1 /*
2  * lcp.c - PPP Link Control Protocol.
3  *
4  * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in
15  *    the documentation and/or other materials provided with the
16  *    distribution.
17  *
18  * 3. The name "Carnegie Mellon University" must not be used to
19  *    endorse or promote products derived from this software without
20  *    prior written permission. For permission or any legal
21  *    details, please contact
22  *      Office of Technology Transfer
23  *      Carnegie Mellon University
24  *      5000 Forbes Avenue
25  *      Pittsburgh, PA  15213-3890
26  *      (412) 268-4387, fax: (412) 268-7395
27  *      tech-transfer@andrew.cmu.edu
28  *
29  * 4. Redistributions of any form whatsoever must retain the following
30  *    acknowledgment:
31  *    "This product includes software developed by Computing Services
32  *     at Carnegie Mellon University (http://www.cmu.edu/computing/)."
33  *
34  * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
35  * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
36  * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
37  * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
38  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
39  * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
40  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
41  */
42 
43 #define RCSID	"$Id: lcp.c,v 1.76 2006/05/22 00:04:07 paulus Exp $"
44 
45 /*
46  * TODO:
47  */
48 
49 #include <stdio.h>
50 #include <string.h>
51 #include <stdlib.h>
52 
53 #include "pppd.h"
54 #include "fsm.h"
55 #include "lcp.h"
56 #include "chap-new.h"
57 #include "magic.h"
58 
59 static const char rcsid[] = RCSID;
60 
61 /*
62  * When the link comes up we want to be able to wait for a short while,
63  * or until seeing some input from the peer, before starting to send
64  * configure-requests.  We do this by delaying the fsm_lowerup call.
65  */
66 /* steal a bit in fsm flags word */
67 #define DELAYED_UP	0x100
68 
69 static void lcp_delayed_up __P((void *));
70 
71 /*
72  * LCP-related command-line options.
73  */
74 int	lcp_echo_interval = 0; 	/* Interval between LCP echo-requests */
75 int	lcp_echo_fails = 0;	/* Tolerance to unanswered echo-requests */
76 bool	lax_recv = 0;		/* accept control chars in asyncmap */
77 bool	noendpoint = 0;		/* don't send/accept endpoint discriminator */
78 
79 static int noopt __P((char **));
80 
81 #ifdef HAVE_MULTILINK
82 static int setendpoint __P((char **));
83 static void printendpoint __P((option_t *, void (*)(void *, char *, ...),
84 			       void *));
85 #endif /* HAVE_MULTILINK */
86 
87 static option_t lcp_option_list[] = {
88     /* LCP options */
89     { "-all", o_special_noarg, (void *)noopt,
90       "Don't request/allow any LCP options" },
91 
92     { "noaccomp", o_bool, &lcp_wantoptions[0].neg_accompression,
93       "Disable address/control compression",
94       OPT_A2CLR, &lcp_allowoptions[0].neg_accompression },
95     { "-ac", o_bool, &lcp_wantoptions[0].neg_accompression,
96       "Disable address/control compression",
97       OPT_ALIAS | OPT_A2CLR, &lcp_allowoptions[0].neg_accompression },
98 
99     { "asyncmap", o_uint32, &lcp_wantoptions[0].asyncmap,
100       "Set asyncmap (for received packets)",
101       OPT_OR, &lcp_wantoptions[0].neg_asyncmap },
102     { "-as", o_uint32, &lcp_wantoptions[0].asyncmap,
103       "Set asyncmap (for received packets)",
104       OPT_ALIAS | OPT_OR, &lcp_wantoptions[0].neg_asyncmap },
105     { "default-asyncmap", o_uint32, &lcp_wantoptions[0].asyncmap,
106       "Disable asyncmap negotiation",
107       OPT_OR | OPT_NOARG | OPT_VAL(~0U) | OPT_A2CLR,
108       &lcp_allowoptions[0].neg_asyncmap },
109     { "-am", o_uint32, &lcp_wantoptions[0].asyncmap,
110       "Disable asyncmap negotiation",
111       OPT_ALIAS | OPT_OR | OPT_NOARG | OPT_VAL(~0U) | OPT_A2CLR,
112       &lcp_allowoptions[0].neg_asyncmap },
113 
114     { "nomagic", o_bool, &lcp_wantoptions[0].neg_magicnumber,
115       "Disable magic number negotiation (looped-back line detection)",
116       OPT_A2CLR, &lcp_allowoptions[0].neg_magicnumber },
117     { "-mn", o_bool, &lcp_wantoptions[0].neg_magicnumber,
118       "Disable magic number negotiation (looped-back line detection)",
119       OPT_ALIAS | OPT_A2CLR, &lcp_allowoptions[0].neg_magicnumber },
120 
121     { "mru", o_int, &lcp_wantoptions[0].mru,
122       "Set MRU (maximum received packet size) for negotiation",
123       OPT_PRIO, &lcp_wantoptions[0].neg_mru },
124     { "default-mru", o_bool, &lcp_wantoptions[0].neg_mru,
125       "Disable MRU negotiation (use default 1500)",
126       OPT_PRIOSUB | OPT_A2CLR, &lcp_allowoptions[0].neg_mru },
127     { "-mru", o_bool, &lcp_wantoptions[0].neg_mru,
128       "Disable MRU negotiation (use default 1500)",
129       OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR, &lcp_allowoptions[0].neg_mru },
130 
131     { "mtu", o_int, &lcp_allowoptions[0].mru,
132       "Set our MTU", OPT_LIMITS, NULL, MAXMRU, MINMRU },
133 
134     { "nopcomp", o_bool, &lcp_wantoptions[0].neg_pcompression,
135       "Disable protocol field compression",
136       OPT_A2CLR, &lcp_allowoptions[0].neg_pcompression },
137     { "-pc", o_bool, &lcp_wantoptions[0].neg_pcompression,
138       "Disable protocol field compression",
139       OPT_ALIAS | OPT_A2CLR, &lcp_allowoptions[0].neg_pcompression },
140 
141     { "passive", o_bool, &lcp_wantoptions[0].passive,
142       "Set passive mode", 1 },
143     { "-p", o_bool, &lcp_wantoptions[0].passive,
144       "Set passive mode", OPT_ALIAS | 1 },
145 
146     { "silent", o_bool, &lcp_wantoptions[0].silent,
147       "Set silent mode", 1 },
148 
149     { "lcp-echo-failure", o_int, &lcp_echo_fails,
150       "Set number of consecutive echo failures to indicate link failure",
151       OPT_PRIO },
152     { "lcp-echo-interval", o_int, &lcp_echo_interval,
153       "Set time in seconds between LCP echo requests", OPT_PRIO },
154     { "lcp-restart", o_int, &lcp_fsm[0].timeouttime,
155       "Set time in seconds between LCP retransmissions", OPT_PRIO },
156     { "lcp-max-terminate", o_int, &lcp_fsm[0].maxtermtransmits,
157       "Set maximum number of LCP terminate-request transmissions", OPT_PRIO },
158     { "lcp-max-configure", o_int, &lcp_fsm[0].maxconfreqtransmits,
159       "Set maximum number of LCP configure-request transmissions", OPT_PRIO },
160     { "lcp-max-failure", o_int, &lcp_fsm[0].maxnakloops,
161       "Set limit on number of LCP configure-naks", OPT_PRIO },
162 
163     { "receive-all", o_bool, &lax_recv,
164       "Accept all received control characters", 1 },
165 
166 #ifdef HAVE_MULTILINK
167     { "mrru", o_int, &lcp_wantoptions[0].mrru,
168       "Maximum received packet size for multilink bundle",
169       OPT_PRIO, &lcp_wantoptions[0].neg_mrru },
170 
171     { "mpshortseq", o_bool, &lcp_wantoptions[0].neg_ssnhf,
172       "Use short sequence numbers in multilink headers",
173       OPT_PRIO | 1, &lcp_allowoptions[0].neg_ssnhf },
174     { "nompshortseq", o_bool, &lcp_wantoptions[0].neg_ssnhf,
175       "Don't use short sequence numbers in multilink headers",
176       OPT_PRIOSUB | OPT_A2CLR, &lcp_allowoptions[0].neg_ssnhf },
177 
178     { "endpoint", o_special, (void *) setendpoint,
179       "Endpoint discriminator for multilink",
180       OPT_PRIO | OPT_A2PRINTER, (void *) printendpoint },
181 #endif /* HAVE_MULTILINK */
182 
183     { "noendpoint", o_bool, &noendpoint,
184       "Don't send or accept multilink endpoint discriminator", 1 },
185 
186     {NULL}
187 };
188 
189 /* global vars */
190 fsm lcp_fsm[NUM_PPP];			/* LCP fsm structure (global)*/
191 lcp_options lcp_wantoptions[NUM_PPP];	/* Options that we want to request */
192 lcp_options lcp_gotoptions[NUM_PPP];	/* Options that peer ack'd */
193 lcp_options lcp_allowoptions[NUM_PPP];	/* Options we allow peer to request */
194 lcp_options lcp_hisoptions[NUM_PPP];	/* Options that we ack'd */
195 
196 static int lcp_echos_pending = 0;	/* Number of outstanding echo msgs */
197 static int lcp_echo_number   = 0;	/* ID number of next echo frame */
198 static int lcp_echo_timer_running = 0;  /* set if a timer is running */
199 
200 static u_char nak_buffer[PPP_MRU];	/* where we construct a nak packet */
201 
202 /*
203  * Callbacks for fsm code.  (CI = Configuration Information)
204  */
205 static void lcp_resetci __P((fsm *));	/* Reset our CI */
206 static int  lcp_cilen __P((fsm *));		/* Return length of our CI */
207 static void lcp_addci __P((fsm *, u_char *, int *)); /* Add our CI to pkt */
208 static int  lcp_ackci __P((fsm *, u_char *, int)); /* Peer ack'd our CI */
209 static int  lcp_nakci __P((fsm *, u_char *, int, int)); /* Peer nak'd our CI */
210 static int  lcp_rejci __P((fsm *, u_char *, int)); /* Peer rej'd our CI */
211 static int  lcp_reqci __P((fsm *, u_char *, int *, int)); /* Rcv peer CI */
212 static void lcp_up __P((fsm *));		/* We're UP */
213 static void lcp_down __P((fsm *));		/* We're DOWN */
214 static void lcp_starting __P((fsm *));	/* We need lower layer up */
215 static void lcp_finished __P((fsm *));	/* We need lower layer down */
216 static int  lcp_extcode __P((fsm *, int, int, u_char *, int));
217 static void lcp_rprotrej __P((fsm *, u_char *, int));
218 
219 /*
220  * routines to send LCP echos to peer
221  */
222 
223 static void lcp_echo_lowerup __P((int));
224 static void lcp_echo_lowerdown __P((int));
225 static void LcpEchoTimeout __P((void *));
226 static void lcp_received_echo_reply __P((fsm *, int, u_char *, int));
227 static void LcpSendEchoRequest __P((fsm *));
228 static void LcpLinkFailure __P((fsm *));
229 static void LcpEchoCheck __P((fsm *));
230 
231 static fsm_callbacks lcp_callbacks = {	/* LCP callback routines */
232     lcp_resetci,		/* Reset our Configuration Information */
233     lcp_cilen,			/* Length of our Configuration Information */
234     lcp_addci,			/* Add our Configuration Information */
235     lcp_ackci,			/* ACK our Configuration Information */
236     lcp_nakci,			/* NAK our Configuration Information */
237     lcp_rejci,			/* Reject our Configuration Information */
238     lcp_reqci,			/* Request peer's Configuration Information */
239     lcp_up,			/* Called when fsm reaches OPENED state */
240     lcp_down,			/* Called when fsm leaves OPENED state */
241     lcp_starting,		/* Called when we want the lower layer up */
242     lcp_finished,		/* Called when we want the lower layer down */
243     NULL,			/* Called when Protocol-Reject received */
244     NULL,			/* Retransmission is necessary */
245     lcp_extcode,		/* Called to handle LCP-specific codes */
246     "LCP"			/* String name of protocol */
247 };
248 
249 /*
250  * Protocol entry points.
