if_spppsubr.c revision 4910
1/* 2 * Synchronous PPP/Cisco link level subroutines. 3 * Keepalive protocol implemented in both Cisco and PPP modes. 4 * 5 * Copyright (C) 1994 Cronyx Ltd. 6 * Author: Serge Vakulenko, <vak@zebub.msk.su> 7 * 8 * This software is distributed with NO WARRANTIES, not even the implied 9 * warranties for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 10 * 11 * Authors grant any other persons or organisations permission to use 12 * or modify this software as long as this message is kept with the software, 13 * all derivative works or modified versions. 14 * 15 * Version 1.1, Thu Oct 27 21:13:59 MSK 1994 16 */ 17#undef DEBUG 18 19#include <sys/param.h> 20#include <systm.h> 21#include <kernel.h> 22#include <sys/ioctl.h> 23#include <sys/socket.h> 24#include <sys/mbuf.h> 25 26#include <net/if.h> 27#include <net/netisr.h> 28#include <net/if_types.h> 29 30#ifdef INET 31#include <netinet/in.h> 32#include <netinet/in_systm.h> 33#include <netinet/in_var.h> 34#include <netinet/ip.h> 35#include <netinet/tcp.h> 36#include <netinet/if_ether.h> 37#endif 38 39#ifdef NS 40#include <netns/ns.h> 41#include <netns/ns_if.h> 42#endif 43 44#ifdef ISO 45#include <netiso/argo_debug.h> 46#include <netiso/iso.h> 47#include <netiso/iso_var.h> 48#include <netiso/iso_snpac.h> 49#endif 50 51#include <net/if_sppp.h> 52 53#ifdef DEBUG 54#define print(s) printf s 55#else 56#define print(s) /*void*/ 57#endif 58 59#define MAXALIVECNT 3 /* max. alive packets */ 60 61#define PPP_ALLSTATIONS 0xff /* All-Stations broadcast address */ 62#define PPP_UI 0x03 /* Unnumbered Information */ 63#define PPP_IP 0x0021 /* Internet Protocol */ 64#define PPP_ISO 0x0023 /* ISO OSI Protocol */ 65#define PPP_XNS 0x0025 /* Xerox NS Protocol */ 66#define PPP_LCP 0xc021 /* Link Control Protocol */ 67#define PPP_IPCP 0x8021 /* Internet Protocol Control Protocol */ 68 69#define LCP_CONF_REQ 1 /* PPP LCP configure request */ 70#define LCP_CONF_ACK 2 /* PPP LCP configure acknowledge */ 71#define LCP_CONF_NAK 3 /* PPP LCP configure negative ack */ 72#define LCP_CONF_REJ 4 /* PPP LCP configure reject */ 73#define LCP_TERM_REQ 5 /* PPP LCP terminate request */ 74#define LCP_TERM_ACK 6 /* PPP LCP terminate acknowledge */ 75#define LCP_CODE_REJ 7 /* PPP LCP code reject */ 76#define LCP_PROTO_REJ 8 /* PPP LCP protocol reject */ 77#define LCP_ECHO_REQ 9 /* PPP LCP echo request */ 78#define LCP_ECHO_REPLY 10 /* PPP LCP echo reply */ 79#define LCP_DISC_REQ 11 /* PPP LCP discard request */ 80 81#define LCP_OPT_MRU 1 /* maximum receive unit */ 82#define LCP_OPT_ASYNC_MAP 2 /* async control character map */ 83#define LCP_OPT_AUTH_PROTO 3 /* authentication protocol */ 84#define LCP_OPT_QUAL_PROTO 4 /* quality protocol */ 85#define LCP_OPT_MAGIC 5 /* magic number */ 86#define LCP_OPT_RESERVED 6 /* reserved */ 87#define LCP_OPT_PROTO_COMP 7 /* protocol field compression */ 88#define LCP_OPT_ADDR_COMP 8 /* address/control field compression */ 89 90#define IPCP_CONF_REQ LCP_CONF_REQ /* PPP IPCP configure request */ 91#define IPCP_CONF_ACK LCP_CONF_ACK /* PPP IPCP configure acknowledge */ 92#define IPCP_CONF_NAK LCP_CONF_NAK /* PPP IPCP configure negative ack */ 93#define IPCP_CONF_REJ LCP_CONF_REJ /* PPP IPCP configure reject */ 94#define IPCP_TERM_REQ LCP_TERM_REQ /* PPP IPCP terminate request */ 95#define IPCP_TERM_ACK LCP_TERM_ACK /* PPP IPCP terminate acknowledge */ 96#define IPCP_CODE_REJ LCP_CODE_REJ /* PPP IPCP code reject */ 97 98#define CISCO_MULTICAST 0x8f /* Cisco multicast address */ 99#define CISCO_UNICAST 0x0f /* Cisco unicast address */ 100#define CISCO_KEEPALIVE 0x8035 /* Cisco keepalive protocol */ 101#define CISCO_ADDR_REQ 0 /* Cisco address request */ 102#define CISCO_ADDR_REPLY 1 /* Cisco address reply */ 103#define CISCO_KEEPALIVE_REQ 2 /* Cisco keepalive request */ 104 105struct ppp_header { 106 unsigned char address; 107 unsigned char control; 108 unsigned short protocol; 109}; 110#define PPP_HEADER_LEN sizeof (struct ppp_header) 111 112struct lcp_header { 113 unsigned char type; 114 unsigned char ident; 115 unsigned short len; 116}; 117#define LCP_HEADER_LEN sizeof (struct lcp_header) 118 119struct cisco_packet { 120 unsigned long type; 121 unsigned long par1; 122 unsigned long par2; 123 unsigned short rel; 124 unsigned short time0; 125 unsigned short time1; 126}; 127#define CISCO_PACKET_LEN 18 128 129struct sppp *spppq; 130 131extern void if_down (struct ifnet *ifp); 132 133/* 134 * The following disgusting hack gets around the problem that IP TOS 135 * can't be set yet. We want to put "interactive" traffic on a high 136 * priority queue. To decide if traffic is interactive, we check that 137 * a) it is TCP and b) one of its ports is telnet, rlogin or ftp control. 