2 * ccp.c - PPP Compression Control Protocol.
4 * Copyright (c) 1994 The Australian National University.
7 * Permission to use, copy, modify, and distribute this software and its
8 * documentation is hereby granted, provided that the above copyright
9 * notice appears in all copies. This software is provided without any
10 * warranty, express or implied. The Australian National University
11 * makes no representations about the suitability of this software for
14 * IN NO EVENT SHALL THE AUSTRALIAN NATIONAL UNIVERSITY BE LIABLE TO ANY
15 * PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES
16 * ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF
17 * THE AUSTRALIAN NATIONAL UNIVERSITY HAVE BEEN ADVISED OF THE POSSIBILITY
20 * THE AUSTRALIAN NATIONAL UNIVERSITY SPECIFICALLY DISCLAIMS ANY WARRANTIES,
21 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22 * AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS
23 * ON AN "AS IS" BASIS, AND THE AUSTRALIAN NATIONAL UNIVERSITY HAS NO
24 * OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS,
28 #define RCSID "$Id: ccp.c,v 1.34 2002/04/02 13:54:59 dfs Exp $"
36 #include <net/ppp-comp.h>
39 #include "chap_ms.h" /* mppe_xx_key */
40 #include "lcp.h" /* lcp_close() */
43 static const char rcsid[] = RCSID;
46 * Unfortunately there is a bug in zlib which means that using a
47 * size of 8 (window size = 256) for Deflate compression will cause
48 * buffer overruns and kernel crashes in the deflate module.
49 * Until this is fixed we only accept sizes in the range 9 .. 15.
50 * Thanks to James Carlson for pointing this out.
52 #define DEFLATE_MIN_WORKS 9
55 * Command-line options.
57 static int setbsdcomp __P((char **));
58 static int setdeflate __P((char **));
59 static char bsd_value[8];
60 static char deflate_value[8];
66 bool refuse_mppe_stateful = 1; /* Allow stateful mode? */
69 static option_t ccp_option_list[] = {
70 { "noccp", o_bool, &ccp_protent.enabled_flag,
71 "Disable CCP negotiation" },
72 { "-ccp", o_bool, &ccp_protent.enabled_flag,
73 "Disable CCP negotiation", OPT_ALIAS },
75 { "bsdcomp", o_special, (void *)setbsdcomp,
76 "Request BSD-Compress packet compression",
77 OPT_PRIO | OPT_A2STRVAL | OPT_STATIC, bsd_value },
78 { "nobsdcomp", o_bool, &ccp_wantoptions[0].bsd_compress,
79 "don't allow BSD-Compress", OPT_PRIOSUB | OPT_A2CLR,
80 &ccp_allowoptions[0].bsd_compress },
81 { "-bsdcomp", o_bool, &ccp_wantoptions[0].bsd_compress,
82 "don't allow BSD-Compress", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR,
83 &ccp_allowoptions[0].bsd_compress },
85 { "deflate", o_special, (void *)setdeflate,
86 "request Deflate compression",
87 OPT_PRIO | OPT_A2STRVAL | OPT_STATIC, deflate_value },
88 { "nodeflate", o_bool, &ccp_wantoptions[0].deflate,
89 "don't allow Deflate compression", OPT_PRIOSUB | OPT_A2CLR,
90 &ccp_allowoptions[0].deflate },
91 { "-deflate", o_bool, &ccp_wantoptions[0].deflate,
92 "don't allow Deflate compression", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR,
93 &ccp_allowoptions[0].deflate },
95 { "nodeflatedraft", o_bool, &ccp_wantoptions[0].deflate_draft,
96 "don't use draft deflate #", OPT_A2COPY,
97 &ccp_allowoptions[0].deflate_draft },
99 { "predictor1", o_bool, &ccp_wantoptions[0].predictor_1,
100 "request Predictor-1", OPT_PRIO | 1 },
101 { "nopredictor1", o_bool, &ccp_wantoptions[0].predictor_1,
102 "don't allow Predictor-1", OPT_PRIOSUB | OPT_A2CLR,
103 &ccp_allowoptions[0].predictor_1 },
104 { "-predictor1", o_bool, &ccp_wantoptions[0].predictor_1,
105 "don't allow Predictor-1", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR,
106 &ccp_allowoptions[0].predictor_1 },
109 /* MPPE options are symmetrical ... we only set wantoptions here */
110 { "require-mppe", o_bool, &ccp_wantoptions[0].mppe,
111 "require MPPE encryption",
112 OPT_PRIO | MPPE_OPT_40 | MPPE_OPT_128 },
113 { "+mppe", o_bool, &ccp_wantoptions[0].mppe,
114 "require MPPE encryption",
115 OPT_ALIAS | OPT_PRIO | MPPE_OPT_40 | MPPE_OPT_128 },
116 { "nomppe", o_bool, &ccp_wantoptions[0].mppe,
117 "don't allow MPPE encryption", OPT_PRIO },
118 { "-mppe", o_bool, &ccp_wantoptions[0].mppe,
119 "don't allow MPPE encryption", OPT_ALIAS | OPT_PRIO },
121 /* We use ccp_allowoptions[0].mppe as a junk var ... it is reset later */
122 { "require-mppe-40", o_bool, &ccp_allowoptions[0].mppe,
123 "require MPPE 40-bit encryption", OPT_PRIO | OPT_A2OR | MPPE_OPT_40,
124 &ccp_wantoptions[0].mppe },
125 { "+mppe-40", o_bool, &ccp_allowoptions[0].mppe,
126 "require MPPE 40-bit encryption", OPT_PRIO | OPT_A2OR | MPPE_OPT_40,
127 &ccp_wantoptions[0].mppe },
128 { "nomppe-40", o_bool, &ccp_allowoptions[0].mppe,
129 "don't allow MPPE 40-bit encryption",
130 OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_40, &ccp_wantoptions[0].mppe },
131 { "-mppe-40", o_bool, &ccp_allowoptions[0].mppe,
132 "don't allow MPPE 40-bit encryption",
133 OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_40,
134 &ccp_wantoptions[0].mppe },
136 { "require-mppe-128", o_bool, &ccp_allowoptions[0].mppe,
137 "require MPPE 128-bit encryption", OPT_PRIO | OPT_A2OR | MPPE_OPT_128,
138 &ccp_wantoptions[0].mppe },
139 { "+mppe-128", o_bool, &ccp_allowoptions[0].mppe,
140 "require MPPE 128-bit encryption",
141 OPT_ALIAS | OPT_PRIO | OPT_A2OR | MPPE_OPT_128,
142 &ccp_wantoptions[0].mppe },
143 { "nomppe-128", o_bool, &ccp_allowoptions[0].mppe,
144 "don't allow MPPE 128-bit encryption",
145 OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_128, &ccp_wantoptions[0].mppe },
146 { "-mppe-128", o_bool, &ccp_allowoptions[0].mppe,
147 "don't allow MPPE 128-bit encryption",
148 OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_128,
149 &ccp_wantoptions[0].mppe },
151 /* strange one; we always request stateless, but will we allow stateful? */
152 { "mppe-stateful", o_bool, &refuse_mppe_stateful,
153 "allow MPPE stateful mode", OPT_PRIO },
154 { "nomppe-stateful", o_bool, &refuse_mppe_stateful,
155 "disallow MPPE stateful mode", OPT_PRIO | 1 },
162 * Protocol entry points from main code.
