drivers/net/wan/syncppp.c

   1 /*
   2  *      NET3:   A (fairly minimal) implementation of synchronous PPP for Linux
   3  *              as well as a CISCO HDLC implementation. See the copyright
   4  *              message below for the original source.
   5  *
   6  *      This program is free software; you can redistribute it and/or
   7  *      modify it under the terms of the GNU General Public License
   8  *      as published by the Free Software Foundation; either version
   9  *      2 of the license, or (at your option) any later version.
  10  *
  11  *      Note however. This code is also used in a different form by FreeBSD.
  12  *      Therefore when making any non OS specific change please consider
  13  *      contributing it back to the original author under the terms
  14  *      below in addition.
  15  *              -- Alan
  16  *
  17  *      Port for Linux-2.1 by Jan "Yenya" Kasprzak <kas@fi.muni.cz>
  18  */
  19
  20 /*
  21  * Synchronous PPP/Cisco link level subroutines.
  22  * Keepalive protocol implemented in both Cisco and PPP modes.
  23  *
  24  * Copyright (C) 1994 Cronyx Ltd.
  25  * Author: Serge Vakulenko, <vak@zebub.msk.su>
  26  *
  27  * This software is distributed with NO WARRANTIES, not even the implied
  28  * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  29  *
  30  * Authors grant any other persons or organisations permission to use
  31  * or modify this software as long as this message is kept with the software,
  32  * all derivative works or modified versions.
  33  *
  34  * Version 1.9, Wed Oct  4 18:58:15 MSK 1995
  35  *
  36  * $Id: syncppp.c,v 1.18 2000/04/11 05:25:31 asj Exp $
  37  */
  38 #undef DEBUG
  39
  40 #include <linux/module.h>
  41 #include <linux/kernel.h>
  42 #include <linux/errno.h>
  43 #include <linux/init.h>
  44 #include <linux/if_arp.h>
  45 #include <linux/skbuff.h>
  46 #include <linux/route.h>
  47 #include <linux/netdevice.h>
  48 #include <linux/inetdevice.h>
  49 #include <linux/random.h>
  50 #include <linux/pkt_sched.h>
  51 #include <linux/spinlock.h>
  52 #include <linux/rcupdate.h>
  53
  54 #include <net/net_namespace.h>
  55 #include <net/syncppp.h>
  56
  57 #include <asm/byteorder.h>
  58 #include <asm/uaccess.h>
  59
  60 #define MAXALIVECNT     6               /* max. alive packets */
  61
  62 #define PPP_ALLSTATIONS 0xff            /* All-Stations broadcast address */
  63 #define PPP_UI          0x03            /* Unnumbered Information */
  64 #define PPP_IP          0x0021          /* Internet Protocol */
  65 #define PPP_ISO         0x0023          /* ISO OSI Protocol */
  66 #define PPP_XNS         0x0025          /* Xerox NS Protocol */
  67 #define PPP_IPX         0x002b          /* Novell IPX Protocol */
  68 #define PPP_LCP         0xc021          /* Link Control Protocol */
  69 #define PPP_IPCP        0x8021          /* Internet Protocol Control Protocol */
  70
  71 #define LCP_CONF_REQ    1               /* PPP LCP configure request */
  72 #define LCP_CONF_ACK    2               /* PPP LCP configure acknowledge */
  73 #define LCP_CONF_NAK    3               /* PPP LCP configure negative ack */
  74 #define LCP_CONF_REJ    4               /* PPP LCP configure reject */
  75 #define LCP_TERM_REQ    5               /* PPP LCP terminate request */
  76 #define LCP_TERM_ACK    6               /* PPP LCP terminate acknowledge */
  77 #define LCP_CODE_REJ    7               /* PPP LCP code reject */
  78 #define LCP_PROTO_REJ   8               /* PPP LCP protocol reject */
  79 #define LCP_ECHO_REQ    9               /* PPP LCP echo request */
  80 #define LCP_ECHO_REPLY  10              /* PPP LCP echo reply */
  81 #define LCP_DISC_REQ    11              /* PPP LCP discard request */
  82
  83 #define LCP_OPT_MRU             1       /* maximum receive unit */
  84 #define LCP_OPT_ASYNC_MAP       2       /* async control character map */
  85 #define LCP_OPT_AUTH_PROTO      3       /* authentication protocol */
  86 #define LCP_OPT_QUAL_PROTO      4       /* quality protocol */
  87 #define LCP_OPT_MAGIC           5       /* magic number */
  88 #define LCP_OPT_RESERVED        6       /* reserved */
  89 #define LCP_OPT_PROTO_COMP      7       /* protocol field compression */
  90 #define LCP_OPT_ADDR_COMP       8       /* address/control field compression */
  91
  92 #define IPCP_CONF_REQ   LCP_CONF_REQ    /* PPP IPCP configure request */
  93 #define IPCP_CONF_ACK   LCP_CONF_ACK    /* PPP IPCP configure acknowledge */
  94 #define IPCP_CONF_NAK   LCP_CONF_NAK    /* PPP IPCP configure negative ack */
  95 #define IPCP_CONF_REJ   LCP_CONF_REJ    /* PPP IPCP configure reject */
  96 #define IPCP_TERM_REQ   LCP_TERM_REQ    /* PPP IPCP terminate request */
  97 #define IPCP_TERM_ACK   LCP_TERM_ACK    /* PPP IPCP terminate acknowledge */
  98 #define IPCP_CODE_REJ   LCP_CODE_REJ    /* PPP IPCP code reject */
  99
 100 #define CISCO_MULTICAST         0x8f    /* Cisco multicast address */
 101 #define CISCO_UNICAST           0x0f    /* Cisco unicast address */
 102 #define CISCO_KEEPALIVE         0x8035  /* Cisco keepalive protocol */
 103 #define CISCO_ADDR_REQ          0       /* Cisco address request */
 104 #define CISCO_ADDR_REPLY        1       /* Cisco address reply */
 105 #define CISCO_KEEPALIVE_REQ     2       /* Cisco keepalive request */
 106
 107 struct ppp_header {
 108         u8 address;
 109         u8 control;
 110         __be16 protocol;
 111 };
 112 #define PPP_HEADER_LEN          sizeof (struct ppp_header)
 113
 114 struct lcp_header {
 115         u8 type;
 116         u8 ident;
 117         __be16 len;
 118 };
 119 #define LCP_HEADER_LEN          sizeof (struct lcp_header)
 120
 121 struct cisco_packet {
 122         __be32 type;
 123         __be32 par1;
 124         __be32 par2;
 125         __be16 rel;
 126         __be16 time0;
 127         __be16 time1;
 128 };
 129 #define CISCO_PACKET_LEN 18
 130 #define CISCO_BIG_PACKET_LEN 20
 131
 132 static struct sppp *spppq;
 133 static struct timer_list sppp_keepalive_timer;
 134 static DEFINE_SPINLOCK(spppq_lock);
 135
 136 /* global xmit queue for sending packets while spinlock is held */
 137 static struct sk_buff_head tx_queue;
 138
 139 static void sppp_keepalive (unsigned long dummy);
 140 static void sppp_cp_send (struct sppp *sp, u16 proto, u8 type,
 141         u8 ident, u16 len, void *data);
 142 static void sppp_cisco_send (struct sppp *sp, int type, u32 par1, u32 par2);
 143 static void sppp_lcp_input (struct sppp *sp, struct sk_buff *m);
 144 static void sppp_cisco_input (struct sppp *sp, struct sk_buff *m);
 145 static void sppp_ipcp_input (struct sppp *sp, struct sk_buff *m);
 146 static void sppp_lcp_open (struct sppp *sp);
 147 static void sppp_ipcp_open (struct sppp *sp);
 148 static int sppp_lcp_conf_parse_options (struct sppp *sp, struct lcp_header *h,
 149         int len, u32 *magic);
 150 static void sppp_cp_timeout (unsigned long arg);
 151 static char *sppp_lcp_type_name (u8 type);
 152 static char *sppp_ipcp_type_name (u8 type);
 153 static void sppp_print_bytes (u8 *p, u16 len);
 154
 155 static int debug;
 156
 157 /* Flush global outgoing packet queue to dev_queue_xmit().
