*/
#ifndef lint
-static char rcsid[] = "$Id: lcp.c,v 1.14 1994/09/21 06:47:37 paulus Exp $";
+static char rcsid[] = "$Id: lcp.c,v 1.19 1995/05/19 03:25:16 paulus Exp $";
#endif
/*
#include "ipcp.h"
#ifdef _linux_ /* Needs ppp ioctls */
-#include <linux/ppp.h>
+#include <net/if.h>
+#include <linux/if_ppp.h>
#endif
/* global vars */
-fsm lcp_fsm[N_PPP]; /* LCP fsm structure (global)*/
-lcp_options lcp_wantoptions[N_PPP]; /* Options that we want to request */
-lcp_options lcp_gotoptions[N_PPP]; /* Options that peer ack'd */
-lcp_options lcp_allowoptions[N_PPP]; /* Options we allow peer to request */
-lcp_options lcp_hisoptions[N_PPP]; /* Options that we ack'd */
-u_int32_t xmit_accm[N_PPP][8]; /* extended transmit ACCM */
+fsm lcp_fsm[NUM_PPP]; /* LCP fsm structure (global)*/
+lcp_options lcp_wantoptions[NUM_PPP]; /* Options that we want to request */
+lcp_options lcp_gotoptions[NUM_PPP]; /* Options that peer ack'd */
+lcp_options lcp_allowoptions[NUM_PPP]; /* Options we allow peer to request */
+lcp_options lcp_hisoptions[NUM_PPP]; /* Options that we ack'd */
+u_int32_t xmit_accm[NUM_PPP][8]; /* extended transmit ACCM */
static u_int32_t lcp_echos_pending = 0; /* Number of outstanding echo msgs */
static u_int32_t lcp_echo_number = 0; /* ID number of next echo frame */
static u_int32_t lcp_echo_timer_running = 0; /* TRUE if a timer is running */
+static u_char nak_buffer[PPP_MRU]; /* where we construct a nak packet */
+
+#ifdef _linux_
+u_int32_t idle_timer_running = 0;
+extern int idle_time_limit;
+#endif
+
/*
* Callbacks for fsm code. (CI = Configuration Information)
*/
"LCP" /* String name of protocol */
};
-int lcp_warnloops = DEFWARNLOOPS; /* Warn about a loopback this often */
+int lcp_loopbackfail = DEFLOOPBACKFAIL;
/*
* Length of each type of configuration option (in octets)
fsm_close(&lcp_fsm[unit]);
}
+#ifdef _linux_
+static void IdleTimeCheck __P((caddr_t));
+
+/*
+ * Timer expired for the LCP echo requests from this process.
+ */
+
+static void
+RestartIdleTimer (f)
+ fsm *f;
+{
+ u_long delta;
+ struct ppp_ddinfo ddinfo;
+ u_long latest;
+/*
+ * Read the time since the last packet was received.
+ */
+ if (ioctl (fd, PPPIOCGTIME, &ddinfo) < 0) {
+ syslog (LOG_ERR, "ioctl(PPPIOCGTIME): %m");
+ die (1);
+ }
+/*
+ * Choose the most recient IP activity. It may be a read or write frame
+ */
+ latest = ddinfo.ip_sjiffies < ddinfo.ip_rjiffies ? ddinfo.ip_sjiffies
+ : ddinfo.ip_rjiffies;
+/*
+ * Compute the time since the last packet was received. If the timer
+ * has expired then send the echo request and reset the timer to maximum.
+ */
+ delta = (idle_time_limit * HZ) - latest;
+ if (((int) delta < HZ || (int) latest < 0L) && f->state == OPENED) {
+ syslog (LOG_NOTICE, "No IP frames exchanged within idle time limit");
+ lcp_close(f->unit); /* Reset connection */
+ phase = PHASE_TERMINATE; /* Mark it down */
+ } else {
+ delta = (delta + HZ - 1) / HZ;
+ if (delta == 0)
+ delta = (u_long) idle_time_limit;
+ assert (idle_timer_running==0);
+ TIMEOUT (IdleTimeCheck, (caddr_t) f, delta);
+ idle_timer_running = 1;
+ }
+}
+
+/*
+ * IdleTimeCheck - Timer expired on the IDLE detection for IP frames
+ */
+
+static void
+IdleTimeCheck (arg)
+ caddr_t arg;
+{
+ if (idle_timer_running != 0) {
+ idle_timer_running = 0;
+ RestartIdleTimer ((fsm *) arg);
+ }
+}
+#endif
/*
* lcp_lowerup - The lower layer is up.
