1 /* $NetBSD: ccp.c,v 1.6 2025/01/08 19:59:38 christos Exp $ */
2
3 /*
4 * ccp.c - PPP Compression Control Protocol.
5 *
6 * Copyright (c) 1994-2024 Paul Mackerras. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
21 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
22 * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
23 * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
24 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
25 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
26 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
27 */
28
29 #include <sys/cdefs.h>
30 __RCSID("$NetBSD: ccp.c,v 1.6 2025/01/08 19:59:38 christos Exp $");
31
32 #ifdef HAVE_CONFIG_H
33 #include "config.h"
34 #endif
35
36 #include <stdlib.h>
37 #include <string.h>
38 #if defined(__linux__)
39 #include <linux/ppp-comp.h>
40 #else
41 #include <net/ppp-comp.h>
42 #endif
43
44 #include "pppd-private.h"
45 #include "options.h"
46 #include "fsm.h"
47 #include "ccp.h"
48
49 #include "chap_ms.h"
50 #include "mppe.h"
51 #include "lcp.h" /* lcp_close(), lcp_fsm */
52
53
54 /*
55 * Unfortunately there is a bug in zlib which means that using a
56 * size of 8 (window size = 256) for Deflate compression will cause
57 * buffer overruns and kernel crashes in the deflate module.
58 * Until this is fixed we only accept sizes in the range 9 .. 15.
59 * Thanks to James Carlson for pointing this out.
60 */
61 #define DEFLATE_MIN_WORKS 9
62
63 /*
64 * Command-line options.
65 */
66 static int setbsdcomp (char **);
67 static int setdeflate (char **);
68 static char bsd_value[8];
69 static char deflate_value[8];
70
71 /*
72 * Option variables.
73 */
74 #ifdef PPP_WITH_MPPE
75 bool refuse_mppe_stateful = 1; /* Allow stateful mode? */
76 #endif
77
78 static struct option ccp_option_list[] = {
79 { "noccp", o_bool, &ccp_protent.enabled_flag,
80 "Disable CCP negotiation" },
81 { "-ccp", o_bool, &ccp_protent.enabled_flag,
82 "Disable CCP negotiation", OPT_ALIAS },
83
84 { "bsdcomp", o_special, (void *)setbsdcomp,
85 "Request BSD-Compress packet compression",
86 OPT_PRIO | OPT_A2STRVAL | OPT_STATIC, bsd_value },
87 { "nobsdcomp", o_bool, &ccp_wantoptions[0].bsd_compress,
88 "don't allow BSD-Compress", OPT_PRIOSUB | OPT_A2CLR,
89 &ccp_allowoptions[0].bsd_compress },
90 { "-bsdcomp", o_bool, &ccp_wantoptions[0].bsd_compress,
91 "don't allow BSD-Compress", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR,
92 &ccp_allowoptions[0].bsd_compress },
93
94 { "deflate", o_special, (void *)setdeflate,
95 "request Deflate compression",
96 OPT_PRIO | OPT_A2STRVAL | OPT_STATIC, deflate_value },
97 { "nodeflate", o_bool, &ccp_wantoptions[0].deflate,
98 "don't allow Deflate compression", OPT_PRIOSUB | OPT_A2CLR,
99 &ccp_allowoptions[0].deflate },
100 { "-deflate", o_bool, &ccp_wantoptions[0].deflate,
101 "don't allow Deflate compression", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR,
102 &ccp_allowoptions[0].deflate },
103
104 { "nodeflatedraft", o_bool, &ccp_wantoptions[0].deflate_draft,
105 "don't use draft deflate #", OPT_A2COPY,
106 &ccp_allowoptions[0].deflate_draft },
107
108 { "predictor1", o_bool, &ccp_wantoptions[0].predictor_1,
109 "request Predictor-1", OPT_PRIO | 1 },
110 { "nopredictor1", o_bool, &ccp_wantoptions[0].predictor_1,
111 "don't allow Predictor-1", OPT_PRIOSUB | OPT_A2CLR,
112 &ccp_allowoptions[0].predictor_1 },
113 { "-predictor1", o_bool, &ccp_wantoptions[0].predictor_1,
114 "don't allow Predictor-1", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR,
115 &ccp_allowoptions[0].predictor_1 },
116
117 #ifdef PPP_WITH_MPPE
118 /* MPPE options are symmetrical ... we only set wantoptions here */
119 { "require-mppe", o_bool, &ccp_wantoptions[0].mppe,
120 "require MPPE encryption",
121 OPT_PRIO | MPPE_OPT_40 | MPPE_OPT_128 },
122 { "+mppe", o_bool, &ccp_wantoptions[0].mppe,
123 "require MPPE encryption",
124 OPT_ALIAS | OPT_PRIO | MPPE_OPT_40 | MPPE_OPT_128 },
125 { "nomppe", o_bool, &ccp_wantoptions[0].mppe,
126 "don't allow MPPE encryption", OPT_PRIO },
127 { "-mppe", o_bool, &ccp_wantoptions[0].mppe,
128 "don't allow MPPE encryption", OPT_ALIAS | OPT_PRIO },
129
130 /* We use ccp_allowoptions[0].mppe as a junk var ... it is reset later */
131 { "require-mppe-40", o_bool, &ccp_allowoptions[0].mppe,
132 "require MPPE 40-bit encryption", OPT_PRIO | OPT_A2OR | MPPE_OPT_40,
133 &ccp_wantoptions[0].mppe },
134 { "+mppe-40", o_bool, &ccp_allowoptions[0].mppe,
135 "require MPPE 40-bit encryption", OPT_PRIO | OPT_A2OR | MPPE_OPT_40,
136 &ccp_wantoptions[0].mppe },
137 { "nomppe-40", o_bool, &ccp_allowoptions[0].mppe,
138 "don't allow MPPE 40-bit encryption",
139 OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_40, &ccp_wantoptions[0].mppe },
140 { "-mppe-40", o_bool, &ccp_allowoptions[0].mppe,
141 "don't allow MPPE 40-bit encryption",
142 OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_40,
143 &ccp_wantoptions[0].mppe },
144
145 { "require-mppe-128", o_bool, &ccp_allowoptions[0].mppe,
146 "require MPPE 128-bit encryption", OPT_PRIO | OPT_A2OR | MPPE_OPT_128,
147 &ccp_wantoptions[0].mppe },
148 { "+mppe-128", o_bool, &ccp_allowoptions[0].mppe,
149 "require MPPE 128-bit encryption",
150 OPT_ALIAS | OPT_PRIO | OPT_A2OR | MPPE_OPT_128,
151 &ccp_wantoptions[0].mppe },
152 { "nomppe-128", o_bool, &ccp_allowoptions[0].mppe,
153 "don't allow MPPE 128-bit encryption",
154 OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_128, &ccp_wantoptions[0].mppe },
155 { "-mppe-128", o_bool, &ccp_allowoptions[0].mppe,
156 "don't allow MPPE 128-bit encryption",
157 OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_128,
158 &ccp_wantoptions[0].mppe },
159
160 /* strange one; we always request stateless, but will we allow stateful? */
161 { "mppe-stateful", o_bool, &refuse_mppe_stateful,
162 "allow MPPE stateful mode", OPT_PRIO },
163 { "nomppe-stateful", o_bool, &refuse_mppe_stateful,
164 "disallow MPPE stateful mode", OPT_PRIO | 1 },
165 #endif /* MPPE */
166
167 { NULL }
168 };
169
170 /*
171 * Protocol entry points from main code.
