xref: /titanic_44/usr/src/cmd/cmd-inet/usr.bin/pppd/lcp.c (revision 3d7072f8bd27709dba14f6fe336f149d25d9e207)
1 /*
2  * lcp.c - PPP Link Control Protocol.
3  *
4  * Copyright 2000-2002 Sun Microsystems, Inc.  All rights reserved.
5  * Use is subject to license terms.
6  *
7  * Copyright (c) 1989 Carnegie Mellon University.
8  * All rights reserved.
9  *
10  * Redistribution and use in source and binary forms are permitted
11  * provided that the above copyright notice and this paragraph are
12  * duplicated in all such forms and that any documentation,
13  * advertising materials, and other materials related to such
14  * distribution and use acknowledge that the software was developed
15  * by Carnegie Mellon University.  The name of the
16  * University may not be used to endorse or promote products derived
17  * from this software without specific prior written permission.
18  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
19  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
20  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21  */
22 
23 #pragma ident	"%Z%%M%	%I%	%E% SMI"
24 #define RCSID	"$Id: lcp.c,v 1.54 2000/04/27 03:51:18 masputra Exp $"
25 
26 /*
27  * TODO:
28  */
29 
30 #include <stdio.h>
31 #include <string.h>
32 #include <stdlib.h>
33 #include <ctype.h>
34 #if defined(CHAPMS) || defined(CHAPMSV2)
35 #ifdef HAVE_CRYPT_H
36 #include <crypt.h>
37 #endif
38 #ifndef USE_CRYPT
39 #include <des.h>
40 #endif
41 #ifdef SOL2
42 #include <errno.h>
43 #endif
44 #endif
45 
46 #include "pppd.h"
47 #include "fsm.h"
48 #include "lcp.h"
49 #include "chap.h"
50 #include "magic.h"
51 #include "patchlevel.h"
52 
53 #if !defined(lint) && !defined(_lint)
54 static const char rcsid[] = RCSID;
55 #endif
56 
57 /*
58  * Special failure codes for logging link failure reasons.
59  */
60 bool peer_nak_auth;		/* Peer sent nak for our auth request */
61 u_short nak_auth_orig;		/* Auth proto peer naked */
62 u_short nak_auth_proto;		/* Auth proto peer suggested instead */
63 bool unsolicited_nak_auth;	/* Peer asked us to authenticate */
64 u_short unsolicit_auth_proto;	/* Auth proto peer wants */
65 bool peer_reject_auth;		/* Peer sent reject for auth */
66 u_short reject_auth_proto;	/* Protocol that peer rejected */
67 bool rejected_peers_auth;	/* We sent a reject to the peer */
68 u_short rejected_auth_proto;	/* Protocol that peer wanted to use */
69 bool naked_peers_auth;		/* We sent a nak to the peer */
70 u_short naked_auth_orig;	/* Protocol that we wanted to use */
71 u_short naked_auth_proto;	/* Protocol that peer wants us to use */
72 
73 /*
74  * LCP-related command-line options.
75  */
76 int	lcp_echo_interval = 0; 	/* Interval between LCP echo-requests */
77 int	lcp_echo_fails = 0;	/* Tolerance to unanswered echo-requests */
78 bool	lax_recv = 0;		/* accept control chars in asyncmap */
79 static int use_accm_test = 2;	/* use big echo-requests to check ACCM */
80 #define	ACCM_TEST_FAILS	5
81 
82 #define _tostr2(x)	#x
83 #define _tostr(x)	_tostr2(x)
84 static char identstr[256] =	/* Identification string */
85 	"ppp-" VERSION "." _tostr(PATCHLEVEL) IMPLEMENTATION;
86 static int noident = 0;		/* 1 to disable; 2 to reject */
87 static int sentident = 0;	/* counts the # of ident codes sent */
88 
89 /* set if we're allowed to send an unsolicited Configure-Nak for MRU. */
90 static bool unsolicit_mru;
91 
92 static int setescape __P((char **, option_t *));
93 
94 static bool do_msft_workaround = 1;
95 static int setasyncmap __P((char **, option_t *));
96 
97 bool	noendpoint = 0;		/* don't send/accept endpoint discriminator */
98 static int setendpoint __P((char **, option_t *));
99 
100 static char *callback_strings[] = {
101 	"auth", "dialstring", "location", "E.164", "X.500", "", "CBCP", NULL
102 };
103 
104 /* This is used in packet printing even if NEGOTIATE_FCS isn't enabled */
105 static char *fcsalt_strings[] = {
106 	"null", "crc16", "crc32", NULL
107 };
108 
109 #ifdef NEGOTIATE_FCS
110 static int setfcsallow __P((char **, option_t *));
111 static int setfcswant __P((char **, option_t *));
112 #endif
113 
114 /* Backward compatibility for Linux */
115 #ifndef PPP_MAXMRU
116 #define	PPP_MTU		1500	/* Default MTU (size of Info field) */
117 #define	PPP_MAXMTU	65535 - (PPP_HDRLEN + PPP_FCSLEN)
118 #define	PPP_MINMTU	64
119 #define	PPP_MAXMRU	65000	/* Largest MRU we allow */
120 #define	PPP_MINMRU	128
121 #endif
122 
123 static option_t lcp_option_list[] = {
124     /* LCP options */
125     { "noaccomp", o_bool, &lcp_wantoptions[0].neg_accompression,
126       "Disable address/control compression",
127       OPT_A2COPY, &lcp_allowoptions[0].neg_accompression },
128     { "-ac", o_bool, &lcp_wantoptions[0].neg_accompression,
129       "Disable address/control compression",
130       OPT_A2COPY, &lcp_allowoptions[0].neg_accompression },
131     { "default-asyncmap", o_bool, &lcp_wantoptions[0].neg_asyncmap,
132       "Disable asyncmap negotiation",
133       OPT_A2COPY, &lcp_allowoptions[0].neg_asyncmap },
134     { "-am", o_bool, &lcp_wantoptions[0].neg_asyncmap,
135       "Disable asyncmap negotiation",
136       OPT_A2COPY, &lcp_allowoptions[0].neg_asyncmap },
137     { "asyncmap", o_special, (void *)setasyncmap,
138       "Set asyncmap (for received packets)" },
139     { "-as", o_special, (void *)setasyncmap,
140       "Set asyncmap (for received packets)" },
141     { "nomagic", o_bool, &lcp_wantoptions[0].neg_magicnumber,
142       "Disable magic number option (looped-back line detect)",
143       OPT_A2COPY, &lcp_allowoptions[0].neg_magicnumber },
144     { "-mn", o_bool, &lcp_wantoptions[0].neg_magicnumber,
145       "Disable magic number option (looped-back line detect)",
146       OPT_A2COPY, &lcp_allowoptions[0].neg_magicnumber },
147     { "default-mru", o_bool, &lcp_wantoptions[0].neg_mru,
148       "Disable MRU negotiation (use default 1500)",
149       OPT_A2COPY, &lcp_allowoptions[0].neg_mru },
150     { "-mru", o_bool, &lcp_wantoptions[0].neg_mru,
151       "Disable MRU negotiation (use default 1500)",
152       OPT_A2COPY, &lcp_allowoptions[0].neg_mru },
153     { "mru", o_int, &lcp_wantoptions[0].mru,
154       "Set MRU (maximum received packet size) for negotiation",
155       OPT_LIMITS, &lcp_wantoptions[0].neg_mru, PPP_MAXMRU, PPP_MINMRU },
156     { "mtu", o_int, &lcp_allowoptions[0].mru,
157       "Set our MTU", OPT_LIMITS|OPT_A2COPY, &lcp_allowoptions[0].mrru,
158       PPP_MAXMTU, PPP_MINMTU },
159     { "nopcomp", o_bool, &lcp_wantoptions[0].neg_pcompression,
160       "Disable protocol field compression",
161       OPT_A2COPY, &lcp_allowoptions[0].neg_pcompression },
162     { "-pc", o_bool, &lcp_wantoptions[0].neg_pcompression,
163       "Disable protocol field compression",
164       OPT_A2COPY, &lcp_allowoptions[0].neg_pcompression },
165     { "-p", o_bool, &lcp_wantoptions[0].passive,
166       "Set passive mode", 1 },
167     { "passive", o_bool, &lcp_wantoptions[0].passive,
168       "Set passive mode", 1 },
169     { "silent", o_bool, &lcp_wantoptions[0].silent,
170       "Set silent mode", 1 },
171     { "escape", o_special, (void *)setescape,
172       "List of character codes to escape on transmission" },
173     { "lcp-echo-failure", o_int, &lcp_echo_fails,
174       "Number of consecutive echo failures for link failure" },
175     { "lcp-echo-interval", o_int, &lcp_echo_interval,
176       "Set time in seconds between LCP echo requests" },
177     { "no-accm-test", o_int, &use_accm_test,
178       "Disable use of LCP Echo-Request asyncmap checking",
179       OPT_NOARG|OPT_VAL(0) },
180     { "small-accm-test", o_int, &use_accm_test,
181       "Use only small Echo-Requests for asyncmap checking",
182       OPT_NOARG|OPT_VAL(1) },
183     { "lcp-restart", o_int, &lcp_fsm[0].timeouttime,
184       "Set time in seconds between LCP retransmissions" },
185     { "lcp-max-terminate", o_int, &lcp_fsm[0].maxtermtransmits,
186       "Maximum number of LCP terminate-request transmissions" },
187     { "lcp-max-configure", o_int, &lcp_fsm[0].maxconfreqtransmits,
188       "Maximum number of LCP configure-request transmissions" },
189     { "lcp-max-failure", o_int, &lcp_fsm[0].maxnakloops,
190       "Set limit on number of LCP configure-naks" },
191     { "receive-all", o_bool, &lax_recv,
192       "Accept all received control characters", 1 },
193 #ifdef HAVE_MULTILINK
194     { "mrru", o_int, &lcp_wantoptions[0].mrru,
195       "Maximum received packet size for multilink bundle",
196       OPT_LIMITS, &lcp_wantoptions[0].neg_mrru, PPP_MAXMRU, PPP_MINMRU },
197     { "mpshortseq", o_bool, &lcp_wantoptions[0].neg_ssnhf,
198       "Use short sequence numbers in multilink headers",
199       OPT_A2COPY | 1, &lcp_allowoptions[0].neg_ssnhf },
200     { "nompshortseq", o_bool, &lcp_wantoptions[0].neg_ssnhf,
201       "Don't use short sequence numbers in multilink headers",
202       OPT_A2COPY, &lcp_allowoptions[0].neg_ssnhf },
203 #endif /* HAVE_MULTILINK */
204     { "endpoint", o_special, (void *)setendpoint,
205       "Endpoint discriminator for multilink", },
206     { "noendpoint", o_bool, &noendpoint,
207       "Don't send or accept multilink endpoint discriminator", 1 },
208     { "ident", o_string, identstr,
209       "LCP Identification string", OPT_STATIC, NULL, sizeof(identstr) },
210     { "noident", o_int, &noident,
211       "Disable use of LCP Identification", OPT_INC|OPT_NOARG|1 },
212 #ifdef NEGOTIATE_FCS
213     { "default-fcs", o_bool, &lcp_wantoptions[0].neg_fcs,
214       "Disable FCS Alternatives option (use default CRC-16)",
215       OPT_A2COPY, &lcp_allowoptions[0].neg_fcs },
216     { "allow-fcs", o_special, (void *)setfcsallow,
217       "Set allowable FCS types; crc16, crc32, null, or number" },
218     { "fcs", o_special, (void *)setfcswant,
219       "Set FCS type(s) desired; crc16, crc32, null, or number" },
220 #endif
221 #ifdef MUX_FRAME
222     /*
223      * if pppmux option is turned on, then the parameter to this
224      * is time value in microseconds
225      */
226     { "pppmux", o_int, &lcp_wantoptions[0].pppmux,
227       "Set PPP Multiplexing option timer", OPT_LLIMIT | OPT_A2COPY,
228 	&lcp_allowoptions[0].pppmux, 0, 0 },
229 #endif
230     {NULL}
231 };
232 
233 /* global vars */
234 fsm lcp_fsm[NUM_PPP];			/* LCP fsm structure (global)*/
235 lcp_options lcp_wantoptions[NUM_PPP];	/* Options that we want to request */
236 lcp_options lcp_gotoptions[NUM_PPP];	/* Options that peer ack'd */
237 lcp_options lcp_allowoptions[NUM_PPP];	/* Options we allow peer to request */
238 lcp_options lcp_hisoptions[NUM_PPP];	/* Options that we ack'd */
239 u_int32_t xmit_accm[NUM_PPP][8];	/* extended transmit ACCM */
240 
241 /*
242  * These variables allow a plugin to assert limits on the maximum
243  * MRU/MTU values that can be negotiated.
244  */
245 int absmax_mru = PPP_MAXMRU;
246 int absmax_mtu = PPP_MAXMTU;
247 
248 static int lcp_echos_pending = 0;	/* Number of outstanding echo msgs */
249 static int lcp_echo_number   = 0;	/* ID number of next echo frame */
250 static int lcp_echo_timer_running = 0;  /* set if a timer is running */
251 static int lcp_echo_badreplies = 0;	/* number of bad replies from peer */
252 /*
253  * The maximum number of bad replies we tolerate before bringing the
254  * link down.
255  */
256 #define LCP_ECHO_MAX_BADREPLIES	10
257 
258 /*
259  * Callbacks for fsm code.  (CI = Configuration Information)
260  */
261 static void lcp_resetci __P((fsm *));	/* Reset our CI */
262 static int  lcp_cilen __P((fsm *));		/* Return length of our CI */
263 static void lcp_addci __P((fsm *, u_char *, int *)); /* Add our CI to pkt */
264 static int  lcp_ackci __P((fsm *, u_char *, int)); /* Peer ack'd our CI */
265 static int  lcp_nakci __P((fsm *, u_char *, int)); /* Peer nak'd our CI */
266 static int  lcp_rejci __P((fsm *, u_char *, int)); /* Peer rej'd our CI */
267 static int  lcp_reqci __P((fsm *, u_char *, int *, int)); /* Rcv peer CI */
268 static void lcp_up __P((fsm *));		/* We're UP */
269 static void lcp_down __P((fsm *));		/* We're DOWN */
270 static void lcp_starting __P((fsm *));	/* We need lower layer up */
271 static void lcp_finished __P((fsm *));	/* We need lower layer down */
272 static int  lcp_extcode __P((fsm *, int, int, u_char *, int));
273 static void lcp_rprotrej __P((fsm *, u_char *, int));
274 static int lcp_coderej __P((fsm *f, int code, int id, u_char *inp, int len));
275 
276 /*
277  * routines to send LCP echos to peer
278  */
279 
280 static void lcp_echo_lowerup __P((int));
281 static void lcp_echo_lowerdown __P((int));
282 static void LcpEchoTimeout __P((void *));
283 static int lcp_received_echo_reply __P((fsm *, int, u_char *, int));
284 static void LcpSendEchoRequest __P((fsm *));
285 static void LcpLinkFailure __P((fsm *));
286 static void LcpEchoCheck __P((fsm *));
287 
288 /*
289  * routines to send and receive additional LCP packets described in
290  * section 1 of rfc1570.
