3287f3dfaef989109128057bd829d51f30b093fe
[l2tpns.git] / ppp.c
1 // L2TPNS PPP Stuff
2
3 char const *cvs_id_ppp = "$Id: ppp.c,v 1.9 2004/08/02 03:38:01 fred_nerk Exp $";
4
5 #include <stdio.h>
6 #include <string.h>
7 #include <unistd.h>
8 #include <errno.h>
9 #include <stdlib.h>
10 #include "l2tpns.h"
11 #include "constants.h"
12 #include "plugin.h"
13 #include "util.h"
14 #include "tbf.h"
15 #include "cluster.h"
16
17 extern tunnelt *tunnel;
18 extern sessiont *session;
19 extern radiust *radius;
20 extern int tunfd;
21 extern char hostname[];
22 extern u32 eth_tx;
23 extern time_t time_now;
24 extern struct configt *config;
25
26 // Process PAP messages
27 void processpap(tunnelidt t, sessionidt s, u8 * p, u16 l)
28 {
29 char user[129];
30 char pass[129];
31
32
33 CSTAT(call_processpap);
34
35 log_hex(5, "PAP", p, l);
36 if (l < 4)
37 {
38 log(1, 0, s, t, "Short PAP %u bytes\n", l);
39 STAT(tunnel_rx_errors);
40 return ;
41 }
42 if (*p != 1)
43 {
44 log(1, 0, s, t, "Unexpected PAP code %d\n", *p);
45 STAT(tunnel_rx_errors);
46 return ;
47 }
48 if (ntohs(*(u16 *) (p + 2)) > l)
49 {
50 log(1, 0, s, t, "Length mismatch PAP %d/%d\n", ntohs(*(u16 *) (p + 2)), l);
51 STAT(tunnel_rx_errors);
52 return ;
53 }
54 {
55 u8 *b = p;
56 b += 4;
57 if (*b && *b < sizeof(user))
58 memcpy(user, b + 1, *b);
59 user[*b] = 0;
60 b += 1 + *b;
61 if (*b && *b < sizeof(pass))
62 memcpy(pass, b + 1, *b);
63 pass[*b] = 0;
64 log(3, 0, s, t, "PAP login %s/%s\n", user, pass);
65 }
66 if (session[s].ip || !session[s].radius)
67 {
68 // respond now, either no RADIUS available or already authenticated
69 u8 b[MAXCONTROL];
70 u8 id = p[1];
71 u8 *p = makeppp(b, sizeof(b), 0, 0, t, s, PPPPAP);
72 if (!p) { // Failed to make ppp header!
73 log(1,0,0,0, "Failed to make PPP header in process pap!\n");
74 return;
75 }
76 if (session[s].ip)
77 *p = 2; // ACK
78 else
79 *p = 3; // cant authorise
80 p[1] = id;
81 *(u16 *) (p + 2) = htons(5); // length
82 p[4] = 0; // no message
83 if (session[s].ip)
84 {
85 log(3, session[s].ip, s, t, "%d Already an IP allocated: %s (%d)\n", getpid(), inet_toa(htonl(session[s].ip)), session[s].ip_pool_index);
86 }
87 else
88 {
89 log(1, 0, s, t, "No radius session available to authenticate session...\n");
90 }
91 log(3, 0, s, t, "Fallback response to PAP (%s)\n", (session[s].ip) ? "ACK" : "NAK");
92 tunnelsend(b, 5 + (p - b), t); // send it
93 }
94 else
95 { // set up RADIUS request
96 u16 r = session[s].radius;
97
98 // Run PRE_AUTH plugins
99 struct param_pre_auth packet = { &tunnel[t], &session[s], strdup(user), strdup(pass), PPPPAP, 1 };
100 run_plugins(PLUGIN_PRE_AUTH, &packet);
101 if (!packet.continue_auth)
102 {
103 log(3, 0, s, t, "A plugin rejected PRE_AUTH\n");
104 if (packet.username) free(packet.username);
105 if (packet.password) free(packet.password);
106 return;
107 }
108
109 strncpy(session[s].user, packet.username, sizeof(session[s].user) - 1);
110 strncpy(radius[r].pass, packet.password, sizeof(radius[r].pass) - 1);
111
112 free(packet.username);
113 free(packet.password);
114
115 radius[r].id = p[1];
116 log(3, 0, s, t, "Sending login for %s/%s to radius\n", user, pass);
117 radiussend(r, RADIUSAUTH);
118 }
119 }
120
121 // Process CHAP messages
122 void processchap(tunnelidt t, sessionidt s, u8 * p, u16 l)
123 {
124 u16 r;
125 u16 len;
126
127
128 CSTAT(call_processchap);
129
130 log_hex(5, "CHAP", p, l);
131 r = session[s].radius;
132 if (!r)
133 {
134 log(1, 0, s, t, "Unexpected CHAP message\n");
135
136 // FIXME: Need to drop the session here.
