1 /* $OpenBSD: lcp.c,v 1.14 2023/03/08 04:43:14 guenther Exp $ */ 2 3 /* 4 * lcp.c - PPP Link Control Protocol. 5 * 6 * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. The name "Carnegie Mellon University" must not be used to 21 * endorse or promote products derived from this software without 22 * prior written permission. For permission or any legal 23 * details, please contact 24 * Office of Technology Transfer 25 * Carnegie Mellon University 26 * 5000 Forbes Avenue 27 * Pittsburgh, PA 15213-3890 28 * (412) 268-4387, fax: (412) 268-7395 29 * tech-transfer@andrew.cmu.edu 30 * 31 * 4. Redistributions of any form whatsoever must retain the following 32 * acknowledgment: 33 * "This product includes software developed by Computing Services 34 * at Carnegie Mellon University (http://www.cmu.edu/computing/)." 35 * 36 * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO 37 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 38 * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE 39 * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 40 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 41 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING 42 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 43 */ 44 45 /* 46 * TODO: 47 */ 48 49 #include <stdio.h> 50 #include <string.h> 51 #include <syslog.h> 52 #include <assert.h> 53 #include <sys/ioctl.h> 54 #include <sys/types.h> 55 #include <sys/socket.h> 56 #include <sys/time.h> 57 #include <netinet/in.h> 58 59 #include "pppd.h" 60 #include "fsm.h" 61 #include "lcp.h" 62 #include "chap.h" 63 #include "magic.h" 64 65 /* global vars */ 66 fsm lcp_fsm[NUM_PPP]; /* LCP fsm structure (global)*/ 67 lcp_options lcp_wantoptions[NUM_PPP]; /* Options that we want to request */ 68 lcp_options lcp_gotoptions[NUM_PPP]; /* Options that peer ack'd */ 69 lcp_options lcp_allowoptions[NUM_PPP]; /* Options we allow peer to request */ 70 lcp_options lcp_hisoptions[NUM_PPP]; /* Options that we ack'd */ 71 u_int32_t xmit_accm[NUM_PPP][8]; /* extended transmit ACCM */ 72 73 static u_int32_t lcp_echos_pending = 0; /* Number of outstanding echo msgs */ 74 static u_int32_t lcp_echo_number = 0; /* ID number of next echo frame */ 75 static u_int32_t lcp_echo_timer_running = 0; /* TRUE if a timer is running */ 76 77 static u_char nak_buffer[PPP_MRU]; /* where we construct a nak packet */ 78 79 /* 80 * Callbacks for fsm code. (CI = Configuration Information) 81 */ 82 static void lcp_resetci(fsm *); /* Reset our CI */ 83 static int lcp_cilen(fsm *); /* Return length of our CI */ 84 static void lcp_addci(fsm *, u_char *, int *); /* Add our CI to pkt */ 85 static int lcp_ackci(fsm *, u_char *, int); /* Peer ack'd our CI */ 86 static int lcp_nakci(fsm *, u_char *, int); /* Peer nak'd our CI */ 87 static int lcp_rejci(fsm *, u_char *, int); /* Peer rej'd our CI */ 88 static int lcp_reqci(fsm *, u_char *, int *, int); /* Rcv peer CI */ 89 static void lcp_up(fsm *); /* We're UP */ 90 static void lcp_down(fsm *); /* We're DOWN */ 91 static void lcp_starting(fsm *); /* We need lower layer up */ 92 static void lcp_finished(fsm *); /* We need lower layer down */ 93 static int lcp_extcode(fsm *, int, int, u_char *, int); 94 static void lcp_rprotrej(fsm *, u_char *, int); 95 96 /* 97 * routines to send LCP echos to peer 98 */ 99 100 static void lcp_echo_lowerup(int); 101 static void lcp_echo_lowerdown(int); 102 static void LcpEchoTimeout(void *); 103 static void lcp_received_echo_reply(fsm *, int, u_char *, int); 104 static void LcpSendEchoRequest(fsm *); 105 static void LcpLinkFailure(fsm *); 106 static void LcpEchoCheck(fsm *); 107 108 static fsm_callbacks lcp_callbacks = { /* LCP callback routines */ 109 lcp_resetci, /* Reset our Configuration Information */ 110 lcp_cilen, /* Length of our Configuration Information */ 111 lcp_addci, /* Add our Configuration Information */ 112 lcp_ackci, /* ACK our Configuration Information */ 113 lcp_nakci, /* NAK our Configuration Information */ 114 lcp_rejci, /* Reject our Configuration Information */ 115 lcp_reqci, /* Request peer's Configuration Information */ 116 lcp_up, /* Called when fsm reaches OPENED state */ 117 lcp_down, /* Called when fsm leaves OPENED state */ 118 lcp_starting, /* Called when we want the lower layer up */ 119 lcp_finished, /* Called when we want the lower layer down */ 120 NULL, /* Called when Protocol-Reject received */ 121 NULL, /* Retransmission is necessary */ 122 lcp_extcode, /* Called to handle LCP-specific codes */ 123 "LCP" /* String name of protocol */ 124 }; 125 126 /* 127 * Protocol entry points. 128 * Some of these are called directly. 129 */ 130 131 static void lcp_init(int); 132 static void lcp_input(int, u_char *, int); 133 static void lcp_protrej(int); 134 static int lcp_printpkt(u_char *, int, void (*)(void *, char *, ...), void *); 135 136 struct protent lcp_protent = { 137 PPP_LCP, 138 lcp_init, 139 lcp_input, 140 lcp_protrej, 141 lcp_lowerup, 142 lcp_lowerdown, 143 lcp_open, 144 lcp_close, 145 lcp_printpkt, 146 NULL, 147 1, 148 "LCP", 149 NULL, 150 NULL, 151 NULL 152 }; 153 154 int lcp_loopbackfail = DEFLOOPBACKFAIL; 155 156 /* 157 * Length of each type of configuration option (in octets) 158 */ 159 #define CILEN_VOID 2 160 #define CILEN_CHAR 3 161 #define CILEN_SHORT 4 /* CILEN_VOID + sizeof(short) */ 162 #define CILEN_CHAP 5 /* CILEN_VOID + sizeof(short) + 1 */ 163 #define CILEN_LONG 6 /* CILEN_VOID + sizeof(long) */ 164 #define CILEN_LQR 8 /* CILEN_VOID + sizeof(short) + sizeof(long) */ 165 #define CILEN_CBCP 3 166 167 #define CODENAME(x) ((x) == CONFACK ? "ACK" : \ 168 (x) == CONFNAK ? "NAK" : "REJ") 169 170 171 /* 172 * lcp_init - Initialize LCP. 173 */ 174 static void 175 lcp_init(unit) 176 int unit; 177 { 178 fsm *f = &lcp_fsm[unit]; 179 lcp_options *wo = &lcp_wantoptions[unit]; 180 lcp_options *ao = &lcp_allowoptions[unit]; 181 182 f->unit = unit; 183 f->protocol = PPP_LCP; 184 f->callbacks = &lcp_callbacks; 185 186 fsm_init(f); 187 188 wo->passive = 0; 189 wo->silent = 0; 190 wo->restart = 0; /* Set to 1 in kernels or multi-line 191 implementations */ 192 wo->neg_mru = 1; 193 wo->mru = DEFMRU; 