1 /*-
2  * Copyright (c) 1996 - 2001 Brian Somers <brian@Awfulhak.org>
3  *          based on work by Toshiharu OHNO <tony-o@iij.ad.jp>
4  *                           Internet Initiative Japan, Inc (IIJ)
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  *
28  * $OpenBSD: fsm.c,v 1.24 2005/07/17 20:24:45 brad Exp $
29  */
30 
31 #include <sys/param.h>
32 #include <netinet/in.h>
33 #include <netinet/in_systm.h>
34 #include <netinet/ip.h>
35 #include <sys/socket.h>
36 #include <sys/un.h>
37 
38 #include <string.h>
39 #include <termios.h>
40 
41 #include "layer.h"
42 #include "ua.h"
43 #include "mbuf.h"
44 #include "log.h"
45 #include "defs.h"
46 #include "timer.h"
47 #include "fsm.h"
48 #include "iplist.h"
49 #include "lqr.h"
50 #include "hdlc.h"
51 #include "throughput.h"
52 #include "slcompress.h"
53 #include "ncpaddr.h"
54 #include "ipcp.h"
55 #include "filter.h"
56 #include "descriptor.h"
57 #include "lcp.h"
58 #include "ccp.h"
59 #include "link.h"
60 #include "mp.h"
61 #ifndef NORADIUS
62 #include "radius.h"
63 #endif
64 #include "ipv6cp.h"
65 #include "ncp.h"
66 #include "bundle.h"
67 #include "async.h"
68 #include "physical.h"
69 #include "proto.h"
70 
71 __RCSID("$MirOS: src/usr.sbin/ppp/ppp/fsm.c,v 1.3 2005/12/04 15:02:26 tg Exp $");
72 
73 static void FsmSendConfigReq(struct fsm *);
74 static void FsmSendTerminateReq(struct fsm *);
75 static void FsmInitRestartCounter(struct fsm *, int);
76 
77 typedef void (recvfn)(struct fsm *, struct fsmheader *, struct mbuf *);
78 static recvfn FsmRecvConfigReq, FsmRecvConfigAck, FsmRecvConfigNak,
79               FsmRecvConfigRej, FsmRecvTermReq, FsmRecvTermAck,
80               FsmRecvCodeRej, FsmRecvProtoRej, FsmRecvEchoReq,
81               FsmRecvEchoRep, FsmRecvDiscReq, FsmRecvIdent,
82               FsmRecvTimeRemain, FsmRecvResetReq, FsmRecvResetAck;
83 
84 static const struct fsmcodedesc {
85   recvfn *recv;
86   unsigned check_reqid : 1;
87   unsigned inc_reqid : 1;
88   const char *name;
89 } FsmCodes[] = {
90   { FsmRecvConfigReq, 0, 0, "ConfigReq"    },
91   { FsmRecvConfigAck, 1, 1, "ConfigAck"    },
92   { FsmRecvConfigNak, 1, 1, "ConfigNak"    },
93   { FsmRecvConfigRej, 1, 1, "ConfigRej"    },
94   { FsmRecvTermReq,   0, 0, "TerminateReq" },
95   { FsmRecvTermAck,   1, 1, "TerminateAck" },
96   { FsmRecvCodeRej,   0, 0, "CodeRej"      },
97   { FsmRecvProtoRej,  0, 0, "ProtocolRej"  },
98   { FsmRecvEchoReq,   0, 0, "EchoRequest"  },
99   { FsmRecvEchoRep,   0, 0, "EchoReply"    },
100   { FsmRecvDiscReq,   0, 0, "DiscardReq"   },
101   { FsmRecvIdent,     0, 1, "Ident"        },
102   { FsmRecvTimeRemain,0, 0, "TimeRemain"   },
103   { FsmRecvResetReq,  0, 0, "ResetReq"     },
104   { FsmRecvResetAck,  0, 1, "ResetAck"     }
105 };
106 
107 static const char *
Code2Nam(u_int code)108 Code2Nam(u_int code)
109 {
110   if (code == 0 || code > sizeof FsmCodes / sizeof FsmCodes[0])
111     return "Unknown";
112   return FsmCodes[code-1].name;
113 }
114 
115 const char *
State2Nam(u_int state)116 State2Nam(u_int state)
117 {
118   static const char * const StateNames[] = {
119     "Initial", "Starting", "Closed", "Stopped", "Closing", "Stopping",
120     "Req-Sent", "Ack-Rcvd", "Ack-Sent", "Opened",
121   };
122 
123   if (state >= sizeof StateNames / sizeof StateNames[0])
124     return "unknown";
125   return StateNames[state];
126 }
127 
128 static void
StoppedTimeout(void * v)129 StoppedTimeout(void *v)
130 {
131   struct fsm *fp = (struct fsm *)v;
132 
133   log_Printf(fp->LogLevel, "%s: Stopped timer expired\n", fp->link->name);
134   if (fp->OpenTimer.state == TIMER_RUNNING) {
135     log_Printf(LogWARN, "%s: %s: aborting open delay due to stopped timer\n",
136               fp->link->name, fp->name);
137     timer_Stop(&fp->OpenTimer);
138   }
139   if (fp->state == ST_STOPPED)
140     fsm2initial(fp);
141 }
142 
143 void
fsm_Init(struct fsm * fp,const char * name,u_short proto,int mincode,int maxcode,int LogLevel,struct bundle * bundle,struct link * l,const struct fsm_parent * parent,struct fsm_callbacks * fn,const char * const timer_names[3])144 fsm_Init(struct fsm *fp, const char *name, u_short proto, int mincode,
145          int maxcode, int LogLevel, struct bundle *bundle,
146          struct link *l, const struct fsm_parent *parent,
147          struct fsm_callbacks *fn, const char * const timer_names[3])
148 {
149   fp->name = name;
150   fp->proto = proto;
151   fp->min_code = mincode;
152   fp->max_code = maxcode;
153   fp->state = fp->min_code > CODE_TERMACK ? ST_OPENED : ST_INITIAL;
154   fp->reqid = 1;
155   fp->restart = 1;
156   fp->more.reqs = fp->more.naks = fp->more.rejs = 3;
157   memset(&fp->FsmTimer, '\0', sizeof fp->FsmTimer);