137
138 STAT(tunnel_rx_errors);
139 return;
140 }
141 if (*p != 2)
142 {
143 log(1, 0, s, t, "Unexpected CHAP response code %d\n", *p);
144 STAT(tunnel_rx_errors);
145 return;
146 }
147 if (p[1] != radius[r].id)
148 {
149 log(1, 0, s, t, "Wrong CHAP response ID %d (should be %d) (%d)\n", p[1], radius[r].id, r);
150 STAT(tunnel_rx_errors);
151 return ;
152 }
153 len = ntohs(*(u16 *) (p + 2));
154 if (len > l)
155 {
156 log(1, 0, s, t, "Bad CHAP length %d\n", len);
157 STAT(tunnel_rx_errors);
158 return ;
159 }
160 if (p[4] != 16)
161 {
162 log(1, 0, s, t, "Bad CHAP response length %d\n", p[4]);
163 STAT(tunnel_rx_errors);
164 return ;
165 }
166 if (len - 21 >= sizeof(session[s].user))
167 {
168 log(1, 0, s, t, "CHAP user too long %d\n", len - 21);
169 STAT(tunnel_rx_errors);
170 return ;
171 }
172
173 // Run PRE_AUTH plugins
174 {
175 struct param_pre_auth packet = { &tunnel[t], &session[s], NULL, NULL, PPPCHAP, 1 };
176
177 packet.username = calloc(len-20, 1);
178 packet.password = calloc(16, 1);
179 memcpy(packet.username, p + 21, len - 21);
180 memcpy(packet.password, p + 5, 16);
181
182 run_plugins(PLUGIN_PRE_AUTH, &packet);
183 if (!packet.continue_auth)
184 {
185 log(3, 0, s, t, "A plugin rejected PRE_AUTH\n");
186 if (packet.username) free(packet.username);
187 if (packet.password) free(packet.password);
188 return;
189 }
190
191 strncpy(session[s].user, packet.username, sizeof(session[s].user) - 1);
192 memcpy(radius[r].pass, packet.password, 16);
193
194 free(packet.username);
195 free(packet.password);
196 }
197
198 radius[r].chap = 1;
199 log(3, 0, s, t, "CHAP login %s\n", session[s].user);
200 radiussend(r, RADIUSAUTH);
201 }
202
203 char *ppp_lcp_types[] = {
204 NULL,
205 "ConfigReq",
206 "ConfigAck",
207 "ConfigNak",
208 "ConfigRej",
209 "TerminateReq",
210 "TerminateAck",
211 "CodeRej",
212 "ProtocolRej",
213 "EchoReq",
214 "EchoReply",
215 "DiscardRequest",
216 };
217
218 void dumplcp(u8 *p, int l)
219 {
220 signed int x = l - 4;
221 u8 *o = (p + 4);
222
223 log_hex(5, "PPP LCP Packet", p, l);
224 log(4, 0, 0, 0, "PPP LCP Packet type %d (%s len %d)\n", *p, ppp_lcp_types[(int)*p], ntohs( ((u16 *) p)[1]) );
225 log(4, 0, 0, 0, "Length: %d\n", l);
226 if (*p != ConfigReq && *p != ConfigRej && *p != ConfigAck)
227 return;
228
229 while (x > 2)
230 {
231 int type = o[0];
232 int length = o[1];
233 if (length < 2)
234 {
235 log(4, 0, 0, 0, " Option length is %d...\n", length);
236 break;
237 }
238 if (type == 0)
239 {
240 log(4, 0, 0, 0, " Option type is 0...\n");
241 x -= length;
242 o += length;
243 continue;