 158  *
 159  * dev_queue_xmit() must be called with interrupts enabled
 160  * which means it can't be called with spinlocks held.
 161  * If a packet needs to be sent while a spinlock is held,
 162  * then put the packet into tx_queue, and call sppp_flush_xmit()
 163  * after spinlock is released.
 164  */
 165 static void sppp_flush_xmit(void)
 166 {
 167         struct sk_buff *skb;
 168         while ((skb = skb_dequeue(&tx_queue)) != NULL)
 169                 dev_queue_xmit(skb);
 170 }
 171
 172 /*
 173  *      Interface down stub
 174  */
 175
 176 static void if_down(struct net_device *dev)
 177 {
 178         struct sppp *sp = (struct sppp *)sppp_of(dev);
 179
 180         sp->pp_link_state=SPPP_LINK_DOWN;
 181 }
 182
 183 /*
 184  * Timeout routine activations.
 185  */
 186
 187 static void sppp_set_timeout(struct sppp *p,int s)
 188 {
 189         if (! (p->pp_flags & PP_TIMO))
 190         {
 191                 init_timer(&p->pp_timer);
 192                 p->pp_timer.function=sppp_cp_timeout;
 193                 p->pp_timer.expires=jiffies+s*HZ;
 194                 p->pp_timer.data=(unsigned long)p;
 195                 p->pp_flags |= PP_TIMO;
 196                 add_timer(&p->pp_timer);
 197         }
 198 }
 199
 200 static void sppp_clear_timeout(struct sppp *p)
 201 {
 202         if (p->pp_flags & PP_TIMO)
 203         {
 204                 del_timer(&p->pp_timer);
 205                 p->pp_flags &= ~PP_TIMO;
 206         }
 207 }
 208
 209 /**
 210  *      sppp_input -    receive and process a WAN PPP frame
 211  *      @skb:   The buffer to process
 212  *      @dev:   The device it arrived on
 213  *
 214  *      This can be called directly by cards that do not have
 215  *      timing constraints but is normally called from the network layer
 216  *      after interrupt servicing to process frames queued via netif_rx().
 217  *
 218  *      We process the options in the card. If the frame is destined for
 219  *      the protocol stacks then it requeues the frame for the upper level
 220  *      protocol. If it is a control from it is processed and discarded
 221  *      here.
 222  */
 223
 224 static void sppp_input (struct net_device *dev, struct sk_buff *skb)
 225 {
 226         struct ppp_header *h;
 227         struct sppp *sp = (struct sppp *)sppp_of(dev);
 228         unsigned long flags;
 229
 230         skb->dev=dev;
 231         skb_reset_mac_header(skb);
 232
 233         if (!pskb_may_pull(skb, PPP_HEADER_LEN)) {
 234                 /* Too small packet, drop it. */
 235                 if (sp->pp_flags & PP_DEBUG)
 236                         printk (KERN_DEBUG "%s: input packet is too small, %d bytes\n",
 237                                 dev->name, skb->len);
 238                 kfree_skb(skb);
 239                 return;
 240         }
 241
 242         /* Get PPP header. */
 243         h = (struct ppp_header *)skb->data;
 244         skb_pull(skb,sizeof(struct ppp_header));
 245
 246         spin_lock_irqsave(&sp->lock, flags);
 247
 248         switch (h->address) {
 249         default:        /* Invalid PPP packet. */
 250                 goto invalid;
 251         case PPP_ALLSTATIONS:
 252                 if (h->control != PPP_UI)
 253                         goto invalid;
 254                 if (sp->pp_flags & PP_CISCO) {
 255                         if (sp->pp_flags & PP_DEBUG)
 256                                 printk (KERN_WARNING "%s: PPP packet in Cisco mode <0x%x 0x%x 0x%x>\n",
 257                                         dev->name,
 258                                         h->address, h->control, ntohs (h->protocol));
 259                         goto drop;
 260                 }
 261                 switch (ntohs (h->protocol)) {
 262                 default:
 263                         if (sp->lcp.state == LCP_STATE_OPENED)
 264                                 sppp_cp_send (sp, PPP_LCP, LCP_PROTO_REJ,
 265                                         ++sp->pp_seq, skb->len + 2,
 266                                         &h->protocol);
 267                         if (sp->pp_flags & PP_DEBUG)
 268                                 printk (KERN_WARNING "%s: invalid input protocol <0x%x 0x%x 0x%x>\n",
 269                                         dev->name,
 270                                         h->address, h->control, ntohs (h->protocol));
 271                         goto drop;
 272                 case PPP_LCP:
 273                         sppp_lcp_input (sp, skb);
 274                         goto drop;
 275                 case PPP_IPCP:
 276                         if (sp->lcp.state == LCP_STATE_OPENED)
 277                                 sppp_ipcp_input (sp, skb);
 278                         else
 279                                 printk(KERN_DEBUG "IPCP when still waiting LCP finish.\n");
 280                         goto drop;
 281                 case PPP_IP:
 282                         if (sp->ipcp.state == IPCP_STATE_OPENED) {
 283                                 if(sp->pp_flags&PP_DEBUG)
 284                                         printk(KERN_DEBUG "Yow an IP frame.\n");
 285                                 skb->protocol=htons(ETH_P_IP);
 286                                 netif_rx(skb);
 287                                 dev->last_rx = jiffies;
 288                                 goto done;
 289                         }
 290                         break;
 291 #ifdef IPX
 292                 case PPP_IPX:
 293                         /* IPX IPXCP not implemented yet */
 294                         if (sp->lcp.state == LCP_STATE_OPENED) {
 295                                 skb->protocol=htons(ETH_P_IPX);
 296                                 netif_rx(skb);
 297                                 dev->last_rx = jiffies;
 298                                 goto done;
 299                         }
 300                         break;
 301 #endif
 302                 }
 303                 break;
 304         case CISCO_MULTICAST:
 305         case CISCO_UNICAST:
 306                 /* Don't check the control field here (RFC 1547). */
 307                 if (! (sp->pp_flags & PP_CISCO)) {
 308                         if (sp->pp_flags & PP_DEBUG)
 309                                 printk (KERN_WARNING "%s: Cisco packet in PPP mode <0x%x 0x%x 0x%x>\n",
 310                                         dev->name,
 311                                         h->address, h->control, ntohs (h->protocol));
 312                         goto drop;
 313                 }
 314                 switch (ntohs (h->protocol)) {
 315                 default:
 316                         goto invalid;
 317                 case CISCO_KEEPALIVE:
 318                         sppp_cisco_input (sp, skb);
 319                         goto drop;
 320 #ifdef CONFIG_INET
 321                 case ETH_P_IP:
 322                         skb->protocol=htons(ETH_P_IP);
 323                         netif_rx(skb);
 324                         dev->last_rx = jiffies;
 325                         goto done;
 326 #endif
 327 #ifdef CONFIG_IPX
 328                 case ETH_P_IPX:
 329                         skb->protocol=htons(ETH_P_IPX);
 330                         netif_rx(skb);
 331                         dev->last_rx = jiffies;
 332                         goto done;
 333 #endif
 334                 }
 335                 break;
 336         }
 337         goto drop;
 338
 339 invalid:
 340         if (sp->pp_flags & PP_DEBUG)
 341                 printk (KERN_WARNING "%s: invalid input packet <0x%x 0x%x 0x%x>\n",
 342                         dev->name, h->address, h->control, ntohs (h->protocol));
 343 drop:
 344         kfree_skb(skb);
 345 done:
 346         spin_unlock_irqrestore(&sp->lock, flags);
 347         sppp_flush_xmit();
 348         return;
 349 }
 350
 351 /*
 352  *      Handle transmit packets.