291  */
292 static void LcpSendIdentification __P((fsm *));
293 static void lcp_received_identification __P((fsm *, int, u_char *, int));
294 static void LcpSendTimeRemaining __P((fsm *, u_int32_t));
295 static void lcp_timeremaining __P((void *));
296 static void lcp_received_timeremain __P((fsm *, int, u_char *, int));
297 
298 
299 static fsm_callbacks lcp_callbacks = {	/* LCP callback routines */
300     lcp_resetci,		/* Reset our Configuration Information */
301     lcp_cilen,			/* Length of our Configuration Information */
302     lcp_addci,			/* Add our Configuration Information */
303     lcp_ackci,			/* ACK our Configuration Information */
304     lcp_nakci,			/* NAK our Configuration Information */
305     lcp_rejci,			/* Reject our Configuration Information */
306     lcp_reqci,			/* Request peer's Configuration Information */
307     lcp_up,			/* Called when fsm reaches OPENED state */
308     lcp_down,			/* Called when fsm leaves OPENED state */
309     lcp_starting,		/* Called when we want the lower layer up */
310     lcp_finished,		/* Called when we want the lower layer down */
311     NULL,			/* Retransmission is necessary */
312     lcp_extcode,		/* Called to handle LCP-specific codes */
313     "LCP",			/* String name of protocol */
314     lcp_coderej,		/* Peer rejected a code number */
315 };
316 
317 /*
318  * Protocol entry points.
319  * Some of these are called directly.
320  */
321 
322 static void lcp_init __P((int));
323 static void lcp_input __P((int, u_char *, int));
324 static void lcp_protrej __P((int));
325 static int  lcp_printpkt __P((u_char *, int,
326     void (*) __P((void *, const char *, ...)), void *));
327 
328 
329 struct protent lcp_protent = {
330     PPP_LCP,		/* Protocol Number for LCP */
331     lcp_init,		/* Initializes LCP */
332     lcp_input,		/* Processes a received LCP packet */
333     lcp_protrej,	/* Process a received Protocol-reject */
334     lcp_lowerup,	/* Called after the serial device has been set up */
335     lcp_lowerdown,	/* Called when the link is brought down */
336     lcp_open,		/* Called after lcp_lowerup when bringing up the link */
337     lcp_close,		/* Called when the link goes down */
338     lcp_printpkt,	/* Print a packet in human readable form */
339     NULL,		/* Process a received data packet */
340     1,			/* LCP is enabled by default */
341     "LCP",		/* Name of the protocol */
342     NULL,		/* Name of the corresponding data protocol */
343     lcp_option_list,	/* List of LCP command-line options */
344     NULL,		/* Assigns default values for options */
345     NULL,		/* Configures demand-dial */
346     NULL		/* Bring up the link for this packet? */
347 };
348 
349 int lcp_loopbackfail = DEFLOOPBACKFAIL;
350 
351 /*
352  * Length of each type of configuration option (in octets)
353  */
354 #define CILEN_VOID	2
355 #define CILEN_CHAR	3
356 #define CILEN_SHORT	4	/* CILEN_VOID + 2 */
357 #define CILEN_CHAP	5	/* CILEN_VOID + 2 + 1 */
358 #define CILEN_LONG	6	/* CILEN_VOID + 4 */
359 #define CILEN_LQR	8	/* CILEN_VOID + 2 + 4 */
360 #define CILEN_CBCP	3
361 
362 
363 /*
364  * setescape - add chars to the set we escape on transmission.
365  */
366 /*ARGSUSED*/
367 static int
368 setescape(argv, opt)
369     char **argv;
370     option_t *opt;
371 {
372     int n, ret;
373     char *p, *endp;
374 
375     p = *argv;
376     ret = 1;
377     while (*p != '\0') {
378 	n = strtol(p, &endp, 16);
379 	if (p == endp) {
380 	    option_error("escape parameter contains invalid hex number '%s'",
381 			 p);
382 	    return 0;
383 	}
384 	p = endp;
385 	if (n < 0 || n == 0x5E || n > 0xFF) {
386 	    option_error("can't escape character 0x%x", n);
387 	    ret = 0;
388 	} else
389 	    xmit_accm[0][n >> 5] |= 1 << (n & 0x1F);
390 	while (*p == ',' || *p == ' ')
391 	    ++p;
392     }
393     return ret;
394 }
395 
396 /*
397  * setasyncmap - set async map negotiated
398  */
399 /*ARGSUSED*/
400 static int
401 setasyncmap(argv, opt)
402     char **argv;
403     option_t *opt;
404 {
405     u_int32_t val;
406     char *endp;
407 
408     val = strtoul(*argv, &endp, 16);
409     if (*argv == endp) {
410 	option_error("invalid numeric parameter '%s' for 'asyncmap' option",
411 	    *argv);
412 	return 0;
413     }
414     lcp_wantoptions[0].asyncmap |= val;
415     lcp_wantoptions[0].neg_asyncmap = (~lcp_wantoptions[0].asyncmap != 0);
416     do_msft_workaround = 0;
417     return 1;
418 }
419 
420 /*ARGSUSED*/
421 static int
422 setendpoint(argv, opt)
423     char **argv;
424     option_t *opt;
425 {
426     if (str_to_epdisc(&lcp_wantoptions[0].endpoint, *argv)) {
427 	lcp_wantoptions[0].neg_endpoint = 1;
428 	return 1;
429     }
430     option_error("Can't parse '%s' as an endpoint discriminator", *argv);
431     return 0;
432 }
433 
434 #ifdef NEGOTIATE_FCS
435 static int
436 str_to_fcstype(opt,arg)
437     lcp_options *opt;
438     char *arg;
439 {
440     char **cpp, *cp;
441     int val, len;
442 
443     if (*arg != '\0') {
444 	val = 0;
445 	while (*arg != '\0') {
446 	    len = 0;
447 	    if (isdigit(*arg)) {
448 		len = strtol(arg, &cp, 0);
449 		if (len < 0 || len > 255 || arg == cp ||
450 		    (*cp != '\0' && *cp != ','))
451 		    break;
452 		val |= len;
453 		len = cp - arg;
454 	    } else {
455 		for (cpp = fcsalt_strings; *cpp != NULL; cpp++) {
456 		    len = strlen(*cpp);
457 		    if (strncasecmp(arg, *cpp, len) == 0 &&
458 		        (arg[len] == '\0' || arg[len] == ','))
459 			break;
460 		}
461 		if (*cpp == NULL)
462 		    break;
463 		val |= 1<<(cpp-fcsalt_strings);
464 	    }
465 	    if (arg[len] == '\0') {
466 		opt->neg_fcs = 1;
467 		opt->fcs_type = val;
468 		return (1);
469 	    }
470 	    arg += len+1;
471 	}
472     }
473     option_error("Can't parse '%s' as an FCS type", arg);
474     return (0);
475 }
476 
477 /*ARGSUSED*/
478 static int
479 setfcsallow(argv, opt)
480     char **argv;
481     option_t *opt;
482 {
483     return str_to_fcstype(&lcp_allowoptions[0], *argv);
484 }
485 
486 /*ARGSUSED*/
487 static int
488 setfcswant(argv, opt)
489     char **argv;
490     option_t *opt;
491 {
492     return str_to_fcstype(&lcp_wantoptions[0], *argv);
493 }
494 #endif
495 
496 /*
497  * lcp_init - Initialize LCP.
498  */
499 static void
500 lcp_init(unit)
501     int unit;
502 {
503     fsm *f = &lcp_fsm[unit];
504     lcp_options *wo = &lcp_wantoptions[unit];
505     lcp_options *ao = &lcp_allowoptions[unit];
506 
507     f->unit = unit;
508     f->protocol = PPP_LCP;
509     f->callbacks = &lcp_callbacks;
510 
511     fsm_init(f);
512 
513     BZERO(wo, sizeof(*wo));
514     wo->neg_mru = 1;
515     wo->mru = PPP_MRU;
516     wo->neg_asyncmap = 1;
517     wo->chap_mdtype = CHAP_DIGEST_MD5;
518     wo->neg_magicnumber = 1;
519     wo->neg_pcompression = 1;
520     wo->neg_accompression = 1;
521 
522     /*
523      * Leave allowed MRU (MTU) at zero; configuration option sets it
524      * non-zero if we should nak for something else.
525      */
526     BZERO(ao, sizeof(*ao));
527     ao->neg_mru = 1;
528     ao->neg_asyncmap = 1;
529     ao->neg_chap = 1;
530 #if defined(CHAPMS) || defined(CHAPMSV2)
531 #ifdef SOL2
532     /* Check if DES wasn't exported */
533     errno = 0;
534     setkey("\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
535 	"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0");
536     if (errno == 0)
537 #endif
538     {
539 #ifdef CHAPMS
540     ao->neg_mschap = 1;
541 #endif
542 #ifdef CHAPMSV2
543     ao->neg_mschapv2 = 1;
544 #endif
545     }
546 #endif
547     ao->chap_mdtype = CHAP_DIGEST_MD5;
548     ao->neg_upap = 1;
549     ao->neg_magicnumber = 1;
550     ao->neg_pcompression = 1;
551     ao->neg_accompression = 1;
552 #ifdef CBCP_SUPPORT
553     ao->neg_cbcp = 1;
554 #endif
555     ao->neg_endpoint = 1;
556 #ifdef NEGOTIATE_FCS
557     ao->neg_fcs = 1;
558     ao->fcs_type = FCSALT_NULL|FCSALT_16|FCSALT_32;
559 #endif
560 
561     BZERO(xmit_accm[unit], sizeof(xmit_accm[0]));
562     xmit_accm[unit][3] = 0x60000000;
563 }
564 
565 
566 /*
567  * lcp_open - LCP is allowed to come up.
568  */
569 void
570 lcp_open(unit)
571     int unit;
572 {
573     fsm *f = &lcp_fsm[unit];
574     lcp_options *wo = &lcp_wantoptions[unit];
575 
576     f->flags = 0;
577     if (wo->passive)
578 	f->flags |= OPT_PASSIVE;
579     if (wo->silent)
580 	f->flags |= OPT_SILENT;
581     fsm_open(f);
582 }
583 
584 
585 /*
586  * lcp_close - Take LCP down.
587  */
588 void
589 lcp_close(unit, reason)
590     int unit;
591     char *reason;
592 {
593     fsm *f = &lcp_fsm[unit];
594 
595     if (phase != PHASE_DEAD)
596 	new_phase(PHASE_TERMINATE);
597     if (f->state == STOPPED && (f->flags & (OPT_PASSIVE|OPT_SILENT))) {
598 	/*
599 	 * This action is not strictly according to the FSM in RFC1548,
600 	 * but it does mean that the program terminates if you do a
601 	 * lcp_close() in passive/silent mode when a connection hasn't
602 	 * been established.
603 	 */
604 	f->state = CLOSED;
605 	lcp_finished(f);
606 
607     } else
608 	fsm_close(&lcp_fsm[unit], reason);
609 }
610 
611 
612 /*
613  * lcp_lowerup - The lower layer is up.
614  */
615 void
616 lcp_lowerup(unit)
617     int unit;
618 {
619     lcp_options *wo = &lcp_wantoptions[unit];
620     int mru, mtu;
621 
622     mru = PPP_MRU > absmax_mru ? absmax_mru : PPP_MRU;
623     mtu = PPP_MTU > absmax_mtu ? absmax_mtu : PPP_MTU;
624 
625     /*
626      * Don't use A/C or protocol compression on transmission,
627      * but accept A/C and protocol compressed packets
628      * if we are going to ask for A/C and protocol compression.
629      */
630     ppp_set_xaccm(unit, xmit_accm[unit]);
631     ppp_send_config(unit, mtu, 0xffffffff, 0, 0);
632     ppp_recv_config(unit, mru, (lax_recv? 0: 0xffffffff),
633 		    wo->neg_pcompression, wo->neg_accompression);
634 #ifdef NEGOTIATE_FCS
635     ppp_send_fcs(unit, FCSALT_16);
636     ppp_recv_fcs(unit, FCSALT_16);
637 #endif
638 
639     fsm_setpeermru(unit, mtu);
640     lcp_allowoptions[unit].asyncmap = xmit_accm[unit][0];
641 
642     fsm_lowerup(&lcp_fsm[unit]);
643 }
644 
645 
646 /*
647  * lcp_lowerdown - The lower layer is down.
648  */
649 void
650 lcp_lowerdown(unit)
651     int unit;
652 {
653     fsm_lowerdown(&lcp_fsm[unit]);
654 }
655 
656 
657 /*
658  * lcp_input - Input LCP packet.
659  */
660 static void
661 lcp_input(unit, p, len)
662     int unit;
663     u_char *p;
664     int len;
665 {
666     fsm *f = &lcp_fsm[unit];
667 
668     fsm_input(f, p, len);
669 }
670 
671 
672 /*
673  * lcp_extcode - Handle a LCP-specific code.
674  */
675 static int
676 lcp_extcode(f, code, id, inp, len)
677     fsm *f;
678     int code, id;
679     u_char *inp;
680     int len;
681 {
682     u_char *magp;
683 
684     switch( code ){
685     case CODE_PROTREJ:
686 	lcp_rprotrej(f, inp, len);
687 	break;
688 
689     case CODE_ECHOREQ:
690 	if (f->state != OPENED)
691 	    break;
692 	magp = inp;
693 	PUTLONG(lcp_gotoptions[f->unit].magicnumber, magp);
694 	fsm_sdata(f, CODE_ECHOREP, id, inp, len);
695 	break;
696 
697     case CODE_ECHOREP:
698 	if (!lcp_received_echo_reply(f, id, inp, len)) {
699 	    lcp_echo_badreplies++;
700 	    if (lcp_echo_badreplies > LCP_ECHO_MAX_BADREPLIES) {
701 		LcpLinkFailure(f);
702 		lcp_echos_pending = 0;
703 		lcp_echo_badreplies = 0;
704 	    }
705 	}
706 	break;
707 
708     case CODE_DISCREQ:
709 	break;
710 
711     case CODE_IDENT:
712 	/* More than one 'noident' tells us to reject the code number. */
713 	if (noident > 1)
714 	    return 0;
715 	lcp_received_identification(f, id, inp, len);
716 	break;
717 
718     case CODE_TIMEREMAIN:
719 	lcp_received_timeremain(f, id, inp, len);
720 	break;
721 
722     default:
723 	return 0;
724     }
725     return 1;
726 }
727 
728 /*
729  * lcp_rprotrej - Receive an Protocol-Reject.
730  *
731  * Figure out which protocol is rejected and inform it.
732  */
733 static void
734 lcp_rprotrej(f, inp, len)
735     fsm *f;
736     u_char *inp;
737     int len;
738 {
739     int i;
740     struct protent *protp;
741     u_short prot;
742 
743     if (len < 2) {
744 	dbglog("lcp_rprotrej: Rcvd short Protocol-Reject packet!");
745 	return;
746     }
747 
748     GETSHORT(prot, inp);
749 
750     /*
751      * Protocol-Reject packets received in any state other than the LCP
752      * OPENED state SHOULD be silently discarded.
753      */
754     if( f->state != OPENED ){
755 	dbglog("Protocol-Reject discarded: LCP in state %s",
756 	    fsm_state(f->state));
757 	return;
758     }
759 
760     /*
761      * Upcall the proper Protocol-Reject routine.
762      */
763     for (i = 0; (protp = protocols[i]) != NULL; ++i)
764 	if (protp->protocol == prot && protp->enabled_flag) {
765 	    (*protp->protrej)(f->unit);
766 	    return;
767 	}
768 
769     warn("Protocol-Reject for unsupported protocol 0x%x", prot);
770 }
771 
772 
773 /*
774  * lcp_protrej - A Protocol-Reject was received.
