X-Git-Url: http://git.ozlabs.org/?p=ppp.git;a=blobdiff_plain;f=pppd%2Flcp.c;h=f9d6c1cc9b9c2fd91bae5f623ae987085a4d5313;hp=4e5aec8958de48af6dafd82ecac9e0edd8aa40b9;hb=12d602f52c8ad30af025cf1e063af67c78cd68ad;hpb=adc8347e757be7d7ccd220fd09d22c48884e64bc diff --git a/pppd/lcp.c b/pppd/lcp.c index 4e5aec8..f9d6c1c 100644 --- a/pppd/lcp.c +++ b/pppd/lcp.c @@ -18,7 +18,7 @@ */ #ifndef lint -static char rcsid[] = "$Id: lcp.c,v 1.16 1994/12/12 22:54:59 paulus Exp $"; +static char rcsid[] = "$Id: lcp.c,v 1.21 1995/08/10 06:51:06 paulus Exp $"; #endif /* @@ -45,7 +45,7 @@ static char rcsid[] = "$Id: lcp.c,v 1.16 1994/12/12 22:54:59 paulus Exp $"; #ifdef _linux_ /* Needs ppp ioctls */ #include -#include +#include #endif /* global vars */ @@ -60,6 +60,8 @@ static u_int32_t lcp_echos_pending = 0; /* Number of outstanding echo msgs */ static u_int32_t lcp_echo_number = 0; /* ID number of next echo frame */ static u_int32_t lcp_echo_timer_running = 0; /* TRUE if a timer is running */ +static u_char nak_buffer[PPP_MRU]; /* where we construct a nak packet */ + #ifdef _linux_ u_int32_t idle_timer_running = 0; extern int idle_time_limit; @@ -111,7 +113,7 @@ static fsm_callbacks lcp_callbacks = { /* LCP callback routines */ "LCP" /* String name of protocol */ }; -int lcp_warnloops = DEFWARNLOOPS; /* Warn about a loopback this often */ +int lcp_loopbackfail = DEFLOOPBACKFAIL; /* * Length of each type of configuration option (in octets) @@ -230,32 +232,25 @@ RestartIdleTimer (f) fsm *f; { u_long delta; - struct ppp_ddinfo ddinfo; - u_long latest; + struct ppp_idle ddinfo; /* * Read the time since the last packet was received. */ - if (ioctl (fd, PPPIOCGTIME, &ddinfo) < 0) { - syslog (LOG_ERR, "ioctl(PPPIOCGTIME): %m"); + if (ioctl (fd, PPPIOCGIDLE, &ddinfo) < 0) { + syslog (LOG_ERR, "ioctl(PPPIOCGIDLE): %m"); die (1); } -/* - * Choose the most recient IP activity. It may be a read or write frame - */ - latest = ddinfo.ip_sjiffies < ddinfo.ip_rjiffies ? ddinfo.ip_sjiffies - : ddinfo.ip_rjiffies; /* * Compute the time since the last packet was received. If the timer - * has expired then send the echo request and reset the timer to maximum. + * has expired then disconnect the line. */ - delta = (idle_time_limit * HZ) - latest; - if (((int) delta < HZ || (int) latest < 0L) && f->state == OPENED) { - syslog (LOG_NOTICE, "No IP frames exchanged within idle time limit"); + delta = idle_time_limit - (u_long) ddinfo.recv_idle; + if (((int) delta <= 0L) && (f->state == OPENED)) { + syslog (LOG_NOTICE, "No IP frames received within idle time limit"); lcp_close(f->unit); /* Reset connection */ phase = PHASE_TERMINATE; /* Mark it down */ } else { - delta = (delta + HZ - 1) / HZ; - if (delta == 0) + if ((int) delta <= 0L) delta = (u_long) idle_time_limit; assert (idle_timer_running==0); TIMEOUT (IdleTimeCheck, (caddr_t) f, delta); @@ -689,12 +684,13 @@ lcp_nakci(f, p, len) { lcp_options *go = &lcp_gotoptions[f->unit]; lcp_options *wo = &lcp_wantoptions[f->unit]; - u_char