194 wo->neg_asyncmap = 0; 195 wo->asyncmap = 0; 196 wo->neg_chap = 0; /* Set to 1 on server */ 197 wo->neg_upap = 0; /* Set to 1 on server */ 198 wo->chap_mdtype = CHAP_DIGEST_MD5; 199 wo->neg_magicnumber = 1; 200 wo->neg_pcompression = 1; 201 wo->neg_accompression = 1; 202 wo->neg_lqr = 0; /* no LQR implementation yet */ 203 wo->neg_cbcp = 0; 204 205 ao->neg_mru = 1; 206 ao->mru = MAXMRU; 207 ao->neg_asyncmap = 1; 208 ao->asyncmap = 0; 209 ao->neg_chap = 1; 210 ao->chap_mdtype = CHAP_DIGEST_MD5; 211 ao->neg_upap = 1; 212 ao->neg_magicnumber = 1; 213 ao->neg_pcompression = 1; 214 ao->neg_accompression = 1; 215 ao->neg_lqr = 0; /* no LQR implementation yet */ 216 #ifdef CBCP_SUPPORT 217 ao->neg_cbcp = 1; 218 #else 219 ao->neg_cbcp = 0; 220 #endif 221 222 memset(xmit_accm[unit], 0, sizeof(xmit_accm[0])); 223 xmit_accm[unit][3] = 0x60000000; 224 } 225 226 227 /* 228 * lcp_open - LCP is allowed to come up. 229 */ 230 void 231 lcp_open(unit) 232 int unit; 233 { 234 fsm *f = &lcp_fsm[unit]; 235 lcp_options *wo = &lcp_wantoptions[unit]; 236 237 f->flags = 0; 238 if (wo->passive) 239 f->flags |= OPT_PASSIVE; 240 if (wo->silent) 241 f->flags |= OPT_SILENT; 242 fsm_open(f); 243 } 244 245 246 /* 247 * lcp_close - Take LCP down. 248 */ 249 void 250 lcp_close(unit, reason) 251 int unit; 252 char *reason; 253 { 254 fsm *f = &lcp_fsm[unit]; 255 256 if (phase != PHASE_DEAD) 257 phase = PHASE_TERMINATE; 258 if (f->state == STOPPED && f->flags & (OPT_PASSIVE|OPT_SILENT)) { 259 /* 260 * This action is not strictly according to the FSM in RFC1548, 261 * but it does mean that the program terminates if you do a 262 * lcp_close() in passive/silent mode when a connection hasn't 263 * been established. 264 */ 265 f->state = CLOSED; 266 lcp_finished(f); 267 268 } else 269 fsm_close(&lcp_fsm[unit], reason); 270 } 271 272 273 /* 274 * lcp_lowerup - The lower layer is up. 275 */ 276 void 277 lcp_lowerup(unit) 278 int unit; 279 { 280 lcp_options *wo = &lcp_wantoptions[unit]; 281 282 /* 283 * Don't use A/C or protocol compression on transmission, 284 * but accept A/C and protocol compressed packets 285 * if we are going to ask for A/C and protocol compression. 286 */ 287 ppp_set_xaccm(unit, xmit_accm[unit]); 288 ppp_send_config(unit, PPP_MRU, 0xffffffff, 0, 0); 289 ppp_recv_config(unit, PPP_MRU, 0xffffffff, 290 wo->neg_pcompression, wo->neg_accompression); 291 peer_mru[unit] = PPP_MRU; 292 lcp_allowoptions[unit].asyncmap = xmit_accm[unit][0]; 293 294 fsm_lowerup(&lcp_fsm[unit]); 295 } 296 297 298 /* 299 * lcp_lowerdown - The lower layer is down. 300 */ 301 void 302 lcp_lowerdown(unit) 303 int unit; 304 { 305 fsm_lowerdown(&lcp_fsm[unit]); 306 } 307 308 309 /* 310 * lcp_input - Input LCP packet. 311 */ 312 static void 313 lcp_input(unit, p, len) 314 int unit; 315 u_char *p; 316 int len; 317 { 318 fsm *f = &lcp_fsm[unit]; 319 320 fsm_input(f, p, len); 321 } 322 323 324 /* 325 * lcp_extcode - Handle a LCP-specific code. 326 */ 327 static int 328 lcp_extcode(f, code, id, inp, len) 329 fsm *f; 330 int code, id; 331 u_char *inp; 332 int len; 333 { 334 u_char *magp; 335 336 switch( code ){ 337 case PROTREJ: 338 lcp_rprotrej(f, inp, len); 339 break; 340 341 case ECHOREQ: 342 if (f->state != OPENED) 343 break; 344 LCPDEBUG((LOG_INFO, "lcp: Echo-Request, Rcvd id %d", id)); 345 magp = inp; 346 PUTLONG(lcp_gotoptions[f->unit].magicnumber, magp); 347 fsm_sdata(f, ECHOREP, id, inp, len); 348 break; 349 350 case ECHOREP: 351 lcp_received_echo_reply(f, id, inp, len); 352 break; 353 354 case DISCREQ: 355 break; 356 357 default: 358 return 0; 359 } 360 return 1; 361 } 362 363 364 /* 365 * lcp_rprotrej - Receive an Protocol-Reject. 366 * 367 * Figure out which protocol is rejected and inform it. 368 */ 369 static void 370 lcp_rprotrej(f, inp, len) 371 fsm *f; 372 u_char *inp; 373 int len; 374 { 375 int i; 376 struct protent *protp; 377 u_short prot; 378 379 LCPDEBUG((LOG_INFO, "lcp_rprotrej.")); 380 381 if (len < sizeof (u_short)) { 382 LCPDEBUG((LOG_INFO, 383 "lcp_rprotrej: Rcvd short Protocol-Reject packet!")); 384 return; 385 } 386 387 GETSHORT(prot, inp); 388 389 LCPDEBUG((LOG_INFO, 390 "lcp_rprotrej: Rcvd Protocol-Reject packet for %x!", 391 prot)); 392 393 /* 394 * Protocol-Reject packets received in any state other than the LCP 395 * OPENED state SHOULD be silently discarded. 396 */ 397 if( f->state != OPENED ){ 398 LCPDEBUG((LOG_INFO, "Protocol-Reject discarded: LCP in state %d", 399 f->state)); 400 return; 401 } 402 403 /* 404 * Upcall the proper Protocol-Reject routine. 405 */ 406 for (i = 0; (protp = protocols[i]) != NULL; ++i) 407 if (protp->protocol == prot && protp->enabled_flag) { 408 (*protp->protrej)(f->unit); 409 return; 410 } 411 412 syslog(LOG_WARNING, "Protocol-Reject for unsupported protocol 0x%x", 413 prot); 414 } 415 416 417 /* 418 * lcp_protrej - A Protocol-Reject was received. 419 */ 420 static void 421 lcp_protrej(unit) 422 int unit; 423 { 424 /* 425 * Can't reject LCP! 426 */ 427 LCPDEBUG((LOG_WARNING, 428 "lcp_protrej: Received Protocol-Reject for LCP!")); 429 fsm_protreject(&lcp_fsm[unit]); 430 } 431 432 433 /* 434 * lcp_sprotrej - Send a Protocol-Reject for some protocol. 435 */ 436 void 437 lcp_sprotrej(unit, p, len) 438 int unit; 439 u_char *p; 440 int len; 441 { 442 /* 443 * Send back the protocol and the information field of the 444 * rejected packet. We only get here if LCP is in the OPENED state. 445 */ 446 p += 2; 447 len -= 2; 448 449 fsm_sdata(&lcp_fsm[unit], PROTREJ, ++lcp_fsm[unit].id, 450 p, len); 451 } 452 453 454 /* 455 * lcp_resetci - Reset our CI. 456 */ 457 static void 458 lcp_resetci(f) 459 fsm *f; 460 { 461 lcp_wantoptions[f->unit].magicnumber = magic(); 462 lcp_wantoptions[f->unit].numloops = 0; 463 lcp_gotoptions[f->unit] = lcp_wantoptions[f->unit]; 464 peer_mru[f->unit] = PPP_MRU; 465 auth_reset(f->unit); 466 } 467 468 469 /* 470 * lcp_cilen - Return length of our CI. 471 */ 472 static int 473 lcp_cilen(f) 474 fsm *f; 475 { 476 lcp_options *go = &lcp_gotoptions[f->unit]; 477 478 #define LENCIVOID(neg) ((neg) ? CILEN_VOID : 0) 479 #define LENCICHAP(neg) ((neg) ? CILEN_CHAP : 0) 480 #define LENCISHORT(neg) ((neg) ? CILEN_SHORT : 0) 481 #define LENCILONG(neg) ((neg) ? CILEN_LONG : 0) 482 #define LENCILQR(neg) ((neg) ? CILEN_LQR: 0) 483 #define LENCICBCP(neg) ((neg) ? CILEN_CBCP: 0) 484 /* 485 * NB: we only ask for one of CHAP and UPAP, even if we will 486 * accept either. 