251  * Some of these are called directly.
252  */
253 
254 static void lcp_init __P((int));
255 static void lcp_input __P((int, u_char *, int));
256 static void lcp_protrej __P((int));
257 static int  lcp_printpkt __P((u_char *, int,
258 			      void (*) __P((void *, char *, ...)), void *));
259 
260 struct protent lcp_protent = {
261     PPP_LCP,
262     lcp_init,
263     lcp_input,
264     lcp_protrej,
265     lcp_lowerup,
266     lcp_lowerdown,
267     lcp_open,
268     lcp_close,
269     lcp_printpkt,
270     NULL,
271     1,
272     "LCP",
273     NULL,
274     lcp_option_list,
275     NULL,
276     NULL,
277     NULL
278 };
279 
280 int lcp_loopbackfail = DEFLOOPBACKFAIL;
281 
282 /*
283  * Length of each type of configuration option (in octets)
284  */
285 #define CILEN_VOID	2
286 #define CILEN_CHAR	3
287 #define CILEN_SHORT	4	/* CILEN_VOID + 2 */
288 #define CILEN_CHAP	5	/* CILEN_VOID + 2 + 1 */
289 #define CILEN_LONG	6	/* CILEN_VOID + 4 */
290 #define CILEN_LQR	8	/* CILEN_VOID + 2 + 4 */
291 #define CILEN_CBCP	3
292 
293 #define CODENAME(x)	((x) == CONFACK ? "ACK" : \
294 			 (x) == CONFNAK ? "NAK" : "REJ")
295 
296 /*
297  * noopt - Disable all options (why?).
298  */
299 static int
noopt(argv)300 noopt(argv)
301     char **argv;
302 {
303     BZERO((char *) &lcp_wantoptions[0], sizeof (struct lcp_options));
304     BZERO((char *) &lcp_allowoptions[0], sizeof (struct lcp_options));
305 
306     return (1);
307 }
308 
309 #ifdef HAVE_MULTILINK
310 static int
setendpoint(argv)311 setendpoint(argv)
312     char **argv;
313 {
314     if (str_to_epdisc(&lcp_wantoptions[0].endpoint, *argv)) {
315 	lcp_wantoptions[0].neg_endpoint = 1;
316 	return 1;
317     }
318     option_error("Can't parse '%s' as an endpoint discriminator", *argv);
319     return 0;
320 }
321 
322 static void
printendpoint(opt,printer,arg)323 printendpoint(opt, printer, arg)
324     option_t *opt;
325     void (*printer) __P((void *, char *, ...));
326     void *arg;
327 {
328 	printer(arg, "%s", epdisc_to_str(&lcp_wantoptions[0].endpoint));
329 }
330 #endif /* HAVE_MULTILINK */
331 
332 /*
333  * lcp_init - Initialize LCP.
334  */
335 static void
lcp_init(unit)336 lcp_init(unit)
337     int unit;
338 {
339     fsm *f = &lcp_fsm[unit];
340     lcp_options *wo = &lcp_wantoptions[unit];
341     lcp_options *ao = &lcp_allowoptions[unit];
342 
343     f->unit = unit;
344     f->protocol = PPP_LCP;
345     f->callbacks = &lcp_callbacks;
346 
347     fsm_init(f);
348 
349     BZERO(wo, sizeof(*wo));
350     wo->neg_mru = 1;
351     wo->mru = DEFMRU;
352     wo->neg_asyncmap = 1;
353     wo->neg_magicnumber = 1;
354     wo->neg_pcompression = 1;
355     wo->neg_accompression = 1;
356 
357     BZERO(ao, sizeof(*ao));
358     ao->neg_mru = 1;
359     ao->mru = MAXMRU;
360     ao->neg_asyncmap = 1;
361     ao->neg_chap = 1;
362     ao->chap_mdtype = chap_mdtype_all;
363     ao->neg_upap = 1;
364     ao->neg_eap = 1;
365     ao->neg_magicnumber = 1;
366     ao->neg_pcompression = 1;
367     ao->neg_accompression = 1;
368     ao->neg_endpoint = 1;
369 }
370 
371 
372 /*
373  * lcp_open - LCP is allowed to come up.
374  */
375 void
lcp_open(unit)376 lcp_open(unit)
377     int unit;
378 {
379     fsm *f = &lcp_fsm[unit];
380     lcp_options *wo = &lcp_wantoptions[unit];
381 
382     f->flags &= ~(OPT_PASSIVE | OPT_SILENT);
383     if (wo->passive)
384 	f->flags |= OPT_PASSIVE;
385     if (wo->silent)
386 	f->flags |= OPT_SILENT;
387     fsm_open(f);
388 }
389 
390 
391 /*
392  * lcp_close - Take LCP down.
393  */
394 void
lcp_close(unit,reason)395 lcp_close(unit, reason)
396     int unit;
397     char *reason;
398 {
399     fsm *f = &lcp_fsm[unit];
400     int oldstate;
401 
402     if (phase != PHASE_DEAD && phase != PHASE_MASTER)
403 	new_phase(PHASE_TERMINATE);
404 
405     if (f->flags & DELAYED_UP) {
406 	untimeout(lcp_delayed_up, f);
407 	f->state = STOPPED;
408     }
409     oldstate = f->state;
410 
411     fsm_close(f, reason);
412     if (oldstate == STOPPED && f->flags & (OPT_PASSIVE|OPT_SILENT|DELAYED_UP)) {
413 	/*
414 	 * This action is not strictly according to the FSM in RFC1548,
415 	 * but it does mean that the program terminates if you do a
416 	 * lcp_close() when a connection hasn't been established
417 	 * because we are in passive/silent mode or because we have
418 	 * delayed the fsm_lowerup() call and it hasn't happened yet.
419 	 */
420 	f->flags &= ~DELAYED_UP;
421 	lcp_finished(f);
422     }
423 }
424 
425 
426 /*
427  * lcp_lowerup - The lower layer is up.
428  */
429 void
lcp_lowerup(unit)430 lcp_lowerup(unit)
431     int unit;
432 {
433     lcp_options *wo = &lcp_wantoptions[unit];
434     fsm *f = &lcp_fsm[unit];
435 
436     /*
437      * Don't use A/C or protocol compression on transmission,
438      * but accept A/C and protocol compressed packets
439      * if we are going to ask for A/C and protocol compression.
440      */
441     if (ppp_send_config(unit, PPP_MRU, 0xffffffff, 0, 0) < 0
442 	|| ppp_recv_config(unit, PPP_MRU, (lax_recv? 0: 0xffffffff),
443 			   wo->neg_pcompression, wo->neg_accompression) < 0)
444 	    return;
445     peer_mru[unit] = PPP_MRU;
446 
447     if (listen_time != 0) {
448 	f->flags |= DELAYED_UP;
449 	timeout(lcp_delayed_up, f, 0, listen_time * 1000);
450     } else
451 	fsm_lowerup(f);
452 }
453 
454 
455 /*
456  * lcp_lowerdown - The lower layer is down.
457  */
458 void
lcp_lowerdown(unit)459 lcp_lowerdown(unit)
460     int unit;
461 {
462     fsm *f = &lcp_fsm[unit];
463 
464     if (f->flags & DELAYED_UP) {
465 	f->flags &= ~DELAYED_UP;
466 	untimeout(lcp_delayed_up, f);
467     } else
468 	fsm_lowerdown(&lcp_fsm[unit]);
469 }
470 
471 
472 /*
473  * lcp_delayed_up - Bring the lower layer up now.
474  */
475 static void
lcp_delayed_up(arg)476 lcp_delayed_up(arg)
477     void *arg;
478 {
479     fsm *f = arg;
480 
481     if (f->flags & DELAYED_UP) {
482 	f->flags &= ~DELAYED_UP;
483 	fsm_lowerup(f);
484     }
485 }
486 
487 
488 /*
489  * lcp_input - Input LCP packet.
490  */
491 static void
lcp_input(unit,p,len)492 lcp_input(unit, p, len)
493     int unit;
494     u_char *p;
495     int len;
496 {
497     fsm *f = &lcp_fsm[unit];
498 
499     if (f->flags & DELAYED_UP) {
500 	f->flags &= ~DELAYED_UP;
501 	untimeout(lcp_delayed_up, f);
502 	fsm_lowerup(f);
503     }
504     fsm_input(f, p, len);
505 }
506 
507 /*
508  * lcp_extcode - Handle a LCP-specific code.
509  */
510 static int
lcp_extcode(f,code,id,inp,len)511 lcp_extcode(f, code, id, inp, len)
512     fsm *f;
513     int code, id;
514     u_char *inp;
515     int len;
516 {
517     u_char *magp;
518 
519     switch( code ){
520     case PROTREJ:
521 	lcp_rprotrej(f, inp, len);
522 	break;
523 
524     case ECHOREQ:
525 	if (f->state != OPENED)
526 	    break;
527 	magp = inp;
528 	PUTLONG(lcp_gotoptions[f->unit].magicnumber, magp);
529 	fsm_sdata(f, ECHOREP, id, inp, len);
530 	break;
531 
532     case ECHOREP:
533 	lcp_received_echo_reply(f, id, inp, len);
534 	break;
535 
536     case DISCREQ:
537     case IDENTIF:
538     case TIMEREM:
539 	break;
540 
541     default:
542 	return 0;
543     }
544     return 1;
545 }
546 
547 
548 /*
549  * lcp_rprotrej - Receive an Protocol-Reject.
550  *
551  * Figure out which protocol is rejected and inform it.
552  */
553 static void
lcp_rprotrej(f,inp,len)554 lcp_rprotrej(f, inp, len)
555     fsm *f;
556     u_char *inp;
557     int len;
558 {
559     int i;
560     struct protent *protp;
561     u_short prot;
562     const char *pname;
563 
564     if (len < 2) {
565 	LCPDEBUG(("lcp_rprotrej: Rcvd short Protocol-Reject packet!"));
566 	return;
567     }
568 
569     GETSHORT(prot, inp);
570 
571     /*
572      * Protocol-Reject packets received in any state other than the LCP
573      * OPENED state SHOULD be silently discarded.
574      */
575     if( f->state != OPENED ){
576 	LCPDEBUG(("Protocol-Reject discarded: LCP in state %d", f->state));
577 	return;
578     }
579 
580     pname = protocol_name(prot);
581 
582     /*
583      * Upcall the proper Protocol-Reject routine.
584      */
585     for (i = 0; (protp = protocols[i]) != NULL; ++i)
586 	if (protp->protocol == prot && protp->enabled_flag) {
587 	    if (pname == NULL)
588 		dbglog("Protocol-Reject for 0x%x received", prot);
589 	    else
590 		dbglog("Protocol-Reject for '%s' (0x%x) received", pname,
591 		       prot);
592 	    (*protp->protrej)(f->unit);
593 	    return;
594 	}
595 
596     if (pname == NULL)
597 	warn("Protocol-Reject for unsupported protocol 0x%x", prot);
598     else
599 	warn("Protocol-Reject for unsupported protocol '%s' (0x%x)", pname,
600 	     prot);
601 }
602 
603 
604 /*
605  * lcp_protrej - A Protocol-Reject was received.