138 */ 139static unsigned short interactive_ports[8] = { 140 0, 513, 0, 0, 141 0, 21, 0, 23, 142}; 143#define INTERACTIVE(p) (interactive_ports[(p) & 7] == (p)) 144 145void sppp_keepalive (caddr_t dummy1, int dummy2); 146void sppp_cp_send (struct sppp *sp, unsigned short proto, unsigned char type, 147 unsigned char ident, unsigned short len, void *data); 148void sppp_cisco_send (struct sppp *sp, int type, long par1, long par2); 149void sppp_lcp_input (struct sppp *sp, struct mbuf *m); 150void sppp_cisco_input (struct sppp *sp, struct mbuf *m); 151void sppp_lcp_conf_rej (struct sppp *sp, struct lcp_header *h); 152void sppp_ipcp_input (struct sppp *sp, struct mbuf *m); 153void sppp_lcp_open (struct sppp *sp); 154void sppp_ipcp_open (struct sppp *sp); 155int sppp_lcp_conf_unknown_options (int len, unsigned char *p); 156void sppp_cp_timeout (caddr_t arg, int dummy); 157char *sppp_lcp_type_name (unsigned char type); 158char *sppp_ipcp_type_name (unsigned char type); 159void sppp_print_bytes (unsigned char *p, unsigned short len); 160 161/* 162 * Flush interface queue. 163 */ 164static void qflush (struct ifqueue *ifq) 165{ 166 struct mbuf *m, *n; 167 168 n = ifq->ifq_head; 169 while ((m = n)) { 170 n = m->m_act; 171 m_freem (m); 172 } 173 ifq->ifq_head = 0; 174 ifq->ifq_tail = 0; 175 ifq->ifq_len = 0; 176} 177 178/* 179 * Process the received packet. 180 */ 181void sppp_input (struct ifnet *ifp, struct mbuf *m) 182{ 183 struct ppp_header *h; 184 struct sppp *sp; 185 struct ifqueue *inq = 0; 186 187 ifp->if_lastchange = time; 188 if (ifp->if_flags & IFF_UP) 189 /* Count received bytes, add FCS and one flag */ 190 ifp->if_ibytes += m->m_pkthdr.len + 3; 191 192 if (m->m_pkthdr.len <= PPP_HEADER_LEN) { 193 /* Too small packet, drop it. */ 194 if (ifp->if_flags & IFF_DEBUG) 195 printf ("%s%d: input packet is too small, %d bytes\n", 196 ifp->if_name, ifp->if_unit, m->m_pkthdr.len); 197drop: ++ifp->if_iqdrops; 198 m_freem (m); 199 return; 200 } 201 202 /* Get PPP header. */ 203 h = mtod (m, struct ppp_header*); 204 m_adj (m, PPP_HEADER_LEN); 205 206 switch (h->address) { 207 default: /* Invalid PPP packet. */ 208invalid: if (ifp->if_flags & IFF_DEBUG) 209 printf ("%s%d: invalid input packet <0x%x 0x%x 0x%x>\n", 210 ifp->if_name, ifp->if_unit, 211 h->address, h->control, ntohs (h->protocol)); 212 goto drop; 213 case PPP_ALLSTATIONS: 214 if (h->control != PPP_UI) 215 goto invalid; 216 sp = (struct sppp*) ifp; 217 switch (ntohs (h->protocol)) { 218 default: 219 if (sp->lcp.state == LCP_STATE_OPENED) 220 sppp_cp_send (sp, PPP_LCP, LCP_PROTO_REJ, 221 ++sp->pp_seq, m->m_pkthdr.len - 2, 222 &h->protocol); 223 if (ifp->if_flags & IFF_DEBUG) 224 printf ("%s%d: invalid input protocol <0x%x 0x%x 0x%x>\n", 225 ifp->if_name, ifp->if_unit, 226 h->address, h->control, ntohs (h->protocol)); 227 ++ifp->if_noproto; 228 goto drop; 229 case PPP_LCP: 230 sppp_lcp_input ((struct sppp*) ifp, m); 231 m_freem (m); 232 return; 233#ifdef INET 234 case PPP_IPCP: 235 if (sp->lcp.state == LCP_STATE_OPENED) 236 sppp_ipcp_input ((struct sppp*) ifp, m); 237 m_freem (m); 238 return; 239 case PPP_IP: 240 if (sp->ipcp.state == IPCP_STATE_OPENED) { 241 schednetisr (NETISR_IP); 242 inq = &ipintrq; 243 } 244 break; 245#endif 246#ifdef NS 247 case PPP_XNS: 248 /* XNS IDPCP not implemented yet */ 249 if (sp->lcp.state == LCP_STATE_OPENED) { 250 schednetisr (NETISR_NS); 251 inq = &nsintrq; 252 } 253 break; 254#endif 255#ifdef ISO 256 case PPP_ISO: 257 /* OSI NLCP not implemented yet */ 258 if (sp->lcp.state == LCP_STATE_OPENED) { 259 schednetisr (NETISR_ISO); 260 inq = &clnlintrq; 261 } 262 break; 263#endif 264 } 265 break; 266 case CISCO_MULTICAST: 267 case CISCO_UNICAST: 268 /* Don't check the control field here (RFC 1547). */ 269 switch (ntohs (h->protocol)) { 270 default: 271 ++ifp->if_noproto; 272 goto invalid; 273 case CISCO_KEEPALIVE: 274 sppp_cisco_input ((struct sppp*) ifp, m); 275 m_freem (m); 276 return; 277#ifdef INET 278 case ETHERTYPE_IP: 279 schednetisr (NETISR_IP); 280 inq = &ipintrq; 281 break; 282#endif 283#ifdef NS 284 case ETHERTYPE_NS: 285 schednetisr (NETISR_NS); 286 inq = &nsintrq; 287 break; 288#endif 289 } 290 break; 291 } 292 293 if (! (ifp->if_flags & IFF_UP) || ! inq) 294 goto drop; 295 296 /* Check queue. */ 297 if (IF_QFULL (inq)) { 298 /* Queue overflow. */ 299 if (ifp->if_flags & IFF_DEBUG) 300 printf ("%s%d: protocol queue overflow\n", 301 ifp->if_name, ifp->if_unit); 302 IF_DROP (inq); 303 goto drop; 304 } 305 IF_ENQUEUE (inq, m); 306} 307 308/* 309 * Enqueue transmit packet. 