6f5bacfe69966a315ce91f0ef0930d8f6fbc00ac
[l2tpns.git] / ppp.c
1 // L2TPNS PPP Stuff
2
3 char const *cvs_id_ppp = "$Id: ppp.c,v 1.20 2004-11-05 02:21:55 bodea Exp $";
4
5 #include <stdio.h>
6 #include <string.h>
7 #include <unistd.h>
8 #include <errno.h>
9 #include <stdlib.h>
10 #include "l2tpns.h"
11 #include "constants.h"
12 #include "plugin.h"
13 #include "util.h"
14 #include "tbf.h"
15 #include "cluster.h"
16
17 extern tunnelt *tunnel;
18 extern sessiont *session;
19 extern radiust *radius;
20 extern int tunfd;
21 extern char hostname[];
22 extern u32 eth_tx;
23 extern time_t time_now;
24 extern struct configt *config;
25
26 void sendccp(tunnelidt t, sessionidt s);
27
28 // Process PAP messages
29 void processpap(tunnelidt t, sessionidt s, u8 *p, u16 l)
30 {
31 char user[129];
32 char pass[129];
33 u16 hl;
34
35 CSTAT(call_processpap);
36
37 log_hex(5, "PAP", p, l);
38 if (l < 4)
39 {
40 log(1, 0, s, t, "Short PAP %u bytes\n", l);
41 STAT(tunnel_rx_errors);
42 return ;
43 }
44
45 if ((hl = ntohs(*(u16 *) (p + 2))) > l)
46 {
47 log(1, 0, s, t, "Length mismatch PAP %u/%u\n", hl, l);
48 STAT(tunnel_rx_errors);
49 return ;
50 }
51 l = hl;
52
53 if (*p != 1)
54 {
55 log(1, 0, s, t, "Unexpected PAP code %d\n", *p);
56 STAT(tunnel_rx_errors);
57 return ;
58 }
59
60 {
61 u8 *b = p;
62 b += 4;
63 if (*b && *b < sizeof(user))
64 memcpy(user, b + 1, *b);
65 user[*b] = 0;
66 b += 1 + *b;
67 if (*b && *b < sizeof(pass))
68 memcpy(pass, b + 1, *b);
69 pass[*b] = 0;
70 log(3, 0, s, t, "PAP login %s/%s\n", user, pass);
71 }
72 if (session[s].ip || !session[s].radius)
73 {
74 // respond now, either no RADIUS available or already authenticated
75 u8 b[MAXCONTROL];
76 u8 id = p[1];
77 u8 *p = makeppp(b, sizeof(b), 0, 0, t, s, PPPPAP);
78 if (!p) { // Failed to make ppp header!
79 log(1,0,0,0, "Failed to make PPP header in process pap!\n");
80 return;
81 }
82 if (session[s].ip)
83 *p = 2; // ACK
84 else
85 *p = 3; // cant authorise
86 p[1] = id;
87 *(u16 *) (p + 2) = htons(5); // length
88 p[4] = 0; // no message
89 if (session[s].ip)
90 {
91 log(3, session[s].ip, s, t, "%d Already an IP allocated: %s (%d)\n", getpid(), inet_toa(htonl(session[s].ip)), session[s].ip_pool_index);
92 session[s].flags &= ~SF_IPCP_ACKED;
93 }
94 else
95 {
96 log(1, 0, s, t, "No radius session available to authenticate session...\n");
97 }
98 log(3, 0, s, t, "Fallback response to PAP (%s)\n", (session[s].ip) ? "ACK" : "NAK");
99 tunnelsend(b, 5 + (p - b), t); // send it
100 }
101 else
102 {
103 // set up RADIUS request
104 u16 r = session[s].radius;
105
106 // Run PRE_AUTH plugins
107 struct param_pre_auth packet = { &tunnel[t], &session[s], strdup(user), strdup(pass), PPPPAP, 1 };
108 run_plugins(PLUGIN_PRE_AUTH, &packet);
109 if (!packet.continue_auth)
110 {
111 log(3, 0, s, t, "A plugin rejected PRE_AUTH\n");
112 if (packet.username) free(packet.username);
113 if (packet.password) free(packet.password);
114 return;
115 }
116
117 strncpy(session[s].user, packet.username, sizeof(session[s].user) - 1);
118 strncpy(radius[r].pass, packet.password, sizeof(radius[r].pass) - 1);
119
120 free(packet.username);
121 free(packet.password);
122
123 radius[r].id = p[1];
124 log(3, 0, s, t, "Sending login for %s/%s to radius\n", user, pass);
125 radiussend(r, RADIUSAUTH);
126 }
127 }
128
129 // Process CHAP messages
130 void processchap(tunnelidt t, sessionidt s, u8 *p, u16 l)
131 {
132 u16 r;
133 u16 hl;
134
135 CSTAT(call_processchap);
136
137 log_hex(5, "CHAP", p, l);
138 r = session[s].radius;
139 if (!r)
140 {
141 log(1, 0, s, t, "Unexpected CHAP message\n");
142
143 // FIXME: Need to drop the session here.