606  */
607 /*ARGSUSED*/
608 static void
lcp_protrej(unit)609 lcp_protrej(unit)
610     int unit;
611 {
612     /*
613      * Can't reject LCP!
614      */
615     error("Received Protocol-Reject for LCP!");
616     fsm_protreject(&lcp_fsm[unit]);
617 }
618 
619 
620 /*
621  * lcp_sprotrej - Send a Protocol-Reject for some protocol.
622  */
623 void
lcp_sprotrej(unit,p,len)624 lcp_sprotrej(unit, p, len)
625     int unit;
626     u_char *p;
627     int len;
628 {
629     /*
630      * Send back the protocol and the information field of the
631      * rejected packet.  We only get here if LCP is in the OPENED state.
632      */
633     p += 2;
634     len -= 2;
635 
636     fsm_sdata(&lcp_fsm[unit], PROTREJ, ++lcp_fsm[unit].id,
637 	      p, len);
638 }
639 
640 
641 /*
642  * lcp_resetci - Reset our CI.
643  */
644 static void
lcp_resetci(f)645 lcp_resetci(f)
646     fsm *f;
647 {
648     lcp_options *wo = &lcp_wantoptions[f->unit];
649     lcp_options *go = &lcp_gotoptions[f->unit];
650     lcp_options *ao = &lcp_allowoptions[f->unit];
651 
652     wo->magicnumber = magic();
653     wo->numloops = 0;
654     *go = *wo;
655     if (!multilink) {
656 	go->neg_mrru = 0;
657 	go->neg_ssnhf = 0;
658 	go->neg_endpoint = 0;
659     }
660     if (noendpoint)
661 	ao->neg_endpoint = 0;
662     peer_mru[f->unit] = PPP_MRU;
663     auth_reset(f->unit);
664 }
665 
666 
667 /*
668  * lcp_cilen - Return length of our CI.
669  */
670 static int
lcp_cilen(f)671 lcp_cilen(f)
672     fsm *f;
673 {
674     lcp_options *go = &lcp_gotoptions[f->unit];
675 
676 #define LENCIVOID(neg)	((neg) ? CILEN_VOID : 0)
677 #define LENCICHAP(neg)	((neg) ? CILEN_CHAP : 0)
678 #define LENCISHORT(neg)	((neg) ? CILEN_SHORT : 0)
679 #define LENCILONG(neg)	((neg) ? CILEN_LONG : 0)
680 #define LENCILQR(neg)	((neg) ? CILEN_LQR: 0)
681 #define LENCICBCP(neg)	((neg) ? CILEN_CBCP: 0)
682     /*
683      * NB: we only ask for one of CHAP, UPAP, or EAP, even if we will
684      * accept more than one.  We prefer EAP first, then CHAP, then
685      * PAP.
686      */
687     return (LENCISHORT(go->neg_mru && go->mru != DEFMRU) +
688 	    LENCILONG(go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF) +
689 	    LENCISHORT(go->neg_eap) +
690 	    LENCICHAP(!go->neg_eap && go->neg_chap) +
691 	    LENCISHORT(!go->neg_eap && !go->neg_chap && go->neg_upap) +
692 	    LENCILQR(go->neg_lqr) +
693 	    LENCICBCP(go->neg_cbcp) +
694 	    LENCILONG(go->neg_magicnumber) +
695 	    LENCIVOID(go->neg_pcompression) +
696 	    LENCIVOID(go->neg_accompression) +
697 	    LENCISHORT(go->neg_mrru) +
698 	    LENCIVOID(go->neg_ssnhf) +
699 	    (go->neg_endpoint? CILEN_CHAR + go->endpoint.length: 0));
700 }
701 
702 
703 /*
704  * lcp_addci - Add our desired CIs to a packet.
705  */
706 static void
lcp_addci(f,ucp,lenp)707 lcp_addci(f, ucp, lenp)
708     fsm *f;
709     u_char *ucp;
710     int *lenp;
711 {
712     lcp_options *go = &lcp_gotoptions[f->unit];
713     u_char *start_ucp = ucp;
714 
715 #define ADDCIVOID(opt, neg) \
716     if (neg) { \
717 	PUTCHAR(opt, ucp); \
718 	PUTCHAR(CILEN_VOID, ucp); \
719     }
720 #define ADDCISHORT(opt, neg, val) \
721     if (neg) { \
722 	PUTCHAR(opt, ucp); \
723 	PUTCHAR(CILEN_SHORT, ucp); \
724 	PUTSHORT(val, ucp); \
725     }
726 #define ADDCICHAP(opt, neg, val) \
727     if (neg) { \
728 	PUTCHAR((opt), ucp); \
729 	PUTCHAR(CILEN_CHAP, ucp); \
730 	PUTSHORT(PPP_CHAP, ucp); \
731 	PUTCHAR((CHAP_DIGEST(val)), ucp); \
732     }
733 #define ADDCILONG(opt, neg, val) \
734     if (neg) { \
735 	PUTCHAR(opt, ucp); \
736 	PUTCHAR(CILEN_LONG, ucp); \
737 	PUTLONG(val, ucp); \
738     }
739 #define ADDCILQR(opt, neg, val) \
740     if (neg) { \
741 	PUTCHAR(opt, ucp); \
742 	PUTCHAR(CILEN_LQR, ucp); \
743 	PUTSHORT(PPP_LQR, ucp); \
744 	PUTLONG(val, ucp); \
745     }
746 #define ADDCICHAR(opt, neg, val) \
747     if (neg) { \
748 	PUTCHAR(opt, ucp); \
749 	PUTCHAR(CILEN_CHAR, ucp); \
750 	PUTCHAR(val, ucp); \
751     }
752 #define ADDCIENDP(opt, neg, class, val, len) \
753     if (neg) { \
754 	int i; \
755 	PUTCHAR(opt, ucp); \
756 	PUTCHAR(CILEN_CHAR + len, ucp); \
757 	PUTCHAR(class, ucp); \
758 	for (i = 0; i < len; ++i) \
759 	    PUTCHAR(val[i], ucp); \
760     }
761 
762     ADDCISHORT(CI_MRU, go->neg_mru && go->mru != DEFMRU, go->mru);
763     ADDCILONG(CI_ASYNCMAP, go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF,
764 	      go->asyncmap);
765     ADDCISHORT(CI_AUTHTYPE, go->neg_eap, PPP_EAP);
766     ADDCICHAP(CI_AUTHTYPE, !go->neg_eap && go->neg_chap, go->chap_mdtype);
767     ADDCISHORT(CI_AUTHTYPE, !go->neg_eap && !go->neg_chap && go->neg_upap,
768 	       PPP_PAP);
769     ADDCILQR(CI_QUALITY, go->neg_lqr, go->lqr_period);
770     ADDCICHAR(CI_CALLBACK, go->neg_cbcp, CBCP_OPT);
771     ADDCILONG(CI_MAGICNUMBER, go->neg_magicnumber, go->magicnumber);
772     ADDCIVOID(CI_PCOMPRESSION, go->neg_pcompression);
773     ADDCIVOID(CI_ACCOMPRESSION, go->neg_accompression);
774     ADDCISHORT(CI_MRRU, go->neg_mrru, go->mrru);
775     ADDCIVOID(CI_SSNHF, go->neg_ssnhf);
776     ADDCIENDP(CI_EPDISC, go->neg_endpoint, go->endpoint.class,
777 	      go->endpoint.value, go->endpoint.length);
778 
779     if (ucp - start_ucp != *lenp) {
780 	/* this should never happen, because peer_mtu should be 1500 */
781 	error("Bug in lcp_addci: wrong length");
782     }
783 }
784 
785 
786 /*
787  * lcp_ackci - Ack our CIs.
788  * This should not modify any state if the Ack is bad.
789  *
790  * Returns:
791  *	0 - Ack was bad.
792  *	1 - Ack was good.
793  */
794 static int
lcp_ackci(f,p,len)795 lcp_ackci(f, p, len)
796     fsm *f;
797     u_char *p;
798     int len;
799 {
800     lcp_options *go = &lcp_gotoptions[f->unit];
801     u_char cilen, citype, cichar;
802     u_short cishort;
803     u_int32_t cilong;
804 
805     /*
806      * CIs must be in exactly the same order that we sent.
807      * Check packet length and CI length at each step.
808      * If we find any deviations, then this packet is bad.
809      */
810 #define ACKCIVOID(opt, neg) \
811     if (neg) { \
812 	if ((len -= CILEN_VOID) < 0) \
813 	    goto bad; \
814 	GETCHAR(citype, p); \
815 	GETCHAR(cilen, p); \
816 	if (cilen != CILEN_VOID || \
817 	    citype != opt) \
818 	    goto bad; \
819     }
820 #define ACKCISHORT(opt, neg, val) \
821     if (neg) { \
822 	if ((len -= CILEN_SHORT) < 0) \
823 	    goto bad; \
824 	GETCHAR(citype, p); \
825 	GETCHAR(cilen, p); \
826 	if (cilen != CILEN_SHORT || \
827 	    citype != opt) \
828 	    goto bad; \
829 	GETSHORT(cishort, p); \
830 	if (cishort != val) \
831 	    goto bad; \
832     }
833 #define ACKCICHAR(opt, neg, val) \
834     if (neg) { \
835 	if ((len -= CILEN_CHAR) < 0) \
836 	    goto bad; \
837 	GETCHAR(citype, p); \
838 	GETCHAR(cilen, p); \
839 	if (cilen != CILEN_CHAR || \
840 	    citype != opt) \
841 	    goto bad; \
842 	GETCHAR(cichar, p); \
843 	if (cichar != val) \
844 	    goto bad; \
845     }
846 #define ACKCICHAP(opt, neg, val) \
847     if (neg) { \
848 	if ((len -= CILEN_CHAP) < 0) \
849 	    goto bad; \
850 	GETCHAR(citype, p); \
851 	GETCHAR(cilen, p); \
852 	if (cilen != CILEN_CHAP || \
853 	    citype != (opt)) \
854 	    goto bad; \
855 	GETSHORT(cishort, p); \
856 	if (cishort != PPP_CHAP) \
857 	    goto bad; \
858 	GETCHAR(cichar, p); \
859 	if (cichar != (CHAP_DIGEST(val))) \
860 	  goto bad; \
861     }
862 #define ACKCILONG(opt, neg, val) \
863     if (neg) { \
864 	if ((len -= CILEN_LONG) < 0) \
865 	    goto bad; \
866 	GETCHAR(citype, p); \
867 	GETCHAR(cilen, p); \
868 	if (cilen != CILEN_LONG || \
869 	    citype != opt) \
870 	    goto bad; \
871 	GETLONG(cilong, p); \
872 	if (cilong != val) \
873 	    goto bad; \
874     }
875 #define ACKCILQR(opt, neg, val) \
876     if (neg) { \
877 	if ((len -= CILEN_LQR) < 0) \
878 	    goto bad; \
879 	GETCHAR(citype, p); \
880 	GETCHAR(cilen, p); \
881 	if (cilen != CILEN_LQR || \
882 	    citype != opt) \
883 	    goto bad; \
884 	GETSHORT(cishort, p); \
885 	if (cishort != PPP_LQR) \
886 	    goto bad; \
887 	GETLONG(cilong, p); \
888 	if (cilong != val) \
889 	  goto bad; \
890     }
891 #define ACKCIENDP(opt, neg, class, val, vlen) \
892     if (neg) { \
893 	int i; \
894 	if ((len -= CILEN_CHAR + vlen) < 0) \
895 	    goto bad; \
896 	GETCHAR(citype, p); \
897 	GETCHAR(cilen, p); \
898 	if (cilen != CILEN_CHAR + vlen || \
899 	    citype != opt) \
900 	    goto bad; \
901 	GETCHAR(cichar, p); \
902 	if (cichar != class) \
903 	    goto bad; \
904 	for (i = 0; i < vlen; ++i) { \
905 	    GETCHAR(cichar, p); \
906 	    if (cichar != val[i]) \
907 		goto bad; \
908 	} \
909     }
910 
911     ACKCISHORT(CI_MRU, go->neg_mru && go->mru != DEFMRU, go->mru);
912     ACKCILONG(CI_ASYNCMAP, go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF,
913 	      go->asyncmap);
914     ACKCISHORT(CI_AUTHTYPE, go->neg_eap, PPP_EAP);
915     ACKCICHAP(CI_AUTHTYPE, !go->neg_eap && go->neg_chap, go->chap_mdtype);
916     ACKCISHORT(CI_AUTHTYPE, !go->neg_eap && !go->neg_chap && go->neg_upap,
917 	       PPP_PAP);
918     ACKCILQR(CI_QUALITY, go->neg_lqr, go->lqr_period);
919     ACKCICHAR(CI_CALLBACK, go->neg_cbcp, CBCP_OPT);
920     ACKCILONG(CI_MAGICNUMBER, go->neg_magicnumber, go->magicnumber);
921     ACKCIVOID(CI_PCOMPRESSION, go->neg_pcompression);
922     ACKCIVOID(CI_ACCOMPRESSION, go->neg_accompression);
923     ACKCISHORT(CI_MRRU, go->neg_mrru, go->mrru);
924     ACKCIVOID(CI_SSNHF, go->neg_ssnhf);
925     ACKCIENDP(CI_EPDISC, go->neg_endpoint, go->endpoint.class,
926 	      go->endpoint.value, go->endpoint.length);
927 
928     /*
929      * If there are any remaining CIs, then this packet is bad.