244 }
245 switch (type)
246 {
247 case 1: // Maximum-Receive-Unit
248 if (length == 4)
249 log(4, 0, 0, 0, " %s %d\n", lcp_types[type], ntohs(*(u16 *)(o + 2)));
250 else
251 log(4, 0, 0, 0, " %s odd length %d\n", lcp_types[type], length);
252 break;
253 case 3: // Authentication-Protocol
254 {
255 if (length == 4)
256 {
257 int proto = ntohs(*(u16 *)(o + 2));
258 log(4, 0, 0, 0, " %s 0x%x (%s)\n", lcp_types[type], proto,
259 proto == 0xC223 ? "CHAP" :
260 proto == 0xC023 ? "PAP" : "UNKNOWN");
261 }
262 else
263 log(4, 0, 0, 0, " %s odd length %d\n", lcp_types[type], length);
264 break;
265 }
266 case 4: // Quality-Protocol
267 {
268 u32 qp = ntohl(*(u32 *)(o + 2));
269 log(4, 0, 0, 0, " %s %x\n", lcp_types[type], qp);
270 break;
271 }
272 case 5: // Magic-Number
273 {
274 if (length == 6)
275 {
276 u32 magicno = ntohl(*(u32 *)(o + 2));
277 log(4, 0, 0, 0, " %s %x\n", lcp_types[type], magicno);
278 }
279 else
280 log(4, 0, 0, 0, " %s odd length %d\n", lcp_types[type], length);
281 break;
282 }
283 case 7: // Protocol-Field-Compression
284 {
285 log(4, 0, 0, 0, " %s\n", lcp_types[type]);
286 break;
287 }
288 case 8: // Address-And-Control-Field-Compression
289 {
290 log(4, 0, 0, 0, " %s\n", lcp_types[type]);
291 break;
292 }
293 default:
294 log(2, 0, 0, 0, " Unknown PPP LCP Option type %d\n", type);
295 break;
296 }
297 x -= length;
298 o += length;
299 }
300 }
301
302 // Process LCP messages
303 void processlcp(tunnelidt t, sessionidt s, u8 * p, u16 l)
304 {
305 u8 b[MAXCONTROL];
306 u8 *q = NULL;
307
308
309 CSTAT(call_processlcp);
310
311 log_hex(5, "LCP", p, l);
312 if (l < 4)
313 {
314 log(1, session[s].ip, s, t, "Short LCP %d bytes\n", l);
315 STAT(tunnel_rx_errors);
316 return ;
317 }
318 if (*p == ConfigAck)
319 {
320 log(3, session[s].ip, s, t, "LCP: Discarding ConfigAck\n");
321 session[s].flags |= SESSIONLCPACK;
322 }
323 else if (*p == ConfigReq)
324 {
325 signed int x = l - 4;
326 u8 *o = (p + 4);
327
328 log(3, session[s].ip, s, t, "LCP: ConfigReq (%d bytes)...\n", l);
329 dumplcp(p, l);
330
331 while (x > 2)
332 {
333 int type = o[0];
334 int length = o[1];
335 if (length == 0 || type == 0) break;
336 switch (type)
337 {
338 case 1: // Maximum-Receive-Unit
339 session[s].mru = ntohs(*(u16 *)(o + 2));
340 break;
341 case 3: // Authentication-Protocol
342 {
343 int proto = ntohs(*(u16 *)(o + 2));
344 if (proto == 0xC223)
345 {
346 log(2, session[s].ip, s, t, " Remote end is trying to do CHAP. Rejecting it.\n");
347
348 if (!q)
349 {
350 q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP);
351 if (!q) {