144
145 STAT(tunnel_rx_errors);
146 return;
147 }
148
149 if (l < 4)
150 {
151 log(1, 0, s, t, "Short CHAP %u bytes\n", l);
152 STAT(tunnel_rx_errors);
153 return ;
154 }
155
156 if ((hl = ntohs(*(u16 *) (p + 2))) > l)
157 {
158 log(1, 0, s, t, "Length mismatch CHAP %u/%u\n", hl, l);
159 STAT(tunnel_rx_errors);
160 return ;
161 }
162 l = hl;
163
164 if (*p != 2)
165 {
166 log(1, 0, s, t, "Unexpected CHAP response code %d\n", *p);
167 STAT(tunnel_rx_errors);
168 return;
169 }
170 if (p[1] != radius[r].id)
171 {
172 log(1, 0, s, t, "Wrong CHAP response ID %d (should be %d) (%d)\n", p[1], radius[r].id, r);
173 STAT(tunnel_rx_errors);
174 return ;
175 }
176
177 if (l < 5 || p[4] != 16)
178 {
179 log(1, 0, s, t, "Bad CHAP response length %d\n", l < 5 ? -1 : p[4]);
180 STAT(tunnel_rx_errors);
181 return ;
182 }
183
184 l -= 5;
185 p += 5;
186 if (l < 16 || l - 16 >= sizeof(session[s].user))
187 {
188 log(1, 0, s, t, "CHAP user too long %d\n", l - 16);
189 STAT(tunnel_rx_errors);
190 return ;
191 }
192
193 // Run PRE_AUTH plugins
194 {
195 struct param_pre_auth packet = { &tunnel[t], &session[s], NULL, NULL, PPPCHAP, 1 };
196
197 packet.password = calloc(17, 1);
198 memcpy(packet.password, p, 16);
199
200 p += 16;
201 l -= 16;
202
203 packet.username = calloc(l + 1, 1);
204 memcpy(packet.username, p, l);
205
206 run_plugins(PLUGIN_PRE_AUTH, &packet);
207 if (!packet.continue_auth)
208 {
209 log(3, 0, s, t, "A plugin rejected PRE_AUTH\n");
210 if (packet.username) free(packet.username);
211 if (packet.password) free(packet.password);
212 return;
213 }
214
215 strncpy(session[s].user, packet.username, sizeof(session[s].user) - 1);
216 memcpy(radius[r].pass, packet.password, 16);
217
218 free(packet.username);
219 free(packet.password);
220 }
221
222 radius[r].chap = 1;
223 log(3, 0, s, t, "CHAP login %s\n", session[s].user);
224 radiussend(r, RADIUSAUTH);
225 }
226
227 char *ppp_lcp_types[] = {
228 NULL,
229 "ConfigReq",
230 "ConfigAck",
231 "ConfigNak",
232 "ConfigRej",
233 "TerminateReq",
234 "TerminateAck",
235 "CodeRej",
236 "ProtocolRej",
237 "EchoReq",
238 "EchoReply",
239 "DiscardRequest",
240 "IdentRequest",
241 };
242
243 void dumplcp(u8 *p, int l)
244 {
245 int x = l - 4;
246 u8 *o = (p + 4);
247
248 log_hex(5, "PPP LCP Packet", p, l);
249 log(4, 0, 0, 0, "PPP LCP Packet type %d (%s len %d)\n", *p, ppp_lcp_types[(int)*p], ntohs( ((u16 *) p)[1]) );
250 log(4, 0, 0, 0, "Length: %d\n", l);
251 if (*p != ConfigReq && *p != ConfigRej && *p != ConfigAck)
252 return;
253
254 while (x > 2)
255 {
256 int type = o[0];
257 int length = o[1];
258 if (length < 2)
259 {
260 log(4, 0, 0, 0, " Option length is %d...\n", length);
261 break;
262 }
263 if (type == 0)
264 {
265 log(4, 0, 0, 0, " Option type is 0...\n");
266 x -= length;
267 o += length;
268 continue;
269 }
270 switch (type)
271 {
272 case 1: // Maximum-Receive-Unit
273 if (length == 4)
274 log(4, 0, 0, 0, " %s %d\n", lcp_types[type], ntohs(*(u16 *)(o + 2)));
275 else
