summaryrefslogtreecommitdiff
path: root/sys/net/pipex_local.h
blob: 9f5b4cc3c3af481e7cc878d283070cac6327e7cd (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
/*	$Id: pipex_local.h,v 1.1 2010/01/11 03:50:56 yasuoka Exp $	*/
/*
 * Copyright (c) 2009 Internet Initiative Japan Inc.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */
#define	PIPEX_PPTP	1
#define	PIPEX_PPPOE	1
#define	PIPEX_MPPE	1

#define PIPEX_ENABLED			0x0001

#ifndef	LOG_PPPAC
#define	LOG_PPPAC	LOG_KERN
#endif

/* compile time option constants */
#ifndef	PIPEX_MAX_SESSION
#define PIPEX_MAX_SESSION		512
#endif
#ifdef	NBSAFE_RC4
#define PIPEX_RC4_CTXLEN		288
#else
#define PIPEX_RC4_CTXLEN		1152
#endif
#define PIPEX_HASH_DIV			8
#define PIPEX_HASH_SIZE			(PIPEX_MAX_SESSION/PIPEX_HASH_DIV)
#define PIPEX_HASH_MASK			(PIPEX_HASH_SIZE-1)	
#define PIPEX_CLOSE_TIMEOUT		30
#define PIPEX_DEQUEUE_LIMIT		(IFQ_MAXLEN >> 1)
#define	PIPEX_PPPMINLEN			5
	/* minimum PPP header length is 1 and minimum ppp payload length is 4 */

#ifndef	NNBY		/* usually defined on the <sys/types.h> */
#define	NNBY	8	/* number of bits of a byte */
#endif

#ifdef PIPEX_MPPE
/* mppe rc4 key */
struct pipex_mppe {
	int16_t	stateless:1,			/* key change mode */
		resetreq:1,
		reserved:14;
	int16_t	keylenbits;			/* key length */
	int16_t keylen;
	uint16_t coher_cnt;			/* cohency counter */
	struct {
		u_char rc4ctx_space[PIPEX_RC4_CTXLEN]; /* space for rc4ctx */
	} rc4ctx;				/* rc4ctx */
	u_char master_key[PIPEX_MPPE_KEYLEN];	/* master key of MPPE */
	u_char session_key[PIPEX_MPPE_KEYLEN];	/* session key of MPPE */
};
#endif /* PIPEX_MPPE */

#ifdef PIPEX_PPPOE
struct pipex_pppoe_session {
	struct ifnet *over_ifp;			/* ether inteface */
	struct sockaddr peer_addr;		/* peer's sockaddr */
};
#endif /* PIPEX_PPPOE */

#ifdef PIPEX_PPTP
struct pipex_pptp_session {
	/* sequence number gap between pipex and userland */
	int32_t	snd_gap;			/* gap of our sequence */ 
	int32_t rcv_gap;			/* gap of peer's sequence */
	int32_t ul_snd_una;			/* userland send acked seq */

	uint32_t snd_nxt;			/* send next */
	uint32_t rcv_nxt;			/* receive next */
	uint32_t snd_una;			/* send acked sequence */
	uint32_t rcv_acked;			/* recv acked sequence */

	int winsz;				/* windows size */
	int maxwinsz;				/* max windows size */
	int peer_maxwinsz;			/* peer's max windows size */

	struct in_addr peer_address;		/* inet destination address */
	struct in_addr our_address;		/* inet source address */
};
#endif /* PIPEX_PPTP */

/* pppac ip-extension sessoin table */
struct pipex_session {
	struct radix_node	ps4_rn[2];  /* tree glue, and other values */
	LIST_ENTRY(pipex_session) session_list;	/* all session chain */
	LIST_ENTRY(pipex_session) state_list;	/* state list chain */
	LIST_ENTRY(pipex_session) id_chain;	/* id hash chain */
	LIST_ENTRY(pipex_session) peer_addr_chain;
						/* peer's address hash chain */
	uint16_t	state;			/* pipex session state */
#define PIPEX_STATE_INITIAL		0x0000
#define PIPEX_STATE_OPENED		0x0001
#define PIPEX_STATE_CLOSE_WAIT		0x0002
#define PIPEX_STATE_CLOSED		0x0003

	uint16_t	ip_forward:1,		/* {en|dis}ableIP forwarding */
			is_multicast:1,		/* virtual entry for mutlicast */
			reserved:14;
	uint16_t	protocol;		/* tunnel protocol (PK) */
	uint16_t	session_id;		/* session-id (PK) */
	uint16_t	peer_session_id;	/* peer's session-id */
	uint16_t	peer_mru;		/* peer's MRU */
	uint32_t	timeout_sec;		/* idle timeout */
	int		ppp_id;			/* PPP id */

	struct sockaddr_in ip_address;		/* remote address (AK) */
	struct sockaddr_in ip_netmask;		/* remote address mask (AK) */