164 static void ccp_init __P((int unit));
165 static void ccp_open __P((int unit));
166 static void ccp_close __P((int unit, char *));
167 static void ccp_lowerup __P((int unit));
168 static void ccp_lowerdown __P((int));
169 static void ccp_input __P((int unit, u_char *pkt, int len));
170 static void ccp_protrej __P((int unit));
171 static int ccp_printpkt __P((u_char *pkt, int len,
172 void (*printer) __P((void *, char *, ...)),
174 static void ccp_datainput __P((int unit, u_char *pkt, int len));
176 struct protent ccp_protent = {
196 fsm ccp_fsm[NUM_PPP];
197 ccp_options ccp_wantoptions[NUM_PPP]; /* what to request the peer to use */
198 ccp_options ccp_gotoptions[NUM_PPP]; /* what the peer agreed to do */
199 ccp_options ccp_allowoptions[NUM_PPP]; /* what we'll agree to do */
200 ccp_options ccp_hisoptions[NUM_PPP]; /* what we agreed to do */
203 * Callbacks for fsm code.
205 static void ccp_resetci __P((fsm *));
206 static int ccp_cilen __P((fsm *));
207 static void ccp_addci __P((fsm *, u_char *, int *));
208 static int ccp_ackci __P((fsm *, u_char *, int));
209 static int ccp_nakci __P((fsm *, u_char *, int));
210 static int ccp_rejci __P((fsm *, u_char *, int));
211 static int ccp_reqci __P((fsm *, u_char *, int *, int));
212 static void ccp_up __P((fsm *));
213 static void ccp_down __P((fsm *));
214 static int ccp_extcode __P((fsm *, int, int, u_char *, int));
215 static void ccp_rack_timeout __P((void *));
216 static char *method_name __P((ccp_options *, ccp_options *));
218 static fsm_callbacks ccp_callbacks = {
237 * Do we want / did we get any compression?
239 #define ANY_COMPRESS(opt) ((opt).deflate || (opt).bsd_compress \
240 || (opt).predictor_1 || (opt).predictor_2 \
244 * Local state (mainly for handling reset-reqs and reset-acks).
246 static int ccp_localstate[NUM_PPP];
247 #define RACK_PENDING 1 /* waiting for reset-ack */
248 #define RREQ_REPEAT 2 /* send another reset-req if no reset-ack */
250 #define RACKTIMEOUT 1 /* second */
252 static int all_rejected[NUM_PPP]; /* we rejected all peer's options */
265 abits = rbits = strtol(str, &endp, 0);
266 if (endp != str && *endp == ',') {
268 abits = strtol(str, &endp, 0);
270 if (*endp != 0 || endp == str) {
271 option_error("invalid parameter '%s' for bsdcomp option", *argv);
274 if ((rbits != 0 && (rbits < BSD_MIN_BITS || rbits > BSD_MAX_BITS))
275 || (abits != 0 && (abits < BSD_MIN_BITS || abits > BSD_MAX_BITS))) {
276 option_error("bsdcomp option values must be 0 or %d .. %d",
277 BSD_MIN_BITS, BSD_MAX_BITS);
281 ccp_wantoptions[0].bsd_compress = 1;
282 ccp_wantoptions[0].bsd_bits = rbits;
284 ccp_wantoptions[0].bsd_compress = 0;
286 ccp_allowoptions[0].bsd_compress = 1;
287 ccp_allowoptions[0].bsd_bits = abits;
289 ccp_allowoptions[0].bsd_compress = 0;
290 slprintf(bsd_value, sizeof(bsd_value),
291 rbits == abits? "%d": "%d,%d", rbits, abits);
304 abits = rbits = strtol(str, &endp, 0);
305 if (endp != str && *endp == ',') {
307 abits = strtol(str, &endp, 0);
309 if (*endp != 0 || endp == str) {
310 option_error("invalid parameter '%s' for deflate option", *argv);
313 if ((rbits != 0 && (rbits < DEFLATE_MIN_SIZE || rbits > DEFLATE_MAX_SIZE))
314 || (abits != 0 && (abits < DEFLATE_MIN_SIZE
315 || abits > DEFLATE_MAX_SIZE))) {
316 option_error("deflate option values must be 0 or %d .. %d",
317 DEFLATE_MIN_SIZE, DEFLATE_MAX_SIZE);
320 if (rbits == DEFLATE_MIN_SIZE || abits == DEFLATE_MIN_SIZE) {
321 if (rbits == DEFLATE_MIN_SIZE)
322 rbits = DEFLATE_MIN_WORKS;
323 if (abits == DEFLATE_MIN_SIZE)
324 abits = DEFLATE_MIN_WORKS;
325 warn("deflate option value of %d changed to %d to avoid zlib bug",
326 DEFLATE_MIN_SIZE, DEFLATE_MIN_WORKS);
329 ccp_wantoptions[0].deflate = 1;
330 ccp_wantoptions[0].deflate_size = rbits;
332 ccp_wantoptions[0].deflate = 0;
334 ccp_allowoptions[0].deflate = 1;
335 ccp_allowoptions[0].deflate_size = abits;
337 ccp_allowoptions[0].deflate = 0;
338 slprintf(deflate_value, sizeof(deflate_value),
339 rbits == abits? "%d": "%d,%d", rbits, abits);
345 * ccp_init - initialize CCP.