775  */
776 /*ARGSUSED*/
777 static void
778 lcp_protrej(unit)
779     int unit;
780 {
781     /*
782      * Can't reject LCP!
783      */
784     error("Received Protocol-Reject for LCP!");
785 }
786 
787 /*
788  * lcp_coderej - A Code-Reject was received.
789  */
790 /*ARGSUSED*/
791 static int
792 lcp_coderej(f, code, id, inp, len)
793 	fsm *f;
794 	int code;
795 	int id;
796 	u_char *inp;
797 	int len;
798 {
799 	/* The peer cannot reject these code numbers. */
800 	if (code >= CODE_CONFREQ && code <= CODE_PROTREJ)
801 		return 1;
802 	switch (code) {
803 	case CODE_ECHOREQ:
804 	    /*
805 	     * If the peer rejects an Echo-Request, then stop doing that.
806 	     */
807 	    if (lcp_echo_timer_running != 0) {
808 		UNTIMEOUT (LcpEchoTimeout, f);
809 		lcp_echo_timer_running = 0;
810 		lcp_echo_interval = 0;
811 	    }
812 	    break;
813 	}
814 	return 0;
815 }
816 
817 /*
818  * lcp_sprotrej - Send a Protocol-Reject for some protocol.
819  */
820 void
821 lcp_sprotrej(unit, p, len)
822     int unit;
823     u_char *p;
824     int len;
825 {
826     /*
827      * Send back the protocol and the information field of the
828      * rejected packet.  We only get here if LCP is in the OPENED state.
829      */
830     p += 2;
831     len -= 2;
832 
833     fsm_sdata(&lcp_fsm[unit], CODE_PROTREJ, ++lcp_fsm[unit].id,
834 	      p, len);
835 }
836 
837 
838 /*
839  * lcp_resetci - Reset our CI.
840  */
841 static void
842 lcp_resetci(f)
843     fsm *f;
844 {
845     lcp_options *wo = &lcp_wantoptions[f->unit];
846     lcp_options *go = &lcp_gotoptions[f->unit];
847     lcp_options *ao = &lcp_allowoptions[f->unit];
848 
849     wo->magicnumber = magic();
850     wo->numloops = 0;
851     sentident = 0;
852     *go = *wo;
853     if (!multilink) {
854 	go->neg_mrru = 0;
855 	go->neg_ssnhf = 0;
856     }
857     if (noendpoint)
858 	ao->neg_endpoint = 0;
859     if (go->mru > absmax_mru)
860 	go->mru = absmax_mru;
861     if (ao->mru > absmax_mtu)
862 	ao->mru = absmax_mtu;
863     unsolicit_mru = 1;
864     fsm_setpeermru(f->unit, PPP_MTU > absmax_mtu ? absmax_mtu : PPP_MTU);
865     auth_reset(f->unit);
866 }
867 
868 
869 /*
870  * lcp_cilen - Return length of our CI.
871  */
872 static int
873 lcp_cilen(f)
874     fsm *f;
875 {
876     lcp_options *go = &lcp_gotoptions[f->unit];
877 
878 #define LENCIVOID(neg)	((neg) ? CILEN_VOID : 0)
879 #define LENCICHAP(neg)	((neg) ? CILEN_CHAP : 0)
880 #define LENCICHAR(neg)	((neg) ? CILEN_CHAR : 0)
881 #define LENCISHORT(neg)	((neg) ? CILEN_SHORT : 0)
882 #define LENCILONG(neg)	((neg) ? CILEN_LONG : 0)
883 #define LENCILQR(neg)	((neg) ? CILEN_LQR: 0)
884 #define LENCICBCP(neg)	((neg) ? CILEN_CBCP: 0)
885     /*
886      * NB: we only ask for one of CHAP and UPAP, even if we will
887      * accept either.
888      */
889     return (LENCISHORT(go->neg_mru && go->mru != PPP_MRU) +
890 	    LENCILONG(go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF) +
891 	    LENCICHAP(go->neg_chap || go->neg_mschap || go->neg_mschapv2) +
892 	    LENCISHORT(!go->neg_chap && go->neg_upap && !go->neg_mschap &&
893 		!go->neg_mschapv2) +
894 	    LENCILQR(go->neg_lqr) +
895 	    LENCICBCP(go->neg_cbcp) +
896 	    LENCILONG(go->neg_magicnumber) +
897 	    LENCIVOID(go->neg_pcompression) +
898 	    LENCIVOID(go->neg_accompression) +
899 	    LENCICHAR(go->neg_fcs) +
900 	    LENCISHORT(go->neg_mrru) +
901 	    LENCIVOID(go->neg_ssnhf) +
902 #ifdef MUX_FRAME
903             LENCIVOID(go->pppmux) +
904 #endif
905 	    (go->neg_endpoint? CILEN_CHAR + go->endpoint.length: 0));
906 }
907 
908 
909 /*
910  * lcp_addci - Add our desired CIs to a packet.
911  */
912 static void
913 lcp_addci(f, ucp, lenp)
914     fsm *f;
915     u_char *ucp;
916     int *lenp;
917 {
918     lcp_options *go = &lcp_gotoptions[f->unit];
919     lcp_options *ho = &lcp_hisoptions[f->unit];
920     u_char *start_ucp = ucp;
921 
922 #define ADDCIVOID(opt, neg) \
923     if (neg) { \
924 	PUTCHAR(opt, ucp); \
925 	PUTCHAR(CILEN_VOID, ucp); \
926     }
927 #define ADDCISHORT(opt, neg, val) \
928     if (neg) { \
929 	PUTCHAR(opt, ucp); \
930 	PUTCHAR(CILEN_SHORT, ucp); \
931 	PUTSHORT(val, ucp); \
932     }
933 #define ADDCICHAP(opt, neg, val, digest) \
934     if (neg) { \
935 	PUTCHAR(opt, ucp); \
936 	PUTCHAR(CILEN_CHAP, ucp); \
937 	PUTSHORT(val, ucp); \
938 	PUTCHAR(digest, ucp); \
939     }
940 #define ADDCILONG(opt, neg, val) \
941     if (neg) { \
942 	PUTCHAR(opt, ucp); \
943 	PUTCHAR(CILEN_LONG, ucp); \
944 	PUTLONG(val, ucp); \
945     }
946 #define ADDCILQR(opt, neg, val) \
947     if (neg) { \
948 	PUTCHAR(opt, ucp); \
949 	PUTCHAR(CILEN_LQR, ucp); \
950 	PUTSHORT(PPP_LQR, ucp); \
951 	PUTLONG(val, ucp); \
952     }
953 #define ADDCICHAR(opt, neg, val) \
954     if (neg) { \
955 	PUTCHAR(opt, ucp); \
956 	PUTCHAR(CILEN_CHAR, ucp); \
957 	PUTCHAR(val, ucp); \
958     }
959 #define ADDCIENDP(opt, neg, class, val, len) \
960     if (neg) { \
961 	int i; \
962 	PUTCHAR(opt, ucp); \
963 	PUTCHAR(CILEN_CHAR + len, ucp); \
964 	PUTCHAR(class, ucp); \
965 	for (i = 0; i < len; ++i) \
966 	    PUTCHAR(val[i], ucp); \
967     }
968 
969     ADDCISHORT(CI_MRU, go->neg_mru && go->mru != PPP_MRU, go->mru);
970     ADDCILONG(CI_ASYNCMAP, go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF,
971 	      go->asyncmap);
972     /* go->chap_mdtype always points to a useful value */
973     ADDCICHAP(CI_AUTHTYPE, go->neg_chap || go->neg_mschap || go->neg_mschapv2,
974 	PPP_CHAP, go->chap_mdtype);
975     ADDCISHORT(CI_AUTHTYPE, !(go->neg_chap || go->neg_mschap ||
976 	go->neg_mschapv2) && go->neg_upap, PPP_PAP);
977     /* We can't both say zero for LQR period. */
978     if (f->state == ACKSENT && go->neg_lqr && go->lqr_period == 0 &&
979 	ho->neg_lqr && ho->lqr_period == 0)
980 	go->lqr_period = 500;
981     ADDCILQR(CI_QUALITY, go->neg_lqr, go->lqr_period);
982     ADDCICHAR(CI_CALLBACK, go->neg_cbcp, CBOP_CBCP);
983     ADDCILONG(CI_MAGICNUMBER, go->neg_magicnumber, go->magicnumber);
984     ADDCIVOID(CI_PCOMPRESSION, go->neg_pcompression);
985     ADDCIVOID(CI_ACCOMPRESSION, go->neg_accompression);
986     ADDCICHAR(CI_FCSALTERN, (go->neg_fcs && go->fcs_type != 0), go->fcs_type);
987     ADDCIENDP(CI_EPDISC, go->neg_endpoint, go->endpoint.class,
988 	      go->endpoint.value, go->endpoint.length);
989 #ifdef MUX_FRAME
990     ADDCIVOID(CI_MUXING, go->pppmux);
991 #endif
992     ADDCISHORT(CI_MRRU, go->neg_mrru, go->mrru);
993     ADDCIVOID(CI_SSNHF, go->neg_ssnhf);
994 
995     if (ucp - start_ucp != *lenp) {
996 	/* this should never happen, because peer_mtu should be 1500 */
997 	error("Bug in lcp_addci: wrong length");
998     }
999 }
1000 
1001 
1002 /*
1003  * lcp_ackci - Ack our CIs.
1004  * This should not modify any state if the Ack is bad.
1005  *
1006  * Returns:
1007  *	0 - Ack was bad.
1008  *	1 - Ack was good.
1009  */
1010 static int
1011 lcp_ackci(f, p, len)
1012     fsm *f;
1013     u_char *p;
1014     int len;
1015 {
1016     lcp_options *go = &lcp_gotoptions[f->unit];
1017 #ifdef MUX_FRAME
1018     lcp_options *ao = &lcp_allowoptions[f->unit];
1019 #endif
1020     u_char cilen, citype, cichar;
1021     u_short cishort;
1022     u_int32_t cilong;
1023 
1024     /*
1025      * CIs must be in exactly the same order that we sent.
1026      * Check packet length and CI length at each step.
1027      * If we find any deviations, then this packet is bad.
1028      */
1029 #define ACKCIVOID(opt, neg) \
1030     if (neg) { \
1031 	if ((len -= CILEN_VOID) < 0) \
1032 	    goto bad; \
1033 	GETCHAR(citype, p); \
1034 	GETCHAR(cilen, p); \
1035 	if (cilen != CILEN_VOID || \
1036 	    citype != opt) \
1037 	    goto bad; \
1038     }
1039 #define ACKCISHORT(opt, neg, val) \
1040     if (neg) { \
1041 	if ((len -= CILEN_SHORT) < 0) \
1042 	    goto bad; \
1043 	GETCHAR(citype, p); \
1044 	GETCHAR(cilen, p); \
1045 	if (cilen != CILEN_SHORT || \
1046 	    citype != opt) \
1047 	    goto bad; \
1048 	GETSHORT(cishort, p); \
1049 	if (cishort != val) \
1050 	    goto bad; \
1051     }
1052 #define ACKCIAUTH(opt, neg, val) \
1053     if (neg) { \
1054 	if ((len -= CILEN_SHORT) < 0) \
1055 	    goto bad; \
1056 	GETCHAR(citype, p); \
1057 	GETCHAR(cilen, p); \
1058 	if (cilen != CILEN_SHORT || \
1059 	    citype != opt) \
1060 	    goto bad; \
1061 	GETSHORT(cishort, p); \
1062 	if (cishort != val) \
1063 	    goto bad; \
1064 	peer_nak_auth = 0; \
1065 	peer_reject_auth = 0; \
1066     }
1067 #define ACKCICHAR(opt, neg, val) \
1068     if (neg) { \
1069 	if ((len -= CILEN_CHAR) < 0) \
1070 	    goto bad; \
1071 	GETCHAR(citype, p); \
1072 	GETCHAR(cilen, p); \
1073 	if (cilen != CILEN_CHAR || \
1074 	    citype != opt) \
1075 	    goto bad; \
1076 	GETCHAR(cichar, p); \
1077 	if (cichar != val) \
1078 	    goto bad; \
1079     }
1080 #define ACKCICHAP(opt, neg, val, digest) \
1081     if (neg) { \
1082 	if ((len -= CILEN_CHAP) < 0) \
1083 	    goto bad; \
1084 	GETCHAR(citype, p); \
1085 	GETCHAR(cilen, p); \
1086 	if (cilen != CILEN_CHAP || \
1087 	    citype != opt) \
1088 	    goto bad; \
1089 	GETSHORT(cishort, p); \
1090 	if (cishort != val) \
1091 	    goto bad; \
1092 	GETCHAR(cichar, p); \
1093 	if (cichar != digest) \
1094 	  goto bad; \
1095 	peer_nak_auth = 0; \
1096 	peer_reject_auth = 0; \
1097     }
1098 #define ACKCILONG(opt, neg, val) \
1099     if (neg) { \
1100 	if ((len -= CILEN_LONG) < 0) \
1101 	    goto bad; \
1102 	GETCHAR(citype, p); \
1103 	GETCHAR(cilen, p); \
1104 	if (cilen != CILEN_LONG || \
1105 	    citype != opt) \
1106 	    goto bad; \
1107 	GETLONG(cilong, p); \
1108 	if (cilong != val) \
1109 	    goto bad; \
1110     }
1111 #define ACKCILQR(opt, neg, val) \
1112     if (neg) { \
1113 	if ((len -= CILEN_LQR) < 0) \
1114 	    goto bad; \
1115 	GETCHAR(citype, p); \
1116 	GETCHAR(cilen, p); \
1117 	if (cilen != CILEN_LQR || \
1118 	    citype != opt) \
1119 	    goto bad; \
1120 	GETSHORT(cishort, p); \
1121 	if (cishort != PPP_LQR) \
1122 	    goto bad; \
1123 	GETLONG(cilong, p); \
1124 	if (cilong != val) \
1125 	  goto bad; \
1126     }
1127 #define ACKCIENDP(opt, neg, class, val, vlen) \
1128     if (neg) { \
1129 	int i; \
1130 	if ((len -= CILEN_CHAR + vlen) < 0) \
1131 	    goto bad; \
1132 	GETCHAR(citype, p); \
1133 	GETCHAR(cilen, p); \
1134 	if (cilen != CILEN_CHAR + vlen || \
1135 	    citype != opt) \
1136 	    goto bad; \
1137 	GETCHAR(cichar, p); \
1138 	if (cichar != class) \
1139 	    goto bad; \
1140 	for (i = 0; i < vlen; ++i) { \
1141 	    GETCHAR(cichar, p); \
1142 	    if (cichar != val[i]) \
1143 		goto bad; \
1144 	} \
1145     }
1146 
1147     ACKCISHORT(CI_MRU, go->neg_mru && go->mru != PPP_MRU, go->mru);
1148     ACKCILONG(CI_ASYNCMAP, go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF,
1149 	      go->asyncmap);
1150     /* go->chap_mdtype always points to a useful value */
1151     ACKCICHAP(CI_AUTHTYPE, go->neg_chap || go->neg_mschap || go->neg_mschapv2,
1152 	PPP_CHAP, go->chap_mdtype);
1153     ACKCIAUTH(CI_AUTHTYPE, !(go->neg_chap || go->neg_mschap ||
1154 	go->neg_mschapv2) && go->neg_upap, PPP_PAP);
1155     ACKCILQR(CI_QUALITY, go->neg_lqr, go->lqr_period);
1156     ACKCICHAR(CI_CALLBACK, go->neg_cbcp, CBOP_CBCP);
1157     ACKCILONG(CI_MAGICNUMBER, go->neg_magicnumber, go->magicnumber);
1158     ACKCIVOID(CI_PCOMPRESSION, go->neg_pcompression);
1159     ACKCIVOID(CI_ACCOMPRESSION, go->neg_accompression);
1160     ACKCICHAR(CI_FCSALTERN, go->neg_fcs, go->fcs_type);
1161     ACKCIENDP(CI_EPDISC, go->neg_endpoint, go->endpoint.class,
1162 	      go->endpoint.value, go->endpoint.length);
1163 #ifdef MUX_FRAME
1164     ACKCIVOID(CI_MUXING, go->pppmux);
1165     if (go->pppmux)
1166     	go->pppmux = ao->pppmux;
1167 #endif
1168     ACKCISHORT(CI_MRRU, go->neg_mrru, go->mrru);
1169     ACKCIVOID(CI_SSNHF, go->neg_ssnhf);
1170 
1171     /*
1172      * If there are any remaining CIs, then this packet is bad.