276 log(4, 0, 0, 0, " %s odd length %d\n", lcp_types[type], length);
277 break;
278 case 3: // Authentication-Protocol
279 {
280 if (length == 4)
281 {
282 int proto = ntohs(*(u16 *)(o + 2));
283 log(4, 0, 0, 0, " %s 0x%x (%s)\n", lcp_types[type], proto,
284 proto == PPPCHAP ? "CHAP" :
285 proto == PPPPAP ? "PAP" : "UNKNOWN");
286 }
287 else
288 log(4, 0, 0, 0, " %s odd length %d\n", lcp_types[type], length);
289 break;
290 }
291 case 4: // Quality-Protocol
292 {
293 u32 qp = ntohl(*(u32 *)(o + 2));
294 log(4, 0, 0, 0, " %s %x\n", lcp_types[type], qp);
295 break;
296 }
297 case 5: // Magic-Number
298 {
299 if (length == 6)
300 {
301 u32 magicno = ntohl(*(u32 *)(o + 2));
302 log(4, 0, 0, 0, " %s %x\n", lcp_types[type], magicno);
303 }
304 else
305 log(4, 0, 0, 0, " %s odd length %d\n", lcp_types[type], length);
306 break;
307 }
308 case 7: // Protocol-Field-Compression
309 {
310 log(4, 0, 0, 0, " %s\n", lcp_types[type]);
311 break;
312 }
313 case 8: // Address-And-Control-Field-Compression
314 {
315 log(4, 0, 0, 0, " %s\n", lcp_types[type]);
316 break;
317 }
318 default:
319 log(2, 0, 0, 0, " Unknown PPP LCP Option type %d\n", type);
320 break;
321 }
322 x -= length;
323 o += length;
324 }
325 }
326
327 // Process LCP messages
328 void processlcp(tunnelidt t, sessionidt s, u8 *p, u16 l)
329 {
330 u8 b[MAXCONTROL];
331 u8 *q = NULL;
332 u32 magicno = 0;
333 u16 hl;
334
335 CSTAT(call_processlcp);
336
337 log_hex(5, "LCP", p, l);
338 if (l < 4)
339 {
340 log(1, session[s].ip, s, t, "Short LCP %d bytes\n", l);
341 STAT(tunnel_rx_errors);
342 return ;
343 }
344
345 if ((hl = ntohs(*(u16 *) (p + 2))) > l)
346 {
347 log(1, 0, s, t, "Length mismatch LCP %u/%u\n", hl, l);
348 STAT(tunnel_rx_errors);
349 return ;
350 }
351 l = hl;
352
353 if (*p == ConfigAck)
354 {
355 log(3, session[s].ip, s, t, "LCP: Discarding ConfigAck\n");
356 session[s].flags |= SESSIONLCPACK;
357 }
358 else if (*p == ConfigReq)
359 {
360 int x = l - 4;
361 u8 *o = (p + 4);
362
363 log(3, session[s].ip, s, t, "LCP: ConfigReq (%d bytes)...\n", l);
364 if (config->debug > 3) dumplcp(p, l);
365
366 while (x > 2)
367 {
368 int type = o[0];
369 int length = o[1];
370 if (length == 0 || type == 0) break;
371 switch (type)
372 {
373 case 1: // Maximum-Receive-Unit
374 session[s].mru = ntohs(*(u16 *)(o + 2));
375 break;
376 case 2: // asyncmap
377 log_hex(2, "PPP LCP Packet", p, l);
378 log(2, 0, 0, 0, "PPP LCP Packet type %d (%s len %d)\n", *p, ppp_lcp_types[(int)*p], ntohs( ((u16 *) p)[1]) );
379 break;
380 case 3: // Authentication-Protocol
381 {
382 int proto = ntohs(*(u16 *)(o + 2));
383 if (proto == PPPCHAP)
384 {
385 log(2, session[s].ip, s, t, " Remote end is trying to do CHAP. Rejecting it.\n");
386
387 if (!q)
388 {
389 q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP);
390 if (!q) {
391 log(2, session[s].ip, s, t, " Failed to send packet.\n");
392 break;
393 }
394 *q++ = ConfigNak;
395 }
396 memcpy(q, o, length);
397 *(u16 *)(q += 2) = htons(PPPPAP); // NAK -> Use PAP instead
398 q += length;
399 }
400 break;