158   memset(&fp->OpenTimer, '\0', sizeof fp->OpenTimer);
159   memset(&fp->StoppedTimer, '\0', sizeof fp->StoppedTimer);
160   fp->LogLevel = LogLevel;
161   fp->link = l;
162   fp->bundle = bundle;
163   fp->parent = parent;
164   fp->fn = fn;
165   fp->FsmTimer.name = timer_names[0];
166   fp->OpenTimer.name = timer_names[1];
167   fp->StoppedTimer.name = timer_names[2];
168 }
169 
170 static void
NewState(struct fsm * fp,int new)171 NewState(struct fsm *fp, int new)
172 {
173   log_Printf(fp->LogLevel, "%s: State change %s --> %s\n",
174              fp->link->name, State2Nam(fp->state), State2Nam(new));
175   if (fp->state == ST_STOPPED && fp->StoppedTimer.state == TIMER_RUNNING)
176     timer_Stop(&fp->StoppedTimer);
177   fp->state = new;
178   if ((new >= ST_INITIAL && new <= ST_STOPPED) || (new == ST_OPENED)) {
179     timer_Stop(&fp->FsmTimer);
180     if (new == ST_STOPPED && fp->StoppedTimer.load) {
181       timer_Stop(&fp->StoppedTimer);
182       fp->StoppedTimer.func = StoppedTimeout;
183       fp->StoppedTimer.arg = (void *) fp;
184       timer_Start(&fp->StoppedTimer);
185     }
186   }
187 }
188 
189 void
fsm_Output(struct fsm * fp,u_int code,u_int id,u_char * ptr,int count,int mtype)190 fsm_Output(struct fsm *fp, u_int code, u_int id, u_char *ptr, int count,
191            int mtype)
192 {
193   int plen;
194   struct fsmheader lh;
195   struct mbuf *bp;
196   u_char *tmp;
197 
198   if (log_IsKept(fp->LogLevel)) {
199     log_Printf(fp->LogLevel, "%s: Send%s(%d) state = %s\n",
200               fp->link->name, Code2Nam(code), id, State2Nam(fp->state));
201     switch (code) {
202       case CODE_CONFIGREQ:
203       case CODE_CONFIGACK:
204       case CODE_CONFIGREJ:
205       case CODE_CONFIGNAK:
206         (*fp->fn->DecodeConfig)(fp, ptr, ptr + count, MODE_NOP, NULL);
207         if (count < sizeof(struct fsm_opt_hdr))
208           log_Printf(fp->LogLevel, "  [EMPTY]\n");
209         break;
210     }
211   }
212 
213   plen = sizeof(struct fsmheader) + count;
214   lh.code = code;
215   lh.id = id;
216   lh.length = htons(plen);
217   bp = m_get(plen, mtype);
218   if ((tmp = MBUF_CTOP(bp)) != NULL)
219     memcpy(tmp, &lh, sizeof(struct fsmheader));
220   if (count)
221     if ((tmp = MBUF_CTOP(bp)) != NULL)
222       memcpy(tmp + sizeof(struct fsmheader), ptr, count);
223   log_DumpBp(LogDEBUG, "fsm_Output", bp);
224   link_PushPacket(fp->link, bp, fp->bundle, LINK_QUEUES(fp->link) - 1,
225                   fp->proto);
226 
227   if (code == CODE_CONFIGREJ)
228     lcp_SendIdentification(&fp->link->lcp);
229 }
230 
231 static void
FsmOpenNow(void * v)232 FsmOpenNow(void *v)
233 {
234   struct fsm *fp = (struct fsm *)v;
235 
236   timer_Stop(&fp->OpenTimer);
237   if (fp->state <= ST_STOPPED) {
238     if (fp->state != ST_STARTING) {
239       /*
240        * In practice, we're only here in ST_STOPPED (when delaying the
241        * first config request) or ST_CLOSED (when openmode == 0).
242        *
243        * The ST_STOPPED bit is breaking the RFC already :-(
244        *
245        * According to the RFC (1661) state transition table, a TLS isn't
246        * required for an Open event when state == Closed, but the RFC
247        * must be wrong as TLS hasn't yet been called (since the last TLF)
248        * ie, Initial gets an `Up' event, Closing gets a RTA etc.
249        */
250       (*fp->fn->LayerStart)(fp);
251       (*fp->parent->LayerStart)(fp->parent->object, fp);
252     }
253     FsmInitRestartCounter(fp, FSM_REQ_TIMER);
254     FsmSendConfigReq(fp);
255     NewState(fp, ST_REQSENT);
256   }
257 }
258 
259 void
fsm_Open(struct fsm * fp)260 fsm_Open(struct fsm *fp)
261 {
262   switch (fp->state) {
263   case ST_INITIAL:
264     NewState(fp, ST_STARTING);
265     (*fp->fn->LayerStart)(fp);
266     (*fp->parent->LayerStart)(fp->parent->object, fp);
267     break;
268   case ST_CLOSED:
269     if (fp->open_mode == OPEN_PASSIVE) {
270       NewState(fp, ST_STOPPED);		/* XXX: This is a hack ! */
271     } else if (fp->open_mode > 0) {
272       if (fp->open_mode > 1)
273         log_Printf(LogPHASE, "%s: Entering STOPPED state for %d seconds\n",
274                   fp->link->name, fp->open_mode);
275       NewState(fp, ST_STOPPED);		/* XXX: This is a not-so-bad hack ! */
276       timer_Stop(&fp->OpenTimer);
277       fp->OpenTimer.load = fp->open_mode * SECTICKS;
278       fp->OpenTimer.func = FsmOpenNow;
279       fp->OpenTimer.arg = (void *)fp;
280       timer_Start(&fp->OpenTimer);
281     } else
282       FsmOpenNow(fp);
283     break;
284   case ST_STOPPED:		/* XXX: restart option */
285   case ST_REQSENT:
286   case ST_ACKRCVD:
287   case ST_ACKSENT:
288   case ST_OPENED:		/* XXX: restart option */
289     break;