351 fsm *f = &ccp_fsm[unit];
354 f->protocol = PPP_CCP;
355 f->callbacks = &ccp_callbacks;
358 memset(&ccp_wantoptions[unit], 0, sizeof(ccp_options));
359 memset(&ccp_gotoptions[unit], 0, sizeof(ccp_options));
360 memset(&ccp_allowoptions[unit], 0, sizeof(ccp_options));
361 memset(&ccp_hisoptions[unit], 0, sizeof(ccp_options));
363 ccp_wantoptions[0].deflate = 1;
364 ccp_wantoptions[0].deflate_size = DEFLATE_MAX_SIZE;
365 ccp_wantoptions[0].deflate_correct = 1;
366 ccp_wantoptions[0].deflate_draft = 1;
367 ccp_allowoptions[0].deflate = 1;
368 ccp_allowoptions[0].deflate_size = DEFLATE_MAX_SIZE;
369 ccp_allowoptions[0].deflate_correct = 1;
370 ccp_allowoptions[0].deflate_draft = 1;
372 ccp_wantoptions[0].bsd_compress = 1;
373 ccp_wantoptions[0].bsd_bits = BSD_MAX_BITS;
374 ccp_allowoptions[0].bsd_compress = 1;
375 ccp_allowoptions[0].bsd_bits = BSD_MAX_BITS;
377 ccp_allowoptions[0].predictor_1 = 1;
381 * ccp_open - CCP is allowed to come up.
387 fsm *f = &ccp_fsm[unit];
389 if (f->state != OPENED)
390 ccp_flags_set(unit, 1, 0);
393 * Find out which compressors the kernel supports before
394 * deciding whether to open in silent mode.
397 if (!ANY_COMPRESS(ccp_gotoptions[unit]))
398 f->flags |= OPT_SILENT;
404 * ccp_close - Terminate CCP.
407 ccp_close(unit, reason)
411 ccp_flags_set(unit, 0, 0);
412 fsm_close(&ccp_fsm[unit], reason);
416 * ccp_lowerup - we may now transmit CCP packets.
422 fsm_lowerup(&ccp_fsm[unit]);
426 * ccp_lowerdown - we may not transmit CCP packets.
432 fsm_lowerdown(&ccp_fsm[unit]);
436 * ccp_input - process a received CCP packet.
439 ccp_input(unit, p, len)
444 fsm *f = &ccp_fsm[unit];
448 * Check for a terminate-request so we can print a message.
451 fsm_input(f, p, len);
452 if (oldstate == OPENED && p[0] == TERMREQ && f->state != OPENED) {
453 notice("Compression disabled by peer.");
455 if (ccp_gotoptions[unit].mppe) {
456 notice("MPPE disabled, closing LCP");
457 lcp_close(unit, "MPPE disabled by peer");
463 * If we get a terminate-ack and we're not asking for compression,
466 if (oldstate == REQSENT && p[0] == TERMACK
467 && !ANY_COMPRESS(ccp_gotoptions[unit]))
468 ccp_close(unit, "No compression negotiated");
472 * Handle a CCP-specific code.
475 ccp_extcode(f, code, id, p, len)
483 if (f->state != OPENED)
485 /* send a reset-ack, which the transmitter will see and
486 reset its compression state. */
487 fsm_sdata(f, CCP_RESETACK, id, NULL, 0);
491 if (ccp_localstate[f->unit] & RACK_PENDING && id == f->reqid) {
492 ccp_localstate[f->unit] &= ~(RACK_PENDING | RREQ_REPEAT);
493 UNTIMEOUT(ccp_rack_timeout, f);
505 * ccp_protrej - peer doesn't talk CCP.
511 ccp_flags_set(unit, 0, 0);
512 fsm_lowerdown(&ccp_fsm[unit]);
516 * ccp_resetci - initialize at start of negotiation.
522 ccp_options *go = &ccp_gotoptions[f->unit];
523 u_char opt_buf[CCP_MAX_OPTION_LENGTH];
525 *go = ccp_wantoptions[f->unit];
526 all_rejected[f->unit] = 0;
530 ccp_options *ao = &ccp_allowoptions[f->unit];
531 int auth_mschap_bits = auth_done[f->unit];
535 * Start with a basic sanity check: mschap[v2] auth must be in
536 * exactly one direction. RFC 3079 says that the keys are
537 * 'derived from the credentials of the peer that initiated the call',
538 * however the PPP protocol doesn't have such a concept, and pppd
539 * cannot get this info externally. Instead we do the best we can.
540 * NB: If MPPE is required, all other compression opts are invalid.
541 * So, we return right away if we can't do it.