401 }
402 case 5: // Magic-Number
403 {
404 magicno = ntohl(*(u32 *)(o + 2));
405 break;
406 }
407 case 4: // Quality-Protocol
408 case 7: // Protocol-Field-Compression
409 case 8: // Address-And-Control-Field-Compression
410 break;
411 case 13: // CallBack option for LCP extention of win2000/routers L2TP client
412 case 17:
413 case 18:
414 {
415 // Reject LCP CallBack
416 log(2, session[s].ip, s, t, " PPP LCP Option type %d, len=%d\n", type, length);
417 memcpy(p + 4, o, length);
418 *(u16 *)(p + 2) = htons(length + 4);
419 *p = ConfigRej;
420 q = makeppp(b,sizeof(b), p, length + 4, t, s, PPPLCP);
421 tunnelsend(b, 12 + length + 4, t);
422 return;
423 }
424
425 default:
426 // Reject Unknown LCP Option to stop to send it again
427 log(2, session[s].ip, s, t, " Unknown PPP LCP Option type %d\n", type);
428 memcpy(p + 4, o, length);
429 *(u16 *)(p + 2) = htons(length + 4);
430 *p = ConfigRej;
431 q = makeppp(b,sizeof(b), p, length + 4, t, s, PPPLCP);
432 tunnelsend(b, 12 + length + 4, t);
433 return;
434 }
435 x -= length;
436 o += length;
437 }
438
439 if (!q)
440 {
441 // Send back a ConfigAck
442 log(3, session[s].ip, s, t, "ConfigReq accepted, sending as Ack\n");
443 // for win2k L2TP clients and LCP renegotiation of alive session
444 if (magicno || l == 4 || (session[s].mru && l == 8)) initlcp(t, s);
445 q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP);
446 if (!q)
447 {
448 log(3, session[s].ip, s, t, " failed to create packet.\n");
449 return;
450 }
451 *q = ConfigAck;
452 tunnelsend(b, l + (q - b), t);
453 }
454 else
455 {
456 // Already built a ConfigNak... send it
457 log(3, session[s].ip, s, t, "Sending ConfigNak\n");
458 tunnelsend(b, l + (q - b), t);
459 }
460
461 if (!(session[s].flags & SESSIONLCPACK))
462 initlcp(t, s);
463 }
464 else if (*p == ConfigNak)
465 {
466 log(1, session[s].ip, s, t, "Remote end sent a ConfigNak. Ignoring\n");
467 if (config->debug > 3) dumplcp(p, l);
468 return ;
469 }
470 else if (*p == TerminateReq)
471 {
472 *p = TerminateAck; // close
473 q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP);
474 if (!q) {
475 log(3, session[s].ip, s, t, "Failed to create PPP packet in processlcp.\n");
476 return;
477 }
478 log(3, session[s].ip, s, t, "LCP: Received TerminateReq. Sending TerminateAck\n");
479 sessionshutdown(s, "Remote end closed connection.");
480 tunnelsend(b, l + (q - b), t); // send it
481 }
482 else if (*p == TerminateAck)
483 {
484 sessionshutdown(s, "Connection closed.");
485 }
486 else if (*p == EchoReq)
487 {
488 *p = EchoReply; // reply
489 *(u32 *) (p + 4) = htonl(session[s].magic); // our magic number
490 q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP);
491 if (!q) {
492 log(3, session[s].ip, s, t, " failed to send EchoReply.\n");
493 return;
494 }
495 log(5, session[s].ip, s, t, "LCP: Received EchoReq. Sending EchoReply\n");
496 tunnelsend(b, l + (q - b), t); // send it
497 }
498 else if (*p == EchoReply)
499 {
500 // Ignore it, last_packet time is set earlier than this.