487 */ 488 return (LENCISHORT(go->neg_mru && go->mru != DEFMRU) + 489 LENCILONG(go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF) + 490 LENCICHAP(go->neg_chap) + 491 LENCISHORT(!go->neg_chap && go->neg_upap) + 492 LENCILQR(go->neg_lqr) + 493 LENCICBCP(go->neg_cbcp) + 494 LENCILONG(go->neg_magicnumber) + 495 LENCIVOID(go->neg_pcompression) + 496 LENCIVOID(go->neg_accompression)); 497 } 498 499 500 /* 501 * lcp_addci - Add our desired CIs to a packet. 502 */ 503 static void 504 lcp_addci(f, ucp, lenp) 505 fsm *f; 506 u_char *ucp; 507 int *lenp; 508 { 509 lcp_options *go = &lcp_gotoptions[f->unit]; 510 u_char *start_ucp = ucp; 511 512 #define ADDCIVOID(opt, neg) \ 513 if (neg) { \ 514 PUTCHAR(opt, ucp); \ 515 PUTCHAR(CILEN_VOID, ucp); \ 516 } 517 #define ADDCISHORT(opt, neg, val) \ 518 if (neg) { \ 519 PUTCHAR(opt, ucp); \ 520 PUTCHAR(CILEN_SHORT, ucp); \ 521 PUTSHORT(val, ucp); \ 522 } 523 #define ADDCICHAP(opt, neg, val, digest) \ 524 if (neg) { \ 525 PUTCHAR(opt, ucp); \ 526 PUTCHAR(CILEN_CHAP, ucp); \ 527 PUTSHORT(val, ucp); \ 528 PUTCHAR(digest, ucp); \ 529 } 530 #define ADDCILONG(opt, neg, val) \ 531 if (neg) { \ 532 PUTCHAR(opt, ucp); \ 533 PUTCHAR(CILEN_LONG, ucp); \ 534 PUTLONG(val, ucp); \ 535 } 536 #define ADDCILQR(opt, neg, val) \ 537 if (neg) { \ 538 PUTCHAR(opt, ucp); \ 539 PUTCHAR(CILEN_LQR, ucp); \ 540 PUTSHORT(PPP_LQR, ucp); \ 541 PUTLONG(val, ucp); \ 542 } 543 #define ADDCICHAR(opt, neg, val) \ 544 if (neg) { \ 545 PUTCHAR(opt, ucp); \ 546 PUTCHAR(CILEN_CHAR, ucp); \ 547 PUTCHAR(val, ucp); \ 548 } 549 550 ADDCISHORT(CI_MRU, go->neg_mru && go->mru != DEFMRU, go->mru); 551 ADDCILONG(CI_ASYNCMAP, go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF, 552 go->asyncmap); 553 ADDCICHAP(CI_AUTHTYPE, go->neg_chap, PPP_CHAP, go->chap_mdtype); 554 ADDCISHORT(CI_AUTHTYPE, !go->neg_chap && go->neg_upap, PPP_PAP); 555 ADDCILQR(CI_QUALITY, go->neg_lqr, go->lqr_period); 556 ADDCICHAR(CI_CALLBACK, go->neg_cbcp, CBCP_OPT); 557 ADDCILONG(CI_MAGICNUMBER, go->neg_magicnumber, go->magicnumber); 558 ADDCIVOID(CI_PCOMPRESSION, go->neg_pcompression); 559 ADDCIVOID(CI_ACCOMPRESSION, go->neg_accompression); 560 561 if (ucp - start_ucp != *lenp) { 562 /* this should never happen, because peer_mtu should be 1500 */ 563 syslog(LOG_ERR, "Bug in lcp_addci: wrong length"); 564 } 565 } 566 567 568 /* 569 * lcp_ackci - Ack our CIs. 570 * This should not modify any state if the Ack is bad. 571 * 572 * Returns: 573 * 0 - Ack was bad. 574 * 1 - Ack was good. 575 */ 576 static int 577 lcp_ackci(f, p, len) 578 fsm *f; 579 u_char *p; 580 int len; 581 { 582 lcp_options *go = &lcp_gotoptions[f->unit]; 583 u_char cilen, citype, cichar; 584 u_short cishort; 585 u_int32_t cilong; 586 587 /* 588 * CIs must be in exactly the same order that we sent. 589 * Check packet length and CI length at each step. 590 * If we find any deviations, then this packet is bad. 591 */ 592 #define ACKCIVOID(opt, neg) \ 593 if (neg) { \ 594 if ((len -= CILEN_VOID) < 0) \ 595 goto bad; \ 596 GETCHAR(citype, p); \ 597 GETCHAR(cilen, p); \ 598 if (cilen != CILEN_VOID || \ 599 citype != opt) \ 600 goto bad; \ 601 } 602 #define ACKCISHORT(opt, neg, val) \ 603 if (neg) { \ 604 if ((len -= CILEN_SHORT) < 0) \ 605 goto bad; \ 606 GETCHAR(citype, p); \ 607 GETCHAR(cilen, p); \ 608 if (cilen != CILEN_SHORT || \ 609 citype != opt) \ 610 goto bad; \ 611 GETSHORT(cishort, p); \ 612 if (cishort != val) \ 613 goto bad; \ 614 } 615 #define ACKCICHAR(opt, neg, val) \ 616 if (neg) { \ 617 if ((len -= CILEN_CHAR) < 0) \ 618 goto bad; \ 619 GETCHAR(citype, p); \ 620 GETCHAR(cilen, p); \ 621 if (cilen != CILEN_CHAR || \ 622 citype != opt) \ 623 goto bad; \ 624 GETCHAR(cichar, p); \ 625 if (cichar != val) \ 626 goto bad; \ 627 } 628 #define ACKCICHAP(opt, neg, val, digest) \ 629 if (neg) { \ 630 if ((len -= CILEN_CHAP) < 0) \ 631 goto bad; \ 632 GETCHAR(citype, p); \ 633 GETCHAR(cilen, p); \ 634 if (cilen != CILEN_CHAP || \ 635 citype != opt) \ 636 goto bad; \ 637 GETSHORT(cishort, p); \ 638 if (cishort != val) \ 639 goto bad; \ 640 GETCHAR(cichar, p); \ 641 if (cichar != digest) \ 642 goto bad; \ 643 } 644 #define ACKCILONG(opt, neg, val) \ 645 if (neg) { \ 646 if ((len -= CILEN_LONG) < 0) \ 647 goto bad; \ 648 GETCHAR(citype, p); \ 649 GETCHAR(cilen, p); \ 650 if (cilen != CILEN_LONG || \ 651 citype != opt) \ 652 goto bad; \ 653 GETLONG(cilong, p); \ 654 if (cilong != val) \ 655 goto bad; \ 656 } 657 #define ACKCILQR(opt, neg, val) \ 658 if (neg) { \ 659 if ((len -= CILEN_LQR) < 0) \ 660 goto bad; \ 661 GETCHAR(citype, p); \ 662 GETCHAR(cilen, p); \ 663 if (cilen != CILEN_LQR || \ 664 citype != opt) \ 665 goto bad; \ 666 GETSHORT(cishort, p); \ 667 if (cishort != PPP_LQR) \ 668 goto bad; \ 669 GETLONG(cilong, p); \ 670 if (cilong != val) \ 671 goto bad; \ 672 } 673 674 ACKCISHORT(CI_MRU, go->neg_mru && go->mru != DEFMRU, go->mru); 675 ACKCILONG(CI_ASYNCMAP, go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF, 676 go->asyncmap); 677 ACKCICHAP(CI_AUTHTYPE, go->neg_chap, PPP_CHAP, go->chap_mdtype); 678 ACKCISHORT(CI_AUTHTYPE, !go->neg_chap && go->neg_upap, PPP_PAP); 679 ACKCILQR(CI_QUALITY, go->neg_lqr, go->lqr_period); 680 ACKCICHAR(CI_CALLBACK, go->neg_cbcp, CBCP_OPT); 681 ACKCILONG(CI_MAGICNUMBER, go->neg_magicnumber, go->magicnumber); 682 ACKCIVOID(CI_PCOMPRESSION, go->neg_pcompression); 683 ACKCIVOID(CI_ACCOMPRESSION, go->neg_accompression); 684 685 /* 686 * If there are any remaining CIs, then this packet is bad. 687 */ 688 if (len != 0) 689 goto bad; 690 return (1); 691 bad: 692 LCPDEBUG((LOG_WARNING, "lcp_acki: received bad Ack!")); 693 return (0); 694 } 695 696 697 /* 698 * lcp_nakci - Peer has sent a NAK for some of our CIs. 699 * This should not modify any state if the Nak is bad 700 * or if LCP is in the OPENED state. 