1173      */
1174     if (len != 0)
1175 	goto bad;
1176     return (1);
1177 bad:
1178     dbglog("lcp_acki: received bad Ack!");
1179     return (0);
1180 }
1181 
1182 
1183 /*
1184  * lcp_nakci - Peer has sent a NAK for some of our CIs.
1185  * This should not modify any state if the Nak is bad
1186  * or if LCP is in the OPENED state.
1187  *
1188  * Returns:
1189  *	0 - Nak was bad.
1190  *	1 - Nak was good.
1191  */
1192 static int
1193 lcp_nakci(f, p, len)
1194     fsm *f;
1195     u_char *p;
1196     int len;
1197 {
1198     lcp_options *go = &lcp_gotoptions[f->unit];
1199     lcp_options *wo = &lcp_wantoptions[f->unit];
1200     u_char citype, cichar, *next;
1201     u_short cishort;
1202     u_int32_t cilong;
1203     lcp_options no;		/* options we've seen Naks for */
1204     lcp_options try;		/* options to request next time */
1205     int looped_back = 0;
1206     int cilen;
1207 
1208     BZERO(&no, sizeof(no));
1209     try = *go;
1210 
1211     /*
1212      * Any Nak'd CIs must be in exactly the same order that we sent.
1213      * Check packet length and CI length at each step.
1214      * If we find any deviations, then this packet is bad.
1215      */
1216 #define NAKCIVOID(opt, neg) \
1217     if (go->neg && \
1218 	len >= CILEN_VOID && \
1219 	p[1] == CILEN_VOID && \
1220 	p[0] == opt) { \
1221 	len -= CILEN_VOID; \
1222 	INCPTR(CILEN_VOID, p); \
1223 	no.neg = 1; \
1224 	try.neg = 0; \
1225     }
1226 #define NAKCICHAR(opt, neg, code) \
1227     if (go->neg && \
1228 	len >= CILEN_CHAR && \
1229 	p[1] == CILEN_CHAR && \
1230 	p[0] == opt) { \
1231 	len -= CILEN_CHAR; \
1232 	INCPTR(2, p); \
1233 	GETCHAR(cichar, p); \
1234 	no.neg = 1; \
1235 	code \
1236     }
1237 #define NAKCISHORT(opt, neg, code) \
1238     if (go->neg && \
1239 	len >= CILEN_SHORT && \
1240 	p[1] == CILEN_SHORT && \
1241 	p[0] == opt) { \
1242 	len -= CILEN_SHORT; \
1243 	INCPTR(2, p); \
1244 	GETSHORT(cishort, p); \
1245 	no.neg = 1; \
1246 	code \
1247     }
1248 #define NAKCILONG(opt, neg, code) \
1249     if (go->neg && \
1250 	len >= CILEN_LONG && \
1251 	p[1] == CILEN_LONG && \
1252 	p[0] == opt) { \
1253 	len -= CILEN_LONG; \
1254 	INCPTR(2, p); \
1255 	GETLONG(cilong, p); \
1256 	no.neg = 1; \
1257 	code \
1258     }
1259 #define NAKCILQR(opt, neg, code) \
1260     if (go->neg && \
1261 	len >= CILEN_LQR && \
1262 	p[1] == CILEN_LQR && \
1263 	p[0] == opt) { \
1264 	len -= CILEN_LQR; \
1265 	INCPTR(2, p); \
1266 	GETSHORT(cishort, p); \
1267 	GETLONG(cilong, p); \
1268 	no.neg = 1; \
1269 	code \
1270     }
1271 #define NAKCIENDP(opt, neg) \
1272     if (go->neg && \
1273 	len >= CILEN_CHAR && \
1274 	p[0] == opt && \
1275 	p[1] >= CILEN_CHAR && \
1276 	p[1] <= len) { \
1277 	len -= p[1]; \
1278 	INCPTR(p[1], p); \
1279 	no.neg = 1; \
1280 	try.neg = 0; \
1281     }
1282 
1283     /*
1284      * We don't care if they want to send us smaller packets than
1285      * we want.  Therefore, accept any MRU less than what we asked for,
1286      * but then ignore the new value when setting the MRU in the kernel.
1287      * If they send us a bigger MRU than what we asked, accept it, up to
1288      * the limit of the default MRU we'd get if we didn't negotiate.
1289      */
1290     if (go->neg_mru && go->mru != PPP_MRU) {
1291 	NAKCISHORT(CI_MRU, neg_mru,
1292 		   if (cishort <= wo->mru ||
1293 		       (cishort <= PPP_MRU && cishort <= absmax_mru))
1294 		       try.mru = cishort;
1295 		   );
1296     }
1297 
1298     /*
1299      * Add any characters they want to our (receive-side) asyncmap.
1300      */
1301     if (go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF) {
1302 	NAKCILONG(CI_ASYNCMAP, neg_asyncmap,
1303 		  try.asyncmap = go->asyncmap | cilong;
1304 		  );
1305     }
1306 
1307     /*
1308      * If they've nak'd our authentication-protocol, check whether
1309      * they are proposing a different protocol, or a different
1310      * hash algorithm for CHAP.
1311      */
1312     if ((go->neg_chap || go->neg_mschap || go->neg_mschapv2 || go->neg_upap) &&
1313 	len >= CILEN_SHORT && p[0] == CI_AUTHTYPE && p[1] >= CILEN_SHORT &&
1314 	p[1] <= len) {
1315 	cilen = p[1];
1316 	len -= cilen;
1317 	INCPTR(2, p);
1318         GETSHORT(cishort, p);
1319 	peer_nak_auth = 1;
1320 	nak_auth_orig = (go->neg_chap || go->neg_mschap || go->neg_mschapv2) ?
1321 	    PPP_CHAP : PPP_PAP;
1322 	nak_auth_proto = cishort;
1323 	if (cishort == PPP_PAP && cilen == CILEN_SHORT) {
1324 	    no.neg_upap = go->neg_upap;
1325 	    /*
1326 	     * If we were asking for CHAP, they obviously don't want to do it.
1327 	     * If we weren't asking for CHAP, then we were asking for PAP,
1328 	     * in which case this Nak is bad.
1329 	     */
1330 	    if (!go->neg_chap && !go->neg_mschap && !go->neg_mschapv2)
1331 		goto bad;
1332 	    try.neg_chap = 0;
1333 	    try.neg_mschap = 0;
1334 	    try.neg_mschapv2 = 0;
1335 
1336 	} else if (cishort == PPP_CHAP && cilen >= CILEN_CHAP) {
1337 	    /* stop asking for that type */
1338 	    switch (go->chap_mdtype) {
1339 	    case CHAP_DIGEST_MD5:
1340 		no.neg_chap = go->neg_chap;
1341 		try.neg_chap = 0;
1342 		break;
1343 	    case CHAP_MICROSOFT:
1344 		no.neg_mschap = go->neg_mschap;
1345 		try.neg_mschap = 0;
1346 		break;
1347 	    case CHAP_MICROSOFT_V2:
1348 		no.neg_mschapv2 = go->neg_mschapv2;
1349 		try.neg_mschapv2 = 0;
1350 		break;
1351 	    }
1352 	    GETCHAR(cichar, p);
1353 	    /* Allow >= on length here for broken and silly peers. */
1354 	    p += cilen - CILEN_CHAP;
1355 	    try.neg_upap = 0;
1356 	    if ((cichar == CHAP_DIGEST_MD5 && wo->neg_chap) ||
1357 		(cichar == CHAP_MICROSOFT && wo->neg_mschap) ||
1358 		(cichar == CHAP_MICROSOFT_V2 && wo->neg_mschapv2)) {
1359 		/* Try his requested algorithm. */
1360 		try.chap_mdtype = cichar;
1361 	    } else {
1362 		goto try_another;
1363 	    }
1364 
1365 	} else {
1366 	    /*
1367 	     * We don't recognize what they're suggesting.
1368 	     * Stop asking for what we were asking for.
1369 	     */
1370 	try_another:
1371 	    if (go->neg_chap || go->neg_mschap || go->neg_mschapv2) {
1372 		switch (go->chap_mdtype) {
1373 		case CHAP_DIGEST_MD5:
1374 		    try.neg_chap = 0;
1375 		    if (wo->neg_mschap) {
1376 			try.chap_mdtype = CHAP_MICROSOFT;
1377 			break;
1378 		    }
1379 			/*FALLTHROUGH*/
1380 		case CHAP_MICROSOFT:
1381 		    try.neg_mschap = 0;
1382 		    if (wo->neg_mschapv2) {
1383 			try.chap_mdtype = CHAP_MICROSOFT_V2;
1384 			break;
1385 		    }
1386 			/*FALLTHROUGH*/
1387 		case CHAP_MICROSOFT_V2:
1388 		    try.neg_mschapv2 = 0;
1389 		    break;
1390 		}
1391 	    } else
1392 		try.neg_upap = 0;
1393 	    p += cilen - CILEN_SHORT;
1394 	}
1395     }
1396 
1397     /*
1398      * If they can't cope with our link quality protocol, we'll have
1399      * to stop asking for LQR.  We haven't got any other protocol.  If
1400      * they Nak the reporting period, then the following logic
1401      * applies:
1402      * If he suggests zero and go->neg_fcs is true and
1403      * ao->lqr_period isn't zero, then take his suggestion.  If he
1404      * suggests zero otherwise, ignore it.  If he suggests a nonzero
1405      * value and wo->lqr_period is zero, then take his suggestion.  If
1406      * he suggests a nonzero value otherwise that's less than
1407      * wo->lqr_period, then ignore it.
1408      */
1409     NAKCILQR(CI_QUALITY, neg_lqr,
1410 	     if (cishort != PPP_LQR)
1411 		 try.neg_lqr = 0;
1412 	     else if (cilong == 0 && go->neg_fcs && wo->lqr_period != 0)
1413 		 try.lqr_period = cilong;
1414 	     else if (cilong != 0 &&
1415 		 (wo->lqr_period == 0 || cilong > wo->lqr_period))
1416 		 try.lqr_period = cilong;
1417 	     );
1418 
1419     /*
1420      * Only implementing CBCP...not the rest of the callback options
1421      */
1422     NAKCICHAR(CI_CALLBACK, neg_cbcp,
1423               try.neg_cbcp = 0;
1424               );
1425 
1426     /*
1427      * Check for a looped-back line.
1428      */
1429     NAKCILONG(CI_MAGICNUMBER, neg_magicnumber,
1430 	      try.magicnumber = magic();
1431 	      looped_back = 1;
1432 	      );
1433 
1434     /*
1435      * Peer shouldn't send Nak for protocol compression or
1436      * address/control compression requests; they should send
1437      * a Reject instead.  If they send a Nak, treat it as a Reject.
1438      */
1439     NAKCIVOID(CI_PCOMPRESSION, neg_pcompression);
1440     NAKCIVOID(CI_ACCOMPRESSION, neg_accompression);
1441 
1442     /*
1443      * Remove any FCS types he doesn't like from our (receive-side)
1444      * FCS list.
1445      */
1446     NAKCICHAR(CI_FCSALTERN, neg_fcs, try.fcs_type = go->fcs_type & cichar;);
1447 
1448 #ifdef MUX_FRAME
1449     /* Nacked MUX option */
1450     NAKCIVOID(CI_MUXING, pppmux);
1451 #endif
1452 
1453     /*
1454      * Nak of the endpoint discriminator option is not permitted,
1455      * treat it like a reject.
1456      */
1457     NAKCIENDP(CI_EPDISC, neg_endpoint);
1458 
1459     /*
1460      * Nak for MRRU option - accept their value if it is smaller
1461      * than the one we want.
1462      */
1463     if (go->neg_mrru) {
1464 	NAKCISHORT(CI_MRRU, neg_mrru,
1465 		   if (cishort <= wo->mrru)
1466 		       try.mrru = cishort;
1467 		   );
1468     }
1469 
1470     /*
1471      * Nak for short sequence numbers shouldn't be sent, treat it
1472      * like a reject.
1473      */
1474     NAKCIVOID(CI_SSNHF, neg_ssnhf);
1475 
1476     /*
1477      * There may be remaining CIs, if the peer is requesting negotiation
1478      * on an option that we didn't include in our request packet.
1479      * If we see an option that we requested, or one we've already seen
1480      * in this packet, then this packet is bad.
1481      * If we wanted to respond by starting to negotiate on the requested
1482      * option(s), we could, but we don't, because except for the
1483      * authentication type and quality protocol, if we are not negotiating
1484      * an option, it is because we were told not to.
1485      * For the authentication type, the Nak from the peer means
1486      * `let me authenticate myself with you' which is a bit pointless.
1487      * For the quality protocol, the Nak means `ask me to send you quality
1488      * reports', but if we didn't ask for them, we don't want them.
1489      * An option we don't recognize represents the peer asking to
1490      * negotiate some option we don't support, so ignore it.