930      */
931     if (len != 0)
932 	goto bad;
933     return (1);
934 bad:
935     LCPDEBUG(("lcp_acki: received bad Ack!"));
936     return (0);
937 }
938 
939 
940 /*
941  * lcp_nakci - Peer has sent a NAK for some of our CIs.
942  * This should not modify any state if the Nak is bad
943  * or if LCP is in the OPENED state.
944  *
945  * Returns:
946  *	0 - Nak was bad.
947  *	1 - Nak was good.
948  */
949 static int
lcp_nakci(f,p,len,treat_as_reject)950 lcp_nakci(f, p, len, treat_as_reject)
951     fsm *f;
952     u_char *p;
953     int len;
954     int treat_as_reject;
955 {
956     lcp_options *go = &lcp_gotoptions[f->unit];
957     lcp_options *wo = &lcp_wantoptions[f->unit];
958     u_char citype, cichar, *next;
959     u_short cishort;
960     u_int32_t cilong;
961     lcp_options no;		/* options we've seen Naks for */
962     lcp_options try;		/* options to request next time */
963     int looped_back = 0;
964     int cilen;
965 
966     BZERO(&no, sizeof(no));
967     try = *go;
968 
969     /*
970      * Any Nak'd CIs must be in exactly the same order that we sent.
971      * Check packet length and CI length at each step.
972      * If we find any deviations, then this packet is bad.
973      */
974 #define NAKCIVOID(opt, neg) \
975     if (go->neg && \
976 	len >= CILEN_VOID && \
977 	p[1] == CILEN_VOID && \
978 	p[0] == opt) { \
979 	len -= CILEN_VOID; \
980 	INCPTR(CILEN_VOID, p); \
981 	no.neg = 1; \
982 	try.neg = 0; \
983     }
984 #define NAKCICHAP(opt, neg, code) \
985     if (go->neg && \
986 	len >= CILEN_CHAP && \
987 	p[1] == CILEN_CHAP && \
988 	p[0] == opt) { \
989 	len -= CILEN_CHAP; \
990 	INCPTR(2, p); \
991 	GETSHORT(cishort, p); \
992 	GETCHAR(cichar, p); \
993 	no.neg = 1; \
994 	code \
995     }
996 #define NAKCICHAR(opt, neg, code) \
997     if (go->neg && \
998 	len >= CILEN_CHAR && \
999 	p[1] == CILEN_CHAR && \
1000 	p[0] == opt) { \
1001 	len -= CILEN_CHAR; \
1002 	INCPTR(2, p); \
1003 	GETCHAR(cichar, p); \
1004 	no.neg = 1; \
1005 	code \
1006     }
1007 #define NAKCISHORT(opt, neg, code) \
1008     if (go->neg && \
1009 	len >= CILEN_SHORT && \
1010 	p[1] == CILEN_SHORT && \
1011 	p[0] == opt) { \
1012 	len -= CILEN_SHORT; \
1013 	INCPTR(2, p); \
1014 	GETSHORT(cishort, p); \
1015 	no.neg = 1; \
1016 	code \
1017     }
1018 #define NAKCILONG(opt, neg, code) \
1019     if (go->neg && \
1020 	len >= CILEN_LONG && \
1021 	p[1] == CILEN_LONG && \
1022 	p[0] == opt) { \
1023 	len -= CILEN_LONG; \
1024 	INCPTR(2, p); \
1025 	GETLONG(cilong, p); \
1026 	no.neg = 1; \
1027 	code \
1028     }
1029 #define NAKCILQR(opt, neg, code) \
1030     if (go->neg && \
1031 	len >= CILEN_LQR && \
1032 	p[1] == CILEN_LQR && \
1033 	p[0] == opt) { \
1034 	len -= CILEN_LQR; \
1035 	INCPTR(2, p); \
1036 	GETSHORT(cishort, p); \
1037 	GETLONG(cilong, p); \
1038 	no.neg = 1; \
1039 	code \
1040     }
1041 #define NAKCIENDP(opt, neg) \
1042     if (go->neg && \
1043 	len >= CILEN_CHAR && \
1044 	p[0] == opt && \
1045 	p[1] >= CILEN_CHAR && \
1046 	p[1] <= len) { \
1047 	len -= p[1]; \
1048 	INCPTR(p[1], p); \
1049 	no.neg = 1; \
1050 	try.neg = 0; \
1051     }
1052 
1053     /*
1054      * NOTE!  There must be no assignments to individual fields of *go in
1055      * the code below.  Any such assignment is a BUG!
1056      */
1057     /*
1058      * We don't care if they want to send us smaller packets than
1059      * we want.  Therefore, accept any MRU less than what we asked for,
1060      * but then ignore the new value when setting the MRU in the kernel.
1061      * If they send us a bigger MRU than what we asked, accept it, up to
1062      * the limit of the default MRU we'd get if we didn't negotiate.
1063      */
1064     if (go->neg_mru && go->mru != DEFMRU) {
1065 	NAKCISHORT(CI_MRU, neg_mru,
1066 		   if (cishort <= wo->mru || cishort <= DEFMRU)
1067 		       try.mru = cishort;
1068 		   );
1069     }
1070 
1071     /*
1072      * Add any characters they want to our (receive-side) asyncmap.
1073      */
1074     if (go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF) {
1075 	NAKCILONG(CI_ASYNCMAP, neg_asyncmap,
1076 		  try.asyncmap = go->asyncmap | cilong;
1077 		  );
1078     }
1079 
1080     /*
1081      * If they've nak'd our authentication-protocol, check whether
1082      * they are proposing a different protocol, or a different
1083      * hash algorithm for CHAP.
1084      */
1085     if ((go->neg_chap || go->neg_upap || go->neg_eap)
1086 	&& len >= CILEN_SHORT
1087 	&& p[0] == CI_AUTHTYPE && p[1] >= CILEN_SHORT && p[1] <= len) {
1088 	cilen = p[1];
1089 	len -= cilen;
1090 	no.neg_chap = go->neg_chap;
1091 	no.neg_upap = go->neg_upap;
1092 	no.neg_eap = go->neg_eap;
1093 	INCPTR(2, p);
1094 	GETSHORT(cishort, p);
1095 	if (cishort == PPP_PAP && cilen == CILEN_SHORT) {
1096 	    /* If we were asking for EAP, then we need to stop that. */
1097 	    if (go->neg_eap)
1098 		try.neg_eap = 0;
1099 
1100 	    /* If we were asking for CHAP, then we need to stop that. */
1101 	    else if (go->neg_chap)
1102 		try.neg_chap = 0;
1103 	    /*
1104 	     * If we weren't asking for CHAP or EAP, then we were asking for
1105 	     * PAP, in which case this Nak is bad.
1106 	     */
1107 	    else
1108 		goto bad;
1109 
1110 	} else if (cishort == PPP_CHAP && cilen == CILEN_CHAP) {
1111 	    GETCHAR(cichar, p);
1112 	    /* Stop asking for EAP, if we were. */
1113 	    if (go->neg_eap) {
1114 		try.neg_eap = 0;
1115 		/* Try to set up to use their suggestion, if possible */
1116 		if (CHAP_CANDIGEST(go->chap_mdtype, cichar))
1117 		    try.chap_mdtype = CHAP_MDTYPE_D(cichar);
1118 	    } else if (go->neg_chap) {
1119 		/*
1120 		 * We were asking for our preferred algorithm, they must
1121 		 * want something different.
1122 		 */
1123 		if (cichar != CHAP_DIGEST(go->chap_mdtype)) {
1124 		    if (CHAP_CANDIGEST(go->chap_mdtype, cichar)) {
1125 			/* Use their suggestion if we support it ... */
1126 			try.chap_mdtype = CHAP_MDTYPE_D(cichar);
1127 		    } else {
1128 			/* ... otherwise, try our next-preferred algorithm. */
1129 			try.chap_mdtype &= ~(CHAP_MDTYPE(try.chap_mdtype));
1130 			if (try.chap_mdtype == MDTYPE_NONE) /* out of algos */
1131 			    try.neg_chap = 0;
1132 		    }
1133 		} else {
1134 		    /*
1135 		     * Whoops, they Nak'd our algorithm of choice
1136 		     * but then suggested it back to us.
1137 		     */
1138 		    goto bad;
1139 		}
1140 	    } else {
1141 		/*
1142 		 * Stop asking for PAP if we were asking for it.
1143 		 */
1144 		try.neg_upap = 0;
1145 	    }
1146 
1147 	} else {
1148 
1149 	    /*
1150 	     * If we were asking for EAP, and they're Conf-Naking EAP,
1151 	     * well, that's just strange.  Nobody should do that.
1152 	     */
1153 	    if (cishort == PPP_EAP && cilen == CILEN_SHORT && go->neg_eap)
1154 		dbglog("Unexpected Conf-Nak for EAP");
1155 
1156 	    /*
1157 	     * We don't recognize what they're suggesting.
1158 	     * Stop asking for what we were asking for.
1159 	     */
1160 	    if (go->neg_eap)
1161 		try.neg_eap = 0;
1162 	    else if (go->neg_chap)
1163 		try.neg_chap = 0;
1164 	    else
1165 		try.neg_upap = 0;
1166 	    p += cilen - CILEN_SHORT;
1167 	}
1168     }
1169 
1170     /*
1171      * If they can't cope with our link quality protocol, we'll have
1172      * to stop asking for LQR.  We haven't got any other protocol.
1173      * If they Nak the reporting period, take their value XXX ?
