comparison src/g23m-fad/ppp/ppp_lcpf.c @ 174:90eb61ecd093

src/g23m-fad: initial import from TCS3.2/LoCosto
author Mychaela Falconia <falcon@freecalypso.org>
date Wed, 12 Oct 2016 05:40:46 +0000
parents
children
comparison
equal deleted inserted replaced
173:bf64d785238a 174:90eb61ecd093
1 /*
2 +-----------------------------------------------------------------------------
3 | Project :
4 | Modul :
5 +-----------------------------------------------------------------------------
6 | Copyright 2002 Texas Instruments Berlin, AG
7 | All rights reserved.
8 |
9 | This file is confidential and a trade secret of Texas
10 | Instruments Berlin, AG
11 | The receipt of or possession of this file does not convey
12 | any rights to reproduce or disclose its contents or to
13 | manufacture, use, or sell anything it may describe, in
14 | whole, or in part, without the specific written consent of
15 | Texas Instruments Berlin, AG.
16 +-----------------------------------------------------------------------------
17 | Purpose : This modul is part of the entity PPP and implements all
18 | procedures and functions as described in the
19 | SDL-documentation (LCP-statemachine)
20 +-----------------------------------------------------------------------------
21 */
22
23 #ifndef PPP_LCPF_C
24 #define PPP_LCPF_C
25 #endif /* !PPP_LCPF_C */
26
27 #define ENTITY_PPP
28
29 /*==== INCLUDES =============================================================*/
30
31 #include "typedefs.h" /* to get Condat data types */
32 #include "vsi.h" /* to get a lot of macros */
33 #include "macdef.h" /* to get a lot of macros */
34 #include "custom.h" /* to get a lot of macros */
35 #include "gsm.h" /* to get a lot of macros */
36 #include "cnf_ppp.h" /* to get cnf-definitions */
37 #include "mon_ppp.h" /* to get mon-definitions */
38 #include "prim.h" /* to get the definitions of used SAP and directions */
39 #include "dti.h" /* to get the DTILIB definitions */
40 #include "ppp.h" /* to get the global entity definitions */
41
42 #include <string.h> /* to get memcpy */
43 #include "ppp_arbf.h" /* to get function interface from arb */
44 #include "ppp_capf.h"
45
46 #ifdef _SIMULATION_
47 #include <stdio.h> /* to get sprintf */
48 #endif /* _SIMULATION_ */
49
50 /*==== CONST ================================================================*/
51
52 #define TYPE_MRU 1
53 #define TYPE_ACCM 2
54 #define TYPE_AP 3
55 #define TYPE_QP 4
56 #define TYPE_MAGIC 5
57 #define TYPE_PFC 7
58 #define TYPE_ACFC 8
59 #define TYPE_FCS 9
60
61 #define LENGTH_MRU 4
62 #define LENGTH_ACCM 6
63 #define LENGTH_AP_PAP 4
64 #define LENGTH_AP_CHAP 5
65 #define LENGTH_AP_MIN 4
66 #define LENGTH_AP_MAX LENGTH_AP_CHAP
67 #define LENGTH_MAGIC 6
68 #define LENGTH_PFC 2
69 #define LENGTH_ACFC 2
70 #define LENGTH_FCS 3
71
72 /*
73 * all other configuration options not yet supported
74 */
75 #define LCP_CONF_REQ_LENGTH_MAX (4 + \
76 LENGTH_MRU + \
77 LENGTH_ACCM + \
78 LENGTH_AP_MAX + \
79 LENGTH_PFC + \
80 LENGTH_ACFC)
81 #define LCP_TERM_REQ_LENGTH 6
82
83 #define ALGORITHM_MD5 5
84
85 /*==== LOCAL VARS ===========================================================*/
86
87 /*==== PRIVATE FUNCTIONS ====================================================*/
88
89 /*==== PUBLIC FUNCTIONS =====================================================*/
90
91
92
93 /*
94 +------------------------------------------------------------------------------
95 | Function : lcp_init
96 +------------------------------------------------------------------------------
97 | Description : The function lcp_init() initialize Link Control Protocol (LCP)
98 |
99 | Parameters : no parameters
100 |
101 +------------------------------------------------------------------------------
102 */
103 GLOBAL void lcp_init ()
104 {
105 TRACE_FUNCTION( "lcp_init" );
106 /*
107 * initialize values
108 */
109 ppp_data->lcp.req_mru=PPP_MRU_DEFAULT;
110 ppp_data->lcp.req_ap=PPP_AP_DEFAULT;
111 ppp_data->lcp.req_accm=PPP_ACCM_DEFAULT;
112
113 ppp_data->lcp.r_mru=PPP_MRU_DEFAULT;
114 ppp_data->lcp.r_accm=PPP_ACCM_DEFAULT;
115 ppp_data->lcp.r_pfc=PPP_PFC_DEFAULT;
116 ppp_data->lcp.r_acfc=PPP_ACFC_DEFAULT;
117
118 ppp_data->lcp.s_mru=PPP_MRU_DEFAULT;
119 ppp_data->lcp.s_accm=PPP_ACCM_DEFAULT;
120 ppp_data->lcp.s_pfc=PPP_PFC_DEFAULT;
121 ppp_data->lcp.s_acfc=PPP_ACFC_DEFAULT;
122
123 ppp_data->lcp.n_ap=PPP_AP_DEFAULT;
124
125 ppp_data->lcp.s_rejected=0;
126
127 ppp_data->lcp.nscri=0;
128 ppp_data->lcp.nstri=0;
129 ppp_data->lcp.nscji=0;
130
131 ppp_data->lcp.scr=FALSE;
132 ppp_data->lcp.str=FALSE;
133
134 INIT_STATE( PPP_SERVICE_LCP , LCP_STATE );
135 } /* lcp_init() */
136
137
138
139 /*
140 +------------------------------------------------------------------------------
141 | Function : lcp_get_values
142 +------------------------------------------------------------------------------
143 | Description : The function lcp_get_values() returns negotiated values
144 |
145 | Parameters : ptr_ap - returns Authentication Protocol
146 | ptr_mru - returns Maximum Receive Unit
147 | ptr_accm - returns Async Control Character Map
148 | ptr_pfc - returns Protocol Field Compression
149 | ptr_acfc - returns Address and Control Field Compression
150 |
151 +------------------------------------------------------------------------------
152 */
153 GLOBAL void lcp_get_values (UBYTE* ptr_ap,
154 USHORT* ptr_mru,
155 ULONG* ptr_accm,
156 UBYTE* ptr_pfc,
157 UBYTE* ptr_acfc)
158 {
159 TRACE_FUNCTION( "lcp_get_values" );
160
161 *ptr_mru = ppp_data->lcp.r_mru;
162 *ptr_accm = ppp_data->lcp.r_accm | ppp_data->lcp.s_accm;
163 *ptr_ap = ppp_data->lcp.n_ap;
164 *ptr_pfc = ppp_data->lcp.r_pfc;
165 *ptr_acfc = ppp_data->lcp.r_acfc;
166
167 } /* lcp_get_values() */
168
169
170
171 /*
172 +------------------------------------------------------------------------------
173 | Function : lcp_fill_out_packet
174 +------------------------------------------------------------------------------
175 | Description : The function lcp_fill_out_packet() puts a LCP packet into
176 | the protocol configuration list
177 |
178 | Parameters : pco_buf - pco list buffer
179 | ptr_pos - position where to write the LCP packet, this value
180 | must get back to the calling funtion
181 |
182 +------------------------------------------------------------------------------
183 */
184 GLOBAL void lcp_fill_out_packet (UBYTE pco_buf[], USHORT* ptr_pos)
185 {
186 USHORT pos;
187 USHORT len_pos1, len_pos2;
188 USHORT mru;
189