544 /* Leave only the mschap auth bits set */
545 auth_mschap_bits &= ~(PAP_WITHPEER | PAP_PEER |
546 CHAP_WITHPEER | CHAP_PEER |
547 CHAP_MD5_WITHPEER | CHAP_MD5_PEER);
548 /* Count the mschap auths */
551 numbits += auth_mschap_bits & 1;
552 auth_mschap_bits >>= 1;
553 } while (auth_mschap_bits);
555 error("MPPE required, but auth done in both directions.");
556 lcp_close(f->unit, "MPPE required but not available");
560 error("MPPE required, but MS-CHAP[v2] auth not performed.");
561 lcp_close(f->unit, "MPPE required but not available");
565 /* LM auth not supported for MPPE */
566 if (auth_done[f->unit] & (CHAP_MS_WITHPEER | CHAP_MS_PEER)) {
567 /* This might be noise */
568 if (go->mppe & MPPE_OPT_40) {
569 notice("Disabling 40-bit MPPE; MS-CHAP LM not supported");
570 go->mppe &= ~MPPE_OPT_40;
574 /* Last check: can we actually negotiate something? */
575 if (!(go->mppe & (MPPE_OPT_40 | MPPE_OPT_128))) {
576 /* Could be misconfig, could be 40-bit disabled above. */
577 error("MPPE required, but both 40-bit and 128-bit disabled.");
578 lcp_close(f->unit, "MPPE required but not available");
584 /* MPPE is not compatible with other compression types */
585 ao->bsd_compress = go->bsd_compress = 0;
586 ao->predictor_1 = go->predictor_1 = 0;
587 ao->predictor_2 = go->predictor_2 = 0;
588 ao->deflate = go->deflate = 0;
593 * Check whether the kernel knows about the various
594 * compression methods we might request.
598 opt_buf[0] = CI_MPPE;
599 opt_buf[1] = CILEN_MPPE;
600 MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]);
601 /* Key material unimportant here. */
602 if (ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0) <= 0) {
603 error("MPPE required, but kernel has no support.");
604 lcp_close(f->unit, "MPPE required but not available");
608 if (go->bsd_compress) {
609 opt_buf[0] = CI_BSD_COMPRESS;
610 opt_buf[1] = CILEN_BSD_COMPRESS;
611 opt_buf[2] = BSD_MAKE_OPT(BSD_CURRENT_VERSION, BSD_MIN_BITS);
612 if (ccp_test(f->unit, opt_buf, CILEN_BSD_COMPRESS, 0) <= 0)
613 go->bsd_compress = 0;
616 if (go->deflate_correct) {
617 opt_buf[0] = CI_DEFLATE;
618 opt_buf[1] = CILEN_DEFLATE;
619 opt_buf[2] = DEFLATE_MAKE_OPT(DEFLATE_MIN_WORKS);
620 opt_buf[3] = DEFLATE_CHK_SEQUENCE;
621 if (ccp_test(f->unit, opt_buf, CILEN_DEFLATE, 0) <= 0)
622 go->deflate_correct = 0;
624 if (go->deflate_draft) {
625 opt_buf[0] = CI_DEFLATE_DRAFT;
626 opt_buf[1] = CILEN_DEFLATE;
627 opt_buf[2] = DEFLATE_MAKE_OPT(DEFLATE_MIN_WORKS);
628 opt_buf[3] = DEFLATE_CHK_SEQUENCE;
629 if (ccp_test(f->unit, opt_buf, CILEN_DEFLATE, 0) <= 0)
630 go->deflate_draft = 0;
632 if (!go->deflate_correct && !go->deflate_draft)
635 if (go->predictor_1) {
636 opt_buf[0] = CI_PREDICTOR_1;
637 opt_buf[1] = CILEN_PREDICTOR_1;
638 if (ccp_test(f->unit, opt_buf, CILEN_PREDICTOR_1, 0) <= 0)
641 if (go->predictor_2) {
642 opt_buf[0] = CI_PREDICTOR_2;
643 opt_buf[1] = CILEN_PREDICTOR_2;
644 if (ccp_test(f->unit, opt_buf, CILEN_PREDICTOR_2, 0) <= 0)
650 * ccp_cilen - Return total length of our configuration info.
656 ccp_options *go = &ccp_gotoptions[f->unit];
658 return (go->bsd_compress? CILEN_BSD_COMPRESS: 0)
659 + (go->deflate? CILEN_DEFLATE: 0)
660 + (go->predictor_1? CILEN_PREDICTOR_1: 0)
661 + (go->predictor_2? CILEN_PREDICTOR_2: 0)
662 + (go->mppe? CILEN_MPPE: 0);
666 * ccp_addci - put our requests in a packet.
669 ccp_addci(f, p, lenp)
675 ccp_options *go = &ccp_gotoptions[f->unit];
679 * Add the compression types that we can receive, in decreasing
684 u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN];
686 p[0] = opt_buf[0] = CI_MPPE;
687 p[1] = opt_buf[1] = CILEN_MPPE;
688 MPPE_OPTS_TO_CI(go->mppe, &p[2]);
689 MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]);
690 BCOPY(mppe_recv_key, &opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN);
691 res = ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0);
695 /* This shouldn't happen, we've already tested it! */
696 lcp_close(f->unit, "MPPE required but not available in kernel");
700 p[0] = go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT;
701 p[1] = CILEN_DEFLATE;
702 p[2] = DEFLATE_MAKE_OPT(go->deflate_size);
703 p[3] = DEFLATE_CHK_SEQUENCE;
705 if (go->deflate_size < DEFLATE_MIN_WORKS) {
709 res = ccp_test(f->unit, p, CILEN_DEFLATE, 0);
713 } else if (res < 0) {
718 p[2] = DEFLATE_MAKE_OPT(go->deflate_size);
720 if (p != p0 && go->deflate_correct && go->deflate_draft) {
721 p[0] = CI_DEFLATE_DRAFT;
722 p[1] = CILEN_DEFLATE;
723 p[2] = p[2 - CILEN_DEFLATE];
724 p[3] = DEFLATE_CHK_SEQUENCE;
728 if (go->bsd_compress) {
729 p[0] = CI_BSD_COMPRESS;
730 p[1] = CILEN_BSD_COMPRESS;
731 p[2] = BSD_MAKE_OPT(BSD_CURRENT_VERSION, go->bsd_bits);
733 if (go->bsd_bits < BSD_MIN_BITS) {
734 go->bsd_compress = 0;
737 res = ccp_test(f->unit, p, CILEN_BSD_COMPRESS, 0);
739 p += CILEN_BSD_COMPRESS;
741 } else if (res < 0) {
742 go->bsd_compress = 0;
746 p[2] = BSD_MAKE_OPT(BSD_CURRENT_VERSION, go->bsd_bits);
749 /* XXX Should Predictor 2 be preferable to Predictor 1? */
750 if (go->predictor_1) {
751 p[0] = CI_PREDICTOR_1;
752 p[1] = CILEN_PREDICTOR_1;
753 if (p == p0 && ccp_test(f->unit, p, CILEN_PREDICTOR_1, 0) <= 0) {
756 p += CILEN_PREDICTOR_1;
759 if (go->predictor_2) {
760 p[0] = CI_PREDICTOR_2;
761 p[1] = CILEN_PREDICTOR_2;
762 if (p == p0 && ccp_test(f->unit, p, CILEN_PREDICTOR_2, 0) <= 0) {
765 p += CILEN_PREDICTOR_2;
769 go->method = (p > p0)? p0[0]: -1;
775 * ccp_ackci - process a received configure-ack, and return
776 * 1 iff the packet was OK.