1174      */
1175     NAKCILQR(CI_QUALITY, neg_lqr,
1176 	     if (cishort != PPP_LQR)
1177 		 try.neg_lqr = 0;
1178 	     else
1179 		 try.lqr_period = cilong;
1180 	     );
1181 
1182     /*
1183      * Only implementing CBCP...not the rest of the callback options
1184      */
1185     NAKCICHAR(CI_CALLBACK, neg_cbcp,
1186               try.neg_cbcp = 0;
1187               );
1188 
1189     /*
1190      * Check for a looped-back line.
1191      */
1192     NAKCILONG(CI_MAGICNUMBER, neg_magicnumber,
1193 	      try.magicnumber = magic();
1194 	      looped_back = 1;
1195 	      );
1196 
1197     /*
1198      * Peer shouldn't send Nak for protocol compression or
1199      * address/control compression requests; they should send
1200      * a Reject instead.  If they send a Nak, treat it as a Reject.
1201      */
1202     NAKCIVOID(CI_PCOMPRESSION, neg_pcompression);
1203     NAKCIVOID(CI_ACCOMPRESSION, neg_accompression);
1204 
1205     /*
1206      * Nak for MRRU option - accept their value if it is smaller
1207      * than the one we want.
1208      */
1209     if (go->neg_mrru) {
1210 	NAKCISHORT(CI_MRRU, neg_mrru,
1211 		   if (treat_as_reject)
1212 		       try.neg_mrru = 0;
1213 		   else if (cishort <= wo->mrru)
1214 		       try.mrru = cishort;
1215 		   );
1216     }
1217 
1218     /*
1219      * Nak for short sequence numbers shouldn't be sent, treat it
1220      * like a reject.
1221      */
1222     NAKCIVOID(CI_SSNHF, neg_ssnhf);
1223 
1224     /*
1225      * Nak of the endpoint discriminator option is not permitted,
1226      * treat it like a reject.
1227      */
1228     NAKCIENDP(CI_EPDISC, neg_endpoint);
1229 
1230     /*
1231      * There may be remaining CIs, if the peer is requesting negotiation
1232      * on an option that we didn't include in our request packet.
1233      * If we see an option that we requested, or one we've already seen
1234      * in this packet, then this packet is bad.
1235      * If we wanted to respond by starting to negotiate on the requested
1236      * option(s), we could, but we don't, because except for the
1237      * authentication type and quality protocol, if we are not negotiating
1238      * an option, it is because we were told not to.
1239      * For the authentication type, the Nak from the peer means
1240      * `let me authenticate myself with you' which is a bit pointless.
1241      * For the quality protocol, the Nak means `ask me to send you quality
1242      * reports', but if we didn't ask for them, we don't want them.
1243      * An option we don't recognize represents the peer asking to
1244      * negotiate some option we don't support, so ignore it.
1245      */
1246     while (len >= CILEN_VOID) {
1247 	GETCHAR(citype, p);
1248 	GETCHAR(cilen, p);
1249 	if (cilen < CILEN_VOID || (len -= cilen) < 0)
1250 	    goto bad;
1251 	next = p + cilen - 2;
1252 
1253 	switch (citype) {
1254 	case CI_MRU:
1255 	    if ((go->neg_mru && go->mru != DEFMRU)
1256 		|| no.neg_mru || cilen != CILEN_SHORT)
1257 		goto bad;
1258 	    GETSHORT(cishort, p);
1259 	    if (cishort < DEFMRU) {
1260 		try.neg_mru = 1;
1261 		try.mru = cishort;
1262 	    }
1263 	    break;
1264 	case CI_ASYNCMAP:
1265 	    if ((go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF)
1266 		|| no.neg_asyncmap || cilen != CILEN_LONG)
1267 		goto bad;
1268 	    break;
1269 	case CI_AUTHTYPE:
1270 	    if (go->neg_chap || no.neg_chap || go->neg_upap || no.neg_upap ||
1271 		go->neg_eap || no.neg_eap)
1272 		goto bad;
1273 	    break;
1274 	case CI_MAGICNUMBER:
1275 	    if (go->neg_magicnumber || no.neg_magicnumber ||
1276 		cilen != CILEN_LONG)
1277 		goto bad;
1278 	    break;
1279 	case CI_PCOMPRESSION:
1280 	    if (go->neg_pcompression || no.neg_pcompression
1281 		|| cilen != CILEN_VOID)
1282 		goto bad;
1283 	    break;
1284 	case CI_ACCOMPRESSION:
1285 	    if (go->neg_accompression || no.neg_accompression
1286 		|| cilen != CILEN_VOID)
1287 		goto bad;
1288 	    break;
1289 	case CI_QUALITY:
1290 	    if (go->neg_lqr || no.neg_lqr || cilen != CILEN_LQR)
1291 		goto bad;
1292 	    break;
1293 	case CI_MRRU:
1294 	    if (go->neg_mrru || no.neg_mrru || cilen != CILEN_SHORT)
1295 		goto bad;
1296 	    break;
1297 	case CI_SSNHF:
1298 	    if (go->neg_ssnhf || no.neg_ssnhf || cilen != CILEN_VOID)
1299 		goto bad;
1300 	    try.neg_ssnhf = 1;
1301 	    break;
1302 	case CI_EPDISC:
1303 	    if (go->neg_endpoint || no.neg_endpoint || cilen < CILEN_CHAR)
1304 		goto bad;
1305 	    break;
1306 	}
1307 	p = next;
1308     }
1309 
1310     /*
1311      * OK, the Nak is good.  Now we can update state.
1312      * If there are any options left we ignore them.
1313      */
1314     if (f->state != OPENED) {
1315 	if (looped_back) {
1316 	    if (++try.numloops >= lcp_loopbackfail) {
1317 		notice("Serial line is looped back.");
1318 		status = EXIT_LOOPBACK;
1319 		lcp_close(f->unit, "Loopback detected");
1320 	    }
1321 	} else
1322 	    try.numloops = 0;
1323 	*go = try;
1324     }
1325 
1326     return 1;
1327 
1328 bad:
1329     LCPDEBUG(("lcp_nakci: received bad Nak!"));
1330     return 0;
1331 }
1332 
1333 
1334 /*
1335  * lcp_rejci - Peer has Rejected some of our CIs.
1336  * This should not modify any state if the Reject is bad
1337  * or if LCP is in the OPENED state.
1338  *
1339  * Returns:
1340  *	0 - Reject was bad.
1341  *	1 - Reject was good.
1342  */
1343 static int
lcp_rejci(f,p,len)1344 lcp_rejci(f, p, len)
1345     fsm *f;
1346     u_char *p;
1347     int len;
1348 {
1349     lcp_options *go = &lcp_gotoptions[f->unit];
1350     u_char cichar;
1351     u_short cishort;
1352     u_int32_t cilong;
1353     lcp_options try;		/* options to request next time */
1354 
1355     try = *go;
1356 
1357     /*
1358      * Any Rejected CIs must be in exactly the same order that we sent.
1359      * Check packet length and CI length at each step.
1360      * If we find any deviations, then this packet is bad.
1361      */
1362 #define REJCIVOID(opt, neg) \
1363     if (go->neg && \
1364 	len >= CILEN_VOID && \
1365 	p[1] == CILEN_VOID && \
1366 	p[0] == opt) { \
1367 	len -= CILEN_VOID; \
1368 	INCPTR(CILEN_VOID, p); \
1369 	try.neg = 0; \
1370     }
1371 #define REJCISHORT(opt, neg, val) \
1372     if (go->neg && \
1373 	len >= CILEN_SHORT && \
1374 	p[1] == CILEN_SHORT && \
1375 	p[0] == opt) { \
1376 	len -= CILEN_SHORT; \
1377 	INCPTR(2, p); \
1378 	GETSHORT(cishort, p); \
1379 	/* Check rejected value. */ \
1380 	if (cishort != val) \
1381 	    goto bad; \
1382 	try.neg = 0; \
1383     }
1384 #define REJCICHAP(opt, neg, val) \
1385     if (go->neg && \
1386 	len >= CILEN_CHAP && \
1387 	p[1] == CILEN_CHAP && \
1388 	p[0] == opt) { \
1389 	len -= CILEN_CHAP; \
1390 	INCPTR(2, p); \
1391 	GETSHORT(cishort, p); \
1392 	GETCHAR(cichar, p); \
1393 	/* Check rejected value. */ \
1394 	if ((cishort != PPP_CHAP) || (cichar != (CHAP_DIGEST(val)))) \
1395 	    goto bad; \
1396 	try.neg = 0; \
1397 	try.neg_eap = try.neg_upap = 0; \
1398     }
1399 #define REJCILONG(opt, neg, val) \
1400     if (go->neg && \
1401 	len >= CILEN_LONG && \
1402 	p[1] == CILEN_LONG && \
1403 	p[0] == opt) { \
1404 	len -= CILEN_LONG; \
1405 	INCPTR(2, p); \
1406 	GETLONG(cilong, p); \
1407 	/* Check rejected value. */ \
1408 	if (cilong != val) \
1409 	    goto bad; \
1410 	try.neg = 0; \
1411     }
1412 #define REJCILQR(opt, neg, val) \
1413     if (go->neg && \
1414 	len >= CILEN_LQR && \
1415 	p[1] == CILEN_LQR && \
1416 	p[0] == opt) { \
1417 	len -= CILEN_LQR; \
1418 	INCPTR(2, p); \
1419 	GETSHORT(cishort, p); \
1420 	GETLONG(cilong, p); \
1421 	/* Check rejected value. */ \
1422 	if (cishort != PPP_LQR || cilong != val) \
1423 	    goto bad; \
1424 	try.neg = 0; \
1425     }
1426 #define REJCICBCP(opt, neg, val) \
1427     if (go->neg && \
1428 	len >= CILEN_CBCP && \
1429 	p[1] == CILEN_CBCP && \
1430 	p[0] == opt) { \
1431 	len -= CILEN_CBCP; \
1432 	INCPTR(2, p); \
1433 	GETCHAR(cichar, p); \
1434 	/* Check rejected value. */ \
1435 	if (cichar != val) \
1436 	    goto bad; \
1437 	try.neg = 0; \
1438     }
1439 #define REJCIENDP(opt, neg, class, val, vlen) \
1440     if (go->neg && \
1441 	len >= CILEN_CHAR + vlen && \
1442 	p[0] == opt && \
1443 	p[1] == CILEN_CHAR + vlen) { \
1444 	int i; \
1445 	len -= CILEN_CHAR + vlen; \
1446 	INCPTR(2, p); \
1447 	GETCHAR(cichar, p); \
1448 	if (cichar != class) \
1449 	    goto bad; \
1450 	for (i = 0; i < vlen; ++i) { \
1451 	    GETCHAR(cichar, p); \
1452 	    if (cichar != val[i]) \
1453 		goto bad; \
1454 	} \
1455 	try.neg = 0; \
1456     }
1457 
1458     REJCISHORT(CI_MRU, neg_mru, go->mru);
1459     REJCILONG(CI_ASYNCMAP, neg_asyncmap, go->asyncmap);
1460     REJCISHORT(CI_AUTHTYPE, neg_eap, PPP_EAP);
1461     if (!go->neg_eap) {
1462 	REJCICHAP(CI_AUTHTYPE, neg_chap, go->chap_mdtype);
1463 	if (!go->neg_chap) {
1464 	    REJCISHORT(CI_AUTHTYPE, neg_upap, PPP_PAP);
1465 	}
1466     }
1467     REJCILQR(CI_QUALITY, neg_lqr, go->lqr_period);
1468     REJCICBCP(CI_CALLBACK, neg_cbcp, CBCP_OPT);
1469     REJCILONG(CI_MAGICNUMBER, neg_magicnumber, go->magicnumber);
1470     REJCIVOID(CI_PCOMPRESSION, neg_pcompression);
1471     REJCIVOID(CI_ACCOMPRESSION, neg_accompression);
1472     REJCISHORT(CI_MRRU, neg_mrru, go->mrru);
1473     REJCIVOID(CI_SSNHF, neg_ssnhf);
1474     REJCIENDP(CI_EPDISC, neg_endpoint, go->endpoint.class,
1475 	      go->endpoint.value, go->endpoint.length);
1476 
1477     /*
1478      * If there are any remaining CIs, then this packet is bad.