172 */
173 static void ccp_init (int unit);
174 static void ccp_open (int unit);
175 static void ccp_close (int unit, char *);
176 static void ccp_lowerup (int unit);
177 static void ccp_lowerdown (int);
178 static void ccp_input (int unit, u_char *pkt, int len);
179 static void ccp_protrej (int unit);
180 static int ccp_printpkt (u_char *pkt, int len,
181 void (*printer)(void *, char *, ...),
182 void *arg);
183 static void ccp_datainput (int unit, u_char *pkt, int len);
184
185 struct protent ccp_protent = {
186 PPP_CCP,
187 ccp_init,
188 ccp_input,
189 ccp_protrej,
190 ccp_lowerup,
191 ccp_lowerdown,
192 ccp_open,
193 ccp_close,
194 ccp_printpkt,
195 ccp_datainput,
196 1,
197 "CCP",
198 "Compressed",
199 ccp_option_list,
200 NULL,
201 NULL,
202 NULL
203 };
204
205 fsm ccp_fsm[NUM_PPP];
206 ccp_options ccp_wantoptions[NUM_PPP]; /* what to request the peer to use */
207 ccp_options ccp_gotoptions[NUM_PPP]; /* what the peer agreed to do */
208 ccp_options ccp_allowoptions[NUM_PPP]; /* what we'll agree to do */
209 ccp_options ccp_hisoptions[NUM_PPP]; /* what we agreed to do */
210
211 /*
212 * Callbacks for fsm code.
213 */
214 static void ccp_resetci (fsm *);
215 static int ccp_cilen (fsm *);
216 static void ccp_addci (fsm *, u_char *, int *);
217 static int ccp_ackci (fsm *, u_char *, int);
218 static int ccp_nakci (fsm *, u_char *, int, int);
219 static int ccp_rejci (fsm *, u_char *, int);
220 static int ccp_reqci (fsm *, u_char *, int *, int);
221 static void ccp_up (fsm *);
222 static void ccp_down (fsm *);
223 static int ccp_extcode (fsm *, int, int, u_char *, int);
224 static void ccp_rack_timeout (void *);
225 static char *method_name (ccp_options *, ccp_options *);
226
227 static fsm_callbacks ccp_callbacks = {
228 ccp_resetci,
229 ccp_cilen,
230 ccp_addci,
231 ccp_ackci,
232 ccp_nakci,
233 ccp_rejci,
234 ccp_reqci,
235 ccp_up,
236 ccp_down,
237 NULL,
238 NULL,
239 NULL,
240 NULL,
241 ccp_extcode,
242 "CCP"
243 };
244
245 /*
246 * Do we want / did we get any compression?
247 */
248 #define ANY_COMPRESS(opt) ((opt).deflate || (opt).bsd_compress \
249 || (opt).predictor_1 || (opt).predictor_2 \
250 || (opt).mppe)
251
252 /*
253 * Local state (mainly for handling reset-reqs and reset-acks).
254 */
255 static int ccp_localstate[NUM_PPP];
256 #define RACK_PENDING 1 /* waiting for reset-ack */
257 #define RREQ_REPEAT 2 /* send another reset-req if no reset-ack */
258
259 #define RACKTIMEOUT 1 /* second */
260
261 static int all_rejected[NUM_PPP]; /* we rejected all peer's options */
262
263 /*
264 * Option parsing.
265 */
266 static int
setbsdcomp(char ** argv)267 setbsdcomp(char **argv)
268 {
269 int rbits, abits;
270 char *str, *endp;
271
272 str = *argv;
273 abits = rbits = strtol(str, &endp, 0);
274 if (endp != str && *endp == ',') {
275 str = endp + 1;
276 abits = strtol(str, &endp, 0);
277 }
278 if (*endp != 0 || endp == str) {
279 ppp_option_error("invalid parameter '%s' for bsdcomp option", *argv);
280 return 0;
281 }
282 if ((rbits != 0 && (rbits < BSD_MIN_BITS || rbits > BSD_MAX_BITS))
283 || (abits != 0 && (abits < BSD_MIN_BITS || abits > BSD_MAX_BITS))) {
284 ppp_option_error("bsdcomp option values must be 0 or %d .. %d",
285 BSD_MIN_BITS, BSD_MAX_BITS);
286 return 0;
287 }
288 if (rbits > 0) {
289 ccp_wantoptions[0].bsd_compress = 1;
290 ccp_wantoptions[0].bsd_bits = rbits;
291 } else
292 ccp_wantoptions[0].bsd_compress = 0;
293 if (abits > 0) {
294 ccp_allowoptions[0].bsd_compress = 1;
295 ccp_allowoptions[0].bsd_bits = abits;
296 } else
297 ccp_allowoptions[0].bsd_compress = 0;
298 slprintf(bsd_value, sizeof(bsd_value),
299 rbits == abits? "%d": "%d,%d", rbits, abits);
300
301 return 1;
302 }
303
304 static int
setdeflate(char ** argv)305 setdeflate(char **argv)
306 {
307 int rbits, abits;
308 char *str, *endp;
309
310 str = *argv;
311 abits = rbits = strtol(str, &endp, 0);
312 if (endp != str && *endp == ',') {
313 str = endp + 1;
314 abits = strtol(str, &endp, 0);
315 }
316 if (*endp != 0 || endp == str) {
317 ppp_option_error("invalid parameter '%s' for deflate option", *argv);
318 return 0;
319 }
320 if ((rbits != 0 && (rbits < DEFLATE_MIN_SIZE || rbits > DEFLATE_MAX_SIZE))
321 || (abits != 0 && (abits < DEFLATE_MIN_SIZE
322 || abits > DEFLATE_MAX_SIZE))) {
323 ppp_option_error("deflate option values must be 0 or %d .. %d",
324 DEFLATE_MIN_SIZE, DEFLATE_MAX_SIZE);
325 return 0;
326 }
327 if (rbits == DEFLATE_MIN_SIZE || abits == DEFLATE_MIN_SIZE) {
328 if (rbits == DEFLATE_MIN_SIZE)
329 rbits = DEFLATE_MIN_WORKS;
330 if (abits == DEFLATE_MIN_SIZE)
331 abits = DEFLATE_MIN_WORKS;
332 warn("deflate option value of %d changed to %d to avoid zlib bug",
333 DEFLATE_MIN_SIZE, DEFLATE_MIN_WORKS);
334 }
335 if (rbits > 0) {
336 ccp_wantoptions[0].deflate = 1;
337 ccp_wantoptions[0].deflate_size = rbits;
338 } else
339 ccp_wantoptions[0].deflate = 0;
340 if (abits > 0) {
341 ccp_allowoptions[0].deflate = 1;
342 ccp_allowoptions[0].deflate_size = abits;
343 } else
344 ccp_allowoptions[0].deflate = 0;
345 slprintf(deflate_value, sizeof(deflate_value),
346 rbits == abits? "%d": "%d,%d", rbits, abits);
347
348 return 1;
349 }
350
351 /*
352 * ccp_init - initialize CCP.
353 */
354 static void
ccp_init(int unit)355 ccp_init(int unit)
356 {
357 fsm *f = &ccp_fsm[unit];
358
359 f->unit = unit;
360 f->protocol = PPP_CCP;
361 f->callbacks = &ccp_callbacks;
362 fsm_init(f);
363
364 memset(&ccp_wantoptions[unit], 0, sizeof(ccp_options));
365 memset(&ccp_gotoptions[unit], 0, sizeof(ccp_options));
366 memset(&ccp_allowoptions[unit], 0, sizeof(ccp_options));
367 memset(&ccp_hisoptions[unit], 0, sizeof(ccp_options));
368
369 ccp_wantoptions[0].deflate = 1;
370 ccp_wantoptions[0].deflate_size = DEFLATE_MAX_SIZE;
371 ccp_wantoptions[0].deflate_correct = 1;
372 ccp_wantoptions[0].deflate_draft = 1;
373 ccp_allowoptions[0].deflate = 1;
374 ccp_allowoptions[0].deflate_size = DEFLATE_MAX_SIZE;
375 ccp_allowoptions[0].deflate_correct = 1;
376 ccp_allowoptions[0].deflate_draft = 1;
377
378 ccp_wantoptions[0].bsd_compress = 1;
379 ccp_wantoptions[0].bsd_bits = BSD_MAX_BITS;
380 ccp_allowoptions[0].bsd_compress = 1;
381 ccp_allowoptions[0].bsd_bits = BSD_MAX_BITS;
382
383 ccp_allowoptions[0].predictor_1 = 1;
384 }
385
386 /*
387 * ccp_open - CCP is allowed to come up.
388 */
389 static void
ccp_open(int unit)390 ccp_open(int unit)
391 {
392 fsm *f = &ccp_fsm[unit];
393
394 if (f->state != OPENED)
395 ccp_flags_set(unit, 1, 0);
396
397 /*
398 * Find out which compressors the kernel supports before
399 * deciding whether to open in silent mode.