1491      */
1492     while (len > CILEN_VOID) {
1493 	GETCHAR(citype, p);
1494 	GETCHAR(cilen, p);
1495 	if (cilen < CILEN_VOID || (len -= cilen) < 0)
1496 	    goto bad;
1497 	next = p + cilen - 2;
1498 
1499 	switch (citype) {
1500 	case CI_MRU:
1501 	    if ((go->neg_mru && go->mru != PPP_MRU)
1502 		|| no.neg_mru || cilen != CILEN_SHORT)
1503 		goto bad;
1504 	    GETSHORT(cishort, p);
1505 	    if (cishort < PPP_MRU && cishort < absmax_mru) {
1506 		try.neg_mru = 1;
1507 		try.mru = cishort;
1508 		notice("Peer sent unsolicited Nak for MRU less than default.");
1509 	    }
1510 	    break;
1511 	case CI_ASYNCMAP:
1512 	    if ((go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF)
1513 		|| no.neg_asyncmap || cilen != CILEN_LONG)
1514 		goto bad;
1515 	    break;
1516 	case CI_AUTHTYPE:
1517 	    unsolicited_nak_auth = 1;
1518 	    if (cilen >= CILEN_SHORT) {
1519 		GETSHORT(unsolicit_auth_proto, p);
1520 	    } else {
1521 		unsolicit_auth_proto = 0;
1522 	    }
1523 	    if (go->neg_chap || no.neg_chap ||
1524 		go->neg_mschap || no.neg_mschap ||
1525 		go->neg_mschapv2 || no.neg_mschapv2 ||
1526 		go->neg_upap || no.neg_upap)
1527 		goto bad;
1528 	    break;
1529 	case CI_MAGICNUMBER:
1530 	    if (go->neg_magicnumber || no.neg_magicnumber ||
1531 		cilen != CILEN_LONG)
1532 		goto bad;
1533 	    break;
1534 	case CI_PCOMPRESSION:
1535 	    if (go->neg_pcompression || no.neg_pcompression
1536 		|| cilen != CILEN_VOID)
1537 		goto bad;
1538 	    break;
1539 	case CI_ACCOMPRESSION:
1540 	    if (go->neg_accompression || no.neg_accompression
1541 		|| cilen != CILEN_VOID)
1542 		goto bad;
1543 	    break;
1544 	case CI_QUALITY:
1545 	    if (go->neg_lqr || no.neg_lqr || cilen != CILEN_LQR)
1546 		goto bad;
1547 	    break;
1548 	case CI_MRRU:
1549 	    if (go->neg_mrru || no.neg_mrru || cilen != CILEN_SHORT)
1550 		goto bad;
1551 	    break;
1552 	case CI_SSNHF:
1553 	    if (go->neg_ssnhf || no.neg_ssnhf || cilen != CILEN_VOID)
1554 		goto bad;
1555 	    try.neg_ssnhf = 1;
1556 	    break;
1557 	case CI_EPDISC:
1558 	    if (go->neg_endpoint || no.neg_endpoint || cilen < CILEN_CHAR)
1559 		goto bad;
1560 	    break;
1561 	case CI_FCSALTERN:
1562 	    if (go->neg_fcs || no.neg_fcs || cilen < CILEN_CHAR)
1563 		goto bad;
1564 	    break;
1565 #ifdef MUX_FRAME
1566         case CI_MUXING:
1567             if (go->pppmux || no.pppmux || cilen < CILEN_VOID)
1568                 goto bad;
1569             break;
1570 #endif
1571 	}
1572 	p = next;
1573     }
1574 
1575     /*
1576      * OK, the Nak is good.  Now we can update state.
1577      * If there are any options left we ignore them.
1578      */
1579     if (f->state != OPENED) {
1580 	/*
1581 	 * Note:  the code once reset try.numloops to zero here if
1582 	 * looped_back wasn't set.  This is wrong because a mixture of
1583 	 * looped-back and peer data (possible if half-duplex is used)
1584 	 * will allow the link to come up, and it shouldn't.
1585 	 */
1586 	if (looped_back) {
1587 	    if (++try.numloops >= lcp_loopbackfail) {
1588 		notice("Serial line is looped back.");
1589 		lcp_close(f->unit, "Loopback detected");
1590 		status = EXIT_LOOPBACK;
1591 	    }
1592 	}
1593 	*go = try;
1594     }
1595 
1596     return 1;
1597 
1598 bad:
1599     dbglog("lcp_nakci: received bad Nak!");
1600     return 0;
1601 }
1602 
1603 
1604 /*
1605  * lcp_rejci - Peer has Rejected some of our CIs.
1606  * This should not modify any state if the Reject is bad
1607  * or if LCP is in the OPENED state.
1608  *
1609  * Returns:
1610  *	0 - Reject was bad.
1611  *	1 - Reject was good.
1612  */
1613 static int
1614 lcp_rejci(f, p, len)
1615     fsm *f;
1616     u_char *p;
1617     int len;
1618 {
1619     lcp_options *go = &lcp_gotoptions[f->unit];
1620     u_char cichar;
1621     u_short cishort;
1622     u_int32_t cilong;
1623     lcp_options try;		/* options to request next time */
1624 
1625     try = *go;
1626 
1627     /*
1628      * Any Rejected CIs must be in exactly the same order that we sent.
1629      * Check packet length and CI length at each step.
1630      * If we find any deviations, then this packet is bad.
1631      */
1632 #define REJCIVOID(opt, neg) \
1633     if (go->neg && \
1634 	len >= CILEN_VOID && \
1635 	p[1] == CILEN_VOID && \
1636 	p[0] == opt) { \
1637 	len -= CILEN_VOID; \
1638 	INCPTR(CILEN_VOID, p); \
1639 	try.neg = 0; \
1640     }
1641 #define REJCICHAR(opt, neg, val) \
1642     if (go->neg && \
1643 	len >= CILEN_CHAR && \
1644 	p[1] == CILEN_CHAR && \
1645 	p[0] == opt) { \
1646 	len -= CILEN_CHAR; \
1647 	INCPTR(2, p); \
1648 	GETCHAR(cichar, p); \
1649 	/* Check rejected value. */ \
1650 	if (cichar != val) \
1651 	    goto bad; \
1652 	try.neg = 0; \
1653     }
1654 #define REJCISHORT(opt, neg, val) \
1655     if (go->neg && \
1656 	len >= CILEN_SHORT && \
1657 	p[1] == CILEN_SHORT && \
1658 	p[0] == opt) { \
1659 	len -= CILEN_SHORT; \
1660 	INCPTR(2, p); \
1661 	GETSHORT(cishort, p); \
1662 	/* Check rejected value. */ \
1663 	if (cishort != val) \
1664 	    goto bad; \
1665 	try.neg = 0; \
1666     }
1667 #define REJCIAUTH(opt, neg, val) \
1668     if (go->neg && \
1669 	len >= CILEN_SHORT && \
1670 	p[1] == CILEN_SHORT && \
1671 	p[0] == opt) { \
1672 	len -= CILEN_SHORT; \
1673 	INCPTR(2, p); \
1674 	GETSHORT(cishort, p); \
1675 	/* Check rejected value. */ \
1676 	peer_reject_auth = 1; \
1677 	reject_auth_proto = cishort; \
1678 	if (cishort != val) \
1679 	    goto bad; \
1680 	try.neg = 0; \
1681     }
1682 #define REJCILONG(opt, neg, val) \
1683     if (go->neg && \
1684 	len >= CILEN_LONG && \
1685 	p[1] == CILEN_LONG && \
1686 	p[0] == opt) { \
1687 	len -= CILEN_LONG; \
1688 	INCPTR(2, p); \
1689 	GETLONG(cilong, p); \
1690 	/* Check rejected value. */ \
1691 	if (cilong != val) \
1692 	    goto bad; \
1693 	try.neg = 0; \
1694     }
1695 #define REJCILQR(opt, neg, val) \
1696     if (go->neg && \
1697 	len >= CILEN_LQR && \
1698 	p[1] == CILEN_LQR && \
1699 	p[0] == opt) { \
1700 	len -= CILEN_LQR; \
1701 	INCPTR(2, p); \
1702 	GETSHORT(cishort, p); \
1703 	GETLONG(cilong, p); \
1704 	/* Check rejected value. */ \
1705 	if (cishort != PPP_LQR || cilong != val) \
1706 	    goto bad; \
1707 	try.neg = 0; \
1708     }
1709 #define REJCICBCP(opt, neg, val) \
1710     if (go->neg && \
1711 	len >= CILEN_CBCP && \
1712 	p[1] == CILEN_CBCP && \
1713 	p[0] == opt) { \
1714 	len -= CILEN_CBCP; \
1715 	INCPTR(2, p); \
1716 	GETCHAR(cichar, p); \
1717 	/* Check rejected value. */ \
1718 	if (cichar != val) \
1719 	    goto bad; \
1720 	try.neg = 0; \
1721     }
1722 #define REJCIENDP(opt, neg, class, val, vlen) \
1723     if (go->neg && \
1724 	len >= CILEN_CHAR + vlen && \
1725 	p[0] == opt && \
1726 	p[1] == CILEN_CHAR + vlen) { \
1727 	int i; \
1728 	len -= CILEN_CHAR + vlen; \
1729 	INCPTR(2, p); \
1730 	GETCHAR(cichar, p); \
1731 	if (cichar != class) \
1732 	    goto bad; \
1733 	for (i = 0; i < vlen; ++i) { \
1734 	    GETCHAR(cichar, p); \
1735 	    if (cichar != val[i]) \
1736 		goto bad; \
1737 	} \
1738 	try.neg = 0; \
1739     }
1740 
1741     /* Received a Configure-Reject, try to send Identification now. */
1742     if (!noident && sentident < 3) {
1743 	LcpSendIdentification(f);
1744 	sentident++;
1745     }
1746 
1747     REJCISHORT(CI_MRU, neg_mru, go->mru);
1748     REJCILONG(CI_ASYNCMAP, neg_asyncmap, go->asyncmap);
1749 
1750     /*
1751      * There are broken peers (such as unbundled Solaris PPP) that
1752      * send Configure-Reject for authentication when they really
1753      * intend Configure-Nak.  This code works around this problem.
1754      */
1755     if ((go->neg_chap || go->neg_mschap || go->neg_mschapv2) &&
1756 	len >= CILEN_CHAP && p[1] == CILEN_CHAP && p[0] == CI_AUTHTYPE) {
1757 	len -= CILEN_CHAP;
1758 	INCPTR(2, p);
1759 	GETSHORT(cishort, p);
1760 	GETCHAR(cichar, p);
1761 	peer_reject_auth = 1;
1762 	reject_auth_proto = cishort;
1763 	/* Check rejected value. */
1764 	if (cishort != PPP_CHAP || cichar != go->chap_mdtype)
1765 	    goto bad;
1766 	/* Disable the one that he rejected */
1767 	switch (cichar) {
1768 	case CHAP_DIGEST_MD5:
1769 	    try.neg_chap = 0;
1770 	    break;
1771 	case CHAP_MICROSOFT:
1772 	    try.neg_mschap = 0;
1773 	    break;
1774 	case CHAP_MICROSOFT_V2:
1775 	    try.neg_mschapv2 = 0;
1776 	    break;
1777 	}
1778 	/* Try another, if we can. */
1779 	if (try.neg_chap)
1780 	    try.chap_mdtype = CHAP_DIGEST_MD5;
1781 	else if (try.neg_mschap)
1782 	    try.chap_mdtype = CHAP_MICROSOFT;
1783 	else
1784 	    try.chap_mdtype = CHAP_MICROSOFT_V2;
1785     }
1786 
1787     if (!go->neg_chap && !go->neg_mschap && !go->neg_mschapv2) {
1788 	REJCIAUTH(CI_AUTHTYPE, neg_upap, PPP_PAP);
1789     }
1790     REJCILQR(CI_QUALITY, neg_lqr, go->lqr_period);
1791     REJCICBCP(CI_CALLBACK, neg_cbcp, CBOP_CBCP);
1792     REJCILONG(CI_MAGICNUMBER, neg_magicnumber, go->magicnumber);
1793     REJCIVOID(CI_PCOMPRESSION, neg_pcompression);
1794     REJCIVOID(CI_ACCOMPRESSION, neg_accompression);
1795     REJCICHAR(CI_FCSALTERN, neg_fcs, go->fcs_type);
1796 #ifdef MUX_FRAME
1797     REJCIVOID(CI_MUXING,pppmux);
1798 #endif
1799     REJCIENDP(CI_EPDISC, neg_endpoint, go->endpoint.class,
1800 	      go->endpoint.value, go->endpoint.length);
1801     REJCISHORT(CI_MRRU, neg_mrru, go->mrru);
1802     REJCIVOID(CI_SSNHF, neg_ssnhf);
1803 
1804     /*
1805      * If there are any remaining CIs, then this packet is bad.
1806      */
1807     if (len != 0)
1808 	goto bad;
1809     /*
1810      * Now we can update state.
1811      */
1812     if (f->state != OPENED)
1813 	*go = try;
1814     return 1;
1815 
1816 bad:
1817     dbglog("lcp_rejci: received bad Reject!");
1818     return 0;
1819 }
1820 
1821 
1822 /*
1823  * lcp_reqci - Check the peer's requested CIs and send appropriate response.
1824  *
1825  * Returns: CODE_CONFACK, CODE_CONFNAK or CODE_CONFREJ and input
1826  * packet modified appropriately.  If reject_if_disagree is non-zero,
1827  * doesn't return CODE_CONFNAK; returns CODE_CONFREJ if it can't
1828  * return CODE_CONFACK.
1829  */
1830 static int
1831 lcp_reqci(f, p, lenp, dont_nak)
1832     fsm *f;
1833     u_char *p;		/* Requested CIs */
1834     int *lenp;		/* Length of requested CIs */
1835     int dont_nak;
1836 {
1837     lcp_options *wo = &lcp_wantoptions[f->unit];
1838     lcp_options *go = &lcp_gotoptions[f->unit];
1839     lcp_options *ho = &lcp_hisoptions[f->unit];
1840     lcp_options *ao = &lcp_allowoptions[f->unit];
1841     int cilen, citype, cichar;	/* Parsed len, type, char value */
1842     u_short cishort;		/* Parsed short value */
1843     u_int32_t cilong;		/* Parse long value */
1844     int ret, newret;
1845     u_char *p0, *nakp, *rejp, *prev;
1846     int len;
1847 
1848     /*
1849      * Loop through options once to find out if peer is offering
1850      * Multilink, and repair values as needed.
1851      */
1852     ao->mru = ao->mrru;
1853     p0 = p;
1854     for (len = *lenp; len > 0; len -= cilen, p = prev + cilen) {
1855 	if (len < 2 || p[1] > len) {
1856 	    /*
1857 	     * RFC 1661 page 40 -- if the option extends beyond the
1858 	     * packet, then discard the entire packet.
1859 	     */
1860 	    dbglog("discarding LCP Configure-Request due to truncated option");
1861 	    return (0);
1862 	}
1863 	prev = p;
1864 	GETCHAR(citype, p);
1865 	GETCHAR(cilen, p);
1866 	if (citype == CI_MRRU) {
1867 	    if (ao->mrru != 0) {
1868 		if (ao->mrru+6 > PPP_MTU)
1869 		    ao->mru = PPP_MTU;
1870 		else
1871 		    ao->mru = ao->mrru + 6;
1872 	    }
1873 	}
1874 	if (cilen < 2)
1875 	    cilen = 2;
1876     }
1877     if (ao->mru > absmax_mtu)
1878 	ao->mru = absmax_mtu;
1879 
1880     ret = CODE_CONFACK;
1881     rejp = p = p0;
1882     nakp = nak_buffer;
1883 
1884     /*
1885      * Reset all his options.
1886      */
1887     BZERO(ho, sizeof(*ho));
1888 
1889     /*
1890      * Process all his options.
1891      */
1892     for (len = *lenp; len > 0; len -= cilen, p = prev + cilen) {
1893 	newret = CODE_CONFACK;			/* Assume success */
1894 
1895 	prev = p;
1896 	GETCHAR(citype, p);
1897 	GETCHAR(cilen, p);
1898 
1899 	switch (citype) {		/* Check CI type */
1900 	case CI_MRU:
1901 	    if (!ao->neg_mru) {
1902 		newret = CODE_CONFREJ;
1903 		break;
1904 	    }
1905 
1906 	    if (cilen != CILEN_SHORT) {	/* Check CI length */
1907 		newret = CODE_CONFNAK;
1908 		cishort = ao->mru;
1909 	    } else {
1910 		/* extract the MRU from the option */
1911 		GETSHORT(cishort, p);
1912 
1913 		/*
1914 		 * If the offered MRU is less than our desired MTU, we
1915 		 * should nak.  This is especially helpful if we're
1916 		 * doing demand-dial, since those queued up packets
1917 		 * might be discarded otherwise.
1918 		 */
1919 		if (cishort < ao->mru) {
1920 		    newret = CODE_CONFNAK;
1921 		    cishort = ao->mru;
1922 		}
1923 	    }
1924 
1925 	    /*
1926 	     * If we're going to send a nak with something less than
1927 	     * or equal to the default PPP MTU, then just reject instead.