701 * 702 * Returns: 703 * 0 - Nak was bad. 704 * 1 - Nak was good. 705 */ 706 static int 707 lcp_nakci(f, p, len) 708 fsm *f; 709 u_char *p; 710 int len; 711 { 712 lcp_options *go = &lcp_gotoptions[f->unit]; 713 lcp_options *wo = &lcp_wantoptions[f->unit]; 714 u_char citype, cichar, *next; 715 u_short cishort; 716 u_int32_t cilong; 717 lcp_options no; /* options we've seen Naks for */ 718 lcp_options try; /* options to request next time */ 719 int looped_back = 0; 720 int cilen; 721 722 BZERO(&no, sizeof(no)); 723 try = *go; 724 725 /* 726 * Any Nak'd CIs must be in exactly the same order that we sent. 727 * Check packet length and CI length at each step. 728 * If we find any deviations, then this packet is bad. 729 */ 730 #define NAKCIVOID(opt, neg, code) \ 731 if (go->neg && \ 732 len >= CILEN_VOID && \ 733 p[1] == CILEN_VOID && \ 734 p[0] == opt) { \ 735 len -= CILEN_VOID; \ 736 INCPTR(CILEN_VOID, p); \ 737 no.neg = 1; \ 738 code \ 739 } 740 #define NAKCICHAP(opt, neg, code) \ 741 if (go->neg && \ 742 len >= CILEN_CHAP && \ 743 p[1] == CILEN_CHAP && \ 744 p[0] == opt) { \ 745 len -= CILEN_CHAP; \ 746 INCPTR(2, p); \ 747 GETSHORT(cishort, p); \ 748 GETCHAR(cichar, p); \ 749 no.neg = 1; \ 750 code \ 751 } 752 #define NAKCICHAR(opt, neg, code) \ 753 if (go->neg && \ 754 len >= CILEN_CHAR && \ 755 p[1] == CILEN_CHAR && \ 756 p[0] == opt) { \ 757 len -= CILEN_CHAR; \ 758 INCPTR(2, p); \ 759 GETCHAR(cichar, p); \ 760 no.neg = 1; \ 761 code \ 762 } 763 #define NAKCISHORT(opt, neg, code) \ 764 if (go->neg && \ 765 len >= CILEN_SHORT && \ 766 p[1] == CILEN_SHORT && \ 767 p[0] == opt) { \ 768 len -= CILEN_SHORT; \ 769 INCPTR(2, p); \ 770 GETSHORT(cishort, p); \ 771 no.neg = 1; \ 772 code \ 773 } 774 #define NAKCILONG(opt, neg, code) \ 775 if (go->neg && \ 776 len >= CILEN_LONG && \ 777 p[1] == CILEN_LONG && \ 778 p[0] == opt) { \ 779 len -= CILEN_LONG; \ 780 INCPTR(2, p); \ 781 GETLONG(cilong, p); \ 782 no.neg = 1; \ 783 code \ 784 } 785 #define NAKCILQR(opt, neg, code) \ 786 if (go->neg && \ 787 len >= CILEN_LQR && \ 788 p[1] == CILEN_LQR && \ 789 p[0] == opt) { \ 790 len -= CILEN_LQR; \ 791 INCPTR(2, p); \ 792 GETSHORT(cishort, p); \ 793 GETLONG(cilong, p); \ 794 no.neg = 1; \ 795 code \ 796 } 797 798 /* 799 * We don't care if they want to send us smaller packets than 800 * we want. Therefore, accept any MRU less than what we asked for, 801 * but then ignore the new value when setting the MRU in the kernel. 802 * If they send us a bigger MRU than what we asked, accept it, up to 803 * the limit of the default MRU we'd get if we didn't negotiate. 804 */ 805 if (go->neg_mru && go->mru != DEFMRU) { 806 NAKCISHORT(CI_MRU, neg_mru, 807 if (cishort <= wo->mru || cishort <= DEFMRU) 808 try.mru = cishort; 809 ); 810 } 811 812 /* 813 * Add any characters they want to our (receive-side) asyncmap. 814 */ 815 if (go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF) { 816 NAKCILONG(CI_ASYNCMAP, neg_asyncmap, 817 try.asyncmap = go->asyncmap | cilong; 818 ); 819 } 820 821 /* 822 * If they've nak'd our authentication-protocol, check whether 823 * they are proposing a different protocol, or a different 824 * hash algorithm for CHAP. 825 */ 826 if ((go->neg_chap || go->neg_upap) 827 && len >= CILEN_SHORT 828 && p[0] == CI_AUTHTYPE && p[1] >= CILEN_SHORT && p[1] <= len) { 829 cilen = p[1]; 830 len -= cilen; 831 no.neg_chap = go->neg_chap; 832 no.neg_upap = go->neg_upap; 833 INCPTR(2, p); 834 GETSHORT(cishort, p); 835 if (cishort == PPP_PAP && cilen == CILEN_SHORT) { 836 /* 837 * If we were asking for CHAP, they obviously don't want to do it. 838 * If we weren't asking for CHAP, then we were asking for PAP, 839 * in which case this Nak is bad. 840 */ 841 if (!go->neg_chap) 842 goto bad; 843 try.neg_chap = 0; 844 845 } else if (cishort == PPP_CHAP && cilen == CILEN_CHAP) { 846 GETCHAR(cichar, p); 847 if (go->neg_chap) { 848 /* 849 * We were asking for CHAP/MD5; they must want a different 850 * algorithm. If they can't do MD5, we'll have to stop 851 * asking for CHAP. 852 */ 853 if (cichar != go->chap_mdtype) 854 try.neg_chap = 0; 855 } else { 856 /* 857 * Stop asking for PAP if we were asking for it. 858 */ 859 try.neg_upap = 0; 860 } 861 862 } else { 863 /* 864 * We don't recognize what they're suggesting. 865 * Stop asking for what we were asking for. 866 */ 867 if (go->neg_chap) 868 try.neg_chap = 0; 869 else 870 try.neg_upap = 0; 871 p += cilen - CILEN_SHORT; 872 } 873 } 874 875 /* 876 * If they can't cope with our link quality protocol, we'll have 877 * to stop asking for LQR. We haven't got any other protocol. 878 * If they Nak the reporting period, take their value XXX ? 879 */ 880 NAKCILQR(CI_QUALITY, neg_lqr, 881 if (cishort != PPP_LQR) 882 try.neg_lqr = 0; 883 else 884 try.lqr_period = cilong; 885 ); 886 887 /* 888 * Only implementing CBCP...not the rest of the callback options 889 */ 890 NAKCICHAR(CI_CALLBACK, neg_cbcp, 891 try.neg_cbcp = 0; 892 ); 893 894 /* 895 * Check for a looped-back line. 896 */ 897 NAKCILONG(CI_MAGICNUMBER, neg_magicnumber, 898 try.magicnumber = magic(); 899 looped_back = 1; 900 ); 901 902 /* 903 * Peer shouldn't send Nak for protocol compression or 904 * address/control compression requests; they should send 905 * a Reject instead. If they send a Nak, treat it as a Reject. 906 */ 907 NAKCIVOID(CI_PCOMPRESSION, neg_pcompression, 908 try.neg_pcompression = 0; 909 ); 910 NAKCIVOID(CI_ACCOMPRESSION, neg_accompression, 911 try.neg_accompression = 0; 912 ); 913 914 /* 915 * There may be remaining CIs, if the peer is requesting negotiation 916 * on an option that we didn't include in our request packet. 917 * If we see an option that we requested, or one we've already seen 918 * in this packet, then this packet is bad. 919 * If we wanted to respond by starting to negotiate on the requested 920 * option(s), we could, but we don't, because except for the 921 * authentication type and quality protocol, if we are not negotiating 922 * an option, it is because we were told not to. 923 * For the authentication type, the Nak from the peer means 924 * `let me authenticate myself with you' which is a bit pointless. 