400 */
401 ccp_resetci(f);
402 if (!ANY_COMPRESS(ccp_gotoptions[unit]))
403 f->flags |= OPT_SILENT;
404
405 fsm_open(f);
406 }
407
408 /*
409 * ccp_close - Terminate CCP.
410 */
411 static void
ccp_close(int unit,char * reason)412 ccp_close(int unit, char *reason)
413 {
414 ccp_flags_set(unit, 0, 0);
415 fsm_close(&ccp_fsm[unit], reason);
416 }
417
418 /*
419 * ccp_lowerup - we may now transmit CCP packets.
420 */
421 static void
ccp_lowerup(int unit)422 ccp_lowerup(int unit)
423 {
424 fsm_lowerup(&ccp_fsm[unit]);
425 }
426
427 /*
428 * ccp_lowerdown - we may not transmit CCP packets.
429 */
430 static void
ccp_lowerdown(int unit)431 ccp_lowerdown(int unit)
432 {
433 fsm_lowerdown(&ccp_fsm[unit]);
434 }
435
436 /*
437 * ccp_input - process a received CCP packet.
438 */
439 static void
ccp_input(int unit,u_char * p,int len)440 ccp_input(int unit, u_char *p, int len)
441 {
442 fsm *f = &ccp_fsm[unit];
443 int oldstate;
444
445 /*
446 * Check for a terminate-request so we can print a message.
447 */
448 oldstate = f->state;
449 fsm_input(f, p, len);
450 if (oldstate == OPENED && p[0] == TERMREQ && f->state != OPENED) {
451 notice("Compression disabled by peer.");
452 #ifdef PPP_WITH_MPPE
453 if (ccp_gotoptions[unit].mppe) {
454 error("MPPE disabled, closing LCP");
455 lcp_close(unit, "MPPE disabled by peer");
456 }
457 #endif
458 }
459
460 /*
461 * If we get a terminate-ack and we're not asking for compression,
462 * close CCP.
463 */
464 if (oldstate == REQSENT && p[0] == TERMACK
465 && !ANY_COMPRESS(ccp_gotoptions[unit]))
466 ccp_close(unit, "No compression negotiated");
467 }
468
469 /*
470 * Handle a CCP-specific code.
471 */
472 static int
ccp_extcode(fsm * f,int code,int id,u_char * p,int len)473 ccp_extcode(fsm *f, int code, int id, u_char *p, int len)
474 {
475 switch (code) {
476 case CCP_RESETREQ:
477 if (f->state != OPENED)
478 break;
479 /* send a reset-ack, which the transmitter will see and
480 reset its compression state. */
481 fsm_sdata(f, CCP_RESETACK, id, NULL, 0);
482 break;
483
484 case CCP_RESETACK:
485 if (ccp_localstate[f->unit] & RACK_PENDING && id == f->reqid) {
486 ccp_localstate[f->unit] &= ~(RACK_PENDING | RREQ_REPEAT);
487 UNTIMEOUT(ccp_rack_timeout, f);
488 }
489 break;
490
491 default:
492 return 0;
493 }
494
495 return 1;
496 }
497
498 /*
499 * ccp_protrej - peer doesn't talk CCP.
500 */
501 static void
ccp_protrej(int unit)502 ccp_protrej(int unit)
503 {
504 ccp_flags_set(unit, 0, 0);
505 fsm_lowerdown(&ccp_fsm[unit]);
506
507 #ifdef PPP_WITH_MPPE
508 if (ccp_gotoptions[unit].mppe) {
509 error("MPPE required but peer negotiation failed");
510 lcp_close(unit, "MPPE required but peer negotiation failed");
511 }
512 #endif
513
514 }
515
516 /*
517 * ccp_resetci - initialize at start of negotiation.
518 */
519 static void
ccp_resetci(fsm * f)520 ccp_resetci(fsm *f)
521 {
522 ccp_options *go = &ccp_gotoptions[f->unit];
523 u_char opt_buf[CCP_MAX_OPTION_LENGTH];
524
525 *go = ccp_wantoptions[f->unit];
526 all_rejected[f->unit] = 0;
527
528 #ifdef PPP_WITH_MPPE
529 if (go->mppe) {
530 ccp_options *ao = &ccp_allowoptions[f->unit];
531 int auth_mschap_bits = auth_done[f->unit];
532 #ifdef PPP_WITH_EAPTLS
533 int auth_eap_bits = auth_done[f->unit];
534 #endif
535 int numbits;
536
537 /*
538 * Start with a basic sanity check: mschap[v2] auth must be in
539 * exactly one direction. RFC 3079 says that the keys are
540 * 'derived from the credentials of the peer that initiated the call',
541 * however the PPP protocol doesn't have such a concept, and pppd
542 * cannot get this info externally. Instead we do the best we can.
543 * NB: If MPPE is required, all other compression opts are invalid.
544 * So, we return right away if we can't do it.
545 */
546
547 /* Leave only the mschap auth bits set */
548 auth_mschap_bits &= (CHAP_MS_WITHPEER | CHAP_MS_PEER |
549 CHAP_MS2_WITHPEER | CHAP_MS2_PEER);
550 /* Count the mschap auths */
551 auth_mschap_bits >>= CHAP_MS_SHIFT;
552 numbits = 0;
553 do {
554 numbits += auth_mschap_bits & 1;
555 auth_mschap_bits >>= 1;
556 } while (auth_mschap_bits);
557 if (numbits > 1) {
558 error("MPPE required, but auth done in both directions.");
559 lcp_close(f->unit, "MPPE required but not available");
560 return;
561 }
562
563 #ifdef PPP_WITH_EAPTLS
564 /*
565 * MPPE is also possible in combination with EAP-TLS.
566 * It is not possible to detect if we're doing EAP or EAP-TLS
567 * at this stage, hence we accept all forms of EAP. If TLS is
568 * not used then the MPPE keys will not be derived anyway.
569 */
570 /* Leave only the eap auth bits set */
571 auth_eap_bits &= (EAP_WITHPEER | EAP_PEER );
572
573 if ((numbits == 0) && (auth_eap_bits == 0)) {
574 error("MPPE required, but MS-CHAP[v2] nor EAP-TLS auth are performed.");
575 #else
576 if (!numbits) {
577 error("MPPE required, but MS-CHAP[v2] auth not performed.");
578 #endif
579 lcp_close(f->unit, "MPPE required but not available");
580 return;
581 }
582
583 /* A plugin (eg radius) may not have obtained key material. */
584 if (!mppe_keys_isset()) {
585 error("MPPE required, but keys are not available. "
586 "Possible plugin problem?");
587 lcp_close(f->unit, "MPPE required but not available");
588 return;
589 }
590
591 /* LM auth not supported for MPPE */
592 if (auth_done[f->unit] & (CHAP_MS_WITHPEER | CHAP_MS_PEER)) {
593 /* This might be noise */
594 if (go->mppe & MPPE_OPT_40) {
595 notice("Disabling 40-bit MPPE; MS-CHAP LM not supported");
596 go->mppe &= ~MPPE_OPT_40;
597 ccp_wantoptions[f->unit].mppe &= ~MPPE_OPT_40;
598 }
599 }
600
601 /* Last check: can we actually negotiate something? */
602 if (!(go->mppe & (MPPE_OPT_40 | MPPE_OPT_128))) {
603 /* Could be misconfig, could be 40-bit disabled above. */
604 error("MPPE required, but both 40-bit and 128-bit disabled.");
605 lcp_close(f->unit, "MPPE required but not available");
606 return;
607 }
608
609 /* sync options */
610 ao->mppe = go->mppe;
611 /* MPPE is not compatible with other compression types */
612 ao->bsd_compress = go->bsd_compress = 0;
613 ao->predictor_1 = go->predictor_1 = 0;
614 ao->predictor_2 = go->predictor_2 = 0;
615 ao->deflate = go->deflate = 0;
616 }
617
618 /*
619 * Check whether the kernel knows about the various
620 * compression methods we might request.