 353  */
 354
 355 static int sppp_hard_header(struct sk_buff *skb,
 356                             struct net_device *dev, __u16 type,
 357                             const void *daddr, const void *saddr,
 358                             unsigned int len)
 359 {
 360         struct sppp *sp = (struct sppp *)sppp_of(dev);
 361         struct ppp_header *h;
 362         skb_push(skb,sizeof(struct ppp_header));
 363         h=(struct ppp_header *)skb->data;
 364         if(sp->pp_flags&PP_CISCO)
 365         {
 366                 h->address = CISCO_UNICAST;
 367                 h->control = 0;
 368         }
 369         else
 370         {
 371                 h->address = PPP_ALLSTATIONS;
 372                 h->control = PPP_UI;
 373         }
 374         if(sp->pp_flags & PP_CISCO)
 375         {
 376                 h->protocol = htons(type);
 377         }
 378         else switch(type)
 379         {
 380                 case ETH_P_IP:
 381                         h->protocol = htons(PPP_IP);
 382                         break;
 383                 case ETH_P_IPX:
 384                         h->protocol = htons(PPP_IPX);
 385                         break;
 386         }
 387         return sizeof(struct ppp_header);
 388 }
 389
 390 static const struct header_ops sppp_header_ops = {
 391         .create = sppp_hard_header,
 392 };
 393
 394 /*
 395  * Send keepalive packets, every 10 seconds.
 396  */
 397
 398 static void sppp_keepalive (unsigned long dummy)
 399 {
 400         struct sppp *sp;
 401         unsigned long flags;
 402
 403         spin_lock_irqsave(&spppq_lock, flags);
 404
 405         for (sp=spppq; sp; sp=sp->pp_next)
 406         {
 407                 struct net_device *dev = sp->pp_if;
 408
 409                 /* Keepalive mode disabled or channel down? */
 410                 if (! (sp->pp_flags & PP_KEEPALIVE) ||
 411                     ! (dev->flags & IFF_UP))
 412                         continue;
 413
 414                 spin_lock(&sp->lock);
 415
 416                 /* No keepalive in PPP mode if LCP not opened yet. */
 417                 if (! (sp->pp_flags & PP_CISCO) &&
 418                     sp->lcp.state != LCP_STATE_OPENED) {
 419                         spin_unlock(&sp->lock);
 420                         continue;
 421                 }
 422
 423                 if (sp->pp_alivecnt == MAXALIVECNT) {
 424                         /* No keepalive packets got.  Stop the interface. */
 425                         printk (KERN_WARNING "%s: protocol down\n", dev->name);
 426                         if_down (dev);
 427                         if (! (sp->pp_flags & PP_CISCO)) {
 428                                 /* Shut down the PPP link. */
 429                                 sp->lcp.magic = jiffies;
 430                                 sp->lcp.state = LCP_STATE_CLOSED;
 431                                 sp->ipcp.state = IPCP_STATE_CLOSED;
 432                                 sppp_clear_timeout (sp);
 433                                 /* Initiate negotiation. */
 434                                 sppp_lcp_open (sp);
 435                         }
 436                 }
 437                 if (sp->pp_alivecnt <= MAXALIVECNT)
 438                         ++sp->pp_alivecnt;
 439                 if (sp->pp_flags & PP_CISCO)
 440                         sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, ++sp->pp_seq,
 441                                 sp->pp_rseq);
 442                 else if (sp->lcp.state == LCP_STATE_OPENED) {
 443                         __be32 nmagic = htonl (sp->lcp.magic);
 444                         sp->lcp.echoid = ++sp->pp_seq;
 445                         sppp_cp_send (sp, PPP_LCP, LCP_ECHO_REQ,
 446                                 sp->lcp.echoid, 4, &nmagic);
 447                 }
 448
 449                 spin_unlock(&sp->lock);
 450         }
 451         spin_unlock_irqrestore(&spppq_lock, flags);
 452         sppp_flush_xmit();
 453         sppp_keepalive_timer.expires=jiffies+10*HZ;
 454         add_timer(&sppp_keepalive_timer);
 455 }
 456
 457 /*
 458  * Handle incoming PPP Link Control Protocol packets.
 459  */
 460
 461 static void sppp_lcp_input (struct sppp *sp, struct sk_buff *skb)
 462 {
 463         struct lcp_header *h;
 464         struct net_device *dev = sp->pp_if;
 465         int len = skb->len;
 466         u8 *p, opt[6];
 467         u32 rmagic = 0;
 468
 469         if (!pskb_may_pull(skb, sizeof(struct lcp_header))) {
 470                 if (sp->pp_flags & PP_DEBUG)
 471                         printk (KERN_WARNING "%s: invalid lcp packet length: %d bytes\n",
 472                                 dev->name, len);
 473                 return;
 474         }
 475         h = (struct lcp_header *)skb->data;
 476         skb_pull(skb,sizeof(struct lcp_header *));
 477
 478         if (sp->pp_flags & PP_DEBUG)
 479         {
 480                 char state = '?';
 481                 switch (sp->lcp.state) {
 482                 case LCP_STATE_CLOSED:   state = 'C'; break;
 483                 case LCP_STATE_ACK_RCVD: state = 'R'; break;
 484                 case LCP_STATE_ACK_SENT: state = 'S'; break;
 485                 case LCP_STATE_OPENED:   state = 'O'; break;
 486                 }
 487                 printk (KERN_WARNING "%s: lcp input(%c): %d bytes <%s id=%xh len=%xh",
 488                         dev->name, state, len,
 489                         sppp_lcp_type_name (h->type), h->ident, ntohs (h->len));
 490                 if (len > 4)
 491                         sppp_print_bytes ((u8*) (h+1), len-4);
 492                 printk (">\n");
 493         }
 494         if (len > ntohs (h->len))
 495                 len = ntohs (h->len);
 496         switch (h->type) {
 497         default:
 498                 /* Unknown packet type -- send Code-Reject packet. */
 499                 sppp_cp_send (sp, PPP_LCP, LCP_CODE_REJ, ++sp->pp_seq,
 500                         skb->len, h);
 501                 break;
 502         case LCP_CONF_REQ:
 503                 if (len < 4) {
 504                         if (sp->pp_flags & PP_DEBUG)
 505                                 printk (KERN_DEBUG"%s: invalid lcp configure request packet length: %d bytes\n",
 506                                         dev->name, len);
 507                         break;
 508                 }
 509                 if (len>4 && !sppp_lcp_conf_parse_options (sp, h, len, &rmagic))
 510                         goto badreq;
 511                 if (rmagic == sp->lcp.magic) {
 512                         /* Local and remote magics equal -- loopback? */
 513                         if (sp->pp_loopcnt >= MAXALIVECNT*5) {
 514                                 printk (KERN_WARNING "%s: loopback\n",
 515                                         dev->name);
 516                                 sp->pp_loopcnt = 0;
 517                                 if (dev->flags & IFF_UP) {
 518                                         if_down (dev);
 519                                 }
 520                         } else if (sp->pp_flags & PP_DEBUG)
 521                                 printk (KERN_DEBUG "%s: conf req: magic glitch\n",
 522                                         dev->name);
 523                         ++sp->pp_loopcnt;
 524
 525                         /* MUST send Conf-Nack packet. */
 526                         rmagic = ~sp->lcp.magic;
 527                         opt[0] = LCP_OPT_MAGIC;
 528                         opt[1] = sizeof (opt);
 529                         opt[2] = rmagic >> 24;
 530                         opt[3] = rmagic >> 16;
 531                         opt[4] = rmagic >> 8;
 532                         opt[5] = rmagic;
 533                         sppp_cp_send (sp, PPP_LCP, LCP_CONF_NAK,
 534                                 h->ident, sizeof (opt), &opt);
 535 badreq:
 536                         switch (sp->lcp.state) {
 537                         case LCP_STATE_OPENED:
 538                                 /* Initiate renegotiation. */
 539                                 sppp_lcp_open (sp);
 540                                 /* fall through... */
 541                         case LCP_STATE_ACK_SENT:
 542                                 /* Go to closed state. */
 543                                 sp->lcp.state = LCP_STATE_CLOSED;
 544                                 sp->ipcp.state = IPCP_STATE_CLOSED;
 545                         }
 546                         break;
 547                 }
 548                 /* Send Configure-Ack packet. */
 549                 sp->pp_loopcnt = 0;
 550                 if (sp->lcp.state != LCP_STATE_OPENED) {
 551                         sppp_cp_send (sp, PPP_LCP, LCP_CONF_ACK,
 552                                         h->ident, len-4, h+1);
 553                 }
 554                 /* Change the state. */
 555                 switch (sp->lcp.state) {
 556                 case LCP_STATE_CLOSED:
 557                         sp->lcp.state = LCP_STATE_ACK_SENT;
 558                         break;
 559                 case LCP_STATE_ACK_RCVD:
 560                         sp->lcp.state = LCP_STATE_OPENED;
 561                         sppp_ipcp_open (sp);
 562                         break;
 563                 case LCP_STATE_OPENED:
 564                         /* Remote magic changed -- close session. */
 565                         sp->lcp.state = LCP_STATE_CLOSED;
 566                         sp->ipcp.state = IPCP_STATE_CLOSED;
 567                         /* Initiate renegotiation. */
 568                         sppp_lcp_open (sp);
 569                         /* Send ACK after our REQ in attempt to break loop */
 570                         sppp_cp_send (sp, PPP_LCP, LCP_CONF_ACK,
 571                                         h->ident, len-4, h+1);
 572                         sp->lcp.state = LCP_STATE_ACK_SENT;
 573                         break;
 574                 }
 575                 break;
 576         case LCP_CONF_ACK:
 577                 if (h->ident != sp->lcp.confid)
 578                         break;
 579                 sppp_clear_timeout (sp);
 580                 if ((sp->pp_link_state != SPPP_LINK_UP) &&
 581                     (dev->flags & IFF_UP)) {
 582                         /* Coming out of loopback mode. */
 583                         sp->pp_link_state=SPPP_LINK_UP;
 584                         printk (KERN_INFO "%s: protocol up\n", dev->name);
 585                 }
 586                 switch (sp->lcp.state) {
 587                 case LCP_STATE_CLOSED:
 588                         sp->lcp.state = LCP_STATE_ACK_RCVD;
 589                         sppp_set_timeout (sp, 5);
 590                         break;
 591                 case LCP_STATE_ACK_SENT:
 592                         sp->lcp.state = LCP_STATE_OPENED;
 593                         sppp_ipcp_open (sp);
 594                         break;
 595                 }
 596                 break;
 597         case LCP_CONF_NAK:
 598                 if (h->ident != sp->lcp.confid)
 599                         break;
 600                 p = (u8*) (h+1);
 601                 if (len>=10 && p[0] == LCP_OPT_MAGIC && p[1] >= 4) {
 602                         rmagic = (u32)p[2] << 24 |
 603                                 (u32)p[3] << 16 | p[4] << 8 | p[5];
 604                         if (rmagic == ~sp->lcp.magic) {
 605                                 int newmagic;
 606                                 if (sp->pp_flags & PP_DEBUG)
 607                                         printk (KERN_DEBUG "%s: conf nak: magic glitch\n",
 608                                                 dev->name);
 609                                 get_random_bytes(&newmagic, sizeof(newmagic));
 610                                 sp->lcp.magic += newmagic;
 611                         } else
 612                                 sp->lcp.magic = rmagic;
 613                         }
 614                 if (sp->lcp.state != LCP_STATE_ACK_SENT) {
 615                         /* Go to closed state. */
 616                         sp->lcp.state = LCP_STATE_CLOSED;
 617                         sp->ipcp.state = IPCP_STATE_CLOSED;
 618                 }
 619                 /* The link will be renegotiated after timeout,
 620                  * to avoid endless req-nack loop. */
 621                 sppp_clear_timeout (sp);
 622                 sppp_set_timeout (sp, 2);
 623                 break;
 624         case LCP_CONF_REJ:
 625                 if (h->ident != sp->lcp.confid)
 626                         break;
 627                 sppp_clear_timeout (sp);
 628                 /* Initiate renegotiation. */
 629                 sppp_lcp_open (sp);
 630                 if (sp->lcp.state != LCP_STATE_ACK_SENT) {
 631                         /* Go to closed state. */
 632                         sp->lcp.state = LCP_STATE_CLOSED;
 633                         sp->ipcp.state = IPCP_STATE_CLOSED;
 634                 }
 635                 break;
 636         case LCP_TERM_REQ:
 637                 sppp_clear_timeout (sp);
 638                 /* Send Terminate-Ack packet. */
 639                 sppp_cp_send (sp, PPP_LCP, LCP_TERM_ACK, h->ident, 0, NULL);
 640                 /* Go to closed state. */
 641                 sp->lcp.state = LCP_STATE_CLOSED;
 642                 sp->ipcp.state = IPCP_STATE_CLOSED;
 643                 /* Initiate renegotiation. */
 644                 sppp_lcp_open (sp);
 645                 break;
 646         case LCP_TERM_ACK:
 647         case LCP_CODE_REJ:
 648         case LCP_PROTO_REJ:
 649                 /* Ignore for now. */
 650                 break;
 651         case LCP_DISC_REQ:
 652                 /* Discard the packet. */
 653                 break;
 654         case LCP_ECHO_REQ:
 655                 if (sp->lcp.state != LCP_STATE_OPENED)
 656                         break;
 657                 if (len < 8) {
 658                         if (sp->pp_flags & PP_DEBUG)
 659                                 printk (KERN_WARNING "%s: invalid lcp echo request packet length: %d bytes\n",
 660                                         dev->name, len);
 661                         break;
 662                 }
 663                 if (ntohl (*(__be32*)(h+1)) == sp->lcp.magic) {
 664                         /* Line loopback mode detected. */
 665                         printk (KERN_WARNING "%s: loopback\n", dev->name);
 666                         if_down (dev);
 667
 668                         /* Shut down the PPP link. */
 669                         sp->lcp.state = LCP_STATE_CLOSED;
 670                         sp->ipcp.state = IPCP_STATE_CLOSED;
 671                         sppp_clear_timeout (sp);
 672                         /* Initiate negotiation. */
 673                         sppp_lcp_open (sp);
 674                         break;
 675                 }
 676                 *(__be32 *)(h+1) = htonl (sp->lcp.magic);
 677                 sppp_cp_send (sp, PPP_LCP, LCP_ECHO_REPLY, h->ident, len-4, h+1);
 678                 break;
 679         case LCP_ECHO_REPLY:
 680                 if (h->ident != sp->lcp.echoid)
 681                         break;
 682                 if (len < 8) {
 683                         if (sp->pp_flags & PP_DEBUG)
 684                                 printk (KERN_WARNING "%s: invalid lcp echo reply packet length: %d bytes\n",
 685                                         dev->name, len);
 686                         break;
 687                 }
 688                 if (ntohl(*(__be32 *)(h+1)) != sp->lcp.magic)
 689                 sp->pp_alivecnt = 0;
 690                 break;
 691         }
 692 }
 693
 694 /*
 695  * Handle incoming Cisco keepalive protocol packets.