290   case ST_CLOSING:		/* XXX: restart option */
291   case ST_STOPPING:		/* XXX: restart option */
292     NewState(fp, ST_STOPPING);
293     break;
294   }
295 }
296 
297 void
fsm_Up(struct fsm * fp)298 fsm_Up(struct fsm *fp)
299 {
300   switch (fp->state) {
301   case ST_INITIAL:
302     log_Printf(fp->LogLevel, "FSM: Using \"%s\" as a transport\n",
303               fp->link->name);
304     NewState(fp, ST_CLOSED);
305     break;
306   case ST_STARTING:
307     FsmInitRestartCounter(fp, FSM_REQ_TIMER);
308     FsmSendConfigReq(fp);
309     NewState(fp, ST_REQSENT);
310     break;
311   default:
312     log_Printf(fp->LogLevel, "%s: Oops, Up at %s\n",
313               fp->link->name, State2Nam(fp->state));
314     break;
315   }
316 }
317 
318 void
fsm_Down(struct fsm * fp)319 fsm_Down(struct fsm *fp)
320 {
321   switch (fp->state) {
322   case ST_CLOSED:
323     NewState(fp, ST_INITIAL);
324     break;
325   case ST_CLOSING:
326     /* This TLF contradicts the RFC (1661), which ``misses it out'' ! */
327     (*fp->fn->LayerFinish)(fp);
328     NewState(fp, ST_INITIAL);
329     (*fp->parent->LayerFinish)(fp->parent->object, fp);
330     break;
331   case ST_STOPPED:
332     NewState(fp, ST_STARTING);
333     (*fp->fn->LayerStart)(fp);
334     (*fp->parent->LayerStart)(fp->parent->object, fp);
335     break;
336   case ST_STOPPING:
337   case ST_REQSENT:
338   case ST_ACKRCVD:
339   case ST_ACKSENT:
340     NewState(fp, ST_STARTING);
341     break;
342   case ST_OPENED:
343     (*fp->fn->LayerDown)(fp);
344     NewState(fp, ST_STARTING);
345     (*fp->parent->LayerDown)(fp->parent->object, fp);
346     break;
347   }
348 }
349 
350 void
fsm_Close(struct fsm * fp)351 fsm_Close(struct fsm *fp)
352 {
353   switch (fp->state) {
354   case ST_STARTING:
355     (*fp->fn->LayerFinish)(fp);
356     NewState(fp, ST_INITIAL);
357     (*fp->parent->LayerFinish)(fp->parent->object, fp);
358     break;
359   case ST_STOPPED:
360     NewState(fp, ST_CLOSED);
361     break;
362   case ST_STOPPING:
363     NewState(fp, ST_CLOSING);
364     break;
365   case ST_OPENED:
366     (*fp->fn->LayerDown)(fp);
367     if (fp->state == ST_OPENED) {
368       FsmInitRestartCounter(fp, FSM_TRM_TIMER);
369       FsmSendTerminateReq(fp);
370       NewState(fp, ST_CLOSING);
371       (*fp->parent->LayerDown)(fp->parent->object, fp);
372     }
373     break;
374   case ST_REQSENT:
375   case ST_ACKRCVD:
376   case ST_ACKSENT:
377     FsmInitRestartCounter(fp, FSM_TRM_TIMER);
378     FsmSendTerminateReq(fp);
379     NewState(fp, ST_CLOSING);
380     break;
381   }
382 }
383 
384 /*
385  *	Send functions
386  */
387 static void
FsmSendConfigReq(struct fsm * fp)388 FsmSendConfigReq(struct fsm *fp)
389 {
390   if (fp->more.reqs-- > 0 && fp->restart-- > 0) {
391     (*fp->fn->SendConfigReq)(fp);
392     timer_Start(&fp->FsmTimer);		/* Start restart timer */
393   } else {
394     if (fp->more.reqs < 0)
395       log_Printf(LogPHASE, "%s: Too many %s REQs sent - abandoning "
396                  "negotiation\n", fp->link->name, fp->name);
397     lcp_SendIdentification(&fp->link->lcp);
398     fsm_Close(fp);
399   }
400 }
401 
402 static void
FsmSendTerminateReq(struct fsm * fp)403 FsmSendTerminateReq(struct fsm *fp)
404 {
405   fsm_Output(fp, CODE_TERMREQ, fp->reqid, NULL, 0, MB_UNKNOWN);
406   (*fp->fn->SentTerminateReq)(fp);
407   timer_Start(&fp->FsmTimer);	/* Start restart timer */
408   fp->restart--;		/* Decrement restart counter */
409 }
410 
411 /*
412  *	Timeout actions
413  */
414 static void
FsmTimeout(void * v)415 FsmTimeout(void *v)
416 {
417   struct fsm *fp = (struct fsm *)v;
418 
419   if (fp->restart) {
420     switch (fp->state) {
421     case ST_CLOSING:
422     case ST_STOPPING:
423       FsmSendTerminateReq(fp);
424       break;
425     case ST_REQSENT:
426     case ST_ACKSENT:
427       FsmSendConfigReq(fp);
428       break;
429     case ST_ACKRCVD:
430       FsmSendConfigReq(fp);
431       NewState(fp, ST_REQSENT);
432       break;
433     }
434     timer_Start(&fp->FsmTimer);
435   } else {
436     switch (fp->state) {
437     case ST_CLOSING:
438       (*fp->fn->LayerFinish)(fp);
439       NewState(fp, ST_CLOSED);
440       (*fp->parent->LayerFinish)(fp->parent->object, fp);
441       break;
442     case ST_STOPPING:
443       (*fp->fn->LayerFinish)(fp);
444       NewState(fp, ST_STOPPED);
445       (*fp->parent->LayerFinish)(fp->parent->object, fp);
446       break;
447     case ST_REQSENT:		/* XXX: 3p */
448     case ST_ACKSENT:
449     case ST_ACKRCVD:
450       (*fp->fn->LayerFinish)(fp);
451       NewState(fp, ST_STOPPED);
452       (*fp->parent->LayerFinish)(fp->parent->object, fp);
453       break;
454     }
455   }
456 }
457 
458 static void