621 */
622 if (go->mppe) {
623 opt_buf[0] = CI_MPPE;
624 opt_buf[1] = CILEN_MPPE;
625 MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]);
626 /* Key material unimportant here. */
627 if (ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0) <= 0) {
628 error("MPPE required, but kernel has no support.");
629 lcp_close(f->unit, "MPPE required but not available");
630 }
631 }
632 #endif /* PPP_WITH_MPPE */
633 if (go->bsd_compress) {
634 opt_buf[0] = CI_BSD_COMPRESS;
635 opt_buf[1] = CILEN_BSD_COMPRESS;
636 opt_buf[2] = BSD_MAKE_OPT(BSD_CURRENT_VERSION, BSD_MIN_BITS);
637 if (ccp_test(f->unit, opt_buf, CILEN_BSD_COMPRESS, 0) <= 0)
638 go->bsd_compress = 0;
639 }
640 if (go->deflate) {
641 if (go->deflate_correct) {
642 opt_buf[0] = CI_DEFLATE;
643 opt_buf[1] = CILEN_DEFLATE;
644 opt_buf[2] = DEFLATE_MAKE_OPT(DEFLATE_MIN_WORKS);
645 opt_buf[3] = DEFLATE_CHK_SEQUENCE;
646 if (ccp_test(f->unit, opt_buf, CILEN_DEFLATE, 0) <= 0)
647 go->deflate_correct = 0;
648 }
649 if (go->deflate_draft) {
650 opt_buf[0] = CI_DEFLATE_DRAFT;
651 opt_buf[1] = CILEN_DEFLATE;
652 opt_buf[2] = DEFLATE_MAKE_OPT(DEFLATE_MIN_WORKS);
653 opt_buf[3] = DEFLATE_CHK_SEQUENCE;
654 if (ccp_test(f->unit, opt_buf, CILEN_DEFLATE, 0) <= 0)
655 go->deflate_draft = 0;
656 }
657 if (!go->deflate_correct && !go->deflate_draft)
658 go->deflate = 0;
659 }
660 if (go->predictor_1) {
661 opt_buf[0] = CI_PREDICTOR_1;
662 opt_buf[1] = CILEN_PREDICTOR_1;
663 if (ccp_test(f->unit, opt_buf, CILEN_PREDICTOR_1, 0) <= 0)
664 go->predictor_1 = 0;
665 }
666 if (go->predictor_2) {
667 opt_buf[0] = CI_PREDICTOR_2;
668 opt_buf[1] = CILEN_PREDICTOR_2;
669 if (ccp_test(f->unit, opt_buf, CILEN_PREDICTOR_2, 0) <= 0)
670 go->predictor_2 = 0;
671 }
672 }
673
674 /*
675 * ccp_cilen - Return total length of our configuration info.
676 */
677 static int
678 ccp_cilen(fsm *f)
679 {
680 ccp_options *go = &ccp_gotoptions[f->unit];
681
682 return (go->bsd_compress? CILEN_BSD_COMPRESS: 0)
683 + (go->deflate && go->deflate_correct? CILEN_DEFLATE: 0)
684 + (go->deflate && go->deflate_draft? CILEN_DEFLATE: 0)
685 + (go->predictor_1? CILEN_PREDICTOR_1: 0)
686 + (go->predictor_2? CILEN_PREDICTOR_2: 0)
687 #ifdef PPP_WITH_MPPE
688 + (go->mppe? CILEN_MPPE: 0)
689 #endif
690 ;
691 }
692
693 /*
694 * ccp_addci - put our requests in a packet.
695 */
696 static void
697 ccp_addci(fsm *f, u_char *p, int *lenp)
698 {
699 int res;
700 ccp_options *go = &ccp_gotoptions[f->unit];
701 u_char *p0 = p;
702
703 /*
704 * Add the compression types that we can receive, in decreasing
705 * preference order. Get the kernel to allocate the first one
706 * in case it gets Acked.
707 */
708 #ifdef PPP_WITH_MPPE
709 if (go->mppe) {
710 u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN];
711
712 p[0] = opt_buf[0] = CI_MPPE;
713 p[1] = opt_buf[1] = CILEN_MPPE;
714 MPPE_OPTS_TO_CI(go->mppe, &p[2]);
715 MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]);
716 mppe_get_recv_key(&opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN);
717 res = ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0);
718 if (res > 0)
719 p += CILEN_MPPE;
720 else
721 /* This shouldn't happen, we've already tested it! */
722 lcp_close(f->unit, "MPPE required but not available in kernel");
723 }
724 #endif
725 if (go->deflate) {
726 p[0] = go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT;
727 p[1] = CILEN_DEFLATE;
728 p[2] = DEFLATE_MAKE_OPT(go->deflate_size);
729 p[3] = DEFLATE_CHK_SEQUENCE;
730 if (p != p0) {
731 p += CILEN_DEFLATE;
732 } else {
733 for (;;) {
734 if (go->deflate_size < DEFLATE_MIN_WORKS) {
735 go->deflate = 0;
736 break;
737 }
738 res = ccp_test(f->unit, p, CILEN_DEFLATE, 0);
739 if (res > 0) {
740 p += CILEN_DEFLATE;
741 break;
742 } else if (res < 0) {
743 go->deflate = 0;
744 break;
745 }
746 --go->deflate_size;
747 p[2] = DEFLATE_MAKE_OPT(go->deflate_size);
748 }
749 }
750 if (p != p0 && go->deflate_correct && go->deflate_draft) {
751 p[0] = CI_DEFLATE_DRAFT;
752 p[1] = CILEN_DEFLATE;
753 p[2] = p[2 - CILEN_DEFLATE];
754 p[3] = DEFLATE_CHK_SEQUENCE;
755 p += CILEN_DEFLATE;
756 }
757 }
758 if (go->bsd_compress) {
759 p[0] = CI_BSD_COMPRESS;
760 p[1] = CILEN_BSD_COMPRESS;
761 p[2] = BSD_MAKE_OPT(BSD_CURRENT_VERSION, go->bsd_bits);
762 if (p != p0) {
763 p += CILEN_BSD_COMPRESS; /* not the first option */
764 } else {
765 for (;;) {
766 if (go->bsd_bits < BSD_MIN_BITS) {
767 go->bsd_compress = 0;
768 break;
769 }
770 res = ccp_test(f->unit, p, CILEN_BSD_COMPRESS, 0);
771 if (res > 0) {
772 p += CILEN_BSD_COMPRESS;
773 break;
774 } else if (res < 0) {
775 go->bsd_compress = 0;
776 break;
777 }
778 --go->bsd_bits;
779 p[2] = BSD_MAKE_OPT(BSD_CURRENT_VERSION, go->bsd_bits);
780 }
781 }
782 }
783 /* XXX Should Predictor 2 be preferable to Predictor 1? */
784 if (go->predictor_1) {
785 p[0] = CI_PREDICTOR_1;
786 p[1] = CILEN_PREDICTOR_1;
787 if (p == p0 && ccp_test(f->unit, p, CILEN_PREDICTOR_1, 0) <= 0) {
788 go->predictor_1 = 0;
789 } else {
790 p += CILEN_PREDICTOR_1;
791 }
792 }
793 if (go->predictor_2) {
794 p[0] = CI_PREDICTOR_2;
795 p[1] = CILEN_PREDICTOR_2;
796 if (p == p0 && ccp_test(f->unit, p, CILEN_PREDICTOR_2, 0) <= 0) {
797 go->predictor_2 = 0;
798 } else {
799 p += CILEN_PREDICTOR_2;
800 }
801 }
802
803 go->method = (p > p0)? p0[0]: -1;
804
805 *lenp = p - p0;
806 }
807
808 /*
809 * ccp_ackci - process a received configure-ack, and return
810 * 1 iff the packet was OK.