cilen, citype, cichar, *next; + u_char citype, cichar, *next; u_short cishort; u_int32_t cilong; lcp_options no; /* options we've seen Naks for */ lcp_options try; /* options to request next time */ int looped_back = 0; + int cilen; BZERO(&no, sizeof(no)); try = *go; @@ -772,21 +768,67 @@ lcp_nakci(f, p, len) if (cishort <= wo->mru || cishort < DEFMRU) try.mru = cishort; ); + /* * Add any characters they want to our (receive-side) asyncmap. */ NAKCILONG(CI_ASYNCMAP, neg_asyncmap, try.asyncmap = go->asyncmap | cilong; ); + /* - * If they can't cope with our CHAP hash algorithm, we'll have - * to stop asking for CHAP. We haven't got any other algorithm. + * If they've nak'd our authentication-protocol, check whether + * they are proposing a different protocol, or a different + * hash algorithm for CHAP. */ - NAKCICHAP(CI_AUTHTYPE, neg_chap, - try.neg_chap = 0; - ); + if ((go->neg_chap || go->neg_upap) + && len >= CILEN_SHORT + && p[0] == CI_AUTHTYPE && p[1] >= CILEN_SHORT) { + cilen = p[1]; + INCPTR(2, p); + GETSHORT(cishort, p); + if (cishort == PPP_PAP && cilen == CILEN_SHORT) { + /* + * If they are asking for PAP, then they don't want to do CHAP. + * If we weren't asking for CHAP, then we were asking for PAP, + * in which case this Nak is bad. + */ + if (!go->neg_chap) + goto bad; + go->neg_chap = 0; + + } else if (cishort == PPP_CHAP && cilen == CILEN_CHAP) { + GETCHAR(cichar, p); + if (go->neg_chap) { + /* + * We were asking for CHAP/MD5; they must want a different + * algorithm. If they can't do MD5, we'll have to stop + * asking for CHAP. + */ + if (cichar != go->chap_mdtype) + go->neg_chap = 0; + } else { + /* + * Stop asking for PAP if we were asking for it. + */ + go->neg_upap = 0; + } + + } else { + /* + * We don't recognize what they're suggesting. + * Stop asking for what we were asking for. + */ + if (go->neg_chap) + go->neg_chap = 0; + else + go->neg_upap = 0; + p += cilen - CILEN_SHORT; + } + } + /* - * Peer shouldn't send Nak for UPAP, protocol compression or + * Peer shouldn't send Nak for protocol compression or * address/control compression requests; they should send * a Reject instead. If they send a Nak, treat it as a Reject. */ @@ -795,6 +837,7 @@ lcp_nakci(f, p, len) try.neg_upap = 0; ); } + /* * If they can't cope with our link quality protocol, we'll have * to stop asking for LQR. We haven't got any other protocol. @@ -806,12 +849,12 @@ lcp_nakci(f, p, len) else try.lqr_period = cilong; ); + /* * Check for a looped-back line. */ NAKCILONG(CI_MAGICNUMBER, neg_magicnumber, try.magicnumber = magic(); - ++try.numloops; looped_back = 1; ); @@ -835,11 +878,13 @@ lcp_nakci(f, p, len) * `let me authenticate myself with you' which is a bit pointless. * For the quality protocol, the Nak means `ask me to send you quality * reports', but if we didn't ask for them, we don't want them. + * An option we don't recognize represents the peer asking to + * negotiate some option we don't support, so ignore