501 }
502 else if (*p == IdentRequest)
503 {
504 *p = CodeRej;
505 if (l > MAXCONTROL)
506 {
507 log(1, 0, s, t, "Truncated Ident Packet (length=%d) to 1400 bytes\n", l);
508 l = 1400;
509 }
510 q = makeppp(b, sizeof(b), p, l, t, s, PPPLCP);
511 if (!q)
512 {
513 log(3, session[s].ip, s, t, "Failed to create IdentRej.\n");
514 return;
515 }
516 log_hex(5, "LCPIdentRej", q, l + 4);
517 tunnelsend(b, 12 + 4 + l, t);
518 }
519 else
520 {
521 log(1, session[s].ip, s, t, "Unexpected LCP code %d\n", *p);
522 STAT(tunnel_rx_errors);
523 return ;
524 }
525 }
526
527 // Process IPCP messages
528 void processipcp(tunnelidt t, sessionidt s, u8 *p, u16 l)
529 {
530 u16 hl;
531
532 CSTAT(call_processipcp);
533
534 log_hex(5, "IPCP", p, l);
535 if (l < 5)
536 {
537 log(1, 0, s, t, "Short IPCP %d bytes\n", l);
538 STAT(tunnel_rx_errors);
539 return ;
540 }
541
542 if ((hl = ntohs(*(u16 *) (p + 2))) > l)
543 {
544 log(1, 0, s, t, "Length mismatch IPCP %u/%u\n", hl, l);
545 STAT(tunnel_rx_errors);
546 return ;
547 }
548 l = hl;
549
550 if (*p == ConfigAck)
551 {
552 // happy with our IPCP
553 u16 r = session[s].radius;
554 if ((!r || radius[r].state == RADIUSIPCP) && !session[s].walled_garden)
555 {
556 if (!r)
557 r = radiusnew(s);
558 if (r)
559 radiussend(r, RADIUSSTART); // send radius start, having got IPCP at last
560 }
561 session[s].flags |= SF_IPCP_ACKED;
562
563 log(3, session[s].ip, s, t, "IPCP Acked, session is now active\n");
564 return;
565 }
566 if (*p != ConfigReq)
567 {
568 log(1, 0, s, t, "Unexpected IPCP code %d\n", *p);
569 STAT(tunnel_rx_errors);
570 return ;
571 }
572 log(4, session[s].ip, s, t, "IPCP ConfigReq received\n");
573
574 if (!session[s].ip)
575 {
576 log(3, 0, s, t, "Waiting on radius reply\n");
577 return; // have to wait on RADIUS reply
578 }
579 // form a config reply quoting the IP in the session
580 {
581 u8 b[MAXCONTROL];
582 u8 *i,
583 *q;
584
585 q = p + 4;
586 i = p + l;
587 while (q < i && q[1])
588 {
589 if (*q != 0x81 && *q != 0x83 && *q != 3)
590 break;
591 q += q[1];
592 }
593 if (q < i)
594 {
595 // reject
596 u16 n = 4;
597 i = p + l;
598 if (!(q = makeppp(b, sizeof(b), p, l, t, s, PPPIPCP)))
599 {
600 log(2, 0, s, t, "Failed to send IPCP ConfigRej\n");
601 return;
602 }
603 *q = ConfigRej;
604 p += 4;
605 while (p < i && p[1])
606 {
607 if (*p != 0x81 && *p != 0x83 && *p != 3)
608 {
609 log(2, 0, s, t, "IPCP reject %d\n", *p);
610 memcpy(q + n, p, p[1]);
611 n += p[1];
612 }
613 p += p[1];
614 }