925 * For the quality protocol, the Nak means `ask me to send you quality 926 * reports', but if we didn't ask for them, we don't want them. 927 * An option we don't recognize represents the peer asking to 928 * negotiate some option we don't support, so ignore it. 929 */ 930 while (len > CILEN_VOID) { 931 GETCHAR(citype, p); 932 GETCHAR(cilen, p); 933 if (cilen < CILEN_VOID || (len -= cilen) < 0) 934 goto bad; 935 next = p + cilen - 2; 936 937 switch (citype) { 938 case CI_MRU: 939 if ((go->neg_mru && go->mru != DEFMRU) 940 || no.neg_mru || cilen != CILEN_SHORT) 941 goto bad; 942 GETSHORT(cishort, p); 943 if (cishort < DEFMRU) 944 try.mru = cishort; 945 break; 946 case CI_ASYNCMAP: 947 if ((go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF) 948 || no.neg_asyncmap || cilen != CILEN_LONG) 949 goto bad; 950 break; 951 case CI_AUTHTYPE: 952 if (go->neg_chap || no.neg_chap || go->neg_upap || no.neg_upap) 953 goto bad; 954 break; 955 case CI_MAGICNUMBER: 956 if (go->neg_magicnumber || no.neg_magicnumber || 957 cilen != CILEN_LONG) 958 goto bad; 959 break; 960 case CI_PCOMPRESSION: 961 if (go->neg_pcompression || no.neg_pcompression 962 || cilen != CILEN_VOID) 963 goto bad; 964 break; 965 case CI_ACCOMPRESSION: 966 if (go->neg_accompression || no.neg_accompression 967 || cilen != CILEN_VOID) 968 goto bad; 969 break; 970 case CI_QUALITY: 971 if (go->neg_lqr || no.neg_lqr || cilen != CILEN_LQR) 972 goto bad; 973 break; 974 } 975 p = next; 976 } 977 978 /* If there is still anything left, this packet is bad. */ 979 if (len != 0) 980 goto bad; 981 982 /* 983 * OK, the Nak is good. Now we can update state. 984 */ 985 if (f->state != OPENED) { 986 if (looped_back) { 987 if (++try.numloops >= lcp_loopbackfail) { 988 syslog(LOG_NOTICE, "Serial line is looped back."); 989 lcp_close(f->unit, "Loopback detected"); 990 } 991 } else 992 try.numloops = 0; 993 *go = try; 994 } 995 996 return 1; 997 998 bad: 999 LCPDEBUG((LOG_WARNING, "lcp_nakci: received bad Nak!")); 1000 return 0; 1001 } 1002 1003 1004 /* 1005 * lcp_rejci - Peer has Rejected some of our CIs. 1006 * This should not modify any state if the Reject is bad 1007 * or if LCP is in the OPENED state. 1008 * 1009 * Returns: 1010 * 0 - Reject was bad. 1011 * 1 - Reject was good. 1012 */ 1013 static int 1014 lcp_rejci(f, p, len) 1015 fsm *f; 1016 u_char *p; 1017 int len; 1018 { 1019 lcp_options *go = &lcp_gotoptions[f->unit]; 1020 u_char cichar; 1021 u_short cishort; 1022 u_int32_t cilong; 1023 lcp_options try; /* options to request next time */ 1024 1025 try = *go; 1026 1027 /* 1028 * Any Rejected CIs must be in exactly the same order that we sent. 1029 * Check packet length and CI length at each step. 1030 * If we find any deviations, then this packet is bad. 1031 */ 1032 #define REJCIVOID(opt, neg) \ 1033 if (go->neg && \ 1034 len >= CILEN_VOID && \ 1035 p[1] == CILEN_VOID && \ 1036 p[0] == opt) { \ 1037 len -= CILEN_VOID; \ 1038 INCPTR(CILEN_VOID, p); \ 1039 try.neg = 0; \ 1040 LCPDEBUG((LOG_INFO, "lcp_rejci rejected void opt %d", opt)); \ 1041 } 1042 #define REJCISHORT(opt, neg, val) \ 1043 if (go->neg && \ 1044 len >= CILEN_SHORT && \ 1045 p[1] == CILEN_SHORT && \ 1046 p[0] == opt) { \ 1047 len -= CILEN_SHORT; \ 1048 INCPTR(2, p); \ 1049 GETSHORT(cishort, p); \ 1050 /* Check rejected value. */ \ 1051 if (cishort != val) \ 1052 goto bad; \ 1053 try.neg = 0; \ 1054 LCPDEBUG((LOG_INFO,"lcp_rejci rejected short opt %d", opt)); \ 1055 } 1056 #define REJCICHAP(opt, neg, val, digest) \ 1057 if (go->neg && \ 1058 len >= CILEN_CHAP && \ 1059 p[1] == CILEN_CHAP && \ 1060 p[0] == opt) { \ 1061 len -= CILEN_CHAP; \ 1062 INCPTR(2, p); \ 1063 GETSHORT(cishort, p); \ 1064 GETCHAR(cichar, p); \ 1065 /* Check rejected value. */ \ 1066 if (cishort != val || cichar != digest) \ 1067 goto bad; \ 1068 try.neg = 0; \ 1069 try.neg_upap = 0; \ 1070 LCPDEBUG((LOG_INFO,"lcp_rejci rejected chap opt %d", opt)); \ 1071 } 1072 #define REJCILONG(opt, neg, val) \ 1073 if (go->neg && \ 1074 len >= CILEN_LONG && \ 1075 p[1] == CILEN_LONG && \ 1076 p[0] == opt) { \ 1077 len -= CILEN_LONG; \ 1078 INCPTR(2, p); \ 1079 GETLONG(cilong, p); \ 1080 /* Check rejected value. */ \ 1081 if (cilong != val) \ 1082 goto bad; \ 1083 try.neg = 0; \ 1084 LCPDEBUG((LOG_INFO,"lcp_rejci rejected long opt %d", opt)); \ 1085 } 1086 #define REJCILQR(opt, neg, val) \ 1087 if (go->neg && \ 1088 len >= CILEN_LQR && \ 1089 p[1] == CILEN_LQR && \ 1090 p[0] == opt) { \ 1091 len -= CILEN_LQR; \ 1092 INCPTR(2, p); \ 1093 GETSHORT(cishort, p); \ 1094 GETLONG(cilong, p); \ 1095 /* Check rejected value. */ \ 1096 if (cishort != PPP_LQR || cilong != val) \ 1097 goto bad; \ 1098 try.neg = 0; \ 1099 LCPDEBUG((LOG_INFO,"lcp_rejci rejected LQR opt %d", opt)); \ 1100 } 1101 #define REJCICBCP(opt, neg, val) \ 1102 if (go->neg && \ 1103 len >= CILEN_CBCP && \ 1104 p[1] == CILEN_CBCP && \ 1105 p[0] == opt) { \ 1106 len -= CILEN_CBCP; \ 1107 INCPTR(2, p); \ 1108 GETCHAR(cichar, p); \ 1109 /* Check rejected value. */ \ 1110 if (cichar != val) \ 1111 goto bad; \ 1112 try.neg = 0; \ 1113 LCPDEBUG((LOG_INFO,"lcp_rejci rejected Callback opt %d", opt)); \ 1114 } 1115 1116 REJCISHORT(CI_MRU, neg_mru, go->mru); 1117 REJCILONG(CI_ASYNCMAP, neg_asyncmap, go->asyncmap); 1118 REJCICHAP(CI_AUTHTYPE, neg_chap, PPP_CHAP, go->chap_mdtype); 1119 if (!go->neg_chap) { 1120 REJCISHORT(CI_AUTHTYPE, neg_upap, PPP_PAP); 1121 } 1122 REJCILQR(CI_QUALITY, neg_lqr, go->lqr_period); 1123 REJCICBCP(CI_CALLBACK, neg_cbcp, CBCP_OPT); 1124 REJCILONG(CI_MAGICNUMBER, neg_magicnumber, go->magicnumber); 1125 REJCIVOID(CI_PCOMPRESSION, neg_pcompression); 1126 REJCIVOID(CI_ACCOMPRESSION, neg_accompression); 1127 1128 /* 1129 * If there are any remaining CIs, then this packet is bad. 1130 */ 1131 if (len != 0) 1132 goto bad; 1133 /* 1134 * Now we can update state. 1135 */ 1136 if (f->state != OPENED) 1137 *go = try; 1138 return 1; 1139 1140 bad: 1141 LCPDEBUG((LOG_WARNING, "lcp_rejci: received bad Reject!")); 1142 return 0; 1143 } 1144 1145 1146 /* 1147 * lcp_reqci - Check the peer's requested CIs and send appropriate response. 