1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
|
/*-
* Synchronous Frame Relay link level subroutines.
* ANSI T1.617-compaible link management signaling
* implemented for Frame Relay mode.
* Cisco-type Frame Relay framing added, thanks Alex Tutubalin.
* Only one DLCI per channel for now.
*
* Copyright (C) 1994-2000 Cronyx Engineering.
* Author: Serge Vakulenko, <vak@cronyx.ru>
*
* Copyright (C) 1999-2004 Cronyx Engineering.
* Author: Kurakin Roman, <rik@cronyx.ru>
*
* This software is distributed with NO WARRANTIES, not even the implied
* warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*
* Authors grant any other persons or organisations a permission to use,
* modify and redistribute this software in source and binary forms,
* as long as this message is kept with the software, all derivative
* works or modified versions.
*
* $Cronyx Id: if_spppfr.c,v 1.1.2.10 2004/06/29 09:02:30 rik Exp $
* $FreeBSD$
*/
#include <sys/param.h>
#if defined(__FreeBSD__) && __FreeBSD__ >= 3
#include "opt_inet.h"
#include "opt_inet6.h"
#include "opt_ipx.h"
#endif
#ifdef NetBSD1_3
# if NetBSD1_3 > 6
# include "opt_inet.h"
# include "opt_inet6.h"
# include "opt_iso.h"
# endif
#endif
#include <sys/systm.h>
#include <sys/kernel.h>
#include <sys/module.h>
#include <sys/sockio.h>
#include <sys/socket.h>
#include <sys/syslog.h>
#if defined(__FreeBSD__) && __FreeBSD__ >= 3
#include <sys/random.h>
#endif
#include <sys/malloc.h>
#include <sys/mbuf.h>
#if defined (__OpenBSD__)
#include <sys/md5k.h>
#else
#include <sys/md5.h>
#endif
#include <net/if.h>
#include <net/netisr.h>
#include <net/if_types.h>
#include <net/route.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <net/slcompress.h>
#if defined (__NetBSD__) || defined (__OpenBSD__)
#include <machine/cpu.h> /* XXX for softnet */
#endif
#include <machine/stdarg.h>
#include <netinet/in_var.h>
#ifdef INET
#include <netinet/ip.h>
#include <netinet/tcp.h>
#endif
#if defined (__FreeBSD__) || defined (__OpenBSD__)
# include <netinet/if_ether.h>
#else
# include <net/ethertypes.h>
#endif
#ifdef IPX
#include <netipx/ipx.h>
#include <netipx/ipx_if.h>
#endif
#include <net/if_sppp.h>
/*
* Frame Relay.
*/
#define FR_UI 0x03 /* Unnumbered Information */
#define FR_IP 0xCC /* IP protocol identifier */
#define FR_PADDING 0x00 /* NLPID padding */
#define FR_SIGNALING 0x08 /* Q.933/T1.617 signaling identifier */
#define FR_SNAP 0x80 /* NLPID snap */
/*
* Header flags.
*/
#define FR_DE 0x02 /* discard eligibility */
#define FR_FECN 0x04 /* forward notification */
#define FR_BECN 0x08 /* backward notification */
/*
* Signaling message types.
*/
#define FR_MSG_ENQUIRY 0x75 /* status enquiry */
#define FR_MSG_STATUS 0x7d /* status */
#define FR_ENQUIRY_SIZE 14
/*
* Message field types.
*/
#define FR_FLD_RTYPE 0x01 /* report type */
#define FR_FLD_VERIFY 0x03 /* link verification */
#define FR_FLD_PVC 0x07 /* PVC status */
#define FR_FLD_LSHIFT5 0x95 /* locking shift 5 */
/*
* Report types.