310 */ 311int sppp_output (struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, struct rtentry *rt) 312{ 313 struct sppp *sp = (struct sppp*) ifp; 314 struct ppp_header *h; 315 struct ifqueue *ifq; 316 int s = splimp (); 317 318 if (! (ifp->if_flags & IFF_UP) || ! (ifp->if_flags & IFF_RUNNING)) { 319 m_freem (m); 320 splx (s); 321 return (ENETDOWN); 322 } 323 324 ifq = &ifp->if_snd; 325#ifdef INET 326 /* 327 * Put low delay, telnet, rlogin and ftp control packets 328 * in front of the queue. 329 */ 330 { 331 struct ip *ip = mtod (m, struct ip*); 332 struct tcphdr *tcp = (struct tcphdr*) ((long*)ip + ip->ip_hl); 333 334 if (! IF_QFULL (&sp->pp_fastq) && ((ip->ip_tos & IPTOS_LOWDELAY) || 335 ip->ip_p == IPPROTO_TCP && 336 m->m_len >= sizeof (struct ip) + sizeof (struct tcphdr) && 337 (INTERACTIVE (ntohs (tcp->th_sport)) || 338 INTERACTIVE (ntohs (tcp->th_dport))))) 339 ifq = &sp->pp_fastq; 340 } 341#endif 342 343 /* 344 * Prepend general data packet PPP header. For now, IP only. 345 */ 346 M_PREPEND (m, PPP_HEADER_LEN, M_DONTWAIT); 347 if (! m) { 348 if (ifp->if_flags & IFF_DEBUG) 349 printf ("%s%d: no memory for transmit header\n", 350 ifp->if_name, ifp->if_unit); 351 splx (s); 352 return (ENOBUFS); 353 } 354 h = mtod (m, struct ppp_header*); 355 if (sp->pp_flags & PP_CISCO) { 356 h->address = CISCO_MULTICAST; /* broadcast address */ 357 h->control = 0; 358 } else { 359 h->address = PPP_ALLSTATIONS; /* broadcast address */ 360 h->control = PPP_UI; /* Unnumbered Info */ 361 } 362 363 switch (dst->sa_family) { 364#ifdef INET 365 case AF_INET: /* Internet Protocol */ 366 h->protocol = htons ((sp->pp_flags & PP_CISCO) ? 367 ETHERTYPE_IP : PPP_IP); 368 break; 369#endif 370#ifdef NS 371 case AF_NS: /* Xerox NS Protocol */ 372 h->protocol = htons ((sp->pp_flags & PP_CISCO) ? 373 ETHERTYPE_NS : PPP_XNS); 374 break; 375#endif 376#ifdef ISO 377 case AF_ISO: /* ISO OSI Protocol */ 378 if (sp->pp_flags & PP_CISCO) 379 goto nosupport; 380 h->protocol = htons (PPP_ISO); 381 break; 382#endif 383 default: 384 m_freem (m); 385 splx (s); 386 return (EAFNOSUPPORT); 387 } 388 389 /* 390 * Queue message on interface, and start output if interface 391 * not yet active. 392 */ 393 if (IF_QFULL (ifq)) { 394 IF_DROP (&ifp->if_snd); 395 m_freem (m); 396 splx (s); 397 return (ENOBUFS); 398 } 399 IF_ENQUEUE (ifq, m); 400 if (! (ifp->if_flags & IFF_OACTIVE)) 401 (*ifp->if_start) (ifp); 402 403 /* 404 * Count output packets and bytes. 405 * The packet length includes header, FCS and 1 flag, 406 * according to RFC 1333. 407 */ 408 ifp->if_obytes += m->m_pkthdr.len + 3; 409 ifp->if_lastchange = time; 410 splx (s); 411 return (0); 412} 413 414void sppp_attach (struct ifnet *ifp) 415{ 416 struct sppp *sp = (struct sppp*) ifp; 417 418 /* Initialize keepalive handler. */ 419 if (! spppq) 420 timeout (sppp_keepalive, 0, hz * 10); 421 422 /* Insert new entry into the keepalive list. */ 423 sp->pp_next = spppq; 424 spppq = sp; 425 426 sp->pp_if.if_type = IFT_PPP; 427 sp->pp_if.if_output = sppp_output; 428 sp->pp_fastq.ifq_maxlen = 32; 429 sp->pp_loopcnt = 0; 430 sp->pp_alivecnt = 0; 431 sp->lcp.magic = time.tv_sec + time.tv_usec; 432 sp->lcp.rmagic = 0; 433 sp->pp_seq = sp->lcp.magic; 434 sp->pp_rseq = 0; 435} 436 437void sppp_detach (struct ifnet *ifp) 438{ 439 struct sppp **q, *p, *sp = (struct sppp*) ifp; 440 441 /* Remove the entry from the keepalive list. */ 442 for (q = &spppq; (p = *q); q = &p->pp_next) 443 if (p == sp) { 444 *q = p->pp_next; 445 break; 446 } 447 448 /* Stop keepalive handler. */ 449 if (! spppq) 450 untimeout (sppp_keepalive, 0); 451 untimeout (sppp_cp_timeout, (caddr_t) sp); 452} 453 454/* 455 * Flush the interface output queue. 