	struct pipex_iface_context* pipex_iface;/* context for interface */

	uint32_t	ppp_flags;		/* configure flags */
#ifdef PIPEX_MPPE
	int ccp_id;				/* CCP packet id */
	struct pipex_mppe
	    mppe_recv,				/* MPPE context for incoming */
	    mppe_send;				/* MPPE context for outgoing */ 
#endif /*PIPEXMPPE */
	struct pipex_statistics stat;		/* statistics */
	union {
#ifdef PIPEX_PPPOE
		struct pipex_pppoe_session pppoe;	/* context for PPPoE */
#endif /* PIPEX_PPPOE */
#ifdef PIPEX_PPTP
		struct pipex_pptp_session pptp;		/* context for PPTP */
#endif /* PIPEX_PPTP */
		char _proto_unknown[0];
	} proto;
};

/* gre header */
struct pipex_gre_header {
	uint16_t flags;				/* flags and version*/
#define PIPEX_GRE_KFLAG			0x2000	/* keys present */
#define PIPEX_GRE_SFLAG			0x1000	/* seq present */
#define PIPEX_GRE_AFLAG			0x0080	/* ack present */
#define PIPEX_GRE_VER			0x0001	/* gre version code */
#define PIPEX_GRE_VERMASK		0x0003	/* gre version mask */

	uint16_t type;
#define PIPEX_GRE_PROTO_PPP		0x880b	/* gre/ppp */

	uint16_t len;			/* length not include gre header */
	uint16_t call_id;			/* call_id */
} __attribute__((__packed__));

/* ppp/ccp header */
struct pipex_ccp_header {
	uint8_t code;
	uint8_t id;
	uint16_t len;
} __attribute__((__packed__));

/* ppp header */
struct pipex_ppp_header {
	uint8_t		c[0];			/* ppp proto */
	uint16_t	code;			/* ppp proto (2 oct) */
} __attribute__((__packed__));


/* pppoe header */
struct pipex_pppoe_header {
	uint8_t vertype;			/* version and type */
#define PIPEX_PPPOE_VERTYPE		0x11	/* version and type code */

	uint8_t code;				/* code */
#define PIPEX_PPPOE_CODE_SESSION	0x00	/* code session */

	uint16_t session_id;			/* session id */
	uint16_t length;			/* length */
} __attribute__((__packed__));

#ifdef PIPEX_DEBUG
#define PIPEX_DBG(a) if (pipex_debug & 1) pipex_session_log a
/* #define PIPEX_MPPE_DBG(a) if (pipex_debug & 1) pipex_session_log a */
#define PIPEX_MPPE_DBG(a)
#else
#define PIPEX_DBG(a)
#define PIPEX_MPPE_DBG(a)
#endif /* PIPEX_DEBUG */

#define PIPEX_ID_HASHTABLE(key)						\
	(&pipex_id_hashtable[(key) & PIPEX_HASH_MASK])
#define PIPEX_PEER_ADDR_HASHTABLE(key)					\
	(&pipex_peer_addr_hashtable[ntohl((key)) & PIPEX_HASH_MASK])
#define PIPEX_ADDR_HASHTABLE(key)					\
	(&pipex_addr_hashtable[ntohl((key)) & PIPEX_HASH_MASK])

#define GETCHAR(c, cp) { (c) = *(cp)++; }
#define PUTCHAR(s, cp) { *(cp)++ = (u_char) (s); }
#define GETSHORT(s, cp) { 						\
	(s) = *(cp)++ << 8;						\
	(s) |= *(cp)++;							\
}
#define PUTSHORT(s, cp) {						\
	*(cp)++ = (u_char) ((s) >> 8); 					\
	*(cp)++ = (u_char) (s);						\
}
#define GETLONG(l, cp) {						\
	(l) = *(cp)++ << 8;						\
	(l) |= *(cp)++; (l) <<= 8;					\
	(l) |= *(cp)++; (l) <<= 8;					\
	(l) |= *(cp)++;							\
}
#define PUTLONG(l, cp) {						\
	*(cp)++ = (u_char) ((l) >> 24);					\
	*(cp)++ = (u_char) ((l) >> 16);					\
	*(cp)++ = (u_char) ((l) >> 8);					\
	*(cp)++ = (u_char) (l);						\
}
#define PIPEX_PULLUP(m0, l)						\
	if ((m0)->m_len < (l)) {					\
		if ((m0)->m_pkthdr.len < (l)) {				\
			PIPEX_DBG((NULL, LOG_DEBUG,			\
			    "<%s> received packet is too short.",	\
			    __func__));					\
			m_freem(m0);					\
			(m0) = NULL;					\
		} else  {						\
			(m0) = m_pullup((m0), (l));			\
			KASSERT((m0) != NULL);				\
		}							\
	}
#define PIPEX_SEEK_NEXTHDR(ptr, len, t)					\
    ((t) (((char *)ptr) + len))
#define SEQ32_LT(a,b)	((int)((a) - (b)) <  0)
#define SEQ32_LE(a,b)	((int)((a) - (b)) <= 0)
#define SEQ32_GT(a,b)	((int)((a) - (b)) >  0)
#define SEQ32_GE(a,b)	((int)((a) - (b)) >= 0)
#define SEQ32_SUB(a,b)	((int32_t)((a) - (b)))