784 ccp_options *go = &ccp_gotoptions[f->unit];
789 u_char opt_buf[CILEN_MPPE];
791 opt_buf[0] = CI_MPPE;
792 opt_buf[1] = CILEN_MPPE;
793 MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]);
794 if (len < CILEN_MPPE || memcmp(opt_buf, p, CILEN_MPPE))
798 /* XXX Cope with first/fast ack */
804 if (len < CILEN_DEFLATE
805 || p[0] != (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT)
806 || p[1] != CILEN_DEFLATE
807 || p[2] != DEFLATE_MAKE_OPT(go->deflate_size)
808 || p[3] != DEFLATE_CHK_SEQUENCE)
811 len -= CILEN_DEFLATE;
812 /* XXX Cope with first/fast ack */
815 if (go->deflate_correct && go->deflate_draft) {
816 if (len < CILEN_DEFLATE
817 || p[0] != CI_DEFLATE_DRAFT
818 || p[1] != CILEN_DEFLATE
819 || p[2] != DEFLATE_MAKE_OPT(go->deflate_size)
820 || p[3] != DEFLATE_CHK_SEQUENCE)
823 len -= CILEN_DEFLATE;
826 if (go->bsd_compress) {
827 if (len < CILEN_BSD_COMPRESS
828 || p[0] != CI_BSD_COMPRESS || p[1] != CILEN_BSD_COMPRESS
829 || p[2] != BSD_MAKE_OPT(BSD_CURRENT_VERSION, go->bsd_bits))
831 p += CILEN_BSD_COMPRESS;
832 len -= CILEN_BSD_COMPRESS;
833 /* XXX Cope with first/fast ack */
834 if (p == p0 && len == 0)
837 if (go->predictor_1) {
838 if (len < CILEN_PREDICTOR_1
839 || p[0] != CI_PREDICTOR_1 || p[1] != CILEN_PREDICTOR_1)
841 p += CILEN_PREDICTOR_1;
842 len -= CILEN_PREDICTOR_1;
843 /* XXX Cope with first/fast ack */
844 if (p == p0 && len == 0)
847 if (go->predictor_2) {
848 if (len < CILEN_PREDICTOR_2
849 || p[0] != CI_PREDICTOR_2 || p[1] != CILEN_PREDICTOR_2)
851 p += CILEN_PREDICTOR_2;
852 len -= CILEN_PREDICTOR_2;
853 /* XXX Cope with first/fast ack */
854 if (p == p0 && len == 0)
864 * ccp_nakci - process received configure-nak.
865 * Returns 1 iff the nak was OK.
873 ccp_options *go = &ccp_gotoptions[f->unit];
874 ccp_options no; /* options we've seen already */
875 ccp_options try; /* options to ask for next time */
877 memset(&no, 0, sizeof(no));
881 if (go->mppe && len >= CILEN_MPPE
882 && p[0] == CI_MPPE && p[1] == CILEN_MPPE) {
885 * Peer wants us to use a different strength or other setting.
886 * Fail if we aren't willing to use his suggestion.
888 MPPE_CI_TO_OPTS(&p[2], try.mppe);
889 if ((try.mppe & MPPE_OPT_STATEFUL) && refuse_mppe_stateful)
891 else if ((go->mppe & try.mppe) != try.mppe)
892 /* Peer must have set options we didn't request (suggest) */
896 lcp_close(f->unit, "MPPE required but peer negotiation failed");
899 if (go->deflate && len >= CILEN_DEFLATE
900 && p[0] == (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT)
901 && p[1] == CILEN_DEFLATE) {
904 * Peer wants us to use a different code size or something.
905 * Stop asking for Deflate if we don't understand his suggestion.
907 if (DEFLATE_METHOD(p[2]) != DEFLATE_METHOD_VAL
908 || DEFLATE_SIZE(p[2]) < DEFLATE_MIN_WORKS
909 || p[3] != DEFLATE_CHK_SEQUENCE)
911 else if (DEFLATE_SIZE(p[2]) < go->deflate_size)
912 try.deflate_size = DEFLATE_SIZE(p[2]);
914 len -= CILEN_DEFLATE;
915 if (go->deflate_correct && go->deflate_draft
916 && len >= CILEN_DEFLATE && p[0] == CI_DEFLATE_DRAFT
917 && p[1] == CILEN_DEFLATE) {
919 len -= CILEN_DEFLATE;
923 if (go->bsd_compress && len >= CILEN_BSD_COMPRESS
924 && p[0] == CI_BSD_COMPRESS && p[1] == CILEN_BSD_COMPRESS) {
927 * Peer wants us to use a different number of bits
928 * or a different version.
930 if (BSD_VERSION(p[2]) != BSD_CURRENT_VERSION)
931 try.bsd_compress = 0;
932 else if (BSD_NBITS(p[2]) < go->bsd_bits)
933 try.bsd_bits = BSD_NBITS(p[2]);
934 p += CILEN_BSD_COMPRESS;
935 len -= CILEN_BSD_COMPRESS;
939 * Predictor-1 and 2 have no options, so they can't be Naked.
941 * There may be remaining options but we ignore them.