1479      */
1480     if (len != 0)
1481 	goto bad;
1482     /*
1483      * Now we can update state.
1484      */
1485     if (f->state != OPENED)
1486 	*go = try;
1487     return 1;
1488 
1489 bad:
1490     LCPDEBUG(("lcp_rejci: received bad Reject!"));
1491     return 0;
1492 }
1493 
1494 
1495 /*
1496  * lcp_reqci - Check the peer's requested CIs and send appropriate response.
1497  *
1498  * Returns: CONFACK, CONFNAK or CONFREJ and input packet modified
1499  * appropriately.  If reject_if_disagree is non-zero, doesn't return
1500  * CONFNAK; returns CONFREJ if it can't return CONFACK.
1501  */
1502 static int
lcp_reqci(f,inp,lenp,reject_if_disagree)1503 lcp_reqci(f, inp, lenp, reject_if_disagree)
1504     fsm *f;
1505     u_char *inp;		/* Requested CIs */
1506     int *lenp;			/* Length of requested CIs */
1507     int reject_if_disagree;
1508 {
1509     lcp_options *go = &lcp_gotoptions[f->unit];
1510     lcp_options *ho = &lcp_hisoptions[f->unit];
1511     lcp_options *ao = &lcp_allowoptions[f->unit];
1512     u_char *cip, *next;		/* Pointer to current and next CIs */
1513     int cilen, citype, cichar;	/* Parsed len, type, char value */
1514     u_short cishort;		/* Parsed short value */
1515     u_int32_t cilong;		/* Parse long value */
1516     int rc = CONFACK;		/* Final packet return code */
1517     int orc;			/* Individual option return code */
1518     u_char *p;			/* Pointer to next char to parse */
1519     u_char *rejp;		/* Pointer to next char in reject frame */
1520     u_char *nakp;		/* Pointer to next char in Nak frame */
1521     int l = *lenp;		/* Length left */
1522 
1523     /*
1524      * Reset all his options.
1525      */
1526     BZERO(ho, sizeof(*ho));
1527 
1528     /*
1529      * Process all his options.
1530      */
1531     next = inp;
1532     nakp = nak_buffer;
1533     rejp = inp;
1534     while (l) {
1535 	orc = CONFACK;			/* Assume success */
1536 	cip = p = next;			/* Remember begining of CI */
1537 	if (l < 2 ||			/* Not enough data for CI header or */
1538 	    p[1] < 2 ||			/*  CI length too small or */
1539 	    p[1] > l) {			/*  CI length too big? */
1540 	    LCPDEBUG(("lcp_reqci: bad CI length!"));
1541 	    orc = CONFREJ;		/* Reject bad CI */
1542 	    cilen = l;			/* Reject till end of packet */
1543 	    l = 0;			/* Don't loop again */
1544 	    citype = 0;
1545 	    goto endswitch;
1546 	}
1547 	GETCHAR(citype, p);		/* Parse CI type */
1548 	GETCHAR(cilen, p);		/* Parse CI length */
1549 	l -= cilen;			/* Adjust remaining length */
1550 	next += cilen;			/* Step to next CI */
1551 
1552 	switch (citype) {		/* Check CI type */
1553 	case CI_MRU:
1554 	    if (!ao->neg_mru ||		/* Allow option? */
1555 		cilen != CILEN_SHORT) {	/* Check CI length */
1556 		orc = CONFREJ;		/* Reject CI */
1557 		break;
1558 	    }
1559 	    GETSHORT(cishort, p);	/* Parse MRU */
1560 
1561 	    /*
1562 	     * He must be able to receive at least our minimum.
1563 	     * No need to check a maximum.  If he sends a large number,
1564 	     * we'll just ignore it.
1565 	     */
1566 	    if (cishort < MINMRU) {
1567 		orc = CONFNAK;		/* Nak CI */
1568 		PUTCHAR(CI_MRU, nakp);
1569 		PUTCHAR(CILEN_SHORT, nakp);
1570 		PUTSHORT(MINMRU, nakp);	/* Give him a hint */
1571 		break;
1572 	    }
1573 	    ho->neg_mru = 1;		/* Remember he sent MRU */
1574 	    ho->mru = cishort;		/* And remember value */
1575 	    break;
1576 
1577 	case CI_ASYNCMAP:
1578 	    if (!ao->neg_asyncmap ||
1579 		cilen != CILEN_LONG) {
1580 		orc = CONFREJ;
1581 		break;
1582 	    }
1583 	    GETLONG(cilong, p);
1584 
1585 	    /*
1586 	     * Asyncmap must have set at least the bits
1587 	     * which are set in lcp_allowoptions[unit].asyncmap.
1588 	     */
1589 	    if ((ao->asyncmap & ~cilong) != 0) {
1590 		orc = CONFNAK;
1591 		PUTCHAR(CI_ASYNCMAP, nakp);
1592 		PUTCHAR(CILEN_LONG, nakp);
1593 		PUTLONG(ao->asyncmap | cilong, nakp);
1594 		break;
1595 	    }
1596 	    ho->neg_asyncmap = 1;
1597 	    ho->asyncmap = cilong;
1598 	    break;
1599 
1600 	case CI_AUTHTYPE:
1601 	    if (cilen < CILEN_SHORT ||
1602 		!(ao->neg_upap || ao->neg_chap || ao->neg_eap)) {
1603 		/*
1604 		 * Reject the option if we're not willing to authenticate.
1605 		 */
1606 		dbglog("No auth is possible");
1607 		orc = CONFREJ;
1608 		break;
1609 	    }
1610 	    GETSHORT(cishort, p);
1611 
1612 	    /*
1613 	     * Authtype must be PAP, CHAP, or EAP.
1614 	     *
1615 	     * Note: if more than one of ao->neg_upap, ao->neg_chap, and
1616 	     * ao->neg_eap are set, and the peer sends a Configure-Request
1617 	     * with two or more authenticate-protocol requests, then we will
1618 	     * reject the second request.
1619 	     * Whether we end up doing CHAP, UPAP, or EAP depends then on
1620 	     * the ordering of the CIs in the peer's Configure-Request.
1621              */
1622 
1623 	    if (cishort == PPP_PAP) {
1624 		/* we've already accepted CHAP or EAP */
1625 		if (ho->neg_chap || ho->neg_eap ||
1626 		    cilen != CILEN_SHORT) {
1627 		    LCPDEBUG(("lcp_reqci: rcvd AUTHTYPE PAP, rejecting..."));
1628 		    orc = CONFREJ;
1629 		    break;
1630 		}
1631 		if (!ao->neg_upap) {	/* we don't want to do PAP */
1632 		    orc = CONFNAK;	/* NAK it and suggest CHAP or EAP */
1633 		    PUTCHAR(CI_AUTHTYPE, nakp);
1634 		    if (ao->neg_eap) {
1635 			PUTCHAR(CILEN_SHORT, nakp);
1636 			PUTSHORT(PPP_EAP, nakp);
1637 		    } else {
1638 			PUTCHAR(CILEN_CHAP, nakp);
1639 			PUTSHORT(PPP_CHAP, nakp);
1640 			PUTCHAR(CHAP_DIGEST(ao->chap_mdtype), nakp);
1641 		    }
1642 		    break;
1643 		}
1644 		ho->neg_upap = 1;
1645 		break;
1646 	    }
1647 	    if (cishort == PPP_CHAP) {
1648 		/* we've already accepted PAP or EAP */
1649 		if (ho->neg_upap || ho->neg_eap ||
1650 		    cilen != CILEN_CHAP) {
1651 		    LCPDEBUG(("lcp_reqci: rcvd AUTHTYPE CHAP, rejecting..."));
1652 		    orc = CONFREJ;
1653 		    break;
1654 		}
1655 		if (!ao->neg_chap) {	/* we don't want to do CHAP */
1656 		    orc = CONFNAK;	/* NAK it and suggest EAP or PAP */
1657 		    PUTCHAR(CI_AUTHTYPE, nakp);
1658 		    PUTCHAR(CILEN_SHORT, nakp);
1659 		    if (ao->neg_eap) {
1660 			PUTSHORT(PPP_EAP, nakp);
1661 		    } else {
1662 			PUTSHORT(PPP_PAP, nakp);
1663 		    }
1664 		    break;
1665 		}
1666 		GETCHAR(cichar, p);	/* get digest type */
1667 		if (!(CHAP_CANDIGEST(ao->chap_mdtype, cichar))) {
1668 		    /*
1669 		     * We can't/won't do the requested type,
1670 		     * suggest something else.
1671 		     */
1672 		    orc = CONFNAK;
1673 		    PUTCHAR(CI_AUTHTYPE, nakp);
1674 		    PUTCHAR(CILEN_CHAP, nakp);
1675 		    PUTSHORT(PPP_CHAP, nakp);
1676 		    PUTCHAR(CHAP_DIGEST(ao->chap_mdtype), nakp);
1677 		    break;
1678 		}
1679 		ho->chap_mdtype = CHAP_MDTYPE_D(cichar); /* save md type */
1680 		ho->neg_chap = 1;
1681 		break;
1682 	    }
1683 	    if (cishort == PPP_EAP) {
1684 		/* we've already accepted CHAP or PAP */
1685 		if (ho->neg_chap || ho->neg_upap || cilen != CILEN_SHORT) {
1686 		    LCPDEBUG(("lcp_reqci: rcvd AUTHTYPE EAP, rejecting..."));
1687 		    orc = CONFREJ;
1688 		    break;
1689 		}
1690 		if (!ao->neg_eap) {	/* we don't want to do EAP */
1691 		    orc = CONFNAK;	/* NAK it and suggest CHAP or PAP */
1692 		    PUTCHAR(CI_AUTHTYPE, nakp);
1693 		    if (ao->neg_chap) {
1694 			PUTCHAR(CILEN_CHAP, nakp);
1695 			PUTSHORT(PPP_CHAP, nakp);
1696 			PUTCHAR(CHAP_DIGEST(ao->chap_mdtype), nakp);
1697 		    } else {
1698 			PUTCHAR(CILEN_SHORT, nakp);
1699 			PUTSHORT(PPP_PAP, nakp);
1700 		    }
1701 		    break;
1702 		}
1703 		ho->neg_eap = 1;
1704 		break;
1705 	    }
1706 
1707 	    /*
1708 	     * We don't recognize the protocol they're asking for.
1709 	     * Nak it with something we're willing to do.
1710 	     * (At this point we know ao->neg_upap || ao->neg_chap ||
1711 	     * ao->neg_eap.)
