X-Git-Url: https://git.ozlabs.org/?p=ppp.git;a=blobdiff_plain;f=pppd%2Flcp.c;h=ac5d5ce6488416afefde82633d969c7bc352a502;hp=d67a7418bacf2269c409a101ff771115cf9dfbd1;hb=e712ba49ba8dd497958d415e988bf93008c8fbb4;hpb=d5030f3ade169bd17294fd71ed076b90330db672 diff --git a/pppd/lcp.c b/pppd/lcp.c index d67a741..ac5d5ce 100644 --- a/pppd/lcp.c +++ b/pppd/lcp.c @@ -1,26 +1,43 @@ /* * lcp.c - PPP Link Control Protocol. * - * Copyright (c) 1989 Carnegie Mellon University. - * All rights reserved. + * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. * - * Redistribution and use in source and binary forms are permitted - * provided that the above copyright notice and this paragraph are - * duplicated in all such forms and that any documentation, - * advertising materials, and other materials related to such - * distribution and use acknowledge that the software was developed - * by Carnegie Mellon University. The name of the - * University may not be used to endorse or promote products derived - * from this software without specific prior written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#define RCSID "$Id: lcp.c,v 1.61 2002/09/12 22:51:06 paulus Exp $" - -/* - * TODO: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The name "Carnegie Mellon University" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For permission or any legal + * details, please contact + * Office of Technology Transfer + * Carnegie Mellon University + * 5000 Forbes Avenue + * Pittsburgh, PA 15213-3890 + * (412) 268-4387, fax: (412) 268-7395 + * tech-transfer@andrew.cmu.edu + * + * 4. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by Computing Services + * at Carnegie Mellon University (http://www.cmu.edu/computing/)." + * + * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE + * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include @@ -30,10 +47,9 @@ #include "pppd.h" #include "fsm.h" #include "lcp.h" -#include "chap.h" +#include "chap-new.h" #include "magic.h" -static const char rcsid[] = RCSID; /* * When the link comes up we want to be able to wait for a short while, @@ -43,22 +59,22 @@ static const char rcsid[] = RCSID; /* steal a bit in fsm flags word */ #define DELAYED_UP 0x100 -static void lcp_delayed_up __P((void *)); +static void lcp_delayed_up(void *); /* * LCP-related command-line options. */ int lcp_echo_interval = 0; /* Interval between LCP echo-requests */ int lcp_echo_fails = 0; /* Tolerance to unanswered echo-requests */ +bool lcp_echo_adaptive = 0; /* request echo only if the link was idle */ bool lax_recv = 0; /* accept control chars in asyncmap */ bool noendpoint = 0; /* don't send/accept endpoint discriminator */ -static int noopt __P((char **)); +static int noopt(char **); #ifdef HAVE_MULTILINK -static int setendpoint __P((char **)); -static void printendpoint __P((option_t *, void (*)(void *, char *, ...), - void *)); +static int setendpoint(char **); +static void printendpoint(option_t *, void (*)(void *, char *, ...), void *); #endif /* HAVE_MULTILINK */ static option_t lcp_option_list[] = { @@ -128,6 +144,8 @@ static option_t lcp_option_list[] = { OPT_PRIO }, { "lcp-echo-interval", o_int, &lcp_echo_interval, "Set time in seconds between LCP echo requests", OPT_PRIO }, + { "lcp-echo-adaptive", o_bool, &lcp_echo_adaptive, + "Suppress LCP echo requests if traffic was received", 1 }, { "lcp-restart", o_int, &lcp_fsm[0].timeouttime, "Set time in seconds between LCP retransmissions", OPT_PRIO }, { "lcp-max-terminate", o_int, &lcp_fsm[0].maxtermtransmits, @@ -179,31 +197,31 @@ static u_char nak_buffer[PPP_MRU]; /* where we construct a nak packet */ /* * Callbacks for fsm code. (CI = Configuration Information) */ -static void lcp_resetci __P((fsm *)); /* Reset our CI */ -static int lcp_cilen __P((fsm *)); /* Return length of our CI */ -static void lcp_addci __P((fsm *, u_char *, int *)); /* Add our CI to pkt */ -static int lcp_ackci __P((fsm *, u_char *, int)); /* Peer ack'd our CI */ -static int lcp_nakci __P((fsm *, u_char *, int)); /* Peer nak'd our CI */ -static int lcp_rejci __P((fsm *, u_char *, int)); /* Peer rej'd our CI */ -static int lcp_reqci __P((fsm *, u_char *, int *, int)); /* Rcv peer CI */ -static void lcp_up __P((fsm *)); /* We're UP */ -static void lcp_down __P((fsm *)); /* We're DOWN */ -static void lcp_starting __P((fsm *)); /* We need lower layer up */ -static void lcp_finished __P((fsm *)); /* We need lower layer down */ -static int lcp_extcode __P((fsm *, int, int, u_char *, int)); -static void lcp_rprotrej __P((fsm *, u_char *, int)); +static void lcp_resetci(fsm *); /* Reset our CI */ +static int lcp_cilen(fsm *); /* Return length of our CI */ +static void lcp_addci(fsm *, u_char *, int *); /* Add our CI to pkt */ +static int lcp_ackci(fsm *, u_char *, int); /* Peer ack'd our CI */ +static int lcp_nakci(fsm *, u_char *, int, int); /* Peer nak'd our CI */ +static int lcp_rejci(fsm *, u_char *, int); /* Peer rej'd our CI */ +static int lcp_reqci(fsm *, u_char *, int *, int); /* Rcv peer CI */ +static void lcp_up(fsm *); /* We're UP */ +static void lcp_down(fsm *); /* We're DOWN */ +static void lcp_starting(fsm *); /* We need lower layer up */ +static void lcp_finished(fsm *); /* We need lower layer down */ +static int lcp_extcode(fsm *, int, int, u_char *, int); +static void lcp_rprotrej(fsm *, u_char *, int); /* * routines to send LCP echos to peer */ -static void lcp_echo_lowerup __P((int)); -static void lcp_echo_lowerdown __P((int)); -static void LcpEchoTimeout __P((void *)); -static void lcp_received_echo_reply __P((fsm *, int, u_char *, int)); -static void LcpSendEchoRequest __P((fsm *)); -static void LcpLinkFailure __P((fsm *)); -static void LcpEchoCheck __P((fsm *)); +static void lcp_echo_lowerup(int); +static void lcp_echo_lowerdown(int); +static void LcpEchoTimeout(void *); +static void lcp_received_echo_reply(fsm *, int, u_char *, int); +static void LcpSendEchoRequest(fsm *); +static void LcpLinkFailure(fsm *); +static void LcpEchoCheck(fsm *); static fsm_callbacks lcp_callbacks = { /* LCP callback routines */ lcp_resetci, /* Reset our Configuration Information */ @@ -228,11 +246,10 @@ static fsm_callbacks lcp_callbacks = { /* LCP callback routines */ * Some of these are called directly. */ -static void lcp_init __P((int)); -static void lcp_input __P((int, u_char *, int)); -static void lcp_protrej __P((int)); -static int lcp_printpkt __P((u_char *, int, - void (*) __P((void *, char *, ...)), void *)); +static void lcp_init(int); +static void lcp_input(int, u_char *, int); +static void lcp_protrej(int); +static int lcp_printpkt(u_char *, int, void (*)(void *, char *, ...), void *); struct protent lcp_protent = { PPP_LCP, @@ -274,8 +291,7 @@ int lcp_loopbackfail = DEFLOOPBACKFAIL; * noopt - Disable all options (why?). */ static int -noopt(argv) - char **argv; +noopt(char **argv) { BZERO((char *) &lcp_wantoptions[0], sizeof (struct lcp_options)); BZERO((char *) &lcp_allowoptions[0], sizeof (struct lcp_options)); @@ -285,8 +301,7 @@ noopt(argv) #ifdef HAVE_MULTILINK static int -setendpoint(argv) - char **argv; +setendpoint(char **argv) { if (str_to_epdisc(&lcp_wantoptions[0].endpoint, *argv)) { lcp_wantoptions[0].neg_endpoint = 1; @@ -297,10 +312,7 @@ setendpoint(argv) } static void -printendpoint(opt, printer, arg) - option_t *opt; - void (*printer) __P((void *, char *, ...)); - void *arg; +printendpoint(option_t *opt, void (*printer)(void *, char *, ...), void *arg) { printer(arg, "%s", epdisc_to_str(&lcp_wantoptions[0].endpoint)); } @@ -310,8 +322,7 @@ printendpoint(opt, printer, arg) * lcp_init - Initialize LCP. */ static void -lcp_init(unit) - int unit; +lcp_init(int unit) { fsm *f = &lcp_fsm[unit]; lcp_options *wo = &lcp_wantoptions[unit]; @@ -336,14 +347,12 @@ lcp_init(unit) ao->mru = MAXMRU; ao->neg_asyncmap = 1; ao->neg_chap = 1; - ao->chap_mdtype = MDTYPE_ALL; + ao->chap_mdtype = chap_mdtype_all; ao->neg_upap = 1; + ao->neg_eap = 1; ao->neg_magicnumber = 1; ao->neg_pcompression = 1; ao->neg_accompression = 1; -#ifdef CBCP_SUPPORT - ao->neg_cbcp = 1; -#endif ao->neg_endpoint = 1; } @@ -352,8 +361,7 @@ lcp_init(unit) * lcp_open - LCP is allowed to come up. */ void -lcp_open(unit) - int unit; +lcp_open(int unit) { fsm *f = &lcp_fsm[unit]; lcp_options *wo = &lcp_wantoptions[unit]; @@ -371,26 +379,32 @@ lcp_open(unit) * lcp_close - Take LCP down. */ void -lcp_close(unit, reason) - int unit; - char *reason; +lcp_close(int unit, char *reason) { fsm *f = &lcp_fsm[unit]; + int oldstate; - if (phase != PHASE_DEAD) + if (phase != PHASE_DEAD && phase != PHASE_MASTER) new_phase(PHASE_TERMINATE); - if (f->state == STOPPED && f->flags & (OPT_PASSIVE|OPT_SILENT)) { + + if (f->flags & DELAYED_UP) { + untimeout(lcp_delayed_up, f); + f->state = STOPPED; + } + oldstate = f->state; + + fsm_close(f, reason); + if (oldstate == STOPPED && f->flags & (OPT_PASSIVE|OPT_SILENT|DELAYED_UP)) { /* * This action is not strictly according to the FSM in RFC1548, * but it does mean that the program terminates if you do a - * lcp_close() in passive/silent mode when a connection hasn't - * been established. + * lcp_close() when a connection hasn't been established + * because we are in passive/silent mode or because we have + * delayed the fsm_lowerup() call and it hasn't happened yet. */ - f->state = CLOSED; + f->flags &= ~DELAYED_UP; lcp_finished(f); - - } else - fsm_close(&lcp_fsm[unit], reason); + } } @@ -398,8 +412,7 @@ lcp_close(unit, reason) * lcp_lowerup - The lower layer is up. */ void -lcp_lowerup(unit) - int unit; +lcp_lowerup(int unit) { lcp_options *wo = &lcp_wantoptions[unit]; fsm *f = &lcp_fsm[unit]; @@ -409,9 +422,10 @@ lcp_lowerup(unit) * but accept A/C and protocol compressed packets * if we are going to ask for A/C and protocol compression. */ - ppp_send_config(unit, PPP_MRU, 0xffffffff, 0, 0); - ppp_recv_config(unit, PPP_MRU, (lax_recv? 0: 0xffffffff), - wo->neg_pcompression, wo->neg_accompression); + if (ppp_send_config(unit, PPP_MRU, 0xffffffff, 0, 0) < 0 + || ppp_recv_config(unit, PPP_MRU, (lax_recv? 0: 0xffffffff), + wo->neg_pcompression, wo->neg_accompression) < 0) + return; peer_mru[unit] = PPP_MRU; if (listen_time != 0) { @@ -426,14 +440,14 @@ lcp_lowerup(unit) * lcp_lowerdown - The lower layer is down. */ void -lcp_lowerdown(unit) - int unit; +lcp_lowerdown(int unit) { fsm *f = &lcp_fsm[unit]; - if (f->flags & DELAYED_UP) + if (f->flags & DELAYED_UP) { f->flags &= ~DELAYED_UP; - else + untimeout(lcp_delayed_up, f); + } else fsm_lowerdown(&lcp_fsm[unit]); } @@ -442,8 +456,7 @@ lcp_lowerdown(unit) * lcp_delayed_up - Bring the lower layer up now. */ static void -lcp_delayed_up(arg) - void *arg; +lcp_delayed_up(void *arg) { fsm *f = arg; @@ -458,30 +471,23 @@ lcp_delayed_up(arg) * lcp_input - Input LCP packet. */ static void -lcp_input(unit, p, len) - int unit; - u_char *p; - int len; +lcp_input(int unit, u_char *p, int len) { fsm *f = &lcp_fsm[unit]; if (f->flags & DELAYED_UP) { f->flags &= ~DELAYED_UP; + untimeout(lcp_delayed_up, f); fsm_lowerup(f); } fsm_input(f, p, len); } - /* * lcp_extcode - Handle a LCP-specific code. */ static int -lcp_extcode(f, code, id, inp, len) - fsm *f; - int code, id; - u_char *inp; - int len; +lcp_extcode(fsm *f, int code, int id, u_char *inp, int len) { u_char *magp; @@ -503,6 +509,8 @@ lcp_extcode(f, code, id, inp, len) break; case DISCREQ: + case IDENTIF: + case TIMEREM: break; default: @@ -518,14 +526,12 @@ lcp_extcode(f, code, id, inp, len) * Figure out which protocol is rejected and inform it. */ static void -lcp_rprotrej(f, inp, len) - fsm *f; - u_char *inp; - int len; +lcp_rprotrej(fsm *f, u_char *inp, int len) { int i; struct protent *protp; u_short prot; + const char *pname; if (len < 2) { LCPDEBUG(("lcp_rprotrej: Rcvd short Protocol-Reject packet!")); @@ -543,16 +549,27 @@ lcp_rprotrej(f, inp, len) return; } + pname = protocol_name(prot); + /* * Upcall the proper Protocol-Reject routine. */ for (i = 0; (protp = protocols[i]) != NULL; ++i) if (protp->protocol == prot && protp->enabled_flag) { + if (pname == NULL) + dbglog("Protocol-Reject for 0x%x received", prot); + else + dbglog("Protocol-Reject for '%s' (0x%x) received", pname, + prot); (*protp->protrej)(f->unit); return; } - warn("Protocol-Reject for unsupported protocol 0x%x", prot); + if (pname == NULL) + warn("Protocol-Reject for unsupported protocol 0x%x", prot); + else + warn("Protocol-Reject for unsupported protocol '%s' (0x%x)", pname, + prot); } @@ -561,8 +578,7 @@ lcp_rprotrej(f, inp, len) */ /*ARGSUSED*/ static void -lcp_protrej(unit) - int unit; +lcp_protrej(int unit) { /* * Can't reject LCP! @@ -576,10 +592,7 @@ lcp_protrej(unit) * lcp_sprotrej - Send a Protocol-Reject for some protocol. */ void -lcp_sprotrej(unit, p, len) - int unit; - u_char *p; - int len; +lcp_sprotrej(int unit, u_char *p, int len) { /* * Send back the protocol and the information field of the @@ -597,8 +610,7 @@ lcp_sprotrej(unit, p, len) * lcp_resetci - Reset our CI. */ static void -lcp_resetci(f) - fsm *f; +lcp_resetci(fsm *f) { lcp_options *wo = &lcp_wantoptions[f->unit]; lcp_options *go = &lcp_gotoptions[f->unit]; @@ -623,8 +635,7 @@ lcp_resetci(f) * lcp_cilen - Return length of our CI. */ static int -lcp_cilen(f) - fsm *f; +lcp_cilen(fsm *f) { lcp_options *go = &lcp_gotoptions[f->unit]; @@ -635,13 +646,15 @@ lcp_cilen(f) #define LENCILQR(neg) ((neg) ? CILEN_LQR: 0) #define LENCICBCP(neg) ((neg) ? CILEN_CBCP: 0) /* - * NB: we only ask for one of CHAP and UPAP, even if we will - * accept either. + * NB: we only ask for one of CHAP, UPAP, or EAP, even if we will + * accept more than one. We prefer EAP first, then CHAP, then + * PAP. */ return (LENCISHORT(go->neg_mru && go->mru != DEFMRU) + LENCILONG(go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF) + - LENCICHAP(go->neg_chap) + - LENCISHORT(!go->neg_chap && go->neg_upap) + + LENCISHORT(go->neg_eap) + + LENCICHAP(!go->neg_eap && go->neg_chap) + + LENCISHORT(!go->neg_eap && !go->neg_chap && go->neg_upap) + LENCILQR(go->neg_lqr) + LENCICBCP(go->neg_cbcp) + LENCILONG(go->neg_magicnumber) + @@ -657,10 +670,7 @@ lcp_cilen(f) * lcp_addci - Add our desired CIs to a packet. */ static void -lcp_addci(f, ucp, lenp) - fsm *f; - u_char *ucp; - int *lenp; +lcp_addci(fsm *f, u_char *ucp, int *lenp) { lcp_options *go = &lcp_gotoptions[f->unit]; u_char *start_ucp = ucp; @@ -676,12 +686,12 @@ lcp_addci(f, ucp, lenp) PUTCHAR(CILEN_SHORT, ucp); \ PUTSHORT(val, ucp); \ } -#define ADDCICHAP(opt, neg, val, digest) \ +#define ADDCICHAP(opt, neg, val) \ if (neg) { \ PUTCHAR((opt), ucp); \ PUTCHAR(CILEN_CHAP, ucp); \ - PUTSHORT((val), ucp); \ - PUTCHAR((digest), ucp); \ + PUTSHORT(PPP_CHAP, ucp); \ + PUTCHAR((CHAP_DIGEST(val)), ucp); \ } #define ADDCILONG(opt, neg, val) \ if (neg) { \ @@ -715,8 +725,10 @@ lcp_addci(f, ucp, lenp) ADDCISHORT(CI_MRU, go->neg_mru && go->mru != DEFMRU, go->mru); ADDCILONG(CI_ASYNCMAP, go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF, go->asyncmap); - ADDCICHAP(CI_AUTHTYPE, go->neg_chap, PPP_CHAP,CHAP_DIGEST(go->chap_mdtype)); - ADDCISHORT(CI_AUTHTYPE, !go->neg_chap && go->neg_upap, PPP_PAP); + ADDCISHORT(CI_AUTHTYPE, go->neg_eap, PPP_EAP); + ADDCICHAP(CI_AUTHTYPE, !go->neg_eap && go->neg_chap, go->chap_mdtype); + ADDCISHORT(CI_AUTHTYPE, !go->neg_eap && !go->neg_chap && go->neg_upap, + PPP_PAP); ADDCILQR(CI_QUALITY, go->neg_lqr, go->lqr_period); ADDCICHAR(CI_CALLBACK, go->neg_cbcp, CBCP_OPT); ADDCILONG(CI_MAGICNUMBER, go->neg_magicnumber, go->magicnumber); @@ -743,10 +755,7 @@ lcp_addci(f, ucp, lenp) * 1 - Ack was good. */ static int -lcp_ackci(f, p, len) - fsm *f; - u_char *p; - int len; +lcp_ackci(fsm *f, u_char *p, int len) { lcp_options *go = &lcp_gotoptions[f->unit]; u_char cilen, citype, cichar; @@ -794,7 +803,7 @@ lcp_ackci(f, p, len) if (cichar != val) \ goto bad; \ } -#define ACKCICHAP(opt, neg, val, digest) \ +#define ACKCICHAP(opt, neg, val) \ if (neg) { \ if ((len -= CILEN_CHAP) < 0) \ goto bad; \ @@ -804,10 +813,10 @@ lcp_ackci(f, p, len) citype != (opt)) \ goto bad; \ GETSHORT(cishort, p); \ - if (cishort != (val)) \ + if (cishort != PPP_CHAP) \ goto bad; \ GETCHAR(cichar, p); \ - if (cichar != (digest)) \ + if (cichar != (CHAP_DIGEST(val))) \ goto bad; \ } #define ACKCILONG(opt, neg, val) \ @@ -862,8 +871,10 @@ lcp_ackci(f, p, len) ACKCISHORT(CI_MRU, go->neg_mru && go->mru != DEFMRU, go->mru); ACKCILONG(CI_ASYNCMAP, go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF, go->asyncmap); - ACKCICHAP(CI_AUTHTYPE, go->neg_chap, PPP_CHAP,CHAP_DIGEST(go->chap_mdtype)); - ACKCISHORT(CI_AUTHTYPE, !go->neg_chap && go->neg_upap, PPP_PAP); + ACKCISHORT(CI_AUTHTYPE, go->neg_eap, PPP_EAP); + ACKCICHAP(CI_AUTHTYPE, !go->neg_eap && go->neg_chap, go->chap_mdtype); + ACKCISHORT(CI_AUTHTYPE, !go->neg_eap && !go->neg_chap && go->neg_upap, + PPP_PAP); ACKCILQR(CI_QUALITY, go->neg_lqr, go->lqr_period); ACKCICHAR(CI_CALLBACK, go->neg_cbcp, CBCP_OPT); ACKCILONG(CI_MAGICNUMBER, go->neg_magicnumber, go->magicnumber); @@ -896,10 +907,7 @@ bad: * 1 - Nak was good. */ static int -lcp_nakci(f, p, len) - fsm *f; - u_char *p; - int len; +lcp_nakci(fsm *f, u_char *p, int len, int treat_as_reject) { lcp_options *go = &lcp_gotoptions[f->unit]; lcp_options *wo = &lcp_wantoptions[f->unit]; @@ -998,6 +1006,10 @@ lcp_nakci(f, p, len) try.neg = 0; \ } + /* + * NOTE! There must be no assignments to individual fields of *go in + * the code below. Any such assignment is a BUG! + */ /* * We don't care if they want to send us smaller packets than * we want. Therefore, accept any MRU less than what we asked for, @@ -1026,28 +1038,40 @@ lcp_nakci(f, p, len) * they are proposing a different protocol, or a different * hash algorithm for CHAP. */ - if ((go->neg_chap || go->neg_upap) + if ((go->neg_chap || go->neg_upap || go->neg_eap) && len >= CILEN_SHORT && p[0] == CI_AUTHTYPE && p[1] >= CILEN_SHORT && p[1] <= len) { cilen = p[1]; len -= cilen; no.neg_chap = go->neg_chap; no.neg_upap = go->neg_upap; + no.neg_eap = go->neg_eap; INCPTR(2, p); GETSHORT(cishort, p); if (cishort == PPP_PAP && cilen == CILEN_SHORT) { + /* If we were asking for EAP, then we need to stop that. */ + if (go->neg_eap) + try.neg_eap = 0; + + /* If we were asking for CHAP, then we need to stop that. */ + else if (go->neg_chap) + try.neg_chap = 0; /* - * If we were asking for CHAP, they obviously don't want to do it. - * If we weren't asking for CHAP, then we were asking for PAP, - * in which case this Nak is bad. + * If we weren't asking for CHAP or EAP, then we were asking for + * PAP, in which case this Nak is bad. */ - if (!go->neg_chap) + else goto bad; - try.neg_chap = 0; } else if (cishort == PPP_CHAP && cilen == CILEN_CHAP) { GETCHAR(cichar, p); - if (go->neg_chap) { + /* Stop asking for EAP, if we were. */ + if (go->neg_eap) { + try.neg_eap = 0; + /* Try to set up to use their suggestion, if possible */ + if (CHAP_CANDIGEST(go->chap_mdtype, cichar)) + try.chap_mdtype = CHAP_MDTYPE_D(cichar); + } else if (go->neg_chap) { /* * We were asking for our preferred algorithm, they must * want something different. @@ -1055,11 +1079,11 @@ lcp_nakci(f, p, len) if (cichar != CHAP_DIGEST(go->chap_mdtype)) { if (CHAP_CANDIGEST(go->chap_mdtype, cichar)) { /* Use their suggestion if we support it ... */ - go->chap_mdtype = CHAP_MDTYPE_D(cichar); + try.chap_mdtype = CHAP_MDTYPE_D(cichar); } else { /* ... otherwise, try