944 if (f->state != OPENED)
950 * ccp_rejci - reject some of our suggested compression methods.
958 ccp_options *go = &ccp_gotoptions[f->unit];
959 ccp_options try; /* options to request next time */
964 * Cope with empty configure-rejects by ceasing to send
965 * configure-requests.
967 if (len == 0 && all_rejected[f->unit])
971 if (go->mppe && len >= CILEN_MPPE
972 && p[0] == CI_MPPE && p[1] == CILEN_MPPE) {
973 lcp_close(f->unit, "MPPE required but peer refused");
978 if (go->deflate && len >= CILEN_DEFLATE
979 && p[0] == (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT)
980 && p[1] == CILEN_DEFLATE) {
981 if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size)
982 || p[3] != DEFLATE_CHK_SEQUENCE)
983 return 0; /* Rej is bad */
984 if (go->deflate_correct)
985 try.deflate_correct = 0;
987 try.deflate_draft = 0;
989 len -= CILEN_DEFLATE;
990 if (go->deflate_correct && go->deflate_draft
991 && len >= CILEN_DEFLATE && p[0] == CI_DEFLATE_DRAFT
992 && p[1] == CILEN_DEFLATE) {
993 if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size)
994 || p[3] != DEFLATE_CHK_SEQUENCE)
995 return 0; /* Rej is bad */
996 try.deflate_draft = 0;
998 len -= CILEN_DEFLATE;
1000 if (!try.deflate_correct && !try.deflate_draft)
1003 if (go->bsd_compress && len >= CILEN_BSD_COMPRESS
1004 && p[0] == CI_BSD_COMPRESS && p[1] == CILEN_BSD_COMPRESS) {
1005 if (p[2] != BSD_MAKE_OPT(BSD_CURRENT_VERSION, go->bsd_bits))
1007 try.bsd_compress = 0;
1008 p += CILEN_BSD_COMPRESS;
1009 len -= CILEN_BSD_COMPRESS;
1011 if (go->predictor_1 && len >= CILEN_PREDICTOR_1
1012 && p[0] == CI_PREDICTOR_1 && p[1] == CILEN_PREDICTOR_1) {
1013 try.predictor_1 = 0;
1014 p += CILEN_PREDICTOR_1;
1015 len -= CILEN_PREDICTOR_1;
1017 if (go->predictor_2 && len >= CILEN_PREDICTOR_2
1018 && p[0] == CI_PREDICTOR_2 && p[1] == CILEN_PREDICTOR_2) {
1019 try.predictor_2 = 0;
1020 p += CILEN_PREDICTOR_2;
1021 len -= CILEN_PREDICTOR_2;
1027 if (f->state != OPENED)
1034 * ccp_reqci - processed a received configure-request.
1035 * Returns CONFACK, CONFNAK or CONFREJ and the packet modified
1039 ccp_reqci(f, p, lenp, dont_nak)
1045 int ret, newret, res;
1047 int len, clen, type, nb;
1048 ccp_options *ho = &ccp_hisoptions[f->unit];
1049 ccp_options *ao = &ccp_allowoptions[f->unit];
1055 memset(ho, 0, sizeof(ccp_options));
1056 ho->method = (len > 0)? p[0]: -1;
1060 if (len < 2 || p[1] < 2 || p[1] > len) {
1072 if (!ao->mppe || clen != CILEN_MPPE) {
1076 MPPE_CI_TO_OPTS(&p[2], ho->mppe);
1078 /* Nak if anything unsupported or unknown are set. */
1079 if (ho->mppe & MPPE_OPT_UNSUPPORTED) {
1081 ho->mppe &= ~MPPE_OPT_UNSUPPORTED;
1083 if (ho->mppe & MPPE_OPT_UNKNOWN) {
1085 ho->mppe &= ~MPPE_OPT_UNKNOWN;
1088 /* Check state opt */
1089 if (ho->mppe & MPPE_OPT_STATEFUL) {
1090 if (refuse_mppe_stateful) {
1092 * We can Nak and request stateless, but it's a
1093 * lot easier to just assume the peer will request
1094 * it if he can do it; stateful mode is bad over
1095 * the Internet -- which is where we expect MPPE.
1104 /* Find out which of {S,L} are set. */
1105 if ((ho->mppe & MPPE_OPT_128)
1106 && (ho->mppe & MPPE_OPT_40)) {
1107 /* Both are set, negotiate the strongest. */
1109 if (ao->mppe & MPPE_OPT_128)
1110 ho->mppe &= ~MPPE_OPT_40;
1111 else if (ao->mppe & MPPE_OPT_40)
1112 ho->mppe &= ~MPPE_OPT_128;
1117 } else if (ho->mppe & MPPE_OPT_128) {
1118 if (!(ao->mppe & MPPE_OPT_128)) {
1122 } else if (ho->mppe & MPPE_OPT_40) {
1123 if (!(ao->mppe & MPPE_OPT_40)) {
1128 /* Neither are set. */
1133 /* rebuild the opts */
1134 MPPE_OPTS_TO_CI(ho->mppe, &p[2]);
1135 if (newret == CONFACK) {
1136 u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN];
1139 BCOPY(p, opt_buf, CILEN_MPPE);
1140 BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
1142 if (ccp_test(f->unit, opt_buf,
1143 CILEN_MPPE + MPPE_MAX_KEY_LEN, 1) <= 0) {
1144 /* This shouldn't happen, we've already tested it! */
1145 error("MPPE required, but kernel has no support.");
1146 lcp_close(f->unit, "MPPE required but not available");
1151 * We need to decrease the interface MTU by MPPE_PAD
1152 * because MPPE frames **grow**. The kernel [must]
1153 * allocate MPPE_PAD extra bytes in xmit buffers.