811 */
812 static int
813 ccp_ackci(fsm *f, u_char *p, int len)
814 {
815 ccp_options *go = &ccp_gotoptions[f->unit];
816 u_char *p0 = p;
817
818 #ifdef PPP_WITH_MPPE
819 if (go->mppe) {
820 u_char opt_buf[CILEN_MPPE];
821
822 opt_buf[0] = CI_MPPE;
823 opt_buf[1] = CILEN_MPPE;
824 MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]);
825 if (len < CILEN_MPPE || memcmp(opt_buf, p, CILEN_MPPE))
826 return 0;
827 p += CILEN_MPPE;
828 len -= CILEN_MPPE;
829 /* XXX Cope with first/fast ack */
830 if (len == 0)
831 return 1;
832 }
833 #endif
834 if (go->deflate) {
835 if (len < CILEN_DEFLATE
836 || p[0] != (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT)
837 || p[1] != CILEN_DEFLATE
838 || p[2] != DEFLATE_MAKE_OPT(go->deflate_size)
839 || p[3] != DEFLATE_CHK_SEQUENCE)
840 return 0;
841 p += CILEN_DEFLATE;
842 len -= CILEN_DEFLATE;
843 /* XXX Cope with first/fast ack */
844 if (len == 0)
845 return 1;
846 if (go->deflate_correct && go->deflate_draft) {
847 if (len < CILEN_DEFLATE
848 || p[0] != CI_DEFLATE_DRAFT
849 || p[1] != CILEN_DEFLATE
850 || p[2] != DEFLATE_MAKE_OPT(go->deflate_size)
851 || p[3] != DEFLATE_CHK_SEQUENCE)
852 return 0;
853 p += CILEN_DEFLATE;
854 len -= CILEN_DEFLATE;
855 }
856 }
857 if (go->bsd_compress) {
858 if (len < CILEN_BSD_COMPRESS
859 || p[0] != CI_BSD_COMPRESS || p[1] != CILEN_BSD_COMPRESS
860 || p[2] != BSD_MAKE_OPT(BSD_CURRENT_VERSION, go->bsd_bits))
861 return 0;
862 p += CILEN_BSD_COMPRESS;
863 len -= CILEN_BSD_COMPRESS;
864 /* XXX Cope with first/fast ack */
865 if (p == p0 && len == 0)
866 return 1;
867 }
868 if (go->predictor_1) {
869 if (len < CILEN_PREDICTOR_1
870 || p[0] != CI_PREDICTOR_1 || p[1] != CILEN_PREDICTOR_1)
871 return 0;
872 p += CILEN_PREDICTOR_1;
873 len -= CILEN_PREDICTOR_1;
874 /* XXX Cope with first/fast ack */
875 if (p == p0 && len == 0)
876 return 1;
877 }
878 if (go->predictor_2) {
879 if (len < CILEN_PREDICTOR_2
880 || p[0] != CI_PREDICTOR_2 || p[1] != CILEN_PREDICTOR_2)
881 return 0;
882 p += CILEN_PREDICTOR_2;
883 len -= CILEN_PREDICTOR_2;
884 /* XXX Cope with first/fast ack */
885 if (p == p0 && len == 0)
886 return 1;
887 }
888
889 if (len != 0)
890 return 0;
891 return 1;
892 }
893
894 /*
895 * ccp_nakci - process received configure-nak.
896 * Returns 1 iff the nak was OK.
897 */
898 static int
899 ccp_nakci(fsm *f, u_char *p, int len, int treat_as_reject)
900 {
901 ccp_options *go = &ccp_gotoptions[f->unit];
902 ccp_options no; /* options we've seen already */
903 ccp_options try; /* options to ask for next time */
904
905 memset(&no, 0, sizeof(no));
906 try = *go;
907
908 #ifdef PPP_WITH_MPPE
909 if (go->mppe && len >= CILEN_MPPE
910 && p[0] == CI_MPPE && p[1] == CILEN_MPPE) {
911 no.mppe = 1;
912 /*
913 * Peer wants us to use a different strength or other setting.
914 * Fail if we aren't willing to use his suggestion.
915 */
916 MPPE_CI_TO_OPTS(&p[2], try.mppe);
917 if ((try.mppe & MPPE_OPT_STATEFUL) && refuse_mppe_stateful) {
918 error("Refusing MPPE stateful mode offered by peer");
919 try.mppe = 0;
920 } else if (((go->mppe | MPPE_OPT_STATEFUL) & try.mppe) != try.mppe) {
921 /* Peer must have set options we didn't request (suggest) */
922 try.mppe = 0;
923 }
924
925 if (!try.mppe) {
926 error("MPPE required but peer negotiation failed");
927 lcp_close(f->unit, "MPPE required but peer negotiation failed");
928 }
929 }
930 #endif /* PPP_WITH_MPPE */
931 if (go->deflate && len >= CILEN_DEFLATE
932 && p[0] == (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT)
933 && p[1] == CILEN_DEFLATE) {
934 no.deflate = 1;
935 /*
936 * Peer wants us to use a different code size or something.
937 * Stop asking for Deflate if we don't understand his suggestion.
938 */
939 if (DEFLATE_METHOD(p[2]) != DEFLATE_METHOD_VAL
940 || DEFLATE_SIZE(p[2]) < DEFLATE_MIN_WORKS
941 || p[3] != DEFLATE_CHK_SEQUENCE)
942 try.deflate = 0;
943 else if (DEFLATE_SIZE(p[2]) < go->deflate_size)
944 try.deflate_size = DEFLATE_SIZE(p[2]);
945 p += CILEN_DEFLATE;
946 len -= CILEN_DEFLATE;
947 if (go->deflate_correct && go->deflate_draft
948 && len >= CILEN_DEFLATE && p[0] == CI_DEFLATE_DRAFT
949 && p[1] == CILEN_DEFLATE) {
950 p += CILEN_DEFLATE;
951 len -= CILEN_DEFLATE;
952 }
953 }
954
955 if (go->bsd_compress && len >= CILEN_BSD_COMPRESS
956 && p[0] == CI_BSD_COMPRESS && p[1] == CILEN_BSD_COMPRESS) {
957 no.bsd_compress = 1;
958 /*
959 * Peer wants us to use a different number of bits
960 * or a different version.
961 */
962 if (BSD_VERSION(p[2]) != BSD_CURRENT_VERSION)
963 try.bsd_compress = 0;
964 else if (BSD_NBITS(p[2]) < go->bsd_bits)
965 try.bsd_bits = BSD_NBITS(p[2]);
966 p += CILEN_BSD_COMPRESS;
967 len -= CILEN_BSD_COMPRESS;
968 }
969
970 /*
971 * Predictor-1 and 2 have no options, so they can't be Naked.
972 *
973 * There may be remaining options but we ignore them.
974 */
975
976 if (f->state != OPENED)
977 *go = try;
978 return 1;
979 }
980
981 /*
982 * ccp_rejci - reject some of our suggested compression methods.
983 */
984 static int
985 ccp_rejci(fsm *f, u_char *p, int len)
986 {
987 ccp_options *go = &ccp_gotoptions[f->unit];
988 ccp_options try; /* options to request next time */
989
990 try = *go;
991
992 /*
993 * Cope with empty configure-rejects by ceasing to send
994 * configure-requests.
995 */
996 if (len == 0 && all_rejected[f->unit])
997 return -1;
998
999 #ifdef PPP_WITH_MPPE
1000 if (go->mppe && len >= CILEN_MPPE
1001 && p[0] == CI_MPPE && p[1] == CILEN_MPPE) {
1002 error("MPPE required but peer refused");
1003 lcp_close(f->unit, "MPPE required but peer refused");
1004 p += CILEN_MPPE;
1005 len -= CILEN_MPPE;
1006 }
1007 #endif
1008 if (go->deflate_correct && len >= CILEN_DEFLATE
1009 && p[0] == CI_DEFLATE && p[1] == CILEN_DEFLATE) {
1010 if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size)
1011 || p[3] != DEFLATE_CHK_SEQUENCE)
1012 return 0; /* Rej is bad */
1013 try.deflate_correct = 0;
1014 p += CILEN_DEFLATE;
1015 len -= CILEN_DEFLATE;
1016 }
1017 if (go->deflate_draft && len >= CILEN_DEFLATE
1018 && p[0] == CI_DEFLATE_DRAFT && p[1] == CILEN_DEFLATE) {
1019 if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size)
1020 || p[3] != DEFLATE_CHK_SEQUENCE)
1021 return 0; /* Rej is bad */
1022 try.deflate_draft = 0;
1023 p += CILEN_DEFLATE;
1024 len -= CILEN_DEFLATE;
1025 }
1026 if (!try.deflate_correct && !try.deflate_draft)
1027 try.deflate = 0;
1028 if (go->bsd_compress && len >= CILEN_BSD_COMPRESS
1029 && p[0] == CI_BSD_COMPRESS && p[1] == CILEN_BSD_COMPRESS) {
1030 if (p[2] != BSD_MAKE_OPT(BSD_CURRENT_VERSION, go->bsd_bits))
1031 return 0;
1032 try.bsd_compress = 0;
1033 p += CILEN_BSD_COMPRESS;
1034 len -= CILEN_BSD_COMPRESS;
1035 }
1036 if (go->predictor_1 && len >= CILEN_PREDICTOR_1
1037 && p[0] == CI_PREDICTOR_1 && p[1] == CILEN_PREDICTOR_1) {
1038 try.predictor_1 = 0;
1039 p += CILEN_PREDICTOR_1;
1040 len -= CILEN_PREDICTOR_1;
1041 }
1042 if (go->predictor_2 && len >= CILEN_PREDICTOR_2
1043 && p[0] == CI_PREDICTOR_2 && p[1] == CILEN_PREDICTOR_2) {
1044 try.predictor_2 = 0;
1045 p += CILEN_PREDICTOR_2;
1046 len -= CILEN_PREDICTOR_2;
1047 }
1048
1049 if (len != 0)
1050 return 0;
1051
1052 if (f->state != OPENED)
1053 *go = try;
1054
1055 return 1;
1056 }
1057
1058 /*
1059 * ccp_reqci - processed a received configure-request.