FsmInitRestartCounter(struct fsm * fp,int what)459 FsmInitRestartCounter(struct fsm *fp, int what)
460 {
461   timer_Stop(&fp->FsmTimer);
462   fp->FsmTimer.func = FsmTimeout;
463   fp->FsmTimer.arg = (void *)fp;
464   (*fp->fn->InitRestartCounter)(fp, what);
465 }
466 
467 /*
468  * Actions when receive packets
469  */
470 static void
FsmRecvConfigReq(struct fsm * fp,struct fsmheader * lhp,struct mbuf * bp)471 FsmRecvConfigReq(struct fsm *fp, struct fsmheader *lhp, struct mbuf *bp)
472 /* RCR */
473 {
474   struct fsm_decode dec;
475   int plen, flen;
476   int ackaction = 0;
477   u_char *cp;
478 
479   bp = m_pullup(bp);
480   plen = m_length(bp);
481   flen = ntohs(lhp->length) - sizeof *lhp;
482   if (plen < flen) {
483     log_Printf(LogWARN, "%s: FsmRecvConfigReq: plen (%d) < flen (%d)\n",
484                fp->link->name, plen, flen);
485     m_freem(bp);
486     return;
487   }
488 
489   /* Some things must be done before we Decode the packet */
490   switch (fp->state) {
491   case ST_OPENED:
492     (*fp->fn->LayerDown)(fp);
493   }
494 
495   dec.ackend = dec.ack;
496   dec.nakend = dec.nak;
497   dec.rejend = dec.rej;
498   cp = MBUF_CTOP(bp);
499   (*fp->fn->DecodeConfig)(fp, cp, cp + flen, MODE_REQ, &dec);
500   if (flen < sizeof(struct fsm_opt_hdr))
501     log_Printf(fp->LogLevel, "  [EMPTY]\n");
502 
503   if (dec.nakend == dec.nak && dec.rejend == dec.rej)
504     ackaction = 1;
505 
506   /* Check and process easy case */
507   switch (fp->state) {
508   case ST_INITIAL:
509     if (fp->proto == PROTO_CCP && fp->link->lcp.fsm.state == ST_OPENED) {
510       /*
511        * ccp_SetOpenMode() leaves us in initial if we're disabling
512        * & denying everything.
513        */
514       bp = m_prepend(bp, lhp, sizeof *lhp, 2);
515       bp = proto_Prepend(bp, fp->proto, 0, 0);
516       bp = m_pullup(bp);
517       lcp_SendProtoRej(&fp->link->lcp, MBUF_CTOP(bp), bp->m_len);
518       m_freem(bp);
519       return;
520     }
521     /* Drop through */
522   case ST_STARTING:
523     log_Printf(fp->LogLevel, "%s: Oops, RCR in %s.\n",
524               fp->link->name, State2Nam(fp->state));
525     m_freem(bp);
526     return;
527   case ST_CLOSED:
528     (*fp->fn->SendTerminateAck)(fp, lhp->id);
529     m_freem(bp);
530     return;
531   case ST_CLOSING:
532     log_Printf(fp->LogLevel, "%s: Error: Got ConfigReq while state = %s\n",
533               fp->link->name, State2Nam(fp->state));
534   case ST_STOPPING:
535     m_freem(bp);
536     return;
537   case ST_STOPPED:
538     FsmInitRestartCounter(fp, FSM_REQ_TIMER);
539     /* Drop through */
540   case ST_OPENED:
541     FsmSendConfigReq(fp);
542     break;
543   }
544 
545   if (dec.rejend != dec.rej)
546     fsm_Output(fp, CODE_CONFIGREJ, lhp->id, dec.rej, dec.rejend - dec.rej,
547                MB_UNKNOWN);
548   if (dec.nakend != dec.nak)
549     fsm_Output(fp, CODE_CONFIGNAK, lhp->id, dec.nak, dec.nakend - dec.nak,
550                MB_UNKNOWN);
551   if (ackaction)
552     fsm_Output(fp, CODE_CONFIGACK, lhp->id, dec.ack, dec.ackend - dec.ack,
553                MB_UNKNOWN);
554 
555   switch (fp->state) {
556   case ST_STOPPED:
557       /*
558        * According to the RFC (1661) state transition table, a TLS isn't
559        * required for a RCR when state == ST_STOPPED, but the RFC
560        * must be wrong as TLS hasn't yet been called (since the last TLF)
561        */
562     (*fp->fn->LayerStart)(fp);
563     (*fp->parent->LayerStart)(fp->parent->object, fp);
564     /* FALLTHROUGH */
565 
566   case ST_OPENED:
567     if (ackaction)
568       NewState(fp, ST_ACKSENT);
569     else
570       NewState(fp, ST_REQSENT);
571     (*fp->parent->LayerDown)(fp->parent->object, fp);
572     break;
573   case ST_REQSENT:
574     if (ackaction)
575       NewState(fp, ST_ACKSENT);
576     break;
577   case ST_ACKRCVD:
578     if (ackaction) {
579       NewState(fp, ST_OPENED);
580       if ((*fp->fn->LayerUp)(fp))
581         (*fp->parent->LayerUp)(fp->parent->object, fp);
582       else {
583         (*fp->fn->LayerDown)(fp);
584         FsmInitRestartCounter(fp, FSM_TRM_TIMER);
585         FsmSendTerminateReq(fp);
586         NewState(fp, ST_CLOSING);
587         lcp_SendIdentification(&fp->link->lcp);
588       }
589     }
590     break;
591   case ST_ACKSENT:
592     if (!ackaction)
593       NewState(fp, ST_REQSENT);
594     break;
595   }
596   m_freem(bp);
597 
598   if (dec.rejend != dec.rej && --fp->more.rejs <= 0) {
599     log_Printf(LogPHASE, "%s: Too many %s REJs sent - abandoning negotiation\n",
600                fp->link->name, fp->name);
601     lcp_SendIdentification(&fp->link->lcp);
602     fsm_Close(fp);
603   }
604 