352 log(2, session[s].ip, s, t, " Failed to send packet.\n");
353 break;
354 }
355 *q++ = ConfigNak;
356 }
357 memcpy(q, o, length);
358 *(u16 *)(q += 2) = htons(0xC023); // NAK -> Use PAP instead
359 q += length;
360 }
361 break;
362 }
363 case 5: // Magic-Number
364 {
365 // u32 magicno = ntohl(*(u32 *)(o + 2));
366 break;
367 }
368 case 4: // Quality-Protocol
369 {
370 // u32 qp = ntohl(*(u32 *)(o + 2));
371 break;
372 }
373 case 7: // Protocol-Field-Compression
374 {
375 // u32 pfc = ntohl(*(u32 *)(o + 2));
376 break;
377 }
378 case 8: // Address-And-Control-Field-Compression
379 {
380 // u32 afc = ntohl(*(u32 *)(o + 2));
381 break;
382 }
383 default:
384 log(2, session[s].ip, s, t, " Unknown PPP LCP Option type %d\n", type);
385 break;
386 }
387 x -= length;
388 o += length;
389 }
390
391 if (!q)
392 {
393 // Send back a ConfigAck
394 log(3, session[s].ip, s, t, "ConfigReq accepted, sending as Ack\n");
395 q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP);
396 if (!q) {
397 log(3, session[s].ip, s, t, " failed to create packet.\n");
398 return;
399 }
400 *q = ConfigAck;
401 tunnelsend(b, l + (q - b), t);
402 }
403 else
404 {
405 // Already built a ConfigNak... send it
406 log(3, session[s].ip, s, t, "Sending ConfigNak\n");
407 tunnelsend(b, l + (q - b), t);
408 }
409
410 if (!(session[s].flags & SESSIONLCPACK))
411 initlcp(t, s);
412 }
413 else if (*p == ConfigNak)
414 {
415 log(1, session[s].ip, s, t, "Remote end sent a ConfigNak. Ignoring\n");
416 dumplcp(p, l);
417 return ;
418 }
419 else if (*p == TerminateReq)
420 {
421 *p = TerminateAck; // close
422 q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP);
423 if (!q) {
424 log(3, session[s].ip, s, t, "Failed to create PPP packet in processlcp.\n");
425 return;
426 }
427 log(3, session[s].ip, s, t, "LCP: Received TerminateReq. Sending TerminateAck\n");
428 sessionshutdown(s, "Remote end closed connection.");
429 tunnelsend(b, l + (q - b), t); // send it
430 }
431 else if (*p == TerminateAck)
432 {
433 sessionshutdown(s, "Connection closed.");
434 }
435 else if (*p == EchoReq)
436 {
437 *p = EchoReply; // reply
438 *(u32 *) (p + 4) = htonl(session[s].magic); // our magic number
439 q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP);
440 if (!q) {
441 log(3, session[s].ip, s, t, " failed to send EchoReply.\n");
442 return;
443 }
444 log(5, session[s].ip, s, t, "LCP: Received EchoReq. Sending EchoReply\n");
445 tunnelsend(b, l + (q - b), t); // send it
446 }
447 else if (*p == EchoReply)
448 {
449 // Ignore it, last_packet time is set earlier than this.