1060 * Returns CONFACK, CONFNAK or CONFREJ and the packet modified
1061 * appropriately.
1062 */
1063 static int
1064 ccp_reqci(fsm *f, u_char *p, int *lenp, int dont_nak)
1065 {
1066 int ret, newret, res;
1067 u_char *p0, *retp;
1068 int len, clen, type, nb;
1069 ccp_options *ho = &ccp_hisoptions[f->unit];
1070 ccp_options *ao = &ccp_allowoptions[f->unit];
1071 #ifdef PPP_WITH_MPPE
1072 bool rej_for_ci_mppe = 1; /* Are we rejecting based on a bad/missing */
1073 /* CI_MPPE, or due to other options? */
1074 #endif
1075
1076 ret = CONFACK;
1077 retp = p0 = p;
1078 len = *lenp;
1079
1080 memset(ho, 0, sizeof(ccp_options));
1081 ho->method = (len > 0)? p[0]: -1;
1082
1083 while (len > 0) {
1084 newret = CONFACK;
1085 if (len < 2 || p[1] < 2 || p[1] > len) {
1086 /* length is bad */
1087 clen = len;
1088 newret = CONFREJ;
1089
1090 } else {
1091 type = p[0];
1092 clen = p[1];
1093
1094 switch (type) {
1095 #ifdef PPP_WITH_MPPE
1096 case CI_MPPE:
1097 if (!ao->mppe || clen != CILEN_MPPE) {
1098 newret = CONFREJ;
1099 break;
1100 }
1101 MPPE_CI_TO_OPTS(&p[2], ho->mppe);
1102
1103 /* Nak if anything unsupported or unknown are set. */
1104 if (ho->mppe & MPPE_OPT_UNSUPPORTED) {
1105 newret = CONFNAK;
1106 ho->mppe &= ~MPPE_OPT_UNSUPPORTED;
1107 }
1108 if (ho->mppe & MPPE_OPT_UNKNOWN) {
1109 newret = CONFNAK;
1110 ho->mppe &= ~MPPE_OPT_UNKNOWN;
1111 }
1112
1113 /* Check state opt */
1114 if (ho->mppe & MPPE_OPT_STATEFUL) {
1115 /*
1116 * We can Nak and request stateless, but it's a
1117 * lot easier to just assume the peer will request
1118 * it if he can do it; stateful mode is bad over
1119 * the Internet -- which is where we expect MPPE.
1120 */
1121 if (refuse_mppe_stateful) {
1122 error("Refusing MPPE stateful mode offered by peer");
1123 newret = CONFREJ;
1124 break;
1125 }
1126 }
1127
1128 /* Find out which of {S,L} are set. */
1129 if ((ho->mppe & MPPE_OPT_128)
1130 && (ho->mppe & MPPE_OPT_40)) {
1131 /* Both are set, negotiate the strongest. */
1132 newret = CONFNAK;
1133 if (ao->mppe & MPPE_OPT_128)
1134 ho->mppe &= ~MPPE_OPT_40;
1135 else if (ao->mppe & MPPE_OPT_40)
1136 ho->mppe &= ~MPPE_OPT_128;
1137 else {
1138 newret = CONFREJ;
1139 break;
1140 }
1141 } else if (ho->mppe & MPPE_OPT_128) {
1142 if (!(ao->mppe & MPPE_OPT_128)) {
1143 newret = CONFREJ;
1144 break;
1145 }
1146 } else if (ho->mppe & MPPE_OPT_40) {
1147 if (!(ao->mppe & MPPE_OPT_40)) {
1148 newret = CONFREJ;
1149 break;
1150 }
1151 } else {
1152 /* Neither are set. */
1153 /* We cannot accept this. */
1154 newret = CONFNAK;
1155 /* Give the peer our idea of what can be used,
1156 so it can choose and confirm */
1157 ho->mppe = ao->mppe;
1158 }
1159
1160 /* rebuild the opts */
1161 MPPE_OPTS_TO_CI(ho->mppe, &p[2]);
1162 if (newret == CONFACK) {
1163 u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN];
1164 int mtu;
1165
1166 BCOPY(p, opt_buf, CILEN_MPPE);
1167 mppe_get_send_key(&opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN);
1168 if (ccp_test(f->unit, opt_buf,
1169 CILEN_MPPE + MPPE_MAX_KEY_LEN, 1) <= 0) {
1170 /* This shouldn't happen, we've already tested it! */
1171 error("MPPE required, but kernel has no support.");
1172 lcp_close(f->unit, "MPPE required but not available");
1173 newret = CONFREJ;
1174 break;
1175 }
1176 /*
1177 * We need to decrease the interface MTU by MPPE_PAD
1178 * because MPPE frames **grow**. The kernel [must]
1179 * allocate MPPE_PAD extra bytes in xmit buffers.
1180 */
1181 mtu = ppp_get_mtu(f->unit);
1182 if (mtu)
1183 ppp_set_mtu(f->unit, mtu - MPPE_PAD);
1184 else
1185 newret = CONFREJ;
1186 }
1187
1188 /*
1189 * We have accepted MPPE or are willing to negotiate
1190 * MPPE parameters. A CONFREJ is due to subsequent
1191 * (non-MPPE) processing.
1192 */
1193 rej_for_ci_mppe = 0;
1194 break;
1195 #endif /* PPP_WITH_MPPE */
1196 case CI_DEFLATE:
1197 case CI_DEFLATE_DRAFT:
1198 if (!ao->deflate || clen != CILEN_DEFLATE
1199 || (!ao->deflate_correct && type == CI_DEFLATE)
1200 || (!ao->deflate_draft && type == CI_DEFLATE_DRAFT)) {
1201 newret = CONFREJ;
1202 break;
1203 }
1204
1205 ho->deflate = 1;
1206 ho->deflate_size = nb = DEFLATE_SIZE(p[2]);
1207 if (DEFLATE_METHOD(p[2]) != DEFLATE_METHOD_VAL
1208 || p[3] != DEFLATE_CHK_SEQUENCE
1209 || nb > ao->deflate_size || nb < DEFLATE_MIN_WORKS) {
1210 newret = CONFNAK;
1211 if (!dont_nak) {
1212 p[2] = DEFLATE_MAKE_OPT(ao->deflate_size);
1213 p[3] = DEFLATE_CHK_SEQUENCE;
1214 /* fall through to test this #bits below */
1215 } else
1216 break;
1217 }
1218
1219 /*
1220 * Check whether we can do Deflate with the window
1221 * size they want. If the window is too big, reduce
1222 * it until the kernel can cope and nak with that.
1223 * We only check this for the first option.