605   if (dec.nakend != dec.nak && --fp->more.naks <= 0) {
606     log_Printf(LogPHASE, "%s: Too many %s NAKs sent - abandoning negotiation\n",
607                fp->link->name, fp->name);
608     lcp_SendIdentification(&fp->link->lcp);
609     fsm_Close(fp);
610   }
611 }
612 
613 static void
FsmRecvConfigAck(struct fsm * fp,struct fsmheader * lhp,struct mbuf * bp)614 FsmRecvConfigAck(struct fsm *fp, struct fsmheader *lhp, struct mbuf *bp)
615 /* RCA */
616 {
617   struct fsm_decode dec;
618   int plen, flen;
619   u_char *cp;
620 
621   plen = m_length(bp);
622   flen = ntohs(lhp->length) - sizeof *lhp;
623   if (plen < flen) {
624     m_freem(bp);
625     return;
626   }
627 
628   bp = m_pullup(bp);
629   dec.ackend = dec.ack;
630   dec.nakend = dec.nak;
631   dec.rejend = dec.rej;
632   cp = MBUF_CTOP(bp);
633   (*fp->fn->DecodeConfig)(fp, cp, cp + flen, MODE_ACK, &dec);
634   if (flen < sizeof(struct fsm_opt_hdr))
635     log_Printf(fp->LogLevel, "  [EMPTY]\n");
636 
637   switch (fp->state) {
638     case ST_CLOSED:
639     case ST_STOPPED:
640     (*fp->fn->SendTerminateAck)(fp, lhp->id);
641     break;
642   case ST_CLOSING:
643   case ST_STOPPING:
644     break;
645   case ST_REQSENT:
646     FsmInitRestartCounter(fp, FSM_REQ_TIMER);
647     NewState(fp, ST_ACKRCVD);
648     break;
649   case ST_ACKRCVD:
650     FsmSendConfigReq(fp);
651     NewState(fp, ST_REQSENT);
652     break;
653   case ST_ACKSENT:
654     FsmInitRestartCounter(fp, FSM_REQ_TIMER);
655     NewState(fp, ST_OPENED);
656     if ((*fp->fn->LayerUp)(fp))
657       (*fp->parent->LayerUp)(fp->parent->object, fp);
658     else {
659       (*fp->fn->LayerDown)(fp);
660       FsmInitRestartCounter(fp, FSM_TRM_TIMER);
661       FsmSendTerminateReq(fp);
662       NewState(fp, ST_CLOSING);
663       lcp_SendIdentification(&fp->link->lcp);
664     }
665     break;
666   case ST_OPENED:
667     (*fp->fn->LayerDown)(fp);
668     FsmSendConfigReq(fp);
669     NewState(fp, ST_REQSENT);
670     (*fp->parent->LayerDown)(fp->parent->object, fp);
671     break;
672   }
673   m_freem(bp);
674 }
675 
676 static void
FsmRecvConfigNak(struct fsm * fp,struct fsmheader * lhp,struct mbuf * bp)677 FsmRecvConfigNak(struct fsm *fp, struct fsmheader *lhp, struct mbuf *bp)
678 /* RCN */
679 {
680   struct fsm_decode dec;
681   int plen, flen;
682   u_char *cp;
683 
684   plen = m_length(bp);
685   flen = ntohs(lhp->length) - sizeof *lhp;
686   if (plen < flen) {
687     m_freem(bp);
688     return;
689   }
690 
691   /*
692    * Check and process easy case
693    */
694   switch (fp->state) {
695   case ST_INITIAL:
696   case ST_STARTING:
697     log_Printf(fp->LogLevel, "%s: Oops, RCN in %s.\n",
698               fp->link->name, State2Nam(fp->state));
699     m_freem(bp);
700     return;
701   case ST_CLOSED:
702   case ST_STOPPED:
703     (*fp->fn->SendTerminateAck)(fp, lhp->id);
704     m_freem(bp);
705     return;
706   case ST_CLOSING:
707   case ST_STOPPING:
708     m_freem(bp);
709     return;
710   }
711 
712   bp = m_pullup(bp);
713   dec.ackend = dec.ack;
714   dec.nakend = dec.nak;
715   dec.rejend = dec.rej;
716   cp = MBUF_CTOP(bp);
717   (*fp->fn->DecodeConfig)(fp, cp, cp + flen, MODE_NAK, &dec);
718   if (flen < sizeof(struct fsm_opt_hdr))
719     log_Printf(fp->LogLevel, "  [EMPTY]\n");
720 
721   switch (fp->state) {
722   case ST_REQSENT:
723   case ST_ACKSENT:
724     FsmInitRestartCounter(fp, FSM_REQ_TIMER);
725     FsmSendConfigReq(fp);
726     break;
727   case ST_OPENED:
728     (*fp->fn->LayerDown)(fp);
729     FsmSendConfigReq(fp);
730     NewState(fp, ST_REQSENT);
731     (*fp->parent->LayerDown)(fp->parent->object, fp);
732     break;
733   case ST_ACKRCVD:
734     FsmSendConfigReq(fp);
735     NewState(fp, ST_REQSENT);
736     break;
737   }
738 
739   m_freem(bp);
740 }
741 
742 static void
FsmRecvTermReq(struct fsm * fp,struct fsmheader * lhp,struct mbuf * bp)743 FsmRecvTermReq(struct fsm *fp, struct fsmheader *lhp, struct mbuf *bp)
744 /* RTR */
745 {
746   switch (fp->state) {
747   case ST_INITIAL:
748   case ST_STARTING:
749     log_Printf(fp->LogLevel, "%s: Oops, RTR in %s\n",
750               fp->link->name, State2Nam(fp->state));
751     break;
752   case ST_CLOSED:
753   case ST_STOPPED:
754   case ST_CLOSING:
755   case ST_STOPPING:
756   case ST_REQSENT:
757     (*fp->fn->SendTerminateAck)(fp, lhp->id);
758     break;
759   case ST_ACKRCVD:
760   case ST_ACKSENT:
761     (*fp->fn->SendTerminateAck)(fp, lhp->id);
762     NewState(fp, ST_REQSENT);
763     break;
764   case ST_OPENED:
765     (*fp->fn->LayerDown)(fp);
766     (*fp->fn->SendTerminateAck)(fp, lhp->id);
767     FsmInitRestartCounter(fp, FSM_TRM_TIMER);
768     timer_Start(&fp->FsmTimer);			/* Start restart timer */