it. */ while (len > CILEN_VOID) { GETCHAR(citype, p); GETCHAR(cilen, p); - if( (len -= cilen) < 0 ) + if ((len -= cilen) < 0) goto bad; next = p + cilen - 2; @@ -875,8 +920,6 @@ lcp_nakci(f, p, len) if (go->neg_lqr || no.neg_lqr || cilen != CILEN_LQR) goto bad; break; - default: - goto bad; } p = next; } @@ -889,9 +932,14 @@ lcp_nakci(f, p, len) * OK, the Nak is good. Now we can update state. */ if (f->state != OPENED) { + if (looped_back) { + if (++try.numloops >= lcp_loopbackfail) { + syslog(LOG_NOTICE, "Serial line is looped back."); + lcp_close(f->unit); + } + } else + try.numloops = 0; *go = try; - if (looped_back && try.numloops % lcp_warnloops == 0) - syslog(LOG_WARNING, "Serial line appears to be looped back."); } return 1; @@ -969,6 +1017,7 @@ lcp_rejci(f, p, len) if (cishort != val || cichar != digest) \ goto bad; \ try.neg = 0; \ + try.neg_upap = 0; \ LCPDEBUG((LOG_INFO,"lcp_rejci rejected chap opt %d", opt)); \ } #define REJCILONG(opt, neg, val) \ @@ -1056,7 +1105,8 @@ lcp_reqci(f, inp, lenp, reject_if_disagree) int rc = CONFACK; /* Final packet return code */ int orc; /* Individual option return code */ u_char *p; /* Pointer to next char to parse */ - u_char *ucp = inp; /* Pointer to current output char */ + u_char *rejp; /* Pointer to next char in reject frame */ + u_char *nakp; /* Pointer to next char in Nak frame */ int l = *lenp; /* Length left */ /* @@ -1068,6 +1118,8 @@ lcp_reqci(f, inp, lenp, reject_if_disagree) * Process all his options. */ next = inp; + nakp = nak_buffer; + rejp = inp; while (l) { orc = CONFACK; /* Assume success */ cip = p = next; /* Remember begining of CI */ @@ -1103,10 +1155,9 @@ lcp_reqci(f, inp, lenp, reject_if_disagree) */ if (cishort < MINMRU) { orc = CONFNAK; /* Nak CI */ - if( !reject_if_disagree ){ - DECPTR(sizeof (short), p); /* Backup */ - PUTSHORT(MINMRU, p); /* Give him a hint */ - } + PUTCHAR(CI_MRU, nakp); + PUTCHAR(CILEN_SHORT, nakp); + PUTSHORT(MINMRU, nakp); /* Give him a hint */ break; } ho->neg_mru = 1; /* Remember he sent MRU */ @@ -1129,10 +1180,9 @@ lcp_reqci(f, inp, lenp, reject_if_disagree) */ if ((ao->asyncmap & ~cilong) != 0) { orc = CONFNAK; - if( !reject_if_disagree ){ - DECPTR(sizeof(u_int32_t), p); - PUTLONG(ao->asyncmap | cilong, p); - } + PUTCHAR(CI_ASYNCMAP, nakp); + PUTCHAR(CILEN_LONG, nakp); + PUTLONG(ao->asyncmap | cilong, nakp); break; } ho->neg_asyncmap = 1; @@ -1143,6 +1193,9 @@ lcp_reqci(f, inp, lenp, reject_if_disagree) LCPDEBUG((LOG_INFO, "lcp_reqci: rcvd AUTHTYPE")); if (cilen < CILEN_SHORT || !(ao->neg_upap || ao->neg_chap)) { + /* + * Reject the option if we're not willing to authenticate. + */ orc = CONFREJ; break; } @@ -1161,33 +1214,46 @@ lcp_reqci(f, inp, lenp, reject_if_disagree) */ if (cishort == PPP_PAP) { - if (!ao->neg_upap || /* we don't want to do PAP */ - ho->neg_chap || /* or we've already accepted CHAP */ + if (ho->neg_chap || /* we've already accepted CHAP */ cilen != CILEN_SHORT) { LCPDEBUG((LOG_WARNING, "lcp_reqci: rcvd AUTHTYPE