190 TRACE_FUNCTION( "lcp_fill_out_packet" );
191
192 if((ppp_data->pco_mask & PPP_PCO_MASK_LCP_MRU) ||
193 (ppp_data->pco_mask & PPP_PCO_MASK_LCP_AP) ||
194 (ppp_data->pco_mask & PPP_PCO_MASK_LCP_TWO))
195 {
196 pos = *ptr_pos;
197 #ifdef _SIMULATION_
198 TRACE_EVENT_P3("parameters: pco_buf[]=%08x, ptr_pos=%08x, pos=%d",
199 pco_buf,
200 ptr_pos,
201 (int)pos);
202 #endif /* _SIMULATION_ */
203
204 /*
205 * create Configure-Request packet
206 */
207 /*
208 * Protocol ID
209 */
210 pco_buf[pos] = PROTOCOL_LCP_MSB;
211 pos++;
212 pco_buf[pos] = PROTOCOL_LCP_LSB;
213 pos++;
214 /*
215 * Length of Protocol contents (store the position)
216 */
217 len_pos1 = pos;
218 pos++;
219 /*
220 * Code field
221 */
222 pco_buf[pos] = CODE_CONF_REQ;
223 pos++;
224 /*
225 * Identifier field (some value)
226 */
227 pco_buf[pos] = 1;
228 pos++;
229 /*
230 * Length field (store the position)
231 */
232 len_pos2 = pos;
233 pos++;
234 pos++;
235
236 if(ppp_data->pco_mask & PPP_PCO_MASK_LCP_MRU)
237 {
238 /*
239 * Maximum Receive Unit
240 */
241 /*
242 * if PPP_PCO_MASK_LCP_TWO is set use always s_mru
243 * if PPP_PCO_MASK_LCP_TWO is not set
244 * use the smaller one of s_mru and r_mru
245 */
246 if((ppp_data->pco_mask & PPP_PCO_MASK_LCP_TWO) ||
247 (ppp_data->lcp.s_mru < ppp_data->lcp.r_mru))
248 mru = ppp_data->lcp.s_mru;
249 else
250 mru = ppp_data->lcp.r_mru;
251 pco_buf[pos]=TYPE_MRU;
252 pos++;
253 pco_buf[pos]=LENGTH_MRU;
254 pos++;
255 pco_buf[pos]=(UBYTE)(mru >> 8);
256 pos++;
257 pco_buf[pos]=(UBYTE)(mru & 0x00ff);
258 pos++;
259 }
260
261 if(ppp_data->pco_mask & PPP_PCO_MASK_LCP_AP)
262 {
263 /*
264 * Authentication Protocol
265 */
266 switch(ppp_data->lcp.n_ap)
267 {
268 case PPP_AP_PAP:
269 pco_buf[pos]=TYPE_AP;
270 pos++;
271 pco_buf[pos]=LENGTH_AP_PAP;
272 pos++;
273 pco_buf[pos]=PROTOCOL_PAP_MSB;
274 pos++;
275 pco_buf[pos]=PROTOCOL_PAP_LSB;
276 pos++;
277 break;
278 case PPP_AP_CHAP:
279 pco_buf[pos]=TYPE_AP;
280 pos++;
281 pco_buf[pos]=LENGTH_AP_CHAP;
282 pos++;
283 pco_buf[pos]=PROTOCOL_CHAP_MSB;
284 pos++;
285 pco_buf[pos]=PROTOCOL_CHAP_LSB;
286 pos++;
287 pco_buf[pos]=ALGORITHM_MD5;
288 pos++;
289 break;
290 }
291 }
292 /*
293 * insert packet length
294 */
295 #ifdef _SIMULATION_
296 TRACE_EVENT_P3("len_pos1=%d, len_pos2=%d, pos=%d",
297 (int)len_pos1,
298 (int)len_pos2,
299 (int)pos);
300 #endif /* _SIMULATION_ */
301 pco_buf[len_pos2] = 0;
302 len_pos2++;
303 pco_buf[len_pos2] = (UBYTE)(pos - len_pos2 + 3);
304 /*
305 * insert Length of Protocol Contents
306 */
307 pco_buf[len_pos1] = pco_buf[len_pos2];
308
309 if(ppp_data->pco_mask & PPP_PCO_MASK_LCP_TWO)
310 {
311 /*
312 * create client Configure-Request packet
313 */
314 /*
315 * Protocol ID
316 */
317 pco_buf[pos] = PROTOCOL_LCP_MSB;
318 pos++;
319 pco_buf[pos] = PROTOCOL_LCP_LSB;
320 pos++;
321 /*
322 * Length of Protocol contents (store the position)
323 */
324 len_pos1 = pos;
325 pos++;
326 /*
327 * Code field
328 */
329 pco_buf[pos] = CODE_CONF_REQ;
330 pos++;
331 /*
332 * Identifier field (some value)
333 */
334 pco_buf[pos] = 1;
335 pos++;
336 /*
337 * Length field (store the position)
338 */
339 len_pos2 = pos;
340 pos++;
341 pos++;
342
343 if(ppp_data->pco_mask & PPP_PCO_MASK_LCP_MRU)
344 {
345 /*
346 * Maximum Receive Unit
347 */
348 mru = ppp_data->lcp.r_mru;
349 pco_buf[pos]=TYPE_MRU;
350 pos++;
351 pco_buf[pos]=LENGTH_MRU;
352 pos++;
353 pco_buf[pos]=(UBYTE)(mru >> 8);
354 pos++;
355 pco_buf[pos]=(UBYTE)(mru & 0x00ff);
356 pos++;
357 }
358
359 /*
360 * insert packet length
361 */
362 #ifdef _SIMULATION_
363 TRACE_EVENT_P3("len_pos1=%d, len_pos2=%d, pos=%d",
364 (int)len_pos1,
365 (int)len_pos2,
366 (int)pos);
367 #endif /* _SIMULATION_ */
368 pco_buf[len_pos2] = 0;
369 len_pos2++;
370 pco_buf[len_pos2] = (UBYTE)(pos - len_pos2 + 3);
371 /*
372 * insert Length of Protocol Contents
373 */
374 pco_buf[len_pos1] = pco_buf[len_pos2];
375 }
376
377 #ifdef _SIMULATION_
378 TRACE_EVENT_P6("pco_buf[%d]=%02x, pco_buf[%d]=%02x, pco_buf[%d]=%02x",
379 (int)(len_pos1),
380 pco_buf[len_pos1],
381 (int)(len_pos2 - 1),
382 pco_buf[len_pos2 - 1],
383 (int)len_pos2,
384 pco_buf[len_pos2]);
385 #endif /* _SIMULATION_ */
386 /*
387 * return new position
388 */
389 *ptr_pos=pos;
390 }
391 } /* lcp_fill_out_packet() */
392
393
394
395 /*
396 +------------------------------------------------------------------------------
397 | Function : lcp_get_scr
398 +------------------------------------------------------------------------------
399 | Description : The function lcp_get_scr() returns a LCP
400 | Configure Request packet
401 |
402 | Parameters : ptr_packet - returns the Configure Request packet
403 | THE MEMORY FOR THE PACKET WILL ALLOCATED BY
404 | THIS FUNCTION
405 |
406 +------------------------------------------------------------------------------
407 */
408 GLOBAL void lcp_get_scr (T_desc2** ptr_packet)
409 {
410 T_desc2* ret_desc;
411 USHORT len_pos;
412 USHORT pos;
413
414
415 TRACE_FUNCTION( "lcp_get_scr" );
416
417 /*
418 * Allocate the necessary size for the data descriptor. The size is
419 * calculated as follows:
420 * - take the size of a descriptor structure
421 * - subtract one because of the array buffer[1] to get the size of
422 * descriptor control information
423 * - add number of octets of descriptor data
424 */
425 MALLOC (ret_desc, (USHORT)(sizeof(T_desc2) - 1 + LCP_CONF_REQ_LENGTH_MAX));
426 /*
427 * fill the packet
428 */
429 ret_desc->next=(ULONG)NULL;
430 pos=0;
431 /*
432 * Code field
433 */
434 ret_desc->buffer[pos]=CODE_CONF_REQ;
435 pos++;
436 /*
437 * Identifier field
438 */
439 ret_desc->buffer[pos]=ppp_data->lcp.nscri;/*lint !e415 (Warning -- access of out-of-bounds pointer) */
440 pos++;
441 /*
442 * Length field (store the position)
443 */
444 len_pos=pos;
445 pos++;
446 pos++;
447 /*
448 * Maximum Receive Unit
449 */
450 if(((ppp_data->lcp.s_rejected & (1UL << TYPE_MRU)) EQ 0) &&
451 (ppp_data->lcp.s_mru NEQ PPP_MRU_DEFAULT))
452 {
453 ret_desc->buffer[pos]=TYPE_MRU;/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
454 pos++;
455 ret_desc->buffer[pos]=LENGTH_MRU;/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
456 pos++;
457 ret_desc->buffer[pos]=(UBYTE)(ppp_data->lcp.s_mru >> 8);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
458 pos++;
459 ret_desc->buffer[pos]=(UBYTE)(ppp_data->lcp.s_mru & 0x00ff);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
460 pos++;
461 }
462 /*
463 * Async Control Character Map
464 */