*/
#define FR_RTYPE_FULL 0 /* full status */
#define FR_RTYPE_SHORT 1 /* link verification only */
#define FR_RTYPE_SINGLE 2 /* single PVC status */
/* PVC status field. */
#define FR_DLCI_DELETE 0x04 /* PVC is deleted */
#define FR_DLCI_ACTIVE 0x02 /* PVC is operational */
#define FR_DLCI_NEW 0x08 /* PVC is new */
struct arp_req {
unsigned short htype; /* hardware type = ARPHRD_FRELAY */
unsigned short ptype; /* protocol type = ETHERTYPE_IP */
unsigned char halen; /* hardware address length = 2 */
unsigned char palen; /* protocol address length = 4 */
unsigned short op; /* ARP/RARP/InARP request/reply */
unsigned short hsource; /* hardware source address */
unsigned short psource1; /* protocol source */
unsigned short psource2;
unsigned short htarget; /* hardware target address */
unsigned short ptarget1; /* protocol target */
unsigned short ptarget2;
} __packed;
#if defined(__FreeBSD__) && __FreeBSD__ >= 3 && __FreeBSD_version < 501113
#define SPP_FMT "%s%d: "
#define SPP_ARGS(ifp) (ifp)->if_name, (ifp)->if_unit
#else
#define SPP_FMT "%s: "
#define SPP_ARGS(ifp) (ifp)->if_xname
#endif
/* almost every function needs these */
#define STDDCL \
struct ifnet *ifp = SP2IFP(sp); \
int debug = ifp->if_flags & IFF_DEBUG
static void sppp_fr_arp (struct sppp *sp, struct arp_req *req, u_short addr);
static void sppp_fr_signal (struct sppp *sp, unsigned char *h, int len);
void sppp_fr_input (struct sppp *sp, struct mbuf *m)
{
STDDCL;
u_char *h = mtod (m, u_char*);
int isr = -1;
int dlci, hlen, proto;
/* Get the DLCI number. */
if (m->m_pkthdr.len < 10) {
bad: m_freem (m);
return;
}
dlci = (h[0] << 2 & 0x3f0) | (h[1] >> 4 & 0x0f);
/* Process signaling packets. */
if (dlci == 0) {
sppp_fr_signal (sp, h, m->m_pkthdr.len);
m_freem (m);
return;
}
if (dlci != sp->fr_dlci) {
if (debug)
printf (SPP_FMT "Received packet from invalid DLCI %d\n",
SPP_ARGS(ifp), dlci);
goto bad;
}
/* Process the packet. */
if (ntohs (*(short*) (h+2)) == ETHERTYPE_IP) {
/* Prehistoric IP framing? */
h[2] = FR_UI;
h[3] = FR_IP;
}
if (h[2] != FR_UI) {
if (debug)
printf (SPP_FMT "Invalid frame relay header flag 0x%02x\n",
SPP_ARGS(ifp), h[2]);
goto bad;
}
switch (h[3]) {
default:
if (debug)
printf (SPP_FMT "Unsupported NLPID 0x%02x\n",
SPP_ARGS(ifp), h[3]);
goto bad;
case FR_PADDING:
if (h[4] != FR_SNAP) {
if (debug)
printf (SPP_FMT "Bad NLPID 0x%02x\n",
SPP_ARGS(ifp), h[4]);
goto bad;
}
if (h[5] || h[6] || h[7]) {
if (debug)
printf (SPP_FMT "Bad OID 0x%02x-0x%02x-0x%02x\n",
SPP_ARGS(ifp),
h[5], h[6], h[7]);
goto bad;
}
proto = ntohs (*(short*) (h+8));
if (proto == ETHERTYPE_ARP) {
/* Process the ARP request. */
if (m->m_pkthdr.len != 10 + sizeof (struct arp_req)) {
if (debug)
printf (SPP_FMT "Bad ARP request size = %d bytes\n",
SPP_ARGS(ifp),
m->m_pkthdr.len);
goto bad;
}
sppp_fr_arp (sp, (struct arp_req*) (h + 10),
h[0] << 8 | h[1]);
m_freem (m);
return;
}
hlen = 10;
break;
case FR_IP:
proto = ETHERTYPE_IP;
hlen = 4;
break;
}
/* Remove frame relay header. */
m_adj (m, hlen);
switch (proto) {
default:
++ifp->if_noproto;
drop: ++ifp->if_ierrors;
++ifp->if_iqdrops;
m_freem (m);
return;
#ifdef INET
case ETHERTYPE_IP:
isr = NETISR_IP;
break;
#endif
#ifdef IPX
case ETHERTYPE_IPX:
isr = NETISR_IPX;
break;
#endif
#ifdef NETATALK
case ETHERTYPE_AT:
isr = NETISR_ATALK;
break;
#endif
}
if (! (ifp->if_flags & IFF_UP))
goto drop;
/* Check queue. */
if (netisr_queue(isr, m)) { /* (0) on success. */
if (debug)
log(LOG_DEBUG, SPP_FMT "protocol queue overflow\n",
SPP_ARGS(ifp));
}
}
/*
* Add the frame relay header to the packet.