615 *(u16 *) (q + 2) = htons(n);
616 log(4, session[s].ip, s, t, "Sending ConfigRej\n");
617 tunnelsend(b, n + (q - b), t); // send it
618 }
619 else
620 {
621 log(4, session[s].ip, s, t, "Sending ConfigAck\n");
622 *p = ConfigAck;
623 if ((i = findppp(p, 0x81))) // Primary DNS address
624 {
625 if (*(u32 *) (i + 2) != htonl(session[s].dns1))
626 {
627 *(u32 *) (i + 2) = htonl(session[s].dns1);
628 *p = ConfigNak;
629 log(5, session[s].ip, s, t, " DNS1 = %s\n", inet_toa(session[s].dns1));
630 }
631 }
632 if ((i = findppp(p, 0x83))) // Secondary DNS address (TBA, is it)
633 {
634 if (*(u32 *) (i + 2) != htonl(session[s].dns2))
635 {
636 *(u32 *) (i + 2) = htonl(session[s].dns2);
637 *p = ConfigNak;
638 log(5, session[s].ip, s, t, " DNS2 = %s\n", inet_toa(session[s].dns1));
639 }
640 }
641 i = findppp(p, 3); // IP address
642 if (!i || i[1] != 6)
643 {
644 log(1, 0, s, t, "No IP in IPCP request\n");
645 STAT(tunnel_rx_errors);
646 return ;
647 }
648 if (*(u32 *) (i + 2) != htonl(session[s].ip))
649 {
650 *(u32 *) (i + 2) = htonl(session[s].ip);
651 *p = ConfigNak;
652 log(4, session[s].ip, s, t, " No, a ConfigNak, client is requesting IP - sending %s\n",
653 inet_toa(htonl(session[s].ip)));
654 }
655 if (!(q = makeppp(b, sizeof(b), p, l, t, s, PPPIPCP)))
656 {
657 log(2, 0, s, t, " Failed to send IPCP packet.\n");
658 return;
659 }
660 tunnelsend(b, l + (q - b), t); // send it
661 }
662 }
663 }
664
665 // process IP packet received
666 //
667 // This MUST be called with at least 4 byte behind 'p'.
668 // (i.e. this routine writes to p[-4]).
669 void processipin(tunnelidt t, sessionidt s, u8 *p, u16 l)
670 {
671 ipt ip;
672
673 CSTAT(call_processipin);
674
675 log_hex(5, "IP", p, l);
676
677 ip = ntohl(*(u32 *)(p + 12));
678
679 if (l > MAXETHER)
680 {
681 log(1, ip, s, t, "IP packet too long %d\n", l);
682 STAT(tunnel_rx_errors);
683 return ;
684 }
685
686 // no spoof (do sessionbyip to handled statically routed subnets)
687 if (ip != session[s].ip && sessionbyip(htonl(ip)) != s)
688 {
689 log(5, ip, s, t, "Dropping packet with spoofed IP %s\n", inet_toa(htonl(ip)));
690 return;
691 }
692
693 if (session[s].snoop_ip && session[s].snoop_port)
694 {
695 // Snooping this session
696 snoop_send_packet(p, l, session[s].snoop_ip, session[s].snoop_port);
697 }
698
699 // Add on the tun header
700 p -= 4;
701 *(u32 *)p = htonl(0x00000800);
702 l += 4;
703
704 if (session[s].tbf_in && !config->cluster_iam_master) { // Are we throttled and a slave?