465 if(((ppp_data->lcp.s_rejected & (1UL << TYPE_ACCM)) EQ 0) &&
466 (ppp_data->lcp.s_accm NEQ PPP_ACCM_DEFAULT))
467 {
468 ret_desc->buffer[pos]=TYPE_ACCM;/*lint !e661 !e662 (Warning -- Likely access/creation of out-of-bounds pointer) */
469 pos++;
470 ret_desc->buffer[pos]=LENGTH_ACCM;/*lint !e661 !e662 (Warning -- Likely access/creation of out-of-bounds pointer) */
471 pos++;
472 ret_desc->buffer[pos]=(UBYTE)(ppp_data->lcp.s_accm >> 24);/*lint !e661 !e662 (Warning -- Likely access/creation of out-of-bounds pointer) */
473 pos++;
474 ret_desc->buffer[pos]=(UBYTE)((ppp_data->lcp.s_accm >> 16) & 0x000000ff);/*lint !e661 !e662 (Warning -- Likely access/creation of out-of-bounds pointer) */
475 pos++;
476 ret_desc->buffer[pos]=(UBYTE)((ppp_data->lcp.s_accm >> 8) & 0x000000ff);/*lint !e661 !e662 (Warning -- Likely access/creation of out-of-bounds pointer) */
477 pos++;
478 ret_desc->buffer[pos]=(UBYTE)(ppp_data->lcp.s_accm & 0x000000ff);/*lint !e661 !e662 (Warning -- Likely access/creation of out-of-bounds pointer) */
479 pos++;
480 }
481 /*
482 * Authentication Protocol
483 * (only in server mode)
484 */
485 if(((ppp_data->lcp.s_rejected & (1UL << TYPE_AP)) EQ 0) &&
486 (ppp_data->mode EQ PPP_SERVER) &&
487 (ppp_data->lcp.n_ap NEQ PPP_AP_DEFAULT))
488 if(ppp_data->lcp.n_ap EQ PPP_AP_PAP)
489 {
490 ret_desc->buffer[pos]=TYPE_AP;/*lint !e661 !e662 (Warning -- Likely access/creation of out-of-bounds pointer) */
491 pos++;
492 ret_desc->buffer[pos]=LENGTH_AP_PAP;/*lint !e661 !e662 (Warning -- Likely access/creation of out-of-bounds pointer) */
493 pos++;
494 ret_desc->buffer[pos]=PROTOCOL_PAP_MSB;/*lint !e661 !e662 (Warning -- Likely access/creation of out-of-bounds pointer) */
495 pos++;
496 ret_desc->buffer[pos]=PROTOCOL_PAP_LSB;/*lint !e661 !e662 (Warning -- Likely access/creation of out-of-bounds pointer) */
497 pos++;
498 }
499 else
500 {
501 ret_desc->buffer[pos]=TYPE_AP;/*lint !e661 !e662 (Warning -- Likely access/creation of out-of-bounds pointer) */
502 pos++;
503 ret_desc->buffer[pos]=LENGTH_AP_CHAP;/*lint !e661 !e662 (Warning -- Likely access/creation of out-of-bounds pointer) */
504 pos++;
505 ret_desc->buffer[pos]=PROTOCOL_CHAP_MSB;/*lint !e661 !e662 (Warning -- Likely access/creation of out-of-bounds pointer) */
506 pos++;
507 ret_desc->buffer[pos]=PROTOCOL_CHAP_LSB;/*lint !e661 !e662 (Warning -- Likely access/creation of out-of-bounds pointer) */
508 pos++;
509 ret_desc->buffer[pos]=ALGORITHM_MD5;/*lint !e661 !e662 (Warning -- Likely access/creation of out-of-bounds pointer) */
510 pos++;
511 }
512 /*
513 * Protocol Field Compression
514 */
515 if(((ppp_data->lcp.s_rejected & (1UL << TYPE_PFC)) EQ 0) &&
516 (ppp_data->lcp.s_pfc NEQ PPP_PFC_DEFAULT))
517 {
518 ret_desc->buffer[pos]=TYPE_PFC;/*lint !e661 !e662 (Warning -- Likely access/creation of out-of-bounds pointer) */
519 pos++;
520 ret_desc->buffer[pos]=LENGTH_PFC;/*lint !e661 !e662 (Warning -- Likely access/creation of out-of-bounds pointer) */
521 pos++;
522 }
523 /*
524 * Address and Control Field Compression
525 */
526 if(((ppp_data->lcp.s_rejected & (1UL << TYPE_ACFC)) EQ 0) &&
527 (ppp_data->lcp.s_acfc NEQ PPP_ACFC_DEFAULT))
528 {
529 ret_desc->buffer[pos]=TYPE_ACFC;/*lint !e661 !e662 (Warning -- Likely access/creation of out-of-bounds pointer) */
530 pos++;
531 ret_desc->buffer[pos]=LENGTH_ACFC;/*lint !e661 !e662 (Warning -- Likely access/creation of out-of-bounds pointer) */
532 pos++;
533 }
534
535
536 /*
537 * insert packet length
538 */
539 ret_desc->len=pos;
540 ret_desc->buffer[len_pos]=(UBYTE)(pos >> 8);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
541 len_pos++;
542 ret_desc->buffer[len_pos]=(UBYTE)(pos & 0x00ff);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
543
544 /*
545 * return the created packet
546 */
547 ppp_data->lcp.scr=TRUE;
548 *ptr_packet=ret_desc;
549
550 } /* lcp_get_scr() */
551
552
553
554 /*
555 +------------------------------------------------------------------------------
556 | Function : lcp_get_str
557 +------------------------------------------------------------------------------
558 | Description : The function lcp_get_str() returns a LCP
559 | Terminate Request packet
560 |
561 | Parameters : ptr_packet - returns the Terminate Request packet
562 | THE MEMORY FOR THE PACKET WILL ALLOCATED BY
563 | THIS FUNCTION
564 |
565 +------------------------------------------------------------------------------
566 */
567 GLOBAL void lcp_get_str (T_desc2** ptr_packet)
568 {
569 T_desc2* ret_desc;
570 USHORT pos;
571
572 TRACE_FUNCTION( "lcp_get_str" );
573
574 /*
575 * Allocate the necessary size for the data descriptor. The size is
576 * calculated as follows:
577 * - take the size of a descriptor structure
578 * - subtract one because of the array buffer[1] to get the size of
579 * descriptor control information
580 * - add number of octets of descriptor data
581 */
582 MALLOC (ret_desc, (USHORT)(sizeof(T_desc2) - 1 + LCP_TERM_REQ_LENGTH));
583 /*
584 * fill the packet
585 */
586 ret_desc->next = (ULONG)NULL;
587 ret_desc->len = LCP_TERM_REQ_LENGTH;
588 pos = 0;
589 /*
590 * Code field
591 */
592 ret_desc->buffer[pos] = CODE_TERM_REQ;
593 pos++;
594 /*
595 * Identifier field
596 */
597 ret_desc->buffer[pos] = ppp_data->lcp.nstri;/*lint !e415 (Warning -- access of out-of-bounds pointer) */
598 pos++;
599 /*
600 * Length field
601 */
602 ret_desc->buffer[pos] = 0;/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
603 pos++;
604 ret_desc->buffer[pos] = LCP_TERM_REQ_LENGTH;/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
605 pos++;
606 /*
607 * Data field contains the error code
608 */
609 ret_desc->buffer[pos] = (U8)((ppp_data->ppp_cause >> 8) & 0x00ff);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
610 pos++;
611 ret_desc->buffer[pos] = (U8)((ppp_data->ppp_cause) & 0x00ff);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
612 pos++;
613
614 /*
615 * return the created packet
616 */
617 ppp_data->lcp.str = TRUE;
618 *ptr_packet = ret_desc;
619 } /* lcp_get_str() */
620
621
622
623 /*
624 +------------------------------------------------------------------------------
625 | Function : lcp_rcr
626 +------------------------------------------------------------------------------
627 | Description : The function lcp_rcr() analyzes the given
628 | Configure Request packet and returns either FORWARD_RCRP or
629 | FORWARD_RCRN depend on the result of the analysis.
630 | The packet pointer points to an appropriate response packet.