1148 * 1149 * Returns: CONFACK, CONFNAK or CONFREJ and input packet modified 1150 * appropriately. If reject_if_disagree is non-zero, doesn't return 1151 * CONFNAK; returns CONFREJ if it can't return CONFACK. 1152 */ 1153 static int 1154 lcp_reqci(f, inp, lenp, reject_if_disagree) 1155 fsm *f; 1156 u_char *inp; /* Requested CIs */ 1157 int *lenp; /* Length of requested CIs */ 1158 int reject_if_disagree; 1159 { 1160 lcp_options *go = &lcp_gotoptions[f->unit]; 1161 lcp_options *ho = &lcp_hisoptions[f->unit]; 1162 lcp_options *ao = &lcp_allowoptions[f->unit]; 1163 u_char *cip, *next; /* Pointer to current and next CIs */ 1164 int cilen, citype, cichar; /* Parsed len, type, char value */ 1165 u_short cishort; /* Parsed short value */ 1166 u_int32_t cilong; /* Parse long value */ 1167 int rc = CONFACK; /* Final packet return code */ 1168 int orc; /* Individual option return code */ 1169 u_char *p; /* Pointer to next char to parse */ 1170 u_char *rejp; /* Pointer to next char in reject frame */ 1171 u_char *nakp; /* Pointer to next char in Nak frame */ 1172 int l = *lenp; /* Length left */ 1173 1174 /* 1175 * Reset all his options. 1176 */ 1177 BZERO(ho, sizeof(*ho)); 1178 1179 /* 1180 * Process all his options. 1181 */ 1182 next = inp; 1183 nakp = nak_buffer; 1184 rejp = inp; 1185 while (l) { 1186 orc = CONFACK; /* Assume success */ 1187 cip = p = next; /* Remember beginning of CI */ 1188 if (l < 2 || /* Not enough data for CI header or */ 1189 p[1] < 2 || /* CI length too small or */ 1190 p[1] > l) { /* CI length too big? */ 1191 LCPDEBUG((LOG_WARNING, "lcp_reqci: bad CI length!")); 1192 orc = CONFREJ; /* Reject bad CI */ 1193 cilen = l; /* Reject till end of packet */ 1194 l = 0; /* Don't loop again */ 1195 citype = 0; 1196 goto endswitch; 1197 } 1198 GETCHAR(citype, p); /* Parse CI type */ 1199 GETCHAR(cilen, p); /* Parse CI length */ 1200 l -= cilen; /* Adjust remaining length */ 1201 next += cilen; /* Step to next CI */ 1202 1203 switch (citype) { /* Check CI type */ 1204 case CI_MRU: 1205 LCPDEBUG((LOG_INFO, "lcp_reqci: rcvd MRU")); 1206 if (!ao->neg_mru || /* Allow option? */ 1207 cilen != CILEN_SHORT) { /* Check CI length */ 1208 orc = CONFREJ; /* Reject CI */ 1209 break; 1210 } 1211 GETSHORT(cishort, p); /* Parse MRU */ 1212 LCPDEBUG((LOG_INFO, "(%d)", cishort)); 1213 1214 /* 1215 * He must be able to receive at least our minimum. 1216 * No need to check a maximum. If he sends a large number, 1217 * we'll just ignore it. 1218 */ 1219 if (cishort < MINMRU) { 1220 orc = CONFNAK; /* Nak CI */ 1221 PUTCHAR(CI_MRU, nakp); 1222 PUTCHAR(CILEN_SHORT, nakp); 1223 PUTSHORT(MINMRU, nakp); /* Give him a hint */ 1224 break; 1225 } 1226 ho->neg_mru = 1; /* Remember he sent MRU */ 1227 ho->mru = cishort; /* And remember value */ 1228 break; 1229 1230 case CI_ASYNCMAP: 1231 LCPDEBUG((LOG_INFO, "lcp_reqci: rcvd ASYNCMAP")); 1232 if (!ao->neg_asyncmap || 1233 cilen != CILEN_LONG) { 1234 orc = CONFREJ; 1235 break; 1236 } 1237 GETLONG(cilong, p); 1238 LCPDEBUG((LOG_INFO, "(%x)", (unsigned int) cilong)); 1239 1240 /* 1241 * Asyncmap must have set at least the bits 1242 * which are set in lcp_allowoptions[unit].asyncmap. 1243 */ 1244 if ((ao->asyncmap & ~cilong) != 0) { 1245 orc = CONFNAK; 1246 PUTCHAR(CI_ASYNCMAP, nakp); 1247 PUTCHAR(CILEN_LONG, nakp); 1248 PUTLONG(ao->asyncmap | cilong, nakp); 1249 break; 1250 } 1251 ho->neg_asyncmap = 1; 1252 ho->asyncmap = cilong; 1253 break; 1254 1255 case CI_AUTHTYPE: 1256 LCPDEBUG((LOG_INFO, "lcp_reqci: rcvd AUTHTYPE")); 1257 if (cilen < CILEN_SHORT || 1258 !(ao->neg_upap || ao->neg_chap)) { 1259 /* 1260 * Reject the option if we're not willing to authenticate. 1261 */ 1262 orc = CONFREJ; 1263 break; 1264 } 1265 GETSHORT(cishort, p); 1266 LCPDEBUG((LOG_INFO, "(%x)", cishort)); 1267 1268 /* 1269 * Authtype must be UPAP or CHAP. 1270 * 1271 * Note: if both ao->neg_upap and ao->neg_chap are set, 1272 * and the peer sends a Configure-Request with two 1273 * authenticate-protocol requests, one for CHAP and one 1274 * for UPAP, then we will reject the second request. 1275 * Whether we end up doing CHAP or UPAP depends then on 1276 * the ordering of the CIs in the peer's Configure-Request. 1277 */ 1278 1279 if (cishort == PPP_PAP) { 1280 if (ho->neg_chap || /* we've already accepted CHAP */ 1281 cilen != CILEN_SHORT) { 1282 LCPDEBUG((LOG_WARNING, 1283 "lcp_reqci: rcvd AUTHTYPE PAP, rejecting...")); 1284 orc = CONFREJ; 1285 break; 1286 } 1287 if (!ao->neg_upap) { /* we don't want to do PAP */ 1288 orc = CONFNAK; /* NAK it and suggest CHAP */ 1289 PUTCHAR(CI_AUTHTYPE, nakp); 1290 PUTCHAR(CILEN_CHAP, nakp); 1291 PUTSHORT(PPP_CHAP, nakp); 1292 PUTCHAR(ao->chap_mdtype, nakp); 1293 break; 1294 } 1295 ho->neg_upap = 1; 1296 break; 1297 } 1298 if (cishort == PPP_CHAP) { 1299 if (ho->neg_upap || /* we've already accepted PAP */ 1300 cilen != CILEN_CHAP) { 1301 LCPDEBUG((LOG_INFO, 1302 "lcp_reqci: rcvd AUTHTYPE CHAP, rejecting...")); 1303 orc = CONFREJ; 1304 break; 1305 } 1306 if (!ao->neg_chap) { /* we don't want to do CHAP */ 1307 orc = CONFNAK; /* NAK it and suggest PAP */ 1308 PUTCHAR(CI_AUTHTYPE, nakp); 1309 PUTCHAR(CILEN_SHORT, nakp); 1310 PUTSHORT(PPP_PAP, nakp); 1311 break; 1312 } 1313 GETCHAR(cichar, p); /* get digest type*/ 1314 if (cichar != CHAP_DIGEST_MD5) { 1315 orc = CONFNAK; 1316 PUTCHAR(CI_AUTHTYPE, nakp); 1317 PUTCHAR(CILEN_CHAP, nakp); 1318 PUTSHORT(PPP_CHAP, nakp); 1319 PUTCHAR(ao->chap_mdtype, nakp); 1320 break; 1321 } 1322 ho->chap_mdtype = cichar; /* save md type */ 1323 ho->neg_chap = 1; 1324 break; 1325 } 1326 1327 /* 1328 * We don't recognize the protocol they're asking for. 1329 * Nak it with something we're willing to do. 1330 * (At this point we know ao->neg_upap || ao->neg_chap.) 1331 */ 1332 orc = CONFNAK; 1333 PUTCHAR(CI_AUTHTYPE, nakp); 1334 if (ao->neg_chap) { 1335 PUTCHAR(CILEN_CHAP, nakp); 1336 PUTSHORT(PPP_CHAP, nakp); 1337 PUTCHAR(ao->chap_mdtype, nakp); 1338 } else { 1339 PUTCHAR(CILEN_SHORT, nakp); 1340 PUTSHORT(PPP_PAP, nakp); 1341 } 1342 break; 1343 1344 case CI_QUALITY: 1345 LCPDEBUG((LOG_INFO, "lcp_reqci: rcvd QUALITY")); 1346 if (!ao->neg_lqr || 1347 cilen != CILEN_LQR) { 1348 orc = CONFREJ; 1349 break; 1350 } 1351 1352 GETSHORT(cishort, p); 1353 GETLONG(cilong, p); 1354 LCPDEBUG((LOG_INFO, "(%x %x)", cishort, (unsigned int) cilong)); 1355 1356 /* 1357 * Check the protocol and the reporting period. 