fc-selenite: src/g23m-fad/ppp/ppp

comparison src/g23m-fad/ppp/ppp_ncpf.c @ 1:d393cd9bb723

src/g23m-*: initial import from Magnetite

author	Mychaela Falconia <falcon@freecalypso.org>
date	Sun, 15 Jul 2018 04:40:46 +0000
parents
children

comparison

equal deleted inserted replaced

-:b6a5e36de839
+:d393cd9bb723
+/*
++-----------------------------------------------------------------------------
+|  Project :
+|  Modul   :
++-----------------------------------------------------------------------------
+|  Copyright 2002 Texas Instruments Berlin, AG
+|                 All rights reserved.
+|
+|                 This file is confidential and a trade secret of Texas
+|                 Instruments Berlin, AG
+|                 The receipt of or possession of this file does not convey
+|                 any rights to reproduce or disclose its contents or to
+|                 manufacture, use, or sell anything it may describe, in
+|                 whole, or in part, without the specific written consent of
+|                 Texas Instruments Berlin, AG.
++-----------------------------------------------------------------------------
+|  Purpose :  This modul is part of the entity PPP and implements all
+|             procedures and functions as described in the
+|             SDL-documentation (NCP-statemachine)
++-----------------------------------------------------------------------------
+*/
+#define ENTITY_PPP
+/*==== INCLUDES =============================================================*/
+#include "typedefs.h"   /* to get Condat data types */
+#include "vsi.h"        /* to get a lot of macros */
+#include "macdef.h"     /* to get a lot of macros */
+#include "custom.h"     /* to get a lot of macros */
+#include "gsm.h"        /* to get a lot of macros */
+#include "prim.h"       /* to get the definitions of used SAP and directions */
+#include "dti.h"        /* to get the DTILIB definitions */
+#include "ppp.h"        /* to get the global entity definitions */
+#include <string.h>     /* to get memcpy */
+#include "ppp_arbf.h"   /* to get function interface from arb */
+/*==== CONST ================================================================*/
+#define TYPE_HC                   2
+#define TYPE_IP                   3
+#define TYPE_PDNS                 129
+#define TYPE_SDNS                 131
+#define TYPE_ADJUST               125
+#define MASK_TYPE_HC              TYPE_HC
+#define MASK_TYPE_IP              TYPE_IP
+#define MASK_TYPE_PDNS            (TYPE_PDNS - TYPE_ADJUST)
+#define MASK_TYPE_SDNS            (TYPE_SDNS - TYPE_ADJUST)
+#define LENGTH_HC_VJ              6
+#define LENGTH_HC_MAX             LENGTH_HC_VJ
+#define LENGTH_IP                 6
+#define LENGTH_PDNS               6
+#define LENGTH_SDNS               6
+#define NCP_CONF_REQ_LENGTH_MAX   (4 +              \
+LENGTH_HC_MAX +  \
+LENGTH_IP +      \
+LENGTH_PDNS +    \
+LENGTH_SDNS)
+#define NCP_TERM_REQ_LENGTH       6
+#define PPP_CSID_YES              1
+/*==== LOCAL VARS ===========================================================*/
+/*==== PRIVATE FUNCTIONS ====================================================*/
+/*==== PUBLIC FUNCTIONS =====================================================*/
+/*
++------------------------------------------------------------------------------
+| Function    : ncp_init
++------------------------------------------------------------------------------
+| Description : The function ncp_init() initialize Network Control Protocol
+|
+| Parameters  : no parameters
+|
++------------------------------------------------------------------------------
+*/
+GLOBAL void ncp_init ()
+{
+TRACE_FUNCTION( "ncp_init" );
+/*
+* initialize values
+*/
+ppp_data->ncp.req_hc      = PPP_HC_DEFAULT;
+ppp_data->ncp.req_msid    = PPP_MSID_DEFAULT;
+ppp_data->ncp.req_ip      = PPP_IP_DEFAULT;
+ppp_data->ncp.req_pdns    = PPP_PDNS_DEFAULT;
+ppp_data->ncp.req_sdns    = PPP_SDNS_DEFAULT;
+ppp_data->ncp.req_gateway = PPP_GATEWAY_DEFAULT;
+ppp_data->ncp.s_hc      = PPP_HC_DEFAULT;
+ppp_data->ncp.s_msid    = PPP_MSID_DEFAULT;
+ppp_data->ncp.r_hc      = PPP_HC_DEFAULT;
+ppp_data->ncp.r_msid    = PPP_MSID_DEFAULT;
+ppp_data->ncp.n_ip      = PPP_IP_DEFAULT;
+ppp_data->ncp.n_pdns    = PPP_PDNS_DEFAULT;
+ppp_data->ncp.n_sdns    = PPP_SDNS_DEFAULT;
+ppp_data->ncp.n_gateway = PPP_GATEWAY_DEFAULT;
+ppp_data->ncp.s_rejected = 0;
+ppp_data->ncp.nscri = 0;
+ppp_data->ncp.nstri = 0;
+ppp_data->ncp.nscji = 0;
+ppp_data->ncp.scr=FALSE;
+ppp_data->ncp.str=FALSE;
+ppp_data->ncp.rcr=FALSE;
+INIT_STATE( PPP_SERVICE_NCP , NCP_STATE );
+} /* ncp_init() */
+/*
++------------------------------------------------------------------------------
+| Function    : ncp_get_values
++------------------------------------------------------------------------------
+| Description : The function ncp_get_values() returns negotiated values
+|
+| Parameters  : ptr_hc   - returns IP Header Compression
+|               ptr_msid - returns max slot identifier
+|               ptr_ip   - returns IP address
+|               ptr_pdns - returns primary DNS server address
+|               ptr_pdns - returns secondary DNS server address
+|
++------------------------------------------------------------------------------
+*/
+GLOBAL void ncp_get_values (UBYTE* ptr_hc, UBYTE* ptr_msid, ULONG* ptr_ip,
+ULONG* ptr_pdns, ULONG* ptr_sdns)
+{
+TRACE_FUNCTION( "ncp_get_values" );
+*ptr_hc   = ppp_data->ncp.r_hc;
+if(ppp_data->ncp.r_msid < ppp_data->ncp.s_msid)
+*ptr_msid = ppp_data->ncp.r_msid;
+else
+*ptr_msid = ppp_data->ncp.s_msid;
+*ptr_ip   = ppp_data->ncp.n_ip;
+*ptr_pdns = ppp_data->ncp.n_pdns;
+*ptr_sdns = ppp_data->ncp.n_sdns;
+} /* ncp_get_values() */
+/*
++------------------------------------------------------------------------------
+| Function    : ncp_get_scr
++------------------------------------------------------------------------------
+| Description : The function ncp_get_scr() creates a NCP Configure Request
+|               packet.