631 |
632 | Parameters : ptr_packet - pointer to a Configure Request packet
633 | forward - returns result of analysis
634 |
635 +------------------------------------------------------------------------------
636 */
637 GLOBAL void lcp_rcr (T_desc2** ptr_packet, UBYTE* isnew, UBYTE* forward)
638 {
639 T_desc2* packet;
640 USHORT packet_len;
641 UBYTE type_len;
642 USHORT pos;
643 USHORT copy_pos;
644 USHORT analyzed;
645 UBYTE code_ret;
646 USHORT ap_id;
647 UBYTE error_found;
648
649 TRACE_FUNCTION( "lcp_rcr" );
650
651 /*
652 * check for correct length field
653 */
654 packet=*ptr_packet;
655 packet_len=packet->buffer[2];/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
656 packet_len=packet_len << 8;
657 packet_len+=packet->buffer[3];/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
658 if((packet_len > packet->len) || (packet_len < 4))
659 {
660 *forward=FORWARD_DISCARD;
661 return;
662 }
663 /*
664 * check consistence of length of packet and length of configuration options
665 */
666 pos=5;
667 while(pos < packet_len)
668 {
669 if(packet->buffer[pos] < 2)
670 {
671 *forward=FORWARD_DISCARD;
672 return;
673 }
674 pos += packet->buffer[pos];
675 }
676 if((pos - 1) NEQ packet_len)
677 {
678 *forward=FORWARD_DISCARD;
679 return;
680 }
681 /*
682 * check whether it is a new identifier
683 */
684 *isnew=TRUE;
685 if((ppp_data->lcp.rcr) && (ppp_data->lcp.lrcri EQ packet->buffer[1]))/*lint !e415 (Warning -- access of out-of-bounds pointer) */
686 *isnew=FALSE;
687 ppp_data->lcp.lrcri=packet->buffer[1];/*lint !e415 (Warning -- access of out-of-bounds pointer) */
688 ppp_data->lcp.rcr=TRUE;
689 /*
690 * analyze configuration options
691 */
692 ppp_data->lcp.r_mru = PPP_MRU_DEFAULT;
693 ppp_data->lcp.r_accm = PPP_ACCM_DEFAULT;
694 ppp_data->lcp.r_pfc = PPP_PFC_DEFAULT;
695 ppp_data->lcp.r_acfc = PPP_ACFC_DEFAULT;
696 if(ppp_data->mode EQ PPP_CLIENT)
697 ppp_data->lcp.n_ap=PPP_AP_DEFAULT;
698 pos=4;
699 /*
700 * position where NAKed or Rejected configuration options are copied to
701 */
702 copy_pos=4;
703 /*
704 * code_ret contains actually the status of analysis
705 * states are CODE_CONF_ACK, CODE_CONF_NAK and CODE_CONF_REJ
706 * this state are also values for the Code-field in the return packet
707 */
708 code_ret=CODE_CONF_ACK;
709 /*
710 * analyzed is a bit field and marks all already analyzed
711 * configuration options in order to reject all configuration options
712 * which are listed more than once
713 */
714 analyzed=0;
715 while(pos < packet_len)
716 {
717 type_len=packet->buffer[pos + 1];/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
718 switch(packet->buffer[pos])/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
719 {
720 /*
721 * yet supported configuration options
722 */
723 case TYPE_MRU:
724 ppp_data->lcp.r_mru = packet->buffer[pos + 2];/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
725 ppp_data->lcp.r_mru = (ppp_data->lcp.r_mru << 8);
726 ppp_data->lcp.r_mru+= packet->buffer[pos + 3];/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
727
728 switch(code_ret)
729 {
730 case CODE_CONF_ACK:
731 if(((analyzed & (1UL << TYPE_MRU)) EQ 0) &&
732 (type_len EQ LENGTH_MRU) &&
733 (ppp_data->lcp.r_mru >= PPP_MRU_MIN))
734 {
735 analyzed|=(1UL << TYPE_MRU);
736 pos+=LENGTH_MRU;
737 break;
738 }
739 code_ret=CODE_CONF_NAK;
740 case CODE_CONF_NAK:
741 if((analyzed & (1UL << TYPE_MRU)) EQ 0)
742 {
743 analyzed|=(1UL << TYPE_MRU);
744
745 error_found=FALSE;
746 if(type_len < LENGTH_MRU)
747 {
748 T_desc2* temp_desc;
749
750 /*
751 * create a new larger packet and copy the content
752 * of the old packet into the new
753 */
754 MALLOC (temp_desc, (USHORT)(sizeof(T_desc2) - 1
755 + packet_len
756 + LENGTH_MRU
757 - type_len));
758 temp_desc->next=packet->next;
759 temp_desc->len=packet_len + LENGTH_MRU - type_len;
760 memcpy(temp_desc->buffer, packet->buffer, pos);/*lint !e669 !e670 (Warning -- Possible data overrun, Possible access beyond array ) */
761 memcpy(&temp_desc->buffer[pos + LENGTH_MRU - type_len],
762 &packet->buffer[pos], packet_len - pos);/*lint !e669 !e670 !e662 (Warning -- Possible data overrun, Possible access beyond array ) */
763 arb_discard_packet(packet);
764 packet_len += (LENGTH_MRU - type_len);
765 pos += (LENGTH_MRU - type_len);
766 packet=temp_desc;
767
768 error_found=TRUE;
769 ppp_data->lcp.r_mru=PPP_MRU_MIN;
770 }
771 else if(ppp_data->lcp.r_mru < PPP_MRU_MIN)
772 {
773 error_found=TRUE;
774 ppp_data->lcp.r_mru=PPP_MRU_MIN;
775 }
776 else if(type_len > LENGTH_MRU)
777 {
778 error_found=TRUE;
779 }
780 if(error_found EQ TRUE)
781 {
782 packet->buffer[copy_pos]=TYPE_MRU;/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
783 copy_pos++;
784 packet->buffer[copy_pos]=LENGTH_MRU;/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
785 copy_pos++;
786 packet->buffer[copy_pos]=(UBYTE)(ppp_data->lcp.r_mru >> 8);/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
787 copy_pos++;
788 packet->buffer[copy_pos]=(UBYTE)(ppp_data->lcp.r_mru & 0x00ff);/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
789 copy_pos++;
790 }
791 pos+= type_len;
792 break;
793 }
794 code_ret = CODE_CONF_REJ;
795 copy_pos = 4;
796 case CODE_CONF_REJ:
797 if((analyzed & (1UL << TYPE_MRU)) EQ 0)
798 {
799 analyzed|=(1UL << TYPE_MRU);
800 pos+= type_len;
801 break;
802 }
803 while(type_len > 0)
804 {
805 packet->buffer[copy_pos]=packet->buffer[pos];/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
806 copy_pos++;
807 pos++;
808 type_len--;
809 }
810 break;
811 }
812 break;
813 case TYPE_ACCM:
814 ppp_data->lcp.r_accm=packet->buffer[pos + 2];/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
815 ppp_data->lcp.r_accm=(ppp_data->lcp.r_accm << 8);
816 ppp_data->lcp.r_accm+=packet->buffer[pos + 3];/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
817 ppp_data->lcp.r_accm=(ppp_data->lcp.r_accm << 8);
818 ppp_data->lcp.r_accm+=packet->buffer[pos + 4];/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
819 ppp_data->lcp.r_accm=(ppp_data->lcp.r_accm << 8);
820 ppp_data->lcp.r_accm+=packet->buffer[pos + 5];/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
821
822 switch(code_ret)
823 {
824 case CODE_CONF_ACK:
825 if(((analyzed & (1UL << TYPE_ACCM)) EQ 0) &&
826 (type_len EQ LENGTH_ACCM))
827 {
828 analyzed|=(1UL << TYPE_ACCM);
829 pos+=LENGTH_ACCM;
830 break;
831 }
832 code_ret=CODE_CONF_NAK;
833 case CODE_CONF_NAK:
834 if((analyzed & (1UL << TYPE_ACCM)) EQ 0)
835 {
836 analyzed|=(1UL << TYPE_ACCM);
837
838 error_found=FALSE;
839 if(type_len < LENGTH_ACCM)
840 {
841 T_desc2* temp_desc;
842
843 /*
844 * create a new larger packet and copy the content
845 * of the old packet into the new
846 */
847 MALLOC (temp_desc, (USHORT)(sizeof(T_desc2) - 1
848 + packet_len
849 + LENGTH_ACCM
850 - type_len));
851 temp_desc->next=packet->next;
852 temp_desc->len=packet_len + LENGTH_ACCM - type_len;
853 memcpy(temp_desc->buffer, packet->buffer, pos);/*lint !e669 !e670 (Warning -- Possible data overrun, Possible access beyond array ) */
854 memcpy(&temp_desc->buffer[pos + LENGTH_ACCM - type_len],
855 &packet->buffer[pos], packet_len - pos);/*lint !e669 !e670 !e662 (Warning -- Possible data overrun, Possible access beyond array ) */
856 arb_discard_packet(packet);
857 packet_len += (LENGTH_ACCM - type_len);
858 pos += (LENGTH_ACCM - type_len);
859 packet=temp_desc;
860
861 error_found=TRUE;
862 }
863 else if(type_len > LENGTH_ACCM)
864 {
865 error_found=TRUE;
866 }
867 if(error_found EQ TRUE)
868 {
869 memmove(&packet->buffer[copy_pos],
870 &packet->buffer[pos],
871 LENGTH_ACCM);/*lint !e669 !e670 !e662 (Warning -- Possible data overrun, Possible access beyond array ) */
872 packet->buffer[copy_pos + 1]=LENGTH_ACCM;/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
873 copy_pos+=LENGTH_ACCM;
874 }
875 pos+=type_len;
876 break;
877 }
878 code_ret = CODE_CONF_REJ;
879 copy_pos = 4;
880 case CODE_CONF_REJ:
881 if((analyzed & (1UL << TYPE_ACCM)) EQ 0)
882 {
883 analyzed|=(1UL << TYPE_ACCM);