450 }
451 else
452 {
453 log(1, session[s].ip, s, t, "Unexpected LCP code %d\n", *p);
454 STAT(tunnel_rx_errors);
455 return ;
456 }
457 }
458
459 // Process IPCP messages
460 void processipcp(tunnelidt t, sessionidt s, u8 * p, u16 l)
461 {
462
463 CSTAT(call_processipcp);
464
465 log_hex(5, "IPCP", p, l);
466 if (l < 5)
467 {
468 log(1, 0, s, t, "Short IPCP %d bytes\n", l);
469 STAT(tunnel_rx_errors);
470 return ;
471 }
472 if (*p == ConfigAck)
473 { // happy with our IPCP
474 u16 r = session[s].radius;
475 if ((!r || radius[r].state == RADIUSIPCP) && !session[s].walled_garden) {
476 if (!r)
477 r = radiusnew(s);
478 if (r)
479 radiussend(r, RADIUSSTART); // send radius start, having got IPCP at last
480 }
481 session[s].flags |= SF_IPCP_ACKED;
482
483 return ; // done
484 }
485 if (*p != ConfigReq)
486 {
487 log(1, 0, s, t, "Unexpected IPCP code %d\n", *p);
488 STAT(tunnel_rx_errors);
489 return ;
490 }
491 if (ntohs(*(u16 *) (p + 2)) > l)
492 {
493 log(1, 0, s, t, "Length mismatch IPCP %d/%d\n", ntohs(*(u16 *) (p + 2)), l);
494 STAT(tunnel_rx_errors);
495 return ;
496 }
497 if (!session[s].ip)
498 {
499 log(3, 0, s, t, "Waiting on radius reply\n");
500 return ; // have to wait on RADIUS reply
501 }
502 // form a config reply quoting the IP in the session
503 {
504 u8 b[MAXCONTROL];
505 u8 *i,
506 *q;
507
508 q = p + 4;
509 i = p + l;
510 while (q < i && q[1])
511 {
512 if (*q != 0x81 && *q != 0x83 && *q != 3)
513 break;
514 q += q[1];
515 }
516 if (q < i)
517 { // reject
518 u16 n = 4;
519 i = p + l;
520 q = makeppp(b, sizeof(b), p, l, t, s, PPPIPCP);
521 if (!q) {
522 log(2, 0, s, t, "Failed to send IPCP.\n");
523 return;
524 }
525 *q = ConfigRej;
526 p += 4;
527 while (p < i && p[1])
528 {
529 if (*p != 0x81 && *p != 0x83 && *p != 3)
530 {
531 log(2, 0, s, t, "IPCP reject %d\n", *p);
532 memcpy(q + n, p, p[1]);
533 n += p[1];
534 }
535 p += p[1];
536 }
537 *(u16 *) (q + 2) = htons(n);
538 tunnelsend(b, n + (q - b), t); // send it
539 }
540 else
541 {
542 *p = ConfigAck;
543 i = findppp(p, 0x81); // Primary DNS address
544 if (i)
545 {
546 if (*(u32 *) (i + 2) != htonl(session[s].dns1))
547 {
548 *(u32 *) (i + 2) = htonl(session[s].dns1);
549 *p = ConfigNak;
550 }
551 }
552 i = findppp(p, 0x83); // Secondary DNS address (TBA, is it)
553 if (i)
554 {
555 if (*(u32 *) (i + 2) != htonl(session[s].dns2))
556 {
557 *(u32 *) (i + 2) = htonl(session[s].dns2);
558 *p = ConfigNak;
559 }
560 }
561 i = findppp(p, 3); // IP address
562 if (!i || i[1] != 6)
563 {
564 log(1, 0, s, t, "No IP in IPCP request\n");
565 STAT(tunnel_rx_errors);
566 return ;
567 }
568 if (*(u32 *) (i + 2) != htonl(session[s].ip))
569 {
570 *(u32 *) (i + 2) = htonl(session[s].ip);
571 *p = ConfigNak;
572 }
573 q = makeppp(b, sizeof(b), p, l, t, s, PPPIPCP);
574 if (!q) {
575 log(2, 0, s, t, " Failed to send IPCP packet.\n");
576 return;
577 }
578 tunnelsend(b, l + (q - b), t); // send it
579 }
580 }
581 }
582
583 // process IP packet received
584 //
585 // This MUST be called with at least 4 byte behind 'p'.
586 // (i.e. this routine writes to p[-4]).