+|
+| Parameters  : ptr_packet - returns the Configure Request packet
+|                            THE MEMORY FOR THE PACKET WILL ALLOCATED BY
+|                            THIS FUNCTION
+|
++------------------------------------------------------------------------------
+*/
+GLOBAL void ncp_get_scr (T_desc2** ptr_packet)
+{
+T_desc2* ret_desc;
+USHORT   len_pos;
+USHORT   pos;
+TRACE_FUNCTION( "ncp_get_scr" );
+/*
+* Allocate the necessary size for the data descriptor. The size is
+* calculated as follows:
+* - take the size of a descriptor structure
+* - subtract one because of the array buffer[1] to get the size of
+*   descriptor control information
+* - add number of octets of descriptor data
+*/
+MALLOC (ret_desc, (USHORT)(sizeof(T_desc2) - 1 + NCP_CONF_REQ_LENGTH_MAX));
+/*
+* fill the packet
+*/
+ret_desc->next=(ULONG)NULL;
+pos=0;
+/*
+* Code field
+*/
+ret_desc->buffer[pos]=CODE_CONF_REQ;
+pos++;
+/*
+* Identifier field
+*/
+ret_desc->buffer[pos]=ppp_data->ncp.nscri;/*lint !e415 access of out-of-bounds pointer */
+pos++;
+/*
+* Length field (store the position)
+*/
+len_pos=pos;
+pos++;
+pos++;
+/*
+* Header Compression Protocol (only server mode)
+*/
+if(((ppp_data->ncp.s_rejected & (1UL << MASK_TYPE_HC)) EQ 0) &&
+(ppp_data->ncp.s_hc NEQ PPP_HC_DEFAULT))
+{
+if(ppp_data->ncp.s_hc EQ PPP_HC_VJ)
+{
+ret_desc->buffer[pos] = TYPE_HC;/*lint !e415 !e416 access of out-of-bounds pointer */
+pos++;
+ret_desc->buffer[pos] = LENGTH_HC_VJ;/*lint !e415 !e416 access of out-of-bounds pointer */
+pos++;
+ret_desc->buffer[pos] = PROTOCOL_VJ_MSB;/*lint !e415 !e416 access of out-of-bounds pointer */
+pos++;
+ret_desc->buffer[pos] = PROTOCOL_VJ_LSB;/*lint !e415 !e416 access of out-of-bounds pointer */
+pos++;
+ret_desc->buffer[pos] = ppp_data->ncp.s_msid;/*lint !e415 !e416 access of out-of-bounds pointer */
+pos++;
+ret_desc->buffer[pos] = PPP_CSID_YES;/*lint !e415 !e416 access of out-of-bounds pointer */
+pos++;
+}
+/*
+* include additional header compression protocols
+*/
+}
+/*
+* IP Address (only client mode)
+*/
+if(((ppp_data->ncp.s_rejected & (1UL << MASK_TYPE_IP)) EQ 0) &&
+(ppp_data->mode EQ PPP_CLIENT))
+{
+ret_desc->buffer[pos]=TYPE_IP;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pos++;
+ret_desc->buffer[pos]=LENGTH_IP;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pos++;
+ret_desc->buffer[pos]=(UBYTE)(ppp_data->ncp.n_ip >> 24);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pos++;
+ret_desc->buffer[pos]=(UBYTE)((ppp_data->ncp.n_ip >> 16) & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pos++;
+ret_desc->buffer[pos]=(UBYTE)((ppp_data->ncp.n_ip >>  8) & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pos++;
+ret_desc->buffer[pos]=(UBYTE)(ppp_data->ncp.n_ip & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pos++;
+}
+/*
+* Gateway Address (only server mode)
+*/
+if(((ppp_data->ncp.s_rejected & (1UL << MASK_TYPE_IP)) EQ 0) &&
+(ppp_data->mode EQ PPP_SERVER)                            &&
+(ppp_data->ncp.n_gateway NEQ PPP_GATEWAY_DEFAULT))
+{
+ret_desc->buffer[pos]=TYPE_IP;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pos++;
+ret_desc->buffer[pos]=LENGTH_IP;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pos++;
+ret_desc->buffer[pos]=(UBYTE)(ppp_data->ncp.n_gateway >> 24);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pos++;
+ret_desc->buffer[pos]=(UBYTE)((ppp_data->ncp.n_gateway >> 16) & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pos++;
+ret_desc->buffer[pos]=(UBYTE)((ppp_data->ncp.n_gateway >>  8) & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pos++;
+ret_desc->buffer[pos]=(UBYTE)(ppp_data->ncp.n_gateway & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pos++;
+}
+/*
+* Primary DNS address (only client mode)
+*/
+if(((ppp_data->ncp.s_rejected & (1UL << MASK_TYPE_PDNS)) EQ 0) &&
+(ppp_data->mode EQ PPP_CLIENT))
+{
+ret_desc->buffer[pos]=TYPE_PDNS;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pos++;
+ret_desc->buffer[pos]=LENGTH_PDNS;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pos++;
+ret_desc->buffer[pos]=(UBYTE)(ppp_data->ncp.n_pdns >> 24);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pos++;
+ret_desc->buffer[pos]=(UBYTE)((ppp_data->ncp.n_pdns >> 16) & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pos++;
+ret_desc->buffer[pos]=(UBYTE)((ppp_data->ncp.n_pdns >>  8) & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pos++;
+ret_desc->buffer[pos]=(UBYTE)(ppp_data->ncp.n_pdns & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pos++;
+}
+/*
+* Secondary DNS address (only client mode)
+*/
+if(((ppp_data->ncp.s_rejected & (1UL << MASK_TYPE_SDNS)) EQ 0) &&
+(ppp_data->mode EQ PPP_CLIENT))
+{
+ret_desc->buffer[pos]=TYPE_SDNS;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pos++;
+ret_desc->buffer[pos]=LENGTH_SDNS;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pos++;
+ret_desc->buffer[pos]=(UBYTE)(ppp_data->ncp.n_sdns >> 24);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pos++;
+ret_desc->buffer[pos]=(UBYTE)((ppp_data->ncp.n_sdns >> 16) & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pos++;
+ret_desc->buffer[pos]=(UBYTE)((ppp_data->ncp.n_sdns >>  8) & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pos++;
+ret_desc->buffer[pos]=(UBYTE)(ppp_data->ncp.n_sdns & 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pos++;
+}
+/*
+* insert packet length
+*/
+ret_desc->len=pos;
+ret_desc->buffer[len_pos]=(UBYTE)(pos >> 8);/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+len_pos++;
+ret_desc->buffer[len_pos]=(UBYTE)(pos & 0x00ff);/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+/*
+* return the created packet
+*/
+ppp_data->ncp.scr=TRUE;
+*ptr_packet=ret_desc;
+} /* ncp_get_scr() */
+/*
++------------------------------------------------------------------------------
+| Function    : ncp_get_str
++------------------------------------------------------------------------------
+| Description : The function ncp_get_str() creates a NCP Terminate Request
+|               packet.
+|
+| Parameters  : ptr_packet - returns the Terminate Request packet
+|                            THE MEMORY FOR THE PACKET WILL ALLOCATED BY
+|                            THIS FUNCTION
+|
++------------------------------------------------------------------------------
+*/
+GLOBAL void ncp_get_str (T_desc2** ptr_packet)
+{
+T_desc2* ret_desc;
+USHORT   pos;
+TRACE_FUNCTION( "ncp_get_str" );
+/*
+* Allocate the necessary size for the data descriptor. The size is
+* calculated as follows:
+* - take the size of a descriptor structure
+* - subtract one because of the array buffer[1] to get the size of
+*   descriptor control information
+* - add number of octets of descriptor data
+*/
+MALLOC (ret_desc, (USHORT)(sizeof(T_desc2) - 1 + NCP_TERM_REQ_LENGTH));
+/*
+* fill the packet
+*/
+ret_desc->next = (ULONG)NULL;
+ret_desc->len  = NCP_TERM_REQ_LENGTH;
+pos            = 0;
+/*
+* Code field
+*/
+ret_desc->buffer[pos] = CODE_TERM_REQ;
+pos++;
+/*
+* Identifier field
+*/
+ret_desc->buffer[pos] = ppp_data->ncp.nstri;/*lint !e415 access of out-of-bounds pointer */
+pos++;
+/*
+* Length field
+*/
+ret_desc->buffer[pos] = 0;/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+pos++;
+ret_desc->buffer[pos] = NCP_TERM_REQ_LENGTH;/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+pos++;
+/*
+* Data field contains the error code
+*/
+ret_desc->buffer[pos] = (U8)((ppp_data->ppp_cause >> 8) & 0x00ff);/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+pos++;
+ret_desc->buffer[pos] = (U8)((ppp_data->ppp_cause)      & 0x00ff);/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+pos++;
+/*
+* return the created packet
+*/
+ppp_data->ncp.str = TRUE;
+*ptr_packet       = ret_desc;
+} /* ncp_get_str() */
+/*
++------------------------------------------------------------------------------
+| Function    : ncp_analyze_first_ipcp
++------------------------------------------------------------------------------
+| Description : The function ncp_analyze_first_ipcp() determine whether the
+|               given packet is a Configure Request packet. If so the function
+|               analyzes the packet, sets some values in the data structure and
+|               returns the values for header comression.