884 pos+=type_len;
885 break;
886 }
887 while(type_len > 0)
888 {
889 packet->buffer[copy_pos]=packet->buffer[pos];/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
890 copy_pos++;
891 pos++;
892 type_len--;
893 }
894 break;
895 }
896 break;
897 case TYPE_AP:
898 ap_id = (packet->buffer[pos + 2]) << 8;/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
899 ap_id |= packet->buffer[pos + 3];/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
900
901 switch(code_ret)
902 {
903 case CODE_CONF_ACK:
904 if(((analyzed & (1UL << TYPE_AP)) EQ 0) &&
905 (ppp_data->mode EQ PPP_CLIENT))
906 {
907 if((ap_id EQ DTI_PID_PAP) &&
908 (type_len EQ LENGTH_AP_PAP) &&
909 (ppp_data->lcp.req_ap EQ PPP_AP_PAP))
910 {
911 analyzed|=(1UL << TYPE_AP);
912 pos+=type_len;
913 ppp_data->lcp.n_ap = PPP_AP_PAP;
914 break;
915 }
916 if((ap_id EQ DTI_PID_PAP) &&
917 (type_len EQ LENGTH_AP_PAP) &&
918 (ppp_data->lcp.req_ap EQ PPP_AP_AUTO))
919 {
920 analyzed|=(1UL << TYPE_AP);
921 pos+=type_len;
922 ppp_data->lcp.n_ap = PPP_AP_PAP;
923 break;
924 }
925 if((ap_id EQ DTI_PID_CHAP) &&
926 (type_len EQ LENGTH_AP_CHAP) &&
927 (ppp_data->lcp.req_ap EQ PPP_AP_CHAP))
928 {
929 analyzed|=(1UL << TYPE_AP);
930 pos+=type_len;
931 ppp_data->lcp.n_ap = PPP_AP_CHAP;
932 break;
933 }
934 if((ap_id EQ DTI_PID_CHAP) &&
935 (type_len EQ LENGTH_AP_CHAP) &&
936 (ppp_data->lcp.req_ap EQ PPP_AP_AUTO))
937 {
938 analyzed|=(1UL << TYPE_AP);
939 pos+=type_len;
940 ppp_data->lcp.n_ap = PPP_AP_CHAP;
941 break;
942 }
943 }
944 code_ret=CODE_CONF_NAK;
945 case CODE_CONF_NAK:
946 if(((analyzed & (1UL << TYPE_AP)) EQ 0) &&
947 (ppp_data->mode EQ PPP_CLIENT) &&
948 (ppp_data->lcp.req_ap NEQ PPP_AP_NO))
949 {
950 analyzed|=(1UL << TYPE_AP);
951
952 error_found=FALSE;
953 if(((ppp_data->lcp.req_ap EQ PPP_AP_PAP) &&
954 (type_len < LENGTH_AP_PAP)) ||
955 ((ppp_data->lcp.req_ap EQ PPP_AP_CHAP) &&
956 (type_len < LENGTH_AP_CHAP)))
957 {
958 T_desc2* temp_desc;
959
960 /*
961 * create a new larger packet and copy the content
962 * of the old packet into the new
963 */
964 if(ppp_data->lcp.req_ap EQ PPP_AP_PAP)
965 {
966 MALLOC (temp_desc, (USHORT)(sizeof(T_desc2) - 1
967 + packet_len
968 + LENGTH_AP_PAP
969 - type_len));
970 temp_desc->len=packet_len + LENGTH_AP_PAP - type_len;
971 memcpy(&temp_desc->buffer[pos + LENGTH_AP_PAP - type_len],
972 &packet->buffer[pos], packet_len - pos);/*lint !e669 !e670 !e662 (Warning -- Possible data overrun, Possible access beyond array ) */
973 packet_len += (LENGTH_AP_PAP - type_len);
974 pos += (LENGTH_AP_PAP - type_len);
975 }
976 else
977 {
978 MALLOC (temp_desc, (USHORT)(sizeof(T_desc2) - 1
979 + packet_len
980 + LENGTH_AP_CHAP
981 - type_len));
982 temp_desc->len=packet_len + LENGTH_AP_CHAP - type_len;
983 memcpy(&temp_desc->buffer[pos + LENGTH_AP_CHAP - type_len],
984 &packet->buffer[pos], packet_len - pos);/*lint !e669 !e670 !e662 (Warning -- Possible data overrun, Possible access beyond array ) */
985 packet_len += (LENGTH_AP_CHAP - type_len);
986 pos += (LENGTH_AP_CHAP - type_len);
987 }
988 temp_desc->next=packet->next;
989 memcpy(temp_desc->buffer, packet->buffer, pos);/*lint !e669 !e670 (Warning -- Possible data overrun, Possible access beyond array ) */
990 arb_discard_packet(packet);
991 packet=temp_desc;
992
993 error_found=TRUE;
994 }
995 else if(((ppp_data->lcp.req_ap EQ PPP_AP_PAP) &&
996 (ap_id NEQ DTI_PID_PAP)) ||
997 ((ppp_data->lcp.req_ap EQ PPP_AP_CHAP) &&
998 (ap_id NEQ DTI_PID_CHAP)))
999 {
1000 error_found=TRUE;
1001 }
1002 else if(((ppp_data->lcp.req_ap EQ PPP_AP_PAP) &&
1003 (type_len > LENGTH_AP_PAP)) ||
1004 ((ppp_data->lcp.req_ap EQ PPP_AP_CHAP) &&
1005 (type_len > LENGTH_AP_CHAP)))
1006 {
1007 error_found=TRUE;
1008 }
1009 if(error_found EQ TRUE)
1010 {
1011 packet->buffer[copy_pos]=TYPE_AP;/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
1012 copy_pos++;
1013 if(ppp_data->lcp.req_ap EQ PPP_AP_PAP)
1014 {
1015 packet->buffer[copy_pos]=LENGTH_AP_PAP;/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
1016 copy_pos++;
1017 packet->buffer[copy_pos]=PROTOCOL_PAP_MSB;/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
1018 copy_pos++;
1019 packet->buffer[copy_pos]=PROTOCOL_PAP_LSB;/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
1020 copy_pos++;
1021 }
1022 else
1023 {
1024 packet->buffer[copy_pos]=LENGTH_AP_CHAP;/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
1025 copy_pos++;
1026 packet->buffer[copy_pos]=PROTOCOL_CHAP_MSB;/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
1027 copy_pos++;
1028 packet->buffer[copy_pos]=PROTOCOL_CHAP_LSB;/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
1029 copy_pos++;
1030 packet->buffer[copy_pos]=ALGORITHM_MD5;/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
1031 copy_pos++;
1032 }
1033 }
1034 pos+=type_len;
1035 break;
1036 }
1037 code_ret=CODE_CONF_REJ;
1038 copy_pos=4;
1039 case CODE_CONF_REJ:
1040 if(((analyzed & (1UL << TYPE_AP)) EQ 0) &&
1041 (ppp_data->mode EQ PPP_CLIENT) &&
1042 (ppp_data->lcp.req_ap NEQ PPP_AP_NO))
1043 {
1044 analyzed|=(1UL << TYPE_AP);
1045 pos+=type_len;
1046 break;
1047 }
1048 while(type_len > 0)
1049 {
1050 packet->buffer[copy_pos]=packet->buffer[pos];/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
1051 copy_pos++;
1052 pos++;
1053 type_len--;
1054 }
1055 break;
1056 }
1057 break;
1058 case TYPE_PFC:
1059 ppp_data->lcp.r_pfc=TRUE;
1060
1061 switch(code_ret)
1062 {
1063 case CODE_CONF_ACK:
1064 if(((analyzed & (1UL << TYPE_PFC)) EQ 0) &&
1065 (type_len EQ LENGTH_PFC))
1066 {
1067 analyzed|=(1UL << TYPE_PFC);
1068 pos+=LENGTH_PFC;
1069 break;
1070 }
1071 code_ret=CODE_CONF_NAK;
1072 case CODE_CONF_NAK:
1073 if((analyzed & (1UL << TYPE_PFC)) EQ 0)
1074 {
1075 analyzed|=(1UL << TYPE_PFC);
1076
1077 if(type_len > LENGTH_PFC)
1078 {
1079 memmove(&packet->buffer[copy_pos],
1080 &packet->buffer[pos],
1081 LENGTH_PFC);/*lint !e669 !e670 !e662 (Warning -- Possible data overrun, Possible access beyond array ) */
1082 packet->buffer[copy_pos + 1]=LENGTH_PFC;/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
1083 copy_pos+=LENGTH_PFC;
1084 }
1085 pos+=type_len;
1086 break;
1087 }
1088 code_ret=CODE_CONF_REJ;
1089 copy_pos=4;
1090 case CODE_CONF_REJ:
1091 if((analyzed & (1UL << TYPE_PFC)) EQ 0)
1092 {
1093 analyzed|=(1UL << TYPE_PFC);
1094 pos+=type_len;
1095 break;
1096 }
1097 while(type_len > 0)
1098 {
1099 packet->buffer[copy_pos]=packet->buffer[pos];/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
1100 copy_pos++;
1101 pos++;
1102 type_len--;
1103 }
1104 break;
1105 }
1106 break;
1107 case TYPE_ACFC:
1108 ppp_data->lcp.r_acfc=TRUE;
1109
1110 switch(code_ret)
1111 {
1112 case CODE_CONF_ACK:
1113 if(((analyzed & (1UL << TYPE_ACFC)) EQ 0) &&
1114 (type_len EQ LENGTH_ACFC))
1115 {
1116 analyzed|=(1UL << TYPE_ACFC);
1117 pos+=LENGTH_ACFC;
1118 break;
1119 }
1120 code_ret=CODE_CONF_NAK;
1121 case CODE_CONF_NAK:
1122 if((analyzed & (1UL << TYPE_ACFC)) EQ 0)
1123 {
1124 analyzed|=(1UL << TYPE_ACFC);
1125
1126 if(type_len > LENGTH_ACFC)
1127 {
1128 memmove(&packet->buffer[copy_pos],
1129 &packet->buffer[pos],
1130 LENGTH_ACFC);/*lint !e669 !e670 !e662 (Warning -- Possible data overrun, Possible access beyond array ) */
1131 packet->buffer[copy_pos + 1]=LENGTH_ACFC;/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
1132 copy_pos+=LENGTH_ACFC;
1133 }
1134 pos+=type_len;
1135 break;
1136 }
1137 code_ret=CODE_CONF_REJ;
1138 copy_pos=4;
1139 case CODE_CONF_REJ:
1140 if((analyzed & (1UL << TYPE_ACFC)) EQ 0)
1141 {
1142 analyzed|=(1UL << TYPE_ACFC);
1143 pos+=type_len;
1144 break;
1145 }
1146 while(type_len > 0)
1147 {
1148 packet->buffer[copy_pos]=packet->buffer[pos];/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
1149 copy_pos++;
1150 pos++;
1151 type_len--;
1152 }
1153 break;
1154 }
1155 break;
1156 default:
1157 switch(code_ret)
1158 {
1159 case CODE_CONF_ACK:
1160 case CODE_CONF_NAK:
1161 code_ret=CODE_CONF_REJ;
1162 copy_pos=4;
1163 /* fall through */
1164 default:
1165 while(type_len > 0)
1166 {
1167 packet->buffer[copy_pos]=packet->buffer[pos];/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
1168 copy_pos++;
1169 pos++;
1170 type_len--;
1171 }
1172 break;
1173 }
1174 }
1175 }
1176 /*
1177 * set new Code field in return packet
1178 */
1179 packet->buffer[0]=code_ret;
1180 *ptr_packet=packet;
1181
1182 if(copy_pos > 4)
1183 {
1184 /*
1185 * some configuration options are not acceptable
1186 */
1187 *forward=FORWARD_RCRN;
1188 /*
1189 * set new Length field
1190 */
1191 packet->len=copy_pos;
1192 packet->buffer[2]=(UBYTE)(copy_pos >> 8);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1193 packet->buffer[3]=(UBYTE)(copy_pos & 0x00ff);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1194 return;
1195 }
1196
1197 #ifdef _SIMULATION_
1198 ppp_trace_desc(packet);
1199 #endif
1200 /*
1201 * all configuration options are acceptable
1202 */
1203 *forward=FORWARD_RCRP;
1204 } /* lcp_rcr() */
1205
1206
1207
1208 /*
1209 +------------------------------------------------------------------------------
1210 | Function : lcp_rca
1211 +------------------------------------------------------------------------------
1212 | Description : The function lcp_rca() checks whether the given
1213 | Configure Ack packet is valid and if so it returns
1214 | FORWARD_RCA.
1215 |
1216 | Parameters : packet - Configure Ack packet
1217 | forward - returns result of analysis
1218 |
1219 +------------------------------------------------------------------------------
1220 */
1221 GLOBAL void lcp_rca (T_desc2* packet, UBYTE* forward)
1222 {
1223 USHORT packet_len;
1224
1225 TRACE_FUNCTION( "lcp_rca" );
1226
1227 packet_len=packet->buffer[2];/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1228 packet_len=packet_len << 8;
1229 packet_len+=packet->buffer[3];/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1230 if((packet_len < 4) || (packet_len > packet->len))
1231 {
1232 *forward=FORWARD_DISCARD;
1233 return;
1234 }
1235
1236 if((ppp_data->lcp.scr EQ FALSE) ||
1237 (packet->buffer[1] NEQ ppp_data->lcp.nscri))/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1238 {
1239 /*
1240 * invalid packet
1241 */
1242 *forward=FORWARD_DISCARD;
1243 return;
1244 }
1245 /*
1246 * acceptable packet
1247 */
1248 arb_discard_packet(packet);
1249 ppp_data->lcp.nscri++;
1250 *forward=FORWARD_RCA;
1251 } /* lcp_rca() */
1252
1253
1254
1255 /*
1256 +------------------------------------------------------------------------------
1257 | Function : lcp_rcn
1258 +------------------------------------------------------------------------------
1259 | Description : The function lcp_rcn() analyze the given
1260 | Configure Nak packet, changes some requested values and returns
1261 | FORWARD_RCN
1262 | The packet pointer points to an appropriate response packet.
1263 |
1264 | Parameters : ptr_packet - Configure Nak packet
1265 | forward - returns result of analysis
1266 |
1267 +------------------------------------------------------------------------------
1268 */
1269 GLOBAL void lcp_rcn (T_desc2** ptr_packet, UBYTE* forward)
1270 {
1271 T_desc2* packet;
1272 USHORT packet_len;
1273 UBYTE type_len;
1274 USHORT pos;
1275 USHORT mru;
1276 ULONG accm;
1277
1278 TRACE_FUNCTION( "lcp_rcn" );
1279
1280 /*
1281 * check for correct length field
1282 */
1283 packet = *ptr_packet;
1284 packet_len = packet->buffer[2];/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1285 packet_len = packet_len << 8;
1286 packet_len+= packet->buffer[3];/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1287 if((packet_len > packet->len) || (packet_len < 4))
1288 {
1289 *forward=FORWARD_DISCARD;
1290 return;
1291 }
1292
1293 if((ppp_data->lcp.scr EQ FALSE) ||
1294 (packet->buffer[1] NEQ ppp_data->lcp.nscri))/*lint !e415 (Warning -- access of out-of-bounds pointer) */
1295 {
1296 /*
1297 * invalid packet
1298 */
1299 *forward=FORWARD_DISCARD;
1300 return;
1301 }
1302 /*
1303 * check consistence of length of packet and length of configuration options
1304 */
1305 pos=5;
1306 while(pos < packet_len)
1307 {
1308 if(packet->buffer[pos] < 2)
1309 {
1310 *forward=FORWARD_DISCARD;
1311 return;
1312 }
1313 pos += packet->buffer[pos];
1314 }
1315 if((pos - 1) NEQ packet_len)
1316 {
1317 *forward=FORWARD_DISCARD;
1318 return;
1319 }
1320 /*
1321 * analyze configuration options
1322 */
1323 pos=4;
1324 while(pos < packet_len)
1325 {
1326 type_len=packet->buffer[pos + 1];/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
1327 switch(packet->buffer[pos])/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
1328 {
1329 /*
1330 * yet supported configuration options
1331 */
1332 case TYPE_MRU:
1333 mru = packet->buffer[pos + 2];/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
1334 mru = mru << 8;
1335 mru+= packet->buffer[pos + 3];/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
1336
1337 if((type_len EQ LENGTH_MRU) &&
1338 (mru >= PPP_MRU_MIN) &&
1339 (mru <= ppp_data->lcp.req_mru))
1340 {
1341 /*
1342 * clear reject flag and set new mru value
1343 */
1344 ppp_data->lcp.s_rejected &= ~(1UL << TYPE_MRU);
1345 ppp_data->lcp.s_mru=mru;
1346 }
1347 break;
1348 case TYPE_ACCM:
1349 if(type_len EQ LENGTH_ACCM)
1350 {
1351 accm=packet->buffer[pos + 2];/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
1352 accm=accm << 8;
1353 accm+=packet->buffer[pos + 3];/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
1354 accm=accm << 8;
1355 accm+=packet->buffer[pos + 4];/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
1356 accm=accm << 8;
1357 accm+=packet->buffer[pos + 5];/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
1358
1359 /*
1360 * clear reject flag and set new accm value
1361 */
1362 ppp_data->lcp.s_rejected &= ~(1UL << TYPE_ACCM);
1363 ppp_data->lcp.s_accm |= accm;
1364 }
1365 break;
1366 case TYPE_AP:
1367 if(ppp_data->lcp.n_ap EQ PPP_AP_CHAP)
1368 {
1369 TRACE_EVENT("LCP: CHAP rejected by client");
1370 }
1371 else if(ppp_data->lcp.n_ap EQ PPP_AP_PAP)
1372 {
1373 TRACE_EVENT("LCP: PAP rejected by client");
1374 }
1375 if((ppp_data->lcp.req_ap EQ PPP_AP_AUTO) &&
1376 (ppp_data->mode EQ PPP_SERVER))
1377 {
1378 /*
1379 * clear reject flag ans set new authentication protocol value
1380 */
1381 ppp_data->lcp.s_rejected &= ~(1UL << TYPE_AP);
1382
1383 if((packet->buffer[pos + 2] EQ PROTOCOL_CHAP_MSB) &&
1384 (packet->buffer[pos + 3] EQ PROTOCOL_CHAP_LSB))/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
1385 {
1386 ppp_data->lcp.n_ap=PPP_AP_CHAP;
1387 }
1388 else if((packet->buffer[pos + 2] EQ PROTOCOL_PAP_MSB) &&
1389 (packet->buffer[pos + 3] EQ PROTOCOL_PAP_LSB))/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
1390 {
1391 ppp_data->lcp.n_ap=PPP_AP_PAP;
1392 }
1393 else
1394 {
1395 ppp_data->lcp.n_ap=PPP_AP_NO;
1396 }
1397 }
1398 break;
1399 case TYPE_PFC:
1400 if(type_len EQ LENGTH_PFC)
1401 {
1402 /*
1403 * clear reject flag ans set new pfc value
1404 */
1405 ppp_data->lcp.s_rejected &= ~(1UL << TYPE_PFC);
1406 ppp_data->lcp.s_pfc=TRUE;
1407 }
1408 break;
1409 case TYPE_ACFC:
1410 if(type_len EQ LENGTH_ACFC)
1411 {
1412 /*
1413 * clear reject flag ans set new acfc value
1414 */
1415 ppp_data->lcp.s_rejected &= ~(1UL << TYPE_ACFC);
1416 ppp_data->lcp.s_acfc=TRUE;
1417 }
1418 break;
1419 }
1420 pos+=type_len;
1421 }
1422 /*
1423 * free this packet and create a new with changed configuration options
1424 */
1425 arb_discard_packet(packet);
1426 *forward=FORWARD_RCN;
1427 ppp_data->lcp.nscri++;
1428 lcp_get_scr(&packet);
1429 *ptr_packet=packet;
1430 } /* lcp_rcn() */
1431
1432
1433
1434 /*
1435 +------------------------------------------------------------------------------
1436 | Function : lcp_rcj
1437 +------------------------------------------------------------------------------
1438 | Description : The function lcp_rcj() analyze the given
1439 | Configure Reject packet, marks some values as rejected and
1440 | returns FORWARD_RCJ
1441 | The packet pointer points to an appropriate response packet.