1928 	     */
1929 	    if (newret == CODE_CONFNAK && cishort <= PPP_MTU)
1930 		newret = CODE_CONFREJ;
1931 
1932 	    if (newret == CODE_CONFNAK) {
1933 		PUTCHAR(CI_MRU, nakp);
1934 		PUTCHAR(CILEN_SHORT, nakp);
1935 		PUTSHORT(cishort, nakp);	/* Give him a hint */
1936 	    }
1937 
1938 	    ho->neg_mru = 1;		/* Remember he sent MRU */
1939 	    ho->mru = cishort;		/* And remember value */
1940 	    break;
1941 
1942 	case CI_ASYNCMAP:
1943 	    if (!ao->neg_asyncmap) {
1944 		newret = CODE_CONFREJ;
1945 		break;
1946 	    }
1947 
1948 	    if (cilen != CILEN_LONG) {
1949 		newret = CODE_CONFNAK;
1950 		cilong = 0;
1951 	    } else {
1952 		GETLONG(cilong, p);
1953 
1954 		/*
1955 		 * Asyncmap must have set at least the bits
1956 		 * which are set in lcp_allowoptions[unit].asyncmap.
1957 		 */
1958 		if ((ao->asyncmap & ~cilong) != 0)
1959 		    newret = CODE_CONFNAK;
1960 	    }
1961 
1962 	    /*
1963 	     * Workaround for common broken Microsoft software -- if
1964 	     * the peer is sending us a nonzero ACCM, then he *needs*
1965 	     * us to send the same to him.  Adjust our Configure-
1966 	     * Request message and restart LCP.
1967 	     */
1968 	    if (do_msft_workaround && (cilong & ~wo->asyncmap)) {
1969 		dbglog("adjusted requested asyncmap from %X to %X",
1970 		    wo->asyncmap, wo->asyncmap | cilong);
1971 		do_msft_workaround = 0;
1972 		wo->neg_asyncmap = 1;
1973 		wo->asyncmap |= cilong;
1974 		f->flags &= ~OPT_SILENT;
1975 		info("possibly broken peer detected; restarting LCP");
1976 		fsm_lowerdown(f);
1977 		fsm_lowerup(f);
1978 		return (0);
1979 	    }
1980 
1981 	    if (newret == CODE_CONFNAK) {
1982 		PUTCHAR(CI_ASYNCMAP, nakp);
1983 		PUTCHAR(CILEN_LONG, nakp);
1984 		PUTLONG(ao->asyncmap | cilong, nakp);
1985 	    }
1986 	    ho->neg_asyncmap = 1;
1987 	    ho->asyncmap = cilong;
1988 	    break;
1989 
1990 	case CI_AUTHTYPE:
1991 	    if (!(ao->neg_upap || ao->neg_chap || ao->neg_mschap ||
1992 	        ao->neg_mschapv2)) {
1993 		rejected_peers_auth = 1;
1994 		if (cilen >= CILEN_SHORT) {
1995 		    GETSHORT(rejected_auth_proto, p);
1996 		} else {
1997 		    rejected_auth_proto = 0;
1998 		}
1999 		/*
2000 		 * Reject the option if we're not willing to authenticate.
2001 		 */
2002 		newret = CODE_CONFREJ;
2003 		break;
2004 	    }
2005 	    rejected_peers_auth = 0;
2006 	    naked_peers_auth = 0;
2007 
2008 	    if (cilen >= CILEN_SHORT) {
2009 		/* Extract the authentication protocol from the option */
2010 		GETSHORT(cishort, p);
2011 
2012 		if (ho->neg_upap || ho->neg_chap || ho->neg_mschap ||
2013 		    ho->neg_mschapv2) {
2014 		    dbglog("Rejecting extra authentication protocol option");
2015 		    newret = CODE_CONFREJ;
2016 		    break;
2017 		}
2018 
2019 		/*
2020 		 * Authtype must be PAP or CHAP.
2021 		 *
2022 		 * Note: if both ao->neg_upap and ao->neg_*chap* are
2023 		 * set, and the peer sends a Configure-Request with
2024 		 * two authenticate-protocol requests, one for CHAP
2025 		 * and one for UPAP, then we will reject the second
2026 		 * request.  Whether we end up doing CHAP or UPAP
2027 		 * depends then on the ordering of the CIs in the
2028 		 * peer's Configure-Request.
2029 		 *
2030 		 * We're supposed to list all of the protocols we can
2031 		 * possibly use in the returned Configure-Nak.  This
2032 		 * part of RFC 1661 (section 5.3) is in conflict with
2033 		 * the section that says the options shouldn't be
2034 		 * reordered, so it's often ignored.
2035 		 */
2036 
2037 		if (cishort == PPP_PAP) {
2038 		    if (ao->neg_upap) {
2039 			if (cilen != CILEN_SHORT)
2040 			    goto try_pap_anyway;
2041 			ho->neg_upap = 1;
2042 			break;
2043 		    }
2044 		} else if (cishort == PPP_CHAP) {
2045 		    /* Test >= here to allow for broken peers. */
2046 		    if (cilen >= CILEN_CHAP &&
2047 			(ao->neg_chap || ao->neg_mschap || ao->neg_mschapv2)) {
2048 			GETCHAR(cichar, p);
2049 			if (cichar == CHAP_DIGEST_MD5 && ao->neg_chap)
2050 			    ho->neg_chap = 1;
2051 			else if (cichar == CHAP_MICROSOFT && ao->neg_mschap)
2052 			    ho->neg_mschap = 1;
2053 			else if (cichar == CHAP_MICROSOFT_V2 &&
2054 			    ao->neg_mschapv2)
2055 			    ho->neg_mschap = 1;
2056 			if (ho->neg_chap || ho->neg_mschap ||
2057 			    ho->neg_mschapv2) {
2058 			    ho->chap_mdtype = cichar; /* save md type */
2059 			    break;
2060 			}
2061 		    }
2062 		}
2063 	    }
2064 
2065 	    /*
2066 	     * We don't recognize the protocol they're asking for.
2067 	     * Nak it with something we're willing to do.
2068 	     * (At this point we know ao->neg_upap || ao->neg_chap.)
2069 	     */
2070 	    PUTCHAR(CI_AUTHTYPE, nakp);
2071 	    if (ao->neg_chap || ao->neg_mschap || ao->neg_mschapv2) {
2072 		PUTCHAR(CILEN_CHAP, nakp);
2073 		PUTSHORT(PPP_CHAP, nakp);
2074 		PUTCHAR(ao->chap_mdtype, nakp);
2075 		naked_auth_proto = PPP_CHAP;
2076 	    } else {
2077 	    try_pap_anyway:
2078 		PUTCHAR(CILEN_SHORT, nakp);
2079 		PUTSHORT(PPP_PAP, nakp);
2080 		naked_auth_proto = PPP_PAP;
2081 	    }
2082 	    naked_peers_auth = 1;
2083 	    naked_auth_orig = cishort;
2084 	    newret = CODE_CONFNAK;
2085 	    break;
2086 
2087 	case CI_QUALITY:
2088 	    if (!ao->neg_lqr) {
2089 		newret = CODE_CONFREJ;
2090 		break;
2091 	    }
2092 
2093 	    if (cilen != CILEN_LQR) {
2094 		newret = CODE_CONFNAK;
2095 		cilong = ao->lqr_period;
2096 	    } else {
2097 
2098 		GETSHORT(cishort, p);
2099 		GETLONG(cilong, p);
2100 
2101 		/* Check the LQM protocol */
2102 		if (cishort != PPP_LQR) {
2103 		    newret = CODE_CONFNAK;
2104 		}
2105 
2106 		/* Check the reporting period; we can't both send zero */
2107 		if ((cilong == 0 && go->lqr_period == 0) ||
2108 		    cilong < ao->lqr_period) {
2109 		    newret = CODE_CONFNAK;
2110 		    if ((cilong = ao->lqr_period) == 0)
2111 			cilong = 500;
2112 		}
2113 	    }
2114 
2115 	    if (newret == CODE_CONFNAK) {
2116 		PUTCHAR(CI_QUALITY, nakp);
2117 		PUTCHAR(CILEN_LQR, nakp);
2118 		PUTSHORT(PPP_LQR, nakp);
2119 		PUTLONG(cilong, nakp);
2120 	    }
2121 
2122 	    ho->neg_lqr = 1;
2123 	    ho->lqr_period = cilong;
2124 	    break;
2125 
2126 	case CI_MAGICNUMBER:
2127 	    if (!(ao->neg_magicnumber || go->neg_magicnumber)) {
2128 		newret = CODE_CONFREJ;
2129 		break;
2130 	    }
2131 
2132 	    ho->neg_magicnumber = 1;
2133 	    if (cilen < CILEN_LONG) {
2134 		/*
2135 		 * If we send Magic-Number, then we must not reject it
2136 		 * when the peer sends it to us, even if his version
2137 		 * looks odd to us.  Ack if the cilen is wrong in this
2138 		 * case.  If we're not sending Magic-Number, then we don't
2139 		 * much care what his value is anyway.
2140 		 */
2141 		break;
2142 	    }
2143 
2144 	    GETLONG(cilong, p);
2145 	    ho->magicnumber = cilong;
2146 	    if (cilen > CILEN_LONG)
2147 		break;
2148 
2149 	    /*
2150 	     * He must have a different magic number.  Make sure we
2151 	     * give him a good one to use.
2152 	     */
2153 	    while (go->neg_magicnumber && cilong == go->magicnumber) {
2154 		newret = CODE_CONFNAK;
2155 		cilong = magic();
2156 	    }
2157 
2158 	    if (newret == CODE_CONFNAK) {
2159 		PUTCHAR(CI_MAGICNUMBER, nakp);
2160 		PUTCHAR(CILEN_LONG, nakp);
2161 		PUTLONG(cilong, nakp);
2162 		/*
2163 		 * We don't need to bump the numloops counter here
2164 		 * since it's already done upon reception of a nak.
2165 		 */
2166 	    }
2167 	    break;
2168 
2169 	case CI_PCOMPRESSION:
2170 	    if (!ao->neg_pcompression) {
2171 		newret = CODE_CONFREJ;
2172 		break;
2173 	    }
2174 	    if (cilen != CILEN_VOID) {
2175 		newret = CODE_CONFNAK;
2176 		PUTCHAR(CI_PCOMPRESSION, nakp);
2177 		PUTCHAR(CILEN_VOID, nakp);
2178 	    }
2179 	    ho->neg_pcompression = 1;
2180 	    break;
2181 
2182 	case CI_ACCOMPRESSION:
2183 	    if (!ao->neg_accompression) {
2184 		newret = CODE_CONFREJ;
2185 		break;
2186 	    }
2187 	    if (cilen != CILEN_VOID) {
2188 		newret = CODE_CONFNAK;
2189 		PUTCHAR(CI_ACCOMPRESSION, nakp);
2190 		PUTCHAR(CILEN_VOID, nakp);
2191 	    }
2192 	    ho->neg_accompression = 1;
2193 	    break;
2194 
2195 	case CI_FCSALTERN:
2196 	    if (!ao->neg_fcs) {
2197 		newret = CODE_CONFREJ;
2198 		break;
2199 	    }
2200 
2201 	    if (cilen != CILEN_CHAR) {
2202 		newret = CODE_CONFNAK;
2203 		cichar = ao->fcs_type;
2204 	    } else {
2205 
2206 		GETCHAR(cichar, p);
2207 		/* If he has bits we don't like, tell him to stop. */
2208 		if (cichar & ~ao->fcs_type) {
2209 		    if ((cichar &= ao->fcs_type) == 0) {
2210 			newret = CODE_CONFREJ;
2211 			break;
2212 		    }
2213 		    newret = CODE_CONFNAK;
2214 		}
2215 	    }
2216 	    if (newret == CODE_CONFNAK) {
2217 		PUTCHAR(CI_FCSALTERN, nakp);
2218 		PUTCHAR(CILEN_CHAR, nakp);
2219 		PUTCHAR(cichar, nakp);
2220 	    }
2221 	    ho->neg_fcs = 1;
2222 	    ho->fcs_type = cichar;
2223 	    break;
2224 
2225 	case CI_MRRU:
2226 	    if (!ao->neg_mrru || !multilink) {
2227 		newret = CODE_CONFREJ;
2228 		break;
2229 	    }
2230 	    if (cilen != CILEN_SHORT) {
2231 		newret = CODE_CONFNAK;
2232 		cishort = ao->mrru;
2233 	    } else {
2234 		GETSHORT(cishort, p);
2235 		if (cishort < ao->mrru) {
2236 		    newret = CODE_CONFNAK;
2237 		    cishort = ao->mrru;
2238 		}
2239 	    }
2240 
2241 	    if (cishort < PPP_MINMTU) {
2242 		newret = CODE_CONFNAK;
2243 		cishort = PPP_MINMTU;
2244 	    }
2245 
2246 	    if (newret == CODE_CONFNAK) {
2247 		PUTCHAR(CI_MRRU, nakp);
2248 		PUTCHAR(CILEN_SHORT, nakp);
2249 		PUTSHORT(cishort, nakp);
2250 	    }
2251 
2252 	    ho->neg_mrru = 1;
2253 	    ho->mrru = cishort;
2254 	    break;
2255 
2256 	case CI_SSNHF:
2257 	    if (!ao->neg_ssnhf || !multilink) {
2258 		newret = CODE_CONFREJ;
2259 		break;
2260 	    }
2261 	    if (cilen != CILEN_VOID) {
2262 		newret = CODE_CONFNAK;
2263 		PUTCHAR(CI_SSNHF, nakp);
2264 		PUTCHAR(CILEN_VOID, nakp);
2265 	    }
2266 	    ho->neg_ssnhf = 1;
2267 	    break;
2268 
2269 	case CI_EPDISC:
2270 	    if (!ao->neg_endpoint) {
2271 		newret = CODE_CONFREJ;
2272 		break;
2273 	    }
2274 	    if (cilen < CILEN_CHAR || cilen > CILEN_CHAR + MAX_ENDP_LEN) {
2275 		int i;
2276 
2277 		newret = CODE_CONFNAK;
2278 		PUTCHAR(CI_EPDISC, nakp);
2279 		PUTCHAR(CILEN_CHAR + ao->endpoint.length, nakp);
2280 		PUTCHAR(ao->endpoint.class, nakp);
2281 		for (i = 0; i < ao->endpoint.length; i++)
2282 		    PUTCHAR(ao->endpoint.value[i], nakp);
2283 		break;
2284 	    }
2285 	    GETCHAR(cichar, p);
2286 	    ho->neg_endpoint = 1;
2287 	    ho->endpoint.class = cichar;
2288 	    ho->endpoint.length = cilen - 3;
2289 	    BCOPY(p, ho->endpoint.value, cilen - 3);
2290 	    break;
2291 
2292 #ifdef MUX_FRAME
2293         case CI_MUXING:
2294             if (ao->pppmux == 0 || cilen != CILEN_VOID) {
2295                 newret = CODE_CONFREJ;
2296                 break;
2297             }
2298             /* remember his option */
2299             ho->pppmux = ao->pppmux;
2300             break;
2301 #endif
2302 
2303 	default:
2304 	    dbglog("LCP: rejecting unknown option %d", citype);
2305 	    newret = CODE_CONFREJ;
2306 	    break;
2307 	}
2308 
2309 	/* Cope with confused peers. */
2310 	if (cilen < 2)
2311 	    cilen = 2;
2312 
2313 	/*
2314 	 * If this is an Ack'able CI, but we're sending back a Nak,
2315 	 * don't include this CI.