+|
+| Parameters  : packet     - received packet
+|               ptr_result - returns the result of the analysis
+|               ptr_hc     - returns requested header compression
+|               ptr_msid   - returns requested max slot identifier
+|
++------------------------------------------------------------------------------
+*/
+GLOBAL void ncp_analyze_first_ipcp(T_desc2* packet,
+UBYTE*   ptr_result,
+UBYTE*   ptr_hc,
+UBYTE*   ptr_msid)
+{
+USHORT  packet_len;
+UBYTE   type_len;
+USHORT  pos;
+USHORT  analyzed;
+USHORT  protocol_hc;
+ULONG   ip;
+ULONG   pdns;
+ULONG   sdns;
+TRACE_FUNCTION( "ncp_analyze_first_ipcp" );
+/*
+* check whether it is a Configure Request packet and
+* for correct length field
+*/
+packet_len = packet->buffer[2];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+packet_len <<= 8;
+packet_len+= packet->buffer[3];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+if((packet->buffer[0] NEQ CODE_CONF_REQ) ||
+(packet_len > packet->len) ||
+(packet_len < 4))
+{
+*ptr_result = FALSE;
+return;
+}
+/*
+* check consistence of length of packet and length of configuration options
+*/
+pos=5;
+while(pos < packet_len)
+{
+if(packet->buffer[pos] < 2)/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+{
+*ptr_result = FALSE;
+return;
+}
+pos+= packet->buffer[pos];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+}
+if((pos - 1) NEQ packet_len)
+{
+*ptr_result = FALSE;
+return;
+}
+/*
+* analyze configuration options
+*/
+ppp_data->ncp.r_hc   = PPP_HC_DEFAULT;
+ppp_data->ncp.r_msid = PPP_MSID_DEFAULT;
+ppp_data->ncp.n_ip   = PPP_IP_DEFAULT;
+ppp_data->ncp.n_pdns = PPP_PDNS_DEFAULT;
+ppp_data->ncp.n_sdns = PPP_SDNS_DEFAULT;
+pos=4;
+/*
+* analyzed is a bit field and marks all already analyzed
+* configuration options in order to reject all configuration options
+* which are listed more than once
+*/
+analyzed=0;
+while(pos < packet_len)
+{
+type_len=packet->buffer[pos + 1];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+switch(packet->buffer[pos])/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+{
+/*
+* yet supported configuration options
+*/
+case TYPE_HC: /* Header Compression */
+protocol_hc = packet->buffer[pos + 2];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+protocol_hc <<= 8;
+protocol_hc+= packet->buffer[pos + 3];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+if((analyzed & (1UL << MASK_TYPE_HC)) EQ 0)
+{
+analyzed|= (1UL << MASK_TYPE_HC);
+/*
+* max slot identifier should be between 3 and 254
+* comp slot identifier may be compressed
+*/
+if((protocol_hc EQ DTI_PID_CTCP) &&
+(packet->buffer[pos + 4] >= 3) &&
+(packet->buffer[pos + 5] EQ PPP_CSID_YES))/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+{
+ppp_data->ncp.r_hc   = PPP_HC_VJ;
+ppp_data->ncp.r_msid = packet->buffer[pos + 4];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+if(ppp_data->ncp.r_msid > 254)
+ppp_data->ncp.r_msid = 254;
+}
+}
+break;
+case TYPE_IP:
+ip = packet->buffer[pos + 2];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+ip = (ip << 8);
+ip+= packet->buffer[pos + 3];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+ip = (ip << 8);
+ip+= packet->buffer[pos + 4];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+ip = (ip << 8);
+ip+= packet->buffer[pos + 5];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+if((analyzed & (1UL << MASK_TYPE_IP)) EQ 0)
+{
+analyzed|=(1UL << MASK_TYPE_IP);
+ppp_data->ncp.n_ip = ip;
+}
+break;
+case TYPE_PDNS:
+pdns = packet->buffer[pos + 2];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pdns = (pdns << 8);
+pdns+= packet->buffer[pos + 3];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pdns = (pdns << 8);
+pdns+= packet->buffer[pos + 4];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pdns = (pdns << 8);
+pdns+= packet->buffer[pos + 5];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+if((analyzed & (1UL << MASK_TYPE_PDNS)) EQ 0)
+{
+analyzed|=(1UL << MASK_TYPE_PDNS);
+ppp_data->ncp.n_pdns = pdns;
+}
+break;
+case TYPE_SDNS:
+sdns = packet->buffer[pos + 2];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+sdns = (sdns << 8);
+sdns+= packet->buffer[pos + 3];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+sdns = (sdns << 8);
+sdns+= packet->buffer[pos + 4];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+sdns = (sdns << 8);
+sdns+= packet->buffer[pos + 5];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+if((analyzed & (1UL << MASK_TYPE_SDNS)) EQ 0)
+{
+analyzed|=(1UL << MASK_TYPE_SDNS);
+ppp_data->ncp.n_sdns = sdns;
+}
+break;
+default:
+/*
+* not supported configuration options are not analysed
+*/
+break;
+}
+pos+= type_len;
+}
+/*
+* all configuration options analyzed
+*/
+*ptr_hc     = ppp_data->ncp.r_hc;
+*ptr_msid   = ppp_data->ncp.r_msid;
+*ptr_result = TRUE;
+} /* ncp_analyze_first_ipcp() */
+/*
++------------------------------------------------------------------------------
+| Function    : ncp_fill_out_packet
++------------------------------------------------------------------------------
+| Description : The function ncp_fill_out_packet() puts a IPCP packet into
+|               the protocol configuration list
+|
+| Parameters  : pco_buf - pco list buffer
+|               ptr_pos - position where to write the IPCP packet, this value
+|                         must get back to the calling funtion
+|
++------------------------------------------------------------------------------
+*/
+GLOBAL void ncp_fill_out_packet (UBYTE pco_buf[], USHORT* ptr_pos)
+{
+USHORT  pos;
+USHORT  len_pos1, len_pos2;
+TRACE_FUNCTION( "ncp_fill_out_packet" );
+if((ppp_data->pco_mask & PPP_PCO_MASK_IPCP_HC)   ||
+(ppp_data->pco_mask & PPP_PCO_MASK_IPCP_IP)   ||
+(ppp_data->pco_mask & PPP_PCO_MASK_IPCP_PDNS) ||
+(ppp_data->pco_mask & PPP_PCO_MASK_IPCP_SDNS))
+{
+pos=*ptr_pos;
+/*
+* create the Configure-Request packet
+*/
+/*
+* Protocol ID
+*/
+pco_buf[pos] = PROTOCOL_IPCP_MSB;
+pos++;
+pco_buf[pos] = PROTOCOL_IPCP_LSB;
+pos++;
+/*
+* Length of Protocol contents (store the position)
+*/
+len_pos1 = pos;
+pos++;
+/*
+* Code field
+*/
+pco_buf[pos] = CODE_CONF_REQ;
+pos++;
+/*
+* Identifier field (some value)
+*/
+pco_buf[pos] = 1;
+pos++;
+/*
+* Length field (store the position)
+*/
+len_pos2 = pos;
+pos++;
+pos++;
+if(ppp_data->pco_mask & PPP_PCO_MASK_IPCP_HC)
+{
+/*
+* Header Compression
+*/
+if(ppp_data->ncp.r_hc EQ PPP_HC_VJ)
+{
+pco_buf[pos] = TYPE_HC;
+pos++;
+pco_buf[pos] = LENGTH_HC_VJ;
+pos++;
+pco_buf[pos] = PROTOCOL_VJ_MSB;
+pos++;
+pco_buf[pos] = PROTOCOL_VJ_LSB;
+pos++;
+pco_buf[pos] = ppp_data->ncp.r_msid;
+pos++;
+pco_buf[pos] = PPP_CSID_YES;
+pos++;
+}
+}
+if(ppp_data->pco_mask & PPP_PCO_MASK_IPCP_IP)
+{
+/*
+* IP Address
+*/
+pco_buf[pos] = TYPE_IP;
+pos++;
+pco_buf[pos] = LENGTH_IP;
+pos++;
+pco_buf[pos] = (UBYTE)(ppp_data->ncp.n_ip >> 24);
+pos++;
+pco_buf[pos] = (UBYTE)((ppp_data->ncp.n_ip >> 16) & 0x000000ff);
+pos++;
+pco_buf[pos] = (UBYTE)((ppp_data->ncp.n_ip >> 8) & 0x000000ff);
+pos++;
+pco_buf[pos] = (UBYTE)(ppp_data->ncp.n_ip & 0x000000ff);
+pos++;
+}
+if(ppp_data->pco_mask & PPP_PCO_MASK_IPCP_PDNS)
+{
+/*
+* primary DNS Address
+*/
+pco_buf[pos] = TYPE_PDNS;
+pos++;
+pco_buf[pos] = LENGTH_PDNS;
+pos++;
+pco_buf[pos] = (UBYTE)(ppp_data->ncp.n_pdns >> 24);
+pos++;
+pco_buf[pos] = (UBYTE)((ppp_data->ncp.n_pdns >> 16) & 0x000000ff);
+pos++;
+pco_buf[pos] = (UBYTE)((ppp_data->ncp.n_pdns >> 8) & 0x000000ff);
+pos++;
+pco_buf[pos] = (UBYTE)(ppp_data->ncp.n_pdns & 0x000000ff);
+pos++;
+}
+if(ppp_data->pco_mask & PPP_PCO_MASK_IPCP_SDNS)
+{
+/*
+* secondary DNS Address
+*/
+pco_buf[pos] = TYPE_SDNS;
+pos++;
+pco_buf[pos] = LENGTH_SDNS;
+pos++;
+pco_buf[pos] = (UBYTE)(ppp_data->ncp.n_sdns >> 24);
+pos++;
+pco_buf[pos] = (UBYTE)((ppp_data->ncp.n_sdns >> 16) & 0x000000ff);
+pos++;
+pco_buf[pos] = (UBYTE)((ppp_data->ncp.n_sdns >> 8) & 0x000000ff);
+pos++;
+pco_buf[pos] = (UBYTE)(ppp_data->ncp.n_sdns & 0x000000ff);
+pos++;
+}
+/*
+* insert packet length
+*/
+pco_buf[len_pos2] = 0;
+len_pos2++;
+pco_buf[len_pos2] = (UBYTE)(pos - len_pos2 + 3);
+/*
+* insert Length of Protocol Contents
+*/
+pco_buf[len_pos1] = pco_buf[len_pos2];
+/*
+* return new position
+*/
+*ptr_pos=pos;
+}
+if(ppp_data->pco_mask & PPP_PCO_MASK_IPCP_GATEWAY)
+{
+pos=*ptr_pos;
+/*
+* create the Configure-NAK packet
+*/
+/*
+* Protocol ID
+*/
+pco_buf[pos] = PROTOCOL_IPCP_MSB;
+pos++;
+pco_buf[pos] = PROTOCOL_IPCP_LSB;
+pos++;
+/*
+* Length of Protocol contents (store the position)
+*/
+len_pos1 = pos;
+pos++;
+/*
+* Code field
+*/
+pco_buf[pos] = CODE_CONF_NAK;
+pos++;
+/*
+* Identifier field (some value)
+*/
+pco_buf[pos] = 1;
+pos++;
+/*
+* Length field (store the position)
+*/
+len_pos2 = pos;
+pos++;
+pos++;
+/*
+* dynamic Gateway Address
+*/
+pco_buf[pos] = TYPE_IP;
+pos++;
+pco_buf[pos] = LENGTH_IP;
+pos++;
+pco_buf[pos] = 0;
+pos++;
+pco_buf[pos] = 0;
+pos++;
+pco_buf[pos] = 0;
+pos++;
+pco_buf[pos] = 0;
+pos++;
+/*
+* insert packet length
+*/
+pco_buf[len_pos2] = 0;
+len_pos2++;
+pco_buf[len_pos2] = (UBYTE)(pos - len_pos2 + 3);
+/*
+* insert Length of Protocol Contents
+*/
+pco_buf[len_pos1] = pco_buf[len_pos2];
+/*
+* return new position
+*/
+*ptr_pos=pos;
+}
+} /* ncp_fill_out_packet() */
+/*
++------------------------------------------------------------------------------
+| Function    : ncp_analyze_pco
++------------------------------------------------------------------------------
+| Description : The function ncp_analyze_pco() analyzes the return packet from
+|               PDP activation and determines the primary and secondary DNS
+|               address and the Gateway address.