our next-preferred algorithm. */ - go->chap_mdtype &= ~(CHAP_MDTYPE(go->chap_mdtype)); - if (go->chap_mdtype == MDTYPE_NONE) /* out of algos */ + try.chap_mdtype &= ~(CHAP_MDTYPE(try.chap_mdtype)); + if (try.chap_mdtype == MDTYPE_NONE) /* out of algos */ try.neg_chap = 0; } } else { @@ -1077,11 +1101,21 @@ lcp_nakci(f, p, len) } } else { + + /* + * If we were asking for EAP, and they're Conf-Naking EAP, + * well, that's just strange. Nobody should do that. + */ + if (cishort == PPP_EAP && cilen == CILEN_SHORT && go->neg_eap) + dbglog("Unexpected Conf-Nak for EAP"); + /* * We don't recognize what they're suggesting. * Stop asking for what we were asking for. */ - if (go->neg_chap) + if (go->neg_eap) + try.neg_eap = 0; + else if (go->neg_chap) try.neg_chap = 0; else try.neg_upap = 0; @@ -1130,7 +1164,9 @@ lcp_nakci(f, p, len) */ if (go->neg_mrru) { NAKCISHORT(CI_MRRU, neg_mrru, - if (cishort <= wo->mrru) + if (treat_as_reject) + try.neg_mrru = 0; + else if (cishort <= wo->mrru) try.mrru = cishort; ); } @@ -1163,7 +1199,7 @@ lcp_nakci(f, p, len) * An option we don't recognize represents the peer asking to * negotiate some option we don't support, so ignore it. */ - while (len > CILEN_VOID) { + while (len >= CILEN_VOID) { GETCHAR(citype, p); GETCHAR(cilen, p); if (cilen < CILEN_VOID || (len -= cilen) < 0) @@ -1187,7 +1223,8 @@ lcp_nakci(f, p, len) goto bad; break; case CI_AUTHTYPE: - if (go->neg_chap || no.neg_chap || go->neg_upap || no.neg_upap) + if (go->neg_chap || no.neg_chap || go->neg_upap || no.neg_upap || + go->neg_eap || no.neg_eap) goto bad; break; case CI_MAGICNUMBER: @@ -1234,8 +1271,8 @@ lcp_nakci(f, p, len) if (looped_back) { if (++try.numloops >= lcp_loopbackfail) { notice("Serial line is looped back."); - lcp_close(f->unit, "Loopback detected"); status = EXIT_LOOPBACK; + lcp_close(f->unit, "Loopback detected"); } } else try.numloops = 0; @@ -1260,10 +1297,7 @@ bad: * 1 - Reject was good. */ static int -lcp_rejci(f, p, len) - fsm *f; - u_char *p; - int len; +lcp_rejci(fsm *f, u_char *p, int len) { lcp_options *go = &lcp_gotoptions[f->unit]; u_char cichar; @@ -1300,7 +1334,7 @@ lcp_rejci(f, p, len) goto bad; \ try.neg = 0; \ } -#define REJCICHAP(opt, neg, val, digest) \ +#define REJCICHAP(opt, neg, val) \ if (go->neg && \ len >= CILEN_CHAP && \ p[1] == CILEN_CHAP && \ @@ -1310,10 +1344,10 @@ lcp_rejci(f, p, len) GETSHORT(cishort, p); \ GETCHAR(cichar, p); \ /* Check rejected value. */ \ - if ((cishort != (val)) || (cichar != (digest))) \ + if ((cishort != PPP_CHAP) || (cichar != (CHAP_DIGEST(val)))) \ goto bad; \ try.neg = 0; \ - try.neg_upap = 0; \ + try.neg_eap = try.neg_upap = 0; \ } #define REJCILONG(opt, neg, val) \ if (go->neg && \ @@ -1376,9 +1410,12 @@ lcp_rejci(f, p, len) REJCISHORT(CI_MRU, neg_mru, go->mru); REJCILONG(CI_ASYNCMAP, neg_asyncmap, go->asyncmap); - REJCICHAP(CI_AUTHTYPE, neg_chap, PPP_CHAP, CHAP_DIGEST(go->chap_mdtype)); - if (!go->neg_chap) { - REJCISHORT(CI_AUTHTYPE, neg_upap, PPP_PAP); + REJCISHORT(CI_AUTHTYPE, neg_eap, PPP_EAP); + if (!go->neg_eap) { + REJCICHAP(CI_AUTHTYPE, neg_chap, go->chap_mdtype); + if (!go->neg_chap) { + REJCISHORT(CI_AUTHTYPE, neg_upap, PPP_PAP); + } } REJCILQR(CI_QUALITY, neg_lqr, go->lqr_period); REJCICBCP(CI_CALLBACK, neg_cbcp, CBCP_OPT); @@ -1416,11 +1453,7 @@ bad: * CONFNAK; returns CONFREJ if it can't return CONFACK. */ static int -lcp_reqci(f, inp, lenp, reject_if_disagree) - fsm *f; - u_char *inp; /* Requested CIs */ - int *lenp; /* Length of requested CIs */ - int reject_if_disagree; +lcp_reqci(fsm *f, u_char *inp, int *lenp, int reject_if_disagree) { lcp_options *go = &lcp_gotoptions[f->unit]; lcp_options *ho = &lcp_hisoptions[f->unit]; @@ -1515,56 +1548,68 @@ lcp_reqci(f, inp, lenp, reject_if_disagree) case CI_AUTHTYPE: if (cilen < CILEN_SHORT || - !(ao->neg_upap || ao->neg_chap)) { + !