1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
3 *
4 * Copyright (c) 1996 - 2001 Brian Somers <brian@Awfulhak.org>
5 * based on work by Toshiharu OHNO <tony-o@iij.ad.jp>
6 * Internet Initiative Japan, Inc (IIJ)
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 * SUCH DAMAGE.
29 */
30
31 #include <sys/param.h>
32 #include <netinet/in.h>
33 #include <netinet/in_systm.h>
34 #include <netinet/ip.h>
35 #include <sys/socket.h>
36 #include <sys/un.h>
37
38 #include <string.h>
39 #include <termios.h>
40
41 #include "layer.h"
42 #include "ua.h"
43 #include "mbuf.h"
44 #include "log.h"
45 #include "defs.h"
46 #include "timer.h"
47 #include "fsm.h"
48 #include "iplist.h"
49 #include "lqr.h"
50 #include "hdlc.h"
51 #include "throughput.h"
52 #include "slcompress.h"
53 #include "ncpaddr.h"
54 #include "ipcp.h"
55 #include "filter.h"
56 #include "descriptor.h"
57 #include "lcp.h"
58 #include "ccp.h"
59 #include "link.h"
60 #include "mp.h"
61 #ifndef NORADIUS
62 #include "radius.h"
63 #endif
64 #include "ipv6cp.h"
65 #include "ncp.h"
66 #include "bundle.h"
67 #include "async.h"
68 #include "physical.h"
69 #include "proto.h"
70
71 static void FsmSendConfigReq(struct fsm *);
72 static void FsmSendTerminateReq(struct fsm *);
73 static void FsmInitRestartCounter(struct fsm *, int);
74
75 typedef void (recvfn)(struct fsm *, struct fsmheader *, struct mbuf *);
76 static recvfn FsmRecvConfigReq, FsmRecvConfigAck, FsmRecvConfigNak,
77 FsmRecvConfigRej, FsmRecvTermReq, FsmRecvTermAck,
78 FsmRecvCodeRej, FsmRecvProtoRej, FsmRecvEchoReq,
79 FsmRecvEchoRep, FsmRecvDiscReq, FsmRecvIdent,
80 FsmRecvTimeRemain, FsmRecvResetReq, FsmRecvResetAck;
81
82 static const struct fsmcodedesc {
83 recvfn *recv;
84 unsigned check_reqid : 1;
85 unsigned inc_reqid : 1;
86 const char *name;
87 } FsmCodes[] = {
88 { FsmRecvConfigReq, 0, 0, "ConfigReq" },
89 { FsmRecvConfigAck, 1, 1, "ConfigAck" },
90 { FsmRecvConfigNak, 1, 1, "ConfigNak" },
91 { FsmRecvConfigRej, 1, 1, "ConfigRej" },
92 { FsmRecvTermReq, 0, 0, "TerminateReq" },
93 { FsmRecvTermAck, 1, 1, "TerminateAck" },
94 { FsmRecvCodeRej, 0, 0, "CodeRej" },
95 { FsmRecvProtoRej, 0, 0, "ProtocolRej" },
96 { FsmRecvEchoReq, 0, 0, "EchoRequest" },
97 { FsmRecvEchoRep, 0, 0, "EchoReply" },
98 { FsmRecvDiscReq, 0, 0, "DiscardReq" },
99 { FsmRecvIdent, 0, 1, "Ident" },
100 { FsmRecvTimeRemain,0, 0, "TimeRemain" },
101 { FsmRecvResetReq, 0, 0, "ResetReq" },
102 { FsmRecvResetAck, 0, 1, "ResetAck" }
103 };
104
105 static const char *
Code2Nam(u_int code)106 Code2Nam(u_int code)
107 {
108 if (code == 0 || code > sizeof FsmCodes / sizeof FsmCodes[0])
109 return "Unknown";
110 return FsmCodes[code-1].name;
111 }
112
113 const char *
State2Nam(u_int state)114 State2Nam(u_int state)
115 {
116 static const char * const StateNames[] = {
117 "Initial", "Starting", "Closed", "Stopped", "Closing", "Stopping",
118 "Req-Sent", "Ack-Rcvd", "Ack-Sent", "Opened",
119 };
120
121 if (state >= sizeof StateNames / sizeof StateNames[0])
122 return "unknown";
123 return StateNames[state];
124 }
125
126 static void
StoppedTimeout(void * v)127 StoppedTimeout(void *v)
128 {
129 struct fsm *fp = (struct fsm *)v;
130
131 log_Printf(fp->LogLevel, "%s: Stopped timer expired\n", fp->link->name);
132 if (fp->OpenTimer.state == TIMER_RUNNING) {
133 log_Printf(LogWARN, "%s: %s: aborting open delay due to stopped timer\n",
134 fp->link->name, fp->name);
135 timer_Stop(&fp->OpenTimer);
136 }
137 if (fp->state == ST_STOPPED)
138 fsm2initial(fp);
139 }
140
141 void
fsm_Init(struct fsm * fp,const char * name,u_short proto,int mincode,int maxcode,int LogLevel,struct bundle * bundle,struct link * l,const struct fsm_parent * parent,struct fsm_callbacks * fn,const char * const timer_names[3])142 fsm_Init(struct fsm *fp, const char *name, u_short proto, int mincode,
143 int maxcode, int LogLevel, struct bundle *bundle,
144 struct link *l, const struct fsm_parent *parent,
145 struct fsm_callbacks *fn, const char * const timer_names[3])
146 {
147 fp->name = name;
148 fp->proto = proto;
149 fp->min_code = mincode;
150 fp->max_code = maxcode;
151 fp->state = fp->min_code > CODE_TERMACK ? ST_OPENED : ST_INITIAL;
152 fp->reqid = 1;
153 fp->restart = 1;
154 fp->more.reqs = fp->more.naks = fp->more.rejs = 3;
155 memset(&fp->FsmTimer, '\0', sizeof fp->FsmTimer);
156 memset(&fp->OpenTimer, '\0', sizeof fp->OpenTimer);
157 memset(&fp->StoppedTimer, '\0', sizeof fp->StoppedTimer);
158 fp->LogLevel = LogLevel;
159 fp->link = l;
160 fp->bundle = bundle;
161 fp->parent = parent;
162 fp->fn = fn;
163 fp->FsmTimer.name = timer_names[0];
164 fp->OpenTimer.name = timer_names[1];
165 fp->StoppedTimer.name = timer_names[2];
166 }
167
168 static void
NewState(struct fsm * fp,int new)169 NewState(struct fsm *fp, int new)