+|
+| Parameters  : pco_buf     - pointer to the protocol configuration options
+|               pos         - position where the IPCP packet starts
+|               ptr_dns1    - returns primary DNS address
+|               ptr_dns2    - returns secondary DNS address
+|               ptr_gateway - returns Gateway address
+|
++------------------------------------------------------------------------------
+*/
+GLOBAL void ncp_analyze_pco (UBYTE pco_buf[],
+USHORT pos,
+ULONG* ptr_dns1,
+ULONG* ptr_dns2,
+ULONG* ptr_gateway)
+{
+USHORT  packet_len;
+USHORT  start_pos;
+UBYTE   type_len;
+USHORT  analyzed;
+ULONG   pdns;
+ULONG   sdns;
+ULONG   gateway;
+TRACE_FUNCTION( "ncp_analyze_pco" );
+/*
+* check for correct length field
+*/
+pos+= 2;
+packet_len = pco_buf[pos + 3];
+packet_len <<= 8;
+packet_len+= pco_buf[pos + 4];
+if(packet_len NEQ pco_buf[pos])
+return;
+pos++;
+/*
+* check of code field
+*/
+if((pco_buf[pos] NEQ CODE_CONF_REQ) &&
+(pco_buf[pos] NEQ CODE_CONF_NAK) &&
+(pco_buf[pos] NEQ CODE_CONF_ACK))
+return;
+/*
+* analyze configuration options
+*/
+start_pos = pos;
+pos+= 4;
+/*
+* analyzed is a bit field and marks all already analyzed
+* configuration options in order to determine configuration options
+* which are listed more than once
+*/
+analyzed=0;
+while((pos - start_pos) < packet_len)
+{
+type_len=pco_buf[pos + 1];
+switch(pco_buf[pos])
+{
+/*
+* search for IP configuration option
+*/
+case TYPE_IP:
+gateway = pco_buf[pos + 2];
+gateway = (gateway << 8);
+gateway+= pco_buf[pos + 3];
+gateway = (gateway << 8);
+gateway+= pco_buf[pos + 4];
+gateway = (gateway << 8);
+gateway+= pco_buf[pos + 5];
+if(((analyzed & (1UL << MASK_TYPE_IP)) EQ 0) &&
+(*ptr_gateway EQ PPP_GATEWAY_DEFAULT)     &&
+(pco_buf[start_pos] EQ CODE_CONF_REQ))
+{
+analyzed|=(1UL << MASK_TYPE_IP);
+*ptr_gateway = gateway;
+}
+break;
+/*
+* search for DNS configuration options
+*/
+case TYPE_PDNS:
+pdns = pco_buf[pos + 2];
+pdns = (pdns << 8);
+pdns+= pco_buf[pos + 3];
+pdns = (pdns << 8);
+pdns+= pco_buf[pos + 4];
+pdns = (pdns << 8);
+pdns+= pco_buf[pos + 5];
+if(((analyzed & (1UL << MASK_TYPE_PDNS)) EQ 0) &&
+(*ptr_dns1 EQ PPP_PDNS_DEFAULT)             &&
+((pco_buf[start_pos] EQ CODE_CONF_NAK) ||
+(pco_buf[start_pos] EQ CODE_CONF_ACK)))
+{
+analyzed|=(1UL << MASK_TYPE_PDNS);
+*ptr_dns1 = pdns;
+}
+break;
+case TYPE_SDNS:
+sdns = pco_buf[pos + 2];
+sdns = (sdns << 8);
+sdns+= pco_buf[pos + 3];
+sdns = (sdns << 8);
+sdns+= pco_buf[pos + 4];
+sdns = (sdns << 8);
+sdns+= pco_buf[pos + 5];
+if(((analyzed & (1UL << MASK_TYPE_SDNS)) EQ 0) &&
+(*ptr_dns2 EQ PPP_SDNS_DEFAULT)             &&
+((pco_buf[start_pos] EQ CODE_CONF_NAK) ||
+(pco_buf[start_pos] EQ CODE_CONF_ACK)))
+{
+analyzed|=(1UL << MASK_TYPE_SDNS);
+*ptr_dns2 = sdns;
+}
+break;
+default:
+/*
+* other configuration options are not analysed
+*/
+break;
+}
+pos+= type_len;
+}
+} /* ncp_analyze_pco() */
+/*
++------------------------------------------------------------------------------
+| Function    : ncp_rcr
++------------------------------------------------------------------------------
+| Description : The function ncp_rcr() analyzes the given
+|               Configure Request packet and returns either FORWARD_RCRP or
+|               FORWARD_RCRN depend on the result of the analysis.
+|               The packet pointer points to an appropriate response packet.
+|
+| Parameters  : ptr_packet  - pointer to a Configure Request packet
+|               forward     - returns result of analysis
+|
++------------------------------------------------------------------------------
+*/
+GLOBAL void ncp_rcr (T_desc2** ptr_packet, UBYTE* isnew, UBYTE* forward)
+{
+T_desc2* packet;
+USHORT   packet_len;
+UBYTE    type_len;
+USHORT   pos;
+USHORT   copy_pos;
+USHORT   analyzed;
+UBYTE    code_ret;
+UBYTE    error_found;
+USHORT   protocol_hc;
+UBYTE    csid;
+ULONG    ip;
+ULONG    pdns;
+ULONG    sdns;
+TRACE_FUNCTION( "ncp_rcr" );
+/*
+* check for correct length field
+*/
+packet = *ptr_packet;
+packet_len = packet->buffer[2];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+packet_len <<= 8;
+packet_len+= packet->buffer[3];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+if((packet_len > packet->len) || (packet_len < 4))
+{
+*forward=FORWARD_DISCARD;
+return;
+}
+/*
+* check consistence of length of packet and length of configuration options
+*/
+pos=5;
+while(pos < packet_len)
+{
+if(packet->buffer[pos] < 2)/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+{
+*forward=FORWARD_DISCARD;
+return;
+}
+pos += packet->buffer[pos];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+}
+if((pos - 1) NEQ packet_len)
+{
+*forward=FORWARD_DISCARD;
+return;
+}
+/*
+* check whether it is a new identifier
+*/
+*isnew=TRUE;
+if((ppp_data->ncp.rcr) && (ppp_data->ncp.lrcri EQ packet->buffer[1]))/*lint !e415 access of out-of-bounds pointer */
+*isnew=FALSE;
+ppp_data->ncp.lrcri=packet->buffer[1];/*lint !e415 access of out-of-bounds pointer */
+ppp_data->ncp.rcr=TRUE;
+/*
+* analyze configuration options
+*/
+ppp_data->ncp.r_hc   = PPP_HC_DEFAULT;
+ppp_data->ncp.r_msid = PPP_MSID_DEFAULT;
+csid                 = 0;
+if(ppp_data->mode EQ PPP_SERVER)
+{
+ppp_data->ncp.n_ip   = PPP_IP_DEFAULT;
+ppp_data->ncp.n_pdns = PPP_PDNS_DEFAULT;
+ppp_data->ncp.n_sdns = PPP_SDNS_DEFAULT;
+}
+pos=4;
+/*
+* position where NAKed or Rejected configuration options are copied to
+*/
+copy_pos=4;
+/*
+* code_ret contains actually the status of analysis
+* states are CODE_CONF_ACK, CODE_CONF_NAK and CODE_CONF_REJ
+* this state are also values for the Code-field in the return packet
+*/
+code_ret=CODE_CONF_ACK;
+/*
+* analyzed is a bit field and marks all already analyzed
+* configuration options in order to reject all configuration options
+* which are listed more than once
+*/
+analyzed=0;
+while(pos < packet_len)
+{
+type_len=packet->buffer[pos + 1];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+switch(packet->buffer[pos])/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+{
+/*
+* yet supported configuration options
+*/
+case TYPE_HC: /* Header Compression */
+protocol_hc = packet->buffer[pos + 2];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+protocol_hc <<= 8;
+protocol_hc+= packet->buffer[pos + 3];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+if(protocol_hc EQ DTI_PID_CTCP)
+{
+ppp_data->ncp.r_hc   = PPP_HC_VJ;
+ppp_data->ncp.r_msid = packet->buffer[pos + 4];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+csid                 = packet->buffer[pos + 5];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+}
+switch(code_ret)
+{
+case CODE_CONF_ACK:
+if(((analyzed & (1UL << MASK_TYPE_HC)) EQ 0) &&
+(ppp_data->ncp.r_hc EQ ppp_data->ncp.req_hc))
+{
+if((ppp_data->ncp.r_hc EQ PPP_HC_VJ) &&
+(type_len EQ LENGTH_HC_VJ))
+{
+if((ppp_data->mode EQ PPP_SERVER) &&
+(ppp_data->ncp.r_msid >= ppp_data->ncp.s_msid) &&
+(csid EQ PPP_CSID_YES) &&
+(ppp_data->ncp.s_hc EQ PPP_HC_VJ))
+{
+analyzed|=(1UL << MASK_TYPE_HC);
+pos+= LENGTH_HC_VJ;
+break;
+}
+/*
+* include here negotiation in client mode
+*/
+}
+/*
+* include here additional header compression protocols
+*/
+}
+code_ret=CODE_CONF_NAK;
+/* fall through */
+case CODE_CONF_NAK:
+/*
+* this configuration option will NAKed only if the compression
+* protocol is not Van Jacobson Header Compression
+*/
+if(((analyzed & (1UL << MASK_TYPE_HC)) EQ 0) &&