1712 	     */
1713 	    orc = CONFNAK;
1714 	    PUTCHAR(CI_AUTHTYPE, nakp);
1715 	    if (ao->neg_eap) {
1716 		PUTCHAR(CILEN_SHORT, nakp);
1717 		PUTSHORT(PPP_EAP, nakp);
1718 	    } else if (ao->neg_chap) {
1719 		PUTCHAR(CILEN_CHAP, nakp);
1720 		PUTSHORT(PPP_CHAP, nakp);
1721 		PUTCHAR(CHAP_DIGEST(ao->chap_mdtype), nakp);
1722 	    } else {
1723 		PUTCHAR(CILEN_SHORT, nakp);
1724 		PUTSHORT(PPP_PAP, nakp);
1725 	    }
1726 	    break;
1727 
1728 	case CI_QUALITY:
1729 	    if (!ao->neg_lqr ||
1730 		cilen != CILEN_LQR) {
1731 		orc = CONFREJ;
1732 		break;
1733 	    }
1734 
1735 	    GETSHORT(cishort, p);
1736 	    GETLONG(cilong, p);
1737 
1738 	    /*
1739 	     * Check the protocol and the reporting period.
1740 	     * XXX When should we Nak this, and what with?
1741 	     */
1742 	    if (cishort != PPP_LQR) {
1743 		orc = CONFNAK;
1744 		PUTCHAR(CI_QUALITY, nakp);
1745 		PUTCHAR(CILEN_LQR, nakp);
1746 		PUTSHORT(PPP_LQR, nakp);
1747 		PUTLONG(ao->lqr_period, nakp);
1748 		break;
1749 	    }
1750 	    break;
1751 
1752 	case CI_MAGICNUMBER:
1753 	    if (!(ao->neg_magicnumber || go->neg_magicnumber) ||
1754 		cilen != CILEN_LONG) {
1755 		orc = CONFREJ;
1756 		break;
1757 	    }
1758 	    GETLONG(cilong, p);
1759 
1760 	    /*
1761 	     * He must have a different magic number.
1762 	     */
1763 	    if (go->neg_magicnumber &&
1764 		cilong == go->magicnumber) {
1765 		cilong = magic();	/* Don't put magic() inside macro! */
1766 		orc = CONFNAK;
1767 		PUTCHAR(CI_MAGICNUMBER, nakp);
1768 		PUTCHAR(CILEN_LONG, nakp);
1769 		PUTLONG(cilong, nakp);
1770 		break;
1771 	    }
1772 	    ho->neg_magicnumber = 1;
1773 	    ho->magicnumber = cilong;
1774 	    break;
1775 
1776 
1777 	case CI_PCOMPRESSION:
1778 	    if (!ao->neg_pcompression ||
1779 		cilen != CILEN_VOID) {
1780 		orc = CONFREJ;
1781 		break;
1782 	    }
1783 	    ho->neg_pcompression = 1;
1784 	    break;
1785 
1786 	case CI_ACCOMPRESSION:
1787 	    if (!ao->neg_accompression ||
1788 		cilen != CILEN_VOID) {
1789 		orc = CONFREJ;
1790 		break;
1791 	    }
1792 	    ho->neg_accompression = 1;
1793 	    break;
1794 
1795 	case CI_MRRU:
1796 	    if (!ao->neg_mrru || !multilink ||
1797 		cilen != CILEN_SHORT) {
1798 		orc = CONFREJ;
1799 		break;
1800 	    }
1801 
1802 	    GETSHORT(cishort, p);
1803 	    /* possibly should insist on a minimum/maximum MRRU here */
1804 	    ho->neg_mrru = 1;
1805 	    ho->mrru = cishort;
1806 	    break;
1807 
1808 	case CI_SSNHF:
1809 	    if (!ao->neg_ssnhf || !multilink ||
1810 		cilen != CILEN_VOID) {
1811 		orc = CONFREJ;
1812 		break;
1813 	    }
1814 	    ho->neg_ssnhf = 1;
1815 	    break;
1816 
1817 	case CI_EPDISC:
1818 	    if (!ao->neg_endpoint ||
1819 		cilen < CILEN_CHAR ||
1820 		cilen > CILEN_CHAR + MAX_ENDP_LEN) {
1821 		orc = CONFREJ;
1822 		break;
1823 	    }
1824 	    GETCHAR(cichar, p);
1825 	    cilen -= CILEN_CHAR;
1826 	    ho->neg_endpoint = 1;
1827 	    ho->endpoint.class = cichar;
1828 	    ho->endpoint.length = cilen;
1829 	    BCOPY(p, ho->endpoint.value, cilen);
1830 	    INCPTR(cilen, p);
1831 	    break;
1832 
1833 	default:
1834 	    LCPDEBUG(("lcp_reqci: rcvd unknown option %d", citype));
1835 	    orc = CONFREJ;
1836 	    break;
1837 	}
1838 
1839 endswitch:
1840 	if (orc == CONFACK &&		/* Good CI */
1841 	    rc != CONFACK)		/*  but prior CI wasnt? */
1842 	    continue;			/* Don't send this one */
1843 
1844 	if (orc == CONFNAK) {		/* Nak this CI? */
1845 	    if (reject_if_disagree	/* Getting fed up with sending NAKs? */
1846 		&& citype != CI_MAGICNUMBER) {
1847 		orc = CONFREJ;		/* Get tough if so */
1848 	    } else {
1849 		if (rc == CONFREJ)	/* Rejecting prior CI? */
1850 		    continue;		/* Don't send this one */
1851 		rc = CONFNAK;
1852 	    }
1853 	}
1854 	if (orc == CONFREJ) {		/* Reject this CI */
1855 	    rc = CONFREJ;
1856 	    if (cip != rejp)		/* Need to move rejected CI? */
1857 		BCOPY(cip, rejp, cilen); /* Move it */
1858 	    INCPTR(cilen, rejp);	/* Update output pointer */
1859 	}
1860     }
1861 
1862     /*
1863      * If we wanted to send additional NAKs (for unsent CIs), the
1864      * code would go here.  The extra NAKs would go at *nakp.
1865      * At present there are no cases where we want to ask the
1866      * peer to negotiate an option.
1867      */
1868 
1869     switch (rc) {
1870     case CONFACK:
1871 	*lenp = next - inp;
1872 	break;
1873     case CONFNAK:
1874 	/*
1875 	 * Copy the Nak'd options from the nak_buffer to the caller's buffer.
1876 	 */
1877 	*lenp = nakp - nak_buffer;
1878 	BCOPY(nak_buffer, inp, *lenp);
1879 	break;
1880     case CONFREJ:
1881 	*lenp = rejp - inp;
1882 	break;
1883     }
1884 
1885     LCPDEBUG(("lcp_reqci: returning CONF%s.", CODENAME(rc)));
1886     return (rc);			/* Return final code */
1887 }
1888 
1889 
1890 /*
1891  * lcp_up - LCP has come UP.
1892  */
1893 static void
lcp_up(f)1894 lcp_up(f)
1895     fsm *f;
1896 {
1897     lcp_options *wo = &lcp_wantoptions[f->unit];
1898     lcp_options *ho = &lcp_hisoptions[f->unit];
1899     lcp_options *go = &lcp_gotoptions[f->unit];
1900     lcp_options *ao = &lcp_allowoptions[f->unit];
1901     int mtu, mru;
1902 
1903     if (!go->neg_magicnumber)
1904 	go->magicnumber = 0;
1905     if (!ho->neg_magicnumber)
1906 	ho->magicnumber = 0;
1907 
1908     /*
1909      * Set our MTU to the smaller of the MTU we wanted and
1910      * the MRU our peer wanted.  If we negotiated an MRU,
1911      * set our MRU to the larger of value we wanted and
1912      * the value we got in the negotiation.
1913      * Note on the MTU: the link MTU can be the MRU the peer wanted,
1914      * the interface MTU is set to the lowest of that, the
1915      * MTU we want to use, and our link MRU.
1916      */
1917     mtu = ho->neg_mru? ho->mru: PPP_MRU;
1918     mru = go->neg_mru? MAX(wo->mru, go->mru): PPP_MRU;
1919 #ifdef HAVE_MULTILINK
1920     if (!(multilink && go->neg_mrru && ho->neg_mrru))
1921 #endif /* HAVE_MULTILINK */
1922 	netif_set_mtu(f->unit, MIN(MIN(mtu, mru), ao->mru));
1923     ppp_send_config(f->unit, mtu,
1924 		    (ho->neg_asyncmap? ho->asyncmap: 0xffffffff),
1925 		    ho->neg_pcompression, ho->neg_accompression);
1926     ppp_recv_config(f->unit, mru,
1927 		    (lax_recv? 0: go->neg_asyncmap? go->asyncmap: 0xffffffff),
1928 		    go->neg_pcompression, go->neg_accompression);
1929 
1930     if (ho->neg_mru)
1931 	peer_mru[f->unit] = ho->mru;
1932 
1933     lcp_echo_lowerup(f->unit);  /* Enable echo messages */
1934 
1935     link_established(f->unit);
1936 }
1937 
1938 
1939 /*
1940  * lcp_down - LCP has gone DOWN.
1941  *
1942  * Alert other protocols.
1943  */
1944 static void
lcp_down(f)1945 lcp_down(f)
1946     fsm *f;
1947 {
1948     lcp_options *go = &lcp_gotoptions[f->unit];
1949 
1950     lcp_echo_lowerdown(f->unit);
1951 
1952     link_down(f->unit);
1953 
1954     ppp_send_config(f->unit, PPP_MRU, 0xffffffff, 0, 0);
1955     ppp_recv_config(f->unit, PPP_MRU,
1956 		    (go->neg_asyncmap? go->asyncmap: 0xffffffff),
1957 		    go->neg_pcompression, go->neg_accompression);
1958     peer_mru[f->unit] = PPP_MRU;
1959 }
1960 
1961 
1962 /*
1963  * lcp_starting - LCP needs the lower layer up.
1964  */
1965 static void
lcp_starting(f)1966 lcp_starting(f)
1967     fsm *f;
1968 {
1969     link_required(f->unit);
1970 }
1971 
1972 
1973 /*
1974  * lcp_finished - LCP has finished with the lower layer.
1975  */
1976 static void
lcp_finished(f)1977 lcp_finished(f)
1978     fsm *f;
1979 {
1980     link_terminated(f->unit);
1981 }
1982 
1983 
1984 /*
1985  * lcp_printpkt - print the contents of an LCP packet.