170 {
171 log_Printf(fp->LogLevel, "%s: State change %s --> %s\n",
172 fp->link->name, State2Nam(fp->state), State2Nam(new));
173 if (fp->state == ST_STOPPED && fp->StoppedTimer.state == TIMER_RUNNING)
174 timer_Stop(&fp->StoppedTimer);
175 fp->state = new;
176 if ((new >= ST_INITIAL && new <= ST_STOPPED) || (new == ST_OPENED)) {
177 timer_Stop(&fp->FsmTimer);
178 if (new == ST_STOPPED && fp->StoppedTimer.load) {
179 timer_Stop(&fp->StoppedTimer);
180 fp->StoppedTimer.func = StoppedTimeout;
181 fp->StoppedTimer.arg = (void *) fp;
182 timer_Start(&fp->StoppedTimer);
183 }
184 }
185 }
186
187 void
fsm_Output(struct fsm * fp,u_int code,u_int id,u_char * ptr,unsigned count,int mtype)188 fsm_Output(struct fsm *fp, u_int code, u_int id, u_char *ptr, unsigned count,
189 int mtype)
190 {
191 int plen;
192 struct fsmheader lh;
193 struct mbuf *bp;
194
195 if (log_IsKept(fp->LogLevel)) {
196 log_Printf(fp->LogLevel, "%s: Send%s(%d) state = %s\n",
197 fp->link->name, Code2Nam(code), id, State2Nam(fp->state));
198 switch (code) {
199 case CODE_CONFIGREQ:
200 case CODE_CONFIGACK:
201 case CODE_CONFIGREJ:
202 case CODE_CONFIGNAK:
203 (*fp->fn->DecodeConfig)(fp, ptr, ptr + count, MODE_NOP, NULL);
204 if (count < sizeof(struct fsm_opt_hdr))
205 log_Printf(fp->LogLevel, " [EMPTY]\n");
206 break;
207 }
208 }
209
210 plen = sizeof(struct fsmheader) + count;
211 lh.code = code;
212 lh.id = id;
213 lh.length = htons(plen);
214 bp = m_get(plen, mtype);
215 memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader));
216 if (count)
217 memcpy(MBUF_CTOP(bp) + sizeof(struct fsmheader), ptr, count);
218 log_DumpBp(LogDEBUG, "fsm_Output", bp);
219 link_PushPacket(fp->link, bp, fp->bundle, LINK_QUEUES(fp->link) - 1,
220 fp->proto);
221
222 if (code == CODE_CONFIGREJ)
223 lcp_SendIdentification(&fp->link->lcp);
224 }
225
226 static void
FsmOpenNow(void * v)227 FsmOpenNow(void *v)
228 {
229 struct fsm *fp = (struct fsm *)v;
230
231 timer_Stop(&fp->OpenTimer);
232 if (fp->state <= ST_STOPPED) {
233 if (fp->state != ST_STARTING) {
234 /*
235 * In practice, we're only here in ST_STOPPED (when delaying the
236 * first config request) or ST_CLOSED (when openmode == 0).
237 *
238 * The ST_STOPPED bit is breaking the RFC already :-(
239 *
240 * According to the RFC (1661) state transition table, a TLS isn't
241 * required for an Open event when state == Closed, but the RFC
242 * must be wrong as TLS hasn't yet been called (since the last TLF)
243 * ie, Initial gets an `Up' event, Closing gets a RTA etc.
244 */
245 (*fp->fn->LayerStart)(fp);
246 (*fp->parent->LayerStart)(fp->parent->object, fp);
247 }
248 FsmInitRestartCounter(fp, FSM_REQ_TIMER);
249 FsmSendConfigReq(fp);
250 NewState(fp, ST_REQSENT);
251 }
252 }
253
254 void
fsm_Open(struct fsm * fp)255 fsm_Open(struct fsm *fp)
256 {
257 switch (fp->state) {
258 case ST_INITIAL:
259 NewState(fp, ST_STARTING);
260 (*fp->fn->LayerStart)(fp);
261 (*fp->parent->LayerStart)(fp->parent->object, fp);
262 break;
263 case ST_CLOSED:
264 if (fp->open_mode == OPEN_PASSIVE) {
265 NewState(fp, ST_STOPPED); /* XXX: This is a hack ! */
266 } else if (fp->open_mode > 0) {
267 if (fp->open_mode > 1)
268 log_Printf(LogPHASE, "%s: Entering STOPPED state for %d seconds\n",
269 fp->link->name, fp->open_mode);
270 NewState(fp, ST_STOPPED); /* XXX: This is a not-so-bad hack ! */
271 timer_Stop(&fp->OpenTimer);
272 fp->OpenTimer.load = fp->open_mode * SECTICKS;
273 fp->OpenTimer.func = FsmOpenNow;
274 fp->OpenTimer.arg = (void *)fp;
275 timer_Start(&fp->OpenTimer);
276 } else
277 FsmOpenNow(fp);
278 break;
279 case ST_STOPPED: /* XXX: restart option */
280 case ST_REQSENT:
281 case ST_ACKRCVD:
282 case ST_ACKSENT:
283 case ST_OPENED: /* XXX: restart option */
284 break;
285 case ST_CLOSING: /* XXX: restart option */
286 case ST_STOPPING: /* XXX: restart option */
287 NewState(fp, ST_STOPPING);
288 break;
289 }
290 }
291
292 void
fsm_Up(struct fsm * fp)293 fsm_Up(struct fsm *fp)
294 {
295 switch (fp->state) {
296 case ST_INITIAL:
297 log_Printf(fp->LogLevel, "FSM: Using \"%s\" as a transport\n",
298 fp->link->name);
299 NewState(fp, ST_CLOSED);
300 break;
301 case ST_STARTING:
302 FsmInitRestartCounter(fp, FSM_REQ_TIMER);
303 FsmSendConfigReq(fp);
304 NewState(fp, ST_REQSENT);
305 break;
306 default:
307 log_Printf(fp->LogLevel, "%s: Oops, Up at %s\n",
308 fp->link->name, State2Nam(fp->state));
309 break;
310 }
311 }
312
313 void
fsm_Down(struct fsm * fp)314 fsm_Down(struct fsm *fp)
315 {
316 switch (fp->state) {
317 case ST_CLOSED:
318 NewState(fp, ST_INITIAL);
319 break;
320 case ST_CLOSING:
321 /* This TLF contradicts the RFC (1661), which ``misses it out'' ! */
322 (*fp->fn->LayerFinish)(fp);
323 NewState(fp, ST_INITIAL);
324 (*fp->parent->LayerFinish)(fp->parent->object, fp);