* For IP the header length is 4 bytes,
* for all other protocols - 10 bytes (RFC 1490).
*/
struct mbuf *sppp_fr_header (struct sppp *sp, struct mbuf *m,
int family)
{
STDDCL;
u_char *h;
int type, hlen;
/* Prepend the space for Frame Relay header. */
hlen = (family == AF_INET) ? 4 : 10;
M_PREPEND (m, hlen, M_DONTWAIT);
if (! m)
return 0;
h = mtod (m, u_char*);
/* Fill the header. */
h[0] = sp->fr_dlci >> 2 & 0xfc;
h[1] = sp->fr_dlci << 4 | 1;
h[2] = FR_UI;
switch (family) {
default:
if (debug)
printf (SPP_FMT "Cannot handle address family %d\n",
SPP_ARGS(ifp), family);
m_freem (m);
return 0;
#ifdef INET
case AF_INET:
#if 0 /* Crashes on fragmented packets */
/*
* Set the discard eligibility bit, if:
* 1) no fragmentation
* 2) length > 400 bytes
* 3a) the protocol is UDP or
* 3b) TCP data (no control bits)
*/
{
struct ip *ip = (struct ip*) (h + hlen);
struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl);
if (! (ip->ip_off & ~IP_DF) && ip->ip_len > 400 &&
(ip->ip_p == IPPROTO_UDP ||
ip->ip_p == IPPROTO_TCP && ! tcp->th_flags))
h[1] |= FR_DE;
}
#endif
h[3] = FR_IP;
return m;
#endif
#ifdef IPX
case AF_IPX:
type = ETHERTYPE_IPX;
break;
#endif
#ifdef NS
case AF_NS:
type = 0x8137;
break;
#endif
#ifdef NETATALK
case AF_APPLETALK:
type = ETHERTYPE_AT;
break;
#endif
}
h[3] = FR_PADDING;
h[4] = FR_SNAP;
h[5] = 0;
h[6] = 0;
h[7] = 0;
*(short*) (h+8) = htons(type);
return m;
}
/*
* Send periodical frame relay link verification messages via DLCI 0.
* Called every 10 seconds (default value of T391 timer is 10 sec).
* Every 6-th message is a full status request
* (default value of N391 counter is 6).
*/
void sppp_fr_keepalive (struct sppp *sp)
{
STDDCL;
unsigned char *h, *p;
struct mbuf *m;
MGETHDR (m, M_DONTWAIT, MT_DATA);
if (! m)
return;
m->m_pkthdr.rcvif = 0;
h = mtod (m, u_char*);
p = h;
*p++ = 0; /* DLCI = 0 */
*p++ = 1;
*p++ = FR_UI;
*p++ = FR_SIGNALING; /* NLPID = UNI call control */
*p++ = 0; /* call reference length = 0 */
*p++ = FR_MSG_ENQUIRY; /* message type = status enquiry */
*p++ = FR_FLD_LSHIFT5; /* locking shift 5 */
*p++ = FR_FLD_RTYPE; /* report type field */
*p++ = 1; /* report type length = 1 */
if (sp->pp_seq[IDX_LCP] % 6)
*p++ = FR_RTYPE_SHORT; /* link verification only */
else
*p++ = FR_RTYPE_FULL; /* full status needed */
if (sp->pp_seq[IDX_LCP] >= 255)
sp->pp_seq[IDX_LCP] = 0;
*p++ = FR_FLD_VERIFY; /* link verification type field */
*p++ = 2; /* link verification field length = 2 */
*p++ = ++sp->pp_seq[IDX_LCP]; /* our sequence number */
*p++ = sp->pp_rseq[IDX_LCP]; /* last received sequence number */
m->m_pkthdr.len = m->m_len = p - h;
if (debug)
printf (SPP_FMT "send lmi packet, seq=%d, rseq=%d\n",
SPP_ARGS(ifp), (u_char) sp->pp_seq[IDX_LCP],
(u_char) sp->pp_rseq[IDX_LCP]);
if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3))
++ifp->if_oerrors;
}
/*
* Process the frame relay Inverse ARP request.