1358 * XXX When should we Nak this, and what with? 1359 */ 1360 if (cishort != PPP_LQR) { 1361 orc = CONFNAK; 1362 PUTCHAR(CI_QUALITY, nakp); 1363 PUTCHAR(CILEN_LQR, nakp); 1364 PUTSHORT(PPP_LQR, nakp); 1365 PUTLONG(ao->lqr_period, nakp); 1366 break; 1367 } 1368 break; 1369 1370 case CI_MAGICNUMBER: 1371 LCPDEBUG((LOG_INFO, "lcp_reqci: rcvd MAGICNUMBER")); 1372 if (!(ao->neg_magicnumber || go->neg_magicnumber) || 1373 cilen != CILEN_LONG) { 1374 orc = CONFREJ; 1375 break; 1376 } 1377 GETLONG(cilong, p); 1378 LCPDEBUG((LOG_INFO, "(%x)", (unsigned int) cilong)); 1379 1380 /* 1381 * He must have a different magic number. 1382 */ 1383 if (go->neg_magicnumber && 1384 cilong == go->magicnumber) { 1385 cilong = magic(); /* Don't put magic() inside macro! */ 1386 orc = CONFNAK; 1387 PUTCHAR(CI_MAGICNUMBER, nakp); 1388 PUTCHAR(CILEN_LONG, nakp); 1389 PUTLONG(cilong, nakp); 1390 break; 1391 } 1392 ho->neg_magicnumber = 1; 1393 ho->magicnumber = cilong; 1394 break; 1395 1396 1397 case CI_PCOMPRESSION: 1398 LCPDEBUG((LOG_INFO, "lcp_reqci: rcvd PCOMPRESSION")); 1399 if (!ao->neg_pcompression || 1400 cilen != CILEN_VOID) { 1401 orc = CONFREJ; 1402 break; 1403 } 1404 ho->neg_pcompression = 1; 1405 break; 1406 1407 case CI_ACCOMPRESSION: 1408 LCPDEBUG((LOG_INFO, "lcp_reqci: rcvd ACCOMPRESSION")); 1409 if (!ao->neg_accompression || 1410 cilen != CILEN_VOID) { 1411 orc = CONFREJ; 1412 break; 1413 } 1414 ho->neg_accompression = 1; 1415 break; 1416 1417 default: 1418 LCPDEBUG((LOG_INFO, "lcp_reqci: rcvd unknown option %d", 1419 citype)); 1420 orc = CONFREJ; 1421 break; 1422 } 1423 1424 endswitch: 1425 LCPDEBUG((LOG_INFO, " (%s)", CODENAME(orc))); 1426 if (orc == CONFACK && /* Good CI */ 1427 rc != CONFACK) /* but prior CI wasnt? */ 1428 continue; /* Don't send this one */ 1429 1430 if (orc == CONFNAK) { /* Nak this CI? */ 1431 if (reject_if_disagree /* Getting fed up with sending NAKs? */ 1432 && citype != CI_MAGICNUMBER) { 1433 orc = CONFREJ; /* Get tough if so */ 1434 } else { 1435 if (rc == CONFREJ) /* Rejecting prior CI? */ 1436 continue; /* Don't send this one */ 1437 rc = CONFNAK; 1438 } 1439 } 1440 if (orc == CONFREJ) { /* Reject this CI */ 1441 rc = CONFREJ; 1442 if (cip != rejp) /* Need to move rejected CI? */ 1443 BMOVE(cip, rejp, cilen); /* Move it (NB: overlapped regions) */ 1444 INCPTR(cilen, rejp); /* Update output pointer */ 1445 } 1446 } 1447 1448 /* 1449 * If we wanted to send additional NAKs (for unsent CIs), the 1450 * code would go here. The extra NAKs would go at *nakp. 1451 * At present there are no cases where we want to ask the 1452 * peer to negotiate an option. 1453 */ 1454 1455 switch (rc) { 1456 case CONFACK: 1457 *lenp = next - inp; 1458 break; 1459 case CONFNAK: 1460 /* 1461 * Copy the Nak'd options from the nak_buffer to the caller's buffer. 1462 */ 1463 *lenp = nakp - nak_buffer; 1464 BCOPY(nak_buffer, inp, *lenp); 1465 break; 1466 case CONFREJ: 1467 *lenp = rejp - inp; 1468 break; 1469 } 1470 1471 LCPDEBUG((LOG_INFO, "lcp_reqci: returning CONF%s.", CODENAME(rc))); 1472 return (rc); /* Return final code */ 1473 } 1474 1475 1476 /* 1477 * lcp_up - LCP has come UP. 1478 */ 1479 static void 1480 lcp_up(f) 1481 fsm *f; 1482 { 1483 lcp_options *wo = &lcp_wantoptions[f->unit]; 1484 lcp_options *ho = &lcp_hisoptions[f->unit]; 1485 lcp_options *go = &lcp_gotoptions[f->unit]; 1486 lcp_options *ao = &lcp_allowoptions[f->unit]; 1487 1488 if (!go->neg_magicnumber) 1489 go->magicnumber = 0; 1490 if (!ho->neg_magicnumber) 1491 ho->magicnumber = 0; 1492 1493 /* 1494 * Set our MTU to the smaller of the MTU we wanted and 1495 * the MRU our peer wanted. If we negotiated an MRU, 1496 * set our MRU to the larger of value we wanted and 1497 * the value we got in the negotiation. 1498 */ 1499 ppp_send_config(f->unit, MIN(ao->mru, (ho->neg_mru? ho->mru: PPP_MRU)), 1500 (ho->neg_asyncmap? ho->asyncmap: 0xffffffff), 1501 ho->neg_pcompression, ho->neg_accompression); 1502 ppp_recv_config(f->unit, (go->neg_mru? MAX(wo->mru, go->mru): PPP_MRU), 1503 (go->neg_asyncmap? go->asyncmap: 0xffffffff), 1504 go->neg_pcompression, go->neg_accompression); 1505 1506 if (ho->neg_mru) 1507 peer_mru[f->unit] = ho->mru; 1508 1509 lcp_echo_lowerup(f->unit); /* Enable echo messages */ 1510 1511 link_established(f->unit); 1512 } 1513 1514 1515 /* 1516 * lcp_down - LCP has gone DOWN. 1517 * 1518 * Alert other protocols. 1519 */ 1520 static void 1521 lcp_down(f) 1522 fsm *f; 1523 { 1524 lcp_options *go = &lcp_gotoptions[f->unit]; 1525 1526 lcp_echo_lowerdown(f->unit); 1527 1528 link_down(f->unit); 1529 1530 ppp_send_config(f->unit, PPP_MRU, 0xffffffff, 0, 0); 1531 ppp_recv_config(f->unit, PPP_MRU, 1532 (go->neg_asyncmap? go->asyncmap: 0xffffffff), 1533 go->neg_pcompression, go->neg_accompression); 1534 peer_mru[f->unit] = PPP_MRU; 1535 } 1536 1537 1538 /* 1539 * lcp_starting - LCP needs the lower layer up. 1540 */ 1541 static void 1542 lcp_starting(f) 1543 fsm *f; 1544 { 1545 link_required(f->unit); 1546 } 1547 1548 1549 /* 1550 * lcp_finished - LCP has finished with the lower layer. 1551 */ 1552 static void 1553 lcp_finished(f) 1554 fsm *f; 1555 { 1556 link_terminated(f->unit); 1557 } 1558 1559 1560 /* 1561 * lcp_printpkt - print the contents of an LCP packet. 