325 break;
326 case ST_STOPPED:
327 NewState(fp, ST_STARTING);
328 (*fp->fn->LayerStart)(fp);
329 (*fp->parent->LayerStart)(fp->parent->object, fp);
330 break;
331 case ST_STOPPING:
332 case ST_REQSENT:
333 case ST_ACKRCVD:
334 case ST_ACKSENT:
335 NewState(fp, ST_STARTING);
336 break;
337 case ST_OPENED:
338 (*fp->fn->LayerDown)(fp);
339 NewState(fp, ST_STARTING);
340 (*fp->parent->LayerDown)(fp->parent->object, fp);
341 break;
342 }
343 }
344
345 void
fsm_Close(struct fsm * fp)346 fsm_Close(struct fsm *fp)
347 {
348 switch (fp->state) {
349 case ST_STARTING:
350 (*fp->fn->LayerFinish)(fp);
351 NewState(fp, ST_INITIAL);
352 (*fp->parent->LayerFinish)(fp->parent->object, fp);
353 break;
354 case ST_STOPPED:
355 NewState(fp, ST_CLOSED);
356 break;
357 case ST_STOPPING:
358 NewState(fp, ST_CLOSING);
359 break;
360 case ST_OPENED:
361 (*fp->fn->LayerDown)(fp);
362 if (fp->state == ST_OPENED) {
363 FsmInitRestartCounter(fp, FSM_TRM_TIMER);
364 FsmSendTerminateReq(fp);
365 NewState(fp, ST_CLOSING);
366 (*fp->parent->LayerDown)(fp->parent->object, fp);
367 }
368 break;
369 case ST_REQSENT:
370 case ST_ACKRCVD:
371 case ST_ACKSENT:
372 FsmInitRestartCounter(fp, FSM_TRM_TIMER);
373 FsmSendTerminateReq(fp);
374 NewState(fp, ST_CLOSING);
375 break;
376 }
377 }
378
379 /*
380 * Send functions
381 */
382 static void
FsmSendConfigReq(struct fsm * fp)383 FsmSendConfigReq(struct fsm *fp)
384 {
385 if (fp->more.reqs-- > 0 && fp->restart-- > 0) {
386 (*fp->fn->SendConfigReq)(fp);
387 timer_Start(&fp->FsmTimer); /* Start restart timer */
388 } else {
389 if (fp->more.reqs < 0)
390 log_Printf(LogPHASE, "%s: Too many %s REQs sent - abandoning "
391 "negotiation\n", fp->link->name, fp->name);
392 lcp_SendIdentification(&fp->link->lcp);
393 fsm_Close(fp);
394 }
395 }
396
397 static void
FsmSendTerminateReq(struct fsm * fp)398 FsmSendTerminateReq(struct fsm *fp)
399 {
400 fsm_Output(fp, CODE_TERMREQ, fp->reqid, NULL, 0, MB_UNKNOWN);
401 (*fp->fn->SentTerminateReq)(fp);
402 timer_Start(&fp->FsmTimer); /* Start restart timer */
403 fp->restart--; /* Decrement restart counter */
404 }
405
406 /*
407 * Timeout actions
408 */
409 static void
FsmTimeout(void * v)410 FsmTimeout(void *v)
411 {
412 struct fsm *fp = (struct fsm *)v;
413
414 if (fp->restart) {
415 switch (fp->state) {
416 case ST_CLOSING:
417 case ST_STOPPING:
418 FsmSendTerminateReq(fp);
419 break;
420 case ST_REQSENT:
421 case ST_ACKSENT:
422 FsmSendConfigReq(fp);
423 break;
424 case ST_ACKRCVD:
425 FsmSendConfigReq(fp);
426 NewState(fp, ST_REQSENT);
427 break;
428 }
429 timer_Start(&fp->FsmTimer);
430 } else {
431 switch (fp->state) {
432 case ST_CLOSING:
433 (*fp->fn->LayerFinish)(fp);
434 NewState(fp, ST_CLOSED);
435 (*fp->parent->LayerFinish)(fp->parent->object, fp);
436 break;
437 case ST_STOPPING:
438 (*fp->fn->LayerFinish)(fp);
439 NewState(fp, ST_STOPPED);
440 (*fp->parent->LayerFinish)(fp->parent->object, fp);
441 break;
442 case ST_REQSENT: /* XXX: 3p */
443 case ST_ACKSENT:
444 case ST_ACKRCVD:
445 (*fp->fn->LayerFinish)(fp);
446 NewState(fp, ST_STOPPED);
447 (*fp->parent->LayerFinish)(fp->parent->object, fp);
448 break;
449 }
450 }
451 }
452
453 static void
FsmInitRestartCounter(struct fsm * fp,int what)454 FsmInitRestartCounter(struct fsm *fp, int what)
455 {
456 timer_Stop(&fp->FsmTimer);
457 fp->FsmTimer.func = FsmTimeout;
458 fp->FsmTimer.arg = (void *)fp;
459 (*fp->fn->InitRestartCounter)(fp, what);
460 }
461
462 /*
463 * Actions when receive packets
464 */
465 static void
FsmRecvConfigReq(struct fsm * fp,struct fsmheader * lhp,struct mbuf * bp)466 FsmRecvConfigReq(struct fsm *fp, struct fsmheader *lhp, struct mbuf *bp)
467 /* RCR */
468 {
469 struct fsm_decode dec;
470 int plen, flen;
471 int ackaction = 0;
472 u_char *cp;
473
474 bp = m_pullup(bp);
475 plen = m_length(bp);
476 flen = ntohs(lhp->length) - sizeof *lhp;
477 if (plen < flen) {
478 log_Printf(LogWARN, "%s: FsmRecvConfigReq: plen (%d) < flen (%d)\n",
479 fp->link->name, plen, flen);
480 m_freem(bp);
481 return;
482 }
483
484 /* Some things must be done before we Decode the packet */
485 switch (fp->state) {
486 case ST_OPENED:
487 (*fp->fn->LayerDown)(fp);
488 }
489
490 dec.ackend = dec.ack;
491 dec.nakend = dec.nak;
492 dec.rejend = dec.rej;
493 cp = MBUF_CTOP(bp);
494 (*fp->fn->DecodeConfig)(fp, cp, cp + flen, MODE_REQ, &dec);
495 if (flen < (int)sizeof(struct fsm_opt_hdr))
496 log_Printf(fp->LogLevel, " [EMPTY]\n");
497
498 if (dec.nakend == dec.nak && dec.rejend == dec.rej)
499 ackaction = 1;
500
501 /* Check and process easy case */
502 switch (fp->state) {
503 case ST_INITIAL:
504 if (fp->proto == PROTO_CCP && fp->link->lcp.fsm.state == ST_OPENED) {
505 /*
506 * ccp_SetOpenMode() leaves us in initial if we're disabling
507 * & denying everything.