456 */ 457void sppp_flush (struct ifnet *ifp) 458{ 459 struct sppp *sp = (struct sppp*) ifp; 460 461 qflush (&sp->pp_if.if_snd); 462 qflush (&sp->pp_fastq); 463} 464 465/* 466 * Get next packet to send. 467 */ 468struct mbuf *sppp_dequeue (struct ifnet *ifp) 469{ 470 struct sppp *sp = (struct sppp*) ifp; 471 struct mbuf *m; 472 int s = splimp (); 473 474 IF_DEQUEUE (&sp->pp_fastq, m); 475 if (! m) 476 IF_DEQUEUE (&sp->pp_if.if_snd, m); 477 splx (s); 478 return (m); 479} 480 481/* 482 * Send keepalive packets, every 10 seconds. 483 */ 484void sppp_keepalive (caddr_t dummy1, int dummy2) 485{ 486 struct sppp *sp; 487 int s = splimp (); 488 489 for (sp=spppq; sp; sp=sp->pp_next) { 490 struct ifnet *ifp = &sp->pp_if; 491 492 if (! (sp->pp_flags & PP_KEEPALIVE) || 493 ! (ifp->if_flags & IFF_RUNNING) || 494 sp->lcp.state != LCP_STATE_OPENED) 495 continue; 496 497 if (sp->pp_alivecnt == MAXALIVECNT) { 498 /* No keepalive packets got. Stop the interface. */ 499 printf ("%s%d: down\n", ifp->if_name, ifp->if_unit); 500 if_down (ifp); 501 qflush (&sp->pp_fastq); 502 } 503 if (sp->pp_loopcnt >= MAXALIVECNT) 504 printf ("%s%d: loopback\n", ifp->if_name, ifp->if_unit); 505 506 if (sp->pp_alivecnt <= MAXALIVECNT) 507 ++sp->pp_alivecnt; 508 if (sp->pp_flags & PP_CISCO) 509 sppp_cisco_send (sp, CISCO_KEEPALIVE_REQ, ++sp->pp_seq, 510 sp->pp_rseq); 511 else if (sp->lcp.state == LCP_STATE_OPENED) { 512 long nmagic = htonl (sp->lcp.magic); 513 sp->lcp.lastid = ++sp->pp_seq; 514 sppp_cp_send (sp, PPP_LCP, LCP_ECHO_REQ, 515 sp->lcp.lastid, 4, &nmagic); 516 } 517 } 518 splx (s); 519 timeout (sppp_keepalive, 0, hz * 10); 520} 521 522/* 523 * Handle incoming PPP Link Control Protocol packets. 524 */ 525void sppp_lcp_input (struct sppp *sp, struct mbuf *m) 526{ 527 struct lcp_header *h; 528 struct ifnet *ifp = &sp->pp_if; 529 int len = m->m_pkthdr.len; 530 unsigned char *p; 531 532 if (len < 4) { 533 if (ifp->if_flags & IFF_DEBUG) 534 printf ("%s%d: invalid lcp packet length: %d bytes\n", 535 ifp->if_name, ifp->if_unit, len); 536 return; 537 } 538 h = mtod (m, struct lcp_header*); 539 if (ifp->if_flags & IFF_DEBUG) { 540 printf ("%s%d: lcp input: %d bytes <%s id=%xh len=%xh", 541 ifp->if_name, ifp->if_unit, len, 542 sppp_lcp_type_name (h->type), h->ident, ntohs (h->len)); 543 if (len > 4) 544 sppp_print_bytes ((unsigned char*) (h+1), len-4); 545 printf (">\n"); 546 } 547 if (len > ntohs (h->len)) 548 len = ntohs (h->len); 549 switch (h->type) { 550 default: 551 /* Unknown packet type -- send Code-Reject packet. */ 552 sppp_cp_send (sp, PPP_LCP, LCP_CODE_REJ, ++sp->pp_seq, len, h); 553 break; 554 case LCP_CONF_REQ: 555 if (len < 4) { 556 if (ifp->if_flags & IFF_DEBUG) 557 printf ("%s%d: invalid lcp configure request packet length: %d bytes\n", 558 ifp->if_name, ifp->if_unit, len); 559 return; 560 } 561 if (len>4 && sppp_lcp_conf_unknown_options (len-4, (unsigned char*) (h+1))) { 562 sppp_lcp_conf_rej (sp, h); 563 if (sp->lcp.state == LCP_STATE_OPENED) 564 /* Initiate renegotiation. */ 565 sppp_lcp_open (sp); 566 if (sp->lcp.state != LCP_STATE_ACK_RCVD) { 567 /* Go to closed state. */ 568 sp->lcp.state = LCP_STATE_CLOSED; 569 sp->ipcp.state = IPCP_STATE_CLOSED; 570 } 571 } else { 572 /* Extract remote magic number. */ 573 p = (unsigned char*) (h+1); 574 if (len>=10 && p[0] == LCP_OPT_MAGIC && p[1] >= 4) 575 sp->lcp.rmagic = (unsigned long)p[2] << 24 | 576 (unsigned long)p[3] << 16 | 577 p[4] << 8 | p[5]; 578 if (sp->lcp.rmagic == sp->lcp.magic) { 579 /* Local and remote magics are equal -- loop? */ 580 sp->lcp.rmagic = ~sp->lcp.magic; 581 /* Send Configure-Nack packet. */ 582 p[2] = sp->lcp.rmagic >> 24; 583 p[3] = sp->lcp.rmagic >> 16; 584 p[4] = sp->lcp.rmagic >> 8; 585 p[5] = sp->lcp.rmagic; 586 sppp_cp_send (sp, PPP_LCP, LCP_CONF_NAK, 587 h->ident, len-4, h+1); 588 if (sp->lcp.state != LCP_STATE_ACK_RCVD) { 589 /* Go to closed state. */ 590 sp->lcp.state = LCP_STATE_CLOSED; 591 sp->ipcp.state = IPCP_STATE_CLOSED; 592 } 593 } else { 594 /* Send Configure-Ack packet. */ 595 sp->pp_loopcnt = 0; 596 sppp_cp_send (sp, PPP_LCP, LCP_CONF_ACK, 597 h->ident, len-4, h+1); 598 if (sp->lcp.state == LCP_STATE_OPENED) 599 /* Initiate renegotiation. */ 600 sppp_lcp_open (sp); 601 /* Change the state. */ 602 if (sp->lcp.state == LCP_STATE_ACK_RCVD) { 603 sp->lcp.state = LCP_STATE_OPENED; 604 sppp_ipcp_open (sp); 605 } else 606 sp->lcp.state = LCP_STATE_ACK_SENT; 607 } 608 } 609 break; 610 case LCP_CONF_ACK: 611 if (h->ident != sp->pp_seq) 612 return; 613 untimeout (sppp_cp_timeout, (caddr_t) sp); 614 switch (sp->lcp.state) { 615 