587 void processipin(tunnelidt t, sessionidt s, u8 * p, u16 l)
588 {
589 ipt ip;
590
591
592 CSTAT(call_processipin);
593
594 log_hex(5, "IP", p, l);
595
596 ip = ntohl(*(u32 *)(p + 12));
597
598 if (l > MAXETHER)
599 {
600 log(1, ip, s, t, "IP packet too long %d\n", l);
601 STAT(tunnel_rx_errors);
602 return ;
603 }
604
605 // no spoof (do sessionbyip to handled statically routed subnets)
606 if (ip != session[s].ip && sessionbyip(htonl(ip)) != s)
607 {
608 log(5, ip, s, t, "Dropping packet with spoofed IP %s\n", inet_toa(htonl(ip)));
609 return;
610 }
611
612 // Add on the tun header
613 p -= 4;
614 *(u32 *)p = htonl(0x00000800);
615 l += 4;
616
617 if (session[s].tbf_in && !config->cluster_iam_master) { // Are we throttled and a slave?
618 master_throttle_packet(session[s].tbf_in, p, l); // Pass it to the master for handling.
619 return;
620 }
621
622 session[s].cin += l - 4;
623 session[s].total_cin += l - 4;
624 sess_count[s].cin += l - 4;
625
626 session[s].pin++;
627 eth_tx += l - 4;
628
629 if (session[s].snoop_ip && session[s].snoop_port)
630 {
631 // Snooping this session, send it to ASIO
632 snoop_send_packet(p, l, session[s].snoop_ip, session[s].snoop_port);
633 }
634 STAT(tun_tx_packets);
635 INC_STAT(tun_tx_bytes, l);
636
637 if (session[s].tbf_in && config->cluster_iam_master) { // Are we throttled and a master?? actually handle the throttled packets.
638 tbf_queue_packet(session[s].tbf_in, p, l);
639 return;
640 }
641
642 // send to ethernet
643 if (tun_write(p, l) < 0)
644 {
645 STAT(tun_tx_errors);
646 log(0, 0, s, t, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
647 l, strerror(errno), tunfd, p);
648 }
649
650 }
651
652 //
653 // Helper routine for the TBF filters.
654 // Used to send queued data in from the user.
655 //
656 void send_ipin(sessionidt s, u8 *buf, int len)
657 {
658 log_hex(5, "IP in throttled", buf, len);
659 if (write(tunfd, buf, len) < 0)
660 {
661 STAT(tun_tx_errors);
662 log(0, 0, 0, 0, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
663 len, strerror(errno), tunfd, buf);
664 }
665
666 // Increment packet counters
667 session[s].cin += len - 4;
668 session[s].total_cin += len - 4;
669 sess_count[s].cin += len - 4;
670
671 session[s].pin++;
672 eth_tx += len - 4;
673 }
674
675
676 // Process LCP messages
677 void processccp(tunnelidt t, sessionidt s, u8 * p, u16 l)
678 {
679
680 CSTAT(call_processccp);
681
682 log_hex(5, "CCP", p, l);
683 if (l < 2 || (*p != ConfigReq && *p != TerminateReq))
684 {
685 log(1, 0, s, t, "Unexpecetd CCP request code %d\n", *p);
686 STAT(tunnel_rx_errors);
687 return ;
688 }
689 // reject
690 {
691 u8 b[MAXCONTROL];
692 u8 *q;
693 if (*p == ConfigReq)
694 {
695 if (l < 6)
696 {
697 *p = ConfigAck; // accept no compression
698 }
699 else
700 {
701 *p = ConfigRej; // reject
702 }
703 }
704 else
705 *p = TerminateAck; // close
706 q = makeppp(b, sizeof(b), p, l, t, s, PPPCCP);
707 if (!q) {
708 log(1,0,0,0, "Failed to send CCP packet.\n");
709 return;
710 }
711 tunnelsend(b, l + (q - b), t); // send it
712 }
713 }
714
715 // send a CHAP PP packet
716 void sendchap(tunnelidt t, sessionidt s)