1155 mtu = netif_get_mtu(f->unit);
1157 netif_set_mtu(f->unit, mtu - MPPE_PAD);
1165 case CI_DEFLATE_DRAFT:
1166 if (!ao->deflate || clen != CILEN_DEFLATE
1167 || (!ao->deflate_correct && type == CI_DEFLATE)
1168 || (!ao->deflate_draft && type == CI_DEFLATE_DRAFT)) {
1174 ho->deflate_size = nb = DEFLATE_SIZE(p[2]);
1175 if (DEFLATE_METHOD(p[2]) != DEFLATE_METHOD_VAL
1176 || p[3] != DEFLATE_CHK_SEQUENCE
1177 || nb > ao->deflate_size || nb < DEFLATE_MIN_WORKS) {
1180 p[2] = DEFLATE_MAKE_OPT(ao->deflate_size);
1181 p[3] = DEFLATE_CHK_SEQUENCE;
1182 /* fall through to test this #bits below */
1188 * Check whether we can do Deflate with the window
1189 * size they want. If the window is too big, reduce
1190 * it until the kernel can cope and nak with that.
1191 * We only check this for the first option.
1195 res = ccp_test(f->unit, p, CILEN_DEFLATE, 1);
1197 break; /* it's OK now */
1198 if (res < 0 || nb == DEFLATE_MIN_WORKS || dont_nak) {
1200 p[2] = DEFLATE_MAKE_OPT(ho->deflate_size);
1205 p[2] = DEFLATE_MAKE_OPT(nb);
1210 case CI_BSD_COMPRESS:
1211 if (!ao->bsd_compress || clen != CILEN_BSD_COMPRESS) {
1216 ho->bsd_compress = 1;
1217 ho->bsd_bits = nb = BSD_NBITS(p[2]);
1218 if (BSD_VERSION(p[2]) != BSD_CURRENT_VERSION
1219 || nb > ao->bsd_bits || nb < BSD_MIN_BITS) {
1222 p[2] = BSD_MAKE_OPT(BSD_CURRENT_VERSION, ao->bsd_bits);
1223 /* fall through to test this #bits below */
1229 * Check whether we can do BSD-Compress with the code
1230 * size they want. If the code size is too big, reduce
1231 * it until the kernel can cope and nak with that.
1232 * We only check this for the first option.
1236 res = ccp_test(f->unit, p, CILEN_BSD_COMPRESS, 1);
1239 if (res < 0 || nb == BSD_MIN_BITS || dont_nak) {
1241 p[2] = BSD_MAKE_OPT(BSD_CURRENT_VERSION,
1247 p[2] = BSD_MAKE_OPT(BSD_CURRENT_VERSION, nb);
1252 case CI_PREDICTOR_1:
1253 if (!ao->predictor_1 || clen != CILEN_PREDICTOR_1) {
1258 ho->predictor_1 = 1;
1260 && ccp_test(f->unit, p, CILEN_PREDICTOR_1, 1) <= 0) {
1265 case CI_PREDICTOR_2:
1266 if (!ao->predictor_2 || clen != CILEN_PREDICTOR_2) {
1271 ho->predictor_2 = 1;
1273 && ccp_test(f->unit, p, CILEN_PREDICTOR_2, 1) <= 0) {
1283 if (newret == CONFNAK && dont_nak)
1285 if (!(newret == CONFACK || (newret == CONFNAK && ret == CONFREJ))) {
1286 /* we're returning this option */
1287 if (newret == CONFREJ && ret == CONFNAK)
1291 BCOPY(p, retp, clen);
1299 if (ret != CONFACK) {
1300 if (ret == CONFREJ && *lenp == retp - p0)
1301 all_rejected[f->unit] = 1;
1305 if (ret == CONFREJ && ao->mppe)
1306 lcp_close(f->unit, "MPPE required but peer negotiation failed");
1311 * Make a string name for a compression method (or 2).
1314 method_name(opt, opt2)
1315 ccp_options *opt, *opt2;
1317 static char result[64];
1319 if (!ANY_COMPRESS(*opt))
1321 switch (opt->method) {
1326 char *q = result + sizeof(result); /* 1 past result */
1328 slprintf(p, q - p, "MPPE ");
1330 if (opt->mppe & MPPE_OPT_128) {
1331 slprintf(p, q - p, "128-bit ");
1334 if (opt->mppe & MPPE_OPT_40) {
1335 slprintf(p, q - p, "40-bit ");
1338 if (opt->mppe & MPPE_OPT_STATEFUL)
1339 slprintf(p, q - p, "stateful");
1341 slprintf(p, q - p, "stateless");
1347 case CI_DEFLATE_DRAFT:
1348 if (opt2 != NULL && opt2->deflate_size != opt->deflate_size)
1349 slprintf(result, sizeof(result), "Deflate%s (%d/%d)",
1350 (opt->method == CI_DEFLATE_DRAFT? "(old#)": ""),
1351 opt->deflate_size, opt2->deflate_size);
1353 slprintf(result, sizeof(result), "Deflate%s (%d)",
1354 (opt->method == CI_DEFLATE_DRAFT? "(old#)": ""),
1357 case CI_BSD_COMPRESS:
1358 if (opt2 != NULL && opt2->bsd_bits != opt->bsd_bits)
1359 slprintf(result, sizeof(result), "BSD-Compress (%d/%d)",
1360 opt->bsd_bits, opt2->bsd_bits);
1362 slprintf(result, sizeof(result), "BSD-Compress (%d)",
1365 case CI_PREDICTOR_1:
1366 return "Predictor 1";
1367 case CI_PREDICTOR_2:
1368 return "Predictor 2";
1370 slprintf(result, sizeof(result), "Method %d", opt->method);
1376 * CCP has come up - inform the kernel driver and log a message.
1382 ccp_options *go = &ccp_gotoptions[f->unit];
1383 ccp_options *ho = &ccp_hisoptions[f->unit];
1386 ccp_flags_set(f->unit, 1, 1);
1387 if (ANY_COMPRESS(*go)) {
1388 if (ANY_COMPRESS(*ho)) {
1389 if (go->method == ho->method) {
1390 notice("%s compression enabled", method_name(go, ho));
1392 strlcpy(method1, method_name(go, NULL), sizeof(method1));
1393 notice("%s / %s compression enabled",
1394 method1, method_name(ho, NULL));
1397 notice("%s receive compression enabled", method_name(go, NULL));
1398 } else if (ANY_COMPRESS(*ho))
1399 notice("%s transmit compression enabled", method_name(ho, NULL));
1403 * CCP has gone down - inform the kernel driver.