769     fp->restart = 0;
770     NewState(fp, ST_STOPPING);
771     (*fp->parent->LayerDown)(fp->parent->object, fp);
772     /* A delayed ST_STOPPED is now scheduled */
773     break;
774   }
775   m_freem(bp);
776 }
777 
778 static void
FsmRecvTermAck(struct fsm * fp,struct fsmheader * lhp,struct mbuf * bp)779 FsmRecvTermAck(struct fsm *fp, struct fsmheader *lhp, struct mbuf *bp)
780 /* RTA */
781 {
782   switch (fp->state) {
783   case ST_CLOSING:
784     (*fp->fn->LayerFinish)(fp);
785     NewState(fp, ST_CLOSED);
786     (*fp->parent->LayerFinish)(fp->parent->object, fp);
787     break;
788   case ST_STOPPING:
789     (*fp->fn->LayerFinish)(fp);
790     NewState(fp, ST_STOPPED);
791     (*fp->parent->LayerFinish)(fp->parent->object, fp);
792     break;
793   case ST_ACKRCVD:
794     NewState(fp, ST_REQSENT);
795     break;
796   case ST_OPENED:
797     (*fp->fn->LayerDown)(fp);
798     FsmSendConfigReq(fp);
799     NewState(fp, ST_REQSENT);
800     (*fp->parent->LayerDown)(fp->parent->object, fp);
801     break;
802   }
803   m_freem(bp);
804 }
805 
806 static void
FsmRecvConfigRej(struct fsm * fp,struct fsmheader * lhp,struct mbuf * bp)807 FsmRecvConfigRej(struct fsm *fp, struct fsmheader *lhp, struct mbuf *bp)
808 /* RCJ */
809 {
810   struct fsm_decode dec;
811   int plen, flen;
812   u_char *cp;
813 
814   plen = m_length(bp);
815   flen = ntohs(lhp->length) - sizeof *lhp;
816   if (plen < flen) {
817     m_freem(bp);
818     return;
819   }
820 
821   lcp_SendIdentification(&fp->link->lcp);
822 
823   /*
824    * Check and process easy case
825    */
826   switch (fp->state) {
827   case ST_INITIAL:
828   case ST_STARTING:
829     log_Printf(fp->LogLevel, "%s: Oops, RCJ in %s.\n",
830               fp->link->name, State2Nam(fp->state));
831     m_freem(bp);
832     return;
833   case ST_CLOSED:
834   case ST_STOPPED:
835     (*fp->fn->SendTerminateAck)(fp, lhp->id);
836     m_freem(bp);
837     return;
838   case ST_CLOSING:
839   case ST_STOPPING:
840     m_freem(bp);
841     return;
842   }
843 
844   bp = m_pullup(bp);
845   dec.ackend = dec.ack;
846   dec.nakend = dec.nak;
847   dec.rejend = dec.rej;
848   cp = MBUF_CTOP(bp);
849   (*fp->fn->DecodeConfig)(fp, cp, cp + flen, MODE_REJ, &dec);
850   if (flen < sizeof(struct fsm_opt_hdr))
851     log_Printf(fp->LogLevel, "  [EMPTY]\n");
852 
853   switch (fp->state) {
854   case ST_REQSENT:
855   case ST_ACKSENT:
856     FsmInitRestartCounter(fp, FSM_REQ_TIMER);
857     FsmSendConfigReq(fp);
858     break;
859   case ST_OPENED:
860     (*fp->fn->LayerDown)(fp);
861     FsmSendConfigReq(fp);
862     NewState(fp, ST_REQSENT);
863     (*fp->parent->LayerDown)(fp->parent->object, fp);
864     break;
865   case ST_ACKRCVD:
866     FsmSendConfigReq(fp);
867     NewState(fp, ST_REQSENT);
868     break;
869   }
870   m_freem(bp);
871 }
872 
873 static void
FsmRecvCodeRej(struct fsm * fp,struct fsmheader * lhp,struct mbuf * bp)874 FsmRecvCodeRej(struct fsm *fp, struct fsmheader *lhp, struct mbuf *bp)
875 {
876   m_freem(bp);
877 }
878 
879 static void
FsmRecvProtoRej(struct fsm * fp,struct fsmheader * lhp,struct mbuf * bp)880 FsmRecvProtoRej(struct fsm *fp, struct fsmheader *lhp, struct mbuf *bp)
881 {
882   struct physical *p = link2physical(fp->link);
883   u_short proto;
884 
885   if (m_length(bp) < 2) {
886     m_freem(bp);
887     return;
888   }
889   bp = mbuf_Read(bp, &proto, 2);
890   proto = ntohs(proto);
891   log_Printf(fp->LogLevel, "%s: -- Protocol 0x%04x (%s) was rejected!\n",
892             fp->link->name, proto, hdlc_Protocol2Nam(proto));
893 
894   switch (proto) {
895   case PROTO_LQR:
896     if (p)
897       lqr_Stop(p, LQM_LQR);
898     else
899       log_Printf(LogERROR, "%s: FsmRecvProtoRej: Not a physical link !\n",
900                 fp->link->name);
901     break;
902   case PROTO_CCP:
903     if (fp->proto == PROTO_LCP) {
904       fp = &fp->link->ccp.fsm;
905       /* Despite the RFC (1661), don't do an out-of-place TLF */
906       /* (*fp->fn->LayerFinish)(fp); */
907       switch (fp->state) {
908       case ST_CLOSED:
909       case ST_CLOSING:
910         NewState(fp, ST_CLOSED);
911         break;
912       default:
913         NewState(fp, ST_STOPPED);
914         break;
915       }
916       /* See above */
917       /* (*fp->parent->LayerFinish)(fp->parent->object, fp); */
918     }
919     break;
920   case PROTO_IPCP:
921     if (fp->proto == PROTO_LCP) {
922       log_Printf(LogPHASE, "%s: IPCP protocol reject closes IPCP !\n",
923                 fp->link->name);
924       fsm_Close(&fp->bundle->ncp.ipcp.fsm);
925     }
926     break;
927 #ifndef NOINET6
928   case PROTO_IPV6CP:
929     if (fp->proto == PROTO_LCP) {