 696  */
 697
 698 static void sppp_cisco_input (struct sppp *sp, struct sk_buff *skb)
 699 {
 700         struct cisco_packet *h;
 701         struct net_device *dev = sp->pp_if;
 702
 703         if (!pskb_may_pull(skb, sizeof(struct cisco_packet))
 704             || (skb->len != CISCO_PACKET_LEN
 705                 && skb->len != CISCO_BIG_PACKET_LEN)) {
 706                 if (sp->pp_flags & PP_DEBUG)
 707                         printk (KERN_WARNING "%s: invalid cisco packet length: %d bytes\n",
 708                                 dev->name,  skb->len);
 709                 return;
 710         }
 711         h = (struct cisco_packet *)skb->data;
 712         skb_pull(skb, sizeof(struct cisco_packet*));
 713         if (sp->pp_flags & PP_DEBUG)
 714                 printk (KERN_WARNING "%s: cisco input: %d bytes <%xh %xh %xh %xh %xh-%xh>\n",
 715                         dev->name,  skb->len,
 716                         ntohl (h->type), h->par1, h->par2, h->rel,
 717                         h->time0, h->time1);
 718         switch (ntohl (h->type)) {
 719         default:
 720                 if (sp->pp_flags & PP_DEBUG)
 721                         printk (KERN_WARNING "%s: unknown cisco packet type: 0x%x\n",
 722                                 dev->name,  ntohl (h->type));
 723                 break;
 724         case CISCO_ADDR_REPLY:
 725                 /* Reply on address request, ignore */
 726                 break;
 727         case CISCO_KEEPALIVE_REQ:
 728                 sp->pp_alivecnt = 0;
 729                 sp->pp_rseq = ntohl (h->par1);
 730                 if (sp->pp_seq == sp->pp_rseq) {
 731                         /* Local and remote sequence numbers are equal.
 732                          * Probably, the line is in loopback mode. */
 733                         int newseq;
 734                         if (sp->pp_loopcnt >= MAXALIVECNT) {
 735                                 printk (KERN_WARNING "%s: loopback\n",
 736                                         dev->name);
 737                                 sp->pp_loopcnt = 0;
 738                                 if (dev->flags & IFF_UP) {
 739                                         if_down (dev);
 740                                 }
 741                         }
 742                         ++sp->pp_loopcnt;
 743
 744                         /* Generate new local sequence number */
 745                         get_random_bytes(&newseq, sizeof(newseq));
 746                         sp->pp_seq ^= newseq;
 747                         break;
 748                 }
 749                 sp->pp_loopcnt = 0;
 750                 if (sp->pp_link_state==SPPP_LINK_DOWN &&
 751                     (dev->flags & IFF_UP)) {
 752                         sp->pp_link_state=SPPP_LINK_UP;
 753                         printk (KERN_INFO "%s: protocol up\n", dev->name);
 754                 }
 755                 break;
 756         case CISCO_ADDR_REQ:
 757                 /* Stolen from net/ipv4/devinet.c -- SIOCGIFADDR ioctl */
 758                 {
 759                 __be32 addr = 0, mask = htonl(~0U); /* FIXME: is the mask correct? */
 760 #ifdef CONFIG_INET
 761                 struct in_device *in_dev;
 762                 struct in_ifaddr *ifa;
 763
 764                 rcu_read_lock();
 765                 if ((in_dev = __in_dev_get_rcu(dev)) != NULL)
 766                 {
 767                         for (ifa=in_dev->ifa_list; ifa != NULL;
 768                                 ifa=ifa->ifa_next) {
 769                                 if (strcmp(dev->name, ifa->ifa_label) == 0)
 770                                 {
 771                                         addr = ifa->ifa_local;
 772                                         mask = ifa->ifa_mask;
 773                                         break;
 774                                 }
 775                         }
 776                 }
 777                 rcu_read_unlock();
 778 #endif
 779                 sppp_cisco_send (sp, CISCO_ADDR_REPLY, ntohl(addr), ntohl(mask));
 780                 break;
 781                 }
 782         }
 783 }
 784
 785
 786 /*
 787  * Send PPP LCP packet.
 788  */
 789
 790 static void sppp_cp_send (struct sppp *sp, u16 proto, u8 type,
 791         u8 ident, u16 len, void *data)
 792 {
 793         struct ppp_header *h;
 794         struct lcp_header *lh;
 795         struct sk_buff *skb;
 796         struct net_device *dev = sp->pp_if;
 797
 798         skb=alloc_skb(dev->hard_header_len+PPP_HEADER_LEN+LCP_HEADER_LEN+len,
 799                 GFP_ATOMIC);
 800         if (skb==NULL)
 801                 return;
 802
 803         skb_reserve(skb,dev->hard_header_len);
 804
 805         h = (struct ppp_header *)skb_put(skb, sizeof(struct ppp_header));
 806         h->address = PPP_ALLSTATIONS;        /* broadcast address */
 807         h->control = PPP_UI;                 /* Unnumbered Info */
 808         h->protocol = htons (proto);         /* Link Control Protocol */
 809
 810         lh = (struct lcp_header *)skb_put(skb, sizeof(struct lcp_header));
 811         lh->type = type;
 812         lh->ident = ident;
 813         lh->len = htons (LCP_HEADER_LEN + len);
 814
 815         if (len)
 816                 memcpy(skb_put(skb,len),data, len);
 817
 818         if (sp->pp_flags & PP_DEBUG) {
 819                 printk (KERN_WARNING "%s: %s output <%s id=%xh len=%xh",
 820                         dev->name,
 821                         proto==PPP_LCP ? "lcp" : "ipcp",
 822                         proto==PPP_LCP ? sppp_lcp_type_name (lh->type) :
 823                         sppp_ipcp_type_name (lh->type), lh->ident,
 824                         ntohs (lh->len));
 825                 if (len)
 826                         sppp_print_bytes ((u8*) (lh+1), len);
 827                 printk (">\n");
 828         }
 829         /* Control is high priority so it doesn't get queued behind data */
 830         skb->priority=TC_PRIO_CONTROL;
 831         skb->dev = dev;
 832         skb_queue_tail(&tx_queue, skb);
 833 }
 834
 835 /*
 836  * Send Cisco keepalive packet.
 837  */
 838
 839 static void sppp_cisco_send (struct sppp *sp, int type, u32 par1, u32 par2)
 840 {
 841         struct ppp_header *h;
 842         struct cisco_packet *ch;
 843         struct sk_buff *skb;
 844         struct net_device *dev = sp->pp_if;
 845         u32 t = jiffies * 1000/HZ;
 846
 847         skb=alloc_skb(dev->hard_header_len+PPP_HEADER_LEN+CISCO_PACKET_LEN,
 848                 GFP_ATOMIC);
 849
 850         if(skb==NULL)
 851                 return;
 852
 853         skb_reserve(skb, dev->hard_header_len);
 854         h = (struct ppp_header *)skb_put (skb, sizeof(struct ppp_header));
 855         h->address = CISCO_MULTICAST;
 856         h->control = 0;
 857         h->protocol = htons (CISCO_KEEPALIVE);
 858
 859         ch = (struct cisco_packet*)skb_put(skb, CISCO_PACKET_LEN);
 860         ch->type = htonl (type);
 861         ch->par1 = htonl (par1);
 862         ch->par2 = htonl (par2);
 863         ch->rel = htons(0xffff);
 864         ch->time0 = htons ((u16) (t >> 16));
 865         ch->time1 = htons ((u16) t);
 866
 867         if (sp->pp_flags & PP_DEBUG)
 868                 printk (KERN_WARNING "%s: cisco output: <%xh %xh %xh %xh %xh-%xh>\n",
 869                         dev->name,  ntohl (ch->type), ch->par1,
 870                         ch->par2, ch->rel, ch->time0, ch->time1);
 871         skb->priority=TC_PRIO_CONTROL;
 872         skb->dev = dev;
 873         skb_queue_tail(&tx_queue, skb);
 874 }
 875
 876 /**
 877  *      sppp_close - close down a synchronous PPP or Cisco HDLC link
 878  *      @dev: The network device to drop the link of
 879  *
 880  *      This drops the logical interface to the channel. It is not
 881  *      done politely as we assume we will also be dropping DTR. Any
 882  *      timeouts are killed.