+(ppp_data->ncp.req_hc NEQ PPP_HC_DEFAULT) &&
+(ppp_data->ncp.s_hc EQ PPP_HC_VJ) &&
+((protocol_hc NEQ DTI_PID_CTCP) ||
+(type_len NEQ LENGTH_HC_VJ) ||
+((ppp_data->ncp.r_msid >= ppp_data->ncp.s_msid) &&
+(csid EQ PPP_CSID_YES))))
+{
+analyzed|= (1UL << MASK_TYPE_HC);
+error_found = FALSE;
+/*
+* this implementation is only for server mode
+*/
+if(type_len < LENGTH_HC_VJ)
+{
+T_desc2* temp_desc;
+/*
+* create a new larger packet and copy the content
+* of the old packet into the new
+*/
+MALLOC (temp_desc, (USHORT)(sizeof(T_desc2) - 1
++ packet_len
++ LENGTH_HC_VJ
+- type_len));
+temp_desc->next = packet->next;
+temp_desc->len  = packet_len + LENGTH_HC_VJ - type_len;
+memcpy(temp_desc->buffer, packet->buffer, pos);/*lint !e669 !e670 possible data overrun*/
+memcpy(&temp_desc->buffer[pos + LENGTH_HC_VJ - type_len],
+&packet->buffer[pos],
+packet_len - pos);/*lint !e662 !e669 !e670 possible creation of out-of-bounds pointer*/
+arb_discard_packet(packet);
+packet_len+= (LENGTH_HC_VJ - type_len);
+pos       += (LENGTH_HC_VJ - type_len);
+packet     = temp_desc;
+error_found = TRUE;
+}
+else if(ppp_data->ncp.r_hc NEQ PPP_HC_VJ)
+{
+error_found = TRUE;
+}
+else if(type_len > LENGTH_HC_VJ)
+{
+error_found = TRUE;
+}
+if(error_found EQ TRUE)
+{
+packet->buffer[copy_pos] = TYPE_HC;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+packet->buffer[copy_pos] = LENGTH_HC_VJ;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+packet->buffer[copy_pos] = PROTOCOL_VJ_MSB;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+packet->buffer[copy_pos] = PROTOCOL_VJ_LSB;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+packet->buffer[copy_pos] = ppp_data->ncp.req_msid;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+packet->buffer[copy_pos] = PPP_CSID_YES;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+}
+pos+= type_len;
+break;
+}
+code_ret = CODE_CONF_REJ;
+copy_pos = 4;
+/* fall through */
+case CODE_CONF_REJ:
+if(((analyzed & (1UL << MASK_TYPE_HC)) EQ 0) &&
+(ppp_data->ncp.req_hc NEQ PPP_HC_DEFAULT) &&
+(ppp_data->ncp.s_hc EQ PPP_HC_VJ) &&
+((ppp_data->ncp.s_rejected & (1UL << MASK_TYPE_HC)) EQ 0) &&
+((protocol_hc NEQ DTI_PID_CTCP) ||
+(type_len NEQ LENGTH_HC_VJ) ||
+((ppp_data->ncp.r_msid >= ppp_data->ncp.s_msid) &&
+(csid EQ PPP_CSID_YES))))
+{
+analyzed|= (1UL << MASK_TYPE_HC);
+pos+= type_len;
+break;
+}
+/*
+* set s_hc to default because we reject this configuration option
+*/
+ppp_data->ncp.s_hc = PPP_HC_DEFAULT;
+while(type_len > 0)
+{
+packet->buffer[copy_pos]=packet->buffer[pos];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+pos++;
+type_len--;
+}
+break;
+default:
+TRACE_ERROR("Packet return code invalid");
+break;
+}
+break;
+case TYPE_IP:
+ip = packet->buffer[pos + 2];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+ip = (ip << 8);
+ip+= packet->buffer[pos + 3];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+ip = (ip << 8);
+ip+= packet->buffer[pos + 4];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+ip = (ip << 8);
+ip+= packet->buffer[pos + 5];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+switch(code_ret)
+{
+case CODE_CONF_ACK:
+if(((analyzed & (1UL << MASK_TYPE_IP)) EQ 0) &&
+(type_len EQ LENGTH_IP))
+{
+if((ppp_data->mode EQ PPP_SERVER) &&
+(((ip EQ ppp_data->ncp.req_ip) &&
+(ppp_data->ncp.req_ip NEQ PPP_IP_DEFAULT)) ||
+((ip NEQ PPP_IP_DEFAULT) &&
+(ppp_data->ncp.req_ip EQ PPP_IP_DEFAULT))))
+{
+analyzed|=(1UL << MASK_TYPE_IP);
+ppp_data->ncp.n_ip = ip;
+pos+=LENGTH_IP;
+break;
+}
+else if((ppp_data->mode EQ PPP_CLIENT) &&
+(ip NEQ PPP_IP_DEFAULT))
+{
+/*
+* accept Gateway address
+*/
+analyzed|=(1UL << MASK_TYPE_IP);
+ppp_data->ncp.n_gateway = ip;
+pos+=LENGTH_IP;
+break;
+}
+}
+code_ret=CODE_CONF_NAK;
+/* fall through */
+case CODE_CONF_NAK:
+/*
+* this option will be rejected in following cases:
+* - occurence more than once
+* - in client mode if received IP is dynamic
+* - in server mode if received and requested IP are dynamic
+*/
+if(((analyzed & (1UL << MASK_TYPE_IP)) EQ 0) &&
+(((ppp_data->mode EQ PPP_SERVER) &&
+((ip NEQ ppp_data->ncp.req_ip) ||
+(ppp_data->ncp.req_ip NEQ PPP_IP_DEFAULT))) ||
+((ppp_data->mode EQ PPP_CLIENT) &&
+(ip NEQ PPP_IP_DEFAULT))))
+{
+analyzed|=(1UL << MASK_TYPE_IP);
+error_found=FALSE;
+if(type_len < LENGTH_IP)
+{
+T_desc2* temp_desc;
+/*
+* create a new larger packet and copy the content
+* of the old packet into the new
+*/
+MALLOC (temp_desc, (USHORT)(sizeof(T_desc2) - 1
++ packet_len
++ LENGTH_IP
+- type_len));
+temp_desc->next = packet->next;
+temp_desc->len  = packet_len + LENGTH_IP - type_len;
+memcpy(temp_desc->buffer, packet->buffer, pos);/*lint !e669 !e670 Possible data overrun*/
+memcpy(&temp_desc->buffer[pos + LENGTH_IP - type_len],
+&packet->buffer[pos],
+packet_len - pos);/*lint !e662 !e669 !e670 possible creation of out-of-bounds pointer*/
+arb_discard_packet(packet);
+packet_len += (LENGTH_IP - type_len);
+pos        += (LENGTH_IP - type_len);
+packet      = temp_desc;
+error_found = TRUE;
+}
+else if((ip NEQ ppp_data->ncp.req_ip) &&
+(ppp_data->ncp.req_ip NEQ PPP_IP_DEFAULT) &&
+(ppp_data->mode EQ PPP_SERVER))
+{
+error_found=TRUE;
+}
+else if(type_len > LENGTH_IP)
+{
+error_found=TRUE;
+}
+if(error_found EQ TRUE)
+{
+packet->buffer[copy_pos]=TYPE_IP;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+packet->buffer[copy_pos]=LENGTH_IP;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+packet->buffer[copy_pos]=(UBYTE)(ppp_data->ncp.req_ip >> 24);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+packet->buffer[copy_pos]=(UBYTE)((ppp_data->ncp.req_ip >> 16)
+& 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+packet->buffer[copy_pos]=(UBYTE)((ppp_data->ncp.req_ip >>  8)
+& 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+packet->buffer[copy_pos]=(UBYTE)(ppp_data->ncp.req_ip
+& 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+}
+pos+= type_len;
+break;
+}
+code_ret = CODE_CONF_REJ;
+copy_pos = 4;
+/* fall through */
+case CODE_CONF_REJ:
+if(((analyzed & (1UL << MASK_TYPE_IP)) EQ 0) &&
+(((ppp_data->mode EQ PPP_SERVER) &&
+((ip NEQ ppp_data->ncp.req_ip) ||
+(ppp_data->ncp.req_ip NEQ PPP_IP_DEFAULT))) ||
+((ppp_data->mode EQ PPP_CLIENT) &&
+(ip NEQ PPP_IP_DEFAULT))))
+{
+analyzed|=(1UL << MASK_TYPE_IP);
+pos+=type_len;
+break;
+}
+while(type_len > 0)
+{
+packet->buffer[copy_pos]=packet->buffer[pos];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+pos++;
+type_len--;
+}
+break;
+default:
+TRACE_ERROR("Packet return code invalid");
+break;
+}
+break;
+case TYPE_PDNS:  /* only in server mode allowed */
+pdns = packet->buffer[pos + 2];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pdns = (pdns << 8);
+pdns+= packet->buffer[pos + 3];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pdns = (pdns << 8);
+pdns+= packet->buffer[pos + 4];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pdns = (pdns << 8);
+pdns+= packet->buffer[pos + 5];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+switch(code_ret)
+{
+case CODE_CONF_ACK:
+if(((analyzed & (1UL << MASK_TYPE_PDNS)) EQ 0) &&
+(ppp_data->mode EQ PPP_SERVER) &&
+(type_len EQ LENGTH_PDNS) &&
+(((pdns EQ ppp_data->ncp.req_pdns) &&
+(ppp_data->ncp.req_pdns NEQ PPP_PDNS_DEFAULT)) ||
+((pdns NEQ PPP_PDNS_DEFAULT) &&
+(ppp_data->ncp.req_pdns EQ PPP_PDNS_DEFAULT))))
+{
+analyzed|=(1UL << MASK_TYPE_PDNS);
+ppp_data->ncp.n_pdns = pdns;
+pos+= LENGTH_PDNS;