508 */
509 bp = m_prepend(bp, lhp, sizeof *lhp, 2);
510 bp = proto_Prepend(bp, fp->proto, 0, 0);
511 bp = m_pullup(bp);
512 lcp_SendProtoRej(&fp->link->lcp, MBUF_CTOP(bp), bp->m_len);
513 m_freem(bp);
514 return;
515 }
516 /* Drop through */
517 case ST_STARTING:
518 log_Printf(fp->LogLevel, "%s: Oops, RCR in %s.\n",
519 fp->link->name, State2Nam(fp->state));
520 m_freem(bp);
521 return;
522 case ST_CLOSED:
523 (*fp->fn->SendTerminateAck)(fp, lhp->id);
524 m_freem(bp);
525 return;
526 case ST_CLOSING:
527 log_Printf(fp->LogLevel, "%s: Error: Got ConfigReq while state = %s\n",
528 fp->link->name, State2Nam(fp->state));
529 case ST_STOPPING:
530 m_freem(bp);
531 return;
532 case ST_STOPPED:
533 FsmInitRestartCounter(fp, FSM_REQ_TIMER);
534 /* Drop through */
535 case ST_OPENED:
536 FsmSendConfigReq(fp);
537 break;
538 }
539
540 if (dec.rejend != dec.rej)
541 fsm_Output(fp, CODE_CONFIGREJ, lhp->id, dec.rej, dec.rejend - dec.rej,
542 MB_UNKNOWN);
543 if (dec.nakend != dec.nak)
544 fsm_Output(fp, CODE_CONFIGNAK, lhp->id, dec.nak, dec.nakend - dec.nak,
545 MB_UNKNOWN);
546 if (ackaction)
547 fsm_Output(fp, CODE_CONFIGACK, lhp->id, dec.ack, dec.ackend - dec.ack,
548 MB_UNKNOWN);
549
550 switch (fp->state) {
551 case ST_STOPPED:
552 /*
553 * According to the RFC (1661) state transition table, a TLS isn't
554 * required for a RCR when state == ST_STOPPED, but the RFC
555 * must be wrong as TLS hasn't yet been called (since the last TLF)
556 */
557 (*fp->fn->LayerStart)(fp);
558 (*fp->parent->LayerStart)(fp->parent->object, fp);
559 /* FALLTHROUGH */
560
561 case ST_OPENED:
562 if (ackaction)
563 NewState(fp, ST_ACKSENT);
564 else
565 NewState(fp, ST_REQSENT);
566 (*fp->parent->LayerDown)(fp->parent->object, fp);
567 break;
568 case ST_REQSENT:
569 if (ackaction)
570 NewState(fp, ST_ACKSENT);
571 break;
572 case ST_ACKRCVD:
573 if (ackaction) {
574 NewState(fp, ST_OPENED);
575 if ((*fp->fn->LayerUp)(fp))
576 (*fp->parent->LayerUp)(fp->parent->object, fp);
577 else {
578 (*fp->fn->LayerDown)(fp);
579 FsmInitRestartCounter(fp, FSM_TRM_TIMER);
580 FsmSendTerminateReq(fp);
581 NewState(fp, ST_CLOSING);
582 lcp_SendIdentification(&fp->link->lcp);
583 }
584 }
585 break;
586 case ST_ACKSENT:
587 if (!ackaction)
588 NewState(fp, ST_REQSENT);
589 break;
590 }
591 m_freem(bp);
592
593 if (dec.rejend != dec.rej && --fp->more.rejs <= 0) {
594 log_Printf(LogPHASE, "%s: Too many %s REJs sent - abandoning negotiation\n",
595 fp->link->name, fp->name);
596 lcp_SendIdentification(&fp->link->lcp);
597 fsm_Close(fp);
598 }
599
600 if (dec.nakend != dec.nak && --fp->more.naks <= 0) {
601 log_Printf(LogPHASE, "%s: Too many %s NAKs sent - abandoning negotiation\n",
602 fp->link->name, fp->name);
603 lcp_SendIdentification(&fp->link->lcp);
604 fsm_Close(fp);
605 }
606 }
607
608 static void
FsmRecvConfigAck(struct fsm * fp,struct fsmheader * lhp,struct mbuf * bp)609 FsmRecvConfigAck(struct fsm *fp, struct fsmheader *lhp, struct mbuf *bp)
610 /* RCA */
611 {
612 struct fsm_decode dec;
613 int plen, flen;
614 u_char *cp;
615
616 plen = m_length(bp);
617 flen = ntohs(lhp->length) - sizeof *lhp;
618 if (plen < flen) {
619 m_freem(bp);
620 return;
621 }
622
623 bp = m_pullup(bp);
624 dec.ackend = dec.ack;
625 dec.nakend = dec.nak;
626 dec.rejend = dec.rej;
627 cp = MBUF_CTOP(bp);
628 (*fp->fn->DecodeConfig)(fp, cp, cp + flen, MODE_ACK, &dec);
629 if (flen < (int)sizeof(struct fsm_opt_hdr))
630 log_Printf(fp->LogLevel, " [EMPTY]\n");
631
632 switch (fp->state) {
633 case ST_CLOSED:
634 case ST_STOPPED:
635 (*fp->fn->SendTerminateAck)(fp, lhp->id);
636 break;
637 case ST_CLOSING:
638 case ST_STOPPING:
639 break;
640 case ST_REQSENT:
641 FsmInitRestartCounter(fp, FSM_REQ_TIMER);
642 NewState(fp, ST_ACKRCVD);
643 break;
644 case ST_ACKRCVD:
645 FsmSendConfigReq(fp);
646 NewState(fp, ST_REQSENT);
647 break;
648 case ST_ACKSENT:
649 FsmInitRestartCounter(fp, FSM_REQ_TIMER);