930       log_Printf(LogPHASE, "%s: IPV6CP protocol reject closes IPV6CP !\n",
931                 fp->link->name);
932       fsm_Close(&fp->bundle->ncp.ipv6cp.fsm);
933     }
934     break;
935 #endif
936   case PROTO_MP:
937     if (fp->proto == PROTO_LCP) {
938       struct lcp *lcp = fsm2lcp(fp);
939 
940       if (lcp->want_mrru && lcp->his_mrru) {
941         log_Printf(LogPHASE, "%s: MP protocol reject is fatal !\n",
942                   fp->link->name);
943         fsm_Close(fp);
944       }
945     }
946     break;
947   }
948   m_freem(bp);
949 }
950 
951 static void
FsmRecvEchoReq(struct fsm * fp,struct fsmheader * lhp,struct mbuf * bp)952 FsmRecvEchoReq(struct fsm *fp, struct fsmheader *lhp, struct mbuf *bp)
953 {
954   struct lcp *lcp = fsm2lcp(fp);
955   u_char *cp;
956   u_int32_t magic;
957 
958   bp = m_pullup(bp);
959   m_settype(bp, MB_ECHOIN);
960 
961   if (lcp && ntohs(lhp->length) - sizeof *lhp >= 4) {
962     cp = MBUF_CTOP(bp);
963     ua_ntohl(cp, &magic);
964     if (magic != lcp->his_magic) {
965       log_Printf(fp->LogLevel, "%s: RecvEchoReq: magic 0x%08lx is wrong,"
966                  " expecting 0x%08lx\n", fp->link->name, (u_long)magic,
967                  (u_long)lcp->his_magic);
968       /* XXX: We should send terminate request */
969     }
970     if (fp->state == ST_OPENED) {
971       ua_htonl(&lcp->want_magic, cp);		/* local magic */
972       fsm_Output(fp, CODE_ECHOREP, lhp->id, cp,
973                  ntohs(lhp->length) - sizeof *lhp, MB_ECHOOUT);
974     }
975   }
976   m_freem(bp);
977 }
978 
979 static void
FsmRecvEchoRep(struct fsm * fp,struct fsmheader * lhp,struct mbuf * bp)980 FsmRecvEchoRep(struct fsm *fp, struct fsmheader *lhp, struct mbuf *bp)
981 {
982   if (fsm2lcp(fp))
983     bp = lqr_RecvEcho(fp, bp);
984 
985   m_freem(bp);
986 }
987 
988 static void
FsmRecvDiscReq(struct fsm * fp,struct fsmheader * lhp,struct mbuf * bp)989 FsmRecvDiscReq(struct fsm *fp, struct fsmheader *lhp, struct mbuf *bp)
990 {
991   m_freem(bp);
992 }
993 
994 static void
FsmRecvIdent(struct fsm * fp,struct fsmheader * lhp,struct mbuf * bp)995 FsmRecvIdent(struct fsm *fp, struct fsmheader *lhp, struct mbuf *bp)
996 {
997   u_int32_t magic;
998   u_short len;
999   u_char *cp;
1000 
1001   len = ntohs(lhp->length) - sizeof *lhp;
1002   if (len >= 4) {
1003     bp = m_pullup(m_append(bp, "", 1));
1004     cp = MBUF_CTOP(bp);
1005     ua_ntohl(cp, &magic);
1006     if (magic != fp->link->lcp.his_magic)
1007       log_Printf(fp->LogLevel, "%s: RecvIdent: magic 0x%08lx is wrong,"
1008                  " expecting 0x%08lx\n", fp->link->name, (u_long)magic,
1009                  (u_long)fp->link->lcp.his_magic);
1010     cp[len] = '\0';
1011     lcp_RecvIdentification(&fp->link->lcp, cp + 4);
1012   }
1013   m_freem(bp);
1014 }
1015 
1016 static void
FsmRecvTimeRemain(struct fsm * fp,struct fsmheader * lhp,struct mbuf * bp)1017 FsmRecvTimeRemain(struct fsm *fp, struct fsmheader *lhp, struct mbuf *bp)
1018 {
1019   m_freem(bp);
1020 }
1021 
1022 static void
FsmRecvResetReq(struct fsm * fp,struct fsmheader * lhp,struct mbuf * bp)1023 FsmRecvResetReq(struct fsm *fp, struct fsmheader *lhp, struct mbuf *bp)
1024 {
1025   if ((*fp->fn->RecvResetReq)(fp)) {
1026     /*
1027      * All sendable compressed packets are queued in the first (lowest
1028      * priority) modem output queue.... dump 'em to the priority queue
1029      * so that they arrive at the peer before our ResetAck.
1030      */
1031     link_SequenceQueue(fp->link);
1032     fsm_Output(fp, CODE_RESETACK, lhp->id, NULL, 0, MB_CCPOUT);
1033   }
1034   m_freem(bp);
1035 }
1036 
1037 static void
FsmRecvResetAck(struct fsm * fp,struct fsmheader * lhp,struct mbuf * bp)1038 FsmRecvResetAck(struct fsm *fp, struct fsmheader *lhp, struct mbuf *bp)
1039 {
1040   (*fp->fn->RecvResetAck)(fp, lhp->id);
1041   m_freem(bp);
1042 }
1043 
1044 void
fsm_Input(struct fsm * fp,struct mbuf * bp)1045 fsm_Input(struct fsm *fp, struct mbuf *bp)
1046 {
1047   int len;
1048   struct fsmheader lh;
1049   const struct fsmcodedesc *codep;
1050 
1051   len = m_length(bp);
1052   if (len < sizeof(struct fsmheader)) {
1053     m_freem(bp);
1054     return;
1055   }
1056   bp = mbuf_Read(bp, &lh, sizeof lh);
1057 
1058   if (ntohs(lh.length) > len) {
1059     log_Printf(LogWARN, "%s: Oops: Got %d bytes but %d byte payload "
1060                "- dropped\n", fp->link->name, len, (int)ntohs(lh.length));
1061     m_freem(bp);
1062     return;
1063   }
1064 
1065   if (lh.code < fp->min_code || lh.code > fp->max_code ||
1066       lh.code > sizeof FsmCodes / sizeof *FsmCodes) {
1067     /*
1068      * Use a private id.  This is really a response-type packet, but we
1069      * MUST send a unique id for each REQ....