+break;
+}
+code_ret=CODE_CONF_NAK;
+/* fall through */
+case CODE_CONF_NAK:
+/*
+* this option will be rejected in following cases:
+* - occurence more than once
+* - client mode
+* - received and requested PDNS are dynamic
+*/
+if(((analyzed & (1UL << MASK_TYPE_PDNS)) EQ 0) &&
+(ppp_data->mode EQ PPP_SERVER) &&
+((pdns NEQ ppp_data->ncp.req_pdns) ||
+(ppp_data->ncp.req_pdns NEQ PPP_PDNS_DEFAULT)))
+{
+analyzed|=(1UL << MASK_TYPE_PDNS);
+error_found=FALSE;
+if(type_len < LENGTH_PDNS)
+{
+T_desc2* temp_desc;
+/*
+* create a new larger packet and copy the content
+* of the old packet into the new
+*/
+MALLOC (temp_desc, (USHORT)(sizeof(T_desc2) - 1
++ packet_len
++ LENGTH_PDNS
+- type_len));
+temp_desc->next = packet->next;
+temp_desc->len  = packet_len + LENGTH_PDNS - type_len;
+memcpy(temp_desc->buffer, packet->buffer, pos);/*lint !e669 !e670 Possible data overrun*/
+memcpy(&temp_desc->buffer[pos + LENGTH_PDNS - type_len],
+&packet->buffer[pos],
+packet_len - pos);/*lint !e662 !e669 !e670 possible creation of out-of-bounds pointer*/
+arb_discard_packet(packet);
+packet_len += (LENGTH_PDNS - type_len);
+pos        += (LENGTH_PDNS - type_len);
+packet      = temp_desc;
+error_found = TRUE;
+}
+else if((pdns NEQ ppp_data->ncp.req_pdns) &&
+(ppp_data->ncp.req_pdns NEQ PPP_PDNS_DEFAULT))
+{
+error_found=TRUE;
+}
+else if(type_len > LENGTH_PDNS)
+{
+error_found=TRUE;
+}
+if(error_found EQ TRUE)
+{
+packet->buffer[copy_pos]=TYPE_PDNS;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+packet->buffer[copy_pos]=LENGTH_PDNS;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+packet->buffer[copy_pos]=(UBYTE)(ppp_data->ncp.req_pdns >> 24);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+packet->buffer[copy_pos]=(UBYTE)((ppp_data->ncp.req_pdns >> 16)
+& 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+packet->buffer[copy_pos]=(UBYTE)((ppp_data->ncp.req_pdns >>  8)
+& 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+packet->buffer[copy_pos]=(UBYTE)(ppp_data->ncp.req_pdns
+& 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+}
+pos+= type_len;
+break;
+}
+code_ret = CODE_CONF_REJ;
+copy_pos = 4;
+/* fall through */
+case CODE_CONF_REJ:
+if(((analyzed & (1UL << MASK_TYPE_PDNS)) EQ 0) &&
+(ppp_data->mode EQ PPP_SERVER) &&
+((pdns NEQ ppp_data->ncp.req_pdns) ||
+(ppp_data->ncp.req_pdns NEQ PPP_PDNS_DEFAULT)))
+{
+analyzed|=(1UL << MASK_TYPE_PDNS);
+pos+=type_len;
+break;
+}
+while(type_len > 0)
+{
+packet->buffer[copy_pos]=packet->buffer[pos];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+pos++;
+type_len--;
+}
+break;
+default:
+TRACE_ERROR("Packet return code invalid");
+break;
+}
+break;
+case TYPE_SDNS:  /* only in server mode allowed */
+sdns = packet->buffer[pos + 2];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+sdns = (sdns << 8);
+sdns+= packet->buffer[pos + 3];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+sdns = (sdns << 8);
+sdns+= packet->buffer[pos + 4];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+sdns = (sdns << 8);
+sdns+= packet->buffer[pos + 5];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+switch(code_ret)
+{
+case CODE_CONF_ACK:
+if(((analyzed & (1UL << MASK_TYPE_SDNS)) EQ 0) &&
+(ppp_data->mode EQ PPP_SERVER) &&
+(type_len EQ LENGTH_SDNS) &&
+(((sdns EQ ppp_data->ncp.req_sdns) &&
+(ppp_data->ncp.req_sdns NEQ PPP_SDNS_DEFAULT)) ||
+((sdns NEQ PPP_SDNS_DEFAULT) &&
+(ppp_data->ncp.req_sdns EQ PPP_SDNS_DEFAULT))))
+{
+analyzed|=(1UL << MASK_TYPE_SDNS);
+ppp_data->ncp.n_sdns = sdns;
+pos+= LENGTH_SDNS;
+break;
+}
+code_ret=CODE_CONF_NAK;
+/* fall through */
+case CODE_CONF_NAK:
+/*
+* this option will be rejected in following cases:
+* - occurence more than once
+* - client mode
+* - received and requested SDNS are dynamic
+*/
+if(((analyzed & (1UL << MASK_TYPE_SDNS)) EQ 0) &&
+(ppp_data->mode EQ PPP_SERVER) &&
+((sdns NEQ ppp_data->ncp.req_sdns) ||
+(ppp_data->ncp.req_sdns NEQ PPP_SDNS_DEFAULT)))
+{
+analyzed|=(1UL << MASK_TYPE_SDNS);
+error_found=FALSE;
+if(type_len < LENGTH_SDNS)
+{
+T_desc2* temp_desc;
+/*
+* create a new larger packet and copy the content
+* of the old packet into the new
+*/
+MALLOC (temp_desc, (USHORT)(sizeof(T_desc2) - 1
++ packet_len
++ LENGTH_SDNS
+- type_len));
+temp_desc->next = packet->next;
+temp_desc->len  = packet_len + LENGTH_SDNS - type_len;
+memcpy(temp_desc->buffer, packet->buffer, pos);/*lint !e669 !e670 Possible data overrun*/
+memcpy(&temp_desc->buffer[pos + LENGTH_SDNS - type_len],
+&packet->buffer[pos],
+packet_len - pos);/*lint !e662 !e669 !e670 possible creation  of out-of-bounds pointer*/
+arb_discard_packet(packet);
+packet_len += (LENGTH_SDNS - type_len);
+pos        += (LENGTH_SDNS - type_len);
+packet      = temp_desc;
+error_found = TRUE;
+}
+else if((sdns NEQ ppp_data->ncp.req_sdns) &&
+(ppp_data->ncp.req_sdns NEQ PPP_SDNS_DEFAULT))
+{
+error_found=TRUE;
+}
+else if(type_len > LENGTH_SDNS)
+{
+error_found=TRUE;
+}
+if(error_found EQ TRUE)
+{
+packet->buffer[copy_pos]=TYPE_SDNS;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+packet->buffer[copy_pos]=LENGTH_SDNS;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+packet->buffer[copy_pos]=(UBYTE)(ppp_data->ncp.req_sdns >> 24);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+packet->buffer[copy_pos]=(UBYTE)((ppp_data->ncp.req_sdns >> 16)
+& 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+packet->buffer[copy_pos]=(UBYTE)((ppp_data->ncp.req_sdns >>  8)
+& 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+packet->buffer[copy_pos]=(UBYTE)(ppp_data->ncp.req_sdns
+& 0x000000ff);/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+}
+pos+= type_len;
+break;
+}
+code_ret = CODE_CONF_REJ;
+copy_pos = 4;
+/* fall through */
+case CODE_CONF_REJ:
+if(((analyzed & (1UL << MASK_TYPE_SDNS)) EQ 0) &&
+(ppp_data->mode EQ PPP_SERVER) &&
+((sdns NEQ ppp_data->ncp.req_sdns) ||
+(ppp_data->ncp.req_sdns NEQ PPP_SDNS_DEFAULT)))
+{
+analyzed|=(1UL << MASK_TYPE_SDNS);
+pos+=type_len;
+break;
+}
+while(type_len > 0)
+{
+packet->buffer[copy_pos]=packet->buffer[pos];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+pos++;
+type_len--;
+}
+break;
+default:
+TRACE_ERROR("Packet return code invalid");
+break;
+}
+break;
+default:
+switch(code_ret)
+{
+case CODE_CONF_ACK:
+case CODE_CONF_NAK:
+code_ret=CODE_CONF_REJ;
+copy_pos=4;
+/* fall through */
+default:
+while(type_len > 0)
+{
+packet->buffer[copy_pos]=packet->buffer[pos];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+pos++;
+type_len--;
+}
+break;
+}
+}
+}
+if(((analyzed & (1UL << MASK_TYPE_HC)) EQ 0) &&
+(ppp_data->ncp.s_hc EQ PPP_HC_VJ) &&
+(ppp_data->ncp.req_hc EQ PPP_HC_VJ) &&
+(code_ret NEQ CODE_CONF_REJ))
+{
+T_desc2* temp_desc;
+/*
+* add header compression to the configure Nak packet
+*/
+code_ret = CODE_CONF_NAK;
+/*
+* create a new larger packet and copy the content
+* of the old packet into the new
+*/
+MALLOC (temp_desc, (USHORT)(sizeof(T_desc2) - 1
++ packet_len
++ LENGTH_HC_VJ));
+temp_desc->next = packet->next;
+temp_desc->len  = packet_len + LENGTH_HC_VJ;
+memcpy(temp_desc->buffer, packet->buffer, copy_pos);/*lint !e669 !e670 Possible data overrun*/
+arb_discard_packet(packet);
+packet_len+= LENGTH_HC_VJ;
+packet     = temp_desc;
+/*
+* insert header compression option
+*/