705 master_throttle_packet(session[s].tbf_in, p, l); // Pass it to the master for handling.
706 return;
707 }
708
709 session[s].cin += l - 4;
710 session[s].total_cin += l - 4;
711 sess_count[s].cin += l - 4;
712
713 session[s].pin++;
714 eth_tx += l - 4;
715
716 STAT(tun_tx_packets);
717 INC_STAT(tun_tx_bytes, l);
718
719 if (session[s].tbf_in && config->cluster_iam_master) { // Are we throttled and a master?? actually handle the throttled packets.
720 tbf_queue_packet(session[s].tbf_in, p, l);
721 return;
722 }
723
724 // send to ethernet
725 if (tun_write(p, l) < 0)
726 {
727 STAT(tun_tx_errors);
728 log(0, 0, s, t, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
729 l, strerror(errno), tunfd, p);
730 }
731
732 }
733
734 //
735 // Helper routine for the TBF filters.
736 // Used to send queued data in from the user.
737 //
738 void send_ipin(sessionidt s, u8 *buf, int len)
739 {
740 log_hex(5, "IP in throttled", buf, len);
741 if (write(tunfd, buf, len) < 0)
742 {
743 STAT(tun_tx_errors);
744 log(0, 0, 0, 0, "Error writing %d bytes to TUN device: %s (tunfd=%d, p=%p)\n",
745 len, strerror(errno), tunfd, buf);
746 }
747
748 // Increment packet counters
749 session[s].cin += len - 4;
750 session[s].total_cin += len - 4;
751 sess_count[s].cin += len - 4;
752
753 session[s].pin++;
754 eth_tx += len - 4;
755 }
756
757
758 // Process LCP messages
759 void processccp(tunnelidt t, sessionidt s, u8 *p, u16 l)
760 {
761
762 CSTAT(call_processccp);
763
764 log_hex(5, "CCP", p, l);
765 if (l < 2 || (*p != ConfigReq && *p != TerminateReq))
766 {
767 log(1, 0, s, t, "Unexpected CCP request code %d\n", *p);
768 STAT(tunnel_rx_errors);
769 return ;
770 }
771 // reject
772 {
773 u8 b[MAXCONTROL];
774 u8 *q;
775 if (*p == ConfigReq)
776 {
777 if (l < 6)
778 {
779 *p = ConfigAck; // accept no compression
780 }
781 else
782 {
783 *p = ConfigRej; // reject
784 sendccp(t, s);
785 }
786 }
787 else
788 *p = TerminateAck; // close
789 if (!(q = makeppp(b, sizeof(b), p, l, t, s, PPPCCP)))
790 {
791 log(1,0,0,0, "Failed to send CCP packet.\n");
792 return;
793 }
794 tunnelsend(b, l + (q - b), t); // send it
795 }
796 }
797
798 // send a CHAP PP packet
799 void sendchap(tunnelidt t, sessionidt s)
800 {
801 u8 b[MAXCONTROL];
802 u16 r = session[s].radius;
803 u8 *q;
804
805 CSTAT(call_sendchap);
806
807 if (!r)
808 {
809 log(1, 0, s, t, "No RADIUS to send challenge\n");
810 STAT(tunnel_tx_errors);
811 return ;
812 }
813 log(1, 0, s, t, "Send CHAP challenge\n");
814 {
815 // new challenge
816 int n;
817 for (n = 0; n < 15; n++)
818 radius[r].auth[n] = rand();
819 }
820 radius[r].chap = 1; // CHAP not PAP
821 radius[r].id++;
822 if (radius[r].state != RADIUSCHAP)
823 radius[r].try = 0;
824 radius[r].state = RADIUSCHAP;
825 radius[r].retry = backoff(radius[r].try++);
826 if (radius[r].try > 5)
827 {
828 sessionshutdown(s, "Timeout CHAP");
829 STAT(tunnel_tx_errors);
830 return ;
831 }
832 q = makeppp(b, sizeof(b), 0, 0, t, s, PPPCHAP);
833 if (!q) {
834 log(1, 0, s, t, "failed to send CHAP challenge.\n");
835 return;
836 }
837 *q = 1; // challenge
838 q[1] = radius[r].id; // ID
839 q[4] = 16; // length
840 memcpy(q + 5, radius[r].auth, 16); // challenge
841 strcpy(q + 21, hostname); // our name
842 *(u16 *) (q + 2) = htons(strlen(hostname) + 21); // length
843 tunnelsend(b, strlen(hostname) + 21 + (q - b), t); // send it
844 }
845
846 // fill in a L2TP message with a PPP frame,
847 // copies existing PPP message and changes magic number if seen
848 // returns start of PPP frame
849 u8 *makeppp(u8 *b, int size, u8 *p, int l, tunnelidt t, sessionidt s, u16 mtype)
850 {
851 if (size < 12)
852 return NULL; // Need more space than this!!