case LCP_STATE_CLOSED: 616 sp->lcp.state = LCP_STATE_ACK_RCVD; 617 break; 618 case LCP_STATE_ACK_SENT: 619 sp->lcp.state = LCP_STATE_OPENED; 620 sppp_ipcp_open (sp); 621 break; 622 case LCP_STATE_ACK_RCVD: 623 case LCP_STATE_OPENED: 624 /* Initiate renegotiation. */ 625 sppp_lcp_open (sp); 626 /* Go to closed state. */ 627 sp->lcp.state = LCP_STATE_CLOSED; 628 sp->ipcp.state = IPCP_STATE_CLOSED; 629 break; 630 } 631 break; 632 case LCP_CONF_NAK: 633 if (h->ident != sp->pp_seq) 634 return; 635 p = (unsigned char*) (h+1); 636 if (len>=10 && p[0] == LCP_OPT_MAGIC && p[1] >= 4) { 637 sp->lcp.rmagic = (unsigned long)p[2] << 24 | 638 (unsigned long)p[3] << 16 | 639 p[4] << 8 | p[5]; 640 if (sp->lcp.rmagic == ~sp->lcp.magic) { 641 if (ifp->if_flags & IFF_DEBUG) 642 printf ("%s%d: conf nak: magic glitch\n", 643 ifp->if_name, ifp->if_unit); 644 ++sp->pp_loopcnt; 645 sp->lcp.magic = time.tv_sec + time.tv_usec; 646 } 647 } 648 /* Fall through. */ 649 case LCP_CONF_REJ: 650 if (h->ident != sp->pp_seq) 651 return; 652 untimeout (sppp_cp_timeout, (caddr_t) sp); 653 /* Initiate renegotiation. */ 654 sppp_lcp_open (sp); 655 if (sp->lcp.state != LCP_STATE_ACK_SENT) { 656 /* Go to closed state. */ 657 sp->lcp.state = LCP_STATE_CLOSED; 658 sp->ipcp.state = IPCP_STATE_CLOSED; 659 } 660 break; 661 case LCP_TERM_REQ: 662 /* Send Terminate-Ack packet. */ 663 sppp_cp_send (sp, PPP_LCP, LCP_TERM_ACK, h->ident, 0, 0); 664 if (sp->lcp.state == LCP_STATE_OPENED) 665 /* Initiate renegotiation. */ 666 sppp_lcp_open (sp); 667 /* Go to closed state. */ 668 sp->lcp.state = LCP_STATE_CLOSED; 669 sp->ipcp.state = IPCP_STATE_CLOSED; 670 break; 671 case LCP_TERM_ACK: 672 if (h->ident != sp->pp_seq) 673 return; 674 if (sp->lcp.state == LCP_STATE_OPENED) 675 /* Initiate renegotiation. */ 676 sppp_lcp_open (sp); 677 if (sp->lcp.state != LCP_STATE_ACK_SENT) { 678 /* Go to closed state. */ 679 sp->lcp.state = LCP_STATE_CLOSED; 680 sp->ipcp.state = IPCP_STATE_CLOSED; 681 } 682 break; 683 case LCP_CODE_REJ: 684 case LCP_PROTO_REJ: 685 /* Ignore for now. */ 686 break; 687 case LCP_DISC_REQ: 688 /* Discard the packet. */ 689 break; 690 case LCP_ECHO_REQ: 691 if (len < 8) { 692 if (ifp->if_flags & IFF_DEBUG) 693 printf ("%s%d: invalid lcp echo request packet length: %d bytes\n", 694 ifp->if_name, ifp->if_unit, len); 695 return; 696 } 697 if (ntohl (*(long*)(h+1)) == sp->lcp.magic) { 698 if (ifp->if_flags & IFF_DEBUG) 699 printf ("%s%d: echo reply: magic glitch\n", 700 ifp->if_name, ifp->if_unit); 701 ++sp->pp_loopcnt; 702 } 703 *(long*)(h+1) = htonl (sp->lcp.magic); 704 sppp_cp_send (sp, PPP_LCP, LCP_ECHO_REPLY, h->ident, len-4, h+1); 705 break; 706 case LCP_ECHO_REPLY: 707 if (h->ident != sp->lcp.lastid) 708 return; 709 if (len < 8) { 710 if (ifp->if_flags & IFF_DEBUG) 711 printf ("%s%d: invalid lcp echo reply packet length: %d bytes\n", 712 ifp->if_name, ifp->if_unit, len); 713 return; 714 } 715 if (ntohl (*(long*)(h+1)) == sp->lcp.magic) 716 return; 717 if (! (ifp->if_flags & IFF_UP) && 718 (ifp->if_flags & IFF_RUNNING)) { 719 ifp->if_flags |= IFF_UP; 720 printf ("%s%d: up\n", ifp->if_name, ifp->if_unit); 721 } 722 sp->pp_alivecnt = 0; 723 break; 724 } 725} 726 727/* 728 * Handle incoming Cisco keepalive protocol packets. 729 */ 730void sppp_cisco_input (struct sppp *sp, struct mbuf *m) 731{ 732 struct cisco_packet *h; 733 struct ifaddr *ifa; 734 struct ifnet *ifp = &sp->pp_if; 735 736 if (m->m_pkthdr.len != CISCO_PACKET_LEN) { 737 if (ifp->if_flags & IFF_DEBUG) 738 printf ("%s%d: invalid cisco packet length: %d bytes\n", 739 ifp->if_name, ifp->if_unit, m->m_pkthdr.len); 740 return; 741 } 742 h = mtod (m, struct cisco_packet*); 743 if (ifp->if_flags & IFF_DEBUG) 744 printf ("%s%d: cisco input: %d bytes <%xh %xh %xh %xh %xh-%xh>\n", 745 ifp->if_name, ifp->if_unit, m->m_pkthdr.len, 746 ntohl (h->type), h->par1, h->par2, h->rel, 747 h->time0, h->time1); 748 switch (ntohl (h->type)) { 749 default: 750 if (ifp->if_flags & IFF_DEBUG) 751 printf ("%s%d: unknown cisco packet type: 0x%x\n", 752 ifp->if_name, ifp->if_unit, ntohl (h->type)); 753 break; 754 case CISCO_ADDR_REPLY: 755 /* Reply on address request, ignore */ 756 break; 757 case CISCO_KEEPALIVE_REQ: 758 if (! (ifp->if_flags & IFF_UP) && 759 (ifp->if_flags & IFF_RUNNING)) { 760 ifp->if_flags |= IFF_UP; 761 printf ("%s%d: up\n", ifp->if_name, ifp->if_unit); 762 } 763 sp->pp_alivecnt = 0; 764 sp->pp_rseq = ntohl (h->par1); 765 if (sp->pp_seq == sp->pp_rseq) { 766 /* Local and remote sequence numbers are equal. 