+packet->buffer[copy_pos] = TYPE_HC;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+packet->buffer[copy_pos] = LENGTH_HC_VJ;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+packet->buffer[copy_pos] = PROTOCOL_VJ_MSB;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+packet->buffer[copy_pos] = PROTOCOL_VJ_LSB;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+packet->buffer[copy_pos] = ppp_data->ncp.req_msid;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+packet->buffer[copy_pos] = PPP_CSID_YES;/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+copy_pos++;
+}
+/*
+* set new Code field in return packet
+*/
+packet->buffer[0]=code_ret;
+*ptr_packet=packet;
+if(copy_pos > 4)
+{
+/*
+* some configuration options are not acceptable
+*/
+*forward=FORWARD_RCRN;
+/*
+* set new Length field
+*/
+packet->len=copy_pos;
+packet->buffer[2]=(UBYTE)(copy_pos >> 8);/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+packet->buffer[3]=(UBYTE)(copy_pos & 0x00ff);/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+return;
+}
+/*
+* all configuration options are acceptable
+*/
+*forward=FORWARD_RCRP;
+} /* ncp_rcr() */
+/*
++------------------------------------------------------------------------------
+| Function    : ncp_rca
++------------------------------------------------------------------------------
+| Description : The function ncp_rca() checks whether the given
+|               Configure Ack packet is valid and if so it returns
+|               FORWARD_RCA. Otherwise it returns FORWARD_DISCARD.
+|
+| Parameters  : packet  - Configure Ack packet
+|               forward - returns result of analysis
+|
++------------------------------------------------------------------------------
+*/
+GLOBAL void ncp_rca (T_desc2* packet, UBYTE* forward)
+{
+USHORT  packet_len;
+TRACE_FUNCTION( "ncp_rca" );
+packet_len = packet->buffer[2];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+packet_len <<= 8;
+packet_len+= packet->buffer[3];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+if((packet_len < 4) ||
+(packet_len > packet->len) ||
+(ppp_data->ncp.scr EQ FALSE) ||
+(packet->buffer[1] NEQ ppp_data->ncp.nscri))/*lint !e415 access of out-of-bounds pointer */
+{
+/*
+* invalid packet
+*/
+*forward=FORWARD_DISCARD;
+return;
+}
+/*
+* acceptable packet
+*/
+arb_discard_packet(packet);
+ppp_data->ncp.nscri++;
+*forward=FORWARD_RCA;
+} /* ncp_rca() */
+/*
++------------------------------------------------------------------------------
+| Function    : ncp_rcn
++------------------------------------------------------------------------------
+| Description : The function ncp_rcn() analyze the given
+|               Configure Nak packet, changes some requested values and returns
+|               FORWARD_RCN
+|               The packet pointer points to an appropriate response packet.
+|
+| Parameters  : ptr_packet - Configure Nak packet
+|               forward    - returns result of analysis
+|
++------------------------------------------------------------------------------
+*/
+GLOBAL void ncp_rcn (T_desc2** ptr_packet, UBYTE* forward)
+{
+T_desc2* packet;
+USHORT   packet_len;
+UBYTE    type_len;
+USHORT   pos;
+USHORT   protocol_hc;
+ULONG    ip;
+ULONG    pdns;
+ULONG    sdns;
+TRACE_FUNCTION( "ncp_rcn" );
+/*
+* check for correct length field
+*/
+packet = *ptr_packet;
+packet_len = packet->buffer[2];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+packet_len <<= 8;
+packet_len+= packet->buffer[3];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+if((packet_len > packet->len) ||
+(packet_len < 4) ||
+(ppp_data->ncp.scr EQ FALSE) ||
+(packet->buffer[1] NEQ ppp_data->ncp.nscri))/*lint !e415 access of out-of-bounds pointer */
+{
+/*
+* invalid packet
+*/
+*forward=FORWARD_DISCARD;
+return;
+}
+/*
+* check consistence of length of packet and length of configuration options
+*/
+pos=5;
+while(pos < packet_len)
+{
+if(packet->buffer[pos] < 2)/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+{
+*forward=FORWARD_DISCARD;
+return;
+}
+pos+= packet->buffer[pos];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+}
+if((pos - 1) NEQ packet_len)
+{
+*forward=FORWARD_DISCARD;
+return;
+}
+/*
+* analyze configuration options
+*/
+pos=4;
+while(pos < packet_len)
+{
+type_len=packet->buffer[pos + 1];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+switch(packet->buffer[pos])/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+{
+/*
+* yet supported configuration options
+*/
+case TYPE_HC:
+protocol_hc = packet->buffer[pos + 2];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+protocol_hc <<= 8;
+protocol_hc+= packet->buffer[pos + 3];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+if((protocol_hc EQ DTI_PID_CTCP) &&
+(ppp_data->ncp.req_hc EQ PPP_HC_VJ) &&
+(type_len EQ LENGTH_HC_VJ))
+{
+ppp_data->ncp.s_rejected &= ~(1UL << MASK_TYPE_HC);
+ppp_data->ncp.s_hc        = PPP_HC_VJ;
+ppp_data->ncp.s_msid      = ppp_data->ncp.req_msid;
+}
+break;
+case TYPE_IP:
+ip = packet->buffer[pos + 2];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+ip = ip << 8;
+ip+= packet->buffer[pos + 3];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+ip = ip << 8;
+ip+= packet->buffer[pos + 4];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+ip = ip << 8;
+ip+= packet->buffer[pos + 5];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+if(type_len EQ LENGTH_IP)
+{
+ppp_data->ncp.s_rejected &= ~(1UL << MASK_TYPE_IP);
+if(ppp_data->mode EQ PPP_CLIENT)
+ppp_data->ncp.n_ip = ip;
+else if(ppp_data->ncp.req_gateway EQ PPP_GATEWAY_DEFAULT)
+ppp_data->ncp.n_gateway = ip;
+}
+break;
+case TYPE_PDNS:
+pdns = packet->buffer[pos + 2];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pdns = pdns << 8;
+pdns+= packet->buffer[pos + 3];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pdns = pdns << 8;
+pdns+= packet->buffer[pos + 4];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+pdns = pdns << 8;
+pdns+= packet->buffer[pos + 5];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+if((type_len EQ LENGTH_PDNS) &&
+(ppp_data->mode EQ PPP_CLIENT))
+{
+ppp_data->ncp.s_rejected &= ~(1UL << MASK_TYPE_PDNS);
+ppp_data->ncp.n_pdns = pdns;
+}
+break;
+case TYPE_SDNS:
+sdns = packet->buffer[pos + 2];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+sdns = sdns << 8;
+sdns+= packet->buffer[pos + 3];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+sdns = sdns << 8;
+sdns+= packet->buffer[pos + 4];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+sdns = sdns << 8;
+sdns+= packet->buffer[pos + 5];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+if((type_len EQ LENGTH_SDNS) &&
+(ppp_data->mode EQ PPP_CLIENT))
+{
+ppp_data->ncp.s_rejected &= ~(1UL << MASK_TYPE_SDNS);
+ppp_data->ncp.n_sdns = sdns;
+}
+break;
+default:
+/*
+* ignore unknown configuration options
+*/
+break;
+}
+pos+= type_len;
+}
+/*
+* free this packet and create a new with changed configuration options
+*/
+arb_discard_packet(packet);
+*forward=FORWARD_RCN;
+ppp_data->ncp.nscri++;
+ncp_get_scr(&packet);
+*ptr_packet=packet;
+} /* ncp_rcn() */
+/*
++------------------------------------------------------------------------------
+| Function    : ncp_rcj
++------------------------------------------------------------------------------
+| Description : The function ncp_rcj() analyze the given
+|               Configure Reject packet, marks some values as rejected and
+|               returns FORWARD_RCJ
+|               The packet pointer points to an appropriate response packet.