650 NewState(fp, ST_OPENED);
651 if ((*fp->fn->LayerUp)(fp))
652 (*fp->parent->LayerUp)(fp->parent->object, fp);
653 else {
654 (*fp->fn->LayerDown)(fp);
655 FsmInitRestartCounter(fp, FSM_TRM_TIMER);
656 FsmSendTerminateReq(fp);
657 NewState(fp, ST_CLOSING);
658 lcp_SendIdentification(&fp->link->lcp);
659 }
660 break;
661 case ST_OPENED:
662 (*fp->fn->LayerDown)(fp);
663 FsmSendConfigReq(fp);
664 NewState(fp, ST_REQSENT);
665 (*fp->parent->LayerDown)(fp->parent->object, fp);
666 break;
667 }
668 m_freem(bp);
669 }
670
671 static void
FsmRecvConfigNak(struct fsm * fp,struct fsmheader * lhp,struct mbuf * bp)672 FsmRecvConfigNak(struct fsm *fp, struct fsmheader *lhp, struct mbuf *bp)
673 /* RCN */
674 {
675 struct fsm_decode dec;
676 int plen, flen;
677 u_char *cp;
678
679 plen = m_length(bp);
680 flen = ntohs(lhp->length) - sizeof *lhp;
681 if (plen < flen) {
682 m_freem(bp);
683 return;
684 }
685
686 /*
687 * Check and process easy case
688 */
689 switch (fp->state) {
690 case ST_INITIAL:
691 case ST_STARTING:
692 log_Printf(fp->LogLevel, "%s: Oops, RCN in %s.\n",
693 fp->link->name, State2Nam(fp->state));
694 m_freem(bp);
695 return;
696 case ST_CLOSED:
697 case ST_STOPPED:
698 (*fp->fn->SendTerminateAck)(fp, lhp->id);
699 m_freem(bp);
700 return;
701 case ST_CLOSING:
702 case ST_STOPPING:
703 m_freem(bp);
704 return;
705 }
706
707 bp = m_pullup(bp);
708 dec.ackend = dec.ack;
709 dec.nakend = dec.nak;
710 dec.rejend = dec.rej;
711 cp = MBUF_CTOP(bp);
712 (*fp->fn->DecodeConfig)(fp, cp, cp + flen, MODE_NAK, &dec);
713 if (flen < (int)sizeof(struct fsm_opt_hdr))
714 log_Printf(fp->LogLevel, " [EMPTY]\n");
715
716 switch (fp->state) {
717 case ST_REQSENT:
718 case ST_ACKSENT:
719 FsmInitRestartCounter(fp, FSM_REQ_TIMER);
720 FsmSendConfigReq(fp);
721 break;
722 case ST_OPENED:
723 (*fp->fn->LayerDown)(fp);
724 FsmSendConfigReq(fp);
725 NewState(fp, ST_REQSENT);
726 (*fp->parent->LayerDown)(fp->parent->object, fp);
727 break;
728 case ST_ACKRCVD:
729 FsmSendConfigReq(fp);
730 NewState(fp, ST_REQSENT);
731 break;
732 }
733
734 m_freem(bp);
735 }
736
737 static void
FsmRecvTermReq(struct fsm * fp,struct fsmheader * lhp,struct mbuf * bp)738 FsmRecvTermReq(struct fsm *fp, struct fsmheader *lhp, struct mbuf *bp)
739 /* RTR */
740 {
741 switch (fp->state) {
742 case ST_INITIAL:
743 case ST_STARTING:
744 log_Printf(fp->LogLevel, "%s: Oops, RTR in %s\n",
745 fp->link->name, State2Nam(fp->state));
746 break;
747 case ST_CLOSED:
748 case ST_STOPPED:
749 case ST_CLOSING:
750 case ST_STOPPING:
751 case ST_REQSENT:
752 (*fp->fn->SendTerminateAck)(fp, lhp->id);
753 break;
754 case ST_ACKRCVD:
755 case ST_ACKSENT:
756 (*fp->fn->SendTerminateAck)(fp, lhp->id);
757 NewState(fp, ST_REQSENT);
758 break;
759 case ST_OPENED:
760 (*fp->fn->LayerDown)(fp);
761 (*fp->fn->SendTerminateAck)(fp, lhp->id);
762 FsmInitRestartCounter(fp, FSM_TRM_TIMER);
763 timer_Start(&fp->FsmTimer); /* Start restart timer */
764 fp->restart = 0;
765 NewState(fp, ST_STOPPING);
766 (*fp->parent->LayerDown)(fp->parent->object, fp);
767 /* A delayed ST_STOPPED is now scheduled */
768 break;
769 }
770 m_freem(bp);
771 }
772
773 static void
FsmRecvTermAck(struct fsm * fp,struct fsmheader * lhp __unused,struct mbuf * bp)774 FsmRecvTermAck(struct fsm *fp, struct fsmheader *lhp __unused, struct mbuf *bp)
775 /* RTA */
776 {
777 switch (fp->state) {
778 case ST_CLOSING:
779 (*fp->fn->LayerFinish)(fp);
780 NewState(fp, ST_CLOSED);
781 (*fp->parent->LayerFinish)(fp->parent->object, fp);
782 break;
783 case ST_STOPPING:
784 (*fp->fn->LayerFinish)(fp);
785 NewState(fp, ST_STOPPED);
786 (*fp->parent->LayerFinish)(fp->parent->object, fp);
787 break;
788 case ST_ACKRCVD:
789 NewState(fp, ST_REQSENT);
790 break;
791 case ST_OPENED:
792 (*fp->fn->LayerDown)(fp);
793 FsmSendConfigReq(fp);
794 NewState(fp, ST_REQSENT);
795 (*fp->parent->LayerDown)(fp->parent->object, fp);