767 * Probably, the line is in loopback mode. */ 768 ++sp->pp_loopcnt; 769 770 /* Generate new local sequence number */ 771 sp->pp_seq ^= time.tv_sec ^ time.tv_usec; 772 } else 773 sp->pp_loopcnt = 0; 774 break; 775 case CISCO_ADDR_REQ: 776 for (ifa=ifp->if_addrlist; ifa; ifa=ifa->ifa_next) 777 if (ifa->ifa_addr->sa_family == AF_INET) 778 break; 779 if (! ifa) { 780 if (ifp->if_flags & IFF_DEBUG) 781 printf ("%s%d: unknown address for cisco request\n", 782 ifp->if_name, ifp->if_unit); 783 return; 784 } 785 sppp_cisco_send (sp, CISCO_ADDR_REPLY, 786 ntohl (((struct sockaddr_in*)ifa->ifa_addr)->sin_addr.s_addr), 787 ntohl (((struct sockaddr_in*)ifa->ifa_netmask)->sin_addr.s_addr)); 788 break; 789 } 790} 791 792/* 793 * Send PPP LCP packet. 794 */ 795void sppp_cp_send (struct sppp *sp, unsigned short proto, unsigned char type, 796 unsigned char ident, unsigned short len, void *data) 797{ 798 struct ppp_header *h; 799 struct lcp_header *lh; 800 struct mbuf *m; 801 struct ifnet *ifp = &sp->pp_if; 802 803 if (len > MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN) 804 len = MHLEN - PPP_HEADER_LEN - LCP_HEADER_LEN; 805 MGETHDR (m, M_DONTWAIT, MT_DATA); 806 if (! m) 807 return; 808 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + LCP_HEADER_LEN + len; 809 m->m_pkthdr.rcvif = 0; 810 811 h = mtod (m, struct ppp_header*); 812 h->address = PPP_ALLSTATIONS; /* broadcast address */ 813 h->control = PPP_UI; /* Unnumbered Info */ 814 h->protocol = htons (proto); /* Link Control Protocol */ 815 816 lh = (struct lcp_header*) (h + 1); 817 lh->type = type; 818 lh->ident = ident; 819 lh->len = htons (LCP_HEADER_LEN + len); 820 if (len) 821 bcopy (data, lh+1, len); 822 823 if (ifp->if_flags & IFF_DEBUG) { 824 printf ("%s%d: %s output <%s id=%xh len=%xh", 825 ifp->if_name, ifp->if_unit, 826 proto==PPP_LCP ? "lcp" : "ipcp", 827 proto==PPP_LCP ? sppp_lcp_type_name (lh->type) : 828 sppp_ipcp_type_name (lh->type), lh->ident, 829 ntohs (lh->len)); 830 if (len) 831 sppp_print_bytes ((unsigned char*) (lh+1), len); 832 printf (">\n"); 833 } 834 if (IF_QFULL (&sp->pp_fastq)) { 835 IF_DROP (&ifp->if_snd); 836 m_freem (m); 837 } else 838 IF_ENQUEUE (&sp->pp_fastq, m); 839 if (! (ifp->if_flags & IFF_OACTIVE)) 840 (*ifp->if_start) (ifp); 841 ifp->if_obytes += m->m_pkthdr.len + 3; 842} 843 844/* 845 * Send Cisco keepalive packet. 846 */ 847void sppp_cisco_send (struct sppp *sp, int type, long par1, long par2) 848{ 849 struct ppp_header *h; 850 struct cisco_packet *ch; 851 struct mbuf *m; 852 struct ifnet *ifp = &sp->pp_if; 853 unsigned long t = (time.tv_sec - boottime.tv_sec) * 1000; 854 855 MGETHDR (m, M_DONTWAIT, MT_DATA); 856 if (! m) 857 return; 858 m->m_pkthdr.len = m->m_len = PPP_HEADER_LEN + CISCO_PACKET_LEN; 859 m->m_pkthdr.rcvif = 0; 860 861 h = mtod (m, struct ppp_header*); 862 h->address = CISCO_MULTICAST; 863 h->control = 0; 864 h->protocol = htons (CISCO_KEEPALIVE); 865 866 ch = (struct cisco_packet*) (h + 1); 867 ch->type = htonl (type); 868 ch->par1 = htonl (par1); 869 ch->par2 = htonl (par2); 870 ch->rel = -1; 871 ch->time0 = htons ((unsigned short) (t >> 16)); 872 ch->time1 = htons ((unsigned short) t); 873 874 if (ifp->if_flags & IFF_DEBUG) 875 printf ("%s%d: cisco output: <%xh %xh %xh %xh %xh-%xh>\n", 876 ifp->if_name, ifp->if_unit, ntohl (ch->type), ch->par1, 877 ch->par2, ch->rel, ch->time0, ch->time1); 878 879 if (IF_QFULL (&sp->pp_fastq)) { 880 IF_DROP (&ifp->if_snd); 881 m_freem (m); 882 } else 883 IF_ENQUEUE (&sp->pp_fastq, m); 884 if (! (ifp->if_flags & IFF_OACTIVE)) 885 (*ifp->if_start) (ifp); 886 ifp->if_obytes += m->m_pkthdr.len + 3; 887} 888 889/* 890 * Process an ioctl request. Called on low priority level. 