 883  */
 884
 885 int sppp_close (struct net_device *dev)
 886 {
 887         struct sppp *sp = (struct sppp *)sppp_of(dev);
 888         unsigned long flags;
 889
 890         spin_lock_irqsave(&sp->lock, flags);
 891         sp->pp_link_state = SPPP_LINK_DOWN;
 892         sp->lcp.state = LCP_STATE_CLOSED;
 893         sp->ipcp.state = IPCP_STATE_CLOSED;
 894         sppp_clear_timeout (sp);
 895         spin_unlock_irqrestore(&sp->lock, flags);
 896
 897         return 0;
 898 }
 899
 900 EXPORT_SYMBOL(sppp_close);
 901
 902 /**
 903  *      sppp_open - open a synchronous PPP or Cisco HDLC link
 904  *      @dev:   Network device to activate
 905  *
 906  *      Close down any existing synchronous session and commence
 907  *      from scratch. In the PPP case this means negotiating LCP/IPCP
 908  *      and friends, while for Cisco HDLC we simply need to start sending
 909  *      keepalives
 910  */
 911
 912 int sppp_open (struct net_device *dev)
 913 {
 914         struct sppp *sp = (struct sppp *)sppp_of(dev);
 915         unsigned long flags;
 916
 917         sppp_close(dev);
 918
 919         spin_lock_irqsave(&sp->lock, flags);
 920         if (!(sp->pp_flags & PP_CISCO)) {
 921                 sppp_lcp_open (sp);
 922         }
 923         sp->pp_link_state = SPPP_LINK_DOWN;
 924         spin_unlock_irqrestore(&sp->lock, flags);
 925         sppp_flush_xmit();
 926
 927         return 0;
 928 }
 929
 930 EXPORT_SYMBOL(sppp_open);
 931
 932 /**
 933  *      sppp_reopen - notify of physical link loss
 934  *      @dev: Device that lost the link
 935  *
 936  *      This function informs the synchronous protocol code that
 937  *      the underlying link died (for example a carrier drop on X.21)
 938  *
 939  *      We increment the magic numbers to ensure that if the other end
 940  *      failed to notice we will correctly start a new session. It happens
 941  *      do to the nature of telco circuits is that you can lose carrier on
 942  *      one endonly.
 943  *
 944  *      Having done this we go back to negotiating. This function may
 945  *      be called from an interrupt context.
 946  */
 947
 948 int sppp_reopen (struct net_device *dev)
 949 {
 950         struct sppp *sp = (struct sppp *)sppp_of(dev);
 951         unsigned long flags;
 952
 953         sppp_close(dev);
 954
 955         spin_lock_irqsave(&sp->lock, flags);
 956         if (!(sp->pp_flags & PP_CISCO))
 957         {
 958                 sp->lcp.magic = jiffies;
 959                 ++sp->pp_seq;
 960                 sp->lcp.state = LCP_STATE_CLOSED;
 961                 sp->ipcp.state = IPCP_STATE_CLOSED;
 962                 /* Give it a moment for the line to settle then go */
 963                 sppp_set_timeout (sp, 1);
 964         }
 965         sp->pp_link_state=SPPP_LINK_DOWN;
 966         spin_unlock_irqrestore(&sp->lock, flags);
 967
 968         return 0;
 969 }
 970
 971 EXPORT_SYMBOL(sppp_reopen);
 972
 973 /**
 974  *      sppp_change_mtu - Change the link MTU
 975  *      @dev:   Device to change MTU on
 976  *      @new_mtu: New MTU
 977  *
 978  *      Change the MTU on the link. This can only be called with
 979  *      the link down. It returns an error if the link is up or
 980  *      the mtu is out of range.
 981  */
 982
 983 static int sppp_change_mtu(struct net_device *dev, int new_mtu)
 984 {
 985         if(new_mtu<128||new_mtu>PPP_MTU||(dev->flags&IFF_UP))
 986                 return -EINVAL;
 987         dev->mtu=new_mtu;
 988         return 0;
 989 }
 990
 991 /**
 992  *      sppp_do_ioctl - Ioctl handler for ppp/hdlc
 993  *      @dev: Device subject to ioctl
 994  *      @ifr: Interface request block from the user
 995  *      @cmd: Command that is being issued
 996  *
 997  *      This function handles the ioctls that may be issued by the user
 998  *      to control the settings of a PPP/HDLC link. It does both busy
 999  *      and security checks. This function is intended to be wrapped by
1000  *      callers who wish to add additional ioctl calls of their own.
1001  */
1002
1003 int sppp_do_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
1004 {
1005         struct sppp *sp = (struct sppp *)sppp_of(dev);
1006
1007         if(dev->flags&IFF_UP)
1008                 return -EBUSY;
1009
1010         if(!capable(CAP_NET_ADMIN))
1011                 return -EPERM;
1012
1013         switch(cmd)
1014         {
1015                 case SPPPIOCCISCO:
1016                         sp->pp_flags|=PP_CISCO;
1017                         dev->type = ARPHRD_HDLC;
1018                         break;
1019                 case SPPPIOCPPP:
1020                         sp->pp_flags&=~PP_CISCO;
1021                         dev->type = ARPHRD_PPP;
1022                         break;
1023                 case SPPPIOCDEBUG:
1024                         sp->pp_flags&=~PP_DEBUG;
1025                         if(ifr->ifr_flags)
1026                                 sp->pp_flags|=PP_DEBUG;
1027                         break;
1028                 case SPPPIOCGFLAGS:
1029                         if(copy_to_user(ifr->ifr_data, &sp->pp_flags, sizeof(sp->pp_flags)))
1030                                 return -EFAULT;
1031                         break;
1032                 case SPPPIOCSFLAGS:
1033                         if(copy_from_user(&sp->pp_flags, ifr->ifr_data, sizeof(sp->pp_flags)))
1034                                 return -EFAULT;
1035                         break;
1036                 default:
1037                         return -EINVAL;
1038         }
1039         return 0;
1040 }
1041
1042 EXPORT_SYMBOL(sppp_do_ioctl);
1043
1044 /**
1045  *      sppp_attach - attach synchronous PPP/HDLC to a device
1046  *      @pd:    PPP device to initialise
1047  *
1048  *      This initialises the PPP/HDLC support on an interface. At the
1049  *      time of calling the dev element must point to the network device
1050  *      that this interface is attached to. The interface should not yet
1051  *      be registered.
1052  */
1053
1054 void sppp_attach(struct ppp_device *pd)
1055 {
1056         struct net_device *dev = pd->dev;
1057         struct sppp *sp = &pd->sppp;
1058         unsigned long flags;
1059
1060         /* Make sure embedding is safe for sppp_of */
1061         BUG_ON(sppp_of(dev) != sp);
1062
1063         spin_lock_irqsave(&spppq_lock, flags);
1064         /* Initialize keepalive handler. */
1065         if (! spppq)
1066         {
1067                 init_timer(&sppp_keepalive_timer);
1068                 sppp_keepalive_timer.expires=jiffies+10*HZ;
1069                 sppp_keepalive_timer.function=sppp_keepalive;
1070                 add_timer(&sppp_keepalive_timer);
1071         }
1072         /* Insert new entry into the keepalive list. */
1073         sp->pp_next = spppq;
1074         spppq = sp;
1075         spin_unlock_irqrestore(&spppq_lock, flags);
1076
1077         sp->pp_loopcnt = 0;
1078         sp->pp_alivecnt = 0;
1079         sp->pp_seq = 0;
1080         sp->pp_rseq = 0;
1081         sp->pp_flags = PP_KEEPALIVE|PP_CISCO|debug;/*PP_DEBUG;*/
1082         sp->lcp.magic = 0;
1083         sp->lcp.state = LCP_STATE_CLOSED;
1084         sp->ipcp.state = IPCP_STATE_CLOSED;
1085         sp->pp_if = dev;
1086         spin_lock_init(&sp->lock);
1087
1088         /*
1089          *      Device specific setup. All but interrupt handler and
1090          *      hard_start_xmit.