1224 */
1225 if (p == p0) {
1226 for (;;) {
1227 res = ccp_test(f->unit, p, CILEN_DEFLATE, 1);
1228 if (res > 0)
1229 break; /* it's OK now */
1230 if (res < 0 || nb == DEFLATE_MIN_WORKS || dont_nak) {
1231 newret = CONFREJ;
1232 p[2] = DEFLATE_MAKE_OPT(ho->deflate_size);
1233 break;
1234 }
1235 newret = CONFNAK;
1236 --nb;
1237 p[2] = DEFLATE_MAKE_OPT(nb);
1238 }
1239 }
1240 break;
1241
1242 case CI_BSD_COMPRESS:
1243 if (!ao->bsd_compress || clen != CILEN_BSD_COMPRESS) {
1244 newret = CONFREJ;
1245 break;
1246 }
1247
1248 ho->bsd_compress = 1;
1249 ho->bsd_bits = nb = BSD_NBITS(p[2]);
1250 if (BSD_VERSION(p[2]) != BSD_CURRENT_VERSION
1251 || nb > ao->bsd_bits || nb < BSD_MIN_BITS) {
1252 newret = CONFNAK;
1253 if (!dont_nak) {
1254 p[2] = BSD_MAKE_OPT(BSD_CURRENT_VERSION, ao->bsd_bits);
1255 /* fall through to test this #bits below */
1256 } else
1257 break;
1258 }
1259
1260 /*
1261 * Check whether we can do BSD-Compress with the code
1262 * size they want. If the code size is too big, reduce
1263 * it until the kernel can cope and nak with that.
1264 * We only check this for the first option.
1265 */
1266 if (p == p0) {
1267 for (;;) {
1268 res = ccp_test(f->unit, p, CILEN_BSD_COMPRESS, 1);
1269 if (res > 0)
1270 break;
1271 if (res < 0 || nb == BSD_MIN_BITS || dont_nak) {
1272 newret = CONFREJ;
1273 p[2] = BSD_MAKE_OPT(BSD_CURRENT_VERSION,
1274 ho->bsd_bits);
1275 break;
1276 }
1277 newret = CONFNAK;
1278 --nb;
1279 p[2] = BSD_MAKE_OPT(BSD_CURRENT_VERSION, nb);
1280 }
1281 }
1282 break;
1283
1284 case CI_PREDICTOR_1:
1285 if (!ao->predictor_1 || clen != CILEN_PREDICTOR_1) {
1286 newret = CONFREJ;
1287 break;
1288 }
1289
1290 ho->predictor_1 = 1;
1291 if (p == p0
1292 && ccp_test(f->unit, p, CILEN_PREDICTOR_1, 1) <= 0) {
1293 newret = CONFREJ;
1294 }
1295 break;
1296
1297 case CI_PREDICTOR_2:
1298 if (!ao->predictor_2 || clen != CILEN_PREDICTOR_2) {
1299 newret = CONFREJ;
1300 break;
1301 }
1302
1303 ho->predictor_2 = 1;
1304 if (p == p0
1305 && ccp_test(f->unit, p, CILEN_PREDICTOR_2, 1) <= 0) {
1306 newret = CONFREJ;
1307 }
1308 break;
1309
1310 default:
1311 newret = CONFREJ;
1312 }
1313 }
1314
1315 if (newret == CONFNAK && dont_nak)
1316 newret = CONFREJ;
1317 if (!(newret == CONFACK || (newret == CONFNAK && ret == CONFREJ))) {
1318 /* we're returning this option */
1319 if (newret == CONFREJ && ret == CONFNAK)
1320 retp = p0;
1321 ret = newret;
1322 if (p != retp)
1323 BCOPY(p, retp, clen);
1324 retp += clen;
1325 }
1326
1327 p += clen;
1328 len -= clen;
1329 }
1330
1331 if (ret != CONFACK) {
1332 if (ret == CONFREJ && *lenp == retp - p0)
1333 all_rejected[f->unit] = 1;
1334 else
1335 *lenp = retp - p0;
1336 }
1337 #ifdef PPP_WITH_MPPE
1338 if (ret == CONFREJ && ao->mppe && rej_for_ci_mppe) {
1339 error("MPPE required but peer negotiation failed");
1340 lcp_close(f->unit, "MPPE required but peer negotiation failed");
1341 }
1342 #endif
1343 return ret;
1344 }
1345
1346 /*
1347 * Make a string name for a compression method (or 2).
1348 */
1349 static char *
1350 method_name(ccp_options *opt, ccp_options *opt2)
1351 {
1352 static char result[64];
1353
1354 if (!ANY_COMPRESS(*opt))
1355 return "(none)";
1356 switch (opt->method) {
1357 #ifdef PPP_WITH_MPPE
1358 case CI_MPPE:
1359 {
1360 char *p = result;
1361 char *q = result + sizeof(result); /* 1 past result */
1362
1363 slprintf(p, q - p, "MPPE ");
1364 p += 5;
1365 if (opt->mppe & MPPE_OPT_128) {
1366 slprintf(p, q - p, "128-bit ");
1367 p += 8;
1368 }
1369 if (opt->mppe & MPPE_OPT_40) {
1370 slprintf(p, q - p, "40-bit ");
1371 p += 7;
1372 }
1373 if (opt->mppe & MPPE_OPT_STATEFUL)
1374 slprintf(p, q - p, "stateful");
1375 else
1376 slprintf(p, q - p, "stateless");
1377
1378 break;
1379 }
1380 #endif
1381 case CI_DEFLATE:
1382 case CI_DEFLATE_DRAFT:
1383 if (opt2 != NULL && opt2->deflate_size != opt->deflate_size)
1384 slprintf(result, sizeof(result), "Deflate%s (%d/%d)",
1385 (opt->method == CI_DEFLATE_DRAFT? "(old#)": ""),
1386 opt->deflate_size, opt2->deflate_size);
1387 else
1388 slprintf(result, sizeof(result), "Deflate%s (%d)",
1389 (opt->method == CI_DEFLATE_DRAFT? "(old#)": ""),
1390 opt->deflate_size);
1391 break;
1392 case CI_BSD_COMPRESS:
1393 if (opt2 != NULL && opt2->bsd_bits != opt->bsd_bits)
1394 slprintf(result, sizeof(result), "BSD-Compress (%d/%d)",
1395 opt->bsd_bits, opt2->bsd_bits);
1396 else
1397 slprintf(result, sizeof(result), "BSD-Compress (%d)",
1398 opt->bsd_bits);
1399 break;
1400 case CI_PREDICTOR_1:
1401 return "Predictor 1";
1402 case CI_PREDICTOR_2:
1403 return "Predictor 2";
1404 default:
1405 slprintf(result, sizeof(result), "Method %d", opt->method);
1406 }
1407 return result;
1408 }
1409
1410 /*
1411 * CCP has come up - inform the kernel driver and log a message.
1412 */
1413 static void
1414 ccp_up(fsm *f)
1415 {
1416 ccp_options *go = &ccp_gotoptions[f->unit];
1417 ccp_options *ho = &ccp_hisoptions[f->unit];
1418 char method1[64];
1419
1420 ccp_flags_set(f->unit, 1, 1);
1421 if (ANY_COMPRESS(*go)) {
1422 if (ANY_COMPRESS(*ho)) {
1423 if (go->method == ho->method) {
1424 notice("%s compression enabled", method_name(go, ho));
1425 } else {
1426 strlcpy(method1, method_name(go, NULL), sizeof(method1));
1427 notice("%s / %s compression enabled",
1428 method1, method_name(ho, NULL));
1429 }
1430 } else
1431 notice("%s receive compression enabled", method_name(go, NULL));
1432 } else if (ANY_COMPRESS(*ho))
1433 notice("%s transmit compression enabled", method_name(ho, NULL));
1434 #ifdef PPP_WITH_MPPE
1435 if (go->mppe) {
1436 mppe_clear_keys();
1437 continue_networks(f->unit); /* Bring up IP et al */
1438 }
1439 #endif
1440 }
1441
1442 /*
1443 * CCP has gone down - inform the kernel driver.