1442 |
1443 | Parameters : ptr_packet - pointer to a Configure Reject packet
1444 | forward - returns result of analysis
1445 |
1446 +------------------------------------------------------------------------------
1447 */
1448 GLOBAL void lcp_rcj (T_desc2** ptr_packet, UBYTE* forward)
1449 {
1450 T_desc2* packet;
1451 USHORT packet_len;
1452 UBYTE type_len;
1453 USHORT pos;
1454
1455 TRACE_FUNCTION( "lcp_rcj" );
1456
1457 /*
1458 * check for correct length field
1459 */
1460 packet=*ptr_packet;
1461 packet_len=packet->buffer[2];/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1462 packet_len=packet_len << 8;
1463 packet_len+=packet->buffer[3];/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1464 if((packet_len > packet->len) || (packet_len < 4))
1465 {
1466 *forward=FORWARD_DISCARD;
1467 return;
1468 }
1469
1470 if((ppp_data->lcp.scr EQ FALSE) ||
1471 (packet->buffer[1] NEQ ppp_data->lcp.nscri))/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1472 {
1473 /*
1474 * invalid packet
1475 */
1476 *forward=FORWARD_DISCARD;
1477 return;
1478 }
1479 /*
1480 * check consistence of length of packet and length of configuration options
1481 */
1482 pos=5;
1483 while(pos < packet_len)
1484 {
1485 if(packet->buffer[pos] < 2)
1486 {
1487 *forward=FORWARD_DISCARD;
1488 return;
1489 }
1490 pos += packet->buffer[pos];
1491 }
1492 if((pos - 1) NEQ packet_len)
1493 {
1494 *forward=FORWARD_DISCARD;
1495 return;
1496 }
1497 /*
1498 * analyze configuration options
1499 */
1500 pos=4;
1501 while(pos < packet_len)
1502 {
1503 type_len=packet->buffer[pos + 1];/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
1504 switch(packet->buffer[pos])/*lint !e661 !e662 (Warning -- Possible access/creation of out-of-bounds pointer) */
1505 {
1506 /*
1507 * yet supported configuration options
1508 */
1509 case TYPE_MRU:
1510 ppp_data->lcp.s_rejected |= (1UL << TYPE_MRU);
1511 break;
1512 case TYPE_ACCM:
1513 ppp_data->lcp.s_rejected |= (1UL << TYPE_ACCM);
1514 break;
1515 case TYPE_PFC:
1516 ppp_data->lcp.s_rejected |= (1UL << TYPE_PFC);
1517 break;
1518 case TYPE_ACFC:
1519 ppp_data->lcp.s_rejected |= (1UL << TYPE_ACFC);
1520 break;
1521 case TYPE_AP:
1522 if(ppp_data->lcp.n_ap EQ PPP_AP_CHAP)
1523 {
1524 TRACE_EVENT("LCP: CHAP rejected by client");
1525 }
1526 else if(ppp_data->lcp.n_ap EQ PPP_AP_PAP)
1527 {
1528 TRACE_EVENT("LCP: PAP rejected by client");
1529 }
1530 if((ppp_data->lcp.req_ap EQ PPP_AP_AUTO) &&
1531 (ppp_data->mode EQ PPP_SERVER))
1532 {
1533 ppp_data->lcp.s_rejected |= (1UL << TYPE_AP);
1534 }
1535 break;
1536 }
1537 pos+=type_len;
1538 }
1539 /*
1540 * free this packet and create a new with changed configuration options
1541 */
1542 arb_discard_packet(packet);
1543 *forward=FORWARD_RCN;
1544 ppp_data->lcp.nscri++;
1545 lcp_get_scr(&packet);
1546 *ptr_packet=packet;
1547 } /* lcp_rcj() */
1548
1549
1550
1551 /*
1552 +------------------------------------------------------------------------------
1553 | Function : lcp_rtr
1554 +------------------------------------------------------------------------------
1555 | Description : The function lcp_rtr() creates a Terminate Ack packet.
1556 |
1557 | Parameters : ptr_packet - pointer to a Terminate Request packet
1558 | forward - returns result of analysis
1559 |
1560 +------------------------------------------------------------------------------
1561 */
1562 GLOBAL void lcp_rtr (T_desc2** ptr_packet, UBYTE* forward)
1563 {
1564 T_desc2* packet;
1565 USHORT packet_len;
1566
1567 TRACE_FUNCTION( "lcp_rtr" );
1568
1569 /*
1570 * check for correct length field
1571 */
1572 packet = *ptr_packet;
1573 packet_len = packet->buffer[2];/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1574 packet_len = packet_len << 8;
1575 packet_len+= packet->buffer[3];/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1576 if((packet_len < 4) || (packet_len > packet->len))
1577 {
1578 *forward=FORWARD_DISCARD;
1579 return;
1580 }
1581
1582 /*
1583 * change code field
1584 */
1585 packet->buffer[0]=CODE_TERM_ACK;
1586
1587 *forward=FORWARD_RTR;
1588 } /* lcp_rtr() */
1589
1590
1591
1592 /*
1593 +------------------------------------------------------------------------------
1594 | Function : lcp_rta
1595 +------------------------------------------------------------------------------
1596 | Description : The function lcp_rta() checks whether the given
1597 | Terminate Ack packet is valid and if so it returns
1598 | FORWARD_RTA
1599 |
1600 | Parameters : packet - Terminate Ack packet
1601 | forward - returns result of analysis
1602 |
1603 +------------------------------------------------------------------------------
1604 */
1605 GLOBAL void lcp_rta (T_desc2* packet, UBYTE* forward)
1606 {
1607 USHORT packet_len;
1608
1609 TRACE_FUNCTION( "lcp_rta" );
1610
1611 /*
1612 * check for correct length field
1613 */
1614 packet_len = packet->buffer[2];/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1615 packet_len = packet_len << 8;
1616 packet_len+= packet->buffer[3];/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1617 if((packet_len < 4) || (packet_len > packet->len))
1618 {
1619 *forward=FORWARD_DISCARD;
1620 return;
1621 }
1622
1623 if((ppp_data->lcp.str EQ FALSE) ||
1624 (packet->buffer[1] NEQ ppp_data->lcp.nstri))/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1625 {
1626 /*
1627 * invalid packet
1628 */
1629 *forward=FORWARD_DISCARD;
1630 return;
1631 }
1632 /*
1633 * acceptable packet
1634 */
1635 arb_discard_packet(packet);
1636 ppp_data->lcp.nstri++;
1637 *forward=FORWARD_RTA;
1638 } /* lcp_rta() */
1639
1640
1641
1642 /*
1643 +------------------------------------------------------------------------------
1644 | Function : lcp_rxj
1645 +------------------------------------------------------------------------------
1646 | Description : The function lcp_rxj() analyzes whether the given Code Reject
1647 | is acceptable. If not it returns FORWARD_RXJN
1648 |
1649 | Parameters : ptr_packet - Pointer to a Code Reject packet
1650 | forward - returns result of analysis
1651 |
1652 +------------------------------------------------------------------------------
1653 */
1654 GLOBAL void lcp_rxj (T_desc2** ptr_packet, UBYTE* forward)
1655 {
1656 USHORT packet_len;
1657 T_desc2* packet;
1658
1659 TRACE_FUNCTION( "lcp_rxj" );
1660
1661 /*
1662 * check for correct length field
1663 */
1664 packet = *ptr_packet;
1665 packet_len = packet->buffer[2];/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1666 packet_len = packet_len << 8;
1667 packet_len+= packet->buffer[3];/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1668 if((packet_len < 5) || (packet_len > packet->len))
1669 {
1670 *forward=FORWARD_DISCARD;
1671 return;
1672 }
1673
1674 switch(packet->buffer[4])/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1675 {
1676 case CODE_CONF_REQ:
1677 case CODE_CONF_REJ:
1678 case CODE_CONF_NAK:
1679 case CODE_CONF_ACK:
1680 case CODE_TERM_REQ:
1681 case CODE_TERM_ACK:
1682 case CODE_CODE_REJ:
1683 case CODE_PROT_REJ:
1684 arb_discard_packet(packet);
1685 ppp_data->lcp.nstri++;
1686 lcp_get_str(&packet);
1687 *ptr_packet=packet;
1688 *forward=FORWARD_RXJN;
1689 break;
1690 default:
1691 *forward=FORWARD_DISCARD;
1692 break;
1693 }
1694 } /* lcp_rxj() */
1695
1696
1697
1698 /*
1699 +------------------------------------------------------------------------------
1700 | Function : lcp_rpj
1701 +------------------------------------------------------------------------------
1702 | Description : The function lcp_rpj() analyzes which protocol is rejected.