#define RUPDIV(n,d)     (((n) + (d) - ((n) % (d))) / (d))
#define	pipex_session_is_acfc_accepted(s)				\
    (((s)->ppp_flags & PIPEX_PPP_ACFC_ACCEPTED)? 1 : 0)
#define	pipex_session_is_pfc_accepted(s)				\
    (((s)->ppp_flags & PIPEX_PPP_PFC_ACCEPTED)? 1 : 0)
#define	pipex_session_is_acfc_enabled(s)				\
    (((s)->ppp_flags & PIPEX_PPP_ACFC_ENABLED)? 1 : 0)
#define	pipex_session_is_pfc_enabled(s)					\
    (((s)->ppp_flags & PIPEX_PPP_PFC_ENABLED)? 1 : 0)
#define	pipex_session_has_acf(s)					\
    (((s)->ppp_flags & PIPEX_PPP_HAS_ACF)? 1 : 0)
#define	pipex_session_is_mppe_accepted(s)				\
    (((s)->ppp_flags & PIPEX_PPP_MPPE_ACCEPTED)? 1 : 0)
#define	pipex_session_is_mppe_enabled(s)				\
    (((s)->ppp_flags & PIPEX_PPP_MPPE_ENABLED)? 1 : 0)
#define	pipex_session_is_mppe_required(s)				\
    (((s)->ppp_flags & PIPEX_PPP_MPPE_REQUIRED)? 1 : 0)
#define pipex_mppe_rc4_keybits(r) ((r)->keylen << 3)
#define PIPEX_IPGRE_HDRLEN (sizeof(struct ip) + sizeof(struct pipex_gre_header))
#define PIPEX_TCP_OPTLEN 40

/*
 * static function prototypes
 */
static int                   pipex_add_session (struct pipex_session_req *, struct pipex_iface_context *);
static int                   pipex_close_session (struct pipex_session_close_req *);
static int                   pipex_config_session (struct pipex_session_config_req *);
static int                   pipex_get_stat (struct pipex_session_stat_req *);
static int                   pipex_get_closed (struct pipex_session_list_req *);
static int                   pipex_destroy_session (struct pipex_session *);
static struct pipex_session  *pipex_lookup_by_ip_address (struct in_addr);
static struct pipex_session  *pipex_lookup_by_session_id (int, int);
static void                  pipex_ppp_output (struct mbuf *, struct pipex_session *, int);
static inline int            pipex_ppp_proto (struct mbuf *, struct pipex_session *, int, int *);
static void                  pipex_ppp_input (struct mbuf *, struct pipex_session *, int);
static void                  pipex_ip_input (struct mbuf *, struct pipex_session *);

#ifdef PIPEX_PPPOE
static void                  pipex_pppoe_output (struct mbuf *, struct pipex_session *);
#endif

#ifdef PIPEX_PPTP
static void                  pipex_pptp_output (struct mbuf *, struct pipex_session *, int, int);
#endif

#ifdef PIPEX_MPPE
static void                  pipex_mppe_req_init (struct pipex_mppe_req *, struct pipex_mppe *);
static void                  GetNewKeyFromSHA (u_char *, u_char *, int, u_char *);
static inline int            rc4_key (struct pipex_mppe *, int, u_char *);
static inline void           rc4 (struct pipex_mppe *, int, u_char *, u_char *);
static int                   rc4_key (struct pipex_mppe *, int, u_char *);
static void                  rc4 (struct pipex_mppe *, int, u_char *, u_char *);
static void                  pipex_mppe_reduce_key (struct pipex_mppe *);
static void                  mppe_key_change (struct pipex_mppe *);
static void                  pipex_mppe_input (struct mbuf *, struct pipex_session *);
static void                  pipex_mppe_output (struct mbuf *, struct pipex_session *);
static void                  pipex_ccp_input (struct mbuf *, struct pipex_session *);
static int                   pipex_ccp_output (struct pipex_session *, int, int);
#endif

static struct mbuf           *adjust_tcp_mss (struct mbuf *, int);
static struct mbuf           *ip_is_idle_packet (struct mbuf *, int *);
static void                  pipex_session_log (struct pipex_session *, int, const char *, ...)  __attribute__((__format__(__printf__,3,4)));
static int                   pipex_ppp_enqueue (struct mbuf *, struct pipex_session *, struct ifqueue *);
static void                  pipex_ppp_dequeue (void);
static void                  pipex_timer_start (void);
static void                  pipex_timer_stop (void);
static void                  pipex_timer (void *);