1444 */
1445 static void
1446 ccp_down(fsm *f)
1447 {
1448 if (ccp_localstate[f->unit] & RACK_PENDING)
1449 UNTIMEOUT(ccp_rack_timeout, f);
1450 ccp_localstate[f->unit] = 0;
1451 ccp_flags_set(f->unit, 1, 0);
1452 #ifdef PPP_WITH_MPPE
1453 if (ccp_gotoptions[f->unit].mppe) {
1454 ccp_gotoptions[f->unit].mppe = 0;
1455 if (lcp_fsm[f->unit].state == OPENED) {
1456 /* If LCP is not already going down, make sure it does. */
1457 error("MPPE disabled");
1458 lcp_close(f->unit, "MPPE disabled");
1459 }
1460 }
1461 #endif
1462 }
1463
1464 /*
1465 * Print the contents of a CCP packet.
1466 */
1467 static char *ccp_codenames[] = {
1468 "ConfReq", "ConfAck", "ConfNak", "ConfRej",
1469 "TermReq", "TermAck", "CodeRej",
1470 NULL, NULL, NULL, NULL, NULL, NULL,
1471 "ResetReq", "ResetAck",
1472 };
1473
1474 static int
1475 ccp_printpkt(u_char *p, int plen,
1476 void (*printer) (void *, char *, ...), void *arg)
1477 {
1478 u_char *p0, *optend;
1479 int code, id, len;
1480 int optlen;
1481
1482 p0 = p;
1483 if (plen < HEADERLEN)
1484 return 0;
1485 code = p[0];
1486 id = p[1];
1487 len = (p[2] << 8) + p[3];
1488 if (len < HEADERLEN || len > plen)
1489 return 0;
1490
1491 if (code >= 1 && code <= sizeof(ccp_codenames) / sizeof(char *)
1492 && ccp_codenames[code-1] != NULL)
1493 printer(arg, " %s", ccp_codenames[code-1]);
1494 else
1495 printer(arg, " code=0x%x", code);
1496 printer(arg, " id=0x%x", id);
1497 len -= HEADERLEN;
1498 p += HEADERLEN;
1499
1500 switch (code) {
1501 case CONFREQ:
1502 case CONFACK:
1503 case CONFNAK:
1504 case CONFREJ:
1505 /* print list of possible compression methods */
1506 while (len >= 2) {
1507 code = p[0];
1508 optlen = p[1];
1509 if (optlen < 2 || optlen > len)
1510 break;
1511 printer(arg, " <");
1512 len -= optlen;
1513 optend = p + optlen;
1514 switch (code) {
1515 #ifdef PPP_WITH_MPPE
1516 case CI_MPPE:
1517 if (optlen >= CILEN_MPPE) {
1518 u_char mppe_opts;
1519
1520 MPPE_CI_TO_OPTS(&p[2], mppe_opts);
1521 printer(arg, "mppe %s %s %s %s %s %s%s",
1522 (p[2] & MPPE_H_BIT)? "+H": "-H",
1523 (p[5] & MPPE_M_BIT)? "+M": "-M",
1524 (p[5] & MPPE_S_BIT)? "+S": "-S",
1525 (p[5] & MPPE_L_BIT)? "+L": "-L",
1526 (p[5] & MPPE_D_BIT)? "+D": "-D",
1527 (p[5] & MPPE_C_BIT)? "+C": "-C",
1528 (mppe_opts & MPPE_OPT_UNKNOWN)? " +U": "");
1529 if (mppe_opts & MPPE_OPT_UNKNOWN)
1530 printer(arg, " (%.2x %.2x %.2x %.2x)",
1531 p[2], p[3], p[4], p[5]);
1532 p += CILEN_MPPE;
1533 }
1534 break;
1535 #endif
1536 case CI_DEFLATE:
1537 case CI_DEFLATE_DRAFT:
1538 if (optlen >= CILEN_DEFLATE) {
1539 printer(arg, "deflate%s %d",
1540 (code == CI_DEFLATE_DRAFT? "(old#)": ""),
1541 DEFLATE_SIZE(p[2]));
1542 if (DEFLATE_METHOD(p[2]) != DEFLATE_METHOD_VAL)
1543 printer(arg, " method %d", DEFLATE_METHOD(p[2]));
1544 if (p[3] != DEFLATE_CHK_SEQUENCE)
1545 printer(arg, " check %d", p[3]);
1546 p += CILEN_DEFLATE;
1547 }
1548 break;
1549 case CI_BSD_COMPRESS:
1550 if (optlen >= CILEN_BSD_COMPRESS) {
1551 printer(arg, "bsd v%d %d", BSD_VERSION(p[2]),
1552 BSD_NBITS(p[2]));
1553 p += CILEN_BSD_COMPRESS;
1554 }
1555 break;
1556 case CI_PREDICTOR_1:
1557 if (optlen >= CILEN_PREDICTOR_1) {
1558 printer(arg, "predictor 1");
1559 p += CILEN_PREDICTOR_1;
1560 }
1561 break;
1562 case CI_PREDICTOR_2:
1563 if (optlen >= CILEN_PREDICTOR_2) {
1564 printer(arg, "predictor 2");
1565 p += CILEN_PREDICTOR_2;
1566 }
1567 break;
1568 }
1569 while (p < optend)
1570 printer(arg, " %.2x", *p++);
1571 printer(arg, ">");
1572 }
1573 break;
1574
1575 case TERMACK:
1576 case TERMREQ:
1577 if (len > 0 && *p >= ' ' && *p < 0x7f) {
1578 print_string((char *)p, len, printer, arg);
1579 p += len;
1580 len = 0;
1581 }
1582 break;
1583 }
1584
1585 /* dump out the rest of the packet in hex */
1586 while (--len >= 0)
1587 printer(arg, " %.2x", *p++);
1588
1589 return p - p0;
1590 }
1591
1592 /*
1593 * We have received a packet that the decompressor failed to
1594 * decompress. Here we would expect to issue a reset-request, but
1595 * Motorola has a patent on resetting the compressor as a result of
1596 * detecting an error in the decompressed data after decompression.
1597 * (See US patent 5,130,993; international patent publication number
1598 * WO 91/10289; Australian patent 73296/91.)
1599 *
1600 * So we ask the kernel whether the error was detected after
1601 * decompression; if it was, we take CCP down, thus disabling
1602 * compression :-(, otherwise we issue the reset-request.
1603 */
1604 static void
1605 ccp_datainput(int unit, u_char *pkt, int len)
1606 {
1607 fsm *f;
1608
1609 f = &ccp_fsm[unit];
1610 if (f->state == OPENED) {
1611 if (ccp_fatal_error(unit)) {
1612 /*
1613 * Disable compression by taking CCP down.
1614 */
1615 error("Lost compression sync: disabling compression");
1616 ccp_close(unit, "Lost compression sync");
1617 #ifdef PPP_WITH_MPPE
1618 /*
1619 * If we were doing MPPE, we must also take the link down.
1620 */
1621 if (ccp_gotoptions[unit].mppe) {
1622 error("Too many MPPE errors, closing LCP");
1623 lcp_close(unit, "Too many MPPE errors");
1624 }
1625 #endif
1626 } else {
1627 /*
1628 * Send a reset-request to reset the peer's compressor.
1629 * We don't do that if we are still waiting for an
1630 * acknowledgement to a previous reset-request.
1631 */
1632 if (!(ccp_localstate[f->unit] & RACK_PENDING)) {
1633 fsm_sdata(f, CCP_RESETREQ, f->reqid = ++f->id, NULL, 0);
1634 TIMEOUT(ccp_rack_timeout, f, RACKTIMEOUT);
1635 ccp_localstate[f->unit] |= RACK_PENDING;
1636 } else
1637 ccp_localstate[f->unit] |= RREQ_REPEAT;
1638 }
1639 }
1640 }
1641
1642 /*
1643 * Timeout waiting for reset-ack.
1644 */
1645 static void
1646 ccp_rack_timeout(void *arg)
1647 {
1648 fsm *f = arg;
1649
1650 if (f->state == OPENED && ccp_localstate[f->unit] & RREQ_REPEAT) {
1651 fsm_sdata(f, CCP_RESETREQ, f->reqid, NULL, 0);
1652 TIMEOUT(ccp_rack_timeout, f, RACKTIMEOUT);
1653 ccp_localstate[f->unit] &= ~RREQ_REPEAT;
1654 } else
1655 ccp_localstate[f->unit] &= ~RACK_PENDING;
1656 }
1657
1658