*/
static void sppp_fr_arp (struct sppp *sp, struct arp_req *req,
u_short his_hardware_address)
{
STDDCL;
struct mbuf *m;
struct arp_req *reply;
u_char *h;
u_short my_hardware_address;
u_long his_ip_address, my_ip_address;
if ((ntohs (req->htype) != ARPHRD_FRELAY ||
ntohs (req->htype) != 16) || /* for BayNetworks routers */
ntohs (req->ptype) != ETHERTYPE_IP) {
if (debug)
printf (SPP_FMT "Invalid ARP hardware/protocol type = 0x%x/0x%x\n",
SPP_ARGS(ifp),
ntohs (req->htype), ntohs (req->ptype));
return;
}
if (req->halen != 2 || req->palen != 4) {
if (debug)
printf (SPP_FMT "Invalid ARP hardware/protocol address length = %d/%d\n",
SPP_ARGS(ifp),
req->halen, req->palen);
return;
}
switch (ntohs (req->op)) {
default:
if (debug)
printf (SPP_FMT "Invalid ARP op = 0x%x\n",
SPP_ARGS(ifp), ntohs (req->op));
return;
case ARPOP_INVREPLY:
/* Ignore. */
return;
case ARPOP_INVREQUEST:
my_hardware_address = ntohs (req->htarget);
his_ip_address = ntohs (req->psource1) << 16 |
ntohs (req->psource2);
my_ip_address = ntohs (req->ptarget1) << 16 |
ntohs (req->ptarget2);
break;
}
if (debug)
printf (SPP_FMT "got ARP request, source=0x%04x/%d.%d.%d.%d, target=0x%04x/%d.%d.%d.%d\n",
SPP_ARGS(ifp), ntohs (req->hsource),
(unsigned char) (his_ip_address >> 24),
(unsigned char) (his_ip_address >> 16),
(unsigned char) (his_ip_address >> 8),
(unsigned char) his_ip_address,
my_hardware_address,
(unsigned char) (my_ip_address >> 24),
(unsigned char) (my_ip_address >> 16),
(unsigned char) (my_ip_address >> 8),
(unsigned char) my_ip_address);
sppp_get_ip_addrs (sp, &my_ip_address, 0, 0);
if (! my_ip_address)
return; /* nothing to reply */
if (debug)
printf (SPP_FMT "send ARP reply, source=0x%04x/%d.%d.%d.%d, target=0x%04x/%d.%d.%d.%d\n",
SPP_ARGS(ifp), my_hardware_address,
(unsigned char) (my_ip_address >> 24),
(unsigned char) (my_ip_address >> 16),
(unsigned char) (my_ip_address >> 8),
(unsigned char) my_ip_address,
his_hardware_address,
(unsigned char) (his_ip_address >> 24),
(unsigned char) (his_ip_address >> 16),
(unsigned char) (his_ip_address >> 8),
(unsigned char) his_ip_address);
/* Send the Inverse ARP reply. */
MGETHDR (m, M_DONTWAIT, MT_DATA);
if (! m)
return;
m->m_pkthdr.len = m->m_len = 10 + sizeof (*reply);
m->m_pkthdr.rcvif = 0;
h = mtod (m, u_char*);
reply = (struct arp_req*) (h + 10);
h[0] = his_hardware_address >> 8;
h[1] = his_hardware_address;
h[2] = FR_UI;
h[3] = FR_PADDING;
h[4] = FR_SNAP;
h[5] = 0;
h[6] = 0;
h[7] = 0;
*(short*) (h+8) = htons (ETHERTYPE_ARP);
reply->htype = htons (ARPHRD_FRELAY);
reply->ptype = htons (ETHERTYPE_IP);
reply->halen = 2;
reply->palen = 4;
reply->op = htons (ARPOP_INVREPLY);
reply->hsource = htons (my_hardware_address);
reply->psource1 = htonl (my_ip_address);
reply->psource2 = htonl (my_ip_address) >> 16;
reply->htarget = htons (his_hardware_address);
reply->ptarget1 = htonl (his_ip_address);
reply->ptarget2 = htonl (his_ip_address) >> 16;
if (! IF_HANDOFF_ADJ(&sp->pp_cpq, m, ifp, 3))
++ifp->if_oerrors;
}
/*
* Process the input signaling packet (DLCI 0).