{
lcp_options *go = &lcp_gotoptions[f->unit];
lcp_options *wo = &lcp_wantoptions[f->unit];
- u_char cilen, citype, cichar, *next;
+ u_char citype, cichar, *next;
u_short cishort;
u_int32_t cilong;
lcp_options no; /* options we've seen Naks for */
lcp_options try; /* options to request next time */
int looped_back = 0;
+ int cilen;
BZERO(&no, sizeof(no));
try = *go;
if (cishort <= wo->mru || cishort < DEFMRU)
try.mru = cishort;
);
+
/*
* Add any characters they want to our (receive-side) asyncmap.
*/
NAKCILONG(CI_ASYNCMAP, neg_asyncmap,
try.asyncmap = go->asyncmap | cilong;
);
+
/*
- * If they can't cope with our CHAP hash algorithm, we'll have
- * to stop asking for CHAP. We haven't got any other algorithm.
+ * If they've nak'd our authentication-protocol, check whether
+ * they are proposing a different protocol, or a different
+ * hash algorithm for CHAP.
*/
- NAKCICHAP(CI_AUTHTYPE, neg_chap,
- try.neg_chap = 0;
- );
+ if ((go->neg_chap || go->neg_upap)
+ && len >= CILEN_SHORT
+ && p[0] == CI_AUTHTYPE && p[1] >= CILEN_SHORT) {
+ cilen = p[1];
+ INCPTR(2, p);
+ GETSHORT(cishort, p);
+ if (cishort == PPP_PAP && cilen == CILEN_SHORT) {
+ /*
+ * If they are asking for PAP, then they don't want to do CHAP.
+ * If we weren't asking for CHAP, then we were asking for PAP,
+ * in which case this Nak is bad.
+ */
+ if (!go->neg_chap)
+ goto bad;
+ go->neg_chap = 0;
+
+ } else if (cishort == PPP_CHAP && cilen == CILEN_CHAP) {
+ GETCHAR(cichar, p);
+ if (go->neg_chap) {
+ /*
+ * We were asking for CHAP/MD5; they must want a different
+ * algorithm. If they can't do MD5, we'll have to stop
+ * asking for CHAP.
+ */
+ if (cichar != go->chap_mdtype)
+ go->neg_chap = 0;
+ } else {
+ /*
+ * Stop asking for PAP if we were asking for it.
+ */
+ go->neg_upap = 0;
+ }
+
+ } else {
+ /*
+ * We don't recognize what they're suggesting.
+ * Stop asking for what we were asking for.
+ */
+ if (go->neg_chap)
+ go->neg_chap = 0;
+ else
+ go->neg_upap = 0;
+ p += cilen - CILEN_SHORT;
+ }
+ }
+
/*
- * Peer shouldn't send Nak for UPAP, protocol compression or
+ * Peer shouldn't send Nak for protocol compression or
* address/control compression requests; they should send
* a Reject instead. If they send a Nak, treat it as a Reject.
*/
try.neg_upap = 0;
);
}
+
/*
* If they can't cope with our link quality protocol, we'll have
* to stop asking for LQR. We haven't got any other protocol.
else
try.lqr_period = cilong;
);
+
/*
* Check for a looped-back line.
*/
NAKCILONG(CI_MAGICNUMBER, neg_magicnumber,
try.magicnumber = magic();
- ++try.numloops;
looped_back = 1;
);
* OK, the Nak is good. Now we can update state.
*/
if (f->state != OPENED) {
+ if (looped_back) {
+ if (++try.numloops >= lcp_loopbackfail) {
+ syslog(LOG_NOTICE, "Serial line is looped back.");
+ lcp_close(f->unit);
+ }
+ } else
+ try.numloops = 0;
*go = try;
- if (looped_back && try.numloops % lcp_warnloops == 0)
- syslog(LOG_WARNING, "Serial line appears to be looped back.");
}
return 1;
if (cishort != val || cichar != digest) \
goto bad; \
try.neg = 0; \
+ try.neg_upap = 0; \
LCPDEBUG((LOG_INFO,"lcp_rejci rejected chap opt %d", opt)); \
}
#define REJCILONG(opt, neg, val) \
int rc = CONFACK; /* Final packet return code */
int orc; /* Individual option return code */
u_char *p; /* Pointer to next char to parse */
- u_char *ucp = inp; /* Pointer to current output char */
+ u_char *rejp; /* Pointer to next char in reject frame */
+ u_char *nakp; /* Pointer to next char in Nak frame */
int l = *lenp; /* Length left */
/*
* Process all his options.