796 break;
797 }
798 m_freem(bp);
799 }
800
801 static void
FsmRecvConfigRej(struct fsm * fp,struct fsmheader * lhp,struct mbuf * bp)802 FsmRecvConfigRej(struct fsm *fp, struct fsmheader *lhp, struct mbuf *bp)
803 /* RCJ */
804 {
805 struct fsm_decode dec;
806 size_t plen;
807 int flen;
808 u_char *cp;
809
810 plen = m_length(bp);
811 flen = ntohs(lhp->length) - sizeof *lhp;
812 if ((int)plen < flen) {
813 m_freem(bp);
814 return;
815 }
816
817 lcp_SendIdentification(&fp->link->lcp);
818
819 /*
820 * Check and process easy case
821 */
822 switch (fp->state) {
823 case ST_INITIAL:
824 case ST_STARTING:
825 log_Printf(fp->LogLevel, "%s: Oops, RCJ in %s.\n",
826 fp->link->name, State2Nam(fp->state));
827 m_freem(bp);
828 return;
829 case ST_CLOSED:
830 case ST_STOPPED:
831 (*fp->fn->SendTerminateAck)(fp, lhp->id);
832 m_freem(bp);
833 return;
834 case ST_CLOSING:
835 case ST_STOPPING:
836 m_freem(bp);
837 return;
838 }
839
840 bp = m_pullup(bp);
841 dec.ackend = dec.ack;
842 dec.nakend = dec.nak;
843 dec.rejend = dec.rej;
844 cp = MBUF_CTOP(bp);
845 (*fp->fn->DecodeConfig)(fp, cp, cp + flen, MODE_REJ, &dec);
846 if (flen < (int)sizeof(struct fsm_opt_hdr))
847 log_Printf(fp->LogLevel, " [EMPTY]\n");
848
849 switch (fp->state) {
850 case ST_REQSENT:
851 case ST_ACKSENT:
852 FsmInitRestartCounter(fp, FSM_REQ_TIMER);
853 FsmSendConfigReq(fp);
854 break;
855 case ST_OPENED:
856 (*fp->fn->LayerDown)(fp);
857 FsmSendConfigReq(fp);
858 NewState(fp, ST_REQSENT);
859 (*fp->parent->LayerDown)(fp->parent->object, fp);
860 break;
861 case ST_ACKRCVD:
862 FsmSendConfigReq(fp);
863 NewState(fp, ST_REQSENT);
864 break;
865 }
866 m_freem(bp);
867 }
868
869 static void
FsmRecvCodeRej(struct fsm * fp __unused,struct fsmheader * lhp __unused,struct mbuf * bp)870 FsmRecvCodeRej(struct fsm *fp __unused, struct fsmheader *lhp __unused,
871 struct mbuf *bp)
872 {
873 m_freem(bp);
874 }
875
876 static void
FsmRecvProtoRej(struct fsm * fp,struct fsmheader * lhp __unused,struct mbuf * bp)877 FsmRecvProtoRej(struct fsm *fp, struct fsmheader *lhp __unused, struct mbuf *bp)
878 {
879 struct physical *p = link2physical(fp->link);
880 u_short proto;
881
882 if (m_length(bp) < 2) {
883 m_freem(bp);
884 return;
885 }
886 bp = mbuf_Read(bp, &proto, 2);
887 proto = ntohs(proto);
888 log_Printf(fp->LogLevel, "%s: -- Protocol 0x%04x (%s) was rejected!\n",
889 fp->link->name, proto, hdlc_Protocol2Nam(proto));
890
891 switch (proto) {
892 case PROTO_LQR:
893 if (p)
894 lqr_Stop(p, LQM_LQR);
895 else
896 log_Printf(LogERROR, "%s: FsmRecvProtoRej: Not a physical link !\n",
897 fp->link->name);
898 break;
899 case PROTO_CCP:
900 if (fp->proto == PROTO_LCP) {
901 fp = &fp->link->ccp.fsm;
902 /* Despite the RFC (1661), don't do an out-of-place TLF */
903 /* (*fp->fn->LayerFinish)(fp); */
904 switch (fp->state) {
905 case ST_CLOSED:
906 case ST_CLOSING:
907 NewState(fp, ST_CLOSED);
908 break;
909 default:
910 NewState(fp, ST_STOPPED);
911 break;
912 }
913 /* See above */
914 /* (*fp->parent->LayerFinish)(fp->parent->object, fp); */
915 }
916 break;
917 case PROTO_IPCP:
918 if (fp->proto == PROTO_LCP) {
919 log_Printf(LogPHASE, "%s: IPCP protocol reject closes IPCP !\n",
920 fp->link->name);
921 fsm_Close(&fp->bundle->ncp.ipcp.fsm);
922 }
923 break;
924 #ifndef NOINET6
925 case PROTO_IPV6CP:
926 if (fp->proto == PROTO_LCP) {
927 log_Printf(LogPHASE, "%s: IPV6CP protocol reject closes IPV6CP !\n",
928 fp->link->name);
929 fsm_Close(&fp->bundle->ncp.ipv6cp.fsm);
930 }
931 break;
932 #endif
933 case PROTO_MP:
934 if (fp->proto == PROTO_LCP) {
935 struct lcp *lcp = fsm2lcp(fp);
936
937 if (lcp->want_mrru && lcp->his_mrru) {
938 log_Printf(LogPHASE, "%s: MP protocol reject is fatal !\n",
939 fp->link->name);
940 fsm_Close(fp);
941 }
942 }
943 break;
944 }
945 m_freem(bp);
946 }
947
948 static void