2316 	 */
2317 	if (newret == CODE_CONFACK && ret != CODE_CONFACK)
2318 	    continue;
2319 
2320 	if (newret == CODE_CONFNAK) {
2321 	    /*
2322 	     * Continue naking the Magic Number option until the cows come
2323 	     * home -- rejecting it is wrong.
2324 	     */
2325 	    if (dont_nak && citype != CI_MAGICNUMBER) {
2326 		newret = CODE_CONFREJ;
2327 	    } else {
2328 		/* Ignore subsequent Nak'able things if rejecting. */
2329 		if (ret == CODE_CONFREJ)
2330 		    continue;
2331 		ret = CODE_CONFNAK;
2332 	    }
2333 	}
2334 
2335 	if (newret == CODE_CONFREJ) {
2336 	    ret = CODE_CONFREJ;
2337 	    if (prev != rejp)
2338 		BCOPY(prev, rejp, cilen);
2339 	    rejp += cilen;
2340 	}
2341     }
2342 
2343     /*
2344      * If the peer hasn't negotiated his MRU, and we'd like an MTU
2345      * that's larger than the default, try sending an unsolicited
2346      * Nak for what we want.
2347      */
2348     if (ret != CODE_CONFREJ && !ho->neg_mru && ao->mru > PPP_MTU &&
2349 	!dont_nak && unsolicit_mru) {
2350 	unsolicit_mru = 0;	/* don't ask again */
2351 	ret = CODE_CONFNAK;
2352 	PUTCHAR(CI_MRU, nakp);
2353 	PUTCHAR(CILEN_SHORT, nakp);
2354 	PUTSHORT(ao->mru, nakp);
2355     }
2356 
2357     switch (ret) {
2358     case CODE_CONFACK:
2359 	*lenp = p - p0;
2360 	break;
2361     case CODE_CONFNAK:
2362 	/*
2363 	 * Copy the Nak'd options from the nak_buffer to the caller's buffer.
2364 	 */
2365 	*lenp = nakp - nak_buffer;
2366 	BCOPY(nak_buffer, p0, *lenp);
2367 	break;
2368     case CODE_CONFREJ:
2369 	*lenp = rejp - p0;
2370 
2371 	/* We're about to send Configure-Reject; send Identification */
2372 	if (!noident && sentident < 3) {
2373 	    LcpSendIdentification(f);
2374 	    sentident++;
2375 	}
2376 	break;
2377     }
2378 
2379     LCPDEBUG(("lcp_reqci: returning %s.", code_name(ret, 1)));
2380     return (ret);			/* Return final code */
2381 }
2382 
2383 
2384 /*
2385  * lcp_up - LCP has come UP.
2386  */
2387 static void
2388 lcp_up(f)
2389     fsm *f;
2390 {
2391     lcp_options *wo = &lcp_wantoptions[f->unit];
2392     lcp_options *ho = &lcp_hisoptions[f->unit];
2393     lcp_options *go = &lcp_gotoptions[f->unit];
2394     lcp_options *ao = &lcp_allowoptions[f->unit];
2395     int mru, mtu;
2396 
2397     if (!go->neg_magicnumber)
2398 	go->magicnumber = 0;
2399     if (!ho->neg_magicnumber)
2400 	ho->magicnumber = 0;
2401 
2402     /*
2403      * Set our MTU to the smaller of the MTU we wanted and
2404      * the MRU our peer wanted.  If we negotiated an MRU,
2405      * set our MRU to the larger of value we wanted and
2406      * the value we got in the negotiation.
2407      */
2408     if (ao->mru != 0 && ho->mru > ao->mru)
2409 	ho->mru = ao->mru;
2410     mtu = (ho->neg_mru ? ho->mru: PPP_MRU);
2411     if (mtu > absmax_mtu)
2412 	mtu = absmax_mtu;
2413     ppp_send_config(f->unit, mtu,
2414 		    (ho->neg_asyncmap? ho->asyncmap: 0xffffffff),
2415 		    ho->neg_pcompression, ho->neg_accompression);
2416     fsm_setpeermru(f->unit, mtu);
2417     mru = (go->neg_mru? MAX(wo->mru, go->mru): PPP_MRU);
2418     if (mru > absmax_mru)
2419 	mru = absmax_mru;
2420     ppp_recv_config(f->unit, mru,
2421 		    (lax_recv? 0: go->neg_asyncmap? go->asyncmap: 0xffffffff),
2422 		    go->neg_pcompression, go->neg_accompression);
2423 #ifdef NEGOTIATE_FCS
2424     ppp_send_fcs(f->unit, ho->neg_fcs ? ho->fcs_type : FCSALT_16);
2425     ppp_recv_fcs(f->unit, go->neg_fcs ? go->fcs_type : FCSALT_16);
2426 #endif
2427 #ifdef MUX_FRAME
2428     ppp_send_muxoption(f->unit, ho->pppmux);
2429     ppp_recv_muxoption(f->unit, go->pppmux);
2430 #endif
2431 
2432     lcp_echo_lowerup(f->unit);  /* Enable echo messages */
2433 
2434     /* LCP is Up; send Identification */
2435     if (!noident) {
2436 	LcpSendIdentification(f);
2437 	sentident++;
2438     }
2439 
2440     link_established(f->unit);
2441 }
2442 
2443 
2444 /*
2445  * lcp_down - LCP has gone DOWN.
2446  *
2447  * Alert other protocols.
2448  */
2449 static void
2450 lcp_down(f)
2451     fsm *f;
2452 {
2453     int mtu;
2454     lcp_options *go = &lcp_gotoptions[f->unit];
2455 
2456     lcp_echo_lowerdown(f->unit);
2457 
2458     link_down(f->unit);
2459 
2460     mtu = PPP_MTU > absmax_mtu ? absmax_mtu : PPP_MTU;
2461     ppp_send_config(f->unit, mtu, 0xffffffff, 0, 0);
2462     ppp_recv_config(f->unit, (PPP_MRU > absmax_mru ? absmax_mru : PPP_MRU),
2463 		    (go->neg_asyncmap? go->asyncmap: 0xffffffff),
2464 		    go->neg_pcompression, go->neg_accompression);
2465 #ifdef NEGOTIATE_FCS
2466     ppp_send_fcs(f->unit, FCSALT_16);
2467     ppp_recv_fcs(f->unit, FCSALT_16);
2468 #endif
2469     fsm_setpeermru(f->unit, mtu);
2470 }
2471 
2472 
2473 /*
2474  * lcp_starting - LCP needs the lower layer up.
2475  */
2476 static void
2477 lcp_starting(f)
2478     fsm *f;
2479 {
2480     link_required(f->unit);
2481 }
2482 
2483 
2484 /*
2485  * lcp_finished - LCP has finished with the lower layer.
2486  */
2487 static void
2488 lcp_finished(f)
2489     fsm *f;
2490 {
2491     link_terminated(f->unit);
2492 }
2493 
2494 
2495 /*
2496  * lcp_printpkt - print the contents of an LCP packet.
2497  */
2498 
2499 static int
2500 lcp_printpkt(p, plen, printer, arg)
2501     u_char *p;
2502     int plen;
2503     void (*printer) __P((void *, const char *, ...));
2504     void *arg;
2505 {
2506     int code, id, len, olen, i;
2507     u_char *pstart, *optend, cichar;
2508     u_short cishort;
2509     u_int32_t cilong;
2510 
2511     if (plen < HEADERLEN)
2512 	return 0;
2513     pstart = p;
2514     GETCHAR(code, p);
2515     GETCHAR(id, p);
2516     GETSHORT(len, p);
2517     if (len < HEADERLEN || len > plen)
2518 	return 0;
2519 
2520     printer(arg, " %s id=0x%x", code_name(code,1), id);
2521     len -= HEADERLEN;
2522     switch (code) {
2523     case CODE_CONFREQ:
2524     case CODE_CONFACK:
2525     case CODE_CONFNAK:
2526     case CODE_CONFREJ:
2527 	/* print option list */
2528 	while (len >= 2) {
2529 	    GETCHAR(code, p);
2530 	    GETCHAR(olen, p);
2531 	    p -= 2;
2532 	    if (olen < 2 || olen > len) {
2533 		break;
2534 	    }
2535 	    printer(arg, " <");
2536 	    len -= olen;
2537 	    optend = p + olen;
2538 	    switch (code) {
2539 	    case CI_MRU:
2540 		if (olen >= CILEN_SHORT) {
2541 		    p += 2;
2542 		    GETSHORT(cishort, p);
2543 		    printer(arg, "mru %d", cishort);
2544 		}
2545 		break;
2546 	    case CI_ASYNCMAP:
2547 		if (olen >= CILEN_LONG) {
2548 		    p += 2;
2549 		    GETLONG(cilong, p);
2550 		    printer(arg, "asyncmap 0x%x", cilong);
2551 		}
2552 		break;
2553 	    case CI_AUTHTYPE:
2554 		if (olen >= CILEN_SHORT) {
2555 		    p += 2;
2556 		    printer(arg, "auth ");
2557 		    GETSHORT(cishort, p);
2558 		    switch (cishort) {
2559 		    case PPP_PAP:
2560 			printer(arg, "pap");
2561 			break;
2562 		    case PPP_CHAP:
2563 			printer(arg, "chap");
2564 			if (p < optend) {
2565 			    switch (*p) {
2566 			    case CHAP_DIGEST_MD5:
2567 				printer(arg, " MD5");
2568 				++p;
2569 				break;
2570 			    case CHAP_MICROSOFT:
2571 				printer(arg, " m$oft");
2572 				++p;
2573 				break;
2574 			    case CHAP_MICROSOFT_V2:
2575 				printer(arg, " m$oft-v2");
2576 				++p;
2577 				break;
2578 			    }
2579 			}
2580 			break;
2581 #ifdef PPP_EAP
2582 		    case PPP_EAP:
2583 			printer(arg, "eap");
2584 			break;
2585 #endif
2586 		    case 0xC027:
2587 			printer(arg, "spap");
2588 			break;
2589 		    case 0xC123:
2590 			printer(arg, "old-spap");
2591 			break;
2592 		    default:
2593 			printer(arg, "0x%x", cishort);
2594 		    }
2595 		}
2596 		break;
2597 	    case CI_QUALITY:
2598 		if (olen >= CILEN_SHORT) {
2599 		    p += 2;
2600 		    printer(arg, "quality ");
2601 		    GETSHORT(cishort, p);
2602 		    switch (cishort) {
2603 		    case PPP_LQR:
2604 			printer(arg, "lqr");
2605 			break;
2606 		    default:
2607 			printer(arg, "0x%x", cishort);
2608 		    }
2609 		}
2610 		break;
2611 	    case CI_CALLBACK:
2612 		if (olen >= CILEN_CHAR) {
2613 		    p += 2;
2614 		    printer(arg, "callback ");
2615 		    GETCHAR(cichar, p);
2616 		    if (cichar <= 6 &&
2617 			*callback_strings[(int)cichar] != '\0') {
2618 			printer(arg, "%s", callback_strings[(int)cichar]);
2619 		    } else {
2620 			printer(arg, "0x%x", cichar);
2621 		    }
2622 		}
2623 		break;
2624 	    case CI_MAGICNUMBER:
2625 		if (olen >= CILEN_LONG) {
2626 		    p += 2;
2627 		    GETLONG(cilong, p);
2628 		    printer(arg, "magic 0x%x", cilong);
2629 		}
2630 		break;
2631 	    case CI_PCOMPRESSION:
2632 		if (olen >= CILEN_VOID) {
2633 		    p += 2;
2634 		    printer(arg, "pcomp");
2635 		}
2636 		break;
2637 	    case CI_ACCOMPRESSION:
2638 		if (olen >= CILEN_VOID) {
2639 		    p += 2;
2640 		    printer(arg, "accomp");
2641 		}
2642 		break;
2643 	    case CI_FCSALTERN:
2644 		if (olen >= CILEN_CHAR) {
2645 		    char **cpp;
2646 		    int needcomma = 0;
2647 
2648 		    p += 2;
2649 		    GETCHAR(cichar, p);
2650 		    for (cpp = fcsalt_strings; *cpp != NULL; cpp++)
2651 			if (cichar & 1<<(cpp-fcsalt_strings)) {
2652 			    cichar &= ~(1<<(cpp-fcsalt_strings));
2653 			    printer(arg, (needcomma ? ",%s" : "fcs %s"), *cpp);
2654 			    needcomma = 1;
2655 			}
2656 		    if (cichar != 0 || !needcomma)
2657 			printer(arg, (needcomma ? ",0x%x" : "fcs 0x%x"),
2658 			    cichar);
2659 		}
2660 		break;
2661 	    case CI_NUMBERED:
2662 		if (olen >= CILEN_SHORT) {
2663 		    p += 2;
2664 		    GETCHAR(cichar, p);
2665 		    printer(arg, "numb win %d", cichar);
2666 		    GETCHAR(cichar, p);
2667 		    printer(arg, " addr %d", cichar);
2668 		}
2669 		break;
2670 	    case CI_MRRU:
2671 		if (olen >= CILEN_SHORT) {
2672 		    p += 2;
2673 		    GETSHORT(cishort, p);
2674 		    printer(arg, "mrru %d", cishort);
2675 		}
2676 		break;
2677 	    case CI_SSNHF:
2678 		if (olen >= CILEN_VOID) {
2679 		    p += 2;
2680 		    printer(arg, "ssnhf");
2681 		}
2682 		break;
2683 	    case CI_EPDISC:
2684 		if (olen >= CILEN_CHAR) {
2685 		    struct epdisc epd;
2686 		    p += 2;
2687 		    GETCHAR(epd.class, p);
2688 		    epd.length = olen - CILEN_CHAR;
2689 		    if (epd.length > MAX_ENDP_LEN)
2690 			epd.length = MAX_ENDP_LEN;
2691 		    if (epd.length > 0) {
2692 			BCOPY(p, epd.value, epd.length);
2693 			p += epd.length;
2694 		    }
2695 		    printer(arg, "endpoint [%s]", epdisc_to_str(&epd));
2696 		}
2697 		break;
2698 	    case CI_LINKDISC:
2699 		if (olen >= CILEN_SHORT) {
2700 		    p += 2;
2701 		    GETSHORT(cishort, p);
2702 		    printer(arg, "linkdisc %d", cishort);
2703 		}
2704 		break;
2705 	    case CI_COBS:
2706 		if (olen >= CILEN_CHAR) {
2707 		    p += 2;
2708 		    GETCHAR(cichar, p);
2709 		    printer(arg, "cobs 0x%x", cichar);
2710 		}
2711 		break;
2712 	    case CI_PFXELISION:
2713 		if (olen >= CILEN_CHAR) {
2714 		    p += 2;
2715 		    printer(arg, "pfx");
2716 		}
2717 		break;
2718 	    case CI_MPHDRFMT:
2719 		if (olen >= CILEN_SHORT) {
2720 		    p += 2;
2721 		    printer(arg, "mphdr ");
2722 		    GETCHAR(cichar, p);
2723 		    switch (cichar) {
2724 		    case 2:
2725 			    printer(arg, "long");
2726 			    break;
2727 		    case 6:
2728 			    printer(arg, "short");
2729 			    break;
2730 		    default:
2731 			    printer(arg, "0x%x", cichar);
2732 			    break;
2733 		    }
2734 		    GETCHAR(cichar, p);
2735 		    printer(arg, " #cl %d", cichar);
2736 		}
2737 		break;
2738 	    case CI_I18N:
2739 		if (olen >= CILEN_LONG) {
2740 		    p += 2;
2741 		    GETLONG(cilong, p);
2742 		    printer(arg, "i18n charset 0x%x", cilong);
2743 		    if (olen > CILEN_LONG) {
2744 			printer(arg, " lang ");
2745 			print_string((char *)p, olen-CILEN_LONG, printer, arg);
2746 			p = optend;
2747 		    }
2748 		}
2749 		break;
2750 	    case CI_SDL:
2751 		if (olen >= CILEN_VOID) {
2752 		    p += 2;
2753 		    printer(arg, "sdl");
2754 		}
2755 		break;
2756 	    case CI_MUXING:
2757 		if (olen >= CILEN_VOID) {
2758 		    p += 2;
2759 		    printer(arg, "mux");
2760 		}
2761 		break;
2762 	    }
2763 	    while (p < optend) {
2764 		GETCHAR(code, p);
2765 		printer(arg, " %.2x", code);
2766 	    }
2767 	    printer(arg, ">");
2768 	}
2769 	break;
2770 
2771     case CODE_TERMACK:
2772     case CODE_TERMREQ:
2773 	if (len > 0 && *p >= ' ' && *p < 0x7f) {
2774 	    printer(arg, " ");
2775 	    print_string((char *)p, len, printer, arg);
2776 	    p += len;
2777 	    len = 0;
2778 	}
2779 	break;
2780 
2781     case CODE_ECHOREQ:
2782     case CODE_ECHOREP:
2783     case CODE_DISCREQ:
2784 	if (len >= 4) {
2785 	    GETLONG(cilong, p);
2786 	    printer(arg, " magic=0x%x", cilong);
2787 	    len -= 4;
2788 	}
2789 	break;
2790 
2791     case CODE_IDENT:
2792 	if (len >= 4) {
2793 	    GETLONG(cilong, p);
2794 	    printer(arg, " magic=0x%x", cilong);
2795 	    len -= 4;
2796 	} else
2797 	    break;
2798 	if (len > 0 && (len > 1 || *p != '\0')) {
2799 	    printer(arg, " ");
2800 	    print_string((char *)p, len, printer, arg);
2801 	    p += len;
2802 	    len = 0;
2803 	}
2804 	break;
2805 
2806     case CODE_TIMEREMAIN:
2807 	if (len >= 4) {
2808 	    GETLONG(cilong, p);
2809 	    printer(arg, " magic=0x%x", cilong);
2810 	    len -= 4;
2811 	} else
2812 	    break;
2813 	if (len >= 4) {
2814 	    GETLONG(cilong, p);
2815 	    printer(arg, " seconds=%d", cilong);
2816 	    len -= 4;
2817 	} else
2818 	    break;
2819 	if (len > 0 && (len > 1 || *p != '\0')) {
2820 	    printer(arg, " ");
2821 	    print_string((char *)p, len, printer, arg);
2822 	    p += len;
2823 	    len = 0;
2824 	}
2825 	break;
2826     }
2827 
2828     /* print the rest of the bytes in the packet */
2829     for (i = 0; i < len && i < 32; ++i) {
2830 	GETCHAR(code, p);
2831 	printer(arg, " %.2x", code);
2832     }
2833     if (i < len) {
2834 	printer(arg, " ...");
2835 	p += len - i;
2836     }
2837 
2838     return p - pstart;
2839 }
2840 
2841 /*
2842  * Time to shut down the link because there is nothing out there.