853
854 *(u16 *) (b + 0) = htons(0x0002); // L2TP with no options
855 *(u16 *) (b + 2) = htons(tunnel[t].far); // tunnel
856 *(u16 *) (b + 4) = htons(session[s].far); // session
857 b += 6;
858 if (mtype == PPPLCP || !(session[s].l2tp_flags & SESSIONACFC))
859 {
860 *(u16 *) b = htons(0xFF03); // HDLC header
861 b += 2;
862 }
863 if (mtype < 0x100 && session[s].l2tp_flags & SESSIONPFC)
864 *b++ = mtype;
865 else
866 {
867 *(u16 *) b = htons(mtype);
868 b += 2;
869 }
870
871 if (l + 12 > size) {
872 log(3,0,0,0, "Would have overflowed the buffer in makeppp: size %d, len %d.\n", size, l);
873 return NULL; // Run out of room to hold the packet!
874 }
875 if (p && l)
876 memcpy(b, p, l);
877 return b;
878 }
879
880 // find a PPP option, returns point to option, or 0 if not found
881 u8 *findppp(u8 *b, u8 mtype)
882 {
883 u16 l = ntohs(*(u16 *) (b + 2));
884 if (l < 4)
885 return 0;
886 b += 4;
887 l -= 4;
888 while (l)
889 {
890 if (l < b[1] || !b[1])
891 return 0; // faulty
892 if (*b == mtype)
893 return b;
894 l -= b[1];
895 b += b[1];
896 }
897 return 0;
898 }
899
900 // Send initial LCP ConfigReq
901 void initlcp(tunnelidt t, sessionidt s)
902 {
903 char b[500] = {0}, *q;
904
905 q = makeppp(b, sizeof(b), NULL, 0, t, s, PPPLCP);
906 if (!q) {
907 log(1, 0, s, t, "Failed to send LCP ConfigReq.\n");
908 return;
909 }
910 log(4, 0, s, t, "Sending LCP ConfigReq for PAP\n");
911 *q = ConfigReq;
912 *(u8 *)(q + 1) = (time_now % 255) + 1; // ID
913 *(u16 *)(q + 2) = htons(14); // Length
914 *(u8 *)(q + 4) = 5;
915 *(u8 *)(q + 5) = 6;
916 *(u32 *)(q + 6) = htonl(session[s].magic);
917 *(u8 *)(q + 10) = 3;
918 *(u8 *)(q + 11) = 4;
919 *(u16 *)(q + 12) = htons(PPPPAP); // PAP
920 tunnelsend(b, 12 + 14, t);
921 }
922
923 // Send CCP reply
924 void sendccp(tunnelidt t, sessionidt s)
925 {
926 char *q, b[500] = {0};
927
928 q = makeppp(b, sizeof(b), NULL, 0, t, s, PPPCCP);
929 *q = ConfigReq;
930 *(u8 *)(q + 1) = (time_now % 255) + 1; // ID
931 *(u16 *)(q + 2) = htons(4); // Length
932 log_hex(5, "PPPCCP", q, 4);
933 tunnelsend(b, (q - b) + 4 , t);
934 }
935