1703 |
1704 | Parameters : packet - Protocol Reject packet
1705 | forward - returns result of analysis
1706 |
1707 +------------------------------------------------------------------------------
1708 */
1709 GLOBAL void lcp_rpj (T_desc2* packet, UBYTE* forward)
1710 {
1711 USHORT packet_len;
1712 USHORT rej_protocol;
1713
1714 TRACE_FUNCTION( "lcp_rpj" );
1715
1716 /*
1717 * check for correct length field
1718 */
1719 packet_len = packet->buffer[2];/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1720 packet_len = packet_len << 8;
1721 packet_len+= packet->buffer[3];/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1722 if((packet_len < 6) || (packet_len > packet->len))
1723 {
1724 *forward=FORWARD_DISCARD;
1725 return;
1726 }
1727
1728 /*
1729 * get rejected protocol
1730 */
1731 rej_protocol=packet->buffer[4];/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1732 rej_protocol=rej_protocol << 8;
1733 rej_protocol+=packet->buffer[5];/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1734
1735 /*
1736 * analyze rejected protocol
1737 */
1738 switch(rej_protocol)
1739 {
1740 case DTI_PID_LCP:
1741 arb_discard_packet(packet);
1742 *forward=FORWARD_RPJ_LCP;
1743 break;
1744 case DTI_PID_PAP:
1745 arb_discard_packet(packet);
1746 *forward=FORWARD_RPJ_PAP;
1747 break;
1748 case DTI_PID_CHAP:
1749 arb_discard_packet(packet);
1750 *forward=FORWARD_RPJ_CHAP;
1751 break;
1752 case DTI_PID_IPCP:
1753 arb_discard_packet(packet);
1754 *forward=FORWARD_RPJ_IPCP;
1755 break;
1756 case DTI_PID_IP:
1757 arb_discard_packet(packet);
1758 *forward=FORWARD_RPJ_IP;
1759 break;
1760 case DTI_PID_CTCP:
1761 arb_discard_packet(packet);
1762 *forward=FORWARD_RPJ_CTCP;
1763 break;
1764 case DTI_PID_UTCP:
1765 arb_discard_packet(packet);
1766 *forward=FORWARD_RPJ_UTCP;
1767 break;
1768 default:
1769 *forward=FORWARD_DISCARD;
1770 break;
1771 }
1772 } /* lcp_rpj() */
1773
1774
1775
1776 /*
1777 +------------------------------------------------------------------------------
1778 | Function : lcp_rer
1779 +------------------------------------------------------------------------------
1780 | Description : The function lcp_rer() creates an Echo Reply
1781 |
1782 | Parameters : ptr_packet - Echo Request packet
1783 | forward - returns result of analysis
1784 |
1785 +------------------------------------------------------------------------------
1786 */
1787 GLOBAL void lcp_rer (T_desc2** ptr_packet, UBYTE* forward)
1788 {
1789 T_desc2* packet;
1790 USHORT packet_len;
1791
1792 TRACE_FUNCTION( "lcp_rer" );
1793
1794 /*
1795 * check for correct length field
1796 */
1797 packet = *ptr_packet;
1798 packet_len = packet->buffer[2];/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1799 packet_len = packet_len << 8;
1800 packet_len+= packet->buffer[3];/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1801 if((packet_len < 8) || (packet_len > packet->len))
1802 {
1803 *forward=FORWARD_DISCARD;
1804 return;
1805 }
1806
1807 /*
1808 * insert zero for magic number because we not yet support magic number
1809 * negotiation
1810 */
1811 packet->buffer[4]=0;/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1812 packet->buffer[5]=0;/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1813 packet->buffer[6]=0;/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1814 packet->buffer[7]=0;/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1815
1816 /*
1817 * change Code field
1818 */
1819 packet->buffer[0]=CODE_ECHO_REP;
1820
1821 /*
1822 * set return value
1823 */
1824 *forward=FORWARD_RER;
1825 } /* lcp_rer() */
1826
1827
1828
1829 /*
1830 +------------------------------------------------------------------------------
1831 | Function : lcp_rep_rdr
1832 +------------------------------------------------------------------------------
1833 | Description : The function lcp_rep_rdr() just analyzes the given
1834 | Magic Number.
1835 |
1836 | Parameters : packet - Echo Reply packet
1837 | forward - returns result of analysis
1838 |
1839 +------------------------------------------------------------------------------
1840 */
1841 GLOBAL void lcp_rep_rdr (T_desc2* packet, UBYTE* forward)
1842 {
1843 TRACE_FUNCTION( "lcp_rep_rdr" );
1844
1845 *forward=FORWARD_DISCARD;
1846 } /* lcp_rep_rdr() */
1847
1848
1849
1850 /*
1851 +------------------------------------------------------------------------------
1852 | Function : lcp_ruc
1853 +------------------------------------------------------------------------------
1854 | Description : The function lcp_ruc() creates a Code Reject packet and returns
1855 | FORWARD_RUC.
1856 |
1857 | Parameters : ptr_packet - packet with unknown code
1858 | forward - returns result of analysis
1859 |
1860 +------------------------------------------------------------------------------
1861 */
1862 GLOBAL void lcp_ruc (T_desc2** ptr_packet, UBYTE* forward)
1863 {
1864 T_desc2* packet;
1865 T_desc2* temp_desc;
1866 USHORT packet_len;
1867
1868 TRACE_FUNCTION( "lcp_ruc" );
1869
1870 /*
1871 * check for correct length field
1872 */
1873 packet = *ptr_packet;
1874 packet_len = packet->buffer[2];/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1875 packet_len = packet_len << 8;
1876 packet_len+= packet->buffer[3];/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1877 if((packet_len < 4) || (packet_len > packet->len))
1878 {
1879 *forward=FORWARD_DISCARD;
1880 return;
1881 }
1882
1883 /*
1884 * create a new larger packet and copy the content
1885 * of the old packet into the new
1886 */
1887 packet_len+=4;
1888 if(packet_len > PPP_MRU_MIN)
1889 packet_len = PPP_MRU_MIN;
1890 MALLOC (temp_desc, (USHORT)(sizeof(T_desc2) - 1 + packet_len));
1891
1892 temp_desc->next = packet->next;
1893 temp_desc->len = packet_len;
1894 memcpy(&temp_desc->buffer[4], packet->buffer, packet_len - 4);/*lint !e669 !e670 !e416 (Warning -- Possible data overrun, Possible access beyond array ) */
1895 arb_discard_packet(packet);
1896 packet = temp_desc;
1897
1898 /*
1899 * fill the first bytes to create a Code Reject
1900 */
1901 packet->buffer[0] = CODE_CODE_REJ;
1902 ppp_data->lcp.nscji++;
1903 packet->buffer[1] = ppp_data->lcp.nscji;/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1904 packet->buffer[2] = (UBYTE)(packet_len >> 8);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1905 packet->buffer[3] = (UBYTE)(packet_len & 0x00ff);/*lint !e415 !e416 (Warning -- access/creation of out-of-bounds pointer) */
1906
1907 /*
1908 * set return values
1909 */
1910 *ptr_packet = packet;
1911 *forward = FORWARD_RUC;
1912
1913 } /* lcp_ruc() */