2843  */
2844 
2845 static void
2846 LcpLinkFailure (f)
2847     fsm *f;
2848 {
2849     char *close_message;
2850 
2851     if (f->state == OPENED) {
2852 	    /*
2853 	     * If this is an asynchronous line and we've missed all of
2854 	     * the initial echo requests, then this is probably due to
2855 	     * a bad ACCM.
2856 	     */
2857 	if (!sync_serial && lcp_echos_pending >= ACCM_TEST_FAILS &&
2858 	    lcp_echo_number <= ACCM_TEST_FAILS && use_accm_test != 0) {
2859 	    notice("Peer not responding to initial Echo-Requests.");
2860 	    notice("Negotiated asyncmap may be incorrect for this link.");
2861 	    close_message = "Peer not responding; perhaps bad asyncmap";
2862 	} else if (lcp_echo_fails != 0 &&
2863 	    lcp_echos_pending >= lcp_echo_fails) {
2864 	    info("No response to %d echo-requests", lcp_echos_pending);
2865 	    notice("Serial link appears to be disconnected.");
2866 	    close_message = "Peer not responding";
2867 	} else {
2868 	    info("Received %d bad echo-replies", lcp_echo_badreplies);
2869 	    close_message = "Receiving malformed Echo-Replies";
2870 	}
2871 
2872 	lcp_close(f->unit, close_message);
2873 	status = EXIT_PEER_DEAD;
2874     }
2875 }
2876 
2877 /*
2878  * Timer expired for the LCP echo requests from this process.
2879  */
2880 
2881 static void
2882 LcpEchoCheck (f)
2883     fsm *f;
2884 {
2885     if (f->state != OPENED || lcp_echo_interval == 0)
2886 	return;
2887 
2888     LcpSendEchoRequest (f);
2889 
2890     /*
2891      * Start the timer for the next interval.
2892      */
2893     if (lcp_echo_timer_running)
2894 	warn("assertion lcp_echo_timer_running==0 failed");
2895     TIMEOUT (LcpEchoTimeout, f, lcp_echo_interval);
2896     lcp_echo_timer_running = 1;
2897 }
2898 
2899 /*
2900  * LcpEchoTimeout - Timer expired on the LCP echo
2901  */
2902 
2903 static void
2904 LcpEchoTimeout (arg)
2905     void *arg;
2906 {
2907     if (lcp_echo_timer_running != 0) {
2908         lcp_echo_timer_running = 0;
2909 	LcpEchoCheck ((fsm *) arg);
2910     }
2911 }
2912 
2913 /*
2914  * LcpEchoReply - LCP has received a reply to the echo
2915  */
2916 /*ARGSUSED*/
2917 static int
2918 lcp_received_echo_reply (f, id, inp, len)
2919     fsm *f;
2920     int id;
2921     u_char *inp;
2922     int len;
2923 {
2924     u_int32_t magic;
2925     static int sayonce = 1;
2926 
2927     /* Check the magic number - don't count replies from ourselves. */
2928     if (len < 4) {
2929 	dbglog("lcp: received short Echo-Reply, length %d", len);
2930 	return (0);
2931     }
2932     GETLONG(magic, inp);
2933     if (lcp_gotoptions[f->unit].neg_magicnumber &&
2934 	magic == lcp_gotoptions[f->unit].magicnumber) {
2935 	warn("appear to have received our own echo-reply!");
2936 	return (0);
2937     }
2938 
2939     /* Reset the number of outstanding echo frames */
2940     lcp_echos_pending = 0;
2941 
2942     if (!sync_serial && lcp_echo_number <= ACCM_TEST_FAILS && sayonce &&
2943 	use_accm_test != 0) {
2944 	dbglog("lcp: validated asyncmap setting");
2945 	sayonce = 0;
2946 	if (lcp_echo_fails == 0)
2947 	    lcp_echo_interval = 0;
2948     }
2949     return (1);
2950 }
2951 
2952 /*
2953  * LcpSendEchoRequest - Send an echo request frame to the peer
2954  */
2955 
2956 static void
2957 LcpSendEchoRequest (f)
2958     fsm *f;
2959 {
2960     u_int32_t lcp_magic;
2961     u_char pkt[4+256], *pktp;
2962     int i;
2963 
2964     /*
2965      * Detect the failure of the peer at this point.
2966      */
2967     if ((lcp_echo_fails != 0 && lcp_echos_pending >= lcp_echo_fails) ||
2968 	(!sync_serial && lcp_echos_pending >= ACCM_TEST_FAILS &&
2969 	 use_accm_test != 0)) {
2970 	LcpLinkFailure(f);
2971 	lcp_echos_pending = 0;
2972 	lcp_echo_badreplies = 0;
2973     }
2974 
2975     /*
2976      * Make and send the echo request frame.
2977      */
2978     if (f->state == OPENED) {
2979         lcp_magic = lcp_gotoptions[f->unit].magicnumber;
2980 	pktp = pkt;
2981 	PUTLONG(lcp_magic, pktp);
2982 	/* Send some test packets so we can fail the link early. */
2983 	if (!sync_serial && lcp_echo_number <= ACCM_TEST_FAILS) {
2984 	    switch (use_accm_test) {
2985 	    case 1:
2986 		/* Only the characters covered by negotiated ACCM */
2987 		for (i = 0; i < 32; i++)
2988 		    *pktp++ = i;
2989 		break;
2990 	    case 2:
2991 		/* All characters */
2992 		for (i = 0; i < 256; i++)
2993 		    *pktp++ = i;
2994 		break;
2995 	    }
2996 	}
2997         fsm_sdata(f, CODE_ECHOREQ, lcp_echo_number++ & 0xFF, pkt, pktp - pkt);
2998 	++lcp_echos_pending;
2999     }
3000 }
3001 
3002 /*
3003  * lcp_echo_lowerup - Start the timer for the LCP frame
3004  */
3005 
3006 static void
3007 lcp_echo_lowerup (unit)
3008     int unit;
3009 {
3010     fsm *f = &lcp_fsm[unit];
3011 
3012     /* Clear the parameters for generating echo frames */
3013     lcp_echos_pending      = 0;
3014     lcp_echo_number        = 0;
3015     lcp_echo_timer_running = 0;
3016 
3017     /* If a timeout interval is specified then start the timer */
3018     LcpEchoCheck(f);
3019 }
3020 
3021 /*
3022  * lcp_echo_lowerdown - Stop the timer for the LCP frame
3023  */
3024 
3025 static void
3026 lcp_echo_lowerdown (unit)
3027     int unit;
3028 {
3029     fsm *f = &lcp_fsm[unit];
3030 
3031     if (lcp_echo_timer_running != 0) {
3032         UNTIMEOUT (LcpEchoTimeout, f);
3033         lcp_echo_timer_running = 0;
3034     }
3035 }
3036 
3037 /*
3038  * LcpSendIdentification - Send LCP Identification string to peer.
3039  */
3040 
3041 static void
3042 LcpSendIdentification (f)
3043     fsm *f;
3044 {
3045     u_int32_t lcp_magic;
3046     u_char pkt[4 + sizeof(identstr)], *pktp;
3047     int idlen;
3048 
3049     /*
3050      * Make and send the Identification frame.
3051      */
3052     if (f->state == OPENED)
3053         lcp_magic = lcp_gotoptions[f->unit].magicnumber;
3054     else
3055 	lcp_magic = 0;
3056 
3057     pktp = pkt;
3058     PUTLONG(lcp_magic, pktp);
3059     idlen = strlen(identstr);
3060     BCOPY(identstr, pktp, idlen);
3061     INCPTR(idlen, pktp);
3062     fsm_sdata(f, CODE_IDENT, ++f->id, pkt, pktp - pkt);
3063 }
3064 
3065 /*ARGSUSED*/
3066 static void
3067 lcp_received_identification (f, id, inp, len)
3068     fsm *f;
3069     int id;
3070     u_char *inp;
3071     int len;
3072 {
3073     u_int32_t magic;
3074 
3075     /* Check the magic number - don't count replies from ourselves. */
3076     if (len < 4) {
3077 	dbglog("%s: received short Identification; %d < 4", len);
3078 	return;
3079     }
3080     GETLONG(magic, inp);
3081     len -= 4;
3082     if (lcp_gotoptions[f->unit].neg_magicnumber && f->state == OPENED &&
3083 	magic == lcp_gotoptions[f->unit].magicnumber) {
3084 	warn("appear to have received our own Identification!");
3085 	return;
3086     }
3087     if (len > 0 && (len > 1 || *inp != '\0'))
3088 	notice("Peer Identification: %0.*v", len, inp);
3089 }
3090 
3091 /*
3092  * Send a Time-Remaining LCP packet.  We don't include a message.
3093  */
3094 static void
3095 LcpSendTimeRemaining(f, time_remaining)
3096     fsm *f;
3097     u_int32_t time_remaining;
3098 {
3099     u_int32_t lcp_magic;
3100     u_char pkt[8];
3101     u_char *pktp;
3102 
3103     if (f->state != OPENED)
3104 	return;
3105 
3106     lcp_magic = lcp_gotoptions[f->unit].magicnumber;
3107     pktp = pkt;
3108     PUTLONG(lcp_magic, pktp);
3109     PUTLONG(time_remaining, pktp);
3110     fsm_sdata(f, CODE_TIMEREMAIN, ++f->id, pkt, pktp - pkt);
3111 }
3112 
3113 /*ARGSUSED*/
3114 static void
3115 lcp_received_timeremain(f, id, inp, len)
3116     fsm *f;
3117     int id;
3118     u_char *inp;
3119     int len;
3120 {
3121     u_int32_t magic;
3122     u_int32_t time_remaining;
3123 
3124     /* Check the magic number - don't count replies from ourselves. */
3125     if (len < 8) {
3126 	dbglog("%s: received short Time-Remain; %d < 8", len);
3127 	return;
3128     }
3129     GETLONG(magic, inp);
3130     if (lcp_gotoptions[f->unit].neg_magicnumber && f->state == OPENED &&
3131 	magic == lcp_gotoptions[f->unit].magicnumber) {
3132 	warn("appear to have received our own Time-Remain!");
3133 	return;
3134     }
3135     GETLONG(time_remaining, inp);
3136     if (len > 8) {
3137 	notice("%d seconds remain: \"%.*s\"", time_remaining,
3138 	    len-8, inp);
3139     } else {
3140 	notice("Time Remaining: %d seconds", time_remaining);
3141     }
3142 }
3143 
3144 /*
3145  * lcp_timeremaining - timeout handler which sends LCP Time-Remaining
3146  * packet.
3147  */
3148 static void
3149 lcp_timeremaining(arg)
3150     void *arg;
3151 {
3152     struct lcp_timer *lt = (struct lcp_timer *)arg;
3153     u_int32_t time_remaining;
3154     int unit;
3155 
3156     unit = lt->unit;
3157     time_remaining = lt->tr;
3158     LcpSendTimeRemaining(&lcp_fsm[unit], time_remaining);
3159     free(lt);
3160 }
3161 
3162 /*
3163  * lcp_settimeremaining - set a timeout to send an LCP Time-Remaining
3164  * packet.  The first argument, connecttime, is the time remaining
3165  * at the time this function is called.  The second argument is the
3166  * desired time remaining when the packet should be sent out.
3167  */
3168 void
3169 lcp_settimeremaining(unit, connecttime, time_remaining)
3170     int unit;
3171     u_int32_t connecttime;
3172     u_int32_t time_remaining;
3173 {
3174     struct lcp_timer *lt;
3175 
3176     if (connecttime == time_remaining) {
3177 	LcpSendTimeRemaining(&lcp_fsm[unit], time_remaining);
3178     } else {
3179 	lt = (struct lcp_timer *)malloc(sizeof (struct lcp_timer));
3180 	lt->unit = unit;
3181 	lt->tr = time_remaining;
3182 	TIMEOUT(lcp_timeremaining, (void *)lt, connecttime - time_remaining);
3183     }
3184 }
3185