*/
next = inp;
+ nakp = nak_buffer;
+ rejp = inp;
while (l) {
orc = CONFACK; /* Assume success */
cip = p = next; /* Remember begining of CI */
*/
if (cishort < MINMRU) {
orc = CONFNAK; /* Nak CI */
- if( !reject_if_disagree ){
- DECPTR(sizeof (short), p); /* Backup */
- PUTSHORT(MINMRU, p); /* Give him a hint */
- }
+ PUTCHAR(CI_MRU, nakp);
+ PUTCHAR(CILEN_SHORT, nakp);
+ PUTSHORT(MINMRU, nakp); /* Give him a hint */
break;
}
ho->neg_mru = 1; /* Remember he sent MRU */
break;
}
GETLONG(cilong, p);
- LCPDEBUG((LOG_INFO, "(%lx)", cilong));
+ LCPDEBUG((LOG_INFO, "(%x)", (unsigned int) cilong));
/*
* Asyncmap must have set at least the bits
*/
if ((ao->asyncmap & ~cilong) != 0) {
orc = CONFNAK;
- if( !reject_if_disagree ){
- DECPTR(sizeof (long), p);
- PUTLONG(ao->asyncmap | cilong, p);
- }
+ PUTCHAR(CI_ASYNCMAP, nakp);
+ PUTCHAR(CILEN_LONG, nakp);
+ PUTLONG(ao->asyncmap | cilong, nakp);
break;
}
ho->neg_asyncmap = 1;
LCPDEBUG((LOG_INFO, "lcp_reqci: rcvd AUTHTYPE"));
if (cilen < CILEN_SHORT ||
!(ao->neg_upap || ao->neg_chap)) {
+ /*
+ * Reject the option if we're not willing to authenticate.
+ */
orc = CONFREJ;
break;
}
*/
if (cishort == PPP_PAP) {
- if (!ao->neg_upap || /* we don't want to do PAP */
- ho->neg_chap || /* or we've already accepted CHAP */
+ if (ho->neg_chap || /* we've already accepted CHAP */
cilen != CILEN_SHORT) {
LCPDEBUG((LOG_WARNING,
"lcp_reqci: rcvd AUTHTYPE PAP, rejecting..."));
orc = CONFREJ;
break;
}
+ if (!ao->neg_upap) { /* we don't want to do PAP */
+ orc = CONFNAK; /* NAK it and suggest CHAP */
+ PUTCHAR(CI_AUTHTYPE, nakp);
+ PUTCHAR(CILEN_CHAP, nakp);
+ PUTSHORT(PPP_CHAP, nakp);
+ PUTCHAR(ao->chap_mdtype, nakp);
+ break;
+ }
ho->neg_upap = 1;
break;
}
if (cishort == PPP_CHAP) {
- if (!ao->neg_chap || /* we don't want to do CHAP */
- ho->neg_upap || /* or we've already accepted UPAP */
+ if (ho->neg_upap || /* we've already accepted PAP */
cilen != CILEN_CHAP) {
LCPDEBUG((LOG_INFO,
"lcp_reqci: rcvd AUTHTYPE CHAP, rejecting..."));
orc = CONFREJ;
break;
}
+ if (!ao->neg_chap) { /* we don't want to do CHAP */
+ orc = CONFNAK; /* NAK it and suggest PAP */
+ PUTCHAR(CI_AUTHTYPE, nakp);
+ PUTCHAR(CILEN_SHORT, nakp);
+ PUTSHORT(PPP_PAP, nakp);
+ break;
+ }
GETCHAR(cichar, p); /* get digest type*/
if (cichar != ao->chap_mdtype) {
orc = CONFNAK;
- if( !reject_if_disagree ){
- DECPTR(sizeof (u_char), p);
- PUTCHAR(ao->chap_mdtype, p);
- }
+ PUTCHAR(CI_AUTHTYPE, nakp);
+ PUTCHAR(CILEN_CHAP, nakp);
+ PUTSHORT(PPP_CHAP, nakp);
+ PUTCHAR(ao->chap_mdtype, nakp);
break;
}
ho->chap_mdtype = cichar; /* save md type */
/*
* We don't recognize the protocol they're asking for.
- * Reject it.
+ * Nak it with something we're willing to do.
+ * (At this point we know ao->neg_upap || ao->neg_chap.)
*/
- orc = CONFREJ;
+ orc = CONFNAK;
+ PUTCHAR(CI_AUTHTYPE, nakp);
+ if (ao->neg_chap) {
+ PUTCHAR(CILEN_CHAP, nakp);
+ PUTSHORT(PPP_CHAP, nakp);
+ PUTCHAR(ao->chap_mdtype, nakp);
+ } else {
+ PUTCHAR(CILEN_SHORT, nakp);
+ PUTSHORT(PPP_PAP, nakp);
+ }
break;
case CI_QUALITY:
GETSHORT(cishort, p);
GETLONG(cilong, p);
- LCPDEBUG((LOG_INFO, "(%x %lx)", cishort, cilong));
- if (cishort != PPP_LQR) {
- orc = CONFREJ;
- break;
- }
+ LCPDEBUG((LOG_INFO, "(%x %x)", cishort, (unsigned int) cilong));
/*
- * Check the reporting period.
