memset(zero, 0, IPV6CP_IFIDLEN);
+
   while (end - cp >= sizeof(opt->hdr)) {
     if ((opt = fsm_readopt(&cp)) == NULL)
       break;
@@ -532,40 +631,51 @@ ipv6cp_DecodeConfig(struct fsm *fp, u_char *cp, u_char *end, int mode_type,
 
     switch (opt->hdr.id) {
     case TY_TOKEN:
-      memcpy(&token, opt->data, 4);
-      log_Printf(LogIPV6CP, "%s 0x%08lx\n", tbuff, (unsigned long)token);
+      memcpy(ifid, opt->data, IPV6CP_IFIDLEN);
+      log_Printf(LogIPV6CP, "%s 0x%02x%02x%02x%02x%02x%02x%02x%02x\n", tbuff,
+		 ifid[0], ifid[1], ifid[2], ifid[3], ifid[4], ifid[5], ifid[6], ifid[7]);
 
       switch (mode_type) {
       case MODE_REQ:
         ipv6cp->peer_tokenreq = 1;
-        ipv6cp_ValidateToken(ipv6cp, token, dec);
+        ipv6cp_ValidateInterfaceID(ipv6cp, ifid, dec);
         break;
 
       case MODE_NAK:
-        if (token == 0) {
+        if (memcmp(ifid, zero, IPV6CP_IFIDLEN) == 0) {
           log_Printf(log_IsKept(LogIPV6CP) ? LogIPV6CP : LogPHASE,
-                     "0x00000000: Unacceptable token!\n");
+                    "0x0000000000000000: Unacceptable IntefaceID!\n");
           fsm_Close(&ipv6cp->fsm);
-        } else if (token == ipv6cp->peer_token)
+        } else if (memcmp(ifid, ipv6cp->his_ifid, IPV6CP_IFIDLEN) == 0) {
           log_Printf(log_IsKept(LogIPV6CP) ? LogIPV6CP : LogPHASE,
-                    "0x%08lx: Unacceptable token!\n", (unsigned long)token);
-        else if (token != ipv6cp->my_token) {
+		     "0x%02x%02x%02x%02x%02x%02x%02x%02x: "
+		     "Unacceptable IntefaceID!\n",
+		     ifid[0], ifid[1], ifid[2], ifid[3],
+		     ifid[4], ifid[5], ifid[6], ifid[7]);
+        } else if (memcmp(ifid, ipv6cp->my_ifid, IPV6CP_IFIDLEN) != 0) {
           n = 100;
-          while (n && !ipcp_SetIPv6address(ipv6cp, token, ipv6cp->peer_token)) {
-            n--;
-            while (n && (token = GenerateToken()) == ipv6cp->peer_token)
-              n--;
-          }
+	  while (n && !ipcp_SetIPv6address(ipv6cp, ifid, ipv6cp->his_ifid)) {
+	    do {
+	      n--;
+	      SetInterfaceID(ifid, 1);
+	    } while (n && memcmp(ifid, ipv6cp->his_ifid, IPV6CP_IFIDLEN) == 0);
+	  }
 
           if (n == 0) {
             log_Printf(log_IsKept(LogIPV6CP) ? LogIPV6CP : LogPHASE,
-                       "0x00000000: Unacceptable token!\n");
+                       "0x0000000000000000: Unacceptable IntefaceID!\n");
             fsm_Close(&ipv6cp->fsm);
           } else {
-            log_Printf(LogIPV6CP, "%s changing token: 0x%08lx --> 0x%08lx\n",
-                       tbuff, (unsigned long)ipv6cp->my_token,
-                       (unsigned long)token);
-            ipv6cp->my_token = token;
+	    log_Printf(LogIPV6CP, "%s changing IntefaceID: "
+		       "0x%02x%02x%02x%02x%02x%02x%02x%02x "
+		       "--> 0x%02x%02x%02x%02x%02x%02x%02x%02x\n", tbuff,
+		       ipv6cp->my_ifid[0], ipv6cp->my_ifid[1],
+		       ipv6cp->my_ifid[2], ipv6cp->my_ifid[3],
+		       ipv6cp->my_ifid[4], ipv6cp->my_ifid[5],
+		       ipv6cp->my_ifid[6], ipv6cp->my_ifid[7],
+		       ifid[0], ifid[1], ifid[2], ifid[3],
+		       ifid[4], ifid[5], ifid[6], ifid[7]);
+            memcpy(ipv6cp->my_ifid, ifid, IPV6CP_IFIDLEN);
             bundle_AdjustFilters(fp->bundle, &ipv6cp->myaddr, NULL);
           }
         }
@@ -598,7 +708,8 @@ ipv6cp_DecodeConfig(struct fsm *fp, u_char *cp, u_char *end, int mode_type,
          */
         ipv6cp->peer_tokenreq = 1;
       }
-      ipv6cp_ValidateToken(ipv6cp, 0, dec);
+      memset(ifid, 0, IPV6CP_IFIDLEN);
+      ipv6cp_ValidateInterfaceID(ipv6cp, ifid, dec);
     }
     fsm_opt_normalise(dec);
   }
diff --git a/usr.sbin/ppp/ppp/ipv6cp.h b/usr.sbin/ppp/ppp/ipv6cp.h
index 21d5adaf4d3..1b3fbe05443 100644
--- a/usr.sbin/ppp/ppp/ipv6cp.h
+++ b/usr.sbin/ppp/ppp/ipv6cp.h
@@ -23,7 +23,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $OpenBSD: ipv6cp.h,v 1.2 2002/07/01 11:14:36 brian Exp $
+ * $OpenBSD: ipv6cp.h,v 1.3 2005/09/19 18:55:32 brad Exp $
  */
 
 #ifndef NOINET6
@@ -32,6 +32,8 @@
 #define	TY_TOKEN	1
 #define	TY_COMPPROTO	2
 
+#define	IPV6CP_IFIDLEN	8		/* RFC2472 */
+
 struct ipv6cp {
   struct fsm fsm;			/* The finite state machine */
 
@@ -41,8 +43,8 @@ struct ipv6cp {
 
   unsigned peer_tokenreq : 1;		/* Any TY_TOKEN REQs from the peer ? */
 
-  u_int32_t my_token;			/* Token I'm willing to use */
-  u_int32_t peer_token;			/* Token he's willing to use */
+  u_char my_ifid[IPV6CP_IFIDLEN];	/* Local Interface Identifier */
+  u_char his_ifid[IPV6CP_IFIDLEN];	/* Peer Interface Identifier */
 
   struct ncpaddr myaddr;		/* Local address */
   struct ncpaddr hisaddr;		/* Peer address */