(ao->neg_upap || ao->neg_chap || ao->neg_eap)) { /* * Reject the option if we're not willing to authenticate. */ + dbglog("No auth is possible"); orc = CONFREJ; break; } GETSHORT(cishort, p); /* - * Authtype must be PAP or CHAP. + * Authtype must be PAP, CHAP, or EAP. * - * Note: if both ao->neg_upap and ao->neg_chap are set, - * and the peer sends a Configure-Request with two - * authenticate-protocol requests, one for CHAP and one - * for UPAP, then we will reject the second request. - * Whether we end up doing CHAP or UPAP depends then on + * Note: if more than one of ao->neg_upap, ao->neg_chap, and + * ao->neg_eap are set, and the peer sends a Configure-Request + * with two or more authenticate-protocol requests, then we will + * reject the second request. + * Whether we end up doing CHAP, UPAP, or EAP depends then on * the ordering of the CIs in the peer's Configure-Request. */ if (cishort == PPP_PAP) { - if (ho->neg_chap || /* we've already accepted CHAP */ + /* we've already accepted CHAP or EAP */ + if (ho->neg_chap || ho->neg_eap || cilen != CILEN_SHORT) { LCPDEBUG(("lcp_reqci: rcvd AUTHTYPE PAP, rejecting...")); orc = CONFREJ; break; } if (!ao->neg_upap) { /* we don't want to do PAP */ - orc = CONFNAK; /* NAK it and suggest CHAP */ + orc = CONFNAK; /* NAK it and suggest CHAP or EAP */ PUTCHAR(CI_AUTHTYPE, nakp); - PUTCHAR(CILEN_CHAP, nakp); - PUTSHORT(PPP_CHAP, nakp); - PUTCHAR(CHAP_DIGEST(ao->chap_mdtype), nakp); + if (ao->neg_eap) { + PUTCHAR(CILEN_SHORT, nakp); + PUTSHORT(PPP_EAP, nakp); + } else { + PUTCHAR(CILEN_CHAP, nakp); + PUTSHORT(PPP_CHAP, nakp); + PUTCHAR(CHAP_DIGEST(ao->chap_mdtype), nakp); + } break; } ho->neg_upap = 1; break; } if (cishort == PPP_CHAP) { - if (ho->neg_upap || /* we've already accepted PAP */ + /* we've already accepted PAP or EAP */ + if (ho->neg_upap || ho->neg_eap || cilen != CILEN_CHAP) { LCPDEBUG(("lcp_reqci: rcvd AUTHTYPE CHAP, rejecting...")); orc = CONFREJ; break; } if (!ao->neg_chap) { /* we don't want to do CHAP */ - orc = CONFNAK; /* NAK it and suggest PAP */ + orc = CONFNAK; /* NAK it and suggest EAP or PAP */ PUTCHAR(CI_AUTHTYPE, nakp); PUTCHAR(CILEN_SHORT, nakp); - PUTSHORT(PPP_PAP, nakp); + if (ao->neg_eap) { + PUTSHORT(PPP_EAP, nakp); + } else { + PUTSHORT(PPP_PAP, nakp); + } break; } GETCHAR(cichar, p); /* get digest type */ @@ -1584,15 +1629,42 @@ lcp_reqci(f, inp, lenp, reject_if_disagree) ho->neg_chap = 1; break; } + if (cishort == PPP_EAP) { + /* we've already accepted CHAP or PAP */ + if (ho->neg_chap || ho->neg_upap || cilen != CILEN_SHORT) { + LCPDEBUG(("lcp_reqci: rcvd AUTHTYPE EAP, rejecting...")); + orc = CONFREJ; + break; + } + if (!ao->neg_eap) { /* we don't want to do EAP */ + orc = CONFNAK; /* NAK it and suggest CHAP or PAP */ + PUTCHAR(CI_AUTHTYPE, nakp); + if (ao->neg_chap) { + PUTCHAR(CILEN_CHAP, nakp); + PUTSHORT(PPP_CHAP, nakp); + PUTCHAR(CHAP_DIGEST(ao->chap_mdtype), nakp); + } else { + PUTCHAR(CILEN_SHORT, nakp); + PUTSHORT(PPP_PAP, nakp); + } + break; + } + ho->neg_eap = 1; + break; + } /* * We don't recognize the protocol they're asking for. * Nak it with something we're willing to do. - * (At this point we know ao->neg_upap || ao->neg_chap.) + * (At this point we know ao->neg_upap || ao->neg_chap || + * ao->neg_eap.) */ orc = CONFNAK; PUTCHAR(CI_AUTHTYPE, nakp); - if (ao->neg_chap) { + if (ao->neg_eap) { + PUTCHAR(CILEN_SHORT, nakp); + PUTSHORT(PPP_EAP, nakp); + } else if (ao->neg_chap) { PUTCHAR(CILEN_CHAP, nakp); PUTSHORT(PPP_CHAP, nakp); PUTCHAR(CHAP_DIGEST(ao->chap_mdtype), nakp); @@ -1768,8 +1840,7 @@ endswitch: * lcp_up - LCP has come UP. */ static void -lcp_up(f) - fsm *f; +lcp_up(fsm *f) { lcp_options *wo = &lcp_wantoptions[f->unit]; lcp_options *ho = &lcp_hisoptions[f->unit]; @@ -1819,8 +1890,7 @@ lcp_up(f) * Alert other protocols. */ static void -lcp_down(f) - fsm *f; +lcp_down(fsm *f) { lcp_options *go = &lcp_gotoptions[f->unit]; @@ -1840,8 +1910,7 @@ lcp_down(f) * lcp_starting - LCP needs the lower layer up. */ static void -lcp_starting(f) - fsm *f; +lcp_starting(fsm *f) { link_required(f->unit); } @@ -1851,8 +1920,7 @@ lcp_starting(f) * lcp_finished - LCP has finished with the lower layer. */ static void -lcp_finished(f) - fsm *f; +lcp_finished(fsm *f) { link_terminated(f->unit); } @@ -1864,15 +1932,12 @@ lcp_finished(f) static char *lcp_codenames[] = { "ConfReq", "ConfAck", "ConfNak", "ConfRej", "TermReq", "TermAck", "CodeRej", "ProtRej", - "EchoReq", "EchoRep", "DiscReq" + "EchoReq", "EchoRep", "DiscReq", "Ident", + "TimeRem" }; static int -lcp_printpkt(p, plen, printer, arg) - u_char *p; - int plen; - void (*printer) __P((void *, char *, ...)); - void *arg; +lcp_printpkt(u_char *p, int plen, void (*printer)(void *, char *, ...), void *arg) { int code, id, len, olen, i; u_char *pstart, *optend; @@ -1938,11 +2003,10 @@ lcp_printpkt(p, plen, printer, arg) printer(arg, "chap"); if (p < optend) { switch (*p) { - case CHAP_DIGEST_MD5: + case CHAP_MD5: printer(arg, " MD5"); ++p; break; -#ifdef CHAPMS case CHAP_MICROSOFT: printer(arg, " MS"); ++p; @@ -1952,10 +2016,12 @@ lcp_printpkt(p, plen, printer, arg) printer(arg, " MS-v2"); ++p; break; -#endif } } break; + case PPP_EAP: + printer(arg, "eap"); + break; default: printer(arg, "0x%x", cishort); } @@ -2065,10 +2131,31 @@ lcp_printpkt(p, plen, printer, arg) if (len >= 4) { GETLONG(cilong, p); printer(arg, " magic=0x%x", cilong); - p += 4; len -= 4; } break; + + case IDENTIF: + case TIMEREM: + if (len >= 4) { + GETLONG(cilong, p); + printer(arg, " magic=0x%x", cilong); + len -= 4; + } + if (code == TIMEREM) { + if (len < 4) + break; + GETLONG(cilong, p); + printer(arg, " seconds=%u", cilong); + len -= 4; + } + if (len > 0) { + printer(arg, " "); + print_string((char *)p, len, printer, arg); + p += len; + len = 0; + } + break; } /* print the rest of the bytes in the packet */ @@ -2089,14 +2176,13 @@ lcp_printpkt(p, plen, printer, arg) */ static -void LcpLinkFailure (f) - fsm *f; +void LcpLinkFailure (fsm *f) { if (f->state == OPENED) { info("No response to %d echo-requests", lcp_echos_pending); notice("Serial link appears to be disconnected."); - lcp_close(f->unit, "Peer not responding"); status = EXIT_PEER_DEAD; + lcp_close(f->unit, "Peer not responding"); } } @@ -2105,8 +2191,7 @@ void LcpLinkFailure (f) */ static void -LcpEchoCheck (f) - fsm *f; +LcpEchoCheck (fsm *f) { LcpSendEchoRequest (f); if (f->state != OPENED) @@ -2126,8 +2211,7 @@ LcpEchoCheck (f) */ static void -LcpEchoTimeout (arg) - void *arg; +LcpEchoTimeout (void *arg) { if (lcp_echo_timer_running != 0) { lcp_echo_timer_running = 0; @@ -2140,11 +2224,7 @@ LcpEchoTimeout (arg) */ static void -lcp_received_echo_reply (f, id, inp, len) - fsm *f; - int id; - u_char *inp; - int len; +lcp_received_echo_reply (fsm *f, int id, u_char *inp, int len) { u_int32_t magic; @@ -2169,8 +2249,7 @@ lcp_received_echo_reply (f, id, inp, len) */ static void -LcpSendEchoRequest (f) - fsm *f; +LcpSendEchoRequest (fsm *f) { u_int32_t lcp_magic; u_char pkt[4], *pktp; @@ -2185,6 +2264,20 @@ LcpSendEchoRequest (f) } } + /* + * If adaptive echos have been enabled, only send the echo request if + * no traffic was received since the last one. + */ + if (lcp_echo_adaptive) { + static unsigned int last_pkts_in = 0; + struct pppd_stats cur_stats; + + if (get_ppp_stats(f->unit, &cur_stats) && cur_stats.pkts_in != last_pkts_in) { + last_pkts_in = cur_stats.pkts_in; + return; + } + } + /* * Make and send the echo request frame. */ @@ -2202,8 +2295,7 @@ LcpSendEchoRequest (f) */ static void -lcp_echo_lowerup (unit) - int unit; +lcp_echo_lowerup (int unit) { fsm *f = &lcp_fsm[unit]; @@ -2222,8 +2314,7 @@ lcp_echo_lowerup (unit) */ static void -lcp_echo_lowerdown (unit) - int unit; +lcp_echo_lowerdown (int unit) { fsm *f = &lcp_fsm[unit];