891 */ 892int sppp_ioctl (struct ifnet *ifp, int cmd, caddr_t data) 893{ 894 struct ifreq *ifr = (struct ifreq*) data; 895 struct sppp *sp; 896 int s; 897 898 switch (cmd) { 899 default: 900 return (EINVAL); 901 902 case SIOCSIFADDR: 903 case SIOCAIFADDR: 904 case SIOCSIFDSTADDR: 905 break; 906 907 case SIOCSIFFLAGS: 908 s = splimp (); 909 if (! (ifp->if_flags & IFF_UP) && (ifp->if_flags & IFF_RUNNING)) { 910 /* Interface is stopping. */ 911 sp = (struct sppp*) ifp; 912 sp->lcp.state = LCP_STATE_CLOSED; 913 sp->ipcp.state = IPCP_STATE_CLOSED; 914 sppp_cp_send (sp, PPP_LCP, LCP_TERM_REQ, ++sp->pp_seq, 915 0, 0); 916 } else if ((ifp->if_flags & IFF_UP) && ! (ifp->if_flags & IFF_RUNNING)) { 917 /* Interface is starting. */ 918 sp = (struct sppp*) ifp; 919 sp->lcp.state = LCP_STATE_CLOSED; 920 sp->ipcp.state = IPCP_STATE_CLOSED; 921 sppp_lcp_open (sp); 922 } 923 splx (s); 924 break; 925 926#ifdef SIOCSIFMTU 927#ifndef ifr_mtu 928#define ifr_mtu ifr_metric 929#endif 930 case SIOCSIFMTU: 931 if (ifr->ifr_mtu < 128 || ifr->ifr_mtu > PP_MTU) 932 return (EINVAL); 933 ifp->if_mtu = ifr->ifr_mtu; 934 break; 935#endif 936#ifdef SLIOCSETMTU 937 case SLIOCSETMTU: 938 if (*(short*)data < 128 || *(short*)data > PP_MTU) 939 return (EINVAL); 940 ifp->if_mtu = *(short*)data; 941 break; 942#endif 943#ifdef SIOCGIFMTU 944 case SIOCGIFMTU: 945 ifr->ifr_mtu = ifp->if_mtu; 946 break; 947#endif 948#ifdef SLIOCGETMTU 949 case SLIOCGETMTU: 950 *(short*)data = ifp->if_mtu; 951 break; 952#endif 953#ifdef MULTICAST 954 case SIOCADDMULTI: 955 case SIOCDELMULTI: 956 break; 957#endif 958 } 959 return (0); 960} 961 962int sppp_lcp_conf_unknown_options (int len, unsigned char *p) 963{ 964 /* Analyze the LCP Configure-Request options list 965 * for the presence of unknown options. */ 966 while (len > 0) { 967 if (*p != LCP_OPT_MAGIC) 968 return (1); 969 len -= p[1]; 970 p += p[1]; 971 } 972 return (0); 973} 974 975void sppp_lcp_conf_rej (struct sppp *sp, struct lcp_header *h) 976{ 977 /* The LCP Configure-Request contains unknown options. 978 * Send Configure-reject packet, containing only unknown options. */ 979 unsigned char buf [PP_MTU], *r = buf, *p = (void*) (h+1); 980 unsigned rlen = 0, len = h->len - 4; 981 982 while (len > 0) { 983 if (*p != LCP_OPT_MAGIC) { 984 bcopy (p, r, p[1]); 985 r += p[1]; 986 } 987 len -= p[1]; 988 p += p[1]; 989 } 990 sppp_cp_send (sp, PPP_LCP, LCP_CONF_REJ, h->ident, rlen, buf); 991} 992 993void sppp_ipcp_input (struct sppp *sp, struct mbuf *m) 994{ 995 struct lcp_header *h; 996 struct ifnet *ifp = &sp->pp_if; 997 int len = m->m_pkthdr.len; 998 999 if (len < 4) { 1000 /* if (ifp->if_flags & IFF_DEBUG) */ 1001 printf ("%s%d: invalid ipcp packet length: %d bytes\n", 1002 ifp->if_name, ifp->if_unit, len); 1003 return; 1004 } 1005 h = mtod (m, struct lcp_header*); 1006 if (ifp->if_flags & IFF_DEBUG) { 1007 printf ("%s%d: ipcp input: %d bytes <%s id=%xh len=%xh", 1008 ifp->if_name, ifp->if_unit, len, 1009 sppp_ipcp_type_name (h->type), h->ident, ntohs (h->len)); 1010 if (len > 4) 1011 sppp_print_bytes ((unsigned char*) (h+1), len-4); 1012 printf (">\n"); 1013 } 1014 if (len > ntohs (h->len)) 1015 len = ntohs (h->len); 1016 switch (h->type) { 1017 default: 1018 /* Unknown packet type -- send Code-Reject packet. */ 1019 sppp_cp_send (sp, PPP_IPCP, IPCP_CODE_REJ, ++sp->pp_seq, len, h); 1020 break; 1021 case IPCP_CONF_REQ: 1022 if (len < 4) { 1023 if (ifp->if_flags & IFF_DEBUG) 1024 printf ("%s%d: invalid ipcp configure request packet length: %d bytes\n", 1025 ifp->if_name, ifp->if_unit, len); 1026 return; 1027 } 1028 if (len > 4) { 1029 sppp_cp_send (sp, PPP_IPCP, LCP_CONF_REJ, h->ident, 1030 len-4, h+1); 1031 if (sp->lcp.state == LCP_STATE_OPENED && 1032 sp->ipcp.state == IPCP_STATE_OPENED) 1033 /* Initiate renegotiation. */ 1034 sppp_ipcp_open (sp); 1035 if (sp->ipcp.state != IPCP_STATE_ACK_RCVD) 1036 /* Go to closed state. */ 1037 sp->ipcp.state = IPCP_STATE_CLOSED; 1038 } else { 1039 /* Send Configure-Ack packet. */ 1040 sppp_cp_send (sp, PPP_IPCP, IPCP_CONF_ACK, h->ident, 1041 0, 0); 1042 if (sp->lcp.state == LCP_STATE_OPENED && 1043 sp->ipcp.state == IPCP_STATE_OPENED) 1044 /* Initiate renegotiation. */ 1045 sppp_ipcp_open (sp); 1046 /* Change the state. */ 1047 sp->ipcp.state = (sp->ipcp.state == IPCP_STATE_ACK_RCVD) ? 1048 IPCP_STATE_OPENED : IPCP_STATE_ACK_SENT; 1049 } 1050 break; 1051 case IPCP_CONF_ACK: 1052 untimeout (sppp_cp_timeout, (caddr_t) sp); 1053 switch (sp->ipcp.state) { 1054 case IPCP_STATE_CLOSED: 1055 sp->ipcp.state = IPCP_STATE_ACK_RCVD; 1056 break; 1057 case IPCP_STATE_ACK_SENT: 1058 sp->ipcp.state = IPCP_STATE_OPENED; 1059 break; 1060 case IPCP_STATE_ACK_RCVD: 1061 case IPCP_STATE_OPENED: 1062 if (sp->lcp.state == LCP_STATE_OPENED) 1063 /* Initiate renegotiation. */ 1064 sppp_ipcp_open (sp); 1065 /* Go to closed state. */ 1066 sp->ipcp.state = IPCP_STATE_CLOSED; 1067 break; 1068 } 1069 break; 1070 case IPCP_CONF_NAK: 1071 case IPCP_CONF_REJ: 1072 untimeout (sppp_cp_timeout, (caddr_t) sp); 1073 /* Initiate renegotiation. */ 1074 sppp_ipcp_open (sp); 1075 if (sp->lcp.state == LCP_STATE_OPENED) 1076 /* Initiate renegotiation. */ 1077 sppp_ipcp_open (sp); 1078 if (sp->ipcp.state != IPCP_STATE_ACK_SENT) 1079 /* Go to closed state. */ 1080 sp->ipcp.state = IPCP_STATE_CLOSED; 1081 break; 1082 case IPCP_TERM_REQ: 1083 /* Send Terminate-Ack packet. */ 1084 sppp_cp_send (sp, PPP_IPCP, IPCP_TERM_ACK, h->ident, 0, 0); 1085 if (sp->lcp.state == LCP_STATE_OPENED && 1086 sp->ipcp.state == IPCP_STATE_OPENED) 1087 /* Initiate renegotiation. */ 1088 sppp_ipcp_open (sp); 1089 /* Go to closed state. */ 1090 sp->ipcp.state = IPCP_STATE_CLOSED; 1091 break; 1092 case IPCP_TERM_ACK: 1093 if (sp->lcp.state == LCP_STATE_OPENED && 1094 sp->ipcp.state == IPCP_STATE_OPENED) 1095 /* Initiate renegotiation. */ 1096 sppp_ipcp_open (sp); 1097 if (sp->ipcp.state != IPCP_STATE_ACK_SENT) 1098 /* Go to closed state. */ 1099 sp->ipcp.state = IPCP_STATE_CLOSED; 1100 break; 1101 case IPCP_CODE_REJ: 1102 /* Ignore for now. */ 1103 break; 1104 } 1105} 1106 1107void sppp_lcp_open (struct sppp *sp) 1108{ 1109 char opt[6]; 1110 1111 /* Make new magic number. */ 1112 sp->lcp.magic = time.tv_sec + time.tv_usec; 1113 opt[0] = LCP_OPT_MAGIC; 1114 opt[1] = sizeof (opt); 1115 opt[2] = sp->lcp.magic >> 24; 1116 opt[3] = sp->lcp.magic >> 16; 1117 opt[4] = sp->lcp.magic >> 8; 1118 opt[5] = sp->lcp.magic; 1119 sppp_cp_send (sp, PPP_LCP, LCP_CONF_REQ, ++sp->pp_seq, 1120 sizeof (opt), &opt); 1121 timeout (sppp_cp_timeout, (caddr_t) sp, hz * 5); 1122} 1123 1124void sppp_ipcp_open (struct sppp *sp) 1125{ 1126 sppp_cp_send (sp, PPP_IPCP, IPCP_CONF_REQ, ++sp->pp_seq, 0, 0); 1127 timeout (sppp_cp_timeout, (caddr_t) sp, hz * 5); 1128} 1129 1130/* 1131 * Process PPP control protocol timeouts. 1132 */ 1133void sppp_cp_timeout (caddr_t arg, int dummy) 1134{ 1135 struct sppp *sp = (struct sppp*) arg; 1136 struct ifnet *ifp = &sp->pp_if; 1137 int s = splimp (); 1138 1139 switch (sp->lcp.state) { 1140 case LCP_STATE_CLOSED: 1141 /* No ACK for Configure-Request, retry. */ 1142 sppp_lcp_open (sp); 1143 break; 1144 case LCP_STATE_ACK_RCVD: 1145 /* ACK got, but no Configure-Request for peer, retry. */ 1146 sppp_lcp_open (sp); 1147 sp->lcp.state = LCP_STATE_CLOSED; 1148 break; 1149 case LCP_STATE_ACK_SENT: 1150 /* ACK sent but no ACK for Configure-Request, retry. */ 1151 sppp_lcp_open (sp); 1152 break; 1153 case LCP_STATE_OPENED: 1154 /* LCP is already OK, try IPCP. */ 1155 switch (sp->ipcp.state) { 1156 case IPCP_STATE_CLOSED: 1157 /* No ACK for Configure-Request, retry. */ 1158 sppp_ipcp_open (sp); 1159 break; 1160 case IPCP_STATE_ACK_RCVD: 1161 /* ACK got, but no Configure-Request for peer, retry. */ 1162 sppp_ipcp_open (sp); 1163 sp->ipcp.state = IPCP_STATE_CLOSED; 1164 break; 1165 case IPCP_STATE_ACK_SENT: 1166 /* ACK sent but no ACK for Configure-Request, retry. */ 1167 sppp_ipcp_open (sp); 1168 break; 1169 case IPCP_STATE_OPENED: 1170 /* IPCP is OK. */ 1171 break; 1172 } 1173 break; 1174 } 1175 splx (s); 1176} 1177 1178char *sppp_lcp_type_name (unsigned char type) 1179{ 1180 static char buf [8]; 1181 switch (type) { 1182 case LCP_CONF_REQ: return ("conf-req"); 1183 case LCP_CONF_ACK: return ("conf-ack"); 1184 case LCP_CONF_NAK: return ("conf-nack"); 1185 case LCP_CONF_REJ: return ("conf-rej"); 1186 case LCP_TERM_REQ: return ("term-req"); 1187 case LCP_TERM_ACK: return ("term-ack"); 1188 case LCP_CODE_REJ: return ("code-rej"); 1189 case LCP_PROTO_REJ: return ("proto-rej"); 1190 case LCP_ECHO_REQ: return ("echo-req"); 1191 case LCP_ECHO_REPLY: return ("echo-reply"); 1192 case LCP_DISC_REQ: return ("discard-req"); 1193 } 1194 sprintf (buf, "%xh", type); 1195 return (buf); 1196} 1197 1198char *sppp_ipcp_type_name (unsigned char type) 1199{ 1200 static char buf [8]; 1201 switch (type) { 1202 case IPCP_CONF_REQ: return ("conf-req"); 1203 case IPCP_CONF_ACK: return ("conf-ack"); 1204 case IPCP_CONF_NAK: return ("conf-nack"); 1205 case IPCP_CONF_REJ: return ("conf-rej"); 1206 case IPCP_TERM_REQ: return ("term-req"); 1207 case IPCP_TERM_ACK: return ("term-ack"); 1208 case IPCP_CODE_REJ: return ("code-rej"); 1209 } 1210 sprintf (buf, "%xh", type); 1211 return (buf); 1212} 1213 1214void sppp_print_bytes (unsigned char *p, unsigned short len) 1215{ 1216 printf (" %x", *p++); 1217 while (--len > 0) 1218 printf ("-%x", *p++); 1219} 1220