+ * Check the protocol and the reporting period.
* XXX When should we Nak this, and what with?
*/
+ if (cishort != PPP_LQR) {
+ orc = CONFNAK;
+ PUTCHAR(CI_QUALITY, nakp);
+ PUTCHAR(CILEN_LQR, nakp);
+ PUTSHORT(PPP_LQR, nakp);
+ PUTLONG(ao->lqr_period, nakp);
+ break;
+ }
break;
case CI_MAGICNUMBER:
break;
}
GETLONG(cilong, p);
- LCPDEBUG((LOG_INFO, "(%lx)", cilong));
+ LCPDEBUG((LOG_INFO, "(%x)", (unsigned int) cilong));
/*
* He must have a different magic number.
*/
if (go->neg_magicnumber &&
cilong == go->magicnumber) {
- orc = CONFNAK;
- DECPTR(sizeof (long), p);
cilong = magic(); /* Don't put magic() inside macro! */
- PUTLONG(cilong, p);
+ orc = CONFNAK;
+ PUTCHAR(CI_MAGICNUMBER, nakp);
+ PUTCHAR(CILEN_LONG, nakp);
+ PUTLONG(cilong, nakp);
break;
}
ho->neg_magicnumber = 1;
continue; /* Don't send this one */
if (orc == CONFNAK) { /* Nak this CI? */
- if (reject_if_disagree) /* Getting fed up with sending NAKs? */
+ if (reject_if_disagree /* Getting fed up with sending NAKs? */
+ && citype != CI_MAGICNUMBER) {
orc = CONFREJ; /* Get tough if so */
- else {
+ } else {
if (rc == CONFREJ) /* Rejecting prior CI? */
continue; /* Don't send this one */
- if (rc == CONFACK) { /* Ack'd all prior CIs? */
- rc = CONFNAK; /* Not anymore... */
- ucp = inp; /* Backup */
- }
+ rc = CONFNAK;
}
}
- if (orc == CONFREJ && /* Reject this CI */
- rc != CONFREJ) { /* but no prior ones? */
+ if (orc == CONFREJ) { /* Reject this CI */
rc = CONFREJ;
- ucp = inp; /* Backup */
+ if (cip != rejp) /* Need to move rejected CI? */
+ BCOPY(cip, rejp, cilen); /* Move it */
+ INCPTR(cilen, rejp); /* Update output pointer */
}
- if (ucp != cip) /* Need to move CI? */
- BCOPY(cip, ucp, cilen); /* Move it */
- INCPTR(cilen, ucp); /* Update output pointer */
}
/*
* If we wanted to send additional NAKs (for unsent CIs), the
- * code would go here. This must be done with care since it might
- * require a longer packet than we received. At present there
- * are no cases where we want to ask the peer to negotiate an option.
+ * code would go here. The extra NAKs would go at *nakp.
+ * At present there are no cases where we want to ask the
+ * peer to negotiate an option.
*/
- *lenp = ucp - inp; /* Compute output length */
+ switch (rc) {
+ case CONFACK:
+ *lenp = next - inp;
+ break;
+ case CONFNAK:
+ /*
+ * Copy the Nak'd options from the nak_buffer to the caller's buffer.
+ */
+ *lenp = nakp - nak_buffer;
+ BCOPY(nak_buffer, inp, *lenp);
+ break;
+ case CONFREJ:
+ *lenp = rejp - inp;
+ break;
+ }
+
LCPDEBUG((LOG_INFO, "lcp_reqci: returning CONF%s.", CODENAME(rc)));
return (rc); /* Return final code */
}
/* If a timeout interval is specified then start the timer */
if (lcp_echo_interval != 0)
LcpEchoCheck (f);
+#ifdef _linux_
+ /* If a idle time limit is given then start it */
+ if (idle_time_limit != 0)
+ RestartIdleTimer (f);
+#endif
}
/*
UNTIMEOUT (LcpEchoTimeout, (caddr_t) f);
lcp_echo_timer_running = 0;
}
+#ifdef _linux_
+ /* If a idle time limit is running then stop it */
+ if (idle_timer_running != 0) {
+ UNTIMEOUT (IdleTimeCheck, (caddr_t) f);
+ idle_timer_running = 0;
+ }
+#endif
}