1562 */ 1563 static char *lcp_codenames[] = { 1564 "ConfReq", "ConfAck", "ConfNak", "ConfRej", 1565 "TermReq", "TermAck", "CodeRej", "ProtRej", 1566 "EchoReq", "EchoRep", "DiscReq" 1567 }; 1568 1569 static int 1570 lcp_printpkt(p, plen, printer, arg) 1571 u_char *p; 1572 int plen; 1573 void (*printer)(void *, char *, ...); 1574 void *arg; 1575 { 1576 int code, id, len, olen; 1577 u_char *pstart, *optend; 1578 u_short cishort; 1579 u_int32_t cilong; 1580 1581 if (plen < HEADERLEN) 1582 return 0; 1583 pstart = p; 1584 GETCHAR(code, p); 1585 GETCHAR(id, p); 1586 GETSHORT(len, p); 1587 if (len < HEADERLEN || len > plen) 1588 return 0; 1589 1590 if (code >= 1 && code <= sizeof(lcp_codenames) / sizeof(char *)) 1591 printer(arg, " %s", lcp_codenames[code-1]); 1592 else 1593 printer(arg, " code=0x%x", code); 1594 printer(arg, " id=0x%x", id); 1595 len -= HEADERLEN; 1596 switch (code) { 1597 case CONFREQ: 1598 case CONFACK: 1599 case CONFNAK: 1600 case CONFREJ: 1601 /* print option list */ 1602 while (len >= 2) { 1603 GETCHAR(code, p); 1604 GETCHAR(olen, p); 1605 p -= 2; 1606 if (olen < 2 || olen > len) { 1607 break; 1608 } 1609 printer(arg, " <"); 1610 len -= olen; 1611 optend = p + olen; 1612 switch (code) { 1613 case CI_MRU: 1614 if (olen == CILEN_SHORT) { 1615 p += 2; 1616 GETSHORT(cishort, p); 1617 printer(arg, "mru %d", cishort); 1618 } 1619 break; 1620 case CI_ASYNCMAP: 1621 if (olen == CILEN_LONG) { 1622 p += 2; 1623 GETLONG(cilong, p); 1624 printer(arg, "asyncmap 0x%x", cilong); 1625 } 1626 break; 1627 case CI_AUTHTYPE: 1628 if (olen >= CILEN_SHORT) { 1629 p += 2; 1630 printer(arg, "auth "); 1631 GETSHORT(cishort, p); 1632 switch (cishort) { 1633 case PPP_PAP: 1634 printer(arg, "pap"); 1635 break; 1636 case PPP_CHAP: 1637 printer(arg, "chap"); 1638 break; 1639 default: 1640 printer(arg, "0x%x", cishort); 1641 } 1642 } 1643 break; 1644 case CI_QUALITY: 1645 if (olen >= CILEN_SHORT) { 1646 p += 2; 1647 printer(arg, "quality "); 1648 GETSHORT(cishort, p); 1649 switch (cishort) { 1650 case PPP_LQR: 1651 printer(arg, "lqr"); 1652 break; 1653 default: 1654 printer(arg, "0x%x", cishort); 1655 } 1656 } 1657 break; 1658 case CI_CALLBACK: 1659 if (olen >= CILEN_CHAR) { 1660 p += 2; 1661 printer(arg, "callback "); 1662 GETSHORT(cishort, p); 1663 switch (cishort) { 1664 case CBCP_OPT: 1665 printer(arg, "CBCP"); 1666 break; 1667 default: 1668 printer(arg, "0x%x", cishort); 1669 } 1670 } 1671 break; 1672 case CI_MAGICNUMBER: 1673 if (olen == CILEN_LONG) { 1674 p += 2; 1675 GETLONG(cilong, p); 1676 printer(arg, "magic 0x%x", cilong); 1677 } 1678 break; 1679 case CI_PCOMPRESSION: 1680 if (olen == CILEN_VOID) { 1681 p += 2; 1682 printer(arg, "pcomp"); 1683 } 1684 break; 1685 case CI_ACCOMPRESSION: 1686 if (olen == CILEN_VOID) { 1687 p += 2; 1688 printer(arg, "accomp"); 1689 } 1690 break; 1691 } 1692 while (p < optend) { 1693 GETCHAR(code, p); 1694 printer(arg, " %.2x", code); 1695 } 1696 printer(arg, ">"); 1697 } 1698 break; 1699 1700 case TERMACK: 1701 case TERMREQ: 1702 if (len > 0 && *p >= ' ' && *p < 0x7f) { 1703 printer(arg, " "); 1704 print_string(p, len, printer, arg); 1705 p += len; 1706 len = 0; 1707 } 1708 break; 1709 1710 case ECHOREQ: 1711 case ECHOREP: 1712 case DISCREQ: 1713 if (len >= 4) { 1714 GETLONG(cilong, p); 1715 printer(arg, " magic=0x%x", cilong); 1716 p += 4; 1717 len -= 4; 1718 } 1719 break; 1720 } 1721 1722 /* print the rest of the bytes in the packet */ 1723 for (; len > 0; --len) { 1724 GETCHAR(code, p); 1725 printer(arg, " %.2x", code); 1726 } 1727 1728 return p - pstart; 1729 } 1730 1731 /* 1732 * Time to shut down the link because there is nothing out there. 1733 */ 1734 1735 static 1736 void LcpLinkFailure (f) 1737 fsm *f; 1738 { 1739 if (f->state == OPENED) { 1740 syslog(LOG_INFO, "No response to %d echo-requests", lcp_echos_pending); 1741 syslog(LOG_NOTICE, "Serial link appears to be disconnected."); 1742 lcp_close(f->unit, "Peer not responding"); 1743 } 1744 } 1745 1746 /* 1747 * Timer expired for the LCP echo requests from this process. 1748 */ 1749 1750 static void 1751 LcpEchoCheck (f) 1752 fsm *f; 1753 { 1754 LcpSendEchoRequest (f); 1755 1756 /* 1757 * Start the timer for the next interval. 1758 */ 1759 assert (lcp_echo_timer_running==0); 1760 TIMEOUT (LcpEchoTimeout, f, lcp_echo_interval); 1761 lcp_echo_timer_running = 1; 1762 } 1763 1764 /* 1765 * LcpEchoTimeout - Timer expired on the LCP echo 1766 */ 1767 1768 static void 1769 LcpEchoTimeout (arg) 1770 void *arg; 1771 { 1772 if (lcp_echo_timer_running != 0) { 1773 lcp_echo_timer_running = 0; 1774 LcpEchoCheck ((fsm *) arg); 1775 } 1776 } 1777 1778 /* 1779 * LcpEchoReply - LCP has received a reply to the echo 1780 */ 1781 1782 static void 1783 lcp_received_echo_reply (f, id, inp, len) 1784 fsm *f; 1785 int id; u_char *inp; int len; 1786 { 1787 u_int32_t magic; 1788 1789 /* Check the magic number - don't count replies from ourselves. */ 1790 if (len < 4) { 1791 syslog(LOG_DEBUG, "lcp: received short Echo-Reply, length %d", len); 1792 return; 1793 } 1794 GETLONG(magic, inp); 1795 if (lcp_gotoptions[f->unit].neg_magicnumber 1796 && magic == lcp_gotoptions[f->unit].magicnumber) { 1797 syslog(LOG_WARNING, "appear to have received our own echo-reply!"); 1798 return; 1799 } 1800 1801 /* Reset the number of outstanding echo frames */ 1802 lcp_echos_pending = 0; 1803 } 1804 1805 /* 1806 * LcpSendEchoRequest - Send an echo request frame to the peer 1807 */ 1808 1809 static void 1810 LcpSendEchoRequest (f) 1811 fsm *f; 1812 { 1813 u_int32_t lcp_magic; 1814 u_char pkt[4], *pktp; 1815 1816 /* 1817 * Detect the failure of the peer at this point. 1818 */ 1819 if (lcp_echo_fails != 0) { 1820 if (lcp_echos_pending >= lcp_echo_fails) { 1821 LcpLinkFailure(f); 1822 lcp_echos_pending = 0; 1823 } 1824 } 1825 1826 /* 1827 * Make and send the echo request frame. 1828 */ 1829 if (f->state == OPENED) { 1830 lcp_magic = lcp_gotoptions[f->unit].magicnumber; 1831 pktp = pkt; 1832 PUTLONG(lcp_magic, pktp); 1833 fsm_sdata(f, ECHOREQ, lcp_echo_number++ & 0xFF, pkt, pktp - pkt); 1834 ++lcp_echos_pending; 1835 } 1836 } 1837 1838 /* 1839 * lcp_echo_lowerup - Start the timer for the LCP frame 1840 */ 1841 1842 static void 1843 lcp_echo_lowerup (unit) 1844 int unit; 1845 { 1846 fsm *f = &lcp_fsm[unit]; 1847 1848 /* Clear the parameters for generating echo frames */ 1849 lcp_echos_pending = 0; 1850 lcp_echo_number = 0; 1851 lcp_echo_timer_running = 0; 1852 1853 /* If a timeout interval is specified then start the timer */ 1854 if (lcp_echo_interval != 0) 1855 LcpEchoCheck (f); 1856 } 1857 1858 /* 1859 * lcp_echo_lowerdown - Stop the timer for the LCP frame 1860 */ 1861 1862 static void 1863 lcp_echo_lowerdown (unit) 1864 int unit; 1865 { 1866 fsm *f = &lcp_fsm[unit]; 1867 1868 if (lcp_echo_timer_running != 0) { 1869 UNTIMEOUT (LcpEchoTimeout, f); 1870 lcp_echo_timer_running = 0; 1871 } 1872 } 1873