FsmRecvEchoReq(struct fsm * fp,struct fsmheader * lhp,struct mbuf * bp)949 FsmRecvEchoReq(struct fsm *fp, struct fsmheader *lhp, struct mbuf *bp)
950 {
951 struct lcp *lcp = fsm2lcp(fp);
952 u_char *cp;
953 u_int32_t magic;
954
955 bp = m_pullup(bp);
956 m_settype(bp, MB_ECHOIN);
957
958 if (lcp && ntohs(lhp->length) - sizeof *lhp >= 4) {
959 cp = MBUF_CTOP(bp);
960 ua_ntohl(cp, &magic);
961 if (magic != lcp->his_magic) {
962 log_Printf(fp->LogLevel, "%s: RecvEchoReq: magic 0x%08lx is wrong,"
963 " expecting 0x%08lx\n", fp->link->name, (u_long)magic,
964 (u_long)lcp->his_magic);
965 /* XXX: We should send terminate request */
966 }
967 if (fp->state == ST_OPENED) {
968 ua_htonl(&lcp->want_magic, cp); /* local magic */
969 fsm_Output(fp, CODE_ECHOREP, lhp->id, cp,
970 ntohs(lhp->length) - sizeof *lhp, MB_ECHOOUT);
971 }
972 }
973 m_freem(bp);
974 }
975
976 static void
FsmRecvEchoRep(struct fsm * fp,struct fsmheader * lhp __unused,struct mbuf * bp)977 FsmRecvEchoRep(struct fsm *fp, struct fsmheader *lhp __unused, struct mbuf *bp)
978 {
979 if (fsm2lcp(fp))
980 bp = lqr_RecvEcho(fp, bp);
981
982 m_freem(bp);
983 }
984
985 static void
FsmRecvDiscReq(struct fsm * fp __unused,struct fsmheader * lhp __unused,struct mbuf * bp)986 FsmRecvDiscReq(struct fsm *fp __unused, struct fsmheader *lhp __unused,
987 struct mbuf *bp)
988 {
989 m_freem(bp);
990 }
991
992 static void
FsmRecvIdent(struct fsm * fp,struct fsmheader * lhp,struct mbuf * bp)993 FsmRecvIdent(struct fsm *fp, struct fsmheader *lhp, struct mbuf *bp)
994 {
995 u_int32_t magic;
996 u_short len;
997 u_char *cp;
998
999 len = ntohs(lhp->length) - sizeof *lhp;
1000 if (len >= 4) {
1001 bp = m_pullup(m_append(bp, "", 1));
1002 cp = MBUF_CTOP(bp);
1003 ua_ntohl(cp, &magic);
1004 if (magic != fp->link->lcp.his_magic)
1005 log_Printf(fp->LogLevel, "%s: RecvIdent: magic 0x%08lx is wrong,"
1006 " expecting 0x%08lx\n", fp->link->name, (u_long)magic,
1007 (u_long)fp->link->lcp.his_magic);
1008 cp[len] = '\0';
1009 lcp_RecvIdentification(&fp->link->lcp, cp + 4);
1010 }
1011 m_freem(bp);
1012 }
1013
1014 static void
FsmRecvTimeRemain(struct fsm * fp __unused,struct fsmheader * lhp __unused,struct mbuf * bp)1015 FsmRecvTimeRemain(struct fsm *fp __unused, struct fsmheader *lhp __unused,
1016 struct mbuf *bp)
1017 {
1018 m_freem(bp);
1019 }
1020
1021 static void
FsmRecvResetReq(struct fsm * fp,struct fsmheader * lhp,struct mbuf * bp)1022 FsmRecvResetReq(struct fsm *fp, struct fsmheader *lhp, struct mbuf *bp)
1023 {
1024 if ((*fp->fn->RecvResetReq)(fp)) {
1025 /*
1026 * All sendable compressed packets are queued in the first (lowest
1027 * priority) modem output queue.... dump 'em to the priority queue
1028 * so that they arrive at the peer before our ResetAck.
1029 */
1030 link_SequenceQueue(fp->link);
1031 fsm_Output(fp, CODE_RESETACK, lhp->id, NULL, 0, MB_CCPOUT);
1032 }
1033 m_freem(bp);
1034 }
1035
1036 static void
FsmRecvResetAck(struct fsm * fp,struct fsmheader * lhp,struct mbuf * bp)1037 FsmRecvResetAck(struct fsm *fp, struct fsmheader *lhp, struct mbuf *bp)
1038 {
1039 (*fp->fn->RecvResetAck)(fp, lhp->id);
1040 m_freem(bp);
1041 }
1042
1043 void
fsm_Input(struct fsm * fp,struct mbuf * bp)1044 fsm_Input(struct fsm *fp, struct mbuf *bp)
1045 {
1046 size_t len;
1047 struct fsmheader lh;
1048 const struct fsmcodedesc *codep;
1049
1050 len = m_length(bp);
1051 if (len < sizeof(struct fsmheader)) {
1052 m_freem(bp);
1053 return;
1054 }
1055 bp = mbuf_Read(bp, &lh, sizeof lh);
1056
1057 if (ntohs(lh.length) > len) {
1058 log_Printf(LogWARN, "%s: Oops: Got %zu bytes but %d byte payload "
1059 "- dropped\n", fp->link->name, len, (int)ntohs(lh.length));
1060 m_freem(bp);
1061 return;
1062 }
1063
1064 if (lh.code < fp->min_code || lh.code > fp->max_code ||
1065 lh.code > sizeof FsmCodes / sizeof *FsmCodes) {
1066 /*
1067 * Use a private id. This is really a response-type packet, but we
1068 * MUST send a unique id for each REQ....