+|
+| Parameters  : ptr_packet  - pointer to a Configure Reject packet
+|               forward     - returns result of analysis
+|
++------------------------------------------------------------------------------
+*/
+GLOBAL void ncp_rcj (T_desc2** ptr_packet, UBYTE* forward)
+{
+T_desc2* packet;
+USHORT   packet_len;
+UBYTE    type_len;
+USHORT   pos;
+TRACE_FUNCTION( "ncp_rcj" );
+/*
+* check for correct length field
+*/
+packet = *ptr_packet;
+packet_len = packet->buffer[2];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+packet_len <<= 8;
+packet_len+= packet->buffer[3];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+if((packet_len > packet->len) ||
+(packet_len < 4) ||
+(ppp_data->ncp.scr EQ FALSE) ||
+(packet->buffer[1] NEQ ppp_data->ncp.nscri))/*lint !e415 access of out-of-bounds pointer */
+{
+/*
+* invalid packet
+*/
+*forward=FORWARD_DISCARD;
+return;
+}
+/*
+* check consistence of length of packet and length of configuration options
+*/
+pos=5;
+while(pos < packet_len)
+{
+if(packet->buffer[pos] < 2)/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+{
+*forward=FORWARD_DISCARD;
+return;
+}
+pos+= packet->buffer[pos];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+}
+if((pos - 1) NEQ packet_len)
+{
+*forward=FORWARD_DISCARD;
+return;
+}
+/*
+* analyze configuration options
+*/
+pos=4;
+while(pos < packet_len)
+{
+type_len=packet->buffer[pos + 1];/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+switch(packet->buffer[pos])/*lint !e662 !e661 possible creation and access of out-of-bounds pointer*/
+{
+/*
+* yet supported configuration options
+*/
+case TYPE_HC:
+ppp_data->ncp.s_rejected|= (1UL << MASK_TYPE_HC);
+ppp_data->ncp.s_hc = PPP_HC_DEFAULT;
+break;
+case TYPE_IP:
+if (ppp_data->mode EQ PPP_CLIENT)
+{ /* error: server has to support valid IP address */
+*forward=FORWARD_DISCARD;
+return;
+}
+ppp_data->ncp.s_rejected |= (1UL << MASK_TYPE_IP);
+break;
+case TYPE_PDNS:
+ppp_data->ncp.s_rejected |= (1UL << MASK_TYPE_PDNS);
+break;
+case TYPE_SDNS:
+ppp_data->ncp.s_rejected |= (1UL << MASK_TYPE_SDNS);
+break;
+default:
+/*
+* ignore unknown configuration options
+*/
+break;
+}
+pos+= type_len;
+}
+/*
+* free this packet and create a new with changed configuration options
+*/
+arb_discard_packet(packet);
+*forward=FORWARD_RCN;
+ppp_data->ncp.nscri++;
+ncp_get_scr(&packet);
+*ptr_packet=packet;
+} /* ncp_rcj() */
+/*
++------------------------------------------------------------------------------
+| Function    : ncp_rtr
++------------------------------------------------------------------------------
+| Description : The function ncp_rtr() checks whether the given
+|               Terminate Request packet is valid and if so it returns
+|               FORWARD_RCA. Otherwise it returns FORWARD_DISCARD.
+|
+| Parameters  : ptr_packet - pointer to a Terminate Request packet
+|               forward    - returns result of analysis
+|
++------------------------------------------------------------------------------
+*/
+GLOBAL void ncp_rtr (T_desc2** ptr_packet, UBYTE* forward)
+{
+T_desc2* packet;
+USHORT   packet_len;
+TRACE_FUNCTION( "ncp_rtr" );
+/*
+* check for correct length field
+*/
+packet = *ptr_packet;
+packet_len = packet->buffer[2];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+packet_len <<= 8;
+packet_len+= packet->buffer[3];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+if((packet_len < 4) || (packet_len > packet->len))
+{
+*forward=FORWARD_DISCARD;
+return;
+}
+/*
+* change code field
+*/
+packet->buffer[0]=CODE_TERM_ACK;
+*forward=FORWARD_RTR;
+} /* ncp_rtr() */
+/*
++------------------------------------------------------------------------------
+| Function    : ncp_rta
++------------------------------------------------------------------------------
+| Description : The function ncp_rta() checks whether the given
+|               Terminate Ack packet is valid and if so it returns
+|               FORWARD_RTA. Otherwise it returns FORWARD_DISCARD.
+|
+| Parameters  : packet  - Terminate Ack packet
+|               forward - returns result of analysis
+|
++------------------------------------------------------------------------------
+*/
+GLOBAL void ncp_rta (T_desc2* packet, UBYTE* forward)
+{
+USHORT  packet_len;
+TRACE_FUNCTION( "ncp_rta" );
+/*
+* check for correct length field
+*/
+packet_len = packet->buffer[2];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+packet_len <<= 8;
+packet_len+= packet->buffer[3];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+if((packet_len < 4) || (packet_len > packet->len))
+{
+*forward=FORWARD_DISCARD;
+return;
+}
+if((ppp_data->ncp.str EQ TRUE) &&
+(packet->buffer[1] NEQ ppp_data->ncp.nstri))/*lint !e415 access of out-of-bounds pointer */
+{
+/*
+* invalid packet
+*/
+*forward=FORWARD_DISCARD;
+return;
+}
+/*
+* acceptable packet
+*/
+arb_discard_packet(packet);
+ppp_data->ncp.nstri++;
+*forward=FORWARD_RTA;
+} /* ncp_rta() */
+/*
++------------------------------------------------------------------------------
+| Function    : ncp_rxj
++------------------------------------------------------------------------------
+| Description : The function ncp_rxj() analyzes whether the given Code Reject
+|               is acceptable. If not it returns FORWARD_RXJN.
+|
+| Parameters  : ptr_packet - Pointer to a Code Reject packet
+|               forward    - returns result of analysis
+|
++------------------------------------------------------------------------------
+*/
+GLOBAL void ncp_rxj (T_desc2** ptr_packet, UBYTE* forward)
+{
+USHORT  packet_len;
+T_desc2* packet;
+TRACE_FUNCTION( "ncp_rxj" );
+/*
+* check for correct length field
+*/
+packet = *ptr_packet;
+packet_len = packet->buffer[2];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+packet_len <<= 8;
+packet_len+= packet->buffer[3];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+if((packet_len < 5) || (packet_len > packet->len))
+{
+*forward=FORWARD_DISCARD;
+return;
+}
+switch(packet->buffer[4])/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+{
+case CODE_CONF_REQ:
+case CODE_CONF_REJ:
+case CODE_CONF_NAK:
+case CODE_CONF_ACK:
+case CODE_TERM_REQ:
+case CODE_TERM_ACK:
+case CODE_CODE_REJ:
+arb_discard_packet(packet);
+ncp_get_str(&packet);
+*ptr_packet = packet;
+*forward = FORWARD_RXJN;
+break;
+default:
+*forward=FORWARD_DISCARD;
+break;
+}
+} /* ncp_rxj() */
+/*
++------------------------------------------------------------------------------
+| Function    : ncp_ruc
++------------------------------------------------------------------------------
+| Description : The function ncp_ruc() creates a Code Reject packet and returns
+|               FORWARD_RUC.
+|
+| Parameters  : ptr_packet - packet with unknown code
+|               forward    - returns result of analysis
+|
++------------------------------------------------------------------------------
+*/
+GLOBAL void ncp_ruc (T_desc2** ptr_packet, UBYTE* forward)
+{
+T_desc2* packet;
+T_desc2* temp_desc;
+USHORT  packet_len;
+TRACE_FUNCTION( "ncp_ruc" );
+/*
+* check for correct length field
+*/
+packet = *ptr_packet;
+packet_len = packet->buffer[2];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+packet_len <<= 8;
+packet_len+= packet->buffer[3];/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+if((packet->len < packet_len) || (packet_len < 4))
+{
+*forward=FORWARD_DISCARD;
+return;
+}
+/*
+* create a new larger packet and copy the content
+* of the old packet into the new
+*/
+packet_len+=4;
+if(packet_len > PPP_MRU_MIN)
+packet_len = PPP_MRU_MIN;
+MALLOC (temp_desc, (USHORT)(sizeof(T_desc2) - 1 + packet_len));
+temp_desc->next = packet->next;
+temp_desc->len  = packet_len;
+memcpy(&temp_desc->buffer[4], packet->buffer, packet_len - 4);/*lint !e416 !e669 !e670 creation of out-of-bounds pointer */
+arb_discard_packet(packet);
+packet = temp_desc;
+/*
+* fill the first bytes to create a Code Reject
+*/
+packet->buffer[0] = CODE_CODE_REJ;
+ppp_data->ncp.nscji++;
+packet->buffer[1] = ppp_data->ncp.nscji;/*lint !e415 access of out-of-bounds pointer */
+packet->buffer[2] = (UBYTE)(packet_len >> 8);/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+packet->buffer[3] = (UBYTE)(packet_len & 0x00ff);/*lint !e415 !e416 creation and access of out-of-bounds pointer */
+/*
+* set return values
+*/
+*ptr_packet=packet;
+*forward=FORWARD_RUC;
+} /* ncp_ruc() */

FreeCalypso > hg > fc-selenite

comparison src/g23m-fad/ppp/ppp_ncpf.c @ 1:d393cd9bb723