717 {
718 u8 b[MAXCONTROL];
719 u16 r = session[s].radius;
720 u8 *q;
721
722 CSTAT(call_sendchap);
723
724 if (!r)
725 {
726 log(1, 0, s, t, "No RADIUS to send challenge\n");
727 STAT(tunnel_tx_errors);
728 return ;
729 }
730 log(1, 0, s, t, "Send CHAP challenge\n");
731 { // new challenge
732 int n;
733 for (n = 0; n < 15; n++)
734 radius[r].auth[n] = rand();
735 }
736 radius[r].chap = 1; // CHAP not PAP
737 radius[r].id++;
738 if (radius[r].state != RADIUSCHAP)
739 radius[r].try = 0;
740 radius[r].state = RADIUSCHAP;
741 radius[r].retry = backoff(radius[r].try++);
742 if (radius[r].try > 5)
743 {
744 sessionshutdown(s, "Timeout CHAP");
745 STAT(tunnel_tx_errors);
746 return ;
747 }
748 q = makeppp(b, sizeof(b), 0, 0, t, s, PPPCHAP);
749 if (!q) {
750 log(1, 0, s, t, "failed to send CHAP challenge.\n");
751 return;
752 }
753 *q = 1; // challenhe
754 q[1] = radius[r].id; // ID
755 q[4] = 16; // length
756 memcpy(q + 5, radius[r].auth, 16); // challenge
757 strcpy(q + 21, hostname); // our name
758 *(u16 *) (q + 2) = htons(strlen(hostname) + 21); // length
759 tunnelsend(b, strlen(hostname) + 21 + (q - b), t); // send it
760 }
761
762 // fill in a L2TP message with a PPP frame,
763 // copies existing PPP message and changes magic number if seen
764 // returns start of PPP frame
765 u8 *makeppp(u8 * b, int size, u8 * p, int l, tunnelidt t, sessionidt s, u16 mtype)
766 {
767
768 if (size < 12)
769 return NULL; // Need more space than this!!
770
771 *(u16 *) (b + 0) = htons(0x0002); // L2TP with no options
772 *(u16 *) (b + 2) = htons(tunnel[t].far); // tunnel
773 *(u16 *) (b + 4) = htons(session[s].far); // session
774 b += 6;
775 if (mtype != PPPLCP && !(session[s].l2tp_flags & SESSIONACFC))
776 {
777 *(u16 *) b = htons(0xFF03); // HDLC header
778 b += 2;
779 }
780 if (mtype < 0x100 && session[s].l2tp_flags & SESSIONPFC)
781 *b++ = mtype;
782 else
783 {
784 *(u16 *) b = htons(mtype);
785 b += 2;
786 }
787
788 if (l + 12 > size) {
789 log(3,0,0,0, "Would have overflowed the buffer in makeppp: size %d, len %d.\n", size, l);
790 return NULL; // Run out of room to hold the packet!
791 }
792 if (p && l)
793 memcpy(b, p, l);
794 return b;
795 }
796
797 // find a PPP option, returns point to option, or 0 if not found
798 u8 *findppp(u8 * b, u8 mtype)
799 {
800 u16 l = ntohs(*(u16 *) (b + 2));
801 if (l < 4)
802 return 0;
803 b += 4;
804 l -= 4;
805 while (l)
806 {
807 if (l < b[1] || !b[1])
808 return 0; // faulty
809 if (*b == mtype)
810 return b;
811 l -= b[1];
812 b += b[1];
813 }
814 return 0;
815 }
816
817 // Send initial LCP ConfigReq
818 void initlcp(tunnelidt t, sessionidt s)
819 {
820 char b[500] = {0}, *q;
821
822 q = makeppp(b, sizeof(b), NULL, 0, t, s, PPPLCP);
823 if (!q) {
824 log(1, 0, s, t, "Failed to send LCP ConfigReq.\n");
825 return;
826 }
827 log(4, 0, s, t, "Sending LCP ConfigReq for PAP\n");
828 *q = ConfigReq;
829 *(u8 *)(q + 1) = (time_now % 255) + 1; // ID
830 *(u16 *)(q + 2) = htons(8); // Length
831 *(u8 *)(q + 4) = 3;
832 *(u8 *)(q + 5) = 4;
833 *(u16 *)(q + 6) = htons(0xC023); // PAP
834 tunnelsend(b, 12 + 8, t);
835 }
836