1069 */
1070 static u_char id;
1071
1072 bp = m_prepend(bp, &lh, sizeof lh, 0);
1073 bp = m_pullup(bp);
1074 fsm_Output(fp, CODE_CODEREJ, id++, MBUF_CTOP(bp), bp->m_len, MB_UNKNOWN);
1075 m_freem(bp);
1076 return;
1077 }
1078
1079 codep = FsmCodes + lh.code - 1;
1080 if (lh.id != fp->reqid && codep->check_reqid &&
1081 Enabled(fp->bundle, OPT_IDCHECK)) {
1082 log_Printf(fp->LogLevel, "%s: Recv%s(%d), dropped (expected %d)\n",
1083 fp->link->name, codep->name, lh.id, fp->reqid);
1084 return;
1085 }
1086
1087 log_Printf(fp->LogLevel, "%s: Recv%s(%d) state = %s\n",
1088 fp->link->name, codep->name, lh.id, State2Nam(fp->state));
1089
1090 if (codep->inc_reqid && (lh.id == fp->reqid ||
1091 (!Enabled(fp->bundle, OPT_IDCHECK) && codep->check_reqid)))
1092 fp->reqid++; /* That's the end of that ``exchange''.... */
1093
1094 (*codep->recv)(fp, &lh, bp);
1095 }
1096
1097 int
fsm_NullRecvResetReq(struct fsm * fp)1098 fsm_NullRecvResetReq(struct fsm *fp)
1099 {
1100 log_Printf(fp->LogLevel, "%s: Oops - received unexpected reset req\n",
1101 fp->link->name);
1102 return 1;
1103 }
1104
1105 void
fsm_NullRecvResetAck(struct fsm * fp,u_char id __unused)1106 fsm_NullRecvResetAck(struct fsm *fp, u_char id __unused)
1107 {
1108 log_Printf(fp->LogLevel, "%s: Oops - received unexpected reset ack\n",
1109 fp->link->name);
1110 }
1111
1112 void
fsm_Reopen(struct fsm * fp)1113 fsm_Reopen(struct fsm *fp)
1114 {
1115 if (fp->state == ST_OPENED) {
1116 (*fp->fn->LayerDown)(fp);
1117 FsmInitRestartCounter(fp, FSM_REQ_TIMER);
1118 FsmSendConfigReq(fp);
1119 NewState(fp, ST_REQSENT);
1120 (*fp->parent->LayerDown)(fp->parent->object, fp);
1121 }
1122 }
1123
1124 void
fsm2initial(struct fsm * fp)1125 fsm2initial(struct fsm *fp)
1126 {
1127 timer_Stop(&fp->FsmTimer);
1128 timer_Stop(&fp->OpenTimer);
1129 timer_Stop(&fp->StoppedTimer);
1130 if (fp->state == ST_STOPPED)
1131 fsm_Close(fp);
1132 if (fp->state > ST_INITIAL)
1133 fsm_Down(fp);
1134 if (fp->state > ST_INITIAL)
1135 fsm_Close(fp);
1136 }
1137
1138 struct fsm_opt *
fsm_readopt(u_char ** cp)1139 fsm_readopt(u_char **cp)
1140 {
1141 struct fsm_opt *o = (struct fsm_opt *)*cp;
1142
1143 if (o->hdr.len < sizeof(struct fsm_opt_hdr)) {
1144 log_Printf(LogERROR, "Bad option length %d (out of phase?)\n", o->hdr.len);
1145 return NULL;
1146 }
1147
1148 *cp += o->hdr.len;
1149
1150 if (o->hdr.len > sizeof(struct fsm_opt)) {
1151 log_Printf(LogERROR, "Warning: Truncating option length from %d to %d\n",
1152 o->hdr.len, (int)sizeof(struct fsm_opt));
1153 o->hdr.len = sizeof(struct fsm_opt);
1154 }
1155
1156 return o;
1157 }
1158
1159 static int
fsm_opt(u_char * opt,int optlen,const struct fsm_opt * o)1160 fsm_opt(u_char *opt, int optlen, const struct fsm_opt *o)
1161 {
1162 unsigned cplen = o->hdr.len;
1163
1164 if (optlen < (int)sizeof(struct fsm_opt_hdr))
1165 optlen = 0;
1166
1167 if ((int)cplen > optlen) {
1168 log_Printf(LogERROR, "Can't REJ length %d - trunating to %d\n",
1169 cplen, optlen);
1170 cplen = optlen;
1171 }
1172 memcpy(opt, o, cplen);
1173 if (cplen)
1174 opt[1] = cplen;
1175
1176 return cplen;
1177 }
1178
1179 void
fsm_rej(struct fsm_decode * dec,const struct fsm_opt * o)1180 fsm_rej(struct fsm_decode *dec, const struct fsm_opt *o)
1181 {
1182 if (!dec)
1183 return;
1184 dec->rejend += fsm_opt(dec->rejend, FSM_OPTLEN - (dec->rejend - dec->rej), o);
1185 }
1186
1187 void
fsm_ack(struct fsm_decode * dec,const struct fsm_opt * o)1188 fsm_ack(struct fsm_decode *dec, const struct fsm_opt *o)
1189 {
1190 if (!dec)
1191 return;
1192 dec->ackend += fsm_opt(dec->ackend, FSM_OPTLEN - (dec->ackend - dec->ack), o);
1193 }
1194
1195 void
fsm_nak(struct fsm_decode * dec,const struct fsm_opt * o)1196 fsm_nak(struct fsm_decode *dec, const struct fsm_opt *o)
1197 {
1198 if (!dec)
1199 return;
1200 dec->nakend += fsm_opt(dec->nakend, FSM_OPTLEN - (dec->nakend - dec->nak), o);
1201 }
1202
1203 void
fsm_opt_normalise(struct fsm_decode * dec)1204 fsm_opt_normalise(struct fsm_decode *dec)
1205 {
1206 if (dec->rejend != dec->rej) {
1207 /* rejects are preferred */
1208 dec->ackend = dec->ack;
1209 dec->nakend = dec->nak;
1210 } else if (dec->nakend != dec->nak)
1211 /* then NAKs */
1212 dec->ackend = dec->ack;
1213 }
1214