* The implemented protocol is ANSI T1.617 Annex D.
*/
static void sppp_fr_signal (struct sppp *sp, unsigned char *h, int len)
{
STDDCL;
u_char *p;
int dlci;
if (h[2] != FR_UI || h[3] != FR_SIGNALING || h[4] != 0) {
if (debug)
printf (SPP_FMT "Invalid signaling header\n",
SPP_ARGS(ifp));
bad: if (debug) {
printf ("%02x", *h++);
while (--len > 0)
printf ("-%02x", *h++);
printf ("\n");
}
return;
}
if (h[5] == FR_MSG_ENQUIRY) {
if (len == FR_ENQUIRY_SIZE &&
h[12] == (u_char) sp->pp_seq[IDX_LCP]) {
sp->pp_seq[IDX_LCP] = random();
printf (SPP_FMT "loopback detected\n",
SPP_ARGS(ifp));
}
return;
}
if (h[5] != FR_MSG_STATUS) {
if (debug)
printf (SPP_FMT "Unknown signaling message: 0x%02x\n",
SPP_ARGS(ifp), h[5]);
goto bad;
}
/* Parse message fields. */
for (p=h+6; p<h+len; ) {
switch (*p) {
default:
if (debug)
printf (SPP_FMT "Unknown signaling field 0x%x\n",
SPP_ARGS(ifp), *p);
break;
case FR_FLD_LSHIFT5:
case FR_FLD_RTYPE:
/* Ignore. */
break;
case FR_FLD_VERIFY:
if (p[1] != 2) {
if (debug)
printf (SPP_FMT "Invalid signaling verify field length %d\n",
SPP_ARGS(ifp), p[1]);
break;
}
sp->pp_rseq[IDX_LCP] = p[2];
if (debug) {
printf (SPP_FMT "got lmi reply rseq=%d, seq=%d",
SPP_ARGS(ifp), p[2], p[3]);
if (p[3] != (u_char) sp->pp_seq[IDX_LCP])
printf (" (really %d)",
(u_char) sp->pp_seq[IDX_LCP]);
printf ("\n");
}
break;
case FR_FLD_PVC:
if (p[1] < 3) {
if (debug)
printf (SPP_FMT "Invalid PVC status length %d\n",
SPP_ARGS(ifp), p[1]);
break;
}
dlci = (p[2] << 4 & 0x3f0) | (p[3] >> 3 & 0x0f);
if (! sp->fr_dlci)
sp->fr_dlci = dlci;
if (sp->fr_status != p[4])
printf (SPP_FMT "DLCI %d %s%s\n",
SPP_ARGS(ifp), dlci,
p[4] & FR_DLCI_DELETE ? "deleted" :
p[4] & FR_DLCI_ACTIVE ? "active" : "passive",
p[4] & FR_DLCI_NEW ? ", new" : "");
sp->fr_status = p[4];
break;
}
if (*p & 0x80)
++p;
else if (p < h+len+1 && p[1])
p += 2 + p[1];
else {
if (debug)
printf (SPP_FMT "Invalid signaling field 0x%x\n",
SPP_ARGS(ifp), *p);
goto bad;
}
}
}
|