1091          */
1092
1093         dev->header_ops = &sppp_header_ops;
1094
1095         dev->tx_queue_len = 10;
1096         dev->type = ARPHRD_HDLC;
1097         dev->addr_len = 0;
1098         dev->hard_header_len = sizeof(struct ppp_header);
1099         dev->mtu = PPP_MTU;
1100         /*
1101          *      These 4 are callers but MUST also call sppp_ functions
1102          */
1103         dev->do_ioctl = sppp_do_ioctl;
1104 #if 0
1105         dev->get_stats = NULL;          /* Let the driver override these */
1106         dev->open = sppp_open;
1107         dev->stop = sppp_close;
1108 #endif
1109         dev->change_mtu = sppp_change_mtu;
1110         dev->flags = IFF_MULTICAST|IFF_POINTOPOINT|IFF_NOARP;
1111 }
1112
1113 EXPORT_SYMBOL(sppp_attach);
1114
1115 /**
1116  *      sppp_detach - release PPP resources from a device
1117  *      @dev:   Network device to release
1118  *
1119  *      Stop and free up any PPP/HDLC resources used by this
1120  *      interface. This must be called before the device is
1121  *      freed.
1122  */
1123
1124 void sppp_detach (struct net_device *dev)
1125 {
1126         struct sppp **q, *p, *sp = (struct sppp *)sppp_of(dev);
1127         unsigned long flags;
1128
1129         spin_lock_irqsave(&spppq_lock, flags);
1130         /* Remove the entry from the keepalive list. */
1131         for (q = &spppq; (p = *q); q = &p->pp_next)
1132                 if (p == sp) {
1133                         *q = p->pp_next;
1134                         break;
1135                 }
1136
1137         /* Stop keepalive handler. */
1138         if (! spppq)
1139                 del_timer(&sppp_keepalive_timer);
1140         sppp_clear_timeout (sp);
1141         spin_unlock_irqrestore(&spppq_lock, flags);
1142 }
1143
1144 EXPORT_SYMBOL(sppp_detach);
1145
1146 /*
1147  * Analyze the LCP Configure-Request options list
1148  * for the presence of unknown options.
1149  * If the request contains unknown options, build and
1150  * send Configure-reject packet, containing only unknown options.
1151  */
1152 static int
1153 sppp_lcp_conf_parse_options (struct sppp *sp, struct lcp_header *h,
1154         int len, u32 *magic)
1155 {
1156         u8 *buf, *r, *p;
1157         int rlen;
1158
1159         len -= 4;
1160         buf = r = kmalloc (len, GFP_ATOMIC);
1161         if (! buf)
1162                 return (0);
1163
1164         p = (void*) (h+1);
1165         for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
1166                 switch (*p) {
1167                 case LCP_OPT_MAGIC:
1168                         /* Magic number -- extract. */
1169                         if (len >= 6 && p[1] == 6) {
1170                                 *magic = (u32)p[2] << 24 |
1171                                         (u32)p[3] << 16 | p[4] << 8 | p[5];
1172                                 continue;
1173                         }
1174                         break;
1175                 case LCP_OPT_ASYNC_MAP:
1176                         /* Async control character map -- check to be zero. */
1177                         if (len >= 6 && p[1] == 6 && ! p[2] && ! p[3] &&
1178                             ! p[4] && ! p[5])
1179                                 continue;
1180                         break;
1181                 case LCP_OPT_MRU:
1182                         /* Maximum receive unit -- always OK. */
1183                         continue;
1184                 default:
1185                         /* Others not supported. */
1186                         break;
1187                 }
1188                 /* Add the option to rejected list. */
1189                 memcpy(r, p, p[1]);
1190                 r += p[1];
1191                 rlen += p[1];
1192         }
1193         if (rlen)
1194                 sppp_cp_send (sp, PPP_LCP, LCP_CONF_REJ, h->ident, rlen, buf);
1195         kfree(buf);
1196         return (rlen == 0);
1197 }
1198
1199 static void sppp_ipcp_input (struct sppp *sp, struct sk_buff *skb)
1200 {
1201         struct lcp_header *h;
1202         struct net_device *dev = sp->pp_if;
1203         int len = skb->len;
1204
1205         if (!pskb_may_pull(skb, sizeof(struct lcp_header))) {
1206                 if (sp->pp_flags & PP_DEBUG)
1207                         printk (KERN_WARNING "%s: invalid ipcp packet length: %d bytes\n",
1208                                 dev->name,  len);
1209                 return;
1210         }
1211         h = (struct lcp_header *)skb->data;
1212         skb_pull(skb,sizeof(struct lcp_header));
1213         if (sp->pp_flags & PP_DEBUG) {
1214                 printk (KERN_WARNING "%s: ipcp input: %d bytes <%s id=%xh len=%xh",
1215                         dev->name,  len,
1216                         sppp_ipcp_type_name (h->type), h->ident, ntohs (h->len));
1217                 if (len > 4)
1218                         sppp_print_bytes ((u8*) (h+1), len-4);
1219                 printk (">\n");
1220         }
1221         if (len > ntohs (h->len))
1222                 len = ntohs (h->len);
1223         switch (h->type) {
1224         default:
1225                 /* Unknown packet type -- send Code-Reject packet. */
1226                 sppp_cp_send (sp, PPP_IPCP, IPCP_CODE_REJ, ++sp->pp_seq, len, h);
1227                 break;
1228         case IPCP_CONF_REQ:
1229                 if (len < 4) {
1230                         if (sp->pp_flags & PP_DEBUG)
1231                                 printk (KERN_WARNING "%s: invalid ipcp configure request packet length: %d bytes\n",
1232                                         dev->name, len);
1233                         return;
1234                 }
1235                 if (len > 4) {
1236                         sppp_cp_send (sp, PPP_IPCP, LCP_CONF_REJ, h->ident,
1237                                 len-4, h+1);
1238
1239                         switch (sp->ipcp.state) {
1240                         case IPCP_STATE_OPENED:
1241                                 /* Initiate renegotiation. */
1242                                 sppp_ipcp_open (sp);
1243                                 /* fall through... */
1244                         case IPCP_STATE_ACK_SENT:
1245                                 /* Go to closed state. */
1246                                 sp->ipcp.state = IPCP_STATE_CLOSED;
1247                         }
1248                 } else {
1249                         /* Send Configure-Ack packet. */
1250                         sppp_cp_send (sp, PPP_IPCP, IPCP_CONF_ACK, h->ident,
1251                                 0, NULL);
1252                         /* Change the state. */
1253                         if (sp->ipcp.state == IPCP_STATE_ACK_RCVD)
1254                                 sp->ipcp.state = IPCP_STATE_OPENED;
1255                         else
1256                                 sp->ipcp.state = IPCP_STATE_ACK_SENT;
1257                 }
1258                 break;
1259         case IPCP_CONF_ACK:
1260                 if (h->ident != sp->ipcp.confid)
1261                         break;
1262                 sppp_clear_timeout (sp);
1263                 switch (sp->ipcp.state) {
1264                 case IPCP_STATE_CLOSED:
1265                         sp->ipcp.state = IPCP_STATE_ACK_RCVD;
1266                         sppp_set_timeout (sp, 5);
1267                         break;
1268                 case IPCP_STATE_ACK_SENT:
1269                         sp->ipcp.state = IPCP_STATE_OPENED;
1270                         break;
1271                 }
1272                 break;
1273         case IPCP_CONF_NAK:
1274         case IPCP_CONF_REJ:
1275                 if (h->ident != sp->ipcp.confid)
1276                         break;
1277                 sppp_clear_timeout (sp);
1278                         /* Initiate renegotiation. */
1279                 sppp_ipcp_open (sp);
1280                 if (sp->ipcp.state != IPCP_STATE_ACK_SENT)
1281                         /* Go to closed state. */
1282                         sp->ipcp.state = IPCP_STATE_CLOSED;
1283                 break;
1284         case IPCP_TERM_REQ:
1285                 /* Send Terminate-Ack packet. */
1286                 sppp_cp_send (sp, PPP_IPCP, IPCP_TERM_ACK, h->ident, 0, NULL);
1287                 /* Go to closed state. */
1288                 sp->ipcp.state = IPCP_STATE_CLOSED;
1289                 /* Initiate renegotiation. */
1290                 sppp_ipcp_open (sp);
1291                 break;
1292         case IPCP_TERM_ACK:
1293                 /* Ignore for now. */
1294         case IPCP_CODE_REJ:
1295                 /* Ignore for now. */
1296                 break;
1297         }
1298 }
1299
1300 static void sppp_lcp_open (struct sppp *sp)
1301 {
1302         char opt[6];
1303
1304         if (! sp->lcp.magic)
1305                 sp->lcp.magic = jiffies;
1306         opt[0] = LCP_OPT_MAGIC;
1307         opt[1] = sizeof (opt);
1308         opt[2] = sp->lcp.magic >> 24;
1309         opt[3] = sp->lcp.magic >> 16;
1310         opt[4] = sp->lcp.magic >> 8;
1311         opt[5] = sp->lcp.magic;
1312         sp->lcp.confid = ++sp->pp_seq;
1313         sppp_cp_send (sp, PPP_LCP, LCP_CONF_REQ, sp->lcp.confid,
1314                 sizeof (opt), &opt);
1315         sppp_set_timeout (sp, 2);
1316 }
1317
1318 static void sppp_ipcp_open (struct sppp *sp)
1319 {
1320         sp->ipcp.confid = ++sp->pp_seq;
1321         sppp_cp_send (sp, PPP_IPCP, IPCP_CONF_REQ, sp->ipcp.confid, 0, NULL);
1322         sppp_set_timeout (sp, 2);
1323 }
1324
1325 /*
1326  * Process PPP control protocol timeouts.