1986  */
1987 static char *lcp_codenames[] = {
1988     "ConfReq", "ConfAck", "ConfNak", "ConfRej",
1989     "TermReq", "TermAck", "CodeRej", "ProtRej",
1990     "EchoReq", "EchoRep", "DiscReq", "Ident",
1991     "TimeRem"
1992 };
1993 
1994 static int
lcp_printpkt(p,plen,printer,arg)1995 lcp_printpkt(p, plen, printer, arg)
1996     u_char *p;
1997     int plen;
1998     void (*printer) __P((void *, char *, ...));
1999     void *arg;
2000 {
2001     int code, id, len, olen, i;
2002     u_char *pstart, *optend;
2003     u_short cishort;
2004     u_int32_t cilong;
2005 
2006     if (plen < HEADERLEN)
2007 	return 0;
2008     pstart = p;
2009     GETCHAR(code, p);
2010     GETCHAR(id, p);
2011     GETSHORT(len, p);
2012     if (len < HEADERLEN || len > plen)
2013 	return 0;
2014 
2015     if (code >= 1 && code <= sizeof(lcp_codenames) / sizeof(char *))
2016 	printer(arg, " %s", lcp_codenames[code-1]);
2017     else
2018 	printer(arg, " code=0x%x", code);
2019     printer(arg, " id=0x%x", id);
2020     len -= HEADERLEN;
2021     switch (code) {
2022     case CONFREQ:
2023     case CONFACK:
2024     case CONFNAK:
2025     case CONFREJ:
2026 	/* print option list */
2027 	while (len >= 2) {
2028 	    GETCHAR(code, p);
2029 	    GETCHAR(olen, p);
2030 	    p -= 2;
2031 	    if (olen < 2 || olen > len) {
2032 		break;
2033 	    }
2034 	    printer(arg, " <");
2035 	    len -= olen;
2036 	    optend = p + olen;
2037 	    switch (code) {
2038 	    case CI_MRU:
2039 		if (olen == CILEN_SHORT) {
2040 		    p += 2;
2041 		    GETSHORT(cishort, p);
2042 		    printer(arg, "mru %d", cishort);
2043 		}
2044 		break;
2045 	    case CI_ASYNCMAP:
2046 		if (olen == CILEN_LONG) {
2047 		    p += 2;
2048 		    GETLONG(cilong, p);
2049 		    printer(arg, "asyncmap 0x%x", cilong);
2050 		}
2051 		break;
2052 	    case CI_AUTHTYPE:
2053 		if (olen >= CILEN_SHORT) {
2054 		    p += 2;
2055 		    printer(arg, "auth ");
2056 		    GETSHORT(cishort, p);
2057 		    switch (cishort) {
2058 		    case PPP_PAP:
2059 			printer(arg, "pap");
2060 			break;
2061 		    case PPP_CHAP:
2062 			printer(arg, "chap");
2063 			if (p < optend) {
2064 			    switch (*p) {
2065 			    case CHAP_MD5:
2066 				printer(arg, " MD5");
2067 				++p;
2068 				break;
2069 			    case CHAP_MICROSOFT:
2070 				printer(arg, " MS");
2071 				++p;
2072 				break;
2073 
2074 			    case CHAP_MICROSOFT_V2:
2075 				printer(arg, " MS-v2");
2076 				++p;
2077 				break;
2078 			    }
2079 			}
2080 			break;
2081 		    case PPP_EAP:
2082 			printer(arg, "eap");
2083 			break;
2084 		    default:
2085 			printer(arg, "0x%x", cishort);
2086 		    }
2087 		}
2088 		break;
2089 	    case CI_QUALITY:
2090 		if (olen >= CILEN_SHORT) {
2091 		    p += 2;
2092 		    printer(arg, "quality ");
2093 		    GETSHORT(cishort, p);
2094 		    switch (cishort) {
2095 		    case PPP_LQR:
2096 			printer(arg, "lqr");
2097 			break;
2098 		    default:
2099 			printer(arg, "0x%x", cishort);
2100 		    }
2101 		}
2102 		break;
2103 	    case CI_CALLBACK:
2104 		if (olen >= CILEN_CHAR) {
2105 		    p += 2;
2106 		    printer(arg, "callback ");
2107 		    GETCHAR(cishort, p);
2108 		    switch (cishort) {
2109 		    case CBCP_OPT:
2110 			printer(arg, "CBCP");
2111 			break;
2112 		    default:
2113 			printer(arg, "0x%x", cishort);
2114 		    }
2115 		}
2116 		break;
2117 	    case CI_MAGICNUMBER:
2118 		if (olen == CILEN_LONG) {
2119 		    p += 2;
2120 		    GETLONG(cilong, p);
2121 		    printer(arg, "magic 0x%x", cilong);
2122 		}
2123 		break;
2124 	    case CI_PCOMPRESSION:
2125 		if (olen == CILEN_VOID) {
2126 		    p += 2;
2127 		    printer(arg, "pcomp");
2128 		}
2129 		break;
2130 	    case CI_ACCOMPRESSION:
2131 		if (olen == CILEN_VOID) {
2132 		    p += 2;
2133 		    printer(arg, "accomp");
2134 		}
2135 		break;
2136 	    case CI_MRRU:
2137 		if (olen == CILEN_SHORT) {
2138 		    p += 2;
2139 		    GETSHORT(cishort, p);
2140 		    printer(arg, "mrru %d", cishort);
2141 		}
2142 		break;
2143 	    case CI_SSNHF:
2144 		if (olen == CILEN_VOID) {
2145 		    p += 2;
2146 		    printer(arg, "ssnhf");
2147 		}
2148 		break;
2149 	    case CI_EPDISC:
2150 #ifdef HAVE_MULTILINK
2151 		if (olen >= CILEN_CHAR) {
2152 		    struct epdisc epd;
2153 		    p += 2;
2154 		    GETCHAR(epd.class, p);
2155 		    epd.length = olen - CILEN_CHAR;
2156 		    if (epd.length > MAX_ENDP_LEN)
2157 			epd.length = MAX_ENDP_LEN;
2158 		    if (epd.length > 0) {
2159 			BCOPY(p, epd.value, epd.length);
2160 			p += epd.length;
2161 		    }
2162 		    printer(arg, "endpoint [%s]", epdisc_to_str(&epd));
2163 		}
2164 #else
2165 		printer(arg, "endpoint");
2166 #endif
2167 		break;
2168 	    }
2169 	    while (p < optend) {
2170 		GETCHAR(code, p);
2171 		printer(arg, " %.2x", code);
2172 	    }
2173 	    printer(arg, ">");
2174 	}
2175 	break;
2176 
2177     case TERMACK:
2178     case TERMREQ:
2179 	if (len > 0 && *p >= ' ' && *p < 0x7f) {
2180 	    printer(arg, " ");
2181 	    print_string((char *)p, len, printer, arg);
2182 	    p += len;
2183 	    len = 0;
2184 	}
2185 	break;
2186 
2187     case ECHOREQ:
2188     case ECHOREP:
2189     case DISCREQ:
2190 	if (len >= 4) {
2191 	    GETLONG(cilong, p);
2192 	    printer(arg, " magic=0x%x", cilong);
2193 	    len -= 4;
2194 	}
2195 	break;
2196 
2197     case IDENTIF:
2198     case TIMEREM:
2199 	if (len >= 4) {
2200 	    GETLONG(cilong, p);
2201 	    printer(arg, " magic=0x%x", cilong);
2202 	    len -= 4;
2203 	}
2204 	if (code == TIMEREM) {
2205 	    if (len < 4)
2206 		break;
2207 	    GETLONG(cilong, p);
2208 	    printer(arg, " seconds=%u", cilong);
2209 	    len -= 4;
2210 	}
2211 	if (len > 0) {
2212 	    printer(arg, " ");
2213 	    print_string((char *)p, len, printer, arg);
2214 	    p += len;
2215 	    len = 0;
2216 	}
2217 	break;
2218     }
2219 
2220     /* print the rest of the bytes in the packet */
2221     for (i = 0; i < len && i < 32; ++i) {
2222 	GETCHAR(code, p);
2223 	printer(arg, " %.2x", code);
2224     }
2225     if (i < len) {
2226 	printer(arg, " ...");
2227 	p += len - i;
2228     }
2229 
2230     return p - pstart;
2231 }
2232 
2233 /*
2234  * Time to shut down the link because there is nothing out there.
2235  */
2236 
2237 static
LcpLinkFailure(f)2238 void LcpLinkFailure (f)
2239     fsm *f;
2240 {
2241     if (f->state == OPENED) {
2242 	info("No response to %d echo-requests", lcp_echos_pending);
2243         notice("Serial link appears to be disconnected.");
2244 	status = EXIT_PEER_DEAD;
2245 	lcp_close(f->unit, "Peer not responding");
2246     }
2247 }
2248 
2249 /*
2250  * Timer expired for the LCP echo requests from this process.
2251  */
2252 
2253 static void
LcpEchoCheck(f)2254 LcpEchoCheck (f)
2255     fsm *f;
2256 {
2257     LcpSendEchoRequest (f);
2258     if (f->state != OPENED)
2259 	return;
2260 
2261     /*
2262      * Start the timer for the next interval.
2263      */
2264     if (lcp_echo_timer_running)
2265 	warn("assertion lcp_echo_timer_running==0 failed");
2266     TIMEOUT (LcpEchoTimeout, f, lcp_echo_interval);
2267     lcp_echo_timer_running = 1;
2268 }
2269 
2270 /*
2271  * LcpEchoTimeout - Timer expired on the LCP echo
2272  */
2273 
2274 static void
LcpEchoTimeout(arg)2275 LcpEchoTimeout (arg)
2276     void *arg;
2277 {
2278     if (lcp_echo_timer_running != 0) {
2279         lcp_echo_timer_running = 0;
2280         LcpEchoCheck ((fsm *) arg);
2281     }
2282 }
2283 
2284 /*
2285  * LcpEchoReply - LCP has received a reply to the echo
2286  */
2287 
2288 static void
lcp_received_echo_reply(f,id,inp,len)2289 lcp_received_echo_reply (f, id, inp, len)
2290     fsm *f;
2291     int id;
2292     u_char *inp;
2293     int len;
2294 {
2295     u_int32_t magic;
2296 
2297     /* Check the magic number - don't count replies from ourselves. */
2298     if (len < 4) {
2299 	dbglog("lcp: received short Echo-Reply, length %d", len);
2300 	return;
2301     }
2302     GETLONG(magic, inp);
2303     if (lcp_gotoptions[f->unit].neg_magicnumber
2304 	&& magic == lcp_gotoptions[f->unit].magicnumber) {
2305 	warn("appear to have received our own echo-reply!");
2306 	return;
2307     }
2308 
2309     /* Reset the number of outstanding echo frames */
2310     lcp_echos_pending = 0;
2311 }
2312 
2313 /*
2314  * LcpSendEchoRequest - Send an echo request frame to the peer
2315  */
2316 
2317 static void
LcpSendEchoRequest(f)2318 LcpSendEchoRequest (f)
2319     fsm *f;
2320 {
2321     u_int32_t lcp_magic;
2322     u_char pkt[4], *pktp;
2323 
2324     /*
2325      * Detect the failure of the peer at this point.
2326      */
2327     if (lcp_echo_fails != 0) {
2328         if (lcp_echos_pending >= lcp_echo_fails) {
2329             LcpLinkFailure(f);
2330 	    lcp_echos_pending = 0;
2331 	}
2332     }
2333 
2334     /*
2335      * Make and send the echo request frame.
2336      */
2337     if (f->state == OPENED) {
2338         lcp_magic = lcp_gotoptions[f->unit].magicnumber;
2339 	pktp = pkt;
2340 	PUTLONG(lcp_magic, pktp);
2341         fsm_sdata(f, ECHOREQ, lcp_echo_number++ & 0xFF, pkt, pktp - pkt);
2342 	++lcp_echos_pending;
2343     }
2344 }
2345 
2346 /*
2347  * lcp_echo_lowerup - Start the timer for the LCP frame
2348  */
2349 
2350 static void
lcp_echo_lowerup(unit)2351 lcp_echo_lowerup (unit)
2352     int unit;
2353 {
2354     fsm *f = &lcp_fsm[unit];
2355 
2356     /* Clear the parameters for generating echo frames */
2357     lcp_echos_pending      = 0;
2358     lcp_echo_number        = 0;
2359     lcp_echo_timer_running = 0;
2360 
2361     /* If a timeout interval is specified then start the timer */
2362     if (lcp_echo_interval != 0)
2363         LcpEchoCheck (f);
2364 }
2365 
2366 /*
2367  * lcp_echo_lowerdown - Stop the timer for the LCP frame
2368  */
2369 
2370 static void
lcp_echo_lowerdown(unit)2371 lcp_echo_lowerdown (unit)
2372     int unit;
2373 {
2374     fsm *f = &lcp_fsm[unit];
2375 
2376     if (lcp_echo_timer_running != 0) {
2377         UNTIMEOUT (LcpEchoTimeout, f);
2378         lcp_echo_timer_running = 0;
2379     }
2380 }
2381