1409 if (ccp_localstate[f->unit] & RACK_PENDING)
1410 UNTIMEOUT(ccp_rack_timeout, f);
1411 ccp_localstate[f->unit] = 0;
1412 ccp_flags_set(f->unit, 1, 0);
1416 * Print the contents of a CCP packet.
1418 static char *ccp_codenames[] = {
1419 "ConfReq", "ConfAck", "ConfNak", "ConfRej",
1420 "TermReq", "TermAck", "CodeRej",
1421 NULL, NULL, NULL, NULL, NULL, NULL,
1422 "ResetReq", "ResetAck",
1426 ccp_printpkt(p, plen, printer, arg)
1429 void (*printer) __P((void *, char *, ...));
1432 u_char *p0, *optend;
1437 if (plen < HEADERLEN)
1441 len = (p[2] << 8) + p[3];
1442 if (len < HEADERLEN || len > plen)
1445 if (code >= 1 && code <= sizeof(ccp_codenames) / sizeof(char *)
1446 && ccp_codenames[code-1] != NULL)
1447 printer(arg, " %s", ccp_codenames[code-1]);
1449 printer(arg, " code=0x%x", code);
1450 printer(arg, " id=0x%x", id);
1459 /* print list of possible compression methods */
1463 if (optlen < 2 || optlen > len)
1467 optend = p + optlen;
1471 if (optlen >= CILEN_MPPE) {
1474 MPPE_CI_TO_OPTS(&p[2], mppe_opts);
1475 printer(arg, "mppe %s %s %s %s %s %s%s",
1476 (p[2] & MPPE_H_BIT)? "+H": "-H",
1477 (p[5] & MPPE_M_BIT)? "+M": "-M",
1478 (p[5] & MPPE_S_BIT)? "+S": "-S",
1479 (p[5] & MPPE_L_BIT)? "+L": "-L",
1480 (p[5] & MPPE_D_BIT)? "+D": "-D",
1481 (p[5] & MPPE_C_BIT)? "+C": "-C",
1482 (mppe_opts & MPPE_OPT_UNKNOWN)? " +U": "");
1488 case CI_DEFLATE_DRAFT:
1489 if (optlen >= CILEN_DEFLATE) {
1490 printer(arg, "deflate%s %d",
1491 (code == CI_DEFLATE_DRAFT? "(old#)": ""),
1492 DEFLATE_SIZE(p[2]));
1493 if (DEFLATE_METHOD(p[2]) != DEFLATE_METHOD_VAL)
1494 printer(arg, " method %d", DEFLATE_METHOD(p[2]));
1495 if (p[3] != DEFLATE_CHK_SEQUENCE)
1496 printer(arg, " check %d", p[3]);
1500 case CI_BSD_COMPRESS:
1501 if (optlen >= CILEN_BSD_COMPRESS) {
1502 printer(arg, "bsd v%d %d", BSD_VERSION(p[2]),
1504 p += CILEN_BSD_COMPRESS;
1507 case CI_PREDICTOR_1:
1508 if (optlen >= CILEN_PREDICTOR_1) {
1509 printer(arg, "predictor 1");
1510 p += CILEN_PREDICTOR_1;
1513 case CI_PREDICTOR_2:
1514 if (optlen >= CILEN_PREDICTOR_2) {
1515 printer(arg, "predictor 2");
1516 p += CILEN_PREDICTOR_2;
1521 printer(arg, " %.2x", *p++);
1528 if (len > 0 && *p >= ' ' && *p < 0x7f) {
1529 print_string((char *)p, len, printer, arg);
1536 /* dump out the rest of the packet in hex */
1538 printer(arg, " %.2x", *p++);
1544 * We have received a packet that the decompressor failed to
1545 * decompress. Here we would expect to issue a reset-request, but
1546 * Motorola has a patent on resetting the compressor as a result of
1547 * detecting an error in the decompressed data after decompression.
1548 * (See US patent 5,130,993; international patent publication number
1549 * WO 91/10289; Australian patent 73296/91.)
1551 * So we ask the kernel whether the error was detected after
1552 * decompression; if it was, we take CCP down, thus disabling
1553 * compression :-(, otherwise we issue the reset-request.
1556 ccp_datainput(unit, pkt, len)
1564 if (f->state == OPENED) {
1565 if (ccp_fatal_error(unit)) {
1567 * Disable compression by taking CCP down.
1569 error("Lost compression sync: disabling compression");
1570 ccp_close(unit, "Lost compression sync");
1573 * If we were doing MPPE, we must also take the link down.
1575 if (ccp_gotoptions[unit].mppe) {
1576 error("Too many MPPE errors, closing LCP");
1577 lcp_close(unit, "Too many MPPE errors");
1582 * Send a reset-request to reset the peer's compressor.
1583 * We don't do that if we are still waiting for an
1584 * acknowledgement to a previous reset-request.
1586 if (!(ccp_localstate[f->unit] & RACK_PENDING)) {
1587 fsm_sdata(f, CCP_RESETREQ, f->reqid = ++f->id, NULL, 0);
1588 TIMEOUT(ccp_rack_timeout, f, RACKTIMEOUT);
1589 ccp_localstate[f->unit] |= RACK_PENDING;
1591 ccp_localstate[f->unit] |= RREQ_REPEAT;
1597 * Timeout waiting for reset-ack.
1600 ccp_rack_timeout(arg)
1605 if (f->state == OPENED && ccp_localstate[f->unit] & RREQ_REPEAT) {
1606 fsm_sdata(f, CCP_RESETREQ, f->reqid, NULL, 0);
1607 TIMEOUT(ccp_rack_timeout, f, RACKTIMEOUT);
1608 ccp_localstate[f->unit] &= ~RREQ_REPEAT;
1610 ccp_localstate[f->unit] &= ~RACK_PENDING;