1327  */
1328
1329 static void sppp_cp_timeout (unsigned long arg)
1330 {
1331         struct sppp *sp = (struct sppp*) arg;
1332         unsigned long flags;
1333
1334         spin_lock_irqsave(&sp->lock, flags);
1335
1336         sp->pp_flags &= ~PP_TIMO;
1337         if (! (sp->pp_if->flags & IFF_UP) || (sp->pp_flags & PP_CISCO)) {
1338                 spin_unlock_irqrestore(&sp->lock, flags);
1339                 return;
1340         }
1341         switch (sp->lcp.state) {
1342         case LCP_STATE_CLOSED:
1343                 /* No ACK for Configure-Request, retry. */
1344                 sppp_lcp_open (sp);
1345                 break;
1346         case LCP_STATE_ACK_RCVD:
1347                 /* ACK got, but no Configure-Request for peer, retry. */
1348                 sppp_lcp_open (sp);
1349                 sp->lcp.state = LCP_STATE_CLOSED;
1350                 break;
1351         case LCP_STATE_ACK_SENT:
1352                 /* ACK sent but no ACK for Configure-Request, retry. */
1353                 sppp_lcp_open (sp);
1354                 break;
1355         case LCP_STATE_OPENED:
1356                 /* LCP is already OK, try IPCP. */
1357                 switch (sp->ipcp.state) {
1358                 case IPCP_STATE_CLOSED:
1359                         /* No ACK for Configure-Request, retry. */
1360                         sppp_ipcp_open (sp);
1361                         break;
1362                 case IPCP_STATE_ACK_RCVD:
1363                         /* ACK got, but no Configure-Request for peer, retry. */
1364                         sppp_ipcp_open (sp);
1365                         sp->ipcp.state = IPCP_STATE_CLOSED;
1366                         break;
1367                 case IPCP_STATE_ACK_SENT:
1368                         /* ACK sent but no ACK for Configure-Request, retry. */
1369                         sppp_ipcp_open (sp);
1370                         break;
1371                 case IPCP_STATE_OPENED:
1372                         /* IPCP is OK. */
1373                         break;
1374                 }
1375                 break;
1376         }
1377         spin_unlock_irqrestore(&sp->lock, flags);
1378         sppp_flush_xmit();
1379 }
1380
1381 static char *sppp_lcp_type_name (u8 type)
1382 {
1383         static char buf [8];
1384         switch (type) {
1385         case LCP_CONF_REQ:   return ("conf-req");
1386         case LCP_CONF_ACK:   return ("conf-ack");
1387         case LCP_CONF_NAK:   return ("conf-nack");
1388         case LCP_CONF_REJ:   return ("conf-rej");
1389         case LCP_TERM_REQ:   return ("term-req");
1390         case LCP_TERM_ACK:   return ("term-ack");
1391         case LCP_CODE_REJ:   return ("code-rej");
1392         case LCP_PROTO_REJ:  return ("proto-rej");
1393         case LCP_ECHO_REQ:   return ("echo-req");
1394         case LCP_ECHO_REPLY: return ("echo-reply");
1395         case LCP_DISC_REQ:   return ("discard-req");
1396         }
1397         sprintf (buf, "%xh", type);
1398         return (buf);
1399 }
1400
1401 static char *sppp_ipcp_type_name (u8 type)
1402 {
1403         static char buf [8];
1404         switch (type) {
1405         case IPCP_CONF_REQ:   return ("conf-req");
1406         case IPCP_CONF_ACK:   return ("conf-ack");
1407         case IPCP_CONF_NAK:   return ("conf-nack");
1408         case IPCP_CONF_REJ:   return ("conf-rej");
1409         case IPCP_TERM_REQ:   return ("term-req");
1410         case IPCP_TERM_ACK:   return ("term-ack");
1411         case IPCP_CODE_REJ:   return ("code-rej");
1412         }
1413         sprintf (buf, "%xh", type);
1414         return (buf);
1415 }
1416
1417 static void sppp_print_bytes (u_char *p, u16 len)
1418 {
1419         printk (" %x", *p++);
1420         while (--len > 0)
1421                 printk ("-%x", *p++);
1422 }
1423
1424 /**
1425  *      sppp_rcv -      receive and process a WAN PPP frame
1426  *      @skb:   The buffer to process
1427  *      @dev:   The device it arrived on
1428  *      @p: Unused
1429  *      @orig_dev: Unused
1430  *
1431  *      Protocol glue. This drives the deferred processing mode the poorer
1432  *      cards use. This can be called directly by cards that do not have
1433  *      timing constraints but is normally called from the network layer
1434  *      after interrupt servicing to process frames queued via netif_rx.
1435  */
1436
1437 static int sppp_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *p, struct net_device *orig_dev)
1438 {
1439         if (dev_net(dev) != &init_net) {
1440                 kfree_skb(skb);
1441                 return 0;
1442         }
1443
1444         if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)
1445                 return NET_RX_DROP;
1446         sppp_input(dev,skb);
1447         return 0;
1448 }
1449
1450 static struct packet_type sppp_packet_type = {
1451         .type   = __constant_htons(ETH_P_WAN_PPP),
1452         .func   = sppp_rcv,
1453 };
1454
1455 static char banner[] __initdata =
1456         KERN_INFO "Cronyx Ltd, Synchronous PPP and CISCO HDLC (c) 1994\n"
1457         KERN_INFO "Linux port (c) 1998 Building Number Three Ltd & "
1458                   "Jan \"Yenya\" Kasprzak.\n";
1459
1460 static int __init sync_ppp_init(void)
1461 {
1462         if(debug)
1463                 debug=PP_DEBUG;
1464         printk(banner);
1465         skb_queue_head_init(&tx_queue);
1466         dev_add_pack(&sppp_packet_type);
1467         return 0;
1468 }
1469
1470
1471 static void __exit sync_ppp_cleanup(void)
1472 {
1473         dev_remove_pack(&sppp_packet_type);
1474 }
1475
1476 module_init(sync_ppp_init);
1477 module_exit(sync_ppp_cleanup);
1478 module_param(debug, int, 0);
1479 MODULE_LICENSE("GPL");
1480