PAP, rejecting...")); orc = CONFREJ; break; } + if (!ao->neg_upap) { /* we don't want to do PAP */ + orc = CONFNAK; /* NAK it and suggest CHAP */ + PUTCHAR(CI_AUTHTYPE, nakp); + PUTCHAR(CILEN_CHAP, nakp); + PUTSHORT(PPP_CHAP, nakp); + PUTCHAR(ao->chap_mdtype, nakp); + break; + } ho->neg_upap = 1; break; } if (cishort == PPP_CHAP) { - if (!ao->neg_chap || /* we don't want to do CHAP */ - ho->neg_upap || /* or we've already accepted UPAP */ + if (ho->neg_upap || /* we've already accepted PAP */ cilen != CILEN_CHAP) { LCPDEBUG((LOG_INFO, "lcp_reqci: rcvd AUTHTYPE CHAP, rejecting...")); orc = CONFREJ; break; } + if (!ao->neg_chap) { /* we don't want to do CHAP */ + orc = CONFNAK; /* NAK it and suggest PAP */ + PUTCHAR(CI_AUTHTYPE, nakp); + PUTCHAR(CILEN_SHORT, nakp); + PUTSHORT(PPP_PAP, nakp); + break; + } GETCHAR(cichar, p); /* get digest type*/ if (cichar != ao->chap_mdtype) { orc = CONFNAK; - if( !reject_if_disagree ){ - DECPTR(sizeof (u_char), p); - PUTCHAR(ao->chap_mdtype, p); - } + PUTCHAR(CI_AUTHTYPE, nakp); + PUTCHAR(CILEN_CHAP, nakp); + PUTSHORT(PPP_CHAP, nakp); + PUTCHAR(ao->chap_mdtype, nakp); break; } ho->chap_mdtype = cichar; /* save md type */ @@ -1197,9 +1263,19 @@ lcp_reqci(f, inp, lenp, reject_if_disagree) /* * We don't recognize the protocol they're asking for. - * Reject it. + * Nak it with something we're willing to do. + * (At this point we know ao->neg_upap || ao->neg_chap.) */ - orc = CONFREJ; + orc = CONFNAK; + PUTCHAR(CI_AUTHTYPE, nakp); + if (ao->neg_chap) { + PUTCHAR(CILEN_CHAP, nakp); + PUTSHORT(PPP_CHAP, nakp); + PUTCHAR(ao->chap_mdtype, nakp); + } else { + PUTCHAR(CILEN_SHORT, nakp); + PUTSHORT(PPP_PAP, nakp); + } break; case CI_QUALITY: @@ -1213,15 +1289,19 @@ lcp_reqci(f, inp, lenp, reject_if_disagree) GETSHORT(cishort, p); GETLONG(cilong, p); LCPDEBUG((LOG_INFO, "(%x %x)", cishort, (unsigned int) cilong)); - if (cishort != PPP_LQR) { - orc = CONFREJ; - break; - } /* - * Check the reporting period. + * Check the protocol and the reporting period. * XXX When should we Nak this, and what with? */ + if (cishort != PPP_LQR) { + orc = CONFNAK; + PUTCHAR(CI_QUALITY, nakp); + PUTCHAR(CILEN_LQR, nakp); + PUTSHORT(PPP_LQR, nakp); + PUTLONG(ao->lqr_period, nakp); + break; + } break; case CI_MAGICNUMBER: @@ -1239,10 +1319,11 @@ lcp_reqci(f, inp, lenp, reject_if_disagree) */ if (go->neg_magicnumber && cilong == go->magicnumber) { - orc = CONFNAK; - DECPTR(sizeof(u_int32_t), p); cilong = magic(); /* Don't put magic() inside macro! */ - PUTLONG(cilong, p); + orc = CONFNAK; + PUTCHAR(CI_MAGICNUMBER, nakp); + PUTCHAR(CILEN_LONG, nakp); + PUTLONG(cilong, nakp); break; } ho->neg_magicnumber = 1; @@ -1284,35 +1365,46 @@ endswitch: continue; /* Don't send this one */ if (orc == CONFNAK) { /* Nak this CI? */ - if (reject_if_disagree) /* Getting fed up with sending NAKs? */ + if (reject_if_disagree /* Getting fed up with sending NAKs? */ + && citype != CI_MAGICNUMBER) { orc = CONFREJ; /* Get tough if so */ - else { + } else { if (rc == CONFREJ) /* Rejecting prior CI? */ continue; /* Don't send this one */ - if (rc == CONFACK) { /* Ack'd all prior CIs? */ - rc = CONFNAK; /* Not anymore... */ - ucp = inp; /* Backup */ - } + rc = CONFNAK; } } - if (orc == CONFREJ && /* Reject this CI */ - rc != CONFREJ) { /* but no prior ones? */ + if (orc == CONFREJ) { /* Reject this CI */ rc = CONFREJ; - ucp = inp; /* Backup */ + if (cip != rejp) /* Need to move rejected CI? */ + BCOPY(cip, rejp, cilen); /* Move it */ + INCPTR(cilen, rejp); /* Update output pointer */ } - if (ucp != cip) /* Need to move CI? */ - BCOPY(cip, ucp, cilen); /* Move it */ - INCPTR(cilen, ucp); /* Update output pointer */ } /* * If we wanted to send additional NAKs (for unsent CIs), the - * code would go here. This must be done with care since it might - * require a longer packet than we received. At present there - * are no cases where we want to ask the peer to negotiate an option. + * code would go here. The extra NAKs would go at *nakp. + * At present there are no cases where we want to ask the + * peer to negotiate an option. */ - *lenp = ucp - inp; /* Compute output length */ + switch (rc) { + case CONFACK: + *lenp = next - inp; + break; + case CONFNAK: + /* + * Copy the Nak'd options from the nak_buffer to the caller's buffer. + */ + *lenp = nakp - nak_buffer; + BCOPY(nak_buffer, inp, *lenp); + break; + case CONFREJ: + *lenp = rejp - inp; + break; + } + LCPDEBUG((LOG_INFO, "lcp_reqci: returning CONF%s.", CODENAME(rc))); return (rc); /* Return final code */ } @@ -1572,43 +1664,36 @@ static void LcpEchoCheck (f) fsm *f; { - u_int32_t delta; + long int delta; #ifdef __linux__ - struct ppp_ddinfo ddinfo; - u_int32_t latest; + struct ppp_idle ddinfo; /* * Read the time since the last packet was received. */ - if (ioctl (fd, PPPIOCGTIME, &ddinfo) < 0) { - syslog (LOG_ERR, "ioctl(PPPIOCGTIME): %m"); + if (ioctl (fd, PPPIOCGIDLE, &ddinfo) < 0) { + syslog (LOG_ERR, "ioctl(PPPIOCGIDLE): %m"); die (1); } -/* - * Choose the most recient frame received. It may be an IP or NON-IP frame. - */ - latest = ddinfo.nip_rjiffies < ddinfo.ip_rjiffies ? ddinfo.nip_rjiffies - : ddinfo.ip_rjiffies; /* * Compute the time since the last packet was received. If the timer * has expired then send the echo request and reset the timer to maximum. */ - delta = (lcp_echo_interval * HZ) - latest; - if (delta < HZ || latest < 0L) { + delta = (long int) lcp_echo_interval - (long int) ddinfo.recv_idle; + if (delta < 0L) { LcpSendEchoRequest (f); - delta = lcp_echo_interval * HZ; + delta = (int) lcp_echo_interval; } - delta /= HZ; #else /* Other implementations do not have ability to find delta */ LcpSendEchoRequest (f); - delta = lcp_echo_interval; + delta = (int) lcp_echo_interval; #endif /* * Start the timer for the next interval. */ assert (lcp_echo_timer_running==0); - TIMEOUT (LcpEchoTimeout, (caddr_t) f, delta); + TIMEOUT (LcpEchoTimeout, (caddr_t) f, (u_int32_t) delta); lcp_echo_timer_running = 1; }