1070      */
1071     static u_char id;
1072 
1073     bp = m_prepend(bp, &lh, sizeof lh, 0);
1074     bp = m_pullup(bp);
1075     fsm_Output(fp, CODE_CODEREJ, id++, MBUF_CTOP(bp), bp->m_len, MB_UNKNOWN);
1076     m_freem(bp);
1077     return;
1078   }
1079 
1080   codep = FsmCodes + lh.code - 1;
1081   if (lh.id != fp->reqid && codep->check_reqid &&
1082       Enabled(fp->bundle, OPT_IDCHECK)) {
1083     log_Printf(fp->LogLevel, "%s: Recv%s(%d), dropped (expected %d)\n",
1084                fp->link->name, codep->name, lh.id, fp->reqid);
1085     return;
1086   }
1087 
1088   log_Printf(fp->LogLevel, "%s: Recv%s(%d) state = %s\n",
1089              fp->link->name, codep->name, lh.id, State2Nam(fp->state));
1090 
1091   if (codep->inc_reqid && (lh.id == fp->reqid ||
1092       (!Enabled(fp->bundle, OPT_IDCHECK) && codep->check_reqid)))
1093     fp->reqid++;	/* That's the end of that ``exchange''.... */
1094 
1095   (*codep->recv)(fp, &lh, bp);
1096 }
1097 
1098 int
fsm_NullRecvResetReq(struct fsm * fp)1099 fsm_NullRecvResetReq(struct fsm *fp)
1100 {
1101   log_Printf(fp->LogLevel, "%s: Oops - received unexpected reset req\n",
1102             fp->link->name);
1103   return 1;
1104 }
1105 
1106 void
fsm_NullRecvResetAck(struct fsm * fp,u_char id)1107 fsm_NullRecvResetAck(struct fsm *fp, u_char id)
1108 {
1109   log_Printf(fp->LogLevel, "%s: Oops - received unexpected reset ack\n",
1110             fp->link->name);
1111 }
1112 
1113 void
fsm_Reopen(struct fsm * fp)1114 fsm_Reopen(struct fsm *fp)
1115 {
1116   if (fp->state == ST_OPENED) {
1117     (*fp->fn->LayerDown)(fp);
1118     FsmInitRestartCounter(fp, FSM_REQ_TIMER);
1119     FsmSendConfigReq(fp);
1120     NewState(fp, ST_REQSENT);
1121     (*fp->parent->LayerDown)(fp->parent->object, fp);
1122   }
1123 }
1124 
1125 void
fsm2initial(struct fsm * fp)1126 fsm2initial(struct fsm *fp)
1127 {
1128   timer_Stop(&fp->FsmTimer);
1129   timer_Stop(&fp->OpenTimer);
1130   timer_Stop(&fp->StoppedTimer);
1131   if (fp->state == ST_STOPPED)
1132     fsm_Close(fp);
1133   if (fp->state > ST_INITIAL)
1134     fsm_Down(fp);
1135   if (fp->state > ST_INITIAL)
1136     fsm_Close(fp);
1137 }
1138 
1139 struct fsm_opt *
fsm_readopt(u_char ** cp)1140 fsm_readopt(u_char **cp)
1141 {
1142   struct fsm_opt *o = (struct fsm_opt *)*cp;
1143 
1144   if (o->hdr.len < sizeof(struct fsm_opt_hdr)) {
1145     log_Printf(LogERROR, "Bad option length %d (out of phase?)\n", o->hdr.len);
1146     return NULL;
1147   }
1148 
1149   *cp += o->hdr.len;
1150 
1151   if (o->hdr.len > sizeof(struct fsm_opt)) {
1152     log_Printf(LogERROR, "Warning: Truncating option length from %d to %d\n",
1153                o->hdr.len, (int)sizeof(struct fsm_opt));
1154     o->hdr.len = sizeof(struct fsm_opt);
1155   }
1156 
1157   return o;
1158 }
1159 
1160 static int
fsm_opt(u_char * opt,int optlen,const struct fsm_opt * o)1161 fsm_opt(u_char *opt, int optlen, const struct fsm_opt *o)
1162 {
1163   int cplen = o->hdr.len;
1164 
1165   if (optlen < sizeof(struct fsm_opt_hdr))
1166     optlen = 0;
1167 
1168   if (cplen > optlen) {
1169     log_Printf(LogERROR, "Can't REJ length %d - trunating to %d\n",
1170       cplen, optlen);
1171     cplen = optlen;
1172   }
1173   memcpy(opt, o, cplen);
1174   if (cplen)
1175     opt[1] = cplen;
1176 
1177   return cplen;
1178 }
1179 
1180 void
fsm_rej(struct fsm_decode * dec,const struct fsm_opt * o)1181 fsm_rej(struct fsm_decode *dec, const struct fsm_opt *o)
1182 {
1183   if (!dec)
1184     return;
1185   dec->rejend += fsm_opt(dec->rejend, FSM_OPTLEN - (dec->rejend - dec->rej), o);
1186 }
1187 
1188 void
fsm_ack(struct fsm_decode * dec,const struct fsm_opt * o)1189 fsm_ack(struct fsm_decode *dec, const struct fsm_opt *o)
1190 {
1191   if (!dec)
1192     return;
1193   dec->ackend += fsm_opt(dec->ackend, FSM_OPTLEN - (dec->ackend - dec->ack), o);
1194 }
1195 
1196 void
fsm_nak(struct fsm_decode * dec,const struct fsm_opt * o)1197 fsm_nak(struct fsm_decode *dec, const struct fsm_opt *o)
1198 {
1199   if (!dec)
1200     return;
1201   dec->nakend += fsm_opt(dec->nakend, FSM_OPTLEN - (dec->nakend - dec->nak), o);
1202 }
1203 
1204 void
fsm_opt_normalise(struct fsm_decode * dec)1205 fsm_opt_normalise(struct fsm_decode *dec)
1206 {
1207   if (dec->rejend != dec->rej) {
1208     /* rejects are preferred */
1209     dec->ackend = dec->ack;
1210     dec->nakend = dec->nak;
1211   } else if (dec->nakend != dec->nak)
1212     /* then NAKs */
1213     dec->ackend = dec->ack;
1214 }
1215